From a8331b7ae6e5553adfddffd65d8eb8c9cdcd6933 Mon Sep 17 00:00:00 2001 From: Arvind Iyengar Date: Mon, 19 Apr 2021 11:52:39 -0700 Subject: [PATCH 1/3] Drop released/ directory --- released/README.md | 5 - .../fleet-agent/fleet-agent-0.3.0-beta600.tgz | Bin 2167 -> 0 bytes .../fleet-agent/fleet-agent-0.3.0-rc100.tgz | Bin 2162 -> 0 bytes .../fleet-agent/fleet-agent-0.3.0-rc200.tgz | Bin 2161 -> 0 bytes .../fleet-agent/fleet-agent-0.3.0-rc300.tgz | Bin 2163 -> 0 bytes .../fleet-agent/fleet-agent-0.3.000.tgz | Bin 2162 -> 0 bytes .../fleet-agent/fleet-agent-0.3.1-rc200.tgz | Bin 2164 -> 0 bytes .../fleet-agent/fleet-agent-0.3.100.tgz | Bin 2162 -> 0 bytes .../fleet-agent/fleet-agent-0.3.2-rc100.tgz | Bin 2161 -> 0 bytes .../fleet-agent/fleet-agent-0.3.2-rc200.tgz | Bin 2163 -> 0 bytes .../fleet-agent/fleet-agent-0.3.2-rc300.tgz | Bin 2163 -> 0 bytes .../fleet-agent/fleet-agent-0.3.2-rc400.tgz | Bin 2160 -> 0 bytes .../fleet-agent/fleet-agent-0.3.2-rc500.tgz | Bin 2163 -> 0 bytes .../fleet-agent/fleet-agent-0.3.200-rc5.tgz | Bin 2165 -> 0 bytes .../fleet-agent/fleet-agent-0.3.200-rc6.tgz | Bin 2120 -> 0 bytes .../fleet-agent/fleet-agent-0.3.200-rc7.tgz | Bin 2121 -> 0 bytes .../fleet-agent/fleet-agent-0.3.200.tgz | Bin 2120 -> 0 bytes .../fleet-agent/fleet-agent-0.3.300-rc1.tgz | Bin 2121 -> 0 bytes .../fleet-agent/fleet-agent-0.3.300.tgz | Bin 2118 -> 0 bytes .../fleet-agent/fleet-agent-0.3.400-rc00.tgz | Bin 2285 -> 0 bytes .../fleet-agent/fleet-agent-0.3.400-rc03.tgz | Bin 2285 -> 0 bytes .../fleet-agent/fleet-agent-0.3.400-rc04.tgz | Bin 2285 -> 0 bytes .../fleet-agent/fleet-agent-0.3.400-rc05.tgz | Bin 2284 -> 0 bytes .../fleet-agent/fleet-agent-0.3.400-rc06.tgz | Bin 2285 -> 0 bytes .../fleet-agent/fleet-agent-0.3.400-rc07.tgz | Bin 2286 -> 0 bytes .../fleet-agent/fleet-agent-0.3.400-rc08.tgz | Bin 2285 -> 0 bytes .../fleet-crd/fleet-crd-0.3.0-beta600.tgz | Bin 9626 -> 0 bytes .../fleet-crd/fleet-crd-0.3.0-rc100.tgz | Bin 9663 -> 0 bytes .../fleet-crd/fleet-crd-0.3.0-rc200.tgz | Bin 9669 -> 0 bytes .../fleet-crd/fleet-crd-0.3.0-rc300.tgz | Bin 9681 -> 0 bytes .../assets/fleet-crd/fleet-crd-0.3.000.tgz | Bin 9675 -> 0 bytes .../assets/fleet-crd/fleet-crd-0.3.100.tgz | Bin 9675 -> 0 bytes .../fleet-crd/fleet-crd-0.3.2-rc100.tgz | Bin 9682 -> 0 bytes .../fleet-crd/fleet-crd-0.3.2-rc200.tgz | Bin 9688 -> 0 bytes .../fleet-crd/fleet-crd-0.3.2-rc300.tgz | Bin 9688 -> 0 bytes .../fleet-crd/fleet-crd-0.3.2-rc400.tgz | Bin 9688 -> 0 bytes .../fleet-crd/fleet-crd-0.3.2-rc500.tgz | Bin 9695 -> 0 bytes .../fleet-crd/fleet-crd-0.3.200-rc5.tgz | Bin 9698 -> 0 bytes .../fleet-crd/fleet-crd-0.3.200-rc6.tgz | Bin 9720 -> 0 bytes .../fleet-crd/fleet-crd-0.3.200-rc7.tgz | Bin 9721 -> 0 bytes .../assets/fleet-crd/fleet-crd-0.3.200.tgz | Bin 9718 -> 0 bytes .../fleet-crd/fleet-crd-0.3.300-rc1.tgz | Bin 9721 -> 0 bytes .../assets/fleet-crd/fleet-crd-0.3.300.tgz | Bin 9717 -> 0 bytes .../fleet-crd/fleet-crd-0.3.400-rc00.tgz | Bin 9993 -> 0 bytes .../fleet-crd/fleet-crd-0.3.400-rc03.tgz | Bin 9899 -> 0 bytes .../fleet-crd/fleet-crd-0.3.400-rc04.tgz | Bin 9899 -> 0 bytes .../fleet-crd/fleet-crd-0.3.400-rc05.tgz | Bin 9895 -> 0 bytes .../fleet-crd/fleet-crd-0.3.400-rc06.tgz | Bin 9900 -> 0 bytes .../fleet-crd/fleet-crd-0.3.400-rc07.tgz | Bin 9994 -> 0 bytes .../fleet-crd/fleet-crd-0.3.400-rc08.tgz | Bin 9995 -> 0 bytes released/assets/fleet/fleet-0.3.0-beta600.tgz | Bin 2873 -> 0 bytes released/assets/fleet/fleet-0.3.0-rc100.tgz | Bin 2798 -> 0 bytes released/assets/fleet/fleet-0.3.0-rc200.tgz | Bin 2799 -> 0 bytes released/assets/fleet/fleet-0.3.0-rc300.tgz | Bin 2801 -> 0 bytes released/assets/fleet/fleet-0.3.000.tgz | Bin 2798 -> 0 bytes released/assets/fleet/fleet-0.3.1-rc200.tgz | Bin 2800 -> 0 bytes released/assets/fleet/fleet-0.3.100.tgz | Bin 2798 -> 0 bytes released/assets/fleet/fleet-0.3.2-rc100.tgz | Bin 2986 -> 0 bytes released/assets/fleet/fleet-0.3.2-rc200.tgz | Bin 2983 -> 0 bytes released/assets/fleet/fleet-0.3.2-rc300.tgz | Bin 2988 -> 0 bytes released/assets/fleet/fleet-0.3.2-rc400.tgz | Bin 2966 -> 0 bytes released/assets/fleet/fleet-0.3.2-rc500.tgz | Bin 2975 -> 0 bytes released/assets/fleet/fleet-0.3.200-rc5.tgz | Bin 2977 -> 0 bytes released/assets/fleet/fleet-0.3.200-rc6.tgz | Bin 2879 -> 0 bytes released/assets/fleet/fleet-0.3.200-rc7.tgz | Bin 2879 -> 0 bytes released/assets/fleet/fleet-0.3.200.tgz | Bin 2876 -> 0 bytes released/assets/fleet/fleet-0.3.300-rc1.tgz | Bin 2879 -> 0 bytes released/assets/fleet/fleet-0.3.300.tgz | Bin 2877 -> 0 bytes released/assets/fleet/fleet-0.3.400-rc00.tgz | Bin 3004 -> 0 bytes released/assets/fleet/fleet-0.3.400-rc03.tgz | Bin 3010 -> 0 bytes released/assets/fleet/fleet-0.3.400-rc04.tgz | Bin 3009 -> 0 bytes released/assets/fleet/fleet-0.3.400-rc05.tgz | Bin 3008 -> 0 bytes released/assets/fleet/fleet-0.3.400-rc06.tgz | Bin 3011 -> 0 bytes released/assets/fleet/fleet-0.3.400-rc07.tgz | Bin 3008 -> 0 bytes released/assets/fleet/fleet-0.3.400-rc08.tgz | Bin 3006 -> 0 bytes released/assets/index.yaml | 5339 ----------------- released/assets/logos/backup-restore.svg | 24 - released/assets/logos/cis-kube-bench.svg | 43 - released/assets/logos/fleet.svg | 1 - released/assets/logos/gatekeeper.svg | 30 - released/assets/logos/istio.svg | 11 - released/assets/logos/logging.svg | 31 - released/assets/logos/rio.svg | 21 - released/assets/longhorn/longhorn-1.0.200.tgz | Bin 11517 -> 0 bytes released/assets/longhorn/longhorn-1.0.201.tgz | Bin 11523 -> 0 bytes released/assets/longhorn/longhorn-1.0.202.tgz | Bin 11794 -> 0 bytes released/assets/longhorn/longhorn-1.1.000.tgz | Bin 14783 -> 0 bytes .../assets/longhorn/longhorn-1.1.001-rc00.tgz | Bin 14841 -> 0 bytes .../assets/longhorn/longhorn-1.1.001-rc01.tgz | Bin 14846 -> 0 bytes .../assets/longhorn/longhorn-crd-1.0.200.tgz | Bin 923 -> 0 bytes .../assets/longhorn/longhorn-crd-1.0.201.tgz | Bin 874 -> 0 bytes .../assets/longhorn/longhorn-crd-1.0.202.tgz | Bin 875 -> 0 bytes .../assets/longhorn/longhorn-crd-1.1.000.tgz | Bin 1630 -> 0 bytes .../longhorn/longhorn-crd-1.1.001-rc00.tgz | Bin 1634 -> 0 bytes .../longhorn/longhorn-crd-1.1.001-rc01.tgz | Bin 1634 -> 0 bytes .../rancher-backup/rancher-backup-1.0.200.tgz | Bin 4657 -> 0 bytes .../rancher-backup/rancher-backup-1.0.201.tgz | Bin 5312 -> 0 bytes .../rancher-backup/rancher-backup-1.0.300.tgz | Bin 5314 -> 0 bytes .../rancher-backup-1.0.301-rc00.tgz | Bin 5317 -> 0 bytes .../rancher-backup-1.0.301-rc01.tgz | Bin 5326 -> 0 bytes .../rancher-backup-crd-1.0.200.tgz | Bin 1719 -> 0 bytes .../rancher-backup-crd-1.0.201.tgz | Bin 1673 -> 0 bytes .../rancher-backup-crd-1.0.300.tgz | Bin 1672 -> 0 bytes .../rancher-backup-crd-1.0.301-rc00.tgz | Bin 1674 -> 0 bytes .../rancher-backup-crd-1.0.301-rc01.tgz | Bin 1676 -> 0 bytes .../rancher-cis-benchmark-1.0.100.tgz | Bin 3414 -> 0 bytes .../rancher-cis-benchmark-1.0.200.tgz | Bin 3939 -> 0 bytes .../rancher-cis-benchmark-1.0.300.tgz | Bin 4827 -> 0 bytes .../rancher-cis-benchmark-1.0.301-rc00.tgz | Bin 4835 -> 0 bytes .../rancher-cis-benchmark-1.0.301-rc01.tgz | Bin 4836 -> 0 bytes .../rancher-cis-benchmark-crd-1.0.100.tgz | Bin 1333 -> 0 bytes .../rancher-cis-benchmark-crd-1.0.200.tgz | Bin 1282 -> 0 bytes .../rancher-cis-benchmark-crd-1.0.300.tgz | Bin 1448 -> 0 bytes ...rancher-cis-benchmark-crd-1.0.301-rc00.tgz | Bin 1453 -> 0 bytes ...rancher-cis-benchmark-crd-1.0.301-rc01.tgz | Bin 1452 -> 0 bytes .../rancher-external-ip-webhook-0.1.400.tgz | Bin 7297 -> 0 bytes .../rancher-external-ip-webhook-0.1.500.tgz | Bin 7578 -> 0 bytes .../rancher-external-ip-webhook-0.1.600.tgz | Bin 7576 -> 0 bytes ...ncher-external-ip-webhook-0.1.601-rc00.tgz | Bin 7543 -> 0 bytes ...ncher-external-ip-webhook-0.1.601-rc01.tgz | Bin 7550 -> 0 bytes .../rancher-gatekeeper-3.1.100.tgz | Bin 6114 -> 0 bytes .../rancher-gatekeeper-3.1.101.tgz | Bin 6730 -> 0 bytes .../rancher-gatekeeper-3.2.100.tgz | Bin 6958 -> 0 bytes .../rancher-gatekeeper-3.2.101.tgz | Bin 6955 -> 0 bytes .../rancher-gatekeeper-3.3.000-rc01.tgz | Bin 7398 -> 0 bytes .../rancher-gatekeeper-3.3.000-rc02.tgz | Bin 7400 -> 0 bytes .../rancher-gatekeeper-crd-3.1.100.tgz | Bin 2480 -> 0 bytes .../rancher-gatekeeper-crd-3.1.101.tgz | Bin 2439 -> 0 bytes .../rancher-gatekeeper-crd-3.2.100.tgz | Bin 2432 -> 0 bytes .../rancher-gatekeeper-crd-3.2.101.tgz | Bin 3693 -> 0 bytes .../rancher-gatekeeper-crd-3.3.000-rc01.tgz | Bin 3687 -> 0 bytes .../rancher-gatekeeper-crd-3.3.000-rc02.tgz | Bin 3685 -> 0 bytes .../rancher-istio/rancher-istio-1.7.100.tgz | Bin 13468 -> 0 bytes .../rancher-istio/rancher-istio-1.7.101.tgz | Bin 13467 -> 0 bytes .../rancher-istio/rancher-istio-1.7.300.tgz | Bin 14067 -> 0 bytes .../rancher-istio/rancher-istio-1.7.301.tgz | Bin 17400 -> 0 bytes .../rancher-istio/rancher-istio-1.7.600.tgz | Bin 17351 -> 0 bytes .../rancher-istio-1.8.300-rc00.tgz | Bin 18106 -> 0 bytes .../rancher-istio-1.8.300-rc01.tgz | Bin 18131 -> 0 bytes .../rancher-kiali-server-1.23.001.tgz | Bin 9102 -> 0 bytes .../rancher-kiali-server-1.23.002.tgz | Bin 9104 -> 0 bytes .../rancher-kiali-server-1.24.001.tgz | Bin 9102 -> 0 bytes .../rancher-kiali-server-1.24.002.tgz | Bin 9099 -> 0 bytes .../rancher-kiali-server-1.24.003.tgz | Bin 9097 -> 0 bytes .../rancher-kiali-server-1.29.000-rc00.tgz | Bin 9765 -> 0 bytes .../rancher-kiali-server-1.29.000-rc01.tgz | Bin 9767 -> 0 bytes .../rancher-kiali-server-crd-1.23.001.tgz | Bin 606 -> 0 bytes .../rancher-kiali-server-crd-1.23.002.tgz | Bin 562 -> 0 bytes .../rancher-kiali-server-crd-1.24.001.tgz | Bin 561 -> 0 bytes .../rancher-kiali-server-crd-1.24.002.tgz | Bin 561 -> 0 bytes .../rancher-kiali-server-crd-1.24.003.tgz | Bin 562 -> 0 bytes ...rancher-kiali-server-crd-1.29.000-rc00.tgz | Bin 565 -> 0 bytes ...rancher-kiali-server-crd-1.29.000-rc01.tgz | Bin 564 -> 0 bytes .../rancher-logging-3.6.000.tgz | Bin 7688 -> 0 bytes .../rancher-logging-3.6.001.tgz | Bin 8486 -> 0 bytes .../rancher-logging-3.7.301.tgz | Bin 8487 -> 0 bytes .../rancher-logging-3.8.001.tgz | Bin 8651 -> 0 bytes .../rancher-logging-3.8.201.tgz | Bin 8816 -> 0 bytes .../rancher-logging-3.9.000-rc00.tgz | Bin 9164 -> 0 bytes .../rancher-logging-3.9.000-rc01.tgz | Bin 10148 -> 0 bytes .../rancher-logging-3.9.000-rc02.tgz | Bin 9539 -> 0 bytes .../rancher-logging-3.9.000-rc03.tgz | Bin 9530 -> 0 bytes .../rancher-logging-3.9.000-rc04.tgz | Bin 9674 -> 0 bytes .../rancher-logging-3.9.000-rc05.tgz | Bin 9557 -> 0 bytes .../rancher-logging-3.9.000-rc06.tgz | Bin 9536 -> 0 bytes .../rancher-logging-3.9.000-rc07.tgz | Bin 9658 -> 0 bytes .../rancher-logging-3.9.000-rc08.tgz | Bin 9662 -> 0 bytes .../rancher-logging-crd-3.6.000.tgz | Bin 21426 -> 0 bytes .../rancher-logging-crd-3.6.001.tgz | Bin 21373 -> 0 bytes .../rancher-logging-crd-3.7.301.tgz | Bin 22384 -> 0 bytes .../rancher-logging-crd-3.8.001.tgz | Bin 22905 -> 0 bytes .../rancher-logging-crd-3.8.201.tgz | Bin 24248 -> 0 bytes .../rancher-logging-crd-3.9.000-rc00.tgz | Bin 26807 -> 0 bytes .../rancher-logging-crd-3.9.000-rc01.tgz | Bin 26809 -> 0 bytes .../rancher-logging-crd-3.9.000-rc02.tgz | Bin 26811 -> 0 bytes .../rancher-logging-crd-3.9.000-rc03.tgz | Bin 26803 -> 0 bytes .../rancher-logging-crd-3.9.000-rc04.tgz | Bin 26809 -> 0 bytes .../rancher-logging-crd-3.9.000-rc05.tgz | Bin 26811 -> 0 bytes .../rancher-logging-crd-3.9.000-rc06.tgz | Bin 26812 -> 0 bytes .../rancher-logging-crd-3.9.000-rc07.tgz | Bin 26811 -> 0 bytes .../rancher-logging-crd-3.9.000-rc08.tgz | Bin 26803 -> 0 bytes .../rancher-monitoring-9.4.200.tgz | Bin 220162 -> 0 bytes .../rancher-monitoring-9.4.201.tgz | Bin 221164 -> 0 bytes .../rancher-monitoring-9.4.202.tgz | Bin 221279 -> 0 bytes .../rancher-monitoring-9.4.203-rc00.tgz | Bin 243089 -> 0 bytes .../rancher-monitoring-9.4.203-rc01.tgz | Bin 238087 -> 0 bytes .../rancher-monitoring-9.4.203-rc02.tgz | Bin 238222 -> 0 bytes .../rancher-monitoring-9.4.203-rc03.tgz | Bin 233308 -> 0 bytes .../rancher-monitoring-9.4.203-rc04.tgz | Bin 238352 -> 0 bytes .../rancher-monitoring-crd-9.4.200.tgz | Bin 113779 -> 0 bytes .../rancher-monitoring-crd-9.4.201.tgz | Bin 113742 -> 0 bytes .../rancher-monitoring-crd-9.4.202.tgz | Bin 113958 -> 0 bytes .../rancher-monitoring-crd-9.4.203-rc00.tgz | Bin 113958 -> 0 bytes .../rancher-monitoring-crd-9.4.203-rc01.tgz | Bin 113958 -> 0 bytes .../rancher-monitoring-crd-9.4.203-rc02.tgz | Bin 113958 -> 0 bytes .../rancher-monitoring-crd-9.4.203-rc03.tgz | Bin 113952 -> 0 bytes .../rancher-monitoring-crd-9.4.203-rc04.tgz | Bin 113957 -> 0 bytes .../rancher-operator-crd-0.1.0-alpha800.tgz | Bin 7038 -> 0 bytes .../rancher-operator-crd-0.1.000.tgz | Bin 7034 -> 0 bytes .../rancher-operator-crd-0.1.100.tgz | Bin 7033 -> 0 bytes .../rancher-operator-crd-0.1.2-rc100.tgz | Bin 7038 -> 0 bytes .../rancher-operator-crd-0.1.2-rc200.tgz | Bin 7048 -> 0 bytes .../rancher-operator-crd-0.1.200-rc2.tgz | Bin 7048 -> 0 bytes .../rancher-operator-crd-0.1.200.tgz | Bin 7041 -> 0 bytes .../rancher-operator-crd-0.1.300-rc01.tgz | Bin 7118 -> 0 bytes .../rancher-operator-crd-0.1.300-rc03.tgz | Bin 8587 -> 0 bytes .../rancher-operator-crd-0.1.300-rc04.tgz | Bin 8587 -> 0 bytes .../rancher-operator-crd-0.1.300-rc05.tgz | Bin 8649 -> 0 bytes .../rancher-operator-crd-0.1.300-rc06.tgz | Bin 8639 -> 0 bytes .../rancher-operator-crd-0.1.300-rc07.tgz | Bin 8640 -> 0 bytes .../rancher-operator-crd-0.1.300-rc08.tgz | Bin 8638 -> 0 bytes .../rancher-operator-0.1.0-alpha800.tgz | Bin 1095 -> 0 bytes .../rancher-operator-0.1.000.tgz | Bin 1087 -> 0 bytes .../rancher-operator-0.1.100.tgz | Bin 1117 -> 0 bytes .../rancher-operator-0.1.2-rc100.tgz | Bin 1115 -> 0 bytes .../rancher-operator-0.1.2-rc200.tgz | Bin 1118 -> 0 bytes .../rancher-operator-0.1.200-rc2.tgz | Bin 1118 -> 0 bytes .../rancher-operator-0.1.200.tgz | Bin 1088 -> 0 bytes .../rancher-operator-0.1.300-rc01.tgz | Bin 1095 -> 0 bytes .../rancher-operator-0.1.300-rc03.tgz | Bin 1095 -> 0 bytes .../rancher-operator-0.1.300-rc04.tgz | Bin 1095 -> 0 bytes .../rancher-operator-0.1.300-rc05.tgz | Bin 1095 -> 0 bytes .../rancher-operator-0.1.300-rc06.tgz | Bin 1095 -> 0 bytes .../rancher-operator-0.1.300-rc07.tgz | Bin 1096 -> 0 bytes .../rancher-operator-0.1.300-rc08.tgz | Bin 1092 -> 0 bytes .../rancher-pushprox-0.1.0.tgz | Bin 5934 -> 0 bytes .../rancher-pushprox-0.1.1.tgz | Bin 5925 -> 0 bytes .../rancher-pushprox-0.1.2.tgz | Bin 6049 -> 0 bytes .../rancher-pushprox-0.1.201-rc00.tgz | Bin 6097 -> 0 bytes .../rancher-pushprox-0.1.201-rc01.tgz | Bin 6097 -> 0 bytes .../rancher-pushprox-0.1.201-rc02.tgz | Bin 6103 -> 0 bytes .../rancher-tracing-1.20.001-rc00.tgz | Bin 3275 -> 0 bytes .../rancher-tracing-1.20.001.tgz | Bin 3313 -> 0 bytes .../rancher-tracing-1.20.002-rc00.tgz | Bin 3279 -> 0 bytes .../rancher-vsphere-cpi-1.0.000-rc01.tgz | Bin 3599 -> 0 bytes .../rancher-vsphere-csi-2.1.000-rc01.tgz | Bin 5782 -> 0 bytes .../rancher-webhook-0.1.0-beta300.tgz | Bin 1222 -> 0 bytes .../rancher-webhook-0.1.0-beta500.tgz | Bin 1218 -> 0 bytes .../rancher-webhook-0.1.0-beta600.tgz | Bin 1225 -> 0 bytes .../rancher-webhook-0.1.0-beta700.tgz | Bin 1226 -> 0 bytes .../rancher-webhook-0.1.0-beta800.tgz | Bin 1225 -> 0 bytes .../rancher-webhook-0.1.0-beta900.tgz | Bin 1225 -> 0 bytes .../rancher-webhook-0.1.0-beta901-rc00.tgz | Bin 1218 -> 0 bytes released/assets/rio/rio-0.8.000.tgz | Bin 3660 -> 0 bytes released/assets/rio/rio-0.8.001-rc00.tgz | Bin 3647 -> 0 bytes .../vsphere-cpi/vsphere-cpi-1.0.000-rc00.tgz | Bin 3597 -> 0 bytes .../vsphere-cpi/vsphere-cpi-1.0.000-rc01.tgz | Bin 3595 -> 0 bytes .../vsphere-csi/vsphere-csi-2.1.000-rc00.tgz | Bin 5776 -> 0 bytes .../vsphere-csi/vsphere-csi-2.1.000-rc01.tgz | Bin 5774 -> 0 bytes 249 files changed, 5505 deletions(-) delete mode 100755 released/README.md delete mode 100644 released/assets/fleet-agent/fleet-agent-0.3.0-beta600.tgz delete mode 100644 released/assets/fleet-agent/fleet-agent-0.3.0-rc100.tgz delete mode 100644 released/assets/fleet-agent/fleet-agent-0.3.0-rc200.tgz delete mode 100644 released/assets/fleet-agent/fleet-agent-0.3.0-rc300.tgz delete mode 100644 released/assets/fleet-agent/fleet-agent-0.3.000.tgz delete mode 100644 released/assets/fleet-agent/fleet-agent-0.3.1-rc200.tgz delete mode 100644 released/assets/fleet-agent/fleet-agent-0.3.100.tgz delete mode 100644 released/assets/fleet-agent/fleet-agent-0.3.2-rc100.tgz delete mode 100644 released/assets/fleet-agent/fleet-agent-0.3.2-rc200.tgz delete mode 100644 released/assets/fleet-agent/fleet-agent-0.3.2-rc300.tgz delete mode 100644 released/assets/fleet-agent/fleet-agent-0.3.2-rc400.tgz delete mode 100644 released/assets/fleet-agent/fleet-agent-0.3.2-rc500.tgz delete mode 100644 released/assets/fleet-agent/fleet-agent-0.3.200-rc5.tgz delete mode 100644 released/assets/fleet-agent/fleet-agent-0.3.200-rc6.tgz delete mode 100644 released/assets/fleet-agent/fleet-agent-0.3.200-rc7.tgz delete mode 100644 released/assets/fleet-agent/fleet-agent-0.3.200.tgz delete mode 100644 released/assets/fleet-agent/fleet-agent-0.3.300-rc1.tgz delete mode 100644 released/assets/fleet-agent/fleet-agent-0.3.300.tgz delete mode 100755 released/assets/fleet-agent/fleet-agent-0.3.400-rc00.tgz delete mode 100755 released/assets/fleet-agent/fleet-agent-0.3.400-rc03.tgz delete mode 100755 released/assets/fleet-agent/fleet-agent-0.3.400-rc04.tgz delete mode 100755 released/assets/fleet-agent/fleet-agent-0.3.400-rc05.tgz delete mode 100755 released/assets/fleet-agent/fleet-agent-0.3.400-rc06.tgz delete mode 100755 released/assets/fleet-agent/fleet-agent-0.3.400-rc07.tgz delete mode 100755 released/assets/fleet-agent/fleet-agent-0.3.400-rc08.tgz delete mode 100644 released/assets/fleet-crd/fleet-crd-0.3.0-beta600.tgz delete mode 100644 released/assets/fleet-crd/fleet-crd-0.3.0-rc100.tgz delete mode 100644 released/assets/fleet-crd/fleet-crd-0.3.0-rc200.tgz delete mode 100644 released/assets/fleet-crd/fleet-crd-0.3.0-rc300.tgz delete mode 100644 released/assets/fleet-crd/fleet-crd-0.3.000.tgz delete mode 100644 released/assets/fleet-crd/fleet-crd-0.3.100.tgz delete mode 100644 released/assets/fleet-crd/fleet-crd-0.3.2-rc100.tgz delete mode 100644 released/assets/fleet-crd/fleet-crd-0.3.2-rc200.tgz delete mode 100644 released/assets/fleet-crd/fleet-crd-0.3.2-rc300.tgz delete mode 100644 released/assets/fleet-crd/fleet-crd-0.3.2-rc400.tgz delete mode 100644 released/assets/fleet-crd/fleet-crd-0.3.2-rc500.tgz delete mode 100644 released/assets/fleet-crd/fleet-crd-0.3.200-rc5.tgz delete mode 100644 released/assets/fleet-crd/fleet-crd-0.3.200-rc6.tgz delete mode 100644 released/assets/fleet-crd/fleet-crd-0.3.200-rc7.tgz delete mode 100644 released/assets/fleet-crd/fleet-crd-0.3.200.tgz delete mode 100644 released/assets/fleet-crd/fleet-crd-0.3.300-rc1.tgz delete mode 100644 released/assets/fleet-crd/fleet-crd-0.3.300.tgz delete mode 100755 released/assets/fleet-crd/fleet-crd-0.3.400-rc00.tgz delete mode 100755 released/assets/fleet-crd/fleet-crd-0.3.400-rc03.tgz delete mode 100755 released/assets/fleet-crd/fleet-crd-0.3.400-rc04.tgz delete mode 100755 released/assets/fleet-crd/fleet-crd-0.3.400-rc05.tgz delete mode 100755 released/assets/fleet-crd/fleet-crd-0.3.400-rc06.tgz delete mode 100755 released/assets/fleet-crd/fleet-crd-0.3.400-rc07.tgz delete mode 100755 released/assets/fleet-crd/fleet-crd-0.3.400-rc08.tgz delete mode 100644 released/assets/fleet/fleet-0.3.0-beta600.tgz delete mode 100644 released/assets/fleet/fleet-0.3.0-rc100.tgz delete mode 100644 released/assets/fleet/fleet-0.3.0-rc200.tgz delete mode 100644 released/assets/fleet/fleet-0.3.0-rc300.tgz delete mode 100644 released/assets/fleet/fleet-0.3.000.tgz delete mode 100644 released/assets/fleet/fleet-0.3.1-rc200.tgz delete mode 100644 released/assets/fleet/fleet-0.3.100.tgz delete mode 100644 released/assets/fleet/fleet-0.3.2-rc100.tgz delete mode 100644 released/assets/fleet/fleet-0.3.2-rc200.tgz delete mode 100644 released/assets/fleet/fleet-0.3.2-rc300.tgz delete mode 100644 released/assets/fleet/fleet-0.3.2-rc400.tgz delete mode 100644 released/assets/fleet/fleet-0.3.2-rc500.tgz delete mode 100644 released/assets/fleet/fleet-0.3.200-rc5.tgz delete mode 100644 released/assets/fleet/fleet-0.3.200-rc6.tgz delete mode 100644 released/assets/fleet/fleet-0.3.200-rc7.tgz delete mode 100644 released/assets/fleet/fleet-0.3.200.tgz delete mode 100644 released/assets/fleet/fleet-0.3.300-rc1.tgz delete mode 100644 released/assets/fleet/fleet-0.3.300.tgz delete mode 100755 released/assets/fleet/fleet-0.3.400-rc00.tgz delete mode 100755 released/assets/fleet/fleet-0.3.400-rc03.tgz delete mode 100755 released/assets/fleet/fleet-0.3.400-rc04.tgz delete mode 100755 released/assets/fleet/fleet-0.3.400-rc05.tgz delete mode 100755 released/assets/fleet/fleet-0.3.400-rc06.tgz delete mode 100755 released/assets/fleet/fleet-0.3.400-rc07.tgz delete mode 100755 released/assets/fleet/fleet-0.3.400-rc08.tgz delete mode 100644 released/assets/index.yaml delete mode 100644 released/assets/logos/backup-restore.svg delete mode 100644 released/assets/logos/cis-kube-bench.svg delete mode 100644 released/assets/logos/fleet.svg delete mode 100644 released/assets/logos/gatekeeper.svg delete mode 100644 released/assets/logos/istio.svg delete mode 100644 released/assets/logos/logging.svg delete mode 100644 released/assets/logos/rio.svg delete mode 100644 released/assets/longhorn/longhorn-1.0.200.tgz delete mode 100644 released/assets/longhorn/longhorn-1.0.201.tgz delete mode 100644 released/assets/longhorn/longhorn-1.0.202.tgz delete mode 100644 released/assets/longhorn/longhorn-1.1.000.tgz delete mode 100755 released/assets/longhorn/longhorn-1.1.001-rc00.tgz delete mode 100755 released/assets/longhorn/longhorn-1.1.001-rc01.tgz delete mode 100644 released/assets/longhorn/longhorn-crd-1.0.200.tgz delete mode 100644 released/assets/longhorn/longhorn-crd-1.0.201.tgz delete mode 100644 released/assets/longhorn/longhorn-crd-1.0.202.tgz delete mode 100644 released/assets/longhorn/longhorn-crd-1.1.000.tgz delete mode 100755 released/assets/longhorn/longhorn-crd-1.1.001-rc00.tgz delete mode 100755 released/assets/longhorn/longhorn-crd-1.1.001-rc01.tgz delete mode 100644 released/assets/rancher-backup/rancher-backup-1.0.200.tgz delete mode 100644 released/assets/rancher-backup/rancher-backup-1.0.201.tgz delete mode 100644 released/assets/rancher-backup/rancher-backup-1.0.300.tgz delete mode 100755 released/assets/rancher-backup/rancher-backup-1.0.301-rc00.tgz delete mode 100755 released/assets/rancher-backup/rancher-backup-1.0.301-rc01.tgz delete mode 100644 released/assets/rancher-backup/rancher-backup-crd-1.0.200.tgz delete mode 100644 released/assets/rancher-backup/rancher-backup-crd-1.0.201.tgz delete mode 100644 released/assets/rancher-backup/rancher-backup-crd-1.0.300.tgz delete mode 100755 released/assets/rancher-backup/rancher-backup-crd-1.0.301-rc00.tgz delete mode 100755 released/assets/rancher-backup/rancher-backup-crd-1.0.301-rc01.tgz delete mode 100644 released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.100.tgz delete mode 100644 released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.200.tgz delete mode 100644 released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.300.tgz delete mode 100755 released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.301-rc00.tgz delete mode 100755 released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.301-rc01.tgz delete mode 100644 released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.100.tgz delete mode 100644 released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.200.tgz delete mode 100644 released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.300.tgz delete mode 100755 released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.301-rc00.tgz delete mode 100755 released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.301-rc01.tgz delete mode 100644 released/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.400.tgz delete mode 100644 released/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.500.tgz delete mode 100644 released/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.600.tgz delete mode 100755 released/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.601-rc00.tgz delete mode 100755 released/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.601-rc01.tgz delete mode 100644 released/assets/rancher-gatekeeper/rancher-gatekeeper-3.1.100.tgz delete mode 100644 released/assets/rancher-gatekeeper/rancher-gatekeeper-3.1.101.tgz delete mode 100644 released/assets/rancher-gatekeeper/rancher-gatekeeper-3.2.100.tgz delete mode 100644 released/assets/rancher-gatekeeper/rancher-gatekeeper-3.2.101.tgz delete mode 100755 released/assets/rancher-gatekeeper/rancher-gatekeeper-3.3.000-rc01.tgz delete mode 100755 released/assets/rancher-gatekeeper/rancher-gatekeeper-3.3.000-rc02.tgz delete mode 100644 released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.1.100.tgz delete mode 100644 released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.1.101.tgz delete mode 100644 released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.2.100.tgz delete mode 100644 released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.2.101.tgz delete mode 100755 released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.3.000-rc01.tgz delete mode 100755 released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.3.000-rc02.tgz delete mode 100644 released/assets/rancher-istio/rancher-istio-1.7.100.tgz delete mode 100644 released/assets/rancher-istio/rancher-istio-1.7.101.tgz delete mode 100644 released/assets/rancher-istio/rancher-istio-1.7.300.tgz delete mode 100644 released/assets/rancher-istio/rancher-istio-1.7.301.tgz delete mode 100644 released/assets/rancher-istio/rancher-istio-1.7.600.tgz delete mode 100755 released/assets/rancher-istio/rancher-istio-1.8.300-rc00.tgz delete mode 100755 released/assets/rancher-istio/rancher-istio-1.8.300-rc01.tgz delete mode 100644 released/assets/rancher-kiali-server/rancher-kiali-server-1.23.001.tgz delete mode 100644 released/assets/rancher-kiali-server/rancher-kiali-server-1.23.002.tgz delete mode 100644 released/assets/rancher-kiali-server/rancher-kiali-server-1.24.001.tgz delete mode 100644 released/assets/rancher-kiali-server/rancher-kiali-server-1.24.002.tgz delete mode 100644 released/assets/rancher-kiali-server/rancher-kiali-server-1.24.003.tgz delete mode 100755 released/assets/rancher-kiali-server/rancher-kiali-server-1.29.000-rc00.tgz delete mode 100755 released/assets/rancher-kiali-server/rancher-kiali-server-1.29.000-rc01.tgz delete mode 100644 released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.23.001.tgz delete mode 100644 released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.23.002.tgz delete mode 100644 released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.24.001.tgz delete mode 100644 released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.24.002.tgz delete mode 100644 released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.24.003.tgz delete mode 100755 released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.29.000-rc00.tgz delete mode 100755 released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.29.000-rc01.tgz delete mode 100644 released/assets/rancher-logging/rancher-logging-3.6.000.tgz delete mode 100644 released/assets/rancher-logging/rancher-logging-3.6.001.tgz delete mode 100644 released/assets/rancher-logging/rancher-logging-3.7.301.tgz delete mode 100644 released/assets/rancher-logging/rancher-logging-3.8.001.tgz delete mode 100644 released/assets/rancher-logging/rancher-logging-3.8.201.tgz delete mode 100755 released/assets/rancher-logging/rancher-logging-3.9.000-rc00.tgz delete mode 100755 released/assets/rancher-logging/rancher-logging-3.9.000-rc01.tgz delete mode 100755 released/assets/rancher-logging/rancher-logging-3.9.000-rc02.tgz delete mode 100755 released/assets/rancher-logging/rancher-logging-3.9.000-rc03.tgz delete mode 100755 released/assets/rancher-logging/rancher-logging-3.9.000-rc04.tgz delete mode 100755 released/assets/rancher-logging/rancher-logging-3.9.000-rc05.tgz delete mode 100755 released/assets/rancher-logging/rancher-logging-3.9.000-rc06.tgz delete mode 100755 released/assets/rancher-logging/rancher-logging-3.9.000-rc07.tgz delete mode 100755 released/assets/rancher-logging/rancher-logging-3.9.000-rc08.tgz delete mode 100644 released/assets/rancher-logging/rancher-logging-crd-3.6.000.tgz delete mode 100644 released/assets/rancher-logging/rancher-logging-crd-3.6.001.tgz delete mode 100644 released/assets/rancher-logging/rancher-logging-crd-3.7.301.tgz delete mode 100644 released/assets/rancher-logging/rancher-logging-crd-3.8.001.tgz delete mode 100644 released/assets/rancher-logging/rancher-logging-crd-3.8.201.tgz delete mode 100755 released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc00.tgz delete mode 100755 released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc01.tgz delete mode 100755 released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc02.tgz delete mode 100755 released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc03.tgz delete mode 100755 released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc04.tgz delete mode 100755 released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc05.tgz delete mode 100755 released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc06.tgz delete mode 100755 released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc07.tgz delete mode 100755 released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc08.tgz delete mode 100644 released/assets/rancher-monitoring/rancher-monitoring-9.4.200.tgz delete mode 100644 released/assets/rancher-monitoring/rancher-monitoring-9.4.201.tgz delete mode 100644 released/assets/rancher-monitoring/rancher-monitoring-9.4.202.tgz delete mode 100755 released/assets/rancher-monitoring/rancher-monitoring-9.4.203-rc00.tgz delete mode 100755 released/assets/rancher-monitoring/rancher-monitoring-9.4.203-rc01.tgz delete mode 100755 released/assets/rancher-monitoring/rancher-monitoring-9.4.203-rc02.tgz delete mode 100755 released/assets/rancher-monitoring/rancher-monitoring-9.4.203-rc03.tgz delete mode 100755 released/assets/rancher-monitoring/rancher-monitoring-9.4.203-rc04.tgz delete mode 100644 released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.200.tgz delete mode 100644 released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.201.tgz delete mode 100644 released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.202.tgz delete mode 100755 released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.203-rc00.tgz delete mode 100755 released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.203-rc01.tgz delete mode 100755 released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.203-rc02.tgz delete mode 100755 released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.203-rc03.tgz delete mode 100755 released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.203-rc04.tgz delete mode 100644 released/assets/rancher-operator-crd/rancher-operator-crd-0.1.0-alpha800.tgz delete mode 100644 released/assets/rancher-operator-crd/rancher-operator-crd-0.1.000.tgz delete mode 100644 released/assets/rancher-operator-crd/rancher-operator-crd-0.1.100.tgz delete mode 100644 released/assets/rancher-operator-crd/rancher-operator-crd-0.1.2-rc100.tgz delete mode 100644 released/assets/rancher-operator-crd/rancher-operator-crd-0.1.2-rc200.tgz delete mode 100644 released/assets/rancher-operator-crd/rancher-operator-crd-0.1.200-rc2.tgz delete mode 100644 released/assets/rancher-operator-crd/rancher-operator-crd-0.1.200.tgz delete mode 100755 released/assets/rancher-operator-crd/rancher-operator-crd-0.1.300-rc01.tgz delete mode 100755 released/assets/rancher-operator-crd/rancher-operator-crd-0.1.300-rc03.tgz delete mode 100755 released/assets/rancher-operator-crd/rancher-operator-crd-0.1.300-rc04.tgz delete mode 100755 released/assets/rancher-operator-crd/rancher-operator-crd-0.1.300-rc05.tgz delete mode 100755 released/assets/rancher-operator-crd/rancher-operator-crd-0.1.300-rc06.tgz delete mode 100755 released/assets/rancher-operator-crd/rancher-operator-crd-0.1.300-rc07.tgz delete mode 100755 released/assets/rancher-operator-crd/rancher-operator-crd-0.1.300-rc08.tgz delete mode 100644 released/assets/rancher-operator/rancher-operator-0.1.0-alpha800.tgz delete mode 100644 released/assets/rancher-operator/rancher-operator-0.1.000.tgz delete mode 100644 released/assets/rancher-operator/rancher-operator-0.1.100.tgz delete mode 100644 released/assets/rancher-operator/rancher-operator-0.1.2-rc100.tgz delete mode 100644 released/assets/rancher-operator/rancher-operator-0.1.2-rc200.tgz delete mode 100644 released/assets/rancher-operator/rancher-operator-0.1.200-rc2.tgz delete mode 100644 released/assets/rancher-operator/rancher-operator-0.1.200.tgz delete mode 100755 released/assets/rancher-operator/rancher-operator-0.1.300-rc01.tgz delete mode 100755 released/assets/rancher-operator/rancher-operator-0.1.300-rc03.tgz delete mode 100755 released/assets/rancher-operator/rancher-operator-0.1.300-rc04.tgz delete mode 100755 released/assets/rancher-operator/rancher-operator-0.1.300-rc05.tgz delete mode 100755 released/assets/rancher-operator/rancher-operator-0.1.300-rc06.tgz delete mode 100755 released/assets/rancher-operator/rancher-operator-0.1.300-rc07.tgz delete mode 100755 released/assets/rancher-operator/rancher-operator-0.1.300-rc08.tgz delete mode 100644 released/assets/rancher-pushprox/rancher-pushprox-0.1.0.tgz delete mode 100644 released/assets/rancher-pushprox/rancher-pushprox-0.1.1.tgz delete mode 100644 released/assets/rancher-pushprox/rancher-pushprox-0.1.2.tgz delete mode 100755 released/assets/rancher-pushprox/rancher-pushprox-0.1.201-rc00.tgz delete mode 100755 released/assets/rancher-pushprox/rancher-pushprox-0.1.201-rc01.tgz delete mode 100755 released/assets/rancher-pushprox/rancher-pushprox-0.1.201-rc02.tgz delete mode 100755 released/assets/rancher-tracing/rancher-tracing-1.20.001-rc00.tgz delete mode 100644 released/assets/rancher-tracing/rancher-tracing-1.20.001.tgz delete mode 100755 released/assets/rancher-tracing/rancher-tracing-1.20.002-rc00.tgz delete mode 100755 released/assets/rancher-vsphere-cpi/rancher-vsphere-cpi-1.0.000-rc01.tgz delete mode 100755 released/assets/rancher-vsphere-csi/rancher-vsphere-csi-2.1.000-rc01.tgz delete mode 100644 released/assets/rancher-webhook/rancher-webhook-0.1.0-beta300.tgz delete mode 100644 released/assets/rancher-webhook/rancher-webhook-0.1.0-beta500.tgz delete mode 100644 released/assets/rancher-webhook/rancher-webhook-0.1.0-beta600.tgz delete mode 100644 released/assets/rancher-webhook/rancher-webhook-0.1.0-beta700.tgz delete mode 100644 released/assets/rancher-webhook/rancher-webhook-0.1.0-beta800.tgz delete mode 100644 released/assets/rancher-webhook/rancher-webhook-0.1.0-beta900.tgz delete mode 100755 released/assets/rancher-webhook/rancher-webhook-0.1.0-beta901-rc00.tgz delete mode 100644 released/assets/rio/rio-0.8.000.tgz delete mode 100755 released/assets/rio/rio-0.8.001-rc00.tgz delete mode 100755 released/assets/vsphere-cpi/vsphere-cpi-1.0.000-rc00.tgz delete mode 100755 released/assets/vsphere-cpi/vsphere-cpi-1.0.000-rc01.tgz delete mode 100755 released/assets/vsphere-csi/vsphere-csi-2.1.000-rc00.tgz delete mode 100755 released/assets/vsphere-csi/vsphere-csi-2.1.000-rc01.tgz diff --git a/released/README.md b/released/README.md deleted file mode 100755 index 6ff2b27e5..000000000 --- a/released/README.md +++ /dev/null @@ -1,5 +0,0 @@ -## Released Assets - -This folder contains Helm chart archives for `releaseCandidateVersions` of Helm charts contained within Packages whose `packageVersion` have already been released at charts.rancher.io. - -On cutting a release, a Release Captain should run the corresponding `make release` command on this repository to move already released assets into this directory and update the index.yaml with the new chart locations. \ No newline at end of file diff --git a/released/assets/fleet-agent/fleet-agent-0.3.0-beta600.tgz b/released/assets/fleet-agent/fleet-agent-0.3.0-beta600.tgz deleted file mode 100644 index 3df6302639102a6b4a2f73d13c1c1ca23161435b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2167 zcmV--2#EI|iwFS6FWp}N1MM4KbK|!0p7|><>}0O(nAA6w(VOeLWSsh3&)LmO)A2wg zD4_-kh5+p-ivD{S07+3KZQc2FQg6zAFhyW@vG~|e!XYC>I(R{1*?aSqpx^ILCljQf zo~NJv;n+NLK!efLn+}K5vDZia!FW2Dyg`$%B~TSIA#n<#1U!x@!2ym$D;}VQ;R}57 zd6ds@1j5SxUo3Gd-4%}5VaI^=@W$ik_um@~YWwebc|I@zbb@u-lKqJ_DW%*N*a6u(cSEVWMRm~Pc5--50R?VpO zCv>+YD9PrG`skk@uMiKBgqFW&bCSjcObI%_xkQ4bVD(U%!4k&{jj?NVBiIErCx9ps z3`~IW``<8FBeFHQ#5A}*k7jV3M#|RTYQ``yxE8w*N3l;xgh=f3fCNY%>q4@N^H<8~ z0{6=hF%n7yc2ceom573a5F(3U6uE?#8qd3{TZJO%A_k243Ssm_7()*+e~LjAcRPoR z^Xe3Q1`DF3Aqy&Gs{ON>hb8%g_M{s33eO1>NOFXOKs{uII7@(NhXaq<%2fk^Bq>4Q z`4t_AhC@Z5h(qj4m@3nZXD|c`IiI09PPejAq`xIOVdZKb^8Pv;n z)v1+!zE1u`v`|K1^=>%m&g*S((8dW|v&6LAx131qPF@f{1rKeRxZ-1_>$)C#6by1Kd#2J(Mgjae65qf}=>Pu!2 z+jKui(EUd92kzi|*E?09(!p1O_V_O#3FE5>8V?Z-?D78t=-&1J!@+bs?EL>Rpqem2 zwj_Fw1M7jtkk7p<&wv$yw+|o-Q`VxH(1?Wi+KPdB^1+B0n-XE^FRyYpf;0gCT}rSl z`H{Re(@5>%!{Ob=Xgcp@Y z@PCvrFumb!Yu%=dw@%=fvQTG_}&o6UOd{%itq zP3vxr^JX)vcY53)_Wu~LUegf81i5)|>6TF_DlJVOsk*f=6>OCSW-Y{&p+6@npoPf3Q)!T{ zj+IFrjbZH=gEWK2I%M7k?%%2WNw?)CJ>6F|P4-?f{$k`HaR5)Nbv{iV&4~I`vuR4w zHX+D43d(BQTNT>g>7Xk6`8A^{(RrcCta*Fw z*N1ldpU$y=xH{ne_`hGX|NXHy>g@k9pc?<{UB{VR@|6CrD;EKc+lObg1s2w|{-BtB`_csZVwq!7|M&4VL3L*6Zc| z8#Jf_%&WwA<~g-`$&-R&A}X@u>KSzKCD5+_K957X zh;VX{AYh;VkDB@4WYpdNI11!$N$>XuoLDt`@UrR`J?6N~&>xPjH?8xk6J#ckyA*kg zDdwsC!t~mv!Je(xlK&)lT*KUK&bE9YA*oOn-<9l{y)B3pjhl_F@w)uwQ=nb{@0Wxn za130T93TbQtN+7#{682Dy6^u-f%V!!0SRgRQd!#3MFFR(&E|_^aVM+wOJhk^R8zha zJ^NJ*z#5S9#oo%JtU~Sgsn_#cgLeIoiG1Se!+pXT^;h?pG5)0fzAhZttN-=;Kf|%- zb@kt)Ks}evcOFvQMh<;#x^DEDXo(DRyW!~5qW;zs&`+u;7oYPI9^4im6wz9_evm08 zA}<8!7E*68=k;!t6a|D!L!*DcH$P9k;{RLlT>h`_${eZ!xKIBlqq_bN`jhVa|52b8 z?-v^V;w32vy64`Q#D1yJFQA)nyyYHOgGn97P!{*y8tA&i;M8scHc+emH41(2?swlsyZtAe~NggSL-CFXUGTOhuo`x85x{dws?cJ_) tA=Hpg3>-c!R#e1u>_6}@yrL16Gc@={tZoM#bkM=+;lDCjMyCKi000J=P-OrB diff --git a/released/assets/fleet-agent/fleet-agent-0.3.0-rc100.tgz b/released/assets/fleet-agent/fleet-agent-0.3.0-rc100.tgz deleted file mode 100644 index c60204431001631e3841b2e6dfab297fc15104fe..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2162 zcmV-&2#xn2iwFS6FWp}N1MM4KbK|!0p7|><>}0O(m=yJ$(VOeLWSsh3&)LmO)A2wg zD4_-kh5+p-ivD{S07+3KZQc2FQg6zAFhyW@vG~|e!XYC>I(R{1*?aSq!1KK6c#QOO zGSN?OFfz{^P=7d`Ob3JMXyPHSKbrQ(Z_xN_2~>qlNSuNw0gq!!aDXGxiU(+6_yV7N z9_8~Jfv~dw7fYNHL5Ll#uXRC{ML4@>d~?MF546`m6&kmLvlfqKXaah3ql4hJ5ym8%8-Nm7Eq?<+bG z4Tp+A5r^29Fjb}*&tM1?ay~XrYY2>fLbAo!8sYpp6r_W{GLJZ#j|JoxC7^3Le@rQN_nf*L6McC>RtG2n=|m z;|&yWy=vh80xFfAIx2r*_# z^UN>}G0ONS(nm1(Xo8;WMo3{T7@r$fCPY%d3byY^h%+Yh39s}DBJ=;Xsqa;VNfTz_upC*rHOns`^G$m=95M&(% zWi|1w3T^LnP?i7un$eW#%+O@lX9&juia5-K(FX$g31$NFwrv_}SI0i}+3eu!L%aP? z=h#179dLjAU#tHOywP~j+5cleHU8JTjx)LBDg9m7M%;(*h5EcvCIuI!Hu8}(@^V&? zmoJ=ZQ>v)aj1h>=9c6WXOnH{*P~Aaq|N2%}AqCG;pX@Y(WtvwSEXQ%I*USAkXiz1X zSBdY;b87XHCk4esUJyi;TpH{5IjbhJ`F|j}(hFxe-R^|+t%(^zm5*wWIW$~6*!Xt+ z&+`Rrn187y*!TUn?+t4DKNwFs{XYuqd@wDvrFOPnPXA9mgATp~+V$V(aYz>tP7V?T z?9=~YGyfa+r=9*E19G>d_xl4*teQP|S@nw^b6jTV4@cLV)_K(lG84#MioC@X^HhFe zdTrBS&(>?ne-b>dVQw~OTRxDGR49utOZLp(7Q~9i&BoSvUH0jH|X=9^=2C#&^aV@Xz2Q@#^D`&A6U z8j$kE-pZq_Lhbjd*YjJ0cKwfueB$ZDeZm>_SNE7P{-plCE*#ja|C4(BKbmy+e~tt7 zTsq%*NO2oE^tI`_(PyG1GRWkflcy9?Mrt@hU_^v%2H2`12V&hQ zGT$d8Ai)`$laQyx(aoTedfYN@*u7Cyy&Saf5{$uu7y%B1G*ONUdLH%vv^;ma$SjCn zgq;gN_UByqsV7DG?aRv5AEfX8JclRo0u^PCQihw1v0@fY(i+OPxT2;RMObbAzwCSf z`wZE7&()7zYoJ>4X{n!1qW-Rbv2iAOq!4y%$#=?V{{nj&V#w(>_P@7xyV8YFLpm{V o__SD25zn#zz{Bv0MpVvF{~NKo9dyt^2d9Vs0z;?tKma}f0L_~{9smFU diff --git a/released/assets/fleet-agent/fleet-agent-0.3.0-rc200.tgz b/released/assets/fleet-agent/fleet-agent-0.3.0-rc200.tgz deleted file mode 100644 index 8028d851afbc663b08af60781bcdedf3ecd0dada..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2161 zcmV-%2#)t3iwFS6FWp}N1MM4KbK|!0p7|><>}0O(m=yJ$(VOeLWSsh3&)LmO)A2wg zD4_-kh5+p-ivD{S07+3KZQc2FQg6zAFhyW@vG~|e!XYC>I(R{1*?aSq!1KK6c#QOO zGSN?OFfz{^P=7d`Ob3JMXyPHSKbrQ(Z_xN_2~>qlNSuNw0gq!!aDXGxiU(+6_yV7N z9_8~Jfv~dw7fYNHVF@sP z{~HEdM7AcEmk* zMnZ|eO3D?Y5>apvLSzw)BA4(|<9T;=t55`8#DFnhA&i~~W9T8~Pcew%Zs%}uUY&x^ zU_q2LWI=^YwRbl2uq1!bepKUL;W=RfNse$3sE4c&X9*DPaNsdpxoQBABqa#^zM=!s zaHt3rafp2hQ)Qa*42D1<=QA|N=~gzXJmlrOVj+w1loUd6pMnEHPgE`~gL?U{I;UDpGTf%^bb!If(GEM`OqwBi{Iju~6&y+%(^nqj~J)1onq5M!n^ z&kWNLql|wdeFTG#Cg{0tgcR0-@ws7TLL~L8VEc}QIAb!O@Jg>BLJx3KeaQ@Bo95>T zy5H!1-|c_zPEHxBbnq3RJ^l+w!uTqJ#zRB{d;EVNx_ABmpg$dtI{$wRs3uI1Es5S^ z-+G`i_s!B5ef0N9Rma9gBdYaCBo8QUgeGiX#oDalwe!(BbU=u z#!oLv6v^AGQDZ_Y2?mp#aM*dI~|Fe;7U0V!c% ze8b(=y!{5t<*bz3EuB({YvL>PcD*j=ifm(=?*n6-?{i1BvXP56oAuiL*#zR6*4>)t z&1P2b1lzpXye&s-ZjNbJ;SKf4x$pBVmQ5FO>QmUksi58dgDOxs(Bv?=;9mPb9M$dr zaMI;}M}hU4hA1Y;&BIH#j6+drY4TXrtp%!Jt1K{UA*KxdIY|L6ME0FZgmitZOzUV2 zYsVNQ8Z_2H^EPzc0r$uMwff({8%@WZ{XYg&2lxK+!)gAQquWxk~Qt&MG$xb6!rg^2oavaBcz1)9;233N2 zmH5s)r&cd{Qcz6f1wmBFrLlgWvuYxn{|AyQy>N!p?M_JFnwTL}`KSh&L&L>`jc?cg zJYT?u`IlOPecylk-k_%cgNfJa|50G)gK42HwX^kd`hV&fbnqq6uKzxdL%N7?a*!Zk zpZ*V<`QLan==A>>kh>+l-yd*d)$GB`s$cY&<1#~kIJ(}n&Z|z4nLzGRwiq-6Hg!R6V9l=y2p(1C-wJr;lN(~pVZ_3(WJZoa~!DW z()rFqirdJcuT9sDJ`*jGL2fr3eOlDtdII`M73Jb{Uc!Uh;)5buE7uP)r9|X~0Nq0B z4d%Swt&*aEaA|1t@Au~CsaO1e3!cmW)oqzWRRH(t|9Du}|2`0O`hN_l#ruUuzj#dw zg6{cbL}I^G=oipUINoxTtHGp>VkV5LsG|3v~RIwX*hE0(<_=MOeea3P)i)9IOc%aTQk1JXoy0`U8iIL4U+v2GNZ z?-LS`;0(=4$W!9zW>85zZW%Z1-YBYG4%&AK#$Z8=00%;vC`Sc7kNSUFp1WOS7DO+? z&V?WQb1wYUlcN0gW##G*(szHJ!;^S{in2#3!%fCmF^eW?4P{$gQPYeftTz8&c0Pc8 zhHSm(>c_4%P%Zhi)K4c-f7id*IFme52)ni9J7u(gfjtc|oftTL nTCAvu=h%PXVR%I&Drczwjac0dI_RK-)5CuO{yq)(06qW!QQk)W diff --git a/released/assets/fleet-agent/fleet-agent-0.3.0-rc300.tgz b/released/assets/fleet-agent/fleet-agent-0.3.0-rc300.tgz deleted file mode 100644 index 0caf229e10cb95708680691741124f44bbe7f890..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2163 zcmV-(2#oh1iwFS6FWp}N1MM4KbK|!0p7|><>}0O(nAA6w(VOeLWSsh3&)LmO)A2wg zD4_-kh5+p-ivD{S07+3KZQc2FQg6zAFhyW@vG~|e!XYC>I(R{1*?aSqpx^ILCljQf zo~NJv;n+NLK!efLn+}K5vDZia!FW2Dyg`$%B~TSIA#n<#1U!x@!2ym$D;}VQ;R}57 zd6ds@1j5SxUo3Gd-4%}5VaI^=@W$ik_uuPJYWwebK{(IBGsI&jafa?A~VwMqccn7e@ z{tv+csQn*#!-+Q-tNow$y=iCvj{!7-y;qh$B?%W)@^n?2@?O<&AtdnvjOx~mT7N=! zOM;SY&Zv+6`SA+z5J_nHdp0L&Ou&$!^P5W~ND5XDr5P-6ywDiCMmK^zKyw0!62Y(p z7{C7wgDoOklS@p4>+@&^hiRlN{jFvU1A}9+3vm?tghYtMJ`YHM^r0>!yEuQPj4p7$ z3=t!tL|`T53Q>tDI0zxK2u6`hc&YKcySh~4Fo7gTI0)23R*16%h;}&en5|qj07#M&1b$!9 zfoM2X1d2GszJ#eV&3Fbwppf$!n&WgU8&w|i@?Eiz#dt~zA-GS$fuJWUmzF`jd{>=X z>E-L>Peco41Xk~cgYLZEh6Zh%z%@%u%YDm<#O~w;@l){7mWe7pR=Te1fk(lhh(KV# z8y#<;fa_HQ_a86JNrQFbPwL=GHGCE`A_Q9T3yYdWJ5s|Pk5-WSrOld?yd~L_TK>1)sj8%!S^p{t;BS9K~|1Krimi)-& zG?j4_upRPN1~659S!E!k(<#tP_RN|WW3cX#g%ef-knCAPy*yj7(QLSv`qRnQ#c7Ha3xTbZt z=6SQ3)jPp9Z#Hks(VClM+EsW%eRA&mJd0)1g`D~nc5o_axBs9D6b>{wOfI>Aly1vQdb+P_n(Vz|{Kd#Y;sBmj>wKC#nlbgMX490UZ9R$aCN}_@qexUH|&o+ue1NhfNK1&cO7SP$y55fu8p`4-wXA5qf81eOl{;NXXNFq zATM7y)uvQYr5Pg-ojc0v{Fw4A(V@D7-v0Hiu0jf)r9Rnd1j{t9G+2(~Sg)7+Z_uDh zFs~Bdndj8%B~J>9iM$|)D!DY)?{ij7Wb^+(a-|o}aJt01*sgeo7^AaiKAc(C#9 z`k&_u*f9T6OR(?z@1Q@d>Hlyt?ezaBu=ByR(3aZSdO7_+^$a@r5@^?dpT{9xL^wG} z5U@}GN6q|iGV1Ps90hW>r1$#+POO?ecvN2{IGNU5dQL6!TPm zVR~)TV9(ZT$$t_&u3>IAXInmykW?s(FH82!-WJ4)#?8jocwPSTDbTL}_e;VOI0mjv z4v+%u)&F5V{vQm7gHHdC0qeDc0us{rrLwf6ivmtno6R@J;!alUx5kpJsHS`;diJXr zfHffHi@lXcS%uo~Q?KW@2JQME6Zyo`hx>#x>aXrGWBf_|eO)-PSO2|w{154WSN}Z< z)N|>4=OM*yqei6mdGHt8;(9L>Tf*({iKR=@i{Ny!ENzD5v`T$2boeL@@7Keuz`XL>ExeI&&*qvEK(ehCb|=V-@SAUSc`|}*0#0ylEJxUpFGRBHoG)ZeH+v19vW)xwy`Tw%> z0qiqm>pfRLcCCSG$)}}$I*Izb{>8?bUPjU2OXRq{tF=WUt0h^000DcNjLxi diff --git a/released/assets/fleet-agent/fleet-agent-0.3.000.tgz b/released/assets/fleet-agent/fleet-agent-0.3.000.tgz deleted file mode 100644 index 8a3994e9f357b0191fe5a7a6317327253c373553..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2162 zcmV-&2#xn2iwFS6FWp}N1MM4YbK|!0KJ!;#*vVYmF{!td(Kpw3$vE{np0k@TO~(U~ zpoAJESOT=8D*EqT03^kitvjDi%1yZ+OcB^!EFSwL956zpgO?9yg`$%B~TesA#nnt_&kaz!9ET}D;}T)!3%t{ zc@)oY1cK83U#xH<-8Bx`VaI^=n2yKK@Bd^rsqO!CIvKn{{lkjU4*%!-kE4i7EGdt~ z+(O915;MMZ;VBt$DerMHM~p`4Z>_x^NhA#@@#iSPk+&jAE82?sK8fbYmPtzNR+I>b zM8w!5b7an>SPMzQR@{Uzf(3CDO^&XQu!Up#3rPe_XO13+@ERAdeRt&cEuRQ4p|R9W zKPXD{0Y^ZbpmW6mIp{|!e~tyh65V>35sP{XcO_*k=DnV$ltj4MY?U-v2qHxfMC78U zg>l8>(rOC#SP`Y)w@$tJZ>sta%N;W;i8!z)_3@@?P0^AtdnO?iF4TCXnO^`@VX}5^)*>QH2AK*xFSCfFub);PVw7 zh=v12pojzPNti0rjOQ=}3OJvm1x|LdQRN{o-{lLLkEf&%f_oI42YRA%Wf|1Vcjc)S z9==ZgM6^&wVD)Y|=+5h1SkT4^T(iWq*td*GR3|Tpmw<=1Ohoaq)OB4CI&ubi^Z^6j z=vV{!T(26q|7dAW8mtq4QU_P6;nRo_A<&wqFgRvxt@j!|tsst2jcSHI2TY4bFhYcx z(mFFtLyRK!3H1^5KbnB&x)D-XOU4(5l?jj3ubk~W65y1{Y{F~3f(SjpN%bT%h;3S* zA?SXi^8LufoiG_c4251_m1|A&Lwc+&a*V?a4!f^13j z9tYL~jUbGyf1o?@v=W85M-1Z!3$Et zzyJr;)~x*o%hkM)+btYZfotL`^mel;=89}%p6`8QpYJngwYHIqw%g6d{lx_0n%3Q! z=a_Upq!Kt9#{(~w|IMC!Ux!_*=KN{EV z|7bGn?Ef)fv!MZs2y(L!(=B3AR9KoUUUh51D%dIu%vyjcLw}AFKnsw4r;;IEBP&un z8o}Bz2FV7Ebl|)T-@j8?ly1vPdb+P{n(Vz|{Kd#YA|IYs>wKC#nsN21X490UZ9>7XhH`cFy|qO(JjVV@x!`6%Qt6Gk5h^&dAGI zK~}WB3I(L-S`7z;XtV4ANz5VN3U4;}pO*~R*1k1E2HCT@0Sg)7+Z_uF1 zFs~BdS!C4eB})qOiM$|)D!Vk+?{ij7q>Fz;a-|o}aJsF8^sR{*LZy#tkU2D5JlObl z{m=3RY?yzkCD`}Jb12{IGNUGlue6!TPm zVR~)TV9z%j$$t_&s$p)oXFEQSkd!F%uS@pa-WA01#_iVDcwPSTDbTL}_bb9;I0mka z50C=v)&F5V{vQm7-Tkklz-Hqhp9C~|sVwd2qJUG@X7k-KzmwJay|Ez6t0~`!p8YBY zU=2v|V(;WpR-yL$)a&`JLA(A(L_YE4;XdY!dh2`47=KcKUl$JS)&FTd{)hCxtN$Ja z>bZ2b^N`{;a_DQ*b)(NjOJtDQ4M(3A^|zjYeo{p_|C|?d|2F@ih&IaggG>n#Ss_5T zka~kTuXpP>FCbhR8vXmd`FZLU|6{>(`MiR$EPrC2_M}bGQaiKK-V1xr*Ldt{@;xMC*$e3)Bj^Y-TyDt&hLEwPkhmG z;Pvsyiqrxtb*las38d(dK!&bZ^;Voe*g(OBbh1yUXXY)9mkIVs6W#H_?@QtsXAZ== zQKX(nh)?`8v>*Xbh@+c9CH1&P+)%wyRK6Uv?-Go`f*1h~gfvl(3VI&(|Fk@JyT~kv zUWCepANzAI{M3`8>;`7(>JQR)f1bmWc!~0|MjV79aabIADZG2hT|)JFmVFbi3WjXoU20 zJl4-{e`uZ=px$6Ip7i^Z;kb*sz2T%cdWA+`N}w{NLgEBO@p%+cf_)r{Mm#_Zf@k<- z^C+HQ2?VA6zgXZzx+@&A!;S&#F&++|-v4oTRN4RWcsO{4x`!2`8UD}rA4d_FSW+H| zsfCb-C1!l?!c#KhQr_WWiWrU3KN@>Il1Lg*;!jb6BX2>HMzjU>eG*NPEt8bkjVKWg ziHNaBrpTO0u@aJmjkpP61PkIQnjBppVGGCf7m^5=&J;cL;WaK^yY9g4If>V|d?LJr z#!@%`ps3M%907v_ohvTLK|fOYQ!Egc=+?uGSkzOv3n^nU?Q}e)D8kKVtR%uh5Ggt! zCKnwokSiYMR$ah{nmFCAb;A8G>pv`a%&;Wlz@FgK?f-bv8?^TS7*O8-2h36;4(|Z= z*#AB_0JZY*fs1&-z#W7p`0um@;H08t_s zmH^|oe_*ghWNUJXX>dIrPT?>Ol%>DbjA3AKEOsuAVjq(bk;vmd@sU2%xnvjTFO<;* z?w0{#B#;QKq+B5?5d{Y!L>j^fg(`E0rn(Jm1)LP7y<>HPtgn~TiK}cke6@rh0MoOQV7943JwH4Qn|1U>gAjA z)Cwq@uAdpT@5^P26+Sm z1K#L(1NmI98o2*xZcZAk6Ms|(SE}LDh!G*sil;C*W^ASR8a*x`j!=zihCT;Oi$*X) zgqhMjGfYj4BK`^W5%fQppy#?4Qdo1wXNHvtk<_o8?Hdx{l*w$uE4_jUE#ahkk{QG% z&Cd{YztQ`i+xyNPpE6Ww;R`@>{O6OH@l^ zOQQ48vz9c1eC|zg2CR@sSQv?wy{M-&A|{@;V_={>FeApQgjjlutIUxg4Zwew5^PI$ zD#uedefEHgeHsvtGNum_S_9 zx?A(S*-WdQV4F9a*Trb{%`xpNyrCXB_dK3PvhG4oeF|GR6*Sv_Pz4GHnj9t<+-v^_ z!>ausOxpbKD6n4B07V43S$OFdaVRP*O%|)Vl|U72l?7%kz?7kX#tEPW$i7pFkgksv zX&sGV?HGeZgGM@N-iGeqs0>QCWhFh`S2j)dUNOEka*)V}r`0&0I*)oxeX7~iC25)v zWF0wWIq@wEZSQnYmH+&n(uC;D&}7$V2uD5&In0F7C4u||GXZ(qHVw7QW1sqLw(#Yl z+5RUp>>aKSxIg}{)c^Y3;bhX<|6@Qo{@1&XQ@P*?{ZrRQ+~s#decmXNf(ug{`M?=@ zJ}bz|7f!h;QB+CF2t?m;xzJLw$&$R^mzW?^R{fhqg$K6){j{-X%Oml6ioUP~6|5MMPh0lRz{r7kj(0PdC zg9HKl^nXy#|3<@MtN+J<%q{8tevf0TVh^5I{k+EmfW7+Pug3qq{-EFL|1n^_c92g38a-E*c63p|DQmO&=9u5fYW&t%kmc2sZ$!s_ z5d*LWqvl=IJdG52rt4~l55TtCQ^5RnxE zbPK6AnDctKit_@(rJ>Qk-7uu`Yp|001D9TLdU6^qV-^Q8?GTu3MTbb4mq(s-U=pVZMEAN;-~j&bHd ztQ$q@d4%}HKSMJT@Ps(J8B|h_Tf_~!H;T%agZ5p5F<1~Iz=4n^%27ejgZ`hEr*0RS z1<{MJbK%GSlnX!Aq$s<6S-Sdz^xdDQ@Fbq2yzEiPaFa5Y&!SFRLD?2p)HK5otIhw9 zoef~0AzSac`mt*bR7*B3_0x&f-}SFHP9+Z&!fq}3P8scAVNU}LIo-zo@Aht2G8bw{ qCjt&17b_~_8TOVu2(D;I<>}0O(m=yJ$(VOeLWSsgO&)LmO)A2wg zD4_-kmH_RjivD{S07+3KZQc2FQf|t9ut;EcvG~|e!XYC>I(R{1*?aSq!1KK6c#QP# zWTJn)!N~mPfcnGfWI7m3M-vZu{n4~PeuKteOQ0%bLgExe33wb+f&(0hRy;rp!x#AE z^C*A65eO^$f3d`=bXPcHhaCgfV=@{&zyIUuxVHb3$+-Upd50CF9sbYvAICA5SW+H~ znT3##C1!l#!mnh+rM$<*3^5vKzqR)IB$YIzB$%NT$NrL}t!PUc1SFmzTc#PYTTx;h z5s_e@%#b;gVkIPrT5(gt2o}UqGzGdo!WK^GFC-N(of&!@z-v;zdhXEeTLBS%N)xG@ zeo&O?1CD_>MdykGa?p=d{+tMeCA#%7BNp`)?o!G`%z8avDT#3N*(zzU5JZX|h{#1x z3*(B%h1C@9aYq!-vrfJFZ+7(`mOEis5^-Qp@cH(CGVKpL`+p3m?*AiZ84-tf0DJ8J zz#EU${*R^}9D(Ts_J7*BwSF*(^YB8dsX9wki-ixs>Y03e?oUl zf|6{`sE_{f@e1(}Noe_dHYaIJz=)vpn@c1}3RVxL87ywR&=|W$H-hy?a{`DG!H@(P zzyA$`9U@zkOH707^JoSKX{fCHt!4}ZgHy2!aTNQ6M2N&b4@iLYfi5JwIDe&#E^xmL z5hI~QU?JrSQHdxx2qCfvMv+T+sqwtKx>YEGE@Hr#uMkF0gfa9G^QRa@akq20IIm8@ zXRshj8nU25rrI-`d03J^XdkL^ukf5Ofh0#b2-J_P5N8Px?Qq~RTe)fgkR&Ate7>Rs z(Qv2;6mf`s2~%a7@eGDQA?GtR$LUr!syyW7yJ8`W@st!oaG!$nKu=UIErWXbt~#~S z!`I25h!)BStlkX=-FdwY3)(n=YnGUn`<4@l-N_5$r{JM26H$DubY0hjj)FlEeZYV> zI@Uk|*Q*BZKVF!V2J6J1)WMZ%_$+2b2(;oE42~IF>AglzONb*>qncsB0n?%}j1Xg{ zw9X9E5TlHJB7Fpdk0#)`ZiE!pg7LXwWx^x%RIq(VLYy&~Pk5zQ5TOS+slH?eu}$l9 z1l@0RzVG(GcPD>@aHWF-Lwo!ekc9D71dWG?2KM-Wh=eD*{(sP)PP+W>C{Rt9AX^f> z$G-JIW60;;m1n?;h=hfaSlNtbS|bwTYg-0J$_GGyf1r@@v=Xp5M)#u!3$Et zzyOE4t$F(mmdjZww_7@<64%66=2d!e>ke! z|KW7l+5cm}dQC$V6XfP0rd!6MsI)YByz171Rj^eSn6(g7hW?zSfEFVAP9;OSMpmYF zG={Zf43Z5R>%e&%zJI5(DBYHq^mJdT5|P6t&v(0?+T5}h5I4Eqe>I6x7HnK1f5AV6pMeXX?r#_n@z{rAS+ptJwSfNK1&cO7SP$y54YT_15Dz8C5fN0}5{nEJ>^&dAGI zL0-aes!ge)N;5_vI(L-S`7z~LqC<5Dz5VN3U4;}pOMSA_2$pGHX|No}v0g9t-=IO2 zVO}M^Gta5jOP&-I6L~=pRd#8t-{-8F$maisHlET@AUsDu=ByR(3aZSdO7_+^$a@r5@^?dpT{9xL^wG} z5U@}Ght2$NJeqd;e+;APb>ddzW|q2C={Z(8S7C&)}7cPa7~Q_NHO zh3U0TgFRcXCI3nAxQ4meoNf6)LQ@-!BPE;25|v zIY0`qSN{j~_`g3GjywH72CUZ(3P?!fm&($PE($nRZ8qN>i#u7Z-y2J^qMGuZ=-IDg z0M>w%FZNa*Wff}Ar(Vx*4chfTCi01=5BCXY)L-3W#`u%^`?_#oul`T!@jpCv_1~jF zJ(tdR9#Y&!4t;I9ZuFUGi41bP;po$%{?-%FPpT*vpYswP+!h}c(OS8FkSQf1F9hfo zQg1Nl^=_3E1%yjOqo3cK$5XHP9}Aw#|J99|LsbCx>Hm0G*Z;mZ?Y{pX1#0nrq0uj1 zm4cvqJ{ghNFBSR)bQ6xZ+~#U9spA;R;?`ROU3VCq+I_$VYPG*cp>N+kPjGRr@QbR5 zQi?rw!#U?ttwHjQ*qL_yPt@g&G7$XIYT&;5e>46ck3Fx`|6@Si|IgLVZ+-qxeBN^4 z_3_Ay)B-DY+WjvQNYNpIj9jtoEjfR%fr1O^m5?>T%1sVfRK+^>Wa@OE3ltVgxu4(nL8b=y}xt)AHQyBC{ZR z5q2*8*q?LZr=Aq$H!v$#e~`ZW^BkVU3sjUnN*Qi4#)?@qNoy$E;)@#HRJy#FA)_P@4wyV8YFLpm{V o__SD25zn#zz{Bv0MpVvF{~NKo9dyt^2d9Vs0n+7YJpeuc062+5*Z=?k diff --git a/released/assets/fleet-agent/fleet-agent-0.3.2-rc100.tgz b/released/assets/fleet-agent/fleet-agent-0.3.2-rc100.tgz deleted file mode 100644 index 7cd3d983b85d8c8a1f1c1d2345e4545926d18115..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2161 zcmV-%2#)t3iwFS6FWp}N1MM4KbK|!0p7|><>}0O(nAA6w(VOeLWSsh3&)LmO)A2wg zD4_-kh5+p-ivD{S07+3KZQc2FQg6zAut;EcvG~|e!XYC>I(R{1*?aSqpx^ILCljQ9 zJx~Akhhy`b0~(B`-gG#ej=etW5608MCE#&P2@Y^1TJZoa3}4`r z&!hbPMj)*0|HTrg(p}+*9d-;@4{tnve*eAxq_+Q_Hy*t~{lkjU4*%!-kK>q2EGdu0 z%tFY=5;MMV;a4)^Qr_cYh8T^r-&%Wpl1ds<63kGFV}D7~R*5ps3LY90P+CohvTLK|fOYk3=9W(XEdev8bxBDX)qhy-gked8MXd| z?v?~4*_=@y{qy4$;vtgI^7m{`(wKlDLFYG@NRSk)9!fJ<;CP`ic8zWXdw}Ky5G8_P z2{3;D8wOiMwkDUD2G{4&3=Y#sS^8Ve7zPH%Vi)2l_6dm)iG3cB0O>t_L0kgCYWf z0dI7?fdZ~q4cvdcFeeSxi9e}>E7kB>%!m+Z#WNTjGq%!ujh>beN2o?M!+-;(MPnEt z#!P9R8Kxmd8UIB32nHWb&~x1gDXazKbHmDnNb0Fz`;LS-V=|xcO0OV74{%a_$qZtf z=I02y-{}3o9enS4rwmm(_zKV-{{Z`c112k_GQ|6@QkVS;Q) z^d1M+1C1e{dsm(TD+I;y@tqxaHvF@?W2Scz=6ye(}ESLB_-WkV1e_X#@{Q z2?OIB?zZObH&`xbrQB}mluBF^U!k|_bvajL8`FFr7~6cGJF1n9T(sG&*Y3|I5ZAQs z);w=EvwA1k=FR49Ia+gbOuGtis87y)pJ%abx{y|%hsg!^+W*nG zZvRJKm;W6F)@vG~m>@R~FWoW@MWv<5V^y~nsDiDsz^sLsGW6#p1+);^cPbIm^|3Oo zqcN-D2A)ohxQv`q-I zj)Jn9_*R9scRHxbe}2tqN_1vuvgs`m0T=JCuu4^Oi!}mgc-YAoT3sW2U$QgM# zE6B?iPPHjjRB6TtMCXpOIzOg7OLVC2ptpa0tE-TLXQ@wi8o@HnD-D+8IM(as{u?x? z63nZ_cjh^@ddZW5Vj?dHqDn4}_4}Mv6WRPfkX-47Gn{UBLi*Ok457+LHOL$qE*@-r zyZ-0-0yfOQ)DrCb{yXRoYx+O*`knqC1$I7|7TQufTQ8^or=CFvUjps=@AEjMiwGwN z2?F-%|EQV&O}hIZ$AR1}>HYqI6RTzqURM30#~ha#`oq!nrgdI*g3JVRmm+U5#XOZ? zm|oj7*t7Lo@}C5cYnYqO*_IC^Bo)fy%aT2_w*|4HakH^CUYEao3bgD0{gSW*j)5za z1Ec_Z^?z88{|Cd-pws_jzh=8Apk4oCBAc3Zy|Hoc;|K~VR z&!zL7hZMJwLtmS&8+|5PB7@v+IQq1xzx4$4lPb!^=e&dmx5WoVv{tSkWJ-z13jw-? z)Emrsy;~(k0pZfn=;!z5@zg8+zXi|b|LV5Pp(=p;^nWs{>;Itdb>IJw0=0O*(C8Ph zNkPy(_r@glOND*`-Gt*UH@O;2>Ntk7xbfCN*Bu6@b{DXLTJ5h<=$m)X6I`4t{GuwN zlwwcaaL&0@Ymj^+cBWnb6Loo`3oftTL nTCAvu=h%PXVR%I&Drac$jac0dI_RK-)5CuO#&jna06qW!iX}S9 diff --git a/released/assets/fleet-agent/fleet-agent-0.3.2-rc200.tgz b/released/assets/fleet-agent/fleet-agent-0.3.2-rc200.tgz deleted file mode 100644 index c5902fe30440524dd0edd80bab74151be30a9a45..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2163 zcmV-(2#oh1iwFS6FWp}N1MM4KbK|!0p7|><>}0O(n3P0)W%TCyE*Ymj*K>CB(sVo! z2}-Czf+0XVilYDC1wc|1Nn3Y5oz$ChA50P0T`WHKlW@ogkq%yvSoYq0CFuA2)A1PT z=VYRveQ#u*IiSICI+=RjbTsLs{$Mm6jNhQ~*Al1-nUFXIQ34*vl;8kIq7@I&!tez? z`8>+!Hv(a0|1Xv}mF@~h?670NdQ3*6=l6foAJ_JOG8qlup#EXSXovsv{l{_4C6<)O zVrC)aV~H7GxbT#WxRm#}m?1{v?6=llpQMt8lms)B;@Dr3v=wbhgMh>{WXm)ob}LGZ zBO(&)lNmB+Qmlj|Q7djr7{P)#il#ub0=eRGVKoJOY>3nETPNKAs{X@rCk#s>4(tg&-~LaggJEa?j{(*Ff5a>!;_wb& zkNx++0qFhryvfiTda(b~{$$eG|6>4+VDFXXPf5ZBl{{UQro2}*TnI_L0HeA!qt>6$ z-IAarn=|U8e}23|JVX*&{+`WA8WS)i==|mq36g@_QyHJ|PhzvCjh%AbqF{$u7=cDWePA zFGIvgC=pmmxk6MT3JyYuEP_$w5?*RN@2+kYilB=aFy(%gQVpNQj0k~NJcGe8V=KMa=xGUYglbeX3^-s~G=>pk z%#`MtVH#qT@lT|WVDQldJ=cwp!dfssH>^yEq<$4_-;oe!Oy(0_=@mri0ZytfnL%vR z{2W2|8@(U6gYVtRDMOVGz5=wze*sAtUq#S(h-hGs{~tj2uK)K2)6uB&|Hpu8!UWlp z=sgas2O2{@_pUqxRzxH$jKs=bG*cRp5MSFdFi<|25o1*%EdAwG?nsaZ;J-@=wk1Du zIZb681#E}Bl>rQ!53eA11u&ta#eqQJam&HU<-b1v@c#DZ{NjDtgN%p$A%y^=(g+@q z5(dUM+-=RO1a(ADV4Y;zCv%;>vFEhHm3PLFt+(VcT_7IxoERluic+bAg*cM zt$E&TX7x_6&6~~JaF1M*T>4V zj>fQdj6tG7V;wYaL-+4g2Bq8blAi9XnkIX%7=JNxkT`&+)jFRhk7i7Ls@XIpX`2va z9R+1I@vRDN?{rX=|NNTKl<3URWY=d1#{r5s%!JVg0{IDM0`j(P8fsU^KK0q`;Oj%X z{ZHrEKU^JffBavo|9SnRV?Z_j*Sn50x#TJRUDrn3hwp{@yiq0v7p6Ayku&mg zR*;u3oN805sM3rPh|V2lb$(2FmgrF3L2v*1R#zbf&r+Z4G=gQCR~jtGaje(N{WoY( zC74%<@62;*^^zwA#YA2ZM3r0`>-RaUCbIc|Ai2^DXE@#Ng!HY68A6qhYLGcJTs+wL zcKy%u1#FmqsU_I={dds!YWnYur=9*E1$I7|7TQufTQ8^or=CFvUjps=@AEjMiwGwN z2?F-%|FD_=jfY;R|HpvbE$RLKfD@}`4_;RNqQ@MU8T!M~^`>=Rb%M+Ua+e}+F~vNU zUzlFoG}yECTJoO+k87Bl&DoX@BqSBe;>(gfv$qAYqH(jaHC~s$dv#Hp3|Oxn6p)a{FO{VoT@-Mt+HAf#7I(5*zcrR*MK$F+(X(I0 z0IUHiU+k?s$|}@;pL#vNHE7rWn8+udKHMjqQGa!h8RJjt@9V;Wz4||?$N!^AcmL-& zP|v0Fore^+kwagbt{Z(OS|WqoZaDh1sK50D^ph&e#pk?)2e-usMYL9~A7o02$O{3w zh146&dA(aDMFHW`(CFXq&CgS>`2Q9>m;bBVGKZ=F?$dt=_Urz?KkmN&9|dahexcDX zUXy~Ldp;SF*e@0O1#}aRx7_4vFsb7h%Hqab16_9*oZ4N$25PmxMxk%sJx_3PuJDVh zh*F9@b;CL5QmsMqjo6uX{ZG{8jWQ7Y(rVzo`hPS2ACD&8|9>0>>i&POc7E&gf8z6& z1Fw%qUZfUSsnhO%kwA(L31sAoWpBy(gAEj1NGJbvdS>3TWRc>4G|`;^{JtcPappj* z8%5^(gajlwLvs@HlsLK>R8o&y#tpkSimI1`_FaN8SP&z?fsiK3Q9;k6{-2iTZWoya z(TlKi;m7`*3qSRwD8GGKx%z|j-Jj?1BwnDR>`}^alQCAzqDfjq*%nvSG@}Ts&HtC3 z4`81mTkpC0v1<)fOFk|2(@E6d^)EKgB##urZY}vv8SP(SPeTkj-Nyd+_HI|Y5Nb## p1`eMVD=OkS_8)i{UeSok85(>eR=0x=I_Ti^@Lvu3g1-Ph007x!KurJu diff --git a/released/assets/fleet-agent/fleet-agent-0.3.2-rc300.tgz b/released/assets/fleet-agent/fleet-agent-0.3.2-rc300.tgz deleted file mode 100644 index 1cfdebca3c0280210578766888562dcf58adcf46..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2163 zcmV-(2#oh1iwFS6FWp}N1MM4KbK|!0p7|><>}0O(m=yJ$(VOeLWSsh3&)LmO)A2wg zD4_-kh5+p-ivD{S07+3KZQc2FQg6zAFhyW@vG~|e!XYC>I(R{1*?aSq!1KK6c#QOO zGSN?OFfz{^P=7d`Ob3JMXyPHSKbrQ(Z_xN_2~>qlNSuNw0gq!!aDXGxiU(+6_yV7N z9_8~Jfv~dw7fYNVM)Y+J;CSO|H-sJ?Ck$Bpt}E$m}Nv9-T~~f z{{wIUdjE&h(R4f=!v0VD-lVht#{e3^-Yd(Wl7tH?dAcf1d9P}?5R!NSMs;gOtv{i= zB|%9xXVgdk{CI_Uh$OW9J)4s>CSXX=`OPH~Bn7L7(hL?jUTBP6qZ`2A1f$3$ywrH!UEL}aK^HM#%vT7bC&Czdi1||tqPW{RT%1>@ z;4@edB@J0nAye(0%{(m0AG9CUxL0^im_U*v90ckiE5um>L^~XK%vP=%03=BX0>7{5 zKr|dG0!18RU&2(GW;}x-P{{cV&2hSwjVcd$`L0;VVmu{<5ZtHWK+qGFOUs~MzN=2H z^zwD`C!&Qi0;_k!L3dtnLxVO>;F=|-<-X-aVt4X__$hd3%S06)D_z(1z@uPLL?AHW zjgB`^!1bzu`;Qmqq`^AzCv|Y88a|5|5dy7v27_b9R(h||(-Ptc)u?6|aKN-^3?syt zDa|v(G{h+5pGY6U;G+q8t{WkRwP1X1SeXz>{VLeLBO%V1%qP6kD~QkooK#;jgV?6| zIfCvtdf#{Z-@B7jhAJI=1!#}|0+KMkilFfj(ZC-6--qs9|3BzYC!@~)9|Nih6J$%G z_t>`{Xbkz>yYdWJ5s|Pk5-WSrOld?yd~L_TK>1)sj8%!S^p{t;BS9K~|1Krimi)-& zG?j4_upRPN1~659S!E!k(<#tP_RN|WW3cX#g%ef-knCAPy*yj7(QLSv`qRnQ#c7Ha3xTbZt z=6SQ3)jPp9Z#Hks(VClM+EsW%eRA&mJd0)1g`D~nc5o_axBs9D6b>{wOfIiL2e#ix@8=SN=uW+s%|Y%1zTl-Sqm{`=+8+CXd$xiR3fD7V`W-L zV^}-JAkm<)4w|>2`*$jX(rtN3Pxn<#lf74rzZf}49Kh3RollcTGp0V(Y?_j^O$f4% zg0h>obJo07V>T!sr8m`~))rdD}J(wX0*F`fPUa^`YJV zr*rHdt`4|A{;$>l2Hw~kclQ4nP>uifuH#HDc}joRwGsE>d!asWlu5ybsf~Q(jJ%u` z-BQ~4H{Gl z=2hZ5^PF0}krxC}C6~tfea@rDC z|MPqS8|GhX3HE*e?R$fo{tqVoPXCVrJ0DC7ZK<8Dm(%}K&!B@Zfp-1(c^uM3gp-2= z0sHiS*v$XN<3XqY$AH`|>HYqI6RTzqURM30#~ha#`oq!nrgdI*g3JVRmm+U5#XOZ? zm|oj7*t7Lo@}C5cYnYqO*_IC^Bo)fy%aT2_w*|4HakH^CUYEao3bgD0{gSW*j)5za z1Ec_Z^?y*0|NDcH*XjQ;V7+!wKtdY7RF-yhQNXEcv-##&+{tSF)>x7i)s*i<&wdpH zum+@jvA6Olt5ExW>h=8Apk4oCBAi?u3|Bt5K{h#AN zJ(tdR9#Y&!4t;I9ZuFUGi41bP;po$%{?-%FPpT*vpYswP+!h}c(OS8FkSQf1F9hfo zQg1Nl^=_3E1%yjOqkq3QKTo~l|6A}}{;zJ!9I67iPyffmy8idQY4`pAC{T;{3yps9 zniK@x^T~+BeyPwepqp^KD-PP_j_0x3EqkdZ5vy(Q-lHc)UOo&3}3nR&~SMT!H`M0W!4`;s`unFFzI z6q)Z65|H2w%}K~p;^<~jNj+{EH|*Xhs$LG-cL~N|L5u(gLYgQ?1wD`Ye_EcqU1SzS zFT&1+ANzAI{M3`8{Ptz#>JQR)f1bmWc!7$tM=8Ti##k|nCTR_2TU=4oj3TTy|6g`K zfPIE+z31x3t~F3C`LxteCsBXbzt}jFJW>d|wd6Zxw10s;4Kd_&8~fkeyItu*s3Dyg pIDA^HsEFs-f8b$wMI$O_sQ-;v-3~hFpo7!He*u^}Eu8>9003krKdt}( diff --git a/released/assets/fleet-agent/fleet-agent-0.3.2-rc400.tgz b/released/assets/fleet-agent/fleet-agent-0.3.2-rc400.tgz deleted file mode 100644 index 0854e52acc25b0f6a7d182c32fcb7a413ea9a4a1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2160 zcmV-$2#@z4iwFS6FWp}N1MM4KbK|!0p7|><>}0O(n3O2%BcnIhcgZ;Qxt_C|m!{)^ zNKirr5)1*_Q5606E&!6ENZPvd>7?G2`(TQ|?qcz=pM*n3h;;Cr#IpD1D?z{CpNvLG zKgVPJ><@&i%zYz#4`+vE>sdQI3Vuu|A)?+*zKEMCt{;0P9W59od`iB*x9sbYvAICA5SW+H~ zsfCb_C1!l?!c#KhQr_cYiWrTv-&%Wpl1ds<5=>EwV}C)?Rt@gMOs)ABjL%qB|cmVo_h=E~HGvwAb^Mq6jyiv62W2L8Rz` zm|XO4+VDFXXPf5ZBl{{UQro2}*TnI@#2cx<*qt>6$ z{eqw*n=$I6e}241JVX*&{+`W98WS)i=;HPY36g@jK>AP@l3iZBQbrfJ zUxkQ~P$ICBa)qcw6dZ&QSp=iV1-#UF-e2D-6hY@PV9ZtsqbI@`TE_e-22tGY94;@a zQ}7uqh?0iPsgSAm&SoB#GHSRT@5hjr22nT_B$O>_m0MQNy9rWsFR2o!QYMKhdkWuwYNUcD<8vKUWEAq4j+I1uzi<-#(kSMRD* zE4_T3{E29xjKJ#MaL}DM+t8qm6S!uHX}NDXk=UKQAbtuS+A>ka$4b{tJ@6)hgp=w^W)Ryn zKS$90M(;h>``#U&GF0i{D?oev7m$SURRoQPhz9ofe-FBM{r|uNyw3k01F8uVWJ{v= z=vhk|Lq7MeJOfrlBrJ@?%3d^68j%oR+c7XuK9~_>RU$0?#dYpTkOtttO9{3mKXN%u zWgG=;hrE>m44V(HAa?~Yp`yisK;Uu9!O7*nx%lw@?)KvHec6MIhy5Xi0He|f9*`0S z#y8w;&D(FWTue*3-O?$QxF)_rZ`bQ`uE;i~`5`d2`5|{yD;v3Jvstg*pG_dHY2B@P z-fX7zPO#0J&D(Oc=H{4o72Z&vT=+iEV%c;dr#^)poC@0QKd1tQ15FN-3+}c5=fk@F zANITa?D2rx8)^0-B&eD_FggmV&ouk08guRK209YnEF(+X-d*IA;>xk z%4*_U724kEpeq0QHKQrfnW4$9&k&9S6mggdqe}w$31$NFwrv_}SI0i}+3eu!L%aP? zXV^bn9dLjAU#tHO`lJ4&v;W6{YW%Nv9cOaEQ~JBEjkwG2h5EcvCIy$KHu8}(@^V&? zmoJ=ZQ>v)aj1h>=9c6WXOnH{*P~Aaq|N2%}AqCG;pX@Y(WtvqQEXQ%I*USAkXiz1X zSBdY;a%%OGCk4esUJyi;TpH{5IjbhJ*?%Cp(hFxe-R*?*t%(^zm5*wWIW$~6*!Xt+ z&+`Rrn187y*!TU{>kn%BKNx$R{vQQ)KA0BTQaf8Or~jv(K?h#~?fUQYIHdCkCkF`v z_UZq5GyfZny89nTf!rgR{f&K9G5Bj!_oDobzXIX%mi|mB5yIpJe6OV zUfVR-)Ad^Np9GIHjfcy>?JQLK?qRmUeVez^Q7p`Q}*M$!h)9SdtahlH#yxpVZ&ig#&x_e_W6Mhm-F9&vBrh zOXoWeDQ+W&zA;_5`b@M$2D#mE^l4Fl>j~&5Rg{a*c?l2hiVuottz19IloF8_0(1+h zH<HjgH7Vj4t{o*w# z2)bwEA&LD`p85zZW%Z1-YBYG4%&AK#$Z8=00%;vC`Sc7kNSUFp1WOS7DO+? z&V?WQb1wYUlcN0gW##G*(szHJ!;^T9in2#3!)?Y`F^eW?4P{$gQPYeftTz8&c0Pc8 zhHSm(>c_4%P%Zhi)K4c-f7id*IFme52)ni9du6nLfjtc|0GEGoftTL mTCAvuXV_ozFubM_l~d$>BUZPA4m#-I^zdK1PVOoIJ^%n2ra1-x diff --git a/released/assets/fleet-agent/fleet-agent-0.3.2-rc500.tgz b/released/assets/fleet-agent/fleet-agent-0.3.2-rc500.tgz deleted file mode 100644 index 660fd4063b4babb51475051302cbc7d55791804f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2163 zcmV-(2#oh1iwFS6FWp}N1MM4KbK5pD&-@h_-gI)kF{y8jV79aabIADZG2hT|)JFmVFbi3WjXoU20 zJl4-{e`uZ=px$6Ip7i^ZNq2&}z2T(adxb_{N}w{NLgEBO@p%+cf_)r{Mm#_Zf@k<- z^C+HQ2?VA6zgXZzx+@&A!;S&#F&++|-v4oTr1yU`84X6m0qp;HJe<5j-NTB}4FBi* zkE4i7EGdt~)I!L^5;Hz`;VBt$DerhBku;#hpP~du-hw2JXbbB5B$^^yCMmHSQ6d}? z5o3=`kvVl@B_s(Oak-cxMx*qP#@>W5f(3CD$DEly!WNF{FC-B#ohf?g!)si;cHM#7 zcM@-8`9ydLjiqk>K~bakI06Oc$04nx>((CqH`+p3eA?&@f{0WJ>Aw=_5jTYAW8(o z5@7uH4-B@5Y)vjP4X($-DIBJOvh=r_F$@fD$Iiu3>|+ul5_#MwKGKIem+a#Fg)+Lp z{W3s|1QLOjlq*CfqTnEeNJAJ!F5soY^X}?ap$IyU0Asd77(Eik&@$qW5s2b$=Wuae zo`T0IT_@QAHkH2_GG5Cnc- z(Sc|k*i1pN;t=((hb;#ulmGhs{oC7{^NY7d4>BJ1hXewQQX_ak zN*Ea5V7E1Ezrk`bE#!6!r&QpY_zJyVuZy`N+nDBi-`M8+%u%gu@>wfw-o1 zx8`}XnN~Z&Hg7hsi_z+vW7<`CLp^ftc|46|-G!X`6t-|GXtw{L3KR}BIZQ6N*ZvQN zRr^1fwE5prV7;aRiU@ME@X{^fP*hl&ELL?ZfhyQ43(Q)8DMSB^6F>`)eWwy3T^}pb zIvT;+F$ReSjdakw4c)&{8I*3zN_x7lY?|!7Vti}lAdwGGt8qSc9`%^|RI{l|(ljB+ zI&#W#;#(Hl-szw!|M@+o3DKFM$*#{3j(ikym>2-%kPBxyip_t7p6Ayfiv=a zR*;o1oN`m5sFIWsh|V2lb$(2E8tYKqL9hSyT2~XqDn5c_4|}n6Y1-S29z3u5d5<|RQ}mak>rLyd>I9hyrat z24D?H@nUb~QC6Yy`_$|CwL!D~M?^mIWO*NRM!nTNW{f|ozb^|1_Uiw*8vhR`?fswQ zKsA@nb{@_I}x@Y4diM&FgpFua_c*9Mu8j~uHq0Dc*)zEc^!KvH@tf7|sD-`uUx}S**8f;t-Y5dW&#eaTtN+*I|Iu*L{{P2Opz8l;YUj5;{~ez- z9C&>^vLdy>N}YE9iv&`1NFYO3EIJF$mo`vvA)V~g>6v*;<9UL8Qb%`u@cWWD#+d`L zZWO8K5#kg749!Tu6XNJ*P)R**5jX7KC@NnL+II=YU_p!k2SS=CM+H3(`afQtx?N-z zL@&b5g&+GFN*CcYmJ3lX#BuvPU7qP0Cn4i#llqWm{ZP(+oqbHvd0% zHh_JGY`y2|$F4O{E!nixPbXG?*T330l{{1kyS3yyWwd{VJq+q+%KT&N+P p2snIPtf+`**jw@-xS}DIQ`GxPtZoY}w9vxo;crw3oPz*9005gqFx~(F diff --git a/released/assets/fleet-agent/fleet-agent-0.3.200-rc5.tgz b/released/assets/fleet-agent/fleet-agent-0.3.200-rc5.tgz deleted file mode 100644 index e392dad49412407b7f8f74933492f073eb56186f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2165 zcmV-*2#WU~iwFS6FWp}N1MM4KbK|!0p7kqs*vVYmF{uw*QbupC?~-xqb3JD_FHOe- zk)VVcBp3p;qbU0CT>vCSQM7gE(@DK4_rVl_-NoW#KM9ANQst5vjaB!}SAt%zHy#eb zJVzt*>u zPd<ym4)ZncT&YA(x?Nu@iuCgJ z&=L_Tsghk3Q^>9n$diw=&bEM$8{+hOMxZ0^e^vi+GZIb|m3#ICpKt$1=PORjeQZ&0L-B-B)d3&rHmeO zzYKxXPyt#=wE(7op@Wbzi*OV*$Cnz*;oyYxh1qL(nqwTH8}$qWftVc@;|MX~ zTJ!8MTVj;aQDlx_@X-c6*IOY)XU4_Uva%tP{#CGjM?;cvl}~tKRuJF;PpYrDMQqai z9KrNkz3+Sd@4eA6LzNc30yM{e0Zq7AMA*2GXkdr`?_>9-{~z?nqtn*^9|Ecg6J|@Y z``GV1uo$zwcjX!AL{#CzD5CAfc1j}?>Ki+T2Fgb>Vy#LJM6}(+8%ejJMP4j(VZS#HZs1^=*uv#sb-p@7=H?-c` zJg-)hdMDcE)#`0I+VU`q&00tphd(DNqJ`kx=|srX$I7&h z#kh8yW1_)g6Ev?w_wRHDW!mzRp6RQaCTFJ@f3b4VIKXG8aX#BTwqxpJ&1PGYrU_xz zQBYPB->T5gMhDaR&#xIvsmTm&c6|aQ4j>XZ6V4te<|l+p%-hy!s8b#L*k`kauMf@k zKb;bPe|5m!@qexUH|Py}XRZA|1XSaHv+E>NbCI&&O>M+`_+IMI8)Z^(VQV8F1*b1( z1$p_xtv02aD$O{>=-ky-=f_lJi3!zRc>CA4rV1%Vmily~5iQfS($H~TxAS_r|Aq~^ z1oJBK-Dys(U-G1&n8*u)=#tCU`hCu-$!z)`Os>qrSx&bbA$?n*I+){Z{`E0vjJp3vH>Lt(VjPW6z+4FM($L_eC7CSwxb( z1OdDB|8zV58xH%e{vQHzw`BJF14%kHd+@UA7d`g4OyCdK)SH%h)d@2b%w3AS#TN5) zeqnnZ+u%%=OC^4iBCcVsRwrvdn2=N`i!V#g#90@_ipJH-F?enM@+r`)|Mzps6Fdf< zO7@Tf?9~53J^t?xPRFhO9|D$37Xlix_@%P6Yl;GHRh#WM$Kp;__4xm6+}{5= z4AgV!eCIL6-O8b_ZP$%C6Ah6;ZZ}+WTJ+y~0{Tf6<>GT*B7)oEgCZ=o>qnVVD)T~s zX`%H7dtUDrNl`$!v^3`Td;9a)EB?O)&*lI6w#>dNfV=d6cv{#0esA1<|33)S;{8IS zU%V!TLHBfYMq|HJ=oip!INorRYl}%8$5IwI-nP(9hsCMg1>8cd_SY!P&AaCbF3vT6 zQ5Dfjv7>G{6+-DXNWKv})2#oAzPwQef?rw<+*SYIj{k?lUi<$a2Z6f(pX!}o`~088 zwBf*;UskUEfVung9G)UGD9RqC3^y6)#Voc-YbfjDik@Z^5xx2U za`FM36L8F)>mQreK)2-6(m&lq|6Ts#kW7h4BW%`^@3hhW1@|;0nA5GCf3NR$r8B9A rbYtZ3X|bXvo)Z5-gy9v7n3_QU8?m}Aw9rBe$A|v{oS|N%06qW!CaF%4 diff --git a/released/assets/fleet-agent/fleet-agent-0.3.200-rc6.tgz b/released/assets/fleet-agent/fleet-agent-0.3.200-rc6.tgz deleted file mode 100644 index 807059ed1151a13473a2618f75f9b0837cc46b53..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2120 zcmV-O2)FkiiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI>{bK|xVzh{1m9eOg?c1((rY&pX>*LTTW>RdhcB`;0q1|nA! zY7k%nP>#y#yLSMP6h-l@+{LkbGuj7<1a^VNpWp6ci3LN{0m+c-(bbYj9j-~vUOg#A zQ54P2&g_2_Mg9M17M;HuPcJT}lWBBzasDbAPtT(06+};~#xRvi6ZtCo-F@{3_mvRg zTxg=H;41b25~2wcS(p&58HQAh5|o-QD5fz;!jmP+LAE7LQ{*xDT9)V!vT%~4DoBDc zxLv2#N@G6AD^v`O^77ZgT8Rva!oalHG-kK3M+*8gN<{^aVKwncQM9j7I1ML(OlDq+ zDv`9%w)i_E4L=f2GL&#>T7dw*r~2=O0;1tAAq+j57~ZAUg^EX`!~jKw^?VqOh*GH4 zh>1+7kyR*EtIXS1aJ8dO6j_B{aQ(aZUlCTKdU^wJ0RNL{7WMHzn@*4Te-5HK$IKotPC%)eD|iA z$fiG|g;FA+L?b*twntg){ zQZii+cx`78;J%z=qM2hHLVnF)>mBaL;rQF|MP1dA{s8Lwe~o#;h(`HK?&aD+-y#_?HF`#C7a07kNv7@q?*Fb#vk0G`rKG*<2)4iekD2TEZGJ(Nr+d@$5|NipFw|6&}S8v-I za3}2Vq{!n=A;5wnOK)+pTUwXj5WS3By~FlU+VZ;m3cRkWcC3#CS|MyUTZ?98!|m~G zvx)nanq-^J>$bQ3#c|~d<%%YFnIxj*djAOd(!20TFGa)lpQC;d^8RBX7){n631i~H z{C=4?I2ixUCcE~3GCn)zf1ihfAlQld>XoNF3-7;GAr)JP@ZMG3*gY}e6KZo7*xh1& z>zX>NRaI?(*JQuKUh2z)c#SzPM0(da6sSz-M|mbuS<4={66_ba{rX{DU|sso$=K(& z?(wB({QrxF@n0C{-TJ56dl2V6KHml$ivRZVKaXkpcWAvOHAF(Nc(eKZZgm9Z;?`VeHhsl|?2=iu>$AiVQUd4$OWGwosKx zf|z1@3UgctiGeLnB-(ykyRjQlc7wx1L6GB;Xf}j)R?Zl`mHp!Vsp!&8h@FI;fY1M& zfUlnvtF!N&&<||v_bEP2GH8yytqwOOW6db`MSCpU!?hV^o)fe9|M2S${8RAlnwy7R zYhX(1VVTFEFu&C=J}I@x4a42etbY*q$ba!;SP-Ugm~Iz9(UC-h5i%>eBExh%=x#U^nJMXfp@JR}zVQ3je?F z#J5X_@IQ|F_`jH*9sU2aP!IouzUA@s|4WbHNWX`M@xLOBrbOe@L;wfl|NZa(u>O8Yw%RDr~QmsFy?8SHLX yp90}2Dc zVQyr3R8em|NM&qo0PI>{bKAHP&oe*84m~$%J0?Z_v3$cf*U8=F>PtO#?p}JG3`DLZ z)F8kDpnNK;@7@7GQWV8lapJR^8SR5a0=vNC&u@3J#GE1OfGm*f!R3-j9j-~nUOg#A zQ4~!l6Z;=UQTIQZMrW^v$^!#i%9=(c&<4H7m1<}*0(NBfaM81l?y07lwz7Zmv z3r#c?T*V$hLNsAw5hg@yh9MP$1f`~PifIgz@MMXymu*SY6nPB3mIeB~ESzMha*|*S zZr7=`(wOz~3KavRy!gGhRw6^9Ffc9FjoB^ik(~aDQc=NUSdBcA=gn&rj>AzPlXEXc zl}MUvTl|BOhMx&13zTqST7dw5r26l<0;1tIAq+j57~ZAUxrzsa!~jKw)qEI@h*GH4 zfQf}r1FKM|Rts-m!PSmBQDhZ*!S!$Be??e<>gf%@0sN1mY1GC4bbNlq|8o${$N~-W zCFVj=E#$fZ`k=jW0W?{}u-d}NJAn^NguIwBn!qnNS0Lt~mk56=W+*voRB&)UZT}-U+<@on$$~E#%M@go()F>0~lCNWZlW|8jE`gYVbs znC5fL0C^%(Ou=sITC>ZGFVr#gPT<`f7|u0dmg_Z84O9V9s>m<}y`-w!=7+0W!=mVd zV+yl15V%Li;Es!X4wo00k{+B5X~J zC$jF(XrYuyDA5S_R4+Zp`tD78XpIl(ir=GE$|-E#T?@AI{nl~xwUh|132oM`5>mT^ zSC~lD%5y&Frd9R6>z3*UYX9V&z_s-^kP16%$&&De+i5do;@)grZMrWwL#1FX3Xn(` zTidmU`z6t~(2Ot@lrKEWHA+sHL7wYoPmRVqW_AmvH_qw3-*YM6f{B@H%DG7MR5$wu z=cHh|8t~fAAi!NQ!$dR3*oXXz!PYz655wX2;q)b4)sg-HYWshUS9!q%?yY1US^BYGmbFw}xY_uYZ*z=QK7;!4pJL9$ zIz#>>>A(Z{A4bu%i~qCX*%ANGL2bN~JXeF&&~rB7O|u6MSOJw|V$U(iFwsJ~Q$Md8vwE8i`cEo!d0I0h+R2>CTHbN#aSZ!MfD*fMI{QUOz`r`6! zQv>dV{eu))+$sc^Q)KB4&UZ_z@@t}(aie$G97-ErmtTR`W!a4Nfj}#S&1P%StZcYF zo^3X9w^EbEX7jq~ZGUlGxk9<330@?LD7fA~Lca7aJkm>1zy0T^?}fbkm( zxHrFF<_!+Uf78*f{T~e{$NcZ}P!I$=F<-UvlrO@&?^Q^})*-xiRo8Y;^!S9zoCS8b znBS_V%4(Hm6X4a^udtK)G9g}V&U2C8)(!4_pa$3*3JFu+Fh6edlEC z^IP}$(lh@5Mg92Cjq`5&Q{_E~^B#}40f*whz5LH;G#Vej|2_+K@jo*wzs3AdV%CFn zyFG#`O-($2&R1jre~By$)pD>D;?9pD7fJ_|D@_)u8UqJrKL%T< ziX=fyF+GJD&V|Il7AF#Izm474jVRl};h`YNaY-~ALOUyGjNZzA@%~hF=_bTZ!cM^F zKPKSoCdI1kdn@z<8~c5VPm=}I$KFPV>w>X*6#JqbmhIu%3^U7!S^R(aRR{hl_;$_B z!>%O+Lb@Kf+ARfFX;g{uXIzgT^PWl0M7nk(h zL8!vn8w!-mr?gH(xw(C0*_U6r}1uicPe~mZ;iUW3ICWJO~kbfhQ$fxlC zbtk@EI)wjW)W!e#cyjdr&q5vi_xhHH)Bi6$f+Kwm_2Yj<7)^=Br-=X##{c`@|A(Vv z{`Xm^Ea@CL!hUf0S=rjMggK!M{#4)b`LLu4?EU!WT5py1!4xRBmnOGYH@{Orlr5{S z^xL|&dGQab@n@$8@^rKDyx#Hbx3Pbx@})+zuSws4gzgPy+DiL76;y%5e-~7uy&3Fo zSDymmDP%%vVDt{z8VFOO9Sr&HzF&H89_dI&I?|E;IQm}z00960VD}$j06G8wQo%;# diff --git a/released/assets/fleet-agent/fleet-agent-0.3.200.tgz b/released/assets/fleet-agent/fleet-agent-0.3.200.tgz deleted file mode 100644 index a302c3f3ddd0724cf3e10662a07410ad54156403..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2120 zcmV-O2)FkiiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI>{Z{xTT&$B+oK*3?#B2r{KaSnP*vwMfV=C(nycQ3tSK}%zq z4MnOX<(#YfyB8!SS(df&{z;Qt!1G{B( zilXV+nf;HVsQ(|GUz{I}CKngyqx0!#934fY$yqc$g6L_@7^YHbB9Ef4ZmZw9Z-fZv zLK95|SFs0>5KWlK!h~qeFr?x%L8YS`$xy}xYMFVv#x1u@i6ZZ%C;#Z^sEhw4VI``kcL00vKaS4N`uLwt4)}i-qB+UXAYWo3 z6xBkmTA-hH7cYP&Sqw`DBkvgAFA$1y#%Kb+++Ks2gI*x~t(>9cs8PY?&0A0?mncD& zoKv1zj&0E8rP44%P^e*n61`)1^E=54h8xJCD+m*j$J4X3i9z|DRs75Cbqv1Wm}Arz zm;>@eq?m$T(2ZqRmtSaO=pDn`IWU}Sz`W2apc<$GqEwk<3VK0RU+4SlJHw)A#xaH2 z3J5$PV{p&K1Ba{2aMOpY%WfAERw`|*!Hg;`t!H-q@U*zM9@g?+lNmAvS^!B?^QSw) zWg+;s2Eo}XG!3kPNCYmlk;4?o+z1%qIZ1Tr9W$#q_KpGOLc}m5a$_4c9`fz$W+0pP zj1@|Wgc6PLK=s0NtZ!d;yVm;uzW4)LqnyF!-D$9u?>0eWNK+!XCbXTmT1ahoUST3p zE6>H7+fLQHen@H*G_lD$h8r7eAQg7hk_F+JTWK?7;=wFjZJIARL#1FPN{~nxTiLmW zhXv8L(DX1BlxH608YL&ppw2b3V@4YpbGro7TNm)&?SvFBV`Ao1x$tP78nv%+PD-Zh z4zKJ80^FA~Of++hL#VGAY`w$$C>(tsPX7qu>OfCS-T1FDFBs9NPCqP=6)07xizi40 z_T~SRany_d=NHq_A^txHRaF2f&M8Omo!9t~I=Atm_Ms~ug7w-njC2m+uP#Y+ey7RF z2mMVeR!GYA9Q^OpssBX^kST0m{Ea=x)Bf{IkLR~W!}w1GpVKTS#gl9X_Tqoi&;O_6 zi^&21&q4Q;r!idF`Tm&{+Z*VSm!l>r(Zpm6yBpf3#x0i^{u|h&p|ZaKRn_$vF0q95 zx~}zIfge|u7C$M$dz|a_$wrSs_eQeGF8$cAsz$0QT(5o0w?5=6pFqR-PqAQPl_P(W z>tHu1* zHTB6>RkaCTa{?Cjj=xNb*SPaSq<2j~fy$(QlxGr^_3VKw!G3{TukTj{)}?QqjD3FN z9$$LI|5!AP|H1_CHa^wSgShDN`95G@{HVSstpz=|YHmKZZgm9Z;?`VeG`cl|?2=io5JViVQUd4$OWGwosKx zf|z1@0yCToiGeLnB-(aczpNs!}`XcmNaUd}kZrTyalvFy?fh#iEjgwOw+ zgs*=nR-eFkQa`Y{-^chg$)MTxwl>_9j5WR3745NXHrJ+`c}~pa|HH2v@K3gtkH^!4|9=kZ`hGj>q|^%`>3^(O-N^y3 z-1pI2!SL}@f%+3>&@GZiN|wwdX919c{wPIR)S23=zr3=y5R@oof?I`4l(SBO*N<7B zXZK$zPbts7%=}ysx|2+%!&iflcJbG2aud3Pf40+N9=||XIUNUf- zV@FA!$4NG~UUt}Rh2!bn2ijrn*7qdr?VFDaTwNOe25|-yd;G>s2yMoo_(n33kKzC8 zc6{5k5C5a6kN=CwfWfG{Px$&lY|`=!_Bfev(_10Cr9NB;`|0RR6*0$scSIsgD$nLPaf diff --git a/released/assets/fleet-agent/fleet-agent-0.3.300-rc1.tgz b/released/assets/fleet-agent/fleet-agent-0.3.300-rc1.tgz deleted file mode 100644 index a1eda71c7f6ed6d9d0ed62bf2a802d376416cc78..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2121 zcmV-P2)6ehiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI@bZ{xTT-)H?50|kd|i%6C~;vDprX7>(z&258Z?_PREKucqr z4MnOX<(#Yfe=kT%vMg)k{m3O zilXUcV*jHk>i$R5=P5t#WV&98#_SgMNKSu6si@#FtVSNm^X4@Q$Kg1T$^Mss4MefM~c)2t$u1hIgrTuHwNUF+fpaH6KPJq7-U1 zU}7QEz$z4~)xz6XaJ8dO6j_B{aQ)l(UlCTIdU^wJ0RN+C8g=nMokU0cKL^o_EYKid zVlEWbLarO2584|SK$Arbt1XPY6Zo)1$cq`H3H)+%1!4|*iSV~#hLWR31sB)vK%rcr z1X*xS`NDGSf-WnRh8coF4NH{hoxt1QNtQF*LJnO)n20Q%P9|f6^jq8TFE>{)_|dEQ&5T zrZ8Irfd^y^?zwp2aCs4K$8dSk9zwzjrHwYYph`6UPj3%=We;A|b54%R><0vFoIVG3k!1dQ;UBs%m?m~A-rP5|aY#4sars~a^I^4*(y zBJ2K)7D|bP5{>Xc_0n^!@7}bB*7$&~_yby{oWkbawO}jXZyiTpONro`&}Q8#A+00k7>00^AofOf++heaNpEY`w$%FdTj#PG8bh9qA9Cw*S|d<&0=lgS#cN9Hk0% z{sf`Gq4iYk)^YhWs|33$nWdJG8DM#>~#kfnI$+)ZR=h}y0v+)cgokRGm3lg2p zsblh9ThoZ;l5#x<|2sACzo-FZ3Y!;ys}J(D`~1@L`K?hu{u9CHbdiz#Ne%-C@jsq) z@IM_#lOz70gYGF$W4N^I{WHmT570v|LrqemiHQ{U53_ZR+b%KuH?RRiX@3FAvTZS3 zPzjq&RqML~KQ2oxeo}&WI5(TqZ94|tTgf`I^kcs)YpJ?$v+*t8<`}Dd0`=oR#hi(C zhWts=fd}wEjG}25|7XML5&zFYZM>5_SA*5ib2i~kvj+}X0hME7&oRg_(L%aYMMiY8 zys8e84!0!FcO?PpEmz63`Z2_I#Csb6sJk~*9R*P~LMAX+ZCeN`{oh~w{PyBQWa$mgcT21CYoeENqj%UGN*i96UxC+U*^Kp(Kr4jJW^2)`Y`8t1 zZ8mYYQj^7I^SbG6e{o#7Lb;*|UL=VqxZXcPzVt3U(o0dl{pYA3guK7Y1*6IOjxZ)3 z% z);+%TjQ@X8KmK#$yc_>ic@N^e$LHICL-F5U{%15AjgQ}dpM|>kpP7~4V*V#F>p{BR z9zm6+CLTcND>8t;M3#kWIamsD@5hh}r31>9CXAiBw<2FilHxvlkRn5kfdjK2gDq4= zk|3s-p27_0LSkTx6N$Fp#%}CJl81Aie^;D@S>m6ze(!1|8ho>r@IGm`24?@{~wLdkM{pLsBQc0s*^%5g{1$nR&_51 zyma42Zv?}~vjWxU%b;B(jg%~y3C;o_IsH+JBCjH~*ME6!Zy_jA$OLx^S14z#0O+Lb@Kf+ARfIY;g{uXIzgT^PWlmc7nk(h zL8!vn8w!-mr?gH(xw(C0*_U6sU1uicPe~mZ;iUW3ICWJO~kbfhQ$j9*i zbtk@EI)wjW)W!e#cyjdr&q5vi_xhH{)Bi6$f+Kwm_2Yj<7)^=Br-=X##{c`@|A*sa z{`Xm^Ea@CL!hUf0N!i-6ggK!M{#4)b`LLu4?EU!WT5py1!4xRBmnOGYH@{Orlr5{S z^xL|&dGQab@n@$8@^rKDyx#Hbx3Pbx@})+zuSws4gzgPy+DiL76;y%5e-~7uy&3Fo zSDymmDP%%vVDui@8VFOO9Sr&HzF&H89_dI&I?|E;IQm}z00960sa(Fw06G8wG0QMB diff --git a/released/assets/fleet-agent/fleet-agent-0.3.300.tgz b/released/assets/fleet-agent/fleet-agent-0.3.300.tgz deleted file mode 100644 index be6405f2844cb8cc274a4e5a0828717e76a77733..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2118 zcmV-M2)XwkiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI@bZ{xTT&$IrDfr7)fMI?X5Ip{6T?j81;+Xl(rz4VF&EsbS1 z6seMwbFS+Dy&x&cvaF5wBTa4r&x0+IGsEG>Z)Qkw!4P#oQsjDYwIou9Ym%{(C#B(V zIGjzV_J24WcK?Ux7w0FV$;HLRWI7v9CMUzuWI7t3!0>6!=%+$yB2R{2-B!1A-v|-T zg(jK`t|AX0CYmsjhB48aVMxUwMyct7ViJKQJYJ&gWn0oDK^}pxWr2P#3nv+>oWvM` zTXkx!G-kcLLPfwRFMjW>mB^4N42;HFnO(vj$?2~s6%{;!)z~9>-nMkS{S8 zifSR(4bTVe#S5TG8o|oJ$UBAiON6|bGaAD$x7Q#RpqB`LE9NLUYE*D}^A;4!6-tl= z=ai?GV;6K;p)|}96lz$aMDG;d{7$l*;TCe}3c^@q(QG=M7?j^x#lPHMN8tOlIYxbs z86b~Ef(h6KU0Zf_`Gq!y-YL9Y0KtMBqXjIZS{ojDQhdkXVP_DYJ?r?-XDmLY2P2eNL@ zSfP}NDbWZIR4+Zp`u26ZYmNW!ia($=${B3lod#R^ZW}cEG{u5zLYsN3gw$^56~+>^ z@?5;RZB@PNhNN0S9hRdB>W;Bs8vr90!bph|)UP$p$Cgx6+3y1?337^BNx#=Qci6K6LFvu-SNqkuD(o)g_6}@6ocz$ctkN;Tk1x+)OKgnj`ApR%a{C_qX zPLBA04!Wm2iQvl4_s=BX-9V4L3^hrJCMH|h-_X`IZn;G8-@qmfrTqmc%eKdGi6v|{ zRjuy|{HQFo_(=)g;oNM_wt5V@w~}>s=|_H9)>3uhX5(AF%`sp31nS3sf;kiG4Ed8B z2OhxxXgHj8@qa!#KjQy6sEv1$=W4JTdCn)iZq~p7FQ9Ua?Op~M##%_Xv&e{!m)F&1 z(&3im`K}~Dz2qvHRy&5+j(D#EfVz1@)pihNBV-bT)mB4L+5hhH=QnpZmsf9^8gRSp zAEd~lRw2NGB1>*@v0GY|-w?fw8oR@0W7_b#^A&himQ7zDNwh-PY_=ZF%7)u5+GZ1V zD>X?sn^#S1`;+6!70MNj@iLA@!S((&@}*bdkzR`W{Xa+jAmsgrTre81KM=;mgZcfk zXmBw9n~it<|9CW=Tpa!Xb5IZjJ2_u9^OUFI{r4)QVjB?NxvCqxCVFB*<<0`TTFh@% zQ=M#;Ws~65CtzXc_{*etwL8y6a#sfwC{5}|c`8v^&mOoE>=wB7`hJ~bRr=P+*ylIy z@uf%nk463X&rR@d;!_nph>ISd?*k6ye|zUYvg4sEhx(nfWc|e-iT^q}$~Y zR7cgs1L%B32Jn~2vQRAtOCj$42y&rxK)KR{u`~Bp5o`g?JY{5L;>1z`#|{y(?5y-by9GT{E%C&mgRJSXwJ zSS+q-Ms)i7S0PU5G#2XJ`*zjyvWp3IK^|2e4b`|YfgLNA4+|FK?mF9*DG z-$!o+!^ckrs!y0fyGR--Sum5F1weB8qZCD6Woobf^2**qP@<4A?i8+2&RYduH)egF z-G8M#p*;OE^MiRMZC&z=v4{7Ea$T+^0*1okFdMEq~|ur zo{}z)ldNyO?6KPl$J4nFw8z@6??~9&Hy;H*`+KfT|jbtJp!~fUq z_;%?K{zt{@7|Ia}k{P)I|$B+MCx(7%48tTXYiZGfGjZc#S9L)dszyFWM$MfH3 zp|Ye4;0XK4;U}HemL)6*W$>r^j?eogRbcPPH&=VBV;@X_a(i)ddwuge1w`4h>Po+@ zYr7Z!pc#L5b|6nS8_(IMqB>uag67B6^cfDc zVQyr3R8em|NM&qo0PI>(Z{s%d-)DV_fr4WH|3jq6cH$Iz%VoF4_R?ICYzrLPVnItI zn`eqtNy@3u^>;szlw?^};_fz^bPt|~L>|rzhZKJ^Ly8$g)B%|y*C&@VB6YYVIeYb_ z6h%=qK0USnqbTbBkH*pP)!;N5oS#L}@a+6mG#HJ>qgN0;tsDJRDoy08=uh|69o!c} zgma;Zrh=>314xJ_OiaUsXw5LB;v_+-X+|-PK@y(KQ1*(=XqqCA!Pl}xzgL8l992OQ zjKQrswNx7OURj}HV3e1?^|nf6NE8OfVr|SWVUHB_N0f>R9>Zejk)mjRM&T$t^-@%c zq=mMuZ;U2GYNK{zOh4F?cg<733 zF%{~>IuokJ)Z2A#vE@n>1u}^u?`7YA8~+Q!N>ooD0QTU2czS-?#s7FTJmCL1h~{L9 z2Kf>Tp{N#e*#P~dy?6mMnZ~eiF!GMz{S2WfCyXZW!|fG_4D<})ALRrkM~wPL+=RQWxz1gfO(;pKs8VWM5!{z6!eU$uFdyXcSc0f zDaRBhOCWHMjKQ3Xdk&Wu;bsh%7wsV=tW?@~gHx)sw2|43!_#7JBdnFZA`@f^v;dN( z=AUjUmxbWl76fO@&~&f_A`!UIMh{aUnNcvx8A){L9WiS-_KpBDA!3*ix$%vf2>I?! zJ&|>P#tWrHLWxGWr+Vf&(RXj!Lu=xHSN$HXQ_f-Y+gY%U*PEo#XDJa}6WYADN=a=G zUST3pE6?Sd+g8(cHzm~u>fGcV!Hvx|kP16%$&B!+TWJ$y;@&J=ZMrWxL#1FTN{~nx zTiSOG_cNj`(~K|`lutd%HA+sHL7nSn$Bia4=5`6Dw=Usb@1&G^LPUyp$S~1D0^w#s zFmyvykO}vKtp=o6FtN;yvNdG0o^hpZBZk%5Abw*dhM#`%=H&zv&32?c0DyUefNlbB zo3Ww+%yAh*JKbA8fGCWlaln83Ye|@2@ht*k@U6+3iCKn;j^SF|B{NJ*hMqTNV&bOO zS$7?}`Fw*JDVeSoz|yWL=XW)z{wP=p*mf5K2jSrBaQwoV`)R11|25_XBO2AohZ(X0 zr3!WN1f{^f`hPTxI{E+X{OnNwKMSo^0i>8wj^I0#d`KNkK2$Mu=|iwydq$9E5dP?j zM2EAwChx^pqgF`Dbq4-d>csyf1IQFMKm3h9$kXogOV8(*M*a9t1kdO+C&iO&2KM5A z)UE%=!|~Yx|Ia~l%F`Gw?fd?o6x$ob(X4>h29y+d-6#k|_)p8w)|@|MkW9Z|`m{F5fmS)gI#; zDe}0*1js0|^cJ&iZpFVLdKNc+ht0;ck#*-Q@Orgs#`;L16~cPGiD*_g+-ynK>$uyf z$#lJb-SoEmavWcwT+jqBl0=kT?`|XOI2+i#cN2&=8^o}^p=<*2&c?2`qQ$>R&LD)} zfm5EEedpI3wYpr}Vm#FG*4DPs*xi19bk{G9yuSwZ$A6CcUdZ`}LNJ;vKM=;mz4`lT z*c+r%{woB`O{BF!>!l%%K|IzJEvox-@3<_p7FmH z_2a)V$-BuZqD{ z0G+SM0R9YF9;(^NOo+K3Lm`w7C|8;=cICfz_JsGw%;ahY*&=+;_#0ZK@!b^&@RfEptrDJydSDA-Gtal*edw^k16=Nhho)< zbF1_NTl+mEr^yuRZExelP03h2ie1%?$fiOv!_0GHUj9#h)q#HuzJ2HBVLKWaPBkp^ z7!>C3>Sv#nTI5FHZfn-xi#hV2{TMRB6t4YWHnqK+D$`}a{o_BFD}H&Xd~D|BS&P=X z*Uwh50!&CU7g=^ibE;z)JV7q&kNLI@rv|)q-$!o+!^ckrs!y0fntdu?waC{fA;x0nl* zlNQ74=B$tN`|p&elutj+{a{jQn;+GoKs}I09Pt2l=kH@?O_h^>W1{WEIZNAdwfA7A zQ+|ilSLCpXq3gBRkAL^Y{HY?qzWv|XsC)i*Hjd5@_XM$@96Lt3GETF;^|B*w8=Oq%KG2S6yS<}fZ{IwuaCu?mYs48)?1>u_A+(u; z;tSblK7{{2x8vKUefS^j-2XivjSl($S*U~m-rVx|@&8MY;6Q(d`tiRYjHX26(^LR^ z>;K*F|AWEd{P$UCwW1ktgx%us51rPoR*(_O;Q#77KJRB#fxRQ&TyEb<3Rld|{c0K7EkkGxwOxtOHtAQ$z z_-jce+S|eIhV`+%8=4EHfzdg#B@m`WyBPA@eZTbDJkWs-bf5!$KKgF}00960=cP%$ H06G8wZ55J@ diff --git a/released/assets/fleet-agent/fleet-agent-0.3.400-rc03.tgz b/released/assets/fleet-agent/fleet-agent-0.3.400-rc03.tgz deleted file mode 100755 index 4a90c3d586934a591768396c8f50efe67eee4a1c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2285 zcmVDc zVQyr3R8em|NM&qo0PI>{kJ~m9&$B+oKtYkaL!_1etW)T1Z<7}3rF)Crw7{V)0$Li` zJX54fQr`MpfA<4PNtR{px=FU)2Jk%i&v0fqr1+Z|Qp^~l4#*6-KD(R~slye?*|SHb zD2k%Vcx=C;DC&MklW6#CFpi>E(IgrT$Iqg{Xmmb#2GQfX(NCq)L_Ui?yRYuxz7Qgu z3r#c?T*V$hLNsAw7A8b%h9MPa2}(^fifIgz@MMm%S8Ptx6nPB3mL>YVBAn!?3X)(9 zZq=!k(wO(k3KavRy!@@VRU$*8FfbNtV|EF9q@X{dR8;U7mP3yeMe{cbN8#8@Q6-WV z+Ooben(#g0WQGzhj0FhbTdMzEC?Fbc6T;A=iIJUaU8wl%EHNNaVKo=V8=@3yb;iU@ zs59$KsFpKt-?`lg>9^MK4>#{( z@cr5yW4^!~kS8L=6zrm|J-fX4L?1)%IlRq)VWt7|La%^opbCgmWsWK6IaOVo@88`T z5k+SlQ<$!Rz#TFM3ohhmf#RY2yvfsM69#XEzQ{i-nD{R`wm4B2%CR zkTf-4x}{teg6~=ooUKCB!3u~(;6fWcOo3!Z!6;`W(V_R8S;MjS93T@ShAEL-->8X_ zZ(r9FS@&nWP)a0}XoNee=bjUN`?@`}CI@uY@6bBs95(-*1>1PFO&ooe62Ud0&2y`i z)b8LFCK9#sT+X>^HC=VnQf;8lPu_F5w)qB9VP`Fw6Fze*ZHi3XnT4xO_a$ej6s$xE z5(#4~`>f$^PPAp35vGFjnMb)s$q6&abKUH@(PYQmF2VH1CB3V?v{FxqNbwdKCR#`! z+$;!&Ziosp;U2KnfD{WRR=H8OhHU0DuC#5$u-+KdZ>_}e(=XnloMNKcp0o!5uxJp_ zP2z1cRy2SGu3~7Xe9H$Ag^@H4_-}qK3G*wyML-O`HCZz;%P`R~T#4Icj%mrz^JYv; z-PAhku0uDUuQ4Mf)71i4*%jsdt_IZ~2`d5H?&9De9DE&4o;Z7dKDG0|#=KxeqdNOA zM^>Ozp)MYw6gX7>kA~g+fBtHGs{fBd>vaGrW|SlN4j~^>2ayj|{9O4EY&M<|q#1-i zx+2kGtggv>vDK&*l5(Aa|CKuPKgj?xh0Py->ksm@`}?Wq^GlCd z+Y!SRm9W`Vt-fRU@p`SrcS`V%A0DAd_<;JKLadb>$@I0~o&6T6Su*$U)DC-ZmJ zM$+My6veJ4K)vKDomM}F*p7Oy0f4%DL)BIgWus&YgXPvjQ2Bp#@%@|I>x;`bO-r@E z_(qC6ZZQEeiY&dsY?oW{uZf<=jo)FjDQ#rk`3k&PubZ(xP-um)*=!@4)eX1Xk!HXmjCD;2~$U4pjcHi9u;_c=zY;Pu;K)ko9tF379ACfZ& z;dkJar)JOj^;WGe*LE29b-c5!Z8Y|`o*&)yQzP%MLH+TcqrMYz@u3imCaVvGF>z-; zKP?*^tp6sR_&*$s2jf%xKL!Osuv7C@PoDBwxcJ(h;xq~2$~9fvHPMq3s&E$A)nY!Y zmg-b%y>8%LpMHg%qb~!?I-D0G?VLnWK9i_yqzN1cy9~Ep->(X+xNn_~{r$%MeCiqh zYf(S`3zNK?{8VKR;1(gEd46UJV;e`PU~B*lI4AVr260|#b52Fp}sk|3s- zzJw`eLSkUqiA39P6E}7%%64)1$BH0{W?G_IeE!E2eBDE_ z>a@94`hl(e?vvAG2KBbL@!`5;tRBU_YDZ*SA(>(3IWZ6aC%@{ze+j;Q=H|z4G%%cM zSmtL?n9udkJ}I@xjlk{BtiKlvZH_j zA?g1tLiTFFOZRT{MlgK%RG@l&8MIl_Xvvb9;w%7C&~K$Ei>gw4@sAhw7J?F`OmK&} zL^*9Syl&3=IKTf%c}n^0)7%fHmA3g)9SYO~dB715V1NETX4X_W{VyikPMou}8&`V| zW;*3}SiM0Gn;5#;c>VZyZ_6Jm0vy`^osYWbf9I2Ec*6fNsB_+51LDDJ68?HUos5wu zP3n6<+|?yLH#zo;d!e~d8W>$5TLEE8w2L9X-S<00960K2?k? H06G8w?ihPY diff --git a/released/assets/fleet-agent/fleet-agent-0.3.400-rc04.tgz b/released/assets/fleet-agent/fleet-agent-0.3.400-rc04.tgz deleted file mode 100755 index 4f59ebe4e76063d1915cf4d4665a9dfa855c318b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2285 zcmVDc zVQyr3R8em|NM&qo0PI>{Z{s!+-)DV_ffmKy9U?_`9B-kwTy|S*FUmDC&Mk<7oI|Fp37z`FJ#phA*PQ+1dH%1w>ElMn9EG6Zs?O^obJ>q5n+r-=cH3ahy=-Vmiwt5YVX zLY-P?LbaHByUs1PT#2GUCeg@y-sj)O|AMd*)zb%nJ@_A;6fWcOo3!Z!6;`W(V_Q}S;MjS5+D;Ih6#}y->8X_ z@7~lCS@&nWP)a0}XoP#JXPy&%_oh9xCI@uY@6kHt95(-*1>1PNNgREa62Ud0&2y`i z)b`*NCK9#sT+X>|HC=bpQf;8lPu@$ovH1p4VP`Fw5k7S*ZGuePn}w@Q_a$ej6f8vv z5(#5V`>f%9Mzm#`5vGFjsYkg+$q6&abKUH?(PYQmF2VHHCB5sNv{FxqNbwFCCR#`! z+$;!&Ziosp;U2KnfD{WRmbp>3hHU0DuC#5$uv#0`Z>+@d(=XnDZ~sXXcyw_IZQJ+KLKRpsW@ zsvR+0Q3>mH)#^KjAFozge5VBONUql>8#@Nw8_l}1^kaXusX5dik!e{lA?d;T{by*}dqAk@Y?DGGJE7rPJ!i5ZhAkH2_d|Z>ZV|qHL5*VX)X(2rB=tFTQ_!cXM(1wrQ#M z7vD&c$1Ns6MvZMJ70lUt5q}BM+&VF*6U3~v%2ACJF;HK z-9}BO>-DRqx7~;1_zLBMCU}t~qU3sa3t7k6!0x-7K)l%;hV9K{6Nq;d8|+4d-9mQ=BFtT)U(j5WbM$3kS%>pNq@9x}%BK>QjWmJdV3*<6>-%Ma75AOfvA^HCpU*wx ze=X|Ae_@h$lb@>WL0tCu_!zLS{u{p@ckn+P4$qJHKLmC0KQT{!gZb~oqzCDCc?8ul zHSqvCZ;=7~8L~W7v(uRnb3cYcC>>C)G-2$-{VR*9Bq{ES2Prbt7&tKdF<7Q5lLRrv z^aLiD35kJaClYPHP2AY7DBH#1A1i_+ngyX@cAE8@O2Nx zs?+9H=?AviboZtVXJf(d4Y3>J;O56OY4h8CgJmQE4useSrGi$1x{1+2#C(c>gj;p-~ zGoA7~tll7pO$=SHy?*?=x8+Y20ru_x&d<8%f9K;UI^zEj)H(030rBWH34gVkj7P|m zCiOic?&^}Bn;bhvx-w3)zVWgnZX29T=PuBWXuG|mVQ=0%tZ;c@XFi1g&)e~B(?0wUcJBYaJ{unM|3RpO|K8m4`0@X9kKjn3L;d()5Jpp?@o6f6 zz4ia@`+pM>j`%+StyVMxj<8!C{-M*_)e15~8T_rjr{O59H~3?RmZ9*|o8Ir}DW*v+GIUfQ0TXX4+2sTMbl! z#9vD)(cTPpx2sR=z0h1J4UEo_ErBp4+QpFH?)$md=8=wcq$3^a&!hhb00960p<-uJ H06G8w&4GrW diff --git a/released/assets/fleet-agent/fleet-agent-0.3.400-rc05.tgz b/released/assets/fleet-agent/fleet-agent-0.3.400-rc05.tgz deleted file mode 100755 index 8cc15b5760fcfea2097dc1553b550e8b5a248ce6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2284 zcmVDc zVQyr3R8em|NM&qo0PI>{Z{s!+-)DV_fr4W14v}IziBsq;m)#cIOLIZ8EpTXy1uczi zo+(l#DW^Wy-~B*Rl4VJWySu5=1w0S_Gn^R?DgI`L6jO$%12RRfPp)P}>TpRi_Uc(_ zFc=KRXJ__%Fc`GI2jju$)$nXE9G;Gb=SFULdU}5T3I@;XMn4rw6ZvZJ*?qMK_k|GQ zTxg=H;41O}VxkEX(=aAlGYqLXiBW2rQcNO{gvT?Ky<#((B*-K1wJgx@72za9m6I4F zaH~!&mBy@BR;UOV<;8Ektr8g$g@LhH8M8~+BRTyMrJ{mIuo!tH&+ET~@H9O05>&CI zxwfotj3#_fIGLh^OJe~7_?GH_=L(31`TIVV{If)HOR9Mc1@rEdcTAeU4 z73#z~6RO43>pHjCa%C_GWIQ-RBvmMBqXjJxqY4M!_hjB-WvK#H``SI|4|Bh+snG#y4uB zY3+6-@R!LtIBEBJ8ZiGs35CrA?5D2eWXs>Av6$m4c-x zKq6smX`eMb%!sy3Gr~krKJ_TqC^=yUd9Is|8+CTf>=I1wT++Mgq?KwyM1uFoFxEl> z;buWFbVF2-3ip7m1|*m>vCNFJHDoiNaiwV^g4Nofeq$wqpMLS?#ROx`I?^5hz`RC4 zJBc^VSkVCHxQw8g@+}`g`P9t+8nc`cjq2pX z3|Wp+g*tzRQeap8e>!UC|MQEpL;b%OTCD;|Fr^&9cL@2AIEZ{GN?AWb3s z(G`gfV^vMwi>+EMmz3)i{IArB|49arDXjna8-I`|?cXmwpI;jF<3AQWrPGY$&$1cV ziT~5H7XHVh^NR!i_d#>YlL)Tt^ZuUX+Z*Vim!T#J(Zr_vPUTUxxaAVT?}1H_t1>sQ zR?Udvib`0o%U0hp{Ajh(;yWdHOLDzF-qY-ntLR@fFGijqx&$MZtA<3t7e4!0x;2K)l%;hRw}n9f&)dy2^?c{~;NJ z5Pk>+_tJANrb@XLmS%vdlB(0Mu%BK>QjWmJdV4LCA>-%MnCHI}vvA^HCpD#V* ze=X|Ae{Pa@ouA6=L0tCu_!zLO{u^J6TlgQ1M&kqi_d#v^Pt23wVE#KX=|Q?(9zl6b zO+0|sTVw!#hAa!!>|`dy+>am^N(YoHO&B|N|B8GnNrGMRAVG#20|#b50?SlI93v)} z9K!@tAu+J*SfcH>jvLz*WwSW^V?~fevmmsKawh04>>KaLs!KN^b`rJM$E(i$uB$bkHNRk-2B*%28L4( z%lr&-^SS!jCxsT75xC!)_4i_q{AWLclrV*B|Cdc|FQ>|M8F2sj59W$r9xET~dD&~x zTJ`#;RjdFL63<1NUek=~2!_v)%lhNLoRIkW?g8wI|AWr^|MSt|{r`Tb8T;*1CxxB~ zN&jaN(y0Nj+`G{`!SLx*f%5fb&}2!YB@1SXvj9j=zm=lM%S!F_KVI8g2uc((#x3Ro z<)p#z+Bxgv{Qf893FXsIb3d4r+U8GrC{PXL2}eAD?)-hstf^x1UyQY#IA>`)uJ#_x zw94wJ_zZbm zr@kk|U0u?1lcQs#E#ow+8!sJk+u&qccY!*h&Gwdty?OJv!qugbuMlTIu_JCwgwSRV z@-Jkc`568`Z^ySyyYN5k-2c5e9Ub!jUZ{ot-rVx^@&8MY;6R^4{rF!HMiZj(c`AUN z^?&#M|8Q_P|J@6%Rx|~U&@B%C&}r>z1u3Bn{#M=bc|W5H>>c^~T5oymg9%V>FClKO zZhobJD9bCa^xL*(c=30-@ptD3@?^dCyx#G2ZFKKczSL;Cp7ae!=-y(c>9oJqKov;* zwV)F1&0u%C`qDc zVQyr3R8em|NM&qo0PI>{Z{s!+-)DV_ffmKy9U?`x6K|onTy|S*FU&+fzkujz-RP%MX(C@lpWRn?a9;=! z&V?qL3a(-gAR(GCF%1)^xl;{Omtb23GP ze2IlnR13LmfPUIuya1X^V_4X=8^~nrc`xDp4526|j3)5I?G=a&^bFx&1jS4Pq z-ho27Knb$sobsua*alu+Dh(3^g&Jlk(R&GRe} z84*RN98;Jqfxta726Ha%Ib2?Zn=xEow1<$eQfcE2PN~w;MrSt;Pm8&YvR3wrOpqzi z0!W&gFWpiu3&FQ72+o$F>0k*&B5i1}!at@pS&Vp^c-XxAbONro`(B`>S zN@{!X3KNN1c`oPNwwkWHX{k0)=O^za+}L~rsj#z_%m|;ll{P^p?#;s0ru&jJR0@`& z1c`*PrG3_LKO@>Q%?MLL`P8FaqvV7cyqB}PFkraM5K6!3==IR z5N;L(LpMYPnQ#x-YCwtw6U*EvTSGSU8CTjiVpy#W>Ni$m_~{pKUQRI4Y)9Gy0GKxj z=qB;D87msV9G5Y)Q@-T`h{8x32mH6cmW25g-y$Fe-e0`mw)S)mk-ky>_+1`isxahoFA^ zZwkbx2mpKVKN!94p8t){qa*$gLT$X0qEM%cf#+hvo6RQS@hG4QOzb{pYb%fwoy@MP zjikdZDT-}PfO^SQI<0;Tu`Tsp0|0gRhN`U~%0|f)28)e_pz{Cv;`_IEHy4+0o0e*S z@r@LD++qS`6j^$U**3T0-w-{E8^6P5Q`*S7^A&itS~X*Rq|gdsz1~DLs~c{%BkOhC zZPaACUcYL3+kH5WuTU;%f)`05O0IXekae65?7q7R#GB1w*xpPwfp}+AS6k8IKO|=m z!tcN-PtBh5>y27nu5B?M>Ue8g+i2`=JwLkZ=SJRNgZkq?M}05k{6iraO_m=BW8&U? zep)uzTmOwa@qait8=N2G{~;&{f~}gbdh(P{!}-_t6sJiD*RJWtu8E$UP=&L=t`_rI zwN$5Ct5pN<`t&R89DNyB*5SMmY3C%0@~K2+BTe8q*k!o&`hHnp#eL^=?C-bk=X1~a zUyJ(jUzp_G|M8F2sP59W$r9x5N3c{ym& zTKD>=RjdFLlFUVxUD2HC7zR&}%lhNLoRH+{?g8wJ|IyC-|MTJT{r_R89sBK5C#9YV zN&jaNvQqjBaV0gyYu%kv!=?)e=*T^;+&=JxY~O# z(<#5h>J4((#L)HH>&L%)TmDoLVBh}leAGSvJ0C}*BmNITo%8-05RYDy@K>wJ_zZc{ zq`pVQU0u?1lVit7SH@}9H(qwcZG)5P+y&YZZMSzc?9H2p6)rD~e2q8*ial{-B7`<` zP<$c#%!ly*c{{#s+K2za&i&ulqv0|CAA~yi@69cbAOAo12#)kQ)Q|rKVKgNgpQZxX zTmSFA{~tuh^WTHeYDF{P2)o7MA3CjFtsoDc zVQyr3R8em|NM&qo0PI>{Z{s!+-)DV_ffmKy9af6$I8LFrTy|S*FUmDC&Mk<7oI|Fp36e=jWp+8oh`Hr>Eo53y7Z9jeaVXCh|q}*?n~f_k|GQ zTxg=H;41b25~2wc(=Z`gGYqLXNlha^tr8g$g@LhH8?#H;BL)2trJ{nzuo!xzD4M@fcp8qp6jdT= zp)KnhqY2*=PNpc~!dQR+zNPx#g#x1CE+Gs(ni$!c)`f~sP7(tW6;^X$ydg@VRwqnM zg*vg$glaMMcAZ;nxe`TzOrmq|d7pn9{|mxOR8JoO_TYbb7DZkBkB5UJ{trPkCsQ=Y zmskizwUEmO=qK&P3!up~hJ{_bflSUl?ipmjIa%F-(Zu_(n~X zeD|iF$htq{g;FA+L?hf&J@cICyEpBjH94TGevj5E=dk(jEZD~DP2%XYlnAZ~ZJt}D zq_zjIFp;R0=W@<%tLeI%mTCiae)3+zjm-Gomfij4&0HPd&;tN=}$Tp6h1EjV3$hb_u4pF6mwGq?LL?M2dIFFwsH+ z;buWFbVF2-3HN}l2BcUpvCNIKHDoiNaiwh|hSl1jeq$wupMLS?sv7!OYaT!B9K|Ntj>pEdpZjt;w2+S%!&@;ac1!GfYc{o;PJ; z;-=PFcOAO5At~1x_+P0L|C0?)l&NEIQ)rPJ!i5ZhAkH2_d|Z>ZV|qHL5*VX)X(2rB=tFTQ_!cXM(1wrQ#M z7vD&c$1Ns6MvZMJ70lUt5q}BM+&VF*6U3~v%2ACJF;HK z-9}BO>-DRqx7~;1_zLBMCU}t~qU3sa3t7k6!0x-7K)l%;hV9K{6Nq;d8|+4d-9mQ=BFtT)U(j5WbM$3kS%>pNq@9x}%BK>QjWmJdV3*<6>-%Ma75AOfvA^HCpU*wx ze=X|Ae_@h$lb@>WL0tCu_!zLS{u`f>C)G-2$u`&SlINmASu4^m{PF>qk^W3WtBCJADS z>1&u^CL{)yok+C(HgRLSqHGt3f2;_SXcmNaQO*Rtg?;1wP<81h#7@Fi!RLQW!Ph+$ zt4^C+r61VZ?;$x&rciHt8y{{;#_Cb*s&+&+6_Ocdo)h!%fAXsi{MX>yXKsFMM+3vD zhGl*Rh520l?2}T9+z8xl&H8&WNB*-PLq?dwwg1bewwF_7x(vAg`VZ!cUmhwSn|V2C z(OUQVr&X)~6OznDmR-@D>KF!3kjwhxznqZd>FxpSi~rHi`~S1y@%{f{s2%(5QzxaK z2}%EF5wcSQUb=Uqw}Rp0rvlaM%b?AYMoX5=6lVdDf_^JSSyYwUtAD(*w-A&lWrADG z1QJB_$Rmz;0K4<|F|(%1$$v4?cH*3+?YP=| zFw-f&!|Dxk*u>EF+Uv)^dt3fg5n$i`@9eaD{&zMWL`VD|f;#8@H6R|nCgHDElko_7 z(xkpe#9dv|bCYAoNLR*b);C^u#BGC<>D&d{5pB13H0;frhZQa_jC_qa1ByLyVb0I`+X7D7Tjo zH&-{mQb3gDRag3LTRXh?d)@fE^8HCHz1*Viv@&05*P+TmS$7 diff --git a/released/assets/fleet-agent/fleet-agent-0.3.400-rc08.tgz b/released/assets/fleet-agent/fleet-agent-0.3.400-rc08.tgz deleted file mode 100755 index 55dd9220e1700ce0eb6e422f2e831e3f652c1917..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2285 zcmVDc zVQyr3R8em|NM&qo0PI?AZ{s%d-`DyS0|mwY|A$ENQ=Em~<+9siduc96wgnFDVnItI zn`eqtNy@3u^>;szlw?^};(f>_-Gk>vA`fSVLyEtdA;pv->VQm<>ywKakvd$GjJh*fP@n~fK_jGE?_=#{bMG5D|0tD~_)&I;D5Dm96Vd&A=$j-FRRdjL^8<425oD1U(Q3|y> zVPY!OiFGDai>bHk++xd>UN4Yw@0Itw@4t!v1z`oM#}5E|@IM%xjoSDh4^I#He+r@* znW90y#9Sz=*;=5x#dc`Oo4z%J;@vy1c3^fB~~;B5*FQw^BqdI?kmRX~&~GE6|vsA}7McX?|> z6rFNRV6p@PcgPsbxwzwSaUO2QaB3Z!qukxf-_VKmZAWO zgt4W4*Kju@+A_@u6G8dZqgU>tqtNgRwDTIy*Do=7;Cm8?EwJHYXr0t zc+-p(4PcJT2%72M@&QC{B#i_9o8Jq<{E}}G5P@$^R!mG&jCBN8;x?XPQZV$qDH9Vn zwa&Wh(9P#-Oi96Xxd4`SMLECAL3KyLQoy#m7}yW{ufp*&XYR+LX8zZh<&0=lCm&|W za+E66`6HA9`|AJUpx4U(r)Q^!`u|C2wF)4?lyU^$q2xp2VDh1ip-Ufv_1ZInG==aN zS0p-|RW*4hzG}5xQm#|*zf&jvXBj}Iu>Rq1{6U_ypPzd^zcuQ{e=K-Pry0o~WizlB z|HF3uKOUU*4)}ixnp2)caADu~PbA;oK=-{2HA#pjHs$YBA61K6E)o10*d)0s^Yd!e zj2N!4g!Q^?^&P{HRx2%jRD!o8*X!er9fR(TW>sDKk-u71S`~A>cJ;yfeT3x|Mcee`uyTe-BRu` zzLz448ccwcB1>*C-R743YocdS?RQvjOlw(pz5*{-t9q;t6j~vy*PDoDb;He;WWA2s zjhal?>z8$JyD!J_70LyT@jQ-2!S(JovWl~T-Fw%8c(Xwan;XhH5btd4Dl1z2i)0K! z_!BtgiP?9)+Nf3K+7{!!j<>e9wZ`uD^OL)NZsh$ns5}01)OSM8KjebZc=>@aChpAN z&&vjT>%Va;{tx=2!RQeGpMruQ*sA%;H&6LAoWHUsIdwv~a!uEEO?2dhGMoi=wV1zU zOL?-jTGjBbPQb#}@t1*R70z>!v`(WapGs6V(gco!ZH8N~@0K~1+_z50KEH8~&pqRR zE$YU9ZjyJMpUUh(T=w|%7_hJY8=s9^_#X_0X9xU01-0=%F>ii@`5(ok1L<~o1m#gR z@c>$1kpcV}vMf}ylbH~6KZ0B+9Z;?`VeHubD)Ol$3GRvq2{P0eI57JWSf(oC7%{=* z7$%qsiGgLu5^cYA+}N%to5kVB6+sfsg3vC?nV`3@U%cxW!*#(}HHux;mdK_;GQ-R=VqX5Qe%XP448DEm=3zS;7*07X z^BCmj@9H<76k23P;C5@)--$W$-~0$t!W6Fk_nX>YPL=60;QsMP=8E_Cm5=qjJZaHd z_4?H+R)7hK=ORrnX-0Jf{YS`U-SJ;eNc?#B0QSXy^V~ZB9}I?v`2Q5tjQ#ellS0pg zr2nx9*{K09-1pHN!SLZzf$|e(&}2!YB@1SXvj9j=e~_Zc%S!F#-(K2V2uc((#x3Ro z<)p#z+Bxgf{Qf)T3FXtzb3d4r+U7@jC{PXL0Y^N5-TC{JSyRR2-xzBrWCF@LNGuy6l&I&7c+osRp11OA_aTIc;0ARfFb;jdPc@d$Zb zr@jZoU0u>~n`6gFTgGWtw_bL{ZG)3(-3QtcZML^G?CqQT6)w(=e1$jzial{-B7`<` zkbfil%=_^FWjnrY+K2!C&i&uB;qZ|EpM+ZY@60U^AOAo12oCfm)Q$fIVKgBcAEyG? zTmSEV|L^w?=f6)vs})UwBkUH3A9Y&0T0u%Ega51U_`I7@1@?}7eYLkd_Q3=ww-*sN z*EhdYK$PW`SNd&RGrahF-S~g!2l8aS_PoyV?AqA9SNU9{+4ZDrKtgvGGfk)ctp=(< z;_n5OXm1C*8`j76ZfGWy21e(|mOz*i&0@%J_Wj&z^FRkW(18y0_2|C=00960C>%+d H06G8wo*0U6 diff --git a/released/assets/fleet-crd/fleet-crd-0.3.0-beta600.tgz b/released/assets/fleet-crd/fleet-crd-0.3.0-beta600.tgz deleted file mode 100644 index 262d8bce1cb928c9be3837373397c8e72e7d014c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9626 zcma)i19K%zuy$;1Y}?-0ww)8(JTcC0tPM8Wm>b(pHnwfs*3J9f?+4tjn(CUKslhYT zJzd>H5(S3|_8)!HfialKsIi*KC~_-!^KzMTXtA2BbJ^&r^KvU|X>luR+uNErntN-g zItj{H*gJro`Rlu_HqRJmy))<>+C28eatx2z7oL=@M`sSFxVgIY5Bs6&zk((H`e_!q z1unuXr2o3vBqO&F1BFj2BI^1mPtP9V7$lN^DL720c~~+80E~yL;KZ3{bzLE)d{I}2 z_w1Xmw|C3y<$hIHr_c4t{bki=`^)>yIExd&pwq|y`CvS1Z{|Chp^B{Jzo^lkW=|R* zrAQ=*ArF^jZ?%q6HiDct8&Duok^x}-U@sJ_fzMxFmH0)TsXG0<6m5aWv_T!Ho|hMR z>Q_MOMlYW*(n?{i^`Ypm`f6eA<*aSwN~zpHL=8FZ3xzRV5);b^H^nJnaKd{5ZPIQBd6|*~KDC6G1#*ey zU%2Dts!dlo{6?aZiJ!YZ4+CF~aPA2{uSo*!LZ4OxKZSAJ=&90Xko}s*eGU7Rp{quy ze3R|9Y#~4I!iY@r%(bH~xmRJ}X)8@N0fu=1_qrrMNo7A6=pP5v{ zpgl&rX75*Nz|7A2_+S@cvxtL_<~&YT4FRxV@6RR0F>zB@o^zUp&(57@|CvB3`TKB> zx!5T&{q^###wiD1O^78T=etB%LyJzjY z;;-r-@8O0{lv}XHTSe<|^jI&$vDn`?dob+4Sv#owxdwUR4xon_#(_v-t^U!Q?}0b#YQ9u^n1}BH^}eNSbx+3CHi`ZxS4(> z{$1F?MKP`o$m7H3eyBVZS+~_kUAST8+AI^VQm*EojrC`1c*a+*NoMS*qi# z>Zz`HPxDT$JA;UqDAxUuJV_dLuxnGu(_+aH4lM=om`#>XBqDt`W3Wx{&mA;@$Kb=T9eC@Sfd*UVk>J7d_=- zEoa!ur8*U>oChCj@C0v3=0_fCcynQ@!?c&w;~ZFr)ES|~LQI|k+KiO>ug@yRXh|rP zyhxo27iN-o{t2+hJPl*0aaJV`8ug>;VG(nZ^6cKn2~`$hX%9;FqzHooI45hz_4gmJ zde8o5FDfDN3SI^Pwlu*j>gNr(PA$E_DD^0CY`|OKT;q{Nm~Va_SeKtv%!TC9c!F{W}x`V2|F#fKZ1qh>+l93yN)V}M;n68!MdzZ&2nHR)vf$=mbNz4VpkMBQKgVn{Z+ zRRgXqXN1Oq3u}xL!Cda`_OnxE6B~(aqLc0d(dQv%5ErI{Hz6QojBNUk**&yWlW{_p ze}u+LkPWQH#l-T4h%GDD!R-Qup5Tcb1p9) zxXT|4&m*g0oc%41%t9OQubm5f(9(qH7rXJsJG9iPJIKE4pQ5v_v>_LJnZ93b5cx9d zr3`ay*vR|*93pgd$>=Xf+>8in+sxROzCsoU7j%Fy?hs4h!VZm6=_5WWOm(!KL3U_h2p}_=E+I` z`DQ6#Fh)ET36?!lhYSIw3oVvItjmg9w!xs%C5)E^a%s!Yhqc}2e)+C*+o=ABvHtu} ztztkd5k+5SNYAP9`OY{KBZrFQb>9qO+AR)Y=CsYHU$kuZ#AyDg;RVOnL-*Yd=3VpA z^>W3oe*WXSlnfk&sNn4FZtl+fI&yD6x?S&c!I;;GTXE^hjet_NE@qqp3x{jcA&{3} zSXdZwJ)2zrG3sigB#)@=c(q#0r{j5cB6ty*>kwMqz&_^Q`}BLaF|55yjpOL_n@!tt z|G@X~rt^M`7?P@rUS8i8J{JDToX#B&;7(RN>YqJ2oslfjiC}mKmE6tNl|R=zoKdeI zF6q$ktUTc4oq_+R3Ir}axJ{0|Of1x_$pJd_-E>}L!(j4L3;HTmg}s@=E4b77!~$RZ%N|_cgx3Ap@<37k@Pw% zne5w|NoXE{;m?$5j}OLV-NwI>{`2fEA@6ob1LS=1CVwwu{Z<`&3=?U?90d%1A_9GSuj>|?;et<$;~!}hg4AS9FRGUd!S_Z; zWWB$RRLpp;T#|b^LhoMGX@W%Cz-EI1MwiH=F)>vhp-B(Qfi~hdWRe-q0*4q3>4~-G z{q@47v)n(g=}52L_+4+iJxOIb3Qt;x4-bH;LWl3H+J-}RA#eIGKkh&=D3Cm)vRJ604b`&(a*+oz=``Gk^P=Cr_;3EiKg)>A1C0}CXk>2Q?Wp4hq1o!07T!vH4nl1|oYU|{2#W!ZQ!cPn0DS!1 z9{n6|R>GbGwme9eVeiV;jDh!QxFaHoOHv=$N0}u|z+2n3Qt86`h>^?wzd+B8P}kfX zKFO4xI;_R?;bqAl-`(p~~u5OLH)-Re^KQu})qN{RQI3)UeP!OXy#Rpu)?A zuhOb&a@_W@U46Iy!BMOujVQnQjO@`r12i)UXq3j5-_$K~&@Hc^fZ>4DgG}yR1!MI8 zJ_Hd}c$qQRr|u~Sb0h6@L+BXu9Ac$U!Tkv&P)_hpoAn8bxpw?RGMOC!9W7l{uY$uH zf08_7YF4f+QF>dvxpN!u_$>Oz$kQO_+DCXc!+WgCww6*)`Cr?M*$du%XKTK8dusJD zlOpszr>!hKe4Hf7(JyktvRn*w?c(k(Nde==13B!nZ~egmh(O_yF5fbAe5PJa-ot!fuh3zd%H&=X@=Mp^ z-S@b&X8K1OyoyV;l8%+ktdqY>%@0SD2@(FX-Q%`R8?eEao^N3;BS|?_k1h{#>3}&i zhm01dvQJPR(t%qMH=tAR)0iN(X4Tk9c*$(nNji(QvtG{0C3{{wCV6=cUhS;xHdbhi z`eX$FLzlw93E$Adp@|La zn|kXdm#gboF@YwPnD@``F7BGBwY?VH2qFmL^;_eig-lq}Vz}~=EnX5bXGN~)Okl_q z$pa9G>cM?`ilM(;9J)fuF`2sMRdrNh4Q$F{x4K(AMAUKofXKR}Q#Xx?Vu+aTa}0mHscXueDr{G&R}pHhG-?ocK;#_VUX%_nBq@%iIMV=Mr-Llg}j-;p;eGFfkzn8UpQQrEI#*Ti`=0>~CM@M`6+Q;L#Q&ph< z`)HJQRbb%z!Te>4Q-JsF&dt1&6LVl-yn#=8J~n+xxR(nr?&8H>EEFh`@1D8U`jaTb zf#1TGW%uEITsswAt81;u#IgNjunA~X`7tXXVl;BGIGHUR5Z3vj9MBX`xEg!)SQWSy z5cv2$SmE+({sd3}O3?JG(J%)%Mw-nk{^q2Jtb9J-kUmOo|CqS+EUb7TkSgQwnPkhn zfK53qA6YNykh;@DPoTzVMb1TLttAWg;(^hUN!J2xY}DPn7O!^wHO7cRE}v}IL+CWd zJFlNcWukA();=|xyC7WMrWl==xfdTi=bBl_uswXD3N;f^>&L!JPhhly?kJ>VsU>6E z^!J?RPuRE}-orQ@0>5T`V;`zz;d0zMa#PcwTr7MB|8|#!OD>Z&n=vdHl>&S7n!f%c zl-v6tCoKXd8*dEUdQ7(dstc@xrP^NN(~HbIoK)DHw5j&|=lzFNP#ogV>7R(dJgigP zj@a-ag}OF8W zFcX+lJR;uhhZR-x5r^JQld5(u$i1vxrP=|z&8`ORooxzMoNI#_Z@_LY`4kB{sGl4) z6Zo$D8EO(vvPs+veY;iPlX6r0MK}Io&bde;(+v|6=FlVlDW;{E%9;4F@duZc8Y{2^ zK?0IA!KMKb%*1^=Irn!tYCDC76aEM8Q!vRG!y8ab>uK z*^+qK7fLutR4#8OLCxP@eUY$yOK983Rs>sy%Q>(fTu#G;V7FPz(_^5(rMf$z^^)2I zN7E;3BFph_>|}!;uPpO{Tr1*8*HpBav+2nW2>47a!a7r{kxQ)3bx+)Q2@UJq22s_N zb}T|;N3kYNVS{y|)TFnD`hGOHLJk zCAT3%T6^XSEPr!~8)lK9e5FsQ|3IzSl!7BlMl$iqh zHSAm+@En*nt3cA7>fpj%$zeqOs{!4A5S&Wc=y=}$AoS~Vkj_>^nd29aa}pl8=S{_O zBbIi@B@2lEsjN^0c33uK5bE7H%SOx*SK^IhRU7{qdoBL-6*cHZ2dzuA{ko_ zGaQiRtaI*4O*Bby+p&WeU<573ZM*8yh%=v=^Soaq{YZbf3-+hA_)e(RcwhT~vblcU zU;I?Yrcp0yxBI3kwdjk*;yqCu_gURB2cvG=!e_0(9TaHhs`9*~YV5J*X{~etTaT1$ zVXc6mw8_pX(tJmzLtJuX`fO-8=7a)KaIfnDfGz$F{Abx!mI>7_I;UGMA>f+&Td_d} z>Acih`(Dxx1{UJAdWIbCTh%Dkc(!!upk3R7Pu#YmEGI8Twwlw&xLJyq!g zhA>rG3SM6Z;|G6Uy4w6Dp>3l-VpF3NI@GM0W!~lQDi(^eOD%0FXjl1()hB8@lMRe~ zzip{K0H<4SxYQ>o9-* znMtm>wErXKpCzLhYX8Sl^^YgJv`FP_qpqgi>n(2MWFnGnsqfkE74spKktL9O+SnR~ z9*mkbFri#omG0>0d$fG9<0a!-=A=Jxpr?8{LjhG!xs7bAXyle4s}7TtDujZ{3L{;p zXq|`#_L~V1U!Hlsf*b;OZ>M_ryan=o*(i1eQP$C%iW}x$vHOVaonI^OM4{wH90;6n z#PtXqYpy4C0P~J`)vnaO5~dqQx@h*t6(k&%6jj&>KjG!BjiX^Ls^>0=4g4pE(xHMX zov&au_uxe&I#ek)s-Ly7iyWVE^U$z?o6M2~+MusI7ixjQj8vsv*pbNParFd=v4N@3 z!aySQ8*)mqXy&N2!?crml75^MXwf!$@mL}1sn9t=b@A5+6EJ^|BOlNo9Z3~TSaLdt zH}R%AdQ8i49dO%nUA4T_lU>h0W9Ap)({hZ-cX#NxH7q>YjSzQD$cv-yb*xw5*y#A!bN5rR*x=^@if4+vtbv!j+@Podo6m(o9#QgWPmZ_UWtZ+}#mq zZwwZ*SMn}|a5O{&p{xgVedGxx$`JL+uO@{ML{(TAfr^AwNSt;M49aZ~_)ni)+2wn% zlzDlMoRLa*;0Q63%#n~0GJ{}3kPWO=rh1Rz^sQBvAUJ8CC^3-{tW`vQK;UEg#V2LV zYztcc=%tq?nq%y?B-po~AT0u!8~b;Yf;j4@*JES*1#dIE;^^%nRjf^w09tn7u(1Y@Lkj0;UX5|@u1odCvE_&Joe z!>M;v^V7a6jN{}tC1*OXmo#ljp7@!YS9rPFD#?$h7`JC{l+jV zNPD}Mz`g+#TENo&SDUfY#aqau<@vg6W?tTAjmkw}g7h_9|95 zg4>O3X2xX~`lcsh8?=g4_BXXI&xOFhNG*XbL~|Y$2X{ksx(88?-p$It&BExaJ$=@$ z)tEHQyPEc?Jh!_jzE?(Qa|mK+7jE7WsJI))yH{kBp4H!ErB@5ZGCbFd{9ypRTlsC7 z0%NK!r>h0Lc1WaB{fb!{+r8axv!WWT)tUN?gV|x6v_e-x;R>2R=#o{X2SB#k{9qHq zvz@(4iiGZNhB80cmLM&Q&n1ZMTa)P?UR^hH4kZ*S?dj#iPRIR&IfJGzrba%K_KcCW z6AV`2uO(9_Wz=b zgJK+Orq7M>6UiL=cU^+Ad{X%B-OC^k9e%_(da%Ac^hhBMietc zEcu+}S9_V|>kE?GQ?)9RaknB%U|%SqVw&c!iavb}hfqDu1Xo?0VpaY?cCD00|8VC6 zF<2EX*b%+u7l3|tY!QXw>q8VOb#~kU@xNMY*TGhf_+p%|&zhrR-yI?5vUdg*VhWa{ zg7l^IZPw9%QjuIQWH0eEk+;?FK2G4Awiw5eb8Rz3!_}6%>BwQ-s5+LbOoH_<7`$TPzkrsf<8GBSI>OFjafift5o>Vf^EAB+aRh%6^GA>D z{C}5{6At?>g!uJKiH(lFakWyJ%FX{ae1C9O-ChFXyk3}Y8gA`|#S#v7wprFzUotP|Mr#{Mf?GW z)8I}OO%i?KAM1YY4;;UaJL?RT`@;N6LjqUt!f`LrNVv-$(R@>|6ig5es`C5rs2aNs zAsV~aVeEsWn4Do}Q;}SFh~w<;=3Y0ydJyqA5!eTp{g`e-ZR|#tXKd^~2gd~WsUaSh z74Z1hy^ul@a*e0Ib@I(5aoPc)2HKId)*0xNgQmZQ(i_L*tR2MUEE=@lDPY!snhZqO ztXW;e;0dred$52yyiGK2V$si7IzMIQG;ONF+Cr{@ymm4=jWIDifz{svfrpqvDq%)a zSkcg8LV|^ue%+QeNwYgOXoP;dZUR%-oy|^@5YwozuSr>qe-|Me=oHE#7OVF_lyN$M zYuVh$(rVfC(kto|(!pVu&$yq3J*Jj%er?GaZRWjyZQb9Xm-CaLiRXe z1VVrD1K&aH<|T+lD4LRKGsHE@b|NVKt#pzvVWS>+V|PDxv!%0f{t^U^{?>q-LN#=y zkz5Tl^NU#1|IuE>{e@v>;Qf0n4t@A2kb1dt==!{ z)mWKR0icF|)@o^5v{kO;`^|?ZbeZRnsubM6DjOy&2LoWevy~%&2rE3}0~-r@^tPFw zVEPLGxy3EZTqk%;0#BIHxUD@j)j8B<4#-WNj5S8%GT;p`JSq@8fUB!Y5e5^Cv3(H; ziDuX^M`%5WHW4NUa(he@XPxAR8{fc;)r#NOO+}(}uHRA;)l@j2Obm-UA(dXk`9+4Lr2aQ{12Y&fgr!Z7X*D zGd;LyHOFP&HR@0px3`3Qtds&aHfCYFJd@@%Z{zwR1yMQl-e@UR6_j*-?C2UkIe5)^ zE%JN+x^yGQlK&j?_6aO&=5e1`lIVSlL-|Sh0NX_=#^yzv>|xoa36|*aq}KLF2ryWa zicJ{%)`otUKKu%K*`HMKmBkajWlTp-WAjFxv?2=2BH0ug5K}T(+szWKQygUAM^7cD z1=jAv1lEGp1`&OS8!e|&gyzE6Tto{Pi zM<08gou^yvwL=SG{-{@i7duGf4 zKR{9{Ik@+7t5xiz&o4Po>sb0Fa_lr#Zo0B9ypEC!S8A&!TJ(@_5#)7m73TFoIe1TP zJhiojAfYcK!ttRZfEM4;2A+DLnss;c_m2Rt3Fl%e5FZ_GDmCvQqli7pL4_Pa3E5F%@WgOV|o-FKp3Jj;VxBtKQ z9<2GVXi;xU{IJjmNp+}yCSICDE5vaM9Jp2;IICXFOCk#orxonKAO(vrdv&rl|;l6<@7ZGifoNVvPanvgzar|^Cy%z z)$fH_awu>f|H~y(!!|13OX!!J2K7{&vt74;CGI1Cz#7exGqljDZ=@yv3t1P8)3J)` zVBba8`5}0u6>&WJ*P7Wn>T+mr+su9jk8V@b)^pr^1P60u*nz7MD}A*QN)ngSW!T1H zm%5*6O_>7izDlNYVE^J%XD%fxmwY}|BRFPs!IcXqQe>1*Kv)@-IXPvjcwuKfkMuGVwxJLC>@Zx<s$TLtr z!I8XmcRyc)Gu_pz0s&JQt!o?_=8iY?%#3|zT3C0C8WIRhNbW-ib7;N zhbqN@qxyf%^^lmp9bY4pJ`7Or*sD>FT1OJ=l%I$tbI{XT_MZ17cE;D;u_Y%p5Y_JR z!(VkDSfhYniL!QB>JA2}zFHODSkU&gMda-$Yq9d4azoBM*g*pV!Nw}N}A*^ZMQ34Y|}g`G|S`y`eM=wqK-yrY(mqSa~uE{fW+W!gVk+z z3c@4NwD{}d4u zYn<;|ze9Q8P21`O%O1CZKk3G2flZ;c=YG8SRa;TD%tJ7Ceat$jw&nNUCZ6P>n8M(| z(z8vCLbM!q)xxJ8_ES67^QtgoRG~S+PzvbZO-daO+!v|#eWHGS!}@G`q{;>hf&}{? DSi04s diff --git a/released/assets/fleet-crd/fleet-crd-0.3.0-rc100.tgz b/released/assets/fleet-crd/fleet-crd-0.3.0-rc100.tgz deleted file mode 100644 index 733535b81ed96edac079a4dee3760284877ff3f4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9663 zcma)iWl$YF&@S#$iaW*K-JOHGyA*eKITR^g++B;i9o*dt9H2N9clXPC?|d`&=eIMN z%qE#kvUzqV&nBeN2v`vR$p;+-gDF6b)f}M6t>DAQWyYb!YN5_$qo>Ztt*oWRt*C8p zYwBp>qoL{~1o&?60C5_i@3zK2Z<71QpmWpoVltAEoz$4}yVjG#Gm(X(y=`aDA6@?i zA}Qeqo0KzzN}QG5#|w_^SjR6>Xc$_+d7!Km^&ILK>)S3GzLH}>?3Ia1e2n9rUz0bu zx!c#DGUe36^uWwwX&MD~C1qbW2Vpw|@(~N~6P$QpB6upax2KcIlkP}faN?p9niq#-RSyqUIwoud173ktNl^QLd$P-_sWNQl98N*Xer0q6?9 zJzVeH4ehrBjB~zglmb(JKRrpjIbMfhS;$GbYRV2BY*y^00FJnF>VRBHBIY)4w+a<% z-2qSR)##xho$0pHNPujLf5r`68VezidC$zZMSjaHK6_%KQ6k6!wQ8oP@P?fxYCNrC zv{+d>U+5#K%m3!(M8tFY!zl<97k1RDu$tkbF`p8T^CnE)5sh58~bQXno$h0vmk9 zg;H-F$Wu&)nyem^ahZg!gFa?H?t7SzdER$L-se%S(mvjUnEz?Wv6m1&I%Yj|gy$g{ zrO21ov0dE{Sq93^Gh4~K-AH6;1NW3CJX0yz_wVYAwe2}7gDTGlU9ZxhoA-JY-!DD{ z{!A=`Dwry^>FfqYYE8`*q%XY(kZi^?_fn&E4sX)CVlDMVGJ329GPvOKVPB z!P*KwW|8Wq-$6T~JXHndIwsOH&wSiqTX=4za?o}ONTun}0*Nfw&g7~I;4>U$Q-1Zb zpIu;Xhla8xaAEufc;FLopF$R;MA~)cuSORr@x!($XDyBcRuAP&ZE~zO4_5cfQXGc& zYuOlzsk>0R+!;9ZHnM5aRD^qV2ciFxx?4YULE}mZ$2ts`nrOyO^YpD&O@;1m-W%%I z=ys%jTbW;38FCfn;-IvOQm#A3dSbkkY>!GEaz4v8pn+;`I(nXE(Y}vI8vOQI#=6foz8W24k=?4*= zUToH<_ROs4(_HJE|Tj;o#(2G2MeO%uLCZcxgP#fkvf@Wb|n?MH9=clw}R$8v3pa)CZ?U6H);fgUg zK#oe~&Jx9HcBMS4{E?uJRUpW?MaqRul2%1;j}-a(EBdsraf`eZ!i1GAT-GBDCUgYO zdoxz7pUK-?C82H`r{5VVfXoFj>09Y;JsEDYn{fDTdxQxBzbW?R%h!az;@&iPl#)J- zdZJnm z)c@iNpAp8h<@>r(z9D6VR`QG-Z@MFjqCHS$+ep+BtF(9e_(?SMX{68SD<|BS-=J8n za*opsU>v^v>#h?_^dWJ^y@bW)^C2QHCRJH*1z`oOb#-?Cazki8kGAd(i-6u0YAL=s z_^x)A;ls6LGhif$#P{nsf-KB___eRUK9^u&hMgiRe6T?w3ylkuFL`emMv{K8!F<{{w2AlqY?I?%v=%(5#~UF@~;Z*N)qxh}fKnEubmo7m>bjO`I= zK|cD^Zc4u7-F}2e*J9r8PCD5VgKavc4Pda?CMMxJv+AE4xi1kagiER%we=EK3SOzB z%D0V_@6-1pjqAK_xy?fXaItEag&7ME-I4=b-W+8u9_)@UczrlNVljTJl}xhA z;QFFdJP=N2GiQtf#~+C&oCDvV3?H_3NmXgug1+h5lUpgLuQ_J2J*zD0v^d*S*=TXN z38Tvbr|Ap1LjT%68jIT`qai9VI3_vQXOD83b>*z;Bgz2fPd~#wiEe?75aMgmXHtb! zFZ%Xw;f*ByFD{OxJZ$Z7(`0H*$)RDkB~N~x5LuDmUY6XhYvtcUsE1N;s{d(PJe}l> z5Ivyw;ussgI<7KEvuOF)_;m66T`m5t_WDGZUG1FK%SdH746l1a!_9*FOUe*KVj9P_ z?VEn+zW)lyba%!ffpUtQJ6^-!k6`QD{^{%ME2Dc}jQx6Rzu!oV=V@usAkxv@KV<=U zBc4CmxC$=yTuW)yn-HPIb&JCtLV%mHvrnhaG83;4B`jpEy+Wx6Q{p_uuSk1{BVr#D8JSgG^4 zTE}73H(@1E*~7SrD0MN8U9fk)Um#czib&FMkXgSgv!vdaoS<6WbVv$Cm&~0)IYi~^ z&OsL+JQb*?r60gU(^AcV$m`q%8NSA}%VVW$^`PsgVheYpf-=TGNtQ_%xX9`0&|P0x^-aH;~X1nrEg z{+_)*og_U7^)9kHN})P{+b|zk@d?A7^b8MMW!p}80Nz_19ionyrZR@>3Ygx+grs!d zS0ywOB_Eha6a^GQ)Zbd4RWFu8hRji}h7xAg%o(p-mgYEyp;H?3oxg4yyke;i>3WhFIO3^j>N|KTpb9z(q^A#V3E5omHne>#Lr zogkWw+o0(pEQzPd>d4|Xoa}m&4>uNkMxz=SSzaM*=7}ObVep1p=ZSQRD?h@5Izcx} zkGB+pxb2UTS02Hhkq^GQ0@=R@z8>s9QvLXDRrhb_Aup&w6Qw1?All<@!KY|1*TbK2 zx4asnf$#7dx06j~8X)_#P@Or~^Ty}pG2FzXdG5|dK6~|9ZO*b{G#AHh6}oKqAtBr~ zRLv94r^7PiU*xjY%wU%3P9XC-KI>qdo4${Ohbt zq_Frc#`&*0I?$unzZ{Lbw-n61@t+^3Ak=+vF^?!_23v+2uB65oNm4au#a(_*5O4l! zrdvC#>NH>*xKM8`uK5@DweQ<+4#{R%#^F{t#^L2yr0An&V;R73`d7?_@J01w?UmfL1aGZz}arHR&b4= z{;6lpJ8^O%dkNY;#%t}>`~8-|M3B8CtYh@2Mr$$-p?LtcT8_vYPF}qG1p4Z0!!A_p z@=M0QN%Pdj01ug3Z#L5f{Y<0|s~2~|X3CT%L@C^fLeXrI}1U^b5y)`Lw+B$p1^?;7Z|y*(42^0o z{VPAcN4LxIVX^y^$=1IKQ}GANJ!p4Qft&dsGKxVrqj7GoL5Xv|3@NLXD@SGwgooQj zJ#y6dRFEV6tjaHBvy*WjtV$W57d7E&BiV&$->O)Shk!d{6@xzi=|960+9#y;(5#+W zuV)cn_OEB7>Vs)oM@;99&%fu`vjoJV0z5YAU+pn1T~6+*LdQEEj1Q?)8v*K*_Rzv| zxd&D0fxqM5f!^)p9rE>^aZM(M(y+_O654oc4hm9($@i_1`0VARWdR+k=H$t(-k37l zOy3v`EJGoS6(o^2PW4y&F_?bTH>AtU{up$mXP$$awKlT>)Ui_VDr{I#;x9AX)5^|4 zfmp+^J$nD=R>P=^=!&sNP6Ci*Zh)TwM*pZJJLBiWFXL^@ermb;wZ3JjYqqhXE?`?r{5ScyRk(o?Ff|qswecU;G81tB^7mukv}) zm;0NLMv8n*$VUlSF^UPXse!lX5kJX3!C|JsM-4O~2fznEpi={5;z%&XSTQ6eV5xzF z9#828W$6g)9rcft<}(7Wl&|~2jPRSXP`Y~8zKx>y6su{wO=6gY6b`RjUzXOhWanQs zlO(@70a`b0z0RyRWq)0@*JAJp@0};e%$v>@C@1wqK30&00VCq_C@1u&wGi}bm5+a# zfB%oBtUJQyIn`yJ++Q3JqaT8C$K2jU8_!y~b-|tYAvZNN**>f6#QQJ4VJ$j(BT#YE zbE(K~%}G2B9)bMDep3}kd>ma)?y>;+-^W9p-{e$P2gPQm&v_XYCyE+gjyC#7*7`Pm z?hPUY0^d`w#plGI4iSSE(VCfN86%8IpFB)AA>n=b><9DCq)uo3XKyqtSg>=__*6Bz zv)S*I18Gi-_lGDl4xn8OKIwP&(^>1k&54PLv!Ecqo9C&0V`Gr-+sFw|S}k)>ZBWqN zzdO>}PbQxGuRQGkW8xwC60gPitu`d4ZzFA2dB{00c*w$CuWg^>^=w-GgeEgvDc{Vql^sxJkpp$T7-eL2;3r zBC6);enaLkb?bfl!n361nNYgYk9(}cA+l9I^1xk0(#R_MT*+u@gFkc43YE?V+6g+w z9`K7KE(ANVG$p_Fq3ZSO>0X&0ENRYn!ZDr-WYLipV0w{&&U#Rf3y4|G2^93VSkc`J zI&AAIUC(4WBWf9RMgjZ=1C7)Z_p9<-IrpWwDb+wTnZ7dfe!?04mc$v1B;m&4miJVT zs6+uuQBivx7E)xu4NM7`F}F;Pb}O12(LiJ9pxIgKAQH}=`7N8!cGTF66dWVM{291Z z^&?Ui%B-(@T_}4oEje`?@`#r)A*`9skgham>@-5d&b;nK6P z3A^%9K!*8=qCAquNdr`u$5%K~yO>Al1On>%GJ}|i4#Y=u&?7BC&Z*o)Z~*})j`P;g zvs04DHT>-5kNUblc(zkXkQcB2FPrac6Ts#w}vWnb0nHinIV&4&sMWI`8+YJCgl z!QRj?S95;m!H#OR6fHGH9OYEXvf-UQk}M#0z|jaHW%3E&ZylIg(t-U3 zrEmlAnDg^G9egv%G4zYdxFc_s{mJ(;;_lAfXyq$y^K$FZrQxT_n3@NAqw8#C(hpO= z3e?g+t{$`L_7ES#d->P(MZL#uXS3OV(XH{tCuY;Jvb(=q2Rk20)CsE14PAG3q;C?z z08Sc@L1;=07m-te+5(7Cq2-M_KfU)@8M15(@K!bFYL26qV9tJ9YfE*~uWDj8RTdg9 z0u7of30w*dJy5N+V|9e3JAccF>x*{&X396bgTTr+)P%OyMt%Ics@dvNV0fqEsX1$2 ztmZ#mX;wBij2@^QfV0f1=_cz_fWQ!*w$w;_LQxvb0WX{xw@KIrnIqRGdapKq;09Gu z;C75G79BPsRi{J+vxuQ5d_uzO)OSuW#vz_49Ql^(W;EtH7pG>V0KP@0`w%1TSs0_$ zZm+~S$nPTtfE#%+BTACfs(Aw-Yzw-Qyfz!Leq_z3)?e6Xi3j8Y6vOSaELF4qvB`+m zEVSrq+PyfVtR2Y0aV-kn%Q>)Hz<;;zEABEpVI8dD9$-^BX`9&6{}&Zi1Z*CZgjR924V-XAzrqTcF-b3T30 zEwF0>wpS{JuP$5v;;g>^ggT>(l#tl}E3pw#k#ylaE-5s!P9T;l?N|!~62;X8ym$XM z&SG7oT*c(oTbElUPtxBC0{NfO!9*83lIps%+h3MzcNe9r9-jb7Eo=c=A* z#H7Rwt;4DvEgMfYYIj$I-}q$bWH3#6^r$m)nglo4>M_}dizc+_<2Y^Nu@%@7jTf>7 zp)#>9c0!C%sIX(K#8gM=6)TcMoOtECwskjMTu6-8M89#Dfz%*dYhcA99D9s|RP$tu z(Y8w*#`|N3mKs>Z)Je;gd0b$bmpH?6JpB1GO17fPh=|;I;WS-f(2(TV!{Ne|L__=G zm^o>!x7~j*anjmD5@7j%je>*aq|FzDL`CWb$SECNk~E5$rWB#s;+QnXx^i26Q5R#c z6W-*FDu>3IF#LAdLr?EA1ogNkZa~Of2Pl;=${-bRF!(QF3=0-56q% z_hs<+FdFsJVoEPYE1V(Fa9a`}oS>^2D;Lpv&=XkMatD$!c)g~DZaqMtX~PnH>#row z2G~5k!BDNVk_Wv`w?Fr~(tqZ_dw+XURHcf!8XmwnE_UaWOebOEM2R%SDoOI824(xC18hIqfbun7A4%@EtWGhQ}rpZKmfDn?}V zF>cJAc`PL#p9zcN$$?K?JZ*pkTsB{0wh>w8H&n1o$(kNs7OA57vwK!Z)c6pN`8LdU z+x>L#5P2QyHtd-aE1=*IS<2Y@3*#ZO(EWhlWVcEMJDl?XSZ6BpTMu>u!4~%bJ^jBb z>%Y>*<;fOurkZyHu;E@R?w7#C@xQv8jw`r=wf}B2nej$VNf?oY?P%+4idhq9cp4zC zdBvO83>O~F(b{b?ORcWXGEy1)y-3!@&U4&xk5O-PP(w|xIm=1nGQmxn!H^+lImX5fd7YJ9W3 z+e-%a!)jRTpu<;MYrY~kdO%=UtYbhN8ZJ`Z+}YR9!fjHdZ|^RUK5P-Gf8|Y-U$(K2 zM!0_5>$CRRK^)T^P&enGV^%-sfS!*q8+~W3v{Mlc(L(Y<%eVnP)QU&Y|LLe68S4oB zE39(?It+a1`6bZay%Wmb9U1EMXdk~a002rVj}q$2?Y&|!S7xE$&C7%F^Ih2)%r%NA z!0_{}hH#1`jtu(G&rg8D;6oe~S}a26|AmLg#5(#x+Oauo_3J6<@#gSj>qOfi*Wn~7 zi`U~|E}4C{iq)Agm70ryMhv163D?bv)=V1XSZFW_*Y6>@JI>%gy=hB46o{iF0~QbM z$H^D#qbaaf5eiBzk`W0#_tTk?|XWs1fNad(0IP^qr`&G>|nhmPDNkWmVM22(w_Tp z+Dt?Xz`>YdJEJRzNJ9{!1$dum@tVWy(g+d1BDf3(hdj1A=@fu>OzlI~kabFIpmDWq z=KGH{>U!xF^@BAtKVzq6W}O_SmJJdRwvv%R~ThH6ExgLM?i z7c+&%CBSNO=I_TLz-oa&MG{7o`hU;}hJ!Vxq$+d&JhA*w8%gBwPZ)+UIfp)N)Wb5j z^m6sd+TMbpco3c7KNtLOq#m}WTI+M%XN^w;rfumR!fCrA!n6-LNmH{AiSC|d`rpN? zSqj^bXd$cm1AG72Z|2Bk@e~?_e$$y_{ke@`Hym-S`|LB|!Kz!!7Csk#2NMQ?rJgyc zgikT08!mIXT$*OW#FnX1 zialPL4d6R(_m#7H0sM(XEw-y}T&Wik-8fL+$pLaJHP*K_mq+Oxi1gwl9mQB`I(o+X zN+Y8S!%~DhULrDU_6=+I`#s_HaEC2IQBAW`d(WMOq;lQebzxho+{U56LpJrK?2nw$Ue z-I;`>$iaWPugeP;|y%Mw1cLes()q zb+K6KMXn#4Y_VfpBtS+_1-Xfp!Jg*vd4oRWQeMuZCAo@NgZ+@-KQA?A!Qi5`?eMEQ zi|m1QmD?O8@^R*-3D|hfXmleA8tU+|C=~H~j``PN69n(qe3sz&&ADR`9SgPna~Q<< zIjm3^eog|tHpL;xnd4`e^DSsy$n8@5Mm$GRqGYfD^(j3XHxHMp6d-EUa-OlDN52*vT&3!hynjBM-8~H8IIM;l^+k@*^UvxLYK6- zaD*uJNv7!%Jf>Dw!kgk?UAF7fWp=Hemyx@t!JaRq95PYEd;n+d7p`JC@=~@hC0YR! z-_d+h?YeDmZ?^HKH`KF?JK2Y!D-^?tdSaN;n~?bhiRvq-oKgPp*F}ME^^koJK^pPj zklJkwZJ9>g$BHj?v(pbM- zhRB#@pPz0Jgq|0uzw5JCSQn5-TE?HCA!O^STCzFpCcLg$%CO(%q`uDDhySF`;cb!_ z-#JM(XlSF=V{K~|qRvgzR#SDk+_KZNpyK&HF0hc;R@ZreabjPuZD{~yR|mgN&lZ4> zJq7D>Uo|+qnIFxzRqPuujZdPhP7_QfmMa1x*|kkA_j0zk90_}v2&Mq5C=0jAjDZy zAS!g?g$>cAfG;?5xYndzYJx^y=Om|n91;5Q&j3;^7b@FNu3xm4`!Nhg`DYDz_ooO` zbIp7Ay;4LQb8X!;soO_C)GnXtkjhQ3PsK;q())CPqfCi1%dEbXl@i<1BWZta?EBcq z+)zV-;`+{L77l&ftp2DQ)~%>G#-R@2M*_62OC_;aCT|4F7CPJxNng&sJpZzD!uaIX}Z(91I{z zOC)wLeSvktOa9stuA`Lf)(`q(GPth8Y_4WOqiUhbA9g_XE-D%( z&Q$r+CScN;wEjtBtDCB>PMkFGi-uhG%4rbaG}$M*O*h6owv2FqS2x9x1s~);}@8=CD`n$cC#lkv(&lnX6$c2OOkW@uAr=DmAqUG|BMQTtaix zELcajm&M;D)hC1+VkxM&lE@Cy!-;%i4FB6BU#`Fu&^aS9JMcN2XADl^XCXQz!B{nx z!CaFTOl@q}!bmalO0w7I8G@6OpI!<}k--{M&jWPKqsha6&YfiE6(zku{>f3&>S(o^ zAv=gWt?j+R??qO)`h@B}mi7<7c-J({nW2cX#5g-}2(LVfn@p?En#a&{Qt{F}gUxFH zn|W{pESaqsWr43a2OX_xIO-}5JEYJipg3m$P~5FJ6nCfS;o73bi#r91ySuv;cehg9-HZD{;o#uqdA@h% z`}fUECbK&`JDY5h`DL>dk*IiZ|Djh#IA&8hbq;emWnLvu0Uk3hZ4L_!9&0@f0bW&Y zZC+&^I~!Ab3s23@4#IL@?7qRB`Rco@3C^12z?i|ejZY>c>HGV3#V3^;QQ3*?Ty3qp z`##wEPjHEGKRBfw;nZR*ZC{^2@?-7sVu(l#aunNRm8PKw~%5&5<|l6v9vA`;^)5q@^; z1UO}8*YJjbmI<0VDU1HG^cM}IZ)#(Qiim>rVfGYyh6dHKCv5WMTGPU^$iiQpl8Aki zHnJxt{+AE*@?hvRa@-~U<&LHBBYu_U#FYR1C7rRHc!?&BPO_%YOSXbhc#_c^8Z(&d zkt=0Ubt;MJpd*!i4$3hac@SkA@iR$tEL9-a`SBO!kpx?bWd{=5{b*a~Cn1RJVlVWW zS&-eOpv)&dLJ4Ytw0irxG~UwF_2PT@-17)KH@<$3h0jEZNQ!ze-Pi^$@zdfE>YB`RYlz%c$ND4~j(Kn8siE4OeVLtLI z35`;bORl7^XnxJ0kxo9`XDhu-fYL2L?oCR3i~3FXzA_#50#<^dacLE6Gm2joz&W+5PuZa zDnKtJ1+w6C_92acrj~n)ll0`C)9;^Z29xO8PgHSopm_NJg(;VK(K z<)D=H*RqK9IR|V2zVoo)W3bK35?jb2IJ}@5@horsXurMcxwPuQIFggiF&dcgO6VNdys~Y$f6O+fUCyUF~ZXyug=MV;zxcXE()r~7Pb6nVxt;#gy@KY_i*=5bCL@YAjFhbz* zuHgf)f0Yv<_LV!GGO7keqnyk;jy%3u@N7gzpH!T1bI@JUC4*^m459j}|HqzZb%gJO z7CKY05wYqATme!i;6K+(h-+YSQN}Xr@3BO-0{xqMhGPPBH+TpwseCids^@1Y?b8N5 zCiDj_Cdb*t*n`rAl|A@S*@ejUFl+`|wbWZz6A+eC1#Hts`LMJK*w?$@{;+g2()35Y z4&Qo)&r2hcdH?XpmnxdR_( z6>U%i*rytm=7nn;eVpCQ3MX$WGBgGY_d2R)K2yS+wkU&V# zN4-P}{=pC{4P>zLBsJ^B>MZOL!)%3vpUT{WNO!oQhz8Rmv~olH^ZWR5m&uPY<2Fh2 z*{xaul68#^5l{W4zI&X=nhr5V#*{9OcYndKOg8w@o$eo8-;SCPncVpt9OQV@&~H6Y z(PqiN=jsvQ>mwj3!-Nv{rjR}?pqCJN?X)G&wYewCVu1E*Ne<%bd^jdoW~ zBi^pB0YqdSUPvwMwyMn2J$n?Z?CBk7kKHGn!P+vgFP){y5Vp0fXQ%>&+svI}2((r7 z$Q!213Zuq@Q2KY`CY5zR*VVK@T?|Oy4|+*sCemPrr*TK)s2e3N_^3$57Q%m+R3Af{ z$SA-an8#!qeERig<;Aj@#B#EsxpgY5 zwLI0-Jd3-P?I|K%mpN!zp^<%JC^!S9w_<5Gd5$FA7Ce9Mch)YJT(qn!nTS|Op=d|d z#8CI|DHyQK52r(U3hW>BLqrMMu7mD>qFaUWr!xqqMZ^1Xk+U&jTS*6~9;}2u238?Z zs>QMpMrl!k%C>SbRQpEPXJ!za97$j#Ri10*%AnPImvV3OeEBd|d5dbkH6O3KNwn#N zSlA6`$Wfat;P}q4Yd3Gf>8{oWq6drYYOi|X34W>YZgW59S+#lfScroQ!%}zi^Rnsr zBIJ2y8s0S z?Am;`KI}aW&A1I>WNRLV{<;iDY@??dlpugJ}Tof%!He-@gd%E!b%@JnwN=;+i@lB%!|k%n$e7 zv<>Q4hxRLUO0g%v87J8DS%A15D@lX3gMB&W?v>yIs3>?2J;&EbF;5 z4D*y{xR|{HAfH5CPjGLaP2h_6({+$iVl3T$9cx^(lvD{AhthnaIISoa&-CGYfLP65 z1WhSetLEB3-h!I=zn3t+>nOj7qkzweqpY?;y9sgiY@%pICI!8QJxu&>L^*Z|@=j0j z&oMruB6yD;qw zN($j#=k(x}nWrN6Lddm+hWq={$hH>$v8zbgt$d4z2SM+`dzou__%e~6OBV8Cv{>g_O+9==SSTc#-hRV%dKj2L?3UWZGDZOphMDn zLrm-!(k6T{UKGO@Grqs0M2w7|U4IYF*^4+(Y`v?h;cXYO57*E)W?E&zUzsyg@!ocQ zCZAQaR}07b_QdZGEo{@x5;Z7E!5b+*Bf&cqFV735bGW*?aoss=1(l3n58$$3p*_l|;-Qyf&AaI?V-I8y>P^L2TMf%%N(^uz|_#;X58f$~F zPy!T9eHXTt55I{R4IBkQ%4HExL8AOp-$Toq1BM)u!LbbUjUq%2J!H)fXt*gL-^hC1klIH- zCR^%L^S-*1s3v%(&v^wzU)yI=Oy&9kqGU@N)d&RQPf}*h%&VrPDsD@+c5mbDAH_3` z-3;=sy+r4-JpcS^ue~_JXQ#9CQq&OtXP0YVm{OF$n}1}cOLpzsl?x4KW8Gz{R$sQM z;w`CN2>s{qjFpztHrsS^3;XVi+f2E5zq+>Xu8!KO6zh7@@44C4ui0>*^F>csR-jNH zwDD`Im$hT(sXZ1N$|V3=O3}yi^N7x$mVYM>58%vu6-s7tSx|VCO7hB z9WZ29=#-iyp|n1kgqtYT&RB3b0}8#<`FWq z`+_L!1JM~9?55cU6aKZPK+0ITrWj__cmrx9E6mnjpJSVx{&v^C03(>wrqWkE9&KR3 z-{6Mr6MJA+G0{C_o)HhTOkG31+QvM3UtQ?s>T4&3QgXlbv)Fg#d{@)`_X6yqu>n~} zq<`y`9lOoKpHsb?F@DFcBjwKMwiFMl8ZX=SGCe{!?}#q{nKt_Z;*>6OyjSIpKdqbDRpr9}R84e6K&SiexZ7q7U`UFuK@Cu4KK* z{|g_V0hBiG{90rv%MDLe(i)&v4NCZd&zPGkpw)h*`QB4pA0;H&Fs9v5QGO`l$yOvs znfA^=zfKdACpyhey-6F!;eLo$%}Jc&hmf%GUij209to2w<> zAV>~DzST?9-to}HRzlK6qziH_?3apr+2O#kcyo>@rV*)kN=V0WS1)~1aWgaKRH$@8 zR%N|Xajk3=iKlq)#bx+FxfW-hvN1n;NaGH+h2%ddDjGR}M*XCooU?eX%*>0TDM44r_B95DPKe$x&OA39AYo|eq zr{LZhfmLVI8n+vn=1J8s*IEG{Vat+#(QIhe@>*RUd{T@|5&WpDD`a8C)}ESfq8maF z9zqX7Q#q%OBU4-IMhtok6v8{TtNG1K?W;p=~ktu;_<|uAgKX*j_miXT=4# zAL%20r)reEj9ps5Dmy)BZhbz)jK5Kf!zTBuk&%)8>(k%!)0R|!-|LgR%i1lYZrJ&G z=9ZB`x7X9(g-iAXMOBx130iy{b~co~)$H|nF}3*eO=*Jjo?x!1Ql;}RMEOdr|#hT4xyY%+1Amwdc0sa+Kv{SVzc)b(MQg$u%&78|^SYqWzd?G#kC4btxP z?6wYM6Xy+~NsWOm@G`tba@Zri=<;(4(`(+^FAqLX^!RoK^;vgBUljWYSPHXKVEKU) zPmCiXGUqCyF(UNR($0pzsNRWRhEoRZ3rwW1Hzay~=&219wX#YS#m+Fc zzH01S4;}ua0IbEFwnQ8+hr|*jD5KpNAv?>gsemtwkvxXQ2$fsm+7jK;6Uoi_w{K4k z>Cba@1WlJLqDp-vsgDpwuW6RAY6&)`ar=_yx!E$UMW#VJ0qXunkLYAU$&$ z`QXtM^J#MASR(;tiJ@#AhE!M_uV~D2lP?={HU0p&zrI(|)t0Ms+KPpH_Gi|$_N}5x z)`|O}EKrSo85i|9#)%gb?j;JjUgQuI?>Kr*20I_?1;zP5DeK)V~GHykqVOEW>A ztLr36E;G<_7yjpg*4RVhcsIzykR2H#N=G9ie>q5iMWEN=(s4xm7Z)`KOPi^2xq|Gy^GEJwtg7 z^)oNLCTs)*8u!!6Gsp6|xfgVjUH%d4_jzczK3eh*mn7 z54fvZEl&A{cWQ20)8<9$K9iMZrDMa`eyYBpB@QhYdCz=Q=Frr|28L7Wk^n9gk&Kuv zl2-U^g;ue9_1}js2<7=MCqVJYkP+!R6@iG-JTPr`?t2?qsa z#hqz&#{}vx!6JU8iJxnnbyz3GgN5SiES>1E6dBp|ouF{@65jNe-Ik1~e8sHhTPwUF z&`K*vy}_>>kvwtb_)eK-^sk5zT=!$95wtePQ?oF0Aca{peLO|M3AsPs$hq4k{K{#4t1}RT1Zzv7`eE}+Tb{ONprFm zUxmBD{a0&HyX~)@K(y}k#NoxC5E+y0F>20)jV!J4l#CIeofTGddvgwy^RQivH`o*D)+UPOmg zlu?CPz6Yj<8ef%~-L>N+s4-7{6V=b%3X#vio?JSrB_)~Do2Gti^?m=1!ZZb! z_(9ZR??Lm#W>Z4D?24hAk89OBvF!1x*I|dk!pQrueHv*BG2IQWI5|b z0kGZEZ={q&71G`9S*P-AKy5c_JHw_^seMJh#Q`1B;X(<{W3o=^aAN zAsl`NhA~27JVAI&bduKTyu6S(oaX7gI)Ihhl{^D6-gI67GJu=mfr?R}c)bqQ(BTPoipC=YK0v#P#I#FFt231XP}~27Z`lTb zDR1ogxfX123eiwEffeJV$j?qymHGMFM!X+%)jx0*XSJb?DwROPlCPu4t@)dbdR)=F z=Bw1sa#@C=ZSgEV?5&H$3(VVgya z$LfH2xE3Pq&zzRhd%RGIVj2zf$_ffLj?UnMV1gvgzmrh6@$PL;p3)`PJ~6CYlh0SW zl7Y(9A@M%l@qoAyoQjQ$jA06wQRO*q;Yf$6Mhi5fgz^xQ=eCQZCguq?%)yeRUsV^o zYjlbQBF{{Hiw}nbrsS=ymP3#X_(i(;??3}I4zJO(1_>h`7_#deviXmX^Cdfs_`m=s zw9!8U;bPj?;!6DySxH)+lizu6a6iF3v-O_&=LWI|Qs*3v> zGMXSjOs5p-RrMuvZK|quiLH~?K2c13oG4pE{D#@i_0+|+RV^UeKJ|@T;7K;j3fKC$ z=_J=9M)u%@@7UazkF-%H*N{mzPD~)@!O`{uxRKHJ-f+?ZMpd#dxT=Oob$83Mrq{zV zEnZT~3a*(FcCI8pS=O`383tuqg0IXA*YHgW_1~GOvQL4}C3mx>w9bz2kYbF9yuFC} z9-nEJ=f*+w_Ygsh=;b+E!2gTdB`{aX-sPgC2tDh?)9Fn2)DcMAIJFWK%lhPpd?N3h8RVtm~vEKIiy&pLpV=ua1J zeJpjIQSayik4VsF2;RvWz-a`nrxtB-uZSq?af?Z%FtK-CWuS`9Ft+_Y)FwF#L(34~aG=PNI z{~z-e`DdWPnLwnl<(@4Dkv^O!Y5wZ6%c2tKK5Hna;ax%9p&h}erJM%9RN2_{xA19> zIpRIm3F``ovensM14}pXDib`pes%m16hTC*H*^X4YKX3I7`^m|WfHn!U2I~&(S>9i zK2!9uTFvM{>bKL>f`;IlY=Mm32SeNJi5M9CjYux;C0?UbMs!!TwAQ@fD|~aB(i<#x zZm^x_((|}tB;<4rRy7e<)?OpF_tiD)$%sd=!F0?+a_rpRF$~o1r%M|TMEdE7jkST^ zh~yTir!BS2(7#>BVtdf1;1qyt8d8iv?2Mm+ZWW*<$JA?+RrUL0sf!*%0w3v6>tVn> zDM?}T01l6B{LSYQrhhzSLVI}Yzi~x0SNadgG6*xj%;k*e)&N+yhFvYq}774i< zY`6DHwOx@nLW2)Xnf+&N^V{}{wcBBrO!s>lj<^Gos&ysvSi%umc*>Eob79rRM-h6j z+_Ei3hgKX>^n_UwD~n)Dji0*$_=BVWI*F-|EF?5uSHeLkpm{n0Qm9w{&%Qe1jL^F< zlo1+!9K=LOK>sM?N--Y0=VWPYOK~1e$8Lyb5J&Lo{Heg7F|r9tnHNxyOyX3y0!b-B zGHy=0DgM|A?vTxjs_*(cCw>wEypW0dW^`gVtMZQ@FqSw`-M6V$rRMcUo&-;A)G9I( zp>1Eu!2NyxK~q`J?OmnVe&-C8m47M1@V&{uHa_Ue6{Ka=ArCdQU#(r0UDvqZd=TB2 zVoG^oJv@e0@9s_un7>E66%~A!uuSosfI76D4_-_^*M?VW-cdZahq{uDnCUt4-&`t8 z+tOWPcM@nMOoBOK{S8*U7Q_3(pK`yGdinXi;sFJmoMOF^CwR$f&*V(J^47;vNS^x; zMiJcBKd>~UaO2NgX&OpCkj`{)IjTALzDL?C1vP|H2nnXw@+E*v7j%tyYWuU48 zqN9b|$?OTS6^8}ZF{QVTX$sCHIt;Gl8XmTJoXyPAszyIph*D2DV1x#YU_%ie9>}UE zGjGiLON>$T&Wxrt(q_=goq2*LfqaQzRN1Mu4K5Ua9`^YaZcPQ!)wtL;k897*W)VpH zUruubL{7z-R`LZZOd`P+{mVsFL6(q`_VM(rjRHA58JdVcH!TS>o6NM!hF|2I^bw&y zS;;3KB(KG!?q85iGGskx#|!Om_J7QLLUic@WgSp0G5P+tz0azkjzP!c6x*fCR-wET zDw$x*>Pg3Nd>Loi_P0_-)Sq-<#oOlAR%h7b!y9_vOMOG{ZsK8K)NV~gF@bt0+Blg; zw&K{?sVAILlmv>heXOG{JxEOs=GRE`cIr zf@7xWeVCh^u1|J?B8Wg5h}_aVGI)EVz{G?_?xP%8wO^v-X{m=x;P&s6SvKqa?Jf)mW3p3EBiHEJkz*A+R~=zOuQCH z(P**x9;!Ctw_h6?pN+jjBi@Qx056;V_<{ig0_*A3GfT2n1)7-pM~OIt)52D3H+Ryo zWiy02_IEWlvQCbkqI8sO+$is69`IS3tsX7VY`eI01We&_y}F&@Y#*kt_K1HcX(5ypcbK^o}OKN8#%V-yfkBHqx080yF#o zGSW>h!B?&84%zQkVF!4#A2-5dXn6gL^EBwRK8?ML07-5Abyc$2Ex+u%VHpvR9tsD! zhut%b;QRIdwIIgi{0FJ``v`Kbiwr_jn4}H|4{aa5`4}~l=!i?H?mIS(ggMo%E4q~c z#?O#IDeAW5Am)t4i0!6&cW9a`W#)~F`bUJ!gpaRk^RDoj6}tZXLxA+zv{e|Ze0%s& zOlqw9jMeX*CMLB{;?KMUgwy_zGc#Lrrm3iN5nRhmn?KS4=3GBzmdvQTW0H8Qn!0!& z^XG8)X0g=H?%s9|S|-W-*&rX!Qpo6KQeOeooh-{sLu)}%h009Mj)2t{-9{rWX?hVe z3k8sRQTiYmU&s(;&U2H0r{*JF(nmyyg8TNX)-X(p!1UwyxRex;jf^+HmILQnAH#ONtm)hm2G2a*0&p+ouKC%4&-u0Fz(i!={MGYs6g{#0yj>U!P zOD)j;;VKAsC3Tq72LdBIaB*Gm7QiIaciD!|^vRu@25iLQItsCIOP_>y0e}D1PVl$H%O>H}a@jqXKVDWB5@k(c z)Ee7efcj6A3OFQ(++&Y_WL`mDQN*!$9A5zsn&X6EK2uAb`%8;cPN8C0-nLP37aa59ERB@nV;*nEjotvj zTh||Q_J?zO}XD#T|Qi%w69~Z`=tDk5?7;OVx=6(;L}HtsU9e8jSoliN+zfC4Y0Y?n_)eOanYgndTaBq z_7dSwzSSd5GVH6hcuWK^@LvbKPrToEFdlQh?Fhb2qg6_$w;^08aXmY%I6%`^5aw1pSg*iBtUN`CMw z*S#)~)0FU0d2sus%yM>(6MNuVo2YT5X+_OS>Z8(RrHD-ebEmZzHWGqqcrIRo{5Nqq zqU9#A;FcFATZn8dIffBD)8+ZUfXAb-ptWCV7P{p*E$>B;_X(>+3g3A>jTxW{8}cjm zP2js)NxTZ4qPLV9Vy;>Orq!O7B*YM|7oQ?OrC`dwKemx6HcB0xnZ)_$_c_B{lsiN0 z{Tvj4zkN~J(kEW4rghNHpSwG)9(;$)L3%y)4r@+eRh83MzhWHUGb8mL%P+ONZ<6Y} zV1FO#zp-rdL&Udi8ny~v1@=}9VAt!cx2V`M1kX!6{I1v zF=u57A1hCJ!{?w0QI?{Zd<_ffnR7b2w=oo4su-|U(5h5>Xo^GvwlTb_mGbHjxB7bp z*~`c=u|Y%GV#v`VgmM#RWCaLJH0*xFL z`YoI#U3z#N(nqp+1taGz+TcRnVEJlI^#<#Bpql0xNfw-oJ~br^mYXGm{z*mjhxtH7 zq~;rUsXPnFd(~C=G#5{Whta5SSiKh2s`h%!#6%gtI#S>=4#PO6U64PDAC9G>HNJFT zA|8eSCUfm~V>^+@uaB!57r#0jJ!Scz5;DmAru`G{6`sijWnD#qUby+N^9 z{yt3AgL(M6-(JZV??vPYxP-;w_WDYiPpmZK+=}hD($>-*=Yr659%0!Y@(X5%zdrxw zz)a;V&5M2Bsz;v>i97E27fFb1|4UbQ6_{XVf|V>hw6|LB4;p)Gw%EO12vO?6I^!j` z_ss!`3B;UmWE7%j?8fUwC*5I_+*8eZ%(TP*FW+Nne|JIixiX^MfOdA^Re0lM!up6f zCma1~Cn;O(Zts^{+g#Spb}Gp{opma?l~ixORb=dSdfC1UsrOe@D5qo@O3QidB)md< zrElvgX5;sQHEUch;JQ9PxG0s&+_ag8cCj9IPqw0ZH&%NHUKg&HaHP+2DFfH_o=3~v z4`mw!W4+*&8eIg3r4dVou@)m2%QinlERy*f-0lgN@%+=V*fS!afO1%s|C8zCD&pTK ze|nHi?z9xj(yux~;@RSwR=d~-J0ZCjMC~xRTGCy{#k1jj92BD=Z-&KnG{hg5+Ckz1 z`p9SoIj|!REC|3v5B7DfoB}J)GJ^F@w2e?#5SAEEEYf@3jVQ#Xcw8r#s z$7CnfXMPZw$h|FZA<$zL2e3x$-bv4F*ITm z{IpUP7soj8|DsC+)bkdO4Nm9G?kezaHP=SkY$~QSAOoeLpSfIPt8ZphAxV97@hNQA z)~~ujd%jDpMmrOBvE*YM95HG?X89Uk_fB74Ug%x3B5l_ix_t&B-A@YxdXbLq_7!>I z^*LuV0CG-M?DHxAHlTtCE9d%~`K4}(&I*CR4U+A9ARU3Ao^FWCy|bIXJ6O0aX&?id zi@vjz>1l$iMA|s0;1!>oCRGbTovw^-2EW3*Mr4b)NIMB32rFCcQ4&S|^hO^GJ9!$Q zaU4Q<6H)-3(GQ46sf@I5gT3>{fMP<(BTB(VW;Rn~O1>{RLAAJP7UPd7m^y{F3kPdY z!Q>x2<*25l9>Bv;Q%tmyR=V=lB*r?H3>YtQ>r zpcSeY%Z3g{idE!M{^Xp=N-G4Picc#9xopMB9?#mMpp`m#xT_E_Izwi_E%UqLvoR=J zJ$rjPNqFGzoMW~ZN3~mQ#Cl-H2ZlQ6=p8mlH=b}xd2X^b3)y2CN$Rc1VR;e)iD^8q z3aCU2-m#9za>)28zcoB7U(EmPGeNoPi=9+4p}%sPpJMBWfh4^D#O#35GpI0p=)djn zU*OqMh7@&tfA)0Vu#9pDWXVzwKEew4lTdBiS1UL^%klSm2=%^zu*u7ix7Hc`>F`tX z$k);6b*eUCK@8QO=099|qiwIUp$2@v7UEfOB#Oh$_`y1fs`xl~+BChVxfAu}yXL0up>uW_$ICRqC z?f{W*YWS-^ELPzWV>?2YRQySTO1up?LzZ@7TrK+kgM1=zwJK|@;B>-)qs?dq-wHw1 zQ^$&D{OCx=JdACm$I6T6+bx|TA8SEK^Wbl_hD2PTi65m(rr;}XR*dTi`tnQl4s_H4 zByE4xBzexyO|rt1#b`!19jVy@;tH%IPpU-}2aFttU7Wnm61!SqYFZ_AYnarr`2FK( z4cPJMyd6y{SI@erI7z5Pt*T#Gr|d`&=`{1sR|SmUoZ}RxGj!0-9CHujuT>u=`@z{S zp*{>q7PimCU;LAKNBligyfR_}=k1!6KbH4^`=B>rZyfKq!gn|U+xq+M$L&FV;M=Ob z+Tp|*G1_YrWFjNi1>v>n!-Tp$AYjfD1iUu2?Bof0K(ucUpdEAmvjtw8KniJU|JZe} zd~_aNE{FSt?~_IwR%6Fv4ir1k?!^5!vfm};18xSRU7Q2rr@ZNsmP?n8jOl=fTX`Ka zl=l>$2D+IQAtaNd(eKO(X&*#QU|e5%Cc?WcitWMg&Oqr$m+$y&|A^)Zu`LX<`=6Jy zUmmtEXM?J}DH=x%=QYnIQ>=e@g~R>a)~jA@vCN%L?#hCOn;#4gDU@rZR7Y)L1Z2Pm zWvTupF>fHxCemivs+Q;Lta1CUGBzY2(GG5m6Z%{o`P;= z4#9Ej{C}*5UK`OFbC;AzN{q1@egYH`TuO4r>1&tGU7%jVf255^7haV+L9J0+p%%HI zHKqTna6O`6$(ATr_Ce0{?J5$8%42qX@lwt^-xY;_-7;@~VoW%lY}Re4fqO`8#%bb;OaC1nBWf?j-o&<;f+vW_0j2Dkm)8*rXZHk;3PFI# z&mC#(*mF{B)W%3BWJlSYxy}?dRcAU1NmcgwSI=zxtAzrK0->rbb6q}6Cj?$qRzfnS zm?BjtHwRi(cDvbEZd^-_0e?+v^{R&F+44TR3^_oXVx-GsS|&NUb-gwI74K<}%MP!< zUkWJ5^*Q`uzwmp&Tz)|>ko>&CU!Ql`L&enh+@?1Qy@_`>?v~#5@MV{&-=9`0XS3^& zYN$H7m;f|?lHk3qg`XKqtJ$EtbqXxoZ+?Y%4Z!f+i(h95PTE5L$>ZL)`)#(KAXY}K=c@wqTx$2af1H`-+Gb{<9qGGRdymUq0QJ61$Cr3t*@vm9VLM^e*6^aq z&RqXJ^>6mLymG(v0P`kpcK*~y172D9Yyr~u z1Qo^aRi?bsu*CO9XjI>KJ*wZ-^*@N90LH-Hhpccqqz5oDF*UsV-Q3@;jBMz)dcQ6# zI0Qgm&q_H{m>3P({9K+E07C^u+}1hq;bDN3Ag42hb19O)fvOj|5%(Ki`2DJd_tlYt ztG+?S`gbFC$4C7q0g$)1levI&_(NIMxBI=3BI3z~_a-FKRlKc>jW>75&TC9oL%*;_ zsZSh|jE2#SN}N{{O|U#C&Qv6I^M17tagOf#GjGRAQq{2o-oL^{@{{^+>x`e$W?nJ8 zGWQyJy|jHKEziT*^Yc+#QJJg1iFefOODUV2j(pMbGYio% zC11?db{+{$TMp<-j!cVddeUR*?2A+2lcJWe^Zfq7rkc8ZT^3T+7lQ73S0x|L@@ncu3vz=;V@qr9UEQV?a^^>S@p9fD42$%miIUScU zu1Ctv?VE1f=LK0rY7F*DsNqC_%q1UszqO&MP;N^QE+KTU=dWIL1Vw%Z#)fM%D2053 zb22M|r_pf86*EEmKSk4irlymVrO&ZZP}b4z8JW`GND}%HOX^rb$|4ofAd6dms45(1 zAoQ}u2~c(Nw7G<{(~c)kdk#A)6Zhrl0KLOfr;8D%R1EM(_esgG68USqa(x#oyBRP$3AtsnGO?$G$o=QcxTVo$BD})#N^TEpRP*|0tELs^ zKyyxO;J6V-?I{c^Dgwz&CA2AlWasy29=#9kl!Ea&?po z$y4*!ue6@K@Hm$@HeQR$t!MD9#g~Ny380ydVx?C0k4UmYg-*+IJwFwwkj^Y?vXNda zhuCV5mX}=@Y&1rOaws+^pCvayh3If!fe${msrg_OqY6>Rjow#ig_p~_t_;6LvkWmd z z#euaP;|6A~ZJJl{2fojb=qs{z%mvA%LH(vMkDQe7Nil@58UuE}_ILe-Mlf_j`|~$% z8AM@%Wr;z1ap8=~8*_ax`y@g-S?ULFjyhhFw)ZW|(n?>&GW%qD$$n`ssUi1GmWR8m z8`M%-YKpheE~`(Kr)TTooR#42=IYIbVV#xO2(?)EUb8H#^M6@}URJmJbXEeN4RuyR z@Zs-FnJjOPLOv_`Rb2`qB1_tK(Z}IsVDZ27Ij(68El!smMi$p%X{`l|YZJ4;W^i9l zxxTD-q8_Ss!&axL2xMVNp=PQYAn4HZF@oG^zx|D#yw-l`^g?!DkOE`I-~L*>z&J>v z2b@vw^##j!#9kBMUh!r|Iw!SQJE0M*{tV`iU~|%v@mdO>fzQTWKJt9vmlbZLvBQUq z*VD`%{GK%(thd6gvm$c&yvt+vN4>6IFxm*hH_0*NkU$i7Y3DFp~X+6QWR8-+;!Vb)z=B4h%BsI1eZJgi)N&!KWp)t$RoO>li~c4hAPtMo%I%hyS*h&l7Bfa_~Zo85FR?$tjG42Q zR>e(jRbY|&Y&wC)@Y@^hMj^%#zg+6GVUw;UE?Y!_ja$w))W)rKWsyr{zhCFU7|EKT zw^T%03qE+p2D|(6q*?yq^Xi>Elf8K^nT2`Y4fPTMFc&!$&9f!xsldWmXL%*l7c%Q)U+1ElWV zPt>H{oUbD}oIHCtVLE2}J^QV-R$jZYYEkE&!txmA?ufFyvoF1{vL>2|ss{VVRbo&O z+CVmKbf>VebpK@bB%-C#VrK{(EJH?gWe8jdgHRAiQDiDR5DxY`b+&L9KzfLVaNUH1 zy3Bc2cnsRMUU_^U#h6wKZvFr$iRsp9+(h^JRa2azTnlQWCEto7)w^{&B)0*5?#Zk%6arFcu9%M^-jDL}NE*gIhD8GGkb>n7XoL4dH~MWV`K!+7pMd zrAvd(QtEj)!nS1tS2csAaD}!A*;<*-h!01`Q3~|>=*nIp zCZ!3xer_^t<|WBrNxFm1+HS&{DeFvODS_N4<*yqZJGoa0e_vc%n##F-r0;adg@{tP zMMJ8lp3CHlJ_%_4iR_o7!$ru;@+{H-<(DIXC~iRgEHVWk_>BB467zaVRKuiJ68UMB znM0$-e9!?lAFgq%GCZ7{j-X)*KueLPqNV=o_;ZU8o3J%IpVec&LH8bZqLjO>5E;%n z6+QwqL4agSKohxp6Gb1$7p-*WzVQ7mRn$Jc@JQR&r;tMSGG2~hb#vn5?W1SqZbiaT zkZ9%x*x=Cqa<`?4Sl=&5jCRx6$4^(dfKthkQ?9!y6F4Pmo`rK=a>SYahXao+F^2ENa1re0e)P`9W1%h{ z;sV#u3R&>CHTa0&4~spTdL$Zn9M?G(4>jQP9EfdQfyr97t}8Iq(6`3?=?R|4q=Eki z1dt*)IhyClx;1iFu#NLpgiN>2Z-u^bG!q6B1J}x-fNLNqA8)UIYvL~#VF40$_(C9OFIsPhUk_3rF1ktHihie#9I&wxHvw0nNC9@xqG9onW3g;!WT;o7!7nh%9`Xql3D`K9ogFfRSwERw32Uiz zDNRj)J^6oX>yea(yP(Hs6b|+y|KnNhbEFSF`VbvuUp4g)Q9&hdK%zm~lNW)bnO*S1 zX;=4go)J;@W1F24RZ|Qc%~1!bhIzUjiN<-lw;}eQo<%qvbC}eSi%h5_3=VO#nP#bS z4w3&iD1!`z4Gyb_*G=w2h?MhmNek8VmgXGL0XWfq9#t2N_iL~M{)dB3r!6*=$dGg6 z4LtbtTfyIp10vTPyda*{!_a6*yfe&x9^(#ex=+^R$ zR_lol>D2G4?${Q`ifja7($0BD?!NmD7U?`T$j5|TpvWGEXW zuTmHyuiACuHZDSYFh>nx{Mxx{lu&GYC#>(B`*~B}h1-aPl=jiQ!Ize z*&QUp0`&oq547lgmta!QR%(T7{pL>cb_Ud-uJ^>#-Moj^uv+d6QBSXRu6{#-%-AGY0({FREv zoi#tSVY`Rz&jvCH6|6nqz-Qgf z=K^fq&5wSC{6Fhgw_!S)#uM77+&}}9!A0o79fY}laE*C&?2Wr4sE^4xU~T_`+@sbEI=(>wbzJ`|y&$5cI;J99=P zu62vLpC7*VU=gp5F#4}{L}Co9dQ-*GB7V`PM)GCOFfQZ8Wbfi^2x1k*X)avQm2CrF zSEbwtKPmHNpE2+q@JSPvpR!o1GO=AzRaHO8;mQx|Vz8tq62Y6yQ$|-$I$7*Os#eS) z9%$y4a>YFb5qnke>WO+(j!j$_A_MaM5y74)CXr}An8OpM!b*RhP^jgq%;p%{np{8@ zM+u#q{9Y!=$3@xo8!t5<9$P|Th_S$P$VI@fl>wGw35O~FOECVABK-*?g>y?Zmg@$L z@9Dk@YRg=0e-kffQA?#XQm8dX{Ev4+!+MqmbEs{j>(nPJMP-vd88t==H^Km>D0Am| z))%xjgH+}+W+&KBI=`U3VflWHJI?t1E^Q>W_1NFJ$`)^!^ZF)4zVz(|vr~iTLN-Dr zqdeLY;Ge!xsZ`xMa4TLo-~fJ&9ctSY__GwyY`140l?xl-`FTGww}s%CU0&aMOuTuBYalbEbEUv%_N~` zVD=R1S2xjdg>Wl(;EdAh@{6-2@{S3*FH-w=3DAXcc_|C_Y_~Ub%&f{cVO77TyV?}Y zN|av<&53!^TH2mYojLY+YO#)Q*;79&P+^(@miIuC>3#4OaadSArs8nlAoy1PCd{At z{3ijO0~eNV>xlp?j#m*Vvj-5kJ5oU^sT9*yzcH;>gv)#V9L)V#>XkEIn4_{i8R|RQ z7cmj>MU|X{N%vv&N*i5e2yILmR=1ZFtDn*ghcAzFPH%ko6jwZ#nN-;{xg#m^UZ1Ax zoK`e^g>Zhh?`u`* zm?O$8Pi6Sxtq!vHVXIoqH>4&lo@>kgl1Wsa&1m4g!*kl0HuYKuCAaoqp}}9dyG{8_1p5RRW%b z2GQQDZd-@1P0$lcLIOL^sgHzF`uXVwf&Y1i(oC1N*fNJS%sl1<4Ix8Y*__30C-!B< zT$1%JGx=rGHuN`TCReTK@b*dKkLpHh9p=V5eoAnPri!xD<))2}DFvt5Fz-x!V`a+$ z=80{Uruh$On@adKS{6TioH1CtE5bBB-$;2LvOS2*Sb3V<6G()+>0e>3h|5ZHHbM|N zBlkbM)%?Z~h}GxZH=Lol#?{xX@aJhZwS0mE+DfM-o$`GVOiS%w2NuO*s`60r@tB}p z9pXOunwA}|UR~YlQdy#bd*=N;R_ooPBQ+2!do#J2DryAR-lDCe6RW6@tkp3E7pNb5wq;_e61{vZd z7nr@tOGURN22xh7Y`a*8Tu_5RBD#)frgmK%%)Y4WmJO)520?aEcK0zNr%e19?u z(J$5W7$c@|j?bSj4tfwJMC04%F<>3=62H`kYAGbTbT1NYr-j?_ED;!|jgUxq{J5^f zs{6-;Mo~|Z-EW8LnU~j3n65P2$ZOb=u!ioh_^-C?>cl|}Kd;Ye_b(OVt2*mQyV3fP z`&JlZD@G~Q>EZu}pgTF+Sm%b=A`AET)yy}S#Hj}k@TRK#!mgJeE$V3H8(eEJ1 zf*Z}6UZJ*;w^ow7{1S$PYQ{3GsVL?yp(-{=4_i*jnMk^q7EbU3WBA`5xxu_+Ajh=$ z4FBg)&LKFt-?`}I1VjI@e@xYCe6EOUn;FPQUP|=%xWmQ7#HU}mg~*F)W6wP_jDv~& zv*!-d)AC{-t-guj5~^qw>OZ#;w;P%|1K;v20J=a`FLT?6IIa~n6GrH-e}um`;{vbT z@@tL$oz)GYXC~vNxCa_n{1>@*eNik!KHL;vehMZ+U2o7?0=7@Ck>7Kg(>Yn7KfbzN zRKu6*6Vc+=v2RcU2!#vuCwR=(?`3N3C={N8%4#oNNR$?9=1^pPJlgds2v1u1@^LAB z?Sb>0h6jc!nCf;cp#tu4*ItrI9%r}S4Ki)6Wi|WuG0+7EM*n|~{X9-)_<-l`5p`sd zhAA#;oTf_SqvzQ33y?V2{ylmt@8W_wE3b5Y#OiP{9R_`I7m^Xmc<7%PxZ;%N{0nd1;c8fMI+lZ? z%s}$;lU0>mu?%j-{JV|7m{%!%ZGcv?_7KOQemKd9!MHxjhkX6~7VzKit#^!q+dL=` H4AlPuZ7J(l diff --git a/released/assets/fleet-crd/fleet-crd-0.3.000.tgz b/released/assets/fleet-crd/fleet-crd-0.3.000.tgz deleted file mode 100644 index d3a0846593cbb2ccb3617cd6a5d960f3b9d2247f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9675 zcma(%19K%zkntvY(Izk6Xk%w%+qR93osI2{ZQFd=*tTuk_T{_#1J_kuUDMMwHPh9q z?jZ<=1%mwtpOj$K2I7hgM&dH8(rz3qhD@pq#!4*ano1n3a;mDVGHO;91~$fS$_lnT z;wDzsU}s)hj;owA`dRPP>bIa*ltJF%VXMNE^7V+!czUMhrky=cWUW`Q_?W<7B6eW% zQKpukuNV@;EwTKNP!!@9-V!2Y(}*Z$ckSdHg(oIdb!uu%Kj)r_QxEC6d;7m&mCZKI zhn|kk`Lq4${r-}kPVe*nesyzGyQBT>yuW|{G<=g@j|8&=?$}?F>Zh(Y!axI8GcmX# zQ2TqoE74{qse~kO`1y{TRC50=<64apJxm5`e1p^IUE)JUFwh+ zI#o#{E}=teMTeZAFz~7y$DUU=J$>%O=Wf#rOJp)wQk|PK+NIj z^1>VnWocZs1MmKgiqKfIw)CX)UoERx2YY+xqiBHd{j-{r?t!qvGZlL3-7qZZ@Ut86&ZXV-$VwJ{IP@nA zn)zhEj*2ly;^DcQ8|R8?U4i*KaJcS3C2kW|m4d3uRd-yA^^WoR^}Ml~P54VIhl<}- zhHoQ=8Ofs${o~HAsj3U|1hYto;WsyNJQqP@&$}5Ik{xfle9PRq_);%)v63~0D@>jv z;Ys+igiBcw)4DXy=EOr0d= z$@PWJ&$(mN0yo7bTvDj1H||T-)c;cFJ5^i^o1aGgG;cOZKOa9cNr(OSXe^uDUd420 zcHYN}`Sdo6m^jJLqa_sKbr-C>SVWm7Zt5#?PE&ChIf+!NvPxDyEaQMGS@EqI9a1Oh z`iIe6fQDaG>CzRVC&bmk36oMkj}R4(D^4#ZdVrZO9|C-K09>)6LpaED%Ojm=7G_)% zDDLqhd^owo0XV;kj|9u@B3x#VT^_w?>CF;&a*4dyEIksh}D zwvG2y5=Epqdc&Ew6xc~5$g(nFJ(vnX8|+MZu(vqrPXlW?2+RF3YaGnbf-ha@d?w&7 zymC@QfNO0JW#EdoNjq*{=1L9#^#IVK4jZT*w$&(065P$X{lxd|`e@f?+h=E?RpTrS zi7CkCT0(7x2lEQ_D3+k7lI=*AxrZE@Px1V>vrN3!=8$3bX^#IHi*c`;SpiSNG z)wQjV;@Na4jneM?FjLO=p>@%xB(=s>>TQC*@#nEP#A3vR6Jjod?fsN9iyA1~ko2NB zA&M6zivvK zfIWyehMnYhy9y`sZ=o7{@w=F-T?}7@l>skUIB^@IHZ%m(JZ=oyoSc38P;joRs1FF1 zEeI%X+o)O0^A)@|ge=&tnIk|5%&xe;M*$nZyJKKS&Nc=@_e=-n1t9w&au7?tog>aW zXsmla-RR!71&T1_6?FoXyNFb>w%*oGw5(4xc34R+?lI>U%w&zTAHNNI=k2Jcjz7$e z+yr>?56j?2`aXkPV$Pu()^Wa}vpK{OsQoCyyxG(1ca5(#^L)!#`Y_gpa|$w`#}CR7 zzZZ%TWHtKG-&U84JT^`JE+S;8Q6v+BqbvXOwMr0q%+VI}=|}ssV@$1AeU!<;J6&x{ zW?N#xCd;US2KIgOb(ZQ(tCi!;DYe&<$Ra)Z$?iwa<-KXcU9|jE$lJA~eBR4VZ_CEX zq`kc~$|*XFbR08@;S95=xSNdXEys7BC>URMDN;0M%P>glRfdEKs#{J?G1`fsJP- z%*6-mH5{M~-WoWRQ#Zi&A&05r!|x&IXvA!aKJ`vdM$ZeVIZr+e0a68XlHjx6l_=zs zIgJh0p;uNyvX4L-VMxvI4wz@oCNuECHOB22R<=i>X}XjDmL(+78E%5n{3uRw>pC6(1``vL;{i7%|pUNkcXy$PTrdKgGN zVT9}nNQ04p9_y#Ld4|;x+g80vmBPw0;~Kjo@|;GCqs@5@#yea83d{hic3&&>5AD4H zzzQ){4&IJ&-jO~l%+t7QQwettIyi5lDel3yI`}|-o;rO7)gbj8Zy!c(Xkte(G32=( z>pR<;1M6Z|4YSqB!i&ftGQ58zu?-tmx5wR_46umIJ;`OdOw z%X|8Vle(8hgqQM*{f&l2v-0;{6(NWpoZ`#R$EDDtJ8^sa5!zKgmNjkKthP%}j<_Te z^^xPm=$I^%);=5_&o}!TN4(g}Ew(|AQP}58GM}O7GpFO(&PZ)GB^>lAJBF4O^je+Z zFkJfOk$*g54&+v4*jPIR`p(%@nY~;7!5^OOpR}EE2e?y5b3ogv`>N^PWZNsp_rXZL zGJRD!wJ2q(>S{$yy5qltdiZ4PslLOI^Z&hy#!6c{Y$v0jDWtEM1IQczq@dX&=}EBl zvDe)JC-;P4x+tPNbhH@yBU!pM=TeKf69<3(x?@P?FGH^YdFu1NiBH}N71RBiM23-< z%yJXaKX(01p3aLtX*iO0Ya-rrTU(`x0~&S-kc%cer+XR$xx92$fEzKc)m*>MY{B>- zD?wxkj9rRiV(o+zi>&Zyqmzz+^$ zQqnNlX4jQ*`qe=;sPgj2s%Wj9xrO8~Rwl9a{{h%p3o}qMD~Z74aOmI zaw%!QJ=H5rzneT&N$xOiTYLI9OQ01#am)AQjKi|gKWhZ>zPy5W-}9pFq61~N`#YH~ z3(795GYHjW-%Jm!DKO#7l$vr5}YQ6 zcL>LTqnc;v65!VZHD+CDf8N23#LEkM~gRiZewkp1=97LwR5iB`DQcR#_C$CFOJaZ z$*kO^lms5FvTgE{3gTFEj|?^NuD#l`Ujpc8cc>~Amnl{?A8p@|QnH$78cuHC z|9GMPBU*S^S>1C{gl&?Jb~@>C+i34muHRQP(c}^1$k)PHubb?mZQcHO8k%#_ylGcC z<|DG_{Nv#^#vgqV4|2QP*y%W3mXSuaN&oiV?8`Qt9saR~F_pa<3IE>w-kZzk@|mjS zgp|vN`QD7@`=Jf_`|dE0&&9>_?$CxW{6iaz?!Wb7F`wELWqet~Z)$HjfDe-HGW$?R z+;b9c-ShSSY_*VA>?YgMr^4(ecinErTDCE0L$dI}!ntK>1jha8s57LtTJ?>NJLI4)%09{OB-E`6 zy-+->BBoVOR_MO(nL;0M##Q?MtMHxHFc{%v&^+5_E(Lad08Kf5^dU_ z?KSD2oiM{@PH@q2Ewr!_T_ww|;I@iN7N1;hM>sCtAq4V+@2DRva;fp`TNu@3N?Z7IRA< z4b558Lyl&6&{BQ4cSQqaQ(w3`Pow_W83n&pHLSL%hk#5{8B%}&5;F9U7q{~m&+?9m z;)pSM^bpK5yku!HXi5bFB?pKSJz)uxqZw2>UFCnhe@B!$G*!HNnDhu>KU)qpHYa?0X(J1`q9n7D zuDQ4-I)Zp63?(U1HVl`yiYVT+cH+|>J=I}{t4vT_A!#*RwK1QlH-{{4aP6;|0c0e< zo%UwRaXl7u%4?Xvua()0Q4g6w?Ce(@`(2?6BsUTs03Ijbb9ikwyds4w!;3^+g-Ka( z&izY47Q3n_dBMp1xhnfBOnI}-=SSTxINs||w+RBXfA0%q0FO=HtGZJ-)2x5ecF!HU zxwJ_OwZ8d|p#2{0bK^X#%xt7%T}KP|3F%8*9n_h)GWTnnP(@{+JqoCv3rTABrsT}K z#pUYS`N}1WXK_0!yR)!O9wg7(GN#ucWDQ^*-Ch*))}eCk^3z4ay*BmO#!TDyNew$o z%)4bI4;xWaD*70{G=4AV_940TB#a9Gf=1g7=1*O1ZL81MgY(ly%+B^E&-cYeTOS|C z=ZBj{Ow454O>NyaaXRjC1wf**a9a~rgr$pv7=!?HhC60v<0sMtLl$F0vdP=_0j~6Y znVyZ39GmXv>f@tc^~WqXzh2r+BfTE)yKl$Gqzcx~0IbjFL*pvJrO#U%3sRlt`mM5j z9ejFH*x0BHkyT4+=x^a^mgMzU*!7!*&FA&12o;}RGnRfbjYh<4XSkt^i;$sHn!)wq z(G@O1N3{wfQtK^i-&jP-nciPDf-@l0yN9eqKHkj_3FvgQGi@)jImIjJQL|z^Z!`T{ z?~&SQh1S{VkZ2mN@Hb?<#zhpZ+rrG=B&;ZK33RO~OUb$n^t+^@wxM9*u*YTIOL6x} z^7zRL;`sjFt5N=u4yaDQ{7DIgSncErSm7xT!%#vuSx2(R3Qhc>OUo@}oRvMVfCDw0 zH$w*U>|gaWJ%bQ;HC+x=@4G?9O8%aae%gco&=y{S;NCPSqG)vd7X>;81%si0r#JUS ziPytK*(Db2UCPZV*cLDcPYDG(5qGz{S)-)Xaw4ScO?iXJVJ|SnUXq7|@N0RtZMO(a z0%(b2MDz$#obI03;Eqw7Be0#Tadp)Z(?CErUf^>F^BFDCpPlSy1}02h=?qS& zOt;1eio5r72|S@CV}SAA`gS|gAhTVRMeWBgDE*$dhYXFrc^n9@c}Eggu?3~ErZX}7 zYI~2WO;4J`Ki368p`=UEeanqi?iUOG_X0`N2^M7+50#IQ`ySM^Hj)g^9_!s4UGTie zM13*XYxeYyHx|2dud3PwJbgOcOB9RrvdO>5ycCKxczC;BTtg~PLPXtmB zH2-}!ot?PoGR){)g0-(I-I;%{B2u~g60|H=eo(g(KD)VXIMOKdi91@szD+M!+IopK zd&u%s9r6$}p|5l=e2n=I@L9W@Tfe&F3Z@dlkRB2^WI`&lh0>hQvJ|yn^J&^zqFSSm z1^pD>rO0+huj#ZL z9rW`uGc}P`3x8)7P`PGIxU&keEU3H+{JiY@=%AU}y|@{`OsxSLRF3Zp0V=luJ1+y* z6Kp+UrTgNHRKdGPD2GkDsholOp1LnfCwFj)Ea)idfd>6oGwv8BUVT8jgD$bzYY#}a z93?o+AzjI5Pgz11Cs{8dv)ZdB*oD%-98SSe({;#0+9e%gH&O8!0>e(B47ECKP<{d? z8tc2@h|kpEr4!?b%0*c}hnd|s)CZc0J_E{q6KYukUrn>(-StNr=#@h{h5ubKUjup>DyQ(e^$<| z)v$oz4`3p`F>_HrA=Enz?_I?+k&5V`W>2$#kboqHv;{+tmVpM&mW&cV;7TURsgg20 zr$Oh=OzA2Yz~#_!Gt-{Iij{meU}4qQ8wn7)&#}m4n9xzt4Sg{)1o~uEyU;0WUNLcj?cl#1c-WvbUx6%z9kWbpj?jT5(){ z-JOrbQ}j1ENyY#!8v;>eF$V>dc=kN^sK~QjxCqKhnX+Ai+BhNlx!!4tS?mTLT``op z@|l~Y;zw5@lHxY6O19vAKw(Z}m}RS66?l*#Fsy-Hfg&m+Ge;f)3>en!D`<}yIW2`w z0jvhM4aE!fc@0Jnqs55J=5Oh&;`{@)s0TC{OlP5jH0rN3Ca(n{4>IQW73917#aBIS`Twv57!tBT7ecI0a79F%k=-BMqz zMgJV3#?9)^l1UQ9kgFM1lkEXR%jM*pQslYf^d<;Q%e0;e&W?;RMZ10_BqYus0cGqE z-=Imcg#rZ0a|8?^F>!z(JI)>q9N<4NM0j2}kpKuB;8cz;4745zX|a=Q^m0zkh{87( zK+Uo!M>lPDwI1t^u#7ZaL>!QqD1|Z>oCl)4+w^soDs%h#}7N= zCI5XVNxq?kJt$3X*RHyrcuFP3IIbk7a6?_AH3<@-$PG>SNhoGRu5Oi8_l=))-fjtg ztB!$a+VEN4+bZ8>3qWt)U)^7=SU&GV?e}g6s;_2vSD7<$MRG~l<4yjSO4AvPR%H&+ zF*W@Odbnk#wbl}4!Ub= zv_$eg-hEeC1mDn8)UXrXaAFQNEs*%xnnO@9xfg$_c&5s5Bed9~KX;deAtkstR9@w8 z#}p60-VqGlU694L(^=mUU>)Kv=!FF6m3ssb(KAD#IRfxJ^m>eS$d@w0*!3={kEaoJ zqQ~HDvG!6?9aNaDiRzUk7)u(c-1kBUyU06T`Nxf{X>8goV{%s?+@;ZB4H@9m!1G#C z)R-4A#7(l*f!(kRHmvH*J{ci3o2M0-UZ1BX(R52OHrNI5E#kF17cLk2EhQ)>&Fgrs z8cWQD=#ehre0s8vL1I2ur06nrtpv8%_)&w4BBy$(4wV;e`r54MN5}`SFmo3gf-}&8 zr@FC!AF?n$3f^U4L$$kce#FWk3W>I;sfh|A8z2i}?n{bE2zC1X5m@X>$ZwgAK2w3B z!6?=nXs!_5VCDFlivG9~)YxZ@N@2#4??@%?9TaKf6@`QeUo(A<`h~3e`C3*^Tqy&_ zp<36jKXQsU_K|ScPrBSzzc%n9I=pJ8t&85V5h?G&182UHzf#a_EFGyv z!)pDtQ3{Q;fs74morMfqI&wzwwsLBPuyO)GoE`6DmwSn~#g~Nfv}bi)Qyakr_pE$82uDXg{x1N<>$#g+sEdN6VXy2*3RmkW`w!R9)h zYn7LarOdY1MCjZtf3*yrWrob5PISeZd$H#Ej9tSV_{OW!s!g^{l~a7M{i=ITwetMn z!lXW1cGWwAamyvm;_MYsw#D`)E6>jXuD+1*6P~^e6KJI+h{e+*JJG+icFDf9c8%a# zTZVwOZe}u}A5nw5I6U_sE=v$<-zHXJw6;$4@6H2g?RrteY3)3|vX5?sm?Ns34phzk zzLGw<(e)k87*IxG*8qp zm9!d3G*xqWf9P^%yw`1>11gy%2u!UlnDjrM9H~nXjmS07Hhllju=}MWp-j$E9Y0#T zfai@`Xu5x0EZq_ocS{g#aJJvRE_^Up3td&I`X%>8v41R4{Ojt+XuAG^X61L9tZ3yI z-Z4e{|BF{s#1?+xJf^jWR-TbWMgYQSVr5*9iL~LKtokKK3_;*S#<~CDisQd6Y!>Vm z+V42OHI3Q|Ib;$$;3B;|lloo2z0pQfae49dHx89{GW}U)>uVbuO2RY``MNOT z|0|1aoFm;u0m!`2#KAUKa5N>u7FxZP^ipSPOp5%K;7AEzQJCCq)Kij6P>viiVBasg zbG7`Ey6EIb!(eemuzn<&RC23RB25ui)F|@{RrM%>Bi6u6K&wZ_t7sfJ$pS=fg7dK+ ze@tZ=8O=Gf=l!Ntr1K$$3YmVUpIv6Wu$!! z?drk|w|>)u(nh~aDKP9-eBqUmaYO9rf0St>E=OYec@()tY5j*(1GSxa8ns=*CShJ@ z;86Gy?Vf8Nk!?pzK+zpC((1|zUV*#VAL}_w%?K(}+U$gnYkH^4e}yDONRJ-)3rkgK zw&vq%D+P+&P(Kb|9*cvtHDQNz^7-!iA27jKtu00p<+oj?J5LBlb3RAk(5B#&*$sz+ z`R-kwVviDA#ZL{LJayXF(rDbDNT$Rgc{Lmhssg=8v??%x+ng}lNZP{bp_-?zdZs#v zk}8ghe2W#3QtVH1SE=!OjgNQT)p#a<=HGT}3@3XdF!%rxz<9KU99LCLZ(MwqjeA-A zy^sv?{+Z5w?)FX*@)seFf7JxkYRva5F0r2$A{ zA3AXE<9qLZkA{*n*wjUOt{CINV<~MRhxJiHlarU(hD79a7xt4m%SF41cyQ9l30%t# z0etFU8eLJifhG%aMgBOEWtOm=MmX`7+)x^4DG5pSe|;->87?BezzMgRSa=AkOq)$-hFlH@`6HdFdsk zV}0AK)|m!PdBjP%n8nbozK2U=r6;IdMQkX$aKzVZ0sr=d3dd@Es4}j26hgI@BT(8{ z@)Okd_hS1{;D-)vY=TMOQpmZx&B>LRpbe#*fTsH%EvAjWIOWZvRUdpHf1%9y<@6<%0T0{J!YpC8Fm_&&|zXHa>aS$jvHER^0hvbp{Ao@R&YX1gsT3!moHuVdME0kTmVj zhgn|VeQbeaVJip^pa(RO93M^+-yO-NCs+>`4U zQWdJlCQEbLnL?rruU2vx-pMoT-dcD_an;q85b5s@s5XyHTuY$5l$P4*xyTZ$sPETJ zwTG+d#&;_3yE9Q{#su}d7~fp|Vm*#XxTI!j{mr-!fZyNymo@`GZms426Cti?5A@GI zeh1^C_oU zsmj&w->COWJu$P`V%#buroF4!?n{<>a50)>_h~UjPVjI&fXLPe#t80bqd2}!?@??8 zQV=eloBI;*-T;y;63OZK}SF6isVEuxsEBJCs8 z<7ue))xs?I!i6HGqXUnm)h;RxOT?j0k8aXZ3q*X^VTPM{0ZKK?D~4F(r^o~Zi6KoP znt1H4W3;wxWO6J-i5E>FV4H!w$3vL51B5-*Z`Kz9*iBnYw}MP6d+)jKSFaERs95VVc)qH}cgW;+8AH z3W%D3UJud3PAc!m5~TB*3_;BzuIbpmgKD7DNI@7mw&1k?(P~DNgbeq6rdrlMdr2+( z^v=Z;{(e&r@=}I$KG8uI?}FTbAd<5JgTSyG$@g-sw;#R*#(`Uht{2RJ9urB2mt))w z5?lt-Fy0t5l14>4ky*{}ZLANn1o3pnN*fZAqWVgT2Lxehboxpxr^v-kgi1I{t(~M2 zY~RgtgNN?Q)}17cC3^ln_=y&V5W~Wt@;*YXM!94 zEt2s$X&P#;fQPmJcQT5H5t={s)|e-7o+E diff --git a/released/assets/fleet-crd/fleet-crd-0.3.100.tgz b/released/assets/fleet-crd/fleet-crd-0.3.100.tgz deleted file mode 100644 index e3a33450069d3bd1b2bb420f0162e48393c90090..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9675 zcma)Cbxa(-Pnp#CH8bWjYYvg)knvP#^F-h5nU9NMfF8eGrvT>EF7&ZJA1z9`p-~_ zaX;CloS;-=EN$PPapXqZ;zeQMXk{<_<)o;mQ9oOOJ8AfePXw`-$13qLPIlt|-QwnK z-+ajU>Ed{IYHDixyV2X-LwA?g-Sg_ABg-qUAZfcExx9{yD?r5>2cw1gVL>O*r zu=Ba{g=_#8ypANB(TJy|Tmq()i*ToGxH?~_$;&tS5VJ4R^`7BhrT7aAZtL*J*!4OT z-U=k8-e;a<#SS!6D2p!>JQhb~%8xp3b;VreDTQh_b%k;w&Z3geROl&p2iq;KSMlk_ zO5cr)Ui`057z^34t2D<|Ky#N=#MgK zRF+xD*OAD5J6oHuB+b!OzFe25KV%2u%q5oX158b_tsQ~_;9>Y4$O{8Mi)%rdZ+e6x z!~$;R_I-6flgH8MJnMbY@%kkeHWM)-De6tVq3oT8<>LKU)x+D)Jh9f^{IU?kAJ0z9 zBRgg6(J*qZFV>TThFTVU$++j<-ux?;e~PSMu}1$KXeDfZ(x#=a_A(mR=XT3^dA(m< zBrN!TnE)sctJsqovPe%H28hYsdnN0rtC3A6ScF_UqITKp9lSUz1E?mu7ge}b%7zoV z6pApb((X}mZwiWK-Y(ytHs2PdUWY(0!^Rn8Z#SFolY?3EawTrCoA$Rxi&q-Gl`f-r z+|(OgOaEBpR`%_z9sFr;<>OwgmnRY=OFBsIPb2KV-#N}_1DW4k@={(rN8evTmU4f- z@{JKVY`n#%Hh6(&x(EvKEuVC?r|uL{@w4OTbyPI%-?`)> z=qE=Fl{cyGlxlB>vqM(!l9i~nDemHRB>o;!VSq!++!pR0C`}_K1m5#VTSB5KW^aE6 z-gAMghY2#G*00bstx+v=roI((K!|5EmIYD{En6b1Oyy29alariLtWC z8d-Ol^Uj@{zg*;UYWX)|U<3(z2%GnO8<-LCza06(tnTv+EF!h8TkC1BT!ukO+wt+YP0i0*efMaTXSHo^C-6TP# z--~j;L41wE&eSj}*Vl`r$$lvXQBYQXS$QIH(i3|2p9Vpr>DCx!Jw&gKzS+|_9C>&Q z4Oq=RYnKkyJW5HtLPlpLRBmfFBspr(05!k%=^I0A( zWx&EdPCVoO-10Wc^`iFa$j^%oDYAJ^Ev(X%m#4 z&c*S@@i7d899JDiQX-9^Wb>Z6+6)WU8O)IaZ-Sj%!)*ar;l5pk0F0zSV6v2%c%8mB zy;eJsdBA=&fnIp0TN7w%2#wC9i|g_mO|-fZFw(eYEn2-FYnxtd!Z1_7wnNfGPF)VH zP3lt7FgicYajB_48lVqZ=ehg1d#kOd^k#AnY&qiVSKjX z8_EdzD6fL*JA4?KxqppjRwuD3L3#lH?r&gfkgbY;A5`e_^uvCgCTNufj7Y^r+CjO* z({Rd|YdIDRW8KBcQ6x%JcLrJZ7OBliFz>`l?vekvVr&VcgThmcGF3Mu>)on@-taV! za{_GOVNu$(gs^6blgbid)^E@g6V#I}@lyK8J~{(L5$tz`f5K5Vf8IbsKvE-##8I8P z;T;Gd_L2bw5;#G_EBNDHECeLu(-tO^=WjcQGPS^bL z-6-09r4~0qTuAy$Xg0l1T8+6i^zU%7pD)T*#_t(4K{-JE+HK#cFxx&xQa96=Be zcl-Vfr%(T$JwxNxVTnl3k#q?z?5-o^>Nbmm?gxiO`*5fVmRXgtFut%Sj7=A5WL`oU zC#J-`sr@jb`w62X;hrDi=Pw{}oC4_IpIQMP?d;a@62L!3fTm^%7+l{4lla)hpne^z z-Wz?CK7?;cwny`Nuv6a}5l%*T;BXi)OUKQft>;ziWW82yo#z%7D{u1hZsh$k*MxD7 zYfa_#z_`JIXylm7V%yxlqc&;h{mtt&hZQs0TI@hx@RuolF7V|EBR+&jY#~xC z*+{er8N}?e3xAG*J%#4XuI9!{2>bF~&_I)9Dgr9^Z$0WQtS-EG9*Hh1UZpsrYPSe} zPEdSnVIiW;HaCO^c-y3r$=GmysQxe{o`|NOFrw$!^aM7^{*p&U`n+$BJnb5bJagLa zGbmQMdty9))Cj@-;ja5?i}0%T;BvWQ+c5ujT|owoMqG6E0-g){b{(;|AJw7vzF@*< z%5$shGK zEr%+-4xxl)EYx=t>m-5e0rZs(7Z1WHF3(05`yKoAFLyAjO`2JAwu@#KSZafzj=lYl z=BN&ydZFY;Ich#J5>K94%$DxxD(bp+p~!g&FK8(Qb3Zv;9Zwgn!{?^oE0d;inJ9)5 za{C(-tZiMI$_H?S;gcxcim@bbh{#EmaJJu9LmGDdCE%^lRiXb3g(IsX=E3|#j$^_o zgUW~5OH|ejFer^eo`U`!iaaGO=m=kSYv~n^JOlB2tyBR%i$}uS8VgRY;4*l&gWe!} ze&|kIQTl2UgxnVcLW)D7+nL(95PQrE2r4GYV-$1Ts^pTI4$mx{(eRKAvXSrcsOs^% zBt-T|Hdb!rxBpzbyU8`4gfAOq!yKN1ZbmD`4`edHBD%Q9u++)cS$Ewy;WhVm z%n~h}v&N&hOK9@X65A9quz66#sLOU9%h8Bh;p-CYXD#DEvV`_~O+wfwV4oeazVJcr zQu=szwB&+X8Q0bEJz*O+wo794>e~HY`aF7P7=oN5`hdEVNnyhu(gO*`J1Epehw5bA zotbqWyu~!}6=ccmCVltj^G7mW#;DORC{&ccmWN5aa_{^G zmT|4;1+^$L(Zy&i^UzKNtBav3ZET&d3jzyGZtYpdP{n?L2RVhEps3kHM_&K_Q1`+x_O3#u|_F}<%d}{=^43kaLc5j#5Ih42T zrFT$-yX)K{IU=vfc(IDs`OGfl^GwBqL%`f{%|n&$!9$Amn_%wlvlh|aJO2{C+q7@) z#_Q7zMv6<|l#-x}W#M&cCOIm5@#(=o{5#J+B6o;}dIMT|#kKQ5dqv|))XU9BVpbv7 zV%zz{=Tiu!okZ1nWAo@`(PyW0lH<9M+m0V0<=@9@{xKyc2tj|oNT;oQExI#M?h~U1qGUbUh6JkSLpMOb! zF5WmwkBG!U%n(-rsMl76e@By2po@#gqseuDoYz(;ga53nRY28w8q`|0s!YY{(bi+jz7s{YCJ3JgP|u_mk_X zWBoTP{E4%ES0qZK0TjPF*&E zqWdx(#Pgie-XNU^4#ugqFyIFE`W(Ae2{cfMQWJl_GZf zKUSll9b^F48it4&A9>bWzeT=HFZ+yYOlYNSoou7xgEJIiR&~S?fql+^z00NDu$W)| zU}nvo`Riy#=u0|Ca9285IUOR}fCYwgMwmJy?u$l|SlI!pTwg@eOU z_&+2Cfl(U!wFu+&alCAJz&Ny|`BU*Kp1w`^MBW4;Y~{-Y8j&dc6aNrWP^?UDws<{1 z2`9#_UYho{R}#J=lP+vYid$jdT*BKnYoo<`x<-`7@EoQh(=pW5Tkl-L^t8DRQb~$c zSXp`EzaFXN1aDhj;&t>wp-)c)>$-&Q*Wg#E?!$Qr=6SzVuS2F9uyT zI#!Xz?u=VUME0$$Is)mm`iG?wZHrkMIUKXk(y2ciiYkmc2n(>VrHJ6p&tm##8U*Rv zb1#T}JBVMhEhpVub`Kr@L;RCsnQwK@RaargT^{e^jZ=|HobpoprC*kf9z(uAO=`q< zYPuO6NUA-#{GAhd%B}(><9-l9^Z{pYZ||pryVHZsv9Ympka73Z>-fGSi_z=b{oU#q zk0a>E^Znp{B~K0L$18a&m{W#HQyt@a$Az_eeUump4%_L(&~5rnfVbc4@0?M}^{-4v z*7-{RRwbczuUE&-O;9I9Cv;Z@PyPJmyl;*NG%$8TvE7=>4OeE+u5~WQ48m>GA-7*2Ue-Ry0(#$*VGev z(y-WGei}Ed3r%VWY=)NRE|Ntb?m?EDm7iMuq5byg`%HsvS5W7Am#(VNi_2J;?eUl& zIQ~pGEG&JlEJ7mu=Zx`2#BI$;!frg(15MwI7lBgCPOOG*)J1zrKjVg+5R-1h^0|ZJ zSSVLfxIRV^2fd#KmhKtz1tCV5MoP-X@DKTCvCD9>pgq3v^tE~$@2}l8fg)B`i4Uk5 z#@1Jny;;6P|KtIrfT@0%v2t)MZh{ih4Htq7@v1WLQUmU>P83h61*$dCBR!FXf_dxq z)R5*pSBKwp(ITqUSAyaQX5^Ymsu%lse_AD0_j`3HudlyE2p9DOv@B}kk_PjT#QM)e zHX~mw%3>Z()*Nd%fD8eIx!sT)jrARgL3ZM8eYP3|4|U*o75&?CWma3EaM$6?y2hbJ zB*{8)FO(6Yu_x`S9!EF+X2Q8hD%*n)^6PtV|Figle;Q}v+ce>e2sJjS3t1BOtDbcu z04m>QJ0(B43cZ6u(~&KZ?Fv>TO{dx(ndi;`2@ccj1eXd#TlT0-qd8ST6K?@eGqQ8x zlCuG-Ox^OKgN83az!6Qq5l6~7>;xU)MM$LkoA1K^JyLo431ve4!4Msvj;ZIMgR_|76>HR%W|cphSG$VpLj2k!?jRxh zZ0Bc=oMEVQhtQ&A$yu3EP&XSS^7^uktHiKWY?h2{DsfERd54Pb*AK5?rX^MjV8k({ z&1ZtDK=%lgVE@YvEGe;rZE!KgB}#Dt&i6Art>81E44WT|TFwhfO{`uS{#9qNBcgm^Z-sqD zuge%d_9YL--=7IxAfov-fCqa+(_GyN!h;>r{9Uxf6lsK0In$bV>R2+L*d9kSkd(QzKC++LV%!r>+9jM;kKP`YX!U*D zpN*!U`EXzn(+db!L)yRpM>*7BY19d_PKVe?asvCT`qzQC%I@^rIdNC}Zlub!j(M3? z@WRkjWmNS8z0pmU3hBG)k8;$KIT!b-G&`vGp}oADy2755mh-8sHFPU{@v*5itgNnY zRsl}O619Tr(}OqdZE2fCaI&ZMCmm?Y43}Z!{yG9k5y55kz;LfUR)$QQe7qH{>FSfn z1-SDHD;=qJ`W3A&4V49k^Fam;l?2WOhVH0VI?+I3>Gld4aedMD3Z^{6J1DF?LoHY< z9n?q66|H9He8W3c53MQlB6Z)1O0!a`A#{HgKb%EYEmt}3{7(#_sSEYArxYat9Eidh zF`I-f(An}WqW9{54_#r(^IcB>Vv!-kQnkudaPt^?!lxv>j=dKIqa5N1Z=auucRCXG z3y6z5(rS-!)!%}J{Yw+os$F!LCd7gT;%Y6OsnHbZSoEDCP;=q}#Ft%`bf0*Nnanqr zxkDg=@fj$~+~Wn@@xUssEr5QaG;Q?!ZPB-AJ&T>`HPwz{j7EN7H z>gE=xPa!>Hrz)>+=(Y&tK3_xyo7VHClQiUbNc1QrAMyxV(uv9=%g9eqbNVT^3n-(J z_g!$N7*yy>!Lg1EnkKHgB0?&=i5hVe)<)#*P);%frp+OqRg&}R>ifeN7g_79CvR!a z)?zDAH<%AK1~pqC^#uGi=Vw+Q-h{}Yv;mBHS33(*6%$2kdv)UXuw){ie3BUH^og?b zYyO}(!{n4^!Omeqa=!g@+fFt{V_Nu5ErV4*7gSoTLe;9laB=6oGq?~ls615^1gwa5 zt0s6t1`Z@rQOzmIY(FULHdns%-N;Xo za)|9m9ro-ujc+t2w8<=986rM5Df#6IuMc3i0B5m07OwX#Qi2$AT%4x1 z@iYf9cxh=z@d&W^p;3_uTc+~zLS`|Vrt)gxtyHh%XbG^U@&XXxIcXos>G+EKfBZuT z(Td?O(+wEs{=1wdrU*aU1M%IZEkFY@dWPh^SCkE41Gavoa{h+Xh}G#(1>*(;!fB<* z<=p-v?8RX$)qseVP|{58^unfK=P0HpB&^kC>0;dy>?)Jv+kh9;y{PjrR*|Y#7H)Bz zug3~e)^aGaw$!h{fSL#=^5Xr6FG&`g5ii#QhbQPM8c(#?@Y;=prk#>n9jT=7HGSWB zmTcfr<&3@6YJdi(U=4MX*J6wmxtYnTGJikYh%W0s-8PJGn0(&_H zrG8e(gF`N$A>uqv`7D}%Qga$<<0G6rmN}aIBY>1KEkr!nM9lc8j&#HPK14p5Er4)n z$YufM>36^!R5QM|8k?omE;mHHm{J3|vVxSEwIjG77&l4tU;^SX*0tr$Rl4ZbD~fh& zqIRV#5vW8F67Sm;4<9#-QL%oJF+}P*qBP4X6zMqGV1Z<@-ssYgssUO-5O}K7W zxZ2A}EwL6cybC3C$LzUuq>VVSia@x2Vgf!7j&|tBjEr{p0VNe+R3+nzsbUCMd$%NG zdOalF>?64(@0KZU=SCRDxRy;qJ0RU0d}Us^ifvM;|Jg)^WfFKUv6C&Sb#{CQ7h{b7 z!w0|j>4kD>b_|E+9?Xvty)n;zL*h>X|*_C z7R-=?;BDE6pSOh$^c0tla0u5CGTnXo(wB~!&}*mdMe@WUew5yHW6^~~(*WyghsMQ5n zzv2qvCVzzXC%1FUud{xZtvR9SPnv-Dreh4Y4KiUn?Mt$IW`?vroE9UQUmWswf$eY~ zin;`YtG|U-!iK-&BuKJ&RQ}N2kJG~Mw86auqk~xJNNN{Im;$s5T!p2D0hY1nLqb^*tNi(TerGsYBk_s%+Nz%5#B{QL{ zN{ax6Jou3%SPAb4%-6_~1- zy+qZjnV(u2welLD8G*&eOX!zuI@TXfFTwCERqc+A4&b!-1u!{1|36_D{=@&1Io%87 z5Bu*ShRLZ8z8Xncy>J+(Mb1m$Q&SI@$j7FABaB^OB$LzlR*!TYJabb|^kJF_z@R(H z3}65barl4Y6^Rf1z#V^n<#%}$#p>y=RRvNr~Y$6?V%m6;9^ca{AAha zlzsRV>ny=8)3|j7Sjp;ax1O;JaFq$1Si3rY42r;~(i^-4e>X&yKa5`d$2b95w=Om@ zVC{sn4WBMz|E+4YFZtJba$bXfRi;4N?yI3~_IS)I^o?*X<|S5xb4GOMZz-)g{&(o6 zG{p~E>{4$#$D!wSMTf`c7OY|-rlh?};NYig)}0X#V}t6H2j|qWwQU%v-AA1^76=#S zgpRh3+yLhhsHZKtMBBGj%V@jbEAJeDU>Z^kL*Rm)f@~F_B}?C9lU4PXz0_5YHi3s| zu;nn|o`|rpsUL&OHvUGfg#LkxSYQ`x?JuUV=5pUYaRy#y8|w!W8qS%p=A7eD;H6l% z%D^FX0qu6*$+s%#<&Bb|??K>fwL9D^2bEka&Mv2GCq~CCYq!TB@ zH6astSe3JXMOkF~z2Q+;wjeF57Gbcy?P~R^?7G_X z=Bvn_Bz?*o)8X;!@130~KJza~w<7$X6P8F{5HfQ?}HX=pDEk2@^oJ*S>lyZi}HkA;DaCA|HSMcPs#(vvceZgmG@-nlo7wpS-ov z6vCHYm=PF{wXclzDV*4IR+@$qkHoWS2D@Ynkz-ly_z{rI9v`RPMqRGy&jA1b&j4TwUit1aYywt8KA ztC>Z>?R`7V;S)X;qhHSFt1yWKTJ$XyRRvjsOWMZLv(^h_v7{*@{@pYuOm8qyEg623 zb=HT4gfWp!JW5=PO5VRAm}JO!&x{p1-0c0F7KC-}#L3zxU!?advH+=*G0Cf=P;)uQ zcIq-$C~b#IB-k=}Q_~(_##y!=R7#70i29d**xcIc40(P1VDG!BAMD*j?AI>}k4F5M zKs`ilj7%e2G4$-z6E;aQTm>1DaUgb^7~-09|C^FXJzr!|ZusC~7L?0;PJA#~jd*iw z1QnXnM?3GN`|Xqg()VL~J5bElU$}d}&Xk?+_0H1Vn73ggQoGw|i@Q^2>LPgJ2#S)b zm#IeEAhPrU5xr+5jGVn1Z-7cp1VoZA16nDvQ=rCX(uA8nb6$rIGbM_G1;mDNmQL(JkH>> zu*KTLljzry8B8t9=V}`nXD4qFYBFX{#Lv@@*o;k9PZmhFog6xRrck*)!2G%rGU_^N z%)zQG=RrV&;r(n5aXw#L${I;aSiblE9zo8x7=2|4aL=bo)+IjwY?!7EePT}%@jixtm;Ef@=qs;G?|Gv!gPhgpu zXgUPf3_F0BXoG|QUF*7C#@*`IKGqETdUy;aH>mhOO>V)_&k;D1n+I-+Haq2)9XE`_ zV$p-)IG(@mX@{}>dk!oJP}v^9b^h!)F13+CNb(aD;lRPI!;c)JfD;*ZE!F+ZtdTIQ zvUx?l96+ZA4wR&5O%7tnScuqatn-AVxshewD66x>WG1k`tIoMWXIAKfcn9IrXVO+) zndI8Sk780|)u*lgZa31a3W~jOhnM1Z|}RjVi_ML?RddrUIY$OgKbKTEh% z5QH-#Mf!pYrlF}}W_97qvYYB`qf71b)EM`LwR5#RuplFi`s?SSxbZX*;HEd+8A<;| zHQOsAM}d_rqbvQl8i2#&RS@QK>JXbR_?39y)ouOlSpTZ|>|A{CX^=lK?Zv z#HGl&Gj4O;+vuf(KzH1#(_P@>Rb)wW!E&+;TJL2>ANjJ3-W0b7;O~KU0>~08n~+V* zb?02}cu8GAgeiqiYjkHG0va#nb4(7oM;~KnSVmY@z_554TL!?v!Tk*Gc}M@4+j>WU L_)?iJ8+=>);DDGO^-Q6E957#2ay|_zp_lJ9Nr?|VjJvhGiyZh_@xyZ+J`oey|LeuMgheq73;+ONi2tZJCRAxUz;Bw zsmT$Cv3sEdT?F)AH(R7-7h_-u$wWk59_8rSe>nt-6kZCB(rFx)jTjnEL@49Mndfw0 zq5S?NN5gK1_f8OK4g7f1veez_d4GD@4SrZX-8AZa-XGkrFk;yRc_-+ny?2thKzcVyw!| zq0{)=!eUf%ZxW9;MzDm9NmrK0;wrR%VbpNd7W_Tc> z^30Btem9EHc=+*qjN5Sow8HyQ6A<9~>o5RiSwOkS{I0Y>5-jZH{2^@Kd5KqZ@rR;j z@B5XmBMMMbSh^};@gi}F%{>*TicEL z{M$X!7NhPp3{Ia+eQ8N`Di(I?u`B^Y1ljuG3Q%Gsl23 z_sb7{xkT7eokgeHhd5BtU`J+Lz`J+mAS*3X~QtzrLz6Jk9o(hs{u0kAmaM zM+Cty%F5(cl}W-!R+YdkY2cFV+UHpaw?Ppwu?c^jYsB4WI1-m*NxI%LyHNii+BRmd#(sy@MLAa;ADtqF)xlVd z#q@kD9Yry56HJpmUk3sjFXhHt&}eQj(!>YRw#ZDjR74KO)~AW`ZDSjCsZQ62B(qNrO)* z;l-#cB09E<0qwCx0*1Bifkp7#ATDKDY2tq(5Wwsyp20&y9ZKkVkai5bJ3#Og?PtOd zF7{Jf!xK6uiet<3cBKR(rH52-51(whA&Q_qQf1kQ*N`Z;b$I!R*Y~QYP3bAcKm55x zv0CByOVf{e1U~4h6-e~@>V$U%i^JqR#)>{AmsG z&$B;cux!DsG|Ip5CKA&5vIdZS{G+{y{2QW91Y9G<9`o|~-y$3olTmM`3l1e`unxv@4~vxZ(zjHN*!gwr!?{RrHK%{)Pnq zWw>{DdDSlJ52Lf0F+zdki@+DkhVM&;4_&>YsxWCr-}LCtsgTvv7&YFWRuXYsnC`A< zFhAOa(P4qp@P_!jx2@ZT!Y(;=Z;nIoG*@DG=4Z)q(`dFu3&5Y*ja77plk6V2G?VQ?c${<7H z@9#IZV7-ui-+v&J-6{Kc$_Xy6ICcGbffn%o+1uM2qg!q?V7;Z!XE@s9tR!Fn>G=LY zi67pOdp-+K-nou*@vv$WB7~%NVW?eD`nL4EgotR9Z0CW9fl$~`FVywH#of>&N3=6# zI17r0v8RINd5Wi8#x$fDOh8GOrj4M%P{}YyP-EF3woO{9lY$U}l_&8eg`#kFYlwxN zI*X@y5=wm=S`3vngqMg?8|}~ud+&__!Gciu^*1gutA!Fv>O=7v$hr!>dIb6Z>dz02cECx z3csK6VjvrV!}61#jZ;W>I3469nWZPk1bnBu_Xj0T`s~?C$H`pmD-KScpa|>;Aq~9< zNgxsiy-2e}9@I~ycqKj+NSADOdJ*_E0(z0xD-cfJWbQTnXRi=hpXj5eF<2DT8%+EKd?5 zQaaD;HX8Bb53J*F`QHSo$y;7jE*FCa%}}lfQn6Z1)%)PT**2;_OjAhwK4zBA8bm{J6 ze3(m!tef@f@bet$#Kg|qHhWVMkD|q99uK-KEGLIoNDJ`RI3{?)OoDqS@mAlxE%w#y z%d}L4kk}pOMM5nd=m~g`t$q(q!P@)#>*EZBx-TZ`9?8sL%TUdk)DSH}s_LY$%f|uY z$y>>AZG%;rl->@WtFsoKKS&I%RBhjP&<0c zv4;V7mk9Z`L9qT)Viz4VwI^XqBbX+v#ovT8X6q8g)n*(zEc%*Luf`rPJezdrWH-(t zuu53>+`a0VI6juO2n~n^uD*G`-!T{quos86kNi?^Nya5I^P^DB76#+y#<`85ue{ao zLd7h-rXP%(r7rlnOVxO?nat^BAhlb)x)C)|rZgf-;*Fg|T%LgEN!@HPwQN%QG|igW z{HnM>0lUDSyYZB2joeF?)1+F|y5^+~>h2`59t-axHN45&3!IV+rf&MV6W+fB>-9&e zesB)|P#=fkOS)zfFRNrf5P!{;t&W+&dAsEnO%y)jJ{n9pm?k={3LH(rf_}a0-yJpw zzOOl`A5EQ;qJi69r?LuM5x{MqBE;PxA#0&99=NSzw@?`Ps&jV;<&^)QECg-~R!mo~ z;?%qL(S35g`a2~05IWwn7C#YpsML*iFX_LU_u-=ua61y~>JpGRP)GIWzdXbDO#0GIGFU#O(ieFawlP@rCd?qEz1S^E*M{?49D% zAP9Z+^FW$7@tl?zw=>ZV-BqzcL@1IWuTPd_32e|qWs zt==P=(fZUf!r;ZzB<~$g+3ck}1WzrE$^+T#kCBe=93o7?>#@K+XUA2(_ew@2m}+g_6LH=y_I2{J?@y0-G! z#>?0jR+4;Bo$*S?lH4DoQ~THf*1u~QegZ)ujN$!H%3P|+3}9hlY5DL2A1rbI?gsro zKXdLHBk(&#+Z~4#le#MA^^OZ`_4+6YA`FhxiGkb9J3mjq=ihn5)a%#G8rFph|274| zbx-i+=7wL}i_$HGpUqz*;ehuil9!imO_KO)zTV0(PePI@iD|6`5;0DMd{KF_4DE?h;|b zpe`)AF{lOd2Un3a`fv}D%$)4>s*k4shubR+4xpgU^*&u$t{0E7Fx%rPKWO5WZdmBY zxuWn_q53n%8)3IKLvg^wZx1v*Qyw@<4S;A3-KdM^v|h#y1<@C}4Xansw`0Lvd7-*k zd0g~<7HGQHFK=+MLNt<+E(Y}!7^0WI$b1_oJ*@P)a`^8LhSsT&I7R_JMH@%y<=Me&R?_d}x=_ZsQnMj01z zTrizWAuruXvSk2k#wj|baY&zd!`8MRxt*|lhD^XE>N{ytq_7ce0VGCM;|gq`a+}lG zwCp1M24;CnS`YqH5a~F>5?5%ZcQp(YBHMjbqA<3)Zy^@F^-PjNT=MZ)qev7;+T0pcG*-huV-zjSOUcAKm`U50P?RCgz|or;GC(}$%fYEyCrSBgoSr)2UFFRlP$yIMzJPO<3cRJ zcl3}GSP(I)sWn6Dw$&n|$?;a6nBei8N8`dNd2JPSGVw9a{W(>LPwha3w)QA&-X^vb z9}^;*3xr@tWe_QGhLP_NnuPyb(lD8aM1qt=DG>N4Pp35ay~EUSP~FbOp1_`IvnE)o zOAS)EJ2jkSaMiyj6UnihjgAMLi8QG9oouca#+%E0v${$F z*lF36MXY;cUl4G|Wc^~?Q|H`0942!zit)g=ccZYzvNeEiL^}R2++awCqrs^=Ey?7! z>y90w0Auh{+_sAjjX3j}IS=?EIYbxzKFE*Of}2>g`M&-EZFBv4u=J^dO}$anZud>& z$C3{Yi`Qgn+(%>QJe-W#!R)XDD#R&49`q;J6vPM4@S~LgN1MTOnC+ixYO0%5J=P2<&cdPaK4D= z<*Tiq8rlx}BQ{k!p+k+jxi7o?-K9cNc4_5pMIhy$IQ?>`I?4B#YCY-Dqzc2AsB3|W zRQhB-bo;lwLG#nR_n~=%eY+IerC)+i5SVh^(X(2NfiZgo`c>Ex2^Rr`tn+@1MGiOulE&-WhemT+# zVSr3amCOS+DUs^AW*rT?*IoSPsU#HJa-Xx574s3azstcgJ{^lD5eD{QW_gP?EiDEn z$}r2&*pOnX{E-O8&yfqe?uFsP;c$OEO~TYr4I6~lE1e^IStrkRH5IftgteKO4dne;4w{rgmTOa zRTNP8dpotG=WWp7e@3w@$TAM*R9tZP3Oz?`V1CVl6Zx_maUgKg0pC4fytR?c9>VL_ zt5&tvl`!2X%0;Umz98|aq^SH(#0f7~eH;yINh4QTY`}mlTBkC)RH3}p{DUWn=t#Bf zm|o7tE^0#7%|p`$ekx0H@CJSLxlkJ%cBBgJ;*LZ~ET2;DaQ34eyr@XBo0-v5>snfK)*4H9;~%pPXuTR4l7~- z{n28qc7GwKt9_qE7^6I<(Nq`i<{CsaZLe}^&%s*N1 zAQd z5yCH@sC62zJan!OtB}PFc^dB|N%=0cfCbwxU$i!lNj_%D7Bs+k$5UD%th zh;861O2wbFh5~0IzY^6%x=@V;bUgeG(V1RkS$bD1zYYtdD^SLqUAr+^xK}OhQ)PZn zNkX5r(B=r#$S%Ty15jZ%j(4xbCL?FC#Y(pxhGlfV5A|Iic(;;b`5VquO;$$}cx|6V zrE(dNYHas*yUmKOzt&*tJpo~dbLMqoR4l^hA%(+XpL zuq{DWk&sUm+rK8=GrGEN<`hOORNmXihns<)i9L&^2}$KnQ!_afHh#OGmp7wQ1{BIfrcvg?08N)80vyU?$% zpFwPNgvr@XWh%RnVgP<{QrTVx;=Nv&ZW?UuhQ|^QcXe3S*IqI|tcPNR`T;w(+8)-c zI75NF-&CidJGtB|ow>4sg7q$^*|tq`{R^t_o|j7Y9e$v;Sp~u&`_rHu`XeC?+TP zxil1Kp09Csck{2CpDRds9Ekuy6(KV%=*>N-a*WMA=aATt-gRFmWCYwXdlr9_hF%ls zZJl76B+b|()xkQD)jI*b^Dy+b(E8$-oU{U&oJ0fHy9CUd&{Kh5H0oBDuz36}&K@ja z4sVl;TUhk6md{UFIZRt>aJEqEpsyW`PGd|APT=*nf+0gqp%t+szgf}HVnaiOntr~P zHA%BORam4!yB;D__?^uzlTg#B@Xt+Ij8jTb^|gy-kW1Bip(;4+AvJAoWN0;Q`sfw3 zi|G(>D`(x#!XMKrI6kig2qFS3UhkWmBCiSc;I@MQKhy4~k5JuD7=f^#{J>`zw{;n6 z35KR@#teCl5<~){x0ONqschDTZ0;GvZMAeVE?kDf)7u(ym9K@ZHj=G_WquKB`TxvU zaerW$AF>8>8m>9RqL~5(VwLUBceI`w(bP!aQU7L|}?56$&Tg{svHA`5h*~DC@ z9&l*9P;)$7>)>v}J}EF-IXt=fiVjA9soDX0H!#B%-wxSX;#z?(8dX`D(+q=~2CP-n zHEC;HDE37=b`DGtx5>e2|wn@Zjex1q##@eU~{V)9?W?!-* zf@Hi!O!kt`R3m>29L^1|swyWMT#M0*ruDj?+!G({#U5aM3qTev96gjMj+u*+MO0d^ zjWl=vW!iLBD&!EslNCc8*>|9=2aC$zs7`KN+4(4|?$^&}QW6B2GjxBMpQcyJjHlxs6%f>`SH&LOexO)0HYOh8=ZY_P8KbYz zmxIYg-!scAb4WLZhQt*0*LHJ68x)2a_`jrmr3KdS!v)kr)CZDq zBaBs2DZp|PYAj*+4|7m2c_P#=v(YhGVSOyp%elg`r0q->=`j>@xun3CQ}?NfnwiBp zgcA+*Cpx16#b>zre$jSJGvf)&G75RdWToL#Gq5B4o07gI3L)RR4(Wmr@|UW(Ediy~ z9$P`tcHrG%Te^vr>&N8X_DxXY_RZXSJdXDoO(45-p{9HZ=h`!4HuN=2PNRVI`qyq1 zJLMfO>tP*Bzf6If&dNnsu|?2XcHu&8)k6Cv6!RBF!&{YkBTyF6LyJIlZ81>jGl_hE zR~EoX=*8m>IU-ZC`#19O96hO zMxHDJ0<6{(Q->`AT=LYV!XJP$BLVs|n0oXDF;FiASejCg9mY$av4pkfCuz6C|hdi3>=Fb1C)yr1!*bYt3897$NX0s zzHvw`C9Xo_IeSX&zT{|!m14>Eo|e+)g^e~KlRKKhnITfNNPjixKT4=X3nd~kaw)BY z{e;V$C`d^5y}a>Fu&X^+oSud2T-v^<%_h5cJa>Kku-7eH%9DwBw2b`e(e)yL*`5f;oL`0LK2{fhI=T|CLlseyzooLe!m zgg|RCmEDWLb48EMXThe~`k|U`6^m%x;e^5*$~&u3#@8?}n$^&6?N?%zP_-fbK0gk- z8T=prpqxE`BTR;vvV>1b-%R_ zeK||Mko+J=Xi;fM49!D@Rdm#g60-vTjX1E#{O8u8=LH9HpM|W;%QeFWB@ruCq)@yy zWs9nlO?mxWH|F~FjS4-X z0xw7tHj*Y{^8gC^B`(JRU@yO)Ubil_15k@;LvRAX%^c|h29^?L!N9)t*1CksH9SLFmU|{-H1?_aKSPQ=vji?lL)=#=-Oa%45E)7Jra}Cd zWy!yXBpMq{bEoU{_p^1A86AR1$vNTs66Ke{*!2Xr{HOeJf$L_=>zpN|7C*32e_1FN zpSkym!vy}eVKp|k9bm>aip7*K(A%8MZ)24hCL0%bh5dF6%dvh6G;QFn^RuLpfN1|tYSUSjF zOs@md{iu27IIOClemBvvq+0zfS_Cr&@cIM=1_nA|JbgfZwr_pFo@b&!1VcmoF96Eg AKmY&$ diff --git a/released/assets/fleet-crd/fleet-crd-0.3.2-rc200.tgz b/released/assets/fleet-crd/fleet-crd-0.3.2-rc200.tgz deleted file mode 100644 index 70bf1bbb452b24f7ec5b1c3be0cbbb4c861841a4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9688 zcma)i1ydYMuq|#2ArM&H-Q5Z99&~X{aCdhI4oi^W4#5fT?(XgmfyG@e-+k`~+^(AH zny#s-o~iDxbEbzR3JDA9KY6EvVlb9bWi^#iz8M|0E8o)5b2 zGgM-H2%Dq>luE3*_4_kWcDN-$1Qw1~=G;$Kl6o5Lv&Bt24PW7jAolWT86L*TPQutV zPS*C-hn(4Wa=jZE7@WU(KQ3;*J?+e=Z*F$@z21$V^4J^bb$B^HE^4uWq$CebIg-EE zd8E8ZMnt|9UMB>N{b7`q+oU?HOpH^V_B^Z&I`}2yWzbpc_2C&F-Ey|N%s`a;@XjqB z-DvTLS8dH6zRWX==6Feej0&y%-tzr;9>q}D3(1>H3wEv{>Q{0FH)%?s?zG|TnmRwP zB6YgWcAwu1;i3kN=6Y%p1qE^)V~@W^Q_w_loY=muQaRK}Pwek6=L-KtSU5DC_Wb=t za(`6aY=(wnD(ihQrPJ{3&F%2z{Z1h3-O=b;Bmq2a7zw<6-|K&UkH76OY-`DnY~yb= zm%OXIf5{mCLyq^Y;0O8H@20Xy#^S5IuMEo4&kD($71`w43vF^&1l=f-{n(Rbo}*zC ziJhB%&tBql|MZ>6u)ig>4W%+VUwM$x4ii^h$UCVQpvVvFpZC+e>Xq|3p1^1gNJ@C_WJ49jF-Pvw0s%uH~cgQerJB{ ze1|Z~0x8Y4d&gIWufRZvz0m990e9v!pQXP7SoPxXkJB=?G{@xZ@9_GQbMe#2f1GY5 z=I;y>3rems*7k4oRX5=T{MWQgV!kb#nQ*C+cybl^7+{Lp|CBS=_gBU&I%>N{e+txH z;${D;jB8;i4)H3_U8bejvgE#%@!;oCLNdE8)&uaY=PU!5Qr-Jde!oGsBI==1H^3cf zaYS&}L3>FD0%79oLIaRDS+#w00t~Vt(?bpfJt@Z5-TPR&RK_ zZ9AVW)oOrnwC z{dAU_BQ^n|@t>Lm)$r{nwG`HS%nbWK@reE9&&`BD7thy1a9(k?;%`s-JvWCk|82VM zgxQ&!D@05ALNX7j8IuaYF3Pk=n=%5JyZBy}La(7IS7Ot7iF5%Tm4W@UrlMS;|t{$OXRq}DH>or7(V>L6I9QG?zoCt5fszl$tE z9!_Dmopqj>#as7*3WDV3F%I>wGQ{&8{wh4r}Mb z%N`~gM>}n^WDY)mVb#gL#m8O1zL)~Lk}aM zIXDI)Q7sALFf6>IWrI5=&Z%w3a(J@^=xtp#EG!qL0h%jTm1(XVf>4+h2~l+cdT`A{ z2&6ckV$PhJx0)y7-_U<^vRj(XFn9nJ@FlWg`fR5zh+`A!&p%o8mqfml1ISY-bw9f8MXL zfQDy^6GvSNbictVfyN=-@^sGVuvk3bGQW_3N|7?;<;0bSS*2))o=K;;fk$gJLQ1|< zbToXZvlko)I2lj4VKDntxj|UwKT8G0x0d2igx2mRvVVSXhBl0#W-Mg?RdgkPf+NFn zmNpwzI_Ez9x#vpez_Uxg3rBr#&+%uxpNQh;PA=6y-KCs9fgg!LEi8WAw)Wu+iI8cmCjIm&L!KX(y?x$KVZWt8RJ+I4s| zo*f*0mhQ^P0dbF*KijLIe67^}G&)k!8GT;|-uRxLXlQuc%iQAkM}_1b(YH#ttk6Fs zNN6ukD+qHwg=FDY(?2%KGze5xVhk=I!$>S*6C1Jqn>HD7q9a-CVmV7=gNZ5Gp?OmW^0BBMdNqCYk@h^{fgSX9t1lhpTe&V(>P0qn{ z4HA8X90i*h$%31YO7X;1gXl&hG}|SO85#amWPGbpBSWGlYY5e8y^*&7r9-zl8t~DB ziPt9-$k^FWYNI069A;3#1*NZPos-3=WK=`$xFQHl(L}?J3Mu|dB5mv2PLGa4Up3b_ zd}f;PiJ+)J(w`0Yh}7i4g&0YV7|X6Vr95m|$Y=G{tCHSUgDN;wTo}4tL;SsR0-Wpr z#jG7y{TSY??BbA|$6$*18}!*{nlF-wwQODX1HF>_&=p7*e*{-qh2u3y;Z73ZgKOyf zU~Zoix9MW9Tv{g_?t899%usUpg6f21p;FYrO@T-6u~6@C7C zUqag6QKm&$$6xuT5o1v1U!#>W-}z(8(3R!BvRz8|jHC)5b8AX;WI|c_Obb{gV=ysP zc59E8eEt18EJnCd6wJB0B&h26?RxDlrS|&zx^~K!{jcjL3WSJbr6&CigP~wCUHFX9 zV_n7BfVIDW0c6~rAcslM>?L}kZxz=6Z~`4zTD!)#TI*Fd34@$*%RSblh_$$ zs~W1RV^4UuggOE(`OZAPz{rG5y`s8O!MrVP93|90D)S(EYZePK7+8*vdFZ*c1NG$+Z8>hWu$x|v+9HKbHo;G9Q2;0_9#)H*bZ>2~1c5lpjU2$8ERhvJs2jZeW= ze@Yf=(wlNYTuAIqYRKA&bh|DhFpjMcM_f!krlxODTY3@~{h#t1qSOnFi*I|-I>9Uf zf#GSi^jY@X%+cd-jc2Z8c|vhG!|oZSNrPY-;4|UOpm- z*_lz%Nu1Lv#DN4O+kQsx4%fP0|j&ydpKEa^auG zLTR^9QveR;uS8mcEYJgk*MA?MFSAp2Q$8nWcBe&c`o9fpvMv2^Vp^D2K8yi-FI?6{ z=QqF%9psD}{u?0VqoAUSRBHBE89zMRB?y|Ims%WTa?mrO4t_tqJ+M9+xb6vrPy zqo2;TB{@{~=j4gH4j-KZ@9-x12JZ;cV$V(Op>1r82Xmot$6>7hl%H^(-{(J%lNBK$ zdqSF)Zj$aPy4czL?XEh1ucZ{vK=W36&HW1iKTp?EUQ*GtpfJIX=_}LC6>~auu@hir zJ+Tjz;G+lyC=KQzYd9KSAcmJre4YnZ<8Ido};5LP@0fCmm5S|H;_!~9eZkyu8@g-mUt1$&du*?BgmEsYpPZ+&S7Dx< zTfgNBH~RD59G(k1M^2F49Oel(!cJvdcSXPHeHdfo-qy~{r?UZFq5sXFZVplSzpK_S z*z`jzw79({w~NVs0dDFh~lUuC6EE7Yy3eiTPl*yM!A zz0v<(N`WH;^a`E@i*N|M_40m~`v7XZ-c*V#CpFv?Yxnd1qK@#_d};(Nh86zRXkAOT zSB)eaHJ6PP${2<^g^f*)phqB?8Cjh7u zu98U!4#B3&PT|vNInw>&DJnn_niLk>LZB$y4}P{5%F-pIXRYYDq~%CG{EIN= zd@L2}$^6=DoHhE!QH;wO=gFLUI0L=)8tloOpFb#wGv++466ne7s4qlq&UnxqZO3^2 z;CWa~fm#8Pfxb-H`Ag_SGx*(d_*Btp8GXqxb~en|Cc5r2SbWaQK2PCVOEFfV4dc`= z>ajlGmqv2nutRF?A-+|dSQb_?oLl`(?4~#f3xzn^56o!&n}^(@UFZ)@Y|?*p#MH|+F#KDbTiVPQ6Ge?7ap#~Cgx z=CjHLNB+b~33fbFI+r0WQP76uMcr+7;~l6K-TfUCUh@gIY`q<|J-Hk>^?!bQJDvAW zLp+jKd%xQsEhd>-d~c3?S;O6iY`(cY@4m)mHx7tumU$laxV}fz zwsb7r35hlSe0KM1WLQ|(WYyVkldZDLKhZZaDt^{R<~Q|qziPSDS;*{HGoJ5VHGNkwex0Z`Ks+sU~}<>+k`>h`Z;Y!|S?saln`kr%gmKJb|Hr#Mvp zv?UKpH0o1%H16i`G($V*PFWlNWhq-;bkOj52*BF3D>3A(!)_2-G^&h z+i%g(eS6{MO*HCi0E|Fm+FT|m6d|`j@wZ8C&<|K!*gB9I4q>trD0i6IVFix~HS4NN z)?3#F%C?tpEG*eqqzD??3|})qVHYVi3^o(}m!f&5C^kP9wX6r! zH_FP=Mu^Oxeo28 zHyL(CkaP&8)}psYCtCd2_G6>zWj^d%#Pk5cRgv`W|5XapTN-wFTBk#F^*(`pRvEG5 zEw?%Sen!;Mx*Mf@sbyMX5xg+)SQcG*Pj7IQp-l2_?EMF=XwJ!XD%A$+ePA!=swThd zr0HxbV-4K`Pi%B56)U6TyG4M*v3Rwh>U95AYfI`TA)L%My`*%!FTs^Ki_ znTx~_ma?%pLk9n2?6L%srmRJ#HEspjT{LTe@&J$YzsGgEyyszr;{K z98dJC20ro5t)lmH>k8_iNX4w3eQQq+QZ*tiOh|zn7Dm?5xaz zoK8dzMOtoxn$uUIRY2(zdCxg#vR&aWHqowEy)D`A^m0s1BzbY7S&GDJlix(Ufl-h?e?`&g6qHLsK zX{$=~{xgZtE0;J{>i0y+*(HBayna%0qhR|W0Xg6PnRPoGqaiJPyN2GXuM-+AR=!Gk ze}tIh-aoid6Q~>&R0OQZR*PtZQjuH_G!OBAA}^~v_%9BsOo#n$49jJy&v5Bpjmq(T8384dWa2;1=m+eK#MM@-=+v;}x&NR=N4XFX4NX zk|c^D>lVK)+-9yk2K$uyaO0SD|M1QfeAQ&_m+@0{zCyB4ZHq$mWBaAfnguUOR>oPV ziqNsmcpGN!JJ|2(VGA3&lyM~ozt#eTBWii|dzJL1PT&toX`ln}0Ch(@;1qpxgx348 zn?SQzZVQ+DX30SeSxyd9+qmle7`(K!!?^fZ{LpA91Wi*pIia%{4O2PQ@D?f;vb6YE zQ#k<$@SL;{k_W#Jm=csZJnx|T(ev88%(1E`90ATQj%|MJUhGxFt9;P3=JS?!S) z8(y=Xz_?vPqb-F5zN+Ut&yp29nyjJcw5ZDI(Q6?_vh2)cd5NE|b>x>m7u|gq zQ6?*@=wdPCPqNh{*_8)LNXMmJtG)^?jF1vUO|uu#0e6KWXW2@)af@8sVf#@G%of7C zE}}x5(b%swwG=bfmf|4PnayOyp&`)AK4!JDqfMQb`DZ?XR4$B-(?h!!JkoHL| z*htjysD@<2^e$8`i7kL&V8Cht^|2yg4yqAP^BbGFx~f6q!8yJ3~x>dNNj8!+(PB^Q4bDvW#nYz zrYj(82q};#;JBs{?1zQcc`lFt5jq6s!>3k=@+$wHzB*anw8-2>WtS)-I*OO6CVItS z<8tck(xeg)W0&$V8lef+P4ZW}IjP0hA_sS&zTPssFCA$jPOKsjte+U&oCU|&^Ljbp$H*M2E+XS+%lx3Dt7URTh95oBk@fBQT@OeyWq!-nrSBP z7OrkttDB`GZe)AJ4~Gv1Yo;qIG(XmTXgtCtTJDy9sm4pfFCQ13qH5z3)iK2+Vt9nW zd=qN5?eeeh2(S)w6Z%An<@>)uY4Mry2=MjpBZ)hvD6CxM`+k)&v_73}=k?S;nD5s6 zJ6gL2(TVtCeci{+j5qcFwF1acp3mL7ozGfztx+J(QUzIvUbZKoT^oLgm)ZV;z`RvT zSXtqxi;e6Rw`UjU!gS8))dg7J!cw6IKZMptmoszHSzq(!tT6OPb-;VWF$UWPnUIYp zgzS!)A+-nCWFQ^RA!ifV3imP4mSAvnw>}lI;q5pG5-%S8x$o=+Ht{=ba4*4VA?DkY z*aQ+JgKPp~b`8%~SMH=dWU!0Mjjf)%+Kz|;4suhX{|r5}iH3RpAf zqE{qns+LOxDisI8Yg(?rl+WxXs+7-!XrxukseNVy6&^34L)f$|KMuVF!?RSrJ38D4 zZ1N3Ya(MnfmR!;-vE05_@cg=?^>hc=|XuD=B_L`FDL-- zGWxS>Kj&2++TaK-X4S$^mJCnXMoh8J;_otzTbAA^TKwCsW$XZ4q=P2bE{-39BJrqn z`XM(z^ikvvV;094C!W?V3yt(x+u^JurVH3BR1EedMjR*S)%aJX^Q3G@^{q31nhKTxxWI(0M#|>-}yy#{dN5&_Wn|C+uVt zivSH7`Yx-C@)7o8XB}EF4`F}PVZa?BL4HFo2A6fh)wd%0doCh@U97bcOd<8%}|G+x;yn{@U~7{dS29}BZ!bG4s4eAsQDMBp4XAK{Z%?$7RO{Isy!aKu4MUJTg8n}D7ny5&MF7SD;|xW>X9%GRAw^&r;Z z)45Z=v5(#qnbaFFNGfqMLXMyqCkZpF#Ta||1he02S=o2(vm-A7A6DpiO#=$Po5de? zQq)B@B=;@y6^S{W!Ds$cE0xl;#HZ#TM4+B-|Def?mzMTobiXs&va$n`aBOelA9WAf zGI^;P)d>ByEf=d7C6|@%SERyw676+1gqe5PNJuZ8(PgO^BNz)1aDxuAvL zXPVFo4cqc(c26!ugC;r-yjKvpDQjv7dK-=!cml-s+EZ)6Z8os?RWRF?(96&79Sgwc z=osgXFwRX>^-spgD`#yunc$@xW(dY@jg+xAnG<`?LS0|{foL{WZ8U(V$#HHre6^(+;X2btd#wT%AGSkIHe zlA??pyJ`eaZ!l0T>3^4T)P;Te$wWNyAbu$#arcH`lqT&tGn#LAwHGoi2fEm}X6JjoH8(Znt=ovw z>@?WoZr7SR51u%JqNM6(s?yYpD!xZV?;83^&R&VzME=!tzGMPZ&GNa@O4`xEQ<$2JnG^Bz^aD0ygTA`?fQy2gAv$579mDaNx|yM~}StYaciV@Av3dxpSOh;tlG2ic{IXF30GHKP|Z=1 zMpvBC8L#gsR-V``ui>^ox32+iuBigr-es;y{7WRhJED#I-{)?~pQL0iztmT* z!duGRPPre;JYxdO%!JdSI40NuM1&h0{O=lIcn4zg2SI9 zffAbsE(%sVe;{pFjDw;v{SiR-@H^T;Y`?ApGki3*`f9vog z#wg%~2c3(xKQpU=XO%ZEsFwrizTE^$P&6k6F{CX-Zq?VgKc%{mrC%wjvcsf<+22*> zT%glSwf%Yf;eXGhuDmkIwnQAorhI&?u^8E|r&kdaec{Hzo$|l=XJTziKN)={glV2` zH6|Hg%JEZb(S)KS_7`_~eLMGK?kwi+%qNw9w;wwPEfJ*utd&h*%%}4*swo9%Pn6`O zA~zx`e{`c~20^L|ZbOj}$}ZUSd_K4?#O|B4??kXtXW2<3DYDymTd zh-UN-lZ+&)j_&I363)~U!aqU<`n*!6fvG`eRUt^pRb{3DMDtHdtn0$s*|(e+jWut>5Icd+_*IA7z=w;dqNKd#B~VA% a00##b65REU{_%syPeES~@tw{0lH}U->+1TJXZGd)4w}N^wAw>QHuEvlgG93i|Y;V|&*h z%iswn^=mkXlnab%qP6|o6M@`VXR;_f0)y;npqv!l3;^5a`X@bq*|8x0UuT_9RDXu3 zvkyRmgM06kyI7wa1OkD)-+n$rp}jpm5636DI?g7&FVGbo5SvL)r~j7+svp-%vV@xI zA1=1t*uSrhk)eJq*^FfvMt?YEky9^`ovI*YRAZ_jjDO2eFJ20t`Da8Wn>_l+nVR48q?=9f9>f!961QoTRW+ON`RX7DHUzZ=Ymb| zIZ%51@~AhHu%0bYgz%`QIeuKTL7iLVO|3WApAs=!J=su8{o=u!$(L5$Pl>+PbaEG> zt1lv?QJr=c_{3U=71pgg)lnWTE0_MvdZ57;WRKGMHSXvyTS%Oc8yg6M`I5}tAp90P zHIc`_6r>U@d9t^{D{%03V<7mp)3+Z&MO)g7$9nuW7Wec<2@UA=@s+{% z_4R_p{xdpz;Lp{N;w+J!lwAJgs)MhmyeIWVyCCs4o5faNM5?LQH+`2k6hAhWxj^SC z1CUQ2)cbOK6IuDUYge49gvmFVLvMfgLR>XP$apVZQ**SLMsMrMAnYtBgFh&5PJHa@ z>?U;*_qg%f8BP@fbGgu9MYqjS^4n9;Yx|q0TJHtL+eM~Tbno-sn>$B^dJ5xOpZ7}l zBKNcAd9@*DL_$nEi04Wn#f#q{CzoQp8;2%Hzpa@jnXx|Vr4yX1_hR5lpApwfT1oq6 zbQ$!vp_jrUJJl4K+a9z_%eubd|9Ca;__@@5_BD&9Y}0abLC2hHhec!pt+SwtvJ_W+ z?>MIVq?b-kZIA!Q#Jf3rP`zF|npJ_NO=G|8z6oF2$v$+`gsx+!Pj$W)&?wIM9#CAv zw>P+2_!Y2E_e8GW=t?xJN%ze;94DW9IOSoF9;^HyaOxCmCe&v?i^k`C+33f$hh_gs z8^BE=fU=J`#yshb5!D$Gzwwe&pCGSiTcTLTj0rc@s zU-5>1abK3*wa=RIKTS$saC2ECL{jcLP~gG+N75DmO}xrW0iT^I)NR^h)sRT17SY~` zR8!quuSkeRWG|Xw?rXz=W`MnfCC z;`??)l&nxnq5Yb6Bjn#?zSUtqHO>&oU`O&^tj*??$9gx3GIz6Y`54!LDFV|&<*PD> zaib+MWmX4-)&zu%Olhm=ctYJSzr`J9__N4AMuZx{1fa^Ku*P^9rv;7$-pPdto5{gr zd~xR#P8G-jF8IzFBCS1`wFpDG*=w0Mi)o?a-{)aRTfJa^WC#F8Tc2H7oADf^^tq&0 z;dOt};G<{E-r0`V1gy;|C1^`3Ry`_1MauH2dU69D@Ssu5jV@~B!4v-U{UCAYVUNB& z!blZSPF3e(kq%1sJyu(3T?5?<9D9ZE^*e0w^EwU-t`bk;%8_ zn=4lnCQcMRB;NeV3d|r@fy z%;bt76R+?>b*ropJF{42Wcz3 zp&$l~Qq&{RR)a)pp>?mMgd+%z#%hB!auQT@O6K8dix%94xHCI8FwxDLoMO%8mA}|M z!_Y2zSlrv*vQLJyuWDIOKiQ;(5>Dpz+|iPJ@6Y9LtxI)X89`|qMF+3W89VkTgL+r$ z_G9%Wu%T3|1#99y6UNf+cI$v#3FrxYE=*%VJ9c1!JDsI-q{H3Pd5n1c%>@16fwJi2 zo%sh%oOEgMsBrDceUWnho?}?IGdy@(WmKH22%pls-${qA&J;yq!M^|2OLj99Lc(%+ zq3?2!#;O|_C$>}+?*{m(Zx7R1yC5p0m)8fD+HUb>VXGryB0yF7BAmGV=%+=Fr)gZ} zoVqeXMaH8j7xxNgpBDRdek6!pF37MN3DN^J2i&(k-56>uSIZ-zM+L(9)kMA;<FseX%DO83hGf6)WtSS!_F{Ovu4^-Erhuado#ZJbuXTrO*){L=SETei zRTJ|I(5dIM@ics?A^EBO2CiqT37RbGJvKfy`jXJLEMm+}(^njpmS0$~T+d>h(w&!_ z3Ed!JIhfc70E3*uXl&aWeZOs&?Eg3cSsxr6SQkH8SU`L5*9ELv%z0m^wPovhgO>Tv zJB#T*YPZzh~huAZ+J!ImCS*2={&7#}gBn~oOUV8$)tjqBgB zF1>+d)r!px~AtRl3w$pSQ0AZn=maffDbL&U& z%}DWME`!5o3Sq!!Aw^UdB#yySTj9g9*(ds{(KM^Yb*)0LRp&~W6IdqE1wJ*{V;Id~ zRoEt4IQ);A!Tz%`XkVdeYOtUCeyhSRM;+9`c)ntQ)Wr0A>w|7k?M-YNO;6$u^q#{TzIepNjd)fXt zkPtD`OQ9?UD%lYS>W}#(zjjO(a`R|VWOxRNc}!AsVgU#FQsFaJ{5|5~qaR`yZ#ged z&jNAMvdBx>%t-2!w7oxk{6j63V&VNtUK%ZP`HO3Ln^?MvQv>K^bP|50IQ`403|52T zzNy!>@X;DWfZ*RhYrl@brza+y&)YNJ48+1cQ|pyK)t+@t`f(3?#QfbQl`61xgRlqv zxuCE`gjR-rpTGMU!^I~ZSYF-jh=4{wlq>>a+=RVvVbhRI$1+M2>CAnjf4jybW6 zBjVRdvCQ731b#PZd3n5iw~Lls$jS&WLQPG=_auYuKMR?$JPJ~`Em?Eqd}O^*Txmef z5{VVzslrzqCxQd4%qrR;SEeVVAzxLd%HlC#_s?8pdprkn>dp_Dc?Z=Ko~sn8!NTI# zA4-y3lERg?hI&7peXBmJ&-K}kX5d1=fq2{j7YEBESRIF6eR((@q=+xDg@i#fEcr8+h>yWR(Ya^*iII?fu zdI9#rms@}LsC)DeGAayrjBfpT%kz+r2gf!?o!{wF;9bu?@9?0NtqoC|I?Rx2|M$sd z!l^?pyqljpJV*T+%fORS>IgfFV{+lTQ(juyhmu*;P8YN~i z=QF*BovV{V&4w7My1JA~y>AarZ8P+=5O-}wk$Ha`vF=r!HP0<08T|$}^eE^_S{^@BRgZPgMf>@{8IaM0e4_8LVjGEcd3X1s6N(y~F-f@|UfHj=sAq%P>{>!P_ zV+L+I)ZBKyp~03ZamZ&2(qz1y^(pvA7u-G?md{(_)R{qz4T-@mHpXcjEJTT|8 zZQ z#h>M9P?^<*LGJI@Y^S>n^^!(o29SC3=A^{Z-YxnI)-|DX(6gM-6t;+Q1$y$DR}!%( zqhOQlXF8b|)zE$p`|KQlc_|>^!bP|XC89?WCJ*pJn>_ZJmi%pRrXR7RX2lM%1Y{k| zCZJszK1K}+X1-V}bJ&ny8L~sl;QOACuMDMSl6={+4oZsQt_-(3{S~Klf4dW}>8@T} zO{vHb>2D;%ZG(m^`R|nzCuUO?b9b948hS}90E0_JwmZmCl{f2>+57c5q}e{y3ois$ z_A*b(vGI_AgpLbJ?gJ_;yR5Z71N0<8noVq>W=L%qC4%xv|^)7Mn)FooAKU#FT6KEF%To<-1l%Fhs+N(x@^=~InPxU%) zw&X=1rI(dVP+_2`$=dqwSv_CUiqrP+MkzC zC5MmTl_!)ns?&{!wePwHL4!8wS9Cu+6RN#qLh?_oX%FLX*2bXA_ImC@^~Ip%wZYNI zZ?{`SqWs4(Gj>L3J*LDb9sw8$v>TAiTMj$#;k)x>OY79A;+@;&9{Zja_a&S`j*nGf zbU!7zjONhw*)+nxUpJqH-LJ^x&K@i-vps3Be2D^yyOuLG_+75~8JSX`ml7c;ekvFr zXdt#zy9Jap@DFY%TXa$MTxIi{vEdI|31hVcPOL>5=o!Pu6d;-q{M~iHZe4qR!+HX` z3t1?8jtlIp)=7$%5YmsngT*f8Ws!Q1f$w8PDi4v;(}-Vp6k=*fV5Q9Wk`>#EzKFPxdbuH(TxEj(3O*clX7C^Tu)&$hCv@;fq3KqJR6K8eWXF8c9ZaVqUz5Z;BX(-v#IfqHpYQP_X~Vk&3cox z=i;JmfqYf5xPsMu{Jf8GT@${3Z*|6@&@u$PXcFDucH`)@J_X3;-0YkmVQ<8sg0KU} z65Gg<2!#Zh1`nJt^s}J5WUfMgtDzSkBEZH1J?Bp5>dlP<+^94Rw~WBl)Hm#}aytm~ z`o#SV#X2(mpB~ABm(YFyU{9KF5*Tf~jOKxxJoz)VcE{Js=&#pTQ6^ka(?OVfPt_ zr$2F=F&i^7at>`-btDpP2DSnY*n#@Du-QlmUu|_^ITNT&NiaQxReAC~k+cp~vuL(p zB@vab@vlwrub9g9Q|%{g>>mR01uw(U?jKqO|1qrJ!mn%kXe7w>A8lwdtmnXHN78e`8Iq{j;&5VBV$h(5{&q)>5KMBUJ zt%jz$%vSIF(?pQ)kV!&u2|yosP|w-9UgI<7E*$V2byCKYr9Lq)X5Iw*3``9hA4!C( z*=dt-cM~bHL}8UMS9f{LD25#`nWAMB}Vus)iydx)8Avgw9wsVzT5qZ@tWr@GU5h55S>($ zqdLN#RJR3t&BLn(duajQ`I`zhI%~rbUh@)vwZxK=)PC9Q zM(nbufuP7eO8n#9yOPg{^Gdq}50sn8K43lG=POJ97&mI=Lk66R4ipS!^Rbk5I}9Dc ztD-xy{d_7Y`?#9c79U`}f_Ho+X~$`?!WFm7mBbI{mftp6t-nGs(hyK!p{lWFUjK(q z!b^3SKyi7c6;tA$-6vA`R^_grCum_*edI+b*eT0uk}wlGwd7b;bNzoJO#RkU!KVE< z(sTL_DvKT3GMTvCU&XspEdpZY#pwU(7=HHrV!d_hf7~aajnXxz>sIB2|Do?AVU&^+gzT{X)$Nb5tQ$3RBS)n(oOIIB zMk9`vwR}27SC_ljVC9qfa2cX4{HVfeuiMYiH#s>gmywgf!!21hG%${gCZsVrKrn=( ztX0nQnOfWJFv5?I#PV}#+Xxgz+)GP;{qmaJIeIs(z5Zsn!M_;qTHDp}Zj8G~HD0`t zfF5lqxfvHP7B*O%gGiO(w1mU23NB)sdlS$If8o5*Al^7M$Zs$mD(_2uzg7%bb@}0o z$FZ)jJ^U~ESD?KL$^^4m&~JqFPX+LqD?DEo<&ViNz5ia!G`iW7mf1t|&zQ6*R7g`& z@dCI$c$Hd~{FR&7A;T5;U@q9{P_`|bdaK)yNBzJ(IYwP1cfm$}KcuSO??ZqWQ9GL^ zPkbNQ{0CTYLq>S8)e6A-FB6CF0@cU%IJ|wjA-u_!JjOO&E@xTQbzptM;kpTV^uX2G z1S@GQ>5XKj>Y;u28SfX1GFQcy*(@reF}G1YMBrj@*c1;7B~X@G5)T_7C=%R6f(XLpD}?!!qL>D^PQq_LNI8^Q$9k@PRSFEL&nn8_TjXYmvqg65Gp)hrq6yfO`U!Ten^Tbsxyh8)rIQnBE_uAEV^qeTb4;H@ zY^_XZFF>Q^qv;Ry@66Gm`c?zye8+Lr)Llxhn|y&xyupz@Mf(GXt26>k)5|I&d+4?V z|D?IB^&5EMQP1a*hk!J9j`yLOX@;;9`4D}rFQP}4H7_xrD4^INxJR`xyaa?7P<)6E z2t^Di9treG`b)^9H4NiK1gz2fwA&7+4!>%pD>amdpRjU>o}Qw}SX&*~(RYp+i)pN? zo-F`fVSNfcn9nnwLxku59VXRp4M5~cz>~gwkR}i%m#OsXvL^}pP06b?cg@lxG?zl_ zBUet~bbioTy7--|iwiqfeY~kN&N-JQ=JC7+!Cb&=JDw(pR# z8G`0Je+`^g0>*zBSIv#A&}4xbrv3N{iylrd0b|XDbYB`ydHs|;?9=YK8h~J-ar)QN zx37^)I4L;EQ@;z(@vsnVPMXDY@TnB`ZL-)|j~g=_okW_qjl0e>I+WlLS*<;k5y$Eq zX6hg_TjH=hoknmxooh%A9&rgy$a7g3uFT{~@YjF3R?SKc$oQOr4jwgOGwoPBod5+E zp3W0kJXpU*@<};C&kubI<`fY_K;YW(2Q%gwN3_Nn$B#`e-hM^cz%|T)qy#6O-~=bJ zV4f9TqP3EWo8J!hO>1FTqF= z07Dzq>475@0~^&PI4*{J8ax2n|NmS5$!U4BTS8W0?>Yi_9Rguzt{}{{HW{Jt_`uq^E1ioABur zjzYv^m+y9sJ2fJ}yYY-IoZ(;B3L>QS%&CsC8$z7yM}F8^WuDM{)D2BeH#pO*F(Ub% z@wx9yklo73++@1bEW48d)^&RI>sB$V8ECyi)U7x?6et~vOKB{*;FK!=bn zIEN5)xPP~M#5Dm8-KmwaYdr;h7tH4EAZotCLWHh>zuUi@OrnZEbOqGGI7gF32R-RK zV?fnKmf#3681R5DC90(S0%FBPFbsHMuo2sAB&C^5stm^P>(~O=Z?^zuJOjaaR+lfZ zHC&FH158T#eEDbux@ETL4f3ff;*IjS+P3dpu?Exha&wXH5yLW6gH15{s%di~h#uEq z^A@(P?*#e(=yu=buhg*q!TjE{ZwR#Y4H0zE@yR8S8*I{ToqSw^TYTng>ua4yYd~ac z>*EfC2fi;@g5xbP4`p?EQIBPHdG}X{|2Kc-C&}v4c))U-mr&1P;Q+hq8g6F}(fg#g z&eKF&ujdtnGfn+ksj*We~nX1E1f#tBJP`x%QzyWqjKax5kt}#;!)?xBXEm6 z`s6R)tuZ}p%X8aCprr+ixI7^6jdLPV6QNjkBYSWRKhhRy<@iWkDMzwUA zieR-Vt6*weo0ul@rfiF4*In>-3gDOB9paZUW&YGkjmuC*k>Xz@3e;~RCHzvHr1=oa%P2H5lP@IKFqpq;XRPWy9FBD$S2u=AHOQ?=I zfbm_U{(zm{n=6Xw!2pFsNtm9=G0#|2-sd<{i>5{auf|g3##Q3imcyD)Jkuu=^$Swm|s4wY2toP7tZ~Ki{mG zZEMOHu-gC$9^`nyd9ZZ2Yke&2`73Uf?qhpi#a(-BoWw!A63y?oLs409(76H?URV@Z z&$`V3k^OHZsI}{8&XY9Gwts81mszYnyIbVkSW)h?`Oq~wq~z~c;?%oy{{`2>hldvp zmfc@NLZ`%BD<0iV)FDS9ZuACD=g8=b)70uleqCUovrOvwX zTsYS?ap|0gGGZ!qwyN7v>-ZMgQ3>L6@!TGIb(jgV5Ffbk;ssQsMmM3Kxb;&{Zig+7 z#>AL4QH6bdiRbF&Ac7+oIYi&w@oxF-JpP_n45SQh`XZ)cCQbisd>-X9XjKtRNh;** z4IzD=?^d;*Q)P6ukr3YB9y*YUVZ`~GS@&iCz81O4B5J=flogzeYM$DJRxp!$%x3N8 z6-T8;l+3_6u^})0r9REnJDqaK5pYP|=EJvxH3a|R?-MZCmV8eRl+-zviYtAE@%u*K zB_qzT<~lj$MJ}R+L5?Hq&o7}{s~?p-5kO42@2$JpMc;ZQ3ifj9NnV~^F|5z3ChLue zcS7FLd!osI=pB)aJaK8>iVw+-OjpXmuMSbj!?=0`JHn8K%$Lht>kx^|Wd!iV`|^9A zB_)uKpwJy|RO^d0W@I2!0PU%@a@v-}%ZTE?a&}Ripxrh?&$As>z1>_g=EXJEloRC3kchmP+TA+DS@pAEj96sv|osrKMlVxbgPI%CNPFZ?R4^__A zyr7X_(8mtQo#UvAspz>HZze_NCZN|}C0i~f)wzewO||9vwK_NQIHo(=&xS_Fz@J0| z#t$oee`E33&!muiE3pnmIc1T6!CVXYa>*HFoP=F%wC^_h%%O|J>qq9Z5f0-5?>2Oh zAAgomn?rP{wtCsZBeak=x4UbnIif2OFcy}VDrJmXtQNgMxL7eX6@8m&j;l+k68zNm zB%9}0%|Qs8IQfypC@$gtv-)zw!tL^Il(Is+f`Dk_;(t4XogJvA=%kwB%MU|_s@W{~ zOGCkQtK@=5Kz;=Zb2+^gO6Hza7%YdxeQX#CggN^RPYj~gAZ;d-NSy9M2Bue2#MEY| zPr=FHe3li3aDSHB^3e&fi6|7<;LctZUEM|`LDBVI9#T5q<>mL&pv?I5f}VT3Ovvn2 zL!Ru7#8+`1^HG;jp`_?jIv^xBrHtjlj7Izw)N8TO;5%gy^xC7v zSy0%Dtt_!J= zr{7Ha&6Fex4h!r*?UM$K&PZC7*+g1_Q{Iz@!L0ckTETd*@YKKjW{!q_ct?)J@B z8$Vqf?@migYyZ^$xW6|r=y-XLGH%D#2S+cniWGW!33W_$U;Y z_?&r`7CBH$B`>j0a$6jcsyOPn)fRD7JIk53BfXzm2gs*893am*h`T<=E$i9awG|vSiaxMSEzRR zKC@P%26bpnw3LQR%cS^Z+|r~m5dsFPEad1ib0 z%#-y~g0)b3TzrMiQ4?ERabLn)BRBRTgWgg{NTROFGi8qph#eV8m#cZ3ikw5`-~Ik@ zA6mY=x+h9oNb8xvqJ6M;EvlR-pueA@rZ!wpuD$&V2)fKn}2O{7`xabN9N1=*9!c%p&>MfkE!C(^OBMKvNU;-e#Po{SI)YN{#9!DyR6gz48Ct)J~+A zo~R4WYWClwVAxpqdAWUDb&)(QerJ)9?H$dmt{Jo#)b>lob`kg~CP`KNZyr;9)n6g8 z@Sn3&+HA9oFXq{sqj>?Rq*+qLytMD$eEf~43{>ZL+8oz+0h#o|+X+79b40-<+E2-|XU zSXc<|JKb}$YSj{DX9NoJ{mIUyqpgoxU+!@A{~=05DVBomw8G#hMJ1b8rH2x98%*Hy zHXZbUb=`hIfA`2;G&g`RJi41+ouEqD;Sw*GTx~t){+T~8#W;}t_M#mRZFG(oIOLx> zh9-dwzL(g?Y7Utcfs0FOS4BzZXras5;ETU9Kwmgogm)&c~|Eb%~E88MRW^nZMY0A z4t>exOtR){TUi!Cb$Gh!ea?cvET4oA*ZUIn0;;C*b|F7l+Os0iAb2DCIAD|sDK9|Z z1DxSR5(U0vi@t_9Dr(&5rj*W1K1uKjqQ0}ErxHTPva;1`Vf+eAx-eR7y%3h(f zfggp%5O!nQARk6IAmDJ^@ug6&Jt(gi6I_?TcYDf^2;L^{4o2EOb_$n$4ftJag=@ff zd$#Ku5Arvc)J#o0Pm7mx)rUeF*q(#I-we*X74VeytY$89Liv#Aj(aG}INnKzQiUQP zR-(WS`wPTTvW!D;cW?vcgruSGqA%ba3`26$&Fk%_ggjyKr(NL(01s~F4HG$De|^gN z+zd^V9L}?WqIk>-KRDIlUt=WnM5h%j@APbi7Si;i4adrTh_a@e>PLZ|7v~UpMO^+U ztWEX{ps|ik3XSHZ=ES@9Up(}5MIWpiv$9@kwu*kfC8+I3FD0VBYb1A_A62Oz=m;mcL|TUdqV1UDA2|Nh2*DF1H*Y54-QjTwS>nx+&wnG=wCIrO8P zoHnLE-dAh&S|o>ebQQ*P6Q;jEFFwRVm`?Npxc*08rxz`?Y7uyT9^V6<$Dy^i+qiXw ztyBAk6I3gLzfa)RxB%v&T^;CE#~nBj*>8EPrK`iCMvsyE;6v1SfB&1Gy1YYmld?HZ zg4ZTJ5$AotFh3}Kd)AXw-cz{+*`SW#*Xxz-<7w;f2K5vq9F%vcI}PObc3!#A4~6)9 zW91Uu`0BrTQEMI|-r~>=V%hRo-^K>Py75tQQ(zl@^pxG$^t}md1frEo;UEqEMnjyt zR0=IKG`%=F3e;(d`9NOiIG>|Lw0&)z>jX^|_ob58Eo9jW3TPcdS&R(%J*SJ_trY?9 zUjFDiPMx&8XmWT}e+=mBX?$ji_|JE)wLcKpHu`s1Ne76*((nlhG#Y4k{P5%O1(^6QzaTR&fdg!-R)g66SM1tA*T_HYxow21s+lB*Yjoe(l7Qr~g$K^hg={7y7#&s#Q?!B-&F0;(JfA?Co#!3rQu z<)CPV%fX(DF|kP(X^J3R0x}998c-(z;3seR`h~y-KZDN`%!RHg}iq9A`)^P~aL z_M@>FxxYnGstx$|k`NX0im3s5jD4)XWWBr=&*0NRE86}u<7d@b$iUMZOouT`7l>JC zl`LxDi5|0oeqjMUCu2faxBPJ?KE^4J&OFNr z{$JYbn(lXzxR{)sB^CMJO-juwa;h>}$}XU)*rz`mO79|RIF2bAG&UR>gtLoQeXm@8 zu=10-$2#}VA8ms0t7z8V=e9R|G*G&wQoOF){FnMhzn5<+S*vr4vZooM?3T^9Qr8{) zeN0dI7@jwN-{r+~=d^Y5|H_wolv&~TvUl9PKcl3CZypc&(Cx`Onw0RjLp+*1mkjw> z``Dh!YyTXh;SHP0i~3kY5%&KB&i3Lwo!8DM_~P80C*jWshWnrK>1-a|QL@auPCa&a zS%?s9jSZ2h!HCZ&^75O<$K9#2!QLbCi~rmmSKJvl)gu*tb+c+kXJ!s#Q(Yjj;7g^c zu>pnyJ<@FhD#ZBN6Y6d<&DTS1_bi3IvwUcU+j&#-6M6u9>`>me!>941mlMpSd1TYi zV`y+QmS4ihGG${&u(F1Lp}rNfcuDi{+vsHCLy{LkHT+7;{XZUIiJjL0NDb*s4dBK` z{mszfs!)X?W|R(qLZx2%cHO2(NjCSeD&6n*^AymdwWjU#Z+mQmp&ky(;;Nix$*Qfq zM1S(bV}K+il9AGkmybV=xjMO$J_9UwdyeTehf?S$A{~hqUJ*5 z!fQ^f*we2IuPRnFu0{_@sK#5i@@jR@t7#g3&8!r+3c&K+E>GZ8pYHEY|4S_D znkbE-QS76C@U=~Qg+1u=Xex4O)e5@OH?t^Kag>Di$4L)JD>%kE)L zUMzD%7a4TFLFA~@RSr>F2}KRph?$U~KaV0|D2Qcd5EVt`v@?Qr+<=3J^;)v(mEmA9 z_8|ugKkt>maaZgD#giNv>)VR*Gvag}f-1EK^NUPfmDxsk{{2gFF1N;i>CCwX_bW_g ztKFyH#&tlfZvy`zD*LLRby7&DH3|2n*WZjXhI-qs8cmC+5?A`IBO=>YW=*~bdca|s zSleQDW-i<8t7KYmL-B9@4#Gk#YzZQ$^Rw8#nFfB^_Ph%QpN?;DIp&kDU#GFBVZvfa zj!S*iJXcyvz2)+Z(6Vdwk!V(D@chh~acDNJSZ?@5~@FPfg$ z(g)ANL|;5T&0fFT?xVA#W9{SdK5KJR_v2w_{?fn0^L@x*v%}B%dFN(6Yw?S0{%E~p zmts&;MZey0V*ax}@(ms;h2~VxW%`4UyU*v}oPO%_YnDB;ZL?pig20ByyZz>-Z|95B zEts$6$!3?&^Bv^Ni;!kQ9wFJ=`|75hf5+?f?E?3(l`E5~$Ox^f9xW>q*Z#(F=|vv8 z#3JtMhSU*`3!)ao0Ts-^*G}SPgC zU^kb%N(F2i*?BJpb01DZU&S&wW$dVR9U|8(6cJcUmSH8G-vgm+ls(vq_zPK0TVrI{ zj!8P7aZFUN4=aV)!65oI+QHCr@a*t)MqYaOMDG{u@gRk+f;{(EO5qG92Q*1lI{j2` z!hn&NE~3y3UQX^B4nX<~#>3^^|J;b;S=#l?DfQbO=KqH}J(BvE0?7)&*5 zGpM3q{cq5dM|@z$bbFjo4U-F8rTNRQ>h=L&>4f^<6|;N{PqUMk{?iRWJz9-rD$ZoP z8NlY%6qjx-xrPK`dyg@CD8>pz{+0nTdxsK7;boTve6<2Gqr_lX zG;H>1%_)ENvC4ESg+B~M)%&mNSHq~ZTZfA`wM8DQs2)GJ6*wrN%lv;9cv!=j5~K#m z?>1zFLgpx9txW$C!G4-fG`E;-Y&`z6Se2S2CfB8K7uR*FM1sW4dGWZ!EF*ybS3gX* zE8-P8`)T_$i08F-lsn=V&IPVB>zR|H4?|#>#MKLnF5{``a7YeP*=CNDa&wtrEo#YG zXy3mk{e_L~cD}ABEPsyBNKOme?CyU@UNt)ulh1e8Bu!~6hO!KrurVVrSN8HKv?P28 zRk5om<0J0@soxurVq|)c0iiH(X@XFrWY~K2-IY<#<01hKf|V1eTMaj{OK0wlN%`F2 zyiqCPQYiIx6*!Rvdf4Z`yDSu@{zST|H&hntafr0juBbB%OSJz+r&>{83~-wd-#2Nf z^dfJ7Zm3*=SW!n6247L<_|gY373jGV;(lq&G@%6~X$KBFXx-Z4-?kp-%pH+`a-=2W zM%Eg8SPDed2^u4CJ8u;oKXnEYPE`aWnlhF62vWrp@RoI(sMa^vRQcz+NzELk zn49t-j{M4MBZ}CW6&n#`qhfpKIYQ8n9^!mBw8Rw^aj;R%Dq_@%+1|MjL$CEDW5Zqy z$yps6rNtHvsWeQEc+vJGQ{PBg5vnsyU0zpj^X&_ti*`1Y(D4IPuPLt;WN=8o7td@s4V=6ss zg)op%kBJot9w5qsr%ZiO$l_H25wgRvg$#ncw%@E31r7A^0H%Plo@7t!1;}d-t)5sc z8#)?;X9@j&)=F@rbRzy^P$_J=kZG%&-ixv)#Afcx*V7;;YoZeC)0|6MbrL0_#3U?V zc67HQv%+PW(cN#DeCQ_pZ8jx4(n$|my;x+=9OENo`7+mx#7_gts=XdKSRqw2$+GxQ zq4jfwx%c0254RhUv5cMn(P2BB>Y%wCJ-puI-e-uPpy{ua(ywXRFuY>0-v_?9U}|m| zEBsv29!g8nM)>3LuU90@L>XIZD?gvy#6tN9ik;eKOEd_GqbRi`8uS+@U!<3+z(QF# z2!a4>Dt{}gcrO{{l7$dUgXbjw7dYoCwYf743pP3A>1|9=IIkgS4IB7TS%{%YA8@HR z(|{o_pnokoZ2$&?p{7mgIYD9v1*pwdJoe5=%odJ zJ`IrD&IpjSp=z-LOal4`nBrI+yki}Ja=o)m9khQVl2bR8loNgFZiX(iD^cmoZd7Oy zs;s#FdPV&9pb|pR4;i(qokt)@?7At`2em95mlgNC$dS<}73XQIyuU19QH38j{W}Kg z%*o;@gcVGEi?Sqcrjn7n@SFwu z(w@^E#CWu667ecR1X+4S!l|bmA+AH-h1hM08kFNG4k<==O)&@?lq-o&<3@HV--W>R z0=uS6ggS=K5L0MPz__Ag=Bw~;0N@qic5GFJ#uJf)ws#@2GNo7=>O#7P9pstWrxaoXuRz5sVJ< zpNL#f&g;|Gnwfe8;R-Zn+Uo<&3aR3qpX$Ks>&dV_eh0_N$YT!3Duwb>oE8kjyZB}E zkPfRCBcHAh=WZ+cx?s2{NPEX}9h^JZ>#x|j{oJml6W1A(b*yk)>W&84G- z!y|_RFv4|4aKd#vNY1ta$>tzS`Op^ZxFK+_6TOSt>1vehW@OH``QD>dSi<#C3LL`q z2e3%6POZ2D^4vB!!&6Y)-<_BkyZi9klq1fNr6W!>?G`=(NCmS=J-YZfC0%Ble@D8vP0-iJQ#vBvb; zX$HMqYKv``V1_Rz11G@p!H9%`W~a^<0Y^sYl9p9G zz9Oy{`LaM1mQZ&ZKp{Qz{bTIm^63vwG74v3NXfQJnl;gsQ$92aS?!xyH>@< zB`U^lmxuDp&`c#uM>xI(fPk(kWZfgg`M<|Y5!1MB&_{^(GSn~s1?3c}))cPSS=eK` zZ-La@QEE7ix~ALxYM(@i$)?^}dz7zxU>pgr6VdBM=E&c!_9b^*QLKmcbKv2Md-DR; z#(uQ40P5Y!9B6RaW#fMMU$y)1c}8SSxo=yYLXGDS#|N@pmUzw8urIRezBcbjZnwuP zlftF16HWriBsUc}AGWh(#vNilOH~_UXL=gUAq)loI|HSyrxeg?8hZAm z5^%lC#?iRBrf({Iy-Op2s~@Gm+qar4)U|@dCJ+$@D-xMog*rAnCtn!}3@h>rEsnS` z({k9&NGdUfMQYaa+6`>KUW*VTiN=B#(v`XMB*^N?4 zNwsQaXF((zCVysv85}^+cD4Tr!4V7&uV8?!2S@@ePKN>!5yUbwn*tFd#II1Br2Ic< zSSVjfs5;4h-54^$*ZJov>esNp`t-|hfGuN0UCiua$v6gwq$@Wxn?P$nBEZ&)74#AW zE?_IOH!$XFf=wXdBug(&iyzGZPRm!kg82W%D}h3smL+E#?}@=hJk}<#8*b4?&|y^u z{TWY`fcbZEqse7Pk3RzDh`B0B1*;eZMx`8sfXrF7bqli=h|%0!ERHnNC5+zlh}B+{!YSra1AKCE>OO-mGu0 zkbAy@6dN=ayX=JCfT-W)t{;##EEy9P8vDN%%gr0Ewtg}jAHn4H05hwaIM!b3`u#Y_ zpyvp-gyFY5di&ZTs)H4n(;(r|wuy<_ur1)vAR4Q}YgK}KjkFj31*PnOA^$~?gJ$2O zrN^EEtBh9*nCI3`F;hHjP$swMj&z&^Kj-0;v<)M(TKKVFB(Hv9&FeNu(~?5rQ(hM` z%E!*a>1rfu1K(cWYskOKAjwQW>l6ovh>Y6+Vg-~D z%wol&b9xeArdaeF15^xU9%c%sA`>kIziS_D;ygvJDLF{!i2^;cR}56e zwptC5Zqt{xvVM2W8#~aj<*>JzlD{awLE^zwN}dBUehD$3wi%8d@%9ir<-U7+`=G&b z+Sws~M9Q?~)n88Nxf5 zSbq+txn*`WS)!HrxK@vAPZi@xs6DgOTpqzw5!&Sfp5KO1TBd)OimQO;ccpEk8QJTF z(pZw@kz+T_iPIZ26ia$$(vASgmv9E+i6^mZVey9x7{g2{&zaF8yPLh>X?{rOPMqxh zAB(iU#istM-x*|8ktjJF<2tn&e=BTpjE5j9P8uP;@jtmi{sv>1Js<}GJS z%uM$0I4gp+T1^i3#%mU=>JDIpmHwwlY4CZE?YrH1b=8y4A(Xdyv&5W{{qa%{Vj|MH zl&Cada>&}Cvv?FScL7UG+)CA?`!g{68U$--Dvpk?iL{egoF^1FRU~Aq+C-5Qi9-vt zcxbr@=*hq~!(G=bx7Hb_wm<2_Z4F`K3`tviLYnK05fv{cNd+EqDsmN}Bl zM4glO#PcNYITLUH_~oXA%&T_{~xQL6}y(Z^eie znCj}`mnzFX4@F9Y|6Tgey~-MUJ727r4GZ`ZE}Uj#5qC=mNfH`vCSj#9plV8M7A;8&Gs0M7qGbnqh4IyLGIokcPtFciw}1Ov%&E6Aey$=lbWL7i z00HGBV{k_del$h++7C|`?lF^hhz$i z4v|!>SK^cbMg1A!L5>Y>?9pFD5JC?M$|Ziz=kKTWBHo5RCj`rk3vnrotZvmQnk3p> zQ#c94LVIUkN{;I}cYV*)-Tc8F@u+q&@8n$sAwy@@n9y|Z7cC)tM4lyyUMPyg1o0~4 zE9Wnap#$@FTW9Iv(r8AG%j`XpYf$|7em3jNE)(y7x}0<~K6A@t^I z%45N+K~%nE=Eo-VG}e5k1MV1Gf#cIe5L-cpUgLGK;6)FUviqaTKzB@u0ay)Yo>NXp zJeq}(x=!)op&z!99rO>-4PD@Tut|~SR#7Z>ps3_YzTX|zWsB|VCnY919PZv&)B>oZ z5o$tEG^T6^s0;4I;O#@T?bh-_qtVm^7^B&;%cnp>!H#_KhZ0955?_C*XCl3OeMPaM z1tO0g%FRP|7m>#zsI}P9=-XE%@3jHjD*v1I)d{9OPF-Kpjn6{M5(~He1hK33(pu?< z1e}JLbzog<%HAfv#G$18e71+TDsR)=gi@55ta_bCl4>!-79_zSTH2m{{i651vmfz diff --git a/released/assets/fleet-crd/fleet-crd-0.3.2-rc500.tgz b/released/assets/fleet-crd/fleet-crd-0.3.2-rc500.tgz deleted file mode 100644 index a1231cf5e7bae72600f596a5f22ff2ea31349b2f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9695 zcma)i1ydYMuq{r|09jbvg1fsDG`PDH+zIXk3GVLh?k)j>TX1J_hea2=eDA&=aJy=1 zYNn>TM!HXR_ZgDNPXMU@92-IQYFbKRw*sI6rKSbEnoCc6q%%XKwkupWiv$xzrjM_O$!N>p`fBQ0U6TJ)C%P zmoD~V;G~ruB>~wr2ne_~XLu-2u zvTC;u*|7jK1#=k{2$z+6wog*T6o2mija@=x0c7P#Q`AM4LaFQ`fgy*)$_QoSJazru2vG1T=Dc23)$FXr~R80u~(50G2N>?N*_OG!)FX{ zlX4JMd^gWtEcG zn(k`xnidaLe>d-Q;u?9?DZWPhlPlV|b61bwS2JiT-8sI>8BHj;Q>7Ts(3J7}s+C{X zw(H61urlL$6T4PxXdj-@EzeX$UXcLAOEgy?W`?6&0jV3vNQ4M{Pr&Z!<$kQON(Ybd zGA0SUYY49hAJ_cfg@G<~l<9M5 zKCP49`h$w_wPXABTWKE8ChWZwR;i7}?N9j=^rAPV=KSBW(r>($ndw{77kbs*P1+yF z19fh;sNNsmvnfY|_84s1JfEcu=5{wGM}!TxO4#|R&tqj&kPQ}XeK{rBr*0an@=nw7 z+4#uRYjVm~-)s^9>N$y>Sv~S6nMQ}P{3y+=beVEhk|$qlLzAYzlOLfeA6K1T$_xOq z-QPro9Z?9RN)C}=&uxzMV>vkp%;5wkONfya4~LNgtKO1qc1j31yz}9~Fne;n zkaV2i3+bE{dxZdMfALQDK11;6xk|fKTAOeb`JNQtC8af}o4|tGOWX%M4)TONR+R#McsF zRLQ9~!MA?#%Tz0$gsu zQldD&noZ$|->ulharHl!sPNyD3Xc#0!V|>O_4_jAfJ4125ng8}1Zf1UgYEs^ z2vC#l=ExDDaOT;?xj5cDK8B%};jG6@N~G5R*1Bh^JjV<;gE{)nlVB^;1TMJ!e&4Bx ze~a`T-)K2A@%s1r?0Vf)<^kK$)aSxG?b<+Nedy1O+Cb-Obdj27l)ugERw6a~u{P<& zM)Y$9th>a0Ctm!x_-MXUk9p+btwTn7uRYqKxt_e zhXML58pX#h1r2Ii_TT8D4j`B(*&HqCz|NRABbo&GH@ zRo>*~-N^c8uM6QE*BQ&|+ya9G(aA#<4+B~DMR&M-My=D%2U|C44=d(0)Y-InZokav za^7B^FyKMBMHeGQlMO^#ko}pQLGb68*fZ!(Y|5@I1h6kZ1oYI1XCk0-#~RVVu-foq zdBoZ*xRqiIO1;8(IYII5g@uULJ6sTMEpUr!CPUNtp~}OsSR%S^!e1SSmZw{z>@Rtg zB+vV%$g?i7$aANiUPGdlpcBJ|qh<)u`=|D+4Z^GXgY)I8P1C~Lbp;tTI#JQt%k4iS z^XrJc{irUT_eCRKLoSEqM;8JLna1eJuh>A&X*+*jeqmu@lnv^yx)0S?o2-RIoyR2g zVqV=(^HYIKXq<=es(QB3cb=!*eMX43&Gq)5=U%KjkB5i3!`ohmBZgy_GAVTylw z?plHiDZUL!_R1giF)oKHy$+#(Whm5j5bY+0>q8kR8z~-wkz1LMEcQM28eHjOQl2)k z;^-8~EU?hHg*x{1JNid?@YD|_JIY@BiGgVP%xu1NS6fcor3Y2ULugU`dob6N{nhbo z(FS~O`n>{48mEz5C;^wBA^!UIrLk-PdpI7kJXn-Dc~e+MqJ*RKz6R0+@{@qK{Hz4s zF#H=?2{8}m7jhgUW*JmI%wD2`T7X_@6!Hx8k5J?pApr;YGO&fmZ{#_M?`x%^*0We7 zyp5s2^eT|vz0>~-PT^G-uxEF&KQ=FDD_cTZkFB;ysls`kg%!(3bJU^}WM6a81$ zO`3KKB9d_)Yx)3N^p2My`-ymV6_tXcq{z|@pG~12GA(^OSKoE4(v}{zCT+Tg(xI&T zzT-#1qWtwdETYwWr?*=vmqs4{HaSMx7}XVSnyFwFQ8f9@?eh%*twJL(?re11o`9x) z4d^Wm?iRBk7Q^?KH-#-S^INtjwYsnWK3u!=t}wrYc)OBPcENbWYJ|dq!Fo52C z8#)>@dRfbXp1o)iyGq-(D?^47_5-}XWB3WGvK@5fb@fO4SvX+g^EznE+Vg6mP~QN= z0f7mwB8DD^2VQJr8E`<2ax)EDx>Be=5SkDehFhVvq8#GjaU!pI%fm{~l2G?zZ})iD z@xdt5Et0lxms~j%V7AgbC<4$1mvD~oD>81ZoK-%PGx-8z@zAhVZn)Z^V(-x5*NvNC zuHLgY5zw7q2`@O!{HNi@EWLr;@@+~<(8Y?-h9sj5rJdO9Py^p?r@qQ1@_b)Dk6 z1uZ){!%DQvtw$mjL6>5ig~R7@2!*Y9)p>L4=w%UxV>O8mhiv0cs!ck@WXj+htm6RT%+h; zlc!3hZZoOzl7sU`*wx?^=Sv1=ix%;y@wJ#4y{PLHPTs;)zugl_hAA{tycL_a*SN z7MYa}l9%`N*k!K$dr^=)gSB1qw@LCz_r_=;TF;zD6G;7mILhvR&q)o+CEr}oPi-DO z2WI_b`&L$LOx4w`+8=-O{K!AeMF#=%^_DVuI*5A2hz9ikxhdv=;Y`!r4}5t15%7X94dB?;#`2&n`(qT~x zj=cfHF@<7|Ryy z$z;=GdgPCE?pWFmsv6iz#2Y{kffgFP=lm)lz()`I|qTbpCe#5%p+8is#p$#nVKuT`j!q zI6BQ%-JLUns)LT#XU`E>zI%zAEa4g3=W2PJ`x@Wvu2Uq7oR*1}rxt^J#+1eSfI^q1 z{Q{?OO-Ls%z00|SGer@N(tt?}{kbANwdFl2I{nc1NG?RCqH>_qVxGyHjAOl~lRUN<3d~qk?Hwy|oW69eM_uHX!?4cOIa- zUVrb0{S)Cy*xTZA|JRo%ko(c;yN-mPebiNKt$*+9+r@LNE{L>pp<5cBvQqkI`QNVf zB=6G94u462zM-u*Nxtr%SH#{mY@1UD+-m2|BF$FiJ0{k;`PVAA?D`&lPknDjo0>z; zTgnD++?BY0LWHn1Qi7~H)!+Mp429V>vHA6T&)SjrD?lc{d# zx+Xjb6zaC3wX~zo8Z){XH{=9ZSz8wNJztLnbLE8UWA?~C4>Fr-K0DJP#t2bMNI2{J z(O`&P{w53BNLHBii?y0|%^Io;Ka$S!WJYPV22xGHLSXXM>2DHy+0nB6@g>fhE5V7h+cV->0 z!pGwFxu_)_h*u zLMa42LJ;D5-$}oqo+r+dJ&?;&E5?WdWCNHLuy}jjr&tJ0ex!aDK#p)xbKKwpovegNmT9 zmzB57=ZvO~&z_%y`T;;RjwALBP^ z+*(iw+9f?<&>$z~ofs?8p$Toe8aEf-)t*Xz~M7S-$omW_DHj@I+DAmDa$B&|`*|p%Gu!ACXWCi6 z2UW(#HL`@Dnr9B?Ixn@62js2Bm)%?B^Mw?PsKi_38_VRuX_@uTX08p2>;O2iQ@|B`twS^ME{tZWQO3rE)+!^vsXY$<@D{2 zkYHux3$Ch8rrLaFPe`FMFR+i4%ubGFHEIVqA`Ho#Nfwxzel47=n7;t!ZVg7aR+S? zt@fd%W=dg#s?E(Oh-J=N?|;>GVckB{l&;ZV+)NB z@WF~efajpe6NN@Y?va*NIKCoo6g5sRM7PE8Ig)6n`2zZj~^%Xq|%NeHF;bGn1@iSmK0IAGg#mZ zbq%*AN{8ZiHv@8zEdRI#Rkqx9N$9=Y(7?7Hexhyz2)s^Il4nU0vBc+v|lwuupS8gPUOym3~f!KKdao0qN$9f6$qU<^}k~eG4 zzkV@=3DzkV>koBdDn3MrkH{FYpebVJS77<(dk6H)py?f(E9oePH{g*QqDfRP<6El?b)_yAywMZq=AZ)Fcj3w zyrXS+%H;OOo{a`(4}-~LPJNcRK>;m*&!UpiytFYzu7er$p3^Vu*3Oda5klvA4*BWb zHFierpj0#K9R&Xxey?-c#_zE8w8adSosTV}31tt$-|INvo*dHZG17x!13Qw(E&QE98!@)0*xoz8VC4}++EsOY|s4>+Us=h+_9R5m(1TAh@MpvXu|l_xWQ@ z-5-;}HDVFWJmBeU)*n?Mw5{O1vQ}69Y&9`v3)V&n2EhgbIf{EJB69ugIqA!XI{4)y z9JuBAadwU8I1g%NY;P~YK#=Bej)A13kTBByZNt!S!ESW%ulKh)(EsbT&6~K3@V<4k zjJQfPT-)FBd7RyX#8{z}Xb?V}UY|pfSv^mw3!#h5jr8rDK!c{m1D9aq9%j*GwJ)SO zt;vz^CtV%RJdP0~RqihnMyjfzU(IPjM*TW+BYqyS?Koe!I))@$`+pD_Do}BCoWt6> zu6?#tTJ8%$fM?8#sS7~}VH61tQWTrb3;18(>Ice<(h_Z&a?yO8U#WD;S@WYe>T$Pq zjf}RJcTB(+wC+h_yob<_jT782&$_#D_zHh{e8sI5G2WIQ|9}Yw^igjh}a0nd4b! zq_2DZCDYZlxKxbkmOi`ovODnkLM(isr&Iq*@A+aeW1uq&v-~j7Ad_#ACv&QkSiAjB zp?S4<$GRN0>!Gw|Luga)msyq2 z_~*<8@9^$%HMvu5cmSMOtwA=UvmBJYv z5qCy#+UWam+DQBC4Rh*O5y$y|S1g~OA`$koxjnN5fuCgR)>0W2&hCHW;@7V&Azy_q z2R^pe-VN6=-32o`_6La7LsKIU#W#KdL_i0Kv3^*~MFFc9ztB1EIF+y4Q`#-|&#~p?8{Y>eE(cMM>cblT<*#_DKCH_15P=mFJ9>nN48T&D* zTMebVZGxi5&Qqss8yLyx2;!w$hFM}RUWNhs=Ij0+@k;972mLo?GQIMMFFuSTLM&Cr zb)UtV7$Rs8=Ta~?d@ND?tJGdgqM_qkz0SQV3HLX`DM@q* zW0$Jxpim;63e-=7KT!vW+QPXon-{NpraJJGDh`VLDzp((9ItY>*{OvcE{}r^`NvKw zo(_$Na>DQ!{QwCxRMb_X*Hug}Tmsfzr`ZC3A9&*?=6K67XBCRXz zurWq_I@W>2l#H6`!f85hr392rge3PliGRg8SXc{6yDx^|m-%8sNf3T?h0Uj4Q~X35 z0XXfmw4{{A-~Kkq#qB{rIVa1x>SPsy_AyxXFFWOV_4QJ%gJ>Y*QJ%2Q{3C+wZ%O)= zsVKx&I3!(?3Ua84*m%FrEQ+3@`!TK_MGc`ydJ7jkRsX9hvO_0rpm-s(|HtJ@&Uo(p zz(UzM^6d0J*seVY;mZt_{Vh&#!wO^;VwRPQ59qSpU>~s%l&0k8kixdbjFiL8Oj5s! z+EjDrO>EQ!{2mDZ7O(xL!M4g@4A)tSN^5T;Lh=D3c>XlR;eR(bpya?bie8@oG4|0Dd1BxEA`i>NN@xyL1%Y1bX4ovSIQ;V55;ZWxw)7LE>MO?kW( z?flNia6cDu;W@vswHVDY9bGy8|LDDs&Sc((@hBgxA{a`uXL9_v5U)~<`zV0le%bK$ zOJ<`qBwfpA3W-$n9FG_GhR!v!QfqexfT>#XcG}yM$J_-ZCdO?#I0Wkw6Hq12=lXNq zhlrncTi%_*+s}K$p9>vDp^K0J=HG6pZUqMAh(U5~8MD-GGK_i%6x25u9EoLgS zViFjW#7jgNJdFhtCac3_Ppy+NW+w!UPx&jTU*!3mEW?t9mT23}oRpi49BsVi1ej}! z3U;^qmzw^{+K(l(ZmA48xXkiq^M3B*Q)>&(laYA{R|McyZKcUj8{aG02uGpeXnv+W12-MK5 zHyJ`c(||rbt@67h1B!z3E8J+aP(Aqd=o4ia^;CJJk2hVHFM$f70ir6o6+;YNS>}jCtpQ|!Fiq&_}q8j{qOivQ7ARHOS8B5x;BJ zo`9hTVXf|(lhA7?JLpmO3PajfmC5z@t!2>Yxr$=9ip@N&D_C&c&M3L68DVd$dpkj` z8R2u68Sc|)UQ#8eN18O-i==EQg;_OO$|&mgEz;(6*q5kK3g2onlzZu+I|;_UcynM;gvC;-D zZI!V}MuPq-D`G(!%~E^^yAsa_F!epiG@zIJcLWQ;TiCtcYGH0#3S^A)*+J*eH2lAF&-0(9*CZNTfLubZOfPtg1g55O|ly$^aW^FF)R} zj+PeuAR!N|E6=zKQ`L*3jV|BVN+`+4 z`QocnOZl)K91mBpr7I)X?y0oZpw602A_*TOE7LjDkimbN!@KK$^JD@>*)j?caVk6F z_M?y^(jC38iX8SBe4{AM?ZT=a6<`GFcr(PId@$r{wHH~9{=I3J`{2o5*%y>O24l-j zbxcA@M*M8BWyZXzm(C<-j`W4DcIcbx|M>Q@YJ%!}M!pY@p}Sl?zOzsEI@Yq7+#rUR zogVyPMBGJ@SE8P>@3N)(E?Cbl@aJRMzD9)pVJlU+@7NCg{2#4tMK~z6wWTa1rP-Z2 zKU2?%NL)Aiz>B6o^GXBV3StAjyn%?_od`}1UoKj}DD7yPB;gOjRywp9`ks3jFEz9b z3BGyocBZX)w)T`y?vk_Zn5vxAn>k4_jLqPAlXR7227~JNC7%qihPLH<9YbS+U0gRn dG^IDITjWD{KE1sE_m}HEC)2_V>K823{{Xxc-3R~x diff --git a/released/assets/fleet-crd/fleet-crd-0.3.200-rc5.tgz b/released/assets/fleet-crd/fleet-crd-0.3.200-rc5.tgz deleted file mode 100644 index 0a1ca7d27ef3489f4a7d5ccce35a8b3209c765d9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9698 zcma)i1yfy3ur)F+iyyRy0hJID5RA`)0pv|j)T zaltI&_5g(#bL)>6OsV14c%d&))RO1EQsR`;$lok(JE*t|kNGf`N6T?gk9Xq7Zm_bp zuRrB1opZb^B_*ZpL$9;L`)z0bWOK9g?QHxL-rskw=TAnPyE-HpeZJ2?C#i_Fx8O%v zyE*=ZETC>7jkpr&(E&*7#3XDyOd!N`caN=V;RVSul8 zbn70^q7wIK{g{~a^j}>WXFj+_OJt$xRBvvG?%Ia2l;UVGhE*vrvi*v|>ZFB>&VLaW z=*MwnPKwQ?ldjiCQ!IT{_WB+9ts;IUstl)aXFERCksOLJ7MZs}F*XhTX$Qga96so0 z`-vZz0@0J0l;fqcqlCQP{n}pNt{<9t4?g7HP_jNy4Q__wz|;B>n0Ft0{cj&}cN2Q; zt@#n{JZkq-RxK%K3ZqI0LZjwBe0N$o?a^iJ3AB-F!%)z{Lrw0oN1ip#gg9yhts48aM@ z+`XrV=iz_wcN#Np;VOX`vsv59dJVTjA8&#ms~@c;n~#$puQIHC`tL6ve^Qlch7)bK z+H5vXaD8drRT*R72KrX9(w``#+A0%xP{*KUuKSWu4hcIm>T{x{MiTV171C|@0&hJuVY^?_=DL3JXhnzZ zHz>~m+DlwN_~o%J^hGZ`D{_~q$+j#x?j+rLIDv2`cf~r0oa;HuhzzN2eF$mq7hB|+)J4};RyQq3obUy9dnDAM6wkykri20egMwGR)4Yafkas>u0L zQ{WdO)p)Pxv)mk!2@NX0sY#7m?){|J!bbO*VZUcikvg8-%nOL(`T7g2H>|C=yW@V3 z&7sWGP1l`JTXS>SC<&j7%mYgLqyn(BJoVwGBrn=7u4k3NTS&^a$aG!;jlX+UK>sZ1 zJ`P<`?!ZNgQ)o;jH?#jmyPq&z*1_GfdLT8A&u!CHYIED^qm21qcO@1*^FA)+mb~j8C-Arqpc-Sxt~`v2SYE_p08T97NtvC zxNuHp7ha4sjLddB>pU}yu?DR29Z#6sV@BLrMgWuIO{9m>zcZL@I9ZIBNxI9V>!m=NzjoNsrVG%WzPUnH{}F5BJO&VG+L-px=lM1wy<(J zjd`}N5qqg}u=Io?TjNC`nYc#F2X~B|QrnNDab^op+PgtaOqXT;YAaS%zg<}Q0BDu* zkq!PjP=AJCh_O6GoY>Uv)Q&|JQPS9cSenexxns)Wiu3Q0zDtTR*1=8&My5jg_w->? z&SRh<5#nw6aKgYhZ$%3W{|(iK>!rC3=p$h{shr7W!3&HQ%?k@AY6h50ah!`v3OOQf zXBxzP+po2NfM$plMOq4QyTvMjz#`uAaLVYkSUle{zZ3(cNa%C1VgH0&CF_8gNhiC7 zMs7BMOTL$L(0^>O;~Vfl9*@7JGx=JzfnV-7O99|sOR+CP?r;^_KmT`zJPf03C}77g zyplh`nqfIhosIM}=OO*&@3rJVk8a&=ES0@IhhK5NLUN;5O1Cx-=g$%oBzvt)c~6*x zU!xwDz!TXiQjO;S<~53uy{@SD#L9>Q(d%$-U=asBtz-p9qo{GwMt|7w%v}beExTcO z8f1C3bsrp#X9q={rMu9xUbuzNpY2tWzg1~|9UUp@ih5`OZWS3kyFcgH*yFduN(qNrK4yg-j)Bm>X; z3ENIoIsaa2;b_C9$yiK?7F@j*iYKm{gg2TYSgxo{NN}ej;@S+F=@QhKgDFlL4ZL{C z?R(6TF`wKSxV%F!>AU)gK?)LoLiH-y0lI3|Ia%~TgIZFD6+X-qHDrv);9`EFpEf=n zv?vI))pO0mXU6eg@rnw>{aCOMiH#ne3E`9p(QSKEDnge9yjR~mt7vUhDS|>o1tB_A zML()0z`1_kO**huj-XA-FAqpL^`;0FAtDZ97Wj3Yn!t_wpA)$RnRE>+aH6=VUAuo@t zhFLACH!)OxXNR18V|o)BE!Zp!W?Nn2Q*uzeS-VfEzqz@opYr)p=dy`#LBP6FoBobU zSFo5ac!ux3uHdA{+~2>Tq2J{D1^lR0w!s6B024iA*blzjx z1LjVR&)%()X`Ks#}ir;ZkVcOrj>#!5;RXU6ym+8uqe zL_J~yji;G7N?g`K7*N+JiwG$vk?$s=d**5k$l*hq)t|_IFd7$pV65B7W|43KlT9eM zqI;QUd2t({`DMVQ#c=nbum|~_un3APD0O?9jp$bC=q*9TM7rMkqD-FmoKwaB9)Lk? zolydC0niGS0G81L5Wdk02^@(*54nt#00<1sN&siQH){SoexWHP#Fd+iUC+UdObr?} z_x(2&KDCa`F9+4~8xH{W-WCk@2E$$8TCWKRyVKGocaw6vYLj?7VDb?1k6bW;iwmpV zmJ7(cV5>hR3n}Scz92R@<~B8W?f7ShHY{c=OCOe~h)i^C-=OBtNo3rW4S#w<}X zVm3u_N04c!b8UzY%U|soaXm= z&SRy7h)AB{rhm5l{9AOnvzg|mH2*I%!5~T(7%KYE1CE-|a>^D^?u2ZOr zpdCFwaND?Y`5wIqG0Upns^-(#RVDwIqi;peEBzIS0FiPO57gzFY*SCQYI-e`EkB?( zcOK2tzQ<`X%E-9a# zrn6TepPkwia|N6IxNZ;51)U-$NNx}E1e?E1Wm|Vgz3Y4`V`AUe&djH?5xYbFdw;$? zK;SV|YFq&IUs!HW_R!(MF0238bQI+f%o2R#nZtVW33?}De;X&`ofv+Tk~pbUv8pyJ zj;sXbgvGworY)sF;Uo6)odpT8^1kskN&1CYZ`dWp}EtALP5~HAVD4P3ukHPEug13S!3F|-(+YZOC3h|G= zSN<5_qNJSWhltz)ggGNe7 z@7?{3>X9p+GAc{q+nZG=(lJ#a@jA6T>WE86cz$_JJO*R^9i&oy9<<#6hYdy~=HFEB zF&73ABTm&;3kZvz+6F6)B{qCYySk+)>jI9sK??{yirxsGEotp>)q2}d*yIYRKX8ty zDCDGA%R%Nn;(wFs@9|_frW~2P3R<=e(RmDACxm(=l-LO$0Zim=dvo0 zQ)RniDyj)n$Rq~`W6)%$aI3Z+YJc|-<|PYB3XN&SlauNPzgP=osV#@3eouA<%dZgQ zcD1Ins32idLBS#4$TYJ|&7)-sXL3q-JY^Da{YJcYiTVyj6f3|RV&=kULHe(ex$^H7 zHEZfY9n6^1kwl0G<6Ey`*62HHF*aMQ2V?5N48+!3kOyOa{vaRLnA5aEfCr<4t^lPu z{l7m^w)E$Z9tXu_NR=0o5LYQXb@<*?gQk|lCvuLibfi{C3vd!&6A z-yfw>{@8P?dso%t1A7R38{GetRZhF#pSdwp^M}vP{oU&5re3?}+so=_zV7h}oBBGP zo-hBJKiuPWJb&k7(w6>mci_feJl~6f3LHtiV{EnfAjmKjFtuVDeeE6ROl{KcS}P*7 zYkyz7xaiV*OY!jUWV^G|@AQ6#@OjHFADWCteZN1eZWi45c=WKwH)(9eD$Oy$C}qS* zOG$UUa8`bp{FQeSX>&p59NFTx>(*vu^M;(SI+1>R%u%*M0pr@5os`46;6_z#U2Qsk z*B;s_=88gw2VMy?2JDwmNtCX~85?&a?>I;pHeZP6+cSJLJ+;yY?srcg6qHC- zjiNx49`dt@#qkw$CwPU5q3n&41gGO?O(m)Y(V_iQXQ!;!YH9QbGHBqI`?beGsl|D5 z#x-xa{`KT!>~?|sYw;IaQoT_|?GAenGF$(G$MU0n2EL8bm~S5sR~SnuhKUBDN|Gto z*K_QLCRg9~4PIvDl_QdnRcc?BBMad%CFy4+BcGV2BRB9$mP~_dX3A~(49&s+NnS(P z@%|!4rCkodd=X>^;-AfG(!wQhGnV&q>3z$UO(*9>XXFyMWut;ln>j_1aC!@X0x7t& z;q&GFF!>WL#d<{4@q}rtbahZJ#0G%uQ)>f!%fzbo{c>@JkjuKAv4b@vq$98`dkRjQ%_H)MjIt}At*O1LyJ9{Wf-*IuV9-bHvVh;a| zi#I_;h%)-SinS?Jey|<^^yHxzz=&>-1FB(ifwL%Q*+tdPf7Mx{zN~bXm*H`ClE`jG~0~BP+F~uPiDel^1NE3$f z`xLS`bNcTV4N68svv?SVn@b1$jAOGQVBB_&Bcm5&u?%a1`%S3G5PFC$#@~`_>PcwX zc>zZySJV(34Eqg(ZCZWGPj#$3)k?04A-{6}MfGwBg?8&;@wz78eHF!Bd0UR161vz= zIoI79#soLnUv{@4E%Zw!5PfCZOc>*F8f+^H(oSr!)KoI^%KsB#8T^W|S-34D%ez>Bp%f(3>G3O#JehMThakWGEyPsdzKf zQK7k5pa!MzG_-f5NpE3eyN$Q=5#5hHG=jszCZlWQ(6f4nV)E(s>Y^!S#Xy=t9X5Ix z=F(2~D=iT(LPgB#*YV*u|74N|q-d$0BkfQaxD)}XQ8El&`mXZGr*UEb27&U4ldXp9 zn59#<#)KTMUp$dXzkYtLuPeoj$koL-E9C0Vnx&#xm)r_)(IFPa5-(|A3b&i;7yeVBbqQ3dJ9m+;qnxBerwQh*MT}w z5m6w>-LF3nxWPQFisvIEKSHV9Oq`_CWL!}kiG)x0CE4FR+I8c>*{5}z-@#{V`2z2S zX}(jFcwL84j3UI)@aOj2D>=|!dF97_rj2sRLD9OYIve)zrj z9$;ZPm)H)abfjfr9BpPxyG0(P+VXLGq&c3m`zAW12!NMAsgR`APgDqc{aR1H0wAn1 zR^X9~d_(}W47QwgEx+!r7J)8sP6*))2)?7Ch0d(ecQ~3m%M59|`ExPBh0T$ka3p+U z$qBWl;^Eutlnhx=U|+BY5}6%rXxrT*COrij4;QwoiUERj@HzhQyXAB}k1BeR3`bY= z4disfWAhjJ4N9wI(y02Lo=+?z=by*oq+k{x6Eit{jNBo-V^O5_5HzFYhmrlE{w0O4 z$Ui7?e+4y=xIj676{|6vi*>whk$4ofLRd`(x2$UEF*@tjP6Afm=v=_-y$(^D((Z3u zr&{zEVL|BE%AiL7IRR9lh5;b-8wlmLL=GGlBA`bs`g8Vu?d$UCMd-&wIRFVG((XrZ zxrK4q_wN5w>~pu)#Hs&@_EO1DLSGH_#`0Zd!u_j`?dqv6U8z^%y6NE0!I4Ub#HvcS z&Tl~IFW{Cm|!$b zoTZxOoE)4hVaE_+4vAZvxm9MvZ-fL}lDOO3*K(!5ZK}MzD>q+sFR>w7{Qf(^kHVNx4qQ4O+NCCZ|k87Al{x%kIyx3gC zB`n*l3dEYrQ~T>qo46GR^>TG&r57Goh0wk}STK4W<7ps1KxE=QXu^}SCp{H~84>^5 zgin$?YKU^GY^ly-*Eid-Gv$DWE!(RsR#GOWe@K|a+ zQ{grwkBJQq^EQO=Wt-njzeEM+ON$|>!fZTl6G0N$KHU%l!%2Ta5;a_7lMW7ZB;CCR>eTU?Za2 z+?@o-4;vGp+f$vj6XLXCmY^23!Oc>t1z@N6kMU)|nXvzG?sZ7TgXi*S^Fo@4>;1{D zp)n}(-8ex6*GNWET8xL)@2@i7x17dF1WUDF^lABqe;Y~$wVM8XdfDsjul5cHJbFXM zG&cr$*I$WdfuCWB&`XD|@ShJ}%`^i?D}k)>kG@KGzOPft7mi`kwk})kHZ{|gUnMpL zmJT`SYnKk2U=^Sa`#ssHuI9u6+Oa<9n06rN@}I$#V$C#t63qcaf7g!!L_p5GaDp7I zx)2<#&=B{x*HQBVNC5PR9)A%BtmtVO3~Kah2)kbdzx-Z8F(McU2PB$1{2Nm_ z>E4$RJj_F@YXDb3`N8mHJG!tL>tCc{lU?;wbM2=nu93`;nB7) z0KE14FSzI&_PN5sh{a@}Twz1Rshq6@1vcuO|Cw8t;!2LvVGpUu2%qDhE3IF{_{7u; z0=#vjeC_WU1ro8*wh5Q6-$2gRzW8|SD^{QW#Kc?w-4hV~*#YE?H_6f?(d@rGUBEu}98gQ4IS;(M{D) zHQNs5N>|Gktz*E&Td7U6Jg0iARBww7|CD;!vGIv{O}hM|FU*g1x8xJc$2j@MOS^PJ z)Lnv|Ub8zwql>yg8c@KAi!)b#A7+b8H)hMKKZAWO^tl0U0?F6GU5Dr_&ktTuK>3#g zn;-^z7v|^t9?TZQ@P5n|{?FZqX(69GyqFPk>G?XJS-==kho2Pmqg9TisT)}g^BjnR zZiKid{P<}Op$3`}u4XmGyyCv+8kk4x`r-*WSRJ+A8MWo@i*|Z%8u`7=hagnq^u7_Y zoy3*+{mi<9r9$S-08xiIM*-9wF5<9v3Ke1m_$0_DTiPt5^vZ;C-I3izPlaArIV%)E zSIkY_XV4Wh4FQPdY?j;3v>FCUMGW1vasu%Ev~n7S@a1gKJ%OsfW8N+aosuX)0g(*$ zLE}7~8M2^&RoErSW}^S&vis?yTwvyY)hG6NUo1glX>a}BB4_sm1*8Wz2Yr6<&F&K9 zq8i<2`zIoO1)*zieY(Lt2EM8LPKKtbTU`GT^Z&M99ildN_h;2FIdOCj#MMH_4WgDs z^P7*G7*1-QawC!;culzWIGu58Uq<~#T2F>UX02q|n8_%T-V7cP5E$KQ19XM&k0EEr zFqNb#=Bd5{?G_4ioHyLZ$95_TBk->fevf&O-+L~ zheX}5)E`D8qyVyFV7QFliKjS()T381%ImAeWG#yoFTP?uCJm8knWO$}Ei166l73q> zi9u&0H@vnK@w<`Ck~lKV?y@aQpkZ3Fmzcp;WIx9{6J!;Fr>s(~0gX>~QBgb0=FSV{ zM!aem4(hGMWnxn+m_B?X-XeU1oO9%uan~vDA^bV>Iu!5fzw{?Sg2SC7ggQ%EILdpn zoFx!Q$#$2WY2jcXYy#>)bMk+mks>R!YqYC9hCvrmA(QWct5*qBS_cL z=}A(+v9_{xwo-#@r96S|iwoCEU;wu;xE0W*l29Z(2>f=Qfm+-C2 za}2|hX}|onCkV2KWz3Tkt8{6vuCIbAEaNWCwq6LJz<;HB92>4)^?Ke~jHzq2diT|+ zJusAr%nl)s7>2i2;44S$LXO3~@T5Yy76ld<9qBt|ZEVsqe$8a%h-d!D|3VV}*25I8 zfJ7K!nz?L?(QSg)Id@(pzvw_;1RX~9Q3cgucKzP%#X@lug)z&-7ilJHCcDvlqdAy+ zaPS~s8}}XSp~ZX(G?-z0M7k2hsi&7bNaZQhKUmN90C|QhvpB#$&8~_Cp&DnXAKXr zzinUVce+%+5y_MjE$quheoBqR%EqE7k`&TwI#1iJCoBLH{LV*c`Xx>oB{xFrE@4;J zmNC4{5FutLmN!K2M~8FPp%l2T8j9Y`o)f#YvmGUfjv{7qVFxJkNTllEJEoKeVvn;j zFIx9#GCEey{QU38er1j<*uzIT}+=jxF|0OOFs<~aufgx*yhz~$U7BSRf^eu(_?bRcg@Xa!zjv-B@ zK><~)e$WLLYNCR=KDEg~^4+GM?7!lwuLVc1SOO4#g~asAMVe7l2b}?XZH4gr{;oYzsrmJ9O2L^MN45UwSXAZ zopRwCDtd3~Rq{$H0aC+o!j6@(J4MUu4){iq@ZFt4EoB7#J^OE|!7WqxLSnn>HA{K> z2^1A~6FU3B5Z=dzAp^fdQ~Q2PqSrePU@%R&F3Wql2LC(Ma`f6F{d!@cv-y4W(piMY z{S6&@j@iSNWY1>IfL?eHb2#4`n;$%%YoEU>bI#Uekhb?HR9HBdfeW^-$p8<#6UMG# z6(+K}hXdq|9H!@9O#F_?2Zgqph^R}-|J%T^ZBDs*Zp9g4-FwmzPlLj`65`2?sfAp% zvgZpEj)dU}F@LP{`FS3H;mUeo%Q>5ng5K7kK6+fex=Qu@}v0y&YS;k8BSsYbXB zLC9CK{p^__irjl^SK1c%95kbR6O9N*Q7vT zn#vWqD7Dr%pY&Ol((vNWn~{2aSawV*tu=y`e0=psi1Y+Yw!XF5!RKL(p&mvAN^0&{ zawCkO>`#tGeS5{9%rp~jk(B}p`t+uod?^x}hDD3sQ$wh-(4q@m9N0KAo(Tbs@P7V7 zko3r_sNyU%sLbqb8y(9;+Sux$nf!<{k5}*Wj!iyI*kYN`71Y(Lj)Bm}bbVxHbSWQe z(~D$=O&JRoM9erbu5M)XBahNb&BFc4UKmg&N`_accJV*UMs^_52}<$0sG`Gw{xU`r z?)*R_$~8j1BRp;yB4a7dRT8?+1ON&s=HE8}5!9@8vI`P+qn{eBekfXdHZ|?L0dzvW zEvtXLQ6~MWOt3foOwrJ&k-pFgUX2rT>94XTY*C^%$*1=Gkv3P)4(&oco&`;(=AQvG zH#HfOccO739LDbkJ_o2ZUPx_i1Gn{Kzw$_G$4V1B7+bb`5v5J^aR)D_AKVfrr&TZZ z*_=V+0kEKJAD}3fv!HbMS<4t#*GI#k?%KdJRae{DtB7syJnT*{({Hs1Gj&34s4i=S zNE0GU;ngJu>U3?X_e@1++dh@?@Mfw)W0|wp28|*Wib(a75BBVT?W&k7g7l*mCU_=H e;&J;-=1ku{Dc zVQyr3R8em|NM&qo0PKBRbK5%7V4nReSo5^|V8=PhoU@gxuXZzbk}os4xZ>n|4_o^H zlaPclMQ{L6j%REC`xZ&bx{*Kw1Sm-Een~|p(G9TCX!LcGQ>xBWk-fZ{5uq*~$vl7I z87?m`FMogYrup~s@^bgz%ik|wzj*cfk3U}j_WJV8AAfyu`ReuMUoT%Im%a(wB zrW01MW@*k?T0cEgs+4bEzD(<_A}^NfQBy>uq)NWb`IO6-4M7)jF+JNQaIr7_hlzNXh6gMT`1>^5Xt~ z$eObkukNTKug>mSk-hERA!l={NJbQ?g-FZwcU6()R9>{Z;c4@p$&#k^QzXlpS4n;& zSfQx6;(0Z1#n5^3_uFq@Z-|<`O)jJ&s*)EOlVwgGF9apo<5gZsMTI;|k`=zcHTbS+ zne)dvEtEX}UO(A9p&m>6HjzrOV%jr&%8QmB`M>|?fBRn-^&9{3AAf0v_{)F)KNoW< zC7IFc)xTAD zV!8Osfm-t4Cja;Uoh8YF8$JT zNx~GJcm6>?a0?q-rsoL*?Q7^=k2N%mG6J54sYk-o$v7d9)t_>$+;oG67g{iL#0r`I z@8F5G0GQsAzFLkQ1oMLAmF7E!L)|{c@BT?s<%f-k5ahA*83QgOmj3a3N1kwz(%Z)( z{YZ-?1MjYK`)+-1P8*GU4Kte0{fW|A)9w1gz-jk<$!3CG!?thTah_9B?EQVI_kZmX zRl{f!wB-IrRpg$2dnl-oGu9~|^fOj$PI;wnX|0}g%AbBlNLD+v^F83SdiZ|Pe*g|y zuU?$@jo!)rZKrPNI6GrvH0pcLJU3;jB$cFlNSE*Mq6ljy>oek+yf(kIijy1Z8*=-!08)s(7aew89Hhj_37N z?ESA&P$~7=cmmPL;fPzfr+d4n3#>HN#70q0p6(*LB_E5Dex+a+KwrXpRl9>hP~MtpUEA~4ePvVE`xG@m|LIq8W`3U@X%6pq15UClv=xhQp=qNlv@6z zmRSq7A}tyt?g1=fl8OaO>AN)L)&AYn?Ha9!m{Rqf)_+PnReZPmu~Drbeu;&v@&H`s zGYNhWdNZa24!Uq*2vFDdLYrlp=fZETo7j z02oY+VNzWo!Qin0-gje=a0}i96eMi8g)ovrA4nV$v)(El8nYqTI3#*V_;CwB0d3}LxXW7Fdpd* zklq}jFKD<0L$I`Oiu=N+ed93(RBw)?UmOFDmECe@yqS7V(v?8T#y6RCa(Qpje^A1s{csWJU5GoolnEX%a%P{RvK zWZzNfL3r+QfzQ#KKL;7xx9C`A-tQ8tOrGJEiKID&Af)dr2AJ+92zpK>*nz>|~_UFeqCYSZ9DJCr(5^ZT3Bc!e; ztNEOW9w!Ar6{eC2nl%L}hFw*t5bw$|XZtK-H_n`AZDF86qZGVo=JdTUNpTI{OtEc^ zjoUsUvPE7H!=Uz9432#H-EK9<+ZuvcCgHa57Q$NvGn!K~H*5~Aw=HY}#PZ%k_<7Em zl)c%t-DATi3NiFApA4UO0X6-PMNmmp8i^77uy*HzI)s*|4a&X^h)F)72+@F6h1>-@ zu1s3R5SHlIg6-*$z!jf0Smg4x;P4e%u>2N-ut5do8hUTM0qC+?1NCIB0;?5?6Z2Rc zS~XNG5}EdVoV@k%sytj!d8NKhZXb(u*f1q6`U}ZG2NA=k^FWyLaN#z5$!eJG!?(?F zRdeVc`(c?*h9Q&IG~7PZuLZ?ibSStF(KloC=rGz+T?W&ap0oAlF8#YY6PNx?kXdU` z`5=%H%U|4uQFHT%3TU7@nb1s_@d>Un9WK-pXkLO(<=MuLg3LuBP>-xJj#YLTX!to9 znS$ZoqoW6!XKV~JV3Um9ecHkd^IVE4S(sSD*157asMvgZurUH)J~{To#}xPJ9%`mH zgy=60TH}ZQRgJ+z|6;F^L;sq=u%UaockMN1jQ;VeAyG3Or0o3k)U{{visa>tyjuU( zU^!oQ1ljm=8+l8!4d#)Gi(2Nkznq<)pPz+pzLKq*p?Gh@(vICUC0QZ8-u!82!|R5c z^MWZZw#NFh^&4QY1NLuO_nc||wB5;N;~PZW(`7~Dr|aEq<5pXZmz{f1Z{;!Pl@5y< z?8_)Mj%w1_V7a6QO$w$KLa!Cp{NHV}Wx-|>x??C{(AdGrkS}edkP`z5(mjgOn%Z1=_q%^FDU9~i5Gdc(F9!)N1@R@1P^ns}; z#th406%vup2HpLX1Dcmdi2yZ~9_#0yXd-~|XT zK(<8S1qd%dKIy~@kn5E30(5|x;RR?Pp7#Z)^JjS76Vm#9{a>H3po$g?7F2nj1yxq= zcK`DA$@?DQXc)Ili#BXL(yS9*=(kC^3z@N^4dgZvcEsr}+Q94BPrq2a{=)z+NLEr@bP3KyJ?MH8yx zzTgiIQJo>GEnqReHDEEmZd6!|uYWi!#<%~>DOUEvVtjrBUa=V8SeT#fmc?RxmI+!G zYwL)?EP&R4#rQS=i}4Mzz+y2zr|aP%fc{(qX7uNxKX-S0^yh9ri~d{yF7)T3Ki8)}SI{Yws2Ds{aZc_}GFoq?QhPN!U2J6oJ$&?6$;7@U;8+;ui4OwJ z?D#k1lqo?=?qlzjG`*5 zl0K`i8m+Lo6QtO`&O4T$CG98mG+Gn1aqCrbfQrQTs|T!*G_3@^y=Uc*&$oY4!6p{9 zwo0OAk>i%_oXO&nc?jjV8)trw7*6)ku(wrQ(av=GMRW3Fov61%C=MGHU+j-^$@!lvOc zd6UIvTqCuiK1K`hDj8PP0aw~;u9|f-Jg^icC`C|;cpwp_$R0ckDH5)nwcl8}fwrCY zhVSW`hJmXXxcZC&SNrPLcnw_b^{(n&Y8qzq5bC;Tuk(**+|bl1Q-9}o-GLWw!jRv! zMr0S`lD0+^Mz&&PtLf!lK3}oO`&z0*YJe1d;i!=|Rnf%1n8F@Hb&^ODR-}Ah=2YpT zZ%yO{?Ti#w8#?N4G$j>F>96^C+RHA)oUpW$e9{Kd_`SOsL&acmLV(aPzjPY|T`kcW zuJgtyFTb+`M{_~Gj&XwE?a^na(5#M!n}~TWOsjA_ml@1+Sp(*|bfdyNm;T`}&t?Ca zQw*BNJQvJ!=>RbQV4ln9=rPX)^ISAkV4h1{hmXk_i+L`i8;d)B-udYWL+d+IK>Ve+ zEC=7oaamgOdXrrC1NN8Wv|$(In4VAwT{iz^@f(N6Yq{v$4jR;z=PwGixWpqNST-|Pkvu}u+>-O*G9S`Wl z7s+$}K(p<)HbvOG_JQ-RC!A&4GTY|+dWE(`TE_y8F42|?bG4JmvbBFYw0q62>De>A zZ**x$ORDO{yCF(ZQN%&e4tE@ursY=I{d8~PKg=VeY5l`p4E{gdCx`d4}JNap!K9G91u zm%qPx)BJmRdAa@Xo8Mpme)-#rSFiv0y}*B6(set+}o^^4@v(;T%>Nkznq z%fYyICwC+eRQ;>D=%W31a5DImsl9~o_cz~Q7t{LXHcNQp^}l_8_x0*O%>(phlz;p3 z<;GH@X>N@0_iul@{qgR{&s*altJS?o1tqJXa;eC?+*DDgo7eP=D7rp__C7+l zHu`sdx2u8H-!R&Hbdw3)2Ee<7t4{Y52y}M!?mTnt3930s*U*=9?qOs@{`qhWpmg%Y zXkab{U$BgJdMSp6eeWk^`xv!5IeYlXva=t<&~bas)U{mN*=&hn8<1471-+&u%UMBh zY08UiNF05iW%!Py_k1$>%sTRXJPf}KGwn-%960)%6cx#JshmIry*q{olIJvMa?j@H zfqXfHaFcHmntf{U8p2$l#=KJt4;0Y<1j{(}j~9|_3i8ATa;)1fCjFx~HDXLE z{(KdP20$#=iVFaNgyEK<)vOQ95vsS;!Wj60AIz)NHU;B)u9E@@!1argKNM7arxPk@ z(UWGgf)f;RcR5e*ztu}{z0`mLQ3DGvO?jaN&+}lS21W)X_C07xCO`yyNc@1{-P4kC zD_;g+NBWgMlID}othgT!qv6~7L}vVwyS|=H0NDtj=4i*+nJxrm(l|l2Rz@&N=+RN| zjJ^XPwnA=0K>KWcVhWmFS2Y9NrZbvVO-bEp!JmG9|BI#->`<{v6tSUnlivD-hrZ#0 zC9$fn*aa4gFqF_10JRyrz#&y<8!QudwgFn#u?r4MIjkmR7dUZ73xlUTaMIou9hQgH z^(N?+yA1*0fT*B3xq|+y zVqVo$YjSM`ZLQz0f=7N(0pGutn;q5Le!!CoPpUB~IQ^3f)mt;5(69s)8mBEZ9O!hS z(2h0>s=$wyJVTqVtxb2mX0@IiTJvq9fAkG{`e4AeaX-g~Y3j)k@jB%2P23OQ#E)Db zEZK)0#z{1@a6g!nVTW_#YY99og4d7Xa#$xr4(wz&{qB^58Z-5QeJEu&99FmWvi1(& z-SNez_^UClXoJ?q`Kye6?^V3yIiEiM!}d@cOsVDSpfTA1{*B2&^ zwNMQ0s%TgBMQeg~RkW+3T@~%B3EEZBu4+Lp+EtA>(XP4%w5vv}AERB>BcUyzUDX!Q zu6h6p(5|Whw5tYu3GJ%exX`Y8D7z}?F;Xc$=T))OFysfnr#_2on5wy?yikM{!%OQ~ zl=Tr)z@7tdO~>yIWI(49E)ZTy`Fu_wHFQpWA!xDixCqv%grGV?%V*sK=Pkrtqj^S1 z(g(5MKhG;!F1MqU7ZW!9Ldt*8$M1A9%2Domi*vZa9Z1=;*b|4Pl$WhKeE@2qeV}*W zvs8qe(w4DvwoRcvPoyS8*rr+3rg_W}kn6-Yt7>f@j)8ribWl^>W3SXELpUg73nuOD zT8ANa#SF(ltrNGmU13lK*aK7nLQ*@53Sjw))#D-Wbg=6}uzTIp#lS)&jCO0W-Cg5a z9bI8aowrgGYh%%xpQY60-Mdr^q}>$8v<^sJip;NO95I^I8t&p zq3L7V-Endd5q7(=Mvv*=u~JoMN|hhG zyK{EKsQfYG(t@-BXpCN~K&5yMctY$z{OlW6DYkexXA4?TDQ^V7JG6ltt~ZaO##`&km_3r% zv-X6ryb|=sOi(%FIdHjcvv;ku?oqhQPL7V1TjQu*TXVjvR((8iNKRVx(L~sdmWgJk zEswWN>{N{L=(5#{BTd?41yhXV*EA=OfF{Mec;E*^Nd@CsP!zICQz~WP6VCG9@T||c zI5)3tpb(o=Ua5erYeCSV+wa$3)MpZ@LwISMvT$R;TJ|Mq>J9bjCa%E6nx?R`jxQ&( z6kPF?gM$vopel~QK|x8z(4f!>Xi(U|g$4yJoQ|@E28As^gMv>&(V&0^1vDt2LBSVE z$ti8#V>T$Pa@0Z10&LhQXLANI6(j@e^Nn*6b--fD6@vb&q7qjufbU(>v=U4`UhzWF zUjP9T^s-FyoIl(MwqQA(()ThYIe``r9$ut_sZVW71`LMm?}1;}0^vZ8DupawTX+3&lu&TaJ*><-h~`RN7U{8*z89 zBy^kv2D{-YB2-nPFLV#k7rKE9eW6-79Xm1lLbm{Yp*{&kUnu%Q(H9y73;IHjee)i( zFI1|G0o*V)R*;T;qmyr85qchFWC>o9sf8Q-xpMT{ zm1dU)VpB?4R(J8S$&#q|ze=z*{`p9l2QKbeF}-GhwF!0H0#^cz9y0r^kXKE=0o}C0 z7@-2SX?RM-0$^MM3iEI(kk!aghT||d5^(Z%=NMcdhmUHou#SZ$#wLX{1WQOtL^?Bn z!c*K3pta8mX}%Cy3P;0)X;F{0Y;*gW75CbOx5RByC}=sOb1F!Fg^g}~jt*A}u+i-j zu+i-{V53`XbUT>FWQbewcpRXo-sKJ(-Ri)ZZLra;4n}7mY;+rzSZs9L1E>P@Vm+Fj zc171x{gYr%FI$}0)9WxaVo$FX;0dt<@w2ZrV^|mT!A7@WK&9A#6P4n~ z#R)3K06?V}45$=$(HOl}flBcj@Pycb_}MqCQf%=sHoENvti`l}3u`fH;dJU$U@fLC zz*o?sma*?Ympw6yD{GNWBd7+SIYe*>v9ZD9Wul z)rw2Q)lvs|?@x{0KHXgDCJmFe^*~>#s<*A5!EQcX`x(e|-dV1v;X^*v!oO{LM2xqI z51Z9{2;OA{Q`iF6>*#Pni7jxKfGu#h0bAf=3*5mpCPN&K$Kx73_5OF*0#^slY=bRu zbuc>nU<=%^#9|BF9zYeK7wggN#8X!RY<>Ar7@x5Pt{xFK8QrE3Ti^yF3%Sz+h1ddj z5Pocdy8>*13j*x+E>2J>1^_C>U_hm~i^k}+3RH^MfG5Nb#LvEAm12vB zu?21~V3no~Tv(+^3#U`T0;@D_0aj`9Nhnrn!YWNzr6~v&tkQJsoA;QjG+_%|Y=IkW z*74nynfTi^!sy<-bpY=LWnlf2Pm3*02U9Ryq8njgm&xVENn_vrEzm#GNT=a!*0s2BWaG@_$3#VfzMqlU_pfA)Xq38=mUnu%QgJ3~l=&^6! zWA=p}Q43t`Ig34K<7*5VTL5_+q1xDU)=U=moW-8A5TdZ>Y!^J&p0fqdsL9Z6iO?|9 z8sja^X{z*1Xzb&&EWQiyn^?}=@ag!1iWw!^i{I(Zx)hYo8?TvJo%PFUrC?kzy#{NE z(R5{6p}fk8l;iHJr*yWDM2*-$y1sQb9Qy<0eLf}GDQM#~8=I{~Rn&L>1F)D(XEdvF zvuo5dT6pj&7%`N=C$OLvMS4*&S{}Y-bfT9&jIZ@ zHb!lSEo#0+%14>1+}CvMj8kwcOZZS_3zv6jVr=TdgkTA~sKH<|+bu>gtk80g2n>9% z*v9`wAXPz+Nh%gBrSHA!;Sb+kd)p)BO5%MLKM%bAV#_8)fho16Po(ZPPEvtpf<_j(ANt^42IRvG^{^7 zI3~e~7?`F9R7Ot8E~R+Mb3T2%Ed?dn6)&U`gc)3?UiV>6?r07%^0yE)ntV=F+Bm(a zlf?rp!^Oy-G_{_<#+k5)p*N(C}YW{IpwdY|*i=TxgipdFUP&}&xzYUKX?|3H<@_kOE zV(H&6~JU0zSMHlr|UQt(?Y_Le^-KD zGkJetUQ9_kW5x6f&!S<-jLCa=KI=I2{QUkY7INZ}9`_8IZ8~1rk-+porIW2R_`m|_ z0(R0Mtgx0e71U@{T|;<|X-uy15M;qIDJ^Fc|JEu?a|JJ$;?Sg9t4nRqAqu%zI`U}7s?ZHO;Eo&iZ~B?dStR{TEI#K1kgN8L91M9Cy3JKAacGK& zDOLaVUtiG|-U|;83|jN^`7Mu)kjd$E0E~<%BIAldT$1$j=Mj4Jr%lSXWKz*WMG(y%*BKBvv!cvmV&jnV+lC{V`c6xJ zXfeY?lTIAkA!YG(N-kMk6fGFs+8&e4%PXm8j%*cS*_wWBz=z8{kk7g_>{X#5HmELuKU!dmalRZbYdryf>mtZ9fzt%>AfR?fKM z1==qAY0r+(99?T}4_w6I9gXXIVi}%JCXllXPNAFcS+apuvep_wf$dX~?CxcS1*5F|x$?y{?8Iq8-hFB&u zK+-38J|9jo8j|$2hA3pipp>vR#ImED6UNpM&s1E~$<`3dTm}ic$Cn`1LocjM3saa@3QA{wkSe-!SiFyGTSAS%_5t zc5ryl==@j3?;h2m9hOr_%XB9?lGyx}f=-!K@gzeiS`dAk(=n-ur@r&bvm6IC7CTzp z9onNDSNH*&lW8=>+|$SU$ymt2E(#_nIgcb_6@#Axkd%xN{2b4jW3o3a)5cUj(m>z0=2}3&oUol9Ca`l$81VqNWSjRL%OsDK5yA#?qu!MTH9lj zA37~DuG;~sz1~SmMo@cWQ*kyal4UeS4=h%7A#W05vRUKaZbTHk=3 zgGohHwIvw(#6`;I9aY}7)9YoGdg)ka&E1|0lwOAAM5-Tx6tWrf2kYC90PZnxca7<1 znGr=pVwqDZdtGqDhZmH{zBG>EqwjN+&(T%y;WTt?&4vds`M#u~3%VaA;I>_6oZo-i zlP+#!{gdC_c77qZ;pz?X{ufOvMYAi95`y0~g+;QDw4iP57F5iwH2=;hIyYjfX2;u; z(!o+YKP{FiRmtMj`hU%*Id3lu?H`t9R0RR8&4ut*y Gh64bI)DA-c diff --git a/released/assets/fleet-crd/fleet-crd-0.3.200-rc7.tgz b/released/assets/fleet-crd/fleet-crd-0.3.200-rc7.tgz deleted file mode 100644 index b3dce05d2c50ec8fc2f27e0681d0a89b55ddfae2..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9721 zcmVDc zVQyr3R8em|NM&qo0PKBRbK5%7V4nReSo5^|V8=PhoNT4)tKE#9lP@#5xZ>n|4_o^H zlaPclMQ{L6j%REC`xZ&bx{*Kw1Sm-Een~|p(G9TCX!LcGQ>xBWk-fZ{5uq*~$vl7I z87?m`FMogYrup~s@^bgz%ik|wzj*cf?b|oMzy0g0*T22EeD(VBuWw!?m%a(5%N)*ZY^dcon<@AE_mnjvBO&HDIC4v;`jEc_3W-QBS z@hwB zrW01MW@*k?T0cEgs+8|uzD(<_A}^NfQBy>uq)NWb`IO6-4M7)jF+JNQaIrYw%su zGUtzTS}1w`y?(NJLOquBT_TlW#k6Pmlou^M@_+x&|MtHw>No!5KmO7T@t6Ppe=g=! zN;0Jz_->o`x`v+$UX{yjzcKOl#b$m<(k^F9bMr%)SAyhE%XXF|GUfHKUsqx?tADHR z#B%YM1GVJ8OaAZwJ4=!U$ywG&^Y)Ltq{aK2Pk+9?O=omY+8>jo6uhj(`f7}3oaJX( zLDw@iWOPERTs={>{nsQZsyrumIenMZC&A7icNS`6R5qDdjnqe84Jn_OM9>?e(plHv zlY}Wc@BD*);1)KvOwSVr+Sky#9&2bAWduA8Q;&qFlW{^It3Tyhx#nV4_E1nEXRK2`=x40hobpQD(po*~lt2B9kgRrS=X=0u_3-_o{{S4a zUcET)8@-eL+fLokadyVUXw>(fd2Y&5Nh(SAl!AUn+R+%-&~xx%{R2YqJg@h@5=7DIqc_ecmEt!{1OXSP@w*#MLxPiT(Ds@`gSsOq7RMj?$tdIiryNTaHUQp6vLC`I<*Sx6C6 z05F&s!=$=Gg27`0yzj;!;TF6JC`j0F3t=RMK9D#hX1!H9G-gAvaY*!#@Z%PM0@}uX z2nk4TA-od|5~4g7Euf&~afkss@Q(ffHQ)jSJa3NE7wy^|{0yE5;Lzv`hX&(FU_8dmqGnJxk7;l7kJZRoWFDt9+;Z%8(n z3iE#J3DO>Qp5aWJM*U>g$017k0dHE4hoW!0ch@&^4k6cl z5zV*ouwlH%mURBSOsYLIuf{rU*o#LYCsO?oq>#;+KUg@?Q)BvBW<=4DSe9wip@tWf z$iAb{gYewr0-vKde-1LXZ_%;Lyx%2O$H`ks`dzaemX%R|8SiN&y~{QyzrNCkU3C3g zp+4>p`d)ulOaBN3eaIiL1SP63KdkF5epjmrG;_%|?az;KOfKtHQ%qVoB-+w6Mo3*x zR`WR#Jx&UMDoiC4G;0b{47;jOA>Nl|&h}ZvZk##K+QLACMk#pF%;|eylHwY?nPS@- z8@GKzWQ)8YhC%JI7##WXyWMJzw>1Q@Ou}v9ErhoUW;CZ}ZrB`JZ(G;|h~>S7@bjEA zDSNYPyT^u46k_OKJ{dmm0&4mni=dLIG!i5DVeQTbbqFm_84ghfh#_1u*l_W!Qm^kVEHWuVS@_FHT2$i1JGr)2I|RL1y(B(C+4v@ zv}&kWBr@&!IC<;iRe89e@=AT1+&&iRuwhDC^cRwW4kCt6=YcTg;lgeBlGQNVhi{wV zs^-u?_QNur3_~WZX}Eo+Uki%4=umJUqHo6N(P6Zux(uc-J!k99UHW%*CNBM(AhXt> z@5G+hyFE#VMF(F@7in382#f_L!xFnNZI-6scX;T70JsPdA0tn z!E(Or2(t0#Hu9Ec8_XjW7q!f7e>popKR*lId?i~qL-F2*r5(FzO0q(Fz4_D5hSv=> z=LJ(-Y>oA0>o>q)2khUn?m5%^X}gol#y5z#r^|}QPuIKK#;vv*FFW_3-pXUnD;*X! z*q2di9Mz<;!E#9rniNbegkCGG%N-hzX7h!@KTh*iA`DKzCBi>qXtt>LLbI?u(Xd)C zG($8j72w>^kYs>$bZZvW--7^nK^XP8v{-<7pnA2mF9&qEnAc^0S}cu*3$%Hk=8GO6 z=hF|Jx@=EB7(jWR<`seEc$&Sh`ut9dDQotZA+yuRx@u|AW^@kTJ(^t3;4{;n=>tQ@B*|4cmcA;i5H*_zzYyw zfNY7t3lLs_eA0;*AlE751?T`X!wb+pJnsuo=g;uEC#3cJ`oBJ5K@}|)EU5B43#zQ# z?f&KKllMKq(J*eA7H!ygq**7r&~KA+7cyf-8^~=U?1-|rP0Te z`$lVg1C05sB21s;+nkgoE2jN%rnW(qPj0X;?a0jo+o6?v$VU&bT;^bQG}P&3ls=hk zYMJA7F!wga8Gi8S+ujTxUuSRBo+y5-uiy!EpCG;^qNe=}tm%wlKAQCa&^TT#rXUNykarFu`oZ|EsMqYEEBXW z*47b&Spcm8i}7s$7ULUafyH8cPS?Xzc1i~FM|$!cZjJesXImpS|92Ztl6jfadVr1b zZkr#^pMC|5N2at;7desYmeOKltj|QM^QYh9^O0`(L7QK8T%hrKKhvCf%(A+#?&uXS zCTx03Q$hD^pKha;q>?tF=wewN@qNut_T6U(`koptwlRIJ7~a3}J79X|>aJDq@2~5f zunn>HY~LoolS05@dZbeq&hze7rW%%Cm1*@H<&17wbjv;ix9o=d<0DhwY039irGJOS z>D29&F#|oiPuk|udyD&yXE!xTxG@jop&rhOWIHBX|yJ202PVvR}WYrX<7+-d(X-rpKt%9f=w)H zZIwjLBF%TRjXo)Pp0i^5sg^?v;^n;Rt_$xv(t>qaI9yLJU6pRPF%=P0+TX8c$e?~A z2-1y$7ol9&n>e}(8(HBpTQ49rD_ZboY|~b;Xd#Tr$6VJUBz9A!ixz+u980T)g-yd@ z@+OPTxJGJ2eT)|1RWhuo1Fp2yTs7-vcwi|?P>P@w@jxO4Fgv(aP=7luJ+Zf@fx_=>s{5m)HKZIA=GuxUgsarxS^?2rvA?Fx&trVgdx9c zjmR#>C2fr;jBLfoR@2M9e7<6l54BW@)Bq{^!cik_s-lU1F@-&Z>LigQtVsF1%&F2v z-}+$ zT<48ZUVdi>j^=`V9pePS+oR7;p;;XdHxct%m{#F<7V}(2Hx_sNyz|o$hSqnafcQ&s zSq{FF?E~jsPdLl8Wwy=t^$Kl?w2lQFU7{@)=4vOAWo!R*X!n|3)3axK z-{{himQ>Y?cSDq-qKJc_9qu?RP0Ova`{~}n$J@c*x%XU$JAV0=@`{wtze|`1(w-=YMet+}o?Th5n(;T%>Nkznq z%fYyICwC+eRQ;>D=%W31a5DImsl9~o4>#Xn7t{LXHcNQp^}l_8|MluW%>(phlz;p3 z<;GH@X>N@0_iul@{qg?C&s*altJS?o1tqJXa;eC?+*DDgo7eP=D7rp__C7+l zHu`sdx2u8H-!R&Hbdw3)2Ee<7t4{Y52y}M!?mTnt3930s*U*=9?qOs@{`qhWpmg%Y zXkab{U$BgJdMSp6eeWk^`xv!5IeYlXva=t<&~bas)U{mN*=&hn8<1471-+&u%UMBh zY08UiNF05iW%!Py_k1$>%sTRXJPf}KGwn-%960)%6cx#JshmIry*q{olIJvMa?j@H zfqXfHaFcHmntf{U8p2$l#=KJt4;0Y<1j{(}j~9|_3i8ATa;)1rK!tcN+%K>_%-PIn0KZeL$fB0TdcmfI{O4goXp150p)3ok0~k6edl008v46as~ZY z#k{Ji*5uj>+FHL~1&{oo0=|DOH#@4g{eUMGo>XH}aQY_|s<&o9p zSh5d0jFV_);eIeD!w%=f*AjSG1g{^%<*-hM9N5Wl`rRo9HD>Aq`%ubmIIM2#W$hil zyW@*b@mFJ9(FU!J^H&-D-m7@Yb3T3ihwY&@m{QBtL1VH3{2P;l>c@@>t0UW?Ik_Lu zGK7|)F)28G%g_Mj(uZPsq^gVMcXctpIVh0Ud)0XzoL1fun>|-MDT;%rvsj6E^e`)% zYM~g~Rne~Mi`E3~s%Te5yDHjM6SS+MUDbkIw5u9%qFr?jXjhF`KSsN%M?zabyQ(dq zUG)GIpj}l1XjcvR653U_aiLxHPf?Fxe`z#gCq5R%$aQ~=9YtR4?}r-NM=g5B$$E(R7NVYFL|?d}@a z>gckg22yCZldN}9Dd>d#itA3@o>|D9&z(Et5ZG)^rU$L3-4Jk7<@pWISqjjS!jY1* z2~8iy&f z-JP==M&*wgmlmWAATM$M%JmBVCncG|9k&mohaW75lWRbw7?olzPE?8`7bmC` z0|1p`FrZT0MPu|@1uDgBz!PEz;%DEmO0mVmIa|K^-G0CRqCS&I9l}f7l!Y4$*0L`_Q*WqGH*p0n)-;8kb$mIQ zrQnLE92|5w232tc4hl*#h6aUBK!d^tE;J};;dGQOG$?EV8WemIiUtKVD4;9v@Z~_~ljxvgZgpxD-77!mA>jN@@B11SQ$GB7gkOx%z|UR6a^YfmQ8BST9i( z@8w6qt8m#3wzq8il&J|4T@F03Po-VOyb*Wz zNN4r{8m6}fZGhKsF<^&aT|T1Qj#f!Rn-p{7~VnA!3#<%b7y_KWnb{T zn$v5#U?7KiuqgPfp}?k*!bm>f$O6dY2-R-6rt!xdl4+WzXYuh&OP1gznOeBPpDRbN zU1@e{AU36xWpx)Hn=Fa?@T&w{nQ3+q^DVr)`KL$HLTM5HtG zCp^Us0b2X4kmd`KrEoM%m=^U|%Qm;4S#hsjcuU+Sg@TqdI;Vo#*=jd>y02|#d z0UOkH-Oe>Rs-z(X9@g*#;Zk>R@#C!A7@XiN!{@J%B1eFV>^k ziKngt*m~@vuy|vmTRkFdCAv)^Ho6T&7ILQt3bE1cApF?qb_Lkz76jPS%QIH{ka#Cm z6?=L;f#X-ko?b?9-aiTU^s>c?J-rS?Blh%K0iF;$5I_4`Glq3RA8d3B22_d-I8iB% zT%4d%3;h@XAKD#aELW24(%z*j*dpnwJiG${BYDLJLhd&~v}Y;+rH*I9A}Ho6Vwd&fq%*yz>- zCwZgCMz=|LI|w$qH9wAxZf$P`*yt7;-I~EcjAEl(Y;+sXHo-=>eksL9x9AJq0`!G$ z;6h)h7EZ@bjK0t;P2qjch}6qKuT33moK5FlkD}a~ zQ?0l(TrG8g_x{w_?bFSbZqhJmTMzV=s(Rb{8SLiMwV#1Z=bhzx8b0JxE&SW2N5puW z_^?^Mhu~dSFoi8}y^anSl-L4y3D^R68?Xf~w!j@sV=~0ycs#DrQ}2I=EpT<<%r@8p zR|liB54OM!ODwj)?EzE)da)kOPCRuLz}A-^h4C3%;OY@!lhJJou?21*vXDDHP>3yX z2jRySxGTUGxFEo8U!Jkr2g^IDs@U!82^_yNcKb4d^ZrS&+m|g)?DlmS8nN5g3h;#3 zf%w_inlY?P{a_1RFrZRwz==w6X|*Rw=f4 z7+c`>0#<3-z=c(sv~W5VEU-$`7GRYopM+wSCaltgRhoie!75G1zIl(iN)xug#TK~1 zW*uKnCbq!s18jlY4`@)>z=Z|{Eu4 zU<=$(yUvm;umx@~-#fOz#TK|GILRA5w!lro+d;4euK96nfopp!z!tdJ0@n-0s2CH5{kZ1^o61?Gzb>-g&zCn zJ!W6%5w*a@p0n6CC#$l|>6{jd?-Q`+8@WJ&anL`(E0y-`+o8J`oq zPt@;}H{6IH1xe`*G_t|7DMay{3SyLdUX2lSGNGye>_m$V3u==b4t>2)#9&wrO~d-b zgJTk$h=FN(KxO2V>{5!CJm=HL+fq=HUGYLHL72gH>UAIH}LiDI?vr#^0oI9!Yzio#}FTLld}v{V@ohU*xFJ8%(gB5JMUeVy-WP^y}p z`neVzSi-@7g3p}%y1l0le(fl$qvjunReK(0wD?&_qL`ep2F0^F@Z0dH@s4-$AV1_p zDwh5&=jr{e;^NRbV-pGUKROVS*l+xj2*u!`Sk{^CRsl@5;Y%$yeY%cgF)bt<`FADg zHIw%T=EanxGgeH$@GKgJ%$U4~=d+GO&(H6lVj(9k>2c4X*{0)_9SKYiR65y8gFjdR zUBFHngca73rh*!cs%r?(F^$PJ9)c`5CZ*+U;@?_jX|CV}QyiLfYjvrO{K^BpCc;xe zV-t^Vn;Ry>l5sY7L(z9Si730!E*Ct~EIxRRoR|bAD>4Y#&*|W4an9&KTay7!87j7o8P>!CryJrsmYF?_jJ@#6EM#1sk0 z%ho+}eAa_hvO`N$!4|RTgt2K^1<&YBb(b?ayG4~Kj7k)lV?EMYEG>`hEmq*?7$qA!*29|m)IO|2ORr*ND{-i=$l%yC;YT_Pyvs_f0 z!VQNc*IM&TP}AQb&vMOIjeh<(hQ0UH=GU%_@jz;mA=@uw3nuM?4i87{iW!c9S_e@P z+r8F;9y%}8V~9d7mX17{u_|G{dOB|Xa zVoKG2{nuCYh4;e41B2H5e16MgBV=;=>(9o%aOit4TK#%~+w@*RyAL{}1CW#ix4c?O zEuP*VJOCpjipaQP5SJwV{CR{P{b`f3EtyobP!UA4$8`n-&a5c2nAkX^{I=mproPjX zA6m>X(WDcHc1T%#osvry7exyOx3kcN-H$CZ3&7nNaE7d+QvVZW`{6 zV-s6U0QLpKRqZGauJ6aB#D$gsA{xJf1&fwXmax`4bCnYY@TrGY8fzM2Qfnf)n3XfG zc!9Rde%iAmG)LE(+XEMIct_*+#b6H3ABrzoI?$+HU~Z({~y2_m;h9$mxek*p4d z8y#PAr?CagB+oSr3JPt(Igqsl+raQOc%$7mSbPn(VdHB!^ujv@@web1kl3bN=o0DC z1e4pPo_eL$rc>zVdzNfqm8`V}l;6GJl2o+@53*z!`N^P^t2KC-NHY9HN`@q4ts$1l z43P8*p3jFU#}$6S=42WTG57Sbeliwvu#18TO3ovRSjFJy03;Q7`GfWCM*#O2xVy&m zv&@L1A+gMLZacq_+i>-U`0$ISm7>{|M+w32n!+O4M_SM}b_*)zR+@ij6rCF}RkP#m zN$Fszou3xVl&WO$YW=_F)10@Lh4v52GAr2z*-I5<`ODc01OxDc zVQyr3R8em|NM&qo0PKBBbKAPoVAlQ>th<_7*vCFOkEv9BHIr-Sn|i>X<_ zBqZUQB6tB%j?dKm_bHN+^&)`=2vCsRy-7tT(G9TCX!LWEQ>xBWk^OW%BSKv~k$L{g zGhAL?UjFvWFU`M~mzTT$UjF*~>sME=fB*g0t6zV+`uXbB<<;xUUthmUE`1Zy1(j4p zyt*8WYj<)-0;DLoB8u@szBx;hlqiz(=|xJE%IO8;Kc!SCHeob-lL%6zGb%bCo3SjT z#hc`BN>uc3osSe`PGw0_`X*_)PCiLR=bg`T`6kI(QT^!rtDre0lAhNit_Dj*c1B9} zCl!+M;!U#n`HYn1^M5ZdUSIrtmQk4sR;uQwKkE0APoyAIDw69;Dn9>8C9gzEZ|H;- ztXY;bmexxSx)6eyCa@A@0l!VT0cdyta+8>w}KUl ziff)%^HvO7Dx>5>2YfBv`sby2_ZAOG>UW{AK2_y2P-r&5wB z-N1L(yw^4SRPd@?ZvBmkw=XvHOOkduTbi36%DfUJe_pn;B#|kvhyA<~n_2x^buX5S zzZ|F~|4s6L|KC}XEJ)6>Mw+*O6zx#A>8I@@h!=yd;9&5|z%n{+=XE z(Rt?|^aHoBv1NLmFwnk+-t|~R!zd%*X_$H>Je`aa0$Kej*UC*dXn3IoGe@kD>HiL% zSPOvZE$OS}*g-HaNM32aV>s09WBmSKG*y1shzLQRI-fD%GGgf;zjx#b7b(4aD$@6~ zSTgYLD!1>}=jOE0$k#BV`P`oW@PcYL&w<}6Qfbzd*-<*OC_l!-BSws8EHpjTtm;%r$6vgUMO003I&kNHHdgx zq&#EAG}QS0dd|?XH5&%-o%at2!SlS{`$`Z+r%&EEpHzz95}}&g&Rxfz0xgDiDdyzI z_kt`4YsUyY{_|vp2)Z6jrFQH=_lUH;!@h5Biz6t*oA~Z%PE*A@MW7X4m~uR?uVU|h zl!8jB*TxfwMh-{Z!UNsgJzZd>sU|jxa`Jo^(JlE{l=LeFy8!wUjwD+W?Yt=cn*HvR zhWmsi4KVD@&iF{~X>M5OO>-HP^TXWwtk=M>u7HP@q6?)~2cXp21(aIuG@#V-C$-F4 zuoY?17;z6^5tCFbSW4ffDX;eLo^ID@MZ}bAiaet^8moG%^`WYVLK=lM3h5QR2qBHC9!e2^B%&1AgBKx1OaZ`P zVhoe&3JC^}4e-7jgM?e~CZHf;!!3l76#78okeKyW>Cl)B!NwucL&A?+019Xu_aP)8 zxrOjfFi42f7RgR3{k>SwwHpojZX&a|P|4yfGSyuBgWU@FY} zttUu()Om(8Z5s8H;Ry78b6;4V$UG0o1$;q8PM(G+=?A=NIUb6>?cQDA$T@^u_eC_{ z!o!B~9$V7+^D?RS%)A=wv|%qEg`7zBO^`x1V}4`dL{E+BdzleMLtwd@3(Cb`)eT3W0iLjd859!$8B&$;cE8 z_Z}TR&^%*fm;sw)?C#SRW|)^!Ov%E;61L8jwL!(^(}Rr>0Q1SQA3mnIPxnwWy&*(@ zanKq+^sj0R9{Lx1jU4*d42BKe%e`x_F=O z>hNT_5X-cv}db9b{&W6_wHRlCW zTx^Z?Y3nz@Uf|xTnjC#t%2U+s3W78ZSHdpx(-3&MO@jHQ1L? zY8=(1vB7dl4Vn~8Erebxtjir5k7o0Q!aq*)RU!;dz$L;zVraIg_d>IuctIHTxU^V+d7yf=v@ZvAxR}>ve_AY!h6}WLpXQ4mAm`H$ zow{sKKNvuHp5_&S<#?LCuloE>iz#dNmm#y$$GU21&}MWF-aVRJ&fqiCp6LTqQH&Xu z!^ZE+tsMM4Oj(r%HN&H6KIoy+`zNW$lx8>HuRiU#U+@C72Y3Op#)%i84!{c#UVv$CSgz|k;nnHFu>c%)e;y3lWvau+gVMH|R%BJ7CMU9^GMvB{Bw7oU1ERQf-WJ`y_8 zZGy>JVX6ul;)@}nrN&s|<1Ef-j0g6o{{tg_0e5}<1-mz1?MdkG{%Gz%=nt2v z&&hFK_6-;3L8+jI&VlfrfgY?;uz8H=MqEms>n_)Ee@p`U2+>D~KEgc`HkB9u&b*Uq z>9BHwTsz61owuPWgdCanUsP5@CFD7hy zM^i!fY@cqUmZXw4q3B{+9r10=Pxjqs2l}2GF19g!tr*_F@jGC8=IX9h@9)p+ov;nD z_H5rKzmr11VS1!f7tZtURi+x2UzKU~9OaB|S#-<30JrRh`{O-RUuntrR;7Q3#Oc)S zl`#W7y3g9?(R+*gj%PPDNw_f&`f~wqqCXe?xhr|29)e=hoS zI{^K;2F&QsMSt$@_~_5weir??09@$LMSreOf3BcYCRJS?qlXyeYSYHgK7 z%_7ZrvyDC}d7iUk`k|IX3*zOx>aGj#I?{r5SvXuzFI|;xw=oqFQ`+CJX2_s^A_&rr zf)}A&*PA%H3L9DBGFvYoH7i>1W^B_|v1lQT$;VvRA|!TGrHdAT792~fhJ{VTVe%%6 z&A3KtLw$@E;8ilLr~|IF)m$~}W_VyJN>GZR6!AbJN|8Ny5mF>vIcvYMbOUWW?G4}4 zH4Ot-F>v(-1+Mnht??ST+Us4_yVNwy<{{K|&tB&r&$ywfQ>OmG@4Evp+=L;&Z;i+< z#wBfyD2!~y$X3(Ky?nl6k$1IJiPQio`od8oZK|S)e=&tUgz6-bB&!Ki!P}$HPN7*H4>u9>T9{VhcrG)T=duRObLmEfc`p6KVV=wWGp86d zk9jVb=h6XS{=qz#(a~d`3+B0KsK7jzxDFqaGZyn)MmH9B{Jiti5r)=xq=5KKaaj(& zljE|q<8>G$7#bbHb&a`!69nBH&Left0qS#-iUR-#r)dQzLFy2b6+EFe8}A) zkEDU3LmMi8A^KB63Iz{FKS`0b%o`E3UZ2#H#LDP|RJpp_3TNLCH8<_w&pRH_i7%4p z{E=qcZ*7XOx9tPxT~9d6v}Lx<*Yyf*iL{Od99^O<7v_2=k!5TDbZGaQUDLB?df({M zkd{={i+4+uqN0d{pdIcwEKSR;vis@Yz{lIc-?{f(hdX}xmhwW;LiuQUf87qXt6rGnjQB?jkW$Iu2Ue>?LizhPA2jaNAyuAGF zmtUHHFE1~*|NZ5+*S}r<{OaoU@4x?g_3Lj}KVQANy!!2ztIJo(rKdS+p^}P-SC@lv z?N07UAgKCRbJ0cn@8D$cDN}n1;qPw0z%His%WanM#_NCo`u6knf0_sA%P9Zy>C=aA z(AWR93ewyd;U8cAe)sL|x9@kxK~}4KkqSyyLFH1BdAX^gPB*XV8Buh72JL->Zf*1* z{C-yht-oQk_vj`Qx($GL30Ix&ClKiD>fL$f+7ncBlCGgI=iI}{hWzv47(nUdiP6AZ z3cg?&?etO%4g20t$o4U6cXIadk!5E;hN0v3nyG8Kw6oa~!!{tPVheghNtUyM-qDm7 z*^oH;KFjbuNgw!R@{x7q`FI$98D`p-{y1>-IVmcV>ry#^2zqx65hTxP&g7oW&ja~# z2;nB*BsBZf;5CG~K#h5)79J>|{|T0H>K`v8*A(Q54dht2ov_~H3h?rQFq&`yGE439 zNFG4Aq>8$lO9wl66Pu1K$petyg{uQ$Zz^BYL5aYzh6YM8{{ zl0Ozye5DgAXwj2q zvw{;8arZe-AHLK}aI@5a0#O4CFHL!&1kdweq6S6=B=$XMNhUx9d`SF&;N8=baw}g3 zU`P6uK9c5>kF0nY52NAR`b1{@lDod1O#s;lpyp`D*_kc`WYRc6wN^$jO6bv1@Ql6% zAhtqoLqPj%ePRll-BdLL+@&*`RZU6VX~Ca=e)of>73@&4N))l7bd%otgonQ2f+ex4 zuh<0^i!hYX767#wyTBn;XB#XNceVjq*Rcx@OF672WEVJbMhk3G#u!3qR@^u z3#!16mOMk7uB}aXy=JwZ99r{jqJQ)adir3%wsAklhH2`_5b-+X@J-wg;KYwyA1v92 z9mYvCvv5C{lVOK*;%f;!EP~gM;c{3fLk{d@IQ{OFgBmmSfqf`tHyl>C^|JO3-`(-W z=lH8Ju4seS#`&v^e(zPhYy>%0RD~1LG@!th1HSm(45>4Xc%Ho{4o)lYh|Qj>ofO4E)LE=VJbIXwO|?)A z?W$;3^+jufc2%^iqFoj3stMXv(XMJiF4|R%IMJ@U2DGb2tRJIY)gz%Tpk37#(5`v_ z3ec{q0ko?IdE9O=WLroeV#~7hOkYus7>>jBOup_ZC2IV{x}BqdDcNqb&tJLn+)Ngj4hb7w`(1S z*cCGz1GP@v-gbpS6<`lg1qey)C@O&ED^`z(ywkz13&HMn&ldv=kuch=#ddd%Yjt$l zQ3ENo+ey~Ds1$U_&X>-eaR_WSC)0!0({2d3t@8Yq=PU(iN#RJz*@UJ~ zX?MrTK}6W?#*#~Qr-%Rsxi~Pny>y^I`pZ#!A<2!b#Kxe$2^c-5f5%Eyohenm@9xgo z4WshMj7tmB29TGyf8}}w|C5r;;Evme(Zi8kE{I7SQ9Z{-_VEP9l-4HI@wZsXp$F>W zXq4%U+HS8S2-#I>dB@WSJRy=(W?yT@uzaBu^iFYY_sKP&QjAKm7AGpjk&6>liUEL1 zF&I!O?xHbztpb(eHQ))c1M#zOSf$wF;hZgKL8ZJE{Ql4eZn)k&iW+aND`WOZV$a$W z!tzScZ!c5Ti1u3Gi+#34Cp(MJd2j}=TYlHbsrJOP>%@8W?U3?&teXF*ZODov@BfloNgd&7%9VwZOX!}1#8)tps6?1hugRU7i*fr&N{xF%u;a0 zQw|O~9D}Mj0tW>p8AF3YC!j%L0~Z<;v~W7g78(?`01XO02}Oef8Whl=fCdF$BqgV` zd5_tku*y*fH4Cs|qnynd#8i+Btj{;jMbrU{C07Xg?}|!Xu>ihzNz+O&^>ob(MSlPU zNYKkN$#edAE7*eNbV}dJl;i|jJb1ve!jmaeQj&X?GmBzgW1LAO!yCP|7M=-c#CC$K zw)MP4T>Nq?1KD$g9b5{Ye&SUTPNlT`eu9$hOOZc)wGE2Wg#<6WTyha}jK zPgnCwgmhJ4b{~^2%QNbc6&Zh&@okgoT#{=+Gg>G{^1E_`gf0gj*r(F2V%~_mdnKXc zBrwg|=->qEz>4V&1FTJ`;}*CQVDymLXNA0O`VHu&4aNu+ zs7=FDDi#3a5>S|jQ-Q2ThB6$7xsiaAw>!t+0y%tCgN1c0G%+?Qq#;;BQX@@s5#>vMFtQh<$amw=6K zw*ed7Vx!x^G$upbipS#sJ@qbk*yvUV&TNB?Zgns^`(UHnu*71c+a5p_pcm`W?8H-7 z0c<_?QCPgO(XAd4wi4Z@5F6bFA`7|G1BKY=b`XASbh`pE#)#eMr2Ms){|m zp26`eV^1$5IPaeXdwSX8#GYP1p_L@2ArrAM=nlK zDFy&4#b7|CxQoW<*MKL)4#dyCVU=Qwhq2LZFJLXE4P01@Neib_rvhs+Z2{I| z@<}MxV!~QXSc@qL7Ocf|?3?$PYcXM?TWoY2Y}WDRWMZS+KEOt|{eT9A4P0nY(8B2` zTWC<&0yHT2Boqw_Xiz|d0vZ&2k(8X$<~?SE0yer0wd*Xo0vp{1^SxuETWoY|f|I<_ zW24(7yd4A^-I^cAMz^-N0&H}Pjc(20AV#s#EjGH1XPaQ7TfdZIqg(WaZUOp2H*ldZ zR12qLCq`fB7N9TGC!y#IMPDfTLW5vIU+A%K-edNK9#NxPBBoSb+tqIm7Zr|ucd_p- z_T2?Oe(1d;l|HErt{8nJq;i7xfcFi(<5TMO?=p_ z-b3&%E11F-xL!wx3rcK(y98{3yA9X^7hB*CrZE}fa6BH@=&AR=!xp$YaAq59fvbbj z*#}$Th9wqT;PwEj0KHg`W+$Gy3SjHYkHYwjEpYXSu*v8)h1dc&5Lw8b9w@{XxP$Ox z3)~f83tSLjw=d6F?Sti=R8{Qu^$d<*8M}QM!Fm5A*zL;}CwBWf42{_BYXx{h>_GhN zYt0zerGBslE*MZLHsD01IC617#a%Q;uT`K@yaqfWb|8NC4XYGeJd7=H zdjYF7ZQ#NxO0o5LQ?!pdnXbselGpg`@&}jgwVb=5$UAMe;_X7$*%YF9P6aW_J+H^dApwZ-WqSD6cMWuwN zZdgUKxL>w+g4n<+Jt*wHF9a^dk2*Y&@!X3DXHW9Vf@xIP?H7HfhPW@Pm z4lLo|Kfz~Ce%w9KN56KI)lu`$!>T=xGg^EvBvDLGScBq49r$f{)Og1`d6e&RA{9&j zp7ZqKPH}PQoUw_7`5zq!N$fX%NrYnXP%P`rcB=p;+wi59n?Bscv6vPTj{H>#dc)+y zfq5|{>5LWAPdtl;Au}c);Q6fM(DVK4hgisoOL{yoXtwEiWk&+j1C>s;(%=skKo_u+ z24RJ@q^Y1rqv{&Mb4+7$jfWr$j!9`boA|d@S(+<&!4!uk-CA90Bfs)MuZi$f(AdPI z+vbMJuwZ>jBPS+-$%+g@_6xfCjUf^{?e3X_znT~7Y#J&h4sFQCT)g^0IZ$ z9G~?dmF&;DR>3oRTixeO&hAhp3ZoK5X8Bv`Xm6Dg?7lLjxUB(w#1;={ z{IPf>B71uaFwLVr>E%&3eR9HRo`I!a3(k6xYn47yvOlSi79}YLlbX24-Ygf@rf|a{ z$+gxz6V&u~$g^DYRimFjj$!XTxB0azV?2=BWXSf**n&yBpu@uvyJCi8pw>ZD#CET> zpoh*&^%SCzi=`uvW~>U`pabr>VSmw&Y|bL-XJYX=CxBeF7vx~btI%z(Vu?djL`zMXO&gaGTyMX!k*9bO4f);Feb_sm0TW zg9l(_L=hQR4C0cc@86Hmqd#p@wk4B_7Ak^h_PEY~z?l_g784tXl;1WS$<$X`@|NrOiSV-?p{W$vjwlrxCGW< z56UVreHj(a0d4UenLK=qO*$jx+e*!Dm`wSCLM6HFO=*SZt}Q_k21#6cTHCluaSQj; z2t@rmlB03S{U3_@&@)t|8j~upaoJk0=0Xu@S%;TrsYFvv0Fsgsg5+8s#cjjgacp9X z3BbNUxT+n+!S(%^l(^6mKt$tLuwc>h*%H=zXRdR?06z7wN@Gn!OlnOe7qfE46)(_s z*-v|Rgy!g4b9>|>4)17O-xJI5bV4b3{S*b%FnMtyg{|25+?628*x3Hf($ihhBK6ApRCS1QOen3tb{TnqYFf z)Kjn2+H?xte9w{%tdh0XfbzQ+T#~BR;6auQBR?6Gats#~j<(x3KhIpppnohQcSmrWF&>fdP>_lzri$jfV33%hS z20YR6#vPhaym5EHb|<@U{DE5Cvc|8!QDux4$C0C+B=kqgEc=FeC)-6Ly2wJT03jQLeYZg+nkO`O+59TSDxiKsIl15;{MPc z<+#ER*qltGA?ATT)lbGk4t7y6LCJX}5vv&d9Dt-`gy83R&NK_cWlD1T;R~K58!#n` zK9XoOw^DFL)A}NKW9*$iCS53|ypxoSAf}|u-xW1oz@}=}A5L*WrZlE@e@l{XBRb>d zlTDc zVQyr3R8em|NM&qo0PKBRbK5%7V4nReSo5^|V8=PhoNT4)tKE#9lP@#5xZ>n|4_o^H zlaPclMQ{L6j%REC`xZ&bx{*Kw1Sm-Een~|p(G9TCX!LcGQ>xBWk-fZ{5uq*~$vl7I z87?m`FMogYrup~s@^bgz%ik|wzj*cf?c2AnUcde8o8MkszIuK6*T2385Nz6%~+Pv z;$89=B`W%t&PNI|r?Mm|eV4RcCm*Gv^Ui0ve3#^`sD5?+RnVLgNzdyMSA(S@J0m6g zlM2ar@h(~Xc1Ftb>A#m3uPwB zrW01MW@*k?T0cEgs+8|uzD(<_A}^NfQBy>uq)NWb`IO6-4M7)jF+JNQaIr^5Xt~ z$eObkukNTKug>mSk-h8PA!l={NJbQ?g-FZwcU6()R9>{Z;c4@p$&#k^QzXlpS4n;& zSfQx6;(0Z1#n5^3_uFq@Z-|<`OD?1$s*)EOlVwgGF9apo<5gZsMTI;|k`=zcHTbS+ zne)dvEtEX}UO(A9p&m>6E|E&GV%jr&%8QmB`M>|?fBRn-^&9{3AAf0v_{)F)KNoW< zC7IFc)xTAD zV!8Osfm-t4CI9#Toh8YF8$JT zNx~GJcm6>?a0?q-rsoL*?Q7^=k2N%mG6J54sYk-o$v7d9)t_>$+;oG67g{iL#0r`I z@8F5G0GQsAzFLkQ1oMLAmF7E!L)|{c@BT?s<%f-k5ahA*83QgOmj3a3N1kwz(%Z)( z{YZ-?1MjYK`)+-1P8*GU4Kte0{fW|A)9w1gz-jk<$!3CG!?thTah_9B?EQVI_kZmX zRl{f!wB-IrRpg$2dnl-oGu9~|^fOj$PI;wnX|0}g%AbBlNLD+v^F83SdiZ|Pe*g|y zuU?$@jo!)rZKrPNI6GrvH0pcLJU3;jB$cFlNSE*Mq6ljy>oek+yf(kIijy1Z8*=-!08)s(7aew89Hhj_37N z?8C28P$~7=cmmPL;fPzfr+d4n3#>HN#70q0p6(*LB_E5Dex+a+KwrXpRl9>hP~MtpUEA~4ePvVE`xG@m|LIq8W`3U@X%6pq15UClv=xhQp=qNlv@6z zmRSq7A}tyt?g1=fl8OaO>H9S0)&AYn?Ha9!m{Rqf)_+PnReZPmu~Drbeu;&v@&H`s zGYNhWdNZa24!Uq*2vFDdLYrlp=fZETo7j z02oY+VNzWo!Qin0-gje=a0}i96eMi8g)ovrA4nV$v)(El8nYqTI3#*V_;CwB0d3}LxXW7Fdpd* zklq}jFKD<0L$I`Oiu=N+ed93(RBw)?UmOFDmECe@yqS7V(v?8T#y6RCa(Qpje^A1s{csWJU5GoolnEX%a%P{RvK zWZzNfL3r+QfzQ#KKL;7xx9C`A-tQ8tOrGJEiKID&Af)dr2AJ+92zpK>*nz>|~_UFeqCYSZ9DJCr(5^ZT3Bc!e; ztNEOW9w!Ar6{eC2nl%L}hFw*t5bw(}XZtK-H_n`AZDF86qZGVo=JdTUNpTI{OtEc^ zjoUsUvPE7H!=Uz9432#H-EK9<+ZuvcCgHa57Q$NvGn!K~H*5~Aw=HY}#PZ%k_<7Em zl)c%t-DATi3NiFApA4UO0X6-PMNmmp8i^77uy*HzI)s*|4a&X^h)F)72+@F6h1>-@ zu1s3R5SHlIg6-*$z!jf0Smg4x;P4e%u>2N-ut5do8hUTM0qC+?1NCIB0;?5?6Z2Rc zS~XNG5}EdVoV@k%sytj!d8NKhZXb(u*f1q6`U}ZG2NA=k^FWyLaN#z5$!eJG!?(?F zRdeVc`(c?*h9Q&IG~7PZuLZ?ibSStF(KloC=rGz+T?W&ap0oAlF8#YY6PNx?kXdU` z`5=%H%U|4uQFHT%3TU7@nb1s_@d>Un9WK-pXkLO(<=MuLg3LuBP>-xJj#YLTX!to9 znS$ZoqoW6!XKV~JV3Um9ecHkd^IVE4S(sSD*157asMvgZurUH)J~{To#}xPJ9%`mH zgy=60TH}ZQRgJ+z|6;F^L;sq=u%UaockMN1jQ;VeAyG3Or0o3k)U{{visa>tyjuU( zU^!oQ1ljm=8+l8!4d#)Gi(2Nkznq<)pPz+pzLKq*p?Gh@(vICUC0QZ8-u!82!|R5c z^MWZZw#NFh^&4QY1NLuO_nc||wB5;N;~PZW(`7~Dr|aEq<5pXZmz{f1Z{;!Pl@5y< z?8_)Mj%w1_V7a6QO$w$KLa!Cp{NHV}Wx-|>x??C{(AdGrkS}edkP`z5(mjgOn%Z1=_q%^FDU9~i5Gdc(F9!)N1@R@1P^ns}; z#th406%vup2HpLX1Dcmdi2yZ~9_#0yXd-~|XT zK(<8S1qd%dKIy~@kn5E30(5|x;RR?Pp7#Z)^JjS76Vm#9{a>H3po$g?7F2nj1yxq= zcK`DA$@?DQXc)Ili#BXL(yS9*=(kC^3z@N^4dgZvcEsr}+Q94BPrq2a{=)z+NLEr@bP3KyJ?MH8yx zzTgiIQJo>GEnqReHDEEmZd6!|uYWi!#<%~>DOUEvVtjrBUa=V8SeT#fmc?RxmI+!G zYwL)?EP&R4#rQS=i}4Mzz+y2zr|aPR`|h&?eNPP++nByq4Da9g9WXs}b=Ru*_t*7K z*oIhpwr`W)Ng?1cJ<_QQ=Xv)kQw__n%Cvfpaz?i-x@Dh%TXw_!@sX+TwB&oM(!WFE zbn5oXn1LSMCvEfSy~TaUvzwYE+?WUbxqvs(pNsz77SNyDjSBs_{llR@cmJ7FbPl0E z7yY>%fc{(qX7uNxKX-S0^yh9ri~d{yF7)T3Ki8)}SI{Yws2Ds{aZc_}GFoq?QhPN!U2J6oJ$&?6$;7@U;8+;ui4OwJ z?D#k1lqo?=?qlzjG`*5 zl0K`i8m+Lo6QtO`&O4T$CG98mG+Gn1aqCrbfQrQTs|T!*G_3@^y=Uc*&$oY4!6p{9 zwo0OAk>i%_oXO&nc?jjV8)trw7*6)ku(wrQ(av=GMRW3Fov61%C=MGHU+j-^$@!lvOc zd6UIvTqCuiK1K`hDj8PP0aw~;u9|f-Jg^icC`C|;cpwp_$R0ckDH5)nwcl8}fwrCY zhVSW`hJmXXxcZC&SNrPLcnw_b^{(n&Y8qzq5bC;Tuk(**+|bl1Q-9}o-GLWw!jRv! zMr0S`lD0+^Mz&&PtLf!lK3}oOhgzycYJe1d;i!=|Rnf%1n8F@Hb&^ODR-}Ah=2YpT zZ%yO{?Ti#w8#?N4G$j>F>96^C+RHA)oUpW$e9{Kd_`SOsL&acmLV(aPzjPY|T`kcW zuJgtyFTb+`M{_~Gj&XwE?a^na(5#M!n}~TWOsjA_ml@1+Sp(*|bfdyNm;T`}&t?Ca zQw*BNJQvJ!=>RbQV4ln9=rPX)^ISAkV4h1{hmXk_i+L`i8;d)B-udYWL+d+IK>Ve+ zEC=7oaamgOdXrrC1NN8Wv|$(In4VAwT{iz^@f(N6Yq{v$4jR;z=PwGixWpqNST-|Pkvu}u+>-O*G9S`Wl z7s+$}K(p<)HbvO`_JQ-RC!A&4GTY|+dWE(`TE_y8F42|?bG4JmvbBFYw0q62>De>A zZ**x$ORDO{yCF(ZQN%&e4tE@ursY=I{dDi(Kg=VeY5l`p4E{gdCx`d4}JNap!K9G91u zm%qPx)BJmRdAa@Xo8Mpme)-#rSFhi`ef#S5+rPf~?ZxG*-{1Up`69XWG)FB|QW5du zaxkvl$sGvt{cqpjf4%xo^8kGr<=?)1 z`Sb(&`af4enj0hh{oCJef4u+k^VT@XYIQGCLCGqpTq-gzH&xW><~2PdimuO~y^qkX zjsBhA?P{R)H;nck-DE8NMUwJ)cZIvyMC;55q6RO#9Lw2aY}`MMZL5Dkl&@?~WmY6Ot>k6GsRhS+?51F1C*i2+Cr zli0gljEA}jUSz!ZC`d|gs9-$PC>D-1^c{A)L>yrL6IPI%{ktP;ZW92)`{0bN7uwVI zmPW^A>}l`aaDONhljMdP1E(mB=Aqh#lm5}08Zjmn zf4&Mt10a@b#RY&s!f?ybYSstl2-RC^VGR7h59U>Bn}TsY*GYi{;QB?$9||hI(+L%{ z=t;9#!3m1EyPT)@-|8i}UTQ#rsDXu-ro2#s=Xo$u10w?x`yR9;6CeUUBz{2f?rBN6 zl`jLZBmGJrN%P5PR@{$=(eQ13A~Sx;U0=^8fNTU%bF|~^Ocw$&X`G;1Ds^ynyf zM&APvTOqe0pnbMJF$K-8tC|6B(;3aGrljt);7>n)_(jtScBoh-ir7%PNpF3^L*H=0 zl33MO>;j8L7)odhfZB{*;E<}b4VH;J+W@WW*ae5B999#u3!FHkg~3xEIB9Q-4$H&p zdJ}ZZ-G%`)yHVRn4zrg-H`0KvdA2TtWX; zF|TT>HMzEew$|@g!6QGYfbU<+&5r7AKj2A)C)Jn~oc>9L>a7`2XjlRYjnfty4s<$E zXh)j`Rp3WUo}o?G)~35&vszCMt@$?5Kl%neeK26#xSwOgH1%YNcpY;1ChiAt;zzCz zmh8h0<0P6{xF5{Pu){g=wFDj(!RyCxIjoZ*2X-=?es{`2jhXtuK9sT>4y)UGS$l`? z?)c(U{M8s&v_Wg*{8dK3_bOiUoKGMBVSA_zrqptE(3orh|HkB?`mv+J>d1CzPVNV^ z454LcObSllGBiNB^r2WDsp?|+U0uv?4hp38UUgmvrLQox{<+JXA^A_T+(L5t0 z=?}5rKhG;!F1MqU7ZW!9Ldt*8$M1A9%2Domi*vZa9Z1=;*b|4Pl$WhKeE@2qeV}*W zvs8qe(w4DvwoRcvPoyS8*rr+3rg_W}kn6-Yt7>h390U72>7b^%$6l#ThHy~E7EIdP zwGKn0sA|VE4MGi-Cnm812?#ySv7< zI=bwrffU;9B@`15XmXCuQg*>zEBE!tGKrNX&K9(wQr-xDcW47QTyGvljkng7F?%Gj zXYC1Lc_rwNnV@pUbKr8@X75^Q-J@`qog5u2x5iPsw&r|St@?Q4kesyWqlvH^EfdX7 zTOMzl*r^!f(PgU@N1C+93Z@vzuW3#m0Zoc`@xTv;k_yJNpeSUOrc}znC!FQI;aQ(? zac*AQKp{4#yix&K*Mgu!x8JY7sLv!)hw#!iW#Ptxwd_mK)Eny4O9bZmn zDY)V(2L~OFK~)@qgMyNbp+TV&(4eq^3k?cdI2~mR4GLR;1_hslqCo)-3TRM3gMu%T zl2h8e$81no<*0+21=z4r&gKkaDo6&_=NsoD>VU^Z^?E(K4&@Tv%>Qd)jLK}q(l$REFRuKr*-m5)+UU{$*j)=N~y zd-+lDDqMDh?X938=_@bl6^m<~eo6|gzcj)!N&1-;)vs?&ae|mmtDG*VMXiMKu26zQ z670vPt9d0tx+*Zck4cy18TG)5j6cZuw#jrZ$(5iPEfgd9Z8<_hmje&%Q)yQ*Z^Yfb zlF)Gy80?0ph)`9DzR*2DU+4xd^o45SbnL|F3*7?rh595EeWB46QCQG6|{3^lL_~#>G9=Nz?#q^p1)+W?(3tR~>ddTdvLS8lf26WQ~ zV}uISrr{|S3xIJ6D9ppDKvp9|8IHr;NWjV4onvr;96qYS!a5e37@HK*5G)}n5$VkQ z2~TlDfYv@Mr1?T*DI5(GrbRv0vd!&hR@`eB-V(P-p`hiA&Z!{z6*ju{IXYY^z(%)A zz(%**fQ@dk(d}RwlOb-!<8gqVdY3zFbgKhrw!ucXIvAaOu+eQ;VzJR}51&<_1p)T-@{H9!B;H9? z#hzYI;P{oXrF093*h1021fwh>n z0BbS%Bou2gVJ#-C#S{b!)?zyL&3nwXn6S|;Ho6Tq>-cgqvC(ZGV58f9K!d^tE;J}; z;dGQOG$?EV8WemIiUtKVD4;94>h10PUqc3y|&==~HQ1peOFBE;DL9n1N^w>A=G5bP~sL?GEQ>w1)>bHlB3dg>? z*moEE?gAe_bmTbp-8GYieRr|%E`%uTyW0iNweN0yQ+S^XVZDtqbRrL zR4XnGS4$n>y+1W}`*d@qn>0+?)&qT|s@}GK2D|xm?Pnm`h6-M)W(@06KiC2n45$-a4Xi)G)QgTY0_m~X| z*aA1yuCwF{Y=Ilh_l_-au?4OPPVz>NEpU_Yb`WfVYknMC;M(2_umvu*z%_$|7{wO2 z*aA16ZGtUu{Zfi8aM2gK1?UUiz=gh0Eu4;>7=58zfWA? zkJ%S`L@jW!=PdS|jju6eYysqPglc2YSuW96p|Ow8viL5*Z(=!f!>8j5DrS^uFMg*t>rzlUZ@gw^b=EJZm4b1>^ct)s zM$?sPh4LyVQjWW?p3>Pq5;bB2>H5~$aO@9|_xY4$r=X3~Y;3j`RZ-vh55QtFozbky z&8|_;XyL)9V8l=cpTL5etk@cEeOY3^nvnu(4RD|Yu)W~nU4d4@CYZ~C1c-7E4&4g0 z1a^U1Rz%obgu!81)|UsXivu(WD=ZbzkgKp%Km)8oQUSik$*L@KI;Vvqc_UGbJO{Mr z*ci1Pwy60QDIaC3a$nQ2Gfu&+Ea5|yEnMEAiLt2*6M`k|q6UM>Y_}M}utLi{A~5j5 zVjKS#fm8)OCaGAkl)g_>Q(l8_^?eiX$XACM5%fmzl(u&zSrWY?(GtB$ZU=tRh)mqF62asgD~X4i_VbqOjT4RzbrKEma1D;W`H44qQZ=h+6A-U+23Tl&WT@ zey&9amT>T&;4>$`Ztv-XUpva`sQJfX)t-kLEq)e~C?+SYLGi2({5CvlyyKlb$PYP@ zilu+cd3t}VxHxpq*hIqoj}C++_8Y$>LNRzKmUU*kRREK1_)^PFpRVIrObZD|{#^-r z&E)-oc`+sFj1|)_Jd1`QGbZoh`K;s6^YidfYQ;w&{3fM*`CWl}@(O;13o+ z7qF8CVTHA%sh~!q>KejxOk;A5had}%NohHo__tPBnk#t06o)3=T3u=*zw$t@iSSg= z*u?9dWbuth97VQgAf!83YO-Q`TqZc!x)qY_1C`CI8|@0Aklt}>*!tpR<+ z77u6qp?Dx7dw&Bk&7(f)8hyfu&vx&U%q+l|E9kKdF!wB`F4znz+Z_EEml#Nu;K0J&<<$ia|Tq1#-=5{IUU zm{Rp$|MeAp;l1$iz@RlhpWpJ>2$`Jz`m?bw9QxjiR=-~0HoaHS?t{+g03;>BEw5Hm zi>LPo55UNXA~LQR#3e~Te;%Pnf7+yMOC}X9R0PrNah(ByGb_q0CN>T!zil{@sqeJp zhZZwTH0i{l9a0uwr{t2wMbU!6t?e<%yu6Z%ih~DV(;_RmDO28=mc&KeJ&#yt3tpLV z39P{$lvQH-GAfz_+TuGhdH5KcbVkbem6}~MneqjNN^;wq(hALOTY@4ClDPD=wsDi< z7Vf7Ji27F~N8^(FKNa<%XQ)UuCRJeLvbA2#g(A?h4$se0iKdzWBqbvR$+bR;n})mN z*u)kSfPH~*RXd7<>-#Y&aiJxEh{msA!J_4pC9L(%T;+rTeClD9#+rth)S5^xX61}4 zUZCx=pZ4qs&C#{y_P|9P-qE7qV$#V^Zf?EJ1%|LiQ3i|hZ@@w z@WyQoc%tKtJ2atqXbl;rf&H#|u; zU`iByAkk=UrQnLD^+oX7*gJhpx=>7cCn*_0Oi7u4C~CTZP1USFoZ^B^X-w_@mL%Oo zbjHg^sc1Ci@Y*X-JVE?62N=+Q^z345V=B*#?LHD`n`+EOfMYX=M%Q8^zK)bOqP0CX z`JvMidY4Rw`eH61<-%D*j*vle2C!fRSRIF563ld@RzY$jf41LF*f^ zb1fv`0#=f*_XyKeDr;e@;SQdJ)DM)t=aGZCf}DdbV2u{1l+dEjPv_X zd(y>itbg*m+s-fKHe9_SKK!C-rD%5LQ9|&$rm#r%kruR#-GYj_mFC|WMdwCL)$DkC zQaV^_=cmOor7BsxTK}*4H0SMQq5Z?M%u2RF_EH5|{&MyL0RaKwAn^YK00960UzAir H0EPnq1zi$Y diff --git a/released/assets/fleet-crd/fleet-crd-0.3.300.tgz b/released/assets/fleet-crd/fleet-crd-0.3.300.tgz deleted file mode 100644 index b33ced1889f9a3a383b3c54ea63069b2ac9e2253..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9717 zcmVDc zVQyr3R8em|NM&qo0PKBRbK5%7V4nReSo5^|V8=Ph=4_?vtKE#9lP@#5xZ>o@!`42) zBqU)>5gY)NxBWk-fZ{5uq*~$vl7I z87?m`FW%U7>2-@bm4T>2)Y3o5CI zcyT!x*Y4zw1V~YEMHJ(Oe0P>4DN!Wn(~FcSmD3BxU#3(jHeob-mk3g%Gb%bCo3SjT z#k=G$N>ubOosSe`PGw0_`Yvg?PCiOS=bg`T`7X&>QT^)ttDre0lAhNit_Dj*c1B9} zCl!+M;$5=%?TnP=(|<27USGUE%cx8RD^>H;AN7057gCTZ70Fd46`y~nl2;<7*L1=P z)-1~zOY5g+N|o~6%a>`rP2|OLEoy3rlvK%=IiGU*vLWU|E~aO@#4WZ+xx73(^rvrN zz5f-RmpM^XzDz|XeF_5Y{{QXO%aZ)i~5cK_>aFdL;U5x|KE!_m6A;9 z2ENf>-5o>u*fFeX*HelC;a&(%k$|=9M7%)3Ti13P`$m&nIR&KgM!wW5#IbwxO|99}j zS^!LMNnb6;4uW|>@=Eg^!=Y{;<9Gk0sq(`{LZt8zJ?ji=l(=#t?hPwVc@iTzGO4Ou3_7^?l{jWDfa%p)ce2oh^k>U z30iXhqbhPwzdaOG$QkRD5BeD^HmAH&x3pGII^|D4BP6RG+W8)ET0MNf=sy65tXD72 z`$q3%|F%;%bex?rF&g!~XP%p~RFX>4J*A+Zk#;o3HS`>P`U5ZJg`!2LPyoqXgNUa^ z$}?6>Lyh0B=L{WNvta<=dH;YAJkRUBuLMza`sj`GNu~G=5vsZE+;;3K&|+wpVorYj zEXabec8tK|KTT$cpzFa@YR4XQk4W1)?8oM|ID#^~iSL%?G*!G)1X|&RDaZ5rD)!-5 zDX5fsZ9IW!Cb zTagxx5%&NVF-gUOrSyH8@@oI?>2{4)L`O-IU@CVk)mW_x&nR|T}vR&&*?o8bYF zYK>B)1(YHvMK%DX$P=2Qv8uOPAF6sNq)|wtkY2&F5YnjXp%n2)B1(}xcotH`6aWk+ z#xSX_kYMoG0PnjoNVo-W0tyl~+(H;hp${YuiCJ%z4vpCmY#b6jB>cDqpn$e zTL|w2gM=uLMGGisc^qQE4!om3Kn=J60neM`^hLXN2S0-+0ys4K!lA)95*Uy421sv? z&=)k^f+1MiH^qJ7)4uT-1FAPi(yx#?xO#J}ex^$Rdbls;OdERbfXdy?+Z&P%roz16 zdV;h^oo6`Hrcpl`jzI4>_l4z=%=3U;z!y~H6u_c{9FOzD|%&W0Z8}{N+$ca=x1Sw=Q<_{K5^wgMsmKjkrB$j2`bg1D4C9>}* z^dLO9Fxm>)fAH!4vDrjjS*7Ulhu4q zM30jKpbAsT1kIX)6vM76REYOwnX`Qsu^VU3v$inMpiv55G;{jim!!A`Z>HF`#>Q=* z5ZNLxh+$BBECxru{BF0J<82K=ER%3scnjgJf*H-JnHx5T*4q{~0b+S?A^be&Ov>Ku z+U~L86NMQ1mrsVzyMUVh$0DdCDviVleptKnK^;QN(*|YV2E-(vP=shet3vLA9ako; zVhBt0Yr*z(NZ^Xk8Z2`8T5$LZEm(ewLD-;zat*yV-T-u2t$}*7R)N)u#EE$<4y_t0 z7Ku!IK2F~HcvT)QsJv3&Cby48I&7Gd7X5`}po56v(|I6FdAM*JzGOAb_Tk%RxT-ny z_x-R;C&Q3QYZ`8!>DPi{E;>Iorz2TCdjNcsC*E} zh~+Qt!l=1ct!GZMqaIdYp|Rz zJA!QdxsAM~*#`4S#YHW1+h5Mk&(F_7H($xt%}~6zVQI&1nv$%LUT^-iv*C3^&3VBT z7h7X}+4>DI*a7>utb5Khf7>tv0Y_MEXgC+%23!&Ev>vD(2quG3+@Q>4cl?a0qaEb7b7@95Wz0fQyPc*F73(XJ> zO9ePLG$a{d9o?D*_4gnEUJyn-E-e;d9;jX|?aKijF6MRFpB77_;R0>mr}?4>$ocd` zr!L#m4+c=4r+GzSIi6Ba)caJ8QGx*H3XZpZY6k~?v zu<`qHD+hlMQ&y!x&G2ZN4|=Hd{z)n_rP;Ojt4}-bH@pDt0bYQtapDE21MmWb7a&_A z@B)MvAfI&N1;};EcmX=V%nnHy-6x1|iKuBm18X{Cn2%;X0QAC)OHbPs_e+5B zaldT-e*F98_%(!OySe7z_n&{VRbjZ9T#I$}(|L2rJ?r>b#!*`ZWOLBvFLq;&oRN|e zMW^lUACrJSLi7=$k8qEKP36VEGw-BY zI;@-^S5ES0=WVDI3VNsLFTvML&N32xNWnFY>(KDxfNE>bUabNHU zhp5gF)fTWA-x{zOUpFc&#@9a_7USE0<`gS?VKF|x0k2q$Z!FBucFSThKFb6xi?wyc zU=~1Yz+!wGfW`O*SzxgkpVRg5l%0}+{E?nKhg)NQ<=NJV&HvrTlVo1zv>sq%yxZo- z^QT_{ip@q_We$eKZ9T#Z4-p@2=9oB`}^y9Cu~Ek zJ=?d*@1ziLm>%iWh4Z|7m8pj1S7ll~M>(Tg7TvPXz%9Gs{`kn$cUtnjRq5X$aXNK- zWz0a2?vu88^xopWrh|h_YL}g)buxx>^LX)CmF4`QmMU~oi4VrfgV2kt7Kwd6L2gH^TY>%W_J9W zamtjSCHJxSN}68OV{PoY@2mfU;tJ+-rZ!%_TK`}hfU(=;Z$G?a<8McvBEGarZ%Lok zSB+NK+zC?bU*{dm&yx0&dK#?>+PL*9IY33?`_%(hNSaoH-rlqF$LHHWsbCX}T3aPi zvq7oUo1;^5=VPVs7n7qki zGp>=^P#>cOc$Ew*>VPY4HCN5L86H@Q5|kn+MLdv*Qe+RFg%k-_&f0G*-9Xz;d&Bp1 zO~b%d3|xIifvbIWYrF=o_Ig+KE;S9ac?fmgv)B2@Gj3?=l&Qb*yY9dXH(|){S|hTH zaYSp*l$<2`f@QFLSDN(YGe@ zf_6pH=2@)rS#W)Jndx{Voq4vNj_@b>7lQ)pJl!%f7z7N%7=p34m8xvT;6T)I(Vo=g95nCG(p%qa%V zW1b7grW5vDIoq*T$Y3H zzXwH)7pyF~4@S@1)51+}DU3A98od zBWa-M(1yxii2hWNLcxR4Pf}zp^F{=%*C+KPu`)U#RjzKg!r3=O&2{_t^Nt5};)~=t zf1ug+Tbm;6efz+9*Avb%ZJBNJeZ4|kBCTTqN0(^Jg}K^EWZBw39ooHS*Yxa}-Z#25 zq$O4L;@uFXs3_tfXoouvOVe_z?0&j;@bPx=ckVsc;f`OvrMytIP(E7TU$sMRD>TdD z*IRyFw|KyYUJe`aXM2G#9yH8(o{H?HqVqB*iprN$rvAzAWc{nWcqH?DAdbt+%geWK z-ZcMSUS4kh`{wQIx0k=Yc=h`C-+zDo=Iw8<-@Led_4dtgmoJh_Pjl2lB^41bE(hb< zo!pT?Q1!3oqKo$5!O7rLruGuTKiqtST}yYtMoC#dEmT|-~axrdPr`RBtifYQkmqk*{; ze8Do>>7^JN_Pw8w?PJvLs2~Xif?;rP&{h=K2i@U{HAA8a((hWMzy=GwC0_sS#sR@#m{R zGyr0`R$KrGBn-C!k)1h#FXUY03*Fc%BCnH83(DvF|}kG65psL*fSn@1B;FTlq2o zJJPT8ku;xtX2tz@7!BXnCo@vm3RI42K2SEDbp}=FP?$8~0YnAO$rbcp74xd5 zT9a!lXlwm`6+H5T3i$rD-0Y~{_5+?&cv6i?!Ren=sNR|Zg@z@d&^T?O;XtPog?6-A zPz8RpiHLLaH(3)=({iAQt(+2~#jr%z^OjA#Wh}R*9Z{mIcCw}DmV97r0 zFixVGh5Nyr3_F|?UrXR&5xjm3m%}<4a$qOJ>363b)R?Ic>_aKL;jp@`m$i5J?v5`$ z#b1qaMH{p>&R=Epd#~ap&-wK6@3x29U`j1l2aU-F@NY~GsvkQltd4Al=Hz}r%MeM?W$;3P0+52c2x^<(XML5iFVaBpj|a${TS`49tmv$?W(qbcGUw= zfOb_4pj|cKOK4Z!#)Wp(L)le9kC968Ij@SHh9N)rJ@r{!!&J>B<%J@w7+zY>qO6aY z0`?quYdU^!AOkv;aDnhr%I9+esiAY~3qgy8$3?JCB?Q$GT0ZL@IBy~D8qG68lKv3; z{qww%<#Ibpc`;$rFQoiCef&-*qa5X~w>XCz+<}xmi#>5zN_p9;(+8jy+6Q{~JxfKn zDQy`$XWJC&^F(Sggl(EdZJNg%0l7|Wv#Qqi$1$+alMZUCd+e3kWC#akY{8_xUF$H! zu9)E%sCDA@wkr&(0DFKcKuBswQ2{Jpv3fk@oep+g2zIY~x)@l9gwbv-w!3RwtE0<~ z8c3ntPO{!brJxh`E3P|rduAbbK6mbnLtwKxnI5#Bc0<5TmFG7+XDL8S3P(!LCNzCa zyE{$}BEoJrmRzb^MFcR&#evD~r33xdUyj-fNp55%HU{-g!00jkJ65XdOsVo?cX!Ti z7?nR}Tw0JefV{;0E7vRdpOj<Nz&Dk0&suv^J@Zzr{)pJx~uv zqfBSic6%K`$gWDuTb|zI36Y#K`&u)Gh@XAKD#aEL=WIa>D&>vfcZW7`!}aD-)Oc%M8M8+cd)A&1 zmRExQm(E5zwS~7Z3bkD5+pP3yMNkX-cIGe8O4Y8=mzU7w6`+ z4HRN?$}1I+bu9=wbo>4Ki~39=bqFtQQxj*dpnwJiG${BYDLJLh zd&~xfRgOBSS%3{2wi8^n zt>-P`;+I<)$ettY;8O7P3$KcBDy8N36O?4%iv00A=jsoZQ~4+r1y;2iVZB6Eyq6yZ zufk8GT?`b#4$lcb+nQT_VX6eo!3w94s%TGUDy?+PV2B*A`s zx|&xaq^kn6`331$oPYdZ<|c#l3WRz(Lynj->C^0d6y_qGHa9#%=V4N=c>^R#iV-V0Z^b2QMh8%$@b^mVLqVYEG}| zf`J_7!J^=^h60;L3M2V^BMTspBUHQPn#LbWNP6Cf36(8cBR>+ zf!LH%mepN+Y_cTk!>csCfWkbS3S>1hl;JqcjRc&$-8lvq$l;?JEUaUpiLpr`4Z#wU5|Pf#pYRkn z1ZeHELYgl`mcr36VOrE z4cO=w8{H13F&W}kJRS$=sdu@X}$%^21NeX!9j7*HuT;6$Z3a&dx6 zF#u301_LU^T{K3oRiIM520S5lAb$1@s}x&2jE!!40c$aB;KEu=S~#6L6b-J&ma3(yz3feU@1 zS~wj$G5SKc0DYl82}NHh`a;nc8UzdaLXUm(9h#K7zF{SFtu6}#CsBrANi+y*o z?=JB1Lr0Ed-(53V*moEE?m~#dzPnxUT>I|UH-+~(BT_E|y*72MaWrs$#dVCvg1A*zL;*&ig09ZeO-IvD?>SXvA(`E5H+C2jXX6 zYsRoH^@A;N!GKD!0VgWOk&6>liUEL1F&I!O?xHbztpb(eHQ))c1M#zOSf$wFVQhih z3s|LT0~c0l(!%Lfu)r!!TYy!Xd=iRPny^X}R%r@?1*&dQ7kccQ_n3X5 zN7Mord(L9d+4vem#uh*xN2oUToHdh$J!i4!EQBcRIok!#wdZWXGiow)TOu^fw8nT# zbDAoB6B_&YEQ{{~{3ez&H+(w2pkhXe_TqPXvn~at^TumtR%iWkS}7P8Os~OOVl-Wu zRw%D>BIUUI>M5P=BT*wZkgji?4afcfd7n>7b_&`!&BkVHQ5E%_{{So|(;3aG-0T|l zj20ez3PucN@Chua$%?Jv)|Vyrs~IVv)&K`e0NV>5-W6yiY=XHQNPsB!;Lxo=OJEnM zWkrO|MHn2GWqo+S1vJ1aBo*LmoUF<+r*m2;k~b2?$a6q@j*U^< zVT+n?k@8WdD)%)VJL44G$`U?Q*}~-=ni!k9FdSGHRUzG5rbhhG!5$y4~|K2 zA_k`E0hN(cvP&sm@|;f}Z%aW*cEt;+1Yri(sn>m&lRKJ2jQlMGjV7NHl{QWcxZ51@^&{AbU7_MUw?!ZN~iKw-X_jSIjL8)qX>gQT? zU-L^L__d>~j+(z8R_%G1(c)(ziDGiX8Whj!z;DB&#yj50gZz*asaX2g zoTvAyIk-{v-sdOa$*vgtjHi_Kck!97y<#eAM^$A_B+};Z_0}a zn|>jHvU@>yVMZsU%GC&WUbvaWLOFWg?w&dLt9hZ$rlC^e(1v`>#f#625>q4~FI)G_ z@mUX2$qp@11zW_T6UL@x6+ELi)m_fy>=sp`Fe*`GmcNyb_FgH$?kYoy+ZxbEZ1Hf$ zABqPeviCOt(>&^vULJMRCnt>N8CdGI;H($9R_P-p`;!W3QIcXXsfl~+&2mv~3O5{* zTx-oUK}~;$Jj*p-HTwDE81~*%n_s&!#sjHMhHSr#Ets?mIy@Y)D`q$bY8^yHZ1-9V zdg#1Vk0A=VSUU1(#;VW_I^d2Q_HX)`%~>S(9o%aOit4TK#%~+w@*RyAL{}1CW#ix4c?OEuP*V zJOCpjipaQP5SJwV{CR{P{b`f3EtyobP!UA4$8`n-&a5c2nAkX^{I=mproPjXA6m>X z(WDcHc1T%#osvry7exyOx3kcN-H$CZ3&7nNaE7d+QvVZW`{6V-s6U z0QLpKRqZGauJ6aB#D$gsA{xJf1&fwXmax`4bCnYY@TrGY8fzM2Qfnf)n3XfGc!9Rd ze%iAmG)LE(+XEMIct_*+#b6H3ABrzoI?$+HU~Z({~y2_m;h9$mxek*p4d8y#PA zr?CagB+oSr3JPt(Igqsl+raQOc%$7mSbPn(VdHB!^ujv@@web1kl3bN=o0DC1e4pP zo_eL$rc>zVdzNfqm8`V}l;6GJl2o+@53*z!`N^P^t2KC-NHY9HN`@q4ts$1l43P8* zp3jFU z#}$6S=42WTG57Sbeliwvu#18TO3ovRSjFJy03;Q7`GfWCM*#O2xVy&mv&@L1 zA+gMLZacq_+i>-U`0$ISm7>{|M+w32n!+O4M_SM}b_*)zR+@ij6rCF}RkP#mN$Fsz zou3xVl&WO$YW=_F)10@Lh4v52GAr2z*-I5<`ODc01Ox}k4~o#I>VA9IWVx1=z*bR0yS8S* zS-RMZhLTXU7sJ>M_V!68r%@z7oQp`LPMSj;$}U!+b{#W+;6W>pFjH~n=P=e3k5~e2 zC6*j*@etFDWQ@ia+_}tN@H~@XX1ei@?VpmHiQU)VRtFv=N_gtUwBXTWuHe$F5UWTG zeZBYZFRM~=%x9*~o9FcneLf3jh028d<>_PmQ~`-HZTy%NE&r!DMYX8Z)~vQ#jj86O zhL*q&<+8-;YytUGV^YRsD@A3If&wZ2sprJ8LjW_jBlC|n3fo$-Q4>doSB` z2WIA9ZbcP-c`-^K7Krob&;3EW?)MwZ!?*6Y^L?nPPn;SL6A93fyjaAG-_5@ZzY$M2 zM!j_fF};k9T2ikKFR94`mAFW1CDu6C!z~rDWMz+;tkB_pFG}gOMfo^-D?N(mB!l3* zfANP49lt~lLETl|zOAH|4?L~0;U!XfCNjy~9xbSeCMbVBC@?W^=q1&jK4!MPq{lJ@ z#w~L9o||7l2k`d_vrAzrftYhyJIZHSF|f3d!~i;KT&VFFp8p0S4{cbd$k`(J+m7&t!6zefBCw zI=!@oZdFdBXR+k`W+%_gx2;dNWOBs#`U=DAb7Bw42u^k4&!>By%o%PAKbd%?tGa{x za^^IL zrPn|NZsW`jv2LyK37YD8_R7Lmxy?fT+5=~|F4zpUsZ`Co2pEyYa_mE0vZDI#GbrYb z(vcLLsF%&xS=mT>Ns8kv!I|zjSCeD*JDv2GF_!({JTWQ}@N297d%=iAvx<}uyl#DQ zJf5b59m@VrWg&#b`A5 zw_y;Hq4SRvsq^I^wu%PTX92d+d$_0l@bv{VBTO> zX$3~TN-vbM9*xyrZKX5ep){&n=I_M~$^&k5F;PbE_7qqQqmcHgm*h`kM-!+hEpL5S z@JGSe(|C4!u|0^BHz&0%%LJ5mZAwGVuwaZ#Yh$PWn?EPoaEZXe7DvRi1Q`N#Odw+; z`0}{%%021sb4∈H9#$9AomqQ%2g_p|l`A1%_wvW$1(#y6!$dkU0C09U6FV zV9$6XqQDM$CCVL6jSZZ$-da}NE_6PbI+8B92_dXRK4%6S|6ng7{w0n92>X>F5d z6n55*@PlcpQ+M0x?qEu2=wX5EY zT`8A85dB5Z&sX6S4!U!Sm;suijB&2&6zHoQ0ng?HdOn|GbCj7o#Z;D2;v%_ zYteaRjsxBV;@~tc8QJfRUAk7bZZ4t@^ua&UHlS{{rOafcx%D4Rd#?3S3erCTe`g&*Ab~6!uMw=XIF?>q^;42Ptg?a3kC66WYZo9)pw*^fYDiId*H>Trc!fH~Tl+4bNf) zpdEl>F?x<@XOgldQUnL6P<`7&VCC->E9wu9gqV=ND&Eu7_llT1! zCtg%>GQcKA1&qvTs~&lVYRK1X%D~v(Ip{IB2i9Uu{4ueoeiHa&|5l8Vj(|=vDgV3h zif;W!-?nXDE241b48lgKQuCFaYCbKq+TTP=z-ggy=A{=*Du=zAmfmBrqwZxuGlIry zvgG@(#o;zfi|L|KWd49O@|A7Yxlw3HC-2D8^8TSqX)VIHA2P>fFp7iuQ)EYj^RHB; zBZ;PVope#>E&7Ts>yRphgz%yZ4g?t`JQt8<(PVJ}Wn^X1Y0Zi*P{x7_4q)gigl?!g zCoQn@+Ae2rxO(A#8gk)2Fy$+*^9KXjeX~rXvQ?o%{XSlBP|>$7ahe@tITF6lic;%x z1WL9brivC$0GZHS2XHl3b^Mo~BzhyJen=|6XG;)g5Fa!5diOE~S0R1Bj5Rkic7JtP zL}U*sc}@5X5IO?W)vq>q3`rdxTH+BYcrET`dvSO4wg9;MGiR$z-;(*IC)9m$3xT^8 zj>*TFfTvc%Ru2Q-RW}rmb_8DL?soYoqUZK;!VB}#h4%CpoaR!CWH7u*A^8!0> zc5m-YMJ2EEC+3+zs%f8zC)4ya7?qkP<&bCdMMy!$afo|&t?Ldb9O9|5gUew*y=eVN z4UP=!0?1DfW$mQebWo#)x%gI_Ja)1FLOA~nzcKL^h2<`_E( z{lEAVzne{}Dj6HeENni2tK+mQbMq=*ST5?|1;NKTWvr_qg&%kFPF_lWEi#o}(Q_IG z3LUV&IPq7*`|!g(YfO6&nDg)*LGBFgI#ch=fFom3VzL*UM~US`t2bUq`7&wHXqe;i zfS>DTh+}TfiMXFC$kZ{J8%)F!&Qd2P1RE9u)wzmn95Qj7QV3$sZyrE2Uhm0^O)G`Tiq_{tlnMqPg18b(pFi?bb05D+d?GLrjOfok`W@{eg zRhlTXf2`A(c~;b8CyKguQR-1rEl!BtfWLf=QT^rcI|dCSh9NX&TOgF0`?sg1k>xC`@=gcLfRC!S+`myR_8ZpP0{O`W@f@vzMw-m; zvOvlQv%x!>KafFQcsuh$%`LOkZ$Gi2Dza-?OqUSm|2CG@0`U4b%nfyYhT_cx zjpiq)zVvkcmhgM+px2+fCmo0B54aQ1pht(37AfVF7#Z^5A)9;f2p=h>-@g^P$DbS0 z^uLcA*USdCubN0HklTI!+(;?6xJ*<>iINLi^_boH!QF6ei`B2eXnP2fUPlPTC;a~L{_`zzS{5D7+c)gtc}+<`!BF-g3B8pJFkXK_=0|yN%4o=bVbBg7Y)lOvW_lD=Wg!~gciMR<78ECX;rWhYbjp@@BDI? z%S1t72liOJuuj4EQkFm$lcv%>RhBq5+z9AiKaVSdA+i!Nt~xAi#JTX@3f%momMu&J zNA!#4u{=gv?Qp0tT7m2JkB9SYOKDFmu&>_5C6QnYG5iY<-6Qq7B5#psdE@C0aEAo) zS8iTP%J!G2M|%1QD^~lcLU)RHKD3$Me{fBh-l9^qn+@K^n60-g(kOrafowUQ#3O#v@g^ z5OIS&4!hyVAmo^H>s^_}A9d~!!KuFxbg{9jWKi>p6 zgFEkG9GbGV5+Kq`qCderf$I0n zJl5-mZjzkbv5A!W&h)X*WrH&`B!Mr$HBk3xy29qSK)wv-Xq6Xb@u*E#LwJr)Q}=!{ zSVd;*eX{XArhv0a1Ygll=uKG&0UAYJK(eSwh90d!FMIx*{MZq&)X}9A^Qx;ia8=YFdqxO+N^N2^#`keIQP@c6`Lx*>&lB%<&28 zKin@(WefQJ>H0XNb#^fR?dS78eE-O~<)?!Wt66y=MoX<3tR*dWuwSIXv7w^Jns<~| zdExWh7XD2C%~buQtlO}m%{YO0JtVjt%0ce2|HNhS;Nr{*_`0M6X>~L<@W52}oz9C3 zMj_tCh^;+2kWoXN*XB_qDEDzL(I;{>vyRW(WM$=_!BI=+&{`VfIYHBaJ(5J(a$r{> z`Ix3qwZ&+JwS==rcIRD4f!o`|!?)8B-)p8fmZv&K8vE@dCnXi~B?>MGw7V=EQi-g& z4A3NlE+pu$2pp%!Sq^t9jJ{TbjhTT*%Ez@Z3zN_XNbtgR4gT~!7HkU}E*~D7WNVgT zZPqvu#@n~^wBY?#is~#a@;cGZ97-3AyQ_e@g|w6J<(hfSdI|NSP#GOb#plcmO{-rCdVU~;6F~iA`l{r5#}%MqnDlVkj6^a!x4gP zV5Avp?O>>S*tWP@pqCzA;d?9+97utyAdmgkB2?9>1rZX%QeVZJ*T8VQyJQ5dJM!#` zZ79uk*~z)~>U;DKT`9qUk^pGkq7H??Lk}i3NHR!tG@=FtG!h0ra$iA-QwxXIBt}Sk z(sxH<$=fygiWYp7{GGKIQPa2h_O2{huobwR1M}gPR165mH7=n>HE|}XqXosQ$S!b_ zCSh9% z0k#HxpMtP9m{D;Ns~Uw6GZDwEfaqQmKSJRhVYUd?t!UX z32OY+(CFQbK=dpJ{r09s6DVK?C~(~ll&k-;%%pEDOG%)3fo z0wJJvgJjdz#IbRow&3V!4r&hjm}#y&4gwz@dMCoCETs}zK8+pYbm;c~CgAPEWJc_Y zOEojz_iiK?qB|K@O>tENrza3H_A3*qwI*Tbu3Z_~QhgrwAvbZuUSnl(Y?asBZ5W$) zw|Yon2BtFVRvlOOQnh1`JDdN_)~ggyH1Fs#onj64IkcB^Q=8v&(sDkXv5sPnD?B!x zf|1en%iQ1oSfqweX=d=Iy)9*n07~Mt{-gt0j_xva!dIOaK0K(TUL(wXkBKhbG8bo6 zb*AbhViD@R%v@cpopx3ATSIxC?n0nWLph#9o~{ePTs=yIU%b8Sr?9qQdl@iC_Z|!* zM^_cnTpjR)zN*^nkgI#I;Ho-pT%hDVS#DGeJLKm3(+6vbN!3ZxBNvV?81=IqX7XK*`mtF4#9*9*qely}d z%Rvw1I1{b(zX;iyVwIyha8f9UH@3#iff8AohEdz$1#Dipo$Rv9j0TRg5NN!$!V&z! z7ng>#!ZDG@F<~6-uTyMOU$*%0fzvdVk7QZqb(XYhGJ-t%#mKzc7Y##oZ9B5;bJGiu9-^9jf!0(FjT*{FIuswRnkjb;}?S{k>s9 z->S0or9U>JpR)N7`OeIb+meyIH7;oxXPy&0fB5cFBdm=@gS*{u{+)SuHn0JF zkK#hVRj=1iDIRy-;g!jgD?TDHWdLo#$=ZZi-ay8}Mv3qO17mnd31b+Y9AnkO(; zHz|3Eud^SYlzac&s*{;spBlPTO=r!=5kQTRuTU`wZH_H?At${s!2ct7cuR2D;p43Z4zPlIcpVVOBA*uRbr%M4{E(rr?5 zD3J83FbI!(15SV-b0n`Bh@J)&lzQEMsCuhK^g5c>z*ls(`+ygBO!aLeS>rcVlMM!guA)ilF?m@H zrCpODcg&j_pCK3li=v_C&hkr2%CXR1LP55M;``ew236>B)97)a*1Qysd@wpeynz6}?gSm$tZG2> zYl^exrs8A8$Wv$JWs1yUybeOzj4*S&{$Db3XYR8AAKG);gDCelbpjqah#(91a5&YZ zBg75JyI|XGVf_*;xna4;u4$m4eu=#B40d>z!d);-Z(!H7u|UW08DbKxF&JlL)ItUB zjTLw)xGif%p3!9Zkj-7Hlw=WxnyP?~fjg`iEF*R4c;@|ivQO`=rQFsmG$i+UkXWx7 z0GcBTL;U7h97~YsXNhaO6`tStcTU;4JNm94bMX}Jl0{gySH*4lOI2*`Y^doXd zCJ(84v-Fy{YKxZ)%?Gmd=z8#tVE=7(E#mjL<)Co1K|>-8!emfm{G60ipoRfM7&H*f zZHX8pELNU%?)9cZa!EdR-O2CpUmV;h2T7{?>+)McK5WgE! zYOs`1=`|vbmr*X6myG(vo0pF`mMeD0Km+2KEZ410nsRTH;OPhhQSbd~MPq72VYZI}~ipXdk!QONNIHXnxIT@uwn*?<(Hd$CVpc?ogbvuEN!yin|c7ESQm0A7)FTeLQh}n5NeEmBb~Iy2iejGXo1EQZVUF{r`^5OaimgmFgdylT>6&C5S=u>-{a7}`Z|u696j4}-#3I2^th4ngv- zNS9HQ7wNIuRZ!E~0f@w_Wno+(g?e?(=! ztH{_aBT!qj?+>kZONYoeV`Xg0f#jM9Jfxxe4I`+27T{xOPY-s4&6_@y4(46T|4nhp zdH}ixA7wkp%8^+~kCL`&Y+NWb(L2dz&^sk<6BlHM4n;4&-Sh4PIRC*4DS1LiSzlQr zDDo8t;yh=m8$)$=7M6aViAF#oS|$)6`*bP{7-#@w`(OHljL|bf10+2K4fhhyl*0e= z9nSqZRZ@u8y%DArO6heuxhFW-3pqd~^FtKM2OWwQM$JV?!OL&dgqyg888x02^V^1U zWkeB#_Z?_xLj!mlRB%y4PH}$o+N0T!T2}7*WV*0Zt4>J1tJEXY?`#Y7n#uXXS*|^WUFY&hiy>ukSl>Usny}QtIa5&1S)rP+n z;6aUFCVq>D8{E#-SWG=v1D9#qkv_M5dE$s3Y}mHntCpH>mf0k9XDlMmtTlQ`HJh;> zi3IVw^Ph6vy*)iJV>$l&N92Z-X2YYm64!Gl*qQ+3bf1D4fpA?Xp|4M7!<;u)(G__j zoJ-N!{XSweT+ooQ@zSiOnMUW{i}8nYLyM*{uAEPS9W4t158um~cb$nSInt>GKfG&Z zEwm2t+_9Hz;$P6xNLZL*9cfVP`){^xW*i72fg{B2UAG1vyU_@3j&~WbUyp%VeUY2- zwCZF>9rmnY!S;6z8$X<`)Nh3|Wkm`HaskgN5!l(-6h#t(dQBIpyY)l`@q}sl2u-14 zl##NdwC>{7W$78974~pZL(#kudOtec^C+dj4V4g#X7-$z<$pVoTiB1HCU#X|MIMP% zoqQ*h@|!GaW(HMDf%Q6jT7@x*XDGAWjFvuQ^A*Xo4KU>i1vQE>aAd zIv7Bl^;M#8Q)6_cC0y=T?7+JCbe8>03rU^jjk!>lre!)-h5+{EAlsyruE_9%z^12Y z86y56%FMVM*+NshRGH^MVeZz-q6T57jpQ7-AaVxoN}Kh9mf%+lsJxGFpoNz8cjAbb zSyq(-yad`BhZU`=17S3C%|FFvrJ~BRVDa&2fqPoSgR1rIyIccU-~4?7>{WTggT`K& z;T>|h{X>VU4Qj>4eoAYcX10#QLq5&-BSf(Sn8VoPs7?1H>GX2W>#`rt;3j4o_gtsM z2sUS0x~P(Oj(;m%z0e?(7~bp&kF2HiY6Ok|<9{wOd6Jil?1&HlUAM6AWdS(>f&zuL z?U7AvdO4W90h{K{04)6=o8>1w;`-E11vh`tVXuS={;OhWtjll{#opa!*t z=T#gdiCsr?NlrmlLql`xCMJtrQ<`@FM_DJ9CaQE}E54vS^uqnC7%8fVK(8EP@Y{f$ zQvmq;PkDwWj-s3KONeL^XI+5D+^l7rx@;Z73)^Zp8vH5Zu;=07w` zy>X?k4%8H{voK{Q+a|!o!(HmE8PRTXCDKV5BYeOs?RqAA3rNdWjgWlKNcV4}X)jlg z?`@Mjk2TCDHi)35ruzS13jaRyXU_%m*#+KQ3=3I!$N)>R(nH&J2nr*0oR0-T|Ie*0 zMgE`aoqy-1YuRCmYCwfr;X>}^^kIuf%a^+N{k7H zAC7Roa~N14{^`J`T5Sc6=J+?>{G;{I(zI`O@>0XetIrm-GNn>jjEkRE{1YDK^bLL* l$(kUJ5xsDdG5yJ`?<6E71W+G-|EYTWq?OdQ084}f`ycgHcH{s6 diff --git a/released/assets/fleet-crd/fleet-crd-0.3.400-rc03.tgz b/released/assets/fleet-crd/fleet-crd-0.3.400-rc03.tgz deleted file mode 100755 index 515a28bae07da1c4dc56f639ff2af0db9cff2190..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9899 zcmV;cCREuUiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBRbK5%7V4nReSo5^|U?1fqUuG*+U+re>B$GM0xa{P74_o^H zlaPclMQ{K}wr6Yq`xZ&bx{*Kw1Sm-Een~|p(G3u2^u5P9rRqEt*>9IqBGknbndPrM z!)P=by?gt%{&zGQ?fyG@HyXWq{dP3^>*(F+&F^ntjb6VQ{r>J%GV)DG8_cC5;?<}( zuHDHU36P@TiYUel`Ti_PQld!CCl@JEDyJ8W|CUmr*qG7meIiJaPN`^pY|65X7Vne4 zC^4shX?>(1Gb&4x()UTT>*SMEbk_PTm+zCD74yf|zY3aDBI$WG;%cx|WM`yge^MbC zFWx7M-_J-{KL2-g@#f;~Sw>|lSgGotK2`4}-$+3wR3w*ksrc-MNM)AA|1UsJM{No zpMOPXWlj{8zojCRJ{f`b{Qv&?Ki>Su?>p!J?O)&gj^}>}*gP_%Wb{$dqWYh_xc?ur z+TDxScT|zrXZNhg-glmovl&$+BZ^c^q}lm*^CHWsyl76u^Wi;{B~7cRNS4*FlKfh* zLQ!$a^ZBe{L+8mqZhw5gCTjXVxsZyexxC1jEOYX7At=e7F7vrmRLHX=S>gLzjqi$< zIe(hbLdo-+>dE>E^;FXLiBy6WlaAq2UNrQ`|NTGz+yA<#-uTb|{7XH=U;g|5xtLKY z$%Jm;yRF}A8-61Ayj&jrjfpoe*7Hk}W;q+0>mSN|E=c~oY-dR#Q(g`GeZ@Aj>bLow zST6o@poaYS$^ZR-XGyXkIm>Ep-u#i5wD@rS<_>6Fe$^J9{ff|nIrUyV_Zv-~V8 zXnUrDjE>1XSI<;!|20X9d7hKIoW4)0n_%aUI}5cjDjScjM(QH3f|SonBIq?y>9p&6LztooE|;ierld!YgIj#wen z{~bKB1_0Ar(pT}ZgJ52ee6IP9;ZQe^@w@ogFe93x(ZNoNi-Ep2%QtbVGMjrpp zq~hYK``xxBsbHxyeD7d${pKTR$^DP2$UXh>P*5SKtd+OuS4*)O<#TmQE77Kvcj;HG zKHaVF0jJe*W)|I-XP@=z#Cc!KtnA-*qKfWRWK0Z3edm4YCTNvpF6o{?(Y=v&q|G&S zT$}pKGUbJ$MJq!A@oU5NK#P=TteAuvzgtG?JGSP)0KW774i@n32a{1z8Z*j1hSJ=gIV8bRC#V?by9^khIZ%Ki8V(0D|-; zzFV5pRPk08XoVLhSkEdo?&D)AsFZq1K7mN{aKsJV(^g?)7p$b*#74+Yp7j{rk`F~m zw@|PPpfBM_vL(^Zi_)zX>^^DGMJ#E6VXsfdS8_*l!#Z!8+Mqi>jK*la28MM7JhWt8 z$hBGkxz;Wq*K(%;xt2e!WtM`iNQ=e*d;n{jq+-ER`XNpEd|&r;Q==6T6RK`#^{2E| z#COw=jbeR&B^EBq18|w|B=|+>%@7Z`{KD`F=!F;18gJx~zzfdu>an=k942qNQigN~ z0534x%L}|Jpp~|ot7hE{4}e5#0Zvn9CY1)znOQ1Vf)5o49wmfNx#zO zAnnbu^s8->=Y0uz+7NCBRPOHL&d_c!73Oo>5$rwaJj0ntjdD(Z1bY9wFDy@FmIvGg zd_hG{p85#;2h`XcFIV68^R{o~9Ez^{BARdE;lOy0QEB~onb><~UX69?vKP-pPNe!N zNFnPnf3k3_r^58B%!r~Pu`E-!Lk%w|kzH4z2j;oA3w(}V|2fFmzFEgI`+t{M-A>*r z6wo%ye%T$>m+_vS(z$Fi^7x%T?4s+I3ia`W(D%BtW4cEu=tKT=DJW50d1h^I@w-Y) zpqWd?Yj>WFW0G2@m|~K`AyJ#AF+$3Eaz2}pE~O423RB4h&FZ2U{Zthy#D}uX+5Q%> z8)wF|rZ`crQ3_tvbGqqDc3guulWtSz5Y>^klz^J_zgCk#lw_DBiwuT@UPPk3I zf$-MFjONt58#ag5+ZHwfV!>}9{5)q&%FZm^_Oam;g*XhBPlnImfVvQdBB&%Pjl`IK zSo`%s9ZSpG26^8G#KfPFg=j!4Lhgdyu1p%i5SB35fbH#&zy+T*SmXpY;P4e1u>2Oi zut6E+8ag%J0CZWcfqJ%9fyIi%Y4ccIS{2M$Bs}fqIE$<6Re4ZQ`CR=N-#!&-zhO#R zbQh$74kG$b=YcTgLE$!h$$3B9hi{wVs&>&I`{A8Vh9Q&G)ZaeSEd|9~yePO2(f7va zkYThXzYL}?{m#~#yY%nsOkDamL1wL9Wr#pVEPrtqM#;@1DxiVtWI{Y)#wWPQbhwaF zpm_;Cl@}X>3NjakKs~U;I8^ClpyB6acnXG%4~`yap0P2^fK4)X`m}`^=A{&6vM{lP zt(RqOP_g;+U}FTpd~)oUk16icJ=9EZ2+=DJTH}ZQRgJ+z|6-?+L;sq=u%UaobL}-| zjPCK~eWGSsNZI-6xqHy!HOb2fOfz=f7-fa@YV)U^1Fsuu#tWvn*c$8G)^C8p4%kCx-S?*c({?wRjc*Wf zUzrt+U#@nKja!X2Ubdb=y_LtDpV}{Kuq!jwII2lvgXN?eBq^9!2vsYr%O)DHX0t-! zAE#NB2!j)#MEFMx%{uj7uojkY8dmCsW}1ej0-R$Sk_@nnZoLKddJq6F2%{dC77H++ zR41-*0&V`NS619T> zm8d;<*-BLF&+z&yr13xdSHZBbixvwOc6phFT~=;?|NQki3LwDMFl@OPZTNbm*)O^f zbdzuwGIK^7P;MgZh|_Mg0pPLmk%AZBIx=OtKaoBnJJMrPzFxuZj4h6hueHX-c29q4^zq~Z(i-ppW4@?J*Ju7VBW1~oNq4-f zZE)waEA3k|a{a(|i02;i!2>;)xu7i#f;u-!7f&{|0CKvRJDdFUzj*X*eEN^Cvo~sQ z6hGEi@C4d#5Z@e8(@qE0M8_~6&3XXng&CKgk1L*+0OR9%+5G+Z&&%;k2+Q_)^~LW$ z4`!>*}ZTTFE_Y`B=tL8v$f<(B&_7V-B1dlM+QITs-gQ^XBml!Rm6OHR_f) zwe_W<&6bfJeHgU|PRH*dT^DrjfNsPk=ecZi9e2khppOuJgy&aP0v-c_drg0q_UhGlz&AIG@D5s=w!Rc7MVP4!9{J|kIG(^=0EDE>=EDG3;3X1}E z4~Ino_n$e%3S(Fl&~Lyi76lv%^NT&QSQOAQ$;)DG9Wj_0&>FBP;09n(z+M(uEDGqP z9-gvOGLS#gljm@2%anX|9JlVD_}e_p@q80iBz|g78_%I zB~qO~{}!K*bjuG~|FYu(jo15GuldJf@h1V>8}+hH$gpQkD!Qk^KMCHNCk;Yi7Wz_N zjM?NHDgU5PH?+0z1{fO*V`B0bTVPAzcl;rWR5V2@No!VT54uJtBCamAj@91SMF5K4J*3YOVnM<3jKCvu#{h<;QyYpAN)WDu$JhgCY z<3(KQ4*uf^0#>?MnXM~T>HAu#*anS>Zm$;xZ#3bRic`!5% z@Fs@FVQ5?f7#i1(3Pa<%hr`gg{bx=w&IUu{Ff^_OFf`798AIbRG;Vi%42|1<7DM9z zxG*#hL*smg#tAxMQZ?3W#qVk1FIKMc>wYJ*t%$Dr$Mff3`-XMhY|#I+qQ8D*C(dhs zlFu%rX{Ycr3za4qCouyTJi~Fp;YP8JePLN_>op(FsDQP~br_t)5 zja#pr1JtvpTRdQer0HDH+k002{CfK*6>Mx#wzMQ_8fobO+vt;$=Q%4TUn)Md*pDu9 z_3iAp*l`_c!P+bwuD6%2;fdRriiipAZXeiZP(Kj_=|=6aP_FAu9Bnlst#FyG7m)H_ z4R|xQ8KVqCnS9J8!a`y<6%A_uXu+|xYFOAb942qF*bHl=Hk2A`0A6s+iaOv*Tg}xq zVDy=lAQwR{;( zHO*%85bC;Tuk(***wEAoQ~%(1?SU6=%#hzTMr0S`lD6C?Mz&&PtLf#=eZJZvA1kgB zsR2@Sg`-B=pH371VhVc*)s!nqSdsEsnNy{UzBQ2-w8>;xY3QgM`;}BIxxeP)X_Z}w zIbmrh`JxS?@vFNTL&acmLV(aPzjPY|T`kcW)Oll+m*3feqq!ho$2dXo@#wNsXjaFA zCSqO-(<&T~GJ|<8Yrs60c2t<>(mfpJx$Hl4ib3<3=Yn}IEdbs>nCCJ$ddzddJQocW znCBAL9gRlY|Gs_q=H2M`SFhiW zMt>c>8@>7c?W@u2cW?gs_Ej?SG)FDWr6S_hs5h?N$sGv`JV00K_m6MizWju~{?Ao3<;DpA`0=;fpC5kyx-|~6 zTHT9OP_l~tmWs^EO<8iXsZVD_(e-7q_YvB~#((g;T~V?6hS4g#b;@!RsqPY2I@yo( z*BQXu6T-Duo#x70LsxRRhmj45;{7pz^1c(JCAbuP!7|$FPUst-y`MSlW7PI6>i#3k z*2W2a$L+KySA1#buqB3LKvKmP^oo)!X9c~bDKD}<0qJ?hj?!B)Op&z$tR087atwW_26Nz8e%C zVFr&<3|YdW?hYz{cIGe)NyVS91JM8ox?1f5K*V3TWoRVp1MdjcSrcIh{J;<9m1~=# zW<3`)fkevsMadruDsJeQ3R-mJ!>r&0S=?RD)B7LQ5?n1Mpg`2X;y_bgD8chQ7^{Ji z0SQtMT0034svZ(QAj!hr?+2wmy*=zvQm3XA?j+0;oCK zadsw!fQ)M=sMg8|MhU$-3ZBsq0K`_vZ3t+dt!_*~v#WWv0dCVN&E|FO+eyKnfByJL z(>d%?vC8PMp>&hp>V}8D;esWxDumbu7K_lA&;|fS6x+Zdr)C>0Gi{%g*>imBG*+A`WozF!58{GinrZ>Hx=GgLsD@1 zHx-JvW^l=fu|%cvu9lAH(IcPWoKfNq_p? zDF<~>>H_;v%62%cZ0lw19lpEci_h^_L#SxI*2ej(46gSoUhKUI(X@ zcf@ADtDOYJUesBvL_Bhsl})u!4DG6DSM^0}f_7E3tD;>M?WzgdRne|$K`z==jX2S+ zx(2kXMl2trUDYF@4WM1s7SOJG01D8qssXgC27C$as@u5Gu6iiDD(EpXSA53j#ZG6B zpZuQsEUsay=92P45mxjst!GizM@#@`4tz8nzc+9LI+bvN?4^{?W&~10=hPR177LGy zV4X?`sw1>~);)0Eg5A}UXM`ku68nwryprXj9i_Y&v&lD7{z0E^=y;H;+*ONn(BKXv z>{*F!gXoO*mt%~p*~NfCVjR|y{L8bm?I$9Y1^!-wS78< z?ei>yn(7{Vr8eoagEF>Y(%!Ch7-CnO;TWiO+U-qO7!(2a07Zb1)D9v7SiWNQcu1WN zrY;22>z)+@3zjgL)?$0QhP67noT#1@+MOipQ&b8%W{+{{)XklRyYr>*&Nvu0n~}*u z>uJ{nT+j3Tn&&J9NJ-&H$=R5uPicF{$zDX*oyL+&b*qQ~2DvzFa(nJTAG^y@dm+h< zti;Bkz6lsTrhmsuRGlhSes1s1*$#v5k13ZHr1c;#asSHI3jUpv%;1jOhrz>hMRbC$>DQ{ovjbZshDd?@@ z+U}EUK%p3gVl7S-iX&$yC=>$#g<>$EP~1ji^il;1#cRMDVh7^izF~!8i-&Wzpaqrk zTJXC=8@SXi9ut<&1^qb{R8DygTyER!T`Q@3klkg+M~BL-ag?sD zcfPAseLQhUPEz#IMA!|MiDoA)4|h!LM2z9+vXzP>P1<7xQ;g(SG$&7hCdIpW;1@$l z1>;#z6mp)XRLa0NoTc9IqVKpk53g;Y5SvjxR{^)K1wn^yzh8Y(pGl++;iXN=!nMWL zvM)hX9jGtYaRn|`G=-gYd^wq=;EJal9CSDYRdECk3Q97D28C8YgTe+bG$?4{bc8K5 zC~N^56nqkj1_d-Ipg{o*3cg56PU-L-vq52%qYi2oV6%;KHe(P|LDI86-!O`(0~X6& zA?Uy6RN{&S@V!f#&IMCXm%LE)5x_u#D$69#`NOqf3zpLf{U}qC6KL_^9?J?(rc6mm z?pV$&ig^ujCy@*_dTS{>6VQn51XpeAd5gIC#(rRDb%lw?1O z{ON{s^@-(FK1oG^RqX~?FEKAZ$j^e$!(}(vY6Ue(-+583SX}G$OHyF{r2&>n(yy$T zKmMqT6U1~|<#a(UY9$P(LJ1B@upgeT`jrUjnuE9dkaStzQ4g%h_=Ak^m`rApTnd`e zLNSuxmIEYoIqZRbD(x!f4S2d&96C+{gK2n*2sJO!7rF=N3*EqlzECZkj-42Np<95y zP@jaNFBE;D=nD;k1%08%et3`B7b;c80B#r?t64qdj{;Hy+-6us#f%lT+vppWl1wP9 zs(!e@@D_>=UQkk*JL}sm`-1258NH$l26C7Oi-ON;3TzrF4CM2TEPyd)c%-5 zZkoF3S$un@AxrR*Of1~sFLg(+U1@e{AU36x<@_$bZL%cl<6{Z7#=jg6^T5SDD<)SA zur{HtTi{B7(L-jR74ov~H=vs~7$cOS)(uaoSOAPmKxQ6J1hN_#y5Ts?jRc&$-8}|p z$l;?JEUaUpiLpr`4Y4I8B_f@gKjA4J2+-PRg)}Qfmdw#GVOmsUE!*6FWyQUA;Vp5S z1PWSC>5K}JUt*(MpQFQt0&H}<1Z;G>4cO=w8{PJ%G3n!0JRS$=sdu@1p^Aj2An7qN6t=ACr3w^^*MK*~4#dBG!wSU~ z4`ZX-PQY4B8@R9*lNL^=P6gIt+5)V_eN~83T$*6%=eCsZn4p=2~JX@$40kFcsmF-x-~zJjc#qV0&H}Pjc(20z(%pr zEjGH1=a^ulTfdZIqg(WaZUOp2H*ldZR12qLCq`fB7N9TGC!y#IMPDfTLW5vIU+A$P z-edNK9#NxPA|_N_+SP9l7Zr|ucd_p-_T2?Oe(1lidGa~go&}&o23TNGU*CQ*p-l zH;qXjhvV_MMo+!}9k#&Lf%CS(7PvYXeEVPv+_1!A3)~Js5ug+6(VWCn7XfU2`B503 zu?4Ok5jGj!rVv};1|kc0rw0nL1#U0=*aCM2*a8;>*zLP$&ii z3dLMFZ767;9}2N>^U1>W60P7$m0mr#-6igvashY z_MC+fg*|86;HCDQEqF#vhHguQhM86vZ)r|brEfxGAD?CMU4Y-ja^{9l#}`ygDbXr^ zr#I_TP&%u#TR|PmuTd zlz6A0wbN|qZ7t?SrSl(Pi^+6Kvw3cIje1544?YDWhHmgNEU3w9Tf?m{OYE0ZQb4T% z4wL|n7d*Tx&`Q_@b2*Rz5$?gETY;9qE>O#g2pdHh9F}FRJXk3X&>*a^R6s+n!cqYZ zunI{9SdEkOvdrm>7K-FGM=|a>pgqUNsO@k>&03^sAT#R!IFTJ8~nfiD)@_`e9aD(Epu#e${uLzb;2bu}ne^-29&u?{TZ;6K44RT8%Id25ZzVEPyOv#|^?VYe`c$u%B=EOtyv%jwv^ zwaU_5!3(B1H0jn#sf}FafvSn{RM6Piqub$z@vvl=!(CH!L&p(i7uw~5N1DY4uaOfI z!(>GUA^QbsenT(>Jbus@z{l@sb>5U0V>bCl0A=@rp2Ccd$vjsB=)7<>$)qYAc&MJ9|*$|`t9ujh9;lha!i ziNc6Pky-v$GTH~F1iPCXQry;nK4Oc9GyYIK5RrYj2AJkip7ipln>;yYG|#|XuK{Pd z$hArzDcPS?NQ;sby-7{nV{ev=YE!u3kmOoRo(W3&JLFle`Kr;+r(-yK&uxC~${6>g zHtBQxGPYpSF6i)Z#I82OF;MHkDq_=XE$E@MQayzz1Sf`ImdupwHM@I$mgNkT*VTHrihqO^9ev@Q@bJK(H9ue8^4Kt$oId_p+ZPV4 z_oCIW6Sz(96}0=HGdciCNpQ=n71!eF{lNn;GNOo#D+X~%(yw1f=+U3lDch1sMGF-{ zG<#fkK;X=ZGK*;&hveTjJCdmzTJl4)87As<;?NE$i?361$>O4D!Qj^Rn0Q`3mx_vm z2Vc`7E4e9C-kFxfh26c3SZ9m9GUXCjgFWb0iRsIzXf9}r@5togV{FnXDL>5B^oq%p zFDR6g+iFTHG`CF&iZDpxlGB>TO^RE%p9Uc6Uy)pm%iaH_s4hK2MXDjG0vngDT}f^aT*ToWjq7`28J<=s1+Si> zfEp$*E`+>^8H^=}+#-2&4TDFrIuvene94{01}u|2*U&2{v;pTp)&^_?!`I-AcH3a_ zHQ0uYui?-O?-az}fQLY0n{uH`q(>7>ZkKxMm0Fulp_}hnZUd`itu-M3?gW>lsx^4v zCH=@xdZk>g!NWw7{x?$6Cn0MMu}r21r%&*HKAd3GC+TYqQSgRdDPe1fD6G zv^b6&^(3K>C9~`s=ACR8j_AS*u?oNr4(}PA|C;l=Cv|9t7ILtQf(c5_BZ*kW z;O77&B?AOM$8)Dy5H3@a(=R{pCfR@qQS^aCBe|7=E1Fh{;FYm=`jB)XoAORlG60*B zGXGdqbOD>HS${ai1)0#8+Wjp_x{m0MmrqjBXv*O=Do{K@{5BUD(0}yeVrye6&y4Lp z5@(xg%te4>Gl)jlVk5qels2rjxi`@~)j;=T@nfj5-^_V|d*Lei&9>eagF#ResqG(7gGb&}L3$Fk0f)d%4#?gQD{T=0Vbk%t| z^&MMt-~pR_pVQC<-H#G*J1$es@4xJE7q_wg$?tAkzmVH-)q(iDc zVQyr3R8em|NM&qo0PKBRbK5%7V4nReSo5^|U`NTxoNp^tU+re>B$GM0xa{P74_o^H zlaPclMQ{K}wr6Yq`xZ&bx{*Kw1Sm-Een~|p(G3u2^u5P9rRqEt+3U+G5$fWJ%<@;B zVKf?zet-9_{&zGQ?fyIZeKdOY=H2Mc=&!%OdpmmjYV_u}(c5>gl96vh+F&jf5wAwQ zaqUj-NPrXtS41&h$oFSSk`hI7KDkJVQaQa~{B=r&Vq-?L_lY1yI;EoZu_?m`c%D_d?N*!P?22DrQ)+2D*0Tb^oovI!Rlo> zV`=sDRH;(FfBibGj)}Zju0=%+k&-I;I_DEEU)RK3$i?Jrm$=0iDWlQ3NJsC^4*mVt z=U>rTnG;3j>r`aYCnM0F|F>`c`rBXM?wtR3|MA-h&;Jmxd1Oe*=%b=V^*?!W|3754 zyBBZns3LF9?pcw&?>r@EGpa~N6sedRxg4f*er|NH;Wl4L=0met(6`6DlB@!|T*pTFIvQ#vEfk4aJrURG>{f}KC^EY!xRY&^Casf)Y{Qa&q*pw~pD)3(1S z2~%{|`Um~M4Qw2ljwcMXuc322)=+Ph0r1qDdLTTl8z%&^>Qka@BT?sc4cokR$9YakvG?~GdHg$* zii@Z2ciWbvf~C&zy@Sp5n~$I+_dlv4_w>g@L4};MR^FmtEyZS(&($rhM4MLLrC+i7 zbho|-oL0w~S#)2Xeb%cJ=Y1`+vVYr&D!NmVF)0HrLQ` zZR#(}loyH?tqcXkuMO7&EmEGbViIcnZW*cX*qQ?a_|E&6i{N=)oqZ*UqLV##>AdsF zT=8onRIMr9wwx)@VrZ9QMjn3^WI%3`dgYNt=8l&|Z7}gc=(2{i_ z*J=UeTDyQ;%bf<~TK>3}SqioyEgA#x0jz0~iUmvQhcxB$ecjVdjaEcVsJfxmpVC$l z-%UR@iuL`KShy$;z-7LZ;1{7cLpR@!Q=nsqZg01~Z{i!^{-1i8otAQyQ?b2L`O>qKAYoHvnYNHts`6FmnUponVmg=Amc-1w0Q!4A_Bp^cScB7a&-AbDXYd*Y?0^ z@I(NYMpq~`7)JuzBb~w3n6}$uso4j9&i`% z1r<4Y>LctQP-AnvTz%Wm+rE)=D7x;8XugGq1LHkLrS<1!V(*!GHP)%iUOW>yk?N-) zg{;T?$-=Ro3e&GLBZ`K^vP|6$HN2oic3p)YnCIRu@Hu+@=OAPIW*y7y|6O8rJ9(>6 zK-(<)Wp`9x#(R27=d#Vn<9GV7i>_NL)W;7(-|Nnf=^mk=5BbxjphR`$nYF#e?82~$aSh%~x=o#r+b$-uMP3jCqxM=1j(qvuZZ+528iH6j;WqUK z!dn+Jnp5*`*c@7KTi67M1;2st^PDj$JF|4#$A(W7;xJe~89sjl>OvTbppvLG5@Y&d z?bio&EG=&v}%6 z24$3M=+t-v&}Fp->e*Ta7Aq2`&0}$CRWN6f@U)lXEUvCs8Y=lyISzHNr9+C_ithj%&|hD=gZfBQ_g6clsuqToJ6-y5St zhS8S%GMK*fJ6mt=(!Z-Sap~U#nYDVAAp#k({KZ`uB{z?#fCj3Q3Gsv(pWq_X;X+1% z<|X)4UTh31$XpZx^}rJ2P^FK7hM$w+DHt|BIC`LY#>OxMHp$rO(-vl!mr|6;!o(7` zUY4~%#pct4jS&Fz$+2HPrnpb{P&2(DM6Wn#jUW0~H3kp;i=9Re{c8rphVJFgwbz(2 zy2qRMiJEC4W#^~o?m>$;Brm7r&HA?*%lWb^$;O|X$Xl9iY#yn&sCaJk%h~z)`B~@& zFxk2xi}zMA&DeEgloise&7XD-yl$u&FPP$DYpicuzX1k2U=Nvf-<$eR+udX~zCpx& zWmYtPx!OH8ZZ+C?*?I=`RvvSHYQLz#uFO>9s3wUGmXm6bq+ntpRIRWsn`pe6%?gEo zoMu%b3{HR&;U6(H>(qO}T3EhmSg9A9X&ROaaE@t6GQcvr^%m6YK>)lUjCx#JEWmtH zy;$0nOWL2!>#|5KmPWG+wE3fEMbDf&YW6b%@<#p4RhKd92LmWq)V!*&JW=z?>T^Ub zrmQ)mhU`!u>#C(en-$vo1Zwg@gU?JW7xYYLF=lD@8^0?*v-kHfWo8;g6_4iqpchl; zpQIuanq7HUpPF%hpc1tQs6<)gL?x;PP>Dh%%9aRJqELz27z354-BD19+C_p&)D8kv zqW0irD^aaK!|Sh*#{cYJ1;fHFS}a)DrRzvx2H zO~PHs%o%M!xrwkNPP@?tfXBv13SNBc$du{+MEZ#ANRJ67iG`_dWQcQygt!`Gnvb(c zq%khppZpJuJO=3cdIh^Pwm3Gv)*2VvJ^iK8$CC?4Yrq4H`Jy6SpZVL2lqD-B-SMur z!JW^pv~SJG^#j`>o_oj#5Af9(@JlWI&$mwG4Z1U6p;?cM9=|8^C-l)A% z{8(SX6KKCdd~-xiI~`aP9m9My>j9t_W?Xtcu6SMojF0DK^Y`OFFUKz-EZgVR7r*~J zn5|03_2e3?tDnwmCHJi5V;M(n1dz=^m%rGJIdEo7N)(-N@w}VQo5wcsOS%uso%nqK|NogiYbazccToT1%{)AeT=3XXkAw7YeFVbe96G zCubSW-ly=J#&u|Tu}9T6=dur?oRY!?r(^Mkd2wIx2ZzYe5LF+rDBv2fC}2A(EDG2? z92N!Kf94b`jA2ngzX7jU6mTfaFZRe{Q9#QiFN?Kx#9(GXYrvv_8-PUtds$$yD4>&i zc*;)6K>kQip2Mv%zw>Ns#QOhk<4H0rb6O3sG2U(cf4l zNOk`FTYNs!Ek9`e%Z>{)UhikU<{yj2p9E}g)XO#@!=5#%=$;1uBzS9{GzfuN=u3Gq zW|MEE{DVH-(AL5mU~DjqiOFAVfh~dG@rNi<(G;m9ty!Ht@S21!fH*T|G|z_n-iND) zQcv{SShm79V!$U@vDr_Ut9Sm|PAwyspA?`x%E8#E@m!2-Ct%phy>TPXzCC609J!g=1EyryB*|x{ZfME(R;Bxd#2Fvg$zys3$2}YFjy~|N>w0z*lZ4ym!O%Fs zn;060p>YjhXk0rg42|m^4nyPipE<=i8w`!Z(6|=B&^QBT42{FkxZUwFG;aG@42=We z!q7Mjjq@2AC+LJp)mXC?zo&)2Sh>cp`<=|TBD(4y&!2zo8`gERLI2N+{`!%fIIsOl zMjQC0)SkE2#a7nS!$%)WCiW!(#~ORj`ykNFj{h)Dm=d()KF(fA(~D}XjWc(%`Y$L% zb2ejY+PRZu(3ti(vqlYq@@FFqfbhn=d74~srb-hKf1`( zx3k}3$91FyYqM~;-d?(fCvIaZA||xEePEwK{X`I?8@0nixvn>HwAF~T!ezEzK+1nL z;LX@(j4}*m@-deP3yIxSG^_!j1;^5=VPVs7n7qkiGpv!?P-?6Jc)>9%>VPY4HCNYw z(PvhITm-p@2NIEs?7@rRBH>cx{KnGtwCyw+z9%&e16MI{^#uj4c9j718o1i&UDdnP zG@H#ssOz4+&Oe@ELsKVA{e$1N2VS@_Lw?s7kzI^S+H#v1*@}^^rk6YS`D%-Nthh>~ z21wBrjv8ryI!*kGDeNIsQ?4XoMapMoPL(eD)Mp`&i>S5mR${+f@cRdylf zgr%M2i#CYHukL0H6@$eI0Ybz4(rpZMwM1u7=Z#TberE@c=7M}3;{?ISqsvaASsf3W zhswMl{H3@o2j9tYSz7WslU()#_Lt){VHg`DZT#R6 zwceR1Q~ya3;Ym4d zX7tzJ-@P5ZeKmUX`)~j8_Ej?SG)FDWr6S_hs5h?N$sGv`JV00K_m6MizWju~{?Ao3<;DpA`0=;fpC5kyx-|~6 zTHT9OP_l~tmWs^EO<8iXsZVD_(e-7q_YvB~#((g;T~V?6hS4g#b;@!RsqPY2I@yo( z*BQXu6T-Duo#x70LsxRRhmj45;{7pz^1c(JCAbuP!7|$FPUst-y`MSlW7PI6>i#3k z*2W2a$L+KySA1#buqB3LKvKmP^oo)!X9c~bDKD}<0qJ?hj?!B)Op&z$tR087atwW_26Nz8e%C zVFr&<3|YdW?hYz{cIGe)NyVRU0?_~nx?1f5K*V3TWoRVp1MdjcSrcIh{J;<9m1~=# zW<3`)fkevsMadruDsJeQ3R-mJ!>r&0S=?RD)B7LQ5?n1Mpg`2X;y_bgD8chQ7^{Ji z0SQtMT0034svZ(QAj!hr?+2wmy*=zvQm3XA?j+0;oCK zadsw!fQ)M=sMg8|MhU$-3ZBsq0K`_vZ3t+dt!_*~v#WWv0dCVN&E|FO+eyKnfByJL z(>d%?vC8PMp>&hp>V}8D;esWxDumbu7K_lA&;|fS6x+Zdr)C>0Gi{%g*>imBG*+A`WozF!58{GinrZ>Hx=GgLsD@1 zHx-JvW^l=fu|%cvu9lAH(IcPWoKfNq_p? zDF<~>>H_;v%62%cZ0lw19lpEci_h^_L#SxI*2ej(46gSoUhKUI(X@ zcf@ADtDOYJUesBvL_Bhsl})u!4DG6DSM^0}f_7E3tD;>M?WzgdRne|$K`z==jX2S+ zx(2kXMl2trUDYF@4WM1s7SOJG01D8qssXgC27C$as@u5Gu6iiDD(EpXSA53j#ZG6B zpZuQsEUsay=92P45mxjst!GizM@#@`4tz8nzc+9LI+bvN?4^{?W&~10=hPR177LGy zV4X?`sw1>~);)0Eg5A}UXM`ku68nwryprXj9i_Y&v&lD7{z0E^=y;H;+*ONn(BKXv z>{*F!gXoO*mt%~p*~NfCVjR|y{L8bm?I$9Y1^!-wS78< z?ei>yn(7{Vr8eoagEF>Y(%!Ch7-CnO;TWiO+U-qO7!(2a07Zb1)D9v7SiWNQcu1WN zrY;22>z)+@3zjgL)?$0QhP67noT#1@+MOipQ&b8%W{+{{)XklRyYr>*&Nvu0n~}*u z>uJ{nT+j3Tn&&J9NJ-&H$=R5uPicF{$zDX*oyL+&b*qQ~2DvzFa(nJTAG^y@dm+h< zti;Bkz6lsTrhmsuRGlhSes1s1*$#v5k13ZHr1c;#asSHI3jUpv%;1jOhrz>hMRbC$>DQ{ovjbZshDd?@@ z+U}EUK%p3gVl7S-iX&$yC=>$#g<>$EP~1ji^il;1#cRMDVh7^izF~!8i-&Wzpaqrk zTJXC=8@SXi9ut<&1^qb{R8DygTyER!T`Q@3klkg+M~BL-ag?sD zcfPAseLQhUPEz#IMA!|MiDoA)4|h!LM2z9+vXzP>P1<7xQ;g(SG$&7hCdIpW;1@$l z1>;#z6mp)XRLa0NoTc9IqVKpk53g;Y5SvjxR{^)K1wn^yzh8Y(pGl++;iXN=!nMWL zvM)hX9jGtYaRn|`G=-gYd^wq=;EJal9CSDYRdECk3Q97D28C8YgTe+bG$?4{bc8K5 zC~N^56nqkj1_d-Ipg{o*3cg56PU-L-vq52%qYi2oV6%;KHe(P|LDI86-!O`(0~X6& zA?Uy6RN{&S@V!f#&IMCXm%LE)5x_u#D$69#`NOqf3zpLf{U}qC6KL_^9?J?(rc6mm z?pV$&ig^ujCy@*_dTS{>6VQn51XpeAd5gIC#(rRDb%lw?1O z{ON{s^@-(FK1oG^RqX~?FEKAZ$j^e$!(}(vY6Ue(-+583SX}G$OHyF{r2&>n(yy$T zKmMqT6U1~|<#a(UY9$P(LJ1B@upgeT`jrUjnuE9dkaStzQ4g%h_=Ak^m`rApTnd`e zLNSuxmIEYoIqZRbD(x!f4S2d&96C+{gK2n*2sJO!7rF=N3*EqlzECZkj-42Np<95y zP@jaNFBE;D=nD;k1%08%et3`B7b;c80B#r?t64qdj{;Hy+-6us#f%lT+vppWl1wP9 zs(!e@@D_>=UQkk*JL}sm`-1258NH$l26C7Oi-ON;3TzrF4CM2TEPyd)c%-5 zZkoF3S$un@AxrR*Of1~sFLg(+U1@e{AU36x<@_$bZL%cl<6{Z7#=jg6^T5SDD<)SA zur{HtTi{B7(L-jR74ov~H=vs~7$cOS)(uaoSOAPmKxQ6J1hN_#y5Ts?jRc&$-8}|p z$l;?JEUaUpiLpr`4Y4I8B_f@gKjA4J2+-PRg)}Qfmdw#GVOmsUE!*6FWyQUA;Vp5S z1PWSC>5K}JUt*(MpQFQt0&H}<1Z;G>4cO=w8{PJ%G3n!0JRS$=sdu@1p^Aj2An7qN6t=ACr3w^^*MK*~4#dBG!wSU~ z4`ZX-PQY4B8@R9*lNL^=P6gIt+5)V_eN~83T$*6%=eCsZn4p=2~JX@$40kFcsmF-x-~zJjc#qV0&H}Pjc(20z(%pr zEjGH1=a^ulTfdZIqg(WaZUOp2H*ldZR12qLCq`fB7N9TGC!y#IMPDfTLW5vIU+A$P z-edNK9#NxPA|_N_+SP9l7Zr|ucd_p-_T2?Oe(1lidGa~go&}&o23TNGU*CQ*p-l zH;qXjhvV_MMo+!}9k#&Lf%CS(7PvYXeEVPv+_1!A3)~Js5ug+6(VWCn7XfU2`B503 zu?4Ok5jGj!rVv};1|kc0rw0nL1#U0=*aCM2*a8;>*zLP$&ii z3dLMFZ767;9}2N>^U1>W60P7$m0mr#-6igvashY z_MC+fg*|86;HCDQEqF#vhHguQhM86vZ)r|brEfxGAD?CMU4Y-ja^{9l#}`ygDbXr^ zr#I_TP&%u#TR|PmuTd zlz6A0wbN|qZ7t?SrSl(Pi^+6Kvw3cIje1544?YDWhHmgNEU3w9Tf?m{OYE0ZQb4T% z4wL|n7d*Tx&`Q_@b2*Rz5$?gETY;9qE>O#g2pdHh9F}FRJXk3X&>*a^R6s+n!cqYZ zunI{9SdEkOvdrm>7K-FGM=|a>pgqUNsO@k>&03^sAT#R!IFTJ8~nfiD)@_`e9aD(Epu#e${uLzb;2bu}ne^-29&u?{TZ;6K44RT8%Id25ZzVEPyOv#|^?VYe`c$u%B=EOtyv%jwv^ zwaU_5!3(B1H0jn#sf}FafvSn{RM6Piqub$z@vvl=!(CH!L&p(i7uw~5N1DY4uaOfI z!(>GUA^QbsenT(>Jbus@z{l@sb>5U0V>bCl0A=@rp2Ccd$vjsB=)7<>$)qYAc&MJ9|*$|`t9ujh9;lha!i ziNc6Pky-v$GTH~F1iPCXQry;nK4Oc9GyYIK5RrYj2AJkip7ipln>;yYG|#|XuK{Pd z$hArzDcPS?NQ;sby-7{nV{ev=YE!u3kmOoRo(W3&JLFle`Kr;+r(-yK&uxC~${6>g zHtBQxGPYpSF6i)Z#I82OF;MHkDq_=XE$E@MQayzz1Sf`ImdupwHM@I$mgNkT*VTHrihqO^9ev@Q@bJK(H9ue8^4Kt$oId_p+ZPV4 z_oCIW6Sz(96}0=HGdciCNpQ=n71!eF{lNn;GNOo#D+X~%(yw1f=+U3lDch1sMGF-{ zG<#fkK;X=ZGK*;&hveTjJCdmzTJl4)87As<;?NE$i?361$>O4D!Qj^Rn0Q`3mx_vm z2Vc`7E4e9C-kFxfh26c3SZ9m9GUXCjgFWb0iRsIzXf9}r@5togV{FnXDL>5B^oq%p zFDR6g+iFTHG`CF&iZDpxlGB>TO^RE%p9Uc6Uy)pm%iaH_s4hK2MXDjG0vngDT}f^aT*ToWjq7`28J<=s1+Si> zfEp$*E`+>^8H^=}+#-2&4TDFrIuvene94{01}u|2*U&2{v;pTp)&^_?!`I-AcH3a_ zHQ0uYui?-O?-az}fQLY0n{uH`q(>7>ZkKxMm0Fulp_}hnZUd`itu-M3?gW>lsx^4v zCH=@xdZk>g!NWw7{x?$6Cn0MMu}r21r%&*HKAd3GC+TYqQSgRdDPe1fD6G zv^b6&^(3K>C9~`s=ACR8j_AS*u?oNr4(}PA|C;l=Cv|9t7ILtQf(c5_BZ*kW z;O77&B?AOM$8)Dy5H3@a(=R{pCfR@qQS^aCBe|7=E1Fh{;FYm=`jB)XoAORlG60*B zGXGdqbOD>HS${ai1)0#8+Wjp_x{m0MmrqjBXv*O=Do{K@{5BUD(0}yeVrye6&y4Lp z5@(xg%te4>Gl)jlVk5qels2rjxi`@~)j;=T@nfj5-^_V|d*Lei&9>eagF#ResqG(7gGb&}L3$Fk0f)d%4#?gQD{T=0Vbk%t| z^&MMt-~pR_pVQC<-H#G*J1$es@4xJE7q_wg$?tAkzmVH-)q(iDc zVQyr3R8em|NM&qo0PKBRbK5%7V4nReSo5^|V8=emIp0>QzS_+=m&r^nt~fd0!`42) zBqU)>5gY)Ngv^RSHIWKUA?;e?e`bSrEfyIppuG+7ng%^ z?N07UfD{E+L@{2-H)lzb5=C-8y-0~tIlW-~WlDu&6GpQ)i6BKfqoVV%8Ot(Syh;9| zL`DD7`A9+LRF)*AZ<2P`$w#T^yz^Nu-y}IJs$ZRd6*Q+r((`)6)nKW}&Pd7rq(U-Y zyh#?nosqJ9`tRk%tBcoX8I`GErD}fqP`{UaAqAOIkz7|&@%eWuc_mW%j!sy?nq@g- zY5nv}sZzdq`7*7KiM&{@MNJKnk}CN!=Tk0UHpE=W#q?~KxWyJJmzU=vz5M;`(BFT3 z{uP~!Dvm$%bdrHpcRFRA*QZtcu=igODmQ#7ro`|QzdnQYo)=!ZvYhES!jbMeM z;+p5xyk$e@$=`3keZ3)S_9nTIil|CnWK5PhdAtymWRKT*B^4F&EJ;@Q{@UPsN6VZ) z&S|0K`S<$C<_Yy!(l?1zf)&%A;Zt6;^vM7HKmXhRx~Sjy&;R^OGsIv1`~SI^Qz^-m zZs5CZ-s>8EDtJ{ckN(EQ+ZUVpB}u!SEzQjjWnKxAKP}r?lE{?T!+u?{&8+^dx)aOA zUk=og|0emr|L-hG79?j`!_C`2@{$&BZ$AC`>NcIxIca}Pl2Y)pX6vglnsJt&Wd&W& z)R55$sdDv1)%IVLq^R6I5Is?7-(NZ?|Q7E*(f96X*Tspcse&u2xRrATnjhdpxFy8n0Leqnf~wK ziM0Tj-jcqWj~xW_g5;IvJBCBuKF06GHN^5Di>k9*?-SZ`z33d(JzIDfWPD!!%_c{6XHzpMq zkNxjwy+2&sZ@HHGaR0G<0mufdPEy{mVu0Jg?8b5=7DI9=mkj`J__( zh6vSYO1B+n3bYv7rI?dnKMS%TtQ{lp_)n7=!svQ1mD;ff=^$yV|9)&V%@G9YO?WwdEYJ!sOt7BUYTWx@rJz#kCHVv*&BGD5a8Emhja{&kauXXNJ9*M$bW1)KCH+Fd zE`Yv-BgvLTJ183_2BBoS*r}dxGP7&Wt zKQ@Z>!>p5LbG%%A+t0hck#i`z?u%%?g@*&!&oU#5hQzW=-3~RpphWgvg&vsa-Y)Ptdh_QXWBXXbLO~z$$7?}}>dQ0hdW+xHVgk)v zGG6=hY#fu+dc_oz6b^~nG>s8b)|1tIPWqHOfGA8Q6EtgzVhmGNs1R?{Iv=-vOk|6^AO=S5wHO@v^1Iz?uD3M=v2em|>Mew~ zE@m{R=H0M4wBEL`2@nf@3*qNEXHxcN>2{9|pD4s(uzWIn{sz>AFcv{2QE4Q`^uyY( z59(N2-ZselHXtVcge*h@S`l&=>~>|+3Wl(R!4_<9hXgM8tid8Dumy*&(1PW+7=#VV zDA&-d@dlvFY7NwrwF)d&Bu<;h;?k<2Vv+E)=i@A{uUF+kLFJYDHo1K)(qY4twCFEL z106&RpUwke%7emf_>$Ey+lOzP;i`7gKlZ~roeV=JscE=A}VbfcfOuFCSCfr+cWG-VmZ!9JIy{{i_;-hyKN0BZvMqgJDDWa_`z}%ozRS zRYRg?I!M|1>8X3r;)>+uj9jgMYp|RzyOM1DxsAM~*~aFPii?`(w!fU6pP!$FZUB?5 z8?tzB1=Eh*G)7q=eYg43&VknrHRlCWTx^Z?W$QP;i56s9Di7=Z>2FjDWmRKXcV(jQYU<$`v)QDlAXbyt4WnQHv>S z&Zr?f)W^DNY0zec4nBdJe9+)C)5-+{(^-sJn#0EL%g-GAJxrOI22sVMc|YjI)cYr? z$dqR9ysJ;`xZhBT+5=RgtZ||e)d8qPp%P_F1S(OeL~V?LO4RNss6_1|K_zMj0V+{@ z@Vu3%&Y$7+S4iuB_OF6rVHYhHEbQ_;3%jh`{{H#vQxrget6|)7G1~C;NV8vbA?POI zE@bA6HlW-@*b%4QXam4w<0AzxzVu|u^nW6KM0TXd1e3(VR5vojIYUBRjWNx~StQaJ zm+Vje2Sy$PbbY;o-5XmR8(-^;i|wEO(&*#K1*A3L0mgh*k*-htZBELP71REBSKHvu zCs*2+cI4)P?GVpBFDmk^fi^O}p_e;&+M zrQ>FDE!Ndf=Z%tk*7327qqYLb=Ag@8?8Y29GbSa9PPus6&FAgo8-msKMr+h9acb*J zMVl=nd-^bH51fwQL%J>wDixybvFJ~KGC;qeZHk1nm)hYT*0XCDf zjAkEF_)X(FG`u*V>YH=f2T{&Q;eyk#ctcg(7yQ8?GBiZh2P_J>1}qBLjS7nb_78_e z0r#Id#R_9s6wq(LD;5PD3-hx*vRD+*GRezgZ5=U~8PFQADBuQQQNTeKSS$+Yq#mBK zQ!5pPUQF2Z z3n~9WAHUPi!W&?0FpP=GUu=Obf#30mC{ocDsU)3QodfWigf4(MGhsB(#{1rftB2A| z^u}1W!Z%{TCs?uB595A{loyJyf(l*f04ux+{A*-v!K6vG^pAG6)Y0t$NmD@;vfk&z zdbJPucCDv5^O&%HU)|B`MqIdUwymF0OHxUjtUj?Uc>T5(6Z`X5`qaRIVLXj+YU4#* z=??zm2m)5RSedPBRq5+msn`aMiEgw2u0Au!n*2@*0d|Qaow{(IcQ5a0w*0E{zUPE7 zjBvvUw`UOHwh>A4k*V*r(~8C=35b6&5!3#zYY!S`o2N`kDC7Gk)1fN{Ygd} z_@&gIx7Nj0HqgUIf0az^O9GBH_MY}ZpqU;2VVp80Xvuw?y^^LE^;jEc?)&P$pb*XZ zoT-hMuh&1=#Z?Y}Z0-ap_SJc}Q=XFclX@Dh3EH^z z$~izid-}x#R!Evwg5KV<^2g`fKdE37i?XF9QL{)(2iQiRlswN_G5u8Yp~Zf5k*jZK zzr~L0NDJ0w;c&gZbPZ43##BU1X@C2`A%psfAV@cAhlO%oZ{p~x5ov|XY`uV#|7yXT zvCSA|7|P^hE)ft^uP@ ztOU6TauE+CA{W_%XTe3nrO5e>r5kA5X*GOLY8nQvV&LjC3S8|g0q8Ywwb#3J$s#hJmZF@PMP{Uzv~XXaASu2t~DaN7?-r=HZiglBU?=`_wMu67I|NDl}HVc zqAwgZ(*AUs_!m>yL#U=)Ny3Vh&&!-DUG%Mqyr4}c!%9O(-Po_BV#)nAA5W|7Ld*$E zJIN<)5RG5m%@`^MixUEbhWVx280cz=&Y;d4qrCji4jjz|`8vi4f{#a^okFuZ9yAg2 zT9{Vhc$68;b6ErCxpbq#JeU6AFwbTGnNtj!$2=FzbLjx^{=qz#(a~d`3+B0KsK7jz zxGo=)GZyn)MmH9B{Jiti5r)=xq=5KKaaj(&ljE|q<8>G$7#bbHb&a`!69nB zH&Left0qS#-iUR-#r)dQzLO%`FE8vm;>L&E9r8$eQ9E?>^cSK(6{Jw`VDyt@Sx13LCa@|-`=Z2PTE7WTG%;JoVzXP&mqw)wtZ zp)Hoyv4EpkrT{j0oqB=dYAj?2r-%RgSfZvMTzyxjix^&hYPxcu$K)$7Zv zt5?5W{a!zJ^~bCKc=aN=^fX5;R8kS~;&L#q-N_vZ1eMe3U3Ag@J2-25%G6%w_WPS} zFb%SPxlQNYc>S;6-+sORn|Xk~)bDR!zI^%tef^)SXv&Qd{{HQ+w?E$g_<3s_WVN~% zsi0&P{Vf%lmz%QWbW@+sh@$JuV(%k#i;aKhce|ou{SBj4c$<{vHd5Usu5`K|>8~?@ zcPE5vuR6_@w}!sta1SFJ62*sO0OfrrMoVxh_=07$)15FhK6^iN+Q+EfS=7TvmYt0g zhK}27Pp8Cdgr+El@cH$wllIRmov>>%##6qb5p)6M_>!XFiuCg6 zr^hT4a6=qEzY)(G&%pqshDq!x7vrIBq6`@?J_?f38!8yjG=haA4Skp0E)fTq|AZAJ zXaDXjUoy)msx`4E(?k=9O!kqGml8 zG=W6Q`bEhf3M#(S2^F;H$%k3N39`7moTvBS>Lqx$lz;+J1B(Mqd7%W)^I)t7Mg}BE zJ!tJDK&X01{D3Ii)8cX~Uk2br`sF^7=9AB?xE~Lr;oJH|X8e-7zMf40*$ANKXvf)^ z6aq47oS<4OBN!$0>L_?d-vSU@A-5r*eYU$SZ3I41GE5R7aW#ySn9c>m=fgde-hBjSWo9=qeYB@Qybwq4EANQS zepfpQii4=LSc!P#Fe{sCp%~g#(XQ%?)&%XUXjetMD%w>Ow5y_B)q-5Ks~T~lU3Cp; zSB+RcM!Tvh^#By0T~z~UR}J_Q+Eur4pm#OsGY3AJj^7)&0i8;?K=x9~=W_z7p>ygBL5qdQMX*jK z1l18*KIoCNwHp4Mc>$Kb3t}rM9>;Z}ZA*mfj1h9O?>hX{|9ZX#a zrq?|w1{N$~G_A$jnPXLC={;&Z-^a;fBS|NiY*?_*@6~S${WG& z4sGCu%gv*R@z%03W{)KHTYExSUJ3eRCa9e89Jt)J*}GO!_b9u|j*pI&TjMBQTkm{V zsrq>0kesCGqlvH^EfdX7S|0D1*ohe9(Pb+YN1C+93Z@vz-_e{r0-6->;(=cbB^8Wk zK~cymO{tWDZ#YZ6;aT5taUNdVKp{4#yix(Tt_4AdZoglDQJ+bq4&kM3%EFDs*0L`_ zQy-{LH*p0n)-;8kb$mIQrQnLE92|5w232tc4hl*#h6aUBK!d^tE;J};;dF#8G$?EV z8WemIiUtKVD4;1tU9jNNM@~1SQ$GB7gkO zx%$9zDj%hyz^Zm5te2>YxALRlRk-X1TdklW=_@bl6^m<~eo6|gzcj)!N&1-;)vs?& zae|m`tDG*VMXiMKR4BnA3HIaD)w~iRT@`q{k4cy19reJ9j6cZuj>&W`$+e&vEfgd9 zZ8<_hm%|>|r_!!s-iW7r#i8RQFqnp?h)`9DzR*2DU+4xd^o45SbnL|F3*7?rh595E zeWBWNP6Cf37=v?Mkyt1Fyw=WT^L&Krhy#If9Y$du)AvU@VL>BH&4-{gf+d=rT z(d`Pb(JctDr^apdd-g<=4pPz(kXio0lxUaCN$cnx?%>_Gh6H>^->@h~>J z?FFpGw1Eq2F=^p+>QrDYrY*o)Og;(4T1;4r32QM0!Gg7zj{Wc+b1f!pbc>B{gUvd= zoJ?$V+XvX_wja=-uz?E=3R*ZFVG9ikTYv@ypM;`80SyXhP(Xu%FOrf|I=shhP{2mF zp-!FUuE0jO!F=!7=oTB@n&2cgdTex?gtvoWqg(Ui*yz?)E5Js#*yz>_4r~+~-D0EL zc#a7+y7fybHo8S$=oX+abORUqLbY%@c4G8}ZUOp2eG-bkQ1peOFEj`i^o1V#;XP(w z=n*x#C1Og|wO#%8a8cpdcNhEaV&7fhz!(~OT*Pt2YByKZM%KCxzLP%xFFy+7Gq%9h zBf=)5+Z198+(2aE?({$*w!j^PA6wwA09)XK0K0v8#%dod?uu78_PN#weR%zM-tkUF@P^{8~RhqC$ zQxGgzrRmrY?=e?t!WOvL0yo&K~%+z>VjaU<+Kolwu29^o4E#`a(Bwp)XVmr(-8ZU+5N~ zFVrWY=nF+(DEdN!U_oE#u^--J_Jtl%3ta3ui#=!KYYZ7%0C^mt+Sqf}OcwT>#h$Ye zqOj*|7d+RVvjxwn$G*<*86{f9@API} z3QFgV*UT)=`rT=zU|cZ01Z#=Wq%y5gUgt#0anIFLI@?F0MrempAzpB zv~ik^y{$!6)H?qGwwO$3G^=v6Yt%DZcc7a+}MA#_8;IJ%f<-tmEfCgcOr2-mq6_yHUfK^B; zz-pYV$}*>OS}2k?9L2cjfc6|4qqf5lHEWUbQKl;QH61(S6x_-ZK2+Jl=GgJ)BS;yD$>$oIS&Bj{v8Q~%kC z76%s8COI7XdZCEHuo{|%^@j(?BsdWRlk|YX$SK*S6fb$sr;oR#pd`EIg;attgX`4m zIn2o&%^^nq7J^2T&xuMKrx%qHp1NTb$?6itYS~YH+z@d%8#xq(&9Sx$8g^)@G9V1s zF$j0yBHBdMTF3i3>uOM{nv?puW*u0wck&?L=R_)&{x#?6{jK8S&^coh3G+WX5R%v*{E`U8;GtO7neA2q zOt#@m?QZ(?E{?^t;Be&Mm7wpKyg%?>Oi4Op#qahbG-xDYcQSJWw?eo(dWpdvrV8FdmkSbGRFdzSBuW*@bqw;E`tW!E5Bi#4uTr zLCAhan%@`<0goT_1@Q4ZTAerL#e_}25J1_zprv$qj?7AdM!B1MXpu) zNXh=BLRyrh7))y79(%J~RGY#Lha}fp@=Q?D-yzR(%~y?nJ{-f@dusD*SH^fCwaJj< zm$3ztc0q@SBX+eJj)7VSRuP+CYe5g4m+CP@As0(W9?e)4xc9T$EBeBF;o*TnYkoez<*{KhIsNr#V_!J5-iubh zUf?#pSJ3W*&gcLnCBZGPR$Pmx_XiKa$cQ2`t{B86Nk4xcp+|q(q-;wj6)jW*(d=>E z0f93s$}FaB9Fl+A>`11*(~=*W%`nlV6Nh$4S$v(6OBNSJ3kJ8g$HepUN-8Q29(+xU ztmLLld1qP@7k2kNVx2Aa%8W~34fdd0C8jT5qD8e9#OHOMWHz{u6ej0(Oe?@XNE_eT@qQ3MD6{*Ig3T#}qmaDl?1X|YN z`B^H_R1<)tWP~8O)<<#E?Cv-YvBd;nUm#r7j^g0*eoR7KXbvEv@hezt(elX>)_P~I zbHV^V^{_%?O+!p#O(cq0Ipc~KXuIsEJv%~kbS=3(a1n=hG_LQ7Wq3NF6uf?l0&18% zyAbj=W-yi@a*O2AHH;p~>QK1R@g;W}Td+*>T*IKC&=#BnSzE9T3}1sc+HHfy*I*kq zzJ^0Dyi*W=3myWAZOVl%kseJjxn1h1S88oKg>JrQxect6wbp?AyBA!Ns@C9vmkc96 z8I*Fh1`iWShTllZkc6x?#4?!yoIb((`EY{Kkfg6QM8O*drG%{^mJ{WiFt&zxrsA4T zwuV^dGKkR~mptr5ZR?9eiERm}aa#l4=%{grCKNU94%qHw_k-V4D=lmM`WscoXmK1l z>PbR>mCUkln0K;WIHC(L#3}$gIJ{?c{;T45kLu74%PFK~x)U8qZ2n3?r%bANk|7i= zh`!C~nAF5m-+AR(j)NMD6D{rz?NN>^{D95LG#X;=>0|w5EaYGp1rwB0{D`Y|1-H$p~yp%KUv% z(*yLRi>-~RJTtcYNStk| zF&6=j%^(_Gi;eg?QrfWA_S)o!PD_kSJ3z75J4wk1VsC6B&L%~&jHc*;#i}l3IirGN zCfpu8=^HsqA7e>b+aW8ylK>BFj^+>m9|Y5DmURpmwSQJBUxpIAohT|ku!6~1w;8}l zu}+rlB|<(HX;b87u`i(Y4cIxDR76!QRqI3oq7fmZgvulqWg5NcTMY4~y zpl$3Hl+CRq|IR2nH)5*h#M_h7v88r?S}aqllEu~ff6b>kZDc zVQyr3R8em|NM&qo0PKBRbK5%7V4nReSo5^|U?1mlGFz$oYB%FtCUbIe#mSk6t$lz= zNWz#RH~=Wev$g+yi=<@TNT2}%6eM@Qq#~2(1_(6z-jkeCb)Jgsx2qWu>f(XS^Jkvn z^78WX^{ZFSzn7PnyZ>IkzPx<){MF_2m%qP$@%+WhXP3`kUcUJ2v*gk@Aze^OMZ~kq z!MJuOcO*cHf-9mJFXWrEBuR-PIiFsnM5&x!F#cOgg<=y%vp0z#MLMIR^RXGrGFrSz z{-Q)h|I+zLLFQDJB&BbXcGt-Vsp!1(SuWosIV-APoqrWHr$o~8dc@UWsmRVq$^N85 zGG4q%7B9|7Sw8;v^5W&itFw&CRIpMtKYgg*OTLhTOsPn&DyjJVJC(c=DSbyLtYFQu zoUycidZtt<-~9GlS|1a6v0RIq8X_fC^0%B%x%{mm=0Yx}XS>8Lwn(|WJQwNZ>$5|D z|MmG-bYA8}QTbacGU<~MXwUzP=fA)F{l(7tfA!awFY)}30h>pLl#KpTw5b0lFYf+_ ztata~`7KrC`Pm&SvNye_v6)|zw9DDj-271Hl_2@!vYjP~OnE)**A?5$>ffqc zv0VJ+KrQ)ilK=bv&XQz7a+WpRy!|6DY4P^@)1NPI(ixqT_QxbC1utv1z8a$$XZcxH z(Dh6W8J&oqJO7{`xP^@))ANLZ_BHgb#~PZAG6J4vQ;&qFbK`_SR)5O1aMKN%z0iVrN34+P z{|=s53xMe@>8ttJK`<{!UTMB#IMnT9{PtfoRerV+5rRB)K4ZXT#L_>0@5mD_QhM`H zq#tRq+`zl5+`e1io6|-jU&D;%bAPO~mUg?oFmT#EU$U8C*Rbtdx18sc6nlT4lV5*l zQgQLn|8Cck)UebUzV@)WVe=8Rfz-jfInMMEQIb^+hao#mDEBlX~sG>U+855&X-+N!W30ftoB;6Az`Zv;!w7G_! zYg2z&ro2$J=wv7$er>oOXp!=a71L1T_sd8_$JQJez<1uiTm;Ya`s^z~6rJv|OXrrT^({ZLii=kbLIr;UoAPd6UF#?bOIGG`gt_M@89ea=tlD7Kq$41i}L6F|W zcSCcUD&ENgt?v^rlz5i7TDy3eMPax7f9B~VGv{TsF1uH2xu@SP9M?FTjsaUX-zD-kJ?dzUyYP2F^O4WB-|0(Sh z@!j-eqgX#&iG_>u09@uf34RfJGsFWfzc73Pdf^4M#v3^#@Pf0vdMqwBhsm3+lrh}_ zzzfXw@&d04Xr-;@s#!O~10c~FxkwAhMUabZ0CJH>G)H4qZ>2sI^^i#;lSU@Jf+xYG zQPe{&;*Uh+B75*8xQHou7)*>|QeEN1;IRSTcVmEY3*HzMB;>e-Fq}dkgd7sH-YOj$ zvmsD9Bzj2batlBPZR0+K1T(h~-U$W?Zyt*lP{8vz#DE=mM}L7DZ~=m)H^=FVcI^(F z22TWVY4n9sgK;FVJ<=Ooy*WZ(&~OX-K>ghatlL0W~(q%hk92yz3h|hobAgh~`^(I56I0R62iNCib40S7V*J?8P&Y6RCa( zQpje^A1oZ}sWJU5GoolnEX&mGP{RvKWZzZjfqCxj0-vKde-1LXZ`QHQ{@*25x0AOD z1$51FSawJKWxS`S^e)?+{Q64ochU7rh5GnG=zIOyG5sSH^ge&M5|pUEJhQI1_-!pF z(99*{wLj0sF-fggOfgB}kf=@57$IdnSl_t@}>LL3ImC&TA&KwSu95mXYDMq*4q zto{0+j-};ogS>A8V&YH8LNuTiA$P%US0=4s2um1j!S;4Y;DXN@EOG){aQF%>SbmE^ z*r1GZ4ZRv~0J^N!Ks{Qkz+y$>w0SHptr{v82~T@E&f@xdRUQ;nUa4=Bn};GDHcUy2 z{(>~nLB#Os+!LleDBOlGSq-y&__i6YY8U;nAKvL?7&1vs!|gNuQc%pri-P+QeQ%5& z8Ae<3%V7G_?`*xfOaHFU#HD`|WY!u~h6rTD@)vhul-xX`0vf1JCd3nFe1eNihYJ}6 znwQ{Hd9pF6AahX&)FVrbW0gJz8h%cOr(oFl=;(pw85_e4*d$}8Pg|H_o=QD}(JajVhB%g!^XxAK_tQ-?(j_GP9TM>R=ou$)wbBn1--p=yP7*+k>jY*r}z z<20)hVQ>PJ2>*zoS*P9$*23~l!%Dr-Ow+JbfOAYkk^z>{t+$|F4+7u?VbtT&Vgcrp z>c!H&T+-oeUYA8`u{4@ppv@mOD|+VKQL~>BkT>dQuDXm-KNvu{qUKeF<%ybCR-Yqk zF=fpeHDrhSSXV6#+N{vQCs30Q8hmD2xnN*Ai!n=c*!X?l9g{mK8p$YX%6uUD{pV~beLT5^gz#LE@(%Cpx%wr$CFJhfSfMo-X=f8FCKjxpW)-{?2XzR z#gFwBJb~^T#5YIOw9|n#(J{;y87w7QF6~ZK9+IRRsh)?boq={ppY9j*9+pnfk39r?PKQoCl?(8ag4udmwtS zM#1JWq8o9^d9J!#$Ne!0=p#fQA^HgSNZ1r!{5$hbs_ZB_XJILHEvMFE}E z!&7!j2J%OG@*HlB`ITo|BR2nc8&8sXnbUfJjqz@pAI~3u1&l|gv``m0k?MxhVq>h& zM5^=0-{SL;Zuvo*Uv^xe@p?a-HGf|${v=>~qh7WN8TPD6MfWuL2f;h@q(KPGLSM>@ z37dW)X79(wWsc0Ix~t0*EscM)PdE?|ry> zD9uE#jb$r*BL;ke6`TDq?x#q3p$IFe(3K9b!kfUqM#dIQnp8{wXje-e-5!uM6;vVX zeLAdH`+#rPdYUtj3F~*&Exl^Qg_~yE`Wdw(m9)v~6U&0vZ)-8JKYyi94ICK8(+Hf;KVrU!y z7ly`RXq?Z`I6eh7(6FxW8}$FE>2Ds{iSyc@ zWVC@_O6_@TU2J6oJ$&?6$;7@S;8u%rX{Ycr3za4qCouyTJi~Fp;YP8JeR*+&}op(FsDQQ2cr_q|A zjT^6=1JtvpUp!!iq-iDS%^fR$e7^aU3O2DQTUrt|i?norZS+aW^PCmaPc_->5 z`gZnP?6{7!U|kjt*V{|i@WgFQMZ}c$w+|dLsGkUebfb1yDA)BSj;)?) zF#5?!XH-X2@?_BeIKeNn36cBU>@D)%0@jK3{E-_cd3E z)Bq{^!cimbPp650F@-&ZYRZ))tVsF1%&F2v-bx<^%kS*K(Oi(PW1JxPc=XvRG^^u5 z6EUxaX%&t~nZZ1lHDI1gH!93?=^qaBT=t(i#h`i2bHO~94gl{T%yStXJ?6P!o{NSG z%yWtB@-aDMG0$amV{ymNJ3k#^XnjWth`$t<<={IxE=x;ZZ<5P?!2WWaHVk89q>UdO zqSkv8WtzWga%AF-Sod4ZuO00>DYE_Y!mcB3e8}A)kE9p1Lq|`4A^KB63Iz{FKS`Fg z%o`E3UZ2zx$I9r0RJpp@3TNM7HSgNLpLaZ5%R5u3^uEz0AuXw@7w?)VMMV(@K|8zSurw`? z%I>Fo10Qb(f9KhA9q#z~TgnSX3)RomEQFhOsBM8}IsE#_uUkM2IMB;sBmQj95IUgQ zMdzu=ep7T_=0s8X+mxw)@mpE{DlZ<$JRgYT^78WX^{ZFSzn7Pn+yB0L{qptYi)YVY zT|R&L`|B6aU%Y&F`TX_EzyAI#x%4zgEmTqw@$7OiuHDHU2?UkX>Roiv{yR8pd&<;a z=JxyRZ!itAez{HO-FW?P-`{?{`n!36zSQq;U%q_$0e$^nt7yuN5&rS*Z#O^Q{`h%g z9Ave+7pb6R75yz0nU|ZgDu;J3S?V*L%HRd}0}d&q+~{T$ghRM9_O;h#+}Rb0#}`e+?vG4k6s+M1-b^8r*x)HnV}HhWf_~ zNeTtIOapnqZ6~aEjRM?pAdDtlfD}->1W=EGBk=k4u9No9E1j@wGR9NBp%HWePE@%RYl=X{}-xpMTrxPk@(UT9ef)iwMw>eMmzST?cZYco;q6QWRn({&kp69_> z4U7y(kb2PCNq|uGkoW;nwx`AAR=y0tiS)~TB+VzES#dWWM#H!DiOl#VcYQsZ0J0H4 z&C!mtGbsdQ(l|l2Rz@&N=+#m1jJ^dRwnA=0K>KWcV+xwRtLhDKlg?;XHMMW21%Lec z{V$qUuuH`%qr-;MO?vAa9{Pq0mc*(MVi#B}!can602EQ|0*9QMZLrL+*#>9<#x6K4 z<*?$7UEs7cS{OX#fs^*O=&*#Tt~Wti?lugd*^SzUbC?Y+`+!UX0?0J10GY-SFbxMf z?&kFkQig^`Nt;w}zw6%P{3Lg1E1^oP49(ELO`vGq%ys5^d z;Ph`Q6mQLdOv4h8X`D9GaG=wPLOa?lr~*G)@(gXdwl>}Mn$>c0Xvw#U{?T{R>4O2s z#{C`}CaEVw*z1tXH*vp!6F+=?FlQfj87I-q!u?`ShF#8yuO;xX2wp#i%VnJmxv-Pr z^t)3I>Y&sI_Mw#Ba9G*a%i249cgGhWbULDoZJs+8A8j@m=v78WoUqK=|iwQQqjfoySkX)90W+~v+BGK zPAl(-&3;!q35tWLvsj6ED1(~n9($!W8M1>iwqVlUu5}nxV)b}P zoerih1k>vt6$1;FFq+n4d%DK8I=Y;wffU-EBy&f-JP==M%^DXE-gqKKwjehmFpG!J0+RH9k&mohaNF$%?6oG27W&Q4G$1^^1hU_ha`i^k}s3KWXhfH%Yr#J_#R3dI%==WIa> zD&@7{w}&=x!{z2t#CU628M8+c`>j18EUyIpF%wkIcn(}{+w5H{se6>&WyeRy%B^vf zuB~^zt5khFaY#;5^wC7vjh2aKCoPY6OzcFA@#wOZiX%ck#e4 zhLQ@#v!Ezsm8Mk6z&D(w-teUFxHu25ZJ-dFQ(mcnTi1f1L$}|rzo^e7Qit%;Hf7=3 zVr$u#ps5ekr|Y-^7i*fr&N{xF%u;a0Qw|O~9D}Mj0tW>p8AF3YC!j%L0~Z<;v~W7Y z78(?`01XO02}Oef8Whl=fCdF$BqgVGc#qkju*y*fH4CuWMmd`^h^ZhMSf6hkMbrU{ z<*pF)-xZa(VgY>blBShl>fwqPiv9vHkf6#k$#Z^xE!cwPbV}dLl;i|jJb1ve!jmae zQj%MiGmBzgW86t3Lyg{A3eN;IVmrZA+j`z2E`E8Gf!lM06I=?Oe&JOSPNcN_eu9$h zTaiC}=UjbYIh7AmQD9ZO5!Opo#asDN@G4w(gRNH3ko1)o^@_!{PCq3D)?XT7nI!$p zit5+5rZ_=Nw^dFT)S_0xcq)|OkOcej>1tkykgf{6-N&TM@{YP^MaJ)Ce8*%um*h&& zj24QK{H7csq03

{Dr1F>l1vz2eYu5*SRwQ$(n$L|^D0pf7X-7y3fAa5{Ek^o4E# z`a*pYioQ_vg`zJs2p05(9{b@vW?!gO83VXsY^-L@klzYO4RD)b6%}(e8fI(R`zW$vtRx9kg^S9AJ~E*QvR9xMtzYbda3q%e}tH?jcoI6}4CUDNnu z4!LQXrf2c(nU*ZUOER@^gFn?By>_M9rGeO#QkKc>xO}_!%w80pm47F)^O2qUSH_-RMsPkq3HJ1|#fd$=4nrgM^jZPl z5IYe6_O;#^)&+gA(JdHIC^q0kp*V7OfP$&ii3dLPCMlV&MP`n1bA$B1C?Hg7o zws;sD-Sz_3V%orkwV1SUI&~_r7Sk4BEhe9YVl5`D#e}t(f?&Z~OviqBkGU2THoC<| zx4~u|Urr`Ay6ppOblVSTP}snQ1_dpgj5FLVpg7rKE9eW6-79Xm1lLbm{Yp*{&kUnu%Q(H9y73;IHj z{qP>MFZ75S-4ZdS>dLNud$_1@?7NG7cd_p-@bN=Oj$_|lGg;Vo7yIr)h{C?RUGP-< z?$(;Z+nf=p=Yd|EI@UOw&buC2x%E!9+NI%YsRO+Cr?%ZbU0>-Y4db@;KwqhJed+(QOK`1#Td+aCds35L@65!jCO*SAZ>WL4e)9JY%&FmUj|WvD?=pIDTd9 z_GJX;^OIn=FI$}0?dvc!Vz;jq;0>_@@o!)2jbUBt2V3BR0fk}%P85nGXD28W0|13$ zFrZM}MPu|*1q#J$z#C!*;@`eug<^|`u?21~V3no~Tv(+^3#U`T0;@D_0aj`9Nhnrn z!YWNzr6~v&tkQJshxeGPG+_%|Y=IkW*74MVB!w!jVMd&d^I*aFuCC#lh63*02U z9Ryq8njgm&xVBmWw!p;}xMpx*qu2r$Tj0iXOt1y6UrMnBF8V^Z0DYkwxX>4>h10PU zqc3y|&==~HQ1peOFBE;DL9n1N^wl)$Nm6$ zpHGQ*3fef$#@^PVDr%ko09#C^Gn!So*){4JEj;)Xj2ODXC$OLY z1~^axI9~AZu0Shc6U^m60z|k6hi(O00=qyhDDx3lXjS+M* zp{f7uM2iCpYLgreeZ5e`U|0=J!}`O6V-lQ*fk}EmVdRwTQi_*6=hKIqQc#jz@j@y= zn89`G^&IBpmgW#6e+xmQ$>&6+jnj)t2~XXyiez<(Vzun2K5mFOoQ)ic!sb|81r0m2 zR2dM4>llPPa1m`HYOUjaopm)RRn1BLT(b@=;ov{PXHI_I+|hf#c9hjs^T%Pup8FXs zeio7_CMT>x@uV*NHau#)>z&-o_c@V@rGLwLdUvC^ICRd~M8f=!4umB32frjjF?cAJ zb!NL&0F!O_QoEZzy^CWpEjS$cPbKI(Chrcs7gLhXSTX&=vuHMC#^fD5pLHC1et!QH z3psIdk2?mJR!VK;Di2gmgr|bW#va`cH;jiR;~egWqVIGPQFftSE_kF_eDE4M zF)>V5WDv5SkmffAL%`z)eF1#@j#lSQc`;$rF9c9_FX$=E=!8_c8bRlUn@KE$qo?ie znS;NY7wT*pDkTnW$j4l~_`E1FMFR4&bU5;MJzI5Y*JRiGkRU!=1k6R zP$UW?5=CbDTghl|l@jc>GNibz0e!?44`=+oxF;fedkrwnqde*5Q8#&V!f2j>xn2v- za*=D5K2owjsgM>WDF&08xX0cs7uBY4!y(DFmOK-b^moX!T=P|KLRcigc5(9dkn zBI##h@i`}eT(u|UV92Y`ZLVU8LsLXdsru(XzoIX^7w+#FwC3m2TOJ!Glha>+Hui-> z>%D08>jiGpdj;)2=!_0PQWD(qYQ?p9dUx;ujEpEEW zMWAIJo}Q%=O*H{XN=68hYkd^g&F+rl5L-+D_65RK?I;c|@5dy>h2{Vv8oz?Y7A+qw zVXb%ODklu!Qx7XN)-=Q<)SPlM5klV+LahBDY8$UBl>+tPX`69ba;%u?5Q{&ovAR3T?qTkhKNd!0rQu!VlP-Ors&@jy}{+#zGEuQ7}Qtc_b05 z82lW7q-2EP=XmZk3&Leea{B2T-Xt3^C5qmYXe75%a7EKv5qxLtojxXA$fmrLl#IZp zq|DzJHC@1_YStf4aY3durgnczlCC4V%oSgh(o zmNP0SX2R{kqrQ=|^dXj%wH>nJI|=Z>=4cK9@If%WW?9F8QTu15@?|K&+liv$11p%E zb(;Z<6zgQ!ULxc}kv2tM7W)EP-+-NiNkvq(#Tfe7Mat(LRo=DJ>)k5#(y`8(yFCh& zo`>Z`svm+BvKjLS>pPEt-DB9@HKw0sMidQ+Wlp8+b-@iEUQiV|F8Kp=dH5P{$W{WCEFl- eDS|A2IeUhHfPioi`2PU_0RR81e^+0V#7kd#Dp1U6<9CS)-g+2CW0@`(6@r>dkSDimsIjCw5-m#7G8(zh28L zh-tx;QFMWbQ2P&dr+%B{blNY78j9YzDiEP+?=T zPzO1kDxQh?W5H{Ru^9|6;Yufb7IzkGmkC$l?KF8QO+pzciL$8qA`;=MAbw!#l49Nf z%zlv%k9e!Pjt^ukW0aOLq&cllj8&NtKd9I1QgGH#6XJWPw^9f%O1%v`?p2A`k4t!! z4l(NhW;6PAk(ocq6jXx1>Z)2sH%EWF%!y&7DFW0^^aJL^ji;2M_iB}*OY@|nZi zrtAk6-_E%d%RD}n=FUE)4OcGc%+G(KD^C#G_a59=L}Sx*=51f5acC7CHFKt$9dX1R zdV9;ft~o3i4==bXRWqBVp_tBj&oz9zTb=4Y%YN7F?tDUXf#~w-7}t& zeV?m(%GMxbpc}nUb9m&H(`u4KVojnI{?I)L@ za#8p9_LwchNn_InO@C@WZicSh`BrS<%rLR2>?&(*|K^v9A%>UVnr>&6@*h_lE)`M_ zt|D*c&mxXtG6(v8il0jk3$8Jq0(6)8Bn1@ltTu(uJ?*wwMj{C}vN8-J8otz#BZ(#K z--LbI10SUSwTr5anBXNrRy+VB1%Nin2tBF^qX;1#n@htte$C4!$gY`OHw&O=+O$;4 z8qQ5NqJMX6zW2ED>W36oJ?8zhLcZt2s>~{$&ss(2*5H+%=gPG%U5-xe!eBcih3k;+ z$O4>;_Ab_+D*}df=|)Snr@HQ02T53neui$5r;$9wuu*tQDp2VOnaw^`}t-Bzq-ot{n`JSKe4 z&Dmrn-?8z(6e@3e8McMTQ5gnayGB49Kxn_0ultP--|dqb2jTZy~XYzly@H zSK7TFlM)?TB*N=)7wpi3o4S5FVGzN}Ca#q|$X28ua12w5b_T9Gl?X@X>qo#pUUrhn z_N}nN#J+Q;e~qd}R4pg=iu;}1MF0LQ(Mlo`w=w80>ykmgF#=O{(Fb=dURBiftc*fm zY>=QxHp@@s1h{WdU0z0HpyL5!)+N#iNHp)6D$lZDoxmQ-eoL^EZn!Qu#JXOmL2C=6 zLSsFd7ILVf-h8o9JYO$?n z@cd(qR;1fe@GV03n)i9Q2+wG9Mta5Eu$@|vS*XHZ-47G562GtXt(JP=s28G=?Rz_55+ zq#d+#JPjv}sk&paAl7Z1G)1BWb?0x(-Xi6BQRbaku|0Cc3&xf(I!*$)C}S1<-q|fM z^oG0XgDYSI4~sIdErc}-2FGN*kM|0oir2(p5_Th8_Jvs-9P5DiQV_jBM#@3+s(Bu8j0 znquA9K9{G(NhBh3|}k}iQ1-$r?YXcjh2!u~V= z(RJeu!Zq}gK5qxFzIDlL%Wo85P`xa8-hqFUB)Hmf zk0`3}AxBE3+BF5UY(^t+s1EsV!Jy&l43!ZR6YX)j(OQi#=I_4lTcW!(jK zBWlGSKXp}*x=z&K6Kvs~4r+||?YaZk(keor*0*hg5S%_;T#gLYYlmeL9Y@_|gfRH- zkc(?QRywcir1qiTidZ|WS_1fjLGb^6;6>&olyQDGeR4WolKjP3js z!{^coQzz>MC9o85<=P2nX{qumFYijmCw)T@=cv|LM&~AVF94nVx8gwn>%Pb~xA%xm z+9{-Y;-`M+Q7i;XlLiteZA0LYdz2bz!n}#K7JBGqdNa(rQecTNm+EVIJfZ*O{)?LV zHIuAQ8AVEW3!rfCFDCZ1@GowWYS!H^dS-kE!?e>KaJi%P(IW8akw5ZCv`vUA zA2_BjT)6q+A%l{V7@Skfcosd>_}_h2`cSX+Mpd-awE8qq>$%I8y*+E$V2lKLZ^wqP z?vF@pN_c_~u@S2-Mc*q1xAOhKOT+no6GqF^oonrP1RN6Yz=gQ7baa(FUr!tSMsMjW zX9WWXU)x%}YMmLo*VgEc;y;Uj<0B$74w}04^b8CPg3q23?b|MZ=kIed>zrNM6h7^* za~lCmXpLL&s(L3;x7G(dJw}ptL=Dz%^DoxTA=8UIR?WQz9Qk(7`&z3gRnjjPZtrTX z*x+6B1Iz`&fN|swNFd6yihFcn1{|N(Y_-UApmelS6=dfOVPow=Og~NxUrMAlyGh!a z(^mUUa|L7=(u+I|dZGATvg27}iYnWOR*51!=Lk`OR_H*JM$mG)^zMfSis0S0G-&xt zH+gDzvh=z=?3c(^HEIz|Fi%r2WHcJO{HXf#h$2;T%b}@HP(_NG2d8sg(U)L3!BDA~ z)tFZIH;O>T!Ut5Df?!{9vh}4*Isr|Pqe_pJb!aH9jnD3-t7xHj6OvSI^GTimi9gUl zuG23eV%+L(v3+(q<{4gn2v&GuCSF*Lc&InLV)tv_zi*%M%lHcZm3a`VOR^%U5hId` zEI466SHvJ*bf^za=57}Qr3fRo3@`f$gmf6Sb`LxjAG9U?9}a31p}#^`|8`Fml6?(WE z_wVLhi%uoeur{GbQoLaF>DyZrH^(#&JMStEu{OUahQe5yq0~ixM7(QlcmbiyW_UVT zjqxYZT>D+`T%xetmH13Vw?ZF`xaP`Q-0SxD`NR0`%C+s76rIlY@>r+L3=7`%jZS;; z?@fiLK~2ce5q7E>EK>etWuJ1gHVY;|2?Fx+jh4#p*upw#=oNg0_FDfG-#MFUZbQfB z+YUIR;SmPBl-%m`t7tp&%MfjG>_{luzG_Atw2j@ak0Jjn#p$5mg%spMZfa~Z>@k%!q6fIDC7lMiGA>;ro?d-Ei4Z~ zqGr}%FyvZ>&ahgBb%fZ9sVAi9$Fd}XU#Rnuj%7`JMnu11=LFtTNlM1vQZXg=GcGP- z2BkyWLmkUHKrf~enFS0yB`Eyc=6z;>ZKW6B#daTj8L!XA%zST;rWq+1w-)GG1U65^ zrYd&B3{r6DlvQR){gSl?b1h1eFYM1bUbZT_>lIC~cx}v(3|Tb@&is|_U`X-%T#K#3 zav6+TvPjwDMeyR@`@OzK1Zlj$Xf%>8(}#SY^yZS`l+grc5CM{w)-jB;{P|(RFKQOo zK3#P-oq-RkMj8tiiC0zP+OFf=r(=bELd-F0fYqA)^6jM4UUDn%7bt+$*0GTy?*^k9%Z>^d;=uPx{PD_%xt@Fz7p6g+N=82|T4jXBD z>qG`x4eYtic@q;q4Y^$BZ>%k)mIbh zi-3KqFvs^-j_;;2(+SVt3aI33{(+lf{x046iCkt!!mH}C7&`jaq6M#?lltOWwBI&= zsoAM#H#lc4ztvpdm9ES!G#7CX#0qVKYOc>sxD)jvs0x2*xgAv$whw+X2WUuTXasI- z)L*R*tqPSJsYc3FP$^$aRbnpxu1?~g(q?;Baw*+6wo0fpJ*+*BJ(iMPG$(QDoO2b> zS{qao8@KW!9r_ydge)Z0OrIQb<>k10SRrK{GG_PWuZCsYn^`=GSAaKaU{=kC^SQko zT^k^L9a}8j-$%B?>XF!LsRwAz_tXYl5Ljr;Lu;SJ4I!)$}IU+nyE9nop{xvRfRo)L-b7zKr`vc36uoz5IHbbGB^82Js$}t=Cw|m#U>t{SQqoLzEx-BdCkFUdr^D8Pfz*>Jh859?J9_$-~roJmv@K2OLpko zua-GWe>xT{CN-g@`ncGYd^hugg^OqB>A6A%iCSw-wym@piRcH@E-2CZjnwjCUlmv7 zzhcUdb5Z5p57{8UWX)K!cu44R@Q4}vk5%C;PT>Zv(bcL)OwqJ4luV;S&a{85q z4lb6>2Jg>HJh?UR#w2+x&rf5eilkj4hVQn-Z7p1VLftQ~cdMC>n~u>zAkBMv>?DwA zRWW&_vo2$%Jwpw?vMWRbL-0p4+?}FtGs~}qO;(+C@Cb$jq)$Kan`Nl+EuXE6`(0zo zt8H}v+Ksu17v7(^WC0>r+7Ujs41L+&RK~*Wrsw?L=}_xYL5WiZZ4$w{6FVnX*ENG( z`-#*$bX}8g2$bq}(wiy?`=GpL&V6xi%C?Rv15e3WFTreIGvYriB)<*e4ezMn(TRLS zA|m$M;3UZcH@=9%jksiR{P|OCOZMoDv`rmL%tlG0_eLV2FJ;?)SjWZb~|K7Z%C3QO;5G8|SIf!4J7D1Zu>gJ{ad%1(y4Eds!X z-suzFK@4ul!A;eDW{0AgWx0>%%=I-Jcm?92Z7$NV@20NZ-`c?rOF(f+exIBy`V?oq z3%8(y-%FdXDcQ^Mgy6r7(uxLsT7Mf&XLZ+9!P8^USE{{$m6478a&+J>WTn%~j9qzy zOeoWQROJXfBxKh5Tv-vMZv;jXMYe}l0@nhFK5M!4vS*v)<}IMNZ?z;r=&9TS<|eI- zFOm=yR#pojb%|{oaMrEuto{}}HiVPL+zmu9>}W`2bG0yL1T;OIM2FsacHHNv71Q~w z(tWUDC>iDShu!pl)#Vzgmr`aHuU`3pdxY2**R~$Z${nYO9px7#1c`yy-Q`LhT(InD zvce@!8*-2U1sar7tNJ{Y7poDDhNG1gR~}o9v5|bLP3kAf&889z1R}zFFT1p&98}{P zQRdD5R~Utti`(8TpJnqbF%H0eBrm=jFHKiU4}=`}ipQM#i+!(8;rHCR0&khVGU;-t ziW|hqT$jc6{9>Kh&^w}=KvbNtfqT->+_h8lGU34c?jiKFm^)2nY(d1d4*G>KF=%us z2BvbiNz}zzD9;>;Nz_#3=UYlXbYC$>@0FN1?%4T16JM84WK~lY*L>fqIw-iG^-n2j z(F-O`sCMEZAiIhX6Dv*e_6ioAFAbFi`q-xxR+{qD)e&y$0Oy%%oBnXO1++YUE|W*R z(+ZN0?KrJy@^@RHQ1W+E|4+XqYo)n95aPCA`bS+PHeTiuz9yoR1aI>};8t4?qBcRb zA3_eoGtikT0L7+3PZB*?@%cJ#A-K|S!~Bt@Gh{?6`aRjo0>_j>g4@fN{7FsH>K5d+ z)dAmbOF4xk{iIKH7j-R@66uz7Wio1!EA@!z^CDAPsJCCOlNE&EPH8-~BS(~~V$ig6 zgIN~hCb{7^rSi!^Mt88Q-X7)FgPaS$&OSrjK4T~gs#RgtLci+tUUgYek-e<^46JFB z`1L!jsVw#Bsm{<>w@!S80G-nH4Yv>x%q=J-I3(#)T5|t=294Oz`6Hu$KUh1@q}ghX zkPEGuno4c;DhtQL38eDZrRxO6i}O_PD44U`I_rPB3*N8eBSI_y?B8t!PJjDn(oZ=8 zCsq8Duws(3#DdqY8C%twBan>ZA|cex2k1AFe!Mm;l&$f}%Xst6(1k-c z=UU+vF2$qw>+8Jj#`CXi2eW|<(0f#8hOGv@eo6`WYfho8p5GE81Jn937hG)2autl^ ztnF2Z-@}rLJo8CnCDJF$PcQib;`EbKn)y422+4U5PHj8c7!7IRJJt18eVk!wu?m$y z1K~fM_DDf{(Te9myUarAm(V>* z@m#s!b*pqMx7jP;P`^SyUM#b2`M2330S(pxskfBBdzjNjKvIks6WVeken7+z4QrWV zRBwp(KeVZ*n8@pk6$BJ8{C+Y@%P%G*KDX!Br^qKc@?S_S_Nq7zj7=#%$Qe(B4&4)tp>7XDq!^ zrbhwU@br0xR{$wC0R|ys4z&v?1POxI1qR@j#iRD3o+nuf#>660ZROX8SuC2cqo&cL z1f6*qJjIaDL@}4gv}HRN>|>K z08#o=`oGb@wk0Ay1(+afU<8tS@*&{kW*XwK{ll;fXL3j(s%x59*sx6T#|&;nm(ooL zLT_N#w5m`?=?Ng2-V}-_DtZBge(oh%DGXf%tOR~_G zk7wVWrud9p+lXw=Qo-_$2Z{GuqQP@VV@X^+O5g~SNS3*^+YB!-7t0u%q36( zr7dtAE)LoXd8#?vIX`8pjMlY9I%a~xJnswPba!(xLOr&2a0QER#Lt97?z{AWZh za}b*u{@SPpL&5-@^H^TWZ? zU(vu+lvL!|nL^vVBuLXMmLZ%BVkzS@tj0R?rd2CzA6c){ZJWs{6AndZ@+c4`!O*l& zH@6TH0%Pae{$B?yAL0r&lM=31LldqCLV0<5 z4BC)>KBufOQLLf)`7*jZH-^7x6YT(= zsY0GqDIAh$mIi)D;%?&-`cT?8e)uvn+F@d=M*=*<#N8HskY-e<+nr=msCyG~2KDr# z`DZ?h8sNZ`M#AtAJ&$FcCjSs1Zb7dyts z9emDww+=7pdot{F(r!x)cs?`P)JIZYc5epc*lw=tr~(r?$Zz?lZB>T|EayCyC>WYI z$~D?K^_YJ7-@mOjt%hdWt``}vHIW>0sNaHbIhH3vn|%@3*WFW&tsmkP8!sF)NicVb zcXlmqNlee{0_p4mj(@p+E9}QOP35Gv2B1rs-J~ZbPo#XZX-7cUK_P{=f z>E|!jr@LO97US>%oE8Cpa$%OmMBeZNW|-xtt3p;mQ-GcTxgC3(?AN9qG%=hr1q>_` zz?#UzhdF{;cxI&9)l^H+UGJ4b0lnL^C(KYy)OuIcmbdTclRNXsFYP|Wp%N!|jR+lI z@5tW%%K{+TS0jKPYo3x_&;JMivo`gd!h>cTLI9PV*4y6nT1Lqw#69%#g2)5(@><2n zm7MUsf$A9wuNOJa$<%fMkxV~>CiuFt`g5tm__Nk0$~0zgC2`9^B|A-;cLA~(3; z|43IjD3B!~!G*7*)K2NcNBIib`_&(^*ZX`K23L10V~df?(=H%0xH;%!!q>aYFiRT$ z`SL@eqT6BVZhg1`7=zr@b1O^N)Fb{sG`IqApMEs{6m&EBKd|_G{vTTvuy7*b+=S#j zZ3~zi9wImP4CK@=yKr|6#)0AEhA=Cl1uQ4bjHk3ucmZEgye8dxT~2v*FQPI~*He(t zII7q-X0u9UHiHKR1;=*Up}NEO$I)_QSjy8>3)EjG9T$u9TxWn2<2#_uYz>q__&M3y z6g+wQIfDIP3PnWsdIH7uoisN62(yige@>Pi$ZplVU6UF|j<_n+ z)AO`T2o#1O<_2Pl@;qSS%$qeyNKqkiv?z4uK(f|mh)nhzzglrV29`BAc`DOw zmlJBlgP4^;DX;TGXqch(@utelM7EWA#-S9FAS}dfHlwsq3x)&P2pVW*Qan z%{i~)xg$32&?J7QOxpWQKwSUZR;m~+0>(hyq+K(LQ5~A0jr&|^vlC+pd?>|xHJs1b z-fR55iOei7gGDY7XX5vGT1V(XeT?YTeGRF}R~qIsr>VR@CA-PQ$Z{A--~TuVZE8bl z_rwqen=dAm1QJA75F&M(5+vI4!)c$SC8b=K``IQJw+74*c*)Gom zgC(0GXuHNE-$L8-4;iv0lJu=o0VLKqq#Y6pa;S;e_`xTZMUTQbRMyA#0BqSws7CBRzAJ<5vDG(NF^5oOE%LWJ$* z&D$X~9=@{JAa+m-`O)+Jmz%?>j3oP!qJoeJvJ8Rh?_@tM#M1{FqD8M9Gl@s$HFd5` z>+z{GTz96?=^|@Xokw;GtVXsL@6vz<2GZgKGeI@h@yTmRbmwxiJAG$4lA!tlgLD^U zP%nvVW&e%28YgbUfV%oZq^M7nOHZ^88SBJD zUz^gPP5{A`E6POr8?n-1fC*?ZPG9&)CLKZTKArRNUkZ3Vr6d|wAnPz`P`DTy!-3u< zjD6~BgC&hsOf^+ABJ<8g%;2p67*&xbDR4}F^72mwtyK5ZDJH2 zzOFq5Q$UJz4j~>E)=HoYnJu6xV4LtlqTRms0l^M3$n*0g#2sbFu~(D~EZ;hfJ)4M3 z-7G6`D^n$3I(>T2*c_l6Qokjy=6>3azRLkpAgp=pheB$ zKSu);B2{E1NVsVXpanwml4{ZVoeQ$Q403;(Qq!9o;r=wHhrrf0mk^p=X7A%f3$B9V za`-qv5p$hQ2Nw*kL$_z2bX|Jc6q`pI`W24iF)2_;3P>NuCTQQGT`M#JBwe>dwBU^} zLhqv{{nTI1l!;f3d4n3{+zTkeCk*KhqolDF*@Fw}Qsf$J54=#)BS^hdmuuEI!DC5#HxS$o=_Vry zEFZENDTm^%h>}L~hsEXZK5}hw@*XsF_yO|L>D>%AZT|8LAfc?Cz;P?N(>D#uburhW zG0Ac(&ixA=Y}y<$-%J4Np^&E=xREW{a?p)5yk4H`FL@6bU#!p;jAx{6uyaPw;6w=8CuNUuV|um@3{2e|g_w>%#;R3FH>yRNjMoQuLO{ zRV}~E_SH$2J#IZ8vW?d~>tZXn(|FN~_L5quyBwT`==H$5*2cX}eDMPbxrHpCmkM9g z{D$I~x{P|Ack83!wKcP@dHyS;VqB(4{7wc=`_=gp1{xZAoA%-z_T$^zdxw;VYO1E^>7JIMj7GwP`j6h3pjgZlG&wC4RQXjvLVV^tI-HhTe6|K!Lj3AFI{d1- z4t8cvmY^@6oy8QsIygd|f(_l*g#Q5ZURm^RnxBDVnaM(jRbRj@*{v0s;-&SBEi>jzoeH0gO;V4Y3PB%5BOYcQK4pw5O zF)_jzZ4v39h1SF~!XELV-prv_RKlBhyrrR6+P@9HN@v24QYD(&pbN%3j*0p`X2m*b zbH(r&jf4NHd`JtQsimKk(yO>?%t%>Ubo1M~!!LQSx|~Azo!Le$vg8mFQ8l2Mn46gN zDivzk?UT&<<}3H}`nWHhu+OMle6m~xo<;j+F8rxy50z;=C2FrSDQdb;Yl0>5kGIDl z$|CC|vGU0eYo*ldsmXL(u*%+u8=IY7M9Pbhdn0N{l$bVE#Rs z(EFYGWWC47QyCxR=`|L0s(QgBl&vMpU8FGeX*D;%5MN(yU-lbK9>zr`tF3{AY-2Sj zb#EycKPrkPPxmGbJ(uyl`|%EvRlbtFC(T^M3`*qEKiIpH)<_aF*-!oQWxR<_fBX4c z$OSo@`oKR_9%3J!+p&KW^jqvFi2v+q-@etHSTbu#vWaJ$kkclYpn)^lT5g!;)7n zMWunstfjh9n^ArLDtr$yEg3n+lAjB>+G_!-Nku>1-LmHd6v1MrFRs=Qez~v7kqZjo zy@iBpkRn_U19PtDtC(WO$NftjAv&4ul0ihx3c%<+Ck zbF|V4V|mtDOg@{0Qx=K-B_nRI7qxEBPE)sKu{e!k#8ZcF z>`?~&7f*xzw)cJ$R>8(Ytw8?+~)08w?O$w@CjjlK&;j6t|FM|FUdXC5S+#3(x)fvWW_H zaFq)t{+&0II;Iv;tAhMnLRe}m^ZS@w2ZdC^#;~`HdlvJ?1We84AlwP4rldCj0H3PK zF~NvsOA*%|DzeJta2lMNlD&+yGLcMCYX4^ z^&{4oDKZnVmO9U+=stJ;$R??Y$k2r3E(R!x$odJqE&~=ZbgmQf0?$`xZ$l^8#2S^r@6n9Q z@Pk)Sh-a#qv=Z7-Lh zF1oniVO%Cx1U0C) z|FV7ehLwit9xH;!yB5RX0umm~Mq?ou1-e{KxjyZHyJW@&aG{N|!2^3hGGvGN+pu)! zxEVtJ^M2(6Qz1~0(s7u(n|tv z7^6#I?5Va(7ht#ivBz7t%3pDwx=~@%^=M}XM$K2Ol7y)Y2|d9@EsH08t535DdTEbO zg<*s#IOviL}cM8e_z@*aW^T2ucv(kV!57!`q9yKZ6V<>E-p!F)F!;F!j7b6bd+MhRA~Eim)}zdU+tSSyU-$Gkm znJLf!9-*NHc;yM5a~YZxu_l|GFJRS)y7>xy)vs&Mf=7H(NL1hP$kUF?OOepKwM{;BxoHYQA$@R6D&C~b~XZFQjLku zg>pT)f5)+=JzJVw6Kbo4texf4WKK+s}$W&NK1&Ch?h)@)_f zLd9Vz`jjV?rBd0S4WNIv1mi^mrbYF*@) z&}e1#+|=^6?)u9txMFH}deC8MkGZ-O{cFc87moXcP#IS)Y_}n|fE@#^JqE3y;rUl8 zuyU6|)On%d#@dI8;!haOgRW@9XgmSx;sYp;&tC_d>h1AFOHv`Q%Ixn?sa2IQ1>8c9 z6(ojjc1xU8{?goAcuaoDAoz#kg)bs=`@jUb|e}Dt7^mt#rl{~J)EfXbG9QlI6yy9j_f|lcaV@j zm-&iIV&rUfhkOj@I7!xRRE~HXEKQOLZ-+GyQpE_ymHokjmdSq-jrc5>sc2uiM-$=R#^0 zK~h%~DeDe4EGW)^e*;FZj^DMKY-wg*;xy);v^kcbc^RO&`Q$2 z|0#(y5JHcr4{YcyN%r;m`Sw$?R!LoLq=u{S+QEMK;N59gk( z5BWR~;hoCI`i>7NNFPrH#AP2?*AiKR;7O#NQ9eAxB_Dc)Axw^`KgG_T}jwo z7IBL&(j1D~de9~>_Pz&G*RU+}sHK4@%y~Faz23Zua`Y9Ci386J9=|gfPR9rLVQG9h zSTT9u6aj#SQ{(YF3Z)ws3A?%k} z=1rV9S>1)N7jE+RwS$2`q5fV#i4yjor`tPslVEGy0a*!^Zm(5 zP9flsH%h+ODO!d;7Qawk~YD;IdY( z@>iI&g46zvVYAu#evWT(mFszsU(~NU_5SJ<;zWE{r zpRM;rlPxk!)*!Z@-=lO7^gHVKN0tcNolLS3xy-Y1fRVgGJ^M|>Np9K6zz%;Ijk(hE zvmgfXy!wMw=jRI6l+ACr^18B0EJjvyh$TgOs2i-FqgW#vcQoz`4GGJtp5q2kSplr7 zGz19P;S<@v#C8qZ(HABS0+%?OiZI&$=(u~v@`KIk$7K_ueWTwWemhfb zNJgty-G9@ZdNV5ha0(;*M@BF&f@#n0nPj-QL;D+kN)?agQ(;4Or(hy{29GwzB zlY=kE(%!0j@MqtMbx4H&nS{{eE1%ar`WSpAG*{DGRTQ_Sb$R*cG%CoWmw-)G`-@|J z6riu{f#A78M04QnwWYy1zQm=5&rij9~(pq=FcDkI66*6GxG3$*CwO1J5uq?D?3H(~v>O)7j9zdzhOa$GO!@ z%Q0-~|I6(%7cR4uzD_{KN+KpeNR2eCf$PsGCPu?)k3RpDDIYR_;NL78i`Caf6bJcd zwJ3)^--eS2(tKa^zd3DN^Y3+hP~Y`DsBHA{?;;W=($YVBI5R+tTe zjM=Wci$ikEBOZ0kZar*?>3 z0`|YCsPL&HFVt@yqlFEZEqpUIB#*+FJJ_=;3VO^>$ZnYO2A(JjBCalbr#TDC#FgEj zWYP+_Hq?J-=Af7m4aZzU{=d>4uNNn#0gsUDy8k!h0fFqF5Kin%c2kv?(Cm!t1C6?p zMR1Uqujjjtie9~4c5YKDdiIX*mo|a_3|`%`MY^t@Hv9TseIb}PP~erN&0fF9TiB2?2kzR?cv$u6Hj$*_V&v?p0ZK2B z_^f#y6FqE0UF(j^&im)}W#U)s=#awQI}&I6-e&h@oFOi%3Ukz_xFl9<_?|*0jz;R) zeem5M!=#O?i9Mc^asMmM7w(5f4knkaBX`X&bW8MtFxahjTk7 z{Y?M`ME$iGgA8k-c{Nrg$qPl3qtgY2WkTpg zY%uZEFCq;gpdx~mxC{a9ua;qHPcO(&nN|3IzJ3mly6}*OXY)-`*KrAEJ?B3>UT^b7 z-e99Ikeu%iX4f(S4BUtkRRtwNM(hvBXSx%q=`|LvJ9^#QXD##mQ80XE zrV(?Tmnu+Y2qnRm40_I`;3lu}xSFS2I((208Iy|HrmV8yy)r|WYaz?XP|k4jzG^Fx z@=O18-M*RpRV(FX*}mL*Q);_&yP!7Ry_`+E;Yhac`es^Hbo5~BN^S-LCE6zgA(1Iy+8 zoCgCK%;+tMMZ3}BL;|V^v09(Veu0-P7)YtKf*zjg*i+pzcWf3F^?Q}Gkf_0U$(sGtzFTz_|j7dqw39lY{jA*#m!L!-M5O5A9{jFXDYs< zT5^>7i8CgU2>crubip>SQXQCzmP0QU|n zU2T0szg;B%`8+1XtVt-7qB+k?rr$I5a7omfNm2<#UggU-1}szGSZbXTp}%l>@Q;y=Jeqv<>AGj%XsX*b;nUz>Xz=K zt6yA(DX4*-4V=*?36-Rr@s_;ujbKqm0C@JUMH*y6B2tA!PyoCT=+GT@lHzn`4S)&k z29^lc`yDz9o}p+?6Fgga%2Mzq#cDr#dbT|FZq3)PzbF(>+wQ*CcjMfSsb~o83b}MR zHhI^SoPYL8C#NK5X&e3A*}Cyqs|mRprWR71mB%#`Fkr~aZ5G|&YQW_hEuPe2j^nkB z$5-J>>MIrk!SOO}jKKC0DKQgG2Nxx1XK6CQZn~uT4mI`e?ud4`21z@pfl6VVj8TIz z*8Th5io}x@$Oo0zQbO&cYrdKWmx*iS*Y2ViRokM7oIJR3D-YnS3ke>%pjGZ5k>RCS zqM@VY1|o!_8`)^g3?3sH+Gs4p@B$v_@X%3gG$cb{Nbvj;Q*!=ni&=#XGRu?Cv-Vq& z?mPUZDhsv*f_q)@J|nWGbxF?zXn)y>g1_uh&e9347-KO3JV61eq*A{o9lpF7)Wc66 zr}U;XO&~Y>Tn2s(Wz;Gwp=)EcCK%}+ZBJGRBk5_u%R{yq_6n|Qg>=gry<7ue+YXT! z+wnwS2diju6l@<~;pkV|XaZh-cRcmGF@F>j`YXL?tJBM)+OCVYwA)V+3~LIgk6AeW z;YZu&`YWMS_wf#LD?Vl7FATMn2}-H7X{!;=7wHW8FsE!Kz&&3b+nGcr)S`5+kCjYb z$8}oEj$VBA8?zKn-&2~2A&5$RDI=pUoHWBc)w0#)avq-R*_m<0AyOIA`cz)|$@GY# zfWrfp@JYJGMcB*yHq;6FNg9k3)vIwETExMNL~t8Q@%$k%)ABFGue zoJrFHjZoKu(k*Moa}O369ky9z)>mhlX{-av+$}C45=-PgUZpFgLCYzcX$y{iYnF=h z&*3-@u>s;_2YJyVIx3r7{j1+Qoq|}P=uD6x z_PCwpQP?i00FKMG*F8}Vb$Gm8eSKUg!ze>2?{Hc|N`!~i+xH(nRFd}j_4yCH~<@=Vs~Z*|Ik<`a2y69O8x8^&PU@178^Qvh-8dfMi^fC zkQMyc*vBAU|JM&%`^x%I_jA>%sOHgAk9QWY}9rtqM=$To&l^I%SSr#NQRM4 zS`o2Mu!*5vbFiVyM_yR|4jx@F4j!m5r^oxmRbYkg~smuR|hR4J@eS@~=a@-m;P%#k96~@<# zwneQcNLH6_Ai!NT|KLj11KG+fB)Z3pqLE40&5PH7O>rEIxTNcM(EOceh`a!YE$NV8 z0yX(%>5xH!0;vJU!vCXIGX-1GC3`6t7hI%xALlREvhHB{=s7n<_&Z1B+86{CV<|}2 z8Me=;mX8)+1o=B#7Cz+3#^1>o0!#X_VEKqY&muV1=~Xi-)@hco6aENwy+5>9gDod6 zmk3;F7}%?k|GkI<4_tVJiXIFPE*$gsiC-b~{S@mInW5?VRku&f=!@Xp`bclrvNz$w zLm};0!$oZ->uFas*qi#3+2%UCPc7KnUUl2?cf|aSWSuIxeU9p(aeVb(-ya5Ne_UGT zp*Nnj)|~Qd>pYUfT-SUH>b@+DElvZM@;4rd$2~UnYkzFZh%XHG+4_Ep@s7aEUicQ# zGl^1G4_~`9yB&jLxWx`_xa9=f+CM_j9%8E!CP)@P#^?L*_2Od%Mot@gYyZN)(Hf%R zRv0~j;np2g6jYC1`~h8FClc^vGJfzOhRp>MQ9p6SAG!=9fc5dph-pNyxgc(j5wx@P z6SPzHJDKJ+tRhZ|L{=`JogkC-aeF;;2j4s@)~}_rsh!?=5|K2lEumb7EeAcc)j>w< z*&!ipE(3wm4bY4zBZ*D8cu~-S(p*Fufb$|Q-wK$}9lkB}2G}d-&3fsEk)dUnHo|(P zIRy6VKP91a6~G|vtX8Nh-bXsTDqgcxhU!0faHu-A!goX8eradb!?U;cqx1h~f*atS zD1oSd{Ut*N5!iVFHrpQG**<^*{b6cxq7dMD0R>Xf=qSAkN@~ZK6ireeG71y+OzVO% z+(NkNu|PF)2(k}Oo{)1^)17)~nj%vgsSpV4}D4NY>SBPO5W{IP8 z8HVtG&@h8;bcDJvc)T3>zrg}g1UyO45=QmTQ0dJO`ksd0XMhXk=V1uH{WhOoc_5J) zC6J_$FXz9@;Y$t`vu-$K{SG)4T7#c%IdmA{vE%kIq~ZP5JnHjbX$g!=^8COWeF5{r zkj5k6C)`_LE*GhDCDNmx9{dNi%f}Pl_SYSf^7}5a z9Gg^O$-uhFA|SAP`p2*cykm})g|q!<{FdJVfou$OA71g_QxZrF0firm9NPL8uAWBn zLTi|zY1(p~RY{-$EExcrjKjxAw;;71`M`||n&xkaOdAYaka0m8J~n?8ry%R30jOS+ ztUyZ7tRgVXD6|xY1c;x6QcuEI)%fc;hahSXU7qV)s6cFNwEWEF)09DpUrNPKuNNac>_bAbvbBO& zerSq#23TeP1!vnu`je>cF(=&&*-si>GvN_da{k3pBfDAv?v8Wk^Pp# zkTr9!t_cn!H>gBI8uCONByW%4$8K4?>iykGl2Un4;$N$enC5bszs19dDd2s(QAhsO zbK%8bui?;NE;>JyE@}eVUPH7BwGTa>!D3)Ig(%`kK4qgx_yT+B<()9_4^pO3lzqhuAT1M>npe%s z;mooI)-DA%8SNRA#;2TOGMC6IMh%oOoHqze%C<25by0Aup`V7MeG{Fm=k+xPQ8OD&$e-Ad)0WV~N6=h1dz+}-6Nuk%+(K|W1FE2q!EfE+qBn zCl@%~yyeMmQh3VL^ZSiVrF%v!M0CyUkzJ*?GlPe%Rrz+(*IUHVO?ZAm+uP>>z1*@lu%s9G`cq^sslC4I5c|ZTLD$L%#=ahLotXKCIb zOuN6PG_}E%c?}=x=4PmB8+uU2CWVclXyj(F)~@J^dOwHs>6Im^%C+NJ0v}RpU9P~# zpbgw@Y%!V&rI~5On4Z>*EX#tTqo;+NXc3P(vGN{sjbLMddWPAq^uj|-zqi2Ik#>i| zjx`-Hk4{rht6vmxPsK&JtO&;^u_rOdv8Va`>nE{px8&MaiL({#tYZ6#v%F}*?qXN4 zI_uCJa_JUC3r}NcZzVLLjVq)9F42%KzSitkK_`4LHjblXZaMhFT_!<*4{hBd8($4} z1U`^-&pMH^_9Cp+U-6OoZs!I+7+zv2IB2nZMBds2Pn>D0_h{PBF?rmGO*#Tot6LEE zHhZ>`zO*1& z4LN|r?+tvzJorl8N)F1Bv1=rka`LevyoKei-u+&TU6e0z z2DbXUOPl4~a?!ivpVe`mG`J^w%{C^ywjw=VN$AM2tv#Vch*Sbrp>9jkfJ zH9WGw=WFS#(cFGEswPG~28Lw@Li%N4z3o zBh$sl9o923-Q3Hn64qB_LBh3+5}0Bu);E(%P9n~I9s&5VWn?B*FeA9b&hA0bukzFE zt^8%zzn0HwU0W+gjo<|NLu@?Q_;*eeY=;ci?2{>l*|^xxphiso+c~1AAyP0KZ-P6k z2$7(wGhsglB`VY9+hvLK9xFJ8{;Okn^@AFWXuVLD43r<1N}c{97jXVfzrv4L>C&sH z{GlI(!Ft^aigrX;zcn4{QLjWbF@2;ra8Uqw2-L*ZcH{~Z_e#75$)|ds-TJmE^>|b_ z9XQ3qlpdN1CH@Pi3UwHL8F>0l3%n=t@{T>W&cv3LG0)Uu`ey7h6#ic!pEqv1_~HVP zUtF~@X?wJs1&g`7_nZ^Pe&nALxaOMa>VIz=-_;%qVeIQUevx(>T0q=+g;iydZDNTh z3*O`pm2He~E^s_0NSUgkd;bj(7BH_o7+y>M(@^T=Z@{WmnKV)bdCyXJ-(W^PqfGm% i(}>=fPBVU;-b9G>L5M-`7$5)M-sk%9C81Jaq5cw>ZX diff --git a/released/assets/fleet/fleet-0.3.0-beta600.tgz b/released/assets/fleet/fleet-0.3.0-beta600.tgz deleted file mode 100644 index 9aa327777862d86cf00ba9dc7d8277143ed9147b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2873 zcmV-93&!*xiwFRgFWp}N1MOSuZ`(K$?`QoLJTDHpD=JxjFAUs=tlRDe*LH)Z*ZWvd z5^ZxMi-Jfw_2#mF`wkzLC0TyNv7PHygCefTnc?s;qaUf^I3z?gU!0U&*B$hFNd5Nv z>ep>|^{*k+>J0jWc6-q6yU1;I`t8;W)H|(Nno=%s0;U8kiYUPWp7BaPU>lFO=rR4s ze!meKtN9;IaUz@ro`t7q1IDA@?QWd^mfP-^=D*kL_Ff?O6vmY4JD-0XMND8pS;U7H zLOvEaWD^H|MMxaVnv4%oNTc*?Wi3txvuOl_6NW>i7L)BK!M|o$_|r-WpCp2gDG7!s z!I3{DNhKTk8k2<1NCXu_)DTHZ8kLMw8U!TT$`auj;W75f(n7xAg3Ky;FBEh(MS_m)BQ_lLX)ont?p>2s{b| zb`j9~<|~GHNLJX2=mN)Qvmq?yj)ZeJN*vS!_H697hRhI&d=`)ZDQ{aEHM)GXc~@f; zlCeM#w8a8Zfhd4N&eIv_7E^dAY5Mf;MzU}^iGagfAdK!v7^2&V-9=!4v+B<1a@m_t zU{P-D?ua*K>=ruaQzGpWQ^28j6x2Wwq4SJ|BdCuAN8^OeBxe03^+4Z8GL}*d1PC7A!?~I1g;_YjP4Y4>quRn+V%O`9Ba>`_I>8jMGqSs0GK6c1amD)3JW?mYe8sf zh$LBsX$1XSme}wTp0Cu{raK=l-@m!Jz8t;DYLI?QzlC?$Fjt7sn36DnmszpYlwX7A z4>RMPEDUD68g8MB`}?fJsG-Bbmq5pZFDBeC8puHp55Vbs*6>^jJ1Z;&wZpY)08&tX zk+ryCz6u8AF;-(uV~GW{H;g#f@8?V3XK5rpRJZipE4-#{RF40Nhy7#k19!y#PN&r? z?f(W{w^hggb5K71tGNfzH)RR^UEw6>_D8OdyUj~s2`^bl_IWELX-FXU+7Pel&k0Lo z6^LyKvwvgW>d0K7E6&oyCx+wVr3_&Jt-V~qnx4|J{Gn$3k_S_7{2MY$QEq~33UOw?-BVmF1i*JjDWcIN)x`KUkdI3Jd!4-W^8(NmqMYJqKA zREOGl`UyPM%sp}C?$KjA+iY%}CLMzIic4qmv%Jx#^SE3q2hU(m$39;8+%MB_kjnV4 z_?|ls65N6R+;*pg|JtpdTjzhAg$j8I%cxTF&OHMETI@PpSI+03dvLx3D*Jy1Ada{R z+;#rf>zDoC?RML>|DS^@eRiZ4!F%w)JzRfTtyj(v{ZAbZ-J2t##_B_0Lmw{feeSh9 zg<5IIoqegJuL=%~>4zL=R>RAtUI;FlAyiCxwex%GB; z6Thx4O6YGXAWr!tMs9-C|asqo}2z(;nZ^c z|1u?EEHfTOe6%CLUHGrlcFXa<)vnL~&O-P1Hi7_5qiylnhP{dmOXk7;N$cE`kj8K&i^|H zRn7mgZ-eZL|E>O@9REA@_n-67)_Vypr(L{}Fv?)R&eTcL2*HZs$itijGMNjOkjeit z_YCx!%3m~)TA#byH5sb%e+Mw&Om8iY(#9_T?{&Im|L?io+W*f%KcH(sU?hpSOrX<~ zj_#%;LS9Nk`9T4}*69}Z#oSR@p)!#)jbjGu1@Wm&Bb7)_XZis5E0hq}NyvOqxqZx) z<0t?H5t--=ynmQX%mCfNHVOUhpAPyp3KuHlF4iU?*oerxXT-6b*Ee5oVBas(Uq@^< z0|lQ)Hz=S9x8y#nss3v7Eyw#kX{x`=g6X6w|12N*JZi2KdCN+hRr&w1 zZ-YD<|H1peU*G>d3suekv2TOyivR6Se=YuZ>iB;a(o??aj)nnmtLqsOyIF$V3V?DO zWOS{a3L5f)r2FV}=o%)ToVLgR<79*H@c&kOP~QJ_y7l?rdFa6WZxa|Em-XGyQjNp1 zy>rsVEbpo;s`%#~yQ0{17CNOTy#WwXi8M~3SS{lApu@6ub0CGO5 z++OFhk!_pss;ndcjkYKvUE>crbvcB=Mj>3N-+6(_ZF&lgr z{&NTA{LgN?SMUGNLWkvSn?V2E#@F;@+V20y$p+lz|LggG?Y_+asr~=-ROkPF-?aDs z&)g3_1Ox2y|L&Uq_gd}x``=mU6!%T_GP2EzIp!VHYO1NG?}z>bh&7Gn0Ac_D;@q~^ diff --git a/released/assets/fleet/fleet-0.3.0-rc100.tgz b/released/assets/fleet/fleet-0.3.0-rc100.tgz deleted file mode 100644 index 743739f325c7826ae03eba5a41c45f393e20a3c1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2798 zcmVBzlZ*Box+$h{owv5VaO$sjE7=m z0eD1`fKMI#D+B5<-sEBg0Sl9Fm9-?1+-4yTP7sVhPbS-o{eR4f^k$V39*rfNFzSyW zCZRW@aU~o57SWi^X^0ggXvjFBjY`HD^L-lbWC_Wfiimi0WuaIKN#~WkQOp<2r^22t z;t_ZOP7fLjN6Y2d7HtwlGt#cq5z~MYL2cD;+N4Dy_5~H;IFDe_!N(|jY&l)0WyfCI z!gjrwMN${PQ*!Wugk(x%u;EuGe~$zZ2{#@IsKq?RHIp(Dqh`}nD_A(`kZRWmL8WM- zXfT}go3@{Q2Bp29Mt&l9K_}bFBI~NX~YGS zJYHtN%%BFWlVpmhWsOq+wAghL1lK%Z9*SH|K5}^-Q-O%hvam9gS9?|4n(vSXUcoya zuizOrFl9o<8peX0QHT;3rQlzm-UFZLlHU@S#v#QJ2bb4ZAZU!>2j(abF2zR)Xca}h zZ@&?Yg>;Rqs3~wfJ|E#U?kXsEqs37@;?Bl?Yv>$k=y9L=pjX<;sPW~K&AXaFKqnF~ zV9O;i2@D~j5Xl^M%NahDG<|-5qgVu+hRESAfxsON0=NzNU5Exa>+Xy%SG~CeKS}M! zj<9eF6YSrN-=VpZhM?VsN@qL?eC^&?qT(4v6yZ`LjsM3p>fN&ND#SrqXcXV>&$a%4 z&nR{}h9ytnj)W2<2i!oQ{?!;J5w=|%NDd;R9-A!HfUy_?;?h7k7WRzCbZi7aCza0=`sy8_hasv~sr^DWR3}kSfjz zu9GEX9W-tKjI-lH0PYedY`Su%>W*quSNS*vP=Jzow$agAS*R7Gd!>^uUp+GbCnAoE zOdnjmmParrN)!tsB4@(Pp=rQfbh+6c;kHQqhvItQ^@dJJ63En5OC|8qQSis5GX68u zPwl&phX(eY|FnCZ;`<)~LBCtS|Ib1Ba|sefqPb{W7_|Knyvb&QHK!5>Mv_q);HY zb&&BIxCIyY_gRObVZ!29-^9hQ>1%J<00$l(kkk2M;JFrd)@TZAM;p}$rLg=WYjKOe z3I^qIR%1hBi3PPcQgH=Sm`5)?k0+u0Sl!Y~&+wXdQ91s{F7b}N58M;~yWMubwEr9S zTJ`?#ER>J`+V=>4XFO(qYP{&&{vynAcluIT!E7GT$GjEdB%m03ZH(9K*O(`f4#YN0 znf!yh>mzfGG6hd!kER?KuT==cU5T43*w9ltmOoUDhO;HfEOrb1n1(uHLY+8Jslm@i zqXFh~5ATrUj(TLp?-d@`!3){N;d*_q+yyJXal|DQiG)B)|L{$@P*Q7es z#?w3SRGxe0%zZ?U?QGM%)lDV@Jt{7pX`SVbKHZATwQ{frb2=Wg3SatV`W;dk{}tbJ z$3cR7@L#LbE#bdTyWj5A`0pH4$V*s7mD1{bMBv|uU5D$+t@)Q8oF9P7>pue!N8AMN zJO3LDhUN3WUcX-dXQ9e9JJyrn1FpbFEd5ornK>i)k3Jl_PmhQi>ra6VbGY>AbFbAY z)LKLC>`NbgRd7f$eRyd6yxIEt0IN|vhr&|(EYs) z7=T&0D<0dpw^EF3k_9jGfp>NER{3E!6N_RN$_X_7Dw>Uh6ks5t*+XM(4-NhD|1UkB z-y0S3Kh3f1(Q^Qwp8q%K4!U*z-#Mtt|Hr-!vM>I(H}QYB{{C|w+IcUb?evRx62=+q zHyKND5(3T`0WJ~L2Og>~J3tpIJuJOxVCGc*s)5q_(%r5prKiaya{ml5#hnChbaXmkuAGEEDhTP+WFr18(pwsg8h5zKfxrCSf#1VmsWT5F zV-ny-MBP23j^(_$`FexVnaj0tjANw}Qlkp$E{|EK`-?LDa|BrneWMBO6bO#&pzrO!_ z9x^W9c1t4#Z|e&h3cFd7-b#dWTVzbFok$jlf@JH-Y2h_YJUQ)-|HsJ&-?RSPond+Z z*X`Bkf9IhC^S{%;@U*P&hLLIMG+w9lgjN)E*oq+4X@hzLe*g%G3vH=B(2}a)77dG#;7e7<|y9skp%^-L(Z7ytFk_^&f;)!+ZmLc4Ny_Q!pF3}9C6 zYWb^cv-U5obR{c>5v(6$F1g2p5qutBr)4<&Q!205jK!BpA@;xYX#M}u?)9Hb9e+j) z*o*&q(7CLHnbQ&GfOlTDo3c1iJPH`1HG*F_D6>X|7)b|8)eJx9mPHS|| zbhXay>LTuMQ5PU0x>!GA5XwE>DI*VQFTLV%&L-DM|JALUyX+T_G$V=pBKID<%6ECT z+L>~S#zsjK7ne-Zijwt>*LBoCAw3HJJu@48AO33%%lY3ugoJhcKL;I_vz-R|mo~np zXVdQWf1GT%ZUb*5CimLZ`TI zYNnB$&X{A~FntmMmAB%LPxBy}R0K8+6 AJOBUy diff --git a/released/assets/fleet/fleet-0.3.0-rc200.tgz b/released/assets/fleet/fleet-0.3.0-rc200.tgz deleted file mode 100644 index a2478c0c9fc5e533f2826a5ff8053b534ad4f543..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2799 zcmVGeJq zltkOy$f6)pPQAI@-+se~Wl5GFacl>@YCbp-IWrtSX7nR997lwR_D?4z*L5!k1El_X zp8D%{`}(gT)ahM%m)-7V-*b`M>3QAGPiSyjvovK~;1o;=SsYV>Lp!T##8UZ<4Y(4GFg= z^K^)U2$ly)xufI?Z1WC|k}2-g>PSgMFekQb*EDJ2gnj`=ubJSw)=RI*hR#Vk{_E9qDj4we_y3^d4x0D>IY`exM8hP)f}Cav z95DZ0=dzjqbC90@IgT>IPXz#X;Joxl@7Ei0UYkP^GeqUeT2Gysw7@kb_ZQo;eTSr$~r;(DiQTk##zz$^5Q zrAv4Q4NNE(se-XcObJRdAEeN~KD|e5tV({%e3HflLL9ofxkj9%0DjO6s;Oct{0|Ub?H#I>D{eTg}ai}IJVgR~x z^Ol_2LYSEl(HPXO?KG5_YVS&olj><0N)&H)O-R5lr_g>#l87xN-&(T{7%it;jucl) zSxhA782n^`@(${@e}>g@!4d2d#&oirPT3vVsHzHK34j2>vwWkYw9;59hUpcKabLAE z5G+I(7hxWJ<;z1f!%`Fq5-g@%uc1lAe3){*J%VkK{13#{zUvJc<17+psuohmcXVa0^{LJmeilEgcrWhB_{OHLtxz3pwcV5jdSM8lEd*XN9JqcDPmzPzuT~ z@)kGDSIM9v&T6e`tgwLgmJydQg$Cp*2v`=2kM%9R^a^ii8&%_f>f_+p`@kLXzt`&w zD*M07ey7?0orQ|=U(G#$-ziJ!p9(KJcfW9b+-+V8OPI|fvd>!~%_0J^*M@jae@$7I zs6cF^2^D`Ze|2Q8P$p+t8W6*A@mhv3*p>K&f;ByrWBEhXC^%b@%wsoKk0#V%9qRaj zN;Q7g8Z|JV;bb3W8>eQy4Flz228`*20v{$3wsX3C#ZjrM7-QMCZ5_T&{;3u3wOoMR zyjqw2-_jaztuM;W044MP0A!+8qZYd@y}dR|mbP^d56&n3dB^#n z+oC$u#?w#Wsb=n(D|e3`+xez@<230Iv{zg@lb;ohKAp!ES~++I3p)1k!k2!Teuq@W zf93bwagg8+{O5Li75vxj47zTE|IR_Byo6;`sd(oefqyM_9j>e3^DjL(KLAzzKL-#; z+yw4A|MR@d>iJ*aYyAH#RO_=NwFo|d2kzne%WA!HhUh=)aOlAt5w%vI0$ciUY43Bd z$=tW-|02ye`leG z2OB{Ert!9TY{TA4GSYD#yz~d&<GAyDsFeSyk7bXZ1Nij(Kdj~_}^K_|Gnn>&v|I;y@ZZ4DBnpK z<*;98ETvhDV8w9cV@^WEV)PbiUQxYRTqmlfefMDZu2U||=Sg&*fBF_?; z@hKBPWh$veayruoxPL||ft>_wbW}QEp&Z8{D2T~KXCnSBQCk{_8uzftL4WzXgMN>r zg~~ikv`GjyBJ%DTaV+P}?bln__sbO65u43G!I#l33TetMxl3xRUv0kS_Of4h;!zYj!BIoH>`tz9+s_dmO6s|6|_LGA=VxeYS9*3JZtcuCTIa$0x;6HiXt$CKdZhpQKRX zU|uFLZp_6t^*R~5mA6_MzEyDmP!s@iF{#{M=dzJ)oA9cvFI64Z5v^`>M@;>CM@o70 z+Jeow^pZB@(@WZvQ=ivu%&UKC_xbK=d;B-9^-L(Z6aNjW_^*4}X}zHIyi2MeFJd`8`2jU(3^@ zO^wQ#uGhI)UBbc*>LNfy7pq4ILWQS$Y2+d8nJXUWY;u+KU*D>}%YLz^8CepRxp&xA zz00%FPQ%GtYb9-PE|HmviuJA6P1HXj?S=oInGL=R|GAgd{O^9(Yxe(Vp~G^vO`v~i z;~RQ5ZTJ7sLro6F(YisG%Q+{s({I|7HMU008ut Bgb@G$ diff --git a/released/assets/fleet/fleet-0.3.0-rc300.tgz b/released/assets/fleet/fleet-0.3.0-rc300.tgz deleted file mode 100644 index fd40206f475b454c2a343a37646dba6f92a95aad..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2801 zcmVSvLSya!;grPES&&(9iZ*aO`rYnE|F_(ByX5~~uZ#Y7Phm`%esKSjFyxX*#zQf% z06Zc|z$Xs=l>v1aZ*nn!fQ8Ao%36|0ZnF>vCkO_hCzI{P{y%0!dece?kH(UX8TAJc zlhB*exRQ;2i)hSdG{lMlG-RC6MkV8v`92M|vV>$tMMONhv`{RBq_axiDCTqKQ(;f$ z@c_I4rw5INqvdjJ^A-uBDQQ*eh-pBHptfo^ZPFqU`+|yaoCh#(<71RPx=zP&?bz#B z*sd3|Nb2HuN)A4dkW6R{HvG!u?~wo^;npJowV0>4rcy>?&}@2Y1q&w~QtcWcs1!{! zjf~-l+MS39f6s^o*?OoMhs^nLVe10Z)Jb_gZeRe*d3?jQ=qjMgfuZG*jRJ z|My#$wg1mS#{Y8?BvhOV0Petl?Y7%j{zuS{e(zkO|NE}nsqx=Ah|LgQDC8H@hzllp zyvTr=K@C_Z$plf$3a0>Qv700aZg{{v6uBOMxVpIpL1P3zFhhA5QGAquR#DXZ z_8Y-iNLR>;ngYk;vjI-yj)HQxS{&6Q?riL~hR%S79`~sadZjIm8eTowyz4OpbSwb_ zwp;*{zz`A&k<3uHoZ>@C)93fMibb$Vh#aE@5V)s70Cyq3577W;)t%whvNu=YC#n6| z5f)BhjQyMPdo)+l5VYG+>69mduiYCsLpgl!iGl7on-$HogaU@V4!jA$Sn3wy?6Iy8cxaw6|F z17ckg2x?g)&ZVk~)RcS$pK;W)jRC4eTz$`QU~stArpAl0A2?zp^tFQmj-Wd;Z^>ya zM9=uZLR7o9)6inNy(>LVx~IOcP<*;;0*SkvT>Cza0=`guYt1@nv~sr^DWR3}kSfkG zu9F319W-tKjI-lH0PYgTY_fEx>W*quSNS*vP=JzIw$agAS*R7Gd!>^uUp+GbCnAoE zOdm#iEe~KulqeQNL{5d7Lz94y(B)=(gxezZAByXJ*Bd$}Ngz{KEtJ4ZN5LPL%J|Pr zKeg{Z9vawn{?qEVi|>B~1bw%D|DS{M=Mp4}M04J52B2`6L zi2YlZ*!UuzuhiIScRpTyczb(uHGG@ZfO%8Di}9_WD+Cxb8u*{+xLBH&-(UnBWX3z$ z>mcJba0@OT9N@4j$*5U?# z6%5Mbtj3zg5({c?q~Z#uFppk&9#2B~vAU&~p5ZlZqjLO@N5nh!K5$3;?{r$d(*EzV z+p70}XQ6!j*S<&aJLNI^Q{zSF?iXQ>yVIA#5@z#&?(1tWAKZs$z-ilbCjGRCrP+d6!n{L?7jYq}tN`f6SF ze@kn~wLU2~1C(U+2O<+a8;#g);qA3qvaqdtcyK#jeA3<<|U556%xj<@KKdh$C(S zcb)(B`2fa54m!}6(?OQO}VdrMnk3`S5ql5yfOl#ewT(G ztjP_p)=VyaJ1aFtm^bm8+M^B)paS{T~7y%<9s1H0;Uv_}bReD%@)4ty@DG=U^EVeN+dK+hx;iFVU(~yeNX`0_}t-^Q#jTulYl6aNM(Gg z1W=Vqs*s$?^g-^QA*Q&Kz>SVh2h5d|&_@L!otR9-zeRdWgHhuiH#zW^zdP`I7%X(= zVPs4K+=!^VXVkHrH@9DJao?{}V26A*Lj_-kx8So_SZbHl)W61j%NhL{H}&tbU^;24 zpXH;Nhs~9u5%w>MV9eC#(ASQ*kMMUy?(kR6)c+jySg-$!5?@Hncp~8X&0B0Yin;o% zVL8mFq-of($a3aFCHtQER_$@9YW*MkHpr9lAHM(l_5I(oP?i6WeH&y~{BL*qYw^EZ z$N#gCarvfO8Yy^NUC>b2&64y^B9z-8V`}Y0vOp9h-6yAo*D&$qv_1YGCmVdn`fs%_ z%lp4hw?6+n4;`5Qod$-dWqmh{RO7I0@0@fo%eyKIISX8h*3-aM#!Z@v{iIJ)kUN-H z35*+avD12!jNQmuEe+qQ*h46a06CvjZm)CMVB2YU)z%lP4(o_fx49!}{dz|VdGyAD z&AIf7HssSQ+LTkD)oskHf9d7(-P88?pDwLuLcyK*uUE!@?Mt`*{(lzQmb0@v?(1U! zvuc;iUtOEEe{s{5tQZEcdW^Z`9uEfad3ckS;qXtWyjd|8UnYgv|I(xN|3}-`e=c?W z88Kid{_B>{|8V=%2Qkwkuxdxu@+ zyF451OgTkkt)z*IOD1VW$@<3YI_jU0_QHS9%m&|u|J=)R{&%ioYSoA%!SrT2pm!2r9~e|K&D_gbC$``=mU z6!%TdG_unfbId!Y%j2i)KB?LvY`9Tcan@eAK?>_vNTH4&HPuwpk3;_hBv3Fy0Ac_D D#OR#` diff --git a/released/assets/fleet/fleet-0.3.000.tgz b/released/assets/fleet/fleet-0.3.000.tgz deleted file mode 100644 index 49d6511455e288082120bb9b2bf379e24e8e1f0d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2798 zcmVzo4{`M{aiXtiMVp)YvsuO(_>R0aF4NMU>zG&v-2#u#LxC^kntO z|NbB}R{cMk;zU>rJPS`z2DFFU>uv0R$96iE{_ppD_A6wc!k8-kwn*|`_1})4$}P(-Y^caAg37u2lT(| z44VEw2kHKw<1i)sQ~+=X{_8jcSN4C`?e`qlaiITQ+wL~_?;J#D05K%;OGwN(6)aig zz)T|t$P;)1s72!xgp|m28iv;_q&~1;jXyJSoe&Oa%`hM{5?4Fbnu_nK%3q@oELp-b zP(GntBnrMFF(oKYJ&;2Gy7`FMSf%`ydL)SmxHfcoeT6tl0QjI8$Rm%yr$As40ln|P zWAK4wg{p{7uzWTf!tm`%2zRT*K|SEj)^2Oa43WrZ0SS6E2mpt?2@pm<6EJ$M8Q-S?v@@$YDK6+xrS6?%92Go}CE zQv#Jv(1NAt9!CNRhG63W`j>5(#!z;-AsON^@#%OW8;m9>#2yK`WkAhXLPlEfrXccB zF#yiRAt#36F(zbIEQjN3^aWZy-w=RGz|{8?8U~tMZf5)h>H#f=qd;{~$N+HX<}Eq3 zh0rqrq7kTF+hHg%RoY1xK($7}LqJJ7slbp(-nYApimd&+-k9(n=$x7`j(j+0<1d1HnLq zb`jZ!r{?hx&9D@Ogcyq{*JEfBG7q|3Z;N0%B>w|(wcmP2#yAZ{)>R8B@Y3F|p(_5< z!%*(KkB0_!o&Pw!PI>+B*lxemtpDer;<*HlW8R)S1~~6vh~DKR!I%*N4I}U{b9MPi z4~s;?!VtWG^wC4*DMI4Ia<3=8ItI%8u}VO)kQ#A-0of4D1Pdif3QIaRYe8sfh$NYX zX$19KrkJoG&sS>9tU8}BKfS-bz8t;JbC6!KKP0gF7ZMQ~QxXO@WL!?o(yzf24s+wJ zd|AkOHQYiM4-a{TQA@kWZ-MrY-?HUz(Lxq_d<0JGtA^)F*jgbf$Q`a_1Dt~Ni@d}Q z{Z%rkh__m68Y?WIy_JbexI%q$>H92=#OL~wUV4N#w2i9%Kk=}C?0w)4|KII8{mTAt z(39ssjsHJA75%^JdjP>xme4;HZnW-x;rh5cTNIXXn}uYbRUt`30>0M-e@%Z)SQ;xw zY@!Jje=u)#WUkOAXKCV-jN{^sbYZYN@d^oRdMd~AhpJJqwj!DPZmvEvSBJH$;|D6$ zI9hAe0DXqzeUxqNn)Na=NDn=bnO;cnpc7$Rr_)y)m8^;}hH09{;p60=TJc`P1=zEt zby@!{r2*Iapxg{lQtuByCTcWlvD?z>wOO*Xy?c1DZuIqz^?8~4_;^qoJ$Dk-4X|y4 z>QEa`-+`yBjj9s5<|10CB`k z;I8vO*Bw;P|9bsq{-1?v=j=!gf=@65_n7+2Y&~*@=s)Uk=pj2IYOSsVTl#Qm?{lx^ zDbz|s;p|HtebsOXJb8RA959hYfidWnhLjnT0^d&kW(u$y3_)m+ar;W z*5pQ)YbICj&?*Jia1=G{xEX6H{Iopc+s^y=m}|}5vXsxy4_oT;r)*!&X{pSDX}~YL za1*=CD|71&^Co_sTb9tbQy@_L?Cys6gw~CZ_55OI zO{kcr9wc5TWK6%8MJt)hlh-36-KzipHYH&!BOXP3v?IV>_^;cstN!2VH0OV3p@#<( zfdi(|Hh*lw-bymkaqhhIMep+Ht@eU97mE`bi7{&ZmA6|5DF8=A@{iWa9ufuB|6jU2 ze>5t^f9hk|qsIU~J^s(_y4@!J?;KRu|Hpm}vdjNF>-fLh-2a@1w!TYnEVukFVU)vu z9l4aG5rPrJk%u`65R2r^4kB|ICYHT6&||9j+(2r5>1sEWQQiEv00YkS#^5Mr?3(}m zZm&B3`%d%z>n!vdT>}CmNyKG9q3(2aKP3_JQX0w&1q2(PJJ@n^%XqB=5qTQR$WIvv zDnm*olGBks!2K2_1a=az(NST6g>)PRpdca>9g+CASZ!&*Yuv*o2mR&m7WzF37b*fV z)+Qm?h{(5R#4@aRx8H7I-!DU9M{G6&1z$(ED4+>9X*i7Oyzax8;jq^@ay3__!TqxKLb6+oBx8uSDa9ma&-0XJ(L?KOkQgk z77Yk)Yj#L7tT~rKzbAfGdmO5p|Hpm}@?`u6>%ZH)|2+%U_5ZP7gY5GEovyp)|C{%} z=ONwYn_g;U;BECtLt-~WkUIfTZi9@@HB&)DUXrw*93I}l#FNu@|9_ll@E!Bt=?tp- zzizKN|2q#I82_C)hNne+x3pC2uxRgsbUDhqE($q!T$0wqz-7cu7K;6(D=Absn3n;J z8)LDvd>xG4%1f;@-zwP$C<*|%7*uYqbD79AGxw^jFJ&E85v^`>MY8<$ij?B$wFR4F z=_PH5r`bI!lA*pAd1qVk|EvCEx$jt@Zy$+vk5Fbo?1U zU?=|TRnPyruHC%h%Q#2;Dica_tMBi%FCX3oU_PP(0_fY`c3=Ao@S(RQ0CrYSM@E= zMmsZ3-dam(!{icamQk_3^``OqC#1db-!r4Zci}&KP>uhF?SHfXKMNfevzmca zJ&eq3#2oXD>GJp~e@`lR2pe9M)||DMUXY^oC#0zH9}P9s(9c8v1L4W|-T-0%0QH`G A=l}o! diff --git a/released/assets/fleet/fleet-0.3.1-rc200.tgz b/released/assets/fleet/fleet-0.3.1-rc200.tgz deleted file mode 100644 index 5983e4d4b048b6c3bbbb73ff9f619e94a54654f6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2800 zcmV)kiwFRgFWp}N1MOVhZ`(K$-)H?5b1n|KD=PWhE)3j5&TSXLw%s7<^&Sga zqHS(uQ4lGo-dyf)zac5hk}QA3u^sfPd2lLnW;o=KqaUeZ$3CU9{>w?J(P;F$UC@7f zJ^i=Q>X^R?L9^ZO^;@ler`Lc+v)yYoe}V34%`y}VNg_1G<3YeE@yJY+@*&%JyhTsa zkM!>kLSya!;gm$uS&*53iZ*aOdY#Tj|2G@0R>A+>ZU_C}IE67q`pNxIf`CgR84tw3 z0&s~WKA$-FSNhapyw1e{d=|vtOKV9ixy=F`9N!;+o=mnIdHX4D%% zL;`n8qf$2dJ){wv(Euw3P?J$iYo&}+=6N*O$`X(n6(Moy(n7HilFmwb!-&tBM}<9^ zM+0zuoE|h1j+V=?&6~szr=(e`BceVfg4(Lxq)Cf}>?WsRDznb2rhFFhkGIwzUfW*7D!@URYZTw?&b0o2 zPbqdff(4J^o&*vk2i!oQ{^c0PA-0_#NDd;TE*me@fUyXCGNQh4EbJMN=+Fq>WJEq{ z2E@9=7u2#woJ&;|sww#jzTl{*8v|5{xcZ*qz~FGJO^q92KXAlI;Asc>96@(#-jdT; zh@SC)1*mpyr=i7kdzX5gbWc4`q4;Fi1QK^Snf5&z`h21I)|z$DXytA-QbH@`0acu1 zTqg@iJ80T|gR|p80PYgTY_fEx>W*quS9v%EP=JzIy3x^ES)di8d!>^sUp+GbCnAoE zOddvhEe~KulqeR2L{5d7Lld8m(B)=(gxezZFBI4Nu6J}yVqYe%S}1{+j)Ffg74e^$ zern%+JT$QD{HNJz<=_7Z2zu@6{eKS1o=cE06!m%2!l3O9;9WWstQnO!Fp>B*gVh?!ly32>dk`J$3RIO)&-y%DG^5qkW9fuFw>$UKc{1}7J#K8ic}S0 z0rqcMV&jW=zEWc+-T8d^>HY2XQBd9^P4 zzoj+gTA!4g0ZKgj1CfcIjYjM?_x9Q>ncLPqJUBPz^N#a*S^D^R&=@^;5tU7_ZIkLy z8&B`RQ+e*0Gk1?3+v%ozqnk_!+AA)dX`N+_KHZATv~sWqGdlKJg)jXw{Q;?n|MKs- z;~>Eu_^;7w7w})J*=@Bd{C5t@G5%||)*WtP{YyPDN=O>`z`cDDG5jTOm z&i{J7e)0UT)2r71S*Uc)4)rAXge!25rN68;GiLz*(T771$q`X)^(nAs4wv>m_gbDp ztu$oLzVy*o35O(;$H&^6_10GhShf5iS4Ozxq-&)q^VQF2NEKviN+pJuMqt$I(7=T? zx#8uS$%Sucg$7GFvKn@L5vytZv^?V5&inY7YE8qkl26YMYx<*4-oBL6(Ulp~kYBlQ z6T7O*bDItGCVo?!moQ(YP@-JKROdxfV7aNCV1+SLxz)hj)6takyBq3KRyIG@>$A?9 zFgcA!Sa==LG5ekuEmST~UXO@$i}C;4l=`8{c$DGMjsSPzzjmupjQ`Dcb^do2dU&t_ z127A=#bX=yR*I30)8J)3@Gg(uNA0t`eneWich%|95&S^Z&7LgY1g`&2{|WuD<`Ahqm5JXgY86cM^sv z>^B)pQ5*oy7y%<9s0TbyUv_}bReD%*)4{SD$^`*OAQ9@i%rjxq* zSw4z+P+ut;VgKR~#!P(-B$8;wy<5j|E)4dynmg5m%oz zEQfiN)D1fpS2^6-+!iZIA!Q$p+uC{+q3S zasSuuROf%^p#$^3lfdw_tnZqUsvVZ?osrIGd6#7&r-4h+dK$ROxJgp6pY%xzG6(Z2 zfpKFlc2aMWv1@6oh2dKjy9h-QAZL@x?R732Y&!|B+WK78VI48*Hg_bcU++jRkKS0Y zIhS71hJ1QOn{w*Yx{Z1DFTH$zc-kKSlcn`cD7X{S%On^3UwX9u|7iRA&!mn& zBL?imf1Tp_A8!Av`+sMlqh?1Z(ILr%Rxu%$3!UJUk%ET?O60PlP4$KPo?x!8rRmX0 zjn0`a*ST3;$h{5fd_+VSt49n%nWuYYebvH^Fk|MmR8R=?4x*8e%E%K!VhY481CazFSG46tkcch=T_w^{xFzvrP- z+&4AT$WCU=G4GfzkDt=}q-uw-;YMl6S$pmVDXd>1g(`kjR8d7g5B(2vQEfT^VgLZ8 Cm6zZE diff --git a/released/assets/fleet/fleet-0.3.100.tgz b/released/assets/fleet/fleet-0.3.100.tgz deleted file mode 100644 index 694227163b429fede011d6e15cf98b39b644bc1f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2798 zcmVnvoLTEIk#N|+jfJd*Ly4| ziMF|sMM0#TdULtIeTSqhOS1eC$9B-G=D~@`nc?tj_#-(S`;^M&i<45T)f)7Ap#S#! z`fsb9_3{&^xVJhGHQ}gr;~r2pA?{O#U7UAQEm|;?o*)71vbCPz;+*SIu5wCC#b3MF=WI6V2kH zX>1qsNiA#8JXd_HReSD{SkZHk@&9H7oeBm#e*N#+tzNbMpMy;Qqc;qFBI#*{zybZ= zw+B`KpMy;Q&xs#XaVh|~1OK({L0|QMchJHifd9AbeoOU#h5t@ZY=#g+A-{-*TrkO_ zMGDLea=<)ECWu-LP65y&*Rk(kbDz1$el`BY<#j{_qP1ELGXr_GQ*A@@Jy!Wkc+aCH zEJNiJCS;`HE66E@Fm_N1{{8s_@Uc$$Ep})WP;_l@d3^|$+koE%Xn?h<&ggPkn@jNG#D1&@ z3nnne`c3&Ank#7ly30`Ml*hiOyEc-jcuEmHIFv}!_oFFwZ&`2^V57`6dbfKst^Yq$ zij|IF!DF~1fdt6`Hx8(O*@kh5W#=1`g9xe1#tYS8ECQc6)E8C_YsMowGJ>BoA|EsZ z;#}ejTB|vnOO+L>;rJ51V5_Ga0#u2Z`i^14U~{X@j2mG+u*FE==??Na0`AnjC8x0v zd&UD6pxU(^h8EN1UFvqyHT67&;FH}FNZj3I%J*pK^M&GDE7n4zRd=hF5?Uz_sNx*s zJXt_mK~wf?932+|aECBvlVx|R>Zn3>mWM+C1t^)N8yu~b1zIt7ue6e>t49XlK*V;D z$%muo@epQ2iDE)X~1^1{t?MbZpiFurx%G$|5Yl z`Ylr$xFFA0Y8pv(K3#r%cXNF?dY9&aS+UAZhp7MzOsd1xq`$m}K?qpF|!fo!;eO84i_9^<_2KsCEYsBMFJK_dR znEZn~t0QxbHU*C(mnIw+uapbJ-HDS)SkqHDmOoUDhP4IB)OQR0nYcP)T%9;jslm}k zqXFnM67HjHW7n*gkwALvfyDGof`gri+d7lJ;wWSljHxvmjoRVkmBRUGWFr%pf-ByBq|$V+XmI4 zHlDr%Pt|iz9JzbcxRGwYH+GY8L3{b7GtINC(WjennNkk!!HkZ5X5n)$ravGR@n3$O zI}Q@uf&W_VP67Y5?OwZA;lFcGE-qo|RSL6n568deyAIctne)%xI6nau=YI+yj<^Zj zb^h1y4~pl1-F`Ly&qAehcBBWvN1TCsO#NlH8977vuRa{QPmYM{tLwnJIb7QN+-rFX zwbGC|`_e~WB^;7W9v)jeyhd(!hl^ zxzXjC$%Q+#LV+b5Sq(dG#_AeBEsyxN^FBPJT2r^I>P$Jm{Y+iT%ErffezvnF zOip756R#sWX5aIoh0Nv2>k*M|(f@y&Qa@A?k1{;k5#TQT*J-zk{@?Ca=YMCR`}+o< z17^WCf84;mm11P$)OneU-sRC-=>=~p7DgVGjzA2J zNq`#>_4bTfHS6uow;SB|t5DbxpUqIg*U=4lED|-fOKR$0V}8wY{*0RXcbPDqG}X`Y zQ_O?rN|A&0i$fSQbshT35_ci~I^-6Ab&`h7KcVt^#h71Aa=!n$TkHRiw$J}e==c+S zz)t+vEuR13_P=`ncNRKobadh!l1OOf6LPW82~KeoJTy=u7Zq)?FVua4dA^p0M<+Qt zX1ZMGW_2O=HmLIv5nZf4(FtX~?v#;-l$Sj5IA@Wop#Snx&71a%Jb_g3@l$M;e=U$M)`V&&9{6|Fs}4mq45hvR?{+5F+8VB2=D+eP}X z>*~LDt7HBqfSh*E?X_CHj%y>^X}c}w2h=^SSO#JtF$Yn67KW5yAJ0T79-xiKTlggX zNdJB#FxL7XOfi?%0?&d|v;pJcb~+pN@7S$YLI2%u2lQ{BLYN|a=laKC$Rw7Og`!_W z$ior`Y+}J*84!!ICKG)W&@lc|T8m@J8Z?B#34%V-ld0ix|4%b4y=f_hN4TV8O8h?J zIP|83m!gp`5#e-3La6AYy5upbmm*H7?~`yVN{DAfMA#!s3B^K4GAqT6IGaQWw8cbm%P(@q}>HK)+D=J`xB^bnW4Q)TpPhrcy?t-)wqn1q&+~Qmq;xh!jl_ zjftj_U(6@9tWfhc5p28m*fX+%bAqw|X7-%Q4S4we-*xP6wf~<3jQ+tIMgf-OG*jRJ z{ku-D(*HTY=zorbn21w3fIIxZR?Bvk{=4Ay^&Hm${kyi^sryp35Bf>)hCJtQ${~PGekm<`NT(hr7eXTTs>I4*JBir zu|#07)^8FuEl{fNnx|8-f7Vsyl(8!;wTRivim6Z8>AJq-+iCHU316b1%{TLm>9hkn3_;n3F#3K%%u zsd!6FBOz$UM>GVsYmtT~)9qd9ane2YedWa`Q4^979yQPGptCVAi{Dg%p95oYy>Jd;Sq#I>VH74F6&x*epr#@#{}cXw%rQQeru&%UvXpObBGQAZZKzXwd~lX1^Av9P`)c~>9J>c1>2x#|M>`e$BqMc*#CCh z=@#O@UdO58zq3Hr{%hTX^E+jn{-*s!>*kp-$KA=MuynIoK=#=ccpMP0y$!I}^cT+J zNE_k?no#*G8?BDawU;Sa%srA|Ts&1K45E@zreKXv;aL7qHrkynP^Pw9=+DH|VPopV zflQ76Y&aUne1@Zam~B+edK-x=4;n~B&lHS6i4e}2@)bs*svu0Q(P-2TpC>;X#(PZ{ zKu@;TW&gLd23YHpaevp-b}wi zDEfc-eeO7(;12)KZnX>kU(4yX?8^T;2jub+mR6;(I`=UAYqslfUYRxj*n{&OKym%2 z4#W|Iz+LBmuG=e~|8?AI{htL&*X%$~g14{&_gMPNYBO{C=s)^!=q@=Ts;{mB>*jE2 z?{lx^Db$KX=Il!!eU)HHJh{KGU#_>lI>4&u54keLB_~}gPMKRj!y#pmsVSuxTp5Cq z+aaNc*60RTYa$o!&I%2dU}QP$xDl&s|7m%|w;lKXKINL4WksK!AJ+AyPhP$h)6$h0 z(Ewkma1*+!%VV2>c@w^=%~P0LDWE7PG1YmJ)Un*uPPp+6hv6~OXBeZOO ztk-9iHKB4EkDzeK$(Vl0lNKtMC$C5Jbc^=?^OOXU%6OE~(T)Ij`G4(}U9|sByE^|n z3*6l`5Ex(@ZnMV?h^-VN9jC_2T<|WB-bycaQ?iKDP>xak_o7)phyfTPl77@z@{rIk z{{OMZ^IL;l{--&XJ$eq{!}I^#w%e}q|IPtr`akw-kX`oQS@-|j)&0+TVC%aC$NDk< zCSj1e{U&3H$033lBhUy7;v*KSn;k^vDm^TDX<+75_Njs5`qPwnY{f#MV9l*IzQe(@68 zjW|=+8a0dh1UC&j6xFP`P|3b0epP!MC|m!>ehuJX0pfRKVqr#J>?( z)-Q|XVFVQGPxDBl-)ugQp+fnaKmGZ6goU_e-2bWnJmvxXs=ewb#mWPFkAX#mxz6nm zpds}D!)G&0VFP3w(MYA|b0P#0nWX%XNd!%p*Bq+lTF8b*0;kopZ1u1C?9#DU|LwIb z$JHNB>(cpAeLXXu?j>wM-let7>Njr$9!dY(?f-GI!FQ~G2>;rJ_22GP=YQvc1M|NV z!|<@I@4BI?AC~Q%q0VP{mt`TRhD*VE8o0{1Nm8*NbR~r{2lFa{abqraQg4#6>uIZn z;ae4J(*&cQDQc`^HBh6Gm{%=*uIjLk7F!RX!lJ-H;C4ayvKA1m8wyZuj= z)>pcMyZpbFTfF~i_3U_D@{C1MF{*OIg|8KB;{by3gzrqIW^8Z?$;`twh|JD1yv%pcaqZ8|p zWI`*OkjsTOW}-e)?xArda#_))`a<0&nCEM0dUR5wbEeCAZe|xTe*-%e{#~p-!3br( zZk3RSw3j^bIA@cqr2q0(&0F@1J;jJ4KaagbuHsvsjdCWKqP|wrgvBM}q@o~w{b^^cO#os509K*@0{{R3 diff --git a/released/assets/fleet/fleet-0.3.2-rc200.tgz b/released/assets/fleet/fleet-0.3.2-rc200.tgz deleted file mode 100644 index 3ebfef9250ae4aa7b3eafbda7e6e62a3538d77cc..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2983 zcmV;Y3t03YiwFRgFWp}N1MM4YkK4HMKI>Po4vKAqm2AteoRJ>7=Oovlc^KI=ZBY~f zEzve_Wl)2kT(FE{DMa2yaK>pz?n8jVJ;(?R-g zx2yj)+_w3f0BW{+-Ja|A+T8|fG+SM_`2*^lRxAUtkeGugJ_|!iu#ab=6c5nG<1KuW zex!fD5g2Rz52lz)XMtzIDcXSX=(gJ%_1|o`ZbAQ@P8;;!IE64p_|El@!;ncVDGNp4 zLde4s2W;ZNUl|aGvN{ue6womKQd)~+$!r?J-~>S*>B(e!-2c-IOK)0A;SnzBm=eE_ zI1arj;iYKgOGG%Gkq|2Ss3v(#YNd!%>iZmIG-=_8egZ}?&V4j@;WJ7<8&1n{ZSJ`i zwCiyiNnQL((V@3E#1q1ijeeo>eIyW;=-R^pv8bo8rcy?tU$1*=1q&w`Qmq;xh!k}Y zjfuLEU(6>~R;c-!2#tpI*fX+%bAqw|X7-%Q4S4we-)S~F)&74DF!~2;7zJ38(@cQ_ z^xtjvD*c}WjQ;01h>19r1GvNgbKOQ)>)&;|Ew|+={r7t9%KtkD&>6TF%JbtSVuDJ> z7pY@ryauR~cmiI_%1=Q^lMUk_7_xwRK=OM0j>#b>0z5X$g33_7-pSh5c!xCb1ifN> z>7GFY6DlOvZY+{hf}(f?ROoLX-XJ#CC4Y@agogx79J(65MuKo~e$Wi)(TKpOL?9Ib zzAwLEu!UshSrJpsBa0!KoXTV!d;iJIm-drI+ zPUMG<&~Spr(7!3W1#u+_kyaZpow7LawR*V(#!~`b#E4*N^goyq?}mo2Ll~5~_TrnJ zndblZDS=LNv|us1#i2x!AqXIV|8flD2-?mMBts%19vv^#fKiSDJR*T`Ea(~IWMBwC zWJum<1n_lnAc$p+7?Y|hQd9B?`Us<*1_r8Uow3NJEq9_OA3e>7M$&^5T=I2}y`@GVS{$3fMy7tu^a_&`RBEq=aV5 zLZUFouuc{z?VxG<5@yGRKoBL2>13%+)g9HSuJU0D00F_XG|hq=rM%(YB7wJr}W<yvV`gA$K^1F#?veCRGRzBnY%}i?KJ4#s3v2A_OeT7T4!0IPq*SStsJbu43B+Q;bU*6-yjtI zzx+OT98YkE|JQI^1^>@g7l4)jcMizqB`mEz=JAmT)PaTLO z27$ZI|GM2?@%*pdsn-8lpmfa+^dxu-D{zmczpOShr;q-l4~OoOBcj^sDzIh_m-asQ zTAo6!IAqSg^wC!dhQyQm``YDt>#GB-TKOpiKYAehsqA{x{eC|5kPXa~|0GE}`lCn17Qn zNZo#uvBcvL!Hf}Tgaz>t3)RgIB6F1&jC-+5Iiu#L!lB0jndKWl!Ry$(?DG)AP9VJAmkK|^~59~ia1gk zpDF=VrIIR7&Sd%k_9fy3A_)j|bUI+B9EUzI2+71`BK{%LAq`lKTL^N{@BZkZ_hGQm znTL@P2|*yD-kuT1a$a12zJ|D8rN9o@Yz7QI4X%+-xv*4}RM)>oe9IaA#_RfbSumZ{ z)z9)%%)|PM(Fpn%M`%pdb?8$^+(z&_!Z+|MXX^h9_*hT>3lyI)rz{re^^2F#Zp4|o z*03Dv6I?gwP-HoCp^|-1{HpdiP`3V${Tk%K{vYiB-Rk}CS)fe+$9@g6%l>zp%{BYq zs{FsRfKmCTR~m`)wtAqUd^byy8wsx51{zaq$C3sjN7;CATDW>Epq^p;OZ*#wW&N^9 z9!5a1{xpv?`t|zr7%G&%`O}}DM_7nk#{HlA&to3IuiC4AQmj0%_ZV12nCsmB02)#c zFnl({6gEJ{5sg%OJ|{vDkx9xAnMBZpdCj3(wn8>E5;WbO(@_8F&n}yd)qi`g)9mVx zrhD1^QGGo#pWRE?fV@j*nbmLJ2t1Phx7+{YWP|Tm{}BGQ3hTesuFn6?0|(}RCx+o+ zS>H87RXZ%(J42n%@-E9lP7RlW^)zsmag(HCKj=ydWe(<50^`P9?4;f#W7pDF3&Xc6 z)}{$YJyT?_W7){I6Z5L2&s81P5yNhCN0R#Wj^y&_jRc!>=@o3qr&q8kr#`LQm{(so zl{TBi{e7umfBE=v_<8u@{XhO$CYibv+n>+%F&MpjzbBVuvq71o?qg*;ZMXl)()vnQ zaF_q*c8m8vE^G;v{XYk6%h}m&_w_M=S+&batvoXOStFU#3ZaiypPWhNv7nDW4u(k? z4F814VS=bp^V>h^Ea?l;orsT6O2&i>sASQ zNPEc>k8?J;O8PHv)x2fD*i(!+^7Gg`7=Oovlc^KI=ZBY~f zEzve_Wl)2kT(FE9Cku$>~haAq3!;Aw$WaEdELbKWIbvj7@ z?soO>rrS2Z6F^R@*X_A(uib5;rqk-W&JU<_TCohoLShc0_$&-5!9JdeQanH#kGJqi z`jP(rMqsSQ|y%T;3Obe5KFb2G+DzD{RE6)ocn0*!e^9zHtm+}THI^Z zpk0sCNb2HOiVnTSA)XM9Ec6SN?<0Y*MAse;NR4_5Ybs?V`i+LCRA=Ro8f=JN- z(U@o$`Ne!v%L+AL6QS9xJ@$;O;GAIWznML!aswW||96~br`rF|0Y?8|4Wj@{a+)b{ zfd0EquhRcH!03ODgP4d@IeH*2?@jE7moCxsPYBi_~UPfF6wqd`bjT z5#ams3kF+AR-P3x1-8d#eVE2A<;q=aa$paBXMMLcWQIuSF`xKIue7C5gR2LN_j-&1 zGL{Gowp<`85e1h}h&oIbv}Rw#l_Lcka;5JtBo2+&Q)ZbJ~jUUg@1wd~Cm z^5aB)=m-rbXbkWk`QUN0n;gq17E9`OJF=D;6;oGmPY@BDe-P-_&S6^nQJfJ z>C80$zfTEtnxh4a(Jc-ok_-7& zI~8wy31d20s#A4GHL9z8m;yjR@GK2fQ>-qCOm?$Nc{!mI_`Qw#yAdSqN;@=cx)^9 z{X)_IGt*DS-N*9=cAft?Z8yLFgG113R{Q@sAbT!>qewL7P7RE<-$yUfnNXV%2?HZ> zKQVFXNe>GpXF&j~U)koqwh#gFV5>I^ULOM`c32l6)kq0BxB$r%Ob9bADhP5sHgiE} zDTo49g=q-=Tb5X`5zkj_tfV{duHL@99$pPzrZvdy)UP<~`k6w6#*_s92Qto=Cgnr0 zfc;c>JKYXaT;pz`i@UqD!>De|;%DF3#m~vMx2Pi<-QNSI{mHoJn%G`>Q&8Jqs|HsJ z$}iFuH|Q%TP}a|?uW>A(0QY)AuG|#rkt@$*aVX!FxAfREyn<~|wEujBy<^9LJM4d} z<#Y=1U$5;}@!we>YyY+G!TFssPJh$>qJ8sBnB(qbQ&_s$EFk;r3Oo)7*j@|lHT{LN zIMRmLLK7-~Wuw)Rx%M&zi@8S!IB+Dw@X>+bIC59WHuezz>WzdvYQEU^ufS7j?ki{R9zC|wpnId5j0xJyE}dzeWraT7ip#Weum&?c_F09Gy_tT4 zQ1t)u``mFn!5#iz(`^;}KiBEFy~_VP2jub+mR6;(I`=UAYqslfUYRxj*n{&OKym%2 z4#W|Iz+LBm-EOaV{@3nS>;EiJx@HG@61;^KxX038R-2jANB_}>LwCs$QGIn4ST~1D zd!KtPPoY*EGG|}<=&J-n;>rDe{c^qa)d5yLf5?>~E;;F1amw8K84f9fOid}p;K~q; zx@{7AXpL@gwI*`m?yS&Y2}YK~jvKMM_MetVeA{vF?^CX+SyuGv`C(mO`sC$HF>PI$ z5e@K_3OAvvx;(ZCm^a~@+B}81l>&-#5>uTgNgc~g?Sv~IGo@P%%qKFNcvG<$wNZF z`1fOv=eGvA{7-W%d-NQ@hv)xwTisTb|91{3)BmwwgY2^Z&bt5Ks_uWz16$uEIQEbE zHwlB(?Kc@qJPr}e7=cDu5FfEn-RvMTSLtENO9L~fvQG^Z*T?R51qqa`e;a(jnF$Pz z(#Ed!-)Xgr>%Zf6tMz{lc!GxDfe{`Gl}Komj&7$UM5CAn>OuiQ;Bx~Zr?6{JOah{a zBbD)~5Kk2ZQA z1`C~e7#Wce1S0C~8L?~ji|fzV5cjJT*a4f(fWfE1HS#GJH5DZ_^iLyx%^v;68~W$6 zU^;22AIncM4;w2+Bj{fop)pn0p-*jb8^O;JzJZ@|rv7HYr}p%}K=BE4%3^_Dzjz7l zMx3c@jhan;f*S@MifZ;;sAS(0zp6bBl&$|`zXo}*{|Ebjw|f737AVvIv0sDivj1Jj zS+oD0%KtkH7?p2&rI9#qs|Om&cdJQqBf*v1Kx1mHSkge`D4P#X3s-Li)H95KiGL%o ztX~$%!w4wWpXQN9ztMOeLxu7;fBN(D2n%t`xc^iCdCUX&srIU$6e|zxJq8vL<~p}O zfQHlq44=&~g$q@-2{z}_E7*`vuV7P7eOk9M zufA|9Z8nMf`%=OF^6}&F^YFv_fBdsdGIc4oKcDMkFnafXPcF%3gEB|m$I5ovZvT^| z^_8yRF8|N%7Vm%Dp5s>b{~WL_XJ@zF*T(>6)h;Ks^2n@b&16n1gg#n*aweI_fopJv6RFE-TtpU#R;8^L#B$k4|cI&U87?&FmuPZ(ygwzl+r;7@^G9 ztrGH(_L3(a=WKG7^k3epdCPvWrx?e?np|15A=&URwxA6xhez8bc#|Knr>?ppur`G0Ot{r_*( z`aeBX`G4Ox>>d9l?}HEV0d}qb_S*XIIPEI`<1BEB_oikVS;>q!<{Q)H@l*PqR7D6I iUX+%cwdY=tqV*@FsIngwR8Yb91OEd!thY4)VgLYNPtY*{ diff --git a/released/assets/fleet/fleet-0.3.2-rc400.tgz b/released/assets/fleet/fleet-0.3.2-rc400.tgz deleted file mode 100644 index dc5dcb3828657ca985bab46908d95d33152bf143..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2966 zcmV;H3u*KpiwFRgFWp}N1MM6AZ`-=@{j9%&b1`HqV%d_vI-@I=x$Rr9ei%vDZ5W1v zmS~$VvM7+0Q@Iax)w=9-W`uT-tkBt#{nU-@zbM1v)Sx*I!OQS zcJ=S3+cv)wKu)XI?YVBR-EE?#)9Sj;PpI>_Vi|~q#2iHNSr}4+eLNGTcz`w@Z{d^l zBmMoIz*y^lFvVQj3p@)RqYW63Zo9ov|4!3&3;OSL+MxgDV+d1(A6)-944K4|vQYFb zggh*9z$P~QmI1LTYcSDA0S)7?rL{PgtWHB1oFM2UJ(=nr_y0J<(wml2c!Wzjro`_f zjze!scqtnB8WB!sB!r4Ss!1M`S}Ed``aTJ_qJ(%xM1(!Elu#^$B(qZ7h_gBMiKtKJ zypOy9rU&7|)^r)Pxr2jfik(s(oCE|5QdjLJO9uerromLI``TZ zwCiyiNnQL_(V_P^#1q0%9sNw@$4DS7(Y1#IVo^_FO{I)PztQlN1q(YFQmq;xh!hPF zjfsYlU(6>~R;c-!2+gMT)HAYzQ-bmTX7)T*81V4*zvDDJ)%t%5F!~2?7zJ38$C&~L z=)ddqD*c}VjQ;01h>3Wt0B}eA=eo_V)_=R#>9#vP(0>>HSMlE|fX*PiP>~-e5ffB0 zzDNTz6E#4c#1n{GR&feKnrs*c!H@;i1Cq<}2PTJ{2#DA$3o1i-xs!EW;~mn#GxV16 zWq1Y+OsJ4thp|Xb35wzoP@%tFy+drQOa2;<2oDLkICL?*M1pV#e$Wi)(TKpOL?9Ib zzHh!_@P%X*SrJoUdu-N+Y1~qw+_feL_7Hd0c1uHMh=d;ViI23UErl9fJXpNTF$&07 zB5>Gpfv7|jLP8&Nzox#PjHy6l{ z6ZxSdG@PI@^l!>;L0m~fq}2vYrz{S9tzIsH@svOmF(OzR{ST(ZyP@G_2!k@$QM}Wc zY5sqo66iEX3l^hW97-e^f(-=lUyflMLEHI(WJpBBqvM4dFv?MYM_pwF{!E|H6@>+PcZ7~#sFACTzyMnU|_h_rpDvY4;V2V`dUE&gP=PV zZ;5Fn1kLz}hQM}hr=iJodl!0~bWeR>Me)h52}#)HWZL&h6tIQDTWi(^p_RJTND0l9 zg+yVF!A=$^?VxG<9A?LvK(I>~)5%husynJtUFE|R00M$%=|)F$rJ-gF>Xmk4zItXL zn20bgGWi&3TkfM7R-{l6VL26M4ow0!0+pNX5p0XpUqG(+U9ZU)$AL^#wNM04?FD~a zD8_$g`l)^Q@uGoU=RZ!{&9DCu5cFEr`hN<@o=e~;5{FB zr?CI)wcTp}cM{0@f3156ey5DnUv<1_-@Fj!xI0-CmSHvv$UdtAj{^d}w+{ZA{>)h% zX-8Z~6DogUqt%hQjxq&{xknO=v**f%!LDSKDOlrEIF>(@jSgoEl&S9)`ZIBL*tj}z zAX5`R8;&M0pW$d9W*b$r-bND2g9Z}OGX*11B5dbO`3j>@RS?Fi*X!2d^W@Kl@m|vf z(37Qg+5auA0oMAY+#I09qhBC0(X-KzUFTM>&6K%q-QAsiWv+MZ56jZ~`-8^lTaBn} zf^C~rhsyZ)3VbZhedEmCqsR4h)4fqm#s%%=mri77S)m`#;xerqticSAeXQ`Q7t`+$ zit%55ojXn>xFh~+x~)R|=Q^F1Tg88;fLva}(yJ7#a}USA=DQB(m9hD!9-JQliuRud z5J%hu?mGYLc6-J1zjm*(|C2ze%?|V=cn=o1hv_e?&CKbe|LDV^yX1(dwz>+enZu>M z&%KtXP%93ZvoC%0Re~Y$>PzTW!k0IQZib-zlI>|Hpm}vdjNFJ*VjZTW4U4mmf z&HST;K^pg)lqDXA2&RlcBP@uISg5Xc5Sgp|u;i(MnN-=g2Ab_tcf0}(W%h4F3^+3z zgQK*u%l3p%Mv=($VddglH7gKwT&x*!bMQmQ&c)Gn0TQ z;z(tDssvD#N~$6`lj#H4=ZF*7Nx()&rvqlnap(hskW5S_;_o88r2(gL3!5DDo8Q~$ zV;C%S=3!(+La-50Z_kKr*{`p^T*JO!rN9o@Yz7QI53Z3%HRafHTHU57rm#cc#XNB9PQ%9;9`0Uzu6e}UpN=9I+(UA}$; z?M9rbYYoe$KEVxx4n>wd7b@BJkzdsw2g>aK*snnz9RI=k->u&No&?JDf9%&FyZnFG zS7s<;ADAu3ml}5kOco{>5iZ@^V>1Bk4xMkdb)qffD0Dh{)>Xl;Ufy2kZBEnoJ z_Xp6BdV%4y8K$rTGLC4Z^7Afy|Ly+&IN9Jk?BD73S_S)WwX5^L)4+lG z--%;*Sk`yVP}L60_Rdh}v%Jf)kW3{g8k*wr{S03)yIGQvrIB|DYieK>titb@NrKr$y$RlN8QKDcG~X$ z6Vv*}P;giL=XQ(tKW@+IRQ~@Iuq|h2x8K*t0LE&UlUfC2^%u=#PAh~yT77aRna6@Y z`ZO3OWib2`B8Lg0M$IoLIq(0}Z6R(q8h!BK8e}bLV_u3Yb6bsqcTn^3QgCZm%Glr*8gwJ2Hs`=-~bBt-*$V| z{_iAkSk7)@=ua(t1>X$Y?f*F0V7u&pJ^u^h|7K&J$@yMI>8(c1Bk$bKARMeHcmCZ5W1v zmS~$dvM7+0Q{OE6>^mf7S(4>PT*pCIodQlpo^yEkI{cA590!ER`cIEajYgx_=^*{L z+tq&?&9?cQ5OQ0+Zm-$wb(>w(a9iDG=O@&8T(bXH8aPH3$Ae=x;dItx4t9-|Csk8ZoYvH#shv#I;P)9bW4?H2TZr_+Z1Z#;%EMf$<} zABQ26SW*^>zJ-v7B@Wocfxj{!4rO&5OJ>s$sviV>q=$>`asQ7qEWK%|gh#lfV@mu! z;yCoCgqO0BuMy#NMncHwqnhL~sg*KLsqd3;D@%xHL`2vlOAEz9NHQzsWulJ)8pdBs zb0f~?)F;B8%y}Pq0Sphqg`>4**yb({qA7Mub#M|8EQqbFN({1aL_dQfXy-nfH{ml% zKO0WVY1-WDSWvFVX(V;>TP26y;}A~>M>hJI%8!viSfXnW2gIVD;+jesiGIEAsTnMs zq``H^2|=W&gK13Ejs0Riv9d|y4CuB3Nrl< zzA_51B#$!$4(R`GvsLx~DaiEy90xHGj|BjC;J;?G(JkP=E`Y)c|DA&94B&-Aew;*1 zP|5frg>42kK%T@CKrJhrf{+#)#z8P-0rf!Sa{PhGAtwUxoMk~~C@*)awl&`&1w2D< z8DGLPC}2W`=P z0(#$k#o!Cc3Rw}8;CO7-hhf}OQ0`ibgL*)vwcXZ`86u&_eBvWL)0RdJE*@;&Ji+VXfD>H#f=Ltl4LzyNfo z<}Epmh0rrTq9LeV+lOc|UEYOmCtXwDS13N&Qy~d^piKEbi2}Azd~3xzV6^IP)lxz$ zWg$_VW0)rklvdD`eGa4JOd!}LjOk?AovJ#jP@Uz&5C8#!XX!>qYo(!94Bac8Wcuon zfnXp)yU65Yq~~%U&9D-Mgb2&2Fk@&Eun}~**&e~RNc|7Q^{(tS8RIyRNmnhDz*Bp{ zAD4>w&kR4cD?c6@*meHnwhQM!00_F(`OirxdoF>aNYv-91y0-Vqu1$3ux3O;!${mu zTwHn%#6rng5WwtLzPYbGL_j=P>dl1LheU}V)(J=zQX&ozAQ^&*V5USxK~BeJEeI_Q zQKYgk4WWL^6dM-e`AUtQROiFR`#0Cai@}>T2bq=nEr(SJeViHY)mmKEmFy_klb7f2-wo z3j4oayIJl3PC{A#ulpXr@04-+tHz7Y%?n|UyOTv>3A0&1_E{Bp91!rmHu!7$GiPz6 z9kGojRQ|$7t0QxbG6jpdM-q;+=gNh_u4I%+SkqHDmOoUDhO-69)OQR0nYcP^T%9;j zslm@iqXFhK9POiQW7n*gkwAIqfyDGo!U#GMwsR(Z#ZkyA7-QMCZ5=*N{%jQQHC%u_ zSz4F%-%=WItq;o003{y%0?0&el#$LhIn9Jzbc*iJXy8@tK4puPOkiRM|>=*OFJnNkk!!HkZ5X5mvWrr#kI z@n3$OI}Q@uf&UuKRssJt-A=Pz;lEQ*E-qo|RSL6n568deyAIctne$KGI6nXt=YI+y zj<^Zjb^h1w_KN3!?QS*yPeP@0cAy8rdzgWHO#NlH899CQAALAeBZ(qvk=**01 zz^}S+6T8aGbDItGCVrEfmoT?dAW<%2vhyM-u-sHmxWbsJ+^S)2$!N;h%@y$oEgK)} z`Pt5zP&ti9kT~RIOuyzu3z^H4*CQg`qW}LgB|)Sj9%Xd2Bfwqwuhnc6{lD9;&i_tA zcXu`d2Ta3l{@8}Sm13mh)Onc;-sRC->BVj;7I7NNF{=Gm)N2PR07pd9kJ`!}68gpe zKXrS4Z?>j{$sm{9m`#?N#xAr=YU_KlW>oUH;$gxkdlqa$A-EKLu@lm*6_C zn}3urNO8XjS>kbsV8{qG!h-mSh3aYtk-3TwOP(5-L6v=Lpw&Kg#VgWOHvb*KfHSi( zI7%72=6|QvF3$f>vzq@Wp=W3a2#oMhs6ax~>F9P!LNtnLpe_^;YSy^W=3#xMXax0(BQ&P!I`p|CZX@^|;T!msGxdK4daURF1&Pm?Qx*$!`T7l% z8*!$tH7tkv1lJ8aBw5Z}s9@hmepP!MDx3euehu0 zxYnreAaqhGJTj3Gne%~yYV8DSxA8TViHU&cIuU$t1hQmQ;~_!v|~nCsyF z018qsFnl({6jngS5sg%QJ|{vDk%`I=nM6>8dCs9qwn8>E7P!rx(@_8FFV5Y@>c73F z<979j+dOywpuS$1&+a*_K;F5t4C^4{h%u;lsTAJ0gM}Cv6Flgj9p7h zEi~UMS$igE^-Pkz&SfLpPQ0tOK9_Y^MU1-56-n~fE0T+&Hx_J;rB}2eo?g+WnEEtt zV_bdVRNAZ&_xGiS{pHiA;g{jn$AA2@%rbQ;w!fb1V<`IYaZfGDT7xo2-N%Y{+V208 zsr8Lea2Nh-c8m8v&0eEd`TtYUwwRsWeqSF0m|43V)C!Q;H|m&;Ly5_&4}~UHH#!6z6}d+oZdMmDe}g);`#W2Gf)mPo z-6|swDKB~Aal{&|V)`GfwD`_uV<8ErsI8^cVc^R+$tVmi`h;b{ZkuX(Kplf`G1^fz+LlyJ^l}-f3uqZr=TkS@5iRS_kYRz z;6pILuKC|yoBtiRUB!Q#gdXF)sToFgGGdPT#&mi7l)fibyO0epN=we#b1z8I`V&%A V`HzY!s_4g|{{iOm+uHzQ002Q0)ZG98 diff --git a/released/assets/fleet/fleet-0.3.200-rc5.tgz b/released/assets/fleet/fleet-0.3.200-rc5.tgz deleted file mode 100644 index ed8e8d958d4bbcebd0078a7d38b6b8a7345be4d5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2977 zcmV;S3tsdeiwFRgFWp}N1MORVliIuy&)<9sl}zW_%wezrlQQWuy^`cpWc6iqOViKek%%qO+1QS+P$t(G?8u}5S@=Op9*&FDE540!nZ-?eSKTK~^MrvJfL zMgf-OG(+Hk{&$^r)&J)p)BkfE#6+A50Petlj?;1r_|I+GPKE!@L39T2LLom+A||M0 ze38O7gBl=D;t8OZ6;44&iw)x-7_xwRAo6DXp2;C60`Od|2AQFJvr~0L^Bq#aQ}mkg zB|L)yCR9kSVJwnUf}(f?Qs{3V-y$~FDSwSegogxN9J(65L4t4qKWGN>Xhh&sBCv{p z-dA5S_(HNmR>UM&9-H-H7`GLayVl~M9#Cn0w>4yjNa!)2_(;#RrBQ>c2b=e1i~=&2 z2pqOtASw|BNGL=+1Kn~89|cXH-d-yfK_?+_j1~x^TM`85CS(7n=1rmr3u z2nHgwi%dR7dM@|T3@cGch_IXrGlnJs8$p+w?GbE?)c-(S@5)}1F^&V7bk#x$Jhm77 zajA&^%WCd zi%ZXeSSUFQ0+{{EH}|!N2#5zuy_xX(kSOuPIsvIdO2h#IBttL}%#^4o$m!Uu1)-%O zic}V+A=Gb~(tw3{zEaajs`LKp-K*>2)!kMl_{J}ONtV4u9a-r99yqPf2A*qSYlWsDx4)JRPzus7 z(h@iHSI(d;&Z@6zEU=9nkHY)mmKEmFy_klb7f4gmW z3;Vxb$Eo&zXQ8bB*L@G*cgi^ZRpUkL=D9G(-N~Y`gxM@0`>YB)4hZ<(2Ka0GGiPz6 z9dQFqsQiVER!8Op_EJ($t4&n$fG#q>L* zBL2&-bH_n~JMdr2X&3OHV|N|5!hh$WTwKD^s}yGE9*%#_cO9-PGv^<>aee?Q&i@oZ z9B~u4>-^7kd&Tp=j$6(Dvry@r9q2*u4rbsUQ-7IlMou67M;{K|B}YW{)m32K94_sB z?zKFHT4~6fed(jG5)O$c_xJV7_0m@dSoQoNS4Ozxq-&)qbL(d`qzW=Qr4oZHBQSD1 zB=pdl+~8`>NY=Nf4=sM;RUM2yhqvYdfu?|F=8U`QKUS z?yiBr0n>1sKW@O@N-@%L>b%Sa@ABxa^kO#^i#QGC7}b9(n)QPefFmO5M}1`v3H{># zAGN@n9C2k}59pM}Jl{58!26}4G{tFVHF{dmR=*`Pl zP;SJTy4I*!)F-%U*deKA&4mi~J@KpB<51cBKlW>o2jf3j|J~~S?^&p<|Bw9|WS9SU z?X~#NZns_e|8tP(@=dQa6705mprN5#O_Cc4P;P^e$!)}v1|lcgdT?C0dMu#cVf;({ z8-Z*6x=3C|K(hWcuQdA2=8G6I6yE&lPcI@Y#4Y3gPyH7$58ziVRzE3K9yojqDk98v zaDM;=sTUYNn_&toAmfNeDn6eRA&AIC<%dinD8fAFP$kzwHZ&I4PS0wof6eEYc5C(D zo@3dr{;-`(`w!~tx%qT2VFmIotz}rhc_i>S{lDG+A14}o$Nab5Ub`^=+nwtC?>uy1 z{CDCQ9v1aoH&XS(qP;WH`6%zQDCE>}DOwK$R}nW!DE5P{q)_HyUIj32jKxm!O)z#n zEw#{mt7Pq&pw%-;jdiXDYBUn>s;$pu9aa&eZgWMF{Pl|D;^>V9n`7w}ZHT8=v?-=O z&D$7PUpSREYsCG1sbPQl^lA8I`0>L({#j<3x)j@A&-F1Bz5lSMmSn9#nWOGwMLTWx z|H;()Mku%o|2b~){>SO5_y3juKRs=W+1c&)^)Y~%waY=R09oUCD;d*@p^sLdoJr=f zppQNchDjPU|Afe4!l+sE%Sq1rKX!ZlztQ&jp9vlR1|P5s|JkkL{BOIhD*opzbkykR z#5*LB(8?#|Vxf(jsE-spG*BWJ6>YLF)OCV+zLthZCpkK1x?JaGbrJJ7s8hSYi`6GM zq0HB}l5mRpT1pcJzKoNMLeceSl|TN@X)pZujnUw{ z@L#J}jQ{R9y=wn|7CJ0uJ8|@nZG1)FOxx%GaiRft&HwfIKd0B~RP+BFRK@@O*tGZl zFL@t)2nN_S|2u2*ziW4@_>Z&DDc+l!Vbn-Q%rW1XE{~tm_oQkUvf)K($ys~u1u0s8 XLW(N?QBg$|{W$bLLSUh90Ac_DiJacN diff --git a/released/assets/fleet/fleet-0.3.200-rc6.tgz b/released/assets/fleet/fleet-0.3.200-rc6.tgz deleted file mode 100644 index 2fd0f736290c7aa9e4331a9b49eda2aed83b8cf6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2879 zcmV-F3&8XriwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH;fZ`-=@{aJs-eH?tyt*B+mcAQS=ie+x!Td}@2Ncy@B!%)!D zSz<$x0!cab%e=pR5Gl*DY{#kVI_T;v;6~)#@hI}X@Obu^A?nUBAyT_jlCnqN06fq0 z2K~PI-}AiY|GwAlKJt5KXT5IE>!0->d49KhcKQgsZy`(*a;1rU60I{8bUI<7!OAUPxLG)*P^%6T zu}~c=zna8OU8u>D2%cwzc<3E@ghPV0{}aM;RNu-0Y_b2{t~Y4f|I@yAwEu?ynvxg` z%P%n#ifSRJmD#pd!vWAF4q&pdQvinSB4_MEFd9w+cs+hA^o2x)Tssblk?Yr6S+@<| zE(4svPeRVkGf0f7($csw&i}w zYDiF`a{{kElQd(vu&ihs+)$*!px^Hmru@o~|9bf*fL3d}G?)VNP(&Dk(X_cx!}Bi| z@AViMjx}JK=_ybRQ~^;cPcZ_WP}Su0{>@c^qG-%9g3%NR+#q9c&BYCe;kmn*&hUIb zn{$ZrQhuc+P4y1*Oz_5w6reH;>3CYaFe-tO5i;dEH0DC$&=OwO zNZuHP0LFwVbexe8y6DP^EqMa(6ND;k0G$vGHz_3iLbpSG=6J_^M%*2SWGNRPXm;nGAmA%9<$(b&fYFZFHv=#hu!TNuVX~u{~ z)%lnp%Zi9sXL}0;w)lUq*Yz6yzdtxT`u~H#?QI((98-?avg-LUvikY4G{4gpv}ZG? zK%`@EKiE*wD){`+vsSSyvP@F0$I$wJ)oJa-0GYz-p|y|)dDQ&-q2K5C22K69?jj}G z9uEWC@;`&YSwsI%yMF(u|A&C3yoB#uQyv8{G@IZTk~t}A5)n;;GPtQSK!R&27(?mI zyY0>i;NQm8-*?y~ zi?c*2#~R|sp#zpU)uMjOp<+<$SxYfIw*;d>A9)BXbi?x%ksGmdW56{Sbq-r1;#L3) zUR!Wyvx;jKUKaFaBS6apearGyn6Bxpi3ZRrmT(h#(YK6k1I|tOws)DrMy0I))|1%o zWs)jt-!x8zP@`MCm>V1=LR?>Bh;-flSnaPbR!nu0kAA&;b0Kj|KQEIuI%l(%A)D`3@*G}nc#>sn$f0rzC1GvE0@xCd&0GNHf)r465z0|kltr94S+HrB(|LRT%d4x4 z^Wm$i2W+P1Cn?gP)(9}B$f8ReFSnNM7ep5a;!^m9-KcPFx(yzGi65*S25tC2Fix=1 ztw{{C+2d-&4ePZeP(9DqTH(0HE0*L6<%EWK9)=?4`tACW9(so#;Vx*}e>o!IzV89H z*#BP7KW(1>{nO+5{~%De|7Pt;t`i~YZzc$Iub(M<-8nxQl!2mPcptAIbA~E#+CVb; zvlMw|3~?J`sy~U*;>y%y8I{Ooh$Y73Cxr={pd8g2R`@ioWp`y`(wPm)%62RBSeiOw zO`Y12sSQ{y$LgegA7&euW_64*l`91+MXxoCD32(QZTkYF(bW*fX}8rN z4a@gl4ZKbN{WHIr|MU92qy8TP?yO7oUEg0WN*z{eYD-pR&f$|7DHsuj5eQx!?EoiO zoRO@4+f7xkH8pG>dg4bguulK?T@AWT{|Ej`{=et>NButp*d^aorCI9kqCnHAuA}i< z3%-fS_O^3PnOY+CzPK*TaZXGf=0DZHAd}+rw5*JDPVA$t(hNGC=ea^z*qaxBdY%!b zZiI|p1kZEHUIfoGA@z%bRVdPwfWnMOQ{2a>(jdkViIh;TKuDk&kSLO<6slTP9v2#N zg|?it7}??C!b;$G&s?wg*Ln8T_ZEMibzOg89{lc8{}08}Gy6Dr>Z(cj)SZ|0*&@M* zS^stVzwc_WZTi1j|8>^yb&vXg2sqY%{n&7~{?}5+Ul9&$(SP6f8v5V$dcEWM{~)l} z>}VM-l$lU~MlRIexVJ_`hl#yHUdoEv?#IP(!d_oj>Cv*s3=cP<~`fSK}t;3T50JhO>|y%G=^?HIacm}=WuWPU)~Sy z;s&Wx7e?Qfr+v2}M*&FenfBgQ>VPMDl&$%LgQPpP|QnYrf_N-AaS9z|hLaZtMx-!th zY?P&#U-Xp(s1;@xfz`%Z%(CAWW43CgqANCOE@GMz9@UFV+pAb@Xt&Gknvs5~YqyD5 zcAFd+)MwzvKnZc z{(EPq&GVnvJ;r|rf!%6$N;B}#!XM$QVV(ZF39{6FF?26uY}5bKUVr8L->1j?&q3e> zE{N7BxdJV~E;`&K$YGRI7EvBUM#5_nqjH@S`vWv8&y3>-l^|mfGcmGfKFZ^#AdwMG zCun{Srq)h)IDAp_b$BSY-)aaCbJ?zh7uU%=sNDptB+S& zn4drziZm4*J`ArQqEb1pX)oWvHAd zuDZ#bC+>(`J5OAl7Jmy#W9P|#oD=v!Bo(=W*DqfwrwHypVW=IKMo2mqU5ZbRJ5iyC du=CJsdxRq#;RtuZe**vj|NrVKvkd@P008w*xq|=z diff --git a/released/assets/fleet/fleet-0.3.200-rc7.tgz b/released/assets/fleet/fleet-0.3.200-rc7.tgz deleted file mode 100644 index 0100c0214b7429badeb79713f6414e75f62b0a87..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2879 zcmV-F3&8XriwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH;fZ`-=@{aJs-eH?tyt*B+mcAQS=ie+x!Td}@2Ncy@B!%)!D zSz<$x0!cab%e=pR5Gl*DY{#kVI_T;vkXq#3@hI}X@Obu^A?nUBAyT_jlCnqN06fq0 z2K~PI-}AiY|GwAlKJt5KXZ^w1so(29^89Yk>plYSTL{yHTxlX7d0#zNb8_Da5YB}r znhLH02OuPxFcG^U(VC%4MTg{Cv?*7bFcyH>F6~f8e@uxEleH8fN=?TUqW~n~VS;ik z8h*}D(iFKSEP$4lIkwg!CNzqW--*IWiYg-^&Lvb+r7>NLD^viC^8EAK-b{)KjZn4Y zi3}iQxzZ?=Yq-|XCO%ApQkSwbnJ-6p}+cG?J zB2=NInKsQo6?E_m;Uq>0ZTOk$cbNjB;VL8y9U2x`iPo74I-Ri4VC9xC+$@|@s8xrF zSg4MbUrl1CF4Sa61kW= zmS18f6xBjbE3<8_h6A8U9Kd8@rvMDuMb6lTU^JWt@Ou1K=nIJoxpo{9BiFCDvThr^ zT?ROTpM;#7XOI|ErKNFWpc8~FA2Axjua|E?j7`g5^ASpp8Wo&hyat7Gf)dhPX&50W z)R3S==LBATCTYfSVOh~OxS>dcLBHQCO!<`||Ml`s0Ik+`X)p!kp@=X7qiJ)YhUZ@_ z-s>?i9BaTd(^H@tr~;x?o?-+#p{mL0{hO--MbVgJ1fwYsxIxC?nu{9_!*h2ro#FX> zHs=uKrTj`u%3~M{35mD?G1kbzESmzAh@3@cd8Gyd2@lrR-J+z_ro3m}Y%o9Z3rnc$5VDL`cy(($x-VN?PmBV@{TXv~Ggp(VVm zk-RYo0gMS#=r|)GbkUU+Tk-_nCkR#806HNWZYX2L>n=i`P$JP70pXEZASOb>D)Hu+ zRzj2*0p$+BN*rRy%y{SKJ(-zCQQ^hQm*Gh5F)=OhR)%%qeX+vkO)0}va4ay# zIb&0(CTPcg3RFK<5DGq~@q9Up=@f&Su1MT)r6rQI3Umxt$_-HuU!C(7=jn28Z#Wkji&F#`ZLDtn1zk~3W{)wCdZXe;>Rg7yCz(~J>~ zs`D{HmK71N&h{1xZ1MkIuj@7ZfAQ(){|^DTw{3`UOgTc!s^`bZ>gUJO{7zfYp3R&B zk&eOrU_(W#;PXSzTE(u&GD*1}L+k%lr?nFUWD2W?)b5hhKBANtca8qS~1lLk9hSHgL z+np1@zm2QEHGctGi=#j*fY$9T%=g+I_Qr+T?DlqUDHa^u#Yti|3)W(263=F>r>mnc z&Jv{@Yls_%4p`z;i~22xib1VsEyeKM5{w3YrEz4J7x~8)x8bGU9!cFK!-!irhI5*+j-en3Km9_#{Phz{5 zNvf!Q(>N7Ejc)N`Zg7+caeav)(slb|wZFbtG1W;v`t|b7g~T!ayiD5YoXuK>Y_`87 zUDN*C<41~okJka)?7!b{=KoLo-DCd$AW*meB+FE%asn@_op2v7P@K&Jb3$YoY9Z}` z&s-9e=kRjFlPp_94wYLd32P%3z?OJy<^nJmq=2G}P>!;qEaJq;f=#=e&fD`}UR_Up--3dc2Gu_RY0Cp5(KFcdl0Z`Y6X&^!DHcR|zs%Ml6peGjn3 z{`Y$RY4iN=pB~Tu2Z6f%H)~IFod`*PGeMwx{Y=^G&iTop3={>!`*;PJGgN`o29nXA zrN}d5h}#fT{Yi`#SEeS*s6;M9EHNHGDNNV|<*3%M!l!X9yDJ-$&TLRtwp*FU($o=a z>eP-*ZNO?dRwwQIFx$8^t7DX@Tq#&7daYqZc|>_^+ZPy(u7)s9yWMtn-zR^zjPJEw z1jEv`&gXx}Xb!;YrraE$h*`)*NSzYLFr*XAWc3#06kNarhLp#&& z5SsDdvY*>eB)IMVr`v1Be}nGenEyQptj+&6wDTT@f5mp~&a0;L5B+j}0I>RRs|Pza zEZ=)I@HYMT&-`Zo&pY*w`hN(xvo6(leSf(qby%sXEm@H{hfiXpU_=x~Ab4@K1Ds%S zMzZ>CH&wmX)UbW%i66nhI{n{wHRv||ANVWz|DHEE>i;3YF8QV^%~E$41)4^69gWvo z@J&Rvx1DRs)Do%p#dTqhb7JZ+|Ec~3nG~O=Wo4vuVjpdlX3*(8&lSqT-n{tJ^Nc8U zBV_aLITZzM3F?LP}QpPxX_R* zwB?+|$PO15Rsz3!=6c1y&aP@Vig_KNL^T?Bn36t0v)7cV5Hli|*IB=JcGUkvz_I@8$A-K0zm_`wif~|y{`mSem2Z6n2 zN6T=b%!C3oa-sIdy)_~_Ozai%QdZPo?=Su7Bno^FIfHZ*kvbw^6&?G5fq@Djm$?KB=%m8*Y>uH1me)1_@TLkl@FQ zAMe)x{ZxZ)i~j~^y=MI9AHV-|7}&A?bFPSARP|Yg6s_H=J!{mji`(LWoS6&5di~qWV)%;(-f3*LHfV=MOx7+|EpfcL|TvP}~iqrNB+4eGKxS+f2Q{l5O!;9mOwmDNDo z^xr!>ZJz(U?lJy52<%p~Q<{N?7XAod4eRvZO^~Jbi=lfNW1Ie;_WCQ|{~jFkKL>#m zxFA}i<`eWJTs0TRDz5_%*4o^`6!Q{f<#6% zouK(Sm|8pGk#hnZWBW@qzst;5S}}qfsuTFX-@EXRv#I&znaqj=8A@Q3qwBaYuRdOB zVSWN>DAH7L_%OVJh)U%YhpmqJYsGim(QmS2{>~ecxKsR@KdK4uEEtVQc%5f3rVN$y z#8o$$^TZvIYv+lp)8ey`GVH~a*E*o6NcJxX@sO>(WUt0xDyqM d2s;nGwnsR^5sq*d{5Jpq|NqjbN4x-70075Xuqprm diff --git a/released/assets/fleet/fleet-0.3.200.tgz b/released/assets/fleet/fleet-0.3.200.tgz deleted file mode 100644 index d20ff575a6520623e302fe3ab4f2b4193f1d72d5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2876 zcmV-C3&ZpuiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH;fZ`-=@{aJs-eH?tyt%zmIaqLd$ie+x!Td}@2Ncy@B!%)!D zSz<$x0!cab%e=pR5Gl*DY{!Y?IOyst;6~)#@hI}X@Obu!A?ns3CQ`c-lCWow0PS|W z-RpME|Lu0W{=e7uI?ue5e*e@v?RlN{v$ogi^u1@$ehgvikSR^%v-X3>s!#4a0m8Y^ zL{q_)?*Ifu6DA@zAX+nYsc4Z*izekt6UKZn+oc)E@Q(@6LA;V8K&k17V(5b;Jcv=Q zM8j_>N}3?og!$0WGQ-A7#F&O5@>@|jNl>LEz?p<8G3qej%JhD4_{IQ~fbjKr~zigrP%&94pp3Req}#w5pw-*Bip9IyD#%2 z_({l_Sq6y_RazSN1v*AZvmv7a{Ce>o#K^S#H5;Pjs8PY$`8!Z3$0#Aml!hUKLJcuW zbdKQdH-fkq&$L=kPwS&5F?Eo%#tZkvB+3xmR4#Y5F?R#h(z19AH*13QT~o=lw;%Dz0<_- z|67bYMhO#EWq@P2Qf?TlSZKFUU9&R)6b2G?@h~)c z>_b9wQU@R9lM9zuW7b9{m44;O3?YA&w|VXjnD<5?Vd|QkdaM1DeyRlOxg* zxSwsPXcc{S=vk@YC0Qyd*CS~BziKtMVt`Cx`OuilgFLMN{nYRCdxN_ETep#rbcct5 zP5GZ*uV2&u(~ft@|Lg@8@)DkNMS1AMz-)qFNa`f0Nk}yDiy)`W012+8U<{=*>$W?` zhkqNFe`7uY8uQ~o!-vMr4b1l1E%wHR>GbAiW+~mL&>1hvyx(PW(kJ9F7g1D=muv?BG+Q*+JGxCsvI^%#tk3lyf)xY zrzO`i%*^SFMu3J1{ubpcFtcdD38~%Fn{#@dSep@81bxx-ZLpI%AvaW9b z?J*=lzQgN)P4?gG*7N_TU9WSn|NDTd{U>RvTBQ?sQ|^Sjc!B(k?wgY$!$1pZ4}Rv7 zpg4~g8=j=;3UVmjLP1y=F$cE5V?7sunIJjjU4(L!C1oBbj^}Ke#dJQL{qpwm{A}>H z>;apx`ALezuQURTD6;SZM~kgR`#I71!MG59ZZ}F?n{I>W_wj?J!=N=E2*wH4x;2Sl zI(=S_xMsZ;1ghrS8cQ5kc*TNTp&Ziy&w@Z?Tz^sV!ZR8HcZ8s9;DGh9G!;v;!PtenztT zZ8uf5-qf&t>WLq~z$*RUbv5WF{qHT+|DSgHy@USm1MHHotJExXcV47vRM*jXr3GI{ zWP6*Lrc5o6w(ngZ<~T>D9`m2-Uyw@iZBkT7I!E@=R%`mL)~igR%t4I*$ttnL=CE znUCynac(8>I(@gD|7*QG_S*A5`yJQonFp_P?EN8sdTAef$F3R&$L_4W&lU?l&HAs> z|6NyuZPNec`mcVs(?96{KHyOQ^<%^B`d>*MKOh{~p#PrNuIYcLeR6U*|L+BMnjI~| zg(4FQP|Jnd8~4VL=peRN$O~Cf+x3e)9i+fijir{B(nM!PM{VfFi$ewfcMf;9|Hb{_Hf~^3 z{MW6=e;u#aKjeS*0*`UuWVcbX*fG1jV=5fX{5~nSLThf6YBaNk@&*Z(uaMx!iyv>- z|J_uBZi@eU{gZn9=N-QPvme;9{&S{?_p16VLW;(A)t(jV#VXHLRfrX(UsVR0n~kCr z^Il&`fJ$L@9$2ld#Vq=5F=nGuD!OEoW+EmD;bFC?w7HDcgl4nIt{LeUy0)8$Ww(AJ zMgQ_d7V2nWLoF?=ucw7uYHDF)U2QEZVRMAj=}N)=^6At0m-CB{fB(lS$*fDbE1%0< zF#7QEj$DddBUDlyyQ+4$-ToJ<^}wruP4Qo+x19ew=^pI=KH#=H`^|Pg6;c;Qb+)Nv zt<&bqcCn{(1Rv&)QfLtf=EJAKdC{hcj8LB!hz51hoh(@Yr+#1mYj7w1e_%DxCjD>s zPwVHuws(mC_5$10>=b6;sf9nlgJG5ayD_rFelc_>V{Fp@)06Jf{r~A9|Fai3f^(uZ zO0GZ)u!|1YF>)AYl!cT>kdokvM5tWn$o>$G%2MO_LB+@zL`)3rnUC`57$h>H=@`w= z!c^J`51k|67};N>`CV$h(uyHmQys(q{oaL-oK4Ix(4{4k8=c{iKHS^@b1l9<>bNrR}8e{(hy0@qD%4BamOkUA-0}+ aZ4YpO103Ks_-_CJ0RR6QeAU(fSO5U5e7-3F diff --git a/released/assets/fleet/fleet-0.3.300-rc1.tgz b/released/assets/fleet/fleet-0.3.300-rc1.tgz deleted file mode 100644 index 6f2504af54bdf86e6bde4688fcf2e5072352af22..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2879 zcmV-F3&8XriwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH;fZ`-=@{aJs-eH?tyt*B+mcAQS=ie+x!Td}@2Ncy@B!%)!D zSz<$x0!cab%e=pR5Gl*DY{#kVI_T;v;6~)#@hI}X@Obu^A?nUBAyT_jlCnqN06fq0 z2K~PI-}AiY|GwAlKJt5KXJ>xz?6mJc^89Yk>plYSTL{yHTxlX7d0#zNb8_Da5YB}r znhLH02OuPxFcG^U(VC%4MTg{Cv?*7bFcyH>F6~f8e@uxEleH8fN=?TUqW~n~VS;ik z8h*}D(iFKSEP$4lIkwg!CNzqW--*IWiYg-^&Lvb+r7>NLD^viC^8EAK-b{)KjZn4Y zi3}iQxzZ?=Yq-|XCO%ApQkSwbnJ-6rf+A{Q= z2vsO)rcLut1s(iCIEhh08-AwxU8aC&xC#kFhlT}KqIIT%PA4ohSh?j3Hw&i}YSm#P z7OG?ASCiPO3pH61!Sjp|54|Iga7eKBe?nM}>RUO0E%v|L^#)D*f7(Ai+W$iUO-YP} z<(HTVMYWLA%4}P!;Q(k72QXRKDF8!uku!E77!9WZydJ+5`a+^Yt{sQO$o1>3tlI`} zmjO=TCn4wN86?J3X=&UT=ma6lM~sH>>*X5|W7G22e1wvtMg`{=uR)=lpoBD68b$~T zH6$p}Ie}N7Nt!WSSXQ(RZYa`V(C_yOQ+{R0f4zJYK&!P~8cYFsC?br&Xxdz;;rSPf z_j(Kr#~Lur^c1KDs(>h!rx<}wsA_V0|K_SdQ8eZl!DtEuZjdp!=HiCK@Z4QYXLvrJ z%{fGQDZkQ^@)*WKLLzQJj5TsF%cejjB4?3VUa5gVf<)>O5^dLim|%EK`D?CGPK=ND zPgBGHZwcxIB}_#QH-u}@0tjQ`rh12YCV1mT3Q!q_bUZCy7?r@t2$^yn8gn6WXbCTC zByS8t0As=wI?hN4U36u|mOO#?2|^V%fKG^p8_HPmx{Ht}lt?s2KzL*ph>4J}O1wFy zl@KLHK)D035{DQvGv2v*PiCf3RCw_+rUFgV`uGuMOiT;Bm0?|YU#zfsQ_3(E91F~G z&e#;H3EHur0@aTdgo2N0JYUXYI>n%-D-t(cX^AAQ0v*GZa>H09Lc68U>O)WktlRv%Q4^Tl~M*>v|3U-yfVE{r^GW_O=ZXjwwfIS@rxFS^fN2n%`*)+OwHc zAks0oA8e>-6?}f^S*zF;StcphV`%-q>a=!ZfJ|Za&|1iYJZk>^(C_nmgQoslcaf58 zkB5P6`JchytfBv>-L8Ms|3ko1Ucz^-DUSjenoaNv$($55iHIga8QfGEAi=d1jG=Vq z-FD{$@NeVlZ_Ot_YjG541<<;^h525)!``?so88{dEyaR^yEsYAX2DtvP2$lUg z#aW`1V-0cR&;d)FYEi%CP%)_Wtfd&9TY}M`k357Gy5aeX$c@;!G2j}EI)^P0aVvlY zuPwNq%_) zGD#J+ZyKjUsL?H6%ngnbA+9emM7nN&toGLzE2cWhN55XaxsW)fpO;A+owHfXkj?g& zq-)xLd;Ca|@9{cdoBj9u&HVpqzkAI89|Y?5pJbWpR8HV!wG-~+1&XtIU`~h(LoK8| z@R>`3@*G}nc#>sn$f0rzC1GvE0@xCd&0GNHf)r465z0|kltr94S+HrB(|LRT%d4x4 z^Wm$i2W+P1Cn?gP)(9}B$f8ReFSnNM7ep5a;!^m9-KcPFx(yzGi65*S25tC2Fix=1 ztw{{C+2d-&4ePZeP(9DqTH(0HE0*L6<%EWK9)=?4`tACW9(so#;Vx*}e>o!IzV89H z*#BP7KW(1>{nO+5{~%De|7Pt;t`i~YZzc$Iub(M<-8nxQl!2mPcptAIbA~E#+CVb; zvlMw|3~?J`sy~U*;>y%y8I{Ooh$Y73Cxr={pd8g2R`@ioWp`y`(wPm)%62RBSeiOw zO`Y12sSQ{y$LgegA7&euW_64*l`91+MXxoCD32(QZTkYF(bW*fX}8dg4bguulK?T@AWT{|Ej`{=er9j{1KHuuHzFO0(46MS-SKT}R`! z7JL(t?QQ3pGPO+l#dTqhb7JZ+|Ec~3nG~O=Wo4vuVjpdlX3*(8&lSqT-n{tJ^Nc8U zBV_aLITZzM3F?LP}QpPxX_R* zwB?+|$PO15Rsz3!=6c1y&a-q!p;CG+;e<+@w*~h_CS53mF?!2te770Gg z`mfXfeOH5R)Bn}_ud{yd?5O{TfMfmFj}3S0e=T+V72&`Z{r7#Zq5oa4*FT>B4+4A5 zj+WsZliX&WA=H+R63Z&eNthCHryyRXyy&o4HB$gA;FIq zKi;kX`>6)q7XJ;-dd>LHKYst`FtB6&=UfrLsOqx}DO$T#d)BCzt320LA=Z?BT^VR$ zHp)`WFZxOX)C#kUz-nVHX4!9xFA!b&+C2Yx-DCWB5ZJ9|r!)f(E&LI_8rJE*n;=W=7en_l#y0&w?e$l_|2;V7e+~jC za6z<2$rWe;cG2M`K@OvwvWW5+G7?^s7?tas*dL%#d1f3xs00~Dc zVQyr3R8em|NM&qo0PH+}Z`(SO{ac@6&cUH~MJ>xeV)ukzv01n8ZLxiAko0wTu~-ze zG?v&i@UBcIR2UI~WYQy?&?Lede`0U9bHNyvGox4w=$KKJy+tR(*0m2oTPN zCYlPadr*)GjMhX0=s9mH!X0+gDLDTY2s!h;y) zS~UEgqNE9OO_&c2Ei-JaMT}_}BEJ=dlLS>t0-Q^zrb=V77FQ@A80FdbwY{kn6B?pw zMic2nz%r##D%WtWpiSC@r7>x*L9V^ZEnc=+G^J3h788+B zEi1d4L{3$p$3&fkMVIY9|YrZkKY6l#c3 zqH_Z8zLO+nxUi~d8{9x7e!ti2<|h2okpFt|!G}g;yEK>p@<4iP!|=>qOlNpDpUoMB zSs}mDlJW?~LP9LAL5wwWFiWOD#Uf*&Sz4)qK#WA{5fW|Jei&nLMfrQKQBI6+Z=WWH z|6gL%F-n+<46X^+pal@d#C7=&vsCcfixi+z4Cr{8zc4C+kr6WGIyB-!;?NRaR7gG; z1RutPDRi8X5IXNl^X+&7pJRkFTmT&t4cC;h{B`G{P9TwJ41w^_ED#d`VWoI;Oe-Nu z41sb7U?u)AWM;fG^PbF1!!Y;YMJxrHCe`snOqrPGcq_xY@Ht;$^QM$xDmdnt zloPaLzXYnED+mN1(`de&`E>F@O;;$cxzZ9zQU*ANE9HiEgOj|O%9w{9aL=^hUQ z+wwpC{-CD+r=89*|8o#n%1gAJE6PJ3hGrA|LQ*F|O+uoHUj#X221sx%1!E|kdAHp; zKK#?T{2TKL&{!M?8a^~`ZeYIGZm~Bm%w{(?b4#({;4V%RvzfmZLz8GWYrI??eQ~BJ zh3XO>{p?;#Ihg>HDZB62N;t_`>bqsn1RWZdv!!D|cd zY*unD!_1t%Xas1O;BQ&J64N!E71011`4VnI&-<3KZQ!{H-}Ww3*yyz3!+H|iy-ZR@ z@0-Rc5h`?x7juoHSct0&43MtdAFKV<#fqqov(c{?AI>F?>Gx&QTIX!mFl4j+CF|<; z-yTB}w#Ev_HD0kGS12bmz_TC_8P^}zkMz_#{0O%}-TuoF3HE&tu*Lp& zyY18Z`M-U7JpUgAs`lTkJ;`(|B>l|W?cVH1?2O2Z1D+O_PiY)o3SMp@c!WgZJtN35w+ zJ2JHatL0dpwC}=fRI z3)ecI|1G0A0IQpFbAXbKzG0xvZnR{VOWtcUSS$CyoqLBFH_Jof#$~c5=uUR&Kzddc`tdZbGRn>?SmALOEqrQc`U65e z{#*8Q`-ud%-T!pD_4u#f=^yjI2Z6Qu-bKog)p}FI_Nga+1Ow~zf8W)h+w{M`QvZM2_4-HsKLpq%-&Cnt=73X{TdnE0TCX#OGPgHx{_r{_N?i*X zzVTmYlD+X?r$XvCIjcY<2?2#Ek*3IxQKdnQAruLrT!D~4Qy^g|Q7KfF>O3wqWD0Fr zXFjsS#krNB-5I!E{;&1wW!qc)Iq10UzIkYOUbg=)e|lvf`!8KJ30}JM@;+NE_%!Rk zPXG5^4Yp1HSL?q9z3$+s|A&BM{nzgsZrA@x>i7ZSz!v>)x4oMFcf4-zc>X^K>@_=D zgbPI`6rh$1wKwjK5z#?xuaK9rqPF{aew?t^*JXON=rK9d^*lGTOGUVWUGDv#FCHVT zK3(TR?lN9+#k0p5EOPqyW?H{z+c-#psTwOSEv1RhijLaQjTgrX{vRCfZ2ybZn8kfkZiP17DAj1@4do3ItX?6(?=OD5 zUH|t}4Z1D<>kqp1_^*BZ{?B1x$NJB?BHpX&vj`~~yH$HusF$le*Hs}_lzv?qXl^!& zQp|gOB>^gh*?C~Ku@k+KK=D?>m;)-;jVlx z_rd7nr#o^fa*a?)b?mF!;dc99sMZ6o0=C6}o&IY6uh%=;|3koSclO)uek!CcjOu(- z$6BY&S6;EFa|9n2k5Xt62QAIDvDb zHA=2P3$Tk0*D-P!Wt4@KN05@>ibSYf=fwUHjmlEv_(8?U7(`5r?3s`9=p{&GMAHeH zpM|Nk6COGzz%jDFNb^6b`ARE>a7}d#|MkBveBx|set{;nB0-8080F|X?%T_+ms*&g zLK=!B5gfh@FCnB-Ir(9$Wj?L=jyw8Iw#?_eA&y%4$NW)Ecx%CEM1rdDc zVQyr3R8em|NM&qo0PH;fZ`-=@{aJs-eH?tyt%zmWagt8xie+x!Td}@2Ncy@x3`0Rn zXNe6(Y9!^@|jNl>LEz?p<rD2Gm zP(zFoodbCNg(NA%xm88m;07Y`Px}3%+=O2m@}Do>`p{~vmj)9+9*7V_Fd8-!YH;?| z;=LIG!;uC|Qau5xfhr(MWeJ9$W2%~*KD@omQ520hhA^A}foo(8uDH17FgSDP(;1x2 zW^)E%R>-fkq&$L=kPwS&5F?Eo%#tZkvB+3xmR4#Y5F?R#h(z19AH*13QT~Q&lw;%D zyT^&)|F;-*j1ndygKNSyXaR&Vab3Q{EET-*A_b@v13H@IFN{iHWQa_;4vn~wIIx5l z6_U3G!G{rH3LR%CgwDItd^;Y%hZvy@7eL2E!!>0rf8BYg6G$W)Lm)gf3&cb~SSj8N z(@KaEL!jINScpFinHlfQyeBi$Fw8x85lexlNp<`XQzj-k-omghe8^YWyeVav3XVDE zC}V5_wA{o=gQcWxY7a?9E!$1p}BVU!< zxE`xHS}>IJK(!55IPswx)|sJ1nqvv+L+kawGQwJ>)o7m&EyK$;;b??`_Tinl3}Os3 zhL3HE9|f%c*O;V?XjGj~F|ss|cy+q9P+*P!_l|mA!~geBj`#k5CvbDqh7d=TBeblV zehRIgek#oHqy_Ei)X5R)2;7f0RJ4jdJM=77@RBT*l`y|E=3dNV>(tz`Fd;$w@Q+bKLWe_WHjIsO2TP&K2dM4+FCaej=%ppe7;F z#4m!JG6N*ImVz;q&aB(+93Or&?)Aoe0<`AGftC-gn;V$zwOj0s3)AV%&CF8FIk@xF z#B}N}#n2?0PFshIqtDM2g&a$W8;1|5ajHcBmP5&)(zBFeaApaHCw=4rEYJDW7p~S@^nr6Z;v4f@-1Emth4{eUNinX?t8tx{oe&t?LSFV)hV68t8ypY z#S7$Tbl;p5=Vv(pb4gH~$BPY5(sT(qly0FQtc;igtMORP1z;vf4tW=$9A!zF$BE-P zn|3jscV|DnzC1r0ye@l+Gvg0ZBz~n4U__CH7dWc77VYOm=Lh3L__^IEac#N{o_>uV zEFA`I_&_jDu+gna1k>r$a>NzuRTHS1Z)+`ZT;dfAa)okC13U`?k#YU*wvqA>{hI2y z!*p6;H4gc6QZ0TV2?G~?15SB}T*LD@*)0CAHPl9{rWxjF&E&%d<2|Ka1h~%G6{VmB?g(1;*27xd|Ji999|@_%yC%H)Uhenhna* zb}RE(m^xxjo!XG84OlJ5@}zwiW-FIwaf~9RD+Mb=uQUuP4=Imq`y8Xu)ey#Mx7*I< z`{d7-@twAdU|6`;+5B%A%>h{4l&b@jZ1@=iZFZw2yR3Py)s(gL{>_bhVXybyck@%h zM(^mpO0;Z)-L|PVmGR*h@S#@jo;&vrGj5lM#FfirP0*d}(vI}3D)hr?TxFDvSFpn4 zE?W55&h#6EX8c$8bK8jo*WLg0j+*h`Nw2@p|Lz2q=6@U7c?ZM4V7oTwRnhs!emUO( zSpByZgdH1}Z@n6Lo&I-EyUqNcceKy{?F4SEOYOSdqk3WLpj1;^x*{_UpT$tYkSGj6 z@cd{8IL7>pWcAx_s%pKdVf)w<--Cf=`oHaJ&~^ELueW&rd)nRW|1Q8T`Kn6ILU-py znnraUjaORmRYbP8ooUKcopgixume+%`49C^NTv8PDJmqL1N&&JHT_QKMW#^Z_U7fE zUZg~+Yazpz{)8#|A|aG35E5t#Bn%}gg{o4W z$AyMWp)KpoM|QY4w-R)Fr>>X(>pVZ~dh-@dIGW);nYQS~z-(vmWX}`C(|2u(w{onTux9fl9>fj#X;JWy)+pPcS zc}Kl{{%0q!)$Di?E*6>aJTj@}!fnMxYe;ku+sLDq6}R0_^W&r~UntY#MUTmuFXy?M zT`IyA?DFXE>HIOm>eF>DBf4%O>$v*$L6L^UGM!SvL#g5tL9b@5O=J$!_^t=2< zu|YFyC~pv9@d^>XzxeTX{ohVC@EZN^^^T95@n842zt{g=z=rj|Ge!KWs^21{Xl+*Q zTcNI3`7WzMttkDnGT_{76s5Rd^_3K;6z1oF)yi7jqTd$dwkoB<3pQycVv-OZR*Q<; zi&$-Fw~Oqmk-pZo*+eY6)e|ZD7bjAyqlPuL)Udjq8g8knhCA0)+nU@;e!^yp%ZlB) zh=2L;;r!G2#rwbivP?$n9PY~JavO}^y}u)uBI{h|v%dU!Uu?aH<#4)}Mr`#<*k`d@=P>Hj^e0oUojciN2qyPmiI{>M&Wvzooa3_P~*d$>0&(|i`hR@XU#S1-@AH297jvrKvj6uZ2(4P4zj}Ad1BbtuU{47+Zo$$~(0FIIUMXKMW<}2+O+Oxy|{oaN5 zoK4IxP^DHRNKpc#99_qKb@}O13-eQG1Cb`J6Sx zQ78YHJ*qM9%ozW`Y&lqUOr6H1zMVI2UDc zVQyr3R8em|NM&qo0PH+}Z`(Ms{ac@6o`Z+JSJbj>Cr+QxS6t5R?iJTdpE-`$42EOR^oOj^o^3Jq6r|oEZ*9&JPa99y3JU8OB6vcS;iWz+R89(&%YH}Lws{u8g;>kWEOzKuDI|0JE z&_q+gmG1xqL=z?=Hy~OwbgAf&Op7+Fx#aa$ngIYqJwxPMSxP%F~!gaNq7*W zT#1HXQ2w0{xO63}^6|_m0urwy!l{_ReBnsQPRE0neN$Dq)iVE(-r00+{EgwC%?;blL zszB0Io2DOf8u*ED5}|}P{7ChOQ~}X&84!jJ4RWkl>s0xjPLOM_a*LO37ELMCs>4Ji zRL9D$CXrJWXi^*A^V%}-`p#o-#{=vcto@%5mZ5qm2e85Z_l|r0ru{$Z9qj*JfF>lu z-119Ig`!%>X=%2t^;S;07Y`2gk?#+>~D$@}Do>`Os=@mIf0*9*7V_Fq$?O zYIyd|;=LUM!?6ZTQauH#fhr(MWeJ9$W2%~*KEAumQ520hhA^4}foo(8uDH17Fg$Y? z(;1%4XLAN&R>-fkq&$MLkPwS&5MzxT%(5v^vB+3xmRD*Z5F?R#ghbo*AI2D5QT~=| zloR9QyC;d^|Cbnbj1s0IgKNSyXaR&Vab3Q{EET-*A_b@v13I4OFN{iHWQ0t)4vn~w zIJATp6_R%b!G|$n3LR%8gwDItd`lj|#~7gu8$icI!!>0rf8BY=6G$W)Lm)gf3&cb~ zSSj8d(@KaEL!jINSc*donHlfQyeBi$Fw8x95mSMtNp<`XQzoW4-qNrxe9TwayeVav z3XVDEIAd%Iv?0VX zaIVDJ&ma z3we--&A%V}eg58{ssGkpBqZJ8VPI4KXE12ye@?omCkOrC2h{QsUFVAO(1)Sf1V53~ zNl=rJXyO;aO_>1_TuZ?iN@w0}ca9Ig8Mk_4J^@;bqd?1t*3Avf_u4J?#)aAJ=4Ngw z798BgNn$qhS7K-q&1S9V%cC#O5``Qqh#Q9vsBx-9{gy+?pwhFFVt8f=MuTJI0W8rC z&z3}P#LkTYS71~*Y>0?kJ}h``z@5!Xu4Qpp`G-I`q7+ zj%@?Zb@;ZoPGO_cmJh2*YAXMt>CNT&+3-!-Q=AolkRtIbjR0ecEWE&Ry|rjRCpte67s4;>Mu}_F zZSeG4{9x%YXu}7Bae|F*O(K}ho|Yr7S+ANv)jV5kiQ@{dSdc4}6B^)I5QvQH_qUCd zhv?T-$0hH|IUZ)S0;_SjUyy3?3rQHb@EdT-L*yD>EXd~Zf32Z5S~b0}Kx-x)wixfR z_4mHewEuEMf?eMOY_R|Re)pt#{_pk==l{Jx)&85cCz+0gq`w+1bgy10d)+xd85Dt{ zV0ag=ATx%_ciKQw`lA$CTIB2^s=tWQ;>y%y8I{OnfCa|WXSoTRpd3{imiRQTWw&Kx z(wPm)(snEJSeQCuO`Y13sSQ{y$MU3o7iMdhW_gSvl`91+M6WcAC=V%*Z2JPE(bW*f zX}8-A!B+3+zDl%egWa~Nww3YW7x1B0?w&jM4l{0-hs3qZWKGbW?9!g}tSa=wXGhlO-ym-~#D9B$mHFR>cHY78FWIi`c~x}& zv0u)209OBP1!2dA-yX5Pt zGz;Bb6lfaNbu?aS!PgPl-gc%bQ+3iU>cWmp9p>NE-yxOa>$IqhbdKz!tUH$zJ&{Qz7-MoK+x_gn+`7NK@R$sL~+D5Q>CQu0TkjDUdLf zs1&M7RUQ`_GKIFBGauRE;@nEm?VY+_{;%`mdDmO~dD?Tk1M|@BJ@5Ws{`A5=4xYPe z5x1C z{_8gDKYCujd&vLn1$LSpFT%wl6P`yVwOqKZxM+=t4q_X5)Ux8X`)PihwB-wBdc5c{ zIrG&#*RxASxQ1OG{XJbgMp%8i&V}4&yyA*)hcj5*>3lQO<~{4$K?+ROT59PiO>|at zG=^?HYd!YNMmoAF<-J2*My|Mmh8ao=dSQM=eNyS!s89L(ZA z(VTu)-zYX{<_+ZyA}n7a!uJwGqsKOc&%53m|;_y2`y zz2{Znrue@%SkC|Uyo3MW2i#V(v)S*bLh8bJ%uQLWb=rR670R0<_^^1CLW@8!A3hGx z=Vpk=2=#e^Xi)3nM9up@_WSxzgFET}J*xpX>A!c{jQ_iycliFtUSPYLy}}GUw(tkI zH>}csH%6A&FNW`Aj7|D~(m!6R|LGs{e|v!=I44@8<>_>EH#cFRE&&4#Kg#+`6-W{gG5F&ouK(Ss7gEGp>qTrBl}BK|C5@pv}0(` z4*&JPE_~o@YJPbtwIV@^5*X#^I_~Ss&zD-5pFkUmBoQ1w4KE?2QaSlyyJJ4B_>MdJ zRd&qhydjP{`N#ZGO?YR)XhedmEQK*;sGMi6x=x*E?ucAD&s?44e+x+?=h;7Dc zVQyr3R8em|NM&qo0PH+}Z`(Ms{ac@6o`Z+JSJblnBT1joS6t5R?iJTdpE-`$42EOR^oOj^o^3Jq6r|oEZ*9&JPa99y3JU8OB6vcS;iWz#C;fcFr>G$B)($S2;t$7)XQcLIcS zp^2t~E8hVKh$c)#Za}nV=u*)knHFuzl_re&V75y;km3I)Ls0xjPLOM_a*LO37ELMCs>4Ji zRL9D$CXrJWXi^*A^V%}-2F_z|#{=vcto@%5mZ5qm2e85Z_XfRw)BYd#4)%X9Kob&S zZuupqLQyT`v^3k+ayS5*L_SQ6p=irs-~br1^Ng``!Duk`;qCan(B~2ra_u-ILayI# zWZgD++YE37KL|ND&mb|PN=xI$K*tDaHexh@pD*5l7@L+qXCssxH7Ynee+vrb1SKSy z(lA0$s3As)&Jn!%N|Kb}!n&eua08L}CxbyhH|3Xx{O5~zKD1h!rNIP{2O`7}jHbEWuRlYQf?TlSZKFUU$Zj+ z6b2G?@h~#F>_b9wQU@RZaa6HC9`|w^| z1~G;i!^bwsdj;$NH6|$|8dc|Wj4aI~UY+hN6xiVZy?)PY`2WGlv3KzQ`+%F9HiS5) z9HC{^^K)qR^K)T-r!8pDW=@Vs$KZalp`umr`Jrc}VwYs8q+E}o_1~(~+KK@(h2=wQ zArJDf`S)YL&)*v~_20USgrqw>3~b8(oSZcCKgZqE!9oA`0kynD*SVrR^kHZ=!A~T0 z64WFln)pR^SeabY&QxtUvv z1qXL=l9l^B{tvsvr;^5~1RL?Oot;>Mu^YMd%jzvWOesPwF)7@k>z(a8XL084bk zvn7!mv2$a<6&O_x8zSPC4+~x!aA&iUYZ+eV^hF~;%LILO`ASUJbXG(IXyr?|4n6Oy zW7~jp9lq_YQ`o4q<-=+c+g&FqqxN;S9Gy$JyxT zi+AS|$MkERw9z@6*_d^!kw-)W^MCS+MLimNs1q|nrCY*aa`dQ3vz{WLIXSt0+Dh3{Mf4UD}hLRfT>yjjN2Z z^$J#a+(io?+nN3jp&9?x{oHOM!Ay40@Q?bi!ahozd@k`-yX5Pt zGz;Bb6lfaNbu?aS!PgPl-gc%bQ+3iU>cWmp9p>NE-yxOa>$IqhbdKz!tUH$zJ&{Qz7-MoK+x_gn+`7NK@R$sL~+D5Q>CQu0TkjDUdLf zs1&M7RUQ`_GKIFBGauRE;@nEm?VY+_{;%`mdDmO~dD?TkC+4Bsd*1!O{ON^#JbCV_ zN$}jAm-X2q!GEU`xPx{6USO5|-*q+Mruc8U{_k|qJ=p)fz@h%{`-a=~zjAeOk8p5P z{MT*PfAqY5_mKbD3+yyIUWAK9COnT!YPoP*anTwP9mF>BsAa`%_tX41Y0DSN^mx%@ za^|afu4k8ua1FaW`g^)~jIjE2oeR0mc*Pap4rj2q)A?qm&3o3hgA|ymwbas4n&_

s7w1s!%IRzp4y4HycGM?l*lU1uBL4d0@4+7PsiP#kj3Xsqm6bnv0ku zgoo9l;`TCD8`|w6yK1Dbb!|5h%WnNdivHz^)as~VLoGF|ucwAvYO3MRb=9^ex00W* z+2XQdw=UwJK7Ks^e17raufMF4(K?5_^10jvqxT=~$fd|S*ZFKNe?AmjA7C}y?*9wZ zde5uCP4R#4WJUh>^x*&Z0k_rcZ1(%9kh(A)b5j;;owi?ih4SVIJ}e%k&>|4bhmXVa zxfvodLVaE!8q|6?QS<(f{l5Ow;7Dc zVQyr3R8em|NM&qo0PH+}Z`(Ms{ac@6o`Z+JSJbj)$4Q^iS6t5R?iJTdpE-`$42EOR^oOj^o^3Jq6r|oEZ*9&JPa99y3JU8OB6vcS;iW-W4tj_37yC%q@oeF$NikSR^%lkUC8YEJHV0)%s+ ziKc=p-vJ1SCQL+bK(uD)Qqduq7H!IvCXD%Dwo5yZ;r}N@2k}aZ0Hvm5ilGmZ@E}IH z5)HqmC~1OR6Xrup%M4p95n~#L$ZtjABteyu0Ot~_snVFN#1+a1MtSyiWp66Qgodcv z(M0+XuuN%`$~9aoXcLdHG$!6k9ugT6h3#CbLLi5v^b<-&1@~dnb4Z$&k6pL#9y=kb zK+;s3rXO+|_=#{5p@cU4NcD$Q0nu<75QYv7a;#YERQa7wkZZ4Ui!$c%h z$I7lIky90DQX9V8ZOfoLa2|U*9$?R4?f-X4jnve){ z%P%n%ifSRJrP;QY!vWAF@?l~OMOy{~2f&b>XN;W-MuVvjZ^!S2K9{JFYsVoGa{YEA z>$bt$W`HC3LCCpz28j_>S{gS7Iz~vd5u*Y8eDMy%*tGmP8=>T=QNh{yTTmz`C?Uy| zh7p274KYe|j^NE#lB5h5))j4o8;Ha|IX>>^ru@>7|9tVzhgNH|G?)PLK!g~A(X_cx z!?SM|@9h{Ejx}JC>M2kSQ~^;cOE3f-Q`O}3@!e&PqG-f1gwYfTTq9#}#lU#)B-*b3Fvj4D^0!>0 zoERVP4HCouFEQ#EB}_#I*Mw`(0tjQ`x_pOODtO~X3Q#EqbUe*p7?r@t2$^yn8gU_U zXbCSWB<~D@4`ad3u( zQoK2)l@KL{K)D036o(ixGv1kbPiCfJn0xXfrUFfq>i8k1OiXjUrD0w8n6I#TQ_3(E z9COTZ#@H0f3EHur1JzFz1cHxgG+)kqI{BccD-_pUX^A8$10BPaa>H1~Lc4|fnwgm{Sz11)5Z zd{u7add%i%!B8#&);3(>)Q4(#XND4KjwPfItvCP32y2;EqkTTK3@_V+<1q%>hxg(# zh%w9U3wJzy|-{?f1G3|9^Zk@DBceA8>Qih7iY; zBebk~eh#gEelE=Kv<2Xw|Zkf0a}ZrK+A{L%?-@=+Aa3Rh1u-pW^O4K z9Nfi8Vm9+vVrUZ0X07MTqc6@9g&Zr08;1_4ajHc9mP5&)(zB9ccxDMkC&$PGSfU%A zEs5NSof`wLz^HQA5D~Y0Sn%3_JDZhU%kVO%FB$<_Cg`inS7N%RvmzQmD__EO=y_iq z+XkHL@NI9M!bYVnA6Apt?m9^swXYkeM5xd$Ud%O)Vj-?BFhII$e=PS`7b~JV&PG39 zygQdTreEu%jn3K3#;mj5<>{LC-yS~_zucVP(V|SdGVeE&y{ua>%;~!Y}MbiEGns z@bp{!VCgVu!v}(Kf{kuXBACsdmLslNubM#BJX>pt;|i}>kSmlE8sJ$Fh>Yv^w~dsC z=+{)oCGW~P9%i!wt8utrkZSP@Nf@~B8*s`)bwOH)x*!z5e0+zZa<5f3x-^)3K2BSEGgQ)eB{>JLe~ZB2W|z z@8T6?#!&fA8%Rojlp;%uoLxlq7cp8~nVKx45}6FJzzSDLQ3=7vfpZ_hRIRML>a(#f3jlN)@&2F@0mo@LTp0bwKzqxTQ?Df9; zesL<;>K)xziB@f}+cwp1VtBkVs z3RZaBMGGI>nf?x;8UNM&+-@SlP4_>&elz|%$(s)G-yUFP{cQE`*wrhJ{6`gx&Z~hp>A!dCHS>Sn-XZ_D7r3=9)pNamy)boHs;Mnmkr{_CVx(Y1 z6ow#pezXIeV17oj`fWE=wcgaQee8)Jz`!c~-*q+Uru=`mw{-v8JLw1*paEj{G0kaq*8pH7L}3Ck$tpPntrGAGE*pX zd-LiKFH@q_wUFT}|79lGEB|FGq<)pN3Ph3+P?!>Fiu)K<8pIevkr2ui2njR=5{43$ zLRG2C<3dBG(3W%NBRgE2TM4}0soTx}bzVI8x{E(gd#-n49=zUj@Bi|r7xwYwxvM6@ zb9Y|WXNv^?ol4*i*7 z*R22Ob^G2S|Faj^X?DB_7mG}I9+}i~;kM$UH6l8QZRAnQirem|`Ek;gFO=!=qQ~US zSMyxYE*0S#c6s#obnzHr_31hna+~prE504hU~#AO%}ks3tZN4;FjZ@*rK2>_S<%rL zy7jE}*!%YY_k%mz|Kfgl8#k~i{yT2Qe?9MHaLE7d1s>wQ(Qc!5v14|5$5=R+#eJeV z{jR=IY|zXb${R#jzCwiWFMhmT|94Xjyg~nay}_Uv|9QtJ2mRj%Y+3(1SHy3s`Yl3= z)^^pt73zAG@2V=)iqfwt1J2DxQHuLbUrB*VVSXN1t*yl^`fV|8t5PbwWRvD1CJEtT zwWzqgjMavAyU4B@>1$ovO~kTWKarw;c_OtsYS>Uq4eRTv;g*_exN}{#t;wzACv3L3 ztk|uK_@|E_&p)4EeE91xt7Np!;jVlxcfsiWhdXj9vd(oro6DaM#nuN{4Y&LM!nEG= zDsWT$-#b~(|Mt2E|Gy8ot!8Jl-%o|qh4Gl1vRLc1{i0haZ;s%@;!z4M0>OOvI6R-5 zAtEEx=LMoct%nme@Bi5E>puU!wY-)O@8KLwk1k zum5%717}n7%TuWp2~w26C`Z?EUtfN{)WZA(+E65k;P7d92_cor$q(Bd^J&F*+|jSH zV?O5%an#8_=8tN^I}1i55?o~|j44CqJag4`>O6BtLmYLNE$iM{^=aSCnBlH z6uf=?MmhPB?h6LmacPL8W6`Df;Dc zVQyr3R8em|NM&qo0PH+}Z`(Ms{ac@6o`Z+JSJbj)Cr+QxS6t5R?iJTdpE-`$42EOR^oOj^o^3Jq6r|oEZ*9&JPa99y3JU8OB6vcS;iWw2e8yyLFdKN-7fxC(wNeVVaOBP2`jAy~k=!?so!& zbD@c*f-Bzv2#6+3L~cN|X6RDUA(<9!%9SRJ`Czt7JCNc3CqxJFN{Rrbrelhs50da8 zM!6CVzosZ@f?N~kLrcpHTPqP`8ivSkMd2htm68DG5~``vn5@JV$_GYy_H|`%D#e6` zsM^s)`Vg>8X_U$}Tq|f3kFYc*-bx-484`uo@KHN$+6)_X0E_ z5$2X(Vk#8XLQYGwZ7qibph@Jz#2AXU3Av@0)I~R-wQy<=r-wS;%Q6blkLn7q* z?MBvZgSX89NAQD?bMp)mBdWACZVYsckY*!B1Niyk9f+}M`Excx$x)+%v-7v0P)<-n zk|_-%1ce%6l;|A6o3A8E87{0V+6Ffei9a|#?&qfb(vbgr@y>@_)T!R>E@OLbJS51A!Qc)FUL?uKzH`;EM9M zT%(*AAMc$chW}q;)G92`4zpD7#)}l7QVi&Ln!hkAfsqk1xD){`+vr@53vQ$#8$I$w3)oE?T0GYz_ zp|y|)dD#5>vES$K4VwCI-9F_g}{+wL46elu?M#(V;_7Ds`W53QRUnD4b)?2QYv+0D(| zQY<*Qi<87`=C8!iB$~}y&zDDEoFxi5RuDH19Z=&`iTW*vl0l_sCB^W}5{w4N$OBlS z8=ftR+=!hU1FpcRa@Y_Nw|rRe+JHNom0Zj4GN&&Z0a_;LtIJnnx~8)t8bB*w!gc6* zUme>9oa^vyZ=J$Mr7a&;li2P$Ng1`T8>d95&@EofHI8B-t}ZY@x@vzc_g5DyqB_n- zKVQ5%mpG!gj&+04eQv)$$Cn)crwKN93Sybjo8|4+Kj`0u2DdUCM;`+%zbCuyoW zr4x8v?u5H|f&6Uln-k*V365p!TQ9_zUP%mv9I?;@0= zEGhFiak603E~fMT?58)E=V!w=WlwQd{6UJuuQURTDYEba$Mx2t{ha9hKwJpFup1?= zO}D|*Z}Eer!=Mcx2*wFEx;2SlHhWr*xMsa-0#);DttE~tykbGFP)=xoXF(t`uHWA_ zQXZmTQyrJQE9ZEa%?hl>;eJ7?#V;gb;KFafDG!lrc(EXx$N#m4+Gy4E!UClV_YN~|mxsi)%VbT^o$S({^sFlM!)aV) zl&x2=!s9Ml_}I?$cL>e+ukPn|6A5m*|LOIc@!z1=KjeS+0xR>s4eh*x;a{>{+w-dE z{A0hI?*Od++X}*t4a;|44ZKPJy;HB5|LgV+`M-Fn}sl!rDZOMwvID8Q! z1tX#`1i|y89pD7>Gm_PByQ!-6riSffPy7G|R_Xt)t3fyA|GT}V``_N+_@Mv$0K4St zsx%ATT@+{<)paypX~EYK+1_@hDN}XQE$YIKOdaOm)ZZbM;_I}ijC79dqpi~PJDr!A zLYdo}SATe!5~Z$%3}5*#Gs#~0FH<4)tDIFJl7xW5lt@$D$EeaE#t@2xP_95opec|r zl&BP{N>v^g8Zw2poHHNU;o{s%;Pp=3ZvLco8lZneaR^spZ0L#YJmGbP(Ifqm~u7-B0u5q%B`4)8j>t z$(gU_xt?7r!Zqyj=2DHX`-{D zqcL>rS?jU)?*Z-yceek<{qQz!U{m~e+>HNv-r(er|Jw^Z#C@aPM(tw9?DCGWa4?Je zM05IGeWTc*nKzU-h_HNx2;X1)c)R}ZrW$yI{`Yz(C(ZcJJ3c+=|2|;L`ro-CepA(N z5mL0atM;u>*QR z2oI}8#qDLRHniJCcGXB<>)LK2mfiY^6#dH+snt=#hFWS^Ur!CU)KtTr>#A){ZY4iq zv&Ch_Ze7Gbef)U-`TXL;Uw>I8qje5<<#V|UM(;n|kxP+vuJhSk{(LC5KEP_Y-TxP+ z^`2LOo8tf8U^)NW^A7%hA8=dE&St-#3aJa@F*jwg)@l1iw@}_3!H3186j}s=`S5Xg zJ~u-|MySsVM1xunCu-jRvESE!8r(_$?^zAFN&ma2&G_Hzb`RhG*b8h|vsajb#}@to z_l8ya@5aay`^E5`jIl}oPx{A8^*{YX{%6;(W8^T(C<`f%ASJ;S ziBP%Dk^KQGm8HhVH!6m39p6 z+2Ozb*M$$9P0cS)rB)!79m8CGI43+cDRoAKW%pH*{=b5XM{BI#?^%0`9^e26IKXZ2uK)l5|NjItn&1Fj F006n|3ts>L diff --git a/released/assets/fleet/fleet-0.3.400-rc07.tgz b/released/assets/fleet/fleet-0.3.400-rc07.tgz deleted file mode 100755 index da2d7ea191320a83a12bbea2190754ff6b3f1485..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3008 zcmV;x3qSN9iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH;fZ`-=@{aJs-eH?tyt%zmWagt8xie+x!Td}@2Ncy@x3`0Rn zXNe6(Y9!^@|jNl>LEz?p<u*UxP`n{v3{Xah1+y9*aO-O{f z<(HTWMYWKV(rjDH;Q(k7`7kzyqAi0{2f&b>XN;W-MuUkDZ$|HgK9{JFYsVoGa{Xp4 z>$bt$WPk(sLCBeT28j_>S{gS7Iz~vdA)^8OeDM~<$h7=58=~Z>QNh{y8&D|6C?Uy| zh9QDN4KYe|4&e0{lB5jh))j4o8;Ha|>GzLvQ+{d4f4+F@L#wr38cYCrAVLhmXxdDu z!P!@f_htkPM;b6m^#rH}s(>h!B^ZK^scLfi@b)rCQ8eNh!f*lvu8}dg;^Laa;LM#* zXK*%~%^8GQA-~d+@(4ykLM*O9j5KmE%celZB4eRhUa5gVj6~`o5^dLi5Myvf`5UfL zj*XA+9w&zX-(u7;N|=ZYt_jzm1rWx>b@>jnRPe@&6rfTJ=xCC^Fe-tOAu{DUG~z|^ZAdzScf$-2Q5EB7m zrFb(;DH1~Lc4|fnwG5m9Pp%m9Fm%3k4!WK0)JHL(O-gm{Sz11)5Z zd{u7add%i%!BEZv);3(>#D{8lXND4KjwPfIt=Ip`2y2;EqkTTK3@_V+qY(z$hj-#K zh%w9U3+Nz#9MW9re71|L>oiczgf93%I#yLx>~F z5n5I~KZRC5KNaS8(t`GM>g0%Y1nx&0Dq01f9eS23c1e~>%Jm3Z|F1f&jTj(PSU$Ao z@*oeJe?Rv7{MMkU|JGe3B;Dd+U|s&_GS!*UYaT_-7{_EqDQ2o<{di@C;OEX36X21u9fkH!A#VntNP+3@F! zx91W^^h=$z(K(&kn030nJYCcN+v7)qe2dos>+Jur*Np#;``*#s{_g^+_MfDw>Xc64 zRk;)H;sx@vxo=L0^D`WPxg;pg;l+k0X}W|QO1DrDRz}Q$)p)Gt0x%OKhrEkWj0UY9+^S@8!c62H<2Frvu93mny3i}rJ(^8;}q{M>GoxHjDe zPrt?wmJWk9d>|Mn*yz?Ig6Z^WIpT`-stHuhv$YmDF7b*5xk5Rn0iFec$hdxY+emqc zeob{;@~)iYVLC0a8i)HisTRMGgngGBsI7B{CUcf${WNZo~+>8-B(>o84&1E^FRvHDxWWe{n+~@p7!?ozYDNSzN$*I z(A{}~rcqr-Hk?8gO0ww^;vo+VAb{|4v|E|Mz{v?fPH2I=DwTxGw(d zHtRon-cfI#|Jey_H9KB}i$x|pk4$R0a9eTF8WJ7EHu9)t#clV~{5WaL7s~W_(PMJv z%XzM5mx^!&yFB`PI)99?`gENOxyg9N72g(TFu&9JYNpM5)|G=4n5wnV(ove|tmtSA z-Fnt~?ESlk`@x;kU$1*|vd{nR1RmnP(Qc!5v17J*$5=R+`F)}} z{Vu;zY|zXa${R#jyh4QUFMhmT|F=^Oyhi_fz2oC%{MS7`-s}G^V8i;~nIe8w)o&3} zv^J~utx(sie3w8YGo~M(Qk`!Ta{Ab1)DSzF-Zsy zt3}1_MXWZo+eLQONMGyPY$BH3>WLKnixa8UQNx;AYFJ%Q4Y$-(!=3A@ZB1?^KVh@Q zWyNk?#J_y_aQ^B1;{D%$Stg@(4tM2qxeZ3|-rtc+k#(-~SzrFVFSg#pa=6|97pC=| zSApx||K7=x{O{@B|L+2BtJzua_fsKtVLWE0EY>=0Klcjd%@KTCu*{U7^%{jb5D^#7jKfa~<%J8j1QU9Y?U{>M&Wvzooa3_P~*d$>0& z(|i`hR@XU#S1-@AH2 z`J6SxQ78YHJ*qM9%ozW`Y&lqUOr6H1zMVI2UDc zVQyr3R8em|NM&qo0PH+}Z`(Ms{ac@6o`Z+JSJblPI7y$-S6nXb?iJTdpE-`$42EOR^oOj^o^3Jq6r|oEZ*9&JPa99x+7SJ4=Yv?u4Z5$pe7r zdEW70VE*?!ul>L8`6o~Of#;tb`Gcdw!4uE#_fHO=fcFr>v>{iT$S2;t$7)aRcLIcS zp^2t~tH1#Wi6%_MZb-Cd=u*)mxfWf@l_rb@V75y)l+pjEM2E>ziV&ryBZ^S~lJGD= zxfBh*W+-WjToV>RN6Q>LOA!+qMaXYO;UqB5VBlpl*%<+YiMJiuq+||QXUc+5{2DDs!||_Wb_kCMFkIF+;>QpRga!~=nk9+ zRVZnuP16qr4g5qniBUoqex&+CrhsU;3<*Prh6Prlb*6$|FD$fIx#i0?i>4H6)ng(S zs%K?ath4G>HQkTRR0{NX~P{&IP04B!IW0_d=gbRLHgCkQljsyOwR& z;C(Ce1NcG6nOO#jF;!X`_XRpZ$nqhhA^d#t4#dc`{5c<@>G@kwD90!v&6S2B zf1u79ai_FqW4FnP-QV)@6yY^=ZhF6ro6YaEfB>2j$imVk>0FOgxWg)ES- zs%_ki)f_Dt%6XvLg)5u{P!H?OP$Da^gbbkb<{vp>9n)&GFMy8WWt(s`!cYhBUR;I= zMmfXBHpPzu*8givGe$J3-sc2aRz$oy+gd2F#{YYVeXr&J2gk>I|GyKsx#>cLBgzpv zR!u)gR!={dW_Z$p?sV!Dh;#(*CmSkSMV}pdmMVBfmPyL>2s;0*dYz3JAX8X9bmsCP zkJ^7f_WS(3L0kW=+ek^a#lyh5{Lk@mJO6Xk_m21azYA#OC4A?K@+g2avk878nUkU> z5z!F_g}%+wPnIelza%#(V;F=Es3f0G*o~nC-P&?2QZ4>CMf|Qp`EH z^V7t18Z5=oB%V$?&lg9ZpD9W?mJqiNAJE`bi~cQ#ib1VsDaF~TB^VwLkcY59cXqlU zaw~>z4Y&lO&S6bt+zDXLYYpynT5+wy%!0mb1n8LHuPI-J>6*@(XaJpJ30I*PeNAi| zc&@^?y-f-mopu6PPGY;8BvtgjYMct8MmK*k*EmdsxVpd)>9YN?*k50)nCc`S{(SN7 zT;hm+ZIZS+r&AldPPdn*YukT&3`vo1@j76g{Xg>B@!!$FJKEd-T|nLblPpuc$_c!# zcEVk}KygM7%t>*6mIE-C1m$_W-0&pJmXJf`7D~d}hy}0)kJVfNW`Yz@bP>u?R+L4Y zIG(fVmeYBE`qP`s^V738RZn?l{6UH|s5JtND6;4RN6pr<{ha9HU|b46w;L6%O}D|* zZ}Eeb!=No62*wGvx;2SmI(=G=xMIB;0@d?vodu3dykbeNP>yMcr(q~^uHWA_QW2tG zQ=L@2Yv*~GPD`xTA%9M)#V;gf;KFafDUXnAcrhoN#s7_l#%T34!yK)heAr;T$JXEb zLfih!AqlsA53t7mA0GNg?eo7s*q{G*0(JXu)}G`#5t9CDw9vhJq3m_%>|{^|ih|)? zyn@Ubs=(<2$>@(#dx1hVv^^lWkNYmm!uIPoEVgY>aYPYgpjZx|ZFPjY(^^ zC@b5o%wuWlh&6R;L#8%hwH&LH_Fb5*T$;r(%9O4YtQ5W0Fr+-9Jhts~j8<1m7^mCq zI-Bp4KU&6j+Ae}&=~`#=zhyKBU~yBf4p8#p7Yw!8jh5`P;k{N6 zPX!yjqx&k+vJH0IrrK1-hhM;lTDg1f+&j#;TOATtE|WDucd|=6(zCkI52tapQ8r$| z8jrhZ;bS|~-yyW)zowttP9(VQ{-=M~j{lDPgMI#YC$KdC+tSWE82$y@wK=bv&Oi3c z`3}J9zpWtb*|2=;)xhiY-#_u&`9JS)pa0tl+*+6FyZ&LbF!iibQ(L+sa}Hm`P{EKW zj6m?>Xa_jP;*4bV+it3Qy{TdQ*c0D_fo1x??P}0<`G2p!c>jAc*z5l;z%Kc!O3hMt z=S7-EbsddYTJTjwwzr#W%2bndgZi)oQ;+#K^>@gm_&O;oB%K5MXsb1YUhieDP!{&) z)gNAFM5${bqgTPpT(Vce%S=f9s$dn0G$o)gBhnQ4F{(6(5kw*-lq(PtXa*#TBr1if zR-MO%hFqa7>nuigxHz{G`27>tEB^IfJoml%pC^6SKQ<43|GEEv#nTJ>c>LT|kv9^v4+_|I?G zfAqb>{yzV+6WD5YybKr1On4EQG;-m#;-WJoI!tWj(a4J1?x)3Z(v~k&>G871M(F%4&^!IfB7-RkEx)5@c@yaW{EzV$mr}NEB+xM(12PrXCXQ8F1G|_q4(Hgq* ztn=9WcMtc2JKO*Aes~i%urB@^wBx_Ne|)^p|Lp`G;=a*tqi(rlwt2@`I+*!=qB;F8 zzfo+_%o?g2L|D8+gzqnYyj}mdQw_XE|NH%;qjvn~AD!&=e;2S}{qIZ>zp3iC3@JLB zRr}Vcn^nHcs!(f6zpMCYtRcj|aat?rFY=4pJe=_rxc8u)V;lKXZ zg%6xf%r8)7RwT$!0;3#V$9;YI`BDq>Q)p)*O$CQfXO|FBshr}l-7}w7e8(OBDtqR0 z){w-#;$!xx#=JLYG$i3wp23JRRL(P3U1!cScSx?BXRc0*zlEf+^X#9_0em8oid@0l z*Kd?l9O=Gbs2!I^NO~4siZ6~kR-uTn_t=v1.16.0-r0' - maintainers: - - email: maintainers@longhorn.io - name: Longhorn maintainers - - email: sheng@yasker.org - name: Sheng Yang - name: longhorn - sources: - - https://github.com/longhorn/longhorn - - https://github.com/longhorn/longhorn-engine - - https://github.com/longhorn/longhorn-instance-manager - - https://github.com/longhorn/longhorn-share-manager - - https://github.com/longhorn/longhorn-manager - - https://github.com/longhorn/longhorn-ui - - https://github.com/longhorn/longhorn-tests - urls: - - released/assets/longhorn/longhorn-1.1.001-rc01.tgz - version: 1.1.001-rc01 - - annotations: - catalog.cattle.io/auto-install: longhorn-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Longhorn - catalog.cattle.io/namespace: longhorn-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: longhorn.io/v1beta1 - catalog.cattle.io/release-name: longhorn - catalog.cattle.io/ui-component: longhorn - apiVersion: v1 - appVersion: v1.1.0 - created: "2021-03-04T09:47:44.628491-08:00" - description: Longhorn is a distributed block storage system for Kubernetes. - digest: 13e6c2b046fb4d24da32f2d685ea51449eaa377a3e57924ef721387b891f8c47 - home: https://github.com/longhorn/longhorn - icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/longhorn/icon/color/longhorn-icon-color.svg?sanitize=true - keywords: - - longhorn - - storage - - distributed - - block - - device - - iscsi - kubeVersion: '>=v1.16.0-r0' - maintainers: - - email: maintainers@longhorn.io - name: Longhorn maintainers - - email: sheng@yasker.org - name: Sheng Yang - name: longhorn - sources: - - https://github.com/longhorn/longhorn - - https://github.com/longhorn/longhorn-engine - - https://github.com/longhorn/longhorn-instance-manager - - https://github.com/longhorn/longhorn-share-manager - - https://github.com/longhorn/longhorn-manager - - https://github.com/longhorn/longhorn-ui - - https://github.com/longhorn/longhorn-tests - urls: - - released/assets/longhorn/longhorn-1.1.001-rc00.tgz - version: 1.1.001-rc00 - - annotations: - catalog.cattle.io/auto-install: longhorn-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Longhorn - catalog.cattle.io/namespace: longhorn-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: longhorn.io/v1beta1 - catalog.cattle.io/release-name: longhorn - catalog.cattle.io/ui-component: longhorn - apiVersion: v1 - appVersion: v1.1.0 - created: "2021-01-15T00:11:30.464593-08:00" - description: Longhorn is a distributed block storage system for Kubernetes. - digest: 4d9c34af5cb6f983649c0da636853dcb363aa6aed1293bffb11ddfd04180d122 - home: https://github.com/longhorn/longhorn - icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/longhorn/icon/color/longhorn-icon-color.svg - keywords: - - longhorn - - storage - - distributed - - block - - device - - iscsi - kubeVersion: '>=v1.16.0-r0' - maintainers: - - email: maintainers@longhorn.io - name: Longhorn maintainers - - email: sheng@yasker.org - name: Sheng Yang - name: longhorn - sources: - - https://github.com/longhorn/longhorn - - https://github.com/longhorn/longhorn-engine - - https://github.com/longhorn/longhorn-instance-manager - - https://github.com/longhorn/longhorn-share-manager - - https://github.com/longhorn/longhorn-manager - - https://github.com/longhorn/longhorn-ui - - https://github.com/longhorn/longhorn-tests - urls: - - released/assets/longhorn/longhorn-1.1.000.tgz - version: 1.1.000 - - annotations: - catalog.cattle.io/auto-install: longhorn-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Longhorn - catalog.cattle.io/namespace: longhorn-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: longhorn.io/v1beta1 - catalog.cattle.io/release-name: longhorn - catalog.cattle.io/ui-component: longhorn - apiVersion: v1 - appVersion: v1.0.2 - created: "2021-01-15T00:11:30.463634-08:00" - description: Longhorn is a distributed block storage system for Kubernetes. - digest: b5e9f517ae4bf542afd3f9717ad0c81dd3a1a99361a19ce51effe40a4696f045 - home: https://github.com/longhorn/longhorn - icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/longhorn/icon/color/longhorn-icon-color.svg - keywords: - - longhorn - - storage - - distributed - - block - - device - - iscsi - kubeVersion: '>=v1.14.0-r0' - maintainers: - - email: maintainers@longhorn.io - name: Longhorn maintainers - - email: sheng@yasker.org - name: Sheng Yang - name: longhorn - sources: - - https://github.com/longhorn/longhorn - - https://github.com/longhorn/longhorn-engine - - https://github.com/longhorn/longhorn-instance-manager - - https://github.com/longhorn/longhorn-manager - - https://github.com/longhorn/longhorn-ui - - https://github.com/longhorn/longhorn-tests - urls: - - released/assets/longhorn/longhorn-1.0.202.tgz - version: 1.0.202 - - annotations: - catalog.cattle.io/auto-install: longhorn-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Longhorn - catalog.cattle.io/namespace: longhorn-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: longhorn.io/v1beta1 - catalog.cattle.io/release-name: longhorn - catalog.cattle.io/ui-component: longhorn - apiVersion: v1 - appVersion: v1.0.2 - created: "2021-01-15T00:11:30.462831-08:00" - description: Longhorn is a distributed block storage system for Kubernetes. - digest: 8ab068f792fac6d4de81fdc6f66a7fa00c7d379e46d6715ee25c3c764f5b95f8 - home: https://github.com/longhorn/longhorn - icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/longhorn/icon/color/longhorn-icon-color.svg - keywords: - - longhorn - - storage - - distributed - - block - - device - - iscsi - kubeVersion: '>=v1.14.0-r0' - maintainers: - - email: maintainers@longhorn.io - name: Longhorn maintainers - - email: sheng@yasker.org - name: Sheng Yang - name: longhorn - sources: - - https://github.com/longhorn/longhorn - - https://github.com/longhorn/longhorn-engine - - https://github.com/longhorn/longhorn-instance-manager - - https://github.com/longhorn/longhorn-manager - - https://github.com/longhorn/longhorn-ui - - https://github.com/longhorn/longhorn-tests - urls: - - released/assets/longhorn/longhorn-1.0.201.tgz - version: 1.0.201 - - annotations: - catalog.cattle.io/auto-install: longhorn-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/namespace: longhorn-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: longhorn.io/v1beta1 - catalog.cattle.io/release-name: longhorn - catalog.cattle.io/ui-component: longhorn - apiVersion: v1 - appVersion: v1.0.2 - created: "2021-01-15T00:11:30.461814-08:00" - description: Longhorn is a distributed block storage system for Kubernetes. - digest: 49b5b8341fdc7a39337f20edac1667d1a2f36b579f9cb7ecdc2ebf987e03df3f - home: https://github.com/longhorn/longhorn - icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/longhorn/icon/color/longhorn-icon-color.svg - keywords: - - longhorn - - storage - - distributed - - block - - device - - iscsi - kubeVersion: '>=v1.14.0-r0' - maintainers: - - email: maintainers@longhorn.io - name: Longhorn maintainers - - email: sheng@yasker.org - name: Sheng Yang - name: longhorn - sources: - - https://github.com/longhorn/longhorn - - https://github.com/longhorn/longhorn-engine - - https://github.com/longhorn/longhorn-instance-manager - - https://github.com/longhorn/longhorn-manager - - https://github.com/longhorn/longhorn-ui - - https://github.com/longhorn/longhorn-tests - urls: - - released/assets/longhorn/longhorn-1.0.200.tgz - version: 1.0.200 - longhorn-crd: - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: longhorn-system - catalog.cattle.io/release-name: longhorn-crd - apiVersion: v1 - created: "2021-03-04T09:47:44.62989-08:00" - description: Installs the CRDs for longhorn. - digest: 2dde1bf0c307ab4fddaa36f7fec5c42495e6cd2356605e6fbff816a33303fd4a - name: longhorn-crd - type: application - urls: - - released/assets/longhorn/longhorn-crd-1.1.001-rc01.tgz - version: 1.1.001-rc01 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: longhorn-system - catalog.cattle.io/release-name: longhorn-crd - apiVersion: v1 - created: "2021-03-04T09:47:44.629703-08:00" - description: Installs the CRDs for longhorn. - digest: d5433891d9ca259d2eedb2d969adda94fe2e85b89dfa17e58785ef39a7ac0923 - name: longhorn-crd - type: application - urls: - - released/assets/longhorn/longhorn-crd-1.1.001-rc00.tgz - version: 1.1.001-rc00 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: longhorn-system - catalog.cattle.io/release-name: longhorn-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.46526-08:00" - description: Installs the CRDs for longhorn. - digest: 2ca9ca1b7af582f9c0e89684e4624a4d4cfc1484ceee74f3cab9c22c7b4e823f - name: longhorn-crd - type: application - urls: - - released/assets/longhorn/longhorn-crd-1.1.000.tgz - version: 1.1.000 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: longhorn-system - catalog.cattle.io/release-name: longhorn-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.465077-08:00" - description: Installs the CRDs for longhorn. - digest: 585f1161f2d231cdfe9abc44c9f7ef257cc217f611a617be76b590a7f6a32350 - name: longhorn-crd - type: application - urls: - - released/assets/longhorn/longhorn-crd-1.0.202.tgz - version: 1.0.202 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: longhorn-system - catalog.cattle.io/release-name: longhorn-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.464922-08:00" - description: Installs the CRDs for longhorn. - digest: 3b8908fb3dec0f0b70a7775a70fd3f1fc8cb1a4c1b72a7f564e6ccb3c11f94b1 - name: longhorn-crd - type: application - urls: - - released/assets/longhorn/longhorn-crd-1.0.201.tgz - version: 1.0.201 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: longhorn-system - catalog.cattle.io/release-name: longhorn-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.464762-08:00" - description: Installs the CRDs for longhorn. - digest: 815331159012c16c6cd9816a10a38fcf03972d2f3a9f5fc97b8e0f87e937d10b - name: longhorn-crd - type: application - urls: - - released/assets/longhorn/longhorn-crd-1.0.200.tgz - version: 1.0.200 - rancher-backup: - - annotations: - catalog.cattle.io/auto-install: rancher-backup-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Rancher Backups - catalog.cattle.io/namespace: cattle-resources-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: resources.cattle.io.resourceset/v1 - catalog.cattle.io/release-name: rancher-backup - catalog.cattle.io/scope: management - catalog.cattle.io/ui-component: rancher-backup - apiVersion: v1 - appVersion: v1.0.3 - created: "2021-03-04T09:47:44.630746-08:00" - description: Provides ability to back up and restore the Rancher application running - on any Kubernetes cluster - digest: 7d6296d4c459042bb7f85543691ba807ae03cda6d42db22fcdafd01dbf49edea - icon: https://charts.rancher.io/assets/logos/backup-restore.svg - keywords: - - applications - - infrastructure - name: rancher-backup - urls: - - released/assets/rancher-backup/rancher-backup-1.0.301-rc01.tgz - version: 1.0.301-rc01 - - annotations: - catalog.cattle.io/auto-install: rancher-backup-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Rancher Backups - catalog.cattle.io/namespace: cattle-resources-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: resources.cattle.io.resourceset/v1 - catalog.cattle.io/release-name: rancher-backup - catalog.cattle.io/scope: management - catalog.cattle.io/ui-component: rancher-backup - apiVersion: v1 - appVersion: v1.0.3 - created: "2021-03-04T09:47:44.630323-08:00" - description: Provides ability to back up and restore the Rancher application running - on any Kubernetes cluster - digest: 9f44f0901b03b9349242bc2b0e9cb6ec6b3e10f6583f605e3c3d8b87dc5f490c - icon: https://charts.rancher.io/assets/logos/backup-restore.svg - keywords: - - applications - - infrastructure - name: rancher-backup - urls: - - released/assets/rancher-backup/rancher-backup-1.0.301-rc00.tgz - version: 1.0.301-rc00 - - annotations: - catalog.cattle.io/auto-install: rancher-backup-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Rancher Backups - catalog.cattle.io/namespace: cattle-resources-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: resources.cattle.io.resourceset/v1 - catalog.cattle.io/release-name: rancher-backup - catalog.cattle.io/scope: management - catalog.cattle.io/ui-component: rancher-backup - apiVersion: v1 - appVersion: v1.0.3 - created: "2021-01-15T00:11:30.466548-08:00" - description: Provides ability to back up and restore the Rancher application running - on any Kubernetes cluster - digest: 9fe775b7260bad706159af83c256b93662902bfef01cc071f3f3bb780d9e18bc - icon: https://charts.rancher.io/assets/logos/backup-restore.svg - keywords: - - applications - - infrastructure - name: rancher-backup - urls: - - released/assets/rancher-backup/rancher-backup-1.0.300.tgz - version: 1.0.300 - - annotations: - catalog.cattle.io/auto-install: rancher-backup-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Rancher Backups - catalog.cattle.io/namespace: cattle-resources-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: resources.cattle.io.resourceset/v1 - catalog.cattle.io/release-name: rancher-backup - catalog.cattle.io/scope: management - catalog.cattle.io/ui-component: rancher-backup - apiVersion: v1 - appVersion: v1.0.2 - created: "2021-01-15T00:11:30.466109-08:00" - description: Provides ability to back up and restore the Rancher application running - on any Kubernetes cluster - digest: 931b45edda48b555f6c5c1179776787b615129f92026658100104e8f9a9012c5 - icon: https://charts.rancher.io/assets/logos/backup-restore.svg - keywords: - - applications - - infrastructure - name: rancher-backup - urls: - - released/assets/rancher-backup/rancher-backup-1.0.201.tgz - version: 1.0.201 - - annotations: - catalog.cattle.io/auto-install: rancher-backup-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/namespace: cattle-resources-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: resources.cattle.io.resourceset/v1 - catalog.cattle.io/release-name: rancher-backup - catalog.cattle.io/scope: management - catalog.cattle.io/ui-component: rancher-backup - apiVersion: v1 - appVersion: v1.0.2 - created: "2021-01-15T00:11:30.465667-08:00" - description: Provides ability to back up and restore the Rancher application running - on any Kubernetes cluster - digest: 8c5375832bcb54fb3bc4d708ca22248e381bf1fcde8013a48a0b37d9a60e2375 - icon: https://charts.rancher.io/assets/logos/backup-restore.svg - keywords: - - applications - - infrastructure - name: rancher-backup - urls: - - released/assets/rancher-backup/rancher-backup-1.0.200.tgz - version: 1.0.200 - rancher-backup-crd: - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-resources-system - catalog.cattle.io/release-name: rancher-backup-crd - apiVersion: v1 - created: "2021-03-04T09:47:44.631124-08:00" - description: Installs the CRDs for rancher-backup. - digest: bfc3f4d5d64a7989eec4d518c36276acdc21f5fbb98ace02a80678d5caf390d5 - name: rancher-backup-crd - type: application - urls: - - released/assets/rancher-backup/rancher-backup-crd-1.0.301-rc01.tgz - version: 1.0.301-rc01 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-resources-system - catalog.cattle.io/release-name: rancher-backup-crd - apiVersion: v1 - created: "2021-03-04T09:47:44.630938-08:00" - description: Installs the CRDs for rancher-backup. - digest: 472492587c7403c45544ee70a9cdaa6c20afe8367415e35aa934f048a7071eba - name: rancher-backup-crd - type: application - urls: - - released/assets/rancher-backup/rancher-backup-crd-1.0.301-rc00.tgz - version: 1.0.301-rc00 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-resources-system - catalog.cattle.io/release-name: rancher-backup-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.467126-08:00" - description: Installs the CRDs for rancher-backup. - digest: 8d6e14dccabb8477c1e27b3bfbab4f8751252d492152a2ac2640bbbb3ec6d4c4 - name: rancher-backup-crd - type: application - urls: - - released/assets/rancher-backup/rancher-backup-crd-1.0.300.tgz - version: 1.0.300 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-resources-system - catalog.cattle.io/release-name: rancher-backup-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.466935-08:00" - description: Installs the CRDs for rancher-backup. - digest: ebf8da7907c5fce5f9dccf4c3fa540f76c296955cd466a15f3f88b41b8f7d3dd - name: rancher-backup-crd - type: application - urls: - - released/assets/rancher-backup/rancher-backup-crd-1.0.201.tgz - version: 1.0.201 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-resources-system - catalog.cattle.io/release-name: rancher-backup-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.46675-08:00" - description: Installs the CRDs for rancher-backup. - digest: 7021563a39672f11d7af57f1769da179d3f059d5f2fe9e72c6a1a486a52eed73 - name: rancher-backup-crd - type: application - urls: - - released/assets/rancher-backup/rancher-backup-crd-1.0.200.tgz - version: 1.0.200 - rancher-cis-benchmark: - - annotations: - catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: CIS Benchmark - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 - catalog.cattle.io/release-name: rancher-cis-benchmark - catalog.cattle.io/ui-component: rancher-cis-benchmark - apiVersion: v1 - appVersion: v1.0.3 - created: "2021-03-04T09:47:44.632119-08:00" - description: The cis-operator enables running CIS benchmark security scans on - a kubernetes cluster - digest: 5e389e57302f2f4ee674490e0ca7dcd4d78b2afd0f038d840dac974b77d66ede - icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg - keywords: - - security - name: rancher-cis-benchmark - urls: - - released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.301-rc01.tgz - version: 1.0.301-rc01 - - annotations: - catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: CIS Benchmark - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 - catalog.cattle.io/release-name: rancher-cis-benchmark - catalog.cattle.io/ui-component: rancher-cis-benchmark - apiVersion: v1 - appVersion: v1.0.3 - created: "2021-03-04T09:47:44.631629-08:00" - description: The cis-operator enables running CIS benchmark security scans on - a kubernetes cluster - digest: 6fec0634cd92f79fa192e7860fd99babb104e0350a9007a9923e8439b761ff08 - icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg - keywords: - - security - name: rancher-cis-benchmark - urls: - - released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.301-rc00.tgz - version: 1.0.301-rc00 - - annotations: - catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: CIS Benchmark - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 - catalog.cattle.io/release-name: rancher-cis-benchmark - catalog.cattle.io/ui-component: rancher-cis-benchmark - apiVersion: v1 - appVersion: v1.0.3 - created: "2021-01-15T00:11:30.468452-08:00" - description: The cis-operator enables running CIS benchmark security scans on - a kubernetes cluster - digest: af499c4fbd67e594057e97ac025011c52f0e02d6f7571532b7f5a2b19ed19035 - icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg - keywords: - - security - name: rancher-cis-benchmark - urls: - - released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.300.tgz - version: 1.0.300 - - annotations: - catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: CIS Benchmark - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 - catalog.cattle.io/release-name: rancher-cis-benchmark - catalog.cattle.io/ui-component: rancher-cis-benchmark - apiVersion: v1 - appVersion: v1.0.2 - created: "2021-01-15T00:11:30.46796-08:00" - description: The cis-operator enables running CIS benchmark security scans on - a kubernetes cluster - digest: b234bbf851d0c5bf1cb02e51ea647d95d53e9f2302b1e68518eadb694f345a1c - icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg - keywords: - - security - name: rancher-cis-benchmark - urls: - - released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.200.tgz - version: 1.0.200 - - annotations: - catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 - catalog.cattle.io/release-name: rancher-cis-benchmark - catalog.cattle.io/ui-component: rancher-cis-benchmark - apiVersion: v1 - appVersion: v1.0.1 - created: "2021-01-15T00:11:30.46754-08:00" - description: The cis-operator enables running CIS benchmark security scans on - a kubernetes cluster - digest: 0d4ff5981f5ee48fca8a887ab0608888f85f97285175c46d7320c6987f167d4f - icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg - keywords: - - security - name: rancher-cis-benchmark - urls: - - released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.100.tgz - version: 1.0.100 - rancher-cis-benchmark-crd: - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/release-name: rancher-cis-benchmark-crd - apiVersion: v1 - created: "2021-03-04T09:47:44.632511-08:00" - description: Installs the CRDs for rancher-cis-benchmark. - digest: 2fa5d4eb62b76871efccfcdc5c0d4125b1bccc0e2bb498732938ba23ed3bd8fb - name: rancher-cis-benchmark-crd - type: application - urls: - - released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.301-rc01.tgz - version: 1.0.301-rc01 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/release-name: rancher-cis-benchmark-crd - apiVersion: v1 - created: "2021-03-04T09:47:44.632321-08:00" - description: Installs the CRDs for rancher-cis-benchmark. - digest: 1f210946fe8e6b3b2b656ea6488536fb942f4ab8202ad6cf265a211e792260b4 - name: rancher-cis-benchmark-crd - type: application - urls: - - released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.301-rc00.tgz - version: 1.0.301-rc00 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/release-name: rancher-cis-benchmark-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.469354-08:00" - description: Installs the CRDs for rancher-cis-benchmark. - digest: 4a4fbd34ab72796c4780acb6ad99de5dad5f5f54edbd9dad281fc886c3a8b184 - name: rancher-cis-benchmark-crd - type: application - urls: - - released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.300.tgz - version: 1.0.300 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/release-name: rancher-cis-benchmark-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.468842-08:00" - description: Installs the CRDs for rancher-cis-benchmark. - digest: 1da104dc221a9772a21e67ef787919cc191d6df3ccdf019f464e3091d6ed0703 - name: rancher-cis-benchmark-crd - type: application - urls: - - released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.200.tgz - version: 1.0.200 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/release-name: rancher-cis-benchmark-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.468647-08:00" - description: Installs the CRDs for rancher-cis-benchmark. - digest: cc33de77923232bda5875b6568522cffe8950e2d9bb3793ee30978c5257f4354 - name: rancher-cis-benchmark-crd - type: application - urls: - - released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.100.tgz - version: 1.0.100 - rancher-external-ip-webhook: - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: External IP Webhook - catalog.cattle.io/namespace: cattle-externalip-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-external-ip-webhook - catalog.cattle.io/ui-component: rancher-external-ip-webhook - apiVersion: v1 - appVersion: v0.1.6 - created: "2021-03-04T09:47:44.633755-08:00" - description: | - Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554 - digest: 7a196d304a2bad5e585fae961188861da5bb84679e576b6882ebf3fd6640137e - home: https://github.com/rancher/externalip-webhook - keywords: - - cve - - externalip - - webhook - - security - maintainers: - - email: raul@rancher.com - name: rawmind0 - name: rancher-external-ip-webhook - sources: - - https://github.com/rancher/externalip-webhook - urls: - - released/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.601-rc01.tgz - version: 0.1.601-rc01 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: External IP Webhook - catalog.cattle.io/namespace: cattle-externalip-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-external-ip-webhook - catalog.cattle.io/ui-component: rancher-external-ip-webhook - apiVersion: v1 - appVersion: v0.1.6 - created: "2021-03-04T09:47:44.633141-08:00" - description: | - Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554 - digest: 6294a812fd938166bfb8f0f9d84d3eeb47f9387040d74837ff0127b89e1850de - home: https://github.com/rancher/externalip-webhook - keywords: - - cve - - externalip - - webhook - - security - maintainers: - - email: raul@rancher.com - name: rawmind0 - name: rancher-external-ip-webhook - sources: - - https://github.com/rancher/externalip-webhook - urls: - - released/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.601-rc00.tgz - version: 0.1.601-rc00 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: External IP Webhook - catalog.cattle.io/namespace: cattle-externalip-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-external-ip-webhook - catalog.cattle.io/ui-component: rancher-external-ip-webhook - apiVersion: v1 - appVersion: v0.1.6 - created: "2021-01-15T00:11:30.471579-08:00" - description: | - Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554 - digest: 70c430a933e17279605936c73b17cbd192f7f86da0573d6c2a6dbdf745a5c7af - home: https://github.com/rancher/externalip-webhook - keywords: - - cve - - externalip - - webhook - - security - maintainers: - - email: raul@rancher.com - name: rawmind0 - name: rancher-external-ip-webhook - sources: - - https://github.com/rancher/externalip-webhook - urls: - - released/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.600.tgz - version: 0.1.600 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: External IP Webhook - catalog.cattle.io/namespace: cattle-externalip-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-external-ip-webhook - catalog.cattle.io/ui-component: rancher-external-ip-webhook - apiVersion: v1 - appVersion: v0.1.5 - created: "2021-01-15T00:11:30.47095-08:00" - description: | - Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554 - digest: a272ec4ad785095ed827d087b8976c7f327e1f28a6ab0cdb7a839580487c40fb - home: https://github.com/rancher/externalip-webhook - keywords: - - cve - - externalip - - webhook - - security - maintainers: - - email: raul@rancher.com - name: rawmind0 - name: rancher-external-ip-webhook - sources: - - https://github.com/rancher/externalip-webhook - urls: - - released/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.500.tgz - version: 0.1.500 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: External IP Webhook - catalog.cattle.io/namespace: cattle-externalip-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-external-ip-webhook - catalog.cattle.io/ui-component: rancher-external-ip-webhook - apiVersion: v1 - appVersion: v0.1.4 - created: "2021-01-15T00:11:30.47031-08:00" - description: | - Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554 - digest: 207982df2b8b709b2ac2c9bc9ccda6955bebc6c7866e3531391e7905eafb154e - home: https://github.com/rancher/externalip-webhook - keywords: - - cve - - externalip - - webhook - - security - maintainers: - - email: raul@rancher.com - name: rawmind0 - name: rancher-external-ip-webhook - sources: - - https://github.com/rancher/externalip-webhook - urls: - - released/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.400.tgz - version: 0.1.400 - rancher-gatekeeper: - - annotations: - catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: OPA Gatekeeper - catalog.cattle.io/namespace: cattle-gatekeeper-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: config.gatekeeper.sh.config/v1alpha1 - catalog.cattle.io/release-name: rancher-gatekeeper - catalog.cattle.io/ui-component: gatekeeper - apiVersion: v1 - appVersion: v3.3.0 - created: "2021-03-04T09:47:44.635421-08:00" - description: Modifies Open Policy Agent's upstream gatekeeper chart that provides - policy-based control for cloud native environments - digest: f912c6f2f214dca2e07810c0ca88904c58909f392e10cdf8a9c43dcafaf4de46 - home: https://github.com/open-policy-agent/gatekeeper - icon: https://charts.rancher.io/assets/logos/gatekeeper.svg - keywords: - - open policy agent - - security - name: rancher-gatekeeper - sources: - - https://github.com/open-policy-agent/gatekeeper.git - urls: - - released/assets/rancher-gatekeeper/rancher-gatekeeper-3.3.000-rc02.tgz - version: 3.3.000-rc02 - - annotations: - catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: OPA Gatekeeper - catalog.cattle.io/namespace: cattle-gatekeeper-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: config.gatekeeper.sh.config/v1alpha1 - catalog.cattle.io/release-name: rancher-gatekeeper - catalog.cattle.io/ui-component: gatekeeper - apiVersion: v1 - appVersion: v3.3.0 - created: "2021-03-04T09:47:44.634782-08:00" - description: Modifies Open Policy Agent's upstream gatekeeper chart that provides - policy-based control for cloud native environments - digest: 9b6b061a749d2fd7d112753db206e27f472dda6d597fe7f5baea7bf37dcacec2 - home: https://github.com/open-policy-agent/gatekeeper - icon: https://charts.rancher.io/assets/logos/gatekeeper.svg - keywords: - - open policy agent - - security - name: rancher-gatekeeper - sources: - - https://github.com/open-policy-agent/gatekeeper.git - urls: - - released/assets/rancher-gatekeeper/rancher-gatekeeper-3.3.000-rc01.tgz - version: 3.3.000-rc01 - - annotations: - catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: OPA Gatekeeper - catalog.cattle.io/experimental: "true" - catalog.cattle.io/namespace: cattle-gatekeeper-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: config.gatekeeper.sh.config/v1alpha1 - catalog.cattle.io/release-name: rancher-gatekeeper - catalog.cattle.io/ui-component: gatekeeper - apiVersion: v1 - appVersion: v3.2.1 - created: "2021-01-15T00:11:30.47384-08:00" - description: Modifies Open Policy Agent's upstream gatekeeper chart that provides - policy-based control for cloud native environments - digest: f6da9f05a9bf5ffbe59780c578624db93979d6e3c4b3d69e90e5090007aec52d - home: https://github.com/open-policy-agent/gatekeeper - icon: https://charts.rancher.io/assets/logos/gatekeeper.svg - keywords: - - open policy agent - - security - name: rancher-gatekeeper - sources: - - https://github.com/open-policy-agent/gatekeeper.git - urls: - - released/assets/rancher-gatekeeper/rancher-gatekeeper-3.2.101.tgz - version: 3.2.101 - - annotations: - catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: OPA Gatekeeper - catalog.cattle.io/experimental: "true" - catalog.cattle.io/namespace: cattle-gatekeeper-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: config.gatekeeper.sh.config/v1alpha1 - catalog.cattle.io/release-name: rancher-gatekeeper - catalog.cattle.io/ui-component: gatekeeper - apiVersion: v1 - appVersion: v3.2.1 - created: "2021-01-15T00:11:30.473251-08:00" - description: Modifies Open Policy Agent's upstream gatekeeper chart that provides - policy-based control for cloud native environments - digest: 42a1e00cad97b74471506ba628366e005657b71fa38808c438faf239b082bb38 - home: https://github.com/open-policy-agent/gatekeeper - icon: https://charts.rancher.io/assets/logos/gatekeeper.svg - keywords: - - open policy agent - - security - name: rancher-gatekeeper - sources: - - https://github.com/open-policy-agent/gatekeeper.git - urls: - - released/assets/rancher-gatekeeper/rancher-gatekeeper-3.2.100.tgz - version: 3.2.100 - - annotations: - catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: OPA Gatekeeper - catalog.cattle.io/experimental: "true" - catalog.cattle.io/namespace: cattle-gatekeeper-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: config.gatekeeper.sh.config/v1alpha1 - catalog.cattle.io/release-name: rancher-gatekeeper - apiVersion: v1 - appVersion: v3.1.1 - created: "2021-01-15T00:11:30.472662-08:00" - description: Modifies Open Policy Agent's upstream gatekeeper chart that provides - policy-based control for cloud native environments - digest: 8fdc03791c93b6d6f6d81edf27988c5a31c3c5bc113da8d8520ec534af087393 - home: https://github.com/open-policy-agent/gatekeeper - icon: https://charts.rancher.io/assets/logos/gatekeeper.svg - keywords: - - open policy agent - - security - name: rancher-gatekeeper - sources: - - https://github.com/open-policy-agent/gatekeeper.git - urls: - - released/assets/rancher-gatekeeper/rancher-gatekeeper-3.1.101.tgz - version: 3.1.101 - - annotations: - catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/namespace: cattle-gatekeeper-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: config.gatekeeper.sh.config/v1alpha1 - catalog.cattle.io/release-name: rancher-gatekeeper - apiVersion: v1 - appVersion: v3.1.1 - created: "2021-01-15T00:11:30.472104-08:00" - description: Modifies Open Policy Agent's upstream gatekeeper chart that provides - policy-based control for cloud native environments - digest: 5c0c935a6935ce109015e1b86bb4f435c0fe1aad7ee2ad858e01bae57c3425c1 - home: https://github.com/open-policy-agent/gatekeeper - icon: https://charts.rancher.io/assets/logos/gatekeeper.svg - keywords: - - open policy agent - - security - name: rancher-gatekeeper - sources: - - https://github.com/open-policy-agent/gatekeeper.git - urls: - - released/assets/rancher-gatekeeper/rancher-gatekeeper-3.1.100.tgz - version: 3.1.100 - rancher-gatekeeper-crd: - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-gatekeeper-system - catalog.cattle.io/release-name: rancher-gatekeeper-crd - apiVersion: v1 - created: "2021-03-04T09:47:44.63649-08:00" - description: Installs the CRDs for rancher-gatekeeper. - digest: 03e26e336f2b82b0c09b1191e7cd6cebf5e3c5de46666307e9426e78ef487c18 - name: rancher-gatekeeper-crd - type: application - urls: - - released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.3.000-rc02.tgz - version: 3.3.000-rc02 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-gatekeeper-system - catalog.cattle.io/release-name: rancher-gatekeeper-crd - apiVersion: v1 - created: "2021-03-04T09:47:44.636192-08:00" - description: Installs the CRDs for rancher-gatekeeper. - digest: ad678c2f7b1bf62c2d3f102847e2bf0920e6e41a6919dce6039385c6e70a8c52 - name: rancher-gatekeeper-crd - type: application - urls: - - released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.3.000-rc01.tgz - version: 3.3.000-rc01 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-gatekeeper-system - catalog.cattle.io/release-name: rancher-gatekeeper-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.474788-08:00" - description: Installs the CRDs for rancher-gatekeeper. - digest: 1118f66a1f8f8c192bb1793bcddb0b98af0db43b429df684b916c2e76b51486a - name: rancher-gatekeeper-crd - type: application - urls: - - released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.2.101.tgz - version: 3.2.101 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-gatekeeper-system - catalog.cattle.io/release-name: rancher-gatekeeper-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.474498-08:00" - description: Installs the CRDs for rancher-gatekeeper. - digest: 4900e53e49c6bdca47af9b37b3d7a7dfe4e16da027a3aaea69f4a211c5ced3c1 - name: rancher-gatekeeper-crd - type: application - urls: - - released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.2.100.tgz - version: 3.2.100 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-gatekeeper-system - catalog.cattle.io/release-name: rancher-gatekeeper-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.474283-08:00" - description: Installs the CRDs for rancher-gatekeeper. - digest: 25beb2fd49cefa59dfcee5e7a24866eb148ab264ee4c49f368589d3e92d7e269 - name: rancher-gatekeeper-crd - type: application - urls: - - released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.1.101.tgz - version: 3.1.101 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-gatekeeper-system - catalog.cattle.io/release-name: rancher-gatekeeper-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.474068-08:00" - description: Installs the CRDs for rancher-gatekeeper. - digest: ea6fca92a928c90b9539825af19f69378a608e189fcd0f06043b1213bb94cdaf - name: rancher-gatekeeper-crd - type: application - urls: - - released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.1.100.tgz - version: 3.1.100 - rancher-istio: - - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.29.000-rc00 - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Istio - catalog.cattle.io/namespace: istio-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1 - catalog.cattle.io/release-name: rancher-istio - catalog.cattle.io/requests-cpu: 710m - catalog.cattle.io/requests-memory: 2314Mi - catalog.cattle.io/ui-component: istio - apiVersion: v1 - appVersion: 1.8.3 - created: "2021-03-04T09:47:44.640129-08:00" - dependencies: - - condition: kiali.enabled - name: kiali - repository: file://./charts/kiali - - condition: tracing.enabled - name: tracing - repository: file://./charts/tracing - description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ - for details. - digest: fae8a77f05769320ce080c28656d5340be16b2fc1997702b444735623e8414c8 - icon: https://charts.rancher.io/assets/logos/istio.svg - keywords: - - networking - - infrastructure - name: rancher-istio - urls: - - released/assets/rancher-istio/rancher-istio-1.8.300-rc01.tgz - version: 1.8.300-rc01 - - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.29.000-rc00 - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Istio - catalog.cattle.io/namespace: istio-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1 - catalog.cattle.io/release-name: rancher-istio - catalog.cattle.io/requests-cpu: 710m - catalog.cattle.io/requests-memory: 2314Mi - catalog.cattle.io/ui-component: istio - apiVersion: v1 - appVersion: 1.8.3 - created: "2021-03-04T09:47:44.638495-08:00" - dependencies: - - condition: kiali.enabled - name: kiali - repository: file://./charts/kiali - - condition: tracing.enabled - name: tracing - repository: file://./charts/tracing - description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ - for details. - digest: e91424e345f8a654658f3f6a2f513aced8b3d65d86b4cda93fe5b4f7e3dbaabe - icon: https://charts.rancher.io/assets/logos/istio.svg - keywords: - - networking - - infrastructure - name: rancher-istio - urls: - - released/assets/rancher-istio/rancher-istio-1.8.300-rc00.tgz - version: 1.8.300-rc00 - - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.24.003 - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Istio - catalog.cattle.io/namespace: istio-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1 - catalog.cattle.io/release-name: rancher-istio - catalog.cattle.io/ui-component: istio - apiVersion: v1 - appVersion: 1.7.6 - created: "2021-01-15T00:11:30.48261-08:00" - dependencies: - - alias: kiali - condition: kiali.enabled - name: rancher-kiali-server - repository: file://../../rancher-kiali-server/charts - version: 1.24.0 - - alias: tracing - condition: tracing.enabled - name: rancher-tracing - repository: file://../../rancher-tracing/charts - version: 1.20.001 - description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ - for details. - digest: a3a4d39833cb8065099654aac034c344f531c5b0b164a0d1c96bea541d72e5bf - icon: https://charts.rancher.io/assets/logos/istio.svg - keywords: - - networking - - infrastructure - name: rancher-istio - urls: - - released/assets/rancher-istio/rancher-istio-1.7.600.tgz - version: 1.7.600 - - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.24.003 - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Istio - catalog.cattle.io/namespace: istio-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1 - catalog.cattle.io/release-name: rancher-istio - catalog.cattle.io/ui-component: istio - apiVersion: v1 - appVersion: 1.7.3 - created: "2021-01-15T00:11:30.481016-08:00" - dependencies: - - alias: kiali - condition: kiali.enabled - name: rancher-kiali-server - repository: file://../../rancher-kiali-server/charts - version: 1.24.0 - - alias: tracing - condition: tracing.enabled - name: rancher-tracing - repository: file://../../rancher-tracing/charts - version: 1.20.001 - description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ - for details. - digest: 3f32923202198fc41c607b179d194d4b579d790246e0959bf41b82a407bf1786 - icon: https://charts.rancher.io/assets/logos/istio.svg - keywords: - - networking - - infrastructure - name: rancher-istio - urls: - - released/assets/rancher-istio/rancher-istio-1.7.301.tgz - version: 1.7.301 - - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.24.001 - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Istio - catalog.cattle.io/namespace: istio-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1 - catalog.cattle.io/release-name: rancher-istio - catalog.cattle.io/ui-component: istio - apiVersion: v1 - appVersion: 1.7.3 - created: "2021-01-15T00:11:30.479382-08:00" - dependencies: - - alias: kiali - condition: kiali.enabled - name: rancher-kiali-server - repository: file://../../rancher-kiali-server/charts - version: 1.24.0 - description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ - for details. - digest: 723e0ffa6ab03dde307bcb2848095b91f49d33eae05a4b29c26fe3e4066fc30c - icon: https://charts.rancher.io/assets/logos/istio.svg - keywords: - - networking - - infrastructure - name: rancher-istio - urls: - - released/assets/rancher-istio/rancher-istio-1.7.300.tgz - version: 1.7.300 - - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.23.002 - catalog.cattle.io/certified: rancher - catalog.cattle.io/namespace: istio-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1 - catalog.cattle.io/release-name: rancher-istio - catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/ui-component: istio - apiVersion: v1 - appVersion: 1.7.1 - created: "2021-01-15T00:11:30.478046-08:00" - dependencies: - - alias: kiali - condition: kiali.enabled - name: rancher-kiali-server - repository: file://../../rancher-kiali-server/charts - version: 1.23.0 - description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ - for details. - digest: 2aa1870dabf3548c4ef52dde4515ca6b1478d75e052b8154555c43931829250b - icon: https://charts.rancher.io/assets/logos/istio.svg - keywords: - - networking - - infrastructure - name: rancher-istio - urls: - - released/assets/rancher-istio/rancher-istio-1.7.101.tgz - version: 1.7.101 - - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.23.001 - catalog.cattle.io/certified: rancher - catalog.cattle.io/namespace: istio-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1 - catalog.cattle.io/release-name: rancher-istio - catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/ui-component: istio - apiVersion: v1 - appVersion: 1.7.1 - created: "2021-01-15T00:11:30.476142-08:00" - dependencies: - - alias: kiali - condition: kiali.enabled - name: rancher-kiali-server - repository: file://../../rancher-kiali-server/charts - version: 1.23.0 - description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ - for details. - digest: a6a23976155b1c3375406c00b49c354238aa6b837f3b19bbf360279cef59f9ef - icon: https://charts.rancher.io/assets/logos/istio.svg - keywords: - - networking - - infrastructure - name: rancher-istio - urls: - - released/assets/rancher-istio/rancher-istio-1.7.100.tgz - version: 1.7.100 - rancher-kiali-server: - - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=match - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 - catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 - catalog.rancher.io/namespace: cattle-istio-system - catalog.rancher.io/release-name: rancher-kiali-server - apiVersion: v2 - appVersion: v1.29.0 - created: "2021-03-04T09:47:44.64267-08:00" - description: Kiali is an open source project for service mesh observability, refer - to https://www.kiali.io for details. This is installed as sub-chart with customized - values in Rancher's Istio. - digest: a3f8ceb754dba642cbd5fe638858e7ed18c56b2befc6284107cae9fc1a58dd1d - home: https://github.com/kiali/kiali - icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png - keywords: - - istio - - kiali - - networking - - infrastructure - maintainers: - - email: kiali-users@googlegroups.com - name: Kiali - url: https://kiali.io - name: rancher-kiali-server - sources: - - https://github.com/kiali/kiali - - https://github.com/kiali/kiali-ui - - https://github.com/kiali/kiali-operator - - https://github.com/kiali/helm-charts - urls: - - released/assets/rancher-kiali-server/rancher-kiali-server-1.29.000-rc01.tgz - version: 1.29.000-rc01 - - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=match - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 - catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 - catalog.rancher.io/namespace: cattle-istio-system - catalog.rancher.io/release-name: rancher-kiali-server - apiVersion: v2 - appVersion: v1.29.0 - created: "2021-03-04T09:47:44.641862-08:00" - description: Kiali is an open source project for service mesh observability, refer - to https://www.kiali.io for details. This is installed as sub-chart with customized - values in Rancher's Istio. - digest: 280bd0454a03a112e544ecacd5a06b793a627198fa06cf6a6fcea261fc6d9f4c - home: https://github.com/kiali/kiali - icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png - keywords: - - istio - - kiali - - networking - - infrastructure - maintainers: - - email: kiali-users@googlegroups.com - name: Kiali - url: https://kiali.io - name: rancher-kiali-server - sources: - - https://github.com/kiali/kiali - - https://github.com/kiali/kiali-ui - - https://github.com/kiali/kiali-operator - - https://github.com/kiali/helm-charts - urls: - - released/assets/rancher-kiali-server/rancher-kiali-server-1.29.000-rc00.tgz - version: 1.29.000-rc00 - - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=match - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 - catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 - catalog.rancher.io/namespace: cattle-istio-system - catalog.rancher.io/release-name: rancher-kiali-server - apiVersion: v2 - appVersion: v1.24.0 - created: "2021-01-15T00:11:30.487114-08:00" - description: Kiali is an open source project for service mesh observability, refer - to https://www.kiali.io for details. This is installed as sub-chart with customized - values in Rancher's Istio. - digest: c8a46b8e964f50e93e4add0c0192743339355950862f49b0d2b0131c9c2acd88 - home: https://github.com/kiali/kiali - icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png - keywords: - - istio - - kiali - - networking - - infrastructure - maintainers: - - email: kiali-users@googlegroups.com - name: Kiali - url: https://kiali.io - name: rancher-kiali-server - sources: - - https://github.com/kiali/kiali - - https://github.com/kiali/kiali-ui - - https://github.com/kiali/kiali-operator - - https://github.com/kiali/helm-charts - urls: - - released/assets/rancher-kiali-server/rancher-kiali-server-1.24.003.tgz - version: 1.24.003 - - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=match - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 - catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 - catalog.rancher.io/namespace: cattle-istio-system - catalog.rancher.io/release-name: rancher-kiali-server - apiVersion: v2 - appVersion: v1.24.0 - created: "2021-01-15T00:11:30.48568-08:00" - description: Kiali is an open source project for service mesh observability, refer - to https://www.kiali.io for details. This is installed as sub-chart with customized - values in Rancher's Istio. - digest: be2dd749ebeac4690827fdfac5b986d35ca3e9f9d1e9536ab093bb83da17d130 - home: https://github.com/kiali/kiali - icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png - keywords: - - istio - - kiali - - networking - - infrastructure - maintainers: - - email: kiali-users@googlegroups.com - name: Kiali - url: https://kiali.io - name: rancher-kiali-server - sources: - - https://github.com/kiali/kiali - - https://github.com/kiali/kiali-ui - - https://github.com/kiali/kiali-operator - - https://github.com/kiali/helm-charts - urls: - - released/assets/rancher-kiali-server/rancher-kiali-server-1.24.002.tgz - version: 1.24.002 - - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=match - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 - catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 - catalog.rancher.io/namespace: cattle-istio-system - catalog.rancher.io/release-name: rancher-kiali-server - apiVersion: v2 - appVersion: v1.24.0 - created: "2021-01-15T00:11:30.484905-08:00" - description: Kiali is an open source project for service mesh observability, refer - to https://www.kiali.io for details. This is installed as sub-chart with customized - values in Rancher's Istio. - digest: 5908c10ba62b92ba0f703ce91c2d0442f8e707622cdd7401cadf7cbbe523eb75 - home: https://github.com/kiali/kiali - icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png - keywords: - - istio - - kiali - - networking - - infrastructure - maintainers: - - email: kiali-users@googlegroups.com - name: Kiali - url: https://kiali.io - name: rancher-kiali-server - sources: - - https://github.com/kiali/kiali - - https://github.com/kiali/kiali-ui - - https://github.com/kiali/kiali-operator - - https://github.com/kiali/helm-charts - urls: - - released/assets/rancher-kiali-server/rancher-kiali-server-1.24.001.tgz - version: 1.24.001 - - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=match - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 - catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 - catalog.rancher.io/namespace: cattle-istio-system - catalog.rancher.io/release-name: rancher-kiali-server - apiVersion: v2 - appVersion: v1.23.0 - created: "2021-01-15T00:11:30.48414-08:00" - description: Kiali is an open source project for service mesh observability, refer - to https://www.kiali.io for details. This is installed as sub-chart with customized - values in Rancher's Istio. - digest: 57b9db10136f85d6ca7325e69d6d62ae256293620c2654d5478609e1d78da472 - home: https://github.com/kiali/kiali - icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png - keywords: - - istio - - kiali - - networking - - infrastructure - maintainers: - - email: kiali-users@googlegroups.com - name: Kiali - url: https://kiali.io - name: rancher-kiali-server - sources: - - https://github.com/kiali/kiali - - https://github.com/kiali/kiali-ui - - https://github.com/kiali/kiali-operator - - https://github.com/kiali/helm-charts - urls: - - released/assets/rancher-kiali-server/rancher-kiali-server-1.23.002.tgz - version: 1.23.002 - - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=match - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 - catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 - catalog.rancher.io/namespace: cattle-istio-system - catalog.rancher.io/release-name: rancher-kiali-server - apiVersion: v2 - appVersion: v1.23.0 - created: "2021-01-15T00:11:30.483373-08:00" - description: Kiali is an open source project for service mesh observability, refer - to https://www.kiali.io for details. This is installed as sub-chart with customized - values in Rancher's Istio. - digest: 369f3f444dc357b6f3e574daf63103d556757ee30c9413fa0c1588f1432d899d - home: https://github.com/kiali/kiali - icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png - keywords: - - istio - - kiali - - networking - - infrastructure - maintainers: - - email: kiali-users@googlegroups.com - name: Kiali - url: https://kiali.io - name: rancher-kiali-server - sources: - - https://github.com/kiali/kiali - - https://github.com/kiali/kiali-ui - - https://github.com/kiali/kiali-operator - - https://github.com/kiali/helm-charts - urls: - - released/assets/rancher-kiali-server/rancher-kiali-server-1.23.001.tgz - version: 1.23.001 - rancher-kiali-server-crd: - - annotations: - catalog.cattle.io/hidden: "true" - apiVersion: v2 - created: "2021-03-04T09:47:44.642973-08:00" - description: Installs the CRDs for rancher-kiali-server. - digest: ebe2573bff65881bb5ac4442c1eb88648c942f9bb2340d6c409ac74d467f96b1 - name: rancher-kiali-server-crd - type: application - urls: - - released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.29.000-rc01.tgz - version: 1.29.000-rc01 - - annotations: - catalog.cattle.io/hidden: "true" - apiVersion: v2 - created: "2021-03-04T09:47:44.642836-08:00" - description: Installs the CRDs for rancher-kiali-server. - digest: 07d01d30e02215be110edd55afa1a9e52b3de9592b24151f6450d5f17139e81c - name: rancher-kiali-server-crd - type: application - urls: - - released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.29.000-rc00.tgz - version: 1.29.000-rc00 - - annotations: - catalog.cattle.io/hidden: "true" - apiVersion: v2 - created: "2021-01-15T00:11:30.487854-08:00" - description: Installs the CRDs for rancher-kiali-server. - digest: 01aafd54277c2c010d382a92177391abe11c894ac5cdac331699518ba5616a0d - name: rancher-kiali-server-crd - type: application - urls: - - released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.24.003.tgz - version: 1.24.003 - - annotations: - catalog.cattle.io/hidden: "true" - apiVersion: v2 - created: "2021-01-15T00:11:30.487714-08:00" - description: Installs the CRDs for rancher-kiali-server. - digest: d22c5d81a57cf38e56db65a9809167b16688cff39c226f209a8f8c2b616267cd - name: rancher-kiali-server-crd - type: application - urls: - - released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.24.002.tgz - version: 1.24.002 - - annotations: - catalog.cattle.io/hidden: "true" - apiVersion: v2 - created: "2021-01-15T00:11:30.487574-08:00" - description: Installs the CRDs for rancher-kiali-server. - digest: d142e5634dafacd4ade2d93460b2926577ff87e4ba4a1100c1f280e22b8100fd - name: rancher-kiali-server-crd - type: application - urls: - - released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.24.001.tgz - version: 1.24.001 - - annotations: - catalog.cattle.io/hidden: "true" - apiVersion: v2 - created: "2021-01-15T00:11:30.487426-08:00" - description: Installs the CRDs for rancher-kiali-server. - digest: 2100f0710b74ff80aafb679d626c44033ac77dbc9a050a56f3bb07ad35ac9cb3 - name: rancher-kiali-server-crd - type: application - urls: - - released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.23.002.tgz - version: 1.23.002 - - annotations: - catalog.cattle.io/hidden: "true" - apiVersion: v2 - created: "2021-01-15T00:11:30.487274-08:00" - description: Installs the CRDs for rancher-kiali-server. - digest: e78efc9f5d5e5943b851678c563f445128927c4d5608d40ec233944baeee1bf6 - name: rancher-kiali-server-crd - type: application - urls: - - released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.23.001.tgz - version: 1.23.001 - rancher-logging: - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.9.0 - created: "2021-03-04T09:47:44.651567-08:00" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: e5b5de6aaea6c3a4f3fd60b6045beafdd3e3db3a72278410110faadb8c6e9fd5 - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - released/assets/rancher-logging/rancher-logging-3.9.000-rc08.tgz - version: 3.9.000-rc08 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.9.0 - created: "2021-03-04T09:47:44.650777-08:00" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: 7e1d1f0e60e7695db920d8960ae4f50f12b2763584c7ae03c5cbf27248490c24 - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - released/assets/rancher-logging/rancher-logging-3.9.000-rc07.tgz - version: 3.9.000-rc07 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.9.0 - created: "2021-03-04T09:47:44.649982-08:00" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: 90596ebd741c5bd712796d8dd07954663e76e41adad3c8f5177176414d355492 - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - released/assets/rancher-logging/rancher-logging-3.9.000-rc06.tgz - version: 3.9.000-rc06 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.9.0 - created: "2021-03-04T09:47:44.649187-08:00" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: 261ac9ff48b610df1c610904cb7ff999a619fdcb23620cf90c094adb0e0a1f2e - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - released/assets/rancher-logging/rancher-logging-3.9.000-rc05.tgz - version: 3.9.000-rc05 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.9.0 - created: "2021-03-04T09:47:44.648322-08:00" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: 0e2f0b1f53b4e81488ffdd41bb68693e332bf7eaf29488b310f5b7368858c603 - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - released/assets/rancher-logging/rancher-logging-3.9.000-rc04.tgz - version: 3.9.000-rc04 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.9.0 - created: "2021-03-04T09:47:44.647412-08:00" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: 7f35d0af785c25d20003daf0d0b78a2e72e5b6a9f5e727757ee753c84260ba78 - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - released/assets/rancher-logging/rancher-logging-3.9.000-rc03.tgz - version: 3.9.000-rc03 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.9.0 - created: "2021-03-04T09:47:44.646618-08:00" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: 9654d484b60c1aa9f999791a83ddc5068ec69b0e3becd61b4198e243be7957af - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - released/assets/rancher-logging/rancher-logging-3.9.000-rc02.tgz - version: 3.9.000-rc02 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.9.0 - created: "2021-03-04T09:47:44.644918-08:00" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: 460e6154256f66ea1e91d41a16195aa5c5c16123bf9b3895c2186a8ec69b80f5 - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - released/assets/rancher-logging/rancher-logging-3.9.000-rc01.tgz - version: 3.9.000-rc01 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.9.0 - created: "2021-03-04T09:47:44.644077-08:00" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: 8950865836a669a9190792174befffb50ed1bf9b41be2831d63624ff385cf0f7 - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - released/assets/rancher-logging/rancher-logging-3.9.000-rc00.tgz - version: 3.9.000-rc00 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.8.2 - created: "2021-01-15T00:11:30.4918-08:00" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: a27ce10fdf883d5378255e99eddd7a7d5a3a9f6a9b00208ea182d27b98124932 - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - released/assets/rancher-logging/rancher-logging-3.8.201.tgz - version: 3.8.201 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.8.0 - created: "2021-01-15T00:11:30.491025-08:00" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: c643abc8d8fa9a6e86de5aa7f31de1aa427cbc1dbe12854696126f264ab45c5f - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - released/assets/rancher-logging/rancher-logging-3.8.001.tgz - version: 3.8.001 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.7.3 - created: "2021-01-15T00:11:30.490244-08:00" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: 825b35e6c8d6e5cb58cc27a83057dcf4b941c1cf9f1685ba8de9a581c50167b4 - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - released/assets/rancher-logging/rancher-logging-3.7.301.tgz - version: 3.7.301 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.6.0 - created: "2021-01-15T00:11:30.489493-08:00" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: d759335422822364d842d5b3320eb5984df94ed0aad16e4d33e52c193fa82a7d - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - released/assets/rancher-logging/rancher-logging-3.6.001.tgz - version: 3.6.001 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.6.0 - created: "2021-01-15T00:11:30.488715-08:00" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: 8b20ad589d1cf3e21b0235db0e93d6556aea4b94649a37f97544c65f55839ad2 - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - released/assets/rancher-logging/rancher-logging-3.6.000.tgz - version: 3.6.000 - rancher-logging-crd: - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-03-04T09:47:44.66364-08:00" - description: Installs the CRDs for rancher-logging. - digest: 352a9b536b5ba239f601ab34c1eff9d270d94f7f56f56f954dd1373f51345729 - name: rancher-logging-crd - type: application - urls: - - released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc08.tgz - version: 3.9.000-rc08 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-03-04T09:47:44.661936-08:00" - description: Installs the CRDs for rancher-logging. - digest: 1e60f77e39411099e3014c8b7549d14597c0d46c0d57389c9208c90e38c23608 - name: rancher-logging-crd - type: application - urls: - - released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc07.tgz - version: 3.9.000-rc07 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-03-04T09:47:44.660939-08:00" - description: Installs the CRDs for rancher-logging. - digest: c8bec736459bb23bbc1359c54181aa12671908bc67258332843b812527130441 - name: rancher-logging-crd - type: application - urls: - - released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc06.tgz - version: 3.9.000-rc06 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-03-04T09:47:44.659928-08:00" - description: Installs the CRDs for rancher-logging. - digest: b18dfb6108edf77d1611c6280fd6d781d35a3087096472ec138816d85636d098 - name: rancher-logging-crd - type: application - urls: - - released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc05.tgz - version: 3.9.000-rc05 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-03-04T09:47:44.658395-08:00" - description: Installs the CRDs for rancher-logging. - digest: 4dd87f71a05a2412fd2b4766d9ef9c7fb644f117d2dd19b7e39784b2748ff3b7 - name: rancher-logging-crd - type: application - urls: - - released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc04.tgz - version: 3.9.000-rc04 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-03-04T09:47:44.657406-08:00" - description: Installs the CRDs for rancher-logging. - digest: fed2e3420bb9e53c2324fff2c8ba0514f3fcaac55b6b92f66b4423b89101172d - name: rancher-logging-crd - type: application - urls: - - released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc03.tgz - version: 3.9.000-rc03 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-03-04T09:47:44.655438-08:00" - description: Installs the CRDs for rancher-logging. - digest: be0b8e51b55a6cf501af15dc549a5c38cf017ad3a473cea04fc020519ba7f844 - name: rancher-logging-crd - type: application - urls: - - released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc02.tgz - version: 3.9.000-rc02 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-03-04T09:47:44.654197-08:00" - description: Installs the CRDs for rancher-logging. - digest: b800deea73ac1792fba30d8d8e1bdfd1c3ab44351a4c60a765e1f2af39ca284e - name: rancher-logging-crd - type: application - urls: - - released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc01.tgz - version: 3.9.000-rc01 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-03-04T09:47:44.653099-08:00" - description: Installs the CRDs for rancher-logging. - digest: a2dc007bfb58a8725d054ab1adaaafa72b57680ae8f1e363aaa095970a27f040 - name: rancher-logging-crd - type: application - urls: - - released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc00.tgz - version: 3.9.000-rc00 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.497347-08:00" - description: Installs the CRDs for rancher-logging. - digest: 9a8baaed2f02e43b7eacb4c3cbcd6a33f84645b0d0b24f6f73867871dd41db23 - name: rancher-logging-crd - type: application - urls: - - released/assets/rancher-logging/rancher-logging-crd-3.8.201.tgz - version: 3.8.201 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.49633-08:00" - description: Installs the CRDs for rancher-logging. - digest: 92eca9fef67bad369b311b07974a05d156546104119f6864ff9c46decb966909 - name: rancher-logging-crd - type: application - urls: - - released/assets/rancher-logging/rancher-logging-crd-3.8.001.tgz - version: 3.8.001 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.494828-08:00" - description: Installs the CRDs for rancher-logging. - digest: 7f85f6ac9eabecaa9cf6e56cd3772b0d604afccc16411b3a61c02ef437ff7c1e - name: rancher-logging-crd - type: application - urls: - - released/assets/rancher-logging/rancher-logging-crd-3.7.301.tgz - version: 3.7.301 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.493957-08:00" - description: Installs the CRDs for rancher-logging. - digest: e75790f7d4fc054e757526a2944475a6ff427f6d7b6726ade7a0db28c7fbc986 - name: rancher-logging-crd - type: application - urls: - - released/assets/rancher-logging/rancher-logging-crd-3.6.001.tgz - version: 3.6.001 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.493121-08:00" - description: Installs the CRDs for rancher-logging. - digest: 4947e5272f4f4f9f227691aa35c8c1bef980fbdde725bac1c358c6fe7229932e - name: rancher-logging-crd - type: application - urls: - - released/assets/rancher-logging/rancher-logging-crd-3.6.000.tgz - version: 3.6.000 - rancher-monitoring: - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v1 - appVersion: 0.38.1 - created: "2021-03-04T09:47:44.761426-08:00" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: 92fe184bf72dc5b21d907a158b4e725f4f688d627e5b63448cd47f5e2ef119e0 - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - urls: - - released/assets/rancher-monitoring/rancher-monitoring-9.4.203-rc04.tgz - version: 9.4.203-rc04 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v1 - appVersion: 0.38.1 - created: "2021-03-04T09:47:44.737787-08:00" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: 748ab12856c906c69fd6ec1a66369d790fbb53d8e54763cc737f4e0fb6d07998 - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - urls: - - released/assets/rancher-monitoring/rancher-monitoring-9.4.203-rc03.tgz - version: 9.4.203-rc03 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v1 - appVersion: 0.38.1 - created: "2021-03-04T09:47:44.715461-08:00" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: b452563b7f643a0b2e48720bc7b0d597e32d2c89764e897e896caac4c7b79154 - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - urls: - - released/assets/rancher-monitoring/rancher-monitoring-9.4.203-rc02.tgz - version: 9.4.203-rc02 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v1 - appVersion: 0.38.1 - created: "2021-03-04T09:47:44.697677-08:00" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: 381a6a4c07867f5a4a737b49ac1c919ca62d72797054b7bdeeb0f9906acfaa93 - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - urls: - - released/assets/rancher-monitoring/rancher-monitoring-9.4.203-rc01.tgz - version: 9.4.203-rc01 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/ui-component: monitoring - apiVersion: v1 - appVersion: 0.38.1 - created: "2021-03-04T09:47:44.680529-08:00" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: 790ea3458c6170db492639981aeca7376b6b825eab4c623646a721f6405f3440 - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - urls: - - released/assets/rancher-monitoring/rancher-monitoring-9.4.203-rc00.tgz - version: 9.4.203-rc00 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/ui-component: monitoring - apiVersion: v1 - appVersion: 0.38.1 - created: "2021-01-15T00:11:30.543558-08:00" - dependencies: - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: https://charts.helm.sh/stable/ - version: 2.8.14 - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: https://prometheus-community.github.io/helm-charts - version: 1.11.2 - - condition: grafana.enabled - name: grafana - repository: https://grafana.github.io/helm-charts - version: 5.6.4 - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: https://prometheus-community.github.io/helm-charts - version: 2.7.1 - - alias: rkeControllerManager - condition: rkeControllerManager.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.2 - - alias: rkeScheduler - condition: rkeScheduler.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.2 - - alias: rkeProxy - condition: rkeProxy.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.2 - - alias: rkeEtcd - condition: rkeEtcd.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.2 - - alias: k3sServer - condition: k3sServer.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.2 - - alias: kubeAdmControllerManager - condition: kubeAdmControllerManager.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.2 - - alias: kubeAdmScheduler - condition: kubeAdmScheduler.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.2 - - alias: kubeAdmProxy - condition: kubeAdmProxy.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.2 - - alias: kubeAdmEtcd - condition: kubeAdmEtcd.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.2 - - alias: rke2ControllerManager - condition: rke2ControllerManager.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.2 - - alias: rke2Scheduler - condition: rke2Scheduler.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.2 - - alias: rke2Proxy - condition: rke2Proxy.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.2 - - alias: rke2Etcd - condition: rke2Etcd.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.2 - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: 7e211720b3d489c00426788abec352bc4561dd30c5c502112787a212100c46e7 - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - urls: - - released/assets/rancher-monitoring/rancher-monitoring-9.4.202.tgz - version: 9.4.202 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/ui-component: monitoring - apiVersion: v1 - appVersion: 0.38.1 - created: "2021-01-15T00:11:30.528456-08:00" - dependencies: - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: https://kubernetes-charts.storage.googleapis.com/ - version: 2.8.14 - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: https://prometheus-community.github.io/helm-charts - version: 1.11.2 - - condition: grafana.enabled - name: grafana - repository: https://grafana.github.io/helm-charts - version: 5.6.4 - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: https://kubernetes-charts.storage.googleapis.com/ - version: 2.4.0 - - alias: rkeControllerManager - condition: rkeControllerManager.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.1 - - alias: rkeScheduler - condition: rkeScheduler.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.1 - - alias: rkeProxy - condition: rkeProxy.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.1 - - alias: rkeEtcd - condition: rkeEtcd.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.1 - - alias: k3sServer - condition: k3sServer.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.1 - - alias: kubeAdmControllerManager - condition: kubeAdmControllerManager.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.1 - - alias: kubeAdmScheduler - condition: kubeAdmScheduler.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.1 - - alias: kubeAdmProxy - condition: kubeAdmProxy.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.1 - - alias: kubeAdmEtcd - condition: kubeAdmEtcd.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.1 - - alias: rke2ControllerManager - condition: rke2ControllerManager.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.1 - - alias: rke2Scheduler - condition: rke2Scheduler.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.1 - - alias: rke2Proxy - condition: rke2Proxy.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.1 - - alias: rke2Etcd - condition: rke2Etcd.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.1 - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: 5b5adac2304f7f7cd7761a269a038b178cc34c48d098829c66e880fa8b4c31a7 - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - urls: - - released/assets/rancher-monitoring/rancher-monitoring-9.4.201.tgz - version: 9.4.201 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/ui-component: monitoring - apiVersion: v1 - appVersion: 0.38.1 - created: "2021-01-15T00:11:30.512591-08:00" - dependencies: - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: https://kubernetes-charts.storage.googleapis.com/ - version: 2.8.14 - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: https://prometheus-community.github.io/helm-charts - version: 1.11.2 - - condition: grafana.enabled - name: grafana - repository: https://grafana.github.io/helm-charts - version: 5.6.4 - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: https://kubernetes-charts.storage.googleapis.com/ - version: 2.4.0 - - alias: rkeControllerManager - condition: rkeControllerManager.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.0 - - alias: rkeScheduler - condition: rkeScheduler.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.0 - - alias: rkeProxy - condition: rkeProxy.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.0 - - alias: rkeEtcd - condition: rkeEtcd.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.0 - - alias: k3sControllerManager - condition: k3sControllerManager.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.0 - - alias: k3sScheduler - condition: k3sScheduler.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.0 - - alias: k3sProxy - condition: k3sProxy.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.0 - - alias: kubeAdmControllerManager - condition: kubeAdmControllerManager.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.0 - - alias: kubeAdmScheduler - condition: kubeAdmScheduler.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.0 - - alias: kubeAdmProxy - condition: kubeAdmProxy.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.0 - - alias: kubeAdmEtcd - condition: kubeAdmEtcd.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.0 - - alias: rke2ControllerManager - condition: rke2ControllerManager.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.0 - - alias: rke2Scheduler - condition: rke2Scheduler.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.0 - - alias: rke2Proxy - condition: rke2Proxy.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.0 - - alias: rke2Etcd - condition: rke2Etcd.enabled - name: rancher-pushprox - repository: file://../../rancher-pushprox/charts - version: 0.1.0 - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: a36daf9841b3cd516ed127170d4a9fc85d1d9d1bdfb52128d232803e5276a0b2 - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - urls: - - released/assets/rancher-monitoring/rancher-monitoring-9.4.200.tgz - version: 9.4.200 - rancher-monitoring-crd: - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-03-04T09:47:44.806182-08:00" - description: Installs the CRDs for rancher-monitoring. - digest: 94e3ca61ac75aae35d2739dc35b7e2c951ff755918fb946eccca6ad4f2ee153c - name: rancher-monitoring-crd - type: application - urls: - - released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.203-rc04.tgz - version: 9.4.203-rc04 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-03-04T09:47:44.793445-08:00" - description: Installs the CRDs for rancher-monitoring. - digest: 338c5e30cceefa4cae16fe6d4ff545277dde72aec7cb1f48404792f4a2d56f1b - name: rancher-monitoring-crd - type: application - urls: - - released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.203-rc03.tgz - version: 9.4.203-rc03 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-03-04T09:47:44.78136-08:00" - description: Installs the CRDs for rancher-monitoring. - digest: 0ca0dfc59cc434faddbe2ef552b9ab669d8de9c8a574abdfb8a8c3b185445e30 - name: rancher-monitoring-crd - type: application - urls: - - released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.203-rc02.tgz - version: 9.4.203-rc02 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-03-04T09:47:44.774798-08:00" - description: Installs the CRDs for rancher-monitoring. - digest: 7ef29171739727ce9a9ee0a1db010c6104c33013855518bc092e85b6d8428242 - name: rancher-monitoring-crd - type: application - urls: - - released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.203-rc01.tgz - version: 9.4.203-rc01 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-03-04T09:47:44.767759-08:00" - description: Installs the CRDs for rancher-monitoring. - digest: d9689596a9f3d92ca4752bce94937e41fe6330e7b34f5af4596ff85edec23d68 - name: rancher-monitoring-crd - type: application - urls: - - released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.203-rc00.tgz - version: 9.4.203-rc00 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.555062-08:00" - description: Installs the CRDs for rancher-monitoring. - digest: 31251cec75ee29975f02f00032defce1dbd3cad5ce1dff44a63457fb3c6f475d - name: rancher-monitoring-crd - type: application - urls: - - released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.202.tgz - version: 9.4.202 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.551045-08:00" - description: Installs the CRDs for rancher-monitoring. - digest: 3e2c6926b5e0384e25d76cc33fee1782c6cf444f4844901105bbfa251b9023ca - name: rancher-monitoring-crd - type: application - urls: - - released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.201.tgz - version: 9.4.201 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.547748-08:00" - description: Installs the CRDs for rancher-monitoring. - digest: 1bbc909b84e9c10506c0c2f2ffa074ebfd49d58af2e3a123f802a668d6f78435 - name: rancher-monitoring-crd - type: application - urls: - - released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.200.tgz - version: 9.4.200 - rancher-operator: - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.3 - created: "2021-03-04T09:47:44.809336-08:00" - description: Control Rancher using GitOps - digest: 2656b6dcd24f1fbbdd0775cb09932e18af415bf13c6e873ae35c5dbd384a3abc - name: rancher-operator - urls: - - released/assets/rancher-operator/rancher-operator-0.1.300-rc08.tgz - version: 0.1.300-rc08 - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.3 - created: "2021-03-04T09:47:44.808768-08:00" - description: Control Rancher using GitOps - digest: b3ce6f43a280702dc57ef54fafffd59e146bff22d5b3b0607e73ac11be7597c6 - name: rancher-operator - urls: - - released/assets/rancher-operator/rancher-operator-0.1.300-rc07.tgz - version: 0.1.300-rc07 - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.3 - created: "2021-03-04T09:47:44.808357-08:00" - description: Control Rancher using GitOps - digest: 4da0891a485ccab47d970a1b3384c3d260b7f1d336e437991501330d9d7a558f - name: rancher-operator - urls: - - released/assets/rancher-operator/rancher-operator-0.1.300-rc06.tgz - version: 0.1.300-rc06 - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.3 - created: "2021-03-04T09:47:44.807931-08:00" - description: Control Rancher using GitOps - digest: e22a7299a8219d1a6876472d263679cfad6cd684c0ce1774bd88c604d3823ae0 - name: rancher-operator - urls: - - released/assets/rancher-operator/rancher-operator-0.1.300-rc05.tgz - version: 0.1.300-rc05 - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.3 - created: "2021-03-04T09:47:44.807511-08:00" - description: Control Rancher using GitOps - digest: d8b53650d168a955588b9489488b1af9f285959fc0f60028b6c802a8e192f571 - name: rancher-operator - urls: - - released/assets/rancher-operator/rancher-operator-0.1.300-rc04.tgz - version: 0.1.300-rc04 - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.3 - created: "2021-03-04T09:47:44.807098-08:00" - description: Control Rancher using GitOps - digest: 227cf3caf125ed1f2d3329350fdd8b90a788727e620c2af43d8a2f11e035116d - name: rancher-operator - urls: - - released/assets/rancher-operator/rancher-operator-0.1.300-rc03.tgz - version: 0.1.300-rc03 - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.3 - created: "2021-03-04T09:47:44.806673-08:00" - description: Control Rancher using GitOps - digest: c65dd65dceee1e0ffa7228b89ecac8b03b03b233c65009dcac778d3792e1698c - name: rancher-operator - urls: - - released/assets/rancher-operator/rancher-operator-0.1.300-rc01.tgz - version: 0.1.300-rc01 - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.2 - created: "2021-01-15T00:11:30.557225-08:00" - description: Control Rancher using GitOps - digest: 8427c5fb912002404267f7c349dac1f51b3fc5160aade214e35e7d5732a3e6d3 - name: rancher-operator - urls: - - released/assets/rancher-operator/rancher-operator-0.1.200.tgz - version: 0.1.200 - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.2-rc2 - created: "2021-01-15T00:11:30.556966-08:00" - description: Control Rancher using GitOps - digest: b0341792bfa98f4680bb6099c8bc5a739cd8fab1e7217acceda396cc0d640a26 - name: rancher-operator - urls: - - released/assets/rancher-operator/rancher-operator-0.1.200-rc2.tgz - version: 0.1.200-rc2 - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.1 - created: "2021-01-15T00:11:30.555899-08:00" - description: Control Rancher using GitOps - digest: 0a4132fbc7a014ee6e88ac95dc278723c591fe271529d37f529bfe819b8b03f1 - name: rancher-operator - urls: - - released/assets/rancher-operator/rancher-operator-0.1.100.tgz - version: 0.1.100 - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.2-rc2 - created: "2021-01-15T00:11:30.556665-08:00" - description: Control Rancher using GitOps - digest: e952722116cf3912eda2f542e2a703e3676983c6fb1b34e056d4e9c3e79d820d - name: rancher-operator - urls: - - released/assets/rancher-operator/rancher-operator-0.1.2-rc200.tgz - version: 0.1.2-rc200 - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.2-rc1 - created: "2021-01-15T00:11:30.556311-08:00" - description: Control Rancher using GitOps - digest: 1aed5f1bef466d930aaf0a715d1b305c366dc84de6b6c06d4f44db93ca40f2b8 - name: rancher-operator - urls: - - released/assets/rancher-operator/rancher-operator-0.1.2-rc100.tgz - version: 0.1.2-rc100 - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.0 - created: "2021-01-15T00:11:30.555581-08:00" - description: Control Rancher using GitOps - digest: f7524f717eb372fee5a5044cc473dda94e85125325dbf0a064669ebe206fbed0 - name: rancher-operator - urls: - - released/assets/rancher-operator/rancher-operator-0.1.000.tgz - version: 0.1.000 - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.0-alpha8 - created: "2021-01-15T00:11:30.555334-08:00" - description: Control Rancher using GitOps - digest: d4d2be199ef6c0cd632e59c50e85c73fd80f0a1deebf10a558824d495fb8b723 - name: rancher-operator - urls: - - released/assets/rancher-operator/rancher-operator-0.1.0-alpha800.tgz - version: 0.1.0-alpha800 - rancher-operator-crd: - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.3 - created: "2021-03-04T09:47:44.816172-08:00" - description: Rancher Operator CustomResourceDefinitions - digest: 4cc60bf056682d2f809a497f04857295e0150662c235bd4ddb7b1764b79285f8 - name: rancher-operator-crd - urls: - - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.300-rc08.tgz - version: 0.1.300-rc08 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.3 - created: "2021-03-04T09:47:44.814456-08:00" - description: Rancher Operator CustomResourceDefinitions - digest: 36836da1bb6a195783cb0a25852f559a90e535d909d43220b93546a3343edfa9 - name: rancher-operator-crd - urls: - - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.300-rc07.tgz - version: 0.1.300-rc07 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.3 - created: "2021-03-04T09:47:44.813228-08:00" - description: Rancher Operator CustomResourceDefinitions - digest: a794c3b33313978a0ca37f192f95d452312d3429f73f385aa8d9c3573cc04c38 - name: rancher-operator-crd - urls: - - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.300-rc06.tgz - version: 0.1.300-rc06 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.3 - created: "2021-03-04T09:47:44.812528-08:00" - description: Rancher Operator CustomResourceDefinitions - digest: 08a8c134a36841aec3caa04ca848e31456ea6e68eba3c1d2f11c87a011de3c9a - name: rancher-operator-crd - urls: - - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.300-rc05.tgz - version: 0.1.300-rc05 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.3 - created: "2021-03-04T09:47:44.811708-08:00" - description: Rancher Operator CustomResourceDefinitions - digest: e95190052c50fcfddc8582760f9512dd1eae2ad02682ae024f4d2f8c5de04b17 - name: rancher-operator-crd - urls: - - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.300-rc04.tgz - version: 0.1.300-rc04 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.3 - created: "2021-03-04T09:47:44.810984-08:00" - description: Rancher Operator CustomResourceDefinitions - digest: f4254f3e706cd8d9526048d1cc64f3d91962b19994f95b30459fed456128cc75 - name: rancher-operator-crd - urls: - - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.300-rc03.tgz - version: 0.1.300-rc03 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.3 - created: "2021-03-04T09:47:44.810159-08:00" - description: Rancher Operator CustomResourceDefinitions - digest: 88c0fb8ae620a707ddd889ce2805077d3a51284ce6fe25748526c0a70fb808dc - name: rancher-operator-crd - urls: - - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.300-rc01.tgz - version: 0.1.300-rc01 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.2 - created: "2021-01-15T00:11:30.560457-08:00" - description: Rancher Operator CustomResourceDefinitions - digest: 181428fac5cf2576f1c35497c142607be81e19aa96b29976d5142cce9cf84027 - name: rancher-operator-crd - urls: - - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.200.tgz - version: 0.1.200 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.2-rc2 - created: "2021-01-15T00:11:30.560063-08:00" - description: Rancher Operator CustomResourceDefinitions - digest: 9e832ab034a2e088618f4df7291cff7c432c2212559a4add92bb81c3d6105f37 - name: rancher-operator-crd - urls: - - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.200-rc2.tgz - version: 0.1.200-rc2 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.1 - created: "2021-01-15T00:11:30.558445-08:00" - description: Rancher Operator CustomResourceDefinitions - digest: 26e61ab160ebf89f91f82e0aa6cbd5378ee3d0436b67c4bdce120467483d7d80 - name: rancher-operator-crd - urls: - - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.100.tgz - version: 0.1.100 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.2-rc2 - created: "2021-01-15T00:11:30.559476-08:00" - description: Rancher Operator CustomResourceDefinitions - digest: e57f76009845b0bb3ebfd7d972fb41d87687264257235e9d35acc330f341cc1a - name: rancher-operator-crd - urls: - - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.2-rc200.tgz - version: 0.1.2-rc200 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.2-rc1 - created: "2021-01-15T00:11:30.558798-08:00" - description: Rancher Operator CustomResourceDefinitions - digest: a83e65bedd9b916651158896cc38c3d43e063d985e1cfcbbfb291efb7fe3a2f6 - name: rancher-operator-crd - urls: - - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.2-rc100.tgz - version: 0.1.2-rc100 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.0 - created: "2021-01-15T00:11:30.558084-08:00" - description: Rancher Operator CustomResourceDefinitions - digest: 0ae1a90ebf8306537379912ee8db01c73436862a268ab9d2a1f95563f236007b - name: rancher-operator-crd - urls: - - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.000.tgz - version: 0.1.000 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.0-alpha8 - created: "2021-01-15T00:11:30.557694-08:00" - description: Rancher Operator CustomResourceDefinitions - digest: 49c5479777388bde6cd834868ce1e9d664e3f830848dc629dbace9624a2fa07a - name: rancher-operator-crd - urls: - - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.0-alpha800.tgz - version: 0.1.0-alpha800 - rancher-pushprox: - - annotations: - catalog.cattle.io/hidden: "true" - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox - apiVersion: v1 - appVersion: 0.1.0 - created: "2021-03-04T09:47:44.819452-08:00" - description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. - digest: f66edae0a693decab1d2e1d60f20a3ddcb57fa757cf04368f4269d43ba45e6d8 - name: rancher-pushprox - type: application - urls: - - released/assets/rancher-pushprox/rancher-pushprox-0.1.201-rc02.tgz - version: 0.1.201-rc02 - - annotations: - catalog.cattle.io/hidden: "true" - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox - apiVersion: v1 - appVersion: 0.1.0 - created: "2021-03-04T09:47:44.818536-08:00" - description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. - digest: 4e990a9eb65941dbe2733310945efca11bc839a2543cb2d2ecc29c5dd3c691e9 - name: rancher-pushprox - type: application - urls: - - released/assets/rancher-pushprox/rancher-pushprox-0.1.201-rc01.tgz - version: 0.1.201-rc01 - - annotations: - catalog.cattle.io/hidden: "true" - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox - apiVersion: v1 - appVersion: 0.1.0 - created: "2021-03-04T09:47:44.817581-08:00" - description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. - digest: f9e10374f3d86fe4b9a13ec2ce5bd11d3c2d5314262689249cb1f0c4d4e8123f - name: rancher-pushprox - type: application - urls: - - released/assets/rancher-pushprox/rancher-pushprox-0.1.201-rc00.tgz - version: 0.1.201-rc00 - - annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox - apiVersion: v1 - appVersion: 0.1.0 - created: "2021-01-15T00:11:30.561927-08:00" - description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. - digest: bd7fc397cda47c5d5c5e0bd75a906536b195017fd7ed6876e7428230e6c48943 - name: rancher-pushprox - type: application - urls: - - released/assets/rancher-pushprox/rancher-pushprox-0.1.2.tgz - version: 0.1.2 - - annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox - apiVersion: v1 - appVersion: 0.1.0 - created: "2021-01-15T00:11:30.561429-08:00" - description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. - digest: ab34cc49dd50f2b2dbcee36447a3e2efd974bdce004834b0bfb0508a84ffa16c - name: rancher-pushprox - type: application - urls: - - released/assets/rancher-pushprox/rancher-pushprox-0.1.1.tgz - version: 0.1.1 - - annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox - apiVersion: v1 - appVersion: 0.1.0 - created: "2021-01-15T00:11:30.560947-08:00" - description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. - digest: d251c28f9e9b732a02e9c394b0d7bf3a3c98c723fb809b5015bd5728f05ee968 - name: rancher-pushprox - type: application - urls: - - released/assets/rancher-pushprox/rancher-pushprox-0.1.0.tgz - version: 0.1.0 - rancher-tracing: - - annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: istio-system - catalog.rancher.io/release-name: rancher-tracing - apiVersion: v1 - appVersion: 1.20.0 - created: "2021-03-04T09:47:44.820217-08:00" - description: A quick start Jaeger Tracing installation using the all-in-one demo. - This is not production qualified. Refer to https://www.jaegertracing.io/ for - details. - digest: d20f48b0bec89328b18304896c3185a3d08b81ce4c09857aa07f4151e2d21375 - name: rancher-tracing - urls: - - released/assets/rancher-tracing/rancher-tracing-1.20.002-rc00.tgz - version: 1.20.002-rc00 - - annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: istio-system - catalog.rancher.io/release-name: rancher-tracing - apiVersion: v1 - appVersion: 1.20.0 - created: "2021-01-15T00:11:30.562327-08:00" - description: A quick start Jaeger Tracing installation using the all-in-one demo. - This is not production qualified. Refer to https://www.jaegertracing.io/ for - details. - digest: bf9ba6be02c6275ca6a3d850d6be8f012233d62f1614173bcf3e95ff84e9c7eb - name: rancher-tracing - urls: - - released/assets/rancher-tracing/rancher-tracing-1.20.001.tgz - version: 1.20.001 - - annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: istio-system - catalog.rancher.io/release-name: rancher-tracing - apiVersion: v1 - appVersion: 1.20.0 - created: "2021-03-01T16:56:35.020094-08:00" - description: A quick start Jaeger Tracing installation using the all-in-one demo. - This is not production qualified. Refer to https://www.jaegertracing.io/ for - details. - digest: dd999b5d6d78ace23520222e1d80c8e3b8298461a15e726bd41ee4eb58068d46 - name: rancher-tracing - urls: - - released/assets/rancher-tracing/rancher-tracing-1.20.001-rc00.tgz - version: 1.20.001-rc00 - rancher-vsphere-cpi: - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: vSphere CPI - catalog.cattle.io/namespace: kube-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: vsphere-cpi - apiVersion: v1 - appVersion: 1.0.0 - created: "2021-03-04T09:47:44.820918-08:00" - description: vSphere Cloud Provider Interface (CPI) - digest: 092bf7a60582eb190c1212699a9c277e01974d03e78e2121ecf8f6c460e36df7 - icon: https://charts.rancher.io/assets/logos/vsphere-cpi.svg - keywords: - - infrastructure - maintainers: - - email: caleb@rancher.com - name: Rancher - name: rancher-vsphere-cpi - sources: - - https://github.com/kubernetes/cloud-provider-vsphere - urls: - - released/assets/rancher-vsphere-cpi/rancher-vsphere-cpi-1.0.000-rc01.tgz - version: 1.0.000-rc01 - rancher-vsphere-csi: - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: vSphere CSI - catalog.cattle.io/namespace: kube-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: vsphere-csi - apiVersion: v1 - appVersion: 2.1.0 - created: "2021-03-04T09:47:44.821954-08:00" - description: vSphere Cloud Storage Interface (CSI) - digest: 99cee0399a41911b91f24ebecf94bb88ebdfbe3d82503add88afb5885ed4d1b9 - icon: https://charts.rancher.io/assets/logos/vsphere-csi.svg - keywords: - - infrastructure - maintainers: - - email: caleb@rancher.com - name: Rancher - name: rancher-vsphere-csi - sources: - - https://github.com/kubernetes-sigs/vsphere-csi-driver - urls: - - released/assets/rancher-vsphere-csi/rancher-vsphere-csi-2.1.000-rc01.tgz - version: 2.1.000-rc01 - rancher-webhook: - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-webhook - apiVersion: v2 - appVersion: 0.1.0-beta9 - created: "2021-03-04T09:47:44.822413-08:00" - description: ValidatingAdmissionWebhook for Rancher types - digest: 6eb969054035ae7a3501d3e08b4a2d70ab38203e62fa5efbee16347fed34f653 - name: rancher-webhook - urls: - - released/assets/rancher-webhook/rancher-webhook-0.1.0-beta901-rc00.tgz - version: 0.1.0-beta901-rc00 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-webhook - apiVersion: v2 - appVersion: 0.1.0-beta9 - created: "2021-01-15T00:11:30.563834-08:00" - description: ValidatingAdmissionWebhook for Rancher types - digest: 7e1a1ba8b4b83740d5b301cd81cd48f5ecd9a0bc7bb2ea8f5f021a22c294cc57 - name: rancher-webhook - urls: - - released/assets/rancher-webhook/rancher-webhook-0.1.0-beta900.tgz - version: 0.1.0-beta900 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-webhook - apiVersion: v2 - appVersion: 0.1.0-beta8 - created: "2021-01-15T00:11:30.563574-08:00" - description: ValidatingAdmissionWebhook for Rancher types - digest: a1ce80a2a1b6915ab379624ac2cb49e1ce27a550951dc88b8f3e5668f792e0b5 - name: rancher-webhook - urls: - - released/assets/rancher-webhook/rancher-webhook-0.1.0-beta800.tgz - version: 0.1.0-beta800 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-webhook - apiVersion: v2 - appVersion: 0.1.0-beta7 - created: "2021-01-15T00:11:30.563321-08:00" - description: ValidatingAdmissionWebhook for Rancher types - digest: c7f3d94a86a1960a3bb477d5fa7ec1ce2cda1071f8f221fb7a215a0892b31ec2 - name: rancher-webhook - urls: - - released/assets/rancher-webhook/rancher-webhook-0.1.0-beta700.tgz - version: 0.1.0-beta700 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-webhook - apiVersion: v2 - appVersion: 0.1.0-beta6 - created: "2021-01-15T00:11:30.563072-08:00" - description: ValidatingAdmissionWebhook for Rancher types - digest: d0715c2f02663a29a0d98a27aadd7383c2d90c0507e9e7ce8768e0030240c15c - name: rancher-webhook - urls: - - released/assets/rancher-webhook/rancher-webhook-0.1.0-beta600.tgz - version: 0.1.0-beta600 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-webhook - apiVersion: v2 - appVersion: 0.1.0-beta5 - created: "2021-01-15T00:11:30.562811-08:00" - description: ValidatingAdmissionWebhook for Rancher types - digest: 748ed52b1d17cff221fb5609bb230467f0a16faf5130122ece6781841c2d569e - name: rancher-webhook - urls: - - released/assets/rancher-webhook/rancher-webhook-0.1.0-beta500.tgz - version: 0.1.0-beta500 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/namespace: cattle-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-webhook - apiVersion: v2 - appVersion: 0.1.0-beta3 - created: "2021-01-15T00:11:30.56257-08:00" - description: ValidatingAdmissionWebhook for Rancher types - digest: 498aabf4bb200fca9d3a66be7d0606701a6be62208776effc83c894e576ed748 - name: rancher-webhook - urls: - - released/assets/rancher-webhook/rancher-webhook-0.1.0-beta300.tgz - version: 0.1.0-beta300 - rio: - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Rio - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rio-system - catalog.cattle.io/release-name: rio - catalog.cattle.io/requires-gvr: networking.istio.io.virtualservice/v1beta1 - apiVersion: v1 - appVersion: 0.8.0 - created: "2021-03-04T09:47:44.823144-08:00" - description: The application deployment engine for Kubernetes - digest: af6a84abcd481d2653db91960a69c9e235b619834cf81d0dfbd0f6c5427b7460 - home: https://rio.io - icon: https://charts.rancher.io/assets/logos/rio.svg - name: rio - urls: - - released/assets/rio/rio-0.8.001-rc00.tgz - version: 0.8.001-rc00 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Rio - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rio-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rio - catalog.cattle.io/requires-gvr: networking.istio.io.virtualservice/v1beta1 - apiVersion: v1 - appVersion: 0.8.0 - created: "2021-01-15T00:11:30.564203-08:00" - description: The application deployment engine for Kubernetes - digest: cec586f9ef5202b6030e1fbab082ef45c740ba749f4358f03ce3423acb310663 - home: https://rio.io - icon: https://charts.rancher.io/assets/logos/rio.svg - name: rio - urls: - - released/assets/rio/rio-0.8.000.tgz - version: 0.8.000 - vsphere-cpi: - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: vSphere CPI - catalog.cattle.io/namespace: kube-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: vsphere-cpi - apiVersion: v1 - appVersion: 1.0.0 - created: "2021-03-03T21:20:36.659017-07:00" - description: vSphere Cloud Provider Interface (CPI) - digest: c989b10ab34b891887a3a1220921181aa3e357a1b1917ba2522848050fdab62a - icon: https://charts.rancher.io/assets/logos/vsphere-cpi.svg - keywords: - - infrastructure - maintainers: - - email: caleb@rancher.com - name: Rancher - name: vsphere-cpi - sources: - - https://github.com/kubernetes/cloud-provider-vsphere - urls: - - released/assets/vsphere-cpi/vsphere-cpi-1.0.000-rc01.tgz - version: 1.0.000-rc01 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: vSphere Cloud Provider Interface (CPI) - catalog.cattle.io/namespace: kube-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: vsphere-cpi - apiVersion: v1 - appVersion: 1.0.0 - created: "2021-03-03T21:20:31.139576-07:00" - description: vSphere CPI driver - digest: d78e5350401a9ae6ec67c160b4e7776eebda56a46756b0e6a38c9a2cc913c194 - icon: https://charts.rancher.io/assets/logos/vsphere-cpi.svg - keywords: - - infrastructure - maintainers: - - email: caleb@rancher.com - name: Rancher - name: vsphere-cpi - sources: - - https://github.com/kubernetes/cloud-provider-vsphere - urls: - - released/assets/vsphere-cpi/vsphere-cpi-1.0.000-rc00.tgz - version: 1.0.000-rc00 - vsphere-csi: - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: vSphere CSI - catalog.cattle.io/namespace: kube-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: vsphere-csi - apiVersion: v1 - appVersion: 2.1.0 - created: "2021-03-03T21:20:56.690054-07:00" - description: vSphere Cloud Storage Interface (CSI) - digest: 2a7e01ac4e05b4224c077c438e5e9a292840040659830ec7d8f9a07829c5b873 - icon: https://charts.rancher.io/assets/logos/vsphere-csi.svg - keywords: - - infrastructure - maintainers: - - email: caleb@rancher.com - name: Rancher - name: vsphere-csi - sources: - - https://github.com/kubernetes-sigs/vsphere-csi-driver - urls: - - released/assets/vsphere-csi/vsphere-csi-2.1.000-rc01.tgz - version: 2.1.000-rc01 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: vSphere Cloud Storage Interface (CSI) - catalog.cattle.io/namespace: kube-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: vsphere-csi - apiVersion: v1 - appVersion: 2.1.0 - created: "2021-03-03T21:20:53.231681-07:00" - description: vSphere CSI driver - digest: 42dae1c284c3c79b3c168f01841d0337f0b9d2bf703167374a184341e7d2bd09 - icon: https://charts.rancher.io/assets/logos/vsphere-csi.svg - keywords: - - infrastructure - maintainers: - - email: caleb@rancher.com - name: Rancher - name: vsphere-csi - sources: - - https://github.com/kubernetes-sigs/vsphere-csi-driver - urls: - - released/assets/vsphere-csi/vsphere-csi-2.1.000-rc00.tgz - version: 2.1.000-rc00 -generated: "2021-03-04T09:47:44.612157-08:00" diff --git a/released/assets/logos/backup-restore.svg b/released/assets/logos/backup-restore.svg deleted file mode 100644 index 3e4b6a8f3..000000000 --- a/released/assets/logos/backup-restore.svg +++ /dev/null @@ -1,24 +0,0 @@ - - - - - - - diff --git a/released/assets/logos/cis-kube-bench.svg b/released/assets/logos/cis-kube-bench.svg deleted file mode 100644 index 6597051f1..000000000 --- a/released/assets/logos/cis-kube-bench.svg +++ /dev/null @@ -1,43 +0,0 @@ - - - - - - - - - - - - - - - - diff --git a/released/assets/logos/fleet.svg b/released/assets/logos/fleet.svg deleted file mode 100644 index 07fc4af5b..000000000 --- a/released/assets/logos/fleet.svg +++ /dev/null @@ -1 +0,0 @@ -sub-project-brand-logos-FINAL-with-wordmark \ No newline at end of file diff --git a/released/assets/logos/gatekeeper.svg b/released/assets/logos/gatekeeper.svg deleted file mode 100644 index 8fb3fec28..000000000 --- a/released/assets/logos/gatekeeper.svg +++ /dev/null @@ -1,30 +0,0 @@ - - - - - - - - - - - - - diff --git a/released/assets/logos/istio.svg b/released/assets/logos/istio.svg deleted file mode 100644 index 4c6c80aa2..000000000 --- a/released/assets/logos/istio.svg +++ /dev/null @@ -1,11 +0,0 @@ - - - - - - diff --git a/released/assets/logos/logging.svg b/released/assets/logos/logging.svg deleted file mode 100644 index 2d1ba6453..000000000 --- a/released/assets/logos/logging.svg +++ /dev/null @@ -1,31 +0,0 @@ - - - - - - - - - diff --git a/released/assets/logos/rio.svg b/released/assets/logos/rio.svg deleted file mode 100644 index a37e395f7..000000000 --- a/released/assets/logos/rio.svg +++ /dev/null @@ -1,21 +0,0 @@ - - - - - - - diff --git a/released/assets/longhorn/longhorn-1.0.200.tgz b/released/assets/longhorn/longhorn-1.0.200.tgz deleted file mode 100644 index 8f99dea4d9a3648fb8e2ebc5df7ab4c50603b03b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 11517 zcmV%j$8Fc1B(>$B*l^eYNA^Si_jmI6YW$DJcAR#m_QYR#8$ge}ot>HE-`m>hmBxQ> zyW9H{>#iJ=n&%Hb{&owIlC6j}xHa0lV9R zpONvi)9v(HfRqz^QA+RL$a>66n9W=-Nn>x2rQBr$KXh(cl7_K8;!O0E4a1mypAC2% z@RTQ=);L5w$7vcR2b-HCFCAxt4xqKEC$dJ&bFe*CG`8jd1u4Y-havPh;F+ z5XGo!k{bo{+R2y)qyL=R$t{mNVLZ~+`uKtU%??Jb5_cqF7CW3!SZE{`D`r7+fZL*_ zY1Rb}wNUFooD^Oj^~Azj;&TvHTm9XoZfT%cY}eN^z4DpnH{(c z6y}trAp=FSv;t%2AhJN@M}9cv?gqk$6HvAR^ErqPtQesLNl-npyU@?T2w+mTLlaYt zZ^uB`0nP>Js8G4F)Qf-!vQ$ECKvQ9me+xnvyLkn*YcRkTb!|K5*vcf~{v9+J#$XBoH3|DH z@j&^Qgwvf(vM37U6j~4LC>e)ovcU$nbDKqp7@j*GFtEqM`-Dxy3`Z&f$ZkfMJ6Rkf zXkD4=$ohY7wZ8b`bb{dRApPQt19m~?5tAlfj)a5m0=#B7CEM(VX}b;R;!isW@&`K( zpiu;F>Bz+jGn`G9CrrC>*ZEyMf#6#)M`IWFutbYP?c zVaopV)glUO6ZmzY3?Ayw=HL z&ffO3{9niOf?a@v141Uj=_SUW-Gk-J2ASv6WQ3`F3t|kMj~5`;KsV$92zbV4BbY{v zygevQssbkA9msJz9UJdK%m9FZk7$arS5eG|-UkqM_b^A~(m{|@Y1_&1%v-~S6m-`lYV8iJi3pFo4sJ8E@6C)t~#9K8BH$_zdK zwdh-Y8*}FWPH%U=H2-(^w)UUr|2m!*>{5haa>Yyvwbl9$_5`K?0)0Yb0IjZJh^7x# zbfryzas=Ie5^-@BVC#9)1Rjk&MTlOfEBXWgU%X&_a`r)3xV&g0Z*{w$voHctDdGX} zpJ93rMqP(p2mzr!I8YaBBoTU8%AB-WkWIk8W8n~O!Z0~#wYCg9?}Wku%(9^E*t8-y zr3DGyA9>DFv4x%i|5OGL*jo`15G_?2QE>*4#6#{(9k3!r2!TlZuu#Refrin#ewUlV zFs>Vbg5zgkRJKn6k9&Flkp(5V|U@82(rdS%wzsj<|Q7W zK!c}v=&sk<`U_GU?9yBOz17*;{tNcoz?mXje?e^C+PA5TjD?JCGzoM>bGOslEi{T; zY*F~_F+kZjFecxAe}Xmu&<*$lUAA|FEJ!m3P)8YzDLd~oZ$b{Dhg{{Q#Mv}G3wYQ* zPL`>dgzo~04RHjK`YHss5Pcnx7B&Hd*2D|4uPT(W@JVhCRoia*e0Mrj{H<8|# z<`LzFzPiw^>3e#$!OCxreA}CBu)c8p;8z0P*)h4hIA8D!_;AMm-m-SSu@x2zuxaxR_vFwJy1E@2S|U1XO^M z(60+^A-^ERMsUm?gm=6n@CLC8eVHV}WIVb&hDmoiL?<`KUs_b5FHKOfi0NWGHY%9` z*ZoH+az6&zqDTRLOHkZ^ilExaFF;(J4uob1{KV~mWq|sTor!pUiWc#`2b^^8MVu8h zV}fH1KK0Gb4cL&!VvLH2iot`)?$H`d3#UJ`k_E!{Re$!b+xfDywJ8=Gl1)Mua81VS z*8#{k1bf%r>pguN`(5gC%d)JNv>Fo5+26sIzg^5Xe@!DZLA~b%@aKfsqVs#Suz%Z+ zru8sl?s?Y*>wNH9QQCg23 zveiAH)D+4aom2(AuxfFNf@a_Q5qG@dv}y+vZtPMw(x%FyzZh!|M)X1wXKr;WJc9rX zEDy8_h!P9*Jhex~F3Sb(rF(Z}j~>*mD~Z4(`y-s8r3O;^PYd)^x@`{}#u>F&*y~3O zVgb3u$FN*&6`jevnZs8*e&De!&_OVGA2@C`HCNQlM~s(7YVol$tE{2}%F=!N0O45) z8!XV}N>Jm0<2e`3QxKsDrTu~Y~^fIN5VSx>CI)I zChDw?k($V|3YLm_;{Ck1e38ZHkVfN6g`bLJO0BG%RTOEe?9uIP&t;EV8mx{lYCFFS zLzsPz;FFzl$zRis6cE#Qv7bj1E<_=wKC*Y0Z>oWb%QqPDj!I?QMl3pixaO6vOI$P2Rs2SL)xLTD!b3$tv(5s8A)d6gZ zu}RXX;+k{%+=+Q=%8d%|Bzch{@vn-DfC3cdBDCw}N*&TQ0?cHTVlPn6;=To+r4Wn`l9E6M#*K|QT?CYtXI@_}MjXp~O+@pGK7}e|TykT)K+<((bUkwR# z3bvzT`m~f?ng%MWU+E#Rp`B>l&BgE;GjIk@Rbj*!Wn9F#c}&V6O_bwedrYCcNY5&x zTcQBl@@Em9(l4^;`v12+l*?_5JW z4o^hhyi6y@gv|~+`=(FJ-2H9Jc$X<&-0iGJ8ZXhsBVZe}A#A^@UJ6}ic}do9QZuMj zYBFMkYJxeCgpNn~{FJeflLky^Y-c?r5W6EJ%wsRPeS=-*E;?n2NrNLQs9VRPxVJ$T zXL5s+HP-Q6nTJF+8VTH4ivLdlA5`c|E zq@1B-+M9sYrtb~%gpBqB`d(`?)qtLB3X&k}hr{#`rsCm{vSg+vJ(R4Y@WLB@2i%0k z8J4#S6^b-Eq`V`!D+Y-I^ayg^B%Z?8V{ZHDc$#n7kyBkHHBrJ>fq*o=Yi1X@W`7Q< zMH>R};ey8w?uQu_RHRZBSelu|S*d(g)P)#xi_9vKt|C&HFbxyPI>}%f>Ag>OfD;e5 zBZ+NUdV7G()*EBeB}MdJVt!U+J1}GgqV~Gohsa5#Qb~t)iCG`kw;D-=T zH*oCSUALo%V^CG36}~$y5Em8O>O_Vz$rn&C6_dB5WXgtQolsDnC}gq=QAsM*R$C~6 zWJ>w!gnMJrS>z6znY&>y^hTM=0M8YeRp zG#n(V?O=+fa4T1s`7Vm;m?u2Glew{E5(&IE6+cuKi7!G|53adEm&TNTuqP2tjBaO( zO@Lt&+~Q?nis_hy7q%}$Tr^q6+>i804NN4hU?%Or^HCbQ8Cfy78${S@Dr*~Tz*HET zFx`BQCrZPV&^NHodD0$Y^o&%y7&oXK-ZDNMV&J9q!{O!G>Djjj>`<1&%^b2Ia`xB` zMre4VQHenGo{5PX9cgjmM`dUTleB0k1M$H#K<6lL^Z1;donNt|?+(wtJz-bho%UJ( z?l!Z8Ql?utK4d?G&Js9R{x4Yj1!D@LwB1@fJ)Fp z+XV7m2g!nC)5U+Jqe+#pE$ClS-K^eV-JWZ(qO?q}z$6eVvm6~e*rSgBZ1(OiZ4 z5Cti!@Bjg#ita{!gaMsrKzrSUQ$FGWfcEpfG#e-=0fcHXA=>5}RgnE%;CnX9v;9{R<<{{e7f}&>H4jMv#>AEfA}kd_dR%V@_{>9%5Q*gWruEV^Rp(r@CL=0 z5^#t;)FW+O+%ctX*c`_Vl!0<+BsB<*w9)DY)6nHNt#{nNn~QC1{Eve_A?84F4POStMqO<(7z9wkt79v`;RLz@*rKs=OW% zYL`-%;+52(om8Wn3P?v*0*cZuNwn~UK{^$c)kI2_*Hmrb6OVzIFk(R%_4Osp;yWHs z!JPD*!Z1i`+XAWeUF!ZO_-7 zdvkAl=?#N!yV`LT`;?)qR2}LxsvKoJf+|E{i8MytB(H_JBea_vb6vorWH$kBb0yVo zu8Tc|VB^$~=F)(BGoZR66?wUcC^z@SmoduXDHbO*%n#yV&J zv$r$w(vANql)rg|X;H{}3`S_?bfgK;S|C&FK8uu+qD&UZoSoDJzfpuS(v*Fiv8$slW zQ=;GM9le^JjZsg>?^IzB&D#;FNBysfGB@X>cbLE0ORLc_uoSQhq zAao$B)R^XF8Y}3Gj^+{J_gB(!;UCa;@KS%e!JKi3j7_BmU?k%qBHOqd+S=~z@9n>y z8SJ1!d4!!x)6bl4B^LQg;q>dTijleKU$p9sk4jol7J(`U z4Ta&Tj2yd&%!gu_BlqVFUO`KsuWD(dW0r6^r}&B%ge%(rtykkgS42J@e7X9Y0G2=h ze{Xwt=lT5qbv*gO9vCZ1p5y|6Ip@Fa?{00E&wt$QZ9Sj=u#V@2Hn9W)kl50>Sn9+_ zTJZkc;oCQsIE#f=P{79Q(6Kg-kH)!@pki5rORob3eJD=o(GsT9!XqPXUtTzng47k# zo-Ed5wK^@*yh$guXx|BzQmBay)1<-)iU<5EKGBY zausOiEelWXSFeI9?HOJcZtb3G-HN%}*hwVPDhqtUrYhTa74&>xtC3y31km!P(401E zlVr`VxFz7v-dmWrr1sOvO;t-kH@BQAcxnSyl=;5U{|D@JcowD@tObv_)sn^ywxf7R z*azBf)g4EB<^T*DAD7DtT-;m(r=<))-xQKB&?Run1aVJft0lM=ag$(t0bEYFIMrL{#hdd8B7B96IvM-G1;%a;f>hm#9ru8XCL0?mOw zQKlMeAr2~SRy!~de;513p5U&!;v2E0jQ|0Q%8NkQFCU@E3tU;ul1yfDs1-(B1w(I1 zZu?MyD_vWx^@SKM!?Z}$x0F@jfCJ~?slx;soGbKP)XD(v0hDV)l#k#A$k7QG$taHa zFP_nihuMXgM|0=JVITr`6qNKm)Vu^+qp|_sqcg_lkvVZTQ)V@uBJYOm9vIB*iBT;J zL~m2EcTJrXNYL>FXDDL3KW0fP);FL59ah?qi^!AkPQ;b)c)BSY#5U1}5^i4Rq<-0v zKqp>Gv;PH5<|w1I!io4f0az%Bw|ZZ`^<)RhC0?{V*c-x4r}8h<;y(&P{IBp3RhWfF zI(FsCw_H@0?!7vKss*nwY;wRv0H$TY#UWI{Jv{o<6)PXIm8&;>wK`aAP=GjOiRW^e zs3bzGUcTZ*X)h|bL9BKQ2UsV>iv=u<6I1QuuBVXH0Nd zU1zHp20%U# zd2NyHQK(d44A{M-H8za0Avaq-AB6&Iab%<9Xxnw=P#0FgH=%jUcJS^WsRUoV5XCTV zYO^6ITj0cm2(OcVyeg&}EYimy3IH)5)?VY3x4$XjSSZgw6fP@pLnqlZz;`CDfg7e3 z`$=V}^71-BSnMnXFt{aIB~d{SnZjCFI~A!4DBX+KhrM7W0;-lAp(Lm)b>&KgMkPrM zp=Mw{nBpoB98hv9!ux<3OqEkwtfh*%MF}P-S&V|T+92AHBhRNKiA)xic?^`3C#0r@ z&(|m4o}RIzlgq2qZ%&U6uTJPKOkDxVD0A6AWEYpG@1YF){^W1;#TY6|43LeWm;{}# zR*dwVpivxVF@=A!XfAW7(qYSBW`pH}S&0{M!u#jfL+^o_#%u*6hN-p6Y6GAZw$j0HI`uzFYlRt@PELOaS%a9SoQX~iD zp9UHSEjsHzkW2CP(K@e`fRUeEj{HMQuV^=b&x1z@y@$@12YT56RJr&V$CStT}+1>~ur zzx={Fm*Q&0&Y7M{A3v(#H=4}9Sn6Q+Jejm3zP4G1{mQ_1LeGuuU`2&R9d{nEUoG-# zg%@L`(iKE3-ix?q)3#87SE;t;Xur`)q;aw!yt2os;MZ(xw0z-qQt%;ZY@yL(RZVEv zKrJgGueAYW$-`AZr1NFreFm0|X(_h$y&9m+aE%pI>GfKbePmW-IKB<==X%%WmL|f% zw)F0tC0m;9psSXoi*7l}M{fXHbmz+hrfBX6mwx`BnIQlLEDr+67^g*^P6M!-ut6EK zQl7V^s4Gpn`IycQJrpM%c?uRLR9l`7Kg^wSm5_x3NqkcxSn1cgg}hjVisPtE+73Z7KnO7a2b&Hw#w>Hde_)_(W-{)e?Z z!r?1y(KKB`$qSv^FDXn19^!0|uo@23rnumxQfM&Io>0}gnsrPQc!fV@Vfr{%(p-L) z*NK_O&$KAqBNDk!K16mPNI@|k!#u$Lmv*8bu=WCdC|T~5vj;Ml%lB8_goha}%x-t_ z8*b|nJ0oR!-TX`|OraH`r%l3F_dhN~`9Ym99*+;3vsFS+^kF3Jv0#E3H&#K9^~|VnNXmIA-3r z0)h6B%2L62klyEj5Ojb@9{|;^0E>*kka#3*4vbe!Ei9fD#~frAUMA+&6&2YhUv^vb zh6>jrb%%B4_MCnThg+aiQ#4;)f$|2KjXyv2%v{e?BmW~HqY7;O7!IC1{@>f$t;YX* z&-Z_?Jf#*;2ND4B~p{OOa%{C)1my}*zr+IK^ zRu^=-I6uBVJA8Z6zc@TPF;p1oYP_Yjr~-!`_uWfAEWVZRMFyc_hK}Z2SyrC=qdIsV zd}Dh)-li%(msI3pp<{z^{XCh%?BLST=!y-bwfUh#D;FjGFF#tg`1%LYslTVEZvCGw zB~Ey1CH6YvKYM%K{c`+gulub3*YcS9ADpWsSO5BM>VgrlGT$v1%q68%{4h_sD~*@H zM?COeDqXZ>-Uw8soSM~ov$lSOE^cacX-!>LW4{9>UD(K=N~yG~BlHVDq^7FO)2ocV z#DYA_sCUaXeh5)!epL(O-b9@rBR;fOLCVU#qRo`dFXWVAz#Pl+Hl3%zclPCs&4}0B zTUhDAlOp~&o-HC;woz)hY*rCWm@WiV^h_4Pjep;j+nU8A=5(25!PRjwLq5UV?YTK4 zQYY$%&Mi-i7G+e0EmpbTB63O9j&=E+0bqiqggLs25tB{$yjiIe#i7$w3BOls-Pv)R z1vBd50pRd;v+_9(BYPxsG`{v+y1Il;mZ-otmKtWYP&i_I1x?lDxh>MPDxRb8sa=d> zqjDSAV_U;qrRg?v3e5pgH=h=s zBaTWWHGwZw_g}^1W%As|eu`%{j-~>kSezRAjy@?IC-#STfzDMtVC}7L_w#lOcMQ~K z>8j&J)@z>2=>L-Dx!8hgP+y(ep*1rU5SS#O3ZbL9?@hP@Dg+a&)ZBTSWk1UjF~qPTBwO!5`25 z|2m!q|6jAg(?}RP;h-d3^t(mnN~|+4ww4b9P-|=S|K*tuOS=C0B#4!I{h7D0^MnU0 zt=QKGyW}ttd#iINW}Y|oWw*wg!u9QX6FVp6oAa}8zdOG?yMB9kcKGedWzqQ6#$lV* z%JbAgrRok)Sty_JH))rkiBPl&N(RHzO<+wC{!>No$rHKChovcK#l#DlXQ~XS*@+jW z>0zW8EF(A`h;{WS4Z_V&xcR-t22fC`RG~jjHVu)uV$Nuuk5mc;{xB^WU1EkAW1RoC zkOfmyzS!@YBS?N5_RaIt{M6WgawdY0!dH_6I4}QW4}O%^e|Gnt&;MG>V=9Um6dvv) z0)Fs*7FP!4dB1XJsNjuD;EkqSKjfW!o~wGs$kGrsDjdK#{ymGCm&|M`fcp~n2RPQBUKytF&u~vgW9LR z=fTN0ze$d%8D+V3kJ8Y~M7SqBW|E(LNgId*6cXrjiQ^lWbU=Y?i<$sO-$D^fCfUj%^ zzy|>Y+e&z#O#`pW3kEA3R_=-$4jwS7SoL{Oe~W{9=kfao4k}iC z9@K{ns%cwmLyWCg_v6#N{v$U>KGF`DqyP7Jcgy~NZ*Twk{HL`%ORxWwSMSAn$%1DV z&f0wRmW)TO`&4mW<04SC@#2aQMk|ggt3rA37mr_z=hg{{`dO*AB?vk8RepN(0>cn*I4J z*6ww?AWi>@r`B?391_()5&V@UKIakZ{guuRefiIs%W!o`E;S?f+okzpYjic)wT=0; zr3_oju_by)>J$skNCN%MrGXZa1zs$CnZs~K*%|APvy%K~X2Z?Shg&q&uQ>_tu?^R! z;^l4jPcGk|9-Ukt9vz*(JG)wS%hd!dqe^MT%SpUW@l^WaG*Kvj|L*IPHz!xum*?kK z*T<)qbqmA>W6c9wNg6Xy!*gzm42sayG5IDlH975T?et>$8kX6n^d zXrv;End8gT_dvzVlW$M^SC@xRNY6PPnnl;y-Fh5-3Dh4KmG5gj^GqguV64y3UI!j|Y#AjShvX~TE7X4X`J*o#a z_ovL~x@9r1Yh*F3f0KDs;>D8r-J;5jRJTH++o$&R>z6`@H_MmS^dCIAbdUey)iVEjb?_7!?v(cg1`{7kAFZA}`{{Bn!#Ib#O zz>6$^m%n;3caP&RI^}!wMhSO{p-Wyx2I<X4MYu6XvOE<5CTSJ+6=exGYEfI_Lt!F3kYZoMUwB5! z9KsD`v8Se8h?f?S@1v;K&=V+S4E^i@PqG2>7!69TIkF-nWDa!c94!becac7|Kwt8y z(f{D;dbsz;Qei+Rb{}OB%+dc_-JP=j-|lTa@BduO^FkT`qm;e!c>w=};cXVNc9TSE zv$m03-o|SK+U?h`S(jNb7haIG`D_T&$;I0cT+d034|tui{Agx|E7M|A+zQney40vA zu3G4r>bV2@N{Z0LC<)ye+sXHQs@i##hW#|gdy+e^Wx0PVp;9P9cd_U2aAME;B`<)u z-e8~c4_=Zc*kcK^fYB@dlP*GCD`28*6xO~}e;r*OCk(GtpLhx0@!V0jCCh0^w{vM3 z2y;|itjxqY>Z%m>h^}6yj~yDTxji#~d};=LexCHHk^k3Y?&HSgP8zM{{-165U*-Ov zooD}VEzd8%Y<|J+yvc#MW*&SfTul9Hf@E>VVDfyiN#@Pw7cIIA%O$Zx_tw*;?pz9% zmMn+)z(c&%FPH6DSO^{YnXa1Y98o>AqO|vkCGmRS81Ib#6~%Diu)S^i)0_0O;n4fQ z+Exxs2`Pc#k-U&zw=v9of69K!z@Qm=AX4opBGfyrAGm-{q_n5W6C6KBHz(WiCo2RTKQ; zARV&y=ZW<>8uX@-D#0#A&w7mIV$11;fwJlaqW!AsV&t8as@KF;W>y2zg`<`Xpbtk{ zE#sG({N*2QG-{H6w85JH2hdCYfiLk-@#^EpkNHhV7;^wVkr{(iy-e~h_SvhP@CQWr zd3C^7nOo?>PLg{UIy~6h;eqp7|5eIJpud6dOa2@i@c{2J2DU|(#0_aK`1b5O?oXsc zh-_)j$l@?7x6q;(P*l1hOD`kk%ZH_@PMH&G@t4Gd@SF^0{`k?#-$)Y z?|>Xiecll@kJSa=qF&7$-)uh!09OVz{%BVx(6ib1$9rn*ztm4;>fee^fS9-bw_Cmc zW9Rw)$Mrn(?|(FW?@}SjB+F+78fQ?i>NLXI96;b?o%RQRcO0dO93H1&5|a66DpyhL zmP^fo7c`omF>3oSc3EKa`EN3i{75k{cm8je_kVA1J)i%(p6B6bN-VGzf$a0}IsU-q j1@qX8`h)4#wZibJ$M*Soex9G_r|J1W-{L3z00aR5NNb%& diff --git a/released/assets/longhorn/longhorn-1.0.201.tgz b/released/assets/longhorn/longhorn-1.0.201.tgz deleted file mode 100644 index 533dd29647ef2104de0f3675c08d2f645c997cdb..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 11523 zcmV+eE&S3SiwFSQFWp}N1MPk5cH=gZ@cdmp1xB5m?#`I9EZ?%8lRfL$PU20s?PIw+ zXLe@RrbtL)Opy#Pb}LEmvwY9;J=s%j$8Fc1B(>$B*l^eYNA^Si_jmI6YW$DJcAR#m_QYR#8$ge}ot>HE-|KDdmd1Z? zySx1-)?GO!HP0V>{OuqJQ#nE?<{<0(YsD^H)`GTDZp@n z=d7GOmg*7wW%L$)QGf9*zw;dY>?Ka(wQixenu0I?<0~NI)=sBu#od>!iR}d`{2xAJ zBOHDMhZ=AH(-?Oc#3GlO1@qd;mc<5$|`mTAx}N{sA97HXw|w z81&zScP8#?+nA&O!P?tG{lDAY+uhmT>7xGM+uwcG|Lb^O@M^( z(CkbqY-nPt@$DE0JHWXB9knEPJk?9VO#1O*YuTc5bsM5yNxG0|xe3c%QIonBhnz z0NKq5b0>>q1g$Gm9a;a+t=1P`oK6tD9i(4;alkIf=3&yr%aL%0N$@gN-GSft!6>#}L~a;|6Bx`fFdq<2>Iv)!uw{6kzXITY zC&z^yhYpNXAWYeRzFI^JZ34dzlodn$*}ObCJbrru0`T=8MHgvebjIADc%uLqdev>r zk^kLY;s2TPe`kN^S^lr%dBHBgYXKpX;PevX&+fsTWrNJ~X)?l8z6CJ`9>og~YoHr) z0R%kbvk^=qM&2HjCRG8G@DAj-osNz7AZ7qSz(+Ji*{dk#L+=BKx_g+T?9Z=JHGl*L zp9yOsN~j6Y_vD>c=eU2}M_~&fj>5?V0K7lygZ2UQ9DS8d`d6Ue>I{C4H|byXVm#W! zf7H+9F4)Wg3E9Vnp3jrk7oFrjf`140E&Q8K;P3y1qVMh40}a7Wk58aM>GHHXpp)!P zQ4U`H9%Y7}|625|zKuEaf2X&*Uz-2Bd)wXT`M-|m1-ld>m|QWFLT$DFgFS&MfIy$n z7(lCQ7^3Ne654u9z!xuApFDUF7A`NE$Xng+ z=PZmsR0<~_{xeMP!Kmx73n3uX2M6k6jU+-3OPP~43$h8=cPt#DO&BHzt=5)d=bey` z&nyetj!i3aQ(BPF{gLM^6)@--@K0q_fV~xNzG$h^hzcHnBpz~S>VOp~;sQk4hs7VZ z4K$3_^}E~@hH>2h6dXSTvzi_CPnjEoa*0cR#d7hC9i#bor`Ynbos0*e9lHxhI*>Ik zVjlCKGB5D}1sXiXLwCK-)?bj?V3*$F@2$?(_Fu5y2F?_&`U_(7*1iSy$zYUkz&`hH zHrUP33*1SN;-4cJ3jD8qe|tmL`pv+<_1qga1}9>`fdS>51ZC=x=`XwxWGrNCqe-A6 zn!BCWZlO`+VvAyGj{(ZQfid~^`xCSQfNsDa=(4>VWI>uSfI7-xOxby#c@uIFJ>)7c zCC;YlS-`{gak5OsBzzZ0Y=|R>)K?+6h3M;mw6F;v%<4Z^wouSP2bb24OV`0w-YsDn30BG}9hqbRvysXZW$pf2$oV>^lj z;jZE^1HT7dj=}G`nNW;8wVgi&|FzUHr#adZmM9@Qbz{LdXs&&bQ zdr!q)C7=S7gnnIU3;6{hHiBdJAiU!pfj5X%=*uJ#CgaiNF-*GCAv(D+{?eifeQAP< zMNAjlu~Eqkxb8nnk^3>w7DWp1TY};SR0P#VegWd*bRaZC;3sYeECbY!>`VmdQ?!Wh zJ>aB!FXF7A85109@TqTZZoq~-7GqRIR16+Wc8}IzS~&fgl`Ig8ulloh-OiVttxd6l zkZcmNfNL^lzYajYA=ta_UhnDK*zZ!8Tb5S-rL(R$A9;?wx8F3*YaSja}>s&SfWzvZw>3I znoqF&9k|697CsOvy#tcW&iwQgf3z5rKMz`nKy=!lHz=pP;ARZ%7f)TWro4&dYqY5p6 zSNo)w38nSeAzR%8N=>1>(MeU%3#%5VC}{S*A92SUPOEk>;l?g?BWt@ zapqR1!ZQfK!16$=fGDv*&r^F;?6O?7Ub=Tz_UJ*~x{?SyvOmHZT52Gr|Fl3)rQ7zv zVVqHWg}r{nAQq5Yd<@IgR?(Tvn>l>7;|Ctw0v!Z{_krV9Q*%Y#e8hNZq!u45v&t$u zpe)_D4-lS}u)zXdt^_q6IG%IiJOy!ThWfhK?coZ^&LcX%_~_3D@QCh$H{Y?-)JB(b zk@1J}mMY)SYm5b{VltwT1Mjdm+`i*%;M>71#R{`Dbiw^{($0dkK=_9W{$it#RgOh? zDz`A^5TrWhJ(%9zPo~Fk$M}CQ}(&9b3|BDa5QDqJxjFL~q1Q$jVE9V1~ICYYK zXD%yLDX=2SGC2G3Cr(%}+##YWY zbtJ4~pWa;dX`;^R7^#UYt6-^^C*IGC%NJRE4rw&LRQRblrqs&HSw)ei${yX$_FVR; zrNQd>qPFwPFofCX2tL^LYu1`KB6}xO{^V@2FI^ZNw53 z9MxLE2rBhGkAp0Ta6-H}3*$_DuEbJe{Nl>N81o>dOg8-esXB6DC&|6r(3J=agt1%c z&V~H&R9z}GT;C~erpp4?iGWh5LLsJVWa}tP(r^MiO$!Ms#w7vZg2GUQwrR9H3VDm2JgS&PL`&2qi?;d1qR2?-HkfC1E4M19Qi-ApItQltVLg;|gq zICw!??dHV8gnsd-{Q>@L(l9E=z(L3;aZMMb!@i#Csk1G6-{`Xxz&)zxhEcuV&Knl@ z!u>a`^wp3+r(ioercX=RrD>p|`js968`_D+-CPWxF#~7dR24>yQN~4#o5!RK(nL8f zw#O98i}b8A%GDkf#|!23>N;5FCbr$gPfh)0vL{S+rAgX~)W<739u;Nn*CHj-_)wLw zJaD5B@Xj@~ZQLN$7Z#&rcZ(IcdOz#&*_202}c2RQL?JCfLzrMCyjY`rliT~b8vCFW;EwgW>}AZoAMeTbY?DwT9-w@6t4xfoU7 z0tZcO|M1TCd@R^ZRau(p;>}b&70fijTG@ozx)#YSMGN3YhjUjbR@+H4XuzO6aO8}N zQV!y)0p>o!@MMAHc`6O|f#-`PE0Ls)VlU>n`z$Js!0w6$KpHXS(b%0c7+Hk5;QVOJ zF`3q+{7FDPc_#`mvqW*mmr4kY;NTAuj;IOpbWfRL4pjC+SE#TK`vFx1DjqKOM`9IK zQjfp}ehBe&1INzYbvueU2318`;k(lUaZ$0YPGl&Pd;tYhF?mZ$rff*o2?f=OLMFQq zm84Q_wS^K$rj)NvxHlG^MeeYfxf=#UZi_#$-m;F=qBX-xSC zdlKQq=ytZ)1Q<5KEnXI;n2t$!Vf!+~MU!RB{YW3bz(mptX3`EkAElw2krjixL4>WQ zvbMnnOogEd)6MsIqBKkieFN*9C+#6d&q%e4af8a?E#t!>23}e}9A2KCo_%}34rMvq z%pnURXOHb*goY;?l?X)dnV6{2krpR@RECByNsERu5Fb1PbdK^ikI&iJ`4v0*?(po} z6L$68X`l5^uCCx4`{DHJJ9c<=b$ImM$uWC>{^s4=lYXaVuzt4#!utWzWe6lKxughc zG0CD@z+89FF{fpnoYDA*;)Q9<&cM=|A$wjXMnNq1631fX;r3@3`iu7>yZYk&5$aAm zCGS%Up%6D?=ayb6*I&$)0w(0@p*aIaS%@P?ey>ei<*`E>3|@OF;t+*N;-OxW=C^J3 z(Etgb2OgkkYbGW?+Cb~#Jz1n-mI};i*Fqt~EJ zm5LP=%~hxmQIMhv4-g=#=x*dk7|?kJwAW2I+gJ1Lg8Q$584R z-J+}a@1P}Z4hhYr(1gu;l6V;m$T+TlVbOozQyCq@U}k*0DN0zZKy!H4kJMPzj29Q%k~drK2K^GcDPK z%ghKd@WDGE;@yliI*+z~F-dzaM*GOv?sd zC9i2VXNhndadDeT!7|ZeuqMPr?&1Rm;t}qmPJyevBp zm@3V5@#2`NTDl+7YA&5zBg}W0DFruCf~FYqr=^p`@V^0{MPim%Zi$#>yArcR`{dFH zOo|Pt%IguKb}4l!UP%qwNj18ufOKRfpeXH(Cq*GB@O{7$LP1OcI@fe5+BNl{F zUthv3zT@!}%t_BF41=UrUX-b_%qU!9R2k(gh-%vrfgTa=c(219Nt!vgBA#p;JAlbs zrttgF_I%B`H}|%e-Z1F4s~uOdPZ`Qe)uB$K%2CE6s6qsmNMqDZ@>-ZXLc6&!*9AOE zb`#(>S5ocf3W+hD27GMafqudksW8)fr7Mk-Pb*Ao;g?|R(1-_im5YmBkLeAHW9<`B zw@_F{V6c^qZKT^nc#H?xgno*=nnWz%BX_kCWIO*!gfM>V4z^1Ss_Hc{=;U^ooP0=k zF2IJHpl4ECfTP45hJ`vDO0lR|tVSZ_fe0|8X%jJ6-*lFZG)l>B#Av1lB_cZjUKov` zk46G627#3ajNm6|!cFktH=OLC;J|XQg*r1`A3->1jW7k!HZCn)J4pr#3>rnfhbF2> zcR&nptaJ81dpiR!-T0qE`I|?W7KNo&Mlv2EvW>f; zt?l0a-u~;E!44{vN7$(}{mkiBVv(;DPQU(I{!$$-wU1bj2-7_hohdM*7@3RyMXS#E zsH6pD5vX#|P#BKN$gzvad?v&#h6H71v zi7lOrrA~aL1@FHdzI|hfvsh>a1#HX?9c$zGXq+nvDwZ|4^g2+`hvI}DEnzw>JTlVu z<%I(&NL?ZA$znZLtJ5OQn{-l(_MKoUg_@`#RtJ^oo^Q?37YpcYBQLb-_VP2_%Tm}< zEn^SM!Zf!iSAk~Uvhd`7^(v^+p5bNT*6yj+t(d!wokSw7vcMN?sK2f5ip5o&GN&&rm@42YIwmf{|W z1NOhIoPCOQ@XL%Od+|}ytNfu=a;ULYGsRa_Zc6$UB^q;LMUhe-rb4SWDN%f!n~GN` zHaoXW6f0&u6>zGOt0v2&P-FIzyh*Xj@~rq+T3b}3XDo>*;+UIv%|x&>ZL!Wva0j;-J!IwF3k3cd=jW3GS*Zz7bp62oSKSyxoKS@)3%>z?H=;$z&#n zT4BUhF!Yw>whtA!(zV4}Ux?8%Op8Q)OIZaDIB*W0I!vI!xkArHtqkBEK)E(V`3PQs z9G!5HjN*v@;u+0&m|ci@GX#h}bmFBn`(MChjxtIsoQR(jfQ6EHtM}zwPj--8;zi4Yy&>FmD*r+){-Yqo z{|XOLg;{8%V^^+x%SCnR-m4?1TJQ?PCI?IeU|I%T96|-$!=q1KvGO5Xxq8!AtAoV` z1&BkIcrKTTN+PuC&2fOSH=Sir(qzI5+*b}*qW^%IRdwF6v$n25Y5 zh3^J&#sr7el~y1grl__*P$MF9KrSJxtDh*j09hGeiq@3K(55G5t@##wQ3%M+8y8mL zLItg80OSLa*B03xg-Qj+fZa=4W5XyLaa~1wp~{abzv2J6PmYd2QT!I zO7O)CQ4HgzHXDMn1x`$e@H*+ot75vrB7F>^01)$G?cGdy`@_b5?$YfEO z$3QuGLTXz0e0}om=@~mZxx704=Je?B>V)3H)D@77GMD{Bc5!+79?G!qPyR+~$ z0NDtNNznOf#YoQy8pUB2Q}`!~<}!CG9kvW+HdsEGl}G`7k?}0H>WD-~f{wEg=Yuzt z$!n;t#NcX%qW7d`%*-|k3uz|I%_@ziTzMRGv?X`pe?qO<-3xfEX?t@BC=82QQN$Un67igp9|yqGe8D^e{TD3nb5sa^R8 zJvH$^we3o-D?L6WG$;PEy}PwnjQ{j{+r9ng_|H0?(v^g_UI0dmm@IGYsHIlva9R~7 zpH*TLSwNl|`pYk@b1Cji?40ST^zow#exu3!i=_^B&yz_z;%l3A*slzHC-mId4pvlH z)N$tl`_&?^R(LU1DqTUu;=PD#Hf;+Pc$I2fj`ka^L>eax!Yg~63VzMDM#~p&Cj}pp z#ugeqR@H=t4b-wC@>&}}mONYqL^@v<-e+Lhn3iH|->U)I4A)pem0qt^*+*tYhU41+ zf3A03ZfPPMY)kLXS+b?s4!UYdy6BdpeDnsOMR&eDV2b9BaOvj{ni&F6!15q~jB#4z z=`;YV2^*9#E9H4xin`LIn~&-2&_i+Jk*8o`Lbc`T@Wb3GR|#1tpcJ&QQX^{70IL+? zP%u=CV}Z^V!Xf!g5`tcQ`lK@zl(Jso+WFtt1~{-u&P1mhOM( z;RO)S^M4(WaQF&aG)8UtdOmP4vGNf;#xB(yF;;r7Ke{_(^h4)-6c4LW8*GN-Ncw&t+P# zSWq+sj+ytZK%hOOvQ#i0r1v=>1RWsK2SBwez#=0sBpykd1LGA_3yWvPF$dX&mx;M` zMMd_>m)+L9p~AID-C>=%J*VHo;TGuB6wOyxpu9n5Q#XM3I_#wUXihFT+ZtxIiF#%-n0KCa(3F+knN#kEVE?cVimryZPl)dt|B{Ds^GxNFMt4_B7GoY<(>%B{s|z|^oF8AG9lky3UmPBt7%Gf(HQv%%RDnZ}`|c$l7T?PEB7;ydLr3$i zEGy6bQ5`%FzOg+YZ&MYYODb})(6K?dex6KWc5vxvbj1eJ+WgR=m5Y-8mme)#eEoyy z)Zf!nxBgF;5+^*h5_=u-pS`{AemVZLxAm<5*YcS9ADpWsSO5BM>VgrlGT$v1%q68% z{4h_sD~*@HM?COeDqXZ>-Uw8soSM~ov$lSOE^cacX-!>LW4{9>UD(K=N~yG~BlHVD zq^7FO)2ocV#DYA_sCUaXeh5)!epL(O-b9@rBR;fOLCVU#qRo`dFXWVAz#Pl+Hl3%z zclPCs&4}0BTUhDAlOp~&o-HC;woz)hY*rCWm@WiV^h_4Pjep;j+nU8A=5(25!PRjw zLq5UV?YTK4QYY$%&Mi-i7G+e0EmpbTB63O9j&=E+0bqiqggLs25tB{$yjiIe#i7$w z3BOls-Pv)R1vBd50pRd;v+_9(BYPxsG`{v+y1Il;mZ-otmKtWYP&i_I1x?lDxh>MP zDxRb8sa=d>qjDSAV_U;qrRg?v z3e5pgH=h=sBaTWWHGwZw_g}^1W%As|eu`%{j-~>kSezRAjy@?IC-#STfzDMtVC}7L z_w#lOcMQ~K>8j&J)@z>2=>L-Dx!8hgP+y(ep*1rU5SS#O3ZbL9?@hP@Dg+a&)ZBTSWk1UjF~q zPTBwOb$ieGA8UCU{C~{`Pa|RIgoBcB(eDab-H-R-p_)itRCr{)mAC{(|6%#LH zo~bgRW+z^hriYPYu#Dh%AlB8RGzd38;pX=m8$dy&Qic9B*)&AriaDcsK2j+Z_`|eh zbcq>ejB)t|JmJtKL2Yi zkEtkPP8MKSzH;E=l#l^p@KIqfj63R{g8Jau4-hCn+3wq`xZ|>l+q7=<_U-r zHL?NK*&tNPp)+*VOS+hjj>W}%fjb@#WU=-a?LrIe@9p+K3((*V?(=SMur{5!Pk-s8 z-c*K#>Rvj&?M>jzj1QY4YKApw+b4lQC9|3TgoeQo8R6gZlmhXmI2@F4lJ~FD4-sgY z*ik~A5dDM>d;ve__EPK3Qe{vl2pbQ$sDeRfp$bZ`9Sd}!pM044>bJ4`V=kJMj8tvl z$8aDz3~HbLo(Cu2{3bc3W|ZaDJxW6_6XBllm`R3Wf_xRWnE)@wO>ly7jy82C@$}fk z-y$h}e&?Jpj9of^ThG-h3S|-5S!~D20k8D6+H-(BgO9l%qe44{B9Q-Pu+5P8EN$fk9a7l>asQ zACHzo0lu;w0Q2>Kx2*qrJA2Rie;vDoZY$w|HVwQgFBq(FSh*{1IC#LQV%6tC{Vfja zoyYGVIH*|lc~BoRsHSbL4KcP}-H%W6`j6Zk`A9opj{e`@-7Wk7z5VX<`A=(kmR|oU zuilIEk_FE!oVEGrEg6qm_o?E%#zmlN)3Is|C`GU%`-UJ z-(M!0^fW6$Rx3_p8?N4_#^!nT-|Fe?;UGZ;r^);()~{tL#luN{!TAKR>H zl?J%?HT&~dtljH&L7M&*Pp#$7I3%ipBKRvye9j}*`zxIt`tqMMm*MJ?Txv${w@dTI z*63=oYa8=xOBuG5V@vdq)F~F6kp%jiO9L$;3%pqPGKb-evNP5nXC?W~%!Zqt54UKl zUvm=PV;ind#mn35pIp8_JvzBQJUTjmcXqYvma7R^MwQZvmy>v%;;Hn-X`)d6{@vFn zZ%(eRFVD}fu8&VI>lTO&#+nDVk~C(ZhUeTA85E(ZWAaUAZYWim@2Vq5{nKlCaqH#v z>D$9^YX<({QPXc0wsljl2Iuyp$Yh+|(M&0`U?Z_EF3;be_D|2xo|0ZO(4IxID)Nt` zTFu26&D5)_&`3oRGsl;w?}3V!C*Pj-uPzUtke+ioG>fjYyY)Ew%F8O6X{rh}((&@7 zfBN4~$%!?n&Z1Tk;YBHAipaXVKNb*MmnRo*PLB?+XK0U#B(80ybe6_)h|jp1WHBkS zEc&w=dsGiZs*F81ypVFbFo#|s2 zf#$@2x;y3bAA7yt*7N$$TAron;f$>a__-!dwB&qzU{pwC-4*i*UEDbri@b;*lQ7T+ zh%W0K1avj0|15C+&rW6jce~H||7&?xdj3z$ z-TBXA0Ok0tzyO$M|M#lr|MhmB_5WI)rk%xdem5=uR^8zz)zzPxTK{@a-T9wMwAyRn z=h^?ez4H0*`0{!Fuj46M8TwAUva2ub_R^`(7oppikuPDzG>HmetH&GZHHSpeY3 z{Ym23zC7SX7QoA2y_mblaTp!hkv;HyFZEQa+8HkT9sZyIakpBe|F{12;qlwkvz9n5 z4eg6m%G{C8C0OzQZNHJPf9k!1BfmvJW%94iieIn^iZ9 zBA?SG7=FH6rlz2Aj)|3@%t620@IJV=WB2gllzxLONTw(=NnI3&{6T)NAMolrn~X_JAkZ0C|iCrPdr-kr6Tnx^#{f1eUu< zpIV?V`PArtaCJT0`(vpvpcA`~G6?4A|E=y$S^sZ?2k@-_*YUiN2EZs~uY4ZBKVf*A zMXcQQ`*c7)y zwS_J<>WQlsI;MK=fWDFw>fFV$a1m&XaiE7d1nf_FT3)NRRf zTGH)YS_Z-#6&EWragMqwg*~FHm+51N#%gZQ%paecL7$%|eQMusd&ZAg-AQ9|{*!znUOfoH3X@Uu=?jv-w4f?!t0O?9jdS zbg4U+f~6(PVLtE>Z}rP%I~Eo~M}DTOW;#by53MNeePT(x-Z#cO<9|gl95`%moBs4B z{cJe&KCrfx15-juAb2D%q}Oc>GvA-GpE59Lh8~DiJBkSPPU{CQpi}u2+rVxlAUqvA z!yD;CK#M<(h;e+@$FeAO(Pe$zL>I)aNSn{78C02z z5=qqrzc@&Tto?aneU1jbX{1W9OVP6)W4YLJdSRffdVy%as=63?C#C8&v6Y$CfOO%g zB?IWgkygw2r6zy*M;ncrOquj<3qm%mez}I9aFt!QUN6X(ETmDVT(0 z{+Y^E6uae8v)~1d=4XuB{)=4}*nIw*3?x5N49uPX+vWY=+gs1)|E}kG_?Z$5tVJOE pJbaEnaCyNz_M-k^x^=BEeCn}%ex9G_=lN-R{twzO)|UVT0RZ;ykc|KU diff --git a/released/assets/longhorn/longhorn-1.0.202.tgz b/released/assets/longhorn/longhorn-1.0.202.tgz deleted file mode 100644 index 81e4efdf27a883db6859c5d2f2ee67088009d3c7..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 11794 zcmV+tF744DiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ{a^p6#IK2OUdWv4nrslFHEnjDkw(_gv*iND^Gai-Ynbe+~ zJ!6Q3B&WX`jE&+qX9I!8;x!tVRSlUoNgb_ z5SQTsrO6*2`sww0y~F)|{r_ICSO5R+?#{s&Sz636o&M(ni7U)Q#-~NGk@^6CLv-4yafe_zkFX|TqmkGQEWmV1DBcuWPhT40 zAVm~SG2gV@Ex~iLDWt?giq6~(o#y@CZs$u2!+*o47@Ijtax6ZJ0kB5@zdqR6tLy*0 zUhhf&KgRP6PVfZfi3Gy{T8k8tvGWWrW<(eT^tYq8Z-NQqDUwPDO-OAd;y<*6b)m4q-uEc$z{IO$+U-ep{J$Tbxc*wj<5SZSmz~ z2`VSc-`J~ksOgm{ zO)Mm)rmEOX!Q%u8(Fe(MTzh$rvxG$GnB~g8-RpELvnYcs!Sb9jc|v#}{#d|3;S=5IgT-v1SKOJaR(7`j3lIJtH=eM^uud$%IfM7v`fiU*F9!AG)>?IvrvjVJejb z^TFN{N>Y>@%@IkI;H-n?*_5LgAJ1@fg?WXhW_L|<#1WMk$ERAl9S`4EN;t!Iq!xS8 z$WUMhxa=`S86L7E8BmG&93|$XGKA#?OE5=fWnxB;FizycLtUNkEv zLbY}j&2XG2gihblW5#1fP3Kp-`M(&&?Oi=*NuJ^(&08s^@*GEOj`_k(BL$OQO~mPq z+#e#2QY_UsC>W3M_dKb#06}qZN#XE2+M^=9nBbtuvX7< zrmDd_G|Cwzf&rn5qXiZa&6IrC|L0Nw&nYkpn9d1jRCSerYa(Zm5T$uF?t+vp5P39H z)hp&yvpIypM5%9x8C)Y;X^B@Xr>3=16E|T=!mbIOYU~N23IxUf$c6r%stPEMun>qZ zwsiYBPMK~!hA8LB0>&KazL`kO;d$BB&qIqeB~s7+X8=)__hF~kOU=&|r&<#4?Ed8~ zu?_q=S4)l!;X55dryL6d{|rW0w_6E9^?yti1A~RpBh6!&Vru6{2P{b3hY3mq?sPf; zGbUsoZb+uqn;u>@gbq2Oz<7+gSIfnlks3eMG1UqUiX#vt#(*ai97$jkgYTLoiL$}u z44Dy8(_8VP)h7ip)GUt$ljByG3`+I7}C!(NT*E5)CN{9eacE*Pf7{{-lsv!L9w%(!9;avW2j1aM`2iPtiVyuabQ_R^r5Q?c1=$yF`g>bp@rL6wL~iEUUeTngIWi= znj)hlbW_^kY8|bVq-F>=1IxiQzB@IbdQriyDR@j(_H-_AF}F}08_D7UD!#FG*pbHz zEs1;<6*HD6F{mY?G*UBA&o`&v4bI^B^!#G*?cn(6;#9u{#tkM9=6rMn!}Gz1ql;7c z;q-6%i#Jphr9~x5OhTTSYEU^R^e9epE@zlSo~>nWX%}ocr5MLJ-cl_kb~YNbM|Xyu zq-qwb`9LNLhzPB&%-|LbrQd5cQ!u$?4wvdPV{SJ4nB`K7CnuL?I7y9SGMIexK^W!A zdVx$E3`+7U>I?s0;cwRbqtux)c;+O*QyeP{qGJT~a5S_``=yuicX|r{Pq8}RK6`g@ zItt~De5g9s_}0)0L@M2f zuOTHgm)2**w0tVi726-8Fe#5m1Bh{!u!Xilx4^7aV34AzHV|nH1M8ju>)vqABxU&% zl#qYoIP7#j5J4m;@gK7&SJ;eRL$Xk*{-%yrm%q>H`PrYA`Tuc-lMHha%IslW!E5IK zUT?2goBs#>R zu(4aTQpZM}haC$SsP(Oy)!kwSD&Q^zQp&5Q9ucgD%tNWm(TOs$e%uId*>UA1ri zq^s$Fy?H0Ok{KsdPN4gh2)+_s2+z%4wJB-P-l{*_DYjn4!O$bwwL+2og3u_*3d%Qj3m<;fZa-yncmLdl?nga%O#%!T#=&@D&^lfpS>Hx$A-C^QEn;bD zfiL!^OEQm&a1B_^d3qb`qn*Pa-KdrfOC|*in2j(OInufT)-uPpyLUo>6H!WxZgT?p ze}8Gc^z=N=(_;Twi=VRuKTJ5ly7<4t-Tj*VceuCzwEzDoj~|l8$0!PwB4nKWQ?IDP ztG^g&xYM~JG%hv~&sl;yDV8Wk67`EPsA88{@lFS0ZYiZY=aVcH2lbzgP=zP^=(ud7ygilxGx z5FwjrP-g3@po$Sr85NFPi6oxniTmxX{@0Q@MlzZ;EBFT+n+9`6_2298h+?17a!ku8 z+nr49q^@_uwWecfH`u-0rMT^Phk6UTh7(Y+b7`6*NHO-2ASMc7ed8j=cuc52SDPeg zQ>T4stBunmlwgU~UwIZI^Oy1SHY@jBEX_*2*Oja6oVVxN1M0W87ic%tySxwV4E4nWgHX*WznKGqTI%ET~b z?9%Zlidar%vzXPp0jdDle1!Uf(rg?3PS#K@^S{vHfj|$k09Z5s4-b2<8}|RG1mKdhT$BEwN%hYKV)lFUXt>dd4! zhE!`NEUVq|y)Ec9RXw+F?q6JUS5*q&=vGg}%1jmWroPi%i`E4&@z7N-+)}?&2%kQw z4zw;KT{f&cb;B}-6+V6HuZNdt>NizG4VMM7Iw-g8e$1%EH?r^9aOL)T5pCnTCruHJ zOW0s}zXTA(-VY z*hA>*IeT|-=R*J@vHj*4kJY5)q zI7<>jr|Gi(qc7h;z8f~nN%BgBTK_-B(<)hxo!DOG+-u71O$5T7MU^7eIA*V&h>-l zr+_+SWfG`!bLdRB706oBM(dQ7rj1S=4P5Wql%DmJE>AtJPCT6{7Gx|*0#c-(uAOp? zlvRgRC#?q3%UWH5tCr#FaJZe}4H{cXhb?E4u_-r^Ano?2K7L8K{Mi-7y*%4u1Wl%G zP;P+-`VbzIY^z1i>hW8hsaqEp|6~;3QD(H|`8xDw`4yBK<^i|4zCmVPjVmfxohR(- zNUtU$z&CO~$h=(P6=<8O#qfLC@u@zo_MeN=u%{v1*8*H)|GhpqXzc&)A3WKAkMgY8 z|0&pDr4?w-%P>5%@vhCCtw6V)bb%p#*tz}YPm|_H+yrV?Ufm2*vhTRDAylqquMv^U zj-7$uEXJR@V3P*w4hfw)usz>-34i<=y1Ttz7ykZNh#BB$#&oX{I{hn%1mg^L|EhDx zpZ|U74qTg)t7YVVyM4adeq77$+RFX4+76rEW7GX%d#4JxWE1E&w+&P!Hs?v@%NmCB zU@I>E^-lh!-tguA@J(I)tDW%ot+?G4U)DJ~J^wH`KK*!feEjbH*~LTG+;qTtMQV<_ zNRY64Dp7TsIFf&O|IO)}(~FPi@7`T}JQ(Dlw#vW;i#x(|2*xWHmJ~OX? zYRq@nkmJ$dKsuH|u5BVap?d-P=#Mb%g@Xg@( z=;IRY(U8Qg)%*%S=Stvy!BjnTguxi*^KIco&8-{ z71qXcdL+yta=qWAcWAZ$CnpaP0K9JhZ)d*||9kKh|Nl78t^Gd_7Ga=IxUDU*i+7vG z72L}Yq-%Rb*N;8Z_m-i*#Yw;q>SxHw#;fL>Jb0{cMJ&3P>!KR`^}q$2b>bg+4*2s zL9DU=cJ}w`=l>n-??0XY^(aqGK)A8D=NFr^aY|KE9=}lBlw|adJ)L*ePN7BpkQ%5& zSv!ZeA^2RoWKzUt-0BeArW!IoIigbxf4ahpE%=i;g1G;6qgMaS;-auFr7SP~w<%j& zJ9`xt2Cq3AL+?xI1Eqbt%~q#AI278Zu@*yyV#fh_X^!_4E%qKXY= zHO1Ld<=g;uMqT|#q{dLm#A~pnKUmjp6L51@H?BP7r9I_!^S_~& zgSNVT&@V+EMdq05F`h7v1N~OVx|(C3Yg(jM$D;(Bph%KAKEWtX2*o2DF|8T?LoY{_ zG-Q*>8gO0LmD6yI-`Al%yMFP)snu|8wo zHSit%7Lg?9__yqJsA%)eyyah7+C4q>r%nHh>|w6~T&MpJc6S=*zrTK3|2@i6lPtxZ z2KAMn(b~0D-;l*4>*O_(Yt{NM6WRS$amyhQ`f`S$dw(h-l-PKG3&8QuIpH`y;Ve5w z85)y>Na9veXQvk*&yRj|h;ZBl8U1ba@#y63;LP6QbB6T=xbA`+^KvjeuD%!!PD&CA zf47#JY7y6mbM^9wF0>Eu4WaqXlCKkC4nJB_HqWvI>qGF9^0dSjKrfFuC^K{Qub5ra zYsBND;Xwb!X(ksZgzFz>DW(6kcm3kHSdS^a)<{v^;2^1WCrD-@yXPsAn;D18&YCp* z-aK70W3k)U&>#fY&Xvps_Dbox%!kTExMPoPaORfkID2f{XYaea9njT&GFLI+k99iN z8tm2}+7MZ37JX@fe#@st|JRb1!o__}fi?QSx8Jz`6R;uJBll_>sEE-#w@zhm)B3o^dExJB7r!pf2pr^?ZpA%zlA@rW&T@nYNhD|ECtrh z|J|nlueb9Q|MMu%s*^>WN?c)W+)ee~d7^*m-ul;j+UCD^Wc6d5|Ji%ptFQkL_Ya@u z|D!y1!h1>i6%AiK-h8_jO4K+}spQPR=}qv`!&Uq9bd34C$$1fl*xjHFwUF$tz7ZU$rIdbuK~l_e z*@y0)jyjugmVTp;I?#8u1B{Wt1LLIccJC_^Tjsw^gf;yiCb0UQ_pE9~<7jd|QH z{(8;-`uqFM76%Xn6UL)8+xHovs`u)#`y`3lj z|D!w)djDUc!U7bhgmz1%Y<8rV;z!dd$5SM6Aekv!1YUaq&;AWtP`Q2#%t1c>?ON~! zt{{8tTgYs)-Q{7>eWhOAVQ+cUVZ||#cN|q!^l4Cki-S5R`1+26s){}h>Rkrazgx4o zh!Gz5?!P~@>;E}QNUR3fxd9>`-^&zOqyKk$`*r{S>({TJ?*Dz1=b2q*OeMTXFohQh zV^?_w-Bkjn3tdmRbfK&Md-)Q2`s(m!dcp9g3Cn2={jVV=k@P+YEZs+6GPuyfZF3ND z*Tm9!<*X0V56=sah65`Rg$GF{Fhk-8ym0lrkZdG5p;HK7TDbqGMoI-l$uke1yA!?b zmrVfsxCMX0H$+IGT5NGvD0+c^EGg!&oG5?PLf!Oj|@du$|eds&)`Cd5|L;6Oac%y zoFp(!*w`GlLg;i0I8KlxbF8yVz4wU5oo7I?xqb^?WE@Y(4UXZO$Qk_cWeD$RvH(VP zNktN5m_tG+4m;t==;KH-jyuobn58MB@Zop_G2x;UPKn&s{~Gc;;rO3?TmS1`%%2`_8oFfktl3>w!6^iSu^C}#ptIn%Xrdj9J|8}0i2gC`>1q@D3MJKdj(4COP z7;PIk&i?Uxl$FK&KR-P>d3zeB@x#}#X8!N*9@O`LclTZ&KF$Bfc%Feh<^Vs(h5PsuFF?pr*kpGFkwl;u2sR9MR|&;RB}Wj zVniIzsj9uKTBBFCl0Nqsr^InRfO(GQ8T0cZ^3fETp-NW6N!k2{;}NY`_jo7>6H<-Tuw!aMka7)xRI8 znop3JjTz$cW{7g4S!2ktHrxe~Sm?oXJT%`8cmAw;`$PvD!+a;)+559dz_1nfgDvzPi*0kY0|HD-vI-RSt|XrfyE+SWQDU zIkm4sF_vO%uS$E$QrJ1DRI0c*AR-dvK1ktP#^JjkPL&N1u{6ar#xcAf=Tzo^1Wa=* zB)l7$Jt`1HaTSqn8&g#2K#7_x3o{AdyG=cl7OuMbfU%Y3T@l4GRzgDs$FPNqoe23{T`i4r!2qbw7bAkkQJgxOs$DMndl zI_`qAe4Jo0V@%)D)p_>p84N6Ztoy4dbd+UA8kUu7CQveqO+3M>O68Ri(RW(nIOn+2 zImhM%Ne%WwpcFd^{jyS*;unQ+B|1Q3Hpii%d&t>1!KpANqgo($I)e!;SkBe2LR1N0 zTw~R1XgR~Fz{ycHdb|2Tdk}D8YzAo`rCX za+_qREaGdDBydeK3>D2N)L8$q)49C7>^y@LGe%WH&EV-9ZwRBJV{Sqyz;11c3NAjL0}9& zC4^r6{lz8{_N5+~)HpIGjHku}^?S6if7?&d^C-&#C2&*x;A?<&{@?w*y8n0Y>HM!p zdY%>1s%qRKNXT?1ud(`9FX{;zCs@lXjKo4o!(3p9iIAL(b0tj235%{=$TyfZK+R55 zi~I=NJ40~1rEqX9mmyIySQRYdre&dcb;PzZCdP|`-q0i1+>NNHj&ZERI^%+l(r(tY zU=+?^0z=*6+MK>Us?wMyZBp(qnGCdHP!LC*}&98;6bE|h9iBV})Z(?(FvwVS&r ztjpN)f9!NV!=mrAF8O}a%T;A(>$RTN6PxLn?Qz1!+bL2O;&QC@1kjn&iGjw z=gI`Rf4*=1SuOwf4i8^9L1PxhLAztdlmXfS z5HoiDQRHJs-bXSikK>q{qY1jD>!YZ{D`I08>TOyP?W*_mi$*#?!kQij1L(JXl;Ma> z7EM2hrVY-EO3c}lroBRMQR)}AbJiBuz)Ly+Ti|ku<|tx zd_TDBxV4mgpl04|H$jOG}|38Ghe;gCxf zV~HafZrB$J|B=JL+32ex=6W&D!dTNG%`x8%dtvW(4VP&8d0M=57q zO-Fc;pNk2GUKJ0{2eq628j^m0Eh{v8;NiHT+4P5Ch}D<(tz-;U)Lq2OUEwtyr0=S? zq!kr@E@o-3?7`V)$wh_@_Ss#_KC61?;TUOEw>$((HE%Us$wn4@P1h9kYT(bsF|}GA zoK?JA9Bb^+3-{KtM{6HE9AC6H{x%HZw>jfvjwH7HwJ7o#-|GvVZS_L~1nwieKY!D7 zOq{;~HgO0G*skYGaCls86(gwD_R)YGGo*d$W#~q+TjDv?JnEcZ zt=U0qTx<4V+r|`aL%7PvwmJvdmm3Y<5hX~q^DnAFAU2(uqSW5wvJufO0?cQWYAc%8 zfmaHwkg>KDaK>a16MlEO`h&%!2!Ip9^`&C#)yJ~6+p>FgJsJp=&1UM{O>-%Jif;O_ zvr5Cb7&DzIt|YF%1PS4rMKN{uZ0lF9St{u6)$%1*@_zotdlvV`?f0$phv|Z4M_1LR zL3uS&t%X&O3%NnEHY*BT*l$?IJ2G+R= z_Ez!Js`i3y3Am=LlD1~s_d?$s=wmkLje+-}DPb{OR!m70w@DqfXU9iY$euPB-B_8jr;gpA7=iS8ZR-fA+n zpk8YVYC$$)6L~}>IhyDw$%Wq^PS$Dn!W%rt2`F$-@Ij?OwU3T;+^LOV}RVZli z!J!7<6m@KldFhzdiD5+%6T*rG%-A)gc{D3ypAc0O4~V}^9pUVcz`+9zfHh+3qj9iiFzjtz$1@yVS+AY#`BQyPCA>EP;6qerd=0{Agh>6+ z!cl30GTh(Bn`M|278?~7!jDQtD8++Ke55MkAd3;$QXiN-Te4WLqb$RS12JLc?+2C6 zRf_H5M20iTH&8GQleea1>V{;SP;iZ?WHK31sZ}a+A(TWE%C|_k@;04K?uehcp^xX! zT?SB|#oF&P!*E$Yb@$SBtZ#<5E}rhrzMc)f+iP0tt9pByBaW!VI5u$*$HVu2Z+};O zc5xC8piN~h-Ko{NZ8J2-P}Zj~Imt^HH9@K7qFG`^HKGdzB|ywrp2SL2b1X2Q+uR6k z5*fO-9X~WSiH9sM2G|UK@%>-~qtlCv!P$54u8Ux;RkJzvRoRS+$Fd@8knIe9T zcA2EQN?Dltv6&UKiBqIy|<_ zfnU!^G;ZxNf-gJ< zX2O^aVWqFnam41ByX%R)VX(bbf`Wqu54gst*2`HD)hIHK9^>x#P`EpU%%dygPe$Ge z5PG$&-R~1bl7e$DuMv@#kYFXr?GT!CDj0RD!)2qEBqITWDP+PLqp>JUNs?lHnn#9& zz;Otd6wfi&s@>lq@ut%l&(NGO?a0x<Q~lG#)p+ORcNNNR`BQg<_q%9dx5l8Z+$si5uO{O3 zM(z)bi=-+Wa5^vt6i|q7IwDXU>q8_^V$L$NMyXylGU}l+o}C-HZ;VEk zC?jFUgoG=_2#HW8TuP=hZM{((VIh!FXa3U1bR0@Fs^Xf1kCDhzm|!H8-cu&333pHw zUIy>re-8J@L~i|01^)6LrbQ*{v3h;cCXrgFHyKk)^el6yzMuu>@EYDI*82t}h(?%0 z;BdD^NIA0Yy@_U7V;ozR^yt$tCe|+wincp)>!n0WFcW~F&jy1vlWUmaLTmX zy;~EF(cX{WyTU%f_R0vI?X<|MnWOeBnqbJ;&7wJcMkH7Amn=3-Z8=(YzE@^@P@H2s z77*&wSWk;<}z8%Z^K-5Q5}U2x@wJk-h)6`EIZhS$;57HKif z>wWC7gU-`8?)MjV;ev0J?LcI**n()r6k}_sF_zaDQ`qbEdc9z8_x0iHmrI=;8mRQJ zYiRwm?6(?=eC=rZ_1F5B=5V<@;$lRgXpw15g&EDr3`fHa5|~F=<{2QRp}<`WZ?BH8 zx;e`AoX0E55*WEsh0(E0xV+Q;l|m4H>BRA;=jnNRe)rG+4FCZD|H&uWD*yli096%L A4gdfE diff --git a/released/assets/longhorn/longhorn-1.1.000.tgz b/released/assets/longhorn/longhorn-1.1.000.tgz deleted file mode 100644 index 28283e776c0b13af626c3ab4c06bb4d5f78f214d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 14783 zcmV;wIY7oAiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKD1b{jX6@cjMw6c~Eu*w(5kO7dlvbFya@NlCP0%RHiNpV@5I z0=q#HQ8&;5(2_Wb_gTJY`JU`MC|nwS;YAW7XR_*<6N}xr6bgm9p-@OUo6fjkJBKqY zRBw*6^bebU`u%?Y)r%MKZ@=HK|GT%}-}}Sv{_EHM*L%CKU-bXb-`(%;z4!y_Zyb`A zr;rMZKlJb2SAB5*BoAhcE37DIa?n92#tNr=+KaJLDd|zZgA2tY%A~?+IzWzGqF5wf zWmv_t)=DuEicTm=21sBQ&xmL(mQb0ecpfpFkpX&R+ioqYi^v?uB!EHAr6O5taV`fa zrL4GV{hAAYMH3>U>6Iwk(_gN3$3)@X)>?w31WRI}O_xDi&?x3v&KY4UD2j9Xfe1-C z8=$M*4$kx7XK%OH?<7RVg60a|IfNi85k?7>O3-nkNP@;Gk1vr_T;M4|1`lY$1^Qbt zCV~+~WUn*h8qS$gxg6~5OsSd`<6g|O9lz#1U^LeKxuODJ_e}9Z5)pHz2vblqX7OYP z3w6!K< zPGrWb-;ygD>(5lil6EeOG4U9D`fp!pB);nPBhi1_$uMOKQ$_@ILNZL#0Sey!dob@E zgsLlKR#n^H#BEe*?; z#U#ow!&4&GttV$#+`7^&ix+g=l8Q(rJ6CSLVZrqKoiEKn|G6KJ<|~{QME)uYz;gM& zySu-;TbKWPul640|3f@a&=Hy7B2~x`07wzf89PtV`HV^Z&EE(Kl5z3EiP`=a8Ro@30k>uZ8M&bBSEi-u%wD_(}%7d zB~U#Qu70hzy`VQiB>l&&Mqz7I+U)mU2H24d=W@oCx>dVDts3TcecO4FrbC|6cs@WU zlT)sSf=I$trz45bDxB`mEebWy$p9Uug;pm|h90>?F4O?AB27EBWx2eD<`=ov5~L!` zbd?yMa+qQ%2S|y6)Lx#EJf$%{nT3JnrI^$d&Q87UO(4?O_mB4Arug?M`e4NpgeBf!3ks|`b zNleLD5Uhx0=SNgtzQGy;$th2WG({{-M_Az@R|V#+>JHG6}l z`i|gK&E^*Uretp9rH8VEl-ws$$(YUelmhm=es2d;~pwOPHQ? zl8o%ChGm=!dW9A7>Jbdd{QX{}ZjAPYbTGR&LoDTWQhish?v5bNUPV8D?jZC8eI%%m z1y0ks=6pQM2ul#-N-KFXCo!GO9hoCv8)25{0x7{)1SzdSVy!{OoXME-LPFE=jMJEa z!l`Du8zOo}-NdQnh%(JUB#|hdX^jQ`6-pveFvJ-m?1~D`^!!P5P1OvgRO^z^wg+V! z$s(TV?)8$_Jh+EWCR!my2}jqMRYnq2E0`Ir0^lZGPbXzlXg#G&7s1Jog@o^!?tqb) zNQuRK8^$k4#$ogX#f3=cXe=<`W}=8dPfJuk?b${%s(>v&K`73P0ov{NGxIYe8HnWF zy}!Jrc7Q(>+8$oBe5XU%R1j&(KS3h`?5mW8ZG;x3=O$Z{B35gZr6Vu)`O;c@E zs2MghqM4?qMXONw0x@R{*c!qLzsZj?!jnO`#$5LJokLK45WaFQ6#5){;QWBaf(Pv*dh zLK2lTUZe?<3JYbpW~865kH0-RMTf^{=O^Es93Gq>!&}6KX(=dkHabAVvy%@8=f~)8 z$A5<}!BjDv`A#&OL`818!R4BOS)3F?&4@rnzLL0=bwL!25t5K(TaT35)o8R#K!#nU zdKK#RKqtBol_0Ln zy*=(_2|$!-ra_tUpBR?<1VyOoE)IAEkQDF%`)2^gpwoGR4mq39X(0&0DCe3H#)Z}i zQ4U&&=DZqu@6q-CNicPzM z{47Z_DN-1-nMpS|pwD6)8Eidy0(hocpqq`A075%y8vcvgcF#q}7kg(x0+a7cJJSA1 zAMgM5-npIAcjw2Wp1M(+>SM+JZ-4(~egF5x%l+L)|L;RQ;T|L7*U0YllEkTKvGKC} zvD2}v?HW_1H3f2wGRg{Nea0NPxo^&Ie@d@_AC68?Lh_W)L1*7a##%;TK1riApIG-K zvTjG`Ox6Y_#VP#M_mqV;K6|DR?g&54jb zm2YM%XvO;9f4%#vw*FtfcwGMv^Zfkt&KA0&*}y1eG$m@DldrS|gyR_*psk(HpF6r# z=lCWEyMAUQwNZhHQGR+ITP{KgndnvB^(#;p?xLvt49~ z)`7HnWLWyoI)@P!g&s$_c|YmX&uTd z-G?5AL}Lk(e_xb*^e8+ukEegKGHRYwxBvXF7op|A2iOCY4~hBn=cs&RLwL|H;GEU^fA?RysQU>fuL*#m!Xz5cO|y>HN7fV6TFLEu zR;yT8TFUz{lM>7WAFhR#Qy$nUpX?g`CE5XUlFE`} zbejvP#!<@=xgmTiMA|xxWlLl!`0G>*z($_IEJSjzJ~@q1?QC`2$n^T~=4rzWZCfO^ z&?jH06(0=~)fZY_qB2VrN;S6evRS*m{BP0!ti~^RN;VS?v`YWmd(p4yf3NoUUOno6 z5AlQ{sbY-do)&~$(0_nM)w}$Q;fA}NOUe?z=YGah(#eRz308RE!yvt@M$=9QSz)7j zXoQ-offF-5^b2B?C4?#TLa$y?q$Xk#=k!~_iyVBW@RQsq!X$Wz4QOUJ+yz~5njxzZM^{>ujzD6`So`Vt}s zWOsYPhaIV~DxfCgiETpgoB2-plP7W~>@!os%g zch~eb>Kd}bez)D=Mp92mv7{!-XpODM*8~Aq? z0vPlXEIAYX7ycQ1w9x^Tzk|=x2G4Z2ZRnGGY*P@X7&L8ux2<>hBlzI-Q)^FOh8LPp^60Y;5<>T-DS+4($DN8i7 zyPq1k%K!iJ#p{~>_xjcA{-gf)5YOH9zpo8#EK>tD`P@SdpD1yV_q=TtY-DD2v-W&^Jt-2+F~ApLHebqdEwKt{=E(tNxTsQ zaK-w6-QTaT|5y7j_aE2)LpdG&p&(D6IAHco%+2p^dEixJXl>`;b}NNS`UJ)#QnQcE=c82 ztNS-<5NNVxFp7^&b2!N|%#yNfv=|u?ijv@mVP)Z0d-x{;aDxxsJLAtZxHkH1af7{X z1+@CvoDBk5J2kX6wDo#zU{{X%Y!K$~_|e(`S1PqZyLmY8w}5K6Y$zHHl3!FL=R(PF zk$7HWj>Y`z%YHvtZicJW*N-4L(I&AR3O**`@>Fp?;_)S^tXb1*t!-m+ztzB1;4wWW zQI;PJ9b`g^n16&9jk3+i2Au_Fq$)A%fSj;Hph#n&{U zg2egn#iMI8$_8Kuh^0zo2G}z#Zx@+!s+URDl6nT|s zR7QS>5C*tQZ{`LpB#)CzIo5EJ03Sc z-Q9lw&)rTGMfEHu6$|=-Z3P=Pa(7$7oFokuW2{#Si0n(7r;pFC{IvOhTBOgt z`dH!rdHJf}@c;H-Kl*RYqD`WbpJ-_n#{M?RN8^dlcf*E5=u$S8PG;*ZiV z>1my__^wBDw#m<0Lgi(YngjWej6yE$Y3W&h*M)BzD;ycEZAp{0v;VFUyXzWBK2Z^7 zibmK=+$F6o$PM6HwOiT|zapZ{@1ZfD2PglRw7)XFK)t8TWEhCN4t2|(7H24MJ=q)u zQS6cwENQfw&!9eG4(GASX|Q_I!W;;#v!D9J4eL>WOZ4CxD^n^shaH@7UeZ`g5{5ct zrCtn)7$P@S_9*9SNEat^sPYXsAsppAO(W{l3asQ9jRX*`QAhz1sUQc$lD2C3B3v6T zEM<+sR+3A2hE*sYNta(@8BZ$nP*mzBkcuM8c@kaE2&?nCsHo(lSkb|nc`ZBvm~0MF z8NL%iHbRr!0@&a3>0h21qt3ei!5O(D|7y#t;hMJ?D}#Ns{D9mVQEq+iOFCGdmm{Fn5e`i=UAuxg*iQ{BG2YM!jwhVRL!CkOBKybY7fVUR?EB<$w6F~+2uq=7YttXJ^ItLxDY9dGPH{#i6U+`Dp--GD7r@7KmR;aD*qJo zgnaHIduXuk1BRo6J6F5U(I3A;-MxOli+=bkN;o3%j037DoBkEal#m?l{S`9pJpEx| z*hSmELd$gh#t^+;5JpQ##nPaPT37`HRsa$#N~#4H?6Chf_SmZs79y>DSwUJs*~K)XDTaAl18`s@OUB1J4-;Ue&ImyrjYr#+{J{+HYIy?UMWOROZuxTW&7{wxF zE*{JMkZLpQE=Qy*v=n(~$D@<~+&Im(z_$oRRVeR=mLRY2a@2$cm!fBMdN3S)_wM|B z<0x7H>moEYAzl|%p@e8l21MZ)Y-j8(2@*$^{Turp`Ad`~Nl;)CV`5)Lbn7-5o;t?&SxBjvvtV zXRmj;<e5od!c}`IG%-kds4F$iM zcU^1Mgj@F1xf9whS9hl&_G@cmA|P|bJz{|GIDqCQG(LM%@VzDM*0l zGym&j{;vmlYFxq1y}j+j~p*{vc1t-67>(=>Yf-KCbZd2FvWa9KSQpFS`Sz2`93Y(=1R%07F8)0fLvZh+}i9 z%a}~KAQ8NEp?*y%QtRWPgN<;k=oL94I7ulZBNB7q`Tq)*spfNhGI>KYs*D$6xkq97 z(9r#S4!3kIv~>QPiECNU-Eg}!A+6*6(x>7DfqR+UFyFCnFii_Ve#^dxiilp%5C5fk z-s4j~ZSr5{o4p2pmHdDCx_|aw#f$QOusx}b8!5eKyc}am zPRs^IcTx0Sb>u#cmh*#^{_V=w0eZR^eL*8X^6?uAJIqg;e)BKA@a@yW|5Ylj>9?U6 zpq2LD>&E?mdynxy5A&>!|0$zZ>V+(k+}C?<~qA92a`f5RZD#zw7vp=3pZfMH4RK72zKKu*hS~$79UL@Be9& z|I%FkxUmxeE9C!vzj^+%zxx>f@gUDe@Bj94E5b=eS+|tL#s{&meLS5CGR2BSikrGV zjy{NA4{w-7l^cN357x=?MK1yV!q))b>LTFs!d=we()hbW7{a>5KoY9%NDI2^BPslT zNa2c->pPNyuKGv{4@U~&J>1*KUR{qKZ{+@cJuUj*6;5fQ7oBqh#UixxItoiIq|^C`l)1hUMSL-1YNJ z@sSdgO;PW;E%$$Fpj3)z856Xpt=>hy?0L>l+vrc^hDs&%h;5q{h@O$3d=VI01risd zjJjv;ufww=iLf9jqf$~f?V%yKyO3R$NXj*s5BpYFjp%_ z7XJ9s1p4^=s*mUYy%|X}I%QmtP4}^K|8MtYjsNfO?Z15F{}1szK|`z*5lkY*k(qyV zJtGXkZ55h*_z< z&d`U$5lX0#o!*qH9r&*SztbE4L+rqR-HX|DNB_tDlvix0Y{=ZcgC;a3va{8b*Li2F zH^!Hpt)9yA&es2Qo}dp{P+mxMa&#;^J$nqI)1wK&JEolAKmIfFO27Wkjt`FB9`~|j z^L?!H|LyJ7*ZwL*tlL+Et=4Q*|mWO{*Prna^QZEA+A*XpICz*+1u?+PmNBTUjU_aLgIOx5_^AaMwnW!bJv95 zR@)E27|pa!8o+S+%_s~|Lu!TCu$+xK7Rh=I z6%E3w|_g520s?g*zEr?X;-N@`|B1tuIQ{{HNWfcyb z>NPtzyx_gt1UAVeI_Dhaf?Vl^kYH#{@daRQqia$Egv?E7YziX^N?&tvnR1*+RA?Km zN$<~wE<8|~;LL4Qe{+~(nr&AiR=0!foB9h@WKyIfqPEcyCK+e&CsFb9UZ?Yo=8rZ* zopZ#Z43Y~$_Pma`aY%X@`q>ZEP&^*{4!&%PPoX7pW&ZTkNRhQ{G8xCkMz>X$i{WR zRsO#h`*r`{{$u{P2YO2Vuc|F!l+x);T@(FZFzP5oL~B7pu$*gFQb>XlDwUw)LXiZG zQyyQsV0e2=U`@bkBQGZQ`XG{Q>o$Z$F=i+wR|G2hfNJHrDCiejER5$K-d+H(xt>@< zosa~gG!qX;sfYnA1jjSmE(}J_Sv(V*@j|9^mqb{%rR9PvXEea9NEOXf;!_PnA0$DX zmESAu$j#AcE#g^$@L zcR>OJq)XYG=Ml6leRkzB=PALggOHr@>rb*6JMccyNtupiYLZZNOIzCa5md491obg3 ziFSn@b3aI7RB+Eu#SLs?xZvEq4?$GD!)qX<>dd|) zDJ*YfSty+MGAZ1;A9S9tpCjCvsz z++w)xSE{Z>3PIHs2njc5NCTbVSHk5!@z5W_x(Zs^$D5E+2O%TWOt76w8 z65WKm$6dHaRv_w>C&Yp1JN~r@r@ga{lhA_ea~q_zw-zZa!_el4Y8h%aL0-+Pb=M*( zTWtl3Jls(D*P@PD;7Z{dsq}j<*Ahmpc-S0`v?5>=#L<4K@LB{CR9z1_qq4%U zOekSb8z+|9#mWusW%o7&)5OWfiKdB++YnBOgGDE*-;1>LY7R{y+ zPh5k(Y;)jwp3dEloAapp(%rxX>biBnRh07@x=Q!$n&Xo|;)@1Yn9mItu+U!;JAX66 zlu5Iqcw^iTHIN~e@;X^Elw23!B54d~Xg~Z~L#lLqyFray8t+AeGUruAPx{w1 zO<|p7SPv>q=V(e85xONDM#k9IAh;I}An0~sud$F2zoU^+q^b4yn=QXNFGQ2tH$Cm% zuC@g}*|U321kkw+lO}pr?3vh%aSfi=*5I_nD9sg46ywcpg#=hYC{)ZTTU{S7(fzS%w z91^S!{Ll!nD(%{XcPjAa1|H~h4?XxmHCr12p*pu2B-mcv=bnj~IfuJ;LoiGxN)&vk z4)uIS5MfEqDO07M5XVHCpd%ZLqqrbFh_2Q`bF>fPLN-{2BzEL$vFR2D8L;7Xhj=JR zqBR+udQGBz$fzudf}%|%fJV>^47QpBmXgO5f}yMu;ZS4mH+~otKp@pwkk|9$jHbjy z?j8}~u}O%E16>~Z3g|!h7(o?e>Yx*eD)lOOd3rK2+LF~M5S7U0V%$c{lrSros$pv^ zK?+}zGE!{EA`lLEQKehg<+U=Ri7??U0b;gJuXD<^3OmCp>_aPdT-zErnS+YsBBD`J z2y^%pBKjy#Os_%RYb@JGk@V0<*9?qxrscol=o(Xn3Z|$zhEf9iBOjv)WmL|H>^;3b zU6e{us}8t~KuqkRZTyJJ%Qu=3NOH;(B16hJgn}LnT@-PKY;jbUuTq4qmW0)+SmWm0 zoN1w4EYPhR|HH&X;3cz1Ym5?%lY}G>JYDwp5mp%PE(#{d&kR-=`H$7vaAn|d zqm6;pWUtw^Cd5S7)d+ywkt))vyK{xbPD;mR1Y-9NV{c($txd0whc`UNDOK}@xTqAU z;^QMh63-E?pL~D=A%Kk3R<;(6AU3>MzxI;ZN&#D!8#W=ed;p5UhEL_dL})zIO_&JT zvR1Ei9x_e|3I(+s(bH=MBA`ngurf!%V2oA{y1hR!2UWt8B9JA$aHorkJOLYjM$knP zVD-WskE^64*YXcvVVXizbq31>3o__LXlu)@wXH2{BGT$8jKv5+#)6;>&k+~!k7mVV zZHRlkF2JN?v~KLr9NT^l0E~%L5t&T5P#y+rrfLgR6tN1fgw)8EU zMtq_Un4$+0Ejg>p-)i_~)8!4hA}P|vkuD!qDpc8l(SB^Wxn72xIT@hE5{MK1dPZ=n zX7e%@-ZB6n6}z58-U+PzfhC0vhJANMgf}HAn+}PH2~#G*)g#Oquk ziimRi8cy8%DjF!th(t4fjj|%1m4^y2gQcEoV%I#&pS!noKf@w1ryQS36yqGnRLv_$ z-Rt-7qC-0~5A3>r6|;MgB6kg}zNL(2I6ZJIa5+|OY2=G9$Lfh8rcBo=vVhORLUp)6 z*9xVJ|>FoRRp_ZckavADash-kSm_EKyzYwGxJH$NC58MOq0gRRepF!`K5x zd+ni*)+}(Efv)08`We{PAGpoI?%kz0&j}Vzz-k#CAXn?On`0R+f_)90s^K1~=~Rxn zmIazj!40Bv=G?H#UrlSN-`UZsxwJZ9?oPgeUudu2^d2q4_O!qPGet;Z0*ViZ??Y^V z>p#1IV^^SxZ6mT4hB!iA6tF+b{&Y)@^MWE4prqg1dufh;L9%E)Kft>&o9k*4$r&%w zMDuPzBoSA7;@r731L%$;kVd%WkSBh&!=rF8$>auSxn3##-Y&`rW)g8mB1M>*0XNhA zTV>8z)g;YPhAEt*MkX8_NoCS&&7A>1qf=|QImM}mPLwe^ah|83VjGdO2KXhl;)x<= zN5rY@it|fECKD2?Ugv}%E)rd$JhWXfa+AaTvyS>>f#qx)j=5=psI4*BW8r#I;UpOs zS&?GhN{rLEfF$P_4mb;*3#xybi8A{$r3EqQJZ&W*^cBo5k&0$8kPP3{t)HEm8C(>c1col=%t5V}3JJ4!=7%{q`80e|IuMqvP}Qlhbd}$CLB#(82ln!Qpqu zN9e=5H}BsbkM6>rCn?7@KfdN^>xn+s!${juapMxMnjkErilKN#&Y)AX58WmlpUR-1 zF85SpeoD1ns5lyaFo#-)9}cB)SYlCnr}R3^iBOPN+T(CLazzk5 z4Q^`F*nPSoe|eD2*EGD|J_+n+40)QKFh#@_PMiA&Pz32Rs8Xn=+%qK2jT~mGg62`K z>rz`6B}5UCdGm=+6k*{BW)fdEc3iyDYTxxVTJ+rX!9i{;Z0n4I4gRV=w0Vnaf2BpG zrMEigDKR=-eFNN*%egLvYQ<_xi~HmAmN6-Aj<}atD-W;3Np?t^WE{pO3?wb(&o<=O zRK72xs4#bM&2q@X)zS2T-a|iQP$YffpH1=wxn`3D>WW&ggYM zhB;kIwWEa4>OAEkb)SYsn|j#k7v))e6LMwUP-B94PRs%RVEe=9*uBnMmm?tT(c1AE zRazQtn_Zh3k=0_b`A2drobD${Mq{4xs`5AJY@v%wGT;3Qgyinvl#lG$|G%P3GT$4V z^5Yv47m8fyqJs+~zyfU9KZ!)-iio+I>0!9RYYvs=YOdQdg4qn13v_V|$xSaz%0D7O z#$A%R+%^K+CMN*(PS(M^Kn*x%SlYg4LPC5M7YS!n(CLG`0M zVOwi@^zp97aFr19549x2N(Gtb^ze7oSMxx+-< z-A|*@b_B_AZEe0NbX4a-(|acDVKWXzul+MyrjD|Ft&yZPG4{ zORqZSJTZDMmDb7t5rMfTM(dQcJ*-8m#PqiwgZAoML&P`<}+LUt>Haqyj zb6}R`foCaaB<5OEHdpwC(_pbx7DcWs3JTW<)o%DzlqVdUJrCpg|KM4%R7HGg6kr^r zj09N(PR9wRsi)kFYfRMzN{QC3>=YVa%ULY~BV?EoNv<37>{gbwAaYD=>N%E@Bt3Ki zoaCY&u@Ee$F`3~j%3)6;1EPEHp$qD6AHUCNw1QOSmRfzu3EXmC zp)rlOyU^IeU47l4-_Zvo_+Nf#_1%3}XBlb2xlVq~hCDg4sAy89CJy)2(xKUdJGH@C zx`mBWW{|*ir;SR%HSUCJ!mnA+gu(ELaj-wPwr)jGaLs2)Rtvgs($xrZ%R13)Etm#y zh=OZgOX{nN-r#c_Yg--0@1q~Q7cv-~xezzd!lIlfTU#|fBp3?`N74X)L1#w8Fj@SX zjudVRhtdu+By-A8k%K(MvB?|_7zzO|Rms(GFTwglgFWVIRzW&u$*sn+CN(|8xHid> z%EjhcQ9Fg!KUZ;A|GEac8(~ZpNLI#XpTb#oOxZ`OW^b@m-x-y|Y8=hjY3Zn9s;<()0!x`tHy2FqQ*b%ODn*HI{=#v`lF8XqUGTS0U~PhRrK(3onN2Kb1*{(# zzO}`;+S*zdCKpb3N5D3wd#x3em0eEc@r`;h!~$nT5m61XhVySo7wVB4^#bM9VlCQk ziBOy*RDZ##xeLU)c46~{v!E%nUw@-s7}qOL6Cxno7hURQn@U6#%II_kzCuP~A|*D? zlW+sUtU#PXQ~rYJPq8dAG$B|Of`FsfoQ%;BUPSNEf4_P$rfU1YE9Ecl<;YsYFtbbI zjKHlhZRVIWIl>}!zhP*++G>uXgsFy1rd=>(XFMfkI(BdXLP!uxYGJ$%S=V4wl&2@F ziv9=DIP6*&NX<$FXu|NL&b^S!^9NW1gG+5DmUGM~kdN|3y}VaMO~fgi#49 z?ng{j+a6mvK|x`pOW$UB{vKgC3A#F(p#9^p8OgOK4&b@!NI-Hst^~nIJ)GwYAx>#L2ks zpo|NoKCpU=Zecw&wWArqNpy2_)1%q+sX-)2bl50$v6NuNYxV};C7f>O6(pG;owacA zupH1xX%k?U40$3UA;+*t)287&G7{Yu2J_P-`q0G}dt|C|D=>l^m9<_}-x_v4Vy&>- zBL(${plug>2dNOYgX?LGGaeYP=5x&s%cKFu2^<8~HM@7t=Z)G8bfUHOC>KN$Rys9s zdX49@&BswraI@-4W#8VIVs$dD@gG@kZ$rar{UDRk`K@EZRWu9URYi@uO9;Rw)-R+H zWro|CUiyi8^MQ+y0w>Gs$;!aa9-VU?% z+#>TeQKjk<#2RC!daS6r^%dJL0`i{vZrpKIy9DaW8~AS6#y!QA#4GOJir6PYcU$PI z5}}Xayt8+1RYJSMpqU`o$5FMc->q*9tx}*eKzHe^Px?_E@1n5@5~rAEo?q6^YM6e` z2m}@TLT#=@WLrYHVP?;4B`)md>htbK24s0xz_}s~g6_erh_30lTbU_WV4W$hMf^7> zw;JbKiGvC!d)53ljt<-cIiV)$L+{Ik3_;lal8N`H;APLO*T!h=!I9e0>}3PK#TcrG zQ|hP*j@-9oyYT~bw*o9nf3qyJ&0>`N$j5J}Y~gfI&noChsa!$?{-WoxHW&n%6sZ;o zKNVb=i_|E~3)KT%VjF$`bC=4U4`XkkhhGJ9}u${7=6XhUy2q z+g(7c><-Y+U1#BS2i?7_`}y+^Pb)gqVw@vC_FK&8vcwFPymD+Rh;&q!tdpwg815j1 ztITXHH=YxLUZXc0C+KUOY8_0V$hF;;BFT+pM8p-1Z46sb-#RHBU9Q#RJxI@CVa8=G zM7w)K^B(2h7Ac#y4qG@J@za2|eWr8Txaxk)}_aIQad`23Rer@GUvGnbfn_ ztx@P#o+{U*p;nrxz`Tqy0z@-gr6okIj$_w4f*Y93`LAa-fREg0QA1Ta-$wC_Yr=+7 zW1_AJVQ9bK@Asqqz1Oc^KVRspfI{Y{mNZZrewKKvk;qpLreA)ke`!vayCKHU2=XH` zgQ*asnVI2exSmE<bo0cP2%j-akn9DoxaFtx~OWz6f Z_&h$3&;O3+{|5j7|Nl{8ewqL}0RXfg;6DHW diff --git a/released/assets/longhorn/longhorn-1.1.001-rc00.tgz b/released/assets/longhorn/longhorn-1.1.001-rc00.tgz deleted file mode 100755 index b1e9f3783eb6075eaae33312f8df588c15263bc4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 14841 zcmVDc zVQyr3R8em|NM&qo0PMZ{b{jX6Fh2kO_!Jm==GfM%De7W-mUFVdRU{?RjxFV`rgC9` zc?zkp_(T7}eboo|Px4^KxWbBZCI=maVytk=r@a^}m69IiJGf9hqD(5BrUT^2C5lDz zMTS*8YpoO$q3DE?WPk)_@r;PpVhNRbisuo-85y9rw(ZuUx`@niOad6>Tq=^a7Uyz+ zQp$?k)~~tX*EAtAnqG^tJ^kf+cT5!CZLK9pO0Xmr+H@JT1&v~!<(v_wf}%L5-x47y zX9IM-+rfDr{Os-a`kjQxSkPR-JBJWNCBi77QVBXP6iLuH)w&T~l2aLwLKUY-Xo1Q6NNFrj+6k!T##w?!f zV4-ffxZ26ER77ZG{y<_S%Vu?JJ26kW@b4o1E`oPGc|HCAC1zC7e~>SfC`jju%x}0z z(5lil6J0&G4c3({%>Dsl)mouBhi1}$uMOKQ$_@I zLNZL#0Sey!dq4#pgsK!77A$Ma8DZ0ZpJRDNM30N9uQt*j(BCnec51XDc_Cr~Agnbn z>lKR#n^H#BEe(sA#U#ow!&4&GttV$#+_};nix+g=l8Q(rJJ)W$VfplTBN6xeozKlw z|A`)t*lU~?ME)uYz;gM&ySu-;TbKWP2d|#w|6@GQ&@q|dB2~x`07wzf3p>xy#f(ZL zfc}2??rk*TBEw3{pb1ThE^tiZ6bpi`v7mUI5{VQ?V}f!lB}ouvilaF%1X3i+Qw*YM zn({GDt-_&FqW?lxj#+rl$y77_`2cmhoes_L6iPYJObx^M%-;wJl5TF|?;SI`AbIqv=LesDIJf2EgCd;Pus?%wWeGas7a z-?N{puxRU~f1sydTFhXjux@P4equ=@SEbVWUT?3r8>O>dcngZ277%x8IH*;d1g%cE zwi!>zv7pyPSW?Az=|k6!5~v;tSHITVUeKE$lK$gPqp&q9ZT5Sw0_;eJb2;Nm-KpK6 zRt@vJzU{n7(;-i3JRhLb$r)EeK_p?S(~(4IrA_ze7KNJUWPpy+LaURfLyz1c7ixf5 zk*1y6vRqz6^NU>T1yT`ax=IXBIZCmV0|Yu}_2oIqQySwVUTB4VzoRh`r5R^^-gO8=-LYnUl&;+N_u$3S9_$`%cfWG^_)3G$J)zg%ybI#Q<6$A7?os#OS z-Rmy_4K_d8scn7;=BEC!V~0B;N>Mfi(8oBwD)I{~ro=W7zBv*kAxu%6jz}zA37n?< z<~%^c#~Dq@w>&K}a!g=2i76Qif)%ms{FutCw^(B!IpYbDrig{<7%M!)YSwu9md7}y zYVL*&LmKgkI%J9-P9~K3kJeate@(>D;f}KDkcgNtrKLw$>>Xt^!|CBQrm3F1da)v( z3Y?Im8HulmsKC|4`n13TGet;p0+Quu_@Pq6nGqvxXvZT1fu+R~=^8RJRt+1#Svl+3Os^5j+>46(o&QQEo-hhoc~lW{@Qq%r{g zi7+Yw#*dh)D%O1ihLB*g9UT}o#mL2E$P;<0m6Kt>^86qS%8&Fypd3bWOn|TwOL?@U zZarT|DZ#ABN6^F9gy~5q$;hs1SjM@a*H{s+9>I{z-ycNk#%Nzi2eW%K#8TcQ)pzCU z?g-*6RP@s?9fY2tj|3I6z-cdvmQKlJ)Bof6lt+BwrLP;bFhB!lnT~ooC zo7;B5 zt*4afA~^Y>knlaz9WW9TDY2Mu!}tZsIEYFovSm(%8>HK+mY$bEh}$KrCOLpDwPfZ zJNUo_i!`^@v~)%012D)?j;W9y;yEv#3%yn-n}S9WrDVzt)Bv2LXq+T=s;^3yAmuwM zl@X3J;&rGqexIh?9iZn$jm4Nu1OG!hz2q4`?Ie0^nB&HQ4$fVWVSoXhT+ljQ4 zyxke6eC(Wv36JGY(0ngT0@zL`8ljD;D$6?vd)2{8t)`I3l8PLluCCZMn9}?<(*hZo z+gOi8X*OJSh(AL$1iGGLBYI&dZRKi+)^Y;~!mYq^GL1J{Pbiql{Dz@`s7g#1lK8cS zlf-bAprEE3+lQTbG6zl+lBk^VB2AD~SSZ6aBmI1N^7ZK%IyyPOIQ{DM=5*jYi7^WY|TjSD{`HbfODU3F693t|usX4`Rj>x#F%ZjWc6!G;z!e1?AheUF;lHeH z_gr>-vG*1vF!?^WBkiB`@%~@$o!dEke{nMEsav(FK344i_V-`y)%?E)ub%dQALj}8 z7#Y7ocBhvlPDP82m*tP0j%95(m@2I)kQvX=Qk}9NyWy0e^w`Q~eth@peZt8+^ z@x&lnpO*FiX-3kV2-#ElX10P>tpEKtyRU2O|JA|M`hT3~r=NDV&^65lMk%8yQS+R9 zp)DXB&&U96?fmjfN0;iH+~#1{&y1utDiATsPp@OkMJOQ?y{fx@1?s|G6qTRBSX_~zgKHDL- zPWaPd0J0l}2KxnNaattpgY3O*K&zScU}xvg(wS(3e|^>OcY{Xn5414`x~SIWPyf}$ zg__C#>JHFP|JD7o`$NCff0|dn{PIiJBfREu>jmyM^rA%k01&^bjwE7bA>*V&Kcn&M z1H$5${x1}a*ie0hcD6dD^?=7DmCkQNq_K(=W(gJv`bL{7ridoXa79+9*_1H|#(7>d zs*T0+(@%asx3ScF8aQnj_2g^^*aMUgiTRgbqVkOm+Ce{qb5`sB-GAw#?kAYMCIE&C zlW06Q%{p2iSx-=FCAaTctzuzmDenVIN-z(7xE5MYd0?k}vTOL0o7IwF>BN(O*$8)$ zW33zDEo*$Id#?saDoc*hZ7!f1M=eL>hVZEnY3neSEs>?*uTwDq8+it^5Xrsz6Ei*ZGh&n_gei2OSFb2i6C;Up`nBLi4n9-(Np2Nk z5cd&-q6;mO{f$F#9EJwWJ=ZmO8UKVOMWfw+O2um zAE;yW1_redr#3iYVcYh*YkC`X4OwBo+iq|psVAgZQWIsg#^CHWb8i(Gmhx@!1~l$N z%PSj8zT}Hr8>@f~{5uN)40;KcoQeJm{|r9b=zz-K!DnfMXS&-q^vON8DF{;xnl``N z);s(Wd~o`yHL+UX`Qr7?A=oagS$VN8N@LDNLRrZ8o2UhCWOZ8^QG&*D@hY*5)!<_Z z*ZJJ?@%R2L*Z;M@M&59UWbb$-iQIXV*S7A@7LG=>;3)LPwW3No^btZmA+i+$3O-nqADx=o@*IG z{PR3mQsvQr+FGlAxWgKgIf(}lXOogxaT_ZRhg9DhsIA_#2oSdfY{g*I`nmha|Kdiz ztW$&>-1^aKusfz`-qb@xYG*1CGDl;o4%w>1PGje%pSWkjjx(_ixo8&}7SC6d#-BaFS)1C1u%YF)|_)CBYBF%EGVq@J|Hb z1|Pcj#-C|$ZS>jV27BEKX!Wx>8w9d;YG`d}>-E~et{nB*Ak5+MqqPC9RBD5E^Kd?F z0o8EXP&67OzoTt+s5R6r-7@$V|q-;bw!?0!dN9T97G?TVKm5O&?1 zn&JE7PiKekPDaDSqm!U%2t@u$@T@xZupMp{^u~JwiIbt_c1LTc_6XNQdozBHUe1%C zLD$dO`{NTB-DbMVN!(*RA!j&ij_LU1tHTd(FFuVzqt}VBPOK3$CZR=_6HDY|^?{Ge7 zu)!5|*WB&2(al~d@+#4&jQkEE4n)MdO$NLF=7p?Su4k*v)*?@^A|oZRBGb76NboeJ zZ2AE{IT$m1`+;G1JZ^xxyZ!#3yPYVC>RC)G7W5hBU>zRIQ?X0NSg#Zi z+2=M-pPpa&Y4iWINS_DwvBLlJ>UF>2|Lwne^8Y-_)5^?`oTOal+--`=JM!Rr3kU~L z8=(%+&k-;&bErB}_HcW^{%Qx|d*PXP#{w(0qu8H>kEA`-w`P0wGxT1*r76FOd@h0L z2R@E&W;7*{QShR~AEjT?(>iDIU61B$lb^MO%Bv_f2l62qg zk|t|s|6LW)1v&QRcbvN;N(*d-}g(r7iGL4Cp;&SR6)VD+ShIS^WBKlOIIq_LJH40Xs#y%-WPL~g3=QO?znE>7f7b(p9*z&K zmU%0ZgSalUtBH)rtvZPEAVJ8I#+&&>>LldmSh$=btI4LCg``d_B1}XQ-C(NL;~A^+ zm^1-5Ld!7u72={j{fQTG5PKcDIQ*O^(zw&3yhzh^h-Fm@l`73x!jEkl6+<|QO{C%k zEL|yX?vRnC!ntCTl*OJuj@;>r#Am`<$*z{Cb@{AzcB}p8qBL!SvWHrL%k972{=t4d z{`<|r?vwrZD9@7pe@_NWtw58)&d|(#cJ1$N1v(d=3)38+-Mer8H^G0zAb@7))nEWE z{f`;}0j2v8gvG+G@ZU^iK)HjDzI!fb&$rR@DAxZ4gBN{={`4X)M2eye?V?Dch?|WH zR-`G4Zcz8nKh2cNKgB#DzjTp3G+6fm!_mQ=>)n^=k6)nfUccW(-~SaQ9Fcg&0acVu z|B7TvNRIaY3Ym7Ef4?y7qHSNHWx9T2h+Z!Uqa~zbX;4KitO5cn00|Z))q)Fl*nb;) z>{SR0kygH}Ag!QmW&d>b4(h_K#>JbB>+Yj2-{E{{$L;%^WuK#y^KVa&PCgwT9lif> zcCqQ6o4Z> zEU6KwZp|hA42gM3sm3CA134Oqi6xFi_p}BcwJP55~3}U^BP?H{ABp{^yu)@0^!*ZM6KQY zjD9S*BI}E#u*C&=rq|=AcLje@XAc@dOET=$tMaapw{`L$s261FUT?wN75YV;ts24a zF8m2C3qcnJJCr76^8cPIWS0B?3c85{K&$dU?7pt&|9k!F;3@ytqda%^|7|R&4{kWA zxmf(WdxY{m$PWk|Kcef;Uhi_pqd)#qn1{QZ3c9v0rJx%>>r-L1?&Ycj41ejj9AKC! zmHU?qyfSa!pMCw!`}4C;?+(unzt#%puvOb!=KksamStfSMYS;8T3FYww}3rH$d8Tq zQcXDXoS^Qxxk)A(3Vu89y4I=*x9q8NC$wFz?oLDO*Ve>DK<0=C!~oxO0L@EieD7_i-lAok>++a+QHM#|t}Ut&Sza6#`DG~80YI_{Rsd!9myf3r`E z{^v5>Z|o|-75d-qtKI!Z{@1;y{9ljq)VPA1dwbi5$&FZwk~004zbV(q9ebC>vYlev z^ds&NH<@S&L+zS}277dfP^k|Ay3-vKO}S-$3e2Vi{ppI#x6z->4IhIq8oh>Bg80f% zORH+|x2apR;DZjmT5OW3!S)v1*Agmvwmbd7H33SHRWWj`W)+Rh2lcuHwcT!`u{;Ro zHILJyDoU4?Cua+#d84S)0_({Z8&jpyV89msXw|q)VE0*F8w(mQ6|ex!|LlUTh5zSV zDi>S)10VnD=Rfv#UmrBjf4q6(|Bvy6+#OQxl@5Ua;NuEEZ?Md+%kewo{Hi-Zns6dZ zIn4rP1TZAz8z6Woi#Rryx{S$$3lhOw7wXrPBDFpqJJ<-vie8grf|HaoG9obtp8v04 znQA`ACzH1{qsn+8mU|SI4-Gxc=Ws{YLQChrnYfnq+zoe26Vf`~&wVOh5V)7g4f8$w z3e&U@hHho*GZ_H-ObG zKO?nkR^N~(BkSZfJZqW#m&^R&^0y^P6omB;-TM<6zAj)qw0&{>2V2y_jd!o z)Hc}wo$Hr}Yz~gUx0DsP3%*XINq)GXZjt9HflH9mGFx^_!60==R3^iKUkSfqH&`Tx z!&CT8vRuuNsem8GGJ-#I!GD0WRo=YP60MOHVvR(St1^h^GJjwe@jEMri_(r8(r+dj z&w1juIG_k6wG`upBtb36;BP)u*2F!Lw?_I+jYFHk^)b||+ zkh{10n{pYn$bYBw*|YAw`9oEK74pCTYQM4n|K{My|NAJ~5N>E$+`fv+F%A>)$d?%QrV*3ancHdvA6d z>;Lsr{LiC2%aVCHiMK?>c(9PY_Y(fxi2I#9ZR?s*qBSlozB0Q3T+}K<7l^h(;qEEtTJA1@qEgJCg)p82 zYjM7VY$>N%MiPpZX+21<;gDBkV!655@nr@mYVRrk%cDFSjsFnD26@~$`lID2h@-;aS(HaOF7&7&9`&Ao*YO?A!A2;GCS1fT z!ae+9k*AoCr6YbZbdlBDC?Gz z*!Un8wvVS%L8e%dNO4ow$I%Dz>){QvsB!}^`rbM@KID!{MpbAY@RIPS6a? zzmd7??SmsQ!e92R?Wb+@Cvr=rlA0QAn-z#&kRN>! z7+M7q7e9`==kBkg^J9syASk0!Qa0_OA-E!uWtm9L2#UE7MCKfJO?4F%&#+L)9CUL< z^*1%6(tPZ}Vp=)8;Ku{kzvutG8A&rbWn7RAu@?WV-2dBsRpbBrdwcyS{{I-yGc?3X z5y2!<9GUq?H#5Qz+*YBfGsp3j)>M0)XXrvxsw{FyM1tguq$!%Fd~7l-Q8wL1f}~i{ zYXXPGgZG#voo9#O;$D>ap z#Rcg+Lq|NzI78najZi{`?DVEo?ZAHx_?_PPA7Tgo>t4*JJNiHFr@Ur6Wkcrn9W`;FzhctwEb; z^L30wqYU0&mfnB3>EyE9xI>(!^PXw^BNmLZsczc0lW-#0bLChI97vi94E$#zc!n^V z(dmo`ZJ=tMLUSvOQhrmu>UBELo}m%g`sj!!q|@>3Q;Bx_{XZj~6NZdC07*VkH&~D! z8k+U&KEymBx`xaJ!3n~#;8G%NW10}3AlUF4bUM4eatKDNLs5i|G!KnAQ-Y@{5j)mf zfKooCF(lZKgPolzRkLE;i+NUFXK!5WwAnO6)x_=dP|KU{ke2nF6 z%&|z;Yp9?=vO_^Y$COkN2}E@aCl1i{Zf|%0Uo;g2AnKQ||3%NqJA6fuECfN9aUs&n zZFD)IEXkPCe@+F-^}qP$>JrjAUyjo&np|rA8;uEJZbg$sFJQg2!SAH$Td(GzOPiam zrx6}>suxp4Wi07K8bx1mfxiCRiPjuqo@In3Btaj>1yhA4muW$yLhnarPZLS1iJL07 z<1MRj;8d^Kx#0yL+$OL|CegXzC>P{fFN6d`Yl<%bYa88=5+G!5LSs`HQBeAZi>s95 zM50350Zn>;F?8X9%9xAWsQ%_C#WdTlM67NH**EnUtjMHDM?`I-V@xv6;7_9Bm%UEs zE6pEmhC1hnMJKm;$^{YV!|66+_?k|!g5e(KxkNdhl5I06f^eRftou^qgH_)}u}CiU zbe{UTg;o?E_c|SL7h4%22|?eblwE!QVx0x>5|&?Ptf2`Pnej9HGwMm55=JSV&eRRj{{^FtLPWF{Bm~R3W+jCrD4|jb zIxZAR&^YDsl?#Tqw*=M%tTysuVy_P($+m7oNEBm+QgTh8q7SH6o{NHhp~b>@?&0kP z0GsQHHPi`7AWAdwaFmJ|z(R05v+crQn^w5y|ZR| zt_d^80VJC9LeG@F_>`1!>}6%BW9$F1(^;Uil>T2;<^K-M7OgQAkOM(WkoBa` z&N$`coeXPvxdY=Vjo_F6TV#+&#*bRfqMXTxpZBgm%lZH7{nvZ-{BQfOUp<}wdXz`= zx+xdbWWKN*s}ls=)|Pk2(}^yBjRlB>flbl2%rS z!V3_A+--fLJF7Jvti$9P%pHKEo)v&M+6U+A9GxuEt2 zNB@AytN^$ET-K{?Vlb8a465TLRVd(P|1c76>cwM_Y^z5ZT*cW?Lg0|vi76)bLG6T_83jKRGKqUs%9 z10hvs_B}~qc_SM~%wi(wAKZ7$>r=pj+7B4zg8N2S&U!3qj3ctRA3Rc}p%==Kj?`|C}487h-uFHUT?3r8>O?|yA599 z>8~^Dg;a2d;kI9?x)vz}RaYP++^qVQ2x1s?v2mKHT_oF30$%s}Ymh|~3!9^i=I}Q` z9LukYU5iL`6Yd^&;TlL*ZYGdTPCFoNR(Cg=?hJ@4Z?}7`5VIb2QS5fK3ob`=!Eb5lB#V zJ>-na3coU;ggtGXSZWt5H?)`CyAVthCmSc4CNl0qI3W%eov8jG($cFrG=-4+h(4UZ zZ8}KL-y%M74f?Xpf#-QTcROy*qv}g{0~e_4)&W;h&THr@-M4FwPXdWA8em~QH(bC% ze@X28%?MK_&5GiUaX;2ThFHp*WXVu+U4V+d&Pesf-k zCbe&R+Pz(E3w*L?_bOFj@1VJ5aa2gfGx`tMx%ErU9sX;H?f00QZ~=8DR7iys%}CFL zQ*&tBV3xCV4nakTnt&-Aj)Z0yHcQLsD!&aL?34u1xeb#hdRFY2*o<)vp4Zmkvdt4M z0WIAi*Dc#V4(Jw zr=xxN2?yG3mO*?wK)cJ_v@Vhp5@%@k9~#>|^yS=>-M$_FQtQ0Z+=Irx;QIc@7=B<; zu8o1v3f&wMtPcFx2(T*c+Jkp0@a6^{=yQ)f_&_yV8v&s@w;3eZUft)OiJ7^8yLLk` zOeRVce5elfVnz^QNzN%#rJfMSM4F%@8;hg3AU%k#)Am99{CFBKlm6y6=dq5Q;90|DtLK*Ix*Uk)hG~^$mU|)M$42i zE0?NaYb-$uUy(9WY{w!H4tPQs0xQswd?4fP^n98fSnh;2G#uFk#$~c089t>R+afWPhRFfVpX|+MWmIw~T_R#4>|F&cp zD!#gunW8bVQJ4@834#CQ#s>ex#6#dEvqx);5{#3CB#%5@_V+PX8160#CdkhWRv7t@ z)!A@m;Bcdjfz@QM*|jFbMAy{_fZLHO(yF_2jm1t%$7KX!_a0+!VPUOJuaAefJjN+i z^M$ym6sY3kBS8|+5w4$nfCC|bjMP@P7L6b_yjZ{XlG#cDTbCO)A+>w}iou3Y<-kN} zJkw2>2-&h$uX7PHP6-MHwH(pYYXu^pOB}E=N5No>Rt~y-I5h`V!jmG9CB1N`i;6q} z8-GU7WfEZZ(jAYhq$Jn!4_{-NLR57I%LEHD=tO91%dNGoEo&mu>L`rG2tmezpbXCu z7x0f}#ba%Vd%P~dq+_&h>@OVKehC1KiBu7pOt?@U25Y8j3se-b3eI*Zjq;g!dWt&sNP>#I zIs>mZGy&GIuFuA+6_a5vKt7t0_{wfiS$IC=87_i-4V|jt z9;xY6j=7cvnoPkBqH^Zku*zReYpLJa(W<$$I$-WkzJXt8uix|@EyMP-zydQxNMZtt zkA@#YY=7-PyMSX?po(oHvKEFoLS7WGKg<4fOOEq`A{L;e-`jg-j(@a@GL9 zq*gpp#O#PTm0fXug~((=V%6)MGQ>rqOO%JU3r22pxPR7Be=M+^ZNo7)EfBRe274@A zPb!=w<030ktXqk38W)h{9K!);!E-_NPcufH+MKrPb2tTo*OZh;ad=C8V;Y=vbyHW zBk4AARS#WoG%3@U$1kj zHT37wC?ZaI zxHvre=HwWC`~K~RcPFF!u;)q2am|mfdD?oS&-F0UHdNfWgsUb9%cx=~UXe5C%)RuMQSr_cy|R7@Kc+WAi16= zaN1+=V(0;FBgw5dHRn=-NoZX|I2>cpq~d5yS%Pp$Z;DsI8h#6e&kJQBhvXBXAg{E? z;dbPTAbK9$)TXifd_(^7Ae*mgc)fiR*v}a9G(BaCh-;iS_Ya^5(q&MkP))gKNSYft z%v1%aewk}GDA|mtV6Q3x;!V}CSzH02ac%{|8>uI#;x#@$0+*sJw83h~sRefml z7S;Yri%Lsxb-`0&bh`QmxFwehT?*BT)s`0b$LB3$QrsMIFR@l0UWb$HkT%IUj7=Cw zTFReo$l<7bj}ma}Tha~SBtZba^x+ZCzBT9QJBQ(+bC(XFRG|{Pli~s|GM>=M+$a;S zUmu;(>wFAzx|C{138B?_%0uct4U0DQu+uNfv-l?D%DSP(1o51h1N_1EhtaWnop&xr zK-i<@&poS zUYeADM1qXFB6GQI1h!310P3BrgL#P>aLll@eOZ-IYn@@+wkZRKh6h@_?0jiqy{z2r zb!mLYhH>jz(KWP|P)+FLjmHxA+nTpqlC!f6?O5ZeozU(pvH!R!CcTO)=Yn!U)x05` zhxP+1zbxOntyTb@L6r0THq}yVfoQr11H>u!Eeb3cv}2+PkX%#H`wOOR0&q(X1(CAQ z`t76YNB6?E*6c<&y{`GU4xPe>Wbm=!%E>%e5uYo*LmSJX|y|?&w z!B2CKiMYR?Mx*T*l3xvZ@^MC3bvyrqH#5_D>udqGO#|gd_0a8b>-Evx>qm`N8yo*? zZS>ouT^g5Obfl>s6GhnZ(ymAUT6QGAZ&~q}+NO;=;j?ls3*moqM%LNB z)8+24eb;Sl-)T$eJlLbNe9h9D2{@s_E-!S5Wpks?HPW+{63(7$RZ82E#`K+=%1*Q? z=O%1+@R{epEXzaBQqD=twWe&Y@C&EGVyi5QTv-$pt`Vx;@T(|KI5vA8#`FKJXT?$# z@s&}4agZ_+WDz(WCzz(5axZT%RhK9wTDP)OXm~AWwFr!mVM-*qZp^b=S=NHcF|DcR zSW1%g&?Rt^%X-8@u$;zZhOa4yJ&l0vXkuw}4!$yD#2XKY?!AXDsk?prA*0a>Qk7e3 z^(7~eufIZL8gKWZv4y+(xxJ1(u8xJ{DuvAa%@r2q)JU3?yIFk zvj=x(gR^uC8>P%3f$2^gm4a*B3Dtz(u$~En;Su9te{OBviJ;(`&yuVbbl;?_5#*M2 zqS;z74d4(3*Swb0*A>0N=Q!53I*i{(KX@->FgkM~ZlHxlIZw8>YI;a877~u60sex{ zjD}&d_%$6V+!PL_9cD=8l%XOAd5B|^IT|n&0$!?;tKnXP^~VN#%+;)dbj*@Fjb%-0 zdW>;xk|mXk&9kC*3ax*x;;#O64Rklcm@1I0jLklSv+S6%k5tXxVyV6{Du>lLnz7mT zAUUS2+*;E0&^J|GrG*8SGNEoRnB1q}a*9=o65afzM*qWOcECp@6n&miF&J2kQAvBAvgJ#Tgvmc_tm*!}ZRp>v!@jCAR{?6xi1Tmw6<%7);u23A@_myjyh$8!kcHd4HuSjNp; zlf`2n!|sxrVTKYo!kNy)9Z_wey0WmfixL7Jr^Itkn|*jtJ#Ndzm9*z=YXN9A2q>#~ zE)QXUrfev~bIWOsx7FX9WT3f$vp=?t7|VN+$g&N>*DE&&{TenArVw^kjrJ=Su_=PW zGD}u5wHVYxbxKSSpHvOV+cs#U_Kr1(ZLwZHQQG}_y-^EAY@h&kY@*C@d}X$!(2bzV zJ0jfN92@teb%eXcNgJe@Q$Jm~o?_4gQY@xKs+RsS=wS&>>>+;JZosA-0H+fqNUgRu z8yjd8{U!Mm!cQFjRe z*u?sUG@{IKI}^-cz4*@SWPR_Uu2J8TbDn2ixjc!c!h(ww_yLz9y!jiFTvR0ilSHuXtAs^eWWHbLSP)6DbB z+F1?L&pCmhVqd7um56LhC^yXPg{{Pe-CTXy-N=9}?+Q3qq(RU9iZHNlblmTWhEfbLd+W$AC0Wwu$2k{|f^EtM^t?)iBI9VwMdh`?VaJk|z- zAd@21BH_n^D|3+=WqF}`pi69{?|$ksoRRLJYa$lA+o-FsysEs21!vtscWY-4ZJGb+ zx57~UV0XIhS@j z=ddv2vKFGZN@Ecb-1XvopLB9HVUcD2< zURf6n1;3p)r_aiW;4G7C4WR8VVei1x?M-;6L$8FM@q`Thx!Fk5Cr%vv{$&HKmQ?tb z9NbLm+3VIQ^b1dwYtm3FO;liBMi~L3nXS?iqE^STYaPK2Oy>O83md>kZndbPDxGhm zc*ZqhL#Z)QH-s>>-|zSP(f;0>*Kb}f^i@D1^HWP2C=EYLywynL3kTEBKi9uBr_0?C z<7Wi<5t+eMh|$cDc zVQyr3R8em|NM&qo0PMZ{b{jX6Fh2kO_!Jm==GfM%De7W-mUFVdRU{?RjxFV`rgL(=jT zQep9j{)79f5AL7j!HjW*73EA0ItayB;gnB%F;*%iJ<4}*p?E}@R5(os$dOAFi{y(8 zt9aI0DJDYE2_?w@3C!Xd5v|1%D)SW2BZf0FKyPi^twnVand6uQFvz)7Bx^0s8K z=z6z<^E~+3+wJu`36Zg&xq^2NA&5$ZQ9`8>bX+KspmECMD&&=@bEZ@-2Rl1cs%FKw7xQe#uXzs`jdg#nsK7TpQ@oHw#GEO@6x57aJlVlQ z-EeWWlVPcd(8&CO#7dUU>ehB*o^s*eMfzO??|Slj`u|JJsG|QMUno(K&J~&8aFNJC zCn}K@x$$+PaO|DPj9$Mb*EH6jsf;Da#7Xhrfu!~{TCYhKnX z77;e3jI3K47Bh=UlwpRaM66p+&ak+1r8^cc=(;5pkxF*1-F(CH>F-7&?(cR!H&gv5 zdOTvUaas`ht0(}=<^S&P!NGoA{_h>Uev@jOGvWP*!SAwvKlMLaL;JVO^VDvbd8 z`{BE{(S(Z(D=mX2G$p#gF^N+w2)f3C;&DnOQXGv5%CVFrL6j+u=DZL{kt|O!h^A@E z$2heLhf0b53t2g4;W;N$&GhF3)a`aUG{aLUkDDp}fk>mO)ZkrruKDXd$)YlpFYrO^$=9A zO_bI~Tqletjtb$})~m4;9Kz{hW?R0H(g_nnSi5L)p~i8|+89aAwt z|I;a#NVR+YB_Pk{M?1&O55e5jKX&YJM?@*grU3dF$5%yufyI>A2EsQ-f+U0~iqjE^ zg)4#6l;4~ONccFTDfyPCMMjPZ3@0%qV?nSYR!|&MdG!`+3?yefA<`7FFdbushgi)T zFW>SQr&P_|uwh6eK2e8E(Zk7vGXK$?B-Za!fxu9wuG=dAoM>xIqL(ne_)ed>`aYk5mjy^DQo0C|P zB()e!sMM$!>90jf+4Ma-;v(V9Oj%_P{*yD(J`dN>%OMbUMwmJ$F~25a?iP|R16-Bg zupv(XLdseA8A$95I4`E`BUQ7vSgLObPStE~(Qis-R}*=1s}6=(;EX73H-p;MOjQ-@z5zo>Fxid{i~?k&X)@%AJk@H?FkpFp5C-K(dLd8_BRM8O zSc#=PT2i;3ucMS;R^%h-;cLS5q?2T1S2Zl-T+nN*h*!K|NapVkB6VZ5FQkLny%}OD zZ<6Y}a&>nEakek|>6Z>d&(KGL3R&PZoomj=vy89=F|M@wD033i$=s1S^0g6Wi7t>5 zd`*zjx+&JWY0R07DK8{69nUz838=Darn@1cXB1hSN{%Sg3`7!%;+fWS;9sF65(Pt? zA;PYy;7re-L^o8;P)fCy3T=B(wvjC2neJXMdCh}+=yal0U6gQigIQ%HLA8RJ(JBCL z!u51gHigzx%5)K&{7^{vp6L!4iHVe0%(r3uf@B; zG@}aG@-u|uycnR}em^rmGm?R9-rf7lJ8B2`W1(&9HOqH8luZSZru;KBA~0?(3H855 zf+1T5W?Cd@Y6y^W)^S2EaZ;|+L1@Och`XhEkMd5?uAV~IIAw^7govP*i?<^^e;P5> z4owq>NYaELGMSKAAwDtf-Ox1E_KKQeGb5U5YFe}kg)b0u#(=FMtWeH{LI($0o~u-P z*rA`(2|z+6k|i>>fif~Zt%c=em z-?8mPT1wvTj8i^#?#YD5awllMmn8vgrxT6P##EK%9fZB=V5L@5NMuPx4p3KD>>5mI zew%5549sn;N1`+vuDaTvp&9~RPq7ibFqF1(HAHK<0R-VzU^$t_&#fmE3~+wKP(V~A zrVB~@+QLa?d*d35NbvQD)N=Y zt*mpSV2qH2B-?tV)UHOOWdbtnBGs!oU57<8g zFb18@Gjzn+giZ@V5JoxIj4&>=PKa{QLNw>q(0lK=-U zNz?FO);5wZJHFU^3lf-opW8+Et3KZU>%DV3XYVggMm=?_Hr2<9{onrntG$~4_u$pj z{_o>F;T|L7H^}bvlEf)evGIlcvD2{(=mt}zmhPp#__S(l=7CTla0;*|b_B)v}OTPmqSTBIdBE_7=~R%7MW zgm6I(ST8KAA5Uw-N6Qk|3A9IWq|k*7vcAx1^%b!@pv+w6K(cl`>~g}W#! zKZ8l%GXY0ux~1N?X7f>(bfOpitThD|qu2ZJC(TC1WI}IIH!2&`W}5!n0C;4TEZ>K= zIp*lc0;dp+f^eP#=)KNIVp@mtO823MA<>w`SZl+QXCw%wFaw@Yk|q*q(+x~&0{j>W+ztn%4SHJx7OV=a3<`?S)PBHYNMEn2{zp9QTVr3!Y zN<%-R@#_P^;+Os}6pYwVeS~(lI;D<}$0U``yF#R~T@+>s776-B8x*F9Cd+U|R;SsN zF$l(aUNe1-UGdXTem}Rd)O#8@ZNBv6YzNo_ln;sdmtUgtjSbpCKZ6TZYw6v8>7wo@ zn7k$ch6-H}l3?k? zlYrR>cadYQ8{jQ#e5ZS_21qJPj?rx{pc+RlN92a^sSs)FFqSQmrQokqF#sER2D1>! zz53)dMzyomaU;{~!yAzeW3g?K*g~Itp;mk}3`t*Tb&1L>RVdY1u*+uc?()Ay|Fasu z;3?TmIM6EnZ||UA)Bj%Y_Ya=*zsGpOkW?|oaZd|EF6ckNqUv4!#c;#j&J|^e-x)vW zDd}WH;RGu@@PUusp`vN0gRHR8JTyX0)xe3F9{L$E$`Zm9I?$_E6sd`k#5w(1@FEA# zCj2C~iZBU&Tmzcfvvy&Xx>Q_9#WVL3)-466YX_lgBF45@cdJ|J0e#o)eqU(~eb>!- zBD>qDORlxWs{iua|H^Dfw!Vb@ec9b!@L@+PtO}^fcw(Cn{C2)m{^W_=N%>U&Z9T8% zPY`hiCYI!!TCiep*=0DFFbFeF^j&wW`~B)sdR|nkJS9rEol>cq&EVYjRcR{0B;!mv za1~Z$Ql##8VEwNIbBt9yYj*GhADaOS&fxD=?HHeB>(nMxiUMM-$3-$FYXBwv4z?w~ zmUit1I(YHx7`=f(EySq}Az0Y9{qCCHMqNWz*zbuO+(_yPDVEek2dyzUyBXYD1%{=3 zTf6~{`_S^r#*#1j;?~A0U<3coLI8taf+c5y{=z?lk9H5g@^|oA+7OrSwhd5nk8KLV z6oaPC@3!?0e*_<#eripu)_1;my>p143u{(htc%i^bCFOMGX5rNK^s}!Rz{Sdv0S`L zEMqnJSi*Haw|xA)Kg;#MF=dHnb`MhnSNZ>69lWXOe{Wtt#eYA}bASEsOG6vW)Id!> z4^RVnO3ukdx9fPz5*RxOHC5Dh#Z(q!II*NvOjF0Y4i4j(7fdy)S-mU5l>+uWT4$kkm_3lwbh#z0pgZ`tr(12KX)Jb zU);!-b&8OKTR&P2cE=RWn|dHe?U)2Y=4edSAzO9WY3%&;lXpEqgi$PO=QMq%0dPMn;69B=})iS@_kS z`H2AB;6wM`_%jWzjXqo4V6R&Nt$yxigFx1f2CWTkyO3o|l-zEC2ec-w&3X;VSj@BM45kNi2tgk4d;ZRh*A_ zd_^j2*7RCy+nC(%G;kGoOpgh<4jRaGDRV$$XU3)4Nyzn1qfRb(ysVP`-mGO&h=T1jJ`0}XsXY+!B~7RxvHpS6M*BeqfJHr|bX*=?-auE8-S3F3BVx_2UGWkG z!mgWBGkkyi>Fn^`$!K_ZbP_ZT;lf`Do>iwFw!^K0-gs{yaWb^r?r81Q9<+LBZ^qBj z%Xtzs==wQ(e|!R?+e}wEiF=GE)KjUHC$s0R@jo-wdJ;O39V?NZ9T2MMvRaA z9nJ?0Hn^hhn!BAg2H7h`UL_ip@!287frwbQ$zb>2ypR>k^=y^dTI2~5S>c6G@Z z>y-i```qT~)AK7oZT_DY>GPmIR``Ejz3w;szx`KF{+~yATABHgla$MxyG>DfM;?4{ z0pS2@Bh&%1Mf?ETIa;P>(QJ*^0Ssuc@?GR*gPbWkV|`7dg9)7;oHUv zM@DN~(q!#~zH7wpx<-;uRD_wL5%v;yNoxyE@Vi#+mUhIii6|3vXw2uq`TQmAuS^0^ z?|c?4WfHj_XUyHo;88m(p>s85)~d2BKdte&(mQ$g$Or#`*HdKBQ& zF}TLc#0Sn{2j`HNG}e+Tp$=K87el&)$W4_!aJd@N#pxERd;`w$MmbN@i2B3-D>+6Z zO@nI`5;a6B$kec;ty)$G*MU=ILDp?~|bg*Xj2~Pkf=R#D5??jM|(4?RM_P2ccm*=mjv#x(|M()YK+Ol7`<}Jp` zU>_|%AOl8}Tc7)q4wh%n2DzPav)@grX=8dYzv-yfJWzh{)vna(WXr14nNcr)uqorK&R3zzw0HQ7{ih17{fgy}+}8%))D zJY!Y1ktX0qXc;EILR_>bDe)o>Vy`0?hoAFA8h3h>7iqc+12voE1%WQZnghhl%`EA_D~COx&61> zKiIFwf4@1{eX{=^-W3p`@f=uBNERz zpo+5TUy)1+$~nN-{_W|}$*04k zqxT=qE;ikBb9XDKQrilNCGAx+VOH0M1Nm{rihg$EW8_m@E3+s%9HI zasgoPRofcldS7#1HPi<`#k2w%%F* z?LG)ML2}aN=m`rh#nABl{kNy1)Awf^N74dV7vZT1@xxHnl0bMl%GxR{MIA7dgVi7VIkL6)VwfS$CBhnRGioEla(dmC~oaS2KTZE!2ln+Bo zko|W#YQlm`(K9+b9FD$ue{r#K6fJ;t5t^D1uZyZsLbRn@UW03&pA6rg9vyyKAUqp_ zsI{A)(T@dJWPPy|wzwc0^m_dCuHY}~>_H=FNm;#mRo)fywoV=d^@4ob>n)hOLcgf9 zRU`P_g+HNXA?TuDhtecA?*Fd|d|B@QE9fQ;0IkaZu=~26|L^sy{ipn2kMi8v|F^NA zKDfrD=3?>h?h(rOAU_~<{D`hUdxy&%kN)_ZUmosqD(Kq2l!9*jtWSm2x|gdCF#M(8 za)4o`RPJ9c@XEY>fA;k^@6XRZy*oTR{8}rV!&Yr`nfs^vTb6}U6xG6TYhhi#-U9X* zAwM?aOEuxlbAr0(=Hi!VDERHX>sqTO+_I<6ozQj}wL1;5Ut1Fs0huEn5CeSA0W`0Q z@!6Y#?=4}su2m>i8QQWiV!(DIg4mOPZkLD+7%78?eTfB;!v(!t&~Qun>bP63*m(*m z{>?ru`k%`~zp<+TSLlDcuXgMA|Ghfceaip!C{K+mxVg7?a+utRr6?)WZ~2>Yjoh&} zPAuCgwoO0c4snx-mN3*VV`#8PhX|GW5THBV1ksdR=BL1HO3)wQvp@lpW`(EQIX z*jo61&ZTm(#Xs=zuYUexZ};^<^Zdu&6aRmVC*RPOOIgIRxq4+xCR~sR-nvk~rWC35@z}veI9BwU921{{1bkMh)b ziod6;ZuuFhU9imRY|%9UfI*3{Q_s z5WK$|_@%bV2IySBJY;il{Jo{DxLxpdB2Dtc1$B!&PYGOtl$P1DTM7oLL!vSn2K-9+ z4ZFc2IUJtCZ<6I|eoO`YFqRSgnG5~{oUQWam6m9YtPpD?l3bNRJeT z+>m}V(Rj`ix5WWPD5<3wFC+1~O z>|D{2b%ETy-QSeUphf;WrO%#q@68{o3apU-{a5>q{r@-nPyXLWdG2geEXe)?BBIHQ z?r2*)mN{?s=Bkd|gvVDz7`ga^o z|6@G&&;JyX$!AFZ)S%J<`q_jP85R~KXR#Z>1Fwa`yP!L%uur3LK{LV& zH9*~cACxx{Jo^%I=)i^T=H(bma%wg(x{IRssw4Mlw45KT^lw+b4$$+(=nES8fsfx( z*kOL&^qYU~g>Ro0{;yJLO}`Dr0IjtD-Zbw2+k1-td7Ni;{7)IRQZHnQHA5SqKzyGIA{!4TDzu8*S+;@86)W>Mt^VD!Cpa(vcHfIss!z<0U`xV&%| zb+IMwIi@N&%FJGcQihlW}^9)SIKTUYS5;XV%B{WvS2T7Fs7;+B?*< z`$KoHXj66Hy`tG|yL&w|LfD(Sd*w5p+@scM^&Z!IASt+4wOQNl4}_u9y~E+D)gWY0 zl1|VJ%fFGi>+OZ&BPA%CqTWke?*FR+R4Jn6f6yLb$--autnH_5^e1vlrIMN&ZJQN{ zUXUMs5g1wp5*I&?y65h%qw`~luplU-Qc^bUp&_^;k!6`k%?OIQ5Jcu2c1?8^6wk0w z$Q*QYMfEo|qtblr!D3oDyx_+J*T3igy%|X}I%Qmt4Y3ygtla77NM?iB6ACWT$73L3DaFA$Z4>6a0sN zM%CD_|MQc><98>$EZKY?tNed^d-e6dw}0@o|Mw`*GvqF{LPuHvbvplswzf_)y}&V3 zTU&!R(dO$IiAEW`y)3=|aMQ_Uxp9X$OXoe)_(v=lWmDa>ZzthIvggXN7C4YJ6&U!> zMDPq@G^5iQ5!yi2I)&y|7^VECeAVl8o;^b&u=UXqPe`ZZ+ouxk_WOTEJSPkpcL0)n zqHeGtJv21y*?ow4LUaw83xX4bW5K0F*v2#=K0&bIHRyD9d*u*}R)?Yp9cdmKbEX7O zQzCY(w*aMlN@GZ{AqP7tdgxEJ%RywbRInL%Tny`X)k!Xc}LnVuS*IKKc&>4e1d zI3@P}*o-i>Ugxd}zpb_(fB}kN2*cS|qcA`XsTo#?+~!;oSyr>o7K9}_Cph^isM6}> z+TmeM>9T)M8NM&w9+jiTl5*>|BZ5SPzaDo2jV?fpe!gc>D=>Eg0 z?)ezY*_dOItk+OMfn)qb&{=aA{2td>?U;m4qlXv)vAXx~4 zF5^O^m)q!aLRpeArT?4?lIwr*&DABOb-o;@S2VfQ`ZpRA!rY1`iC(~ZX@lQM)3;vD zL67#5~IgOGtt~j0>g;O)k@dNQK^y%$_Ea zR1-HKDbR_lT4y>!BH;AwO$AbhSn5c0M<6TAtgY_+=RxaFruLJ z4Hs7_$B9IRwgZ~<{$l9D1C=osw^9AgQHp7{U5QxT4zh3RFIbUDk&cMkM#q?BoWY+& z#V>oE&R3d0+6;Bh5sOZ4^OOrB(1+7)#PBtpVgghc7a|^8~JnnTm;4Zc@LK1?$ODVhh{>3^A;3X`-%veJcE;8e1_-E9k{#hSC zCpga|y>v3NaUF1#|Lz;gDuT(o7P=! zyL)HN^js5Wjsr+E=Y^grd+{kL=Tzm@QgkDj)}f zmLTg%pPg~a$2%F;@^S~pQyRf9|F_5>kBlF+nngL24?pi+f0pzA*ZZ&c>iOUHU%z@f z|Me)3=5MWG27%WNML|;DSPugf|jMvt~};EC75*(k~4nuNfu)V-X}UK)3HoV5{hnV zOZz^8DmI>=KBgtnuCQb72PupS?)eMl?UyrFaWKkBOegcEAqy~~bKjXc!(_%SVLJp~ zSR}2i4uuyW0=e62yX#><;c0c~+9vJw?>@Q}Uq2WGY-aJt2&skVy z69b^t4e5KW!G@o5jiEQZsP~-LmF@f*NNSn#Pka5n{_fuH>jw;eeJWVoz$S((gBXK* z5k%EHyaqz5&g^@V!tzEoj+n(n&_B5EnAfL(1+^bA$_4k0uAKE)(#X|YGVY_%DRRZE z3%Ts1hu#u=P0%>S>t2+{2yy7t$bd|ky{UKuE&D-hG1^}XI+Z#PP3 zyLTJB!qZ=8)C;NL4#RD~Qgtm-2&%3?NVr+`D-pyn=wjnEQM*XCp#;3{_17SaCKfhF z8O`Buf;g666}uLZ=qB7f?!q;)0#Ro?Ar3^}@vlWV?VW9$gce+%+aRUAwMc0hhBil3 z%TTik@@ihKyB0~=YAaCW;fBJ$7WLG6**Mt*R|?lirQdtCmN06?!{%tD6#<(dj`mB1 z*CLRh>Uzi-l@)$vLJ51?II+|&R&Ho7yLTa&CQdd^G)-jOg>XU~EILvBL8PTub7%@7 z_Yr+Kf7^7Bp1(zW;u`d2n*-1DbnbTCoJZA{?glPU*R2DtqMX;zRl0B29G?UdUo^nN zd~Udah5nM*`I`}@OqvzN8{>Ygfef*fH_4Kr_0TNd+5u#C%b(+{-xG=rMU-8zu@PWZ+O-GoRN&1GJkaMJd+>p3wl)Gnb#60Au)Vs^Jrgr? z0e9_&V3cxy8!jha*rb;~_j)^ouM>ZBmaY1?zU9E-YXdl9bY_JST?8w(* z(=7}#V8iPU@ko$FYce?Xnne4MQCSiNMVm+fji4DAY&8cgC66ftLs=!lp~l{C{5U9p zK&tZ~ujj`ZO^J!zJtn|olMoe$x;*j~(0}kTf-1<=L8lT`>Q(Ua{B&ZpC96>&Dv`~_ zxQ&)6VOB0x!`4`W6uu&5q}Yx{ARO?bO1G}dYh^?eVZvJi#B7~j=ZtF=c7|2hhgR&k zwl#1v2NlOfM5Ck-=4>NG^iiIeUW2+fShkNM>7kFV85rwK%YVhu4W`tT5bN6ikqx z8LTk!AFH$B%D~}98w0D!UbAaWh>5PN5dgO%RissS=NgNhl#a^?#O^)D-onCKn_eFe zZ+VPUs^$xEQ7KTx$47!Bo+Dg8`2Yt(02!&RY%Ll=YZLm#S4l~(}a2P75GgL&RI0nT&+hkzg{X}w=VTlQ?v;?7V~fK(yunhMU~fLuy5 zs_cxC-n0i05XOt?%rH9$i-faeJj=17divml!cz%na_+;>2rDx9X|U`st?oKf=(-od z)O2f1AS}CV>0307_(UBtMGq%ha#okW)$q-x%Ug0yQlyI`T|TN*sImj2{n&7Gy$m^X zGC+$Z5GVTejNnww=4C9rWdJ}bc0Gr@6IlBrO9~qd`~I2;Z%R@&9TE`}rc8vZN0?pQ zNS8)oaa1ecRD=075#{zZoVfQ@G*FZgiDvu;WkozI4;5erOFh-Zu6dR}cW>!_hDBmd zIX;&t#yO6unpcpz*YDp)hjwNj*meCXX7?aP?iyHqM;XmTrR`ZA?gFSyHSDoQ9a^lSLJ+3Z!3+Nz5}MQNb+DLusR-!nrnc5JGD_ zf{+9id36R}ZD<0lVO^h%S1TsNUVwZwBk`5pp0b!fF&7|wFa=OpqPpU1B@Ek+^$*aC zv=UgV2KFF_u?LLy+Cv|$S>QASUB#93Gq9~caGQhOyGwDN6D*v7)iOFjuGVQc$1+?5 z`x-h`!#z^dsT^}H3pAO68${*IxnY&Rn$}Xkv!hjWX?4KdpL_$q&|bgkJz9qCX@Lc1 zijc$v6dw&ggxLPte|7=Ku0R#rMr17vafG}mV1JhV>6RSl1w|}CNx!%E${hcKWYKzl zfOlgy*VQDFGhU>L=G}rwBChqsxpQd-P?yT88E!e`iJ$H8C>%^Oxy4zoS4zLPi!y?l zM4XXG5vFFq&2;}(nKM>3NpqB83g@Vi2?s|~nG{ZQXTZYrw!%>GPiK@2+2TS*9g0kcb_q8SV% z!?$(oXQ$@IWWc==g0}SJJnw<}FNg$XeuD6rUlR|X=5FqAoSsJTxjZ*wD#N!R(li`C zuVr=3mq*fV;;J6H;Am2$sg`(o%BiYWu&6xUd9N8W9K&W>#dSz^D#ngq07kS`VYsHa zg1%noRBPzZrBOt*nr$%_=<+o@F@95ao5H3KRi#72Eiss{ZEf>7(9rJAUqFTA3a0=V z&^x$3^lUNTsw$Xiv?6pEN1|Y$dwKs=`+@#m=i}k|+3DHW19WH!xazHoXP8Y%vW;A> z6rYg8CERrW5&hBW#>RnCb?ey7@FXd_JbsVP-d~`jZw}ACK0z1XoQ}}w}&M# z^x_+IcyV!f^v%gJ`u6?X5ARM!_hHYIl;fHoU-Pu}M4#(nq;06UaS2yV5SCHJP`n~% z(3#nXZWE5rWl&I;d#*7*rP?l391XuUhgyf<9!cY{#G>?0>2;1-X^PZl*zoQOB;cnu zD?xHSPvEr2;Kk4b+D4LFZ)(n^1e4IZhHyB>ph?Bin6d=nlHL@rfHnLU2%i_qKn}?# zLP1_>kHhWA6+!eoxT#HJ_xXnW`y(R0%W2f4AZtuqQX z_^bNR<}IrIl@^tj-s*y<#OQSO4RA{?7rGRx6{{^R?vKw~#-zA8;$C8{JiHDk*&%I` zaTuF0khGLP+mORi`5q zletkQT)#d#qu2Qu=5#65juJwv^OT3weHs>R>S3o}lxOix$dz?NjS1p8F$egA?GK}4 z_d4%fj)1U7YsYI;X=$`=c5P-vR*S*rAIY(Bx}PK&jd{we%HN=~g)XnieD@0wlDmU5 zKC);3|B9~2d~a~ZPi{$EC~~Qb4la!V3$SJXBodKpBIatQhv5dVIaHRbxo*n{W;0+e z(B%mv(7ZG$|A+(`cSYuM+X!r%oB-52SqJkHHQ<w?56R$T!8h&fBBj5%W@2CMe}{-3HZ-un2#dq9v@Ow3-4?cjxc30$g>#$N+@q%6bC zJbQ2P?Sh}?9uskYKaED)F(khl^5o-;u;nwS;xz~>x ztu{9P*V^c}NxL*Iz3Q0r#OS$HS}OxY1P(LLyf70Uq!p7kt(YWg8zqodOxmXuFiTQxlNy+{`m8|)F>dsh46e5CRQ9!-J5Tq-br1cW7uCRp46`CM>OAC%d+~JQWnBWT&{cU|PA)wa!NjMY(SgLUPAu}!O?RWvL*&};S%`A-k z#?gCr#6`lHiKD0(k5&gS%cA!TxzflNuX0gW%a6la_2BV5%-rO0;fer_k_P&T0`DA;XkNa^09`x3a7S zkz-m@&#{yw>7h&DB$xGwgu@OM<0;jfBB)+clTYLWuyt`I{6J7^5oc}qDhsS zINVoDhh`7%%m!!a7B)(mK?2jAHYx?zxD%=gzhONS2E!x9!T#LZx)VXcHJ>F}E$F^U zS0l(R>qN7)U>d+73a)uAsjn+~gU@lSZFLyGkACo8$Y6BlLfk+Li*lZ9ZPoOUU@RmY zNdx=^of!?oWbtb{Qn)D`N;}Mu%qc@f4)PGkCUZ1kCl)~8gfUehSs9ys24~qZWgn@Uy~R>}V^j{S zaWrGI?Ll%(S-G{O>!EL|x=ITREM-F7Trjy$!Q~XI6eYU(OUE5cCTCA|!QVcCwF%ah zsvZ?(HnE%)uzqCt))wPxYinJYTsYl50o$1FwN_A8b~TYFx9VVs1y@Vo5fJW+uJp1^C87#t zbUFiHAtN!75*z19xPf3+AWoqve?j!8SQZ(Y5UdJ8z|m_?#%KsHqxa~)UmuLA+WzlK z`O616veq!n?2B;J10Yd?OSt!4`ZVX~JM>NZEtehDV7eZ(jTL;aU=Vm`dgD=g|BCF7U zmenBKwB#vaRDz285mVK+$5u{IP#EdbciC-Qw7CX$T$K&MVGXRbhAtshu#e{u#BHQ_ zJF$$LwTHNy-gaD+3RhdZL$LUmk8gHw=H_1SA180A18!?vmB9Ubqgs)d_5c)N2B1|FdtQzfC zE@D#zg=LnkVrns{hw7A=AU>%Ykhg8nM(rJI5ZhwCe4@1b^?IWgir7E_?ASz^Z8j`%GOjx);{vG92Q*UJ1ehg5o=8Z@F)Y%wY50zeM7M>({4|L^bn(R=nX23hjNnFP ztryj|hMkXCE9~}2K|La9+r{2NDunIedK%-52ga-UT(iS6X@GG82SIhs?w#{_qjm$G zXl*^p1(Af6P7R#i;JIw`ag-C>th!R!w>PF(olI-|$ClgM&~REm$YgYW>zHsA&4PDT zQKRk>0l;I>6sQc)U2N);epJW1Xl#PS zDW;j{m$kDRrk`^HLB+mMn=297mQZe(*$Z2V3%j}cvb&K1S>6?Ju1JHRdoU}aYdY>$ zX37;~F-oFhN>JIv^^#0-_Za%?Jy zbX1qDld97p zuGQlMNY7zm#$_!;yL(IX9_8H@DVw$qTQ>oO6HJ182d^5;w9K>8+Tb^?atN?Ac!PZP z^SpW|h`q8d8VY_pZ%&_;5y4p|*BU_EUBcdhr`wzGPKRCzJ>v-(`g609rcazW`2EWU zSS_jWEjhTE)U(&EQRo+*D%Yf;R+^~5yo@peL^E5ZB}A=`W7j%@8<@=buNO9ekKAfe zLsdH8M)8bm!iG{~qHYLbXusd@_oMy2H?QBkT&W2*XC8)Lf3LxzkfBoV$!`3}{80mLpfo>p+W` k%X{!}m0a<2-wE{eJUvg(|BmPX1pom5|5QFrJODZY0C$M_$^ZZW diff --git a/released/assets/longhorn/longhorn-crd-1.0.200.tgz b/released/assets/longhorn/longhorn-crd-1.0.200.tgz deleted file mode 100644 index 513ac7cab15e4077717e908edf4dfeae675a53c3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 923 zcmV;M17!RkiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PL7eZ{s!)hJDtr7;G=?!TN~py3lQr1ZdE14lb~lq6b=Um^i?>-fl-Mz@v?3&^GzW@Dl zS^fIHKm7HV%k?Z+tQU)wAKWd1nI9}xYkvm*Rqx_N6vV>L{ENMYi~Em+(AuzIX*7in zKqOcwlem#!R_IFOMQB;RNQ^_ULPsguqr*}e$EZX2z_!2-M~7&UA>|^%5IX8;PmI~o z;T9DN!g)EZHzTsKBXao}ElHz8*ac3E6j_;b)qc{%LMZ}H5$-n+1TV&R(_QC?9Pe`s zLFBoTQS~UCU8^3rzI*5U&aGe5KNfHDpE1joU?eZHF`FayhLXi7l$C zoIsgX?rX6{tC5k~GH^)1YEX(Qb1C(r^83?E&MNy($Yer`1mpR3AHt8QvJ=B(Sq^kG zbQ}-d9STb4+TBQPW9#v=anS zlK7`y=g*S3x{#~F3e~w)eUuu@&j&StIjFQ2BB_%?3ER$a04OqLjeBlOaO?o|R$RYg z04lb&dAE%&vEYJ2_~TD!KA$@iE?=V=Uj*w{$&oE;L%-GIg zg61aB{DRC-(xSauFHvnSSs!v7ah8vZqOeDkIiY)ss-?FsQ<9$nY<;3QtHb1w6kw>>M zvT>Vex(Q9sCO%-KO?(kQjaVO?vTH<4<#PrVJs?Hbx)UNdLFB2C`&4&yw6r$Oz)Qdx zTl5(kTpi&wypc0x$!vhuVD6PDyY+wn+3@^l^Z4=M)1#Zk*Y)_)`R`pYI{yuV)pY*z z9`ViFqtK7AsSkOfsyM)@;F|t7N2"BI{Y+D`uM+mtz{(DM?>X|Z)9lX=Z~u@~cR xUdfTi7SYQDFDc zVQyr3R8em|NM&qo0PL90Z=*U8$8+Yd81u^ zUpAkwCf@aG!Iq2p^_)$ZcfDlZ1lU>c;(%pjxtXw&wfdX;ON=X}Ew@4|@*RMHTP}6v z2HaYSuF$gpjTJ8fLmv!RL5ybav{-~8Dj%+_$?$6L6vY#yln3ZTLmlnNVzPI-L5ZAj znlJ0D2u$ekR6L_0p_LC?&k2zNBT`$89~42$OKdBMhgToe%$`Ob$#Fc{xx)UvW5b z+ZL2YwYiZ}%=mDxBB9U$D0hLykld!c2<=dcLB99M=qznz^GoHj>dBN3v2&IhxO@ngH5T8Lh8I(gPXVS4*(Ij(4v?t@k1%6;%$P=Cgytg9 zd_!x6iW+FB9G?PB8?p;cS)fV($?~RB9tl z7oq7%hb=}*hbQq<1?z&7y9UG*I!91ZJyKK|cSPhOh&)u`9!p0S`Dc zVQyr3R8em|NM&qo0PL90Z=*U8$8+Yd81*$`#+-r92T>3TrHhY)<7L!zRi!=*NNM|bqALRdPv6}btf3Xd^6yV4Ig9K&5GLV@M;J~wJ0Jc*nH-oV@^YYpzT$A= zwk;@)YI7r{nDOC3MM9wiQ0@YYA-PR?5!#^?gM9Ci(OKHc=9kK4)srb7XcG`X3bOxp zoc{^3#f4O6hRa5+@KLOdeQu)xOhLwFAQCFdBscX62Y>>d*SP1p1cwelXUF9$2B2(X zs&`w(CChC_K79Y-Os7+4#N|`Ctg-l}G`yH{d1>!NX4hAc+oOT+Aq(x7@opJ6R?X! z=^PMIsT~1g+XG@-M<0vG1rI8Z36J`x6_NW+KeE)Jhv$~!%7Md6DSqq(BlaF)M5Q*; zbP<}Kb=YF0ba)a!Rj@8Nxobd7p>qTk)gwifaYsZhg2-bP?x}P%wA3=y#8bc-N^}|O zT^-=mzmX$kiKK^CZ|#{VyYzqmNx%QIez?7VdT^8Qyc!?%e?5=&`@i1xV(kBXh5hxu z6?zNnvdIfY#Q__0ThjlorJ50ju-SFms+Zo!Xrqlb+GwA%p8)^>|No?hZA}0k003<| BpyL1l diff --git a/released/assets/longhorn/longhorn-crd-1.1.000.tgz b/released/assets/longhorn/longhorn-crd-1.1.000.tgz deleted file mode 100644 index dcc014030f1dc9a82d07718f54f11c67bd2940b1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1630 zcmV-k2BG;MiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI^$Z`(K%&e^|$=zGY!2P<-#)(hXVNr4Tv4GO2orRaf{CKelt z6gZSqcd`F{K~mqcYO8i*1S?()QRFlo*kyK(FsPOD6qDp&f8uODw7T@>% zw-*=o*Z2MAuYYkdJ(;|oPW|cmWP0JB_>6s1Q<9 z&7{EDh>(D4%H`4vsMZ`jCeH#;nmsTGXGBpEM4&b{i&z+fn2}dnrSNKF6G3CZga$Ap z#j3+KYKS*BSHOWHj7_&nk3fYZny`CN$fTH&)npU`28t!xKHmt`lyf9H0&+FKM)Dw4 z(cK$u5U1A(%m_^q&H`(S(JGfd@g|<{`=et|(=RJE|JM*FoNBQUV<=PsBD!N zf-?|5GCk09S0$OZ?KpT=2Q-Vku24*uKQjT$^y@bPB~%W6*?^Sd3a5!>sxC5=-+`3_)d)_BFlp?Fa zA**c#ha9joIA9|<*Suv_NFBWFC|-7N=DOS= zuk7PKK2`{0qmdgROGeL-O@fy(=VS--TTuob=}zaUbDcyZ=VE{ z2x2bxAnC4yGMQ(VR`E5VTGJq6Vo9{zmWAE6Q{f>%9N`Ex&xWh#s5YzK|1h;ow3{cY z_D#pJssrzg9Kaf(qta`LA1@|;+_g_t39D=ZcZncQrf`yYhaPRTBcMddM@5qHWB4mN#f~N>{ z1j-VE&F&ZyRT1>#Ox8knX0ex?%cm^OF75=2#SOZ>4HOe2EzUpho4x0 z*gu!#gXti4x3bc=G%sqlZO7Y}VV~AXA9T~E3!MBv zOE;y;sqnWBde%AWK@KTeikJYG3SnYJpG&%dVxRYdD59#xuV^X{K&}npwfmyVtM;W) z6~B{HvB{~`ZUdpdTtc<;xRp)YhZKA9R}IwO@;?a($)YDc zVQyr3R8em|NM&qo0PI^&Z`-&M&)J`X=sV=SgB3Y(`WC)rlL8xT8x&5FOVI-@O)NGP zDR3yK?qa|Df~5Y-s;%0M5v+JgM3M6w4mrOWk`|X@8A&C^feO#ABdWBwrZGP`Wbu99 ze>B(ej{+V8$UtFB{lZ(r@7bnC&s1_Y1MNQR-zc*HMaId6LA*807 zNrAHwApzBt%cU1ktvPs1o&}&Zdt?yKh@v8hKy7Rmu`mQNBX6`y;myV-g2sRe4PZu! zRflWT5N~X*fCEJsn{JgJfeJ@7VGp2?Niid<$tVO26ic*yz7?n`=SXw}J<_u8!o^2EXk3Ede0uy>FerX-ALrhEsT|zis ztY_p8;BiMYW|%+(O~iJ?Rmmj!ccrv3;gJ)AOe|AQRo;F?2nN!S z+g;AR;fRoIytex|8_sI708J-O45*didqd@}LQ6%LP^}3fh^fOTL?$4vKHffD+}ElJ zam*?gUm?&%Wujzaf=aHxE4l5;@@-sB(>PIJ)f%VbNyuk0eq_Kytf-WU(Nw3nmmo|R zDqH1+piC_J>uD-_e^&rAR_{rXKn36+CiHK4l=s zT2)rc%dvEZ+Lxwp7(VsD3>iN4!!$j9d1%;X@)wB>JI?zM9F80u?m=rew{95dp7#k3 zrO0Y<$ZA``AqVUX4%i3|ScpGvaOg?PyK(LVs;wv*GGFs?DnRKTItX z?dFN9ebaHQ>cBfA2e3xysPr1*$E%4S_w7?v!YZ4A)(Qd;tWXW2a#5p`( z%T(wZpfN_dgRUXorSZaTkh5fnPz5AKOOLw_T2(=FO@2=q4{w^buCQfm7&qe7Ny-7Obp(Kn2V5KGP0>^QL)A8e5nBE^sNYumV@QMaWBK7L6)ZXcez z;p8w`!+ltK)A@W!*p0U>?rtj5N#iVT@OY!=K z+V8*T@2+k>yz}Dluo&CE|Cmht=Jy{H|9trU_e+%j)IWu|B6IhV2eC2R@d9goQjwzN ggvw_X#~#N}hBB0)45eTBCjbEd|1_)c>i{|c05_W$cK`qY diff --git a/released/assets/longhorn/longhorn-crd-1.1.001-rc01.tgz b/released/assets/longhorn/longhorn-crd-1.1.001-rc01.tgz deleted file mode 100755 index 5872403aa796db64ee4ae095606108e09ec6634f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1634 zcmV-o2A%mIiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI^$Z`(K%&e^|$=zGY!2P<+Dw+r90Nr4Tv4GO2orRaf{CKelt z6gZSqcd`F{K~mqcYO8i*1S=vyAc~x4IOIGtBrPt*GLlM+0~MZKMO0~TO=Es?$m09H z|K{St{`Y;q`QN{oUYtxWeDn9_eBz(@lk@5H%?a@jszpahQB!r|?~T?EDS-+$SbW)pu!PN*gYs@Qq0I|G713$#S(3wZv<+}IT9TKxtd=id625; z?u|Bx)9VCggeD1Rfi=Zwl}n#^6VLZ2V-@(5(Xr?1SCpFnYlst0HQ-sGLOd7|{Mi3r zPhY=&+wlMC#q@me|K})GSE31nZyJPoLhtc+G;X+>j2@W?XXGkHE#o<$OjQ8a@W2GK z&Ju&BA=T9I2d4|*mPv?lDDN>{fD)hqa|S4V&o+vH#~wy!feAeozqF3mAtt7RE+HH* z)-&=a@VKKHGfW_YCStqcs^pRawNS)?sTp}EmQ28i5H||2kLVT5!sG}O2+Y`*N~TE( zYhJl-nPr?o3xR}ihWf8c<$H$OzDRhgC@;`#9Y#{=+fv$?@W_clCYC9uDsMj`1OsWv z?KbD$a70KpUfX?~4QDl3fTj~C2Gq*%y`gefp{1frsMZ7##MI#vA`=joA8+o@?`qYA zIA)cLuMp^>GEp)yK_%DUmE3k^`8F=6X`CpqYK>FzDCCnEKQQ1SR#eKwXsT1(OAw|D zm96qZP$riA{f}EiVQAMrS#thr;(TSDWP)kTN(Dj7BU2)BdRN)gdve)19Sp`XFA+m z*C1~)hx_1MrU!cNswDHa9S6_qfM$``6^iNdXC{D|e*Gq(gv!A$8_;377%Eb7^7H}) zHuw0%Vn9vfWHcU+M*}_YO3!n!>080i%02Hx(51*KLua)uip~K$Ia)P1S{334l78VN zttu}J&-(<2 zQe-taWVNl}kOOuG2W$ifEW{r-IP|3D-8lE2^0bfdtxWse=dfbNT^R^{s06nn9iY|Z5&MJ)ia z2c#-G?TD-DD8*2N2*Q-x<+by0^FAby!r602C5ra=`LvL7`sMSfdw=?+t{eN_YZln| z?UP^Lq7)n?WEAEuUx zcJoBlzUeqtb>N+m16U(;RC*2ZW@CwQXF{sN2#5A3rA_w-3+V zaB`Te;XW+A>3qHU2i>&k z0w@2^(oLyyD*Ua3o^_6TkVA@=A|}A4LYP?5=aO!q*yp_YqYflDYfHgV>nuc!9M(sYuas gLgllHV~=AfLmA3YhSIP68vp?R{}l&vLI64d0IMJ%wEzGB diff --git a/released/assets/rancher-backup/rancher-backup-1.0.200.tgz b/released/assets/rancher-backup/rancher-backup-1.0.200.tgz deleted file mode 100644 index 3b986d5ea7730e649e699b762352d02f4fc97daf..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 4657 zcmV-163*=(iwFQ&Fx_7O1MNI(bK5wQ`}OoIP_*~f-ZQC}El=rguS#)zS=Z#@vOGy$ z&CWUy1xY+pBtwvPG;#j>b>l&TFUgJ_=XOu1#Nq?!7l1~0qrsR4?t;bkgu2&h)c(Ww zD4kB{_~?j;-@!oqc6x{MR~6Fj9}kXuz2n29W76p!9d?iYK#sl(HKmgBgvLP1Gz+ImoJHd_Nn@sa)hgOs?~|0fF?C(ep4{U^i$@)#T*HuitFH#jWy|8f5i`oHsp zG&Gj~=lxHEAWUfDg#jP72ytmb{c!HUZ{jn@3)>+d65k8b&$Vx9nuN9&fN*?&NQ#5W zcH`+^mNan}wM|_XC*I6s)2v->wSX=ekEqLrL_V}*#=|sr8Mpb0Cu~{UEQ-S$Zwhth zH!&d4P4XH}_KYR%n{F+TnE8xyW+M${?rIxwH;ka>k_L3nmMlnWYo(s;hRY}nph5*K zjlB0P=FlNS0%XxBGH#uY(`x}&ZtO*gcy_M%By{5WUa}%dNDvZ9BSM2Ia-M`SBgul1 z3yFyUOy6@wr;|8^VIRzaPPn1Liu{~TSRAkfK)OCm4(JxoMNEq%iTJSHc2PxeN0BWC z0S6iKHZU3Tw(5I@*Woww)-_w*hVc{zm~GFDK~Q)fASN*o*X|DZqUq5kh59ryZ2P@&Tu9Ctcf{r?69=?pTMf{XUa>*X#uTphfru#N z9$c=-ER2b_jC`SbB?(iOP|xRp$i~uY?dS_g>@6&R3VXKUs6QkL9__W59K6u$VnQUvpS(!jYk;(O!9JxP01#Si+&>^- znBz$I~b(YU5(6x336kPr&^4wO9?(-iM+LD_=zj8=QPt19?dFpWYlK)|Q^ z5~)+X=)tEJj#xCWwmumt62S3efg4VNYj}np!CGhqx^l3f-Ih?q)U);#0RKxx6Si(rm1 z5H7BYWGri)_+Tv)RM0rgrM^Za?@tb3^ph!!05|bhS$jlu{$5Q9IrOUp!4z7CX^;T% zG$9|`H#Bbh-bCpl{*kEe&6H6TP8-F*O+rzK=DnJl*h$kBZ~-#)fm+c+s9eP4tE2IN z+%7zK0fP+|q6tGNa$F-iY^7+;JJzJ>M!-9S@(j+z25~SoO7V4ffVsX&7CUz zy^*wPP|@CkE&^8@sdBFD1M157EF_fZ3Gf z=CHD(U{xFWJcQ-{QAD(pn6dVfq8;33pDEg{K$KF-#=^qID-0@lGlqtgR*^_#X4s-| zeu?HWono7k!I_E|W&3J_J-M#wJ?%q5RNxh?V1ufl!7|-QQ$xc|3<=79w8!;-tCakI zkW%EslEj~KC*a}n|Kr1Me;faQj#BD>=~+GT2Ec~+Pw#lpDaC)_NpBnfd5$7HPmKKM z&g^iLFAKH7Rn6kjpyf0Fn)iuxNeZ?YYHFq0XP%GYA7S@S$z&xKvL-ydkCZ99d?@Wz zcmVineN%4+OL}rZ_##ZfpPb0RRIt`x9eo%V999Ybvgm;x5EvbQN)Wo?uwrb#hKwPY ze+{qHK8AQN9YS@JyK(A)v;x$PcAHAKCnNQs*8kDs!rlQ(MaJ*z?KNOEw&y9hSnbS6 zPHbs&^ELuFo0;Y_`WvcK4sxGDSoWqvBOFWVn4D9%D!U~u1LTlYJ6d)Hpaw_F3lNv- znn+>&hxzC~vlgPGLSorgT_elV-pJJBh?3V@@)@)=P!y0o!|&Tie@!6@Qr}01y@HJJ zh`Asy35&?_=`O;MYfnjgkr`$dJA~}bqaNC!Fg%e1FpVjgHesOQy!!d{K#bjgCGR2@ zj1v&)zC+||X&v9oK$qm!b^DHsJlI_U68@N+4N9kFvV3}$p*s8eMd1}B=mOy zc&!+3z_^j=;bO2GqevLr_I^i7&)@TZUn|myAI{soPWPvF=eXVNwRKCoDpgzfjdtF? zjgke|b4YrxyjH6<_rnSG)lMwfuy_SEg!!s;EC!Hxf@&JMF@4M-xJ#{;;Rg=EZ)>%* zJ0)J1^?#%NH)W9@t}u}PXlr1@`hVB~p5WZ}nmSJe+T*w`M zCy(!nT0WgHpUcT7BvcPwRzui#1QZ;u_v8>Epw`FMI!YrUiCl=+2I#fGb=%i9NCuKj zJzEucLoQhS0;X@q^^?SfrIaip3#bqGny1S)SZiia>_ss~hj*PzMWurgUttMYP}i1$ zc%fXZeSwiLXzyqMpmK}`_~^#HKYXaX7P9Ujan0fz&t)UmMN{SNh7nb*osBI)uHMth zBxL7<)RE~`!Z0vclr}h4&>c!Fsq(Lsb#N6cr7v+IC^a)H`&3`Q4lA#5W2ubq9A?IO z=zA`#3nTxQu6XvI1vh#3YVuG1I=Z;LdOLb^IzAtroM!Kd+>Kj1oeCpxR;Or;Y8v6o z)BhU%^7`^>+`oD;I{EpR^Q-aYyNl7Q)2r9-PDYn!@7~tZ(9~`H+zc;tn5Ii7+uTNiA$+ZliwgPHp)uhev28S6p`y;cc0YKTNwhSba zpyA1>RsKCy`)45*M7S?0%n08y;>LB@m{U)I&lRGZra z-ztzFZLDm|lb1&Ozqmp_3dg4SU#~wX+yC9p@z(x-j?%m&+a-HEGsWdX`XDpBcJ+N8 zQ#@H=M((?aeo9#jOepX^UMi|9Iud*pfl~{mHp(b!)Cc~MjfOU4eMk^m#ybDQ`hYvk zGPWV2ryG+^4xoZFvTh{#W&jy^t5m4%@%k(qQKcaOjj)?q)uK^1&~9sRJX2|0|FsAG z1UNRH|LK(Df8EYtyZ`qrr6&GY=jk>Y1Lt-A;e%|0vS;|b5jvS3`UW$qBruy?z$o|- zdkK375)jLqN+VHjS;cHHx5kv)6wAc2%#%~fTC$|F&pxGL!gK%>HEdx|B!9lgK8fv- z!ux%Rscv&i22?S%uc3;dp_t`Ype0kog-fK+$iow`&Ak z1UByfR_wpS-qBz?|DU6n^S|blbiM(5ph!?XOj{xT=t(&gg zvOpyKg3a0I2%i2u(-nNzQU;ZTh1w#orV@Sc{vN@97ygS>Cittax;Hg4 z5UNSZXj?;vK(Je(M`*2rIIxI);nU9%P|J&Zt2Ulu0tDf0z+!W6M`vBZySHI-7MSnU z={WMMg~`&^Zx3M8T=E~y?){L;@W+xy6?|rgDU5Pgv<7$#`pdy{Vqxt4E>GcH|HS10 zu0|z*ckskEbspw_P6Iho~P`n(B3>Ddp--` zPZ;9v()xv-SSM1gW{ zBC*r~dlAWp#2 zn31K&F=^c)=OSK{eNCkLy$*5wQXZ9^uo-?BM%9&P9rQU`M+}&a{FygDdY1h2mPY-5 z1|FaaFW%6{>nw(?X*aA{}UedeNy0i9xO4dvy zYR`!EN8Yx+2>{co7;mhc9<3hCYq)9ux%C0e`0zIS&XhcyhM#uQNfhEc2O|GM(6aPpq6q|9w!p7 z<2~l*7twmx`NE>DI0HDFf#)WoKVyX-9~)tz(@!aexC)|?vN_Rb^t3GSki?2$eepd; zJb59!1*i3a;bIiHqJBaKeWAfQuBCEJIZkIY@3Yu7E$%cHBp{b6K{M`u>+d5` zF27EqXqB}@n``em@F)INSuW{tcGLE9>Drh07%XlKUc? z=+wI>NGJvg9lnsCH(R&0qnLA4iq5@{k{HTEGCj(^X(`YAL{2fgJNw{ceq_REQopfW zg(8C^Q+u*1?l-B;ty&>wDdYDOW0_aGmXHUYQK|wER#Z^8Z-({j4B1={6pvOHI4;bE z@=0kG3nnTUtiG_bSs>NjKYQ(PDKTH7uMtlnpY$Hn&EkFQDJGc|79MUE!jhi>QlE)c zpG1_$T}hBGC-{NG4HC<;U+S2^l9^U-Ns=>$XA;?u&lxeMPtV*w|~1)CuY61WC+rZCeDA~?gl`DFUgJ_XLnDinXyO${X(PB-FQsw1nw1&t+C@?r%~sp z?@_wl?*8sBqrZE5^tapJk$+WTy}|z8e!suJv%Al_z1^MO?oVv@yHHaqsYsj{NSTB| z;BjZ-%tdWIs5YH0fus1y{{EAcxY+-PS5BPR3uo>>Ar6qo-p)>A|Mvzvd!_#0hgUzb z?i13`SpJ{)zY_#u;v`-eh=Uemu9G-^IJ4nz;&a;zJE1sWz89pQYri^a5?WpW!twnB zR#Ya-jVFJeJBfQ$+tlT8;!Qn1$=cOcn|LDforM)RbAG_iWKH&xFo@a~SW`rf3)SUI zE9N3hW0wm{EJVWRwaub9yzwSbXLb_5%z&erlp2q^Z@PGkXP81oBcGvE=fGaolqJ-X^Dn6Mr z_Ixi{uq0#%iKP*9f(de-gfVBy70<*CFn!M@HDPfI10|RNo$%lU3-(Jo=5fFi0O|TL zoS-8;7cpHWNhA(B9T$y?uoc;)HUeZQI>2NoI!ap_6E00owoF?p`0v z{{ZbjJgn{ibCiveNo}>xuRIvYIAj?QoUvcD6s{BDxMNaZ1PiB)hQc%^(>R=CMUl0% znSsc40ygF>6?}q7=H4uJk{l|v2IE&_YOuP)Cf;<)V=#_2HSAXFFJa8)NCp^>FrG{D z;Ge7T7TW__Vq(f2df4E>G67^NiTq5gX=7+B1XToPE37a|a zJ{GF~bKv6z`;_u{fka?SgM#7d2@^a9L%z*mD!(QaNF~iL`~ z6V44(@lfj24CbV%H-iqIC>>-dDu7HRqfXdWVJXct+5%3g(|QO1_|bsoX8;1@g@xn) z<8C5r2_{naiaEg2hY{2x%HDXv$-8a(35_G1tw30yy*Htsg7adtqcldTOnBsn3v>&% z*&Ww zLcaAt${-Wpn|p~ANGgz8XPF?RY(X0$5DNCJBI!2Z@foMli#>{V1Hflpyv?rg1E`r7 zB=E123J)gm+CwGc$t~xB!XeXws12Gd3cgZa^ z6_ro1!$F~xs?N1eDMdn^BUJ|wk}m;%iHT1ukQ6M9CLmE8JZWgzM`HvW=WTK1!LZJU z|8-W4JY=*&i6gE>2PSS15e_^{4Zx0~!J2?miRQ>sh90Ce)a0X<;4o*Km-6G~mLw50 z!wZ0zTj&I&GjXmnz2C;S=qKv&V8{bC`xXHh5>SSAQ!1h3Z`s<5*Mkh91Gf{f%Pxa{ z6JTs6sV_y8efRJm;Oxfn1+sIdrWoW$Pd5fb>T{JNFH`Gm4hUB|ze#BSYdMo8|L^R0 zc=YD@34K2-EBwE`!Ct@Q|LyJV57z$QbCjk2U-UGgVsoGf-Vxb;_Avph-{ju_5m6{S z__+X&DrVk1@+pv(BuqHW8fYk57M50PV`GE8;%HH$kez@(*t)#DY+Z4GPLRO-OtNrN zN}(}~HCm++*jG-VOhhNr-(!?k%MmFzuqIzpMBS;WUv#$$_igs=qbyACeBQf zT84)o=*vyl?%7={c6-!J3~cEjOyH}QHb-aD@U@zpIGY`&F@;7dE23Q=QSe43MN^nl zxyA{~1Ws1sIsS;l@8m7IG6ut=x0mrtqew9=f8UeyGVqwsQ1*9Vcj$)(Ghi=M_ZlE=p7BqqhXDp!vC&|g z1tDp=C*M#nZI!`}sc}uuD5$0CAR!d+9TCkf z8a5ieM%4$OUd>8(hMH%wm&=VYW(+cio#x@$dkW7mm|GS$Q6PY77r_|gUP7}X8_8OS zz9R%f16>GSPv0MIqsu!14R8~Gk+nxer|;E}kg8uL2!_x+OalzYz{S1n+&FQ^_r^LE zajBz~JR%Awjbaccp(sT2Sq)9>q{#xf0GawgE%gu@7ahu1XxvsFw+1`RF6LNef0A}FwLsAd3) zJ>oueDB6FvBzglgLfzd_ArHW@_>JeHI$^Thn*|p1nS~HL8~9(5!~OD=uq9wBJ%w(J%?A1J=_run=zrXXEThJlbj807pt}F|ZoM z9=VOh%wV4LN~+mAn+<&tsx09*6VXXx&O38QM(Lj&^jm=_Wt5GHMbIZqw0TpGj+8c$ zNMz>NqHunVX0bEDHYJBMr4MEQYK1?!tm!@dLn12h3SO{5RnXv>uB54<;VOoRvL79B z{bQ9<{0~x!e9Y}Wy?PrLzSMgFJ1zt=6V|LyMYuJb?7 zQ7H1nogaBHd$1~&h1w9RX1fc(%4hMl7%&-<6nrtX)JCRUD8F}tD?oYHxQa&%kTT_$ zA4q={UI4z@*wmZCl%8xeaTTTzPmX0`Dp(q?;;M`puuAaf#Rznpfp+{cLFh)niaRxG z$T$G^ui=y0l|tWTK&T$_FiyRYUVwVgVN>bxaHw9?#y?tI*gN2<$lVzA{u-`(ShEyD ztWLfbWvR8O4gxrtn(i~k8>&;b^O%A>do!Ss%SRNLoI3EU9G0{UkO!>V(XuN5wanQA zE;BTd!ul`s)qiI#sG~yGw%T=#+HD<;Ogtf1xa&Om3|bl}3fQI*_ifPK^b7>;V8$@<+|+ksP_S*C7$^*JRadfsu=3cEhKq#$ zE`X>N^9`6cG9z5M%pBfgZrl4EDLs8J{&T5F$9_2L^t-*EJKg>NhD~dksC9{Jb-Yi)iUD11BlyN zEgeqL=d%58^#Agu=SO=3E9U>5E;xsU`M(c;*XuveQoek#aNfkxX1|xtpOJ3XujvV9RmZ0^F7-^2x#@Owa(H=NVFIBwE=o5aNYKG4U#=crXH;d zydf7XegV@r zU!Px$1{W`fhrj%KdNDeGcQ$-=eDV6-;qd(A-P>9kn!0U}yWxcn({w2d)JSZD32dVJ z^!RLaGCDtgdw6_t{C4>A_3=@a+_nMKQb5~THR&_FK{XR*e`Fpt04V#^Z3BrUD7vwf zuhlZaifRv6YGTQK7?}zOC&`;17!^R}@zttf0|Rn}=$U$3@MyA{MVHGwl%Szdw4r;e zka{-|V#OriNf zSG|jzPbqJK3kA`~k)pa{BOz8HoLVTgSw^Z+pZG&I8rrbsDM4r%>-`_?54gfCa~qUB zUAft08|uiNBAS!ty)3k2W}I!Rn6&FjHhQ2iQ)$tt{VeoOr!tX!^L?SAnc^&PJ1miI zY-#aCUJs*39a?G$K3j|H(Y3BlDb( znhI9f|L&mQE7||Spu0Z*{Vb&+!ZUN+4~z7g)8o%$*nhM@|H(?@_}3qdOHaPl2&`QH zt@wXC{oUSr{69xA$A8V8H~9kWnff@YP5qR$#R7F{#aR=Xh^JAF7rNvq+c!PAWPwP; z8K3db5xo6dW-G*twsNQ>EVLGRHMP%zaZl?nb>)mFxWT$}DFXy2O}nF!US zWV9`zgAlx^&_hGcH|16{e*P@L> zA9U-E{*K|37tEfT;Rn;C4#n1xv_ku<4dJESN<=pTSc=S9JhoO14Sp@M4VX{N)C0#d z$=Dpz@F@=QmIth$PP*2?d;mM}z&}IeM&mB$WDEwbmK}Qu2l*Xdx&3@`r${zmRqpqC zaR+3Yk2RL~MGf_J7&|wEM#4+YE2KT3ZS{__75$Gp6zX`WpLA+L8B=|bEVTAbRRVX!+Wr0#n2)s9_%yFV@<*Zzy`?w z^217_|4*wIXkyh-D?D5EjRC;Q{O?YA{dcFoKL7DNWkaR*W(nK$c>wJuv;HEPDX)C^%J%? zAPbHcBDxM9kQCv(aBU|Y#G=EIa_%s$h$Q>JsSbP|y&Yj)ItUhVcgwDdsp%Yt?r(E1 z{hg!|>BFDie3VY7-e+1hEv_^cBp|0Mq8Zn}_5DbWx|dPWDr-^ZZY7yiw_T(7)*o=K z!XR1wR_+7d9|bWSE`qfG1E$A|_QQD!=W_rg*F{#*saH>sP)riq;!0j`wrpufF=wkS zI`=+GVi*s}^f0@jT%P%f?Bee3?E3Ef$b`|Peqp%^MJ7ik)_74|Z&Hg}wL;9cjNea; zWnQgXLLPWVsS1F+sGx4$4C~i9vbh~79<45LTo?=GlhP^|%v3U1-LSJ-Al21BYpJ@F zm@m=Sh^Mfh^d7^lEe7qU7-Ujdc(|E_C9eTem;S3O5#@1L7NqkrUU0ZVV%hGOIwo*) zW}&;Yr!$SFMCF6$|3?3>np6JfJpilL|Mv#{a{S-hTmSz*o~6jeJtLZbDLcEc+iO`a z;Bm(>AH9t$mDfJw|0tq%@4|QAv48{Qj8Bn;iYzniYA{)}8iTveBJWikrqL47u4CSH SS(kPB&gJh37&K`BZU6w!<5a5v diff --git a/released/assets/rancher-backup/rancher-backup-1.0.300.tgz b/released/assets/rancher-backup/rancher-backup-1.0.300.tgz deleted file mode 100644 index 3a0598e2589c769ef4a9a4415d6bb055347450e1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 5314 zcmV;z6g}%7iwFQ&Fx_7O1MNL)bK5wQ^Y!#AP;&Ox-ZLp#@?*+(dsT|<&ABEIm*q+7 zDm!aa6eROZkqkk~(Zu=h+uZ<2@Fm%?4odi-Ny0X>F@5-`0v5% z-oYM>|3SaM^AqbnAr6h@|M~bkK@cWR;)Q`YY%%6KiQ|V;8~!Ffx4p3Aq)BLb0g&(e zhpZ?rmK%@%JaZEFy0)pyV2Past zU(yke1D*g#*N5o@!|b`(({++W;;_?kQK<-9p-n<1fQO<3M24cHWJ&dFi}|#5!xy(< zJO+`p%)SLYdch=iL=vZNlE%DM%jmhLpUCfaTR(c1{o|IB{s(5mKse(Ww`b$0>SKle z2ld}C>;Hq@{#yS(N7*PT+*a%2+JlLVQ2^?fpyECjHKGM81h6BFb0nr-a-EI{2i<)`n=R1O z7O;vv_m8LUYYZwdoERx-$tRREb#Mwzgy%u!$p8*KW z7Z#5GkGqMiC74LvYvuq+ABIqmFni+#r|-7uCp3<5wE|{=^v**+1=Gf6$7zgQ8S}^w z7ibo2vqhK^HW|TVK5gcxR6W$5^UgX3|0WWZUV$^LChF; z0DnoVgna7(mw_j~H}ew7kW?VH&N4IVg)y)duvf2955!DF z+$E#c6jVOJ0SAFnqB_$ur349Ojzk?mNV){rC1!tGfFxsSHUWxS;YmfyJ{mLNByWo| z52kfK{co~rWIv-8N*r+`IoRdQuM&3fkq#t1gAOMypkWU zwj_!m8D0R$+`=Fro{4jl$^ACIMLSW?2ZJ9d*|!M5;DA!Jn^FiJf6LZ3zMf7f8;zT4InMz1$cCsn1o4yiBaKH6UDR{3fCOuVqY@ z?7#Dq!SS1uC$#;rtg!#~`}@6;{kIQgZT~$-S!(}9Pva^!JBnZ(k?v<76X^Au>>EHL z3WWzh7hqAv%$r3%Inok^F^5$H6-CR!(rRsNY_L}xHEI;HQ?LhHS65f9Ywpho5~!bX z=1xj3G`g`yt26@r$_bR&(W$ie7=_jHj+7Z#6HO_0-KnWy1x+yzW?9lUu(J5bvhJ34 zwWOO0kw@mz*19NIwh66kJ}gP1V1v=?$cX{b1WiNbMwF0{{6|THk6xS^DxmsPj<)h0 zJJT>2V|R?oaUSiEFYfT2Y4v)NG^lWU}+BHHv31#47d zG=Vjh>pnr4z{pBG#~*U|oxDYp=8n-HHD2-qj;glJ5UH%4cJgpJ4wzo}!CK<}*k;2U z50+m1PA_m_596_Pyl^=_9lT-ZAsX{3^aTJlK^J+?Gf*SCdsFOgLw3U#V53|)E{Lx9 zg)gp%*egK|>6u7wx0lgNvq%vwf8UexGVqvBk@t6?cj$)((`PSJ_XZ$sp7T$shYkj6 zv0;Ck1tCegC*RO0ZI!`}sBz86D5$0Cz#(Mt9VmN2(-fc3%2(#B#wD}S$^gLbjzTcM z;QfjIiP$MxwD75gBc|rn)<*+{!u~E=h~XHhhIbe*UJ9*%R}L2R8+TzwT)ZBlOugr^ zH=zkj5;h#ZM$reGUad-ZhL~r*m&=VgW=t}No#pP?dvedvnOo*Ikt2X&7r`9kUP7xP z8_HToz9R%f1zm7n&)y$xqsco432+mCk+sK;&fcpjAw|E65KN(2mI@ zEe2YH$Ro3{7#YlCUP(22XS0DXLKP+aW+XaE%z0<#NH6`fgLW$*rIfOeoeMm?JUcm}BunHP1)0H?iG+adx zVfLdvu79jj^8bNLk&m(6r_2O-c>c#h|DdLTzwWv+M%U@|k}v`b@ec1zQX?wGk;7%I+QG4p1I7uJ$AP zh?%m>52d{dFQC6#-_)DHlAdfcaUG`MPmW|@Dp=~T;;xM8uuAY3MGthFfpq*aLFk6V zikTWUXdHt1*YHW@tk8Gq5UPjVjZ-hA6`&rp+f;fy8mJew{*PuCjt*EVG8?1bUc-G4 zYnp(){(|ksMLk-Gy?o*IuZ#pz``-mKqGY5W^-IA68@{m;rS`Gzt zEo1i3m+6{FX8o7>>c6uVG*BUHTkX0=?Y8zt#-5Nn+;x_G1}zN~25i&t`?hF{LUt6S zzK;%jr8C-20)9zYOvOh z-G68AA|4DAVCk044c6uG%(yDUR zBEQkf+jo$&;Cddi-Yc)wYEAuc}NFqTsjntSv<{`LCt(M^j z9)jQ2YH4?hK9}`>qy3j}JwMtSSh4=^cELC-tpB~ zv~IirmW1O>99uJ;8efa`wpzEig3fdB~+V!<3pqQ~vo7o6oHc-njw6f1- zzNVeWcd3@|jJPl4d3cSG=EPkP`7*%y{lval?mKHM9T&N^VNnIo|o#TXraVP7aLZH)MmCD4Yt zmJGy`a%pc-kK)?t?d=1oyhj6kG)GY-;@$b+)yd`ScSnPZ(|2!cacCO0er|>r22A6nG*Bb5 z4Jxn+>$8*d;py<=Dyc4$-pk;hl7rVUKU6|86KZNZ|+Y8Fi{Gm~FK zA#X#ERw49mbchv`@P9!wH0ijCEL31;;ptp2Y76Tz{g`%J-ReN}Qq0^4&6jm`GuGzz zz_&8wM;j~a^5mt_{x7c3kLqJp{I9oLvH!aVdu#juIZE@AY?bWs%oLXk>4VJh+ST`Y zOz~ua=d0dD&Zm^Oz=Q(t<5*!`(UIV*P@kG9wNXZ@Q6Kn2G8)>j%Ge4rLoM)Q)(4mJL;D2tXt3rrexQX_z$0mwJHaYrErnm&Wy9 zd(cnN$Ex$+y>5B^-|6nH_y3-y)WrYlJl#fP;H=I+e2{HW_6(mlLMPKh-(W_S1cnDn zobiX)OZYqB04;ASjYPR+6|=$I8dGjlEECHzPfjUoNs`Jw%T%D&u!TL5{QV~XMB5{U z?_08`y3H*aP{q`~hAMJJpMe2{YNwOpR6>_fBnI@^yFKW zz{>sKiv73S+udEy|K}*?{I9w5Cf|TPS09J9p`Ws}SRgK~IBOyU@ieRPLYKVD_IyWf zSzssPoKN}Z2;TlJ(-q=HTNzXm7HW&Uno9J&`&$J6y6`WhGQl6K+RE6FYttPC?R#S* z1ECs~47VkCPzNt6_>k5rumcP23!i+(gYlxcw`$=jCg^}p$(wsSI_nC)y$zGo!2G68 z$FYxXOqOo{_5d=?CI8Xn-mg;`{+KyYr9X4PRF863v<7$#`pd?1Vqxt4E>Gdy{4AsZ z*LE9+KFHP`{T;z4FPJ_x!4Jks9g3|%X@&Gx8^TMON<=pTSPIQ)JhE0z4SplC1k5KU z>Vb2acx=vT_!NhD%L7(WCtd4cK7br};Ge;Bqj{H8G6DrxOOCySg8UAzTz|f}Qz)CS zD))Q6xC1oJ#~Mxiq6YiA9y{}XBjTmz71SQkwt7d|it)z`g*qDQ7oA#A#u8KqsldYq z7PsHdJVDny^iu2k@UT#NDOk z3q5NeNwtorBieZ0wcXy@VqJ<8Z;;>qVgg3wm>vF^jXgIpK48kc`q-fSJMt=$wmP8v zpr*ze@vZGKzEEuo6J^SoedI*)G87M54$e-Mau!BS;O4c1HxB5&Hj{8j8_&$%QuY3= zgifJK5~pU*7$j|al32aC+-5KMXS!tr7_MLzFv1|Ru0o_0Fv+(qvs(!01gsNtHuD4~ zt=sI3;x*ZABGvmk==h~PDyweHQg!872Yrs#CV^Q=pZV~kXUV^AY1IFh;5_2ShMh!@ z-2+^q|N93!2j%_0gZ^6oKTE+`CQmml$vL)+Eg-e$CA~|nJ8KW9WX&j1d&1g(5S{in z0pMB{<3l^gN2>?(H#~Iy)cOEse0ZDR5=w{D@Mw#R(Q4U3>^`26+p1>jTHdC~&EM z!uI>5!SO;w*TDmlBAgYj?WBWPbU0G39mW-rr2jY7fzRW&L##^&!6NQ%*;O_*o#W8s zZRXP7Nh}dR{OQex>15)4rd`wGPGf-sa;YMmasON2kL0L(85ORw7Det>qDghzHG*&b z0rx5ll+|x#KH&XP;KSi2Nc%rvdAw{toThL#13+?LWEGxz_XH8eAfYX;<@ILEwssV8 zw#v=9_fZlvF-sZ0 z9~;ZGTD6Eg@QhLw09jE%-M$&tuQOzGJy1MaU7)xy7s@B4RVz^P{^lHjRr~+@{a)Gs-`QXP|399k$jv>&n|~<>yO8a* zEEe#%LC*OENvQBL>s?JIi*{o$>n!qK#bFvPVeQ)I UU6*xPm+xHu4&_EOY5;Bk0D&uPkN^Mx diff --git a/released/assets/rancher-backup/rancher-backup-1.0.301-rc00.tgz b/released/assets/rancher-backup/rancher-backup-1.0.301-rc00.tgz deleted file mode 100755 index 555b801e6bf53e410cf30e2af0ff8f1a270d359b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 5317 zcmV;$6gul4iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH>cZ`(MU^XvJq_@H#}lD$ZF;!Lve-5%hk*|}gkZ4h@_9JxD5CtMjly^z4cu1L4BuxiUA1+}ml0VOhif64& zV-$)`C?;jQ)@lirSxS~6BXbUR>9v7nhU@6H^bK*ltsY6*&ih6H&A zge97D#RY$TovYN>s9&@+p^HH1-&Tv zH|+QJLJ{|Ro$o!>{vk_4|1U_IqkLckaD)EeKRWC+^?!fA|D^vPqtH2-qSpKZGcKv( zVp&e7#>@gt0*Nip&w{1SG0mkTagA35=}{ z(;5Q!#5~)|5Obyo)mjXO??xUl8CmdeIOG!HbodLL^AvX>;p{(@h7M{*B}^!$iPqFD zWDFn(Hhgk6%X}9&H7d&durl*nPk5T3a6gbG8K+wF*M1%k-3!Vj#<{>ZFGr&bs_X95a7okDbu17#dwUF*RLx+{bEeLSnn8C#L^q{lH>_mG137^8j<#KKI)MZylxbXg zc#tU`r$kCCtpE03{ZHA#bQFgm4B8q6!7g0RXgq_2N{v!NvSegVV=zvDwjI{OS!g+P z6u`C~M2Q{iJD^9nMa1$n-37+ikb%rF1}ZHqu;VkHaW3`X^Pp9jQA7aS(`;Yc*WtU7 z=76w-hy*w*;QaLS$*vi@{|>J+WFtl5i=7DU=X0E(D6MZxhsT`7m?_zHrxGK-S1)5zN;lmf5!pr|3o{T&NSs?k~&XZrA9LY zSfAGE*mImxskEBb+%TTt2vdv|7X!HZ+UY2s>KSP~dU*d^r$Z(a%BWhJ&rSW`u>T6@ zSxPivA7_|q1|pT+*A=+I{`ZgejvDs=@Zj*t{y$2&x(c0sg}@H8k4__f6mFme5PtpI z(G}?gqPNyVv;(yWQCbIR*(?*3sR;ysklo;$0AMPy{1H_2AWPPsJ6BiTKX%?xmhj6m zAhE`YBuS}m^~ASMiirq8&m*}D9bIRPS^?Pi-fYsE=#q5kp z;}U(4oj-ORfrXUK$54L^J>Zt95H3(pY(Hkz7T&n!1J~C00Fw#E+97zwM-IP!T^Qp5 z1Sg+!k_L6rSlJvGHoB0-Bu~>N==vsF*AbUdsZr-0f)Y84O??H2ebBL-gfYfMJ4lkx z(U1R(A~w#E1R}H`=2R7up%S*8!}sFVNY^!nAj5bkS{IX5Narpn)Ff))Ro_Q8Rb`Cq z%2KK6(~opM$|n>0#TXTDc$A~VNx;OVmS$~jT+|3eYUi(XPHnA}j4{2DOj9>#8TjEJ zWKbj7J-bL9R@(ngNsJKuX8^&+;O;!}`J6LLXUnLo(`jp2LT8xHBRR8C`T(x3fU-Ev zlTFM;7X7AL(ix+d4n+i>@~}(~%M6A7MzSob8`LsHyD#Hz6!wR2*!Z^lXX`7p!i>(@?8rm9=% zfqH0FRqm+j!0A~Vps7t~IqJN1hNk8~(^W)fvLCrjT=~k&)Ro_y<(Uwg zLhx7iS9WaH5+UYnLZ`Vv7;`lP**Cz?-qte0E(O@MvcA$GSthl9v9sz$IUMh&aBefD zA3!Z-80*%BgJ>a{mC~0U=xc$mJJJ=BLrZ2cTOD{$F1n;OOy7*_PZpOhjm2VH;u*#l zGM{&4zt$7m#*=|((Hlo)^qfdEnc$!+`=K-*oKY^pj=?BrWdFxQna?YX9{6k#-yVLp zh_8iQbdY&oGXURcE)2PLX#qtkp|BdHzDMe@XxCtLg`z{R$;D_~8kC!vrfpO$-oV$d zgSF3!OxN(859^MO|ZAl9#Lnl@#evr+Wm z-qteOWzBj-?C<0#pqSOBqPKh?K0;kl@&6<9bd!!-8w+c&i+sAL7mE!0een2s`!?&a zDQ{SVznN-3k@>9x`QFaTQ+e>R(f=JdcTdIO+vEveaB*I+uTqsnQf?IXz+2hr_>vdn!;)= z-NN?Q)-_b``>kL;*_H2IHtPT4gSYARTkXM(`Jbl#-|rnA9X;v)$0)TlZ_7$jsp!w$ z#}T$=V49;Pl&H#;slpLA+AstkWw6+@A&W*L&vA-hvH=7iN+Tej1x}$_SX#GK)!gpy z)rTxxeTc)=2eXxJ^&t<}TX_L_kn)(M!L6yWsfvP>lD2E;FbJNl(PPX}O&n0@r5{}orKENBLoascmx8K(2#w>z+DQX6i`@80a*4yjES&Ple0 z&+jmY(Pl+jfM2&l(TY~^6y>wk2XB4rp&7n2P3uc;w;cWJ4a3z3yTQh+IE0SOsThYh zO%1$|_pda zP@UnZ^yjmcBiVnocE01;3NNJpvqcj>YoWdkV|UTtNO+_98fkZEyM9LHhW^Kl%Qha` zjZP~l&jhtWs>yHzj5b!>LPIOcY8C7@1I_BP+IYL2K8rb1f~P48v(Z#X5^ct^MrlFF z00NK73a6H>waN`T25acQw-fSIzFXPo|JPS&?uFx~^FR9s&HT^dVZZm}|360Ayd<+R zLntlI$t)YL!smATFL3&jYsI2NuxG1+46cXU`j3_!zu}E?Ok+nlL z?$BBBReO}$Wevc`Qsc`Wyt40#Ls*)x@;x*et4?QK%T`hC@5xk&qsCHoUd)m2A0X4b ztyO64@zzsjw#tSBXc~5VD=#_Nf~`ytKII4h?q#$6uO$QSx|g#`$lo7g1Q;{Sn3@`9>{pzDPmg0LwmNMn|Hmm?jSIIroj2u7Epi0+ zy(((+MNv_wV{cY?ul2)k+rte9IEwkad&6BcJKn`LCY+}8EHz6amV^Wqp{a~I zoluufXKQN61AGYap3J;>Dz}QrLKnmDeiIw6A19`G`)Pt~C3; zD@26~UB6AOj=I}YA!M8GJcBSSR>caJ`Z{#iqPhmn8k5H^fnfyRc{4+p@HFL@M(vx+ zKvH9Ntif<~_3MlXGDn3%7N<@dL|FOjk)~!yMVSF{E8LyV3eE}`0I;&lD=(_s&g_d7 zl=l;@I;*fO-ec|es-0FBt(nXfyt?*2 zrFvpA0;5f+1j2xuE+MJCARvO#19TCE5uLqtQ^F4Yb%Ln0he9v`qTo~WP{=26-CHW7j3*n#(AXJTC)`a<-AV3-Cz7Vi z`YlhYjmF}}Eprje80`%kEhhr2j`eA(?JI2&fJfG?;JF>RaBjEhVqz{~D(22Q{OzIj zYP6!goFQ`u|JyFP@`h&Z5X$Oy7joIlTqv7{xS+8fPF*4;ow6|Fi8=kz-7*);RB*4p z8f^Xnk8ek2?!^fSOT0rSu!8r$864%&mj~pgfN78trfBG4F}&5Bjq?}s-cI9IEE2f` z5)Db#ZDbQJ=9XQ~Z1k&UM0tU0;YY~`hNN4Xg|1%Ux@Zw5I5AARW} zE1WL<`^WB1R1;`nK`gp5Tq*DN)-i1e?>AVCZ_1CDU4(CZ=Wj+>qI*@h(Ae|LT+r)D zu2h_+4=Y<(^oMm@?N_@8RhB($+~BknzV?NuMEk(f^?wC?yoAp=ie=$6dK3)LPR+S| z6uXd-_`;wlvd$F*--T90jCG9(P3=`ok}OaHRfYFkUQCf}+CmYn3(Jj6udTATyjD|y zG8pwkFBIqIP8wTFg3RNY4jG2;Mzx50*E~|@9kDLXW=HVC?gyzhcJ7*6Ry8$o^ZLFf z7rQXdwcmomL3_o5v4I-=7eu@4d6Fsv=xt@9LT5g XRG!MeM*05$00960;cMG60BQgL3tV%W diff --git a/released/assets/rancher-backup/rancher-backup-1.0.301-rc01.tgz b/released/assets/rancher-backup/rancher-backup-1.0.301-rc01.tgz deleted file mode 100755 index 5b81f0bdf5388a645a72e9dd831dd05f6ccb5ac8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 5326 zcmV;<6fx@`iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH<$bK5$0_iObl&d}M`-kOwTInIvS?Tq4hZ#_2;kCmHDCwr4X zooU@8Cfaq$oe)tkc~ZlNnPaa9#k;3y%oG;yH?NLgI@&>mJXEP|=Dk z(x1Lx>GgWOqr*ed;R{P|G3{j{HfPJ>>WP&33}g=hOH%+iin?j zcgEFZ?jNKO#<(JiawdlzfS4$f@>vuUrBaM2?~+{ckTR)Anhv2pT*6o+e_jw3&s&?u zC={JiOv-kx)eDT;}Go2P@v?wh*5@eB^54On{hdW zl(PJD>(@;1B~4Im;F{C0#hUs9WQlhwKkA3&u|C}!pIC4$W&{s zoQ5%9WSk*W8(>LB-=L6`vmq?|9g=0<&!`s-Itj{H&`gwc?f;

jLWVYOAc=&m$S|Vt}eMqS#~v^lS@5qprWDgeYw8v< zh7bf>J~^9Zz6+cg6=i-{nR%_JJWWuzAIOr7Q?2=HKaWT51!WTBT;S{H!KoK#E$hn&?DR;VtJbG1LGUWKxP;Nl@=D*@fpuKmwNDd&??L*B7oglcA)L+=Glu0Maytgs$s7CJ*?VywPfkfh{jx#EiR@0gr#uFT4im~Ei2w%Q-I*O-yMjDSE-u>3;km-~%s#fN6Q~x*Yzrsb9 z5>42LIi{L{NM(0*1+KCGgD3qb4f}s|`1ry8-%I)OC3N}~0z1q;IF0l{xPcZx`1NZ? zSEN&j-dGRO4%8w#s21Wa6NY1Y=pMU6nDcK%A|)YeML1k-EDG|zkF$FvW8DNSJ)83CKQ`eNy5p> z0y?*;nP`k+N#kaFE5yQ*-cXE9Uc**GY>HyL#Hz6!wR2*!Z^lXX`7p!i>(@?8rm9=% zfqH0FVTCX%4h-Q}FTZX zKfx^Js|B*VF9%*T{||eQA2;H^C;g+NhxvaW#d&7hbQO`A97HY?SHAKxb>%l_d8UM> z5d4+>l^vV4M2IC>Q0s|ZWIH;11s z<0~N-9b}$248S*<3q!75T0l`sD69sl?~!^e+BFzmq3F;naxog02IXd^X&Y6GH}LiA zaO1NgvkiP_d77T_l*X$ejM7W8lI3?~%c^?|@{j*}bpHCo%h8LI@!9D3r2JkcC$5-I zwGlXNQ#4++0^zfhzl?r;{`$js@Zss`_?KVLK8#<#Iv@Rf^5OZb*w$^e zh#}gf%W0sk#BNc6+o(P}IUk>nU!S}@KKXF+a`g21$+Jyz0}p8EfCgnXn=^i)hne*I zqg+uLLeN}O2|Og0pllhsTzkg{D>r+1qoyuZ4*QL1cbpQs7wncpgqAMLC>lA3u3m|GAga;{Ufl&)}{YEe!?8=WWTlIhO!Q1rut@hyB{7+N=AM~Ca9X{y)`zW>; zpgO}*>CZ=NN3#EF<9x@XHC{;nXNx9&)Ixn5#_n>kmGDOM4bpDWcJqwNHT{nnmu)<> z8=Y2Ao(XD$RFmNr7;UV$g@#s?)hgIc2Ab7nwefZ{eHL@31W!{GW}~T&B-)H+jnaaU zAp{M{IIgs|F5sm+zH2Z=YI|koB5xkqyFOu|NlP9_9dCE zDIdF#a;qFq>*~w>Bzn{;!y&xN$fq1TQVGgt&m7eoi5xkwI18b)o-#5u+7JF{Hny~Z ztB(YI`C?K=RA2(Z+c`3Kw!xg9YB{zv9{8u0_JL@xpH?}%t*Bs;O9c}w&Q2sjJIP)T z)K)4A(b(fl_FZw5Nwe?2uQl|KIMuivHAt^20+m(0DHr9|fZl{XLl~anx9<&Wkzn{R3p0 zw~Y#|J>GiC%vRZQ08PVgZ{;NiTd0{sUoTj#&AUPNJW_eU6uzB>8g0LAvbWAdPZwf^jjm}P;@|0dpI)yorzu>CC zwX68p1RfCWxqAQ7Ag5MEiQLCr9N%mEWvP1fVILmhXDXG{0(UTL6z$@tvWj7?MoHzi zo)=HY=g;gJz6F(%vRMRY_LPg$2li|n7XoF*P0m?2ai`@bIOU?OYLB{8X+K6mafI_q z_PifIdXD@vmxlg7KN&rHaS|<(?}_6Y{eN`WKWgNE28R#&|9;9&6F*qasJY5nlqZgIiFjH-D)iDJI!UUL`Co_BGL38(2IOU;sqB_TmYXey&l zC)B0W+1c5FpHaa%W*ko0ly^RU{Ador8c61lcrhug6t-St<+aK)?JF5jKB7~nE6u*| z3Q?g#H*Zs`qwcm;2-&tf&matoRk6aQz6#xysIEY>!Q`<^U>JdSUe6JxJWctfQTygH zkkptRYcO10{W>FpEKs44#i`Q<5mx?sq^UVlQD#8g3U{ZohO+_&0Icou%CqXWGy7r< z<^4qK&N?iM_gMSA?yO;BU;P?1qjqn<{R*|O*NjuBfGRSxq&DH{59Z6V7xklFDB`|p z<|Sp?qL+=l} zOAZ&flKb${Zt(jBS04?tAMK)s`E6JZf~)wofvIKMKHrY>m@t^2(SGHmjGBmD&U6ju z_Mt#AfT#8@t=)4!VK^S_1LMl&7xf#{gL_S|UW&8cYYu9oy325`;i>lW+^#lUn%MVRKBt&c~Jgrh@17V|{=q9b!x&y~<>bX8!t)T_P_`xKoopz9vJxuu6s*GmGNY&7#h1q>x8>$ zt2@cv{zTGrRlfmBwb5AI#$_&PnV`LWqvf<<)v-QJwLPaT0`SPX5j?j$7tZY#UQEmd zO~u^Vgugqo9*G#u)LvJJD{?@*=1e!q8G|$AuegGhf|kGNoOp~cw$b5 zba%|9GZow~Ukx_@@W;0!Gk4~MgeBeq6j;N%-wclOSj>0irhsXX5~gVAVKKbb9Fg;9 z^3D$BPAn3+2NDfQ)}>@qE*6$u&TM3?=0tfxZQ*0d2u7*oAnry)R|&-Kf@mMPi=T=1 zY2{v_ls%&(%_mq8MyF_Ed#55bk)_kCh4X7R6U2t;b!Rj;ADX_`HNNImO>gKs8lo7j zdB`4BY>U@=Elpb*UdNE3>_Y>WQ=48c_Jg{~;emW6|C5IHy57=FcJL1#kyJ_S_Mnlo(4 zAn57@5;`^8=2Ux*;V)dk!X_kZntaYL3->@XF-4+z+jrVqap1XtciL`MO1udFwH7xP ztx)C5gXnV?S>age-;cX{QB9zQm9Xf_aHYK4TgS8^yxU?Gz9~Oqb`iez9lSYViSAY1 zLSxS}b3v~sxl%crKCJ9r(I3_|wO{QXR9W`0adp#D_}br{5$)$n*Z&pp$qGK@C{~4I z=ut2_J2mI>QS3uT;tPYK$U0XLd^cGUG0`=qG__YTNwP!c`-$@Z3{)TDJ(ZK zy|&8U@>)#+%3wSQy-=K+J85h!2{Mo8IxHBy9oHi6ee+0}cf`6ln;pS3yC0<5*tu_R zS=H3U&FlM`T#DBc5@Vxc8gEbn!mS&AGaT_C1}`lVFA{K^9Xzh)`W3GKWhR zT}Y)D(G+P+WU*LT8Mq|KzNX&2)_Opgn<4Bqh~7Z8%Ndd^-B4W=W6HbL+6?tvI=-Zi zM?8G7pCq%hiON#pSw#!)ycuv(wbe5ZrK+ZXi(jpXypUb9+n<`NhTH_~IvT=+D5BL- z=oCGKFe=E`qr|M?5-ivbF>!?i+v2s3m@-Ub8Y5<-DoT9Db z^r-kh9*Rk(p)()}%z11sSN3n#EWcCzPoY?v>$*d5D|UvT!rXWaxzC#%(Q;UqHh^E7 g(N;YAf9NDWl!x+A{wd4<1^@v6{|_Jp+5l<*08j>a6aWAK diff --git a/released/assets/rancher-backup/rancher-backup-crd-1.0.200.tgz b/released/assets/rancher-backup/rancher-backup-crd-1.0.200.tgz deleted file mode 100644 index 72e0045265d4d40dc3e216401dc44f659ba48852..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1719 zcmV;o21xlIiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI>{Z`-yO&$B-Tk^9j00+!{(PA&u#x0%xo9lEZtv%VC4ps8b- z3q@)qWyBcv-3N-YElboNCu!2HK6wZ%@%%`hKRoB~NMcTwAp3JnZquYsWH^{CvDDrg z$L!>B$oGB!Vl>MB`@UcP?~ncA$?*L0e0+I!KEAj(@rR>}(eMQMk2HTHrAlLY;y-w< z^5*^_ggF-)Ybv-3dI%A$F%ywTu+|JbDh33krV9#TfO1=L4qMVN1RkJMEmJsk4&gWk zm0$t^vJd+blt?83)mLk!A$GD!V1O0$4f}Qt1$*t`gnk04sNexw4SOLdB59(t-|x86 zm@$R)63}FNt}-V7Q8F zFixZUKV;DDI0=xgaAu%C?1N2rZ(5-?!uN=TObRzN2BmSF6acTH;@(26p=M`9aH|#d z`TsB9cxL?T*QZm!;rjH|7cT~-a8z9CEaP*nGLj-q0^~9Q%baN%A!}R(!6ht}m~D-y zhmaz|Ku=hzbQXhDI^W`26ubTa{rOi9p%rE{%!FZIiUj!8$9JF3XJiR6whs|Xq)1GJ z+hAlkxpi*HHO3HdBG*}R@>Opz8SRgi_s`A#RD=GVZjKvJ&D)5nz4IE@1|bmEx}*0tSu>6kwG{fMvh`Xv4tHC&tI82o%O>Uurs*F85n_ALQ#zG@-CI%`Hrl6C$M&DiA;HAbcef0*Twy@r*!NoRp{7Ls^oQ! z7|?)nXiI74y!1FWl@8(kuA52^>DuJsdm`e5L1qEnn@q>f&G$o&`fvL7>iU^7xj`Vft?*IS* N|Nr6$A%g%m007w=P4)l) diff --git a/released/assets/rancher-backup/rancher-backup-crd-1.0.201.tgz b/released/assets/rancher-backup/rancher-backup-crd-1.0.201.tgz deleted file mode 100644 index 179be53d3ae5e985eaca9ed6726d9e37823efadf..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1673 zcmV;426p)$iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI>{Z`(Ey&$B-Tkv()9U{y*SXAn@VnbQp&x~{OZz6^Vysk6<6 zA~ljSVhsE414Y@ECF+lpH0f4d9s*0eAIbZ}yW>e>PF5g?b4+g2WJqN6aPU8zx?07@Pm`!{PMydpN%dq&rkedG(I1lApeo(Z=_UdEKmFg&sE;s ze}pjSLSsz@SK$C5f;DDh=@G0o1CNTA1f-@53Q>r1TX7Cs(I^5QqEjtXICT!;I0ltq z0wJ;whZ2-XB>^>58>Jz3vPoco6$}mgZVd%{9pHq11gWUtAzBB62o#Yt(b?~}Txrah zLV5*gGQC!4A!G@}8`MJUO#&gpNx~?}gfv)hX9_&uJM)9Vb1U$Hw zLyv+M{~w=^&r1G(>0boB|33v4od+ir?lf@oOL@27DdT?YU=A7wgImg@5KU60MLf;@ z_8JzH)66eo&^W>xn?uC9lQkaY?VNn?(*uw1wJh!}!WwFJMg+H7QNMrx z^=r?JfA#8g3OL%Fe)ESHgHm`|T&dIA>c%AvOqHtd_k8pAkymba2!GhG06--Vv&U;%YumD8dFaBGJCoQHg6Vm zS%ND`c~2#C>b#7Cv7yNnX@OD&S*V=vb<$~m4crPO<+?n5OgW9yI7ERH&l~{DOtpJb zWCc;mns+jhg6~G!01qUUW_1MvI?&u5j*}`XLf1L2kSatkUdJ@zbh*+mDg$R4^9aib z5ovTc&x}Te$VWc<*8Fu9S?NeCFNvp&;W>j4nZ&B}vd%Cw-1F+Q7PvM@L-Ul}x{a%K zr&}TtB4Z_()jQ0Cz-*FvUqs+hB52imj|P}r-5X*dSOoIk?363x0C4keHoK+CN04-} zX-1n1!2omT7zs;CO~@!~#&M!nLf=%jUdzVeZpU_2IihOW#9V<~L-Z4H zkj^;M5Q3WnRDEDe;~2}zu~ReNp^(y}b)m-J{mLr^n}@D#USYRdP+z`-{K<1yT%Q*; z*8jWw8Xj~X*i!$GE`y81`v1%iMwfm4{}lA;>i>fAG+zQ7S0t9};%%i^obGAMMN_;< z!5GLXEI6EoVe?#hzA%nmoCIOG0)N>Il{K@nc_=9x+u-e6Een zuDHC<7#WbPqI+Vc7=v|)swPKl$yiz{x4Oh6U&R!baF-mldWPq~oU-e*pyre}#+t0& z+$9o}a^=yMY9-Y^LB4mWEqhRxLJHZFKw>RwtFg{NYs}K7#kTDCh?zRn`Gl`tl z0p-}1(#(13(KnTj;r*hUN)PGU!rCMNrBA6-1reHWDxXt7_nvy{si&TL TYNvk#00960^g${m05$*s6*?!D diff --git a/released/assets/rancher-backup/rancher-backup-crd-1.0.300.tgz b/released/assets/rancher-backup/rancher-backup-crd-1.0.300.tgz deleted file mode 100644 index 5e64277d8d9329544b85420deaa26e03869a1bf5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1672 zcmV;326y=%iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI>{Z`(Ey&$B-Tkv()9U{!XUWDroSnbQp&x~{OZz6^Vysk6<6 zA~ljSVhsE414Y@ECF+muH0f4d9s*0eAIbZ}yW>e>PL?41GfeK2xKCvGa=gS+dutrA zv&SLd_x-EUDE;sIe(}G5=?~5Z7uQ#pzCRpZU!M7c(be$!4Ec{Ve=Q|SV|nJEJXdjZ z{}IBR3yn1uTm?OZ2-cX1g-5W~3_L1c5|EnCDTD#aY{fZjNy89$fX=l{;M_Tc;|NrY z2?WSK>`PE0kpxs+co6uwTEN+5u~Dm2WU0ug`kL}u}*)#8{sF#_1 zPCW`5{Qv6WYFP09YkxHA{QoH^?>soB@SuU4U&_1xP8s)G4Q8P6pm$Gs7@%>Yw1_5| z-`>KUa+>-@1R94}V{?dDce2K#yseY(e7dJ%AZ8>E!;~Gf50Y{Xax7R9*`uhBexCmN z{sY#_0C`GdohVOfA@Ks} zzkcnR@vmN;PXLGO^Kbs}B2Wr1@=Kkje6Ce4q)6fbxlF(^ru0KG3|Iof~qEF$A2*bsA{Kg3sw<3Pf5x?vF!gFD97*NX*laWLXdqTw}^9U!+fWz~;@I zE(&l3DetIYPOX=bGd47yAT3a$APtqXolaWKuYp^EBwQD#k0_^65(Q}B#4`uLB312< z6j?%;u=<^hrQq9GYn)A3@Uj zx*lyN1Ov>SVmx^n}@D!USYSIQ(v}&?8$RiT%Q-! z*8ki58cwMsEfD-w%!@upJDPxrLtqAA{_ zU<~90<{*KS{V?yy399pfoIWaomNTNcVoxJOMV?&4B_X{Db%g5b__3=>516VVK3B$O zS6tp@j0{Lx(LJ$JjKMlYRgoh$WGoGpTUBC`tzrTTc!&>LJ;O6#PT93uP<_f9VNI5A z9%2bfx$!Cqkvj3w_?k6rNib>J;L3#yw87PYz|ISXCJYXJo|HR z=Fm9ezI)i6|Ft2f$lNc7pwF(fY0Ce#kZ@`Pup$4y9A1u!{lDSWpv(WCf<9^fZ;a=0 z8-UhKrzu|Q0Cq0hIqK)0H+J4E(vRgXUWR4fG$Q>^8gCP;s$xBrs_*k`z3pqS^_^4* z4D9u&Nc0qpz)PVh!Vg)O%5Qx~*1i*1xwKd&yfnJSU8L*czUwJ?+P5Te<-^f~o&@2R7XI_jvS SX8Jb(0RR6nREMbmHUI$X4>Z33 diff --git a/released/assets/rancher-backup/rancher-backup-crd-1.0.301-rc00.tgz b/released/assets/rancher-backup/rancher-backup-crd-1.0.301-rc00.tgz deleted file mode 100755 index dc375196b5a6c1d4a851e352ea67f285fa0b1728..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1674 zcmV;526g!#iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI>{Z`(Ey&$B-Tkv()9U{_9@WDroSnbQp&x~{OZz6^Vysk6<6 zA~}*WVhsE414Y@ECF+lzH0f4d9s-lRAOGAP?~W&hIaz}0&oH@5WS^+$<#>se8LV;4 zP9BGXAP6o;qx63e1jYZsMR0jC90kEuaCJ2dE>D8t=<@991O<;Ye=Q~2V098ac&_5+ z{v(7r7X}+DxDI;=5o|CMivhvLFc?trl7KRFP9X|WrYqiIOBzMMLv(6X0;k>~9LJy~ zCJ-Xm*jJ!Mq6p}|UTXufmrVf!tf6n&w`<7hYY$8M5tOEahiEnIMWBhI(xkuNa&0hU z8kr@a@#IFMxljd=L9Y_ptR;j9OUWon52?4>%rqPXgY#h6S0o5}&n?B{$z%TpV#%-p z{W3eBhh7B@_J4VPc~-FhtKht||0kim@nA{e-T=41^x*D0ZOv~roPoi^-W}yph{lOF zBA#S+djoUIX=)cS7#v}P?Iq&O$tjN>Y>j+p(>*PL*pWDjQg+NfD9R0}v0zE;uA)Br zdHU=757;b2G|&c{L=UtP3NPTD$gB~e&1`#3&TO?&lrJif-0E)E5^^BhpDh69l!4{S zufZCP>Hm;IH{(bk+rycHdA|=f+4VF+Z4Q4x6r`tcOJmRm$1(?ay~yt^!UigKMg(_K z(Z7HH_3MEh|LWE01aP!I{pOEB3|iwweyP)x&$r5j5{V3vPX!!vDrtnAa^((AvP5CF zRiYk3ng|O$W{Ebb57NnOi|bI_`a|^hKRtw2n9(Rb4A&_n@aqq6Kb}v?5@PHc5t2$s z>)|#SDNd%H8}f~@1e~aK>S)G-&*@?cL^(O`k3(qBC)oi=%u|=-SP&81V9F_9q^&z( z+cT$&0$kygcT`ZP*2~B#8yZiL5h&4+y2{y3CavZ-z}zGEIE|%s+Y2egg z9$^(BqO9y@snX~W1t>t@+P}6(R=CoNOX3M*c*Y<^Hn1vmRw-tRdtPp9fNO%ZG)u^x zU%480x*?(!f`vyjTdu}+i`kz*jMpYgT?+n6sDdazVZV5_^%`I@U(n(f-$eq& z9aipa=OK$M)IjX9oO-KbSesjgxuzT6?LX^=leRFwN$c2;hRA&TQM?MUuF{eQ*0Qi# zvl@@wS}@jVW$hK2C4@@h^jXR#;PxrCthiTiSXh8;AQX+jZ%Rs$>&04Qd6^ zPryNW{Y;Guu6Iz?jxC8}tV-8T#dwcE3QenAj=%ktWeP41UAefzZ8aypYzJA(b7x$i z7uDwf+xQwD^d8ud|BtSQ7yJ4DSui}m=<@%kpih_o=ai@Z5#X>Sv6vTcGR6FKPn#~< z4^sFEs!+m#ZB0bM1|lH;43Nxr&!z*`7wE|4HF(;zU)9u~7 zihzN89uZqCi4FCZD|LWGd0{}Jv0Eb^Y$N&HU diff --git a/released/assets/rancher-backup/rancher-backup-crd-1.0.301-rc01.tgz b/released/assets/rancher-backup/rancher-backup-crd-1.0.301-rc01.tgz deleted file mode 100755 index 7e642719d2760851cd56aa24cc7b840394a58e54..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1676 zcmV;726OoziwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI>{Z`-yO&$B-Tk^9hlFJM)2oOBRSteMjd9lEZtv%U;_ps8b< z3q@)qWyBcv-3N-YElboNJ89CbI(Y~z@%%`hKRoB~NMcS_Acu2I?$TsPWb|^f!cu!1 z9J8~>A>a4?tMNGd@B4oFzklgpodsh*2rh!lAQ+$d!T2f|pCSK|=5M4_X)MqD2hUaB z+&_dc=R#vm1y|t!A%Zn#V(AgAH3N@|mjtAy3kp$)a$9i@ThS;29-?zCQ#f}H;W!4B zU;-hs4~G(zNF@O^R2!uscCtxefE5f4`)&;ddmZ3}egdhe;2~NEg9sFnG|}1bcU)=A zm_m95XfnM~Xdz??#2eH?>rDb7!b!p?$%HgmZ)XZT-@EXGp(K7Vcy2A8P7eRq5GM?4 zP%m@&JoG4N@&Buft5M1SU-_fn|DS}4&Vv&Q_ZqnQrM$aulySdxFb9o;!5!sMh$gAh zBA(`cdjku~Y33I(XdGdU%^_ml$r_LHc22(c>48dsn2|V&GIq>9O3F3JiC}4LkD?*^ zarX0vk65ol$XZu%9k}rc6GO#1PUO#pB(@el!4(Y zuE98s9)6cWx8o#0cEXu~{%{C3-M?vt+6vzz5;7^=(ioJ+aZ&)hUKaNjVGT7qBZ6D4 zs9(SR?;FpIfBpJ=3OL%F|L-?12Bq+_xYSw3=UU}biZlt4%LFWQrfGz%aTNrYuvB8U zGok@PiUTXlxh2;aL%@mLWPxTP_<}BHK%~{<;W&g2Vv-qv#3BnxmIV>PHKv^MW%hIr zY~C#BvIJL>@}5fO)Oi^NV?&cE(gLLlvQRnS>!j2C8n_im%5{1Am~tAYafkvZo;d)P znQHf>$O@vAHSc611>cRd0Uk&y&FTsUbfCF=94A#&gl=+NAytT8yoqVV>2jrCR0hs8 z<`I?=BGTw?o*9h_k&k@zfAiN>WThjmyd<77hUW}IWD={=%R0l%a4)LQTHx9s4b4+> z=Qgg^ooVqBR_`zm0<%fxsffU%M9`}B9t|+LJ{e*mSOoH9cFL7;0JwcWo88gm z6G*z)G^5RhV1T)EjD)4bGCQuuz83S}foP{sR9;E=Bc&3e;)KKU(Kcv-$zwr>Q+%HZ zly_LWvwegtvrrAO!*iOwieaU1CFY85W4Bw@Es{1cza%EGpA3=5_LF!eU{z-&Ev!{# zb!OELy>(!0u*$|GGA{_F#G8XR+ibA22^nS0I8M|`=-bNHYuPy5@7S&@M^r7Fm@ANL zh<*SL(ivwOLU40{st;^w9AjBIc522u6jFM$F4XwDUwNfq^U$@;E9_Pa>dSYKKY8wo z>&v3X`hS;S!-MVvTk8MutKjmm{vY|lXw=vLPeGrr{x29$^CiG>MPj)w-d2jm>7KS+ zG{u_~jDeiO0wi#980H;0L47_@&__+saz->)>}h4F$&(wnBxEwOvIli3q>w!cB-Wy~8tV+S#w=}GY|DO+n5jdZe~9O@ zo5K;#RJrq9&9h|2@ZOkP&E|{O#BEA%6;S8p)@-?{bl4uMC%D^=_xVqZ?ZIj4>=SlU zWPk3>92-a6cMtpXzcJ*LnTOR7^u?7nZTY_z5+2$BY{~yGN0;Mr|8F!7`uzVX=(Fbk z#&{mL0cg#1mf>X%VCS-(qhaBBYv;`(eP8Y3swkQ>x^3 zju_B@a%@X!=DhUin@Y#|-)|Ruh@>b}a%C!Mxs%uu2`nCqeF9hu>f19WOxu;_n8D{c6?g5= z_6nU&=VUk}`uAw0e|LI==ywdH+dmnd^m-?QQHON8qtUSQ85!=k8|4s6MFn)l;lA%O z>d?6?EeFLWlSlBx<4AvhA|OiXe?Fr^SxY+i_R$8+$7nFvNdIoHNdI1EI2wIMI{Rq6 z3jX2rr@qe>RWA4CX^Rk>D(dm61;3TYESI;rJSCp%hkum5rJ>@c>%-)D-YF?vOr|ZI zujW+Qvr-H;6Uv>q%t@=47W3(x$$;AIlpuBq&Zy(U2FBu zvOSY%jW{^#$`7mCVGZH;k>cUg(-Op9kD$zS>le2JVm0JWTs3f#zutWWHJ* ztJ{K(+rkZ$e)ew0a>FLfr(=&vB0^ZT{*;_w-jEbKk<1Q-tCmEMk8qz*au<%7@R?!~ zI~@(b<=TjSrc@wL+ie@UURrUFHF>3EO15EqT(+?Th$R|^B^T4y9b4XW;lR={(?(m5 z&DSCsr5nC}|EEK_{J*|9d;R9Znmc=GqeA|72E7r=|NapEk2)tP|GWKeBme7w zBXS+B04+kkPDO~e09viR3Z6vl5b8T*%6vo#=s{L`E_8ws!2%8vh^QG=AXt6COdNji zdz?DVv0AMoavA9wt+86I-+ue8HDlhK#44y<>JY0HLQKC@l_1VTQ>8vA z=YN=o0Opv5SK8M4>>H|k=1Xt1d}jUn}G}U@B!W*k)Id|WeA#T z2}nWn%^9dd@W61IWWa29vLsGSkhHeemrwxQkp%qe! zMM=f-SdU+@IoG2Hiy;&+e`7)Q+)U7-c(I!57gmgP?kerm9synKAOxSI)0xNL=YS2V z+3mf0SF!MH$<3A(SW(JtmomHx-)0!H>%ltG33?+rRd z`@cWv4;uMj2biXr3r2`BwJjQ|85i#V^lG;5UP+7vEV`{b*LP0Id1S?3!>VY_nSv=( z6c?#S$IO%Qa@~lAPN#xR(GpkOq|V%hMhzuGhD$yQ9pIYNZ{jC$+~?sT)f&XWa8CNp zAQt)Xp(R3Cr`WzpU`XEx9tLrD@KG)R6!TOfGggIGaiNqOWZBz5aMXFF?@AxWzKwph zU}B6y!ianl;KZLCkSfuq0E1@6u`y)|zure*iQ$2iFn(NOBFCA$ z$jy1=QryN~(I=73yqnGOfSLm%!jl?m-T7;=iwo zq#pg#TggTVGG$yJ3>Sx?JpyCB#X;R>iW+(RoBN!p^R&r0v_5K}UZ}GFGM2X~?wAP* zVD3ukE||64)*P(b|LymS_TOmKZ|uKXpy-R{jh&+ZiAwHmv>Hl`LcKoXwX#|#@Vaow zh?KZ>R=(kJ=z1y>8cIy7bcwEGN=Cv4CE zQxLSc$@(1pKUm}cUa#T*I$*#2AFq+k{0{{h0q`-w_WWONXl)}7D*1m<)c+^LPQT&* zI$*#2zrh&aC=Ns;4h{@e{I53^|Kd5o%JYB2lLG&v1JLk)9kA^_^cZ-3m(6Gz1Xezh z`}j4QvKsnOw~w1j*{e9Edrkul;Kv^9cno_!gP|I2Kp2@uu0$!&t=s;+H+?Xrc4RN6T2 zTc50Wd{;BM)yBkb1KYg8x6@Ik6`>v>LG&y=E42kl*ZBWw_TP*OhxyFePBT>7f8C<} z*BLeO-&)}L?7w7h&7?uNHW&{hyTk>)ZWFnmqKB zeo|1$|2Zq>X`Wye{|^W2@!w$+|E&cIi3m!~+ajkw<+$)Bv$!aK_TPsC_+EuE9-79F z!S?n)yOTBU|1|r*^}v4Z|9FjTHu;%8+uxY{9}QIT|AKlhUT{gmA(+i)R}oMZ|Lu>8 z{68EHn*1NNz>z+EIw4aE{#B zeGWPOia4&VGA|@k$xEXsZQ2<*V~`2;Bzr>5R6;!+MeO7}9l^D}e6(I4_-)FFbxs31 zc0E_QU{svFy^MvR%#;M8%&7d9EtB@XQ2a&-OuAxy8JGK4p-Z_U=sRWb;rZT8-=bc9 zetS$lXMea-Nu*nhGuNXp*zai(J+xd;@D8;r7);G|^6C8gwIrAkK<@?mQ;WRSMpK%x z1ut}O%o`TnQ3t*W>z9^ZewD+_emOMHeN3=R{3ksDxT67B8UN|@iuT{h zpt1jIfqlk*(w+af#Pf!JlCy?~p21HWD)T>Zf8tK(GjhN=pS#J_1zb|Mj{>{on77 z8vd^Z9v<2+$%QXNu&-CC5y7}duL5mz2@eTdFtNOcb;8KYHn1*Q)4(#Wzs}mG4!U9i z>pF^$T30FFKhxw^MoH?$sB+d)&o#91Vr)_i{FCG!WRz_wu`5cmETz=~aG2DD82^@S z<4Fiu;^N^KV|^5b5w%~oegdh>?^g*i?_KbOsNqgzBrZ^06u6J*1w|YP_;T!w&u*=+T{BKMj@f|C3_=$HAb< z|4|R@)BnpDTF>nJ#rq70p1i*S?7;tEGS|lc{gWpCUkmJ$|1&<-GxL9Z&+O2X_cwql z{`Z+etMWF`d3|mv=558FyM%)(5V%z#TyHtt_+O{8 zOnvUBod&Gj|6e=*b24c7zaA*^{}}1L;`#sZaS5mEMPW)>rsWO%dmNUWwP&2)8Bmr> zl^h;9j=qJ#R8WVl7dN96s%FH@P+32ep=~qfFy}bl2sZU&oq`qr3P>V1@>%`SZz%0J3g6whZ)~bNw<;n4K&a|16#oV0b+@|wg7ej0KB~A=l}o! diff --git a/released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.200.tgz b/released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.200.tgz deleted file mode 100644 index 62dec5132847b2bca9088ea80e31f2375816ac1d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3939 zcmV-p51jBHiwFR9Fx_7O1MMB{a@#hte@{<=VS1A|V^ZI8#xwWBb#k3tn>1sm?PSu9 z1Cfx#iXs?-w5oIaF83_=WVZ`|pQ233v8ANPoz@~jU;!+47rXe_gw(fZEHrIbm}3Ud z3mVSbU)?KoI-Qf@kjUTBNd9(u1NEzcbo(cxlV0y+FzS#_cQhJyz9Pf>ZALZ3BBCKQ z#o@m1GV0KUsLTi1CX-w6=zgTXUkHSi<9|M*VPvi7!n=<;fF7g4VB`3Ad!y3$_d3Iq z!B?bnAC=d^|M~b+-{%pHT<(k079lo`sK=)k{6-$LT;As5lz6Tm|6ci(#t}DNABf|5 zr=*gZOgnV`v7nJXtHfZlFmfj@bJF6K*&J5{9$lF}U9eMf{_>K1lT=WdAM=TT+K?Gr z!vhx5h=-2)YeW#25@13qD)u&FQF*WJqUA@dj&OgFKT7M0~< z*R=T};6C%CP336d{sh&-Fr5;po(4hg)#_Ni7Bt)r-5`=_Z)dE~ZNhvy_Lv}H3|#I{ zB>_|HL@+xJ-DpK*{|NU9CG&X9LZ3xUV53#{Tds}RXHgW0({|fNEg>x3V#y9dut>C_ ze_XV&0f9h_lFMlL7dBXXfQpr}(ttMzu~3L-^3)gA>sA@vBK zkO*~+(hnpSnD`!1Jvj$;21ygpJ}>bJbP2iC2#zx4BYu67=#%AgX#pSVJQfe9?TjTe zebhd(TCINq+6508aeb&^A!jgDTr<8T5r>8_*{}(tQ5>>k60!+22EOn(B<~$==ju%q z7--=(en}GA*FEd^HuI$>)2hE`4Q2f~>gefDs0z8~@g-6r)#;$^K;6C1>*K8MsTvXaCtw{uhj|9StdNf1rDKwCfJM$GIO=L5nYg|yX2*&}@;#U`ADlMsh5eUDRzITjG{Qld4mJ{&0w z4ukrkisg*?IPy{GPN$mD(}^z6y<;GclO(Fr4gsrR;=)7?b?WBfz=Lv(;3Jit#q3FY zWN&~Xvbk?mS=C~VXhWlQ)^gir^SD28r*Wuw9OVg9lU^J{|6F^9XfZjP)b-RU5^(^g zf&W2v17?H4W$S^3uVU^7z{RTO6oEymc$|VrEwOnt_99Z%17brGUjVfP@Q95A06Yks zBkKu(YO>;_-I8vL1#?`WsJFr~k8v2FU5dZ6@j{ZO8jAds^bd)<*6j^sPK#F&x@Z(7 zh@c@L7FxAsVnZl&jCmgZV&QA*xlU=U0vdvCgLb1HwojpN*7P+BTX#2$s^|ZU7iZ63 zy||CLAE9Rc?+kjQ()|3t0;;52uSjzp?xQ57Xqz`Fhy8z+F)BQPbT zph)>@wLX0K(3&xCk;qTA7eTBxF-@hj&D1d@reEnABF;mP%Ko5Q{(%nQZKJJqA9d`! z{?`M2F>2QT_5s!750hC8)5<+90M@Plo%Duf|F6>@HTr)a@Q6IuwuTyWX{b~(g$3GI zS}fACdUy8fdsBH{Xb4LaxrNAVkA`Rsg|38$9#1Q z2A#u99tv2xBdgzPr3Tt5x%m^mKO#S)bsNJ>wF0Ct^DP)mg+7m@87>X;RcicY1~kr> zXb&@bjczRtfbyJtVY@sQ616?!uFX>a0F3BRo0!xS97vB7pkUJC^lhdsPdSt0M9utb zH{|{T9ad$rdoHd}O5ABvj=?unw(l$O?Qm+h$V=%B!bDA$)GzcTR}3t9+1se-B}?oc zTHwcoI=_K1;`aqs;4>&FXt+9-{SVoKUn{2`h7KKtkV@J}7wmCH>c^Hwx^N@8ru_)U z#SY?A((QB>`h5Y|a5THUXRln{#g8%iCEJx~p(A|BJZ2-W;^?*_?y*p>q?7l*wpySs zfJV_ueV%%JOg+8E4s=zVrECr@f){M+iU=z)4ET!FwIgpc3+fC7A?QA{M!T3Vb@M-_ zhtRW6nGEXme|I=2>Hq$q->m=b1x(W{Y%YXjYFjjpW;}HNExFm6KNGmNf8A}(UEet+ z+9$mLu4sXG3nYsuGO1d}M~0!!!u4BW3~YlROae808}c|1ikUH~u)m^NJQ3k6Q?~7r zEf`jP)r%{Y-zpQet06yur$0uSHI$2B91|lB9R1`lT+YF#0QazrV`Iu9d|j$nVt635 z#;>ghq2#s8mR}$tt4VZdUT>h!L5{USrW9 z5Sem%o{szm-IO!JbGz*~H>qt;4Af2OH-lK@Pc(x)I%b|$P6h4NPObl91!zy6O50u= zT(YPNZmroD z2sbw-xPI?oj!3a&4(uPq2c3f6U$>WGD)>+-s%*WueEcY>MtY}7C3z$n>U?W*wLdH7 zK%ek_v~@Dpov>T`zK>Jw_D9%t$T3ltnW)8!AQS?OMZprH7{LmjZS2pF75@ zh zL#tynqPtJnUjC<`XmOM6A>_Zj{y!M@I*t7A1MXM;HIHnTf5^}%fX@lGm;Y)*Ya4Y? zEB}M?{14B~{@-5Ue&v6IF}_h9gpE2lFx1Jv+{OIFb6~aSzlP=eKk(bg|6X9*9qTd3 zdfm2le&d7&fmK||z5QBbRS9{h*T+qz{ME|JJt%obCD|x1ZIhei@l)KXC@fniiE7I_ zP1t1Ic@32|_-3ycg%T$`TWl7)uq+h*RT-HDL z--ZMDUZp-BdW>&_?d^Xy7kk|QY4(5j1NUqHYaZEb@-unspfUMB8>o|i8P)>t&Fke5 zjOMnh3aDHE?T^axKOFX(_z!!5NAmRPgiIsy#A81E;d~wk#JFwg%pgW?Jqq6NzoR44 zAtp?@kK}REuO~3~Ipp*o#BuE?_d&2I`Dm22O*^M&3^JjfV0S2)YN)%T&`!?X5nRY? zQS0SF-lmLL=QN;W*K;EmjEb{2FSB4aX-*iF85Q5LRZ`!Rh+jq_2HmiZbiTipnpDVw zzEch#p6}iCrdsv&)iL>+{qAB|AQ(4|v(Ta^>|>fmcCFA7yhH1T3`ld4Je^-W7X)vF z%e_Ea@O$B6#TNG_Wr*NXttoi!`=Vy4A%C4 z`h$~RBmesVE#7jJU(ukv7PBto`d*q@eP?`^rI`e87J_D7%Lo#%FpV3gBQ%F3S_P<91%0knu5GLwgoywNxm6&np0eWDllmDw3^MI(rih?^I z0jl%=dfoE;-|vnZ`QHoN+_ayP7ruzWzRp79xk7psGO#Hm5_ZkP)e`uGk*94CU9_fE z2_jI1yluR9$K2i*jgLSP4`c+?IxKs z3{I5)#{p1z>ifg0tkk=c3A0g|zUG&@eoW4;&Koa2#?&)fjaPPP*unpUd30yjPeSeb z|4BLi-(b+h|JV=Qr~j8Tv>w>^)B6mECf;8Fc94HCnfE6D{ZX_2zZbYq`Oo=O4=n%s zp4p*^_ZNUV`S)3bR^?S7XVA_bj!++TJc|jNc2WA zs^6yv;{%-mtPv#NfZS-I-hZ;=x%!bNr!me9Gb6`Pep1oHpk^#FIviy z5A=p1yD754dqY={i-QY&DNs!X%az^2M>D{`H@_J8Ped*-L-9oCTRvz0FEGaP7{Q;$ xuW79`oXQ}wrVkkEW(_PhruLjqCf{Sk?^Duk^n3#iG|<2n@IS}IDfR$-0080V;xYgL diff --git a/released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.300.tgz b/released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.300.tgz deleted file mode 100644 index 6784b0c42def36d4c21cf9a0d94f39390c0e86ca..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 4827 zcmV<15+v;(iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PJ0TZ`(MN-+#}aVxaD!?IM=n@=_SL2V~RSBDYPqNV5B&=(9*^ zX>9YcM5-heuP>YLa-Zcs*@2`a%d#B5G*Q~F21R2_-i|*XbP{9dvrVgQKJG+MR>me)~IU zKSbf{D3*$d@7kYTRk*{_bSZCNg1dWt=b~VNYp#U;62vCBE8KZ1u z#G7#kiC!$Int^E_a0Ub>@c;!wg;H1AHorkV&3&v?B>SzFr?rH1lNy`BA|)!>3iyc2 zmac&2Vw>U0n^9wevndz8>^GWOp^f|Gb(6NzG_u`pJT+dvH7eKtHzbHrK9m7iqyM|@ zgI-bp>p!*ruYjJxYaEg|P+8B@lRjeEz069uGrgJ}|Ddm}G<=9nQc{IwZ>tg!wu_faC^2={_L3 z4?NDKM|ms_Yj4b{ho=A3SQmrBwH-zR$$>IYX!9h&8x!W)zd{+4pfx_S8!9*pktqpN zs>TpdZJ`YBtSWmTV{fdBKc|dp?e4fUWA9_T@7JSq6_N25W8L&~U{ z+1I0h4@i*sSSmm}vaGX`K=1-bR4QGF#)O1P&v)vM+64aCLxKMp~)qYi*-fxo1?SH17Ti0U@A{5e9 z(ax^G+WB9nTd@B}N46N=JTmc6+BF7 z5CHN0OgxHEri?8&^HtF1M(#Cqk^u&Mnmo?g9Bp@}TucH^d2|ZJhEGYHgH^=h#p3>IXO+qNn=cyycfk`TB9@+ktcX zDJFrlAepB|!rznD>3`!jP&N{AfV<8I*XaND{!wR9|99I*M+de3uYwAC(>jT6;vrhp zH=7H~Pa$X8=cH`pdR!ovuE)dHO{X!T%n1lLGS06@W#SBH`s&+JSL^VfTjZs(*>MkcPy*}l-|ZIGf4ZGsyIbSG3M!&|5i%L7 zPpqSI=@B+xm0!kpGDb3lCjQMkyRt5lNo+{jFWKsHRKdcJ> zy&C^j&|~2LaA*7<*7&cOHpf3sbl22-HGt-r2p<{xn<;~}_}?$C|Md=gof`jD z(8J=tY>cc{2BKC5PfokxKSB{wDe28ddjjk6U!4E%clYb_UzO0~;eS3xY7Ow^(k}Qv ztit}+^Z!cdvG9NR0QSFL4Sams4gZgC{}1Z(UzO0~;r}7*f2{!?o3_G#cee$A?eX6` z>eT0dDxn9*|MD2Q7yjLQ@&BsE|0C0m_}|I_SdagMqW$mn>iz#p=n?V1p#xBBfTyH& z_}9+`4?gQM=oivSeg4DqrNiJ4GF)ybPQSv@@;4g? ztNA~*4y$Q*T5JE)q40S2zkS#~D%$_<{(f!$tDrIJg`VYHYXxAW<8s(-S=30VI_n$wm zO?YTocl+QhPH2`Ao6C+9*#`$FGJUTfj&#kO(YyrxFcDqfUVb%er0L5i>;HB5_c03i zEJXGh;lS45zjw61ei`C?7p#X<0n2h^MO;W(I*natiB z_jxYTT&vQnm5@;;1RHxKSC8a&YA!U19Z;5#-7J@Id3y5O#o5*S>&uhlx7TOq$3LIu zib`&-e}??>;f59kxJgy6ua18%tf-F=^7`Gc7gx)ipRXGy&+p@XdHVaQ?wfmSoUl!!<*cdh z>D%L<-kiSPgkyT$Iu{*#T3eOU77`I zy1i|J;_pcqWX$G4sr~{+nU73Cr#t7g5Em(9H4i3O48xcfVzohrv6C?Fv;XV-KZa_`#pF6N zdi|ON0iWvsxA6wo&Hs7_MgOnYJF5M^N~pM?m-IJfqoswsxAv8_@b}CN%^1=D?-pW>7RGX#f=BM*}!x3_@3qTVu{AP9GvJRT@8f z&wh)eksv-UCvV!#mZk->(+BfV#-4}hqrV3O9CCq8^Vn?GP|h;Fu{f*y{K=R=Jv3B0 zqj{^{zP0l-BNR)??9AE8^G=+$B%I^wsaYYN^`f2C^Rnfvg(P{W(Bol9^f36~Bn9O5 z!N6IRn%yij&C(y6k^cYopALx?4|Rgegia*H(59QY15{+)j&6S8 zj6{*UIP1GVEPh!IV>Oue9rK~}OV=RH8I^Poxv<-5cdiRl-1K3#$G!dj_6m{wM43<7 z=!=rfAgPo7e1Stb<{mwV4o$&Z8qxCCH$|`|GE9Wc?7sEt-;#)f4f_Z|8UT$ z?|)T7+n@hTc4k*ce@k~Y%Vr15yTHKfB&Z%s=)pqR)+pu(3z)}>(@fN;D5X5FT2?P{dOJy zr5dWl{#U61YWu$xZHfP~2r!==|EbqITsr?#$A7Da9vJ`2m!&d`{OBs6B=XEtOZUsC zo$A zpBUzuRlq_P-K(miz$xNWqH$8N3KMpTrS3 z_Z^*gz{#CQcfisAUcQ93`N8;S=IZ(PLmo39`agnCJ(YVQQKc`PqPNk?`5BJA8MZ^t zEJE$>ED|SYcLoK_*JEJrq(I=qBSgwAxrU7qEgi5Y`rdf3J)R;>9(lx_xZ8P&< zo*Hvs5|!)!i__!R=cjJ?Fz4vj`G5P}!v0TZ|L~~R|CP`)xUeGtPR=eN)0}XkvDIi? zjd8(!0~@MFf`}Q@K-9UiaRX_fA~2Cufiobv*e_WeKf-(%A=4}oJRU{?)gBcjVOBwn zi2{!>7$Eq3$^uS&^xa0|8Jt-iU~hgmK7Rbz7-JA-+N5+igWH0py)SN^HRB*clNCHu zb2Z!WeCl4Qj>_>*qNpj5_#r-o4p@W#{Z8@xcjw^fpvHeCv;zN9Lq9dK8R!?_ZQ##` z#(<~5jkRqFi?LFX?6+Fe>D2XTT8PWVX#VpP zt+^U$y>uIm|Kb8d>l6&R2#r3_`ew|hpg6=5O~r;tR4i~01P)Q?H#`>b!RKDC+yn!z z$HSI>lRjwOblpE&$V?D?qtWz}15Pe5$3O^%`f$lbdKQic+yV`RGLm7t?hGSD;olpnnV zBGFGD+T1>*OO6m(B%~n628@-!!N|C@p8(qR?CNK&eQZMOP#X(MJ1eDp5GX^e{jd21) zoMvI_%31(kEENyu*X?aIGiJ+)(6m z1jozGULoczdzqjYeVLSz;u;o-YMa9bh=eHyf&QyAn}w1>UqwWa5ETlUbld01cV6`+ z32VU|2Pl-T;zcI+W~$qt%Yt`Dq9~xAtz>{oYB-x#k_-%HKpO{6dSmqC0Qbxgl6n?p z;}%+E<)Q92Y%H8Jqaa{Pn9}mI_9M-uxB)f>^ak}5(QqjgoWe-%8Ac54h(IP|fmVVaB0JlH7@|Uyv1*5Q%IpOe+B9o8JF$fgbAiNb~4|#|pQx zFe}Sn7*MTe=4D728EK!*ynAV;*J(N{C(}thR*A^dZaMaSs`-#0m@NucqJob$ao;Q) ze6$Jy!3GP0_s8dNG-88=X*d^PgEDc zVQyr3R8em|NM&qo0PJ0TZ`(MN-+#}aVxT^Uwu?x9OPs>E=YVXQTjaLs7D;y>Ecz@` zS{mDYERiZn#p}!FyWD5FPj(2m6BSS zFQKl_qnI;fYF$1O(_c|Y%2^+7+6@xNg|A-A>ox+EzM!!(&)$!5K`4NX3__G362>SS z8S&=aL86}ss%Bu?2b=+cNismeP@&Y7w#{!)UvnQT70Z6J>1!<^y|l(=utM3lk+ zhBQQ-;5GUo5ePR#P^)nihXF#YHA4WDDGoE92v8WsAyFv3MuSFVgvR<%nQ1Kj6+mFj zB~@I^as|;W>NS%{kx{M%Ay+F`K4I&bWT{-O@d{j8UdQWbE}Zc}!e{qzNK?4khXpR} zp4V+O1WKL=A7vkI?-~Hl;2#KyOh_2cK%mc~2w4D(D=j7&qfdu32+|J8a|2<4P7orw zK~TC6i0%WQGwD;FNW*6mcqguOra6Z&s3IT^HVGAuOWJ{QBtumDx@-XC6 z%0`BJNSRJTf`28_ypMDN41JW6h}nT@zrcu_)+6|d2xl-5#K>l-P{8xKsGoZ&(}*hL z(>wzJKTi74ZndKHdxVkc&35P21x=gyDM7hyjt1iaUSWv79;>={8;XZ|P#RAPKK$Nj zkl~Ors%G}}DC7eYraqPm(T*(ZtfUaU#1WNB7vebPZEAMk8UtybX^HzPTt6(+1Pj1u zzw&yG1_@Ev=2>ST=);hN5)Ec|0?MAw)s7rF_{R2d`6{ByhN+2C5aHUewap!w^Ui%D#+KmZiK_A}n;KHV8M5stW6wyBC@*+>n12^TB zzE4;4Zg2D1;gWUn;O?%Wrx$(Wwx<5K@pjDu)u# z5Od0`o9setoL`^H)EUn8)wiRrHsQap$V;W$_Kx;Y0-NyP>6F%gI_*xcQ{%r1Dx-T5 zGC8VGt)p_~6E?kPvM$m|Y(&{l`Ra0BveWk3M_$YMR*>~|(60FJ zRfYdG4S8p8~?o;{}t2r_{WLv+t#Dt|FE|IPec!k|8$J3$3ISF?Erj9v_1Yu z6RZ&bhrJsARnWuYKOH0M@jseijsGu+w#UDiV73O}j)@46VX&Pt*ognb^7>!5*KXJN zuYw*H|EtExdSxJLW$@&*AO2$$5tWkOY_%t_8UN+^|6!+7pZ}_a9uNQXF;Z)QFPHYg zf3FJrU(f$5p~u31?*Z(8y&CxVv>*N--~M;&^Iw(FBR9-DT;e`mi1fZg%m z?H$+We=4B|$N%yexflMOd-4CO#{VPJp7`I%0oaWHqq6<)w(I@>O6U>szoi3EYk;Su zP59T(1rI;#GUx{UciOG;{$HzoRO7!AD&t=ai0_d^jk%!zV-Ej&lUH(;F1X|&t~mlk zf{3z)NJ2~x(vq0|D0mX*Cv)9JMU!4<%dYUv6V0#P=YvzOdK(Kqq#>?+xALLDm8Aigw4Y+4{IPT3j8N&XQ~MR1kV@tJzP6p^`~Ic2!Uu=M zu`~?k&&`z?{ca^b)5LkbcdJo)xp0-ZIUCYZMB<`c^0&{wf4+1W{6U7x4aMnKI9mQ< z<6u4ir`BOL?N1x+e>M~z&;GZ1t>d!&?{p4p`(Fj6I@q6vpAtyN^CAWPGlb(oXG6GemK%Kb4K$L^uttieS7)UtdV9fpRE5k;XlAQ zR*Jd!6_E8n>-*gKiht1B8W3dRtx5d*};) zSp`!*h1O{b7g%o16d@uXk0%0mcl~>lDl&q*yXT8Fd6$IYJ04Ph)`ydDN@g;D zZ`|j(NDHmXu2w=$xe#pZkwQJv+o^@nBz8bqLUyxU!qwU7FPG=pPkwlF_IewR*>&qecnlMo$ALfLQ^FOlEb7fKSMSd*uiu_rtnTjBp)3k9g^FC4 zW`UY+Z(UIQHxh+8vw2XeKY>veAXCup%sDN@Mao&tg9(a~6|no+OXbw0|kZ$WMhdl=)#2+!Iq{f&cnC7lVB4C5-#*|0e&Bp_+0r zxsHuqzb0YGr~3b0yunTLzwS}l|Lb;-YX7eiDlh1z{Y}|uX(8{eePu2DJu^cyM)d!C zhINQ}un<`dfU=Q5nXV3+Cs=-9$LIT5oGl`r+dSs;nf>_Gvi=fj6aLMjckU=GI<4F4 zfDQO>cbD#e9ky%yS3_m|4|IReG5_Cuumb63P`Hvb07~(r0h}?0ktfH^G3OJf4>6Z2 ziywVpza{ZVkN}sHyLPk1wP1GoU>?fE_YngO4q$*oF3>fP&1MbdEY};0v%1fpj0x03 zLuE6Xx7zL7I8QS|v6RlvoV`5n)M-n@Ij*0YmC{)++F3s@Th3ZaQgjM^9z{eCgAYzx zKw%#YoJFbG%`($0{n3r}|F{2iNTPV86I?Cy!h1eJ_D?4bLV1^NWf+f4jLdF>%bbIa zRzqhS5P!ml!#6adst@g2&+kB+^uO8Q`^-4doAm$j(Q!HcWBa(i|5FKVyO}#cMK(UfAdzkNW@4mmiMkGH_ z7Em_&q9ij&>!d$l;!sy46VW|wYyd2G_hjyUY}HFRhjP z*2fd>U)9ch78JWRY`sshOA8Afbx#-AXX$a9t-5px|C{uGVSjHP0d7ZYuyOw1>XhR@ z93I#Azbc{K&wr*nv+JY3WxJZIW(Ui=#@=FygM@~PvOYLUBMPc6Z( zn|8pZ}sLej;JH^^cRB8JhfcE7TO2@yG4K5$NnF- z>i93!P$l-iN)1rk|D9+@{I7}t^V#vAy4~K=`JX!eTQ&5+_+P#(m0RRTR{<*`&pfqs zzkJ#o|2r%KY{dUzdHw(Js8h#(sDvIJ{{?$op$4eEfGueU{NqIKy!CHr6aG8L<@itS zcDIiIUI{%U{tI`Y9~tZE@60^4@V)`s0so`Pmh1gx+6VvbI{srN^pN;3ggba-{HMP& z^VGuo252Mx_qy@3NSp9~v=slL-8ruJ|0M9-$$G9e?vkV5QW)sXxA58@B3x60srmpQ91r|r~dudis)JT1MnjSFG6JSBIJCM z#Nga_blw4{a30+ONB?{I5?ba5W2f5KT--V4RA zl%Q+`-pe%Izm=-AkVHFC1%Akawcl*5{&sx;f5ShhR8sd_%5$McFYr^I#58T8CIUYt zRA2zkW%lXx^0fpa5X^E68+q`~C{0N938*oG&xJr4b8~@1X90gqgi5b_W=ZusHKx+O z^vtl^*u27*r-s@WNvrk$<=M&Wi!(2Jm~(WS{J+CaY5%8v*gLA{f0fWPxU?exPS39( z*PL*wG1h3j*XS&`Z(u{!NDv8Q2CU~-^Z6NMfr`LHQU%U{6k@;Rar_7iV1!Jw)ZmZe zkZO+#(lD!_#zcWn7z_{sK4l>%0R~>9@eIzbF0ePh8y`P@Y>Y9Ca&5A5ID^*&*WMSm z&YE!$!DS`S)LhLrJfFH(s-xBTCvofwBte7^p#wJH|FB&?|J^=1?$-FPgx26+YUpRC zHV6Fzybb*M&>HX**oijr@IkYBaf(bo8gc>W`V&J1S1E&+bDbf7e=$}nmi=aPI-Pnx z%?k0j7|nlvqB&P1&6i%I@n2j(WSxT{7m?8iTHlQM6cmRfWRRN{e~w3 zJ_Ot^l$&C}^LfeMy5)|j5)wv>J5(vnID%5?eJ5r%`_Bb=mV?02q-^{cee_B%Q9-ItyuUq{;q>Re( zfgK{n7G%m_7q+DT*Q$RPt_)ijPD}wnb$;zGzW7*hy+6LR90D9th7zV@WV+{-prcVb z&~y7#9K8b~F~}a;+yP`um2i?(Pj|erB>@oASe-npk7*4mTirZ}t*&v(XicTlq~*F> z@0bngD6t{H44(AUtQ7|^9aDd-+3Lr0qj!@{DN;CSqf6M#1V*7l>Zcv6ILHZ&fihci z&cK6JW1PScr+JvVRV@HNk%~w2>-IL98MEcY7}$cddKnUR}jZ6gz16DCgjkGg z(mcB4iNakh%-Zr722}Hzc^MH#M%rgH?_Qeeb(YS`$#fD=R4VeUTTX(2YCa?kXN!WB zsNkbb+&2pcAFV<_u)%`hx08!E8nNNRbes#Y!JJBS^S_V-T~kdp)%2Cp{|5j7|Nm?k Js_p=+001HVxN86a diff --git a/released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.301-rc01.tgz b/released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.301-rc01.tgz deleted file mode 100755 index be322d512078ab7b162492dcbc3f76a865df64d8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 4836 zcmVDc zVQyr3R8em|NM&qo0PJ0TZ`(MN-+#}aVxT^Uwu?x9iQ^Q;JqKjd+# z!Z%SO6%pUHKD(@PfA-Xw|QE@e`YFzmz1;o|xt z_vS?EKK4P^hQ}y~;=+|P zsW4iZh08vKlqG+xd>adXLj#oV=tdZx^LL&fCQ_l0K4G$X(_WchV2DIw+JKdkTA44Q zuFs>GGh}LAJ`&SkQAo;JA8y(W632zFUduad1Sow$V`ZMbALD{h02vvCC_yBQQ8qH- z&AEd_KM_>Tz_brI0|Jv|fP$eysVi-p-=MzcK2|E0{btkGT0(khjm=<@5|wO*e8go_ zS3q;I&G6*Ss4>CWl#4+28*W}`<34%aWUVxfY_(nCx7v-T2F*7_tM&g42@{kLWdJtl z|4ysdE$jcI?oqA(tDtA_8iyna71%z9As4H$=rx|f`!SV3B@p=SDxZ9pMHP*$T@NCbKP;#Km7urrq@W+Jt_ODRJHfYt4 z?1l=?B4kR!l&Ud=RGTWpJFm(C$iyG(;x8zpTFrZKKGb~+0f#AJ3oR*ROPFn~GL;+h zFyvFpMuvMxnNC82e&Xx+%4l(Psq*%Pf5tT|8;yC7QYJcAvOKF~IiTf&CKR(k0 z3kYey@_LO12~pVQS+5}I!;pj$4R~%)n3_(BV76N#RD$~Q9T%z(uUfBKwfX&qXtn*% zwR7`&jA4vIdMe)A71%icYj;Za|G0PDt?hpmbbH(U9?qCd1VTQe(k5P_)zFee2wE-7 zrehQc-#72>8n?Huwoa5GIC`R#=XAim(*{l_@Gk9y$a|af{WG^|&Wbsk&8)L(W2iqb z6l4=!ryQfd}SmfAP>P_?VTEDz5Ft=@TVS?Hw6(`i%78%d6pXSvMa5zL?^}%_| zuhR1MBLLT5oTPmP4XCT-IH##x|jB$5#Koeyr%|E=zEdr|*)TF2db{jU-# z=}qe!dZ}Y*QSZ77%TEz!+SR0N)1{g~F02bHqnsfD2nnK1r zxUf#{84F@gne~och>g$dQ!4ln->VA$$2I<|pvS;}Z*TnfYW!DB+v6W6x^G*Lg8y!9|DT8+7XRrOS&x65$l3w; zl4yJUk0w|l{tr7f{;Qye#eX_R*5iLP!5aTx5^axvF~MvNz#S72Aj4ogWv~(d-SYb1 z;n8t@{-Y9lSp2UVBkPrcsFlH!(|-7mQAAWqdb8D@z-IiH=l|VK`>@7;74&%cpO2AR z1AMu(5B_^q*#CO|UkN=H{(BE#|LfJj$EW@9UxEFv&wo`ykB9$Z9Ncx>7U|DF97 z0Cva!VXs%8|EYu?9RJH>d*Xj52VgV)kCyEJalQXv2|XhIw{!q% z4e*q-3IF=J;NfRo2Hk-FPPq|S`yPA1yADqWUjlYXwqA3+0DIqqWQJ^d~nKDZ)3rSG{lwfRz4IM zbD`|38x#ZChYyY~kSKHxz)9jD{S;t`_ESuhKXwkB5i0$4YQKULQmLHZ*S52K-@nvW z_~4K@mWILnxw$f<->t-FnmDibZZ%5p6s{6CXG1!QNL-Xl{`UFz&zBB^Kge*op*Z~t zN6TMq9IWU6)HU5WDJQ?442#Ufi<6X)VVifr`$uvTb05yxT0ebe(hd*7Tr2fM$7uq$*v_^#~h`E-a z)BWe)Hzw>^)}1~$ixZlq#OAW&ME1eKiOk;Xha+7xXEZNCKTJi}x0hed8fo_O$@+g2 z{sW9dK8uijMmVqy_&+@EF8Tl6`utxtRK&aXKjwbh>%8aJxNU_Sbi2SFAS_(c+v))GHkrCY8JzuQJyCe+X@sRqnKAeP8 zGL!jx<37(tT4+^vwGwj5g;ByvYX`+uFg(>xjcXW+x6Ay$=mDm zi<2ME3Pq(i*FQsk#c)H50^Fu5*Y8h$Tv?ra3bCSJ=Kk~BpMUt}=ieTqjcH(`P3>E# z!M07yc&};J>G{?5$(ysw_gB{!XYVi1Pp_`u{e1a;ne+2aw@CHktocW&0|sh35>D;nSyp_&S@bWQqF1~Ot2h=F)PLdn#u|(GMTe3 z)}~PUtHl)Q_3SmAvrtU)BzbVA{YxnZd@7`&%ny^`o|qa7{MXmH802FwVcci`H~D`I z)s&0Lb!_zdH3>sL)&K9}4Q`tM9Uhhazr(|B?f+Fman zF@bt$sBA{_R=a&0=V?YLmeSdovzOX{@!ZJAyPB(J2g|$0-eQS^gocW;J~&Dw=;Y3QJ~oRrHJiFm zEy1swcE|tj5#aW~f3H)Y|EPo>9{;^c@!zZQ|5>yP{)LI|Q@s4OogUbT|4#Y**I}ny zYzj*m;8x61#|A$Naf4!r6{l5}=Ec`E> zysSzC6mFe8wQRoz+8zJ9Mt|7`|E;C{|N8fTs-X((f3Gt17lO__wOqdz+6Vu;MSt1H z{_8I_{;Qx$?0=OSptk=z(T@0E6#?e6<3Al9_LlHp$A7Da9vJ`2m!)!x{OBrRMdX>M zmhP8Nd*gqHMSzX?@0Qp9yGN}${zE17==d+#;|euE?FDQ}JK!HDa_6moL!0p5IWEV4 zYPZ{U{P#-eA@N_h1O3QYPk(3TsfG6q&<^+?O}1R`FVjBwZ`JW1E1`$Pe<9q#BjZ2) zotdW=-ZwxS@xRxNpGDe)|D&b&5A9B`-v6tFO7UJ+9&arpefvlcn~%ko_0PlC;R()O zm)iK$eS9Bn!v75kX+RWa$Dv(cY`yQ7(FXjt50A?6pF8#Mzg9%g(jR~yDR>bggBKy^ zlOzV`zN7OFIEC}*4mkSX%a_nHKN$baTs{BWkS8pF{@)>>zAC(ssIr$%+1qFq{0zt5 z4BI1T9-(%B7O9i7KZ8pXF>pD*AZ&!-osyUgXh;=B>7BegPxYTHq@+U_6ZsR)vhrRi zex(FuBk*3P>He)$rG+Hgi7N0z7OeedYxTG51Na;ML8X$q-%_3nHF|-c@+78d3pEk= zDWL)ba4xe?r~-7`z7->ET` z_N8Zr-Nxn>zC1P5zDQcF|1Zx@USFJf(Zigh+vNXsJEi@fcDL89=YN&ZGq|)P08Y=Z zAlIC5sxj7Ryw~U~xNl%X)kqKtV+O3}SM&K9WPysnL{bILfD~fCFE#Wt zQ=5Z+0p14wd}s}L3hYFic=(`My*Ndt9}T&HbNz{-f~%Cl%el^wzrPqO70Z6JIh{^D zpJs)4T#V*FKhd14k>*RU(fBVeAhOQEkc-IZ1FdhydNnYg=1s@@qlwG}!8aOBKRGhx7o?Nw9%&2YVaTUi3R!kSw*OO4I2yR+$ac`5~j5Lto_JxDQUBO~pznRhSE^g2stuRCChnVsgO64rAlP6*@Y~778;#g-VLHwQ*kDejx%pqnfv%~hnriw=>Hh-&0RR82 K>#`I8tN;L?Gs0j1 diff --git a/released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.100.tgz b/released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.100.tgz deleted file mode 100644 index b47af00f4a92190dc8edca1bf0b4568eef344b12..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1333 zcmV-51Dc zVQyr3R8em|NM&qo0PI>#lj1fLo-@BfweRK40b}!-;x;?GNo|tdOwCO8lFFfx8&JlU zR8pH-DwY49@&{my4R|rkBuif?sij9>Pj{<@4M;vm)8@jqCn)(m1oPbH#_!zC!H~0r zFt|BUT-SAn{eJT6x^D5;9dx@lUT@SJ^hUj*JGybbq33pQn0xBL$4F!e%#C~USjENt zO9Z4;1SFKS;}&Ba2m&>8I1mNs2-V?eNK6I#W0rBHwAozvKFTqBLngvErA;J+Xf<#g zvzTp4qXAN;ZI_lXEbU@2K(N@3yROII9I1CC6;xwS2VP2u(@(gR}%eU>VJk z-95asY^qE-meV>k5G^&18E72{p6ps{u^QKNT*q_W)=QsgJ*l>T!cYf5XgfTJETOR+ zYyJE`9*xt`VSRzbFs>O$2bms74w+3hsFwIX%aSs&F{d>zeaYV=HS@ns zs$3%xJdpo&dtI-P|Mj}PYyNi;xk&!EX3gn|phoUw$oEDqgr8aaR{po8*_)WeaG{Vt zM-wy>32n9+In0k$>chbBWiN1*`t-c#?P|lT5}?hAyv|IhaKz0-YMzjHy*GDCPQ~ma z=;m%1`$l+7o<18Hri@q(A(xQ-Olj!17i(Xm)QtZ+y_45_20jq~z5Zxei2vQu;2Qrg zA{UAO8Ecw}{%e-*M%1@us?(!s{wcX6mabO!IwNUuyPAm;arX9vmX3WEJn+=8=b_;% zo^-Ck=6I>;{|#zY`>TLM{(so*75)FP+rRq%OUOn1f6AI>-2aJxBE5!q@{nvtRXE8u z>syK@=Xsb-H!?o%YX(y()&BqC{q4Jt@14*;d5lBfe|3k2`@c8n_r0tCzl8j6&&N); z>><@LJ_kdL=0HsBd`=Zv^x0&|elJD(Dc zVQyr3R8em|NM&qo0PI>{liD^Azh{36P5O*u^Y1#mT}awV+gus$n)gLsKs{U1NHPDqZNL~Ca4_6;;(cMPm45p7+g+`Y0#28xI+W?o3^`p!pk6vu1@Fg8P{v(D6y9AZ zp67YPen0v3Jg@lc4Z7Vszjr_IhTZ<)zJKTWL*Mi7h<9nn=SZv#s5|fCzKWCkp9pX+ z3>YT39yx?iFc6A`OTm~BT_)aBREEtN1|yPjrL@|T1p)FAd1q9N?@Ft1h)_$QI3kv9 zLZSjAR7bD1!Kk!}!Vp1Y$2Q&ef5=q_B>Rd=Gr>n>!JvLm!&nz{u?XWR^+X-=+tZ(q z6EMpWakT*xYc~XKrZIn_z$Z$~S%{Aip+m@~&vDvku0o=ZC=SN{kL2(9Z zwtdemLTw<*5AKgLRRMCLL@blok)u)ykT8ajjH5deB&9Np6@>eQbO_N@$Q@;DK|E6# zu`|4M+#~YOzYZZQ2w9N${8T9<@`uUiue~R_#0b(tLZq^R&9Dtdf|K!mBV~1xdi%uQ zR}#YGFtqDEA~whtl!e9GFBY@Ek(%9j(s`XRA}V-lqPjR3W-vM^tOiQOGT>PO*9oTG z?Xp@YW_onK`JVog0T{eyFA-`Di>tva1ihhK^XP{xXc9e9Uj@6A(q}+tXE&u_y{8G7 zmLaTbS=%w1qf$bZO+6jJOo$LO*OZqdTspa8N7u{l^A%vt){Yrp)SYhS9+rprCOqL5 zdmCh$K@~HNYK6hC$ZbNy4h=SKY7aPzB+%?6i?fYU&z>5px1wwWNq6}uU%$CM?bL5& zPbc+TCC9V6%__)NQd}rn<#NjHS9Us0&n=09kdy(r?b1dlYs_iMYajBDNX`6jmnzpt z1W)9D-Cox(3R~Pvq^1dZw`(&Ne9jhMKsI;6 zIM%~ca`o9rH)X_X2)TspS4u;Fyjc4drDpt>>6yIVHSme}@AvPAh4|mSAGGoRCUTSb zpRuNy=)Yy@VMP5m#djLVY9bq)aKl4!4p>vM=lz^<4UIu zHs?!C|F2Mr+OGmm`Tt?JSM>k3sP+Fhkem4blr_z`{|o;_dJFMnnk+|EILQ|4M~Wub zxtL8C(r$N~!Bk4M|DS$(`1s|M8wD5laq9h--!H!Z8uWYZ`>&hGPe&d*J&#8SJuRX(7T4|+~R?6hR00030|F#f0f&eZ60GPpVxBvhE diff --git a/released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.300.tgz b/released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.300.tgz deleted file mode 100644 index 265511fe04e3616086d492b30a7ad77059f34ac5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1448 zcmV;Z1y}kXiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI>{liD^Azh^#$CVj>+|2w>0NZLu;TyD5)`n=eCpq?#hq%{rG z>38qQHeig6&tOPy!oD!lO24(G-|k9_H3)Bky6th(o}us-A?W9}r~S8+1!!_s5C%6V zitD=Wu-}h=UDwV3x`S@_rqdgZ2Ay7SFdE&songlv-Z1x6!!MD@5a=8CWLx={dnE!w zNCM(gm~o3S4+sJ|cRU~p(Bbl}hnn~kM}N#xt`rViaNkEUW^YJG_@;1(fDnxW568^1 zO)AttQn$^@5Qc?QGzJI;+ji>4{ytY*p!gTmhD$MK%TCKj<7uuaZhsVpAP5Yj1+vNX zyw?S93<)}|XD<9Pn?#0WI7K5P z?csZT;)2I+5F&vO1U85yPLyGdaXfCeZrw5pJv$J5Kb{T2z2<^YPh=2UCL}3Ve<&Y!@ zGKi0xb`1~(#$+(=*UcIbPr$Q}@yohd1HwFWm4SFzH)}xr16pJt{#rL{KnO{f;PjHN!bC28ENf=ENK>o6_Gj3?EW(zYX->D2L3ykt?v?BD-dj4dJH zew>pMrBo~O&*=G(R>10f4n|O(@F=Cw5AJdS zVr4=1cAyq;*~41N?&Q9<0{GxlThT};?1E2ZB&Y~KnQlYdJl?`xvCDZIpr+}uk9X+Z zt$;=UEG9Bk0aBrj?PJcQ3^3(n36Kp#kv7R;H}5fv6NUwJ zJ4{6zw;weK6Jy#KUCg0M##gvxV(Cxi1K~NXglG)R&jzm%%sP%YkG{{>CedT{S+Ea; zj~9>}w1(A=#^*)_uxc#Zpw?2Cr-8D#cz{c% zYHS8o&J5}$`oE$;ojG{rrxvCE^mN=9^=x{pe*oDzo7bOi6YUYFo@c(d0oAkOds+Qy z_5xFPRtZH5x^rF2ObKe!N-wj?6(UwJmhdLC$%dr1At33w1lc=#ihQr-lKZLq?$m#FG?gWQkc;1=8ES!qCS8mS z=BF}sH86ZV2wbMF1oq-xc(-2Fz8mN-D@V>$m$pvrT@v8YDc zVQyr3R8em|NM&qo0PI>pliIivo-@Bfm3PLmfq_@tCM54wb~lqLW;T0nkbEl?I?TyN-(`Zvry*YGhC8v=dfo^7l6azBWG zl!}0al4jgti~~WS<_-s<03D&;a?~WA1^Q!_aiw(FLij$)F?&Ng#y6!yB!p-p;5cTM zZ7MhVNRhZfhy*?m*dUTRQI0jn;lga)x?>{bb|CnEG8=*iEhM3ys2~p0NYrJ& zJbu1^09uThV+bfVP5_3cv3%qpAGCTF0p3H19mdu+C#lWcfJB*ktsyPsyaL+9VF-HV zkRk|jh)glGuD{QLb@raA~2A$JU4pdSb5Th2_Bd=_(uYb77E{ye#g z-39QuR&kW%wj9;d$qAzw%Y0}{(xf*EVhzEr!*m!kTt!<-+m3jqGsnyD(nT4wzyIkl zwuC_VNlr?YDnfbp@bOFEK640ZCu5PeiI>D0Bf-i1aV=$Il5x9^x2t4K#z9~=bIj}^ zpr9-)RvvV32O0raJ*<`dPVQ@KfDb;k6^(?_F8D;nlFIPY={B^@lP%m8yPS6cYMP$< zc!%EI3Rv{da-za0Kq|Gdeax9s0cM=60J32y)+ghndNunKIhE3*L}j?rXakRsd%Qpy zhsC}w+eF`d=O&(RK4#{IM>x5S_ zPB1H;8rwltGlP1G{{K;;&K>tAe5>-G#1Yt^~DdWtZ9X3Xv!nOL>#qWJ5~Z5Rmp<^8Vkj{81G-M1^Wt?Xa^9C8hi$t!>AiUo+WQs4AXp z+4g-_Q3~{J>ArSg^bo-4`57nwS5is7S-;))nQe;8)l$*^MMO_%=-BFD zO~v6rz2St)&JP`sFDwn?zs5*4{wk<0{ttWoV*DR^?lt~jLM{^jQ`WQ-{#*YC`11K= znk+|EI>{F6XUZn8Q=d&2(r))pf6A|x>i9qXaQFVx2PgE;wo&)}r#I*ozW=-(c*AS_ zzl8kfz{ievY?|sAUw|e?3m_);KBtTg`fRqU`lRw(zu{G`a+RxGrA+<}00960c?+MK H05Sjo*oWH7 diff --git a/released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.301-rc01.tgz b/released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.301-rc01.tgz deleted file mode 100755 index bc535a232b378324c67c73691a59267e66e758e3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1452 zcmV;d1ylMTiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI>(bK*7-&NIJ4bA85V6GA$?<+y9-+FmY0((CggZ$OPLd89Qx zrqlo4k!`>j8)GosWsaT9WTch8wWV)&rNtT~pP}w@VY(BPd=`R!>2mGA9nC`eIy&)aro6;c?LNpO@95Tx` z6`=-Fx@#7OFf5&-F+ecbwNqF2x4GJZNPIzUgpxxx_c}fru0=#i`=c}jL0}lokd4Og z4SQC)9Lwp{8KOmmLk3Y42%fB3XTG%SIj(cdfY7|i`7Rh@KL;}AOO4~Bd%g@HT;M|)af!BEv(jT%>Y)FM; zG%D5{-{Z58B5{Kd349>1K_qpe9BYijg;~3G$3)2OK=A!!HUtk^NJ2eQK^&%$sLOtP z{CxiaG#fI<5KwHK01S;|`N%;&X!R@tyoV4wj4f@BQk%H}i8A$CLt4mb1+ag^k?9M#jw38NXyd}vM5q&Es;4Z)_vbQm*SMQcjij(DOo$II~2MH#Yx|LZU| zhd}sAPD+(3LV5S_@yoS+<`B|O#v*MKFNq~af|L2%5bI81|A`|c!4qw zi+x?TioW^IRXknGA#^Q$%*+k zme6fC6>Z#p(jZNOX=8LbhiVyLZN9dNo~TcP zy(4_=L2}R<78@F0m?(fnYuN_1R=PS3RK>*|Tskg4*?m3%EUo;wBqZ0pZsi`9pY7WT zX2nxuJE&@6P|wl-6(#E2!K*m6Ed6Jvrz>RLQqZp zr#HB{Db#Q}dJE~#I<1%~bDEZrOB}fkrcmBh~n;pt|@!=v^1%|IKax693O3XNmtQYuX9_t^Wdi{(Le{ zmZK`2WQ+A9Ws}p?XVZnW+x^3z@~fpf{*OQ0z5n#V3H_sO)P4Wy^?QZyKX3YO?-Kvd zAwTW-*zt~yQyt?o(8Op4#KhL;l(9jdO%_$3RDSC>yvRi^a*>Oa$^QWW0RR7+763~C GG5`R!+RQ`% diff --git a/released/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.400.tgz b/released/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.400.tgz deleted file mode 100644 index f8f68a0229ac0b6fb5d52b206ec237cf5e751c4f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 7297 zcmV-{9Dd^;iwFRQFx_7O1MNL)bK6Fe`x(Dtj>_KIJ_CG+q#V{MwT`Ua)m`kUBqynq zD`i38ki-fE5CD{{wS9GeT*E3?k#+oIC4{0rVL5 z`-Su0?ZLzJ{CA<=pGapjD3+H$`23r$>qTZ{du}+=2(iq_biAnn|BW1K*k0QUN5rw+ z#fRLt77ZeMV$<=6h?SIEZET0WW8UkoIj19XD%Kh~J14*JwU*loYlpsRK@K5&yLYG`r4R= zR$%)Pd-e&2dqsW6yC>0%lAIn%9YKPt;uqf-b84|aWtc!2f$kDF65TfBPk#;}Ovgi0L@q9UV&seRh6gkAo2Q z>#Z5s=CuPGyr2ppj(JUiQM}~uV>W|K-V#+(?C_FCva?j>le1SBA+RIg41f)e$@M)k z2{4Gc2|YyjKEM!0f$dJ==QQvZ{)n7-?!=xh0w%{EnxbD-~88Iuks96I-JJo7=9q#G>4Z$PgP-kG?e2C819(dvXuvO&AexA|#KLNr3D%g`VM0Ab~2OKq85zIO>&XklI2_;$0DxVRH(P z4FWW!2{N|h5YKh)`Dh6?97_sXF@Ow9^8fzle;!r1^4DTUh@#7>5O%XNs)D0VZ-wpelZoxnPah+*gxJPBxkQqVL(6d{z0usGwd-n+q@n;`WpFR+5X>z?uVs(|M$8_y~E7@?;dsr z`~AO*lCS?Az~*4u-z%=hr8PoSUbspK>e`rjH0Pj{p>}Y!+}o8@O76WyK>llS4evoE z3Z-UdkhAFDLSP%eFYF+rWG?wY4F=np3$x)k$ed6^VW0wtz`ytl_EZ83%!R2#+$qew zmgK5r*w>(U^WZ@lYLQbVY9u(~Lt-O<5Tq$7*fJ zHA0%Rhy?wC>th8Qv{^ba7fvKW0V00_*&{k4CFK*W!q{(AR&g5z2j_4%X#}Y0m4)?Q zU2R)srNJ3$SNT4`s|?|qJNPy@Yget-RaLEQBScLcXu)2BHENmPFWj+1Gd+DGXA^=I z^||SSW)#4tj_8zcBs5~jc8L3A{G9O&*t=kdQD;IzP(T1-%QP(58aApPAszM!H@tR> z8vJ<8p*N_@puJ+fpRykeJ(7bS7}V;UaON$XF&fII0}^3;FZml<%@Jb_$ippRgjb># z1&b`T*F;X79dYDRu!}b+aKOrMIB4Utp?M1_NZ#lTaLrU-4VL5r=>1c4ec%Kp!xG_MNaPMfO>li3JsBvup!X7N8D3~Nn2y1Pl;E-# zbc()-`>PnQ^92aYv1i>NPII(FxXUNESwr$xQGewrV}KeyfPU^dwiTn3?p?aQIL#!I z*oye9+1eNsLkXyzP2PCXc|b$Z-CB7Nrdy=(x?~F?%xPAN7hgvkM@Jcay(vS5EwsVV zY&2!8ElJw0jYck%fLiexc`Faz90VhCT2iwdL1;^)I>g)sn=Oc-!DEh+P>NOwv>Y$c z9|PM8RVkL!wGeBfGNJC+_kcxi7=?T&$<@Sk!qw!O#10)UMI9uwCeib~F~Jt=0bUPE za`mF$KP-Z+uvrQ@VCWQt$|5}dkVQ0}y7RaaXp>mWAb(}%3VFwWgV~~s9(B;D^rYA1 zbmAJQWZZxa%Dh|5R%-`z0veiY(YAzV7R{Z5s!pHc4&arTK)lP$!A7RtTtqWK{KI|D z@{TEkm57hEP?Oxv8s9K>%gZ}i)CzjLTGzO!J1;s{l@&A1@{wEC26B)Mpmez4Q!_% zezzTCV07|uC~umNAgpvAd}uiK+>XG^@fTNeupCTfeFF6eYqD_!yPeK_Yv|4CTQDFZ+2U`fR#04$Q5%)rT>fV^2Jgp*V=U@98wwKV!M2?6w0-DW(kK> zM!486Uo3@kL$kNUA(aubv$sPG*W;NY{L2uc;XKdQUpDeZt6dmG>lpbGIbk1HASe7z zJH!oVbkSTSAp1^p$j3iWJ7ufysBr*ek5^}KBfD<-^(4j^I zgG<>s=cy6N!|s*y(4ppI)QHbuL3Q;bG+_MX?TF-rYT$H=P)}lBdkaoT z;pb)dV9+;A$A-q9;nXG0;t^3#6T~ZV1TZ4+euF28FFd{>o_Eiipi?=%Jbxh82I>OY zGcD~PR?H}x^RYJfega6)@q1w>zGtfTRoosU+bQaCVAcl|gSZnriiNb|bin%MY60GojB;!Avh29Lz|e7S!9 zfp&y>3&^vHd7>dr5YS9c31qY9 zKd}w}T6Ia`1A!ldGiNiUh^P{9iFhjE(nMP#SW;E&8myWSLQdpv`rtzRQq)Kjp8WRT(E%Vho_j9t=cXEA z<^A7YH>3Xzzz*2!f4e9jKkB&Ske@s;e&z~)CZg);@|&#CdP?-qpHum8#8Ls-ZCGAF zJ$@4yINFWvjxqTITTrigEtIY%syZW?M*?=<$B&@MfF1`sxV6mQ3|_584Dt!;jnP}t zCjbQFQfQj99z;ADQ;R--){`d!P-qNd%0Uag_3tgxdf(!G@MJbnUG9Ng7$zY1uqHwQ zy$hU0bCJ0ShrHl-PZ${79RP!%pM1pa*J1-UOfE%o?+a>;8IZ$JhAKROy_@Ba-z#n|)zT@;mP z1Jei-7X2!o^Avl|B#dLGCFV;rWCAh6bo`lVq*Y_kn7{}CRn4B$wp7%jm%9Q8?&uU;gsE*e$sjHjgF_vmK)(47i^hauFzrXywi z$nq~S^fOW)N}aSAY#Y>J+jL%0$GpF!K$tObhJlI~4Qy{5zfx9>W8c!9f`V>C*kW&I zK&F}Jj8o7oL3-Fx*a+8~*Wv;j*)92dLmn6kw)rx?S(9nkWRH~Y2zHYf6bNNcv=av} zFUuTGP909|55#Kd8tuz`{gL>VVZ&FH3%LI6E-T;}7NvH|okiJ+PSwa$>6g}T%E?{; zr&1>k>aYk>rA0oVYK0iiVF{dh2MsI9cD`NXom#d}`C+ZPo`ev84OAJCeotKq>dCIc zfC`cZAUrAizn=f+&5v(SFOBF!w33gZD*sz=DgWnTf1m$tH|4E|(GVCb$b$EB^7zcm zkRXjB3{C*6f26_cLx+GBIckX8agi5D=QumTTy$jSUsO*xvB7>VD202Z{8u zJ`d{+IAXQgllBO&;QnQ~@>?R!-r0Fet2R@0UC(~juCiYpep`n*dJ!ke|v*{{LfCx#?HaA0YLn+G}Q9~ z`=30L`{o5ZK2(oD(>JP-C2?^h_|XL{xJM##*b$$OJ4g!_4*v=kVE#A!f{hR+NG$*r zjrN3GS|%J;Cy{qUU7nyHMGYt=*WwLN%A4PDb{dxZ4HwrK5N%rUBrNSeqa^I7I$yg$ z?rHX2(c61Tee+WX*}`o7XmU zWJ8me=VxMzhQ{B`khIiGG{|CZyDbnIx% zBO&KRXPcWhCu)ve0Zdx@(DwlIa^Ya@&4x9KdN;ybYt#K1!mKkK&oUk8or`(A;lwDzaer{=e+`|Iy*${`_wzC3XKJca~$8!MQ!((?7=_=@eIE(;pK`_IgwMlI_f;s|i^~ zW4q|7(k)ZRZ$T9A!1fwSUn&$x<_36cL+6n>_eaEqrmJ$1y937QI6tfFchwwPq4C{n;=jr65JO$mjPaY<{$IoIKxBF>G+Dhhg0<-kq^$i-O+ z_^16=1FK5w79Kq2N>x3p_@LDiCvS2e#c!B2BuNg5_{GV^>C3mL;>S=!|gk3(~-sj@xveC)c^+yC!p)B!dY z8j-(+_^)9ntN-;6`}_UBlk)Ln`x&{l=Ogx&am?a~5h2HOBnvEz5qZ{Tnn3%RcKX2= zUvuOi(G;J46yE|D^>j28ZMQ7)L{BQJH>Nf%=JmZp;YjVG3)m|@Mf zWNxN9w3IT4xkH-8MFB^&BXJWirize?_+CUMr(R2^rJ^Q2di4#Q{i1nWmCvaQ}+GAoaNkZHEWsL6|K^x{($_yas1actY*yW z)4&F(lK;IW{eL((+Q)zGq--UQ=X<_J9*5zei^Z>FK$M1CKpc=sS3n8jGua)?G+q_AWI>F>xNpa1@g0qTt!fec+OamCcsif zj_v?TGD^JTw!2z)~&$)489U%6=?W@gJRGR{jsW!+re!PKql3rGrys zWzLBHoE+e}VqcLtnGS0Tnrw3E73ECvhZX8F*iMGQ=20Mzxk|K!>9kYExr}u~sgjkg zc}PF>qTQE`m1_Q<F9^lFvhd?o-RHel4Mh@9Z4F5VgZ)a< z2*2z6W?&M_cirF8YGzrMNf@{m&7=m7{QG$-r5pe9lX47LB2lYkibC#d>#N9F@O3Ph zFHJ_|L6=qji=cZ^3|%$>c=Kf^7~7Y=>J%51_|PcZiTlO4^Tk-q0@q)R8|Hyx?QC%| zu71$8(UqD04A3qX>B>B5CGfht*r?rIZPZoSa)sXc#czoM9=W9JPewML4f36rWwwSh3UOQc^qZyHQN_-5f`ppn@v zP#~$#gd#VBx~*@SM2|4 z{?9WWt$Oy4rGozthJ&N*{qO$aKK^?rMdklIQCH^dUrGI274F5WuCVFW*;5VTw^UT} z7)&Ghv!Pk5vFZlly@k-@#eD&~a+50Mj!~KV`an03)43Vq*2PNglzewgy7;k5vIsGv z-BQx?X(aViej>xZ%_Qo{1@e*6sAF`88zz#>{`ioTk}zz6T-^9$BPExsBk`=?TP0r<;0ayZ2O$L1{ZxpdE9xJ0-ktV#4N6nK~r%dh~F^2>DA!0;)!fsz{dp~?1WN~8P#D>{Ly?*Dg>vfqCl^!ML?+f6CD|6hFXzm_W~ z)z#N`!943ZT0+0-PIUp!U*lc!x(NSKFOSzHO+mVdFN87=k*ngNdEdS?(Erys0IHDx zhrK~I|6hO5-{1e-Ny*Xw^Y#8pg+F}&ESsgpg8Gf~Vx^##yss70l^c*FepJQWuoxXR zKydjh-AraGU+QM@giUE9K2{4Q;wtgRzP zzeobg>SLkUodNkia0PZVKrY4kEk_SmgZZKW%zWjk@#N=hp$*S{qsZ4Ua-m3ozwm`p b0OlV#Mbp0Q%f9T(R?7baqY+Qc0P+9;WL<0Q diff --git a/released/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.500.tgz b/released/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.500.tgz deleted file mode 100644 index 10f17ee426dc628aae386372e85cdc15b7795fb2..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 7578 zcmV;L9cAJliwFRQFx_7O1MNL)bKA&~`HWvNMqNJi2>k`ZYZb*IbV0)Ya)H zpSnxa)~%I(M@MtVxoQ5cqS9)$PI^7Ue)s$AcdOIozeOSKm}n@%(O5qJc@zmei*%>UWkbbaIAT-dvf0rcp1 zyQ%Zv?!d$7{I{Xr??|f}6tl~3eE!Yl((z5-a+cmeBV=s)rtQoO`0d-&u$-pj4TxpTxwI(qhhp-6`t67ZRulYv2vDl>1Ve#SJuze^?-H*a@&TFtMFsXXd69k zLcOtTt$g&$u59O?_;X4UdL+I>7M5?#OrMgQR~|Y0`CRV+JJetGdR=YqAU<>7 zUwMOOb7uMT^~eBNn*zwDLLLd@4ZXi}+zCvsPR6$seukCcgRG_#kB--_<=<-y(^~rQ zKcIq*D15e&4r}{QVjLV3aFOJ_TUg6UOUtLW=d9f^WxbX|;#QKCQMJ|59(vb2osz}> ze_d0LafTgbKpy|^AD=M(-|Zd4^FHu@kOL+SrgZT z{d#M#5PA17{zP;eZXdr$&W>q2s^x{zU(Yg`RwA&l?Uu-WxBuyCuDR_ zOacsIVL}i7{R&|4eAime;N#47)~f+IbCy$Uwsx5ui$E*n6L5Fx8TjF?xin|M!srq! zOc+p8;BCO_eRoacK%TQ|tQ)f6O$o3^I^$y*n>%Y8Af|wr3v1~f>cYCQ`9Oj| zqD$8B?Piw&k|W0fF}4h`Y@8{`G~hW5clXg-kK`PFw59_xHEj>kP@Xf%o=O#9{4Vw1 z0r!Sl3ONK9&^_t`|JAXLsG!j2Cyz#YBU9H|5Zh$%)`O6X(jgAkYgy0%=@PsH@5 zuMYG3^>Sjo;%Djm2b#G4kYp@8mcx|6Bdu zLH^fKj!1&Ot-YUH9vP$gPwq_k3xpYpV%0qP5V1{uc_uabySqCB42=l|8vC-6a0 zCOm^^XEsbR$XIg%b_z%!5VMX8IGIc0t?1aA-h+MX`NWwD)k7*JfGsffwFiF!4OA5c zR1(n?haHLrkv+szo*_XcWb7Ro(~pc!?C0w3;|+TlK=NV{|gcZ zB%Ct*OX9dt(eY>mRbsl7iBTb7ff_R^;Iz0N#pJF^1|xYMA`%_Dl~RdeanEQ6q?u7L z64}ClAv>^A?m^Rd!CLD=B^nU6l;9tZEp!X9vc{^`R$P-Jrq4RV#WCh{3xlq~t~Mt) z9ZZQBkT;gc^sHf;qBSJ2To`SKiWb424g)DY#Nl`+k|IOYZy3y)_Gg%ig##3_mR!`s zsB-SC}7cEaPz)v041zm;>;j@&JB2jgiCuTfKHK&i~uJ1OKn3 z9Fa@Y$Eo*_-|@)?=0ahEuPvKxC{WOEVDoqe7>H~)d+XK8K~3F*1!9w#?TldK`eWcc zGhF;OY=c`+hfPrF!{@NCpo1lyu}wmr0V|(cpI|>T)&F0f8{|i1h|ZF=M3Be|cC2kJ zsi7Hfu0LJ_!=li|8Q6l*!Ov&cWMY9`Y0NCY$$oP1HDmNox5<9W2lH7If5?yC?Xnqm zGy?qAD>Aig>S-?w?`{P@N9GOu^cV2=e?!%u!DevQ9=UjP4g-Rs{|{gRngQCr+2r-$ z(c{?By+3R#-`@h{eIrx8SDarcZ5o``7qu+2fE~*it^1@X@P}e5R zqrCv74CUK!v$vsCO75MtOa5y;g6}CR7D6#YBl_RGK*h-Rfg23A3$61VY=D1B%lm@NVDeBZ~%H6n#8=v5a(@aD4bn2is%E-!e zC!0BJ7%^pKd>kmX9#?5-!Wt6fM`a2sSZ<*E2~adm`vRgzbVM@B7g&UWGbXFzJ_-)b z;V#n%P}6e@>pj2PzRFgEGt`F3F5qE|aOM5G70%kQ(HQ2{iZ?>k5;jq$uAIcquTEbyL2DS_@G#gCY;6h4p z*(*9j*TnrW!0U1i!gAt_ZxE*injzwdA*oqO^5#*0>nUS^8Y=+((y^^^fKIe`>22XO zlSpDKvSQ74#vmO^K<#4s&hal@>VfLkNP;lhB8nIHn0N`zGV$W;sB(0a!FQW7RM0M5;r~TTpF51PvZ?7Dm!EGN9#n zf&S=PV^5W030(`ZCMpxUoU9yRkrktm3?&(|GucGQvf8QGp}!@qgK*X)dMjr_u*GhG z7lV=vUv<03X|Sa>iy#LKoq|wVd*`3xhz3)48B_vo5^EXc&&*sQANXf5TXfN*4jPpn z_8J~ejDSkU4Va+Jxy5X?rc0-wp)JR>DdCy>3;QUq)91JYcqJwf?_zUM$+Vkme-4O$ zx=&c%0cEffo;`oMM@_PxHC{1xo69>~)Cziat!rG=tyisKZpB!$WaKurfkfo$lK#bEidgvs^prl~_64AR;XAha2duvwcJlx;x1?b87D>Qo*V~FT= zww}GEGojbireolIX&rna@1PbBi1V1vf`Z-j&_Biw682dD#?N2VAWLn8s3B`L!kGWW zKE9AEs6}31UexSg;)4Uo;`VwxcGk;Hue|79#VuOfApg1cd>&$GO-ZWNPfmGQ|2DWa#KCK0D-3$g9!;3??Y^n-v?9yh>G` znYf!{7gjW~gGWjdjIyMk%*D#4FMk8U8Q+l?FWy_L7cU0n@6MW03N=VIg7$;bD0FWY zx=q;}+0LlBF!4l|Q>UqP_WWB6Vmp+rOZNRA*l~F5yyG39^7nr_t>ez&{!bkxYyK6s zu+tbh@!!Y2em5Tf-Dw}|VfiJ( z(3}Cg?|8J=h$A+HP@;nypo9eZ1R8ja_NZJuSAkG2mREwuj+GyyK!6U5sw^I&gSUZ$ zZ<8s5<=3?`a= zmp<9@>*$1INt*Q78I`ChXT4{%#3kq;RS2)Zop$mQ5gwiaL62GRaJ*U%2s)X9@wu;P zvsov(87#PL$28WsqSG)3%S~X;vMe{w*lU8O?&`BO*fdQvhhdl5{I*yVT5GC%d_X>b zWj%iX`bl%-0M5-i4C^B*I z&@x{w#q@tc?uE0&{ajWf%)9^H>a=6}U+<)Q$p2MK`TSYO9f$nnnej7M_+ue;&o{q` z3$5ow|N1qO4@)c+kln`EajC;^f&)jpv6d6e+rbvpTV4yLtBI=4K&DB7o%i`OC^DeO z!47V0vNwZQYY>BcfqD~kS9J*h!MGH9HCPWKppdCWU%%?%69FhR1~Fx$i>C4K4bu47 z;C=99R#08;fkYUlAos8)LIJ%CoJDhyxeSNA;&+c27~CHOgP@~~s}o$M5iD0{_a+BK zMx#j)%UBGPJ4~GuB7}2kykq$TC!45lu2%WrhoEb?3;+=L^Pv~yq10N6@&E9W-!|TW z9R7cD(vRo==(Stz1OKn1s5~2(h8MEvH^H1o*mEplBr`2BU!oxs2pXonnwv&cH3p3d zi~vy8tOadKMeQ5r^(A>cj%$rgj;R!;@*(f8a+Xelno^e!Cz16RpU7P&lNoATPv|Q- zq18+(A(Hm2KPOCS$)9Ye_iPv>&qJv7?UV-WGGYu9JbzQBL??Jy2h%}yypKzlx;dGE z>EfNX4EEnZSySqL0hOTG$$AAA2sIa{s6~MB+U}gN4%$f_L}Rm|t7fDx+nM=}=TE5X zo(66;`Q`0tyA?d(euOAhxM}oJES-<8FpfAyGJ%Ol;(q;_4SaCxMI{D%c&WHF8U^|Y zT_Dg^Bj}4I!cZqGSZdrTEHF2c14+MJRPkejxQ_3P9eY6DpIrve6$2ls>--%ga|Rkg z^>EL%TPhsrP6fa{59*KTKpEd3udXrn*H<4(oirV63)ErDwBJzMyuYSEmve^ zinS}VM>2N=yUGm;gt8}^p@Wx~O%5lg4kz+d8A|c6sNf0qEo&toRKyuzYMw52!2GT@ z=6nO3m>`L6_LRDtzOESb@){Cy|I>23J2pDSP@=5fO9+-!a>O2$;FBp+9%qx>7njQ= ziwSyAg^Eb~=TWlN$LkX)dh6Kh1$~SD&j?}p0P(D?yezQxCHF7*i&gXHm8VDP$z6TR z8EdJ+h0*~NG%3eu{Bed5+PBErSOWWE^ScV9+5nB6FDP0#%i*spM-q<9_3!1T0v=;g zYNy;;6rbowjU<(RWBo>)>?v?6b)um5(;!t^Bm=5e2;l5zz?pQ=u$64*+cns!S^Jb9 z)~f4C2=TW-l>zB?)Rmx~>?#Z>C2Iu26S4n``G4O1`2PIb@IU!m`55x@|8-8{`Tvf) zhx~u_l=lusLtwBdi{4B~Be{%QsVXU5~%k z=m{=~z}gk_R@D+wt+~`SqD0G-UL%`k<$e~);VAgGQi{oc5l-uZ^|XZ!kQe{c@Al*8 zzn$J8{->5w**RD|0Epj~hkA}{{gX#>-@IbShw2e%^h!OlBra|QKe~bi_e4YvJL1!E z2Wjrw=5N6R%>RP#b`rt_sRf{-(H@dZi-p7L#CLA!lD}dAMGYt=Bk>JS%ADMBd>S_U z_0}T{h&IRY#LMhIrX(DuI$66w?*;(J)^&pXP6K#>H9W(Kcgw%x3N7t`%&56CM242zP2qkBVd8mpw!AisogJv z6N9G;#8@Ozryk7OMKI$4ZHJodNXR+SS#|Sf`{l7qfk}%V`W|6ocJ_8H#@hWLPZ6Ld zW4Vg0a(+xAgm}2kpNJ5T9?X<+4@{OGd(I_!xnYg8-VN_|Ty=kjFzXE48Jjlr&c!_5 zaAK6_Q+vT4vIkoc(vt1VpH!iud5{eU*>I2z-?D5F4CHBug@ButkqCHY{F>buXLmjo z!%ov4_z<(0{f94&^pKV!_>dd0?vJmw}}3z~&B0UnCSr<_36gLFc}?SPjS$ znr_QQ!gt&T;dha@p~{QJ%xyHbE#Q2dzyU!c0gHK54Z;?~tQ2Vqn5+@K6sReoP%%v@mNJcFRC2ai2%7ED*=DC<91->Y2Ctu$6TqZXB8hb8sg+l?xWxvCJjlL zLn8R%?CSjW`*ZQ(r^`3;LoDrq9=sNKkNdw={D;Y-;3~fV-RgE)8~48t`G4vuS%>{1 z=<#W2ZUt4ghn|nROR@d`aZYVuW1iu!_7MNoZ^iY$?s509|7$6qKQ~{HTWc|3Z$ig3 zo){5wxR?jV<0cMC%>)%oT-JW z!d5GWgrWV7^4?i}AICt1JTjtV6SHo54uGX(iD9TiANIr}rb~Hd9sb%{_Hy@UqkBe{ zH}9^oE*jHl20kxFp^#@u#D32P9Gn&>mu!hzA{FhUv9q$q%C(mMlr;X}>3=|G9jU|{ z7NR}64>tR3l<7iD-^NsuzwpFz6f>+@W0{+&2rZ=yV(yS~aZ$h#EnnQk3#cNbB7QHT zk|SSBr=_Ab^Tqf#5P;5I_!dm|{$$J~Cufu;C}L@x*yRUyiNkwIG^_(CICtW?dU*ks z+nwXyV5&IiS?0v^V9QR{wp@;mN7XJjS76#@3nage>468N!Bf|w)#Z4o>$0qn1JM>A z(CHM6F?jOMxfbK&W3Kn&HI&9VZoEc(audM_@1|g_=)H3X^bS@vy{FW>lFFu#nQll7$dmt_4gJ60J2}LE)l&8n$MZd3BTvI{ z(8c1{F(69AEg%laq$?nUaGE?sQ-ho&7_2`Lbj2J!iN@Dnt(_{fVC*d_>}jp0Fb+^~ z(khqK_A!YMzYY&E=MPb`<-g}A$^MV{MF|BUPyTl|?Ee#JaghIY6mJdI>wvt+(_X<* z2(lC+xUQ!KS|C4*NK^zhpXZDPX#y-&qpHmo!U=WDMFOF>Ai8r>_s%et$8Mj281811nJFE zS7q@D%^(D(yI>kp79m7VjC48#Ni#CYAnFvQLZ@;nWNymGNS%r{&OBF#@5hqO|J%p?e*FGd zuXA#8;Qw_LmH&qspJS{)mi{}-+6(*O+GJ|ZMa%)oe2>Zb7A<@)4|<*CQJZoBA--lK zZx9N2W$MeT+Alke0*WM_+8UA!2KyAI5&qEn#lR$%AKJe})y%9clQ3{0nn?{D`S;66 zN;m%IC*>G0L!#!%7AXzO5_o62;TSR9JZrq|24Oim;E(7);uDEyZu}#EX$>!#X(r>T zI*LN4Oj;bOpznn9))3;2V^>~M4qtiMJc2C_u)6G0z)d-vExW|oN)^tO$F|r5ZldNZ z6w#US=|Zj;OjzP{WlUDmRK?RdYDsj*Q6=RMoAWoaIaPq$1p$sM&u@vJB!922`yw1i zFqnYh@Ru7tBuk0DJPedZ_B5Ww8w@zWRQZa%EN?<@b@BY$*zyea=qPLk6+~*`C6dhH zWEJ8iWn`LsTO(U)+uQy-udg&`!MCws9-E9vf-bK7r$P5B9lCe|@bb$}Ft*3O>J%51 zc+n`^iHF5l`(jLIfx9opig}<|J9}J=+aEMlx-z4$0jgt>Zq1Xn0BcMXDAiv8}9l)J$SOwn%yI zvz;wct^Ys&{3kIhK&hjkyz~E)Zv6evC%r@dhkA;7{_|SSG`UiyI(ih8o(UxDR4AqA z?W1`LrK%_niIQ=G31Ez22r?mntjVkQa6Q|5&v8hv|OOogwB+Ura zl>B)~j5SG^n0!)f$f;DaCQfqB{?F(CJmb-}Xa87o_fgL@FJ5(vO}ERQDiOb>qLRd5O2How&DxGtmk94og&r^N3(%FDR1tTK%G7rU zx`dog%n-LLR%)l@yHnD}msOIrhY{^#B|V=;A|K@|GOXKJqMk$`pBRl=M!R1zk!1GA zhoqE*VGrbLS4^%TrQ}1>D*&QWg8fG|^h!@sSue@b;n*kVTA40b0)9aTeJgJiu`Zq} zquP=typJc%leVW!`{5{4p8MF;_s*AN_kQJme8|3~Eh+r#~z zR;M4g|N8CY!~LIHO49uwac?F0{*RgiGRx%`>#T&~lX3$kGVnu_?a7o<_y4za0_ENR zZ=b~9|Jv&w-v3rlNxT1_e(%4KD=5;{w|Buj?m5~(KkrU;3eMl+UGky`|5h)L7bQ(f zx`;F*htmM-33%d`mZznaZ2GSv+A`+6cK&A!(B1@g60?5VQgW zLrEA5JPTfqkiNoH`N{9nrpnqPV)RiGP*$G^#qI*g_lYa8)d0B>=eHR>oDb%!6fl#O wr_z(3u!Sm~`%;mwk8+_%fFJonNdfb>oTBMa4&_h|WiRFb0sVBUxB&J50R6q=M*si- diff --git a/released/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.600.tgz b/released/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.600.tgz deleted file mode 100644 index 2fc874df1baebb7bdba4e28c01293285f00f63c0..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 7576 zcmV;J9cSVniwFRQFx_7O1MNL)bKA&~`HWvNMk`ZYZb*IbV0)Ya)H zpSnxa)~%I(M@MtVxoQ5cqS9)$PI^7Ue)s$AcdOIozeOSKxd`ESDBFC+5OStOwPm(~N!u9>MQ#q_`RLe>OK=-?%py_HJVUJ^I~l z>ioAm@DS&}$13(<{@W+L*6&EG8Wgk3Z+!mE<T&yN?aY_EhS5smutnIDLF*M;1gLMeY(7X41 zx=3v2cmrZv%k`(kZ(V9r)1v~Gj1`{PdTr@rXR&gYbm?ceHdofq)b)UN19IDjkE`%w z%V-;YZ9=`VYps0t>Zd?3v6&gM)$-d zz#tYT^x)sG00z%@t>p|p&Rl1`8jv$*IkjeMm&vgRv_g6Tcc-3#AKscva|SGoF0sOd z0W}5Q2CUw9*E9~~IjhFHAq(D=0DGh}K9)hw)Nj1Gv$g?Z3W&L|mhPc0tQ(sTBnTwB zWDVbLb{QZ!avTt2%Mi=PnSx9Mp2Ki=AHDTR&f!OEIv`Wi_7Dx_Ig{+EQ~}2CQvV%r zZ>Xh^LvR7zqb~4Y9ovWs3VnX^XrwnXb)5y_T^caO_*;^NezH8@16-N-18GSD@&A(C zfgoT#d1L}2nLHbt#@O{=65sal5Av_bk1EN}m{+x^zT{;Q*8%|C2W{p$Sno44o2VzR>+dGfz^avYcct$zC; z|LZ76BthTS-p?(MjM4ljcP9J=!VE>RYMy+E*e1U`lN$Zq-JJo3#)N_mfvg)ed-&Ll z)NVf4v;-58z@R3uXWIf101T0tK+-h2n_J^KuvmHvb{Xmi?yWVJ0%z@Eby&+2_@F2g zoSd!tT_QY1tbuNS;qyO%q8(wbZkxU!IboT;!K6=A(axq7MS|lgFk@=s)_2=9%3rbkf0K?pzzor??LDV$XK>boTYuw2Me*`SW*y%05L4d|NEc+1qlNZ zP8t3saa^eAcr=14F3jXS4&-%qSR% zY+=BV9at&%plQ5dt#zRi4G3FG@E?vXbPKVv#;VpH6*ZH7;T4&7Qvqm11UYk;dm#KB16<~7|fdXXPAnG0~E5BT-3wk zmq4yti{3FP|4Quz;Y<`)m>+B`<8c_VS^VFa1Mr~o0De1-k;DI6y>>6o|J%I-|F5MS zkxSFZsrQiI@yQ0}LSciiEt_p9P|$B+^LPdrh-^1|>($CZP2Gb9Vw0Kej9}yXW8ge9 zT>Lg{gIiFCO;G8>=diD!gC(7@O+ualE1z1QU_Ud}|6iUPvZD&|IW$5|5Hmz*8h%Rb1)hGhO2Q=jS!U=t`dT}Henv^ z1t?`G--esL4W&|Y@2p+&U+WQkPf@WDiWwTw|KzOA%2);}fapji zfjyPL0&`*N5I+=PLY@pWmi=&`X~W?V4EVYBdx9bm+O8Z>oF;*HoA)hMUiQf|q<7qM zBJI{I&}ON8Bq7WIAUaAjtER38E|k;*6rxX2r(RR;#zoxt1V@}^8mgyL2enZ~R;D}I z%wfZbDJ$dSK&kb(N<$OYkRU%QQ&7Qj1Km%6qG{R}5Iv$Jl2N|EA`F}{SrzwDaBvQH znMQz`o?BS&`PKGSwi=wFHcWN_4`YNY@87L()`pG7Ft1j;5u%pp5sdZpgGZH)tTqP88 zmYOowmV|A0Mk5hQKrKB)qLBn|0)oCd%cz-+Ahab?9b(>sY6~K0@Q|}GlBSUXEyoM= zN7ovAsuWA;T8K4Knb75Agg$&j7NCPJ3gPQ?!WEomKuvnJ77ITL~{b_2W^ zlw|m-+dWQ$Ewxz$Ibi4%gv#1G{}e|wn7YfL5@?fH%OHPd<_h`1KZDt#iyn2*sPwSc z@Ni-TR5EVB1ZB=GW~((_It2}FIi^hs&)i?wM|qt-#~r{cF@bm&n}bTG-CX-~K>X8v z!txF%gO%{?`O`gWlJ%_dim}^V-r=HF(5q`*@A%My{0xD1LsTY;0t*NwRk|B$8;7H?52nQF?Nu!&jK)h{+b3^Y9mAqS*sDo{3rJD zg|rh;}jZC33<(&OuK2 zood7lk=qfs*WDUOC7QB7PEuKf$|W+&?H9Q}Rq4?tAL-|97XPZS{$=_eU{ecBfLC>Zi1f24?0e;%gbUgg1L=K1;(%{a- z-5k5HqLCduQj%blCH-VBRyKY48wk$$j=XsB-deqQF(7|;){Ii9L8=k7ACyL+d$Z7O z%I3&+M$LtZC$gM6O{KHv-(nEkp=@2U@BhG#!(-H&#eTe_Ar5qh)+}KSH^cs*xg9Q+(w?xEU5VW;W*vm*#HF$;Pmk2|1 z2JF7$(Ox5t*bqXA4sL)F666zT;5FK#a`9XRLb+I82_8FEevASEIxMQPc!&<(1`fVW zzSs-XDMEdTIdayVkiyZ=u0i490G${bdxldNo)!#G90ebltu+kVTmrTR@%-j(gBtOkhQt?syKJ1vcd%x+mmd0T!)SE%q^(X!c$D zWXrFk6OJWm(qm^-qNbenp3xGQpo3H)yaIRH$xlRhcm@PLX2HYpYCRz6WD3UTzM{=$ zo#bY);IbXlSmTOL!yGI(fjP@^;5cKi37WdA&(>hmG|?P}U1sy!VohkRsqXOs`TUjj z`2FiM4QYaa#&XIao4x#rZTPpUPZA#p{1}`Gn<+v>m4F+>QwbL(+6KYGs$$n*J;iSo zYy-u*9uRzVbX1`uMBD6QAZ;TYX%~ltruaPAYK}p!cmcEsmT0VNJgO0?k{F@L#KA+$ ze6j_H5BlWymr|J6}Gf7WrwAwPL${LB^pSV-OT&2QpD z>p9WCevRbA5=#YSw=s5H>hPQ3z|n53?NbE`?qV)`JKrWNOjZuX^}I01AykOxft7Y5aSGG(I+X zA3T{ARF``o5r!$qJ*o1kat%(OD921smq6x$oh*<7Y8^$E8c%oJ_!U z@lIO?`!`V5lzLx4B`9{XUV#Nd&BZBd5n#NwJ14Azc2Wn?*lg&k8R^S*X1?S36Y9FB zfm=;}d3)M!1rN9%Axaf)8hsQ?=c6l(BTkV_VB(RuU%zGpAKZFTiNPLTDlUyifj&YP z2z1p5`eKPN)X55#8aE0H%#Gwg(k~ZP{MaC_<2z%=9+3BEm%($zz(?vje+S8&fkse0 z+;i=g3J1DV0dUWQ`Xf3}#`njoYmEK%)rV3iO$XZob=WfPH`F%ouPG2_0-T|z;zeD{ znFL=ctH!o&X|153+Yq+c`#F$l?%0zEG#ii}w-h$Q_2!+pKqb2+d2h%QW5G6G2Un|N z?aJ(t%pJk5a)Sb)?1^UR;N@kL!^x?`i9A(?Qamgwc!GV)TFD0$aR!*0r%N3$zpITo z-vB2jNTQoPrS7J$D+ay1hJ@Vzv>fk_jZQI?D697pf+dw4u}3BNWXhDs*(CSH<#Nel zf*w?%BGUeOlx+3!`UHyJI`(=&-=hCBLRdaPJZmd23#@&~{R{qL)x3G-=}~%eSKo5R zTB>lNbif2n$}t*$oFRnvEpj%Nz`of0t^%nxKx5|%iWbh&Ut7F{4G#rK)M}uC8#I63Ij^X8iDXc?Ehl^pLajLKfgBoPySXuhP?cLos)R}zvJ#9 z|6e`jy@SyZ7%a-7Hxm*$%}tLWjeHDF0IPqX!RkYYz}UCd7{}8zF9?}YACJsDqT8fl zu2!eTy%;Y=+OCbxnacUl#Crmz)cN0*p1qjVZ8xI%r|?Y9^ozAzwF%t4UuN?;!_gfKyB0jOxShvd>?;jlXKog2F3uNXj414_wAe8ZD6CwCm5hRuGx z^#}u^%`rUjGW(Ay35Tgp)-KSy2^wQC-AiXF@2LND^@E_P66d8*8iao!i1mF+;$r;Y z^1L-I9rr0q4*&1>@Ha#h44*@=3#J z*0F=FD7~BMUmRpvmjY3$aB#s!-89$cBS#ILL-?SvCj;@-)Okz|G1?1iUhS&2EgdJD-YS zr)dv-h*`}3!=3u`6FMj@ia@;wb|J70=_dgP6Iba!_+w(pBbMTT@ zaWyvjHmPv0m$fh1&fK_~5N9;j5xr5Rd2?dh50p45Cxo<931G0ps z+j5cc9k)UFUF2=3@?tS_8;xxXI3Fi)K+s6QVjfk4u*EPdMVbO8YeX*vYDy@Sj7!=f z&bbKh6mf1mR#DK4DhGBVKrYBiz+dgS9awo{qIBmpL$BxVZR7^ zd>WctL6z;H=cDdYZ2y0pQybWrXZWi<#DDc$as97*+&%37TFU3o%@^d>S`65m&@qiC zMueO$kSwq;2INJPX#&j`+WDuIc%3JIiK=+_r+AyWsHdZ$Xf3lMPxP>&dNYY}fgqq9 zKKux(m}>!p`GQvtmSfUCW`A0X>-BVMeIgA#>@2XS7^r9A+iCe2$P4btuWJBjYGJCd z)ruiuXn&);cUIrWF%Th-jOf_Jtec(#U@2K*80yf6J@JU?Ql43dzqXdW-2K_;o{{Cv zyKAhA#x$CN&x=tgi`PQop`QZUV!Cx z=eReRDh_& zIt614p1gCe#rXJ`>%DjlrE!iMuMwZzL@>g;DOf9d@7w{sgH=uMDfOrVt-F-K3L@wHcLr^+lCdy5KtTB|9H0~DOJ z$|bdZOya|@!$ZvZLzHa!@A*lx|08};LIKE=|J@Dy{{)^MuG@&$j>4Y6+zACIb%VZ0814)x?R}O&|6}!UNSl1CG@RTS6 z5%EGnCF5@Vg+t-{gfo)yDhS8=QS(cu_7hf$5M^$9Z=5lE5lwJwo{6FX;Rh>0db8A3 zS$sk>2!ZJ?n1+-^2$2&boen|Lj0`e}Iz_3_shkR#oANPIr=pGX&`kINOTPS%=6)_K z`?2K3f3*5>`QLB%4)OoB6jlC92dBu&925NsIlvRez9MsC9TpTc@#NB5%9->RD->n0 ztr&w%qCgUJm1qmosaD3hiFHY-5|^z>NI&$VJ(S8yKK~DMKX1ePv1IfA_Hn--zyHd7s2*(i& zCSW-H<%SQ*Qlc*p1ErBYjc4%&0}e1%zG5%So6uWbJpVSfJcB(t3Y$R%ky?0(By%`f zg?LFBnI_-X$d=mnw*SuSE6rK(Z7i6_CL@xdi!1+W(7j5BE}j6q{IU~_?Xj;q#YH7v zG|G13VKLUe7}Htc?u)Tv9w^q%9v9>G2Thf(%;;-?>R6;(^Q5i7YuB+++jVW!ZP{{; z-udXaL<$eDOqET7VY3tbF0(T0mTjnqP?4+H$_d&s_Bv3Js)b2xD=Qu~lh}_fQl9&4 zXNy$p|Ia`FNz4jR>L@7h{QsmIfB*AI?~wnYo}!-ryp}Ufu9T^c9tEXm0?9fRO6hs~ zXr4l;DvCp*WSn3E7-JZMOb8&WbJJFAEtezl(SrG)tma%JZ`{Jls*IgCl++p#iiS)o zC)EbR*vycA(Y$Fe1>U>09fL+@w?KiUX155kPn4OuV4mc}DRWtD>eT3xB)SJlGXgaw ze_j$}O%f(1pA;K%DwV8>lbo~v^Z7r|c(m==Kb9Q+-|P2I;`hJ1$A|duT8hg5d7`e^ z*}szdH!s|aSKVUM?Xssz#BZsnBr%v$@W(^5wqw;L!h2Jp$BX*{bmb;h#2uqD_1%Fk zA*T~F#O;ce+9~<&l(g|>m1ON^dNBN2j>o%6CClSaeMx&O|?pI7Cnf>u0 zDJ5ap1G(B2lPgFm`H=JqfT)yU|4|LS(vwuyOR{u0_Q|Jz{ zwxkK~<4NBsHAe!FwH|5Hmzy8k2Ytt8+7QFB0Mx%^_Cl`wo#ZlFX4erU2inNsTh|CUamy!-#{ zllc2zd)>qP-|8u8_y5!H{TFftMY{U-E||wXM;qwp-KkE&`CGh8UKHWq>gDmGq)AB^ z@kl815V1Hxhc~duwCoD@FAr~qnO>#Wmqa+xDR)AnA z31fk0!OIcSSC}e4`CZynSzAPmK1u@0>Jy>ZT>$w$aRs&-AUERtHlv60!F-hhX0q~B udh!#tP{ng!D)RMFE))syBVQ;fVE&dDc zVQyr3R8em|NM&qo0PKDJa@#nP`25YM=%2j%yCfGC)pUA8Wpcz1I*$++yyY;C2c zB8Y?}j46UcfO5QvukJPO_3lZo@I`_YMSWP7lZ-G`8H)sg?na}#(P*GEl!OzUx%eZ; zS%PAhr0z8yPAI+VzMPPR7#dmxPGL$o86%G2>KTKVKcBgMzwf)xj*pL=2^IKEI8Ry7?T!hb zfdR5q{%L5lJ{A3C`q4c#23Y z=#a<%uKN*vIsk^e*He;2zO$U#jOJO0WvlBUF*9V9RP}pq7W%&P&{OA|C~fk8hT=rC>PY>9GyVo8XpA%Q6W{>O5;Tmld;?SU3P{57ST*O# zeu_72Li0F+AqEs@7)3Wg62?&+;|LI!f>j94FwPm5stN$h4x#{fmSg#(kSCpvBS3gP zlHI!v-2-6|5hh!B3Mh(z;dlg$j1wF|h`cc4KoS@thEI+J?o-62UiovLL@{2!k35Yj ziezO55#k6QscxPEkD2TbC6WC53g0{i#3aTHhZ*K?(G&}C1RVVWk&Fk|B~oXv3N zijKr^zQP=lm;oBnToIB?(HIMzG{lhRg2bL9pNXLp56)>!!kYkIkKR&#o?(U)u3ufs z4p{*2e{ldZoKi+O&29<}(In>qI2sqq^FZ?kNyae6JR>0koJ1)l33m>RT>*GXID>(1 zj_TqOpu>LhJVE&7nI9pB*YMASPciwAWtKqgK4Un z+R+UN%nN=Rp_mEcrZnRLJUco%bS#E8I=uk>qo^myd7jZJ<`bMV@p19v?4xSPG+Ux* znm{?9hz~yAc<^pQ7|_)4&#yV-fM$rqvU4#9(KI?a0+fXl2jr*c;>(~qCroDr7XC9| z{wxMszFR!l=5=+zMQIxJt9*#vY=}ZvqM>V=Q9t%n-x)4U1yvy?Vvx-*fGM8JW)J;0 zq<9#nc>q1%pBDW~7HIga-~8FZ0lcLVh8PWT%p?s{8UbQrwoe7R2M2J0N2LuW(8&_a zF_Shh4Ous5ICIB2iEuZe5q24laVSQq>l_?7;?bpiLbCuq-O3jK{Nkk}Xd(cu*_1-e zp8q5#{2K|pB87aQ@sn^iOr{DEZ34~_&n8@zXmbQBtLj-J>S^{ox2J)ILOm0Y4oY^` zpS}p?2%8JPyXf@wX?ukc(m?0gdeM0kYqSPs$;gmIuF5ab47%yK3s z9;dOG&lnyFG)aaT{AV$O@Tcd{^G+T+x|UoL32v@Ijulsk>Ecwd{9d3rj_DA^f+}kH z@=5`9fyab#LCQ|&i!xl>>_3jDX)H8%_wA4G&MrOvk#E$;68q2ZpB`83zrNo)-P?aV zDetJThR8^)NfB?5BQQY>1dX^bPO>}+90x!MzL3Y@x`mbT{L?4!F4WT7duyJ;?JbNk z7gL6T8$$=Bsi%dZNt^cyN3BRIlad8i(84FKZ%wrDe7G|6zjT6lcui=>|)| zCG)?3;@9VY&p+AE|DBXipSn+AMy3HU%wa@g%x_Zsd@9HiPH+HEy0^EEsO6k}Oy$Bu zFD-Sy8A)@RXlf&T8*x<#P}Wak+OL6#kH3|tht5o`f z>@aw~I=Rf3WCRJ;-&bX)sgY(R;Unn$k-2|lomwUJ;YzfRSyP*xb(+w_H#d~;T(*Rc2I?e=Vgp2hLeEL*SLmbm<{oFE41-o6->?)=xVh|di2n#1T z%45ThlwrHcc@C5>UAa!N8dt;O!W9e*ge-up#6N^$!Q019h)iJzm|L^3euK$nxN!^=i30c;#Uw(UBxAiaeo2!N8Rw<93`K~epg!kpf3RmcgNp_J?X3e)+mwWg z=Trbgl3#Ji-4MB>j83I!Z(MqGm&yE6-wL^3afw=T917pyJ2J(LqiGsIlE-ne3$|uI zvx0o4h8tE0sGq8ByO`jFD*_h;O(=&)t5Wr`Lc;b+3yL*|T_zh*Q~ zHDkKUy>I*NiZ`>K{G;$87cX93oV|E=rhoi&{>uEQxjkJ&adwaMe>M59O_z+uc!TZ0 zARyT@)=&#KNu+C&v9+NRPQUbB@`^(xkDKNj5~GtVc8Q&x$6oM31Ue zd?n_+(l0L+!(GrATgn8q`7h@;Ny0df+D(5CJ_AW2oNzcQWT03+DZyi{q;7BB@`(ZG zGh{f8g(&F!YX>?XI;xG0M84ebaK#LAv^c2=6Ibrh;DifFT$0PF$psfUy~0U`X9Qm} zM{Z^g^&6?BaC5`;VVG~1&}de?^QA870Em2n`1Z(=`{6B0J(?abb`F9>prDX09l@JGR0jJsPh$z@fGD7ORyAGxd)Z2JKpOsF( zZ44@ap}lO6mPZ=YlWkf)szrA*9W0ux1VaL#Y-|mQ3$81N1G_O{949V{q6{v zfyGk>P#J1!5mYpir;KM9O`lIVPlIl^*FTjF^qLwdG1X0VD{aMe%qim$&a&r4ShaaM zd*1Vl2P%%VN|lAXbb=zSz{u9TGP3mcwjFp?pQEu&4EgZf3Tf@E&_)>oD?^V=TY@^3 z!75ly1qH4!Hbw%Ooq*CIP;`<}PD2_8@b2Y#@!WFX2(yk zu99tcvc7?$GaBbp{6;L!D}+@Y*gM%}<5N-lTJl8OtwixP*52 zF^O-iV^pwA3Ej8KnPY+b67zReNIL_xcD}^2!W(0(g#De&8{jn&WjCt4HT8k6)Mzs4 z=lHjB$YKGUm5?+W)RRS!+7WV%fZ7!bI8R#OY&vMNk#1MhwV0`G^Hd$yv-wFY@i#QW z0UY&hPOwk*Eeh(e&IaDzR-@)u^ZyXWa-3~?5_pOK=lI0$*Ux{P9_{@X3OK{Kw!whDZ1}ctjH3_`dfT9*yyW_dW6bW2i+q%tPW> z_SL4?$SAw5pyV$>sduspPAcke3y4WiQhzs?^;W@50kj!vrlBG@QZ}}|af|u-*e!s` zsT%zUaEUo5$rz+)=jJdxAXc29T#d_>n$(+7w_qt)P8}_>4tJV!#fP5Qjp^#?l zXat7i(WSgGM&9{QIlc72hnQDe|LIlmh6})D@qhl|(fs+}{rR7rl-hkGmC&DWW6G{M zR|`kAyV&2H*4@2kel)nQ=l!`HWn;{jyS=Ls0UK=p-=sKzj*b(1ecq`b#%kE6s0ZsaXpLwr_hA4AV-aC08!NPl^ z?{`|-GW+kicU-^!`(%Ir<8I0UoFguVUS27s23y{e48xqn5lP07 zqVNihG4q@Qb?Y$8Q@I2NHo|1}RLf>yYHCu#ADZ~^TZpXE9Z&Fr>XPg zznla38D)g#3|_xFV~$XNzv7TP9*HpOs(Kmy^=mX9+vfkp*^5_i&b(=K$3EKUf4}ed z`}O(n_x=6+-$glSx;k23J1xv4b1A&z$cZoQDs_KdSl+N`j)?&s!C=0%ft=tZfg74< z_Dzb~=j6d_{x1yljm%Md4irzq_F7%}FN71HURh5W zXg(q_s1fcGb3hHLMP9ysb-{pP!9^TLFuVbz4vlPa)CQf-VBL=dYK?cH4eG70l`mw1 zGrUUDklms-AKE#Pt>0%hmgT7NEU#1hj>zc<28CP&b`#scDdY^V+3DJ4OXF6?M-8g2 zZ!^8j|6eD$j6$s;r%VgB60f#PR0joK=Xo4MM8hkA(^M=&V3g5mb9RMI2BwAj8xL9i zd|Xo_pX*5_G?L;gNY$~rdn*DpJCDn9G;4V2Y%dL;wc@4t=$??;!jP4RC)XJ=l_#nE zc1y_AJ0Elwr%q}`+Cq?{aZAm11UVXmF^8nLVEYJa=WLltaXDT!XLV!!Lao))NNpK~ zW+-7GbJlFcmiC7Kq6R+C<%u%+X|@3UQYc~Y?C9w5ZphVk69$#`_0W|`vvejc5B?&T zEAU?ZCds&n>lo3@EnEHNky)t?DZP@HSxD!W3R=wY2xmA6vGKTj6F!X(mNoiV%m9jDw|UDszC{8=Bii%{C6&P`h_?K%h1brSP(3Sv|L26Y^W(P|F&)pCa&6*#NgS zfW<*{PbI?h!ZaV4&KfW^^&w1iopEp52=;t`dT;2dynTbE=uPdMf?GxJ(0@a=kDkd+ zSd3pIde`>o2_cuw&=#GC_cwY4dS?7q8oe!JDA4O~JbLy`0E-RQ_B5MYK%xao7<{_j z2({W>r3+RX7ef@ni}Tkz_Ah~vo4w7(twlmw?O)ulTx^B%PP48>LRvjs+^<}0h4M}^ zvqeH$JzU(cTx^AMOQSa@A*~+jqqjp0?nbEL&fY z`T34euLdOyzTb#5oy!!5WOM@F*#o<4^G9$vcuhc@n@sXf7!wEJ#5R6Gidf z`lxhojtQUSLm6qkc&ng0jOnmDMU3N2QKxG)_V{ZIV%wLEOI!RON>g_mF@Vd?e;l74 z&c*-w`}p6Tl;-$9JK7I19qd;P&3j*o%PVEj_4TzE&Tymx2c;|uXSiFb-F@shXI4m% zQL=;qf-*Ov3_UQ?^m;;sGRyD`3-iLH##7M%O0#7siRjc0Hewz)I?PaJw@g%8ORDt` z(|R)2_KONlGC@n63I!#NGsG$(Ov4-VspxjF@Lt(Lsqj2_XKfP65K5ZFH>$G|8-*n% zd?I&WlmGqi|KTz-x7Gbqpc!1ti5I9m_Z?@wh?;uX!BokQ3Rg z3C@&Q+!) zMZCa3w)l~zdjY&?2>A?km8cBl4K|1mEv_qIJR`~20T`=fN!3th z8`@<-k4|y7YH_b|1<0+1LzV>6O)e5k1(HKbV~mm#%Z@FCIu3~Lu0ODRXvXjZ83oEw zAYPWw^<5PUs8YuE$+Lq6IT}LxbOnn(KQUa@7AiPTHtB(utC}qMqYNk4>ItQ38ASM0 z#p$mWlqjLl#Iz*0x;LZBA5dtnVt5yGhmQ7bM$!)8EtG=?uemko#agx=+G|5xe7q98 z_dfsI&wn$%Aou$R@orVMuuT4+9@Wo(ANBY7-*;13PB;$W9cCO}n30AHYp9*#8UUHH zwlPP%^j%1H5p@U;%&f?865(u7%K(TmTwJDuf6Gy9PB5!e(B*cUxkeksIbJbU{pyfd z$&jS|mr!2hN(VApsz%_s5ik0fQDEJdS)XFoLJO+N&;24l?I>^4H-$JS_qoX-s z?^#)&Dikf#cPvS@FJPQ=dzC2F)P)O#z0KnqG$y7$-Au)>y7K zbcM=XK=&ePz8;@d#>KR`Y+#m?qQdtYf@ZQd4)T)uzg+%XxqsJ^`ej)n|NFhu`u%_X z-ah~PZi+4cji=;-#+X&bzQqKKg}s=3dahQQviG*?J6dJH>f&uLJvG%`7u9yki3W?? zSuh(Xh`pkr-05ItqPRTa0jLBEMgF{b^qb_<3OEaCE#*`j&RV1|M!879(t>f5UT8tM ze|LnX1#dh&*${<7c^6SIUm!WwFgF(GGM+V?84aWfbH?fPOQj4zExaiJWk%f-)kM<| zE&KLmP5rMkR|94Ur>3`5!*B9FXni-a^{Tf?s*A})=YYgFA(TUfWK#%x{^g^5YYj}U!8f@TWqaVxN`LYZ6U0oYeEb_4oHb?WoxLzs&ew)A}U~EY7|YntKuRsE|%XAN2%s-o>Hd=o%Ng^CKrL|LbVSYx2_qn6pW@o0oY9zf?Uy$mNf z%41xyHs7xzakPLb1dckz z{*WTYI)D4+xi>c;;f=$ZW3OiQW0dPl*LG zd~2p`6Abf>hyWLiA{CI7cC_2XDzb6^x14JvR(iG z^8Fu`@p{v}pYN8(e;l72pVsp~_m21RA3G`b{*Ox3UfcUo!@p9{r>eR^(6war4P&a; zh~l(SX;R^9!C&9g-YisqjqUw~&@;>p=;h{j)f~5j`tJ_(8oTcG(*(16=*A{kRW7=h z*U0#uug`#oC`CgO6Hc(uP4-WdBAMubhQg8G2;?_LBj4+tY?(;vkj=wV%D`|BNiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKDLa@#nP@chlE=uh7LF3yD%CEId_b=kVC35xtFPHg;< z<0L|%O=9~7kEWDfch9CM;m$3Zh2Pz)xUTCCj*sR4UDvJtzt=xK`mT5E_DuYYv( zo!c864^F=W_kP{3R#L`M@|}C{zN*N5B?Uzh<%km+G0y_<5l11NI6mS$#15fdA19oQ z2@X8ayi!{&AS@2itsS8m_TXG|6TH5FzbkI4{YunkG4ino>S4}@B(~Wt<9Js49c3Pb zBuYQlzD;n55yKjm1`eNyMo-?ol%>0DJ zTt5430ldO-NN<5pG1RmOoWhK7GC>@}^>YSiKcCxux9{4|Pfm`lDHZrkIggpw?M?`v zrX$Cvv#tiRYY;Dk@fzRW&?I1kwoihDSxCLfr1|TMGx6AiPRBYp zfHS2Te8e$>365|g^$3hlwKQQbTP9x~Y1mhBEbwtT)(=K z9WoEz|6&0oIHrtnn%w3ZqE5~Oa5Tx4=Yi%85=~%+c|v>!I0|A)B5oaIb_L)W;S7el zjSpi)LL7WZ@NX$*{DV)^h!6AcZ>BiHb3uL%3H}xPTu?5V6CZ=0U^N^xfiw<;4yLhY zYD+gDFwgmEj6x=e8`Fe)@cj7r$TAo@)9E?rA4NSu&WnW3FrVU-iI4Li=O0x=S+fO- zSraJbQ}MyaTL<1v2?H8u{PSzdIG{Nqq3m4DK{N{n$AA)lYJvRpLVW3!=S0?7j)nW& zl|S==mhYAicJ{hF;G)zG`ivwAO>kgerz319Bjno>AN@%-{3nhABEh-Mpelq!jCS@5 zV1{S1{Ui4c$shW0>Os$SXE`8}7ivE1*MD|!0B>o4Aw(k_GD*ys27s8D_A`O^!2w+2 zabb)Jbdm^j%%m|)eb!AGPV7la0^E&gfNh3D?2F;*S_cP~cyuM7(8PmJce2GlzdW-9 zO$4A7<5I}mi=X7oev9ZeiF`_SydvUNx%i-nS?77ZGm7#RXu$~JV=6ujl zsAuBQLBZGh)0e)Sr9wJ6@E?MaQ-%W|+|Cx^<{OJYsoWY@`Yss~dVCxFxSaF4zH&zMD?**EZ zkd9C&sG`;}uM|+1ctRK#r0jIQ1Pivw{^NKSheC6A-~RaS{L0}U`9^)T*ne)nYX9}! z-f4et|Lvl@qrw^@W3eVhyheP$6fqDq;=(vd(#W$c03q*u9)fM>R>q4@pTN0POK<0G z_7v{!V1l`rDGcloIw+1s&5XC8v)H90+U$S>cX!Y9T7IE%xV!rz=Fit&R-6AHrZ|jo z!WEy_NABD()DbieM!_bukE6u(1_qDKeL?G&dyC{t8_djAE9Fxjo~Pee=AVWgei{!<$a9PFuaA|QWQ#GCZIT$NI2Htv1(n` z=b{gR5Q7o+QOYndI>V-MAW`O9+2mT^^DW}SnUMJq&Sz0TVUTdwC zqmVP>-$@kEo7^V>HzW+DCm|bAX_rdtUHY`8vC5u-CF+cDNN@CW!yXmvc0-fvkfMNr zpZP?XKgB^BX6#5AHk(}JK>5;^%M+tBAYbILU(G- z^BQ*UcGml{G%Grdtp14de>MG&f*E0AEvgBsJael$hTHc42FF$Xf9#&Pd;PzQV!9dX zNBR1>oP6`%2y@i4u1OSl@G}ZYfH;XJdPRIjqcNGJg|`d^h$F8$=S+XFV>pBJb^YC) z1yI?Pgp%h}07If*vCnNE+2e%Hq-d{QdUV@lexYxL+%LIA4LJ_EZ}1(NVaCxc_8>~b zFy94Rv!8iRzO07rmk6kzs%^WF;D{>%=LC%?hbOC2^-v*UdZh)$YQNSsDw<4uY&d#E z*#vRpQ@!oGY~(V}BH~jIx|&|t)-YHAV?@F%ETEr28qmG{gB z6qCOuG>tW5+RD9ey6f^c^Pc=8_aWym&MwbizB|`He!6&-{it|5?Tq5=0q6f}@?V=S z2@UZE+kx%!e^6cjot_@;<^L{<7AIn1my46k>zYfCg*OZS*h6X3n93v>Az#*`3HfJ9 zlNh2$Rm#5-^IqwfGsSS1G{lB70d4-v`As4}OoL|A-+|9Sq5wx6j&m6(mQPCX7%Qo} zJG*$2f%6#>9EU;_bpEvioev$=#zrDvZgbdT23cC1RD_8w_h@j$g(NP>WmV*Y4V+%% zD8X}rZw`}p)2Kss(Mx0(cBPdYc(T#Yuf+r?%}k; zx5Z6`9iS!YHd$(Oo8%T#7u-E^) zC?)@29JB5`bMd{($GjwY7kqOJ`#zn;P8LA!pfH{yr|i0qY2ZPUMx4xWH;d2tipBVf za*f4U26KsiiH}&x@0LAO&1D-OI^GI#fBJ)>j&_BuyN3mN%`Akg7)04#bs+CMm@+vntnQ`tbTu7Ltm-Bh>KR!AqDG9KV0 zd69=zXD{b3dT#ze#gUe&vUHbDP^1wU*_u;Cmfqbp1F!0HG%<-GA6^(Ct(_IxC_-Rm z=uy^|piXJ9a#mBZfGdnmCV{e@fWje=cal&}eHwc3?(8CeZn$p*b?HCQENnm{uU^c# zo@>I9U=)xDGj@^C5%!G!xgTFq{~B}iVHPpG9BdL1PEhy?hv@bS`!oue2PY<8I3YC1 zUm08zk~!WfD0(~L-88{$O2eQ8%>txHt|3N@Es{;8z*c5U{oJU8jl9ecsa3vPXO1+^ z2%pYoC<@Fu(Jcb}Raum9+0coBd|`BD1lF41RkjuD52{oJpsrQ2b>%@9v%~hL7RG!5 zoQfhTPxd8s7ekyY&}UvnA^l&hC%Y@X%gBVL*4I!hOUY4rw1%8qGUQb;srG7HrQ~Xg zzO1C_+88Tge@BZ3ctu2+jVfP-3t{w_y6pq ztQ((YONN$#$>Oz+$@&>5;JpxQ?vQZkIGy$e^%-2FK{5uKz!T>T#b`uA!U<;1%Zt}p zT#fTL#Gq3R1)KLehwwzI_X&q5A&#n$IUn3Za1Y@L{tcdxh}XXF9m10dUh=*tzCVOY zgu@~vmSJCQij9o2+X_l<3rfAgDmbaAzbzmpJxTrDVAfj&GX>CQsAUc1!I84D?TuT= z*T-%NOjg#@vetk>Dw(Y%c*z1P9ZuqKogBBp) zhFZv_**Y45;c$E3^iW;Om+JE&AU* zUWotiA0O@S|JX@s682f>?>8aySCsLOJs!I*Yt8=|jR>b}?*p}+|8)Dkh50|&pa0oO z*(?sSdTHh2@lVYvB$_xrO)zEhj_0a`d82B58xqFWIIn3=c#r@r->_i|{6GAHGA zlMfLryf^xOr=>~$J5wCah`dw3?r5rP!qbRTrAi@)M z$?}sp!DI3f2XI696#n0#13yOLEzn4QDL{f4%PX<4V>z#`K3s8{VCw+R=xjzK`1$M# z0+KMxnGoKU|0?h;XY|jcEC0I7(EbqQ!)>DVw#MV=1gs!cp z4xh!=)Bmy#;AfN&nlgC(>YQ0Z{r!r4ZaE~tsH^HF^w+P^cx;;gm*+2Ey*YPg!9DwE zp8x&6+wWKBzuVj2|G$%RPM~F?WKY&ny@+Nb6V_)`}YCF69TmE8BmK}xA(s$}A`Rq{!VFLi= zUb;;+jq7)pCeQ(U3`QmoftwoO(uGsjyD5e-4MTb($trJ=4+-N;5i_eS9>*v_Gt6O%)%ah|U$<>wIK=2D`P$*4wK+ zRN1I=iQ2IKh{Ui$xGT&7)ua|Vd;RK?0mFieI1XTR3rHOr+2W`TJDuUW9|_cI??M|^ zTVE?*$P_1dm82oNMQt&(b0}MX$ZRa_sPQDNQv06B=?DgeTnY9pwt-Vf8D6u~wab>q zt%#2rmRsLudYS*fPI4KAT1`%w25co>O_!(+bG$CnFob~m*8-=RScbqjp|kp=3Y!c} z1NAo^vg-M`x<)=%b4h3<#a9rkV|5Q!1Zrj;mv%HOc%&rTFN9klMnK6^AF+ z88Ve8srYtF$W%KYc9y43YDC&VkfTXM&1M8Snm}d_NpHdS5!BAvB9me}UKM9`ZT(!W zRntgq8HIW%VJK78Y{Zu4hX1k#J}=~n%F@zo0s2-bVfg&`_~?GfRdy4GrS|pE6-l#n zCM^g4B9|-hUi~J~B#-MD)5I=X{pCrvQX5fvEibc>&Mg(RnBXx^aOC66ad0~MOH9*hx|@>e9PD^vUkDM270^VYr)j+b9YO~Em{M$ z$n8r1udn;pMKd!FTG3SI0DCYrw~Lx-95kW!;O2lpZQ@JeWyrE_C8b^+@>}6h!y0&) zBJfj50Jk-O`9X9?<-c?MI2~r4)nJ;{2R}}AqP=Y+*mK?4gQ2I=^$lCmo0+Kuw~F48 z`-W^Ey(}qVK7O_6-I${%gj_O5TXY^i-00=#W#hNf=xrH8fnI;((KBxXSZ=U3XV=^U z5)Dwo@YCH!s8#MNU9!@+93dZGUcBD1e+e?V+1qT~8YHCA{^i5U#YQOaHR~EAq|w9W z!^*`*DDNdR8ziLB!{x)u#YQN%GWWYi@i;Mg$ZS@WoME6hRV@>0}oTcA?zE_szwQ*X&@cl0v zq1MEZMe9ovKHn4S)u4po_ZxAhbroZujBf!We_HI;L&~yR0B)wD2~v*iP`O3nFEX(?n#Cc0_B#m9_!B&R`i{g;pL*~Qno3Fu z3sMjyi=udMd{nqMCxlPak&LunzE#j2g>=-NA;xi{sM9qXJNz1h*!E@P(iH!P;@I9s z3}D;&kCW4*h4^20AOE|PQXl_kM*AVAgZ;{(dGAYcd4&wRxw&!tISy3dpp-@a9Cu5# zyN8x_ZiED7N|rD{P~=9Gp$C~Xy_piB%o04u!o0{*rP&e`1$1Tx8!-ng9cC!A zTSh9aCDrAkYULg6{^&e$Z9A(S)< zZ&hanHVR8j_*Cw`M*sWY|HEZwZln8WKohu;$$d>!Wj1OZYAFLAQ8dB1I+k%(;&F)# zPW?ETAt$ogEI3nQahvJxiB8QN0EwUvH|Umm*3(iPil-vR2`gzY#aX3{m-h-RvYzU& z7BL($vc-c}D&hr(vfVd}VKGA)oG55JR2vpDrbRs+p1p)D_6u=Pjbs!V0>i$9*|LOX zGNXwwTvQYnq0uu?$?RoIBCgjuCRe~ar*V`aIG{3HZ@q|PZ z3t*y>C6z;&O=#PK9z5MWb7$Nfp}Rw*LPJcp-K_kC(jP%fVepe?YFe^5I?19Xi^#9!WERH&+f0yynKB=WE$& zXs-!z{_#riKKT4^KL5@5lHBhf#Jg41LYw?QJ+7YrKJM@Hzwf57lyL09JIpw|%tjh6 zjiI*kYXD@*+S(lP(sv=*MbshO%VtG_qW~w%S_VLj;ruck{9B5`>;$tq1zl{nW!Gq< zFvTmTs$U%vBN>vk|02rsTgLJl)MbPzTvt z`pu}?uWpvkh^zjuFe%DN1~=A*d&7?I5?z|91IrKCO& z{`Y&Q)%*YYy?y@o-4s*)XP%Nv8e&!!`vwy%7xrTE>A6~J%G}$k?r0SOtIM~&^wd;$ zU6k7?CK@bnXUS}wBKC^|Td!Q05EB|0n&u{@+PirvE`_U0-eoXl7_#`_;DE ztSwBTRwI@kOORKfUn0<3fPY|_x{^hfA)*6{zdG}*x7=DOapmd*+CYe}(PrC_3cptq z?y-gNBbIjkUtI9B;qt#l|M!jtgKGY_{{H@_9Tijm7a9L6TEAd{R&8Ijp`^*u*a$$$ zMBY4FpKq5iAucv>sOCbZzF`kKy=VQ-3W9{i*mp8AIPzDKM*h9~i-VF0d*Az|EM}Ur z4ELV(SE5-afn%ERXQh;$>OLhShh>B6ZWGFx(p{Ip_oiFESy#yBrv5hTL|#z%-mQ#I z;pHx8?*0Dw_$YtZm}aPr~o9XudapEn8)O9SrlO>4-Y$s>c5^=$ZW43 z#qRv#r^FH&zBN;}4u-`>#Jk4IvROHy9>YZ5##FAcmPMOV5Qav-)!uz%YQy)sDixEu-X?pbU(91khE@~a|N!groU6v`&P zRYA2OO;j7-v`pHZGQG#6%=*$N#GIW+esUZ0wM5XyM=8wT~;$fh@2(P06e^joI?Etyp=Uv=AY6tWA5-{t}+^jwLHB)HIW53qU z#}~;c8NgpSqbvdQ_k2X-LCebaA5zy=Z(;_v*ne(+Q1$=!2gifG{kMx!WB-A^p}gJ> z)O^rt4pthw$LYShjvt$B-%MF~{?BMcINfL;ux0-D+(GsHcYkoYpZ_~4b@Ts?8tVG_ zulZo54Z%u-D;_kiri0w@oN=|8`|lstQD6npx6^~Oi&(F@?YKnxmXLmIrrno)*_VCU UmwT803jhHB|5{8HV*u~~03U_We*gdg diff --git a/released/assets/rancher-gatekeeper/rancher-gatekeeper-3.1.100.tgz b/released/assets/rancher-gatekeeper/rancher-gatekeeper-3.1.100.tgz deleted file mode 100644 index e383a70ed0df8a5c7a0f41c52ce59123ec637635..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6114 zcmV<87aiyyiwFRfFx_7O1MNL)Q{1?+`}O))=nT6R*n>S!hGgz#t2n^sq;``~kYwvr zD#dulni*gGTFV|_3HP_(Zb`P~$2=gzYcr};0K3(ax}|=pC5NUroX}7on-M*yG@xPq zhgFwGqp`cQL-@~bm;Y?EI^w4+q}kr>?zURHot-XeG`p>C`v-hcP{==b-p4cA&p8$ge4r!$-Xz>iA=A-*JfNN9MqxWXPW~G75c{L=#HlfJGrS zUGn~TpS(_I3j&4_xv-(`fD+TPs6`?ls@PE3cBrOpY>>~#=J4DcQ}T(1%=SIfXnY|$ zX#uD8#w)$q0H6)BkCio@9C_FUi#L04awwY^Q;&vbqKQyDrp~_U(*%gbZ+gECg0RO+Kk^h(wG) zR@4*}rOxW1beLM}J zs_%{Lv5{3Z*u)SI>(i#`1QWAai6*2DH5uhgw2B&<8Q4++_Q<7i?=BpDKPG~gBW0d&p6!9}6(2*Kd^ zF$&4Zo>D@+sU7+rQkiKJA4f2WqJZ`4^|2jI;sKDrt^3duT_QBGCv|0b_7HoW)Z(3C zh9m=@EsW8K)q!X}tE=RljV{~?1A*dMr5xEZv>t(I*daU#50M@{5S-WhX`)j zaRcDAX~GH4h(<$Oym=^cqW#xttnI%CDI4S%#1{=c zZqNv>lZy$gzd>v}mhFv+G_{zaZIBOW*0DGUd|29q!Ax<;*zpI1%Xom^CLjcbKmp@v zqC5xN1Q2+1%(V^K3_?1xFF_(*z#=98*fPj_&$%ML$7^Dj2#Pe&J=D;Q!_%`}Fja8=oY_N*} z{vVj<@PFjO@Bas&pUlwqV@BQ_9zla3TmKgMD$%!EF3W`t3%ezZzUXIk3dRJuq!A`eggU>1V&&uARE)^lP_DHi!ew*r*U)zlOwf##4Sq1sDUVKtK0|>B zv~pK=zmgC^s@4M*FM4l~C?r5_{*T_FvVM<8KMW*XV#cHjB{2 z96B*4WJX1NE6BLX9d0tBW)z2XYXyD%_5ze!)s*9uvuuVT&rhafTP9NE4?4hjq0-=? z03owso<&*poTDJp_AS?D=(`_HF?dmI@Cc>eZ!a04;}oV+P&} z<#2^nQB5>>E6Np>$J3yi7|3cV=lJ8_fg+U#iEQw#?Qy*dpv0LA`=kp{?#;Vj-}hI7 z3n*v1xMvf@jw6Ga$doC`ZoabBg6nKEU!ZR8~${`qG37nj7NVdSY2m^<~iXAkM zpKyWIdL9pG=+TI>+z)6Mze*NLb(+7xl-=>roSRwK)J|wFh7FZUNag* z%Bf(_l5U)GpTG21gp13$0CbHxQ_LlEE_MgP*;hiQX~rL4m^4R%B6bDV04JdK}NDCZE#n|$O}T( z^g!E%J&Zp_woB`l2rBnQd@g2@@1982c}Te=LjoDY5IiOd4gN8q5oY!9K$BGHY~sg` zmE`hZb`&$n2_2guCjKy-oILYtYC19976JWf`=25|E2$;(s=%K^Xdlp;A&OK?8sOF{ zF&*fHb!Cu`@KV>=xgF>{>50czaep{P1~{(#m|U1p4Va3cB54bUfsQm#4ih%|E8zm) zmpH%_273_m(2+=AW17adCi#G6z7r#uog&l5Ftsa*$0?JJ;j|nQ;FUcBMQ`AA)v`>p zA*vb2o`MM!dlta=hptuUJEL{JOFp{lLmeLwoKxcRbd6y)(UBEelI^uk0>MLyjxuOX zoB;M;96Cwm@+{Ivi2_bF&%-dreqXkXNgZ06X(sZ>aGMsR+kMfz90Y?d{RgI1n#0GL z4>RY2!~y#7P*3Y8&}Tq`F%VKoW8=t^jJ^P<=0`MLv7rz1q%U$i)YLb8=g~`;1Tfc$ znU|4b;J}e#92w7XoAhs6D)xWV^u$$Vg5Ns-yVYoQo9q1VhbR^N=emQfFadN?{%5P* zD&_yQTkHM*hbW2t+9Pc(x7!L28VzmcHe!#o8d`p|59`?{M)eEMENPdkRDr$(tTA4Ee#;6Tb2CCFBM;ALkj2r=2#T^O2-wS2{ zD_$DiwUzK7Wv>2LlBeag(?gii1KY#IKwa+IDvzp_#v=I-8XzzK;lFkM*TWPwBRw3L zLj!!Ki616@$@xnzbf!)195~z~2ZH4%!18|ymTNAJfNGJ+g^oF(j+7&25cJ54>+AHm z3#lm?*SL9DBL=y-c_E|@Iuy5n&n4&Ag#-eTb46K=zlS+(N2nAyO5;ShAjT=^HhV}@ zG}1LGK)r*;B#6j1pT7_^{QZQEaNI!8*P$N=bEt_@u}I8CEom$sV9F`aZWp!XQ1(G* zfF`IyfScK#d?8Ool!hrbaB-}UJrmdEG0L*?pBrtuh;U+P;x_KV0{OqQ+vpbT|L#s_ zeg5k~iYos>VzW%tAEvy1BoQx9D(L{}(O&YWlS#%3MF6(Gu(x|6A?0y(Mbd@k1TYKe zQ2H>^B}11a*&Y-W=f^32S6FacCfuG4B}NEQkg-ETEy0MztXP^EORysuour&HhdJ34 zKa6PC*E)&(|A0&*#wQW~DC})~B~fU*@WX@Efid!z(2T_8ckAk3Q={UOD$x}5XBy1mfXr`il>|r)f|7U^DHd2Mw-P{ z0M0@ldX~+mb9Y*;K0Cp>fKT)pHy?DK1YGKMmTO#DbBK`=9aCmYHM3mXLQM>l$m$|> zPpw)^{43N=C&*rYe&pZb#!1YIRE~TWS>O>WbJPW4ZK+(WtI`__^``23Aw`ehAD+G2 ze|vO#ynk?%z9nK~3n|u99uhLLsbfhKTrGtIxA~X6(yanz$?GQO1r# ze?Zld;@R8RG|CS?;G?cjsOdzLzw)nqlzgumuNvuNLGa={;b#ujnUczkV~*k_6a}+H zLP2Z~nesdc{m38sPLF&zIG&9y*P#Skx&PJJaQD={HFfx&>q6pWQ9e{#MXiJAQxQR+Ha~&}q$GY zX@XHzMK!itQCH2gsjAL$?)$r0zB_M;hVTc+^*RL6bPQV9w@xX{SPN!B_gjvt-zEO1 z2L6`u0~h#z;Py2N@xMkB?|)kRfA?SR9{< zphzNteC#@T@$(B!72e9jDGdkm!I(z;CmxLAzg+OUQ%cz2PY~YJV?1RjjVl(=izK7u zp_L^WV75(E-Ppmif)U>VOOR3eWwxnOc z7ByJn{yhv`YNHIr&}AB}E|zC3@RSFT)sPi(@GIx} zW9#izmAUpGcL=D(eadgh2U=kNwc5MI{GWDrz5n|#MYaEC2n(?O24L!?CSWQlK1leS zB`B;TSmx^FNn_i?P{xAP*q@h(08vCUzrAGp0>cT%Al@ab9J-srZ;(@%!mgPn-uHv_ z;*!1yx}>m}3$%ay=2Kf#Q9V`gK%RhUW%;a*iD6&Ow#(s}{P4UainMwpt0n!-e=j)ow#A z>XZK_9C8nBiZEiBSiYI1Lh;bkHpjB1wuMRRrgycOwz;Legn?lfSO7$hMw_*4SpW0W z^cONQ@%l~Z5}!orfj{UczTPI1euCjVCH|*rZJT_~dW92po0NK4J;*Ov*KY2E9carR ztXXnrmOQrPeHvx1{>Q{XJEWHI;qPn#ERO%Q3;Ms)?Ch-d|3j4f)BpL&b2kg%MB)%T z-j8PkK<}8$Fjh-Jsb{6QA*_Pm+Gr3$zw~leUnL3YRn_A;eHO(`Y_2iATnfQ`STcpF zlY#)|Gs%k0jKA9?*&N#f-Gv(Gx}csEJs_)>RaAnbN@?GvU5R#1(~GQvZBnyfVc8CY zzu`I3(;J@&q9BNPa8s}zS^91#1gXiwnLLl;DNf-G5i(oT?=zEqeb zDo=|e*-qNJvkAv{hG&^?MZyEMRD%j{yBa%HFQ31(L_V#e?D{nW5~=9OY0qQH`D2Lfy-M_?-(U&(}cY}LJza;N>jWjFq0S(yL7Tm1e< zcc;5P|Mei{mivF}jlY>2f6JzM&e|a4^0N@s7Rg&PW7k3T_CpmWMxovuRNr|R{JSmR za{g=K!7o`B%KuK`{_l3P(^<>^2Pt=u|LcQa>A|n1W&Yg`h^Hjwt zJospjct|xlxiIr%1UEOi4;ao%@GI;YmT(>9lKIvFrDf9|t5}3K!y`h6K4tIx=;%@ew`4F*rqpLa zv@DHTJwsS}m1@cK&B4jh{)Z#^$H(KttT8l%DU| zd9u9bE3(Y+U*XS`-5>;q=eppA&MTBtk>@Z$?ke3653=thFU<;+m(;UR7CyG@;?Z=f66wwg2}ZWrqKUjQyV7KRLz!{vonu*MHe*T>dhk z1?#`NyVEVk|6A?#_kSOx{C)5LdHAqJg-ogJ^j)t5Qm$r5KRdwBlRv#Xf@UylNp`L8 z3A)F7f@ZR2Y34lkT|wEE4G99ygUH@5y})!xI-+4nt-}~I*-q1MoCvp6K0dmn!#JN( zEKkWMI6u&^aLtS4XWmy;OSRvs7U{#zpnC~ib!6XEy%tw@SLN;MB_4_r`GN2F3t9Y%%EK7Pxk zPxKPg9raW)?Sewme;p5@mrcyQY*@`f{r4x zrp^E<4c`KxdZg1*7nJ}m^{pzLQTG4l`u{RiPj&gRC;SG~9Zmr*%Kzx>GzXI3Tro$$&LdQ!avnzwqDI7HJS2R?Y@NoIj3W#qcvMmOYG= z7mP;9%UadNJb<5n_o7)B+Z{C_H)mj|x{)T?e5_|j6^~&ha>)7E7My^rm(M<~q<0Cj zIlT<=Q(nY4P*jG2hZyCihyn@BoR|#k`J@+{k$=ih@epH6!u?mFqd5>1+zLM2?U?nK z=+%#B+vG=zJ8BI1Epg_0v`PO=LHN*eJxLFR)sh3B;`?-X;9DNyGRU#~h?w#byRz^? z2_?V(HlQQ$?-F<%8~-vMe`)YJyKs!^ACJ9I@2M<(|2t~BWarQn>Tp?Auz3HcDF1ic zopt>8LCU=Rza)Y9JKG2Pu9BnYuK%+Mbpkwf8U^3-DYymezujyU^M6}AyN&hwe~5B@ zUH@4-x(wv^MERr_Uy-F!Rcb%iLH(gB6la7h7OkEE@K2E$2fQXf4m1rB*atN z7$lFqA?dbdy!|cs1U|1MyW{Gi_rOJI)pPGX@uhUvvY)hsJuy4E z4bMk_Cj7FDRr;9{Ltx2^-n6f|r?>8)I3-SMKQa9$Fq-q&M7y_{YO{XNO+kgXxM-$A zdm>*sf8}HmP$J)HE{{22ZRUtnf{Wj!x)v8Y;g^C*?Vn)Ip4INMs(jZ4RPvsUdEJz^ zPVl<0)CwOZ6gm`?r0orz*qWu-HT-5WYIA7|%%~tqVvx$VxIym?MSDeso-PtWtNkEI z$W@7JnwUO_s#N7Gh!;Of(aN;1G8PfHwe-PNzE7DcQY3vw;+etjiWM)uzG#R~FB+9! oU96Z#_1c{fvM%egF1IfK55dB)rU0w}0PLF;RR910 diff --git a/released/assets/rancher-gatekeeper/rancher-gatekeeper-3.1.101.tgz b/released/assets/rancher-gatekeeper/rancher-gatekeeper-3.1.101.tgz deleted file mode 100644 index 6bdbecca60c44dc9bb24c709c79bf35202453ac2..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6730 zcmV-Q8nxvgiwFRfFx_7O1MNNibK5qu{q^y$z}fB8?wOQiTXw4V(ixxa<}z&(kDcb` zCX=x!5|a2#kt{*Vb{)UJ{q5q5AVq!HQT%ZcCb1*}SS)sd#qMGOrf%d7X=)GLj9yTh z(6sU0vQx9!+;6uD|J>W-pUv%E@hKB&?dBa z6+e!mfV#drVzuR1G`E|rX7fAJTuSS6(l^fkb#gd#qX7-$fprjuB#JY)7gFN!r;PN|cto-x zC3(WKl)5AG?&N^H(xU|nrWv^mpl**6*Y~MUvKXoaP&o*xWv#E1k0-8o;SMPIKvNdP z5otC*5u0oSr|ss?cB=`6*2w`@wrp}7AqqZk_VDybHZhO zCaH@+L=R*|%K$NftgZVb`c7O%PQ@f9z%xGtu(}B2{Sow&h(M3x$kP0;oBvpx17Fe@ zn=}7g?bdEt{=>LvwN~^0A(9*6jK?v-Ixu`;int&O95Gd#Aa2C0L&6}+uWEDMJd4#3 z?~uvCWW(ToIdU^^SX`nFeweG%c$(wB>5~i z38cvEkZ}usCdJPkr{%OPK*CFdB;(Jd2xR14LL+h#hk?ZCUeWFWYCd)@OXE;Tk}%Fus%F8M5*m$zG>(wU%o@hngJG5>tkY-=f^3-gfCQsP z44Bvwpo^F^jP3;w_Q56+dmhoK*6!BUqSwi;*^3S1EOfe*DM16hVdopVmYH6uRe9NJf&MCrG4lX4XQkeo04c7x%%52aG zh7te!S3^U!3#hEIUbL$V$fh=tp-5KQ1+Fd!5q$G#k^$0SWfZ8U^v|5KjEVKjgVC4) z-*c|X6CjBXt1EnSp`Z};XgL_r9bnVPgWM0YI}h4*7prXo4-W{c8nEtqgg;aBL-jzl z4ag5%WB|{lIEFpoB8LwvwnGjg;QCd-I6pMTyldki7WRT39?ISV!voepfCC&ArBIXO z9fJ`EGZdQ4$a`sU+`XHg24ZWgMf6(z6r&c+w2f}jq-wFdDSF`3J`86uWf;t~k;_?o zN(V84)g6cjWYfKaNsG2*l7xY>CJTc0u8lbZYR#;ni!-2*VtVw0khnyY+&s)k9oEEy zw!k#g%&SoJO9(0HS3D3Dth881HfR9JRE((0Vc-p+E=#BfdY@+k)%;<@I1hbJO{A<6 z3XqGFLsA@25N-KLUl;RxK_q2tzm7&=_ih9ZbpQ!hjA;#Olk?W7Q!ZO{F;-X=wX=A0 zzN{CjHAs10lbh?D#fH$=8K=hwM{kauXQ`Y$K&sLIoFULH7(_t-<+L%+|JQD{tNPz= zYvuoYkhD%tz#4^BojbGy*I}B1In~R9P-q>()dn(fU5HbbCrJ!y8i*DO%g`W^4L>c=Q})OwIh4 z5_3t;|L^9_|5m%Tw_Be7t^M}y&T9TYL|Qiu5WZk?_b>O_pSYFY{q(4p*Gv+mSDu~B3MhL zTFk96Sgz9i8H~oyq`T8>c9#PSC|6hlAGBHcdoT+0m==^9xmUp`ACYx#e{qTxW+W`- zxXz>BC*n4NHZGo00?KVKiEzc3`!$V6hc2v)wGF;^FNEol#@r+=8D(hIa6;;>Q*`rq zQ-D2Y0?PH>kb$|o1Xzl4hr>L&I1B!&ryS2E471T`6-sxqVJtu}a!Qt!7H zj8KssMCJ}y5hB2coOUJ|V(@8l@J zHqK69NrSo5{UTVJa;T8807H#x8hp*EHlxV%NI*ICqzlGZ{pj60!ZIkwBQ5G1EXJHF zmbnA9srY;ns8@NK0>N}QbcjM%M2mD6hXs@?w6UoTBIUF{U+%{>LbNl43YW}`_?B<%^KCLe4^cgS!U<+;c~@A+i*@e~3vGygAC}H+y6`e6r^`N9%H7;{ zmjnwam&GB*$8z0kN`pu_v)Hqw8>igIPu(TK;&Lv5wZ@$)=G2(WM?GQe8!l5_7ij6j z_xM`Nz00R(p8@6Wum;S51(btPb5I13);5TgGlERHd&Jk9`UWKd)^rX$dIHMnbA)N#s!a3sQfI_Q7Qf)Q=VfP=2^&++a4Q@L~=Q7*}N?1qSAfd>CIq!|Wg zaYvI}(B)>n3}wKu3+7-Hg_~mFHxt1p0V88K%;}bJ=#O{)F5*R0Eg4r2_8gXu0j!&% zNW~aXuB{R`!~no+hx`GVw#_br#O6Wo+`o$Z!x|XCxQ=sj>0-=5Ot7d3+Q)97Aq|wn z_}lJMxWM-%cq~=W%em`F9A98EUag1);87KM7RzG;7}~G=amJuyI4nH^ybAiT(DUF3 zt2k-k;W85jV^D$e$cOS>Z{#=l&S-=0lJ~E>P$vce7nF>6^sQG6bYz940x`BoB6vvA zP=-|#2SD%_FReoPF>C@Q3K-QqtkxOCUD-0mgIM~cfjCEi+qCH2?uzDRCm5jgZwz`< zXE-?X8OBcJi41|Vx~lX!kYE6WG>$QF;3~o>0jkAW5r&h-FiyH6PR~60fO!$Ufy{y)>%?y=a-X`jhrllOJ z9fICQtH!6V>QM?gL;Q6J(`=w8OG%DUC^8^S%M~^;ALrCG71XK+7on;#I9dbja z*u3P{QbsA1y0r{rt3y71vda20B78%Zq*g-H+Fyf!r9*=sN%WGOdoY?K{&Pe}oIu>k z!HFil9HqkLvfS-qVW<}j4RMw!3#q6f&PmCb2~b7@7&1_04Ub$Q@?I8-f_2=H1$e$- z2C(9Vv$xU`9wg0N|BbV7a@g4^jObnvVPK#wcWsSF^^3+l`41~VS^n?rG*|Io50lIT zhH20B96Y%Zr^+t5c)^9vxMf`chdbm@u>2HQ{tv-&YeX}kTIO=0g#dJYp>KCYK+5B;6$*vL z1TdcBk~WMq$>!j#Ujes zNgDU4*;70j{fcJg&L_OrjUjczZ1`6>D@MupbMxn>ek=%H9Vh(Ep*d2t%sAm7UO+M+ zOCS`)w#SU;Ng8Ld7l$44{_tcvv=TxJ+9dw<&~W!OxHEP5p6guV6ka}DwyLXE5wrD~ z$c3uaG^e<7F5)ICy(%H%;#C$WX)q2#I-tkQb3?gO2rp|<(sL7+--{MdR_= zrsHoBJ8<6pKfC+QivO?K+S^~*e-DxF@Bb@Vg(}+PeE`d6=8j-)M>(JN-$29H92Lqb%PdpgKzg+UW^CqCdPY~WTVmxF>`xPtTMUatt z=odjo`$*RZ}*bL$h`K;l~%b6w!t_x@%=Es}05gV*^2>iYML~aZeixXO%mtd+U zdFG^a9MDTA=DW@ga?2@Pv>(qu8MPUJXLyM-*8Vt%W1sLd6){o33VsOx6x1jGO?b(d zs8ggF!@%;5A{2_dp0+rYO|vZwQg@^44c+FZkqI3`6j%a8&iWf`MYsOvhw(3Dh__xw zfD#`>`oJIHiP>93(oZm)hs6IdUfUuc3#@RUZjlKr>pS_WK<)Nxumg4Z!xc;J&63BK zyiX&|T>mjJFi5E{Z1{U?0Q3DnJC*f+x7A+V|NkKA>#hIg!E-+i;8em8JKm3{0|0hR zMi`r^vZxoSx*=>9zq8UHg#JY4G+ZSK>2=-X890mNDxGUUuNDIEH8h#Z(9uNz^0{Qi zM#0}LqBh4iVeP^d=ccke8S8+oKDk6G7NyUtZ#6g6h+0TvGwbPF}vmxo_mI6F=s&fX5Euc};VUQGG6C1eiktX~KJFHCswG3axb zsyewa^<@ONx25+{&kFFX>={nLIxGeAtsF{=hCRxsT-o=+fJT|1q`bPv{YM`8A;3Hw zynHEkSp`n!M(dn4PZgWL?uoMU@Y1-&U-ydUM&Av>Jf->~CGplZ)p)UeJFzXOn?0iw zhn|nG@N!C~?oGl)7WX)fjm9$90@W%ev6|r#p`)0xw{doSC7fH*87D*P3ny9;#%!J; zoXFCvq|P}!JwAAUEPwoQa-@Eg+;Ig67WnkI-{L2A8$#$mSaU#r8`S|#XdU-jdSe}wqFyGU( za?Ok6XW3RYQ@!14CTYV?q5DK}(~x~#mo2XDu8Z5XCwM4Q7AJ8S53YYhJjyo>4`Y^< zuBX9tNrS;K<9BcvGk^ZgP3RDR`9e9w)zi8wgNpl$lx08d4x`FzAHU?%Cwhh9j<%M} zFAW(khIgrWaSu|Js;di+7HCfwTU~f0(mgLcGN+RQQnq4Bf^eaGk5;!ReS5bk!NiWk zd_>=1yhv%pjqr(>!3{Ks*#tACnQZdxT@+rIT3+4K#BXUbNo_2aHFOl7HFE?=Y4`>R z)gimv=A;sZCvdBCXH43EGwpxrs;9Pm*%Q74>K>;6=f!{Qwp*3>?{;f-{{Lapy4(O9 zWMm_x5&VHMlP6?tRxsciSu-wzf?xP=bCWcQ4Krt*Ak6RkFk|=`7C-PZBZJXQWvKCiIY$l^18iibFxvfO`F5G@r!!EM09-HvI$1XkalZ;|gQ z?x->3w}e^3XoLQ#i}0?MFwuv?*3^Md@qRiy@GXyUIpjpXM9g@J-K6kB2_@hE)}wu} z?^Jp08-Ft%&vf{ho!dwA$74^_uap+P{~cF4wR7l-<#5rZVE+D3RsQeqv{(M$2T8Ny z|5O0+H?|M-O$A5Kod4%T8YXz^G)unZRd93W|4yq}iT~Z+hL6?!e~5H*)A-3czDnf# zMERf>Z;_>PskDA-!19Mnp*SO4GimLj0Dl#kbI5D*Nv2Ia`0)-5krYp9qmw+3JhHbV z{pDvl7;#r*%`Skch1cRJ9*Vc(y1I>i9){QC&m2q?e$fpGBaXad{fi3dynKdjU`H4z z1fGkpyJj(<^_zBeiY{|kmC!i&RqyJBr=T%x^sYHMj^3VOS=1!Z8@=gRulxGlrW}ZL zen=%lJPR`YDphD4@PtM<@)Fxw)Wu?D3WF-82&ytQQB|3#1s0;ZQaia0&wGF>{GyCC z@YKW*P|BiL<63%pX9UG5akBOUvwr}kxeQITdzYa$?R#km8ob3xGZw2S@|E*f4i-^L z#5>L8F)z3_wMQnw#do<}iwm9bO~GXC@1V|}uia->#iJ2`lJ{)PLQ~#4!Rx|QtGtv@ ztf8<-29X!${8v{zlw^&}CrI!F>lu3A`QrTQSK zi7KB#yu_IXE5p7fp$NaNZ}+atI2Ec$mGlLPr#ic9X1sX&q9b0t=+wS-v1S}K*6szM gG|$#%&y~ks#8zpQR%w-1>CWl@0ra*<^Z>R10ET=s$N&HU diff --git a/released/assets/rancher-gatekeeper/rancher-gatekeeper-3.2.100.tgz b/released/assets/rancher-gatekeeper/rancher-gatekeeper-3.2.100.tgz deleted file mode 100644 index bf1c34f73596392b5e7fd6053d9cc7e218e9f9ab..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6958 zcmV+}8`0z+iwFRgFx_7O1MNL)Q{%X@`}O8m=)l=p*n^#f5SY!qvsD~m_e||PD43nC zQ&UsKI7;G+WBd3KU>WXjzum2eWyg8IWO(dEHA50hYPGthR(Go<$4=l5d29`wlwWWj z@wooovQwkc*lV{LeeUkkXJdOue9FX{t-am7?d`pt_AYBQcei(2-?8@6F{wydk~%S< z(hGyY<4(^RC6(o%Sie65j_im2d?qQLvPgK&i{3GFm!?e_rpPL-}hM%rp~#~nM+R-){nyxONX3g zQIf{o8L@ZA`|MXeTCiZ8vP%!@o^$5(dc4Qd5UO}k+4Fg=w!Y3j9y{)ZGvMq4j}tEp zSflZYS!^3PZ8d(fnhhwl&i1i#&0(K20-$~EjQnnm zs=o<)Uf&}Kzehd5u*U*t#1kmW5v8u{q^Zx1p>8GDNy2ID6qv;vAwV!CLQK`L3UM{>tt!D zhIoff4kil*_sfx!y2HxqE{{{1v$}3&v7VQ}gt?}n-zf>8$_o4na=Z}_Afv<9(m3O5 zl?C-o>9A?ip|V~ShhwkD6KgPzp=ucPy@8!qwUePO9@fWA$B%|ivl2|qeeNV&c5IS- zm6bBjLeUfk(7g^b3OkV}3X{6Yi}9d# z!LKhvkh2|-t=Ndfno%S0Ea7ezqnMw{i6qQo5U2>?j)>b(t~OSjAVxGAwfR%?K~jbM zhjC*8>w6=aqRdWXuSv-X1kY=W^NR}H@NQ z)tLV$<4Kx`CCP=+m;&E3(&QPCqz9`jd~=|nkltuH7|?BC)5ra+=cRWZwCfI5+XNo& zGgLKTDRmh=Q}aXhK(!6X4;*9w<#HUuE^v|H!y;_6{Q$Ur1rUBwpv85)lV^M(M;Ru=1r;=yPKj1 zJ>G}mET&8XGi~G$YftzfWUycZ@qlc)cQ9$umW(3bQ`Tfo(DQ3!&VZ&eYv|$($fcMb z{U9VR5hW+{Q&xpFbD=FT%{22$6#WuHO8Vsw1O-biR*?-FKr-bc>T>A0L#UfX+yzz6 zHGyjWB*QTCdqhp7tP%>4i<3iA98eH#^^m>}=AV0kl(GFP8iC!r;n~~G+|bz-q0^mWF`(f;9^Bm1f7TTd-j=zsPQ=;jRq zp#O5(nCJg%H``_XZ>O>H|2;@rXUAYz!m3UVEx~n|reGnRXPz&iD88MrRQX_7@z z2x=OL77okMzz@$E+4xWzr=TxPzQ{?3#&eJf03hH4F`G9cn5*6u2%Jk0q3my)HhUL< zEC3Y>Ya&XxvZC*S+co>}^z1YR+yKNuI2r+f4+p2{c}r?&U)AZaK)+_6{~6cmuX->X z)bWq{nT&&a4(J^Emqp~POlm*c$z=q8&z%eSn~vc7|3T3Y4y^H6!d@L7L4%-?{V#XZ znhhqfQy1mn(Q}kB74u(8%q2PhzneGzn=t)L{{QA)d#ACQ{|}MYO#_4$OmhE{*Z$av zoe@V%qE`Ey|6)_pXLgvom!=hZ4hcIVbi*aU0?Ku)*@?|B@;uTqJ3^Eri|Q5He_%6K zvkJA@K3ReR*+sCHNVS-(F<7qR>=}&4&#c>OG`h=y1(eGzfe+d&eC>@qJ*EZaM$VNt z%0_IR>@T8NZbrgVj_W-7eFCxxv~ls25>Re?NrcPC+%IuBI&ffRtZeYTb0JKRI3$y_ zV3eU%Lxj{@r|9N!rvQ7*1eEJLegfw15@0FH9SpPJ;?(=InsSuO63j-Yl`q{Llg<*% z6=d9?{S)Qa+gt*!U!H(+%NlY-xt^EcmiGtk82dx`FN_8cMG-c=%(F<#9&;Q-+P?At z9gWfbT5j+NrQUBZ62?Wg7nqw`d58cFIqgg`#Ng8yfnSAkIK!%_CK|jG<;si4)1aE@ z$Z{#?hlAHZkxGR`Hu%O1XkCS(%%55INhhG(tGBn;TrP|h1+%ubZ~zT9q}Y!I~) zD#oywatl7Ygp}*Q4bx*-(qQg%zX+D594cgqhoMFl4Zb3(%_#Cb5>O63>4NcPKYI6$ zunfvkq(yau`IuA1QfHtx6`xN6^(u>FAeiokjymXy0FdrNV1Q`3A~v-xB${^R%dNP& zk0yrD-cq^u2nGXgJra4JU;=SYICof+9UT9@#oEp7H{O=sT!iP1#)xvZ+q-YPnXrIz zLD=J`Kzd_y2`H!6F+1Td?w#8zV9+Kj$1V!Ok%;i=pzAU9M!YU#4Z6ZLM?3u|a_KzeB*`dj zLxiwEgMSQpiZNN_W0GsR+{c$u3>a~d*cd?J#2E9Ph`19kVPnV7_?GbHk6Zr`p(3i5 z45FB^O>~QM^03R&i@s0|OY>Va6^U3^xcF z78UXO*bTIyfpQpn+g%D5XiI{^sJ!!xyhh^WLLx)e@-P4jsL0Y#o*2NWe&vcY23>-~ z(q+IauMZ17#YNQeLk2D`Grl(l6(|dOP`>MqdUe_qt1TfZ_Q26CzmSre|4bOvQ7ft`TXB@V|%x`I{)_&se=Es zfFw&i05tFX&(7}lMEp-{ceVfj5J@Sq9oDK9c3a^=qfwi>jo4w^jaqT5ti#C5TAQ|+ zq4JB{L><RpeP5q8+Y;x4d0+cTXNz-n=uy_ArD$LCF-#7~=hn)rEi=TS|1_oMk z*VcGcy=csn|BYrz{7savkR`W@k>Z*&qM9ELEQ-Q1Yv?GhQeorBYaY#JkpXK~pB`Xcf+ujs9SDnpfG4od zV~s0oy67pfFl2V3W*%!>s)=qASzUzgnN`byf2F#5fV?b@k76F~o@7ax%4wLSJ+KIk zF**Wa-7~pZH>Ecw9*oU=Aw`eh9iF}2e{*ztynk?{bD7xPLW*^ahm7?-?)Rh$Zl=wbnK+Vj+PF#7S&TRx<4}0+SA2^8>=J*#7sPsZl1GP`Z0twFxWZ~A$EJ)naIYt zCUch3(__Qy^}|FJBU;a_iCbdYCErht zpBnnHAb5G4(3wMXq-dFOOdwuBG9XJJ9K^Pp7|)|POhY&HJM8_z@pNbfgcP(%{Hvki z7OHn=>d?mPT;k-OHC(pJs}{{!I}hLb%;a*_Y?u>WxfpRjm0uOmaqvQmL%C)Dn+J z@<{%#F$kz*x_07}!?^9iSlGSal|uLN|Cx@zMeM+N_y4q8yCwf$qq*B&*?$j_?(hFA zScNL&WN`f*Q#v=UnW|uYD?XEGOxi2?tg`@i;YjCZSpzDPE9T}B@8hzPihM4qM{a15yR}!2|7q>6 z_J1EHnfl)pF#y`%IjDMC1)R7Fte^=B?Fc5YIe4^h+l{3!$n^aMYI2Jtn)&TTvM(T< z5CoB@<}aYD%dfLjaig4yzVAl*;*zd#y6CbP3$%ay>O)IZF>O?^{rA}E_?TNtVC1lJq7 z%}pZ{I)*4D5fC};Z>;6r`k(K|KeHj;dKmypG>G(pKfn{Sx0s}#U^vCae?MN^Vjpv? zaG-9n2`sBS`6);3_G_>Mb@_u8OYY5*$CkWLBh6g@F$m9#c~98z_tpUB`G0oyTBY@W zr@6Db|NlYK*IWOKgXex4z=?z*cDx@?2LS968DVUu(xRTH@`kWk{LV^)5c(6D({Pm} ztze6-^)2Gtkn1LxpMQVN#3G zdyoR+NBa15Yk*RGD1Z{5oeD)l!a4h7!{{^NNKCPk25D(T3z|Wt3~kE zRIhYYy|GXQDdA9W2B^QRgL{=`rY|}FHTU3`OmpS`PAUGs1?K-s{y#{%hx}h1{L%-% z7MA(`GNrX)+Bss zj4v!7l_y&Vs9Q2_duOLbs0gR1j8Yd5i^sa2^g%jFmIvg`V^4~2C{+skd2v@ceG zqA)N1XJY?v2W*1p9{)YLuznrdOdjZws%Oo)x-R+B2Mhbx;V? zTRD^#4QP~4N!fROj|Zusq@arH{4)!BKEON}ynHEkSp`n!M(dn4PZgWL?uoMU@Y1+R zuX{yvqwjcr7IS@(l6dQyYCPY*o!A!C&7Sg!L(fN7ctd5P?oGl)7WX)fjm9F^Jk=^D zv6|uGpu>cNdEZ!_)z^Q-G`(= zBwmjn_4{PMvA1D>2;;3zVV3HXJ*_9pYnqXh4F3gwYIcJVbT2Hy4T~yF1{u#_g4|X5 zIy}%_PZnkc%1a*fP!>M6=w3=%`2G*{7+B@=0M|>g|61+x{ZC*MKKJ$inIv;T7c4C; z-N$sskXSC}cVV@5inrO(!P5D6*vYNf<2b~ZZi?7`IiJ6QMP4}Hl+ifB^)+62XqKW9`vJxt;2UCny2se@O?mz$*pEX$8x_xLy>TL8ZHxD@QYeYq>JqzJ z;bm~?#J&CFSAPw0z4UY+{~!Exd7N5;(DRpoIr6{JZtRui|IYTx|MwtiivN#h&^PS< zlSBNkzeTd>{GW6hE`Ax@ocX`k5chwZ`@h@G?bZB$i1gRJ|Lx)3))g|P66yP12WMQ( zqu)J4H;FvGJL0A=Ye9Cc?uq+~_ry(Q&BDxi?7QOf%X$<5;z8=|Ph?;?Jn!=ut)2`c znNRhLu7q1sK0dkvd$o9^MBaa(V7}*Z>6$Oe&!Vr=Ox1o%Gf5xj6uM6oHyxR;s-H2SQ9)HDGkBu4+q!3As$65eHbQb;d(Mmm)si+Q@VZ0nECT>?!yhymoLfE2Bmf*@Sz-n-Q;dg5}=;+r(SwHx)6yX_4|5EjPZ2%m^KT}Kl+nP9IpoJ}si z3;gRs%c~pv=*B*i)W-5zK}X?hGe>}wk8glb9k#P=PBT$>0=Fs$$4vWQZq;&2zVQ!V z1bB~A;Pdu>cG}HS{9n7dy8q>2(z*-)8Ki8(=K=hI5t2o0ZB{V&8e20i0)$`qZ*!A1 zm<97>ogvJ>_hEj}8OEOHrbb4>QRJI4eJFTM9rzb7Da8vv z#JArF}p( zX_9G!4t~4?vm?e^I?zd;1uoldNq_li1}57TTeEUtYT>OBiU;D==#FlqpZWeZ`%eZY z3SD#t!ibQ!YkzP7oyw=!26iL?g}`+(e35zxX#J*LoubR+suCIpz3M}~^%^vWjq__F z$Kl&kEQ^{1dZRb(+N-{P!8HMq&JU?%h-Y4^-=__Y1D?nbgs`>m6YG0Wnv2jxyLTCC z)4msmput<5G-I)PB43HWagLRto47YbY#|Uf}v!Z`#6MgY{&DtGUz#rc{t5u~}tXq|gVh zXs^7W>q#PLwI4-_T$QlKO7%fd6IDKgcnMPtR)+mfLJ@x3o^^g*#3@%r%B0UpJk{A< zG2_KsZf)_3Tf6e@wiV;3zIHDFg?Y9%d#*h8BDPAav`VYAN_S5G56Fj%xd6NX0Nt9e A-2eap diff --git a/released/assets/rancher-gatekeeper/rancher-gatekeeper-3.2.101.tgz b/released/assets/rancher-gatekeeper/rancher-gatekeeper-3.2.101.tgz deleted file mode 100644 index 6b798a154583fd04c20e07b57d90e0adaf6c7e48..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6955 zcmV+`8`R_^#9>@3FuehtE&%HhRtTlGUr%bHg+~3=8G;58<9;?;&8m-!QthI7XN>UmpP6Vj* z1K)SK(|5*kX*no17|ekq`=LLdNs6ZVfB5f%x4#^}e)o$#?ysZ`pvT_s?ri=8=ZXKj z`}=#XMvK)NwR*k&9jmRR^#$o0=l>=<96A1wd%>`B;Cajs5~u5N)}yB}8$`jFB_qz# zFis-wjM=-B1NMs^Em$y0*rf|~yPP@wKJT+6fGRFjc0FFHY;LlTCr!_y<##E|TiO+J8%iYZ($!W>@(jP^B9V9M5)trlEmZ2P`BdiIN{@tQDXq`|INKIYqDN24xPm9 zx}KX{R~RG<+L%D0Ueu2TMEKHSeK+DgKui@nKZcug7Bv6C6&8CNo1;h8{ z*hzY$(&{}PB{VB_-O^%xH-;&3O@q5#5HY0{_!Z>1W9~ynn{6af$~Q_2>bcNnv*v$k zy&!Hg&-K%*(%di#CT^d{)^HL5;J_caLpuX($0J)jtWN5V7ml2IDVT_R+=;pD_B3%z zE2XZ5qABp9^KE7nc0yOm*EXBf;b)lrY}yUGUIC1IksBuTOv=lcy$iX|P6E&EU9$ra zv&j!}ChmttQJ;*QgsJ`mf+1D3y3mh4QX+{0Plz2aNKphQ?u0Y$PuwW*kzsLV6kvBp zNfO5GYIW!)qqGb38dn3r#F79V#H4C;&+Q@Bsum#=+mdE9QsbB>aTSOa#8s0QlVRn8 zUtb0wXWJlKu@Q+iqekFa%zJ5sVtytk;vkJcpdx@fB5p&u%0zL37*VTN7EjFwNhR_h z#*GE6?~nP46u<@Yzu9a}$$u~a*7E-$(xz4(3PQK?9yK_rI>by&?_e;1|9O4zW4_|2 ztvgPSDuChDu>+DglC#>#-4-a=mCDZ`QpQ2VL6HIJGNv_)!M{;(iMm)CbHZ!Dog|I; z4vY8zdIdQ!aoNXy(2FzFl+-}nFh@P8P8#-AmHU9OBc}vnxNRdjcwUi;MRS4Y1(&Wr zWLhSJi~u1~P?HaZVDwWb?LByuY0GS;nn7BW5eNJ*z$XaYd<_TU5K|zdsz+061 zHSNMrj#_2UOOcqd%?N4Ta)!BsEq$Cgo(ozpLWbGy#-y1W#V>gmmDY@G7rG5vvx#s> zWe!MGogRqC*aCfFXiRHn8dALE3kdI}h4T2dixZ4-XhB zBCwS97(G+-L-jzl4ag52WB}!I9K$`}BEg46*k%VlaQ(`Si60tc>e|E&guS4LhqAZ8 z@PK6v-~dNODb(bsV=&@ihC-7GdoK-+yLYpvfmqsV5xrJF#i&IyZL5r%f(^t2vgzKzq(xgY3_Vv_lNmv~*T$RyO=aHD#Tk%EF+KW0 zNL(UHPU^EVNigHfR9Jl#Qs%k=q+V-8keuQ000i zP|crs6r^6CsEL$SLIHAda!85;3Zkt(($~TKuIoz~J1C&22!!5o20|+9uu_ zb@FAiE(Qv#tacJ?FP8N}wFW6qHOX8j78^oeXPh1%9KAWVpNhWq)KZE5XODnx?$8JN zucnPf{=ZheRn-4>8*BgHgQQJ%0){25>g3Q8T!(227E(8LJ)w07R~yK{O(9O>GzMbJ|BwNycNP+b+16+T!IK?f7`a%J0D~L zs8CoFQNooKZE$W^?4z^uvjlJh5Qo8d3;;eHo}uS0uAqHYrN09GirxJ)s?uNeU^J}a zAN4by_|*(h7y6fm1kClrbgqUrNjsIsd;~H2>=`{R{s8`hKgmx1RqGkv2^OgceM4|B~1K#EG0S zM@yno`JDY?Gty^vl)0B?6?zT{J0f($6~F?@wXOMyEiUpr(keSblp~Ak721DbGnTUo zwb=n#fS3)urii5_};k?rbiTzNt!dt z(5fLq>aA0B^Ymr_d&~rs8#rDJ=I#n$Dasv=Qvc%2{j;2Ml*?kwMyHi0-5t};63i83 z+@k#x<=5L@0j^)3fO4xEazwel8{?Mu2kjX9UHC7I29HD$HoMHTNUI)m97NiI@&FxA z(EVC$@EE1uuPpE<%BUt9yc6Y$i^tQTn&`-C zDdz>l*Fcd{g+w;^#`S4kg`&)xTlPsOpxmpsKfmj&1Qt-v9b?Q+n0lVvZk}!swGt}E zu$XcSKD&gJ8@vsY6Ijw%p z%2A|6d4t)QQ^gWzs5TX!PXhHSjUphJ?uL#!=!gK2&Qf52Xqh55vn?c=cIC^hxT=RH zhS1&;x%UVL18zMMd7oecaZWh5S)Co8{Ih?K)(ELP>@P@~=6pietw{nSIv_z5SNsQC?H9WvFqJ1jIG1_M|%li701 zpqwuITq$>R+gTATpj;Ao7#d4z*Ng^{a%Qn-NjIY0$4{LV!6G>q!ZPE`6mx3KrQ@!! z^9^sQt_!s6!}s7?%e~8|XPN=!mJ|QWzyiv_s5!`DM@t(-${F#c5cnU+7zwQ2KnH+19bubaKYJ_VrhHXKu1GM?T%<( zb|MCp{)6#u>i7mRKgO_$G?dX#m5wTX4kQ=?A&nCZ1Y89dg+R3+$s%x~0LDp2gy@;4 z9x%`6S1<@*tTQJsBSptC2q#U}Q5a7ymF)lOK(AGu1ibV4zXoLQt6 zHBtH$iMgnyN}P5vBy>H?w`2A& zlCfkV09{|`+iek$^0;e-LSZ=pjHkGy4I@o5G)dGRp`bV&r+96!;I2%#I~%4LAw)sO z4q0jmMl5E<(#%+b9jbSda>f`YvKe+5tK8gJED8PtGL6|Eg#V+k!SR_TkvoPDA7%$S z%3nY;5|)=^$lY0TAEqqJmL(ap3~TPdoF&-9m>Te^Gh_v8GFr@uh6YhBX315^l`e{x z2w8F~A1SUmBdU49(4r_Tvxbi1Dik)3yk^mC78$T+_1OW|1$Y8y+<~wt2zUzXEY`TR zW)D3j7KY4D)y!gT3pLSABCCtgJ+o>t@UKu;50IDn@sZEN-IFvfQaK6Yqz@LMF-FHA ztotSxtETkE#QlkxFQn+nyQA~B2XBtgP7V%_buJUTTS&3C@sP2B%e}r-!Oc{-5+$EW zl}?;w)Yj6$)}neQM)yZ%R(rabaAOsufS8Hr(#>-oNk4{=1_oQFBE)WQ+f&&X*JRF8 zdU|4by?&UgVnpkiHF0aq=W%=z1zm3T6i-I~!jpXGL+W*P#2qgg{h7}SQ1bm$`>CcM z3xXHN37t7KM~apiCj{aJBm=Sp!a;2JV&i!j1xe5gyf%A(crqJW4j~0?8vk-=xP|K8 znL4!bx{x@TXAPIF;;Kb+*3QDWJ~O#o)obQNS1v}}PvuuRbR4|U;v{k>uE&S`IPN)~ zTrY&LH7nV3LWgcgb9tQaP(KR7{1Xe|8c(9sKZvEJ{L@cA6?5JO{%H_E*Kz;2nE6|b z{!jED%ACA+wuCCVpe#)iV+Ge<+cJ`>SfjFvriZtrt{HMuRz1!c@o#5Y@YE8I#_~x1 zFA)f+6S{WdjKjF?!&um>-OGZ%kN?kf{4HY#F1r7x)!Zxi|7wj|b8Y`UM7qEKFJ~31 zkdOB+ET4%phFR^WG~vH7mtZAIJ#kBz@&r=fE%w8YKNPn`)WZpny7Ix0C-jL2qv*>e z-K;kS4Ss^y=6+0ZL)x!c052kq)Wd!jX_RkNgdNdWab-?9DxtjO&yrW{%)_tjM!XXI zsMHg~rm9uj6245eTGp1j^<+_lQ{4XwT^AdlM%(0bke!-dXbKo&V4lgiwby_Ah&qTei0^LHeK|AJ89PxHcIA?+Uz1R zOGeyU>S`cy&FxeNvKq2NuKdb*{@APg;xt$PBU6C)$)@~*c%TLPU!%ESjQ?rwt@nQ) zCYk!*3^4%OUl&w8tpZM61(wqUg?0oJ*c?3Cx7~}RFUa)$`D${DB%1m4MSLJ2oDu|) zr{*u9tIKb)GjXGwioWlJ`r?v~aJuNS7z=c8^6EoVR55K-u;fF$thi{)QU{8z99R$0 zNYnI%bC66t6pGKOy{$miH8}Yud;qR>hEb{;C?l%kT|89M+ zv0nclB7ME}KRI z_IM7?A~{Ou8uF{90DKKirZ9AL5rBLyS+SMzcZaFXv29qpaK*VPEKkNdAgfO=Q3^)c zqJ5usCD=JlFVYHj*hU{Fmg~jv8=fOQ{o%PF3KkI$ZVTFjd^H0t{WnyYb{?j+2)zd> zAbzBePqzjr#fKay@!2j>BqW^kPd1D`6OP0bD`}9HMl`4Sq<*p`i*K`kGII+Kh<#qv zC-D5?7(}=Nre>bh6C|WhB`S%@(_&9{R9p8};b>=gmiksCJW$J2sPNS$y+lxbHjPUv zAlcc=mpJ#0+)dUGXckcH5FXkz=Qy6s!%TVm^A6sd?vhdl!acd378JU%9F)Jk6k+u$ zA;^fIQFwa>Vgd{%;?rIUdHPb5{ zmTxSSL5exln*-`E>)>9ex#>&Je=R)tCDTIrzgvj^Z`OBPYx(~m=^pZbeeg>k{90P( z-|v9f`efKTedV;Q{8#(yGGI}CE@cHQlK+iHs~G=RtFQNeA0!n5y?cLobp(323GD=-M%pdD|(g*1zSssu#k3A{Ap;RjD7sXXs^TVi$i^8J# zpQ-)7U04&Id;ItG!uoaa|H6a^AKd}DRMnY?*Yui;mem|msQ|oZnQ2~^Hj0L>z*hp4=+vX^tx9x zHwKRDr4iQ`DT%kPsm8PI+o^3q-Rv2kI`n*eg*Q~j>fR(=WO0wv*l5gi%~h>p5~~>= z4mt{W{5D9AuY_|;I^$$Weda{V0+h`&gi~31mDD+hr^g5HkL8cwPL9-%!hJ{zMC|tY z@nAsq8+#l0h%nyj6r_nh+0%ToyrvmB&G4V$r)D<@!QO=>xM5L+=^*1dOpv=uUxx>} z>+#a8KzYgiKFY$!7TqgJOW*&29s{d*9^iT<_FuDAy#EQzzvsUGKa*rG=z^t%rTc`= z7!u3H{LZb`PX0DKI#{~+4m-IOdlCis(oGTDFX!_&u*eJNn=%>~AGaOIbF!j2y4P0; zu(5O1W_ztxvn2&IKo-}A2&vj;Z(w|%;-T3}7S3@L1>s@g?5@QQUcauG2W-oL$YZ%= zzrMx`56x0k;=sq)1AIfQNB0;zo+;121p7(grQ`frtv606tZnf=RthCiTU}yTE4cJ8 zov43s^6IZ4u2-J!u-@PJO8JhhRa_Dw_yJ7*W~@*#{O@kSzFKlhe&_j``;ekZCxT$N|CTWkuvha(O62_q3g&wr6|VV`{LK3*%~bBUG?VmU&Y=5Lanq6csw`W)x}ogc zhBd`Qk&*zc{$P0hE8>y2(nmp@fbjjV}D52YzjG4dq=04mIefdIdh^nV$SH@-c z*D25LtUK%qul@a!OaJ&4hPzu@GQTurxES8K;@LfTMXIhZyj!9@U2J{fok;h*@Xnl0 z3P|3H$qB-x?!8;zq9-o*%)d$FTf0$Dx!c}g1YvFrj`4|@(^WK)<0`S=D1)n>a5bDD|5Q@E8mIOf{_a;uhG@{ND^BEWl` z0$;TMv)if{&i}OP>-%3GCT+?9kYU2MJnq9E7$IrMHs%F`Z?FyHB0%_s|F*YTjae{H zHW|YF`vB$#onh>|y~N0fd7?5m$}VOD__SwKuZr#N4Iw3GKq$LwOzmJ*v!m*`i$x{p zLtAhHzB+yOeI?i_U~{mfofBr8+cq{HVwaoZMoD1i$caIpS6FN%!5N+6WcIc!_g@7> zb45^08}M+qd)6<3)!)x|*xxxuRK&<{2{VV$7XL#Rp|0gH(T9RJ)PaBTl2W|zLmuI^ z*@=9Ur12)xY2k$uO1=cN%LicJsq)x2dOa#-+B9Yt_R;+D*c0_DrMvC_%f-(Ti{G+K z!Q%a&qWs@)?$y`w{~^-6_-}Q9p&8I$*VvY%>QP+RyhCB zXzbP2@Bev_baPYvv2uJB%9l#hpck(a=W?m6{8)wM50^r5M?}e_wXy>ADoXp1YSJXr z1|9r(2WCfvw{)PBJoS5QuPOcIXDOI$S8T(|fT@MILMR@JSED<+jX~;p*X)lJOcc84 z41^IOZ&!Zj0y>pXunp`;3<^QdN%2MM0igA(c6Ev_ldDQ-9Q3LW_10_97`D3CM2@4k zXIK_B3G_y9+m%-X{eo)(BAp*n$q>)nM88iP8V5X~5kg*KJCC|pEKgxjr4&I`rY5Q? zGqb=_R99*z>G0G8RNo(5ZV6!<-^bSXpfu;9iFWTY)MkCp z4MBsqIB6zg^+diBf8}5ir9`~zTpm-wjhQ_%2`;|N_rtC)Q9{BwfGfrTtk8dj-~$F|OuP7no5&lEh}EZIMFn_e6We z1zk@PL92r>ROBj!HBqV$f|{!G8N^GFXs|NucN&WD+xD&Qbsnco6)BQFBk@dUcgc(w xZ@IO_D{k%5x7(JCqw2=J0OaP`#{9YR*o)XYtmQb{Xf^4;}!tC001Qoq`?3H diff --git a/released/assets/rancher-gatekeeper/rancher-gatekeeper-3.3.000-rc01.tgz b/released/assets/rancher-gatekeeper/rancher-gatekeeper-3.3.000-rc01.tgz deleted file mode 100755 index f9630c98c69c4edb1f21a1b5fe0069df9a472e1e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 7398 zcmVDc zVQyr3R8em|NM&qo0PKDHZyPtWXn(!?SIm*WB5{wkk}N+`-IEXSvE81ac^G!u4+lXI z)4L;ypLfYE$(60fzJL1#AN$nGk{!iyP!UCAEy>|S|WD9V`}cmM%WB;q4KAWB8(Q{Ew|;%&;LB2hGe+2PU-MEEi$ zDi}9b4^SvNq!{LP8;gZhCJ~vo8HsTK?@kWj*Sv+s3c8?7NPq*dAIm7osZLqi!3ddp zCLv9v5=i0_d2Q?-Nvi^GjiK*DWAQD4O2_<+0LoOhQcp3sDicS!aO{m~3My8}U z=DNFMr4l*lbVgK-(+fY~afc_!+72Mmm~=|rqk+act7VXpzN48LfKsB8orsUP?38&i z8F`mDz2YL21FsFb5r;LHM!Ysi3{pYW)SJr*$x{)a0dP;m{Sj5(B;$l(M7P@(LAU39 z>q&i&)FA&SBuY`PZ~<5#|F`${`Zf8#+uPe;%m2qn0+WaaL=K?uku;?06;miCBpN`! z+w}s@q!NTO^#|pVT_;}Cn5qG6cWs4V1dk6%FvbB4NhHw=sU#N>{y`!d5=GhQUwAR* z{4&d*)HB}G7|;-jxa)n?-CSlfpP#$vxno9U7pduZ~$E|;-l9%!Ds-l z-v08=!O`Q_vdCtgVIWYq`r)IO@bI9z_qMYoyR7GH=$AMx zFRi{DYv$VFHB%hG=5aBAS54VgP|mhv+q$xYyOOJT!XrMK{-*J$@^Z|j(yLUd{1wvC zSPh`p)k911sF(;JK6(I*hnQ0XKGy)|nhxBWahW?n8{RnE|`K z?KjkX6ZmI}a<)pn#`f;s8)|3h!^f5$s^3?KM-jguk<*}6gtnIL>XDt4r#PZg=_;+3 z2L|^*MFZE^tkiJ@OuiK|J-_$D-&?JA(Xjq2jFX5cl$}pwj1m;mSIL*C0t?pvey>~K z|LymCJL~oTG1BMHou9np>x8fn)EGgFAmBsux6#FY@2Ae~t@rtJ8$ujXhR`YrP+hzQ z?V^BLetc^}(DNPqKdd^bOTL?+5Hv)%0VPrvz+T_{N#nD0IHcFmY8Sweh30S1pm->d zC#FZptg&hVF=j3k*mq5hRZhe#=FN?edUf6iOfh zt*F2d6bCh?5}sd74LOe9p6RlbjX)+CZ2I1-A-Juc1>%-(>9$nn8&z;cqX;e#QoWTT z5{NJviQdEy*0qGy62ZNW(Gq!|hP7DjhKed#ym2+Gx zU+;}zA}CWsX#FVLKgw1Onr-(!Lv7yQl_6N-t)4V)2dMdK`0ECXEoBszyLoI1w&wPz zOmO?R+x)|gUNs^TAhiCo1+7o5hs-J-$DCO-<(+8SA{GuwlA0oFx7VLP17$&!hD|cU zhud3kj8UwWF4O6`6&y)SjoG%0Es6!Uy(-5`lf=^MAh(q?!^*es8q`dc8~8KjDhI1c z*9gU`;bHq?TE*!M#e@cx`i}GkiLHw8$xX0N!YK)jGu|p0naQY8xo8+ioz{Z@ROVUh z?z!@<7qNAEaJp0fBT>Y!Ff`if7ubUq*?;=`+g1HjzR6e91P4HbAk$h7RTwwe1Z)MV1Z5**H4-DtHkWPpa{weWTKShRYFzL# zY({(lH#z)-1eaulGX&2IOftLOhtI88j#>kV<>>Y!d@iAwo1L_-M_H08U*Lq|mCrB! zje+ttxBR@6{P5{xskS7FN~41hUc!eF=b_b2IAp*Ie)tBv51&55{{>U>CFuF5Ujkw!t+QcbMDeBr?d$FUNku zqcqNtwO$x+NMe2^g6nk=L-WfXeVIQ)e#Nec2oFwPt>t}Vx}W@)cJPxR;3-?$M{I%o z@9uVcb@|`j@2=(lW2BmMk(K#Q#vNETR|NjwMn1c3sdX`%scXI)0N@<>W}F4;BttJ)>roon4HJ%j*&Y?#qJvGhsP4EX9b$tXP^EORyvB zougc71RJuI9iz-yhT{KA;wV2Vsd{I*^E9{tMp=kV!3(&(b+DoeL+;O#hcIPXwk*k* zWmt0$<}AUUss)&&ipN^lsA?YX`6aReD3M}mFj|9GR<#X8jAYq`tnC&n>O2`=Y7`t> zD=v-&3vIQCkJ=GVuu>y)Evy$VJR{q=O;5Is??AcwTnEZJJd5*C@VFh2V2m?Z=YE#W zHG^@=F58m+HCr=xm8{pqm?~EtjXPwyYRyx!UN;{}FRKHonkN-esjO33aj8NSqBNM} zn6R+S#mu=e|AcH(&bQ+B=_R<*>N!+=v9*6s5(Ex4L# zDxDBD9^_)g&t>{tj2@26y!P^9)>*YCF6JI2Yq3#ctEuc44rg$CJDAB}n@Ia7FDL1(euDoa7l)KsKU@TB^st>Kow z=)S&V(e#va^$U$KTbN2qf+?1=17{_JpMU3JZs5{=c%?yqwplnONh$tP~+dENl2n7^)24N}bu#Wp>KW59y_ z|Nd@&r?&s!-QQjB{~slNKl}gL5qP%+pnU)0o7n&wk$$K_pd>}Jk5*PbJuAT+W-ZCC zwWZ)IS_(H7oDTW}xkY28R`zK?d_8)@}BX|Q_Rjo!+< ze6h3BUuZNaEEt*B+&n8r^(yEWnSJmY<3zP{5&p92*@2>XVF{^|e{J$uqP?}rV>Kp^ z@^s38xB+R-^h>aowtTGZDAv4Ny->ZjsWjSDGWVS~dTFQ(RkL*1sc#;Oku#$}e{Dd& z((*!^%`Bt7$bK^m?n`Vrv(UbQU1t`F2itg-1od_8J>_9n(l{E%lyw*@Pa3zRyx}1Z zU}w85nQY-1+^W*FZQy_Fz5Oz2S^H0B^btJ5?C!q)dl^5FMfbn=cl&k!ul?TI{_`lQ ztOkk;68I!lV=m}lW@?#hD3ljQp+n30Qyx`s{R9F{h4(Z@sYsj*fTd>D`5QQlmFI>h z(#Sq1MG{)LzP6ovbLCZv?BfK*h5Imaj;j%s_Kz#`vf2zZl2E)>$jrXdacLHOkV?hl z?4!AIO3j*5ZPYLit;4K&a;F)U#69xXhBOJY3UlyldOEEEKU3<7VbjUatQ+_;(`r*& z?!bTc0@ot$e}%5csWVJH1!U|6gHqdXN$%0zu+G;otY1E%SYuKu8~9kKI)5&a8A4bKMT7Ehor!sN^5Zf;0&riAhuxNy`K&zj}Rpp__TZq2K8 zps3+0RLZZM=Z)+CgY>^;6+f32-T&(D@7Mi*``x{@{`VN^p8DTf@tdpoEqksvPeC-V zg4HC1wP(*21WB_jZ-QjEt&by9*6I6650U>Dl!bbkE13b@r{+arq5SXF?|5|J&>Bt@Zy$Ne|Hf*MdJ6{7dWn4_hGCE5kZ{<#Z1NR{L&y)%+!3 zf&Aazuls-ZclP?<`};q4Ev&1-d?m>_0Whxe)BAbx8|>q!C3o>VtfjR_gl1qJRxG1y zgVM4#WcSqw`yisol%=GlN6Kh6GUtYw7R!DMH23XWZe4J$Al7$h z((C8}p_iK>p;0O@kAq6)JACM;zr_ zu8yy*amyLw+>vVesiN#msO%{@lf_H1NnF<9>G8q)WB23tlcVfM&D*9q!b#=|(}ttt z*TJ@i))bKB58=n!=X_G;4Npm=c*Q0rR1TrAO?%Z~e{S#WZm;eCkCN_s|LyN);h9xc?sro&zlPCv7YVX!7xsDY%3X}=mCf}< z+6r&J^`!V4r90(+_F$}?`wxx)u|WR!clPW4-`&0awf^@g>FdRRs1BZoMSwVUFzjvi z>`KSu$AE}YN*5rsoN7TGid4VoT`qp_pb_@b|C!8rxH=NzwCVF5INLVO!UJAh1 zh-6V4I(d;1s!xs;&kO!;L3Ran6JDB#1La@}j4LR`0dUnz1zd=N3`U-F`(^Dquy-`Q zC@RDjv_e#bMzS@4&n-hwHu~fuaSgzIxUEHxa5211=!egyu(|g&8$}|&X=@>VF#mkK ztz5OUe5io3{|*`gNjNy4KKhq9EyHn`>Pk7tc8+MNpgFL5?uu{1KcQQ_l=Z0|Ph!eb zh*OzIF3)D3ixc4>eQXFxQRZpACtF!t4-VmB?my29-%%(0B~Hr$HSjtykD1?1?(t8f`9Mu#x=mUq4PXOaBQWM~knGHZmO2$3*Tyq$ zWzj6}>|W`|x1OS3H8se8e~eLV&(2oU#-j6|-CjNZ_inGhj{or}X#-A(QYe@N#ldnN zuExmVBBha;S8ih_eQyKa>v<&8#F#okjxma06!8nITv9gL0)bjPo}f9mEqx~}^frLu z$SfxCJP|mg*BHVTRb%*%O&{K|XbPN}ni?fYP(VZ(`ksGu_UTMwpB|7H+*@y9{qyLxvloQq|09}wkuXsZmq4a+8K;_~mSb5{81uX01&VsRWW3-klu4 zulZ_~7Wx z@v0{O!uh}5>-M|#`M5drF?kZq;H!x@~Ot4g`?;x$RBZhd@pe^$l_I`{o)H_LJ!PF|1S7RECZFQg$MEV_! z$s0KDcf02+0_NSo{0KDVMm621T7wGa!~16G2F{IbW)<|yiB|+4n$xB! z08*FG%1T6~(z{M~xx7S3oogxi+!zR9h(x6VH&=k}m!}&zU)8`f#G88yqtfP)EoFvP z;T)W~?5qf#ub);u@)r3?LoV~2vvuw_&_G1WK$hw~xujQ&RgSzlR}*S&+D%#$y)-H9 zb0Q@-`4!=}^0exa*Yw`_Y@5e=`TgyMbPv4fAy#a_O1oAg@-k@U#rSDRz^_8QQpmaH zHt$8ex)$>^2nSz*c=?OWhe25U=#Ueq)=j4B_rB^&O-eIOhp6%X>0Hrb^c& z?n%lr@$Bj5yf%xGmz7jxq_-C7+)7U|-N0cg1TvL(W0El#tG}H7HM+UtbOYxfKCW<6TWqQBYEuuntfV=iN2xj{zOBr)-!H!V-d)LB;46%PQ1MM_e#9aw=0~s<(Lrj z+ccZnQpxXx3ffM%)0{zkKCF}`WUOS7uvl`64Qo4b2cUb7GXzf5yMFSE& zaN5p^*;;LL9`WoRtVF`6omNe}JXGVIZ5o-E#uwIlTso7>t1AvR;%dJ7K0zzr4V?E@ zX^W}_SDe$PCSK`+x-q$j&J6*}#7y{8HR6FKUanC25`%!piJv`r?;FE~UtNx!FdBeJ znW8av+=Y~LL%i85`AuyuO+5Le73Nj1wl;RgsZ)TDir5*xeKpy(`L8jmG1}>vZE56~ zr%{+Ysve#mNgqyeL_`>&lzM&}?-+MM!5q3z`u}NtXv*%b#s`+_(p;i(hBcR&?5-V1 zWCED^@Vi84x8)^G+Qu=(9DR;8)C?FM!jz|QMVQij)kUpijeBcJ6HkeBC8j92F}?$b zTHMo%)L4eCi;?s^<34CQ?0izB2_NZPdoV1{$jakRkIXoZ1X4xZ0#^R5%}+=u_=smT4T4D;ofUqPAx zWxAeso|XP26&X=BD!CdN;F;G|B6!Rd=95-%uHf8|xZ<9q^B7($bLs)4y39EDY6(HA z{O{3~ah)EJ8vMUVlC-sGiE%|fV2kd5_jh}B|L=Z(egEfC(njt)SoQ04vN{*j7erzR zd^ohrSIHmrL$%_^=VPT3Ip}moRE^UMKj3kPC&=2?WZJIVOgl;-c4DGc?T(dMrQA(- zYs2$?;R0fNtz*bVY!@!hK+8@YUH|h;;Iw$+knQZ&l z9b_Gz5H}?>hMT@72UZ;^rEQK!5x+7H3p`FZLlfT8YuDXm4~s`P+y)e8%IMWFJ5)e6 zqRegE&DB=piEr~PFGhTVf)VCUx_-+Q!_0L;nw7G=@yanLx}^`Lv)kg3u~gjcFAB0% zl}}4JO=V;Oc1RGQlx>o#F*E=Ft5XDKE}+WJM$v9wz%{k08EOoR&ig~Ja+E0)0VYa< zR%QxRGZUU!cU>@xEf=E#ibH5pm@#Puy6?5&gE?=!_n_S{o7zoi!vQ2F^dt@3M%T@c zS^pI>BANjv7xfqpFoZ0Ul@AAO3g(8C=0}dP>6$&i#M1D{R(^p27a@k4qs1ww=~!{S z46^%W_wQ!m=GD%w0{L<^-RBk0AnG-sa4JBO|hWhs`Aei-6a7UL6|uy)#i!Mqwpzl4yEekBJw zL%~{$O=RN4RB3gqVq3YcvanG z1C8W4Jf}YTaHSE|2RV|3Rw1`2fZM06k5@OaK4? diff --git a/released/assets/rancher-gatekeeper/rancher-gatekeeper-3.3.000-rc02.tgz b/released/assets/rancher-gatekeeper/rancher-gatekeeper-3.3.000-rc02.tgz deleted file mode 100755 index 4896be13768d1b140b470722422bc11a055752c7..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 7400 zcmVDc zVQyr3R8em|NM&qo0PKDHQyV$6=>B@=ujpgGt%N;zZ1YOi_vEYM0J|r(c~FquuTG^> zv6yMw`k0YsC5^!wxPSXCJ?7~#HpCE8YgH=1NNTmZrBFfq;9v{-QV3cKfB#-{bz4)d+&$dZdd=?-|2OK==OGB^!9&%?uy#KHKkG! z@k95k+p2f&J4u8wu85+X$-V~=5Je(B@&lq&gg)gRk}BS&OezvZeV83C?LdUDVxod^ zWAy-qqC<*dUbnGWNM#a{X`7K4`|$qc0DjF|Xsnf=_6OvOSuJJ_MW%>Buht`*Q5tkDW=6M9G-+8o>yRkVtgBnWb4{rIfY<9w(e3 zQ++5ECJFrmg`}MIVbb$Rk`#aL_&a{r3sDAwCdzz!%R^0Y3GWkRaKa-ROyOXJOg)p3 zCQ=C`aS1*IdcK1i69rlSJ%GeiY@ZW}p{9fqJc1z?5JWr;fe}R~2*@T>a26v|(i?N# z-LX=M>~}gNs>bQLAMm)t6J%`%kZ4RgrS8!{W1ZD9$VlJO%nU#&QOQokM_hKwyqJu< z3!GkZ5z4;T2Hl9m8cZWz8zcs)pla&P<%Hy^2+#nyBjWyuDsPf;!Z4!SZHu70?S1P> zeTUQ_|0g6$QLbce)|R`^Bm_>cr+?8A^m61|X0avtFyB%&cvl#Tv{=VQ(< zviwOs;{%P6r|Jv?&O(C;G7aGfBUJc4LE#oC2f#FYI8NEc8T||U(DfoddV>>;`tbVQ zFYi5!sX7Q_D)rnvo@n8e)iqhVe)Thr$q4lVC@|rYDlVqExah=G2re*eYjI$ufe{8( ziLS^f7svof8bwz2_TlyL9akp;r4~vy>kI>dy7`Zvyo84b)m8Y55x9ghE#@%L%YvVY zGT*E_{zZC@f}ujGWn@ek8KLNdNSUHBc0wGIG*WQmNz+of0r+y`Ie{Lbc>Sc4k@E*sw?W%B0OM<9#lSRh&V(cFg!{HWuvoT zjA0s4HhMi`JpX)rg+Xc-FINqqZ6G>mA5g?amQE2l$LI_r3=|jDEC8d79A6~@4gY05 zUqipZX?czHYQUEoz+B~l8#BQ3CC^Y&Pv#u;AW2Ot-PnDI zF*Z|Suebe{nr{OCOi|8Osn^)v+kZ>#RK5S$(nIz8>hLJy=Ol8fw2IKyvRys0lkyZt zR4QGi)$+jL9;m4A8k-eAu7Jt6LZ;{UUi$khQ8OCWe}!=p5rwkzd5lqlLi#HC8dYGy z`oGib*7tuecDj4(_5U%_moJ^4yyL5cun^Q3K}#OsL-V`Q#eMIm&drVYS@9Fin8{nKu*zkC78 zf+!7}WP}elH{KYdSnFD*({n30l9(E^Z5dk>3v7E;j+Z8hrPV=hD`|$6Z{IbjnJU-t zXUbI$R+Fv~iq*cu_W87m(;12h4J!2==?fBD&ET_}V4sE44H{>>)h#lUQKL@LFpfH{ zdjY7-v)1i%vZpQtNur#h+kr8l+v%T2Q9My?7Y~n>VMnaoxR<){`VNEY+TM6 zUp0AmCcSf1q~~2w7WUyVHwk@k<-Hgc35gw0I<42sXKaf2zqR**_iHZsN{F~V$5*>->Sfn-K2 z|Keqh3tooJi1*<-ho6w(f{bv6;CX>bX1DwJr4`Fjs}Hdp-F$*CB@}aOlh*YpOH$<`T4&wP`>7tpO=y!KYuFKmPAo$bnyNw_&DM`w7Ln03|PSr-(dIg^C$SfU`oCM zJ^z%vq-y-UuzDGL+?Ii|S#FDQ1%yqX=WTA5GGjT?C`h~ZJ#Q7=`mY}+|Aetty%|tu z1`(JhES@@h3mp9{!_7|M$4P4oJ{DN%fw~1VST=X^Q-RveL$HG~st(sIxi?F`wd8#o z>DKkXbfl^!6Kf|t%d&6XiZVJO#T=JRb+$~WW%QJnX}lM@3m5HJNhhFi0V@**N6-)P6VCM2uFA<17g>Q z>|_dHD1Q|^O`L(4uo32ZLrkvvu)nvrvzHm8DeFVemP{k;!`oD<)07=Z&swsn!0<@$ zDwi@P4wzPmWSS%q#>f0`QP2|t>yn?q?&V)mHAG_9auJ31pePfKD%wHbupW%YrY!*-bU<-Gnz0>JsGw3CQ1 z?1LSFh2u(tkjPy)Tv$&pMSEF7|WM$IbwxERltHzfw#l?8Wa!g6d_iV=%h zu{1N5U`N(FN4e4nHe@UNLz%M-#s8PYQGQfXb;@$*X>bjUvJjbqmvD3AU_}*%+?^%& zVal>>S&}i!u;vcTS%N)P3ouC)kF~B*)jU4%3uJvzBE`~Rv<9!NY8!|c$+G8I+bveq zc{0AzC^)uOTpSA)+G-IWwIiHhrAFpjST9_7Mz(XCo@^W6fpYb^4wQ9x7U!YhaXTQv z7-z7~{Vbbn2IG`nv?cv(wr1`sS+9vPRjxW3cgS+pnx|yFZa$J;RR>ZvPb#8PS*Nn% zQiUi)X)wnzVPTnznNMT>3E8BaZ^iA&`=ihA4&EN0og5q$90Eg~My5W<)2*P|6d*&#~Oou~NyesH&Y$Os_j*B#|2bRn6jBME>0U zxto8s1h0=1U9ch#a+z^rK)ihU@@3h4ZGoT?G?3NfAjJb7_2I+e$$V%PgfeKe_%}ln zNJ4sN>gZb2g~Tb`9`*WGU*61|_46`t4Q^fQb;}byv*I0crtqqQ&SJY&mV%n8sYs#V zN%c!x!!3Q$eSOcO=_%*x7aC!0>MPu$Gmya7@%e_f#(q?#9sZFt6?w`jA$ z)wjMPHCHb=*<{17tPQ-Iw^29LLJ?DDDDkTx0iK|s#&T`16zq4u_l^1krDga3g=X1y z0(W_1z=Hk%i@lxN{h#f<7rX2I|D&YuXa7Gt0&lkfl&@WUGaEo7()Tq8l%#0((aOrF zXC;`!tR>mCwiG;|rC=^=mS)a3w-(fHna#a^248apZQ&)f1=rA?)h*>7gSeT^+=7TPzk>&zl?ZyV2&pdQxVQyz9DjiX^qS%qU2M|9O;DRs+R334D^OF&FeNGqub$6v_*u(4po0DUYhRegc7}!Ur0oR3uLNz*4j7 z{0$t&%5%dLX=I<1A_*;AU)#>Tx$+oA_HlyZ+xzmhF;vRWxLz;wHg*o^&J)PEopDFdku<7Jy z)(w1_X|<^>ci=yJfol=>AE4`T>I_p)0U3M2pw#v|l6!PFtn)Pt>z7X`)|iya27Xv> zK84=Txn9{g5Zw^Ut2}AsIz!4xME^oj!?OXo#S`eOF!{Q#m}Wh_rJO?Ud;IazId_L{~jaVQU6;jesdMS zWzY5IDTwAVu$qLh_UyTWAZeE6O_1!i^>Jj%I(fc@ z{f`%W>-!&%lkUI&|8L9kzuWDwhKb#Nrk6c&QZ}Y6T3uvno_;V3N8=^E zzxzeDb-Gvj8u`Ca@Vm57{_ocP|Mq)(YyJOG(mnM5wcyVM|I#}D{T7Jz%CJrkobF)2 zYTs_Jn!f}rkpJ5+>i*w5yZhVU`};q)Ev&1-d?m>_0Whxe)BAbx8|>q!C3o>#tfjR_ zgl1qJRxG1ygVM4#WcSqw`yisol%=GlNp;0O@4}W1CZS(FHPdLsP`15AZW*ypR{Aiu;Z1H4bm1{I> z6)JACM;zrlu8yy)amyLw+>vVesiN#msO%{@lf_H1NnF<9>G8pbWB14JCr8;IHE)~d z2q&2%DXNfgl#3Ks%7N=virXV|E9LJ zDK9<I{wq6q&e?DnHSXNJ@nUj4Q3|J(Ckf^T`S)H2J3i}H{jFU zZQW=7(*U!dD|!EOyB_~@dv~w5w*Nm$y6ye9zng_;R#my%P0jooM%!H^$gW-3=e;X; zF{)QK*B5Cky!qCX;%}60mH*j;v3Bm?I|9T4`MZPpD z^>`9fopj`Z+PZfL4|D%{UigkW;V*Dn4yb`wiFwTY zb{aQS&}4^Kuk_q6O`kz~Av29}RMNvBt;XSm#Mf?BV-MaqQ+uvKqe|?m+;m##S3Z6&E;CaOP zMVdhCHfN9)v`W5fEokX~o14%z(EvBhiN!yLJY`0Pg)~s542desY&BiX>P&hjW=OAN zPaazK^7|YJP1k!eg|$p-*n~vPYuyZ5hc=c%UO`eroSv!|M$9S8-ui&vD2_UR39q zK)yDfaVv{vd29Dde|+mH`k<*n{`+H$VtaPBnl=`l|LpbZ@xS+a+w1rrkCHavgeZlA zNl+Xt*Wq%E49-&;nR(?lX43aI;Deq=GEI!B6XY192u2Y>+h0?!kHLwbcFTv9cL|Jd~5J&UHmnW?E!f&>Lbl%enWM`xeU6c^}ifD2mu z$Ke@-R7lSsQPna3yEA|P{4dcl|7Rb@qmKSB`%_L>rvP+L0=?o5X@t`I$(NUj_mh84 zF1(+76(`e9-Fl`O{5Y? zVt9XY0Kev=#jUtmhw|iZ0V`Bpj zbY-s%$Hq4%G|d)^`UshI;sMHF;DnOdjSM_f{VfmakQxZTn|o?uaekvw8rZnk?U@(b z2BjK9F5rJKieU!=9w$Umqi#)|dFw5oUqnOJzhVBL z9v>XNJzmx1UpW7_d)=LGeg1FnuIK-wq>b`iHUr;;!8fz^B)5Nf-gWU8%um;Fgfb8` zF-!b+oODNwX?GQ{yld#U7baM$)OV0p*%3p$YS5N>4Er!f80wuQvS4bJ%F8hg#-kH!JJoOng> zp*d}u0w8q>t*k^;D!uD;m&;3p)VY?D&y9f)hDcN@aB~Ideto)z!KwzHA>Q0u7?n1U zY$-FW3g_U=WoJd`JbYU9$Xnzm4Y|y7&epl#Km!pe16iu~%G0VxUekNyvuz&h<@dLj(mn8^hgh)zEA3j1$jhLW7vrZP0Uv~T zrI2&YZQhA^buH#;5Dp%Ic=?O9~GNa=~d<4;=;!ihS!{GJ1U*4}o>}lf7Jm}uo zrd}{iNzf(TbB3!x;c=5D-tZk)Cjuoh^;JYHh*x@Fzp>5NhH$r+`VP`H40wXf@}7*4 zsnRuxJCd?YJbSu1ugzlQWhE6E>8(XNx6)Hg*Kn8$flTGym}JhUgUOD+<1eE^SLbW? zws})yX9)&$I0eG2*QMT=)n873h;FVpUBlqxrxk8$i!Ie{ZR#PHl{6>xC{@SAx0SiJ zoCk4mgYyZdYp^)?p$CU2zi+`_Z~HCX%6cSCn1a~kZ13&ArMJTJt}BrS=C`Sdr%UGd zJhHi}DVOjNWFCj;L3+KSbPa=QOdu}%5K)$1-F-M3i$E46;np^D;^oD^SK@uSS>d!T z$Ap;QrrFe%N`9B5TfNL%CM3l*oVafg=#OSEVNcNV+F9(K)nN8O=^6&^u+Ul2+JT^o z1|+)Yw4D>Pwc6%9;@Le|iG)u(t(tgwsK#5{G%_!Z&#m>ibS9TqR~&4_)qM4Rf>yq3 z81zd`zoYSTzUg?6mF}a7%4FSuVrs`qA_;dg_MCI-t3k9rZ$%*o_x{@^Qu={8$09FDZocX>~2jJu#<4&5g^|7m?_%I>Yk2bSv6T%vJ?HJ6#} zt{q5Z0+{*myF_TWY24l&5e>n9_XJMXh6vduvG(PlaSca{Ok@P&{K4?1Zd{U$dAL(3sFf7i<%HvLt%s?-^bcj;<16g06F*0-TJh08XPRM}||I1U6`&k+0%Q3%% zGy%$VJ#Ube{wx(4Q8p^M8X4f3*Ht2T%oXO7R&cIhU`SkXPtth|uar6U08(9MoO`u| zAXWbN=*qZG_ec%?UnEJ|TC~KtA|J3t_rG`cdUgNro$dAgpGQd>x$|JvuhYruTuh%6 zi6QXe&@Nvkf6$NBil3g3l}cp4(-~1UPS5>-#~q#^Yg?0PyKXb>D1q3CiB`2cR%VrQ zH{Gob&-;Z7i0!qGAs4Y-xHtnXGu_ca= z?O%0}b$CMDl+YM%`kEYAb)=NGIUYs)(l{*eIN=OUcuTKccauFV9^G&oP?#yBSHtX3 z0ojN$w{169Ta72a&9l51@d*k>m^%JRl5$DHVvK9>NKEKS8n}(F zn;*0OD`Z48157UJF&tnBStKhT4%igT4Jpl!9Ancpdwz+f;gPNU0s}5W3^hlKQ%=*d z;(8fm_sj0y&BD#AoqH|YUgs~*m{F^>$>)RF8*PJ4+XH*O*iIQ~Uuw{-J;f1+h>vJs zT+XuIDQrQj-z%d|H|_&*ZH`*N3tc%SS&9@iL3?2~Ai#?Z04NjiO&eNJqbt z1D&B@t;Hs?@dT@`WzN6RJf)$v+A`3bKW;mssi`TO357T@lfzM*%IpTXrZ3U?=Ptae zZnA+!asbb%k3L*#L^Xmrs7#-i!SmEtD?5zn~PHh}+0RR7&+c#?f#sB~Dc zVQyr3R8em|NM&qo0PGxVZzH$yKKoY;oDbIm)=E105$Ky^9|EIE&aiUF9)jp&<+m|MqFP6yRa5y_NoX1**sWd~=n=ywEhy|KnYIy%DW5y+O zmdiI^4uip9aDI9k{tgC%>fgcH`Nf;z=wdWFy*M9@25$z#v$Nsp8yGyp-kspBW9H4^ zi}$J??*9asQra;mw6fzPfRs5V^(;x5a}pDw`zabHrULmGN?oZ%!%qbok)v`==C$h#N@Ny$w0_BLMYE4sA$~z)g;ryD93FAB zsS$+>-*1$4OiBwbL%6!TwlLMEhEQ_Ux`mq;I0jY}Qlvq&M~{mgN69c54hBbG`>`*f z!TufQg=7wGKhXtm;pwLRzdIY8UL5TIHDKKw zSRwF}Lq*?g^6;%Cqk0@p(6QmsgHU`7S3wQ#N;SA%s=-l?j&bG~IgyG_0Z6rSMoUS0 zhAMgR6P$PfAx8w|^T7CBnS@?s3iOL+t!*#u=tbZ*q{j{RiD`(@RP%|%?8LtLys>zT1wD5-f2;h-P!Gmlf4PBtRyuJBlbf0FJvp5K_ z;ngB*Afj7~h{3VZ*OEcFyuB&c7DgB3^A~IqtZB(|tg_2nVk6=}a1R*wE1xcMuyJQS z1(yj61`C6hE({_-!%Tsm{0mc;z&#pTNHX)16PJ%@92iXXOo@LlsabG3Y!jT71ECxm z#Uu&J;|VauA!lYwENn}yG`Z`VW@uL$dmP_yN5P_IV$lAh5+ zWaYBR|4NKBM3T6BfB!QqHjSc=QeC0im4Hb&LQT;`%&F0Npn{4QS|}HlL<&?6te@n< z(UbelqjeoH^tP+$gwWIm#<$@x{eUlC(V%UAKVOozx~`l+bc`;TdY5 zM6{>-0@Dpe=V*l?#dOResq>njXtu1t7ISH~IaIr)H_=qcc9$^{;HOl2GO-E);V`#V zs?AJ92*fz@rPHa!Y9!tw`)vef44c=?7e=RO?dxw{s|xMQ3^Gm{u*Fcv<6Eu+XIT0W zg6fJ48lMs=n0>FY)GT>9ecj-gj5@Nkl6i>v5T;s6{X{yTY`9v=ON3 ziKXDTEmEu5uQIesT8B&)85^#~0!zIz0bQF0i2IJg8IN(mX~Sk%j(m;$f0z1?b%qJ$ z3eBU)_bmo>)PK%~gR@Hg=i=hs`Jw*v8t})j|5UXXZ4y7USA%MC>Z?KJ4!4>|Z?jz* zs$$gDiMILNE(}$1p0`R=<+8bCw9V_GfOIGz9STT$#3of^+ci+BbvDh0SGwPF)yJFb z*3|6YX|qs+)hhUSa}A6_cMCok3`Y_ua3iMf1guXpU>2S-RKV63X3W9_QIXw|Pe%@H z>d*jb!PVV0JTW@5M4HjwMfLHD2b7a&jm8&C-F#v$&1z%DnrIZ&R8xFXJ#uq_1dY*V zE7NGm^)@8;o>s0I2w9m>Gl`KVq|DDU2Tz%h2#j+&(1xfQDi!VdPpUcA$Ne24y3}cH zqQ2AO9Id6Ob^oj?u+z^x47@@7uTHO z&^JC5HV%c2mJDfE>Nnf%{y6FyX@NF`Y*rL3S=AzOCit z57mW*W&fe;m5Yxz*U`BWp_rRyT5`KcVsEa?`{D$IN~I5P4t)H0b8QoV?=WTFB0M2* zt=>BL@Y4@}2O0?&CsF1^UICLL-dgb(VRd{9A?%#8f;^oK0#hzrU>VASJoN*D^`_*G z2#47a0s+@RZg_?+{4b#lo_Mzhd}vjFeQ3!4?%rQs|M))1`E%^i_4^O+&d#d8|1dZm z9P+={fNz?9#NZO{;sm4_GcMY`*!qD4Z;``f4*%FD^UuGmgDc zVQyr3R8em|NM&qo0PGxHbK^E{pZzN^>BGLnik-ws$8Tw})5%=h%_QB<+*@f8ws@gP zm86pO-Q0h_0V#jU`toj)?X|*7Y<>VB1c3NZY?z7@G{XgR_=uRH8ODa6Tqn%9XvtFf z?(1PR8jUW_&;8%gXjJ|?np|AI8=qZHMi-~&lgsmWqw!>NI(i4A7ogn=xpmCE8+|pc z^5OnZfGMRNb3!XS9RS44F{u|(%$$=L34IcyabhlzPodD2%4PUDLnBgDj>#z;Ig{g2 z<-$a8j;e8qVkz2;#W;m9xUHRbX&t7O`wU8C7KgNd&234u2P_l6p|L`%DLjn_9Bphw z=KS|tWgU~!f=dvt?{6&3wW&Z94H`+fWrkB=Stdp7MLT#}Q9O&r(Ref-eCx-)h8p{K zm}ZhWv?sAvbFmo4xpg`Kv#oo;5jC}rzO@b{gS&x;dyeBro8u0D`1HIzuA_p5N>p8eY zSTL9wv~*z*0vcut^z2_4y9gf8&_B)tPO%tb3KK`xy(*aP8Pzg^gq^Vnk(U!Cti!iEO*-2 z6OKNAO3RDhkK1+q8 zC-+B=){*QZxc1f#GlV?j%ps59R>3t(QC>5PuP$Daq#csz+6BDrq;?ku39W}$o}uzd z1bceOFy2vgj#d~_OvfCOI&b-jddu=`F&8JhLzN_R6HJ9{cO4@EevV~MCRRcq9HzF6 zwVsIp9vMfzb~=@-YLPd{et!WohAk`RGoxd)_U%bmszUQNgN%~~>@n2x_}2Tt85TeK zpt>Z3+NVScWR#qV|Y(sp13AKwHS^Jbu6OF!qpBELHqb$z|0E zc7yUcD6NK=W^Q>5TFE6Kc?z_kRq$GL4a2jLlH8EN5O*V|+d#v|yQ>Nk4O-M}Ap{{{ zsG01bg!``kU<6P5*YSZk8nhi64W)KtIXKxsizaP09-u&EIMt76hZ==sie4udTZ;>NNbL%fOx&?gd`_lTu^Rz*IcG$m?R{Qn-j#=L=AMdWd7q zi@IHy&~A_&57~au0}!{1uO99rdj>-edgp_?GG*%`unTwlK{v+6mP3 z%u?{%6sc9vD-CUu)-jV=!p561&(g3+K)0p=0^KP%lVccg+OP!{Bi|zb?^6G<&M=`| zrg;$gp~aw<`p;xMnw084mzQU!ef{Sx;ICi*DQhpFjQXivQ?rom-Qv1eO~(lQeQyo3rGjVCS_ym8mLq{n|i}5+;6e#)9p=T zYWCo?S*gKh7ks+C0Y;&_h1?qqM-nJ-Bj)ZHY#t}TEIcQufNgI~n1valBD*7>jvUzB zp#jo@>-!scW^`nUG^2AD)F)TmFF6j@X!2~Wo6pR}NoCAf5sjjnYl=_GN3JiBpfTF) zWg0cP-j3ux(9SIbAuAJVAu-^DnB|Ma!E+)c0^^(xv?HpTN=0-26KjsuaeqsQE_Ga) zsCU|&qO}yY9=?|hUzn=0)zF`%Vz?mo62&@EqX`wvu1xPoRA?$CHPVZv8GK+>KfhSHm6=`3+&X^^ z*nGB*<)?)k^9l8#k z`UGWvR1J;o^8={0b@8D~=c2x2*bzl*7Em$em|39f8h|%HJ}GA3;0+0b3;jizTR8d` zY&|&J>R1)2lkRMJr}r%4%id_IOz9gDc0n7UKK~BT$ L@dFSw=H;F7)aU2{YBKfJ zWL>_#O~1h-G%Nmo1|MMOCT5T;@kfpzINd{Yfo5I1&NK&?FbB^@J6!kF^YWW3+sxET ztG!4Nps7@_O{l71&?2-taTV3Ju9dG>uMiyE5S=q=`@+KO!x!ZL2ls*7`oCuvquu=f zY?(_e*fWJ-ucTam?tq;5^BDD8|_f|Iag)8_E9y1fa`l@Nv8G|`gVRT6u9Q`{HFAXF@K|K`A_Pq#NV0{8)AmRp2p1g_P4 z2Ood=>7PI&e#LQ+IiXj;qzJcGIELRH-a_z{W0sMpvtD4z`3o#TnUSY{M6kIjxFf`V z)`vjAHIN%#p!5GrD7`1{_JI3V^|yzb{O|t5)y>ZzqLjY`jke!^7@wV&fB#{0-v9o? zo4|KDc zVQyr3R8em|NM&qo0PGygavL|&XMIJNa_~hQk=854ngk=7d&ud;pL#$E2PmDRWL@BJ^>J#)+vwK88|PYM0^X0*%N~IVQ(&=#0n1 z+J%|m998QQ#d5R-OK}Wwa9um?+&au__ZgJPEDmV@lG}=AAFx9Fj>ZbD#_%{g;Am4L z3KzcLDC?M%7F>pKb$4xHs!a`|t3yLSnyJR#R9(?P^zJvz* zcbFHFIkd;AR#Pz>q~1E68?@S+6gf_X5_Gg(d_;%+U!0FlH|_u3+3@tDxBu6Gb#q{a zz|Rg9eY45KkCu$;aWp~4Mh6c<@iANlHMlF);CiVB2RS;%nPcQcDn11u)yf$yCFvQe zH{=HZk4y?4WD{}d0@da1&F?4oX@)tAg8&;| zEwTn8y0y44I5zrPG66@$pQ!h5n~H&%F|EejKz|OuW;^ z9&>y|d2GdOz)YG6hpF=hk69rGfms#QKgszI3!iDqzzqTm@@~34$*;bI238QEe(rSQt;pRu6m7D{Tr$7r@MXyEIFgyt<$qgBdaW`_h4K#eXy{sY8qDAc%LJ$Ln zhRGe2aNE`Ijo@+nI^GjUi?&0np)_u+1}7`%(4^JIJrsxxr~VObP@|BHyz$zl6}Kkv zlXe*#dW+^T1PX`Y7CD66+i;=LEf7-Q=hh$Y^A`2lVETY2|w?XcB$nJygfvD3!cgEFWs05_LU-5XBQQuPI1IF*ix6}t|jyZ3;!nCkxBT&;5 zOTlkjq*g<(GPFusM@$wO8?D9yOM@~2U7H4objRR~$2j1$VKXd8zD54OOZ~?>!-R5$ z=27JP7K1wKKWC%iS*8ASaq;fFum8LT{PpWURqaKa#1HM&pxQO{)u58Xt>)3&Y?p?r zE9&Y*+k9>phN^3xw@Osyvbkim&1+vk>I+DH0cnreq-t!t1}e4ArrGdH_gn7zbaUOB zn%z5X7HY8C1)pxNfl=sg!3TrkNCE|J#MB*u^=Sso!c&F{*!sqdS(qRyvODtW$bn5A z8XzsWy1RxaMn{%NGupeTK3?&#8bvkL6rWU&+*}|*W3<`I zG#YZf4avQyoofa{RwmR;V#En4^RvvsQzj$=+`?YfS1VsULt*4DrB-FKTR&Mw>f_Q$ zh9D6B^WWWbvOan0lc&FZ@>J=*H|8~FE1+xbI9AZ^vWH;JU+ljbcIYYW)CH)%JyZ{^ z&G9{`b@k|Bm%c=EKX6ABoiTpRlw)RwZrAX-{qadL`3CPl7@X-Z%FE)>zhLX$xzvs| zk0$9(=C^vwBEIZ>mD+^872z&uBQ$5%5q7eq_Dp*ZM6Fr(&Ul(L@CXfg_+qjt8(*j2 z;t|>ve>*>quyGSJ@JjsY5d^1uXe!VwE7OJM;4 z0qcb7$^jihYZ6ykOWU=s_2T*e-tEpQleRA#d=Kyi`TyR1;I97f$@y?I|34X>o}cyk z|7*bCrvJO8y)V`WUKA0!`@vf)Tl&H^{70W!(;wbi`yzefE$%z}#WiQ>`^J6gqc455 zR2LSO{fDks zEH# zXe6vSiZUnk3YZk}){4gnyW?93fpW?U@^m%`Ou2A@Whe{s)DH;Oo02<19A-lZ1Y85T z;TgK{zl1V);@uu_->Uxh(2)P#y}!Kv^?j1_=b+K``wyd&)9UX(3{U#se|Q!6q3K5q yF5xatK$VA4u>PIZWoYKa%jR&(=c^J@n8+GyE?A0RR6a;Od(IN&o=UvBwku diff --git a/released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.2.101.tgz b/released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.2.101.tgz deleted file mode 100644 index 379a9493a42dd8eaf65152f3bfcc0dbc0403c20b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3693 zcmV-z4wCU7iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI}rbK5wQ&u9G=UCLbPZp)%1Kc`f6A3Sz;%6F5*WhYa$HMNz6 z$d-sT2yg+=jwb8>eG33dkrW@2<3}>1{$d%#qtWbc^sgI|B-{^C4i`k@4PuOP=*wVq z780qwC5hOpucz^NJU%`=w13CrarN)`==kK-xh;S}6(Nu6X?E&~i6DAg(Pqb#}Q8DsSYC5MFOd-{k+HUwcMoA;& zny@MKwM?*I+cBg;fV{N}ClRWc_&5dESkz9nR2rk&aS|C4g+ntw=eDBRJrdJjQ7S6< z6mBQI0F^IktnL37Txr6X0v#fpU7ahK3t2Of*K1uuFJqhniDO26E85;|w&H=e?@h*& z-b=ssoEq%^maqiXBRPOB`#(6^uiF2~(aFyKpMze*InGJKG`LsZpz%g2yxwd05K;wH z0fE1rzWrr57cwGRV*qo?&~!LQpAm_0OC%*Th6=QR8A42y!T>1O0+u3?pfQRW(Wty$ zZ^6Wju+;x(hUOE1v-Fg`D_l^e<#G!Bey>L(var1*#zIjo%!8Ec(M>W#U$Y*7CJSTa z-sDH`_}ekLZ;Bf1KYu%;Pa(1xrSf$AP*>1t|Kr25{qK(_lim6MEc6<#(o?JABKz1cZjYqj~XSW>R%(El$r>OW`#M#f_xD3zBGH(3NaJ?X>&k`Wwx4Z=`}-aMBQs>m9q}ZNYi8^L zRA31}KSUOJDjbDE-1Mgq3#EtD#p`?Sza(Br5@7nD6pYP?f3rS%7$8H9!&ortFZ)xl zjVked!~lbyiqSWVW;Wm$C`!Umr!))|_u9H&fNWL!8RaeY@znQ4!u7j`l_J8)!oo2( z#!n>G%QL|>e%7lsWx`L@JHfAn&{Hs|tNiGrLOF%Wcsx$qeZe)M9A$y=VY*+pJL4i$ z{tUo{V}`{{W-TX(2lw}8GpX~pW4%=z2lw~Wwa1z)GC37iyi6Fov@dZA7xQ;QUrJQS zb)laxqKNQdT4)-=XhwMNQmKSpmUY4WC%y~(4I4v^M%SIY!rZbtm=YJ)XB{G}Cag{UF z%8Hx!Es2ZlH|cyndN>^R9>JqH1AT6fB5}3wv$~AJs^6*0pq%Qn7PlcW61O;e0$EL&F!b^{|9yZCHwmxU)_uQ{g;kncl1!|#D67Kf7lwG^`Db*HUG1Je7wVd z&q0-Ph>O$CGAFQ6v{vvTo5X9`bZdTe3jek~=gXHN{NN{2BG=cxh!Lj$3!csNtRBli zndblY{z@4t?`I}v0R7^eqrd#cPTT*V(ojkG0^x_4=x`5y_+%zYrz`flqdKfGv3d;I zqNv?O@NeLh2go%XW(SrDg|pexMAf&Lv+A^eIV1kl=6?>x`_=mI$-(ii{_`wUw14}m zNuom`>F*XQc{e{QkBSw7J7bB`D6a&=O?^WOIJ!Yv-dQHhL@Oqwraw!O#CDkd7e8y{ zhFg`gW@|u7B+|#Um!BvtqO8#-w5f%CJ%C%3Gc|?Z1}={=*n`0WwfPepq-s96U~usF z((>@zz(K#k-%AVH_8`MiwhKjNJEcn*`fZRXERD1d(XrbshANoe?)Cgcc|iH%3Ez@n zc!hJ*HxpC~k3E2O4eI7dC9{8`udOz?@z*7wyV0gLIhCry&P7^TZ#!{5R{o+m0PWjS4PvV%N zyW6tzN9$7#T&oE%3ScXudi^F|ubVEh zon{vUz&Ab}bVxMNwF`2I!T@H=+DmdTy|*28Q-l4NfV4X%hE0KWCpzq~|C8fM_5RP% z;o<(y{-1-2!DJo2s)UwjRtK(99XQW*pcG-QmD+s4wG@mQJwxu@Br}{Plm#g53VF;u z_71$UO%0(P{((lQG>PIV@Px5S&{=RbDja38PJfB2pNF|lb(QD-dZi(GSh{f7rM6ER z4Z9VK*)iL|sM7ymX#9nysq~m7lCXSzSFQ_%)bB_k04pT%73GVB5jkBoDqqAng*@yI zOaw<54P1O|hlv>Z>E*?*2iJaxQC?{*-D-BM0d-#6b+p$!&A%ywaC&)>j*X>=QEG~% zB4n;5g|a|tm4RWy^+|7$x%JYwivcLNvY3MosRD_ytJ~P^m}bI3Sh(j|)P+(RnI$YR zT;8J8Akh~KPJhp5v)4<_GB#Od4k(S16XtHS?g8NeL}UpP&AgEC!VKvhXLu_l0_Aft zg;48QO-G{z)tUbLB8n1D^>Spjn9dR{q#6Zyi)^ImVo0PPQjNY&B#uZ-hn87x)!&PP z*Lk*JP!OHFBCfPF5It+O>eVP;qi62wtsCa}Uy0E)8A)8dx&DwR8l0$|R99WqO29@q zl+RJRo^vT8I}7q47L;qJB#a{0ppsccwRv;@N>FJddk@a6wZjY{i36fB@Zf^O8Htdc z8PxdH;x&>~LnFFw0apw1tBy`Wd2_L{-e6DHG5RG%4^UBQ6jKw8MxD=!CAucdau`ng z;j~ilt64IU&Qy%;<`^CDv(FM^VwDM~#z<9XZDzueoh-m0cRIDb8Ygd&{dxx?C0W)y zkEQTYspnt1Ru$TZ8N_WgV2z=U*O!k2Es1}VU&$!Qpz$pk1ygT0nK2CNcLM!htN+H%DxR0`t}s*LzF0cpqW#^ ze)a9K^(RQ87WFByf6A1w{p}f(pDph%PhE}Dw5Hp+Mr}6tk5k6}VLsSVc#CqWL&_K4 z)9Gu8V`J2grIpNW%!e=+jEOtrGi=&34Hr#d(>QgvFrnKZH{4|RMz@%#(?B<#tHV$Y zC3%{=jyhjY9`)rKZ)f~=d`o?hrio5eSD0oyl>#*}QzrOri_~h?t2C`Z>x8g4B$HKJ zTG(>{wD8zn(!`)}ze{N$?HxMX@)G!e!~BoZl2EQ=5jd%Dl?>|s{>M={|8p=t*x%)U zpN0PT`JbxlqVn8__H0mXpZaW2y27OhoVQs|4OM&8<%!n$Tu%&D`#f%zsLEw?%4nU} zT>@#BK-wjcwunut#8Otv=dIA}S__$}!DaL*&Np?2W4c$XufYqXlPI=Ws_MAeX~XvaUk2(Uix?+DSE@N0qkMuQ_%D*gS1Eyo(er?M_>HMD!F zX-*e=jAR{c(1aRhGt>JSIm%i|xu3q68WlZ0tew^<@1laD%*!lBMg`{Tm8?aa_1oME zy13A;3AtoXze(V-qer3b@LzTkk;ZHI~{i=g}nH+454XS;WKctJDJa)(JP6)=@LMcC?Wt zwIl5z#TQ<@a$m|8ZWNj;t|>ve;uDYDxJgx5>Ee>Ake^^LvxBU&rHW6 zaQD>jq|lgG%#-T9lp-^Y(&|nDIBH7-6c?&X2XqLnNnB|zZPUEgljHxb%bo5ENiU6k zcJxsEzg-=;tNwd%T>1TngZ=UGc!&R=gZ?!2-!;{JvN~{X7 zc&+b~)QQ))@2nTs>|s|o-laZvsgD*6wW;xKSwF6KQq6`4UsWAFvjOYb)%k{H(jc*l z787Zn?tw3&m@@kjwZDFobyp>Q$|`Bu9b81QkeYBkg{y=^KO#5SH{MXU`lg68^1 z*Y*Glk;TSS-yo<&rreo{?Nb{9K_I}m;RR~@T|#C(@n$c0SE}C8j&`)8m!tm#00960 LEki=l0B!&PUYJNN diff --git a/released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.3.000-rc01.tgz b/released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.3.000-rc01.tgz deleted file mode 100755 index a3d0a20d1a76cdc52788babe0f57f3bd0f7211dc..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3687 zcmV-t4w&&DiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI{}Z{s+U?`MCCf_o0WTg0*)C+UHKd&nfcgWOGb2g&pRi@{=+ zmdX}46saYtq&>a)?hBHVEXk5(r}L+K#`O}1;-6xvs#w1&+LG`fLOEOzjW>u1%3&bG z(OE>K_Ld}OufCjo-}g_Bj_hCG_v?TC36ALdOS~K*h7zHRbol^{_km*Wew}^%z@+tJS zOtIhCg_9UnLIRwEYb-0BS}Kik<2Z>7iNc{7UocTq*d9sfFDMlid2$m?xfLN61X0!b1^11quKZNB2fn|QwO4`twwdoTS;ccK>i zza=b1^+*n&%l;?FhjsgZb9l11|L36BaE^15G7avPx0r@e3a|GXevYUDs(`@XPT&1B zoC_Hftucf-WoSB_W59?+xFwR38AAnHzziWFN?{0;YXM7(Na*!$7khfF=v$4ZQL9-pRLR zmd{2l_Fuf6(Qgs51f}wH@=#aMY5)FF)&38C|73suKMTEvtL#+oef~Uz5a*O5^quYf z7CPhmO=i~DhvEIb?MUa~{o)P@XTAA>-DtJNutZX>=g|KzHR?ZT0_5S^=a-h@w@jV( z|4%Xd(m0^Q{*TB0N$vc9GdVfh+y8S=Ic}a29Ymwsaqouma0>q?X1y3S35h1=taZWh z=g;6dboidc2>18HKqAqYb;tsI)9cE`?Y5t7hWq;-03$PG${q0}Ng8JC0n}g#KtDnj zdny`5LfrJHkO-xR)CKkj?!PoyND^Z9pA?MENN}@0dKe-@jl)DR8Z7%$u#GAW0>lu* zo=Pw`q7${4^P^UBumG`=FzX18F_A|;`8sKRVh?ML1Ei1)@lZAz2ZcLC$s+VVi zYy6~FYs!?Ls`r9l38AN8;92$2M}=|DpsW7P*{CD_*9IUD}s8g^T%np)VyW6eX@67;Lw!v<&Cfk*I@FAo!dvMu7~?E1+{!E>lwKc`H~N<2&>ARC(>P zAXlR+9ZXD1!VjD+YcI=DZ05WqI+~W5>E$DhGt;?DKJdR1%2Jun;kYUo+Q^EV_Z>;f z?6>KBF?u*0_8!5bI0Jodk0Nok@Uyy%(yHI6%b=X>yGNE#>DC|~-mCpW&fwtP<#$Q)}?pB-H=2WT+yAWw@z1_t5Sow=qop4$?x*g9@lbq#C z5ng91=^(*NbDbwD5=n0+1V${(#y zIdH8ez$k&OnDQx%3p5pzPg6KKKAs%+0Orcs%_B{hBS^C`8=_b+z7k0V2o7OTfW1N9 zqA-xC2VYHivZp7emiX`L?dkcuw_Y4R#u{DtZ#+4w-~aIs_x1m0q1SD<-A?n10T39U z4mu(l=-N%XRAC6SW#etSm)_f+x~awfD?r*E6T`N^x)U9C*#Dc8asB?!@zHp^xBus$ zaxmG1uWF&?nbm=-Ob5;j9jHW@Yo)e8a4iL6M$eFYH|Y##DP-3kX`bC)QR9AWKuU8pTgry6IT^jpj(Xd;woE@_b zj4J*ArN*CVmP$`pDhVsrcjdZBNd2Ca0SjEhQR<@&Q@4XE?luA{x?Y5vU^gwxB5Y-}P$f>Kkg6d?;ODU}5( zs|*Yqu1|K0%&nKbT?|3FmBk!%L={L(T;0ZQ$21cT!ooezqArxm$Sh@{;qn%x28n@K zaQb^Oo4sCYma)kyb3kd7oG^Er^#BMDAtp(Rf#`XoRj*e08a;DYZ{0A*|4NLe$w=br?e)(^qQQyUNp;m#tpsd@L-`z~>p7Pq zwzD7)6G6FlO2Q~|4Jw_*RGT;VuN0LwviIQ3T06`T(j+7rLk})EoRJvWnL&+DEnXu@ zH8i5@7I3{Fzv}2DR5X_>>n-+lonTN=^bi%5Mlm(fXw>nD)szJ zH>$$sVFqy<4OnBSXF@O}b){(CqFVA` z$32)K#_8OApL-a!%Py8Yu+{E{9aO))GY2mC5aUEI4?u9X1T>xk6$tLUmN|yujxuK4 zkVN+do&4JdA1+TDme`<0n=Qo9VwJRMqE01TclA3@aJzmS?>NT>ZHJA9(mJpnoUEur zlU4(FP#|MC&9A7knhD8_H!dAoZm0)82pvH`RVe#5Q0UuJqz`eb?15%Z0sGar$JU=P zjW?)Ih5b{egzaz7nBr{taCz!#l%_S?&NXVYxqqB8_7C&Hj>21%OC3?Z@SaXzD;yi6 zb}X%AZeu=#xnNA(8J}U(o>{nP0-M&UyM+ne2D#-XyEnSSM4bk@^;{i>YA7wz+)dQ^ zdWxv8(0DuJ*W+87gEUQas=C57+o=+$iJ3CN@1{ttVZB<@3bc+1OCmB}wPl4p2S7`Y z-6c&7OZU5!7Si6Kvn?-y|F_KlC@l%)IuW6h`cBE9?(csbSMxs;|8W2P@8_XEe*UMf zx~M$&VRJU9u}^b0C|luDgwETnr-tf1n({>Je6A;k>U|zJOH}8wJ!Q1c>pp?BPay3R zNIS$Pbz|E$P-%2F?S_}R-)z*!i}Q`p>{<(%tHEj%e7rb!_cRow)?h+30)wGEEBI zydye@8e_(WXcYNenBb(o<@N*#N-5+T(rCeY70JCdBTEKitc>ynLpLV`Bwa)r?jp(% zNEn(8RYcX2so0Ev0uf?!+}{zRGZ8cb^{ocSs8sg*3p!%;u)|BXX3Dl5#(NF*PcBa@07jQQk!jMVXgbj*LpoH7nT$aW-#rC+OlryEf#K zKm96!%bp&EcEf-9wea2U0(9WN6NC9`_|M;e|NnXDDe&J@z_-=U1+6}9#BXigHbS_c zvq3G`teA6!yRz%d_Lk_ZaudA>0^#%h_LyuBp7!ABPY<4I)%R9hBi91DjTOh*wA+jU zsQ8QB2g4RMg{`Up_1i>DTCW?Dz>=-Sa%mb4jZ?=aCu z)V=jQ?Figa3l7g8wxRLz`WrmLX2oB}=Z-2TF@coRf29aCH0RKqqAW7gi3r_2^*bpv z78UcfelMlWOsllIQvi-OB?8I|HKhYOgw`gmESI)zUhB#6|IX!3_l2aF#y)#`DE{BA z4%}7$ot)Hu|6y|IAHLb+|L34TP5pOGb)T#boF@^w>%nV1H`Ik2_;)_Fp+3CU_etu+ zYutC%iyQW^uN&`EAN$nD1`M^W@$FbYZgx`bh6rC&9X+!F>)F-$mSxf~wThMyX`UWH zAmW5F`w?}pev@@yC4I^&Y1JKE#EFoaa6N^qltVuzH`q7cP~yTtCA3^-mHt?SbiQ;x z!q_=wIB4YL4^@R-{S;`|m5YxT=gzsBi5z;31PfITb1%-b^Wp#~4_In%4t)H0ajrao zA21-PLbyW+1s`bm@cyU2foZWl4xG%*^c)DI?$mPIu%q2A1iNxT665KV6&Tm{0E>_% z##7%Qs8nX$nThRF8v;Qnz_{TBYWrP6WDc zVQyr3R8em|NM&qo0PI|QZ`-)C@8A9u19vZc??Eifd39mn{*g_37P+^NAZZskSRC}w z(%9k&MQTYZskfW&en3)^C0VlUG>>-Ig93FZK8B;2;rwQ3OTvQ)<#0|kULz(bhk*=7 zrxB6bTacK&_DKgb3$C6HNtIlO8}oG+|=y1w?Cx9u=birKU5A;RG^WY3vr!Fho9qzLqKW z8@q54qe@7C6L5`XrBe%~F>V|uks(nyG~){w>>t<8|5pb`M?3p}3M$9VQ=)@tbTjT|HQNxqb4EI#GJJ*IR5el zJckb7kr?6bZWu@;8nX^rfNy$Ty13o;v(0dK*8^Z=icGm9o+L@bj6HxFECJ|8$YM`L zqezJB{sa=C^pLv1e$V}tCUZ$b%>I&su_+0zS4R&+WTOR1{?!rNf_#shN1Fa*X|b}U)6p_c|!v{2?CLF{jO!Dm~b+;aLkPfQc3mVRB(-- z^>R&_@)Pw=@Jk`|1PnZ@KKiIoPGIc&e%2lct_kHRON zbAotqcV{+}Ie$CWTgGv4cQ;vitjRo=Q)$JEl(7r@5+`szdnfdTM1@?J`UN762@fZw zrXh@`l$WB!1w(6Dar3?L|ZAgs84Gw3N6GneWxpN-hp7U7e z_A~YWle+zi{e6$G?%DnRb4Rf|x-WI&zly5gZ;j6S&nv&4|JmO^-r>KepjzF;#c8Lx z6WAzPEBTO3; znTaVtzdYyYZ-2AX_W!3cR1!W%_#q)W+JhfHnMtzg%Drx>j%rLSA49$ zxrW31z%rq5K3kTk`WACmo%S!MBzWBX&w;=HY9;@(zpMW|36<^NzG{-{NJ#p-g-YJ_ zkIJKBiQrCIsx-<=!EjUGkO7WvkXCe-DKpWE390GNQlyC;X8**`8oA+CWvtm6kP@j3 zFzXehN{cvev z1#Nqn<0#vOqOzT`r40Q#NEKE_T8HS^Z5KlwOmFvkexf|2eEx`UNie*`ndzGgY7LJ) zfK?6Z=18T}e`BDnHn{Ou6`;G(rZzd1>cTEWT3c^BaXwW3qE#oHR*r7QQ`979`9g$O znMyiH@Z4PIiHbzh8_IBw;RI%cDWd^|F>!m5KX|PI!ic-Jk@tv%((h2;3VB^^Jij=t zHe8&aEgP1Z3d^E#DiavIO_jbZr8fpW0EKTTPd``s**+(HVV|c-!Z1dz30wN3)hP$A z)dUzNuoY82fpLMRV)A(c$45s8M?HXUdng|8sQc@9*sYDX1Jw zHsPyUXnAUN;4;&JvqA?d5#~y%Ef8Ew!I;rAE*#<_H z{{K?r8=9rk6P8NCiuGN&E)r6|Bc%YWl*Ct*&r?R^WZ9?!k>CW1usbvn9APwc@v$8y z667Zr=f50W1rf$YrLl7T*|7%Hd2QFxUh_16W(>l~#d$V1ks?8K%ib=Apxnx020Ee&BqpwIW4B|P2?t@}o@Y@PN@Zl0ve0mOgHnUUK+HM) zy_n5jFEz{9WR*FfG)hjGyUn@>gohB51xPgWLdr`sWOtn5t&j+m&%^{GtrImFjpkJ6 z`X7imPC3 z($YZmywR#xt9*@~xvRHsnB#vbM$=>@arye{Ly>53qIObUc2!FO8{tqsL+N_Xq=@Y- z$iqZXuAP!Fid=(Ar!m#$&Ha|5(nj_koLXy#DMFfrL}Tc|IfqjcBRe&y@v+5gB&mi* zbln237vz^6orH?!a%H{6o~{xMDvBPWqS7d)CK`=8pO#B>ZID+NWGbDh z7~3r{I^gGkrN+c+6Htw@s?XZagd;myh+*M$8hf=)zDD+|9f*`<(eONxB0!~{e(6S4 zSU=1lZleJ!40XJ|VjO5mg6rZ+Mo9*(Z^ zGsHNZ>mPFuqqf<_f(N$R-LQk|w|8d11s`IZ=*1og&K7{iQ=kIDo!2tQFx*ncj2n{Z zzMzwT+u;4hNy8Frv}nDB7@9AWHciy2gsZN8>j`dFkK--pSflN*)=*jp)`OEJb!gIZ z;1&vG45#@ORaP@0neoP@L(2{I;3uIY=%)&0-v$bOdy4cSPL(~-%qd{M`u5QJ6Q=PR z^{KFb!j!Q6?HN;?E$=T*T#eGSX4|6UP2!KG;!sgL0uG%IDtW>1%~!W7LkN zrOa*2hcFY2iCg0{Y}zvm7foQ(I(4@&q1zxg++_Dgx0tBYKsTPN!%z*SMVh;bI$uu_ z^%WX#XZ&`2OLLH>iB45lm}Waw0yQyJCiq=*>u;&11>9M<{ ziDBt}m(oJoJ9M_?Iq?66`5&bvptzYjsA+Nn>uWuwF%Sug%Dkffy^Je9q9#2?0sxk%rrdG6WKa zW8JjX-^)!7(b8{rHUlxWuv6rPhU)oiXI;}PHU8RUPDplWtJnO5_8Q;wnm)I+uRDexX`W*x#Um3 zN#L@h2chloUw$ooySo4#`0sf9>adRg{N4BepN1X-|2+nLTmD?o^3z)U*4Aw;g!_;U zYQbj3oJ-u5U1zqpM5mRT=tU3+U+y-?WIOP*15bZ>@Kme5x8fSP640%!IM$}!WDG#X zUu-`ZHmE6VR0XKt9%`nw#qljx>#EViCUuGSdfb^rjhEM7;}O;?{wh9qR5^(Wq@4biBGAyBLo2|c%|>7)QMNP z@2nR$>|s|o-laZvsgE@nYE$FevVPp`q}mM;zN$KUY6I5O%d-v3q+x0mEg{l8-Ge~H z31#*p>R|OI>#j=rm{roMJ2;OMAvNK80+%U=eoU^hZ@i(zxr0h*xy&m4u?XpG;e3R# zbINeg$jP6o3cLI%(5@>NAJ5O6b2Sq=^co2ksvPE?pJnI89#9^z)ZQHU`0@Nqc>q6Q zKvIQpix3Jv(D4468^1*Y*I5kR`@b zUn8hgX55*H?Nb{9K`6ku;W=viT|#C(@n$c0SE}C8j&`)8=cE4w00960)R}#70B!&P DIrk=t diff --git a/released/assets/rancher-istio/rancher-istio-1.7.100.tgz b/released/assets/rancher-istio/rancher-istio-1.7.100.tgz deleted file mode 100644 index 777ea80f75220dcfe2a3051981ff7271e74a75d5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 13468 zcmV;NG-JyjiwFROG2LGP1MPilliN13=zcx=6*zLXV*6OsTVv0u)VY(fll9s7u``oR z?M>w>6bWgVp-6?K=CR)V_uGvJ36h{lNgU1COH?Wz5kRBS02+-(qdPD?>yic?CyX4w z`=@(Jy^XmT_d9F4|Dq}Lx0j*k9B#`l9xI<3RV3;-3| z_dJK1wz&+o<)GMnz5$NtNBr++l7iIu2lV%~6VN5~qR_ZAmu@X>06iw7QStZ>#(f-rYHNG0pPKkSV&{2%@rHtYWo$@DxwGI907 z@`tr-MyBg84EQ&4sR2{MhqdlH-uhOXYpx@|<9I+E*VXfkjuqJ7@WtQjYhhS4h@81Y z?HGWz7_y~sWm>?S*ktX5cVR@A+On&_zjkaIb{5ycG4W`0;|Eucw=h^uC}CVXL9{kq z#L=;6_qso$k*UWope{8-+DY?82C1Mt+eAgZN@SsH-gl17(w9YWJu zC~Kz!1y{ZYd$H(o%Un5sm;4l}nXA>`6ZU#!^jpwnD{xkv8K01u89Ekui*-pzqxFhJ zmu5u7c!lJ~i7w$2<>0NzHOLvA(||-ixs0M!2%K3`tm~Q)4Wlj~JNE-(1GyYGG+K^@ zZOPJ{SsQ{#Y=(r;a@d8=`Jn(7UN2f#^bW?vhDp~^#s_{l-aIhFC|Fz3I-o5b(XUgT z?)93zVfU2g|9trBJ_c+r|4+t~VI%(^BBjUw?9IvRcW;cPU27X9`~P4v$jJXN{-b`g z{~sbfA!mFBh;8C6-y49#wpu4~o)u8w{x)I!fo~$P6JMDN8m9ISGIKmLxWoNJY%=89 zF^Neosk`L0jaKW4Y=y}ku;nC&P6D}42opoeYvpJH8$*$B!NDp8k{wsz3)__+VKln%?H3VA5%7;Gw@ds-X z(MQbqu`VP&N6n^lbL~a~MYe(es^aqN3;sLRDtt6OoBUePS&+`?v3}@kiAoX6Ndk*561=YiE<|xnoN^UM4>yj*~>4gMm zVB9ejc;NSp5|EP270l<^okCFjB?x7Zi%S?>>V+VKgxEKb&^(yS^oB$MFapPV0WCy< zV}*=J3xIdY2@4f~6xbRJg6rQwGe90rg9H`qx(|Z&(up`W*n3zuA@mT0VM{6cf{}O^ zf`AkS^g#Sf+lIM7i9cuaVeY%Gf5TRY@6DaXI^ahD#DI4??lTmKK>VkeRjL1MBE(&f zsbRpTK}7RqB7|3RbwKS)ZCKQN&cJLlIr1GXQ382)iH z{)b5E@mECH8rvv2{|!e+qs;jaropH={~aRvAnd#5-FJ8mL)z_DWG`_(5MA+#W@)SZ@4CBM>;F3+O8L99Rs&GxzOX*{WoPt_OL#u#Bk#XSba} zh+{sSIbSz*q>uE{;1kRo?C-687BOk!RxsK-rG2wU^@hQWAwt)PX{KT0I z%E$P`{*JC@o(FKsf^nCAb>90f9S3HWN zc8!-33}aexigF~9+kQsJ>-aW5rzGQzBpM3-8|DUVwEl7`lm^pv0DDSXXvp#ha#b_N zXO)`C=N40mz3RQ{wM7&4!vum_kSY6+A=yLk-F2i5_CKy~UDeV?iTu|aPI@`}pYgbn z{|=GT_CF=YKRX%jbO5J#;=ZE9`(mZNB_6|MXcF6Q_=ZfoC`W!Bh*=%tKCn9rR#q@%&h<6WYpOI93*}E z)FIA1zIsxQgLtKsF*vz$JXm8~ws~i+K+=hTV3CRYBWE0$(_crx6Zyh?=hG)5CmLyU zlaM&KO$=;ULQPLYez(Tz`~QGHwP^nfBphI95g8yL>>n^V{PUqn{U}q>`p3g=EsOt8 z73_cEV`lyL(Ehtw|M#EvUg0=Vc3j?AaOIMx2Cm!C_#V!Yq%E%?p0}SFC!x5xGcv3C zp{e%eq@wjtZ71pkzDsLR2A8b={-mGL{|*MdVPpSukksjPQoDRGGc5yE3UDg^C%f4; zu3m;{$eC~l7idOWcGzF&J~P23wc`CtK<9C?O}c~(8u6mZ1y1gF7up6w{gdyq9eKAy`L6&9!lH@+!F-PB zeC>)4rMRvmKePb6x5(qjc!cl43R(HKEXmO*gR6ZJm2W}p_M&tKFi13fESO1Uz72kB zoCgZX+VPFwjNSNELAj7KY9>^&aVqj#>bn@7)L%;3GGy2lYPMCjI+muKU7o%29XVm> zbv$`NOn3mMSlJsMPL^+nRivx-_C4z9m4h z8J)wn(_wjR{{S>zuwUWYg43u??G_%g5i{WXSN?qd1HRKZCTKb$J10yoL^(|OQo?jR zpr-ticvH|)O(t&YmZlsxN0q75`RN&}Tp-kx8){lH+He>^!Y0#rU(vT(oq zaCZ7;`u6?##mNsp6rm^juG%n?f5q>h+RT8X4PQ{DlEELOk)??X;OBN1w&iYk*?!UP zSWICelNl_SW~I9hgRbj??9&C&uFGFvhuvW9!SqYj;5+F%wmIr(F78@*u~e^?Sm&b| zT^-5-dE~wnuskGB9t0JOV@&e;H z)&9mCjBTh>N}H_^NG?eW`Y&Xw6E0i5*PgX`$pE!YLBwq?kI8$Ah8vss|K|OF?bRUx zl`TK`ixPvbS95v}%i1yHvB$GP_(u>70%{|8B*K6Rgy zH{9h@;+RM{Hbaj~A!-Crjd*th^MsP;UGb`d89wM%cZbPlSR|!Z;E)v^yz2Uh*OH1) z{5#b~q5eeHQjU)NIkNPms(pqWS6c;+7tKlg&tbQ{695o+Y5b#|?}hsJLl3n!Rj~gP zV(9(7{~C?6?>|SqQM3OaB;}5D-}2F}ekd$A0}R*9>i~OSsueJbg^KM&3Y@KHbdH$h zkE+Fu$m76l$5t;DKCT=7cF%Crdn6zqwtZkz{i9)FGd) z=$!&Vc!}t6$C@vQzry$B0EE2uY53lc-rPdjKUCz?E>%qLF80syn?L&jQBL*0MG_l5 zVVTIa`7F1a;K0CfHbnM!Rv0<84(sqtUW+Eww6DWAm@tzO}?_{vEq1|Y7p4RLhT*wBWo(#mR9_gy{G zSCxnfaBnLpZXsDj$rP4R50ow=<;>OUmt7W{y0qSUFNA+$0Lc7F{Zes-WmghgC#Y;y z{JUsY%%hjh50Q%Yf3)ZKYPtX_z5nUw?tl76&HjIo^sx6oY?fs%fFvJcdD|ZWnj4_z z2B>)fS~=FN5hONQQxE_Kcg@(x%z zFUwa>m(0S+_$FXw1@jYKe7BjHLkSkD+DDhJ{ZX&DH~Cz(opfH@j;rfTf4r$XNp9BPFQ&r9D9UB0S?m+Is4^>%s}(!% zEv&{$Wb37T^%hl)3mMn_G=R(XELBo}hof9Y*}iqf!qv4ofK}i#|Aw(oSK;?mZCzU5 z2K3tD{8P!5A9<0qN7zE2uuA=;hM_IY;fmujgSkkt5~AZg$r9hpoY)93pV7tq4)YTh zq+>q%*0c;t(_EJ8sqG~WhvT;2Z>a)dlQZ!`%;4-{w=J#=8N_1K?Nq6h^>)^!ah>=u zu+@;_MN^pRFIS8GC+D}PGGEI@%X^2WG7o2TLJ0nR{r>#zK1TYg%)&+~P2F@$9~D3J zHMFO=wcqeYpr}S_Xa#~78OEmRo>EQB2R|s{;N{#I_#rwxKi1DM{f3a;O7>eGqK!iO ziTvC`NLhzx@ZQv4&4#vL2U3j{b|Y14Q)e_k)e+I|?5aGl*H|#<#Y4feGZRq3bxTPh zH!#v+e|c5iuu2#G6>1N%wKG)K97dGm%RUrF$c6O9Og(iU`efRqLnM9tH~GGX-m(vS zDuGJ%|HGXA|ETf*c$l=m{wJ%bDN}94QAXl}fjjG@&jX6ee;wlFOdT3Jv3fP7*vP4E z`A4RHO??BDSL=D594LrgW>*)Cu^jht9@W zI(dx!@R+!cx4un>-59{nmGVYQ#L%JK3j+JdgNQj8iW?28JYm>|YDF}>W?{L-w#0PN z#Gm0$bLO~CboT-_;yDkO=ktq`<8Jrn<|ZaIt8dfDblgxxM#ukz1+|S4(8Bes!y}ln zP~F@`rt?o~$69I(mv+WU@pZ^WNuzb?$CowG<^rm&XKYtwP4oY^91Hs>3kBwl!3&~j zh?a{WdS>e&IhQ6{sdQm@q01r@FSH!1>ns=i!xToqpJK^NSo+4wTePm|-Hi`34vp2h zwHq3(BOa<<1ZH~k04fG+E5eulOVdeQhJZi?zhS-bK}Sr(|HC(Z?m$(zyyP?FuOhe_ zi(e-DDf`jdFpFZDs#8Y8vI3oTg)-7sZ&OKh!_pCvpR#eE9-7xRDW9tE|GUSA-d_HL z|4$nE?+~f_`0pMYx!J&6SX zAz|4}JZPib5nej;sLib9;$Wl()cA+LCYRHK0~C(}!hpt&>2SFSfpPhXHx7BwEcdaEvW>_4_W`c>MX zLeT>7a~h$?^^n6_I!l0`(B~A;ymYKfVgjAn`v(>S7YoDzqj0p}`;oxL_uM=9%MYm( z0%0hjn|G|zUyvfFLTKcpjW3J=ga}bRRfO+$n>>l_HGrJ_F>);U#=>Z;CF9}Zgmmya z<`40M%}((<36+avO^3)8Gn^ssqT|<)&rseNLltCp*bO5#6DWN_W^0)(o^cTIv=OF# zi0-t7bNo=$;18-{{NX&pTKo>C*b)vV%<){{yKGo_vvL4(pfMaVYaNKH3{$M2C1L_N zGnXc$lupE-KgY9}Y1_{yjBesfiCF(ryEF#{za&YlTXjtxAF+Y>?Ulw0tPh|SHh%y;-aRxoz4}W$^rH-tz6jR zTo7cT_ryL<<7X^l?ueB#m6aHU_(irff9EARA(8{N_!>AqS{Y9**9`f?rDN&Dojd5~ zo`n+~shFdz1G2o}zp;K%(~!*JN<`K|KGQ}bje1uJ#4q)0ImEPmP#gc zsx-xgAc~6s@ebNs7&%Qh?-?^=e27EcOTMa`jzi&gQ33UC47g56PnG62vOf;)+sVo2#R<)ceDJ%1Nqnam+KPY%?!bDd6L4(mmK$l_$0|xs#zRmrSNre*r(!4!iGxN`W z^5sX*yfz&dnV$U4nfjRuqLuYvn|9Q+{WxKAQ@!7IBwi+favpwTXo=B_fRthLs>jbn zMT`71v;vduZBm!4E5tVi)%-Wz3g+uPzsLSu%A4oz<2SbN0ddoyy;R3yJ*7CMz@Gm=KO8=3IP8!BptE{Cw{8d>KRb-O9Hp<8)TNi~w?nWvZ+w_6cPZoJFv z`4o70p;EDY#=MV^buPqB1sZIl3%V`9PO@r^5^Pf+@*b-@(rT=|li66BW$LZRlrr3i zELjsVVWd-BeYKo8ubSlxxn7-^yRfvx*>wB?4nSRh6{+g&wwfs%B&WWKgGee6SyyqS zoCa{6`l;`{DvPIxmoaaUa{@N%>|>mG*gqCR^0pIdHIHQxXQeZ`ah1zk}FfoU5oom_*!GjJ#%FVxAjVGrUZ~y*A z>z|*g-o677B|SEChq|`#mX-U?y~Rs;GI>A~m(_dK&oGmmvQfuJVy+r;FI_P`rO$fk zukoA8VpQ+<2@@9(x|!k{>UXx=MbaE!kB4@1Xz$)4O-*TCLr`LO_+0AP+yXDt&W-J< zx#ETc4vg^0$G76>7#e?pGgX@@tc_UR%FQ&|dr{wet7SqgR9`@wmyb3M!shknfK-?E54b|i=l7W{i&&bn)Vk_T% zR+Pc6m!2t8C4DocQoE%6)L9aKpJ)LUv-mWy%51(8e$dgB?#Z`z#tuQ%jvO0>EQauD zA1pb{%BXIkwNb9Vly{iQeORjst|}C*u51g8QkRQK1^k?LZdZm>8c-QphG7(65AAaQ zv#nRSGW(z5AnX5qGU_$`H!qU>k zMtA*1i~I9pw?{}AVX7gVzoo*VYa-R7$F-Jl^vW#dJA`>-%XR=Sm^~&Rpr1Cpj?;B1 zVFsa!Rv3q7k6@(&#lu{D`)%<-`~T1~@zzO)2%9IU@^gVqvMi^_rbe|*vG|kP0StWa zH-E;vCjQv9OUjH;-M$q$z2m;$64!0%Jhoa=Uvw_z6vK|6+t1s-q_JlqsHqrL5$|%R zVN$VNnyAz_(W8xqo?@orQvk)8UF|qA>Qu%AOAG&V_d+08NhvXV^Rm)nvTd8<{Y7cB zqMW9+EJbsN1syn6svMZ+NsSJg?m5l|vSb=@V5fKqQk3s%`53)LJ*VVj`w#j?S*J<) zw2S_h_f=fP1w!*n-cHw5~IIA{^$Y$K>SVK0`hvg zZpgS9VHfYij#I0PFQ;R61KVX5+F$>7OF5@K$oTKF{@;JNcyn$t&%_j6y!a%($Fp9bwYlbjV(TKdJwInth5U@mgTEI)iQlfm z6#s>p!_O%7l-HwsMb|*e)dHR6uYc{!Q(2cfXd$g4|DOqj`~gfzr&=g{wEuc z2e@L*v#z2#9vVM#(sr~Qo5aU!&K>N=(kb%ArgOVn0j0e=r>|92>$hyv%n&&8E#EyR z7pL3^sK^+ZS--{DS2VyYG`*|dZp!*DPrbA`{BE}IBW=Ib`yc(Iv!vRFtD}OdN$UfW z>sF%_C{DZH|8($a7)*pJGCbWu~WgZFU}(_FvQd;OAv*~m{{ZrV-$!(~w20H{R%>mNAqOfJ^07GEL0GB-b;gIX&-LSLHUU+JBW##+}ThU^_Ox+?(4liZnr`il8lfMcP=uT}4Tt#~7=p^aP2TAlB|ga=;>V*~7zHqC$;&R&clC zS~Zw|DEiSi_JUp{#pE;BGio~lND~OnKNdPVRiVnjE8eCz>4vtSn;Er-@>74)xC{UH zQAVwg|M%dqpXLAKNyGmSl4|Dv8LwqnBFmfk?9ub)4=0d!>N{j*hC%sZr={QtxUk!r3$dt3Ye zoE-HV|L+G$d))tucVXolK^gxa_A~PTus51C{+|w#%I<%Ko0rEgFE>hxozgDrUp@z{ zDgu_R|M94wz5f|B@gEM8_Lct%`Nt;v&>h~LK9ng*u^EWtq0%_UF?LFpk<=b~fJ@RY z>tASOs0<5&0YEnKf-?PIzn8QB9*vs&--Dzlf&nZd^3;?j-GRhWUAph$%-8b3(dHg#6==f8 zS`qtFN+v2N(fZTKKaUVR8vgKd|B*p3RRou}0uR@B(JzkGSJM~dD|!n{D?~a7m??~& z(%<7EtZOMuVh`)>Gx^u)+3S!w;AS4Bfo|j@PVzU7@+M=(CYOt-|pgU~dcCP!`w*@Y1*$04LVXJ2_?A1Uu{Jzr2ZjjZG~n zK?8vLNyvc0c9aT6s{E!_#42bfPAChY=bcripo;5AoQ0p0W@?xHe+qnP1sjGDt!jAx z(;vcqpMU=|Zub8}q)(rKO&@*7!yzFTXD-kL zN9X5;7AuG=fp1Nj)x()qCn>_5{;Dtavvd873c<*-@#2wT98gfik3i|9oDx}MR%qmkHYxpP#00Arzn zxZw&rK0Os-jb6V$$Fg{=LX(4MM(gdIh>)Nhh;WfCPF(z(lRR$ZaY~>OhP=RbGj)?~ zK~h+`lg-K+iJ?GYi7I4|jV2gRWu3soe$|nUtHP$>MRU^rGl+Iy319712fb+g6~f|- zy%w)I&2#`NUW$p8WdvqL6Y3^7cM$DVXVVWz|HZ7cQ8H@(7YKRN_V!bnhq2+(ZwZ=G zL`FPOSTw>*&eJ!@?4oN1f9b#4P*RcXH@I}pJ`94=*Yb2x=mtFrKcu(>&p#nny!ZpE z##OvJnd0amtt?H?Tu{3+yGtKwWOOdw5K8ZE)dn$3!j2Y?l9QM+R{6S2^W*6bWm@!q z3^|*#DL0Fv$X!ek=ZnPF0OTp}4tvsVTnKT2fqh28OBvx#hSn=va!wel{oZgB!esq@ zB|052p3{yOj-q#CDmTqE$VDeJWE8U0v$d~M4!Y>zj#TMP2(pPsF}GKSz^bIbcCM)#gPt`GG)A@@Fb`a zj|$4>rKAl7^WBEEVV~eV#{2b>^e4OZ9?qHs&zfc3%^giO-OQ9B`Tk`~X zdxRl?=NBQ*`)=Rf7 zjXp&gj*Qi_R#TH3nLNz<9E&8tKsRzj!$Rq>cywwV7oi}+C4S$-lh;L68Kr!!;=#(6 zJ>ZxzUUxrZ#zSW&YUkuIzac7bxvZB_$7&c@ri_O0`2u-z>s8j(yPt|}9Y0!8Y0zdn zM4P!yO0);KqpLBpx0$mU#j=JrsS>HV#YGAFdqGhJB_SvjSSmkDi7|82aY-A)dfSf8 z^z{PqRK#LO6VLl;r-O>74D@dd!+2(ppPcBDU%lW34UJwfP>G&AO?(Ct+s4Ky=;AaJ%sQ%Mk%@=KEkQLkzXw7X_uq@{j6~jT494Bc_Oub zCc{H-@!h%;0Sk9L+u@oxsDb6uuh?q*%n2`DC(m3*+l) z)@|D7pf=dAM&|_5(k=j~w44!pKu76B_V0&QOE>92X_xySIQY;oto{J3%>G03{`Y9q z`2RmhQnr?-JMB@=NS>{2eg&L0IZ2$J06es_l_n@}dELivfKu#&uC}MUhk2;0?1E32 zBTxaV<1HNTR^Fq8#CL7jqhTNSNY5Dbj2;uU_`BH7%(P(dv_nI{d75$?x&S#~Ju@tS z*-ezv-BdeWCk&x)-QlP|dBXn2_^p6#XEb~{7#+PDy?j=Vqd*MhUu0Wc8Wgy7q{B2r z9ju)!Bv`9*nrHOv8G@wZR&T18#S$vAIFxPeNNtCK61sW^6xu~n)#vlZTR4njo{Z2( zvyhuHrkxTxdHcwvu>?-!EK3I$W7k7l#d*tDFMlzvjK#gZ|3?3BGnCl9MIHX%`n_?^ z{^O|e|9+UXpZ~XS`7C(QFhGEYh+-=}A8qJGOL}8ao!D*iRf%rurl@6S^yZLxD`UUX@;j`W;L?GQWc4^koxfH67<9#D>qTlfMp zy&L}~Z$x|KUF=ucc0vo~%n#T2yh+6*#5&}t!Hzk{SlyZ>_x4z>G>z(pJPe$*CCd4p5n+8!Li zn0B^Y0uaz)QLdl@tz}11v5|o5-BM5mR>W&QDtSqbCG%odROelsTSBGZ;S3%Tc9bP} zx0@lAzuK8h4Du-go<@FTx>}(lX>c=rEZ?Suyf_H_fT$%NoUSHJ*K79pM4h?YQ&9sT zFSAv_fZr+cHqH~kR!#eO@!iWjSTu7E6Bf)y|es6~NRdrDwA?9MV^ z^%#C$o@|=5OWITZTRK+Y!*b)P9MqI$C3tMJ{r%|GfDRL(rfYA1bS@Z4Nvf_uWmJetb{uwSaB1G|)+kimt6|%u z_^5NIwt3y%n#aeasEx46B{f$Sq>5r}mViZYH?<_hDMFm4U{uBG9SlQV_~6LwjtP6} zSQjez*0=&L4=QHux&L!kUt$DMw*U9@{(mQp{oi5IBi#R4^_n+*Ztwoqi)i4PuCncy zY~Cjy->O#u_BvqNfZdfh+_D}hr`!ZgCD{6OH_TSENMUd$GxdG`Ztd|i^?mew;ZNrR z{{2!wwo*id?=tzSe#W{o7lqXOm}D2w&ve{%klQZ$gKAWni|QLRR28qq?wQhe@Ej<8_hdiLI?2sg-%eMW3 zM)W&>fi}u@ee{xG3-NJR2_%JzkR444d$TyQbbw&JLJa>x%@qlqe`alV_Ck%R&{d#2 zq4wh{i~?#dcQl0Ih*|vE5R4xOHnnc29NyM94H6wD-%6{eeNYL0Ppgas>4TMCT;8Mt zeC^+OHBbwq$D@PysU5@HonQ)1_!4yoipA(Kdl&_$;P)+P_StRm8`GZq|LH9pnZ<9^)py-s~70ko~q%ACWbq0p^y_oeaXL!^7q|K~P?Qv1Jgmj4g?lSco4 zkn{-oziv+5zv_R3)}Qn55ah?}D(AurCeUMHB5GFE3TGSIN<8KkWjnUWZOXQ7^M_3~ zgoSO2;=+otsLjGg-_>(-QtOq82~;dn#Gfd6RTTH<%mZp!_qo|!EhI=R_&!5AEX~^* zNPtFzkFoRjFVF0`|1bOs9)QaB|D#DStN-mE^_un8{H~9TpEjVHXdxR7ymM`s_ax^|f9>Y~tvBvx*Z*KV zYV5xbk{`hV(=`;GqpAn6gV|9DQ-zVx%s zpSE4~{V!w9t7*^mj~;FQ5ETw+= zsptYw7%K=L7fav9@B!_O>_YKfQhIl$04&oX6k?*&A5`U0we0`;XCHAYS^vZSFt`6t zj>gUUKSX+j>pz)O_bvbk?~nNCqr~wuqBD(E{w3D~KcXd54NvBkrnzxceZCzL<|f_Y zdnGSZErJ${s$Gb@O?0VzaiXLA?z+;4=K977bGdEEVbCct3`ZctU(h=c0d?RHyxCzd#XGCja#YS^00+ zYu^7JCOty=FF&VhmjidT{+uf2l_fG@W2V@cDgL{dDHe-@wU|OrGj$JX61{8N{Hah# z(Bz}~ILo$qt@5_ZN1H(^9KPrae9_pXZBi}zKg)G6R^pEFUj|2$eEgSwqyIlhdW7oP^mSJi@p z1hz~2oWIMcBikYnQy`!it$a5U$hw92~h1-G?Reg^lP+GYD%yg$=%zJB)AgbKN zZ0cCiuCi<5p#?7VC_8ka$#l!WWQUClK zr#RYaeX_VoOJW8(!L5-YSWYwp%OkE!nZ{tAY0QAyFY2`3g!9idGD z+6ML3=KC0S6Lqxx zr|Oaf>Wcrmu+SD|1!pv19F_^Y(?Sj9Q6d=p1IjJP_ovk_frdIBCNa4~aMK04H5UFd zVvM5Aw?P}X%NR?YuhU%-+AUxz+qi3^muBSlp;L_A)^yr5g>)D^j_smJO={8?l>R^d K$%tzJx&Z)YpDm~W diff --git a/released/assets/rancher-istio/rancher-istio-1.7.101.tgz b/released/assets/rancher-istio/rancher-istio-1.7.101.tgz deleted file mode 100644 index 29f8f2835f45febcad253e090e3e24a43c571098..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 13467 zcmV;MG-S&kiwFRoG2LGP1MPilliN13=zcx=6*zLXV*6OsTVv0u)VY(fll9s7u``oR z?M>w>6bWgVp-6?K=CR)V_uGvJ36h{lNgU1COH?Wz5kRBS02+-(qdPD?>yic?CyX4w z`=@(Jy^XmT_d9F4|Dq}Lx0j*k9B#`l9xI<3RV3;-3| z_dJK1wz&+o<)GMnz5$NtNBr++l7iIu2lV%~6VN5~qR_ZAmu@X>06iw7QStZ>#(f56(b^(=>m$E_A29pafwdQ9ZRxN=O_>4Y@6 zrU7IV0zb|0n6U5cgXMd+1GC2y9}Vi6Gnd*d6KaJlt8Wa3Mvr|9=*kbB$Pez0$=q@2 zakpz2_@A!Lu61b!QP_HDLVckrz5Y*;*7YrXkxJHof7lym_&@wLY}WrFlIeMVWa8?D zKwPjab>@2Q>W8%^1#t*I>Z(*>SP{O!&f@p2J zh@)fC?sb1gBeSms7EqU(A?>93B7;;=o^7I{@ulw}tHZ`EKcIdH|11qaa7m*}x(=af zEtIv>fr2aFgS}YvxMi-Kze|1!)y&oE?+JT7GWsp(vK2Th&WumU%nTiiyv4dCq|tgs zqDwO(V!T3f<3yM6iE{8(1H?A*mhTO~VOy<}IL`_waDSUH{=hd8*om*q1r1aC2bnpZ8QkIiAvPIu z?U=+Qm(*SI+D5DOM7F}@4%l*%LnndUCxnTiDfg;<$e^qh$^#%W(Y85`3o=tu&X!2Jwqew|XfjfU4=!T$> z_#VJ%F@)bGIUv#?z%bQn^5^-AT86XmK#+Pb(LD$8%!2CSH*=KdekC`Tj&(_v)bv7v zGcfKL3Ow+8MhQqs<_hNX>`oyl{t|>T$i*cLF7-l?K|<^sNN66+WqL!R02qN|y?_>? zz_CI`qy@mck!my?s9rV&H;u(wPh zVY=rm@04{C%NEU2IU^HzZ0gA70HO3u%5gEi;E~Ho#+TYzi9tFY&P6*(w>n<>D1$H# z%>UE-e`qdOF0ESt+(G_38a49YK~hHkXA9*qjQ^m~{~si!#~+x`ikjP{od1TSqfzGkhtr@r{~aRvAnd#5-FJ8mL)z_DWGL> z{YVF>xJ#@`rZZ38IkyxAd)Kk<@T?4nf`D2~kpKcUmb!hxk7S-7v18eKg(pjy|I)Z6 ztre@jC54yRat56UjzxH6xzqLR$%V`%*ZrMwB~Y19wj8ciuub6$um%}ee7=QnG`Gy) zt@j%{<^4owm%e|MbSgdvhTq=3=EvCt4S$BU^HlTR{Fxe&S39 zgyC%v5g&!pGL ze}_nE`=1iypPdYM@-{%Wv!EetE#aj(7*CFe!|~B8vp=8o?EXv3?puSoJ)jdhp1kVy zUz(OZr$cKn8o!!BsoBxdd^qac<6*DYANS#$_^P#_9!1Uv3$s0d$e}jv`;CL`P z9`}q%zXv5>jVAxM{Y9+VI#bd4Uz`g%TqD$3nycMUg{A9%Jj|^B;bb&v*8d^Wr%xT? z%;T#kb_QgTp@`n$(Xn6|H|f?AEgQ|5U;L z7d~dzf4?_q*8d^W-YXm@%8tt$3$9%9)WCHc8sEb?lC_sqI9az;|g4%HWdq-=Fj|`rpBzH*D;G4w5>ZPHLAAW~ODJN&!yA|717Y#?{LZ z4LK9;-~!EPa0Zhj#UEUAMqP2O?*o6miWLwYVe1gv01K6euun*eL5Efm8bHM#q9|}?Yrx0!oH-m_lB`S9vt6|; zY9F9!G~<{7wH$Au%}YK?%Y)?0?`uCYwE*Ird*+2}(W8<4fgnHNh9UKu;bX*7>b^Jl-jDW2Nj#61@IFk=) zW9{TSqUrjktpebkj*EQ#{Oh8AhSXXIPIOm3A=G)y^wBD|D+-5CC;><~7B{0wMu+|m z;%TJI*5LUN>%WNqTYQn%vICUe|Mka%EdPh|dc*$@k!s@oTG>#t<0m|WEZ72UWfmh} zU&-=Nmt$%%%EcV79R48(F3;w70wcPyHyk}X-3b&MpnZYp*j^PtPY6tg;xV+BPKeVe z;8#8B^vO4{T;rP~Z*jvfuhK?{ti-kHI`+mgW&MPocsb!AQehz`{8~bOwCNo0l~|2} z`WvcLLTbhPmw?XWWSeve88qTWlM9^O?=G|rg!(7nWjpe2hw@(m6of?;1A_S+(fQgH zA4+juM}BAlcyE!%k?{!MgB7y!ZCR3|Q3hB0A}Zg4*zHB>3}BFG_*gKL%6uFA);JFo zkhS9*zZtvntAcVNXVgrnWaCuix72qrI;p>uvSrAyE7WYOY;`P6IlDZ2f6V_kHSc{@PhqVuNDEE^zx-UH`G~NMo_8U8Mih0Hg#!4JA6xkVlz62 zZKuQX*!}@%ykNh=wFRe9o7ycrWFuz4_pki<{0DreaZJ#3M0QS?T!?a*@TG+5ctB10 zCGn=9rJ79K)GbXpZjLY&HYHObRo!t4DsP2ict&zL3nh-VMIv*-=`Rx;(~p&(65F#k zKfF0Pe=~i5^6rh2P5ApEhN*GJUqu^eZj=Tpp}al6c>96DIRAKZS_G(kvSi_Y_u=gH z&Gha2^NW)oekeju^j)=KB>#%vLA99yM;pGNN+p9oNFz%V7r@W$E^N!)@Us1)-LaU$ zL?$y>FwIJL9R^+32id0!qFtB2z7D&=+Jotrs=;^CcWiUi(OlfM@M5W6EwRo=GrBw` ztP#$dQSZ)pa;j{&p7D~!g*M;#7W7}pRwrDxdapfe^O6B-n}UejTppA66b&~v@&C>H|JtiV0w~-6 z$HSw{{y*wX8vh>$NxSd=@!Ys42>`ZezH`^G^JAX!z8W!=Xpx- zNiq4NtA3eNoqa!a&zpp)X#G#&JdM|YMzq@76+qegALrhG^e4UM{r^GIr%&DIR3qNqz&xSkc~`uuV1^I6)!kvT85T*Y6*y!?2d}z5;%>ctS^E$xZmudx!VxeL?kpgGy8J#00`J-xa zBl0+~p`(v;@z#(^elMRuW%oa$UiSWHIGQx^9}bc-n`bJ3L-qxz)^M+zJv9g? zjvBtelmZ>JLJZ}++Ck}~s+kguQ#@aqkrmqXBh+;--t=LZPl;#6g{r>>1Zz{J?2Oex9NO4s&|7 zp3%Ugu+XO~-=4;|T~l;vGsRBH8x+&x&g8EsUB$}o1-(5cUmMRmyhn)b*P=aHo*`lf zex_1ej{qw@eQNyIvvyUyW6EbSMXOi%EWUEmi2;b~Y(pF!H8!*%tF*G3)qPiw^i?Hd z0^HjQid#q)Q8I;P)B~l5^GE8Q%n~tYCgZ60O`&rs(FDL}9flg6}pHb11<=Rr@Fun6;*Hco>CaFyjKwv*0_+i`WB>5n&cC&|tF`^8ka7)814G>d%#7gc5jaDBHKLSh%`22e1l!=HD>(=_>r5s;x`w+kjp> zoPR30@*^*j_6S?(6IQ98)G)M#Ib3mEW-u2iRzh@~Ct2c~nG+iU<}~A%j?Kx}7SOvfj?RG_DgL2DTbf zyl4tD{pD)0|K$AkROV~BXnF6@ROaD~P6)xDuiu})-N#5@m08#*rKy{4>7(L@zJ~S` zxAq&}2o%*w4Xr@%BE#4;-BYTG`QQgd9K4)613yHE=g0aPrr!{p-fp!fvEWZR(8Xr#d3qon4g&_8JQYy?7{Cc4h)9xNa#a@TmX8&>I}ze4RnwswZfn!|{4eA$P>2)U5Hn5n1kL!V5Wbcm#n|0dtp&|CIlPbE;P z{(qR${~tB}9}koE*Z*V{HD#)eILb(TFmPv`^m#y0`L9EqoT)=YCswbf6dO6UE&s^W zuc>c<@@jod2EE>LC#?t^`a6~rnKpGhi(qAS^r!Qey~!q(#-u=>(6K!owDE8}%wl_z zeM2jH=lW~gSor<|RxaK#qk_BxvNT>Y1RZ|VVppM_>6VTT3tU<}J|d8YYRlOSPHls8 z|Lb2H|6Lo-VfQwA+s6MJ3?{u^6aViJsrvY{pxir20%i7p{qabQ|FAb1_R#*f@&9?C zl<~s=?A&zyg*1N0`}%bhTg&PL!(b5hZe&lgz*{NC8Q7trSWj^qMO8e}!4#p4axfL+DxJleVY!uF@T>d<&Bnzp+mVB1on{!5pysUHyTuV!mth1ifDMv!g7mkiRq$=Kf|Bq z%yFIQ?gebba~>|w=NBi(-R{lJO-yK3-=>l2xS@!Qj{gY@Y8xY|M=)cdy19!? z=bzM$wbU3c?TnM+>yV3*M(fg#FKeL91yo(n*sjQ$=KpUw7WPpV3d|dW7evtzEf+!b z%+^72E={yj>B8_rmqjLCXgOBbSuXg8DU5(W#gdn>^o^CbXkF2}8y{vI8mn__H#AyD zJXE^~%=G2~R1DTugfIPTiTpP_>gV2n9gQ3NpMxaaT|U6@1|WZdjK)U1-I}jmSD({*5(@xA!m^oo z&_=l+i+-w+eGTjI}2{lb0gW5e;c^iIX|{_ z&Ozc@Qs1Mjdm*_*EPcqdQB%)wQV@=O0Al;>`wL={k7pb`Z1{${u$fYW$9tUyh?5AG z%7`zPCUaKi%pHrlLc$>eXwYR4$gq8On@da!goBU~oplhvv~K7OfcnwYkB3%-q6OgR zG(wN-A&0eemH2%4>ELzDAL0j_ zo#J;ADi_I`4v{NnI78k=$FCuup}aAMD#+}x8%As;~?T`BTV}c-DwNw z_@Su5A5_Em!+C_Y_#I5KB^*qcn{gIuKPErdUBs!~}3=E=@=& zorphwj%P8`wwdqxB!KT!#Mom_`sU2Hy|`OLGbNFMiZ5IJduqZ`6CXsR-{kNnj9zXn zcWtxR9bbR_i%=COpPsXC1VWBsD0A(_LKh^&RkcWEFCF+!l#F)YaGl8t72*lxuETKO|9l}zYVX^IO$ z6c+*F9kjQ`dBNL#V$mR)GJ`4n1^vB-#WjVKl=#?!W0vDhBmate>`|Vx@PL?8_7Dgc zAQv%?TT-Dqz-yrvqc4jVogF6motJ*aU&Kk)CRydFzl38yIx^r)jqx56J}pE%5*c+n zG?WLkJJc;~a#F7kiEE~`m{o8>>0{Ic(Vk0#Cg|HGv0`yUKYl05Z! z9gno;LE@)Rl7S2EBxZ^srN@+?w!}J5;}sL;IRo4S@j1EMiT*DiWv+T?Cbb8_eUlbO886j_I%CEKl{m-A3gKh zbX;V5@;hhhXDWzR)`M-@QPcM0gvm|ye%q0FnE=Xp_>G|@MlS+VhRv%UKNA%#^3Tu; zOt!a4U9zqa-xO5y-*hXOuk-vK`*SI8p1Y6V*uDqEO@sDQ9gFpp;*Y8|QjV5d z$|TN68rg1S!Xs~}s2#c-!m4XzombTDrr3sVCQapGbBSitoJx05twl67{aZ^e<-CpH~XZX1L$Y*-?OLi`2} zged^=3?PT$$H1SZ%s~*B?^T0xMnvXOqj0K-f8?ow?_+@4@_Y@)-dh;&Hi6c=m(+Bl z%YSOjJ~YD-)AOmmQF(GQ;v*BZ`z-DM8(6G`msZE*FBcad&vVeTdsMbYzCxOec>0Ay zzv;fFu6YN1%lF`nPR2@s6$KV*$63R~9L9C7X)^>5Is_><|8g~+oL;>B`x~u)ex`c+ z4n&mn*vuX3+QM5_?mPDuFXhSP0Zm+1?^Qp;OmfOb9UqCgYRJ8G#q^Xu>!H8KZz_vX zz27HHTtMh%ifgFf*=`p}b9_A>+RdT8dy6zRrF9KKiQVCIsbg~syi7Ycwx{Nb8xA-y z!Y3c!ilbv_`~}WbZKkj`Vs$Gw(`fHSeRH-(7Yily5T)9i2EJIti*;}5{U&F$xLLSP zpd?~-fAg-E39(Rp0c~DB+BgWC*P8=UVaBAA>F09GPqOt?My_M^EV2##*iHuAYX$P9 zprTOMVvw-6Iz}<%@@rVXF{$vm9!l!+(_851lm{LkGBfnX)2#O%$>N{h+1ZHo67rOk?Rn%1%u z%^enW;8>}0V45d2I%vA*I2*{4X~cn@;w4B?zN_V9^cMA;l8@~_=o@97CgsyE^4|@e zbxo4fqQKRX$K+oO z&H}7vsyvIw7{{Hx*3j_f1H+c)l>*=~7<7R|i zybn80tuDTtj@b=tmsx0k{ogI+oc18&zsvf6|KZ}zxe?t)727CV|D(|;d;S~roArN? z^b>z?fOhH3eEdHXQ*`m-llUIbdV$vFng@!li`e%3oJ|$-GcFJQUi>6}y9!hM7iJDW zqtsJgk2;Vld;dSo#s50$H}U@tld}4sY&??3Z}+RQG_B+2MNaY= z^gmsQ<#-GA7Ou1X<)V5YmC+%`rlDxv!b~r7Oc%5AWx0(o2BU9n)_U@d%R#mOvvQ0BX;K;Xp_n2IqawDK3 zV`OIi7Gq!00I$&Wu6nyE>$^Pl(&q5H*}jjo{Zj9L^pDPxY8$SO3aTcp4@jXz=b=*L8s?zQHbZp!5^Ijp z_rkSfGA}Z@Si4$$h4{+c{Co~-t@sFiX@-BLcRCttU6UBHZy-S?Y8o6Z4pplzD?V~> zZo??j1eGd+w(J#YWBqm&C4nAete(;nBx-_KyA#O)i_m2c4{M1EHR@Tx-HL0~VE&=# zN8i{BdXW^9&s@)_?F1lAAT0o8F`w+J0_k)E>%D{Y~R8{NG0zwLbpe zJL+ZQKTgJzhW{TV)y)4hUdymVmN)a+qvy>ZP9X2pb@p;N(%Hb255l?w!2*6fd&@Kv z$_m%eX924%dPk#6^r(f$=@xV1cH-TgTmDM=XREZBcSt+=|A`MG)m(x0w)X!yIqEn5 z-w%@Zxc?RJ!pb*-GX6j8XXO83Z!~HAKOH2M-Tw+VFOOedZj=-|rCrv)d=6Mu1T0(s z<553*|1%gg@t+Qo_Lct%`Nt;v&>h~LK9ng*u^EWtq0%_UF?LFpk<=b~fJ@RY>tASO zs0<5&0YEnKf-?PIzn8QB9*vs&--Dzlf&nZd^3;?j-GRhWUAph$%-8b3(dHg#6==f8S`qtF zN+v2N(fZTKKaUVR8vgKd|B*p3RRou}0uR@B(JzkGSJM~dD|!n{D?~a7m??~&(%<7E ztZOMuVh`)>Gx^u)+3S!w;AS4Bfo|j@Y;lL zYID4oBE|>qQG}c5TBiGg%maTJ)3O*(($2(@l4v%mvbRZrq@nN zl|f8S6Qpf1mG{)Kr>g)4_O`GMWr1w~FO8c4aAMuOlT)Tmu(N*t%bUp8*wm5|Gytfd zgbXNbN2y?>%5Q2#tb%spgt7p7-dSY|s<@8CS@=0=rgqu?r@)6+uwfX{s)qMJ{UPl4 zx%WS)|8MsH`%j-f0h_*dmd9*C;G)EL72hn8EHDR-Ik#R|4OfGOLF(txi&eIsH{%>d7lIbz5ZaVAq~SU{<6(!*<%4YcP)DDRUb@%(w+) zn0Ms&HJ~zgF#gAC#gI2zKT!^wm5;Cm>_{jhPO*qiPMtzd6a{MjodG8ezx_Y&TOk*%l;) zl{?w2tdSTB6qcw$_Sk5G@l@6cJnUB;*|;if3SKlP?LUKP_m%L~UUkrm#$O>U&e&`5 zn$t`NpyH*NSXoA3Ry3h*f^!GaPIWf@fb?I?IvXXU_J4tpH*Ie}rFj?|F8!9EDMe(& z6NN=1yyQH6gUl|vX7HE(s|_U;$$o=N=j_8ED19wY7lm%nlkh`|OYr;?V#SL;plV#j ztCJ~?4${if^vngdJF~m=kw!-6(hZ^X?pAFOvn1?j@hCZoDPxtd%QQcp?og&h|HqKC zIh%5`D2m+06mh;tYz;u3^6s!F-NuCw7Z})QB)pUn?qq1avL)w)vD)tqHz7>c-&dm3 z0pmICc;P5|H>PsaOoLo>GDAioOFdirD)k@|KO{~5p*q=9zJH_eg@66OKZjqn)!e6F zg(^3A4&1T4}NN=q{_5E*TVLAW4pB=pZ@9DDr-`NZmWgbG7MY^wUZ{(y-&XD zsGa22MQvSs_e*Wm3gf2r6lJh8x}dl3@NolMT|6v?=XY43A{wd_>={TPC}Lz*9(-ml zd8LDHsjb!sI8QK)q1ejPIx+?pkJ>_|uW8BiSQP$^T!I|@&N8u6&0 zY+g#*P%z(ZSR3{U-ebI9FG+v0TkqklN${*$*4^CERMX8&8Itc`wnQ!zgSMmlzOzRd z0(gEA@=P9{rEJ|)pl7VRKwSqr>|i*1T-+ePdwx=Gj!sXmUWWh8qkzJX*krwQ+tTP$ zl;Ox&J!>^Jxsl1kyw9;n0t|E`H#97i4vR;p)^QOEB3$D4Jv@0`RFzT6*D4;YY}o^j z8RK>LGiE$=W}07vy>P!HyxL>F|4=k*i2t9 z5Kl!cb~N$4pLRN^Xv#qU#xRU$2KmW}F8S39UeM6!1p}4n$t`}N z^cLT(I}xyO$Fm)-iGvzgE)DArx^iQ}2yQoKIsYt-`zfoim_>?3T$xWMOSdq-o@U*q zeGY1a{c3bhAT8|zfJ)05u?KXNPGtXnXti{c4wQDe|AB)K4a4dWz{>1DH1B_p#*P2~ zgCu2ZdAidc^^D}%+U8flS(B5*=?TC?J6maj@|M?q{01n+F6e4|x_g+1y2>v2ggF8g zpgP{d@owckN=SUyhCLegagX$jLC@$hQH#He?aWLI_D(xA1e~WSx1kG=1J*Oc@|WF2 zDcw!A({;iS`qmwe`jaQ@Z;amx*mg$4mxIyKtI^A6#ic=kTSq!fGt|M_ z$wGp)DyMly&z>PjDsJ_rdRZ)?B8x-W){fM67$~8ucR-qktnqq{U4 z+QYF!xSlb8Rrt1C`&jdS#H2@U$JV6X(w^`CAtSo&&}&#Kvvtvtu=M;l&iMZy4#r1~ z{r^EyiRi1b!Qi5AcHh|el&dXv4$X@$&DN2gQ>h(dhy6iHqyaES2f+i%k#P%OK&E%& z-{g&GkGzZhD%(zIp`7^v`^T`FO01@E^s&+DB?`oG9XA$5-)URnHZWMN6;(W&yP*&}vT!EQj4$2CN># z&&!idlXgja%70783Vb-z;H_AvZ}hb?V441BG8p9aKjTLKbCC21<-hEls!IkG65l%n z|B-`N1in~8RP(cfAU=sWjxO;`JZ17p1>x^>9WdiV*Eely6U#Njup0Abt+Dc~E^NIV z)RcpovaAG;ZMMH3y&BMABGh#4?T^j{BPmJM6{w5~QOSYK1z~w>3tUdRC&gx5y0Lu3Ne%}A@q_O`yOnQX-KdWBzrqAu&-+B=ZJkwRS{gTc5 zOMSoC@DsxeNgNCZ&wb=cWpwSR~?x~LR z{}Nxw!AY%WOgg_^FFPyWcU767%>M6aJjv|;qyDJb{|}NL;r?GZr|Oak;-mim{{3Ad zBES#w5n3s_1OhCkvo$^?6bE0+1UBhJcZqagB1|yo90cJ<1m=!t*Q17lkb2-KIro%r z8&2U(19qTz-&4CMX;VYriirK7-BZurd-Sd348MP8N;l{|`G1J75*IVykF=bhrxO0( z1FoOp|HE;=iT`kr^a%OCW=_@4`OjG!SIT*8jXgnDM%Pk`e7#i}Heey^`iRrQ)0&lB9ImwqMYQ ze&;XHM!Bw!UJ`5}KJF@kq)-vEqbXr;7Dtv25Uf{-;a{k^BBArotj*3|s4*3~3Unvb zeq4o7K+WZjhA<$z6H%byDffW+H?Q^eQgF;g%5v3 zD%1afxSx&xG#EGbzXwT=aQ_!`s%8n`Zyc)5;^S{|gC#ruwq^>~z$5%%FGGdBFQf$y z>Q=hOr#gGwk9)q?sShQ9wiQ~LbC@&~x;5^;G~RrObPxLf+-6W}|2NL^|6%{A(f=PL zJwpDkn^X6%`rn}S=lnYa`SH5Sx$uGs^jMgPnpL&J*@m_fkGVzJjxBPVvTfV^VUrDE zVVk13uwpD~v#`;3_1v7)dSzk)6^j({CrVxw#r-++fLhjlZgy7-2@(sw&yWsF^R@;O zpwZxC?EL-9Gkfm;3%`N~ptAk{Xwu8-fBQ$nX8%7#dW8G`!ms)0_r0$>^?mPW_xgoD zb-cM>VT(Wg_#E2v)uYP^+qv0b4#;no@81F@{!ohK7Ds!QI$LK?v7q5({-Ku?pkpN~DgvB5)q<4`;W+9!VK1l z1EuyKy`${;zw!TYp!5j$|J%tf$G!gVL-SW?`n7}A*XPd%YVrS6y!2Tr-~Y4zpZeoLqyIlhdW7pgo>R3i{jBq+ zZC8E&%UJVj+H?J*hh+?At+Dz}QrY@H8fEwY{`hFztp7u#N4WmuIaT}mzfd4csb797 zx&Rc$3c|<5(zh{uKzk#*P<)q^-km7`%XA2ZnCSEeRe4k``@jC#N1RI5|FA#I?f*x; zUbFrWksjgtPv+FU3jo6VBR={lar}(vOkrqI(&-9ws0@7gwhDijhl z`KUh5vTa_gyzTPQW{?VpFZu#sG&X6QREz%4avhA7xMTd6!OwmKGKl;5aF?BVweB|%5UFa50lPmuqb_umIek5K;ObE&Gu7+fI$iVsB+AV)(AL6@dy zyXu};7C45BU!qzS(Wj(6J^$a>c!7t+3a!hUyEV^as=L0wf+1W~Qgm&?iA7UKXj6c; zLA|y4K8D>yU2fr?R3EQJ;KW^$;_VkR(h^SU_r9A8XP(yi?2nPRvatrePY4uB>p^k@1Ozsfebb)S-g};m# zqiFMO(8ldD#!~0&bXSCS3z*6_?%L?38M%Gv6l1qFoi>s#$xa~=6D#{=THuAXPKtib-7FaAzf3&Wy8~iX=LjA5m1+!A#J7kr&EaN+G$z-a^-sa=vbT>B&5-LMWTfn5iuemxpATeJfa-D6}bkv zpfehf$R~>^T7|%SWnbH_8PPCm1F|zeAU1T=aYLiwSlE`V&DpUby2s`~2rY+g=$s!4 zVBz(=@qyj}HEozyErqi1!|`T;8Aid{iq-*b=*V@Q>U5`5bN~A)Y5va#_t4vb?e+iB zaMZ8$|6`Q&_yfOb1we!)HJ0|l+9;9#{b6U2*8jWXQ7!+EQ=X6uJ_CeAZM<6tmne2eHmJ0>o#64TTf5;ol&nl}m4l1*7CIo!^M*)l|NY5Fz6fFXOJzx0ih;<26h()9EkPSBIMxCPOvIjwOz%K2&&;(O0U2iG&R-MTC!oUtov*0|0r&kU|>A54r5H7qk2JpNp0}Ho}ps&3l7)xZUt%pkPc8)j0gs&;ki0|dLl{^X~+vq z2^$Z|FRQqBM)K$7idu#<_xymqm8#z*sA3j;9!eBB9hcPfLY!J8RuV%_g()SVSD7nL zVTFn+y{{H*AVSbuLPjnN$aL+{8#$GpLkm&hSkQ)N^NAL+afJ_H46rrWZ@c~-Gy`jc z&zS@jpw^WS%J$NUI5upSf?@|fba197RmE`ZKoHQofF6jSY1=T!u;^xN%FldUa@Zv3 zdoyRg4*0eJG2oq!`wSH#*b-2DRjL1M2F6{FsR14C8srS{Fv%s?u;swxntJcs@lPNZ zA{kR4(QJWz&vAAjayOZ!QQ+Bh8)1A=$GgGH|w495QkQscmfGy z=zo%3!T!6^IE&v| zuqlXub29~wn;2l3elX`$uK`A}rUCN7L?tj*|4=1JGsO$#(1D=BK$saat$DQyjY}MC zgMG+YE7v)SK36zA?@gKVhI)w;3a&}5yTrJHJ&)BlrqJnhID=d|C`PzK2au*~&vv;6 zz~q6{%((U>b>zHm2h9N!Qw{csj`#fDmAsn;_0+!crm({%3D*`#q1oC^H4P*EU!a!1 z^&@(Eazd_(bqt~RgW3>=>m}DSSeFwW7HKVqz!Bm~koP?^yQw-#tP0D~Y1&Y+Ccv)#wDnajB z$Nw|v_~bKF^3&3bFL;!0QsAXDDq@gUi%ZW|(yf-4KAJ!n4|+3AAcDBVLkrGDCzN6RM`WzQMUgd z=g)rzqx$^kC`BBaq}gml=3KfOJb7|SqX@MmQ12}IT6%e)cF8qr*tGk6V+z|= zYJK4QU#9nn6MXW&0NBX5Wy&J^2DhFjXlQr8Q?8Xsy-DuQR)OOOiUpyOZk;LnjYfP9 zgO4r8%dkIlnd8jQF%A{$=$< zLnEUHKUeO0?s%^^L*d9uSp1U&RLAJ?_1Wqg-9}>yyWJG3I3SIN#R1NC&96 zOYD z8FV7prr{RqPS>+1SMn{n?(U2$fsgrQ%i&rD+Z4V4tCxYr=UeF5fLQR_`<3lFf27le z?|(=-74J*KZ|+|5?RA2NKgF-)j#USrxtgvcpTk#%{w8oDdbV2q?ds}1Y~rU>A~bjX zsp$$Yw#XIBjc>680vB`+UB#XQt0QPsxxFh}m8{ZrFHaZtV&cGFa%T|2>;QY{;Ji<G|H>(qD(HuV@-TD=)7l7{;XH6y-=HUdN1% z*RfY|&S=LQNh~J(HxXxT6Jf-dtOJlKO<}Ri8wgZO9iLU|OFp-liSDb;SDmJ4;_xtm zpccH8eaMh(ANjw*|KIhk4+qgPO7y=@e>l$j|MzSC?-(WR|6k(#zmwyB{tkfc%xMTL zJzSW*;po&F!@MwuvsuS9M`p+F+0&lcvpQWmwx+WeUs=5u(^0<{od3X z4}13bE8G6+#jG)>9z~7=3!>SB$%X5_|NYUhUjIiaA3wJ6tWh38DceCjTFSVie{eilV_c_r zW3E8Mh=5>`iE@cEj?AvBCE$to!Y%*fM#Af_-&II*sz3}o`(F4jeYO`3;xui z{cq4LfT2aChk&quz~J!DhbHx-EJf=dH<<@n{C}x%{|_E!)_=D%uGjxD%HAs+C(4e? z8!N6{^3=d}8yeri{*5%{5yVOJnQ<116FeicsvnwapHC@T|I~J(R^Yqz0LI{w_1_(J zGxpzJuQRCqzm8H`tyW6P2UF8Ba4QeHQQ>a?;YEmE^a*$1hT03594Y?bnp5hEeReSz za}L}7Ii80{ehX(ADD7xLXl~6!(i{mvHG;Lvcm6E`o%$~D*QFE_YqUEK9U)9B7I1!}>jUHdM1C_NC8C%>)z z$kYOe-z1M%kKKU^R|^XDQmX|6#Qk;(>QI363{ zG$Pcy_U~Yen4;rc*oNZ=!d3%pJ#dtdg=H~$kiLYOJV!KL-?UW#ywh=&FHgQK>Ssu; zb>KvIjeywgO+3^!`COBscu#s7ee0?R$LtT!k#V8kZymI)19JoB2-wBN9 z#@=xB>~tqkY=HI!qGNki06ifv8H&fyUOFL8qktc=sM9Ckz;cZ-2fXy-5qe&V5khe(BmnDFBO`Ou~_JkMcY6nwwolS)Xfc>fa6d7NyMF5v}@c-7?K zB=@@wZ3Cfx=Tf#M&r~S?6+lH;R52i!&k>!iUGbn4*LCEFmWkfpc^ny!@I6=|E8mti zIT~eflfw=JPrUsQ@7d&A5Yk@M&Hx6DhK~hvt<1NwkjwWaz@RB zN(85(zonjw(MkQK)Gb4X9bINyWvgRp%Gu@FE8me5hF-^WC-G#J?f9>gr`p}ZDF1k{r|D`=de)Xq&Xn`gAUvE6f z?*IG4-mupHj!{(oZ;JcFMA!Roe_EvDS&^G^t=e|uo{2g{NE2P?jd0OMQQtfTeiTNs zh3D+YdNmJVrw8cdNRO8owTI?N@A9%->{bKi+K%(0X z++-tW!1q7+v)T7}U*nWu+#lIF;p!mjVZj>{rsDxM<&z|unwDy^a2K;Q<+vNbMEG({ zgjRLODX82Tis2c_;VjfR)mDkjIj6rYuuVTzeoAaFUVZ=S?DEy*?b(}G%4@>!5iv}S z3m)yrKsTQ>PzmMr<<;wV494aAv-2WA<&z}~_uF?D=dUKO-(FswegAzCdZO>D?;!bi zd>^XG94DIa1WhU#{6+W*G@P_SEVsi&^LevnF@uRLW-w=#mG(Le+O7|}55`Vu^Vm#b zJ6L-#{Ze0WN&1EfM;*<@Sqrb0>eUjzd2dFGQ^FeItQqa@j3=k+hU+P>SzKxJiC-Qu zc?4GhGtFt89=pvIl`}h)cA8~XL^MktV4SAf-*|$t4RuOsvlRl#A!$MXg>H4mb*s19 zy*95IptUK8xUb_Wc}vl8V-x@1EdSTuAvAz8`9JJu{eK3Xaqa(ol(M`0kLSicX#gOi zx#T{8$S;uYd&=@O1!SqEc_nFn04W>Of5IA@NY}|)@a`;l|KxJ_Kw|fu_pRx;7~Jxq z*?VazlK*(+`)KF?gRK8guT%T~9;ZC)`9IFG1D*dPsQUcBKL6jb(~rR!pcv`&^Z$Og-v1q^X#GDgQ;JWD$rl~<%Qw~8_e1x*E?A1z{{;5acnoMn ztGz=3l&$|^?*0e5gx2f-80F)~_6d2#Lq8<}ibQ}jyx1S2MF7o+cQ-IkC^>11TNTXl zLASbFOgFzhY52syQ*9L5Pvlq1){$QWmU$Mm*MH;BR)OP1Gt&HP z*lz9w02E#t|7hlWq5l2QL#-_p{Qra+dVlx72E$Iy{yVJY|4~YAOZN>Q?dqGtayP(m z&2Ia%`=we1qgbifPNl%vdO>H1Nq(zZ+=$!`Z0P9YT)YP;CHlX-nZ8#{ptAFyK_`3u z(;tlL{BK7o8R3}<{hGZ2s&(9JXLk)En4^X-Frz>Vy%0k=uXZr{sAi@FBe||I)CO+I zO`q8UfsQZVC zd^(hg>D|R~F@E)@-y_PY{x?YCqbEEQxiz1?Z6`P|a6B9(2F*Do-C^e|o<O9)*QIS^4%PKJA)dD47X%N}iyYR>U*= zQM!ta-E(?-O1?BsTD(Vy?U$lGS)Uv#c}$%;tI>IB(_e_*s8=;(X5z9ubUsE6v=<|=l2eD091PZ)6Jd#^g6Zt zKT3Jn^B*?LG6z7C53zUKZvpBPp!x);z5!af=;J?UoLKg3qlEvDJN@kW54r@@{Qnq5 z<^9*Rt`-YNOvA9jUu>TCafx!IBK2h&8E~-x1G#CECo?U zJuQO7CTj`;z~CWKi#~zZ*)Q^ePdP8kf1IwFg_DU*!0HO-Cp6K@4P~lsZb?*Dn<98` zGjWF!EL8Q6LWNoD8i$)v*aqW!Zh z5VEJF-|eT~sjY;XRtAH9aWmPMsb;>?H4|AYO(Xs8pi|tN{9Co1^t-qnSJ#>Da8q}Z zx7j$mSPB=TsF$5)aV*}Vk6DG>S8>qX!p~TZ?02acxkaDGm5l3d8o**bP1V$&;V4H@ zwr_o4$*h|kz$)-re8V`Fs)#qLwl2MI1A6Un{;9l`4|$bzB-X-MtjhPv7lyVnhby+r z4CXw=N{Ej0BujiVb7CXFVl@}@JA9w8ARY73x29!Kn&z@xPi-#=^c%PRc1sfoo197X zUj}Cnzin}3$RHNGZl`LcytlKVgb#@i16vI#UNwc8{&2N8ZgE~bmBlzNTHZS}mAN>h zQ$q0P%eR-W_i@r!brv>CY3in1dauNPKR|m*IQb2C1d6^$4Xr@%D#O?`-BUgj^T7{_ zICwdC27ZWv#!vM#OfL|!qGZ42A=)UUpLm~J2r2LI4Bngis}X4Xbs*JPVK-8>Hg!hx zQymelWLNcpy~ct;FCGf^Ix_(kT({H|aswj+<(Ge|8&(+_zrxqO?AIA8Yc?aw_GKRm zBjiH*;!8bsA9`n6mtz!t{x^BQhTgIVdm4dC?f?Cp{eN7?e>_gv-~N*|)RdVv;_M#r z#=xDn()$6$2*5Govb3T>2Fz1WZKki z&4ZQI((le+bVi#@8lwVxLd*7a(1!hCKa1^I_71J+o$Ie{WA6KNSh;w{j0W-+=+bz| z5VZJKiyeh}rdv8XEP-k9_=p4+sxN0fI0qY?`(OVV`#($Bpik$pdmEi?^Z)gFqfV#J z|96a1ef(Kc_MJ3=GXKBsa3IFN-xAGI1Dyotv&dm(K5aUcZiFZ&`g} zn3fgTUo&SPEr5k%+f+T|&sSLm{3>Q=14D8TQyr;O2qN<+gV2V^m zIhcy`m6A^zy&DoJqL&D!RMcs{3HYst*2Y{qd5rz=l(>$!zD=jy=)upGaz{(#(4jmE z0(;1lcR84n8y%`V;n;>|MRdGoX&HrBVzy}FPw}TYbzCR9dk%tl#?#dK{NUuY-M+cG zi3!cVw`pWLZYVOO8*hlZvcq{{Mz!VIO6sz`QYdMN|#Za}iX}>^DfxrHNiDZ5UqYvUrIHT8`Cr zmUI4K0wds0u;v1mzOnM=jSuwh#)lb)&g$IT4V~5z57jRMUwX3uJ`C1Ygg5<{rjvvW z0fh>F!+PO^j+lo3hYNikKvjgi&BB>e68z%cH`_b4ii(;LsRYt?I3axd8I?`8f zQ%wxR(h`}UvU#5#n%C7OU#iRh-E%{4um8dSN45TUj8c94ch3!7qW|^B-Q4}J@v!#) zIZ8q4@(zYK0R0PeG&bVR#%%4n`ZtXyu>v48ESsqZP1HNWg)@tq%v&x_0&2h)|MJ&l zVPd9epM3EA8)BlkCH{;=&XSUwg&FZ&&=>wXqU48*?|F*bDTV(m6T~L~2{7ar!LRXJ zD#{tcH4e-4z62cygM(9^AQhkx02!=32LGu8YKgygZGhrYKp4=tF&(ZKAuz5#@y6jD zG|OXbqi*Bz{=I|lU1Ikz39C<7xF5{7x?Vjq$m6289gU zXQ#Quv_Lrs8PQn>0ZikDP64PNP5gLhMG9B|F7kbc9M;lV0{nzN=YZzIu@=MxIvQsz1&*v+Ge*qzWnlMVJc1@ov>%+nSa?y*klC^ zY9fw=N%PD_OLH^*RzxZX*grRN>4I~~hlSk}`#6cOv52`NR?0+v#3;lMvZebwugM9K zY^cRkOlS{OoLH_I@{3ESGKf15(9a_aCpJelg17s`qCqra4paCG`g;wF zYXUnd@vs5gEXSKf{s-!@OL@-R17c3tMIc;&T*WwTNP}t*kA)hHzAQ^~c9`UIUi&M4 zBTlk5$tutNC2adKkO60EjQ5!EXfE=R$ZXf4q2vw+F34ExUCe65RruFTV97kwG9|OP zQougcY>K#A6(6Vo7XU8U9&`tzC+u&Gf{2&724D4ugMO#qYgEr(P7=&ccivm=qW>rC zvYIxyS^opgZ;-wJJ08{d|Bq9$_kS=!NpjWaWjxZF3yB{;N(L^tlb9)n)E-lD+7j

+1&>Xb$WOo5U^EiY zrJBKjfn3MCxj!(iP{LoDx0h??{@G2Q{NS0_rsE>hlg~L*zfeImvJq_4ftt1-CoFEN z_uG!div&59M7e^ zc^*D~WBVQuHx1fLbu6}1id_oK*SY^(YB^eJDU&#(X=J;RNsqkYL+#Mz5LQDY>!PA= zH^nw|E3Yc4PO|*vIlhbAtq3JI-evxL3cS2hsdzr)yZ7+wQmC5>G!Ub6x-Gy~vTBVI zY*P>N5vyC$Ypl7G+gO@q>b=L5I^2mYSrai~WKdlFXE}9Vb;}oey*e>>VQERQ>G%O` zfZF~lQq9{<^`!`qoO&iUBB?}VZ6%O$8o+hxr@r&5E}kM@#=Sw#2@urT%Q*3{zc1i= zg4;=&GR-=>(zoKs>J^)osJ9J588$2tLnVF#2f`A7dIpfg@O|JY8`Jw|o!w=wzr=SW#f1cKoWJ zxWl;4HLZu>L5Cm}=3lPHv-7Lh|9qv5&(BP6--3#g9-Em%U0X!U%01`N;-x;BT%d{T z>Z9ssm`TpqsN*9sR}FcTu9%)OWwYV`Yri3YLLwhFB<}hp5%uH1NeLUTk|y%bT3j;%4PKfs&}z-OW-hlVYLz0@}QMw0RIVuQvy@ z!i-BLv(M$0pJeN)7rBldW|3{^$96j4UMr9<1r>!uEd~jDt8ElRF29ELf=PwX?U2=( z1P=jd#!(szXR$&O*jnx*dHoeXj!1bTA7p}M=#?MS%t&a~w_=g6fc0VK$lmO7|0R@# zS+sTb1M*ZuHF=6;;Ni+M^0c7Z%D0~tyn&y=Z>KABRfUDAGPFA2ZTw1A3Pd>U9~ zHeU%p=xECJ_vWRHn|r;_2lS@V+8*ROG}p<-Sy`U9?y%N9wA|btA+^vmP&`N$yARK*BTS`8H6fYVVs&hf|Uvs4|DnLx5Wqj|3k~fQzsoF zY@VRW&jm8cx||}L8r3$%@=t09Fz~%!{VDI7_+!^DDKkP1`&Jb6j>mpWLbs*gvDK1# zq6;afIClKhJZb)%#-631reah@zRR74NyTz$qEX+(h&CE}ikXU60hC~N2giv~r!pp3 zTg0Ec7XrabN~zhKmz5TiZQB(0FG`yg^)#(zDVp0X=)kdB<-jyoYIM+a*KszGCDVul zlHvtuQNF9?WAqm7oRW|2Kj<5Eox0@9F8bdMowm>_)rtk{W^J%U|Lcsp8U3%{?GEew zk4Gt04363yVX@1vMhDEA7?0xrBT?XH$y4%g2IvN=_&3InufCaFynA=`^_Oi>XJvMq zu$_-LCGO)TPJe&=(FOv5`kUMZLMitvATmOT>AiMwT_3HJ1l=36LZ-9R3%zgZSCa&n>#wYPT{^~h; zn`JH{FG8pxjpK5O5(AfiWb(-26>&_6F^UZ zI}-Y!={6cq@gl(~ze(`5(zM8B{_}Gp0Dhf=&R+`z)o&G?pMBN}#V+e#@VLq*ptAe_ z{apU9aktL@cbt;7|77!#Jbu4lji>1$PG00BpF;oBmDn3^uAaiRwm)1{&!aLn;Wsd3Mt9)JVBaF%D8=EcBnmZ(F1h`_$v+hH6JT!6Sr0-}sHc5=vTsYW`wNvDa zUFUZ90!l}BP9LkP-f!8anImxITfTcruFkm=P?0k-^L~r5ujqhR=z3SZ-IVuTo_c9_ z_}zTp2iktA=Rf*OXUS(9j*bdGO!>jKkoKw z`G1V^Q0G5l{_HRQKhniGRR@oN8?z=%A)z2k+w`rapc-?D0zq zX01PczGXN450^o82cQ!DuR9(Mv-aOnZT~$^+1FIE;nrk2#0FM=Le4@Aq7VnuAp>Lh zJdVkOaZFk*+X?Xlj5g#@f&%hU^Gk1>9p zvJ)g`g4ntf$pMQnWDieki3T<5S;5_kTh(Cxq3TCp*>if8RFl_SFR1MVpiLk&|5VuM zRD&u5uSA>PWEVT~+r z=Ceo7o8O(myK~psE8s|L15-W<>kb49_~GI;vrH%}TtlBZthVS4jTRVD3%An^7R2q$ zySudfm5k3;X)*6mc8dQKZ$zqv0_|)a|8q3%*74tuQua9i75Bo*1wk4A?{_o$f4?&r z*YTf@Qp(PMMVObzuP@g|ik-?X>t9|6tf~T*t^eVmn?3*O_3QjkM=AU2e}(*GlYi(A z_f8+mm894W#PQH*9OD=VCCg}P4?VyoWta6YEHYH41;GR$n|MK){jb}}`F{_F_4)5n z$`io=<`H@7QV;&;`ybXT(%f_q+$2rq5V(oKnVZdL&q#-~n3WGF*%9WpGN*=gy7Nfhu8Zb83a>R zaCs~6aD5m3;#hq#c}~8dx3IKAq=SH&!ssdeEv~}4mck^Cu-?3of1O{v3|Rnf7Ev1L zM&2_{D9xfQ5Oh(N9ua?hN@wWbs~A#QgmU)MV53>uOZCS?PvN@kQFhY*s$KhuO9}t) z4fFAT2fcC4|Bq4bQ-3>_+9r`xVlm3=KM1XTLf-gcga=Q;42Ky5LI4i;a7z$CjI)Pa#)*;VDurk9Cvr|NV22sZ&=qSXVaW3WBkfd|!VR#K{bG(-##|O$N!d-MN(|t~6fxnDt zS&S!XX7WZf3*CRS^^!P5`QEd9CQTX3xez9^YbUkJASSyB(zKY#d*axWRR9BfTiAxO zz&3!F&dmTg@owHJDAOj`**O2@P2|7W)RK}k0H~j&3@B_z`M^lk-_(j&1p0lt4#Ee@&hIvPRTLUUH2lIcdRt$Ng@gwE1S^WrG zz>b76;}py2ME<^>(!isUkhDBFD&K&y)Ii*Eg>9dninK;A-(F%}+*YB>!84=rdPYP_ zP!2?dNESOT{>(`(H}X6s&r?`+hJn*RYx-lVzxl;&w{xb|Curc{v;PgE9-aKU-{2Ay4W&EPlvR~u?7n*D~5 z&e@AWQ2Sc$E(*h-C+UZjkl^_%#7Y!@K-KsVuTEw-I!Y@`(=+GPZcXpfTN;_2OE-iv zx?8nD%#yIB#iL{=ri@koTW0z3bel3Q`agu6&DoT@MN#A~rpWU}Vs8NQly`?+={Bx} zy1>9bBjG}3xRa^%%9flH#%8})+=Vb%e_x1B2aM-5A-32+1Bq^Umo-}tDR(kj#OTnpRd zjqTQgy!xkStE@?py6qs;mTBNhsGT&K?tSuHNA2Y8p{T8E?|!L`R$&xcPf-WEpmTcr z1}`_T)y30dcz%l|Dx#q}!JdHzf+|L4<-ubXlD8VPxVuHrWDwR^3X&$3t5d5Ph)SiB z`(?~rP&7;I*p`m)J)qdqp;4xccNFdfHR@48-Mp5xp<=$3bsivEmIwaq}Y>iwh25m?8y=RXw1n~SK5fbKs=SP*wN(ke%flGp(z9XYr`;}8RSPN zTJWP6JfNY`a|SB0lc$N#Kw{f?o7W((;A2dTO(T(fI$&dC0*bR4OiM5OJ>DKd_#C4Y zT@W7;)ZfT2mh`mC(f)qcxJa$A!I3=CT0fEDp|^N%-HCvOJD%-uOB{TG_0q8Jper{f zjNo=-mW$8AxSz5Li&>;t#FhDEvUCgc>uJ_)I_97@*{{at1lrOr0I2kw5i+2qbRzrr zLz|`Ra-_1$`44P-Xc$(%09NMzp}GG%9@g>yk5UxT@^mK|^^D}%+U8rpS(lR}=n23> zKU?X7@|u79_#IG+L(m=U>h5ta>MBz32@3=&K()NNSccwx*^9veOO?0q1EdZ0H>Hfc4a{{AD{aO1D$(w4E@7zP0;F^GV>AoB8FShxsgt+QTpDZOM9#8waxr#1v{jzB z{O9F2#+9+SxBK51|80sIyEi{X{I_mrnDhS_*YV$vQ}&Dh_6?r}51IxD&=6T{W#pp` zy=cg23~CU&O|dF5Ox*;nj5100)|Z&#KzC_2v`1iva6M)5s_<^P_Oj;vs7a67kF74d zl|AqO!;9#)MXzD0OxHzQ!qWZUFcbg3-y4o=|Novh9Qx>Y4Abe+;XM#A*Ut z9~*;SqCy;JPHu6RGO73R?lc)>f}qupm{zwkVZTU5;wO*I%vHoq?O{QZU9l+H&A_~o zPt7?f!}D~0%NC~}R5WcHRplf_Hgph{^xazpPefCxSJtByWeNbG9){+e?$R>>;<0rs z@GZ)2*b$sI67(7-Fw}!>l@HsgU3weCy#lb43?QZR3*gB9JTR9JMuO=b9$aCnjZE*^ ziyivTzPnK1J;LtZ1WpuD?~pzIF%9yFovv^d{UGvR@Zh4oV2S+icZS*f-@V?T-v1q? zJX-nBF*ug=7m15D%6_yKO?ZP7;MyK+!I*WnTmul$VNtH&19}jNqGBTfA6BHG39N|M zyjR{OUo2S^v!ZX_#BWQe^c(EKBf_?_1kZLer1DoglZin-N5GTFk4#sqbR-RKrjO;@ zw2&7EfgcdH#)H$9W# z;;VSEPcIdaMN6;(W&yP*&}vT&EQj4i2CN>#Pb-p5U3MvZ>VHee3Vhhp;Hg-vYjm|b zV43}A)a&K!Kf~JobCmK3^}p<#I+PA5G`=?o{yhh;D15PosJ_oCf_Nq3G+N-Ec*69P z3d-O4I$+L+u5a4ZCYEc4VKwH>T4VLuw;*~ss0jx(VXqQAwh@0ncn3g-sZf)(w?8^p zjHD#>tw3c^h)Q-Gc4%;E-tN{Ye7IM`wn_0)=T2?&Z+B}RFO#A*!X^u9t}191#n>zX zi{NfzNr)4KI7z{%iq#t!hC|_lBeOdu?5g9TP{F>xb_HEU1#&slwm6F`~#@8;wG zj%xqE#vATg50q0*0wxmd z;cPd|SF^}qa3Npn`~2w`Hjq~81FbpicM z$6W_GanbEnqsmNtzQICO@mTEsNl;q|KJ{{l{r?hg$iYsnV~kqAUN2iK-*;7=pv?bo zJRD`@|DZdl<^NI2Bb5JzbLvn!LA=%f?|;5YR0Q}z-a{)zhd_YEWV*(ygks}snZPEU z=q}OjOOy!)or55Ji@?GW?Yh-a5K=cBCHtOovEdY+G++mc<(}F-Nt*-ot%%qU+C6pe zy+_|l_VD|6rc^-h$^S#Vl{laJex&96yp-_&&aj{5|NUXF&i`z{hp{@uRzpJAt)wf~HJgL?fRqdda(&*s#D?LV&& zX1uPSWK=uWqC6m9ucUiUsXAweB&l5{_6r)(Oa20DlJAi( z(P92D3QoaqThQ#26Y(3%p7Q^s@QNw) zSeb|~t6GJ#4Q-_!bC0qeTjV}v+qU`rCLhAWHbr&e#aPs4VWV#jb8>RfBNG#-SY(Jl zQ{GiE++VT?sAb*fZg&SELE^#p3DRL{-X4Gi=rs5kJAeQB%%1Xp?pKHaR3`t&qfXZT z+v{{{`G1V^2<89WKk(M?J72f!`_9kG`nf-GyqRA?#Gk+afiQ=)D#j<_<~FfbYw6y0 zfZK;F-)6C{i_d>ITnW6myd-a`nvgekDxe{Yk0&|l-duFAetqYo<0B@=EC}p*@rYYUKvr_Rr>@Z0n922xk;ao$U{%K@6J>GDjO9m=McKVdUBKwyrs7h z`R;tz<)RLY2cWQv$5|>RD#YRZKO%n#Ggzk%l=^>k#@YRU9sl7-}J=0Z#b;|zm8HK_xisN%U_}E*A8A^pFSTrNc^Yb zrO!&a{LjXJ>JEFg{r@QC5w8DuP91#dXM;a&yXw22$C_8mp6eeYEMqcjjn{Wl%GUpQ zkd^=4QKwh0|6`O#xc=igb@26nr9hTizkF1504SUlM2w52Z)5s^=0 zhwu?kh|g(X^k*rD^#AM@7=p_5zfLc!|G}f${(F@22=%}GoI1E3xU2W)L~*Yy(E)2W z#oA5r&*G+7tO_2)6?&5S_LwfwySB}*3WWq+KB|wiY@2^o-gfzDGf0KQ7k!2|8tbx6 zIf(twavjW-xMTj8-guPH|I(}N|3@j0Q2$fs)Uhmp=d88OCO~#;oTIg6{ucrL@cCZ^ zHlIiSmzYWi&;JsW>7e;v9*91B=W)?bVZDM;1(TigxClh{%HtwXIcOdif!CgSTvC`F zFprCh-Trx8_C5bEboy0Fx&0@b|D)R(*7E--R6Ff*|l>L-Vr-k*u(D_N`zt}y-Ff7 z-4*uT{vp(NA0bTR=F({U4ut%}KM_rH%) z9-;on=hVUVzqbI^U~q*3C>|7PfE*2}1T9R@c2${JmN#nUh5 zq$PsX?|n8G%ELsRv@SVmj3dQW?Vwf(Dd^u}&Y$<`-r2S3xX6O;t&gT`;W!yiT|T4o{{f|xi+upb0RT28V|)Mr diff --git a/released/assets/rancher-istio/rancher-istio-1.7.301.tgz b/released/assets/rancher-istio/rancher-istio-1.7.301.tgz deleted file mode 100644 index 0870326e9e427491a86022ba6f73127fe49d47d8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 17400 zcmY(KQ*b5y*S2F@6Wg|J+qN~acWm3XZOsHT$;6!4b|%K&Z=V0bSM~KlcU2#B_0MbF z>$*we;IP2{yFhec3}&+GtQN9L+={+@T;?3wtd<&FcKRB8+$!4I+)6r*_GZqOzM5(- zLb6tlPGFY`a5qjk2T? z4hPK2VX=SclPG`;UcH=FA$H#*VsTLyiWL_rIOm5ct10h8<#28|qPW2~jj8ay;kI2C z0mUn?zQFaHI>5%2*WHeC7vL#N`R1}da7CE!!V9=?{V=1f3=CcGlPsklGc*Q zWn~0tq2ZVlD1ts|zrlW(i#}7rp@rcUgzd9zWAzJ+@hmBdTSJ$DFg-Ulp27F#Rz1b( z(NMlOzwi`8C+PjGOa3-$2qu9}p?OD>ws&YiqF{Z=OO2VGu8%}M8B^?-!j3T=oomMi zTT<_!q)~mro6DjOGl&z6wy#DCo#6~i#y*0X%y%@MU90r3iQWdE-?I-zTn$Y{_QjeD zE5Q*$L1#j=W2@1)XgYD@dp`PcvV;~&^nni<-IXZQ_grIHx5Mvf2&aes*%GYDoBFXV zKDVKNqr78IwMOl6j$AOe#wcWi1X#_6U%PaNg^bhFbQsBTi@lek7$(CBSI_xti>S0H zQGi@i)xoLU`O#3C>EN}M@wKT{G42nUf?yIloTS?j=!pT*xIVhUNwU@QLjAvwU*OP^ z%A#92K^5=8`LbGoL(yr=KhPdfP^^$YaIAy`dX?Pf``g$W;id)rW|;SSQ92{&xNdMv z&+Puhpb}fV{M;GFO#eib){wtxRkq@|c8ObM9sf?s&Uq@k(i}1iin%b^WMAC${2IpSsIg0p`-gv(iYDky*z|Q zTCh*R9L3J#MbnLbFg3$l27~CHp`(9MR8W_)m9;Ghg_Q-RD;W{S)sXd=>JD47iSm~3 znM+$VzTrcAu%+?0(Ocn;yH3;9rl^8uPkC4SzKtD2HKV~wl-;^-$)-Q)fTVxN^%S?2 z7+Q=TjATPYE+zBd7ca~63zn5Q7KEo+!wfruT`CH7845qcG_5zSBQK6#n;}FBVJN2x zC%f8)I}-ymraE%^LYMf20)5wA2@z*7)&L`{;MzhNo`WHC>HAUPO8B8db$w1Vj~Qtgl0#nK>`qWlMhH;`Quz-tcloFW`xOH}qJ`4^I^y-vzy zQJ8A1&@T>AR@lz&A_z#2&9|5N*V_`hBS?5~u7^aCh7Hl_Bod-`JjqSX=rR$E z9&>v9r&5Orezdpq8$*KLxj9WDb_zh7zGeI-$>XuspPSJcb^5MFdvuBt+_G^K-?|ob zFgV_F5&S;`%^={Wgi&toipY}%=fdo1*ntL*r&R3_J03CUlp3XBMfpA@&!ln-*ebkl!? zYn^;f#h#9yvk?ptNT(-+Yly3c7O?9Fr$Q25z&w1<}Z$AL-Fw|Pjw1^nl3rQK~rd3wb4xpA5Pz{dB<3bwzxpf6)49A z1b%pGiSYTbQJAZVkX`1~ciwV$qJyPTkz$Q5+R&|?4&Si3s%095o&Z+?*dP)!6r};f zTn<7fDyZ{^p=-MoP*K5CA1rVvNt4%=ozOVp-GK1urEfZ4qt9MLIbFux4p|*19^zr@ zQvg1=ZwJOB9N%x|Zsq$ykN*r8^=~NvDaNE$V()29t-6V2tv+a+wHXt-+4}RDpJwb| zQQP%|+2;+_mFzRa5poQ>m*q@2wfqM^v|4?I12v(OSw7}i46VvhC9oOFS#M$kF8*wM z#dR{HCPB0Yd>uzNXQ2(Hn8M>ZRVS%Lgu+mnqK&7kYSs<1P1jWH=fptg(*=5*UM(Tl zJR$6;iC$%65ij{IDQUXwoxEZ@5zlM&C9-74uJ)3NniW$y`PLB91G}f?PD@y-R}y52gk0sR>ePun#ZvC^QahBILgkoK;=b>%HLcG%G^vq~elcG0D&J za_KS@XX^?tp~+yk)v~rDocKl;`EOt?Q0!?5?)mcBW4cfvuA(WMwn?u?@A$Y$Fqw2%piZmOqCD3j}J&$1&Y30qwisf}aZV zP|T!Q?)ak|w-Acff_ub_1uARKjGrMwN#kaCY9d|b0_CmkkwBZu<70c%EnpL1Vdes` z^<>xQJqLP9$z19kI-57%q1A1Ixz{CHWKa>^+D@>>Imy-2)DCFBOM-DlwuqT%?bY9s z{b{1(@u2c&;A^$LNM8Q_7>fKHGHC}DqUWZ69d>$&QFtGLC{ZYk}z;-ArF@FT*ESZf?y;8GVFRWYjFPF9)iHasq*4;UfQetJ2lQD%X?c|R``&L zKm2RobyS(;*2e@@dgPP7$^AejQMbv!D$L{CC`lrLt&oB$w0)z2|M@!nmSgH4`1*PD zI(>Az^}3oNxy5j3E~8w9NT%-j0On^MEK#iZ6ZWVdOH z3K6!uVs$)hF>afGKfSkWjO;A$*BVb@&&_MoHey_@%c*yd81o3$q{!t;qP(M0naMc1 zlg+AU)^yEkWe!eH+rZL=Z7Z)@0Sp&+VgNG5glwxT{m2)A@{DwPHT75^xs~oSsSQOx;tg4Y8pXCU59X)2(s6ps2#5Gf2zyV!WAiPRmomRx zXfXm@kYPLbcd;b$8mv@vEoXQHEbxk$ z$1{nt(r_zSgd}%$+Ck)_rl{d z2W{a6wJpu)y|2aW10nd$2sc4CdhKWIcFZvpMSLaNl!w#m_rz4~B?QscTYp8|YDA~s z-xCv)5hN0gC7?=BOY}{rC+8ON>nVN|z7HCzVT2<{p78P$6QMx(&CZ98V{p*XX$mgj zq1;i%i02Y-yuurZbL@U48u8<4bU(=;rnFYgQGWjl;4jU7Z55G`sYcjvgtd>B!7CMC z;EXHDnv+i%`R-iBZ(0U*!qloelRBrkI4SdOwW$ZCtG3MwvbK%6m#hSq8iQod7E1xW zV*kCycFr$f&NdWGzTB9UU3=-SCKi@&jK8+-vTC`ZoaxrYwv?*4{)Z+T)vs(QX1}yB zJZN4?PDwTuwZM{4#n0R}zMwL}wjilz4Y;epvr5Y-Hg(w707BTFN~2$|JEt!%MA)pn z!qQzDq89Y9#`D{QLb27oz+dRcf`v8k#eMltD)an!5Nqyh&15$j{B$zK7SN3PUm zH8p8a?aRPOTJt4HRi2tdT#5BN^WS1TZNSf1a~#U~?xke#R&!3&d=tRuGMm~vBMErT zw}B!^i&5BzyD}oWW>xt!4Q(~-pKQ9BTBegIc=EtqacB zSlglX?vFQd&`ihM1!4y-puzTDhZBM?G!i1Vl`4+GNPDGAvV;90DDP;OHWkdbartsK z4^B{r0I-8Sts;CPX~US$ccz z0~n~3^Y8RMpUsNzFZz+LKwzRUi5|hOjZ%x$V>yPR9%x?LK3{>Dh zV~8m5eEH-WtBZh~i1dj5S<-)2kClYTpLwxjE$vyiu>5HK>zIQMcBPMUOsPV(XBI4_ zt#6l>y@%&6)1LV+dX*8GXUF4AeJv}}g&*1boV&QA=&x#&sr=`C1%lzXkHoauzp z|E$(t8L6x6dWQFw`)LfnKkir%R%a0{WlP4twXmo3ox(OkhJhSSH_xMsh6ELeF}jC_ zyxo6@E@PrC9W*3vT(wj4Kly0zX$SB4B?g?2smsmT!o>!l4O>%&L(vc@ae2@Wv*BJY z6tqYdXjq>P-1%I~My}WMeJH ze;ql0W$#0wYl!@6;sRykjSaKv#o1JRJVD2{6Hlg|7;>r;xK7|1+fviHgV6}&Zbpvt z2`eARR7fv7TPG%UoLgDdB_LX_XjeLZOOwkP{q|!ecboA>I};rYl;)xiB~>OB&bR7M zm+54QjLdTBYoI(DE=hGLWLpE!XL?krEGH(p$Z=LF=6S`Ysq_=7d2Mu}{d?=_KeKW1 zAcY_9_t|j2K)g1!ow{|d>|Imj#BlvlFsZ}>`KXSVhleN=U8!DcCtjzAqC1LYYzZNO z0-9Cdn+Z3#ug#LN(Z^OPeVXmNmO%WO=}TREQP^JC7e%qjB69QyqI|L5!x+hQS~>;U zY;CK5Bn7?S0uPK+1D_1yeg5WpyP_$5ce}0Qta%svg`3DROw-8wDDt2zPcr>P_xc=4FDlnp)b*wv;gHBm)ZvuT>Ev6VQP^u`XoXbhpE=lMENjM?4{RP-YiTWt zU-zfMvL?v%q#n8W=hDm8(ONJ} zxmdfhVrj2%8uBkcK@;z>*_g|G_L@#(Lok0_-ZHG&yxQ6)aP1qF2{A&YGvbWWdp+P^ zMx9}btLpuAR-5?@ql67XlTJr=e{$i?qv?sUOupMJkI-Q{650O|>Qsy~s`*+g%u zO(D<^+jRZFUP$#iH6^LS2-m`cwoii2vR~Vcs36 z9ioD8>O(oiue+3PT&kT(|7e#f*KFN*8`iccDb_)am}FKIMO>A!M^J!F>vw(gp^{j> zZZzsMs5dHho3I{TA9R#3gYQWlWar@Fk|%jnx@9u#)8hU1r%XiE)_HeuYSg z`<}*+ruqPdf~Q>3TfZ>N!ZoH&a}@DayJ0M*s4cIJtHgsecvm*jfY?5osxX}`jJTYz8SPKKt+c!$KFMaJjD-op!l#lPvp>)mnbPS6H| zjFpkn#>Hb}%d2hC$;-d1AS>+pta!uwy~?KPjizcK4dfgULg+B|wi9xsQ?>rM!@Leq zc^epc7x9;SeY~-xu0r@y;85U>A=8CQuI5!q*m9F%@Y6OOe>Vh%b6ZouWfW)KC1P>B zr$rd-H>yPx91}b2>FkOZ`6G3GePH&E5uyH6>ahLaAYXae7{@sy(WCwMAsdu{@T87lDjz^{ zDKnTArz$K84u24}uo*qicNfA#<8B=_FW0pDeKocr&F{1FXB|@I+9~6YcJY6@gH{ba z$W-4`$=kL5z$u)w64`h3h)>TzAD!~^#@6E!=_fsj$%tu@EcOL`MMa@=P~76^WkVq} z>2U_v>J&s1MLv=crH{_CUK|*> zHeS|JSns}n<~nHo^sM9*swZjJ$0V=3ll?BW+zuR)5M28;C3UsE3|(QrJFhBA8|z6~ zV3Un#%ET6d=bAQgr1`9G$vsaJ30^Q)!pH}G*{8<){o3@qN={Qe8UMQ4;-%+h-W@v! zA;%PSoDe#Pt97;|Sy&#NbvBf>#8P_pJ;;C~@H4p5_g-~21d!XHITc!8Bqx%O{f{!E zW||*=1>1JqAzjX#tAU;`!gPi6y>x&3#{FNfgue2{AHbigrxd59-=J;1su!TiNx6G8 zs5{H@od#7^BEe?_@0XZr;Q?U<1gUpO8QBp^QEH2AH5#7m060=w#06nVQL4g1XlY;a zHU;Ba!~GBqhv>5gV>{0qR|0e~N#l?T3r+m+2pjAP92^0lGn;OL8y#^0+wIjFZ+OLx9op-pO1ZzSk zvae%^YwYN>iG_6vl=(Bkk;T2gGj+ z%nW+(yf<@CBo_t8zTQJmH+PpDD`fdT$y>}&AU=j};*$V95;rFjj;tb`O2O6gQPsS- z)|;~W;ZIs*zxJx(Vb4TD8CZ|5r8;Ryq6(mXc$vQ*r$&If)#&%bOO28+3b+^%Q4--? z5__-Qor%jO%V}fHOzdeSo!@l=bcVC4?rd_Uu@PU=sf!_4zi1ingtD`H_Fp^OSiacc zoL?_Qhh>5Xov_cywtp z;YmpZ>%Oa-D00`DNJ{ZmkFq1W15QpeD-!fJf1*a)X1hSd`>JUF#25f0ib6cfE~v+? z#BZ+`O#rsa(#yq`H|sp(v_4pU1ga-%PYmJseNtTfEVLzF)a$!Yp8KBTihc06*R0V% zmqPrK1Svb+cK_ePD2uF_*4Nn??27bfbBL{wb}tM@>X_sks$bJuReIF?6gvB2xFYNj z-R4uYD@c#NEhU?;mOnY2=Yyw%C7m<<(3T?9UTh9bS6vp}9K}(R56Q-!lVCvFE4p%| zdEGJ>vzufx!Zfx{!75QA04^f`TkjSHYBnytLeB>_8~ZPaNbhD=l7e7mSzfFM6mjhI zEJbk))}jVmp}CwH@|-`qdy9dP38;x0iINHODY2bnCQg#4=ooAzdB? zJ{Kt-yJT!quQ=bE{AfOn`&O6zrO_!}Qqz4Kb6ceFtiuvKFCHI<7`b=*p1ZPm8hy|l zI@P>^t0sP+CVwxtXi$6B151O8Y)|>p#p_gzfUitPiQNWz>&{ZR1Ot=7|AyFsf2Wxew z+rk{D>8}8%wLVr4JLGxOb2~nT?aiK)dUFtduyQCRzQ;}|f}%c|=Wk=BbF0ZLt)p)y z4$r^!MRlB7#uk({NN2G(c~A4(={Jfz?F3x-FixEDS}I=^Y5M1xXT!a(=PJsR$w4oodD~%3?a-Qq zs~WOspuIFq`fYli9OP!)D!@YUlM-&sFHD!xtPKlwfXUFNKJ$Vaop^EwXdrG9F*6~R zN_N2LBhfo6Gwb1@ONzw!FrVc>E-YWBIrP0W$#0&F)2kV@}Sl zo1)0i-DZHdp~I^2fB7^4lU6#NRRkOL5r@oDd0rZ)dkrh_SFSkIX8h%1M%y6 z*NxRiE8A5S+<0X+>b62@{C~L=clVfZwly1=0}Z&!l{`05HVaK>=i5>=*$^0R`229x zTbSG1`?Tf?MOb8=mx3)lGwoq2RT~b23fR91q*k*Nl3DS}*Gr$G;CS|rwDR<1w$x|} z)zbFWQ#H_bZ#qRvfCQr}UyKAL3KpmR0H_qBv<+H~(;_k8_3e2P?6y6CF$~|UaxJ#O z))+)WI}-?qO`#z_3n)78p%Fr^CA`Qy{oM{1=@DaWn3sF7|EZ{FyHEor;j46vLxmS-WAKUvsS0Gp}{*YG5wgVx>F7 z!x?{-+hecsb$3&G2=-(;T2Rk0dyhgwT+(UKwWB~xQ%0GXgj{qad!F?QB;EWK$NjG< zy|v1`c0Kt#!$hrICjvS6R%p?x#Lz}8ZYiXWk$8$@A0 zNxQ?v4Ig`R55*2hP)lUSAi<1ZGBRd-wd<06S7{rcz-_=S>|c3{KtdIi1iy=h!-)D;Jm&XvlQ>gO(+%5*;JxJ>nQFgL^3Lm9jS5;vmZ6$9}V)gOZ!KHdch;L@(5i&09w1jngz@#qXNHV!j0If{rB$<0~jWD z9aA%Gh7WfZ967cMDkB*V-(P7?HD~1w;MF%gaB54Nz<2i>3MdcH;h<(PgTuc9K6S!H zM3lyhAhD(ymv-Rt+>C2GHROLO#sW(r=t-a|>V4-+hjjbAc37kSo%2l80eL_|*S^B$ zr_dwHx!kuDCvS-Z9oPR%Z!e#bCQ0iHvx|Z=j)%iBhrYi|V0<7h)B#X%8sA1j9u)JC zR`(?0x@?<;vBy#|B&cl4nJLgPGk6nX_!Fh;khi%WowOV&^Ilq;{UCYTW=EigL5@n` zt)`^?i4@D2e>1B3Bu2kx;>+=;w8=jeYOxM?7VC_FU%?2F6-_Od3$r@sGaH}OmF$o1 zBzxz23z2|VP|;pLzBu~ch73PDd9t9+$I~@5{cL_5$i?Y0Ibtzt1C{y zn`J0w!CU*Ms$|Q^hlqG7M-Nq$H?32tbO`XuT~)v7U#S7_xF0fF0;#;wL_GtZQZYEp zu=5Os!&Vmut9dxJjea=c7Lfa&kU<-i8ddXUEFy5v!Ka>n6^m=~Oysjq8@vd-6VdMB zpHB(@`p5Lyf3FrpIgm}x>8)0Tnws*2zmiNtjGyZ+6_(Mn>oACR{S8~~5@gTw=-ulh zMZrD++_A3;jJzSpU@C+Ke_WEN=g3y;ls*4Nh7P%e%LH{RQ&uX5{2ihXpAI@I9CE2~ z^j2UPegAN$Sz)O%xU2-(gJLNty4y6^2F^cpD&w0m+__c-xp~!cG+xrXnPV{WKvYTO z^WPT5d34QP(u9Z>X!^_Nl29#Dp*SBpXNcMqf2ErdB2@-bLs@8-)2dr;n(T;0@2)N# z0#!yS8+u90gV7)W)bwEeXQ0u#I#A^lpF5cU72u`c584p9AletXrVGaVH^_unp+=&9 zMH5%Dygub3Kd<|Apg?9m#3Y9Hxno{duJt{8oJRKRYeZ;i)j;ZA-==Eihb=Z#2K)>P zRKQDshF`rH2}hw(zQ_qQilCq7yq%%#Dci0l1HXVn?F|70OlN5dqe}5uhZR%CK ziyZWgU@>AlpZRxkF)ZMNcDfO#locn$NG1rkHulMwf$wRh@YGLb1q@Us!y#hRP#;qoyfjq)fvITzdwIjAeF+k+~O@ zqM3YmF=nLAMGK5)yz1Du#VUQ5Yqx6l&Lx6ac1te%uoz$)(77oC2XyAzbrS+>% zYqeb>yqRH)I?6G7^j@f0Io39ztvO6asi=gCtQxN@3U2a4?K)7%NPGCy}p)Mo&cYT7ZJ>h6_Wq$v{c5SjT2t zU)G#8Y+xPvlg(A(0Nz%q%W~d2k!Pj0C;$RD)J{~t0V*iOdIs3o3_yZ*6yC&NKvg!M z4Bdm-?8Cw&Fvm-^k<&Z1kV1O6Ik^{Z5#|y{h9&zxNF(u)d7Yq$=k{9^-eQ(_&u zgl{;;qC#qomaVPIT)Zjxyy@B5APvW&XB+xGai0_1Wa};lWo+m_rch*y#bQ{}P&huC zAu*CQyjM;#JyT+uXO*&d6? zD}`I=1sRvNs^t6aHoAK8_aQ{g^V2##8{RrEWDLY=35D-y9&825f0Y}Z0?^AWFoM%p zDjLB$o{F5iszHzZQSX4Sj@AOT9WNysfp5#->fi_Dm=qV7EWyfTkBGV-O?erdFyL}v z2ToX7lnpWsMLM z``kmPx?0IVh`C7XbG_mN;QFTtVx<67REYfvnpH*tg5Kp+jDRBDeS-+y9UnzLsb^B) zaJX)$vt;>yWqP>IhgCRHXihf}Elt1-&y-f{4mmJgx|4S!kMRfGiWS&Wk?U`(3?^VT z82?Z%Rl+$@vu41X**wtW^*EiTn?Kv~H{^=@r(+o0gOcBF4YtaXJKl$87Cvtl|0Bu1 z_6K0o$~5>Z-L;hbQN++$Z9Z48;R% z9?Ml*p_(4Oe_8GWI~C{%x0XzW0|+$9yOix_!899e=Vug+Rax&21o;mc4{-j)%$0c! zw=12#g@n|&Xi0o_vR%v1OND_LoCIL>XUfw%tVL+@wK0sjzBkT z*52O}AXK|R7mu+(K-JaE-sjLjISnmnI)DAH^Ja*1sg-C4P=UPS`y{lW$QLzN<;Wm$ zv;spH7Dgmbb?l@5=TN&CbD_CMAYB|^7=eic`7oUU7oiYAB6VzMoVUnrP5CW<$Ll?gN4)*E=GAs>$ z$#Hb!AfbznFYbWlY@!MD$@Gb={rRnX7tzl9!elNdN(v9L+6Z)2@d)tp`U|?E61sZ) z>ggce;RgGSBa4s8F&pil_?cr2Q!DQJ2( zKy+(8PgBwQB|5Ha7O-i(loVF+2Z&7_lekgSS)SdOhBM6H=1E0um6_`Ky4ZO!q<(5p z^98i5D*%URs;<5OBn7|N3(z9m=LVExM*l36f5K=oq|PiUvJi}J@X*uiO+rny;+W@U zX@`^WxVpnkFs5lchminnj)6kB?yNv(r3-?4hTA1n-BwSDENiG z6$w>&H9`a76uVJ#aH;`ih|Btq#K|$RpZ4LtHFdXy(p%W9$OYg@w!h5+b&g{LP0{n9 zZm;ZBj%B1(6PmNNT0c-I1V&a?ZfBAr) zSy1pBWWUOiasDZi`2^Zpl=#^B-~Wh2TidOj7r{3)bN*Rffxm5Z-*8M-gq_KELLy)juKDjREu*%fp+B(>{l1@A0!%#I(c!X>W;AIg z8Y59)EQ1eJuE_c0Q;>ymNd44AvM-Q;pP2iz<=;N5$_q{b(kL!Izzv5Y#v%~$2k1Gi zupU^&_BRX0r);SzJgbiU!nF0Sr$x-N&fOwxQh7E3+1Q|v;DmK!ucswp>*-`X>fuC|;0%EF zMMWAM-DfG(Jq{_myaIKGzT%FqBF&`(SFF30ehaM5)ic?wQ#%r2OsB{HPW|y6BVHNV<0x80&(<^^1{|J7L{b(CGMH^nCh{HK|$l(9Ga-1u2DuB^W09oeanGz?^kY{8%+ z*|D3%52476bPUE$kEVc4{-)|lFyK!q#Ce3I;wLB6bDX`aquQPk@zrDRQ@SX z#x2U626&QU_`s4uZM8qSqv(%OI3aOcXb&`kh$}U^{2mH$G!6=%$d1Z_ywB;OK<6;J z&QgQ_G`gStRHP2p%c)a{Ia!^3)aey>#`vlB^}mr+OmWA=NO^RS!lhg?ys=?_B+Rs| z!Hn!d5hFI|H0XE1Y;3|NMM9*ZWp`+(T_LF+j6|iY6~magg142RS`fmT|27rxHboQ? z&tOb*>v1KTt90x#>uvb}6Yx1BEv)?&s>|1E1F>>lj6r|77l2$DbzWd!e$ zOh#}*ygQ-cnmbWe!@2@*rP)NwRcPc2BiE~9T+8q*Y5zAoyPL**eg#Zg2ReQ89#o6Y zmChA5p)57bUm7ykps`ap80|8QEEloAMQEw-m)II(AMU7SWM!JReAKu(TcZbTzM=`* zkYCi7fyQu1Hc$Xn|FOZ6SKUt=Z;7&w%6!jnc+^!9LKexM8|hj}EcK;tW1}vQ>Qo9( ztG>mMOhr0eRu<~V4+ps0ed)Y7nA1^uG;oR~l{UXCP8L#kUZfv3L=bQ%f9m%>_MfJc zvPQg5Tv%KhXIPk-WZio{fHS9zBHR`bApqoq51oIX^2mmzD!nxjMVSSQq=i2WY9KW0 zyeEcH&IoZSgwyX*((BytgCh`=WbhH;PWYX@Q>|OI3T)WELzZaK8jF7(AC$`$9%LP; z(G%k5b;0$}8LgnPw(tcsc-A|MW!W(%TtO$^Mng%W?Owkw6SR3AUVCSk!IZUtWl5vm z)8QcoBFz1bee=PJ3UanjpC3uLug8C}$4;vF)yn5y(DmUk4t;4cf)V2;2yL`bhAX zGEQY!ZhsuQ4O!Q2Gg4-aisY&jj4>|?j9V&7B{?YJYyL{#FUTf}puosF-|2MpP|X?; zFaDHGuXiyjZDwj1_2Y53bnxo=#GwCKzs|1_S(u@Uob*e5L$90cagWbWTaB?4_^&pe z3b-QT+ z3N&86K)bRjcxD(0LD{OZ%rrb_^!B=F8cwEMI=aa7OkHo!PJcU} ze8PdscGt01l@%A9ll_GQ!?Dl)Q&~+{9nTc13@PbvY%J;IhW>bJN|1|MFZzU0meyXVn|WK zsg7}USjf)P(Q0Bs_}x#YPUW4o+G%#z)<)_lQof;wGY#6y4CZ{I$W~GI>4{4Rtj&py z+@e2zlBW5t%pMloww)#6w+`l9=P7#WZRKumA*oBV;=q~)JRasNQZ{Zb>dVk1bs6g0 z$B`KaxtDNj6Kl~bP_ zlWY)|MP%&@tF>58_i9@e*dN)C=aZJ~^I^I?h0kLIv7v9C!67QRKKoG@JOR6$SC9JQ zMerjfbHe$M;TB>=Q9X| z26AGl>E{1pNE;1H(o+BoPV)o)6Yg;jd!UdPF9B4<|M(~$d}SyNdXix%#(W&%O_6)^;l%nnX;_VB zqU~QTP#i7si)a@uFrmXQM6O$IE2Y}o8dMLU?RRPSt%xR;NS!H0etaB5AmaWCdA+q| zq{Q4OMv>*Eb1+sy#z!EOTvC}l-xleuN%_#_*Nu-Hnoqe-em(d;*TCl8v6rVR)Jb|x z*GFNt*O&jOzPLJ)JFD@B{8`Fw#ZAXFaQZDc$eFOt*-1QrAP$e(ko6KnUz&#aS+M#be9SOA3892DGdZ5SK|V4S-Zx;A^)pj$h zMbg)1?DOgh#f^}T276k-PKT+;hax67rQD;`V%5P%Lp_UA&N~Mr{RJ+c0|uP$z6RIb zt@&$k1DQW>M0D=r(yRUW=}nP^O-k9jYZX+KnUKYD(!Ua2~5A}b51Gk8lD ztCV=HwEL=x@@R|l5I%&}zWr{m0rHU3+g~tW0t%ic7CvXwo_+v_vf2xP&pbki!gctv zkgUd+@CSPHh_EGAR9+dgGx@`x$&o+Ed&=8-N;m*Wue$7OQT2DSF^DxE=i8fy*N1`R zJTZ_ipO}@?FGEY>US7Zrx;xN$0pSbCcp-5XpyMAzRN|g^iaU@*+Mg1vx+CNpA`V6Z zUrXqbt5oEwS3+knf^IkST{K{9Wd0LNTvD95xfeR=7^>`sG@Ge_EoqfG&B=fB{P`#^_Wt>Nr5|TQ2TDH2EOB9Lp;V=0@7OZS_K`rwq{HFC-s>96c@vVt? z8NRNvw8L$-lIW8EKgSB{0Co^bo1KXP#L_G1DRTzoU-jAcB|yl~yUnC4Q7=9snx<>b zbQx^*%Td36DXHJo`SwN!BbEa`j@aLY)qfPRBO{ZK747HNJl7X=7;68DHXDv;d!r6L zGt`4iS+4J>FBKwwbOb=F#tiO_)KX|=HOE%CA1X-DI9@O18TMcpw^Nc`p2Ch*YLVg| zF!}qJu!QJ9mreLPHsS@Bus{5KyE-mqVbowDL9uK5EAzP!wDt@LC^~(28?j`~2se>v z*U{=Y@~a{J*bI28sbo4F>iMSM1oK~G_{TnX9t*8R!ha(zY2%Ww?hHhWa4`*8(X(i%P9Qkqc z>b@kcWObCnI)uN-`!K&taEPg*i$^G#+QV+^Q%9-q16gySfWwJt(ICIrC2vg)yZFW- z<`NFYf-Pcn4WcE@W+2yf>|)G_t2M!|Yl>u<)43Jx-c3b;u|_Ggx%JnV^kj;H58JW$ zIV_WKao7}hu}WwLV=KMH5X#)EzRAfJN5%%N*%@?1zI+!s4>z73;v|cy@kJrjNw;-o zJtfTwMWEWnwZnskqSVsV=yPiYP~&%qc4LX<@kVfH%nVwQKM3{kdx=V5`@E!k{qIxZlbtnFgF_Z}_np4ZOQ@ zl%OZXaWDGIq^EsM|F`yBx|L_2$+Jt-Ojwoen*n+mDx%Zy>l;8Qr~8~?b;$HD#a_8* z3FQcdV9>uB=g%U~*k_TA0WVN9@HqvcQ{#UiNGk%IlTyr$gsqX03A6Ys7&K)(NxdOQ zgk>kJVlo>zAeol>=!lWI#M(kbrk06i>S3QFa`k68lN%$U)Y)tz0^;t=u#hx);IMmQ zP*RL{)S)KYDG4t1@LWS=Mz!1<6#EK`xC;10AS!$wC)D9cd@qW4mwFtzA@pK2?xV#c zC-j@pc*yxsT%#Eh5`6Bu`_0YG){dq>jOQB9|MLf?Kf4y*sPwgw5$HL5&T>U!p-0di*t9jw7X<6jelL;=40lfl9b6#(^|o7po4%Fy1O`k z9ea}Vmv0ghOV;J;rF)VRaV8@eKUwT&P&t zw(DoD&PP6?90yD&;t(q8jS+Jxe%D9Rs*yCVebJ&(-crOU^KhybFdUOO$kl?P_2w^k8@{I>!SvE4lNra!5?l1aUV?QXXDMFXVa`RWx;0WG1QGu!| z7L}oofgAk~k&QRx#lKGE`UW^(WKmk`3&~a5^?y#w{|eX2Wpug8yywMy-;jS-5xe+u zK9FMcXCwtD@zJC;Fif%7cwdIu56^$Q$7Kx0!@ zVYdR^oCZQj!xJbPxOKPd+1D^67y|$!fFi;Vra?Y@wjmWH0}b*GWB>}aM~2c ze;r5i6Eb2H_;VBcMSSPFCORtdT5TnXBrfbknJe<#RQ0C|t(wxH*q&DV&U!WzVm6DF zY!0h7>oDK8r>UA80qnM_hkxrFa1}pW7oD53H8##bNn0Q#vSb6`FGtWyH)xUW64Yx0 z`wj|9old4ViF9B#d6+25%)mcf`2Q?|vH`+}|CJ#3Lrg(ezlj>YIETGCok+h&eMq9Z zp^mt)wsr}n_?va7hMc4G&ro5I9}Rc~0puUe8sdgn3Dklogc}{MtnbS&M%5Qra8*w6 z2c)`|GSF}`DL*$ofzbH9^emPHt=|X}hDYen*$cqmY-)k$z*?F7_A*&fYsphY?aAqb zHQN%~ySJ?bMund-e%p6F7yWn??)9Z1*;SkIHqk(7s9qYeVCi6U=DR~UhC}4ejPmJz z2nB16`Io%R8pdXvi7UH*8R9$J&?^bG5jOJh$W-1Bd3(9ZxE?C8Z*p0|- zmP+-vE54Kx5Z&?02MV0-t@k=<9Zjm=3^RMgQ>W;B7 zDofK~Ux2@FAn@~E+rc;2vg0dT-a&S8-Z3cx`1AFDo}IV0_lgzwKCZenvao!;262Ae zeY}%QhO~30XBs*=guI;`sW5oJ6}Kl z&}So3ujS4fL`UMs{I8^^c*7Yso;}sN{DK;CsW+`bJcB!X$NOQ^x)&{yetBw(Bh4X% ze&`pbRjt>H>L=0(cthKrpp~Wk(JW<|3)jK?#be^Oddt=)i;Rf_10zd^%8HJEQPisp zA%C;KnK;%7$}ct+!2G3~9IDeYt2JtD8w0~BJe*3oXQ5{uVF`E)OMDUg2@W{Ydf~ zf$q^jH}b?SfXfcP=}0vzdek&gU+lf&OJ`|qrC*DyuoCWsMP456NxKZL`C5d#{;)3b z|Fz`5JB46IlpD<^GNw-dKj{_Yf3!~y@_#?+2wh%?xOc$us}3aH6==NyNm)7g6p`iZ-#Q$4$cv}ptBhb(T^85$R~_D?u3Yz`oBis zaYz4VE%pE8!*tS;|4V-IdDzMTNof>EXiNg&&aunyBj?y1;XCKp6*KuaWn|(U|9{RA z`VliiV~*auzT}Q;!nQju@d3AVaYlc0+&TBC53MiZcEDQe|N8R$_1jB#=5N+U?f$=0 z*#CFVP7nM4{iH;tbDVQ@t%p5{5`j7Rh=xjYGkTwOiAdj=%w3M8>N=&XnS=(Sd2G!UZFvSb&da#A7tML+v`w|3=5h@2G&m@iDrcf<%gVHX4aS zYU6P~CEhf-h?%)mj489OWxD7G4ytcI=P!Kz@@&=R%;(6bUMy8#-Ik!p2OTXGl7?+u qWUmzwRFGSV!h*&&9x8($Viz6KAsy1*)Bhg;0RR8F>)p5j`T+pwnsHqK diff --git a/released/assets/rancher-istio/rancher-istio-1.7.600.tgz b/released/assets/rancher-istio/rancher-istio-1.7.600.tgz deleted file mode 100644 index d11e24feac501ef9912fe6b5380ac1de209d71f9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 17351 zcmV)`Kz_d;iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMa0ciT4dD7wEs{uQ`#_cZa1D9M)XMECW+=XJbocALZ>+wH!7 zdiqp|97(82f(1a?+BENPe+OSkf)pvrlA<_W;q){X0SpEMU}i8F3>c2QDX=!-g3!*z z6f@z@aTxq%i>ce~c2E0#^>4S^E&tm)>Yx3k*Oz~u9iQ}%{?hFopB694b_PEYpye;0|)fCYH|cM`w= zwOWqAla$pQ9Nd5qB$`Ne;K7?z1_+h_x+g(^7=&~NiobYM@a`1fP%{ac6^#B*)N@bW z2ZSSE*NLb=IKsjF-+<;cVJWXdUXXAB48@F4#h*-uQ*3=KnX%)TOkh%KF^DNAg0gwW zNHimAXT=V~=qdr_wCgix* z*HQhfs3LLjuOXxYD%x;j5>QbEsGc&aN|7ec!CUeG3|-NHcymNJ@*!s6VF5lOkt+4@ zBA??UKs|sX)UQjv!g{cRK}1* zM63 z59}4AA&4m?{4KBv3)RkZ5RR zToHd$%(Z!`g48=beRO__(*%|96o-eCQma%ZMioP-a(=@`!^_ ziap06AeaH0-%o)7I_!M>=zRFlmI8}JfLeOTpVe)l_Q#J7Lb8Z^txY0srZ%EKQbA`b z8h)p1$vP1E>hD4uy3o*69WtX3Y^kyVQsiNqMS{>nS8wE#fC zA^Xu8N@`uNddNs#VMaZJ8tG>J1MvW+~YSZCH< zqcw4wuuS(&X`<1O=^<@TZ#0Ti-)&xZB1!~=6;Z5Zq0pX(cOC6ai4B>U8 z@_`EysSz$B0?~}l$0R7wabmXh*$1QdLnIinDs$q4hpmc5GkpGCq8U)^+W>T@vm##~ zeqGm34qn2Dm^V)ddnT(byp3%Pz+?%C1o8A)Nio1}O{10ea^C zodm$$Zv#3)Ej{OW=dktMJ?9z|ywsN}5$#&lz2 zIMvG3TA&MU!376Bz?9J`zv)DkG2rNi6xrfn|(mOq33ConD zHk#pp_)E()^%KVg9t1=ZDPD_-HY}$fmA!$e7TlWpORB7dRIK}#gI>hR#}LwpgV05D z6a2#O&X`0vAph1nc00AsgZ{-J4v2>{KwMw}<0LR28gWeo@4P%MPqPkk& zNXlQAbo5Wlz3SFK_(W{U{J(SlKdg(^Z%fuI_1t2!3Js? zLZw?r2(_jVgf5?Urj*{b1}LUnq%FKqKazODun&u++xI{wQ_&irR{Nw?k?%tQ0@~Un z&>El-j46Y*%2W0OLZcVz7f(D7zz5%vOjcqx!rmPnkH06O6jVJ2Wt}rllct+vEf_~Aq5tdhZVbMHU&@#CPfh`k!utm=s7r3aXULiEK}$^YU+*~|s7>HO!oeE;L9dwka2%l}=ZYkw zs`!FWYQ_#|-KR2nLWU5>LhWDj+95;#y(WL+Py9@gNQFnj;V<)M!{?$!g z*W5BKbAU?6oqWGw4t3w^QWeZW9SXF$z=EgqYK@(Peaw_&l(L?f(FX!NQ}H%uKG$M0c?f?`Hh>i z3q>3fO|qWp!;J4W&Ct)op&XXsT`~d|fdD>?sXxqiJHwbVF_fK3HE8VVP(ybBai;7{ z;9-Eib`RUSM-tnwO?zp1g^15+sZy&N0abeV%>AFwTdU%oQND~RgE+umsuXI{nE}Y^ zJcc+`)L7C+TE!`!tZuq`(ikBoV$>&FL0Jp=BFd+58qLb;vZNf2<6qWUZ1&Q66TQ$I zNeNH|;P_?56;@tJYMo4lh^-s?6)Wb+-_6`bYLNfNoo_QIkS6`VceddFf3~;(?Iu-f z_$Bu&n-|r4Q9YIqeeRy`(_faX{~3Y%o%w(D7w&(b_V)Y#outp}|0QSHmi)gYsJ;K! z-v4XOPCo@_uzI9F-TE)`|Le>1*KaS~(BEns4g9}m@C0}vx-c4%2(!5ry%Ws{Mi@;Y2z71OaSqZ})Cxe? z@OwfSs0(e#aSjfU3PX-wLky7*ky>Ew+R)P)tRumm`@URJ5`>D3=Quh*9u5L}&(WMF z5;G|&R6NoUM|hG(A3$l zfg0jbhNzG<&4c=-v{K}7oZG1m*eJny^E{TbBs9~s^3lchYp%ns>TKD7>a2@yNaTSD z4M;c|B~nDGfP*R;v>s;?nW%&ksTYWh6?J^7;z3Taj_NA=X>}`Y3;Y+FXelUbFjY*+ zF(!eF-V|WQ0ge!jP{K1*U#K8czZPtc-zd+lU(x*(BD-(8DcNC+)ImNUCqbcU*Kz(g zIy`(w1q==k(d`t_n96}yw6|}MBC4+cafCTfLNx(&m$UvUTBk!GdoCL`#x5$ zCXArvBOvvn_cLIO_<%lsv_lt`N-2HHDyrfRe)wQTU~~;yZcLewYL{$MqAxMiB;s;h zHN~`hokmd+?N=L@Utj3og;sxkp%&w>HBJ7CMj%JfP(V?(VsT~5%KDb7R)*eh^Bf$< z5+E080pB%NpeN~?59~!dDy!wTD~@K>Jhoekx(R4gXw0_BiUPZ@f!y>D$fKf z5wv!erZX~!r>0KY9EnOZNeLJ94;91HarD0>X(pJ&T!}N&EuV0+U-3~$JVrCdQs$6^ z%RbOZav05*W#{uCp{C^$hgb8SaK+VsPjH}Kc2HvyGwLVGMDC&=xDE{dvw?A|Ly-RR zEPY7e{{G%AL?=~GKv0i&dhSuLGtsff+sd&5{LXXaQ!kN9f<{A7#x6lZpCiJRMh`* z9Jd)@KZI@W0h;vx?%7E>{{QjGKK|!UQc3@Joc9SsKdZm9S$BQ%PEVX_v_%J}UI6l*<{rO&x&q}Je)A)ad{DRTg) zJDS3V#yLDp=ZU38HEw1O54GxLWvh(~X4Y1wY8R7Bnba4-)|%cd?p78N0RNM3QUpb# zd5k&NdnuN0WDN~3?0H*F#FRu88J*oMwZ7A6A zb$ia+>-0qygnIR@^1>e3%-)LK>Q;BDpKUAd{GG~8F9Y>b3k!{fBSKRt)ij~iEC(zS z1}}1fA&38Gsc`4QEq&F?qoG#C(`N)`NA5!hqKc~CmJa_j;xLi=o*&C(@? z4clnY|5dQZa{T|({ritQN%q-qIpSew*26(O#p%JX(xl!Shpo&xOj!^vGN&=~Oibxn zEo487W8Y@7%GqwG>V8lGV*2V;9V9hb3lI=8Ph!LvG`(@KFwULTr63JQ;JQZ z%9`U(zgTO7Mgig)r|1sibjql zGplW8G1qRVn3uH^RCT6zvaCCKZux;Uv}`e&a^-23J)%}uSru5QmA!UWTTPWH*DE}3 zR#!DEcHQdU=8m@7dRWK(7R)VTHPrk&LGbc3y>XE&Aekb#D7F5N2s#~jM zP!-LUxt`r#{$yO%_Pa-V4k1){M-FXxZ`V8-qafB_-7S#4cxidoQg~&nm467ChWl^%(@-S`G($C~CEQG@C z;1b@;`dcB;HtRs4vD$7FN-gV5#ZP-gDkZzE4{S6R3VQuesO-`Nv~Yc-rm!$D=?kZi zS29%Xqm^qPm1~!%T(KFkwlAAdSVFF)ugok=jmn39Q+!L;ZWYeu^5_o~nH#t-bFle? z!llO3jEeF7+$FD|br||OlmEY~2 zje4HvOdtY=h2-q5qwZ0!-R-q|{oCH@;G{n|Idfn2PG7z{>Gn_lyY&TftR?Gz3zlD< z8rOffZ2vv!_xA7q>?9S}zmuDsYFGe5I3So0Q2wU3M5uBp6)%PZ z^WtQHj=J4&ty2-<#chuW>_gC=u-I!?TjyVPPnR8OoYtHtwEd_G+R5?BaT(k5atuY& zyMQLXJE3$EfI7(!DE8YU9N@^4%uAVCRVaiA2aThne0A!_N57KYE_lE02WMM@^Xb=r z>HJ>_v}!r5E@iDH2^#qSQSYQ2|Gjr~yyyQrNu@Zf9u_#Dll1X>LOVDSS)7Mzt+4Ge z{~HzTr4qoD_&(T=d@mNEe1HNHB@dOkF{3l$18+}e%nqZIUBTn76Lf*Ir;!m>)L}Z*YI}*AT?oo?V`5ebNx8<#K#AwiMt=A4pJ)%QVQ67bwJId`+g9Pwn- z*7qBgr(f!?t<-GeXGfyc$MtKjRSDOb((JH)(CJKwm?k5|6;;#v{|@nFA9EMAdsi2f zs)0u%0g))zk#r6*7r;7V3L$Wl$>mh{IwYLv55s^?=unoN0`}cFnmBhbzo*Ps#t3(tQ~rNzrmr8+G*2GtIq*-jl}cEU z_cQH>vt*uRGPT`A!=?i5WQ8(mtfplprx1i~vo9*|{XRFZ+o#2}y8O3%Y9HA~gZw`} z>y_XC>-Ep}@gH}RZ2#l|YN-)#IpZV~g{gJe+WF4iF=gsX&pss{_`3 zBIM!dYk`#GKIn@WG!Y03#F9wCe?|nlr%B*D2l}Fmpy(bGEf*y)EkAYRg34wymwg=R z{=JVOx{=*;4wPTKkS!B|lK8p0M8atZGy>HT>1LRZn{RP74>RO{G z8@`9YqanDCmQPILG*p72rHF5qW_~q-rXJ%eDucNjs=PT6_B`O~8iN8R<%@F8Q=x-n zh=@NxA3mBNYId66>Fm^G&0kcO70nD+$g4XkT+dK*F-f9|g@7>DH!c8Ppiz=$r?)vw z>@+mR9L2!Q%Ab z$S8oEl<6bFhlefgylZZUq<1QYCdRUQq+zVywl-($5tXy$L+aV*+kX#nB#8N-mA_%G zo*SpP2Xk2u{rvUUzZg?d{^?MCvrVt*-2*L!QhT#H2_MEu5Dbk=2x^@N_jt}*#a#1J z@c{k&OX|Ki%Z$**qBJbqJ!Bt;Sr|(*cg#u|rj>N)1=)ct{FN@L36XE8%vVMzBVs=E z0?c*b(n0!&vwomkzbuv8NX#5n9Z1U?{+rnsDjG_2v=KqIAZP$AEu;uB12&=@hM^kG z)^RI8MAKndZ8FUW+z;hKFvZoSGRGl4L_*FB-R^-0ObnH!T>gp~nPCCLJD8h~PCzFl z8VY&`kqXL7CJ~7yLlp>AE*Owl2k1tz)_KNiO&pImN?@f|kh0sG`pSf=SfLbawJI~H z63!Fgoqn%>dZ7OHXeilEyZ`F=q<`E!KGJ(e5u|UDRC%tNu|+v%gSB<*)%CwTHsHJW zx0g4rcn~YL(RBXTUwHrT=&Zkw|Fo0zFRgD#xunF$|Hws=+3_P9r^g42S zf7*m~Qw2YKXiF`fL|`-)GkcT^eoKYgHbs;oZ?DwK8?%2%i643B^jQ5#!kc6~CJ(69 zZk1m5&?sK0$SeqFEy$hh+zL~J<5(f@I{yL%18wWAxQPOt^g$d`*8NIdju`3P)HWZ?IiX z-E_a6Q`qt>EpO(vr==`ZTVfTm2i$`6mFmRco7G1)s~R&Bi7{&ZmA4F-)d#(9{4K)D z8Ef=gNmP3Ss!J)Qw~4^2XinW6=e9(<(AlB@`6GQR0JZ*S3$=!=$4_ak#_H(04QT2@ z8qf4WJcYV)yEWUb>aMx^wU2m7Nj<|{jb%-lbno=N!9ItTGpZp zVZGOi{$jwXP<8ooeZahX#w4Hm2uZfb?dSrQq``b9r|tI5JO3hVnf7GL<||NSff zs%7Us`-*<#_>9XgZBIA0UJL16ifXp1nlz@Htx!8P12s@P zZ?f3?{CgF(^W1GwyQ;lUOKmbn&!o_LCUvlDn83qZEWD{&UHZ0aMBD1P9k@Ngo}*_Y zsbZ8?-gERUqGDBOS$FH8J%3)3+^7ZV>a5fZOrb`}{W@bVb|g_{I6}&Blv<6@9n70} zhh=YaEn`!qdQ?+(QA=7 z)&nWg?KASn%vsr{o3>d=n?i}g+|sH9{9aSkLdhr!g_j`n^XKOUHD-)SfLcG%1o^~Q zkrNH#g%e9sai0II-R2-r3Hmp#>ppkUzlbmqICaSL7YbB{Vu|=Vx-S*#84wp;5*1ZY zhm6B2(7p~b=acam7)0gzGlCU-jZuLv5+4(c)LmRG#c8)d`%kmR$rvpeo}$+Jg$xfo z!~yY$2EYR`msJI{!WC_sZu#XZ^kZ|4!1T z;;H<8+)A&+*IF&}a|{=K{Mb$>+QQRt)mmKf2|CrY%2tBRHl2s6=xYGDd}}8SxjF)Y ziv%FiZ{Udx$LxZG>$+ditMhBEe>Jorj#p#=P4|CJ`sMTAey_j3|Gks+DcA3=mTiih zdEZexF#eH2>l~uDlnX>Ny-U5QM8Y_j7rj?eTdJHSM(HyEcQ7~3u$Y045U<|w8kg#+ z{aa=;_ChrH2GNjY>N;xKXP+(9DxbKvOkZ=IyP(2$^m|s853$xZxwR1=s|}C#MO88B ziO^@$Hlid#9yacxnymU66j`{~iJ|O+RI=^GkmuD=UJlO)Z8 zYiPVffp|%Zcfh_@FX;rMFM1{R_HQ0-`u%;#!YbYdjnHK0-ccgyCGuoc>cno|X>U=5uhjZPtmkh=M$ zgo)m2w{hnHA)j!M&Vap_xT_Y28sspE1qszfWg;Ln*Cn(QO(8Hs>x%ju<)zhbA;u9O zpuYL3-PGUd;x&!PB>R7>o%R{NZ`HPV9t6}=53z<2QZ`TPClL_?)EdnN@JFMfK@D*V zyB;Y8heQL^t;O&=z%k^;8rhwz24RkHkeu%kXfJ1~mL1xMeF9P+dQW>$+dc=&! z{V*}WhTg+a!+Y#lX6OhiaFE5q*Z>vw`%u9uk)Fl85;p<$$i1fb(H5u`5H6&GH}o@j z>l4hv>ATz8t2HQ=p)(aCwsB&=KZ0go*8aXJZ7BaIbOjqgll(tBE#Lp`pY`_fA9s?T zp!}cEEero|X(stmdMQ|bbxLZ$gbqnGrYng4i>n`yx>mOe^HC2!b3XLqWXQpzk@13Z71X(#o(^!nxoySlTHDTy5`C zSzQ27EvG+WzrLl6CW1t(^wcP4+4FAvF>uQhb4jsA-lMnrP83TY$*RVtKV?{ z-|L-}_y5QH_#eATPf-4+H~qJ%0%(7iHzuy0r4BR*`tz$d$cQ@iRIlMmB{pDq)GCZX zTlsNJhB?>;W>>)!ri2SRVK`ikHK=2RI=*n7W>)w4?@6RLdY_`_6FM9l_@9;nX)AR^ z_H{$ruq_*y`p^h^d$Im?S=mn(}watB%X?r z2&~<6yY6ZGw^`VZDGh9$ph5ok&Q414pO3qzr+fLolk^1Tf9;&wmQIkF0RHjg+gwHX z$B%E(6{WUvP_PdCHVcQNWIP6@IrGrNG4_bC_PmV;1~fn#gfZZ&>&WYx$}NP<=37GB zd|N^M`V9pQ>gAr@y_7av=vy7JKWq2w&FBVwtKZaasWXiN`V;W~h3#O|{_pgpy#G5p z>+SjfPSO{`|35wJU&8gplmYhnFfgZ94Q&2a9q7rz$kbewE0i0m<_a~(V;Djjt=pon zYCpEk?b%bs9|o#+U7NLyzTJ-G+^WdL3~(JIKDY8#Vca*$A+4$V9t~Ca znJth&gA!jR9YXxD1rmh#;YoJ>)9srliH;=Z0R6Bg)Pw3IM zPmf94(Enma$0PtLtt(vt8tp$vM`iu*=xl%gZzt)g>VMXp+OjLaTM7P3gRk-nwDZgQ z;0SXVXs(>wZkv1s6Q+WX1j~#il_%z^HC0~KWkXMcGL{qboS>LVj32g!j~toxF;SsTw}pz@v^C@MS=Fy?%Krzq`YK@4`Tyxz+5i9SWbgmKoAlJ> z|AV{jtAHEJ|A{A=UL1gcA@}eMqKSQ!+n^5oM3ZQOzP&*91;C}=bjP)PX5tO!65P;S zqgM`e8Ah^!CH{0v`Cx`+m4sRsq4fl&G9he@UKJy^37sDB()1}A+bJ;olWi|J-7ys>Sbr-um!#A8kxvaQRi9jx5s*Ys~Y=TDn-?|gmyEE*iA>DhShyT`Tu)@*rtt9E?< zl{MJp+4o2@N{uD74HpkW;Q?D0nJ7 z^-D?{@_!!7)jXn9RNnm2se%7@PmUMv{~Yc8zjl+JApftJQ(NB*-l#Uv-zXJJZva^W zp~QEpE+~D03}~zCzeWvgT>rgt{NJ;q)BXD2NqX|@e|JlNjaB~zF8ET~-uf3b^suO6 z0gdawyRiPxPWSu2ousF|{`H*N4GXwcZ8dQLjnS9C?$fm4`WI8mB7sST)}N=Q^?$Yy z|Nr#3ceY>uyGT!P{bzG(>+Am3f}F1U^i$n2kTF&mAGeVDNw9F)zs4ldb9?oc6mxgd z0@!4>uEnIvQnD(4+I0Qb3VkaztpDTgg8%Qy$?1Om?<76N_5W#v{%s1jPTm)my+&fl zfvabbh8_bfz+d_N_r_F2rs67g(Z)6(W2rS~z$vhG+Bb*6#_Ra82xJss@Edq*k|3?S zoCdWx{B16PBMytfI*3>`9;HD^zqB`$u(lRbb6N1lcP4LH#~64(W{bD$*6myhZ-*VM zj~J>@LckbhD~ZQqS5&>tL#VAkLN~x>0f@(Ufa{98>%pI8E3;2)qz(1I88GqC*3TE! zYJm;<-_hA=`Tqau+3{Zg+evzY`ky_gwyp*K2u!#SxfZB@qYKqq{T`5s2mNYFb$mnk7>kVbywz^eP9`z6!7hGPv%EPP>r#e)=7>lD=)7Rf|%0U%i?dd+y*Ks z-$U(XQ56lH#%q&FLB5cHw-FHi^U!C#2U!}YaJ7E13MTh3;?%o?)t+KmMC6`dY>djN zR?%P8DR2=lRrRKN=TlfpD_~Zqsc(qgbqQ=WhRYPZt;m1np*yN|18kK4C;jsI&v9>m z|9dCt$;$t9PVGtqxHRo8*8x(jjDJ2`Mfz)ZcnR9BwAzZVY_FO>HVZ85`wTd*lRp^+ zta42~iXrkzG(jP7jwg@dWm(S*h^N-EJoNoGw6(mq8QkqEYoCAwspP^NO0BH#Mr7dz zarIfdd(VgvP=4lMqaOdO2y%y=Ucs`n75QK9`lV8{|Hs1q|ERx@|GSg)Waa;-aQ!Na z{>OTK_5K__Uv}Ec`mc8T&QjC)Z|`_v{r8WK_UnHa>B+ADPvZ7nqx)Y`8Z;>W5}jf8 z2k87*ln!IInS^442D$1j^-^%+O9saKb z5-8kNU9rEv%Ze+!dHobSEjKoZL`d~vE0bSS!-oLRzw{+=4V)&-173&>ydoV)^aFpw z6XMUL7yYNCt>}M74zGFsd)z%)JpbMM|L-O}S^ZCAuqzGlM!{L({8u;l$n#$Vef#IX z2Ae;}`EN$0t)Ks9WZLTauSfk_fq2OnWymh^+3C9RxpDQ>uU17?!DQ`oV}r;>=f(z= zt)3ejyf!>HE?~CBb7LF3&CiYZ>CchY(*Gb1=saBJ@>fX9^}pWn;{C7w@jm|FZc@*pYad z1Hw^6MNxM$(8k%Y7)V-V@ge9vMh*j^Se?F1A>ndE!99kRloBklbgyEem@-iq{8B42 zAN_%TPpAO9DJALx4l6W2#sP0=KT3k22s$csEZZcRtqC8X34Niy)=|rv#4+`U7Ji!a7i_LasFr0?E_d#8^zq}Mx{SaR^zmc9CNjcY z(SUgKy0NlI5vzje4`fh7t@Gd>&w0z9nCq}Kq@E$ek)QLSHfnWfEIO*P{(sBPYbTr@x@ zR)H88p?;Qi+|BX=GK2jPeAXd=Xtu~2&M$7?{CGKhcmDSB=IZ?7(t0)Quim8tJESvUjQCK+M>4L;X#f^3JQ-;$ zAe!m8-DwJCt2)nO;s!#eRJ?-v?Z-)xBFC@Bqf$7u)^8CCQ@W}lU}AmvTI*Qef-ciq z7~2aR;}HpnAi&-8t2bur$ldQSM=eGZ0WOUp;!`pf`V^qG5%uvXiTuLUsG^4{)mk?2 z^(r3Aj%5q-#(W&Cs9fhza<#g*T&n4HRNQT@w1Ac`A3YD>;@Do@%hy|WhLI1{9n341 zU&_`C84DfT&LUgVkH_hN8?8XS6l@f>wHQ*^kJ?5ld%siDpO=QL%~SrLi1;91M`$;xB7+L!P%drlpanSl_xtX*gS#_V$QB~*r4 zw{@lrJ*%J^9*?EAGj}8E!*lekrdUk<=XDuF90~H=nkp>GgYj{lZ?7`fy$esGh|a zfvwEuSHdr*Mbj7c*TznQ+B$M-6v`Mzf^34NhPg7TkFeSZ8ki@jETL|Fv_)<`t~QiP zTiGKpl2c}wT8;Ax^7Bo>4BdoO5l|CauIp|${uhZRz?&X@vQp#y&(rez56Atp{r!)f zBwK2)C8-osUSd0qCJcDNkW@Z$f(HSSYNs>njX>b^^y!VR`}B{VDh@jgMW&el6XsQf zNj3UmN+G$N+_bBxWkJlef#qCbIYhVG>fg6v+uGv+`a5OFfNDn*5(Q`tmyCc#U|34tPKR)w z0Ph_4d#4BLZ;ytui|zjL%cK6;tNzR9%{UswaO5M&wwOZE;MR^A71X1FYY*01YO88B zo#t-dC3Rj@BuL@hYFWK9mIKsMcBoe6NIeb%>*#6?6f6vKnP>e>4~o{C{-`DEo9VvJ zWS7;g$$gYV$_d7j0F1AmoRg`)BI+WhDOl z^F&N_;FR^HetU_a--$ZFz$Xkm@x%2SK5*Lhdaa<(gyBeNAI<^7iJ%S+0(yTQ&2Ky! zgE1+rw3ydO>#To918C0(+%NI@w^OtKfBF6Ie*b76|7|C!ygJzkd#+rel#zccZPC4Z z$qS40B1pIZc1;7=V3F$ivxUW`#d#ayn0(7<67vE2xz+l`DcSGa#t;_bn5&-<`7tGt z(7!UqV182H{1sC_|DzMoiTYuj$RvF{8VN>&0GKXkM78`e12!^^Pn7AgjRL~;ANN>z z(=yumR;cv?wQwBss*dDp5Vw)xV19Ff1&ouxe0Ve#k_mAS2PB$QHLs=yjRX#2>ZfIO z?;qXNNPeswEJmZ>=ty_S{P8&G)|k86@J*;5TM+k@-I1vDUCw%`>FZ%F=BZ^-_@Xpx zxht@~=6ygvw+>ae)*-%)MTiL(47-F@QOV4;5cpJi&ye+|o$B4nEy>cFuItUNIOYZM zzkG^s&{E9kZ{Uf>#!R`2Hp+BbP=l(#sZ!0rDlSY_LCcHf*Y1`Oqtplyz+Sq7(x8%) zz(Wj-q@1J<=28RVK7G+?UH$J7+rLKr@A#;E|5Jqo+3SBhNS{mp`_EPUVkN4cjtba- z&zGnSF6+{hQw#MgA7)eoFn_KwOj}eNw}aD`)XFUp=u@bj4Q=if(6trNH3xmKsy;HU ztN)FNirTsj`(LknvT*;if3~;(?<8%e|NTwRg3qc3(g2JXd&+p0^uj@CQHfpVvoj-b zKcrDGPcP}LZ|E!@Lq3*F_91IBQsP1?zq&U!g*$nl$W3C;TmOVG^&9WWV8m4*#tzhH_t|D!YA|p zF`M?4B|roJKRRAG|35xG?(O;iE>f9uW^6K@u3rG7taHBI=;lp2$wwe?v5?A%CiX3? z_Tw*?+4qr3{*+m05Gno?*UY?U?X1PJIz|iwE}Z2z5lrW*LWnG9tyLB6@n~lIOMpuB z4Ifq=sk?+#E?ppB7CK>lr{46+mGI&P31LS+C^xMF!5DAZ+Y5aOye=3`(PMMP01UOE z7gle#5Pe~hdc|-^>%~6mSN6-k|Ks~a-xuBvrjc`Apgz1 z&}KEDLH>7-d*%J#$x(M7|7|C!N&crMr6;cj>=*f3X`S_NcI41DTk*EX{0-iJ>h%`i zf9jp?{eO3o4vd(d2=pv~2t5lZy-Q-$T6Pf7LM_XF-a;+;-}C3Fi`vS{BVm3urb*DRUHH#rJ1yr?uQlT1_Lk#Ui0ZdWQVTlIl4+ZF+ zL_WQD|8@Dd;r09Xx8Ho-xqHbwo|ay`V{MQp0UhDM^{@~DxTeG#xq{nPVOq$ zsq03%H{u<2w^U(1P%#%fF{2N2ZNT~Ze?6JF>Py$ZVAvzkq;sJp!y`O?i>Yb-pY_W3 zKf6b#r~CE4i&V0mdRX9qPSRCCXlF`%A0q4O`eG5v2Phy>@?hnfDI~K!V1kSZ_=8k2 zsV--62{jwrI#O+QVWtIL?0dR9FDV2ktQv>jR#1^m{_QJ0z!qK>xrn z0fufhtW-_XCy zFeGSZ&%M9DcYjmu8PsLp(3mphgTN%kVVj(%J z-y0o6wUb(n3LhOUlnrMRfr&V)8N+KGIr!QHuvQgN8c+B-_qqNcm5YUN)NjV`sJLRl zK{-q<#POC$B7~VY)otR?KkX0Dkw)P7RrewN5y#$XKLGvHH2U zbaMlA@-1<)pH@V7HHO&pfb+Lh&Vp;e{=XOz@D@jN2O-_T^tpzIp`@7{^2dvEDIX=|4BvskM41Q&;NIkK78mLX3-Q)NE~(0T!;qbQ;&B%8hH>4 z-YG`F$DET%)Q+j&ma?LQ4m-x%#D_770JZEmi{^ZNG4x_;>w29q5>0NrDfmf1qRE>{ zM6=JA58x$AXItDQ+90oMfLU>MVkUL5Z8dmR2hFr-ZTD(PQ;&3Is6Z)Kt$;=9>6*)j zm;vX-H&;v?U**V999Aja3Q(sdg4Xm z1d(SwEwHgj*)KC*ouU~U3&Wc8cZ!JL*`S9=peMJO>_9|RuP|ZW4W@Cj@G$+h;igA zL%n*ffsWPR+Qq?H*rBGzckQ;;&U5vCL7#uUlYp{~fn};xk5(m-hfa@6?^m@Kan<-; zsO#+rXKjp=AeiSz1qjEn!rXQK1sb|4FJv3C7aWbi!z$`B4FUZ#Q-5`T)gw;YQ6wNC z5&D9aa`SjLnk!noes?3wl4zoycYN+TZ^p+f@irG{){$^!r3#>$Pd)j=Z(6@JiO`~eznNdPRDIERgxE8)X8o_*(wExOm zC1_toE5oc<6HB~x9?Ab7`}DI)4g9}<)?cvy^?OHq{=bW~g}0vek9#YwVtBuj=V#PJHk% z%K{U1Nc0h+IKU$x52U7u~~tx4g!(T5M^n;z9g|3LQpCLijbCSH64 zH@`DujyH4Ne51#44WhLVFTnwxc($q@f|JM(f z*FO#ac7Ag?ygI-At_r$j-}wTyj{MQbkM@jQ%rQ6NP^X%msUl_i)xH^9^J;ARz+k8R zRUf=cCS&E)zY4qo_zl-p_3NniAjt__YTtg=)SSduPDkr-zM9h(9El~R z$kt3NYZnhqu9pI_F)zQ^R(q7DT{{i1Q&fCctHxBjSZ9L)0Y(G4{471mSs1Yz(N^UI z;a0qzUF|Jljjbm?SdTTfbqnoy<~biK-gksB7W3Cc`%?Yiy2v=3b%FdUIn}>y&z3r_+rsOZU7cENFav2j+AoD;n&9y74=7n^n z2Cu2i_vyojmB?+%Z`ItpkRG}I9~=5ZrH1u?bhZ%x@96Ywzy5cU9vS;1bw6Hp#a4#q zSmsrbPO!?z6shaPpw11Vpmls6!@@%7inK?0yoxMD1+riFEtfC8GF%zYK^C*U5^YC{ zazKb;&>`);ST=(!qf)!wb`DbCcoN0|sHm;Vl>Fby>k^$`y>ZbkMLdaBcnN-w>5Nm<@C`iov4Lr{^XFR9qy%7_6Jjf)tub>mr&jAkx;m6p zb%nchIg|5uX#?i7NMC^wpQWK5I(e{x)o|IzL5<^OKd0lLCMN)V0&MS6^NoW)T> z0$+0L7<+ek0^D^D^c5$=-#Ow_2m&+-=tx`8Ni=yO7ata62Fl7}eaDgS9H0m$`X<%0 zn8BDlfRFBpn4T+xTAlwj{1N4VLIu^|D`|qEb8Qdq%=xmG$sLX=g{T%v2*B-@SSt$ictPd z8JReT|DSV!e#DH>grhgFFS+BIut-2eAV`~TkA>3;veo0O__j&qK#^{}T=A}|LZ(MV}-M(?vO5$PL~h0BptU8i(4 zlh8nvuYh{b63uC%d=QwF`#AE`hXs&NxL{Em@?~Hri*^yp!)W6@xtdX&z4=ze2#qTB~ta(Z3&8e y(9uF6ZP>;|_F54^1-X?d%xPldp)&YBcF{iV(?0Dy{r>>~0RR8iS1z^y`T+n?35eSO diff --git a/released/assets/rancher-istio/rancher-istio-1.8.300-rc00.tgz b/released/assets/rancher-istio/rancher-istio-1.8.300-rc00.tgz deleted file mode 100755 index 88a046f3afe109692f21a5816bf4df4e4a53ce70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 18106 zcmV*SKwZBdiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ{cjGqFC^)|^{|a0=-PpN7 zW`F5!+*Yx3UrE7XNCg&zhP>|}K`?mwSQ((&oTs zz}g=3zw5b2-@4syx6Qn6w-S&COpp-)KZR0R%_lqx@Vp)3DfH26NtTuMA$y-ucHzsY5P9qvZ zD9qqEI3hm-swJ0GAj-JpQz`axsM2kzWyep0^tw`^M3=H)0ibZ z1$jZt1uzsbLKPn|FPwbqBguyy$Gik4r51yTav~ICGz6^~Mmw$MAe42jZ7TH~NAoYr zz}Es0LOcwljMD8OM5cHQ@=bL!=F_(MSJg8Oow-L2LQxQpN%(p(6pd^GOMjAq>bggI zeYSgU&vAyBLk?9rA&%pPq_P8zgVXjxk{ccep@5Fxzzl-E9~!J`+%KDSx6#5(obVrc^*h8%{(5 zDyjh0kBs^xKPHZV0Hz?=yb9FpNKbBIPR0Qp;=m|YA}|!7hvyZHa2$vm7!xj`%GHNZ z#OUL^iBMFf*^y0bdfL>B0SSp%8-%aXx~Bds!da{|g1^Q77(`_c50ID;jyxQqAsB|> zBNC#XdyX(iL?FTwpw1Nd#@urXwS{~>iu#N(k-4bX_uX{G+@ zs2^3cf@3i;LoOH=FrN1j4rw@_(wM8hMgg5qrJkf}8R8q1sI+<{H4^Io**MO$Caji> z02bn4VDv_=8;R2X>fZ=?F&A_?ki_0OXD`n>zhM{y(-6lDk8p^a zAXZ>+zFds@%cTcnX>g7;2ql{FXei)OTw^imqn6cE{a5`0)$a}Hwq(#GY|{|zwR+Tb zx1+b_^*;gANNMYx!32T`767#EV_Wic5&~*z%Pjr2h1#D!IS9!r?v1vF-BfKr ze1op8|LOZ}i2#iuw4+f9N48~YM zThO+mvOa1_eNBo+?X%I0LA^82jHB=4N0d-#1>bSer%w)xgTyw$5&419I7;=bwv@>u zk~#K_2<9|qsd}cq^l>DB@$7*Rj0|G|Qyh{JaFM;5;Ls23x>B#e5#bSdLlXKV99O=} z9x5{|^dNikdrSqc1dzVT9;qIuztR<~p3Hy^c_01K8iQ!PK&=NXyovlHAY8P5tsABa zA86fB`M?DU)ePqmfpA9WBNF7sacs=G^np>0Ary>QA9Lb^hpi9u9@y-;L^Gh+w*lx* zr&a!X_}99Aa`0kC#JrgxY)X!3Ks+1U2!P2N5DMaHUwSq>+HqU;x&qJLum3v!Kg1l` zdbzZxINC@EH0ggwXGQ*hesh1 z71#gK@qYd9q-;s|tKWP^ZkNPmO?7h{mVd?aq=-tX~;q7 zs+pI%^t&@6Ar8pDwT|6R9N3_LF^B@<;S>-TSimR_%!5W;V?nux0}_tQI4T}NLxF>c z`bkZVMibo3pXz#)0p+eor{xxmu5W4=0FOcFxnO_=l-p1``n(J@qQ0MQYYf%4#xf|^ za>fdR$^@rnz2%;p*~$H7)onsX?GqJSRjXr)6Y2{6h?0b0V3yKOs)+GqII=%F@Ccs% zB_#qE5Q-TM;wg9mCR3hp50=tXW{ssku;f2YGb<<1kq z25K5Yg;OU8wI&cuT|VhdD7|m>QAD{&T6m#;#L<{xAIi1c4?xBf(dwgC`?OW@-iH7L zw6#m1)ki}ZQ3h@GPWcZA4PU5VJoY>QAACnLS&7*Yd-rrSdPAmCQ1u*?cFx2VntHN$ zG!&SGz|v)%Sll(EmJ}UgoFBQ`h!;76A3vtSDk(fS3nfFJKJ_cB2t3x~pA-mZed}j} z?akGjtBc#K!MlsMSJrEU)cF8~X)d%U4>W=D`u6Vidj;e6`r@(e7S}$5{PYKMVU^Z5g zwG(sJ38;sI4vwOZK10JhEDl{h$$g(x|#qr(VQBbqf2<={)6 zoU6;@p{`k9sSqw@9RR2vZc||y%#x}`(W=L8am6HPDn&;(U9qg{2F*)0F#Eao7w%xL zGCGZ8vl0RZic{Nvo->!<)tIqJYcB#bajke=AH9Pau!VZXV)-A3+t2`-bM!MnEL z{ckRJwoo#0;Lk+qh2t=Lu!A5WuGWpX1{BkE8DK+38;X@1iVTcN<3sW=m|H z06|p6uk`oyUw9f+qMeTvv~=k&J=9OK)UAKR`;xRFy zR@ab*&2Kpf&~CTwuWyx?00>u(z2qj1txpG5Sb=rz$>&06am> zam%T+aIPLB1}av~Kxw0o_b|60n4_?5G7c$&7l=l{umpl$QQ+^WxOya9e6o?h&9#HW zd3p%>H#&SHQO@;W9T+t+IwmqnYjf&tC&NL36PS%bTvI0csCU}^wyU0!Pyn0ZKtAJU z??Md@3CC&A^k&8zJ!a^a!9Y&S;65G#3qb%MMARRo*3KZJObleF5)B%AIwj0KK$I#w zV|eVNzq*HQ-6M(ZUrl>SeT9h6XyKz)H3F*k;FDuAU@Egvspl*;Y{6Lbix95>65sSzVSRhok7%brzewv|fiV zv>_=0sss$bF1f;rD@m=Bi4c)>bh~23Jo&SkyC@Cv--PpR76j6y|M$*I@&D(0|KDy( zrG{S!&$4+@eH7KIeCSK}d|&>uVExYsJnSs~>!fu4`>eaS|94WpZ2Xs`vMt4bNl^Rv zuYLU2nw@?M!C>`Bf4=pf=l?fX7q8x4xl@0uZ8Y%z^ONIZ{-5Kc^ZohHosJDg3yOhEwFZN>R}C5Lj5V(53GWFM-k{WM>=_Vpa z9%T$X5zJqpIgQaY<|2Dt_$FA&#DL0F=Xv*?5g8tN7}dnQN;bb0eiBg(VBt4gxpIlyN0@Ek#?3?X!Ze`AzTz_-`fL)z|N5>)gH=tIlk3y>5 z6QHY0#Rj$Brrv^Am`{cjGruK=G|6S!vRpXYQL5A;97Ge`YkiO;c;Wk!r%NJM=?fi4 zXEDUG>s$?tph)T}DkJI?hj^UiK}|P~{X{ULDewsr6Gr3l1mO??=4x?Cg76a@<%&8u zI6!p^Cd1lL8fAzIxvaC)i#ZB)97TL)?!9@I_E`~;CSPAtgdRO>0jS=(=$3>Ym;{cJ zhGVHEskD%4LN%))p~)R7k$QoMCOn_26tNSm6U%bQFQ>%f^k3*vOF&uFqteWdFbQ1r zItMcfaENG#VxFS1B*LkEeJXia}-xWP_JR33MP0$pu>{t+3r%m;w z3;}VE;Rt**oZHkloF}1~hVkjH=>_BAP_G!l@MuK57szDFR7+^ga5PDnn9r!!VmjCq9GtUDlozPfp&?3HJ`H2 z9t{NvV@NqhQ~%YJr(I7+!$pqMb0up+IC1SHGcS3;HTBb=;!A5hGKB&lyinxwp{B_X zXb5sT%m~!YRw_CwX3$M0;0K*Qb@Aw%B&%B*`XpuRlH;CK-_@X3wYSX?zthQL7mv8f zD62=sFKPI$WD{sn0KDQh|FAxd6 zAoi8f5hf9SXhZ@qR*~ckibWbnz@tgIll3z&U!5kZw*v4zXqnKTDU;J$Hcowir>AknQ)G+#R(#b zsIa-c=04NR{iE#GjN_%;`UQ%#5y+Bjmo!pq@YpGyYZfct05<-Fyf?u)JWS}svKbpa z35SQ;&a_@DuK{M3AEC;Hkjbbd7R@#hUzc44Wdy+g>>dI^(QqDN&b1@Ma_pHgytL`I zdJvN#su)`Qf3aben))=U1GV==G%NU3)OG;p;Zd+w1g2dI`buHhjr~ zG}K#RAZ*usUekp8V!nlR%8a$X%6uiCtT?y4ITp5>?bTSv1{1ot6St>-eci>PbD*8pl(-V zQ?n%yqKVW*^?WMH1X#ojUSvw1?CCGk#Lg7boPPOr!+#@tQavwVocFfg|NA79o zxmye+$lHHO^6kPQ#tm(Z2K(=<+b!CEXUF^eU%M%G>{l`4ak{r@0>6|d{oVv@r@`UM z|8$uKjhma)3fC$k`{p?NG_zIDK6awc2j?Irw;t9(QpB2rfRMQovF;NuB*ibvHx}w> zrt-)6nngH;++?b*34bz?=u0Cv;<^qeDx8?iX zaoQ+3iE`A-JujS7$-PZrO15=W0qteC7Szjb;bmychJzM107 zTr=NRH6y&JqLJg?Nw>Z?<+pY_`FCkMK~-mZr;ECiy)9mli54wJQ?E#7=_Q(VAFB%a zuO{&@SEc$YEh{UJPrZ9}_j5}Fh!`EIi)oYlBhCGHwv5Iu zz3g(+wC#5*2Jj-3yYUolm_EbY+@>JbXVA#i$|cb#UZ1*6d=%K_kkVCim{s3#SASP) zSxPkB>sq(2*J!Gczo<$VkUw9&yM4V$t`u8!P_vXD-F!>e)-}vqXwSOUc|od{x-W85 zYY@CEFt&>BS)Uc?p@R7qSoS7ltfAL-Q@<`CXU%`^;^aCqODmPhDY;v@`P11^@$14k zRcL&cj=0GfNyxP$Bwyy{yz(~f1m8k#1BG+3KKcWNCe6Xi3~Y95ccJm*Ma2w#X#-?m zzG%tY|8{8dHY|T#n$CZob_@Ccd#5M+^Iy9uc5rRqN$ic}PV-sf8ZdW`WS3Pdy}Z+L zJ31!3lYHUPQ13SwAPKwGsypwaUw*B+ESpTFNs}J`mUVDIFjp<7R*;EuS_QA{8w<0< zHMa%azV!TUTJr0k<7pIF*`MH1J=l;HG@k!FF5UllviJY(rfly2D>~|$Tw5k-gJqEh z!*<>fwa$UYToPx_T5YFi>T-^)(pf$IP@TEs`E+nz6!+0lw>w?SD<-_C?Gb@}2-;&7 zdF^WN%**cCBA3=#jX$aFhgHx{k57+_*j^NKXqw&yH1^#wrQ-n9u0TMs-yY%shaRxD zw((Uej1UKnv!gaq>gPw_lHSh6&g~~>Ta)wo*MDLE#}eipbqa3>`#(p$bd>-m#P`9zUn3wl!0!8qj>& z#Ulqtk(HyxJ^I$|IzH$uxawhg&<=-)Mi83BRw!chH}HhoU(X#Wq(k`=4@p48+-xsP zEtn!Z%rO~CbD~mU67VcCF$=T99PxPA)`tsKa6%HVsdQ_z$xp&0#_g|Ms}im=q3LE# zztb5LF^PwYD{2m;jSAw)K4#n953a5#RRguT9*W{Oa-64_3t$~Ffhi;`jZ0GZI%GQ5 z4+a4p(}Aox0qna`ICkz~{y>?pj3J%vs%^|6J2QfO8IBm{g2kSQ88}l+vXs$n1XD}` zV*|A%ru_fbOkZE1YOcK0H1H2&JH;%>`kC~@u`RMxh_;&st*JsgUZPHtoNH0d2?SF; z_1sC#GDD`I`pisr?gLR$&c{u#5Kq_z-bRag31;PTcI8^YT5rH0P9Qe*b znl|A96D=1dFfBiI<2t268nTN+-M{w{gtxML&Vh=H6|!X_P#is1LFAlHfrg;E$J02j zB!rG|8(~461LRZn`~|}3`bMKC8-9Smqf>AlEuWagX`lo{OAWqRuUTj`O@h=^Rt|Hr zOl>0~?0LXd7_$N<<%{zG!vUjI3}`yF%H(qnoC9>LPi%1wYf7fXv&QH0#zd2221w<< z^pn`XG$pj0?RQidY-kwFk(f}PM*6A455u|o=tnssmquyOvpoR@u5;ixI-$R%UbR~2 zAPp2C96iXYnc|ZwBaS1fPo<8IAS8Ytef(s8DC#u76YA8%n%$@^KQt7skXJG3TvMny zm>^NbLclcA5!V1O&@fJ3C(+y{cOIHxjv`>@a&&IKKrjO~7ZY_7U$&SA1WJX5(LhbB zZZ?^K5@-*Hy7eSnP-BofXpkWQG7KOa%H$I1!^4&i-ZIhQNhIjN&6vRBx%HJSU&rP(&qdBaDe);QPe>JY6?9rimHi=A@K^&1m=H<1n zBJa$Oh9K~fP86%0P`X*$3!H>NYBeVDO{@LAK@Z#;u)Q3Tufz^<`S>%HRX?f=DyB z>6&^DGg~lwYSOxy2aHfg#C+fdnCm3GnG;@JHm`3<%ltiNy{QpR>Kj>-`bsKVPTpvT zh-yL509aB<&5R)sjiNnAGXf6-xqt^#MYP(L@06mR`wPf5H@yz=Arx{cX!H&|U}B&) z8|1Hukr@^+xQDrU=md03!hxXo5UM=XWE_%kJW#oBCC|~OUf)T4NJrgnx2J-X)IpLG zc_q(v?QeAw=!Bam(&3U$r&MwU!^ai7#ZwxNwJjs_8pm<3vsOnu0N^B8#Nq<3<5p#JvgRC3z($+yR+C&%66BW)&&Ai0L8 zDoV_d0Ln1y@2!h%lm+^KmJIaW`@5@KS3HXK+GyJUJt^P++3oH1|DBY7YJF4cB}#qx zADJp*JU)nq*-1#Ka8Rh@i<$NV4E^%)BXYI-_#*XPp--QFRqD_Xvb;)Kh0G4O{ZhP) zNRW$4<(}kDWs_Bh$V*AtrSfsd0TbmBZpq zppOnapFTN`tma%jM$#Nkj-w{$XH8m1Rq^A;w$4%rM$0oUZ58|5QmOV$6=lfTE4A`i z-5*l@2|aXnto|g^+jul0kEqpd6>j&@C|;_(9tfu`jN%}eTS-oE6e;9g=bxZqtNKE= zAUl#JT$C0)`bU;tP<2_U>H7S-G7YseK^geZj9L5Y-L0&vGR8#UJ$IegBV?TZ8i=`W z!(_hG&q&7Hw9>{AR>&J{7mse@ugON(3VJL$b94}(tW;ZLnPCsO1?d~riT-!X&usc> z#7HPcsP!MbWxy;y>2>pO4XmWtB!MH&J0Nr|Wjr(uu&SDkZiaJPqMhq(UV!|O+!caa z|FeZ!gVxF<{aRTbBVtmmrZ!}D5S#|8i$lsm**hp*rSM?Y_h`t84-EXK-X`IqmE@E; zOWa(eN!4ZRDFRyXk+!GZ4F9$@I_=8I*Vd0VSev@2D(Ma;SBI)eRFy}~*u68Vm;(D8@k!z?PW;qOE1K{$rR|k=EL5)T^0DxecO)M_uXw*1 zG^PYVtChWBI2;4|X7B=i!{xgQS}Vg(oPvcA{%?5cG>p}-bw_9crSB|e{m1|NAN-q^ z{r1^6+-A{-E!1)kTlS;>OFn8nFPv^kgPMG#H!yLgIvXY2L;0fvZC+Gs+V ze-fW>Wj70TP`Q7_8hIVGQ={L@CN6QLBZdfY_u~4sQ3AO8Bj%{3b}HR;pG`+#wQO=S zz^iGkrJW8nw6@ZCCa!wq0n;X}i|*8Rp~|P0)f*uiqWhQpf9btG8fLq^jq=pA;imfl zx#^f-{tuXEXZaG0T2}Sa%#>k%&biRtkxg|(z+F#jw)L~K)p;?yC31;>?&&FR%q%xc z<*(`|t5|o3bEbIR=b1CTTV$n2U1smSSqaT;>Q^$bLY<0%FIOlJcclw?h3@AfSdxr9 zxiM%d3DHu{@ytggRRB8@W)+&1ZMsRDm1C2uQK5Ul?=@8|l#FJPyYDxPGRZ3nBTNF+ z`WKCnPkfah(IB3SOCS|dJI~r}4gwXRf9JaHa~J)S2$N@1rWI zJ-O(LsH9FhofTGhS?KInJ{gUGL0J5LMzDgfG0KgL#K)u@b<2w-Pj;oT|2%7)jL?GV z$t$N{$@IWu6cCSyV2()W6YXyeb#AUatTd6~YI9bps@touo<*8PyfmN8mTv92@QQV7 zQYe_{^Xe=pWzS-#wHAP!Tdmcq^_rPmZ9P(zyGs~ zvMJ*#-XEFW5}AYqR$OIW>uAgNFZqlb#1Qkr6;(dEVusETuyPc9s_7P|8;tDUR?i2`~BbD zl+U?-ceQL2!8{+mjM`EeArVT_z~95%1Vdv6 zIzza+Ky6g`PHFb38`7Ji{&$E@Nvg=9mc94cLapMCYs>UC)5dbjO-ElQX2pwBqu`eP1}f)5P8^y3+rLkmuSe!`A!UEAEf&AjW@O2#kwa+7O$H5Op(5& z(=_zEG-z^2#}I;4?0k*))WrA;sikTY+rz;NG-7m`j%7WbCefH}Vm_;;rBXdNXZhrN zue8)wW}4N&EEsT25Ho3lT3$dP6a(T9A_gP!SlfoRz!re7^f%RwM1?17IoM?{NmCQ$ zFBY|Ad16s3=ijYqr`8|5s1>scTA5q5271Z;nult#Hc2WhuqUYyd}%gcTb7dl+1^k` zUF^J~8qg^Ji}`<#j!t_=d-=bMk~om+*kpOzSd)EGZ&-Xcs?jMbE?BM5E)($eg2o7lqV?v$8^iW{|A~%ev}*vmrtF78Zf4Vo(^D zFNy~oJR15u&!{WdvMhK!W-!jDkZL1y*0B{)U)is%Gz7{gJPPpqU8}Z*E~rSByII{^dIG4ju*i;d0&OVoys5k3x2FH%p~K zU0GHBYu>(H`(MiZg8hGTaNQl=aucD<6Gzj{O>(|JLI(1d6 z;YtNIV0hFrj6i$&aYP0g*b=j=U_x;ASYeY+jWxmA&g8Q?lbd||y? zhH>AjfV8IWdvvPO&un1`G$`?Pj>8l`Zea+f`0+`0{`1?{8_ECPGSa_M{vUUbj*IgD zth+z|v6J%D<$v!NBgtgTlAFREgJZ`%Zs`xWFsSbJDi{ zs=4jv*;bHhr%(I|Bii<5m9m!p7cn{_0Z8$@OejF3|L5qasQ(?G?9c!0q&!vq&myrc zhXTBn;IB3Ks<=S=eNi7AVh(-Hl{4RMQ>Z@ z(BMO^i9QdvfR6Ue$KmGaXla>ut1pt3mGiJhgH!ytUZYYI+oWNwT&&l&QB2lq{xVUb z(FAa`u1cz~DXHb^m_~zoTB9W6$F1QbXJ&m&RCdm7p`whoW?a6g`n8e#e{`2R3fQ#& ze|BDs|35k1$N%r9Jazg1=x+Nc;KuTQ>`A5<1t4I+Jv@VOY;WZ@s006^aX3alTq64b z;KFFS<61s5_6BnaZeWhls{pzbBXzG-eLUSlKA2)zC85?uXgz_cTnJkmuZo%5WSmm$ zRvxECB(y^*u`2%$sSm%ccqwS3{nsm<|2{k3^Z%WcC&>RbiEZ8I|Bm|LD!4`vmBeQefzwv6W3(B3Ls$uwSbLUxJPlP}k6{%WS}T^gYPkC)=v zi*N!7PC^?5c)S^-o~&>@y*ggo;G~bFN7w^(Fx{BK8~f&YvYB8&tg_RPnl8(Bu+qq{ z>ECwtpEl{<#SD``vY^k_N1U{~tlLFiMqk)v{Bhm^s=PNfoaJZ@xi3(yH^*xnvW zAq`hT%aDO2xq_qMsqoaVsjSNXc_f$bkW#VC$sb)B_<#5GxOD#Kcpv|@oALzte+7wc z-59)8ZJ@tVDi)pqvIIhb?^GR7`U)A)X6t`BHL!90_lo&{PmYiG>whQZ$*=$2E&VlC z{a3i)3uS}#FX+_6VhI+|xc{2%aY^*tUcD#9oSn1)Ho2{9F{$#DEX$u(UjNGqeXBIA|Kn~c{`ctYWWWA*Ql8@a z|2#tfE&*F7?{mvuBQfB>)ip>1j{z3oFTMYJYd%Eg!)5%Ujcu;tsWp4R39xnAH=DsG z>UdQI(h*?r8+dCDLGtb5F{s7iZ*u`0aVRJ2AY$2klm;bz2irix+FDA@MadiAnRkmi z#=rwIE1#}gw{r=+9d@ujW2iz20b`UcB_8u#QQvKzLT&vSx&<~1K&;*Yu0Pye5B@Bs z%)YEqR@MJzz{F!)-&eG(7TBQw9i5+*&i{9Nd;M=GOr3;Y?Fa33=*Q2$1k zskcmfqYlOL}t8g7g(-ANYodJ(%$YJ?V<{CS&h)n|cZgC{@iWyWREGBi5L`nle#l@&H3l zy?a>hDwZ-L5BzdtRED*R{<1-VWxUjum~myUN;U z7=lD{;SHr$+IJ(eaD%w|qTPL9LZ*;!BiFCF@&N^|^2(f&U^ z?(Osc?xZ|f`TsdWzlx%N)u^xDpCjhWF6*uTrNX|`(zO5EJ1(vNlk?;K`rk!)vg`k| zgnifO{@0WS4T`@+XOLd`*r4(MBz55}T$yAwtq;d+&$lOGF0;8+@tK%MwV&OYcZ5DU~MjowwSKgQC@PEb-L+-5VlKuT%ez?S)*H5w2(y&1!M5+&4A$~m?J_LCFwJ(7i z;523)@LXo#CC7n;Kk+9_5Pv4U=)X%@PyaK5cRTyP$KBKN{_j5ie>dgH>VF!8U1@-~ z3eFPyzq-K{_kRua?eG5@Z2lbkzv(D#eg8KdrmgP(depBKh*ykJhU^+&d|Wr)H?AiA zYE@(zOxE5vHi&GrZ){N6>b|kTYr}ox9A;bGH@30ceBXFq{v2gF{STsm&ZjGc{N>7G z{jYZ--{tkc-pTRa|F@G;)Z=gz@y@Jg6t-9C#8>EPA3xS;W1~0-l#z*C$v1R;l@d#R zE)CSN5VlHhO?lG(crC_n8{^cu0l!+Yu6 z^CKMahW5ia20G_+g%b$X}(KSQjZmx;xP=OI0&SD$3R%)t=?V7L2#?z z*qn>ua15&gY-fzaZNN77z@wqSBm`y|ORAkdYJL2e@+#Egb1q;y@L`1GKnxg+2^Vax zXQ-BIQ%(eBbM)y`zq*dVWAy1$wkFbnxuyZ}=5=#r4Mn6XqCb#94Ye+U2R!F3n=sem zsz}|0hC@H&Lv7UR&`20%OZ~rPzifLn9FcMEnXYEunC+#G{-rcCiyu%XxZRk>8b_op zU!^asS-Y-bT83FALvkc_wgqgynV}}gNVB9pO&%P>@f6-l<*8mVPS(_b&VVuELlp~8t2>y=}c?y2WQy?NMQ(k#iKWClrZu|lEOQQlRs)B;+(d^8=t#gWZe7q7Q; z11g)Sdze=&zeJ+uUX(hvokg~wAFFB48?8XS6l@f>wHOlED;b~)x$+vW)(LF*%0ufe z&m@$I+{W5QF1A!uCd`n8RBWR3&`8cd4*E#27#6j;AZL z4;Phy>REgq*wSo%Df}XucN$WEZR{kdts|#qp@?B9$R=27m`kI&g1<}9z}z2Z33cnC zEpqE|wV_mc8CSqalFT4+`DY)<$G5pXgeIi&fSS;9UH7wYye_r>H;M3C8-J!Wo&PyM zF7E$zyS@GWUpp!F1TQC@N8nXOdsRzV`2~*1V5Y0d5A`=s*%(CX@2J`}MQT^2uyeYy$ab1oNIEqcxC^C}}!~-nG`gJ*;XDT3IX>x~9jL!OI+a~)pB%qDIywLLe0ZpCu=POShbo^yPI`M?b+uCBo{ld=({48ebiE$39ZVRS`7m$d|(X}EDSR3 z+4`Bt&GpD1wdD7$Wh7xWu~*5);()O@028t;X)@8>BP=G?_Vw!9PnH2>1~2cXP;QxZ zLKdvg7w*(%ea$Qg>t{hfSW5m=9E-{N7C@u^-!0~U?jE1*&wuQsZ0hGKNPa~*166$x zv!F`cYho(EGNS(dMJy&dan}0czP&)g??ew^;1dR(`03^~?>lXKp;nB~nBh?982&!O zv7inP0{UT%Ud8K|rPe>A0kl0D3Pyt{z#(ik|9kheTh#xL&b#~kpF1hV z)yam~bL9$^Cc9D-Go{=t(iQ7e#>Z zC?M4LLA*dM97VjUiOjy@cJDZt-&|k;qd4FtmbhHEu<-zsa9q{=B=r_Y)W@l}c&(;} z@?j-0FdF_whq^=NkJX@SI>~%jdVikKL}0{>h`IeV!vOu#I#fulK6FvUbGq~5`O_r7 z*2qPS{sx|CY|PZFXrlnIY(rFmQ?;6bRh%}jf|gawQWz{4j6x$s0DI{QN`uN}0*?_e zk}Q)YVM^8tp)kzC@YX8mg5E>OK(a|*xyHAnc`PmeH`oAdkpJqk|API0)IHkE|6PjD zqfcNI&ShkM;_*<)HL0TNFK%DpWT!q=Sb#;zN23$Cc53`!iRpswn%v!5HwCAIl z?Joc-(Kmcpb)@bbf3bFM_|n8@>!0RGPVEaXDoF@CcUiG%m4(q9leoLoDV*vuLFPmC zmrS2ln>cOxc5}JY%A=Q0hq_+w)04`6*+$5o#^k2xy^}iqu zzZuau^ilsi1x(*uFOY5)y>&e`!RJr~I!yXC8ol7Mc zHpu*?OVj#4?-u;Oy|c6Z`rl0{_)a}6a6re&Dj>8oA-)fxm9wN=h4MZMNEkm_Zw+0^ z*B&rIMg;smGEb}PSzJOENinEN6$V|bh;I19jcwt)L8#;cgy*z6t<&I7CB0ttm_? zo3~WHtJV$?oh-bG(qwtC=nbA5FB198%y)^$p14zcF}=WnT`f*Zj8KN%757Kd{OA>BcZ z$rL{hK9#G^`8SE~Nhsg`9s`@}9rkZedOgP|X8po`p{5RNTSa}BZb2D0$LnjU zSUw71Ar3Uq-r3p9v#;OdxRC#67T_RF`zxX?-~ZS>E$4sg?c=|8R6c&}9Ht4mO)fOG z(VR;I=Tnb&JQ{is3Es(HKZQ9bqlq1?)6jngA zLS&~^av<7;2C4=j-)QdU6g3M;-wHPnEH&`S*yypVzC5xN>s3o`3rIHIKwoj1n=3nsb zEo{y7b7L-CXk-aST#-d|;V4xPz&03qp`j+8Uccs+q>4s{Z!JL*`tbMyeM1CH?NzwU zq_(wdwRlaz5=%?22HB#!fMun1l1G(HUsus9E?=R%3KjF7;Xv)0@hBhywO+IqfUw6& zGAhN06@UuKGFw`%R6G*->`SVRp?{CFL5D6N%@B&-WcWUXxcYiMN= zwJbp|D^Sc5G*d-2YtYTol+!>vHPlo2cxehksj%#Iy9;P)GyQ*A`)>k)H1*dp|CTua zQ_TO03s&oXIP{gHUS0S_M>;S#((U_Ey^qdLQha1e6*Ema9@-IU9!_ zIy)}hKHDzis`0y2i8T;T+W{B`=lK}LK`_s@3J{JWg}Lke6Et*HU&uCOFE|>4hgG_L zItBEPRQ=WcRhNtEK#_nhERJ6yl;arWyt9Q4uE(yo#ZuRG`^Lm8Lwu%N~E@CzT zBKjE-=z#mqj1~v~mRI=NalbfY&SM(xum`GXEh zwS8kD(u7K~GR)`J_@pYdrJOc(Yw4~vcF(j|JP;)dCq8(XrK!g{B>W9Lk-rNB>BA&b z5EF>?)gd0k5#;VHDOb{`OYMdq&ewzO%IJ8tyxWAUU%b=5zReMMeDr%omm z>Dw|Tn+BG%WHrT_?afR#SG!>P3hiVz7pOpzq^%h=h-O=P=+mcu`Mtp7+{N1!`;g@b zq(YUvO_960J++kJ_hQS%UBYxPuwW7E!TH<8s~@gz23OZVUcJ4#xp-4HwaR3YeSLd< z@osQ?_x|SMhpWNezpk$;KQ{=}xBlw&&DG`I`^oba)|Nl|^vR~k z@*8s!4t1*8nW|D8zktjj1kSG+9YWq@p9m5CkiW?nrFT?!icj^%t7J0P8wS`X+Xlbk zx~jfl-<~8%z=ihhoAJ#~d?h(roAcG2Hg_L-Et9qHJ5TO!Jwmo-TKRQ;)8u9$5F7L2 zrN6aXX*#si06RnZt66JYwdHR%n83oV?ztJO5p7jL5N_`1rXjJ)XbEd>J^8@8@4KyA zXh$>8`B-s9I7}lke?@eR$vXa_CH4Pk=6$~VpUz7DpYHMb-v6_cvL-=m6XCk5S~2*t zY&?`Gd)uZ$s^pi#i^@{9SjVIkNF$I;bM1;xvr77-hN!7D_UYrtrH0$o->SQ}RF+)- z8)X1#SpP@o<@|p~r~CE4ld@v&k0cCv*%e!vnqyH^K|*MinJJRciGE!eL{97YGLD5( z>WZXCS-y%iMMb7uRMZc1CVgc-2U*RIO0)whiU}d|Nr!awV$ltJL_%?iGjM2y~AIx{)XD0W1gjrZd&9 z=~3HceX(uDmriMIrB92iuomu^MP456X}1cld0K?K{Ir(%|3dliP9T^P6+W|xjA_#U zPmfQF=Rdl8`M;ZTfUdES5`-f`k)CUvXK@&lK%F0tuy>Egz+LA+A8|7Log+ShAVA}Q z4z&lJgyR=-@nJz`pu8;Ba~%540SaNPPf|UL7>vjx_~?O%3Hl$;UGzQ-=7@&sONo*+ zmr+1Ma2@y6?Lb=X;2fY!I-SxG{d{?ge8RZnj)~}~|7-LecldACQU6aKOvWAgzvL&M zg`EtLltyucMkE049J>4=at_@gzIP5?F_nK)M#j$J|K}W_pD`me=IHgSEAF`F<_gCp zKH!e7&ggHBJL4Ypq4PDI4p_MUZ>}z0y}fd${$_17+W);?@%(3RZ~yP6Br2WbT%a3G z3rVsF%)v)ARGOR7`>aDm`ov`Ja3od7DP7GZG!PXlpzbq9a~i7{1SaJ^4*leA7332x z7#YR_d^9B8-6UhsYH ZqJ7zyec5^W{{sL3|NnUwOi2I;0stW5%|HME diff --git a/released/assets/rancher-istio/rancher-istio-1.8.300-rc01.tgz b/released/assets/rancher-istio/rancher-istio-1.8.300-rc01.tgz deleted file mode 100755 index f05a3e0a97ac47c7ed3d7a084de443da35c4ad62..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 18131 zcmV*aKvlmViwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYccjGqlC^-KvKLxIwIqCLoQIemD?&j`#+)mOn{qWCrGCRMV ztQsOq5@L#A08qB3)BD-?;6W0kNRfK9+MN+jPTC^DLIEh$3xxv1p*I26CR`BOxtw4o z+&P{Gf7xQ`cDvoPlN0rCx7#iL+dJu={H1py|LvU}_qu=S_KwewPXB_s+eD(O#9UzZ zm+r=G6+8EZ6dZVPD5ceW!lMAs+aaDpAH9-fSz1rN=Mnaxj}+~; z`J4-wme!@bj{*|LkEL%TMrXta-X70bAB7+uD7z=&*i~>{Lfsi*BF2I2F7co<>kUER zUMVmJ0bmXW{oLxRsQ-HmT=2FR#eH<%>z4N*tu}=zW%E8dI_{mkA*FR=()Q>yq9KIB z432{%@-r|_XxK-yo`a(({n>NBagQAzxW`B&)T0YD#GH6~^brRUM@UStK!y%DdLUwg z!~`^WPXsQyfe|nyD4GZn@qVY13|}X}0=Vcn2#qL1J_t+#?mEPiZ6&om$$GeJModv2 z=OB0|pkvAnFg_bQ_b`8;%;$ZlZB3TbMkE|D%ms@*5i@YgW?+`*7x@24@9b#L|94U73|N5Y-;)6PsMT@=9w#i};NTX7AmLapTMu3( zGC;5x&;tnq#9&Hip!k3{0qBp-Gh^AebpS_~q}iBOEu5VU3(?X;SMP}a4!snl~E&A%uE zUkgA8@i34wO1Fa$nc^|XH|5Pt31jl>wtfb$=)fCoG;A9*p4ppV{CAFe4Aa>}c}Q5`P%MB?Dzz?2Fo zX~T&~Kt&m#21BI2%@2+vAb=?dHZOxYJJR!Bn5A(*hd40Gmk11T=y7@pBOC|f2F8R- zsB(oO6fycZZ%jj~_UyipvU|`fvu3L-Jj_cnDc`+AsI*@cnJU)n7&_^w)R`olbq~}u_N;F6~Zf5|D z&S<~XWasjk*Z;QrZMS8b*gj0but&mi(gzX_4FAvLZ>qUAGf|LwXJ_A>b$-Jz2Bsm7 z86M#f*Fh}7-h8rp|HTr+|^z^u(|DPQno$U4hU6cTg_jLrV3i z^s|VOP>fLPue{S*3jhQh(jTqGUf6$s?x`*!X&`yrpiVeRi5LsCVX>arA!pfD#HV;X5w+_|ai;kQksi zB0n%1N2#LRmP*x#WR6{uqeBgqFYKHTOKsclG5eahRI5xI>`oP#W5DG@Dk2&$d!`6p+ z4}A7qq8U)^+W>T@(<)ydeqGg14qnWNnAa18P00}rh-YIP0WetuLP0#emy*qncHEb} zF2Qs6>%WTs4>5nX` z)wU#*mASMADJw<+dggvl0^sfs0Ue^2ra9g@Y&~}`xW)vz=nq6fxysQIdaA0_7g?&- zzww=HMFFf?|Hr-4qvHBMI@+)Qos=!2c|^W>rOHxSi=Tk-vpPZ}W= z>HcM)7jg12OlinL=&IR%!@}>*h=e#G|JFKoJK2f={fj{q5D%w-xWEENabOI22t5}Juza(QeJLvq z^glzI>#Kov_TR~AH?RL4bx+T_d;M=0WkId`o1X3FPQiLLkjKN{z!NHBPq%lgnZ<=> z7L^~a?EIqv+`vd;vZ$_BH%`)&7`3G65cB-VRYttX5&ZBW4OU6vxmheA`uMS5 zT1DWo9{;33IO|(K6Krp;USD0@UJc$}yt%SoBc#rUC`@yqJ$axBlvlTRuihybx7Qb! zRegY36yu;$q<&)eO+LQ7|IY-LI-0ZdLYPnub zG^5HfWnqZbxHHua>cFQX!K~pI@y6KW- zRW)c{vVqypwZC)+bCuDl9h;R9Fi@Pz{_~u<{I-y*|%z!P`E0)Xu zINXK?P$&OSkI#$p|E#*tU*bCmZ1@C{j+})DceHVU@Nf0x5`flSY`JX40%|Za{_J59x=Rc0R$7jcT z`M-;@eBEsv9hfb#bpixY8Nbrs(|_S

OawQqa<+Kle~S$x^lc4ev`%FK(0*qE7!m z=`QI1z4QI~kDZjl`d6osU2_<<$N@?NcQSjyZ0f$zwMv+S+7xJWfdxjIHU|-AQ}O~5(s)p zfxo5V>XC5q(MJ9@*A5Qn>2dPk=yQGbwHJA;Ta zF_4`~G-&MUltA|YQL5~W;jxdtb`RUSM-tnwO?ydwg^15+;iFbL0;=}lnfpJVx0>Re zj(ibQ22p^$L@CrmXC@&1W|hGy8;vDxB%e6Noz+cOPm&SDWOn*wD=2LtTSOTNCyA`A zF3XX_QS|FNi_KnIufiAFkdy#ba*babuCU@tQtM!!Lwq*}SMaifUCp^tpS!FMnCG{$~Upb{7A2vT*+Uth=}W zcTzrY{FkJ%EyaIHQ2Y3=ef-y&oqh_zVAV)}y7iyu|2J0`FW+3bQ-7;%)bRiFljCCk zpW~ym{rS(Glmm35DZnKAeU)f*+;J|_clwx>k91Bwl?ph*-aQ@z&t(BdLlR;(x3YJl z8Nmpn2?SI9wd*(sNh@jvpd0u-CJfYpHsm-52S}wMM=v3Q(1%bhuy$qYX$@9F{VCZG zEQ5PT5$H5WIg&@|CL%{3WehwK%wM26jnOpbB70r3Pv2bj`M1yI&V_DCP)c%dGk^u%Co+!O0wTMz-ILD96_iI2#L=G z(1->BeUR0GG0OUV$9aFH{>lbXkB~>FQ2>(QRG#Uc{@@vZE^Dfe%8sjUWzL#he{=wV zU7dkP$07MQpjNAoLaN;ppsP#82DRR#-h!8yPlgmTza@t>$z|KJTsYcMs?;JJL=)U= zy_Y0-;ro)OOCnZ@C>=-Vqr|f7Tn&t%Na`voBkmN3c%0+|@Dm*6iaIzrKvfGS!`e_9Wrzy7tg|GVISO?gMSN!Ny?K`QTM>~aUtdy$ z9zAOTsNTBhmV_RdRGgBAW2q&n1fOa`HLD?^$pR{odVz>0JfEr*!4s?#3vd#!>s z5`LC`E2lG=O+7kEPGuePDp`UDpbqoNIR=zbJi<{V$AY8xRx;1*&)Wz*SNp@?7Cmx2 z8!_Td&=j!jSP)pJP4%P<0dbGv2z)f0+tfFlC!v{!@#(JV1>@mRuNcAbXhggh$fP<| zOK8k+G)b74(bminX-#pO)H76M*C`6fln9ND?7g5W{D+K)XH_-SvBrQ%i{`z;5Bol% zAs{*`Fv0wRc8P&CpR&&$4Fw5fNI6Db|J9VIT~9~DMUK;RC2K-BaqT2CFL}W=_0ykf zP1>0N(?tK;lX(WT`3w*7I!h7t~HnMQOtrQ>7f|{D;0jsV-mhvp;!{BcQas& z_<%lsw6owAYAMvMswxHShYwaVU)P}JMwAI@-O45<`VuqE2Ds#1nk(oiW{skn`u8?2 z?_cQOxmMr5P~`HyqRIDY2y!~i2vp5hDmqGL&`l=b2b}#H4pF)$2~ z{rW7qvgP67!ObO^R`>T%k9T_RQLi)Bw@0*9XdL*R=g6mCEX^K`hM>p?0c=V_NN}>z zRFXzr836`6HS`&Z>IGjgC^bP!gR|Upb5UEL`_Z@bXgSvo^A{GpfB*h-o8~(ydH)ZN zqBaBUPhp!rpc?G@f&c>l}s$=?67lTz^iIL^D6p9F=>2 zOlY@O-js`cZaIKnAQE~(>?@-qOd|Zyhy-A)BFPyPi!_daN0V|X*-1dJ1i}HQ1`zPR zbBGQPe^J&^hIMM9KR-O|OKzr_h*Fppr_|~+8p)Q7kxgTr^;#O<8mMM|HB3*naDjf0 ziFc0_zk6Xb;T&6w6GReGVRL)UeWscFN7=0z$4j~O3lwQ1kR{h{X{6TRu~R(PELOe& zZ2Sp%Z-R4pn9zx3GuC<%4iB}RX}wln1I#QxLYWI8lTk@5nr$M!T67gGA^`p;_Yeq* zhVuw>t{oYcW6zA?rA@cxgP06a$?)z?@;|Lf{wK4@4-Yk^+XVC~zv9G1uO~(C+JlJ= zU$<%AUZ*e8O9-0V@Cz2Cq23Y$VY}w@nkL+5^DU%PW~}v9<}3MR#mUN>{GWQJ#tes} zqRHK4md1APR+yqK`XJKDF*esKlXGWVpv@;|!8;H~J{H;ntZ@|7cnDmxpU_}p*Rai3 zx5z)g$HMuZN@l=7U7^ROW=kMM6RC;n`Bah#u!tGF$do+U(_f^CohhWrjj0};YU4Y( z2x@lZK6W7Nn5#XH+|$l;w-`#0xBrsl+l51n8`>B(_TO2zTeSbqj`#V$c2n%wuVTjI zbZ^rHeko1*oe9`ZgTs~o=`sx(H+SL{uGK{L9f0;}W~-ik>_nXp&OuD>xU7Pth&2ZR zA#(v{)hAv^ieD^VOR1xo7C+9{EW#<|CR24y_>+l5Z`@F!>hhLMWxFYa?!U2)@EXo# zpO2N2r}Stv7g)r+E#K#k(?-cjl%rnmdEuN&?rj27vaO>MXy0@zL4DILybR3+pM7-P zJI=kcTj3?GoSYn2H&c9>Yv$XsW`q}&G;-WK=~nk<@vYrX{$1KmP}Z5=>9X!*Z;Q8} zqGgNG)GLx%dQ)oE$Erg9t4Tb}RVlwp%gV~*Q}15g{oT?4B1T8*V&dc`P;+mgEoGA= z2n=RKvoY&!@=#aF-y>Rilc@E5_JvzoS;IA_Rus%}ZbhRq29T|^ipWkde8U*hOjIE@5)@KEJC}F+@mc0oXYv`5T)UON3S@WN}6uXMd z(n^cul-!$L|LN?g_;q2NN;E!8N8DtLB;?8wk}q>}UV3GEf^Q+Wfx@|1AN_$sljh)? z3~Y8ad!g~dt?jb_@Ccd#5M+^Iy9uc5rRqN$ic} zQuTJr0k<7pIF*`MH1J=l;H)Smx5Ubz49Wbgmm zP1)T4S9H|XxwcHw2FoH1hV8r|YMld(xg^e zs8e`5*#9}|9iJ}j|8!6G{C^jvkcZd90ta;L>Se9Y>&GI^^U<$7g!!F1O;-wFLVO?W zOWqf&P~JxY3FF7ow-KW=;sbAwXUtBclpcWN?y`e$_6x_cJau;QDo(4agV-ryN(Y!3$A*Y9<;+Dq7j59u@#CK{S7>! z_SbVq3h7Y(#6uDgF*n=GQVXWY4s%R~(wwLim;^kFOw7XUFh@Kdw)Npc6`YX7YbxE^ zZ1R&ZiE;ayYgNK^CN$lw>32F~A|~-raYfC6v{6Ak*~e_V`@z)}rD~uy*F#bKMvn6o za{;U)CNPDBrEy8>UWZJ_`oSQeV>*yECxCr73dhbp%pWN8l`*8VUA2ulWM@W@FT)YT zT(H;^F#~6cNtQCYjbMsNU~Hha#FYQvn(6BcRLzx_ng;%1Y^Rt7SwEA0IJQNW3ek4m zpw(4q#|`Qv$+?!*oIo(uQ_r2$EHgy*Z4-+hO5Z4Wj1)!g9UZ=syCjEhPfEXE11PWEGK3L}okcY#s1yX^#paZdK zED#om#i4@#j0p5Vi)fpAiR~`a}HEotdK1e zf#T@73L@up3N!@OJ)XvKB_VW#+XxHl93Y>n=PwXO*EbqH+3*7d9-V^gX!*n>P6H(v zT59mkdd)(kX%eKSvT~S{WojD{Vb24u!k85>DPNoi7!DYvVnEZWRVJTv;2fY^ePWAi zSW_}3o;5y~Hzt}KGe9c;rJuz9r75B1Y`>+#U_--Tj>LrWG}2EUei+WxM?cCDxim_H zp6v-RaGe9k(Fy%6^{UlE2Wg-H;pjnD%@m(h8F3s*eJXWy1R?SJ=)*_zLs6&solvJ9 z*6c=Y`Jth3g}jPM=bA#z!32pa76PV`j<^PRfrfGNI*H~sx%1Eja})tHm!os@1%er{ zxtOSv__D<`AW$kaj0S32b+gF?EP(cKs9R6M1vLh#g9aG_Aj1H%p-e83K0Ivc;4Kp! zo_F z5DX%dvcGi^Jm5KR<=>jyu8r4M#hxSzck4uqi*-C-R-rzM|Zu`e)pu`J^kCmDJ1_O3^6Vb2KCHFpw*GFjds6efrKq z_;Y^=-R7p(AwGmct_h9afd@xr1Sq|+&t?7=W}#dq z`@biP_kVV~`}4m$DgV^^rqoN6`tUz8Rm6CF5Dl}FkWk{FP{$WD?FSh8<--T$YWML) z>bpW8KmMxJp&?{>m9z?(9d7%jco~&`{PE+j>eO$dCo;hP9C4~rE9M*$q}CI9=RCzrR zPFonoK`^(HoZu)@$h*!zLBm${g=|4~Buls`Eqe5iEWM!WveM4=`E_L)YG;Bn@Shp8 z_T}4KSyyF@iNJgAIi|DU~+Y+nq(C_YaA2hMBwUsk)kCv^;&fGd{)#+EcDj~6IDBPc~}9w`GL&rTlJH&C;Z*t91VF2myU1Nv(40)55hyAoPkgr7JC3nBbp z@rBbcR>RgEp#_w_vzYZC|L$Vd5rAI0jetczot6Q3Z#8cZ~2C{~WqmjKSn}O`@HfNx$&E3oZ8KGxV>OPZ-^9_vQ z@eLNHjcGYG2*~^sc*(n;8ixeprY2qJ6_b_jurX-$K*K(_ta<+=Pi@NZVii_Q5 zIP@=qXoBCyQ`9?KulElyM2yl}6UzLPxOz*wS*U{+`&X=y*FifK`n_!85=S~>hyZsl zu3s4?fV)3pj#_G`(oOf-bOct*CMN^DoYq>}=}*} z5uzcw|AzlBz1K&>Y?rrIo|-n?)cv2EjtS=ffO&S7FTto~RbQByMVOy*E_8QfQymd- z*OQuU_3UhQUd$$mT;iX4dW!oo&1PxwtLn)r*4^QpDPH$!=1gxAS?N)m?7i13p}9@{ zQU+G2Q!?<26&8oP)P=l4_j3^}Nk*RB7_^jxXesA-<|C3SfE@|53eCzk-K5RZvB}ja z(LLbzimDb$MzhG>_nSqTwi^j+&zRHhi5YNRWkdmmKXYDozfeO&Sb6xkj zi~dQ3$+M|bOux`hj0DBP;Oh*)RH)0ITy#ZLQYW3x3ah&;boMKsj7Gp9EPg*DSi#pA z<;F$gV^WT~i;E>sb_-+wY1TLyp(WFkS5Ci>>4C>6ARZCH9Ffo`+TR-L++2BBX(Geb z=B!jzw^v~`i!_V4F`vwqZsob~l67lRD46K;@+>Hep2bdUEdV*UTB}v*H8Z!~HroI3 zu)e`%%~;Ud^S>vB{9i}CZtrxz|Fes-DdQ^MADP_}nS=zETxDJ9Xv_97T=el{JE6OU zt0Bwfd;SVa)w9x8g4E-hWl=cM0C4ftR+8v%2mnS={omb`Pq}_~wQLjQ%>Ax9fc1|QTIUeGpq?1z4zHd zt>TVr%k(wV#&XI{M_(pp#gJ<~gj*)sNU6d)7Fp#aCqnN{+lZ17dDw&t>tWTGXvoU> zP7Gupr26%hH?`cwx+h5%uZsChk-nwVH1vC6(BzPgAq1(|`5N!3iSZXwOVuW}hl3Yr z#OO2~%W6DLqA}aVd{$0N3-#Qb<&*Ed(o$QQX;uNVV8GQu%%llwc>#e?42VC77>vkc zWgFH4TLQk+-&8dcC7!Hiuot}~bxkaOv8*M_6N_3o|87M)mHyymt(aBN%G|0I&==gV zd8j69lcd4|dy)#l=VtSjrIGy4_J%s@V&@grfLi%q%>R3IblU6g<^L{9;y|imlZ)HN zn(T{u!}7aPjZRT=!D@+ip-3#J6|A8XB-u#>5mGn5k}%O59XjtEAmkJ7(HXFJ5_i?& zK!Y5_kswobP@M>vn&UD$G$fZ8qjgPvjLTVTOevcu-^U>lebgGx1@M(o(Vzx6fnAN1fQ-X-Bj5;e@^9EC zY7@ZGzy`V&YClC>Fu+rUJwawF3NHk8t4%*81 z#tR?p9A~968SRVE5ZNSP&q}9hpQbS70t>EHIz1zwo8W%9%=N2oR=k04ZedGTj5_oF z`8x0x9tHa0a^2-(PfG}oLUwUCOQl9#SyldP-o9P?zt=0C|2jI^=YQEvd4lpk$0}VghUT+^&1p{%tmGN0bIjbb=cB z-#b4oH_%t&u=mn;qO1cLD!Vp%0bRM@Y`%U7{;R! zFwL0<9*(d_gk|&AZWz!2X%NPNuZ|ngVpGRC)rwz*kB{Az=O2Gw%U?p`uBTj*QW zV1L%`*~aJweXBNVx73+h0lf|WUuO>1*?(uJMf>mM{A|zvcT&C({{QJ&{}Qe*CJeC8 z2Z7nOs$uhYYC}&}M&`?=T%p)dIajFI9>XwIw`#A|qOZPQwawQQ``{y$0Rrv!4y9} z$5mTR7 z6&@76-K9#rZrgYIGsFd6VV;w=^;h+6*Uz?sR5^X(PZ-g*FRPTb^uLJF5eYzw=O&>5 zwf>)@qoV$Ie6m0Px0CWz^*@Wmwj2uZMuNZA;LG9y?e|4}aELkdHCN7jw{@|CF;i(N zf@RK<(j9ZvnyRn9Wdl!xGM*E2^+Jsgxgz>J+yXkC2fwQ{ju+eR^2tNF`BiAEE^(Yh+B!e&7&SI0DJ)YA$j89#0fA2~DYW1_Ni zZVMG!m+)TTcZyAi^ky?{cwrw1At4T>5eP;%-9>uCAfh(My~?sQjFAfQq}QvOZi}m zWtoIp7oqh8rg9-{ZM;fmZj*6Jv0HhZmXXj7rNpZIKcqhVw&JCrwf0|c;r#d6@t*(h zq&z|XuSsm{KL5AW2Uo#0g1|he^8ITx%wg5R1c!cL2j$iUj_YHy=CdZ6V@-Rja3#}t z#R=I4ttVfu*ZkE?+q*PE0UkHv*~@SO2~I*A1bDm|qn@mAJiR<#+u)>+q(|5TbuitS z!W;YMd9s;cK&-OUkeV({J6LMuSM+Z?`%jy6?_!2YAX(5S>myED*iA>DhSz;n`Tu*2 z*?qj40#IlF9Um9t|BkyS`}_ZPQl6mvHzc-Yv+ut&)G~|jztRTlBKuZ!Q_djtDci_V zxv@ja;9#dxi8&tEGPxz_gfwh#52cWXE1_k`K$2X+QSelF>X%ej<^MdA%XdhrXmavL zmm2=xJw0AH|8u;L|JqG?g8aXP#I|k>-l{gx-zXJJPXJj0p}=>_4k&$r3~00U-%Jgx zUH`pe{@)X+67JXk4$6~X|GQiIYpnV&aKRVK2J2tYsfR@a7ErtXyT$c?+CAFae>*8p zd;Mz?+YJl2Q*G680gcg@zwVQ=>iQQG%0hujz1E+Vy7hm)kpKVq`0Q-I{&!KH;QCKV zZ0qa(&Vrn*`s7j7Hjr^vm>9Py_2XdSuz!V1qUZLiJt^kwqy@0fZC!~;nWv;Fe_DC{ zHx>F;sagNW-G%tyqqF1v`rk=;itGQ=2>rVRY?ZvvEqjf`fCE?8APqbQSb*Pn|M%8> zh|Gsg{GzpOuHvaRd%y{>b=o(Z!6xc>RRq!zVDKAwYYsv3?ea0G#Nlsq0UU8yOx8g} z(|nW$C4C3mK*HKuO3h`-8{e9D%R0uu12S7YUAJ!M5_mi8V0Fe&g%SeBC~G7h^IcKj zZJt7H{TaFiHVZ(k-T|&Z++7d;ET+u9tWj3g|7O6%V_V->)Km+s(f^Ll&lb-Ace{K2 zZztsm>VGzgZCwle8JKV%Gc8d6MwhC!Y8#M=M}2FAxv8sg9Y);|Fb$mnk7&rDc_?#* z9azLB0erVSl6l1psu32GD#>wez01Csf|$_C!{Tq!w>6`rVh?qcMOij<8m&D{3i71{ zyp4qDpJ#m5yO5=pgv<4dCYU_HkW=p-nq9@Rh{yxK+!&Q%rJ~<7C~y%k_33T7<&#@V z4KSicbIYgunoxZ73MKEV(qk_&GrwbH&Dk%eo-)o1PQ10zB}@tT8;di>8k z$Q^dNfoEqu`QJG7OO^WgkD~p5eB9gT|J_M>vhx2^gnku8|Ef`6y+23HmtEFd|Bb@F z(^9wp+dE!Z|0n0Y{rcZUd9v&OlZ1U&=>FG~1~rPmL}!p*`B`DW?Rd5>Y|LO);-2XMux4-{uu=#WB|E8m~_5I&;n6|qA z>ruZ_AYL&>8M149_Ho^K-?*Ig%T7W{jYZ--{tkc-pTRa|F@G;)Z=gz@y@Jg6tWBNipZ8(S40IxQY z_J_@8Gg;p1Z(uXx!G))6gtu!@`I2riLKzWrbDe?wGW#rfc`4te?KXt6Fy9MPQjHav z;xP=OI0&SD$3R%)t=?V7L2#?z*qn>ua15&gY-fzat-&_;z@wqSBm`y|ORAkdYJK>S z@+#Egb1q;y@L`1GKnxg+2^VaxXQ+~EQ%(eBbM*0Jzr2pXWAyQ3wkFbnxuyZ}=2dfL z4Mn6XqCb#94Ye+U2R!F3n=semsz}|0hC@H&Lv7UR&`20%OZ~rPzifLn9FcMEnXYEu znC+#G{-rcCiyu%XxZRk>8b_opU!^asS-Y-aT83FALvkc_wk2%7o}nhlNVB9pOq~&iA&Cg!MzE{A^!31 z?)r8CdQrp_zgYYrKa2>GkO+cgTK1#Rj$1sL(y>_%+NR&`h>f3iSJTH*YTP%AuBsfq;(38uDO7*%XUPz<00S zTn)Z|b@lq?nr)~X2h=E8O`+1ZZZF(1^%BBwuO@%< zva%eHQn9)?^^IGE95*Rz2$)zOzSh^4x1j5^7UuR6M|emAA_#Ez;`)`b`?>og=BUMJ zEWo7^gnU9qLT}-;HX40Aj6*+18fD{QYPFV4e6@1S(mnN@s5cM$4b74aN@kGsmMau` z9pzmGjTX@I<)i8F4UTNax_rH*8&KIq-NU?O`6UuH_hO-A+gW5w`mvh!ywM8OOTk8A zTZQ}F_UnHq#a8^+Qg)SIw`Ai=la9R&P-G?{ zhzH8M!NvhhiL1A}CsW`Y9a~CiM>oV76**Q0ho|&Nt220 z9$_)Dwy#&;ezFW8GkAG7g>uWR6S81^zI3NH>uY8~SU(H;K_mH3aV#e5TL88Cf47+b zxqE!NKmW0lvZ?&%z`p;uZgJu%ZU1S7qOV=#98Z$`}PtEzY{%xflnBC z;-{NeyzjK_g<3K`V}?VaWBB_B$AUUI28m)gu1893R6pRK@ zfJ4}7{`c-_x2XRgot^LVf9|9dS0@`{&y_1wn(RtV%#?DoNN;EW8>~*7juuvA)iE?d z=pe0`ip5RWsa65n(v<&!(KzCL^h>Mtt5euLY@6K$?jWgG4$Z@WaPi6gbDz32U;i@# z56#bf+NI9^my5j+|9{%s=l|PDS!4ZQ1~C`FHe>^uoOZd0^fp;Yz)?-;AiOv6Lu9}ie~lP0~; zEmI~&ls#bP=i%xrBTPjuiU8qJK&bD7c!63tig;NQnSI6W-f=L$xxfNOaljW?VzX{x z;{hh&xUBg}>Mf3_k5g~)T1^e*!%|{kH2jSYb%)F!t3lUvlKHOm{yd?Hz=#>F258k8;*c#MFNWSKOCDOoFo!Y~WNTg#vedJiE3$tHQ}8sCoQ(OCX( zumM;j|Bt(;y`uep)a~x&|1QeslK*?bZ(Z9h0&6yX2*CWg z@*sZ-wV|fXy#lee0^-mPVvLdfub^U(= z|8K8*TDLV$4ScrMYa6l4!oHTqKfUv_qW;%C>F)XePRf?!f0jr79-s@3=m@=wAiR};(20Bc z0)+rR5>!QIw%b18@`JW)4M(Is!vXOX4@VCZ2oVXnz$yzCnh}hCgkZW5V^oT7s=mfz zGsoqQf{C{uJ*=UY1}T5ic;YW6C{!d9CV)*zsJhih3?TH_Jkm!wNT{P}ulzCGWz~`# zLpLV)OG2Z4>qLl=(HguuN>U%jxsjUCC}gY=|2MAePj&v|__Vul{$s!Yvzt=noGF`3 z$n^_glvSrLHafhW(EJbt&R0@z!m)jjzrA{X0{cjNA&@@J%O}O3;+pBP3H#MzU7aJ6 z0T<5l!>p!rW%>J-v(~Z??fIx@`%8dI^bH?Y9jQ9UU#y)QzBKXK`lmUPQ~Sb;79@n7 zyR6u>%ED-lN!(rP6i!u{AoHR64b!JpCQfVKZZ3D);^^hmp{|$v^rW<3_7QU5CpzWA zAel@h;Twqds!wgXUMdJbH=li~Wfl2va*3?02Gsfgk9$S?@95}sfBthPrB41QE~O{0 z2J9F4TBXtYHzqi=jqTm`n7_UIUwhs2h5H|mPWJ16C*{D1>9Ii10tnHwfYSRoLak*R z0WH+B{O2vylK(w_j=HF=ygU--S0fsSKI(smeBue~1qYG5TzY9xr{uPv7EO>$P2>W7y}X1Ws9u$ZNCCkkMKg3fH&M}H_l4(2c* zyyI!<#XFXPJPzm(2d;;O2*5QpUP%M8gCo+J^*ULoaHpypiK)apDye|Nyst8*>!4x1 zw7&jdPv%~w()BMG_DDGHTq?n^LFO-A>el~xx8VQnot^F1|87dbcj{q*13FGt0im4< z@qGxboF$7@DDR_ygz=;G*3gxF?Ew>HM8NMO^R&F4#U&Iqw)Hg;<&~LUe8%ybP_ZH0 zBFDl}l>Y3gd@zm=++!rt8$1{2_n3J1NRom;f5$KehVC@1L|f83kTKU<6Ch~@k+4le zKt4>V>mYO|l_|niGNp)7KUP=Mq2FU1sQ$a?21dY;ps7Fi;o-skO|@rGmwiJc%8(BN zlYqO9@kN@R%?kb4bpDsF|C#2Dn=*hp`|q?@T>t0Y^S%AIlM*pHBR;S`(q!m(G!*cd zBG%MQFzG zQs4V=V{VU8AE4wmkelpO#RsWeEZhb2YV?+hYX)4W=v%l%M0Xracf7im8s?(_7UDny?VX){bN0o$9+&d}%mN&wX@5nu z<@+DIr;GWYdi(gV9hDCsI)`aOZj%d5Z8Yc7!1>hU9gl_{M1ptn*H2;2$vA9B)Ne~! z(LskD6K&$dh=hPzcB*c(zrL8gJMneBj2Q{Xx84N&I3VHp)i|W-M>%#dH%vfa}|UNWXMme zly131_`t9dSg-7xQnVJB&kt@KocAz)fxepI0QJ8s8qyMY=_LbWfu5;v{y-!Y&rvsD zOXbUwkjpMetW1Dj^5`pjw3H*-TohJ7v_xd5RdOKOg$Bw7A>U~3<`gvxN#6=L5HuS2 zWNh@hK>te9o5%v<=%aK@v zfiCF4cBrgHUCUJIs!9v$w268tN#8YLG3uOITJ~CwWxL^mP@z z;_?+1SD|9wGaRU0Gady*pw^4l5)k${Nk*j@u>w#cS!RvpO36b(BO1{0{2#f|v7Rm` zjAhhN$B)+`hlRD0k%Vk)wD8w4{~DbCDdzv_9i8m&|KCZm8B*o7%>8mb*>&G9Qw*puP*$eBOMr_Hnf}t3pH`R z>#((U_Ey^qdLQhq1e6*Ema9@-IU9!_IsqvL*7-Xw+&=hXY%NjoPPC@&_H1YWvzkqz;v2Wth*c@kv!^OF6CUR^zVKcF(j| zJP;)dCq8(XrK!g{B>W9Lk-rNB>BA&b5EF>?)gd0k5#;VHS*)Z_o3wf-M`z!*ip*Va zX=&3Wciia1hvG?(@~VFz`-;4RPMu6B(zj(wHVrIi$!dx<+nbqgt~S5)723&cE>VFb zNn0~$5Y4vo(8rJc#rFb_a~E%y>_aX_AQh_QZHnC0?Wv^%zZY9BZVskffCY9{BSk6``7hV>E{N4>egSry1BZ% zdw27%!Os`3e<}yk(NH>awKW3ukE?$z1#}PdR-G3h0e<=J^=k!o@ZYbl|MBYW;K#eW z>%sNAo4e8`zCG#n%5Z#h^+sa$=HmYu+}&JUUfq^{y+}-Y!_&?7It!$g!2hqGu5SJ{ z_}j(p)!_Q#?#D9dl6_|j)Y|e#A3xd@x%kGMghQQjcBZNn$1fl=2!Zo!Mu(6$*(X9o zKjd%nMd=;Yo#Ioy-zu4m^@aiV$+p37xUR}C*taK15^$k?`(}Kz0bfdv)}DMhr_J4m zUdd$b`_7a5TaS>fnU;Q?-!!>d3dF{|cMi@p&8z3#luT9%cC|(i9b$a#2!0%$fA1`5a_5I~dUp zq$nnY$R{1rL5oE<$g)vtx7*G^5*tsZQ2;7&wQ?o@w+gmI7uT;`bVm`7Bb8o)Kj0`L z;TX|asCtHal8Z54paqs|J?}$Q=-CWHjy!P`v2+i>B9Msz5L%zIY8G~ND0D`ph(ZP&a*g- zNubV;N7%c^W8kiHppQ5i{>~AfKoFpDK!@6cPQvjEx%jXkGf-X@>p2d6=KzH;)+ec+ zMGQvd5q$JO#0341=Pr5|26IG1^`%5fn#(94A-InF@^&Dtc5n{RC7n)bh!|-H4<_S|{9p2u&%#ayNJ^tPLL(9YcMe_t5IKkL5Z^n8u9(Wd zDI;U&@c(lT(9f6=8gumO7t)FsJ{J@Kk)hMvt@@fpCg}ou~dC^TY@4V ybhc1P8n$tfy;g&ulH5uZ<}|kPP%rpCchSD=%f9Tq{Qm&}0RR7{3)qeT3IYJliwk-H diff --git a/released/assets/rancher-kiali-server/rancher-kiali-server-1.23.001.tgz b/released/assets/rancher-kiali-server/rancher-kiali-server-1.23.001.tgz deleted file mode 100644 index 7a37d55030920929bde0eddcf07e24b2fea13f6d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9102 zcmV;9BXQgxiwFR~Fx_7O1MNNibKAC(@7L2`fn)NfNiL!#%d%U)$=tb4n&w`U_}NZ7 zZ#q2dmQL;i1X|3LgJ6X_3*4v+Ttj}C@Mq}M+j9t{6RhArcfo0dUn z`GCrVd7eY9i8T*$%R#ZLs}eY}AJM;`N%Hf?|8!>gp}Df=ZYym7Jq`~J3deuHKRis1 z|9YpxvEw@7 z>N)Z06|_o7$jB@V7s2t~-p$QTL`q(NLPN`O1Cw0NpdtKEj5?hVD)YJ2|&HJ+$F{G2wj$$0Zw&$&zVofhY^eo8)3;AEPZp~O*W0Cb zI_`7{A58dH;L#->4I%F%%oEJ?u6(HIFYR#Y)6U#-JfM&V1BF#7{Du`Fh7~al{%6YA z)TL9OEf;)(0cpe>;KK*MmcASJQ}v@$GEc-X^Y$ueSXH3AtWgH0mT$p2DJwan?p(}- zpmVJzt(ddDe&@cq-7ck5uKWkywQ#KvmQ5>dtgZj;_l5_9o&L9tlso={W4ERNR_K3& zqdp)1!Tzw<@AvumAN7Vi{cjryrOSI5b00J;(8BmMFgjOD*UiuAJc<+msY6Y;dSIa5 z5zL&c&>)}`&Im|G;2_hL2{r!BmSkpKQ&ccMdhCW+C~gV6BB3*<&} z$%peFK#g!+GN$mKZGrd%Aigu5g#>GZuqG&Hh|oA}%lis+9A^q*81eu!fIE@e{=J9pU10YB1{A?b6A}Qi zTs$?&n=8<`=9GDqcP}6_#F9bg#0n)&8p0t1AQQ&FKPMJBI~V9-!#C6gVM@)8&`*5C zX~Y!+gA-q_R}w6!?OZuFVRDE78gv;HGHf3dzuOhDY)}pYPITTu0MoglV*tv+5sQWv zHE#e7z%OVRf^riGSaW9%@MHR%0-7_&o)HV^4D!JS@_y3g8- zA6C(<8h{LFnD?S}AgVS@@0FHDdv&S-^IKv`utTX+T`3pUaJ9$B!|^Up~;^ zYgk+(*h$Hc9oS|$-Y8@rVXKdbI#Umbi6z7W6ne)oC!r5(biaqY1x{bzv9rUZzKhb| z^u9r46>C$h@|4YCV-Hl3OpWs%3qDQ7#tt{FVy9wurY;*>u2}sSoVBhZRts|!cam?o zz@oSCCoC7h#IgY_E?8iFykgF#h&LquZ}L9^;DUPx{e#0t{BJ0OY^Qth%>Y#1-e6zY z3_?LlpcFSGycB%zoK69fzmj81V$6;k@2o2H|ClpwpbeJmf1vpt9HsQX!SLv4r~hpu zb-Ue!xyf2AxVh`2Gk76sM&101>8jX0p;OA(k z{6WK`3=>uLha8L!C3K}`a9|+UU0@j>xK^m(&#l{wr9Y)Y2FNcTJnPzWTx5FcyI|_) zItb+Na;2ukk%YAFIAL-Vy;>_o;laKij zY=HLIBGk>>hMw6KYF*-++=z&rrO>MP#4oNKB>`L~e&%;x*ToaWLlzR~*otn0pzdN; zl%Wm#SpnCR+)mMyYu4$Nz7|JT$e^~{mF3n!D8+^qVyMKIa3D-RsAm8<2+n*qrpH>N zh|6ml>Ysp!RyZq}D)Jw-YY=h_P@7*YVcUBP<82UVeQ!oBH=O;J1kL-FGaL~;pX4{H zc1~urWrB8}>Yc049*iq*S}u`!R2L|ipsF4b^>-MPR5`fL8G zvzR%yD)KZYE+Ootisw+jyPgzDa{PQea)pD@yhWOr(s>O*iRSQy)=}PqC}U*C_S9Mk z#{maM_~h)3+&Tv4_pqljxWU?t%&o!^!`O)W)_Cbn5>q3O9b}cn=hd>%%ZI`^U0GOs;N^X6AxFO zk|zbl7HsmgD1#p_J=La4@?=VH84sXF2)t`^F_i8U4>Kr%`N0v)Y@%HQbdOo8I^!v^@EhksyOcN>lWO%?jz4IOvU0M(6TXajAqLjUU>_S5>` zu;1I?>3`cubqtP)>u8Y{sLTpEI$+wwxE22&g@Q0k9+N*fpc^Q{Zp@!veLFgT|NipD zS9_q&?n%eFU{AC22p2$gM=*B!`}5B|AONVp@ohg*FRvSWN(tP<^RQ#Jy2PzO-j8E` z0=vgOw7>dCN86{}%lKEU|99^%UtO5tZMaDrRqOu%GE@7%{&2Vcw~~Gm_YKf5ox6|! zXY7hDZ+sHwiLB@7ZJu*Mv2z*uo?r0!Lw?5PAuf@hM0ZzVivPmh;m4GE+U-%ti}{17 znYXZhG0B_wo&b6RtVqB>)9rMg;6;LCag*SM*7Q4Jrv2qPkpN$0po?sYpk7zQ`RNy} zP*kjc$<8)20ae}q9}Ls?zXmKJcc0SspGdyT+a?d+?>EQOw2hM&HS@>N|70Pa z<4yHbxbFIgi~4y~%7z@dhN5>1cfHIoUChds6+XhS#R@y+mgt;2B&zXp%X3~ueLQq1 zvPa5yv>F>kUjPstDLRBpmrjr`a-D1L1*DGLLVKa0N5`tV_glJY?g$(*o4Lp2@>Dnh z6*(hw@3#p1nhtn{u6Om@O?cmBsh4zzZ|3`cklQc){3rj?SzN8;=%}D--1O69={}D?)0ZGH&yC?IO8{T0IJac`bUSuwEcIuv;S@< zZE7khxiy&#v4Mpjk&^&}C`7?@$bmV09>wIrI40fh#0jthMw|1{sBsMwbHaro27QSv z#~6Fz+Oc>PnNCKF&BIr!uRP4p=U~=~w$L*x_$OWE(Kt6WiK+Sq8f0vy!O;>>bIoPN zTki5U%pyxrr6Fj|UJ(Q98+D8X`50sMgqZ&n<=x0_A~#av4a0I zR7dZa|M!l1`x*YfzvKT~NiFmLRMavok><@}O6BwB_a~5d>N*<*9O;%Y<*l%8U$TG? z=Wn=WLR;ZE^qImE4Byglh7q-JJKf>$`6hIR;S zU~p!`c>0v|NS9mr5a#16&>JS?_yw6bcBo|pG*p>+XCTqLEqiaH%$I5xVu%Q|8Z;SW zt%!YTC1aD5Z2d{dEVr?d4zJF zY4Xvm?4|zWzNhdmZIG(;zYVVaM5%)R1Gmq_{~Zi>?|*G2-KGAvEwxP{r^RAa*MAV& z-ZS!+1tA_hNi!V27!Wux$5+YM3%Ku$?=1KO5}5OmuH<6~$Z|2X%>o%HK3tKg_iRr) z?s#m^k=?Vo6Gjah`fD1%V$%<77_zUiY0%J5P@oH!$wx0H^a?{EYF8)lm5OB`-Xd67 zL4dDQge--q;}LWe;$H<>`RN-kob1F1`@lt^J=YFbL{E5&M&WoyNMGR968ZE)hGA9?`NGPhzCrjW7z`f79jSI7Hdr^Y=^)70bC0 zCbw(HrK%vty9r|0+~hrSCZmN91AAN8hPJ>;z$@ow033TaHwwyB20I<+zq*NRjk1=s zM+1QR@sk0C?PwLuMESB-4tDZ?8|nAoflXgK^JBgsa8csDiWhSv3rvh-!EHNOtn=!2fzKf!7v~|+ zBu5wfh7K=?D?x~+)ansTs~Z>LL4Wm|dg_Qw7mGX`?9#Kz;UEkt?MybUYs8KMg(d2cJ#w1hJe79>H~V!*HmV9j!3(d5@pn+|9?MwmbqBp@{58Vj zjJ=k(Ij!UaRH77DE2{|1i^kNAaqc48iOwc3kp98Fvr#iL{tJ}6k+J@i7SGrS?Y9C= zr6MDqs4SYnY>%T}qO;4cnc}AZqNJpz*_VWLPG1ay(${KtQ5Xh2ett*`37)+|tVQt$ zRLzgk>g0x_t+XN`jes;Z8lRSGDAvATs;C5-x=C z`g<%p?Q@=EL<>i=yK$3S&NRrpPG+iC$P(Aq9w#nD;)l4&KlLDc+V>Y4U-;wy{vJFw z^xP+p1DzW@18!hGGxSgYjh~E!R+)_FTG*awtXT`{>R&!v4T_ zj(Sv3HmfC-6wG!T*2d%n&oSOD=cIqwtoN|jB)HeC>TYIhn$yix8ItW^x3JW(S|M$Hfi$yT{^kR~Yo<GQls2vuMPOIZ04Me!a?|OK$wx~Lzl&w`f zSn0A`95c@A?q!r-GISedSCWr9Z0$FnBo2=`1Kk>G8bZJGW zfx#t&!NVrS)&rF2`WxBn%-NJ-Ifpih5{bDbR0;a2ps0qDR1^w4m7gZmm@CV1iGk00 zPn-$2*Gt3`FBUsF?|DDzcG1w3g8srZ&8H^$$q8rT=migGX!x9iitXe{;&YJLHs0nn z$t$Rg4`b6%K0fX9v9SQft1Fn6Ub;Ts9zys6qXb| zJl0x2li{JacyHYafrUHX#1WP_sDb5@uvXBO8w*Boy)nzgXW`sWTZP3eQZC}!d@^3T zh41U-tlMPF!Q97wb8JqaEj0l^mFJ9<0bQ*V>A&yWEWJxxN)_inu*ac6u;B%;D*un1 z`@cuMUHt#8Bu%tDX(Xebk}O**zXhCjIf;Xw06g@wRW2xRMBRt)fKnWSuC=SX+qtN# zNx?@v5U2#z^`?$@tIkmZ!rTeSXprL`>6!aIv&U5}aWA$zwrr4{lfaa4o+QGCPC*Y? zj!m1*_hO^;UZR~nCkUW#dxL}i;UoSxzTXPib`J($?;jj}bMW=kY8)kEsQ)4_6WXA} zt*Zj2nfhQg@{r)Is%f6Gv!@7>c(=N&UK&fN$lswfaz|=C478`K8=znmX;q)k9d8*h zibpcS7|l{|#y9P>r<2!zxir$iiJE1}$Hn;Z&|2@jWvf@;7}v(4jr-pi|80!Qxi`JD z_;3B*FysGmw2S|~owQl}w{OMNxYuWZ01f$yt%`h9(uZv`9}f3-{{LG^6{>HJ4~9^E({iKqDwiQ8N6w9|9MO@SXbB0?Kt3pq)Cb1sAb3DI zG;iSx==5&%o4k_kk+)G?<%tv6sAs;%{&B2E3ab%peI^+65*6a;<>an#DN}l%=#If5 z69lbS;#%Fpg8d>nls`pmW}zaMwTB5wcFCh;8@_d;zFJdIhNsE*ExUq#P|%u8P*skf z$c7HWI$yoh@I*AVa#cNAP_6&~>Oo*lX_KBw5D%?mKC>ymVMlPMuWcddgmIv2iV;k-w8wNwb|pJ zk|4L(=^9tj*OmX0-LAD4tdReM-Y|Xt`>=ns+y8APJy`iKFxZy#mk$?}%6_yKjYNYZ z;MyK+!MJs{S_6>KVNoui0&PX2=-4R0?TQpMffezZGc7N!G3Qatit4GEjhKSq*ryHXpgnj`0Vl#=a+673_MgN3bo|%DVQ**u*-CnV`d@mY zwWR|}jqfdjKNH|Jg)h<&_58FVh*u(x!x`?0M_fOtq5PdLeeQhdGHXI7#CEM9sK>l{ zYrH(K3!+zm8VOJ%o)zPk?NuST|lI6{b{1dO^^y@g?D3m+Vr z=9uuSj%}fWca3Y{a<6JuefclAdJ`vrD*4~f#{WIs`TuPvJwW--tG6ulg}?h7FQmR_ zxtiFo5Z)(eZ}g*p$dbjtu37( z+Uo!Bk8fiY0e+A(Xr<^72(TE9mw1&>ZhUPE*rXG#V(q>{nc&a`2qLx!JRDKet%in> zzTv3Y_f(4wr|_f!J5Vh5^zJFzw9vOAV&7}`^u6~6eXH2RZ{C?o0bQT}2Y3N-I%X`a z&-q2F;QzhhAjSXj8KB+!4_iqOkpJgQwAMNQ1#g3V3yqXY0F9%|Cb6qU0_rnVi0iL^ z>Rq$do!Eb1*=OuO!@+L-ZzDax_0K0-%l4mF2s2vOk5Z}~Z&4kPFBi%^r&67p1SBq9 zCH4y%$(Q^E)+pCy7$spM)yJk9NCFk9J6Z~MxjHg;fMC5s48Nz=f&|WQX`h{qP~#?a z9cUxeJ}iRJr`EioBaA@I7T1Pg`~oN zF8;_=W&arr(&s!xrGJc9WfIVx;? zAT4pwMd=c+>TGa6?lG_19!dahEwobmFy$z8Yp%XD-n@;pnfFsStZ8>adHQGb7D z|KCb_fc!siqTRjezr^Y<_;&#M<8_^V;U!n-u`rP}>sp1=4Xvdf3y-pfEefBqb=&-* z%!jbBO<7!eF&4F1*y!7KPEJ}qGO>V)MTYnjEw7H@{(?t9t?IsTyK996u?OF0NQb#~ z+X4yDY49O-{_gde`tpCunnnPslK)4Cy|n$ezkjro|Jz6pQ2tL@%Ui$KEN|EMnx$p^ zl#Lwkiq#PDr)M7scUY@qe3EW%BYUw_?rkmHK3uQ~k9A#q{#$Y-@ciO}ysc|OF71?0 z10Ekwang;s=tli|&Cu}?AI7ZH2N>^Zroz^7<|cD#eaF{_a&EkGqVCo06O05ft1u8I zeK8{UJ>g!TCi+!1Dt5*pw8VO{l@7e4w;_3b+H|?-!{Pxb?BaHoN`(s1$p0f`bC|5P z)qzU?k6t?d-_b7q!eED*81i@*Zbp=w^il)Au#%KER9Y5zgmp{)*JTI>;G`r z+xdTOB|Yr*e;1a&Lf5YbUSFR-A6Pg3)0#`4r)v41j{h_~81C%7yd>Gomw!O#T(e10T?nsf8=^TGPTgs=e5b2(!#~ z_)g19RSTiTqH32iuZ%9W4^HwZ-`rMuA07VJk}he&AHHUPKViihKJO2)(-?&mRx06r zXl3#XYD_3#@VPI6a~iOvZ_^;*z*3VAj`tyWz!Tz2+86y*QbYgG{yK)BD*dmwpNao{ zw7dVio%8_pzwAV7T@P&P{W;RyD=T!sotxs$P4TbdrdX^Bw&DssO4Z$_OLWt=#Z{qz zpvy=7aaL`MTGee=k2Z%?IDFw3c%yNb)=BHy|7_R6XA#?c|7HK^F#Gq+e2TA?HzR?nTTX*Q9KJ0S3r<+~K8i$X>awxrj)I8ywxB`O zIf*IjSdmm|+BpSpiybWN;cJc(q49_-9N zf8kVL|MS>{{@Nt`S9ScCekT6s(b4Yy_g2ya)c?dpYhC|)2VhMOS1N$=Ly-n3&`?Uy z%#An6=Ea-pE@KNA!f7o-R~b(HHFbnG z0%#@Xt@862eiAiXBRpyTdo2FC2yyBfa#dTXu`3cN!8_YaTK@m~&)cJW`flOCY_ zPfxVAG=a9>f1TRsi?V<{8ZZvq0_il>pYo_s4E_z}rsVZ${X?KZ9uHHPtPtF2ieZgq zyo?B=u>3TrR9r?_=EXW~icqr$Q@P-7jb1q;w+Wph?AE4J*%Zpd;9-c1UD~Bx`hwE` M13n$p?f@_W01kL6(*OVf diff --git a/released/assets/rancher-kiali-server/rancher-kiali-server-1.23.002.tgz b/released/assets/rancher-kiali-server/rancher-kiali-server-1.23.002.tgz deleted file mode 100644 index 24f52210c09cc5d9def3945790a858a2572cec5b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9104 zcmV;BBX8UviwFR~Fx_7O1MNNibKAC(@7L2`fn)NfPA;M)>%*?hF{A{P4 zH=Uk_qF{+NMJgm^TmAUoZxWdt2>W+9WdC-K`uty!NVj)9JU%))?hlShr#l?<2Y(}jhVjTuOFu9? zKxN`Ojzx`$G50geL9y%W0yv@{;lH0r^0LPNY-V_YzB1-^BW(aZhW&o-_#br#!}$0g zb^6D{zmZNOt(T;~`1l)+;|4}xxsHF*BE&QT!*-`S{2SO*x7{~-8l_rbm;>u1&Zh; zf^m#F^%sUoPY8$IwtS#v+h6$sooCnas7(!@wy|zD$y&z3`jL7*49W?)J%XQ$=x0|y z>gk;p(8KhsMZiA(6Dt$TCx%1Z1$Bt;E|)H$Zqs+%f(%#+Gdb zs~5zh*U%~PcC?8zw*gjB$M8nxkv-q<`k+f$4L7_)-?Zr%QCT#vXE!o z>Ac_)`T$u0b%JCar1RW>G4Kvy0HMnw)5oc99$ND$|1g5FaYtBk21{RGIMdb*UER4b zr%qaJ!Uhxm<#@D-Lj%aWfq8>y`>o}J=&TZmID-WV4$!nh2O9u_^=|T{{Ku} zcWTqA=Pnm)f&ppx9ALu-zm}dI^;7nvRWMKZFthebXjoRDy{u3Mrj}>GIw>kSqxPK7 z1iy7FCoP||ouk%cbGv;?rcC({ylY__0W6zF+E`ovJL(Mjy}kaojg&e5oMShp0G8-~ zz2hz$|9-bS=naQG9RK6)UjN%lLh14W#@qu93$!pc4Ybzv(zdg6T2Dd+KyGt@NZYe4lH;#Kp3>3G-y(WP*r{r#C1Y`xWj9j?O zfRc|FKY$ux+hk1PKhps52|zq+ItvKa24PK5&JeC~n1=He=s4CC#4zLmW&ni%NN?#d z_y-oKCGOIm02GG;!hpt|VR5|(fpPtbHx7Bw?1V0CcZIr*!~6FEx_61)0~k;QCrv;A z#B%XWCvUGox4~pOYiWnv+2RmYz>-O(`sb%T)` z4lQcl02+W_(jWlk#^b0g3pc%b3mUe)X?+%Mb zif^clwpuv*a4Ulo(wdx*-~SXp*z6R)p@VV z^<0|`D{oc~KngU>d)_(_RT-uaQcELZ0$5|4MxkBFY$FpE(w8AQ&thzW`SOy^rccT71GGM8R4_x^lMcXr8o!*=F61FWT1Y8AYP4`|%ful(weO6Tuf=nHYI-z4*a$c< zrqSjJTb{!1&mU380P0M{BH(?5nl|j3Tu;s&u~J5|5~C370PGJzVg!aL$q5l{sKr;$ zg1u$18kx2MwYfg8X}q`40|N?n*)OTji#f_VAj=E>OXNl_qam3StQN9`z_oEU@Is6b z(3vqT$kCjQrq3oC8O4cS><(WH&jXh9BFg3<|4EQwV8#~;z@|}v_n%eHzu=(o0WUO@+vRas< zxRZR#1QxxAKVi85CWZ-Malr!XV-+(tMXVwIf1Ul|0~b8(cl*O9>~AQ8Y^UA-rUxo- zr+36{1_37}P>LB6UU9y6L8k!8TZyqH5oRZ~cUC3(f5aI#&<2b3Kh*q=6Z&6o*zN4~ zzip&;yB#w(8H)uocimVHEVozT@V7!%7n&`8|6MY0!JWkP(WUmN5uN<`rzkJvI8@Rv zxCKmqFF*5AjQa>-@%!)X9N@eZg8qX56G2Wy`Un6uqLUa?#kPLrTNz~@%Y5Ew$m=;j zM?2*Y3LZt6$f`eNU^EoarJBKjfn2wNWqf2>p@cs-?k|_#lyVs$zI=3yTf?%E>B;Y$ zsb8odkiUzSnh-|<(z@e>$&U4Y-I4e@0+g^UE6}dPVG)oLY(9d4!c!Vyk$?K8XE50& zt;Jb|xKL0AKhX;21InM4sHZATA#TtiTA_I+2aDTxfVgqcPOM|0ol@*lV7^Y>7gEc~ zq?R&?6PiY{8-e?8;MP?tW)58nVY#;0-(1TOTIl;4Q>>s{X;mqzCNs}4FKo9Wl+<{q zh9n=Wv{D(>VtMC~bt%+M1scfKDP0#}J6g4R3AV8hxN(r?X9wxy_S$y*e@Lurwsjd=5ML zh!4RA=+IpRs(D*eGuvFPi+vLt5uUT;TJ<6S#gwBsfZN#5?9QvYc#L?+LVOil-fa-n zZOjTYlwm*5;d+AGNt!avI=Rx<;>Z#i)OOpV+&Ty)*sw$lmG}Y_+9zNe{P7(C#y}lbC!H53Nqf_g7cvmnrB;8I`P&t`H|9?tWp@Z`iM>ZLENAxen~n z$v`Qvpuj>WVOFmb=GoRQ-4DT|4gqy;)2!k2?CR~0uSf4s-@U#(KRtV`Kw_r1??6R~ zkIl73?a2kbj(-*3&)L99eNqn<_^|A)YcJ>Y9jXBN>Rrm%n8imzuIjrsRd9jbImZI} ztN*I9m^rq}^Asj7ARH!&XHdVro)n35{A@fjg@abVMH-vZSq(vn`tZ5dQQQJAqov07 z%vf;80SiX>^!%;ZI{Nzeu&2_P!CDW^t=thq+lczccc?H?xZ$$ z2&!@9*eE11gio7b$zfJTbq%YHa`Y7ySI@&*Rd7|IWZKHsz$kXO7*)W}moYPR8B%dT zWoYTTo_{=4a{l8%_c!(fD)ay89rY6DKS#a6-v4JSDS7_mjSW*r7Yf(2eq-}qzxmqd zQb`;No$*u03sfIBIThOQyvJMG-1QaEf5V(=Psq=j#=Qs>#l0;g;M`dF>?bUXg=@jS zwI!u1cZ}daVQKNdfH_5f9NO-b{Sc=|NEqR&0sMiN6Z#VVK*OGBe9Cl=HnBnZ;^2fY ze4E^{zY-n517?Tm2igmw;c;A6mm+51t7!RD{6QFM*gQd# zpABS^WjRHP8qI8Kj2|-x&~u$%-7)W)_@i!@lo_GRb9p}Up>ucqJ1z#)Tlt{J^Vn*M zeE}75iDwV$SH-d8XYIN6OB{PpDfw9*j;c+?pEZU_#d2<-QQv^}v*;;iDqaO(Mt3VY zX`8``QKvE{SelQ^gCK(|DW+x@FRM&U)@@VVzbI{1l*?!>Nzv41AqyNURSqoU(o7b# ztP3{Nb zZc_gnbi2L1{JZe~L*Y2*A1Zbp?gA+92u4nSfBtz01OW9ny6wm7Wp(3FDuIW19(E#E7rzzA z`f?|Ng_(>q|Yj4>oC|Z2k8kGqL~c4)^PSE9obG-vIs6 znfv&EMy}}M#wT$dp7jE~%`+}2wyr|o^Gh~=$j`Vu_$Bhw@a`&1@n4ub{FqWlxjkw* z5r5z{vliAbI(Zx26F^UZ74corbX%1@ zKl`E;ijws&*x6<#ptAe_y+QK+SFbbZ@7Mn}Qqukt%6DPP z7h*ZiR6T`juYb6xo<}8Y$f0W}dbcpw%M{bataMrKBMe)tpjB*%&bUJ&8!xszXH`_k zLxm!GBz;HAu|f1X0N#9;9uAWB-@)Gg zyPdSDsiff6WIV(M7JfobeGH-y2Gb#ZeefcT$%AoB+U<$uV+D*h=b%yJ7AEF|2}2C} z5?YQi_QI`YuqZOElop$XuTWoEn4izVtQBsdXNLbzy2_$)W@r*!_6;=1$V`Ky#i3@J z%ksC}#ck+$mY`BY(3-s>8rIjU7zwg5#_BOUL1ZQftvi7numD5$I0g@|=~3#K-fF?E zYB2v$^`oyRQ+gE@lh<4?=*03sn?PvpiLlYB22}>$@Ib;AUfC4%TX$|I%pS_m?32b4 z{_mnX`oR3ZbKE&f@&DeQ|8FHV%>NTn%dkX}H}ff#&6_`*Lf)BeZ4_{%UBHyL!n!@d z0zO{6WtItLg=f%b3QI6}M}rwg)WYp_iv@8zbyk&ts1MXgk_{^iZT zja0z0^*`u$ljlF(9+E18D_&;#_RQ%uG@OaPvw~-!Ff7_PYCXrKOG0N*d z2<`AWdFT289y|#%9KIOfTQJ90@z)EO?~G?H*aH%nb3<3+F$83}7}{om3=|)(h}C<3 zs2q1ZHRs6g-MJNn4QlFZ8o*+c4{T_nuaRj`Q%_K!3s><+FDCRFLm?_xC-9YurO)3Y zSQx&KuTunW0#VB$=qSX#a4y~2 zkfc-UV0aBW;dsx*8y_g62zSvn4f_ST_S|_$%X~bEmUuTp%XR-vmW$#LrF+lbGtp!$ z=UkY~t{s&sgBa~5h-NaA_sE)z79I@jeQq1d0xJM7otpu0#xg1l^p@ERJJUA-f zfU&26xZ?`jJ{^c>jb6RK#Im@pLYISQdh6{q5s!XyAR?0^I!!R1$~u9Y{i-7yRt2Hp1lL6SJE(R~MXdI!gPu43 z3Sn`^-iq6tM*IOPUW%!eWdvqLBkD#tw-N1FXX6)0|6tzPs2OSh1xnsXTYpOPXKc9k zTY{!kkr7W+7IlAi$WSlP*+tiMe$#(ZP*TzC3qm?4F9t#BTe-W)4TBy%Kcs{NPhTNc zqWA-<`c1exnc-+Ft;`L_n9@mmyozsWvKa(%q$*1+omYn5>X1~|m zg)mxwPerFa#&fiA;V5=DW^&7z2C3J{bomNd?AqGX*o8>^5H|!SeRYC80}TXK zjKs==&nzTwHE3aX^PtHftf3Sn8kMUvQ!@~SN+tKJkh!2}me{c^9pQUGv86+!Od0RU z-3ex>M>%EFT2ev5bhlw`Oiu9}!;$cM&a~8|MkWpOA;%(mVBj#YeceRuFn@F!9T#CB!X^ID!;`i}RT-sp zt^C1Cmfhl*F<$pDW5%D(jLgo_X1?H6-f~?pVUEpUV2LsrgijYplRMjFUA_CUx2?lV zD=G~%CLuHyHYu_mphQ>S$X;j8CJf6Nw2767%`L7<&`&u<6_kXckmITRET+a>8EtIXnDL_*JfNY$3kE8(lgEkAKw{f? zn^z~Vp)x*-q%O{<8S(3KP$&kAcp!c@-nUs z3f$TA`HgX9ESk9gjq%^csGK{~ z2aEsK?F>@>AIJOn@7qb6#ee&jPmM=?1_;m)uh`1SM+LoT$!H8}5WAvSl^CXOgjPoR zNcY;8n8HAJaW=F;UtT3f=> z{of!N|9?2>?fw6^l1fzH3?B@x`X=Q@;Z-h8NREsfT^XVyKG9+lqK15s8mR}2(L(Tm za-iSC7trbL@Hcra+9U76xXKgDH&M_0fc;}wjU-kh*!oN`=p`z|;mgTw?ouZ8KHeRT zK_&=Vt;Dptg#r6TG88{~Y-X+^7PW^7Np{7eWNV&rC%+m~P==@R_buC;eo)YuOi)#h zp2&s{!a85QSMWqMm2zc0T2Q6{0P4PPOlh5-2@t#1G0!zAyJ1Ig+DOn#n7~jDwpA`{ zr|R@JgnI>GM+rbm=Vz85xKq!VKN<KE zKgB_AvC|cwqVRUTdn~J=&&dkP=PigQB-Us;ATY%n!xgS&AE~n)tIv=W_fkqg}EhE`UHFM zfUvDB!L!{2soX_vGBL_O=Xyjf@#u6lV7lJ2%O~p0 zU7v~>0Ma^J6-@5v*munv8q`GO&Oh526)yCB;1`=od=)QN^-=+uw*)I-=24RZtv1xa zQrKN2z-D9kc}23>r#h*+{x`Qw&xP#^9)PvGdbhd`SZ4nj9wpFQbmk96E^SA0zz+~w$Ye0SD4fm`E$|)xSBMG)S+YR&8%rh8V$jt0Mf46k_p86qr zK6OXe0{+8NK(>-cgzpmhs(r@1F{ZiHJCCw+=x12=(o2bp?olM( zy@lX&PiyY~=XevTJN`M;I4gYrLjqBW%x zgj@ap{qbF-BES!F4z1)J0s$7I@e;2RijA*n0GqUeRixdQC=(1i2SNB2frTTgyVXz- zQa2nW`<`;KVdb7QUC6_{}?0Dxj;AM0u$F;s-^Xh_(_>d4#zf^~8+{GJ*M;#w}Oa2JO4Hq!Mj>`SR4R_UEI!6DN!M6`F{lN z942dJb)eM$qmzvPcf61Pu%)zv@;^1v8sGe9dVgH8w#s}zI7VNNrLnI6SA+52I)iR< z{SOD-z5mx%(r&N+hp_zRx_;I0`uhC&z`F6D)?E55mCOHR{HH;GxVQgrCGFt)4<}mV zOFtR>Y28)d{W8|PnyRmV45p0lR#)}Tuid;2UU60y7GUGYad}MS^vFm zFD3tn{lR|yZzJvC`i~~sgDU_c`XgTYC<*+G=!`;>f64K{NAzTB;L5zxG+Lg#FqD$q2lPt>Dx0OCdhyS&tOB(Zsuh`#DSh0f7`!04GqmaT% zC9DsPOny#{2?Y#3_a$&aeRt`Z)Q>r^RHTFDeDrsCLVQX4qQ6S2>HpbX#}HJe|8Z{jWRR+yA$c zc2NIQC)&0wfM=|=ViO>{HO|pm^ZgeAz4`ZF1U6sB`!6At8h`&KBvYgBzdRCsHh#w? zdkSYO7*#N-{f>)3WTSUn1S*Zb<0A0d@Ew;JW(~gMqGGrCJ1%RS|F7rttE6)KPxAeb zL8rTy|655rDE}YG>Gw*4&GYw-iF}R(2vZ;X=Z{R-iJ|Qw6dR>azVV7gRIIWCENycg z#(2t^vjkSBea_$It0U_o5K_RS_*!{A63Dv6G|0u_+g!0=1y%2(2$ZI_J2vc*AM)M? zG>9rEF-0BAlPYyPC*f_egSkC?!%!j=AJVHNBI8|Q^)?ToUVnt}88@2->vzEC6}Q)e zz4_-aoT}@8jys{h)(QVr9{;7AjQ=6tD^dpw3p5Q3meagkXWI0S+idA{7rS+br&#%(@KV}BAnQ3 z>IiKF&+~{Fm*d z9hCpciPn@R(A4{{Qxknr7O+PH#$g&Dou=wj9wmywzoFceyg93W2-M5sVG@%Sf*VaS ztg(of5n>b+p9U3*%Mi<~Sf_Ons`p?j6Woo_D`Vs~p;L(6+H@+KLRlE>hPc?LecGol ODE&WRC||PxFaZE1-WW0f diff --git a/released/assets/rancher-kiali-server/rancher-kiali-server-1.24.001.tgz b/released/assets/rancher-kiali-server/rancher-kiali-server-1.24.001.tgz deleted file mode 100644 index 6a90ae674fb88ed4094f0d8d4ff1cebcd3be1169..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9102 zcmV;9BXQgxiwFR~Fx_7O1MNNibKAC(@7L2`fn)NfPA;M)>%*?hF{A{P4 zH=Uk_qF{+NMJgm^TmAUoZxWdt2>W+9WdC-K`uty!NVj)9JU%))?hlShr#l?<2Y(}jhVjTuOFu9? zKxN`Ojzx`$G50geL9y%W0yv@{;lH0r^0LPNY-V_YzB1-^BW(aZhW&o-_#br#!}$0g zb^6D{zmZNOt(T;~`1l)+;|4}xxsHF*BE&QT!*-`S{2SO*x7{~-8l_rbm;>u1&Zh; zf^m#F^%sUoPY8$IwtS#v+h6$sooCnas7(!@wy|zD$y&z3`jL7*49W?)J%XQ$=x0|y z>g$~r(8KhsMZiA(6Dt$TCx%1Z1$Bt;E|)H$Zqs+%f(%#+Gdb zs~5zh*U%~PcC?8zw*gjB$M8nxkv-q<`k+f$4L7_)-?Zr%QCT#vXE!o z>Ac_)`T$u0b%JCar1RW>G4Kvy0HMnw)5oc99$ND$|1g5FaYtBk21{RGIMdb*UER4b zr%qaJ!Uhxm<#@D-Lj%aWfq8>y`>o}J=&TZmID-WV4$!nh2O9u_^=|T{{Ku} zcWTqA=Pnm)f&ppx9ALu-zm}dI^;7nvRWMKZFthebXjoRDy{u3Mrj}>GIw>kSqxPK7 z1iy7FCoP||oo?%~x!pb`Q>Od}-nFoe0G3T7ZLF>T9d!o%-d_LPM#>z2&aoR)088}0 z-f@?WfB&d++#MeEaQu(EM|=Hm8wsV$2N-h?G%V1<*fh{u*Gt>Z&S^af6#$__O_+M1 zq2A%otm{A{pcKvsNJiiw)0GZ2{_QTw%($hfVB9$F9WhYc68D+})|`^NnGui`$TD)_ zE(1zFUi<)Rgl&^Ch5t+g#3umptm!NuSQ~^jK{-RX#$g)HSD@oqQxL290Y@U5B#n`DBJzx{x_B0)dl)aNq)viOasfAO<`zweo2D>lpCMJnp<;#AJOLw(41N3j2J*?kPjx12b4N2aOOHd|98d$NBg}S z2y9%(Ucq0kPo)wFLkZnnu}a?~Mb3oM$VVG`23>#BYB9}gq^Q@LMu2AY+F05FPQE)V z8Y#Y^GTLh4?8B`LPDpEVLVo{K{9v3KA)kyF@`GW z`XC|$HWMg)LB>m&eJRxJQ`2-|`oXk^(V*Vk@=+D?MGZoM`YRZJ*m1BHzk?|@hph)e zh1PRzHmtl^IRGipFzyCO&ZGe-v%ccy)Sj+Dq8BoRFWt`sx?< z$#SAk&)GMRE?gh?VyjT)70Tz0P?D{=F{PsgFsRYOwJj5e@YKFDR=yU`^{MI60AVBG zz?epxCv15NyFY(K9RsK{5sQHL5o+47YjQm~cf?8=$x4hutOKw=1c?zCq9i9ow4oMX zJqz}h!D?jM2Gr*Iyr%KqLJtfm*k!+@J}>4d>wqjT_%D$gxr~NnPOw_Y76RAC*}w}i zLO^H6upmcsHkw*bid}D{3R=!iwTT|N|8#Z74myETpLRJfN z6nBzunZTm=@Fy%6z{D^CEG}4JeXL@}rieAf|F5$@eBgqI{ceBwg#8U=knObl-}FG` z?evbg%^={U1WGYO!Yj`AF6a~>c`GrtB*N^Z_RgwA|BpE12HIe;{)d|1aYFy=4Lkk4 z{O!-{@4rh1F1VAJKDyK%HKLP0{}kng9EVE! z1-F3d@8xG+ig6zyEPnsJodcYgLePH@U?RwgNFM>9MsyNms@T?#d@G~OW0}tz4S7B1 z=V+(=LBXR46Iu0#42*^Xx>Pe5Fp%puu#AsPE0pl(#{K2en^Gp^^b983 zq_sG!5Elx{;3rzad_eir67^K2DZ~vrL@PAU!EXgQ{##M@u z*h`H(p;Yh@%4L~CD~BQ{*=0b%hRkS9goHU4T6%W1lsXS1CAWD}uU98#9hQc~na^P- zAMqjB03EuEKs9e`YG#|Ob+K<^Bf@i*T&q6hznF3q2XGtvncaC+7mpDSS%|M<%exJN zx{X<3hBEBuIb2V0J4sWfStnQeS{zv-gW7Ielv@X(1RIu!p%P!ffiQWXo&jXvKlj`* zJy9A(T;9+?{RBibf?2^-5&y_t1D9if+Wc|}+unN^Z;e3fhcjx}!R)sATmL=ci|{6-dnV_8q7w z@v*tKs6Dx$*YU67`#BppsZZ*m0w0#Wb?xPxzC#rtU%g8i8?*RG$W?vUrV1{wJLgzH zfAwEg7Bk0Id7i?=1%$&y@eJy>*OMY~j-QQ3rf|^ew@71CI;$ZlQ6E0nI*ME1Wwg}T zo*4`7IAFmDpPs)JTSs629`;lkGg#}Pxs^L&Xd6-A7%!bkY-(iDLzL2r20mZK3vF+4 zc@rM6s}S;)>j+AuR(Fe~8ed28-Daf)RJ?plX^>Y}ckz0&Kr8gs;%&n0bE)Mg*?KG^ z)v;z4SwTP6(*ZYHfqW^bC^WSgBDtvB-tj;9ZMz3w~onEq~q(l=W zfvx2xlGk1EEojKxO_vy`x^@{O71Q*!%x%B_+>)ys=^G=tALo)^BXy>o;Hf zTq=n}p)-E!c!BEUCZ|Fhp7(f5o4dXO`fr$1?Fso=)3_IbqPVw(1e_ZSpZ$bov2ZQe zx3;8o<&F{jCoC=g7ci&jk3-v?vLE8~2ni!xHGn_xazbCiA86PUjZc}*(Iz%1UmTq9 zg>REP_E(|QclEd=)L9ir?tyOo8I!!v^@Ehre$ccx@Lu+V*CHh}y z*iGtxgKp<|um5c$RWUfmuA_xopfoFF=zvKR<5v8CBnsRtc|!hRfbO7(d#C^O`rFaP zhYwdTzd8hU_E0#^`G<;~hr0mEJA#qZ-=BXT0s%n%jc)t#dRg5#luFt)x~cG zvVNSf6WBxMq5aiATFO4{QO3Vy{lEWk_4-l|?t@L*C|m!1$V}}2x`X}t-%9$4-#0+N zbml((pOGuNxbaC`hiAP&Z}W@`imj{A_xzI0AM!IU4}OXKG`zbCQ~Vd^4nL;UQErb~ zPQ)L0&8&s>i%#A~_XN-rU`2cvG~HI~051}p@S6lLm8RcwGwm-ghyeI91)XOL1l76< z&dQN4uE$g?+`9oI!3R}Z^@>aBXHoFu6;tT z&bSj$o-;D@ehaa$=zy2&dRM*OnD$oa){jW4 zTYIBGeyVW()5cq1Fy^&&fU@(SPFnsC`}_DmTS<>~{v#&U=HmZzJqFs1!=Eqa$mcUS z=&4Nn1`l$owb{@?O~npA#6isd_@&w7ml({w{`BRhQvDBS{DuxdCHi0YcsNMfe+PT} z?{?CrrjmkNlkpH6SojG!^)ZM-7)*!s^}&lUCJ)9jX}2eqj}lzCwLvVSYXbvsSo;o*Di>=_-rHnW0H^**DN2BQp(-7KfT? zF3aC?7q_A3S%OLpL2LGkXjosXVkF4M7^}zZ1d*8_wC)6Qzyb`};}|@=rbnq`daDJu zs=@q2)sMcOOzBlrOkQ)npcBgjZ33aWC&EUj8dMp0!vhIhcx6-2Z{4|>FncIJvrigJ z_`i$l=mYcr&T;1`#s81?{C_K{Vg8?pT81T(yqQm_Y~K9g6!Ok&YomZ8?EtEjd z+eig0TmOT8H+lZk9S-*Ee;a92{V$h)6#0kNxOe(kt|a+xAeMth;}FL%C|N>Nd+Y%& zNhRxF7+c|Xvp@gcN_rv~z%(ESHg({Cu6wgw5UuDSSR?2LUsN z(E4I*DmB=XBV%07J!>Ylm@zybH)j!S(F8W&U=SP#2+8iYxM6`45=(a zIm^`9XqNU;{qfjSc%L>%W%}O+*M7oO!vBHWr{e$ihP^%i-$r^!{cT%nn?z2D#VD`; zAhg5ho{u)SM%`cjs0RHmIquX#k5&KCq#QzDA}&O+7(@E?mVQy_nEz427s%oxoQrmOg)r zU}5+^zD^Oi2}CW2pra7`%E`)3-&o;zCq~!@CJN2Da=5~K!dldF$1_Cw60eqsryo*8 zLy}IZgW)ykgyTIIZ+xJPBHTsSH0&4T+H>b2E%WgtTH@UZE!X`wSuTo0lgpiD)ulX3pbn@HCv zYDsxC0H_~58IaqKQbCWEFKR`s0xb$cnFBo?tTF~w97p0T{G2RPCGvj+EN20-K@S!W zb^oW^>l~%ze`nC$%l~bp-+u=-eQV86*n+@CiT5gA&XFuIF-|zQZDFz2>-z;hhlE_5 zg+LP=o$ni3tRSugE}9anhcm5qRD=cnRd4FaBQjMivT(3V$0WmEA~I}SOB{o76wg@L z0AhqKAj4ddPfI}M+QRog77K>F-uj7h*sOejEnr7{`Qj9N(TV(XIi{XN10iX7a8$kl zV^0Hd#}&4HIuOqqy?TF%WpP`DE(g!_*4t|$9{uD%M2KXum=*l_K) z1Wli+DIp~SXrvIX#q@vjugmg|`41&_Pa(9s%20eOyNC^p^zCx@- z@ds4(n{ah9!_ih+nH!EVrIYq}72ndx*SWHWP)2vFHi$_Qwlnc4*@-D*m9EPyKTg)B zEED~YK4)_i%H5(Uau-9q^F=}z0dl~*!>)AeS3-wiV4o3xCSSOdPwSN}Im-{tey_O; zVYL39icWis=V;-=QS5HaQg@)fe!wY8_Q3z7ICYVuDt$e!~3rNS5f_`kpV zPc=37;Hj^2gXh2v^yixT>A&%l7Sk%@@mzD;dlt2$+@`3V)!xHW8?C}9v<^@QyP#8g{|+xVu+_z%#cI8cR8VITw ziIoSRSxDY$(8BKKL6bpPLn%l!DpzNwW*`ccO72%7b3xH8v1400!uNn;ONU08GTxE9 z6U}N)q=JI!Zo}G`oZ>mg`{kT;hxK|7drg9S&9d&Mwx$`~Oq3z%{v}JKo?^)C z=%)AV5rzPsUW7c8KhILOZYt0-v|XUBgKc*3IeT2(puanARPGvsp4@!x|AW5*3O_=Z z^-{5wVNX$pBjNR&X{kw#Od94xjz#pqz+qtfx{2Ch{^&G1F2X>BOZ=gSCvA(WGD_)M z`Gb`#yTvhMyzXJfj6a zupH~AJ3ow!(uc8j4lUn@z8&`Z-Qg4VH@@Er*tYw58V((TL)k|Ut71=wKTINWthk^2Rbqy4>Jgw^Ux#KMY zMzKgn7^7L}&G@FB@^te0FPDZIIFYj~{)3()l1dy|3gM_-=?>)D#pvTwuGho zzdOqMrEy`^T^vNvuY&^_gJMOH_!%my_GvrA+F5ygM3$ zOc1nMiD`8U1NMt#D1P$T%v?n*Y7Y~V?21Ln);!}*el@0`3{T_lTedm&n!Q1r=Br?G!l$gcyNVJZ6tcnGHUdl)w@vO?O=EBJSzyO(`1i- zii6x@rz>1VUswJMcDvSIutfg%I)mi>?_u|NzyI4x+FAL}G1!*$7Y`Q|%6_yKjd+72 z;Mxvs!I*WnTmul$VNoui0&PU1sMtur&59H>f#va(XS)efxr^FlVvx@e@F;Kt!_HJXq6UlUW4aTX%ZokF^@v*H(dlZybiHMlPt=*a zJ{2sENp(f3`6yTew0Bd*kZgm~7%>FYxO2&U34!V2$&sNe7>VL_J z)|3t?G`@ET{+xqX6uwYHRP&RHAYO?$31+w_9x?r-g7SB^^qBLZ?HUt0A*OBkel_OJ zT4Uu|T@bw-)QE!`v8)J>b;RFCrvY@B3N>0fo1=5ZNJ?UL1uFeqRFdORqrtgxU$0T9 zxKYCsgW{#mT5a>X^_s`aq-c$pkQp@=6|{SMyLIyQw0-Zid(%cH7U)#X3u>UEp|%H)4H9shT@_y5~Y+Cllxsy8h3xxf2cC!n5V z*oxRM5#FcgZ`GrK$W;1j{D-B0Y$cBf-zD-@`;2*GOmnGs9%bjy&#>&Jml7AMN-R3|9&|2rNG2~(=e=BJR<$vx(Yf2{w zxBCD4TFE;E0xU-3C0->I8(-4^HfaT`NV_jlCKz-Mg77T@3rAFUtDzvI zZa7NzJ>_D<$~|eo4&=){wR@5_4fHLK*pJ#hb??1F-%9rIn|G#EKv(DgK3+haj$JpX z&iQ#N;s2dMFTwxu8KC|94_iq)$p14YTH~DmlC?p;g+>Y`fWpy5li1Zf0reRw#MRe7 zb#C3&gV=uto#gv3{o$~)U;o=kJGlPYL~Gdo^BQ4>>-tGTwPP*H1M=lUy62Rta}%FL zrOU*AP9xcpKgSwn+b%{)m36Kk%qAujvTG5i|LAgj^ zx?E%eeC6Ib4NwbTkH-M-qe%#_KEV{6@Fr>viiPMfe;5TP@6#GI`|Lz~VX7|wKP?UK zX1$9)B9+;HdcEZN&)}%L_y65W+Clj*CR)Q9z`r=uERT1-ETwx}1Gf(s?u5m<&OiSxxDt4Ac}d z=O%qVB9A@c-kinyRW>SS$|1DCda{)cyr=g8d2?2Gxv0b904VI@c9u$s3Q^1dBXH+1 zSu3jprT!nCWc2}xuKMnmvF6oOef?uFWqh}~s@Hdv%GUpJKPmqQgWhnz{P>#k^`)BCm)pl@Cs`C|}=J`WPMl*OD%2%pbmDe?MWx3O?_<*lCPH3M-Yc zJ~T4s4wm!L-{A@ICGCs;DygRbXLlV#P?`SMIZDO< zKHlH|-A>v;{VzSy8rK8sdVh`-_sS9-aPOwLcT@bUxGCnVf{nOBj}mpa=@MPHZGKhA zC+PA~eVk?6yjFSJ<)h6YR`fr*+c0_CM3M@L9wr-+wte9;V-a8SL%^R%klh;RXs!AFi-6wz`!52UFXR1}kV=ie{}Pg^(f3~-i9Q>@K1n z?B)M9(hkc12Xgwol3?@vePbe@BLTwH$Nu>v6Lw-~dkDow>634~A`um<>;OyKT!%59 za^@_7)oGveclqkbx(I|6@F>1kUXKK_ZZQpVarib@ELcI+`zQjXsqKypd*p|_w*d{J z%1KO7$MU2~-OfpPTkK$N58p792*ro=Dv8K=S6IExL#WpuA$-Qoros9h@Oj1U^GXkFH<*F1ky-FDpt4B@nrp{ocd_L@3E z8v(Qe^H%YB3_FRMtr4Cy`@I%{6Awv>r(euTO9ZLk_-xLXhlyFzy5yuWj1*V3gPBT5 zPXC%Yf8L~fr?-Y>BMW-4J{q!x?R0cE)UKNEzuxO>gaR*-|J~tnGXBf(cpv{|J81{y ze{!NVr3p0k{_E64Uz7#x(SUK721uu=`jkhBV(@P$HzjY*sviRNvUr%pWQE{HQw(b? z;$?&w1;wX9h2k>AGAq_;U4-gAn92lqWAw@xxlQO4Vz)M(il$H&2D>3H_GzE?=?hB# M4=aE{*Z?pA0Ekc*xBvhE diff --git a/released/assets/rancher-kiali-server/rancher-kiali-server-1.24.002.tgz b/released/assets/rancher-kiali-server/rancher-kiali-server-1.24.002.tgz deleted file mode 100644 index fe9faa0d9a64712c44160b9509980da03e9ac2db..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9099 zcmV;6BXry!iwFR~Fx_7O1MNNibKAC(@7L2`fn)NfPA;M)>%*?hF{A{P4 zH=Uk_qF{+NMJgm^TmAUoZxWdt2>W+9WdC-K`uty!NVj)9JU%))?hlShr#l?<2Y(}jhVjTuOFu9? zKxN`Ojzx`$G50geL9y%W0yv@{;lH0r^0LPNY-V_YzB1-^BW(aZhW&o-_#br#!}$0g zb^6D{zmZNOt(T;~`1l)+;|4}xxsHF*BE&QT!*-`S{2SO*x7{~-8l_rbm;>u1&Zh; zf^m#F^%sUoPY8$IwtS#v+h6$sooCnas7(!@wy|zD$y&z3`jL7*49W?)J%XQ$=x0|y z>g$~r(8KhsMZiA(6Dt$TCx%1Z1$Bt;E|)H$Zqs+%f(%#+Gdb zs~5zh*U%~PcC?8zw*gjB$M8nxkv-q<`k+f$4L7_)-?Zr%QCT#vXE!o z>Ac_)`T$u0b%JCar1RW>G4Kvy0HMnw)5oc99$ND$|1g5FaYtBk21{RGIMdb*UER4b zr%qaJ!Uhxm<#@D-Lj%aWfq8>y`>o}J=&TZmID-WV4$!nh2O9u_^=|T{{Ku} zcWTqA=Pnm)f&ppx9ALu-zm}dI^;7nvRWMKZFthebXjoRDy{u3Mrj}>GIw>kSqxPK7 z1iy7FCoP||ouk%cbGv;?rcC({ylY__0W6zF+E`ovJL(Mjy}kaojg&e5oMShp0G8-~ zz2hz$|3Pnf)B)We#~(iJ^}lT-lrA4&%stSsKnr8jKxVbxO zhd;Bf1C4-EI3pk#frCs}I@I{LyCgH?mZE}j+UO~w@dGYt@*0K~JVvw&c25Y`0c4B;AwX*gejj$=(h3_~7Z22coq^p*~T ze_(-H;x6q8KyfG_3~1aL7T1dq7}uY8jNypEE#nW|=c$0G&ZTm_Qy->af6>>j3@V84Dck_iiAt zaUFXFf4M%DN+1j+baTZjeUB756G|f=ZRi(}n2=(;h~HdUMN1Rmc}L2nFh|VEkdn!CL$drq~>|9t0Iy z&$ZdG@@C}#q(H;G=dA-#m0|iIwKO6ofHk&hL`t^JYZLAHbKGqilZl0U2*VzU4Z;Yy zzMv9tJPUS4E35*_s*AIQWe~D(C+goL1D2Zjz?J_|v_0e1>Ah($VcT*-e*WsKU)U$h zi9S7N-#of-ecX$!LX}r2pEp8Dw&uo^juyb6Mhn-rOdP^f`_5STT0GaMrbh#WjerAV z8f~7iK-WsqKypo3H*$##&b)tA#m= zJIS|9V9|T{6P62LVweCH7c8(oRxx8!#2VuN*V!LFaKXcVw?BNs{)RHhcG~@KdZ6-l zdPm%55O7igrI;b%73X^wbPABXl^9zRVRlk`XH}yAN1Sm3ZLnDX1I@30oY4Pz!_LuO z|Jz1tx7#suld)JZbJvaKz;b&P4u30Tb)nhf_unN07u-oqA6;sX8qvw0e~R)#jzcB= zf?L4!_wq9@#kh|U7Qg@A&H>I#A?QB{FcIWLq>lhlBRYvORcz}=zLintvCQX$4L5SD9;{mr!up@qJ$F~thHl~$FaYBKW-^TKv3LP?Ex zYDn_2N-LF7EtYo@uKWLuRxlLc*L2Ej_zhN}Y$1lG{9~*Q*n=4ogGg%;&I^ zkN6O5fDYY7pqjTeHM7mty4W|d5#c#Yu2moMUrafQ1GtU-%C<#K$tvG&j7OTpL_0@ zo+ynXE^la{egYyI!K`4ah=1g+fy*&KZGO3gZSOsdw??4#!x=T~VD?)aH0xW&aD?()|!T>JU)pHq9DN&#vD7_>-bmk{hSS))F<^&fe*{xy7qET-=PYSuimAMjahsoWXUcn0;`>q(I~$Ir$iQ#fe#Tcoimoz)POs1KiO9mOs1GFobE z&x{3k9I#-7PtV_qt)s7h4|^(&8Lait+{zs>w2i25jF-+NHZ`*7AxddQ1D~(rg|@f2 zya^B3RS5aYbp$0+tGmTgjjyBlZnM$?DqcROG{~!~yLi1>pcVRR@it-hxzzHLY(18d z>R2<2te_w3>3|!pK)w`I6q;HL682i#D27~m4QC4`6+X8^R%a4yqt`b0PA}O~Qlbfx zz}9jT$?GooaYSh9&24i-o|hie#7JbUZ^a^C0qbVw$j0n)^CgsonYVRzJ#vsiHF=7p zLLE@?lumxSM^nSkmM1HeU%p=xEILJ!Cmmw7g zRECzW>-on+CFegLbbn(%pfdlT-cc`c{&UnD?EQbXl9J~?-qo+#<^_#DK zE|tWg&>25DFlT)D$&wIS3&0Svs{Wr|1_JsVbY21rIQQX@?0?v(v&wj$PShyDK zTU%1Pa>oe%6P6bL3z$>%$D!>`*$;7ggoF{U8o(cTIiWA%4>atF#-~i@XcHThFAh%l z!nesC`zz4_JYaU1exSV|8Xm`Gbtz&7zKWJl#cy?HNSLATT2>wnuwRSb@?>u8}CD9s8PI$+YoxE22&i2^rEo{&EnpgSny-swNR{&sZn z;ltI-uMR<-Jrs^}{-I*$;Vyvkj$q{U_vfF7KmbsGquYMGURE~_r4o3E=V2!d^AmRF zddPgTxwZPMf3%eS*`tns$@+i);p+9J9^40;v{APH`;eK~|8)n0{rcZV`ib8+K)-b6 zKK`GPE4sMxNnD3#y+CjCj0=jbtI+rSlFc9TGcFH)iTpIYy9!hN7v>H>rqoexk6KQ| zA9&5Ih4qV0-bVKX&=X)qd>1s`R_g#S5}fdx1TU4Q-*YqVFE5Ay_%a2ZXA1?vwwVd2?EZgmki7rZ>-6{c|F@Eo_McF`i`yo<@AsSGY1+iei=6pm=zqKr z%WFj^rJ}B}>Q17rM^X_X3hfZh^Uw(8FU@)%z{kG;;(FT+_8r$kiEl z0?KnnX5Mch_7xrQa$WDLw;S`mOH(iI4qwmry`R}H_53IM(pglk;OHo)YSj7>Np)*) z6v$5%&VSl?3k=4*whmBs{?kdze<;6~|Jz89b^aqJ)#l>=b3F#yjl-WW=E&zWIOwTN z{00wlsblEr1AR{vkjuwZSX)ep( zau>Iu=UIYE4MA)6ifCA0t70U`#u%%|>;#dSAhhlTa=-!%+2a^IyrxH~V|uFvx2nPX zL)DMIo=oXgR7_rTy`U4z18oAKxhKL#ry5ilc*6q;TXgWUW|ITseD8>Je_WXYgH-?x&go&Sm}U^N9n8UOEfllp(Zf3%PPw3SqL{wu<~?7qIdH&WC}CF@__{M$$c zEL;DBem8mk(;fEq>wg<*Q~fWOe-!zL*0^{2Sgs`bZXlL}M&l62Feq64{(f(|{b<)PeuG?#*&Rw4#GxjcCdtu!g~z zHSO6m(jjeTciu0K)zi@n@|50Ne&8b=1k4yl2lP`| zgmo>3Nf=>WyO4jKUA*#H0B#mh8t6vO87GuxQ5Fa~?;Rcye|$`@(Z5$Qq_PO*EK_Hr zS=vkW$74_7ecB+E>3xI zcdj4c!ILn<;fn#j1#^5Af4zYD&Un^>Js^QOH*_T)LqL{`p=}n(K=I*_VnVMm6ryr<0$-_E`ur_|h2i`7 zIz`|n5VahFjza7!Co4OBV};|L7-1inC^YBF;R^2wYf;M`&k*TLyjmijen=4wNjjwt zhS#7Ij`v)=@qsdma2H+EuwRgC&z*;~%*T^xiFYHkT=(B(xhM`%y7%lo6HUf)&V|YB z+EJ-8h|z9>XeKjxkF3dP;laS(=eD6NumbSXxfuXQ-p#dwG8Ms2#`!OAB3+}XCFRio zpnmjZKyEuq1wB^2s1>mav?vH=4)k=e${18}9Er2=bFxg8$o~CK>h;kzw0f;uwshc*ep85F=~> z8Rm+7S^_H97QX+nSTN-E)=!kfX5|BH0XyQ$7pK^ZPUN4qw)&=qCpvLL`eF7yo8OmmB#zCC~^%USL~H-AF7* z3M*%_NnImy6v!=6h3uiz1mmf!6S�I7T7H90O zxXo$AAE4r;m|9szU{*AuZiI6i(T;UCeu4B4=ADh2k@jDp(Mm^6FnUTV+j(r`sB#wtNPzgxXP)@!m(@ zv#1^AHbw2M_8yknXcb1Gb$~k91)b9ScX+vhtuFp7hU2!`Lq*hAC)hL4Kv2a zQ#P$76%6hmf5H@#<% zFa+@QBIKF;d6u$uQ-PkL?E-BbY_o&U+2i5{{oQe+a@QF2>O?83tr_d*Yy(S*bD}iD3d|>bb&OvvrX33yB~YoI=r-^(m-Pp zLStc*BI^N4boGtwb>?isu$)1gSc%x&;;IDwlv7keNhk_Ap32W+YRt7^*+j!nMuB#*S# z&t!P$J>FZl0$|~mGqJcO4r*YzIIIGm>U&#kYWyE+g)&Ot0}=oIvTi7w%zZ2ebhhxrvLS`avTL>sQ)4_FQwB@{nMy%4wdkvnL1=d$+o%UJ^^F$ljsUGDm7X43wvD(FQ^Mq^Ne*cHX9#4vRuv@*&^y4SwM z6b8DBv!M+FJNU~ni&uqr%QG))K8%{Q(|&CGR4-M({|_0#eVg9Gsu(ZV+7g!T{|3qU z|HDCV@BhD*RHFK3_+W6=Hz_v?uX1TZa%9}-$`Bp#i58O(HROZTNIhVT7J>(q1N|Pp zfKG3RzsYOS9(fnWRi0SBiF)P->>tBwB(WO7)@Oo2FHs>5UrugwmolmM@$P60GC|O4 zC8pIa4A?J{q4>#TGjkQOs69+bvMUxPTl0)N`PG<$GCYmHZ`tPbgM!9nf~s=#L^gB~ z*7@qaf+wP>lq>7ef-(gFQ1^XfO6&AYfY`N;d9F#>4LgFu4*zH<-!4mo3>kN|jzlYu9{r+z&X=mj>$6#C1Up!n?DErY`G~x}8fNMLj z1!LCPat%O0hef%73bYZ4qGBTfH!D)m1eV8Z&Xv5V#+*el%d7J)%q^kPC)k4rgl%OB zp6w<`j5CIOy)}KU+yVsQ)D=T2nfp z(D>dV_;U_kQTRd)QO!>(f_Nq3B$(lzc*OLR3d-Nv(qqntwrfo2gqXJB`_-5?YmJp> zbwTuUP$Ld%#Ihnh))9Xnod(chD%5D{Y>v(qBPog16{z%cQAv(NjRxn&eZ5AZ;zkWm z42qXJYqibm)@vRwlcF_ZLT1!hRM0B&v6%xF-fCn@h$DnJiovLg)jJr5rtra$sgDV} z>ev)2c-OcBE|02aRhR#qtJiS?D3kx)bo}4p-v4hqX$R#$tKP8C=lfOCttp)#-0J`D zkMANC0e+BkXeI9u2(TE9mw1&>YOt&3gHH1Om;P`t+^_#_q#a!UY@#)6|9Oot!*%^6q1v$)DII)wzjJqS9qz zKc|sw$)975vTYZmBus?*SXTpyp(1ogL&7drN9Gm~tdoo3_taPr-})`-v$GLu%!IB2 zt%cghg&%m-nAdcK;fR_1+7OH%2R1VAM;zYTCk+xErr%1hr%h1tKE+K&g7n@ZTU{

^xzrqGfB>uW?3b()`TyG;sg^drS z1rDkxUE)=p4bI0M*J(G05>q|qZ21E`p1h(A^Gsu=DsSp?Lw?sK=hMo18O@O_4Km>c&E zkN}+qcd_#iug_GM|5LYa1fVkce?06Y?Z4gL(O&*y;w6-4~m`A5PW)~Xnvgqz#QTr8z~TLZTb7w&|`y3RlUEw~bRad}DJRW%_OcFLnZ zi;pKc>Bd}iqkg?{(eV)<#;no@81HGS!q#zSCUaqZ$Jd84ZoD$09#-uWj07;Nz~?4? zJ|d4j;oh9Z`c*b6X38P7zmvu z{lB)7c6S^{a;0*XPd%){XzP=F(@WT>dBHKMnfBz5RbHX$RMTIMEtk`pMu= z>#q9lm$By6RDJzpFlBtVx~kWAl*-osaX%^l2ZLUJzy7z8c5wZN6Rq*}f2BZ{TEG01 zcK|4y6-11SxjVt<1GGYRp~NmJJv&nXme~+;G0CzYROM0Y%KtU4eT1oG{r9@Pl>8s| zj`!<-8)*mEe>Bk^TmcZ#AMw&hN#JKhXB3+JOO6LVq9;=WSLT(bxpP!=u^ka+k?ruk zl9#9!K#O_Ru0&oDT`C`(WKq7pt@JTE{I4Zl(wIMd#r}T6iWPj`cd^qLg%nmQVSQ+1 z@^flTC}8lpFM$i{yGzfce$0WTA{{K}qrbxw;!D~W{Z&#;|Ih9^hM+S2uXB`&|9!l_ z|GS;EgZf{3qBX7u*7g1zDejdeI^f<-aqp)1S8-F!R|Ok!g&rm9Zqp^YZrl8-kWbL% zqxv|@wt21cw#!GGLCPJz;0wIbxKHb(b?twqZQ-+sO}_tfbUaMI|1#Ly|F@EMQ2$dW z+O{l!XRNhi6Ck@a&e2-){TBhf`S)K0Hebg3FCmp0fBz*UQ={*{JQ962e#a$y3TG=A zRWPajj*CEKqjy{cDviG5BJkSq9hVqp4Zh=|Vz>D_E^D0sujlluq;mUD^8JrNr?Z#; zTS+@8{~yTd_ez4z^Y@L3e2xSNQy=^1k4)H!q3t0Q8>LUa@rp!Ltg-_vZF3#Qc*>cx z1Xibg&fn#$BkLj%Qoy75T6sMZ$hyTe$i?B?T(MvURqvw+l%}>jHtdlf^4g*e}wQEH=73QcfjWrx7UNc`R6a3 zs_TD_JE6bU3IA0d|D~IZ{|Wlv{{Ht?(hll>e4;h3|GfvWI)f_|K=C0@1LSB(C1_?i z6I+#uWe>-2^-EN%qWYAym(BkR8_$W5SfO=UvtIN3O?BIK7chj=N`|f?oY-sX2yFz= z3d~!@=P~RgYPLpr((LzI1Wr68DV}~YCoK`Ae&e$_UmhlAN$Zl6#xPP`)edGVAvyhP z=KOh+?w#HmmW?dv!TM;(7PiyT-B7z~zW;i!uMrBoME-Y&$I19F!{dGYm+hn-l>fOyIW8^lWQ;6N#bSj!cSs3hwxY(zC+NUol{XdP< JF+Bh<0RTH*6p{b{ diff --git a/released/assets/rancher-kiali-server/rancher-kiali-server-1.24.003.tgz b/released/assets/rancher-kiali-server/rancher-kiali-server-1.24.003.tgz deleted file mode 100644 index 1cad6ddba0443c6c26075ac87570dd4da278e9ea..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9097 zcmV;4BX-;$iwFR~Fx_7O1MNNibKAC(@7L2`fn)NfPA;PLVacuEWbRxiO>?hF{A{P4 zH=Uk_qF{+NMJgm^TmAUoZxWdt2>W+9WdC-0NBm!rNVk7HJnr>7efYc69S(ZEzmY-1cx0xf9~d5> zGI1TpqQ=CS`t~;GrT}w8FRalHh><(qodsM?{x=5HvR*c zC4-}5(&=>u9T@*kBdwRDzxenYj^hSKV7ZQe(jvq(0>gHvI{X{hRJYtiV;Q(@%Yp9O z_6fIm-kvvnCVjoDePWmQ>3u;`%4Vww&dCX70jsZ>p@u*D=pSH1XHbGm)!upYVJ`BnUx$VKv zMf9_)_m1>V3+Q2b)*@gZ|B01}iY=Qx4_#9xv2fvn{9raW8qg60Z_%O5fN@!SCpuMb62Bwy0z&a@^ zIivQR&ji19D<>_Vvz>nHvANwoB~zyS2i~=?jR2NSBW$(OWbP`SaVA5W=23(Aj`;wy9_A# zc<}?M5w=an6#g>}5T5|Vv!=6vU~LfA1mz6j8i#2(UxAKeO+gGp9$*Gg2!QmK4ugMS zfm-4&?Fm3}C?E`I+!+?vix3#spLpYt2hC3C!gg1v+c>;`AE0}e*gb#&MR3vt1VAho z&vf$k8Z@psbsfsO=aU&?=|bkj2n0?F!hs7wCNBH_f*9odf}@8G-%%TcDb-tCKk*Q! z5mO8_MtreeiNBzxb#0l%6+;Bjpv$0;Vf&!?-LHsYf^y(9qO%SHnARN~15h^@x#7^F zUJjrE_$3VjP;Ptw}04 z*i4}G1sN}8_N7p>PfgQ>=?BvuMuU2D%STnn7c~e4>aSq@VaLH*{0^qr9JU?=6`XIG5A|`+}wrNC4w#{o3?fG-uiy4!Ng?k9Y9*GUY2)VwX z5^y{Vc1A0#0?Mk3vxQ|4vT!Hr-y;K-n)tw#|53C(Z@PaC(DUG zJ!juMx^R8mi>*SHS16x1LP@sf#*~g0z@SD8*S1U?!c+UsSovB!*QcgO1B8u$17jL( zp0MR9?Ed@_bqt`+L@WZ{N2qDTuF3V}+z~5fBr7oru@1og5F|!mh?1NT(S}-l^(@$1 z2CI>28&I3;^P0wc3q3HPV3+-p`n;Hm*=TBgjeo=0IkJs0wN*0RTJ&y&3qcgWHf-RWPsd~50eF|h<+fL!l5VI=fmjrKr>5KhmAc@MKCqSdkpwAthu&Hbtx<{(qhQ;R6>uJn9||pRm8746>c}(Kr3U5oo_X zZZiltDS=YVknoE0y$d=8NZv|}Er~EYslBr*(f=dPxPdlUtp9=L2RdI||LYHX$9w&6 z8>!uH$IMN}V!_N^Hnas9hc1P%TwCmKu4M=<^nHyfR?w}qsuWd|nP-?6wp$TOYP?fJ zl8;qdsf=o|ymQF96zZk|4P@(-t_!doty;YV+t>%(I7suegv8o`=?btUqaYerDMn&1 zHS&Z~!AB^UWeTkvikxJZ0R`)ysfF3ZLZeEzKM+p&slP<`jG!(%26D^ZR}@u=T%)iMm%I8zKSjHHVEoA zW`!Bbu%G8}J;CiHO_^q$Td;tf-{rw_R=~Gh2lnV> zpcGh8V4;&RtKSLpZ0nZphu~3%fI7En)^K`u_4dctqxYxpUSFP{p1oEeG1J?3prXXb z=Gvn6)jZNvShM+`!_+0BKZh@E4Qe%5& zEV$!<1tWZV{#I-qef@jbQ)$d#t%v4T?uemnM15ntbSAN>kwp(tN-G-pd=)RWy~X8C zc)+eg$XBi-D3My-EtYD09mRK>l@?I(@-d}BUR~YA>&*hK&{vDM3A4|omY-znv5Zv5 znptE8{a8;2+-L>zrJ$nF)MAjZ*V;xgcd9WOmorb_%|N~Ly5`?0+w{65VDl+WVhz$&x(O87xXW40%EQX4x2 z)i`o&6p|Rir%kZrFe{_FhSf$n`ihFH=V7fXxT;VxZDng<6gymuD&XhKm>IeZsW_lA zv~*q1KOQPM|M8&v8~Xv3`Tz8L{lxiCuYbJv|Jh1Pp8t4b!_?7*!u71**u2+ozV^9P z5{E)({M7LR)yGXvg*H6z@s>7seFgO2FsIrR^0TIKF9JnzZwm=HHx@qo3Cm*PTCi_z zN$JWRBlu5PTKq3yPSGESwmW4%#OVSZ zCU@+wL?^~1IxHHlLam7 z!c75L5{+0ODZU0R%C$537`;b3r{rUs4|<`lvrp+%qW|5|aT^U#?NEl+&<0ENzs|6e z)c*$Ees{0`Z6j4NIL5A{g<7CAD`e<^NfYB%{C^}0+$?!Q{$POapon{?|MdFX(Zz=k zS1-Rh1aK>dww`|)~N-8hs=;31xeoiNN#*qQ4g z^U3Dc>aYIMQub$$I{qc=|NV!n*Oz*5A8gV_+4?_%%*6h$x4-|po%9pGZ-9R3%zgYn zBUf~B})d=P}%+e{vdh(tKT{9@7Mn}Qqukt%6DPP7h*Zi zR6T`juYb6xo<}8Y$f0W}dbcpw%M{bataMrKBMe)tpjB*%&bUJ&8!xszXH`_kLxm!G zBz;HAu|f1X0N#F_?S(>B~)}`XA2t4IO|=^uI1>eo6c9aBu(JPTJH| zQgCZB9%2IvKOv_+22luu>5wCR@FI-KgKgzthW}5x%A#>*XcAra4K&EeOoOAvp=O%P^0(Z@ zZRmNHpi)E7n!O?#*4L^S39>Q9>M=V(WF`o$JAoXq07LdT1`n_4QRT z!2G{+-03Cx|6s7^|6557^Z!KDGAxng&3sB_^X3nykauQV8wDI`7ck|mux?MVfR7h% znPoy*;TiOq!V(PL(O`xVwQxJ#VnN(aoz&ts1MXgk_{^iZTja0z0 z^*=c3CeMF*-OhgfZzFB0|K;+JBLC1D_f8+nl_cK{#B$JR9O4)TB}-^(k3GO8sbu{N z;|rB9fZ$snYx9CK`(HQh|9!Og|K3h|A{f9lAO|*e;D4@rvs@6Z=pa}lnsNxNVQ^+m zd-jZUNSj&t5a!cs&>JS?kOuY4AOn?;lcx{-6n38h(-1%l3drANdcAJc2}?^O(`EJ8WU)Y)j3 z_EP=v*i(3)Hb`aq-v-xy!c@ZldxLcR-=ofO&;PfP9#VhXmf9wfQ(`g7>puwX@Hu(s z`T-t12{RnN7~oql$5-*!3z+YWXD!$R5}0#CSK=`QWVsmHW`PV8AFhbidw!@KcRV%c z$nM>_6@(3H>T4RnVv`SSXrix?X;4#7P@oG}@kcKv^cq7UDpx1)m5Qa$-y&ETzK^d{ z1a1OR%OU6}#J+N}veP$KINpg7_JN5)bFLh&@Sd<1wcPOxk-o&MCF1Fa6w#2RQ|e%N z4Lad?&&3-bD5D5>(KQYG1-bUzc}UBAJc*WgH$uyG|4o*Q;t-{K&)zf9WGv@gn9Qyn zl`4Z6?Iwt3GL!ennv5164D5Yw8_EJJ056@J0dVBqTq`J35$t4~|MDi%HHunN9t{BM zM^6Uiwxd+gW95rl5vxFpf>7o_PY0`vK^4c5I14`~%T$T{9|6l*fNao%#Y5fy>GnIl zl>F};AMNG;Hq!6E1Dn3J<|k}H;G)EP6))#V7MK_(oZGgrSnKuu0-r-dF3v)r369S9 z4J}p>R{|GJiPgiIRy!)fg8r&E_2dzmDi&Ed*rj8VVLuTWwyhqC zoJRZsDqf1Im1P8GMI-7)IJXh)SZCuGNdI8o*{B(5{{>3kNLznO^Ji?h_FICcRFM%+ zR2FrAcF0gK(Ah=Tbbix+QBYFR>07zG$PI%YJwK#`1W#WfR-*U=s`^d1 zI+@{UE3M28$C%Pdd%TKoY2@o%SwkqJyHy*+BnjJ@c$DnKl(9R2Sp^E@H;N4+Yy7eoeLol$a`%R{$;aO)}(m4tr2R=XW&Yx9W@#6ee^wx z+EH#()Xr+}VX2K)VH8>isDoY5DZPJ(mmApX;?H6@Zks(+M16IFJp&B{RgA>SgU>7^ zZ#8IPck`ghAgrMjBpQ{gGgC7Vg-Rv&tB|>%XqMQqEgj)|K(VDmqf8m^$lVEMs7EjX_UtzV`pYUjc<5q04%y*vhb{ zD8rHPdd{@eq(&wU^C8C~dSKu%uzlS`?J$3I8XXs5Ai^d7(8H6qMO7K4bglfsN|xQ? zm@!`WFk{A_&Wy~?(PqBjRo-%4FJX?&U|@+d8H7(4NRvC;WL>@cvA33VojL6 zULYQOvDnIZ&-xhqg#t(NNNfE} zhKJtcy>%-97H&Bci(BHL29}G%T0vLt3>d-n#w-<|g>gS+73Q-@v4|`4$!O{3zOR?D zZsRcrGaviSusMOYR0jZ+o-;xQw3SXI|9)(<^geAVm7M>;9*6q=h8Muf{68}8{~q`E z@&C7y6wz`}OGZ5-X|`5;3pnX=5(Pa0c<5&Yky;M}<>~4gC}??F)#r1^TLg?^k&G}# zv(TIIO*`f3=J4K;8gXIcDlF?Kw();n+M>g6}am9c2z{x`;d8>4dWOdl-%TemYv z`F|Yu_xHcIk~WL~_AQ?pkNOM{pdntdm64AMdeM^67}OwkMX@R|Ox*~rjPjB0wJ$M+ zf$rjLXoJ8G{&LLXRpH(8%*&b&qbBXNAKO0FOV#iHLq>4lrnj&v#>=&~gr)nxK{EdT za4^{W|8FIgsJ;Y<-i2|MCzfxbp7{a$$FLentVXc)nPAXMREWculiS>-OzM5SI~s#b5VTr} zX>|(&_KRdFe)8DNTtzHu4-=B?ibcuRJmXG&HKw2pPvh@fwmJQvpfQ=CsvJF$4IPAa zzIw0ViD)Y2%6hb*OaTDYeczbUIz1C0cCBNcYf^T@j^MPBpqDU#p&V?hT-Z+4>1_!2 z3c!vMfRxV9EI)9ko-uzk5{y@PaD`88Bzn&>YV@7eyHMcmV0Z64D+s95WRHJ}gWO`L zD_liiSN;ojyVhQ?ME>_XgXI11VXwE}|7|7hto-K~Y)kr!hl>hjKU#}MyulH0Z3nhs z%sN}H0SM@@C>KzHHX>0}Y$V`jMGBh0@_5a;k{8vOvnXbHb>4-!B~m;tt`Q_ z-2|!JMQt)M$Y%(66u5z5XDS_0gT?eQ-3iU*#h&MSL@n{?bTweQ-m=Rl>dalAiWvaX zI$IS??&#Qe%^MojMC8st+ZYut^nKtLn@M~XFIM$Z0hzZ1D`4hPlLD=!BTI;rrE?H*1ZRXLUjJ za!?}1>Y96(cE$)fK25<)V@thZ+sejr)3yLdA_5o){D_ zb=GQ|*R9t)UM59r#DvVKv8bR`Ye^$L=q0jx@-#P*H9K%+`eu?lt zJ%6hn1x%J6vj)^R-f+))pqz3NFp^-Kv)wRX%{+s_h0M(E^LI;!@2MZ6=TmodE#N;a z1!OCEMEEX|ui9tK8)KSFz4ItLhkk}-FTIqw==Q2n@5VJds=h< zKgY{(uqo^4!}hPY^Y+4Z?NXhf%>VCrFpSIpey7{p%m1yU9hCpM6RjzoAl&Nz?~m^y z6#;&bb7&>+5D2gsjhA?pP;7in1K6Y$tRn5cM44dFIS9hH2rL{?-K~a#kh6ukQgdLcQhpIVs&J00l_-C7=BNU1@W!ll0G{dp~g(;D$rV} zeO&l~M~!(+M;MNn$*&E;_;Fw(^M1tPt$orU(P8?n^m^I^74K8rWF$!MEwa_+A`{>% z_s(g6TKIZA26!J$LU{EFrr?A(QEN~vM2GpqC^&ha)}YyEC*liJb@~5kX?Qp5UHlQL z%>L8wC(nNdy`#PV?^e!xrEJi_%ha#Yy(Kw99S ziqa)s)!E>D+;N?Db0`6{wa`lJ!=$6oy}tU=c=I;WX7>MT!l2auZ;<5w$KAo+{=b#9 zgZw{hqCLFnzrgCx`L_@H<876F;T2Qpu`m%et6GJV4XvdfbC0r`Epnf-b=&-*$cHeu zO;KEUG3K?I+vvMyPEHyb=i|M2=ub@@Ma>qY=7lmExVPSXC{9USlF|2EPN%Kxd`@Ye5*o3-nE<0fVO)E!yQ zwOc{NpPhds%wesH@kzM3jm*VTy0a+NG zl9O)CMK|i#8y6iP@nOs=eSq zg|mW)aWQu%_ z{cj`f;QEgy+Jh?qBKjj<`X~wfjOdI)lYhzaz(@3CYT(Me(lmFDYA&`T!Yr~KzE|=R z)dFZSuiBN!E22x~gOe=E*SD2EMu-2kq)Qs}hp*V*Pgt>n&-*TR8l#ZHN+qlhjZA({ zjR^$|KKCVXL49}WnbeOtuvDaj<$UyactU(h`=Y-}s_FmPUB?hqrvG(%N&WA*v%mkl zowS4cUwWc7t_Rlj{v0Xpl_fgh-c51urubKJQ_NQd8*zmmCF*X|CAx0g{Hl;o(B-50 zILo$qt@5_ZN1H*)9lqcTywSK%>!fwe`C*OEQA}Utd0hYG84r4s!%vl1f z(>~|#^3{=b5eO;ZQGBhu9tmXKVjAS)@NKSGu!5@hQ3Og;+Z`MB$PamM0~$n?lbE88 z7xPgY`S$^NQQ+!QTAy7f#jn zKgXTWU+aYbDv$rtO~(Hmbb9;y-&;vLsQ>Ya*0}!n9>D4hu22BQhdd3Cqal@`nc+-q zRVJ1_9K+QwQLT#VQ_@~G|1WGjCqiO{)@99l&GR?aZP#7E5Kb!@x{7dOuc;%n5kM<2 zZxx@%u#>3S8sSN^-)j*#@sOl=`o)~IM3DN8&*pr2n3yH4OHLZYNO4s=n5l&1^skxo z=S{kIdTUrVvY-d+qaj<^PDgh`?W+0y>%G24DDV>b-yI$&Dc zVQyr3R8em|NM&qo0PKDHliN1Z;Qo60D{yqaik-74X`YF`O5M#)oW$SyG2hH2Te+=0 z7DTorWJrJpK+R|!|L<3L@F9v6smI9UtWc?VL;~H72GB1wK#r+D1>U_QI3!&GdnwB2!IZeBY6T&WfdldC?qs_sC*l9HX{Lu?qtS?C}NaI#tEGSSWHI@^FX-y zLswI#n#~3{jHh@|36sNzgz#mUuFp6y;rc9cW6mOwQ%FQ_R)k`CpukWZfrzmWLu6og ziI9YK#au{;s@re~0SoA=w$%*n;F$ahTo6WwXm-@Wah(4gxJTc){Z0VF=OmW;;onqa zL4Ea5(&n6ux(muSp5QlNY@~kT5ebQ$zeF6yz&i*@hNe=+V%Y25 z-`{7f)a?V1n1sSbw^Je%E;}b6Kv*D=jJm#(8t9(LDe@B`Sw#K?K?k834iixI(Y5L9 z*8;s(Y;rqOrg)IzoDexpMvC`6joSRbLwwc8v=YbnuBn&^;69@gs4TZpe2%b?zz$TPSi^} z=2%Fc_%h+pi7=rO6AD~6g$R>yXj*m^rQ-ig7@LGJ;Vg;u1nVGV=71i)4nheJ^M0oN z=&YD0W|%d;1|Bw5=q4@duoyU&jIXLWg)lNRL3C#6q&0K4-|uq2-|u{Gk#{JCQmOyV zirtw3(4hZMj?S0#|H;YeLI3ZgDCzQk2Aq=shRD&=!0C*WFsy#ld6p>vt3v~=9vr22 z#FUJsgK#3JNJx$)Oy+Lq8TySSXo_c`6wDoE_XsO-i`W=R5&^oOVu|J~;pmzr63{Q# zZ_qsnLo@<30v{&=I?oU%lc_|iwVVP{at0ZV<74`@L}M~ZI3THrV~IpqBA!qU|2dK9 zo+V+>d4?!Jpvbt##OOr@%;-;pTr!0=fH-7xrQ4|K-}@Nojp|ivSp;s!=qIjd^0Z=b zH1q9xMIr{DjERq!9U>$Z7jYOW{4r+_bA){#gwRaa9ZY!GxrdR*8IvB%hE~~SozAn) zGjsz|5;_qERzxD=7x;5|jqaz!pCZfw#Ub_~P)c1@xMXxpCU0@9M*AI;mKsLGIg(Q* zAT?AYVzHys=48l86%yJ zntjTYRTGi~L-g^J{h?>4{hiKE!&Woe5m2cb+8M5i4@pF%Ff-I3)1+c4A&RA*2>>tA zC`n)6STpOw_gO+Enqq-s;1Ll@6$;w|!3_9ZPL;)}G5*LniWmo^3>wZtJ*)<8Isi+c zeM}AZL_lGf-ltj`*$F^KA>^#oW_}kr-+ZHNaU29h*^oH&tbyn$sc*T2$74c?oU0}X zQKn{#et}TTg5uvErjpnP#`yDc^V~Ft2R}>#5JU8jufP7Mene>g=o|fP8e>x%$HdF* z2S+&}!p9+@liuuT1QH)Px|&)B7A=RE31!C5Gi%A(EqB(wA`zZ|7bjup#VjPg8vTp# z9?yld_*Q_=K`OEoO%hLXyIT=G;UI(u6pum(?D|0{WRnSSLw(35-k9+SOXc^#gLJaT zAS*~mlCZ9SA&Q^;s8r*Ynn04eZl-`h({1+4>)0*$hqf-SP0M9 zrjBFS9}*vnAsXmkscmZ4o91X*-|7;SIwcjD(>HP+rx+v))yy`P^vKu=Vn{5G(Tu>o zrxvgm=}9}rp@2>Y9whL>TsJOn&2(KD-VO{(i@Wyw8V%xnPCau9n9^+ zPRJ&NdXn7%RaFF;P(mlFhLJhO)Ea6gb2&su{eE9@E&|DkzdXIt=ce{|{qIyiQ)!-R zhf5YkOi2YR$F;b{5u+31%P2q180T(h60#8vjljFn+GL(-7e7pt^YmKl=#*wCc0sTAD|JL|GWARk$~u(3{K9T>A!szDM{Ns`R@4i` zrTpF4o60WH=EMKYO%WUML5!MLFO{`X5uoVYX12$To7Uvh z8UfHk^oUTD87HRYwTY0q@3P0AKK;{0uX8(*0}kd$Fh<=@=eaT@hsKipzJOXaS1n&6 z3-J3T=;pO0u-LXh^NT;VplMkD-W0+ZxNv2>c_?7@`X3yhpP!c2|M}Tqa9IEQC?7xe zzCkk*4VBS=l%4l1l{>6l4Ygvm|2_rd)VdvA@#Dv? z^3n(eYvtJ~<*Eh_>gH9nBUfCh?yn~5RE#^IKa}}HeROuL|0K~(G9Hr$Qg?{@wU2DYv*6$aH2kwzS}N00uNjDS;+AWWCF znJ%;ktX)GBOwbPgbL-ar@a{&{RfdxCPF}d3*JEUZ{sxHh@i3vnh6D67k_$Iuv;qqv2Ts#IH}4ckLefb^B_#PIv}BbzmiIiYfloc|Dx1=D`e z>&CypST$pbI)$X@8|q5}CtJ4Q-}IseN+j_0gBrC)2$ zV@yD3qB9@T?6jyyEYw{bF#+1&LD?#W`$B!6Q9%OW5H$5RWRo|lN#%6PgC*_)(zI&Z zdU^t_Xk`3pH>bZ_;7+%4@QwFl9M+~T>Pn`AQwSqhOnZ8ehv?(SG%!&;30#E{$MK4q zW-YpAJZtKtuKF8GiLRZ6Jd`O?$;jN{MSql6Tfx}+1AR!C1WT%Wm&q}`HM$op5vF(o zL3cDah*HBVjbl|diZPd6HqL_tOQU>a`POcn%UteOVl{DzHp98xR$H>vhs91>>vEa= zUxd*a0Z8DHBAAR3wowR_MIq30(;aOeySLUL(_mj9F-^n8X`H%gMHBHu3i*`@EL5)T zr2vV$6diGGV4@)VEz`JG0FINt;h0VUedWDGUkUZDVy-R2PlJL6i~&T(3W9x*Kgtnj zua-#qz96js_<#Q)zH*9hpMNEaBKjK#Iqo-3@zMWQkDM2a$aCe_fYTt{6blWCOvrvN z{rJkpR(CW4X{5Hr2;_*%+{oWljX?f(mm^Sxb3Y?M#^|}yy3dv2d<_$Lc#EY!)vH*` zPKUCt&XEC8oPaOT^O3R(ODp^ZdQO>a3oYw*9kdrOioMXBK@OyHAn#Fur-h2nQlFRY zzhc!@_Sp}a)Km6J+8rG$MLJfR21?N#%v+c#X^7P=#8)dNTTR_%TX;pq9h z@yivK*pf0x}*02U>1FBUr;X6fN*Y(Sw-I zp>>xR%i^?K;{D^SaWY0LhG)?@{X&KZ9^#PrM22%jXh2N7l`>s#5!Rd~=pIwK=9pEQ z>cv%9FCy(CZY?MCrE7MnJu4ABZuhAx*R9!UPqWV}_qQt|i#=x}01II?$El5)slS`| ze|$VjXb{3yxu8w^zo#dI^8U~H;Bfw9FJ)W7)$Mi{k1Gs1cZ3GRJSDJ`Wg2A(@3n!p zd>_L_pFVZd*=HNtRKU6|;tsMQ!C@{=E3t%G#PttE300OHIxzrB$6>NOBzFW7FEW78 z-@%s|joASg*L90h<8u#iLup$7dK4oZZzBMj&VQYroG-5bqyFHq|GS^^nCo|6%Qhv> zOjg$O%j>wSaXG9eMmG_o?_1&QKtzL>p?y2=rLXnScy0BrZ&WP8Q7dzppJ}C3+D?ciPi%n0g|5i7i8PPW^%2L0Vn5I}d z0Sd~n3k=K?SZ=WjQy~(IoQ3#q z4W8O~@G2~J6*zfVwFdf9_;nGgWWV7k)U&W8o|HlGxy5{KY0&@qu22u?jLkPP0~+;z zzhwU(4Nm%J2mQZ~k_M3K#N_g}v6=Q|yTMs?1lzGT#oMe-2DZYw&=YOJD%ij#&<8_0 z2uUK9ZT?EZL~l(FedifM0TDi%0e`P(*BCtm(o14VB7IPuNQmrl8Iu}fgD>_J!xakz z%4?hBD42>NIZ} zMA%t9VfOfemsnt)|KJ&T>yBkcj${&t`Y`^MVZC<_s&)^z-fQ)dn2P$eBtR7ir=j*5KKf<=;1z_WFOqHjM!^>HqVye%b#& zJ3Bh)|9zAvsQ)Ky$IAaFmT7*J9tu}aJ0&wXT4PU>ap_00`>+t!3w z*(nY}yLYLsUI0+7rysFjKQYb{Noc!1Oqe%WYOr^jwaH|yFTyA)PJ!a6^xF0*f=Ea# zg)!;OhL%c)8$ee777nib#XsSrNLZj zum6oye+>VBFgPvy|Hmi&gZ|$~d4l>sy{=)GCV{$__6f9AXc$|hbQ$?HGf^hKTN`eFX@HBQ9G`TZSxf>yQO}3d=~tSvHa8Le>({sFim{?`un-;ieHMA6WIP6LB(vw^82dyPeBQYdshb*524ZzuoTxr0sq z-`Q!||2sZAJIMdNlrKd7KfdT+A@${y0}g~2+Fh##F@LK!^i*YJTeg)7Wkl6dp=Nsw zL&WH&7z5pUU7T+i4j@4KF2MG(&sO(B-MS8EEz-BU(VRO~nV18v6T}yVcWngsjZR2w z>b}n+ef`W1SYSZOFOv@ue%JvEBK+_qJOB9p^@jR?&|dpD>i^^Z(Q#S-pB}#dv7hqP z_5a{WX@9SvUK^}{gPJ<1seczW^~k2MS8BUYlXz3yx272q60b4NDQ?rM8F%w&Ye==j zC;x;QZHKZ>S=0WDIUAD@lwxk53eXt;IXWuae@7>W^M89OPu2b_Otc-R0=!k=uMGIA zyujl7vOPG$0)|E^=ds(ST)~9vYbnB2!IH`ybB#^c*KN7y8&EcKV!y%A5JRrXKBqe% z$3*56x;;5YTP}vxSLw>iao7N1gda9Tsw}Z>5F6uSGu+lN*$Dk*YDA+c;CNG$R8zBL zmg{304d!W$k&GX9Mvoeq%_-5hbMA^1?X)%1@>$KV4fX$nyT(z#rv3l3^K$;DIL*GB=j*8dY<3B5Q337+ur4Cth|mD^wr{KgVGK|fuh;sL;w*>uOXa%SRt za|O<`$LMteT}F}qu2g+K-AXx_QCX#-HYI2?g{eabJL6Zy$Zf-?jJmb?v}y|NQA@O! z|C9yr`$iuHZS?;JOXt5&j}P*HFXai!e>2f`9`k?40&q24s|f6ay4b%V!yZ=krkDm{ zF)6nxaoil6wawaCjt%(MkxCYM%?a5S*wdDqp?@_q{w|AAh$pRN_9~h{fm6`D5Kp!f z)YCPNr&s4|Tbj&~^cee~52jmJcWYn*Qx(|7n}!A% zMW%j9rM>(Yv0Atz#$@}GKc+Ou|NiOm()pjGL;lx($`h3T6%%de&fty4f&R*vTzLYh zpb$!Or|N*x7bt)>UH|KtfsN~bP`>~7_~`hs{`XRz{QBSD(%)d!e}N0WR5n`wl0`n2 ztwliN`tL8T|MR1R|F@U&wAa6xX!{WXw;ETI6fhKh`RhI{?bpAYGEOBXZLR*iG_C*h zrThPnj?PXF>wh2R39kQaqV0U$-xeUJt3G{Hw+&>26*k8$VnGrv9rmvYNetXUeI&)6 zoh$%s3R~AwQWYs_E1%X_|LZCJLTOn4$Ni=J-@)neVg2u=JjM0@I7JxY!llZu=|LHXorI;Ik0q`W+Ca;r@E?XK`f?WrNb*{+j`p4_))6 zqV=r62K(>m{H%Qb|LDAbu>bZ_o}m3#oM=0@0)GWA-G|%?G{4cM##ZkGa`|As8ezZG zRr(x8(-ANOor8!O70^DFxyBDHQ)+`~vP{|?%Hie;IQdvUon zDWh6Lzim?BGF`gqO||EGEPz)Q-)b8mrOM{#^ETSwq{A!F#YXK`d?mhW`Pi(ma1d}1qE7#0 z94ORl>QM|dAasHv5CTuuk!4xWEQqJpvHa@$U07>*Z!@^NHP#-11*zu3TWYPW?^b2u z26gpWyL-=xlu-W6!B#!~`y$9acDhAmXI=fjX6lzN&G{co{{PY7aR2XK%9GXqkCFOS zR{iT{eGUE`IbX%H?)qON?K>+?`@e(ZrS*S&c79m@`zTL#{Xa_Dca80T#aP&2_$zX} z?30fT7XL5G7T&=plM1NK;h5dU_7u!En_Csl2xWen z^^U|4P1sBQwB;BU7`)y<78|x3&2)L|zk$z)4;Q}n5#DVu%U5)Z6UK?0+s_%OmU*-E z<)wO;;cW?JX}p()q@F4g;R$$g5{AmZ;~)$C*6*&8FuXBuijs?CI)QZoc5}huHc-3p zz-LrqLV*{YC5>l@oR1$fS%n-i7ZM^bfH6)&>2a74A^F^lP_5Kvf=I^a=+mcRbsdQ( z=+mcsO=OI@Vj=P8bz@avMXW2LKaeF2ITztQo(rcqF*lK_NPh_p(;$~aUF7swEPJ}K z`M*&mTg#tM?NGCH93PN0QHiBURsiNg4ki|y`DNlXH zNZWtzVdQbfq|tjRhG zn1qmqC{AE-N+S1i9&qb|Hy>ey}; z*@}LwXFYGV0?kq=lCZ1AkiuTe0oBAUuirYT}4g-V&+$@77nW+y45?cCq>vrKlB;;k#S@}b?JoA2V~{DKr9S^BRRzs z_1&Ys+ee82<%%U7x+Co00S$y};XD^$_k6^#*P9SIO-8QIqTXFH0#2bIZVa9t5h4N6 zJ3bklJ=1^tEK*(Uo*aLBbaMXP$+s_>X|#l48XzUoxF*rk){Qxn%x9rn9ITBTV2w4M z?QY&By=TA3kcHfVRqe`D4w0ib6P(JCT91N4`oIPx6e!58=fclaZ*DgIk)zr>Z8Tx^ zWUtbVWrp!21e>z0=45KS$5>7a+t=%FKNTDx%e=)fg$~PXlCn@}zH+BF?`!Ts6n>WM zg9iQ2a3ZJMdH{{~fB&eg|Bp@&=RfvRwvBU@G{2rkp04gCJgidpW=fS{Syli3B9T*b zan|PQzPm!h@5K(_5D*T&{N?(!7?) zq}MEjEmmi7HZ85lx?^aPFfXf_sl{#AsWAb%%9a0#vm_Qn^bg1RXQ#A#*tNS0qJxxO zIkFE!BIKjT=N`MXS^qNv_v@bdES4t!|LnZ{{m1^v;Bf!nUdjgR|1wO31iqyhFq3MZ zi`eX?MK~7vC(s~fgi7-(6E5~A3+!Jp3-UjDA)DksV$L4s`lmfppx9-_TL@fO(V4;JB?Pe#~^LY4u-g9K{62k{a)IF3aXirl{v z#oh_9zlFpS#z`oaL}I&cVH*J^bW(+WnnjCa7T_#eyb-FAdRRFbIHSL_k?D~AV?F3* zp5(DBvp-K*sxT5x49KI`IGEZEMg$IndpjW`!`_B;5p5t*%5fujU) z*@vhCr)xC>t2k|51ud_ZUu3X?86_k{0{_;PjD?lU1Ri4GBwZ#gVJguIR9azSWos35 z$?kx1P-0S4uJPSi9xe3$)*FBg`v16pIw<@9{qwVf{@+LWT>Af@_^t4bwebBDn*a?R z{1T0URbAS#Sx^|w079^TuFd4fFdG_h9t?<$4Tv2L`V%uX4&@1!7WUtW=nL964+A&u z{~Vo`zyB~eeE)MlWyARIU(KBObA*9e2sW!Lm7gp4&`C4AuFVOI(z%ShPa+v zb1%vcAZ!@uUd%t)BqKDg+v80d`xgihSkmxuxcNHU$7+3f~Is0Lky4acNA!yyT@3`h4U>yFf&<1g1< zU|)9e+2*G?(o_4=kC!w=@$RxRYJCf%JtlE`X|8apy9shJRlnu+X|)%pwa2?~ciJ-d z7Oz9y?C#T(%6=7(kOu)VS1x$zU}_EDLbca5E$a13Mfkbp>{Bi6^uN7DWJ5EcDgJ*v zD98T?gVV$L&%Kl;{hx-Ep1c`wSmYa(hV^fqZ|GXDyX*5{*WZ5~^v{>R|1&r_tpB}~ zXI4#5BzhhKMbAUV?vfZet2P20gp(ug89{$B{V?8?@>T}S$H8p zrY~21G^khcwIB!SbE^et_JZR&OTSPv4>?%u&n3H&3cND>Ouhe6B5XU^jE}Pbfu+f z8Wuxx3dm>Nd=f~1oBi_o2lJs3G=eeXP>i6-DG}zStB0|%dxamLd+Hv_4oZXkzlTwm zGbX!P4&??mV3YlKw)Fk)!Pz1IV?U+Mot2gL;bnR=U4>~_zNK<624G5px!H1v{?LH# z2@Tl2`}bFW^{(H)zy1E}-rcvN=Ns)MdIbl060#8vT^~ysf@^EMRt{tj$D}tK^zu~U zUR^g*he`DGr2?Arp}sNQBn_JY&e#8W_^#5S9Lk}5_VWJ&00960i#b$}05|~vfMGer diff --git a/released/assets/rancher-kiali-server/rancher-kiali-server-1.29.000-rc01.tgz b/released/assets/rancher-kiali-server/rancher-kiali-server-1.29.000-rc01.tgz deleted file mode 100755 index 64702d2bedd454c2f580b6d7bdd0c39b6793345e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9767 zcmV+?CfL~@iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKDHliN1Z;Qo60D{yqaik-74X`YF`O5M#)oW$SyG2hH2Te+=0 z7DTorWJrJpK+R|!|L<3L@F9v6smI9UtWc?VL;~H72GB1wK#r+D1>U_QI3!&GdL2D1~`nTcu)zG!-s_MWtgtdI56S*EOKMcB9K!^L~mAvVtJszP#l4Xu@6IJV0Vd- zgmuMSNQkQ2a0mel=&H8W4DH~U{0dwUMu%v2)WLC_{~WkS-?{xx0K(@amipn}RAWR0 z!W6L>C=x8;KA@Ph-@%t?%s5h@i4Q0OF-2^oe&P`ciJZSg9LB&q2uX&fQpRG~>)qeq zXROri1CW@6!bP`JA`~t=Cm=vrAd!r^zLFZ~p2#Wk6Cqhd{sln?p&1SnQ1#KZ>Fn16 zy;f{;J5#23km8&WIZZ~2_dSi;{J%qd)yK3F$M>$Om?)OMEF%P_uO_--@P5}pQOedW?nBOxVh+(IT^k8l4A*zx!ZY$eq#xm;u$Cfb4S@d!b;pCHb#;}fbOSQqB%=Ax@L(4^vm@d zbWg$%jR1|n$BBT>GsMYcDv@d}r+}24K}O^Fn0_tMm`oB5NGjr3A`zB|Csf0KP9(Z# zNf>mVAqo&EGVU=kdQky0`qLnnOrZ@R4%uAkHfs9!J_dTDy4QK8s;EgL5s@f~U%2S? z7zq{uqoBJd&{R>$P!b1NTAB(3OV)XY0;Zq8L>OIN8}bz5dkB3Nf!i_qi7T2str#55 ze7jzeh`}dg;v;5<2ua079EJ*i%-O>nVc!QKG}Cnl6CQT%VdQbfq{p(MRd!jY^Q`j> z-GG#YPK1FKk%;&O{#;(8`zi6K2y;MjhbieD|tqZun%zNT;J_ zpE70Dge1Wbef(s9=-Fw1r?bmQabNSfChqM1)d>!nQy#13s5iWpQeZKQfLY#sMjVhOg~=NS|q{~@Zuy4y_ki> zSJU7kyvK9lEWQ=sbC8NYMV!Qw+yGb9PdEtS0mY*b0=tk93fW`=+;k&k6K~9Tgr#zT z;6Xas;}B+`mNlVcW}Yfx<&6o1LEh%5-#_d22i^YB?cj9SKNHN2=-AjqqqpU$hAaQ^twl&RQ=1yV$G{hqavj?0oPUPJ4 zLo9@6j8w-l;}8-biy<25U#XF57oO&5THh)alzJx>nA10M9;X;23)K`imGsEinPNyR zj?s+3y{A^P7wOqM#-V^t2OcEw!lXC8Z_T`27~T#EfJ(I{40+Fd;L;nD5VYusIhkPz z-W|;C!%oO1gnE+Q0aaB5nNUI}s)i9h#^xGoCUZGNNBw?ZaV`SMiN8F((&wi3cm3~F zKU1-us)za`p*}i0)_;=dCK->(19G|! zvao;#C?oNbgYvj>hGCq9;T(NPa7e~P*+6luiFZ4H2LoHzmkNXGh)5$2+M`E*OGdyc zND!vW+Bz571JMHw4c_%O2&g(I(T44zC_ws3cVhT``;pC>#+*<&M$Uf- z$AW1;=yl^?V62+4);&;6Ee0S=E$uTjF<4j4xtr76Rb(%8c2R-+q5UDH!<_%+Ajfmo zp3<+i!!afxG|`#sXm(oEBNpl|j+g-L=Adkq!hNB>&!`{)a0r@u8?wn8)ueJd<-rnn z0cl#bZ9P4KRx~nhw42l4EpVq>IrzruF@9=O7j-4m!6}51E2cd?$V2q;V;Y#Ko&>JK zh~s!gO|uqVGoCedQV;!&r9{`xLLSN#sbpmC=b}H#tF2&c{eeCtOoAoVz02g7-WuHt zmIzZkfuK8@8$_w$mBz6u8^xH*E*s~ufu&Ktv3zSc&SfrlE3ukzM4RDUZmTU>>ce6u zt#!Ff{x8Dli~uC?ND)lN2;1NT%7PE*x#^C!kKJ2qkZG_lkeH_7;xta(w4#alA%*

zNacnY%2nhG$ z>a{fjg!?lV$k98MZnn>6GO(QDbh5y!=bB^UNi}nAEq!f5f9xlc8{Z zW!ct`&Q8b0Zjz`a{@BA)-j8WFO3SV42di9nk7K4~-Q$dz*(A#2vfVa&@6AT&!lr(u z04vq0VEl50Wp-DFkk{z`LI#V@0Db73DvTZA=d3A)Er zt~q9vrh0J|){98Hh+E6aeCe9aY0pXokK66(%5`ft*wgIu%5Ck6$YRgg2*5&E&2eg@ zX6oirt@E?C+Can|ENDW?EmhkJm&h{ z*RoBCGn3Ud39Nr)(0bpXw@gUHGL5VZctN5#oG)fCqpmVWNQ{jAqdioc42?NxGbhGe zrW@aRJ8ju#VMsqh!|xG`NM^_(r?~g&Ag8?J>e#;K*4Tn^)B8rb$i*CTV~2=>i#FD# zu*pS^u@Hzzvo~ENlu+bjn=WkFsx#ts<;6~Tst?Ni`pS%Y~FXGZi5i?Y=3 zC8jBsPJn_k>;gk~WOMwbvQmwU?c?wz8gmw9ysW1aIZH0)^Xj>@RL@=Td=`7JtyCv> z&1ztl9JnTkxi&$L9}=L_BY_ul7?X!u9EAn80(@n>sg4sBk*s#Gm!l+2D3)8S!c>UF zB4;7KTZ5-I9=r;RT?I}aR;_`)6nO#8Ck;H)}=?O2=QZB{1(TVY-3iMC)BY+w`U zgCQM+B$3KCf2ClewzgM(tjGh7MC9x!tKB!J4ME1ChNe!{V7khZ& ziUk7Ywasx9OvMnL*q2oWiarO2Z*^i2Ah@{tP%qg8U11N!k=}>=l7-MA|R0kQ{J?urJ9>XW>!s zwX0Vm?5v(Jd+NYTEHKZ1@C>|l$1)>FGKoWdm=c8Ch7|t6)38dc=dq}yO+r0!Kd^hc z18#*xNM+!8K?ZMgh81Y~`S$i|1CC|nOr?yAH1Q8>@a)U-@0&_{{Xb!w#sHf1|M^+J z?Ejygo*wl7KFSl+{}Z-j<^L1QG(SoYg{!BXk{K{zUV0d_LG@o={etuf#5Tew=FA5n zJU>o60Y0OFSQOM1Vp$bDnQ)jCgOQ3Hd&JR+S)lz_Crg0}h=@Zxf0tP&^|JK(<_5iO zYeKB-6bGT*yHr;%0I1f}kJzuD7-xwjv|S%2%$qDV*gMVIWU|&5VH6doKyg%hZTl2K zBqWx?m~>`DKKF$C>2jf8O{3y_L1Iq$W-CUYdH;MJcn1#>{dBqMaw!fAg$Jp+xSyrc zV6L>+|3<1mhW|epoRKNXcIK(|H1j`SxNt&oE;tX|6a-y)c>^;ZC5ry z76SOMU*F~?!hikx7F{t`G!7P`1HaEAZQ?~d>mt+$b!$?xM9FTWI)&ezCMn; zX{fwFkafNlwC&vr64W~sEUedi#qOoN*+JjxnEhG1S9C_V=v%#0yQ9uDD(LOxe>-=u z$^Sb$E&G4RXQv1GznAib$p6O|{VSxtoN~Z{@It$5)gb0?^@g6RjBLxcQlX5fS}N3R zk70-y-4tV>Td#}r4Z{HhNM8ZiUiR7QUZ`8w;jBgab~l=Hrz#V3z;%N7qVTSb;J(ob zX-(btS){L@*#Qd-DEVdbA;J$kU_pc*o@D1A-@o2a{}0-0|3>|P+&?-l>;IF(_doVi zp1S@YJSpw(71V2k6>v~f2Q~HYqNX0%6!uDO_h}Muiu=|yLqg&;#yQ1pS~cTt9&HV& zcKGCH4}Y_k07&Mo#Rf7aC&7HQDEM z2jrN@d_uP;$7svNu=*-pSvd|HAdK+CW=NGKwhdxqTx^Eh8YUZ|zf6s2GzA=QYLaSd zmdtW}Orya(tud1E!_MeYBeOXr`gYD;k)oZpW?DY0`L&_`e{k103fQ#&e|BEZ|35xC z@t%HlJ2ap*?De z_VS;y0Dj--qo9rc-(czd_vz6={_mwcLHTbc+RkJC?^pn?hHDjpeNY$sH)Pnus@@dS zAS@>3HYJXmW3#qd8_Tf)-#SvsBCk0i+X8#qax?U=X2#!TF$(ddmCRm66DV*Bnit~9 zc7l4k#_{y(d~HjUIg%b@AN0X=>k4ljn-}S3f(5b8PDAFpwC!M}lV8)n-RwVY)4hus zCZQ5RkJd+=V%SedpGMTZz5f4@V1AcuVgNMxf5*p5=fBQR4&VRVOL>C&-%hk0yM6y{ zpjLT&|D7Rh%IsS+OgRG@Fuqlwa_fMUrJ;D0N+R&2QOKd#Bl z`afT~|NrRd^!%{?_fekU`p+iX&e#2I0dl(P(?@mNKsH!mbKD{pB;nFw|C*4*z#Y^_ zQta8u0>GxQbuA@Tk&?FZX^r*2p3*OrhV_5kU&{X-oE{z4|6a;dT>p=w^lwwJb^3l` z*&8A}0YZNU$@4j22|?@q-y7Qy*@kW6qK!D$iPYLX;1t*<`0Zw}%{pF}fQ$nieg}U; z7Nl)g^PrZ7zs@BHBw+cn4kFv$M`=ki-(d3;test{x$5%9clOU}^iAIw)H z?3cPqpTlT60%o9d5HX_y+NUzt_(T0+H7zyUzLAy_}EE94s zF1IFSRBPzBO$uD5OE7R@Pg?ddrih%}%PEZ6w;K@3&EbEyC@zgq&Uwyv|Yc20>26wl{+9R+a)m(T>t(EoN zsw~`~u0Csb?>UhY%AYyds>gp{1i8mfw}|YltN+(b{nDj5|6|GjKk6Uu|J_S@vikoq zQoqWof8DIF!Ji}Nt60`u|7)auXQgTXcW}J4{*TX&4(op(<;kx9M@jpxvHh2l$F@RdHobStsEOfDAIk{$>cZO2q47sFMSDIgJ22wK`h)1+>#H3 z{vw|6g!nVrMgJ~kUHi|f++FVf9`{d|?7u_)|DMW|wf_tS`?3IUG@KUuzXsu&`@a_Y z?)QH!HGhu%-;7H;-~Y|nwA1}xp9QrF@fGKcqhgKE&eyH?jjN}AwJFkul8yI`Eg@U& z8(UI#x^Hah+H&7`fwCR$8yBhDe&6^|{v4&r{)0GV^JwjqzlE~e{u`XAcZ>F4|M=(- z|JzF`+i^IKMQ=8+2HOwW@K@MrA3xSuW8)+YwUdclB{xiceI=G|gK>u`sxP#bE-%EzINey+JA<1Ya_4&_-DL(>Db=R#B2ReN#cvnT4(s@h5Ww zjI%H#bn;6aU$e;W|v&+cR=TeL3>mmqc#oCo>$uEpiu2I^LlPcjt z@7EoPZ*xGl>9}ePVitI&dAYu1zu_osXtM&J)m7Ghqm;=-^KFSL+Zm%Zg$KsXDT0ml z2GA4|p?n(QbF3AmLDODId@y)-2CRFMczz>AYGRQ??YS>U&Rca?ur^jO1 z(~Zslo#M-`&*+#;7M_`E_Kn?M>X~2KJ}bxr#-%7CGgRZ4bk(cuMPbygYJ`>*Rw+x4 zl+Ct6%r^_vlo;ifbfYZf(wd->6io^HuK!(sr8+=5nTb#k;)=5o3=2pVEkA)QK0-)& z>MKUt{&No_k25BXCX}2+H_3QR9+1;>5c>3~Hw7HZ>Ax01>%LVCN5;>(kerf~M9y6w zxb(&(gft{qgdzMXC>H;GdwX@W1ih?c$}N@~EV25j zTMQbqU}NeOsGSq1N1;q1m1G+#4b0Z0t`YB&EVSPbD=78C!=lQqr?m*BGRn9HMQX}; zX~;ispdQ~W>>)G}wFsz*EZ21(b>p>R|8E-OEjIpaX*&ONeq7rB8=Rf@58waVOR1mm zYUo7_epR+twT4wKa7?_Jsiqp5ZN#4$C;wtp;_!+E7l~xT$06`9XHQYndyDx5WEStJ z+BHRbSEaOby0*&hG>MRGXmWCoQem-X!bZdTCv?I=Z1mN?yfmKwKQFKU^RvNW{qLm| z4gZadU2WH`*tjwisJIPK7A6$rJ>z#ebM#wbz>YxTGzsCg0rB*uMa71*Wy}5fuzv?M5Uz#uT!7v45yM_@LgX|Vxju_}cgYAig@U*-czQ&L z1Vr!nWN`LO|LwC#b+LPL{O!@n`FAJZzG$Y=5{7Ajlt|;6L`z#Y=1el5g>G@MHgbS9 z)^xVJd6)E_{USpaatBtmD^oc{j^0dgDo1KP3JU218<0?-Ah(_iKU2NA+4M(_YVWks zgw>P1N;j4n#*+|i%C?%5sqG$PIW25oufP3NaDXiH7Q+-eEVD_(^q~=@u7i1%DwV9Y3 z<#v%?vk^YZr}`zQUw{eOEY8?67!FcA{?mSVt6 zs(mhEvzHd(Sm>WXgP0L2&96+j*q^T2t zb>{CgbRiHMqxUh;8wCiRxTh}>1qhI2Iy1A|4Tw+;x(XYPNq2@r5@;EY?x#Qzp+aJP z3l^FYjDChNTFNo1q&G8P6S-aBa!<*`yU!jrP%D#^A2px&i%ANV>3~V#5uv(UL&O27 z&*!l@%0Z~frhOGm;5M(8-Z6A-lfM)+HY}V7u{zp-*GEa3(>S*>6I!K=HOPM(#D3iK zAIGQtviv_i?EmbilqF{-Ce!Kq1qjNzQx{tu-cD!!2qa#tq~Fj<@gRS9{rd@uN7_q? z^x3_9O8sf6nH`%bzFMwp?ug_dWM}nZR@=F%`}FHUQZcj4}| zW$rCrhq~F_rze&DDjp#Z0%ERQ@Y2E58oq^UuWMS=>y?V|bIaMMTH5J+RI1USek#Lpe%sQ+HPKz-EJQ62^Jt1(MxfQH|rfcUcT zLV!$PuKZ|Fui|S#4$|jV3()KZ$90x|p=KU(u-KnVb|V#dW%!wT|D#0ULKVrAB4%Y= z)crD4edWDGU%>+rQYb!Hm0g)EKL~_5por+Nh`Z=Y zOVczghU65G&$#&{kp4FN<@FEdLnCMeW5%HvL6cJ=%u81fV`KLUKR)-=J(L}k2Kj#v zqb_GmcC#GH4Q#+B`|oV&``?4JL;lBpN}D??EA7L}^k%vW)3AI?qBOJOumNEp_)_AQP$R3VKZ#L-V zslvUwZln&A=;=!ZH048mW4cKiHUXTk|MT!&r9(NCL;39G{|5j7|NmCg30RUv% BU)%ry diff --git a/released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.23.001.tgz b/released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.23.001.tgz deleted file mode 100644 index ba5185f39fd34daea32377062f072d60118f8555..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 606 zcmV-k0-^mMiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI#lZ`(W!&Dp;~=y&;cuq-EOGWb?BJq%lS$YGaZ2S#RXA+jWh zbg=&WK~B1EX@U+2kYPpMMG!@iw7~c12u`;c^R)qMa>BU5nCn;oCsZdI( z*>pOrN~!%-jpvh5Ihjw!*QzYb`AC)5^Xu72sFO4Q0eWJHBXx4F{g3-c0M2;^Hr`Q{ z388_(`bKJCwkVA+T2t5PDsjcJ$Eys2`GS#*ca_+Tvl>Z96L{EvaKvCO32sr`E*B&o zd=!T|OlA%`tPY-~?#uWwU?m^~YxGcEwt320%JD=hRc3$t>D~m6@}IE_78t3}v8I!R z;5Giw#?w9i&u7yM|IdOv&wt}I1cTohUD}aczo(=Dn{tH=Wwti1uEcFm?7JnB@1w>A zJ{V^Pigw6Q149y$Ex$YO4EtzYQv--loCJ-cjU4k{(Y zwvzjwZi}bz!>KjIACGx_GQ@*duzdu3xX8hQjB9!e@t{j41ZkgC>T@b9fW~Co$<$D0 zzI%mD2{yD)Zi6O@)s;wcx;3zm(BRG@r97*!9p(S>?q+d+C%gLe9Iwv**^BuAr&)^%e+#U&?{sjfMz{0$k@jYQJR*&NAp+MjMZDc zVQyr3R8em|NM&qo0PI%5Zrd;n&DmcebZ4uwojQYWMbpEub%z{wXCyWjB1?iq2g~0N zveR|T5_CX-6dU|5hA4`p1inWHu(HLFZ#5X5M+`d*xeV&|p@l$v51pA^3L%83=kwt! zggE|+a#78SYB4X0yQ;3MnJDfS^S4MWtRJ=$C-r|2< z&X4%NsP88JUj=!d|Hf(X8ov|Tw2FNDF(wVz6>B6YvaPnNVGn&I*R3$RK1f{Rv$lGm zXomy}2$GPD{O+99T4>?gT!Pz$kb3~et3ml z0mipbj6oB{RKt>-js|i8Hh8db&aWzLXZgQ+yk9;&@=jfz<1PLdb8$TXtD>Cve+_&% zKZEbtYTRNn{R=W`ftdbd#`h5wTkp@z`S-rxgb5QSOgN1n0RRC1{}R5K!vGKf0AR`r AQUCw| diff --git a/released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.24.001.tgz b/released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.24.001.tgz deleted file mode 100644 index e2280ef1d9ff642f8439091060f8d78acacf54ad..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 561 zcmV-10?z#(iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI%5Zrd;n&DmcebZ4uw<2r+HMbpEub%z{wXCyWjB1?iq2g~0N zveR|T5_CX-6dU|5hA4`p1inWHu(HLFZ#5X5M+`d*xeV&|p@l$v51pA^3L%83t7`ZP zA&$SIT+C<1d{LERQPkypCW^a7J)bdgapu239|^)tT%7Cpa{maxT1P}OyIk}g*FQdK3hJp7+%b~h#_mZ{XWyOUkviE+v{{m93)>aP` z?T|nLK@yUY-<`9XT+nu-Ahv4N3V0REn{&lBb_; z%a`!OuF;V`pY!;lBMn~O^a0H2A_s@4?WQ*nPP$}_Md^}CeNAO~keF--nHtK>53jH* z!1xx5F=(QgYFLuf(LgT11`ig_`BjDOEdN)J_sge8-l@xTyv6^b636p@F6xQ@*T9GK zGx(mZ#w{k(zaXO)i0MCOd>>J<_5RG9fA9NEm@r|&gwyyD00960FA)Dc zVQyr3R8em|NM&qo0PI%5Zrd;n&DmcebZ4uw<2r+HMbpEub%z{wXCyWjB1?iq2g~0N zveR|T5_CX-6dU|5hA4`p1inWHu(HLFZ#5X5M+`d*xeV&|p@l$v51pA^3L%83t7`ZP zA&$SIT+C<1d~r9gOCgGSCW^a7UCfxcIP+hij|5>RF3xp)xqk#;ts@}qY-}>dBoG+4 z;Sz`pa_w$gtrXgZ-B9T9CIhd(VTjtWKe~`flR?RgmZTZ=43N@jIbStH`$>W72?Ku||R-+iI&C_RvRi-3p`YgTy61YpVx} zc1WOrAPLFH@6K6GE@-<^5Zkqb)Jm^LK6D+|E{h&zI<^U}_rIQdbs1w0D#h4X$LXdoA0g9i)e{HnrsmjA2A`{mOk@6_cv-r|2ziR1Y{7uCf7Yv9BA z8GO%H;}(Dc zVQyr3R8em|NM&qo0PI%5j@uv*&Dmdpwr8_AaqP;s)n*S>yFKL4`z*}HC>Rioqvr1` z>}j+3Y8=H(V2?WM% zxCA1DT)W#=D}}aUHxzoj$-wJx7@~HzVY_*zFv_4k4dYKX5*QO1waD(*tH_>RV5d5a zXBIkaPR^z7%V_VhVc@;da;Prby<{!;yyQYGviH8a{{m;z<9?#iE$>e+_&% z{|4W&^*F_3`WIx>0x|u^8{bD%>}h}IoqzB1O_(rY!i3ZK5dZ-H|4p>)S^y9L043uN AZ2$lO diff --git a/released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.29.000-rc00.tgz b/released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.29.000-rc00.tgz deleted file mode 100755 index 0b35b6862ece59fc40756ef43a5fc25bc851868b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 565 zcmV-50?Pd#iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI#lZ`(W!&Dp;~=y$eCr~Z=7w<76b*t$awyE8Hy3y~#3qJ!n% z53=j%{eB-EXZg?6dV@^yR)soVBm{5q ze>N?T_&=YO#mN6_AkXu^IE`M@PbQmIQEorQqyf8PO^ijh)wZt0qKoX>6-CztMN4|p zR`(QbiLpk;BqRgBTW2-9pzWr{*sL9>Z-Eo6cZ3>5>T%l}jr1J(cBAQL-ImsxLD? zyuz+P;~Ol7powC2C6b&D26h2Abg)P%uc~Qh`M-L&Up_v_w!S>aTl_D|SMz^5FGv1g z1OJ_$!S`Y{YzdYA1qCDc zVQyr3R8em|NM&qo0PI#lkJ~H|&Dp;K?RPf8iNB=vZI$eyYPW|RdY`~-jDi8dIBNcV zg`MrT*+g5(QdTSZ$r551m;udu;{aCH81lUaqw|R2fFYMbO;G|NT7fq2}#fI##v1+XuDGo>#c)SN-svCfy`im^VE z$KP)2=i|Foqa%I2=J8EO>b$&Z1DMN6b`DY7U27m*bjcWt(j}Gpp3?FlG1*Qs)uoxA zUg1!H@ii3vp^0LuVo6SW1GxY@JXtvBH`TPO{NFs>uOA$C>ucA) z?)>EmQn%Y34F-h&9S-^5ZvRO9m5KBYN5fISKROzWNVhi_jD~+9gQq~Im=YFS5uoA( zzVA}Yv1Y6^A7q7Qz-MEF5Zj6^7z!r*jXi3*K__5i;<*FHk!N^n2>iNjjT9`OvAOY zuA4Xx*|^iOarQG)Hj#HQV>D(Rs5s#Nb2_s5wQ)-y?t;jHQPWNv*e0{UcLA<=VAM_` zH-0e62{+F*zS}jv^j!EBQ<49}plnCL24~cqIa{h@75^XfM#%pU2gBiEe>5cBez$ix zX!!pw(wXRg#TlNHFl8PjzMzrfhvyC4rH;; z{&NDNBDg~~2J@f9LCV4?L7wT+d&N&k=!O(z4`t-ejcp4u5{F5=X?sA#F(o`Y0SEOVeh4Y+ z>|@&;ItBd69gvs`w^?@D943=5N+V!7=@Q{P(ffE9U$IZ>^C7ubpk^#xt*Q{|}fw?|fhvF#E71qC`Sed4YeLhIw-S;T*Xp zfH)3jpk|U^kI#wYM$9m;-MGX57w8-2ajdSr9IlL4AQ`;rha!xli6$KCljl*q|vymgoKfzm;~ETF7MTCGbZmMB;aQ;>Lvg6?~flPf#j`X&8HZ zB=-K>iN=O;b#*nd*p2ZWL8%3tCk%+?fbN>%)CLe}8Y|3ilL>GZ8dKJm#%@6e$N@`2 z2Xq(pO8PlUz%R5MQRAq-f_4W^Vk6Hp49-4zy<`#uF$0=}3{|6Q^}05x9U6MU!wl&O z^a7awNSi94@Pllilnq8361Y`%`wqX#`sBzY>?Z0MGz~ zKdX`S%pd+saQ2@-T_P_|Uop@YkyehR3#X;3R}Q(0ASE)s6_nyo@KO3{pEbvkd4J5-EcpwyMnVvm7d!R$<$9zRYk4{8?(BH_sV5T&R!4_r{3 zqX*u)Kxx1TEK{AYP@B9W)4+3}2l&Y6pD0*27E%y&am>dM|JVh49ET6Lk!F}%bT=ah z2gPZ6aDW2<%WD0hx;iB$SSD8D#hC*MN2p1#ip$))_s{ln&->`t;Ue5~85#;VD6k_y zGv)>z8WCs#OlW4=0lEn~g;c+Y%J@L|#doWQLZUu(9OyitAg7zw@7kDO90IaTmR)qK zPQ!@Kf;o~JMv6`=#hBm=V}b2Le>fTC#HbW~;PC?5;1rEI)(Ix+gpLMNfj1Hd9n+|n z^WkZv45s{Zad>J7z-Ko~yK-&;?*ui?_(V$6sRCX8xuO&yCz)HaM!^$_jh+E8YOkNj zMy2W$+Df_mz%OY+cttr4l13 zUa#O4cf3|srC}5%o_88}uDvdeupkL}$yyk_n!XKUkSh#k-(po9BV_3B<}`{x`L2PD z0IUiK*#Q&F3d33jua;NAF`7an*ThQ02us&Ts~$$F&#OL41sd_vTg2!N?ZCGR@M?58 z;50u#O_-8Vg_dE(CV4gGKb}ivgpvQm5{#Vv^x`=4r4p{s zp}cm529Z-6E>8o8oXbTW!uf%#luK6BE`=`*M4L^+m~{jXfIpyhNeFHEZeJ;erX-bA ztCo=}1all=9D5+4ahR;8)u&XsCJUuk6ukQQc^Q0;5m<+=4=`6Fq5*yzz;t^dORiI} z4n}FO)<+2j_~|d5H=q`QI8){Mpr8y_0o|D!mkjT^7{xFW>NfF`I>>loD;N7;gWO@uOxw6dI0 zE@+M+qPQ+bP)JRB6zufAL^3a6q_YZHO6T3Fv0{?TH|TP7{b{fkCrP=8EuaG%dCG*O zYDJ0vg1rs=GqBxTW64m(TQCwMc-8B6yYOnt{vHKM2rv5Z;c_$3NE-Ih=Tpgtvi$a48`fag=?MbxHsBUWd>plSAB2C z|B!=&3pYGC7?a0uLl6NW1NGRx}8n@tiQ&Vbf4_qgXDDBKF ztX2lnEaXvc_I=sQUx_y}4cSp%%_sG5v{MK13O`3fyUl6W_=xKHh+>beX(R&Rm!bf< zczw=&jfwBtV%2j(<2y=y-NmREL;<%9vcgC%n1DtQ(YT)Z!{MJxLFJ$i7m9LI|GCs; zZJ}wvoC1bSBMr4rV%_)7g&`lzX>vPyRDs4Vn0{#5>b;lQ0M&uWbSKHMeC2sPf9fF zYisqIQfEA782NSGJ9>|%#dB)|nhz>pkS~W=EL*J1XDnb;+n@SLst<^Vy^cQ>s_U5p z^Qf|dQjBW&oR?v=)aRU5*U7p&S4$~IH9WlK7}fCb*7NJi$*~T%EskubMj2VK{>XOf zkD`o5&U&MW(`eo^dp)z?w!9F^wGRumm7r8>>7p8?6-yU|B@0=#R#OQ^wH6A>Fsijs zu--tL2VOD*v(S09vi~xS@`YCRB2>p$Yb%ZUWf(2%zS*X*19TD?|=QAO9ShmqEGP~GqDZ00%- zEbu#`@XW$cd<1Y+1EY$rtBcV>*R9uU^6%-~M#*kkwoMs(gIdo*!3?7iH-Lb-j3GW^ zOc7C#%(%X^Q1I&Vj9Sh=QH^^Cg^KRoWf*1Q;>w$CViYzI;c7WX%>AQMP(XG4-rwCt z+SI{FR$sb;u^b~&(8hu#7`0lhYJ>ozeEe52{x6L`+2T&n_4j{{2BV{9|K~1JvHvx< z-qz|^5&u2tj*b@MzlY8KpPi(=)EA?jJOju6OQT5LEZh@UT|X* zl<;aNB_WwS91~rT$tq6av+zT(F}Zwi=HW%#=TlRV8C;6LoA1#qVk-u#J<7m-?+YuPFNnC03(Aq806vSTA~$8 ze9>AF7MZ$CIdr~B>^ZTV-!U43`}v^)pQ18hMGwzO7VRgzstN8)nnV_-%@p08-)E%$ z-jqObwR_Be6Jm!6U*4O^=NVrlhgba{-ng=fLb0eR%wu>t zEd0fN#MCFa6NC84Y{Ius z^bo=zlzXOLo$`0KdK#0rflv9nJ@P_ZbB2y91x-kChKRDStqJv(74vuo(R_?*LFA-= zKrAm}lUXQmPCv-Gv$wafWO@^L4#QROwnyjGOLr&}U}cdzNn$xwY_T&WQ;!*qV;F2= z(Sc71ImbBmKIDx8n1eWF#L!P%hc5D&(oL-qspp)M3qg33+{=gw_;Ng)%(2@rg2eTbx;D6*Fc8{MYmKhlCVojkq)i87oL1xyF$vfB(Eual35+8sm-dWMo=4NQMgCuT?f*I_t z*#ou1z`bymCr{FdJ=wXU2c)8PMz4W$BWP3|Qo4N5xj&R@;{w8%uN<^7s?f}H1MFvb z4T_ZH#9Vy?m^kKIqK~Ij7`4c(&t*W;YOpl6ot5BT-UA1S=~uMNtw~j>+Ws$u)jYx? zTy_3Kw>K!9|8RITJZ$X0U8Ij6i903cufpuFj;c~i+Mhq?j%B( zLAvDSr~z^o2pn6;-^7_PSiL-fptWFiDif?lOstm>?I@t71=Drv<9$2KAYKfm-~Y|_qCHUG!`iQDl5t~&pr-!JU{?)Q$mjsI^a2`9fM z0Lq+Eq%D~QjFoFjzC*V3oP0NVKx=vYBQd!tXZ{_JfoSnFQV#gIX$j^+zEc@!EDGcM zcDt=H9{uN+rpULIs^@>UxAw7IV8#4D9E}bO^S?hFbes9Vi=-=aRv5BOcRNY@|7+LV zKuD!cx;(&DHAE9D5p&b~YPLad21u}O5Qf9Qt{W)@z>Swzw}6L z(o>`*{$DZr`6BV-WWXx_&+u?qT>tAf=l|{|tx!C(UGN9 z*D9Y%O3@U)uQU&B0p&HYOE(+DVyl7eS?-LykR(?fL2`|Zx{b%|Md2IrJm3@>@#Y2|m&(RcxTn8siQo%+R zDqg6rGz4U^w)_D*PfvwPK~>qOsOd~xeq97Bz85bRa;Q&RZOTs9LaX&ZjAiESd$b2& zmHmG>Ec$=?gKne$?IdkUw-Xv%sbUXFd!t0s z=3Xx8Il*bgZ^>=NgJ7;-dcOVHQZ@fi)q_XZ(Oq}{uZ;g{_WwS8TIv6nhTap#e|JaS zqW}N!Xw+}y|1Q!B|4&f{7MBR*T4ec3L49w|HkJyOImXxVi_1Gt#1W1wit;><@Tr%V z5tpnu?a4#Fl-kX?&3MV``Hu&YZ|4|*Rr>$Y!v2q5f7s~%J4s^y2X0a=WdXUD+R^mI zeIW7_VRehL;1SwJR}t&8mOB`0E7|0~IipwzJ7d(wa~RXO8`JW_8>=uGWsKBm6yQMz zBItsA?*#TOjnv2Q>x1LFWT~TpW8+0|S>)o<4YQ%zZL4hoU9}BY-{310bI|F>{2GBX zZ9lM)?fNatCEj5?xTbn@%cN(h5SW>DKPJP$;BWx1@XkPwq6^gWbi3ivaOrEjoLmRS z0lo0iu_)Zw=?bmz{L2TiD)7b%agq6(-TzX}|L2zHqGw87?~b>*Zzd2{@&7@usQ(=u z4V(Dyouoaf0A9!BnMZy2F9`59%+@k*M~k#HPX|2Vzx{pEY+#lk& zcC3A1xD7;ntZ*2lckF6+_O=B3dK4US@$jP{JsK5x1i+(URJB9w&oPg+Lln#xr>~@t zW?D|@@EeQ$gFdJ#pT)s>%x`Ej_hr7n7O=`?;m2oY@Q{60J;_}|AD)x%=siEz8pec# znZxKA{a2cWH!X)rdNWPyO#R|#>)???Gne5Fh9)@`hr8={2o@L|axrxSBb|z?613y@ z)%A=fAJi)ws6Tw^nY>x5=KmkS5W)pvGY+3N{_k*fwBY~m^&9@bll1Xp=YY&z&?#}M zqfUxZb3e|IEHE&}h*0hJmf#!*?BUZy7#2j&VZ>oC=gALc2RYpx8Z^OD*=s$pE-?pnqeKL@lPtC z^ZYT^fz4sS8*B@&h+x4ica0`*IKc4aRX_ZUD9X>);>_dOmAehp-530w8;irr)pcI{jIQ*4xH>e>{3?nxnscXkq*}F)X2|tKNt?(rdgf-fHf4|_&4q%4(?y-Mmywve2kW$2`tqsd+oAi=$a*nrl5f!gq)wF%1-2aX9}W({Oj=yRLPCngre4nT|~1j7||L6$i3pY(TEX@R*HoHuU{BUwZ2NTcjHCA9xbw zqk=%zkN>~`z$X4<7pX@7)7wYJ0Bz9!z2T_o|6QaS{eOG-1^T~<|JqHe!~cUI-ZlR} z95wuZC#jzN{{sAf*!2G{QqBHXiaGpV-wUw9{)gT!-2c)a^asuP4?9T(`@ia}dJ{Xo zBKB+fYPEC-NO0v|fTFpK!)zhctK4C{rK2L`aq4et)mS*oKE1L=Y;(wtj^F&qE$y=0 z{OMb=7JlUXvO?laE`gpOCh>*kdJ4r0EZhPTt0TKk`8mTaKG6>_=1v~?eji8HukxX>}VEV9$U9Li$Xmmz4pj_jKXZ%YH(_z4!d6PHTQ$5%}& zIeAGt&PqFWX_y^+kMpk}fvT|4RzvlX%nv3uo=c6ClYe<4s_TOQzc>d$?s5$>e{e04mwk`$#4z55R021mwh^^W`l?gi z{eM~jc)$HS2m}xhbzJ}}mfDStZ3=spQY!k~_l-UtVj6#?)3gG$f#) zni3MK)~F2R+6_}hS2s@N^>XdluqA{jN=fM=Hh)lo%Ig@@BjcP Cfj=<- diff --git a/released/assets/rancher-logging/rancher-logging-3.6.001.tgz b/released/assets/rancher-logging/rancher-logging-3.6.001.tgz deleted file mode 100644 index f6d0a17e6826a1311865baa2013f606ee3547606..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 8486 zcmV+>A=%y^iwFSMFx_7O1MNL)bK^FW`*rmzaB}uC_6@0rEjy*FT-9V|vNyH!aM@0_ zwp>#-MM5@XisTZcY-c9-+pilB5`0P2!8YB|=7Rn~)Q)9C^@avbU3ucSnU`G0w9MX~v4&AjdP0rWUNI;x%j!4Mwi=l^7M z*#8UZZx4m~@+Y5v%lCuWirv6x;|?LV6b%g_aG~#KRO3 z_Q+y7t85fT!Q6EyGj8S)j8rr*Czk)K<=S45I8e#7Jzx_WO}*g0Hy=!BYz-=bMbx7f zqY~EwIVxKuu3-nWFz~4#r`>m~(EXW43}$6a<^%W|re6=uW3%4@gzd-;WB%x6;Ca-J z8L@naOkEE!MM#V!41kea_vY4nBzE9W-J2w`CLSd(&t5T;kkjCvM${pbM?mfeK4$U~ z2d(H#K7=%~;vh0Ru8n=&#&O8Ty`GJ7f|+uNoD~?OG3!Cc0soiNk?>7e@yyA*b`1#`M-;@N6rKXq>{CBaqBX|*EfL=6Od;P38qu{pTxJ6Bq57| zLuTYs3XGzt`1ni-30;bUlxN` za7KP5oKw=v2fg{weCSbMO#yx%_4c9ny*=_?A!G2drV_hzk&TOwsb&n%eITQS>tZSx z7{Bn5Yh1^PfJ~C7f?QX6Co}j=CR8pnm1wuV0G@#@aBzNPD5>?_yD%Zwq<_xD;RYn z4&`ITIR=)4X^zDVXY;#!|HyVlZ1=y^n~9xP+ep$M&R)NG_3pLVD%*eLQq=#=TbO$H z#s?PKS|3aF|NdxroY(&cCnv+>R{!5c*(0Y`4Eu=Bg{YW#5UdnrOyYWcj{q5ZXWf7< z+}R`iY`~H*4B+%n7%+=RZoFVZxS5CR!x8mB>dZkZS)g5K&q2`w06x7DGU-_e632Z2 zQOvdQ|JXOl2j6=HS;bo-N+d)>1_(&AW4=1SItP(U0mRE-HUj`ZzdR?78?lagirrgGU{6&g{UUy{|}Q7T3QN`dd5uV_CfZhr^TOVR8NU zj|c7g-$eo5ep@_Rb00vbb6NZ$QV}u~Hk8Js7OL$G=^3E8;qo8pPzAKy=uJ1+PtOqI%z=vEC2D?I=QwPW z-R`SB0K_@Yr<{hyZr1@BT|j_8&kyCNECkFgTAQtsF@gPD|CV zWH~s`DoO}SC zI`sY2@}PHtAXk~^hq#Mc^T2gT96ibtmb5z{uPt@V5h_gof>lWk~4fM(21Z+NbeXO#4`0q7=Z>R0n3I^&G+lke8CLZW`^IWT## zIJ4;UuJL@C1!SA7x|mj-h7p|wb0jrzicTvfnBW)20^7A>rKV(DDdxcA4K(JIwj-Tj zqEDD;IKuKlBGWOAdO6RGMoMXLEwZPE0Q~Gm=~T`wkez6~`b;XzsRCX7b4@EkUS-av z1`S_HZ1f6%k+FIqYqe_9kYjZ1&Onx#DCilwq8_j72%rxYrZ%=fCyfYiPO|1p8eT6F z-`6@uv31h`m0FCTd9#Ms+?`h2m4;E6c;0E?x%R3w!iFT|EgNC(~n!ZsMq zU9|4nc98f&AV&d;_KJqrag;0=c7{>N!WFRkOx{Tobi&jgRTvp|Y?3!q{^7Y)Mi}`| zY{AIc4=-M3?k>XhxhOMa=hTMF)4(C;(p68mJaDPzZ^~(x!gLB-n@z)*^@I$7KcIC< z2!?#NuM|U5l1i#oi%1p1aU5a1^k9cZHd#)q`vO0AbPy#DmtBKRC5I32n^z+8@q z2Kapd%k711xk|$(7^Sn?93^1z)1P|pKrMppOtt4sK^fldaA$5@!QM?VieYsKov1NR zl13L<%f=0_FF!8D$Oqu(6deb+2R8)#N_b3!;}_8rY89=# zWf!s1}+=t(ZC-s|W3hxvS+7wo7!m=$v0+C=%Z5#UB>Ab)zbw0OhdymhF zMgH~T-CJ%j7RO!bJC$-k9K-nZ6wb!-SS;Oj4oVP@lEV2{UV=eK9(}OzR>~^o4P&Z~ zfp~|vxwYee$icyd8y*~t$-jbxW2)|&sN?0O2KeJM?aO}AqVuC>&-*d6=gnP9ySl;s zmUPa|>hiWvK+&E7GVI_W9pbfYah>f)+-Z#m|GJJedm+i2lx8FpbW(#WS>Du=TG;~E ziz7;VGYh+w*CR`Hl$l*!b^1!IndwDLWz~FA`-YJkh?m$oTH38oyVge3%tjP@Y{f$& z0DdhRkc+qH+}4=*t}VQt6B^%B>gy&(y&-OJiy$kEq{9R>f{4b=jz1j!x!kB6wBbTi ze$-c27;T|xz?uSqOd}1o&%*C}?*hvQa~j=)rU2Sz0(&_O%a->@#C3ifci0>1Q)N*u zAPw^Q>q48sN}|p`Xv32oV9OhjJNlSTx6cm=&*ZcjDJAxE4KEQji34>$mLPLmlWN+W zD?h8PS@*3q8%h&?%rNqsns@XWO`GR@1DXvg-;ldQES5Pd^A!siHMXaImg)oIVXtCO zh3*FC$ULg;pc117Hs?hcEwnkO-Sx8R&h=7>Q3DHaHAW3Ayv^*oa&fF8ZHt`kG-x9m zHs@@oITvL#a#rIaPNVt291P5%VR<36GY$*ARiMy!f4U-HO8noi8yNsdz=IhH7G5@ zXwmdFz^Hl>SDQ7V@SagGupAmKoVpwz6&o#@I$Ughb7&45%~};kHB+}5M%vUtcfYu^ znd>~V!0(C1GYdnp5WsZZ84hJx@c8OZ+`PY7BqevBDe(aMWGoSE4)I9 z6ruS$a)lKu4!E@&1H;jw3|}8HN--5NW~T#NAZ$6-OLU-*$)MBWJ0oTy$Tr6`9$YuS z8YMF}!5v=3#}kt6hhw5|WU`A>_*vK?*qB^??CAG5#-!Wr6fbq~hoyTJ{Aou|qCh_V z#?5@MgoT=4`s2R&$zw%O{oY=u$}=LJD@Y%?ZE?7S?2&(>?K*)o4?1YkxP;+e&^=OH z_#qxsV_)Xi=Y~KGU$y3F_r`g|sf7KX*=T|1pzYhhm0?~y(3gpzL9FaCG@~P`cxk}C z#cR3JY|luP@DL;F&)q2SXWXjAFAR7tra9oSQ&gT4mSDUrBkx?_MI$V~oPd$D4qo!` zb0g83CB7J~xE7h3OgVHO&ikBL&M$Zyg4_9_1D~QYVMUM6Np{;$SXGk<=r@ThPMay3 zJHO3H{jDj1qPKg@KNDhy33u49S2aB1u*4%eokFK$@;*41j%wgwc?UtTFTX9! zvBpo_8cltIF(1TFW)q&M1HX;Qcm41ByyCgM48tSZTyDZaJ_3q>cFUni4;$2$pT-;; zjF%g$_}(|C{F$x3A(B4j&-Ta*&ASaOQVE)n;#w4K-&zxl+pcfs@d{%2cz*_wla>hK z$iyMDP~e>YAXn+$UdcIo8+Z;wf4dA>R{m82(-ygtB$kWP7BMK9BF<=xF{i@4!55!g z%^Z6l>P7*qc3hldktMFf-Oe1`4SYeDv-#J9`M^9adG7xzFy2FMosKJfA*q8nw%8r( zr8jsD97>91*`(-U}KcbrRds;B5U7k+bmBpv6%Z{A_m(CU2BYCaHjrB6DY zNsx6`XiZ!YP%cdutP=&$^JVwN+qd11d{*mk4Ds<69}4!#T+;%u^g3IWe&_R?^O^(` z9$1vF5&68pc6<~a$7T2(&J*g114_yI%SOfp=kk$5_a?};|0b!I>VyYYjO7E&$iY;6u zEaD7$70F|*s9vQzWXEfxc)S*J2$ct673h>GQUy?2S2H7P28LUNbtqR3og_Ew!!mgL z6rxiPNmr3%Wo>wQ3nLB`sEv~ivijbN77{Q+&Ipp&5DhcfeRBYMS0@{C^|pn(o`JU{ z&AiM(Mu5kl7)p7sHZJ7s+I?#&SQ^{TQgE*yK+eR#Rv5`>c`^@H?8yZq7*eXqXY>Yk zL!=8ReqUO7-$JQB{}-;+Y;Yo6mjA6kD4hR>heyY4{CNm#&?pzkf{S0<0IG~p#E?P)c;$wYZ%`~fC*MpS@eDiuo|ycAW&R!0 zKy-OZoCD4`T_Ie^H>v`SMPqz!7=|Wz^p9VfB7d$@zy7n>+D)avlJ$?CpThbd9*Bz80u=!ukR9DI6~w5FBZ{)fT}|<#KYxFWMGX4(>}kt}@ttTHa9GoGJ%dbSPyVmRwCM4Oi<^vy^E-jBGWU zB5`|uyeSG}(uF#TkCct=N?Mk$B5BkR9H5b;c+Cuc9hZK_i#5Of)-CpVsyX0FZ8Gm% z9^1?bqdm-1D_y_Jx0O+EFw8^aS*r4o6v@&ZC|5nz2(d)I=YAA~t6+)ZI80FB~ zS|6G{GwY^c{?X4|h_?=N31NQHWSYgeqE z-a8OTXx9)>84wS1!dp`?l=ZewZIJtg72VMIG;ilc#WaWmJMhNj;^nE@DRn(1e>SO8 z@mJFESJm&oG^e)ZDar!-ui$>}RNZV3SZ4n@K0Ge^|N3qI-`$iY$|twe>U#vQU?uS_ z9F>0+p^|ssap{rn9#Y_*0psL$5N=zB1{W?!``DU=W8%Y(q3cmqy&=;Yh13>6TL zA9-e~W~k6P-j1y7x>5UdrxZisaiw`^C6rgdE)6z_MW})8S?-KU*QBGU$M;H^^eXr4 z=}C$f$}-xHg?T#|RoKJ;1=xk{Vv;3BFtZOpH(VoC2&Sggr$;D<2XF|D?}O+L9rR+I zma&81;0fEo^c8Ru;YJl~2)rf@5TQ&m_T;Elzxb^}mSit)Vfq94)(rkA`%yv_U$QE{ zkD(~!dbnVc8ZlDpxYS+c6_9do`2;&pPleizs&-CM)0w~ymQI-VTs$b%P(N*TC_D9q z*6V+G!$)3%$$(4;t;)@WjUwXa$-b%gvPt}8s`{=J4|BLs(Ms57> zF3M8-zdYzY;r;LaNxx|SKRjyVe|J-s*nf(9V9`Y&{gKt4g67toZMX^+8OB$!i_3SO zh!l=Xn({gu*wm}rh?lH5#^f>IO2t@i^S)&L`o~1%+erhkO#eSB#eWQjqgMalNfGfM z7&=-h0&)+v)bzzT5Sc|-z6(>z2rc|n-1S+>9E`nH1o^KoC`#AP7_~7EV|wq#w7l@v zDlA5MN9r^RFwudyctO5(0{f0e>c?-JgX6KQ)X~7PaT#28b8%r9Yp7yiwV29f!LfSS ztx(KCryujz2%KqAx}7W*x2l$ShWEiW)tjG81|4+`W@bH%$?<4(ID$v`&Onc%3DolR zbHm1P>069!*MV_BFMKpC3Nv=Y`9*jI-dQ0!ng6u$FZJ?&Zh0v(XbV~xQeeWkMY=JT!)UmL*@?_S;r(#ELB!2FG1)Qv;L z=a?_G)CT5@(>HRHW?D^{@LP-hgFdP*pT)s>%-_&v?#p_AEntR-O}N?xzj%l|7l2%$sRjKinB|95zDRI>jM2Ce+x zN%{1tcR=PY=#;qBQ76S)bKlR9EWj9Ja?s<)&E7%h^+PE0$)~R?%idSfk@XDuPW#$( zwvkoiIjZ!)h4kvUmUm0!>h*1Me8@k#v-4y+bstFA$bhLeC=g8(uBblH+VDs)DU!%J zjqfzWKFrQPsesPw$JhrBhk+$p9sOY78D zXheIp3GrQ@j{`UTrqiq8nUX|6$y-ZOTysxXMi7onemo`JzcJ%)cy%-fP4v48!_|Ej zjCd+u^up3LBVT5xz1mjHw%mind)KnJ@!~7kV|bFolEZl338LpnGxaVRd@Ie&@sysSZa8W4-o~*RALT)B1#zYp;Gq6yT z5n&El=JfSbZfP&e&1c_|z3`0diyDcXTmn5mOyUd6^%RO1*tiQMRw=tqd7j~JZ*E0B z&z!(fI`?Z&b`d^x2VI3dPGW~DZFXsOpwfSFmRJNf1719QCPC2JlF+trLUC&Sv zr$N-s>wTpbN)78ac`JjEXA9L#t?SOROuH)$qTpUxFc492LA zHWI|vYOAGOv1JuiPa8Y0P$L!oGkhu()sl8752(Fd6GcJvK1M45Q-ZJ(Sdhfcpvi!a zY%Z$dWxp?gnZ0-kUuRSc2-K2}PREMrFVf;RV4{;8%&;MqjXI*N1hzzPV-al{fnGp- zql#Ww(rA!8iWCmbP>BmMHt`_rE;GGs151Ysras{?C zPwOzgy}}TlwBYT1q;>%(9YSii!}98fLhq!9Js8eJ{LMB{gXh#Uok`mE9cYI?B-5+6 zcmaM*Iu_q1nkOe_>CNF*r;r@rgh&E^_~{}?;W7=8NUQXc>L-89-KweoR~h-&xdOUG z{tu51OYxt_ZT_#_l&5v%v`(C@IB{CvM(f*XeH%OWZG36TyqnVS{-2V?@EPT?AK5Et z0!#0I42$u<$Nc_RyZ=9Zk>@`>0Z^^>4wIjr0Wny=QG@glaYg+b9#Q+Gp(4dQ zjPRF<>yj%NWoiM{T4@@zXzezwGSMm%e>7#HEni(}s{d^g0KWYG_i-`)XD~Qy^}k(| zZRmfS2Y_d~-WLo7uSBA=Sx|WGz*N&G2@kIu$*O_kPWt?73=^+aLvw8uDdCsJq1`Ko zVK>zkM5zqlZL*(dwQ^y+mAzMo@^btu!+AI8zcvWHMCgSv-ODF&yCL0hj`~w+MNRkr zO#*I zv52j`I{(-C#p`#ku6}y|=Hh!!DEaR6tp%l4NkQHbM!s$&uhz2vW|~7IX|PQHKRG!n z+J8qUt^U80@_V-b<}$#v7T{Gaz{-`Y<-s|CdaK%hE5IzfpI2SCwfU~vM{DzKZN9C| Uw=HdH%M+FV2OrvobpQwf0NHx9dH?_b diff --git a/released/assets/rancher-logging/rancher-logging-3.7.301.tgz b/released/assets/rancher-logging/rancher-logging-3.7.301.tgz deleted file mode 100644 index 90ec56c7923fea8ae9d3068998a020182c3ffe0b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 8487 zcmV+?A=us@iwFSMFx_7O1MNL)bK^FW`*rmzaB}uC_Kv8BEjy*FY}LH7H?{L{*-o}n zt|^-$A)7HpatTtlGn4!6*Nq1Wz9dqXn{?L+zwuX))VjfotCPJabMb+-FC3e)-qj+6o{9>_)bxHe9n1A&8wweg3v5Eend{&77sDxy%wZ|8kh;`l zRN|T=M`?}N=~@0f@IC59N%I{uaDJj8gHf4~#Sp#*$=7}3$k^`y!dB=65zl(%yDqgN zMoiBpGsgu?5fURY17PIZxw>}miRF7U=PC}(sY}VLlh@23$Nnu1sZFN$= ztjJ701~fDyKQuayg-u;YQNSkszJ+3f8M23*6Bwfr>qEOf|Cf`IEv`B@^#0ZlZD6ln z(!U;=`PC4BcnZ6H(ou{5Of1s3?|G;X!5X9h|8gqL?ZLE<02ZMus zl>cLp{rmg-2V^k9HKCRN+eka)L~uYNSvzOf4kLVm6ZkL%d1e!THiQ33bWKSdun0J0 zPR@nQD9DOW&yqJnI%;+s)4i+L7 zu!BD*A!U9XT9k2Q0EP+wN4Gw4>4LfpNg<(SnkV;uEZXJ*88d|-c06cCE+PbwpM}tf zNl-jPqsh8ubUHu4uX7(-bG(@!&iTqr;J<5t4v?XHd=O^TjG%AN0n-_PgkJz(a*hN} z$*-hyLVB6eUyO{qKK0ZP;P-KV7h2!hAs-YnJ>J(uWOvTee(^q4^x?T20trU1 ziJwYnB(TU+NzNU~aQHD11w#1)-e5lV5ws-W9$XP3MNTY+6wZ=QV(>r$3Xs0Hps@6K zP!Qyb(AmtAzVbd%5Lu9GW(U%je>wIPI9l;UbnU~WOS_2@4;h>{OXl3>Vr6x z_Z7z&SPq6c5+j_B@9OmVni+fK)O;yH4{#(EFCeEo1_)iVFUmny$5=4Sw`uLSIV8f14Wl1}C3HU-GjA>=+ z`w;`01gIOHSKCl(lUk^@bEKz_=7#fsC0!NJGQBq(e>d4fh&=}?e&?w9rHx~^4R*b& z)&LOaIG%DCjzb#K|HKY+0AL5y>9j>MG`{=0knAr(J0>rV-!j;bBCTvm7fwsnu4Fmb z&nqHFi4llH!LQP~&NX{-Ilu48jLRY`C@4K{iYIB=CW9w!06#*lOJO^B#mz$}(mM40 z%ygl3fgo3z7yG!1nhW2tNfh489hS5^Ah2|Ma*3OVOW0GnHWk(^@e`c~uzmssVSA8l zB_n5!#v!p?oX@eeGL7x+<)`W19x?#d)y6{&bwW(odYG{rrN;uup<+jRp2_?4Y$x-5 z7tQs233nY9iJfg=hJa?oO>elbk$aS6w*lzJXzN$wA{yh2@T2Ecu|lkV>f11Qk=V27 z@gRdi8~rreg)V{O5{VguG4e}Kb zWy{3)rH)x-Ue!RU5;Le?ui_;?SF3DF!zhSd_tH!qg8k!yh9M~7HLwwYRRytzzyvdcpjO4pzNtftkMM9C(F+AAtve*SG4e2x+95*-g< zu0})y{K1Fm_CnTdQn3z3$*9&x2^jqN$Nqazk6>9-^*K{ehE5*N+=)uqyDml%%nqR& z)y7HE=q#;SyW-{fr_YR4`fpL<3I zqdI()I%d^GD8)#t%LQdYgA5SGrWipbHR*9-r*|bQa{(h=RLEMo?AFf0&flwJi$;

?=nKQk37Q?HBW~+dg;|x2 z^alY2nRrkLZ*2=A-HyLEI+1*(;5b}@k-8cwG|!xP4u;*pi~Pl#I9ibx;}Z65FQB4; zz#l~kcu>ar^55h55AdR$!JZ2V@NYjlnckk_jWk%it-zo4--OC~IP=_|yG(WUN}qi{ z-}XK~KcOq~8I+ld8T6fs(qvi}-1@oSU)^rFWnqZ2-VmCCi#hJv$%e14NV_f0Gd?>F z_g9y=bW(5#z!JO%`S5E7e?NVW_@a%~qrcM8$cDm%k0)J44{;=04DbreSwk);h3M{?cOSZhMAN6+>N%ByL?>&87@8 z-xx99KTk}DE4~>wl%Abc4WJ2yz!`D;lFp=o^r-LdsdsP4nJD4YY{UiKeb$J+aDN10M4uHM4KwD1BdM z{@52J?V%#80e~yrskCz_xHf&dMBNSVDW{>Yx2^~S5h^9Lm$}bJ{adG`+FR055IT+o zn!$Y5T>#2}GXcYVt3Ct!<>o1tPhM|6MSL`Nl@Z`3r%m<`;4k^$GXW~BNAJrXu~sl4 zr3(pxf%ZTFE!T4Y%n#%)vAB6co#bfNpY?mEyUWhU{+1vwIlLI}#81l|fj0mRa@VTK zhwHg7*?bSsx&ySnf#BwbaF$Th=u{?Il3lqx1?(G#XC_> zcu9M``*In}RZfMEfah`jz?BeeyYn=ElzzOVtxt$%TGCYDI9BO3UX%UgB7{kBeh|46 z0jr@CtPOOPur5!CR4M9275VO!M!27<4&~Gi6;r4#_bG_|XRT9r?cqiW=TvcHI6UHh za6Q>u%M6vIK=8N*4JFSlBWj*EH+<5Y+F5xrO`q_UnW+~5kpoC7$a~nNfP_D?Q9SyA z!cs15;X7n2DrU@ml=RPw&fr?wlq(*_s$A(x!hi)ZJc_ zO#EuHNoKQQf~f4-G-omojIs|^paLxd&~R57gG}M@_ZPKh?K0T;J(ne1{|@}%>h^^` z6g+uKXm3Sz(qh_qPw&RMnpFPLG`pBlC*?`+L;z#}z^J!KHfAj8dASqW-2sUB-;q5d zv*Upm_P9f3etEA2k=b)zrIAnzbN_zC|IYvGKxX$fLuT*piKDRl$W2Ss@wtUKITR%7 z^x77qm>U=W=Y97!Mx2h%h8SJ&Kc%bkvF-*v1wPmsjVZ1@P{<0%*!jnu_=5#@#XCO}L^( zgNWU9f`7Z5s5*m9qy|`BGBSy-NRk%dImB+#XN9V5x)H4m&g$vCUL5cJ4LOwuExiJHufMzY z7ET1d9=_R09~hIO@y|uSqS;kY`F)ml9FwiZxGq*Hzq7=0$H<{oeErCunenZ_EBGP! zF$j0UU|4|(OW=*ku!qx_4&Qy$@+;57I;4xJ6i4|BhXlgZFREkMQxRL~(X}2mE>r_m zd8TmhR~3jr$0^7HD?e5q^>jj|=kzH0>=Fsx)1S-+35bjW+(yqD>&h5+LD9dCJMBHk z3Iur9!u|NLC-2Qvifn|8vxtWlDHne3jg@Y~m%ps@F3sOa3pfGfWh|t5_Y)R^AMGCMg{!5>HP;msjJ{x9+ zGegh!Y$8Cv!(;PJ_F0tV>C zO=G+GIRPtTe<>5C6+bKMFL(lfF)2Fr$vIxa6z*Gk==d3*?BbMihfbh7TcO5#=d=Om zBBb&uyRA~$K5`DF^L;d>vm2)J=`oh_X|4nggIf8*4S`X4i3E=6*9geh$d@-%B$*Qx zol*IeT%u~p;LZd3@Dc#ut4AO8hem9Yik@%LE76$#$7ZCh2F3ORhs^IrTz%bEL44ZL z-DJ^;)JMm#;$+6maSl#IU~hS4>stcsZKEzMtpEwNu7qn7jbPXcXTj{)oQEUuS{ZWN zzJZ-*usGdyxM3$vl1OGAWSommHNr#Lkuije%?Lh+P@i~iKEvA-ww5BgchpssX{^<+ zYRhQ#3R^vu2j(gYK*UA3o+?56#vJhD!J?ijo28x#?8`q|?Pg}As--t#q)NTCwqdXM zUifRN^U~Twy*Z)WAjVeBP><%a0T!*oFB8SPZKK&@nDZfXG|nd*$Z0tGSGbD5haQ(- zh@?GN0b@9_1#n1o(T{%i-u7(&{6vU?g2h`@wGz9~gXL!@0hITMBq*vVsw!NIO%2p# z8T?RKrq;X$Bi3c6H!S#n84xOk(QNQ+vf+|Acc*R7%jGij~Pe2Ai0 z{iy^&YL?0uVG5uLF&v{XdJJ~F>8+hb)3=Zl9J(PbMG})#L@j?AMQr@k|K8`!`_8#KH_uFxn`bf!zm>Jt z_e0o4=n+ppZkCF32FCT%J@_O?$$nDc&^*k7Of)JN_5QCUxH+5~^Or!|1)^IpX!E$- zzU0=il`uqgr8w7ZY?qK&awdG8&r2mrD0Oc#wHB#V=8#bb$nQaSXH^lXHM7b!!2VBF z;s6EohH#~gZJge6aoSZ{mD2V$ulJv$VqNS0l6-JbCkRVk_weR}XHcxRTEHc z^_j+8O)HHDS?XT@RtjSN^+>l8Uj~nz>KZ|D_`hnBD|BXrkCvdN2pgLfxhbObBH?@5 zt%ei-f7d19H}5dTTrITF&Ol{J8@fJK#4`}|E(9TQ3OrQMJVu+di?ZTD@ zba=uwSA3Y!D+wdtoie8iGSmlOvr>+ejBE%8whvy2WHERmANETe)RD zm2hpiXl8fW4P)--3e&Ivd4B?1dR}0OyAnqjvpYfFtH;TJ$oQStSda0Md5}ksF~!A4 zDo2lzG-fwO9I$4tqxdeOP@E}d$WbY{r;qzOsDrw+`rMBS+O>u>0e{!PtrV!@xgBEZ z^3%R$JrIrbTcQtBKI6t^XyQiW>E(8?$svs7%m7Dq5)qPqOTo}(R@PSzA z!WPdX=L`3z%qjI^lw65HncrEDor0qj6$g+s4>XFd&!+F1PAO0~Ja-$DISKH9iZeF# zRE{@i)ezzP!4@*HD>R``=6ZePhuarGN{}QF*gR2=g(#URI(|8djq_-yfR(H zX+m_#Lpq-H9G{^hLi z`RGIMONj_N>)+vhmAVdO3Hj2ljpR8vMliOL)d~E~CM8)Oh{qc1>%12=!Yt>CQI*9${f6&@|3y}4h#_wDYSq%S zFGqF>rY3l?ix)Gv#0!^xa2KBfqsEBHg~k~YBA0hEMfg5zOaRWYU;jv(>IRp)$v^#G zhsq)<8kv1nFiWf#FBQHhxjpnF6nCnar_oJpQ=MH?udCsOZ;+(ZhRKzfaF%cu+yup1 zMs&i0jFJX!nRgv*n3NUxFN=DVD0NG2qdZ=@w-L5XaXVR6fp+xLEb|vV;fOi^O!GMs z0W!D`d0j@qL4m-qtAB?7SjDVuP9(F5B6kqk178J=odU6y=hhq+^TTRD4^9W z7ClBsziycvtlH_3e^#YvfxA$<#g%#1M^=7cW5I51v58$B;wLK+X3EZyb1TRF+Cl}L z*f@f`d7{Zrz0O!V@eV)*C41s;vOC%`8|cM^itw35K_G-1*0@Y(3WTp%X?$37m6%O4 z!M;rgoB;_u?Up?Q^WB;Iy4D{7jfqPNDncY7Ow51lC8O)ky z&z?{5B5LZ5jsP za_h97;*4+@$U*?|AS@s0N{5fIH9v?j1j0TuemMYCjg*(Q0y=(w@)u=`ALaf}eS$Vo zT|4oDiaq<}E7!ui^YSi-BmeBM$xEqA50NNJpAvBUslb}VyJnLC4MOtYyNPoBwHhC- zccRT$uJQxpkB)vY2l*)=yjwcw#bO;!&LHt!fry%i8PMxX**&2Dzm+F47~`?ZEqfaV zr5e?UHOQd&cu2k}Sk>}xOunZqc{lRYbDzpG<%WG|f10H@8J7tcS4Z76pRI!gQI~O} zKjRCJdYAtRibcx}eK$mzJavyhI8(N(2BhtfB$2=CXJnhgVs+#r1{oKQL7<9cCU(Y9 zh3PC+c^8gEbFkV9GQH5LhO!NGGQZ0SUXi}Tg2E{2xGAsqqPjQL`w@|VH;6OkGM%b+ zC<$Gv2HL|X@_7jB62>#z=IZ~;us>WPD0YS23b1}DNYaj&HmjY)^e0Mv@3s0DIu z56I#YXrnb~gH`q<1xK?dY<+y1@BU*|glb+27_G!;E?){DJ+FRT$KZU_RX@_r$3rZ>F+n z{o=i@#ru>`(5_9u`(#g%3-v-slUo{3z6|^2%*}q z`;ZV+imk`c6OX5%-zu<6`e_sQtwp~i_T4rw_V8G=NEILwB`ONlum1Dv8m~HuQ6fyx106(6ll+&;Wo3*IpEfF>_71{4Gk?V ztyADb%d$xmiq$dyrQhQ}tB|v0LYlSHyLYtk;O9tX7zN9CDn0sa@BNpo9mBb$eCn6H zT*^&V%1r!=+AetTYVL+YOEsGgu6}qwT`nVT3b>T!6rPS3&c0h^4%eJ3XI*8u-zy|) znyx6mhTq^@e!LsNJ*p`U!Gth%YL_IpfS#7~rVZaYUu>p&S%vJFHD%zw^t|f{Sao~8 zSyIqspOV(SkPtN2+E=bWU-B^CM^6+i4Sn<#)oA8;nwaRU(cbwyb_=r@ka3}Lf z!LNL!RK7LtU}`A&duYpQSn2ojd>pp8Io@_}SLpNYav|?PR$fH3&OTuB+S23haUaz6 z*z*nTn7nlqzB23?k0EK)3IeS|DjDW{+a|YXat~x`t@MmrE+@7CJjA&?wE_ zd`Lvouu!ko-B*^_ssS7*-}A_2c5H%8gZ5)|OumJB_h@HaY@W*PHncMI19tS){wf}- z*)NKRWYizU;{iQw-K1Ui&Y#Pmwz%*jCd&3 zWk4z6$0=m$6cOTWL&S5^c+lE2qKXoa%|2s6^A9B^iAD9zxa$=dJ6z^7(w}eE<})N?E@y zR#D#7IH~$nKf3!a--TKu2-$&Gv3&riZhswvKVGd7`(T3Y36Xg4b9muQfV z(vCXu*Yz-7Y7hCNqrH)HOTIBoM>#}&etqcE zU?0-Ddozq;fB}FScSD~`d==|XAo3AYnm(9Ex}1C$m4zvR9m6+T-OfG}6+{%s-7_0g z+?-=~o{3PQ)DlaOSg`zlksVyfEcEN~9}I)Eq?t2W)>K|2FTZZk|1EdOX8Ki$D`Y|* zY=GnrQVITutqGafNaM2W)2%j1-um;qUHyRV>+=Qg8{a@Fi>F+~`4e=Tsk<(7_r0-2 zSAu=`6Y))Qn_XMO?=J&2aMLi&P?-Zx>jdj=5}ZH|v%rH9M*-G1C035lOykq%O?xW!rv$Xn#SF6nPOL1*(pK>(|g0#YwSzDhL2t6XP}4*;CmOee+}7* zPd2YF&;!EzPLd{QEbl%_G=CKmsghAWvtANA{zSysAsO+t!mfE@rczWpJqsc4bFN;e zU0g3kuT^mr-?yymO0w}_PAj;6)oHJob8ZuM7A+YO{t<@4@kES!A&1T?#sUB(WO*!+3yh(GkqX(aH_$H-CpK@vM4Z^VHl< ze@sc?PQUGIP^6rCME#?&1L6M&@1*MfM|kHFo+gCFZ5~b9EyO77X7X?B$4!EI zhJh;WlE!SnqVt<$<`vr2UKTRHyiMgL zl6~Y!i^S$QSZVP~eE`Sw`|8Jn8EyP4X__O0HBdzVzA+XxN1Oqiy52T@Hh#gp*An8I zw{p~~Geri;bnwh^SF_)$*t%r56(Y|Lt~9TLo4yNZ3~|5@y_*r9+-p3$h3g0^@aDeuDuxI!11T4&RHS?4q)LEF@ ze##Y1&&A`#E>I9Zs>;aDQ3w~7ke7T_PeSuav5l)jGf@z3qRafW;O}-_)*lgy+UXxZ z8MMQE{6)Y4C5aHLMoFPT-r&oS@vi$D5lbnSR%4hM(fYtTMTd`}9++CW46Lzq0BCY> zb-dEFy?3tzQP70CG2sE@MHn zp;whf-GWF+uUew0u~|{V!aQ}-wD_QT$L43@lY53ivnL#|h)FTx^mmiTLXM+@LEOi= zlvV7#{x_MfG!=IP%27v4OevqacW9Wv?lKIUTWg~uRpN7_XoSu{NYJ0mwewBe&x+yh z&IP6-Th}nVN4$pVmkK?M^|0h06A2*n$18EtEjsgp%7DKXJiCw zS8;h9=^HR#Dd}eOqh(Wif~;u^SAT<)*7q5H+3~GM7Q-FCcjJTs+ZVPu)fw79 zo%m$y87C(ePx0j9+561$w_gaRVt6AFp`!MB*n&>M>Et1MpB+jC%60w8+}~pKPs1dj zQ;z7<2~ocE<>&cB7H`-C%6skUMJ>Hog&YPDoOI1(k&B@^op57%A8cXk;lHE}+uj9t z;>p+lgktfX00jk8WqDT9uSNwHb-OT=?YVQ(4Mk@KAm1RrHEtWuY^$^V>4gq!!I57F zH7sIiWVD==@paL@!mGT5t7pX;Iu-QDDFDNEi{prAXFTRYdsO5Ai?Sg}&apfLCEVbR zCn%QT)Qd@F4Ua6J$UJE|KH@@7KBQ^qY=WF=_BS}o?cE7Tt7mv{oBL5^R)%tgK}XH{mdbK(<%ImO ztby(OB(9uIU(r6oxa#RgSDNKV+FuuP+{zCqA-g0v4SG_`sgm{P>ZLd&Igf@`KT4|G z_&MmqQ7`~o-~0STDu?>EW?JtPxl^4=OUGJ>miAwx)A84cg9Qw04pOKSxh57h-RoeY zKSJ{&*k@k<9NuzZimS(j?}R(WzkVy^Qb`q$gJG8Fvd&>^Hm(J~^UqFsODhKES zQYWyuK_vy?o6bpO)@_&W2_RHZl=FQCRTEp!b>+Ie1jJMuIPHCI?jFo{Mll3Zh3?n; z)5(Dc@2qX(%HLP>2(HeZK%9QF|le|i}=*c zN1eyqdyOnbwT2yroZa~`ju&XBanq+CP`eqn@!R=(XV?+&`$MYzyq#1I-B#2kYgyP@ zvb({yyow;Hq5ai@F7&|WTw2f1`lLObwFQe5u1bHX!>ZKYi`n?#U;Mg|h>Ga|WgBs8 zuTR#VqMWT+P~VB$PkCUOf9>K^lcK{S9%DH=`gQqv(0~>N)p!&M0b_(?+QTH}L99B_ z-atqRsc55uxN@KmwnOV9;S zV&Np0x2Mo{q8MzW<)XAow3x^#WNwh)vQS@%Be(dj5{EU}$c8eW$O5*FqwKq|$6uh0 zWOrTv+4C@_1;q}+1emFpb!=O(evYkbbgxi2Lx}j0J~?&42D?buEgUqepH$80`QQ$Z zkxPHQlC@zhxFqq{dhr#ZOzUwbA?7jZ+KDcI3j$uQ-q3SOYzS;P%wv`pfjXZ%dG1y; zp&NyLKtJH%D>BhQQHjH(?RV}78Qa%1i0iR@@Tk;V5&M4II+_TNDl z&Ta0L3vUA$x_~RCnLJ(>LcP9(Y46W=IV^Ckic}V^*rMdgp|3q)QUyA}X6JWYCUcgS zwS}SVv+(`gZrrHnV42+C>>UUTh^o_sjts3wlUo`R-v|};$xAA;R!qvgW_JzpeFUBu#;UQ&fj&F<*iawfgI#4~Sf2MvlmVmw$1*uiu;| zDaIF|_X*n$nieaBTe)#^ss7${8Ny7Ip1;S7I%WyyZ< z3uDwV{;UyYzne;u2Txt!b>`ulgPm3Mc`lS}E8f9J`bWO^NJL74D ziJK^AeDKfla_-l{J`rQGoB~c0J-`VKRM_Xe-oL+dtiH^#*HKFj&cAg8oi8T8H0t$# z^S3wfUX9|u$DPI*@pdEnf`a!4{4ppvZN|hYRmWXUI(bE(c?Yc3tWHL`X`W>h65pVQEsc zO0xIu&2h&!`qG>gGG(Pb>7V2Bg)GFORL)HKk&w&Sin0#b)ucjQ?v<#R&Oe^#map+i ziynY^Lw=+^Tr~M?p4o0x|6)0u##biDr2pl0@PQ;jCRlWpFe)_{PEelY(CE0BHD@2( zwlN%vDi7yzTREK9hFViwh0cXb6Bz*&!GL!>=}S8`O!KV}Bn{3|Simrglp^Zc`2?te zXr6l)CeFoE0d&IqBp@tvGfzmVe@7XHnhgmX*3EnchNRe)?}cFu!EbQ|zUcF)|K3U_j`7QyH!{epAFB?HdMKAX9?<}RG#Z!SMv}f@2PPj~Ku)7E~83;PU5Z zQo?}qLvMbbOP3zWTau5PuSaEsWVKA?IGAIbvUz_%%pevX+ zCmCR_nv2h~8ZY#i7Yg}1b0-R_(wEHWy!h~GVf=D=-axjk4g0?w%iw;8iY1}JB;&pe zWFHG5CuR_N%F!ej+`WA?Y@XCNz0K(w7WypG!Qw2H>VWI&2LLvo)(?MIXrT4(>5kA> zX0;GTE#BQ3-()xZ2Iw+v^IF1;a6Eyx37CsW6VL0X$nw{pLS~}BH678sYckN~X)n6& ztDRWb@gt<{d?i+XSZ=2r%5c9WxnO>w8~@53I@!CL2}kySFKou+{{}l0_@GnToJkt; zO@0-v6H!;?zWYJ#e6pEHUVp4Vr?x#}f#snxBfZbr2i2cqo@>huKml0FZo#WKAOxIN zK*IWJaA2DiOT!j%T_)Ni5s@p{n0n6dWV#oi7OeIo^vmYQF>yY&=zHyKbYPbjkPIj*w@CL1RG5a}78XnE;MB{BO3-9i#7!03x@({%sL|xFLjX;Yestra> z-7dmQu(S4CX86Tm@7Ej)mZ(}z>tIR~Bmh5Ify;b)q;Zv6+o|(crt$cm`mF{m?3&g+ zwoCXe*vTj?x~&EPR*t}`-!>DwKIabSG*b>Eat2=}0LIH9;cF!+VpTVDTDhvDS& zq-qgM5q0eZ1R?n=V0_nV#8$}T0?;pxEW@C6)62zDTu9!izT7*Hne&ymkd`d z*p$5{9auPVQ(Y9Wo8IhvU(Hq@HZa37bhXxpK4p6KL$31v$f9qtia3Mo9xX2|-=?6^ zJcSFul#zSWj>UP!vV=w|z(5F$?r!=WSWE3&Y@MGWaKb$NOwE6DeMzw`axd~=O_Uh` zX4T6l{Ir@;8aiunH`L#6uiQO}bdzj;gn1L)6(*M$Ex@Wk zi#{O2JsgnxwqAl3ytV+Mjh8L$ncUJGPxfe8P$LZIvv^#H<4^NF`v&n87eu>>(Tbed z>`lbW>EA-~;;D`E$B_J7VG~fA!|Ys5(h6xL1oGD<{@eo{WtklIib0i^4F2r6Yi2=} zDXIcL5Ug33p^*)_Sk9`gYu@Z1D$N3z6pX z1+AmwUW?BOS>#v3Mp-xpI8aUMiikMsG+0p`IGpZ>j!G3kk@)%yBQcWZhO0{JsnL05 zmigHOSjiY)9~k`1rq@ppYCrDRqLj)haEGSA>WmzYx4yDgvr}hR2h{M(t7?5ePY#Fy zH5eqz?naW<+pB$nAN@S&xE)tFMoTsgYf|XiM{j$G*bY>2`=JdFeRFHt2oAo9-@jYD zEINpATh!~vngrY&+qKRwqM>{Cwz%6qPiD#~+C9&crWdM?Bh6`fernW=e;E0#eb5fu zPcK)cV=Bu;q*9ovHk7!=*V@9(`+RlQyrFUywe9TD__?mtIW_HRXq(T1{9GiJ?u@`O zw9zek1e1*|R6Jg*&r=b{JTGa(*F8mZ@mbiTpBshVeNb~D3tL@5pRqD0$K2?n-|!$# pMedAY3JZ=?jT;}!DL#QD8X8*cC%R`y(EliUZqqS61OtNs`!B&uj$8l$ diff --git a/released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc01.tgz b/released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc01.tgz deleted file mode 100755 index 8c5544ad4fadfc6e8964970c882165eff7b983cc..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 26809 zcmb@tb8uvB@HV`$xv@9d*futp*tTsu+1R%2WMkX5ZQD-1?DIUow?5QY_5Sfr)pVWd zGjr<9Oy7N9ef8D&VUQ@_{ysj*zftOn$kFMGNU}({vNP*3D$yCpGn=Z(v$IGmDX~Z@ zTbSuu8MrFQT62pST3CKNdsmO!Wr^j5eQn_Z)8A=#&vP4bTFor7{@AvRa&F(P=4|2q z(6%`9`#luzj|6G+tqOi)>GA^{Z?E?Kfp(Xz`Zv88CwqJQ+w;++_fA$;R_V|7=YxY*+71s_``ep?RqM`=uUA$b zZwCjXN!lo^qYn616^?5jwv4TnMRBhpSju9Y7ye2Q^NO1vz;Hy{2TByDF2!h7=<$i8A#30B`0jC%Hy^xV5 z_o1vi&U8v9_oYqmH>JSpSkp}(pSSS7-@7-wTmYKP2O*ek6LEu`bZKnBT zuZk@#>yP*MVV{Tn75ROF6Ag_n-&=pNDeqnMa4Q@Y}C=JbV zlk4Z4(Yi@{UO!haJKCQg96r78$CI=-r#`$Rog6(qJ!=A7h_*I-PCksa&pz~8HCaNM%t#gPOI_C0icTAK9L>d^fEM^eysYQ8T>5b@*@nLl$e|P{O_-2(YgqHOFV$13 z)blIpyx_sBKOOWd(`q@jb@6?^Sm%PDx~#WRC{XSz%EGSR`$HB%-H))yJouHAdiiT~ z(DSp?Rn}Xa>KZKedw0CvC$X+sYNOJY@BXQ$bvf>%zU$@LCj}urexV99{*eBhqRYL+ z-^6+v5Hp9;aOE%!*Agv0H(#f4-dLoyYzLMiJ*Yo!z8yGfa8-0! zF!;UXjdG!r7qRsD>Grw6e3{fjHXzMI^$;budGDRj)6&WPzHh7>F5&;BrfcBB&B(_mN?L9w8*V#RG)(u(;}!^>BCVSPRlj=~n{sj{Hl z|M_;QD7$7yUYh9@i0=q;^2*Bl{&C-G2g8j2vE*2ucJX^v-{IVZ73ZTt+u$@@CapK? zwLgU0p^Z`sf3D1%{}|qTL;kcw67G+=`48M=Qg15g?QEXcJbXiw0wrQ+`Odx#oJ}YG z`j&bLXt1#^@C)qC+01)(OY`Lw>QmNZ>LmJN;oK}U&fkH|Yi!-btK9;y=eC`I=|Uc} z8x14@=nn11nGmn-Uy9;XA4EFN6fMLAiqe=`&^?|*{?-^cV|a&&qi9AyR85+;rP5r< zCcags6!Wof;~7m(hG03ICht)OUt|!-nfp`(R7W=VK69EsI{b#Q$`l2ES)wR*U{Nmn zt++xDw(yJDdVy#Tc@8o!I^H`pr>Tig79qP@oU96}#=JRA2U##MLYPvzza{4N?N0_So(P{ExYGvZLbJ}H; z5$tX^q(=~fX;d4KK=yW!{ssOCqNrG5x}C7u`WAUIFD8yF)N36f@1+Frwau+<>T>w>chdtbQB`kRmuQ1-&}KJ^>=YYd%s0Uj1YefIeIaTc-`lqRsK+ z8>}d*bNYSMI6VPWKfD%8`8G}V2G?Srzh1;2p6Kqg6;uo`cq;R8uCmiEOBG_Hjc=;1 zO=#qe8iJ04S0wFVL<?XPaTauo_~M2fw7$>J5&i5{!t9}P91~d+t({26plw1Uo}Mv!yY&lf{X=rjmja5 zHt^x!@y35f4&ZUfzB~70mmws8V@2a4m3kBZMUC^l)VT^DmHB`PM1SWZLU*@6@iFPB z2CM;%An!%H4`pGzW40sdD)dyRr$H_K(RQfn_v%kn5m}hSS1+hu_FwwN=e~kqr-I|S zRW;1u@%lC}6kFUfKa;b!JLq+?0LBIgjun#UVctW&SZ##`GNWs;cfTN{<`6s3sF0Pa zoZ*c}XJY1vlit~qFn7CUSzv==Ri;S6FC@<46l7R0eBhEt$C`q0lQ(14ZTmv0kj-%A z_d0Ok>FVmr$f#J^1^}Tx7!%PzX;nE<)73D(>%r_xA@N!3LOnEW7a-3-FZG>MgOZryD^8nk1+DafjWjv@UhZYQv6q1>`djP+GZmu>{N35wbp)$ps-av9ZKDeaYi^p(LC+6QvK>^hz zS_9`L6o-=NzrABf{H78U3bV45Y7?m&(LJn(TEl z?3gzHUd7Y^@A~YKBUE|Vdg=Urx?@Efk?mfm22vw^2RJL3^YCzD%4nb+@p~_!7;@h~ zW;THM$sDiB6*~y4=67WuAuGOkxh5R-2+xz8f>usaIKpj(UjN57gusYfqoW~$CqCBp zEs%8^n(=fZg1jL93d(A52^z$X889T1?NUo`1~p>n(b|sI7W?Sshr_MsW!(JWmYjO z5H%#g8A!h}aZYqR*~_ZE%XIiaQX^SzvE8xowa7c>KRo;i=*V}!NAx+;L?KH zNyJrfZ!&DN9RG2hZdel{PtQ0y{(#FjCA0k|8J$3f$}pWjuH^YP2r&Fs^^Pz-+ykPt zLCZ&GqD(|}s!nj~#EB{bC9JYAIKW0j8{-2wd$;^PSvu6UtC_wuF+ zur`h2i9Ma1&@b>V&|2&xU#(7X~12(Ao*d4X*d_733%v|t(J1Da*{@Aszi|Y8;&4kQq z1m2rEHC6?&lNo*K%u@8h@w%P&!Qq|nQp-~EopV@ zeAdc7p$RP);Eag}qe0&rI+O89ns)a8+#BtMq!k9<=&#YYT51+twoOo|6sr)|9=(Al ztG#}Y|M7#vcMny)exRiwkXbKLp74ZRA(%zF$|y==6Mo-b)fw`+JtCJaXKZXb>2sbR zX4fe$n}xo3>gG;mo^K1SJwPBBJl$2tX43?$RJwZY9J^hsRwi`wC?8^}p2g-g3J`9c z4peyXcx$?iR9d;f?%WTnobV@496u{PKum5fv>3f5V zs&D;!M&le3sg+MX01*ZkD~7gOCbxSs3_LFiV`;4U9DfvzcY_?M78eVNgI@i=Gb+YeA|*c# z#Hkpkf;B=6k>R}Vm@qu^nVYS`e;qX?*&?oIVf;ApR8*Ac)-28!cq?1@!d;-VrsH;! zAoFglw~jgLi)n@J2ye4)^0%7kGt26iQHEQMD^^%q7j2!^&FgO7b^Mll$vvI^ z)cWiH*BC}wt z2y7m%6()7YVVh(-K!g>HLcYXy$N;gl;`JQ0lcM9qx9*Ne+7*+8t{e{hI9G zd#d3YS=QlCufiXLL=;Cv0y|b9lSU1^a*I1okf=0pBc7#9(V8WZEL3J_kNxYC=XKBT zmn-|iFbbGgVvm+%GQO)@*<=iUgp84^3(bMdfX$*n01lWVD8*tBd9J!u!+vQjCOxcN zl7^FK(Ie%3AeY{Y za$_=8g!H6~n(QkJ1y&UPF$pEpKbLus7@=(k(BY+MaOg5u=&##_%P*h0`1x;FY-1Nb zk|vW;ZSIj&dklKo6n-3C44Kz=fHh2ka|w(Vb`s?`=X3F6+GIrLqJ9rm zY4q|H0(djLy#5$E$_f+!e9no+O=pFF7~GNOea=m4<$V%JIzZR^tBXiiC@5N#Rg5y! zDxzYKupD->D^*Id0x2kF=G3QIbeM9mZpsYu4>A&tB4RrBKeUxG)hg8#5!cBFZkWV% z=%9^N3}uH|RjJ}0?CWDK32JBZtin6if!&VDs2?)GseINod#Yh?p_G7EPUAT;2QYUx z5;ShHTVs)rWQO1V0TZDo?vF>2my-~smrP?KFU(Jl)e{Rno}1j@{MO9L#uIKuu+5Eh zR5{lamorH``COyynBVn2Qt&RoPE zP46r4LR&&)##*0|@_C64b&kUd9SxXt7Gm*7ru0xaj+2cxzqFSROb=a8D$H=5p5$rz zSH+rJ^R6idHJgv&ld#4vV=;Qpve)S2p7l@7SQNx;^xWz|YuL2Fws^M*q|g$ete}dA zp_f+&gwgJer1W^xN2VABSSb5hgkX z;OL~-3c~lnfz!$BXL+8nfwu&%(b&*jG)puk51$1)U-Hv=MMiG61VBh!LYxU;a#&gH zpNkD=S`nHK2KNwE>7fOGcWA%<0AJ8a{vfT@0ZrP8O7|@Q7pp*t|MPvlJ9!FfcQ86t zIlNL6&=7sSZ;PVa&B*YrLZ!&Rjzr)Eo9NZ~N{2JOp~McpK{S3$0wk{}Xw#hhro%Gg zxWoLy__#geNtMgG!VhpVIXPBl2&uCJe9gJ`bUi#@xr$v}Inj1~^-LOo=`7%X{3eO=C^V|DW z?Z&3M=n&=TtVrSy*QI}=qa~TkV@poecz638bD^0V(4xwa2}XOPXLbGd@g9f`d4(4scX1dV>Wd?vO*TX?m4>n> z@+;Dq4rMQyNf_ELpI|Tqg6EDvSj^B8NewuemIk(%Uo5@ z;{3KoOjwMWz-iRQqNW|8W%)wEnwYvtth4K8ViWmoO?%IqVSMZMbDT_3fH=Qo)r0WLIQS+q6cuBLAOM)c>o zmY?1rwB!p4ReS{!4JBFDs8*ny8uwgFy^lrPwJofE%&88?7I1ISSt9mT;B7X68cg6d z3rWoLA@Yq>6HmtB-S;5&d^>R%Gw`Bn9V>2GpUl=V;QjO+7!Xc8`KgefXJNkIAcdrL zjAeDW2Iaa!K@qYQ)_@P;n3(#2@mRx+Wzgsr#E&qzE-0Cp!Uw0O^t=QH+acP6V)0elezlClV#eRh`XXMP5_EJmK@(0@*%+ubr;~ zSR17lFQX9U!=tav6dyLi<^F$&40agtIyWfP79IY<1kdc~qUv!GM-eWGMgOEt*-T=E%Mi#7y2K_U z4kJ7$cEnu18oPn;3|=FH^lhBes0i%$+dqX>Bxug^ndiPXCK_GUON`bV9OGgj>%VHv zMsW?6ob)eUTM99_Lc8<+HEngG^00VLb|`+r^e#iw9y|0denL4!xKT2w8)>_*%eLeN zK4v;TiSM)WTmBN5`GK+I`u}EedU^2T87^4jZM&L7IWbbPV~4c{8(y(mp!=U54i{V9 zNyNNtHM)ZKa_mu%%xqe=gGC!zs0vtn?vNy?*RTM{8Qml?e4-Ybw>^g5RXafDRoj>@ zz&TICYm&o~gJgCQZrBZ51&}ex6XH-pnG^e6=yp@w*kDnI} zZh)@>j{?!pB-(`TFh)fXn|_#&2$+~el<8@DR%b89#wo8op8a_@v$c?-$6-<0`TakW z#bVlWTGZ$ z`QA8ICI)-5o(5?;hV|PXuB_YAkwCEuqUBYiyz@bH6S4(}nMk%~`jI{0={cOL?!9E* z91+4x=EUqJ4b%!zpHT3KVO%YR_k#yKOg`EDO7@27hc)qkIITN3esZ@BDF%;O&tX^v zYh|CEkzj!wDRdDMyh zhX=O9agB^fZ$B0cN{A`3Rn3a9zrL=+%w96Ey9s_}6W`tCVRi&=z_W?lS-Hdd+P!^HQyS3Meza zSBJ6iwr^VqtT!vV%LrX3d<91qs}MO$Y=Ev_J^p8N4_LA!7=PR<_k4Kl#@~lt?v)~| z>glitf5Lj)><*e#jNV{K^LAZU3#!&};1av0I13_ZeI)S(!5P)c^< zt?ju_KYVk#yMjK?fRtmyKk!Qaz>f-wrucEiISN{N%T2@a8<)$ag9vxDPwrSH^Pd_- zQv&8hB_6C2T7WC`D9mN<-}~?38eu4M=5yATk01+givKs~(9_iK{8_89%GS}ucRzxQ zf-{deLHpCOe@?OCpl%d>HUHWrRNn1wek+A@XC+0d3O04iLB&BG-uQk zyNjDRm&Pl{gKBz}-yH`ojm2epWg15Um&xQZvnA@6^|G9o;vY&0K&9r!<{{@FtH-+220j0R^75IDplp@4dR zK6X4!ZIJgI$j`u2CE|)KA|NF7u#Appct-(1$pM2V+P>`XQ^1I{e>af(5eJ>3FqH2* z_#;m2B!4)cp9GbmBwEz)#8^AhTa4tya?c{d#UJM(B#`E)N_uQ~Hn=L7-SwaNOwyN9 ztLQIe?s7VZ4hM!v6z%Xe)$Y0)qs+r*Y2h+jK(`BoXz|XxA%7829WP_ zK2_C1x+^PMwPRc^s9}4emY$Vha^G6vKZ|sdX0TpP%B96MYw@sSXZn!dd^(W$3jB&TS*HZ6*QsO5jv!`$ z5iIkR3MYvZxU#+!Ig}NvpN4#%Y3rt(Qs`-eIQJjAr-y> zU5;;^Di{|tZKJ`t~ zfNZikzC3LEo0hA8f2ae;?J`zGMza)0Qr|r+#0;3eI4S3ojDUBJVNiua;Tk*hRjlM` z=s5D`dR|M1 zX&yzWd7FK3!{WIS%nYwh20jP7?QmsGT95)kzskpnebr0Sr#p8|c%!B}7(-m;buX3{ zqS59?MNiL_! ziDs>bWQ>1I{pzgy0k(@+I*mFO3xujVhUOW6I8#Kd>X58BU7dDyeSru?z9}hh?)^SH znX0$ivs|XmQ{k-w=ii9yc+6nQkWm!l88^zaJ{00o)hSa_tjTkf{#8%*8_XUiP*oNP zL@_mpM4YBW=4j66UQ^OX(zTJPMzQttcfLcP!3c>wOG?dfyky~7ooF0+n#A&7*TdZ8 zN6%h{Ry>h;jIuoRQqge?zm}w+0Q$Wd1^ex=PhVDWLolx->%U7fEC1Vm+X2sxte|#Z z-oHyc=|C2xjbS~wEm-J(@|P@@1k{-6Ld(7O+hW4TT+^Cufecmi_^Wp|+3 zC<*>={>$wU4sKcPn+^*m2>~_CUFC31rLRLe5K|88;BD(3l?z+pWbRQTJ=}IOtyrPEM+gP3jXcaXj?-}+fmj51vIhudCX&nSnPL`6-qih+9%aP1sgp=0a#f2h+V2CwZ!0q7ONFGp`;h$G+KDt` z=(DdDo69brqTp^Y6}(a(4e&eG_%@`tJ8)$WBhaDQ>6?khkUI#km$=ZX!!w(X>~0`M zERT^Q{~rcoED~!Uh6BFT%FsPKeSUT?Sz#ku^QLo5SnCF)X}BwI6l^?MDHUesIp3BW zT2?G?amK%0bpK44zr}dX(4Bf%J?84itc*%JHY?2|7hm^Fc#(k43qDwrjme+}3q7+i zFec($#e`m79-3ge|F*oG>FcrL)PM<}Ajv2)+MYn^u9uPB`AwoSf1H2m)hX1BL`L6% z9lyW)tBdeF>TJPV&UWwbf%3SS~<2Zyru04Xv!C?RX-{fYn59d;z;a=uyL-J{X>wFG{`4pTtn`k}Blj9wL zou_QKgEnnnkMZ=-LD}z#P+3$C({Zb(hnh)q;i!vER!Nezc?d#n)v4jLtIhKT-e>Rm z4uw0NT4&by?@KvN18-d=OxQp6uVJog{0DyB!|)d8a^{pO_h)^~eHO)3Y}>tA7vVnu zNj@lEYkzt&leCn3Z6XxD?xN!xFlr>I(=Ezbv+!H~5tn~o{f_b{dAN>}?|} zwys3$Z)9F_c@_qtC9Z(~CGuh2?C@CrbpMk5>}`IvSx#1yv^}104i5Im8#le)$DOs; zJnrvVwLM>jZ0)a?y|4Sx|L>BYmHGSodsOSb%h!rNY@kQ0J42W1*D%i?cUg~|CQCq- z?m+>Kbjgq2zw2eVueEVWWe>zm2iNn2`;u=oeVaFayH%SjSD6KrcinO0G~A4bRcf`J zJ;eKb+;76uGzFLyv|&kC>JjvqLbso|0C+?5_Z?$t&cHfn=DJswYKtvT3hUFa>| z&_T4%2i1M3BQWIp(0G@7EORdH_u4;;yiG7h9;2+e4ZGzt(yK;pJG@L!QIq*A5xDOE zQNg&4D6s+>$IE(ZNkIBO%wd(Sg8cUX(Z4LZOrCqizx?^EL|J%0zbeY=cbPh0*7;-x z52X03e1Y|DJ&^)GYQEr|lRD8z(@j9p~wh@nUS zyzNwO_aG_F%SCGex_?j0^7?$yYz}yd?sY%8;v&4SwLcnmU8LnZ%PDEwo;7y2Pc2?_ zuBi-g_%3yq>Bm9Em8h05`+ya`v}~!8qqeR_5&&$Z1M;}BiWT1#+-lgJ>@s+j8kn|0 zh=&qM?|TTPMuy4d_9yrU*k+~rv0&#_b}2F1CsGw{X)S2}2{}=AlMatT4=XIZQPlUj zcNq~hEUTv34Ra)%P{uBEl9#@>3*Cpe0dWwLXXspa(%?BY9dq4sn88Mz-2i84h^DQB zkYXcL1&*{b#V(5TWZ+YN3KFCLhnz)T)Ptumd06}p3-zYIlSS7u3VRY^HZe~_>Spb{ zU)m@aM>3eplnI-5aAzT|{Vy4iF9Q7FDUca_L66}LHG<{;D`la7_*cqe6wGv2cq8

URxY*Pw|68S8?qzP=oh@Gjf+SUZ))$ohINpyw9Yczp}(_h3<8*6c0bDtVW zxziD}qPQx5>@@G@Q)5u5&5g6zH!{_wVt#tI65G_?x4mr5f2*}aR z;jPEXw8J=hi=H?}d2ED0^s4S$qDlPh~R*8+Z0oB~tP|I002cJZ4 zOJYT?_w5LNwFK&}*1-FlPePM8Wl-bv44)jhF0ToE!xj>9zf(H>dA zCknlwtys*_6k9QEveyBoqQQ1IjoEYKUD)?W9|K^hjh*V5-0iks(l5g-*GP|ce|+llBN8iRmK=J~1v9}g+g8*#sX z8|+P99H7sC5C4#tJCJUqBeB*_Z_&1N^MS0{5VPf(PhOtpS>#E(jk?(FZ&}ZFxf`tu z)F|qk!Wiu~3Kjyr5R%IIg-u||4rvjtQ8=u817CU66{kiCb&EedP*Y_579EPI zRFF;Z9k%>=L)PT`o}eElwk=dSVq5lV@DCaEx!6Vmw`GuFUi!K+O4@y(PX@R_DH6EA zA}0UO$x?FS6`s4$G0z43MHK!&>~=xy`UU5aoO_o@WL+M7h9$!v74Co_Jdkq*Vf zlotF>Y-S8Y#*Q3A1Z6pLwWoov7Uq#lmRL#*2^9sl%QW%be07Nd6`(T^%6+_rj?Jv}E(!pY z@|EO!`LvFK<_@TT#2TPc5d^})`l5-%>&nS%Z0EvJ9Bz%W>(vkC}&)>kFYb6r{r{Dv>{r;J7P+ps6gt}L8|e#Jm{Z>aT>5k+0yW6LT18bt8j$$g2Vn^M zT;C|`?KH^f1X>n_=oZ^hY@3Lg%-Duv){8faNOkS=SRAF{ zSnadZpz&m}sXtyA$311k-nrF-i*ZY65|N1xu<`Hh!zm8V-hK)!xp)<$Ct}fOk&le9 zGq1DnfUUp2zBhGW*7<`|sxmNuH6iKZyZ9TaMUQco3n4mT8ZK@{yA7pr6}+lhbsYi) z1PzCAt(!rY;U!tnV4QXlqQ%XbmOVn;wH8FwTJ-)Wr{Y@Her<>g8^?uT(?E9dx zDZcglAP5pb?2A+(+nMaue(mI15W@L%Q^K<4o$?XIDwQ=U1?0$XLncuges6`(s(MUG8 zwQ+_BK4+--NoDI&zM8liIzJ^(r1YCAfh31<@wJ{4m=|0k^sq!3YzkO-8Dh#e+zJ%c zpB_(r){#Sbze{maeg_vrCHp4Ii8278tI9F}(U;U1#8gqvQb^MJHco2#c?L zUAnplFmQ^LamxL~F^YoA%C6-jJ*KLH&%i_=G8iDVtdFU;ht9ngci>~nd?u*5F^VDB z{i(bq0fC^rBQXf0v?t-)t8hSdbd_$=r$Q&)X+6LnbojL^Mw;NGN9ZF+3p!5uCchix zMf`Ss@w5ijdyvMOX3O=|V2U(+c!DnIcV_@6q(~&WOO|xYaiE%=zu1N7P)ZsJ-{mPQcr2%X@b>v(b9EbnK2xJ5y;NVewWD$0fs)Cc(a*- z*lzH$yPwmWKHsXySKGR5<408t3!5wIn(q;K%;53O(NyaZAE8N|A1vsj^_Z_CR8;A; zD$m(AJ46*EuYL%TAL-G+?ax6w3`;83v`gWqQ8DY8LQ3>S`{<(&qT;xR-Z9Jp6m5tS ziCs5D?a%c_jTh} z#G*%HrI_0^qGd%$4T zvTRq>*((GwU;AVO;O3TsGH z9poWP88Mh2q9Q8aB*XpcuuoI%XOKc|*&mnC*0)_W>}#qoE%Oi?eidSDHB#^^aVfQd z!ga?i@))f?9liZ6xd`}x420cGXQ5p@6)k#RD3K$%(d3vySBrPqY&-m-MxnPHAu$K< z;L-j#tlxl{zBLI&k-jo6Y?4sOaO~vAFUzrI3iP%h=`|G7g*Ag_N-zv@mf;~4U+G2* zZD0piBCgnE`5~8U^|ySpVe&l5%GC70$db%-KMZtuwA-ObMFkpU2J8OO^8=UBykT6? zq-n9yeqsr{q0&*ImTn>~Pj<{ZWD7jyh~^>q5)nL^9no+&Z;wp~sEt!nx$5RF1xp&b zgtV~7Ee!wCJ&i5Koq@7B5TALB89LjV8J=NIH9;>QOs6Q<@p`?KawJD0M3?OMdEG!jTuAI+^lWTE<-4i{iV&V#TS~iTHc_ zhMl9PZwyc^VNI17g&`%`KrT86ZkE?R>(Y`ZnZCSEcD3_kcX($0KTo?4Lfc}+uUyBj-6SMlqW2Nzl-mU3`_!`YHb!FTp8M`I=xdmS^K%Le zYej~Qr@31{$%fF8*Z;^Ju3kn~&rn!~_jBe(T-#cOgI;kWrcw7;+bTqJnBJXMMuP;y z^e;u(c{=m}@Nh`{qs#I}{Zy~tuMS6vRE%ar?7a^LnItS%9KDdJ7l2Y2sU<~7u6jw)pyvS1oXXE60L zpXByzVsWfA^X<| zBe^ityxzL6>ArW`9oPnWZQEG7L$TAj4w!1s90SDLU7xTMk%(L9^&f}suSIyoX9tgc zUPD%R(Gp~l10ZWW39w6C@^^&PZnk+3w&!A~peTp?9oWqBAb^AO_^hPs>wJD~+ytIUe(j)+ zsPSjC!^75O6jEdyKCE<0u?X@cfzr7f+(E`{U=~CGO7LtCd}W8qwH@jGfe@S{+W_Uu z^keWo+DL|FJK!6WOm7D33Obw~empDO7uwr$rd~a^nOibGVtoD}XbU1en5xV{{@4dd zIG8BC0r3vzz9EWCORflu2Jz60Afvh9vrk>;xDwE#Ehed~O{kW#*2!TIomM!f>7$tj zharq3QhFuDhP|K*s&)Iz$18VIU~(tF=Xgk8(`i`-xe9i=?Qu20f!eF;p(iF0tGqgE z_V1JDGbIp+>k^lQa(>W=i3{a&3}Rnj0ve0e#zcX4q{!ldV?o_~(o>;?tOH7O5q`{Q z=k9xefLy9D8SBu7c=nkpwqAlg>}CMH$cELC7I?hjsLu#%`f#uN#!riu-jgjmG40j> zS+llikU#$nlg(`>GfWI=$c;*KhdtRfAFj|;FlakRosm*f!?5d?oj?eH{LnDV+ho_e z*a+bz3BqaZfzn=yuW)R^yU}m+o9W75!O;jc6B)j4bOHnTfV}2KXF?n5PJ4+E+(Zp< zfOyOxBD#KVV1B%cFjS=SG=RL(dF3kTWXN!NY}V4!DZF)hdtHBieg-H`CzoQ*CeyXZ zNswxowdrPhdA7M^k_N^|eFU%Y&!)Ss$L&5k$7wS^jDK!aUt65w(vC(Vf(&=;;72d& zZM=H#b;9f`OOTy5QRprZNd4vqB(u#asiVt{??C4Mp=t&DK4OUXUKfGXxCZoH%aVmB zdbKdUy0n{`9`T(>dLrljvX>PU%qZofqLG$yb335tDW~ET;=%a}y(WbJYozA#kN3jg zkvVj4+?!$=-}}N!nKT5jsj95{Mk4{7Y)v5dckWl&r`x@pU;JolI78MRy&Isl9E7%a z@N>X%FN3RDhd^^%Z04{c=DqCL6K>Msj zHLdW>d03Sv4)QSY~Bo#maabuW)|n?Q4qNS?9P*Li_0B zH}X(?hvw5l#H#!Pohp3KK_F<;_^v~!bU$pGS4E{-&?|O3iSdsL%}Flm54^I7DBZ5;{GOZkuGqY+<0w-+{iA0)Hms zGpu+w^V;a$5)Q#!E}dh#A(aaLnBzU{@o5;7tgnuR25Z{?PzUL>Y<(|%cg&%eWznr} zGFLxL_0H4*{_2$Du8Z0CO*$*wEB5ttz5B_NI=*$`z|G}Yaa%&i$Fezqt~$r+ zB3CMR#lU#tyBJ&dJ_5mWFDF_3&Ecd*;63cTWM%>7>cdCOWS_j|a@*-#>f@v$Zw|ME z>W*_R_}o=gZauX4xv5wz`G=Q_p?&k!6SlAaFz+G*r$p_TlBmw09}!IR&h8ZdCeZUcqc z4;%a{=%bH#DI??H8oVoD%DTTKyQT)hBY(4ySdJNQB&)bSAsdaWHI866VuC7dUDT!2 z{TgTzC`s_0c}L4!U;sXZ&)$|>o4CSY<9kyOb=mm!nX%a!aFcWAE~=>k!|@06>SJs( z;_-kYc;)D1T&0j3qXiMD`W;raeuN=Ke(TLO&*sWAuj~1{2XuNAh};$z*o6F+$I}n! zbm{j(C>S}Jzi;V!=F97Hg-+*Xf=<`g8A4(6mKhVJ<#qMHyUB^s>afmF%3_%r4Fb5a zAMgKrym<*LLd$EFpQLRf@#SHi8AZonINoocqaqtSJN}Mh#6k}b&FDTuHb(XB1}R`j zCV6@8%L~voLNR(Uhy|hqgq!s&gfc;ShQI_S-)}byqr5HiFJnn(oG$gSa-*MWdsig* zy{ck+Tjl`(7IYw1myx&~8+P?RHclnLqb?F<9o`qNcb*@)^Xe5y>5N9%m(w3eA~CgZ zpj2;E3hwwKQH|Crn947DN|O*lNW%4-k6f5kP6-L13xE!JV2ld}uo1b%aqPTBpYj5s zk))ZgNiJ@E97bK1us@6!1EnBo?H!i0LpE656rr!TwN+dp@*tKW)LW{6B2ZRt zAGXQsocR@BCTNCISnKyI;S{nt3Qjfm>>5N=_w0`hFS{Qhb|DP?xng?2e;m{UT^RMb zIS#IO+QQ5~w%;s;H~~hRi=Eg-W5i1?H!y4|e_Cu+HtaFTl><}0#kXx!{tya}oR$Jn zyer+~=77P#ZJ+Vh&J(zw;9yqF@En?6H!+1C3uzeH$(aoa*0r|-muOn3| zv;rzpKLkcJPx!VqSg00F_PE5OAZsPjefKUSO-^OL-ye-&O7PLEua7{8P}y;N!v-5576_doJj5w;Jdo+P zYHeRU&EUsfJavq+XWa79xKkxBISPHRd%tEmSz$h+!GESgVc9T+$gp)7QQjRiGjti47 za#EIMOOuQOvy2XgW;~hY+nMFxnB%xv;yhX8|Dw;Ypc31965`-CSBw7x7~F_16C;-i(Qpc46Dk_P!L- zm4koi_rt9Ude#d<5z|(dik`>>(~O?*`ht>K%rnbTS)>`Bddc~o z^n}!3;OPV4aEDEFct8*}M)(-(-M`N&GCM5Qtn6;XmaF*KFs9Eq@uzT1XDywx4V6yd zcmX7Ea79o!-hDk~3L-J66i=QI8Rq2+B5S|S0RQV1$P>ebflZ-s{F)RuuXb$@uzP$D z(xJl`xJAo9Kuyjv>lkLh2)^iNt%$#T!6DUBi>jhs`+=CWcQrzEApXiOI4g!Zv5$ir z;?q%F%JPgDY0a<+NAruAN?X*0v7#q%zU9Z{;H29vhze;utFE4n2gp#RWsrVLMXXRN zUTEZl7FEm*slk5mgH=C%vp}avW){8cXxi#bl2_PS=wZZJXwj2_@)`CrD)-m1Cs8Zm zGV1W3r#jDIH|Ay3Nvvg5kT1W1G8a<~B@LZH4dvH7{zX%Xmz?CO)+0+hmAa@R{eQ#B z%Yk8vd=sG^8h=NwGTbH%M0llvzEmpXf@OT%Rk(b;1x*>UDT2`TK)nNU!Mf=>nv;Cf zqW;sC{Q6HBxhco~@r zuwIuidIkSO3|5Bpa-YwV-ZeWoWHg2QCT^8pfdo|~gZl4q-%k?7W$Bv&RJ>jYl%%D? zl@&?#0(o@S2v-H(2by|5%uO=0P{uEBQjHlgQ>_cBA#u?<8^_@q9OL zsvlpl;q-pY{6R~_LWv_&iQLt%0oeQN;yr7FyO{;QiWj$7X1 z2iyXtFYDNIutp2&jpk`EuWs_2v)F4PEh`?xew6eO4QKTCUF0GiOu(NcQoLu0%A^A2 zV^6%vASo$XopXe$g9?XsalnhvBi??*bXl8BnER(E&<9M%;rN1SqXh=rFz210$ z1>9Q$vreO$8$^d7>Qn9#$KqS7Hex^3)&Eu6T?Vz?cKZTup*TT`Lvg1#6nA%bcPF^J z6!)OTo#JlA-6;;m-CCqL6xiuQpXYt|KJ%VEXU>;?#`~mUpq5Tn<$)cEw>LCF;cT;aKXeIzG!Z&G@@2(ftCE-xbh~IihRr#M^dR zYEMz!)wt4QgMsH@Tq*17s*@Xxrt|bFfnP+5kq$h{$e72F>~&XZv#gKFk0$S8dLb7& z`(VCZn*EiamG(S#e&Fw#A;8qj`Cd`@GFljQ`tjuY?xO)W5X>z=R6w1tL3B#AeWRT}yx za|LO`dtXZXwoS6UL^hKazIg~G1@SH?jK(;#bg1W-bvpI4w@-7ep9@DMh|6@Rso?y) z7nS+BdV6nO@or_(D8d>KfYFCbXYXzM{p>2a3=rI@7+^Y5q`J<3!*kE)H+57oAEr!h zR(vw`WJqj*uIUPa>5Ey~{@eh!=8g{cv-5IQHWL|%wA8vqhePUlL&?B)hnw6#SLF?Y z>F49U=qYPdJ+#Z;`@c`4KZjY54W_QS&WZ;No0rdWQT$_Cx9Ozl9?h6L3xgVF-$B@Q zcQU=rBbn)Qn~(d*Q>H>vM;(IWo~-SiH6%uf9PyQDHYXvaQT$|X%D7n#KQ@1fLJu0X z4T_N--Wiz&je?SZ+sY$elY-Cs`}s@@^ZJZPs}vCW163Wn*a|!x-mNudk=KmUCXB{q z4LLv`j@rmMO72ln6f$ewcmz2=Kb&)I;Xr|>dw!PNTe3$T|xiUY%7%yTAu zn;#zTx|>VDq(umBuRyCn)?X!3hf#^H2ie!A6e`>?_J=UWu9*7h=_s@F+wpUXGYiux zultrI7F)s}SXw6s%*gRS?&7~;NfsQ|zuCT-1%%0;>q3L~`T%1r!PIVa81P;X7sFWe z(2FZtX;2-?zjqL8aR%P&PwfhRkuvz7$8OwJa=a$=BvG61LBn?K|YA zZ4d6^Ux^)Ir0~NZQg~j)>80*SRY;v|S~wWdH8}nuEXv(j0aU`UwYsD8Kuy}}H-iq~ z5QTN~Az89L5GSh9IZ!QV8^i5adlr<-`^*C@0+oioEq(~C!Dwv=rK?2Lc1t9`KX8Tl ziDIy$%0LbWWSd!DO6h9v_q%9c44IJ3P*jNuFcL7(%9obx(iW2-=>9@h3@xb%?y|)8 zwP-<=PsdPK(-%M+nehtI3DQmBa8s@7pGw1i2A%)YMfmUlCHlF-@ThHZX(eD$VC9Y2ADv>T zf}Ma>C7TLruq93EQt_KGS85Ti?fv%u14}VR^7tA%f#!q*!HbF5^KFC+x+$KX5SihP zldKHY{J{|<&X_UPKPJU)RZ~Pz&A)Z|J;A@=2~!)UhCkYqXj?#PxdVf?bX@vJ@k=5k zYnWF~(fqaAe2KolpSR6YWnAaQwGpKHd{t@7kBgLZzG+*}@Hw|#!Xi6_ z{>&!Rpj2x(l0s$(xrF|142br(MloOwB+h@$hiF;6IT0XOpe{Y2r$yGX7VE;f2~~$0 zf_c%3jq7vQ;UlE)OAN%_eHVF7^`;@GlRQBv&YgquiILZU$}m?R(-AQjjhq#J>%DUx zZPerMp@2o@DDMM-!(|w!91#IrU|W1}7!*4L31toThg?VSP+T(-g-uz%2Vp28LbI%rV75CgCR_yBF(j_AEfyJ#2Bp=Be^Lcg zj!yH?0h9B}8$hVhbtIw-;*188)!CbIUsX0c9J)3g<*hm;ao*SKAi6iEG*R(HGuX}(ddv&8N`rmhQfsT##nE@pgL8f zQS*O^4A!+@fnh`SYr4j|Z$4cA0L9_W%K>?ZjBi}e`LABTHr6;ufh@ssE7MgazV|KN z^%jL-UROXrzZ-;B29Yv-Niu}i-UO|b4F|I@%3{v`cne1#!JUL5v!ONx4F%kgM;@H- z>9*+G%Q%N(Rg!mVijuG75^T@je=4XZL&Rcuzd0D8qO)e6&|<=b#Q)%YPB)iy2%I1yCAYsE|1%k)(uG|kJ_&_ zR`Oi8{bJFoehKmMGzv7I^*88Q0!q%4JIT_Z5W9#uaNBEtF5%-OdlGu@F zk!NS#5W1jxKSk>sN2^%$h4B69PM4%6Iq!@;@QnTZcywAc zpr)c>7H<EE{m$rACpBh52^`9Xc~_V7ctz)6Jw zM(jRG@2k*bjp9w()-dTUS{6ogck0;?hr;^fi$=QtrP)93to8iv9mSr2=o`QwyNt`a zdIU}lPF*w=7niVbZnLU@+hb5+Z zPI6T@FhNA}^EOfk4Z7$<_gZ)yJkcai8Fyms+(gPObcALx6lKfJoJbR(iZPj z9zP*nEWxR^(>z@kKk-M~08+O7q$@&1tE(cO?@!BKW0bDn1RXxz_KPq5C7oS0lm6#n z$RINteV#KdlKbYCmX^Eg-O;D@^z`%@KYibaRrPhBoBk9AJD}d0_rs5cb?=-0adn2y zUq@dUBGS!Mpa0V+G8>?0`dzOxtbtbNf*pPs9-w zbt6!~=XtMqz0+46n9J8pC6nnVZsO-k%gb5&@G*>+Rn^7p-rZM;ea4OBg8M;zxB{&Z z3OK^@$V-M?_3g@2Ya&*1YPV69yAfDu0<`V|HmswO)94@>w3AJc6kRuCyCY&s=@Sqp zRX*V5+xY7hef-0Ch>rYbJkW7|GaeKA=bV+8h=uyi#;(h)QtKWJ@HGlGG|W?X0LF%E z%1}We=QqRe8?B;Uqyg4_BD4B{sXe&)@9~G)jNlHWhTGR$JI{QM-15}_4e|Jphl`YEq&)l- z>5O|8SW*jr2-Oc-GK2(7hLPY7)ABm|ZAB;c0+EWCZ+WbuRMADEK(Vw)r7=qeWk8V$ z`{1JG4Iup<0d$LSNEYEq`^kl{!LualK_o~dh%?syCAEQlGgyaOg~*zxyp<#pM92%E zIG5sf7lUaR3A2R8MWtnueStkv_wdV8|Kib5`kTW2z~%@2x%^)b<;MzG#%3f)L(bVV z7^l4+&TNL7#}%Y?wh-y)6AFjsXTXi(GcsV=Z}g+ZxpOZT8FRG|Iq0+b`;kl^lERQw zh8pnLyd!z?OIY$UUO@JO6G_E^VVkIxpX$ROyn`y!^$*^moHq7<;vF+2{};R?=lfrH zM^w*$!#g0hdS6XtL89iOfwuhWp|1m?hlbBU@{u z*aKIy23N?s5JzXYWd=IrP|S5E!fM|c6DfuxJJA@)FWo5aI8MC*EzY2OCD1FfIE5QC zQMHJwQ_|F+0`ME;K_P+s*-W(h1#cbR=do_7&HNQkGT%~5Uheh_xt$Xs)gtx%6QzvO zSNwXM83OZ3>W;QJv0mj>-cXou9c1LCgA)-!YW`H-eJd@1!?@Q{1_9*-$qF*1*>VA}P5wTVd>4j2@aH-s25#sSpc$DPOa$;QQX zK%Ye|!F^X025ebME|W6rW0cT!T)N6!tD41QQxQ2%Bq!XDzI;L_A#K~irjTCX_Tlw< z1I_i#Kf*Sx-ZJWvaN)YG7*;ibJ_?1S)ghZO#$BP{i-u2Vk*|2R(^zAHEf_e?QvkNI-ZpO;$n*p2N%Q60m_~yv9IIoUqSwdSY)$gk zkQpR%8y~*q|BiLvV(wt_?8}mhE`c1@8eaX)bx>0mfdh_zJ06+$OI|QUZZLzPQvk9y z%E0!d746LEN}j{kh)SM6Ns%u}f2Y=hCgCJA;?GPkK6Qy@gB-YK>npb=U6#5AM}~(igv%@?w;e zC(7Xs6mA@%LCmdRz@^3aBArMd3^UjZVvA`w5vQq@TV|qJIccagc1lwlenKa$PT+=# zux(il`Nd{`%7Or3Upc(29-#G0IVl8RJo}%Xxc#M?&LU_=A%$%c*}9ON-PM zg$!q=)OkN6)z}?tGrEZdH`c}~Tvtkh^L&%RMp^K_9EmnC#oHUJYuOYqdFg_4KiZ2( zpQ3`rAw`nyhR&>v4d_ll`X`XsbY31#y@+SDRT;vft-#mJGbIz1R&K9`^h39A%&RNf zXOec#dp>a=DUrUg0Gd6ifBCrXaVN;#xW(!Y9voyH8JoBOxU2CdfT6G(Lq-}3PyN_74Ar__OlA?avcA@3>B61)J<0a@k+n#A_12?xEUWp4CWAgM;a%+Y@#7|2 zPjhp%!-Q3wtlY|XM6H7)Wt}z{hbO!<;r&4q%#b;Rp7Rf0@8LX5J#dGa$&kTH(C^SS zC=^+T=Gca(jklMpX;6Y)dZ2DYRBwzfYrS*b-q;YOysqH$>plVM+8Fb`_@l@n>Ys5W$dm-PUrCXvNqJ2R_<{!%W{k75w5a|wpW+R6+Gb_EhzjVqJXz)c)gP; z`w4SX`SNn5 z2QGiKBrZ2zl`T%jtj!Oz0BxCX^-7~Z1L9*`yXGOxCUcL^qvYq1VKP-icg|4!~HUP%q z)zv#6r^Yb4ot7TacywEIfvUq z&9)^7aT)lXSAO9yk>k&j!e$xK-76PkbVdb@%=t;42imTh%DG@0wY0~}$(x^>zK~S` zK>M}U&$Bcpjyh;of!S2%C8lXM@(LUT&6U%ZlhT$t6rs+HS;jmOw`9x73XYw?=ebo{ zfDvblvXJxLMa_jCe1CE~`%o7s737WFT|ko64J*j?UFpzRWZ`4Bj+wjmgv45A3g_4X zFmd=)vsiY}tPIFg&|z-TZ`=wlxV7S_-@aQ12`Fc*)hH>&Z=A(AxQR>191P}l zW0%YcLm8m}-U9Y`-bPxGQs7vK^}>b zCHqJ0;0Gf*>y^h0$Go?KHegoIi9|INA|$j2aitan5qijG+bWe`R=?c{rRTAg?4cSi z*zSc!9IXjyUupQExdN#G{#w8-JMwCQ?+{OrJ;#hpitV1Sn2Rqv{$nG5gC}6C3t386 z)(_MLFp>#|)h*I|e=)c|Xy5?vgv=+EMX^({^OB2Z(@6a3k-<(foi7$ek5fj3%VkUW zDnDO@Km=IqgF5Ot9TpPv4Q8-bqT`c|h(%xdi!u?(T*d?`#^EO}kTy2jws|wYrZ1{P zykE0@ys8-|RG#4M``R+!jnj&qvnP%e@y`Ozk^duhm>ro{k&Y3`!dBcr><_CVyDI#i zs;>!SfrZcC90>p3^^-SZCR!pJW+kPz!T?*?=FJn$H%JNoU>?|?hs4=g+l{XWJsWKO z(5PJ;?N38Da99!jE21mKZI2!SVqjnPo8VCBWK%*W;|x~LgdDnaeShuk3J<-1e4o|<)msiAL%60(q61WE0(O(%8&Za|-kz5y zc}+@fRij0_!Z>LB(ed70hlxj%wEI*eL5xj|(s37vV@YqhqeYh_ab&$X6`C<_JMenI zmK^kUFkcbfob=b-S2imn7q(&QsF|o$FZ`ZvqWU<4HD;&%Rk^Qqzz@5ag>ThrKN35X zYqU+)1%y6hgs)Dk5xa7~Xl5v100nmh84Z(9e7E^J#9oVVP-=^A6R-G5yL0keUR=fR zC2!@B@G8J*dW4hiQHJ$gz=`hQ7&+SAT0nGi-k4kA;X+WlH^VoAt{4Kn+;%iU`2F4$ zrWNe z1RvHPoLHCs8;>whsJ4=%Jr6)HKQ=~g->fmLIDa>U)q~NU`&;BFep#*yB*9__So)ce z+x!lee!gvfN9U34o*A??D=D8M*WkY4a|~`7>R%4aY^8^0JG2~XU7&65-K3u%Yb><0 z+FWJU+hwX)4F8l=sk`)4y5!Y>lN$R>{|olQ3La>rTDYb{L)V~1T3eF94uY3F%M^q% z71z>c7Fl6`?+`zDm;LCouGlkT7yL~|!?CS5!Sh0Vq?qJymxB_(XFL55*a4rOLj7`fLIf129e!#f{(xxpa*Q>myZKx@tDT6)IieZelz_022 zB3*f#;}!=xy&~kq{QT`e-5J-?$<+E8QtRNsb99lN;3`0ZQc-pfm7tV=7qeVvn~v%0 z&u)P-G=H3qGY%6a$xPPYV8>rhhs@*m(R2A>k@o0}3e?!RUcRZXQ25v3V4njOlZo=> z`g9zV1Rt^0LoZh91}JWHF%PRV{y@Oa@-TJo6-yZ$yBC@`6S$dF<|`x=Jxta>&81CT zJ!;KpqSo+johm90>U}907rW0p((2LSQ~3!D~M2* zqh!BY1&GL>oe9|wj!F_J#4d>3;*XFV+tqu7z5Y|08Fj5?qp#q^?R(U*Y;T0kp{Bhp zOMkIn7_$?h=0CBV4v;hgl@fEx7pA4hqG3U)%P$|&rQK$=5jc7F(~J8Rbxx|E=X|yz z*&v@BdZReB=&*F`f|t)*OU7VqMntK&3|k)KmeR{sx!bIA%=#W+4`VZz{KYbWhG%op zt9w?7Gb0}2ZtE5LPzozQ{EqZH9H^h7sMK+G@SzZQRB^EocUhcqb_l!l+8uan1UWP7 zCoyiHzif{tBC1e|76b(+a6@5*{Nz&B+Xw3a59i)+u!x&MQYG*wPWUF=dZ4>fpuo6< zrZHXJT#RJ9VNz-$UQhdPysyX9MlU-I>w8s-Qk}VVCR>*~5p&-@|H9awD)>mXgUGuo zkUWMc?&|jY(e|%+W6<_e732f|gOgPU0c4WIm%8}OPYMmu=;Ur`=hA;rj^9p4AlOT& z@qckTx@RW|Fg|NB&CQotx}vTn7ubRteO4N|R8j|ns1u>KJ?V;m1M$PK=pS({oQ>u5 zu>N=~ZS>w(&_-f(btfWmI*@rz0q)a>a_x21`jlz@BbO3tKwE7{7OkEYE>BgkMLKF1 zcYe{Y+3aS3okn8mdVcr$t?YAM+0(+0{N5)5f0%T&B=K^=S zyP@L==5A}Yd9*RlY;W%NXgSyf=0B#RPG7r%8rx{dCODf)5fb8P$Z zq3vqOCg;8~w%vXkr?uXiu$`#3K?*<^`3quDj)aYoNF$;o(pNiv3D@ag@rjx-HI+mR zqCesi@wIY&@8c;x^euvjeMpmJOH*^6EU!ylwfaHOwN^CrHsvsSC9ZS+&<&8H&fNh5 z{j=JciCD2JTrR2iMSRA5uF`a$tRCK9T8T#~un8@}nvy0)E4X$>ic#U^+6334j$CIV zb*8RVMk+bdnS8iny5_{89NQ?^MJhS&TW+Mqj#y^7gW0C-l1i{K8*><-&ln=- z6P-*@ARDFxgT<@ZABZ4fm-++y>!T0Xn)9^9dqBCOKz)qDoUmavR7u4$>@r<}R-hu3 zQ`AU7fZP4aCZT}3q zr@Uk#FhD$}rqlCIsCtPCheB$P*6CabhV^ZX8>dib45zrN5qczuhs}I2SO{=)#-Xgz zBewO~mLu=4QRGCa5I0pi4G=T$aRG7|j+t6-fT}S5K0v-_`L%BxIV+tXTd_Y>C(~e@ zN-fVGJA=5c-W?X@n#xj3j^ZCxc=;D3@VGUs!}+^n7bCP~IJkPJ7x9Vn6`aT-c*K7+ z6m>c(K`}ozhIe4=TS77aQXR;Fw`J3TOf=yN+;Q5rfrL$RSv4C)+Lh{HOg~ufiqb9s z)K>4iVtVJ~YDu!KM0lEx+VOXQ9;++G<-do275gy83h&-j@{YApgOTLp2j~0w(^8Y@ z2wErMsW>rDmmlDfq}+xItNNNHv}6hxC{!*H56D0!=Ob&fMD`wyFD7MB-`$a|g=L-I zLg#K&m+h|ht7CWcHYB{?ToOgJp%d$P_?o=6)|-#43;U?&e$um)>oYoO!>%8YdvPNS zT&!bDjGg!fBmcvHeVGt+P1$^`xrFc0Ih@E;0ytYgG;C<0qw&r5x!ZdBESg_(@YEnJ zpk7ySTG#oM<=Rerm;KPa7=)H+m}k+?mSZMVxggq*#nkWT>*4Eu|KrYj*lve(^1{1C zqq)-~EBkqTzmt~oLNtrv=kCvweowJF@|!3Z0Q6v$=*MJBzG}3X8O=m4&{I zk-L(-Ew`All{LV{r)J_`mU`NV_ck6-!~O54*t0U1jcoSM`hg1W?FmaR7txlHcl{9_ zh%hN}G=Bhafb)Iq^NyTdVTv*#0LZxVZeksdcA+mjeS-Kuqmg^%n*nVp9t{Wd(y`Gnwp6GgBZy!cX@|nqRwA$GsI}5%RuET zLt>PPvDU)M{vO&NV}DS-m|ny7nO8$nZ`#qm-0(Qw^{^KcY0=|)skK~baYgK;s#H4> zdIIYNDprOrCn}(<%!U5GeSa5L{#97-x6X6BzXI2+Y;upd+aHI&!ohIUzA28+zfe6r zbJePH{5b_n#ceO|$2?v`myGpqxHAz4@TZw~WDWaAaMYqj>qh}ImGNZ`I?J+a zssP!b=Wkcv*Q=wBh0pKD7Fylz{LgQ!%d@w)HzVj`LC@f$1 zrr+fr+MVWA3y++&?aag<0G4?|J**aXo%=DanFo-D5=NzeK-h>GH2}cQ9Ut zB`hJe+&Rpnbi_+9F}EmOw^wMbyMPo=oa=mVN-J7Md@(rAkD5-~?uSpB-L>78jr>-9 zk*@R#qF2AaJ-(NjuT$H}hGluEo?;bt9(|Mh+k1FF4^8z$-I?l{wX%KkzrZOMi<37q zKb(}2q5+|gP`=7sBzDShK}W~CX_mFtZMdz=I?%uBdHKq(Y%j;7kl13p)s|O=zCW)k z@>>rTl(;`(c+bEVpKX2LK9}AdpqX*MR-G#|uKYF(oi5E-vA&vhjn1RwG6r(qhr+p? zIw@sv7b|@EPvLyG70G+4_h#`UGJv?R!M#ig_&Vv=9WL zx^-LT!+rMnl_jaZ2=!bk+KKU$Wzlt@`n^YkY|*eLagI|aP)zXE&06q3s9Z-f{W#K7U`d0c&zUyrfOMhbVFXM&G0AErH+KQ(tq@gM89xra<{fk z76hvMfiLM%?@a#1i2Y!`OoI-^CI0xVSwkAf?DIf) zCd8XVwgV1f?*blL7MLcCO%SEqk6dVKS0wXc;e7&-tabWrryox%w>OEPoP z#}MXHx^vhlE4Ku8;gls|^EYVO3?ob&;F6>K3d12m!#Xyhm@7ic#iHzU133$TBUyh4 z6#-vJ6k+mM?AF2W{k5a+Z>qM~XbpC>X5l42- ze2kr<$AcV#(_yLHqsiUoS{V#7h_2>I==)hh7&5?BUiMoitz61M05wU&5fLMwKj1U14@*{n8jY=h%9l^ zeOjO*D4!^5ZNOKOYbx@4c7wKbV;?dq|odkv*Cysptr~z@+iY!QQaQ` z7vv&5PPq@41?+MJc(AM}T%?1 z=?)?-PjxSJr`|-I>-9HlWIo%E*7|J_A&bdFAHVxR4zTkZmR<%3fu0LZVb|6(gC!Z- zK~wB<%MqpJ?se1a<%pOX!8=z;UqdgTwBHZj>6ik-HTplLrCL4|06t$5Il1xMG| zSV2a`$~G(#;g2>Q2bfWt7dux69k3O~z8apCvnAY5!*&Jy3i#I4Gdm*vT}|G*cix9S z>U)A#Fa_8>YKDuEx&9|;z1_iFL8fydhQdKDe@JJONDPUs_T^ZHFY>q1IOviB-^Au0 z;c!?{69^#8hfa3X&{aZQaw!t4385h(Kz3QCzH9GJu>c%~t44{S0SXGpUh#TZAK^r# zl%TzRW8x3B_z39r)pWZU{ph|i11z7X(|yfycG`9$RCcnLBWCCFi>vTIasR!aJip!=-Geo5*O4iZ3EULgic~g`Qq* z6CnA&)V|^j&?vtI!NkMR0;C&UXds(2@lp7r)EKlbz#3=jYJ0%?w`7AwO>^Trg9en- zgMC|a$4`(IVVYzMhv-g~?Zoy5T$)Ku44q(Ypf97Mh$-U$_az^FgyYErsx9n9l4kOJ zYStaVZQ4Fn{e^A#k`!98G^4%G@`^e*Nnr{0lm>#Hy&yuO?@dld@m}~?yLN%M>}aMk z3GoU-1*$0PP+oQ54^uF~$`_U8$a~!Y(ac)?K^@|}zx)AXN3J%1MSN9y!|8Yd-tQz} zIcbHP9ume%B6?9BaWTVv-YL1ZAj1{b+R*InsU{Wu7j0ZnMYlUkpC1iR4u`BRYn(;jgbk#@ zv?&OjHtI*V{^IGMLd6|+15mLzY?adsajJ>bt9B zY*crF)g(?)6D(tuhsFXj8Qq>5#yYqc@XyhsZrI2Upo!PHhdkJZQo41cVSuq~kxc1V zcS1-VR5#I^zELQJ^{iB?9R%Ml;Bip2!MW8BQb$&6q$i0 zWb4;AfKw8hweuQKdiE|#L&%`dARiHFV_s+14OxGAd28&lqEoHk&LU)4wzKK~-3b;o zi=6T2$lb3p$|h|wgG|k>1y;|op&gzKjEc>qHPE=&Z6x}PtOIBa_lO^?jO3<3mVI5U zYyWOVr`H$U(yA!3SK-YAqasVnDC#a?X*1bW)LG>+T91#W`epbpkRtktyO=bFOH-xHuup+ ziQrQG>41$y%GwG}$0k&E5`PBHYTE^U9hB_XgPNR8rMByfBJag{UEKQLnynV57P&5( zO!H7pu=B<}OtkO2*3nL?JbSs%yV2bc26Nvx#qS*N&xWs_A{Aib)gLhU;#CEvQ0ln` zU--NoSo+RT{I*}!y@iVFdyC!idQP?N`Fu0~9I@5imirtzHp}t)9N|Xbu>~E?TcNE7 zJIGCW^yRGpV*fa*0A}|o_iy5<0x5g0Rf4V;D+L|9zStpZkx4>nWmlCFyn8Fxt|_sW zrYG;&Y_=F#u1cD;hFz_C@)Q&i9ssOt0jnEzw%tUshe4spL%>b0_N)oE^4qQkLZ)=y zf;FL%_!Lr@=?sm^XDdiZnZLoTDndBk$%!$L-T3YWe<3^+HumMX=T^}#> z6DsLeIbKDeS5s(B%@ce@Kl9zE7=S3ucyMlU#&G11?^g=w$5A&kZcm-|pC@rTI z3KR-tkF~Shz(|`zM0*}l`dtIVl&`p-EEJf-1xs=(!6|eM!i^km4u*k1MK7J-Cz}nH zn0AC+nf5PRr7dvESy6jc*A4OpMw_L+kk0Lr$_CDf<~EA@(--+$w5HZg`W?t@0$E1m zp>Qw}=o;h+1?r-}ir~`M{&C#kO`-PbR3tFrWFl}fX#U?w-84_Ug5YGTnn^A~8{z~J z#>as<-J6)D!xmcLtUc{tymnrCfyMXo^0a^sIq}dJ)vCT9E-PM0KTHQJf3!I|7ig(w zmG;DaNqsCn>YyoXXxYY{=(TOyV(Q#<_uX;mc>FR8ULU0wKLQ;UFU7}C_=~wC3hAp{ z#=30Z0ZU{I2`uC(0|`Y9^(AVlhgW#|VHM&&o}ADdmJ4 z;p(OPq%_cEEmzlo(ZxB4{qSKF*#tcpV)6@J3Bgm+=da)tRB4AOZs|JGQ$**CR5p~r z1WhOBd_>H-S^0M^bF!Cv^np8J3WOE{2|^p@t*{W8cMlR9<2LLM(=c6WrhMjo)oc+a zr}dSg7i40ITp`FLGJiy3x%{9;am9R)ivu!wAYuu=n4^1{q&V~1=i8%RNuIX*w^QSg z4&(K)~46d_x>Rz(RmQG%+draEk zHRgR+>T_-@e#OEY+A0s$EhI(SS5(YV+&ze4mjhdvk_4&34UAqJ0N+v|OY8I{#GbR# zfddj3|6nWU?K%gXqcc4qosEg|%B_f1Jhdk}*ArTnFoSVR(+y*8)?D|%_7fyB>dWZi zSuk#n7dABNt1OYEfEWF9>_k@NyDXsI;6*(2{k{Yr)B;J1-_U##AT;pW!Ux(p}Zuq{>KE(yRogYmUUbk19vlXG;Rj(Zi~s!QIKtV63(=#IYDp#kgw`VrRRpuwI+C4?kRjtB(EQPDdw1V$TMiAJ0&(} zTliGaLmPy18)2B)7$~C z9bIW_+md5{M$C?JLNSMlDS(iLo;AUQPTve7G6A z3E5&iZD-8s4G)ueJXZdTZ0kuM8$4PlPo}!UH4$D_bcwbTY~$wcgAyA2aj+!zX()QH zB+61^77~n71^N8J-ekjhHtCFdW|67S6G@^ihmiuxLCQZLZ-mWSA&wA~J-bgX&Tt-! zd^A1)ixlT&H4uyZm7BPS*T((X7LB;ibl9h~NRAWbij6r(GBjkVcX@sD)-g3K*F@qZ1B>pc!L@34+piG#nQ27GBMr0 zwg$+g6|oUzIWoflbMDs#q)6 zEYez;>qX;*%vA0=EJce;7(okj;U>jTnovs%1%!vh?Vly=e~TpvNQubh zr(h4A$vQjx3)*dyE}LJySB*B$@TRq9c9srDP%!cp7W*0J0Y}1v?j+hJ3Q2pa)O39| zOr*iDN9(8ZaS%Dq1_nVsm-aV9joCWTn^5KR{}eC~;MGTzo1nbpCq10f6<+QUYKpz- znD&=sG3HL>-yO`6ZfCK>rd(3=uyq2?w*?qq6^)z*W{%;`KW*ph`$SeXJ1bYoN;}mf z267q)&bEydY=y>%8>(5wOoNv%>b#y?ka)!MbZsQNq(bDv5?y9eP0=7d+c|0i@b-p)%<&DbXMQyq^lSX+n~pl&OvTp z!-xgOvZu-C*w1RvX*AaXWdu-?}jYwo+8&pO5ir2wx52Q=1z3L7X~yo zj?U=vl@@Ow;#kScV)HQ5k=~!Kwkhr24Bek+4>)2l)9HTBL<#EzK2=Wb8mGSz-F1AL zZg4{e7W+RlPa;k4wmK#cgEO>?FM9uHWEU1CIL3)fK-tYU=Gt_mC<(0GA5`OsR@VPF zgK->&L~+#Vf6O97-gufO zrOQfmZmoyz%=1n(UsN3=A%l0>G6I(}(ZCxk>Bzh^G}yAm;c5a6y>8AOe_BWVJJNp` z0;`k{w(=lhA0TJ{E5^x36q-Re;IAj5S;PXTiUb8B);9gs6+}4Xry3I)@DCyL!Q}Jj z_hpJ2AXpC)0Y^h5r4jv$xbdR>Ytc^%M+dQxHM)IahE0njhjh z-f;dj?gHlxgDtmkk|{isqr8<%^Vf7ykfh%#mR2=)N_N?7?xmF7WT>H_FLkvgETp#t zm}ag7YgzJF>ccs?a;*DWC-o*g0b7g`8WY($M%q7Ste<@hFkCFPka1KH*gv?X+{pM;r>w}|EyI0{r zu?OSVXWC?o$5!hWwQol_z4v=pXhw!H42$m774`%;4UGfm=ixqBaNK0sRjX;fv?VB# zfxG%d;|dG`tZkZmES2_d?F)lC6XAq-y?Irs|84RHw73=?5Yw!Nl9Mq)EW14|bQ7wU zSd>y}WmJ}B^K-i1+LH<$xCDO>X##mQZHO0I^wOIAjrzKa>WlW6EAloSh%boZ!FaQq z9In;Hv0U=!uJGW_&Hw#i)Bw(HseEAz{4&4antPjZ=);MDIF@ZbLKEW1JyU+(LO0FC zZH!jm1T|_>zH2!`5kkw|zwYd4P4{ltTZ(+fedYhwYvf(|tMSx6YIXLKEp_eZ)U5{Q za(ULgD}_ts1*RBT6G5HkI>n$($xm`%u8V5W;?J}b*zmNr1MZtdX#~%i*9-N&jlOG2 zgyzK5(p=?_PVJAa+&`vYpls>p+sEzpddS(>*L9xOW<;>VSv#kY^jgjI>0y_6ExZA| zIyXSs=t>~A=au%Z|K`huBTydHdrkGbbNadU1ibGQ(q5FT7Mo(R8D38)f z0dq_C5AXjsf9QL%iOg-lEpKV&e7b#w|0O1^ixC|T6Yc&1&fXV!tXwRW%-O)N0<8pW zNYgTV7ymQaOy*FgBQi1lYvh^O?CCR{nOOlPd)z*u56n_>1)jo($t-r!xdb`$ei*G^G%c+y3C$6EWr1-JHfd6I?{d8mF0^W z5=BKSmO?1XcP0w>kll=>xff!Vk|AO5Cd4#%Y~Kw%*PIe+uhDWDkdiU3Y6`YrVy{Yt zeTiVQ7+mHzg?%N`=}d0(yW)YQus&y|u_lNV)o99%4^9B?{_Atwn$}V)phqs4&`NU5 zZ?shy-Ulk3z12DoE}eK7L>QA^h0JXMs=qw$Lm||dI?-XXEYnJf4vtG!sw~%K9?=tB zJdC1m*s=q{GH;sr6~-SF(TK$$f2j?hrlwX<;XTU4i3dwj7%AWbj%oI4583<0TITWLt=o1WCd5n%b%NET9vztm_X>cK;(u zPBtE<#1sL*`w>Bqyt019+__=AqqG0Mp|)SK%GMLz^2>uM^N49GnxgSUhh9*6M$KLPYmD$zT>iWF~P#B;~-EpaQ(=;eT85Qt!vHXBu z6OKgvy}}6#_`1mmK<}jYth^_7`gG0a6YcV($p{9WE0pMOBZ=o20VYD9%+2#5|nsuss$&VUkE=l72* z?QN}qK$)_5-Gh0Grhg-$(R#i)c0(l;>fVhmxL!}IW{ByZWCPtlUk*6hW^(Mj|Gyt9 zZ6&y7n{TqzcsUCq!IIC3=9etTR+%fxlX3!NsZ^}d;c_!GT>L&cc_ut!J3eU0;D+#fk zS3egQ6GQI4%IC3`g^iOSJo176CXi`+oOLO~1x5JtZ~nifghPYEQ=QZ+=l>a2^LeKl z$>;WejUq32Rjx9Alv4S=J?v zTwn-bwsJ=>sxGi0KeaK)Ky7w(t14;8O3ueLXLx*4MF&gY^^<(>a>VkzaoBOWvSdb% z&u(MClY@Tr8U`IOiEuF8>#T`}ZP}aC=XR_~yHnJ0j_USLD<{zuN85_Gw?=x??~_tE zF?vxCqy#gxnsW7av(8};p>4=j=OZiZDgc~)*Ya(O?%P&~np6p}A{LPyUL)e-Pxb5#2S_O0bci+Q4+j0IMNmzR3lpiC&_k*akIg77d#%>x_c+GnVl%vvu54)hgMQ z2Ji(+)RYDhbmdPZIg|b#i)QJ!CY`b2lA_}Sf$Tjy+rWy`#%^DZ?xgN8Mmh&y<{R~# zf9_r={#`CHR9~3T?GiF5%L6MP7;mTB~Q%M@LDa_rqqhMq@*$P+1(c-4*1u zc^6@euB<8kv!ucSN7YQZd&I;q=OOlorMJ8I~TXY zXhpc$NxqIWu_+IG+{^Ddl-rX3=V zw^2Mh<-pt>OfWk|+>uCD@~$z{ZMWdL5k~CyUhsC$7+-Sx_?%RT8;wdhMiR0{(FjX4 zgpXyL9bFbQK%2!TnvaeCXv?|k?1F&E!z%yeya(!}X}Y38>|~h{6rtnUe?=98Bc(Fd zHvZkM3dSgJZr*P^WlYncclhG!1kP2nM9b^(jz!F!sqsa}2b=7s$|`0|uh4`Y?zF;s z4;;fDMwoRU&a4u)zmK;J+S1NU#$}$h3OVBXNOPH-6!i^7eDPV)7gk25oPzkAm}_gr zICz{Jig7a=(<}pd_2yvaZ7mMQvX#FdQ2kDm8`U8^cVy(JKrEtYjtkP9U$xWb$4K#AC|Dd$sFU=9MSd^0OQ#|X*}F$kUi1e8$L&C6uJm>74IJ40 z7kn*BIq6r$U!rj>^2=7whcGn7Zb`ZoOgUPYODL79IOMeM&;gZh_uI!v+jef_T;I=@ zKxmsh4f2}dg$lGVyL5pXj_kSEeX`lw7TK=3`l{!Py`Jsww}}mzX(}BU%mH!Rv**CF+-GN(w>jDM zOVM-I_w6^8V*qvE7z4>0dwOl#J9d;B}F{X4}G<_>$w?>m~P)josMLizO#6*xFrlc*f46> zJpe@lEH<0cK&lWjJhiStpz}uR(FDObcL^2J6RdgIn073}(?t+w;jvXm z&sLASM+~uWCV)6h7}KcxHRdB)zZUtbZ2j50^`rfp(qMdr3t*{E9h{&nCX^w4zb#pU z??h^KqCO$SoIp4I&%Dm>d!R7(sVND^T)>{;NBS1KfDQx^3)Zt*Qt*|hLeg1$( zH5uasj!>ry4y-bVqBPjxJmWOllW?QOXFz>eh+G~E5@JjNef?8^ksF(^E-9~uRjWZo zmHAJ&0%40ir8GPH=>-+z$e4U07PFK$*C&+WW9CH1Z7x(GdO1-fKiP*giNwkDe+yQc zY3bJ?TrQv(wz4PUkYJibpNW*N1-5h(JhljPTnz;3L{xFd^nT(#3J5%<$s~Kpd6%UU zk;S2YbeoD{OcFAF;|a%}E|#3CMp^mF1jmglH5< zWZ?@OFPh6BePnYO_D1SUo6-r|#gH5z) zb7!;E1Q(1etTcegiD4ZLqPFc=XZAhN280ll`*t)8@7Hc`5nUgA8;nD&$lFrlzp!yX z3KdNPJ^(>TXz%(sLx?Q0Jo#U`dB2VIFJ?|AXa}4?i0%`&_rY_z9FND#km&EGC(CH#TkJSLqh2YTCHNF-) z=AF;S&*zf%!G58~63Xty!w$@Wj98iHMp)#1c6V`_XpzsM)=>(JoOIh<6q%iB&Vbei zk?1FR`fw!89fD*y46q>2HNKk69}FR61o4OU*v^a;yoirQBKh5HoNtiemr0tw`^=+5 z#1D_|szKbZkDLs$OSA^olP?Y>*>87SkLXh=HUw&ICCxTcJG^T|56AoNbW6RIiK<;6 ziB@;N^hXJhO}R+CIpZ(!j?szH5{b9{{9=aF2Ng1DLxvGE>1!ZSIfwg8YWuFZf_wdJ zorNsN%aBO4vTs6sJcS%ZneHwPqkrjbN)OQ=Q0OrHKq4WSzG8LGR1nSSUy*nsROmD= z!0X3qtGd8@S0()gn36iU)$>#z9iYtGFdU%&|EN-iflg;~|9^{8G?~J$0$?zYr)J~% zZ~Vi{rAy$Q2HKb$WBj6Upqi=&H4Z$vlQeAtkojW4e?I}y&DsG&AK<-z00ZO1Znfbf zeX74>b-n-{^$@e4v?9)oi{hjby{JvPTVTB%mR;FUVu|T*Y4s1(6?dZul*}GDl5TTs zRbUe5(0ti(W!J8Pm)CTgtS=#+GLXNVqPu4Xbbu0+Jc-$7xzT)Ts=8BZ4Vmk-RGV*Y zrme01`WL@&?9meORVB!>Sga6G`$bz{_Xp76dnKx{P@yK{uAC7jnQ4QOuJrjwtD0^2 zTSwSV59u(qsl!czSSG6VD+UoQ(W>>LLim%OriL_3TDU>A3A&Dck9HxK?%!$|q3P*9 zmSANHquPsS8iO6d&<3y9jxc~odhK$b5vpoi<+f6z@@zb-HJlp3GigoJw%UOYcS2|s z90wy{?a|SLQxKT3b?cYEcPmVWO{GmG85V3}TxQY=T6=kUuj{a+QHD~a)YXMJ{?6WI z)(fg$on)E;HZpb^D11Vt9lC4=w6alo1|0GO9f5JJokY5BmB%)IKI}ODztt$`&?$vy zpOD!l1>H{LLKYOXYE#kF@L-XKD5?RB_@m^4n1#0Y|o zLvJAy1i*BcXL`xN-xiN;CR&N3p2Un%>WooxKEf%;ee$R)zW%Id}5rNe+)pG$W(&?az&PNXyfZ^c+;JH>G*%lk|3V z%8Advp}18CA=yASx21WC5GrS+ZyuBl_bPSxNTCFHK3kUTihl9GPT} zP^8rzq+A*WGTd8EnKUv8xlc8R3Pl@Mig+BTi!Ll8X$X8AG_X`oorsQFsA!z1Rc&aT zAoRKfcL9P`zzK8$WKoS+k_jo`$WWOYnyJaKToVO1Z1Z=yHpv4{m4`af&^dwSPN6@_ z*rV|LZDf+wAK~#8Z>tv%!avxBOW5Rya1A3Nva{;BiB2eLq0>>J2n>et&FiD>=P*MiUUI_?Ti0{QaX_I=~FnOIJwEN7*M5^@G=?Z4cvMn_4WJOZItI&@Z@r0p)}?L$#<`jE-xsVhM%ZM9yhx z9c0n1y%3~U40(gV{5~)8jmSFjU|(MRq-{t~p_)Y@qL&B;TN9cH9Z^?`0+OpPUuqnR z6eU>#!$l%FJ&C>`Qj%EASiA&7hh~(lFtHwy9n=ZYB!ZeHxpum&{yH;3k$t7K%(#R> zXfH`Z2>k~Au*3m{q6tJ<2KSF~X?@2ynQ-#0f5L?P;Zyv_ry^&VuIJ1Jpl&)vNnm6Q zj&42$Ft&Cvg*TSotV%Ng3}rC*}UJx_I-XBvTU&!P_)V? zHI2TY_^-m>E#4svsjGtBrOCsF^Foz{Aqn#o-D%p*>b8q<+FK9h=oj!FJl%yj45#M02CX9SYilbVfA$#gY2 zR!w#yuIlCb%it4o@b~X+4?_m^>1kV%5#?zsV?(C#`3xqHak(r{!Y1Ee+)OqMqF zo5?^?#2H3LRDC6y&9s2+od`JMljKI7FVsE?O$SMH#j4UWf+I?@)BI7;;F0b|BNP;< zkbheC4_zEP59bbI3Mb5p4)+mB;Ek3J3AT0-YPvIFJRn(OD~7d{;LwJ2o z0zs}Hf0wOl>6Npfrj1Vxf!o0dC_B*H{IRk}&WZ$?LDMom1{tJfErnD@X4Vh8g_<2Q z=BlPOx$6QE6;%n9863K&RVq3Gy4*#pLDQy^ZCgE?19d^Tt)$lwZ|@B~*rSj@h0Lcb zuXlpN%kOvM?|c%x(U2lOBM^`5S1uHRN309TJ6i=-~Y#V=L|$u4CDfY)sE=Gb5!5K*2M4x zW2O~+@c`G49Cv?1Q$L#8tLc)9p4`YdTZi1ln0u?qPE)Ze=6lF#|Q>~5@8$-UWLu_>_3~C!R zJ4KPg9d%4mRP|w4P?VhJj!z6QTKScx|INi{OpyEid{w7h_L>1!B;Iv4l_BW6XiCOH z=d;|W{CwG&_p#_}+p3L&_F%tcuW8ZMwoxN;DuX(y12^b0cRGy}YwX#C!A({ESkEK*E4}R^Ikd zEX`~GZ5mBIop643zFxiXpy4EY%NOYYI^0IJ?EcbqM9n;zWq2QZZuo_XRRrke=ZP=M zUJDzASQgXUndJe%z5xAGffjC7Z9I4=B>utK$(^2x7w^aG9Yo5SQ~shS+Qog3fA}@a zK?+eF$XeJt;&U_;q9n~af_0Rvqal%>VHd%^q^q}&fym59?JLWZSV6_i`tmJXmko1j z3e_8B(&usiWw=vF8fiBYdnQq+Ch93x$Ec~gd#0yK=qXm`=->UJO!*_bdxF3M)Nrk? z(Y*^{I9J;G<=h=@-U34SkQ7{BJFdyWnoRf2JY6=e4IKeEscif8RHybi1zVi27-OMu zo5@vf2XC$f+W7~2k6oYQr&wX*Bq96&E8I~L3Y;>x_!O^~8TJ>(*xthmgJP@)T#jqY z`Mww&;3uX5oTEr=1u}1Kc76^|6eoU;_q_ONpJg#qUY~5Ir*Qp*X&i5Vr>DC3X&DYr z3Ojxd&eMy+25^ki3wpKrHC~b|?w5PRpuY#;1Bo;g34@Gb${jj^?$?cb$Nc!9`;D~& z6|^dyo8mwHNP^fgw-G)M+y-sI4yKwl2mr8)cE{0A!hx&chth#RwD+Pt;lhE%{Dl4{ z)y)fWy%)~@U|AaE+lKHPJ001#cczYv7ev7+@kxF@FE+A12y|N%&dJLRM=WaSkr<`L zG3AW93Tb%M<9zEVO&DW;UyyMyVyEaJ{|hu;g>Db&aH&Q@1m47#Y)6qRN_9gYXRZc^ zJ=PkyPb+0L_|O<~`AbmM-W`funs`(}O}uBj^w%lvoI|(2zbjQbV{Pgn&t7Bs)-%xi=`_G+sqlKD0*_A&^=V>t zZ?+Bp_zBUHN0Jq1y8W783#N8;l2^hI*_=)i!-SCLT*(wS*yC;V!7>d6!}b%DIVmMI zOxrHmai{=@FHO_jH8!p5^$>2NV2t)&5Uur3+mtr^EB&^hxt@YG9E~t@;lYb%2T(z; z|EIi|Y;b+8886YVS5w0*Kpu05uuk7=m~U^QKPu9=8-PA&yz&&aGGsX2*K4R~6kj{M zJulzi-~HugQcF?hQfS)b#lLBox9MbicyzdCeh-L|`U+X+nNN3KjorR?jMZSgAAO&! zx-~z>q#BEc`5Wop!jD?gUw`u6?F8Rhk|a56CDU2{BIUy;l)|#8sDdstu?LY?P1y>7 zJY5wN{)~TiQ)Q3;T*EJ)Zq~-op$4YLNP#+erO$eIua%F}wT- z{0{yCy(WbJ^|kW6!h1d?QaTmc1M9AY+UK#MS~?X9WVSl9uGxSOH(Tx3^_u-j_Thdv zi-!+Q4R^rWt#2EsjvdeD0dC@&%Dq1N<@TO!!{ z)6&wWOX8J1>cU}q%k^kjHHFQ(R1^K26ppQM4OW(T>o5YdDniLA$m9k-%~iYmsQ)0? z39d|knS)?M)N|{l@FKm~+iJ`UTj7HMXlTf#?sAL}RLY1A_=dXEtN^D`>3T@`M3<>- zpI13$w&1^Wu-K^3z4Y_I_hXf>pvunQ=+b^WQM$5^_*c34maUdl{nBbG2JsB*hRWs9 zSPtPl@5`qY`xCE8=lJ%qrytS~eEX)eB81w!0^MqC_g{cuCW+m9km)|y)K7{Eb)Xk4 z_F|LoxoXpFl<%;m;Ss{g4+_Sj+&$-~0=ng?^cjc;NfL0;j;EJDXH@MMI@!dyJ%LSt z9hb7Uj+}zUUMuF;yj$s@=16<-|Bnu{<(=Q zA9=W)I`2v8`CGRI)79nKT;=%r~)Nu(K|I)l`+UPHs3%|Yt|mUo!?7Y!cAx37kG~^ z_@UtGb3%J7ijx-O?!ccO%JP?*ru#$y1?xnmWM2Z>ab@x`whJZ&d#z+2q9-5wJ=W+EP#zvN_@#A}S31`G8|A*-Jxk zJ##k4N?ow62hDQNmk1^Ja|6rQx=3`?svg+pHa4eM!=VN6-h~2a%59p8_xI-g$@_#8!KEtj3HB z)j(BV$lV821tQR}3$nnaL_+uVr?No;BBS2#qUVftWsJL_=-wur z_FrNJ0=#SCetp@K^<^qWHbTZ(#6yde3%~TqN;l!jU)6b6=5MA2oWAE}E2u4xN8;no z^L>~5Ot1iAyhJ)#FQ(~A-1e-_%TS^0d3Qmz8kgpPO=>-)9Aon$S= zthI>590jek3Cy{K%rHXBI2TK|#mYFx$+#d*za_}nP@qIR1;aZv8DI2nQS4z^{9;Ms zX+`pGRXp9YgUt&ShtK1)X=XS({POXC_%q%O{x8g(6F^#2z$$0L$ZwXrUAnwhk{%_4 zG5weOLjSmDS?RzH+V5Sn;kcTSLHi26!J8S6N6MwbaNw9#yE~;qhn6coh{2>YY?qQ8TV`df@cxq3KRt%m z@#lZzz2b{w7l5A`n|!G#3W%T(jNbWJ6mG?aA{!3|e5d)j`wOuy zBEdQJ;O~dv$dkIOGx4&xq1*AYK4*Ve)3UGumsghKeUMJvG`5?M<9$`klr)PQxfL%f z%gJSa4LI8A361LX0yl9Q=i^W4#5u3*()7Qi$y=!L*)?Opu>`4n#%8Nj_7^FK!ucVZ z!r2W&`RoK!`7Bogn_jJa@s{4GyhH-q^k)R*XXM8lDw52Bg2teHMkZ0UY;bP^eR%aA z+owktb&M@GMM=lIq=bAp`% z5!hQ^+4>G2YsaV?Q!7A1tvlhyMI#ut!dWmoHs|pO{0Fye`v-Slz~Xc_;6|J@i6fb~ zk+3hj)Cdk`N5>H^w|-RIp+50kyoPrvEiFZ~pD1g{Gni}0vbST^tE}~u9vExL?;B11xHVUna75+dnN=9FLh}aX#5VP9xFj;VS+fdOz*hlJ=Yh4B>^*BkLMa*uMlDD&NEWG6^9}5v>pmX% zE3-3yv=uUgFy6hb!p)&?GxqHF3$-(KYpB6LZHlvBqR3Xql_0;HrSe4>1E@m`2dQ0W zy-AksEHkS1T)wWj1$7J>C#rJHn&Zy8*-`*cxoh-MptNaax$c5> zXeIxjzV0%rtu~7ncyTXMid(TlaZRz}!Ci`$;I74`6nA$h?heJ>o#O89?i9PBbl#b{ zcg@X*XDv=Xa8^jp*-!TV|0o^1<4!?M{*lo-NBsOXq;p*GMbHsXzk23pr*y3A$2-Ug zj*|UEzh86k^U{$RTr~S#iAb|}H|D0T7F8FoT?0Ox2$$QH+@^lx$E;{om$}Ut=NF1C z!S8X0EG6~hp3LX5B-Tov)9(!ae*fiSRS&hLq{AWB`i$3&`M20nsl%Tx)s-5RL-DW6 zld=8wgjUFT8>9*)v(At@_Sso$9}H=$TPV>-H0riWrRYDnQXpv%tBPF^+qR1cgE(zvDj0~#YdjV16@#O6k8W`Q7|YQUBHpxr8x+>U@* z_YU3ymKy%)d;0LJg=VS^-bxG)ntnxsrw}2JDs*C7&l`Q!-xRYp4j=#4B`k@^-cPTc z^~Lgjor{Gv2J35c{8N=!YXubdyK+NHVkL+EvS@WFy~M=WEgTp9B0$I}XSk|n^l?mz z1f~iA(mhV%b-W5_hBxD#gZZq@FV#BI9US_dozi^Ja4BBJ=?25#*Lnd1@lfsT&R#M4 z9Q-w!Z4JWJ>YFdyO3Uo6H2jp~xiaB>wmJlQ%x+`7dcU3GU3&F6FQF48`}D*q$KOXG zcg}a_Q4)NPGN4R4F2D$jaymly`TWIn8$s#ym6-%R*VwO{FCit5ZEu$^#P?l$P^ra< zm|zU$^?UcRnfk8R_bn@JtayW{OUzjn(M&5_Ppis10O}>|XpcacSn8zzy8lbZ#3$E_ z+~xYD$?46$6abIYl#c6ig^9=s$xsv?e~U-`a_z;6edtzB#DYE=WnK&;+ z-l8}@ey8RQ4yD|>kBF5U2)S4M1e7w7DFkIEeji}39SvQKtQq-_Womg{1K`tW}Rmn(PMlj zZ$_JlUr4=We5?*ChZz;z`2?AkQTRd12er*5GgF>E-*(pv>7?WyAA?ZhIEM-R{LdPX zR9Q(olY-9Lku+5w>ijah0;(qZ5hnMhn5i+#mPT3Akl*#%)2TP;m$zaN^ngPYMXNbc zD(!XpjB{fMYAB(f7fw-~u_lUbGqfCKCozJa;Ef0Y76_t~3c!mTj{A3SnzgMMU4GPw zp!dt+di`nfe<`p>t=IvHee%AJ6~4 zy8I09vZTA;Gt|vhy1tn!mqXI?w8i+zIdz{>Othe}HQGko>Sa>KE_*~0(UL>>6`i+B zZ5fiZ3Ir)pPmt_6XQR}<{FEq_4%Qvs)CIWFV`xGEK+jQ6TC-7s3zai?SZTLBu7E3% zOfRgX=z)bc#S;fdM>ziLF2w~>ig#A+KEQ}@4sKi(fETtVq9b?2#NNWoB(Tu{#rg0g;tldu9ExM)L0TC?OhBI}lc`NyUZF-F}5 zC7M+3hT#)R{*%u5%82rV{YEZe6ayVK1n2M{u7Xj`{QD`ej49|s1SDEeyH0!1<-H?D zH6<5q?uZcKy*SLql&+Fl7^cSreu}PQGPuNc%w9)o;}z^UCD(w?|p2YK@a}o9ngFzf}q+>uOkW za{+qJ(ZzG^uUB0)`dZ;x_*rv|lj428)LN0=D0&K3j15v3>Y&ZnwG8_BrFA~Rus0vG zl6|@0U?aZJ;kp<{Y&i2yZF*x50&&y^_jQaeHt()*-EMtqjibNPc4wkZcs|C8BJ!`T z{PZ4#;Hn z^&}aba0th**7#Z%-5JO7%?FBlGmm1JoAK^3O-WyM(AZUoG!sb@Lpw z-p4Kkk}2y&$nM9JUT<1`PtVpA)~;(~VwXqmwDLus@kVhA4%I|E01mcEXWbvrW7xM@ z6VC|UFV1Q0tmn8-W3HTBt{`vl+6Iqqz0%UFL`9K4loT-6WR($!5bY0en3EHJEm1iW zlms0B35WHxfM8_pDOs1MhG>+)RY6t0+KbE&@=5`0uc5hYkooj^n#BrXe{z3rjfV44Hw&r?D}|rFy2+8`1OlzAH7cJ z&}Tz=m=(ns%2|uhIM=B3D5a!}E-?kmvC|60AA=T=lRq|4BlGq)R<-s#--~Vb3G@{3 z?5<$rvnfA_0f7a4`B~pQ8U~>=y44>e^{{A3e32v3n4psk4mB{$I0R`uamw{-XHbk% zb+z45yc<#x!z^gioodA^PL8n@ahr4k)72PjTK~;YZ0QCZE+C2F=I z$M!{Xjn8Ud$mZEmOpz|{gVPfo;Q2(v4=^|kub@x>WqhxH4)ZduoX#ZU3yh{#4Yvg` zfF9K&y+UbDi(EIX#XQ5he&lwiYo+WRRkwS9^%Dwi0#h4bnt5v0+l7D{>FYgUpP)W1 zlg@IuT|$C=l~BDT;x}g?QSOR`M{holyvF+!iKi*0CC*dpMDUEg8USFx&fZx)C2#31 zLeQ<(8zWffT*=#bE1?)ofY(?wGNX;rZ(SjZZj$27}Vr#*H7oTE)jhy+vmwSZ17b)1o%$ zG#E7KFPF0ju^);{XaCgv$(#XyFs8_1+dqWuN74y&DFm5qmqCsb5eZEuKIJ7PBG!^Q z)XYNB5mX=qQYh{bD1my(I+L@%gzwDHDV)Cm;eJOUG;7Jsdror0`mAJ%&|&i`j%UAh zsvDm6@nR+inP}P#7ddk?{jRY0pm_c0qPe5S?w>sl;f!(${;l<%xxWezvC-PF%pcZp(O;j+@8rw8{ESjD_=%cwbb>z`BgSTthP8K>7nYw4vf4dLv_>Y(nn zPfHn;H6Gf8sqNI8&=OG+%iT^}O#^n;x4@4E%jVsurn)+ghwG&0X-KWdv&jK)hPK)5 z_OcKxp}E+%@_820V-Ml3>!|d~XT*K!xJ=vc1q#D~-XaFk zDYkHwgbrA6BQ~uc;W@=ae{F)e)R`^;O(Lp#?7Dn3yG+8?YPrdo{|fti+MO#JZnr71 zq+6m?N5*@c)mgu1&b#NJu+;YiI8eRB5)Ssd_8Bbe=9}riAQ!E|FeKL!s))c;vt|r` zy{^CM!?HlqE$up)01rdr`<_3nyT~}LDgr`AX%MR1GSxSST<)@qKZ6jP=&w+T>@Kfv zWMoi>9}nC#9hLRLCRhZ&2=~eP{)75-qt-T$$bD7n*C#mYqPx3MVt1^m) zc~UfWvrm@=ElGPE7rc|wyIhx07)GjpY7aDKO2x&S^pq=!|-_Q zu63zOBy1OrsSZeMcE1}xE?tUK&qJk0RM=idpG_r{kO@8b_D%;?N+~(vQ%dT@uM5JV z`=LiEn|&c;kEAn6chtU)Li?ta*mGTZ+dA{f&|-D!gn7I&^}}nS0K_;b6^4Kc|9l>L zSRyZ5hT1P{|r5wboe zEm28R(HLB8y4Q@f*DjLhNg;oz~88fz362Dq7W@o#*9#!F{|Ji~F>mwy>XPud?5Q4_c zyLU&m%T|~GYwH%J_s@n0XsE4uSPhAGWi#-kfWTvmt_vRHj3(5}sAm%+_Yt`r9xshg zDFkcWPegKN4cub7x<>i7&(O^V9}_{muNxh?%S|z|ixIIugS;)4Mm_tB$$rkQBj>T5 z{84~2AcH8#U{R!)=)?M_QIb*65ZS_9HLO7;boaxlStkut$WF8)#h;|2SmW61lu>>L zbe%*GAhd*Jl+j64ZX0=y6C4fY2U+P_IH6PXwNwvarNsTqQ#)j`b7Z+2V|;8211bi5 zHt#Jws(@%ngm@7Q<+2%V3_-A&VK_5`b%(?fz)wrm=oN%`=$uUIf1gn?Ocl+4w}IWQ+K+!H^tRSzHwZ~$Lbbf%%fNqpM#RB;S~o08+oRc z>-rtlYUzi|Zcd9DkMB2(e3jdLLOY#VH^jvrZY1kbaRTH^hURM$iEk-8;#La{RMGnui(pQEJkq5Bzg%$#-LTV>prtA}HV>aziQr~@J8}*;^ z*K+y;K47nZ{tI_Ni%0VXV1OgF0T^Xbna`dF#B&@@P9UdksV51F;dWzaKQ|6HWqH^V zZVi=)x$ZWV)2QQfuhRaTn#+8Vug7jhEUoWjQhT$9ll29_5oUxUCTBX%^8HTDZrm^< zf~_*bpS;U3v(TccWJ#?rr)0xE$Tcr!ZcB4uETq+$`8O1LMrG)QVBP+Wk&KU)UkEcx zA^pJCZsx=}YB%N|v16Q4>KXBfd_JVW>yp(aUkDb+6md_)ugwQ#J?B@_sF=M-SwiQh z>U`ON%elTl0vJ2!0$4xl40Vg@&4Nf=CS>_I4SToTYnn@6l((at`h7i4WKFz2z3>bi zzI|ht(ptkr9v-3WX*$V~DC0_`nIs)mz(?-TrQt-;_j|2$REDZhzQs8uMuAkihq70a z{R~Y&Mxq1_PHnbg-9?*Vh1q>aFYndjRGgga_wiJ;%NvyCu03v6IgdL>y{2xb7e4GO zxN7VVgztV)Y@+vn-?zmqj+ZT3!|k+%@Ge5Iv&mk^?>;Q+-z9hT4tH?hYjG#qIWa*r zSsN*;U5{BJ*L-C6JfhX=Wi)gugL(BX-YIGTuANa&d!2CN`I`J9vc>gST zfD^xX4{*jA3V9R@0?sDc1v={Hnz0GR1v9eM98bT>1?=h((hAOyix>6IrN--SeL1l> zQ_xj?d-G_jw>7g9sv>#l(vz7lfJqlH6(9>?SWR26Uwe!U#N(}$zvs?p?ej9};thT0 zIOB|4f5-hg9G`oYE6U~=a+Oy|U4+mKQwKBbG%hN4rT4>uj_+S|hj^gzT-FQSp&%~_ zKE)-7-o>_4ZCfaW;{cE)#kI0wCXGyeNe0dE-{f`)w*)mGhjM%6uBRjBDE4XI%kgX{ zOs7yO04amcUjl}ujB4t{Sb_DFI)iCV;U(oaa7taQ(Ua#oRZ&J)SS3AehSUfd^(~vX zk^b@3R+dkj~?J8ifQRa1r;e3Xqf#!=o zr6HR0)>LiVdyW7r=I~fvJf5-(zG!2}LkD~f#Sf)Q^Yi|ob5v0QPo|S z^Yl7xjIJ@G|Ev`aKO3bCiZClotv8WPEl_sG_CiUfK=5E5e1AwrPcJ?oi*7QFlzqFv zk{+MyN&FhjPVRnmthvtZ^Vl(vwR0)m_2(s99R+_)fzRAHhocg7w-I;u3OLYQSEmi@ z82foBom8{tRf4gi;pZx@R~w}rr*|wfQ%k#t9_Fofrb#ZGJdiw_Cw;QX;x@S`6l}>R zrCG%t^l*ub>~qfT+1xulA-x2b#?B~~Li@Fh$TGfHJ*D1T5 zYy5@@5F@BO`wvYq-i<%GL-cSX{a*4oL46%?^f7kqL`x~!$@98dNfhgF^3mCjFKtu3kA|_=l$#mSTTG!>q?fSK2f+q zlff5)UnJ&=Lr$aRiz!Ky#Fb6h&9-6Ox57j@d~zGwKiH|y!bwqwK~!gq#-W%_q7i;? zP+boq{GuaLn8%1~8YP&5BUdWucqioZ2$39qBG!PD81%6}ziQ zB$wKUm-y6V4o;Bl%YP^yiykv(h6q!u6tzcmtWmteK*0SVIH5eSm8I_$QdZ-rS}rH+ zqyXo~YwS1K)R(p7A1Ps=X&F8g=rF5$dt^zS6Sh{q7A7l6JUT+5`}<0x-+bPA5{K!K z*K6Ij7zVcA!#KE%k#Sg(k~Yy?n!V+5v1jA7)5R_13gz_6ON8-fqXS4e1ieN#GX9g& z*9tZwxQ}aK+qAPT=TDG-c(_h{oBcrY=))jy5<>g@3#N?yb{Tq>Mmj_C@rhd$==0Si}LJ;n!)!ir@gE*1LWM{fFGlZx1HmhJZ!66k1+axaB)da5O9Ve!bU z(jeK&A|(Q$Tm$d8#%>AedNC0~kHJ;2^sx$czNnRBPi+GkIpu}!C0Aexh-_FDG@ z84tE~3OJp~ez^)u_8|}dkYuA{TfI*@eiupB@I4~uoQ|ri1yLNg6W5zIVjZbiwVyvD zvhDw}6B38t{Db2fkRQ$JVkDP6wWnYsVeVr4V|}NKd~F6|%A$nu?j5K4n+z$eX99o? zULT8ItP-ZzE}fach^0>|a1aLDo3VsrnL!lRjRC+3af0EO+&OIzmkkUoAJ*MU=h0lcc4BbyllJtqd zP7C8gw1&T~i2ow&m@DegoS{4Myy^#8;}O{F65XxH0N3MIpoH93!`Q`sn^ZHlIVwm5wRB`DfW+rq`^azi>C_QE9|N+b zLh^)jc|8Marp;@cYph(7HYRlQZ<$t^7AmZIQoz`m>EG-x^7s4)Gikp%!`WW5P5QU{ zOZ;mCB2RPFPqzw{$X7Hs$zw18FsIMfM|?PldwE;xd*6<~g`H5Djy!>^F=) z9b4HWrsS;buCuc!PVHb6CA$!Fv}-@nT0v{9~_45AY z*vgtzGgE^yn=WakvH~S+(8OQCAP+Y(*K21E=o+}aGjvS5+onz(3(K&TDDs!Z>bJ1d z9Gb_ZA)7f%$Y|RCMngL>UhtzE^zV%Wr5yl&NYy)Zgg~qa>L4 zs`3Hgn>sw?v6g=4gqqi5N_ziVKjIQF$KCn;Z&aEIbS#5-gxq`HIGbQ?)w$;{88G?x z4HPfa4{7=Y9Y8HEJ7u~{u?6%N8#Mp(A-z1X(V*G%&P}>@ayu#{z`S)#WzQJy z`y`9a)EfZoltLbR`MhZit&2ztPm)pM%i&m4|4sXA6xb!kz}7-ln+z;g^1V&5I%oo! zCn?K zv3RO44qFgKI>s;1m+Xlo=#)%ddj9N7IW|K>`=0PqfJwf(*FOnM`&^X(X$DzE<*~CS zJy}a-;*$L+t4o$`3%IMy?4>fDNLSMm`Lh*O()b{5G~BiGR8xcV0xk|1jtFtOvU@U7eMXI_`(1Cdv`{V1>~@G+J*yTyz1eM`sWrY>@k&00^$3bC@=|}1 z_;gkezPKcYTtZhYyr@JTm@#X?eMd#05p@jf{= zl|yy%&?$}(P9uK;c#?w+r+WZ{9NB(TudIrlqU>lwcZ$dRhh$&zgK=iiRlazhFAac7 zFk5+O=i)9FA|ndPu(96}mx=<n8Rf}Jvai=T! z=W28^YfVwg)EU`LBWTNhg15ZMlH`Cn_?l$yhEvA2SLo!g3JWd2^4Z(%r~%HZ4`Stt zh#z^cN(^eO@!{_da?z>{EjMTO>21^xV0W^GBLo?Q`A0T7u_OZ^#c+G)v9t7gc*!;8 zuo7We;z%M5eIrFKPSycr@`AxUxMKkM*{nc>y;K8BlUyZkW0L)xwf1i36(17-ijk~~ ztPnNrEg;8L%(rO4>0h)WN2M4B4?Dfmo=-F7| zQ@U^6Vc?&di8dRJTKst}geK5ly}tG9<>ii{V~m_Q==qRi*HM-TJZf!F^4o=wK8z>2 zfzjPrm^RwwpYx`&vl@M)L|gm)!gn?lVsSZlUFv;E^;jz&jL<&35)URU*Y~;lkg`RA z0ty@@#-2P$JjdK)qDKf=RwuciRC z%VRHDk+mRvmypw_gSx8d-Hs-GiPSw(S30_)_zsXSyrOLPYG!-u{Ar^&1gif*JugTO z3O`@|w4_q1Ng9x^FdSfkr#2NGS-FtDR4*d>q3`SGyX03!e%AG^1Gt8{HO6~iHw5>- zRE2+5#ZhL>4MnuB{*;4eDEI@#x|)W@zvA7{*4?W$vpC=<_96D~vZ~YO)d#XA8%Pxa zkA#D@!gC}@a2AGbaCikVdL6}i*ww$!F0pNJrVe)kc+ltad=r2W$5=65-B?J#tTJEe zU zZSy?ip>`5X0{g1QmfwgS4zra~4#acv+>SR#g4hBr*eMNG);l9-Ec3(D zpq=}}aQv$xl+CD$t2PCfm9VRxtOtZ6XJvblB@1SKWD}@+2WJiQqrgC3gVaxT?k1yD zAL`u?F-9h7cY6*>TXHoSBp$c58Lw8L_2a43%IWeF!jq)r%nc+@Q&Ur$A8rnJzxEw( zkPV-^R%z6?IHhPk{@O+@>~l@n*4jc1y47Lo+aBoZFp1oBI3tb$;ulcfg0$kWuX!U< znPs3QTl9wyM}y7tnG9ZQHhOyQgj2nzn7*wrzXb?*4lA-Y32j_uij(MZ8%nvR16f zcU5K9Q<+cUM*Khm_|4+ol&P+ma<~zvMe{6 ze?FUxM|s#!Ki!rKuZ^eB>VBTC+kSM@>UMd)UXNeve7=-dcVA|^J)E^)>v%ofo?q*9 zz2B)WjvKedG*5BZbh)#)R~IL|31O&8a9#zfJU%EZFK*bEveH^yWdx!MeAR;O4`}e+ zwPBbW-_}-|VaQdN^RmtN;*#LXd%`sxGIvx3^YXxFb~eL4CeWhC_E2j*(eg&_q-s>V zQhq`VL00Ohvg+zG>sbkO}67&H7*^Ik42QzwY1yrIuEX^gs)Z4 zEl%cE+v>dY(&}`1x>=v4Y-@R)Osj1aJ$46pQMLlV4fjJRNR}*>>sp z?d$4Z23qK-+H#!Ve`2d`reS#dHp=x~M{%=l*$sQh+y>SvDOV;jYDmy6W6II~+Jsce zjD*@YXUkPyb-0rGUB0W@AhFO0I{80??FxDjZ*2@%yi=Sc} zB?mi!N!|WIS9gBaz4i4vu6fl|U5>hBzr2dt@oNw4y+-zBv`74vr+hcE-5;mf+a1--HOKw9Z_&={xOU)?UD%hwA>G(0s~m(2N4wMB z_6l&=*WvTv4`;e^?IFClB@Z)2V9U*ov9J>fyedg{HN0y z+v=qtK__~^uGVJe{T|q@Emv2m@6zvs$B`BYXJs3)`NlPDGIruGcX)yxTXYl56mgk7 zszULFx3^v9AiDqL{3b^ELa5}lPt3s4tB(XeTmH^B*K z?0J%6%E_>Msy{v+z;QZGJ)ji3$|O@T^{Wi3jcyIOb6L7N1w`H8N`StvWu7@Ps9FNB zY%qkZ2r${I5G^4tA!auOZ+tt~hPjNJd1xpkrEOhv^8C48>lZ*`ND~8RZ}{vLih0A? z)aK%tCJI*%0Jj#<=*bvk$#uKjVMqgMp;v9|%ig75>DSnz=}W8~EyHi!TDEKJLtZ4e z1$iXA5#uYQ+5>}jbPtQ93B?}6Ws%h*Mk}-Z*eP(6KO0va3SR!MuZn5s6Y%CzBg35@ zpjl{?vmg9w5Hoo$o&vCRnInGWI}8^#Y_hYRNmna)JX7@+B*~Ms60r(La!>@>{TnCD zEYZwKA48Z+>CSz-jqZ zT0F)T+g;2gJs!j$PKTA+xVBKITU8jupvI;rQNXG*B^@M|+ESXE%Cg^jjmSg?VBPJm zM!}Xt+yeG~`aM{r+BTzQLPEqYQPT`q!;cNH!q&6!WllMm1OwxiG?&do@IIYd@4JeY z%w`v`8qnN=rS_`J!PbLG!M-kC%lV02`QaH6yx%m8J&H**fo7i+&|iV$32> zaYPn5sa`E%k>qz2wN~IOi&bXvUA$FYood1M#D;l?;~pV3E&9hfg3$;4ig5_q)F`@! z#O1-6lkvAlbg!477V~&Vs-b-N1^>@vF-ZPB{SpFUI5Y{hlY~Jm!4sjdDF0{3Ofo1# z9}!(|{KrHBTn;(UH#68o5V7&7pq{XVPlX!PXoy4X3sK=H_Q{^q1`opx*V@BRMD1Ta zOF%{nUy`YPud7dMPl!79+)^7V5qCV%=qPsS1%Tv_eL-EiLv}JVXcp~w^1U3j$FORf z=)hz2Er7^3I3)~HGj_`uHM04P;UR5HCb;1~Wd0Z(MTK(X8}ZLMz@(4x-6$0dDl?oR z^~R@SXTK$Rr;LZ5cgQe91jVUNegeA`xdS6#Xu3>;O&FV8=z||MAE;o}B1Qyi3}dxc z2LeM=UsFJi!$jA{8Q=voBK4S9oftY@`0KG6K>Q*(M0JU)g^GUT^9JaCM15^}*=7c3 z^X6s)esRe(Xdv!EMZfflP~@za<5Z=U9!qms6BmY+Y*>j%hYkY*PyXCMH#7I2XwA`p zG)v>GC#u~Yf#%l>$YMR-gZDTf3>uBJPAg3{!b=GwdG3rs6`v6t%2Y|SQxhfzW|M5{ ztu{;Ui>KG>s0hTRRIumA)MT8Zub^ksjO?H0(e)f>J|<4NAP~85a3)a&m{K;cyF79o zWyR#sY#i0i;Cdjz?G_s(zaY_^9R0*gE0aP0ETnO*Q_3Q6s#r^a^RAUQT+FsIDu7Is zJVR|6pTM)|IHZ*{=>;+v!Gl5&tZ`eKBJNFQ93TiqkPMF4^nJyG3bDl7_)zk60@E0^ zbZwES|8otil-Xe*k^3s70iB=&8iK@YW$IzjBy!zrotqw4YXr(5;MuxWO~xQRvxt*{ z@ZeaoU0${2r)l%WtQUs~Ux-9AtfH9hZuW9Dr5-TCwn(?jjq9(!-+}JV5Xv(nOZ&>l zn<2?~3^H<(TeBRc7U57G;yw-otb9&VhNRa40Nt?B1H?YU^VQ=!Z0KV1BZ${BI{;O; z=e?N-99wly{bgi7UIH>UwXRkI$U{#_Vr}YW}O<;`O-Czhkj_;xdI}K7Q{^mJBs-+GT`NoHTtfuv*zg>*|+_-*I zn>ym;59?&@ewi@hCAl-{IiL_<^g5S%dhnMHxgAoq@r$P79La)ZPawA%AZD)22x#Dq z>-a)D6zu_G`(*S~#tsyVejG|P4y~&~k;2Asi?wvmF2AoQbJwa3I#jZ3%BLUqQm8f&Ht2o z`4N0my9LgTWrgb*r656j&p{G*Sl5qNmm!=CIvna93~aPQ`MNQV@x-3Moh9vhJ8gJc zo$1>U=_%0>*b-fv*=^wo+X zm-}+8Pxpb#tM$>%{(u|ukyHhMUitNWnf>{`=~A7w^6e#?Uz3D~tA zlBr_p&7029yvu=2|6}l-t{1u5MVpRLc8!TS5qCd&)%qC23)4xZSD=t0jrf?g=fatd zA007|RBWq8*|b8_LXFUbn>a5^V9@Li#PV_Eeo~Gn6P*n! zghhgXICadh1sG8C2{o1=)6N8UK)VX19M7Obx9z?Aqyf2iLIRH7@>-8H8wP!+Jyk|~#PvAW*7LGij43Sv)W-d>+xGt03-SnXQ zaRazGO3;h9iuxXcIFwUcPk`UeNQ7ckO~f#H*eQ}3uZ%wkEjob~8#JVFame)}mYLPg zuRHo#W6_?Jl$6mbvMpsAqcZf?C5>czRaQrUCQEDlS}D1htX{>XZp9NL2ySbQ4pA4* za?85lVGv=Gx%w(EAA2H`dtBLye!ChMAY>v|6Jfj`nA1h5uHkc#o|TG8G0uhRg_$G5 zc;7Om4l>#54+;T~LAXq3Z21{jA~-}5f1+CpwGZ%yf$_RwNbvwQazjRz!Z7uBMjC?= zx$J?dnS#{LMxpC0GOutW^Qt^o$Z zsF5T!lGz_|4#l$}v>+J|bkW)VFogImRq1}DjUfq+g6=b%ioj!N|^^PILF zlddYK;|_C<=bmmWI_7O>;>=EnPc>2R^>yj-bL~G*)XnQVF)AfdSP4ctz8QfShy?6i z5MGJTs!8sK*v;!=3dwAIb;lVwGi7_-E?}@X;j%j6aV^tWCxVsHh<=CDLoP9ZKRl~; zy=rZ#_AB*RkLg*_>H2S7Lq->t!}cP_)8vvBp^3g~9dSb`k;oT@NG1U(D@(x}CYh}{9#|J$j-h6G zuW@g%9M&Gm2sq0&rSEZI*9BDv5z8aW;&&>-RLudSH(qC2PD?1+b zlEz{tea=~^s=Jxt5aNaixNsagQkwln(^O*x^D7N2(;is~p+YN<48n&)J+*2SRj7V! z+fm&$XSZ%Ct5wO^Dy1a;RQkyWxe&kWD7{o%mCLL9%@64N20)neB&*aar3?`CD(10c z`+M(MA$NIj8$R}N4LU1kXJJKRbjuhAJq7(!X1|+}gIkF5ORV!0!;CThVN9Y(J(z8_ zPTpQ2{U8$7Fl3Iad`1{i7gC+|b4)!b>mJ4igI7+0-;!g5iGa)JWE%9jYW+~5r$9f1 zf1Vvm46{bA>nGibKmW+R_+;|@;+olAL|PcgU9}s=>>O=-w+7wR1i@I%INc(c2@RHc zBk(yVRWrIL&G$j`kNk9FGrFJ7WJ3QKJ&_ghVR)7Oz+!rZn-i**lWg&OUyzXQZ(3_3 zVAPzi$+dEPNjH2r^Zdy-pNOvUHkzDXBzXt(K;^_m7!DmLu6ohaF2QI??4cpRX?jx0 z@&aYjyAcZ1b^@-sps&tTFiw=(O9qguDj>O*;zSU?P&Df|NKt@weB{6{N-+NQ9G<7b)_BUjrOm_1@?^0f$|O znb|VKshH+d%C=SIQBMCmV+O0ZEXn!URr(uF{auk}QEy8A)fc)UxkXE}63`mR`~5Su z7;DIuZp{^$ZpicK_Y~*N(pUD%xM3=Y7i2Jp3U^+90v%qz1X7LYgS#-h-bQG_4eku4_Mmbh~!RFjjcjS@Z z_P}En!qk9sjNmrLdMsIx8|crEssfk7*4mz9(lv_=G&zLI!B&Y2Fxw3W8u&qavn3jU z7w_+AU&|^2%}(c>KIyFg^x^Nz2h1B`HF9lau0e5GrF{bs8SnCXiAUcN)?tT3K79ox zlgj64FWUs>d*Q(9<_)mM&e*zI1=H$oDlDESoKb|$hFL5pYF?95m@gF}ATA~T_tOn7 z#QQU?DKCbj2#Blg(TaRH1>AgsE$O9xqSotyr0hM#`xk;)R3a@@p>Fo3u0Z@8iv7(R zS*^|A6nk@Mk7VD=NDok{RvqY6#P^Cx_~v3~>yc4qEdkpkp4cY^oL?-uVo83}bs2fu zZFy>XvnBIRmBsT>lw60}56<7VBY83o=+?`@ET1lPYUYWENQKi&& zdkw{W{((tnpq=9od7b>Q-ng}z#@uGo9E@5*2?zgS7`CX}6z=qubvn4mZ<+?U6QXnf z*()KSqwXhC2R+*V-(Nh~1*cJVV&UoF?&omn8DW(ys^1~jp`y;Z-nMP6rTeiYJhuQ~ zkb@#T%(y28BYaS*!`uS6e~mN*vC#~Qn^O;ZYkGX90O$}o3&Nt~Pb!>_7n@QXZDqo9 zF>1draV2UKw9a7KQrFo99z1$yr2He%`>iG`fFw_jbeXwjG^9NL2(=4*{r2^p5(@k+ zOg8%>0<&KheK|4bCya^}#?txz#IN%ba%Q!xQtSLDvP6e&BPFDRRA6ELX!ErKJW)so zu7F&;;R<$zSVB;C8LmII;Oq*w9unR@8)H}7bP@t1kzU;?0+(tX`x~A#+!!jrnwE~^ z)7k`izvVj(!K})Yg6@UoPqYY`Ll&?U9K|N_nMuDL@hJAUpapCxyCQE$zII2sa&5&D z*?8oYQh%gQm_H>w(Q$kyt^Of5TNL)0(#b1g1fX3*{(K1Tv-N-p z$EIX@QLK@35oyWG@uca5E^KJqKA#e)yD1u`j})%TKlP=A#;wz|!9$x0@IRqK8){D! zLdlYx;M{$6%9@wun!r!d)R1Fjivo50843x#VXQ)SoG6F3a+8`TLu9Xu1j0w<4#XJ& zxzC;qtYYj6aJZ+!W}B0XkMgHQpDQ5Tw^m1Bc*k5fH&>r4I5_zhljDl}j63l`ZvpcX zjlA`@_;f=qLKF(1&v)v=l?*A#9vWUTkA9f7)?y7TM5N;NfASXuINvLu3Gz!`>ca_h z;qx(}j`W+J*+6+VQ{HU;8%670Wm~F#f!!YIL&Uev_dw`oP zV%Ret<=?31u2({^^&lJ*lo3ubZ~k3H+`XrS=a!5J-3hah&4dJty|fceAr83_@X?0i zm!yU#2}I1W zWSN1cnyK>vh0KU04_J_6FqUHd$9$790Oj4lZ#5IKevCKZ=_LE zSro$v6%{v0QGj6(+T{Q-*ThRk1A9ilan8M9Q;#U2M_;Swu*+Plk(Z9yxem9q6B3c! z8;X4zaWZUYr)oDgr5&52t0> z|HL;iYxizDFa9gCU)eKkmtV$T0lbkgmFCal#TIi__5}68Y*xjo2R+kSv5k+$d#Q#^Mc8DhsLbLb9{uNRmSWbcH z1rWJO-9A}b4`$#n6>g;1l57Dvbl(|XGFU3!9JbBycefsG>UOYT`T`O7syuGrXZ%F| zSXsE2d#q*{wxh+Se(8dR)!t6r0Mi*dfF>4qUJFHB8@fC{uX5}G&u0P3RVcsQ|F6&@_+zb+Nok8@KZU(o!t#2>f{+G-qge_|kx zWt)f4h&T-OpO@Z5YxSN}qbBCLlpz!%G(-NQ&Wh3m?Si?X$Yb17{uk6l+?Krre9A|D1 zFM{)sGY zsVEEeWKjIb!T%e%1-T^}%Ut_jbroUAquH185n^y$o*QUc3~F~8fAIBk;Ci4z$3$61 z9rNYFSAoC=)hn`b{wGYOfA_7{Cgj`wf;1J4KDvW7E#5JQ%;K?O6f};i>RoGniX)s5 zrr8p?*l?z=8I=`W>Ne@+#=0_?v{DTzLfNL?SH_tS&n!`YSxb6Qo$M{29P#XP*%eJy zRkZtAPVrDA?^e2~Aup8Fk*Oq>cMVNJ#yPiEhduL_63w9EO}Jpv7ylD0 zc_DqfNz)0NgD{KBtfR;#^%$>{pIvW1#{jx zsC9D)NLeZBQ?gtny9K$rraYwsyZUc*fWkeMD&0X2+IpuUK#9^55j@r)!GJh?Idwi> zt5WqED#!#>C*+AP#>*q}w2n=L{6G?cPyiB2wtqc5q<|9Z{Ar|sp8%PrG*aL{jGrKJ zRWMp0K!VIr8Y^ymb}Sd|BSC^;bzl|c8i@567EE(eBRfGp6Iv6>{@)hNP)4J2u!yne zyNVV0omds`@;BG*d7i+`*JNqqLRms}2o`Pg$+{)?MrzbF5Du)9dn!Md*ecR{ITcCI zf{p%f5W$B-Oy(5G^mbiC$(WQ~!rL5d#9!S}?cg`ENNK$1WKZyN~~^j01Z7xb3f5pNsiOuN>TwS$}QxO)@#TH$Fp zr4+qHCwv4vjMycd2KvyssAFo_8p>t=1rY&l4?IZ@W+RDXj#j_&Se`CN|~7&mN>Pe|wz>bC`-jZ5ANmToH`T z)P!Z>e}g)Gb%b1}U!weYg$F{xg71kIQI=EN{0`Lxt2#*z2XB0m=K7@{I<>wHc4rae z#_}zu(Yu2^$`uycpm9$=T+plq`I*DZKs7k)Ax8svjh=NkUTstcUw8^C7c}Gh{tdjt zlWg>|LTHB#^-s^~A$Nb_>jYcVnpp^b1(AOZVBen7T+enz5My*w5w4rkhBIsX-RyB<*%r&12hD)2n8B(K_ALjWHkEIeN z!IZ3If{iLuC+}~`fO#oUrX6Fh*yO|*UYndLsGZrn^SDmzsk?KuiOyONZ>uL+RL5H? zFRu;cre6moII#-R_hdw~3|ma~PP0x?4}l#&YtJWEIWzz_im#Odls)I|5%_77fF!J= zy4qG(U-CUkctV9+fKZ4O$60zofjZ0TUO|4JXE3E^I zrrAql7J5;#gtt!tv;!JOpo{{QbDrOKrGy=bVD2_0n6l!KVBq{HjcM z)qET$TY9PpN_{dq@hX<4Ra%UftzSJ@H%5>}St(PDx-jRKlcR>v>)r6xS7GYmTRiHb zj*p;4;&|wJtt#p%>d@3!E#34HP~k9OFis#(ms&L%BT@XdRWO<;U1arF<#Bdwr+=$M zOA*&NQcezjad$6d2&D)>6^JL2Au<I;6I7jvaNsRTZ}k4jojKFra)Kc&-PRMyG4fTcDfs6N1>UjVFit%o*io-A^+5n5c!t26z%@#=mt1yK72 z7}Gmo1~QGg;$)Q_Bcsp_@yj*W%!j$%7dI16pb6(2=#QaXBbEuguBB%dWhvyUqc+urTcK2{qdE|Os+gm%32$%` zp}UNf4$RYlg|m{)*N9{#ZyUG*@MXs<*yD?d-88;8inAUXA_Za30=Qd7ITo9VW+Z}K zsFnjbiO3pvlQH*^b;EJk~*j5eXjV?*rXHnNE#%JvA%@Z0+ zm&}-+A$8kcbmGVlTtnWdXbt_p+W72;&i9SmexI3*DY)1c@+9<;<+VB~8JUjz5pZIz zu8vIo3KsaqQdcj{&G)OR7%#gy(>hqtcpY}GuGs-uwgUAY)%QkXjVds}w%E)Bs8MA3 zPJW{8bKb@0g^?4QQkuIKTR-#EVj0~`q|jk$#b7{;rXn{xrAk@dg(UANxFmPtbg?)) zsvBd@TG~{bmRsJ;p(ZXUx}xLXTtQGp2SQAvqirL=)IoOTeibKv0KEPE+U?{jDRi}+ z<-LT=1_4+V3gI@7Q=#k0?qs4fzLSnrMc@2jXO$Jy!{WhRh-c2?Rs*Yl$2DzxeY%0%NrdX!xH`5KdtQ;jXLi{2O8=fhxl`F3kb z;nip&gBHn^*am=Uf|K`VBK;?e9 zuJHH6y6$76Z1w7GeE}{Bxb1aw$mC5V%|*A1#)Q%zwu3l!0zMclSL!W7toq(?b6Fjx z(CTzPH*G6|y`Oh;x9q5tCEQwYb(Z=4C?>xzJ4W|L67>t-;&~7mxAD<~`+E3X*4=t^ zFnKUod8P&HIvZa1t&Bob7*OF|9kcFzV!z$`%Z3TQ{bs|+s{c_UC9SyasMc-!fRrj+ zhU0oDDQ_P3aUWA*6>+&dr>G$T9@w>nR<(fxAAi`bw7gn=?z!|%d|modg*^X!{8OAg z=sJVFlJkWDEQo9|FK!dut^Gg>>{|8qFYATvxmC%M#=6_2Y3YNCE8E%)M*6GS##rPQ zW0;lU=KCBFQKRt?~a*=X__nj!-O6K(-&e(F(l&XP^tYxg9g1HUy zkqqfL$5H}~J;U|8|HWg$fH{V``G0a)QlWi>^I@n?9h@L7#+6}w-X!URZdK@LhrB_E z+JJ0&pyPsjmAX!F2v2=Of*CCxYR#nG?M{X+8pVHn}lOy&}$Ivk9OT0%E0Xaweg=?7 z6by9-%{^n-cB?r&4l0%qy_+IeJk0sDY~KDg(D%b zNZUNWfr$a<91I0txaM>rAN%NYI|4pRO6ZHx(Gq^yMq<)7ZRqBW(;#%jFaRwp5}VdtotB?XZY5)tfB+zey=UNwN?&?O+%o){r@D_i5M<;=f z13mDA%LFEja0^RS=eWR{j?cv{FsFEDj7Q$|%Co?R#H-Daf?Y{HfKjY8U-2lE9*~>4 z58?dM^Om$3M4+q{D{-EPdy`=6nYpdXtJ&B=!z2eYU=swi8VcqS8K(L1i!fQwRKeRG z6}^3@1?~X+kEKs;O!}9$qwoH50AsA-cWTFvmSOD;rTCXgu1I`9rs19#`<)DD>4<(9 ziidpyzWh$lTs9{#wR9{ys*)riwWDb=5errt{tv5}yCW?ugBZ^Oy0ltqM&tzO1BO|U z?x!092=|eed5WK~JS8<6H7s>m(7eHl` z#}osjl|62IX;~~PUK64smHZsUKY(1)(1oI!-;GD9)cBy$jqnYAuuQMD60JA{tAWrP zjM~*=%4Hkw+Q9_2XNSkwP`Q2BC7JAQW0#y7%&?d6#G&*TsP^Iy!mY1nrB=>**lC`a z7*VPFMZ)V=JyC{BAviIki1~m$cq}e*+Kpd!gHbsE=Oy+Xu2`HY!clK;vRlHV7q8`s zJE0n_u-OJ@LFd6qDOq!P<={>gra1x`-OH_-Zl4t*_Jg-fjNGHF{xJY^t%K1FxS@LvZdD25d?&vd2v&|C(g z)G9RB`Tv=cLZ{P<1`|MbsTtllVdDYWCgeUz8VgP-*FWDnLf4afCQHl~L9-XnHV!?3 zt^?JmA7lI@`MC#tLA0uEh0k7-#=8l(#$V`P8C*}O7Z`TiGod|6TWT@ys}Yo1so0t z6^(wSmqxzjkncYBc-Vf-FH%Z!YbeIPCf2!kt4h1m9q<4uso>`0e|$QUB9kU2jSRBx zsG20cn%lk&hwH|EFl z(7MiG1ChY3kS1)EHc0A|ClRh|Mp^caX3#Z(7&N|a)>XH?pB~CdA8@-rUZ<75Zq(O` zHNS5Be*7fHqm@ItIo_@Qq>XV#81BwW65)b&(u;>%L^uTgQN_21xvGA=`iiQB9Vc08 zJDkJ@pYt($^6{j=qZG@^x6_o|{NM$}I|dbUe3~kH-48TXd=~sy$$e56!kj_$du)XUD-ZTgd0C*k*OHv z6qBfC<$nB@Rc@@9S%@yRQTM`gm@fI1HtSJ$W}Jjv9Z}(x0Ip%Yj5<18?NDc|!mj&N zyL%pm^ea}?rC^M00tb_a-!w>OPF)|H0}4lEBvN_Hg3$6S`2FCNE&EJ>4f_1F8gX|tzOpWOk@!3^f$8;YnF!^V;CnZ^ehLN{%uqQ z6Y%anWb4Pk#dr0?Ug)jC3~T)223evU&InpaiE8qMIp4wj!H*=e%;+^2ETq!v_bhW! zpE)d6*PMA$?+-d;*&El;OY~B2joenQHb{#gT|H0c1*;h-zPz%0lN^$tph_#5FE<5n zebyfrXQhjI>-cKojeXm0gA`>dsHL)gMyRW-qz zYJ&ZXQ{|xw3YUzC!2Mj@4H4A~cgjAr^?_r9t>P~0M1LFo!GMxz` ziHKI&W2GVZoE-N&n}TqFDCIJmx!qRkNoy4Se*&vjG!IkxXO%4(<>pW08F~d40 zASw}iAtmQhT$SY@Dffbp(TFOqi9S9}U*dUPa@T`duDmexO=0D3o+m3v`~zRNhhks%pCP|Iwq zJT|b1I8SZCPV4?cFAGW~4<@nDljo7bMV(U;LEv0tHG8YvSLYqR*oVG}TpBElTfxUo zb$vXC8nJ3&U{A|lW}r@rnk^hXrnVp$yrx#COydfd-AaC2(YorO3QL!4RTozal5M-% z1#)sL;z~q+9DB3Z{H(qh?cDbByuww5;i!zI5XYS}k${Hz`J4-f*s&~|XW$rAx~8R1 z!K#YeL;pj0w6)K)Zcy2&ih;|}E-8}{zI!8wL`iue62FL&Pc`MHr7Lyx2@wlh9h>7P z>U6hUQXXYPfMJ_~QzO@*LAj{vits@FkP-1IByN02IhnR`XkW?L9J_BQ zeNss|6*Z)490s@80OU}aqUwoPV3|VaNzFcT`3>Q8sa8}Lp9ttV^u&e466nfG_!8($ z>ev!!%?ac(=t`)>GI7aB`0`)fGI~uaiE^(#@GsDjy-bS9cQR2A5DMz z2!Sq;?W!M&(i{!nu*w3B?~v_bLxq2NjW(T_R^cU(p3vYW(1O|FB}0c9s0|a5Kxm)R ze$`C;f&n}V(wR4w28XG=$>5cznb6@Cg&`{;g{!Ko##HHnwy`X>_ADk` zW}%mY@Hp+_lCz&I0{@RlE~@sBUb^vs2h7v+zJZI`OA(Uez@ z`opu1Sjp7jWrgjoSqo|w+a|edZ}_GV4#O-oUtQZCH2W+jf)*spRX>Mv$6y3QF3(F! zA(^W>q<)1qziYy4L%Lv7J(wZBJHchyGq28|q67hJ?=`ZIKgZo${F{Xe6ND2&u9UZQ zRrka$I2O(&bYIKh>6Et;H2uf51LyRNr-E_3vDL0&WMPebqFZBe^e+<+ne=sBq6N8! z#`Pnkrn9^r&txO044YLB$LB7?YUW8SLwne>L(fdCB4E$dp_3@P&1@86olLKjlm`HF z0`!mhTDX}tVc;PU_y=bPw|Xk?bnh>>KayAP^Axsqydi>UhyBmZh zPwcA7z{~9X(MFK@ksCMVy(DJJ>z(EF7^WXTmF4N@^jI4=CBxxCV<*hPd3sS$FN$$` zL9RBp%1e^T{d#8@xPJiNpFl$qPed20+^iGecHOXh%#V+}*HF`6POH+fCEn>)8{)+^ zMENoc7y5v5mU-zf0>C6Uu1&Xw3S)4sOb63vfV-2e@oRp!q;z_R@#PcGKZNvXW?PW3 zZ#*jXWTxU7+gnEX1wS@EeL+-wn1^Nz5ycIcedZ?D4UZh79k+qv5jVrZ3*HiX}PRAPVPR#pZz|BfC^r&uthN{}K z=JC2sd|Xk?oI)_UPeK94<=rbjxlGDAx_QqBV>8!+-V`E~Ggl5$4CMsW!NLTo6S+*B zCs52MEcp%wy2Efb!%qkCEpWcIbUain`f`-+#b1yug{youdgpuRbj<46A8n< z6AAK6yV9E>x7UZ8JnD z?FhH)FP%@Ch3ZtfC41%m3jPd$!ALsulFBBUqThuG16{QjU{X{mZnyJIA{%z#QXq}1 z_k1>M?n7lF%>#V*F_~j$-b=l|Va$DPKrberE<_Qg5<PbH*6NaHLgU44-b4Gr`ngG|ATmt$DU#T+6 zc{Ap{yIcFFwE}MUf?XZ?zxM;Z(Qcv-8q)_SJPHGsSH17w|6tV{XuBUDnEtsceN2^A z>|N2=dRX+*2$RK7DtNYu=ggpUoeH>aVQd--cHNWafzrt%~%T7!(cgIoO<;7=VJQ^%BSpZK|wAX34nb1kb|Wn3-tX zh~&)9%Q9m@sYRsj@%stsr==4_patg>CTfBe^FyJ?=-p(KV!PYzap=8^H>+awM+|y( z-P0isp7KLLmCFYbL2?5Y^rPVk8y|iY;xm_@qg}so_n1jC0FP+&YW>&A5~FNHcd^C( zK7xsNQkufdAC5P9v~!b5Q;^rf*noU(k3K196zxaa>G+uK-ZkIN*ZK90iCFUOhc(Wc zufgLVjGVKUB^LeOC={M#MZ)pyd(hi8F17BYX0&Y$hou)ekSTCpIII%nHhg}KynmT} zFH);7k9WXhn)#~6I=(LYsOXV;%I6SgL zT2xo-ORbMSGTYNiBcL+Kw|vyvywP7ETfSl5p~3+=c3o`fs=1-z+UlWds5b@UQx9}Z zAVIW<2MwXB#^ut96)kOF&e$G182q2bvLw8tn-5pL&tBAt?Mp}QuBXn2QbvB(ok481 zxi(kvGI?uArc*y9*m@7)@LoPVN*W=Lr?r9~pckdH3Mtp!zD7*(PpDZRrj?1!V zaoVVEIBUT-TTStXT1E<4dHZ3cB#vhfqm-Uy*IJG&KC=EN_MX`!a`MbXr^{38AEir&Opq+YCOAZ4mXnBr-~ZH;Sl$O9Pr*f4Z&Nvj9 zTEUh*q4c$>dH)$vvSHbIH$&A50%Zmi#AIX#T1#!9&vr93INX&?WqxW?>}{DOs{wK; zpDci37{va|Exc-eZb(L8a{-`E*)s_q?g1W@A>Gy~{(8Z#&W7Xx%Edq;7{6C)PrnA|Q4=y)Ga ze#i5Qby6)h{O=>6Q=;FGDDJ!q=J&jS221(f!G*J*9+Jky>hLhljl)IV-_DD;zs!iy zl6GeNdmoYsczQVe-2oL9c7J>K-3ug0(zziy>EAbz#lx>}@^e3juAVfiZ-M|XTP_qj zC{3FCTZ?2OqHiKgf?jJ-P(or;Ig&7w(xNA(j+^BnG@DJmkO{HSDnspg-kR$35v2lq zWn%r_D2;($+Y8;&$@%O1-0mXS-fAHQ)joaZ>u2ln?%TU?xr+uNo9P(e_3S5tcwGHE z2-Q24k_)PMjEk8Xx@xe2$~1Tgf~fP#6Bj0xb5auM5^1%JP#Ji7XP5T61TMf};W2?@l7Qzks>)XH3IF5P5{(TXVbEiT zmnY<9rCd~3Bb39@;4sQOVE)=HP>Ta=BxuvnYN6=fx_9h85=(!FrUjSTcwc7dmwq4ZC@nB;_?g|=J^sj zC|-Q0fJ8{E?|Bza~*`C+a3>-Y@yQOHOzsQJIJk9}jaYGO%#2ZJ_ z0ZLH{^$IiwaNie{pb!sn)`uy^qR3ObaL>pGjVtTWZt-CTe88+O6iOyz>3rVrbgy%+6v}qM=kXT#Mnzt_%e92hRO|R|q2x*_}=it(iDtqg=Js zn`?(@B^IaRXW8o-@cJ1w5FhbN2y=gahpkCkF~fmnO0r2DQy9u;p-g29-&&mSTQ$8ArPBPeMvaKcbn1onYhJK` zUb-w7JZ9UT_lDzif&jl0UC(v#m#t$qh&gwEuU%Nb2BHvE9C}@j3H&vgF;|-712O35 zyt1`KLAEY(Pu4b&s2We=-OC0@Ox5#XE?nO8NjSYsx!%CA*&7(V?qA%|r_B-w=3rzT zs~(L)W7(-mgsbhy-6^mi1a96#2h_HS<=As--t#q*}4Gw&5`UUa&URdBf64pea62H_Te`mx(?Y z9HA^UCDEm2%h_ny={{v7#XAkyb|^9_WXZQ#|9uj>uq91CO$f3PuzyG))IP&Zds=K( zJaBf_!VS1WwZ-t((w(C=+*?^D2ze+;<;i1HJ$XsSzAYQHRYs;(05j6_%sM$1R!%Mx zwBI#^UTNSsm4zXrg8#WRq%{eHh^pks-lHaYn4+Fw#DY|VWa0bpxxO86>HEDrm8?u8 zt2C{_5Rcv(!Fledqt?_d(}kneqw*oNDofLsJm@-mdG7#qLdk5TUc@e%eLwbnc39)a z+AqtN%x;hA*c7x&hjY?3>pT)pSW!qho97zIKPhF1V~)?DEjK|t7kj#m%xk9_qUBdP zzBWB-N|`n6Pf)YjK`|BX;M8{DlmDl)y9|mW+|~t5LU0`zB)Gd1T!RIIOK|t#PH=a3 zhu{!AxVsbFo#5_nXA;Arwfu14zvu9XGr`o%oW^w~%mxtr#MRicP{D{lhSm9Q`e*@oziBW&CwJq~;V(09r{k^O-B6lIDP;8uj>y$c13#K1kmtp9#&w_vv>Qfim zc=~>bz>@|wpgwD;8)ijRK^gnhM=G*~X0Vk+?Fcb{+w6171%b6ljMvGEmr^_^c9C(> zx37R6zwY#Xqqo_DbB^$cy5dVx#3#@Gtcl7wgm=f)=>kM<_Mq_W>?esy;W~8Ha68n# zkC&huzuP&~2=7`*+uayl9W0#5TYpwVn|D==U-fv;d%6ZX6BtbKl-zEudVVRgS%!^@ z)ZG^}N>)Wgo^Y1k)x24TW=i69^Ond%T_=dyjS(T680lOTB%3HC@6-QGCJ#E8q))O; zCd_hLm(0yP=c*KEmpWt{LD6!i+Q?sEQ)Q%PI~QZoer;lZ?pS)$LtS!?%a>E&)B#i% zjbkj+>LOW*C~F-XXkVhqtE=gk`B*&mws)onamB2Dp8o;+i*lYB=jEgANayu!h~jaT zNGcU2SM{g+0KWoR{W%!r8*~(&%&zVn%&8xf+W$QL(F~iCFsR{l?Sxz` zO)+ZSqknoV^YR)zD;9{X%tLUT8(Q9CgCi7Z5+WF6aNv{cMvY`9{4%s=$K?AV(}7B9 zhOE1c2~DE>Lq?9@WAPEHcGUG4ZC|sBS#?;rdQdEwci^A|z$VZE`7|H0+g_z`^G1=k zCTEkHP&hbztdK8RzwI1K;#S9wiLo~T3pY5R8VV(lj_GKyR%FIwM&rRBkpDJR#nRdO z;S*u|vKka<9EPGjRUxDaCelO}R^*59L%XzOHG%9=g`AIIn;uki4!dZ&h3p4vXdL+bDDDRqv3tF0%xSQf2V@PoSbkY_W?MBdF99n_*}dmjb=kn9#Y{ z=`DCZ?}1Cu)u-%i^rO_l#dd`gwmJ_e+3RlgMJjSas~$g*xF`;8Y~@-X3=PC@oKa7s zCzMXsyWgU&hj*X=2`7D17otMhLfLQ=pnOI0%!1|@4eau$I+#!itGC@2b$}o>OK#(0 zURlI&Tjsc(?5Y4e21%Cri{AeSkRnm|j+lXjWzib_T36tL1h`K*P}Afu)N!<(oG4Q~ z_3IN;Vz10UH3~9yOEf6G&CY7k=1rnPt{%2s1k8#SqiHg7j7~ALOax;<9l~eZDNv&L zI~G~@z)86@n91n_|19;iW%`#7D?C_cA1MkiOHEy@Ei_Y0yi`*XL!@l3U1w9>cFlL; zqAz?D{`C3h7&c$}{NaYRV(xIoi*FpO55`$)Bgeq-1O6fu1mi^pdi1o>>i9hksVClZ z(1PMl8t`E)O_qOq_bFr?y}I16A8B_igL05b@P>o>E7YX{K?^3<%e{=9Z!KaztfEHb5`B!)fAs8;S%3(Foetu0 zY}*^gl%dnqzrf@)_x2Cay$XT1ho4YJ1hx9(1!!%>fBPV&&IM>&zrUzXWc!|%P+Qv`NdK7haslq_y-r0 zNP`eQ8A89szG&jW2$&_tr<5=>89TZ2QNDIS1ROjTD5mlKBmK zsdVR<2(6soK!=!;Eq#wji7)x^&vF>tDpb+{PQ}B1sMgtnialvoCOL=!(o48S14Cq% z<+B9RO6@m{`jLKtgtOeH+tJ#C?{xuPfuxd!T+Vfzu%Sr-#7Si2Bs>7)uHj%wnC8fxWS65ZPY0k z1RG|A8D^T$?=u<0rNDC{%I)U#hH^SIS`0%n1L$>ERN+t zIZ*WNs)n^Z5E?|yTc~|LXa#G#>iU?g-*ET2Q-v|C#ZnC*x8TeC<{3(39e6DlQ1EX& z@A|%AU{hEOc8^?vPn&UafFUHD!_h5*>uJ6#Nt4>w^8Vkn`k9W0qp(c5+16k*;Y4=) ze@UEk^RtT7O6*CZ(6lT-me;E+K>@+hahMm|ndF-`MJ{8PJU6b-39=PXZy9rN#G2=z ztCRZHf$Ak{M|+3#P}5!|VE~nf-3rO~+@)^s;j=ddua$!4)Owe8-98!bPlD0|Tfflv zmbl8(xY^FuCl@d)AbCf-GBO^%4y9i-G~7BvgnK;Rkn?%B^SVCl%Sgff!6Wp#)%UB` zurZ&{>KK|zGwnxjSa7#0QGYmTJgy-<@s%9FC#-vzmiP;ozsy2HDi}XGVM;vrmhtu* z*8Ql}F73s&)=1fkK)fp1Ks>vMc@1b93VBZ6NhVxidRXmg|HSDzx33`|Fr*D z*4ngbao^y~SnmHv12fddMVOt3&e%S(zlo8RKO;JYWvk!3k@o*=C4{l#-cJt;7 zWkGpNQ<9*r#e05;na4YdoKCbw5oH=(wIV8z1X-T~48I!-@ zafkoqcic&MMD%wSSv04|pUcbHH6KofmvB)g{rSy;-RMiziOartXy*asNM5ZbknNiPCQD-n_Ba@11)31q+RCDkIS$&&Gf?jBnufX z?gvp!>Izup%-RNnXka>lQ>S8Dg+-xGSYqH^5#u~}domA`8@M6uCG9>^@`IGxY;aT7xZysKH*)kyxfst*Y9)4QiIU4s>h%}j7fcBnERti9V9_}Fz63VBPOZ4H zPX|PaIY~9eKHT(AXrq@^`54(viu)!S<^bAJCSFC4uge|5L6EViM|iTXDK|zrfJ2n$ zmqWMElUIF|^`J24HBc5pqQkRZqiFk5 zs)Vkz{DD}5(61rV@a}?*c=fcLE)ZBS$t#T&{N&nGE)ey(t0ZtdP)+i0+BH2$O~nH0 z`TcJt)G*_)o7WH}qr33G%#K(JLd)@3iZ@&we<_d1?As<(QXtlWU=zogoaj-LyK@rY z=JCOS;Bi%utoB46Y5oMwX3F(9Yld^x#d0qvxU1Z)nEKtKDj6t}GS#M3PBN6XrF5Yt-3P-8?B$+urTd>G4ki$}UEGLP_hw5QB-B zDVWylK-(B9rWYC(#$B>9pK?sBQi<+14b@7qRFFFf?0*@oIJ&pWSqV*DqG>$JWe*-XgzJg;-Q_nGIkTStAshh@*tnWN#1zltzE_&L;S8Ic24ukVP zGfm@dw&iq;o4#F->fc0FT;Q0d?`4nk31<_VTEBK%ur<{A7d`ek9ej z6_QV1^=4!=c=s6kD;;Ho45WHlwsE(wE&@G49vlHsvLJyPcZI74E(JCP3cutIN7}NK2lFMzy7B{i0;ONB0J`4%DjS|`Se23AHO0f6%|>dg z2#F8Wk8Ad)Tnte6iZ)8CZf{JN#d@VIbVG`+K9t9UgfPqm?`>)5*w$^-p9BH8i&Lxp z^fn(cKPlT1CMgylrlOjhmlqsZCCGJtpd`~KbwmU%*ffUSny)S!{e>QHb;5+7=pMx( zN?C@hpSU~+YEOdm`oIOvVp-epb_hHs1&&mTas&M&$+Zx2IJ;U(EZY{b01E?z0vvT@ zFjH-~sKF3aH)}G%xT)bjj?H|MFhYDjc`GjF(hm?Y5s-mIE0Jqc(`~AY2CWC+n6&p- zo8pF^7*3nq3OV~2-x{U1;ysXzx%7^V91NZjvFg|p;m<^)d_0FyqrMjxyM%a(Yeza@&>2}uZY9OV--}( z$uw%(LFws|OJE9`EHkt?K+FmBB=pL5L5y^PRp~aPj3>R_wG2I2X>UHXZm6N;m?e{i zWkv{1$I~gx?YggF&U-G+&FFUFI<5S6cafqxpb3xvZr7VWlZ##>wm7+@R)*lGD(Up2 z<`2@^8i~DXMQ8d3x!r+Q`pM#J%eFv!uK~suwQ0*4XCtHOo#Z7f&F`h$pq4zTqQ@N7 z_@hf6MhH}z0i-9s^VmHUHH?!11Xe#22@=%HM~n%;uTvPCyE(an-(P$~yh4*S?49tf zqUu|VN9$%!2Z1t%m^^r(mnsl&ubIyIGwHURyf=)x9={&VVlZ`W;OY(!lWZjB3!%*2VW%@ zMl^30z*n-`>ziubBda6nZ0{ceQXTrQ@F81!8H@wHq5Zir)Qihk}V!6M=L#WPzzzXC&rmnJ@; zn+q!E%pa8FRp;nW`B2F5qH_#Sj;tXAkDnE2idY7ivbm-hvX!z{)88Da>UdtVvy|0F zH71WD*DQY6M4f%hW&y$NPNv5wutIqk*0Tc+aio~CWVNJkq)~eSrb^c>*{-qPS+prW zZ_(Y35yrCWsv!Nu?+g_Bkugfp1J@)3_7&~VEBOSZnM?zeQplx?(+g6T99=h5 zMgi-0t>N{e_Km}rVLJm3;<2H7X1^0~!ug-lkw*D#qu9Q$<4xPXKt;0c+l)t_gqPB5 zUwkKU>FeX>i8zi&oH<*(&M3^o^&620+EZB++yNb}Cyg4ac))6~zq`bWj#E(Zei|NO zy;S~PsQnTLq%_wF=v5DMRV?#}^|5S1dNEWsoo=sa|CB^S2tt@~74*$uu56cJrc98Y zXCg`%M@!I`30C$Gx>F#EU`O`e<}2_t(q5gVs1KvN_){5WHy{3~$vl)GvF2kAAPldX zK0yS4wB$W&W&|^RN?Lb?p4^{-l8x=Y)pK%gU_1V^U1Wz=Q_&3gp?$LbRC-?T(vqo= zEo&=UWgB5!_>>N+c=VCB`$Cpm@eUBYON`Z^FR|h!UTE|<5a_Hucz-S_LqpTW{ri{Z#CrM@w!)KUlz^f97;$e zE{@>#Y)tMAW8QPjruMAS7%BdO;NxGXkH70;=lPk-`3IlS3OEJw;N=ASV;NsF{*>Sf z=0^dX=A@M7l)0$6cAOS!b=bLcfzBv=oQ_ubpEdAt=NPg$ZsR`r{*{ySmov~5ur^(w z$>L7nMWDy669$lp8%jGim^v41M9z+W4(W(oXAilLaGE=lt%o=Pn-Pk?-{g%PsPBsu z92A3Cu>nZCy#C!3;~66B>N4%eG|l(cNxo#-GIllxA(w*rwkHzmYWqRpjDCUjp9x zBl*3rGa!dRJU5@WixW}$3W|O=!F17{=K*}2uUS80RYI<+4_>X-a7I(HgDrW`ZI!v5 zv3Xm3{3RM|cA+6=@5)OISHf4_1bNzqWU?gT5z~jD``I^8BTt2Tu=iN6oZYYf6F#Xl z>Y3t;6G4Yf^ZAy07#pxFODvKQ_61~b)I@lW$r2$E)lReo8t{A-68vnNNwmH37@y_GmiBHmyb`rZ(~l&CcFeD?J6h(?s~i&#UGXVq9EN_7g3P9MPk zbvYxG3}@JY7W}g?g9;XaVI-Na;?t9p%~Uq-hw`m7JDN3k?+)X7>n!&22hZPj)Mwj& zb}F$jdm^zu)&*aI{SJ_U{K(6*F=4yNx|*o8fXEglX9RWa4xj$96Kr;V=dnQ2t*$)~ z@~XrE`FstoM4x`>=Ivy6kau{EG9V+RmsEP0P6#?cIVLy0*i64L%>smxxM>W@xnL5l zUzU3EsacRtuxTe&N9ng`=Kic+bEyHrrg7ylLRgRArU!hCNUdjsL>hhA&0gc|h%Q~( zB2mkregeP{Vk3Tc#dZ9hWlibf4K-D)`e(}m+_b25c{qN zIt<*br7Y>-egbtU?7(5EwS(6so#iX6QLj{Z#~fuUE=c&{N=@_5r~GzT_X|Fbr2*1( zd-+p114jKf>JZADI%M>il)MVFJ}&Ngh4IL1>X-uO$Yr&?+p#;&e)$TTk$yuly5=N zSQv3BD`h!L_mNwLf7%>5?VxM+#pWPKaNpbZG(@2;O;o75umf}Qn;&aeGnbe_+j78$ zQ;=o3qc6d7`>oj2QL1_7&_wj-?% z-mEiQhFZ++oGB}7^}Wa2eR3Mezmc7^2tor42rQMAQah!1Z{}m0J9DzXWaL9|aqyGH z#4|np)(Nvl71k)njrEXiUx_H?wXbECP4GOoW4=C*IPn8vYulB!-@k!El3-XT$$_nc zD*ByatVoQjFL;IkJo`FE9Pe#r|s5~a_+QbFjg#r zs&i01KnKM(@oCiMW^9^jK|EVS4~@WO=*ZgRVC zC@Apg{si~|5?*g{y}6tqV#`;Zw~g>AENYP*5}H=@A>X+ zEn4uv!}=O4qneXP?Mi?wj((@&|MWQcd%Quvv?@G9A^yD8J~{FRtx$z=>QHIofT)F5 zY=O-DzRujfm_Zs$o&v7Ni8k*q1PBfE!}@BcC#8w;irqEQ30y+TiO^Oa2}jC-XW2%5 z8{d`ksVra7Px9P*5LL7=uZ1$K@~yYONFKJ*8nlc&9qd-Av(*MByouliiWKD*3~r*f z;w{GRkK(m?S3i1pvD&<))YLp-7&?jQ73^E$U;;d0U}<%J`7^X>jt|r@z+HqCeKBqVJ7#_0wO*4-VLjbNq?a> z#EnqN1W#L4@6V>s=k6Dz9~^G5a_GEibY5{NO;G>7JZHh#s|VCMfixJlGMLfEEHjN{ zn2oD!pPrv=yOWPlam2S}BCWm352KsUr^>`CUHlFYGNZH4kJTUpHR)1Msn+dtVvR5C zkJU9V-2J6JMmM$n#als>#Z$*d*)Bg*UDP)BC-PDsW3rw3KXZ&{M+yyon;04wo?w|q zJ(KDxWj5M3hOo+Lkw;KGmFyLM*Q@|bQO$C9)Iw31`j~eyS+i39`-b`+VZmn|!Ley$ zX)UGVy)5$;wxPDXjpza`TQeQICEJLcITDUR4~u#1Rmm*H5hwToWGJmF30(0}@x;9* zSv0n}?}AkN(ziroPiPd+!<6IC{0{fC)fT_a=jgMQS1QqUmt!)o(^#89Bi0p;ERA6c z{If=Ue&swa)GoM=Q46|k{PeWJIL?%?-elx8+Mj`<1N_S^1f*O~guB5%M?WOizl-8# zj^)k@z;Aue`0;V#K=QCEm>fZWNkM&98L3I;Fz*e52~zNmH@H`D;S47wJzk;R9{Z)F zTaW8Oyy}OkBc+|GaLi0I-=Ba15en?g19yxt8CHQgXanNdLoQr*#(E8m+zr(}lRdoy zJtn!xDPP79R7F9uC5a%L zH~q$dr%%m#>&<9)WZFde*;|)ClqAgQ7Hhc_zNRPFAF_Rd{kaTmZDl4q72^=&v^Oje z>unq1GxBXf{!a*z=;TM`?kWpR#fd)LZ?$_2JZ*)z6X31d@M-s0v^=6I$hnAg&RM|_ z7?H~i3yk0I@9mm)bH)_0l(RjJaWj7ebZA4#sMP{$)I_V_Wy5Y^#)*L+Uo3UEV{U6JL|=~R|9MGm%}(pi@Dkf=@86rPs&5^ols z*Fd4K>Oc=RDZW+@H7UNYs)@-*Vo-A?P(oZ^)tUF?C@DV5jL1D3Dft~0nbW{PPRTY= z6Gi5@U-8`xt37&$v6D{Q3f!vJGRqHOvk2z6wHqQGI?9jU@UQW)jmCTvu}TMoslhUs z9fj`gn4H%vSgBMSWYy4%KM=w07hRt+nyRh&>pkG?8BMf_zfdj5)fCR`lG*QZj7bU( zCd);~b4{vULyM6*9htPEf*mqQVSM9QKe%9(bPIPCT`EF9qk`)U-kOvp9G>n4{x%D& zBph}yfUsumnsdeHPdyy(>+P9?M5fwr_!W;k5a+7HI@ap*zE%`lf35A1=7wLeI@+ub z?Xp7=Ny~#UKxZjDeHJw{%p~zE@Weuv!`Q4sTL{*4=c0M#OFtHx%9ei?Vc5mq{7BCi zK~uFUW4%gp8c9T0BD=sd$ai`>i!-7WmcA7ZzZBtSPw}SxlecK#1=@9#2Jef?7+eEP zNoP7LLojDmLtU>kX}f&_j(P0}FI?8@;V=RaY56K2T@n0;R}kxUM&@OBIZW}ntD&BZ zJtXEcR!fZx95)WhW_95v&#Lg?eik51QT(trM+=$Z1O5(^9r8tlISZ&Acl diff --git a/released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc04.tgz b/released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc04.tgz deleted file mode 100755 index 637cdcb9552cc806ea44baa9c64f6cbe716667a2..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 26809 zcma(2b8sx$6ZZ?pwr$(CZQHhObH~Y!ZQFLTWA50t`R1JSd)|MZTet31P1j7XnW;gq zUZ3v%4t_KQ3cx>?Z%P1aLkT4YV+mO{8Bb1DBW5)Q6J=IQEoDwNc{MdQS#=vLLpu{s z6-9eq2~!(efQwJW64k&5N0_3Yq8gD*k@m zha=q{JIxSc0Fwwn=1?Bz9g~K#klT5)bD2%6jE1hi<#)8?s5ar`QJK0jz+Y3UaB!o zOs}hIDyU`Z!?{_OyYfl#6neq79+0(ByYb)!jquBYyswFXkQ)Q8&v%9(ql;d{*tgsm z)J(; zZ*Rlj_j^Z2N9)P#^tD^h=2Ldc@7sc#5?6g+p1nfUHD5ag$sN^t5Ytj?THt21kJ+L( zkvCu8Po4JmJ-nOW`o8yv>f5tl{&8-uzP`QnDEoEn1-e(8sWqB~)C}J6 z;Ivah)GEpSItRoV0kVdMuj+toox| z85G8@et&y?FSA~!bx@4R^U*xTD{VjerwnxT@_rtg8-{zbG_dOA_!WGCQ!kdJY-D}7 zsG`IILLZ@h<-193m*azuP4rML>#W=H+Lm`>el_q5R9x9#PQ;*a#QAD0s}FyFT&pT> zI8j#Q_=VxS0-wFJ^M8Ilb~-_`;(x8WR%KoV{55vDv|z{iYSA}2k5R}R%zYn@0}O(*xKf!fXEdoRQ{wJ262byw~k+QQj(6Kd{gmVpAD z>I1vN-d@OghfcXLYB8C=Au3 z-#Q=Zw=1YBP4h);;7-*+N}wu_sRuRSI~HP(fis17oH~hSMyP4gwkwzEN%04uHls{{ za~IESW+oELI^rsuK*>6=ID>}{2*%!N(8GC*~m5p-FQ z)qa_H5or-AyFPgS^RXx7NaDn6eJ?3Z$5yKc@={|)Fo_{;G`x-RqklB^g;$%mt$nI6 zSTg{8$$)lyY9A~9gY_~UItZ)mk(ObUy^668?HRhRXmXCSj8>iW~=IKy7_LUV^Qg&zyo4eG6dsQ+pT*v9tGE^U?ZOvw%!Bj!n4 ze$T4$`D2kZz`5BhiE`gy_>eL4O|4q`Y<{Et%I1J*Zq&u_0XVUfa-jY+UZh2`g^MAU zD38jW)8Fz6YhX8Sc`}Ybqt=ZG;-o7C`Vw5}_>V6N9vmiLK^@ngV z@P#BX7OzD~)HEe?}M4K+xF8~-xRQIgM z_-RH0$YD4=wyIsaye*!Up%A0k8opos7wf1Ppl~$S(>#^ueYP5;W?KN7o^5E9tvVvE zqc>#Tpv24YQ|l)OLL3RSO@OpKt%8m<9eamxD#Jw@n080H?vKER`t^4ARc+a=?qGGG z`9;f}EvG~6C)2`1J^EJ4)4PhJSM+Vl@Sf`=3wt=(eWGc!17At6sVVLftm|vl3U?+qEjS$afoSNkJ-lB3TqK$lo^n3_i zP>S)nVqp}{c02}XJ#TxDpr#`2hG=R3C5fr}Z z51}ki_bl|J-9()m476xvJv)xo1^gvJl~9B}e)oeMydQJS z{{*9O8n9=~0v{`DJtJhj!^u)fu4^HV%1NVOSZ{+w0)?aQ1r!`0RLv z?Au;ZIs560CY78S`?!_d9k`^5>)j2#YkyMFok_m&QjW__bSzfo7YQ-3YMzQxZ=bFi zkm5eAza$eh8iFvGWCTW#Y@-_;WJ?wynqZ6ulgR*6+(vNhC z>rUWy?Vsv_qILqwN^LmWvA$>d#hu*butd8mgCWmd@L{p{W+!6=F9Ph{JHVR`bkkYH z1cl*3)ztN9uX^x@sn}o@i>eBgeI9@q7Hxr`PQQHL0s-SkuQm{(zN&oT^n3vCw-a$( zbRx|UiQ}b_d}xk%Sm8eJRNPxp;fm_)=yrECl9+YYF&@Qz5*hp(MjNwN?( zX}ZB`lcs72m$NHE;{chBZB38h9NY^9<{Hp8{>=%ZOVGQAJlKL#x%Hr9f^le-P94y6 zK};LcG&A^fqf`d#U8Pbt1in?s=d?5o7WLO@x6wDAHB;_MVDRuG2>Mxr%nY(gYzCT` zW5Cb|PDNza!DmqA*|#_yF_STqa#XCHb)8c`Z2jfst*P6FLA_xso0x6c!EOM#3oK?9 zH8bPLGoUKQE`2eRLc^mK*1);31D*nmhQq8a*tEoBH1>?56KEX&ND!=??50qjb6ui) z?`}n}&mY>_rZ~D!>CFqPGF!$Z<}PSyBgI_YRqZm?K!C31Wn>@n9`JzS>`yYh0S5k= z@9eID_q8>OvRD2BV_6x>(DEY4k4F$U@UH2Dd{)_YaU+ep|o2@LZ3f)v$ zmf_l9=S{oV7~gkoV_h`)jtZZ5V>@9?mi}+b-?_e@jbFXRYQUtc>cjq@&r1PNOV{uH zF8)6LkKad&{y0zST|g#vU;C5xz3)evwK>cFA4iq7WncTwP4PWn`#BJ~tw0B}=jNKg zP70H6y}7D^IDYp_fjIn2eOkF{L5toR6`-0Vi$MqOPqm5KB;(b+Reu2YEnlnU>9od-Gqe&y8z4D!5Rl0>~>KcV9+VE5%E$h-77+D0`}^GQ7Ii) zV9cpUli|oMz3KR5ZF`3`k7fsvnI&O&#v6>Cwz|dFU4N)F$}~tDPd>oXwce4F2?@D^ z4p6n5M>>kbSdCJZiOwihBG}~X%;IIX;SQZO-63APV+%O)r>5r8zL$ic_uZ26*ci)Z z?;bRk1a{E6Lxm&2vOEnOwk<#_-QP~*WL*K(>`6DIyBApaP_|U39g0y&5me30X z3;MIf+nQ}*rz{|2-i<3F)xoglC~u_-`r~uJl01rW3!H;;qJ~(2Vw&%<%1<< z?%~vARPwSM;HOS;DO%9@Ry6i<`^B21KawnN3QPM>h!xfg`_ktHST`m$%mkds?E;&{ z5TJ3f66os{3i@ZF!3yIsR;Su8@h8#vwUA^}0n_m7+LbeC#B=K)(xF>*CdY?vx^i-lqb6%a#<0>K@h}HjM#za;-h|7gJ2T z5HFs1j>rJbG;+2KnVwvOIQE^yk`FO}Bc*)Ol@Yxsdg6s9qscf&a!OW{Tp~NBrE#JK z$7wsb6eD9TPRe|Lv!Hyu#u&a5r9@~W79+O)wi6L9_2orwZP< zynlba6!_>DPG$dA2Dg2IYPa%LYV9m9T3q$UKZm)IJS2BIbvDmXSawtevX0S6` zOmiF|#tP@O3BQA3lpK2tx2 z!K!j{n~slq5_j{5jzQ3KhK+!Kc8oSarI;cWpRF^x_8ZI7ENx8&31>DCQN5s(enKK@J;l0t$snGV*X5T z?}TF~xnaU$-;0t-bGb2JCJ*F=--|PPh2I3SE>O)O+7j~BDylY>)ssw(s;Jl#Y{$Kv zYPE9gfGVmv`OTR&J(gVT+X|yXqs&B;2$-(JPhFKPjcN_0q)p0UTNX(@253{&V|meb zb(*+GhsIc|BKkRef8ku4K<}p%w2zr!HNKnLeYLQ6P|Cq-=kQ!vLs|P<30ikJ?Xf5) za$@dlKqVMShm%p1m1HCtWiweQON!DHjijPZ7iYG(0ou7a_+sn`c6kvmst>l#Y+Mc{ zS5#dNIsc28)f96|P>NBhbT(atc%nBVJl6mGEb&A$^`~M7qBIi=|Adwo7}_uvpKTNw zpD2r%k5vaEZ1$5YCtq>OIY!Ei7g~#H^YZC$+dy@L`Pzr@m0|oooW6tk z zgCewMqnI=zRAyYynWSrkul9COJ2O#Jif>4RyDU;gkT)61y~@pCz6m!6F8KA+7YirC zCQOChH7o9|ISCIIL4%KQm^wDFwPWsw6Mmn?+GHlSS%A6cAr95NEA+1nF;_R$PGEsA zE}UNeVB5>=Exc7Qoz|B2(gosKWw>0JrE(JYbp@q`axo&(a?%_z7MJyv;l;!lmUYp& z2rwT>jRAVFPnYi7FR*2U^e^&81CX@6_^hB}FsW*kGj$!aC0|GrCt2FfpI+qnBzs${4}kUaKFxwqrr1Y#RT}AZQR<{mK>v= zT#!g5^j!TnIy%yMe0G#H&G&aNF_+tU#X2;ZazN?tjO=bdzCOdSp@R*wNo8RPz@!pf zd5Ggw^hI*cRD!h`KC=fn0>jDnft%Qbzif0fs0HE}fA@_@-;`PGgPt9h6K87TKOM9= zay}Eg57=h>gT33pg9n}sR3K8Vz8a%~#ENA}=VzM-gG-8!(6#++T|D0t1A@G_r-iv{!TBBt#HIY?$FJkHw?47OByTe6@vSHq<3hRRrjO_I4O#1&+1x)iNQufY zQ@G9g*t9ew^if{_uqruAOcSz(FXAXU&y&eo!Ig6s9sT;v{Mg99UhLjHk-9`>nlV>h zkv>PA;8+a!9Lvzhm6e$Gx3Bq^J%qMh#RsHKAa*Md9$!*DM$a|MhnR6*Fpzucv|Za; zL!+IW8vtzD9^1aw{f*UEBAa%-ySFiF8(#p0F99wTQROdtgneDZqOD)wmwLfQqfoMM zC^X5{h;-Bxxs!TfN?N>&9nFC@UAK-f#tG*JTsuI6;TNgcH(~dA1X|Exw`^nyug6Gt za&3Is#}CNioJCI3&{klj^#*plih((uQ$UAVd(gn#c*?VpBp1;^01%?`2Ih(eJfli| zQ6TVnDjPt@uq-S?KzQsi<_c&G%hD$pJXh2#EHR_AvqpZxqut=$;fZ)KUWK^CqUy|N z8Eh;Cb2K|YJqkql*8-+EKp`oXqZcwY*}n$c5vu%_B8B3Y_r;1s!apZpHIP0^BVKk1 z%9qbjr6oR0tjFX3X?%$CxPTiqW|L}!r|opK&dPkDU~b;rw-0)KXExc?AwHqeQ?o%) z*{AN^kYCnyuxBh{D>{u=ox{#+=CgX!Y=6>*!YiGqe;`8PlVEk2yzJyix7%vhViA{o znmc6GH1`Q`GQ=XHfgNRxhln;#OX95dzNeSwc+}R;^$>2ITmC}=x~b1_Qx%MRZd2k5 z=Am{iBl`g2S`AOgYU#geQ!$5BR+1u@I(6A-ap0F~1big%ak<**Pb1~$XfPCU zR^p6@VCB$r94+0-MODE%@P;5my@e5jm^Vz5!YA&a`#4}4{Ocr^bJI0tDCS-$<2S=) z%SE=Z0z2-7ts#~@!x!mNPMx2KEb)F>AAERsF|$9fBkRg|YuoxKdu<@dO-tUy%Vu)O zD31{coJs+hy1j^_ue7a~ID308NG4(DB?sj9-a}kUViZWYdrT*{kdY8S8tjNbH69g0 zu*EM6hT{Yc5p2eB0b(FhGD((~xdnrR1P8am?qtr_{hZDcssWc3dH2u%nOru@j`Pw^ zzkkeEdG6<{o36j+bw9jOa0OO2ayi$c6c38oPHOg|l1!`Rf-077F>WjE%>;7mRHYQm z*=8n$9eJt)q2 zT>a}mK`2HkMfcDW*xi$go#TjMIEG{Y88X}X0|?@+ky^a7!lv7&*2HY5grKsl81kNz-fi$Sgy2v z&y*-n3ijp)naMK*u(5UFwNk#eXDA5jn1d7I^XW;s2+8OHaCIxlE2K>wK0b0BPikdG z{2*L5DJP}I*0d_c{`t82=#7h4;bR`{lRGo1+T#zj7-qHvnsxT&HkKaKRuru|kld0* z{qg428{TS2;n@~V+!2FbSpPn8zfPRT3gz@N*cHLRP0wzPkhenvX*AP9q2+(}ZH$LoM5jw{hS-_XObf za07Lj4WYz=f8>|`g&!aOi;D1udlIDfo|ld*0GG$3hZuKqNa<7~=ieGcR|fh_BN?<7 zN|-0=B-&%~zxO}DGr?5qF5s@O97_??mi%ANVWex`tJ!F<%QMi$_dbD*hqaD97U)5! zfq)BbROaCRpCOn1J+M}vROsLaWiB3fv;b#bx?>5I!)M1VY#K|~zux|wKs+T%wm8#w^-$JIq{@Ey;V8g=kwvdE1s^d?0{TJ z^;n{0S-ymoAez#Zp&}7<4MRo2J-?nvxYwf@8O`(O`{MdN4oS_Ac+qSiaUVBzF_T}3 z57qLfs6Poz9*f8F#xjWvHiyMyen&Dm_ie2(BP5Di43(A_S3ob%t?5|}d%-oZeRBi| zRVDVzxl#&AZe$ZB!X&5+m9e6rQNkptv!d}L zAu?2^@?VmsXXg5G{!(OTwg)z`9w9hSkzsTvb@Ef=3lVh@oSy&2XPU8`R`qZRYoFUC zR16S!s$@@)rGDSd6m=msTL+KXGP+Y3c!z(^9pxv5RO?U_glYbT+R9;PF@KuU=Trhs6&8g%>*+zr0@HP~dgs zJ_mSpkqulcplSLSP7A~QkJu1^pT3HA{si#MWM*T6i&w>sC2MT{7eGO;MKpEGS)S}@ z^{z<;Ag0}^dPa64=|dYO|8CM5y3uAOIgbv{+?C^=3BiQ;XG`L@tP5aQ#NaFok&Ph& z-hZm6+Q~y6zXKH&UZV!YP{g!5mV*3+9=g$Dtx`?P0B(cImJL~Gm0ifuE$EWeiQO2K zF?8@efu5pQMFRc3F^XUGQ4)bZ${Z+T;(MBPXO6pZth*uo4EQV zCV5H@O<-APRJ+NX z!B!3xZ6I8IqD^HZ(iz{siF6tGcPIbm)jn?m905)spNwneoG2{a(vezJJ6h6IsuWy;uyXuq~o!pN!EbG6uwi9@7vQ0b)WclKmY6 zYC=QskE_J*sZ3%is=P%{wlVsqg~T?q>2kkiDSv=Hn6!(UM!DdQJ@gp z`L5&Uzc1>@b+?iof!Qj3g(Cih*Z;qj;KVrZQY-!3 z@jsKvV%f1$?5+Ec*(}cumfPt<+*D~cTE6{-y1oGUCxz$5X)0;sxxuFT-kcq#xAMHi zHTwYQ@K4JECtff_Fgt~F7^j5;PgaIr{m?em{Q&1>?P2X9?Cv$h9lQ(W~;Kei6y$@W%N zU*GlgMt>I-@S=2LUMNYH81*F@T^2oKUZQJ|3ohrDI5hzHTW(c*)NK!)kQHgtU?uFr zYy5`9iM3j1dE0l^$++GI{YEUD+O~bpYq;&0>4@L;`pm$YS;Fgf?WZpNo}HelR-MNb z%r%z5P4>fLjw@IOtp+yBM4ASs*4Z`O84`9)h<4nbZu^EofJ71iYUYLTS-07*=*Sgs#1K@W`*|0qCA=gm1?RDg|6~~%@hHk&d_0+ih#hXzr)F- z>3S4S76Tu3WdmhBTUi=ZJHG>pT!u_0$duVK8pe}lOD>uulPEJ~*8XulEzW!m9AxVy z6I&;!D?_c8o+b$C$%+W0KUz_7-j4?kpdHPc9a63RGZ>L@O1Vf5*lHfR1dQKRYAWy>g8t!4_Mg#CoEg)QbG_7J zUezoWZ;PeKjrL?{@Tm^KnCkw>jWe`xk8W>J4jNOzD4bF1a;E{`LKc#@i5#giMuzhL z7>K!4s(Tz3=vpt^@Z$XS)w_J1gLuQA!8K*0Uo2C{TYal|>%~s3B&X2*zRJ|LdTob0 z`QxgeBxUIy<2~DO_UZ2_&oE|feA=m1MIoj1W^l@z3{+vn(S~9|HZ5q>g^h_hG523g zsI|4RKWvWxYil_{KI?8Rm~bhw%o3B`Db(IZ*?GMHGPOn1LaXm?QC4IM#x9)r!&N_1 zgx5)T8~!Se#}Ky=*AiM?>pZNK2~A^YMB?_kH$S}&HPf}<0l&`+!+1(p_&#l3RCDdD zwa&RtBZZQ>V`*GW4j=zZZYGDY9#z@im7We{-!{1Jmynn*5rqq>_A`9>{-M}~>P~xT zbI#2eFHb$x!@lsfrB%>9_eMsjIdoU9hS(IfWVzeNz_fO~I)VH8d_VBM@F;LB-s{#m zzajKk!EG6K?e*%b5U7epE@Fo5$kNJ`5y!%n#iuHA4`(o<-C}i{@K94`)u-y92w+we_ zVU9lW4QN&5Kh#GhliQWn9iLAS8B2W93~Jc(^nS+nRa%7948HK;)js!omFV=Hyry~n zpRK{rcKKSAwId6a7!eM?g=)ES=HmA#X6stzyO$fPpD%X#w?E$|Gv)r!=)qur5BI6R z->Ml%6NjPH56ibWXrH{}cwT>>;$wx~eeP?^Yu>1klULn!)#|T%ftJjk1IzQColW27 z<}@tD&e`5q+*FMN)PG|Qru^MCXy58}oqlKCa_+=0?m7Ra4t4eC{x~&f#B=dxTlJ3( z%!g{WBxN7muIWeu^s0G>Z&rSj`{a0ON3o`}Z8d9I+@$g1`+I}*pYG*=HO}5->R;Il zeQxAgSy`x^fbaKF>2|N5x?Mis!A%YqPrStE1&)`~)+026w*{5`%fs4M7TMWj_JuX! zW(ackaUL9We6iYLQ#Tl~n;W)TnObYAWPSkVYG3zr3m7TGo}DHG*%o70$!Y z`Ez82S|`O_(%11TDl+2{q8X%F#QY-9#lQPn1t~Y4((Ep=Qg)I(9~aw!P4rJOghgb0 z_0hA<4M%IV!+XYSawOx$NXUfxuoAmG7AD4;2Kw@`M7dQMpR_HlsDag} zMMszWPq+eMk2|e0JNxMa73a*Hav~A8lt0%mlIdsR!od4~8aq?{C{rlhEdRG)rG=hx z9m4GbifJ=v@)rtBv-mTK%C*p@exlbVajv_OP`#Ks{+Pl4IJ(&^XUTPktqO_RKA?(6 zCpuZ1uAsx%BPq<7z5f46sKSRkiGox!MFH*Ha>i4MAp5J5&tK8*QBv_(od8<7h;|yY#uMMOva8 z))h`VK=kB@o)$^_R=g|cE@&fS7}|XY2A1z@kFSuvAE6!AAx`vd8RIqE1pRzuQ^O1SlS%ra9HRqaaH(y+bYN1Tc?VSmyIFaR zi*AAiL9PWya2jh^z!R^N!aSjInLo0W88y_01__J`etl80#T`~$D(F;@b#PpcU3sEs z6vm#QZf6ed)VLzL_KVT>DGd0y21AbIp&&j+2Xia?yr2$8_&_OAdBJ_=D?{+3)&n)1 zdZOqMtx=SA`fy+v+Dj^^N!Ymh1S5hlW|KZLn-gP~iy#AbBRDsrLv#0pI_S7}0lxsh zOZo@Lg`X#XlsA0#0?#GB}jvTbAOeoHTPr^ma%jP&gVN z&g6N+kW7a`R+M?BS5pN;VZ_WJfv{d%S<%853Gpao$StM?Mu`DghG5_ zQ~)_tizQn!_er-+PE3}_d>!W(GhIGtP{|uJO<2iagGnm5JYUi}b|jTN8)oaR*3eT(|lBdvg*Qcf&PC{rHlZb&gA{Si&C^%BCmpAu#cx_69jJpBP(P} z;avvXS)AhnV(_4vYlgHAym^zg?SfDR;=z%hfEZ>SfT0fv-XDO0@!~hz2~j>Z-*LKL zfR1`eIZxV3Q3d(76CkWQH>UrsSSvw}K7iAtX&9J4*>KDE_7sda`e^;&BzH#gGPRuTSc zNp~aSIbtLcs!LI1v)Le`4~VzD?hRtV_eoXbphHdlx^hLFVx&(Vmf^~*|=~6>oSX8*w)9#cU_MyojRNOju;>Y$e)zHl(8f;f8E`lNbQH$DZVKhPO%d1h`LOf&|5l@%L#Gy)>hn}lB;Vq@)Md_NiOIrVe^qeh>Us(ZCjJetRRaIBwU18 zbH0eGE=`g#j&W3uh5o@5j)mJGRL-Owh7?X{E*^4hMzpDg>&*Ju-Pa!(C-M5I=>F;; zvLbF1ff@gr1+hVn-!^t&`sYtOIL-neJ=Qpbw@1kGHYX-9BB~g&n@oj{c55L-F-2y3 zWv4Dh7P(_Yg+n%QP@Rhw2?MZXj}i~Qo)>sY9-1XhTwRd%20ErT>^F=TpoEI+BFLge zK>$!EGk?~DU|V&r4sWxD3%3V#Iob<%t%B&%9?>JEL-Wn7Z)v=NMOx}jVnejqqa)=l zv_5OK1nP1fwzWmux+kcjRF&^uasz|9xMSJy>mI39noh|t=+xf~E+NHvq5O_hgwb-{ zK^~fAbLH;y5lUT`#+;7~CgR~+quwWkeL_o?&<|&w`C*`8%7M2>e!T`21sFX)u4$mk@RFKAUPU}WTv6W(Nd(a z+{IF|6X|oq#YjaBMar=B=q4!hlA4iOKwOZ_!)TdO8pkSY?sDVhS=Nh-4a%4W4pO8A zFfTE8%AC+CT0vB$@l#AHYr3Y%1rsj<~Bn5jAT#rbumVKtzo{B?Jm0efBn>XGh)<~ow_0wRh>FN*lUzf#BB7EP{4L>nE<`sMP?WM&C0HMB?UN= zD9gl@y0bw0Hw{2{3nHH62!%=S1C762%W1-5p^~gL-?)POm|!F{c$lZb7&Rq2WJ>$i zsgrZ-&caE2-n41n$q_OMyy46#!R{tPU0)8Y8zgg7)tIh9m?{xG*#pUV5P$nwFzER$ zQpJXjK{XRv=J05bmjf)HiWB`srll?Fk7$rNOihC`(B3ijPm?X`H^Yzz=*b=v-U>SN zt6oqcaiuW%-rg&Eg_294n?sCx3|(rej?LolsjYyn<>4I<8xr5v$(;WlH57vP79dc0h*C zI2SOs_8b>5mhu`GFq-b}&t1h+E^t)M+kbqoT!3iGfZTv^x{%!X&TG0^TA1EoEHy%I zUf{b>W1b%9ng`N5wA`~XQtOx}t5NHivoF;+X{rvWEzDq%l}*`zF=cJpfml^t+2QC_ zeX(I85Q^zm8=zW=S{HeJF+3Xi*!)MyQk(I@(Z@7$Rjb)>v1J>&Bo}5Ppw~e1lawi4 z(Ff&))L#4fg(&Er1VsTO6+Y;OzT6E5`8l7iHuOuS?ipZ(W7;Rum;>KSX5_53eyaRS zuIC-OZ%Y2PtvcE0PPYp;T4$XrKYi(=N3@Ae_yIQs^C@KDn{!$W;y+1Z9%)9j+6s2A ze;9;f!fW555|TP;M(UDlcHaBmF=BQxHG&xxK4;yMyngC1t73)BTsA5Eua6aPioY6B zo*@|!_M&(rsJ#br!n9AQN8es`?L@T)NIrPZU3kbzd?v5JkEryBr1fYgWvxymGJKA{ z<}ozWh?W+XYcxuCnl3X}{7`qHBCVB+uTP!ERZUXZ#CQcLr)c{2#A(5UFb}1&iDm7x%q^k=JYosU-Cv zYZ32A&#^2>(sb*HwlVR}#v}p8-9&rR?!JCTVly9guWU~eg_ZK_%eNfecC2ZsG;h?& zpT`52kuG8B9^lr#M|>`+LJ#iboFjM8SpVkviRDyBDHx z?(_}IdE2`Dg~ae-srdd5JX1rpS)LpD`W!lc^@QMLavaywTsr2I?D4+BOhqE?rdD~K ze0dUQ<{uorcKiyS;zdo9MF@jz@W;fc@X9?BQhi=#IA56K`wlCON^l;oxv#C~`{VF{ zpI8R*j-qjuD13D}1-ZP@Tm-q^^ArB~ElZg5`{lSiMH(jl!SfAtd8$wNBgf@U#7kdoQ|^Zd^F5Pnd5qJ^T>Y zyOEp^)@337?TE;@zft}BX6h;UL6lsQo)qWvBw~giNzq!JQ_o!hxR9-2Zff9a|_dO}gkl8z~9NLK8{^+wMtC6xWS75nI%qpd)5P7G*6hAIvq3DhGf zH4~cC&aXHTj(AA3;N0%(<3^jtT$MJ$chp+C@(%p;Fc0usB)XKO#OEJPeNa?4kZ&b0 zbxE}1m1@DAZnNq88%w7y#W!x0Y(X!TVOmgqvVVjZ{Pv>dWQ~rBY407{l$3%NrsI%& zFH9K3pSFJD9+%eXz861EI9lT{kjC~;lQ{eX<2sLpp_~motpH2O>7!aVP;sa4i=wDh zNK>N;A1UIau>KD~E(?grR5H(#PmWl8)c0Dnv_1*!%)3jFr-1vCum_jRuR$M?6t zp(;y>)d&k&ObyBcWEz%zdZ|7>ea>;DVNnu)LCY+Qx!&`^%jf2SdaUn#ue%M;U$4>0 z2I3)shT0eKgXZ+-FZ|bQp;uJo39cHcbk+#uykCf9aLr50p(>3WL1omFcKsnv8RGo5 z#zVC3eIe?ZvG4~il;%}d4$?3p-(yM67T@nTu!4b_CI07^lT+><`3!y*=Wl_ZxF4Z5 z1qlA{lbz?ek7mS+N5lHzJQdLf-KW%xN5X(C7v`7MYY5;L>V10tGkz#vJf0T6eubie z-(hdpvG-TSN#Jw?H}@5N-98;IBy0tI|B28#%{}nzJrIp;CHn~Nn68^TSrH&TK|Y&AlwK-Jl~*4 z=94$!&TjO`d8=POipxA(8S$PNf-7$gUL5ymHwLpQOvxt1>H;;#)3|wKcq7~jtVn;F zfnZPE_TZ!ZAhR;qXvhsy?TrYiXUw7LyoV54%!mW{jJDUJ1gBl@yhHTH_*2oQux!?J z+Gp=%rA4`IK{?^$XOlOl)+W&K#Bn`Nw!DJ`vD9?MPDi$8bs-&_czkYK>2`lGgLr!V z;a7t5ZqKY|dVR+$5VZ%cd(}Y+LSspZaUs6#7$Ag2dgBRnyc0I*m$F0y=o5#d+~{w; z!Ym)%J8HGRk7(wXlA$zv!}YF+ac(wk4)R8t6kMq5{UPIurt3yOlNi4}upY4aRNC5} zO{m;++2n5Uoi>AL=2ozvuoU)5ll-j^6HVeggxOuIAHZr~e9mlI`gi7;!ahdt&=YX$UDt#mNVWX@cQ`L6!b*nZGg~8((TdL4a-aQQ zyIw1QT??6HSq+-2_2u@X?b2&=r~{x;D9^mq8thSjfZ9F~{-FXvdJg@pkV*xS;TjT= zs-L;G>9H3ER?q-Cq?6WAWy2hqgqjZTM+Y3QLoC7f0(oKX!IzgigP%V1VNG*8o}QN~ z2eO8NwjH62O<87VSyCC>TE=|{lAOaUu*BC5oK*G4D|4D5udr*9`RPPUxBmh2t%^F^ zHCOY|r}L7$1-x$ROLm!H>lJ1MBaPGP^o#>^(!8gGCot+)AzMv5R)3X3GD0ZbkXcMk zzioc=N#*D-$fclmRMHP!YQ&of>0wMC)1#Yc@oa)C{M0M-maM-@qie}*w}M7p3Qr;5 zXkMn0We%E^qQ&BRBScN{$AO9X*1F9NqHQO*mofJGMB)LFb=RvlO&}HtY~}TQrm#>6 zTm*nCLW2o8^^|4Ztq9A*cirM8PK|&o@oxR98Vbk^O^k)ad9jk%_ZjSDYIr>%nvKiV zcO$l7fv9cVwq&-y7_Stpit}80Lra@u`r3gl+E7}VdBETh_*Ic|+-LodpY8K~C_eR+ z&{u-utiihY@7?#i+o1~BI=q-uE#brHLF)&*n)!NMA%gn1D71_yA9J{}H?)WW_=>IKCK*XL3_}gh5{sTg`1X;QjeN1=@71z1mc)q#47LRJyAjdJ7 zC*Do|AW8=`{D9E>&`Vq3^ZS?BY9lE<=}Y(hhC_;%&%E+r(YmIjfz1im$pB%UGJy?? zu0MYVbtSO2Ot>p{88`Kx!5EcEpDs9$>8wBNGpn`#%hCWJu-9-*1l*^I+C@0wFX8llRNc7Z_lDtLVLyWTJyg7?0*r&B$O|z z6O8b*4d}$I*V}Y_w*Q%W_}22c6=csj(N*ZmDIF-Cb+U_XKtW=^RMNJ`pj7rj@srxW zNJ$_T8aFKnpmtMv#{U5l6R&;PUO7?Vsai`Ca7b{}?_un?m@J=C2Nd(qki+>_l&FJW z1{~mrBTY}TN?-$2qIK$*Xolc_sV_$(nc!`KS53xNX7J@-REC<=@?<;^#)|m9SzQet z8?3bFNqzKuz2TiOdWhz=NV;r12`?jfd%R4=F1uqU4Cm;3^a~r$)s$xV8Zv6E z80`0gH5I@TxJb(rN8kHw8$}zj^3y0By98Gw>z5!w929a{rBMD(cDVF){DIP|m=7VB zz7^|yrfZo03rM3MYc_2R?3R{JX;&V#~v#e;0%~21a=sly(Rmy_k}{A(p(G zk$IV$bx@XgTbQ{epA~29mS%7^xad!-*iWPQPn*O~o8(UaL!bNNfJ{T9@z}O7>lnFT zBN70;!1ZfHNY{p0f;n&iNs0*G;&&bcVt6=YC@TkPQZ$?}{yjWFrfj2{<9@)%+qPr0 zl17jXh|i=~*p?)zI!(mu82HCOFEiS|cX47)ZuT&h>&yBr`Iif?bfx-eK2bEcj62!Q z)ec;=51yGCiR-mZxHr!Owq-X$1XftO;N}3c)K{_;oA&XD&|#d_nCIpH8*d66 z93bP#ah_~@E2bw0``#LWUl{hR5{AyNq#zeHnhT;AHRAuEqBStn zggHL;Ka^Pt^s}Dy4|wJ!{J{$*&HfagUkm2Hckui?E?;lATCrxh4pXV@eb$sI<;s`B zJ&vVv&Dv8gj_Xk@hLbOp!u9>Rs+1FhNvCk}g~&Xrl)oF%QyK*lE|J0& zEnm{I(X-Fr@ckylfC;vfVh)r4HZ82A_^KN<05KUE0f!SvD)!LJL>y&cO zjRY%mlxP;gin(5yqD88~Js=Rja%Qp(9Y9N}I zB7-3vhe|3ic7&<9d=X1Y$or~Gk?HyH7_DPZ3g3)$=6+aDoNVs}4q?>T>)&NTmsu$W z1F4dW7Gib74l!+qa2+#4Sa!CJtQ&u}yUoX>W8B&wk*C>|l5oR`K`GdMR!Lu^6(N?K zUqIV#L-{WD^qU#iPnEzcukr%y`ZZLt>o}jG`*TI{H6PKicHk;z+d)T} z2)g%Kr-bs)4!v>xTq>>`==;AZj^GxG%~e587yUKEwNZ$E8;*WBS|C60-Q2;sAc{ zt^$+V(bp|eA8T5UKdX|7igr#X)5;*1iD@I!`)n~7q^{vkt!Gm$pI8nrrW!Xn-iB~LI?Jou`?Dr#4JhnD zm3Po;sF8@5h+-!sK5y$XqHg`0x`Z6Me9dO~ON8tNrYvd9RqfhaP@>YK+mqo4HGvhF zyyo%<`Q$8E@Yp9-IImCo7@VUEdo?YdbNW)X^WM8Zj^RyBdKh=Zy|o{mo{~&N6s4fqi~?{%3J9N2l)I^KZ3}uL2&N5mIR_r@zMb+idj9#?+3Vr^xR+h17}@49V~Kof_9o5J*WSVg z>3WaK)78rzx#DH7ZZSN@>L&}ZpQx!b1Q6Zpa875ChTn7)4P#3;#LeT%$VOgrBhX4~ znK>1XlOQ}DuIl3$zj5akn4h+Ur93zl&cwS!hl^L+lj2R4L!bEICt0yxV2kGQ_RTZF zi8os_!~VrpR6HrPWT?yokPX@Ef$2O1dCK;~wm+Qp?w zagD?1ITb+)Jl@}(&vUfEuZMDj^m^87>ZE9DuiZ#rGG~Gqqkm#k2$Bi;#}TMyPjU&d zx@<+^T}N`LbT~T}Qa}=pVo3^%71J&nM>`Jw!cX9RYPShwN~GZ;-x~=XmHe~$Pn?Iu zr2%8p)ha=+1m}l~4Sg_H4b6OI&Y&k9Deeyn=@}#sN4qoky zd>hWw9luk}`n^=c-sgU#a?>`AuBK!g$k)|L0Obm_#WOX}4*OR*T`k z&@@Gn9&>R*8LoA3SU%Y;#-T7NRZ#SoaA#> zIR-dCEb#9EiqfbEla6_jbgoAaA*NudA$?*QQoE&j9m&= zvv86Da9_EwIi?v`7k%5sganVqU|NR?Mn`V}?2;z7?)7^-InuK}iPPcONxv=MKfJ?g zMoo|Qf84oHejX(0c;fN+Dv1f{ko1LI4~+xKUwi%I3g2!~h2^JvzG2W=t&)#;->4jm zIXm};GyDJ?y$M7m1%9w5z6c7s=m9cp!F4ZJZj$PUlA6h?ld!OG#$? zK(jW9_#ryl6n^m_y0dWh+xH0IT?m!qYStS`=oApQek2^zV)1z-u%?i-&8oQVHLT63{sD}`nK8i2bC|F!%EZ`FABIlUu$RHb1R#UC-JS; zus~*kK>36TDx1`e2vug=7Sw%ZtBz~tz03sUa#c3tLu?%|zE0Lq@<+iDbACr6fTIcN z#?#`j>)jNoA*K98KWt?ZNADKWlwfk6#PP;BAyks~*52llu*sqKu?ca_nZ@&!oV*Gn zI@uK`BLJ;7U56&3)qF7qK9%qF2sV;uugkk74@W-EWyIsgIhB}w@SewmcYE=rm0N(@ZtkNF<@u`o9NHaJC{;c1$Ui zNHYWL1{}Q!o8?~)a>RPyRqtA9>g8!)5*@b@j^JK?EsP)@zz{@rW=6NaoU}OnN6mh| zjBzQvkT4N-avAvEb*(vcqPe1dw|yZ!9cujfnh!1JZf)z+QB8+Y-%F3^Nj-QI!IQ5y zd1Q6%ty0&n*6=o)X@YZ2m*xch1_w7KvuUaplb1+fDa#B(C3)L~x1h;*wE3y+F_I{y z%|XSYL3u`wUE4WlT}S9tEs4EDWc%`y7>E8v=eeW~9s|baw(x;@(H*s2F(1P>W42s^ zl@01U^8pU1rZ}cI^TDCWZ~p8TXRA*vj`DT8z9ijsIz#kG9Rg{#;XQ36sJ9q2OqlQK zK%E+0tN-5p7$P`=;wGL>TOr)%g{)3xxYT*^k0(GwIO=#ov($`yyL7qj;?!0;XcK*I z+AQU}ry&T}X~J=p*a_XjFlR5+gfk{GQmQHt26DG4hhx>?1V_%I~arjx=^YWF?5ouEp ziHzBYA1f*cDM1JA|v}h0Ac69fH3c&OCT&{pZUG+C#2_w&UTnns$%7~UfS1W$RU!<*ludv z8+Siz*Y_NC-D5_#E5cu(WwC&=0c)$M9j18TwPSokYU+c7*>)XG=84p~1>C6>>a%mZq}aR}v1F5R;wW=UorQ^YwiX z-AYAowXB7<9l7rOV7?4Qo~#UiXr_E2;+yDy_%jcA+Gc#{p(PP=5i)%n^2V2n`R-|n zo~zBfy4r#rD_7yQUvbEM!Dv^|^3OPA7D_|=p>p-#8eoSV3TB&UVyvgN78`wWbNA)9 zbBas&KJ|QyZ%%22rz}jhsW@hEaye;bZtSvnd0sLeF21Va+zsW^)$VuMTn({al%8jD zYAm^2*{klOb=7(4cUgxUeCxUvZt32r)%2P|3Jj$F9uKRu9OYdtv)0;Sr$! z2-4FW*bV(e*F|9271?@L2{52(NW-oRlL>;o=_$dz*09b+FU!9;fE9SESegTJY6Bm< z9F*O-kr&TsIx*c|E=6&x)fqQAbz%5T(8Hou&FR@2d`3FW(cBOpm-@=>{z3S)o=!jE zq^M|4eKD4)4ANBvO+%;|;dxGgcRdv?Xx@eztca z-D>Z^lVc{yohC{g8e58E=n-wKqy-MtNFhlV?y=-nx0V zZo?C%JKe!2y3Qu6is3X&!)$(X8p)mfyQW?8IQ;}@KhD<2XPBiIVbDLM4Qv(f)dZuP zMZw;*2x6t3POhqPeDfSR;658bh5y)V)bxNHD@~-~+@i0yM~uz9UJfYBVfE;bm91^c z+X9_FVV1ZzWyOc_zx#oHPFObEo@if3jbL`OkOXxkUHsp&>UtQMDA&4*Ir+GJQfj!uk)XW?? z!62$=un!a4nNGpHUe6anGBPII&?EX#{ETF(OT2>=Qv+Y(9c7Op^hgZ~*nb-DU`>i( zPwxDMcciBLZ{Qv5f5khN>m?7L@4Sz3$34#9r))ZCs#WFOYP{nwpjfHE@gk!UA-qB! z1*fl)*vne1ILa|dA__Ch_s7_tJ|oJWhed6Y)CxP4Ei^R1 z?M^~Q1qq!o_z$b&lJBsa&hI-=`Nem*Z(7H^)w9*9@AkWcWxUZEMXTaOM^B|-r4H(L zo)Mj>>Rvw`8wt(Jj+RC)@+i0=2J4MLqn+<~Gk{}xS`I1U2N&3sL8!FZTd>_m(xEY?IR>xt`L+j&1o`9+ny*Ib`W-0=Y9)kz-3ki%J)fvyyH8fVu z2&phRBAa+t(%buAiGx{5<3B6Kg;043@3n_8dMVLv+yQLISC|Z_T{*OrmLNL zij|*=^1n66A7qe1YvJ1}qM~W5qMibl8-!Y2qb_ZZUr0wfW@Ii^?ibRbdcI96vvHnP zV_B!7Z{=2c$Lc@@G|Sfx0TNe{yjevFI_a*^eSoFifnGCQ>@N2U83x@8-W9`X8>N9{ zx6j$s(p98wmuhCt~Zfk@wE|ac!bAMTrNW78$FuQZA1Ab&pPXi zNUCRpMeim@LKSQMq)ae6=_*m8FfRV>(d3mhJpqS62=M9opSL{Zr20KNb%Z_|125fD zHIKiMR~ABe_?MASZjP>NoLqe1(y5JL5n=mlVrcdt1C&KzR0Q!(S^%?YSYXPFl_@rfG;`svE?jJK}2yZ+qB#pBe zd)S7SfRN#evmbCsLHl94-A@GL@GLzdzr0WJKv5j=OSIt}rYJ$nV}ofP8SycE^6!i| zdnjE)(S$)d3YGsSkPi2MigdV7yJ$}TQ>3F=@+Z=aZ zpxe&|qh|!kj;5ZlO@NxzV4Bkhw6}Y0KhUHmAUkQJQ2xSFX7)>GRDj4FSCdbJPikIG zD=tZ<=kc^UMH3Qrk2F;luW{ZpCLju?R?{Hwpb--$T>rYIkEbuktidIr~;y7oqY&^O)OScv$I4U#0l&^?)PaV&a6 zMvo_W2=W-lxcWG>U!Gb*xl2>27o7Zsb_5Q2IgcSe?66vp(oxFlNDH$ntmo-7*fU&( z2L4DkbR80oqm(9EeE6x=`T+Zg9i5SRh0YWCF+Rh z&63UXt45X7Swt8IU{(Qbo*Ehp9dS85pO?6r!^2{%gsq^VT474k#<`K4>QxnAKr2>EY@$ABxR>zGT|;J4p5h{Mq8@E2n2Z7i}$d&hkxAJa=a+vphHM z`NW3ei7hMlO_9+-ImEQeXtWr=9vWZS(rd@Ajql1AVKr(mkrnucLuv?pP;9d<5UB$Q zzA@O8C!6jNdb@Lq%vvt}OF!YVeQ0fvq@VCiK^zmEHJwb6eJZ!%5vT4^P?P)*600*- zhlC)khFU7%bpeCDy{896(6hspaK>PFv6q@pUR5`v>XFPR3aFy$f&lW{W!0b1zPfB+ zck>jwh+y%LrC_PFr%~k&?sjE}%qo77JE0>i{dDA)`;0QDg`j&{z>v$F!*f#4YNnPa z6eq-xYqzrX!!d*7TLVNpw>ik}!QNa?JryaVWXMR+K|<_e?6vULgLw&5>Z; z4mO~*hnD)*npAMS#Y5xa6wIr}U-}(z5U8E@SRc&T2#}J3o*$slmAiMHIhbCN?Kc{o zw7rT&w1M^zEB4j5KnlIKb!R-l2vi7L%8gaEi};T>5eJcxNA6zE3t?y4*sP`(#hyFS z03XC#u5H*1|JyQ-QC>=cNm<(2X}XO*TEZicXxMpx5nL_W$wM-!^ZBzMr=Q1 zRcBRHR7IVW=bxFs!Vmw70`m9wK?y>wC$7j~ATGlu?aIlj&#c1m`zNcZ#!pT*ITaN) z8C452J*(fYN($Dz;)WKMAg6Dd@w;p_^ij{vd=LgZZGfVTYsdZDQH08S7y8PpC0wh? zSA3^af1ja*0HiNApt@RZ2Hp?e-||ZGkU>cVN}dy4jt-HZdILj+jfm)jO5I@hHIBzc zi^d%-Q~5iW?RK?!FWX=BW1Z~n?QhoEHy^#Nt*kOW+;7gtbvhoe)6(dzJKjc}H@)80 z(b;vp+;4!+I!f%L4*1pp$2AXI=GMxC_!n_3RY~si0G0bYW##!b+hX=gv-9)-RiTe& z$lX2-ftwaAQ^V`(auY21%2IyL+3rj-d<7501|Vx&MG!w9GQhJ6;Xa-oGp397*8@F& z)K;=ar3>{t!~jgWwrZn}Hmj~VvBts2M|@3`lqq#%;PJRM|B_kxxP5}Es-DfmRL@CR zV>wE_PJZd?4;`J(=a2T5=H_O$yYWWVix+0J#^SdN-A&2!uJ@-ZA?k|vt(?Rbb8YBx zvt@NCBicKF$Yto``^P!`=DLS-%SY$){b*%p&f5p_+41x9^KaNIm9BR1`H#ttmACo( z*30`*RE~Gxylm0F<6S|m?1eXYDfiD_#40q&$M$NdLF{vvNr?=`#FCPFJ5ed!po731Am> zK0BeRA_MQ+&b5KUw(Q&fSPX8gXx2F{!Qy|aTH=@VJoumrboBOqAD!$$xG^y_ZsK_p zeutu-D~Ml9e|1n+E(e9(M|&@JlH4rDhZq{@s95;5;>BxO{(|{#$03mVZoNJdfx;2x zskX2<|MAqRs_ZzLZ^H8i$A64A_h9Y)ytsIAOndrtIoM&aeh;+^R>!9l?yQ<;jH2O-`4rGG36Tbav2{l!dh)v$~o7+V^oA+#y zWMxilJcC+aeEQ)5;LtYe~k6@jG%8^^|~`BWDzE-(@M zye=hp2kw&hJ3IyXTJPx-XEoG1C)pEBoI82goVu>LUYWu9)hnRh-K`6PeUb#+(+r-a zCApNf3+pTy>?A9N{RGJj+Du|%N$~95N#}<2XVH8_b&)d5J#tyGt7j~HhNadznVDgQSWq9c`waFu5E5_ zv#S+mjCYqSGELe3@T@M}zsr*XIdPgIvG3Xq?)%Anxd~vX{&6r>@e(M-_h%`58If$S z0H!k)FVrN##6b^Bgh%PdZMC$-9NdXpj*P=szi};uIKG!hp88!Jj|>Cnz=&$P9wiH> zwEN4K<1hrWmD}h@gaYG8liMQC4wf*^WJp=;x1v6i(2!u!hLr(xS5S;NtaFZ==y65@=zhF*3$;-#;da;JQ0RV*bq@mnWk+fT7#y{Q6jzl+-_nn}C4ZGMm+}*TWvHchD|BX>p-ZU z4*j=%bz5%h3pia^A&GKlt<`Y*;k4iY&(4K{l-}H^bsd{Ryz9DQ-JxnrQ|BDRH-h<~ zVp&Nx>8Cgni>ze7=CBBwC)z4IsI|o!^SBL`ZAh63^ZNo zkG_$%ocfeQ4CTEiF$CV#UesTZw(YnjH8DE+jJY0h4w(3JZl^&r#Co(|CdGLJ&@j9cw zwY}*yN3eNyvw^(E=ju0+@}Xy12}Ub)GRk(U&`wQYzNm{2!$~x$MrX%FhCrZsYi6FB z`I2HUSdTKrL6eI*G`~vTjvrftQM!SeflUKOaHeO+W1{(l6y35imWx&kD< zbmsT!_*I-Wn?r+Hd?$zNu?(MAY}n5wnTFK(H$f(40Mo0K*5&VF9+5+}dUE_%{oH{P z{^cQYREnfIdYhya!8w;voy0Leh`ty>G@>Bgn=*iuAFXkS$T#9dIP_M~J5Dr&MS-T5 z;>Sa{y12zlmp?|^o!s({*I|@_$KOpErQJ|*6kn?VXQ9hj?NE(@R-yxOs6$_`fNq^R zLnwl(?lz)x^x0mOEpAX&&2Ni7B31$kicL70GM>lTz*cT!c%ogU-hhWT#GuF zX9529L-02ny7Bby1i8UI+U)wYBkg#{wCr$7&=8H z?`59Q+8&@cn{hY}ze3T0#Bx%|o-{xnR)n`}CFe#|guE&%y6tVXc;;Wr+S!x`vTgP& zrP!>ENabIN?|pZup~oCbNoNcdFK1z|IUt;2g=KMLX1K0?JvUZNYuP4>t~WQ>+Z!1D z{Be4(aUA(Iq&FF^SyAY$PA|Oa8(;T0I{ttQh>AI|NnSU|p)y>z!j(491`$@ss@@T{ zhqqsXK6v@qNP>m9PTdKfn>11FM=`quEDo5_(8l-x&fblXZ>An??P`WUU99#E=3Y0< z+@%8@6P!(_RAP_115#3-x{>b0rA86Fdx=t29~55}pY41x6skVyrqaaPlle%qejF0QOp|*-_$EnxrzO5i8Q}5^akIC%!ln?9jc>(B8 zNz?iMFz*91-ihFU^zrz9{4rkq!EsvY05N3pHfY`PGTON5b=UU3+oB}>m9$wrJ%XB z|BEql_@vaTJ)?m&KkwCTwHQ~^S&^xcRkxAr6g~w79*V&lUO)6?qmFV1gGNP&n3t;k zK^wLoWTOHMzVxmGe@rd45=U0en~`7IrvF3>eQYS6O$Ht~*ks_e+AO*W0Z^`zFP1bK zeu8Ik$CZ^23OIz0W4D;cJW0e_2vL^{Eh>~}T;b_X1K!Kb{3o#3=tIyYD$WLz^0i3Dvm4stqblvMT&GXSYx+t*Bkwg53Y zp{oA`tL)BsV;fsM!kwyw3T|PNwQxmLw(5+urck%k;n*-%wvc&}TQFf$I9N%>&3E5o|eHJDI}%_`L9B_`WN65Ce0N zsoUBEOyF_cwy_5O}6CJiF4M^`Y;?A?P0^l9p<4fYI<)s+)oM@B;6TN_} z5Il4&&Sn6gAf)>V#PQyAw$+wOQV5DQQV3M1#KW`ikX?3~CHs4}(39sQB6{OvZL#*(5vd@K3a zCHsaGgJxcSJb@wa*hkG<$7ld;mFu4~1Q#~OVWoMXv4G{7iH&88GKWBvi zgImM`-f*~enh>=Yfj4HQ8`5Glq_*S~$3@hOaWWKF-KKWA=-WL7%sWNhjWWstvv%Q; zMXQ3W(>F5pa;k*l)B0d=AEr}+a$CPwp54(_1+r~nYB0Xx5{{Dskw$z@98t=X<;%7q z`W!$5a-i?*@^`TZ&ZOgLC0 znF#+V^o;GiW2Rwxj-Td-6BPa6!C`tnkWGzv|9wlI%a8e1=!Jmw24$L~T12`gi66`N9Sx+LGw{5oFk=GXz9WjX>^{`PxRW;XvR$PJAv14$%kD397{ODjL6K8}|@ z8^C<4lJ*Kwt7|0!s&(s6dt60>Kifs-;rgu4JvWU;!~DY%K+U52wwicvY8miz535bo zeQq9Q;mfAqjNd_NF#L!0^D#a;CS%?sX8@=s{m z((f;B7zH{sK zU?|=MUDZ<$p)qyvL=n-skU?glp8ScKKoR#g`2B%^XAwPHFEiZD7OI$Rs(X9;)t#1f zqY=RP=1luWv#}bQ**{yjIj4B9|41N??g72-dX)2f-l9DaEOwr%`ustWwz=L=v9f-~ zefp22>bqyQQM)&+Xc??h)YW>8SL*^dcdh8+>BJ?NBM>Rao2L4CR3-L&let}u=a7aO zfV&JN+3FNJK>eFgMz_y#v@fjcw^yr2Hkq7sN=Ozj$wy38~A{^k05 zE_Qq@n3vP)*YMjAz(#W)PPJk2p^L#aqYTD(#u|UYeo7eSc&`PL{mI60?zQJZS5rIF z+i+W#|LQ2-)7IdTayJ#(A*VY`rq|6gec1|^H6L=6x!&>?FHrG3DI&}d$3BZOK$igT66ggTU6p}N;UqyVi9h*b9&ljzF4oB zuDRv;W3!a75_5_3n2%+BO-u&`48S~ZKPL5u8A35<-u|9U>Ku-uz4$mGtMT!HO1adoI(-sG#MRq8dgg)ep^7#@FoHAeOY%A2S` zmOq$t;kZ@Pa!sw3lM@JS(oVyc#?96IHK}Fe&er_^mJOc|g*O2&3{k1P$+ulCy_^mC zN6SjVYJ)&BZy2=WiLa_C36uFr*$FC$?(56qY#X;6LDfT!EVwp-+drH};lK2{%6|hu z^tvR)4fWWEx|09OoUnfm9pv1zlY%vaEUebG0$1?$Z5@LFrX$0EbL0J-3ne)Z_X7zL zk<&F+(Bm1j>nedm%=)zka{$l6(g%je9$_qx#IPWBh{1D4&B78fI5nl{^<%JItUb5} zFTyPsmzY$Q`6z{rC1;vwYcfd`2{AB-DGF3yl4bvqOhsmOYbr#U-&{CX?Cd6Aq3_3n z?R*)L4oWRvdjZOaM_;KaK3t^BU9BjK+Z>(ff{H;~a^*Hn)2kN=a;Z!Uvt5yd@$9apKKOiNwpBR?yLQGJr2L7$!;Sj z`qHa5lX{fwO0q8y0!BH4$?Wu=5NjJ`Z^6N4bvxOb+LNlbCga%vyOV8;G`Q2%=6b+V z3V#bVUQ+5Tue&PKj((V`e@Ouu{hzrelVNmO8diYA>)#?2y9piKf=3I?Z~zlh_OOn+ zKp)Ki6nef88uu3hzTcS)W3VI(BK{5H{nD6OW;YB80o218Qj`FS{8`)8o;Qkd(Yg4? z>1O|6`NY@5p&+Dj2_O&AY4=qSH{acRS=J22<`0JA0AmKBn5b5zAdG28RI((@jYQ__ zfFwf%<`#Uzd-ny?S!PTf_Pj$&T?j`$Pvj#Fb|FLZ7=%>=s8Qf@=3stv>aqULsuh5{ zHc;fO&Uff`E>WUiz~BplQWm6&-LS3Cq^-9YS7$Cn3RUkFFD%R85iT{UGA6uMz>|G{Lm)FmZ7Rn|@rZ=od-pxPRnmAMw?xC={jr^&q(OxN^WzMdtbQ ze}>OWlG{pi zONPKIg*_5uuC)<*CYcrFK%)VwaXwb58}#tqp3(a(z7xp-)=V_#ckYE0%+(F1y2)EH zkTpciOa8>@IZfE=+fO3lQ>JkZbv`eA|9;9b-e(He)R;!aEF^fqz2ma3!pMQ`Mu>Pc z7GsM=S=gs^^8|^ALU#Su47eAeIr%K$!(@CZ-dUC}>qVXcwDC6-(b357{k}jbltRr|e#E9q!^JL!pt-L-%5_lR z_yd@}ULO%=X6!bA4z{g0HH9W{aW_5uxP-%k>{<}L5VJgfgBN9~vaa_}M$|DOb=Mm} z&!Uq>aj5GLdtBq8bG>#V6yoShrK$gINGx^spBPD8>HUUT=?w9@Y)75a0nu9)Ndk*N z`==a!vzB*GvmyXMGIKastAfWv9oj3)vVz;E2mX)54Yyq)#$ye;z3=7hJ-oEx#!F6}@+#amg{9F`rGf8F7>rCp7L+9D33ZDuY1yaxqs*3L5Z z=N{IoX8?p#6Q{O$FIWA~XW4wK*dO4b`6?t%QksEF|J||BDO=pWyUhaM%ga`@UErx6 zIf|OzCMWo7#FyNt{r?g+u|GDFOD40J=k!fb^qqFWY)#I*%t_J-?obUHVJ&Na1}dT0 zf!cL=T~T=2)$Q>DVF$fDaLli}SKsVNzjzs^Y`xe;hvVr&A^Kj34>DCNaU~Z16Isw_ z{oK$D35$BZMH4*};r*MJv@k^1j2+=ltuHDO!w}P<{-b2IBBaWjN*l}YDbx-O5dF8S zZOgB4C{TL-bYVeyz={^W;ZiC44j&&$a#1RtWFi$d5i zGia$`Xk1mx3M-lRwwgcu-nfJ6bQjmSi~2V@Y=5SvsBJk@Y5c-{IY?tBhrdRJiL-h5 z+s}Wk-jz%y*D({A_YGd*2qy$o!pA9QXZBDCO8N{j$#%B=G6XGl_LHXitw=aglqW=n%2X`^$R%JMY#mICua2OR$8ti!%nz$5yp#RC&AD!bQRTd(TcI@S-HN1*K z!@q7aJKOzlI-+&D<+3TQ0RusUgNPJZ03#PGitV3l{%`c?hLLmkJTW{RjwZu7J*ZN$ zg5%EwfcG0b+<;E`EDFEkju2s6)wza%LSg+~l+g9Nx-(JMFk=o}Yhib{LgtZDkW167 z{$@Q|44DZK3n|PO161`^igQ^OQ!`RykzeDJSO1-){lF&K5oo!_t()gHRZgmF+f25e zgWvc?;TU_u#5-h=nE#GAx`V6lg*nGa@sSh}O-ldXBq!ZG=eQa88mOk@os~vbm>kEQ zHcPz{v~iw52MY+qwc&U)*b|eOsIP~FFw9~vsu+eE_RQfEEj>yZ6qS=*2`79(xv~W%q!$+i?^&5Vpr1 zmB#){Y}uf(D*iza;E*w9fpbU1|afuKA^xnzo?lyLWjrz6cctxO<(|w z3GGw&ML_(fA^7Vm@IojO9}g?G>P$64zp|8AVKZGFv@A6UbOlQmQfHVjXDs)vZ<-X% zqL>rU#kRk0`TB2A-*-eRVUJ-lOL3(4OThXD2=9xRb;e2$eB&DZqI4iuV`tvV%aBVt zR-U`)5cHzqd^E0433S9P<-US8#q{XHGcUX-SZVZ@-rv=@AWlf zn6@nDyKDVt##33=PiETb{+jc-Nd5_CeIGki9Ni{sG+;>F^B;1&|AwZeuOM$?=rU_59Wj z(|pR%^EN<8!=i-|On~<$lfbRrc7!TsC2_uRZl(Ldb*}t7B7%QV<62akuJ5OIwQuJ$O*uyDMsxRd-BRb4i z6eupAen1qF0G=-97dE`5q7LdTS1#k>SU2sGULb5njEAIF>o9|-#r;^ZYCdx8c5QV{ zG;`mgV6HIDt+VbIwOz#2ZPc}xCQ{dRGzM%uFvYH!5U)91pAPg2gA2!iSZsP|g4L`J zRycmQ9`(ZPfA+2ac9Q|ueo=Q6SfX)l%9iHQO0zQzrs-G`%UccwQ$h+#ldQ=w76yq? zw8B#-Vs{lNREVd(IghfG;4DSWUH>9CBq=6cV8LVt3;A8;U} zp8^AOO=zr`jRiXY4?1UxugW#neR~1VZ4z&Wt0_=37f=D)18=nNya*`1>EGY3XM+0q zVHR8UeruL(Ui!Ps#t!oM?~nui z$R+<8q0-l-0wh8UT6Ba0dr$(^NbKH8S~#H78zc`cif}Y;D2HgCtE>dBj%2gQ0@(WVdGb1vTzfDt1Ee{NBMBv?bC4Z7$DH#-+0s4&C^| z)E75BUlu#7daGvUzON!Jq*OQoe2tW-j3a49Bldc*o?VYL{x}*FnOTKkjihUPJ}*C( z60R>eEZog}44Rnl%|c=lYvG>TU4 z_0j5YnK53U{ZI`H#@moqM;AKi@1x?;SvwhNkk^sn^B#iISodlM8|?IWj?bLE6F3m- zyl0N*g@S-?&|22H$D4@YaCa& zlCo$@c^d0{0zblcw*MRN^Y*f?)A4+sM&I$ezdxF0{c*kCsN?<6Kd!3d{c<;sK0n@X z{LzoDyvKZWBd8`eV_rzPSIwVQzYF`l z_K#kE7C7KbVPi(^R_xye)_woF!)gJg} zfN)XVdlND@IgxFA0MPN7`|;DYw{Y_Qo<+g>@V5@^5n1{nIF#crm$Lej!ZTKk>e|gJ zA;*?lX&8vHF35BLMpg=6Ba> zetR3CM2=`n8W<-#SG0pJSL?IjbWN_vCF%Y{K7@uZ2 zdAD9D$Hhcb8ePYg$_%ns<6_&giA>~&nS{z&PF^e@caIz5@s5GFw_&`1#vH;lfieqYLH>NoagWFY z$HSWVmRx6j;G>M`H1b)#F|NhIT3O;?iFm8|ieWy=11YD;5*$=*jzDX;&U4Odwmas= zK*+BAI4`|287#`8@#XbthGHlCvwWqktc6`ANKcn8Z3EVC)r{25mD-$D{qltK5494C zQ~D#QL8hAw)EK^RhtPMynWz-F(KSThF^rOmk zVS=ZJE z_si6d8Ki8|B(OX7NmvLynCWzssp?Tq-FG}#nHY~uk%6yXH7{l-B0w-;+LMH?pADkj z5qkW>uH%8R3#wNBXIID<^E21*Yu>Mq>EWgM+C0BN`}F~ZydB4=G>vpRV#;Wl^)x|E zAAT1#VwxdjrXyc%^t9n1ODb>C1Jbn$jFkrv4hN1?@~-4pdq_kVT07R2zFjYmeXkUx z8;a;5;JH&04v*3Z+%bLuHD?3h_ymnUL7<<UNp{;#9l~a8co~?d`f`hK$M{ao20}UXCYvb8Gbfblzq=slvd9tz9Ze&~V^E=$%Wu>POl$^_U zW@scG5LMjz2$djE@u^=usTxRB0$J>p)KLkj^CS-7ShdC~dMdjW2~%AE5Qh8Mq7pG@ z#s48HjX=zN8b@+Pk^e)?{0)f})PBm2O2TN1h+5K!z(_fwa<&>LSrHbmP=t^HSbSlX zjWVX+>8CL1Pg_@#=}#`xVd?5N$s_5gxEb-07_j?C594ZwmmUit14w7PIkudPYG&rJ!Bft9H$ zKp69-NLH3#XKi5=r1N~XlIqE&xg2vl9#_cqQglCuAf#k4xOx<)dNMhHF(QT9B5gDa zhjZMf!j#?j)#+{+HMu`7c6o2V=~f@tp+1i$Di@bC!O1b6;M60PVJQPJ%4+DtRc)SZZNxdB^6K|ZRO++CKXW$h$R(| zY{Edi<556x1|QnfAu;C@@lZtZFe%u60l0^@ux!;lv{C5y$5X}$#4CH3N-fDVeK{Jl z)X5q%yqBjl170QbAW@scpqChDR<0R3#n9FQ%Uv4ck~m*^)ETT#F-No$k@#-L#+z9v zkTq{q@}+;#GOp(&-sB|V-zaq<8)gZ^)3i7b&w_=uP$)u;qS5M*(wr2k(WXyp#hR(z ze!_UY*Ism<)yd^#Xb*9@REdsuSL%C35hA?5iy}!ifqoB{DQQHLscE#%KoEmrGHgt# z%csOMDIYrP05N2H1WbCb@JwY|PUE^K<@lQ^#`$=uZ?iq!`gqI5VI#_-`{fSJ>&Vuw zEX~A6OzNi1Edj&e>W@Inw^v3?$e&f3(jH>;FsLS9ZJfYRw(HAcS-R^HBRBWor zCF7_CcJ_C8IR5f~(y2YjG=GU4Q1voHsxEVaU){i)2`P(=W9YYlIXGfQpM|ka}-dEs*e7oYjAT2)Dq?~msW|ZxFmFK3Y$?5qKGJ=0f2`TF=!!G zdg8aC{S0jxnaQz1EuQulF4HaJatz!ME25eYN8r}3#^S$DADKUd{;gCs(KS}_TgxZ1 z+(Zi`ve-fkB)r1r^KX%ZmS0$z%U_=d05rVV2LKve5ug>-d`dS_9>EKarAo-%>F)xu z$J7>1b4_}gh-)H9dIsiTA#w(0@~R>`O4S6j3gO?Uyg~;es~CHjLX zfI^z}9EMhc)=6Gh6t8?L65n1n|GY3e-yY3a<#ZxgRO!5e$%#3~&pEIVm@c`Yd_Omh z+I}@95hlg+?We#`<&M&(4uIOV+T=D@L((yGleE9W9{XiJ-1f(`5jm^1moop^1K`B_ zI{$scqM3_+54m8we$LstP9uCgjdrdTKj18TBAFa=Yf+OyG@U&1D_y^aQ`XvXx?Ud! zqRtCUY(pJmo2qs8QJ#ESCYvPx`;+y9ymK+i%~xim zjWC`FYR_Rnum&#G*vHxQepp-F=%p*omD`x~v-}?79T;|Q8b zBvTXDWg5F{_1j52KA7u3>BiEvr{{G>6^;DJY8SCOM!t#2SWvIeey_+QZ4`_meWceL zsvU@FHpYuWMYQZvpMP(_H#n%XJ8Fy?i>!0lerwg0vRI;sRRMqi0$W%nmpe0h@<17oYPv^}p%t$mTV(YDgd zhqwFZ^$@Dh4feB$D@Y82RRpBNI17iYMx;uH)T>6kq^E5?vYDGRzD)7({?^_5-Tv?* z8)+LTD(zsR@(RjdnDhEgd|2i8CU$QE^AH z>cp~J18U9Q@{96`CS0MQox(UVr6DIe%^mJ|7kju|OX+vp9gHbGH7#887R5oZkg#_} z{qzM+rSnA}e*6zvt?fQ~%i{^IcKmCDHvg5bycHa+FeCBds|PCxQD5+v+!$XNL)&RD zaf0i~1uk%pnQt*J9~+qOm9f9MSUoMo9`&AuO}n_VU0yp5ur&FL^^m+h7Wsrz$)hGFW>$bS-T(yUU%A)W@yw8?68H+zMakxf8^ zD7 z&*#s^e+z4_ca4P6$3$w@o`EZN6h4V>W&W(#Ga&0QOKBI&(M0Lwi15g@Q#%4)2iW&) zsq;voxz1T=$#eYPFRpl9csR!8pvA7eX4=-itlOGVBu2mR#XI;e7@nb$;m2|s#J-?4 z>x>ILt%qEn)PoxBL%zbZ+3=(9Wuh&4A5Boug)^qtRbr_*0`UvQnjnZ5@^#3(GKQ?U zjIVg^49drG*~cp_FB2qi6+7V-$#?IfFssT{oPta)u{mzKau$P!5w8%GdL3Lun_^!l zMkThLtDy#HUrg2R!oOl*e;=yhjwa~qm_q96d~Arfo6`5E&a4XFE(?P-v=mK4=pid? zh`%mR%%M9Ngw(JM3@0&{yUEbkkEHXJw>1Ui%azH_JYHOqR3MK%Otl!uxdJ0T^>X3Iv8SfzsFy9+c&+6 zROJ_%%sp*hWY+72M&&_KAQH#91GibVsedOsrR`uk`g2(jl@9-z$tpo{%@54n z+vgJ%xJjwGIXi$#_^jNHw1Hgo(lKFlmn^*SM!VY)R4~_`TN;V$GGvNWIiiwAp>BJ3dBSzy#p?GemnrQP_j0nHd-bA0;aom`cR6!1k}?Fg z>IQ48|6_fP6d+trIgw7DVB8qL; z5SCQ0q2#vbNG0^*f=BUWTbU;7^cB557jU)CK7^!8bn4EQMgyt=lrbxlYlaFG$Bpqd z&jyN5F5xI$&;~eGdtAg8uUT|GP17~Oz?y*tu^HKYsbe%X=(rr{8|h7AFh6%J^s`M< z(1kdcO_RX>9mYMUL0PnZab-$NY;z8xLDzo<7wsz+l8FUP&wc29`LdbiRn)7kh`#6- zWe(ZKf8&hZ)*P18(BjISXc`?vM&Tox^;AMis;q52qdt)j9lU~^6 z3X>kqFYJ5Myvbr9NcGPt9QdXv9G@pdM}i%oV=zHX@Kf#QC1vsmxjjvZ)AO^;jLKmj z0e=v;r{CKByMN&fnU{pmJ~K+sLN+rx`FRu;F6Gvao)s2`+5P=XV2VtHf6rJ3D-3hE zkB2ZJ6N(Yr-KSR}88a}2H|=*{SZq#eQ$3NKkj{=Dp`oYC5t4{^gS<1D`~g?}W%+^r z`yIOmXH#bV)gqhe?>=5ImlB$S7hvS!|jNpqK^m4CRtZvSqkZ#fU zlj33NKyuw}3x6KY# zH{4+j4WI|5mi^HM=4>)%t-1rimR*H+>GbYwMdcZUf{qtGr4(hSx3lURK@_nDvBAj} z9E-B<;H>wj$wh$KEkG-V+4?@QlX1%D_)mp%=;$()aqMJvQacnsP6U1e(zP%Qc0e*a zWK$Z_$vnREM>j3YraQ12{VXEUUg69xjwnfSvz>KEMSQ7i(_-8(M-4*dvDkG~RVWMv zHx~ezx~Dws?tsR?<(mJ|AsW1+cjo&gCp_Zix_r8xzK}@=0^`ll&GuD{u$xZ}>gxwb zg05_d$i^4(dI|{Qd7}5N!2*pKiibHqB?T+#?%OwcIZ8V7Km9R?rUdWIx(3lih?O1i zY6}OzUPOxUVQM=aNlVdgvXk1w!6JgEyR$@WlM!aZL5{9Fy`bexbt#7JKKml}m5u=y63eq6!Df!70M38ueZ|-8(4n1UeIAjS6dr6WsoN(S9Jbs33 zgX+UxQ1Kg7+bSGs5vuhH%5_qCC)F%9%^Ey{`-^R>{=t zrrfh!ihQn(S}thBayB($U=|&$jsgwvT+7yx|NDt}h%o$*(VWXu%mYt}LQUGceL}lo zRs)_#UOP{oxXGDYTemH*ocm}I!vtwUKMVXJQ7XJ*m(WDd$4Smd*l2;hJ!ZTK&cjW2 zh2(U9&nsQ1Q@xHQ!oZouKi~6e(FIlWYWdk_mM5`}P6sFBC-@kpXO`pXV zP!hL8AwNnW_n$37$y}^oz9cTbP=Q;?ob5u9qFA0n{-^h9sYr1U>_>qlu5$UjhQ)?O z_J-#NAqHH~)hndp4dj@ddj};GM#y`ABOu|zBPyPtoO}uW{F}IxoeL1@CchUa=PWPc zz)m)*&xgLGM20h9H?7AxS8D3(s4DV?Y-yEkz17goRqe(r$O1H~bTS6+Cdjq<;%>56 zDN3x7PfmQhs#M-{vh2KjLRe?%sdcREXsy@jN(=(L97xkEvJrwG? z?xDgBBj_U#hOw@j5PC14`>voh_ zkc}}Ta`^q%dwnjmw?sy#;03fbc*p#MKpMGTzCj}$zUq&$c?< zyYk<5zGK}n0?Z*=gvdN}ntkWDH}%J%lFclL^Q+VkEAh$8!67Y{sE3!+O-H3>`V>huf0 zh9Qt3!E1B;!w1tSb;)thoZ$=ptw5}3vR`wxVsg1mte)E zSaB)t?(T9z>AUwn=kC4FJ!jl8?w9o;`SN5WS()pZ^Z$#ayk}{_W1)hAoDmN@57&#A zf<|6$d&hB)E>{I>@C1hc=e*!FN*iJK6F7Pr|03cXO*h1dH#2%deSs~ z7R>gmU9yzch#c8$hyJHxIR^XsG`3L}js!>R8ammPPzKB>Q&BD~z@>b)&%uD(UFBAg zXMB8*oA}d#R&b%4;Fryc4t`ZaEf4$^^0@h1qBq7bHRgFa0NXvDR0@9n6_L9&i92n0 znM1yl!NXrH)i%xAQfmdLZCqu$-Hj>8m7?o7mIwooOaX3Vh$C?ZS8@7%b4#aBWyyds z(~Eo1Vhlw(8v_;ZF;|T5+TV&2{~HN2h4mE-?TXD)GkfUPFU1?-@3m4M$1O0h>@Z4v zV*zt8)-sLH2)``c&R2fCBrkKTLN00ZO7ut%Ng#S=E;Sv`&;TqyKBV}W*rlK~pK4V( z-meCz!q|VcZGp81c-=5i*kta(?j@Bom`WD4)xpuNe_a&Ob2`d+5#D3FjmVS`*%J+U zl9C{xMqE~!r-X7)ifuuGf|%-L1Q1x-F!A<90ny&ng!*}w+F_&W+^sil(~-oEOBXtg z$u~w=JUN4(J9xkzhm{>rm9-^*5KW0Wll%+Qs+J>gc{{sW3EPVYQJh$sqz|qSBPWNh z_Zj0LRltXs=#=TqyHUY0>WW<$x?4JVhX+%_#-lu@Rd<5=BrZ}SQTboib(YuGCkhcEuNaYMH;tnZK6=ur(5fxJ8vV;gc)lXyq3jhiQ}sp6dc z%^1SQn%`cp@UGd`E(O3GUwU4EG6!tndAC^PB-v4g59Sasv|ODkBh#t7%mwJ^c@ z08QvDJgPd?!bEru)kI~};^aSq#Yt!mh5^F6YSXDHdP&&WMUDZqGy{6}#tzIudhg-b z4@2jRj_t(mrADnyQ6DaS;m7I9FF$%rSgpi*$bVysWbZ%vtI_|HH&7u{?@A3Qj$E@Xd@XD$tIJ*QsYbXC-MeR9cmcIV&oD-0DAd_|Ydsdx`are>Ld6 zUCOQfRparVKE5^btypeawfgwsMKkUvY7p$qYYSbiKw+g8RQ&Z*H0&U?su#QyJf5DP zNY5LEZ!(8vksSsM_O;(!a`W86$zF7-&%U90W%1*sAn%?S$uflEnafyF5`g3LeMp96!gK*&W)>gpp z8`sG5xqq;4(c_o9X-`m6;kApKrK1{S)S^n*jN_C#q`jo<>^&^|2xaoS(_gf}Q)t}u zg=Nx9Ms7#r*ZJ~n1BV(km<@=Rvbyio%y~01GlKVe3qGGs%1*9Ar#J4k4s<6rQNKmh zEv|AM^uFm-wyDLd%x8Qkza@%ySxS9BG*w^M@dev)F2Pn}e2qP>$A9VSw7{3n(ENg3 z+B&q;5!*|3XaN(_>E}tta!>xhq$rZKU%w)UGh~?6JL`TYtM`GKk#cVypIy_eu30#a zxD4!JInD9d?7x$#vuILMN5`reUv3D~`wBZt`MHIPL{h|yyyqGtB)u9L6Q>C4%f82W z3NTH*p?eef*zgbQ+{Gi<#?L7y8e3$g_f=hw?SLodDEE^$SHDGa-mt8uBfe_U%x%i)xu?d0VaMlUNUJEyl5iq>^v!7!S{S@SxJSz1GZvzc!=m^?7 z`y?*Q$#LQ?67=8x|8Mjo_Wx=07epyZ(a1yaAAHJ2Bs3bg$$|3@mpA1a&aY^&?09V& zwPf`J(+b~foTby}JjxSzJ>m{rhSA67ags#!um24_k-^r+q+)Hv#T`t7^kvQ;Onu>; zS2N2f1GdPJc=iLiMW7FrF5G)}6dlEp%YNgl%w^>{h2s(IPj^Y{Au9^a=rA67@ze6? zlQE9dzE5*=iX7o>^>sdedeV@R?u&0uGWXHI=TeI?9>pJ+fOAxpxP&c5$*jJt#az5q zE2Mo~|70$*Y`f*UQ;-H$5msuB(?5eJtf`d-ajjmtcqK9L1s_2bP4rr&x1elk;q!!S$In*}?Vs5*Ve41}PaLjYW+scVF5|(3O9c14ZI;!2FbPi5s77rHmwLfH6&& zJ14RYI87WRLsv}unrjoGr@BU@qyh2)&J^q+ym; zOOMAtgRWe;wFQDx6n?2d?rWs`>K^>u|X=lX!QGk7w1N{W-Uw|IEK zmuW1gYh(1hqE)@8fm_U^=xEl5%8?#Fosf;W{{(6Ze~t;lVw7E45Vouv+L6kjC|mxt zgzu9&3MCx>WDgz5|I<5IPI|Q~-1_yIAz;jqJnWMtcps9@XeLsIuVxd~Kg#W5GdQe0 zH((5o4V%-VFa!}hYe4`$?eNW_EV=+y}Rl$7#sEf8w9Ho~-@Sa+95F zXt{0PELvF)N}6)zO`R1RDJdx}eKgDLCQTY}EDr>n+T6f5g{~B*sp#BhldnKrJE!;T z_%Q3F+Vs&2L`q!-?B9ImtsFvlq`d0pJ)FTiie=kAW-XT_BsJIlg{7LVqX(SO_h$>F zecq0xIfX|fgE5E(X4AbOWyE1y>{&&5X(4M|wHCM9jvHIphWhA3v06gJ*bl2vsfKI* zhl^e#C+vP%IkW#X5Sba&Hg@G8d~Vb=QVE!05Z+GDFJK<+I;pHrNN-PAm}(ZcNXetO z{FJ(N0CaMMoW4h`-6R4_YEq`l?Wibh9*;fk->Aixtf5XKIV9t!M|Bs0%5<(y&hpL& zpy0q~4N}N|7!Tb1N5+GO={Mt1yKJLMk1x?|*|l436VimNiLIM1r=TBsLa2Stl}rSO zIE?igG+DqrLC;!*fhFtCDw;&4Tq%|VYAwoc(z|2ZW89 zmCDYYt6A`qU^Yv_P#AGg@-xH1gN@NPtmx8cHiu3WrI2~5I6hv^9op~KCuJ=_AlZOH zCO~4f4Gqz%tNm+cRX~tmG1pdHCkgpF(e6!AWed4x2|{TvhVi^yFd49UnZ@5;{jJsZ zAX#wUGbH&@6QHYOmJhw=FYV%H5Q3UJu;g7{@U1dwX0p@1$ln`$J#FV|lkO~C}t zq+_IGRsQvi-FZUvOTDHJCO}Acj56i$qS#089x-y({tXV9?B94t+E~_w!YCuGL%Hqr zR%t!F=@n&SuYRoQ%e=R>38l1ioS;NBzC#e9RFJKPxDm*ke|G5gCMqxTPmmN1GbU+fKNrTE}3`$y3HHi zk5d=2tJcFXQIn(CUn1YiGTQ{`0pHY7C{fXrW1td)KSq7c;7$z)+#(LTohMt=te z@s<^1XIkCAUXBX`Q~_>(rR20^Ghig51p+XCgB{&TEEEzgA3`4`513VBzCB??U$~nW zpwI^FNbb^9EkhVL{$}F${Fm`P^tWS~Y%ad)tf{sAxg_+B7v%#`sq$`^aeNN3hz7(; ztYs6M;LXkwEC&Lk=NVSX?dRP~E_nJ_WUirR&z~--Z;J82i~&4cY?+4PiV^lF-r1L# z975RfZ^8W(wcuDjx@DAaf{|4^}kosTZ9d5e+4DYyF-a<`ztp>;*(W`?W)@3QSjSNA}-(jv#`yy(ZDc9z3HHb0U6;kiL7*;_|>Vv^0)A z){#DC*+tmcQ-5m?JEsQoaw>Uip8U5+K<>U{r2Hs#xZ`^T-#c;WpAM$55Zv`_eiU_Q zx`rfVSgz4WgiB>4YkhCWB&6G`r|Zd?)ke$G&1|lc^nABnumnb<2~=--Vv}+tPf*Y3 zYN20pLfgjXBWQQ^z+l)juk>9o(wq*pfl zI?bhI+;Uw*zc)IKklW4b7;>IhNK=H^1e*;z=rkiC`-SQ4cU&@v)bZ(w>|lW;93h0q zZ_5Lca6Euo-5);Ev4sve2rve*qAMC@(tfNj$)FwlliV)hF{KgURBW%>@^Zu;#yiS; zdOX_++bL9Mwp^OsK!l!7=6D@R{a$`-XcqdyG*!5K*}Yl0U4Twa{}Tti4Eh1RrhPl=UK-B_HHG zO+##oAJEc{=^HX=j$2+3W}}vgadne|!@o?J(CF%n_9#K;qm_ep)EFH^JF2byWzb5* z1z9ZzeRMsM+&H3j;d56OH4Z+0dOkduwsoO7gXR9NE%RAMH@m(gn6(V|Vv6AgO0=)3 zu1*KeF+yoTPo&=M8PaIpK#9o(f=m-y*TJB+8hmaIeD$+mrRG~(r!c3}8NF|D1M1vnMNl&O<*Perxt+W|nrorz$Nh zct^y6kBn&iIHbBgH+#k6`=NNz| z8MJY8p=Lpc;$;`X!s>yaCo+5#%poU);Z&f6YSDVh?Q8WM-Mkfk)6DaBs;*w%gGi6X zGbC2JRjOJ2#QYbZ{7pok8u_>* zHSFm&A%CG9eq+fE;!%HT9gq|++PkCskDV2&nRLwcpHP{dDUkLF7MpP3l*2xqI1|qARhlbgkzW#wy9ZOYnH zByt&6h8_?*TSdMh^pJrB8mMBsd4I%ex0jgFe+N24QynWYNUKg77tCDNk& zD@E_H3VLve(Sk=vlJkV2xyiS&?uPJyAjFAg!f3$(dn@wR7>e$?`KT<=$W^-wo&^B?UNY8bDT1fnIw*ljV0>LCZ&WdIBvy_~ zRw8$$+V@5_F(i-bDANWWJ$>wKI06-r7^USTJn6lH>fo|{r}8daw#iRh4slT1hm6=E z9|f4P^G50|a|6B6>w~v_M25Efy}K7hqd7)QP4QyGGc8DgpzEIlU<;q#fo-DdF0|Ob zO8ziO8`km8j+!|x2Senb>Cey+Tlw@+fu27Qi1Gwbi&i67pi)=vLv7u}keL*|u6)5Y z4jtuIlqg^#ng{OhBLpDcDKp_igPrpPP%_?Sv_^`_VVHNk2819)$G`qvb_R$oPlce# zt*?f`?ZDZ_bt6P!;W|<&~)I0|eRu<3{Y5;78Zczxx_ktd}gA4&oQ@H~+amRv%dqfxF zA9{S@S{Xw8To zTxr0FAYs+Dol?euWa)39@QEpo$*j5ef|Ms9ERF3LA4jan@wh%f5McPHu#8p-Az)m- z;wJCaS6L4!1D!9uSw`XvBi1??@WPgh$?8LXPuNH+`@IL_E0Iq3(?SUv`McQxsRoF3 z;64i)uN|aPDe+FfgEpNP@4_4)qYj2R%z@B-=+qx-$lXaSwfagtbx`s#dzU&QYC{`tjKiq} zCZjKTHR_1m;#tFCM#VgiikN;W##P+@?Ql=#z)G1Ij|ukHp10i#9s73{QvlvNWz4Q5 zW8vbCqd!!gbpt@@(76vbdo#sE_;W|`)5CZxik={$hQQ5W$ML7waz=xRn@Z)Wuc`JK zH}bBfO~b@jyT>4*#2mRF9HwOP``y@Tr1F`kEB2i`m zqcN`sF>izJ7b;KeK|d#a!^^IfSE~{Tw*ySA7i%PVye()X&le&>4RrHu={`PXopWH% z=z0ZZd|&-z!di#KAYqg{?R#myD7L8jnLljno@jRc+>91yWom4?E$%xk=9qj#)qeCzP$i_)(m#hb4a$ zc_cZWYz~+CtVgTkH`)RD${JIaF9(W?NPdJ5SIQ$MZW#YztD$32Q!ap`kohoMFid69 zNxQpE0qUZC+#TA)xIVpc6iH`y_xBe8#19YE#RiB9I=MMRZXoU`qyj%12~7Bht#JBN zBWe-8&KBhNmGz2-iZDoabE@loE_VR)Hvn28NHGk830Gf zsRkf<<>#7_j?A@-WrM^*PN)0fsY+gpk5V)(-$E(-6E2J_)t<&<~6b0vW7<4t$sKs*BkKkCQh~

JGBPnx`kRwUsd?OEG zg9HA0+C98*zMWrB^bJLkN^?vO>g3PjyYX?u2X^gmK&L$`4Y=fv7Gaw;K6wF+_QXJR zczE;E)H0I|o*3f&XvHW5Fi|M7|JEn#wfSfuT&K}|h=R#nR^Gd*wCuQeLJUe^&C^Fd zsLv`T8ta=y>&97KskQv-3ZJ>pU=N=R9FHwC2Ue&)h>Qa$31#uE^8Z*R z>IF85<8Zam)!W;1RRTDvmfMZSCi$2H?>${ULm{p9C6Yp zcNFr_7ujePyrncQ3N>klSw-csQ-)nx^JSt^y{Jd?pw?M}B_uY``;MUVjqI`IDaegX zMv?#&#H&GYrPDYudoP~P#T(^y1ag(I!4kd!QcgC`Z+Bc}50(5I>pQ?9{{~3by%16Q zmxQd15`MGrqs|dt?(wK|K#ul*13Mt4pG-s|&Zjvy*8aE4Gm%y1Bh_Iuid{%2FpRzx z+R49kA15$ULj+{=B1GBOSMC0AEI)V12~wF1T_FXiroS*R@kragSKIzwP)D;OUA=K=<5P6p1YNPICM`zz$| z_vh^cj@Xt;Uey0tl34$4cFg6cW`0;~z`2tL>rNcS<8Tcj4#eAsev= zHy2)*Z#ehBZl~I_;F^K?Ct&4#*kprX4Q+N$D!`f41$gPk&H@14J zzPcKPCO-4tDSplZv8-qSFOqmwFnd3p28)Is@2dmhT`rsIP(>*8E$(q`oCRBT;UURv z4>`5W1Jc0A-l?XYCJt^W(d07SKAWci3&`yT!BM#-Lf;B&fzJYU|BxYJ|k(NiP~%G8$;7 z8?WfyOTR4IUcpiAbxh&opEAe(ByP8c!Y2OZR6^IHZ<6GJ@9su-rT3}=sZjOjxLI1!zMU|U;v1Q42QS@>ooAPS5>=Bw)J-PnB>C8eSj=)3Ik*@d!en|+9unsdKmD9 zHky7Ur3ycbL2Ps75Yus4B3i=>PPft08tg^sY9PK7{ ztl4JdZOJDdg>KeHNx6AR&-*^)46v377t1WiCCEP7l84vZ!;oeBsl}TRAu0@HE3$? zox_Zj)vi><0V;xZtu6Qa6|zO{)3XKH7*Z)FauxSEiSNyEd~nWi<+ZGh;xU}Me>G64 zE3%$B9m!H8$syIzILlJ(k+;a2qR<1*NG4JE4CK43cJ+`FVr%rU5@Nfn8koGL`ZRy} zOG)ahI`bXwC&WgWk-KH0C&Ij;bn5NRD&8P(piUq0ExP{2W{2Bm?4;AOfV`+R&su=p zD2hK~<%;$e7qg%%^mAKXZTW7k_*@sPFCoLulwgF}0yLRi}3^QGZS*akIu zw3ljh_z`U{xm*t%6e>hTV(Ze4-vb)!&nvCQho%)-rzdw2C8NB(5QsAxp8bAtn7xEL zMH-dk&+Qxh!09=h$lfxRljFzt+q5VPOR7EK!(DQ?YFxmAtFh$K;*uY_2Ev`D<9=Ib zx=`Ps8NZfy`bmwD#bhO0^v8i|_>X&@{F9_n=Tx;jDpSNx-+Q8gd8mgATUOvY+Bf&% zuGg#g`68KloA+Qz0j0_;(u(H$Z}yFJSE+ujlipa-IvK{D)oF%;7HlHm1YoDTo7?sM z<;>_tk-usJl;@tb=M%;?1j2Ss<#;ll? zW8^b3-@=Lbh4|y|@lE!FLQhnl)<9H>S<;P-NuNQP)=+`TOkIJESw>lzSxUvyT+iCj zO;OHc_>WM#4UGJP+i18#l1QUZ+RC`XG*suCh9Nq2L$2Ex)|Dh<@zuCekT_JPO>sxhP(jHwws-vsJ(QJ+PA_V z&_m#r+DOeh+Df_-1nA4(-y}v@DRaoy5QFEv=w5H{VKe)~Gw zmw{#4NYxtWj-SXC)>2?RJ?f;h*HP%0)h+v2ByN4G;du*VXjDY0=TIdm?asjE$|K;C z+x>bF+Z``wgX7UCs3$t#QVY6R)#)lh=7k;P;d<>^u)B=8+N&UA-n2@KF|p$;!la-_ zjmcJAkr!<*(=Od#cfswK<$FO+8;wuEG?^_y-Ydl)hC75>*@HI|-={d}!VjPO8i3oX zW>kI@G9*#66kv^Bl^Tar?{9^bD!SmE)K4(jPLD?~G6E)>9n4%VTd14N)!@^=Az|NR z`mih;;NHJ=uD9EcKIKscUq(X)zvRx^zpCX`pPP%jKPWF~V}zT6$LD1hzIB7v8sgIv zva7=L=yZEG`gj(kPdOg*f2ggh4E~l_uPml=V(Hg;0u^2Stkg=20~oG_8GkE#$^Pyn z57(d;TAZK0$+zb9`aUY&?)Fx(&OPeKX^(cA$FlW^tirks?%#fju*`%rcX)B=W~~j0 zb{RYkaDS8`-Q1n_FyCx0?RB!EDgeAch!MiWTrlx@$cL<4C_At|OIb_b(TM&`TqRK%3DEKI9 z$^6g|acyf3B`2#M>*G-%64{Gn3_C;nR8aFloY{V$fc*_gqP9eUL<1t!7+$TJUcvOQ znG;?2xlrMlwPT6=)Bv-chTa(Q$mCF0(*e_L#=P15r`I{s;8}CPNEZL7<|!Osywbhs z`mb6x5W?J*-tl0j4d8|J3y0Qo(BMwMwMPFO8abRnVP>y>VlYaf{vLK};@9!UvqnF}jJPEQYRu^-isz4YMJ)@R1q_Bqelx@yhGm!I&&TcJCmHKo$(~8k z3FR6b34u=R@}dP52P)Vd@;@F3^C2q{z+`g4b&5SpqOr z{EkTNYg=_$dxqDx!;)N4j=1NBMnkquF90Aj-}T(4(PJesg>2M{Ez!*^X$4en8uGP= zwB`fu01XF1VBBB~1Am&@wNzt| zZ#$^NIi@$@WE~6Mm4%0R8|cX_?eqgb8{(?@>5zu@TmyKoVNVgQ8YjeGX%N1V(*H9! z*%>M55M+2oln%BZjb0al`GJnznXd+e4wNJAuD)G#1$fvCmxs6e3FWQjbejp7)su@A z@D&Ejpn9ViR{6#07t%+$_bvNcB?+%%1& zp0sv%1d>lTAdBUA57y&=AZRquDy<}y5cfEY_@y%jMQlc3C{sDiR#k}TC#zUfZ?$QB zUp%d5M@1kGg}fafh6chET?HMhT4et;x0a^_)3H#>1-|fwrxUT#4{0T{_{$^LQ5H0I zwMH?W48})dEFOu$(FxZUeD64YEpWk86~Kx&^xw; zYbA}V9;)VV@|qE-PubRW}6$St1GbU>JpuB*mkH1 zcq-zgnaq}OD19O=uY3KdFg@axm?+>Au~$xT6HGKgh*x@iBb80od@aMQr-!r{T2x`i zfz0DodgTM~7Nn2F=6(V_kgM&hsR5qaq&El^M$YRBGemP1+9NU4~FH+Hk0MFreWI#oNX>`ZHTTSC*9P-L%1JdH%5H zyJLwuv)78$DE<4IL5fCi0=?-xAV&%pvGVR{Ha5gqRO30c&sm5U7qYy^N8@|)5ptPI z5W}VIxNau1C*ZygHcDCw5hHY&4mR3`Eb*m`&)Ii-J#Z0?&E zPwG|7b@kVF##>DPSGbBV!r&d{9K%Wi`n*kgj)3RjDDJ3_Srz#y;t_dbpNEZ z;Dt6<`+lw`kL|bVVvpS~Mpr$b7msy^k!Zw?2vm>#nEFz(KNmFfOLrJ#B&@Dpdvsr0 zLQJ?Dw<>qG+!P<(Sn}O8?`APnWW?-ow}6e%d>)d58`jN*N57RjZF^Q90XexOm#vjw z-qanM^L(}KdqTPI2l|se8n+@j?dBI`y(2k{n=8v7GMCkWA&|-qku$e{C|LOT(-R7c z#CGVHFR3;!)Cf=5iwklEfzKX+EnUQ&uIGAEpF`tyH_IWCB&M;w-F2&*>TOuVFA#$u zsb^uAqyO5-YqtG0>&pNGd4*BQ`$(4D?v=l6fh>NDk@@hWeF?<+b2jugilJxW!<(Cm zlmBs%{kST1w`|VI@pM0-e#VSvgOk!$5;D|b^&}MD7M+iO!|wY~=;L?LyAARlO$0iC z3i!&inuQ-QKGoi~D-5FznQ*MEr39uR2XzYTqY13=j5~0dc|$5Ur+yzYjYLgT_x;m0 zul|ODoRVIRcNN(pv%J3*O&k}nh7kc6V__f2QI+j>%_#}pD2W_(_{eZxl8$V7NZA`d zqbOtQ{jcVxNDYk^2|4E0(3%U!zcm1>lTzwU8gm>r(yWna|Hu%^KG+$|X^l35MFf8G-2V_-tLbUWqp< zN$v(%&Fj4K$+Wx;$B8*Jc{@H0AWyg9GTPvAuGwrgFpccuK*`+cT^^9W#|}`}5p8vU z@Mkk?c!RJ9a(tdca;Qrh)-mwNH!1Xz?Az^5G)PE1IGrs;~;^fI$PV= z)tjdqE0o7|4zY-*A*qg7<-ktZq%&BY?v0w z75$W};6820W$foG^$0QV8|Erd5ytF{nNCW*-qxzLdA^3848a>d_J8-3EW(B%8H(@} zfc8@#3_lMy6a28W4_4cTzBB$bNwV6|ooL=-tzh&)yh!D*%jwJ{ra{$Q=?}w@18Sdk zMWKn?VqhW)8Os_D*{!oL*9@J!FU*AI=S1@!zR?Ofj!!meD$x@J^PRssN-})^5{&LIdFDEMr6R6*dR&h^od|m(5)_lWQ$2Q*?R161|`6TqUBvUhTA|vd> z1BCWDZ##05&2C2jmN1(g`DOT!{kCfHfKw1Aottb6aax*G7H-w(q-NYyrZ2F1^uaQG zws=bHTQvP8=sY%qVKs*`;opjc<~R$* zT;AW|DG8W$#sV+{e{qLtEx)R$hWG{f0Gabxia=;J z!EUSZ2U$@;YP`O9I2l=ySpxB3BBFx4q!?Z1+o}gBt_$dJ$Sf3L2Z?`Y(uPK6R2AoG zTX+>`@jnrR(tbx-_~TF&Y`zF$Pfk#0ApgHeI+8nJW8Mty2o-We{~KD zjO8}Rvsf}Ekb*`%hjbABCg-S>Qn`PtDO$bD=#A(uVrKpI2boPANWfUt33J~UYRy)9KeK2Eru z6n)m022A2*Fekf;Wox?!9diEL5IJ&3{v%GIW`Vaf$$!o%j{_BfUGD=`{yzM+aeM@s zzKb&&pVCzrBnRm{F?PvN)W^W^8yed(WS&`Rs+Tz|KFv(`;o-)EN@%OOl5W#w@{_W& z8G$FFIHtR_@M7SGFLvq$zU{IwB15VE5Sd<3xqP5)U83+{=}4?|X>2QkTBYr58^wI- z{m<@>UEmOPd-A;5%H707`80kLEi1PQ6Sr*`zr5QL>GXe9(w?Bo+V0-AHPC~ts4pn}IlxO+ z7i}^ScNQ_CkZEoUQPiz~N^&z}=;^y;Jd#~W;Q%~BCycP-3Wkkj)xq1z>14=o-k*iZ zLVfIgAl*Xc@CSQOJ#Pn%%QSxpJSo$R$b(>+_*%e;4)R)SNGb<|i(NVvTk zXsjW5j5HPerD;`b%T$YF7}l!-iWF_!ii*It@@2<9GvwrA4ZsnB*@ny#{4vQ!ZXtvH zF%ynN`JxdISZ{kmun$B>ugP9N?Z(@E`bojK8J+~Fg4Swnhf7~I*%>Q9nwE~Dv)cuM znDXt1AyO?sUO{sD>!q*<-XI-$Ch(OC|C6QQ7V*_w<|4BlkaN`fr;;I?C=`HLOCh zXgDuTPC@7F%5NBJT3~BW>dYBaJXzaR04#&T7Qz$=@EIcALFso;L@r?5b#Ge8Ua01Z zW%~!!G4&Y%A3Cg#%ZitWs5djmMzL^5>rvWcNrGzXzQk_Y18&)3BMMsd(ryhA(tm66 zZ-Ffr-)DI5(S|5moAFKVFd|P>l910hq^RX&D0u4W4jX{8#|3)H!T!iS0lT0Ck33cd zSB=~GnHa9I)8Q8!tlG05dlk@YzT9Epv(;80;BefB+B%m#H))j+;xP#s!VAoLVqcL zKCv%5#+B(ZAQ!IM`+o`_p&?himQD3Q=Qr@0&&a<=v+?sWyt!ReuYD4dp_u!&_KXIF z`3@)LF~171l%I(c+zG^~)0{f_*eM!}V-DN93vc+qKf`(WcLM|kQXp|Q9LSoj&Xo)X z8onW;=NpkxNkNO~`uch}8PaM@o7lnt-(7I-7Z9!=nbueaJh=WLf$_U7KQ$)djp$d? zw~Cp`C0ERyPzSh0xZ~f}f0=-b=NRA2q7JSTZu*Y#pJj8bKJbhSt`}nnepzyOf&dSc zA5m0!Dz)~0I5LtU!{D>lF5hQs5pii?&w8w03l=&Gf)&~0Xi}qC%`At*RN1OE0CL^> zf=gx@F+haQ^*@usY!=?zFCDFaLka@J_FIM%#HNPSv0xvrtk1*2lZS)4kWm(ja;DD5 z9XunJEMP&F-bnJ_Ror;&htltmTtZFhCr$BFL9)!~b>u4%Gv=JEz?dm4&X>9aP!Z-x zQ)%*JxLlB7imR7}_j-Tv08g0S0{pDrUwrHr@}~xZ%R$+i#;zJuBM4b3Y!fHeiKEwQ z#ZtqDZ*6#LHh|+L_p2mv)J{Z-_5fzxT+TI`S)Xp2zspOhiMuYBS{XD{XQa==Bx9`7 zR3RCKcX)x#b%|0CL0=G`T?+0w)MLruF}D+V6*9JJ<>ljcZldj6L_{S|hVyz+OBMxy z^=d^Q}G6@^l--cGBs|18FqdU}I4~)2$ zlutqrl)hx(FRdaqiu>X1VO=|L2N-VgEaHR8gMZnPSvB#_ErSJrE?+p38m$}`o!tuO zM}EE_wxD&f7u@)tT3>MV8t8DHXxDE`LDPW>&VQmWg1(#%P?*(6gg0$sykqxya!W@@ z6Ysco|9n#|mcJt2(fg-az6+Z<3tL|-0px$CKK%NpNE$aHgjCha^*&XhEwW5ZzG%LXU4 z+nqD9KhMB#%0@#Y0*OmU0(ADvbN%GCPgpb>7qpL6dy2F!;Qk6ILWn1-Br2$CHK@a6 z3O$lA#+TcQB#&wFy&8llXHYv;nSZ~C`4lP=h2QB_0}U`SHBQA*Ac7*X=ZX+jlEj+z z56wBLMY|k;Yg@PGAa*K5kw{o{VL+!(vJ3RQv2gsc8{zG@|^Oww2&ciTQzcw6{g z+C(p})hJ&kb}7_q7;f|Omm-C2&MD(Lb8P;T++o|H3SO}@8mGUwU-C8aJXXMfl~-J* ze((_V=H$0FT0u>if?brrOG9H+s`tM`T=kCAZ0ABNNjvk;-t}M#ng5XmATXTjAl{bmb2vqY*K&)oKbts{f$ zp_y&eAk3#`BW=r+E&aRHOA}3nHs-sV^xB7Xl`CPtld7~njy*DUwq)suR?e#Iq!Ti```M0UL>^YtRdBuu#~=4Zmi8dTq<~joAdQNvhg+^vAp3 zi;NZHLuE0#&h3Z=kU();%@y<}fXJY8n%yYycrYf&+6|WE6&3@IKrBQ*ZJ8UiQPVcB ztLFHZ&H7j`o)9$e0XskDHSYt@;?C+G5mb&Mb@YvFZ10Wg~8&#U8uWGwkn#F2be3m#6=eu(W8i6M>h0 zGh7ehH(ARk=2R@tNlZljN=RM*cap9iwkVH*$*^4Czip_nk>1^MTM1?-c;!&*$09_9 zrlS`8JKtI}hGR0q%S0rZ^Jw?vvxFHP*Om`k6wetcplm@c7n9q~{Kz?XS3G(bRf z0ABZgAdaLk@_-*mV4?xv3Bi%Y+JJ`uypqPo0K8_g#o9m|QfqW!Y+>ijZ(l{bl(z4W zCqgQc2o(eb#&ZCp1mCeMXdmx41-;*Tg8hQr4G=E@zjDAb(on1O~mNy-1cu}=rgj^&JIPns7{fuH?hcM?s3JXA2{Y&o;Xr+*(mA4^{nc;B6>h^_|tdGr@z5W1CSaa}pX=PIbZ32y4oRBt*n_CDwUq`SgL>ZvyStKw ztIoJh?Ct%aT8oP=VhVN)H==NUA?f{Lf;U&o=yI;d4~Qja2>7)TxB^?Z-cQ<39&8vq zr|$w+s@IY8Df(Uu<|Tv)_iRs&&M4_$@$~+~!y<@z-!XI?RA&u;iteDNnFt*YSI>_qN7^>O{N6ziTH~I(=OP@47f`HdG~O z=4`Awvkx1<>fL}CP1zbP>!Q*~#L})LCG;+>CHAx_#Hc;P+S3y?KNUw&uN9N$qE~I? zKqjfP<6o}x31>ctaE{qtms1P~G^wlz%TABsl!SgOYtK7qgiMVkuHIy|sc=!}h zmS=l+x+=BmHeS6|d9qLr*hg~VJl@<*uSJt%c(O3oO>huhr((&ZX0>6NmbZGwG#X;E zihZhFA-z%uyg-heR40U}u&kVSB0(69V(zmdnYQMXq~!$y>p441$Bfm&YFmoxplUZl zJO^Fk9r2iZ?wT(`C=(woUbTF<>A%3*;3F~({}A~K zIq-4aXp*g~Fyz^ca9gEqW69j=Jy605107fs<4pZ`iIL|~r}zEzj~YuW$H^UJ ze(A<8G15x+xCAs)LYmww#>3q1gWCxSifz zYU8#hapiDh2;#-o`D?h=lx1R{lfts{Qtcv5qJJ7AVpZ{(@H6d8tlFS^T%>58Qzaww z^uXbqRQnBLS;+@xZXg0#$zl$KG7@(U8Lm44&kc~G2)jXB-J^e6J7cqw!LHQGVd#lS z>V?D1QNO$`T5V}FA%3))Z=iZx>y0#@tIW*v3qP#zP0YEYOql#u(2toYH3TPcIQx%* zjucB-TKRT1%NZj7Y#w}QlrT&J-(iZX;yG4K6D+RB+7~dkC&v~X9;~w(D=L{VJVWBQ zxl#-2+_4S186elZIWmh`_aATRwWORFjY>Ug-}5N9(u$m{A0dE+vpE-VdAI0W!G zFjiNKuyHxo6=G%9r&!sRTAS^SWGWCIP<&658q|JyY)i{c0+~lrALpk!y+^^!o1H`d&T)VqmC3&c}HFyx0-oSUS zLI&L4aw%-N-hE7T>UGhUtmvB`?4-5?JX}1ufA`E8yiB36{TLtSd30#QKKVFVwpRJA zQKIccGHJ^l14cF6&FTG9J9&n+#CsQ1$&p0yvFv3&`|X>tj!856`|_cmJ7=_u{Oi2C zdPp#3@%p{j(dT0?z%sbp9^y#-Y*M&n(#fohhob~z6l;Yi#>cC6?+k`oymb96XvUK2 zG1Kd|$0F=(|LD)LoCT+9Gu-c2G1)`eKH4W~Gys&x`+^14y8ATt*ZpR7cgN|$#NJ@d ztq!DTBaRJl6QjN;oW_SCL~~Hrblme-_E)YR={8T-VM2{jd0?`>*(=KieC5pRd^@;By%jwM;f$*`DF! zvWx>Q=eX@#mZR``AtoSOqV{Oc*}_<2b29I^9*QRS>}#oNLR5SIMR-W_WBObB@h+_- zI$Zq(WZ~Jy`|b1GDWgWB-0v5*BIxJv$`3B&5QK(}^}aFt~p`jtgu znrnD-(uyC9=-F*ui167LP?oIvA=1-TG6f%7RvhWO=l>cDwoS{L$|WuPEP$tG+OjL{ zQ7vRkI`yME?F8YzJ!JJBg9a+~fFkrN6Ib5CuQI5X8gtt|5@m}EYsWvGB=5J9?5Smy z^3U=H1Mmun($rM77+DEf3CAI5@#p1tX`FoyVhYmS!b^p*E+BcUV~z!lDmUvCy$38%{%nLFW^M8QmASb8u9A)?)sTV$pN|(9r+(?KKEgT>H zAdQ!+dPr?`)hv$Gv_P%<$?5JvM#lOZMOzQ?%Q%8r%vhZfA`n*jF=qN4Fc6Q+D73G5 zl_bNHcIR(9h68?4YxBT9DP8+xgFA}<(0~;;@3iOG#5Mpcd*iWOL& zy9#dm;QuR9!OS=Ke~MHzd?HEPx*N1ZoXO0Jcc=WoYFaEW3Weg&KUGr@v}rN)OzEm4 za%WSn*GV1@QTB@DrfN}R)akc=h~bHL5CH(uCf3Z5K(GbRgu$Z&-y*TgArE~8c75<) zkO^};<~&>mu*u@%La{8ROcQ(+<{(FdEpn{HgrhtB_M@|V9;&(3AAgr{Tov|zjw`CM ze#(663{=qsMQB>w>xdBu2HqeBGhUKJp8`V{utFguS0ypO@=dCw%gN~G98frE0Ykrf zw^ZVzi3rSnyH_&ghti(Ut#RwJ< zqdY+XbSZiQAuqvrhAmONLuBOM$9C5Bmara#qo@-tagvOCw`c8{nXAgH+1NqFAOq27 z6#%j93+5IcrvBwjaHLBj@9m5N*1ppMa{zj>{Kb#M^4VVWBcvMC1UE!p{t!^dumJ{2 z`cje~iV&1zcp%PxFVk5ut{cXo^zYl9gTnb|vR{ zvXylJ`&CqrUQdIVoEU7xEf385dS3|sA=a)~2_I8gPV9$tywwfG?}8daNE8~1-QjRW z&6%O4KnF+*NNME#n|c|PZTU&JS)%q(I1ZgmF(h9FrQe3_Y}$8H!P3fqIyEFxonph& z@^8G|fznsMZ0X;dUurt01P~pO{m|enFl+mr=RwB(M7*sUCm` zk_C;|F0K?~tGBf~%;CaIHwq=3P>=kNDkZgK&GC(wB}0PY_}9ouuI#yZg;3YBKdyyPTD|`ts+2PeJV$UTZkN5v`OY@EyVE_G;eD_Oubj6tiy|$mIO+ud?5wz9vK9?o zd-E8?<*?(qZl|Q?KBbH!r}N)SlTm3=P_>nf3mCg_A#`Z=g@JQs{m6EBo`LB!+>y6G zDi+4o3ro#3^focfp5DQ3cJm zHUHoAC{Id0W4&sQa47?7#=28C@+D9nlmayapj-Le_KSlc;p_Ih^C#WU{f8g^ z5H7kC5jjlm+Niy7&2rj6NYF?Q>+ju9_k>`b=XKjo~zmZ%4CB z;`dC}>dttgeTI_%m4+;i+jM=LiG2>I=y;1f;$#|J{Jv8~ zvHLhzGaLBi1toSXi6(`?Z2<_YHnPx~UgFt53)K|&VyPO)`f(W}yu2;pR)Xv1Jog53 z5l8BCn^xFC;s|W9CH|bh;3BgP2DX-U7A>UuTPW;mOFV`(5I=vg(`8*5V=}jE-WKXxw%?SDVD-!ovX}2 zmh2^c?z8FQI6j#+irPCdRD)<0O?$4qcP^vQ0PHFcakX5!FBFr1sDNm#}luP5NrTS#mpvN zpVbcXMj`)QFrCUKQM!P<@})n|WS)q~SEy_SSu7n!Yk|Zpoe(8PoPU}MB*DHhP9BI@ z?_@S% zsHp)-M)?jtB%2tbD2j`3Rf4{cB&(Gy1w>8XVy)~TtemY#W5Hhg;m#lnJT)Kkpu|t@ znc7U9R~bd^Om{113qs-9al*gbW7x{wArVR7I>TV8RnLzga7LoW zO_S*epQ8ZZjW>*hj``!(3y09PI$Lz`2tc8+wMWsKdMm&Hwk+PkZ`v@T{6v$`b!dm2 zg9O*Ri%+VgtOQITQpJ~=df(2AF5#MpmA#JL5uZBCCzo6Z#T0bdb?`*rZER3EhPoyq z)Ff(Fd=8kK5Jp9=O%ygrE~!xA2OQELeM94Qz_LEM9EzAaVii7HU5*ec(Q5SKWiE}*SCz{!$=Ouy*LlFXk`+hcZW zz$$ti2C*&T>u5cp;p=E6y<_WcuD#$JrlNtcL8U`lIYgy{(BKmz0Z47P2GXSqpR5h8 zQ+os9o2N6OW1B*K*20Q6)He+o@}updS?q0jEZFSgc5$Hm;HDL0E^tfD1QOV1t2)C^ z@?P#KX0+iQL0yS>A39df^7m&dj|y7NRqv%VkI(Moi*9%*JW$nzT^^N->XzCzxf`Fj zmY_~UoOD0BxBTh$IL!iG$d>AW50#H02?ktW+NxpMTF3PvB~HP+U^-%YQM3G*PyrWV ztXN9_?8C~G!5d%A@*j4meL6$xq6$+*Qp0YP5A-x|C9W73^mX*UszK8!?!>8kkLiZb z>F7=cl6hoxZsFzNE&QV0DMb1X5SCqrM&>Z%f|HXc@rkm9o-e-gadku;+r=|&x;ci# z%NyvBuS1!KhFj_2d#?Yqe1CNh%JH2Q%vN{vL*r5-8t{xg&VpgM*`~tsS4C697!N-8 zXVb*!rb&^AcLwxwe`BP+SPNK-!ArzOwb0mYixSix>>@WF5FCi&}jmvQ3bzLF&@`EcB5r+znnpK?)1TXzzud*sz7(J_)7`~-E6MfE$9bk#GL@H5Q`ZO5!PD^ zsf6l|*8%Tv$dTWGs-}*<9fwKj){MAbWJU9qRkT_G9yK?kK*fueIQ5whtQjzZw4C;5 znc;)(Q^+0HV83f4))Cz2S={{!Gwg&>n3k$`vhL-!6H-cX?3|)MWl&N9`PEB1DHT%K z8K%uZH^ye3IUNaDC`Ya=xG4Myu)R4kVkc5rICr3^PgwFj6l90NY=&Pa;S*f3(q$LQ zN{kE0i3rtPR^r{QgQXab6Y!HGguF0G=~BMo`fTJlNXO=hec?d@rEu6&UZNWDS~$1$ z6pA-M>jn{NnkL>OD*X!W-_cw~NkU^QTq(R?_I9;Y~>20vv+vDw?TNbJ?`zwJt zgp|XPlT7sXwv_kc3d^_0@KAlFO9v$fKP2IMxDT&(gxmFZ+&6Wi4&C1}dZ1bW>rZer zy**hCD=kr`2!hbIx(j4U(iFFcd1m1adr(Q&#?=>I>va2}GLYs0-iH`YwveZ8m~B|Z zRHL`%t*!~r5EStJkfth}mF-@g5n}M$=I)O6FEtxxek<({r;+@&UrXs-{8rqEy#3xw zTfd>~e4T+W9-l8ncBd0UK)}>Y?Qpwqp*#>K&O!%fIb38o1o95Xfj!SVYtgc#0y{$TmB`;##IYcufQ#g!! znAKO&@_IFFkNkkEVe)bIuu8(sz9Vf3UZai^`fTz*hN#}nR39ULpla)I6 z-q(+>9O_yib?e${GG~$b!i@Wxx;7cB{bt@*dZOM2EFkrsIjlQc!V|s6P=DKfq@u*s;f>( z<3;}_c2(^Hy8qlLd!?R!zFYW5H}41BbcozH5Zu-p!5(IwkjW-Px(k%T<9h&eowG2O z&EtT!#GuIHmRx1I{w~6eAme0oU!`EN#iQ~W_%ve_wjGAI^#R#TOO^?m z!XmrNW4`~p9Bu+!2u$vT-*V^#eFIrNqRSmJO_nNEL#}VT5&ma&hhj#riZOJz>jK!` zm)@zj-gqmOQ-+io0uJF2gptgPO|D9EAb3inx}y7m5hee-D>mtC?UE9OMqtF&?9|H> zkv&lAulMLlVF_Pkvjp^Wg{2(WQb2fHDn`sxv~>S94+uRi%54urauy8RPg4}lAYi7S z0vHVJ0BflYblGkO`iHv`sZ17|5liGx)Gq&?}L@BXdR`rRY4%J|*yhLGBFKc*8?it_!v1mGC(&q-$cHA8Ca z?T4qZ^T9_)()n=!H#Z(4?Ecynr|rEaO7ka89Tub{{PWqTn*q1;qvg*)F5MrqB}${C zJ5rGHEMK2PTVE_Ao4Pu{N;+{NmQP#%V?+cIUqH`T;g1(BC`~SPH9-ud0+p@|OoL*M z@PUXLReveu7+dbf1j5LI)2Ye;V*5d}!soM58T!h^>Z36V9j&$(vZa&5`Q;A?f%L5w zf>Z9(Rla?-9?w3%Mkw1f3foSl`gMuCi{J`P-67Q6)XQFa;c{(t=^1IBMyPS&UeMvN`vXPj3bgtXtCHtYJ=7#Ba`Wfr)WMsN7_vUu2Qy5wP2J(TRy!t zNfEsNAf@)8rdJ^w2=UQ7#EQf=#IZc>17Vamon8+qp4kFZI^}4`HQ8E7?q-(tJ4>u` zi5p+VH;S9iP3Z*P#)-s9gu4?2#|TVa25Cu$J72_d`5vND+9t`yE4W+k#rwYP6uvrf`Hz2v2Z{3W&PPok_Y)HuT4@v(i(yGWhj};*)c1YWkCvl4tRsPJK}A{cv$LH9EC82Z+Pn(!AA?{~Jh~Rje|MBanDrlzd#0yj_-j zT9JHOmHbPe-iWvYo*yl?8GLkM>Xm2-zH{uDCaWU+4_PXMP^+$y`@}h3-tRsPJF)62_y`A-i zr$1Iz?z0;z_wC#_&8ex>9>UrL%v6q@Wep=}grG@AcbA0NhpF$>l(CPq7WLRcY3^EF z=}Z#YHabRjPK5APXzW=%;`%ouDwsqgi?GzaB`+y3FVmKZk{=Oj|ExJJ4KnO0A zWw(~%*fuL~gAI_P$uJbK{r`=gN|hgWeav&CGx{$+)8IB7)ob1jAaY6EM*IPN$mPHilzGk zBZ@Lf>{IAUXTSc8{P99Zkvmb+8kQ}{C8}2r9z7zDZ9e1p_v)ffYsCIm(e*BSB_7ws zZ9~~^kncKo$Z$2|>g%!%;nj@qr-(_VxjcrIqA+4jad0FAdCMzXI}l*)8uesp0ZOXz zB-)*90LM^159Y+-IiG~l&6M2=4C}px!tHLtiau=;M>caOWnc5C6&%ZsO(IxpNAfv< z{=|3l9y*}1v6j$zqpG9GV)=9KC1};!7^*xl)=@k~U4$E|5Vr5lKjED%8me$w7^*=2 z@yBc3&Wu#G^u&%ZiN;_;s04WIasC07vga&p1W&dA0*N7k7i{P6#04ls0w*j|en?d#y$d~B zeR~>6{)R+`q>QSf&b83iNLiJ+=g0$LkCmzK$Bg<|+N>tX&db+`47pD=Bny{iurXp= z2l7=6?J&+Hsw%s<|D+2Aqhu@;yC}^lS@P!%^uZlu{nyg~RW3Frjccgc#~C1#EO%a2Wu;En;) z6b+tPO9G}Bd?(XhPTKawS&z#KBob0voz6Z(5+R1*h_j6ydqJ|ph)aazfY|uz|+F)wd zh}X!wcIG1DU>EcT^8Ah>T+-t1VlTSJvH{A^_-KwEuVH@Js!g+?rU21v(ms+pC`^54 z!LDLCng5+=+a&<+?0{R3_tnmiJ$NyHwy8?pW`lSI;>+-QJztd*2Xajoa$6Ee^m~?QXRBkMf&f$1n-obHu7qrg<=C-mUvSQ$l*VS33vn1iR^rC z^p)>OXKfrm6BvG*>w*hrN=Ej3#&XdY`7v}Z644Z@ug#tgC+bmRKRJM9tr=W8;Kl_h zj+GWZWYOkYeu;^(TMQD`;3J@yFnywQk0MZ#!yzjZy%eX-*J7v9B5<3^PRHHoLLUd zw7TsSSlKzPTE>d@1b~UBOi^%uUO3;me-JFLRUwg#OH6AJx)1cvl+l|-P`Xk6arHD! z=Cm&JvF~}@kMQykG^8wz^LQcR{^r<)UkPGDd3qU=p-@vXZ@drTuVgw zsce^KZM{t}b8u;%0=P1SP2k2(DyCl_YEn{0%ORPAQ*EfYjEQ|bzgnfdcjS}58>a0` zVgqiLqsV1)_)jFbZ@Hxg34RIGU`^?M(t60`Ly*d?;0tZY^6Lc@km0EsB#z1SL;s zIN6qyW)A;pg@F`gyI_y|ZO_ixaRbUS{hFK?!@dN0_%p@F8MysdQJaXQi7_TotPrv^ zHtoVdc%GZeLadJi+%>53vEWp2E8VYA5$4{MwwyS@w#{<$OZ2-Os`-lv`LDKUp9yIm+Stidud zUI&%ki~{a_f+WK@@*w?_%BF^;DR+NBhuei@N?NbKK{!!@er_B=1tnZ@ z;q=-CYogRHThmE;665$ z4yZr3+3w`&aUBQ&?}1n|DmeRhdMZ<=9HOwRiy#QvI%i@-uvjs|g|YqDtZ0aQ7nF1f z4}=B^7#?KWc{bC1$d&9N|L2Tf21(Dy4x@@=>LI<9a6xTrtev{e*QA0~`sn>1tOA{< zTV)xN7^np))_|YpGiM{;vHTP*k=2B5_NG4AofbnKf=w$C#3@Z}HpX|MbOsMA>HdQ= z_(~|p7wahY*FwA837eA>67O}l+yXJ_2dfT$KvX0<7p@YUFSa_O6IayJ=n18>^{!LY z_3#cHdcsNH`g!)WE6*W&H*xX$3lD(T0S$cFAc}+C3W+f7{^G zn2<5*u2!;1^=i?D~R*7?ZN3Gv5$3l7H&sCd4$_Da*{ukmRL<4i zygf+koUO8(fV;X{S2GBO6Pl&R7uDg-z^P*bvPttU*1@rE$*Ae|a38ci#4m)9DCk8= z?JtD_wN2HPcb9}Z|S9NMjkW&|D<=QMZL z^F60AS57WhkT-bjLdUjV{d?ALuFfpQ7bX1vi%>Xch-^i7e||Usb=S(-YS{JD>U0e& z8p^_~$i*3uv2%X)d`V_5)Mg2YiIU0=tI>q2n4a1C`pV|kfQm<|X#VA8p z+Y`mFF#|Eef;!9jKluq2`r0=7U3n|v)lP>R@-5xq!v!P}+`|2&y~hyZZ_w&6dqt?` z441Cpmg%pO4IqY`Sj$GWwNcVplY?)lG>ePu#%Kry@5q|A-RaFz+4zNE+u?|T=<)s0 zoS<3l|6h87U!R&mXF1Y7DaipS&>)WJ;Q}BmSh4W#E990{BTpB5o|0eUIJHimE;UtQ zV>4i7?W&oQwe%Ch@6qdvpAess~&S!*v^I;C^&g0y)=Goz4>cWb?8 z9;C!gWVALS^~7u-h|!B$EW>^+rz%JB+_p~LbqFOzj_r9=lQITzKJ@^ zTKdwIW6G^Ym z?Kbj7`LhEB>bNV5dRT%+cRGB5@x?$m5Fuh#Q4?hq41+ZrzJItO!RmGZx6$K9WC;p;^G{(fGbv_zdDgHT=euXZs2DcSmFn z&l7bCr*^`+BCb;T?}o^q&-?P8Y?HP-o=ik3+I;COr{G2Pz)AaMNt}=I+?c7ZIq|$}-lnXw}Xg2V=aYg{#oO zFhu|6s)o!3i%u)i@wgX`kg53^*x|` znmSg4fnyiKp%i7|j)Zp&&(N#z_R&qn$#0J;Z%Cb?Q$BBhXS|o(@P44|KM{|*3Vtx+ z(Yi`uv9{(>Ecu`>!{3(b>z)C`QfmA4c2%Aoa!54<{o{rrKHOONFH*@zTt9T?uii!P zX!21b5-YlYVU!#m<2_7ihMJ;%BH@|pr62`4i)MmIiKi=Zhrt2GsubOW>iYnRM}LtA ze>)68Zmgk(2o-L*9`|hC?DkZlx|c*)=>7U^kRt56G0IcXKXgWnQyu|Vj;{uB7c*2C ze0(C=*ou&puZZ~hYXxz+%v3AXptbof9;h&*gd6fdx5k7rtA!-{^Sn*!5-JD1HY67y zO~c+}aWE5W>SPJ{W?-WLh!`r8Z0C96L*1Ib5gTwa6Wi(3{Jm2-{3S}3e=tD_EQZu$ z{CW{X?u0Y*Z}H)Z>JqHc7KvitUA7c`%3q<4mE?SqH?4@b^eGfKsL%H{X->Iq7%knG z04>2i88;h8l_BjOlwS8To~W9$q0l)lE!QqsH1nurvD%1BJ3!cAm$ws zc8d{R3kJCR#%Q<#2|`A6ebgyLSCH09XN-Tr(mtR$QF@}=vg^HcdbZ}!R6XDqBL2XVw&laRA zgvc*Ktloc<7-or%H8FEL3NxUfmLQ=QcOhX@W*GL(n%|=qz)Q&|h(fr4Z+3UDV)c>? zM3toR7wyQGNPclVz?TXJ zZb&Es^RL|;qSY%ZR^)XDDp1G`pq*zUtFfA^| zdbq1;i0NGl74R>BZl<7JNO?L(r?%rFsX~sD zQ8XKA6lF3cbyeZx)ZYnX-9<8JUkE{N*nv%%)YkZt?=5iw-2QneEu>06f(*2$1$kXc zrOX!qAta+rPTn2LD1K9V_LP)xT|7gS9DoBvdIjtB3UmG~KhU`{Er>DFXku8W;hoZ*AR zd>UQZFKI4AEt!&4P`=UHHv!$Qg1^Ma`ZtyOaGBc@Lv2+B)3mZ#EGHPUM^R5F^#_PS z-bLXf#wI$gA=TZPehD*&$#ldi4ABCVb=i{(1n<4$Tff0RZMbXFiw*3$_sAqA^^xLK zQ`N%=Kz8a+^UHa$^b#THO8wycVajpvXA!H{ zzDhEdGgJg}zS=17JiTX{nOfRC^fqs^H%)Qn;D+ShJn5HC6SXNoA!SK3`6wH$vi6e7 z7N_YK&QZqmlK45(=SXagjichS-Y=n=Flh=-j*)HgrQ+yc!oAE}FGL!X+-2*I7KwleIBD&($#1KNd`& zQolS#VgaWu=ylSvY(kH>F6UXBe=-%@^&cURNGrZZThxu3)T{}yyH4NjTH`fLf*3{R z-hXV4^J}W&3e&@l4txO&zV~;+(Z<=c5-z1{r_Jl;rjV{HpAge+VT~LwTh>+5!%r!X zPrTB}#8mEOS`)q$+$fY}se=J6Q-;2AGGhGl)s$&tWGb#6aswv^!K?{7B7{{VQzM{4)*YjuIi}jr2cwxUO?f3;)A% z2oH&*F#qFq3{Q+ap~WseQ>rQy$La%Wi*x|x0zKSN3v3;)_N~A+CzK;g%LlXi!ZY#; z7>fn4>M7o%bJOze1TSn14sjukwQ;qff4IQ{yuG9rG9TL5(^-5gHfPqogdHZoa`z+s z!rP7_NRFq4Hx%0`iumhOtt(0h0TuJ^w+iVRKwXKjGp#GGsPU!r{uHe2Mo%w8s9>2d zy9*LBQI)Di8=kJOj}Z+{&wQf5R)$!g{>q(QI!FqCD{_E_<_B(Sk5B!j-yQ-SF!1#n zAxXJT@8H@Es-0h#BeTJP*7D)FK_M>lKL+#@-Sv4`Q8R z)0zBto98srUQNEZ4ZFKUsDRR+hv?K~4vwEh<1rUKj1c%IB(mr|V`hjjwMtrdM8h1z zBM4x77z|t8{?;BQ8>!e&MBklYRE|AAKaI(2ScPS`Z%s|~TayZ0sR`>SEk}^MH zt#U0wTAXNXlvMZbN^QV=-enSp;gH97-L4b{cEH;>w1S>~M4XH|*<6yf^=YwpgHr4WW*s~es8Mc(!&3nAR+H8lbIuKJg+!;z7C;W;p@VA=KaFRXAz zo#i4Wa1v12#R6g=5N_)8g#Jhs^=sx+c|z!rZ;0P5#I22*e*EC-h}g!sHk~g_mD# zW^c(LNRWN^0~X6@mWNwjs4te+gd&OY<@I4R>3e+|>Xa^^A@`Qa&SA!r zmg*4Neog3BxbI7X2Vf>|JqrSN$-H%R+j~^z&Este)RILX(eisw;81wMkiFj_Ma$Gg zWBBoS_!qu`9oxXhbqOe6m(iUeqNLVaA9MMDi8G-A;}d)F&t*bRCEAfEF500l#Tul3nPIX(3PSWkE6o!3M+H5(W!aqsJgK6HDtv3-}UoqW}mI4B6(yl45v{>P?G? z#s76Vz&M9-On#$B!+yc<0W5B1SWaIiToOLKXZ=w$#vWC~57Ei54Qnwg;@xSN!m6G( zCO>CA4_VG-{i~^{D|4wiII^b%;`4OHy9EU}Ss2&M#*ywj(~OI-Ogw2O3{pJzjBf-P zBYk}H87j@N)+=y%W%;clE3gb?e15c`lDOOTW8I3+{`GJ~q*8Cr6#mwTc+{e|T*G+i zyD}tzgiv`jl(ZUDuQ3^7RN`7tOOQS{c-as-^wm}Vs42lp%&epEl6e$NnoNWsNo^&` z6yMTcI=MGEE+;OFJfAteJfarQz0~h!0Hp*X01?9OGmX;q)8u{J#gL%b(Ne z29acb3XhNH8%1!OKYlOHN?o|n{$p0_0uEZYgx$M<+!3fFu~`NB&=0JTo^KB!a*6l| zp>HoDrADmhy>y%BYFdM1IoRv2`A?AF!M05SrgK;?pI}MAS)Rl98=c##{gR2hNYaMn zh#Ye|%5D~f30%&cZ`z4;B;r-7s-p578h*oQ_6%Z&9zmfAjmS@C^>O0MKH5{T(J=S% z1MvaVB>^_S;woYU-aR-?4Ky2)TF(Rn8ht;PyqEwCuU)%x08vX{l;9u?wm0Jm#&f=t zS~mp)CPeW^UW^0kUQQbrx>_~qkflOEEMQ^a&t(@@i_KfsuHvBKAjQA<*g)}C0?T*J zIv0gjVA~a2uc^6Gv4iMx;S5cc<@>COkS+`3VzkDzm%MS%BJ8*u>hPSQC((mUStR#? zA0*WQr=eFyl-B6j!dwlkK{d3490GY@m_q65Bh2;6X2S6(>~)#$R&=o2aT`EPW~*`h zV!vIY1=}1|O9-`mbSe0~|GD;2;O_IO6MP{CWb04y6OQHeY^a%b-)+wEN^$DA@XeRP zzPmazTu}L>h`uZ5cVYkc^$+Gy+q%HnU9(IEbp(mMRQuTLvQ$R{H2biKQIi)1Z7#l@?XqASbwr-=A}ycy2)sUj(*!6iOQiL2{de;9dcIi}FwWaBd@qh?>y z7HPgE+58su!gBofIWky{U%ZZV=9|I{?qrc4bvklm;~)373xASvzG_oQF7a0@gw%Bs93IC+1I9FZda;-8%G84GhIlmBHqzzEmo zO@Uta5@2{LNT^Rc!)V9n^?g?=R~Y>F#F&@)$-b2f?uJ%@GJ8oECT&n9Ucn%bG%+@4 z=ls$&aQ|TFlzG2RnK2%bZ6{U|B#kv-VXrkbKN5%Mi3mwTsFlVIUp^&%PL707P z{`}rLacuthP%^p%NwPmf!*Q)#gG%P>_{wJ1~FFum220o zU`ctVJVyMhzRO3d7qeB{f}pvGrKxRy z*jwTX&z=;mdJh6%AAXCIMp3ko4iGI(9oxO8ff69c9(Ia5Wt0X>vM$GJ>6acpQmxaQ zS^;9M(o@!xhlV+vRjID3lhXxZ?Ds-K_FqHT$8#bDI-TT)#s$||rbx~t+sc>>_l;mq z&|1G;Dx8M(3OY5*F;V~-?w&qS6{bFNTu;SXkp4&bXe;DtxbChUr)e;ega*Kobq40B*o;hzZ^R;H}og7_t$P z;k@^O*0R5pc->d_T74g|6u-zAa@qOZyEJ*gY5}F4@rc=Rbx^9txg==ueeqRuHHFPi z9tC`I>WmMi%zH{G=X;;ngPXuyssTQb))t1q*`V}U5TVC|fq+R+B{}~c;8Thm1Mef~ zK;p1Egd9b0QBG|}3AIW3FdqWN1T|#G2g*C7aGHaXjf@AIXEdym^eybAN=k>bu| zI8K(CUlsZQfC4Y;zymu>nw4)BUY{iPkdwfJpM zo&2cOU2TD*0O})fs@}hk{tqr9l1n5&yab4Z`ZV& zJErhXDaXr*Agd^_Lkmt?wHCcbRTv1JgSdqgCjxbRvDnGe=0!#)8V`MiMlu;dn;jh| z#vbgWA`P3TPFefp5@D#MdaEKrqRdy{-u84GTE!`$=qR1NeFS(m$wa4l( za@KBJMq1HaVkyFG2H=cayT7Kz!YJwuH;#{OG~xlpDjs}D4Uxv_DD-H@;kagbm-=ag z3<$qa^!nBPg46UvJMWEZV32hM{YK0pz-Y6&x0f9XsG6;jofQ^B zQU}4K0G2^!M5o#x_{=p*^u+!wc6Uq1MS5W&)VBO%kpLI_L&No=EMTcgb>-}vcrrK` zbPfS$s6R94V=P;TQlmjJ%z+cCDZhj*7Hrl^Me*k2q#{mBCotM{byg7Bj0VthKN`Q* z-swoxfOgk>vf%%nKQKOH)}sZMf7>!}p~BFdA|n-unmz~RS4rQ%JX{?1T1sVzd5{x1r*9W;jz12aKb%>9dDdr1qC3A`Th)Hj2PSTuZ|c-1 z>fNS22<43h6p4J9ncnPvl-ej5d;SPMH>jDYMj7%SO`7Gqdb|xBeuu)P h+NzO!6BG)o>fjmmi?;3gRTdV%|#k6t;6SBsW1I$RXoGcrdE_XyXm@X%TX1 zr?X04o*nyx9nM<~Zw4`r_V)I-=VM9lU97CEvY#E#2M29*o$fBT`%9bdj|*dIRb9=` zH)&~U)?MUQiN`!^8mGi39A?f@->>&q3 z8oW=G>1Rjx3^nDIvvp9t>we+9?Bh@q#CL)FAHnB*BSopqJLif)H^O zPf@M=FZIf&Pn2z6_m#mKnR0F4KfM$dZ7D3b8|B(PU;StnSGj~;Z1*9Y;9=V-o#({l zAIcnlw_To|qJK_>eQncRal_r|zLVF`F>Un|?nJ~6;$i9)Rm1ik0=;0~@?OA1Wpt4P zU|w=b?JMj5_}R4S;dXm|{PB5`M%VQc`tWIAUv_$W8b{NQ4fF`7^vL^a@QD8By!Q{C z>ef?|DrZiq>cHtDhjtfOnWkbdd^MWHom(FG5Y>hAka#8_F_*l-PDB#&z!l_Vpi;Z1 z6txz3?$KtsmzA#5^}2Q!4E$xu3z=DM==4B2M}wj&)L^-iOo&aoShdlo7GFyFo@nnT z0&&#GrQ)Y1JW(6%$L)GmSNpcrYpJt7u2Y3ak0hB@4*mlLFD9G#k}*Bkt=CIXAfm_T z(_%NPiiYIY=$yFWorHj;?x{-4ZKtQ{DQdDnRoJ_qsCEbY$K13!YnAj=2CGQZL|Jbg zDMU8 zk3+Aj(49m{`TIM@w_ z3l%>V$o0TkY&M@VAIhgpHOCgM)Vsv3Tf+Idk=~X505O$s4?@zez~LE~M7=VHvfRtZ z9fo2kT)np@$lO80mueVX;{&xR&d>mrxQ<>aAY2HNy7z7AJ+L)tH3FbV1o~i|R>uWx z!JQ|Bz(ye-0dAf$^Vyn1#JcfTvkSrVXsd>PMOajK@Qam*(Tu(CZJE;n8-1M*E^X7(T^ zlqZx2Jx9Ki6Pxr$Mp+xX`i~1k4*z~Zn>95B#=0{<5jIbtP{}vK?^A>_+{O_-!ztfBd z&f7Z}y=lIaG;B0TlT8X+;}Jf*E2NphMR7QK^<=mX&yo842x=@?4+;G3r-WUoL9qhZ zmyE6Uv4A?D1k@fib&ulO=#DmqLP5-Y%(~*P7UX9Hazc=H@6^^Lp@~;M8fwcp_gMJn z47Ae*is*J)XH6&R2B(Rz4;gSl@zWexhvXv=;{{S0+2%O^4J1 z9?0(Y(G6tjZ*o8itntTvkbq2^Yqr>JcXXl5wv**L{N9U;>5DKike#eyu<07xyM&Tx zsvEvxE_@OeR$Dz}JaqW0YC#}3F6^{N2?m0#k(Tg~Vv&HxO^3dBDn^|Z3w%Wp5bZh+@aD1pYShNA zb0ZxnqhdLWPA1(UJ~X9Z%g`pSVjs&ZmRlMZjl!GIi$W&JD}t6uGm!5}8kk6@A7U@u<14^#8qpg(rofHm7AGT@yV;lh)WivuKL zj|8W3miny>Oj)EV*`U~ikS0*P%2yByzp;*+9y`z6M$^RDh+5qT20^#i!q?&j-*rH=MHn}dgO=5jm?l)E!Nx4+tf zPX0{X%ifjXqQZC4irq4#KP<65N-An?tFR#m_-zjfKa`rjJ?aQ0&EvFFG1t*5Z-+e{ z3NXMY?~Lu1YSSRpCI#c=CW=zDY2w?P$D^o3o+|Jys+utxBLU|r*2R$ZDqKuI<-)_}j zPLAj|d2mY;rSTmVYsWhumiJYz@?lo*x+i}|g(y4U6b<>>8J@THWxeR@Mg`2{d7XC_ zv;>?eZ%c8mF{l;6ZgxK<4GACogpBYzNfHHTjTe8N%X;}dJI%WPq-nq+@A(1-r(IRx zO2wX=@P)6tuVtUCMIXD>T|1}*e)ssgp0Deyo9_4ZAG@r&o}%~oS$Q6J_xO)OPwl7# zK{~u+SkZnOi=Xf1P}eF`+gggI!$U3FdwYaH?#TL)V7up_5s zjvbke%mevvc7IB7HJcO|nwa&PRxe>OQDGsfH?aB%mpW_}`{~t+{YBiBS}!`#YJpta zpp?qzf3qgnFzNE7SHBOu0eZfoM+Ga9>>3kuJpOLvisdP#$Kh|49)SVM6yZbG?)lZM zY#7KHMB=LDQszY(=5oZkbR>D%9D#ZlUuHL>7f14}u~xz1OG}gi$e+I=JKw6%G%%Xd zKpR5%0}_jdO2L7fj%aWMn6}12{9Z+<d5^kU@5|SU7S)(?y~YoYuTt5W9YDf20LG zjpYV*CjdWqENbZah=o0|Zh%Z^h9VN9{6T`4i5w%5dB^letk>}=#iA*Mk4ml{7(*&Q zzifYJjmCIXQc}h!&oY;2h=|wwBWWbtqp~6fEL~FV(?YezYVjg2bt4`hMtD;hGsplE z%V`T;&g`ppG#%_767cn49VQHq{_bCsmY-^kPuDUb$>-C-(;+MWv%>KzBmqmWYmnk2 zvL`_uXL6NS)N@2sG4k6GMqsET-0$e4|GWHUS*Zckg#Zcej&8#j?jlW=F;6tdDqd_$ zse)c_-C#QR*veW=OTBE3p4@Qtq6X<&aGblcJAC&TJ70XwLp38BB2GakAj=8#7mKuZ z$0vDHF4#~TI%kQFCxJmYXD1=ACx61P@bPHhiAxe7-Y|wc6Re0t@+p`qyu<_9de-WD z&8?*VfRW0*1Y5}~zF@`&aI2O=zv^V5{(gnh@WtRJ4tGr^0& zx-M8V)26!UyQ=ZzK1d{Txu6p9d?84)q|zZs)p2=3kn!X|?5VPx@&biD8$)RzbkBQ} zr$tGanVVDA5IgXAwe8PY9439L!^)>|t?SYx1%n%}YR2BOl)N#LS)613wUK2=YKC_j z4hBmhZQ+b~Gi>AfoJL-q(6x}!JfbW<$0AG)t4sS9$xe-Nt4Au!bHSa#qJQ_4v@bsi zj=balt|#KH<{L~dRwUq33h-Y_ld3XuC7Gj2(HXf*Wie&wh&@jDN0sriLPV3O@ehU> z^;T`QHVi~s1BVcf!9+>1U2B|VE~kItVP@JPFD8;};gLdIx2vO3O&AZ>k8a(oJ>~4s zEn&4N9$lf3<4_NTdKzz$T&aWuhFQscb7*_#xhTXT z4`Id6K86LbVE!$vD1>PqRBNo@dCcs4J-jyyS!RlRnrN6lsxyR53}X$u3FzSM5z>Dq zWewTqyzpbZ7j+WVDZ8hs4q(~B)L?nX{V_qZk2vam>VQ&_ELXmR+3x`4Uk>@(u3#5? z@Vt8TnAqJv+R5vr%M0)5$_&bEXS%$3H(`TV`-8>zf`%)?V$#8S+f+!f$Rnof9+{fq zC2nRDo?qmX35VgONG3J>!|0AIj~Da3$nyc~9l|tMv6y5{z}2jv)IifxJ29oAbXl&E z{d1zm^>-^|cIgdF#k$e0^jynxAO{*pCZc-aa4}Wmp>{z^Lo7Eqe1u{e(=**I{OBgwS;rD)=OZuMJ{7_)Q4Lva~JIb$+s%}f@|9I{|8(3Zma#h>r~(OuxzUbWvVlIsn$7D6E6qLx@8s=3DDSH_B#aDJ&E zkxV-9y?k%d$3WAn=|>mr+Uxi~IU@&mIsMpXfg43%!(dC{CtUU{O?&R>O*aB|0c3d^nOnJ;!X$O^-z* zK1aXge!Ep22lEnb&wPv7$7X0>#ZU`--Aj7?CNie8u?7I)8lyUti>cJ~9%m}8D_h0= zcC)no^p0s^etGxM&9c?nFu|RH=aXsoWK=9e(lQqqn<~SML?KRd&6Jxn*GXHLXp}!g z8!E!ICE1JQNqRhn*v7EjN-M2Ld`5^R*>zGaRfK$FN47wINxsIe$G%E z5Kb4B_Z>Pj2FPT9gCw6Bb9NJBrOOZE&vw0Zf_=4guF)?n3~uf>9m$wSOLM75ZF^qH z%k%!Jo#S0=GYU?6cZ7V#PJb)6V?yHvihY(CPNYGHqieMY+|;DbTo>3L^NTX843oQ@GV_%E90|yKem3QBdan$A*M} zj(Vm@EzC&YU+Wmy+XhJ*<-mrwo~oWar=OjOy{2}KLAMV(e7s~`Q^No~r8YJDMlTmy zzKdy_|3Y}9RD`wWdwhv92+75SiJ#qod1HJ!ss&^hJ_E|4<0~qRO(#bui@P%ZQcX4# zG1h|Lf^0SR5A1!x!yuiCQ~n{>dfvwYhZQ1_p{06BieDL7s{2nZZ2wsm4elgF7XLg9 zyH6H#DLxw+Mx~r`@pyN<@id!aK{K<&)c27*-j3H;31u%CSeQT3b~T?s6v~dvFNa_# zpIsrE2#j5Z>naC=UE#(}!qaQ*=3)~d;X4)nE+?7eNWErj#*+jGTjo>I(6W0-i^xAw zyhabwI5R5nmOJcJ8Ivk#23NwKe-ND-$6~5rFE;UmIcPq;B

KwxdkBv0Q~>EZjzt+8=0fJHCAlyfVODaM@0AUsex#tr_*|DkXg2%A;tD6$=CxrJ2*xv2P+V z<9A&hh)FX_6XsHCkm_wx{Yq%ZAMCR3dmy1>kYhOn^#FH2j7un@`@lErM=TUh6_eQ_ zy&Q`O8+HC?tp|qq*^`{b3Rt7vh$ushFfE8VAao2Kqoy@))^rH484W;q6Me`yZ&I{V z@BJ}XQ5M_yj|5E(IYzb!F#FRGsJpeFXyk_|x){sX$-Xkg`no8feB`dcoMFJb?1{iC z#LnLecF@?YvvYo+T{Y`-`PF*Y=m-pL+3M!x=yL@IqTOP1TyP(8$KUBqW1nMCw5G~W z)#o5a`~vd&s!=!(qbJzHASmS053$ymt%ARbl)s1*VR4&f(M1sAeMLSq)Ti9!`y-}; zt3x6k=~q3I{<5t9DSYhYa3Z9gQ}=MRgD!Oh{JJR`J_^j5!d-mb%>U^ZQQhRMUL!B( zQil@6YZ|oBF_OO#94q-t+d6s@s$#|P`NEpQJzAh^Cra*#U}l=658_d4)bfw(0tWp# zuivgi1sM3Kk7;-{05By*N}Xycv(x>tKE!q3@8%Kl0DG+?`!5oxZFkaBi9l>JK^1Lg@GbA>mbBdyW%GfC9T(&~TkL}7&L3M7E z*v1b7`G-J~>Eh_y^&`DndheQFRBREX3)O!(4Hm7y9q%wA_^uc+PjZklI8f#fME4PS z3`EQyQ{DdBuUcPD-a}6fb!-(WHX;^1)nDt&9XA{IMx5M4lq0=muzvEWdsIbK9dM<^rC(B)e_(vDn}js)y|7yM6{#*vC**!lnXN2I*0oPK8%Ll!9e_;9gX@WWO5 zCuURc!1(r>G}{t#R=Y>-I1tSq0zDR3P+<%rVEc51K75;n{{ipo?mAp_*lgKdqhtAJ zQ%E8MXYKWeGdL`Wo_XG>e44A5A0p~}gd@Vu_HBg`+4vn;aUC)ku4N514{MZUW_w1+ z7JLn8daI}^%V=f_!``}anSAnqOcJTYtha=&kNw{~N2$1?-5Y#TyEW+ah^|DrkV z#9iDL-y}_1a^XuQA_*d^{eRWm*iAR?*gMKX#{Fe~&nx=A^6gma0G$?h*`|ixYuauD zOSv*Rws`g7>vnZB=49gMwnT3~BGl=mmsdc3t8MynzeTzk)(BCZ z7o=)(DHPrN40!Cj`*h~=SAz7}R3~-LxU`)CI@{{G#XVLdO_UhA`J00nXvhuaQadYS z?8po0_UHY#{{#6%_70HN*Hkkh{r-age2#4is?&brZxFE4mt{d~XA3oRE{K}|8(|yr z^o-sWiob%}bQWbYG6N@|PLYk%jw#ELjT1~(@#@Yt4U^K`0djG&BML{K*6y0cpr|s; zN7@yu_JSGu!lpTlxz6%9O~bhfw^j9m)V1kCHTQ^7c_5gd#Z1mnsNzi zf`nwnVlZ{--bB6tlDn}S|4PhaA`If=goM_f?T4|~rc-?N4R#I-aw5)Ub^gX%%uR`y z9~o>Wlk@DBxSwnqlj&7{PaL=`*4z9P-UP9d7JaG7@$t7C;D)@8rq$$1=<#zFwBl^D zyDUxSm*EO$AMK8#b7y`gF{b2aF>^bxDuTNMc*JTGXGScJC4jv6@RV$o=2Cse2_xzG z-7wa+Ef*Lf`?k4Xe*AF}Kq4B6pgMexj!spb?<9jD4k|@yIA4Gil?yIKNr6n76qTVQ zT0B6CQjz!7?oE+F-kQkRyq{>VT9(OyKgh#CCR4;;czooqed5^9n$fUS05zJc>Y=bz zOWmMKy#fas>tL=|&+OCJbw)FCO~2p9%N~o$x00v`kwgD%YNb82gi6e^sy{y7y84SG z9c|jJNofLr52Av;3n&H@@#RJEk1zcF2EBkHjm-y!yFF24xD$5j1nj;k<3qmd>GyVs z`CVp2&!F1j7i>#BgYLhGEdZnXkqpcUe9vX$Y@ChF;I~j=|H*#_G*0%@r{Q3{ttPl4 z4TXgKwBZiPo~W1jfaTvq>gvc|nPAsDH}Tre^Qa6L>fSDkJ#%P;UmS+9Cq%SE3V!_e zywM(B6BXs2AjU&@Zgf!fRC>okVj`y@u$^xSN@?a8GJ3@rGRja2IUss*tUxn$H?iY>>eu&6d>(O{@xtwut+ zA82#gq<0Z+gPFEOwgdKhS}=dMqEQ43zzc@Cex72kb6LP;Ev5UuS*904^xcS?r|pH! zYj1ha`QfztW9lP4wQ7iuWcI?ssEAa_l1O+&`_~&1CiJix-ykppT67J8<*X4kfg#X8 zD!_f6sBo!@RKvYlstfWScV9dC0!`Fn_~}U1x?n zXxC3?{}D3pI1a#v5l4lksCAJ+<5XRK6C#Q3R>F;@Y z90UV6$MRyi`t7B^j&rZEP7z(m^p;ZUe%Av#2XB_RmOTyb61MA5V#cpxczi}DC{221 zxS9Q_Qg?hycu!r}avs2)a&db4Wg#*j{+^1tyoWREI3`^LJ^5#%PU#P~Xo{^gcD@G{ zOK98Tw>B`tIYOj)o!IO%pqfHfORV{t3oph|^-sFO7TUP%w0!47; zmu65FqiqE-6|3(M#05m8iYzI$Bk|IO77Ra&q*J9Ft(kK_k282KUdBVrWc3n3o!-#E+^mAjR2EV3s| zJ^G*j3Y*oF(37cKtoYpNs=O;4+>dmNDANDr1+sh5iBe6#;OS5ME<8cs9rO9)86U5S zCZ3vVMfTA^hb8<%y2uIOqAa=tRO5&Q|DTINhQGncZPY0sd&(^)-Xj~o;Le_VJ$o;# z6DgyPuK@aG*{!@T3eM?Wc*?SMe&E&sZY;Fort}Ne-Mwq`jqw|`Cbl+Xb3n9Wg*B2y zna-XOIM#?{F{iZ45uFRy?d&M42&eWhf9&z`%Suhf!mx=xa~HV6_cHa~m))|I%8J;8 z+!bH(-xqgoLKpiDBlxZ*CuXHd6sjZtG)9DC%Z!RZ?<$!imwcSzCBU;7DR1hfd<`dwXIeSj=9in!A1CwS%a#tIn1Oox%7XBHH4M#e;(*effOa>J7%j*TS{ z!;=pvdvlF-6E?*bsr(uj6H9!`Ml_s$?gE2+|79MYB8z{#XLFcvbnfKT`9*&Lss$Lv4=QNhYWl>Vk zERAxAsH*-tw;xp2-G=9DniGDE&&H?C=CZ@xqBt3i?rsl|?^J6T9kIww!I@Fh9TX;G2ALTA*+~Z?0wE(<>o3cwZX+BpjfXs;-MO zrcW6Pj9t@3>3S!TFu|4TKJlZjLn?Pre%uv(@J3j`ChdB0zE{JW)K-OlzFd~k&-}c9 z^#rWrcRdlLZI`b3wj{dNA)481r=CpxM|s)R)h%y+@e5NpX>|R;q$%lPtjl$!k^9oz z($ez$us`;(`NfqX`}}INsBU(??TjUTwOQULoOCz+a9e70}$_rW=@b5gel^t6A1 zln0!Ie4em{FsMp!Uf^*P4#r<1jo*XMhiSL@DpMJO6<%&vCs^ya-|zfvDuTJI`gFAE zp;4mRUvPFs1woWiJW?KFe38ci!+LlqS<+~{&*XkPY}55}nHxzN2-Dx~!gw;{-GH(% z?T;pGd>TQsg7(NFx_sw-7wnVk^m0F?fX+PG^HPB((*edzUf>CU2rEj&= zLCs{wBzVv@Y_{XXq5jK%8FaIH%$s+5_bRBqunyvVrylgPngV~Vq6aAb!+iPm^heo= zfp6;fXO5%9W(ht7Z<4`8!TI8NVr!c4lrgrBz`}clc1le9;B`cJ%Tv~8$H_jUJT7X( zSB7=D`F8iZbU8{hAB3}^7<7nOl9eGSJK5$5WB@O{51YmFCv8rsqchHfCO^$4_Yr4a zf4gSBG`(?2uYc024{G6Lk%0mQ0D|58xUrZGDzZicJ=o6~xWu$}hjyK96OPCwJ1sD> zHDfOfL-FLfEf=f6!SnBzA7;2c&fD8cd%_>kUCB3x``!fM~937Tz)|@Yb{rW_qZ*{Y3hn z1>Ts?lc9aFitlLvL#*ZW)o5|sRVMX5|2LJT=07TnV15p30$uA6AIDbCHjIz_t0RZ; zP@a1CzXcjfmzHy-g$AJ0`<>nqP%^o*MC|Q~yc8&`)-2f`TdP7O+>siNFRqHo9DD>^ z;s0i)uqXSb7zBxgCk8v4^qc(edQRZX1BnQBPoy?~;U9azM@^1CjRf)Yu1ha-oVhcEIk~~>ep3Y* zfO5i!e@QB^zn=qE0SglBB11Z{{;)=h09BtD;Vv+h3-4Ej#t#g62QSkOxO0VBnZ67V zWIfxJWyvt&rPmr-vUWX|-f06Jbiq8j%_iBSF}i-~ymUi)yauCopjd%uXGzfSdgS^! zvS@ZNImjeTP&-r(xzyqBkRHzg%ZlOdM|{VBAndb+_^_9R!MB>8D@kV~Da@llx% zm_Q77E+X`I2NEBXj%p)7FNvh}*Uvc5-5{%);YcmY23+uiV4$0&k;cnYn9`A%0#|9p zl&WRs*MO)r4f)u;T!M?HZIPMQ9#=|zbE?$4-to%5O!bOe2o=?R#l38Re__bTX-~ zagkXCJ4TLi$<}4h(XqY^DD26WF~z2*9x;mf|>zrA8PmvAb7U3MQ!Y?u_#+If5{!V zr3qM>D>DoReuy!U;)(gjzSc>L{;l!75d3q-=im1>8sIs>oA`rlOiU)4_4MfHD%;mPKe(#tgDp} zHI#P-B9=IhtApPS;294qN*00602a@$J_GOwC=73ny^dSp^COt{@g=4mg42d1U=NZTIB)LLXs6B&1p`#TTJmDQ8~onbIU-g?8H72Wc#m7%g35+%B<^MD=|4^`XEj*4Pz(jrAD9ZGfA_ z6KDn)hq$rN@1t>Nj310>rezW38HxxIy15{^*W(Z|39MnDm}D)$#vIPgNX8sG)r7`K zIE4(x{6U9CM1#IAFCL6&99&;f(N^fS*#yVUnXuFkt^bS++Y)qq?$V72q0VbIco6Y? zH`kWBZb+4!W+RRsLB575XUTuGV8AUEP#SyuiiOiyYbvmm3{^y7^CVFu3{2Fm#5J({ zqtQ6~#nk8E=7_Qw%+u$3K`xG;?psJ{WU4ooG>V*_(?L)i&-bSLxUwR&Fe?aak_BL| zL)6k@4Xu10uu3$%*2_CYnDbdA9RAWw0H^rnVK-9 z`({K1-=%t|YZ~}se_Rjb$95xAjpmoz7|568>lZ1Nh+{IgHY@omB|4OD@B4-ea8OXi zDDsi%7cLtpLY}5mzD`oGC)h`%YB*8~qR5m8#RFx@dr}(bC`iif-^Hj0QnrWCZ6<#SZlb71}&}r4WEiO?JO+b z^~u;sc9Pz0v)Q*?2oR|- zN@cXO9}!C>?sNO#RLcjWxC-o;U4bD{%aH+bRO-fhhEy8He1?>o#@)G8TE==rl-h^c zgj72J=yb`t4Jh@{fu*6H7Jzjc4u*(D8NB+jC`<2&Q~ z(Q|>A1Heo1SFIGj@-U?e6tmkok>kFsPgnS#*pl>70Oak8;lAdbq&3sxfzIAHU3eDN zy#y`aDZ|JmLxb5MYOn0h9gt?o`|jEKRAFlTPWwXIb+s7<-5 zko$4vlu`AfBniz4#vvyrQLwgV|VNuYlT5t!D0+Nrc<}B*LJ$J)2X)3`6v1 zYN{yvsS`kkAG(WHdotrFj+Ks)%^hJ(89IA<$ME)r@FLb-+o`d`UeEN+E_`HA%2NVk z6z3gukoh0UVV@C3nb%kuR*jR1zRl`z@|g(CHqpu`(Hr$t9vS#G+4+x};_z5&HG)tDRa9hR##6quV#d5o zvnx|r$7e%Rag#jsQnM?0bkUPMEVC=(#tq=j4i9`p8QkEK9Irw7br4>j;Wp`S zdd{=L!m-ZaHD*iZfXj52H!kvgzH~H4=lg-sB+e36I~>QGwAXK4<|{Hmd4oKHStE}S+uU6AL7uP)S9Gifxq@{&@K5Y$`$2r6 zRed~9aO%VawcJet)vnv(wdT7B zW}!&abK75(M~-^V;P>4^gRadu$BAARhz@Hk36jT<+N#^Bdse$nDQRVY6qJCfLs5w< zuU$LIYfvIBux|u=v9<~?7|0+YI0@vSL=#U#@6Ah*yHY8kdVG)hK%zOs#&90WWe0H+ zKO>SUTlJu;#=nG_j?&2Irr6&-T#n^AfjT=z%MX`Ps1O}#%)?BAb#9y4mlz>a4@Wu| zrl^yuNA*}+GnB*Em9#p~CET^Figv7>?TvMkj@;vXx2N!%c z_>j6GpP5cgY?7v4!e=5;DCQzWZq*cL_y^oCkh^||=Twmq1Pg@RuO@Kkh>(Ac95Q`#vv?)d2#nm-i#rIWb*_7oU z_m0sVm~>9#-j?;Xj6!}*UnF8^9efeqeoi^mxev^3ksItOvVct?*l^8yztiT6~Dq1l7=x$A-H^`n}lJ6G>`6@wxamX0wml;L{$ zb2wj@k)2Jwc~n-(WbW9-zWU9zrrOuA(Z?N26Qj{+Q^o__+2;*=@3@QuR_SVWR=^E@ zsBMfzNk3prG6nA-_zRvogyn=tyW; zknU0rL?z;$*Nf3z+?wts+~B2o&RPS@QlDfMlrb>0#Tbo$2<&fr^xsGeq@4Dda=nnW zUf)LWH~32uc)bo7%8iSyZm6|a8Xu$FNi$DI544LG+r27ZAkTBgkh+kWj~2N>=mUjm zJDxGE^c6VZX|1z+z2*m*Rf&>OLy>Z)1D3;Qn44+p(LC-k7;-cKO}YME<|M#6E+uS! zRpU6G*Tu;F?|rlHy@~dkCv0i6q&#Bb=%blen*vqTkf^lg4aIlEV`}~n*IaTph81Nh zjo;Bb@-nW^CHKAq5Fc>UA`-vR%#t!M7M1h=P=Fxb(lBA0Wn=+sctq=MRqK2lR z9q>K)+<3TDIdLQ%_;3n4!0!?pY%*(0amyVi8u*aHCKLFu4_SJ_xm}bYs>B#>5{NZWL=lX2> zwIE{=r4z#;?CWgLK|IlKG7ON>pX5z`+PC4z*(DGeKN;pW-#!> zv~hDfyZQn`u>N(DsA_|T8u#z^Q+b!S=oK4g5nJi>ARbWOxW&ID|W573ZpwT+XO>9~~up zykg;o1~I!KeWzu(7-JPl@?cMRrtChVn+w_Hg@SzO;oy53$^o@k__9R4Qej$*60~gy zUX}%4p_ZYCoKQPMsKU!2R|$P}D!M>-F_3F~JZv`v7w7wkp;{g~{7zBzaGjXPg85%4 z7PTH|?+BhS|MsugR!oi^AO5^-vNmYvRi52A?v*f2*S?A_h9 zug9>drQ^Pz^@nFZ*Hsh-PQjkEI@|ubcBvl z)x&}lQ>TTgfFkXNw51xnlUD;%Qh{~O*6PIvF^qkwpKql1dGtER&{^X48$ z=ggOTX|?lpc%VM|5`sh-@8vO*o^M>oXUKiT8Qd?x$7hB_|Da5zEnf%6e}E_a7bZ2V z&ad+l<8Zq&#-pwJ*=?6Eh*Wehou6SXo!>T9D#^1} zD)FQI-LF@oFccJBl1ceHow;-#(d1t(4wmwXn%?l&RpbpCVH2k`@oks9png4o%q9Zn zs_r+XTj|6eJ_ou^(*pOUL$>Q#SAUOfIG<+XAXPki-PNfdsVbv3w1-DxFn7Yr4I@D| z?s3mnHjtG1&l0_9rl>6Ci?A*{o{MSt-5fdXkjQ?!*nFOroH%oq3DmQ9at`&61|jjh zKd40Oov1#BabJXQ-oi&TH`Wq6?=+26xvan517vLmo5Phyrben~*ej?bm12$qMdyO^ zWh0f&i^G)|CPu2nZ96$J+O|GF;Ckx(7GCLiC_!0U7ulUN<8Ffff%M2k{6W<##A`zR`_#ac$`YJ3N1OGg? zJ;Jzz%+NM@=B|jC)$ZElf7=g)Zv*wBfXZ=&>-xspIUS_^R>tzx%|Fpwz(tv+!3Zlw zW;yiy@l&1_w8s?9J<*ZN3q9j>zK>u1h){}CAb9-?twu90S31~aCdhY+}+*X-ED`5 zJn#Fj+S=N!T0V3Y=X_vls?T&!-}mq0m@=;!r(?2qbLqjG+89`!bSj$d6F{fM8S?Z> zTNKqLPtk3WuYtR=F8~kfrg6KihvD*Kh>pw>ga`*~ZU z8kNiSNbu{mIXT}p%t>F_`IoYd!|&XKSrxy~FihC+5T5AIdn4o$wjzmK@cLS9dC{Wo z)%NnD=~uxRn$b7TFmZI;?-CZguC(_)P>iZ(hd20g>!uC1Rt|s9NDx3Wvu^HOx!*?B zFqjXv^iuVf%92eciQH-D>NdR12=6%`W4a3KvEM~x`5n;{1-bbiFQEFDyfjzQ`vEDA zC1pw?s~#b^neluhqBFDt`+f3wcwQK0pC7$<(O7XmLVj zR?u;LO4IZDUk=;OjA>lH&Aqld$Wt=2H^%|m9|ADAF|erWbtbr!mXU~wSD;nd>+Ml} zxZ65tQ@lL#%{x!j3S+f4>(e2~5pY1tWxVUZ;X)5`M{Ts=2zqF_7WBhNlF;*cb2jTm z)uI55cwM)4xK!h}d#7D`D8iGz@l~n*PsX(P??&cT6^ZF)9UkU|gcv0L=Cn|H(`!iy z^mGIJ-B23*<9i~-AGq(N`%l1P{;PTeNig0)!FQ*ik&Pt>0rwv*h8yZM5 zz5CWQY%3n?5@0bDIu4c~lg_5ZZOXP1a1T6Ud0y)Y>k(Q3SzH1Q#IoOgnHPvBscm6> zKHW2mdy4pkq7pbPG0}Gr*-p!$Zsv;fjgicJQm*K2T%2@`K=HfTPUPSTMIIpJXE@5? zR4A^wmzUri$@f2RrBF3fwnY;U!Zgo~{+F<5Og9z46AC-fsB-Mn2U2o{KtdF1ZPHYw zzIJ`O6`7b7_=LqZYeyG!Ihs2nO~)yDl-N(`!`xQ$7-4zY!Q0Yy*Z;y5cA;cZ=`3&^ zc+2dVjYVuKX=kGdE9gsx@E zydasUG|wj4kHAVWtcY0)OpN_UZrI9=Jm01V$^;=7^6B@sn0H?(>RwwlGi5uas7+iAG!4CccdkbN;`x6b9HkXw6|tHeKq|L5L%fas}zsbH^BDi1o?l`a-2* zs>I#8M8bOiF)2J7l?j9YXO$oF4gR6I03^fUi#a1iFx+ZKfVGuJt9>Y-EEO2N@+0}x z`053;o=&ONS%LS>;fOA>(C0!Y%duZ}XR8({QM0~Z?bGVF9ya%btoy(upE)He_41-4 zP!z!why>kP%esyU|7sK*+IGlzD93sdJSa}60J266mdjDHo{Jv^eTa;4Af}4AsgB|8 zzN-Vw+f!tlG3qU~U~$qM*a!M>EbsQVk0<^+P{N4F9%W$$2#M6G@^5rfF^%;0|7i+H z(q9*bmt5kDgQk2v`h5*VA=2JF-uf<295oQ%E*{8ibJbaLqThG-#eN3TL~@)B5{_@J zn?Z}-+jQ%2VA9j1AH3r-RBN`3K)P)=D3y?-P$wS7HLE9)Z{e1=gD?C|(M}H9{=xsrpXg7o=?-?A z2Hw!uz7;Qkiqiu6Fjm~W*xoQN2( zsC19Dn8T|uzikC8v4&ZkjOF#)!tuPD;XYXpc933niz7uM&aucde-;?Tls!jDp~##tSaUnOJplrOTMGRWq7COgPFce7zTLaRL>v3M{8 zsX3QMx@>`v@#eiSRX)c~P-NC(#+pek*Y5?2{Et1v6!H^2ZB65_vJt(Jej&aKd_MP@4}d?#fe~1m|~r{dn=lS zP=_?GOgyW2l=IM??lhP6&k%q& znur-WT_mMbR(acYs@$Grfhc$ilAibpq;Ytwgv9j!QRH6-s8%U{JFUgEPCT3dMfmrs z>9>PP_gGjD%zoMb#=1Wb=9Ot#cpa|jmQf?a8~a$8-{7#i#`fG}Z)MeQVG&?in7N1$ z$`#xbM(b~TVS$d*Dh>g#+HldDB?}30kov<89nkyP8U3&h^#r>MtE>cTy0~^Wm~?FJi5Z@T>>C$YFYgYl&>t`mHxOlz zK97I!hf&zl-Q8nWnWo)FMT}EwR~n11VGgdOR($~; z3mTh{b-sl~v0+WjAxaClj&?@kql9@ql1=!zaR#CCclX-5Rw2(}?*XIRB(M;Ku67S; z8^z--x?{l=>l40G4WH5MTG;XMx894=DD2q0!0uhpEGgvWJY5@~dsFJlH{70_d~e#H zbe>o9U<(`Kd2^lp1IEYW`g$t$54IBIEUYuIcG9$slj(88M$cJYXf0)T%06yLCTCaq zB%A-@$<)xihVV(#jGfNgL-~HnQwJqS?g30Jb=Ael*K1ruQ>|On_0H!1*bGU)W^lI( zoWdCC8i4#%GwNJEEzZyXdAvKFI|APx{_pzP?nbPR$Bn4X8Q|VQJNVE#SG)V{Y=0BaOE3*@ zK8wJ9Q+EnE(e=&6W1;zC@mUi2B zhWSI?e3e<(WMNdlCCYT+rCXYaUmsLKY`c2pgQr0h%5YzWT&cp; zf^KJ-#Lf5C%UH5D7)Wp34J}{Sgm>yWvQxj6rs@vQktiuPjf&`d?k1?L$;WjjiGUCi zmkyP}Qmb4&P+Y)mKItrPOZ+Dm4`gHdi+6jd_)pT-SX5DOS#M99G`{K0TVag9hkL7$ zM3j$@FrQZa9bv?a6%BAmQ1~;VrN!IUOaBc}6iDwZDnWa{$&;^wh)fBux~N4;3vxOjkjRwn_dL_Kj%^{cj*_?a`TI zH5w>pFWC_BkDNiFZ3;iMof3<{JRm^sO_}wX?RsQP7h|l!=Pl-2YN~nYv}=x&Ap!DP z%Ey;m=jhZ2;fl7VDfov*bgU$`nAOc1XGFwQJ)cUfW_wgWhf;%@ljO3 z3@QjAF^>N4oq}@NjPW;Tlra!6q^OD2)N^t%-WHV+3PFZhfX&0g`M<#A;mZ< z=eV#@6923=YBJ^&3U%yWwBjMJ8gn96GIti2028O@;_BZsJ%zX$+=nM0V*sF_Ink35 z-T!dM7xU(#)8_h7OLhdV5!dlH)lqX*w!*yv6!+BS?wNN;FDr-t3>$ z!-dp*uPx8@(3__CZzAUH#eYL`C$#^l9n|u#DJ4@x5KSYqL=dNYz%ixn!2=U$X;}=6qp1B(tV+lRu5>=PJ+OL+1gU zGw(Qzsaq_+%VGT%49DxT-22*wpMIn$OdjIR{aV?l4Qqs+bIw+|Cm0tl_X|TkcD_FL&+e3CfzI z+J-#_pHO!_|HTqNn!PhSEW6D&mH87%>j(x<0>LZnBry(?y6Ts#T=&u~A~xPb&-Rf& zNxCOKD&B)4m9&`WGv|>U{HVz9272^i8~HGfVMY3>QbD=2u!^CtUq#u1dhXBDrdlfZ z0*sup%g;%xvYV`(d3WJ=$nS;%=!6Z&-_D&CjrMEwB*hHN;JKzt-+HSvRg?KJ)U_Bp z#Knf1>SB5v+*t68k6`z+3R@=jvFSdHZC;vMdMRe$H;B27Phd^LEP2m+Z#9@^P`j}V z)?<^rU>(nD2b<;Si{b&{JRmRe=+*k+@-Szi`PRa z<<^all+|{+#RKuv4J-pf8-h6l#aJMFp`DN=YEbW`(+5haNPQR;+bw}o`s%r`CAdQm z{)Z_8mH{rlf#d{d3B$n z;AvYv=jl%SJYJ<6F8QF8oaNXniu-nZ5FNORleHq>uLdX|&3C z+E~Y5}$rc(-xJ#Xf)s0`B3lF(^T2qo1)5(&n|6JF5nH~D4$G|T}i6H-K z6Sb{N+#TZ{XY7XVpxTbJyDI`KI)JxB3>&)_F16_7Nidg!2Rh`~6UD0K+zDw7hA2K5 zZFm-NQ|@3?^y*{hx7P%WE$L|>oSfL~5DR0E>BzOtjrq`d#A+kRVK9#e8X$73C+`jQ z!lm9jc#ue{Oi{j5r0i$n7KGM3{ltiVi+a>q&PMjg`1j7Wf-c8)Vxr;xALOuHaI>WY zc{94(SaAb+rQ*p&i4@jX+M$VE*GY{svV+gN=#LZt=@i!%eQ1?fW?ilCvfr!k3=f-y zb2#14%aZ2cMe`Upb7-gsEG=FSvj3}c5GvR~c&2~34%UluewfTF&)%2`8l&GMg?Vu! zwBa^GudYB$&D?(=G-tCG$QnV@D(@cA0!UB|K|Lc&aluDe_hJU;z~?fnRgG0yd6A~$ zb9I$tt?1;~>@k8vv-C>T;B5_G9+d~lJ0!A+Q0q5qu-X|2VNVCzKKflq(zjTUxEneH ztwK_t_D=o$K#oZ`51I)y|7`R578`|z7B3|qV!zQnC_ zO#hD=wqKCV;Id0~tv;o?whA7k`qXp8zl=vXLCczr@N)!d!Y)L}VV$9nr z*dYH28XO)5vkSM?>={BCXgP(ntfBHkemeosZ}!{GyA5Yj?X;u>O*1Rlv!@^G3zOpy zynb{y#X1RNR9eL)$q+FJvDTlcK)D2|T||npxsLPc;EVDazEho`ITmH!8!?q!84_=Z zzib%}P~|rjNf$pj%am^yhLp_a)V&>?5sTcA2i9f7M^O0f46bj=KAO(xlJC=Nt5{$u zEsnRW$j<6HShM7ErmaV)PZ4C4uWDVYf$uZ}cha2;uF0{+#M$h7;=rF`ZRe`A*~O&p zhL*Xs%z;2#U3_vnKtF3FVvun{C^pd4-gntwWAXx-uai8xU6GQdV{Xoy8~& zUotEBFVrN3mm+z_G;Z4W+4ReYMC!~jo4M8p>H)a%$m5Y(A9$VJ+vV<`=mR~)ykz6g zvDIW(PZc@Sup`nqrFK?aQVD-88js-Zy5q<`fOQ{UPyHE-Ki&d}<>u2~#ZH`*PCxmc zr7m6v=Ux9`W|6Pt;O>5P7ivsjIe+LEJNAi=_UZ+0Cu3yfS<_G9JEioPLBLJ~!W;pV zg7t{iSIMi7A@)DSky%8&*W56^1&;BkNYY>sE;1h;BK$&pP-DY|u5`^20Hg_~wfqs+ zN4IRJfCeE%#Zinbi_7|ii?_~zE)_P{L){MJ^AP^aa*Szt&SvZsB_H1YGeAPETXPN% zMvd_N0VsK9_A(i}a?QtbaX?K+g=MCNENN9!`)J4cs%Bc*d6r@t<{T$$vJ7VPR}irb zu6hEf)IzjS~h%{tx_yVcrBQlzhjM2BN+VaO==&T zxzXeG9WI@W-eHS)&zNsR^vfQx4=zZ7FZ4`I#C1Gigwo(G1PVKV*0qo7_US&TVANNa zg)AHLcgt$nJ*tr)1W;V`OXN}BnBBM;Ve1HiI@0Ag=RJ7lEFo!8O5kq22JKsjQN zk;L+xLHyvqEC;E0T*c=|a=^#du;)SQVc)?QF9R`E+4G6FcDDtU=6P|(wt*AWW1Hs+ zf2Rf(x2Z$lIeU&Jy#*KqfSPqg-CphZhrtW-eOe#0o99?oE3P`QCd-sTJ$!h>>+=(; zq;ljUN4l}8B>-txj0fT7_(r7+)A;uF_{=ZwkSaCowhM+PD8K6=sJ5L4*E_)zP9wy<3y!7<)LSy zSD*fKISHic0!BHZNn>4A{;SrU=G_<#tl|_UO<2>HJPe#@5KQJJjylme2JI6_P*;+b zYR=NMTV?-4@ZjiI1KE~*$}eY@;60;g4bgZ~o00AY@s>>}aP8Tus|ta5^uTw@tv!0_ z%I40VEuWlkHh3yp8u#LA4at^xN=6i-Zi?6*T)#&iiOxY!kF?QNIFU)LxX0b;-Fos8 z3FY}VAJJhp3|`f2zj8cYz6r6X!~BwI;PSGuXQt0FkjHMI0h~}jZ|q-QKk^xM-=9UO z1rKTVG^SOBzl>JRcwoJ4Umeif!DBy_lb54_Jqh|osD_LSYfxro|L>5*W{PCeB@^<@ zcD#E=1^*;^XG2uAngKvGdmW7V)}nX_6Hcu&L8;7-80y0y;a}1 zp7|rFu{GeKB$~%T^5I*MPF(X@nG3u~M^{78F;|jzz@OtvL51FPMO;b=#5Zc4JF&6( zbR-ut|9~8Z3Z#)pME+7VxsmVxRXd_{lRZ8@e)yeJ9bV49if%higY%0OWsPh zx&AUgLq3{TVkb<#n){~{Q|#gvgwlFi+hzfjT&iLATfxt^vY z!e0=^^nzBl%I#8|w|^``@1DdXGzqI4K7csTm~~$kAtAu@U8FY;^eL~kqcI_2DL0v- zzQf-Mv>92}tYNpgpw>Pq9f%Qiq2ciolOtzR68rjZ*gw`R(Kr+8(5rCPmXlu2kBZQZ zF;0WVpH+cGhtTWwO~j@+(ES%V#O0tSgFTgAks~37J(VX}Vue4oOr1CCb84G|w!fWQ zIAL&ba{nCx+|3BE50kUaUT&4sHtF4SpRfAPpTr0SBz2cVRBrJo^0DYLXVIB}&`BT6 z3yi8}nR7V{Fd}V*YpyhzoWyE^2lg;eydN$U%q}5avv9a*B0sP1x8i3Sc0&jzaD0!H zOWM(4%7~J+JpS<8TG;a5Ip{u_c*+b+8KhvCI&qXKV&+war>!%v{`eIP`yZJj3_@N) zunw>1OL4a|>14{ZS+lO}0}QQm5fzrBRiSe#{zzxeOnzm$UyD1~;3il3@PKJ@&>*Y+ zp1szWJw@Dgd{tf9tmjEF-Y{XfZtJ4Yxg-Zp*Bdpb)`FZ!8AJ8se;{t~Jt(!(^;t zN@AA<2mv(E>FTY16ltAZJ%T8x@bj;yvNXsum*|Wowr%MN@pOkQBRFDgoybcjHX;+d1# zat4qA7E}81iuUmVYet9|aP_t<(;5jFYEHY%dqhGqS?iOJ6(gc|N|Z`%(F9Sc3bZEn zw;p}3Mtb~MwT&78Q5Y!TMV?rb#^mL(BZrT1E2E524qqMaX0}7&u&Q?lcvE> zl?PLFJdeFU2F$)UtcGkg@VK*bkehY>7ywwmnu0VGgrS{{+mW%Y=U)xr7?$4{kB z?De2IfoT(dzmiXGw8e@0WYrz-1sLfA30*%RdB3Ns(v`%L=oMH5lTh+JlI{eS4O=kT zA(FWmQ@eNU(i^g0Fkdp`edso8#l?@FXs1Tp0CMr`S*+Zz;{>NF>Z}dOrg`y&BM;Sr%YDJVh(#&LOd=N1+2D?BtqP~PrXcLIZ2IR( z)$90ZPku1yGU)nDQUnERIm|QQzRh6f75V3Z9|igvoPd1Ob?gRBhd83;@sJ&$4%1H= z4^RwIhID`eJkBTi4sT=$>$n5l;Rg@yMf=fjv?vAg0u>>06T*5WusMZu2y^rq8s74- zcEP zdOFQePx4z@O^hOB$*_M=_f(Y5s6uKDbcN1itYz&FnBOvA#AL{iziqhAiID!__Z6ox zC&CeZIfwmcOt>qW1za)9j(?4)-0eAq8%2D`%pI|!AuF;OU=QW z87O5XTaMW7DXAKtIpzah^{$+jz!486MdGsizlO!w``M73t8)n1s??as{MhYpCy(+B zL4kC3!Xsf~t_}w#Yk8@ag=Q6{Gng^&;bGCaMO>i0neBJYDWW)A)#?rNVfUTU%!Q@x zFyK;`OY%1sI#hANZIuzUD>I@13wkl|-Ehq6VjCK9-J9FS<9WYw;k%gR87uH>;Vo^v=kWd{aPGk_Q?QZecYcvoLprOQ8tB#@(!Kd zZHzt)oZa7B^F7(}|7JY9Sv}l~H3G-2pKa*daQ2)M+=NP|qbNtZmlU4`-F;q2MglQQNQuRs~_8~!~baJhCPZvui#D%2j5cJJ)MfQ5zKSmF{0v diff --git a/released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc08.tgz b/released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc08.tgz deleted file mode 100755 index 6945282aaf576e00f805481a3ee95dcd18584b47..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 26803 zcmd?QV~{0H)bBfOcTd}xwr$(fwr$(CZQHhO+wPvW&C~Nd&l_>#p8Mh4&$lA>irOn{ z*RH6@%=OE){)rn7j`ZX2@kRE7LRVCdR$uftv!p8D^KWGf zGhHhKR|Q#XE>S}Z%OB?->d^~I#(v6$@sm0cx*G5($& zXLAbP9`%Pqoi00#?`E-1_V)I77v;(yU)EMuS)X4=(k$Mer-$X~m)+Lgt}nOc>B-ff z?|-bj$*q!3xHr_!T3$|#oV2A$oc8NNugLrU4rnptW9u6cx32mU3H^+nFvEsXoP|Pi}@;X{>{o8{Qw?AOJi#hF(Y)zBp{`%_ttV61 zydN$~m7F@>6g5gMU-g_WC0uh=1R{KFmGs_(actSfkwg@didSaL%K5c!`MA}ZE7zC> zR`lF+VKrS(hF5EMoVxh>em-am!7SahxoVaujg{x2HJw4gOCg>nTIQUC$t!+K~;2xWrmUEm_2OP&WjCec%~qP1buZB5RZ;oa5SM`3e&EfJl}2J5Y+qB{KR zWxG7DjRqS6m-Ga+WY+?{pk?JjQhRzOoe3=pn3RsZPtqQ-LiXR2|brNnCB@R z(f!y(IfJ`I`72-!`?I5X$uk{8V|j_6omTo&1*wnE^HGFnY(~6N{IbX^w3DstBEZbi zJQWEt#TRCSrK_0h%zkaDu2Fr-dQP2MUnW|RXVK{gjCqT#pG1>?FxuL_S7hFA&xM0l z{2(NcZmUAXk3RphB$aoOo=XJ>3Er|S`VORkw-|_RTGkYQMUF_Q7|~OP41%IWlk)rlmN;b z^dT$!&9*8;N{C8`*!95*-_ATCCSzwF8U{&dTGtvp5Z7w6{E2m`qv34zpZ%jTZ`_;Q zZ0u7-!0La%mG!E1r4BRUyqK@ip#n3>oT=+XS*z&lP+g+xh$ZLC%cxh0Kd)=oktMMB zJ>Xx8@a9qMfI{25frV8DW{BVrMe7Wp7MnX3%e?D2>`?6WhJDshz_fJt_H(EVXZ`M_ z(xacT74WPbUOE#?{;@QfBUa=S3>P|Vw4+@~n=4?vUDX~K&W*epJ_;v%Pz2bW#)U9T zI(yv580J!PaM&cTxD0yklqG2cIB3-hFG3vbnxpiN!zD?}IyI?~Cqc%`rsQ`6z5s$P z*>D0E30p)GX>woU*~%EkmI5k;`Cc+$5*iXL9PubdfWc*^O&zI+R>|DsLa^d;_70C0 zM}EnAhMTU>ix7t0VWHBm$=m5#6$&wkq3KEJzuHJa3yGz&l;*0m?7LngKG6YCcWXl> zXVn^V8nye|4NABIH>GiQG|&cL-2_O@#mawA!*OsNyCh7kmVRTR{qhv7ughrjNY$3Z z`U+YHieIeK*>XPAel|Tg#It*$D6Ky~YE#>$80WS@OlKt5($qOmcN1?hs8mUuS@I>0 z&;l>ruN5+a@|CK_4s0X2t}?HWuc5m^E7*z5w0L*Q7ow)c;=E8O?(9P)8BvQCQ`dy9 zIy`qa`D)$x{t$JqNOr0gEt+2j>Qx<|3^+76Hw=wShg3IL8pRGe7mChumz!6m)1{6SIFPoa%~Z))2~q zidXodJA|wv-Lu$}W*2$6H^8!y^=dyx7ob^;JSGoi>gfX^$lh;AW*sCHaw#;8L&wk@ znsj&vMWM$%N0gSY-&4PbJ926S=Tt3y4fQJqgvsT%L~c?m(TP87M#(P^Diy*Cohz)V zq(XvH3FGeOcTL_6%`PC;teq0 z!-&Z!A^Hc$#h+{Okx?6JnRc=IG5q5PS>Mm+2b&e_wH!vN^#-Ptjpaag6cUM7t)h}W z;&bB_)9(kxJ>63tl}0k4&dTSP7ijqPyI;54oCTi%eYQ?XG2C$@e;T~ z1eY^HeVOqk&QcVinPrQH>&}($#PkJUSV&I{9b;^utf8YzDB%GOB%gkS;mZSSF78B- zW($01H6Frl*u7N)hHvn>20>iC{Dj8*GdUB>ckOHC)(h6Q ztC7Yg!Yd3HsHUt(b=!$EM#TcHP+FcN=W_!{J7WU`b%6Kw4g`b~z1jK;=|lAmtK%8) zsGErGxCLQ)Oav#H@L6TT)eP(Pu=LW30!vhPQ=_lHme{zZE|WigI@9IMq1q~81GE7@ zVg)R$nvizBDoHe1tXFz^WFKjR>L**HNZ8qc{mFKlc=M_%hT~b<(qv?6Bus5(;{xU` zd@volU17kSX+MhXFOPt98t#aj9~BE@wz)mfCt9ez8h3J{yErHT8)j!H0qzm;TCnxA zi*Y8xCiUkSP2!ZbL2}l4D6GH}F`em=Y$JaH0eO1WjGDPXH1Ru+5Jx(ZOZILw4A6G0 zk|_i0kMXHP>nD0Lb_-=NA5}_qLg6|@JP*pkVUU^+`;6ak%$YOKeS^kdKu|AhB_|L} zBC}A1Z36lSuu4L5cAtYvFW5-yI;~j4?Df&mxQQG_JR%s;UC1QE z?WN^jddunWee7K(ExP9~)<;mK=77c@S2akrjW{-D4W8|$jdzn}B^659)7IQMxS{E7SaYW%??Q3)zu^9=^CSLFc6 zW!sPbC!f!|r(ct$U##cVE+8X1AH&MqpD)thudk*b!#tbssi!>LB5wz0JeQ%@t`xkm zonEm_cwmhcUvH|&BfBix*dsUcFclA`M53L+g=#TE{8XY|#$V*Ej(H6|ldXCfam&gV zZd{h;VPY?bO^O^%R)q#u<~>%8+nDs^7_d5>Od?)ya{`ZY2Tkr0BSQ)d-^fnkdD;ZxQ=rHwp% z=m>cPqFS|z<`wE@Dg;JsM0r{KfhKpr=8q%y7c$(*j=?e8>!e|bV-r}OFWOWMv{oz- zW{CcfRMOFkFu+!`>Z}1KJ*i-zPmxMFuSnyYU9)FQP=(KtQf@w)=0MG#CIiny=sIRz zJlQBXxvyrK_R14BiYM%C_cx=e#|^kvI4G>dpaZQI4uTM@k$Ar@TfT1by(arUSfFl_ zgtcb^DgH#OP^wrTAeWVzIWL zxy7H$#XD=G)-CbKB+&5I?8RkFWUsf?f!V;XBESPh#9P$K*HHWz5mU2D*j zkf!PoX0O$>z7>K_(BTO-vA#A*2m`gTplTFdOvykn8***&c`#{1he@3NxoH@eSaQjF z$3QJw!bV;>V&Y0jP}JHVF@fIfX|yC7xzHA5Sq$6q6JbV&wPgldit&pb9)WkWJorlZ z?pwyZ-1#o*p=wfDKqB!RL5KuWUj(9p-)RU$IwT^Y2;Xiy#%$-j07?JOXcjQ7+tJKr zX&MI3?(A*Y0bEW4*E=4^nV{;J@+A_-_H=Ra$j+zQsUO)2Uiit}&Pfo4*vdpTL&uHB z167F5=*FCRwkiEiBcC3q28ei`Q5JynktW9t)#IzQR~96Vvz0Z)@SgC||2@-qeg+Kj z0K{8w#E)8Fc-a`Kz*_}f@M@M+tBA!wo&7}zj;22%R{7RyX?75#fpGm`;X8Ic@2&lLQ&LnHMn@>KYKJjYSPWoNf; zIqMaf#CrK8j|`T%H~El=>p1-sO3kbLhjVzeV-q0qC9+jo%~DoKdJXe~>HXu6icp6< z*bP6sBqp5|v(vDm5c(xp!|8(eIdkCs*wI2nrFr%xs$tf|&L|d9v@MJ-T{myP(7xN> zRtV$H8(_w#(U(yjO5Yd{W!b~fVDZYqpC&OzkN~iJLaIiWt1`$CasmjhigT|*Si*sgo5ouu{SJifyqEoEx-4b|H-34Pc<7BIEJ|sx$4d45WM8)8q zB)=QiFXGdb)!<$_lM(%6^jKQhoBmb$w-ky?@hlDwRx7#-1I0@8egSiGKi7#UenL5kGJc_&azyZ?UwF(|?oV(*stW#yEx za+ZUpkaE_)Jtkb!HA&9Lt|Gv69^{5Jk7iHyU%$j1=`B{em7vx@9_K$@%UDOYVt2mC zWKUjDf1tPsb9Tm5J9%GTtu;#arNUTOUCBJNY8Ax=g!n_;+ePyoc7ktH^pd`VMrTs} zWM%ZXh0|gdD5cX#E34~6Vd$vY6~7TK}BnfB*jw06htE%CHeYx zVFK;%FnE>GOrXK04J!dJ%$BFrz#z;^2R9Y{q;82PxghgM``=&KyoKs6LWzgIznH}_ zb->s~aT{Zp%o~t$Yfg^KvlN0?njffAI0*RFS4BwOmkD#pTa5YXq(OMF#GCx*ZLh7a zq~n2RCv#38wdUcyh5PaW@W)vUTpH;UoZ>33C(|HK#A=rmOP?gKO$HO(*}OlP)+q!AR@o_S~6-f3?1pa@l_5 zm9(`Unmsr_yuBdjr1y*`YU}~A`8X#uRkmseg^pjYsJD4hC}(GWSD+GX5 zF`%Q4GtvM(E|}||-Vr|94@RBn$c(dG7bA&Q|wQb!}OAEfFI=Apc zF9%6=m|;)!LFk}Vim3%;ew!=;(Zz(Go7bG-V0tOB74QHpAHt#oI6913D@QAfy)N}Z zS2_wa*`CLaWFv{KKk?$8i&ip=q?|v;VLjLpixDA^y|rrVH@611BF`O$MgRC+H6_*p zVm9|0Doao{eH9rW30j4UV#WM$s^v1Dd|5N6{5vM}^c1axH#n{9BQiheTJRu~Pam!O)%qOt5Alonfxom~d>@ZC45UTa2Bc2XPX zwez5KDvmQFW3U+;GAo8ECb;S&8q<1Y_huF)-!q_)Ik350ygJAiP`WK-;ZvBG?Mo(7 zr;3>Z>0bU-jNLlF+tzbK(!xc7N_EVUAxzw1T9j7UA|Ps7j}fa@0Bcq_$h<}!G;4i? zRB!5ER{>}9u2MXm1`*a|gqJ3SY;65_9^I1R9s7s;=M z=+0(M#doJgI?^6{XF`;DOa=2rF2)OG2Lzn)nAcVP995G6M*K?bai#IQYBRw*E0ruKiZ>RPeY$xF)lFoICt6>jDPo-lcb52;Bf$ywIi2ZMtzf6#oZ6Djfv>LJ%V(g0XciKcfRONrj3fY0t z4>d2+KZ=b3`UOcyVLY+&qAxszK2`g<(lX0)Wd>=kXUlT9N(~-71cDXLb$3)bU%@zo z%~;;F!53u7@|aa@9@d+W#`&L-NM{_}(IpX~b3yVC#+o$7@n=y%VxPMKSKR$h>1AUl z%VCs&qL{4maDhmTB=DJ$rqcgAi=#3a`jAid%OFsbxKkH8RRVXY*~?#^F$*p8n*do?KKwMcj5e+eoFN zG%0=%EE;Z-qy)tvu*m^rs)>^b1M&!a5Nwhi1f=(TfxG&*p>?#(^+qS(8YO=ecY(FT<35%q3;BY_Vkml>-90pjNA5RD%xb%$kL>ifgv( zfYqF~;~ixKIa{5PF+&vqtjjeR8%khuAnrNs(}S<(+4qq-m@*6qM3|o0@*&yNBmC>x zYMr3AJ79%XMcraMpmfCi0o3yqi7)$C`ZcV9tzfuB(ulW8|8W{7rT7cy6ej$MEP-%x zgyK(_%%*6cSy_BI{O0+t5JRr-Xd-fvudhm|{hJw|QBUdL-Y1m0m;ykM(M^yed1SbC z{bqDkjb9aWw{r7vNh$hENsPVQr(w1ot1%r*cLYA@KQl-CJBs!IT;Q)^c&J~7H;N$+ zQ2O||J17I=DES++RR++317~ga1)X$Wa0X9=3#NfCC03PaBYrUhdLv%|6yWmX0KeSF zNKf0Y`{;MBHFbw3u(P#1>0d)*fc7j2FXuBq?1B=ImtbDt9rXWEAC*cufs!#Mfn;CP zQ}wXIN#=CrKDPFU$kwAyXmB|BhGcvGSv2rf}^R zH>K{zo=28pb4!(SC-Lpl6{a!cVnOISe=>KjkP9FqXu9n1qhPhNTtf%50Iyw!{nqqtCys~%wq*`xNk z`?KEPU8t6DIwEk@Gh3l}fp@x>!6#ogF5smIfZg?y*X-N-c|a?@{(m^;Y9%QXqYnRF zgA6w0LDfujnjb%_mzzkWLDA6$v!iK!qPE9MW#D0 zTc5_kp5=g)CMr<+J)^;dFLAR#IQH2 zSAZ)M2up35oHco3l3FFas={cxSRmo^RE}RAK_wMB{$+Y%%gFxw^k>%0HnZv6j+j3QOcvvFX*O4ySV@bX!tC5UzyXMvh`V(o zohE9^x+SFy-{Nt1gV}wo`VC;a+wA&{pGk}f?Op8B0i+h+@#Gc0&g``jqeGQ$UR+Fe zwpMeMDaWF*5YytHlt9ucn&da<@vRh`cQ2OlvqeQAtXpd`5q z7JX@fRGK8Yf!wcn$W()-@V*7SGba4bNqK$!`KIwHO>K_e~Ar>PUlJ*@)COFu46UT)@I-|L^5>ozYdfl zJqBn#nd+<$ug*dyF0*8QLUbe?AU0w7&mes`x6`0F3@A>2a`n6{$3l8>$!5-*9_5xn zr5gzq9{3GC_wRVqnA#VS5?Ul6#*{^~C6gw=V81xC(vcbG{O=n;Ol`jBI4^YjWyC7XqQa24Py;Ab7Jj0 z+`h1RV<-+<7LPy2$3L3s2PNQ|NmhMlyWaQV(gh40bj?Sk0P@rdTZdge>Y>PzV^mO4 zo3v^+T(DImE;$CXyJg+Gfxb)6TrE8S^|&lix?0~Tg{i~&6MgS4+uZ1`jKfMn`)8MO zFM`O=5jPK~2iwn)+R>ZyW#5nN4>l(4XkYPy&D9a9-z96pVR7vf&qVYnF||GsAO@6p z`h05zqbj^ZfPY;&r^eA?3Y95lXN!#O;MNjzO=9cZR_fT~6Z^eLV}7=sDD!A4;co`O zVf-+RZFD5nQ2)LtJuTEOHz2zFBvog8(JFx1R$k5%hvF^O73(-jUPCuRisq(DUvw&6 zE9}lPrjF`EmXYU|J<1IZ+AxV|5nRapS-FIlTd{7Ojf1lpE*}u{b`S{518}*PjvcR* zPu%F>m^N>@jwFu*N8{8TCd@MkqfY6r%q?LOU@`Q6!^)ut$CZWio-A7K|DH-fCHVc+ z=1?v1pAm~Ma@TBIF8pgUU)hdQ(SW$tK<`qK<^j(XCJFR^<&^N4Eb z7nh48+1^A%9C^do=JI0%`&|?#=Y;l|mI!X8da4+V&rCqBe|F11D1B#kgkYAM5Rcs8jKOkGpE*#CS)?3(i_H;rT=why{>Afbj*j_ z8BpDti37ZGa>ZYR#YFUu|>g7|9%$Oj$u6U%(?L?p#`mde1+t36PkE ze~5erA9%ZLG|ALe81QU{yROo%~|IWg+ z?N2^ZSM^WnQy7(XGEJZdn$xcqF*4u{uVho1u5UiP?xug#SXeqt z?x65XHFk-SR=UN;qni-YEs>5ep?DbLLF3*WEsP0YEWP8g@j>qSqL8bA`* zpZ@#q^^O!uSz7saHp>|zJh^zj@DwqP1K!|@s^U0SOybS2#@ZJ!wfCVjyBVO@yf`w8S@$1q=rw;kG8&e;*T`jy=_1W$aFEy47xKntMxI+3 z7;^~x;=o*8EyBU$SeK8PUY}y_&#f~BHEnISGnB4CyhrspNo-IBci)zhodhNoURN-S{1V8vD_t$5H0o1Z4NQV^{PfkGFG@3w^3L=4FwcX18_x0j z@v@b2ntF+rGs&b4cQgdma5twHfL78BYl+tpn4$xT!b970KklnHV;z%5)YtiaKX=Y( z7xm{^clD59@}l)yuY>pdX}(2JxgFGz+UcZl$)uxc84r62<|y_GPn5T3?cS*~wRq|J zY2b_n)kCJ|O^Hg98v94VG`nA2W!TIu6|MI%7tljD1IREio zr)X<`v+Dh@s9fo|;o->8UR@mjCb+iv@bK_gr1Mt!S0H0`Z|G9{7Vi1$9`}jEWCg(5 zEjZAbHsz^1xKW1dMjM+%_DI}xcr#yQAmvu`|4_x;{;P_4O!%vcfun8-G%M`DkgnFl z>obMyJarM~3Crj0-{O7{9&g&J5B^sR!@*YXLTB-g3Z#88tnNz{i6%FI!n4+AnR{h_ z(D_yDZGtxD9Bs{I*ejozQ8RYeHm1ZP+&p>KS5FKy@M#XM zY!&Q(==Qb5bhYd0mekuie+>{`keBU!tU~yODw+Zke?!mJapnu3Nd&gSad|52X#@VRIeV z`|ZfHHSjg2-~IHO6aS&!{&>`NnTGc~x3pt--q_tftz_A`t~$^GQR+U+pPiC3NiA{y z5hG${)lwx_ZBvan5YR{m=xJ*mBcUgx-LN;sW%xQRD18eb2Pulq?+=6;DLSWHRmd-p z?P~QC!S3svG9r{O_!^qBdf2I9d3g@7HC+bXvBpN8Br7rtCsmKb9k&Uh8}a` z*Mav--N*MK2_WJZ$UJwFkOegzbKMH4;byG;Kxb*NmYt)}5+h^<_VjYa9`cJ6z%zbw zVxuL31%w5J%v%4skB2UKF%Rydlu?N)W~%J~CySm{B(`My93t+fwC(yu|MYQA_7o78 z8536RknSREdp;SU#x9Vf=O8A~B|Z9ga`eV*xJVO5sONvOFGMuWnPqLvI-Ob?tf@P|VViaY9gd9h zd;(8*WdDd(2-uW@g~1RlUvp=B?+f4~aT;loh3UZLY30vnLS_-*;Udv4{wLcrNW0cG zU_!7`OEKc$PAwouyMVJ9FVhL-=q+~Y811q3e<@bMh}s<36Kt9RZMfb59c(=fOXiS4 zj@L7McHq3a!Sf4Wh70iAY|jY>%tYux35Zj>QuB5bVN@ejK&o}WZf!seQY@f5m}zQg z&!z5`!7NfE8$Mo`X0O|YjN%1?@5;gthNunzqJ08K=BKgu8V%ONj7 zn9n0nDj~3zC!ePKr+Zi|95$)vn+a?JxM+Xm!{J?sH(5!bKK}#kV}9OHhLMisMkk#` z$I9&|f@V|fj%UIDyEMfwl_~!Jl%@QkfxAIsxAF^m<5pLk8OPTx`Sd_emGNJ8D4|qA zFu`@$3E&CckRN!4e4N^~P-Ty6JE+6`L$A-tIu^7mg8=n9(34r(=?i%}#05;A$O#fT z-4cwQvK^;xI}k>RV1_M!(1is{+t5%>O3A`HBpl|8HWdSqUXvR=TMOm48N#*_nvlII z)JM&F3G@Q++Sola{QIkltY`PE7kwl*LE)tb75zfMU!Egg257W*iq7``FRBzPN>|So z@%rm(lm!R6W26P{Sd{((<=$U`aOvf{gT7EF(&!AX~w8H^zT@|LrNZBXtVZ-*Zx;~zZ*>*N4ngc|(N$4pI9Y|*V zIO9JlZ+xFhqBR_AefOF)o-MZZCyU~_W^CBHclxl=?(qLVh*7Z0RECByrhdElE&IT? z=`qZ6!o?)c!o;s>cOW&dgVwaFZh|2JpztFgYKlO2#N25TLz;m*3vFBzOXk#ERI{3e(u*dNH>4(`+^e?;nBz--4yRue`w>J;YWFMQAD=j z9`_K!Ey5oH04w9&L|Rmyt-hjaV8=?7UJWI#Am)7Z9=~#s!66e)OR0VNav>Z}bJr(4 z1yub_CVr#9!;F{I2Dk&30Xo#AIccwOojy) zx^}>BP>Dc;BE_Hyz#+vDNuMaC@5zPRV~<7TK$cfAN|IM_0a%hxqLeVzC%l3*)h9(k zwN7*;(G;0@mO!}06}ap-3Ph-Iv~j4B~5 zm0;l*VT;P(7=G|oG44D#3%>)%IPiiBkpv@>-;ur|6%=EmewjK7Zpa2=nI`c)PNkbF z;oup*`F4RX%IJg8+)a3bMXJ!)vZuwf8$l{|!6G&p0&M+oko1gdPP_w(O7K)fFg(3} zY}4Av8XL&$GZ8x;#U3frQ65DGiuUR`o~6bBb6WH;|h;nSA-H0{B9g^OqHQ)u8wgTW9QRH=e)4Sa8S3=A9gFRWX(>b5QwIrnOV#3b@3@nFpcoG)B)e|{wnT8$0)uzI=ye8xU>=S&km}t+oh<-zjoZ?Gh zPpCIIB+^!ATQu4TJFAxIE`g29z}>yI-Vf^4rKN02gq5W%j}98g=FuBH#N;p^StLSj z^^;hIF`8S|Z6pFl5TzR!Q1%w9H_-sJb-?3@O^_LMJX3keH6A3)7AgOh5*SvHp5lvu z0t3v+wUPc2+C(Gp{2sOsIp*$~x^5)7N8Kq0J+XmdrWU!8A?HS&jk?4O#TOGM^k*LJVhdCQVdDy)FS=_DKa1A{Sz;S*Fv_%QhDt35Him3# zyXeYf2;>$>R+2oqE9$7ci1PiAfCw4&Ew3m*q~Z&8->Z|sr~ud7*@{+~^c6jfaIEu8 zGJU{T`J|MY)<>RK#o3Z0&qLwomPIQ&&B0#rZsYgvfd;kk$#klO_N%~)oT(HN(4Ay; zTHy?m$ZP6BwWgen(+u4JG&t=iWPB25)d*cO&0c5UCpxr#h8j@)oY$@k;)kvc{zdUz zW*(~q?)R7KCz+;Nq&sj1_^mL`2nw&!%pkRMiixiW9eW|IQKDzgBNr}WV$YFVuu}>x zd~rRh8CmN?(G-up*C{mBG=jOAxjNN?gZksFO>d+Fs8B2A(z^@iVHMLv=Ak|8*`a4f z7Gc0=?2t*6-DXyD(M-nI$>kA%fk3@;kydVYT>>~*ME;S**~8w7XRqhGLwL&i6T#9a z+Lb@vAc)(RBUEB~5OwfRM37+f#>{!KMo2lp6oMNZzZdsoyVCUIfVuuIA+43iL zkAy%)Xb@W6V*6Lau`aa?D*3wGz4%3Nps9F1cU)3Jwb|}k1iEcnnmPlpQaJY;XigmR z3%5AmVa7ucHdAWd4_;jewF^%6?|VKZFL1-hNJII7SGi*%6*%Q?@Tp#|v+b{qaeT*> z2PN5#c^tNu3;eOUK+jEsxF%3J3S?f}?ED-aDUZL6072$QMeLN4eK6ox>hzI~m1`$N;7okVbQQax zRX6o>=4o@;;jDxDwNlnXjgKQ#e6&~X-6F}QiN_Sy#3>A7d*c=s;>%|4M?O2}t1D0) z5dzqfAc+Hr0e13AO$OvO^DE8<|2(0Ywd?Zrb*4;Xs7W5+-fbw`d;)wsnfmcjBD5AS z$L$qGbrN6IlV!y>c1*bFmSDk=X1nUsjHy|b;1M@SI;)jHKQ5>~TRh1H`fw9@utZHx zzx4=dNi}M8JhJ39QlvOt zSF5OKoN3;B#C`7`tByo>1vSTFgtw4R)L zbQ$u*KJ+7WHK1gWJP*Sz5W;MOqEaP zOVkJ6yX)-?-Y+OB*aPJ*U2A_;>{wPeFf(7VkNr*QyB}sY8BCxBN5~YetsqJ-)@*qx zx}JEiuO0ozS31nJ;cKwqls4UIKDXuYFU#gY6B97cu*^0*s0X+xE8eF|q}26v84Wb# zDvd9=#R4rL1WT>j#2#5APVB}voDceylh`baG?7mUq1bX)pr!FQcEivs!W0|=j4ohP zoHaWSy7vMdV2X4X+3;3`-M1cc&x#8@ErvX>Nb7Qf3f?<>6dl{UTx7q(mRzbkr)ewLYTR%=MsEv_VE z5KXhJD_tCoW)sY9zkEotJ#HIyjBWjK_dyzbYTIy>2UnSsqg{dP+W!&AD86$CJk<-6 z{DEJt3iyo0R%GG)yq@PR>x6v+MZiPrEdkHVuAnPYfo~{`j1FO4)X< zl|_Wx?cWH{ej#mb&mmCcv21$P^GTCUFmWzeoLdI-CPw;|i-sz86vE)qzZH0znbUc^ zmsH&0Kc>xn@47)+*a8BwuId%uw@zg$|16(e*%mn9dhgZcA ze`#qXG*HzVQ|YVSyy><0**23xnqH%_(O79e*)6?2jWhxhg?!6PrO6WY^+U@S!Yf3` zU(2S86+$^TBurB*L2X_*|Rupls6o*{#Kg|KlN1(=F+owP>2ifc5Xq*-$g7n z?3w&jb4hUBngzv};SQQvVz@;xQ<8J+{BK#06TJq2cs0#POue>IQSjR+PScDfd zp81HuTC#%E1ESujQvEP;9U740TRA4VhNr)g`&V4(1tV>a?rZ;#gv{6l8Vk>>f{^nn z=WFU}o9{*DwX=Y_3Iux@`q}2_YRKIlSY1Ld`IBg3RW#LzeZq zOLpfSf*WLN7=X+s3-Aw_4fp#`kf~y?`2Y|y(!ZDNc;v|LaDq(XVt`E1&>BEy@Q@xA zBxiH-yS>ba(rmNLjZ0&m910M0X58ETdyeY_T9AzU-9W=gJU2f5-3kSrdVi~BhJs}D zcn<-|kd6ixn95~}WQ6kLC4k?6bi(5F+nZ0z0LkD^Kk9=_Ak3s|E|eC~H2@+o@p`>M z0QqT=YY|yI^uy+ZPB{M%i6BsYsguoxXty% z`O59Rbeg#YK84OO^JMY`UNEBS1&HE>P}T`oFucxE5kcWeSN_MpKO}$c$~_AjrF~2s z(41hK3;^0W70|Hs?5J|~jCW}c|4`y2Zu~QgE-IBaU1%BIS%1-YQfs@()ByL#py9O8 z5qaSAHBCi_|E&MHKb7W+k1*tg>)SKZ8b>akIrFG(6GMnq7QcvQ$gTLS9q3^JoET38p z81YG;$@=LZqk~%k6yS{|PD`?gZwXkScHkFl2Jdw(FHa?!;BJ9iPRdfG^J-O6jFi-P zt2YwN`15PGwiYZlSb5ux^6c(**F9nI7}-@@+)}ugc-?pwPL}WfY@Lcl=FpfQ*4F3j z13I3kK1t_2bkImK*#7}z%!koug@!Mhdf?4Ankr)Py+$~89j-#sFIE&kDDb#Ow&;^= zckONOFO;Ic1RncTFY_C2p_BeUffVKJyD(6e$Zr`G@Uox%Sy)m#Qs5?kM|gLa1#*8$tp=&HA<7HVu$wW;R-x% z5mg`e0ZH7o9-|&NfM7syDY3yaCra6BBJzEk$?w}l`46tnPD@Q3r}Dg+ebzTQa!OUJ zPZkn|bIUrDUYu^ghFRPcj_eY$ZM2F0SrOtMAKTxkXP5l5BZPxWa}+@zoQ{f))hT*# zDg`K2!tpH?UH3f;N@w6Ycs4>qsN={>(oDWaO zPjS;p&aLLt#7uEB|D{Z6kneVqzu?JBkjVuq!TvT}P!HyPw0rwHE#GLrShcLP1y`!% zeO8|$<;b7NK82}x$~ssqj_sK*j-4f($o~5MDUlO_P9k^ofKELvl^a(5Zt?xcJDe+9 z7zGj}naCa{SKheNvC7~2cBxN`2EFeJCU*xp5zVx1fDSGAw70G__T(9bNK+}Yf_nKg zM8eMH5dN<411rz85c-c@RMY^kwt`~12ly~c>J?~m4nk5jVMnHtZok=P%%6Rd&KH~t z#IbZ*I@T_LgXE@ux=p1~{NHdwBJMOvqA!Sbc7pEBdrup=+Jw{7DIJFwmM0S3LQaEs z!cK$o9(5Ftk>_Dq-{)Pinz83$2Ff05+`^q{=V8X*eqUiHp*jj2j8$Y*H2PKK@J43m z4F#UEB1dbtbgiVyg0hr-%%#8b5R3jnay(-pZR+OAwOT1IWBP*Z;vbu~`9^t)IXEk@ zIlFQjQzer4fondx`eXyNQZ-e^Imd*3$0m&(AWLK$zh0QQGi8Lj@eBJP_r=SD)tZwA z8|5=Djrpqb@JrGHt9GnYUziyHCd?qg~jYk)&A`5OctaK+0G>*GOC^ z=lv}Ea}8y)59PTs*lniYFkc9(w8;ms=~r9Au4{jZ>c zx_&rDowXh5)-(4t#TN`rjk(nx@i&2bZDQ1@Q*{Dq=RtbNT4b7kZqkJ4p}3rpX*;lo zjLbRiKf~=P9>f&0H~zWUFPCqRNP&;p4(HA|-%WOWo}!ofA1bNR^p)M|(SkaxYHY>P z`rgflsG_58rP~x1*+REW%)wD5(+5G_4K|94Pn43R%LRiri#p!vq1<#q6P_Jf+*apW zEpYl#Z@V~c0;ieuEMmU@KTP5Q^4ou0-Jc;Z1ItCh5uB7_)+@Y~+T(xY5`xbGkh!dN z)WG*|EU^(v4cqUIC9PrJ^OySBO)1e$sD24syl)|%{)}fU9PfL*%~wqc(df#35}RC0 zNjZGSI~v{ize>5Qu(rQ_P2kX?#frNZcZ$0Pm*VbHC@#g_-L1G3cXxLv?(R_BT_%+7 zbN+i~pShUH#p2r~>A*R781u1$9i+Z?uN0EsSva~i=8yC zw!1J{u{B$m1+drgypLHrcw9RVn)eqW97*~O?k}MklcYm^By(l3k|cQ%Y!Q+q^U?@n zD3T-x4DJo0y&RJ!a6+>k>0txK7}d49~(3D)P(te&mr-IS56ME2*K(BR=uJl;p;W2!X&KF;u2WP*?t$hsh`k;^(d0#o25`kRN zzdJT$R5gbmimyn%9)!XI#b62Rh(wJ_PLaWR{2Zp9-+F+0AYJ`gZA7?cNG#Ybc3z#> z!p|4(u?Bgv#iZc$J@x%uw11f|3Ihiq?>RpUbQGU{J79dg8wcOijvR01P>i6yzn*Rt zL-Sd)ZXFwt@`2u{<#+cPzAxB=4lY5ZMkbi89L)qNU!gE9MgiJ7Bro%{w@^dhbw#jE zcG0$jAtp!Ajw7;Tb>$xS)6!v5ZNxPUje}iMK>zil=uyb02|G3KGnajc?z~&t*S)^I zB7|UAC-{B$!x@+e#^jT37?CplTo=CWr3lk4aIe3Co0K~w41n9#Nps$Ufs0<27cN># zHZLKYmraaVF{!$!9~(Z~JP&t%4NUNT?T}lXMd>7MekzgNSXHxC#H+FYP5Eaye?Y_% zg3Xs2eygKKQ}Nzp{yH z%$8YE#(9#+hDOOdC6hiB6?D1x3{`lU@fq=Zp}4WfWj7?gQv4SF$R#mKQKDYk^qe$o5087A)%wi zr8{52d?MID!fW^sGKCp|#XDl;6ut^|3!$wUYy_-AnON`5B}tNd@*_fAN%=6AC+lpV z-~WYAz~_2RLhw>Ds1a>sB4)cy1Og%!5+t%Q07Y>0D^M&(QO{7YVyF%&el3X~xuJVF zf-B+Z2&2m%8c0b|zS&(x!R{~skC#Si)AnmD#pko?Jsm1e^=K4z8bbDcr=%^wckl?q z3wv7vY*94Tpfp@{{MMz78{6;-Jvl0v$2ZV?G+MkLubB^6Mky0d@Zf3*VyB#ESyI_p z=|*Pw3Z(jl$r@dF%tl&oYY$K-l#6f9j15*^ya78CUafnI0$|~ z^`zBqJHbQ|i9Q`ow8lwaW6G)bJd|LFlO}9ftLrMyYkJQbW)t4yh~lj_wu&T1D9V+B z?2(8^A6q^~2E*<@7KDTaeum2N1+DivwDnQokOIJCmvMQN%`Qts0LQu_Dj)|hCtO;_98CX_%^UIXH>!1kK;Kgl*&v?^;rBG*oDG)D;fgD;U5WXN!# zg@6f1Ux9{Y*1{m679%q|v=7c;$kJ*UTw=WD{elb+!u}loCe)Ds&QB;|qqljt*s`g| zhu^oaxTg$-o~@B%`wNOu?;*c;$i0RDj_}{K_i_b?4F5kT{mFrC>JKn(OP41<-r=<3 zrFcCyg)=PRtc8SLXLb~%ishGt?1+&giLswaa~AgN2BEoF#}EMb&W&_VP#Wn-3Umbt zP#RlfG!hn^Btj^&v5OrI9K8tF9Qvek8f4TMur01}u(q2sB53FS`bkPe_@ewzAY=n9 zx2RHbDoFkz32~?T!j!c5i~|~#7y;>SjkocpBO$c&!l83_`;vtqDTNcC7Jr>ZTQb^J zn#Q!Une0n(xW@;_%u7}Nh2=QTgW@mFN#VYH$`Wa zki<9TIHVmt>$&WPCKjJdA`1LD>ZD zdD@#YTUnAp0cHmcgS6!XJcaAr$aS|Xbw#QRAqBBLw|tBC7lYu8B0kNlOqyKxvIQIT zelZ6Qqu6uv1PPqRPwHWA`>%PI5!1la`F$ykR#>*v3|gM{G1YqAw2zpuJxcRT|h_K>g{vnEN4 zi{PRaJFQ5(m}0vel3!j{VvFo-Z14@xmm0A$qE;+c%qcWa!fneRYgeQQ>ckoVLcS<6Am6%ryGm zz|gKMXGN%^v&kGJIeFTRk3pw{p$nJ#a}RKyTx1?q^qC%kQIy#W-)%7J4;~i8CA~7; zxLLaN+-!_Hw}9c*la99-+p*b5=c8NAW#@sK)MCGsy5ewKD_sEW53HDFF15U09JD3o zm2QDUEZTi9^>{as-g_uk7V>6lZKmHN!d|a$Y6sY;$+pm@U{dX<<-x7C-zN0=ts6pz z`4nnT>hf@A7S8tIKaag+N0qGGJQ^2FmqT6KpJ~6iF=q%|ExOY$DH4A;&_GLLjvygz#B`x7AkX>6aJaMC9d5S?klqtjF_(GM)Ca-HY49ub~9(W!Imw@eE4;q z@n!_Bk~jD34|}u6IFC!C0>tQNv1RGLAAL|Ni9}6o4d_y8b2_^UQC?2_Jl6JnkjW)_ zGHu7K<&5e=l#)A6#W_RDWu)!K?8~ZFdzI$(xci{(?mn~({MGez;OHEGcOSKLP?rBh zbW3ZR?TG*?X&5dv{&~+bFLU%MCwQwagD`oGCZSql`A68xlnyJ4qvkE|L4Z5e42VS7yvKsz;8&iJls~N6ssM8`~ zt~T)NxlH+KSz$EuCG)jrgb&s~*h)L2v0!mzR?sw$GtyA_px(qtToAU2ljL~D`{FWf z?1VD?Mb2#5^ZxiKqRs6B7{a+(eM#ha3GaVCRB^U3xPd`*`C7O?e0lbmW08Aewc~JI z7OhSu4zm<%eD5NPr&V)sRh@z#lQm>s^xbS(d|+wDbJ?_wOkANJr`=gBMOgC4n&A|K zI<}RIhf?!~6)+FdA_;>^Wxot(L>&@~KxXDa!6<3fGnCr4VXHxdA>L-ycUWs5*LtCa zqL-}esx&6DM(5s!s87AN(9NR_vTI;weIp)#{c8gY(taHy^4&+=7 zi`78{Sde83XztFW%VOcDTLl3NSTxqrhetOCgRg=v{c{>9G!H8itvG`giJhXM+ zlYe%7P{>0G$E)4}Y72kuHlwBkN~i3rybZ-G_6kL z;nM3wqmwAFZL>U8_h2aH&kuc6!OxDB+@IzfJ5_5oiy^0@fMp zCOEL}0MIOMNFo6;(jE^>xWo6D>CGraXFT8J@kQ)oeM#I{+-@*HMt8AR(CrN|Ey0?& zBO1g!G2`5 z(h7RO5`$?v863C=kG@K)D9MJBkV$vRTitcEyM(&V=LPnxCfIJrUmaTiGjKgdJNl5c%2%6I2hHD2pKVgJE7#m;Y?CWZ8dN z9Y27j4ccv_YOv zEX&L$iMVW2MWY-y9H<)!obWv0Y|$=YHOmj2p^)Gi!T$Y3Ap~$7V33S2b+~uFhJv-L z21PxHHA^f-!UV@GWj^1vzI2}v;`jn-!OuQ~MQ_GzFDx&F`7NN*SkC=7v-es5)&z8s z3GP9>e#)R$AND6$%cpMo7Tyja-8)j&pl!}$pU+n!4kB6yA$fGwprd1zzfYh{XelCO zAvE%`zxMd*p^g&d!Vnlp<;PIruF_isC`yy96ZqL#Ghd#SQG2Z8`M~?H_PZ$6h58hY1gBRF#-QyKSP8Fb8 zN1KqRQbb)eJ*XTuQ|$4t{B>s;j#@Y=1)>;d{Pl=5+49H8FV?Awv9r*AMj?P^1@{T% zuj05v6X>JZOxA@Qx4)ZKf39be9OhGCrF&S}TZa-of>GYNkQ*{S2?UMfwZ` zn{Z*rw`vhhDP5^kntmF`kz_z{CD~^4H_(5f9YDQfl2qyq?TFR`0xUQ1e8=$N2-(=8 zjxt~_R1I|;*qTlg_Nbap(tkSTwBNT?#X$!vkaDHa|E>G^E4$y;tP#-(G32dOoaQB5 z;V+Y%6(oZghM4~2t$Y(MW3tTw*seSwr3T1AHpLwVm<6F3v2HnGj`e;Qy4=>%<(bU2# z1uw+vQ@H3NCGv;~9RU$Yy&Abb-P^9VMAo(hNw0RjzvGX&rmDpr5Nx;n&LHx)!CBF z9Zd$`LtbJ&Xx)b(^^C-BQ39R4$Y_YhAh1{|$i6N?e4yl4jB`m`3%X{h-ERPl{v zN1(m`AVX{NtmWe6$Vl-7Nz-R8K}~i(y9i+=k9o?8WtUv!5Xe+R2tMA+;+q>Kr1QaZ zrf5S^yz4ivh!g?8USVe5(b2`<-XbE(B0ki(BcwS|ovY2GZN0aXK*d;0{(YdAoB{4= zAn`PMR369l8k(d>9=-Hh=D;mT$*)LWb>*E8k@}&e=qg$ zPyMM@>N~K?wUamP^iFBTAG{{a@n@{ZL{av)8l741VlNRx35tOt(7@!chU%3pxFQ!CYKEnf+Zk>~dR#!g$hLrxhZ2ascN+QIDl_+8%mw z@6p;vS&7W=)JxW;(Q)u_C1@rb&jR!+yAU{ z0Px>*jssH8gGR$Qo#PnmUpj|26Hw>KcK)Mt$UWUcFlem_2ZQ|YItS7Af9o8gQGa!g zojsbrI!7qnKXr}-um7NP6q4ag;c*1Igx=~^h4-Oc9zt;j5`YL0!p*6oU^tYbloNH( zkfGMKH|)W}9jSk23T=`GHazTiF}RM~f!|?|j_HkX^|e51I!EKdHU{Dn3oC!#r)6Qv z8mC?Zb~O+Y?gU7}K?TH_c5X?Pq!x8n0~P&7IXQ81TJKLfkTbjdOCa4elG8-_gq{%t8-oaY=|r5n;1XJT>M zB>NVA4yqNyi0!7fpNTxdeZjl}3~oY#38B9iZ7J%^4;1ygt6yNlCu`6!$RTqXIy>9B zJ|~rbt!1Boym!El=|eubVqReFc6qBh51p@gsWJnW!o~FN6@LAial}~*v_+go+$}(A1iUmC zQ4|ODEXNu*5#V5;CHig>;7Fs+#~}_CByLLQURAx9-<)AVDN8OayS;WkO@IB zwKgTTHg+ONjsv%jW+`IAjE@@{Kb6z*^k*qTxEaQH%Htrh09?58(pkZcF?bxr9iF$C zFqaRax82;&iN3&67~Y2A)7q4%W==ZW#PMbFnAIxjh4;S@J%JQ0$u8SqM#cEJY?eYfB4HSsj7t1K1&-$(KqQDOa0!To#b4zh!r|6Lgd0Y=0=1X1 zK-ItUf}xT=M5xtsxF=&$f>YN?a!Xrqy}*cm-)vJAfu9P=@5gr&fD@Z33macT5sbf! zSTYlPXCyJ~>oPnwswI-h|Kp?D)y-&35#C{j_v_}2X#5cc&=rO}@3rlMl7}6|gHTUr zsNO;EKL_=wSPdEJ4(0T5Yf_MhyU+Z6_?7A6GpXGE*4j!$$LFsYAnMqf5eriR*r7mL zw%R8WA>ERMQ#Y56FEy2X?`w$RS%Z_t`PPvnm`5P9s_DQWAb#O5I6+igu_@sg9*pg*8Z{+$oJ@a=NKXb(0p?txJY=1iw-KRwwUaJ4B4Y5_SgW z31Eq-3F_ZPBWUBh&q%SpP+4=mRg5cfPWn-smu&bcob#}N&K}j<<@x%!-Nlb(L>$Cg z%*(GVTO)bd5A7Lh_w{|%r332YB;~*nV5YN*qU;`$Cd}!=hH>e}lf{lc3!yh`rPl zo+Lqf-tr!sMmXt2e6kFZ^-imr+Y^_&S-^$N8)YP*0YCSpZ<8=b9O`j|vE#rsA_QIs z5+UtGw2!eufg?We50HjF>CJ&=*iqE^F@gwqu>bq`=_4wKf8&lV&nggqAg29$+7Fc| zsi&$d#wJ&p?Zb2K((h8+WRIltrScYBKSUXk{<{DR_g3Ezx5!gcJLjXa@0z>jDI9-z z=S3_I%c^Eelz%^V+k&!<3aLZnwAX|+o0yEWFH^M&=+Z1sGM8AL>TEJ>9@JN>KxU@W zY^r=xthzD%OppJfd5gF+jk45TDBe<_pk`VFF!(}ZNs1c1#_986Fuc0fAh6z2X@e-@ zg7@K}HQP6C6{;qwe9JL_q5?(&fz$*mgj!`l{9lB_=~WF3}hsF zKJHP=bg!MJjzwJsAGl)n%S7S0h(!;~;l8kCA50d1R>v?9kEC)0&tz>2@f7Y#9v^G) z4-yw}cXtLBgpL%_8BFp-W}qTADFXYUwXr|_l;rjM;vEa(Wtigb)G+u??gT7Jp+869 z73o;B?$3$lF!`%>7|12v&nIlAM+Z4$v#S&15eB$rWx{YABHNxb5mD<&|K$!6W0byC zn81~5{u#qGj4snzK&R)r7~Jy@qm4+q@=ICwI!@1X73U3}ps64dP$h4gwr97LFMqVl zmXd)Ccsnvy_-qP(HlaYF_uvxx_=A!Q9LpS5uk`IFfKzcz-`6H&lJWkqk{#780Jgz- zI3a@rj(52;@XCTtIb(%qR=-|+eE;`o*6rECOHu!sVD!SsxVHnbh?tQ?iS_LXpuv9f#BP-Y{$wduAH$V2wPr`b(F zhK0z=Ao{n`&mMu#j;a`uXeOlF{qs%v8?r8#F;T)=gP$v;ahQCk=-63t<6ZF6hK(5f zya$v#lFq~(r9Xj<@xxXKksQG)3OxAv7Xl#J!EH;h3LLOhKdZD=N`6H^bSIwvhH^#Y( zl7WKN*QE{I*4TGwu9*jsZcdx-r_tyPhq>n&pF!ZLM`_ZpqT~86Zv3}e;1W3e1P5pH z(|vcueWZO=+K|^C*Sk}$+z^ye-;IemnKOaLs`xSEWZF~V zmK)EFJoMH586tafwu&heya7QgK0^Cc9Yrj zmUzW;_uUyg_2VZ)$3GqVgo~r*s^uUNUEegor7+juk1;etnU)VGT4?_+q`*zo{*BD#n}H16y;v1X679JR{I2c1ZAlPXaV|dHv{0)bJkG;)o$NQ7Xp%MXHB=qhh4&G3 zuE7natPhrU&}+pL=$2EF`IOX9c-iOSRUH#<8HigP$zW?%%P0ykYc%jc6$ zKc;H1Z7TK-@llMg9kkdw%{)N!JZUBPVA4JbsP-w=rH38&+Z>xKYNxa89OC0ngHr5> zMhGCmZ7MQLpoh(>MD%llHjSi|WTUnVK1xrk_psujuV2XxWK8w$Jp>fz*jy(s$uGKh zRc@9YvKB-1Q5`#uG25iBgq$9T1uBn)!^Uf=`YKN=%IqUNdX2!ky{{7*FFYh zzwpJ9wlNMqAb|%jkWg?|3p`yC{{p*`sZy?)q)cOqRFt>Y)#pAHs40SA%Eu+of`JF4 z%w5^fX?Dz+DCnAEy~4bxP&XY{Sk%r`=G618L>vT=V`rNARz7Gl3Cu$o632$g)}Gki z_H2FEjE(+ASX2;EF*+d1uY}w?mS0Q?5F*(Gb!fla-~vUEoRS0IJDS;z4^ z^RtcBruUb23*#2iJqy;RZ?+2l0M$EIP4CX2LOn8nEVfa4u6Z1nwu*ougac-3Qsl~Lev!^^~E~I-02FDe% znsX!zp*XI_r4T9%EkTQJtv=t)&2Ps^vFsA2ascQ!hkzo2Uk6%7tp%}JU8E^A0Ckvw zG6rJhcT<3eC#aNG95wVI0iY00Q;38r!3GJuCIeQyNzUTw3U9Q$_PizJY`TB3kuA>h6U9dJGE00x z*fV+2}--p6TQ`SeyNE2n^qzjQ0-%^U06yINc`Pda;tOlqIx(!?T zhLoSUML`u)n-+4Knvchsqbg^S z{Uj-`RS{rCDWD6LcMq<=H#Pg!sxb0kipZ*n1LV;5;?CoIrWbVknP#dd->XKUz)^W2 zS1T`hs$f@?6^`bcxR~0ptmX3iPjOofMNiTo)m?0wYulk!n~O|W?B|5`mTLVW)UZ@P zKw=ff8FZE8E7v|+-@wcx95`Qgr$L!3bV+7=I)n`J>xY07%c%(FSw5AD&*b+r zvZBD5leu+GY-B%X3dXV$UZlBTHszNZQIOgWMAM+c#@!O?M!Ck0(9R7ZRioxN*yXDXQ zP4I57*zI%*{Lytd(`NzXB^6I8c`<9_W;KXEhDEg%VKa`t|ACoj#$?Ux;>6Wvm!U3lI<8H!kK;CLvTl^z{=bURaA;j+? zb@%S>#P!*nJ&Dfdq3V$*UFQ65OjwtM3*YR6OzIz#G2SGc*Xu%S#uVR0jwM6v+Pq DJ~N>= diff --git a/released/assets/rancher-monitoring/rancher-monitoring-9.4.200.tgz b/released/assets/rancher-monitoring/rancher-monitoring-9.4.200.tgz deleted file mode 100644 index 245841ecf260f73911f5406bb384c703a31690c6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 220162 zcmV(%K;pk2iwFQYGTmPQ1MI!)dfP^}DA<2nPl1toA6sq#6e&x#)t#QB$WGd)V@D%7 z$?WmT7C{oC5Rn8M03|DN=G(7v{?4PFCz*Av3jk8o%}#bpU%prZ3RSDBR;^n1mB*9* zX_ANIY?78)o=%3XKiu`t=H}+J?d^d6-PxgkH#<-HU-=2zThDf$bvnTiZL&o^3zv1e=}qv+b=v1e zI_pJg);di_V}ZO1A&&Vve*#V5nQ zrm=1S@4aK6JBCB#mWS|O@lX4|_R0Z?+Z&8O-EPkr?}l*S|E^cYxgnhQyZ6o*H-zs# zX^=C-4X9)1Q(lAh!EOTar??0^x48*B_k9(1Zh9AX?)ft8xL7!c|8J20_W!>3_Ul*Q zeEW4Yp7+)DeiqArovod%?TY-j+1}oHkpDi#&swm58c&AFC>yTqjYc5dl!z`tpPm-M z2{88oF!#Z1T9kPbkAnll?g!salRO5j2?zy)ixfKOB|$tGB!i&L;JdUSZf4><$#fE&#OLrlI|+V*dBJ3XI?&hqhcAOcnkRiEPdI&= z3~au_b?gl+K6kh%&nhL+utc0=e1_wa%@J*mHe?c8v;uV}d zhXu^W(`m%wZh~rV5+p zJoA>#;YDr%DtB@PxQ*2Q+e$y>Ok zi)q|Xj*<}}bI}ceES<-rS;9w#Kr9kC4Rq?eC-JCAx_DIONJqgtJhSu(9fN$<2gv3e zdLS2Y)!QSF6L1ba9VLQ{I_OTS@WBaAlhHsY9#1ZVJ{;K+x;lcc(|+=X7b}4O4zhv% zwSR~p#WanA`YHtQX`YHR`Hl^hOf(kQ-J-MJ(qIkzI$2b;m?UmEqKMbb0HVsS3{f^SJ#DP76n`M-o z$CHw=36>>+Q310vxB~`+O)xPRg%4lty?pZu_(4n9yQ+x9z3j(%G>D7SUKZnJQzUWT zKQ*VTOGn2!Rb57WyL5bf;G*gF<>c$m|AMx(Yne zIGrGMcAh05NhpnW9-pVlMc07a-Dk3Un2nO6YZ)WzkWOk`6hP8~92?-@hGj}8@Lk+5 zc~P1e5};bNz{ps|6Wk?{WpI;#D3?fvy3zNHSi@1)i$_u3i~A7{LLf!F{@viQK)f4t zfkY?W^(c6ahqt_(rhOmMsS(Uf^j-L1<>%2FwoG}o$Qw>NLrI2O}PiZ z<8nhIGtD?Sn)QAHLTlGVk2PK=vnf(&T+5(ap}bu<-Cc+B^51584rjE|xGns-ebvQ2 zyL)iamSeeriSoz&JS&*8$t?+!Ke=k<;^8n)hOl__=T}*dOVmZgmR;D8IlCyp=gEAE zo17_01q>|Hb4ygb@64%&t^J3wL^L8RUonk1E3XK3YnUr9D+qi8%taB0NICHRFcR#K zZX{q^DVx)^=eMi(4qfU(;T*t-6-LE;-`tcZNgY@Jwki~?>bqHaZ zs$l8Ty^TOGZfzL z!un5ak?D9!%z>w}_m`*-)@pk@jspp|4!0Iu$I3*nzuVY%U+$^hQ&Q>>24i;W@MPnz- zc}rKkXwkrOWy=~9uRWdRq-irm#=w*kT^Pq_BvC=5A{A0fG*p0mR0Q9>hEMZsHbe=8 zXGWNEO50q_deayt^*D)!ks|w}f*YmuL=f&m=#2wW5zrpL5Mbqybs?QW1?{5}%o0QwETBsYb zx(>M~BucYLT19=hfM`5ppu^T^_)wiycb^C%;ST_%@cGN@U#~nXhVw-mjs^Ae;@OLx z1wFvjz6Fw;gWxlFB7!$;kHKx6B>ki)Vj$$At*To{9u;Pg?+(8S9(NH@c3Z7qehHN2 zbH@&T{WWw{rIl91JULCH;=B($AVAWK@eTnNKv9p?ICQfhnvv#iEK}d`<}QE|cw;m! z5OTteHMY1gf6+XUc;)7b8vnZMx39bxa3uhouWS>}(2|5I+;10;j>Xv;%f(k?OF6ML7eR0Iq}C6wU}7Trxr&d`}l? zS;nL*hHhlgx#a4vg@^bbr$({&F^AdzO%d>II{L0iioYkLG4DJ9X#^i*dIISPc?}RF z;W=FHAV_A}869R)fFFwH8%;x``6i(ZUpYt9!3)hhrRr8jCM2^CfIT|l*Bg82KVx-M+n&(J2gi=C#;DF+h_Dnmc2J9Lbz2r1L zPuY}hISZ=+z-RNdMkKT$zn6q+=RUs?Cb?^BQ;0I^ z9f3AUPExBhiKl?@F*9sze1hTB8AI4DAG!hBhe(1Rp>|a?55mi##1{;qRmK<4fH_P! zBPlMs!m|n@&q=uNG2ugO^kAe zPKnq8dyY~G5Q0wOV?4gyaymk$%O2TSuS_v56Vi|kBKY^cH{XbV%jk0MzBzpV^znS_q4}8-l`ik>zK| zW3k)@Q&ciaQ$=u6?b_Ag;z|*1#+w%=AIRk^0-SbY)SW00Gv%-V+ZiWl;4^));EQTM zSf5keMi%AeIzZ2ky@S`pC*t|;0Zt)hLB^$}+beonLP|r^Qzk)x40M)>Yjr0@IE0!< zLX<%UhYii~YHW9)!Tn?5o#grMTafS$fZOP*fV_SKWEi-55o_JWZPE3V<<&k;ky)Q& z;LRuS|7-I9G{Wy4jd4Z%-_~Y($B+N)Y<6}!5B{H@;>RjJDEtpjK|IQas(((iR#xo7 z#Xgy#^Ky)elen)@YVi0B-hLE*oqe7Odx9e}a?pz)nB^lU*vfjCo0*m{- z^>^QT9<^5h;C`M?*>im#B~5gqQ#UPuhOP>_&KWf}8m>cDRvx(fiy{_z4EEBA$})qj zKSObkNi^|HG?xlSXFIX*`UG97p)+*zcB`< zeOxg8IFBzRh7>Ph3jUIkJ^-lx;CpOu;8{_)&AbqRHvG%P3dGd=_3;tkKjfm zpE=f^RG6`J!hV6mtKlvCerdp&ZEghcM`Y-T*=Bap85ZRIbV7lcY-e*gMo}fOiLGMu z!bhzBq(5P`NwgdGLiAmGhH&krmG8+>zoT4%tC9M17bC1G4dXTD^ zSYA%asr~)^g|+@D;crDH7@%+F)fw{ft@~d&vn>R_WR}eu_WjO1ImEyYFKV z8T@o*Es0Mf`}L!a09TF%53K9W3}l24E{>g`#EpX|MkJ?u!aBAKa2B8%XZX*`N5rnc?yb^CsA=R zh5z^BGx&cwhTs2RX!?Der)b@J{qhwII29Fi1k7LD;&$)|+Bx)k<=Y?LzB)WwIfd?9 zEB&;!Qc=Hz@ZIp|&#ZH4IRAGl`{B>x^S|BRepbo<0rLOW=EM2_6hCWKO)c_v{j-&o z*L>YE!~VX~D4<4-m-!NU$Mp>grywmqd0?ElEHkiT=?QulZ&btsCsQI0v|dyFy9@_u z{^v0)gRJj)jgt#T+479Htvms~1PS0V^#$YIsU2Y%E5cH|mt}UAX1JR6sEPXm7U)Qr zl`00@c<+VnA@+EX0Cx;17WdGF#PZe~wXJ3G6yQ02o0Z9K;3z0AV&b*ONe;IMs@R*; zpa{#iLH_M|!VO7C$k|5;KZh%6L@~RPDn*f>1FJwU8vPp=Re>GgF2>g%Ko4wGpXyaooA z_+dCB1qeCJ5@U`k@^EM}QQRces^2TK(lu!9DY`aY88B@a?V98gItd%AW#Hf_Q)U>YG=4N3V|G?!9^SW8>mg zkBw4g>9SMpG9**&EqZoV$RmS*B;Mcaj7~UrXFUasE0=D_=U!eU55U zPbVNt%8I}ZlhCOYOYttArT24{7k8)vxk3wb6~%0{?dkC8WWII>$JPM4;R1b{wrTF( zkHmxH|1MMK%D_z$9Sk`Ai<|9)W!m>+*q;=mD#d*O7I#gbh5Aep$ip9-h3iTbvQ3x3 zBI7!`#OX91pp{eP96ILj0ooBzAvkl>Sw5^DIzCBsKjoCbs|ZwU(X1DYiz4f%h|kpB_sbm_MXG3d0w}~0U0+;=y^s_sMh^= z*IRydF_gtb6^g}h5H=fKR~COoeA@CKiY8u_;MW*28(jY**SGl^pP^%ZMl+lH6(JlV zJ9#4G*_@B;XiPAdhlV!X$*tk`cr_|=yQ@#IJ1Yv?P7Ct?J>;XnnE)_^dK~|R302sk zVP$1c9x&F*V+{g(Opfa3?WhxN1>xU<^G>uGZK4))Ku)QJ$)J=|#25^mPVmG6U`P&o za5TjvRzthH|ZoDlgA)uYrybdXGQfJMqYEN$-RmT-bHaL`p|U{V}}vrnS&Uy2`8OsJqClF z8-ZOCL;@B!$=AGKBK)^6NN59^-h@At{XnEq@M!_s;BlC5g5ja6+9KR}64 zTBNo(Cf;DJZ~F_OKbBHLw$g>xN{7i5GLktcI!*z@yO}d9N)ROLmoQq1bGH<`bsYw< ztQQ*fd|l3mY?GAJ1}>v~rpxJcDX}w3Y91BAdsmnO0m=Q7*&*lBlGzBMsC(*EH|3q@ zAH(Vsgr?9LYD_oq?e*RsSxMT&8WPyBY#)PzIERyiYRZowog05``imuikI*W_pFsW% z{lBO|CF{XQb)rE&4%v-LIG0?rUWN-NF$7tv;5XtADKmv;?rcu09DMAq)=eI(T?1Jq zwZO-~MDADUnGMK>FIVUJ=&yEp(u*@}eGK-Q_NpvJVOm~(yn4#%x%m_K58)oLxvW@$ zs_E1|N)oR{V43uN?=nq2#Hq|a274y6-+WLh=bygDxGwLl4?x|4LG#t)Xg{3dyWGt% z{l5OiUF8FJ5{aoo{z_mS-gcIcXoV;z1H~`X8LVYUad4=?J1z3kDM(sj&JiPScno1& z6tgiOKsqrd1kR1!T%34ZvMyLfI>|fTxw$L8n4iv%++>vR++6>lpgEB#VvrVnj19*xyrzYF9^Bl*^$g9t91>Ve z>){1*OSpSOJhyYiVHU_9;&I8-A;#dx!B1I_g7oo2^!g&acf<50Uz8Va&bkvnM0;Wb z)~zPFA%^^xf#XXo0;Ma6rnAxLARDFqOF{$6$A-@UN%0|Z0WkT;zz}Hc6Vd;9Q-_P& z<{E&JU!T0q$^(v;z7iN)Xas>dG=I60{%wF!$0$AP@Wm2Pl`#>Dck%G9;5f(fch7O) z3Y(-UZ*rR-g^ZKw2_+IN5kCMadoyN?(C_bh-j3+u*l-oi^>+mJR?V)}S3%c!XLKbw zzVBX!Sb3p&BV=YGLG*1tAl2Sz#{Em<@^*K8-l9T#4$BkUwEwP2p_ci-*;h0y{n7f}1s1ya61JwO)#Bwm)&xR~F_T3)Ag@dw&;7!#6%XeLYqB1l26>SnK zEsWW=K}aZ6#m!xaSmdM+BTY=)$H-T%ZLvXqGp_1dhB2NmMgZ|_1CFvE)%(FTPIJS2 zDGE-JNhKZ0B>4ND&yP{2%Mq)DGU6#6BP*I{ltC13k04hIw^s;ij)lAAeQl~vtm&4k zb%8}Ps?_Z5y7|0FxAsGppM`tml_LQ|lk8#=yapi;_mGr7vxz3t)V#u9yH$-=en3^o z*W?LPNxLj(ndHO7%S^0aOSKX|f3WT3`-A;pnk2L;y`;QA{h$8}SGz=2 zr0isoOk;9>6X19=2kJdV8NwYsH1b-g)j%djzM!lzl9)&m;xvfPto%L!th^vqki`BQ zrpI(`bLvzlf%qjxsxb&1S~SOj4>?gB<|64)5-@{fTG9kJrLw$|>Kua@?3w}wJBmIJ zYA@p<@3Oap75Eht06t=!Bp!0qGdFUFsGO9-cIVn5#As3vhN3mYAf1)+bc-TLWN@6&QB6Twht)8f#siNdo zH5ZgcUis z=&Z9rtVQ;Mfb_bg)Pz<=FRf z!5mV*1E5`hp5F_|uB+7V4rX@L`kjDXbrbuYfbBVs8JNjz*@=Q5;zQ zHl9plpCF+Kr%dMAAnuxpQ5b5lP2bXV=KsefqN~JY2h(We1_5ia6!bd zaDE5F$j|bLau&M95;cT*H8hKAE0SWHb ze!~-q0~QGa$E%Uh)jOHo7DJZE$m?#8xCJHNnCjd@?2z~(5tQ%%gLgVoi^HC)%sp4B zC#{uQ4hm4GS~WvS6dkxx77xVp&%zQRefr)v)kw0kDnoiMQN(jRB zmfO}t5qTc#7jd05r3d?a79V9~JgcnS(GTf}aqR;JW?*rD{>ZreK*T3zH^uU%Wm1;x zib<^_sKS%iuKS8h>=2#b|CE&EKty>U!&?3pN1ADDxz2g$9dZTd4rBweO$8KlzE z=sX!^Q~cVw=9zgwBCw`Ng+g9-u-ntS`xepl<)m12lvAN(Iag%pn{=}7_Ak|60Sfk+38VMRxz1{ z-}k6wDy3>i>89=X1MsdFLfYz$vYr}INv$+6yXiXW5djWi9YWE+I&}e~@nBsuFimJ- z1fA_lFrs`l%V`l`TP2#8*CPZ>t_1@FYF1nY#48b%is;y}5lmUdQzQw+r`>hruHWav zIB4BW3VKFY5UhLEq8=7yXSz-_*_v*EZOrkdJ~-^6&nAl|Cc#{9>Hu$(7l-T|rQR%; zxCNSNYs1Y4?(%wZ~g&Fpm&=SpoGHZ%&pqLlYd3f38IuO~aY z+s^J;KH5mZvn4mVTlpOEcQ<&ih61%kEFY@f^vpeLFWuo<$PNaxE9 z+uZPcu4I?$MdwAUkGo-5)(xwqB-eL0PL9|nRhO3WP)j;BnUyqpE;zz>z-kqumya(E z*)rZx!huxa+n@_hYe%XLO(IL+28xYOT|Nl07V0G_2PC&VV9VZwGXh{bdce>@rYVOu zj0k`?Cv=h;lvNkL>RK6G-w2fHtXyaAgpkQwZnYHd}xLg|;iZ~XZ13O2`9(5f|E>sniPGE)u#cS@&n1{`-IV*3i(B#dh+a(J2u&$kV z6-`rG3D0F5+XLp}6>^alr`A{2v6}(gkA8=;Elr(@;`yz-8koc-g#=XW=asdA@%Rfs!&`Cwb)u5 zoe&|bf<-Yxy<0X&brq6HJQSPwuGXD)LY$FygP4vrLJL2d+z41EN^T&vfk$Hb(*t1p z11N+up|Nc74NX`|7q&czIt~zrG%^C+7U7*j7D} zG2VMA7eq5=9fWOa{`o2QbZy1&5o0(r;DtH1!pXWvQ2vAK-szp?3#d{Q&(tmD`m0E3 zC@3VIxEN(Ec2!?uq+ZpowCJo`q0g^HsA^e?-4d^0DS4{SI^_j)r87C;V&VA7_aLZ` zNk>pGo0SD;Ny2auzA53F<>Z4pwY{8kFJ#(n)--T|IvYVOUuaD0!T0+juYTWP0k+IC zOblmAl1r7EGbRfwv{7@BaAURie#XTgpg_;Xh)!K2cb|$yc}%al-?|lBx3ws%ODn_7 zVO?b8sMMM`ODBU}XA5`-R$!zUS9#au=%1eV!zK{ihnp)Hn~2}A2gV!pioid^;4p~? zKjdkdd^@4CCo#_XB}|#CEB0ebf`=dM0tKD0DHoUI?KMW%Z@xQxy&JTOSu71XPl|V!Q<&-MD%;LzU)WV~Ku=KlhzS6917ZNF z!U!BW;1GBTCD+ex(Ed7w2h+-y9wz-!oQ~P6em8hYQ2;CEv;9$A6tdO^GzbUVQzhXC-*Xl1Q}&uu_n6p_K)q{gG(I4lwmAq=u`%jBXhCkcUmqahFz?^zyynvU_jf;_`yV#9;Qzx{K*sR1Q!L4dluVfEfAueB;&F?{1O1$ zW4O9v6yY#Cgk_T;*;GixU+W@fOQz&3WEZBD70ywW+6w2MBO>nZIes`Lu1IRq<3C;A z#U61RCQ#GkIa+qPx`9n$U418&?z`S?+?;18oCHoEK{7xFcn4NjkrG1RiDowu7_&$KEH zbK&<4pxK$lWZhXoCDXM>LROs(pw<4|$v^+lT>tOex9<*LfBD_J*KfbRlPs`T`CmWD59M``=r$~xiTYejxlF19b|T?|>(nGMnIS~q)+WkxCN?`0JBVrc z$Rxuy7IX+9S7k0OiC=v=8&4h0jGLJyAq74wTBz--35jn9he4T^BNq2q%ZnMLgKjl9 zDW_=ov5Vi5SNzyb*Ho~^3C(k8Q*aWE))TWAnxWQc^~qFZRlTN?g_%1lSI~` zDFHNG#3_Q=6@wa0!bun_W_)c%>*i=sybSSa%svOKmLBl+i1)U!t@@@6 z;!7MqAa<$erHbrSPBQZpp*j3=Z=Y9jP8+=14qs9>7j6REM=tQwSn3>)D1$-pn1gij zukQM9fh7J*{WQ>jQWric+&2KAl8NTr3vHlVCO0IP{up9h{1Ggg8uGG^`DC!DYz0F>I zNczCluS)Mu{p(lc!@FAlL}R)ae6!+aTUc%(+YJk8qQ2*^U+2H<`jKX2skI}`Ms@8} z`7meQwid11=bAD`%U?a?&epT031hJQ{P{9XVv-?1R7p7gpr`H26yRz>cTNmzt0+cJ z6VyIC!-h|yDJh~!x0PJhUWf3|Y0{7P{Z9I^d3zn4#m+xJt^z&A^c0_nR5zs>`IMyk zI{U-(`TRTNW<>b})cAM0ME`08S1dPsFW-E!vpXkK&2l*T>^@noD{lt)PCQZe`sDbr zpC7;<|%9EqBbozagrze*;y?HfYfX{j1R~ zC%w`#4CC{r`)nD8@eTxw-vX8(Ek8>-pHQ6c{NCm1Wf+sin>Tm+uGql2;!)>!CQ|DH<7M5j$kiuzkT-#wV=LMIF%&*PPQZ` z7v^l|`aJMrpq#VM=h^%@OeS!kM$Qx1M)xn|=B6on;CtP8&-Xa4h(dY&)nSJ#yeX(nUW=mST$9v(V}P)*Son$>JdsN z?hp>Y%}H6wsk9rs{}E^mT*U0-IKHF+`w%U^_#DnTMHTGwA8x~AdZW(`1u=hz0yVYe zU+v2PeR^}^ID#im0|b`Kmk^Dj3q+i>3Cp!|NixLj?Uy2fVWkr>(Hh#wu1qGh1Q*^{ zC2+6|7haKX=^u|UDl^1oPLyq_Q{a0m?II&qsI>rb>$)w{)tu5W?ix&s>8qN81|IHJ zkk`O=B!vet2ato|w!xt*p!%#GWiS8%9O(5*I{?->P(geKF{( zb9`A`UaF>*X-M0lw7uni*dh|{a%HlfFS#U;H;Bx^*QUxvG)-$!7&h`G3#2+)-=w+o z3V8$v8jI+Z);Mo(1m_(c)C(`@$f!bfF|-58E-lNRoBo@F3!}T(UHe=jKSLSS>}}!Q z0lRgIPrMKBG7F-$>zV1lN%@QfZjcuFj0auI?1<)-nu`Vwvzz3S~-3J~8=xgM*h}R?6>4-ZPRL2RzI|7R~)t zLgSxqZ@qY~y8*zzG{ApJ!1I>W6dM6LQSWIQ0$?2YS^VLRYntNP6A0*1SKNVWR%%r@6n2q*rFy$mtVUsFKPe0=pVw^iGx=RE54?Nm7!d5vm;+ z=lBhezNDbGdQ#O_E^ecIg<=A8Rg&@nY_`t z!Uu>}5Ds>i#5+%YGt3ed}`s*Y2Lm*_wU~%nG?C0c=Ve=Z#{`hXuT3Rn+L0IxLsaKn#(cXp0K5|3C{k`+uY`zox81#d)n@t znpb8=G3ZlS0)oO(-cd}V{z>bGv*tbh0pAU>p?TZbr-u^`Lf97G3NN#~yb%W)kFXRa zfR;I>X2gsKj|v?WO)1nHXS+A)F&Fe{vQPL|oK9kc`@@LNM^1*59%mz*)YKgZ59a6oU@TTLzo*#nOBt6=2ANr!_OMUr&2xEaykmN5cZWcY#~kj zx2=8LgJZ7K`)^yXuGyVO0a~~C_*nFW)CtUwNvB>X4R?gC2%d`cCb?9p`|Dm6_cIT= z6%`>zkb{q6vc_e-koTm1OMy!+M>6ygy`B$BrRxEZ2tk{6W=3?eTRxGNa> zFr_EKunZoLK)8q~VFD|1q{`)bu<6e13AGSi&+Ze4&|z0OY0tf0jxc}D;2=&x;&=K9 zg8%)W|6lL~RyINb3100!3A*?v4GVvFD}Cd7HY{=F5lkj}^?}lqj<7zd3;H+d>kPBzu z(9%IRf(U3t!}rxz&HEwU7Z~q|iLl&$j^v^4e!Xq?8bfHtEO!J^?!W-Y)B-A9sssn#ZGKXpkIFG6VXphIG20Gi{z^BmtRFW3b1g3tnizI zM(~%jzc*e~SNr;VT3LtY!;(>2hbFO~o;B!SJR1xBO;PPw#F>oOy+re!3~(i1^AJwv zXh}oCDp>S!P#qsVhKs_}d<`peU0w5MWod=I)wONZp?cHev6UI-zjkF^f+Jq*nux}I>KdR13lqj+ zRV*a!krt(u#2iB}_z(=p^43x-_Td=TS!io23v`af@B zVeY6TR;@PoUMas#Zw`|DP}(X95K^c|NeGy2I9Cx{ozon8{1v5yM=4rUW+5pcj+^p< z;AE!G98yE2wFkJ3YEVVk2@^}WR6=O-C+XnrY}_LrH=6t1OCscY83}bGYrFAAAcv<0 zsO)BtwAl^)VY}K@Je`^pyd~GuF_#PvV+;#uz+r%F=W6|00E+33KUSsp64%nQw~Nq8 z+A7g!sY4N6JWg?#s*P(dz&E{u;3_$Ct{Z2rN0P&IptVdIu}Th86zqE?a)$}!Mk5B! zt;A8e_IT*(nP@x}b8vnUY!!@GoNpL6nl8k6^SKf>MKpJ7R+qhCEh$+s_Ojh&PCj2Y zBqqE*@bMBo_-aF`We_v+Qii-hGldC`Y8?BP;d>nWFc*^K+;c#m^LXE6Y{d_~oh1LA zgIae477|v@FPBYtkI?l=o7fvIHMIw#@^VUfydR+}7~HQ3?NI(+u_vR+9v* zczvJ=^w5S{I#sqDmk{=Dv-xWan}S>WyUHcOX7X=o&4kukBC4M-oqFUzpT9n^L;(Hhu);`Tq!hDa($!vryTGOpq zLE#(RY|Ejqd!&~@<(uMi4T*1w#SV434n99M<9-8(&=W+EMB0elIp-+9-pH#Xr?dOQ zGqm31=;ds3b^0X?>K+?D21zsHX?DaVBGiCJ<{>I%l9U_O1FdpH;eUg3=d_y+^wuIL zM-GeP>EMn}7J%?acKD~n>R8V~jHI61F((8rw6JfAi^!UBXH4$rkh{TRHXd&flWl01 zl35#3E>DIDTr!W4_8dPR#8?morvB0To`0NXgOBDu|A>h6(K)s2(Vrig-WY+@7yAA2 zF@AS^{G$pff4ub+^Es2Njf{yQk1a*TO0vfYJAw40g_tQ5?#W-Oi}D|jqbKWsGEe#J ziXS(2g*`dnP`tsIe1`wjHqUj{<-PHzp|YArHA-Lw>^=q4{r_+{HJ%F#LvB#7NIpktlI0tebRWSq@lqt+tlh030oP=<+ zH3uJzifmKMzHtlP`B-wSOiP`A>dgN(OA4z3fg@38l@fJqi!j3$(C?$hKYw9=I5c9f@ zV-b#m?+Vmh4o}8q@K_j>bu_jARG>$jNdpH>hU^N1T-lJj*p)9Gc5oPQ$(kk)&z`Nd zCJe6!IrQ}ne!EK-fIXw>&xvj&u(z-YDDLA!5wCp$q~%!NF`bbBV3Z;Z40BGUs<&46Mi)wS z;0jKG3RC~g%y z0TAwbk6>y*mFO+jBso7-e0V39k2PBqmW>IV&z-6ULkYFBZQLpZ!TVLO2Epo&PQyw; z1$9F73oF>r83X$ECRJEaZdAf@iN7%N!MoGM2={1dUa&7_3vIQp*<`@yiH#v%g)=tx zl(rf%^j3<$&jX@ zWfhG8y7*%p&fnj?I|xqUaE*f`tnS@)|2oUl>=#A(ug9=f))G zV)q*WAqL7wARHAsmact<8LL7Ksw|t_V|)#xu7ZgYvKch2CPDyUCe2i4v7U@V&G{f9 z6{#vgj=Ur0!(=1P%zokikFXju2Lni*JC7&225fyU(POIl6fK{8dn6=~fvs=u7^HKQ z8@4w$-=yYge>!7pmGuesi@Dej+l?PO7IBL6D$@|eQoJHADLc7qBQMP{^jD7V4b zZizP>oet&%DBcX@ePGGBJhnI(c%TVLry%1l013W+q7}Vw1W?nMt4zMNR^qg_9qLaE z6Y*cL%YqVr%cWH%*gg1aPd=&&l75d)iSB~Jy0GSAHqC&`yZlFT0Czx$zv&vNybqmu zrM4OvN1MP$UZK_vEioR7dqzWS+Rs{(t9cUdEJ(Y7|D~EL%^dfD-x^Ld9=Eb~vOjUt zwYuz4HxY!sOLa`+QkWC&ym#nhvl)ho!8T@(90e02+shewC^4qNZ?9SI=Et0_1UW#5 z-*Cy^yCffb%!mX4yfW-)g;fbTfk!1RNGA#7pF>Xp#y>WL$LmSu6-S&^8KE%X&f0UH zcf1RYf~L}hOWY$Wpr5}@NwPFep0iQN(U(-0+;-~imYe>>RX@@it-}9T%{1z{O!N&c z1U#mH?c>HQDvqMVbz}gpeFRhmF^a`Cb#%Z2gIo`!&_Wes8__@v32PqxV>)mI+6lBL zUQSd=zQn7CRcF7jsH zeId;qG0(a7tRLn<(mZM6qERStJT_gOIVn~XJt-1%f~7Rm;VJBvmBUOf2M4&=AKss5 zmXpJTd(+a$Qk*fb-0iu#S6n1Lm>@`bVKFUOY`PcHNZX|jME8*9bQn< z6Ee)03J)t4M`za>t;?W(e+EI>FUr$>H26oa)icagdi1D9bH0uWlP0i6L?(9wjDGwu zr)fDV!ni-S`Ss0xXA)qcN@?Ku#5I65$Df-BfVt1!EaTfw4H0{*8)toWW*YU%vVZP8&Dfn>=n&O(-h3<*4DMteIs>Y_ zPPFZ+dV3@TCqKns9!V4K$H_D$YMqzPW_X^HH4M^rxJ2p?#f$oeQa9ByvY-!V5t^l6 zVJs&L+5sO`w4W&lQWT?>G%>csd41Rl)=nlBoBhLK?S?g6D1ygQB1z-R%jsx+2@Zqq z5==_NTm=z46tFQoc+Kg5#bpCuno`a6^>I^J(s`HJv5jIk&>X1vjM#xaZ-l@w~iVOh>c_W7o{h;Hv8`+U=O_X#{?x6NSJ z@aCIp%HJhiWJYN(2l*g$xfpVfX-DlBQ74Q?)0FgtyxmOtQNq*|W>y0NH?zNxw~}EE zK7sV=5IQ5cek5S^2xN0n}reCVX(a3>fB;n4ibzIkwsoczVU?wem*^dbMB3Mb1O zUfE#P&!0kh_%zqRu_n*rSZ@O9U{eXOS5_`Lv^jrGQxqkpPs zl-mAd(JJ9{M%C|WGGb$Jint@5S`A1Iwd6BDLv*Y6&*|q&H&Ml+ z>)UhHDBE$2vSgC&s42H<$Zay?I!0XLX(dfOP~X->h&7kE%Qv8YDfh7TUx^YgrUs*g1t0l6MAZ`T9R0lk2&tK&5F^gzI9I2y z#Y>2v{M-nog9-EBIOhy)b99#2*GjDFxa_q3JX2Q06p4|KZsFi4DKlSmc3i-@L!UpW z!rhWWAi$IIuCVDwrt-+8d)8(q8@O!O0C7)kLJK?QhRb%V7vB;cYg0#;w-$V*p9zHr zDew74z5CXAn-V0qp%=tS67XxSykVHtU!C8TiR*sj(Fi)-OA&~s?Rc}0PRu#P8!Wsn z$HW*>;rQ|UIQ;qe$3L&TZ5A^vgFKsF1 zz%dcJkHFO&W9;B@4CfV_v^R_O>rLk_w~>+mVG}>oCf-V(Ft>C;7D#sdWmhWBl7gQ3 zvuRNR3py5GF!G!sgLl(mb}_){5t;-OGpH^+{&>ur+vxWv<2YyIVNKjM(M#oFRoqos z%q&09&;RQ5Gk-V@avHAC)Hq>pw(JDSW6Kop^p!4iI#j)jP3eWvrLaI7;$(Xnygn#U z;UX&OlWaB_1mcrLgR)k`Rk5@;qxREw^fc;pYEQOmPo7#xIaH@{f{_`By&u`{SIliv;uxa_qlBd5>sdo;zt^}-~9`boEB!4*@(Syef>gXh7 z2TKm%#&{nNn)gj&E&Maf)1M`U`f1WX^G?4=yk62e)EL&%QNhI00rx^t=Q<;qdR^Cu zdFHjpw-PJtgkXvLB=x0z!}?T)rSDxOr_<}dhQjFfSH*u3)%_gu+=nT@oD>m7Tqh~z z9wR+b##9#GaXmQQIhpDaQO6?hi~x3zl53rwc{czYG4%=_{ zusJ7Tu?q6P#CFL{msS(}R(EXd{%){JaB#A?%M*06j#RL{|j|sogefgw7yfp_F3W0@i{>ju`rtBj1cL z{145(`m!Hmo-XmSw(~W)s;WTBgV=lz&u-KMJ!vUac?TmHEt6a3LAwJ@`$Lzz4!|d&2TrC%2F(!`{?-Z5T6r$eNu+W`hTX4;l^KHN!$9tW|jagC8fy# z=%iOpCvLzuWwq3CBUmIxBjo~Y9EJY&Te)`so?Qf^4Cvns?!^%*zPKmZfuKw=_%WN6 zOM-#l;y3U`BM{vEJ8tngNZ74B$NqzkKgFctQ7VonC&lq&O27G$BMLC_#K$s^Ck5id z`f>E5rTVk$6~7ykRx}ipPXn(&0g|A_2#HCOSO~!my9NM9A_-Cs@;g!hRyD{16h_ zhAfSI@gJ?ngXH`pEL8s^wEKv$)uXhBX)?}|ycPX<{qdhZw$_*H`J@Oje*pCQ7}IW@ z6d!x(A`KQbc2yFt>M@xSNOlKv^jQ~3J?*0NuYKAz41c}6{WG6otn zOFkn1KZ-9ISo|Nnnqr3TD}M;fTKEXAsbiWiFjIiUF_38J6DPsa&~41JF&*Hq zm`r*9@Fisk2K3F#8HYc9tJw|fgFER3{)!b*wq8(06o!2ta~m0u%29D(6HC++1znkH zqWI@5&Xd_R9HMn(Hkl+NY0dRm+R=8@ktbS?h5wpci&{s(Y*m6a6yW#q<4yS z#EaQWvU|qhi;LkZ5$a)lc zzF||?$F5}VD)KhCI?mM8V9>?(jCF+#E!Hjvlm^J?1iqcHQ#0T(kW@@u{urxsdNm>w zELT&k^BN>t9)}WrBF__=uA|`JCAfK3NW7s_p@+0Y*@dYM!Rm(?vqF(B6N^)%q)dVV z3cm~o&2v$rEbjy~pMjqez>5B9NKCyf7g^f?e)FLohfZX3T=)m#iX%}y6#R@*d}^Vh zsh{j~BKa`gU8MOU-oZ^~y3iBZnEX@TVIt|KM0&L}@%*@!skxpGc*SU(i2(_Gi@m-Q~QCewU z-wm6RYa?*SwZk@K?&5j8$DKH$l zM8D1s&QIlGQ<|Ddj-9ky?)p?Nn9u3$AY+M&@H#^^Y8C71M0)y=|($Kr=)HN+@yKG*ni(y9o92ZC%dgF8Deg1sM(f>)S&i=+st zl(YZ#wQbRlL7L0fH)xz*(#IlS8ekg2x=a!?5?p@RU!Pb_ryhmKD0pu?LiS<*^~*yp z&Q{fj*h*x=jp>r2YUVBTX#RD1-ST2faEA+vi?LkPP*{xexEk@$FXl#8Bq}!3bVJ;} zUJU_NuT@j4RD(#}RHp`?*Q(Uu!+AAo)|M--)Sx81)%+U@E78;+iYhHpRH-q2sVRH2 zv%S5=(Nu2Q(#q3%IUOhUDYsowg-(@WVKtQQn4^Ic zR}D2+1?5W8<9HgveFOp!gW?ul;pZFz>ZFBd240^WQlr<4r}0xd9;bs#F-5x4($|wS1c7b(p0>HxgAmfp!jt*EgN<0vt+LSInTk5fxAt?}v(`WtAKVykA~!`Ot*i> zda%1ze^~`sWuWB}yi+9fdrhb!= zu8|ZU(Ue$*YL(7LWT)ey(P||9BxW#EeZ-OQ8Va>mPRBu#OR0~F#=t38)l>rIijy&= z0?u3z^%I>EucI3xoL!A;pa&Bi$Y)cIWt<_8#gwJPk`0`8ft>N0$1Nlp8)bcP5+B!Qg_g6{p`gD8i#dE`3WrLRn_%8|gxrb?- zPWF@pb9EGSYxwZpB(_h9Q7~1q7=@`|z$7cQ*b}N{JmE1(}rZB6io=uUqTU%Cap%t?;R)52wSrKA^2 znjSsDmY!zms#;&34e%2c{PJhKxZc;o)k$x+$?kUEpk$lBwGB1fobo+Om2I29$Iw|e zNoaeuGWgi|cGzLC@=F9_D^{^ePSOvzLk;InyC=k`qlP18Rm;KE5X7n;oQ1B`g}Z`< zn3!FqS|mg`vDhYFn^eWD#yj{{R<}S?^%677BiN#(Qa1JmT*n;r{VGM%Fx6lcZvia> zZW$t%8A%NyYY)HtQim$SP8f}XUw;ju$)BWyx3e+a1@JJM``t@IcWC0B5R~VsKQ*Q_ zL1j1MG(Jy)Zs-r&)vn-LO(srt#$+-uM~jDXZ6pGa?Ob`R1)!Mj_+wurx)YLoWHTbD z``H$9wK#LPK{t8N)?X0lblZ^kJ(Mp3Zul=CUGVL}O!ShEhZF&PAX zg1|#pPekLHn1k_)V5{J}Vtm86(R3lco6qH!siK)B168@jtF)I*t-eAnamaF-R2oy# z+1-fWH0omRqlKCXQ%YQ(t;~%zA#bZ>updw3UOEDJtuMvrHgL{2JZid$zrTBTAb+?g zQZ3UyP7*41O{JGEqYPgfc*}FJeTt^LU<`*)ZK6Dsb1rPLn1<`q4Y&4^ooei=mmy{T zxF{)|h}d#R*7TQIe}-m0F(*vZXgpYh$vD-moT=$G(@Ww!$=_vX$%GPcJXnAKb*;bR zSXrRWNlM21ENBD8x(}qa9~C<2N>Bl%UbY&me+FTQu@2;4UkrK?NS`4L*FOsfa)Q6; zoCcovw=I|$kFd7tWiUXF+??EZB&WE$Ev}^)7pv=NuQAkMAH3#LRQvYieTro>PPTn_ zT)qbMRrUDe0xH$+CFMnuP^G?ttc2$hVs7Opp_%yXbyI}g!oCtT@G;lx^=F?q_W2Fz z*S^6NPw2|8M(~;<*y!PcQI<`6asO-s4j^-eX$iY39=W{~t@Fbe?GkEF4_+U5AdT#p z)tGjUy~k*W2^RswKfQ1ia(H$M=EBtJCd1}Z4bdM}k#s6)Ysr1g(bEh-wb1D^KC1qQWAYMcMl2EXh$_g}BsO!?P386hg!tZ?nAV zR~LsYZhm=ap9#1sV1=sGdzEzQ-Xa@ZCu%>hMXQ))St$8UBwXHZR zh;-ZJt01px?h5jJp2q@H9Y^0oR~VyOJfd(56^%^1!Y3g}4oD`qM@4XaDJ-PVX0eZA zHkqJ5zsP}ZZ(fd(DaNsoxIp>*$%Ee`e)u8!K2*|+@EtvIBPnp19WO%XDJ%4CY2=_G zD;l)}sjw=g235{WpH`VK_X}9V@3r#tdB>6;u|kQy!108QCzme4K%Z0H{8OUD>av8C zg^q?=v;uaNY_xWLQ&&s4S%?x39F-0+S|KYFBdA%PMENCp{>mMrCZBrVt0p$$BAYxa zdCGS_{63&gUL|SE&$hwlT^rh-qx+uxEum>#3xj;$9e!i&vd&0KW=sjps0pXO%PU+1 zc_`V)8RLskC__qtcXC&2*f1JIj{HbsVc=_vXum2NJ}W46jnb{brP`+qI_zU-n{q^5 zRl|aRU6L!Fp+^{7=-qfUx7yTdsdBFC>$lWJw$R(pfY{{m=O~<*Hzt+{&w+W!Yf<3w zunQ8`xHAsQ+K`#Swapkp0oJl!)lYEJ4!@I_F>xWh59cM;jLau&2}6;lq8vv@kJYi|vk58m2vW4{@-U9Zs}y5r%6_`fKjD@-!(O?o)>Ws2G0Y zaOoDrwH@JMI~m18xg9mAw}ElJe?Eyo6H(Vpjvm(TT^ox@%$#6lQ-rmWvdhRJhm&-) zA)jGLuHEJ6iry=Pw%++slHBVW*>Fw09GJ^zze{_y!`y4c))#m6QiyRikW2dISIJo8 z$LmK`^BZ(+ZYE|>V~%$=lE34rXR3yZL0)w9bcA&ZMbL{2qUhrLswWTwV*;z}+Asuw z4jhdQmq+H93jN)8!s~q!V%A6}@-`iPS0u&XVZiU%{kC#1Rne*eH&_MLjBvmFYVZxI zMCIb02bE=#k>_Alst_C7mtE}KPbuJ$OXiJSMLs{51xKbCh~TOyY(wg56|us96n2y| z_uw?#`XV1`k^d@Et$H%gb%>tp4(-CV_-!b~pl-gF-Xi88->wFd9jdZqSFetjFovMT z{&p+#x%Dyi%^JVi1M5ejHJ;PvnOu2dtIX}ao!Dmht~$F#4ZwNlR1vL!NAy~eY|g+} zp_}7;9GE_ryj_1U_n*Hs_jD6ZjX3q2JzfCfqN7!x!POU`BSYTqNI5+%hUw~~>2>okzR*&8n-kF?ER56z)!;~tskRu<+{~0IMqf$CnHO8;a$pET! zG8-vH{*Wf(NtGwG;i!u9g@4CQaMyK7(&Tz9z5nn3{9grPUQB7Bf;Vj3KFJy-UB^dQ z)X3$fcjhQ&Hto%j5VZ!lw5=i?hH>6M1sMA!EE}Fg452w^#4hku>iFhl$lsbMf)cwq z@j&FX4XZGXIY)Ip6m#n68O({6ULDo@s6yE&&vyfZZgPM-@0<$(04&qc#D}69QB#u< zk7o)Kkp2=)?Y@e^VteMQUa~>r=}OeihVNz||Hz&RPe_VH_|8Q#FXSuaFNJ= zM;Zj>MP@YPl4J?hNs>Lpr$cb z{X|dG+IFb%cal|Ju#BU+YJ0FF#h5*4UX58%;^=o}eTMO#Wld9=O*5bbm;XpEUAHCg zL*JY$8ScbuA3oY}y_YsLp?d#h?01*_)?n;%Y0#Q z0x}SgkSaVcO;=U!Y+))8hb8mUfm9QMI0-#$4iNm&ydNgR2s{qos%?L&ApZqQHy zk3+s+r2D7EKm$5@@|1zgX51eVSc6;9Qb)A0uhg+1x~>4{*=UAF*Ek)&OMvKOps+pd zg>`u2RghkstW-meeRCUeZNN8ZO9ZrA#dAh`{w)yT)gRrKm0dIx#@`f6cyxTs?DBQ$ zz}X}#*(`VLTD&h_mgJgTxRnPTk80Pwi=B)81gDYuDf^FgOf)G~;|MAlQf*??-sQYZ zj8X7EvR?H=GSyKC1Ac|_f*Dn3lUhq*2A5Pn^=CA2amF|@Udvz0zdZfF)_BE^`Dp|f zy1#~GaWgQ>DzUtW_#2QHO)-VJrj$W5Be%PtK&SVVa!OI5sVI1hAxvKQ@dnqbiD~B?je+#)b-KGPik>Qoc13 z0;#gXh7Cj`R|11p6gd(-85d>rWW)GiyQ(z_0>&buoNtKos!|0|(1un zXwE%8j{dyv^v2Zxcw`;bCH;b1>!G=rGr#e?(4DXAU_E~SAG?3~@z3kKkN@YufuZWE z{!9DUU8g>7GmwoF^gZc=<^Tf&jvTSO8|I3&@$lR(O7vvmQdqStsS1x5Acpqnz?){r zD&&0>N%EK_$>UySYS0w5RN3TX!<(#VdWt%prspab9%GQp662x-yWX&%G*hqK2MXbq zQ)pxlm;q3Ke(Rfsxg~%Cj%-{R992p^?qx48*h|Vt4Iufk9$T%(x$Ek~#2RU^IlOBa znk1Rhos197)N~Q0Wj7`_qxhWIIrd{Uf1yBX7R<@#YYjO}j9l%SFl6FU8vE&1ak@^n zJ)U{wsV`=vsnkKqt%jE#@0{}#mL4vp39u5BWJvWk=j`Mv_mW-Jjexx8li_7#zC(sc z+T#K|q7`^lS-(YdoWq!s?=%;d$SdqAiV+-XSrIVNbIkQfhHKE+t0;icQhvd4%}3`y6C>hf+8C!3QL9_Y;ih*#$aq?%jyPV<*Jz z(Z(aUH*vVFs@TLz=B8_NF?-&rmbkAk<8u%xolFMa&+^OC4 zW1DSDTP%(;t+Q}Pe!kA&G#d@bco(uQ*96YTCEFFH{Ff94vlV$XLcq7Dh{3F2Q_}=w z%&cVWAwF!D4oLUN6~*9>4*X$yxJT`@-1D-rjX@y4{c=GW`iyJ;pi}Gtsurd_xIVM8~W;9PYUl*Q8N*XvJUj{j+ zwHQlx49S&$#TdP~e|8}y?C4-KF_|;Yy;~zV$x_v|oS#}=cxr2mEmcuzl=kvCzYHhC zbn?Npq#(_9)P50l;ARGv-P#gNb~|$cr<0!~!rT$%%&~TYveBlj)kw1oYR&n5{QA_A zOAp(5*;F!XuC^iF)26(8TG7p>-IL7T)VN>I&u5|C4L+_Yn=+|pJEHH+BE_Zzp)~iF zFbu+>^9LtBz{~nCZj-+AM~gb(|3`T0%sbx4U=fV6*_%qJ1Sn1QP=ibvPZIts#eeJ$? zu;khcD9GhTBfW-JOVYp8YdV((4u}s#_sfc}UGNw#2B|twYy^W8c)~nM)^QpdV5O)b z`AkgQQ^ono2c?$pR?Fq6Z_Au;|EV+uGGxywaS)EW%l8J?^!|R}ZN>c>OB9h)?}`lN z1#;IVK_^%mylKv;l>d;ox37X8&$%fYgbp&eo=Qt zeS4Y{JJ{h&mK+m8FUl?T-R!AJdC=6k&7`)qSvcKNk{QY*N<}BhEJEsQ$G^PN72k&~ zZBglKe(JTRzC1Oc?db+N)S7y?2{g2C>Hk0`j2-OnkwM36;QkTxdr9Ci8ntDPvNe;OF1t7ggfX3^Fi7SAYsF=0VCLINb~CtxmvR zQkqPgH=?m$7T{g|fLlOvu=r+oqC)QSRzIl4w%qrPj_%-}^fpI_XFW03zS0}+TXMbj z?^-w8#?tpJeDuz_<_*tK=t>Jy?YN)d+8L*BCaaZ6O#M!MUW)u|zCp)B6Y&p>a3~~@ zJQ8tGd#4C-HOc+F?6K%JH!W++SlCf^gUu_rim6H4@n4mrP;6;nC+;^lU^bB3%DXLG zM0vyS{d7-%c=-8@KcYDd1ywN7ocQYF1{V>gXuRzho12?EPoD<(@3Wm9`ggO#f8)>A z&epS_z4dHsd*|7+?Wdh!v(tX|wDX5x^DZWM)z1tCZ2)DEO(tm)58`pr*bbVVoGj>v z=MtEIeT}-Fe+1}ZG-rk9y^>&`^Y`%Ebj{7IipZ9h;y{GMG&*SaE^B3(G z{oV_Bzx`~dKj_Du4sbKT+`Q<#=(Ur<=2m;fco%`(2X8mS_GY-*dDnii+j+j*fh(o+ z92lUT7d!vY>isjv4g8-PC5zVEZ{NK-ipme=?Z&u*|J&T&+Ntq>JI@~YzfbXlMK_{- z#QcbqKfnGOoW^K`N+ujYJi@9=!TxE|KMOG05V=CkyKt#ND<~l&L(?xuK^R)e)-!Jt zL+S8G&`bX;GL6~H9kBiw#McmWTCq#U7X;y<_-6==t1Bztr*Nv56=*BNOZk|h%x8Ue z*F(qN?7}L#g8yct&;5d3=xpNnF{m?rVSL#V$E)^p@9xz<3(vpn#@V|07I}iK+DSj62 ze-kOa!5G)y|EF8q&mQ*wQ~WI4f6;^7?)2Ye|J%>DIuHB*DSj62f5Xe0jB$hW-+sFJ zu>YUpXW{-+yapV} zQjcNqr;}_3qSEdc!65CI&I|Mike90#>p*nNlZ>_A=k1m&a;>sG^}1bH6ZuU$a8h;N zvIES}eZx+Cueuv{!qFQDMMDo%CO(MVN|e#w!E32;Q#dUFPfp_kv!}_3kIU?+q*#(@ zUE2Mz0+iPT!(*KO5_muFFNW$*#~Z<)k`E~s{{~c&K0SyYC;v1}XlfoLns_W&J=EX! z4_``Y19Zs6YLy2Z3?@{L>qyk-A`(CLJ+UPRsl5qdqn8mKhb!mk{_#1_|3dnIe430f zQ&UtCiXv8bA)R3L|t!}eMT7hq=wW&3B0i6F5)?&d+UW0{Qcj|9%Gv@<} z-dbY5UPBk4<`*!}IWKsQbGz&KZ7s(6t*p zX;DYe3Qj+2=S`L_@r>hZ*~IJ=vy+qbgJyp5QWb0%r*BM`Tg-Z89s}>%-eM0z%qyN0 zWw5gq#OHB3qAV#gyxo`irVhI=nm5?Byy)U#%WpaVbP{|-mTA%twm0e5bbLh62dm*~ z19G&Utn9P-A~r*u%+UQF>sU$_gz1!4CtCR-;m)Z&%?eivZ9iNtfZ~`OUr<_8=wl=v zl;pmtG0L#8k0n{c%eP0^mO`O`F0V%`uTN~iJ$51v{lYPci>&qYB!A%;OJO1K0`0p~ z&aIwJ&@YX%CMeIPMjIz$%hpLD7t+L{hVG&kI-t=DVo?hoMqAJu`kc~R>jy9j$GlUV zYOwW;fB-~+dxs0#@~Waoy$u`K*$TI|zv%2lD@$Sw&fUiv=hD@e22r%l+y;tCot*`k zq=Eqna5R0C-39&Gq8G3uMMDOCc=LM5zX(7$6cz=2A0BOFNn5$CF@xs zAF38#mJDe7hTV0hqpenh$5N2^Y9tW>tV$5(0qz(>mjvAj9bO3h)DfHS4SX-b(~=W# zzgawm*wa4TeiA~I9cqWoY>h&=8s_Y&mfN;uj=6y zp&m{{_4GK0yKxR*i`NQPf=T-tF|Z_j+@;?={n?PN!vsqH+Qg4q~9UaIgJ)JRUVR2>cbAx8W`)(l|#Gs~7kC7zV5n zSl6W{(#;>VLSM?`O8QyQv4RZ_F)y2`d@Vl8Ymkahvi3}uxE!)<|{C)$}g)o z?RPGDZ`d%0Lf&qd9Kw0+eY(5-X(Zo`J9O7Ob7wo^5&hfkiFX$)xho64xy8QBxs{xq zSv2m=_GalG=k3nQ9_2eAMXAHsOX+2bJ(3bSgM>5wj{$(x@eZ>!!-$s$;@V3w;gL9D zUPG!92Qr>`Wy{Qak4NS839oF`u&5QLmFMELt}ochw7?S`8hh!yoKKonM7rKGQNsyvsV0Ro5=%c!;y1Kf$ zj!is_Vd8m2vvbE4d&y0m-AlsH`Gk8U0|PXd_Wy7z`m|fgZ$8@2_#_rKg0yc!@6vbH2;tL(T8fz@Lwz|T8Ob|_5$&9JoES{QE6w>u5@71f%2o(KHk6{7$k`hIh&OXtW^V6bo?tQrsZQ3wRJYE=M43=m#3 z3JPK*Ptrx&`D{3B0UWIgTrA`Zub+qnQ)s?Y8jHb3qqmR=>jOj%R!R#fW_2O_A1<}(2 zm#(q7>mB%RpK9`-UrGSXv;R9jO2~glgU0@EBTr@dFEvhJT>KM)-fPq{y*-=`2TUY*ZBW# zhn9TNo+{?#sEi zL{aIb%&9Y~rgfOIk?LU?Q5TF?=TRHt6;QYL`BVfclvd12=#aMsFqmyi zt>v)SI^^(g$$pfv@bT!HSSG5=VRe(`rF;q+8Ae%z2_2y!y;_Nni1vII!rixmeKlV@ z$vhtquvH`LLYz@$jSiU@Y~lec4vNZuu~bD1C2?7fESPuxKkUW)KlB|!5))_mu)XD&#Ris{OdSi1f)b@Y)9yC#n(VL2(%LT#O>H%H12QrlHl zG{x2Lv^c_}VJUW(dn1Xr958k&su;aKLo+w!}shb$t(N_BY>bc=guPpW$0NG z%d@=Q$A94oItT&tK@716oGkiuJAYA1fy^_G6~R*9$BJPJjAXHaTIedA04V4tD?d_B zQ3eEoi1+4e^0ud&H_+?$)B&S(=H~>{WSFL z-{9}gR7?lU`YVu3l9pIb)HP=NjMAQBQWoEj=#IcIzD|F$m&)jzzbM~^3)>maEoTa& z>wb)VLwDaHO*`F-eIlene`9ve17HuB)MrUlj{cGt=W3T~cZqtT4wteC?4o~aN#j6*_FWtSPU;nw^ zlIDz)P%xYUwE-%A#!OF-FyE6@3Ks!!F+Pw`rO=Fc$MF9beX${l@&)gDux<6x6nmUk zvft^#|8k3As+_?ht<=@+5>s6pbXn4OBN`Awt^#YC&x3gWcki5RI%i~6 zhtVn_sadd41}Bwrosp#`6qY|n?;Znr8RyR~e;%H{fAR9w{~D)8tM!-1+V?8A?BSMtHyb)-9 z$u5Y9TakE-OY21KaY+nH=%Q0BAoiFm25)*Pw@aTZKmyFbiSp7gB$`SgGEM1(sYPU6 zA-e}_f3Y>nCgf`vayD%R+!{8R7iAnlg1l4RvKs-DJ|*Qp8c6oS9$O=`uorNi{MQ={ z;`YCT!^Z!2BTr@dFCdig>W-v9+Ixl&sDdZ6rVUGkDj>OXVUCDaUM^GnUqL!cZ>Wfj zR`Q~bcD6T#8aL+c)=OmS+!U0{w3X_R&eVoW%V??9AEu-xv68PuP%As)B2-pFT1!@J zWVSndO3Huh@c%mOCGtNW!_P+k+r+a5|F84|+D4qk@->4J7^;qtftl%UmKaJxY+I+d zSz;NkqU?I4c$*b+HdEzK++DcG&`O$2D%BOyX3{Q|O*ltn<~78Y)_B8J_l8qeh$QIp zQo{F5Td;uJTUuA89PiSrmUO%m!Zw%Kg!mil1K*27p`eC+eZl80F=tT(HC2vOWJwOA zB2TKVYNSgFZ?1%iPl}XDCL<5=0; zcC3{bBAQR0x-+){O|UlHebORuC$_-7l?jACRcTd*F473bqfjbikbk6x8;Ic~yMfsC zga8BNK>C(?x>sqer9c!5OCYm|)b>Rg1;L_~UleDd;-t8=sm-z+f-?59q^E7H#b`~b zOR6x4#8j99c4hk3s|C+c5s_GG$~~m5LQzafC#W59edN%$w7+W&R`S{i%xR>EEk3|~ ze`eBp@JFc*MaA^!RfWL7d4c03 zGvKfY=Tm9FnK~ewiwqS!iXp>9+Sj5iJEQR`z+&hlH9({MrX0go+RCs?SYn35anbPL zq_DyXiq4g|tDpxEclsLLnNEyiwRw3_`z3LRD^Z{THQENN?Up>>Do&`h^6qhMQc@c4?+OgH8nBPig`#7;AY zp}s2!RkEQ<$d4cTq!&e}M`|LDrn2Br6)~ek_M;pf@)lC5urMqm?#j-@lDQ zL6Z@sST+;oN;#zmNm#mLEk!2Zmm8|4-4!S? z*;*PE>fo-A0yV9#KJh7(mrdfK&CLi^7m}jxuyb8<=q-8n^Oz_W-EcdD7gZpR#vBeWRdJL zHR73)??*Wv&0AU>uK$Dpv9+-kO=-SXflXzDDxMe?r@{#?M2%#lINMtZ|6xvR)Cr9((=b z6Yy|y$QQS(fxC3)?)3KW)@|XudI|uSQ3LYTA-O7783}zf>_lQJQD3UroOr#Wy@AXx zt0BX8CqW)EmLwik1#H|{_H-7U7~M`sx@;bcxwgE8JZbAfUIzLy5SWd^x{+A@J~43T zm{mTq$&g-@V|H>&MHw#(sYDMc62tV)5t<%rJ8M@j-U zgmI<#=L5ma&oedg;#QRn;)&))u|vQ=({{G znj*DPgcR{TNe!t{#p@U|ONE&=X0=G2V`ix?^Tw`}TWRnZpUt!#%Zs$B?6=4zTB?yp zHLxPwoz7x#sqe~h>R5Xw*)cZBD)YWma|-(nD9eHgqPgH?qb;V<6=&)PE~{vzpd$6)>;e zdAQ(*d-kIoMer6@Ckfip8@vNi0HSZIK*ich1?{d4vG3?9Z2#|$E9L&hC&&M{*X_mg zKMszM4jcRbO+1zTf2C|RLV;gv?%!Cm74rT@El}-blk<1|Ie)2w5mVN`&}RSDd~fmq zQz&6-F14wEV;|!4q`gycCgB$T8{4*R+cqXPC$?=TU+jrJv27<4+ty5M=R4VZ*S}7k zb8&9YMOXF3+gFiPFJ%W%eWV65Q+>`JPf)^ERU{=c7o zawma?@*lg0h5}!k1+GgkK>H)wOCa^}Rq@|&Y~C?h!%M&6pt}-4yL1j4M_L z!SlMa<%2vL>@ZO1RUnA4dAe#koSiX{+=*#jQD+hBGUvMygH>k80Q-UXyhslL(OD5<95l)=3Hw1OuYxXh4eL&Mzb5%QMLb2`P znj)%GW^B!;^?+!|@OG`X7RPl;&E!kyH+3+ld;%8T87*(+zZ{JRZWk+k?|9E^Za8pr zTuljBJORW-M`mC2reY6XVG?ifGtUun z-v#Kwns5wZ-x8pR+s%O}uh1kBz?=@Bys%T>E4;tB<&)%B#x(X0!vn9o`MwhdF_2JWyy%4A4iH zz);bTuhWxZ3NNv@{AW9eFkzAJ)*9fDVwfD!Eb~{lkOu@Jc@v&aJhV>ymeZ zOLmm3Pgd|2%O=`Uf4&aQDJx%y#{z-v*noD8qvrSAYd8Uh>FM|*PQlLOk5wVb*T6DG zy&0v%F(7jADg8&^?xm+MB5-$DEf<)<5v$N4E`q+4{n|Uj=F$Qv2ys61eh9`h5U#3a zsauha_~m22sq0c%b?ur10;f}#hqG*`2IdV$3g|X_t_gZPGWPB;micx<*jSz<4s&HA{!J-+J?nczWdCL3Bg2>wxTL98U0Lj2 z;B7{lUEu9R6Yvr#-t4q*$k6p`bE>KFGx7=@$Y(|2G^F{3`-O20m}Letb3QLx zSNoxg%l^!ue!f)9nF=W z7$3E_ZmH~{A?ourvk!C<)**j0&kMBRa}y78MZ3F@RAFSc!S`@0bLVCKwWAn8~$cA4IPQtEP(`?S>*b(1l%Vk);7xWTZbhS>!KlD?h zi@3~tl&+GwNX8MbR(+v+tRVK;uvsE!Zf+*S#MXs(xQss?k_dp4B+>+$Hz*!%TBXxP zbgmJM=8Rg;p9#@ixF8}0(J$LiW$({?H1UeLERyH1K39TOpnJlvcOXFEaTiDp7Gi&MB8-Jw-SKEN zThqrj-LmsyOV*~*^H1yVO;zvFtQXx2P#+XY)mlfJFx3|ri1Q2-y7I*ToR!M!dIY{k zCog!M`_grR4uI_Hp%3n7(#ws0_zk&#HTtSEHtk1hRs1q$V$}7G`+*HRa>4R%%^%nG z%ctZ1Eg$U-*i-2%LIk|_L`J_0JgwLV{_^6g2JS{&njrVvwnh!dacmB+zN9V!N1Q`^ zz6A3oa=&#Nt;1YifF^aD(YL_wy4=n8HrfM_^8D_#{tVnaY%zW~gGvaOt>RS@cUbOR zs2Sa%UR1s}x2Iiq$Y1<)wf9isUUu>XGCmvUC$5vhAo;5hQ7s^Hj zC)ivE&nDE_#j7J2dK`Voj`c^lNw+bbWqcXC2X`4WRnYGq?6=MCxbzcvrCLM}Kn`FM zLs)QTX*!7&v|0ln2b*mKQQ71*W^NWZH--ZG-5>R@nSK02#VS^PUmJ~*vSqmMYG5|1 zyZ{o$G>W|kwn%#So>S@icp`$~8751?F>Gym`q_%!tuv>4(XYPUHh1k_UU)w7F(UGG zMc)Y*oO=2=BO&2~b0Pp>VJ5j_Wb9}cEKCw}EaQd`T*NDDQdgAZ=$RP`Jy=+E1D~G1 z5cF=9X3`n$)4L|vvLEL{dIWF8EX@fXC-R>T$a0K@rdJGY@$DAR*=4j;vM_xVwCb%2 z=t~`R#GjWYd4osE-fL-i)Iqmm=}k>IM0)daWEN-bfrsxX9@v&|Xi+imxs%{1S_A3V zX0^139pPZ;d(TEUK%-uqgtMc8_Lp~NqnjRnQqN1@6>5Zg2z_Q%ah0SBw?vvIw=vZe z?k7J7eb71x?dT*Bc=`ilD(tU_N2Rziewbm{FZP@$`EwJQvAg2=bznff z{OjC8)94co4%lLgg0fKp&qLma3&(ql{X>E=yFb|H6`n9o?)F&qE-cjHxhEEFS!6Hd zRIG$?C#zu23v_(iG%4hX{$LCg?KYSU?m*y0676Y0yDjgTt^ec%a3PCHacxy#{Vwpi zeph)5=n?FB!S3TqCAhCEV&p8`I<29mX( zL2zMX4q2K!anA(y^ULx1Uvuf(2I=YRUFkAb;vyL8VNilm+@hLEy`J{uGLfLUyR@;g z2;8XXr>9l8=D=c92%C4d4Dz?Ng9R(SqZKN;-v*bUP^x&2DvYZJNc6r6Z>S7S8vb2m zN$LKUOW8m*n@}L`9_N+Eb#~fk(<0tiGrpgt-~^Fch197Qi@(Ro07&4O)&KNC ze_O5cjQ@obL9+P^lW>viATDcLPy*3!1Wx-%UuD1G$&n~TZ~*Q8can!zNgXenwu%E? z9efj!m(wLPF;3xh<=Zu8ds40?5k*pcYeL8BbARngnrW(vvz964!+2>Lfr&W}C?Uy0 zEGcc+2(v>pmO+6aPcn#rM!(`Aa^YF@h#YdvL+1u4;((cILg57OlPs-}kv8w2Yw`m> zO*|7--3#@G5iEoA&xzJbHMQS`cFt{y$^n_R8eQHZ^f$i%NqkThWg;*USkf7%=eQZu zQdoG1B&gNEwsw@l{vEQrQ;qZ?Wv$wVIaW;LYzy!@sR1jp{=pvc&lD!!xJagTR4?uz zP{7y!#E0RBjq{2gxR3vkM27AKUgj~Ph}~rt`%?e(_U{Jppvx0u2E(zZVyHzN#(_Bi zFL8X4YF$(wj|GyJ6oOrR-JA{v?M;Z(R9~^;ym#DhFdP~?)~K%HW`7kuS~WQ`ZBYRv zoxg=0`XO^IZwsVkQ^=3`W-x6Z4HfS2{y3BZMGgzWdeX@QRCK(P5~Ok-C_?M=)*ekrtrqWDD_LhRt~ zn#ce|9QwsAFrgPckpVe)eTX~Crya0X0Wb%d<@|7jZ4AZVV|XGvSv;zuaiH!){Z%H?WZn>9I?UDxQ$!;)jdmJBEN^e6u&}1>< zZe9gg#p*EE`baev-3SLib#>j3ZtC-7Pl#=#i4T+Q{RKi~NvC;I;<-d*D;U7x2!aB2 zb3J`FdmMO+^}gFd7<@Gb^H=eUZ)AH?`O?~X5uv0etPTR9I>vJn){b`UhLwp4qyDvr z{5WW^4nFT(5>lN*C>h2;?2x|E0cqGul@!)SJeMfVFB80j?$cdJOOp1}Ad@i8lsxPS z3kZG{<4ZxJZ`H_fX%q&ef2%LHTy1?)m-WLZ!Y` zYsZ+jk`0v_nNLT8y;x=PKX{g#Bk(1?X_)jKeAql5b3v;`^@)?6 z7FqOkgdDH(GX7CzD!9P2%Snf5PWIj zXp8EVL!VF0kf~yrNnNAMH4Vi9j`)7Xh3qqsW*Cz!w!0 z1mT_{p?=*e?Z<3xu~IQ`b36qTNF8w|1zbG?+ROnBoGOz^;?>>sVbo*qM8YbH zHpRXfuTqY;LFj7cICB2q%q4>eHwFEX^=^+kn+%S{m% z*eG`>NoR2mk?_7p9YQ-`p(@Up@j|-64Dk2=7@4e%^>MfnC_wR#;tZA|-D|G-q-n_@ zpphjsArj?%yxuPc;7nDGMrf4o`h{fUyYGf&YJT0*GTa-twsSA0K>FpT42RtA{QCBT z*R!W<^(Wk(XX_-cI#a@)U#TrbWG);?|30=ENI#qHHqq$Vd0UuCKQZhFzE9~P(-XNO zw+-^w&i&~&0|yF=jbGXbK9%cy-P~|yfnarbpR-hXe(%f@ZpClb>cT(Og(bX0wKyHm z6cx#mB+Bg9*b8{}J4JJmifwr^1wSVOI^rCD(2ncb=|;p>&Z7w$GbV+dDugz=ditGY zeOB#XrkZs%^T)~|HszsNp zA4iJE#P#PO#V!;86Kw}C@+%Qh;?{C*hfW#^F%Tsof(Mx_0MX!J?IuhL6`x`&?H(NJ zZ0Ijbk=HrYwaIzsHi>A#_GH>mUN3sP1%^wQU{Q<6EtXjW%gH9sA)pyVybmjU=tGIB zTJ@l6=vHA2=zM4}s!8^~CoFlrrZ_zZ03Z_VibwqK9{RNSaEGUcSvKK8L*-*jcV=5p z!C^*%S>zIb(fSsD!&0;Y4mQeQG@Z+va~+Fn5+{)qW6d~4 z3H_&|vRc<^vee}#Rx2TmSot+0+UY=@Txm-ZB{dxwpQ= z6pt1J<#jU$B-o3%p*Oh%^^?Q~HQ+iy%qO>`4K9-66dI*~x!R_Ldbv)@SID-%&4!}) ziqD)3cHsvE&9eL)_`4LWbMkusvZglb^F`BwnD?lw8sqa&l^cL z{8HD_WUY*NJzmc|%Zd(DDaV-Re>@|2T_7lhnd^oshoB2uX6zz3dYGije`d0ri+$Gp z>%_3(gDU)Hrc!;l=tlzz)!xHc@E)WrNBHiYW^>X^1eZB*sz z1fFd9;~G>uEaOAy|;zwnE|NSrYqx*=f1&q=Dr4R zPACB96>!cOv7-R-S-9!GWU=M<9ctG90GCT zM#6NTVZe`4tF#p>G;sT>N*f1yap5p|vbvA?jX*JvD{77uN*OU%UUevVY6W66l<2nk zh`;)s^{GpSsR0sMPo?l9QHWSiP^Z~@qmM#J8Q)HaD$<3r2^2$5^7${IG~QP?(IkMc zm0HZ-=t~pGb95G zK3y$}$9m74b|dL+y=f@|Kb!)SUMPE5sSAcrk`k#p1Ro+)9Ax0FPc_n(w6d@e@b1%T ztalX8AaYSfEg0R>E7^+0f3l@2JM`F5PgYWXD>O69M$r|h**eTOYxTQ20OxdCU_%l*pSJ;(D;20Z1BAa7DUeq?30$OQjEV^r)phH)IXY}BCT?+gu--%G@{oncej{VLiM zF>fRNjG?@YTfVSE%ie&Z<#QRs!8qIA4L@I321>WFk>3fT12zt@33YwU3talEH=YwX zO9So3t4W&_*y!>7nf>uoqyK@;{5vP9rhPy~RoTNTA;uWXD&hrjeER&R7akM`8#}A5 zbgocLCW;+6&BRGpg%j6I1=%2>zn~j@3h-1(-z-@K#cZ6dfQq0RH^Am)DRicImZZq1 zxMDKcZW%IA6QA^kn`uF+_L?Jlf+2xa)zHgo1JQ-ik3cB`B}*r}sSa)J)WNi|o< zdLoEM)G7D}vWYvTx*k0zgA}@HQ0}*9VNOzJH~t7ZA~=JI&7b9XYn1yHB@<9MV5n|7DN-C;5UJ*gJdiLOl3@X(!L^dJcsft+@osb? z$-mSdf)It^tJ~g#=I};ja0A1S#~PdLjhWY>;kI=Kp}n58_F~N|qfw)-l?T1?l&dvr z-{A(gIg~GGErFsvh9{EX!cEl7K-W_q2cYxT^%MSkf}#NJ6ER%TuQOqQ!FY@ZX8Y;xt%agAvX8>xBz^?AnkpsgUbEfI1&Zb@?saXbF6Z0aX6ar zq!SiXaR!aC=Xt{h5Ss5ee%rM5ErB_Dh;?Uo;q3;tMA!UJ`eEdf&96?9Vj-}Alpo`X z8BYsfWp*Z)u+;(=U?`6OH=qb!`E;_d!<3%+?Ku0~^7>shEMCMWXdj=2WG#ax+|atf z&|Cd1NO#^A58G6QEQp=W0cbx9qQ~Uz6DWuqs3-?$aYLDYxR~4cYMEsh>8))GwL%v| zTVK7CS>q?9>(En@reY~iXC{x^AzJb9Wjt7)V|Un4$>W4Xl_f##md`n_oui||SRV)z zUv`T*i1X4Z&(^7lQOA)>T7p6g$yVi@}z zv>^o#*Rm&^&{=afHuIITz2X3obrd5-PB{u%%B${;d!Y>}2vt|o9v?R}fdK;CYrvK5 zEB;x57qiH#9U*4RD7h1N{DIMux0fqJwnjd%=j5Ph)wr|mMXfW0`V*aJu`E>sYIj6@ z{xQ`s1cO+~7gShT@5#$y-@mV<0Wyin7`L&Kuj)@ly3lqCR`%|r^y?2uo)*2$vC z_nRCN4vqsIR4K%mXffA~M@6y~DYJAhYW0#*hpHNs_SM*sbNaxuVBKj^7oImLglw;I zHL#x7(s`Nygbv6V$Ax5Q{@O`C+i4s~VHC36{FN-6^*kN1cg}I!m zyQb8Gq2aHnUA82Gx-(6n=s1TY0*(0d*TsfkS67{qTYG$C(gCMrRjE_U<~1|Wj484e zzoCKDL&NF4+tbf}s7T?n+Zr5vZd|(~1U%1V0V}If2@tBk^8+s4gjsy$@DB?>;o448 zbIsUh%LtCaTL6D^9wwTXc}c|&ZDF>+4BkLl324Q;3U3SSn%!B(`Fgy~xBWOpfA#EM z+XOP*<0y6la-kzVuma_Tr5#;3JR5Y$8L)F&7%+DK(;e16R6OM48><0dwk2G~+UuUW za7I2Kw^aylx1Xa8$|_}#=4Sa~j1rG6bOesJ-A60?Eqqz&6=8h@Bgd?AVe2F$tImhnCNrP zjuSSN(y8Thj+xCG)TUikx+ltcph+8|FKd9cv&`3U5PHhE{yZVPzNA1g71r@P+0yH7 zWp({DwqouRw5P44cm+$ql&xHUf#%{SnxvI7^;p`Jgp`TPOkVRC&(|Hsh3~#4-_KRj zgBI{Y*r8BYT(p&w>vvcy1YNyHLYW zzyeDCJa=)~+vI^MKYr{|=>H&P@6UOu>nV0nZULTqc1lYFK6k0|z+U@ci}2a|M-iMP zi3_62@=%ixM1&78LO_R1Y&6-n5A9nd&Q-(tHWGxS1v8U9MG5`KFC}{o8OznQKdJq$~@DKr=K z)5q^RRwnP&$|NZX{-dGRT2QMI@)sIPV|LCI~GWD|E8O-op|K zk>IhbR4F?8!A-|udC?Jq_V|4pc6h_UQlmpc<=P)Pk*rECuNWekI|bBRQ7= zmlS4=?!{MWo=l>8960sexRydvG^X8#V#I-|EjT8ty%~k>DS5BvraRAQ$g|$@Bk=~# z8J>Ua=tOq66aMs=bOJ*zrCr$;1caxx-mZk)L(>+b)iv4~;31(G;_P33AT>#hm;LOmp?#=K=Zt8-^PDJZ%5! z6Sn#Qa^IDl0aKzJm_V}OgD{yv%!@V>@A_1ySJ_vn@CHLyrm0mK=}$3HRW%FpJ7$LS zdR>BU-&={Das%=zym*HakF?X)4R52Yw^&9_nKA4IkpsV&iL?P@8fLf*UREuENyY{a zIL7oi?*@P&c~cw&*(t8Ta>@OE1>+`7y{yQ>2Wv_nz?H&2Sk2)`-24!$|{iv9Q4J`k<|iy=}=xP3G-} zsJR*i5_?-BZZA5-82`bZ;by5WAb9v9j?l3Kb5vupY*pj^bpv?S%2#3~#HXSJ+G1E6OLA)$OzkCZd}(kPhIR!Cij#yd}y-B-;Q@EH)v-S^^c z*+thC57T4jW%Op5_ikULFPQuyc0*j<2Ri%l$ZP>0vfuNk1zx|1G3EjFyD;x9uYvj~ z$s1CzMuo3ZIf4BL-64OMHj(rby%_wzs~y1!TUZMLLQ4M<3ZrQr;prsm82+$|L1!&8 z&hs+sXVZ)faL}=HKS+pW;$8f!4-8sMi4YkfKEPHyLT$E0@Ly6+uqV*&OlhWZ*&uUW zuvzRZXZ%**P{I_fDvM5U-~TRi7%OELJ?|7PU(f^Bw*wb8N@XMdiCwL4MMV35_cF8?K&!&AA8ZR8 zz)7^s*t369Q|rqau2G;Ln_dxS`hje^NXgxKHZ=4z@mW)<3F(+4xHIYS(a7ihGFMP= zw!0JYz+0db&#Ou$%w-un|4Upm@YTzMUO6Al;+g6OUo?t7V=dSs%G(Nk(io$rxNLrk z9BqfQY@BW2l3KkuK@RYNP!fKNEfl_+D&?dYIXYwH1AkUmSS)F3A@y{C%&2`Ib#s{A zc6NR!+V=@I?`_>X`0ES)1P}evajxf8-QP9Q0eD?BF*^&vF(6I{IqP>f0d^QjnE|*g zUIfhNlGiBBnWOXufKe<1Wak&cHHgslGKS!Hx$}%v(@b`Yq&18f&QlUZZ@l&x)NJlg zS(=i8$jFNFv=3$ctTx6;SQLibo-g&Pe zS5JtQ^fEE=hO2I35-v6uSGICnH+WF%JAi@w!0V&Os@OlXKravPC-%>b51~NdRUq*C ze!Z*B(J05@N~p-~N36GqI5BdX5YnH8$Q{E-RG95N_{B&G{PE%%5{l-rHW|##?66<@ z48O69o1Y=X%$(201G0yI57$y2u{tBLf|KDY`7=azX@b$O@$Hs&Of5UAyv?cT(qs3L z$E^%?r$|yrwNqjBiT)!k;v$ZpI)rtt%V=-xim|F|4&UdxONn^9qJBiQIrLKxc8ZX# zkj1lbn{4?_>%=N|)ETO}6o&e?f-@Uy0YfddL~|hT5rAQ4Q3;lmiI;e#R&#wDFoyH1 z&Hc&)Lk3ogUP!^BfMIULP2fkGiMq7D*LhO34~WZqYO1j(-+Qiu9z-o=#IY+!4nS4D z;i_(MUYZ_|=>Z^)E1ubZ&Yc+|OV}ZugEoZcfN10k_6u~=4ia*^>h$zCFnU)L0zMO! z$_cdKGXHferm` zCA4()e7HR*cE8_(t46))6&ob{{qscyafPiW($GwTagckZ=4y!+ze7KPcu zR>2qtJ8_CaI?@-em99I6JGA|LVV_LYCV_JpQ18RbDt|0Nv-MF&1S!y;JR_ol{!(?n zr!Qn$nf|1VjcoWmaeB*r2Gj z&xrGC?D?w|_A8_t|2HsL?h|at+QzrAO!5gb7QaS5gA^c(4KGyYwbhE~3o6+wXy0Nb zW2cMlJL1`>*i{hjMN%JC;=+&Z{0FUHS_6A!@XeO z+Pidxj<$t|g#^2`#)ZKgKsm?nw$0_`W(&#II1}M&i*~_aSsw|01g4E864CuVd?EiK zH&ZCRcb~tjChc)xOJ}J(DF&K#z0jl@gGN6sNJjKrV{uUYdpyhCJAHYNbCQQ$NVeVC z5hU{gL=x&%NJ0lp93x2`78{45kkGb%I$XZc>g5ymW&}^h`-zLu|h`uA-vQ z0M199(h`DIM9)iLL>*KzI8}w>W;y65F;1ca=fwli~hpA`}m}89fM7>Fh zv(Kqn9wa9d;4t{+$-&cm|C>ArbhOR=MCMBaCBDt+$`4AnaNV}Hyh?ESuusey#ouNe z=;`K_GX?bAdI8!U(V_s;$U48-{+NO{u>K#}2P(ovS;o7Q)(;PI!N)%^?r2r?%5~+c zbEL)|RNNI{)ysF74?BgV(I|PFzs7PS;m^SmM)X*vTo(;N4xysyy}_yA zj8X};uT8^pn^VH zNxE1)MV_=+&(1R$)N#c&x_*i-xQ?u=GX!d5z>06K!{B_vJf-Tsy^&&VTBoTnI4AqS zB3!23qba@3PH&oW-wJ05J%)ZBgAKUS(Ub@=!Z3fs=wlg!1li7XuiZ zIfGRf+VMwq&P*is*p3kG;n8%-vks9$N&Uqg2}mizXO7wTp{xwc-X0ePp&ZYUhLus= zhj-;?@ivQ%VbFhO?aXvWeEpffSmnAvRgNS2S`_~0hC(xfR_szKzirB3f)u(bF2M&y z=<@{@n+_-S)7%4RLbpO&Us}JIhbOzBMZF1?zI@ep0iiHI>#k{8Nuyz8+Hxh;$aypW z$0<-y0E;4}|3Wg$=Uoi}F9jLv;G_1UX6Cl)?UPlo0a$LB?bXW#aE z9R-}00ZR=M0^+8xwkB*DB19rZL7?%E13a3jW>=uh8PvcI7oHqQ%caBvkw!0hW_xAW zQ3KRcNe!$ntJ`q$Pn-u$Wv1Wkv-`%du39;-pz!+*M#^GsN8M)n39Gg5tokdgw+qMp z*<~5S2P|V|$i}$;Lko~!l?p1qj3g4a?oS<*coMts1KaT1fM*^)(*J#s3SV|1#-?BU zc!7>&H_woB8=84-%g1v$9mHo@dZFhEZAf|J59Lk>@W= z;qNLPAge09xUq3v%?jb*UW{^N?Lz@42a+y8#X?2<{Y#)hOL*d^Kd9f;F>g+FEh~`` zpbH%iC?7Cw#uziddZ#yQ;QnJ3MdqB|gEEFkFbS;*8{VT6D%#*j1Jy-umdI%3FAfp< zX@~G6Z;YaOAufa;h&XHWMJzz1(h5fM{;_-M@qYVZv>i|$4XjV1-UW*9wX1?~zy;x% z3U{AAGy@_(c&53_KcM|46Uh1RGXp)oKv(hEp!sPiQuF5HF*TCL#Pp!9m-h-E zRQT9uwi}eOZljtJ*;%OlvT(j|y?{7A?mpQG>4o^jX_{_;iX6VfbXfS8cWmCw{on;A zYk>YIi>D#F_9M&+r;l~4=FyvQOrK{|kJ&ucQ>WLZZeWk-}j9whP*)EvYg`X4}IK^%+x$)^W5Ln#9tf@kc@b`F=~07yj0 z_4S=>H(vB%5O8noO1P1rD`~i^8*X%y9jSFk3Jv#tmrCHo;uZ@-fM>k>}H= z^gS4m6a3D~#v8O9ey|6XA=o+?pc5%Rc#{y%YRp#qAELbye*m|>tfn0SNwNvPT$P}( z=sk@H`mrzQ$j!Y!Z}O(;xe>;rDs;D;>b~p&du!0=)1krzyeRvqiLc$G=tQ_ep`ek) z(O)#tyZmIf*t`)*lj54ce6&W;#730Oot(hymGnyR^Q!4J<_rs|SKOAK5{7Y#t7USD zsMX858Uu9c(RUQ53eS7hh;V1&N~Ciexx{=WJ1c*^WV3IF`qSkD3s!J;ydm#EPji6r z$iBBPMv5N^ih^0E!kA;zu=Tv4wdO$Afxog~Jd|Q(G@ZwwCWp2qyqH2~YK1WuM;(cB zfc_9L&wp95`+;JMutB(&Zcq6__R=o7R#sMzBK^gEL5Y!viE>M1#TObpZ&r|vC1X`F z>O&hUCSBIDPdqZzqh=5>Mg>tQrVmfrA^|^emQs%D>1Sh>0KEBwc*qv9HF>|pKvsFh zwYX%R>X%cJq0Cym*G7+BSF0?2v1dK1b8B?@JX>6#^x9pZJiA>UTpJPT%crKQ9gojW zPvbR}vS?|WTzU`cuMc#lf$%fL-Wfn(S~>79p*z3xr*iqKu-$|3FR#1LK9n)QzjD>j z>gT(Bv`zK`PN5R$Yz&+XwPH%2eqA!y*{lfg)2o*$_Rn?ORRgKs$93$sQ@+r(l9o%+ zvia%;wf+weY-U%%Zi+{+5mWtYa04lI@_JCL!+snb_)XYQ-CS5>1oE8v4mOh?>Y@NO z)TV1o@Z0-ZtJqQyN>s>v9BCXA6O>tU9bOlz;^;Pq8zQdSO~eIopBR0e^ib}1D!aBB zB8S{I3d{;ghBj6Xh^vDY7X8kO>J{ zl1?;55n%=(jl96yYv}#Fvm?RC7)bP}JK7v77h8^AiZQee$oxTBGrXP6D{COjc5A?# zy|@FtF5c1Q^?aM7vfejts$QOccD=3p`@N$jr>hO#__x9qL}h^4JAAVhjl`8I_^5ib z2u$+=8IJUHbPJ0|aA4uEY=MnhA=+#zxd7@u9E^;dEi8t<5C>bmGv-46(jKHH2CO3d zwewiDV~a$P^kTgV^^a=`bd96oYr`ZFwnLMpg_sLfvXcK|A#9qLpDVIu*Za&O-9~9L zw#9NvY7lT!W=I$`$=Uq-U?oToQ@1$XzxLNr3%Yj&@ZwIXw9Zha*pCpGr9 zR)g+tJW*1J>Utx}+EZ9X!Kj}bDBx~8S|R>a>=)OTzznDK#$6_5wARv4b(V#)xW7w= z@R1Fc71zU0%RKsO(>70@dk?PW5g0*J?}d+*WYk7pEdOI9Z|Ze=+oECr&H<}0>3pln(k;;>xO0w zy90|uM|3aa9eeazXmsdOp5-poiW_>!0+3DIf6vQ==A{hCIODqdI$0!2pMPWd{VB+ zG_6=6Vc>;%B<$Q`9h%!`MnCD_e))!55W2!Q=)+uQD%GIznJkGjltbXbPbEbC371!i z=9f*dqZDdbD@*Ax!oYu=KjJdkCES;+^ zI2H!NPQup!SUdz9%PVZwW0#bHaIPd5-x>rN&hDaDahx69ayEE?BA zl*?dnWPHF_2*|Q=VBaGoI1${1jOXV8GpDBUywE~-jkA~%OE;PC&}Vguwbaj1C`7EE zKbKcXcsF7eYCM8DJ2D2ynzu-MW$2UDi7GJD?Mw&$WmLV%8<3t8D(r`MsTSN}H+*>J z!e@#s4FW2bclu4!-`|sa8XKlM(>)3`o;1d(Z7J!=KJ1fgts;5DB;jf#bhZw_3vE+0 zJpl|QvPe1379w83nMFiONimeDLJ;i2NuU^+@hzhAnJfOFSlB~?Ax}g8U|8#aK0!0? z2j0Qz1~J|?k!q$eT8Xs7Y3+oYiLcP>;ndcAoXiwV&i6Gk2lrdW>Dj|;pfye4HjytQ z-yy08zZY-ee6R7sEMr;ou=-h6|JYBbVDeu0>69PzeaT8Fz8Rctq-Vxgxs&)rZ2m%J zOHoYvhKZ7DYMRzQ29c;4l*ev9+>?Qz~-Wl>$YSq zkThOC+shpnZ*Zk3?rWDs_DR~%bBq-VFj?(kzgWn0AT_1r zQA>XB7J+K)@%I0QqK;QWo3@IEgU2b=YT^IH5btWA!5s>FI>vZUqiRl&FW@ugYNg(| zSb;h(oHdM}}cMVRkIz!8o3*qt4JvnU6h`pgOMWcL4+X7+NoAR4`3#!J` z&SwxOVnkRuNVw~|0bB~F3*n_0$P#3a)MG6nLQ zXF4tznz*e-ZxpIQ$yI2?+shVHj8#UQDRfVtlef;+33fqACV_;RZKVznxEP~CJ9`%U zOTwJFefrT2r=Rb?g7N~f*{$jcM|^gi>H)02;9ptno%Y2wgKJMcPO^I7cy5K32|N*< zNF4js_Wj}r*Jn6$crR(;z8NXF<)QdVn4en<14!$}`!&ZU^|=ONHTT2aVniA( z0E35N{=Y@+I|=1dMrApbyVKpZeyX{}-^~IAb?l^Q3C=!~Tx z?$61fsW{?~dZUg~hPO+rVvSr@ml9p_LR@RW>35nk#1%S{#IfR_G$pK}FAuj|Gin`Y zxas$pbn2jlt*FfZpR`myB(dz_IER&ZT$5(}dOz#ULZ7?TY?k7^F4fmxHEnKrJkq2y z!$R>;Jyo@|(I*CM9(zB6oy_}vh*QeN8WPLWr7o4k%k=@NTMjY;Dg63QVxzf54P12k&lv*gZ#{c9nj)V&wa@fsqRLtnT-lPt5VzuTOj~{cOG& z=!WDw7RmaaaCoTH)&N`^PB8@*?zKlhE@pb};P7E!d zL}7c{MeWEf-a)uSifE9D^{#665wka_69`?GrCs6W8Zfd8}y zWRrm81l)sxB!q zNpqabqj{ehhZ@S}MmRUh-_j{t#<|14rGfot!!H>~u*=OSpX{H5^3k94Egfwl)KEg4 zsAJAL+Ez)qh0L^XpY-LV3i{j8mvI(Yk>^QFWTY9a-+pg0M4W5k9%nGucwo%sV?@2= zj1OjV=+*iSp^^TraZ`V}o`b7-=8zovqXO~mkR#;sp{h&>9B92s)WzcS4vS#YQ13zwN|mdiw>|<4U@CCJpZl!bZ!hzeBiwHV4j?2IYFFk zjrXl!g*T;HwA$(%RvFcM6n9tb=azQLjGTiyu1;QX`aRrs)|01SirUfBj}wGl4=IA% zi1i`=3??*b6FjA7^^^0jy2^I66y&$q>mVrcPqTav<>33@5=NUFp)F(yl=IoN{tEg( z&$Vc-*we*1l(8&mlU<^tlSW1%R5GEi>Sc)GM1KEYT)ks-C0*FH8{6sFwrx8d+eXK> zZQHhO+ji1%$2Rtt=N<1k<2&b9?W$e7eyrM~R^9Wy=3E!5dca2@>?!jWX^!qeDHE6Z z_NT)^m9w=)eYyG43Z0_Yw*Jp~Ty2r!)vl9}Cx#4zBWCLUXWNycX}|vlw);f1erPu1 z*$KpyW3&z}Mcj@<_v&^YfHPz~cX5IvkbiZn~jRe_KlYiZ0W` z7}*F=!gM&CmL}hBvNjr-wcZPB;dJYfVt z%Wgr14X5;Jkr#=pvP8_72B_Zs^vPq-CPs$RGC{u{W2%sRAlLsIJe&?qiFNr0KlN{( z{uZMBYWYukU7N(|p4NyW%rDR9z)2}~a4EA=(w43(j3N;M1-n*P46$+Kg- z;J&XEa=u0=b(hY?l@wL`U;}PK&r#VW%Ap_iGkBcJtInWHw6n7(V&*RO__FT%D=pf^ z9ISq0uHp%8_HfA=-h2V+xSEz`eBL3@iq6;x9}z-rf}qWLyxdIq47aAJ`{Z_JdN&_5 z8w4Y`goA>>ty%;9dI7HIDt`VfZC=9A@F!2Z_e%3HD&s8X#sEWAZ8Uw*=oJhT6oL`v zbh>rXx%?X44y7ms(@EDHEkX8-?C2b}D~9`K0Z!efSZ5RuH;8<|4F8lJFu4u{<@}Rx z=q8s~W}&!LE6oCs=HB)h4e)Ba)&Dd2w4qQ|4wgq98DpWE}Ja9Q5sn3*V3}ue0 ziE8!Qz)dLWvE@-06)NCHF?o7WNDPM zdAz~;diP%!wIr-cIdJR@E_SGMvYQy9l)%3(_SxNj<$-SkI_^_7g*oe9Q+AO$}B(XapbC=W*R+_}OIw3Ews zA11?+p3{o3KKIxx;LZ4>p5Y?2DI9kANeUFoCLrgMQdIWy@>g4S7ir@1mTTfxo1^zp zd;FApir+7|urQZzZG@wA&)ybBaNxXOmV^@DH!pFqs&9RJJm-(t|23IHKl1_)Pgv)( zA*gx4jAbyg6G{D*nZ+UswX^A|jVoAB!yvtVB?mgZGt0%dBe~yi90vx8B9pb28P}c{ z{1+cNqtcvvmh&h7s$I4vm|&Nq#+ZHmB4v~TkycGMn?%>fg(GR);t zaJrO`KaH~@ZmcsFBr*b3bBuH}8BS>lKCRGmg|kO`k%H4?S*Y7Be2i}GgbA*5?wDbd zG1c5VxyI2HehQ7J;8jEnsDIFKls4$`p9eei)gc!<2zwe)=4+*V61&{po#0r%dBoXD zs-#gJodiPuogbRFJnH^AWp)70vq!5RI zcI3D5(lO8VbK8Gfm;ZqXvkr9&KcTEYoha&Zzde{d;wXrYjeDO0D!b9>&LBDs2zZI|+r|9yPA;27fVxqgauW$r0CbAK%n4JSaAWAdSKXYf$*V`NYB? z^Ww#D^yN&!t(s0>{PT@gkNdpHXZ^-Y@ka)gw7`3NC6f3H0P-AQUf>dsfbH}re+lbZ z--FYZ6(mO7fJ}sut9xVJbFRW_Yj#s?RoLm>H^1zLczmu?g0%FFYE2o|bIC03RIO^p zubrb5&j42_Ay#w!aIBW@^#gVH6WTSkT~n#RzWP5i&^_zyV`$Kza;J=qwy8gq;QKAp zu@~O|l78alOTz+sy5FDILu9x)X@*-G@fQ=IhdbI6Hp2W+^}`)#+v$QX;J`jI+4 z6$874P*e4<^HMG*I!n3Xt{*ob;wY=zF0|2_qbS-d|FQ<&b;^s9=wn=okDr!PHN+RI z;{$oRVXiz(^j@zBl9|V10a$5lpKbq3;zgJi{9h#A65#S$!18Lbd(kvUsCf;Iv%}m8 zr!?85WCHHAxP6H+nwQ5 zFd$V?Iac|ow^{oMKWKh#YL zAa1{%3xrj||G+Rmm+lHynio7si0^Q@HKr`+Rm%ba3h~t+Ny0VLSAcBI|J?45!asF% zQbiB;P5g1BB+FzTpEy)`2uZPXCDgB0u+{VH{NVmUUtcHCe+3WF*;Vz}SoWy|Eb~nd zi3U%W46C+90Q?cgK{(z)Bw3fIebwQzd4B2ELU>rzUN?Wbi4Banel`p{=I4j;(bJ3E zQb;xh!77P04`FCT?EsU2kMDB=jy5TP6?vNn+I(c40$%8dsj$CTGNsWW(vsBP9#%v$3ux!mabB=FPpY3C>QtZl&Hatd%l(ZT`it$CmBHvKJ`2!Q_;n(v1<)n} zIufY$Z(hN(5(x77o8nNLbp(2QfC`XQ{9VT!uff#MC->H1P-|iE`8sv*`8`{-{=eT7 z|MT_Ols-p(m(KUk3C3@T>`1c-&&G4_zpeYGVw79dbsgjggsA| z8&R@;c*Sio+%L@yr__Hr#J!*;uLECK%lGJl1GvZSXj*zIiuTY07!byD6!u2Jd%eYs zr8c`HK=gAr9gK@HAdl!J?R-3Ih?n#s&uofPX>2Y%sO$dU>z}Da{&#(hrTW`?0Out8 z8o@QTTOpb_W+-lGQu3@k>qXhD(DD=rH6j%a8#C6$_8*)#k($a&lS8q(dAZ4aty*vv=_TapLoq0S%(3 zo+TRqRVCh$Q;@}&pO8xJVb;0lqk5`8aJi>HWJqS~EqVLGBi!o0DKi1e#@kd#ffe+= z^NNIczwI!nS-*eY=6*=VQTy$70LL{zU!8b<9mK->o1lEI4`K}rbb}ti%88z|Daon9 zMqzr%6Z5NTVnl=4rX+ENk^FfC z-bN_B;SI?|ev9HCX=j-&kqc`@EVNSR#)BK-id0VBC3$0*paCX5Q%e{-tDW_`y6jU0 zo_ckT%&>9-dn4p1c60#+duO;(Ek?SAYkM~Rv|mz7<&`!$f=^q7tFtJw3s37;oX8d) z#PcAvaD{PHao~H=u?|D^*A2gyy7BAUm|yK(p8V0?oe?5{?aqgNUS#vH6g4ARe_zAp z8C-DV6}AL!Wwuykr`&+PMUmw+840JyYW@UKH*Vg-i;2(R45|r&#_&^|G{%+p@1aPS zmR*NCE?lo`N0M=3JR2x=D}vF3@JK0)Ov0RQuc!RSe# zxcHp2-^TsS3i3Oi--`}yy?388u$p~BeAAhW&*q(P@}E!lJg1|3fHB6G2eM;0^(V#W z=4Rkzt%Cd8u&E@cj{lG$4XwznKG_n_v@u}32Xqo?o{co*2TCx~oEVv{$Td`+ESM@h zQ|N`7dsam(-@Yu(Dck>6X$zQDsD zITUz_jr*ASFKCMRMIZ)f9m-$-Y(}00hu>r)-k3|7(;J#MOiI@uew3_>8YGfiW!U~ObZw}1VDEjc`f21WRD zu96V$WADE(2_>et=O2_G`YEo}iQ7X>azyr~^WN|D}<&`r%c#ZjB4> zE{dt@wgS`Ema6KbfxvEWC|H{v;tkQvpFn0+6StLZW@P1bcv9!mSUN0%KP4 z%d)|9NLtRRPQi`|_X8=Fcqx5HbIf`x?g6avz;!vvu3Vx!yxI9wArg+PWO|T_asPO9 z$W^dCQZ>yf7jbyTKz%IT+>(OB;xeQO?ws&&;dTpS&KBkowa^yAZrVH5^U^xSl=ZBv zb!SdzI(E=!A{Ne`NaSDF#ViWwT_=~!@BzJG%3#e`?uvu|lz$xh+Ifh6hy1C9F^pS+ zt$Tsj)pnQwg<_u{;3m`c(=11Ocia)giP{k52!MQpKpF68o)0Vxm9rYrhXprBG=%!q za6M?@&P*+(iN+sn^#>d*t>`}rKanWd9Mn}smKjbiwD3J1G0uj!(@ta&C1R?{kGDK_ zT82|-pWW+Z_LNlZdt{s?ZTwS=^~+nuNCcwoFCz$VGICZXvfVGa)aUHnQ}0FJ7!YvR zu%3un3&d1b5G?H!p^|lCsC``o%Lt+~nTzsJZI?D~*V&Wne}^Ly7bjeBsPe;_l*p|m z#i?qc%k>8OI=egEBybEZ_Iy!NnmMsQ?o<0uq}}cw-myW!a8xgBVp#kRd~0Fg@zh!o z_zE-In)e{&*rBk6xRnK&f5jpr%n%GJI@qFp&GI7g{5~{)Z7ofNTow`Vj0M-95Y4?``E&X3r0hcjWhX_!mKbWk0TLie$DvKvtA4t!(OO!LMo|K;Gj zzKr-M>}mBE7f^TjZ8#06`YD&6a6b0_^Ah)AaoSb~;8^{gyf#4A)m5;WPsIY5&HEU` zdj@@?h*PQ*-yc< z{eqFa3H{-igZJ866?eFPCeGwspn_vYh{fNAiTREhN33;?II4Jh`yr<_zKx6Qr9Dv$ z`Qh)mwuv-38GQe>UEx&eGm32sl^-M~d zwOJ(y+J-r$#33T>QCMg+xt`@=69q>0SH1rUNNuKW;UCw)PW##{Hidl)Bs?N&`>|+i zb2CBcG(C+1T<55qzdYGyDg-QPs)?rloD-{}?F*N{aw*wijT1Q2ugfY2Y3)+h#J3C?SHmT^!&ZW1ZuNlf<@@_ckWNFI7E}!y-<_?F6)| z0izDAe6mbY0j=mK6hD5FiwfuDIWY?Tn@{Q63dc@@WS(uA10=_JbD598+@g+~?KFl7 z_!2na`g<^Q<1NU7MP@$V$*5vW62e73bgX@y?bUX=e@I4pZ~YE#?Nc4otBNy~=WQ_4 z6$X_|4o!C~b6%DI{CZ!aM89Hkt-s{k_HJH`zV{@?et+)G@LIkT#2$)oEm?R~T6y)p zw8;$&L3b&h@~XHXjM*#wWR-Y&f{2cSTV;v=!3(8iIwQ6@*q*BaD%#W%Bq#A}XARo0 zyzu|x#mqRg+HzyU&F}FSpKq?R318hmed{_Uo&&`fBe_e0X5ke#5OwV6H_YB7iWR}q zp}i!U;1Np_k`!i;q9YP2j|g?ga6;X&3v`C(WrV-ijeH`~f=ldb)6FkC9;+UxB)M#T zvm|t}wP@nu>?P{P{7)jm(?{v*c_fTmo(|#=uZ$d6^ z0S75v(sy1(1$XPTv1}~~T7xj>wDE` zV%5Kf2g-?TZx!lAy!++5>4|8wLGl3Nev;-|J&-CP@E%;yitlo#ua%LlyTA6I0X>y_ zBpIf#vJpa$JhZ&PLPWX(ji3VQ9Nq_>Uv$$wv2|QljLnIhR_=@`QOUe!1Xx^n$Qxkg~R&X_d{E60hn<)UW8_R z=G9HUrc@zkOcy|VXr+hT@9!lW`-$*ZexS1TNgE=T>|$6p>RwiI)q(vx1 zrRd1Fz-2J&w=29XoBD>h{i(>}zfs7~hfq)gD-j*v=?tJ7tZf3$iLvhDrRPKscIk<+%@fn~?-SNexUV)zra#oi4{ z*Ak(-SF4C0ETENkEx+odBe(imw#DMv?ST$aD=;|Vhd;Ap-!0&>bGA)fy{kuC0TIS| zc_n0-?-jT(cM_B5-T@h93ZBznTAMHog%3p zBV`0qm8~GshvA;t3a|rG7=;=RL5?mI$KeAKu-A=Nt&bMZNxVaE0od{iSr@;lKRQ+% z38A^tsmhNvi*EZh$5c-Jqnwr-!{Wg3Ky&N7`e!0*OR3btGx1QBZJ44TNLorX!G%>@ zKLyuPaaU7aTHFAXi}1%ZZ9K&W(xO$xk)-+k*?opmDq(<%$47j$o2VZFqjJ1p* zT70%NKBPM|Y4x8g*w%KG)vxsRJH%iF(M(HTAMEL9GE))vXzV5gssa;8qV*-1*s~!VT4t znr`06{T25^_iT)i=FZxfJ~0mU=H) zfauFPL`sW*f6*LU_>;Pa#X`*c_!qpJ?SV zRFyx0y{D3e{P&{(htvH+4O^PyTXeet%$eVuTycubza`IP6kjuck((ZCkfxQ%kKf`g8y-lg8!m+42HlpjnRf~-Lf|NkL2-<}o zo;-t((NCOj%**I;sLH9`04z{ekt|c9uDX3s@dB*)8{c+uvc4}T*?JrT2!S$A0k-Dz zeAlCMfUumCpYTEnZmxSWwx{Wcv-F71olicJfYWS{PmBZvMgF*mq%|z)tM^eIas=Il z35wkaM2fA1vnyEchZi4%;i8Ob0V}RfzQCfbY29C3)yLV4%m(rTcIDar1&4|Oe}b8xCRi-%1kW5(+kPF6sxAZUV!ExjD_S3Zb-KV~xvvNgGDT*CK3Y#+=_Mhl*9tSl=QT zZf(G?|@bSAP@wJ%URuZ(Kg}L<%txw6{FE_Zgz0$YH zGxtQ^7}C^(2DYln`1o{@+SygVL1El;WJ07!QN*UF+4tKI336PKxLtb+08boD>|u>T zlTnMP;d+m5{XJ4gyE^LO=wWt)$Z1{RyAE*Yus9S0+}T#uP_14Nh;-~KQ?3m-?g{*+ z3Y&pLI0NK!jUWNmT&Y`Hh-1>Z^ZMB@L!`=E%e>>&D*>z zt0-h9*}KmGnrHgv@pNMu3vAE`Ql(9|T_SkVEwM@*rmPgLP_tU*4bwT+TYEe>&d@<(jD$~f}6V}i+ZhE#c7 zj3vH_%-WniM~66WvhQQnB%(tL(#b>JMBLG|x&lCF6ce@^VQICfI_rH2Cy+S;W0UTw zz4RV=nklkqP*LCtVQz}+5QDkd%l-(}PtSidPKs!#(X*Y9xO?Kt5hUrEmbU^n8>tfp7S431vS9r(65@*feQm}NxpCAF%9ZF9Gx7Z&Ua zg&CBL`|fh1=cM_C9(+3uKTo#?2f-V4HsNUyy}WN!&VlWB^Iw!HU~;m=qzAJWC=hgp zw%I035n;`pInf{tzo&swPvMK9<_VD>w6Ht#VbS7f`MTWjX6djs?e; zpFu((z?eKi;Iq56deH;cs7|m?Q0H!gq(>zWKHg{XC?lz{QAO4{rFGcwk(_DNE!L7H zZPDZS*g}^9uts-oRWL?j=T+iJR$vX{NQWucU4)^}b)sO#$mT!Eo#qWy z6%1XFoknStWf8>s4c5=0ve0OA*cH_Ylh{2OU=k#?cW#ykS}&B(j;bD4?Fnnx9yJMT z__^KW!HmsHWkisn{07O;hOCrMn1b)q)-%@#0c{q1T z-W&XPOAdHesEy{O8Xa8w%I4~d%hd;GKMPoH{VZTf^22>@<$+B7me1KP*d_Zxdc10f z<(780nk^4q>vpsF`J17ntVNZ`DmZP=A2tZOZ*zd4CKKrn)t#^E&F49QNvu)?+JPVU)}aO<oRqY30LLASpDaB z3Xh>uMd88YDu0X7ZFA%%Y8Je=AuU0=wL#t2c+Kzf#>qe)TGDvi*58EbT z^z{Ii4V!QMApD4zv04C4^eJc;%w?qxUw>_6p41if!gsLty6V>fOMO*;El3yjMDv#G z3LOUsukOQhFdx%)Kf&mIzz&3~b}ha^+sK@WtG3-t!xTyJfbRx-5+%1}Jg z?XzC#6hj+1Vkta|IG=)M%pK_2!52%VKSCmJ6co6<9FEtst6ZwHBk}7jI*+1%Sy7J? zMZGynSF8An^V98@uh_s(!Q^-cFs~-68EW`Y;OjDzJ|-HMB9S}wksiIORT02^>aCU; z(`FrA0=ez0S0L#deDKtUSKZ)TG+s}BEL8@oI(1=Xa1Ks3rG3V#LpNPe4crfa{lxX& z{}FTCY)sJfy6By{uG-aLV81Rovc=S@ITFScOY2!y%?4*FWQDc>?K@Gk9sw%5@f}=x zodp&ebz?CnX5D#;^Z#9kMLBU`FK)MlCNn;dNc~QM9ETA$douny=!c)bm5P7O--xnNF@#0yjm$Z}nYxzl&*GZA%& zWO3(T?B5h`qFLM4ceK5j=;{5mLQlo~!4TG%7rDaga~Ed!!(C$BYem^#Z}ZuuMGQ$}vYM72_gI`8{K_dxv3r|B#!ZcNj{R=k&uMPOut?5UWK zH0{q1hQVDc;N7@M#)qxh6iDT4ueGN{em6z{q1K0MK#MjXs)(j6@h06auQMnH6GK-F=?gcC(XO0YryvJ6206U( zlVG6#G7a`^?7oA8{1H9Spd{kH3MqnbxdA&UMEF{jH)-pMA+j)uh#47*Gy{jVqk zO>r{BPplu->nU$~%iou9bAb5x%at>#P|SVNRzAm~wc9$zr>#fwOje*2mCtKic(2h; z2gT5eWRHYk#G(VL2uPd$9dW16`sALeUin4nzDx$As&0#AQ8=lE(K-pmVXFnV4o?6n z^^0?lCYhTUaB5S=HpM3JB^~vAH)ZvU<)5;6y7Pt6wSL$?7lYrlbHc0J6p4Y1glAt! z661Nrb(hYuM1glTlpkgtsLdZ;$u~^IeSp|8w6qcodUzg_9;6puk`x4EQj~b()Tv4cJpJ5e;cAH}f>&~tM zg;{t}X>Ia+700x$@WP|oD-hB0OjS(0cc1>m#JRgrnkl_^(lQ{6HtZ1n@VF`62QZ0y z+#rOKC{N2{$OIck7@V(x`9iM7$_noID@~VFvcY;BXDIQRE-VY@>prMf`_oI~y-VA7 z{wA49TC!aIz01n{@I|{@vZ1s>k;A@vV@OB!nGr((UT%O13uT@ z0PvV0KhqBPS;cr7Fv0naBM|lxO{RQ3difH!+voT7K9jeR6-VWUxKWf9G?(`~m=9-X z+Z)&tM@hA+*|;K5*(2MJ>%_LBKksn0<#^Vmcj3%gJP5c@AWod*xoPRpZ;AEaV`ur6 zz&WCXgv5{#qKl`*mm&amdBge8QcLMlu+r!w_Y|q!xT7FGHvTtxq@%mG!n>0MN>2PN zn5Kzb>-z3QJzLI4+G;nNj@IF7dU_=?daoAB#x1I05F=4%2Uk71T=jw+5=mp~LNw!S z-gK~qk2`uRZr@jf*X_XFCF-vacS|bBVbVs*KyISM!1s7Lg;AGM)2>(vJ;pL|NtIc1 zqf8_<($P|)<_fLsMM1hpjQjC1s7ygnEisTy_oNk@#?mDqd8ww^FBaR6#?x-FVhf$j zg=lX*J8H)WZq@^Nr#m+!S}6w#NOEGIXYN~Q+I%_=ryAP@r|z%#Oo=1-g*-UzQIl0% z$OM__3#v1_XVME09iRDJ&RjOPZ`p9zjVOkQ`QB)O`;}i3`geQfQpf;LQ?bJhb(*zo zLWVg+%ZJ0xBZA}$snHYaq1plIo;nj>X{ zwH_07m<88(UCS0X+3H;$iVAXxTF{#Oi2$EHD3s|4FTITD|^A?bZ>TmoLu7J(I^v>q1 zcEUrToi(*v!D?f*Zds*0z@=k36eZtr8#TJl;+BWsq$}ruqQ-B6Sn+(o4Qa%qpOl|^ zFyd(_=ijhTuDs#CG`5EMv&@JQw~#}aC22HE za*u~V4xPVDU%Y4fvM;K)mF+4PzG+oBRk~5=c<$-4T9xkZH>N&Br3YEA2MC_a@6b)< zHR!5D#ngVZUzDrFmZ#lSY9UnF#pL94mO`UEnS_Tji={)Et*2dI4tGVOh_}DZDH`;7 z!iOv4SrnsC>MO@+ppRFem>$T1rKD<)>{iN5Je)S8zB}p*H=vm}i$?-j5Mn@kupJzk zF`c6=FI|-Mjz^$PYb}^0!V&;9$P+U%a#*&H=}kUT7;9_n<*O`|YYJ740rgse+yOrI ztHmV%<*wOjtn7C+!In1-iOi)HgZ?(42&lLK$zP)pK8cRtKU z3z(9~rvz~iT4N=c1G7+Hde1*`2_F`6ZR~6l_%&vUeAE@h!HrBMF;ubRGw{Y4>)DZ- z1QJZ32}1V(1`j%Q%a_8P%n88!G&|Rsl|S~|9tBW+<2TQFz-M1nGt9S4ne`})#${v; z%&kjdH!h1BkbZS>Gqpat*Nj5cpc=aO)IG0&k>23C!7QIb<`kPLT7$8W&dErd7MQu1 zy6LShtj=m|uwr8+Q-M?9H}j#iY4<1t$OPL#@kD#E`0sm4^JROBsSLI)QVbg6&Z+}a zj7T&AJ&58|=b|O4uAS_GrWXpXnH)a4e7(c~pTKn>yA2n7FlX#S*^RmzboXtTPt)K- z+zdUuq+KY@Ab#Dkxok#+l_)oNj(=*stjR9eY^~W1Xl7s8ndaNc+MWq4Wh{(~mO?t4 z#&47v&49)e%jng@cy+(O_-K&yZ}zpbch_RpdAM$|Jb_GJ%^5<6W4~6g@e&PNthWl7 zM>Cg%ywV6*OJ0Ps8M5|_(m?w^x_)at>mzj5+{6EQfe%yqh})1E{>E7-?;E%cU-t`| zHMj-GuI*|leC)pxsJWAe&n4H(qg`1C;t_I4 z`qQs(4gAdyBONz0Aq^kZ>yTSd1EpfH!9{``%Yz$5$9*?HM1J*Bxyp7hXP= z_lX*eOgx{&I+i#0MdPUf!xwUXWZ*Q`-fVu97erxWLVf|Ce3_jif_=f>c@ocEDpwQY zayBhx9I^R^K@=0ARhN^@zaX8Gmc?O9(6YkB6PnK* zNAn2av`qj^8#6uCV1(b#cr@7WI$$++-rPP%;aF*AFfDEvEi+89KEIT}$9H{9^7pQw zTd3*fQqj$BSCug;|MsRMcl~uTTi(%b-#x<2kIm_mEkJpEK-}*~n*&5+;TWXI*GtRg zcbb38$&*CqCaw4lbF;YNGP*p3%mY*J{){9r^1#cd!0NV+&r_E2L%#O@BewE|)2?WK zbmn&u!AK3GIek(=ET+ZZbmbrVx8o+D@HY6FY#}#iAo5MdS2*<+PQYS$Eb%B?&dCq4 zAt$+h%*{m=Gk%|ZhJ+@E8p!W>s;KGItN{TlFibST*k`Lc+fmJv__M;oKBxV<1OJwa z%LbRvh5}B>)?cTae;qzO0Y@c&amOF=_(toLJyf}91o#%@ZwnoH)BHmv4dm@33BA&C znIC%y6237^G4dKl{!kz7zrIoxImR^z#c?hkUcGH=1uwG1JCP15QyODWm?Zjf((DkM zy>}cM`B8DlRBK@fxJw-!v)-oV7K)GH_6@%vSs_nlB`kjRxOwy9M}vuI5E^qhzr0I4 z%3U3nSkYG|o)!R_>Nk9C>Z0A=InWAq?(y4pYmim-ml& zYwIW#;h3~qk3yK1BTj>3T`dA6^CElCP=CmKxG@6i1R0-SkL)8eJ?17`KvOIZ5b5>ysu0xn^eG!n6*~6#;2Odxl!k}+vS|I$nL{SC|h11M{eOO zp~U@P#m@_`B2VzJzd@cHp-{|fwa^LqX~L!VBShQ;i91Nja#b@4gJ>k@igNMOQQMOF zBFyM<3jzyw4pmEvu;d#hL}-JLC<)s3cF`5Wg)^tYKC~seHek!ul(#p|9)EtD@|}x{WUy`?OnN)-_Z3XV;-6D1(CjMaYP&J0ymzz zgIf@>26gUejvy^9dz`xq&Mmq2%Z~y_2ezE@wE3GD4y;D0stv#zYjo02)DNxrvRVm2Sy;Uhq)_zqftm=Sj6r}B{sFaX~eDm~9 z%G;o^IF8f=qG_Gc1&tIRAa1}1gD~&=1gmy#`A@!U!^vPRyJ4qB9JgUaQo0l;-kS}< zT!Cm~uS?n!9Q^62=;UaSmNuVcL5sL79D&KX-yA`Cf|%ZZ#lLCM=o&u)$t~t~?mxHh zOJ!J6*U`1fK<*}nq_N#aQkcBnFOMH(f1%mbW$19->z>dpBM-)SQyq7vf2JYFi|X|} z(~nT_1~&+ibs;kd(Qptm2vPGiH3(7CXEIlZnaoHk-BUZ)x-$(vE+$%iv|dl{t^n}Q zq;ErL?2TpX_=@EFYx$bzhiiC7<@;;6)){c^?AE}77LcyuLv@fNk?c$=2aJ}p)E>O- ziL+it5Al-i%YUa3RuhvI+VI7#gj*A}dHN6%m%yx5Qkfo*WkjqBD+}S7sMC$~D3gY| zSZbuDnrIz%Hk+QJm-T%-@4PLo)y*1;ag+P_(=1Zc!qY6?N7oboY&@tn5>iQH&@5Bb zg3v5Afq5E8vB$}PgrWX4Zy6U;;VyhKJL8}!RvT0!iMl_`SQb6t&u{*tm)@bx` z{q0K4C?eXknzm*kJ6%AhX@*Y)Wss4fILORG%aTUfW|^TWE}ImZYb>0z+OT8QvKbo- zfCU4~n0h&xGJ!o}l@He}hD?`v(eFN#-vTz#(C~(?Ll{14H&cZ$9T!L>*S|O7QQ{ z=^Q}h+s$dHnrPUU46wz#+>*kC1b5W)ajk7qm}dn0%ZMN{80mvh+70C+UJ8x42VLvl zWKVt0uBNL%eyYMj6vUm!cK>Q#Q)-rr|KC0oaBONon2qzXsDlbW5rOafqsG)jgTvSu zGADok9T7bUE`iddjia|U^7i)o>pPeoIp%|FdXkyXci&BnVHKG~etFF5$I6aGr&Jg4 zRc)xN=B$UaW~oXHa(SJ^=wL5)KOq zPvj~hCQ516Bo@SXl%WCa@0_@G8MH4~LERMuMgPudlze)@9TYOb9pZ^v!5vI&z0Zc` z^lEf}S+5DVWZhw*Hgzb9E z&|lEny=2Mt$2>K#KPt^R-QMN+-L~}C7Qt=~;OW`?9)NLLw)g4seBPygT4w<2F8dC| z;ZN`r)(G0pN@5KZ2LIQCdL4*fsvcNpu^zG!I9rpD=aP4e86#sC;nt6(39;3G2;F`i zgq~365T${?K#UK(s^%S_mXv3CP!e|BnX8C#wZ%`j=|t2k0Hv$@FA; zm3Lq;-Md^Pl!t<^P}2MluC|$XRnr;$eYnUB^!t0sr2Bit5_Jc9FLqdZFC6NC#C`@d zps?ObM;6LJCD~xDJ<)wD&9FegaIHPq(a$YLK-8{(r@%hN0iH5ju{M0LMG`m^1Ev4= zDrCRX3)c-IG)(3tp8f(~?`;4Qqzjt0!J6j?wl~l3g{oaHfeU;+R$}ucW<&U)=m?SO z{(Elz>*~(9bu)XOU+fpm<@}GC;tnjK=m^{fvi}i+F{d8$J>eeH(-8F{rXDZ#oJfIL<zC=t9N(Gq=FGlYP2I)diJm`LI3WkG7raqh>p*I z1;=loXgm+CfD*)nff5SA9QveiH?Fzgr{T^9H{4^ES#6iDGHsy0>ec?9!tRG$9m9G7mn-+OVKI(x9eVpX}eWZ{9(joDRnx)2`t1;EF2xNA^ zA-^^3VKB|fnN%(lvyoZ;s|Y<8hri1}qJWANJ?d@@1#%4{j?~HFhkeU16#C8Z2XEpS zydd3(nhZ`88Jgn+TZQPCbD2qd&D&?1d+@KEbn{5@!?k6JM7Z{0Qu0(JrbU}iBfX$h zOg1Zronw)MEu^trOgQPvYwW5$ho)yEC%(kXY8398YS zg9J&LG8t?Me`2_UPbwL>b0NE5NJXcR@*b$ed&qbM6ipHv7!{Ay8e_q1n8i>yJ^P$Q zo4eG)ADVu*F=nkYWx>cZM=_5*;zFoZCqqMigr4eW>@bUxDe(H5OGfE%f+a$%1Rm~p zNoLa9&4UYRb7}HgMbf)y)L=(7n8(t=!w|xwj?{ZzheXZF}Th>g;3vH`v zX#Ydvurkbc4L=-bv#><6zvNrC{fDaP^Na$woC!}ry#If6~|m#v*a&tc{T89HxhnXr4dy4u$| z?=f;^EZA^JUmmR34S6~EfUM6&JlDAYkEHpYqv&=Ee!eXRi3Dy8UQFG3Jp~`) z9Bj?3m^_5NBy={1Czaf>C6AzI94G8+O+vl5pq_&K9od&Iwm{5l*#>%1$>vhHai3_B zX>f^}aV1vMaMQ|SV)_oNRZ7rI#m?S@VY61KmGgO<4b23uB+jBN&NGA>#z>0h6WxX| z>wWZwj6Fwd7a2ikfP#*9_+KS^1j&w|a74jSl!00Z-KDkyJqQJEqOvgjKb34BwJs+fqpyn0}kN`*mjVU;kxh7)J6G*KXI({AK#2nt}hP)ZMk;xC>9rX$nbR zU-6gAEy6S@TCHfQr_bTCq(#tHDIF25S(B6AJ1~=|Qc`M!3pudkLN!5Fbip)A>*jje z2|+V3`F!BYX{(9dU;oZt5d!!q}p*p@qeS#jnmUykzBzE2&g&Zv0R z@}TWn%X2tu*(XyBY+ejC!j- zOv6+7g%D)-8gYp962ug`Q&zUWI!c=wQ0meryrf?WNBF372NoOI zn+Ap+$&H*njH^@mc4#%Isl|CYccSuw0BzA6^K3fywd{|I)K1DPPgswsCRNfIx3spC zC&&3R*MUfsJrMjuA`tZzztDB)J$5m>upvMPe6*RmcR)!Ni6PF%$%%T8|B>5$VN&T} z|8OJu8wBZsjQD8}n)2ph0%j9JYinaL`aFKFhrUByBchn;79!1uOw!YSte1OO*VBH# zn}P^^N>@E;AwehQ#@CqVOp}$xDq-VRj*=PsX)Sztm%ZMGQVLdiRjt?`^2tGVv)A)1 zd>o&788(nB_XM`Okdd~sl5WoE84uKNvT5YmC%_AF63+~*1{|h-3&NZ(28Yp&w%Fu% zcTX9sj9Z42AA$ZmJ+IGnrsUQu4)^w`MnRlA*S^lNjbfKZLq9Rdr>8UNg%DxLW8YH9 z;m|xmWHM=Y5VY9*+V%7B;I`|sX|V$3Qkz9IRu`Q&>)7iAo%W1IvwNep@Ik&&*wZ!!+w zbL2iTc&vOaIo-sFrF;D;(K)=s)rVKO=W3nSp(Y&sEZ|PKel)La7@k4clpXTWi@ZWC z^Tju48CH{h#BrgzaxZsRA`{PaWd z*AB!O0!{15rFYb48#s~-{glmmptf;Daa~E6)U!`yak>>0Y++fDFK6(f4GMzd+9SNu z?Fykd$`F()9MR}gUB%;6zp;lqmsN1;M7X~pT}%O6FWh$|exuCfk%3wwT?1W^=pFi| zAHvn%_A}1@$Yh2OtIsKN^B|ySx^d-*#m=$G_P2EFLGBut>#cAe!%NQ~9&*N7cK8#L z2?dvlx)`jz2}s_yGGjP*9PUB3HbmjA4tkt()S}&Oa0& z%jGe+SfBfWZHA$crDDU^$7Hv=i(s6JxYxH9U+C7cIl5)4lW^ev0dOoC*L*+ZQb_d~C8WaMQbTKfyJ?Klt+@ zF6SxZzdR%0n7*J4bm;I}Afe0lHxt*LUmbRgH=3Z<#)3_6pR+$4VYf^2Y0zx$A!54SpmPBoo0PdYI3yw{d*?4j4H4n@7r`3 zik?L_uox&Dov$`Q4Ym~{Zlpa8Koia&lSvb32x3|?NMc$UfT>Lc*zmkEL;@7C4k;LM z2O9AUBCt9H9cY^c7zR(MDP^x4O3E!TXCcyac$m9D>JYaYfOm6 z`}^qT!`fK^fwfUXia5cEp{t!a1w2EZyh9AI@EpgZ6S2}A&-Qvuolj#XAFRV_eA zuq}J6EqHYYu-zy)&?h=@70(#(qj?VC>;bb|8nCx)6S9NrUSr^hdadpX^OQc#{!wa& zDIir{Wu?Z0b1PE_)D+`l(>uVxwcWxdJ7w4}p8aVhPKv=Q5EG&-$;a*tkPXZsdj-{o z<119}=~|Jp7G#xSx+Jtgn(Q;B5+~x|VK6IwlAssjc!e_K4Sh|=p&lfXCD5I9po<6% zD#Fzt?Puw%3BnU~RuZBv&433i?O|6$O|X}XP#?;VIO^OyFX4*Z19Jz>g_%~-CWp)~sSNSZP3L|kpkpAhS6_fZQ>y*|iuR$1!wPRo9{C`=vlKD!r)hL>2LT8dL9F&{G$s<}plL zJPqZ~>my2!0}MI-4DVFi7nZwWy2UJMs&0$3upcn&l!d=tfsq--q{m|kMsd?WXv>16 zDOZy%Jl|87=sPlFhT}JIXGpOp9wBa~(&6L68SfsV-slGvP4n>A;x3&GUNze;%@9Ks zI<|-2;xe>%Jz2efmFaa*+xpW!P`K%Ub}DDqbhXP;y6jG|J`h(XiI+@qAqp=!&Q&Eb z*JYDw95H#5Hy&md!yg7TT@rS##~smTA=3(1CEd46D?zHPX|`^2I7oSJSB4=lo?HU$ zP0)l@E^K%)&qJbo-0i1#H(COvae#B(Ztlm|C9%ct)8pgV2`wa0X`H$Lo;Z50O3xNc zg8J^+>M7GKnvX_bOB|rwE!}n2gkSo;PZ7L;wRG0I+5Nc5a&YCznKlF-P8Ll^yq(@Y zZsf?fZk!Rhp*@ue5)cw1!SK%=5h8^ZF)AJ~@Bqud(h{pR_)WUho9Wn77n7MLM-~#y zXCTW2oJ$pAG`>N0*4x>VEnKJdJO88vCI6==Bz7|QzK$RavBJs5I3e&`k==w%?nutz za9hw8H4LHT@JTk*AvFKX%gPz6P9hh>ny4S@blC zQ&n3FOkz+lPsQKX?ROkW`NR(Vn_!&IuHcQPT+SS&`3u(lpGiu@=z;IzGffc+c<4*4;SuVz$GSEj7Ye?9*ho&&d~nF z1zZ|2jcIWvyA&FyC$E$>!4Oy~ir`qf5XTusAqWR0SUl>pGB+knX%A}Pm?JawqCfLf zvMtGRf<*qe)7a_qNq@IhkFk;drx3*1%?;C1YtLV%etg#PY{!$0SLl{q5?+=Baf$v3 zRap0B&6@T5R5Nn(>uojU-*5xsmuH^3T6mf4&~D4R#0adcy@XluOH>vI)>AKD$|?>?fCd z^L+*xXOwNV0_F0I8MOitwE~{C{%HDCnzam4@^hf-$2JkBY`~SpjZ#y-7Mv44#tmFN znNd@Ox~`5NpN<{DH~H5rCi@yWF%`W>x;JPdu26$h9%Rg;$Tj2CvclTh_;^{9bs~NqS{OEY^lZ)m8H+B*? z?E+UG64$!|7rbR2gw!et$Vj|8WPg?42ewJ{DZTdI!s^<+YIjQ3&C^!nd-HKEDzf^z zRk+_Y(Pw#H5~qE`1xpds)oN+^DmMHf0Tq|W>wu(FJry8%(>fRlCI;vlr(oEM1{Ue= zQ%P23|QC69)hw8y3*xjxz`VIF|rG zAH=?rUQN8(DBu795CAa!^a2U^oQAtT1ztwtkKfXBL}l0sk;WMHi53h8w-wxfOAKhx z(pL-fnnVkAIR-Jr*w~k5E&4O=_A1&D0O(0U2jD;g%*ViD&K!aV{Oq z&-0@8y%9v<8D${%AJIb_k16pHwv|O7LIa*);C7d?{ZJLV&L7X|ZD@$Sgsxk~t}8oL zzN&wQ3E~9o$-?FHE!$IXbV^cpCpy@Oc#X7zjn={HN-b>gI)YJm(?ftM`tw4A=lde= zjTiz_V5k{M*BF2Zid~BELQgQrdm6~3=g7AWKVj#dKY!~*px^q9Fxlb~f^g}ad@pR8Y`LW9`(fyLX;#zsnv!FHKC2Qa8 zmZpO=r5-zum#%+qZfl*ce{XI({{!!P6%!k-9IyZdJ**ulf=iRHC{*wgCZblw+-dzY z^-~BuI2%|<+6DxycvbLJX%IgWlkRdW5|eGU>U^8RmHWo}T4#ZFyIo!m>J`hHc56{V z4&upA50Ab$lmP)RY<3;q7;W{9cI9RtUd8_jJ*xfZx+EwmQG4cg`&I_h4otBS70f z@#C~vxq)!^yQ>+5A;; zjNg3vwPXKLamdUMLDs#w{cN&ao20_H#x7$xQRF4lXRt&M1MwZThewK!O|<^27ZDYq zX-*1{O*YsAza94EOPw^lFkL$EqN_O2HNNWZtP8zr9!_$j3!Hh3)}%R4knwWDmgmc2=34V((RCRT6xr8Fm0w-0o z;9}C-aDnZo+Bf2D`Q)@n+2dgBrT(qGh0%|;UiACQG4is>Ml?8x*?Ag%p+VMONaIcS zE1ErufrbzZ_#7*7YEd@yaqimQ*_*(3dLRGXH$6S=I3=3n-@0<*AIRe|4JKQt39gK} z^1uh9)3O&P!Xv_wNj+*5dz62B5J%2Kw)}TDjH03t8e5JhWS}PbNc(P%B_4fQyoOv| zH9r?=J|7Qb8}=@odzu+1!*LkVYWqzuHnn zd&dCnU1BcS&pClDgtJiB<+`kce52cb@^Y13x)-d%?31C~mov|^N8t)RN|&~le{)dl zj*&N@2IO-V%1GwXWen`Te{29x3m^N1aNb{hxPp~=H$@XiudglQJn zEa&_-FeY3)_8Noqp(1n4cdwu6Nw>mS>e=2Fsz$EAS;Q7(1o#dpRx`NNUzBLcs;VrYv2M>{Wp@=ECp%HsaD_W8Bou zfb}uw-U(h;@ap`L*r;EaMMf-p^AWPtLmA#&#mJP*M0q&N0rRc`MFmDvmhC;meEH5_zQ;?3b3Bgdg)|#j_oRp}d(G zy!s-#l6XFOHqc3lrL@W$PEVlfM|@ghLtd?+bn_&xdQGh-srXcQLsH>p(hR`Mb0%2= z`Cjq%mvl>1Ko}w$wV_bg2ZjVGHGSkfIfKW zRW^HlVW$`o?Ox2GlUdx%Cx_%=q&;$5EH&j}w+X_2_TR0SeG!_v@Ef|hr#6LT8{7en zQFFH1I;cqHN(@ETigfrg#{0FQfhw&;M`VO8QoiRKt!jxVxIgl+y1)cTq1!dcf?=gE zjV8!+t((AOGfaeoY`YZC7BA5E7X2jNz1-!RO&+vr+>4>ROPR`=M+4#mY9((SAKDCF z3VzmVN&B*{B>Dy%dAreRV}qxVBl(Yo*B4ho{dTUy+h#k}4YD%#w2uf;!vcw5Za2+V(XdFKNgDCBG>L#O(AFP+JI$(SNs}V>x zGklz4%HPtw$ySt-PdU$BV&X*2_{+tN$%|Q1FU3_Rlm5x(lMX&xj?z4oLRm^6YYv*U zp-oFQhYVd2x!F5!T#&j>e2gxcDsRbGh-r0b`(xO1a4qzan(aS2#&uC{`XJpf6~(yFtRrJ@6;x7%8kamEjvpSl0*91@GFW#gK6T< zWg*8A=P7bjjl2}|5ts5-He{VDGJblw;{IcqNu}1ho=K{DRdE;!NpWP9Igec|xjf^F zM2p(w3vhk%6>h&8SdC-HY?Qa#Vb93d*6-l>wdLS{Fh~T01}M!ZJPaED54(`3R3o<# z!6%KN(6N+=mODPI!x?Ou#Ud;>`oQH5_1bV<5CD+%T$K$et`r}AOIa)vw#lJ$7_YIpKW|usy~z6 zQ!Ly=GGJ8Ompw#Q6ZHv-yS(B6fAaAIh(8F8gdOO32ZJmis2Ry1sPodg;HbN!%Uz;1 z777Hxh9MHtmB16~inWOuxmI~8G|`4n7Llunz372mM$~m?*mjs{27Vo=Krfm-2*{gC z;_RH>YZ_CkM}~HsNy1;mrvzx;Y%}y^n|X0?CNmbD>a+u=D=6bWc>*<Ntkb zfP{5C>!npd!xhT9J43mch;E>}9Z+dP-0#2|6rt6JGa@+y!eaR`NjG_=fRAv6K@k#3 zvfi5ft^v|ThXCos;YhVp`d2!c_j*0dRrs{L;2Y?Etka;2(v3j`KYXboWN8p8C{iox~N zf)I|LI1s{dXb(a-PU^io>{Evzz<+`ej;*zSAsoLTQ9%d?YA$tejS!Y|q{ zG~~?S!PtfaR=`@Sl)+nQlTP7VzCB~B2wtY6nb~O;W2D_pDXpHQ2m=N&;lKtX(R(FO6I$YEqLBuSSGqPTl?tLO;(CkfLcW5yWAXo zeb(x1pnRK?2mJqX83xh+a2dJ7MA*N-!p=#QRZIyvv`q~kXtBgMIL-ADuHx!%kJP*P z#)KzNY(6%!W-smtU*N0+`=-TLWX>9)I3NoIaG>4Wx+Z_zMb}7!p~bO&Vf}~8Sd=?k z^!;V@4X_J$l-81?8C$Sq=LTa}=qkdpCPx{f15(}^{{LHfQ+B&Pubrd1y-2=o9UfY8 z9Tv!U&z>Q73FUMg0%p+vKMPX6C4c8jJfBaohWJX-v0YzcE;U}a=%TQ;q&o;THEJp_ z#?#Wp3?Nl6&~?h$@7LVTFEihR(hgwkO0)lAGN6))a#;&3I;iB#OXb|dsE~~$zVzTY z5N1CO-;lB8YOR05h_y$*C-^TWBeNs%U+DtM34-K+ASMwoTqQOV*41v(>ezDG_g!Ku zSO>8m`@0Gr(p>>-xm!PMl7b+V$EbTURF|)ouY#33y{a)(fe z<#jvzG)|*`%uB+*<@J&8zvZ>fr_?Esyev1^}1Jp6ch8P)hw{;!IUSv|Iphguo zg=GAMm5xsg=@Wd<^D4w)q;hOuZ?hioSiWW+O&k>9K}{S_XtEHHj%)3L-CW2q*7QxN z%$>N82=;BM%%v8VL*jM~JDmpkcPo-+@@0XxE`!|kZhTh=nrSrs<9clBe3JNLRa`h8l^DPp+E9Va_@nsprVCnpv3bn|oNB zLgb0M6ehQE;XM&-f$q9VO88Dim<_5#6{`3J#Tc2YRbQJ(6UElFh`dt72;e$8DCeXY z`^!0+q#D{%*QX@Rd!VeI9uso+59;;EKD}bd#RMZ5TkC7$3r>sMiw7FwZi+n8;gFq06 z2@*-%Y$Dgm9GLDx|`6*J-o5hRX)6T=801G7`Wh2%vV8HvMV zQn1_QA*sVL!Kn}U%p+id$bcL+e$BDZKzV_+&xbLQ$BqV(nWQgKlFda;f*6i;Y?|EO_=#WA0&3F5;~# ztFfd@k_~W>e*6aGpUm`C2{DZ1_-n3k{@{Gw>8I(~4)b6^a)Oo#pcwJJ8RX*?-SBnU zZl@}kk!ZSFbb69U{ZnH-XH+bKMx%vAYn}}y22H%ueVtRJ9dOhWZgfw>gfQ}TAQ;GFovRN zOKS}UGc?@+w$!L0J&}K(5!)O6{qDH^z#}X4GU9MIB)<{0c6$GPjO=8|tedkjzIwWt z_XyEDSlEK?I6gO4QgXgHhgY8w+0Er=MP}{yOoR>Oj}?^CjpfOX56rxuw?8-FK2C}- zO-(0>^mJpK#FP3~hwMnD*>l+c@$<8Or^-7bn+tT%m#oqqpsnXywP->=bPL6UtsP7X_X9@=) ze+jmOtm|h)gG>%Wff5AU4$8c7KS-u18atjS8I+l{uOc{uEOtCGG7n?gEgW{H-)1_7 zqe6!2$}BTbM7BET!$Nk;S)@-*--}t`M&1Zj=gB|2lY5eI&(ceKxV9RMXD>EZy{WP` z#$hOnh=;h!6fHmJqSJ7Zml$O$ufgXPFIPdwTbn8R1vj^jT5zkkSt=H3cGBNMT`$+% z(%h9YGSB_UbX4)cIkxL$Ojxk*RjANtCsy*JjhlFjz(XMOa1t)`))AJOfBh_e_6>Y% zP+Uzo)@6=-k?IopMB4y`#YW?@>-P_f|lxt zK@Gm+a@oBGD4M0u>zC#1y;&Pqi&6_!C3r<@pMw*MYknXp`w0kT8Lgbt>z*Lp9yjLm za_$hzvxeIP0d=KBl10iR8bh2G$2!o!{~n6}AlNP6Byyfy0$ zTx6+;18{MP1BBjj@BBp7gx(*bUTGCPPP7|G;{uFyhb8JLR-SmzA#1^`4kLQ38YI(K z%?>1dcS8DwKCOM}9!OsusdHG&!zWfhxXu+wM|iPZ(-5MDJwJhl#ROAPgAeNH`Y`&g z!C^^&Kx2G?w6Q2O)fzsOgt4@>44v!5zrZm(F}Yf+gTHCr?n{DlG!w@4STJ}QDvPH$ z5so&3LjI?_PiIqt(s3v_v+g3XT;yYyD|2YlNatbuL&k@e%}{KIg3iyHVv z6S4MhRWGfu-_P%D#?zj$>hLUTgxlOzwyLsK7Fy=E7Fvc);2^dWS{6C>5ncB1 zo_E)l1TKd*T_|>JVMYO4%uInTvom0J5X-l_!G>lY8c=Z9SP<| zD@BBJ-Ie~5Fxw7(%TVkWz8(aG6WS0F5!xt(JnRU=nesro^Yfs}cM#gZ9j}>w@YDYZ zeTYBR8dZ(^to}zwbj9>n#LB>UM)?*&26hg40~7 z307g*&W3NW#l-6`v&;-d6Ws&nwAe-NT}c?skZeNlavolQOTK|18dM}Qdu=l+(wvZk9#7iHG^4^X-(h%A0y8RPd5>K$KNgqRO&?szTcg&%QjesNxn)z-X4aVx` z1~qC>fN0A3a(6H0`Hagk!-*O0171em>?GJ)7Wt(Iu$xTM#U>!UuypfcSS7d{BCxwC ziRQ*bmu!LRc?4yu!=PJI*u1B9`!<7T+SY4C_cMaAXDj4)H` z>%D1Of8N!77E_p`#U#1^pN%{0>ewU9!#X z1eM@uGAAcRdJ-p>-4qxuZupSRT~rE3XJB$snr~Tqb47B|wQH+oHWu7DHs9ii%uyQtWT=bhTB3sa9(DjBIrYcMCw=A1Q za&111>eiTxdG#|&!gV#R!~t&%Wv|Xq2lB_>N0Z3l6HnMYc%#F4^8rhPH)ho52m6^v{7_xLr`Gp&pI(bx2??2f_vb@ z1C8M7)iA*oq|XxxSU(&Gi53gRDmL5pu;HkpOLCb%87nq)CE+wnXcVXRw~ro15k2r4 zTW?`D@`J{4J%aR&Q9tR<(=SL<)q~rWvHfZo3vE=NeoH8L5W7Q-!6TL z{X2t$)lz+q3@CvmY@UAL8_ohaT@M}k;-XWI9%wfzf}615-i51|asDJwsCRSaK3};v zWI5&I6*$-Q^UVfDB<{#AQ-S}Z*=0f5&}#=5`L`!rwxbO1{rYA-KT>t%o|YZnFP9^o zK*Fpwb&sC3@8iUXgOp17H8x{8wB7%^^u>c`&Ax8-tjPYO{QvSwAa3bj<2VadHBfcn zo`148&F(+7FPbJi)Nen?BIVcr$@3RYsMwNKj!bEUfpK;r~fSM6wR;<`Ksz3Q2tW`ueomT_}<;n4L{PZNe^x7bC3qv~Y%-+d)agMcf<% z9wS{s2r4zAZXPqWIXlCBI@pxP&*ao)5GXV~upQuY?sD+hHiIaf`nx^yxXZ%VVW0ker^>ks_jzNrnWrNaYHnra|aqW?4` zu0hy-dV%l`0Oxg2{$f9H__DPlHm};qi_i5}aoZDC^A4$9CJ58x#wSGK^LtLzq(r zQ!{c{Jwb`$U*9748=dh!s!v&717*>ovJTP6Lb+WS!qe>24bi#HCDc%v0a zldm;g{63 zZ>hPrxpsb9BQpm|@>Zk1N%s|F;(E{!+y z7BiV()q`RE?y)urqB$lvTwEyOH2od;#HIDG&y}uUd_-v{9R1Le*c#DUNZ1k*8xCN2!F|Y!}0a1WY18_o0+9^1n#{I_5^%JhjE)PROlP?HK zy)DGY0Dx%;Fs1pS!%N;#m59qvqzLS7#@O&?6mP(l4h+AnW}P*X6uk5T-ph$Aw`c&VH1n`^I_u- zA-2lGbIuv((gO7$=lq2~5G!N=&8BSq%n2B;-Y5C=hj;zP!D=#K-21corA!DQQ|u^? zWOict9+0Lw*8!XM1thM{)A{F>g99o3|s)|5U7?k*F9eg6z{TLLD>LUR#3%W^O_FDppak;CI3cQzxbO=s@J z$`M^I#eh`cd}vzW3XqCx6w|#e2|JA)vM#yBQ~=#!AmaTIW5cE>r=q+hrPY$%TnEL08o)LP;nC0puiyj z$iEAe5Vx|KqCO>2zz~|T0~T+`L+E}noe7nl1ODP+)#sT!q8cTap;=k>iH5!?UL?p&DJ9WzyM!q^!RyQsnjSE2QWL&$O|(~pi^ zC*8S*a8k7Q`w2@6S9j0rLqeaX=Va$W-=`TbM69T$3>@@Y3ZlILqD3C6UwW>|HZ7IF z3Fz~o3G@_@x$x`+z z<*@GjpCzdG=n(yXm5dFgZzR+|koIq(UwIhTr^5%le=(mikerDW_Y7-5Cp>(8?0B*jJ`Ru5i)3?4cBNS{n0bxJha+LHNw!W1%=WYo?k~ zExk5`zWDfc=+&YW1Sb8LL&euKaEghcJbofBf3OKB>DL3%3(X=Xy)gTa8_Ta*nmv=# z7m-Z@ld5waAw{7NM^Dr2?1E^vJ;IuXLq%;*^0giLe6iuKKjG&LDw4Ox*h@aPG5W8% zi7SMINb9Q|e@Qud5h4i?uA_ra*PZ&3M0)@F+O8KnpoSk=MOo|QKV-pHSUc`vQ-iAuFE2nDtf~Fr)v2TNjT0 z2eFpxJ{ zXo;5Fv=Zp{C+qJVA)VsLbRWrcQ}_?cb7TiXd5Zr#$}>mw@3x}6Oq#r$tw_sQ!Vi!{!GemNGn@VKjusn*Ze5cn|E*U9PAzv0mCB>!zGsIpxhxO_x8au(8Z zQNc)ydXkN@Qw6loxw!nlErphzsocZ>VTU1#L|eu7AYL${XC4IaBx3-<;(1(=Eo!91a^7;?3b2#@vIdL1?%tg#^t)%EA zlA<~q)t~jO`y?f$E!YyIPFbi;(h_ua`a+KXM!*<~Sx?Nu04iD=n|fton=(S=Paq)x zWjuk*VHi_ILj=sbWubxZg}De0F%o|FRXbfe@{|))rWw#5^?PW8X6s3pAu(u1a|Upt zCrxDO$thpGBYrcpZI-YIq2)3WenxryZGWju318Bg|cx;zA9SH`r&Up_AXX2S1T53HO`oPDq-_hvFBH@xAQH2RlH zBlU0ML`!Kz#eF%xbRNUuX()1um407DeqJ;5wjy-TE!1z7eaA)4E3EyLPnq#79_RIe z(3!C#lfu?1cDv&Jlp`ZsT z@uFgMZ0%Y*&pCk5Te^t_g>l+ZKU!)V7kxJenawIBQmem9kVX8~XD`*yp&Xx% zJeSI1m0Nm}$H#;EE@qSubRVh?Jrf{MPq{)JK$Nv6{$ryuaON6VNE zh1UR{2BP{)c;_GLFsm9)NV}RspV<;I7S5EwsH?)ahcoPB&%vg8opK5BCN@88-;A3@ zi;B3c$>@nd|MZOGH4ye^F*K)sA&|U$JXfIJI;_x@%b16~K}MbLvzm@ojhKUeh3kTq za6zZ1Fi7UsyA~Cw5cH$3#OF|P;hDrOS*O@4aJTeJ3+uK^=HGG0!gOrIbO8HFds* zpssjkQS@s_`*>@o&HGJql;JZHzaR45;XM}!{wS9|z>Oj?IRE%+$V;DLj7RgDxQKrXG6t?`8Ot*dBB{CwXlc$#gMvWdtTR z1)e+f!^=RvOvthSfDDDceK~sB*Dp@(AcKazqJIfw!Bk39=-ZW}8*ohe={twEWaF{T_UHa>cW zyL1G0C~#6jR@uT@!9SS(TPkVMmXDN~&cfS|!WBD$IQ*rmyCETpu+DmnCH?n53T?B~ zVTi+nCaNZU`)RQ1BHv6uZ~xAEO(nk>$GwjxLPk#v zU)O#$Wib>416e3}=x*yMFZ3M4{@lGV1m&b1yvVBU1o!a}W8kRMD;wDP;R7H;CQPPm z_PwD%2o;>Fa`-$BBQsV@%IEP+~3xZ7!7Me2N@K#M+d=i=PdU|@k4S)4{hz-+y3eB;ERPT;VkiQ*h}|-@0V? zkg2h@Gs>AMK8c>zw_0LI|Z{NT|@!PEJ!K;6ODW2>L=HP!EJ3P-$skw2! zsMWDzxJ5og3;q!pa9y98qWr@)+pZ{oLCRf&uzTzgy|CW1K(Ke=;h`#yyczvk<-^xr z4A3g*Px1t-ItE4Bo1twAPV^XUv(n~I$%9y1|$L%R6 z@u*9|on-xrP$g!hnBfwPy^=BTCrG!B!MUL3?Sw`wb$!lf8dHWrR*|7k$WT5B902#C zx0I`}={1qif+1Cr`O1_zvru^yql}3OOuS^w;8Lz74nL~^3SLH(l$fNNd7LS zc*I;KwGe&MGhBb1PQa~av)IK)tOhA9xyN03=d!ViLUUED*`wrVtYP$O%@8CAml+f* zl|16uv^I2%sJsZV6yVsIydbm~(dEs|8$YKg zZ&;T1JxW&^zmZq8tH-`27n2aMqBSW7ZLkG@hMgF8>v5E+frw%?&grYdH6xUgpE*-N z4Lko$5vppCd;(3}lCYag>`p&j!|eW62rxVi!DDilL%_jj;xM!YyCXC??O6NBP)8DS z&%P%#<>X^TaBPV|badC|*|hChTG`0?>g2w6WPf&$g7AQJvA=qy2n%+b7A6AQM?ivQ zEJ(o4(|{Vh@@VzESq3JE1TKj5Xw{=YM!8}vINq7u6;W7RtTsC-8LIPUg zTa)YM5^&P|rQ>_Wq{OQoa5YqJ1>r}tF`0en4+?z}39yU~DWnYEQmEfZ8Td@Cz~?R# zGJxv>7DT=eJu^D6BQylqAr9y0fyBIdj(7ZWK2h4%0h*SLDfFSh+yKK;>PV?lAES3+ zXa<8~F0Q;!4m02~##DKX1e5hPZ$ZHc4__a&-YGiibFi#*dc%D)``c<|@X0*PQciqH zPsv`5L)Hee5kom^q&&feeo0Xen5K`F)vIsCM1qD`2+*=S&838U;{ULAmO+(l*|x^r z-QC^Y-QA&ZcXxMpcbB4YcXueDaCdhr93FK}ci+B!>QiE!&(>qjaF=Oj@@v$l#gfpHuh+cD3SRLlwHgD(VAbBk}Hugubp%EAMhNtqC;fT zu#V%{n~UWWL57`07d!g~+d_d=dhy?0fS=n%jMWQuC~Q4FVpH#-+1G%IWrdCeibT=R z;IQc?xvmHg8&R_L(FrXpfo5fGMz z05_f^ItAV>2PS79O6cO^lPASh)!q`{DOUYjv}x2c+P#h@)egxpH`UlE!!F2*&do|n zM5bW*uuEkNQpZ&RSCoC=1+a()6qNqU|EuFrB~68zYpmP24zmw;6VzUeKfY!AuL z6i--1Y@a+`R{2kfUV1L?vo!-eAZ%$gcO#w-p8DKxzrBcGN3mqvlYZv2V>pWyeH^d2 zI~&X1eoZ~g$#uhd{JRWKK+)KA4+Wlk;3dBWW`ep{*8Z0Yw?J9>mkQ^;BhCbLeTT?W z4?y1elO7Mcb?nSl)CVw|Ctig3x^i;U!<}wwMxd0J_!Ecc&nPx@j`&xma7f#rH2v{DXCylAe=`*D|7j>tmwp)vkVry* z8w%0f|6wR>{;!5YDC6qih63j8cae0LZ4Y0{+gb_iFv@*7NkzHuR_r7b5Er#%*tv-QR@v1A2kn*rWd}O zm=OqLB#7wxZ9-=*3-P9p0mSQ>t>;HMNd^2aD(m|{^mz9HVz*gT#ttN=VgFH2;&c97 zwvL<<+X;nd#GQZIxPX#-zlzZ$dmKxo@rpYni(U~ANv;*|x~*s3*&% zY~oZjzxZpBDTceSMYAC~i42jlc~4mKzz35@2y@47;BtGENwJ1;S1ZIdzBD<-h~K`2 zqi~T1`a*46?S+T~i~}MUma?G<24ho-Qq6nj3XYKo&LBHU)ygaP-0=2Qx3H!u@<>^d~OOYv@1#>8hWiJDl zG0_RhM#tg!k)gwY$k3ATK0h|yrOq*hPKN4E$MCOWupyfe1Fp)Ym?@ zib@{8N#62UDBc2*(mQtPj){O73}JYa-gFNy_zhsf=aBP=Cwz|7hJ2^rRLrTOatdPn z?XreJIP7bKHu-aCIjIzsYFMVhT3e%)?8XOV^-u0!$GRI9)YS^3EkKBomVZA$2p|-> zC~7{#TAmNP`xC$LW6MZ*!7dMl*lKxeX?2$W@Qvw`fY()| zVA~zUKC38CYPpw-Y zSShIMQa+OR67ciW(Gj0`sDiie5J;~*=8=M?jl^H>1D<&{9lU^X@V2kFNzNSH%WH8t zcrZvgc$)im5^$Spv_8OFAX-I9Dgv}ccI?wIIia)~;aty9@4v z`-=cXoPkH!{g4Mh5DotNf&?(6Wds<+Jy8Y-?|?yw10VnrK>3PSRQ!rptdpqc2bjJ2 zb7~zxz?laioJa^DybuJSE)@e{H};+qVDKAQ_%sR#00Jf{fCxZ1sT4rCXkr&&c(F3B zp$D)8NPMery!&tlw0~hZf`1_epu!JQu>96P?*hfwyRf{dn2{WoQ?%QR0tMKqOXp{SZ|r`Z5$z4Oj!LtH-ZvhK9ox;{kK+8GvxzP64P} zLkiZ}{pXT3Q9ZB%b@3-Z{R``3{82DT2}A`VNu>lLMH4r~BcYkJV%cS5;lRov6dc|a zZfMPzNcicQCV({*g}^izX>n_bfPS(;hc>9__G4kisE(Br*i>dE%22etgy z5eeJ`E>)!jE=3b@MJ^T1^>lSKodWaA=(;92&{+Ie0E4I{l3ppda=JuL9J;fE0Kz{% z&%1ow*4S?8H+$Zx6l@*O_A@=3tfK|q9~T+d^o7DAVYh+D43b^I5@54Czh@0jEvH;9LQ+RywSrFw$0GGT(G9rz zojs5t=9nqr5lW9JBUgK!HCj#_T)mri+J5*cdOyTN>!{9rml}s6obULXZayv>5#)jjjQ6O^DC7wgN z;#ic1%pex*b;dLajrcjb3hz^pitJNRhvPs;AaX7m%Y1#q;ylD03&-IkB@!2jl}--F zL6`gu!s*H4e+IieUyb;O1v4~8Rlpgo8IgkSfAMC6)`Iv5)=7>;YjRH|BMbZXi4 zOKvN@dz0X*7fjRV(Bh4jktDK4zP##PhF6croM{*(x{iC6R``yO%ofab$z4*IbPcAQ zw@H6L+d+yoDB=oS>46v>-h@a%b@)X&@SPa93Z>t2D5rkqr(zeTsXvf(qgxqGwp5}E ze63mfSOTrT0As1ldGZgkLQFXxg-C_MC?+tCh97w=kxBgFPT@Iwp^(Q%-cWJ}%2B6+ znyt2^)UlRNW2ZbfrXX%(wucU_N6$3M<44Vtf~v z8dc94^r<@#4nO1rJ;K8J!KC|pvob6&h37EaoHWuvcaVf~0Xrf?c(yK0q0*(RK9%Qh zWNZ?Y7EFeN7N~5wR74D~nZix^y3oGGcVs9i7nDk|b&zLL-Dg-!DEee?%&Otcl z9-pT&w%i%Vxg^)ndpcIaa3blfi`?7%{%-PFfYiEUCuN$Xto%9ZW|E2pS7wLdv2+m2 za-b5qu||7xQ2pk(mimo1Mb~D6-c8%lGDBSTM53lSX2|5d<)F^E14%N%TPN<|o3v~} ze#&F(T#_D}vHEnedPmhk*-ztS{%_r~CF|~&RXw$<m~G5`tgKkn z2y1P)_H4aGHnK4S)Ph*xIS<+6judAWtaK;CjfxdzyFLvxO1x<%^^+7mza6u>q`ReJ z1zULC#(0PJAoj=w>Yu`A%F1`xL{I56bp#BJ7&S9tXu@tZWjQemxRm`cSh8X&(#rXq zX=H7F8VECrEyo{RFCAWY6%{A5C!Gt;Zi%hd*=+@!CC_9o)n_j6E#rF6^u9t^VlEd4 zVt-*wPv^tTKnwBX;U~b8p~Y-VJ=m;I3#y+9?^C=d*dq@*EJ&>q8o;|} zx~2$`%aUX6ti9Kv+RC((+s-RGk}ceXzPJlc_;&aHFvBeaMjtLHj`)=wggqA+ zR^q#-CxC^-s++~=BdkFbqav;73)BbZ5 zr)RcQoS_hlxeYvjD1&lBn4&lGDX|?A`fQf9hEZJwHqSDb@0s!Yur0aP4y=se94K)i z&%;7lw@|F`KsLp%73=6;xT9efk6Re?;{Jm8o^;8pV~}~w*SW^6X))qEWcGA;cFs)YcT)~Z2v z6l&_v@3Ljy-bJh=RssWk!IqZp+-!KD4Fq_}s@gb#;o?lGC0jnjdVUp!Jxd-yPtl4Q9(Kb}Kn>C8hg69hzA(Q&sfT@Y^p_5;6Kpy@#+&@M`Qpr${k-lb zzVjVX%nUBSfN%h+j^1uI1)Y7edPL7x^>Sq@4|$0*mOi()DldXBhS!Y^SIZd%M;!VQ zGU8)5!G8LX7Jd&uKS1!j%FS*C*gbg-64i^n2lJKih1(;?E%1Gm?|F}hnB8q(gGbn> zU%sG6l}JpKxwjeL>3tU31*67kcARu$31e=e1%DKrjJ-03jWlPQUU?x!d?%tcK(K*17)Q(mVrJD>z7o=bP)>Hvx2Rwl;f`F&8;KBcT z;ZXS2|2<_{PbaS)u$!(~*#lHT(>Zp-H=wZFqe%B#!c{l+^6y^y5bQE7fU`p7gYE=I zen!|JE>Ow9xaPuL1InO`T`ex{G$BfAi^1brB{luhhQxtp2QTUjyr9!k+J0RrK+k|a zX^N$Eo%5Bh`o>dMBk%7z9<>Ze16{NS`}!&T?$)TIk!D&1^0gFOzC?arnvt^7o`8i) zrgFrKZl=FwP0LS&V4Jyl!T_?8Q{3+3FxObb9mYub5ga^1c8R(&RCGp_QPO2@ff3Uu zULa+{5uTQ0Bd6d?ZFaGegnbE!oK*P}R^G6PgF)5PalU>k&F+kxZcW2rv%TIs0Oj3a zLaJ_wwRE$(oF!AN!OwHEw2SXzR{8y0?5wGAQL|_1N;mu0?22qzM=}S4OU&n;Sxcgydr`)N`D{yPa}>)M4UHp^Xs9c9fh)xljhDx$g!N%y`c@H)v0O+ipq?A zNHI&cT=teJN#EXEceN==c*i>h!ttNz;Xr!gUPc&sG{UgJg02m%m5&+WE^sNC-3146L((MK~y9| zvE(26Vk(4;rXr|HMq=}7OojDopp)T-k)64iiXlgd`(59mlnY(CNuj1mC6OH@Mb?12nwe7~XcLk<7HuW8lD( zPP8uO8%azSk#iUVp7P^}@9f6Pl_82>2ps~2C#U@SJ&35-*&)$R!I;FGCgexR=)04= zwQZx}bQh5Xd=8M1g^im$Z1b=aHlUfH&|oK6^Jl!{sjkNqIzzBNKE9I2D>-`P#E8z9OMQG^ZU$ zA<$}jQI1T|Bw$=WF*inIvQ0olmlk-^r}L$TDj(XhqRuJ{`BI>YRe7kVHJ- z!opQWS4zrwux_pSqO-#Q5A{&d08dqeA&$xx@~*ttEvpA#)|~S;_H_PDWQ=->F?iCj zRSfMpAeeBGq2hGG*~y?IVPA*Y-!2O<5-w6MrlFFJlIzO5wRgxhF3=j`X9TtNA$ZL%X7i6$vv%SSB4|F+cp4h-j6RI{r6OuHC~{z zH=yUNKpQl)HK7oQgl>4OLbk!{(j*XVOF(VY2##h7MEhc+ITR3Wd!-CKsEq7}mreSY zQf3DP$3HJ|120=$KsF%S5uJ&Tb;$&0x@c#7V)MC!kObKSFGU1raM@9VY!STIkHjW( zwqOh|Z_{5%kBJm=_L-2%IG;>$?$F%X_>f^|pNI$x9W(`5bOoZ#JL9otISOw`kwo^a z1ozOxhnXo5V~DZjQAG9}luKqfYy*gK#5ua*IC41*FcF`L2#Fju1x3DAhJUR@A`S>^f!}yYG<+ zGVrP@;0nh<Wid?HfypCkEMz3WgXq0qt`KWDL9!vINNtRH*$9AbKL`lu3B&|+C1U(L`TTi4 zQr&fjmdNK9eM@uca|<`5KQPuKys%dLVf##R%9?`uWk}&Cc}^>vpE1d_JxBakm7&3= zFw0n&{E_+NEpgk-N%W22e!?G{(J_MIS};>DT^~uYN>U#YctDR2?n?`W4pR_@&k7Zw z1bPhRFf~uieqw?}-i}0jx}D=G*D9DZ6g1E@!TjJh99C$i0*GWZff5+AB+@EGhEFC+ zhA|sCSk8e#m&l#}2k)Stz#O>7s+W~JscN8>7fmT_6puiXs84~?9(3-P#9L2_Pv?D5S?>_jl`q!ftJog;D}BHMH6L3 zrO5|TldtUoeQ8jxw_mLH{g)iT_$`&O$IkdVesVnOPOq#7kyyW94aa5Gs;(;?bpZB9 zsWBTT>qDG(i$leZ{mU*dbz7P$XG(!%$ws2?uwN8jJoHC)TwGmGTQ%T}w6z^cu-_DqkJOMIQqEr_RP zGijoahZlGT)c=SaN#G6hb&F=z%m36hc1^1rwmnW#s~ZiM7N6(mjZ1`8UlaCLexh1u zKF*5zF$+A$kvm+mlB~iFK9soeF=Ct-*I^b3PYq-t5hi!fvsS0IQ{a{e&1wmD%P@Y# zAGsiX^Y|=Txvpy%S$)Q?z|bWlLX5o#HpkUdD}t=wK2{o8O&eKibbL%35O7N)vo2L| zgU|{P#aVqHza1Tqlg45r_!M#)Ny&(VHqV_b?R$l_<_hv6wa&)%4c?E9Hd4IpJpwM{Ij73I(M}6XqOyu;#o( z6G{kF!nN*UxOqNDoR8%Iy^Mtw9_cv0E`z3Z<9sU7$pV}wvRF@KSp=6x zZ0Kc!XV0f_^*XU9Hj-?&-yAHb9uV*tVe@;_PqfNd1`SXaJV8*a^Dx{D1bM6C__8Ay zwZv!QhfgtVyn&Q682uQ%NJ!XS`oKPt5947wzy7<>dHD~alXzV3{DMs^fQ!QwPd>d} zw=Icsi@v7gP_;WwxX3JprTdJVvk$(?mhycN=!_RX zOwJtv296T*#LL}fP)QQzTr}NdIhRXVSv@jOU8^cQW?FM5+9mpB>?{drfrI!IG-Hcu z)iv80Hy;Jm%1nI#YUDt(H0I^uxi3S3#ya#*uY^P(qn?kkDMonLhV=E< z2K;SXp=*0V_{U0)Q$z4qi9o;Xw$7Y~# znJ>)mC;jsGWj=ZxnT#eqCFTZQ(kpV?C4;ZD%$94hl71wopj7od+rE0*^r;D<4?sRR z@=X3l02}42iL1-0T`<2{;M-93L#{rhKuRNO@gNsHA{U5vAL&ZX8jkl~=HMLYRhxG=kx<3RnhF){eewn?2@rP2g zO=u=3nnJidgUqEACtQYR(AP^qCrNO7NQ-DnJNr4wO7Dc{$g@rHHdVqzyQddu-g*B* z`mL(VUL-S9sB6oMn!G~BgXnxN`(Pem_R21pebZ)Llx_cu0o(D=d=pptj;G1bOKseJ z#TIM7qa`iaDC7+23HSoY9JcfCs zsI}{B1RA=CPVWMJ&MPENDXlxh=~0g+S(B=u_UH`iRe+DuybSy)8IZvn5FJMkO8_0z zL4!)KOHD!H5FIV>9m?t^NAjfd!Q+uPIj^iq5#eumQS(hOgqw(FL4q!GXcn2Em78ko zNJeqoWR79tILFa+5j0B9lE(8wX(F`0mp#t2-zAsAhGPJzg}2_4;AG9*ozNBdaX~dq zSK#6TCtLV`x<;7{EXPuF23ys0^MX`gED}`h0O+qjMjxv|GQi!3FhVeJ%nk#J;pJ{v z`71J1TJ@qM&%x`|>YeZ4GfzRvMB%kyp`(+Nz+LV`3^KgO4QK=46My~$q+vo9FM{`h z>ePP{zVQrU!9WbiezPG@!1WWN(V}a<3!pIJE#KRs_ak`Q!H<7cvAwtK8PW_%vt8Df z#W5O<4PXp{Wt?AiI4Qy?UXS0_JrMS%iKh2}cM`7dR}_`Wn#D3)9eO!iuK7WzBFvK| z9_{Yh_6rSJnf{i7Ar_sHb_J|-NVWmyl+}N=;^=h#F-+e(^SrpdK-Old!)r2j#j{|b zqqb-t_R5?UB;mEO_38njRe=NgAru1RSF1!@5JJIQ^HMJOwhgH2`E$D35J5#{eg5zu zH;r9Hm|)a{u$l+jcL6mIHFhFu5w&cHgasy#2x3&LL_*H3L5IPt$gp-3rqMp-N}lh^ zcgU(|Ky zqJ)Ex{_nNDX0oKTP9tjMv67=7ELCX_S!y<1O_Lj0^Jz0x9lxBg9EZgdb-NeZ1v2bv=^ojeG)heXlm$=1ABU@7BrI?hYH-Jzh#oVsp|yT%L+e zQVX~^{do>uy!AW>5OBqyMUEM?$hL^X68L7b86VK?qeWRU+6|tNbxP#O5-qSh;^oFR z;P$~c?QW|;Cn0|~%5V0!P*?2|W|xQ=YTK4*?UjK~BkfWSD&M_y_?P`&co7$A@)1dC zfAPO~BbNO3FAdXZ)RFa;P}wIv{jfu?3}mby(vIB1!g6I~XxK-CNnb-FC2&C*#ppOp z83LkKhA(lT{!tZBml^c zz}y&7z6CDAMWvIA+hXaGkOWF1;MIFC8D=4=9omB6>!6Ooe$Ofl8I0p5fq>9eIU)V zO4^ad+|x?;em&;Bey1VXT&J=eR0iE#LS;>l#^^U7kWzU23L50DGRy(v`{+!X`%Grwzf)2qnuc?iRte< z0Vnf#Gy`ai>P?p0|EIQ~Wd+wr?Rl8P?>z^I`T+W&a|nsVT3~~L?b@p?-#9L-?$?VR zYd@ZsY@Vo&Ok3-ja@q^Dq_&G4dWQ1)$3c-PY9g{i7y$gIgF;OI4+n)FX=3_{Z?EV} zU5q>{Wnqlq=1>`){*l6G8t?1P_1KOY)$+hJ!Z{%W$>4tqUrBL~6;1@X$h zQ0PbOdG%Uqb4o)yJy5bx&-zA?DgRNN+cAQ@29HhKeV&%|V(-?OgYH(Fd*N`IuRHb= zVX4e}qTW3&S{)!o^yqcIM?i6_Q?aIc)NKpa+G{&){4m=R5aUKJow;m&Gxq0Vu|mJpW##cKQ|iEX#W91G)~*y8St6|;D%(KErH+xTWa#1B zDJ7~km{}s@Dd15=jO%MkBXxD-_?^FY3Lt;)htfT3SM-Js9S1E;o*=EImG{*id8<1r zJKh>-87AeZ3kt572~wtHG|CA&eEANCeA7ZP7ZBr*1|sN@Qe@BFQIVPfpm3ThA2nV< zN{N!)S4y{DZ7cl7fDu613KI3BkKZKtQjYwE(NL1(Wo|*3S+S?H)(%Pduch!p6+)8m z_91n|;h^rwZjcEKT(}7n2;GJFhB_+law>MFCL5y*PNH>kV{fqv?fc||R&tITJl=)#Ox<8kr|mqs zpHPy}WVkpp&+$jP6p1j+UKUdv)a<4AHh!h_7-sK+vjzOC&-a2ev zus(;xpjB>Mi9w5^I%r;?G%MugkSgX)q2I4fXv=(mh2vv>gBX#2jxd_GZH<;G+etjI z#A_oJMw1ZBLvFKL1>p>uYI@gsqs)EyE$-(9g^AwHqAvp8S^e;oV3GFDck-)%12~Z7 z>L-7g;O`D+R{q~zX}2K5IauS`V>wiPoq}bdQ;3#T+_elgqb3p9FW79yvvdY!n?__o zvulxSDFf2Ijm*=#FZ=E5k>`irrGQGlulZ^V2rumb5Z!BH-*YCv^91v<2J$ws&LckW zD=r~E7gsM@gjWR; zwXuq47VpBkk2;lT&s#UpThj0q>K&0QPIa!gh|#b{&9v~``#`n>s$hCdyJ?O+?mQ(` zYMSR0lF1w_l*Cdo?c^#K~+^RTZadINZ)>+3Sv0#tN7B`3!;-z}V4b=tIN8J(Y zvSU1|OmqwNuTyCE-$Z3iLNT6(r|gBAM)?omS&#DvaMW~Czn_0x@u?-|6EnquBFG2T zT2ui75V|Ei25um*(;^VrCZZ0?eo-!2P!(t4SxV|>s34!QV71*rK)nR+9>lMa3eyM$ zrV2z~d0Lqi>E^hssDvt<90x{PNYR(*aHQ4%63=i%WL1%pJx0K9-RAy?v8IWHI5FDd z98w6em$W!THl3=0#ZDlSUpeN92qdIXfyLz&I`PHwroHaqFo}Zz1QJ@<674it`XG`S z#t@0Si-;tMAd+6tiC_29WcG-sW^F388=KRZ-~(EO4k7l{x{oHpkVOG0QdHJtEV+K0 zN&AvoryH;_*T#8aI8-jX+GIL!sMa1~p2BDnfpw)2niE2cc^JTnZoN6-8t4#+b>mP( zi$aDXKSJhRM1HhZwMdbqNCzlD6`%-J)Dk2|W=7_tgqOJokOA{eOIWBp9K>ZDf|L&R zDpfiF&Q$DInxDEF(&J+U%UbcS1Y2P7B&dI(t&(cjBAecZUypL$Wl*-F@?rI4@1ySY z)%&JpaE_{*ub}xi^Mm&d%!Tgl$hO@2>`Z4|1a=@OtL`uEF*aaJd0GqxsCYKf z_N?2CRhak!{V849&{W6mCXB{-EG1Vw|Ij{X6CGq%4rSy$G+y+nj$~b{HnjXMWM4Z4 zJBC#1aoe-=`+MqNtAhZO`Xx8{)S+h_WD77;ze}72*su;72k=Wp zcc(K^$WW$^#A_-B*5T&~WR8;TelfqrJeeSYDErM=d#>6TS%W35z|!#NUIr4m1%_U( zPCX}9w<|A}pRw})v@PfQEU>WRqwsyQpG15JN}rogpQ}C|1&K9&iN9N%O_9c7CwLKY z8b*NuL3LLt)BB18ak%A#Tt6PsH+(TR)>r7{GgCx+e>j$(CX2YIxG6TrshdUr*28kttq<{PO4@9pv5;{)E8n zBq-SOXQ6AVa5d7puAR4ggO(639JXREwS&+uPOzk0H7DNb`ctls;Qpgr{qB+cSGn5q zzm==z>}c0NZy&A^YYZQ5Y$PCZ7D`Q*H~qaW@qJiujRfeP*U-1j=ZG;BV=#XKD{M}( z9drboJHO7$db@jmyTfuKUAV3|JW0YYvOIS!MBVH~Y1CmL8duiyIi=p`U}=dU%9$F5 zsD)~Y9ZND3NJ4@Mc^iVU5+{GB`}}v_N6X3IrOjy?zn2EE@&kzG+o9xN)hcm3(=X&I zN8wfc>jm2Emw#`C4>$j5g)<)LHBtJhLPRXa{^)}NNBUl|bFu7>GU@NGpl0I$LG%$% zBi{2GUGt$Ns&}L&XvpKF6G8oTVfzzsMaK^PuC+)=_3F>_bIMPbI zaMxTG{3XpbA|zc}x7*fYVTE+ZWQiu5EbQMWf*}*!Ct{#!!=T7bE>XfZEAlbPXL`27 zz*Z2dyoABzg!@C|6n3{K^e={|7u6vb47~=Bh0%C)8=7Wz(%kQ+@|NW7PW>RbcF{uy z@ik}!x$c;>RWb&NCBFqjq45jP{foKL%T?wotHzO5v1IMjFT~M;A^Yz11U-y=plHN1 zJG>Whd(V@LtDqOH1)_K-V-j560jub=0S%#O1+N&D+k_={5Rgq>*VD>p0_^?Gy6hGz zzy27f;~hxU=T5AvooLI4z4jtN4~ku`=_`!9Y}|*~$kz}H%%vU>kUFmA|An*>{5R6Z z_&-RSDd||v^0&T*R3H?lF=U!?cGJ-<-BiQ5L|y;#38C!-|t3`z|*oozO9x4@~=^_Fs;@kZ~pd*9vT z9V4iS4wxvKs!-K51R>Niay^^}*~?Rud}k69)Z!K;CDrr|&Z1x#qIYL^;CIY-qVqfK zam_l*<#_f=bUfD5Z)_m>Es%^`-=yLUTa~J7zbP}KjjV8N!KYs-`QoTBjM_Ssh}UUT z@RSyZq(4?cr(A1TPPB;je$I$Ff8NL0X3P?PWK~!UA>|yZR zi9HNJc*2dl5vL*VizGnN>K0#_W^4L(W$S+Ci7#sgqtAu0xejVlcL5op{enfo2+LLZ z(?EEQJ$p<LA0-@`Y&2wn*m}Q5rKwTzUj!h|V@Hp^*MfFBtPw4SOhw{)dOr&vo9UEujN& ze7k&qRq8mW;CiLu`uvf1Y;95p8FE-paZ6weFl3rHbjTVRb8m`ic=w@}RXA^)^mQfg zFeTzH%v|Fjr9kqP{dE}m`iemb_rxi~v{M}7o_d65-f{4n#|Sn;VHJI#?0a60c~cwD z{P7(&=*}=5w564(Bx{8_oP7hfH5D4BpTc-iXFm==vS@G9kBU}a?8zvamg-++dK>5y zVDTowN`Aw+=E1&c+eGSI>(fyjK#vUCUBSh%PLvKCO-16SaVKHvuF06nz)lwp&tKb= zgz{e-H#}+Y7NFvP?PKzq;o0q;>`MPkJfUQ4gPHlr=pd}nx!0JefT8~z2TDVuX=>V( zXoTM5FH%74CuSK+gJFg*fhwQlvqUk&k#RQoJu^CXP;6sHN>=c=i&di9PqAAx4O8MN zHEhyiMlJf}{zk_yQebmJ6O3sR{U8qW;qs}PdYPUjeMWP!6sKV&y&|~^-rrD$|0v!6 zMk>cWAEm&UgSk}u3yL1V9LF4#l2MGr{$3}zKnz6GJ;u=0*9;VH@YQY;1oFlNYY3>A z3N$4mg9(^=;fQ~9qd3oKYngHuyM%&q%A$Wq03#xZ02EGzHHkioMUkQ(T< zL}kYvkHctyDa??s5k=pZCWF%GHq;ICH^IKG^JXOPV+)o(?QBKggidZz9bNk>VJI`V z%>wY0e@{z1q4=}fF8sbNF!O&L*h-!xDW8|IS4^TQ{GMyB2T&V)9MjMqqT% zP8MNqa2~RZUo9J*PAhj3=UV5ir9I=+Di^LEAYOUS z9-qxBiMw00Hhx=l%n@E(YCbmlxw@{NA^283pjy}%0_0!)qcvAyYW_c3b7R(jwdM}r z^T7h1}FDG?Xh_!^+?N;nZ5-MMS^S3X+IZE^| zz7Lba?U);LJd(eEb*S%wPdjD9>Uh6LC`BTl&8P&XY8M0nR{C$Y`rP z9Fce;JcEwYJC##JTvwUMmMc^&=YsTqNPxyaB!KjE$?aZACi2tKu}4z*qtG+2fiY1i zxARndA2bpd>A$t+z~<)vi2*P!d|?2%b)x-V8N`JF)x5teV0#!;YyK{EjQ`hChheEJ zp&gHJSM`TrH!Ng9!%cGb_v?zeu`gNV_wWuYID7g>h8N&;itR-`|H=s-nL@Hg*a470G0#F( zIOsP(J@bJTKczxRUD?LoQ`PUlhXUFWb`*;)AF5e$&(~tq5{vGkMvx2h*RIw)P-KEU z6qU^!Ac#?;=zqZGZ(m?@hZ8m_V=<@h1X43Pt4y6$6AWSsqlPw;cpb;5du~bsKpoCf zAOOghyC1ukgv*`oJouAvBQd1L{nBQY!uMRW@B%HDv|Xk(w?X8HTXf9&H5+Q(becDZ zB{;?#&jf&?bkIoZCS8fAl!c~}x77KrEV-I6pj=i3sNQdKCJ3U_kUmt$9s2+s&ERHN zeMTzPT{Cp@+jAcIz;edJT7ydun-Q|2Y6MN5&MvA5FQr*k(w&-Z@YL$p?snx}eA zp@D%)Sy+L{GzEKAB%=K*;;{ggBT7ApA=0l!&mq#8Dv9;A=pfR+E{pdXWDmKcB$4Sa zy|c!MKtrf8P63gMR*p!6nnbLjbqN(n$~hL)i`4zd9fj0~6j&l6Sc}4*0#k0pVAe}0 z=PtH_ZQ1iyoPjpN@#Z`ZIKu-(j*3?osSuI2Do}FF%Zd>a#z9#`Ag7ftmaQTa%VE(* z9iFsL0^cv`F-*BjGAJ3I)E~$}X>0jVQz1CWQse9%4mogxz)9#Rw6CIIvIK^bFegY{ z#z#~JBPAjio{a>Wpu9f+eXBpL)k62=+8%lMfY4HCKDeB+WxN{pcu`UL^whSimh5c4 zN8{N~oK-lzQ&T0Qrc(3A_3|7zcbWUkHq#Cv8!#g9;q{IBJ-f?&eV`~?Ef|NYgm?sroggiP0Vm?|jac`;SNckw;awt!{ zfQrt9OrSX;9naWSmLSJR2TI%EQpiWhv}#xKZcBITk3LA|>+$<9sji~^eq%BF9P3|6x)Y48;;X{T~7)ey>cr+1% z_I9|x3mYuPI1OXGub-lHv1E%pe81=X=B{dR+Q7&WY|GDFT!blFT5$Q^a`LO=-SBbn z^SRjL)ce3UL1X9>{gu*jLPQSJm$CYNcg((Ac>=4M8Vbsf67_j)LaATr7c^oD(>W?+ zK68T|(^htuLXf!K5Q4EX(yQIlt9ct%qz&A&T=<1eN`zM8w~IGx=Q$?2Rdf|Q#S7>`^7H(P>Q8O<_tp;|aEE=)((<4x(c|=|6M| ze@NIh6HqIj!bM7xJqLtOphiaBn<_aF$}8$KeWAMg-Bo$LBy&b=lx##Zn4)A!ZvrBR zc@M}LQ#D_k1Oikutn7mm(bfD7y8A|VQd2Ny>~rt5RhA5N6&`b`raQD4yERDTLRpb{ z1m z$dyT0VxDTaek+K=0h+v9zu=MQ@uQG!mG{VX;qWtu(;5J_;MI#&l9!NqVSV#2gWfq2 z$|#n;(lyRSbM#(wj;KCK(h*ys-j57}U4V$X4Qf4u$U%rYR3t{*;6OvQ#1AO{^D&qu z!pU3{1u5)+6}jmx_^QkS6?yC_Rv_>=L|plc+u6v|=9xYL;c=wUc^5OC);ACa zH3~2CH8t}zqo#(%<5&Ktz6YDeAMYT| zh21|8a`_v9Es(reIv)7GQDnQrZ7F6+pPhdI3R5TVQH_8TUZE_mL?H*;=R$v-B^1h9 zKpf>v;RKh594CWyvfs@y+0J09p6nX$7(@>G%_iN@EE$qsk|7?WnW;VgYZ7{Oz*)BR z=OfEE<}{+l<7J;U*UbxtI%H&S#yV!2^kvMJ;E0@G9aDOcp`SUO+q;eVR`)QTMiKdwOd^$ZnY z=Lpy-h0`ZhwUih#pp)8^SQ#>?%XnoDx%`dklDg2C5HU|@{7r6Qcmb_M)=U2nV`l+W z$GUB6T!Op1y9EjE?(XhEgS*4RgFC_9CAho01ql+|-NRdC?{n`t`@MVX71dSztZJ(1 z)r*>QjxoO9JE=g;ajPp zSeYShH%^_9s+EA#;D;p8s~+XT*KumPazyy8av@g$?Wsk)rd6Z=OO2|PMf?b1D32>Y z1$9K`qmqN^*5P0(YA}t^CrFh*%n}xgl2m+^K$w-?#2g2+ZdGCrGIlvgTJI2dyCP8Y zhZEOOq)riD;Ny$K@8TZzFlisNSw5IwSH1aNnsh-QRL6VBJvxVW?5>2QN;oH7B3ck5 z;0P5KY~dDUfe~y0UK*kdMimV*zN?jayhPxC}-O zrHnCwSals&^^`<)B1g0&LXlkwxol8QOfjj$;lsTuN-1Vjt$M)|Dg^coLQ7Pt1ELm| zJ{>av$xVp7O%fofu8ur{iA)yHP#{hoDd`#x5qIMG)rQbp5V*pOv(ZEz8I(&Bs%t)s zP~?~yj1gSvXNd%uW5J?KjDE;l0W%h@519v;qf9Wy5vS`RrJs_e1Fzy^q$P(E^2DIr z!pV(5aJ|xs2G_Gc=O+^5i8BJy#b)3D9H5C(OKPk~Db(M}-tQR-U=Kn?p(9-s73#<3 z3<0>bppq`;ac~4`mUjqa2z>^c+#3cf$t=aDBXTf=j)5lk#maz1Cx}YmcwZZ(f$~G( zVsmMFry6X}XVp7`c1HWAWcN32(&dv4l0cv+01*j;i9%1hY=$aYqa#v-1uz88^Lt1G z<jQ^U;A`N5Qphz78qv=>2b^7JT zFEk+Ug(ZK3plt}99vxTqfL?|H{5U3+C9(1Yuoq1OQ>;q|Bp>vH7s62VrLnB1o4w*s zDozrs8%HRwDMlldd9neU(VC7PS+EDgckhQXQ=cIRbEDR@Y=1C`r4|wN)o;WQ5~mY? zKKA)yHbEx;hA3vhZE$eMaIX+7m8_khBWs`(;?W}u^_JCYi zAUPD%9}@_0tX|jBd^3?U^jzS{@p!^Svlr*j_8yr%HPgXk7W;dIzWPIk6JOo{-hWrT z_zSIyvUD3o$6Ats-D+KV@oc&6XECl5cL?H9&TGb%l&ubd8DK}&RJ}yw-T%i{1?ABjAUF41*h)8Th&#U@$TF1 zGn-IK>i=pwbuc)q_Ha6X*fn^`nU89J{Np^|20G8-Qp0Pe>V3cYedpfxDqpZ|hkT--@WX^SE2W2_Yw+zJ-T1iAT4xN*>_%-QLHP$l{UY@D_?lyJpw{dG7^rnh@d6NyY(m1up;_r#tDFutY#NpR zG}Pw#+X}*50kneTA;6(-jNzjoIG@)l*gk}m`uv@xt^A*|v=VK#{zl2wVX^KQ$5Hkv zFl47F>>x{ijBA)xdelP@rROh7Zpy^*T(#OHB# z^}gctVukGlq?J=qy7mB?l6FJU#Ny7Ud5vL57%B)|g^4dF5SsyHAXmTAassH7fNl_` zt$%i%&sK;REcYP~;Hj*es|NmEW6lCfXg@*&K;y{xW@y7;fN|O$5+dIJj?;pQCSmuK4&+(k_d4Yk7v&yS02n{V!{IX7!W?@uPjdVWuvL><}`jsY8jr!>^C!E)4k7 zkmH;#uOQbO_pPHSt&XFQy(LbqH4XL(0k6 zPGxAF7R!IV_MdXsAT}|zhH%n0x@F+4^w>x=zm2;_XgbTW7}Q&dzbu}gA?U(RIJ$zK zxKGW$ZmGgiUdXV${4W1u5VTy$$_Yl$ed@Bi%l*rgWRupfhz#o@><||$lW?$jt11fV z_`4YB2*x=hRnnnHC+qG_xpEOB9?I?j?u});Tq`3`g}gAaq+cFs4h;Fe%Rn3`43Q)e z1tYxyBB7`!stCw2g+xIor5086D1eU55e9s`F^>V4_TX}f&P7aCxv(^J5tfCvv6c8W z%^Ti15AGC96TiBABqLx53Hcvei?+F zSpw(w$pM=Tw0Pk5Opm-@zdeqF2ZLM2T-eqUdy71Lmkhl?*jnA$(jnTy>*drEdU#*! z5YqHEopv|Dbl}W$_OwepBr9=1{jBO2CH5Vo0sKVn0$!T0$jhDki)-iu!evGUF>n?7 zzz}=0d5PyYp@L3IGfB1&{SmQrzhwhAi0sYD`t1&036}{^#A^FO?usEpr{A(J5Zm_t zCuV|6)vq-ilq?779JP_|VtrgPGFY5hne2-x35z&)tk@CWUmE#U1h!fGMkRIj>W$;I z*Rx%Sv5^dyNA+Rtk&UAD$L<*AL;6q8`t3gpMX^S^en%4+zMNkWlu~Ta-REF+@MDh( zZ1Pomw716Gx9^eW;CB3MG~5k8{Qf|=+|F=&z+NLJQipaPpw|seh#j@9#;}!lw%>8r z2qrxY4f}FhbIJEu{&BxKZxA_9RDhm;HHI`Q%bVroO_WSxna+3##5^LI+#A{kk)adZ zwR_W;;U}ohX;LAc4+4D*HC+;L<*|=pRFG)O&U^)CMBY2>3_WUHV>{c4lL z6HS;|K&u0EAj^@an_4QLd?hK8MI$W&a!wK<``1qB46WqD{lD<^X<^6}Rc#YG8arc# zJH|eAcl(^Nk+w=W#~%2mU4hK_@NimwXT0z=ehPrA=^^~hG6%A(bJM)g+{{H{=Fr6g zms_Ubvc&QNBtWk^gJvQ}E`DOhcm<&u4SNP9{Y{RA)e|fVAHyFYCVT@sJR0f)))-vF z(>@lp6Rr<>^TAXpPlH%3q64f&6R`vA07J048+8}d6Y|b!>RSgaisw0`)$q4#+?ZS9 z-`qi7*h5LA4-$CeEo{EWb!4m#qh?9c3N6_E()GWOm|r>U^@7?hq@l<-$%79H<1nJu zsEG%Mqrr}Bku21RqF*)+&^1dMJ{1dYP!e-PPSg0y2bf7af1r<_AD~g>S2j#(hir_6 zUe-zxV)q@sqOc(|F4)5lAPhMo3@QJ5K3!fT3DAes>RFD}-3D4&Hx1QqsSB!%=Ox~6 z9Lv$pG(PXT&zB2XkVoIo3PEjGzut&$b#DlB?_oM54*0YgkzkoGKvBRg#^)qmd!;^} zBZ!bwk$bZ&&ZkGq6;DnEI&;H%bB9 z3);vS+pLP%L@s02G8pUhe=n`WwP}N+A|uTc6Md!@jU1veM%Y6P10%0Gy$$p2~8=&>rHSf@qh>kPSHSg#Ow$GIig`v4+e(v1y4gf&` zHExB30Hh_tAY(}#fg#hiThIsKlj(*q;mW89-=xYtV&7oPL6HuN35$NM3v3%~>F0?i za%3*g8=6;JW0#MbBxO0nCBjZU|HVfZ=mBvJvzG$oFpU$9;+PlS1)xkwBq2{&sPIEg z;5`gF(2(SL03*-eWTGtjQ#@CL!Y%d1!z~GCyj#)pA9dmHm_Hf}+PK4HGKI`8MeWO^ ziSj@md}1N>6upT=AfV2R4dBUXGc3`ebb#5s6A)AnRO@)8r_+BHg`PB9;*J)FUv(qO zcjNcdr@{AYU};xzTB%&nb)}o!Ee}c`)34mC({N;DLb7I5_{^SCjIn=p#H^QnzM;RJ zK|m3Fum>D8dC?GWSV>SJQnhmLCLSD#YFGfD818F)Z0u%HW(U~yOqs-kJ>9(0$c%a} z2dTh`CCp~k(`lL1+YB_;>xx!rmI;GG7=^@E7$m@qJVs8}<_y;?>{O>{n1B08lnBV> z@rQL#uG9nguS$7rAX%V?$|vv#RU0_|jtXtRkh+_xoM9w!%TACFPJ;vtk6O5IeFUFm zZ$PeA=UqG6wkGrhUmGbX7qD8%NT)~;PU|@{Ly$d~P)VD8j~9S)%QFex^O0SHw<&bgj&-0Lbg~qDZ;rtwB>!rTr@40$&(xQd zT9sePQ@%lHj|ts?zK#!!=8)N%@8S;XzEWD1b73TggV^GXnZa5`C!-f4f2U*gbjAgn$1(o~}?ni`XNlxj|HPZQwA~yXC`rSK9>fLB2>3&^- zPy%6L7Oh8O5%S#%(;_f*yJGtd{gyL9j7(463R|;syGY~=%OqLo5rVu(O88#A3 zFv6mWlsE@4>h~l?N-mw?%>^e#{YWXS;=-RM`XyQVQ>co(8C}b)ofMPXZp!NSlcUlb zYaQQ~)p(V$?)KR@eOtUp^Io72jfUKcu_X5R-y;+VD+_Fg3wEC$OWAOC6;j$hCLt}Q zz?pkMkpITe*)EX!O_3-W?=a|Ql4#fF#XtL_xOnhT?D?j`kENBR#L?HW>aa30&M~gy ziY63>!T0h%1Y6@v!P|d@wxPSraE$4XIES)1-g6Y9)3bj9+kdE3#TU1$8uohU`McH^ zWI7ZrO`Y#fHSd24w|ztw9r|4o|6x?CUO4g<)6T#K(fr7c)N0%uW1>7UZDSw}ZJMtn z&+}rWP5!$=%IM3ox9?3l_jnypx;;jIEOG#{se=F6NQc}wV=dxRSsqlaXOfAjX);wU znI?z-ajA`e2|yacuT>Ez8&okFY|A4OfHPp)TmFsi^ z9OKNB{WDi#p7tkK5wH%sdW?rJhD1te+_HbMklpk8KS;M7MStfijye>*-h&lCnLp@J zy+^p^!T*kM_w*@u^~~E#&b!+V-XIt;vMV!)t=f{er+gyCwOldz_Tyr#@UsGYEb1;1 zQz|~EwzW*0^S)NZ?{h4K2ZfHWDiR&A7L`H--`ng8s={KidCFewMT8G3IN1B{pnj=5 zALJimgMT^XCUbfb&mimpSi`fy8$JR&kY%%&N;7JFtlv#)S^qStCF=jnq;^7$7egN` zLCc;IjRFE212qh^si}}teRz!QLHnmo?MBqeKOsa-z+Vb{@)eS+eLRTbJ+N&`?ED_s z=ISN7*yZ>Y{BJHbL-dAsmzv9;z&4UgL!D`~EmzgQ0^7p>9~KIfqs?dyn!$aU^3iRR#?$q<@pCR7qLUQP6a})PuCu&}*~?BhQA`=;x}wPR{q>@n3$9w}twX z=RN*XIBI!DO(lop8YML^?Eg-?#NJB-aU!CMniXVV9;9Z$9ijGnRe+}>a&C;(#h6`r zd?u4$72Yh*bfuNWKuP*L(Qy>2F&Qm6cB^c|lrWb%xj)-Jpi$^cZjk#TgwW2-7g%-$x+EpzC~5mFk^FgZ>ENY;qCNz!_aWtIx759j6z17~69N+UweD?8SfmMCq@#^?4psHyraC3IOjQ zhrmimWE{F_>cm>RxMW{8wo3gu^8lJ*sf~zmBHmEI5Y;9fIX~YFGCvqYiauSpRhI;)|B8EbXJQXna-<(-s8@=nUivlv@$O7`Ev&^;v* zQ=OobDc5HUEdd5uK9ju%Ss3NjAA^SKC1}6U#C{-or(~(faD)A!WS#w?WaW(tBVcy1 zOMqserm!-GHZKy6O4BSY84ZupC1M;-V4CjgEg-m}r=b3FK~GV>M5SgF{%>$rIS`x$ zQ}Xx+oV5Vvr)VnubxFw-C^8P)_(r4j2GYp_MJd3Tz+ZymZ-POy+-}qOFfbL4FD}Pd zvzEAWmFwqL7WwK;UM#K6Ir~`L3-Y%a8#o=!xvzIx;@T&FX{`pwV#cw@ezo87V2Y_b z!woW_xhDED9*~sEnX=)-xEtwxU?wpblhaVbGD(2E6Y`Bg()@E58wMR z=mJ{Ba^p7WF>w5JTRjNq3$Vn8y|v46-;6T*q+Q zZPnr&Ae%EjXBVhrW{&6vdhWy>q}tS)V1bBOmcbEY7ajGT@W$5RkS{L#KPi^(+~5G@*aO|o)0Bvbh@>;R35{p zg;qs`-Bq-HMq?}UGfq1Wi&r}RmulI$C@ehQm5edo#YjH*ax82;-nAk9+hwuL|8ePE zwR~&6;F`5V1f?`QcLn1hlt`!S-;umNL^^~STYwzdbSzlS9)q^31s8}({Ms@!UiAHV z-BBXxzv)|HD*|b}xHwOa4hF=U+zHuR2RP3#nG|miaH^{<+J{*- zM26g!@EEy;`k;?p+}Q$GCpr%ga37R;sXsSW)O?#Het1ba>Q- zs~UZ&wGv+=0{FIqXKQM+{KQ3Km?#(&k%`P&=1IuXTQxNvpPbAeJUOv7v)E}V{Pe*_ zp}ziF*_ezhX8pVE{yM^SGfOPqb#q^!$C{%|>JUSR4ljL*@K~IiYVjVGw7yjgi7BRu zGcX;-mt5H?wO(D6F%|?M-%khiUWHe5R&=(`-0YB=@qo^hSW{{^!2VT9xu#0Zr3JiO zT*w>dF)hzD?%%!PM!CN^xVHjop3&ifsO*fXP{+9NB1%G{L~`vH&?_(7V2jX zyb-E9$>U-|x7235)rbkh=VW+&j!zh9Jsv%x4!Y1RDBdlGq+FDN`|~9xqz^2S4;*}{ zdpjN_O(Niw<01-N@S;)oU&FM~2UXtOXy%^wjLp_Zu7Z zVG{Qd;5pzr&l*>p+TA1;JsIvD?rqBm)R%@;2X7THr*zejHxOB zAZ$HK=<~blZ;ad=SbxAt1AZlV$WUI3gVqRqu;Q+0qBc=yGQU03Mx`~s-BU7AKOe03 z>`MYg^W2S||Cq~J4b7Y1^i9OyqqQxoID@k#wOHqkcO6WeiPhYi zh4>l+9p2zNJ$Pd%F^Uop{FP@Xx-LTwXk7|yokDg2vZ;>5=d-8*tw8XXC%O@5@0m-_ znKYFM$r%v*wG9M+^{)fkP~6DQfZ(sS4u&x0Fg1>g&!C$B1%X-V0 zy=PZ7&lDwO)7igR<4ZpMHg88Gm}dnjfQhPhN&-rB)sd61kjZG73dB`oO1#4%lpeJe zA0hLufL@|qz$hA|lE<1VjcQEW7R(q*ay42q)g+dLDe%l;;F)Q_Gg*OWn#K$R&y0K2 z{_4R9DeM%y2Q$$ZI1L1HO##GgVwSyqV7C_xh9e$$+S~wLJBuhlG?6$kh2fP3ae2RZ z;TFS1`e)5U3w*Wc;uRC78^ynx$X{loG8)@E4w?GMd( z8b~uH1Lwa4FI|j_6bJjX2TV8m?xC7Y$8pquvGuD`O=$Rn7~hm5E89tKY8izZ2#hI8 zlVocElS*y)uiuPv{&b8(XDpC#Ay8=CW6ERQtz_o#X60Zx*eXRJ@3>fiSj2Hoy;hhwBMUdDi)L9E&Ww#b8I;+=fI~I;T`x)~)$3=QiR7F-Rs?(iNHu z0{z$<&f|(nu<8UK&~}<}Im-M4&r%Gh>nkQPV3H3(KCm6gly|eJh=bXF^{mfHla&7C zR4vEvW`n4n1OF1ccN1jM(dBd#h%y<5X7jk^+5JX?TOs?3#-N(C=l_R#Y-`;6FKied zYx$y2lCu&GLW6k+T7+xpsuA#W(dxoMzFv!+F*(dfvNf?p8zJ0Xca-mcn&E%?;|C6t z^eQq-Dfm7AR*%?>PRId+Zd%YK#Amp3tq)K!!PlyeYdVb`Co3w=E>pfLtQncc$)R8aQt&-_Hy?rPv`=xHY zwDLcJVX}XKVLt(x3~v#7xc>$W8#P<{4st<9 zm51O~!E4>MSYp+uV`)Y{L5+W41G~1*@!wKXcO`#g!x)Jbme{f!*_;uTx<1`C#O+zi zVWK+jSZ8mQpNh9FWqO|Nw+&{Q>lB{NST{a(5E^~6c;$byap}KTFJC`(_OhKl%XU$C zwy-GfK(ums>ZqTqmi#<1H3?V2`@cAbtL*-A42u;)8F_y5?z4EnyZmQ7s)CzvRRfBw zBDc-e>1DxcmTbutyy_Nk-y{-9Z z#DewzquvstPG@!tNK9pjc3?$p!;-b_;XUUXq`>Qcoz9oSP5GhP#=_vPdBmCO3m1-C zJ(1c;BKuXmtdN>MF!-KTLKM8i`9uZJ*XV=tHMP?3%fJ!q{KD_(Qf}FW2XDSJ{%`Ye zpIqiM92RlsXYA+=Q+EHbka2fbzdCHJ>`ZU$ZhbHWD8&lw=v1lpx?;?_L$NoM;@lYu z@;Aovr^m1u7Q4ibU*g$%LOA8H9D9M#a(~C`*?fpUN=Di#{H$+MHG<2(!0W?mz;kxq zr|u4}q8QQxpjPm?Ev+VhqR)C8grWapr=CDH)vR-WohAI+_!%Zf{z>n5u~pZ%Xz@LZ zypo9Kj6D#)>kc?SkbLl$7q|`}j#CC@2OHiY7D{x6()4NPBYN>$ z)A@emvi2U4oKgv?fXvE7)MRA#asOIh+%_5$W?yn14dba-?idQmZkZUamC`$)v)H&^ zGRS1Y|x=-qIVPw3~@1kz+!TV`Bly$ZOYvsl$FInv(tQ~zFNsr8Dzj1Ke zP?b#Z5{G4aT?4c1{=8-s>W8?inGroV{87yO^S68<`=*FI1Dm;UK%`_s+fT>>$NpI) zVG6a1Tk&fUS_zh-w4|#*u|Y$Wb{8TPi3v4f{S%YmrAVNdi&Dh_jM_E;#axMv8AI67 zB#2Sb7?!hY<3$QL(!D9tYV1#_t1ShwNPOYk2eA1~p3ppx1m2t8KAm7Aet3{z`yY(B zeR2GQMQ#H*%WJfkdh>O-1+%k$Smd(ho2Ue(GYohAq!wcSs2a%9 zmM&R6Yz1wi8p=RQ^%y&mQaHTce93;HgzcY&=ZB!Un@`bO2B!|0Y}w-^)7)OOP`esB zQ0s&EmT3U|-bcTgo3*~PfYqWydP8BY3jEmNIZwwuUpY>_#W8isl>DCUJRBvM{bd+l(C!W4l}CaoLZAZ&8(PGK()hM# z5PZ$zffPj3m@6B3E`Z9d_hIA!ZjAE}MGU+?9$_FREx9dCW(Yf|#$WY{(Qla9p0Uj> zl@qI}Gqn8^*7crx8fRFa7M}@X+&Uvkn?7O>c$^+=$0M?#M&63cPAjXSZL#5cklPmW zf|)XDnGSg=Tv#rW!GtpjEnW*==C|OKOgv8wE=iuBaCoSSb?Y*2( zt3nJ>j;ri?=hKdE?!g2eJQiqceo4rro4_!?9|KTU7>@1>f3Ch2_wX3RJL^JS^AigO zj?rP>$LKIjpWl*r(VzI-iITf8$XY#tj4fy`fKI*BsG6YYT7lTOCek^D1?v!m$pbY@zC?^DE*fIr?nphB1M(Di z1~To1Sn4iL?kY@L+i^#im>4=|-H{BzAvMZfQ0}TLbTM0eje%M!)M*WhZE`q>-YAwI zO>ft~Jy~9YUmb+av(=g&&=xPL?}A0KwmvZv7V>%q@A3fR$e{9w6Dyz-D=1ES1QY3j z`lz`YNLp(|0Co6`7WtrHB6#05R{79%sze=|A>p+o@>nrmS=8=oOEtMLvq3|lj4;>R zlaA>1^>-wKiLN4;J=k}#ioNd}%pS@(RXFlE6BfiZaJv$yJ*RIdZu_4o&L+w74Dxsd zMZ2)9DE!-8j-Ejl(hfk)n@UeT-TE@x{GTvfS7mY+*1Ol;BSc&>UqhWB0}sW7A?ASn zHS+|!8Uf2DVwl#u789^|JNTt#k<<87peACiZaQl18mW|C4gOERXpk)atbx_aG}wj~ zi(8UB6Eg#p_1#q@(>=D=fE>F3WTC7I8_zK3UiX4f5K{{`DMvw+$pwPR-H>UL%$-D- zedI|7CDP3IPemqPTVL&QOTB+BhuwgfEdjTK7r`|IX%kSlv#SdnuKeo0)U@LuE7l{a zL9;7DrU$I7m6ZOgvesJtQ&}IR=6VpJae`l4WG<4eXwDjEPobKNMjJW%u5+RP1; zT!n2ti1*;7zVTxUVE()QH^9=`*zB*;TCd7Cp+W5h_z!!tCTh1XxItVdLK)DH;WnDe zW>Gj?qnY>zP9;j6Di;KsWrl+}eq+3-^u6<)tg9^yB^_SgZ^EevIuqaWk{pMr{D_+Ns`(b@Yp9)`R$vHz=};-!=LE~xB@ zU7Z*hDSf5%DqP+#_(;umMydX^j(B>bfbio;_h!n=v)X0O>X_5w6;JOtn$h#!j3`n( zz_dZ+^O%Qvg#GKc@9!lI&8rA#Zckyp1y=$#2R_B?iRqGjU$l>Jz^y)tP*&>xwjx^M zvPF7E^GtmIaQ^?OX07hI_5P!po#eJS1y-}*Q*R6K$u$47h!QyaM?`@qQwpkq4Dv>s zy5QXIC5I{cowIV&usXO5Pg#$rS;t!g239kP`<{QJECI5qbgGu3WCJgNWU9v+&2HcZ zAIp~)C_$wxL3%TBuu;R#)cckBbSYeRf;ZuNQ8d^Xv^7QYU6en0`fuTn;<}@K;VFw0 z#EZnXh^CML(DhQ{Rc0+sClety28Iskd;oXAZg!uB7u0>%XZaGd^647r4tQSa+_|DT zcqV$jl+oAO3D_5>n|7&ruiWr#=DN>kx`-?|z_dRJE=jbEZP|J%CNKRhp6sVk(dZ>} z*`LUFGGq(NztXAx3j44BBkcdH@qY^Y*JN@1VN+p)KK~32zMdouySsUt+E{IBvL*BC zdtLnoW|mNyfF_-%Z>yKlQQa>;r{8vHj#s>Y)UqnU$sml17pE#k8=mpxeFx1%E*1^~ zGa7%pZRB>EitkU%j6H78%w|aGlsAB)By8}&h(<594pqiSQh1V<(U2F*uT4dy`|~hA zvYV)7hx6_vI4Vev{e@o(x@2$Ml>jh!RXF{z6^)~z?}u>S0;x?{-$<+#%MVF?xN<{r zQDa`=!JT1me4G|nIFB3-Qfq;^^_hGs{IB&>EYk+)A0I^KZEO8nH`*R8fBA}sT3vAd z;NNm8(wFd=l?kr)BYCO525pHiu$yH!mCoa+PO`dJ`c@e$wIncG5|6RNKK&(W^sCw$ zYaP~=Sn8|QlzD~B+^yJRnABUGvH2DE4xowLA1227d7bClh@F4>L#5N;OY zvJ)G^>P`RlMw9NkyymSkB~FC|JopePQIW#l7`#Z%)@YWQJP21>JF~7)SEMhB$+-#sqV+OKTo62@+->op zoD57>LsBH8@wNMRp?r2S_8uQ=7+A3w<3e^mKR2u#@rkHkzu;JNX6K5Zp0tm%%|8rU zHJv6i{5(@S&92-JieDM^i6BN#H1XnR6kY>Mv+$GWS+`C+b@QnDhME#bS!96=SxzQ)Jl>OD3q)@>zgvP-{$#c zaeP`ku1sD-Fg?Dibwct>;|C^=+{4&BGVj{)Qp}X)SAT&%y5$lOimsi zS!N|w#i({Hq3<=QJ>Fj~v5#=uWHm_}BpQ5PMExo2Mt=Uy%NHlo?y!ICk-m%N>*3EX z+$Lz`>^h4L*`rGthKh3w9S1t?*ynh;SU|;~iY&7Bqr9!YXm+U>dH&Bt0K8=^_EZxw zK|R8OEv)2SAQ2iy_t^Oi(*i>kDDPIvhxH69Z<#`BkwL3rE(G}txk1N{qTE*bNBdco@DZRLMTFbT z@$qr8p2f448*jj^R%gcL@crP z?zw&)+MbyDc0X6qIzeJhFpu0wi#YSj!)|8;_yNr>dKw|({Pr85gPk`igrHQsjm)Rm zM>-K5tl$0$`r4lc!3z%=Y$%7Ww`rs)+`e=tdLVzn%xi zf*{!PHCQo_$1?73k}SleJK{3!ulH@`W)|pAn>guVb0XK`xd>CdO0yZics9owd~PH$ zFS$fw-oS>?{o`qSI|AbUy*XgWbJ@y)!)iST*%9Dh&%#y2%dGlymA5Rcxu+xG2ALBE z(5b0pCR)vVNl5HNA^G-%LHs1PjzloiH3)Km0^$jB105;^It`vPg$9~q&;c^dgwe_= zSpCB%$ktOFcJ&72NQ0V)xI`dAGC>O)-Vq(8LB5zU;FRz#@WR}|2W_Y1%ji;H&qjF* z0mx@MNwmge1QP_1`LSS-60s#daBIpcL=BK* zs26LjBe|QOz9VD=wr<&EpSD(E$c!~r02RB4l5^-=I-{*Mjvv(I98L zQ4E3aa7R>$;7%UC5w6U^4z@(mzAq&{iML5q$4a7er2ylwU0$R_ts;N;z5-$}jlXA< zK)u!OW*px)+FLzJ-|Gf78_2<66PA%Lr7Svg6a&;^JL1gwY*NrTm8QUx~M zdVXA4JP(ldX~S541cMhaY^~On3?|vCV;h9WHBd;+RmvW8N3OM46svBdj@b})iB9@? zZKGT%lFWnBGk&wN@pTTg$F#Q?3~Kr=tUT^R(ttgb&TTp54B2Fjj)774jFc8elV}Vp zp6#50iy(!f#xiR($v9rN0<}rqJngW7h=eV?f=#6gCtQNKUn~`&7p^kitEgGi=FY)x z440?sBC-r%MB*y$OJ9-)e%P1$NC~<5Zmd@hY!|r<$e}eguVDUk6?OCKZL1tS(vZQ~ zo$}XGkGj{ulCc)$-)CCFS0w0=F%!#no*eHLM{}!gb3JbLIprcNUq8`nI*}jxUYTr$ z(3aIMZt6Xrm=4wE;dQke8D4Xqv-%>?w_Cmudu7amsCxO*k+WBa zd|No~1Yye~hV@$Cy&pRjoq}ZgHbm#S@oH^{q@={KIGGsVi3u+Cvkx(r+4Iv}!qRf_ z1r!gU3iM#rCb(;tlhTnl^6A#o(yuIf-JP|IvRqMe@h+8Gz0qiM0qaLT&bXzXkfsIQ z>$cE(JsIiS2-8o38Jlz9UQ{?idfRa_*l`hJgE~|xpjScI2vpw%21ON^VLu~YE*(G< zLFNXDphF+_xo?YG{*q^TL=k8CFk+df#GD27Z8MhqV-WTQ#u#lV}(DBLRP0lB< zI9rMqQHpK{*<{voshWyYy>raeeD^8%h08-*!kko&P^pg298Z1|{YXFp_N!ncoR_&l zo61!!SDBJW3i5(}8;(zOIeDY7T&WpflI|JIil}>*_%fLSBbdE;7&gwEyZrv=N+S+< zA*XC~;K);->@98I_^5$>q-3E+fpa#q_w^SV+XZfiG>nwVXVIKUxN zV%Qx&EtV{ZP-!&LF-93KUkeXqJ%eWYUsC}o27dfbi1VBXe8PYB@?w&!@HNt)eTvw36UT^5@ zdTb0C-;%tEL+&fheO9UaZ0)U{%4WwZ$L$9jMbnN1In4J{B_!Z%-TQ&b>#kQlzsaCe&6>4 zl@$|8hxAH9l#dhF7A10~3i+BVMHLcmvd7}-Ug zJ~mtGj1YR=?Kj9&hT53F7my>8@qB1WuS~0Bzp)II*-L*eZ$aZrt89huH6_2qiS9B3 zQ8>x!w0`uJcXGge%}|>H;EIzEgp4cWrzn61aR3ot9v2Grmx1DDLBf5SMQOD7s*!PY znOc<9N~QIG9IBK1ej0cbM}HNYakQ8uijF7cdPR|Qe3qM1)fw>6B;+Gq@HoW z>Jlx|{8M4)_Om4FhNk8{xs&m)?b7RWR9f**4aI#|ww@-^n~iG&!n?Kc#2g6wu${0r z>~%679p(GOZJJ_4yMjN-@(xp4bQNpl$2u~_jz6W4qn#mc@C$(r?5@g~*=k;Xil3R0 z>9aLVJ-Tv^P2OaT^5N@Zgr*BVMLiu_%g%^@I+I5pGjIwjWiKAxKj7jh_%=6^`lK&F zi!PlioO=`L{Bk);=?0NkSmsoGsVRwLtj2dz zD$Z_m>M6p!#7*b$JxqQ3HiMhwMbj_$ZfA_Ptq-hpSW4zw2vO16oLZ~0T=5uXV6qsx z>v7Zz7f&&6n+xT_aw$or=xu@h)Y4SBJu1CnR#O4SKD!|UzX>JyRd&n%n0vu^k_OAg z#OC9^#)uYS6b*#YwN;XcnLdVe^4xHM7OO1E89xCRMH%3nq_+VrsmLW_GQ(XDwnc z3P@C9Jun>wB2m8E;EbvyY+dS5*pLvi-Fv$WX`1>htuDK2f)hrA*9d^JagC#@*$A~8 z6EJe+eS(@0^m1?=7%C6J@5qOJa=0Q8gNDqZ{wxqtBy@>}@LH9iQ6yJzQ6#-sfh?w_ zr0*~NGQt)y?$wUlA2dYppkDl1ZrV>_O^z)(jfp@Sc4lR&=D?2nYk-SXBcGrZJ86## z6(O9vSjmGie->YSAxcMTl62;(OGE&ZZxvzZtZMinPd-4Ea$LUOApa`>F2jsxZOR)uvlGDi7Htwn3x2I<8` zPlz*)ZW2nrK-Pu@e(b6{LblI~Yy|NikIw*PO>&f4r&n#JsPXHz@$7Uq@v!oIVclR9;25nGGm~QM zjR8L5FL6}^)^!hWr{y*0gJNWU6(Y0dhvxI6{#eJq%}vj8<2@2VP-Cl;{>n~Q=yw5$ zPn=g)as^5{TB|Cug})Mmggmp7PR1vq)Z1aaTalZ=<1ac?{%D8IT`mqMV=-?no25VG zDKB;OloBeK*Oa+FkJzcEz%ZjVlPJkY79=9WQ6z%DmP^4#fj;@+Wc3pF*>jWJnF^ot zu^YsVW=0R?zLvlr_N$i=@Hhk;M)=C3-~{oNXEh6I93j=~Ih6;?61ql55~fDS8T5pa z1Zr7Nxa0V&;zJvp8xkG5D&tyH*5}{dujI7N0y=qXs+-h~_^x;a65+{Q1XvxT6CBd? z@a7p5*37Hq4Tj%A>k(3IA?A7R5*>Q|IWQ|Y4Le#SVqu*}RuE;mWP%NQQS=OZX-J^Z z?XLl`=A zZ}ME`fM7F{Ltrzuf`q0ZgTpiBZn(Iqhirwkh3!gR(!!VW35wTMk%`@DRB;{z$}S0M z_geq@DMhD=!t?lL#vzdJ*#cj@-M*s!rSBos50+1Y!hmX~F>-eBfw^mtM5)ff)bq@u zm%o>Da5+P6MDbxKFqq1nJR(F{c6+>5u;s(5Y`V6Jgh~^YG4J;mr)CJWFIp@Eu>boX<9~#_LKXK?+$?cv=0{QTZkJ zbr#P~<(h0=4xlKlZhEphkc!XkUW}ytC~Ac6DC_8J9&ui&Uad=YYt$rqN4OJ`X{)(W zKDF;th+e}OTvA%@SMchm6;J@~^q+=LIhw{D>QUkfc+Ec7vr74L@5B_${2+iQwNA3M zAeHXP@M6g0_WYr2u_`^AJsJ^mt0iFyfH_bzH|SUCw90Ql%RfrY?z(J9ed`1ud+JZBD|Leox=1IZ+ zW`dTc{A^Ih_2T6Mtp%eHlTq!qX$ACQad>gS3`+Xh0GMpvE_Sk{YV45g)h_*1!B6$)cy7WHQQ=0+$c#k{PPw)1B8MVexvg+~zO8k2liTvbs4I)^HPt_z zMH~L1_@qF6G=i#xz?Z0#CzGq8Rf?~6<7sX=Gxe4A;!T|W`=`n4cFWBxR&GDm^(`#3 zV#TwJI){gBjzhd8*0Q}HjY&^<4({&CgW82xiR2wDJp;}Mg(SJlvQHj2OZX8_<4#vy zj?z5|mUGemG#RhmJ(OB>WULeu%pbxiQRo}-Rx>{QoU#1addiX4<+aZEyl#2bg@-U! z=cx{-RjFS-cY4cxN@?9t;kxwnf&DBWd{|4CGNLDim#%$mG`(rO_P8 zZ`{|-d}3z@z&5cDw!#`r^coGNKrgj8369ps4@GmEXi1RsNp=5UeFneVE$pM?RYT0U z4kPJ%qp|lX#pY+;Z>K~X-Mk+meD&4qG>@A23nd^j0PE`YsLsKKDDB*$`Ez87^Dh#^ zl&FUvdkH2i{Y0Ha9rG8@jfmV4d(H2MtLA}dl}5m`g-=gwD%{~7cMqC z)ZHzaT*!F|cgwKG5ae>PWyG)qqB-Lmmv&6`o+!y4_u#0ZxJNG5X)7?e_|uMs+^T38 z7{hd4&zs;QuE21UoUW1|r$|ao1HTVF&-e1I`UE|mE8wwgz%9_GgMONq+5sSKg#u0VV7Qg`pM>%VcI%7%l5GZ(4xb&*eP=>h8%{O?1Yl?JZy@W* zZm6Q6mC*T$n4<|o^qf`6p-{aYo+@HT3M4a5&@dvZlLEJ`1=5B^NupP1S4w7juDf0c zwFTdkE4a86SA95aeQ$FytuB8ORuvOX?hod?94{-fe=Biy9~1sayL1_(V&5%hA2GMSZ9ohRv3ecW~0DS(40B8<+ zIRs%mWwJ%}l0+OZ0ta*fyg(kL7y)_~sz70JmdtlBaCN1@*NlYEl1jl(3Xr_yC-qp> z`{C|FDC`HSVqjMxJXY`B7A#2~)vU|(Ax+Tw3?S!x?;gdh{UP`1>U%Cm49M_sPW zywqz{pW;1mz(hd=)daGrtd_jOS)1|Y;fZo+7U27p23OmcFAZ|ol3v1WH3tvjoX=)) zHz#}a&JR)`S=UqGTHKQH31#@v#>M$5!BMyApg0f=vk*hL7CXG!vkAMCPbN~40}Ki~ zS}N?m-<;fsTb(Th)?-bk_;Q0Cj$@mqcrBIY) zFcfJ~gaxC}6PV>CmF220JocC3AA;**@Vv2GdWk{O`g`08>b*7+xE^_zJXcVDQG56B zf)t3j!o)Md{K_YKLx{ftgnnB7(PI!+^b-rP;|& z7Us%t{J&F~`u0yPA!{{a0i3}ODf6|l+8A89Kw5#|(h*I^ZynG&Iuc9R`unX?GbR0H zK&K3Rt4Q~pK8~PDeH`(Nb6PeG`~hY#nI zN|jFtAFSu`C<-JqWJ zKN!XI<57MIfAZgj$r=A9+LudKel+rv7sya~#t}3yjtsM&^FX(+E43yj*7)XIDvi`u zOa?fp3xs`Hs}>t`4%tW9L^Ss&D6BlyE4d!8h05_FvG@zgj(Pemq3xOnni=Gso5?z? z{t6!PcSh{NZVYB$w0*SBq$6mq`P`cSGkBP4d99&roWWc);a2D|m?Q~;h2%v42AT)X z=}gxwiEa1;f2EFqq?xm`&nMa>Af{;e8M+^ns))%!TXIGW@fX9J`0Bkq{kur#%Qen; zk|ic=4Rklt*u#QzjvX@v-0XRx{hSX4&F{ zVxfsk<-zCDx+N^tj*-&;D{puo|H&Jclq*6iUIli+WG@W9T;aPK3pL9k&&oEZLy3X|o=IwQmMK(UXILZD#XFAAKIrp~W4BtWAfkQ{DGazZT5} zUoDNA_`MK|^@pFuvN(Dt)*d1IM*CbUBJ*&GI>ZS?QP~ESmifIv7h(q+8_!aw$py*> z4WcyK-^tG*Z4=dfcf2kUM;ZBF;3j0t-*EGQAvYiR>FF43g%lBJK)M+&>~D#6H_=6z z#^>sw@=Qe{`&a0=V+(Zn%{Ng{|4JR8+y9X|0;b}xVt+cHFX5W@BeVaM^nbhf$#I?g zh4HJLR$`PU!t>p2Qtk9HkZ>}w!CcdlkViL~*(&J~d4H1=K#toK$MP3+9JV`Mg*j5p zEQj_cJ!17CueeU_lP0~s72&O9*i&KXbLGl~4nW3+UoIYqbX6;!xf;qXZ zJMz1gTp@J{H|YMDVw1hexF=+lO|PE(Sv)6~B#aIbEM3IA22p&0F#NB0lU_q8L`Qdz z>%s1D5FKq+0}%;zN(+fVe>ggL(>BT*A8v-@1EQ{p*fhSek&Y<2GCrhouN>+oqE4A? zZDfiW!D!Bnhvybecps#6*Obc-NXNCW`F+j{-{z9C7)-s?w$?IbR44U7YbTx+YA53^ z%D_GhYTJ*4dq^&sb)i%k#G}NMvyo5qt9vB#swDBShlNl&=*M~KmTd}`bqiAn1}_K- z4bW=xF*<1J^D(YzG3+}?=MF>sEKF^co-x3CW-6#~G|)X(h;N8Zu7s)S(C|{0yAyQQ z(vws@j#4}iG6-52|EY5%rP@Yks4#fYjm88WyvVTnb<9Ir$Thq$|0x^yjW|*Vce}|C z_yI7@NUN1&&z{iW?PJp-}5jjKg6j))O%9LSk$r%~CP~^p0>P;bZh1 z^ry-g`Mz~`l-PU#t2N z;#U^skAl+gy?1fB^jp2eo*&2VXqNKcvB7gCoSsQcnMHnlGoxmZ%UyV*^9}7h;?6JW zF3W^$>k`rkl=9-FeYQmRW=F@fSK5rKyprhW4b13CXEg3mcoL&|rN6nGAA6w*G8ucJ zVt=8G82c`dJ_1ShEy+RGoQLsOs``UuX$n=>`N$2jcQf>CgyI3D;?7&%{#{%vFEw|| z`mBM4c(e6n5-*W4TuWR*%Rb#PXJcfbu-Nf|-}1Wi@|yMXcVnh|HR@ZXQbIeg^$o=& zMZZbM*rv$IA|$#1w)k?0E%+WBzlJE#9t|l+`Yr2yKBkXmgNP8$DK$oVvlB^aMWUM>9hlwXEX`*>wMDt{ic^rPY)6;sJu`PVJWd@DbvJ62bF?C7uEfX>z zfb%D{)Pu_v?`PHzq_AMqsqY?c>bH!awfEM-JVlei*f_V}jpd@2S$K3Cdi^kei#~g5 z+{y}JAaT||ik)04)4!0^Vamsv9^&pV=}VIOco6;NOL*6N*Tt7ti82x%_d^dp39;lF z{V}qRaaLr7`e3sh2OLx!zpSl9)P{NC3z0FRdIfSZ&ITA=c<=0~O^GBo&@0O7U44^h zjTbA-wpJ3HTo%n<9NEU^bPTAwHPYv!!=IVPLcZrZOu^(B)XJDe_V&;4rJS3_zTN zNt~@4wVT$Fr>SUOJ^r-y&$}Osh3+1>>{S7z9_+v1mkd}|U+ePc$bG%6sgZ+v!hipX z=ziD4mHm#dl{J8Xsy(?xp$n~<`&ReYsmH6FW)H@}E^=H_frG=8RrDn1~LiAWoh}a(1WF6GG>+ z`pg5uR5O*^+;7XPsOt#t6_vZe?ZU(CVg73(OwtE3HN^Xp!HY51F!?^Ty8&beOB)Py z87(DUR`NqreZ)ZcYtYbLaZH%t(=1E>>FPEmSupI*!#0G`Nh z8Vs+6)ID^MCZxlqy#zK&f{fi(1*(4av00=AZq?rNb5}MP%bl)jWS8S;48h>!lU`C3 zD()MMhN0sp%qqxPj3F5+M6XFMzU!ZLFhrtSWvP`bR_O|)Qe4kD$_X!y z-zUVM5UGAmeK!%RPKGiK?_ejA5$jwcsUBnNbe^(bT)9vS{<42`?ig0Vqe)LTKS`H} zF(Y_(6DJqQFe;Kbdv>{?zR#SpS1~$!_OznD;=ckeH}d4-1T}D+_0}BE{z1b=^SK7+ zwqM|d1A%Qu&a|zx;F_eCXS{Z!*6F%v`9~I3g`8R< z#!7Rd?EP)2`r*`Z=ztn$KtP?aXg!|MCm^$}!Z6dX0$4$))AeY^BL_AL3q8$LVr+Fl z9z=k0q|rqjz)ns;>(|A_`wxQBW5ONlh*;OEpDq|Gws@+Wm0_a(gnqSe@<=)EC7M{P z+$twyZo;1(?TEaQ-h4+!LAW}2YdvBt5geVi^&lP=ENkg-`8vJdCs6MGmUzq;L<{w? ztn}^)oEl?eD8{ec*)q`wbPHB8<&$>TU70NDIpg<=5dVwa{5@whuC{Qj1-Whd(_afM z0$OU8W&*OQtMV{D`(Q2FVuxM*g-Z>LcvvGojG7wtWTveS6bnwg-W_Mpf_ zXuyaw@6+5pN3BD}CM1RKsRc;(p-F>Kg2-s{L8gH-Tj&9M=yhOnhRgX|Ma~s?eyD)r zZ(9yzU;wE{D>Ac1LPt!0wcskr{D68Q3-Gbm!(I+OsiI8rJa4FJuL{-j#w6c5fqETu zjs6dMp-*|)zg!NR53;*cz&f#6N>XE>yub80U?fb<+YI^Za?n+foK>Q`&t8l~>T;)8 zg6ER0;Zb>v41JN&y}`)yRl|CiIeDI`aVp1anHnEia?JjWP0sp#Ean$3zpiPiL`|nd zXs-YJ9p%P$J}(lzAJGK3VaBA`<>shd9;^feZ!asy3Jj_y@aA|n;1nG6IC~Xl3jo24 zj$YcUP&@RvrcVcaJFAE*2&^IW=~mv)D=q1$fiu0nS*v|_x8I}4jU>tn(w+c~aIF5N zBsZi{Vv2l(3zSykmU>bYsI~0)g1(iMdG8W<6J;$2OzHg)6$D~6Sfa8N0wqgc=Cl0ddA|3%<8BwuWq@#rzWYc=@i#E$8lLTYiLqn$$Pf6&KTK~Sfu z#q-2s4m8vyH# ztO+hUYV||b5mF0qT%$jH(ZP1Pt|6VPA&%x-aEeSyDcw>_np660z~5=ELa2^M43 zBJJOUTYesI@hVq|AQf5Bp{OSzlx69F1Z2PdlzIsT9<$is;MQ1?CTYb$kaJAhEW&IU zKZDrB{Aa_Va#xA5>*@KRSlCGPoRuxMj3eEvbXB6QmL+sP43s{r8158N&1) zTS<JXhHg;8t@MzKSY-xIE4z|i}V;U;E!OH%GfN* zuFKKV`#p7q*<&v;>;hatS9dX_5OZV$@#MX`?0g(1M%*Y9noM_Fby%+PGsunBeFcTB z?~Q8VR;lppP6k$5d#7RhXG5B^`uDpj(gZi!#nuh^M+`eZ@s0Ey<@Arz>}hTA6UJ8M-TX`1ebLVqM5 zv$@}r&nvD9X})IUpzKLRCZ(-|GM94n*UR!ufZ(4XJC@iS*|p2XF6pTsb(WZsGr`$hn z){Z&F9!ZHBbO_JG9RAb#S*t-jgthVI>dilb=)!{{IjZrfFAFMs;`%1uWVc+_f9|3m zDrc<8QK54W1||L*!&`P1&YC-~*@*hyx9Qxq&+hqtz)e}Sbe^Mi;5*ZAJ!Vh>tx z!~X{2jX7Y-7PAli|7bsJdZx^Ux8MfZHcj+|3;evKj#)3)8z?b5QLPhEt&D7N6hHr+ z#E<_UBwq3_5|070Q26cti^Nxl{uhad{zKwFrkz3+0!jR7(0`G5*4WZ@slQ2lW8`lV z|N8e#?D+FPX5zm|{OA9j#1o(YP2!_I!;n~1@;fCyJslRh2nRLH|La72?M9R!uqR`EXty`v7WI;=Ke{%9v0*+?*A|K?oyJTz z{zhb>G8%D(Yu+klLJeRC+S(k^e{5~uc?{ttU&+n?u(h+N{<5{BC{_x7d5X6FWJ>&C zS4W5xmcx}f40{pPOFZB^v0=aHKo7Ki!U}{lxK+##=~f(!9KeHFC}|^l=t4ZNbxaT= zxYMS#=+dcv}HjnA%_Tz`-s!FDo3zA>b;y^-|4nY zrFVv;!7Tk`hnd1QQmNiO>z=|x+86JCrhHvaWsVXmg4a)fdx!=?)5|9owS#U`s8d97 zkD=Yqi81DSoFZks%@q-zijfe!8;7XHhAJ-URXNLnWw%*)kCGfidpyR%t_fE(M?y{( zNSqN(gByw^+K**tS-6^bh{Q1V8dKyiV1iY&vqEa9%AwB|b~}RT05Om;18N8{;BgVw zSSjs_sDXo7l(~`u|1JsGd_7R4h6ytZR`bu?CwVd$p`6GcBGJJ3o_987sht1LE57`m z&3p4c?s?&R@&MV>HV&=5z6{Nbrus=M-CaV>TD7_UGO5_~)HMvc+#&Q19U)NRqH6U) zTR^5^uA5r0n|j}@mVQ(VDy6vcjzK+Tq$K#+@SQ6HoM9&a@ImR@NCy`ycP_U#iPFiC zaw9!jpz@e*`a{!2lB4lYroeEfdX*|F}FI2pcJX8Cy^p8o7_y)LMS$Dvg=^|1C=<+%X@?iM*BQ8ozLKvT9ArWj65Y zr=;?*;X5zw2?`}*vaD>x$VFY|BJ?4#h$y0pq|r0D=q}V;x22R|Ng=81^9ji~|WDTD;El zuCK;4pkFuxj}feGh4v}uFA^qRo6ATPxuKT%3#RQFxS61}k=9NOj= zEcnz?hWZo6YjP$5shnw23;TG&_mr&JlJE|nN-F}|q#}!gWIO*@)c(pb$;`MQ zpa=Csvz~f}fU0S9=m1XVP7_mup^EK#_cW{8b4laKQId_%9Mxxj-3rM@HzCJ`=j-*`W&k8u#_Tqw356w4m-dbjvVwBRHPhA5WfV*OSp11pz22;FZCtL zm2ZPN$KY7(aFl%wZ8d8BsMW5?cI|vmcP}t8ZmFk4yidO`c z1J7y^hT(EZ-?Mih#c>wAUdQ$;C_n~$!r5>8ctvZ_o}j|(hf!?ohtcpIgpRZ)0%|s2 zwa##x(fTUFgKC*hj6F+#`VA)(Y#HT2pbe|o&?{L2t53qN6-4ZPPGsWiMEDj6HD@Xjbp-dNvPu zOB5)}TdNL$7^ifUB?nwBi7iKyyEq`iLFp#9+Pp_4RMnEfzbNAJ%r(NU<$$ zg50#C7i&^j$8td$7O*dB7*oCl!%sm@C8$|Vq${psubw%zZ&*2Ji%r{p%gp{Y<6>yvO6^~TDNZ+rj4R*3%k0|p}#O1r}g85w=!3o_$ zODtkqVl0fLa#qj1jx}!+7R(X!s(DdqsJ9H5NjK77!F=J{%^t@cO+hbW!3oF{=ZC({ zYpq1CoKLSF{NDr@hiv)M^%6N~@F7Lpo*itk-EV_wEg;!6wUCztCu-_i-4*Un!zv;7 zQZHic(aq>hP3c|3#TgAg(URlXWotu@AQ`e})h?`5+o2xd@6^m93BU?Ng|ch8UNh&k zpcJ66?ula$(z_wyLd;uShBI>(WJ10s-iSPiS2kt698Hcs+a06v-O4CANND1OVke5V z`|!8cUF%S?X)aUk4Uf+Au-dh*e-Rz6PTS}1RVaPO=XN(n<40U%JWcmLlN%l0DZP^y z&iGq0}~Y85|j8 z88q|24BW&JKLrhx-Y3!i+fpdIN!~q01G+!}hp?}(8(DYhF-Tid>BA8|Yo|iy@)-Jg z>9kst@x(tu@S(0>d}ka}(W$&Ar%`rBHDZ9{50oRwziQ zUgjrnKIpGil&#Bw`kan!J$+^`W$UHM4lk4HCe^Uu7T3;kNTP%v@}ypOk&UJ`#yekAD3eHF@`01Z9B^iEnn z&s8ESO}Sr7e7^GLDOc9{Hs#dn{!AF-pwZRj6cu^wp1m(-s|@~`Yv7YM+(%|VeOg05 z{T*0raAg92C}bI3Wa1S8;o4;;5Z~lkus6_`Mom>hUxvKTj8 z+|072YQzRpG}l|Ut$+TzaD-Z9{er5O;Asy-wP(M-B(@-+cOT9#uf-=!bLw}G?(Rj2 zD(%3gz=jxh>$IUXeyfd^6zmXj=Jk9=Cs_n8uf2o#CO;XO)oh1Z93yyp2C zc3FcilrUc?_B!P#dC?x4Pp5(Sc@$hnB2SI^H$Z4fuaKP zStd0E!eOUNO!FppQWZ zu&w?I*mg7qYy2>NaTeIP+-z@Ps9svIw14NdjkN}5>PUUq9*{1kqOZ<=255M&Sr zmH;B+*^PDO(1mlw??(#LN4rX&k9ORwAMN~poX7l_0(61^%VmB)et%Vt2ldeUWOt+i z-&QLN(O(|G<7e~IHtfvqRSVK2$>e9V^F%_=ho44tL=dxpV1Q#AD9Q4zLTab#v|O1d*ay=*lBsVA0WWD z#A%Y})pUYZY|$*6YE);s#fJNm>D)prpPt!Wd1dP|f==d)o+tYVM@DvF&c? zts@;_C-{^&7t`{rqrN|^u`MzYYB$wYrT!{g(djwDba8#4K(aD1I}zwdS?0-qW(xiY zmFVG;=yCV?t>@UBt2ZYbpF*Cy@b6@Gr(`Ni)-?QyyN^9*W|$>LX8KizOZZ`EuheOo z2+R0>hx&4H8g)813q#GIRNgHNpRfMs{IzTiUsc-l07vca!2WpgkoDw?rc~9H7_+pz za%v?ys`ua@E#@g^(BZ1yjUJILbp%eBWr+53Toj%YkqR-obBS@w*%7;orn0kP4h?Oz z-XcT1a}UK6(`--}>ctk8Nf#Q98Fu&_lV`5D`W!?iHwANj>&6>^ji7g8{@e0`rgV0Nk!0&_W7 zSv0(tUebhjWGC>tE9(g+vc?n%o4E@?COFefc_>pM$S>*DRTp^Z7}$jo3$%of{vA%2>k;DP}ojraP=r5Vi)_w_XU(_Z<2fQ z4CoaSd7%d(B3kgN{z+%Jt;#Y!L5fj_g#3TSvrDdmE~o#mc;<9bEpjv-Q`fLR%Fgxw zs_ZOiEz+#Z3$U;ui`SqEMJP~P6oil6KSp8UfOE|Rj%t%OZ?m0Cz+3Qkq%p3Wy& z!VDS%|E>n> z**yn&r`HqSj!K}oz6RGePA%_ACA3KjDs~3~;Ur0L>2%7J@xwoI*$Ai|&MMra)a2Xm zGGg};F6qfk5u4=SWkkiTzsrbZ2_{GPVb{w*S?5Cd3>$gU4Om9h7x}Rzh#mA0+lp6x zZgpVcNLILlF*DNx%w~q6c1AKujJ;|Io910(oHI@m>HcP{i95{55NuALZEv}{?C099px>H6d%5fTBf;urxPTF{uOqsz2SRT5*%k{;xW&0Zub$UIZW|2qRc0>$ zgb9n1kZAY(p+YJQ3+GD1P~}#?C=49c2o#jmenpJpe*ctfkD&-08x5hfVGK;y%$dny z-{SOPe0VDMwAD7qOr@vdbQA+al-F*lG2RnB^yciCm!FY;Yl>xFKT?@U-rMy`6bZ13 zR7+;>MT>=NY^34&T46oW_8InoIK^OCJ(mf{4N;mQ)^QJtD zTho_ht479Wmz}@AyzjZlyCzt$2o*f%S}TeS5lL5nQq5r-X{2U?Zp9>7Hq3!_WRPM6 zK7Oq2pK2VD346Aqn1~93(tkHF?RlzsBe^+Nru}uXrt1Q4K|dYl&h^4cZzZX**wy zFWjSVuN+WpC$OH01$#nU=OTCB8UnG!f8HI+2ff`IB4L8I#oro=F9H34I0|8l56oQF zA7c2MOGaKv?)uCje30puIbVsJti4(jUBK~4np(U3$Od33_K2qsNuap*h?x|G5FMk- zo8o>n4p?C*#g&N0p=*#(5b48S+q8R%h+X5O$aF=^bv5J29DFEONT`HBg*GLWWaCpX;pEjr=>R!$C}*5-x> z)Y=%Q%?k3bH>6N11Ntbgy;g(suHZQsB3}-jb4a9NE0hi&Nr&5fMVP*FMHO>i2mA9H zaQk~}iNH-1%jvz`&U+DeI3n>3V@FKO;)(Vk;VMVWCC2e;A%{K z>~60|-#y>v=CE(@b-wZMW%G!}KcZl1$K0ZFgULPKj7_d8`dCe_%5fdaKgpg^!RiH~ zcu1~d0xyB6n`biqO3-!}FJGeUIvhztew9#}byURsqKWEIj$x7UDUCM0nXk!t6rsbq zH>usRJR2`^+qJ+}Sv;8*e9w@lJBy~IPPevDH?C04-sp>hkp;8SZQj7{c}zhRsD6s) zHywRSZ*`RP@EiJ%rhXHEbQ5&H38e%hAyea`mk}o;KU2VDN{vW>>1P>Xta)CL^=1tYpP8F+EcLvukPU9A2Yd6+?9@p$dNpl}$Lt zcKJ&^8ygtPU@b^TS2D@T>c#iB zq^r@z1xbh1Un2<9XnRyZzQQuAk`L&YE5r$~D?_-8`c)aG<62{U(hB~*Yp4j9Mn`U} zUkz{?4DeWfz@5P0<@k(#PN-(=*(Q3*T>rW?PY!*GqePX>)*HAxni%JR^7IxOMjcup z6YQBqB}6Fm>*J0?lD00NyX4q@0HjLvuwrYe8qA2I;+czROoXiw33qaV`8PB`Y8Fkm z@i;2W<99`N(t~POZLFXX^wTqzuIymDQ^iWYog6WMtIDl9h`f2qZ$1GB!*VKZ!m$&?s6us`+xsI)d)U@a^HxeI)yv0k)*>7^N)EUbkfRvT zcc%T*iRIu4-$dXHEEe{(Vw?FT*BUvi4>znAFbjx+JOwQTp@R?uW5%u2Ub~kAsQ^(& z0KRAha$Q<|E@aez?T^m>+j&9Q@K6*B?dMbFA%T4x{nu(=FhUjrNXRsnH7K6xmhqg0 zzMc>>7;s!)6k$|`WqY;$9y?#z5XpXgSkibi@apd#sOv|1F__a zYmsUHv}>6g00*#EO2ET5IEQ}@+kilz&3*Y!3&{|&x34T_WLW|it7yr}8h~SBs>(|B zKbCBh&{1s?BG5(DK8+2wBGDqlwkc=$I6XP>2sgebbk64t`{PovB=j<;u`OAQLPjY% zu(Yt2rHs(BkYtmYI*YIy%15I7x=Bu}D@RGF?>K1>58IpI*^-L1Z3{4iTe%gzOG)6~ zdFnq}?`2A3P>COtF=G5;{MJU{6*tvfxv`dMyLLQ-ATxIu$m>ZYx4H4qpYSH7A9yNj ztfBvl4LG+hDz(Nj5-0!nhAmYTL#iaK>AKbLnyo99H>dGdpT0cgG&W5)+i`571n5w@{gt+Iane*&I~kg#zm_SikdWKea2Or zj?riE4F4hlaptA0$x7^>>Ds}Niab>A@+WeVHsg+5e-~8fN8s%Fyy&Bye}+WG z#opQDwo6Q&t0&*o?w~>xdN*=+#uH7}f_OR;E>mIJctSKqnrMjD79eJ7s!|Hvg{WM{ zh!xJ-G^4z3oVc!Dh$X(uzRg<2<^1#f4@2aPcQEe#EXe3Ud-%`TEY)ey}NMR`TwN>3C#Vc1|)Do^t+IIl=V=Z2h@PvZSwwE z$kqQ34QMg+w+1AS|JM#g_~74mAfEs04g_~}=PwOtH11zDprV?8)qswVy-E4m2+2?0 zfW;W|m7y6#D>zBj$XWtKD#5RVhbQg~l>s;?E?3Yvv1Gp-jPvG23+30b)WjP&NuPL? z`+!#)gT(lF;cu`O)Bl?W^lX!R$@J?u;>oxay8BJ|LG!1RBZcHfQQ?S+h>b3t2oCUS zBg^Q+Kdv?^Oqdxn?MdT4&*x04LzPs7Rf;G6ARnCAbNMDH72@wp&Cs+CL6bOw`E`?Q z%)mFjqc;+QXSwW?H>=axoWcj-P%TNk%xcLxB-)GI^3x%8r(!~x2dWGLf8=z^wsUUQXfMrD+~Ud+MJVO66Ax^Ha>=ZlGR?IjtfD4vYW5~z z!v-W81Xmgs6c>!WiOSsi*n?5O4k~7l3k`sZrU-@##PI`C;UMA3N?@q-r5UQA5>aGz z(fG`867X^AO2~05{lbQD;Clv4&~}jF_td@QS6fe%)$o2fCLBJpISNwCWa|U(rA~+)+Zsfxeqp(5mcGM-6gF$)hT?f#|q5uHCsnZdzl#9>p9Xb1DQ;V{b8T_EiDI z{g9y1-ONAPp=T!NJIRNmVlh6-{&G!3MaP(f0mP%n3=5q-xwhIxXt<5QSv#=Z&Zz|W zz{!z^HaB;Xs%~97hrA10(jVhsDjN3SIy{7F{@7EJs@nQ^x&@GH_T1bnA+vHe{U$$) z%lG)wLXei(wM}u(15DI~Ti;U*?2Twq3B&LbQy?rGd}K~P9!+L+*Nok&sQHD_clgk$lF`C%8r+zo3jKIi&K*?lx`Pp%Q(k!vy0FBcZcjbe( zWo!Wr{b0p7!MLOA8#LL!zWaflC z)I7DLAWKJuoBN7K}Kh835TAdu7 zvE4<+!6E9QuoV;!<={(A7C?sY-)8`Up*s(R-+e?|bwZcfoYkbDZLbU9*7u~tdu6+l zaM$mHUKtJ-WR{fFOMZrsU-FG(R2cYQf>7p z%74TS;t?#JEl%sx?bu>E*paH#2+>F-ch3ziuZ9J2zZ4Ddw=8i6pKhh{VF1~0H|N<) zki0V4Mmap21V0v5M-3BYG9p>011mw(IEVRcbo;-dbjh&V{P3)&?;=Uw?(yf*o@pn6P!f@P@%ygzU;93js<1WBw4$XdMG)Qz&2NUb=9zMEorGzOj z>eSj1*lI9LFC1}zVm*+UUq5SzLb)Qe*QlFNb6mAa9q&7=_JRPD3v1-`zBBC6D58Sr zrgJVKS^i$T5=jy(u*!z*pmr!nR&8P(I&yspnUFMAMj~m^%HU{cIE}=qf@?Ufx`6E2 zRk7kUqFj!wFOKW!Q%x$7#Py^(uH1=Gus|Y3P_U2)SFq5KK`f>7&@?#Osy&vUdkK`G zSUfDA5px@GZG7^oF_8woTmnRv^rp_IU6`}EKcjDX+QKVCeVqasuHO8)@EC4S2rG6} zu$$M+`9ZmNAU<9&F5D>$nH=Qf8D>;smI{7J&m^_60r>)3|7_vRC1JP1e|A} z^zK#NOCK>gK`@Tn*>C&oo;#HIhr*|>U+%!;isqPH9*=t@=L%nh*7J4a!Ezgr-KcHm zTz3$4JhZ*1BIk!$q9L$@@R#l1J$>4|%Rc{nujcysu16{~$A7<>-Iwhhhem)2pJuHElvwqn}fE+bC&y>25PW+aAAp-M2!Hh%5twki{R+w;p zXZW)gQsAk#gu=1dFS4JbbH9{`IiU>$(Xj>~85BjV6}Y(vAW6PW*9nb|0Stt8q!8KZ zB^E(3v5JcP>~mic?-gSRf}ZicTI6BqR3h)bwBS*QrW0P~FM)O7_0;Hfy$D`+uW8L` z-etbXOP3igzC_y1oLI6W;jXBKm-5gmWG=8Fo~2)Bf_#mr_6#XwKivheVECzEaQLYJ z%IL@eO3h$O$zKovMW7N8abrw?G7Z(xgCPj&TX#jv;!_BK@_rRqTE-$GGlo78wD^@( zkOP$6AeB{*S${tQC?~?{TdFPgeo6<(@#|)_iH$LTthinR(VVn|`UY!`F+-cTsEYcr zf>)%1;bR5x&_RWtniE#uVkPazia}vNwSAX$IL)e*5-dPPhYLU*sI=9B>O=Iv`ne>7 z15Ty@R(ODlAXESyU}+t~kE7yPpUoA-p5JGyZHNTNPZ#*wZh)`t5Mzce@AJo+3UWVP zw-8;`IFP>{k3t**pJG1`2j<1^^U(GK#l=q__!RKWMMP*!WP0M2UE$hQz19nkf^Bfm zyJ@bdhtGS>k0ZjK{hLQC(oE!1OD)s{QAoe6@KFb$|1@U;8U8*Un*nUj7#B;FH--U24he%<;m?(XjHP>NH$xVyW%yA^kL zcXxLvTHM_oio1W)KF^l3&pvOy1juB_Ob9cXdtGa->-U$`Y$6pU4H^`Z#DLC6eZ%gJ zr~@3@BY}##8_fZ4bHrsVB-nceI%%YzihsqINYqLRDAGxS`Tpt;u?(H?lJ%3F%8c7? zDxS@bN0N8cCo7uT2{N~oosWyXjubj2H%In^hxcZp<3HwvJwPgQmM9ZTWdx#K-Q`=@ z08%lOF1^G=yyV-Oq;w66OCI%|BzI+*Rx{cUjW8HPf1|LfP8d-zQ!T|Y1#HB`KmB-- z{CgwDwJ`vy2z{(QO&9BO6R^geMsDrU1eM~Rp5iXyf(~sK)yUybTOvSW&Byq<6>nCV zr{TX7ZxYn-GgV^B62M`=>KYp(4RRCtR)CJFEa=)!)@9|E*N(TXCE?jVkEjrS*)@&2 z(U@U$b-ik?BX6PRUG_i0vglaO5&yn&5~Q^Iru4ox1h(~PQnZlI*#_CM%sqHie4Ain ze=(#8m>`<{Q1-!snM_t02Gxen9n&K>mZz}phMl6UR_pMJ*RkQRrhZEB?HYiKwD?`z z?~P)h=xy>hH|z8|>8hB%fa(YRLCsEmFF%C>?w9kzT_IU*K6OmKM)l4G(Y(u>34P_k*{{uWl2q%2SyX^%W9XyMDS(C@aKW zc7A`sSzx=|nv6+a{EohIG~!3alpV`{P_+>22@p$mCR5w?xFag%uXI(&~R45fINh z_V*D1j-^uDg4wj6Q+Fgj7XgA@p}m{mTPLDre{G%6dN((V{pYv|YG_NNrpInU0!)QT z&ljDAm^Qzx2S7gQO%dc-hri9#`nz!VOHMNx zP`Fb86z+=XZ<94$sA)5>e_}andIJQU+!7{=lccW90hgZ2GQ1A_B{Qrf=2yV1+0)Ip z_brxfg`RN}8kDhbOF_;8{GkNIAzB{M*9Fz}o1crKJ>XkeX@iS;HZ#R7_MLUORa`F7 z^y<*|3&Gei(9(Cv_;%^IygZo`EZKldqiwv#U$}R$g^9Bedz-fl*A`vmG8^wNaXg5r zY^{Rx_NgG(mFm{)EoxSGWB1J$1PdHzTatyw!tQ60Ec3nYAHH0PVc2V>=j)l`WQRng zN488hSbKr9z=jDg2yTf7(7qiI2yUZYjo1f9+7&p{-6`CKc%DjC#dW|!hTC8fFM*l| z>1+r4WY6y}U59rhbdVhN26gn$N*n3aHz! zQ|OJz%sD$zEz{?lW4G-tr|w#CBGH=;F*OBSjQ3!^ciCaZ?Za{OQs_vikOgiAD<+k% zT{2(e=GU%c-;Tr38PE1#9~ZJPQ-QoVT&SP;w<-Et7to_Vz3e?^UlKU9b;C+BkbR{r z@_~|M@Jx+4o;J|+pnBr3eH+-W^~!Uo|9TPs^s(aiHtI2PO?Za3 z2QhG44Ih2%LVPxhr?LfjnBL`E%}>#DjNQ%Z1_G>{!o z7bth0Sex$So#QWHOhurPZ z<2$eZp^xQK*;dA*>pWFAbmotDuf}O53Yp6ZJSYRR#C!LRt)=fLoQ8&$?B?J>c=9lqK`w>1IrbwwECu`wC>yN(AH z>to|Zf3;QL7@IQ zb|nyE2)i^=+Qh!8MfIoYsxruD>4gxICe-GPnd|Mx6+(00?|#`(j9v^Iq$td6v1!gEbMabz86+cDoNRS0lq~rauruh$tUSA?sSH zz@8E2&LcB`Eb`|3Qo@PXZ)KIob-VS&+T&wZU+;Eq{NABNcydoBHt%JBtxViLy*P=q zuXp7&9FvaPhVsMgOyZ2_hZPkkuB!D5ZE+(`LojV~=A->q%b7#Q0y!*bVK7_Fo18S< zGQsHCsRv4*cMZ}aVqaBW5aPX7U`=)EC*~KLhiMTZMVG(U4p0GW2cr2@W?Fyf`!SFk zc5y+rw1Xr)af$B8Gy9TeRQt8cx zy@LQ%q?BH$*-;e}o+_pZ75Sszemj?mVpiz~C7eH-Kh{3qfIgv|e#CDkXzoQyq7(G| zT1g*iGIRjoJ{r_s%g%r3C;sN&`icLyep(>x+%jbXBdO?zS3t}rbYEFNzuv0d9NnAoW1yMtpE5qUv~>-zyd%L^jUr0UeSbx@o4~7YbaK$ zqX`g=L&gLhKNu~`&OQHckAJ~DPnZNg?vLmK)adMA0h_+Cn}m()VdJa--8GH#-*lI} z3;?aEWg)!s+O(4V*~G&8`9E|Q6hb~l$EtaScVmLwJFKd8!K;w!66|}bpFMzk<;Rvj zg!z`h4n5^zlPr|RWP&vtVSPB(cSdi$J5l3e)r{kuzi8#6afru#qQ#~G*zsjK1!`X0 z{1u z<4kXMS|`6*e}3AG44OZ3a)&c)bgz_dUOa6`FPS!1tpp&j>!t3r(vUPl{ei$R3ureXTee>Cdka0?K2LveCr zxdwjkJ5Z7ehKuw%VtW#EN15_Te~`Xmzmt^%B3Sp&z}rQ)-g+_avvP_m&4@ZG-X;#EH5jWanS>Ek>bw*CHE`iM;4kW zSJYx3 zbqbOkMs&;-J2SyIa84;-$Yw8$Ab`_96~Pa2djyrMmWc-dV6D9VFQ-4%88Q^@Txxl#iQ|W=Oz@Wh(yyOdw>hlLogS;ZBrZCr{dtpR9cvO}Q z$^0(>{JtnIwRlY0W|-QiUNlYJfZpOfYB;rM1nSdTW(Rsho`njuI{acVqSIRCh25$! zLmIK@X2dA*#eUvR+x#K7A)%p&rJY3zPK0VK|Iuz>c%mCP7L@+=at$AKb*b{O@E;H^ArH?HiIJdqY^0q1vM zS;QPdKK>CfO3HHa2>%dhu0#6G?*QVZ@`tMIRQse%x!rwrfljmK1MmnEFa_iwHyn9ELB%C#D<-83N&syP6fD#|@n{k&?~EiAvjV zgF&+S?yGAWtV`K>L;li!17h7}1c`)Rn&lBBtV3rmmgP0Ofdro@$A$#IzwyOlwsNX3 z2T<`4QE&`2H(I>v%BQDc~bNB zY^Eq|+i?(bhrBt`YXPgoxYV+Zb{bt1d&b- zv{}5u!{I$zo#gzB(J+vWcmx;G6FrvbQPTcfvkYivFf^wf zh;_K@5ywt0uz0^F zp$MU(*t!s5g2!sbIve71%Tv+B9$)VPmj5`gIA}WL7lldZ-Xb~YR#A{?^6p3WmLO=3 zU87ImtD`vFZYI3M*;7Q%7raE!v)lxVx|%g34#%LkxrQ$SL}78_BmK<#FUkjBgKZ>fY8H3Xtcl76w4 zb!N(#T~m2oxG|Lw7clIsEYxk8+wN%sib9U zTib9h=BVvxDw-ME65OR~I+qfD zm6odnY%s22I{|=;L!+XcMU&lB2bxx$pl)f0)9??>e4;Fh82wa98SdIB%}V*La5 zzxd{fVVW?}aYv*As8e@AADX`fiObUbSIAQ_-xc^cRFB_?_5@9iXP>D$D1d$Dkd%X} zyocssD6H&a@=flzR?#+U5oktrgZGeb-S##@h!t>9{4)5WNSM_$pD!$`CFU!pN>|LA zfmy3u_NC&y+BX&nXI-FaW?dU2v^fbX=}t=iK)~tCCw58egB>)ZCZqAvV;oHLj|B=E zJOxU?hZ|oGHdfLT+tPN-LRlQz;>fI^dvH|fNW%SqPQPuM1**|o_H=mj?wURh*3yZ> zfj2574(4FBT|3FVt=KBs$Rygp-JNDt6)CHMHB?Ucg8@PR-2zvSw9QvC64R zYa3kedTtbtGZ)-n&C0TJBFcX~hVrmnK9<{r<;r@!1bZOpI=J4xH$`aoQJGr4JInl7!36(&1urT%&;iNpw9dgLSy zSeXgL+h-#th{%6vvWOaPJygHHMbpCNPnNGbiQ>~If03#g_W6m1%y&aEXHy-Zz@-^6(b6D!~IhytT-`Z3|HX>9)^UlND;Nu$ec3gcFZ(A)XWtuj?n7)O~ zA3pfrOz6<5wa?pgfoIy(!m;Wp_XZzJi*d9mua^E!HK~q^=-^ZUE%ZdE43AcPIGFU}Ue* z(phl00&QMxc9_?@{N9mCq9G|?hZm7$xq5Gy?r(g((k_?`sZ8xKQhEl>)?9o(x@A>3 ztXYUS;lK*1V%&$_-)@_E(;9w&Lq%Yr2*h(1XJR1JE_hW_zJwxuG=(B_XSo%ML5pYa z=G7rz(NYCuYjH>1g^}iQIKnk8Z@!Qb*gRJ$#2@MprdBb(HSlp=v7_>I@ijQ1+Nb5y zc*QSGxtW#VyIHPe;FRx3$2G}ju*>~U2%nL1;mjDqdDlL($Ye zVOTRSmoeiX!t027kC`7)fsb5Eqp0pt0Ql&NOe1HHyX8Fl(XD4o!+3?Eb!%667j{kBbkzhHXqvV(tmYqht@$*ZJ_jeToOabHc__^% zttJ%Kx%zC=tFAih&9#Cf+pX3ZsiG=ft5?!UewwH3cIBeV&S!YIS|Z^#26SCK4Ub9k zc>~QM@N`{)4W?J)3KwHL64xb~mW|aL(&(eZM>veG76%VYHfFDlc*6-lF6cD;KMdHr zGd}~3<#V`(gMZbX1*yN!rNdMs5x?yT+5%w(%Ibc{I`g3xX!rmKpQaDiFDpG=D<3t2 zP%9r(?W*?`?h&gWvXFdatrXMr~!Y?{m?ilx9r-BBj9O8GEkTF-cuD|dl z2dZR!;D34vSSBETn6z33awzH^_Fw#j`#$@T4!mv0b-!-y5^jf(A3kQgmCw9sZL?Kw zX%AuU`J`Qk{?v2>lBTl&HT|0BKJ``>=UP3^u#^ir&S2_Il_zu~abEhlJHb!kb9c^D zVG8^>1K=OvJ)&^Y^9p?9wf-i4Mr_x8C53&Cjx;2^oMj@EsC2;B`=l{pM0zfLjoo&^ zeJ(0=dKwV2poG9Fp@@9Jsy+ly7P8PBu@EogN+c5M*bl?RTmWH9G$^tg%%)n9r2#q{ z%}}$nHxriERgS~nO**xc3p!!*e7m$kha%RpQK`u)m$*z{EV}K4VpnK;vNgASFz2S_ z`ZOjIZ!DKF-YJvZV0GrR7-_+F?W~?5$R2z$o*M_bJc3%r+;3HsrDW7pe%w%JyO^e0 z$lt1{E%`c3|vZX;GvZ5O1Arw z-Yox@?71HiYy#VnvaTeGjwA{0VOw}|dwv%o)T+5*){$i{n+k9|)K1G2oR@38T3mM* z^Jdxlui`V^j z&xqV+lHktixy_*9hO@^W;0N-ZH+hU`RJVKajJ_8-yiP>U1=damT+?n8G?d$Uf;)8J z3)(1R4cUS|MRUX~O@X`JNGfkEe5^fEed;cT7TtnE4JG~xlV9Bw~HHL>Eht~ zhkT6QE&RX={XjmCpb&Dc5BV~vV`<40iE_=b(>;43EcPn#j+6EP@3?kL7vscjI(wAQ1}97VfL7S$WoJVE9>>0$y^pS7Bxr(D3NN~&Ho%}d0}KB&doNaYwta{&sKJB|a& zw+uuwZV=s-3kt%(h-#LB>)wIIcPC1xJN~byIwV6_V2!rB{y{bLZRrU(G&d}(pHtgU zV>HB?=Xxc@%Ajkx(WNp50uj19SuzOk8y!+lQ9~-)g zy>QM4e}B($asFAcZPc7>7p&uY;Nz9!ZDAzf9m`DdLGZ5h%M`I4D-WTDzej(9 zF?VKs8C5gUj)MErCl${k2f6`osm>QI8{0v&xMIxGS??7$Q)y@cZ$_il3`ZJ;&uxae z66lA(=SNy3p=aPkl~@g5#B0DVDmhstz>F&Dt92&DPAB>}xF}B6{Ae(Jc6wi=I5Lub zaoe*BfN(WN?Vn|F!{uLr4uv50!GA_trp*nEdC;ZlHN+n<-f8 zCr=WK-6(nPdUP;E7Lq<>e-xy{KGNC=UrnLhEH1#Em+yWVB2C7GKV4cdNWzI=FH~%* z)I-9l8N+rHB5lMSsSO2`HNAYn!igzEBI7D*;+TdjV-Prkci{T&WO#w7@?Z@cya-2? z{o^6J_o$a9!j2`u44*B)hs+o?XhIf=m|lg)b=QlGY3Ewpynp{8YLrHZN8si_;D*|8 zgMo<8uxoP|H{WCr3IQtB;5NdMd^|Ku4uyjZir^S2L9XDM*COE&s90 zkLfdh!o`)Y6O>y%JHZdr1hiDZ1Xdu&zd^ZSqe~hI5&MiOnIG37=NaAm`Da+aE;gnl z2*4{~1RN;Lm@-HLU*z|$if|h3#1~wVM(~*=4Y*m)n;WY{bmmi$mF5~O>XHWfQu@FU zACg>OcQ6%k8a^?IT2sMSgm@zy3^EXv#$eTXSw3!MAU`0cFtJ6g3MO(9BG$qFk|v?^ z@#XYEe6-$rHlsP$`-9wxjWuRkk!z}XQ@WI~6hR+7Z^Cr_+gTlZHruRZvA2g(VE#+# z8v%h`=nx6%;=mi~Lp zTUCzRVHK=0CU+uV^UFYkiNe%yL;C?{XOVS;E+WW3ELKxaGOAh8wzVPeN#3Bc*Y5kT4n4*`JntORr`@zvK^l!=+|vQ zMKu=o41+assQQFKfS6@#^ezoFp9Jos3-?95`V^E*@WyGE{lJ7qeLEACWEo1?@A5#= z@;q)zlT~4xn4YLvRh zFg#1sjM?kSY=oT9EBNKQ=d4f~2i1 z_p~tVpRrl)+Kb(pslWY?`4G|K-{!+mOt|CF8fKt(uG-pIc#emR0cOL!;w349jW-u< zj_D*~&v21Q{%m-<&PA^JiHW6~dZ_&3_|f;6OszUUCP|8?7*)`H{I&7vVi~$V&G@x7 z&!EXD{Oq=PtQ(D}!+w&N4#AV@h;x`}nEQ>blpp`Bc&*>KjKTKOrN-&L?`Fl>hp}FF9l-yZ4N?D^4U@=T3#N}Kt4b>hOICg^t@%g8f1S2nPpxg8^^bUCJPP17 zkTqF76JltA%S#j|?^|~?zT7=B3vRG3P<8Jc*$CT(nU)5}>Letur#y-%@RG*3oyl6w z9ryo&k%J`ng2R<-BLP;NIZ6fpB$!uc87>>+KLq5kg+uRGIvH{wjUlo+wdyXhh&s

QPrrHc#o;3Vi#93o_GyT%((0}#9LBk9&LNY|=W7dk&OA%j8D2k7 zN4;-on6U_h(;lm=-)aV1l6bs?F}^W^Cm8ro%bi#g$(r!)o1^jhNR@1Ai-b9jtobE@LgT_eg`{7;A8aJ#bv~|9!wjVq zpLXL`!9s`}hP+i=b_AALBr)TxVqM2gzIJ_hx55KUEPq~+G z(vGG5Rxq83mP;wET;+e^C>>Zjm#0J}a@XbEdTl?c%+Jz%pd^DNApfM&lD>iD{B|%E zeMO1mp4gsh(9UFsX13y0;Q#pw>{VL48BU=ykC*S69oaxHkJ*RDZ>(){l#;le?@qD) z`-NH~N~*l=eh99rBww-zO(eb1G>Jljh8=FWm1|$uV4}3%6D!5G)UkR8FG2|nn<9e zi1^xbi|}EM`Rz4+#q-C$bwurg1s4oSJ=(W=o`S9w>UTvr1%uAfM{o<(CQQ>xky?4rAm(PR7toYmW@7Y4BD^?)bKX*GKn}voI?g_ zinfP5m9!4GRIvJkEwCk3YH;)(sNZ-&Q_32B*4aZsYF@VWT+S;2?MBW$h1lqepH->63Y0%pi>(V_ zuCg$3tajRZ7tL(c`Eb{^KVQp+$irCVmliBbcvb*I1Yt{-y zH{t1-xQEX-SKJB0S1!l|0b5rw;spM3U<_UW;TFT>bttYam&att{pHs$EU^qOFkq&$ zt+z+$o?tZ1c3P~k?yGV zSNzuyXRC@g2fU3yaqr(%kk>h1%k8l!jRp5EE+@RH8i$dIGw_+W)(;J;dQQ(PC=}yW6S4XdT5Kpf~78`Y_fcwJyzv z=nR9{H1dfEUy!>=yc>l39!CxFoSpU7ur(_qx(;N9YNrhCbNY#G>9E*z#Vf07((;_TlpBNmC)Wy zI-3`L&z{lm3>?xnOcZGgwLrjk*3nnNLGS>5t7zKqV!`pY-RhmP9m{W4%WszG;z?K6 z&*>*PNpVr>83J%%+JacRe)^gQ_xugzL)vr8VnKlrWfHjnWfEDkY{eMgv@9k1dQ8J* zXCMZj(O^=`b_;IUIu55ho|42`d&liE9ldsy^*+Dmc%}6Lu=}iY@spjWFOetRsldj< z*-aT!1one0hN+Fyqd0j%1fr^^$J+Pt5eK>2N~sY^E;j6in*%r+E!uLys`aX`a|%0q08Y_QY14I%;H`Ls_!SP|qbC(>#)K?VmA0*jIP z)mwB9FtHJO=RfSk^_&SeL*3)64|_6lWFYofJ==0{z_%;rQ4oxj%|Cm$-BA){32--x zcO$r-$Ts>2DI!Fd*xT6DX8II}mV?D(IUF&JArv@%c0Xna#N>YH{PbRj#s{ukVxd;> zdz|qDYcx#LQfr9efH^nVlXd`xYM3BYoX}zQDf}b^RROy^w6p|e@f1NP0p}Y6C4*sBtLb^LQBVOV+7#9y%r4yQA^iqO%+Mq+iUv~s}yyJzR*)o zs`-~G#;S~Yps88)x#qbWv^G`ehGM}H^E_h#y~+llH}xjRx+{O8Yso;4KnFxqZ85z! z$aD{0PUO?Hv093J4X{fZYAGv}HC@;h$`R=e6^#R?#sw8*cdp}iRqBJK@c_Qt+;pxt5%Te=#A=U|MUf_cW|RF@&(r*j`8jGljZ^AP zY^?1oji&fqjGr%vdZo#A>pAtEGgiFcAD)mSysg1tM)$AO=^`6~E`>{<3`#v# z(^^NtL|Zec>h!yJ_T}b}UcT3b_Urm8obP~1oNox{UK--Zwpq8tZ59v#AbtV>o<95j zHC5pBe{}*T!;4W<7URuh;uP~{+uP<|{4-TxJ)kf`VGQj_>@)gMb!P-_6Jt7Y@^+fb zoY^*Y1Pt_MyAn#S*YI3rOo+EyxWQyqAG&NXFsNDF2@jdnEd6`_WUEQD-SRtsO4Vfi zlRt%=1`4IMg`73{s!;rLxUQ7o&c?A6V0dTFSO%*7#qpiM8xffxC|PyG^IXf0fY4eI zA8(*CmTp8j`{g@r?(6A9#CRsU;V(ft!EC0IhBN0pjMTx#0JX-y(lex9DrXM(>BzgC2&H|fBVfe~WCm*<7l&;|L~yGo*@MMweOWEHqj zhq7RA1Zt|pI7H-q=Q)Ur=zG@Vtn&sf-RQe$LlU_}F?~&S3*u+YUQwX-cW6tkVy4oB z7&b?g=(mOBR_Mwvn4zp>*zXjqb*LkT@Z9SnX1ZrA4Fx@>P`d=j`b2GP+TX&SSxzKG z7sA4J-{hDe>vFl5-7)%U^R%HI!e6GHmVRIE4?<@fDk??NuyLH7JAb28h9HIYT7)2tf~IP& zqaYaTGB{VXFh=otf-w|9rU2`@a%B)PQ^nao{UxQ0$sp8}8DS-WW|) zGw^ZuaqbKkCiAhC@r-;%e`!X`prf=C^fbZQ*-yjuIbR>bjFlF$rzuc4;R_Rmh=nJ{ zdm@|>s}s+T-vb}I>SG!5r1>tONdOu@g|oh*=mA5+r^p zYlS~hBDbvgk^6-U^jeOJLvZqDhv0P}5DE56kqAoh`@bdjheT5YZqE;^8~Q(r?&Q~D zR)s_(5)ko*0e&l{>~uA~2F`;y9m_dQBKU0+N}JCzV5#JY-?Bj@a;YQ@w^pu+IwW$A zw7E~jt6u~xAtVwJrx3qiL`>O?fg{SCG|w(&_i1rgW$dYVa)~2zEaho_rY?nGI9*1( zMjAA_4lC4^G%*y3G8P=DP(|Ny`Ukw6{PuTBvq)??c~*|R0!t-CvQjbYz__1^3PNHb zafoEX2zdph<&iwUh}THA;CD!k@`i%rr*`45kax)XCD6p~D+Q4lc+5K#(cSR=x^Mcs zE7gd(U^JJIL}DmDfw}+!cfWW@A|g#9`EoP7mu*FYM|s<1j|q%OxUl{0TQgC#JGJ0j z67u_=7L`8;xll)~4av4PY8V63`-lEqLYOtuJkE;@KL?Ism7c1M?P84Yx&kaz3RwpT zZDog_O$cMXuRVaMwY)_jy)Lg*TL%{tp=o$m8(ErcJ>i^Fyz{B&zAIYbp9=j8i? z=C5O4qz;rV88*~>#M|~8O%}|j0~o}nLCZ^9C3lo61lSH`poYkwtc(mLztrNnNg3cp zI@9~PjPn>tceVw8YroXfBPnv(zfSK*XZ1)kxvpoZ;<0iWo48SM=R7+3afmXD-RCe! z$y#D|?-37`j!EkfsjYALSdB1eQ@OB-QQG+UaapauD{iTd#1KEnkQFh6@+CVu5^h;b z^I7Qqz7BnKv4N~#29G?nIJVu99>&H^OM+;v8kx{e=jObd=i_ZHpZ!UExS9Q_>dW!@ z7;M30@Is+=7M6)+9*es=>+M*h+HiBie+pk=}@Ag#nYKJl>XO zh0$D+LoIlZ=x}1Z-H#_1uBflyqEyhE2CuF-Fb$stu0@#M!2Tn#&|!-{n?2+`kAEs; zU|{wpa?8j3$o?y^h<)J{f6@Q_AhvOX=ir$85!Somhrqq)^@jFsP)9bs(zi6fhxT7v z2{fcKwF<>=4L4I6r~zGP(#_*yftyKfLe`sjE<1GVmrJ!@SE_6WBhO~I?8*z1Z`A#_ zy`#*Gd2CPTXq_7B!JVWqR=Fe+?|SzzN^HL5Fpaa+VXNbwxRzL)MXWu@vh_v2`=;b9 z821V?_Bzue4d^BP&>ZD{XFqU99RPZwi9eElRT_oww9zj(*V14gwvVw`)|3k&bXgB; zH^*YTvfYf9&|Ms|Z<#E%?)eir1VsWO2j~*_OG;fpIt49XrMrzrl0A|vZ%DRk^2K_>$IS$<*(kuDK7b%||>%{)X;Thg*%7`gNWOiW9 zYi&(5q=FYM`N$e&6k#uWiDoeS88Rm9(}YyN45a922~x}k7h$44!E^~{d{EvrHKV$^ zuu%R>qzDu5@8_SQ94rryzD6Go&ZF5FVsW{*t^9g&wzi-3gV`~-m+Oitmv5)0$tlF|7{1Wlu z6I}bH`+52Z<|x8mBh~n0ciPf}*#_AP9IJ$RoF6o!*RD#k{)5Q`pHG(X#d3@nQ?V%J zGiPP&uSVd>IVNHJIVc`jMu(ciCv1;b*vXqjxm~v|2+m2Bg9v57vdL3|c{94C@mOv* zhTxMvLWhydqq?du&MPaf`_fM8I}tN&WP0e(e7ad z6WNIw7_iIVm>jf!?2PweX(TNl7X|=|XHR08P+v3p!uG#Knqe{Es_#$p0h(vzv}y>@ zsMv6>!`CKsadQCQs5$CicS@6|nv|tJ( zTnoYb!gG#wBjYCz{}Y`MHoh}MCBsM(Qz{%$OwMfr`F1$0LqDow_~iT-B{ffy`otBb zpI(!Nn*oMnb#2W_^r!KWG*rJbD_g4q7z{YjVZPp=-e|jhnB}iYNjP^JNKEJ)Bi{gV*b5Z7Ajb~l7^04F7hFbiZDZTm{qSD z1dCcY3=_~jIznefH8E;2mNyBJWR~*We}vt@b@cF({C&gszCz(Gf>#C*9GHsDh}iv8 z=(7PBg9yIP6ww(M{V$$ z0{<+R0b&Ddokf|@>3^wv?ds|W-aqpGlH)Fyy6CX&OFsGklJ_WeH@8PP2ll>$l6@+a z*G9kPJ(P)F3#3S9luY%C0#^ndgWlO~D-x#S$bG*9CyiI@KAkI8*5M|b5$2!evaZa3mdn;`=%4?mzEAt3?|~*!&RN+w z!!$@V;wpJP9b4ij{(HNOIECK?{A*N}v*@V^bnkD0e>oglL;5>95LKC?7yGw%S)tQE z+GXkHfOZ)OXG{t0Dlw|zxm^$LV^Fxq|GQkae=oxFz-zuMOsvoq1)19f2nn7dhaq;4 zI?vKbRI@clv%2!aNsi=yUiCmK#|NPBqdfyY<$Vuieuo5Ae?kJXB7N;iDe`G-OERzOk6oV;%Kz@L@sg-Lwu90LDS+FJ-{=^E(~Ly0h&_q25b zhcB9`Qj_h$X@M(5-x^f`q#nPkamG9ma zme}Nb2O3tEux}8cfe_>TjIVUzAETc?UAO=`Z0lC9JE0*XpYJ5QPsUcqVzDywpG>Q2 zpeoUaE>Di=X}*S(Ruct13JgVh-q1us6G3|;w~|-)>x?+Be%esd)*4Jv_CT90WA3vz z(AU7)o53CAMWJqVjh|_CcG8pk8JN;7!`m@yoi#$;0aC@p zLF8#QylJPkSG;>a8}EWm!Am3)dRX-;mIbs8mHND4&y>YNBgsKOyC6`j%TzQT{0_1AjDrR7H-&$9NCvM*WM*mN}V#s|J0(3YJRKEU!C}q^kpIU zs4J4yDeuvqDZ?iK_Pv`i9`SfHq zijMfOz?Jm0de59e{-pCj_OHDI`F*mZCw&X-_<|G4fJ@3T4yO6jb_%`$LK5JTa)yIx z_C%zQV1F>ATMxLX=)Z!4t9SXhMaLS`04^%Ga1k}Hh%>xh3y{lQF`g2B#%z1;cCoQc zN3*$w5AG%l%UB-XU-WJr?UxDa>LtD~27ytCoMY>Jc~bC1I>a8zL}TEHr&z>wV#~-? z!MR-X9-j(swU6l7M;nAv7utw$G8@l^QPWYw1lQXLDP)AaaZki&hja*?G;bX`*@YWy zO72aYmhxa&Z$Jn+d-!6@YLcezXU1V8!`)4|W=N%hX!x@e@CDZxS?Bs-x!Jq?(PHwk z5u{VC|C17wxo)qwc5egRaR|&z2AwqHC7AP}8Efyud9XkvL;cMTN?^A(Lw#WQm+PR@ zW|ZL$764Afz57gPq8Y9X#=ZL!%#CHTMH#&4BoT3oXz`7AFU+s>Iw06_xN*d<)V?`Q ztX%j?%U~d+d26G-D3#vz3DdW%j24zpiQwnA#baGqYA~W5hk1v|M@`We@;p>nNUHwKgpMO1xYZ2PHHow%FO6R zk?{#<2_{;54n*?eMEpFA-C;$P#5O3qY;+mRAoe{XWaR}mC?|$o6^(?Ap9loyl>o2n z0}f`~34Z~vNMRYN4eF+WVp$zA6E&JhVPA=&hqWi*XK(|(o?;oCDnV;!3~s(Wnle}r=0ip-n*Js84{pM{O?wjsr&*hd+ij>Z5813m`X?>yIAt;^4 zwM8*B2(dIc7}n6q*?4qc*~bBx#e>g7!}0?KrzQ!EEs8{};K^l8%je_U^MhH9{Xfb9 z-38aXT=?n@<}Stm-CekLP~>Kaf4)!v^WVxm2n-l>;@mXKscH;>FZ`_(K-3+FAA;-r z)zVk_OHg@Fo?D%)Z+8BW`2tW$p1fLp{{CNk>VYjY zZ9khuM1H;|ok`%+)AP)qD;qe?gP)X@TCAOw>y+=6eNpT>J6=}C0G!s771A4%1xXWd zeE|v_^RFHP7S@Ir!6=M9u16iX*>o9y=VFXqwgl@38XFr6p@l-D~=4Ib+(l@wRE&uEauPEs@x` zMY+%Rx4K|@VkU0+b<{^vg%LLr(WW3`*-Z8Y=PSi#TmOyJLHtyBH>`;>AFap4Rxm+8 zfABO}5?i*13O6>)!#9Gz%|ilS&b6oeHWmYiVlb>1+0iKzSZb^G%p>6(xJV8ODS3;`oN6wFUYyuRg`gvrQ)?2Y47uO+<+y~?F(~;z zdkJ}Z7A(mZtSPMzaySggOxI3Akd1{fTt97ucrm|SSS{lA<{kaBxE>`Y@~yNyobTgb z;sUDtkGQB*o=s1u#E9($F3>VXIt$Oa6V8d4TPRFj zqdHq*$vQj5kp~unb%5U^c-d5i*c65BCN<$y+Zuu^oBl2w^fR&VYJ-_nbbQVI+(#f{ zQjtotk&Q^ve-zP}#{&OT6x-elcoP#-*do7Ui3!w*1@UxK)N-b*G8uj212Q&e~eH`I@CPLAczMPS5Lnj9f58>D06QQf<1>Vry<9bp#1 zJv1YDekzioJ>`I{wH_M4)*6Hk-?@$Vh7n+E4dM&T+K$(WZ~~+?(pnKdXtSO2&$k}- zFA&yH#C&925G7ahx-B%SLLpmz%FX+pF` zi^b>K8ELm%Fd|HTZb~eg*pt;eN7SM!TWF!yTov1!s356AucpwS z{k~tYbmxv<&Fb;^D~%$X?mSmFoa&|KBv_jf`M>O{DhQHaSdgS)Wt1otJnv* z8^y11&VP$yLi|gXyoO&$CL-rKCTD&$jP?^=HZ*iP@H(X{BJ>o%>IX;xiMjx(KSbRU z_%HAM=cY!LnBiYNvrGYn5DCySNLdA0=RFF!XI7~NTMD)k5bxx)*_gMhHU8#B@l5c# z#W4hyJZhke1v+n+oIg-MfJ@T=4~vFJ8r?eh+W_A3t;~mrqIGo*;&hsKzVm0T+r&k~ zlrw*By-D<}XX<9G7a_0ukBiJ!FS5ZXbq!^zqF#j_J=L2FEYLU<#{2eteJ*2V%yj^P zJ2k;>Mb{}$H$+s|<;WXLyqst_zZ!e=s{S`F-)EXT6i!89V0N63i603o4JK}F8iuVv zNQ0k*c?I@jUHJ-f!M0-C+Jfo_PyWjP9W@$IMR>i8Ua2RU&M@zOI;x#*3z=$a*=_xt zP@VMCJD^)R3EFH`A3pOy+Fl>aM*)#iINHrD@0(>P4B;ow7}g!;vM%b3YQxkW;=n(G zL-a(lE|o?(7_3?DC&z$!kg}=eR2zhGM_hgmAJz2Vp<~EFi8Lr=LldMTHKLFHNE7B% zSWSq^siMDKK-dK}rUOSd0Qrl&7@1Wc_7t2EO#xy6PIYeqdR~e*?483@1_)=$*?wCO zR~%4q=tce&9D)BOI27He(K6zg5@F(~R?t`fe_=SJoTA1W*pqn&PhrjSG*;7MOE~zU zA#({o>_0O{5oH9ZHl%<2h|7Qci0x8!f_Z5rc?l+m{nM{zgp2_S&U5qNp zi}P=n82IPs@x?tfYSSzj{0Vz72@TlURuL!*6YO^WWUK;LS9UHYy4E09H`nFG@n6$8 ze^|FUB2&F4_LsY2;S}?@^z=!*gX?0rv~-|u08z?9SWzUCFH@ZYRkV;xc6wqN%op`! zIi^r0_`LL2FtCH^ zk#7G^@t_ELmUz}f4+__vJAS$=;jZspzClI@^WO3O;n@4vj@YjR+7UcJJHp)RA3MUO z>c3bw8&#_9zpPuRCfC1bjRuUl7YRtKmY~+sONV{Lj$=hS_(5xpt2)xjt z2)$y|);y0DK9w+=Qds{X7~1}wW%MjEJYs@OY*?4RBb;qYqJMDycaU+f&kGo2gpK$7 z6ftxJ!H_DHrO{GQJR}wcIDfmuh##B}4JsekbYq7q819H(afuy@tRxaBqS0EC z^CG(GW^=P{JqXEguP~I+neIn&px7TdhbA`AhX{6jSEz^qN#p(Hf5sNE9euSR zk`P4b8N0GN!EhFfJ^r{6>tM6tKsQ1l`-_PFd`Qsie+UNE)jxuPR{pPGa2_}nk^=~P z{yVnFq4h7p5J1xRa_ipJd{~)OwqfRr>;Jn^H3*A_-I5tI+Vf#>=AqVU^1GDTH*rZg zW>k2i6@tT8F3OpL93ygS_8G)?7KWACs`99vzhI9Fu+3yzh$As5AeA42FqgqN|-%iOPi zE>B?CqJ2|_@7KxK7yR~X_4X%*lGe?Z7fopL;973Mue($i5wAzu?Z_(>ABQab_69AJ z0#3aQj*nKX>IIjdp)<&d60qT&vV3*P{ThdF&96qec0Z)?=VQprjhpj^V?6G^3F>oI zFvz8Uw>ORFXYZ`!M{-B8QzZ>2xf}1ZAJ?UJ@Ux7VV(Q_R*}`qy{chM*@DMOD+;@AL zm=>`j++VbACbjNuT*2B?8EYdVs#4)7;IJ>x{dhKV|6?s`DzVhhh0If(Iy!Mvw<@BY zk?VfyDj=wk3ky5zCcwl+ev13em(msyI%gGz9UY0M!Ee7Q?3vv|FWp|*uLEFz^5!%H zB7~6*;itX4M=onwI`6yFk`0c?vd4To%+9A5;B*=QeXcl}%bRac4uas$^8R(jHwqoj?nR~*OuytnWV6qof>ULp@UerP z+2P5^_9*UJy*8)WM}j!Sls*l^+#&MIYU3wlcYdgCC|r?g=M;VuQmk;pgG{`HvHBFN zio)=_|r=>h$qxv`8Of$S^37ep9rblLs_Vh*G5SC|}h+xxk>w__4+ zp80H~pG%%1FNKpK8$3A5%ln2kR@TtREygj@hsRmj^OA$%?B}C^UroT48|?<=4fsMU zdYZaFxz)lhdxNf}>ncS%*2A-urZ5Np^(oc+Cuuy1l16N@Vr@A9_pN`4sbT}N1=LzH zL8hv6S(dtUfD^nHwT1JGa>*A%Oh)16L?wE7P6BjGFI~mH(;|XTyDqo`Q5cC$ejQwc zEv^u)oKvlOFIrt|-nc~DGwdl)7a&!dEHG-t00NnNWk{J~-Ht$vfFvz+6Cz+rb@Izk z!K302VN+N>I_4WRMH~aFpc^zT3(?5%-Jc0Kg2*pyc;kB{D(HC}WO5x;c5V!^Yn;p2BkZ>i(MYMeoB!Ujo9P7oRMNVTlh z%1EcQ4eby^@kxi77?V&GqR~EiZH+uvs(;&g&h*-fWUWhF9uGXC_RSyf4V;GfG zhz!diPE6rfykxh(G$X_p^M-gy3swx?IGsm*(N27cm-nTa%kH!ZIQH01jzcbY5vC81doSmJk@0+ab~3NW78$)M_YnmY+c&5A#Qvm^rR8Xq+& z2@hlQflpsYz6bL<77q8a(HV-Ij5PMfG)FsC{eHNtL{Knlv#|c^I9o0w!R$H267x|1 zo_b+rxFjKy3a5*8V|fU57pF!hM29u+ug#d)_j*CHs~fzNkNc(ZTVkdUKU`dn5S%;# zu6hit>Ep-Q>aP?*p%}P|-B4N=V6($>#9zHjwx{|VxSom{k@YkZ{B`oi(}`*;?K~Xd z2^AOsIDUBPe0RipQNCIfeFDf(k+){c!GKxse7RAiIf61vzErpF#3s8wc>Ncn%KIXtqZzNl??tINKe@_Z70fkI5NtycDo~5*}v8;7eUhz%HJ`4yJ+rxez7qvb) zPgAIp+4p}mCO^LVh+v!r-^h;ja`N^Ll0$F9qnjd^4#6W2Fci|y2f zVRAO6=|l&~q&@Z$iNa})pv@BN>14Ou7j;hW%$Trch|;R5cU2SmdEe6cHeRM!dm5~3 z6aF0{Cc>h0TE-hodo(Py%C8XCf8Hd`SmONsChnOQPHoEWEV`kTLgEurTZ-Uf%j_C) z;5{33;#q~!_1uSbXe5Er(PEBqwaq}1A((UjB*l$X1n!EY6(mN{EVHBtjBb(8A$>V} zcv4q`Uugb&wZTU{-yLx7iSdcHHe3!@R#GiBD)Y*qgr8kN*ctsZN9N>Db3QS$0=1vH z*Q;|v$OtaoexIpWk1$Bx)$$WaGkyub{P;8MRBi$eJJCyk!_GG%;ILEq_9rdK0Nmu) z)rx&?BDrm0H;1s=u$PLs+7Z?tz${}K@*C!2V~p_6&;~iyzcm|cbgyMTCRkO#lZBaQ z-t}y*NeD|89!cbifl;5?8@JRKPyt$QI!!pSP8ir`wQj@=xz!Xob8BTBY>I*8));mg z5{4xgV9!RYAU3d#_e6zdG?3esPBW14?>w|SOZ|RPTFJcL=xAh-``)})uAN({gL$sf zy(LY(-nh&WSi51bh4e(Tn(R@LXS}m+R#vgXr^W0T+3I<3o=BjGL%I2IXHg1=wJ#&1 zIzEG<7l{6mS+trb*l~EpCe?tN4&3eYYFx)V2UWn6=ho@&=H$kXc}E6}Y#3G!ns5vU ze}XvL+5d0&6bn9n-&4dh&7l4H)Gg>|M?%d$zlpg*bVt*{h;7}e?EwfQ8vdxjKm62b z!mrbpoK3Q~M;m&?&ijhDveO`*J-Wz^DrXK%c$rtN-_F6@xsO=W&g(88UFxEqMPbLy z72`!>nS5eU21!bB(IyenahqRUpZZSz)v_@LY}r^uy)iTc(o>a2|6>rUb<6Jx&F^k5 z!&O)-U_)cwZGZa)uhOScO2@&I&V*f+w86pw?`Rngq1R(v9xzFpVhGM_XG-;dtx8D? ztz|1XHisUbf2_*e^|GT;8zZQIbmeWJRT;2(CiJh9M=Q*x_SgS9d2q38{lDj+J^265 zIXV*cFZ{78RmX`=|3Rq8L;pdj1b?bc9mIVnH1qyRc4t|9TxZYTPuomPIobdXLE-w9 z9;yQfzCqk$O@CbXnBcf+SRbeT<{)E#=>&HLHe*&uf48taxH$*^GYI{uFA4j<2cdQs z&HtjMrt%Za?}%amVlMi!3OxI;FgedCCygqMCAjn_GDe$&!!EXrf6U4N&Hpkhe_SRj z=dRf_Jd;Mr&JV||F{0HoqW+BYqlq0+(;|wt6 z=*WW^n#h2C_n#@pcb2+5zGlSmXoqUVOzcW5;dadXZ^Y)p{nsBwM{diqSr+YZ`U5{I zg*%}#;y=uW#VZs;8IG#L4O2itOqsS^&T4s+8nPW5Bxdu1a{H831(Wp)a7z$!OcbVa zP$4ys-=A2PrG9J^_?qZV1auVI;lyfVrLLiFpdANQ*sP|N9J;Hx);r@z>oLzno?5Th z){5yE3h5BFmai^sj(KH29Qi+)Hh*PJki7_wUl93F{_;3O$tfNzt=)ZZhfDJQc(5kctI-Ar(SzAr%TnA(fDd zi>Qi`J8U79ei$UJbE1|PGv8O0#5?FpL~X-b%H>YV_PHG%mg*q@3CVnkce1`7i476W z?HbNXxK$%xQ{%_CHHE`yD1btHt#lhFU>a+;d&(6Tm|5{qR6^F0R5E~`Ldx01%}MUB z7WL82Km>i^0do*KRJwZ&nP7m|MVkL0bj5>`6|xcoRR87`RS2-bE8~P8_#HffCf4z8kWEQ@ z19XpTGKe=1y**c=oF4x#QPe`HhrS`T=MN#a6S%c~@xz6fVV?68 zxIR1|B6IaSTlDlP&GZ1ty?G9Cq|W;du6^OJCc{R_^1XyI?WD%;vW6+}k*XmlkR>&& zGUQXC`k?^Ov=%!5#uIm~IWZndbNPx2(Q?5rZv0x}tL0+Hx3zWFd+WuHM+(!#C0A_G z9Dr%xd3I zCgBcg_R-f+O6Us4Kkqcij;Fcjhr9LL#Z8Gx(RK8n!M9V)O}WKMtkEdtw&&c?qK~~v z|IVg7Y3G0sOlzlRx}Zj;Ug~Q&lTR0old#kROdRBMq}#G>k%YoRdF(K$TkVM7{0Mq2 zb;r5jxTt+w88QFrApH9+M^MJ{`^=#`^Ni!yeA_Z66c3{8UE0Cf@D#x$89Z${W6b1b1k(G{!;?rrL6BamNXMZ>XSd%Fjp7dXcy~peF;> zwgXO5ul|;_rlI|1QR{M=De4Oc(RaC-orBDxPR$u@$&{Y1!EpLy0=6C*B`o;AwfeD} z7Y1iwcxbnUKHi*4E7}Y28*6u4<8Y_GcP=QGG(j{eJB!&_zo31gbgDryGo>$1t*=X+ zBd$PEjOTUMF{_fPl?mk&#d$tpx!F^ADLB$){0SdhU zqe%Ajrcy=hWoBz69V6{3ZB!GQzij(0Bf3&%T#G~-pBYGhLZYh+F;}XYY?SPDCWOEA z;q4Mec^=AaS@rajWy>rQf{QQu=NH7H8=#`vM~<}#LI<8$_t_<6?)QSj8TW_O_ z?o>-?>OHWKV-!Bg%YRmx%TN5QQqg30O~OY0#9$>ta5&&+mAkQBTv8iF8hADW_S>*) zV}!DZRT7)mJS@oMR_)gFb3`M9^;*dop6)@y5}K8~2v~*+TV(@xWdlRL{Mvein3BGW zM(yr)!0JGNhI?&~bFnKyBqRG+4BMp}P*<7Lhk07h>XN7L_hhwUyl(#sQGbxG-xuOk zGM)H;A?k@RQhz9tgBJAF`@yaa3^ zecVykjvw8y`JLXI#UH%>QCyMz$I{Jdrq$l~ zkNUD<;3U|m?O&5%{4Phbo@MGINl!DNqdT_LhUkFKr83pCeg*FAW#rp5RO2a?`D`p4 z{ogqfCa%JEes8{r|58|w5x!n8SkrL!YdhdEe*X-EeG{DjO_J0w5I?WS1m6lB9?R_s zk4g6A6F$pxkLiq9|Bsv*|Bu(VESwx*7^Se55x%YsVsh!0Q$Jtxe++`Dp;3~|NvNH> zsc}@}!{NIP|Bb2dNJar6619IIl1&31-U1X)tcf!p)rX93psx$FNkRH|5ZrYX;BFHc zwX-mkWKfELpGlJ7{STx5KYU#q#*?wF!Rc9e)Aga@$AI{Dv@C(x?TCM2By<0Xk=R!w zBGq?Rqr5a|Hmo*h=#x<*CmL!5^l0+Jr+{x}xKH@KM3?|v^yU+fDH&?p64cTq$*IVRY_1@SjLHdV*LiDM6P+&q z3{l{piu#gu5>w{jJF!<_V=l$&03o$dhqc){V(xS#1sG~OmUv^gI+fD-d8)xNyZB9W zS>6nBRBMbQKp(0WayyHCX7lBU^JN-Co`;gx&DEpn?32`)nNBwa!iA~#+XTs5&%_cH z?LO)un2N9RS1k;VB+9_5FOa)1N2e%0kT-;repFoci;+p1)M?Y2r1oZ<8RA}hUhZwb z%U9=r@q#vO>gSb4 zL9U4}Ty%mT)9G6nddFr%w9!ZeRpbd99Eqpxb%3kL6YQiNJ*ali`P~q_{Q#DB(PaFX zH^f)>;6hqCObA}aa>|bVpol)RXDR#KWWVa-%7{yMP)7#{-jT*5_R#+H^^w<48#lb$ z_tO*=oOU4ST^Nc!2>0ilSqwn?xL@9C5 zmBAV|`@6u^*tkJn2$TYM?y^9;`cc+4TP1EM$N9MN=)vbbR2u=p;ppB+8{u{LUN)$E z`t%nYfg5+uqF@?qJ02|Fof|pu4{67H=r)l*Q?v1AA-y9X;%dDkU#iC1mv(}8pjg@$ z_oaov693$lG4&I~=yR8*EGeXJMeIC0p|*09oBrE=3iNJY(&uTSh|V@NeA9@&48k6) zhIy<94*ovm_)L4Dw#a4D<_=SZ^6xygGj2X8cGiTt$J>l z0N*8{%WVtm47@(;V)SfVMWGdw;%&tBu4Y@rMRCVd(Ma$UG zl6VMiUj=7Rh0>HGRq`hS2T#N!w@n5M#1?eJI-Dc*`GxVSQX7Gdun&?wip#CWdAE`u zAcW!NAZwLZb=vJ_TADH5@8)}KxjE=Anp21i!p`w_KMlQ%(n;-|apy>mlQ>c+#7HK% zL~F|mkmET>wZt@g8pOObu<+ugEJR-{<^=AM{TC4{V4g?lE47}g+K^^jOB{_t$Uc^{ zjk#c8hZQ17AGC)yPcm;yL-%(JCx-eypV4NH3S92iqk7moj0_c~xcJR?5M zJKXJSy^g}A*CI}aZQve-$Vpwc6JA=pUkv{I5)0Y-2x>bK0*UM0q;XF(fd4%)E7n=l z#RmInAf|KIY)EGCypZg&F21kURH2Y``@1Gl=x2Ye%ZDKH?)SlOCAAdVlfB0iaWvzy zYss26lVJ)wj<6pwB52*5D3f$tV(RB}4kGDkJ}fYB}LY zxD(gEUNsh&;F|8$VF(SM7105@7L&J(8BMd z6w*(+L-h$r8$qjH;#L*(^XMx(l78tgQ;MnA5%7s|>?EMdN}E8zLpJDFm_3$Evo~we zXCEi=$g8M~!Q*4uxqlDf?2c~f&5qUI0Pqzcd(dKu}VxB5H~+1e z!l$8wp#8;SBxQhDjE~eGr#Rt1uo#APMcXLRP_!v08tXH^9p)?-3D&PbzgQ~FXO5+b zMLr-L63ie+w|8r>=_c?DUt%=!C7`fmf+J0>1{^LV3DljcG)G(B_Cy$lQt0tOfvy_Y z;^&Q$QN#XmBg<<-Qe1jM@h9UQ7NZ?tBQtXPj!h`1eOf$8Ia1oGR(*uU9wW`&@5{O# zY77=#UEXZl?;g8L@_CTKE5+j8Q=he-TME4_*-9D*@5IQiH#^0TKaro1LxN3AF2K{E1UWefrU37)F|D-kA)JBh> zM}BFNef8Z#bY6>*$^J3+dnRpK{JJ<~c&>r(91RxBRPY$)RzwYYSeYt2k&%qi?@r(m zRzx6Ty8pKm?Q$Al%?~*maT1B0;}0--6h+6GLq}+Ii=I)aYl>XUYXq7akaKe(poxv> znC@C}=uJk|TH`K~tL2UP(^G&YE9R-z#EfkO&S^7!m^I@3`z0%|f5B_v*WEGIEIqPVK{sVkX~g6V6NHwImFT&HSl-FnT?w@utOttpj-*$Q>)2PlbnBc_PJ^HkZUK#U++$Olq(}l zg-)JcANMdBLW$pCpI%c6ca*J!ff?M)IJV1LsFRL>I?SFJO5J~pSJ2CJxnPi)pGM^8 z>Eb}r&Ym*uC;6?4?E43<{oOqsq9*trkU zaf_v7Yl7eET{1w|n&_>bEO0`6S*)46v5M*M3U~nPfYuT8lgmUU$OJnEfCD?t;mz`6 zq^21&LAXXAngg3(3fPH?FU*nPunczU%Ulc(!io6{KA*@aSR~PlcV!@q9X>Fg2s*!I zdQ7dh*EUqlTMnk3R|u=q1h-sSn(w4{hu>gJjM#r0yS1s{EWt{jjAMr*D$CSPs8xy} z*Fah+Dl#J7Ow_lvpI!D?kFslZw?EuaVk-RwGcwp-C3B$)`jkUCp7d(_fSN_CeU`-XKwDtUkW-$16pR+yPtj8?k%;q|7yC zxH|XUvg1Qe7~^^)#3Aic!6WV04tx8SI&38o;Hr;?bfRAHVbv{}+m`h#B7jVQ4qEEq zmCi28B2HJ}km;MNoqJYeB_<=rRVp))1liGX1PIP4$IU`C|g}a^7qL zmPL=XyL53S0YDL!5c`Ll5X(_9mghzQ7(4J*D!Jq-@WJ_^FOcG$}@>JFVn^lwR$n=c`fUn>}kUfk^u+qH5quCGSUsin70b!_>p-|jhmb`U!tlDDa4 zERnkPs$oSWJ6jFjp;djnak*ksmX?82n6}z+x}1pZ1QUA3LPyp^*6K9du4KD>w_*lp zZQK4D4qPumHR;`1B6G5jO_XYdIND-=-25W5iqHdS=w0qKh_hHl#^Fy51zGx5xth0G zaqm{Z#B`?BC~KzH07sNivmt8jB&&Kfo=YT6LG|NgA5wVd;Az*LWdoq|DV*)D06|lE z5GJPwFnM(9Uk1Q$>v;#fx>y|oSTo&|9X1~5j`O}yQR;{)>VQ^yw5uQPFL)8Jd4p}J z*@Ga$G_^oUJ{2Nroj*?cH=Ns6`dD&+*5xR>SI1t`9m;!J#*%UEYy46Y#qB9yjHMJ@ zIdtHsJ8#Band)A1<^0zS&K3Y95iiFj%a>Cl%e)bDEi)SKlPZeMz>d|YgdbRedn-N> z-DJ~Y=>Ph-Y0UlpFf!$1)}xul6LP%cXqn#aJib0XF*^yK)!L#5Xs3YTDinlYGdO7pl zSec6_-o8{7Jfmi*clPwqqv8N>=P}QJdU^67&r`^$aulgr>HYiS`$it!OVXsGcF-hm zEE&q`T|fMX)@XRbr_^6Axgu>8IGR+gN=WsY?{bA4Zy^-Z9gmU&<4(gL9XRbpoR|!r zzNWg>9ixOaHI=i*d{*WW=KEz~&ZZx@8UQD}1SdWV<$1G|o*nV4p%!{fzJy=f0tA!}?bS>$jG z!La?EuT8B!d>CUpqD8xllb?Uu_hh>H-S}-?-D{a{mff&ZgE#yu+Ft5ucD!GI47mv- zZXPCBb%p^4Xb`VKmoF&Xsljj4FuCw|t(}Fd@#0mZfiD!NV$bLmPrZB6b!FNta>*6< z))kxaxrL_?(y7!k;-9V$?eqq`t>oc4-Z1J9!m=%kQ>AvCiz`e>CkIUsTgu;qfjod^ z1^|PO=>c$oI0;xEtv$a5O!L_KD#tKm3(qxbe3Uj8A#{f&xPZ0Cj{1)*Ar}8sn^BTp z?>S#zJp)+kzwXN z7!44%^;FB7L#x2;5>HUBv|8~3PCdW+@7K^LL*8_HwBB7rO0o0BJxCdwH3b+&NayxX z-k>^CO@sSxJUWD7m!NrCt_}$^Lc^Zrh-f{mV>dW(L&x~m-JjQ;cP5j6Yr;DcJ~HW5 z!MKo`Uzp?sNoc*JX?b9Ef_A`E(pm7jf-1dcN(mT|TIY#md+ezcYRheUJin|e5%Lf< zl^Q;UlV5vC1H2zL+A1T7#W1rv?+3pc?ox9jvp%#}?ar8Uz*sPjYE@BGYPi`r4kLB%A8OZ$DvEb7+2_TJ2!5_}P z_;KG|X2lMi2Oi4sjzF3aTv;M05q;G(ixBb*dYqbtZbIPv8jaA4BuR5;=|kT29G#hs zSa#M>uzNk#?*cj@iw~;%;qkUPjE{94;c=1Id4Q3QsKY73Y~bfD$1|wGO4~5@S=}zugx}Yi<6< zJ_zSdJnm%lvtDai=STDiQ5UxSw!XPOz5w{v{^_N&anm<<>w@RRd&Qm8Teo!-)5kjF zW6~U;Ap%Lh16VyjX9H|*YA*w5_n+e)I^#~gca6HD`Gs<(r}V+_xEVhMLWILo>1~hl zB&NPcGTpr-U>>P_ghBbH*g5Aa^2p`^)>opJy)7;qA0M*W-enjUg1fyZ3ctRqobrvi zCSVQ7p`%XBGr(GzxdXCVW8_WVHSyAKWnV7iCbCIP-<=uM>6~Lt4NY*!BMMAZrp9Xe z$bT**XOuB$TbEMA2Rx2k2hC0;Y9|*i^3>(6&}*IiB)P4R9X=>O!8-8h(H1#rFB|oI zHoz&m5~b@?t$%ssXh}CD%n2tR7kcUy(?i~yPLJ_WZuj>(liA@+N#4uzIuq|6i}H9ozN^%1syt9D ze@HySQqBP`2kv>lft>N!egK5BT%Q47Gsq7a^&rjtKC}L2?+F*XeCEh@iW66Q7_{jrt`yM&8G{odwxq`WUR!PO~sFWz-$}js*2^O(e>aJZW;~ z=n4JU;sPU+TzOy@1IqHhJQwUp+^ZM$7I^I zU(?|g*4|dArc&j5cJs=DvW{{jq1IHVYtzwNY^H+K5*PG1-o0yg$QTY12Snyr$jzQ8 zsRcTx%|$hD8?1+ebQna$Vux|t$cf7bM0S5R;FzwOSRxD1xbw2v?(|x`3E+u6)ZhRp z+)A*2@M7(kW5&-vcdlT+xJ3hQ%Yv<+?&!qAJ(Pn1^V;NR^BsMP@CAobuwFG z40a7$N$j2$v8zkJfN+w?+^1TOr%L#bQh&gS>ymNxA>eKcD0DVgLvI0A#@1*6ONzQ!zJ{pNna{ll~UN@n9SfRhu;g=x70`O`tGc^}6yP&1Rq#kuiS} zrLy`Bh)Y%vna{6(LASwWDs;_@oOpu_1HQV^RfV8UcBjFp`Q_qM@H$(`G9Q1@R%OsF zl7Ym&zTS;e6I={^g7#YU==ElHghpMwj0T@fP9{`+^nqFD^&Qe+kFAGH1A)|L6FinD z^)_~H0^u7IE(fEOqjMOz(6HWvoDB_A`Po4osYqFr;;t@M_SDovy!E|jK>p)36k)B* ziOb-WVRgl9>t0~(#~PJV7pJ8D*8y9aXrq)cU05fo+^#_G`F%jx7yzOF&6}(n(CE~l z@~o3|)5pR&af>B=yQ}x%cI@doVZBxJqk#@UISwqWYKeK=to4@i4~+qxd&(rMX8hVh zp#ryv82|3XE#ZMFNxCZ%_4${|CN-GQ@e0H7uTzd+I2~Vjns`=n@T(RgQ5t%RH<3+^ zLS6zp;E0i=qAbV`7d}xbpL~HA%rlJk4af1WGwwT4XK!k&+5X)_dEb*aDnqI*onQ)^^ToUjzShO3&UIvvgVg zbWy@YpT-R^dRl2<`gC2xis1@VW^2J8D6giukQ!rdDt3tyw)`dOhq$a3`Us7n=X8

bzybD6HK1h#c2!uXHi>il}n^}&}$ZQ-d+#K(gYu6=FIwL+8S)I{ORe{JI#(JFP zeKk<^xxJK=sOYZeyR&~6g1|51{jJe22VfWH;(`@6hRLAzEJ|viIh3$%sIu+7ACVZt zKQ5G#UYAlo>ki~|s!wkF;0-F12lMrh9#P8bKM`X*&8}C?qc4m?t^Qu78S7LcIYVtT zUac_&89izm{RO94eLB%qqwk*L@A{SVX?2ys;||}d)1W)syU}I{Zk0;RCVZ8G5$~bQ zJ>NxZ6n!GcgW0KWMG9_B$_^XPir28Q3R*6W-99-2%rT^ALiGk#4M#94}=xN3n z+B}f!1iZJb)R^R8g6sfjcPS_@s`O^5NLqzT(hgtlA@q9q>L|>MYwRej zC`Q_UJke3NZ+An#R=fvf?SmB!eE@YNS|eaXecv1SN|2ktHaX~Z=W^j)mCCb!!+7Dn zGcaJk@h}8*EyWt~(7Vg=^0^x|rLcN_WPMeTy(f@r9(B|Q9c-A1p$g%^qA$f?6$g1y zw#e%|Fc$gH>3(Tl`k;#i6xRNIp{3q09suC?y=dIlKwR6FRj^;bt$DhNY%=`jY#ny~ z8e@5-rQ3;HnPJ_Ysn+uQydk4marB(7U8-ZnxZ%lqUfTEXn*=^Dpq?``5ilvAg(|h& zoN+K{4_lY4(}Q_6`UGn3ku}xLzz`Sx{AN-)pfgKqkz`DL?xbH+e%e3r?22?XM1HSpPhi&{5p`uvFhUT+ddD-o%(k zV&)HL>;6@J8(EMo*~x|Wsropr92{-FpQ&5o8g){+6TPA88^q1$b45jBj0XC2fo9~T zM1A&aYLSmo6>!u{z~f5jEAVaa?}fkvUWmJ{V&KNoVOxr{?Lcw&Q6(hfncnA~U?YE; z&m?IL8Ai%@#=CN5LbP&?HH_>(xs~Q9z4;rM$lmGlp(`u^t?L_`I_tm_&F~b!=+@^( z!`<{{%g`Q9L$D3isM}};4P$Jw#$mwFbw=E|?ag@L?K1JR58RQrF)IbY+FAK!GoOos zabbIjvrx^8%T325la4E$?_r(Fm?L9M=A8NMxxR%#>rn9I%e~}y2^!58f>nCr zY7p}f6jhX6DzgnL; zDZ%;0=$H*NP4ej0a9WcDwYiwAuMq!BE-b)1=Lumovt63;qjw?wVKZy=r z`n7G$yfMNM)w78y)3-BGsqUMY%QTWOqwWOh=Sspbt{P*JXX{_ryiU%K$k)8e*PThX zitzxvivec>P(JEZa;L)AB>^AR9{Hf1wa=vlVUy00>5%kz*u>yk{uIewNy*w@YrwSg z=}BQQ16lhvbur^9?=~~9!rLUX&TompHp9-F1DL`!Y=kY}65Cry% zk74?rxY33A(d!EmSx=WMB=?~jj-3EXAxNF%dX6pR#VYj2wCtK_G%2HgLQVTx-^*8}Zteqf0B*%`2p5J#a`GP)NQ#`2x zlh>^t1DX5vD2y`Vdrs{!eb_f{3X*}c8yz$VzUgOgcV63%&Gl97Vee5F$`NmbLJ&m4 zkshJ%pAZ#5$0%B87GqZP7;iIkX?_GAtmr=&H%v9CQ}NgpVpQq}mm9rmAnY^DDx`j> zz`gU!AiY~RqC9tQ&;Jpi!&QI=7d~27)wIM%L3-%?mR{D#W+@O1>?0!fnVYuvsfQKz zGGoKv?}^-rJG@d`<(dNJOE4x*fNW`ZIz2#pXJ-pQVxono0^fJJEmKx1cn z3qWfm-tL3RnA;Yzj)ydpxT0@UM_Zd735f0Z1&+Tl_6TaC4nj&+70EmIKW*(vP=ZB( zq`IK7O>Dd8UTWHERWeWrjN z^0Y72BmFJPya(f(*Mh7D!+uj&Suz@evR@P7cRKvloHpF?vG zuQWNinw-4RPw*XY1b^~Abe+gO#h)?kxw*lG2zYW4y4N7*hIbtG(h3l22xajg!ig3J z!8daLE5eyL*Bn6g&NicgBd#$9PUVJG<#Ym#3IKlEr~p|VQ20`U(RKY7K`&3klYn8= zl6N%3R}Q&b!K<>{B<<{Dz^H3=N$F8{KY~Q)JHvOOK+Sl;ncysN1dBu)!n~s<5EQhF z$v<++LW3ZZMlm*ycnx~cYSGT@yC2Iy*{ZTRY#o}>wInVYl{qM0vpSJGC{Q*kv9P2n zEinctnVuV_om`GR&k3$n0bb5!=Gd7=Zoi5umnw+O8eIPzgd?YlDp=J~`eg;{g?oc{ z^p#*yofxPPgjs)5jj*aZ7OYBBC>)$50iqw(Cr(1ib$KX_Q;!^;&Iu+*%zRT}eByxS zL+GU=b8qP1)rZP}wV2TY0!HWJNUkICvpQ-T(tUsT~DsibxWe8|Dco7`a> zS|HGB&6_W0TKg8%#f)79Bv6TY;>QfQ2`G!f369w>g&Z&Fuzpb;HxpVBe!vb&13d(a zczAW?!QtetWGzP)r(Vfl6~%HBNY$}Wb&CeV@GPx15cPo*_Lb5p_EoBMLib-&FLe9I zQ#{p)6o2s7>9rrI*C!ug!4soWH@1^t8~|Ip`3-Eh;;jZ^s;cPVbe_;XrQUWI zsio#rO{Jatv^+ce)I`D6q-bi!K>qMPq4M0^y598wm}Yxx%dqzDt5J8ukvV)1Ih8q+ znKPY56Z#NSnm8m@q6Cuw-k7%m#*6B7(u7u)j$aRht~2E4-!tg!xhdtv-=?9I1z=$U z-o){IH`MZ!_&t+6C1EXy%Y|M*{Cwy{k=E}gUgJue1LCacIsLwei@_P5xoQAoFRPDY z9O`0*@+KHgM^Z2qKgtiAQF}fFUZN_*!h*l4ii(C~pGL(!(2S-<2COf5Sx{d8FLfrB zRR8o8*?;UL>_2w5w^#n(OL^w9|A=esV&)pO(hr^+R(*{!hJ6N?-e7gJ!Fs#}x~VKM z2jSW-WlCZmDxoGSV`n?o5;Qc(%Qi@nkWY<1E|BZQ*q}K zHGgp;R`=b>Z4iFIi*5c20S3 z((iPvIsY7Ug`DA@CXd|9VNF1*CC-$w3ONjXUZdl1I^-4{ zW$-uj^MMpZn>;7>l>)=&Z$ax&(h%mf67<-F z%bzZc3yfd`z{PEnlvZ*CM{}MU@ud=k@$mqWkL$2WP|f<7&XPFj$uKeRv73sz z#a{|zK9I80X^S)s%s7E<-0Iw*wv`%5Hph@ zJTusTKS&JF*fsBCGV&h&0C>CA1$Looc)XV=7)@OLh+IE+=8>E=(um`f9z1|$=k zV!L?>F6Q56`@)s4S#cz!0r2Tr%sLrflpYBa$XxScdeO;&u-_GrMiRyxNF-hP@>~T| z+yv)nDd{knws+p>5m{D3DlTu9m!Rb#mvApf;@_xI!a-@R4* z$K^b8>3`FfM265f4&ab^r_^y=fILgq|JsGg`LAK~SZ>;cj6DDF#_@(YExbSGn{29H z4wl7aDx>CneCInc>Fr;I{zv0R7!2JmEJ{?#m)8Rn z(f{oP{omW)TiyRH<*7>lg@JI`b$ZQS=;97Y`vi;SB%Kk^XJwZwyQg#}-Cm+3Nf(}cxTsAU*^9!V=SX!_BcRt0E9u7C+Y@>^^nr0FI6?9WrL;RMp zB5@lB(WKD_5pm)!kWI`^;uoX5wp6hQvOaK!qh>T{4T9i99gk*aw`1SMhXy~tL1}s! zO?y4p?YsR={`(3a{$|*r_ za^h$hRaAT%3o~?{JEJ|5r#Cggj8z32S}zzudCMfD!CG(#YefU=U886H{LwN|fceLD z)0+$#9F)byJ!|+gkhXc3rdgf+$Xb2(rsYEs*7@<@+yBX+rXMp5k(l$P@Mw^?u)OmA zQ(6kSC{ax0e_(dE*c;PF!gRLlHDS2bP^TnuT&ZJp zawBL4z7ye0Y833M3(VsEGuSQ9HrX?d(6is>oW$%??P@N|%;junUUL^czu?z9u}Klk=`SLgp_Jd5!E5X3_2 zgA2^XvPsJVRfLa;uso=}mmK>=SYV~W$}~S(NHmeoN*()!pGxKEFnWy;|j3QO_9)gy3};1d}Eec80^?_DsS#QN>JvZwFq);Qs;U)bBe0 z?$(>8J1jPP>^}UDyX^e~(Hwj303e{ZJb9}TYyz!vd-h^ERA;#2jeT>BB!=K~H zfDlsw?ZRMedL$kYFgWQSzIZ`@9#Xp)##}@QB5T12fylT;!VL783gG!nzJawfxjXhk z^#V}Clc3vIZ@5N5{p<&~{;d=C56@0@CEOVp5qk1>YVm03cq9CZoM(gD=i>p}+uhyXg;!S**E1}&Q6Q}S*Z%PC4b=M?CWR}u-c|7)CPWFE=W=#*df%8%b^e?m0%Uzc&CES1wABa0JP z3nyjbu|5of57RNL-?Zzj&hf08b<)6CftI{S<9|f#p9ME=cncy9a5phH@+#wx5wb4@ z8h$tH)@W41YJ=75wykjWfK)(=&#$ z*4VP`3YK+nnbR1GEBw(ON|;3v<#@zaQQyX-J|3$mqsvRPidx{I<;z(`J;=%HYg_0m zLxIIV)%|~~-vAWGf7nXof7ofS;(smWS<3yt;d)wHN?1AmW;yllhAiV~uFT{IxePa^2BY1ffjK+AUTmO-@o9*4^R%5H4 zh6(ahL(T;8k@El$7fq#Ytc(ubE6eF@%~CuiP<^RmA*j$pD6d3SeBM8sMlQXSHBqx9 zgxjwug2Q}I3jOa5;KUZSXjCFRtTtd^La!IKW^4oL{_buj{U>?}^nY)^)7jtI-3R)= zy}jN31KV9_Pcxoxoc?Fezp)|EkfY&##K>SE2vlyP`uy+gZSAh+e;H5q{L3%nX*7Vf z@Nw4NKhyqiulE0Pp6vO*4xKAtce78sdaBQVyVKcP&Hpl&@n4qn#MGT|tkplantRQyTHlR&p*QAc-G}TKcQ|6S zM9BOa4(v>?6edEaPU;_#)_|MK&jsH&R zm%3hQq>T)ow?f}Vy&KBY(n;EkNZPICulFmL`V?f)j~W<5$gUS*9H?f>2OZhZgm zuHyeK=UHQCunS<}k!J^=TXs8eeb$|NLo#3=!?tm*(J4Zh`lCrcM#yHcONK*+dOsdZ z6H0Hg&_&0M8<#T981G^C007^;CQTn&$6~$_x6fS={%xbl(Bhp1KGj5&*w_u(5Vm!* z);vDHIEVG=0*Iqv1gn+({pg(ay)ddZVRy9XUygpQ+5J6i(ZBM=;JStX$e+=T-_n3E z>CJS^uFzhu_I)$D9mBs}=L7sZ8NuKG2SxwxgkAvj?ezEr8WesWwWim1ofa<#ub!eV zsM7v_b8>k6@}xQHS8F4G|94>9Z^!-r_B$*4|D`;z|26kM6#Szm4D-1g&--MF-_~d2 zOdBLKAkZTi_h7_ca>mXM&rX~2onZFDaR>;6=d-^l=E%Bt?ENozV}M3;Lv$Tvhto-b z4r9RfG-jHg;*CN-=tZrG6McwU;nZ)SosQQdO4J%CV2yFmZ#WWIYXeCl{mIY?3$qJA z^A4gk9RuOG1AfkeTVG(z&~OdDT|u{j+NsPBszbta4Qbj3*BJLEC#zhjf{_&dPGa;$ z?FL#&W{fBxcp0udH9nzh;*E)bV| z8X^zIvQ{&uqTOuo{0Eg03r6}o(LteBdkY*zxOkBB8MRB~o}8k%9|*}$>~eJ15HBtd zYPHMD%U<9|cw_V(85k)*jRuw1#hK`3iW~$`00|mfZaauBg2UjBk8DzG)wsz!6mA|q z4f*X9%o9wA_3pRzHS6~V+RYGy!_4BMAtwZs0e-{>9laR4u7V9qrawi>EBnYBqj7x~ zC5IIDgdWaK=K2x9pf{JgOU-FGyrgSA^ChzFOWIgQ+#(v8Ru(@oPMD8Vc3Hv5= zxG!WRx?sF|i53{qB@EADzwhBl!HC^$8Vd~O8rCND%7G3{Sa7B0lP=F#Fr}ARr5k)C z=Ti6^mc4UFn;0q1BnaTQul54wmP0R|ku%1^BRN{ITacy^E%05pPrDg547_wV(MgqD zUvd4x7z(%A02;xYr%OVo*(17lDN&}B^nf16bv<(VXe*W?+hq3{JiL4ezU!T#Bk;~eOUIBzYrkZz8qO z2O!2Eq+Y@45$|s$Ek|~@P)@ZbMDhkqm_~Z+MH>f5M%H5NwpOFdc}`kjeFk*8hxG?b zzvtkT#pVSjvg`6r^%+pG%N7D}@ls96E$k$%mrW*30Dxu74M;}|vF^pYOWY!pa0=T6 zccP?@1l#+aR~K7`=!3OsIIpOw^ql;)v|tQ9H~N25H@rJw&pusTAm_Nac>aI&|BYbQ zE;!y7WYhIsUD)(mR*?88Zw>b6KR4fquRn65aysgZa&*$c+v&PA#dh$==Zwl7m4uR*E&1Vb&6mXL0cT9&Rer{lfL1VLnG^LU4uF7*zzaaP zkIvo^vwi7~(CNc&M#|w!le|R;0{kyYHqwB85{xgUG*@o%$$?8OKKX$!h~9WASB8>E zjL8P+&Rtg@E}-Ey<#O&o$o}V@7xzpR{dNR(V;#_zshvRUAIWXM;L?pnr>PiK{hl z=Ja6lvKJz!IE?7zqI(CcwCwIpov@j}Z;HA4W~S-Z^ZUW=0oxvN8uso4-DP}Bb7YB z*}BONQ9s%n2+1E$3~<_sJj_QlG0`8v(F4SNJZVV$MBYhp@{^(PQx1UgQ%gidCJJdB zphYuyN=Q9Ri)y-tJSn^Cpd7+tzQO1%;_Pmm`cXp>_@tn4qA2KjK(fqJBpt%|VS7jw zjKe-;zhy?U!p2l9_2Jdiii59AGJ)Zg2=G;y6c*Xdo9xT34= zVjgIdU-YIo7%#1H)NZ=5ni5CSq=>LkbK`h=^(vU00m%otQ-Emz=&`uGtVv%!ir*@p31lv9!{JBZVeABfViNL`wHcYE473XScz0 z*k`;lgWrP9X>vxed~^ z5&Pv@LS%M2eV`O8NS|-88N#tWDv6=M5#_LRk$o_wrl6A|7dOg4cq9Y%>RtQD#>=*4 zLae+Vp-G+%F})hBM~)s0p3_(QTSRomXEq#-@Q8`J_sk5QxClgN!7=m#ivBQ!2}Gv@ zyZSwyoMoXIP)ftGG=>UC`=%fP@m)B?EpdywY#DkHn0P-fbjcfn5;&rC4Z^k2w2;i2 z(M``rA&%oXg#ZcKQvu0M_PZMfxE_L$H?cG=630Jn{iz%$Ou^Ba43ans%_|v0;CdX7 z(Q!mBNsZ#WH!sSyT79k!XRWlV_jsqn^{>LC>)%Oj|K_K|BYh4n-zMRR@Jiyzag^<( zSGq^_R7DZydV zQ!SE%yeYeeM?j^)F1>Rs9EIXKiDP0M`RF0*PAJz=F;Up+tmCM)BuR+!+Z!x-N#+c& z9AWj%Ht93$89{l?&~_$(Jbqo4vn&k9G$un3h5J7nldKzv8|;dR**KOLacvwiJaH0Cis2r!a0UiUsGkIA$>-*bLlMndNPcJ-*swDV;tq}x-jDbblq^`UEwJV zDI=7lh{2l*S)7#q;lmDRXFyX%nBfzO}lU!MDq_ctmG#|(Jo>PBvJ0F zb#9i~M;Bw=_2-1qh5>P=as1$BsiqLe(7VAw!PtyKomd$!8{$kj8j}{UuEuduD9(ao z()uO_@zBR8WKc*3O=lx2SH7JDj#YV~Z8VeuF^S`R&kQ(Df}tB`99#+F3n5XUvVftY zWI{Yq)T>U(tKwM0=*`|043yIwXkEKO;4T{tq>Qi{pOZHI{igc!H#97}CetKD`qH%8 zyKG`mbQpgJjT<+s+4ubq8V69bQepPIjV}xA{tkyEg`p`r+ATTkABQhrn8b+s>WTXa zem9`(pPX)RW8F3gs}x0OZwCk{c11%M5A$@jaV0M)(8;QxhYPX)tz`eLBg0f`qq_g! z?#}kg|8pr%rTI73W|cMy{D1b6_W!$kIR7jA|A&9p)U~8R0n_iPn$4QL$2(x3KG%2( zFm6dBZ_W-_<%=&2i0oV|cSFX;M!;C}+NV~N^#6eE)M}|({{z+@K{<74alr60p;j~1 z?;QDrl9mj?YHOtU#Di$B=SHS)V@>~weV&Fx?%D_Hb$(Tet$WUa^>Tb{KdZ!a-VmKmIUWtze1cL_5%{mC$c%P6nR;PiJggG(=t zW^l3DNSMJHv?XWe7H6%PI$;a9R{Scb$*@+G9Q7a;36*mn&fihOV3ascMb$k$tJNkv zRv_2O==^Lw=YZWe$SQKJyp{~Z_PTdw%{<)|HlvkF$@bDKLEjTvlA5VlA)1R|WV8fv z%B6FxV4swa4kaD&Tgp8x{7;LFzN3ly#s`giEx~ep9UhUOU^Nm&!v?7;i&}6ey%rR1 zQQ=n4X>`f)tl10W4PtJVwC)PMRV|_MQaxvReP_J>nbBd-Z<&^`CV+Uq?AnRWSgKvK zOEOuUlmQJj6QK?L6owm4zwesn5H)4-!DZq#>oz8>^kHlZ)XXG>F=^AgN(q8tNSYKG zp1TzoP+$=HT!tiY{|KhSm`LQ+;uW&W$V4Kr^V5 zznv?Jpt5e(5=llx63178j|l*k#HlkoqP)78)A5Y@A1Ulu&Sv6@Dxn@IIRCe|cVqc~ zx8cX?{J)eZmK?{v_KqivgTF;4nOL-5GncQyP|O&<1;KOEH4ZxdD)-UBm07MP6*Z~~ z4J%JUBQp?EZaq-|Hi0*hiF8y6dC{Vh%43uy>TNT_HBM!DG6aY82*&A%+hJ!_WgWNJ z!k*^~G*XCBvN2;q^{o(V(C41R-LVOlNI_;6?l}^S5qtNVCl$!*GR57MF{JofAXyLT zntT4i8^3*V4vWaU;wgaA(fjG|GhIwDG_+m~PYYuSay z(+|`8V9$*7-*$$U)F0raF@Ylb-;T$B+TPjktm3~d<;hETVbSk`6y_;*K8b98UkwYG zfsU)B>liqTyF2s4qmdHLv_q0O0pv;03*dOeo4aS8kKP8u1#T+Ma7{3kHZE zol@|{4+}{~y?U1ZEK2?tzKf|DLW=1BRy_a5_D*MOe?|Y7@ucMcNXzXJI~O!!2ZK4X zw|!Gg!N?~O-$B{A*)pW=l$34t@9Q<01A|`RMJWAo?ehQLqEdGy7_T1r%qHdIR;SEf z*A6fZi}*LXJe!}v1PbN<{aF0xolbk_smFiKWULRPyG^AY*9q>kSxtv}$| zm=Ek-v&g)S=?#=l!C0m{$t2xsWUJ_>R;=f7J!ORb!PrTND@8Qle2VCQrxUaP+uqx5 ze|_}-Vep^x`4aN~iZ$qC0PZckAck!;gw>Kf6)cWP%zHp7%}%nyy2WxZ@&t3lxmIl9 zOFc8{e=vI2d2{k{Ql^ap`oFc;iRXXWhj&k${y&kYswx{O0~$57X6@8x z4!d%1*~s&!81oBFAhfB6G_W9-Y3UVh*!!yBUn2b2ItH$_ZwhT^XHIctP{?a{!Wxax zxn+4VFzs}rS#@(`+NR=U-j-*>Er_K0rBaG6^!_i^`lE#X$9^Yn|FP3~>hj+cd4&8I zgt0}fk_cOGMW}<7SxB~7NGkpKnvFuzJN(E^LRMm?cxI&kk`FK9{%>nPuKxw{zrCXW zOL;1t|CRK$y8oN|;9q#{mvX;{7R>Yq`bijnVK8DcBR8)8(V{C}nY&(!~ad9{CKZU5@>_$fb&k^fXU$Jk4 zLH{vUM_j8dg05x?e@8M1ghj~bP-;DS9w5g+Bviz`aKP?sv+7t0DSkXmb<>meMbX?) z7~1i_`F(v;{rb1(^|RN<^-V>E;YEED&YAdMkztJqxIcU7VJlss`G}QEQuJ_Hhs=a- zMsNLGBnf)yps)M3ia_0UmK653fq{KYrWv9#>HZ?MH4%8PM z7mL;`czFKzVd#O_{>vG%T&6n5s5}_w%N`x`l$I*DXbC6jM{1R@9Z2JFbK9_uGIZFm zH&UKTZ&+2!Z@R!PMNeWubE=wZZZEH=4;HCE=fCAV zwjIYf(h9p{HIv`2qAtUUTgUG-yrJbw-iGawO+@*HF>^+GP=3*!4jyr?oXQG9l`v9f|E=;3pF zAAsAoxVnJb!T7!5wC}R@F_7X3`>y#`wAK6x`i-H%SUq3)R^OnWMFXd^y9dyV#>kBL zwUB|5n}q&O=zZtb7t0n67HmWhYs$c2s;n8HOa{_Qon9rS8S<-|@+M{9O{`8H0h!gU zK5>)w3!$C45TsJ_KAFZ<*7=Plq0au4pj!%1**_H(rzEJSG28K9%-nwx@Oa$MeIrgvVQ;UquD5jlV zZ_J|{Ha@s_Mb)85_TJ?X35&iLK5tD%V~VV2eI5qa6Id;MI4M6jRto=UtkP*XG>6Ad zrN`&k7?@ZVyVxuzzkd1zm|F`amSZm7D@g}JiiF+pL?~<%#nf2YaX2^DoQqJ~i6JCn z^PIvHO0m#TcdD`~&WWt5w%1ua>`D6aQqCkI#0h_f-i_(qBQCbpryDaiXx30CqKMi9 z6(8JW@glyPq;c^GqH>ESwiVyADZ>>T0~;ie%>*R#T}hr`f=r|5i8lCfH!{j(pq>=q z%p?G*l8(UJESNs}DiJ~+7?t%r6+}t`0*mIyzUqo*eAm3@jdJN2#AYjzGFz8aQiu3r zw;MYCwOa;^EmGx@jl>HPkN6-RcQZ;cGoj>cvXuR`XH~V@Z=`P=6$wACSGUiG_Lb_r zN(Z_w1^zN8(2XQE=H>$dbaHp>g(5a}$|$An$3}@Q#uKEQJ>+l73-l=t4AvZfX*I|< z`z*-*Bggu`jQxLH|F^y0S=s+C&%LJ~|Mh9b|5$wdr`2ADy&T&rm7IOl zeKL3SQNBMyH_Cq~-S2GPKjq^8*Ji*7=h;2eRyJFT7{2*FeneVTjGS8y?zvjyS(n;9=?{BZ-KQHCUwPyOf zit~{f=i}Q6@bR=Fd#spCrDsO^e=%@}W0;2KWL%sIynz09_O`d;@!$4$SNgxDJfA+b zzGpWc>@7^yj3ySC&Exq9hXoeK0sFp1l3VNh+R4W;stG5tEYP%Enl(|bfma)zUqsUz zx-i!!8um5n77l*MzVQweY6iZCbiO)7}Tq{Y%e_dVy6oobXS&?8pf~l7yk@j~xFmq1zug6RQdqxC(3hhv;Ta z83;D?=+XG34N6Vj)9yC+nmg&Vw0QqF2kvm>UHd`k&bY>k_W$m7{QS4Qz5CSdf1k*+ z#?G7x#=MD8H_xY;-40xzb*J8tHahU<4)~3MX)r6?0Oh?(boX{*^BV*Dd@<{)}$?mIefJ z*N5qt?mna1_s!^b4F7hW5AZL#SAG9~Q1tIk=mpb=ogSY+gEz3h`v3=IAe5eJO|S1d zEnXg8)n5Pl>g3J&lMr5t_y3!d!{e7H%~5~mHuCrX{$6J*X8+&m>~1}E``;(>tg*lH zd1k)=nP(*I)oS0fQy)4!97c4Dck6ap--!m@zzK;Ya9?WnUex_<9l4Rg%7gH_wNb0B z0l|3jpT}=%wad#(VBZm*T#%ihy%2(Dah3(;sG4YACWsSgy$w`FeM?H@1Akf<>zAXu zhIny#kllWxL8W!!OpM<7UKUPM`Kg7um&Glp0aC}rO2I@_(ZzX-C~1jgc+jy?aDy_G z=(k~s07b??G0|DviK3wAITJ}y^#~yh-b`c;RFn5>3_b00@r@}DRdGN=p5Oq@z6Cn| zPZ0HlL{Y09iWj^Ad5aCd&=Yul=zVZOnrwEO+pO^;yXiEynp+zf;*9iMh=nsjRDjob zC>z#1AA16v0X2_ZIGlcP1uwM zOwW$P2bJqKETb3>i+7^WN1Mk?o^k`qTJ0XVZwLzzxE(8c?%A;x#S2UG^87No>T_Sa zZOEbjlS=?FFoP6=hnDJ*~4E(Dr2UhHxl^pCwLoYM6CH0@uz zljg|t4{t!+M}4{i4RapAepF>KWhPoTGDj9o;N^S6Suo4S%lY`ucVd_&@p3*AUQ<66 zvpMn7MDZN$iQVhF3{dw*Bsvy}vU$+iz5Yn^etL^K#c4St}6j7VaJP!S8Jz6q~ExUORi7my=9vwBK^7x=oj z1tsx>9ZVg4vpe?%M&7yg@MR*AFO2%Ow*V$c$8z)5Ck<0-|WC9?sgq&zFQ( zEKE!`V)lZtYh~e8SCL$x-JSgoAVF_P_o`l9nZI$V@EsHn#gT;?P#j_UBu$eU)gg8g zMR58cFFq5od3I1depn`;dv=ONnGtF%A3D2?NkL_CH1L`@*G07?UKrzS{qiM9;%M^- z?3vi{Q7u7GCZBUbnyXL-$X+?cJ-s^TQ8+ z>N$Vf{geBr{(i@G_pY|LJNvyKuG&BB>^R%o+k5@1{-1U`?d_eb?H}CEm3wKTs3W*# zVk%L@qOhna+FO2?E>Evs1(P!%39xO7M!>9T<0WFcWC5`7ibVXEe7rv8(&T)+q{|Uf z`&=mZrqC>n60ue`UgEap^sE|s7G6l`%Hu@=;BHAOmMDS{>wbh?3qrlb>xZps2xZ}w zN68FQhSDq{1`>g3(HSo z@jB-L&G9g+XZD^V3?Q8V{EkkK-$Xp7AG$5{dIH&DHwCZvzf~JG3ojX_{q!tz-OFiH z5#99wrW^%lK*+?4qKcgmp~elLz4GtbVZZNji9(^smFaku7I}TQ=Y&Qq+L;j}yfFCf z;m~s;x8S^dk7E<@Y(w0Q1<~q1i+C78gcI52=Nd0KMBqfoXua8h?%4?yiGc1?l_Kcu zk{k=Gqh{e%g04z@OuD*$Lsm586C|xA`WphTdFYqK>#@;Qi5H&pa-kUG1!Q52N=mvO z%E7BO6IwQ2v~Kg@q~L{h$Xq1@ulIFQ?ls(x4$Lsp$euH-FJdzw5y7aKSr}_%sVI#g z?bb1z?9gHc{&a6#INo6&L~IzLYiu$&{9a9m{BBQvLapk1k!(Y#Rk`x`@Yi#8_~Iwk z;E}Rk=emBpdDbS64PZu*xT!~bFy}UEIKys3^vtk*Z(UD;#I?kSmfk$AHPQY?b5X=) zlDku^@qGK@+#ars@^j&(tnQ0Iz$QL>*LvxW@T9I%grE}Jh2`8LZ^OtcKi4KUqn+kL zfkOclm81pv6|e{)ijXoUQGPDGjQFMbKskl_n7xbut2Ac?c+E3j zL=;Y;xg#Y#qyxis?@bILL*91?#xImUgy*90D#D4kbDofY@=#kSULq!J8n}BV1IE(5 zRnPHJPennDfnRujir6;e8skE4Z{YSp5DRlp=q!Fn|L{Y^R8_Vf;Po0J>`SM_nT`Vn zUg+;nq1sUZ&lBA4k=HO)d?I4Y;v7b3!@!!*aFIXqewVSSTPnpM}@mdsK{80N6uM?B-?%A2K zuEhCwlzsJxGy<}f0#ouQRgJNi7ru3kRmCPL z_8_?Rk6}CIQC8sFS3EJoChG_Ovk3}^uGof9AFvyEV~k*dHcgZ1nEUZ(>A0)mm2=y4 zPdO+WJuKTGWE3Ohk>g`GPXN0+jqbX^$EstNiC5}vQ!!q6^JJF4Y&W;t&FW?VnRun% zHWlM#-#h{Adc87Exp<{sF%{!wUpLKrsbt}mb2>`mh2mf0V8s5NiKEfX1gxt3bvPvD z;>0y1FES|0C_fjSaQ&Ndb??~;=?9>K7Y6*0apQy@SEP-BrSe!c@-li}IoiJ=@3Ei5 zAR$7;@k+($Dn#{z9!kCrn(W-=rgVpAr$Fy|5ne&PKf%_7GCEBcflL7lw?g;I4UyQl zu3aBbhi>0gS)fJ24ea&()*5sGkP(hiH|<6bWYi5hsloq7Ku-HE?1CX+B!^1&8@tSJ zMDseX<#flsCc=treIzcvxp~|0j&c7xI$6+-8&*~hR2ylWM() zQJJmF{Wu7N>Ggn3#>0)-XuVJqqMv%M0w)_URXMf%T+p`FR zoQ)hfRpcq}=frE+cgDpRl}z7NvKPmPXUq=EonC$}wHL=rXlC+w_dU67%BXCnI!ACv zL!dy>fkU1IBM?>5DQc4kH6$^GTgRie(Y@mZ8&t4qi4+8YPf32~%&DYNE4YN2^CVPw zt*hHHOiW8y&dj^Simr82@hWk}JFh0kN)Ma^hue;qGcj5WUN1@w8ON*SUHC%qIxDiQ z6YZFqdwr>)&Ftjei^8j-C9Z{+xSz<=;mCI64NRKeCaoWrAG}-dI`rUd^#k4mQ|%H+ zrr?!hF&xLs*4w1wwbg{f-EL)7P6}Q*7Q=D8iY$ibq+b?ZXE|2FalDGmgy+=cNW2Pf zxHVonlWZ>ZInDkAUYvWs^SysfT}%Z_hiMZm9&IPwk1K6Gvv;pf|KGcli=R(loV+@G zd2*h504~MQExfewlp$bf^CxmD6BdcL7%Mk&ov=3`ErlV2kwaR)AGN0B@DjBQzd!VP zRJ10JYZhMTM^dc5OvQ_I709cBmdVkQqO>)SsED3nCbRI8ZBTF<1^1ruNw#9pD)O2@ zi)q+ty_^fLAiVa}bl$VmzC;H;IKCIrsBNOWe>?Dc++EX{$Y>BuhkdQqxi9IRR*2VC zFx1_=XD@$DEB*A0Nex~ zk33H6S*$mHP=dj+v8yCh7ve?ctnWPTKo${V_=eF2qwok=65UK~L`bQL7{5E6MbaX=$o)w9#a_CTL15Cbd&XahxX<{XzKeHt`e-TqW1}Yf6;&y} z9=<*Lg{wUUHKADOee^@--=w;Klj~m2U!0trshH_xjf{TM`sj+s7uRRe&~?W|F88+Z z;DZixbZQ}}mv+Y@Ok**Ocp8heQ6h#xx>mejL&FBBfuZ}*=a`4{!$peCq0Sk@e6b$+ z(^tI&$Qp1GY7<~!L*sjONQW_Cm>rIfRg%6)Z)cOvh^>F2N*5xVg`-7l3><$}#72s` zgs;R2zH)wtCWF1$24A20L%df{Yfl)uaPV9T$8aU?WTVL=mype=46ZK>cxVw|X7g4| zW0TdZlvbELWvg5Ryobn!Hr3+n$&3Wiv?~fsecH2l>dqNI~!)B{S6|#aESQL1a3vb_l_ODctJloiU8RWDHM2C#TiFT z=~vT5wz3kNR@0Uj*>WW|jaMpVC?X6RpHh@T7B3pTOe9m+Tean;QU0nHoHb-hZ=R)r zEVtgY`h6j*O=FeLg$h=i#-_wtlZ9s-wsg8yX{Bj&&2@&Ev4w-{#@DjwMw5rpD4)N4 zdxqSvj|y>T7&S{DA~aqY0q}2bzR@+u3suuXv`}~v2IbyoOk~x0B)~IGq=8q7iOe1^jzO7;q>_!I=``>vF_E+3 zWlto>t7tk+Z%3IjCj0i{J{GmNNE3gbGxqsU8eUwiP3y=#6KR3sX@IhzL#rr1db zWq3skglG@&L+U1Xks^x&MTsMR+LM+!vYL05IU4-n!4m{Q%}a4IKn23(WhTCF;bfb{ zITv5zQNY0`OF*1B33q1Ffx`2rORWKvJP_SCKOG+BsDI~N1B91if4QEe9IuEnEE9J4 zhX`J;j#WZwC(m_82yUvve;e`6xrdLbcBI&FcyVs1fi$Y)Xna!a1S^K{Ea;z$csE@0 z&(=wxvSwowTZSpdAmb65ERVb>B1+(Z{N)b05lH$NTX?;T+{5wsFdSvMg`w=p1Ek4v zjI#$?YAML7IBbc&Z{$zB#*3_paJ=83t8x}zh9Qx1X*RrwX!^|Z?|;i2{M;vom$5q1 z&@05tTwU|yB?8o4rkB9zaF}{chOy(~xBC&MY{C=K$px&9fDOy?%6cq~7t*SqG3p&K zzz_NM?!OLP?#3i37!kS#g_w2waVjz=>9Fyli?ei4qHNUant_*2>p~i_7>Zsb!!L6m zhsB&mC0-Q2>BdP_O8yeu!T{m@p+6bk;hm`*CZULodZDAPPw~n<-=U=nUfCg1FbFWl zYYyz@v!S!gmPn;h5xX?JvTYBA5?7ySV)Ljukui|3^?D-^rFcLZUVJRx@&Kn6gnK65 zGUtkv-CC8(#}9+%`F$BO565eJtLji?;)Sv&j0zt0Vj$_V8)oGVFTro1xrjd=!*at3 zrjRk1So|uWyF1`OJUR$uKpHM&ce0{mWco9q3%!3~8M z$7DV=!`>PbQE^8Lo|~&5U^bKkrjr6RWwaZfqJ+WeGMHQdxjta^Kdz$#ZqN&c8|aGl z$8}zPL!}U?Qw?h10_oF5H0@p>o(FV&UK99Z+k)DO4~zoYh=gGcR!_$V!EcipvJG-)7s<<}qh0i87pan<% zjYHYvsfUr2>rS`VZ+EtL?2jVUJce3UuSLQ-obBxYG;wICu#v|N!(T)iJ^r1kef-;bd^;+(npAOGY_I9kD zV>sgUr2U<6VT6^WywT`dvme0DfE5XSolHZY{nz>HS7IW7*yENlbcmiThO_+>2!+tF z>thy~KA-Y+w+RRJzoMKu*{B^-&V{kc4KQ$!XSlxYfQxYbu;K- z`cN@a+*6c+=;I6{Ww*rnrvwGX!aI##-v#tY6&eu(^H3|q`Bo&oKnQg->hhuw&D!Y| zm-jdzkB<)OlDW{Q8z%}zU(*^9y(8GVK`J!SjS+F@wj(${MIM@ z5B(Oy{-X%zYlEOvNUAJg&)t3zyJxLu;%*6j9Yr)j^rNLQxnnQioxjCJiCGX(zm0mj zKX!f=vv0P7BdWH>CR4cLd%i^ou)xBeA6Uih7W~uETc;*h313K1Ja5RbVL%I;*5f5M zCLbzn0!m;b_#fGf8aUda(pcO!a<1`(<{JAW*P@zVXl&y4jmK%iZ~Q!`-K}NfmvPV+ zR%5z2SviVKEIsLJo3I72OfkeDPtbk;ug>tArHTW832qxbH9PHtZ}}=?afFGq`)+mj<<=~Y)}}Ln=b}R2wr%BB;?jKgTf8u6w=^LoVH;_ct*gdSo z?m^i=+>2nCO>yrJ@Nnhuwl-^An435?z0vuzf>JZKYO)3jPAqGlC&R)hbS*wV5SK(gKa= zDeiL}St55C1`TPN3Cze+!=sEd7@$yEUqMJv)E5IpBA3kZgtag@Y=X=7Q7&19?xKca9MKls6}q_ZJvfewDy`e7?sOU|C6BAeJU8cvF`@_k}D zjk-vW;`Q)dUL9fDZ`F|>je6Z682%{KS}oz@#Gs7VqX+?_AiX$*-zhEX!isLjYrRXy z)u<^)Azt$=IXbBr6SFl8|JZ=?$48G)6VOIZ_(AY!S|{d~dFg!QNndGMUW=+; zbZn}N2o|uQAAv@>!@eLm(#Q$O7cA-tKRc4r$A~=y>lHt?kq*_>g{H` zuD?%)5zUWOOxmwe-FkF*1UOg)jJY7Jf-WAsxqj~ z6Hikt-@h{9G;T%zMMYDNjBr~+mpmVDe&&-=YY7=uCH^#w>X#&;Iz!kM8QqLYtTiFA zGA*%^o%Z7sTN9dD416c=8PG;5n&gYIG%5{qR2p(rOc_?qmU$_XR;$5@2$xo(q0{?7 zzo%aRKuvjD$YZXDwq5iC=>CPL)W>V^TfOFOy~KmW>+qV>885n!mkFBOMzA0*LKiv< z`@wiGE_{1H_S&4^3Z`~}voXAJFJML^mecuGI8cy&F?qj7pxzCh}6Yu-@U2j-4W{x;Dn@(8P{Y(F#kl3c}5b>LsUsx z2wyq_`nUaX<$T!CSL-dhQq*k3xJa9^4OkBQySt43ySGRG-RkV{|B8pTxA*t#z+1}pn{DJK*w5J)*6vZPzr62gd2ZtJG6s4AfVpmr=a6~`Uf1k)xJpVFk?99_Y z%lvoRd#m|h##2211|yuY4H%ETot>=t-`;C?X#Tf%_xAU9cRD!#J6k({U|S3AX~y%d z&wtnHAw%aUHzmwy*BtYe;Sr>TW$kRG-`QR|2kiZCHIxJ!s8FU9+xi{TUL3|d5Hq^+ zcdBd6Trh3Vx0LRaR4e|AE_nyFwU~fc!y9;zcq7tEuZi;l%3;09kQ+;Rl<*o~a~@vkfbHRz3Aa{NFSqgK6%0Mh-P-}IR1A0nQ?NyIAX4r) z$;<+qjBJGJsMq{ZZ*eC1)yP(Sa}fOC?U>qx*(h@$Vwl_ zNE=`sFu_wK2a%UqI26wH0o!l3o4a_L7&rixtT&Y_zyUK&`tjTXy?ibF5{7r$wh2Zk z44pe3226M#ol9*I)jE&qrn188>v#>kUb!(fc3;qMDD_nfyV4+x8bXVNM=?~t+_eZk z5hEj$`hlQM4K})a!%P0nz2hHo;A=I@p(*X;$tQu;<+!7tSp)y6%OS6GXRo>}e3muf zEbam&4trDoFnSgEZ{W~ps2k`tT|U6-#a)zAIkl=$ac93HUl0|SZ?4RrwOU$qdxHmX zHAK$^!KIB7;BM;W8d^i1-vvvVXQ=AVtQ zy$9;v04t>jfd&9hN((&wv*r3N!ybsxHc~xLid^6b+K5-Ehu2>i`L<>44WjhGYQ@E_ zH{k$K-4(lzSU-~a&2?oSs7`xt@Bo3*jEk(nl_t%b*jy!@0HPYa!SlEZn4DvXADTxi zY-*BM(hV+GWu2MK6IZ$UdZ+zEo4pNW3>>Z6!`o~-Z(~gJ#uv&^&n|D8&#l0)CQ%hW z9S5B7<6RW&S2Pqnx4yHZH^*dCCKw0GJx-dF6^Ek~^E@9eY8)}6Oc1pUTWhO|NzuNVpXPV24m}jGb_6~JK7NG-?*K)c~3S8HsT{CeW!q&qtk)qf`fAv(H>O( zFGRy?@!aQ}vT4Hh!M*Fjrv6YPN+#Co8C@yySY;r#8xGMmaLikp4?G;+~Fiu4=iVHjs2Y)?)GA7cT$%s zme17`lcqPd;A9vzoF2($T+JI__%Amx|^x)D(tXgpok)@o*6XvO7prsY}NR3|}eCAE;6Phg_@4W0Ly*ou(` zniCw9ZDd~Mg`&WLkU)=pZ>`Bp&xDraPrQbFgNVt$`PignUsmXfydXdh&c*q~FkSFt z3@y@|YUE-d7rf>tOAMz^t`d0mv6G8%zDVW(MuOy83@$oWS@Pz`J6c)d`0%f(bB7~z z?Tos?@K1kgNy6Qrq6hpsnQ8#d7K^mO8ZsjBbI$MN>mFH~G`#-v*c-mz)LUMw5ro&z z|NQ#RUoSAe`j7IXJAz|!gZmRc|6TzKf)Ab>2ZZz8fFVNK`CLdZAbR5e9iTiR%T32{ z#B!Zc1Ef@0uHD(El5M)Xs!2vAccMLLja#=X-ZMRsT5zE$PsO@^9GgT@O|rNB}q=35k^-atXSHY&?6Y ztf+KG=?BT7*TuFPB1J5f<4O#koK<)etK(#$`p8BqnKl&9LYz9shU7 z1BN;6(~++`46Z?xCx1LqqX805fZ|2eAi%8+fi;=Oz`m@*u4_hvddy<*TII+(rr0QG zwpUw|{X8J1UWaP@kCp)PsI|#LW0IYv*0PPoS!OU%DeO?_h7er+MrNU{r{`x;IqYKK zl~ZjTdWkWaFUxF=$c^9Uc8~_a#Pcnzf&(nTHDLTN?z+BaOC^5>N$p4Zk})+52l^dj zf98&xA+^R+vi{@n<%=I{X8K+&=9_V0g@(j0b{yNyIT-Gl~Oh=61ioS}CX2uQ8DAwSByo)jQ4b$CqU zE+(vGs@(K3vWkeVTA@7RU8NFIoK1FhsuDqHevDgXt6_{8W~-B?G;~%BNu1Pi)j0kI;d3G0{lyG6#Meo}dO2&6C(`-O zyVzCK0hD6a*d>qSB?)gL0+3-X`Dcj(jnpdgBD8vi4jw%;h2hYR=JTs>2 z)SOE0Faiai*^5L-mGqd&xTsNngce`5laD#a{F>C9;&FPABr`ILIDHq*rixrdQu^z+ zCkJ>t#2t@SC;%j{G%u7ZK{&7}(Uc{}J|W+w2e}b5Z?uH2YI6KH2@RE7j)W$l>L8Le ztr^!RK_dgvJZYviS4sylkF&Goo|HlL4~7M!-{vhrt1igeFoJixa+h#^m@QxdRQML z3?Usynu?2;`>1bn)j1xzwutsam9soK1Dc3lc@!Uopj}>LG>*8ca z2tPLF2pboMTtt{ni&*$27H;6gT{g3H)@zt?0ih8(B8V2IJ1hy^DRt#3~nk9~*}g=<`2D zo5A!s#TMA?_nwdLU`^m3+`Pux96Wnix}>1i`(~-d&NG}XV4WkN8vb*zxCM#e@)u<0 z+Ee!>JbzjIu0&@KGh;Ex%W0lvH6HejkC%+zA|n~duo`@Udwy>?l_4xu3PGXdg+gPz z=e%*nku%~lwMYR2En{@_iP~(tlnXn+Kq1fyFoI_jb!k2cu6ZI55#m@xi-=MVb(@Lg zn#M^^gkCr(zJ-)&;2TC7czqSQ)oeH0yY1LbWRYog!aB${4~iT7=*zvWEp8wbw-Dkr zb`uqLx5N#imB)D2l*LI%irew6#B;9y3~PX!&8dBF$NxY^uP-_^}A>1Otd}$2vvPB+>RNxL%`=rlvee;-O#tG9J zBONGhN?S)17uPU+FyyvSpnxTLbYWmHHGMfOicujml#gEPdbpEmz>UBzNtlMhP(mde z@>sXTM?;w?OPkt6&I^$(@b%4`Z3O=C4zL(FHy)5kQPZkt5)B?$gMt&`@fX*NIxpMX z)d*1}YEr#--aC12*0d@X`7MQ5m7q%o>nTH+jOcz)%O@oo{xOfuO zl}XhpkQKkK2|yvOFy9SbSH<(^kQDT#{h3!!wWmt_2er)%6}-}a=fnrd_y6B&@9po| z{{P$Uz3uIl|NkW5UKE~_< z`m%$KU}>V_5+^g6@#oLAm?QqDPeADYfzj*`QXCNauTUK>TVY|TLsOWb8X7+%E}uWk zFus;(XE7T%3>CfG+8rw1u6>(p3XaNbSls18V>vUUpp%sO`LmSI#Eoys%3QAe z{5dY|m8>oVOx-#c087>;K~lAyxOOfH#TGCXxVWfS5}I92gHspWOg#L4J0GeVp2V_F zDV#W`LA@5j7xl$z7JtHD^Y8yE^xw|^RX!q20sZf^f#%!sU-sL(TPym%j3-Y2QkAo~z4tvWLSXPPo2WPjHTH6|VyqWNWPP&Td9u}4(l45eDRBsDV;TMX(iCp>~BFXf5RLJSAj)WP54hdw^-z~#HZ&n2rr3;O3` zS@4UmnYn${W7d2eI}xxK7B_nIshsg}5*QDhSa4lo^>P*lsN?4JkUir`t6R$Uwlp|V z!vJ@{(!piSlo69p(s*D74*u3H<8+nkM>zE{T$$Z+DR}7}Nrjgpz+kK_sCI2CdI`fb z`Qaq$Is7hOmyk(Mj>BMl0TZPGyuMUmsfql?#nKY8=! z^!NmAD35-5{p%}n1pgWSJb5F3oS(csJr+OycKYIl_!D0LRlSEF@5~=(M~7$P*Q=Aa z7eAf8I=(nRdGq(vqZ8xxo5Npam4BRH9R2d<_3O9d#mm3FdM)7{zB@jBd-3a=)3+zO zg`ar~!Xa8J51y$ARnO!b>8-6^h*W`YU%lZ*3F;@tV!DM>>EYR_uB3dhxpxhDzTj6h zD|zKkC_tH-9ejCuc4WUeJ3Th$PlW;FV%8K5rk=gQw}<}SGZK7Wc>eTb_V?*{Jakbx z?F>Z_$gH9=pjg&->EnZe%J42bx`UpMB(h(tKvRYP8<8L@MT0Hi|J&QU@$>&)XKxk% zbtw<=O|QPO5tkT%cSKq%paZHs2^k^A za`h43P&(V+GBwZ-q1BemQ-`88&cE^{2VQu9OdS|m>qW`{?WOiA8M0NhuL8K*J)4By zC{JxK=U3outQmZ)gm|-b;)m2usPKTXsn&@8kU*5=q_{wd51Hym(@{&>ZsLv;IIe@( z1JJ%}N=x4+=3Yi8R94rwZA5JA8`OR@a5}qt08Y1RG@(_=4RqOPRBbZ7ekBy5UdrWQ zWkd>Z8q;tQyA_S1ELuhmeofnMa>Fj-`ZvwL{tUv|(K`^Z{&8`5{POhG#o6Kc`LD0v z9A8}geEQ;~Qk9ML!I6I9C5M5R&+V{5UJObV^F+@rltn7Ou?}srS9*6z zT9>)a0d@v~`WnTyg*{c|zc3iOv*ZCNy#LvX>wk8)w)a-@-!h&wt%5Ky`St_-4WKh;eok4*F@e;Ne>BSQHyzOS}qzoHe zRu3teLY#l3r~$1!3-r8yhMuTCE{^EgZ#B!lT@;9Gj6Ii^6sZ{0^Zwa1axEA_A;sR8 zST?_N5FSTdm?(xWJ3KpO*I3XVtoLZlo$)IFdHoa7C8e%RV%W4goV?i8*Of5C_- zK`b?Ng;ylWTbRC)Wuy!-b9`(WZ$wrP@#;$d#uqB2A>B6sBb@Y{ab5g+27hDtf(vpb z6?5|ZKiu&%S)w(K!d3*IRq7cr$^ZWEvIqu76oqA+MBR~N5L&%q#2q(rXfmS+~&4H8x9?t}r zF~`b+cl^g)Q_w@1n;7X;PSyUZ>`6J)#<=K#MvBLV`B@*0$soKTB%@|dF zJ?jqaR20sv>zmZ_5g_6>m%f8DXPI{FA_1pT}=r zAV9m-IT%c+{`mAsGaQX9I|4}cti+P-iJJ`>GVQHrKBKnW^(C|vShieIqG`2TgszNq zLBPE^Srwhdg53DePK~V=T{)NWP(htYF$-l0Iy@uNk@0#&2zukHN0-$a;s9K7n+Hi( z=Kb&zX&3(U;O*<9*FWwn@b@kPw{lDU-XH$(2V?~3+17`+NhmELG8N)f1CF*)qI~p? z3VgQ_4mPDdfOxQ^;L%H*XRE*Evv8gBA4a0#cR6+Rz$NFu?d?71{(pOKdH!3-Q^Tce zXaN1P$-n|)uqm-%?X4sW2x$Qc(!mPskfQXA5{HMnj4l6gGEV-C-=j25QozhH*h9M) zUAMDw4-CU72OqMuqqyf`B?#-*4e8QhtAhR8qKW_9U{zd40NeaUh&`MnO6HISf5=FO zE&^7^9m@kdy38Rug4YKqQmm#yJYbu1_GfVoo?MK-X_8@b44T0cwkdbVrS#eMk=tU zvXVfmr&h9za!xndj+y9uazRPKU}xHsTwIvRa6rz`)W2w~@Nd$mL)6cnb@n#_;wd}( zEg4471~>TMeL!KMLx4a9(X&nu0_L7U_>X6ujZ4`b{AeZz8IhcE^WqOgH2bss%Awcf zyhHls*UR7Hkj#R%z(9(^yS&o5$9?^hwG7$h9KhqKRKo|)7_3b1DI+mNwbB=b`I)RWCuzUA z-)#5Rd|+bbWhycp!UiRPO1qSah0n^I~EJ9J-Py#hWKWEoC`a(0tTK^#1(AjVrA)Y|FXB#WsNMuC%)gL3? zue%;RNsoosxWR;6e}CP|h4+xJH}r-qf=2Q1p)cyPO8x4c$HCpwh-dlKlK%iOKWo>o z1LVG)om}}3NmJg^0@5Hpr5Mc|5mMhH(7gp8P;3{WH|ZPRdEV>{kKw+lh{^eII%8o}6lUYVUM>Fc!c(w1PUAO8k zBHjr3EWdK6EP<{EiGnVq3S>whN7~lQK`nMGy9$MX#W3V?-mAIG{KiEbyt6dAgy3>F zO^)JLShhl^^I99*0Z3Jb-~9xdvrOO?Zwv=ztWx9Ud?8PZkfO8zW=JV*D%^raSyPM52B!;H((>Ief9{%Iww``;&(3vOvkF+hWXwy(?3-D0W6QG0 z-x*U@T{&NtTvYCoA#;W-J83$0tj*b6X6#W@nwQ{339IUPmD-A(7_bV-Aox44zo##w zdBV_YHfiWuO4iEZUuvEX^q`B&E$BaK3-U^ma>k%z=c{OZmGoSmQ{xOF3#_?U6&H37 z0a<=$JD;wlne%C+py1`+Cl4b65ix)7tF#0(Yd5t|n0v@`Fa;29v_3{Y=PR+2+oO_e zuY11es!m+}%Pg;&+v;ns^R`vsIeJJdwTRZ?(H6=dbJYE6!Pq?tU+t@Z5kqWx3%o=l z0=|}$fMtx6LEl4w{8q$NJbK;d0;g-SzQn8Y0cNGLodAY(=I|( z?BrD~jeaGPm(#jJS#=W%{OhYQ`+IaF(l)`-s=4mG2A>p;b8U962A&I7D>9t4e{E2LUR-H!8&KS?l3|K#N2g_9 zgTmb+>OPcCko_yVLpDaaOcbeh75)!Rn*1u|rE1MM%n!vmxtR=@ylay=^Ye>8yq;h}<(r*OdA0I5=&vJA-* zK4_CSPut-HIVcN9Fh#h73f(TUd`n#~@U^_%FFsZn0=YK&lgoJMVF|Rmj$WUf9=v>c zcKq_^AL-x4-6W%S74}pG40WpqIDu95XM^#`9suu5cy)R_-(^==vwuV}i)SratH>sM z?$dT!(sSlw`7A8A5u|JUAEH&>?Fx^JmdC5r7fOH0%eS08Ey5}h<v)xOGx)f!W^yhi<;^8BhZ9}&LLD|N{zS>+Id#Yap(zK(|A2AU@4kxv0_B=9Jo zK{|>HOE6P-izrZl=PACO+Zds5v+iDDc+gY3;DXgC2M}3BAY(|N|IUf&P+DeqaRKJ| zC_;+Ar!8xo^rKX{sB1qfmZ$}P^qjlprXr?U^^K&C4m3{;&ab{DKUwW@4f!oU0G<2g z>7hK@rxMN6bRD${YcZ!ppNhStfu_2R6+%|iBw-L59`3IxMu!}pqrBLPD$9Z{0n`Mn zj}ce5#jbwe(e3kCS$-jf<_Yd%l zoSO+(c~$2BRv|*8+1>h$fH%6UAiWDeT&F{w2Hv%pt(MF#JAdXD0yh^w# zk!+s6uCSU)TDZKe&SY3N6H>nwZ{REB6_rR>BJG8zzbh%%@~Eq`xXqPZi4dQ9ERU3` zBW+56jO-#CJSST9sg}_*TsL^TjD<~;_>1?pRj@cW`g(`NDyp} z7D1F*X{yI;78&OjyID6s&;%PJ1cMf&0YY#C^YkVZHVN?eK9QMR;agxlQ3^t+>>AR+oQ77^SRx3&sSjLhFx>-h@c>$JP9S~ppvyz8rxadG9l zwo(^d74E;-)jNjb%wKpicoDxo$yt0NoY1;%6(n8)EqNIj9eFd5$yJ|6Nrs6tl?YDX zk9-o4mU`V`KGu9UBf@)mZc*fPEb@0RJ$?I69r=&%0ky+Gm&kve?HwEcizeS*%72S^ zJc=bf2DEW)Y{k(ds~~!_hy5KswdDWnZtc52c*^+y&ZZszb$fTOv*iDa zcoxe4(Eurr?;rat6uyZ=1WRwQf4%McR#0m%@Z3=4R&o&!!+!i5Sjw{0>P6)$#D>G- zl!6tC6L87fK9yYDe{igUqIgQ0l`wqcA^+qdfg5J!yOYzVndRGuA3ZTE%z(z1Rph|w zmu7da=lI_by`t+qQ`momEE+@gt)PVeZ|pew|GiFUDgQ6z@m~+~fE(f#phQ&Xsqagn zZ_#w$`u*IPBlS0xZ$P51b^j-n_%)@#lJ&p6+1au0|2DRl>wh7ScU?<=fp0?mV)PYx zW%3_L%P&bhB+VyHUrK{TXdp%Va5^ z5Tiyoyh#rb_(*?~XYv;$b;T;}&l3C-k6%f-`<{cL@jgNXB2r3A)u58V^^d||jj~C?M?Cb?j9K)zP4#x2yN+x5nyCFXf!q50xy)(cV zcrTytZUeLf%rwy(Y5##_ z?WRi8+;2U8V!qIPqRqmZPuiDjvMbF7X(Jk7wdY|L?QWBxr!x{hAb*_;I+@OtoHe&} z#`sE}TJb-xqCV(F>c#*qlmBf0+&KI^0yQxhd!aj5a={G05F@t1)49<^*|{K4U(qX6hnAI+8~yR-I!aT@ zStyGdr;}lq>~7(o@!(`~aS?we&7kR%c_@9)nX)33b-=0QhWt7S`ydeZU^_y}TaAB4 ztaMC2hB|O(BIi*zoKUWwC6uhcPtK#1ZWUD6#rD!N`gH3K(}?urK|H1;yJas zU8{~=9``x%QTC`vlbfJYm-9^ze@K_}%A=~$DSLvI(t69fiDj0w8gFY8IHC+~d_kIj z%z{6{(a|W4)mvwt70BFb{%HdX%jKG#u3=DdaQRGOsqjo&Fu<6qncEz_x7pwPEKi$~ zMwDw)xuE&qP0~DTPQRY)_0IKUgsXw`iT5eed=9-{m7|gxsydSAlqWn-jk#f!+~j{W zD;1J==qhjjX_Sp;>;s$vWnIw>AXIy^uup)Nx%7)sQ10S5==YOPIDd3@$iUqx7p1H( zVLXDKamfWe4Gn0$ai9|Q=zLCY1`)Uy$3sBBre{>To|v>!y!~)ZQ{cNNlHUy;B?Q*8 zRG!|mm=>d6OP$X@k^z;%xFRgSK|&7(8L2=vpoe!RvY~p*nHZdfw1n4FxuJ-fo?u1J z_{za(Bv^~+5*_foLATb{N4a03fxplyYL{v%%dNd-Xcf4)^!^$Kl>E!67o2loEz#@z zR>Gc>tdk`aP+2$I{StU-kUCMPUo~~8n~iRJV{ia834iV3GWRY2)w}-#vweV`s&@fU ze*fp_|2w-&`;Ub@7B}>um*w32!RIM$^cZ&8BCiOTsoR@T`0FIn?h9-^ods3r;<)KL zTCRlwUCQouL?tT^-wI3~_Rxdvd8YLLI|t{V;bk>GP-g!{7rTA`zqhx%|69o8vHzOQ z|L=P?Gp2I`oXYKv&&99Les^;I3l$+aGN0FC0zJj2GDWD*KcTBQ+@$NYIjzSdk*Amzh@vClrYIQTK-WVQ16XlHEkJ)6vEuRfVFTaUdZJqLFw!ROu2*dj{ElcSp1LI;5 zOKEYsX_~A;!{P=jnxJl#{`|E_@FEJ=CPY^3DJ+*3%?3@bAYUjLFWC%uw=#h&eIY4% z0FZQc9heKd@)Q%RId`tpvb{_2T6x2X)^L@Ay`)@7YrRt4t1Hjb$>Yj3v!4_^ma`Xo zWjcImH5EI3-QAI|T&MaiJ@xN@>bn4!o&R@t9Q@y{rT%v@kGko7uzL8*s{FWb4>CqvqLl&b+$d{5XBg_#y%}@tFEIHr4|t^) zEP`OUh0E0W6)3D+Phphj^)NEbYr5laZxj_%6wIV#GV*C4B7L~ANSL5hUi-anc6IoF zv51*pM;ZU$*|G2+wmO|9{?B5bd~YEp+^&L2FmrkNA(qIB(>ln^+uP6+e#werRD*G^ z)@0nPE)E1C?wN;K3g}b`*9^07lv#rM@Ix}83!ir9MaUUiW%r^2$D;Dc_C6|}fdQ$A zTg}f`EQFvIWdl7xq%)?kUeQsvK|}emz!y(II1|>+N3MAUd&H+}>&Hm?GQkV7u4!4^ zvU9`Rpi7k14U9YIWekGAal-tn4=Q!|KNyv=f9GodMUUQ&{&#c9{}=OE{2vDQhm`U} zDlC1}F@XJ$JxOm$^9`tHCL!6Qv1{*#}_LiuXEWYwCWq{XFpaf!C0b!T2`LZc=_^-8RQCkWu*`(T z8iEJApLvG*X9gy?yW7uA!0fo2dU-JD#|ZXYTCz&2%IGG8K?q#pU9+8x#_jWvZXV!Q z4u1f^cYt``d{;>)L%MXE?|J5HEwGs$J#heUjxkaq%cyA&Sx?z-Azba7VV|}E#22Yg zHR7eJJTrvO-i+{U7)Z#5&IbHQV|w83kkv1gggdhN*FSY= zbHYy_$y)pW67tjO>2doDKZ$MLt*!IQ-jU`iRM;fXo{{F}#zvDcw(3(QO}YMSLBW-+ z|LvVETmQ4UwT%C_kjG>H;pYKg5kg!|n>IrV{||(4o9UTy{ns)DF4O;R*!O>18#_z< z$HhFg*FPGuj?Cw#Ury~wx2_9Z4d;8z@{@pasfE~CS&8}^akOSRHS ze538f+dBI0D#^yLqcQZO`SR%ax%uMw=!JT5k+JOs$%U|VbQ_rr53+;d4Qhp7#>2_y zyswkds2>4LM%d>e`}_%0_!G=Da=sgCGN~5BUx0D|9?9>01vEc1VLqbwl%idt-Ws; z(N5(@Q$&iR3{&!er}BBXHpwER41^8ZXQ%BdGPpszjq*Cm z)<6AaumA0xrT_0jo-cO~O~LYc$R~gOi!Y-|c14A{&us?OHAMihvh}~ah5G;9z0Ix8 z#xC0bZ!Ga&7xP$FG+nwQ_mj&O{qLAccy!mkLP)-S(u8wPQ%l0<2c+pnDPr!^y`8`H zr_;7=R)IF{g6t-vo1H%+#|#XZpkU8TFWm{w5Mxz&H-83Gt z^fmwdX4 zhU9z__d!KZ=z{$iUQ*G&u|iG(?HF_n37sM&qcfsUF8j$j^Esxep8&omozB-0!6*#s zJzXudfMIlrlO0?%ql@@6Jwc!y)gRVd1k7|uGQ^xf5*bA)tl_BDXuUW&JE8M4qD63= z%zr#TA-y=w8m-HC+{S+y`Hj~3Z)qF<6)&zX+whP0nOzUtsvvq``A8Q$S`IfJx3W(o z`tN!8k^Va#z~6LPTs9v6KbqqoVHzisj2yiaaEF)vcp={li_q6aRC&v%OsZi+EPtjj3@!-m-Tbr5a*I^ytEruiuGn z?)@Vfc!MtD$vMW|;03ltqIJ4=hGW2&=Nsz_V`B|#Y^!2Z1!6)Spq*oqwHl2hfL87I zGxE-ESRt`|(vQ<9YF}OjBVc%K!TFrEunx?Un?5+SVQahLkb7K%UCP%IO0Y~GBs}@LxH^2rRycY7 zmQWrZ_OnDNL3)g2`j+W=Cno zjmFOzY#+2E1l%pl6btZs+)Cmx=#dce8S-8vplC+`{cbb_c8j`~ew-_OFrP01KplKROniLl_i4_-Jj(o2OoY~EHTu5SPMG;PBUh~pTrU}wi*SZTa?N6cM(|56YMX5cf6H?*aiU z}R>)g6&b`Jhl@@sg{%L36oa5`nibTNk)Qp$tA5j_Jx5r63oemiv!mm`?*B!r>91;v0!37K`Hoi3JL(N~2JN?^j(Wj6yjn+P2KN@~ z_zzePY@-k>WDeUz`i z%WP(t6N+IEv3Uo&j}Ls}@?*VsAPk|!kO!b)xNmmD5w294K=S)&*yGe|y~8h#Avz50 zQ@vCC1daGIQ0ssm0=VgpFXFBksTMi9;ML+fgm?_FzLf}u z(QhJ>L1%(z&J$xOwQcw+yk>l=A9u%iq{QPRCH}ju-S6ynz)=63_Mt5z+5#IN!Kp+F z5Gk=Z+LvO{3N{yL4l9ba+}*KVwT13TZkUF8pI+n%d3aH=%S`}DSAZyU4FuTpm)RYv<6&9c_Q}D$IzRW#x`tpPe8GJ3l zo+MgctuI zo0F55(xH%JXBAfm1N$OQp^gJhV&q&!4LzK6&Otz#40|o6AVSR#{V#fJiGWtjpaf;A zAqZyi__=U)gF<7N_{j)79um+4Vc4Mvq`NS^Vagc{5rYhVNDjHpi6~aYR?-$wOUf-M z?O>^xEWXHH32-Ed#@>~ydIf+Gq`(19<%22u1gRy!JjPtTMb8mAy?ZZ2evEF4XaukQ zhbFNbJ}>LZ@PYeMUg>i_E$`=9__vIo;rW6V2Ux!Lq$4L3{pHRoTK8jRrNiHR6$}x6 zZ7c*GV^d|jzf+#(Y>LI<7IdTgpdx*u6q@thdtL5aD8XWbb;uTlyVCvwOYN5O zk6X5W|H>9{7j-<$poWfKuN$T;Fjv@xqv+!nX*5ovNU7wMws{UpIaSy?j$FhJqId$n z!fufoCq4qe6j~3hdHp(`8v1`_2w1ZY(EIP~6xsi5@cVx-{Mm#1KPtlh7umU&7F*Bn zT>oEV{JDatz5z(d{qOF^_LhVHxb**8%(EiZQEYgTgW5wcZ+_w8fc)#=)yse;8^A4X z5BCg6@FME=LCbL+rZGEAvRw$E_do^%b-@kYbEQcm>KbMBh$A8PS~zK*Cu8k8K`1Px zkU-BAm#Cy1>jHpMlfFp0AEOkAqm|Uv$1-hLM5n`fM5pZTc4zmy?>d{`eYd&M?OufR z+1d!7?sRweE~2NMwyJC8WhZ#q*@1?=PR7wbh@R}=98$`YNlzRSQ+84lB7#y<8ipn} zqPY-{S=;3y+oNpV$Vh+FTFu;28sJUDfX66N#duIhsZ7_DXu2d&hQR3(^rWc3LB&Sc zM}&(M6ggBDc|xmX8h1`8*ZQFBolb_R4H$QOyrEJo2b$BQPv}G#Mj{i|qBQzrOP?#t zS%+FteG8JJydj88RbrdB-awJTS)_?laDY$2%AtSLXgG>@uxtqX+%9U|=Sb$vP>Ijm zw=s}C~6>`F+H658j(qk&Y*t|6be#z#BlGXYBAWJr3XCSG_WrV{D%$^X+AfxnC zoY6x}1WSjm>EWc`M`t9ajl@~W`=?M#L^}pNdg%JN(T+jJvFhj;vP<0}E0$-+HO<(Q zpwQHF>9a^GNNEweI#fA8Sql+|jo;(?RFmLCg$y2-C*4vKe(d5c6xWoP2#-thVqO&X zKbTd{R6$6Ut}E6;hCNz2eAm^Hz=fbpruXIba4yG-rqxwcHqyg%Jg%T}#A=FEuJxK- zpjX5aTy3RU{tHxJCn;V?;{;=~TaD4MFday~+_6OL zHj!zsnO*^Iwruqf9~ABCX=o#*L5U_J8F}}?Wfd=#A{CxaNL*p3*rGoKLcwb2O*rHFsKD9m;$f$Yx4* z7hw~@b{WS`hpk>sFcLBc6fL(HP$khHl}3#x^Nbr)xxh8f1Z)a`kM#vN*X@kwKXjrs zIU^@N`vwlbHQzt<5oP(@<1>~1$6DH1fKGq8ih+{z|2F+U+y8%aduji6 z&i^3~60U;Rryg#$#QAe14zRr1mJy4AyK?IBe%u_j+&S|+IV(AF=J{`;|9jeP;6iHB$Od6Cl{ldT8rK_FC*BiEllg_$GRfW&%F-$bkIGe@sW#Y zo<8_oAznO>H38_c z<_8WjzZXJ>ti7VE0h6z>w}AgFv3UbBh{18KA-viL;pcs_yR);k;|DaEr8oiU`!-4N zSj7}_qAOB zgvblGTfbr+<+D<--1?e#uRzzL|T()C^W zHS2k;9(4lz`lKp&dc#a$^>cy$hd9l~|D+r4Pb>>hSQ-bUOmKIjJE#Z*K20lX(FY

n!CrkgO)pWiE@&p_GKgj00gNV{ss4{X#7$U$~(^M1G!B&&^N3Ei<&8 zDkw6Ohv}se>>&s)e(epPtv=$`?d!%j)J_Hf&c6ES`0bnj{nr^i*P2QA`8Ei9y%bWt zd3$OmKp8E7b^gp1#zX`4yDPj(7Z<7Oss{WFnYibw{VNeVd&yM-QebKfF`XxJdVFkhHyqT_8a*T&+4Q@ zg++Uk&E@FIo0StshjoPDkB~9wA%LfN^guiAM4DoyNVTe-R=+;W-Q`tIwa0fh3Mc8j zJJRr0aW-$b)WkkiafjxyZ<}|eNl9m2 zt4GpXry8q~<+bQ-t<@f&0bd+9h4WHbfo>-iP#JpZbf(*LI@<-X0&`446RB0ZCMZ~Yd3x~n$HP;7_I5{} zOim7Rd+WBado@UUWP5wNFnuoR()Wu|Zgo2nF5mg-wzJsj%c#yzp5Nc0)8o$QvOYg3 z?R7V!Cs%3DSIOa(lgt(96+mpAu;o_>{MT{QRlcm?B3Y^q2CcbIGBQ|Eb>h^dnvphc zI^`qHW?t2)dwwv_-jl{$ULvho;SyQvC}0iBbY*(Z32u*0S+wsEQCTQf)__=HElD+C zn_Q8=YA0|4K^E6gR~9y|imDSXZjAJ98evrrb34QyhD|9=G)vl~I3B+q<5p|%EU%Zo z?q|099}^QM?;5DY{%dnhsvJ(`UYRPZqqg-2bAy@Q_#?mCIoN*W7jBw<2t{u0>Ac{=%D%3$#1aE1+lxq_`KaQ9(`k|IJcdC^g1wh^6S;|tRK zW7cj?RRAyv`|pN^SFSh0$E^e8TUHC?cY!y|ld*(lsgRU@W@U2ShP2eaM%a`e%Pl$? zzT_Mf67pDBu5%J_R1HkV3xKTc>H>&ppD4??DikR_m1x518QFhE9;sdFRBV|1RYsy1 zuu6RUNRnFmEm?s8^^w07gk_UFa`GwUXiqik>%N)mWMpZyS?b=J$h2bo#K>#;IG)TO zvljh-7b@nDJxYJ>Zpj6ab>9?v1ecVa))8|uS&QR2vnkG-VY)ucUZ+yJ{bLr$u2%!? zPOvzW(n-^uf9sW}y{YJdlpmjF0X=8d(97i|G?rA0xZDKO70&+(-NmJ@Mf8>_W>x7d zN9LWnuPkN0p84Jst%w3{+}=ZjTAs0 zoX@33q<$RG68UdqXLs9@|8{q_miUhgc?yDKb`a*v2#$F`ev0}74yFs+v6>{rm?Vv> zWWa&da&Z^ikmF2FtH#IZ=2MdP5S+m*EYRwqKjiyC7%R05eNTVWGwfv?4%5kboc!$) zUO=r<1t7mQ#0mR4>&MAt7>Cg{kJOnr@f$*cLG#vX*tP1>PN%i`RfPqdV*S^S16sQN zJ9hlf-My`){(m9QGX7_2{LkuvKOcH9r+B7V|Fz?Qmg#?XHf{aS?#ABI{%0W%9(KeQ z{u)5)4#jrY(7uSl$4wssB7OqsQn)*KbE3>>Rd|QTuaEwhd<3mRKYKzxrSTZd2;w36 zG2zj9`jg8`1dwF8NjK>;T{6HzpDM`y^CTH(<1`!r^t2{!yfcVpVFape$m=HJ9>h;m zVR&RghP&Xpgkn`uklukPq{0`#rr64^)&;wyoNq|~ld_0@KSpEnHX0@5Xn2t{8XrD< z=qAGqkcA*0BKVQ8*VAPWiApVn4d2HWZ!kn^rzHh!@oJ?`Mm>7OfEpW(GYrBYzd6LW zdr3FLANbE1Bx<|*I3J$!k1aKbFP z-+Nn~%YPc8)J?n8fO)#iRJhhpT^)n={i7A*_d1~`wB!@?fYz&=lG2Xl=_>T?&%?NK z?@osP{?&SHg{AD#Ln%FX2Ek~OUfMmz`T&<;8V!Yi=plElX1)FG)Z=8x5<=MI&O5ChA6+}cN{1myztctWn@EFP<=utqty z7C_?tqm~{|V*LpW1z@An44D?w6h%eeRrKKH8AP26K#)ff$6z|1BG*y|kz=MR3Z}+X&owi5L$J;nc)Ieh^rK2a)I? z1cPq!!e2q9_yX*E&=UI1@Sxv68qxwTLbPS#hH~L>n2fo>nJ}s0U5IEShzPS!nvlGS z=;iz?q~>dnW%R@#pa+AP#g&$Zh7J^Hll!}a_JyVabb3SzN1H#a{WKm#$z%*Rd>NB6 zxD3Fe46t*;$ru9aT;9MfX%>we=3CW^ZxfUcerAUYTCM(DSVn&Sc^F<(xd0lp5B|M2 zTKWq4Cj?`gP~ieXMlj)lg$#zfUmp5S#PLw(VJwOZk9vUtKQO{5NCsU{(_qovs|2DZ zh>#x>Ium$!(h#CZ$3qC*0HL2LzZ-TVe%{Pv)SBUSoF>Bohl-~{PCo|w1T0&U@`PlQ z?iE!3DjvpgW|T2=dWi}z&Re2on+&+U z0c(=d{yR@Y?3)WXrmm^3UTg6}0kVD{{{~m+$v)ZK*ckBN16mraxt)zyF>fJ@8ewGU zxEZz}L&L zm^&C+1Kj#qWDYvwEQCeK%8B*JQR+N@L3s#^3(onHxHM>RYtCbu;Dmt*F%W)_Ev-O0 zMXb{82DhE{y|YbiH6vS=t^o+e*p=8Y)&$<9KcQde+wTvat2u=!Jsp^r`#9+l0h>!0 z^Rx<+iU$)q36B(Xt#zXjhzSglca-!3(H{YS2OKsV9h!lGR&Yfs4Ga%sgt4CtHH{k* zClSGOkb^%#mdrw4#VIgJNsK5M?>c$ zlM(E4S=ns=44?y14+EWkpteN;lh)$_vN0fr9BaT?Z_t0V3@i=`3>@8kxOr{0LbP4d z7(BzwoNjQesVq3#)y;Vt_r%otGq`#Pk7sxzW%q z)6vd1y11ZK?333Cp8{;pSHo}!QPnfECC6!;Am`~*p$aVvXlFq4#lF1)RuyIv9-)ku zBE<oP7k4F4{OYS%Y2#D=K^Te;=jc;I^M6 zquYz#?W3#P?Dl%S_bv>6dw)B;9z_5CckjQ4@Xu%+{$2GH4y+Vq$)0dOe}*`2+7+}VCc3~a6W+93 zX)+4g%@+*yFuDc0P7?_#b^CqH+KWx{jMGJYIS5B$1@Oq~Eoi3t$lE5H#=g7?N2+-_ zZGifuStInJrXrV8CawzG2(oZmWjr7+TKZ|Rn_-Lzi_N&w0N&mWQ%=1$G*klX#bMCv zUJjJ#zk;30-78p%wvl4L)7oxrAxUi98RiG8L?cbBTALpZ5prS%Vq#{T1|1f{nxHGz zoM6-8q0f50XD0nmiQm6?O3weC-OiTn|JT`B+W#!%aUFQXv30OWAOAdsgAmHgJ#+F( zsOYJamtFT=F`Wg=d(J+$3$s7R_o+0auWs%KRqmF^y{9~;j75EBKwTEvoLk@re)xkb z{blGWROOcX!gNQfSVo~2pr<20 z>I~L6)vIKV%ADo2`Kp=QRBXC#UWcO$T1HFYXaEl)KTx>inAqLa|nMPw}n*V3!= z%ulDQEtKrsoz(}6EhPjat$+V4%&#Y{yG_o#MOIlMMbxW&B2@*5u42@#;$=M>Q>fBh z2^(%ScM$dB$zY$nLQA9BTIk;arrS5Fv`AjOnoTOpSlqUI(f`e)|9$=D^zfuL{yZ+O zqvZZ?bFX9h|83FFOZ(r2Je?N$rookeI2!fiE|YP8e)|&K_|ggO6lNcXUKzpIz9H!lv)Ac)(u)kk0^(;fE-J<)RSErxS5m3Ei}3Hc>U zh8X^@`K1MVKs+U8?>64Ige~t~Qz-Sasnpo(R!feKt#&}>Z2ql@X%W~Eu7Z&EZt#x( zxN9PH5Icu^F|KkN_g7`NE7T%m1Yag$@B6S1rm$(zDAEU({XRJwlRqFLe;hsc3?vpm^Ds_BoiX-nU&N62wf=0;-hd&8(T_)WYtF!{W|gT3-MJub z_lAKU~)kQH=k&{!yFmqmvFdEhDWDNK8F=#*8_=gd!GCJ|w#{eP5=0&X#x(nGRFi zk0X}oI!e!J0(jo7QTAZulo2uPco-F1J5TeGnbyD96lS#l+upL}|4wIXiT}EgXC?^k z#TkC&+#!axVS!;(;JYPv^O-EbID*gB*n~OG`EK;2NTppD2GuUUc)vVCJBLTnul~Zd zHm_qUpCi|_W7*J~dKEjhvy`AKmQq9w% za7H$Qi>7K`Ozh)9P2X`9lh8F9kELCdOv8H^lQ~YR`5T}ZKs$@tx(v%78%Ot{C++f? z+cWF=zX}XUnf`xg)8_vW0bB(xbkpb>vPD@p>?^BSiqq$tvAe1e6XPiVFXRqi|x1c}GoHUAemssN0S^(7gO@My&jYL%Ji6B&ACNV9NxCN9h>KwPf&;Ba zJ^3cXjY|IPC7*_%RXsR9Qkh^rf^8|kgMZ!++H|o9UVVc9c~(Y@Zb7D zZ4lGp5w@v=@G}E&*lFmP4)}G297idja4;AH>3a<`U@~N*h$AS64S`KQMg2azD*^q~ zK3RJU#U2cA*6y3n0bs6$2+c9Rq7&id z5X;K1Ycd-3BLu7KbM=^>^c7{Ln4I-B-mFVYj}`JmlAgys1he6Y8`xGvR1jA|R%cq> zDZn)rTB)!y09Z20Q1)>k~)| z%m<`|^;YBPLLB#4A@bIhA*M2fBG}UVeYh>30A?DZTLJN$+Uk9+WG2sPUVJp-S?Lk4 zoCKA|Km|k!$SSsH|5^26*65U7!%8s^#*$Vmz)DR53xm(Fdh1NQg6Lj!o&CsRr^tDj z#a)4EQ++gr0D9*QOjAKqp|l8JzIb#9dgK~6wAi#74%Z)$Iazv*o#og3i!NhvYpVvB z6A!fkD`vu>$Q2qfc3+*8qdl@aX`K>^& z3Jn0X8m;oF(`xDZn3`WM=||-!C++CAo>ze|hBTI_RaKM!;n<~k3&~rD4R%P;0IAhc zk{c-{j2+Q49-fH?w9Z(w+tA_5Vgx8Yr+wbz5P~)L!mm9t;X{ik%jX`SndE)B4Zf z`;*WA!FW9Y&x0u7yHowhuk0z6|F-S;4?CN?OZ(4-JcaRJziaK8@n1!xFL!Rhxmlp9 zqb7z0gA;(tK|i{V`cllvjSj1DlYR5g2ocL(!XI+#+JR!V!1n%7vA<9f{}!f{r;U>q zO(^;HMLZco+{&v&C8qNv{hqv;Uwz+EuBP{ zt!N@s4&Vh3IP12wB-Ct4FUfebo2{p<&UPU?uC@MaM}B2b+4^_mzwT@=<-f%|%lNO$ z_^*}Mf9=Sx>?vOVTkzRh|J%D8OZ?}BJS)Dv97Eypu!)bwrq2vX-g%N!<}e(q(1TSs zs`Zv0J=BP7*l3(4GOVY%z>(10$9UPSYOV6wxGFUuEE$Slj zr$*zJa>kUF50ND*Jh$Y9l9Z}ssQBE<09{oQH*WWXI#12y_fsyVntZT<8$T5G2?Pbg z99qOMG_Zq9ats79U0;9rbrRly#)4s*d!~z|OQU)mUKWw-p&AejlL6(JK)1*@4V7-WA39a)XNiI8a57FZi1Q8lTpj@+uY_B265%!U z2e6R*0DnPtD)~|R!Qci9BB0|VVK+^(Oz#!&ply-E|2;l@d-Uq?_36P&jcPQqt3)|c zt$WCoTweP+Ta4VR!$9uYe^T4L6zUN5)q zj&4z1$hNEU>$+2=KIa?RemDi&dfvQte0kK;Y!NEUMJ$#hYJg}HVevBaSRUS!B%tAm zFF0?I1kkz1CVWd{jyY84cek1$G?$J9047>v-0XW2O239EJCD9r5q+3Xigt{URHMrd z?Ii9eQ$+Qn4{YXR*Ml zdIIC7wj#tP!E7k9vgn&t1XCZ?!?<6GW=^$^+FO>7QVoGnxpa*Y+<^lky(mym`PAop z0@AojCb~DuAiB|bjB&E&L3@3wHALgmeDvI?fg;bfuWRyaGc-1hH8ZjN!_4mdX zah6U{Px}3&cNyg$)o;n05f3SP>}H#W-f5|pa!!R@w?37+C_n~Q$3rd)%6@ND%h;t^ zs~e@`_yVvABbcd(9?1y#AWG*uIV1AYQTBUy2zScZ3`~{d)YknIul06gE(sDR2yFsh z%tSSsK7tU}r%W6*#NCi?h5A`WqdG736pfgPY7Uf}&$q7qFP(3I9F*DV; zpD`bNe*p&7TIvT~je`jYM#IZb(fL)9eC+D?z}OCh>cZ6Z+A$N=(iFE6zgDRqmS1z7 zxd2Ob3o)rSQ_n*BY*Yh$Mp0IiY6RPu%W|BFY6XPCR7za{LeZOHQ0-4WRWs&FwbSo~ zRL{`wvr(P&dh&d7j^`6wf2~vPNj)Xuvr=7SmqE?PSFp>7%i~;8)u38S{h+%HrvpYD zG+`-xNpn}DKlS2Qqd2$zI!VS}BL<6VJ@ri8JrmVgnT3c!wYWu^!_=OUY8ICyH@8JK zk7Dw`=SI|XTul18%h9A-OFbjyGg6(T;U#QxIY$GFYCZMC&Fky1ANPu6RfFo1)ODIM z8`Ypq>gJvrt-kiBUOeYx@=lYS3K6<6hjgwSyVt^`+A z3Y3IyxIS~$JgTpfVUqgnw{FQ#@QFKEiQb<5sXs#;T$6&Vw?u-Un3_JVho+>u+5A8r zeQ;n?KCHWmfod3pQ$)4ru5<;|TU391nn?&FZk5RJ@r55;!ZSy$L9*d z!d!yKIr^9rqI^;IiS8ECaHATKckdf35;&)c-vh`WuycH~K|dc|pmi%4H=r3K%DX5H zGQq%iMUN<(C;WU0Lb5Jl39sHGo&Kf=B0M`44 zTuwqdgyRT&esxa}7-xR45CF&x(awF+X*9TayWbE9M&Js8xZq-z!AV0zm&CaS-nSSR zkv4NgdzFzO<0Z*Zlnp%&5tOM%!#p~sGofk4e@RK3uul6Ka4Qf7_28c;oZv?VA! zjoY+O(#r`I`r8?^{SA1L0WUJZaGF=+LEks06)T33;5#=%6th+*yt2>KSO$F1z<-)N z$c#D?%B8Wgq73gZ=!7{=dPEpE6K)0W-!lk+NNckjih5fz;B;`i(FoATSS$$`aA9>C z@OQMFhGSvvVNGt&K^wL9SZ3nl^E_x=2}h$40QTovD18B3a=vBWWZiL}7s;at@OoMz zaVzYPuELgC1-CapP7|=9W-%?v+T*o4WpFrGt&Dw$>CpX1S2zDA$`c)`3WO*lRmw~0 zf})$BDzKq13T}^&%%Nc!I2)6SvtP7%ew_><9)S6h1BIb=vJw12zPd2ez=9|?+^w=? zfSCl0n;=#f3yeqG)^6xF#Ef;&@~Rl!)>^8DR=LdzK~4?Tw;RGFSQ1cdKRZL!uq})O zy3Ym5pts%7jCYurh=_b8v>NI?ERcL# zQMo*nVWxV;tsdnIWl*SIDQi9XPTIn0@mTzJW-@^^>5^}ZiZv@F`L58$N2XFXHR_dV zu%h0BNr?RAH?_$9tbOs=4d@@$5AD|5erMe&YoGPYTlqQ@(v$qn?j6+&?MhF3so$8% z*Ckg{DxLQdNbT&-b&C+iS2UG7TiSfu;sW3^7opPfm1&Qdy)AT=6>VM69tP+i28UF9? zmV^Jjxx0-2vyjIQ&XIeQY=ix(3DaU~K0M^wpFnIKL@~3kzAx zhuKyW5Px`<3K>l>Wl=ka1{Sdr&G6lb68KUZqq&VzabNple(N$O79m2hgT$^ux)*n+ zrbut|B&TIqkOg zEoZZ-kTI8VE4r&5&D9^?RlKl*w%Tz zIIB_a+3SN>hw=kqMwvgP$zWf5Nf_QG4^ig4KMu!N`;yHdU&yWMppLve6{}RRFa>qUL=_7yn;O1pkyDfo zrBYC$maJmI#b_r5RTXBeSh;o+Ur>`uRkc_PRivnFGilWd5CEj8SV&N@upC^Dg3|pt zrmU`3O_eM0;a?Qh<4Iq=siM_E27jm7{WX21-L=HG0a5#mn#- z`Q`E?l?&uZ2ZbfFG*ye#VF-$f)zVci+Q14ZEL=}nvG_8l{(|~SvQ{O)@1I{(uQx~4 z>Kw=VqMGc)1yYrA3%1IWAD(Ha1|v0nFAuhLq<$!!cEYpOM?(Hyx4&t%t5hhZuWQwc zOwz?c_)cjQ+d+Pud`t(R4z^5Ff5y$r&V(xkJIXo*YjKzE?)II}5a38?s^BrAoW6I9W4P^izkz@=NnvZ#I-5A7n1DI+|n3OKY&Z4H;*<&<&cV$&PK7`#`dUD zbveE^o(i4ZRno9K((~lj zGqwJITKm6oCLI^iS?QcbbNAi`mD&Go+wq^bwl;S*miIr4c=!Yb3);e6OmYns)Q1F? zO$dIYx$&%xGq&~dDXN{NSs<9Se$S?g=N8DARsU&MLSLhm39MYM))Pj_1;a>FsZpHE zpkRae2-EfY5h%C4I_d!>`>p_jn#`k9jdzkYLic+whw z9#^TOjQ?+KbzJ_x^#57Ne;B6+ME)Z+6kE;GmxJmzAat(5De1u5><%BM3 z0Va|WiLG;=6K}*>BWE#%Z7TlXJ>2 z!JUrzR=+(wc=776HR!GI>Ler)(je(g89gbBT8PB{bb5L$eM3lFB;{XO=YZ8LB9O?Fnj2rM=3dvzuIZtSc@4JuNjL243OPM0GELmp8+?N;#i8qwC}ub{8KE`D zESw)WD5l9cIiFmBcWZ=4H_>J)qer7L9hu)SqKqo@_Eu6_^m5@tE#W z7f=y>AMy~jDVuR|CSif-WJIr1{0=mPdLi9@3|osBomS&NT4X_nfTYJv0{%>kwcV;W&iAf8p?je|!Q3*MAz1zRzbi{FiEX z0A>FFTekn-=HBkk690K2kIuhs@Rp?l|3A-9&vLQ?0&~Gk7|^%qISu55wjtvn;A@6w zjgxat){yVXBY25}Xuwih&GeCueA7d~FnPE7)ggU+!jdSIM%lm0$A zeSX|f#$5TjwnlDa1(vnEsg~H*p3=<3R&TNZA(|CkPK_pBHeX;ihPJ12CtuT?Pv#BN zoR(=_dFG+n=r{XJx&K$z{lQb>|G%-lwPXAL@9Zwme+zkRGtw!Kce*LSQoZL>?@g=P ztM4f3XwsT`Vm@X~T^q(XyaG2$sZM*>gtJ!j32EX{tNC77r3a2Ryx+glrOr!=aNn!Ie^Ycj`9qxHY1di z=!_NTdXKtvh_7@d_(;n2DV>o*;{uJGNGvD7ug9 zjFlHVzk23NZxClNINWze-y~g95lO4iOLj)`HTT(SU8i}{&RVtQV(ZplY3kbUx3f}( zez_I<0$p@xtT4xSw;BaGZoG3QXlQpaS(Up)SBy_to$gaS z?XIjl9M6Xw+Y`B3f8;nN&rFixtz4B9!*O{=5;EoPR-ta;+&puo-0Qh&t=s{6)@pUn zXwMdxGY7qQG*gpccu>1U@C1cBtL0ohBS~dm*Yl7C%G|SOZGz)SJzdATKGw4m=65JB z6vvAx^!uAvB~u!v{~ol8v)%vkaCI}rf7sl1<3B+B-=+TV{vZEk0e8O3(*)WVg~C^F zsqK4+d(z?|tcw#~kUjTOv5NPietDxaSRDj_#cR!m%n+mU9+w-763*d@DL_-8ygnOt1NpGh-lIwBh*^*P(OLRkm! z+Z*!hgbI%rF+}Sgjj$1|#y=xgI;I~(9nheRoJZXdLO*B8z;JcKrX%hp^AbXJqlg_D zXXMfO4R*_m*C&t`JXOE|VZGHjx}c&eZWpW&j)21ht?@|AV;N=~11Dn~Hz1x=OqKI(J4EHm11tNl2+qwZ30J>&5bWe^N(5Z z$E<0U#_FvzkVj~u>#f7Z?LGq0p4ZjF?g!6 zO|LQ+U5Uz9~Sc5 zulSuW{tYZc;9YBw6f-_~!3YsSunCD@Ry31qXJfHda{}%57rT$+#w*S}W-o{e@ rw~*(7{ePDm#5~-9=eJ2rQTr0ZZTT#p<+FUg#pnM6RbV%d0Ng78VkCJQ diff --git a/released/assets/rancher-monitoring/rancher-monitoring-9.4.201.tgz b/released/assets/rancher-monitoring/rancher-monitoring-9.4.201.tgz deleted file mode 100644 index 9ba139956b4a370ddd838c26f003eb8f9c3a3761..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 221164 zcmV(uKwf;p_kWN~lgS{N z^wXr+TM2?Nn8f2`FF2p|k`U%xCgC_K^R!>U%OJQ&@*>S9dqF397PYtOS)NR@0+Hux zFE}g9X|dO8;ph1zDU%}XpT#*KQUML(VG<3qY&c5dX<9`6Y}}$A`q^ZVmeenPc#Olo z=24?$68A>QzyWQVX8_V!GAqJKHb}zc{WQzVB=-SqN9}ghnG2xP34k%40rp=-!?Zk` z^`bOuoh75OKwgCq$9yS6Hb6JbovBiPRx=%?u@0m!2W z|EmtrYF@vlv2FqHF}xhiMxPW;GsZ38JA_A9pAa_c{}yn)Ec=5`2o`pKQ>f0jisK}| z_;g!o2DmX~a3uE!F(T?c6UB8@$R@-_-ix9|0F*R^54PV_uqW|@|$nJj>h-13ybBy z&i2#xc18Z%Y;U(8%M?23B|$tGB!i&L;JdUSVi2vYtgQv_4&(kg(Cy%RCLh7( z=8r&oIaVzRRe5-^%9BMF5VzHjc23M z?J}JJXp=s^n~t(8m}>8e7mUV$1vpB^*+mj`9oRF0qtyp_Y%-gM{d~YWnr;wJ26Nil zHU^-kxtWRcB-2T78ehQk>@@fZ<^_`l>Ofx~9K8qzX`b|v+~f3VGO+pbvWU$76|*Ud z%E2jg)NPWzx*PP|+?et=-BIv6%}N;iZg2>92)+qa<}avYOT2>fXRv_Tc$!U6eFZ29 zOF9XT{_!&Ck7kGwMI&f&&^26o!!R(hxYS_^Waxu}+PY&s?jkeQI6=~CI5VVK;X|J0 zy26PaFNCu@k44u}Tz1%b<}Ihg^WA<)rITyGZDiYIi#ydl?^HLvb2kvN2N%AVbV$8Z z64_smr%69bhm$N%-T*gLOyhoXoQw#`i*5kq>LMP^5?t0Ua@dj5_E}s_?5cK@+z<2#o_i?lc|FawQP%)cScm zO-zdzxjmeZ>>luqMK;U(aMfh9vPcI!MKePN4<20waqbYybn=%VJ%w|NBsiEP$$;qa zSqu~tu%J5amOJbE(6Vj?%sG!oc62z@#jJmZR|P_4KOm?Opjp9Jo%Z>vfC(b)jLkj^ zaip2AZ}41-vup>+Q310vxElt9O)xPRg^ynDzj*x;_(V(ayQ-kXz3j(% zG>D6{UKZmeR3vfUKQpJROGn2!Rb57WyL5bf-~#IQyvK-l*>o)&tvl3*0~l92)T#PrNJsq!)mvfj=~@HICNUKl_EnJCdDUZ<>c$m|AMx(d9~IGrGMcAh05u_=vq9$%!%W!He)Jz%nXl#P<2YZ)f$kWOk`6hP8~ z92?-@hLuVu@Lk+5c~P1e6`)$Qz{qgL6Wk?{8F7<7GG`YB_&k|Uag#G8seplHdSQu*_nkS_u(kg%7K%n>4ZVhwgWd(t6 zfw?I95Ge=K_1+tj1xDFvKQx!N}y0;PNl$2g zZp+VsM6?9F{Me0Nm9YL(WMbhOw=C_if^d!NQO7jluUd+7E}|g|rJMzJ{jbO0zA;ST z6!jV)DK{_)*~Fu>2HzAbl(ht=Y@C)X;B*@uS_qj}dr zV!19jiPI6TKv%SbC-SCQ+!(r2fq_*_vK7AwmK{NyYdO^rCf-2P<@ z+&y+!5Ko<>MkWW4GDH#Jk&!{kksoq6QI`!h051}t@&rIiCWa5zZxCr&V+98yc^|`L zVmSemMsfdKKsDMA=+b_Q8YFZdKqgCZ&E;pC^&rzcy}-}mE(C1JQ^4GdG{!qI&jzzT zjsw$%^UXpXp@JMmM&yXeP-5lYvFuQzG8!)6h8K#r>UA&#&U+HI>KIZ0H|s7QsB5)Bm~ z9~HrOui(=>n+;I{;h7PpoY6KHv)(j@Nj*-YVWi0ZsNja{Mr!ugLnaGjjbMv_PX~-9 zH0VCte6|TBROFp5K18{wOTrFM61ALNk{*+Iz!S45-z}Is?1Dsjd6vR8r;^3xSt7?u z*I$}4E=+*XO|z5;>xLC|0Ld;*90U7O zu$~1-#UPnLTe)13dik{UU$Y)>2Qi0mq_k(psZ|2yXn<@*sEv+AJ9gusfL zx~Z`1T%H7Fnnlto>ce$T;~BFuwnp=kY5=i)8eBK5kL;XB| z`h0gm4=}ZF;eyLSjGQ|WIfZQX!b34hVBv}wu0_%P)$LG^3Ny%eN8bdGyLjyOTCHDx z36z0$#|}Pz3?0RDr4{Xz(=;kB`oK{GB)u4KWMHWDAhS}8?rA)~I)ZzXgTU?mGXdXzsa&xippLhKZl#>No1;F{LOX1^uJ_eTk@jr0DLc#KJhG@8fA2vVjC!$Qqcp^hMv8m_pTX&FKuEjgk^yI~XKSEhYg5Aw_wS z7Azh6%WN00a7;eIvP6(@`P>a2z@re^BWI`R$et$i5vh1 zx@BFm+`DStGLQgQcoJOWrENrFW#^3SK2Gx->4s2BXb=2kJkp+N=hRK021YMAi!V}k z7_gj$)u-UI`8qfffsuPoLgkvyaLpYq);b^nbr}O#xR1b3o+kaPKJ(_>HMJ>3wfB}l znjoK27tPBmKmi`3hXjfu3ZTP}6a6|oJ}jc(JJQ(URThsf z<0~92LlGG*RAek<%Hn>@Hf2Xyi)&9z-|?Y13XQIOJ#eBtkQ#Wroi!Th`7DMJD4B+r zv|_j*s8Iv-gDnE`olHuWw2aPlMjT85V>AEFu-{=c8&$06e= zq5xXQqim>lhBRws#U8L6lNkmB#HiAV`x>PPkI&)l2azN=hJdgqI3{Bjy$FI?K5~K` zt

  • @Y0=AD+#_s<`9keH z9!#kiN$P_csi7l-gj&_8#Wo{@7{S0K!a~Gw98zJJh;?xatRu?k{Sz==GHV5fgy1J# zGHc;9#dTQIO|lLQo9)d}O|NB{$u6)L*JJc$3LE(8)_Phjxxem=8D|iMzbcNYpeSue~m8iB3}E%B~nC z+*+Z1){JIb(ThHq4g$S=3F389qP@Et88ar6?YAOz#pG*Lmc@*;74ltCVfp8@oe;Ew zSx;bs*-aO>8-4G7qter1f~Z*`pci0*#)s%QiYU1uFKCLH;wAhV8Q&4<&%6yz$x0hbsN>2fhnW!=`jJqEl($ z`f+EH4Zeoi*&hY`G=ItAv7ZDt2uV#N$*$G}2V<$KjtJhkZA6BlR<>Ri^mTnuYWrWR zMx*0I6$n0yuq1f!14O)05z)>ps7Nsx4QFd*CD4G%wZ4k1p$2b-IK$| z{<(i(KhmY#Ky2l%@LL@!J9<*$jFo~31@_%uCAyM*K1M!XIN6FV(F`0}#dHh(E;Osw ztLwAg)ef@Waua|15D~?rc;B=_dJwfC5t3JPfYjb2-G*Guw3Lt*O%bE_C!6GzG{a93 zU#!^S>~=l+?VtE0DVG!x9aL5SARLX0bzuqJM_kNqVxQg6U~1zSgj}u|4c60I{a70Q zd`E&9YKcAp!xX>|w|_>-``~_$ehMMV_YmTZGVbz?nAK9YO$A+zJ( zhj=-u)+`_7VQ0*IXxsES$b!AGDgTr)lfI6j`=!PC2C;%!sn5Hi2HDK1w7c2g~7#qqNWWDQ3PP>Y(rGBAggE; zG5@B~73kxGyS<(Zcb^K$C=xHV@C6HgPK_#0eN|_U!yki=i~>2huZV{)fuAC#!0nMF z6QB}WTPuhq6Np9!NPN1r*bs1t-Edm(uPqGn8fOkgqiv?<1K+B@-w`jm_uCj~@AbN0 zkKLQ6*VZ9|TH^k{iRVZQ`Tba0L7-^u(*46R@E~H*!+=AhH?TzGomyt;FckDDuyuQp zzk?#IH~zr(-dzU+sRDx2rV*1Lp(sbAW^n$)7C~Ho}?+n1a8+mzfnTW}rW z26qXg-XpbI78I4#qLv2uactHTrh_Q`j2PMot8rZ?85E_+={RA0pfhm^?}!|s!#Jgh zc2HV;6HkF39^n_hck6Cuacf8UH(T6tIljsNWcm>{jF1|y`?sTAdhx7?4-2<#F)1*# ztOf^C88slOj=$RDP)+Gd2v?;7&*T&{yTyzg_p;^}Z1fL{lx+`K@usEKJ4J`6K`Z00PoK;NVlix$Q*8Ed1MO7PU?jK_T@x3BmImd> zATxDy`;&-377p&g-4~ErYK4GuAqu996Y`U2oHxrHqIK@t2NJ8b*)pXHTMn85jHgT<}re`|kCswLmo@m~fVb`=NxZhwRzM z6`5L+J8ERG#s=5;{Cz;yoh4;&-D_)mn0T!yNLNG@fo z+=u~+yD<>eI8b6~6`+HUXq3cqpI=FG+8DMCxyzytGIZBlNC>4bsy?Ah4woS5#;ibP-asN z9eb(fE@sYZb4g_@pIsv=YE3H;zz4iOc>EVNKHbgV&i|hNB`28E4R{s;zQ0~96X2T7(esR?@h}Rv5`6(D5(=@p(cH_Rke=F?E4-ul~%Qtm&b+SJw zb$--}sYM>|887oVQtQp*E)ak); z@qraaDT<8VF)WHy?Q>QV3G>4Kn;M-sictAe+VC}2Z{HOo$hi6i^_=vdH1gXw9-vk~ z%f~gk+XM2Fc$t26OLczNRqXagBY{!hQ3@pf&zfku(rK%|`y?OoX`)T?rVEwflAb=f zV+FA*G6IQbIyyE>^Cg!IE-fur(@j5dxk&zQu*CCM)v#beIl5L}^Gea4rQfiz5Rp@C z(6VBMsxK1e^&B*tU*YGx8R-@amU^GL;}tFOpL@}*0JK4DoX{P!zl692BUb@&?ZYu& z-3ip=U*j;FC!aA}-TAO-PIFDC4?q5JwS9mu9-5JrtOah*ZEw#{piqj+twe!f(P*Nx z-!!3x>g#-Jthnih3Kf7wQ0DIt$v^&0@YGf+uPwG%1OXXKiM}#++96(K=|(#;A-rPN z7K~OP%{ks~;k$@JAaRfKLvScU>D=@1;emb~(5(uA`!!5uz|?EH4RRSc6pwcWff3O- zA9x1eC5z-c8uZUqVf2n!YE2&H8T74&`y73p;#a&JbRvX-I1OR!lPz#4 zFqE`SMs^TrriF@bBcuf7zUq|PV1#IWDLnY>wD5>8M`E|};WVFM1;WuAx23*i+td`T z91H}BEwy$uDj%}>?l^6BHy2BAzkX#Q9xqX>Xipg-Lyth#Fa#jHej(p6N6_K{?t}bRjVAO-zJIUKSTM;C@KGn z-wrF4Gm0crrP~EdqHHiFZ1Nz4B;(W~1b?ejofP)8`-AeE+UqCTZk2p#X@NeR*Msa7 zf{B0AjYnh=SR@#20ymSpr{;q!>*2&0K4Q>1G7j_22VW)?+i#tNJM=O zB;>mN)-!MifTCb~1d$lh(k_Ua!QG#7f{dEbV*qFAiek5s^%w(782;p517`CTS7bm)-J@7+Nl5wW2rc zcZs%~#B4F?m!?=wmjjo9Me=UzNYi4^AM$^E@dRA4V+wjb~&m4yUW-3z?v8cK6RI>02K#qePC1dec zFDML6lex|}hr-H@^9&O0L z=I4eEMv_2sUNM(pUa+rpqjD~J`x+J%emRHRUO_tdJmaC&r?_uj+*3RRfaNFXAAr4?y?2fb|nFhM)GmJ9KEWYWw0X#r+dT zZQnd}54|m|WeY5X%FT3Uca-0DI6RtrFF$@8T~cUN^XXP2uveV?HYQ`#ElkQ* z{IltB2N8`FBhPANmOT@Ep&#aKH&_p03{=cxkRCpV*-%Gi`N2Y}^Zjzlk6gRuEYQl; z$Z~C~zmAj1j?A9|{4-D@!e)nLZu-+S40Kj87tMhW|Dv0f>XKYtwCl9x{l;@Ygg>q%25kgd=w32RNG|+O zAgQ~VAYGKF)vAtsD(g2FWN0>0KWkOM_~$3hz{rm*-=YBE9mL0|R3`Otq%{2jpttlDjy~%5MQ&u< z-ynSdg&HTl?H|CCFg|cQ-Sa*?^N(%LrvYK}rJ|wSX5f$=r&(U7N2qIL6ahK;yF_wu z78Y`!K~gSNQ^hK)`#{zWEO_w_d*Q>nG^vhSt|~G}SUf7n&L81(kaineTM46T-#|mk z@2Loh*pm^Uzfaguan(@uT0K8Ard?OkXMiF*>=xZAMjR=n0axn`JlTc;uu77>9L^*> z|Cl2*;q0BqqOnUGiT_VZpz1!tQ5Cccm1_Q4keiclt;H&zL*+Jv``3410Xmyu$?ght}Ghbnl>{vmUl z0_x9ed+OxJ?iRfTaz5e4D|tF%)t40`@?s$H^RpX6=1&p?_b||A2AARvNJPkaYl!bz z_tA}k$F;OQ^rpM<8C949=r0r#L1uZ)vTHybZfGC+@!`nWPgllv+4o~P6`@5ob|5Lm ztLZRW*`#)@&>Tb`_j?37)sKvodtssMe+k;}LzH7eFTmE%*^F&G@+6{XTXt|XQZF;y z7OY!xB1_-#9rC}L_BiplD)lY92H&{2w-$NnFEl{dJ-3gXP(x-}Q zx4ZZvlQRN2GxF*>dmEhw3Y{NWP!PVq>l#`Ajfs9)A?C047f8LMn zl$d#)^jmuqQ2pnu`w<@vBZ2QVNT^%%Kh!rTmNQR@F4SH>pdDg%`KpBlb_jsPFWtdF zCHI*ZpzXmZKd_A5UeSLN){zpJ13#sN)s$2?pPge6s9DBnR%N3H5Y{x(x&> zMvL0C9s-asLlLCUvZNmPV8u6gE-oeZ4;qf>6C#?QAWXdg3)8H+Z&r$aWHcDBGF1yo z-Tb@4ioUKu-#;86$Vx=M@)0RPfm`rAZemXzLhX_$E^pQ$)1P)vD;;3e)N;H+&tAmq z_^8!Rd|r=mwbU&5 zh_kWws10RhwshP-83b$;{5J^fePx?|-50vM0CX1EfA@@c&!0czzi(4zf4m44I+?!N z$OFz@zj7y@5Ika(P6Mz)h7K3BV2Nu|l=EGR_eWa!1n=bmPiwA!RO~}8qTXGy#D34M zzmd#at*y}R_;p78c_lJP^bSB{C0PonBCA4O0f}-lLWmBz3>K;ErC}b+JLa=)v!4Xra9fOw;k3$dPZZ z%=x_@{~nnN_4*Wd((It5`~7Y$6H%DmZf|sccCq1ccfcl5O>cwM`y6`0KABYw-z@mg zh6J!!7D=$gwxQb?Uj%-L#v}Tkg{p5|{O(SI{J8 z;B*ZW)^{zUffD5z=aH!rQ($(Eq;GeUMFbD^mzH1-77R#lXBQ()yH>0XS0*WJ_Ztd( zbkij*4W(q3z+h+%6LBkJG`jaeS`y-qGi%l#2T3qg>3nq(guSRKD?f<_3?m5{;ZIYhd_fj=h|S`!6;5joczn31MqALQ-@Z z+CjcnfN!roQBsKLcp}R9Qh0>ZsGsZ0)jwN z^pyeYEbJ@Xt&FjjzkAWG_#t!fDXc+|Z30WX9Wq#_Q6Y6Qe^_nC%7w7hZ~R-He=;#( zgN0*P;^Sb9>Er+0NC2m&^J2{b%>%zW>5I3ktj~XLq|*=vh4-1GCr@^pdai^3p;D|M z+Aaw4Y1gYMFPZ#JvxQHPt1{#~H!xzE&)5+)xF9a%VB(wc>k59t+8djWHw&N;Q1oK? zP#cwcOpsU8&%sq2y>x!0DW{w`xDu_t* zM=xshVPsT%u=a8njh_u*y)>$q{3ILw*?_f;4`-dxxa`k3`j2fE8~R961ocp`Gp3nP zL6Osps^X(U>OcW-I7w~wCO`gHU(z7JU|`cPlF~!=*BL6iUNwQJt4u{*+uQ{W8O;CO z2~FS<1pVn)~a8MLp9 z;we?39<=_hB4!8OQ-jrHe%rdFpHA-XxJY}H*m-WnsFancr?TWEeG<OnhVJ&351%j4ujh-qi{t5O!wx^E*ZjxBWj~7ws?wy({GXC$Dz)kTO~*@C|Ni0o zF268=^N2Sr$NgQd1{vw@Zea*S!Yn*E{)tLuWc5zIBEE}n5W2%Ap=)6n#r@V|u=mf# z24c^p1l@rE_@RH{(m8J_AsRDj63-dM0p1r_NQ*-&T*OM!A2 z42}%`8Gr~{-uvZu4o}sAv5;`}HfU&FHIi>yI2cPVs>sqw^&Tn}Lp?q*7Kq5pKsQ!i zDdOCKS*d#oX5-8(CT>|I=98fDtBhZno?&$$aFJQ_F{w>-i7&km-n~HhklEz*nircT zpfm(usUsuLU(SH~JW|Wr3G{j%mDGX;pU2vkilvlhwF!LN+E@#F>jn4yq2KPOQz3&Qw zexFha%|-QnjDZ9VLKC5mHjS-7O{DUQpQX?SwGn1s&Ew8caNpYQW)YBfL*;I-q`|7P zG_S}lO%1{9P=PzdVx}cv^SLAt_y;q3=vBtBh`Qu!-szYn71-#$z(c_PUvH1hvq%3*LCo7Wf$Ed=w)2oED8_WT)8%5W#h%odl3Oj3 zuTvPbuG2Nk5iRC;Dd>J9eZ>P*J6nRf z%wNeE?c)r^C)JksrnZxfusT7@u?gbw%{<$0OpCse>Y-77OfP+**I5Wz`SvO&&@X4< zCt?TeSqj@5coN$QAJ2spVJL}{#gMNxFzZ`NqSfwMiVefr>s{|VS{Vm3gi0GpYn*61 zV`<I{<{=a7 z(^Imvfv2L~&f*}0XwlzX^1ZK=?qgyz*?vO`TG~iZzsk6&CV;7$haO;$>mi!ljaj^P>hrvVF~U`Cbfr7*A1J4(wij& zh<;RQ%}wD9%_o)F#TQ#{zC1NNUJ>WdO(_B8ntzbfHInl-4pQ?rW=3v?1ZcZn5F<8b zyDzGvBL3yDO&v84O6+6s#ZOK@BXdTrNU1GmksJ^X(2WNu6I$TX&uPt9|7pL2ccrq7 zZjE98UOl=5Z$FF9`CI;4g9Su$If_LX|96PK#Ol^H(wOYu--5ZaPq-XC(J+V0gGlmL z1f!;?li!m-p*LCSTKiaIg^Jm;viQ@&!DXjw;nU;Z)ZAa^y=5C zAo|V7pR{};Ej!te7>eUHNx!}b$_XY?C0Nacrv0kStPfDzDFU2FXS3xTHIjUts%de_ zWsoMU7#Ir&d8?=;4Ska-ZaW`>t+e}Hh}%S5jre-iGkqGGrwgNk-*^e6l(KfXDJ<*t zheo18!7iApk4v-*eq9~>%q8g6xra+7JH?4oG}#Be9GGg29c#a#G6}Tq3@HPnIOSa zZyBR54{B99r_d9>wnDY;->>Y+aJ7&)nTrA8YmVSBkk+$QCYZvFcLWT6*qfzQM3vF& zrKG+OY8v5=6b;I%s#7xk44g5}eHQH?R6c`X8@y zl=?qjMf%OFl2ZTURieKssEczloY|0SO%4BMUxrdNRtp$o+5eAM6@K$74klvkm@@X^ z;B%x+;Xwwc^`f3@eCAzY8{Z$SL2QbeSDlXpO{-kR`-cA9#FIKd{JGCvGOzAgT7IIG z-;s|S&nVoh#o-J(5&pa7seUZW1xjsWJ%CM*0zH4P5Dz>8{kms?Tz7>hK-8FTR;BVq zPY*=R=WdA0udbN^F*2j%5PWN;lnlopDSG~>GOP4;Uq@oNlm9zE7Q|mEt|co_E^hmj z#3SgE6_Hg&62}NQSRFY2e*nusG`~`QSDYgf$B4wSM5;BW_}50IJv?jfg0!{agfb!k zF;jJvmfsH-3)2Jrjo!P+fGBUUu2Svhe=&Yx6*4gczKd7x=={*;z`$J1rG=fM63(R4 z#GLz<;aF1`;u`%^ean)15 zgV{>_+BS~R6w#N0QGS$#0>5vD*vG0eAsh0JI@%!M}7b z;78dkka-KOtR|fasyoq`plIqrIN+mh?9<^Xa6Z-OYg>D;R^+)PdNZXT6Ia>#6^i?e zUxz|0J(roWi&dZoZet%HajRhIEkRDbLi-= zCukCsE|I$%;QeRLtzr?Yo%2C>*o$zn*%e?qw<^%Zukfy(fnZA5UL7HL2HkUIau_-VqJsrPoDscAyka+=yAp zg?pCGtT>qM`*1dA9iarhn!BTqOx~l*smiP(o=_rp;E%7^>CD#!E?1&)fA(9Vtn^{U z!k#LLi5ZVZYTg$zj|9jykeYWUXkC!P5fB=u{Vk#~Y$>lW2o+~|L2lyiZY!}lAcjvN zDYSc}z9j`y#Hlm0&^AJw56$Hg^r6)WLyQ-~Y}7=jPjh4R>*Oe`#EX^@7#aTQ|h0Gk|a{(O45WEYUI5m^7ctEi_uULbc7 zL#8M&h8T)|hN7QZSfj2Q>=7>Bg~7YYJG`>G=d2MC%rHIAzQ(Rlv2!Q%MlPEpaCBeg z1$cSSo$Rseyp`Aix*EEZA?a#M`QW{^a0BZia6M2PU$Q-K^NbLg?ujo*(E~N}X5#eI zdBS^Sf}{vIfA1vGDD>u{*GzsvIDG-8G%g*+@F^lI8Fmr~ov*A>p7? z)0%+4Uf|_mq;9WtRr(UE_POQTo;ALhncnygc2Q+zj43RJPk=FC0;6!wd@D_d+HUbC zF{%eaGM(j?f- z=e;gE{@k4^uX^HGxMGmkG>SwgsYp-L=8^NM7b6;#BhuZurJ9dZRY0 zs`j*2!(Q{o_I;QsQuswQ&$}V=0${PUXSFoKGPhlcLS-qvpz}{q+8BoxIhM`c8~soP zd4Vc5AhB6M!;sGMuJ|Dt2YuJh*&BE&`2V9v=iCbFi~sEp68`_k-J{0;e-lrN|Gz@x zCIp}f0Voy%z}bc+ch3q9U`>rJbF)_%zwxwxpq};$l?m<@XM3u*kAh6bMgG?1hJ_YeEA`cM7d;JDl9|C@L+^#2qZH>ZK-G*CGp7<;`Lki91(?m7qR?N}=kQ)|GQKY;@9dm6T9VktYi+IV_ zOC72V?!|r^S%!gkuUz-zF!bhxvr<+zY4pLvBwqyVJ;c%;&QYLc9Dz>tSypd_RVZr7 zjF^HYX!lldE-lg1Eq$FMjQ;v;mtUQ(SV8|ot-QGL_doLOzlTS?xc#@+Id1g7O*|?3 zUqs_Z-D}jnV(K39%nL5M3s``${kEBZBff8Rw+E`bMI=r${Gv&1VLQa4He9;nq3ulE zKOCAYomWs~)fn2OzeMr+$0y3m)L=$}eNP@MV@YmBfxG+&UGGSF6_=PdeW%-2J!i=H z*rSqzk+xO*dI^b!o<#&_Y&yblhrAM4d)!pl7V~TyEoj|>|2*opq7OU!Pj*|9Lrr4p z!Z=6(!x2?vq+=i|KB{6DgcU0|N@qPz z<=E#!=YSmj|ESYFirIfV$Gyh>yOAeF|4-7mIR`Z7fXZfHnVmSikK`}w$OS3)_t3LJ zCf8?kUU{JBl_aT?=N4uxmJ_njPvk3-I|DO1dvz zobI2An3QCS`uv>t|0K!IS!glV?^Du;i`P9O^!Y-P5yg`%&P;#yN8~R2f3VvAuhnM5 zv5#L`8d&3y@$eK8xhlbPrl1RlB#{_PS8~|ie=QulBR_4}tXdkE?n#R=l4#k|PM<~Z zCg4%itMfyZbkq@f{b><^ArJJ|w`obZgacqInuWu5T(IZ5Z13(G-=3-=o|XOgWv-<8 zMrrz+LfrpeWQ>u!c^uDEDurEWgD{J*yyW4py36bEo0luJG{!3>3e|?f$cUnaef`ox zN0B6mTvB}iOWeXJbHfE`zx!}L zeEs6(oBG6a_R&oTB)0>U0_nf=7?W|p7Ei|X^2YUK0Lj0_IMBnci?vcuEhc z?W+tB0camSmVB=R3bnH$V3ec?4Vw7n)#cCcK3u}lc^S5i1-YI)Fy6hD!Y1T{04tn_ z1MA0Br%LZOE709`Yo2IqPrnr#Qon<@37JTH}MpW|7eu`M%iCU*{9reL6~V9HGGBJ8+HBxtMdw_Q}5EG z_4vm27g&wBkS+UC)ap%5_7-JWhQ)_Lsw3l?jzp~6{}3>ewC1j3Va_sE*s8|Z3^wLM zot<=Pv=bSxr?w^=SM$v*wh?*5b3F0CtFHq=9VU4h6wo7;d=Qk5n%os$wy!zl9X{1vHoO|Cq#8>u2q zvHIR3;~j7E81DfA?EtprjFj}uiR}63m=w+l0IGm4Newy&RLL%uQL@|uy{C34=b-HDcPcZ^*Km-i zYX67rn=XR_9)Q{UfB&d+cpTIJyS;9&(f>E`WZC~?G;WRn%@Lq@8mMPW`+_o0!DLX+ zIJa%%=^(xqnghZEJ|M)2oo3%psWqU+Tl@u}rMWVduZ4ai#^TydGHDM{!>MD4Xx(bV zKUbhzy?%9Z`T6fJENSV+EVPYn63XvWjedPre z%D)(j@}C2=6l|3RqH-8e;nJ1MSb0Eokhr>!txt%05W7`K40m!BdJaO;9dGyYpWVOZ zp8y%3`@H-$6S~vopMYmemj7%M%YRny@}F(>^6%Zh<(~u@pL@LgbrZVF<)4ISJC=WM z6U)C>@AB_$_ww&|7WZ!bYhcFb9t!~NjP6nbXaL#{5fB4xO)@|kr3N9;@1&+}*bXUh z|4aZ$kny?CGGNP007-bZL;`HW1kkV71km4Z6Tsm9=>SQP@wvy#UpJweRTwqyAZ zHnIN?>fQba+r9fA-9HmR5@dYt@$%PA=q{Ik5}xf?{zscI0UXt90yx@26Tta9nCMrL{M8_S>TH#R0h!?%TM+mv3k+$$R%m;mb2SZjANffZPS^ ztZ%>cEn}Tu2tLTawok}OY){=n=4kRd7D(x4>81WBAv{f3ESLPvqb6Vh{f{@%wC`hqS|!RA5Sge`DFx z87O7jHIFz{Ig1o+okG6QPSb=-Mso73Ns~i(IXR;r$@+wwC+Hloi0hw~F5CHH(KP%b@OS0cEE1SjbiBkhSF+%D0$*ZN`{B;NMz-!pDzl$W0v zUC;@BFb+Ec8bG}S8JqMFP-L0j&I*8{OMV;B^5m!k|Gx`^ri~dN1b0kisodF|o=Sc0 z%Ey52tne}5>t1KZ1Qeiqx7hC0TI&urwAQwEsln0+?2$RoT5Hed3)c_cg~7WCS#}R# zwXJ1YnFLR;I^2mb;Yq)+a2oKzhm~VG#^A3S;I@11q%EDT-7*?BUOOB2?;jiYw~CF6 zh-32C{a1Z##G${*GY0umQ{i2$)9UKUK9uM0h}(rh9$PX-auD+tb^AXM$?l?N!qILAzV`{AhaCKUEji!3}HMQsH0MnQE)O8uMhe3*v6y#ZAf||d3pAa z2i1vr2`4DrX3yODoaD;C7 zp}^sAG%*+*!IEYmQ>!wllv;!!e8?efF(hMY1J!V=?pCMH+1wp{y!dF{JcnuGi8zZS z!nc&XrPU!dBG?y~cel<6(@QN}&th6ur{nJ%FC0IFZ{A*>V`E^%i9HQb1dm(~HlYA? zOV^=}R5Q0$`@sn3;lu35>g*+Q(y3w_gEuO!4Pso{ry*#cz7_DWG_s&NX@`z65bSy< z^<|Qi#rRRDohj8Rib3*&v9~HHKcp*)o#MW?dbWJ)1{c6GGtYHwzo^@DN!CO+K3^Ur zgB{n&gaC)HnQMX(lkh6c2-?Qb#dJDIF`0Jw&X78DQ^H9aera-Tz*V|}|1Wx(d7!7j zXL{V(6WN9I-oQEWU&sB!So~MNchu`O{=b`eQv822Xxw-MH{QUN!@(lHx}eseEpz_O z;QPiE_<_0tXVCl`s(2(FgK>?X&21Ry3_jZvdjuqc!-!3j>J`$Up22|i-Dof@hGz8{$Lz+4!`fDrOeGy zvA2~?daw_ucdZShtjs9i9~~Cp6TQ*?*>vhzQ&hm7oxge^m)^@^4#zOXs|LKQ4;9Ub z5=};u5(_Q0U_zhFWNBRDCA~0^F(d5Eytae^6BR7rxqzEymuQ-upe>x+W(_nr8pKA3 z2HY`Y+nE_q#-$fls0ZERAov}k8O_HmWR+AIAVIPZuCps7;xP)^>ygKgW<{=T~- zthT%Z*Bge8xN;jZ4gt_9|FR^nQP^xrNun^wbN8m8>{u6jTv;ScS-y=-*nYKFk$7m1 z4EKY@I>oWe=tjZo?72@nMrtZka9br_GSlUBUcZwE+kd$6hT0(+QlMV4Ma1-5cf_4ouFb(ouO7$Un43fLIUErtX$E?Y! zGwincX&@ChwA&q=-w?hS+RnuN1HUAGd+A9YshbDyjJzr)TLVp_9#}SBbQZ#Nk$7P& z1xHn)OOyzhqQ5BC6AgE|Z3)}b!E1vUPQy=O%zA!<%LGOWV{c@_v7*6W5+{W*=--&j z27w8bB)0NID=Jr46^5Eks>0r#1Su;WKi{#VAz}ps5)Cw)n@p#8%hWwTdISlhN$_G< zympk&rxn97YNdg-$FQo@EMU|pyqLv`yD5O@LQ7q4hRd1hTYr#$u@WLEiy-_zzYiTW zxv5Tk5?J5pKcy46G?E?!)lq4|L)%@Fe47a_@RLPtK3SdSiOLF=kI>AYoW@`%VgykU zlkt;;FZTw3P9f*ojWpZ|fPdoch zc3UcnDHlYq$`*K;8KRD&4JqZV_)LXTZ|L9PQ>2|Id5d5wdNT)MaZZo1l!~<$Cu~uS zC0R0V`{q3kF_!4W7z5ny?E+59X)HVxZvZ!(sBCfKS)~8X@oXiwd~Sk7bu?VL0sNAo zfh`^|dN1&|NjSd~1p938RZ-mB`jmTW@&9ECcG`VV&izk!ko5oU4I2O7jXZ_@e;JLN z`=I7N=qvL6<)(w?vgm}J-M8A-WMYki)7D$}f=vgg6gtF7*q%B> z4DUcsZQ|FrYm^7!&(@{;ll2^zlQsV7_KY5Ho`r$yk8tvzM{_qE?@wKKI=6_Zw--xl z!65;Ad(ayAo>26&dE+O(+=In2hK>&Wr5o(ofrB>M>T$aNpiBSKb>EoI?YTQH=7Y;# z%VV&|BryOrOsOef3I@&Ffo}j%#t77f5zL}SA3Xp+a9zw*u#9G%Qt=k8|8BfMY-IUY z>~g8>K@D~-)lSE(L_B`9ji$@!D9ldB88;VsFYa{P(aD(HP^4OSlIK^s!YaQ6NuVJq zIT@{R$PBZo@vUs8q`3f|4r&#bD3xsoc(zn=BlPZBGMMBK{>Nzx*5*?TKsk-2 zVp)~4?)V~rQ{{){YY-03=(aFXoP=}QCvHO9NkI^h6m$k@f{fY#pQlgT zkwcdtEy#CN+bl0ZStX1o?_yZ-*%G@8#t_A}D$SNZRw~c{S?~@64Pf}ZK!XC<|H|SIRsdx_hgtdw*;Iuh8$@{}7qF3u5DkgvWXA6K#NT)AfGE_&& z4s?(Wg|G^(6^I`&|6N~EWlLzXH8b%~BtZb|XPE64)|zjEjDpwO#PD<1>R;VzE|GHt_oImS42qKcWvUv6nJGE>7G4aj!^9K^N0aM= z-VMas=^c$Wpg0Ga3i zZfDSiGk@&-f7ofx{~LLvlOtbJQ_q~3j+v<6&A(?X@SJmi|01#>%I7h0@;W1_UEi3? z#GxxX`NRkD;bc29y?w!F{=N@_cr=scXDvs!M{snTxr-u)wVV@12JGqQ4OJ2_ay%-~ zC3%h8ZE=4o@y?0S>bAsy?6^ZDf2kwnBY16(4OikQ`6z}0&JkSPa2bPC+5eZ1yu`Ga zKbW{|N%(A?h_B%Xyv~7deih&R#{Lo>%`Mp21L6X4Voc1rZ;2nKaH4xPhOZr9j_6y@ zT+S|CcOKYF_^l&;uoF$uzJ&1n`kVM_X*xJ(8KMYU_#Nj?<49tikzXgaH6PREqfC>& zO3~yeeu3XcAlBRk{-P>galdYt8IdT|-=s7I9N6P?H#t&k24D5#zT)s*?=be|CmD6@ zyIcG&bxeX@CHAlt*a0D1tEGN@yCmPfNA?7yZY(t+u9FuYU~fdQYKU z2itxBG^HJOGdQIGgYFbZ{NLKC+}4ULVk$mCY}gBvaBWZdL0UP9854aYm4V$i=9 zCepjbu0_>ZPt9;@B>`NRpE#Afoj3#N!l9cY&5_XStzVd{`G%bv~%Lc8C0mY-V5<$I)lg(Xtpz^q$xw*S`B;Y%Y^ z$=3_&!f{ELemCv6}MP*ixpEl_vrORUgtfv^VD?= zO!*v^^0^Br^^=_0LiCa!-?(EkK2{we7LHb;9o7xeQDo`*0cbx-am#*q={muM{X6M? z(D`eujc4iKCEsVhN>ByLVgb_OT@?0#uqTlk(22F)9z4_h=!zE$;vAGt?<1N6l1mIN zFJ~z638_&g_q!mvyWhh<-#Jkt#{Wc2l3v{@{i01VB)hY{?#U zH@3+Eh?l|4{00MnO(;#SNX0bmJ!42T@u5}f+{9=(e)j>fg873cG;w`$EYnVr)j0Oz;>MB z3HF@t(hpV(;bA%AcXwoYewTJRSf6pe+p<0-ufhCeZ?@0;^n4HBhV7{|D{s&E6vb8O zhE*Ku*q%bmvr{w)!Sviw(-X0iXlo779vGkx%K)Vg!~NBkZmEq&O~uOb81`)Dk8D=a z+#%7|<@VmLHMlu@PGZS@2+LEovGrD&QeeG-^#;~k{^fnM-pbEzXuTDA2dp=+-g3{u zdfRd9jot)u6Z2~)?JBlN4TcpMR$y4=>ya8(%t;THRpFT|hHiDs>JSX8`(RkrnpEA@ zO{z*(FsXLJq*6u2>8*Wg#o%cbbx&+I@P)B_V6uV9ma7MtZ1FRh$yRh<-PmU96io>* z+U~2-24Qp$&SGuIA}6JzL0ktxsZK&buSyPtevj3mQ&Ypu=k$tsS%9_GXlESpx6$+ZMs@h z`}0I14-;+^za`30_Qv%jZxp9~u=y;`#il^oRB69Z@f`|EXD=>XhjX=#l~d8<6-}3% zkz!B8IAk$fPKcGt&&a1G9JD&EL0O@bFHpu>(kcw9@5G}^hJ;>n%oM_S=9h#V-)i+! zf#1vebcAJ-oE_jU{3;dV3+(*J6>;@_V_nu+d4F0}uxf5MBNInhdG?au@hV|&3>sl-vzNtCd^`qv*1ix{9-4MwBK2ZQys@ime#n z^xZFb65lx>$oPKhj)kVX{t>Y0H3KDC98T$Nx?%|#`awniB*O75v3*?6aX-7x(k|E+ zC7U#+Wj7uaD|TsLx&md!FH;T$ZKl#bmXWk;$~JP0!vwkHnjn?-3PpWoU+Q4Y%8^#| z#?LBmu?s6IwkCh&Pw16qLPq8au-dj%0}5Z|8s2E`XKf)R1Y6q*>2$mjvlcN_Co*e+ zz55Y=#)<19&ktY%$M5ci2`mcYUxx`?^rM0a3?}e4nZTBXo*>P$T?+?z34_?dGS0eG zuSZjBxV~?}a*p3^)^b)H&pFe(Nxpiy?nfgPC&Li||x* zzhXjii#ByY*TdgSwJX@%U~_Np$-KO<^`6g*0151`Wu$WuVLhXr!x8Hm@mz^)@IQKh zP&S89Y7TM+lyWO5B^N3ww6_7pJWv#~8y9VliRi)s6M7B6K}U2?No6m!G@|60935a{ z4tf)z70ZA@2^F|=m-1xKDm@ljwSO#ea8=<@BJ@Wb1XR8lVmla3g>Q(t$EB#q5}XKS zdMvh22o^o}iTW%-%tT~TtjaExzb71~WTY~pl=6{qqrQTX5)@fP75*ZMHEyXcBcGTQ zj0uddzeX?4{bhuHvAxk02k4FOxx~yMZ28gq=vAL0H$*o29?#}zM09I}94az=0v4!2 zl+Z_0JED{e|AK%Q_Ub>Gw*mb`w1Z8``)z+3MT_vL-JZD7ba~zy`SbQ7r8E7QPW0?? z3;n>paZZG-gM5#C6r<%Li~?-W(SPXvWiywLft|V!l0WBkvHGe#B`q{r3&S=k5x3{I z>$T$t!m=OddxcU*Hr(bE&K7M(HVg`N62$ODI%>1hmy$ z1|+>7;t2WU^p%s&F+?!F9cAAvcY=0*m-0PE_0JK{7qraizJUxfERv9OTCi!pUq|=?ZU_>3_=Cjl8{vUv)Y{hBt(us z%2g5TZdR0$a&Y3ba~>ed}*ucE72tb2k_Y3Wr(M!qp$%*g0?MU`SOeU;M!*I5pCUW}K| zV)p$DbC|~lNk~4i?1aTET!IjSVqx5ySkcfF$WdH&mLSElA#V&y+P55TZuH6zI`iV+ zgVNuf@`IjLrYIqyZt3rila1eR`F^25Ia6K#X;h2yM~CH)mTS@Nmmie&j2t-ScFO9V zaAr1m!h!wMXFfIKJn%2VoChZ3`0xE3?lYE5xf|2pKYRcB_jhmp%-(!XxqHAKUGIJQ zVj}E0==%CANZXLATBRLJ6`acB{L2w{%LV=nx328@Oy?VxWexj%M1LL(hwP`-<$u%E zx4IqF=^YFQ2ZICapo6ULL2uao3R#^CvSQTA!YUE!S^(IOr@8ps3znp~qdgOmK6@Sb1QyVio4HoE=sDhgNX;YihUia* zEn_l!hJ$EMjOz*MZ}ueX0$hF29=o1BbN@_;3)zb=iO@ceKl1GaN8j?_s7Vq3dSOSS z>9;G_oFFgH4{7t`y5t{}>q*9gdb;DH<97K@@$a;qtWO0r`6fLfH8;(TaVp)By@QNO ztF7cyVAp%et`wr}AiL6P@0eJuR#Rj9pE-Wab=v=3t2Zdy|K08o z?El+HcWVFF>!+CA68oRNX8}V@RV9on(^V-oRaZ>GtU=Go6pUe1wF$5N++HLyo%B?+ z9u2SEb+JJTJ=eJBV%z9G_8iy(ka%jU|I?+s1|~qA{_pmzvi?7?2B80MBdt;Yr$l_! zw}m|#1o%d)vFqKYX>Wk(aqFq6{+|+N!yb0D!T(pa`k$!%VM+fFhn)`S z|Jz7($~{VjO^A-3BgY*@$T+izF!%+tNS;TA+nG2fD4DG5cuXbu)Rx>xa zy;#(gX?va@F>MoPF=*gfE1b5czE8JI(NjT9wl8Nkd&>V>E=ZR+xJqt1q)HLd3jWL; z(MV4AFkFsC7(3W`iq7%a53tD|Gi#50cQ0Jv5&d=|FL*ujeM6H*|In0gylvIHI z&i&;tMk9aeMQ`;!O2F|laHFeZ8g6dW(tni(k=LRvKp+q^+Zz#t)!-7-WQnR z)c=INk4bF!wUNa}+rcEHpENyILejS>Ma~{s`y!l@Ih)9WCI(uuA2TZr{fC)oPtmum z*l&L;6i422$?)xOg(BH=Cz(Wy#Kj>aii@S`Ki?9hSjfo)AFq(2T{r9Tmvmc{H`!>% zlh6Eu$CNnfD@82{Rh2C?>J%=|X-yzs8r`{iOW!*jZae3prkYLVaar&N8V3e7|; z%qcsHeQsYKq2XZAqj8_(kk5@Z6-Ueu=O=G=MH`mwxy-ucGur|i7e-(v_keSpS*LZ& zoaONmp-}^6SrZSIl(%99WztLOF6h4%mWma5$`zDhXP9oGjraPH&k~WDNJ{zymmhG} zXD93Pr$6vK?DtpvS0$=e;=kB}ZWn_Qnm|96YW=?lW&iJBI0XOitt1UBSHV-98{!Qg zhS{=Mvp6$ah3%X%fwESAr8>uvPZezxV9Ew`C*9oM&PR}kzvrIaet%=4Cayd`oW zOoRf5S5%q&SO80;cFejCh_u2?Nb%mw`a(>_4{b<_(|%3c^WFZq_)#LU_@N_Qt}Xl^61ze<6SXKota0}e+dUtRCT8Ab zLrRh>`CIiVS>BwSrGFB&KRrT5o3uD^N1?H&S0heN27`_<-FusqS9x(nnJZe%(0=6q zn~3D*C8rEGe9YOtwhF5yrnTT+9b%G#&AkYm1eoLl#4sjOaU4Va!F?*oFtE`Py<+X=dz&5*JG z|Fxd9AMdxGJpTBR)$x(R3rEJIFWqZaW9AvjS1|?lNhSBnUeMH<$#kQsqaHKk=F#JF z_5Y%7NpFOPJ@%_Rf4>}$-AiPcMk0yVvxZpq%_bwJQ69^fx%moS!TMbE)K(++(VT8= zYLY!#%_MtNQbh=5V@exS9Fgm5#xk)v6|+8FpkNF{2Fd@w9sz)r_}?L{|J_Pj1^=Z}He&@W4#lYo@O7fR95Yq`U#z6GDqj|R%}|TNRu+6K zw{FKJN?{>SVJ_E{Rm6@3ahVt2Y7v|jU6sMNEpS;o5=P0Y#)Qrh`pb+fmGK&P7v>sq z)MQ*zqb7NjGio@r<;3x+Mvs;_?a8VTeae)&<5SgLj$u; zqsEpyvcs&OQ}c|Qa!W6AXLJTeIxUDxdn_L%x?Zi$Y%gfqPUOxa7mRI>)Ei zVCU%2I)5_Wy0i?`KP_3EN4Q?r#t-fQe}Xu=P{{5Boo zZ~24l$i|BnKSz>o|B8=k)jg!MJ-2D(8~Ne6V;n{)gJsJ~1hcpvgALr&*gNr&=STFU zONtI%&t%T}zo8#IqKzDSkgK1(jHYggsK=lD6NC{96hdR4#^2DxGU+MAM|+z)#{)(` z!)bb33=>3mBQTf9B zlxRlJ;6^?RWp+Q~$4pxJ5j_()j*mf(8xnT8N>0iqvOHxvM1|9sppV>n#P$p=mchag zaY!=Eu3D9Q4(g6%PiSyB3S4%a>o!$gc20XX)b!BcYDV^sp4;B-OI`}@0Z8A`%|BM< zRpqX<^h9^Ti^}oL0vaNLJ;5pR>|J`w>{~w~{V&QcK4Y2HRLH~e@x#VZ`Cws#9&xM3 z+q0Ry2&H%6S|s5;3billfYkkiW(JjFyXID zEN@0i_jUL1aMT|PhOj^uOwR57ZtvhJVTi-0sBb+*R_obe^*+^d@lL;Q_iRH-^_!v% z#ft_X<^EJ<%5InGDai^V<$M1E5u5i4#aGVI6WytXp(ZfeKPR$;+p1KsTm)`JWQ^;f zo<*d{RfwkcXN=A<_Q?B?Usk|&=7k|OLatb@F)^%(3ig+i>3^&0uXpc#F2lrLPOwx4 zrDSvaGU1($C6O%|vFjzob)@mVGBy0jNYk62cyMgfTyKc9!a;J;i8PZy5~gM4CH6`M zRBu!%6T}gx^#VYk)XPaVIp)NMBbe!w%h}2;L1M~!fuQChR$hF46u%ORf;%ST)uYHV zeopvLNvi1nh85(?l`B-RtFGXR<8?_F+1@3$G%6=y^*Tvnxp~C8!H!B4&|Igqt+mWY zHyaboBfNa7O7Zhj_$ao^B$i`B5`3ERYd34O0=?~)-5bp23sv&H4$<+QXXKw}hg8XTp4BRO zs^m0zb9sH-mA^Ny|xt-;!%BQ{a0Rn-)hl zztx_)n67%3^M&roeg4s~XS0vSQxqTMPaZsqfBk4wuV55>Q18Y_LB`58krMP$$W*>K zQs+am8$!!zwK-C_Vp2WI36gn{8ws>e#^N#h2Rb}#S(aKb$u5no5T=(%-hg{!OcfGs zKBK1@DD6U~%<>}knYty6eqAEgr#)gk-+**Ybo9mqEc?LQ*o2@rVGBtm zmGKoyeZ`zzDKBSEntofUYsHt*my?EA)3aey@}~a#G-Glbe0?8ta`_GM0&4l4@gidB zE%E|l*}d}RbaS^Z41|(cdm!YRK#X)NPX!vI&bW%-{}9ozGY<2VgunO~g0PB|h_>}K zRwJ^7-0Jo5h?FW^tEQBRmt-nh3rz)ekX^MK_fC-*)}>)xT9Rpv>(aK9Tb%y!hxeyX zU%xtq73rAt0j@}^ur#bl%QM1?G^|MHsbED~k~CJNRay;Jq-6!{$ci+zIbcberCVE) z{)O6k)pcoDjV>lwjfT}|T?i(|R#HGk@D9Cz!Y5$KAvW6-XM0ydM7`GMS7=1cp)FZv z9>Ov+EHjIXfMsSWx&~r?v(>k`htybIBQDCFQ^!<7;d@=05tkGdNM#5PY zd(Er(UHACdI=;Os_M2C+*FET;9Nu0P2hFSa%IbdC?{5eRHVk-Bg2p)Dp+;uidAvio zoKr(!pIQQs`H!>Y9-X5K!a8G;|A_A7AI!Dj)eZzceEIS}eHqI4^<51CXU(rck5PwxBb`Hgiq^l3RYjz|D+#|^w4 zIxERJ#|J$eA;8fx@UVj}+$fI9C**_6%g0)tkBvJ%4#4pNjt_AW;P{YIZj<9TV%Yy#_>y`)s>x$AXW8EE( z7q4M$MtK)-7rHe~fOu~c@p2>^(jDY<4gc_vfY_KB*-^B9z>qNARL(H)Ukn4=XySgx zUaIJ~1L~@Fhyv7QlmK-B>Xs-0>J~|M1?tAo@a&JJ&1AIzWI9W}qwFk}@<&rQjC^8f z&(mD@B#0HDXP)u~(DNi_833O}LI9tlbj#oq76jLeI-x&d%eRCQwtS~`fi2%#z2%!7 zIi6dofA`b-)4$$*Apd`Hdi?!gC$D~db@~c6fXAc{a0B?EiU2l%OEba-aM%Ezr-BXO zk^~#TB@KHZ8^D(ZacY>bUE&f@yq#Od zI|>s9urH?s>K@0Pf#KnDzE78R_b>e5 z6M@|Xn%IsL@&(^7zxxzir^uWFY}X@g^G0l;`BCzR6nXz=F#qlGW479y&^|>J3hdDG za8mIEk)z}VZ3n>g1~8ql82Xv=7<%Cl>y5A-p!6akpmb5XWt8skW@zuWE)_#}!V>Y0 zgTg+5LI8!5A^;RhDFGA~Np=_%I(QLH0S^KmR8Zak51vr=0x(!41TZK{x4mRLr9AS` z@yiO!{hy|4q{W}8& zt3kK>R_pNaDH5Q>7%P_IcF(wlx>zyJo#Qi=rM6X)7fhAr>3A=9r)t4wAAgWizg6s^aUj#nA zWR4#BMEcK*&gOXT2Uln3R}l^cK)o4G-(4UMm|H;_+hK1Qs{qa}5(3T^rCY|?Ond=0 zTr1XwKII9PYetg$f|O0wEwhQG&4CT4D&xt);%}4h4+2(-`j=U_8Kh;vxX!Nhty26-jml z<4ydti68jOh_W^;+9}I==xFYB$|wNmii7~?LHf#PcVI$`r^w!k27XIe2U@XG#N@iQhbJ6X$_3<={-BE;VLrqEd`n zcy9RYf*pmXkXS6nA4?ou89b6~j-x4F$_xu?dQt00E-whh1XC$t$cjj~G1s69p`be@ z!)?!Izs4h^=)^ozG#bCAK9Xd>B_=Vkgou&u;1{zRw48EAa<_);dvn5)ZcSMU3)K{L zbN*qKKH~<x`XcP@LPpr5ksL;O_43?(P;mNP-1-4esu)!5xCT zySuw+(<(sfWL&uJT{ft-VDPr@)3o6SpBhm71bZCG*R7;gu9?{rZDTaMcm6 z&Jw?_^op#G%0X_@$gp1q+o9Ul_5H^(wWu0s|E^0={m>6tB1)kB!qECL#`Lv!Z_F)HIw)-6g6F*(^Xsohygo{` zcDdT#p2ChABsG65cd+xei5~PiY;(w(yx|rH`{d!;{(C<>wE8gT^t9^205(J_bEhlg zB@6cn1cc%oD}Sq+ALdU;V@>JzCHK$%^IUOKgtg^{mJPFG_E+s8>oF(YD9*!6$U7ev z;<94d=m$loBV=X(;>jIiP(VPppSX9E`$F~X3#@k2G>BOD5=d#-u18k5^$bLzt>fFJ+Iv!nt?S=!5aD z$l~Pk^txnH>sP-&HGgq+Qa^Lfask98Y28zhx+ z9{HqVtO>^B9%UR8sWbS{Bj93QP{Z|2IrS4-!{=6NukdvI3K{8P7WA;r{is-Zv3c*1 z!@cnuL4zd_i2=c^S+~_%xlv@bL;D}^m%;Qm*=|%t3RY;*I&dD2^UI}t(dj8X&OMsU z#HDmKk2^O}Q->29l#32gQ#F^7>%+JnHInXgMM?K4vE6gVW?#+vOdnOAp!GZPmxXEL zl`D`}yDgqMh9v|CWsM-{LSn)Ph8`){I$;ppDd6flTcC2=3_T7wf zI!mT6BB!bcy`2s(lXq)8Lg8n(3>x`+TE;Rz5yT3UWIWsUO!FWN?~|FuGmyl?-@BCp zO~B}ss4&U*SczCVTt>fxuL;2xGf}bLF=b*8#qCShPH@} zUa79k{mHGTR7@AUK|sp-K9yQ^nFOGN zujC5zq95jWYBj(4asBLG7b8Nf6}_WGe0@QUA%(4vMVT$A85=T1&?VYYpsJvXK}nQn zn_b*=dI=6N$>h5RUktq|xDlL%zt5OtDReMM78p$C5vKcLK|=mCzUVzGoZ8~hbRFaA z@>p&TJcVS|YFY@Fhq_k6aKnuYhaYK%ROOED2ex@%5MO>w5)nThUSVeqg7i0AX?xun z6zZJ_|3gMglsT8ocVVxU0;%VSS3`n}f}zgX;7f0wSoij)(pc&z#B+U_(>1cSNK6UW z?fCDR`7yyP$h(UOvZZ{To_9y2u$p0Q-;=gtOk)FVjd7p$o-n5Yg5vIU4sVb7CsvR3 zaW1?M@(Cwz*jAMd1am^Cv?mCNw=yy|FQT81AqSAE{c2>OQL6I5QK}mHfWIWU?`~Ie zg3|YJt`c0*WWBk6??64#$f$7yl#!P*dQqEC@Suk=Bg$a&hcjW~T1;Wyhd zNo)K^-FuM8(C#D<)KG5NwITfFpKnK&16tagS97PTFL03N4H3_#qmlC`GzIoD-WZ~W zEafJ{4;f??Tzt4L)*0W4#W{uieDZ~$-w}YS<3r+`!t_!nJ;=UJ!q!enAtdHtW;0j9 z4Z$m3>*-;MgTvj$&^So!*FqBKEof>x$0692AFH~{!Z4=@le`s8n%a;gwRS-XAM$Ze z2a#^y{X0J1Ed&H%8*Y~X$S{;QsQj|edom?|}5^LWdR>@1Z*3IonwE0_M~ z9!C^!IWGMvP9~#*JtWf}i}UYGl`!$Y*Vhl~pK6vHAyQcWTxh1?Y&){n5w#r;!4~2F z>L-`1*~+PZA=XPa`p#rhu=m?*AR_Im%UM2kb)JbyvS5$f*{Uh4{xU7The~PCw}3m% zZbnAofqqlXJ^tJ@&#ooihQC36!_* zEN7pr4bFK9QdwmiZBC-=r*zQj7j^pIYmL&C?3W3UUqVuaN3X%Z%Np2#Q49VNPpmOJ8$dP$en(&eD52pCk+R!VFTka@u2WDafUkIa+VtoWNnjz=F z_dB4h4o>iK&po~lSrRDPrV+g4(guy29Y`LZ2<__6oPWvT;?d(e%#62~b0Xq8d*~#o7!I#TMfP3j z%NQa-&-Y?hNatbNA;O^yKL;(fY`RH2uCT(OS3jUz&KI_?z=n`9@Ylug83TFG1yc~d z4?b=mpJ{C%izd9Xcs9>B=33Cq&=k{5JlOh~toML7$4Xm}CFyGl@MmW=CeznHOADSz zbrO%vT#QHuuo=mcXc@_r)Zi1Nw8a%XjF%hMu`QBNO=l0nZeQ28fG^MhG^J?+E-2jY&Cbd&1d5u=U z`qu1-T+l}F1F&dw!LiaQd}{zEWtQ?xN%ZXF>(F*|TT78!OS386fT0m+kfAVCz%q_8 zptfNSU7W2jQqTa+1i%*XL%V<<>I(;G5(5ReumUuh@jEg})^SXc*V-Y}09yn1`5SEY)J-hGPI!Md0LCXWqwnf*!IK&uk4GA=$!w0S!L9JGrtD9SL5V!|yow#;b6YEXFSdvu)DiBxtMx5rHa_ zeC*!=vVNJQp2J@v0tO$x7qP{rDvi&EaZBm>Gdrcq#7MzMhNe)#=6@o>efO`;6nU40 zN8gPmN31;J{M0AXJ&n$2W}LdA0X)5;g^CCrO%B5M>?T}I{18Wt7~QehwE2AbY|%9k zJ##69y1qFV8<)+=naq>4=2vJcTN*w7tFZ>yq!ZRRg_M;FY6_#CN0O9rd!n*SY);eK zmoYutGePm|L9;G%{5I^>^4eFi0p>4oJ_;waW;bFu94C-zWgSPZ?^gox$n>I~BV|Mj zNle{y{!f(@S|?D=;nWmuH^)3KhiG#ADej5iew&@dYFD$zD|kcnxGmu?TeG6he?6`%MA+@Me6Ku%fBInUUo44?dV4a)HoBAbJZAKIs3e+?AlJob z4+=2HUnATRAc#PmIPWmih3b8;cH!#U4Y;*o%-(l6f!><9KW%3;kPGC8(l_vdu*6j{ z^vI`19Ba93i6v~_D8O%3vs=mne^`1r#8qkzb7P`nA_v31 zYnjmf4I7!hz_@P%$Mid_>Y|QbhXKB+fKg<7vcvXyJ7r#SEsW`DUEA@RhUB*4`sWotj!(Q{uX5jkz{-X$k2% zqb+x41d)m5{W{~uWR!(oR4H>1xbL6%;l=8UTRh^{3 zVK;CrvH&mx?Xf+u$t{x2>yfQD$xWiNh}#;^`Cx1tMVg-0DJiBtPyf<$mW%9nxDN}SPlBgR7KLn)DtajGZ1nmI@0vQke#(Nb68_S*Tfi=we=If zyPQRBstr)&b1viN8b!aIOl&d^n*2t^F6!j=RWJc6Y}x`q$&E{E*e16CnZ2;*;agODiJ3X^v#Gi?oerH$6AL0G4OTebkba`5uG z_OoaKad=^j7elBGT3Z@;dDD+Kq0RQ&{qSYTbHMODDx|(re8!Tc9*xqox)stve2F_B zf#OvjMRTPqb1yvoYxXjzjD)3-c~ zGY#CmqN7+(C0)GPfrL%$H$in{u80YV_nGh=WR68rr-vQr#yupQ8jh4=KPx}Nr=Lm< z1H@L5BC~zOmgOo=+ZJ<}y?2GzBG|&iV3R>RU96##cMp(89_}5^X@zfZH;``??AYNT zULs+??D!*@+F#!yzb%Q>Px1(}Q8h5TYM*6_K$VJK$mBZb?|VuIFbJGhbS?%h%m>a{ z{+KxqoSF}wu(UX(Q>(;5A+u`Zd6Z|)u9I$5f^0p8(6)rooR=(}mnddW*5zGMpm(z` z{PN9MTJGdbQsS2MJ%d3@y`}Q1!21OSP|#Dx3no?TA`cQb8exF}h7v&m z0D$im{{HlY9X~YiIVd1Td5scqRXuhU^oa}MdbJutK@j8=zuHr|Kntd8s2Sr5juP~> z7T=kFD_M`)*MNY_I~KoD4R^;WC)ywo3;-xf0CW)nm~;^h@qBRUF5vW;Mkq3Szl*R3We(Vl?|4g74TL2 zMCVcn{^C$*4!YNoD9V-zSvP9uxQk!hlnF2-C`B}Ra2DWu<22}Et1SyM3>Mc(9H)7n zX;pi(gxLl{Wgr9CpLP~~n!p!%iuBY)89)6nutH%)99NiGQSlhNSYlrUXe$AYiBH(cDDMt3Q$z7{YhkUVBl|!c4dF!5r zu6fHez!5{n@-9TJN}gXZg6v1^^}<;8{){kn5@Ch|4Qx=vGm zZYKO`n}bVl6jHy}4a3=k(p-r@cND0L7^{G5GT65R&m{q<5P-aNQ(57b10cJXLbD^C z3!kU@F0$)1M%j1KNMD!6w*R#H$EsHMX*ErU%2|f$P8o0eJpLMbE1&b$VoU`7%6m7M zq7p7C80rMjEaa=eA%5bKqi}NsJmPBXPky9i`M&%B%Z1l3OMQC; z%lXtz4TaZ3yqTO-dPQYFom0*{e3^zy4b?;>i(7-h9c<8X2 z_kSC1<;^3k6@3TF<+N6#l7}h2dZop%=ycpQRZiIZ=(OeXbNSQnj-!ySCbPLkg50~- zve65Q0WThjrV+-_s?$cGM7KnKW1`#@=EW;54MY@gw3@`EWX7gIm?U88zCCVP7JL^Y znIj6{b0iWly%b-Y!AinsFg1KBPjgPfp^pWltv~ZVCZlmB8OVt3!u6LUoHBawC94r8 z9Cdu0EJO}+;_TKDe(t7UNrXk>nDMC5g#j}V9n{7c`$KDID@^`Vo{1e>zwB~Gu1+is z?UN@lP`#Olf1~G1Tx)?mhUTYko%EKMD7hDVkf$$#zK-YxNi08*FS)Txr1(-ZA>1^N z-N;j6E*YFDtQbB&;)YYBhekEYGIv#S8u>*Qs?#t;KerF{GlzG`IrsAKki6(M9GFDA zc3oACsKc)<9xabItv>Is`6#$WeH(gU=}lP$180&Zo%eg4gg$Ca#*f4Lp3q+|tJ;+D zAvJXs10k?Cg9Rza<0m-T>uP`B|LBWPaw!V5z}``PXNK8f?m^zIfBRutc_wl%=H4Yw0!QHe2oBxV-EPiug?UU0F`jH0g{8`#g`K7}4b` zcV|c|W1!Gb+HM|h(x-AxJ-!~BpZ5Mvw&{j{&PbI%+rHmOW~3m&!q7Lk^nwU2@|BwZ zTcd&RpxsvE>xOZCL)+qP+Di7)LaQJ;O*K0r{E1q-Fj?%Pojb=CAb&KCA*Te%f~39}*;S3dbr zj1(dvW68TBR?yZQvhtYGBG-HBy`FFI%R?T2lPJl}Fw!LcESvzU0;{URA9L7_EHUu^ zFo$DLQv)R>A8n7Ike>Vkz|fzDM=ef*EY2pFo+zP7(PNCnO=fUD{I59k2+s1`3y9lL z_S5184`pxO${x@s4=AX)h#De5Bcu!UtMCP>8b(bK7atN{>wf>yj|}z%%C)Ko;*qg< zf4t%HfdA$Vzs1K4h*d1w$ZYNeNtLOn?9}`tAAMK<$VcvnLpa{9p~pc79(&y+OKkrW zzRIbOw`%csR;2zpY3m*3uSU@f>fDKk_GpSK*Vi-@V>GRV=^bND(qqgdGDlF+s_!0X za4Csj!e71;$IWZ05aKB5T4^Ajb^n1@MiscmPC3u<7>@!aCUNY|6msjo;LUz(FT$wtIR-$brKb9B%0?+&8;nOs1 zbn`wneY$+q*GUiUi6ysS8($2z7G>pTV>Y>>H5_}GeJnI2$+3pdckXtY7nUb(6U2m& z%Da}7T5`K(m4!1i4MO&!tbv-f3z1!&B{wuUHHuMDB^!b)Jhc27`Uodv zioIV|jnkfGTUG@PFa=$uQ*2NlWfhh4jidTn^2GleEJd?M6hW7gvHG&U(XBdnOdufc zbxK{UGl{4UC(`CxyxHW@xMU&{KVmjJ=g`AqR{15G1RP=?$Tj_3Y82sUVvJX~)Pi+k zp>%E!Y>r}k5LkpKBbC=I@ZP&AHLB!v7V2`Yjba=pvp1}%y@@5D#pn|Aw-RRpdAMhl zB$6JH?pJrn6ArO-8R4foF$+ql^`;}=#3=5QccvYilEVrBFvA84BOLRXAVonoyL%yciZU>{(G^2O4@GZNDNp`q= zm|~PJ*EbU3DCO%(%;#uvB=n8x1BoUZ!5K-OZ?TVSn~mzRNZ2jepE^JUNFaY{k_JFa zUs(>2>RHu;My8ku`+w_DI$t_P-d}Q)cz1J_YA`v}u5d1Z>?~p`ZW!^2_NkP;vpcNT ze93LA)Ry*SU5)kh;r@N1RnGuUC5`i%gk&VG33sF6iGWCky}^PtMIyl$Il8#rQ>3dq z8zB#BI3u?YJP{UYeU?VrbI)S%3ZO&f$) zAY|05oulk9+DH)E6{HtTJmI2vWnirQb5(ghmE4f6&v^OdM+P@cy& z(|2@|!ETPHjs=hUGHTU3#3G||(7D58+2A%j#BSW8y27SnZDv}Gc+C()p1VQwxt*A+ zEaj5Ds7OQ4RYDJw@N>aj>MhRo4)+Q~BRf+NRfnf~d=tePuj0x4Oo?cpgCkDv4)uM| znfRw0PawJeuC+rhP=`+m_*GyFp4Fuv0VIA@Fy}!BO`ZwP&PybRS!fN@u1#B9__(2zGt2&OVAgZ_Al8kI;>4r z*41MS}!k;+dyOr%0NJp|S1G+i2=0M9Ej zV0eGcQRxHfju}@D)&3i#9n8Hd32>w@^MpLz`rZC(@N{bc<}|u5?CT1(i@BvVN6E^YK%AeJc(B~$S!qvn3Tbwvlhh3SK>zm6EFH!i?Xiw z6W%z$xhypy(Te7e>ofQzMP~kPm+57T15`*O^VF%`R1SR84@WVsWP#I09qN)z@3W2e zHa%LB&KmAE{eb1w((W^Mys>1YuS_qz>?vXSY;NWTWH@rGlp-B>AAw?kCfJ=VuY+L1amAQ;=r;#PnC12?h)`x6&+jZ4B zQXX8v4&Ar_cwkf(5IXx%YFzk+`RMZoTkWIqAUgP7#Vq6lK1G=G5tXa%`wn=!6$8AD z!sPe>|7hWl-g{9Wt>;aOJ0#f;zy|~b|5!Umco*R|6IpYX0zc^0;lB`vZPbC8x!D<_ z6eD2}NRA#5)SJWgNO`vFq7(M(I3{IoiNyE4)y)8_*M0I`M3^M4_{gj0^4oxLv*C0%P z?abIE5)Asd>U34iwg~b{4DbQG|4ab9hmo~{zEiv}_aVKSiD}~|Jpm3X&^^+>BX6~l z5O47*gJx*Tww=oYGYUT8p^BLA^D(P;ReDue|Jtp(ynorPnqxHqiY?J7Ccw#Gq>$_; zph%KjY=;-*+tAyXqzq z);sD>smVTtUk{=}X+k2&r0-gUCA0MUr+uE|i5rCz zVeVFw!Kx)ewHaeC5urL#7`9ujTdul>rsiRuM2{S(D!nbR=`s=hfViz3O6){58G~W{ zWmQIRmen`1fp=OBn{BUa7Eq?UxGW&PtfLVnN#0eEC22ydIj}3Xz+42hS<@KJ9>i!k zPSpRhSqZL*WB##OoqN&mO^QUTZfBOw(KmY+={Mp zMM;m{KC;#8+C=j1PUx}TJW-e4EJ4ugpn_Q-g8&mg>NR(8Z9vF6K^hr7JjOGN{FWOR zO8=YDSG%Y|u+uAKqydeOt2La6Oyy3GkW6oZ(Ze~!+NIuqjMCtt{Ix2Bb351&u7BAK z=H8VW@t|Ig?lqH{SZhjVG10o&le<+h&tOykG`Y&Z3Ykv`qqRYA0(pW+L81?{CpVqL zj2cz5*f|Qo;?EzG6bj$;zFeXB_h0f`O7_fGt^b;TvcJ(}Qj{2<7&jVYzj{E6>aB$| z^t=6ET>@p_0DLhs-seW9p3R%!St^}CU^~Ompq|2pO+O0_0Sy^}5asqK`_19`SP&bK z%$P)4QET{{%z%g|%;GHy-k_BGQY7c>KgeJtL34v;d!G3?bW6&Xwz2_^hTBDU#@*v1 zD(E_dgvYWhB}0g*$EL`~RiBZI1p+eQOEv<(U?b zCF2Fq{PAw>KpXz6kzl`+S4&4>)$XkN{E3rOCov9H(UTAJmw} z6KIbx82u60!^Qs!?7v-Gu`coda&6mLIU2=&B@EZv0<{ zt(8aM*VI`eJ`ymo=DW?nbSIqHQRxwibx{helUtS48hip~FZAeV(nu0*j?bXui&RL{ zY51gXhUM=^*$>9uzu2d-YP};~VoX_gC(rkde7VqUsm3+V`~%s;WR8Bve4jO-sQOaW zGZ{kPq9s8t%6I9@WpY^7EWA9KRy>R_G~SMWDC_d+ZHt;o0>v$j!hPHWA+>01>F`zw zfv(s|QWBdX_JD51uO))w@S)=#-H8|fX43Eq-Kn6N79^eVd&Y~w5d?ETNvR;Q17sf_ zS zj{MiSCgpCoIh57J@q3&@5#VJkMEeH z6||aeA1v`%=OGzFgD4Qy;@GM<1WGv=N@Hc|Lq$<*!ahaIB4QZwG4M*1Ck^sG^KGED zm4sT&2zFKrgh-#ZiBMd99><(k=U@Kl^{XoSiQxMa$#aHpui6_yowbA7{&!(}ArWu) zw$z(^BvEM^8jAQ@LZ8U+7j=2$1e!-_GRv0!?wekKVMResp6HO4s8n84gg#~q*_bM3X#q;E8oT>ZgToMEesTiX z6k`Tqp!e1Lh+Zrsps2 zDQuK^=45a{SY3g3yv1+Td&DBTxlEKwORf0mIwi2X1{MAS45?5~)zD;ln(ObPiCi`+ zp}Pp`I|b6@3LI*on!r^n(Zt6}Y4VO$CGyXlrG2NsS6?U+AHCNTr79FEbWGDF8sh4YBdo=V7j?b0~jSeh^yT#UkSLy?_ekc&jDcHhzPtX3M6ssRe+TUy1Qaq zxX||C{mQU5EG|UgZsOn+y2~51cGX0%Q1ilO$+kxLVH8GSO9*56+&*W9+~b3*nhr26 zy)_#GWhjcWd|s0~L+$giq(lVmho)}YG#EOPnEKKiYU`BbdqLSbPw3=D>g=#GIe~O$ ze%O97#a$h|JF#@)^5XTC>kJ_~G6?FSIg_`B5z)z^Jv6nlE){MQ=3^C!LXc~c_X8t) z{;tjZ$H)CLB1`QdF!7gYKJYw?=xq4(b`jLAesMXXYIL^zw&C0l+Kf@~+RWi(=PXy^ zQ|?Iq#eO$8G_r76K`j1aYKvOGC!LV*hcR8c^&qv%G(oE*i5 ze=j;#djbbOe<7x=tRn%u0Z@$#6vBOLrO58}0%r=Nw&n?wL7GXD7r`1}vF3@8`8}%B z$YE`oKJzjZ6-fE3*dhfdjHebJLSWUYNrgkm`_Ff1B#{d2d;4!rwFmq zdc_ai-?UL8Z6oKDlSfS8RBAn3EejUFzj|AnlIm9_Sw(2L!HdK-9{5Y&KLIR*tXpC2 zE1EXSM*T1L5^!5JYHKtRg*rp_Y=nI1r{$GDScTqvpF!@yPNG9W?rEh6aZWn>L*na$ z055RIM%~`y^qIb|W~RQcAW!CVE(q!%Pn*;?Reb9eUx#UU-+$N>5-k9gAOSy@kE#U>$JwI(Gi60i?2M6!RvA!8#;> z&FU;tnP zSOBH~IW^)!V3onN=r=Jj615w!N?ao66f3jp>TOL~{~^P7c}&jA(ld0K1q%ewl6 z=x=trVGy_xkFh!?x2OHWjJ|Y8{FEs;ZeP)1w6?o?@v@6v@Fz5h%3A z15`}!I%x??>!K~R`Eso}1+j~|Tr35B5n3@$YaluASVJt4T%k!vk8zH|iQxb(K#;v38hZ~X#U9Di^zS6z&JT=i{(OLfL|BisPEZSMcD^=$)j zD;om1g@=N;0dFU)n~wOGnAu;TcMJtDi0u#{Xucgk0)0EgVWwOVm~$?1PFgP%gf@LU zSkrLxFI(GO5vDkEY%#Q1?<#&a1to1i9`BDmoaAaJQP(Jbus4wI1s&Zz;y*)B#vFAz z)z7o!WZKH*Tc8j$tUg!-;x9hvkos&4pcl}Aa`qX$WE_<`!~c?tY8Xo;4Ehq|$p{Y< z1uMVmAZOl^(n4y?mL52D%lKs}b&H#t;aeGFr8a_)FIoVKKbojeqq+k8LGKmxZ{^<* zmLiVMJUSWutPlKIfh>pMR;2bD*-5c9gf3Ri1i8PRM~h?Uu=Q|ooh{MTBtn2YNW#@R zY}imH(hs?mEyxcEKjc^3Jjc~{gi5>QEL|6E#!=TQzbBqIyr~LlP#>sA-tTOj4=z+z zuNa86*(1g~?#pMr7H|=}>QK-E%teKtWB72Z7>1*FU4StP zmJx@utwpm$S3hwvB&OufPL7Vq&cP5hlHGT7=d;sv(Z-o&DcRTx|+aXDX6 z8&Cjm_L;#)U{U~5^V7~^VqLaJpodYywId}q_lg1|RMF4?3#Ksb4zzQ*N^OFsWu-bf zwyIGddw6-sfF)Z@(OC^Df9E!DZWN++tTp#)Q2a4&IJjG{5L8IxMop=8Zb=qDYS=dRgkonsrGSS8O zS|ORVD8fR0@!8Wwy^V48Zb?<6-LqY<-#4!Ww4jpIlrF6D)v}~GQ z)6_9r78(*wf9ehpU+sTLby?&f+ei}+X+2eXyUUW|Mc?Oo-^pQi}S`WQ2BAR zP^gmsbh%X{e-My_EM;XgEo{)|pmu-EgZ{Y`#fTgE0-hZA1Lfvzd9w_B;igsZ>pwe{c0C3T$L z-eY@^N=kxIpCV}dhG|^_Q+Z#mr(M@Zco?*O2YPKPKV||X53tn}#0g20Z-g1q?oqRZ zNag0i!Aa}A!B2GAs)C>fFwGk;H~nHu4paB{nlaAw5RIH^J6#dUT`}cgjx`W(q0b;2-wgZ z`W1;tT{er<3^9PY-C2_yt^KEk870UY;OX)Q`2E%HB*|Ec@Or&7mfZq>-9#KO7` z=z35J+`K~np`N;j?&W&2NMAYc0)k(=xE`A+Ek~wEt*75L=d0+OJkvL#a4v(f< zrq*SS#;-m);tsRs`3ImPjqEoHm$^tOxnGe#)?Lf6QJ0a~K~Q?7cZv8$67*Y?kJ1*1 zn)UomP)#iVU!wt>RMK7Nbe8gKOceIr*81YrzPHh!s33Y^NcI&J#w0DlalS91Jg+U2 z{u<>L8SLP6rnEilCpflAPqUL0dnz!;KrTC$EreuCvNDCLkaKMi`39ALyh?`qhR65= zqnc=j5r=d)ed?8h%>oY)(7AT3kA1R`f;BlNBN0uYy34?61b>J5BXI*7!Q)KR<=vZ` zpf!1j3E^FRm6UE=gSLm1#Xa!HhrE`4F-l8D!M7QHw)&1qS+gK7*FJQIG1O?bFwV9Kz{{V+tBK-7Y$4j7@V^qT%*nqKFSAJhplAMqwY%iuveadkmP$1` zH4CgSfA-1nh0Mf7DTXznj49bg_5kjJfi7I5$3GnjUy5mJegw_Xn{#EtdWLH-ELAyD zqGQfqU|;R2SuD4kZ!mgNFlgKC=c@dLc#o2QT%B<3vla&-vKzQB zN;K4}S*4Wz8Wp6DxG_Gl@l(ut25Ja#I-5;SC)Pf>hxw9eOvS0h8`VsEagG>MBgKPDkNXtfsgt7zRSn!lcdcA8OSJMWHHsS>;}J#_lJc=KXxUfNG(NU zq#2E*l=o0t2}VY5Z9MaH!CmyH8@{utpdj$kZwV;EGI1OX2O6p-^USy0fh$ZWCz;n}=CWXGsOZ#(tR zY4N*LFOZ6x)em57>)>qrUT~vM07-F}trB0HEermq_Tc<#y(Wp00-l-+0#S0UN>SfL z0Bz{Zh}Q9K2L5Gp%GmklvUmIoPXFV;`#RE;e>Io!`CKbM;?=a(BUPvSpvOD@`O~G= zWH0RJP-LQbs&y9A7421muDCFF%x)FncVor6^jmbbr;87BDJ;~Qi5%>x3qblujGBa8 zd=QRVUXXX|8{8i@+U69Wc~ZFKI`7~;9JlPL+`IVN?R=c(Q6)GHA3_lUc7V%O1bx~3 z8!%6H@$hB!HFyw0;^l$k8qLf!5a;6SO}--nSxnCue| zm3+0o5<_P>b|+B_;&vtJLIcSPq4T2ziyxBA&X}r%Oa^Zz+q3+thYHe6hTKfn*h{Vq{0}lyi6IC9!kS||P9C@c zP0@j|tg%!g2)xmu70O=->xG+IPyV4kGOa^|iX0lxHW^g;|WB@~< z_;GI`+yO){;ueLIv~POaE=9#`69~ufSEy=gdVE9GC@e!&`g?|+qLJBko#F6)f%1b; zxR&CpyDOs}RjwU)5P^1C&lP2Th(=aGL%>+{#=9gEF^lH(4_tZR9LR@5AV|0r!Y{rX zlQthcEdW*}Mz?(xHs|5}#iwx{dy|AVpp5TwbBGqg)$4WoYn4Voj79yun(r$TlOr>d zp~YR641|_9I3B%>Z$8AFZ~o~ph-Cix;I!NwXYdSAQBmOj8zqSTLvAnpi4u@dzuKzA zi9E4{KGmhfW?fTYT+7CYV!?<>q+&}wI><%hKY3FA!F^hYX-TFB zTOie;A=as}Z9F($*a?WmDLIT`XW*hfNiy|FoK4NSsSFBMN;XYy1FN8uLL(N(Bw1$x z4m~?I@C4JC;4G_Ywi30U?_w!; z`&Yk&)BLMntbcN)IxO&Yviwu_eEJ_0Oy?@^QQrTNDR_5&{DbuDLjJ#zp68~&ke+_W zC1JJSxwfOEuk=0wk$K{-b2d;9;$L?pX7{<3d%A}xPsYOkY?vnGY-bIoNZxYZEZw5U z&%`}!g2moqfw97XQNm4X>di6?L2DpksfJ-&gUb%-Wb~AUl?R&K7+JjC5%dSb+ZM5) zot-bq->HJK58K~JkFdCj563MdvHwm{B2J%^ja40oH#6;;0U^nxwlITlzZ zibUsj=hvJ$hIo3W`r^Ipc1mm0&kozqA#s_t>i$^PdHIJ_5=JFX-x$vvTqJP9dlv*@ zEam3h&x`KpZDJc}$jQU$sNR!+b1h@{Ux>5fIS1c8ji9iwKU@`xt^X$`oX?8>Z26G2 zhkO4osAn4p^^hetVA|+y{E;#*d+rk`JP++Pyly6p4^q)9=xTT<0C|Y9k{P;xW1q zH{or}Ep07jZLQy-!_j;iDGPKA!@kinZ?SDR#&SdnB|B24%H4ke1DzrEn65FvoAVE4 zv!FV6?l>eE0Ay`qLFd3#JBOGreR45b@uV*4M%+}4i_o}K*v>40ebValfxh0@E|lS9 z6@^*yybKqACzM!8<*iBZ(_Oxie6=(p4x&k(IH~k`5)V|={xA$nAgp)0Pb(ZW5-HR^ zr9Uk1HBi`-=#Xd}?up73=Sm2>hWwQEvu%yO>Yn-cVs5e+?d=sR!eK)QSr)PI#<5Vm zL`sVM*^4SD`&(gNxP)V6CmE>AA8M#yJ%YtvohEdT)@opJy|-7{U{38J4F(SsE+pqK zV2H${e4$RXbn0p4`1g61J_as{jpa@&TL_2a;hG|;q3ih+n29kXrMjf*v%8G}h5ky7 zDeKn@cbM3S0s%x?-TjZ)uNv|voX%G;P|{?H3$F`tf^kyZ6h5ZYd<{3n`Rbi)JSs|1 z3>ofum^G&g0?Fvi#w6YuXfL6FcvXRZh#M}&8kK@CdGVnut_QDbqWx5o58u=X>kY@Cmy)0|N{ro%UyD#=dKPl!k$a7Ox-xTU%IhxU_>}$vf4ij%=2F3K6KZSqx@qTR&7|ASD%M6)p{we3C1x315EKx-448mycqxP6`~$g+YH+`1yqW42I?g)_k~>^kpl z^#RU_&qQYlK`oy|C#?fcVBGbrPEB(Bi};~Xm8jhP1nbRYov2lrOO~{?(}_}r~%3BfxhbBX?}?;1Vw%V=^3>;}wkP!39dSC8#82H%8Q$+-*| zKTmWgv%DyE&vse(EYVESoZy+!?RD4iIk>nly)^K|yI+RZY4Xq3C8(S1rF|}^m3<;En#GQ)#Ysd~dyEO$;o^686umGipJ18+=5RuX0Gu%bP(2{V# z@}FL*)Y6){n>tQ%%CQCGN-p+jWs)EiaVbGiK!>gw6QFLUGpXCEL-+qqVobt~ z9UM=1qGl8m+*clj$-bhVQ|A}j_x$|P%Z6LM4!Nu_2(3?f>NfhsjnaZsPU&=0`Qv)7 zi+&uYt;uae)j0a4*CTY72*vFvb6k-E>;Wxio#2I9`Eb2@(>UNP8O^iHkEV8YSEz7w z``zA98$jaz@&bBSopScDq;%}~%jX*va$r~JpG(9F53k?tc6b}YZ@s_kyusXa8nYF9 z8M9EyVl)Ja3X$}v zG*lzo-v33|J4Z+QZ|lCXRk3Z`w(WH6bUJp@ancn#9d~Towr$%+hket(we~sdoPGDb ze^ia}R@JDgS7XfQc|LP~)t$Mo{d>l&=6ck2XDd>in7uGoUG5XLD=qHtZKtAwpF3jC zr9CRWYz*#1sM`(4zPYV^Kh!v?zE#APA#Ij?CM583{qaM8VN-@07xjT4_`w}{ag(Q6 zl|G4D^8Hd#{ge}!z>Cse+;Sg_wBGLx$QnF)D#_jddL=R6h8&l9{bbV#tV|sBk9!xw zwJXRk?NG1zV3i=tUSr+5V^F7UUDZoK@CrZb+O1|A_=bwB#j)A%lPEi_R51CAox64g9x_hsBwBiq z681$!Rq3MEV3zi1=IW%rerZl`GTwt+OxxrBT8S`T38yY&^gu!P!UYb;<*=|0q3sNw zy*S~=%k{CabzhWIc53%nW?)Hqiu!=)Tlzixq&+7`q13w2H78?J!bulvc;O1Osw1F^ zXS8c;Lj{A!pXs*h^7=TQ5@Zht1OWgE5_!%6f&hZ;4$pjPlZk~gs81S6?uJARB^*h< z_ug0nYO+5!K_Y2KBA>f?duD_h-=+t3#;Fa3mMKKtLO~_tI+I6hTUe~53&breFl$Ju z5H9Jp8`Un453y@W2A59Ub|H~4HFspWOM*Q{>Z?;*8v!ePW*Fb5r? zlg#UoqG}V+pQwvWk2(BR#8g%vo{(*n7bR8ICU7LNQ&Yh*QFoh_VhJRbreaX%8+%E! z5~3iy85~MlQ9{5Bd5LJ+!Ztg_R|wU)FAc;DdGjC@IF1A!463IvN{Gzqc^ZMMiHh*+ zlrkKW4@O){x_rqt*Xd+)AU!m$1lWr4gC)^=Sjy>(sxU@a31Nh+)yOYd4irQ5y1M!UQ!nA-YAcu^q z;D^!Hpw8fjP~!~QooCB1AR7$>AjbxBkr3N+ygSE zj1wbou3vu>r`lV0aB*#LF64Yo$={)JzadHK=(?5Uc*p32TKNgoHM(Pa?2);7nzU$LIF()+?4n};&W_P z|0oMDDGLRr!G9$PL-_9hBnXu6nwN5|rA4T)|AF!KrrNlK{Fo>Dk10!--=mO=p7jFQ zm`;S$sz_||noczC?qeX{a^KxM(GE$fYs><;2J7y?UspV<_*{_AcbeH6Up9QVaFM+G zEc12(1STz?GkAHPdH4V6tm(}Ps;ue?6#viW=U5f1p-o-m(N9caQ9&Hs@k9Z%UXK!eQN9{bzo#6?;PmtYoDns^otk zxKzW}xBrVcQdxKqGwOY1yem65bWnicf&y_Tih3#IjmI$l%CMoxgOf|92eiZ--AJDH z!t3I*9^>Tvs^=n;T|&)k^tW)}Xlsb*IK`adIu(V_o}6vC}PBZa`= ze@6;?kN;Psu=zhm3dWKDjub*aBLxfnpRW(^U@^KG4<8adOk;|8)}Npsq13UnWehd) z5e&iW=5l8H^Pd&(r^m)``-bg)uNv9w`|~3;cF8_-bt`w|Zd?~DgHfw37K zB{jkhgf?H86+>Z>*$jMao8msNN@Ookk91x6IRRmCN+$ zUg*HZuR9?^Sv7P4Gh(g(BO=zTQ^L&M;^}ygeM&fMM>*ed-9I`M(rRh4yb{uT?TR4F zWL4~@{9+A|!A>yXB*#OR6?!wGs)&lK=9CoNCfiP!K_@53o(A%$Y^Ty=okzwgf$E%m zU{yO{8||{3>}(Mwl2u#!&mx&FyTAgLz5WrhFtRv)G)a zzVzTry8gm&xsJifoM<}%_ojMz>5lfT{`Gx$%~Anz_qO*?E->4(puPI}IxKhk+1N$E zEB6>0^*t8*L7pNd75;{?A|6@E6<;OXThkv-~Gij znkrgK)PVf>ZWtwZN=$S5NJTbMFeWteB1KpU<#lu0?#ltqJ z&(wF`cji&3RbrYUUd^Ui0uCQZEqPK0>ym6zD#K71SJ&gGNdegvPYg+x5`Z-8Cr1BW zK|k;akG0VCru}UbNT!yw7)llq>C_*Wf$F%=xh*XYOqT#k066);QKYhkP{>K8zX(eE zQA8=s(swNOXL>x5;paK-|2oeGYg@*!690CZR2!k?5{`pJB%81qNfPei~JL-6d zu!*T(5i&fr3{j3?V(vDDht@Ayoea3dhUn1l8{k23)7lQ(f7X)d z4P0{HZN5Zp7o1hc#v*GLYmfH${_K&d=djPZ&(eQJBiesf8|cxIh<)QFHdxPS@N)|< zz@&6`)!$@?jZ}3%5r__;VN@nnl}}(NqG@H;3l#{9Mv^QBDmy+a-&7c}#`_uUwP@Wl-NpIy6*ioKYrrpb+RujDd#}UHB zfn6Sbn$EU<7875IY3YfhHupxkT1L7Az&|8hfXB)PCZW(ep}S)Q}a4 zp97a215j&B)6Ar*_p~|WgQH;xj=q(n^L`}M;gL$wkdR90i0o_2Mh@4In1&D6%na8I zOH1w#(*Sr#oxWs?@260%0QQe(KnAgL$V7*lqcDB|oPEX4sVT(Isp)_OpI0W|-z$@k z6PFM3AcDm0^Q000_&!gnn|#7Kj9dOA5gTs=Gr5UWe{|VE^cI{i8JO7TduXI?i5UIS zpLYhq-#eqm^w6emR&fivbCL3@8%oFb(E5#mg*?1Up`_qLRKSqmigge@vW9PlLH|LJ z(hkaP$xK9yVhy4AAdT7SkvuQ0r~e7Ot@3_eWf`rmS(pZnJG8yt;if zPIfoy#Rg4@n#}Db=pzCf&n+YhHDzL0X8e*kdtVszD2l9$$|Oix;WNCRV>q-UQVsk% zGwAyl`JNIV8&!s48^7Rhv`p}E_*C!cf}yu&?14pIDJKAq+IM7?A$QHS&jozkLlLuu ziFTB(xWDHOw=ufs(@?3NZ=T6AJste?PCh>kyZ>~tTDFqZ#`sG|Yd$xWn9jNwqAAvr zq-FQ_yy&lVE#M$4+J}a~pUw5%9^}0mw)A~YzeqmM?X0PfMjfrclq?9|cy(#_#qN8? z%d9HZycUcxZ4&uB&yvnBj=aBXX{!!^OYjvKj5*nYvo{zk@#b`ey<~Q}<~1tRHnhw4=E!=S z`6yH6=jP?)=Cmkq7H8K5?dK=adWH?69jK1nn#{_d0ELoKMcRw_e~`Qm}6eX!t2RU-}e>)a=*L$WkWljBajHDi9bG-+{+2 z<$(lJt3ON2HnA!B=^xhqfX&7hzpnyM)_PH`Ep@|l(WE_?Oy$*;-F^r*Z2y!Sa?*%F zJs@IAx&9nwUP*c~S%>hx#k6{DcqXby@IaZ-z}cX~9G}%fD7dRpF4~C*n^RZ%HTVK? zq-e88s&Dbf{%p-N#bI^RXx4Ha(iuMU5;<6|~h*M-wS3Wbv|fkf$F$CGbUmWI`xC zIcC7hw91gm`vfRDbF_7ywH92Te@lM-Ts|N)2zEht=VI9-aXipNS(8Bk0uZxLFW2=N z+4W%)_AxmT+@FGJTdvNmUu*|qOm2WXM}w9Q72iQ$gXTv7jZHocEfq@)_P2seq0*7p za;mb524W(ZH3lR#&=9#9oF>-(=68$POQ?L+vAExHEJ219WH=3gA!Hyf#^+nj7M?ye zCR`&b(P3{X1J09|Dt+W<)zJac@gn=_eQ=b~!*zP$@M8M!Ef;s7)Aefu2kMsdNoeNv(<)i7l1r$CLlIqN62DrcI%#EU0m%NvsW*jKpLxr?B9qgS5qKYDzqr zDY4KdJug7b#=>q7bcz}o$l9P&t1x66EE-LMh9{fJT$5Eq(tNgzsQ~l5k*B$Zh`7C= zx^4QIv|OKyMNF%4$Zqo8+hSusG_BC4dSizNLc6HE{Znf!7xIM5F+OJj$LP?pPA2kq zMYD3d_v5d^y1#HL8HomWcU7v{`ZCjlFQtIp3II~e4#UP@mas|an|sk?ufm#r*7zM) z`r+;t;|}1>j-T{2M>{H69xNmZHfH#WsE!19xeLI(ax*uIgDO`A_y{r{nG}zIpC2}N z#d2@+zWjO4_o`^|{*dU^_|vtlq=F)a-rK`8Y07;Fz<-0bx*kZFk5Oj9dRwY z*>!`x@LJ+dT=;SeLFT$T#g~3aE@b4%KX#Z8-SW&5{jF(l*<;x|gqE~`tGF|pfnvYn zFbs%MOefhWpnGPKs_#T8QXk(-)Y~zjqwl=Ud&_>yj-us+WFK9m62SCpg|C=Z*_>b0 zT-_;@B`OwuQL}kP;hDT9oLKyTyE;^xT zRdDZ-ww;h~R~D9q>~n!&veHCswp`f~7BU+$92L(pFbi=OiOuoI;#p^za087H8kMz7 z)R3ciGgx;Tic+4V_;En11jA6w=DUS#yn5`S( zc=Z*H>W@%4v@97?GI0n-y04PkUz)f8%%osUxsni_A6T0hWnK_F6OcRR*gnd_{@6Zk zEZl^0@f7P62+>3FIXy2)fYYiGAfdJAe3li z>cff>+4VJV664nyjn&ueBpWW2RaY7Dl~Ccj#Zm}Yytr1p#+0Z<4mx`BWR&%@TTxuy zj$KgAY|Ly_ifEt{w{e?m5@eKhvTIRXuN~r7pA|g>Wf(cKlvFRL*3-_52PyB2+|&Ua z7E<46`QT!xX_Srl(g-vX<56)O&l?5Gj_p#ULOj(|q%bhY^TPFd`Dsr!4zHxpbfeqz za5)53Ze<%>N$RjGOtxI{8DF8U8OVfZL}siV+!lBxjtCqG9S3J} z^Aeg$9n^BR_v5a@w%J(*Y`_E2DtJIgkwz7R&?-1d_#z^ZT5j>76jc13K98J#T8euE zK?L%sGR=)YsVT7!ZfGTFI*kak80$TiD7N34A?x~+q5LO2Y$ zS6wm6S0&uEs-X}Vc5f0-Pt4xp0#N`?SSn=ulEWRsfwA5cv9Aau?no4(cERgmfw6pc zaD8e3XR<>B*uzR!O{Bofw@s4cXg#UvsBAnDuE0wPREUjqu#F>_R%dE}3)!(EI>d&f z8p|~@8oqtSiS4?6}No(l#Jn?nLT zVOdCTRc*xgfx}qRC~;K~aagLv z=bpg~0wO>64BHS9`-%*EDo30-+K68TC2~k%$9n(}MTWbzUdavS#6tq+q$471AR6i4 zo`?(T=?voe#&FaAzx9iRee4@cGuqSq!aQP+MTS{JP_H}%@;Lu#6a5~WeB*sIXu}sY zsEI5yc2<8hp;#M&7AtZiQ_xA|V@pOBUV<{Vy6Nj9Sq>SxBVteZ(fMsT(dfZqV&IHu zPGX?vfFsTt#_=C~aEWJA$qqg@WGs4gT=^4vB?j=b=v0=(DmZ@=(Nr+y+caSEaX+{@ z3`Jim+eWGN2kNA95AmW&xa_)e4B{!T1!?C2)lSa8nVPm8d*9JnBz?s-WWHUL^^ zvxO`E@GBo`=(urY9fJ2ce%$rpl;&`H&P19Pkqf>h=bxhDt`>Ph>ptDSZkr@7g3%c4 zI{e&Jr78)m{W1zT?HZHKME`-000m&me30WW2jlGHoMZFSi|}I!#U>7!O{eb>@PyMX z@Bj%+2~M?dTH?t{c6S3DHE6M`FwKU`u);b9q4Y(SS^-fjEPU5vHd$C!5qZ zeV$~4ixcbb4{N*HwG*ZJAVQTxx0RWrZIo9xH^RO;77Wyuvt{p>yJ|=Ajykg>r5a@A^RkWqlsJt=9;FouB}=vVYcTjz)l`|&MY8Xc{c1y{6>i$t zGf{b7ty`xJ-a$x+>>b~WbS)aZUD`J0di<-W>gLowRs=A&+BOWj{JeZbz258Q66zA_ zE_GsDVw7T_H>#xF8)6vY%4v?Yj2vf2|k$hQT;gcnQPAZg*+6# zH9iZw_Ab)iBBt-y_ixP+JG>hg?UgiLgaPC&xvG`D=+VIuW*QH*GYE7;`-J$CMAl>PR zWKj`uBz&0hr6B=W(4+w+bw-*i7k0idgEC zY7gh=Z6eueultdsG9~8G&7Du^H)x+a3zM!P{feWmtWS2{9qV&S;KOeFeK@+D2rq%F z)Eh)Cn>Cmvn1YZ3lgHnAjo`c97q-ieygPziN ziW&2h`=%j(UTzm+rK}#)o&@TBrp6YFulw~=f7r{P>TZ^Q%O@t2+7+&LZ)E&=Cy7LK zxU0%$ExQ-^t8!F8MM%MCXn(+d#8#E=_zRUxlUGsd8a>!71T=IN^>d*|aQ`W7Wh9!g z8W_gwbU4n|rE4d^i-~8!LLMzG_(8l2(+R^Oz)J4dAbxfDC}je1#|3p@k*N56f^FS_ zELn;3M#Do`)*xas!6R~*p&0j8v+=n=c>@N!&eF{|2^QNZ9`Q?b(h58t|4L&_Jy zTNj_}B~q)a46g(Q_Q-jfDV})pGgsT@AMMa^ig7?DqPcR8^j;#Q7WhV6v@9`1FxDaP zkus7gNd8QW9Rvgj!CYw8E#fV_N_SBE^EIieFk=om4M{L5#bm%9Y;H4o3vXVlqJovK!`M1ZO_Qbzto@<= z=8x|@_N9az$M~}QX4DxPE=lQp{e6Xj9R5kzN1IOp4!exsgQa9Tx@`bAN=rLg(s{X> zmPs>veE0j5#tEBm5K$jS`T@PHjB{|SSKx{2taMY~IF?R+flU68gq*mBoQu1&0^JU< zLWz@szo85+(jz5j<=ST!?omU9D^Gs9*1(P*BXNb2AKtm;uM}#{!4uy!U$O$zv|X3blz)?%QT;oeVkQIDC%6xK8t#^0y6S zH5G&{KfN3XEi28_q zuxX@lXkUKAcu2YOJSarXv z!bd7;Sb!OG^vrM1S9 z^y}@~PXCp`3Uy`+Yd}4dUB@BuoogU?<_txgR5)W;hVF5^RX-tLOlF;+^{R9iz{q?b z&u=!)IL7W0?9?(3q>O%ThXn;AI52@qbeb+zQBJ^Rx!SnaHcFBTIiXA|SgL2C*Eju^ zh#hw~DaNI)CX=(y;=FlODLw%{FL0Sre=+i+IbN)pvTaUmd({nb77hty@cR_dE)~R7 z$q+jT6yM!ej23q3`@`J| zdCl^8W!p{4=E(jsT+|KUDui04H5>>443BKNp|0F~_Gc}a@DTx3HG_CR-fy9Mi9SGE zlolkbZuBx-Jx)S97Wx;Z&att{w9&*W@P7)1iC zDO6Z89Pl*<&%xbYAvNi*i%8;3N%2w<4{&S;T8~gNGuWjaC|7~Zw`S$3Y!LU zN@6zPUtO~BS(Jq!UG+xCbG7F^pos6x?RGAKZ;PJLv*VE(Nt>oQ!IOwSe5)cr?p}i_ zUA|$dh!A1bG8c&obJyNPMGnGD|4|-JuO3hyUT!C@2`uLZkd{f@!b#C`l8ZTYhM7ii zVZ^Y{8N~(_X?m*X4N{fD@5d!rQMx&BBDXMl4vjPvMGu8ab~3F3fO>|@jU~J=FujBz zy{GahyDa^tcQ16^rd8KwSb$Nx94K{f zQ{}T@x}f#+(I8;SL*U7~D=qhe>F}lg`*87O;H)x?S+nPV6MI&sr5T3>hcqJm_K= zJ2r`L>mCk56@w0{sK@}ptpLr9!DU7WVu$|~R+(g~oRuNNte_{OTmQfA5Ylm^wjL|!0HolGuD-6+kNtsNJXo1;wcBNl(gQ@JN* zDQWr~Z7ttajO7)^ZSY(rbnLNX{37m(tsm%e3Emn(}kP z__ss4SHPocQI#<90Bpdseau>lyuocWg915LR^4K~0jIsL#u7)=Mf&{D>58^dXI!Q3 zgZK_`hdv&bIIS({#*nPdO=}EFg`8le(5It

    tM*qNHs&PR z)o_oh{1V>Cp*AkmuikJ9@)|<*c`-2CKltmb5jqhj>hP_4?$IsTKNZYe3qsa{RqECl z9&CX)g33SX%dUk}k+2s>N)`5#jQ-c_l`qq^rp7~bpJ~ZyrZzkQNCNMh%E-4lj`|pU zVWxW9BWr{5mLUG!={M^o=@y4rrvx8UCw^}XYcB5G6n%1(_VVi(fI3yn8F zsm*+j@ml3uyuUdaNZI_7VO7d|Tta1YW#O>C#1yX~I6yh!col5eDfIicK%%%J;dTF) zVMUckDdJ)BztjdYLXM&pno1YAvR(PAjg;2=$^TLtlRgi2TP4Xl|1CuEZdyA-ekr0d z+Rx0)%E-)co$|`}_Hmo#dk=S6VgaeHEhco4aJO9pd9Tv#Ohg(U+zWL3-RC0nwi4T$ zQhE2b&Cx&uk3J1MH?*JrjNnIBDIe7R@FO$2XtR+@k~wpuJAT_5saToM>T7h8QF!uR z?I3>DouiwW-W?Hd^5~-D@9HR)hoF=`U6vpEGc}+Y!|Z^giXgfl%ZkFm_7T`_@E&S; zh6z{Sc0I<$(70z}dgiZ3mYHeZ_MSm+jCeWyqZm)^GP;O8n1S~;`|Hlxe znW%v+#1ARUU78O4kSg*#jZaLBT`ZIds5nHsESUejr1dn)xVKNW>z#=hF>JLeDy5Tw zKESQ8U>F{s2I(_GnI`zJ2nCc1@Hax~{vRWh6~)MZM<|^CKM{&HL7=bM;jgP++rHTk z3TL#(OA>{LRp*2G$C6X)Iift9bGO{TY|bjff3Z3AF%jwY;&GD}-UyO{T*4y>mNea; z5sG9;Mcka=pSkMIsX@~{HWl6Q<^mh=vD+r!7qJuqqZz}1q%wYyT*`Vx(>^2*JfLRF z$tm)4FF^4*0Z!r8CKpn(N|Qi)+e_A`&mq&qP-E%96t@DyGYA`rSp92Alj)uc>+PfCRHpUtHLDem^S@1wF`M}$(9jut1cdO_FL-uSUeQ^Qf`LZp?9PwRtC8HA8 zA7H=KV!v-12#Jz>_x3KKN!ZnbhCEilR!4VnVP&fTM^V1p8IH+d3R#Yu1eP4NrZ+lI zo;yGb$>?uaTBvR66aZt8YV)2}Ba{Edvzi)pqou+HAFu4KPK$@1y(epZn!>LPeK|H- zP z#9d!K5|_SuD)-he6E89T%dP&;_^q;u4?%co^zC5Lc&W}a(c2PU=<~Yl?BM-)s+5vB z-^~?vs^h0H7YC_9VLl9*59=h`Ll zkFRo8_Yt(YL7ZVkr@8>LDPc2xV*#x?pb3VSXRQxTPC8IW=TxSu&13*=qN%`la*|V? z^)3ltkc^=bx#Y7Ns)30&>JKXRDdlOr+)F%K@SLWhHdp&#MpRJ&*j?vOX{X0N1>n*j zQUAD@BD+;zv*b4n+1o29N~|_noSBe+rCyAJ8xdbi$W?ETHU(1)e*qogq#*64Vez&$ zUy&PVdoC}h{63P$sBx#^_WSh-6y6;@t|KJ)Dnn1EUs=AN@R3*jgNG_%Q3ns=#(Phx z2HLeXFi)LDw;1RUG9wyNL}65~JfO*X0uAm)yt3th|B;PADw1-lNx1PR6DP}xqXzrUh|-dK#- zB5wI}aa2Z2Jw{QNnDsO=0@XVx{{5Ck2HeIKEDlVfnW~$FVhe*EJu=KRiDNy2mrjTc zkkZKZqqg$>SBJNe1$y>r6f`PW0NNOw9V8|i88Ksl9Vzi(MYs9qCe9FWt`VJTQ)paD$ue zkjQ%eUUVspjWYL)yXH3Rz;cw!$-r}}$x+vRJ^{n4da%@Zvc302a!7*_hqrQfktHQ4 z`wH&6mWtN2J4Mk>XIZX??!A7_-aZMlMYb)W+b#rS2#!*81`<1bEv| z=HQVI>^~89tk!vZRRSGcEO)5w_88E}Gs&b!bHrnViD^_&$R!jo0?EJef)B2l#*#yU zh|G=(&zi4*e13#NEEc^fnmCMDdQ~U(?|%_!d#W~JLql~x&yPB%#qJPhP7@0=LhrH4 zCB}|Q8;zg|Ir`BV`L`;w%l|?3%D=B%Lbk=ey$fA^@a;58n;3R5jnu3HPRGv#L3$I^ zozz4DKx&eNAzuE;^=QkLqyx1b_3TrnOJl)u&_!v2RgFccF*qtRoZ<4`=jESSTU^5~I3yZx5I8@-!b6=x|tbu*!W7Kt=aI@K7k5Wvj;A8%0J=ph$T?x*$gh zrh2u3$)l(B=&inKZHjAFq~!FJSBBb>tID8FXhkYpX6Jrq)Z0;njw&dBoI4%-emAup zrO8^LCgD_7dli}S0y$uQVx0NmQ)y?C^-hLsNVX^S*#>=jd2^ha&}=u6G8)iAAC z&tJ1$cAbc441_A}`CivWq|-N7+RlKSjK2$_h5oCJKrhY%7=;TCYFaC6lNs7MeXQl+ zATB&skO^N?#U?2&)HTt+cpv}34%@z+`+=*>_&%`%aSMCuj>>x{L*Ew5k;*LTs>l7G zulhU<<4W21a#fG_^|H_39O+Y~7-;lj&T87f7Ts2kc>D0j8YXvO$?+r@T)1QX;{B=e z;nLivkqW5`M<_0R@U5H*#+kv7_4r%7-Qbgcyh*-KcpT7S_y4fOb9V#MGF7Y0c^U!S zgu)eyz}DieRF6~bh6SWGtu{w>r6;`(H~Z;lkIN=u-)G#TCR?eZ3%&)`yUUpiHzjEB zUco6vrDw}0ZJ#SQ?~b`m>!0^8mPJ&SRF)fcgeQ+}mQ+EX);Iw;b5PP?P~~y-H$3$P zjj^Azper60BelEfU{^^d_|8>XVrxteGIkWGp};|f)Na3r|pIR z--#d0zr+vc>c5DeX~+L6SN~1?Z2ynt>H;2`hvkjeZ=hDq%WqEd;K|ZTKqD9VFE3~! zL_MN-xsS(zzb-ggDXW+l%xL;bp$}JVrrocWFl42wzdm^W|MI~%6#wzT$NtL)55W&T zmS8)$Z2ymLp{2WPc4m$mGgf^1m2)BtRMm z=d)TRxj=qC#Z-L%&uZ1wTh>RcCgrxObj%P#G`E4wp1Cg|*rwvz&6Z!*LYSYrESWG6 zC`3Lsb0xS})}@@~`*rsqm2)`38vg=Km+aN|yDIK*Qj(3RnRIe)dzT}aQW62jCx9Xi=YmO)TB%n^h*~PR zVbU~wnTS6ND8baDfSZ^N+A-jts{w_s-}#>Uc0T4TdogODXt4-Hvh+(B(%+(AJxG@=pt)CwLg3Za`XQkc4eb@m>_GW3l(AOjM;c56 zN*ksMnVUYJn?mXL;Hq0mTsXtA>9cHqkeM^LJT3XiNz_YJuYvw!GqMSpNJbq+HjF2B zLYJkyg7kDehS-I)0m!*LxqpzD6v7Ubu%5SuPXsCsXFQg%^&ofODBcD3IZIjrJRzT} zcGf7%<&*l5MmUtg+E6_OBmQx<*;Q3P7M)u+mU}mK7&a-1nXYWbI7W)R3#Dx9rekZ6 zw=8X+OvZU-uYpxS`O8Ns|Bx>c_hjOl9Pg8-87bVh@Q7DnknBycoz=H-ihP?D-FK%Z zYG0vR4MtE2f_0d6-&RgfItk$Yv6k*}BU7HPzqJkQ9$U1(EiGz*Y$FcT;J^mun-&;(hp`e)}t=7>==`LDPv* zf}eT`xSPxJ7V?Npxr6i93I(A;*JgFU^>%YGh-`J`-b1`PJrXyGpUK8l&Ay$KKCw88 zDYqw-$17tSJ=(%)H=E=9iV}}Dy#0q2ketjiL$5Qz^(EF2bb6M~XT~zifWBwL!pn?a zNYzOR9(Da1uQ@4si>YlvHlc-wkDwxr)D*8v+J`2}5CVKjOo3_9Xxmu(hAEX`~0* zKYb!sM-JNgAE-e0zfpn5@%1%}Wz!>IFxM2g?AZ3i^z=j-GH*0n`e*sF^@TE~-nhcp zs9`i6=|Cz{=ij9BEd?56xi(9cX!kARvvy}nf)QFTg{#3j{1xQr8tXoTtGQh`BTWle8ny5+oxfYEGN=B$V3AzuNJ1R^*S>x zrF<>#+p+h`3|%*b3@7@I)wwy|gQkHRGb$>|f^$cKWcLg8O%BhP80g!v+GXy8|74br z5~+m@soZ^!l=lp47?gNFvDS4R;gL3n*9iSrKs_Xn&)KoBswFj>Z)}{?`bFvLvvwEG z)_Mk_-3!*KhmY^(S>{~8=3I2cCkDXs8|AX|HHgVjH+Yq|rRxvem?nl&11Pf>!&psJ zw{e_ZCd!mb7u(HzjZGPWTgu}9_T`40yD%;?UMd_$tUvuZnhvR^H30$ym{)#2frDQg zrZ*jH7f*^_LqqvXLVN-|d^~4a4=`u2^B!I7%?N4tn)7*0F#Qo-qQm`0O$c6$m-LIkZ{>_Eu62{ovw!NK;W0nnG4;3 zWuoWTiXdWINbMDZp5n`QWlG#alcY3h7F$BV=_Jlk3#@0-(CT23_s~9VN-aeCw>cMC z@@dW;0~t^^$FR{bTrP5y7=DM8crE0KKM%oEwq4kjl}WeW(Tn|gir{=(YK>Ks>VUPZ zQ22J(y2SP`5@5KAgv3SDHLALUtSAN*cb*oc!-WI{eq<%+-^UC zYRX@d5)bY2r{irGa*li8&t5nJr%r*6bLDfDx)(TZ^AmlO94x@;Tda-KAj7BS>{jF<=jl$DQJ zgne@4UKxo&nqBgK8DK(hAUBPj&2v?WNI!d3y&n*^?*@g3#7T5tUDbRI3O#PlfUHPO zT#+XcnDN;m21i=dTw>l8g6ufgKKrpl89634A6yKpqGp`*4R1OsuW)?f!pm4;v&66F z_D^(aE3@Zav6G=zLgn@H9CVD*^?i>-uN269E}=uWXQ)5h52sg9%b9)B?RA^(m9ju? zIc;M)5X%Ag+S<2@ROBylf}*h!e9_B*AWz}MjvpL$-xvIyV5_v>Zx84ILXb_2rvHbrw+xEw-Lr6mYjAf7?(XjH8rMbqWL^6?A~)}pB-Z~Nd>%L#27APwzve86y#$&%#YLg`GcK=)S61pe&yC! zs-DkiR{m{NodKNQ6f7ib#8KpzzGJPCs{TWG75HBw0yjVd+`BJ2MV9!7U zBO}Hjs#;#F@hRZvWc!$}vs*c2>{bNvX#1z1+rXjEMHOuw^sWkNeVrS%iKyf3Y3;GN zLjOB`>2lH8*yDGT*=u}6i)&R}yb21qdfaWR&xMcZ(skd>>d-W9m4}<$6eDQ3=A(c0 zx9TueQ?(%`B*`SApH3;)qZD1`w*JQ3TXp_(2wy*fk!9vH%Q7Mb%~CS?J*b`epT@eujO!7w9_xXb-Sj~ZfhkQ{}Is!Cm*`SV{1 z#WruOU~Zc!iE;`}zQdPl9(->0i6}-vC6xw2=2T4N9?8naLC54Myv`aBviBwtooSZY zMaPJ`Xh;Ux$8N`-dru--{kr4#HvLZ`&a*fKlIKrOiC&^c^EJCryt>c|nB!!+9uFk< zjdA~s=NQc6^28dvHl;$EiG+ijq9-AmjR2gwlW%pUiqFuZhtaHPfaKlTetHt5O*^6p zClT296TeJOnD!e=B{2231 zN89`v5lcHCZ-t8=+Owo_T0WB~eI0NQV2Q!N&+1eQt$>A~hz07-l0fX3D@bq(ZD-I#{KPECV{SWPHw;XC zr$a9I^!yKpz(11@Y)rR~JQ#$Df9_}=WU)}SN*H5WMSYJ75+jZf zgW6V(d2PU9WVr-fES^OGHinjO6H6tCk*qY=Kw2>ZM&t%_VqA4jC9`%&?dRBy=thgLYwF~b^)8eKYyBAO9Qk}0=^UG6 z8BbcY5}=6+fo#2jMzTC44bYtUrU_?M^#H2|UIhf*XK`9$a?yoog4DsQfS|iJ2c-54 za^sOAiG|o~IwiFBelgB3bu#c8r8U=^_SQ}9-Pdz~!M*nvXm&e%WLgqU(OQ53rW8`2 z9ekf2Q4sL%f=5ELD%sRZ{9al!WFSi(vbJUvv|X@CkHX#)5P! zAwmrl*wOG9U4)WNF*>X$niU`LfMPTS>yH?x3}1x*;Q$Fjhqxw8&GG zMy}lh_O!!(_m2t8e_<-v!teM3hXMPs*d@6nInZ@v5^G!o0;oo1K`1@tL}gs|0+~a; z?oOuJEwTE;n3ozLSu=@|*_Dn!x^`g$<>=~`0Xc}zZ#fEHreVkkm->y;lH8~tsj)H! z%+p_@KaQ)hFB`}53Vs%jh>j25h>ye&NR}!FN!<_EBua_wv&D`HtvOcT|Bm5KT*hlx zvJq6OdoJV=h4)Pm|Fg1gQ=HQMbmx(yIs=*W3Ngfs;UHd@1yrDO%aF3je^=2BK6|f) z4V*@T)NY)p%9}__pSl*MJl{?5$+-Ox^=hK%*|;7rGd&Uc%b(lc0r_)g@SMb|ksq2{ zO)8!%2YmblqYM)U#ZKg1->&KTUFi#6P8~F2@9uw?j_&~`bNq+IA^+m%AHHlWSZV_$9k9k3;J;H~B1$%FYX_-|cGq3x!AOhm3$afNPwc0GCrrYF0 zg&!9^0&#is<@D=g199k>?eSBewG~UHI1oN(zLVnw=4xyHQ*tJIO&-D}oBYYu>evA# z=h!W0O5>4$3vH4m!9O@imo}64ZydyCG?C|DI7nlel>#Nx1qNfWcn|sZ`rxh0S^R%2 zutPaZ{as*R47m)0|NpbVKK<*z;dA&LAbfu1gm_B|RGh?4B$qNvYWDD`1j#`5yy;); z`9L|4J^xlq^p`z<_{*Mu)A-At&wu;h*mH;FZ;R^ovIeO`=ewkOL)`o85dD(gq91!j zN~@8#%q97MAn@Zf^P8As#YB(cF7XA#t79u-^&1(_#4^6zkvTgPii`aY)f)c^)w1$G z#r?Cye)w-o><+@cKPG8gMm`X5f&y`K7#t6j(3hbXlxA`H=a+vE)%ulx^qKS}enTpT zfBdPjb4|Ue@LP5o2p;^Foy0-FrWS`$sDGE8ihpEh#LREm3B{_-cPGw>$M-MUxjOV$ zcBYaTm2LYD3juL+sN%yQa79f6~Ug-0^l0~Lk=7HagOQ(=aQ?76@w#Xpa2Y|G(J=(yAoM3fSUoHun4V%#Ce zquJ#1k{pSs^i{S&My{o)t@6)nI*iinG=?8fUcjz%=ZhcMm5J(f8|J=TKJE$QW+vOF zdL-cfxM}rw6ZIOwlrWj)Bia1FS4?hYxV>hJ5))i1SpSQVV z0j7J@d6aKNcN~c_)1(Emw3_U_yd4;C89{tWpAMCqw@3sC+-sS5zCQEP*mQ~d&FB%I z?sGKcBY5?9R&Dp~?;-Fzbo1*69`r;9Il_iA;);OB^%ZN6#V=GYH#rEVFy@>;f~0Dh zW}n4fIp-91O=Kkqj%lUJ9H|HJ>_;^}IL&EHvhU!tJ#@KWC zI{pCnM#o9YR_Xkft)U521ODzC%LKjg9Qu&Y)JEoG)pizcD@ywQ1?cK+cHR@I#>e6t z8H$%Tp*DNL3-u)2K!ly2?RQS-PG4bLsk2WPwUK1=8i?fL`8jFbmWl&uC$Dv8L~NoCn7Nd#q+KO-|?8`Xb8H>%GJ zN~JySb3;s+nqd_*Y0em>^^;@oZ*URv2)m(`3%h~eUEAN)nuAe*p1GqT;T7>nE)@1i zRzb=>)>9{Z-)RwRQ((w_Vq!)Bi#NL66Fy4j6i#2 zuZ1%E0MFPPx{}I|-MZo7f-mZdNIk@UG6}?fA}>EZUfjYSKi+0k5&@6G9;<+N>K503 zN(GICYMS&IiZ!P6m}?6*nDkE*3A_>xgSCj|-i_QHUB>4@i+W%k_477Hf_wGB1~zh* zgLJOiSg*Mr4k;-N_Pk8?&5Q(vTxax%$<=*@l15DPbR?td5=TY)@SxwR{+E#m|*Gb;9k$QyihlDrTDxtJQ9(s#!0-+!aJk(@bOP|GRe5(RcB7{Kwd2DXI13UUMuCpuNQ|V0&fPzJ^=}(B%%f_ab2H*c|W}oOji` zRMi9yA)6NcVtEm2 zfim|=B*EwlJdrtnQ86v?k(oY>jI%U&Vg~kfy9Ki|`U3#9Ac1_CZ;ub`A#?_C zLNLdd|137nC;HIUpSxDv`&_mQh0qIW{e46h!oYrh!0vf(51`uj`inNCoPP=L^MeE^ zhs`{MgQ)DcgI?9|U?!A=S5Sb*1RWi46%;1UU*Pj0C#Z2rY|r30ForE2DcB>ZU7#oE zqXnWhg2jp65U_Q4UJ$c10eXQD<9y#?FOISWyirNMZ^6~a_3W_WRS3PvK|V0X$cWv< zvZunCzbqR{nCv7@P^)D-F#(#)UYGoS*=})jd(I@ni`z*;&&iO|V6`a;N5$ikEoKl* zxAWsXbpiMIDR1O25u76@;)a-|3Xl&JlXihEluF-2Ds$9s#qdn#d&(ICw%~ zM`oILh!Knx_KodV8+AWXlSIwe5K?FSSrF$@;S0-|>dFV3R)O^+9xIELN!<4$BeGHO|J1h@1rB$?sX8*oQ zyS(d+j6CSa+zeu=Xgf%uNIOUu7TSfWS_X4A^;I1P*jD|$ioSCXQXIngSo(0+j!)G$ zCK4_RtOI<37GB}gFnF>qa-)=UY=PC`HdO9%XqN))(` zceCGSrt#FP;yxB`QTd55=MLmzL??QhN(Z7f1Fk$nft+WKLwwI(O&ME{rLa%;~!p_Qfc3nA9 z)P#L2;Padg z?KXgK4nu6@r`3mljIviH{>quzy1#LQe+&l>fJSPdBNCh}5)DWtw}cg}yv?oycZzaA z@3x>-ftfSrKQx{-X2k{&0b|ERrV#GYaN#XD0(%C_VzIzC$U5`)8+3(pjh!k$?M0YUX3)2=642EAuVuxZnknDtAnW_tl~fwvdWGKZJB;T!cS(;g+~wHmIJnx9tm zP|@iVLQ`#>8x?K5mWw*siWtROz+eZZub0flnO-qJ!#S{+%5M6umkfqoUu#FXON7C2**<1;k|l#+kkvnl zgjeZ^gqKL1XDQ$ zVLsagfe-uHv&2M}rOhG+wQz4AR-9SSo&&z8oq!y)lpcDx1Irfze$mLtTG6{mi0TRA zd^5M_gd@I_M zk^}Mcso@azPv?njaZ5oB(`~JbyopWH4fRj4_a|q`p~4jnpb{1hsIR~3TA|vHhs;l^ z+Vmd+5xZD%xzI2I4D@P^9VobqE4D@kr+U@X zO@2VP81ZI6F4}7io9{rM;)7YWk;7Nt#_)o^RI_%)^8taO!diegUY{C-|o>CM^r24V9qm_Pjy*+7OW@VmGV0I-mEJWT$%m28KbXGgpi~14y z+prZqxr=;&((i7BZgO?|Gnv>8zAv zx3Z~h%5CMxU4=aqlzPT#Q9j9XBvZXk6Oz4}rq6<(KB^bIA}988FLmDAR2VnHMwSOv3r z!P1$zlt%U8vsZDrF7E|Cp1<1gvh$-B6#=qK*&XU@&%Q8P_O|tae$nu(6_vBV4TBGf zffud7lXw*A-U!RQDHKlVOt%PJs!)T93d%;=R;;{wsW@x*DJ@7Mv$q*=4E={vBNzRL zQqvvBtN?0gSD=PoIaZf3@__4%Mz5qV#|`{G%4G`bmOKbX`?IEc-?t4M_NW&Nob(1y zrM`&)PFIp!@z}twui2b`yOQgrHUYgjF*L8%8!yL2cWrIdqqaZTs4~K?qD6qH>}INy23nHjpH8YksrrBdUL$pCn+hjg(oErA{z9>Q=bH+fS}R$Jx^e&K z&K&FDmD))GW?kt9m3X1hs^#E8ogZea2g01FdVjdGa)J3{@*|ApMsj9qSk z*=pucfMNPsH&X`2H@eLy4&(EjV=fuB*M4BY#q10sI}yh0X2Gh}A+8y`1=w5R7UNrF zN%-w#woCmgQaUyhAg93`iDR;QM4zAXf$-vZunuuwM#5p=yix#lCasM$AtrcWw49%0 zPM<%caG1w$n(n+)q77NU!5ogmxTjuW%hZwDQm=&{t;>>w;QbQXJIae7 zNAMd-q`>W$a#ReeD+s*TItO!FwJ+fyDedSqr>W;`OR9Wz9C&>k)h*V}Qloe(z2!G- zR&dp#k)F7skgdfa*s+LAA`bOjX`1I597{{KiRkj*gOkrM5o67yY6Xl@Y?6@*3QQpi z3S`2WV44%X4)f+>gY@V1oB7za>0g(=`;gOei`69tht1*ZiMFOE8pkt5ZQbCFUp|D@ z@bI}4cJ8hpxPG>Kqf=nls-Adn-;h5<7c`yYvU&c`9LwsI8ki>LCHF&g)KgjB`J&#B z^}u~YPmTs#4EFowxeD)T5upl;5sNu1b)&Kd<=!?&Z<#dWEUPfGeDjLcmg0b2Hl0gC zG1aL*Wm#dRz_KjsKV@0;^1sWn%wrc1lnKy<-+tDkl&HIaix!P%if`D@RAy|5CaHeJ z=wXupIY&vMrVndfMi`eSTUqfN9jEzgCEitELGnb%K-`f>$P{_NpkWfzA5g){0=u-J zC)I%4UxP2coO2HyeentupkziL&7fr7X8#YOFJ}rhMXr+Z9bvy-(ZFd;B(Mypt=-Yn z(*1kP|JBZs*|_@GY4xqb4CkwUAM%SJ$;^Kw_j4rJVMVmx6A-QH_F%@bTx5L`BlwP{ zhlRhAc)5kN)HaLgqi7N%cm^)0}-pS`m$WO!H+c`NEZE~tEPnq8$ zltZZ^HZ6%1b&c5SoQQhi-!a`W9q&uy2DMJIq^>RMHFZm1so*K}#3A5^f zXPJx?OG;O~T|!Emg83)O1&AG6Kn8vtUvgoa-Lsr)Rt; z_M8Gcb%o5rE|I{t*3G?*TI+mF%*{Qq#S;wuj?bNSVx(dK9==W8UeTfaMb+4}oeeXSnK`DCvD?q$`i9$$c~FSvg0(d%?yf$kCp{V;ZdXFvITOCY>r0<)cX~%9O$s}1i-&ad9eG=&5zLXjYr^= zJd`|g(+^ugVqbJT5rT^;1>1miW`ZAOU$?#vL7A2&`Y4!`hL7!7ClbqoGLUV1pm4(A z?WyxF*Bg%Qs3oW{A!lOBf{(Z&q4r_Ikp~%*cnC$4lLryj1MCNaE%`IQc&)P<^z+_@ z3byrwteX>S_l zMGOT+Y$Smpj!&a&^b?LKcv{sk(%-KhvBYKhqbVNh8 z@(FIDwiZA^Cl@xacsKLMhIluRj!%t%fWVRsjS3yZ-8Hf z3=$RH6k7zeBfA3Ism}CZ&iF+ZvqZv6ah2TjiOym&`cITXHlaH-AUdqG;6qz^fL>$= z(2H~@y%OJuZuO1_cYG*zc;MQ*!jm4{1azQ6IJ$4BMs*0?IJV##x?6sR?x+~JO3958 z^!_>_nSb<{aVzhlIKjvdgQVn{j-=F9Nkq*+EUpS&L{BHHCAqbG!s*1(}o(cglM1gNG$713Bik25<)5n6{Z@xkJx8!rkQ=`f{ggX^AoWwdknA(tC4HEev*wE@LDZ}gl*Rk5SqE;)*#Ug`$#EU!Z3w0B8v{w zD0mkA)r^GdaI%Z}X``M?Gl=;{0Ox8Z`{`|ZSz5dmOTPB-%Q?t+lP>3fmSb!xg{wiwjBcbb{f5c5MmubSeAAsfVT{`H4Hp7!go5=yrRuLz(=P} z(S2r8#y()=u3u8HLNpzAUqt`$V&k*0#NdUgdanG##K(*ISd<}eQN z3x|z=YYyX4cH?zOHP@xPA{Rk+0?ft%!eW`dnJ~2B zrL1G9nzE_RQdJ7s>je8pV3xo8KePPh`*psijQxK^r(Gp5%Weyc871cVfDu1e?WvA@5 z{lynQU1lF4;aGA@{qkxrh{<%L=wa8kUQjy^KLSX!Q^YZ>g8Dw!=d1 zrwPJ-(j#ho5Q*}7!QOT%LTRpu`^i$8*Dk&q{4a($E^GN8A$lZey8M8o>SDtY)OSm^ zKu0(%^V`c!_~Yfebh~YAfB7RsL;od2rM_!%zh5$G9&A*SD`Y#iTpjZOjohEeHqn_s zpK`)}_^}h<=7i5H4{ie2g)^>oA4Rb6caHS~uPa>mfA@wNf+&3g_J*~zy%Os;_Y?ao z=Sk_wHTIq@l@DY#{LV^A1G7@+ce_!`iJiA_BM9Y9{p)qNl-Mq}xs}>p&?L!76N|v8 zR5maw<$aHyEmjpkRcFvm;Vvak8vDk?(m6!8^-0c%1h!e3T2ok+19bS8)Oh zPB`DgIcG8v2m{xiNy#_w7^?6o6yz|tDyhBsuZY|dx^UvHdt5DA9X||ri;<;-fZICm z$+4l!W?9#AW@&{QAVxzJ1FcHqJQ=r8B6uazJAG9W`t2=^H#Z;0ypQq|{kWZD(Ow=K z0z4#L`;nx~Cj{|!&o3m1qB9vQP+(0pM^OG~5No`&pzK@xEor;@f?P`G3AD^paaw1` z7PH=)^(UAUwWNE@^9NV%FqU|A--8vU*sQyh_yWe2qAcx-@(to)G{Nn&BnFk7lN8aO zv37qrjd_}cR6s;RV%e_rzbm=0Y6dw`1v1AQM?F`hx{hT5h8jj`#A613JGmkXzn$EZ z|8R0a1L1&9ZV$X*KhVj|P}8ik-kqZ}jP>FPnc_~`=6pP$%=kXSu>vgSMy}u z;d~kZhxzUi%frO=^i(9G^t?j~5iilN_|MO_wM$x!KYl`KXtW`Z^0mw*rBuX4t4g}u zUWnT*}2r{`nDwko`GxGeZDFKh z5}l&DHO_-@prQ$|K968GnN^$dk&y<{ez0rEAjauPAO*l#kddTYi$rIzuM!S}MWf{$ zklcAQt9dv=d;+dr<)j=L^+`2Vk9jUSRzBSWw?G%ULq;k&cr$X+X`|&ZvDH5E(KiqX zusomA@3@b3+q$IE`WW{TEcS!9*g2jz^D`sH&Xd|7M}>H|q6mioXB+QUvcb_k(t|+me>#kb^zFhvI6Xb{0k4u^c7I$GNZTs{|Ku)M9+fI)TK~q^jwhH4 z4lB@SHj102D}|k0B~;E*uE3NIfk2Ar^xlMYRF9^dY&kbhPS2;G-gok~NW;TG>oSsx z1`Ah3_$5GN*T_Sb_*PoHv06aI&)y}sh`MSj&@Bdm)g^Z&9v-Zz{C&xVHDRz;(?+AoIl+Qs(=~VzKes7zrijPwmh%f$=O$w`8<8LQ!-~ zCXjt*EWKu=fyiN#2TJx{jOW6WlWOp3Qorwnh}lp0TYXx>TVwgjY^4SEOFwUCx*sv3v}!We@|@DyT1aO>mp?&IjbaT%K=v9 z)sfbdQ0$+R31Z49u@q>Ed@Oivf%}9||98*s`TNY)x_gT)&2#_jdJgEJyjxbLBFPUc z@5_r06dt*bpYrbCIQc4$n`7zegi&zgRi&uIGk*E}gktz47XATx{43eoKx4DmM?oYk z_#=)~?A5Hjlrc8@)N@fnSVU6T`Bqv9`0{p95P1iiUt8w=$o&-Lt2uH~E0FtNFUZrq zGNBI>Jl@cV(m{tQ9$7Nf=?S>*%an1=_F5!Ak9;+dY%#U1=A>GM*Wc zB%EJ|5!nSMEDk#thdaV zxO~(|StaY2GaT7+NM5xoea6TLpW78fAd^;5vi!~IXsq$#vJS!eCg7af-Gg^!iiA?B zIY(_r3r4Z*XifDz>6SO%HwtE-u;D6>*`J)u`Uf+enyxE%&10M-;E1XFKn^LxD0yXK zDBVjXahbrl9G#1A&tU|*U!l0GybzV~tDm`KMW$y6T)xxL>CH#xRjOt6=xRwb>}Img zO^oek-?`1|n`*l5&E~;Hl2xO|5O-U5Euy#PZz*WinC2Ik+O&4s3LC7Bk)QEzZ8cn4 z7&_OR)wi|BDgDDHjf^{cc=eS9BRr$prUTOfQqd%9nQ7_KdL5ykyQ(9rmMyOfSuQj+ z=)66au5~|VO`kNX(B3g=gwnd*ADsYqo8RpvBeA$$(QqiM0Z5+0#K;Q3cYcZ*Ri2ea z7r^5fJ7aVLEjcy&WoPs4W5+__cqvcLSGJvRw@#CQI< zNcp6rg@P5%Tu#^y06q3ehEGV(E(f_3bL33=)acV9miL&6pBP3JzycO#ZU<*z)}DS* zl_hhoy}wk74cz%wY{A{AUMEgJkR$)}h6R$v8M337G?tMhDL<+uhF%yg1O`Vw(;zBb z+Yn_LZ?9(V0R)y5Q-TtvfgvFrvml;h=s*IEf|8^lTzuCB$1nd_Xnr%aq2NO7QKqsv z)93r~!PCkVO!hDGGER~zS&}HJg09@OElp2`1g(|~)Vuu?OVl(D9SpvFlaxu(tUY#@ zpLj(82)600H0MLPv5CD_Az+4U(c|*)`^V}&R%td30&eY(4G5O&j%UzvpHPI zb4zbenbRv_rrKe-Tnf_P-#KmL{Ex~~xvk~6tv=$-zVf!X2>1@+k&Va-?!@@u(~d&L?6TaojO$L-a|2q^$U;2VO?3alxz|F(RutI1b}00iRdD5RW%L z*sEBe7^7$x`}4y6_LKzaH4C$Bu)rJ)bPfwTFF$FQ=;JTU{&#K$MM|kNV5fBPr?VSv zY*4_=Dr}nDD`_;f7Ly(rokj(`)`%^sKaqaenuIyKv2J=5Lp{Ijb1WLm!U#V4?Uz<0 ze@gNgBdtwz~+az*^jA&-4AB$i+ z^hmboIfg}JQC90)$=;Z^4Jmtd!ve;9r1Bl8SJMu7UTK9d`+CMnZ{Nio0NK)JJ zg@+^L4xyqCzr&ekbMp#Y>^mUaZE{4L28*u3)+1pFu|U?qeU0vEl2`bGA1~z?PK%?@ zHB#mFj$Qw`WJYnsE39&O%reQp?3SZt!SP#+kBnr~Kyx;QjGY1^WtgI3Ox9B?ypxPc z_dVCS%X;}Y)cYIaHli41xqmB8R z0SY)Mr5*Y@o-ug zy#mxV)r3Farh9g&&Ng9aj-OaSUjFpVB1g44Mzw1N?Wj?0==gS|X_VV0rooyz|K4Y+{{Z2O2XWRu5ty0;Whr5uUVhXp<2aQx!$Bsl9}O;g^DyHRO=GWCg_hw zs_%5QypmpBRwW8?Im&alzA5Kn-O-$dBN%sSOL|u>yj8Gmx%+3o8g;@gtf$2cjLMMn z!@oHZU-s#{kdN~;U{GXU$D#5oKZB2YdlK8S@9=3^?=TRUWiEFNg*=5jkb+y&p$gX~ zpS15ARDtn5`syz@2)YZS#0;>*lnbBteS#(zVuYzy4w7<6J5ZDjTB0~RU5EW4yn3)x z2kFM!SnwTT#6a^4abdFPPKdXWeC5DLFE??6=w}O?$^i--bx8vhMlri3G_KGB%|7-r zk`3JTPpR|l7HJ{VmDVY=o1u$Jp<7zyTO+AFjHqx@?8fBkS^-3AECnH|QwG#}c|HNf zd*1QoTwm_MkI8~}7Yj=2=AnJlwMDN3vVX;h%!Gv)pLVGi#DhJ)N}N~CBIah3a*_61)zsLG#i> zgcvNL>Fzjc33aZx$(_jGwDQ`hXd}v68c3sRfE2S*9fGkIWoqi0cO-r7fE}!M*OgJ5v!|F@$8A`u6A?pmt-*lhS3YljDChOAqrlZ z3I}ZDpT`h$pjvzZps|I!2X^KuJV8uvLPbBygWQ7b0dECBK^g{N5BxMB5w4F<8EiYS z&$!#Qpe;27~e)cL!e_ zp#=E>a`rh7e6dB=iL%rl4`J94Z5nm_TgHqI;!TX+1Nv6iG#Av(CNuF4&z$SZRwL>- zDHOECPY-LvUy1rVpJ@tpR$AEKRZq}^37YnK1okP9uC3f7^vPE`4XaUoDS4wPrS|Lb zm`Z=4KydceoqFfMNI>VL8u+u5>EcGo)Mr?nJCY^-RjSi(}~?9A9`w|N{)mPkjZ zhHsPD;#&tX?OMpy>sU=L+ek4{-?k%9Q#w|rTXo94~;kvNQ4*u^!uQLaqF(T%rZwvqAZpzF4coE~Cn@9$`SbX!MJiQEaFL)mKD zH0^s>x6)VE)XPk3v94>irhDtN(WK99P6yYrEnqda0b zYKO4O*KtCVI-YE_X>_< zWkbMH0D1j6`kPbe$blSv@uyz`Q$moH;?m2iL-xsq21qF!((Q^#hKo0Ad8V{Z(q+G~ zSL6F@KfzDbdu1Wy_dItIJli%snorb!c3ZI{?%2F`ectR|YKdPuYq^-#7;O)Jc(;-_ z@%#Ut>zH-!Pv@-h6i)(mMT;1IkrVFPKSoP^o!o0MV{zhV8`fh^(?@^?;SL$a^RrH`3Z@rP-^b( zAk1)T62sbPF{3l3fb7!F)^~PM&eS zke)%Si7^R(`E38q%$+j(uMwp45wZR)%rP$8= z@-`U`IJ=)YcIjrPU0?>E@>I@$AF&L6VNn=b)Uuvevfc@>3vMfVKBYP8W%f%#`8v$a z!ccV$@7oy5?-A%7Ha%c)5WUUWKssN5pcXg-uqZ4iW7$dweUUjOb`h~W5sePDu^LIs25;aoy#L0dVSW)Iji8nP2I2n>{6N}BBt%`Hu$2wssSA!B+ zv~CdKd*Ae7z2hexV0}c*3UHtezP-i9#_P}PL6Tqg3>219<~YS+Zd3fSGQPO|7)6JD z3J{nt{ffTNHtWreg{=dgZ6qdX;vxIkR-hP#qvGg$m~~ZLB0_^{h)p##^k2Vn(c%7HplVF3UUL+}W2D z$6U+&mClhk%W+i){`W;jd*!6Eu^RxIIX~27086)1OqF@5>H2|0%QO6%GHaqx4<an((Z#W!x;CZFF3ocw6FS@EP~P@157o{aRfcieB0Ys$#1{MNpuaS@yVY> zpT1sSWBFTWWh3z9YnbY@1TI)Tgy&jj@r&S-cmqetGS!opsY{p4W)%!v61y_v&n%Ln=z zHB!FZ{qDurw1y@h6T(B1vCbk{l2mHf`iQtZew$j{#lg(ozX*`!ddBgCf?Tz)4r%pfZb`EoT5bkm zR4D1Uf0bDcLq(o6bf;8*b3E3v%jAX{qp=l7X)#!(A>C}4_P^6 zK4~JD&GG<-9jnT5L|^8)L0p6J5j4{Wwg5308nNyH`QC)*G|aVoj|p@A z1@&X?Cpe-GDZhov*XF4AQ{)m#yu1__z?_0lZz#3NmGk(Af`9;+)%;Fw2!)S^SM6ew&<2#1qz(685iUp76dE>0H z=|qET(Otz?%pvGTQL~_hhlyszmvW;jnL_4!4Og-5$5}jW=MhF`UxqolE138wQ81Rr zx0Z4n#_Q#i9BDj_=a8)^Cr^*PK}qDLmou*`xh9itUWhNHp|Un$pPDe0gCdZSE1J`2 zk1KyNx@&i9m(z}*cD}VZWGp@rudhRDOWVLqk7BJ4xg$iFced z(S5De+F3;ott503%~vqBPZ0CckcA20rQA=k!}DrM7bTg8qKjl_h5Xc!iv0GaN!n~v zjq{TyMJaRAG%B`PHIu|D{$Eb~+$FRQK5S6>HBD6Q;dlTm^hHELJdAJIc0Tsvb`0Tu z{wDXKSExn=1aA!zj0iyxPpj{_$_Q+aQm;hG*I6>CoiVIJv zXL=1CmZDHveH5lbFBG|qQD44rw{_T4?BYne=8IcUK7or4Nli!`7aQJU{QT8XF2d49 z=b;e3RcU&{Qc$HQ)vGbh&Lg6lSX1n~VoVVZEas@2&&!wTWxP}D2$U-{n&Xd~8@oi@ zdQ&X}vz~0)n%pJo#%CApHRb@5YJV;0PhJyia+f=wA4HL}(B;AxotZfmO^mq*`|v55 zRfKmtd%N*{>uN^Cgx&iM;}PK=%G!+U0c((x?4W1(-qNi~lDKfoxV2jwc_ZNM zJ2p_{nPkF@y8wE|T~(xDn35o`l})Xc5K=#OqMIV&=g8hBUJ5&iJ_z%UL$nWlDP`ge#PjeM!w7%9)yD$XdsCj4!oX)h0)&1-VMav3^hV#-jIdjWQ zh)kNa{|{qt6&2^AF70BCJHg$9ySqEV-8HzoyA#~q-6gmMcX#&?+=7IhCUdT}=eGas z3kD2&Z~KJ?;kAB)Ik%H*SroGX5ivIW0GDxgi*+v+I%W_} zqGd!C2HG5#(a^Fe=|eMCy`+8=_F2Z=$8oQK)JVyxD)5@7lOZnw5iX4c0%~O@iB1E~ z?2ey+Mp|lAL5m6U+zI{KK%|DJlvXdVc^hr~_5djyzbi8!1m1CGpfRgYWgW*CK?`T? zJ0xIcN0$s2`(2V#(|k^8QMHsL?6EWWGr_*h7Q}g0@}oM11x!I#D!*gLBm&EZwI~_Y zr`5G8*@WDwucQ`Du24bYTI6f#;YwFWdQoLHIV}sDEeTDf4Mv7OODNbRV4kY0nAb^m zYbWQfrXtHJ4TAC+UkHnn6R4}0p6QnB7A&qe96LdEhAS2oe#ns=`U<6a^t^IIR5GixL3sE+|?U#CXj*})Y zkdrDd=7AIOGlab1YfE6_6gcI2HAzWH{IPRX;NsmpmM$?Pqf*0(exyCUWXZB+BZqmLUP{t z!hc%Ea)a)E9^Fmj@iqsqG}|kJa(CdvBYKP!gj@6h&c;)n;4$6Cxf)$>$hod-^23hy zl|YH%`RihaA3vsjz$pI9(-Pcc>{qVmn?X@d``O7!btn%pdB&`rk-LFjnf`ER6_(B0 zJ_jc}u6Kp8z;;jVOv1r_9=d4(nI9$Bpf+S8ouP<_AV;Esvm7gc&OgvlrB@nsa_L(; z?5j=pw%TC5ezE>f8+pyO)Z8bes^bLY237ulR~t8Wf7Hedo%#XBKFew4RRKQ5^R zP46XZ@u||G6&Z?Knj2lwb0tw?Yj}~Kwv}q;0qkmy=nQK+lXnyO^X7s2PKH>p@*IrIi?~ z1rD{qvPQT0N&lK8m8ez?nyR$xnU_==BlbpXB$Jbc!Dj{g`7ThY zlF>qmPi3*BX`GPHQ5Bng$oFeMK27^^5XN*)k1!&>CjX4CR;9Ay{SVEdu=4o;=|G0`30x+Qo61k=AB~XQ65JeTA_f2Xk5V#afrna#@B*U60W$DsC|8K zQ4G1c4gWF)=VCl~^V>dNVpxj_wLTVD1nb}9m%EF%`fZUx%E{;I`$x+=7Hy#h7xP+E zdu^R7iTXhlkzrE{5wV)kl9M<&aj+Ncp9}i|x#$T18xuQqO2?pOF^!;``1;;mIanJ` zczq=^qHYoC46U%K?QV%n%&e|e4aDk@sLaI5eskh9V`JFfU4YY7b1Dw-(YvrhQI55w z+#@W7KBtpfO!yh!EOIOE)jWkfL$ddpVv4{avLHF>=%6{z`*xa4-B}UvmkHu_&50sH z#-#$(VjI#Pr?1=5LASskI9?}rXympTZ#K^!o3Tn+d!^lwz&QEJM3gErfL_Lonm=Bm7Fx_NOdrV*;`XJpP-o=>y zwN=ziKc7z$KaCo&KV)xfLVsC<`H+VySj?8Ebca9Q4V0+scl zb#eAuX3XO$BNYKrBU%l*&xox3V#Vn0hLKME9v;ttwSs61sWATMuEC@Rb&<`aLivNi zB#0HH1`7tJ21{>7eEfMcTMz-`8zUnf7E9z%bQsHp!T3ruUE#^2@RwvLWymz<56fF= z%!mt509kDGg|N?KA2<1Ef2ZDkMz!}x0saZ(#C;gCr9SqV+#$<}8?-3+j8|w4)`DaD z-7#aGd0vMFU?M8{bHRgi)Qm0DMI`o^c7@?HeQ98DrxbJ^p(nlp81mo!@*_$h*r_{N z!{vmJzk3A}>_qa{c(n(ylnH4HSc3s!gCPfD1F;N&^Vd>K=2v+6_QP&v6UV6X5yamX zWRooEOt^Irk&>v@R9Miq04@%fhy(knOTza3f0dj*=DjlZ{=Y)Gp&~MYAty2s90{>% zgkDw4CU*OX%$4(Ul9(#n?-3ZwW$P8VBK6JWh`t+pP^H>8)Em}oRj@<_nrTADP|I6x zYl!fhN&GJ8s1fk#z}I8l6#6J5Q4>lCQxe0OOJ#vAK_JJJpAYf&zjJ&wUC+g1*Ml;k zFE@VaeZ@~^ud9aL(QyXl#8d$1tR;f7k9{D_VrkPS%stM9t+oC(0P~QY>+ss#n_8`$Pk~BuZ3L?<4G*b-k{!tzX#(M5y1iy zD)aHvZo*7M&MCMJ)D44QuY}3_4>eoU(mBLRt~G|M>c+#Z6huSbOx7x`_+~BUF5xYb zS-w=AE4J<3O+uyH((2ts*OZ;XucL0+M%k@*pV+FqFJo-mY8zR`KN$assy%dkwa;ZD zsUmsZIxwO#m(V!mHulscyw}k;&*3gxsux>RfX{>_7MUJ;8NVf$N|oArywuC*Fkug& zw=B3l&D!}=Cdp~8##$Kj>80jet6Hyz%~|)X$ovcU!2Da?GIn;BUUQ@v|B+H^P}(17 zQ#1~>z3s^|n}(#40giWmYOlud6M}iz{{3FqBO2kimhKu<< zwch;SQfp3i<$nIk$9eV65%Q7Bq&U{4bPo%kKS6bX|LZ@3Y66$CNPBTI-Kj4os&7i3 zlCoRA@AhWaf3r8+|7CB^)ML(+`Q6O*&ss-^I}SB5-krcK4@)}@2>L0?@nRL|W&S#S zx;!e3f5gTv>C3%<2=+>UAk2*qAlZ0^+qKM2rAi`mNwg(FLvV4gmJNuWUa^deefwuv z-Dv$DR(r3!ht->z)kF<%vM&kmVfE}=85YD_LDPyOW|D@9g%*0b$BC6jgC?*qrZ29p!Hw&W>sqItt?vCQCFC(a*5TgM|l&PDYBT*F3RbY ztI(-a;dQc;HJ=FGI)y;{ruj$;In7A@coZ1aZ~U$_BNFb)U7<0LvwZL$o)K4@F%JG{ zpzTLPed8M^n*P>RQQ;=i@1eKU-g^Ff=sg=*MY@`(XNSZ~s<>h>y6$nYu3)>)s*)C) zp{AA4I2b(*>+O|YSurRBlHx%K+kzd*=dx3h=46{L$T0dm!C}Nk%S@8s94ab?B~xn| z7AYMDIXhE?2%oTAd8b`=r(Skg8uvsQt|1mROl}JoJ#6Y#napc@cKdb5`;OWThTD37 zN6cH3Zh{7%8up<+l5ICxK&Ga0^exQxjHaAAo2eq3F*@Aysk2h2oZ3wczGCIo?K>d9 zuDy6&#lwzjgx;Q4ML>Cg(4=05bOQs~LHX!`I8#;34=KPv{mCQzfEv5dZ3A4W2{n9^ z|J#-ZIwF!*EYTt&QF1IHHzHwjWkd>Tco|P6z5sI=lA)VR!6`NyKG%)f+#5y&4q z7r&j4*7hljDw`cPO`GM*T*MaI^W(~1f8?5C{cXNVXpQtV3Pu2b!yviJ63KQ#7<7eZ zaiJLu9Bbz|#~zEEx5N3Z+BuMOmo+oLy&wm!t6SJ9gwBuK?87$3j}wW&S#Br3EGN&gvu^T%iwiA@^%oZ<`@26thJ50fG&?`kb*0%g6mMyMhU5--w zopo<91?So(Tim;&SiG}lK71MYs+$YW^=1ifJWul}D+y(H2!C5_j1)wM1jL$24O;1v zvEr$AX8w|E5X$EbC6**;rpm%s8U)xg4d@SwFIqo&3B-wUX{9nx6Mo^l>ZnCUhn}rB z806YloVcdq`h62JESTzHyXeWODGfiO99N}+7O^ChA1)I%#W5>6VB3!$W&H*x`wZ7M z!C^NM1$VdUX5Q_GLBl4BiNu!+HClFqF6$BOrV0rr-EuX-LQg^h9*66zWaO%K;v@Pb zf)V*`#0;@7N-=N#2{+ z5xx6-gk3dY)X-rpQY`iMR-Z433`SW2{3*2L7v{$>wBOps;3vKf+Agq%+76lPKU(E$ z#DBfne_rp(S;uKUcYU#3_@3kJN%?Ebegrl059?R*=Ap+pg@*H*%ZTH5$=~`r$E?tE zt7Wgp&zZz&7p>Jk+*qHnmE-7ci2n%D@e5=SF$QK^&Hsv3>tf2?X|S72)n!f@r2T#=V59vY5De85YXSCF?DMKV&3LEg{uErze~ zH9YU6i$b-^Qmas`*5gklzZvVK=elQ?7hW8HOh`N8JY~PQa;X;LfqrW16kf@#MN2t9Nt1{UOD)&^0RJl+9LtQnS$kQ*192Vqcqen1yu2&Y zwEtp;;r*w8>f*w(Vx~gXql3|!E-nVO>?#U|Iy=hDi!;Ugne2O{h-w=MfN@B;3CB>R zbiuk7jeM^b=n`z5ntwA1Iiyuc;9b5ZO|J*S1Uk7Tqk7ULdPX`*uMsgRcoaZ`7Gt3! zbj6^4rF^i!`LS+FiH>{<<$2foo^~-vAgxt(KvlxPx=n)emVS=G=g~)&_1js;amjkt z8<{}IX#n2uqP?4k2>w*Km$IX$PZhVw-|;|-3)ari@>HC0dB7@`%H^J6{H@3|F&v)O zO4%d6c39WqgbMkGCCtn1oKWZ~@PsthO|$GL(Bj_vW^X{`(7$-tD=%?#wos8v-B&H_ z7YSR18D}W;fh3M3CY%w@6`hm^CW}deNH9{Fk>mBL6s=scI1=(oD-k4U!%@I|q6MTu zFj`!*^^*BZy?`YeMB&?`b|3;MO|>^cl0ZJ10xmh2LGn~O*&Wr+iOo?yFRx^Lp#Jz0 zFP^vdg+S-FShU>(g1hxE#`$ACZk_CKNZ+Zzy_t*2?{(v)nngE(P5&|cK;F?CkA;bi1s`)+e(I# zRvlYFHH@_!*!Qk$sequf-h(8?pi!xV%s~2|A3!_iQHfWwMKM>hsl)p&RD`2D zPz7)&AZ0=xmaOxR3mtJg`Y;d&Av!=;5LN)L;A*fxAPqP)+FC9P!9u|q@k|yBIOBd+ z_@4_(Lbrg=0$PG#jq31K{$vJgh(H@+-271WgCc2Yw25wN@~d(_$4Q{PZWHE%F8OzKdsX4!@5iCVfRFjLf7W~9`Y4p&-6b3=z zoTUj6Yo4h1CZ7=aPBl+LpenlCGxs^A>rh`MO|VgsP?Mumg;qsIN5L_ukbH11WyL+d zJ9ZBKkbN?dsDO}+HEMu0g?-j!3O-c!6-y^wMaHB#Ep7^hrJDk$zIHHN>{)9ZIC6TGV`X{6_ zTkT(K$_@>Tqi4|QD4<;xw5jf69QAjuzZ>$cWHgB=Cx^exNlT%-68uUz%W|t7a2h{P zx!xSg&@COXNnUhq+YDCOy0~8=U=E&ce`B#Ag{=&rWx4}j3~oFp0b22P|NmBe6kTvX z{6U8gIm>PMZJHU%^@F6z7XAbCfibU`Ma}7$$K0~fuC${A?(B#h zwfrHt*91me!rzkZ((@>u12Vz73}gjNK(O(DyB(=1RT)ifP{veNR;J8fx@7BBp6@(F zY_@2r*{!&J;)&gC6dxoZywxSR2zPM0JB*63-zmt$ zC@#OlT0U^0dLsH4(hV<+IUHj(oNLMV-;MZ=`HPnLO$z+&zm&0B?fiG35l`2{({bdm zCt5^hiv>a8sx$m0#5vfSRcT>BZ%Fv*61?r>GJ7sT*AVFD{2+b74W7?{_)pw7!vwO% zpH-{TS)XF+Q)Q3TP1qvJ7PC(RVhm3>FxU0pm2t3QqD>3!AMWRX^KW77l+NX(dw?N5 z^dhnPxiMJ525g7?*C-Pw-K=a+lnXpW5t6Twi8CbTk(`1{%yr4c!(aV{mY8i zeYfH-QvbH%dH$;v-~7K?@j@GaTk%-6O2Ts*=10Z%+4)}{P*A2Wu(^?f;yHZxCt@YP zaH}K>kb<#sSfDoV0EwRkT+eq&tn-&74$13jllo)78_4_(ZUgOiSig4iuiP0iD2kWq zv9Sbv`D<`4E@FO)0Pg=Lh>swGwbS)Qy~QCz?T;CPqg-(G-|6j5VG4|QdiwxKZ<8d( zKKw%v1N_C`1iMS>zf4&VwX3GaUV(`1lXd_NzP72lJGkz3pcdWLSBp;*LeP7WCBkS>@IL7uEO{NA>@=8qoI@XGtU=LayA|}sMft6!EToN z;sA{%evNfmLbij?F++{4C@8V;)`W=?d_qy2cxzZ@um zw3I6}E4QkUAPpMZC=vY+Op>oG7~rQODAesHuXp2Wecc64&@^C~FB;`D~yU2!lHv-SItn{H~NU`!*d05EpU?63gb3yYS~cV`#o*}KQMm% zzL|R2?)C#W*fxWhy0nByi>N56mgOa*X{o@~bRSb|dR*}KrY9)T zJl#&p)mOP;(MUO{1|L__d%>WUIan<4srTE6f}oqpKY1(u9Pi<9;K=XxEL^k{Q)&t1 za7&ZAn6GWNsSb0pd*CU$lQ3kx4ffW{B0j~}zSLzYVRbN)bfajf(dC0g3MWbb?} zS=?Xl{jl(86MS7#;l)K5WBRcw}5?TBVF>T+bLEnt=} zE&uBtL)$RM^!lgRAna&jui;-!KDN@)1QQ0)Be;R-%0e0a+Z>%8y#exq&}Q z6vYIcs?Nj-D4hd~0iR?^-`fDX zXV?udKoD)-2UrHM=&|%l#I$ODDbhJhN^1PvmZ&`Gc*nGf_&b;PB0{I4GG+80KA@7n zn0l|Cg)r4AB54HL+CNEQ8|W3AyH59bQA*xITET*_zv!mpM%vvNXwhB{`r=fHk@rdyT+H#vwE}xWGOdBV0MlBV#KpP4dI9a`xhnLjtOG$MjHT7o{9goW#MB?=T@Qoi zip_paBBY4>^ZH#tsnWIsL|D^rMqb&FR}1yMoja*)HZok-jzVoVK9zfOBi~-;07!8t zgEK$Tk=t#?C-1A7g{PgsE6chUa6ft~#^sg)xC*zEh>$G4U`@9Y4ctaYucPk2w*(@k zTh{49-HSVRMwL#oO^vQhR%t$^oI_QX8!7ZAhA0M7!nrq8DO@B{M!lyx+#rcHO)+vQ zrB@7hR0WjjkaF3kZ`_+wt1V&$Gm^ju#YojGcG|3v5`6x;O~Md!Hh5=GL%I1&pJ8ig zkdV*UUiNBsIOg{=O}pdhblTfbNk4Bh0p0B)0esJ%qye*Sr=hB#(S|IhPCp>SVI6u= z8Z`y0UnC5nA);Y~TNVHC)3+VI+CB^uajv^ttc>6ailJzf@U*>6k)vcC*Xv=$41w;?_EWno~`CHD0o*K!PR4~yUC0RE2kMJh`mFwPE${MgA?n+}XpNHoW z_OZ=uA^f~dyMAaawbUDI2~w_C)-I3vz8to8&C|67^Y-e@UvHS_d=OnIsI+pPxZXqi zW?M3ae21L*GlO-J@Y`0d6_+}%NMRaDbnU3k5l%oHl`q(S6awEKVx!bHY}KXRgs$9! zdw7t#Oq>Po=0&68AwCZxOke^;uz?PWu7OTDS!iC7^mkpi&${!{r}XYs=$_{3SiDOQ zV{^?uUz*YCoCAtwbO0LdMM*Cvr)#97lb}!9fLG*eq2REUmvFmFEfJJQR_|VZ6fcaQ z4XJf}eC@zqL7O}_KTMsjG-MrLExrK{*orSQz7}RnR4xLiL-|bhuBhsFx!#CqRC|)0 zZ|Ks!5#wZGQD~!iQ1zGOARo{}Kt7IrTn0p@Qmv~Nt$|j3BnPibTSnAC0afD-N34!Q zmvJ+UQeWT+(PP@%g?O2o=8SymSo=@i#`Yz5F<$huKWG0G+z@%2?7}lA${4}*-Nzj+ zz`^v*NhdiR6A-Ma$>5G+=Nr+*eWV;Bbi&h} zH=n5B4zbi!K}moE00WzfR}ZdbbiFdsk0lg8eonMCY;v<$XUfUA;^?tDF2 zdJgfL%&)+ZsNFdQtKq9wl^WM=_yt}vjeHn`M6FTr+({(F7enp-b(?D&VlB4+px$Rf z{-WN?AKvK{PQ5Ib|4hA$G0vU*BP42Ez`A6ZPHhUon+m;1P_vpyS6s#7%2qC&Z}qHM zbgPoD^jhose$PFS_;ymUIV4{{GOVNeAH+N6=7u*w{V6gWI_Fm!!&J=L{wE|~a?lniL`C0`AZ-B%p&1u*7N8fGOGk-V_s4ttOe3g!!+?oQYc zKNj@S7o34UmoWBkUuh?jr4O1|kAcG}Qfb#w+G(m#Ve{$u zC<(;beTDsvbT0L+q)ysc+}|WcREqn}sq-9P1LuID(CYc$q0rI4LZKs3EbQOj^5)h9 z%yc3%S(N0@ep&1z0=Fu%+07LA&5(#E?AhAwx!p#w8vE*0#1>U7w{y=^GZHT+L6~37 zPk7U3@R0C*SIB;e93qKWS7;)$;V*v%-Y|Gs73R~F85QX zp6AnXi%d`it2jC78eqIK3Y~w?3H;|5gG=wZW(pQmaM{yB*U22%x}G{Q*#v8yAI_ zqAZa91)%6o|BbveMZ(Ph0hA&jfHD$7E%+#Bb}MQa@vjRwrW}|E*?*is$H75%?Go)Q zwTTALg02$XX!l9iK8O1lYADZap70TPqxQM&t6QR3r(@_l2ed>=hTuewjeX~b1i?EX zX8MaJCz07iU2PBR|BD`POjI@it2n3m__z<9rd8U8_Y<2ja#E8MTwD=(%71m3#Q=E1 zZGZ;_8DRb5CxDn&Ox!pXV#MXzG_~pLULVl?+zoT|O;nK=w3QR*olwa-f<>l)EgpOR zK)E0nadH;V5e>ycnI31Cae90-;~?PaFrt$c9{FjO|K48ucafWug2d%9;R#3MOmUkS zA$s#m=>k;6`R|7VTkqV9#d3PB3GAEe>0wEF8@Lt-wSQ;wvqRDo7_dn7dgA}m2h zbS6PY2LOCvd2BB@Gz9}RvNa*`%2}#^PsItSALyG_bwzj&#taP~AhEF4NUaAyzlO3b z;$-Xf_cG+cU@ZbEgKq+bf9)Y$FJ>iSuX+G{FAxM-4`N7O1K*L+L+)MX53EgPS@~5_ z1a${Ev1+Csyhs(t`z_zvJL5+zRw<_W-IAZsbq8ZPd$*T0n$Ume1|X=QBOpqL34FhD z_wp@Alf7l1Wk&|sKWHvU+UugngE~W<_!zp3fB~S z6QrL`7i3rC7sxKG3CJ!;|0Y5IJ!n5@FdFc?Ai&Sc@%+}%lxtQp#5(R`JJS+B5QliD zX%$aE2Vr10;XXX(I@isfdDnq<(dqkdY5elvf;I8q0_oZ$=*kB11izzb2k8O@el8&a z+_gk*H8f&58)m|WE&^OY)_=N$oqqml0B)VA2eSU{UPRI;-z_EL@wyD&{5#jRN2uPi zD6YDEQ9uH`XVFBD1Ec&3XaRL|f|5}e^>SYo!92K%h6xME4;4V=3b!I1^C(D65axC9 z&rU3d_%FtCV}pHV+zYR9=5*4o{f&sGqQ(~6*UHMxv1!ZvIN1ayciTDRX>$7$Ky+NF z5#_1;?2N%!r7xOBKRDh;T3>juwiV)(97`RPD;k@^iB>YJKGwln+$t7tIdh((VvoZd z`+HSIf_-%qsp~=+Q%0yXexA|&=;>FZwCrNns4Ww%%A7o72_1`0hS@lCmLG4KLB-VH zyCQSIhI83yAwi_zAS5?-Xbv2Sp1 zwcK4zSYbH}<=^Bb=2WoF9ec6Oar-VZF43TMrbIdF=}v)SdJTf!rppwg+xzFuP(u~@ zs9H7Y+iVWCmaIwhTxoY7D&$iskGY}Q73Hg>zCN`YNK}CZ8YX?VMrKjq7_sKk+wmmi zbG!HmZ_RBc?P^>3JzIb$x9i5CfxMye=?Yx^l&!8Rw}6vdUeyczl%hzy`gw+Dco=uw;wVi`it1Ev}fWcIX0PTp8+`n2jwM<({!3I1~|4xIP{yE zdAZ4I_Mk1Hf?!OSLgP&!{*HAS%r9+Uq*0PAwm17pEyU_<&wWGuMFdKS4YB zlYjil2H4;42bq1=d(-c;`XYb(*wg=fxi{&Szf#b8f;9yDAqi5%UFD!Ei( z3x0*|M2StzTA#>Tr@tB@)sY%x+OIB*LIxNHhN5Bc9s($K=l|VC6x}bM`{&9;_{D6Y zB4>7JF7y}D?>ug5sN8_U*58Kf46h>DQ}aZOB5wb1v6PRVY1HS(p;J{Kh_)t zzjAu6i5?-Ontl1WN`5;lEthiggG)Nb<5@(g3iKoFf*kr<&O$pf%<-z`NLtFncxn-mWEdgq!tT zR%t?(Py+a@s}Db;=8VR5Qw>k->0_a0jMjwv#?lLf_zI}HaM~(60enQD z0GUQ$?i4jws_J9-Y9xz^`a<6B!nL>bpn%e)%roMVC&S*md6GQ+azk;@)8T@%=pdx! zg5&c^1?Nt_o~u>m`2t+<0+jHF0Gc6Tuh2Tx!QL1R zaY);59_QNjq-JxM$hvwoX&H(a{b5+#AF6i+X?-7jWQs=`1YIn|OMK6;zdKu?md*Q` z+LpK|)7<>q@*0(ArYn(j{+&o?Ir8%*!Addt7~YX?3{JR4Y@}JEC{QOV0nU+5TJJ}l z6CE?!-kUaz6X`DKieDOb-IJ9)bk}pz*lS0N`eqnw3Z*D-Rz(B(R{iyf+EVsQ`nZyl zMX+^B7^-K7EWA8E(nNV-ArVL^qWyP}(pXbz`|lbQT*#%d&+FR+znBRoMk^q-w-1Gd ze?x7Vznp^9muMsT6>mEAu3hkY4Gu%~jfJ;4RP~J`t$zt}!{T%dhwh6Pao(&al^E1? z^@#8~cdZi=Ks@Z; zMh?ki*a}=B`cI)Mo%Oq*m4@p>wIvk$;FY6iuvlc8q_`m7(lES(xS&o^0M`gx#hS3^ zGHk7?q)-lukdjGAlD9wANbC6p0`@4JDB}}5_tVx9V>)=V6Ko;}6UtNYSBXZ2^eUat zHvVnx92Vm;>E*;WTt#%#7h5)KHzD7|bPggDQghcz)l2D)A#yeFU&hWKo~KSebWA00 z;^a728P<;kP%`M#{C+HDd}ai)+$O%qbDi6(#S_16+_*QpyApu!3HP3HzhCI-rQR+N zQ9?Vn;~sHud~wGU!ESsC@sD5hG(#VVrynZ_NI_fFo$NBa2|p5jV`gWQyUTFHWtK~) zpEfVZzu6o^t_tiYz42ZR>GcfNYLWAG?wF3F3sJ?s^Hwz2>?y=l#v@n4ed_PcZpiBG zuFeNwD3vnwtooYBr+#a(Wk_o|!EF7zj++{tLUu9#vx?DA=a}368Wl^w=&3)7PxaZc z$CY%D9{C z=_BM!cx}h41XOwT9^8^{zV=pEQd?^Y=x`$>s-=Uw>=mZ>dL2$DoLM&f?o%u)*+YD+ zV0U2fLKkDI(z-5_{$x7&@%uzZ>SIda53pg8dloj~dK%$6v5lkSe9SEH6Ng&HoO{oqk~@Ilpdn- z3#8w$f^#LErb#BQLOLy`9sT>dNBKYW7$6nBpxkl97>cPcpQN#?;E!po=hv&9SdIo< z1GkqY-a6WZicG_QiM=V8;*WG;qpKucVhO-W-Mx-h?5T&CR_v*=?Wv4stbO{>9ZGta z&_MSb!BRiNu6sz{b``5qE$2NOPeuG3UsiBfKz-9hvZq2b$NGg)mD$e4`ZNL8eKC;A z?NEh>BW2)Rbh9LuS`~U^(Ak$uS>CwIK%$FCqIzfOd*0BP!4R;)`PjiT#tiGPxm$S- z#&Vj<7N0IT4Q2v40w1R-4?03i+Qu*v9j$`=q6anu)K@nyk~2S;4~-n|So2uqAx>x+ z+;rq8n65M)axV6Zw2DfxQX`(H;Z>8`NVhu+77R1sII#k|Vu3 zphuB_`V#UzprLR;9d4;7&o|`g|;o?(Ha8}fe+xD<1*9TMT zjeTC28-ole)GvhxH#dDUO7xhldA7W=U_m zO8Dq52t&@>lX|uaC-U|97z!zNJCaCsS4xb8VYnAp5V#6 zz-uuF>lWXc=z`LU*x}GPtih__xHOVMUrJi{D`=_g`aDQcR9933vR=uMT2N9@@iok7 z2(L4c1Vkt@Q?CvG1Q7Cfa)%ZqNu`s(d(U4jhEGa6Y1C4H8A`=#I!L5DNs_}wuo7Oo zv2u=3e=*zz|Hj2TW9fQiIiLS?syF^~_0vJ^Av;6p_-gS!hdxTZGH79xbEZS4x_r16 zBM$?h`TOHV{?ZzB=7;@1whfBIc0l@oTCi`>{cHeq_6{v;eJ-+8VX8H0&TSM4& zcngMilnUK?%2-<`e$WK$`muR-j!DPsdhJ69fY+YOarcS15ok>CuRwoe%|ux1Nsbq^ zchr&x6%RDEWJE1$G9UvX1;v7aSm0qnJ>Um1AP1oVErg^2ZASe-^1V-ihzvp`-~>!W z2*88|OI_x+neBq`2k6=U1N4yk#ch3b!P^&;a0=iU>#Ae5@F;AuGyJRss=~-hryP_| zRSXb8!^-HLAzgT`<=j5IVgu^r-BNB(dy^i?2GXO7Nq;gVc>X z<(8CLQM*oW3Pi70ro}{}TygUqQk-}h;-~UW*SY0z$UYINmj^={n;XhoQx$Cz`k%VB z!I6KuwG*`dZT%TZz)c&-_CK38f_=fx@h!1JQN$ikNwaBdtNq3*8PU=9;^~^n6H@sb~{M_~U4owFXdQ6&?5**$VOo zEm_Iqa9}GfW@Xvv8;K8{S(R0A5$z>FkD7$55%KF>L1xX)Dwr!@JYTUzV%}}Judbj+X@$rORTE?7HQH}t zON$z_0Z^p&-}|+}^^43>ebHWYiA@l*7e&*d)?6HLnUmtcz?PPSHmAXLJKni{01@i6 zSsG%lvPDZEGjzH88SAFNEH{y`T{Kav)J|<;K8)gWg^cr~rrS&YN(fm}43A`gP*N~( z>VI{UJz+z+ykSLaA)fBNi)+)rL$w{fd}}lkT0>_Vki|+UAWcKAnpSnMT~nW(Klo1o zXc2P3u>+>ObMuT&$OJmq<(K)K_y;v`O}!VW3QY6NtvVvStw18`sNk`@mJlKy!_h#WQE*Uz?ZrD|VHG0*M087^hPI71tcUsiZm&B^*sfd9mzDh zA&o@)5MM7=XwQuxFv}&cyFDG-fVs<1zvg%|o11v7&q3+_J+o*pyoou2ks{_H(9F~L zuuJxcbTccCP~ubONat?j8wz=cNzPRHB`mjBtWqt)0;ikVR5AxSL)1Pby6nF)kmng- z2J#e9c&GV3{4??&!#|9FiZNUNTQO!v664RDW0X#4r!=lw*M}^L&j-gaxNGWR$?>yAv!RMq{;NmsRvhSATFxQEIhQo;*E!U!nt^& z{1~$M-impfO0oyGV)9X@5rGSiE=LC8o;DAq$32-}#J9{%(jfi1(U9Lv^>l%=Kh*uT zJ;>cl9@&3pe?BrVzR&(Bhd#Bu|5LmuPfY{s(Gw@OWN zHrvD@#l+%+cm5^PaEC!Uiq1`Fh^!&x^fAqGMW4d%$|!)|*-|riLbro;0pW+I6wXL< zbVf9jA|u3w$42o_=Eo#@e``qoQ8GzjcO_f^MeKaxu9Bwv3%5(s59C>x5)_SB?4=)# zl8QkPvQ`kv6^Q*b?ngJ_l&PX+{N zHCW%$He8hbdRdeP{lTIbOms`X^T+VW{4N4MP51m1{ZketM9BQ`@%mbngee^F)BYDO z0OF6`fw+y@UrBUf9r5vI{dHP6#Q?Rved>a2jeKE)%mjDvK1=a!Pgf%=igvl5+`);kBa?%>qiq zgu+I|Gz*ZdO2CTKAP0UOQ=v)j|BVxMeFU`8{~Jg|F#t4zkCv=OP>}y&;KVb|^9!nM z0(?zP;u^?_rr!SY0j~7vQ*h?bFwYl5izs&*5c_;D(63u{LWgN*pH_Z@Eda{k6x2=Q zea;jFb&+sfq+-EMA^h7xTtL4|GYIN>sCvb=&-pO)>QpZC4d~QO1Arx8Orn|!l9#1? z9toY|j+bOKeT=;n2C!|z;lu9@(G_u+ei23?zin|Xm%j^_ZBp;j^;TB^;HxT-!TcA0 zK~`4u0qWWbG?G!~WsK=e8-@&?m|$LrShl~;XsU*(h|l)>y|gTHo#&h-jShxW;79|4 zVj+b^nlSs;GwzR>MU2<3z&wvRkM3j?e8)2sEm*n8D!5X%b8?zgf6_C68&h>H4Xh&F z8;t03E1DnE+O9%3h02+Wgwftuj-2?Gf%4wPYIQdEj&T{B$YzIU-Z7IBBpSNVg?;3c zaM}~S^Pa4tccj!_!3hqz=sjr-xYje53hgs9@!sU=%wN*4ZRMP4orHeWOFtOq`qw(M5iDycdW$PR>A;nXz1KlU=y=5P3oGk#@ChC%uk zBQ*}ztSLa@ns;Y5xt+S`NlhatilNurqCaBV?P08^lXuz8bNj1N1FmB-E4V63DEruK z>=oEJ!BhG9(|RhlDk%L%X(Bjlidl}_ERD_--IBZOgLUR|Yy7Um^~~*)B0x(c$M_0| z{TPYY>UO+bxyK~-Q%qDiZS)9&z$jt?HM%e1tg4`kf|b0Ufntgu*01vrj7&={&;}WE zS(YWFqc`;UP#p5KWhX??3&)yQ6}LzDk|@Y0V)@imM%`c}GD26yGsJM@izngpPW3%v=Jj8_h1(syVWZiN=GY)RiC zdDWbF7M*)nux8jcF7wqpl!ozq<@uq{g+E^Z+$CS@vo=`xrdrwM=(<7c{2TZ@ZD!1) zr(=NfukBOy^g{8Yl0IAdS5^!?oF8yXySEZSeaN3oCA8_AyBVF#Jv+bZCqCFNbEZ`) z-GGs@;eN{OI4a`Im*BF^NL*sR4ML-|VHUubEgaeWc2&b2atah=kCj3`$2q?10<@5! zTQkgT7e*&;^oSQnog@ZABIE9@c5}x|qqBxP2y|#4MhFZ9#qzb8@=_F`@V5PmKp~L^ zulXDU(;PbxYmZN=5|B3z#4x{(s-p&FdXuw#9liV}r`JO5pUI1U5OzwTpDt8fO9UeD z^y?up44&FlcqFf|O_gT1vH5?jTUFU3l#9x6-7^wz>%QH(%OGMnV16H=qaLAf%g zF}|8K!bnbo?L(3Xo{eN)!>@1a&K(f=ewLx1Pv9wk=96!PdQ(SQ*})IW?sAECP+&!> zE*O05b`o(={1H^Gp)(q=7Fj7fNNGTwqHxhuj-^zQ1VdaLnT4ZN@v#O0Cxs?uUa1cX zr{h}C2o;I35>`UZjaQebUYh&~Je>(DO~bU51(IYN{QwD=C)lDdlB$~{7O9sL`4Kf9 zfy`I_Fewgzr%49BIwTkhd^Lmu#QAl;!%YkK2cygX$JaMTN49p|#&*(i(y`5slMXtz zZFg+jwr$(CosO-JZQbf~UVZO(@BLM^_t?*<+O?lCYR)z1n(N|r;rZdJXi6GA-C-_6 z#T9@5OHV`V^!y>KB+gDh$^794xd}wQi1Y`)@uV|@MF65du1gFkqTTkFlK@jIDIs}WJ-`VH3FYTFPew=2PNiB#^6`F_I`z@eY_A>M9 z=k*cD*Z4MStrN<2D?gLR^PZYKz(J)$8reJ_^n26_$l*As9m)xpR%@2S38VQqm@#dY ze=8GL8CeF8-2BFlOBgF96f? zy{m1icEc7b6-?k1DlNtkDm`KqNNBq<3y-&NO%UYUA$;J~zng>B+2%mj_n>K-q>Mcv^>i>ebI7PiK-D)I{@1~jvx9wC7) zJ2TkUv6B0?g4!SX^e;OzIxAz~IUon3rS*Zu#qq^JJA}xczt%qW;Fghi6WIR->R-FG zLlEf54f8m<4x)gbrE$2w85La5z42=i>?DHZH6gr^T`f2tz;nB6dGW(A@j=CgWeE9J zwe#`#=I|6VFWK>&`v=$g9$OHP(^ zwostb78Cw)oUv;o!ye9&@) z7Lev8pN-aD3><&;%`afLNejq3nBQM!sB@N-Q24941goh=fc`$d1Gxj-PRns1aMz~y zQ`;u8qmS-EB`8?>5&{%D5)HxfYoP9}OyDEyzbtbaXwA>;}16$}YvlUPlU@l9{9UBG7p; zR`MTn!X2U(Jy4a6rZ9lhtnKmt+5}cHj4HjtM7rYNo~G~!nhPHHnI>~#UQ{zW2#qk9 zK>ti>R2kb(WvN(%Z%}kxJbv5pBqK~4eu`rk=uqziQ-D3xlB&Udy3`MYmO^C*Ujviu zl#=WOq(22V^sM3vBq`=1vlCzfI!+o?W@!bkkDY@W{=`37{)vC;TAv^Zaurc2K*#*Q z4Gie8{(E3R#~WZ^z=FDRhWURv?1J$ANBmQbc}F)*)@ut8?&sK|+ky}vKPa6X^F1N+ zM(W}{CKS%$jm=>%Z=2!J@^$drG3SQ%_(?Y0hFrF0@v^Puup`&`4ie&d9vBPnp>6=q zlT}og2O~0qri1W5XA{ZBjy>mbO$P{(q{wV$RUj-^uOvZjf*ObeoiA z|1Zm(Q~6KF{}KD7T)y}YqvkvdY-r|4G>66x2ZG2|wKx2o^E(?h<%u4>LGIh5ucpJr z-%OJ=Q5R!25Z+S(`_TFc;uGAExQ6F=-=m3YSl|XgM*6F$pD8i)t`$ zzAUu`{a?y1INx5~Kb2i_OoRRZA?^O}pxK7MgJ%2oLM|k-@Qkecw+tJf_w!|BOuMb5 zuNK(F29eE-Q1m3R&%r0}hQ`KIE!QgkZM@t2W4vSQmbXCo!#KGh%rm%{kH*sDk_T=5 z#qa)+#h`g?o?t%Kgzyj7T~zd+D2Cs0+kctvtk^Bf|J`*0<@!T9i!Li7eV{1MGGeFjF!0hi<|H5Y>MrJ{bZMpT;9%0d$kJudEv>>6dHlUv!hm zP1y)QH-UsahR}B%e*XvE3~AHFc?NxMo95-L$2wiLe2=*|T8%D9N#%`t_%R4{g;6+| z)J|X!ebaX5F4=lQAJ6WX+l|(yptrLiJ5_UfZO@<***BC@VgTaKv<2Nh;rs;SldPxP z_aufU4gLX6#21z~>*V{aOyGkYm_4S>-0}l2#XZ3fs3X6J3#KD~4z?rzrYvkzuJvMI zBK&SXXPZh`DQ|Fi$C5W?9<&CMk<596MR*Xa)Px_oFFDY8q0WARIYCLfo4|WsV?6pf z&Exig5916r)-|3>kv5rwV5{sP$Ul8idD_zZ^+PXn9$`w+T)ALr^P2)*#Uo;iLTO2F z=E>AXsiGbJcRvJ-TV(<5Z?ya(t)DR}W>r8V?pHC*Ct9a^+J}Q}$nW8!3ah>U#{Mn; z3;Tbc`k&Z;1Q@u}s#^G9BkvFV7i^;|td~>>#WI#q3rv%y2VXn9|7qx=$$jT>A(9_> z&H=H6RK@Y!mt(CdWauhr^+Y){rzE!Xh@5yp#om$8(PL`a4Dko|*PH1-pUq*VM)>-- zdXqW|Xi*8U%VUJSY1zHWJVkSC=s*-D$9+Yc?*=Qv;FTP?`^{L>nedjg{PA|R%)8jS zGTd(X;qBf9d7~}hB^%*w>k{Gpc#~DnE$R;bEWr3)-f!@dDf((T{N+ho+zZo#uYx)5 zb@0iV`rLQEa39>soGpvZc~Z>wdp{-Hq?iSkU-Q1oKtBfY#QGKcsgYu0s+s3je!9u; zrNEZlfP#=oZ+eWK$0!_`>^F06wQH%e)1(31K-Mr9fsAjKzsx(JcN-B+z6A0=LEm}4Gyb{Im z(1Z&@Jx^-B?ZzIo;p<(ay_C#oK+I4u8(~-t6^aDl&ZOYJ=Y@e*gAeLXR9A|hw$jE^ zg4c@0p)!=sr&n$WNz~B2)mjd|I_{*5PmL<_{yMMHZ>vV-AWw}70$wRz=ZUrJKf!^& zHC;9va1GccLtn-lyb=!B(f3qFzcaMq3tg+5D)Y&=-wk?3E{F{Cb-EYdqiaMgZI)aY z56}pjd|Np@T|!a2tkrG0p!(7 znW!v-o)7O`&$CH%(QW>6Hoj+D3$Irs>ff}>yTfe73WbK}43A&Qvmwommb z7!>m7@EvplsTQ>qQH+Rc6fx|QP%Pji_PbB{-yLdP5t%SvK)r^jy1 zgrjmJhsUt>d>|Qg_-FQB1DhTJ1y5VhS+t$`$cO4rovn1F2mi>HAS9{H0m55fg?WUN2o`>TLH1hzkY2&*&)yN-dH6Oy~)rnqED zu!xZysg>9wMo1li0Ded+bkI-~gFgZMte!&^WeO#SB45Z_6#)S1O)VGd@YM02BbD0z zj8sC1%R{xOg*XOR38%!=qjf4tUnbc58cHP1LhI+K`KGUq+?36n7OPLZa{I<1M?`%x z_N^|jY^|O+*i&vV8|7p15 zTK-|Wz^IbsyR|;+p~hF&)xpbj7p{=AG_9jm&@!Ov zkzHI%W{7Q7{=!vMv_Gnsu{!C{Ym!chO;3phRQYS_dXCpo6#JNnt-iAOUB#PKlc}@B zF}zR30J<82zN$uLC;pY^-=tC7I`lh?#jU?7pm}X~t%<&E?aOB4VDnm1ih6?E+#e$y z_1xi~GCzk#`23|4EjoK8xm8-rU}e-(lc)=(=gvk`P#K)vwiR1qYss@&7!TWkdXMKA!J^S-Z>%<{Y+mLxM2C3$Qv(YpcIug6seN z=oa9O@Zx!G=CJSF&k)&r+(TgOJi~Y34KJzh0AFw6B@*%a8%WjP3`nWgW7;0Gu>^m~$CG2pgW&`23lEtpj{2=KY z`qjDYjI@Tq)=&C#**3l-*B62Ga{iZ_V5c7Ah#*OJb>p?dECYM*serY+gf+U9b0C$Q zMSh!=*+3a?KB7I!d$NdcS#)fPeB@iM1Bf)}F(Wcw5k=CXmL@~n*#r@yK!OsM-fXwk zKEu#_G0fcJ>ckp#+MZ7*H>glc=alKKoQAmkwD~@aB@KIxdl(jx^TOO64`?48ZmVQ3 zk!X1`-&SyJ*9n?t<91;68Pomd#MO@+r0FxUSds#1>5dKZel<&rZ^fmlQYR~*pvDXs zaj@kQ)JF>*_R)Kk<^U6~Zt0}Z&YNPj0poEFi9F^eY^P?-o)rZq#6>rp+&F4LYfzEw4z-~y2 zEBnHP9Z}3jGU{T>gb~||E2L$JdLAzONwhFx3nx@?&c&WVi<6V;gRnmeJyS7_5b3eY z=4~zcqIF%o*QLGObn9!{MkY~&UsJVg0u{_4-c!~MEU{!JN=CX5uLY(Md1qJ!Viq7+ zt3E9FSs;=`lse&CyhZ{48?7h_ogxwRI&tbK&m#Ulzl46zE5OiA6ZbMY3^)eq$Iad7Gjg(}r4|wVa@VK@#y}<8~KK|0gmwbG3XvP!U%97!CrnpQn zp3Poc#V#_0gCLylDJ~E^X0-4vBoe=4^c7-4Uk2g6BaL%oLGoe97T2R>qki+}`R#Yk z=9a-WZSt=P?8Mr&3R5v}D>$D6mNu=N-*u-mPG%%(Bicf>!%q5;!7EA1!u`fBa`@2z z>Xe-98v%@Xy?j1_tRBYPfji4>sSyGqIC!TtP7r~q3W4d$@cxtg6pzslAY|AtO9-{H zXjSmGnQjHUb)5T=# zCWh8>bEI5DuwoAph=aGIGzbavBp3ZDQ00uFpL_Eq*KOB`Ku!{o2tdAr1wc`FApsYv zeIX*i|82Yf#1wSRpxHv~wfS4N2B}*s!sC(HFBi`*_iQTt?D8SH<+({Dq(=09otfsv zOi5yocsVJ!;z2$5#Ysxx+v{mtBLDU?Xr zg*a{kxYq<3%Ws;++2K`a#>X zc(BLtecGWsrdFW>enBBamEwba|1tm-KvkL!6<}wb-uMdf{VV&{LMkrBGPht2;9=>a z_8K3q&@Ho!(_xqqtnOoc4PKHZbZ&ssyIN!J2x(3apXRnvu(@X@qfB@lzjZ2Ku{H5eE))bnX@*s4I&suQ$r?R08^ z!8srbvWRh@N{Vp9#wiwxA0@x1`~-^YSE{cG5*>C$Du6q67xiHTT9COc&Cf)iiutc0 zCZT(L2fNag_yJ~$224q`#3MR>%8C){osqDLi>au*IpWf7+-i`5*bdJr9hccFtWXR2 z2KRdSs>m;EdA>kc6w3^6l%*boujF%f`Mf)&W%W@eNoPGEdBP)`BUB~H@)>TnelWA0 z&kK7r?UAl3Nz+N>nJM=AW!GZGO>Uy)U{jqxCpr_^B^+7%=TS@!9Y{4+(R|pe9PIHx zL4QSi&%@MbaQV3UdkkG)MWSfLV8fXgQ$-3e!ylYhy)+(|ZDvtzrJXEk2})Jg!I)FSuLmV%8atQQwwZf6E-tWM+$~fq#VO)YY&k{VD`PN?>2%c$8KI4nVuj0)v=E|e0|-ciCl)Cr$^TJ;w2098F)L*3C>n^ISXu|2><78XRSmwgz_?k zCz+*|f^(AqR*>GEJ5L`U3+D~jXXzRvz@<-+$onz!OB84Ds~O4BnKVSt7ICxJ_%o zo#s**rfn?&N`#oN1Uj81tPdLxD1pZx876y>Kf91l$G@%ur!!(RZJ4J1Om>T!?4vMZ z;4!L!HRkFG(Nu<}<7&IoYm6Fk5$}X1jw%MVh*~+?=Zb#v9Rxvn9*v$|fQH_B_VM;( zAOemct9@UY=mu#b^MJK-NoWvhGVFZ0T0C&-I(S9^iI>-wNQ~0uCo-~t)wx#GBX*L@$$aN16Zp~A%ay5p(#)>{$?{bv2m<;=uTnK5 z-VF+P#dyf%6N;$UGEyw5&3h7Hjj|4V&r}Zm&ER=5+)^OuiG?P`apg6 zCzX+YiYf*-SLAwf8 z_nZ;&q?XIt_UEb!?aq416HCNO9`?-tOn^w@RFHs8ut<6mKeC@qAElC8@U&eLVB(>R zdi)`rJsxypSgsXg6QJt(0mX6YF=uq1G=2`{(Dh8Du8>kc)ILk0>rI!T>-kD35swwz zuJJ^NF-7w-Mcs>nlh4g@B;Kq(2d`K4ftwwJK|iv@_wmHDqm!Gx@yv*EKV0hRH*ObW zMT6N}Jxdgzy&JBN78Ni*IL!AZ!7r;n@C|rgZwAB!_Xd8`@8^~wOjzgEKI|v>*xuzf zXv}gq*Tp6I{^bA#m;qxEtzasGq7L8>6df{N!fl;VCOcMJ=A-+{>j5q61Gl*eX;SLF z{8HRWe&J#NOIVBGB81O(Obp_No^E+e+f#meV-C3qS__^MDgI+6%)5i6{d9+N)_Frl zbb^xno@`1@zJkv=bt{oa#A~PE@w#n z62~;{%-j1WGeRGgo{HoR=@g)jTCoEpnDyXywOXdY*M)Bz6QWtme6pO5>uZZQa$S~{ z&Y+7Oeuoyjv0V+oV$ijA@M=>jYc2t`Gtj!t{1#nKL24W zma8l87Ncq^2lbJPkkht2%iU=goyrNdGxBlK6Nf7SH|x|XHq_y`J@X6=d89E4wK>et zY-zK1)~Ml$?bq&_aJV%ksk%q_@0nc<(Qx!F?)xd4E|Tc6LFLz*bC<4=$Sy+vW@WGF z_oN}6;Xp}_x6L}zr>&ybS25Hc?lk{q(<@Lm9tMlAtA4SpyF!STP`t9J+t1}XGato7 zLa*5;ttPKJ2Kn%3yoGao9F!4KWv)f+w!N}csS zL4TTp@v!qs)A)wM(^-SwsX81$UINubr{3~9eXb|rF_^rB)4IU-?C^bV!9mHa)?PZb zYecxC=@T$4;j3xezWR?-_iOe$c_xi?TrYRwBy{@(?5Cviw5D93%8K(t6IOIfR66?17sY z(2oWQGqq(yM=a(Xr!wPtB=&TbmL*J6c%f(;#uvM7heIF!TimsC4q`l4eRsw_;Uwr$mNGAGxgDE!XbYn~jRVnq{ zE(}eZJysE>7(qJor*x)DVDhvji`n7e%KEFr=<2Tz=fxH$V(a2TjsW|TOqgPLI+JuQ zw}-b1K}gTldd|ZXp0Cbso%0gy!=`Lvs8zylEYn4gfNB^1$*A6y>=ADmvQ*O9U(lzz@av5;NFWx9b>ZLDRR zo-(X=B@;$mSP)Mvc}fxg^W#V#3+Ja4viWr#5>^Kw_>*xRdqtX9RdT z2suH@@g2abNJM^Yi=SvXm}=?Ky*6kT9!}?SfR>wh^KfL}f@ zH!l+@d!rR=BbQ?sEd(f3?m7%A-_aAwxI%W9{!$PIK~l2}-SG1N;r%S%-9qsBb~NJ{ ztVg^4tr)o?e3R^eZ0v2JmgexBb6uYd`#uV^Wug}yE3qv;}J@F!P9fCECIQFpf z>Ga`;+9}$uP4e4tcQM&bjCl62YkGjH_eg(9I-cJ^PiT!c?>*05|0A~*O(&_bhmayVKF6}&t=XIg+d7lOGG8gbh zWFY+^^P#Y78qYsdXzWngqgEu zcHEJqWX`FlkW00lf|?ucjJVpY1s(|9d=UAN)eJ+EvPG`zNFRkMa+sWg!XYi1_uG+= zi31_y)TPMDTU>P2NcT{a>9CXKF|O4CK(WtW#P$(cvEx=BzMS$t=cfTlB+QM-wHGL{ z8F$FSu+cnPV*{ti?q~V1K3qkqdkwl)oL&6%VBYk&Gp;>F8z-j?ZZz~G|*{y|v zf(wz8Y&+49WMqUXWh4`6B(<}i+GKesfy(Nn%pa;}M|6BROwwbVvrZMU*l`)te4&Q@ zzJgYt{2trxd)q;S-7$^^<>wrSfr72_1QP8_R}2d-p^${hh;erra_Lq9Yy9&tAXfgV zGNr-QLD!$;uP7s#e>;QdKIT!2nMRIk5SA&iNeN+&nH=h|DSD?je80xlo*1 zh`aAASvPT%U^^mbHOHY90p2iZwlfVtS*mB{YJ;x%e|X;1Upz1L-#iZ`SK`Z&OA3+b zaQ%BMWEh6-XdnhWu-SN8##xMofpCi{0Y3x`8=SW|mCndVXv2Dmj7!-`#a=2YSB;M; zavgge%n9k2V(kn-jo6y^UOv2+jZDYLSR>1ex?aZYYwIYcs14b!J4{CeeI30S>k|NSiM8ENhxL)?Zix-$HPx2^q-{b6_@JU3mbh4TCVjCC`LsAEN6$3 zs7)-77Fphf>8HTi4I}^HhI`ILzk1aFu*0}Y%*J~qE+t@xNtT4__LHTeayR!f4~sG# zXL!~|DzKzqa$T%T19O+Bo}u@N2SOSlSG3ryuRNSJkyeiryj%v;(?bzi zQS|PhPEMmQhXm>Sp6192?l$Z{zVe*}xT3eVKEq|>@c`fdtK7@ezgF9t@UL<&gu`Fu zUK(tTN{f>zHi~|R2(RiNPe(ah7}+8}yx8ID*Up_^{*xtgoIgfRht$?9o8YU`{=W;o z)3tx|M0Si6;iodeuKoVE!Z℘ai(!E6BStR@=PeU6iB_A9qzBh!yPDs%_|v>p_#X zLd|zmou|FPalvz&+|`Gp7ce0ZiEm~1KYqLaz~H@p3yCORNN3n}X}gMh&hR)w=BrWV zC*pf%OyeZ1&BXHmn;WA2%?*=C-wI~0C`wB!3QJb!mMi*IlCw=)tYlUu776zVVAcTq zaA5_&4`HqRXP8HYTGIbr;+6QT#Op!0IZDuvF`&-|o*COPb)2Ei$xLpiy1Wa*LT2uH zT5v~Oy4_&MK}zWTH${}c`a==>NEzTUXFoprEK^0sXW*seGUIXIw|qKOB(oIBu?P>Z zE3K#>d9C(@sZhE?p_3bVq84p-5WwB=VTFjhck+m*l!+@*Mfs1UHGK(Pt?@hUxh^zEJCGzd zUzeUPLDN)}X5s6dxMXaN0aRNO$8W!g@ z^orG5E2h@3RO)jo-;BgDK?NM?D9O;j%Wxyeic^p~Fpd)c#!Z#rBgwbKR=O~*+9MrM zDo}fjg_&ExxN@i5V3WL$g8({?7mWxE9eb+;V>;!g&ks2VSyY&W_SRjLHWcqoB(~FI z1lGEUWNAwfj-HUU8nmUU-GP3^R^bdhsP_;R>KnK*ON!gvK&CF$C2-uCq+X`1-mVM) zlPrQof~$^OPA+7o`dWty6fivG^KI;qRpwqKEtmS6?L{y$g%0Uq2h9qfZmd*Cl5}Jp z5alW^`ZD%2Oc{LL7eQ#w3n%Wcs1iGQ+NS;kb)SOm+S~kmlOB*BXv4U)?E#RYe$LET zq7B~%Zb$lvQtDFZJ><^PYADjCce0O6Jd{|nRp^Q|*QzN~T`TJjMt3w0BNYSvp&^_ARBCQ{Bj3qwc^t z+GG%9P<5_OqLMv3;f8ZT`qj^{Ju!x_+rhqFw=F31^Bh}OM@yKan1%p&UxadcaRS{Fs%T8IYF{d)0tHd*#>?W zWx_#0)Yb8kvQ?^$*UF1Ec4V=I&Cy&f?g+E)!oiSRUi>}Csc!KahKqHH=t5uzI{1=& zNK<4e8}N9iJJ`5}e$^#b3EktUCM!$_`yq;>tLWh>n2id9Na}%35y%BaBtP5a~d;iE1EtcoGw)bSW@_ z63>rGCf@!-HbMI$k_?(fj6yzFEDzcJtj~GMlMg?-LIPS@B=;5rheI2emE#Cp)np|K zlzpMolzz`oTf%V_X6E(j+Izb@9S3XPWnuv1DO%G*Dga|$Wcf1p3^FpvWszsY(vn@f z1r|T-rjrO??}ngB!}9`bZM0k+5m}uZ3a~e&R|Nue)*mH*H$gLud3Yl0675XBUJPB5W!-- zdZ00FgHz*<;-KB=3US(nh0CDud|;*4x^-nX3sJTU;C;R?J_@mXpqpf$+-vVOe`DV% zlt{s!xhBSk916V%&2@^BxEvt3Zv%UzvIaHG^&Yjr#IZwuq|#sYTSuC&D%u+KG6K!T z-d$nRAE-YK#lO-$QNsd%xh5(iMf5eZov-k5gUoTle=zB`W!xT! zz&HGb^d_i!5=qF+!glNQ7lsW!jSzqGkkS}W0MvbRC&D`LrGV_9@8fY1Cds4n!9og* zjBJgVk97E?pt2EmnUJ!PIy(`ykg^|C>>{UYWK0-52Vv{_z_sdtH92;q2|_ULuBlSb z(1hzWO(-`ELfR-^MsTp^QQq#p6#vgPtoX|@C$PEorKX=JP9T0Y8a_2r5Kz~cyR}9y zc-ytrjCHUAEKL}uaLxfJZL2Nd#O)N6$jyeKNX-@TeCX>aH{IAFYF?TP>iiZyN%#2t zJ$BAL^1PfOsz|jo^ThfB19KU?!UJ*n>rIFnl;A|@LNs8=;eH*w`YY~Vn--awL+5x+ zXqFALjqVF3@cC0zW_->q+t8fA{gO3&l3(`xM!;jonRtjWgy<%Z=ZF0?5y)z^z5+`l zQ-WmpDMHz#A=sE(jjV&Lvv6K*ghhEZPkuFGC$?#$w&C38`3gr2F>T_~N=witHD*A8>Iy&;|j@Kp`G zt~h8)VlebA{6}5;8%;$^3kAE%OdR-A*V`a~yvl6y32{$d^2_m@Q3`Tf-yL+u6m)ia zAxd;E)kQ{I&dL;DT`Kx5#oB$8JyU}ci0c{+@RAHktBx02%9-b&GMPqtpn9aYd_}JSV|C#~ zu2d)0TzqR)rI0|k{!5@@#rodS@vKR^bHac91{?Tu2LYmXde(3MUAP=nf{KA z_(RP3=K$CYY~eNuo|iz&Y>&0MWyvnuFzC-!eVs`v+5Nc$42vz{gH~ACM5-HcmujMN zDNGqfYm%jhFD#6OdKEwTh<(0>&GfN7F)2^O9ISbq?qw`4P~mBuQf#GJ^zA*~O9yG= z8X3>xS^N)n(X#MQc7c1BOn-*GN@_~66PBSy#h|Hd=&cHMTFiE_%wy~{l(fNDzjCm0 zoHCasCR6IVa_Uf74^W&+#pfAi22cN`IT?Pwoo#0MxaIr=Z##9D-iOSAY&1v=3H-@# z$98YJmbY^^SM2+xX^RKZF@;N?6#8D3uDPm|i<<6#Gm9;DNV4B9{vXHN4!S*CB1 z59tr0=PA;H`<=LQR4PMJr7)6fzJVEh4JgHE9O_!rrg8=tNS^kboaRFfpTNEZez9>6HY$Nt-2_hP7XV$)6pR;j>yCFzAD3K_BWY7-h6N@|C?gK z(f>s;c6s^NOSu2(AGtuR^SP;BQ(&`q9Qo#>E&^;IYc^~#O#chJ7`EQr9p)34=O-#p z*4iI#p@$RM3y;-BfL>2o^1Z-O`si*hRlq=P`2{0pNT|{}Gog$0i@!2m@c>1}2=Xu) zn$Rd9h4JYCzz2cSLmnP6jK^8jgRD%$PBQj?e?shc>faP_Ue`3H3_BZFtp6oG;XeQW z#itGg0c|@+hKzoje)&&E6{zlTQ%V0{^6HJ>Mf|Vtf=RIGr4NaiQv6%OE%Q8)PjmvX z`Ibl(HS;Kg>y7;9=+WeF_Q6aQnT3e6Te@~4#k#3K9M+d$*PM8fq?Qbi7eF7rVE6?I zVp8fZZTVE5vXI52+yq(e)^52mspKvO3Dy=3^#7-aq{0*6A;F~Ad!x>r7Jei<6_xWI z@`N6}Yx%Yb82U~FVA9qA_OT>O1k!#> zF(>{))`(%Eo6N7z0GtO64)w= zwkGmC+r04HlIg?F(X5>vCRm!Ry;ukCgxXc3*GHS45y-~_B+cJB3lR!J z9FUF)=3)_vGFi&cIK-@Ma3?)22AY{D6ayh&6K~)?p6q+sDZqfRU#~v$QI0cW*mhiP zYgo`iMm1WvXOTA1Ndz>7u!F+AqFM=gJ2H zqDgqE!gs=+psta3^PdDf5{#8FzE0xK_#@+$qVg~~+;wh)4~T?BhT#v0P%nf;mW?9g zRH}g2#-{BnFP8)_m-wL6BJ1Z*_%BmTQk{|x%S8&Y(AmFlyWPdLenMe#74K2j1Ds53 zu-{#8#h`zM?##N05aEj%>4S+E2=E^lVrt#h2qq{#5s0hjiX&ipQU61oM7V9_v)vFhQ!}$R8x)_;_y* z`N5Nz>m>p0{ZNh83#>r2xy)W`Lk}~U4D;#DWG*J$9CFflo1ByJuvDd|DrK`2LtwaijtwQBTa6vaEM%JN(&F&iJ6bc`BP1++H)l7x7nE z2c1O4NBOpKK~~b@>`0xK98=ukzolqVLIfN_(==e!-J9R-QL3XEqHg(mZ}NkvVyO0<7TYcywP+bxxmG5aY1uvlu9`_9iRpn{80m#{-^;R zMYT~PT=6~ahgnR;+ME6PT3|Ib$m88NPg44~X*`q6&!k98Sxu|Tug{b`=gtwmx3xxy z+Z+Z7X$y638`mk3QcX^g+UAB&)sHMQ$)}g$6Y6i-Z^Z*GaVg3J<1F{#(%lEwmP>L-S68Q6UE=2#YdXIJy)?E zUo>KgW+R?S^m8&#FE8ufEnH+jv>6u%)0i5>1|lX^ksg9S+B*OCfy<$-whS{&exw_73_FT5c!x1^H`bRRDbvN@L{DOk zwgylmnx+BGJu-*MT^%D&f%}pAZ{94?*Oxk*!xyI%=iz@AZLvikfBn8%ytF{Pg%QW+ zG=C9ydTsYrp25=d zwo4xtdo6&!R3>RpnL`J?aul^*_-Ygzr{-s}mRPhcZ>p75Adq$Qd)5O>nP$Zv%~{sXAzR%+4uCbX!Q%TtH`#|$Ak^a?svlktGcN5>AdKi(gkB8jG@i}8l8Kyb zHU|3BK(;1LehGxKTdHg+PqIZte0*;Ja`L1Jeg!!R%vb}s=FOK&NCxtK${?dblu`EN zdc@7SVV;nF0K=+)b0dv_yD}q!DF>BvP!sl``o4M+A@wirLn9sw>7w>6(g;}KPOv~N zQru&y1072j0Lvryw1z%G1Dj#7 zg3P%?7Ra9wV=I}=$+D<}i%67*m^yUNQVbQ30`@)j;1kP=Bm*z}ig&bmgpB{S8Prg* zD_T6_-n=4-`-DBCg^))9KpR4+V`C7CWI^0yo(Jqlae(6B37WsaO|fP0+YjYN#FiJL zjFQ?e^OI3o3fwi{rQ5gG9AD_fpyjVid4kF*sZshDbz89ERN{+zY*YWUu3WV8>B6#>HIXiqE&x#`X^#YKVv|8V zf95@r3W?j!v>G&NHbOQIxwQC5Uum9G=Xu&1x(s$}M zkt1IT_e`SOXtgqMkJA3Qng+_qVnX}jhu1*BkP~)u@lerakqZRuLQT%8Fu07=3NAW0w= z*XTdX8K{%N1}nR=$le}hKui4c2MH7b#fPaHRJKqmwxNxpmKpQ|rXV{L43$rzTS=%gbwIC!8@8z25F^C; zqEhA(!^ZKr@l2$jLoujL@TMhgWd>`jt!=>Ox!FuR&opE_T#)Hiz0`i@{MulVjcs!0 z$~O9{C=tgN_Aj8n?h!Q2%ME^q4Vn)CF^{x@D;6jv|}x)-Wl^s`6!7Tny-QfHoV#;KoB^m*UxA<>(ueXqARZ;*7 zK;ol6ScV9WO$70I3D^FD_mHLldw3v`jxxe+a-7Y7sRqBMd~kdP5-lS=n>!bh9lfW< zul(6m6z&cX&wVB_`OW_6F1uFm^K={Y`~&VKT7@wF0q+0hF5CLIyX=A;;}cUVGiG@z zqL)tqGZrW)ZTZ9UPzQJ#^@5fCpZNai#Ev}k|86fMN)h-6zJC{i=_SuNi@X{MttI&b z@I_T-=*0fRURLP%PkULqIlx{9!Wq*-0|5Aj7k>bLV7UAL-(6biokLMH26QhV+h*@5!FMHi}EY%DYf#`9m^GE$Ylyk!asjQ@c4 zzyAg8IilqJ2Y$EiSg!cw2SmwaWdKPnTF#D;TUA~Cw^Bg10IG~m7H0#M4^i=oQ{$2u zWF-H6bH<3_UR36gYFpqNTDkQEjEuP!HpM$g*7WXv%K)@{``N0t*t zS)t7YvNcEi&43U&2ZKxm?TJ}f5mV_dy+X_k`r(&@H|xU%6Wzd@=gUE*)2*cP4y{e(AoPxj zf)|-%>{gV9jLfEa#!~<{X;^S1^9j1FtK!=>=R*&d7 zBC>l7Gam$Cvb8nZ9y`O#&HK1}1dE2)CPk68Zools%)@A-$jC$Bz6K0SJK<7zc*KNP zG=gRR8c+T7)bedTV}9}8_@+;$R$Uhd#WzN~rKh^%?A>6JC6bE@m(f)2&cl-W9k|X_ zpQ8thAl`{YgMIjF2I(218{-NI>JQD4m$5zus9O=5K!FsM^1B{^6bTRIaUSKb)(lOZ zaK9p~R^5+_JozoVn|;eU<`-Zj$6ejeAi;OYBv$+g6fQ^=E`FB$Oc-o8d1agW80L9> zWP5Y_qA)}l6HAI1Mf%8=!$l|RUPrLA&bQFoJxTD{%uL3*yKo`{i-aA0us|hZJj`76 z>O_J%-I64?hqVOBv8UcZwT-1hHg5U*2668_y4T~)v5B`2gnKLMN3;+_o4>KqNKmy#NTO1EBi=SQz{@QU#+MyrI z4lvXEP6n){6$zCYS_{CbpsV<|Qvo914d7IOBK^y$5b;ClFQl@o!q{+u)5pL)-F;Y-^ny9jnXrNiHsp5!i^;ybC*v8bitA z-A35|1_}y)0fnfre*gufj`)t4nHFgb7q|sht>3a~bps)-Il@0YyiK(jESSk768e7d z0H%7=NK6fgocX7)RqOT|&nD20v27Q)Xc4P0$8(~3frNj7jmEZTQe$lx+pA9FJHl11 z!$hNCT+N0>*Mxn{E0f+y!%;~ID+H01TnqDlRZWc7bId&{6W*EVgJ1a}J>+%-4}?hxF9ySuwK?gW?M8rT(I8B^K%IA}Jy$^vumq|!n6#_Zib2GzG zv9yYJ+5P37nIj+5ejMWBzYtxnobDYfTbxyI*Em$c=lQUvNDIgQx=qd06+qChGtLUQY| zhQ&=_A`ck(`oVka5gqS$b>4UBT(kH9z6+JySHH$j)c4AW-9^}thYbbawre=+{{2#hB1tm`%vS%ZgY4iF7dZ~JqmzRrKuE9a2IdE>RD{IGvu zk$&(|X^wx>*ehGJ3K60bDf*kN4nI$LR(I9f(#>NcOfXi zTma=8V%G&n2uzeY0ASE4lW%em^1XOW@+;6zaE+cyz7!KxE7HTes%N+(X4yS1BF@fG zxR^1M$H7jgdG=wGcN>F_MLHN2jq)|qoHK{xTN?;F$< z*#w(s9~bAMr<)fR4s zLsbBq>RPq}{w8WZ+uSd#bNSC0hR*$(lX%Z26v!?7{&q-6+YO4kC%FE#coDaDG@KT* zb0f%^)kGI*5No|!dT&VNqVEry&C)YJ6#l9{?R1emC3->aHvcVnNc;PGut+CWjmf>{ z-%W41@x9g>HwjnFg=wZ?4j}tY9F7Gq6Mw$`))f`UI+zVUCFQjPD-Bpx6qPy>|aUO3V z4!(|#x0O?MzjmAYYqiUFgkkhB1}y&y+~6FNY9UVT+v{c&f+{xNhu~U+~D-b)OFGk4ey5cSKbraNHk7b$BI%^b{E?xA4p+&2-)loiVsbnL-6* zy^ds1u)Zf7Kn9h-DWiYyN9~=VDC3oB$hcS?o+J7k6sH`em_k(kvj!S*MIC*OtbJ6; z7Qv3mPi4qWU~7&fPjj~JV=;CU%x>U>D{&5^EwU}9QxYv8tOd=9bT5LqPg_zII@QX< z5RDW^xRNhadxTL;RJ$xFtoaKn*#}W=u^rf$=HH^&w?PwrTgp;4t}p65g6dj=;nmm% zHhV(q>BdQ+4MdTut{5$KR`BIw))5Qr(k--{ul{0-6@rd0A?to8+=_h+&Tcy7qN$~x z6RQmYxagLYE|}OLKyjPj6!{KVVSN`nY9B@OmDO0 zp@L+sg5c7>p!R-8FbtASnvo5XZD|@^T7b+2?7}uTsl^WE_D-_}6+tJ$$)jhPW}Wsb z*PYmY`@W&HK%SmvgPp?_S%cPhWwDtOzF; z)36U9J=X_SFYy`M3T}<@?iQ105Vwy<(zLhVMwD;7H0=g847t7Iq~>5(D%0V?#RcV<}W@rVil~jp3e4O zCbrzDVF%S>nKC^aIWvybA4E93y;+ph6*bphh3ADCPCer$)~`;Y3|QjK7Ao>c$WVvb zcqcA3nV*G^_gTv@AWV>WC)ypFo;mWnwc__rlAEpKm3!naR7*4HWg`A7#Vmvg93o}) zoaVp`HoYMwg`6aFzz21EMo}k~A_&N3ZAdz7I6)QzZ6tFs4T>_C??PO{Vs6+-+?k`k z(Xb^2m>&(151`AimEn4$7YvjUm3jrBJ-N;0{0JHDX3Kkd<5|+B+?U77Y#qvRA0MLl7@5sKqafM_K`aVH1L(*JTi^IId_Vfz|tm)Nb= zAY7VRT9EwrsBv1QgHNTCW45X-Buz6|rvB?yMGKXxuim*d%5&ZIu`P$HT18c5T5Er1 z)>DI2tR>{`a%Iihk+AsV2u=v6jToZjmpnjW1gu4Zo-RN{w>N%I>tdIey1G7?xx=b{ z942}3)GgIQBPAt}?YP!RvnVBn?*~5kW&L*-!55Dm@^4+l9Wz*Tn^<|fdi&%LFO>$mP|e!Db7s-_Oc@{~@}y8Kf3<$gNXMD8EjFjdk4AzJr_S zwGB4Ilgh;r*#0CK1+0;K-cZHJ*4%iMLF+aO;z``Vf^1}uPmqn-L_Q6Mx(!{`l>x zQ#)Q#G@l&wQfCpzT_$>BiWA7gt`XFY54jOtLPkPUTqO|amtbPp&IJF#8Ih>}!WlcM zyg!=!o9ea~{6BXQy$kDEy#f;Q%c5Ozn9uOkUgR=&EX;rB1(opn=91Ijvql4Phe=G# zhE5lyr{pilnk^ae$f$qC1p=<$aUtXREaQLA3pb81GIhW|B;!Xg$(Y;deAf4fJmhtK zkh!fP;&|rO$mSurFELS=NZ%w98(V@!Fn1f%A}nkU{LL&n|0lDU@k`8@8TJx;QS_N? zrVEb4k)W&_!+tNM&IFPM4T0Xnk?i$>WRm)8*?$WR(VpFvZ%0B!aPjoV*Zrc8zwrMV zGx{Hj{T?%pgU5`PeLr6RO;sL&0tz!!AK zv&VvwBSxGBbQ;fVvHI_nW)(2`irql%Pd%-xY+%nV3}adtIXF;5uJ4gQCIT$5;~_|Y zWf$#|L_Wd0VS*t1l|XZ079soP5WYG&-4K#%d4jT8V>0wDh_34W+88wjDeWSZU{S0V zS8!sijJ|>U?s~2?6n&D7?Yt}9H!jTcvWsX>jN%0LK~%~O6#1&c%-x#DibR%;4=<`H zKlKU?MMw&luZ?h2bgnjh8B0HS|7e=Q{n&+ z!cSflk-`GB5hUSA8|gni&bgzBgrQp{OW zEra~&(iKEvJxGro>*Uu9cd81HzEqMW0g&2PfFQcFzT>KgQ#z+~dph*M;h9KkCQAr6j*lhH+713aEfy$A;*XC7)4to$-@M9c7gh?Qn9n5Z|8n7h9kn?v`}NA&P}Iu6>4bg1B79fxA>=HBhKt1ey{I}mo(X1mZMmSXvozcY5wqD$7b#Ix9vzuc$S7ewN+{H)l-6c4@^V!jSZSq5^Klkvfd+St6#3dEq@~V z6*)1F_$bl6AUE;=J{&Q?xoP%uef*-O#kf@fA11+>&Csi)C7<^41`_oo3J-t7o;YTz z(E2$mlzd?}%5v;exK7pR-gE~vjXLr7Q^bqCs03u>0Y50p0+uUZ+BPe-y+S$ye-u{A z`U4V3Ldu}|tWQn^!~R$&%8xk-QSm65#>3X}2NVfDuIChNG~|NR-+F@%C<5hJHRzn< zY27Czzvmc?y2eYM>}_S=Z0nvJ+#5-D5o5QeWl!5dXmRV&v!zTi0(YBuq~} zGkz8tFVv|_J7}pF56_Z5Xh{Un<(^-&3Pxs0XJGK9ARJCOmBilNWl4+my_D1xBRbF; z^U+5`WKlJLz0YyA`6)@i_fXKkHY2s_YS8Ubph(AMu0yn24UY9;P7zRo%Wak<{GBzR zi=s1j58VC2hPYOQ3>w3=e8TeP*XQFO^_;q21tQuG=ZXr`_>JFxeqI8~xHYk!6c+u0 zu10#Sd?oiBD#yr6i8>Nu`X;sIb0634IF}T>7`)*1M0bOl~i0 zGoB`%VTTlV%!U*Tsfp1&apFmD!{Lm)q z6}ztI46E1V(9$?hglJ&56ERKD$c5pUZ$RT~(6tNZZ}cFtBjCGsD@5Fv`TDR9hL7g@f1UR18BQZ6J)Ke`0IQ@ zZ`y;9MT?}GFPX*I;1(&3?apAB3qD~G$SWtqk-75+R^C#zNFp3N;Lxr<$qAd z9n1u$ZHkl6os(M4O31T2BopWu6miCY>&%@_Ip-HI_p7#Fe7mV6oC5D602)u#c7loF zP9;ex%`pV~nEW@ysJ;n?7}bl(%G$1Dif=w^j>fb=;DS+~9rs31R9`U8;UwM|-BFv= z7~ML_rlVA~)Pu6px-hmZ#gh1Hx3Y>Ep;OmM-M^M>+{X3G$K;VNxqBwETPA#qE55vE z=YWE1xp_6Gq760d02ur)Wv)jJd3t52NK-v;-WPbe0Kc0;9l#~Ndq zmpq$v^~t{*OsJC*6~O72234!?x!$WPU7R|z%gVc2%CD_f#U(0U{hAVwbM>lN{=es; z<4Gqn?OM^ZD#vAI-zy!8ihL_rgZ|4AM78cjR6Q>kPHEieKzah`Wc=&1Jq^s##om`uN4-9;P2|cI}_O z@&%$>fu~=L!CL;UrE*MT1r$n%jjgu+-P;}Yncqhbx&MCj==bYlZ~KdJL;^3#g3+nF z#$$0^bq989NHxC<>+nL@aN=VYpRdEX@&5}%JxfdSnZ#bV}?5T%30S6Q0RL))<}7b7j_V;0^2E9TgQ`Ui6?VWEBb-!aEYR3Tu|X1I{-V=6sG z&|ZwigywLu>YzDu7BH4#`{$6hD2x-DW1MU~lkjV#0{KAA8dHThxU9UCCCDvJpr-EK z{qzk7|FO?)<-Z+15d);wR47~j$0g$GZ(?P%6N^V#xJaAhX%uS5)a~K!(>EE3x z-#^Y&*dJ#~PIfLTPdCa7?QdtQRrhaailx?Sl9+VAK)$tnM=1%{AB9Ix)Cz*c3Wgy1 z?cIJa{9NW~E&I1kni{ORiNe%f(IZHjB`9{9;5TZX0-cg>n5^!fNic|)H{eyr(iFquRht* zTTL<((U74}-J~z9 zW(E%~Dj3!P&4@Nz+_2oPOWaRIECvGc&77yIhF?RU>Tep5J4EdYV`R0L&R3_*!r2o9 zz{ySWZbYikjX)Q3Zg?VT#dsud9gZb!6?S%Ub5{92Ptr;!7j|GtJUKh>v;rLWQxv4SXhYZM ztbsT0;^8-)YM?3O3z4 z9fdQmX%==eeUNxkD+FoseO^;re$#%~8d^sQk*MA8_epVNo>~%iLz(a{23mMX%kO4L ztrN!iU^3$ZqpK?}gciP!5yw!NdYUD<6Ia#eu!V-~!+Um6E;SbjAtx4Gmg#kxtx;e! zog|keWyH^pTydt(qI(MBVK1UU@X!aU7-kk@e`6N>bBKP@#c_$hPe@A~IaWMY2-HzIK6=h&D3bmMIBu0rNOYQ6?w92Ke z>Q7qF6)3qa=BzZZ#Ier>JL8Dm9$^B@x(^>!K8&$2Vd&q?_@&Ow_b^YlCZoVvXRfulZa2g6Nz)|{!h{hF(;Gv%Nt!n5kDNUkZ=E z$(Shtio0Z9?;B#+sO0qKDc-3~;L}=2+t+7?uEr~TSe-Z;frAO<_t7_xy3x*r5*7r< z4e*_D;|^&$!+&lHk8Jr_h~?->M_o$WHzi-SO8q z$GGxSURhd`vFZ+_ie(t{650vS@#Qya!h&0my&=9TB;&5LoVh1toanCgbgVJlz6_iEdoS zuT(8gtydUJV>J^XS}37pQ?fe}8<0U38*k8@_o2eL+3{ymBvX&jro1E@0@p`$=l8cL z@+z4wytKw@*l3KxcjBr-9R^bm8p`aV>Emg{82ate9@{D=cMxnveU=${l!V;>OHbE;L^dD0e=? zELSJFRy47K#$@-E-**Q7n!(ZOTH^_729kvM&l*x5WOLIK6in`v{uN zI34?A;|%X`G#bGc$#eMu3sV02F*=az;QnXPWZe2D*Xf;?kD)8=_-%xPrCYb`+u3PI!G#hOC%+ktp7{8qHLWPdTMQTq%x zN<5v@@J_8Fc2b{L7MbGFBoK?+_)}2sTi;jYhgLZ&R$5ZK1M1G#Rj`f@%}IcuNE`$D_h?1(?YEAu(f3$|L6Z#ir_!{(e<%2z$u5f-u$snyqY zN2ZL$zxRF85z*04#w;NWZ-A$Pk069>S%0Kj9T+Wsc{|-B6Y*Bh<+Ez5VAbw-d#h1S zXLwoF`ftA{#I6UjpuzS-=@%~BV_7|;V=eCKc@pgrV$f zPm?%G{B#1I9^TC-P_kQ=dOftLXBL2$Ir5j@u|E0_+wb<@sQIfB=;3h3(*;)}hvc&y z92@z;T#=0j(DORYM<;7Dw0>`iGMjPWN_rW7y>l14U7r0tgo~1%^{V*r;?~6uTx4!t1%i9*?APo|RMV}5xlYM!l3WNJ3yA?{hkTRXm( z!@4nMv%Ndy+@3m}^&;@j?TTdc+Hj*8gno0Rj)X$tr>k*6hm@n1fd+YC0MWsK1v5eK z&g`cv^dpT>P+tAzuCF*{>E`ZdJbAh6Y17);&A9T1yz}LDXSiIb>>t+r^pWarGti)m9g28XVl`kcoD|f=A50 zs95(Ng|sN1DZY`ms0-N#w+e!xx~K=Y)dISxCb$G0MBqp~59!HgTrzQ-yCGB+8W6&< zd~84*MfEca`rgb)I3}RMEQJV~hcka=Xw3fubelHqM4^5(1|)OQ4Xz&^Br{H8_?uKK z!_~a~RVfG<5E+HLK=rw)D`vmBAMvan{c1vIA zqsPnZi8g{((m#*3=(ppR;E{7s+nuv0T`PUZp#7q9nKu5bZln&yXDsVI-}MytDQdA# zKZB=*YyY@c|EKf<-S#~jf%JZW?>+B~!Eo3u{fzRY20lb9JFw2;jwhsr2!z*Z@Ujoy zpS2}`gTw~o*AFp)3&D*7p~Eb}{FdEg18zdh>Wd=Wfew_N?ydNe(8=DDLz>#{j7^AT z7OQVYWXdEL2RHz?;$$hckJA3E#fKZMy6>*^FxMdIL`l&b zxc>QhC6^fiuf3r+F4ah6(5#O|#DB74qTf~cL)DOjl5Ns>Qt{J|rw#9y2Z4+AQCTIE zOK4!3i>lxbbl_{{Oly05h*OyUpwg5GpN|Xh2#43HkgShQt#m(YTw7>5K(lfM*5`9E zZ`HtLu1l~7VTu9J+WU&`-nGknZ>Fv*D`UK6q(Z@(vJb^@p3q>P?w~bEIsmPeAI`bs z9G4SLCz5pu*}1~<*mObV6RDjT2;(Zz?IPWhPlW;^?q@Q@*++Mw{Phgz1>ZMkYjrMhW@4+(NP^tqt#IB*j6?D@w zq_MV>b#yWdXJuXr8Bf@CddTP}On*yQhmr?9ni*KjYojhn4jna#I@+YVV}r&}z><8vj(D z_UIJ}D0jEyPM36&lT~9VY6*&&xouD!pvQN&*WAkYGWF!;(E+2wopu|Ghp@X|yb5Z< zYcyj6+tVgumDd7UIhA0_`26Dq)NSBrA70TvpE@8iVtxsTi1hlvc{S&+<$9mjXy!oFwVk!hQSSpCjF@ea z`lD$_QMdbfTbo&yZ)Q}vEsg9`@hwm&KFRzNZZaU^EndrbVD_SAo2|Pp?WV#~zbLkv6aNlTzsN1QZhNHyfwso83eY(bF zQHQ*LBs;mhA&bkv>HVR;{Ea&13PIBiSI`d8I|$~OoJMYaRD@VT=w3KltQb*J9#)` z5N--_m7V~BMSTBysik}#D*k7Lr6QdMhWtJJXGVot$(VW4j5-!3;=ZD&#-CjW#wbhk zu`>DQAC5S0`2-$xRb4Iaqa@mZ%v4W7*1V)cZj)!rW_9mC67SXEeNi$l$7OC%nH5uw z)1D0my|~iG2OV}mFpfuZ!3BX60&(s3DV$J`OR&ecYxTqawY63plu%Su+ihX-!8+h& zIO}HaPqx~OPJU_3_``U21-ErCb6ecdUrxq@Q9U9`3+j$tI^~2RB})sgGxkVWezU6G z8J{Xsc@{mq;u+beu}~R3?zb1+Uz--Z_w?GjwHxMqfr(Wh)Aa)+)p^iZ&OF}66Mz^s z8%=s2p4HnS)I(JogQ~PIO$kDYTKfnBhc;pJNv|I0l!9j_W8m@eUb>u`5-CB2i%XL$)x`R*5W>MXBb zWfykQSk!7c(fNHg{1C&NX{kNmQYB2pYt1rZjkWkV1Hz6@L3Ky@eqW_k)qz6HIfNo- zj$C)XofKVT1e7X~2iDqDS)4lach%vT;yn!v4ejrZS(tNQW0`vAWA)Xk#YCwEp8z?& znbW=%?`mn6G^ruRYkh1DDmyjCK9@a9^$Ej#b7!R2{r1Q!TdfL%OohiOjYnyG=7nwV zg@>HO0~B9-UvZ`}GI7*s^wYHnQ^&0Yw(DrS8$mB|UR@~*(jY6;X;pD_!8`ev`a7f3 zle~7_pQ%bQlj33=^H(}_*dIThj?SNcYHIuFwkKaeUQil*k^f=Ul@4DmcI5Q^<&Ub=z?s2kP5!vnG-r52Yk$7-2m(%$YvJudAR)Mn%)qO7b$GG9hoR#r+@1+ zijzX!GG=OQ@JyVyN>C}}Es~v^j((Qvm>@DI-qXr5JF@gm^x2$hVaQ8Fo_~_XIX;{7 zl-Ed*<(B={L-nHC#5BB6-s1BmH2Vu9!8i_9*^GN|==gpl_u}vm+V{HzUct7!u)>@u z>NlvNqvd@vrKPzP(>8KN)ct-D2y=s)i?iNk24VtxDxcph(bu3~uDEylGKdB=IEM=J zTMTBW6>}Eqz16I%)8sRs6ZVrTMt?@DP)!^&1&A-%Ldfwbbm1>+%ImGI(P>5Lc>by1q5=4`F&sT={WoVJc(9;i!@7LDL~!=Cq+8 z9j>!fJo)W{kIhrRpKCs=s-F#fLnolV24Rj7G zSB#?z&!kRuvQDs~zl+4%X_6^AN+?=}&)nt?M$B9YLF?OGo7ONSW>!|8CEYZ7*DQ6q zyIy}b5}7(KuPv0h_`%qOUcAdqx?Z{9eC}rQDOq+bT6xrFefC5OxeeUSq*wL#Qn$HI zznVB4A2#d)-8_D9VT0*hHQx(c@a^U!SmL$q%yBOJQ%<+Ua%ke9Q_*R_FvYQrv<;LA z)m#0*cH0D>XV8Mz{9R)-g`zwEwc3r+HzRubSh5mnakC7!cN&uQMm*ffe2YHq8t@dP z@J47G5INSASHQcb(x(916(Oa1<2ttibpNv>VZG9_W6LN{OJ?PfHrt}R-NNG^NETCG zmpeq3k zj#Vu~4uM$hi5BrZA-ssHONg~;?*WB@qE6?(rD-SBBxmgcdi$HLXH9ldroBVfY1%bzk!u1X%7e5XM zZ)@Tq&ns_r};1gZoSm zw|4Et&JYEk*1Vs^V{~S48yjgEki-jF(pVhL!y2Xf>sdha7iTer!yr3qD^S<` zam8boN@C$ENcqIz(1o8KUY+&&;qjZmsiU4;kn9h+R}9&DTwkh>7A!&iglU%1`V@iT z-k)4QFGVrV$flL@J>G@OX|rbTdYYPg)$vhBajhAM%EzBOJ_J52-37wIk`{^MOw{q+ zyFHHirTCVJNOiIK#ED7tEWA{3f2SQPNx;v^pv~E);DBR(t%0OxcHH6?TsqCrNVxlO zWu?Hy!NmNoAXQc|SQ-#D88%k}D~?pc()rCnt+L28R1M`kMj7hKiIZ?dAYI>o05Cc4 zEx4YXrk}WK!kdh0)O0V)cmeFOmPPC-rawbmd&F7<~EgehTiMX%27 zE={pl%Fl6$loNOYL{~w`0ff?OvLv^Nvu)Q0ptM2XnlG22=L=R!(CV7b2tZ9qwHP!F z|7M<~M@JuyM-L--THl+>S!m_m&ZaIRQYHWG5FTh0!N5}T8sl;!@9c-N#am7}hAz$p zt9?DTk3o+Skj0xT`fL)5VPX%TkiZusCzZ(#aW14=eKfoPK{)Nj*g#0YF#2w2!G*o@ zh$ss{CF&R4Hj4>{u$k{w$DNY%00M_)KANToh0!TBzwePJ24?in2dUHWZ+YO#fG?AM z^9IuO{Ng9#({=3A&$6$~0_6U(L4rt5?D{{rs(@2j{BiR7t9?!5s|tJ&Gr+?rL$mTM z`>(pMeKRG*C-&a%p7HFxg#O=?F9nJR$j4o&ALgnP=x|6(PRcKOh7J{3Q6DyLc08^~ zG9E)GwLX1%gte_!rtb6RvtM<@XcI|0`!-$_^<8>YvF`+KukV^$n*_$K4DxP=BY^M5 zE<3jGH28R&e;CD_^uh*JmYhKQC`#QY#PdJ{stA=QLk{%^ybL2)Aj^Ze7jSizsg8I~ zlP$^$ynJiT)bg&ll*xZk*@gck7vq!Dj4x7eE|2K}Jq#R)(oKaLTrs(2&+fvl$qOq3 z=JWQO<>ghvlivK1Fi#zuBC)w|-e0YBO|j!Z$Sm1@0F@z>FN>fXSPNj+{IbRf_}NAj z@^TK_8BcWPA<%@2#(&lT-Zb&qLu_b4u%g`D8J-+{G{l{?=d(J)J@7WiR!1)%cdss~ z|3(k5M~gUP(*>DVtCI92NvE&G%F_=bw6A%p8?p zPLoll{7yUN4w&yux;ya{%*%q34B-4DCWaHbC~hj_!yFpR*~5AyXc7~D?R-Mj+q>;PV)po%6vB3EG~_b7Rjj|18m!w`jie z$;j+Q@DrKK*?z`jZz1{quQ?qP_AV6Qk(5}N@>iN;wz6i16yUa=_e2Xkw*VsD0Z6wi zr4h7rY=b&?1Hjs4n*zOyCZ0l2x_J=@*o+@)DSVmY$58>;*Dp`e>|{`AFC~nmm!Ov& zUEGMS4RH%Bqg#zgHg+5~tYY?{PoTZ`t(ESEwvAwT`-K1ombbs~NF?}^cuI0Nu|#Of zJKQO^d@FYCb=$(q_}!MGi)N_}F&Ozul(}7MJaUIsTFlJu9x1Y0L1uFwQD;C>Mpk8k#( z{bTrb8`-9z>^6<=91iIAC&1@YFXfqWqyw}M8(LWlA~HS$wY_$@yfh^xhFX9cPV}b` zi8QR}E1}Dqhqd2EoU~z38wnYUx4H=y97&obZfR1^8IW;0crXhv`t}%oo-r8{QY@{M zsn{~s;h1*8qBt3rT;$N3s_dO9vjQ5_)UI3$2z+ube7$#F0$I6rb$tc3$6qmzgV-Sz z1Z;1X)}Be75bg`sARHa4(s02Av&51^B~`O7ZwLyhVcP~Fql^`K>d($w+Q zxfA?W`+489@5%+vsS(AXbMNx3fk9$Hj|jT)2>d8KE<6Rf!p5wE&gsKJSNbnqR$>Wy zPTu#Wun!q=)(K4NuDHueS|I~O9j=d;0<~sBl&|A`przCM`MY&`T0NxKF16k+Y(#;+ zKqDVR23@Jcu4@PUAQmcJsvWW@2-7#dxjdy~PjQK-;+Fz$v>@_+faU#g0JrM4wk(iJ zBGq+_u#5gIZ@KOBoyw}qgg0;#zj+MQ5I+?L3QXJnHt+mAUI%(^^E!Ui6D#2Y6?18y zK6Yh+k`iH_*PXUnz5^;B*LAN!^t7@EAa*4FwXqtgy;M+U$C@WlP0?~pAnlX-mDw~U z^T6Z!vc@_1>st2oQXeBZBliI3_xEnBkL&YK*|Uj>{={R~HK}`ff_yC&pIR+2UsKxW zl*&Iu&o)81{0i8MqvDQyPXlDb?d+x#=Y=(*GDiODTkx{dBBa9G>TA&FmuojQ@i~Ur z?bj6n&ldTE>^=u*R#G_U6VM&Mx${ee{xT$$F$gNpdRMd`{{RBlUEgb}PzLw`xPbsc zi_-v8ESf)&#cj6|j`_wMP2y2zoF0OcIdOk!`q4*FNGK?~bR3lV>#?hYO?@ArAt`C& znz65(u@~y}KrMZKo&AFUVTAW?SFd6GuBE1u_xXIG%T$QL9fHHxOrxAV)OL8bm$J{e zYxRR6apktVWzq%O&{2A*fAK2!Pd+3<9_QYVJzfJ6?{6UII%XNsyAsD>|)|q*cM#$n}T*ul$ zG~Q%X1zI>^7ho4x1%pzbU#grgB9$C~_pY9_&*MOTUhVAPe^le38_BL0a$gS#cHz$` zi-j4hFtB-q9!Cl|axBzEuqP@T`5t7pq`Nu;5;RUItPX=+Bx?4gB^{Q<-0y3yV(_D?Xs(u^+rWE8{f7M zB#HU;aHU^Vl0xo?M}q-?(mYT{&z-M;Ea-j`XeA3e@7k%hWgbVBe%e=@5LdoQ5m)cf zNy|X>ve^JHnc8K8GJww4VIZEOG>a2zsdLQt?6!)WvaFXSTNrLLjI4-==VdP&t#LI zXTDY$^cV6h4et37^{W<#3W}IGW75!i*CK+qBrcdD9`AP8Ol}cjua{!DqO4upEb{uf z7_Zz;1S>ln{BkfZykmyFW_G=pZ!&r~SYP+04d{BX-Hc6XRIA-cZc;YpJ@L4gx@}G7 z%MgAw9hmg|$msBK$fCLH^~=f+R&_BHFAFa^RQ*hyq_OMSzQheDrpsHxEvI$TD6Fd- zCZy}iEROUx-1N4=@XWf_&eUxWpTUZY*pV!^t5DOpB9@_wI+dkW`TebFK~zkMxo7tGm0Ny8`1!`A*!R`k(9G$2%a#yNn$`tf zJFNSU>)lUnOF*UsP*GRYwB9nHynvktbpG>+hifF+`K!_O4u$TEvtH(;Tg1Vb-Bl)x zF}}Cjf?d)36fHZPIa~8KMzas|j?YeZ2~3T@a6lD{jMV`^)TigeXT7R*y=PE)!OrL5 zu^o1S46U4&7uJ5i>;cqIJ^Sc71Z?DwvF9;+mKkaUy6<}tUIP#vG+XTKr-kIL<}vRm zCu1voYp{!^87wF^#^sk{>g5~bLVUCbxck{Q-j^ZHXY&~po9{x zG9GkxGyRwiyByf?IxZ!J66jj+{gEl%0;r_j?}X+WKogD$PT z(P#QZ7`3fC=7L_15PQ!F!o=t8NbV>TiT@o>{{ zQzWuSH3VZ+OU?-~Ci1cvn{3{ESv^&|ItyPaNnpFCj^wq963*5d#B*?ZUUdtgr-i;+ z-(t%F&gp*Rb)PK?rX|%KGU(Zh$5Q(>UTWO$GG5Sd;(lu~_HrJL0|@a1dxesa`1$YkP85d4}c?X~waQu!GQxTUn3SbojF8!{v_N{>~6Ou8>R zK^gm9rWU?b8bhDMuj;!^Rq_U%KW}yrU6)UQC>2EC>!6c#Un+b^>9+Qe2{O7ZQ88JG zjqTFNR15pG{@mBVxY+O=Ukwg5JR#dN){(AwX4jIEWdyd>s5jPY`gQ zvn60&>3?6oIMVURGp0fv}q#oj@FNhn63RQ%~khs#>=|WHsIv!%w!u- zzAHdaJNnS|JpJ&25+bYzv(UK}l@ThehXD(2?6w*|@5#_|h1c(Jf&}`&GSm^-+T(PW zlzxK)!6@Eev4j+e@FSHy7bM4vKTZzu`}ccRc-yty(ExPgpfnpN_`xo~{05@3eeOrt zlTa})Czn5NS11_`P2ODn)n3Q)tcCYD=jvD&9m`e(#vGNHWShUF+vujHd5<=ZDB7JM1k+*{r`uqZwjuY3)fC2HYdi!wr$%sC$??d z#>5kQf*sq*#I`Z9_Wtvo`Y+DSx$KLs>RQ#^Yd!BH!no&|S~zL`%5ceYXI^?)q$_zK z7EMzX6E@sozitX-DbZ;JX&isi{Wx>=4*^<|k?s#83~=GUpTye#;VRF1z%fWu1@B+r zGZh#r{ltPcJ7f|%IQ`h4+T|p@3f9=IQY7j0<8{-gleRfdpPF8m6D>#6$Xd&HTa+Uf zt)KFs+;Cu#sszZlM;_?t)%M@Z1ogBtf~zb`q-lBNPYe@=zO{#8Yl6{N2K_dc(9-R= z)86ATKHtna4;+v!eNkfJPnWCA{R2LI16sVfvbY31KQF%l($l)Z?762mmkx_@LvZPC zgJHuI@-k>}q2qYV!O-6sF&eN~jz-dE=#1^Zk-Pu+JHez49jN2%g6}@huI>PL%Ts!^ z9Hwn*tRYpF)I3K1p0e)vilk3`{%W3?twHPewq)oEhti%_0BSo4b1qdj>MUCT*;0{# zHi&;e0_bRXo`w9E**t|0ES6>VRX;voU!e%+XJ=_}R_SNRHX}>8IgIzCs>|p`LQ$qnuwP71Y36uJI^4-rR?U-g&t$fq8yo<7M9W53Jl@swMXGGLo_tHo2~_=WWXp(t z5RN^pebcxNf9Bu?UWuSq7GFLJc}-5`1w74HEWv570MI=xAD#_>9zl?nN`^DAkay3v zk(}KbTof3AXtCPg{0A~7bT5~d@;g#68lf{z_%7=yYLNcx0|Hmf{aRd%8r2?auMBaH zre!4klxN3WP*f@=YT$uGqay(UIF8mzDg?dXPt`(MbO$j#I@s1X8~Vu?mqV1zFzl@N zQhztn=;7=$$`+rbgXQXSObw$#t3-ycgU!ZR33)3W+^r3f{O`cmdJ+oXNHOK#Ew4bJ}D{#Ew8ltS4C=lH|&mLN4+t~cP!pndZhx? zh@x8lQJPUDjc^)@HdH7>^7_WVT&qqzlWyLVYKrQiLlg?_b?-&McRlEVbD5 zE6QinsNL*X2t@cFFs~#Xe_iUU)_Wv--rz5Tx2PD zEJ_P`JU8J!#sMbQQZsNsd6U^`q#236)cd*4Z-QLiN0lpBLCR8Nu`p` zigrfMVADcv7zP`n@y_;K*V-I2RCCl|yY2DNNq?cjnJ91!Mg!5}Cdm15adhdbN{d~O zlDfWkS9dA=yB5TY^B`rc5;&ic+J*Js@WqE;YJvGc&4WqcCY_IHxU7bQgt{`FsLyL! za7UFX#letL4<&NzYGE6l8Rb=O%e6yRizxTk#ma7+7$9Q&?!RbPo}*@ z2}KKOxty4brulay=&v<=cxWoQ@I&eAkPLMhBTB0?Uh?1~ZvSD_nG#-{65gCCY)^~D zb^M{{eer@ZgH=mV(0mVf%7yfYU4rhnpE6mv}kX0t2&lRQ@H^-T*a(D{36L3#Y%l-r8MRr;cPc^I@mI7MH_wo_ z`Wv=Anr6uu9ZxMn(1&4wUnF3yNab$re)f`%jcA{^6R5OjHtWX7^vRA=MhYfpc5Axv zn9sadF?7@ULIYZMJ1>s0{4Z;It^B%o>hrAm_GGJfB6i$T)a!<-9ZZeFu~j;RnZS zx8-H95}jx4GA0x2ODf9q5(X+e8%atd6*j@9HH>AUS`*`*-dsnT_CTIyNWr<2H|{`3 z-%A-2<+?7D_6JWZ8z**jb~sVWkLSz4!Lt%HAC4HwuI=C#JJ9tQp%jXO zG{TEv9O`%3u13b5>|&o8hIi0xQ;wWkNA+P5vo@=+zO4RTHdWwCx7^^xcwU`6?e4r7 z!MPIinjV*CDyQbZ>*_9}eo>ribmz_7Xs~lwDE~BLd`F%DoogjJZSuz5n;u7;@$EPf znrs-1(J}S#L3M!p{NB7QQx>&+6hd2&aqz2A@YDjBJR~w|Xt}MH1AifyAp+d54`(5k zex3J@Wk;D}54B%E*Dr00=N;$DU}{H_F->g#u6sIn9w?=%{rj$5LVKO z>?a)!%4_I}l}w~=LRWS6j_rm-Lg`mU{TbM=KRar}Ts~_oqQCdyICe)QKT6Bl19#8h zmtnI~>U*m(+oy$HTP+CULK>OfqRvxD76mcm52~*mLeaedwy%K!x?e~y0o0Mxl=Q*n zD1*ryzX-;d-7ZToiaWMw_s*1`t*?)y=W%$fFgEmv;%K)r_;YWkREVbh{LvUUQr>Lo zGSShWFFfxnY1N1477_AdczS|`r-w;xakl3(cMfFzHJUv^G*Ky$?(HQgiUFdqJ_I@j zI@W^pWPZwm!h@Z-Tcq+;PIr;Ve4%2GxIsUPR-Wj4BZi;&zFN|c61cGp2Wj7f>zf{( zmE8z-HT|yiN%5Gw|07LxSvweT;b2ESbi{C{BS4TYv?Z6gtR#D152fB!&)>#>F-I@L zXsP$4e0p=j_;>~ybF~ZPJR<$HI1b$2*!XH35BvhRx(f5Bpv5K#<5Ypi&_5YX&0{>k zQ%M$H`gxZ%da#-A(u9pI0e3rZm~!j)oQtC)sNSuIQ7?(cS+4BATH}zSH`t?0Z4v2B zFX`{HvI>Woq`d5-Owr8W*Y7CvPyhH5Lf&k6aV!e)JsNg5ynG_rEDl<8;_=L^;yT{# zWcIo69po)6;Lru5+U;>V!0|5Gx za`?OvbZ4a_JSOWqav#9$%4*uW{6NSb$DQ~h( z7KXMk{9%7QzVuxtAFAfIwcz6>x9NO3?U})%`qJLnTs6# zMz+@oXbCTHl799F+1i0D?$aBmK4w1+DS;>3z?m=H8PkLaLJ^_=#osZY|2wONUPb&R z33jq)-FLjvC<028=(p&7X_+|2S^aQhVJG_nXxijGwk!nr{M^3yZzn&$#~qlMo|b+A zia`{a2^)*r$-NP~@l0g=s8SNLla7~4-hxIF_=)tPPBBuZWVhOydCL1fUx zUHz7d>`el}sQk#GKdzN6Hts`ED$r*dtIHw$T(2Y%fyBl$AB{-6f*p4p_Ygax!k0U1 ztMRbPA<4@JSm3xbMcIRrZHZXnT#SCL_|20)hO+Py5|dZ`UR?2vFidHS48BOw#36`p z&|IH`*i5IhV&~X{S+TGp<_tI_sJQLYS;2xT;QWPSR1F^c8z&BxL|`^v7;YoyaGBJV zg$KK#pnl}h$O-cYz2_Oc}D&ob}4S3gE;qNQD_sRZK&fqF487WGoNve4+@9tme6hm7oC*`I9x4e%fnW&U~L4 z$cWJ=^w;?6H}q33jgtdhyq}VstBE4qZljn~2&lrpPW9?hl`AML$}q4s?a(P5O#}Ij zeY?6s4ZPfNop}aj`Je`Pfy2)ZMq*vWCaN9AdNX&dWKtZRAP&us7}bEU!Redt&-cQu z?Q34ppzK8T17O`=@;I44TCt-^tM`NQj!Ik&RKe&l;NnZLxWS#-3Px*I4yDum#WcMH+L?er(QKe;+iNXpBPX709YkyEl1O*8lR z7H2k8yfNnHluT!vpNY|_wrDXRjL*B(Yv%O2VA%CL-rptv?t=A)=An|D%=onV!q`aC z0w1X%_UPBeojsP4&3QStFqdB2)HmYmukM2}xAH~8RD?g3VTOq7#FO^ZpGn(%?RuBF z_#1R?k|}H=Cv7bvEBxyMAoM>2Ul=m4;hk^%I52MZv9eTn__JVV+CY!nJ|Aj-ai~fU5b^L2r#X z3V=h87=gUh!1uoouy7KL9yYeI9Tq>YeL=AqXR;PwtXFR6ZUCDh_poyUA zW6|+E1iINrIxm%}L@R4s^!J5bQ=iYQ!7O}kZHc}qJ)oa~0syy zZ)H$NbQPfC`+9p=_QR&UL>ydHoZu1v|2Qav2axtG=reQwHPf-Y`4n$?VAR_ar2h_R z-v-st4BrQSU(a;foEG|zu?oxrem;KGmn@Zlm}wU~sfCzaFaKk){v)yCk3q0I^q)XL z4+_)b9cbmQP*Y8H0-|G?QmCEpJ^yNXHCnQm?`U8~?5X)c0fzz21rUV5C#MOIL09HZ zxEoKXwk8g^JRvi8TV1ZJoJ=^E06rI^Ut1F%Wb})E(C)rxu(wB>x_LL2 z*p7DgDi|9WnF@P!goA)w9b(Y)m``z`#J_?J)Qsl?pP2MMJZC&<9;?&2SiN@O{b7zA z{9ul?YS@CfT;SiCLwgqJY)U_OMAkZek6?-y&Eqw$zQi&PKA@YrgTT6Sy9TvYsD|6I z=Ga+=cc-ftJ8oA2moGb2TVwqkjcmtTQ3*KNA=@fN!Km`}sM(q56$2J;C2prP^+DPb zfd>lMZ9ZMfL$N#mF}};lCe+yuCm*8wH~QNuijtvn#WDWX<$TSP*R@yN-%2pT1W*{- zwU@+FR(6*WDm4&YrE(yb2fh5g8(c|vCSsE0_I;cJor4Yb>Ek82- zM!f^-5pm?|0eL?8Uc8{t(KLWk7vGihh#B^>2De_eEo?uY+EY8;fYa+?uUq5iZq1X+61g!h)$x4mV@!r{_^pDP=~M zRN-nXeOBShd&OEm>m(}?-?D|8%7HeU%;@`*D~*1p6rpP{#rSP&BWl48KI{N%#udx& z7HR|$No#M5!jDs#Fa1@*Kj~IqBIjv)exzq`oYtz^m^>UyE3VhtzBt{jf9#-ORl<6P52D1irX#OAlkhH^IUIHz z{kO_DcTU2M#!!Ja-4iQh#4Ml8xb&shMcShIfxwwY)y#Ss6aA^8kvR3!UkSVwiKz}Y zZl5fI4x!D1q03z6P~&0Q-+Z6nUWV`X*6v})LrP$6mUuhW_y8yZ3rMldjX+D|5$iB#S4Z@LAk$}k%a#p5+1y#q}d$i zdir3w%`$GsnT9onk|w`X7KB=DAuh)leV(V35OHt7J$_tzOO1>p@q7cGuVFp(wbYxe zZEGc+;_cQ>SuVT(_xJuzaZ2?|UN5a6sLj`bBDuPwld$;_>R>ByentAky{@Hat! z{UE{!nfo}3+Q7==V9Ph(6OR2Zhs?RecfxB-W4C^Mm&Y1Rjq2&zgI7U}?w6qwPdEl`Wb7O@2?^g22v9w&Y30jnK~;J`8JkB%+@bwoBCGGO+@D z3e2t=OzF&AzAfuOsyRuhQ@YQ?ve;9kODZr5I~sxa{OA;ij}bPxVh#;;Mzk`30+RRg zP&E*RkAOqNP5Rwy75H&HeTFL{wn3NGSSt1e(H*i@(B}i5Q-Rm#>x{s-OO9es zluv?QSR~*Rjg>Jk5t*32o3v`HzSyoCdC(ZUh(vegAy-Pue4C(c$?2yy6(U#GL4_oQ zVEKTWix`@S2@U~_XkP23P=r`3;fCF9uSd4icRaP>Z>-SvCWS#waN8^#YIsRtqs)L% zbl=3$!;uL+B{e!WLwhF+QdAZQ5IJ>w+5VG6?du?Z>a1V5Z%OJP@uDUR&&*W1N;pua z+Qibb!DHOvOU_TuK8R2H5vF%sjsp^1R{ob$yPQ~;m+(W!-OnjTZ*-k?<#maH65wy% zRFCFIcJ0a%c@rQgU`}jzeQD?yk%-Sq)%@g;uKO2e}q;!h4OsxR>h`ap+z6b2yYLYG% z5<37u0c<>u2}jdaPXt!ix=_vZ7vE>^(F$3qvac`wWT-pYD2)Vv^Q3BT9sHK*KA+9` zk zd?I+#Am|^35oYO`d>!)eiZurEROP*T4|nAHN%L5*%go*jd=Q^NBE(Btck8VK^Q%3Z zqsZ;doTWAHCzvm5z|*hyU)6xA0uxLpCC6&*V~}#gVw%WkU+iQi(?ks4D?^ zKNWYc^a7-}-O$7K)tnB~NlQjtdBbM{3w1B-Zw~+byb$PGuaRf+8#?~1*jm0&I=w7%BHW-UKlrytV7GkfG?Z^8$Q##DkwQq&9R ziJDS5PNBtwGg<+oc36~ipqDIOSqG8%#Cv8>b@j1sQ@}mT$A;xxf0qgcZ@_P&>I?NN z9WGw;OMZ@J8seP=qR%Et`m?u#*0#=SufEhmc+&vN4Vwk2a3FDcPvPgt^PeL%!yDU~es%uSaWl2H}`WtF&4mmiY*gxlhG76c`hx~IHoK_Uj`KkZjA24B|g zjh`kduXGj;L#yftIIb?Qv{6cX;%>@Ir%+lAJfHI*SVd%*8c5?v1B%1Nck8>I(v%1eXd#2 zM0{@C7&;o5Q*kbwFiTnL4~uuE2LlhkX};jQfp^g`q7;UQkbUQ$EFLAkXC?Z#>&38D z^?}^{vf7lG`!n4vGMHnJ@ZOlf6>vDh-I|i0XulVm7jud_h%F}(C)FXBHPLmFaZB*z zh}f1%3glx(7lb=H;-zo}JIMne%6@reV>npJ&Y8Lj-@Z?P_r|$#>N~{-mEkA;5tEB$ z$b&voc^IWShkMLZ#GK^rck?#wxw?veVd!vKz6g9?D6=YvZFIl*t5j!gnqGN_s!H^9 z&7~dW3X8-kKjRb1y+T^t51mTZcX1{P0sJLAHwdtXBZVL!VC0A#S94D9w8rh}N%cP5 zxA-N~ftTebTZ+IQj7HW;5#dCa47sPO@|!&gMLcGk z(^>*Vmx5|{Xuy4=BHEDL>*HWvU+^zE;8DK7qOM?^?&@4e*~ma3_1W!lsy;z$cFE4X zt^m)TCcE=U2G)hj?hHMI$t8y!E|^~hMOB6AQEC0s#xpJK~Yh!HtU_xwb&S) z#>AYsfiIRE4gb=O6SD5x-(2g7u`6HF=Lso)B7(3lTrKJy3+|q$*JE+Iy_+1vB0KDD zw?xEaf>;5Jvex|r_>jE4iWD3vj}_B{cC$Y7Q7`F)mDDxlBerkxBbCE;_ET*@Jj@w# z92axH6EZ+=lWg=Eg^8!bHsJxH6QPwFyP-=Igd1UKJnjyaGOAyz9$k;MMf_sDjvH`` z#OWu!aa{{j?9h}{``w$D?$38{rPPYz@ma^{zX1LVFlm?nieoQIc93drjXbV25_}To zlHE&IgRgsJeI}&He%yh(8^~lHH?QO;oMJuV-HM{7S5zjYEaRMeZIK|-GxAe4jfZh& zrKs;m91n`jF7RtRL|GCYIz9G*qxl&r=uiwzOKF!lW3-Ac?Zf|`@k&7Il0Ft+1me+Q zS3`#*DHIC@4;lVGX|5A2Hie6?RwDV0gBAT(_RfA~5?(qAU`MmP4Fg;D($y^PPuZRN{7%M$cWzFEj%@z+gXV#$(sWhI+O>xK7!HA({*^{BJ zVN3g)-5b_4J2=FJE(*Q@Zc`gtRg>daXRa)5l%dN*YyLO2Z{H>4&7S^|tsas&L=dXP zr*?2aKk*xdVTl%mOxt3>$CXCy4buAvG))ZqOBBjGYyCnY zF+vzBGz-Hzx$NQdzu!m1O7&`5P98VU&GhuCuo{CK=Y2#C`ea^27$UFLs1wYBTF$jy>D1p5S6gg$|K64cmV+J4R@0n!@EkQmuR;%f>IrW*e zZ#y>?M?$`#+nG|J|J3J`C%d2(DKQuJ-EGk_K|3-OO}Qt{hHf#_c?8+3gI{A%jNd~G zVQ?x^ZT;!}>R2m2V0!Xqc<)9#6p6odtG@Mx37}3u&x-Hi11LGIyu?oa$=hDa?v%Ut z_DvKa5uo^;sRn1 z0~J78s(4$V@6WBvAO^p?diD3C)91PKJfQFn))f=tdXdFBCwqV_R95|47u7qH+>0|h zO=T~r>=EP}y4Cu*A}cEkGLwCcWfyU8k`L5)_dz=vJJE>Q9DOa+gi)UWJukiodO9{F zfO=E@@q8&;KLE-=(CaWTzULS>aHnt#{$8r!U<^5=J7nIz`Jax>7prqrR446K8D#beVtT! zWJG!0dhH#nj6hGn{of|k@Y)%JbLQPfvSTc6U;#`s}%y|cikT9O7H_P4pqOF;zD;CqIJh2pV&6Qf#*iplE|Fp`GP;CZ-%@7PSSJsa z%il!rFlcM?QEY{`Nq#2kvmP7gi&S|VF|eSE)BU3JJc7*9s+)Pd3MkPsV3jDhZnf;9 zNi?$S@pP!k5li3inIu8SGUM`Fj;B(K$+qo&3aP=-oLq$)v|5+lV`|mlMG)}!niB8u zOK>OJl#kBMIl9~s0)kD&hnK8~z$d-Y%D{+DWSVr6nnWa+I!MN|=i!^pNQfp(p`tf> zO9n?$+*ek0sT+Jhk>%9bxL_xIq7C$>$rMA|kHMbparUE%Q5-b3mac7FSK=piP!%6K zu^oNdzu1}9lKlAnOI$d;QE!6bcTfKzb={SKC;$6X+~gASs<9s56tn-c*bqHKy=t^* zTq!r1D|=#){J|mpseNWaju$MLM!z3@!?(P|5n*LPsjos=z4r+oNh4L>m=x=Qrnt*0 z0XKmcbqtx25fd=_sV>ew8&G*qGI+faj7VH^w*)zq<)xi^!&~HhP2Z@^E7Q)mDiY$* zs{$YQQmIcyymNU!C)c8d(A-)>_iM|a`n;SSnZo;CCQG2F85PwT&{rf3Sk zfZ-o9{t<$s)6-c8vkdgF-zHNoL9*R|^OwLYs{=s&=hwfP_7YIY$tty>&lkZ!qK$+7 zi;nWooY?QNJ54#;=ekb@=dMjA`7fw3>}uz6^d3x*j-hD>6#Bac`UwK{d@H90)zH_cRenO@OQ|4b)vecVp^M=_Iur=nN?{p-4p~rr9OwiH zyfza80VX~HPuHx^fHo1`@W$EWhey`D?m5!w(VwzciXC;P@T`6$bK39jwXvERN1!fc zV12+k(5yj7dlY0OL({7E*^+Rtj&pK$0eAb*LCRPAh1o0=-vR@!ywtKH6#1v&Uh-(a zKL7w+tBRu_zmE?P8BO5F{Ab2iM?*U)Rr%0-R>j#GWF!>U2>5%O9HQ>?#`4`LO$;21 zG1UTP_Ct1tTm{9s4(Ww0ltO#Tgnmw?&J6V@-p7js_pfAhOK5Rh#~%+Y|6h-$cNGT# zDV1pzXxVlS@$-^lPJUyMzr&0_;#7>c)`$=}|9o^6CIAzfhj1;+mn)>+I1na7;DHd) zLADTunP2`J0k6|!K}X}1Z_kF`KJJIktU=RLA=$;O3LjMb^M?7__fLCzDfr9^5PHvm@ zx%rt==`H$iHy4JGE&^q|HnBqMtwHqXL#@Ku_a7Av9K*cAYN*=opbbLvL(s<8WZ038 zrsLT7y|?)CJ`-`)AAa?!Q%i7;tO=q{^{Fk$2dY7J0L9_(7DIVTNNB7)c(Pqk5?AFI zX^DV3xVM-%0?&n^zXf4m&3~jr9k=yVH>op@mFn{(LjdYEV4+ME)b&NVG<^AcKrJb% zcJCVK4;UxFi?Re79YQ6q55q0wJM~}_b(4ayMbYBJX*jcv#D%R?UrT4E@RGM%o9r}8 z!C}X2IB88d{VEXQWyQS^GLb*<*&R5_fuUgy{co+KlAY3)@|=!IE)j%oVHTu02kKX3 z!UtJ65`ru!CAqc=zSJhcZQ#4*8kP#mIbd?*>B-xWxRg zZQTU<9_DM(KjvuZl1g))fE1Tt)q{n_nF%NQ0|uU7 zQqxFYF#-D8V*{>bDPHs680$ zze#Aof2C{@a;w{X@!<>$r4Z+U9Qlq9h0)4=6iCI1UUlup8CF_#p;-6F(CK^LXhXNj zM&#V3pOx>snH4SBh;Jz`o9>LfE>7B;aU#(h)d}kcQ0+9$dml25n zHh-}8`v+ZCcKKzx_s!4uL)Yp7@vS6qIoE&ua68sF)A%}zCS`z7pu4_YVi(D2NFFw$ zIMbY>Pz;5ZPkZZkYfi^LE%SS;eklBKmm5fuKBneZEKUfq#y`C-ClDg|J#d${MJZu$ zqVXe3GOcHWzkz}6bdqvHm}&83UQ1P(0o$jM2Tu|I7rB%2e~~)~GUA!QqtkZY!JR?I zPdZ|KBlkPvSGGTQU2s2)gSThP&EK(Fd#}Wa%WrSy0#HCD2OsSq1Pzc$qyuy8>iE6c z=`HlrGtMrUZHT-=%|QZT*W|@u=`s_bmp8!wiP|gX{1fzLVtt)Fm@((~BtCi%46Fy_ zH-S!{J=^~W{USYK6k0v8C3#Cu8P+^9@ZIf&3NVq<)uGHJ#b2HJ;H;7)Ltb|dZAZ5O z1cn!-`6fbdtGm{|!lL@U?g9$|4y}xgjJq!hx9Gv6aO<&TUKxT-MMNAJTa%D?-)gyn zZL+k-(O&xsBTSBl50}wV7?ES%+v%(G)ftCQYj3dj*i-BOn1PZ0-epgckzXQ^7f=1g zdxOTqz`aN{#uYw8-XTIH>(_1>4X;ry%))}0^dEoGY9^zSiYAKFohwaTi43Zv@jJ_E zc8qpT=-}GRHino6g1LPZ_MO8el>FtzMDc=Ih(QZ5iOZ}gc;5zhXj;5M%z6~)I`eGf z+sMV~&U?s<3MV9^bz1Hi!*A0k20$u8FY%*@jRquY!+P}|poTEx^y#tsiqG4?`fD45 zZ;0Gpo{{(+7cE|R`s6Y=%#q*0=Lb%2qP~@J06*E5M{PFX!VJRZY(BM^%~qa}K$k4~ zhzz@qQV;i7+)R=foTcD$mZQg^6A}m!D(sQNLZ(wvxhL{D&M-Ne7s!e`s8~PpJbqVi zHlD!I8S3P&oN%ftOd4FwR2$_isN=rQu|L%25;s^GVH1i6M_t?eS>F#V#E*Na2PT2iUeh1?Q&>ZEBr#T} zO2_(JSV4alNzt06ml#547=gz2Efdzn4Nn(A)K42{IP0xz6|8=6Ok^I$Kkc7H)h*Pq z38|Ajuxi;7GNbNcD*I6mlhDQ)HwPrr08d!_(8qt`=U;;oUxwCsir;sywmFxE@I9Dg zQ!60+eBhcn5c0WJg#Xn+IBp6S-TGq7+x-xLHW|m>?x*=tz5F)dEp)pGwU-VLrX82n z`D02`!mBm?9O7+j?FIrpx=mc*&r;xl>K-38p?NJVM-lhHgTbG278|iq8O;8x&=T&` zD2Arcg=7;1@U2FS-xDoAnvUkyBw`S%V@o5n?2I&8Q@l(b)+?}?!p~R;X59#k?2dO^ zQ5>P&8^?#~{?vWoMPsX5C_#`$v}N{>^wqQr;U%;K@PQWX?Y=y1fcI-AvUjGgKxZK9 z_6^_6_L1@24za)I+Pj0*C=nvG@4@7qk;i*a|IE=YUq#@V{wXzOqc;LeI<=`raeD2` zuh`T{EfGI>a_}~Vzp$qa3f?*Y$gL_Qvz^Q%2Mh5q5OHW5^^W!YLPFcqQU-lf$}X2KyAuUALe_*lQs^BWw8EZc zdi_K@xHs97;m9S@??rrbc_ITKruTK4N%4DUc5rHl8X+5&Rtv=Awhg_ZyZ^N-$U8o0 zjq`r^=KB$PwFayN>*Tv6s{2)J)_`$~&1oSvpCRDRROYpe>o^l?NMdNkuYtQ3Ngd^h zX##%+x$Ein@56nll%sUx+?qV;F@ndd=e>5V64z@S(vGSk{K8N%cj9jbqVbG|6LOea zH?`p<3!2U5?JylEfiPi|@q`*PMn5Z|x@C-zkBo1r32`bOXD=LDBC^0%N^#i#6?v3$ z-#e@mpRI%=0R0YZ9+ryrf{ESGDY`E@X<2DF=z5h!BRc3>EtU54GUS^ayVP`F4YWb} z%cJa$qz4LpsEfO?3QCu56zxAj&= z|9C&bM$&f~aKoE*^3CSFM9wMZg|XzT*33rSq$uO=d(t=z^D5f-A6LsXo0oG*P(U{a zf{yJyF4$Zi65C7Wjt|2b{<@9Sdgbaj#b5K7rW%a=f*+4@guO2!?q0w2!8(5vbIe9h z#zIA^kh4EpCs+hV(Qn}E?oYDA3|#+3l-AekKBdg9=puRBxulQn7%Jl%#+l_}nwi?8 ztpuPNPUO|WL)z^xwr^$5Ksuh&zEZ(A5^B#F#BieFK4PyA`4GITQajNERj0J}-u0`Ai zVF8D{Mq+q0*NjORCjsKLbNm|ui#@MlS;&tf4C=e!yM>&F3hc$)d8kl-Z?t}$ut@St z%``z$JHNl(=C?7MJCnD(p)1gaHdB%XSBk8UOgQt6{Ta9Y=2GQ>~zqB8t*uQDe z10ozQKfc-9V8qcIT3}-#)n}=(=3I*=&xN>Yj3OimwLni(y-Rpe#4kKDZ8x@^{Y1jY zWEe7w>=@;oBp$eY%Ry2?xS{uqW2Ixs72#-MQFED_a!K`K_%+&3_RjmVD-?O9E~&G( z*?UM+-?qwqTR1dEz-x*x>f3j{o^J}t*77sPN{wi=N_u1qu^!!ikDeSNLE~9p|)1*`2Vn~G! zS`QNQ8_va)GY_TAi?wVmik%7W-p$FVdfS$Dmu zMrUvvR&-adT2*2Wa$G@S?lSgjQZ6+CMen0v^ch6<@|!3X4oP**p46{LFPO6o44S>p z?PsJe!n05hFw^0kV(wJqT`!p2KBxyD7MVMoM~7jL6Em%+%9|b+?yB(`_@4AND5&ye z8U+Sb?|4&kd!iJ{zi06(gd@sFoG27A#AH4Y2Bp>#jOA}SDv=_(@HOsfs!(IR) zR5B1Pq^@E*5GF22o@8jXRGN+&)4+liru<7>tVofp6@_cwRj5?0&3!1%&RTBB({YQ| zsB(9`t1jL*P*1^#L$O7|Z6~a^GHoH~HeAAEP0&&>cu~FOt!?^^@p+o^E?$+KwI;I_ zJ5W$d0cNO&Gx<&H$|dQ01gqj+F3VefLc ze%*KE(B4Q*1yhe6yT@**fi;M*zywjhh)(z4mE{0}tP8neI^H!TlSV7STZm=gH>Lm| zz~ffnbRO}ZcE&ZI6??QE*@&p{$S}y3@D$n*?q0pm znEY7jP@R$>;XF1dVP+3 z&r5Uq`C#m}8%cH>y|J6X4iBkK1GU_-Q{F7^1M%OkT8n(O==GC*a)S2>J+O5_62rno zFF0DTQc}oxM<%k(udZ_qvfU%hpQauEb9%do> z0d`Bnp~bADcyvM>a$AW{JUmWe1jMa4!BPG^Hb&J;WQ!Rb=h*nM!rm(MBI~~Bs_CF$ zr1;st6oex|CLYFunmTW!J^AjuWNpCCYJ+Gyv;^qdd8ZE*H2m>%^j>r-ugO_Hc3gro z&X>jPn_@$OdLfh3fqqv;g28m|JIhEZMv`2$Y<(G=+d0zHk<_1D6pb`*)p>?l-4-?a zY99!9IP0phuH1 z;d#}mazxXo=%@2rUkXcsdj?l7k$?V{+AWrL>;MlEh6IWA;8fe!`x?DEh4=}O|{ zBj*jNFK}=8;+0NO9hTqPN%wpwk&U{G3JD~F>|!x>`D>o?$jT3EUg`A=5*W}Hm#x-h zdDBBSk0_AiZqCQ)HYSFJ8vSwTLU#$2Xba2>g?nt5 zbn}D7*u=2yAb^1a*hYsd;)|KZYq^#VKTzPB>2y z{dy{mJcg!_u@yS$Uf9hDpp?jo1@{&Ll)5Gw1iImr;uGbK?rn+(0 zWw)~#2(;ZB>5NQd^!T;vRLQ+EBn(%*Xzina1xXjdocc3ZfFfcdE1uyJw;bodU&^|P z-?=o3IvD9A^T3%b>4Syy)(4*_a`DWBo5lq}Y&#W3I`t7ph{(F?=ts?dgGH}@v)?{O z_gD_>=sU+BTI{_tTy&aD%jwvta;19Eb^Aa+69Y|m%irWkLkh#Ub6o-^w4!TL0JLP} z;8GWB9HA8;KatsjMM<0<+sPF2w@wCEh8cwyN$ne2>Gl~M^FOeyMx%Pd>k)FAF9SiW z=oIe(`*)orw=A#ZeR|@wN?U`832a>VpHv!w)}t!epsIL%WZ5$Kg>Pv^3RD0=Jb=e> zRGcci=Ih&-=n#9l`RH$<3QAVu)|5(9p2~Dd485gm+LztZvt3t%vrMab19Qr0Pis?i zIaM*ZzYF1+;|UC-ov`(O0*oV}sqaV$!_{?}LWWeY#|Sw0Kg7THpZ4rIslpOUld%`Y zWR27QRv4DOo4B0e@18)!zGm)T13nS>HeuGsy^0bUT0|fq;4xtCr8|p^57taMnTV7^ z4U+?14#JB07~w9cY+*H(b&M&{^Dzy%4V9Q!$EBJ`u3T=>?Ox@GlDZE44zIII{zUCe z|4opYz{HZDeB^_aOEQmbW886#S9k3XmPnY(= z^8yAD_9iCu4A_efK{IZ3FSv#UWs3Ka@w)_vS}*^9&5bsD3NhtxPZ zShM=14C|bVuV6!znktPyW|ZgQEIxXGPun({yzX&K&HPNdlWAE48L1(D(x-3 z(#*w3%58f%8u$8x9rL9KHIJc|)nkz_j;Bh^e5**Ng7NRUT>{10Cv25E$uJ2UyCKEs zxz*qEK=bOAfQ?WNw6@(e5*-{Gs;s3~!|)eTf*vM|%Oq*SJVP4XzNmfWJMjr@TlqV5 zxJ^{@B+=I%Xy*mJqzGEs0V3*BoeBzncauwjOa-MOnfhwEbAC8HJKozdc8=zVGm`dq z!i5o5lJZ6)wdOd0odGKnzBQhOKKqZeUtWoc0Ai0@Mw21BvKr3z55N>c$BvI#WX62T zpE@15sQ-j~X1v)tq?`*=l^fvN#xuk5O&?F>mT~iqFjGSmpiuWVm?_Pmjp^gXNO4b5 z2CR?mMapi8pPv#GR10qt^u`XLN21V(4loy`Lj2r{q!$RGjz(Q>^uE(Nx#avF2jue6 zL0K|q`jXCxg3;T&PQ=#{?4(1g6epb#ap&Wu2BFmw571+nj0D8pgD3Z)VI;v{!xy~@p!xaJHbKSMOe~2_clq%#?cgR!bMBP95UzR)m)Ft@cKkz^FTMYa6 zBAl-Yf>I%=x_~`*`$g=Ybe{;_68budXoBcROJj1&UcNnhgNqWgAfS93<#d1U|0rf( z?*&IxZH+CaaK-0*ix6Oeg*iX4ihEu7r=M({mRu!#Awl)BA;XRVE$liOFR?NCP+=EP z13SV0$ZpiY(GHcy;--;vi!U@s+aIMC)m)*mh1)kBrwQNj`&{B~Efc>?gR!t0ORAHV zqsYWElCHKHTL8lpLkx0^_5;YXk_oWyaBi(-bLSL1P{$;XB{Yid{W_$93BAh_P!I~9$e(*3_Ca+tCk4~ z=WG^+{FaAg1~vvjhaVF+4Cy-(OBX;<@`z~@HjR}@MKSr*+^y< zT9&c41Qw&$Zb@M1gDn6jz8;#16x`F9E$;_`hW zqrl@PNtP9w+>lo?KS9L;!Dy-3{nIMkKdf^9q|M^;H&BajAc?BBdsvO#gS>&zi(r^d zq4x)PxN>-3TP@Da#kLG@q1#%Ch;njIaU3NwGCYLTtBE7=LeFD$0Z>~qsghwDmzqWF ziEO0fqzBjlXWEBrlfi-{CIHa_E(zc#3vnGo_z&)6y-RtXiC)o17w!0INi#|fB`r1h z*(PlvDB?$g2PM(MF9p5;wr_~3t<_Kwn@D$*@(FedW(y}ZG zLSv$qMQVfnl@H^V%p*4b-taHdh86Biyhf|!b8-P{s}*N31&J{}tyeW5X>sQ|c<_C^ zMgE&#OxV*ieuIH0KZL=DD6ztSd$O77l!H3pP?A1fWNcwdmoIOQFwy0?S?_%eJ{jXUE$-zppHAD2mzuZJvfBlIXxzo72Qm?dYg}{)>4i_ zy5(thbaFAK!&Wo=W7lx81 zMFb0upznc3Io?#c%Z#jQt&M}UJ-L7NN0Dj4GROcE~h8ytTW-cE^S=8Z`g?fgduRp?T7)dn80 zZM=XBv>%tg{JV2&zPm{Xd}`Kg?&ubYFucy#jSY&cxwuKBu?{X6DW%M1P?bS-8GD*z z`Tm75r)ewt&&rx|WQ5xqy5#w&`B{udZDn{=mH1OLs$UU@YJ0FN3O+N%v9<)q$`X#1 z?6e;q+nSNgV&FTeXFwaNC@yDXX;dtIR4h3vIuEO6OIM2IwX!%7;oM5(*`xRLd*+T0 z)RgxGKjye-+eJTs?w`9#e7pg_)nne*OT0+@5?*mS<3{IFnUIj%2o}V7=)lLqe$bu^ zh3^Q+UXP!*;!r!s+3;?hbC}Txrb5yzjsgZByf~97YtY>@<~qNKhnnU2T4Y#vncIdF zIMjv+FgeSP_&b3zZ!U>DENpj*MEZa|`Op9S&nJ@i3*I|GpPzgTJ`Uxx*%alPWJzHh zIfl@jCV*6SEzWbFH=W3wiPPt*6oQ;gdFacAJ#{Gj%oRu^HdH~>1nDG|2+tAEp2{`7 z2`2^|qv4p_1m-ssZBU@T#if)m6q>$J0{eb*iyL1W5@DI^mkVF%qSQ$?LW!zUQ%~{v zG-FcAtP~>*X$>c^f93ig`58=qc4P&!S?D0OcPyS6?SOT^=~cD?I%S2s?YQCdY`TNSm_{SPuKUyNv$3w@3fo?(gvbio$w>{k{GEV0*B$$F}=} zLBIDWw!73XEhsZ&j{uc%;QKCIYV1jrTMw#TUY5WS-=Y5dNJ{nm%c!w)Pyamg-{0O{ z&;Ke)_55oG;hcTIc+M(?5}f`kXa2~L*@@irR89s$IEnCL+{AarbRdTpmTHIXaxGz{=6PG+;f=W`3_ zuHc)W)CVV8Xy6W5J~%m~3A~{b*TXKH`IvTo4tV+KW#9>22zTI1E@h_Y*8zL?8})3V zl7iBTF^l$`vqM+QS^XK!-_Q>+tK@|3uAAQ*$uzCb!GTf z$C{3ZU6h?YS6%%;UD3V=#NnEKC^adFE{ zcknt)k3^L=;~ zXjmjhZVkAeicOzXgu5zve&84-MtuiN@F|ijkqS~A3j6AS?RR>eUA&=Q+W?g;f|Yy8 z0n^UandK<*x}r*A{|ykhbPQ&E6vps2 zakUbaRo;c74iocl`dop$nN}f#yDsas60J-5Cl~@^O;v-m;gF{tx7lgv1~e%$L7U3@ zfr-AI7`FN}T?G!f0$;GA&7QdFStG6<7MmTt*J9PYC9CQ*7gYK5_Y8*>0CLQSc-o(eAM`s1D6cRltdka3j~aWPs*n7Kex z(pruwT*m^vrnAj$S_}J4JDDAm3x>Iqq>dO4-A6 zETa?~vlInUSF_(Yn&>oLve1I%5YA(q4ydC_clTlJsW_RHt)>~lie$Rn_dwUZ#=&NK zq@+I{kaKioG2FUvt|Hol%BPBGm>_Pn_;K}L@7#)BjFwxcI@0O#4BvI`2O25I%;Hu=sm1Yj+1hC7xyIEg zmt^mrw@-BwG*(gRu`e90)P=`0d>dnLV7)vi;b# z{fGC!@DQSLB)jav%k8nmLT0I?$qIQ%xKU4uqy7WZh$r$^8cJK4!uielC)U ziI#M`m4b`TdIrDw@s?JWxIX-AX5ZonUD=ai;Qi$jEKb>RD{_o{WX9Cw`i~FcP`&I!8g7>bI z288o%!4M(sd?vUTU_J5w4v?Ra^=4DJVmbE20xnh7>-G1kW{>otEqPGMooEi4^}!j6 z=Pa4XgmIxM&&xtitc;sBh|=xj(1uA%S56_g6$?toSZ*S8T4);ynmqBEg>0f2C5|uu zTYi*5`S{H}%;(2@qUlrCDHlt#j5WQg3~QC7D7lgkCEnZrEEhOE@| zB^i)8O7iO2=KP20WsIDLmU%VdRAp*mGo7%$h-kybWTGNb&9q~{K?FH58yrg~h6!4v)p4|R2& ztP~%aNM%#e;$4WJ(>>ck#eH-|1n(5Y%gg zeDYypLWXvdni(+hX1F-`w#*43`ZRLT2oDy=W{ZS|Ttq{E;;k3|tE`Y=U4?;vrL2`( z8<`aJ0<4Tl!2@sN_;omVVxNuBr(#Y;+)>fBC6=8Q^;5pldf%vslBNYj%L|xB43*=c zogx{EBmNgRB=DrrPl*+vvO_i4jG^uSZo6<`&c<}*8+ySNu=3>NDOy;-;RMKDL>2+= zZVIf)8+KhMx^AbeP_InynU4*7 zYn){U6P0ru3fT~XYv0Js#_jx^KPoR`3cPaEPD8ITCW~b*ZV|ch$K1A7Bba!0Y?xfhUx8EmUOr?@4Z}h5jIqCRXW)=}<7s~X>+t1^?^}9G=!DJJV-3rF ztmimRzEP7j@aQhmm#kL8<57p-tH~!-Ua31RBeOG+ z53b27&3=aaZH>} zv{BTo!i@prS7rIu95i~T#tZGb=}AvMlJ@=TW|)|Ns~SP5zf4>Dt6@wT`>UI#G@e%n zlDMhksQ7RbeHunQg=P7>ZsR4L5@_pcHM z8m;g7W=ZG2PWFs=qY$syI;vi39XwICImvXL=u^p^kf7odbCC$Hl8T<-jXLF5Xz@02 z9Mk8Rt4Z}Kp5_PM(xd%|+jrG$s%TimrT_Bg_yDy-+?id4mq7AL^FsMIgj1wqO<8vA zGyGkC;3P5gT2JWyD93+`&`|jbiD?3=4lG&6nDOK$sKwTzlQ0uqiw|HDUrP??H?I$W zJ;%^RQW2dKt%}#J9aCz9Y9!wfcTBAO zVbV-nW0JzidmyLKcy-NU5-}dmT{HjPqMJTE8wT-pC)rR@|q=HZOwzxR}_81{1*K-(1HZtK8JFX<~g4;5!<`Vrv z%5R3$Um~<3j!7Q<63)qR!;j>9xa=opPK+r|t~BhRe%6#&c97oC_HJW$Brt=!^yvLL zeE+#f4W$@UK!jJpm;w~fFbX_;p>i}yn>J&!$U*QO8c#`q4^2ITxC05vAHS2B9$8}M zf+S)O3~P&QViR{H9#0RNQNZBY&~ry{z>KgxMy*0Rjx-e)FOPe$#YN|M>5{rW5$F)v zhKTEo6E7$HUEAXlzEEiD@rsTgCRGxypIEMK&}~mdwL1_UrUlIWsK%iz0^|AGrTImxJJ1^2YYG1IMDr!yLm4cgzL*IM?`A9xZ8$yN&EbYi~G>Ip>G4 zv8z>&DSAjlks*d}q?7}xKB6wg9=J8muN@DSADwvW8C(&^Rkwz~5lY;?B|{{wYUH;{ z-~C1C=>|fx5Lz=R*rK~(4uBm095v2GI$xH{~BE;>ar>kZ7}fzSvY5txm%UKoI1&HRNad`bdePzxcx5lTC`lvEG$Cj|qNHtj*= zoWl;k!Vi0vXk*~*yLX)IM!!iLcrxL5hSn@JOX6xQEnmnQ>>1k|?1=}k`_H4ulVAnI zio59?^XER(=7gas#yO_eJ*Tv~x2d<7tmk~}W9M)KefH;QE0{f_cokdY(X+`dtO@*s zo7WhdgJ-16=M>a>->S9PdDgrotaAj^!ha5yw;&N*`GPE5drDuzbK<3SB}qm)J-&xj zPV>yY=}>}vyktZm86880YT*mq^+(=JhDB9rDTR<1Dos((dEI!Gtdhh1W#h6G>?NTo?J$R%@z?zqMS?JRwiMqc9Rp~JPxY0kni0OD0&-P z7}QTROH`5DonEK6+e>L8t4ymi)P1RfQpu`Y3HQ4|`soI_rujuCjq3sPVVMeK?k8=u0KSy8 zsuIyflB@E)YG#-xk+? z4Z{aRZVLqpjwF{92HK&PD2GKgs-%a9O4fQZ+}YIfTCkujOif@Yp^^=G>a)a4O_(Ta z>(WGi7UHqM*EjFh3ViPtu(-BwTp*F6rO{3&8a!AF1-!!RFRmALUpBX^7WPWCq;_xJ zxANYc(5h54!5m^$gDz=DPaVRfMT~5^6;q*yzL>peguR(>8nhJJ)svu9CQYY6HvFVseFSXG{2zY+QTi{8W{8l|fY8^3+HgJyD@%Eo!URRe_!@Ef^ht(sHrO!DNh%kF zde32~=N}$%t_j6t1{Jt8TUHaA*(?F4l+jESu8S^*s)i@CtaB=7?o`mOi||Ez zv6{u7@Ymw|zX|;}^S{-P2vkA;`@NlhD*n%YZ)bl^|5s7c^glQGBrZD3vJCpKasu7gAjK_lbQGeOaJ!1eCsev#8{?3e|Ikt`3UL)aby{6{Y?an8=trQ8 ztU1?bjHiLClGY_Yx5eWi>(s;EaNCtlQog*!edV?`Mjo{Yeh^9zdL^~vuDw~v9qE8A zn`dcpHvMM3Pt}}}Wdq$mx#slgP|D|!v3~}`7ySO%#t+cb#zF;@0!PwilB?k{3(*Tb z83e{(Dq&63b`l?h;EOv`JLD|e>nrKQ%-NJQ1huiW@B7>oZe7Yslk*?_7ep`?k+{7c z3s80bZ)f8FVJyh?`M-*iqJ(?jGkI}&I=;vR4eI@RkKf<5K zujP-k<2NVI#gD(Aym%r0gvURr=kVjL{^RuM@KpSIb^PZ1hm%*&&(Hq<_P(^OjU-w3 ze%7zZ5zGL6ToPiln;Fj?+NQgC#tRql^qI%U7Z*|i)s|H1DhZo5zQ6ruMD9y%k`VT^ z>YQ<-s$3$s$jHcuHx5t!b@c2|dwp{7i^%ft)AMIPpS*s3#$UYr=d0JEyn{E-kIv42 zIXOBzR5kp_YT(|w;h$vku1HVpG!~5QGw7gRDotc@v-#uQ|HuHa9kGiGdzWGNlzz z;Ah{WjG&J2t`s1T>pA=WeQ33XETLdywezod$qFw$KzchyCj4!8Kn=|kj0THKZ#1n5LB$S^u)QZq24xzT7C}~2o`fM_23p-0#ah%3= zDh1NgR$Ia3 zIar&J(wjyfEqt|t0h7VY&>62~+Bj~QNuuFR>!%;7torN?l{f!=e(?O|(W~?0gVWPr zUY|TaKmYOQ#bK>18~)A_KHL?%fu%2Ou*P0APGxzG7Z4LLw1Zj%L7u8a*$c}$UsYaR zg4g9Pb6R!|gIY?l1y3FMFHQQB6gHTw zo?_sGJZ+e!1~g(K;PZA3yhevGIkL5P4Z{|lC$Kffal}&cunF>cyEe%pqYNHxg1oIT zZQgkXU=E#Jp@TP^o_X7Bz9TE7*@OwgFu%DuVH%Nx<0Enf3C+%W+f>Ge%}1ok5mB02 zPrYqkMPvB(5kz>2gkJ$KVIEWp3|S)`^2;D@+22+NK28-MET|KJ{V z+8Tcv*Q}#t|KHv1Jht}#oxR=V{=bl?(;`370|JJ;)J?u5R3BJ&p)Z(p{{qiZZbiHg zUV%hJccCmwxS<7sva_hNk5`cnNWg-7!&Uy%=4a%`EfccuOOtXmhTuR+plln^jQ>ia z?sd{=Y_XWd!Z(aVL2>V338a4$hsGl(Z@dJaCWStDm1cH zrMFty4VBVZ$s8t{>G1@?0`6P0-=WnXU7{a6cuh*jlW{_xY(63*yu)X%50QqIprJqD zmYPP~gAwH|2;WI^!h7iPI5xF6JOT%Qb*X;C3kg4n*DrJ<9CyP}lmA+ye*@IOIl6uF zF?sr5(P&MiXiu`Vozc%SObj37zx+ic0T4r;SYR5ehCHW2YuwM6lO=RbuE&3oA18ta z!&E`D`q!!K>yPLc6ZSubw*dT4C5{%h`p2Bu4Uc4u1xn4ElNamR1~?xuX^k@OtH>E} z#1xmueeQ+IEeOr+TW;?(-A_E6gIF50E@(YCzl^oj&O?XuL6Z3Rh~1Z6M=&YaG~`aG z8EFEXIG`9eowbBY<3LaveZsZ%>h<%(^W)biXHQqxb*@sIomi{_q5Tnk`R(Sr){qlL zxrG3Zud*~ZTvCsYEkdE_Y-Vy}ngb~X?3@WOV~%SD@A!`|O+gQ3ZepZYIaT|svM1$G z8{?t}1t}gI<`aE1CWG*njKdG$V09UNgaBX@5N-t!s}W}8=vY8Bif~{pset-7WkJAn zQIcg72wMrhU)o$-Gj^4m?i8K+vC62f8KcT?tKET}ih{bE+S+F^;(e_*#o~s+k4InD zHjKr+sz~0?+p+>}#T(N=M#E?l|0J;1=ke?32&Qgz4hH_IKR$iZ3`Zj?NFbzoT4Kre z$jycfnfBIGpHW-x`Vv|SEL*N9(X`qvLbpS@Ai#`(tcuQJ0crear^a@RuAHlQs9;H? zn1!+g9i9>C$k;j{h)H#dPgZM)18~W09wc3v_rpu1UHHqv$*ZGRKkX}^_AY{~a!dW* zpZ@eGWCZAi)`u8JC@mq16kHW7wzD;jamgOG9(JDYzsQh|Ayl>|~fv65w!bGpfP%|sWIOG*j`Cexne z^3qI(19Fb0{zYSjf0I5PqJH+Yv%dv!OxgMG$uN34xW)hO17Zpt0t6L^o_2Z=-1Zzo zbv*5CUdis@M>9Fdh`NlM7k?o7*k9#W4wEM59nvqqUi}`AjMfeRYJ5AVTikg+8eY-X zbv{_%AZo-pwuo$5pKz+M-*7r_vk1I;)ZbsJl%93dcr-R%e+sk@n6;Z_W{N?deb5pj zU`_kiQFO)syoz}^)%Iw3Wzlv6fQ>oL<)Q-oZoWJ{IwWs9!QQ+7X*IPz6H{n>eobc^ z9g3d;i)s~4!CER<1cEkicB z0H8N2)$qYH1}oEh%18_msPsi)ekNm(^9vfQELb;%rIr91M;21Zx zXV}bD5!#6t!uV)e8JIVC#wsLDhDX`dbJd(5?cxc7i|~3p=ubN{=nOlZT)e?K(Ok1$ zw3=&WQ%cRKRy#K_O-K0z6}KSyepCEyG!2Xq#Xf{+hp1Nlf28%@|FqWs_x`Wh9c4my zzmBf%fW_QV=5j~b%3a(|?z)ro?&|lu?B)vo_xs&ov~!nSUD5yD+11LR;nSB^`x+>FfR^qq z(>gdl;-{Xh^>dh!=8*YvfH$*g)6%pJnsZa?I(0pRGLkS-4q4~21J@Cw-ETFc`u?E} zphXuK8A4lW3T%6G3NJRo5p7`CAFEVye?(Rp{H|v%IA!4-9OR-uS^tgtBL6BS_P0r* z5F{LG4ZG_c^2fr-8$!Ys^v}4sbGThjZZENm9z|M(>!1Mrk(lOCS%jjvp#*A%RL-t( z^o3@Owf;f2p|j~ULOg+T&o)-Nk;sV3t3O6;UUxlsk{%1Maf1oD{{Fg^3-2LcZ|DtK z1dZb1LtoTomHO2?kAp8uBcA0`Oa23J`>b8R4v_nHcXQ=Gl$SvMd%U&1xxKRo_CMQz z|FS#(=DN=xT>h&w{^z5l2hi|!>nN80w;%6p+xq{Vy}c#=&q5y90$4a0%atN<#Xlq5 zCJI7E{7nWZl9RS+IIgiB@1Wa-0C{rLbY)pLVN;p17!WRo1rn>nGD>nqF*}zOWwwgF zYe0-T=*MBk>}j>1zFPFuRcjcfae|bIpwf`Wd1+h%d$YJTtm~%fzI$Qm$*0t$bu7(A z8Wm^GPT>h^k7m@d8RyAj} z&1kwOE)V#9Nl_|jw{#oxnkF(!#8=4>pbtzCXvb<%m?VOgK2!&`_rVGLYgpSD)wE269jx-!1oQ1KM2L~;7sY{i^ zue7zuqp<3S5E+S(SjJFooQWs#R5 zcZCsOd+z`Te^C?u+jz}dT~mEQI%MdlIe5+oHmyi{ZM<65k#Y$-^HCR(FQ!I^tV91;v0wVL!fp@tot3>80g{vTSRG+GU*_p1yu_ z!r{mC(jbJXNSrf0y@80_HT&k((f@gKh!7EA?R#3K8}f?QDKfO^6&9-%dch?WsXIRK zbVkWQxh2=7(~KGAP)0na#6WUhRhkV?4;?~u{LLO znXyNKXhHX3nRPf`XTOpFE5Rti=4i zuhJ6G?BLWsVeTQ%z(_zi*!mdxoG;5t?v+X|#P0bDtU7V^uerQxZmX}k&f8Xj=jb7= z)FO_DM_VX=%u)BNg;e(_e6_FsMT{};O;{6+2>4n~0+umO27M0!@>>y8@#uA*2?Vcs zt9A_yv`{zS$w<%5W_3NVr!`-%4!!WoPrC?F5s+84H2RfDUQX)@Wz|h6kg>1B?4QxC zNZSM#tmcOE8oX6F0=C(?8mul{t;nFz{+ZzPw|*gIY`dS(89Gk7Nq?W5 zJv+{?dX)5z%WFjhr2LXK^%7r)&+q`Zr~B_P$Vw{7okW+WUymPY z$qFT)O|JDK&qyOA06bJs@)Qn893WL{Q3% ze>ND8>;dr3gqLT>^Idj@HTy>tvv}5$wTf)A=RR$xB|T>@me0a+8$r6p|0P=G-LCMs zX!*igeWCQ1ynM?I)FP}BQ7$dhTPfOCcEcN>+w6b-Qthj3SgkQt%WKrnDbKGu^AX_- z%2Jn%l2s1DS$xFwmzQ9Uk0PY_d)l(bNk2-J^Sbu4Vu@OmOwYMn zZYpA$Ro_VJ=s@$t;QZ=a@{`pb*O1@x1JJo&o*v4heJasBP1jMYuoiPl^r_fO8fdE9 zSRrIJO%evK;o<(8VsyxXJIaf#sIn~R62Mcy`WSI_TkPuh9o;^UqU9G-SpJ;-mgRI@ z=L+-KH$_e<6~!(`xejJwD>Fk6x>q=n1d>P&`ZGa>a`@dmy^ zUQ&sKCDLAa`n!^HEswf7i`!hul?d^v$MQ(2I?|>D$jC0T!E=%p3SoaJM3g%C4?e>%v&cBN*v-0;fhN8fAsDnE z4G@AGSfn?husndj_leBpir6AkS0rKiBNZ)0Ij5?7w zuv%e)8uOjETwk`LbBHhBDas}%u*YR?#rju2+DJ)>=3Mb0bx9euwD$_+F`g1o3DaTN zKRV`3(Owi$ujea(uhVXf~wB%)AbmYxICOv%`B^f5pR3bQIulwX2E%k=Oe60CyMuhkB+@i?oSmYl> zM*2^F>d1e552zgmx{!7T|t~{=|$9{5PR)?$8gqqn}u=)n$1AYbBk~cMSl$ej(sDY-y@dXKV6t(BjrP{ z)BAer@c&WL>&00*8Nph*nDpp~RoVy2_&;U$CjZ~w+}i9c`Trsw+hir_J(olL0}e4> zWokSf1G(QyEOWL29J~3xMeRY6)}TyV;6(-Z^k-`j4-Z6GOh&){#sd{~!8%|We5!$G832SXD^HDwrVvat*J~Ho92-{E$#q6tO7|ls{<0^`m z9QF_R)RO;iy0!2A;3?z(yIU^)`{T_e|6jzjQ2vi*MtOYy*k_0EO&lUvdV~GzZP&Mg zT6=-#hAOv`%Xk>}DPs)jOGT0>MP*;zvJdl$rotT&NehC!^ z1Aj~fs1qjB%AeYkEX80K;F8IMEo9M{1kvPDt%(C zUf`-RjJo4s91o&oGA4VQ^3x#vgs;^*19E})^2Oc`064&G69>AVNs~%M(P+F+!qKP? z7yq=Y+lVM7N~dX_v24K^>K5&ke+AKk&ZVbs&VCG@G&Kr5ZnK;gY~7bH%H0>=;0u0t z4__f}YqsB(=yKg;(573P4V}dbU>!@#Xr~cFVS%rDrQ$u5t@6pY9O9E#-qDty3~kcX zUNU1tUWnqMz|imL(&~}5b`X%(cXWK(eA{sITbzsRPJL$&LPaeG{cAX4KF0k%t({C@I|ykdNIa)Dw`t=(>TX+*g;l?$5x)g;aH=Je~yUhiB#Mz|U{ zpLm}l&F8l3RXHlDp{l!hPIhpzJWpGDbt#y-F)P}UXA07A7l z3;P6UnM=PI1?4V|gML5xi1SBhhYZ4Fw8JAqr)6js{8wV;;kIv`hb`XIR zaXbW!YkEed>xoG##oG_pGzGqUBKh6mQ9@uXOXcZ3i)k_Hwbc3iBNx1A2I8A{(l=oQc6%NK1G$^8RljkH`LNHvhjL*vy#D4R9*AJ3be`KKtFt#jjL^ z;P`u9iwX1;pUM=WKL3QS;-HeQ)8@1uk3_l#7L4*YY##L=|J33CwHZHuO8NiRjxGOf zKVIs87xGy0pU(ROOZY3|;<_)Oz6*Q{_9OSf`!!};g+U6IT$dMXdra;QvshENC5!*I zo?7RB<-Rpf{=dDwY0LjK`SSd~kmsxM{|iT>tgZA5Jmu*(_3ZHoUeU$WG_?-AvH$SnunN@ELkD!Ti#_oq~ zGT@fahN73>#H_Z?cr#l+gjs|^e43V}bd!N`vACqPINdZ&R-qwogB49sw@QEhS|oUJ zgKHBaEA|wYON(ZMCRdOz;ER`R2CrM0K$gCclso`PI=c?cg%C-~ZHi z0WLfL@9jGHzuQaw?_wTx)4T3O4)bx~sp5sziAT1<2=T^)Fv{^nZD2;xbHA{9_{*yN z=xz@(MqHwmVd>mhYHuih~6R<5To%JX^{|K%0k z@pm?hiYW?NQZgC&G!XGT+=wGgP%5weUN^fs{J&Vl%&()2|L^Wv_z&Bi&JzD;F;Bj? z5EE`!!6cZuy!;qTWW{M6WajN{=n1l9#VV@7xL0d3?o}5Df)Mx2!z=}Ks)TEX**D58 zL4Ei!nb3t#yYn*S46U+zQGsJodHi}G6;Hu{R79ud=PMQ{P>ZF39w5>g(^s$PsJoz{ z{8-?NC+wREYv&`^Jc6zB>Du}!lDv(>X}JM_Gs*y z!W#BENj^093Dgl}6I5wTA;JsYiF-*_`8JK&du#61xjjvf){`_I-=hEIr?F7J8ZTM3 zCMaofDPEkSym$l5ICn(HiOH{A1B9=S)mw2GG4X(MGMmvK3>y6O6b9&IQ58x;bXG!6 z(!+GpnN%F8vr>sxuuekC!*%+~m2uNO!80r~VX=nb!R}|Cq5heH3BG*U&rQJWxSM); zFzCk!_FG!AN~+4}CWAo;T;grBos7oqi;!*};8zZR0Kj*Ec;9?iNhd?Pber#Z<{K@1 znI0o?0B?>l9wN)AX%AUX*>52z?dxHmwgJQ!sZTYcqN+SI1jysVkw&ngj77)2if*Fx zD;5K$+y5&c{qQNX|9M(9HVI>^K2_3`>%SHhT-o~H+1?&_)qY>*U8y)iZb*zNvWgz?z zg2RF=dRf!vZPvSFfy>ALOv(R8Nlz%7SUjMjU7(ErJN|#$TXa)c^8ZCVGxPs1)uKb4 z^4Y@lBHs?%mzd~)UvZqqH*r6@iVm}G*hhXZ)k-7rjkXtW>*%}dBpbhq#?X)E%cJ9G z=8NN_=jz2}#2AK`Bdi~BrI@y94lVC#x{_=}m0Ew_-b_L)KcuY3tus{eE1 ze>|pJ!jk_l;&~|f|J&ICcwki{2rARFt+CB+?Onr&b}B!bB2pY>n34xPmCxI?NfsGp zAZ*Y+LyfM~Bk!hXu;uGtL;md2#gYt^!42ANl-E(V{^>7!{qO89{eKtoeE#y#6fB>I zeDc@7_%fPg*Hozc)Mh|kQv?7jTmO68O#lCQYrC`6LHqyB?dAR7LLSSCrb~C^esa~K z{~c2akM7#n2+6lknsCl(YDxI~fHd7GMa+G=xAV9DblSGfD$u4~klki>WvW~;lxY5blTFgnQ#`OEa8w18oBg_9jzG^5M-6Foto z9o3&US_I5=NHWBnKoS{6DXihB)o49GJwK)MGonRsoXmecJ0-n1%^Iz%c-+Q+8TpOY z#qVhw{}nH;uiEgB_?g`d+o~XXVEI57JX#JnzH4P4NA%x|@B{sKJb=IHvbbt|_y1^) ze}!qBOfqux{E*hmRUM61+>63COHN-kS~nTozqh{yT}O@ee{y*6{N-V5(5qWV@%ry< zZ9jJ6f9`a)m+OBK&x*S-H4exLd&g0#Ay!0>E=>9Qt=Q(?t;@h0bP-Q3FzyB~uq_g8 z(7iJp1HL@pSf3jkYgl7j6`Lv$6Y2o%9FwfoXdD5wYQLY6w|2t{iRF`ioJLXm>N*$! z!)pu9=d6VdV3yqU!J!RX+YN`@;~FG~I7Kb*T1NRFs)MnSX>=dUy-YySjsW`IXb9{Ubua%;Cba7evJ8?!0y`3)XxGW4-$Un(i--?G40R-v zaR$)MoOBowvL3arTC7N@^nEn$_TI~~W0+=?0s1`!!d5B)1JpE|WE;iw;MByjks1gW z0Hj2pMhPw>MMP)oach(QU&o;W(1HW(MoCLat)lu;)Q6&yWIE}ufh$M zyvHjCx;?+I(6#z1O9mslKg&rDKK!&;VyOGbO&ro5uwdeO6X~QJ#2JR%f%*pFhe#j+ z!0-2MUiJHu=E8~rJ2|n$=xPjEbJycm)FMo4N#4_$2RgXu^g|3%e|&jMOKzNL6BiaD z=R33|Y)$tR%L^sbyM$%Sr_Nh#p@E(A1kA_Vg

    P$A-8zp{r(Ph1*q5nE5y(SFHQ`At-Lg5Fm?_YO^lB_IM-@%9sQY_YKqU0s$-JCpzKNu#Z1h$O#+g zUgM5Ri@XAINBOusH_=~*pTfb2l5j^;1@I95-@yEZ3Es=8^qzje@enU0GrEYNxm+-b zz}uIt3tXa52A>SabmfaukPA?9t)nu7dkb~^dn^aGQHT{Xhi#&L zL8bWiAOr^2ex7tEc!h|OyC_ehLf;A}gpY@BTPfT{H1;S4hjS5q8-X>*&fRSJ0WVQo z3ORsXt0&tnklwMFQ4%9#O5m=RfcBm3tB{>CU%Zp#^{{vrn2WJxHZ#l##juCiyaV0G zdp>dbvEDlnhR|Zj1JE$sH@o2oS1L^)`F%9(aq6|+;TOjc9ftO)-YI^9Mtm8lbwH1C zX{2>8i!w8sTu|O|ZObhI+;qp6aaW8~iyU3@YH=MxJO)_bN(95`HxbF8Gr=?Gkuj9o zHhdl4Fh13fyJI|3;_;CZ|NZvf_jWsAsNbZ0Xp4xpz{W>#Dv<(2N-U1{rC79r%>|mn ziefEazOY@jh3-ghn1(N3=-IH_64GQp>4tsXXNG0Q&i(SG`Cd)1_lj!Xk8I*Jn^x;4 zS@Z%*g%O4pqPi(0m;LYxhL%kcHd>ngiS{&IO}K;e^_1}qovpF=oK?NYA5yM>3f`kt zfkg$f27L;%+q_IoNwHjE0qQaZUyR_(+#_c%PPvf5*AnbWq7}$~3+tzSVVbo)qm88B zW10hqqVo@eQo%H%)BTY%le;3|lPzoDuvnr7XG2QDkgE=+k5|ZPku$4Chz;e5fkVsx z5Dito2+2msMf4S~UZ5TkzIL>F4~~zDyUQcXROqB$oFTtCJ$)e^3OROGadj}T&*K#8 zIM5_U&Q;XV!%61?1eD3J*J27H)cnx@qPLa^XvGXlP^KD!U>1*`31>GbG=_s%-an%F~=pu{hj< zZgn42q)(JWbH07Yi(p%tN1Bmh7iaF;&V-D`)Lxh}iP|R(!Cahyc?`7br8A)}`KXS& z7&3}6)gC*iN|B$||77#Yra{VdW622g4<#$N%0Q}u7^k#EIjh79L%9yn6oNHwsLs*) zG_fmUyB3#dfiN`*8sDA8qkSADSZuHk*`jb)+TUQQ-BJE=$JX!P*#hpOj)xi4(9!F4 z!;}T)3cGL={jNnCjngPnDmkTXo`X_O6}EvR7qNpVo`A2hTcpN`j{q=*)Th+Dl zq7%I6>_Wp{CF5uxL{D~b4k_iyq$duEDLbhN5kV;_4MUS#(OihftnKoUZ9UsCGSc6) zRx`Jh26z)O;4w;6F&@-WD$_M3nl1^HA#l0`Jt-=1P_YsA5#b^QMGlok9?>e9#+?(& zwLU0&r;{OS1IFDRZ>SW@f#x*n6FL!wk;sI#D2@Ku(&x%@HlS8i--4tlZwMk&mDuL3 zH&A477HOgs9N<&1a_HYS8jj)}EE~c;w~HG0Ig&XuRO0jY1m)BeAX1tQTqadi+5D1% zHfW=jmif zXTT#S?J>;<=PZ0Gy*YVd3HH1d`^429%7M@{hM+VaW%N{_9<(@LA*XCw(~%h@ zJ*E29k=B_1GD<(j89l^Auyp8}9!~mwbVg#@ zNSu|te+sokv}3@dhpvxX?HFVntB#H#yVNbRVtIC4(~La{3QawiK8vJ+lop|@LzM%R zwGeUG_&u&qH3>dc$l!5#(k&(7$1dJNaZQPd@VF!|=0#!u8?(xpDhR34b;Vl9utzJ0 z@47k?xDb@d^uD|v&gFQ~w7QDQMtYcz#}!nLSWS`2wO+Fe^om%5tF1K4e~#+wB*hD9 zoM3F0E1jQIr$Kjt&dR+^(shpvzlo`W_`HXD;Dm~Hr#Oq49#N>1;-Rzi85$+AzorbT z1^Fyc#qS+5StV2=>*U%u`CF;F*d_r~otWwe(}Cpk7nX?KCNk|c(<{KumaQJ*gQ8tM z4Q-?}DA7bDBX8d|1h^Y_0E{TN1#W&TZB-RRWOZP=ad@>)ZqRTx;ORQ*y9WAYWo}}H z-DGqNy^$Ri*W8aUQaT5Mi%E8Sf#$Tl=1yz7Lzzzl*-XjqB5WeqF5}qgu+^&xMndL* zqU9C?swDcO(x~xdo^fL;7r4fmfK37LvA*Eux}EX-hfcI6XXM0Z-@xIw=DUYJqAZ_# ze5TU>m@_0mm%r)#|F=8#`G31Z(=E^ci+FtTzmO|^`2z8DF0HHY97MPZPM>uj{_Tyxz<;$7p##zaOGtYSwo!_fA3P7W$@6C!xI``PA(;?%Oh954V zc>2)Fh23B~7PovBBF=DC0XwTpNfkO~95%Zd^Fi)-=vE25jyb|{c#$&JUeei%a2cZLHzYWMBrlZtp2*2?`_-UW)?e1>x`XNJRDNcaq zLc=iZ1FF1KmuTQ1P}CZO`B>B3(3glG-^MeW{Kt<{B@$qX{I^5@&&Ge++FAPlEab89 zf5q9DEnxSkuncyu59S;TS$GVc2yQrxmI&p zDblSGjn~7^8xCVo1R)uaWAci-NmHO+U<&))ezt3Fc z|C#XrJKLR|U0eUVy|cvsSjaOc`9BtE^^0jM=26~7>v)k?WcR6?^+Ys_k)AWCZlEm`G|hWRC-#^( zw^g+pQ_;@t1kS>%O8vewzh*tJ)uTpKEqHuV6+FFRCSo;lf&a%i&Bnjb4fki3g(obH z16L-vyV1Q=1S;Q6J3KtFmr)NBch0$a(|O7*&{$0#V?Gv}OOf*opT|!ezVMwP;bpU6AiF+O+74%I` z$4y^>R)=`jhi)OIcNUOOzXg5qv8ZQr$~L9ms_9+J9-A(aBFJcx;0Du7OEy)(pB;Ksdajq6}83_+P8S-b!viDY*({Sd>oBiF}o!QZs8VFbeHue?HkC1NVfMnM?@91hj?zEW@ zb*~fBJdMH>f&4TxO56-bx56tIZB?0l9GiAcrxfUf7n-Hz&^ysW5O!XA+;c5b`{DqIm zk73+rQV^D4f^J3UoWEfXdKIr!(E2(b+D5wU}c%n#ix( zH9^7J%d>-%pAOIT+1nj?GC4WO-JRRQ?)4z)k)55L!t}YMOW%J+xz+7RxP0fQ+sAa6Ln|W2I?%BaSdrunkdx^AWg-c|uqkuIi)0OEtC%8R2 zWzoJvL}j5^d4phuwItPmZE{5dtDV3J1YTT2U0K+;bgE9cxG~bZX@pfh%|RN_Ia)EbN`^sIt0X}cNvoO7i#xG>NtiVVRxEEx4_n*2qW6~PV zYY&$*ICH;YE3=6D#%?O5{SW|YvQaX2Z8jxv63%q70Vu=K5WS15-)7JjkCSdfr`Fjs zroSEIoH`ct_y{nEeadcG3LkZ!Ir#sTA_A59|7~wM{(qax_>YTu=HvfonSV%!<~e!` z&4HqW`H|Xh&Kk}=cgY8Ft;il<_P~_&G&I>NA?CUB^Ea5{pl?{m}Z)FP- zmUkNa5jSU<^+*ll53gTgCEE}4YHgM)Bt}Dt;fJ26zS#%MJ-g9|cTnqJ7TWnLToukw zB>W1PSFS)f8fo*YOd{k;NJk)KEYJ^wUQgt+vzAGGCCy$6d^0{%$$#h9QGZ02O=~== z0tHzn|LyJWIq`p&^50^f6%pU2foqBGEOd`5*k}TGA7&_dBJ`#g9ZzN((HS z)}sIKLIwW0N9oVq>$n)P;hRG1a7pQD9Wf`9wK$$Jo8r6~rt7opbt+}kKWBmLdNt7Q z1dB5%TQuGIw^4c8n~EMt`Qb?x&~s)DyGV@b7$%S|v{;ry@AU0h~bL~ofwQkBkf zB-W|>%2MY08L(G%@9qf!E;xgyEu#B!bo~J;IedLsavhP+p*8k9Rfo@i|Ie5IMhYMq z&gW7iQa=uSiTt;@ySHP>e|x*zOZ@MJJO#ngI|%b?1V=w0KS%um52gUyv6>{rm?Vws zWWa%Sb8)xZkmFoVtHy`u_G6Ov5S+m*EYRwqKjiyC7%Qa;eNTVW6X;bO4%5j+oc!Yo zUO=t#0588a#QFFp>&MAt7>CgfkJO$w@f$+@K=amW*p2GZ&cXt_SA3>e|Fz@5m#+Vg z9shmr@%9q`Zz0bz{(EWs_v(S)A9^sSc&1qYwd25->3?>&Z2iyP=HsRP&q5wN?1(M= z6@U~UitVnUeG!9?n?3}@{s_?Zp!t7&s?2Crc(3nX9sM`?09u89_K18;<1v^K#6$8^ z!lN_xCs$VpAkK1=ZqjF(Un%= zHyLJtECl%w!I^};o-TXHs3cO@@O^CY2FD3f5U|Col{y*q=n(^IY&6a>2$%fk5Z~@4 z-3))=Kj)CB&4Ox)i=Lhy8n|_ijXQ$y?sOx-gMrbw6(%okH&zMO8uOHIPYz!k9-J~u z?swi+=klM1D0Ry&HDI1DGZn7&Q&*2c@NRv@_`N~s2`%{uJ)rd}r=+xFdAbUH`(_wd z?%m1I-@jUqt+13mdMKsm&L9{~(kr{iSRddLOrt?^194kunO3+`Ef##3Wl1-d0UBAT z02yVR)y1MM@RM=N=rl=oX}8IgRXT2Tm4+z4ALT5XU=G6>! zJ4=aYET^8Ot3bPmegU{?EO6d4%6*bS{JUU2*e3ErbP3`bUw=k4J%ffAg6*`Cb)6$U zD_vDyK+9unBe=lwL_;B5yxseo+8&$29X1&Dhj5@ zL+|RW?@n29%(38lv3u_BmBhex6sP5OO-;&XKQDj6TAbQ^&?FA?JlvfPd$3G#!$5vebR*F zO^jZ{zd~xh_E<(w3@Umsh@t4PFAWVHD9|SNcL(hYO#{)1Fj5Q}uVL+H@gPbjW3b`N zn3Ta~02XD6ofA&S5K!^z7H&ziXxuR0s$M)vP(FCW4i~gq{kO1;{PboR-cY#!8U#?| z4Le%S3i$OO7Tvv0 zAZnHf`8J_5frqE39h-oyQ3|pso->Eth@Uqz8MSbD6Q{{=z(WO5A*UaMeFBy(NqI!F zN%tD6e;E&BI5Wzai9LGK4TnZcv}}_h7nRJgl~_8cyl9fJ_bWtwq~8ZnfeeiGhzF|% z(VPibla%(~MH*t?T*5JRO?CBJix&zZi}vwvaD|@ilda9o0slRqrNNrp-FzAI7P6>e zMuv`?VH+|uO!G*V=ah$e%RrroxBsC9KP%!sQs%&ds6h-b_LmjT3D0#2i=Ahc!F(K9 z8)?tO+`-Ul;MUI~v(XV}Atz3wau+z$7X4u%01|TtoR|;ZUuhrpOAY$K!pW3+<3W!!=x(IAE0r zSr%V`rsxVr5(uHfK#a;6aJ1@8fcYV^ZAOzf#7AUvE8GnFK)l2^MBZFK$8+APEanK6 z)cp0~C)%fY_r`OXCe>$A3O--r69VUg!u>}8Q!+lVj|i(G%v$lv+Dby`xeita7-Sv| zosUdLu*+p-v;8xG4n#c+boznX76nXNug8ElFd&*7Yrt7=(0{ZHEDjzF9Nm4macs3h zv|Z8|Jj2YKZg8xrEI9A=?L`{*#N2{Gbi%MfqXBlhWiAK6#n~s}ptrY^mn5OY^Z|Rh z(a^l(Pz{0eH-audNVy2HLKwD~)X=tiarOZ~x@hCrWDR-|tf=hi|6NbR z!CgN|Mt7IJyY=h4?Cxfx_cjcEe|I;$8ASi{KfV7N!at)8_;=M)IIvQbC3_-5MZ*F3oBW%9GtmX^ znDD0MN|RB@ZoXishtVC-b(Tm_sk#OA5EC=wH0ZDp z)&yO#<^-D#4}I42Ju~TlO8oxCQ*!?A>~$Rfzs~N`{%0YN>wY7St%F7S_~$7cgiv1Y zSCdylML(Oo?7HWP=`2{@bN0DinEg4POQjiob#pJKa<@e8`{XfYEb24Ed9Bdq+yX!F z!yi=XFGEkE`QDl83)7jXVi|>AgmxL44#nsKsaUBtih40}0B!fehmMmr6aVia&O4Pi zi+6xx{@>~B?K=E_XLoDK{}=Jh1H}KEW8Pl_&$QT(rGCXEw(`~GI##ZNZDJ}f^BVp7 z#N@R)gEda|Dw(4)XE|-YYUcL1w>w_NMyLZF*Z@O*aUGZiXvDRN;%g1R@4P;8b6V#7 z?p9>!6Ll&qMWZ_t?7Zf{6m5UDCPCKf(I6OmuP3A9-|c$6YsWk5N=H2WY}cI1^S#99 zUH5ix+I1dlw@6MNb;V>lyPH7^So;Empa+?tdzn3LgBk(0)2=@mZJJC)|8^36j4oR2 z_9@^>PAw#Y-Z(zxq<6J7)KaVCmqXQOId?i+-a&=O05>gyfp_?UpwfGxW>z9$C^uX9 ze@?OJeCNyJ;?CzI&tp_T-3h|}TnbGu$+3G$dgHr2WeUgQk?X~AoEP1ut|{$?`@Hbk z(~obWA)PnJX>t*ncx}6K6#0jMzgihzXMFSZ&YcKym&R6RF<*0ZTF)8n@Rus>h;;-X>0sx zTwF)V{omH(j^+QiO+PQ~e;4v}TIibwSN`E>)Q`JN#(i`00^Io03GEbSABSEU!ViNl zFMe9hNb?o9lx@1_RR}`FZi$!~z^m8K56>Zp+tbx`Fq7$y`-Glox%U>sxtU5kOoD{` znk7RF|JVH70zDv}60^6P?^?o^_e)bK^|Gnd*c(<$j*hK%K;~@zt%+$7*buIQkoIoy zj{o@5MCu@R4)8Mu#D6eQ}bWw%*MO6 zv-KF&k)3^T6A(dG(4|3Rp`cwB9RlQmr^LrF?aiT6Rz;sPKZTh@gqimLQ8o&=#bink z1yjcVpj*BZ|6^}^x&JTZu>@uPip)KK;#XzT4Jp`NF=rSj;FqZ@(=kIh8DGEQ(i64%ySg#TW0Fb+mI>kACwP zt{u-d$U3-4t)tGxNi7aZ8yjT9R50e=M~aWRD!&{c@S^)n-#w;%Yiio=OmC=DXr}Yf ztMmS!dGP;`8_(oz17-Ywb8pv{|8_Tbmi&JaPl5dB0ZjH=OEI9-{C$KcpL#pVHKm%T zMd6HW1Q$)!yqMU>gPOkMDkh<8G#*R4D4B-$FeY=HRP#4LF@Sa!wRIVmKQ@l;Lr>b} zGq-2f^M4f>kTU)M?v~B}H@6;dFZur>o>|ZTI^XAR-!~m_ffakeanciB=FEKZD>_xo zS;8Ns@lD*1u5|Q{6>=f~%)v!Bjcy=Yly$?t@{3NBWXuo@LcoDI7UdkuWO{)DfrXYi z8TJ5T0`KgH$uNL|$bXSuoMAzVBCWq+TF#w0%hK}igUsuR+lmZF|gE5f4*DwPnLpF*yf^ygp*yLl>@3XrS z&`<4?wG$}zV0gQR$DkMBSS~8Sxxv;U!16(VV`c183SfB{;KjjcbdU}Jb1g(@j`1~} z2&acwR(@TR(WoCGSY4m1$MmExDJ#X~tgrEAU0QmqkROxuBJLrW4M*I-wj!c}xC*j5 z)9OwEuCdTcg_RM2b^Hk4zi5aqrpH(0$u-?G)BayE4phnhzq7gH`u}b%&wmSfK7Ve1 zM{Z&|p#e1q+}nX)KOI1~(2226zH8&$ZhzM}{4_$~B@2%Sr%S8B(`oTFicd~~N{;AG zEf!V+4?TLsC5cLK2Ml=FC41ZWXFNEaTwcbXNHb{q0)0?|pD{Tmly!gvaZ7%igna-e z>cMdjo6>6h60y=T{TS+iW@Y3e>V|N;m(jN9=%?5L=oi4aDxxc~Js$C>)-P_cbDqCC zg|xtYKuXwXHI6RDagP-uZ(SK;DnlrOExq4|+wuuurXji&5YMTt-q%WI@|@-T!tR{r^s9Z;Ai1kY}Fy z|3Yg&$58MGHe0?%GeAlm#|aRIfCY^MJ732La^|K`UIdzN&Wya*>B=f*%FddTUDh|P z|NNsr`TQS@*8}i8hyuPl)sOtjo>KX5$BzH7yS2Bp|6IsZ82|PA)?+jNtBCaF&J8#> z3siN~#IRs+0#G^VM>kPliaEK_VHIw&Z~hq}V%bahLrz^gP^=c%-XALVS4!eP!j$r~ zanhm*CEvb`Cqsx^d7Y@lbe_b&wc?93yp9L|7=W#Kayd4_%VLtwlkYcGu0c4QME!rH zljy1yO=QXeyx;+6-IkVwnl0%i8E!~hqWOPa62KD{mHsCMbvk-w7VRmf?2c`egGpmOT7SBClJR8o$z~;@O{z7g#N6C>MIn`R>wx-HfBsU9W==JW zAk1tv$}-;ZSc6&=CqPO-j?D>vq(__q{Q&|<%$;h@;;KP|a2^Dn@uHg}MX_s@d|cOtp5GP@3zmQi!`nQ0+B)$;qEb zwOPgkPz`c%ZtgohPU2sjD2X`5#Z7<=idc#28jp|a!VUh82b8?!5){fKVkbvS%sSQU z<<{NNEvgIIc2#~|cdFFqd?VWrr(j#po7avnk6M~7LS?y##d1Uq5N#qXUS=N4!+Vkh zG(7Po=M9noI``OwZ)waihwA+9Rx^a=(vbkbL~D$jeNRH^*AQjr(bp=X5A#XUjuDb- zblIVu#QkK7s9t~1Wo?8e_IrBHK%~3KQ#=;h}miqUxNe2LC2c5qAVW%$?{dsCFV% z6lA3*Fm7rqLTnPuh9WDAzF9>u^-(>H`;}pCu<(G*QZ)TG%n3Y&y5-=@?876CcidA;}mBtl|!Hr(@|Z2 zZ+sqS=>+wpKTLX8QT|c=j=Uc6kfO(KwrS{{mTD>IRLFJbQ>lvrWMFkX+SE;X6>WA%X%@f04fJwFHw=pBxGf^!qhx4)pJg+n`#ee&D_?zbK)N} zQ;qu>^TGEQU{I~4e$dr8n1En3y!sejTqntgu6_@U?J%e=OkJ-XGf^!~aVzm_mHJ`% zHP@L7uvE7YlWH^dETqpyHNa;SWi_cru#LGa$C;>BKqyS5)CC|Ey%`48{?t=7W3E&? z{a#4*4E;VE)k&`>&nFjnKC$)JI@O-kQxZNa)irh*)O>seyNtLz&J|S+s zTU7HXCJ%gWL_Nplq@TMSO{%rjGg3Yy)kzv&!6uh;G_a`FQ$O6iz6twruSixks4hue zrx~+R4ceq`?y1r0Yk%s+b3P_dgk!)#^6D2%s_oQ^ltYw#NQ>KX=U?7&Yb~(jH%zwp zMKAX;e94MI{r0geog^dBd?&seoLQ_|B-QGg)G{o(BM0)6v?7ALW&ki0FiBZrlP^$| zsIb)qNDqbxqcvy>{k2QAJX_fXvD+kuvGMVmRxg+~&#AP+*>y7M_kdJ!RbEI49XH@g za8;#1N$7^_Ggr-{`Z^gVsn34vj{FRtxPz7G?b)CDGsM9)Dad+9B>0J`>C<{>N~)X9 z_hkLO1Do=G!%YlS!yud?sy%n5E1=$@`ooh@T`}>u=(w_c=JM3? z|53;fwdw%BpWWSj|3C1T0so)JTicu4JA2^&x82$MUu5^5+H5?3aQ~lL=WHBq~S(2AaCC_RwQsv6Tb(LKVawhW`lk{x(K`4m1)Vi|$N{YP zExDS6bO^^0`26agATZASU?BjI8={^2q|<0{@piu<5RAYT0&&5`EQ6DVh%Sk94ZLqL zE+TE_i1sQYLB>mxp(q=A93m)FkA``4OlLyVivL7De`z#yHwE^_0R0w?pj0p@^D1WO zG$H%S*FeKG;$;Oft4_GI_{i_gTTY74r|lU^Xr2-~>m`T9@e8(0y-$E!_?_i_## z8neH&Im0^b4d7NF4C=uzr{wUTr{w71B>_|*#vUyMPES*S_*VFl{%;Weo(ypbN3EQwLlm=CC%m%H)K~_5(7=D1 zJjjeX63V5qvZ4&{FX@CiPI^QbHxq6J?%y*AfJkez8;Uw98E`td-Dm{pV=R^g47jj5 z4fs1+PQ$UV_OK?m=b(*Rdn_|?@p&FJu7sme2mt$YEtI|hE;-*aZ?o>W&x_E1N7rG?tb*H{AEyb}P_vkpWbM1PI%RM;SFMbFi0RP%Kvy^aCdv~XstSZCBUQ>v z>4Ku0pDM7SFA8ptkIbQA88{o0inCv|d481)As&GFk^_aIb+QrsLB6^))4+l#Hr%bU zWPq6jjGG`<7YmF>+tzOAHpGl|(DJGn-PT&FhE}=F3PDZ{)wdhMBv=wqY(G0g)vzs$ z1G>)z%AmL1(2RT8Ag@%gg>9I|wW{-&4R|Qc!=+Iq-ZmE7y}BZY8=hz$D1%?6e#$H;9OQCA1pqJuHxX zTT!_@lwqcN#jPIY3uREKUMXum`A*uxY4KS6c4jhxH0hFWjEXfYB>Aq;#z&@7HZ|&% zX|ST+gGq?|GZ&;#&2!CK0-C85`mV7&F!5I`nF%;T zsn!|96-SZHvTLEFQ94;6zkt9z!GmQQ(fxA(h>G0zn9GWiR^=9pN4bRbqwpqTM_oM2 z(!R~Q09%Abcdru=T7@?bY#S|hNThuVXe%J5;qB%%oT+#~iVQ;&CG-qAyou?WWp`T$ z#6r($<9@`2Urx#+l1;kTQ2k5F^nu^B;0$t`Oh_*wAH$*15-rP#mlZ3rrL7=4H2T;Kg_F>8m7cC52zIy`h41M4hJuzi;L~g za;oHKUIIv>Ehz9unk@Ph(nAw?a;6MBDM@G+#{G&MhW-iEe-N&9UH1q zWMSt5x>PH>Zu7V(7?xFw2=e7ipx%hMAR?NpO9H}F4ZDRgVBK7Ua7Z`VUT|?+5EmA* zmJhS7CLsRsEEO`EV9KI)4h<|~C7R*85hd`2Hb!$BrQ*K!#r)P~Oe{i#Vh4#`gLE(M zPED1fNHO#)T+*@nXVECiQ}Tb1HTkB+6bVIJKneff>O9`E<9}~1@&6X{xWSqHC=vG) z>$M8szkk+UjdNFE!F~>0%JF?%sB~O(d<(2YS9baXYZa7W@@x;k_Qkff1GW+0Rn&&6$=R}7M6p{QBb-+ z$CTC8s;P1%KKzTKdOYc?S5;PY)uMDHiGmWfWc3QR!5+%%uyRzc&Om7>tVT~+v3MC? zBfngpq;i2A>7cMgmZoZvIt)Qkv0A#yMH^TFg@x-WD;8ho)L&3vN!F?a`2F*X>hZoyW0^21Z@)L^8h@8!X^j?@pO(@uE0x-R7J4f~r`yGn&p`i54m z$Ru4HgzuC_u^r^c$;Wg6>R`(>_2=BY>|D4~u%oO~uoide%a?uUGXyvinksmVsOQjH zdAK^(9fjD_k8h$Om86c-8yQ#3Y@AtOA0w6CMEKfeCm{N$Dm_Mq`N4*Soe zet3HtQ98hEa#u?L*5b)z?D+mca#gKLvqe`m=?3baiu63W z^-Qh*pVt0woJq$;bXK}x(cHbaL1p%TJ9hl%?d`3d$IJVlMLc|hf(32iE+)B#3hF}w z%O(WB(cE~}#u?lC@C4P)(ku{6T7O_u#d8Z}%&PyiE1|E^$^=#}SL+F*!FvxANrY+|G#>Dc6izv ze;QY*qm2J=Z+Be&zx4lE$m4-+0FOYD#o%owp)L?>v5%_$Ot?w^Q*sS*aD0SG0p)}) zY5^va5s9sHkxa%409GKEBuxBkH2~5i`ZP)aEJWnt(2kc>4D1mAs@ZSUMaF4g^pgw9 zFu|RU`BtAC9z1_}*c$X!cy$tz2x*Y?ri`AHMJ+^Pe?B`qmcAjREt2xDtaHF>7IL*3 zM?>&>Oc6-rQO%97RdcUvWjFLt#=Hhw{iGZAb%mTB6`3Y(>kYoemg3O$NE9=invBqz zV;0U292C=JoLo#U!MioWqnl_mmC>Won2t@@qZO<2dUy@b9O^GHE>AWYs0vI7&Uj4s zs7t7bz7Khb+LX<>IFqnIbTXpXDSihULcNe~KZdPEj83cZA1$=c@tIcs&qe{Ca0pdX zcorzt|2($!Kb`HprTo8;$D{wr_W_!d5{UaZqZUCwBm6OSFyd?kORDDi2z)wFXB?1K z$K#vqKb24ct!LqgfxE?&B-prlqSjBbOfN<^*LPe~XlK!YzI+C}nezMQ-@)~Kx3w8; zHhq-Pe1Ysol{P@{Ez*h0FAX;ViZWdhX$#i?=Zn$@C?D{= zU7KVPz7#nbToG!WYWDemm|kdJ`u`dHKReqyn>PQa|6TI`MLZ9n|6eNpAAZx}JBQA3 zkr^TopmuG{yx)77t&!VUfn_akswK9yr!+IM)tf9ph-O8XQ=^HO%@>%Bq3x;M$=5XJlX=55 zr)64Ko_T0C`prI5?*El_fAEy}|8MSW@7n(VySvNt-$EYSjC9K5oo))SRPXuJd(*1+ z>N`q0nzW{#n2%Xg*M{*8ufUB`s?**!;jGnsM4EWiYQ7Uz>49Sn@At2Csq>PeTrFp< zTKHhP6<_dT+}edt=8Sb~-kNUhO1%li!s*#Ziss5WD>0gn=hW0_4xlrVqdY^a%?RZr zI%CDT-lHxZ;wxPVK9X{MN@t`{Ih&S^6L(JpMP2@~R&J>?(p7gE&0`7aj;+-uitgh& zW97xpub%nR8^jq54)>kWH%XUNMA9nslAV!!&3(37*J+-#vsP`n*t+#sn!2|8?W|Ox zUv9;|Ko{K^E6nlTtwuqP8}FP+nwFZ`3Gw*=yR@*ILjUUVx&_ZpR^=|y72{J@r~4F7 zyDRGs$MYe__C&7MA309RGm~U^D_14Oa9o~|giN`+Rj6AyH_u!t_j;~cD|djNwOZXX z+Ox&w%t7xR&D10q9@H)oJVD{kYB^WWNK%>C^*m&OGWYCRo8UN7PuH=okM*pC`5np& z#qnYa{r=`v$&`lae*~@KZ1;aWT-}WEAGUVf_zzoqOa0#>9{*(lcfQNh1lkvc!dGvp z?R$uO(&8bkixXauJ@->|=~zh?)tP;ZGrSE0ymkH~OxP%d!1kv>I<~6F8!5ZhT3af6jtG zXHBa#R&Sjtm-n|Z7421H#gOJfyDN>a4{g{p()pqsvyYL(vmOt-{YkG>P}#^UdZ=OG z%8s@wY4Sgsl?uu2%>#%F$l_9HOGyv+n6ODjMG1_qH=uRK3RFwK!J+~Oc$Zzo;Hkzo zy~Dc zVQyr3R8em|NM&qo0POwib{jX+C=BQCqpQH8JX^NMP3mYToXLD!BRezRV>|jJJM-?9 z$tYkqNFr)BIsjTW$JSc=Hum55(w-}M7Yc_4`am`%N|qD#4_oX83WZals!#`xvv^8) zG-DZ+jMHo~IGSQE`*S=?zgo|;y}iBtbblZI-`?J?{=c`gyZhD7{`U6v{{F%4-oaPf zJNwU`?R&X91JEDs>f_L$T^!4IVFXNVm6x<8I|+F zl%%sLRzO4m_gyX|CwPXAIs1jgvO8>+6OJY0gY#lUqVhw%L$>4)^&~GyZv&wiOPsPv zKgLp~L>0n?WD(7T#A!N2^&Jw$Jo$EpWjt-H9uw6jC5fxsSS+C;Pw_m`oqz41Hx^cf zM2=%JMEa$Vj+hHcW{vf7&Ms&|L^QeJLsZu3$BYvu)Ij#j@fuw0G(zDdC0G!HYJET& zD-~4DdCoGDNx$h0oYNl&7nEf~bg{F6^W6R1?(cow-`Plrh&jzAygOoPN@6LHAQyz= z6mgPbNfPvTlFpD`M^Dh-I3D8+qXdiTh+&?HCkSVWT1(|(;6+LVirH*LGm@b9R8CRC z;$lWJy$7I*Zd)M9kQqKiu$ZggdifAUvLuo$B3ZJ5&_9Y1;Te$%bXo{WxYt|VNQnh1 zgnBEd#DDp{S(g2cDN{py#pO<8HDIMsF-0MpKnBn%rH%dXhLzuixFl2bE00T-fbXL+I{njLl-CKn9C_W z7frS7x3ZRqnUw#NKON13lJJ_-$!J~{ol(w2iZA+8ocw1>$wfm8|Bs}TIrp%_{DNjl zpUz1(!Tf)ULXe=sA$;Fx-F*T`F^t_+Xz;RHt;_AgZrgAA`~BVRy@qX8Bu+6W=mK+!N9wed42=lN)mf4tnn{M{ ztl&tJS+0(8(cjqEL??O`dR!1XV%eBZ3J&M;#>VDm_y+LwP{aw&CE=AP;oHNN(f0H3neB}o6a2o<6yQ%o*Y(kKPF&wL5P~3}tMUdn0zP})x zE2e{Scv=1)qXw$H5%9=x?AQ2J?~rff9{b`V22eTUa)`d!{$_gvAv(hoqVeY>XF}DP zyEABzP)=g`VTQAv-RS&l5!Ht#!n5S*K0uIoGDH{K{b&7c-BOXJ$1J7se289--!OU1 zi6EJDA5Tfli4;Th@lp+_$TcQ0Cs-0Q&}za@{_z4G7h-zM*$1DIUa%Hy55k!Tt|!Ow zIi3*V1~MNnJhX zWM2Cmos+p&B*sS}kQlqKtE^cC{PVBX%}sQ^CvJ;WpYMrN!Y?|KmD<+W6On-GU((jt z+yrgJ;q%wGHp;5GWOl_v@!3rtic9x!A&6QbG$w~}%!*7NagvZsQk;sQAk74c3rGfMG@ zq(VV?^ZnZwL-ewu*P}w~RiD7?Ss^4U@&rq*^Q)`Nyvx{r!Ba(feI4Ks_3G+9eHb`3 zp#q$cJZ1A4$z-Wlym2H0?d1^l+Ek6b%BY`zEs(iNLXsg|NLF6sB05ux(_G3T@&V6s zD-FNJd_ttTJT4pF>F+%4KefV1OQBvB3z&P!kSIn%Qdvj>^Q=Z-T%@TUN3|w6G52k% z1@);iK^pKYSQyZsJWt{B7^i7iIcBpN%XCRla&96K&!$*RhX{}2o!z~SO*ETBfg!^9 z{Ct*ZO*m*kQDQXr`dV9I>)ksm#LacIYRi;8QAO4E3zVqlW?XMeoDwe0q3rE_y`SCB z3CRe@srTmmYo8|vZZ4-C(c!6n(M>M5!-d5%X=d2aLY09dNrbJfWlvLnvb)#1ZMPe}7O*i@BIC0kK> zFR>)A^(o;Kb|T+1eqJH<-cRo~qv_@Mj{24|1f4k@JwltC=%mO-jGd!`rzq!SOh3Sq z4Hhx1L@4&I#pTk3`IJg+I>oH};dz zBxHzs{l`7i8MD2cI*^w88Hyg37FLbreG4pA$tO#3Atak2ZkHQkTqCOf*4tj+uW5pB zZ`i!O-&dO-Cka&z;Iv%Eni8NNf7;kAO|WM3NI{LpG$raiLKDskC8TfK6WbO%gD>{I zqaf~gWUz*^`p@zsLgYivf#X1ry#fl^NyC^?1&0MxIm^Z z{1@I_8AgkrFh_g+R_r=aMbMF+O(<&4687G-AeowV!f`BX)<#Ds;)!8-UgO-@M45Xv zt78sN0)xciWWvd0F&?ni>}Pd~`(F(xY~j3RcJiRR-WcQ}e^FEZ)Q%_oaR$pVWnX)k>r>&weNxM4bj%)t<|8Ih2TLMqOF9*=Y-pD zB}6;8CCCwxognfeQ%6e)($e%X;UtTJhhrJsp3fL33U{^G4V^3mNznT#$zabbDhgNJ zLIdGTrb1$I4if?r1c}sC#LU>P4HU!(z(qNy7g&;r8$vbMFtY-mkNvytAAeHc9AWJl z01B2yz1L#=;PYuUjgQBnTjcGzG4Lx6;CS#kJ~N)r;Xnx+F?|R%wdRn^DUwqxJ)Qu) zr)jDNTn)W3xQG=&0UG54?xSNS1RbTs8liv*$<7mWv1=O*j7E1&tA^?#tjR76%b^EY zwOk0&U&rj0?}ctPGOfC~6~P(MV5*LF5?mOOXJ{}qte zQ&Ll!AT*DAu=+=j}Nd<=tO9X)LI~&c1 z=*O*J*l6pg>ZkXZ$|2g@7S#{HrCcca>tI%X<0L0odLQ?u{>PY5kRZ2&LNv;lq+_#q z#g@a-6cY|lOHUV8LkPZ}=^hKOlMxamOU@LNmtJ^`iJb%_$p<+^TOU6Z8lcEx#hp=^2=7{aIu7o{Xl9oks;vqbcF!FSf9=kn{Qk#s&fX)~F92_vI{4 zLEC31522Ei)Ia8-6E2NnOZ+_b*w|Qn;r?qiTcXp@llbg}3NK?xa02ZEN5Zo(< z8>PSiz1DO3PxUQf6Zf?dX0Rr_1yPm=M!3uH>WMhULI4r#LH;I6PGY@^z1 zVsjIbY(g{AM=!_AV4AZ?RE{{?i6vophO3)lxk^eJ+C@8icv$$&I#A%M~4rB~LYmVU9bS&>Sb zr$iIX0657K0MgiE3lP82$3On<MP#55H@J$B!|_XGu;Vm?zst=5PGZ9`Lh zL6GEhG9g^?GRPmneuxttqlrWhQ<9Mi!LvJuE18~*)YVFS9FZ} zFFr`ZGn~FVc@?1kie~3(8N({KSHX|f?6y_$8rf**Cjb(t(@IgKrFETLdFfcFQNu8p z32+BcFcv=^zIt);7DdqehLYZ51B_D9RKHrPc|Hty@Pngr9>6&@FYWBt%l^DV6V{K- zZ^0;chL4fo*M^b{z|@grojiziVixp>)S~Jg3E= zt>>OIW4*nWS{>Uos%^zk25nkh`@54@!^h~))kec=pN1l*9H(a)ljJPN$?z}B@Bk6s zEP>{4CuGJh2zscG>(f+;={>hGdZ=etW)Jnu8tOf2=&qxvRr-18blOXZ=q(e@Zm;wp z`BwwoN6~DB9_pFJ+Cx2W8TC-lo8K!Bs;_F?r*H#|L;sl zp)bZYJAFYDlBkhgK0 z-1kJF-ORC^A~9t}nrKl8ga;q=X-?ukNL9yh+2*6AYL{p!qz10}x35ksaz{<8W;$(a zXjP^go*B*xoThW900NH6b8zx8k!gsBR(Wbwuiu-<+&4!uHSN05bw4XZYuH;mwv9T} zpj*1_Qk$oK4b8ZqQ$5x-5lzFiV=y8pP6^IPf{Gl0KRGHg6H4I!XFypeIzc1|18O~@ z(cImnfZsW}AQ=c~C}jfd4&1$8I6IX_OdH>4>0B$j18k`%ZwhgigacMvJ%u1(cBDuT z^zYkJWo9n4RA-C)`|Mrj;w5dW9Uro^?^DnZ6SR8SjVcbfM{ZgE-#~xAJGE? z;7u_b0gu~nt@j)Vxjl>wb%UFHXXyaOR1H{_lL6A^&r#Uy&lVKUbCM-`7b#de`h+Hf zx*2z|u(^p0LM3o}`?UZS2ToVEO79NGQrFYP&`FpoqtCL&N^tP#&?#_DRK4SBMfj>m zkW9s?cieb=JtaBjP*I-(&8y06ran5tnHycnCPYpN*9@HMk7wZQAA7p#>Yixa6)kIi z5pI=P=ozgHz z8A~kxLcQD;n5)w-?E>gv!HJyr; zC47aGt=sbTw{(Z4eATsFTg2B~#U6E8Wj*h^c3&}^jLbqn+RjQXZjd|0iY@n257!FNEB{Mv!ZfGkvh_H_8yBeK9 zAT4j?%$5@*9oxn|o2<=E^k3SU0K#pJNNU86(4<-D8w4~WW5!j}6C$)`+-p8BE7O_|i3{HZ!9 z|9;qi{OEyutM{(45m%rTB(DzmGR(jp`N58RZ%5sHclI<=kw$?qxMcv9tcXwzw^d7` zMm4<~rEFx)bD#SG*akSK{aLcog(xnU&E63i3CM!%3){`dd+zd|iMoM4Ij z=(V1@F>+EH6RoX5*@*P)Q1wNxEv{B3!Lq z#&Ox*F@anV5>p&7WriFo^fl)V#-mmY;Y8#t(*|E&kUeZU+M0n_sPb@A&a@?;ZON2E zIp(FvLnj&IBtZ{p7N-T+PzTqXk6;#5ZI%%$CpbJxvB@8~nie5cdRTG9L`q5xbLL)} zHk1hDnV&b96zHY=#ISKwgTIpzpw{ z!IXX{2uj&xJd^05VNf0+#?dc=WnSE{luahu6h?7n6AfZ$YI^M81f`1XHd=U&h#M}$ z@CKNtZ1PIg9l`-n?os+5VyBXP$Vm+1zItiI>yQ8$ZweU4(s@~v2+-APg~JS=Yg*(% zvMur=17(N3G9|wjICaV#ABDbQDu9s{L$p(J_H;&2V%J3|T~D=xnOZ;yj+rszZczXa zzO%bM-O@e)peiYE4mg<`bQty%F4C;qT16u;QBpY<=X4)+ylx30H9f(v2H_>E(g#y;Hj z<<;ZRQvkml+j}oy+Z4&tvWP&;u!;(obgl+KkFn+Hg)>#0FyP~~aUB+#2U2h~sMXE}W z(_o8*IF+7eZobs~r*uY*Gk~^U3VEUxaEsY2FTh*HG&BgwcR)grX}Gk_osk*H4F}uX zuc><*=Y_tlDs6&&n&Vg8X{_koh=ZS(q!Av&5iv(G&VoBq7Xm}?c_q`T72+vL>|ttG znP$ycLINf-@nfN)o?v6yLo##91h9(8(IFkfULu+6Vpk`2-VxBBOi3;@C_*o=ZLa3?Do+jT36+pT3+H_cZ;*3>3 zXp;p?{7WvaD#0FRk{+5$RY5X@SQ=U=I-)nJWI0ROWd08__b;e|ieA5{fb~;)n;^-a zXx*MwM}MW3RNsJSNSZ1}<6&1)jyGuQLb5DzQ7o_?#e&rgSn*=bjwq z;zan=KWskiC*xo+;h(h7GBTb3m9w2&^NROm)Y|}G=64_hC6&1Iig9a@*e5!%OAx5t zNatmsc3a3xT>zmZ^y{YZ>`eiStQmvJC9|bCF$z}aRsFLIrDTw&85mM|jLrq&Mukr^ zY8-wlcPGOE(3-x%vd{QrV65mu-&{xVVNh*xn$e+EM{~zj<3h4Cz4*=;pPX@)k|Fwm zlJ`b|pq9NYY&g2Jluc-MrjQJ-tP45q1=JNKf;2>3rt(ebUiKr271jB zI-YxRslb7}jFfK|P8lOgOxgR)a`s^MWYYoVcw&(>)y}4DM$TN_vmDFm5DnxkAC$;A zD?d{yQkD9@2$rcOQr<$IN{%I&7=B1!4WAHw2OK)m*N_%{JE7*&bNA&%)xjPoGnyS^ zA>Knk6}Xsj@&Bua&i-w*9R_Rn=N728iwblf4ffFu(Q7IY1FF#+ucN}G8C?57CWk1S z(CkA?QJIPe$FnlZx;yV&aIFzh#Hu8-4QRF4a{~cz=h^Enw%rwlc+LFS?o7|98wEz- zj)r16h0!!M0&_OAAeR_qPa5ap#%!@obKT6a?Ko5{umw#>jE#*$ed9L~mQ-JB8-V4m zHJ=5+Jf6O(plni8C(YEM|}v7c+obCUdQv}nHVp#Q$)k@qF5QV&U0@v0?WzT3bN(Y5LtUDJ*clCbW<%NOH8;F zksJCAy~^PR?O1PBB4fva2$2p<5qFo^27?ove4nNBAd*TM{ljDJCbhL7&_k0`$NHDc zJbl!G!+^7d3Te0sAb3i^rrBh$>A~Od*+4bCr*?QNqDE8hlf;E-w=u z^JCK;;Xww;&1w$Hj~^9Zn8`8f{lQOp(-#+U5A{!UvP9?mWK!vXh;1X-?0BIB^x9~C*fM6fnSgg_L{j#?(TcWYx8Yok6v{s19uSspHnLxDyMyTZ7P4P&m*8%} zLiS+0JQq7#^W`?2a0e5al#V#&^T_97z&vKBzw=FhH^OO7K~HF6t^ny*5~dAdR%$?K zRvE}^$*^ucoJ5ry-S9rwUdrxzm$GmryKAp~6j31*%M?vT4@c1PnS&}oFN$Wmi4N16SN#M+W zh(XJD_>a>^I(RzH?4TlQOjd25j4fcr-KoBIYAa`>y#A^$Azx;1FJ&4%GpnP$pzZRR zIu8Bfm5u7HNJD`BR6_X^@WiGo!3sS)GedcHw$ZReJw=a!s<`Lj{yzAgd~Ra-3mchk zxa0|zhz7Y2;EuAKJ9}Qad<)pdDfjt?3!11S*juf?CrZ4S8l*%EKIZRe%7i2diVu?u zDwv}XsgC8?s?)cLQFLDX&%B^)V}|)}>@&L{T+5f**2>(ft6_)f*FDvW7(twTbPWSX z6EgFg-KRd{8eqsDRPi2|BqM_u>sirPH>N9FKHV$t%*+IK1)Xy?vUfrY0qcTY!PJ+?qhV4VoXI#pD+Hd9 zGsz@QKiT(1621pZfHNR;pW?hYOBqhi@CD(j$j-KSv|4x8IgNVp-%sLan#60#6Yi82 za096gf3+!u^axFYiEGpjJgSNpexWZ<#_{&X z{h0V;Vh@%3QSnD*F|&M6KY#1=li%+Kvm2IZYCN~MGVKJ&V_g!1hDw(ffL8BPhV&8$ z?l7JhBilK8c`OihD(NvRvIH5MENE0~HGCDz&USxif2Y6S-`%af*{i+TFEQ1wI*lFd zyN0y&qqh4s*LLNN7r2fX_u=N-x-vy-cvDus-K?k`Hc_W^s&`cCZ9&(UfNj+iy`P1N zU#>6F(L;@DI*zn~rFP&>NJ_NRe0U``P(K-`|1lxdrzAcX4H9nT$50&Np03ZlfKzG*sGBw_p*s1oqsJNoacrfC6JBlF3_L* zEpop_%r<~}ZK9kkRs zxZiB|o9*syHg6{^RzdzIrpxrSvzp+p&RPqJgrx9>2DW6E4+S_?;SNb_3TI~_7|L$y z(;CIK-Mweu)L0|;a*418!(6rV)uMy3mv!-AREKP&n9&?U7Fx$I6Jkh*&a%WCXC`Z2 znZmDhzYP5czhQ!`bc!-QZvr?(aY{)hBPEk~+2iV`4WuCw@subj#hC?cE;Pij zwLJMIWid{tOi24N#^2GD7%S_tzb;l)6-n~~yZVI7D?xx47Rou9UmZwvPUd&U4$PaO zR?)RIp!cW7K(G^Hf4cECFWgYwGX}p;#$XW}UWTf$r%jouzLU-{2z7Bs4xiw-as64d zig2eN&VmB=DZFT%WLf*3K`Ow;x9DW|QMt?zwkFbeWqFuY(V$aKXQYNhzl&bED zg`PE~PmKOu_q3^c*0j~w*;6$(%IG2xN|1a|CnVweuyza5_>Dpt*xc%m7p81|V{4Y+ zozSsXbo>=ByfV#vhi`~#Y1{4REYZuzasj0uh5hTU9J_yK?@`LK2`Vy4Q-m!fGXqG{ z84-vTvLhO*u1T!lh=d0J)~4RSeG+yp%dvmM_6MI-wUxwKHWp_OA^hei?NLBkCO%1y zGojYPqqF`WJ8$p6Ec%|zwUD{CO&1WmwnB?Yp4+r;BOWF?xbRj0V@rq9FhO@JkqNBh ztFyclHXVnF^asX-ig=Wkc#~@Um4FE?Nk@Q%bvQnB-susFqL`(cnCu}nWriwTkGXe>U> zel18rJ}Le`#dD3U`e!UYMhB~&UheSHwsgX$sE`sR%=}?kRuL|68#<=>0CNdQybBWR`lN$kS=a3> zK}DXZKdBVx=;S#>2o@4^S!nmi?`?F$dgESrfj^^*?f%|3kP$`We#8^cF-fN4xC|^& z4-~XC)P(r8z?>9$G?_9Xi!39lDXsId?DP-%yXK8e$D)6=<|0KwbmuaM=wULW5Ofv2 zC!;B2=SUQJZo`Lo!FOOUm*J^(BrcjYh4?|+{k?6gEwB-My-c?>GqK+FVC(b{CY%j4 z11?)Ld~QrqDM#<|yy+GU-rBL2;WhvqOtV(mVcX|_>MomAYytt>;rkBL zv}FRd9>u(WQiia{zGUtz@}B7IIJwKgUb<8SC?=m9Med+%~XX!Qf05)6T) z6a%Chp0fhIr(#+OyDsDDqCi=}4rty3zYr-&JdJ>97yy`35wl#g_`n})Cd4YFoA$3uIbeO7(L)`LCZ$3?(!mVNfHj55heAHYX(8x^ zNf(fiY+mBgw+YAGLc^Jk4PqkxhjGWt6i*Y}%c}f!idjk@3%=*~GpZY|e^Q(nz&xr&5%?@FMv_)T45-1t~UP9*3jUG)T2P znl8W6>bYFQ^=^W4L0D-$zE8@KTu+eSZrN-@Si@csmLhA%}t3q%ySKWaTvz30iD*r+Jb*)REA*1iHpAKcDRl@2Cz!`(qk~a zP?wz`R8K?$Mkh|dF7~!NPl0J+iO}m9ta#cZZntDHyFw1L&E_0t(103x4G&!qK2p35 zC^ZP@jB67C3&Er-gD=&PQ^6orC7BtfK;O%VR60G3uk25W6zfmoIVEXx#gi9@&tJdL z8M0tD4GyP1(XX?E?V&u%kfyjA7tw~GXJuH?J7IHGwq;a=t2EW9RjjKM(S3}s`+E{U zm#-z;Hc!<5aQc}tAk~$$Ju6>UKnNj zq8I--eWaxblPTxu&C9Yxj8hu3M^B)g5s9$^Z~P3SJjEGtEsf>?F9ufA%ST~k6m@QF zDfZ#$n0b|a#2HKF^J>p#KSO|8{8s6 zvYDn6;`;e&0I7Penp&os&6Yehn@w42HW%cm>6l!pK}mS6{x>96(#fmulPWDws?-?1 z)TO<7dT_9(y{Y`LrIok!bUI$>Q(bn$Ds-w0i&jI~8S`{fP5P*qal-r%&=K<^n%hL# zdtVz>l&^+rRYCcZ^bF?_CrSX)sQ5`&^n2|B>V<{Z47`1F0)<{K?#3^4HlxX0akX)! z*{~lb-?x|TI~+t^+f*gIjszyaf|MepTlrP(E8k51pT!&95^rst8M_J?o2{)-eDjEYXT~$*G zlqEYOhXl?#A?hvdk^s;Z7hE|SD=od9=A~!k#FxkFIGqr&V#`a`@qFocGVmgca1MP6vaXRRPey~y(w#EG>g*`n)=hgCU!j*J6^PDe1!O2e zN>FgxSH=E->dx@_njAj=tFf)oxvLZN%jBrl%`|B1%6|EOn((gs2YcUq?degUJLLZg z$hU5$8O;tY3D((B5Srl+?=oDz1xCST$U*kn(L6;l1FFYi)OXd50~=%t^w ztiz6OI1KHwG)@5Dn7jri$Cq%4uomX^3e|UIx-Ko9Kxk{gH=1Bc-s8ES;LGh~ET_U} zbxleyEolbyM3oFQOUrV71$ThAl<+I;@#1`63rB}uZ<77#yh6&hWLeHOFMUs^v~BHk zj3UG`0@G_VgU_68N7>A2PU60o9RGSt!#mS%XkpZsh9_lJ)4|miNU3`82D*|LZV3yK zxmkr=BtST4IEP~svY6F)hwzrwPta67#N6gJE!F0+yhROOZ+(;mx9eTBV=Q!J+o zrICZq?n?ZoQx|I(gPbLiOC@gJwfmZYwG~N@aE?bbrIMDm6rcNov;E@HhMV~N+qcK& zhrc83&2+dXVJZIXGQIq)myA9%)G4o>?WvHIq1oG4r}j=%H|6b%GFeQ+@#(u;2f!JP27?3`o}faCu5 z_xF4IYYZy|!f-XF)@{gwuHOWtanY8Qgl#m?@+(y8X{&QA1d1Xd83+4%k&OB?{2>~p zEIyACvxC3goua_{yG)pfQ%-O)M~ULd-Ohara*99O#Qq!m z<<7f}VRJ^dvEQyf2JENm_E!UFsrHD-_k=*EJ^{Cc7skcBl%EXERPSCkdB`nD6%Xgv9xla4=so>l4CBlxB&6|!Gb>^eySqPCNC=CMUa<|x>pXfXGQ3} z)e8MGHF8r_v`r%wR;AP$=VjkknJ>Qv≷}^Yg`SNq)>Nl+hP>masUR`ve0q?k0Z< zl-QaqDary{!`^5iZ7A7z+x4ohmhhtxkpLYl9ioI}OcE!kl{|^%m*D*izm1xF8d$G7 z--!1t+mgD=Yj6H2C74%9TKC>I+(N^eD6+PmG`nsl>T&Z@S4oer{v)_%c#U)AEzQ#fhf7+4~; z58O*V7D8>0azJp6JJU{CPfX9m6zdfN4%TM8s#R2{J${F{Hq}4`725)9_FWZy6Q)EO z3Hj2gq}Z6h8!s$e$JSbEdgH8yr_{0WA_IjUV2a){(~PIF5=(n%%<^@ER;g#N@xa)L z7|otV!#QvzFD#F5R2U71h+{Vh(Z*X+_+Elt%1K{s8J@35!;f5pox z8By`YG&4I1I9xad)!3$LvyD?cF{h(->TO_LZ=O#A)QqU>ItMRn=WgkX3Cx^Xl}#Sj zmXyu=9y!ct`ovU2?0r_wa(@Z*3Zbn7KPBWw$EbAIw1g7u?57x84+$s2sd)Sd~n&;yJV`)exH!Ryo)_3@H$hOU)bkihTXv47g&N*%J+&&rSJAHJ%mX|fx4y_m+Q@$usn%LDw;DvZnnU||E&dvrWKdTh%U}>WOGyuz z=unj*TRu8Lz!dFP?0C9uKrzzyHtw6>8;S2n&T? z>&xviYm{_78)2hHmh)iGfzK=*6^alI5;e2~K_?OB@svsu%YqZN6Qh`A7kXg}wJUA= zZfBU^Hc$ivcJus!z-T+?EXO)Vb=?&+_w)>IM;oY~>OHMcHi+}xz@WPr;NCayKtMQ? zG;;o-G0t3QGT`xCVgk@#<|&Rt6+^k&nXh_b2?=y1*33qq%{{@!vWI2_XJ#pcZ5cDt z$2lis!XK+a0{b0P0Lk~vX~rSk1+)4Z*E$*%5@ifc3e0gP37G6#li2_@gVGf9WC2Q4 zpvTrd^-2gewb=^;J>|9Ou$R9Xt9;Nhj@4C{8@q2;%wZ;J)n~;L#}HI$Gpx>8t!a`h zXDOS^|3T)y*-}t3yv{Wd?u^wwlI)3Zz4XKel#7h9@rX#=57oW@VOjMc^E>gjM5*ek zYfVbai^SEOpPhRj>ZX(K?*3d};N81GFL!}<+k=xCljMvmK0xFoUT6S*drD4?mcq(u zI`yj)f|KAzw&1BoWjGk%47_vQ1hgvs{HJ=iw4-?;rWIyy@Z6BNztw`@ zYND)`q&iqasm(O2`9d@%Se?REe4aZ{RqkwIC=ib&3&Md^1A=$~J<1p$$cy{o0)JEk zgOoL&9n>m5JJ_BzXeiOCw*3O#KMV%p0xWqX^4W}=TLk5Wn;2L_v{|UsDN*!I0WMft z%*auS>Fh0;cE9T)l%|;Yt{CKmN$iLJf<-XdzAQV#u+lM zWUmz-p5d=eJz{72Z66(0#t?4Y9L{Exw7jR*F9ItXk+V!th@i>9><)=Si3ku=3KC8A z(HlixfW^|XCK%utLW5>_Zaq}BLPiJ*Cg^k9v}9<+2|h1l(1wO%=p{6UlMCu3s0&Ko zhYU2B`zVG|b0;JNJT2o#GbJfwNjG$4;oca=Mq?TJhUvqox_h#F?7g98-w520|cYR(Mi6qJb%aTUOvX(tkV?vj6yrv%&UNYsLw9ckkIZI^Gb( zRfP|7a)Xhyx7I8JJ=8zS;7LAC0q51ccY{;x7dAT6MpO`V4YHM5ir|?#i^MF* z3Tve=0ZQlPhJ>Kbgvvnh0mS%h45m})D#<<_6vCx}bH#+87ScJHTZFEW_0zJmFzxkm zE6wJizzpXe2F6ajZfp*Q<{IL|{vRKC&@}ZwOG`s_6Mn(Z_0XKmS$_$v(7oDqv>yKW z@8O?*`s1VF!+#|n4pme2k2{w`FF$TGl8qev#@sjc(ZpKOV7GZU(UA@m7e;(&rlyN1tu|xwBZ{~9&S^VV_e%++Zos^FzU4)Z zCPuz?%`jxfq7;YWR#kVsXnVTn{Xl(DfTq$m3T8EW=+&8XK`|0J%`$whV^Uka&4o5{ zHRn<}s!tGD&y&f#@9HUr$dp$DumvNqRT;lUeQaS&!FF0Fmf#ikREZJV)3PF9vTqJwQCUAKd>API#IFF^iS2XFrOk%Jy zBaihE2=7zOg_+P-O&Q{hNxgc24=ZQ_x<{Q+j3#JzdwaWI)x+F?b~sQ3Hiaw=Ba|w% z{MYpmr9qI=owE2i0AYLfU&mnv8hz(d9_hy{OsCcw{N9W-#B2(=B12#8OW^!4r%WwU zMU14VncN%qO<>LqOp;wt&N4N8;lvuo9Io9y%iH_H$b|eH1%)pkx?9-Z$rQe2$mA|Bo5suH_n-q4iu{AMiY3IgoBXp3Zs%g1? zTk^trnPaR|Mx~UFIOg*xo6zioD+x}TJN=z+`nwTMbD9y~_dxGgcL3Au7vo{>iE?gR zdrsLif-{?ql)Z=2I=)YspW4LIQ{{qaDy+P&E?v4C4;}bG9oB#Hi^SfK0RYhd_SLR)-}F49-p7wf zni~bw(~f>;hCZHYixfWZp+362{P+>|we4Gff$g8_j!9uxt_^f~Ib6BA#1nLR>E+jg zWHVmp+z5N2LXms)NJGyf$9ft_oJkh5bco&_9lQ7Xj^#BZB=wsC-;-l3r$aNGwMP6D znUx9iD_>wfh;ck6Enp0;Y)0ItmQw&#Df>?KgQ4&0i#cz-Y(l!H&Z>kJGA|@LHSsY{ ziPWAkv{Z7K8befB$PFk%uC3?PPbb!}?86aoo;t&&W2-kz%w;=dYMt#k#y0ZXe;?jfQ1umMk;1<=wVK{Nf;oWpoDTHIU$c!H>_`z zomCTx#JMb0?3O}QYN2XvrWpGxC{7dv_HO7DOw3-<+K&dCWJ@MTIG{~m#N}FEt zTW=uC(Stn8V{406Q|Gy$&tSm>XJ824Q)7!TJ_n#2*wtDYz6?VE!dGP}K>XD3zG<`h z3fVI(2JEd7v}pzWV~weC2ra8w@mdY(CVCCV;)*Q`Bc`D;4%nvp92iDeb#%RBaBW@G ztsC36&7JJnwrx8*wzFf~wr$(CZ6`bSI(ffar*7T4=lohfR@JJxM$I`}>uvP@40|bK znruYVb2@0h^Wh4dDo`+Kk~8_b-@1PSm~YaVvY$&Jyy*4@?$y9UAVEp3tgSZ!ALYXCA?Xd z(js>PWtGXxJIRDJaANL_c=Y0SC$V!&5wCH~YzePn(f4spxL)QC(u!owfXl~L#e{58_aj)6h* z`HM56rt{M)yAJa3vvCVt1UvAQn`C;8L=DD$AfgHoTrNY2HA|Wu_lB-GHQ5O%Ps!QW zsS7#rzrrKYNg*c0*|%EX#Jv96iXA^l+;%$CI4$?paguI7NBv48Z}rMJrE}mmJ0|Vk z?*gwpzpHuzHFf4QkJY?i;Xc8iCAyNpE!k+qQ#3xkYG&1}b|yjm8`6cAHr7?}nLTvK)Fp@fEDkIcq#9`V|16x$VAJedwRD1OH$hLpl$5dBVmIjozY*mEP zQ-ACR41koq>aJiKc=Z!k8sm5Gr#LeRVVHu{~_R;N92r-$N? zd45H5>wLe!Qd2D=z;TchEdAnG$R!E!WhK31%FyCkijgc>TG_&c6PH+1s3QszHo!Ne z>L?#2qT@LDZaW9GtizjR;-S!r%gkA>c0ocY#kOtjuWbH&3V}^$E2h2X_@OAD2TL1kiK;@G?ftrYXTIjd(NCL175kL3+TzyVe`yIL96A%;S&Z zj;c7`g7n?_)KleWRi|)6{Ih{e<1bNeZ`$^BMI8S9cMP*D=LkqU(dX5 z*>u=4qqfl^0!PmRWFNt?`Z31bkyXLQ0zMPj%h63i3F6*?d5!Pg`O(xn?=W1} zV{X$q>+1|VoMK6DpuTXk2u?e0tNwHd?Ckey^D=y~e{QBB41LTHYJKNw3MNhQ>pk#H zHSgS&yZ?^?IA{x!#iW}V5AD%l@y88Ed5ibpmFISSvFBO-IBcDF{39VNN)X!+FL4X$ zMGp9^(9xHGGJA;cp80$|sBiYL?wxc^A!-Pf*OFX3;$cex6}|$GFrN$cT+K_TEBu8$ zGlQ2goW0_0EbkKc<@&Vs!Dyj;^Y)?5%?RJ;bXrLvG6qY_1|a73e1R7nUIE{A{vs*+ zqB7zH>~95PMbY7EfMkJ`EOaT#)K-AeiqIgfW`5a5jE25MpE}t(V5G6B9tcLf%x1tx zuBbltW@o#EioLbGQYrCQt2^zi8pvx;yV)*YQM{!8^S{Ev?@3odP}56(t^8vd>mwm% z{r-IO?=xL=TUrmhv^t(9@t$|OWmIw3+|s9MdD1uAtbCW*sSPtSqW9Iz#67w*4qDg? z9b-K$IdVHQjApOq_H(#;8&@`jeplp!9j~bFaettfFp30SA?Lm9pNYl`%cse??7qn# zZc72S@$LAaAljZOo0pB zY=FnbaBMS-9^(ELN5CqYnwoEC5w~RdL^}eH1{M|MABUgMVhB2(j7fl+5_nT6A7%zU zPPU=$e#W5?DYgp$M!?*&%K!K^5YUyS>FVK98ixQM%s`Ag7Qs7rKx5xzCy_nkR!&=@ zu^No$K+AST!|wFyi?lHlr<)|-o%FdCkZtJREOTn*EmJDmo`iY99wr^B_+Y#WVr7_9 zI-?7>|0u;48Y38F8)W1tuv&wG11lKwMu8`b#J83X{Wb?a@l2CB7&(sXS{)-DKEX<* z=jTGg{^v4ElguZKLlrZan-P_NsN}{i&b>kqN*`EHf-(@^I#Av%hfcTu&kA#!(@VA0 zB?ov=plN|zEg0;DihxJ_uzH?Qi5!r1F?CaUH5~AQWQkf12W+v+jM{*t_Ey@~tA856 zEcjnJNC$yX-1>wtWP?gIj|xH6Q}MN|6?qY>Ax7L-v=rXMO{oNFc{d0j z`m9XriLl!=ZPgdhh3Cjj&>;&)##&b8p;=xPBqifrNB*E5*>kePLq7fB>~B*Im?gx7 z?fR6+F!*lA`f_z#e8RB`Bl z*L4Xx_ifNEQMuiK8B^x80lGV!x*9s1RuP2JvhAiPSJc~dV^8=}YBZXfe5`j=G$ZF- zNAJl7RmuivWn@ni(R)%}bN9LOP8nk*L$2K_49{t0ne^2A(;YrcU3B*0gwz&@mQkH> zm}cn-t{C1f?@5e}Ky=mc!Ac(y7?p2ea6l|X13no=jw-sN4Tg438nrp!@$K{Nv3L6k z;2>qMc9cO<dO)Y8e!-Ow`&3y~6xOP3^_CP$LDRt;!7q(YSb&!S>b^_HqnpQIM zz*1G+KDUGPgy4zG_7V)YVD!2eHWw{ZY%JJZ;TL>9Hs$So{m{6Yi^`8E(fI8b{iXj0 z0T{PVQ8*wYK#Sh+m)2gp%a_YFnyBF?EBhGRnZKqVP8}uCoQtj>c2eq)pmpuRO)JP0 z+JiToS4lQ6RNqmJ5Y%*0`-^EI6ucM9M8%GuhRgi6jbqNR4r4HPptt{V+V?oMGEr7)_UCQmt#jXJ zG*v_ZX>_dp)@X1Rvm5{vti$h{HR!};bSqvC+<8FBadC8;t9JNyD!*}c)8E8xFdAw< zOQ?uffJ&%)M~qxs$>dh>(eyCMSeAFsCR)bfBndpp_U_+j-1k@ zs;;iF-2j3Osp7T(7t2mj07p&3q@#avPoOvQ%F+e9b68983wFQW&lv`;q~m zof)1i1K86f0o*Qs0^HnMUv7^9+8#V_e);eQl#%$Cf6c%$*hi474;mU0^yOyl>eOw3 zjkpneuMMsbx(+|3kM~=-q!yEFnt`=qj#ZkB3`WIM-;d}zLCL%$pGdQe!+y(!pAi!D zvOH=&0%E`~OhtOkKeNmd6GpL+!`(bpZ6vKF$$K@e$$LTGh$JCo!O5dFoA_|_E_PTp zogtiRWCLnMH!-2BT{XVC#I*2lQ18eStWe{?OT;gmaddZDmmbtFmJpQ<|AGKKODdqS z#W1+L{IPz95l)W|eLKRnU~^d@T)TmqH8#Dv3bgcHRdl+cX)jnbqL1;IhV5 zk)paU2F&=hy<_jcW(5tf)1b52ZD9HdTjKv)qV@Sxbti-wG@?J#g9LH(GIwlxDP8g$ z!+PDbYHAbM)Zyn1oS(UJUo{0d4#Fipo5|Wk`L^?WF=!nCT;E>tbe{rj58E*S=5DO} zlxC97hM2e!+OATaU@iDa@F9^SIQlkLv7?<_ZWanl=qcGMrs6;Xg*;yo5fs#(Z=_vL&1~S^#+r0_bnVQRG{q+$?j{ls@Fy*Y*(MxwrR)Cm+k^An2_A2VvD=w*tx*$n zT1l^iwznJL9_?wBwU^_pA_gu@y)l+;0D}TzW|(?Y;vN537Q;X7K!@A%K4!x5h2nJ( z1JD}WfFsQv;MTg3tUwo6(xRSx+~$-VjX zn@KqR>2pwje5e&=KK}#W5(L=gbbqdz0NmQ$?mYb1be%|mofZnc+~K?0P`zzWjdj7dzwfeDWQp zIdHP;o&By70n{3NyevDu_kR58ya2Q|KK!}O`Q9CIx_s=FMRvAY)2p^s);eJ@8YtR}(j zHyZ55=u#g}lR7au&3grmh!pc{q7|HPw{3g(VWk3G;>v(H7I+xlDz6 z=GFI(-78WVV`B#}M;UWd8QtUYBisV8$X6-2D7?jr=L9dROYx_SrWKY1h0Ws2bl zf$MXO`0e}-V$j^GdgLKR1Zt`Ee%n@13rn2eMj+pY?XuA&`-p!?3RBMi$C2;sQUv&- zQ-k_<2D~CRg=q*s-27r-V0R#V(1_53TI&WCCC3||^eJVOpq};hn#HMmc06cDF2KlT z)bD|g58(FfmaBH$n_W74a|qa(aMJz;bKldl zEYlVihLp~( z^BRY2t!?n#!cOFBLaH4SKf$SC**F#e>HZd)HzRowpgn;G7rbqqm{ZYRsv@pM? zkTZQ)@}ExzMs;VYo~|tzq_?9Glv58b@p&xKX<-|L!b|Xa&C|6Oh$iS5rX^o8wVrcO z#`pVxeK6~*mP4tnls(630}ieI-Y2m2It~HO7GEpYM~%ki5uDT4nvs8RK6HbfsH3Bo z_tnGyGz-(7-VR>3!m3`iwa=E%+wYH0zy53w{Gso_()C?z&$;ZlfM3K-$^J!Q-D+#y zL;ZVIk=wchR2$Cr-?iG;$+BL-&gOL$K=b%po_lInEXAK_<1l^{@ zis6s2#&Lkhe}kn3b8&sIN=a0vQFvR@r4G|;iu(XH|6=+x)8>37?)rpASoU~mH;H1Z znEH^Fw}YD^P!^bjDKylj#i!U(wCiX;9p?s;2$_#T_WI~7oJV)rJf3dCBprHoJ?}6L z+PJ>$SUr;hMfZ+Tgb!zymtc11lsm%?_)&1fYDJA;c%2hKW2f>Ypr`liDhJRRZI1u1 zH!5L#BaqP$b5m8x+8McB`tvaQ-ploBwf`?`zm+NfN`kEI%MSkOZ+_ZEKV|#q#~%aG zD+fTlx%RU=)`a}BOK_tN6=?5zXF3cD_nk5eyqGtj0j!|Ith#NVV~ieUa3Kb@wJfcO zMb6mb7U9b0=1+#;B>a~Ly&d{$iLY;8ajjQHq4idfyZR%JCuGe}d6qDwcy&nG>$(C> zlkH=2G^<|U&d?On_(#B%2EI}&iaBy|)Bl7rz)wGklxQ8{RM-&<#^hBxD40t&DhO?o z87igrDxXD&LAuMW(w!|RkB`d3jxMmB-e{V-!*vXWok$&UC->}XmG^fo|M$a=AU$C8 zd*-46lU{>#d2?_0&h3`Q0@}906?U&M_ z$8hjkMmI)gKU8YJRgiZ-t?%--20N)cVP^d>D&`Z4j`&L6EUSFb?o?O|U|(AYjr1b_ z{)I(zZ{18;o$;07+N)GwF>7}&pSND?KW4p5`~FE&1CR5mup$5(K&B_{q`%vMQ5L6> z;1CZ(LM($l8%Ac3k={sV)e@^kNKb2rm~qnVsDCF~=iT2J2OuR}0wK|XOPV7fPj5>= zA5;1Q_|ku`&U|-&pQ`0VKoy_7c~ICcKMFUen;g7LrJx`Q_0}OvqyK({Xb8wn`FU8N$^38?$5ES99rc(yK-SpxyzlQ3BXq|B>ts{0G|kgSe9J3QIZZnz^?0g^ z&3tSu)JagU=_%PqOo>St1ZEnddwlwts1XtjQoih@Kt+UVwIeKrwL*|vhz>(bG1nbN zT4iM~H;|S^hP$7=AF}-D17R8P4D}g@IxB>RC!klE_b2+e-OdHH-m8p-W}FUYfSsB3aF-HhsRvDOUi%Pyz!4$ZM{ zF-E4oLuUMa;p5~jeM1ad{MUtA=E(}*V3N|wAf;_gZp(H*CNdtum|59jshp@(xTNZB z%jLUlp8UXXmVQJhtLk8kwimWdf??qDb-Ngt?e+C@`@+8ftZHJnRC;Zhz$|D@SA;81 zUW4iDF-G!Cb@g&dEg*H4wb{_LdMmJP!i>nmOlj;Beuzqo!51(O#-=_M;-$NumN+`; z40Gn}7EPJ+7Atn@tXnTeN7MYPMS$!Y(A0TAsmq()=?>t-H3uT3HT!vY#AeSt|BRg0 z(~HdKt2MN8ZUg-W1v3!d4uhMa^d1T3@P(l(MJHy%XqplKG`;plW{B-JQ)?=Z7awi|MN*eSCvm)!LG7mIjuaE@}UE_tw?$R^Iusn*zM-6&?UPKNh(oyVS6B zr{$~G{Hq;7t=bm&N^h5(SdW-x@L*MRpvz9pIznGQ$__;1<;_AwJ!@7vu(5dUV&PJF zrB8c2svW|(JY>(!V#HhYy;tsIw|l#^)8%9LfPZ+=C9rW5O?gaT`#po zzzrXFTj@_7!t%=t__~)B{7yFRB?1O(XO|rRj>P5ygruv0fYrZgNvG2Fs>&iCy{Sd# zctghII^$b7*vuFCg8(69ei2X8u`9bbHR7w0S1jyRezgfH?5B$)v z(|J^G91nK1VcnUSWEU@8n%z3t)YPL=cv73LU{8atW$pf=%0v5Vi~c2a5zNa93XKh< z>MAq%MXo%>>Wz>AM}eS87>pBHb{?zcS}v?p69N!sMy`CtN}UGocQ;7T&J+3tGv!td z@+~lHS)41|JarXAcHr&|1TX9&Myc>_7(lAiv!O3I_?_dIT{K|R*Od_Pp_YU3bz7ft zAqHOeb&t)`SNFX#G@_}Y`hfrS9aH9yJM!M*+}CmLMSf@ZrJ4O*TLYvg26%CMuK4+{ z+aI5Pt@kYUQpEqWY|{!q%l3LQ_91)bkBPjGp4>-VR;;!6KHgY>!|}(iouIAwGh(Fm zxNDa-u#;E41VBsWpE?KF{xbhSfA_0v^pgkt$Zhhs9|d^b_L`d@sQ32oqlYqo=>_*z zm%e_%x(1Xs37049{zyw$S43e!P<66YxcGzR9 z!B`FY{;iaKWk^irUS|R4m6W|u7siE#_I}N{kt6skZH8=%P*28AGiuvza&1`&W9!p0Knjb?|ZkJM^;-;wh@8VX%$2eoc6A!?k}+1r3tu0&dZ>& zPIGryx|J#WCv`V7VKYb^3@xiE_F;&dXaZ)@zcNiAKi$(KDcLGd6$T*R;l&2hA#mW7 zjxi+o$f*k{nvd#skRK*G_K;~MEK+J}_lMKR4Igb5fI40s2GDl&xx2pUs}>1p16=6= z{AlGt@ukDNv`2lVOs=bHNv?Wot_{?y2hOUP@c&F&v|a*z4(fshwbkIBL3BMh?B?H$ zX3A@C6sZ6~7**qB$bCu<`d5Y1pM!ab+7QeSSplIFQedi_b>=Roc*Pt$ zhe4>}Mb|?(v$qJbgNaNz$n7j(8wS%Q`|eCKl(7hDPWbz^fegS|NPiw@_e+j?QQDs{kENtTWwLl*js5;=0L96 zOOe&}sio6jZ3+JAXsE;&f9bT0?i`mJoW3r7##rg6v0Ag zA@^kz_O`_)(I9ryGHAQFXg7DN9X-)I9kSKX?M**?`;O}z7OwH#StraHZ*Y}9w+%*j zQAlLy#)ru=tP)enZ1=XEe)?*RDLwp>A3;G`&#l}6p>G7NReu2Zw}0+;7h3sXr3w#U z!;-ff9T4!!+lNe_ptGvQgTcbJewj6t?c2xDG2uckUyJ%_MwSH&;|75}n7eM6(*_v- z;f-g}I5m~_TDXdAXiYFHc;-E;J#~W|3}8K7oGX~?9f(KQoZwSH&>_>z9T5ciHr%OV zz_9bsuOGk|plJ#4aBlmb@%-_fvp>T94KQ1=&H+682#vH!96Pn5=_PpwfV>#UD3i?H zX)gifzLo*n6JllR4B7pM-#=U`-q^J?E}NJVE$L63)7r8)T$KcDB+N@ffB^KaJWCvD zie!SMMQ;#{J15*;60UC~M|vD0C7HZ~48kJX6Tx>U!2Ryb5b&?i?+e!6dv38$@wR_- zTe^=!2ptW%f~XzXdDDTHU^mez<3Esupokw5@1s5Rp+bWoB7y2Wpy=q4PE7t~PyT;f zaS}|`u63gkxxzf?aHd-?Z7rm!XgJM@FyhW5giT2Ny<+m&0_z$T>o8C5?zz>1pk|!S zXMuW~l5upb7RY0!M-_J6neq!64${=rIukf?(-gjVGhiQ~gfGVa201PN%}qe%ydQEo z@SIdk^RVB}=63an-;USw6(8W|aaGR)9H-Ey4m3yrliTQo@>u-(hhZ#B#S*GQc~og) zhpqVxJ|PZ|_fXJcpTZPQZkoQI){QCq>8P#&E7Rw5-<<}Qns>?a+5*k+ILMHM!b-&T z!x3ecNVc|t+;Pvws$ph~DX*{PDS`0F$BDteI3Zey2f4qv3@Ck1FyO$d>gk)j6}~-U z*i{R>6+q3JiQxn$FqpHhQ2F-ANNk(cBn~fE%&Byc3Gzp1xBsicvs$?5&0c4rVJuf? zHN;kxMvr5x7}IDx%R;Mel2Bp=Il;jDYmT6KRtXJ4_~MtgheGSe5HA$v4BOQ{UVWB5 zoh0+8*+=Ge2&b3*??kqda-zxfm=w!lNg?#;{_>0_WxoX+bmYiOdS#xi$miA%=K}!G zeDoNHCi%;$`s8bGc6WEjXK$xlF5u9Wp!pOcmi=3dSvF%Xtr2@eX|byq00G;yZ_xMe z<2z`=l8FXvzaFDe@Ck7|kvb3n`J0YxKk$EsTo$j!{f_~JUVghHdn`W6!tBdQ-O~0U}G!lU@fs8w2YG!>A`!N+!UP-iDMBnVq zR^grReC_RhAt52ZEM<5ToRT1YT~#T6LK4RAP)5N2(b1z^*p zxiIB%L~Fu)h#uBIfx=~&p(u-;rCCNdxlY_s^RCE!|$)G-N;9$u^rI486m`n%h z`l(Jre_!c6_7GgW@^7TX#re$bCoqG9Meouj&HTpOcfwH+4afWB<)g%&-}BO%ON}*4 zm3n_eMGo*RB1=Sl`V>gGLq#^{iK-(Sd%wgr-&+Iiw9^hb>Cz|!ME*uNQxs@5>73YxDrgPj_w@R@(Mn)X%A?#-q@SxHGl=bkDI0O>|A z#z=)j*fQxr6jHMUt9Cet{4y3OZWuY!_d^?hNR6x_h_A_0OjyM!O^hZ(DD=;}T^uPi zikc%=ZA|E}Or9VnP=#*PF5l33H=PK3?{6Fl8x~ZM%2kx#WCTY{P_yo?esm%^F0yr_ zRz%YO>Fn3KSd)H&^)3JDc<$jr$(T77^e2^EvHo*2QE(n4XFi^%6*}tbY>F*GG9^*B zQ*e<&uNAhf={wiLW>xZS|BwAjPX;_TU46Uy7|)ZliM-}UOpvnV^mWhP`4a^{b^)*+ zxXK6zYCPuR{EosITB~0WpKao`%)DFwg~C}H%BZMR$?NX(K2S0BBrc1I3B`~;cUtVX zVq$d^4_=I<(}ZQ28;N9{W0bYL!aMvgsjB*cwE;>0xbbSubucU>>3B%C$Z>=*^P^C5 znNG8s=WYS@L)PglY#4lgOZ~Mev&UmvW8Op*ucxALOl~tX6(^ZLe)0sG9lD0K07)F# zbP;hiJ}1{TY5KA*huqo2(+!98Qki)>e4%_S*-FEn>##H{-AdA$!gvs(gd#zk<*u&h zZz~E4agUV$7xy*ULQ_FiP&~_d?AD@>1E=wj>QJTjs$>nKq&_Yu(}B|4BMo(XO<&X% z_so*ld#UYM{g-h3X&jJI@|YS4Yg!F*DU4j~={ zh2DI{zA#ckgf?yKIp~Ky@+_7HSg8Go6CfR2FXn7_M+4lWH?5^6gRKn5mb|{nAYqa` z9#Nl+bP6d~0~V{Y%KPT4Y?Es4&~^DsG)Z9_@p;p$C`_``r!G!Wl9x&`0yQi|iUSLm zYi)UI{w=%0rNAN&6{;186Bak)#3W_O142v#v0L)wTsBffORa3A4;GfT9v~XA6gj0+ zV4^Ie|3Ckzzs_g$3ivc>8RA|!f4~sJp`W+py>uL?!OXWX%~Ke7Jo+1WNKZW> z29SG5oLDLD2QsDFP8u_>QuufNZRdh->vcf?S~8;mas|E8JL-j8>t>Sp7|KsEc$2BDRfXr~?+hbEhzkyhI3>!YWi; zc}bI@j|`XsTAAUOr1L?P?#E1Uu8!M5cBz3W$$74c(E8D*7IOOy_?p>fj$*B-AIyCM ztS9ZVC9S~i$;mD|J0NHF;pOU)|C=|ru+>j^1J;)G>P6!@P)@k(B>sl2#p&=Df<1^a z@a8pD%c2m%UPgJzW?%C*PLU@sY=3)c{5>*|SavNV5F8LziH;i(mW#VN)edM+ znqv8@%AWoGF4k|+A8;?CUaxOB%&AwQK$DkH`_8$bjl^|!p-jPXlA znai&PF2{lgYv;Jje~gL(8*i>VD8*Zd7q7c^-+!G??Hpdpx6fR@!<4-& zhTDN1P@CASOk`b7Q92^z{w=}~ z4^%pQLtM!P&nl|sqQy=`E1(7ymmJRc6C3^Dc#kug zxq%FKkV#sc&XhROfb?vE^)_ZV*4-Z{$1qDeG@SFYdV2IT3SHurw2XSu)}(lyQz72A$F+Gss88ZQDm1 zfi02TlrwzfGy0uhQ0A5K?sSbxrT-SI&7tqm_R2-Sb^DY*D!xDqJiSGlQ#>ONKXZs{ z$+xkg|JjL*sc>*_Mp?xLdS+^^dM`65y~J5?o~c4ubtkxU6c-23r))yW&2%!HkVW+@JX zn=TrbpdfQ*!CV=Kgc77QI>iK2hGN#5@F$M=5C?C@l4I)}{wgaUY_a(;VOj9A+0^^K zTq~uFd6>dpZ{htpOMn2MzY#GuR!)32?h6SNNjiA=_s5J&wQCKj{(#e9t=BH97?|3S za5#sUetOAUnUbARoFCv0z=OHv!mZLIX7nRVUWV{Z0|DrcKZPtpqYGcJi@N#hYK-3E1PO17vo!%$DiW&~VuWS=5K*odTb zPz~SjBiJ0zeK(sa`J9X^XMh8^EJaq2ovc3_5JCG7{_fW2nuNO;Mn{`b_I$VdVP?nC z^OU7-g6ZsH=2>sf@1!xF#EKmAx}&^7C^iaWYvjhxPK|2eMFbA@Sad+&8g zMIB9Ox&mZW%6ttyNneb`!3fOon3^N!c&`pf7Cvaaet+o}LF(sDMK%o>xHuO8l7lbx zw~MqUPt{G1Q&{TnoC=&b+gn7#exrtSC5**cXTJ+%_;*;Oq?fs>@hmy(q;pyHeV@P;A-WZfvv(^;~-nw#CQ=`NO@rv+e8|V=QXNX6(&-t16 zt7pHOnj^Q{SPEFzdV?VpJ)W&(u@yI3df>2>QO`pMG;{`Za6+;jO281|M#Uo&>vHCu z8-OTjJu8we*sLqIuW#gej;_OYs%2`c5s!|q2!mvw-U^l77P1u*ytof%V>Ya{<8qqq z4&l0mArG#jpE~_|blKZORJ-48obR*Ai0I~XMeca{K6|z;EOqm?8+P}=d{#kGe&579 zw6M!58W$z{dz z97J{%?{RVuVygE63~`Tsj}g96QqJW6%zI{AKW3^lD!gsvrg6K{pR>hG*|iefaEkrw z)Ss_~Rok36_i#Ylu|ixAZM=I}>y`i)iX^?+=H#d~lTh)f2_yK{;N65kE$StO?60P3 z##!!Lh3c<=NA>b2BvKYjgkXahQxSxYgC9YiV+X+nnc*wx5X9;zyrS zNbDM#54wNU&8&|a4DX8oat1kbwwo*W?t1w~5kCvvpS2%o6@ns~c)UIX7340t0rjmY zydm+`lD=Nq*Q0se_ny@m>ls+$`UCU}-GJujNG{N{49sQ(WnLP_l$htc((@oS0|KseRB>RFcs@}SBT|-d4qT0rfqNwSnkYTV$>gaDfq&3Y; zw)hkj%!Dy0)4^A?RlMLD+Jew^7zQ@ypc)VmcvPe=aYQ z91Akv5BWD8u3Tvd)NK`A$iKV7Z0$U!UimF!PrE-c7^u!N7|9^<9CU3-0Iu$*-7d1ulD=6R(u*J2WgI-~ z`sW0_+Pg>AzC{=*|56}%>0Q_Ta^;s68TGqz-(nE`^HE9)KKQV%l!zcyNdTFpL?*62 z#l~YM;KL%G_NjKTaGo%CHu>)OlvdyOdoh);I(6)7WkbAj_&`1l!i}EYhhdO3w@g}3 zY|Bft3+{{L%aZe&RNFW4FvnASwE~lHeU<93q3DJ*n!_!41`L6CqW>$67l0JMKHv|E zgWWo1+W_*barUkm)1?7ZS>>svHe3_s9d=BebTakA5D8=&bj4Voj6xEETpuU-8VpW( zzuMhiOTbG+q{!gzn%dm&$JKgQitq=B$!on$KQnM zu=Qptw+QHtg~N_hFL0If8wUTV40|%F^Mq*Y|MM`_qE3r>8Ue525GwRYbb=*h$e?Pf z$Zxi~7jroIh8(mM_>lc}>txGt2Vzyo&^OISFtTmP+<&YDC*Deht znIs)qF|(_yoPlV=j3oJrWPjb3OmZI>t!AYbvn}J*k<@;nEouB`VN`jylz2X-E9jUD zZh~7dtI@J#cgaF)&4QP>*d%}Gj?v@dCnl6E#RRy@_)honHYIGtsF!nT7gb@&{A#1j zf4`2OTv{#e+O7`23zZa{H#Tk>?RP3nO4BN(N=>NgO%Q*GAzGdFjkg@nGd^HdP^3Ip8iX z>ufgpu%jRKH(OExT+iqK%D?_U?nV3uT~BBPWK>?~ZnoQAvpnN+B#mYN>T>HffC47O zlN4t3xV*vQm;C)pnI_?IUtw>uKdC~~n?RaGX9msCYVY2@O#$qKM{458DDA5EYZy^j z5F~*7d=u0h%Sg_^feJtCMjXbQu7tJ8m`>(G-7;G$5 zk^6UHhGMuk4$_e_F**vE*Vw6GA0u^Ufqz4!1LLjiM&j~GCl8#l*z%LTSU}zFOr3&b z85r>(k}}&AiW=AIY6xH-t`oDnHnfai9`o%X=qiwH*PIACdY35nl>-3{Cu{!)7vxVP zbwq?L{Qso5h)S%6Ki0H*S?sTexxZxllq56mScZaePpj-Ref5y8yDf0j9`#}X zO!K{{it&dNlSMWnxLn8~ZRy$f*OoZqU9+GE4@7YmTDvGd&TiO=E+($SsnSJ4hb7qX zf$#$E8)6lWq0zGwvuYGc-UA~h4T*}sWEyRax%Yo0T`Z|P{3R4hyiI(lKlG(w@l7u5 zVfa={oc2Zq^ODscKfxPTq9@Os0$S4}UU%t%Kdfo zs^q z7q1A<7NKv5Fo!^9iJkcz1>OKUVcv|cK(;+pt0;#`X(})t2nU$`&oUvPi>mhJFB}$n zg@){1Y!3S8s~y5=ly$iH2S+Rb!zPCT!?OM;ENpeL>m?Wi@`wGm8H0&D@F_LW42%>| z77&LtA<#@gnM>bzm=>3BqC=a$KWfbG4YtF#h|1d;Jia$l+ISp|D3ASz4l&rB<$K?C z<6kTRb5a*fK}x(n8)U?85S|}H=MHtJa1P3&f@V4*T>Q}59Vl%7?Fz6c^9H`D-h;LV zMbaV$BQkjhf@1xtt*nY}NRa-sH|Lu_tmo^WTK#H;0C^JR2aP@~y z-}xz$-nvW`CS$AT_76$cGc$iSus*%`UdAXdP`+{jIjur_{#JI!sxU8?G|<4)8GLut z;40d}2xYFVir3fPQeGi5S_|3nNC2@Qna;ha3I2-9CLzQ~$KaHKMHl4!-E7P#Dv}T4 z?t&@il{8*k`Sqrgf3M3m>8qm9zRP*0qBW0>9_n3T`mKf*`yE2IW+YC;@A&Ul`SV8f zCte}TP*L;*$F+Crf56cr!k>22!mQ~tG9ii|nSFy<>VEvN2!w{J=uxLjxv+Im$bMCt zGagv4X`;&SFx+}EvbNO-YLu)Y5*6#}zt>qY-P3F_93CdMLR(9A{c9bTBbhA@gDJt3x zMAh$=GXsWSO?Nei`+l+nJ2lhzpDdwC*P(dt&pSms{TLiXwQ=Hz0cQ)-+gR3BP|1?9 zafPuQU&HhgMWw%sg^Y{Z(F9?ov7|6FHDhCE^V(Jus?*{WJs)0rqHMwv7i$T@57WHH zB#FPhWmHQVifEL?k1@%YMWnX}fbk`<6y;?R=BtIFrB*d-UiE*kb5a|cXW4Kg69XvXA>(n8Y(_Ido_5NXnczO{}W{n$Nv%K zu)YX)D&(m%+Qa`undAQ|%KoN41mwq#Ofo-X8V8~IM8N$CkJo>H!!Z@|#aHaL`Sv^5 zh09|v4@f&{-qMRl(H_nG%0v;-6*j)_pjiW&bY)-g0{++Ze>JyY6 zia-XVxBAdfbnb`tt_{u}Hqvg3W+8T`a z#zvYo`@dK_>!7$6Z0q9?65N8j2MO-(?hu?na1ZY8?(S|ugS)%CySw|>By(r(ow@VA z_s65Fpo?>=tHMe5-s`v4-p83G>x-lARsX(*%ueVyx&c?}OF*`!2(pyTsuf)329R-x zx%mu5=H`e zFea`jR-1KZQG)4tR1LYXDwmk(o@szyC{7mzC9g5*<&7sa-E+w?rp>GTlP3`U!4n8} zp5J&v8Gt9$2V*xdg#I6xordVPSE1GPhzCbD9^+!FYao=kgvmZ{0ZrRw|5d4A)DhV*Gua9PneYlpq= zMZ~ve%}De9i=WyZ^t+A2=B0z7|UaelX8m*Q}6YQ@i(~P@E%Ri*&=!NB&U;-5C zlv+HT!}guEZ&OAdB0Y4aux-(>zXOW;#FqgZ3z2-OZIB#L5y%Ls8{i4@pn=FRfMeOA z)w?aBGZ2ul71tGr_Zk|gAP0&U|DIsD1)OFKp7>iV^-Hf#l+mZna)S43S!L^4T6E?- z1{@y>p`%@a&c@jo*9a#e?+PM6p2-q2u4SVN61E8!v z1W`Em6Bm#OGT^_fuS4D2Z;*p7!D*5(nH83n-Tw zuxS4J$jcu)BWD0kW&)8hBS+twM-=e-F>kLgRwOS8Objdr5)G$>5-^oQrol3py=>jwnyF z9sT7kkf9}`g!zN9V7QCF>67BM2I-)ionuCg*Bi+3DGI+^cFH;@n$Hd8 zVS1{446}u;r#AWo-mJ+BE^HXcg;sEUuR42z1~Vv##tDN_q8%fM9~nU`tQb`($j2@ohXAx zI2734wyLXxVRdd4*}SX zEH5xtp4nK{roy14ocW3wtP^PhH~W<`+pYms4d{bH<40z7_u9=n`ZWjLZ{k?#tKPtQ zKZs6|CtJbun3eSPoUVw=U5Op@=Ux_1DqQbZdim+x4+h_dXo;?n_q>)lhrFI$aDCT; zG}4k>AYpC>;jP;22u+SH#s^7 zF-Ed>STweEra{1b6?=C3vpgiA_mN=V+_Bqtwkq!4<)v&tqn%|?=CoX_F0rYp0=E@M zTVxlH-R|#7&%=~5l)6Nu%0ta#OFvK|C4}RgPPNQlB_uJlRXO`8QJyL+pp!IdWd04u z9m9k(cmwFECTd^mX?g&*+2m`^v6>of|2|P|WxW?X@JR!TeGQ#?$99W*kNSGPb-lDU z36i-*=b^7ob|icmND@~a^qj~CWnj$0b&54zb?}lUlr=tWdm1n%zhXxXejsKL`$r)> zpW-j1OZk|d8c@nrK&4-3=C$u@k+BHcpla~7*HNPgob@>kVBa~#}`OIFqX|2pwEqF0RQVl z`CO8$@!`|+Kyjww(;+q{d0dk6EAH^PB>8{lH=zy+b&)n;-JTGbK=M!J?6gDbI|ay1 zimZ^goNC7;32!??X~^)ekdOHDFxo1XU2u058R4BGpW4$Z4QGqELMi_`)!!0ukgpB{ zN*Q$BI0y^AEH97a*YmZBJpwqN;zE;NH>v9pz`tIP`GGTO!yGcZUtf#gAY!qHqY*b; ze=*oG+K|4DC)DwVVC}=ucipt*aMnvGFOWG%uL0B7C{3#wC%4dr1cKWGKOC@x`Nc<< z)Mht`+xvrpb*@#y<=x`%LMC-{v-DSs{{&N*{{U0YD(ZlZW5{V`gYPKElfVdr`dXOk zzw}_Byvqin9LO`NoQEz@5W3gZB*=XwP%!ljblQHEB57YbA#0c2{cNQnH?&m%ei z87P>}FQ4~Wpxg#Y3iaWczlMrf{y>p8>7?B5<6pZr0^=jqR+xbynP@^uLR zqEu0SdUBdt_9hkeMx;A=iE1t^bfn2(g|@~LoR!MX8vSJM)~@6;suO(H(|f1B8=ii9 zA^x%@P!GhnAfgj9TX86dj~A%t=fy~?-#Hd-VX<8t=rBS@q{F1nBHc|}dwvW63^!Fd z_eMd*(+ehG)Nx=@ zS8s8JM@7|tBpDEOKkt-@@X!{0xM@T8OOWN}HDVpTexLT+W83_P$A)k3Hy?vH@F44< zaRL6|iBHWz5V3I|ZY)H6VZ;+5?W-UHe}tb73EY}v8U!*x-P7E}Y$UCee0o6}g048* ziTj*x|Tof$3I-QONA>=={_z)?vxL_S^sIX5z(;`Vz@}Z zf8Z_RhnW!@=w!(#p*|oS;;_LJy$cKw=+pgQgDRr`5mdc{{&+jq(W&?6mbmFxOHBEp z>u)%f3clcu$t3I9Cf-;Qr_&3_7Zj5&zVt}M&)>)UBVVL3TEbn^HSvora<6rJ>LzyJ z|KzZ-|8m%d2qiLQRg3&UtV`?{LV(k1$>a>g#YHa6Vhln)^-@qsFxx##V+lHWTsG$z z3sj8@Tsm?WQ=^Cb8Hunb>8as(rHB^Y6ukENbaLHJLeNabOk~WcsHpB~bY&Mtx=yov zd+UfBl`wQI)-Tm6Jq=ZydlC^jXuDiLch{0*hN4=U3pUn*wW=!z;2Td%36>g%WU6D{ zLuDx)+e}deWHw3FNy`>D!1Ld)q~lPqf|Blcb3-$SH?6?>YK_@FtjWkLAa~v# z0$z`6=LB7%$EZ45@bGf(VH?joeO2gp45(YuI9dSHI8-q7C~Jh#z+byyTj%0chN@Gi z&S3|RU)0Vcm_>s5Fjn}H0sdf4eIBuwKcQdfLh3VT7c!GFpfm?CD*-;qf1YY9toH^m z$I)_wC71#}%QpcliO)I*odc-n0U!H${sA4figD@iAYngTaZ`;o_9C1PCuRnh^DGa9_hA+?u1S(;4^5Hr8C>mE>e{ zKvCB3>JWd!!pT9y1Ro!H4nO#Dh3G2bBg}U>?sSsleyN}H%J$Lac_aHe>&(=tBh$o= zuKL@divGLPI&}pBGULsu8=rhP1AYxVwK!A6V7R;6!tV2-tm5{rQ(cwOW;FG-=Dm@n z#^HplT7IC^GxAr1Arvn zOWsv8G@ClkX28{<-qQd)K^5Q@T$s*0E=DjlOK`0t)JWVl+MNGXU14`G3>nWKrhYVH ze6ROojY>W71YTPb_uC0x3rL%)FpS4_1;IjR>Hc$PiDZN=SVRq=*Ttt?O41};+M+w)AsIgw(HvJX0Ccd&nuy~m-RnvSp!x?F#- z(TFX6f@3bg>|^hK#BSn!CX>UZmi=|=I-;#ctdK`AtefL&%QP?DCy!+j5p81EaP|v#0HQT&P z38ZMu`pIbvLc(THu#*I%X<+{SDtk;rplH*LNVxi>-+D-Rwd3xPS*$rnH3eLNjjo8i zT5J?C66=uftT;!TeXJZs+>j9&_WgI`lpuN7`=}n$2+jt*FU5=Lqp`Qp90Lip;~@>= zm3BW^LaM3rt5g^pLs8CTsx728D}1P}J}g*|yU|^qX!)jBk(N0bXJbIr)rx>WS;mrm z5q`i{I@h_8rI49>W}_jZ^3L!N>XmzFxBbs5?)9sRuj^{!<}P+I#vQ7q%1u!>{V=gcbZ#oTS_^o_QBWWC3T87OgMIQUEqnb7T6Yv@e0V><&bQ zaLYRk^E|W={cmk~MJ=?j$Yx}eyM2CHCnI6x`r?X!GOh!jGqj7;!%1i5I5c%fJfJEE zp7XQ4CXqm$5dm775p%$OC-jHjtGcQ=1BqzaPF7WHEUY%T?5BSJ>UTR-C~=x`nY=a@ zEmzQs?M$dzx;ko_ZsNtGhUAIy62#?*wH1i*a;RcQO(op2!?2V|(dnv$pL%E>M~t`V z#LthIi!1vA8qnAbd&Ju3uOzL-Bhj%`dr6+#txa_=00EhIl7+oJ3cV>VddY>76-y=j zxOrwft3O`@>X&&1WXFv7ZmLr(FgWH1I zJ_QHk;kW7OBvS%=j$+r!!hax-N84M&zSa9;tWpsstk?Ws#g9Cy`%FGaT~1zyQD06>w0u#wEWE$ zZ~6^$UKf5gKh3goREDP-jP(6H9^bn=+q+A2Wnsgf|Ib`aCA`1ZZ3}4#R0*KwQ$f4d zFum3Mq5oR*GmO)PMHAIOAYtdW-szBu@RSp|IvRqW#kQb_fnpK~1 z9z@uLuBRW$1CyPZ^%wf&V?iVnfO2+S;o=Vr9tQD8@-x)YPik> zSzFGONW7y)`cE-f6uf=3T`@3KKCvU$wh9IR!eGA3Zy3zZad?R3?=YCd$UiVxk@On| z>r){s4t{{5hr<>@bR!^$JXL|$d%g~(w>s$r0$$QnB`5bJic{ zZue0tACy$-^+PDlf?_sThGFEM?6Dxs*yIKRxd;b1I*>7PbB)RHdYzPq^IjZ-32c8> z`w*=PIrj8fmt=L=AkDsZ$>#Vot#TLj&|wNQq~BH@M4cNZcvNSL{@ljzo7Z*KdI*=O zJNV9RcEE>D4r35%ROOo_$dQC&R+{8fN=`VSEh)8$LSsG^178ABV~|4L4$6PWA)nAz zS!3t9q7>sOel}?PjP}+2MB!+(=a#}4RD|zrG!^#c-Kk;;(uw@pD0P!^#k4#o&2HT-C=cJ`^x%7AA#SZx+&&UF!JTH~krkxTYAYLp}ExR4z;`XRHGRbaQmwRnJc=45I&FHfm< zvj^hiLksVl>DX$%^;KkAi7s;B5_BpRb^ROXD2S>u%l&{#ZytraX?^Nfwq);AKM` zKUl9R77kDY&oWo`Qs5*aT^$@Yzv{+}IV)$yCfL$XJn6D59m%zeSU=gfV<}&Hu2L_a z%)r*Gf2`Mn#j=0JnmvGrpw10833ySFgc-+WxAASRVlG>UcE)B@*KseQJgWTwG*54{ z@K5oM@>{&4{8PNYe|Jd0Me2nhsK=e7Ty29^p`J~kgRCt$ZzD;o1`N0Zfy>Zgw#{_I zj(!t?veSGM5(km7&_+Y&ghEqUL~>%kdH`d#lY0R?4%Liai-}5T{2CPwF_uadx&qnf z8FyWRvKj-k$qb?-wJcgiad7bn^7>THdwFKO3@AI@$jW$P!`(HL$bimD4C%!S?tDM$@HB zf4uGM0sZN^Bm#ld>cU zwF)XuU;H4(o9`zmhu{`fTta=#9Pg=0xw0$1X;%Jh6Z46!>!kc#bhIdBQl6IpspUGI zH&Xx8wj*e%CrDlFOWS}W`nb$67Nts$^szVUX1uEb<5*U%!%ec{7d?UH_t={TzkRXe z8Pl?gFiDK&?YW*UK zONhCcPnsQ_J=@#G&B@I{VQ{aY0w?GE{I8G-#448?2)(_K0QXi11vObREPW$vWM^R; zm%hWE4lDbvii5Sox!BG3Q{?&9tqp>;In1}bZOLEqwpa`P+0lRL3mm>K{!QMtvh7cO z!7{Atx3rxf6Iuphg4P^Z&@QYAa*V;Fx}rXVi3Acb>Nv1yJp}+3;00g-PBQ<-0@6hk z%hg-8>ubC60T_w*ul|@;`X~4QtIP`Tx!>=x!>kvM*ql+MO1Os+Ui|{WP3AsAt}swv z2m_XmU51PxL{^b5S0RSGG}J3^1#HZc*ceC%fiD_U!U>LhzeW%H-8{j0XS7yXKzniK zTo>sWcDpg2wNgCki%3S3qa_zTXkBpNEvPsTHy8OLT#^w+b~&-eOPW4EY+X^4UH0sS z(5FkecgfNaL6frRF7dzTbo?_4sQVw>F+U+W(7Od2*e4b!1~;BjExf@dfxmAII021; z>jqwLb24Vm-6_k5g{!<6Bv+vrM<4RHv~2=^*mXpJJFWVi;&1|6+z#^ zq>R_VY>{w_mS_bSL#6~nu2X|);>~f|_eR3eri1(umm=M;*SLviv%78!E50N07?Vl5 zA*j$;=Y~!p%}!6c02bgEoy}nRxFMzUj?iSzsEn#cO#lwG?7P!J+2*Y(<9F$ z0|~dj*T$4G6EQc57q{vi+%E?#N!91N#Sy@b=TU&1!qa`0lAG9>`8bs(q`z?R2cNZb zK#XFuD)J)-7iMAm=B4b)qaRxE4O|Jc&NbT*kcw+<1zVF!H9#AyU~7J&0F*bh;Duk1 zA@qJGbkA?uwQNtv8g14BP&VLoy*jNqN3oaA)LR?kQ%&WE`=ME9ayt;k{w~1zm;dn| z=^{Cb_5M}VZ2%j_ni({;?u=f=0eugb;H24+E3u9Uib>sl`gSqS`e`Qkhz3}Tou3KW-)OMGzXCg*50hKFu^m5qn4{Y^V~#71}%i60&_ zk9oaP~XQqTaB*gxYqvHe^q3 zJ7B1}CQUuT?zdoaMnUi|eb7zIhgq*ev%$0R^Mtpo2UwWuWw|bBIz#}(W8AhKeyxHb zFgnL=xZ*P;>@h@1W{;c5e-#3FHNG8q&TMrN`z(WM0V%;AQYY{%`Pn13k359k!f-=Z z@ch}4P4X_Q?H@712W~AZ8vL5%Q{Z$M0M}*PJs@YCXN7#_RGTPNIPw8r;@7Eg?SO+m z+8FQ>pk78iw4nF4Y&-1Y9O^bZguE}eG|ZW$LdQT;OEp( z=aRd7fe>UnTOY{@8gK|eRetJo+(v(6M*~n}=WqG?(ak8>R_ep4U%t*X}9&uweAi_vFMfP48Fbs197=|etlXGaG zCMpqFM|#V>sJ2&zFjD+67*q8&7}L?)#3g1gU|e=ZW}O>9%-+tQrB77Gt|Zod2wk6; zIOMBBUv%pay*~a`a;MR6+5r$4lkM1P)O}_q*-*vJV}cROswak)uTgl5z!YN$ zme2hV$5tg|_+ZeTvx#>{m7J5ryA;4kAnTmhr2RWy>O@Ehh`Vec1<6g71!U5lPlwk<;1#hK?a{yCeRi{G+MvIV0-N?d{s? zhme~{$9^6VN(7}1*dJX>pK3#W=M-k*X4g|gV=sLb5tYbGCa^Vgot%D_^BoS%*Gzx0 zjiJ@ztntWg^v!LIsVqkv9)y4{N;K?dSkK>a3qBugslqtx|5tuBjImtKlF2ptiLA%e zwI)mwX!-AW0e<;!UJ&;OFNj_FD=$Fo`U@`zfiUS`i%SN2)ts9fgHJuD4MO2<-7}1|Qp}X8(y&GCWM|h5)FRIHhWg8mG6@bkLc}!T(^xr;8(OvJ4WyiR;!$+&7elrQ; z{+ea=CtT!m+X*pU#0d?93lB@57yh}4#m#@i|AFTd3hL+)`)tiZeV9u>2BzEcV;U_% zIRTEC9rl&tTW|((iySfqIB!X34kp(kB_4Sk^*X+u|x-W~4GGvoQl1s6~omv((_hA-bT47GcS z6K1Hi^3m1W2`$D^*QO^?I-h%^01eR>DTMYUb_D|?J2|;VjOaQbxLX^)9wJJ6eZ*~` zig-Hr--!W!;8lQ;85^V<7MSX_FrYCgwyIItqn9Jl|MxK*VnA%>>O2h#;2K42v~JQG zPFBcCU7^eFAmojaQ7M8#vd&-{_dx$=Z051{S8QhL{zZ=Q=X~8iV>3Q~#Ac|6A7|Y4 zI&9M)jV95YM2#Fw!r;^lRRJc!W8XnVG2=G@bScwGksrZ_@x)Wbo@eL=VrOme4nxS= zr7i>wK$esbO>eOo=nt|;_7uinH@zWhGH>xrH>CU}eIQ`~b}hN-*LYk8k6Y};#-RL` zSw%&geJby-A1WbXWN=Gga@fJ)aF%Y9ea{v=J>faZBykxn;~$z_6QN)dj-GI3@9I_tL^zPID}o!9ZzR@ z!k~`%A6vaGFgco<{2@7ik%m><@O@nV1x)G$1%0Ol(^se;P7E67g>|1Rm-9J;9z*6I zaoA-2`G*im{4vYM{4i(5=j}{z5By$=oRPU50DI(snU7PgCszo6uI|r%Rc+RaI{P^&*bCAO zDqps{-}6X>7knCj%luxFUac#D0()*wg=f11Q z?=fS=S)6_ zYL)2wGJt3AUgHpBsXeSOliBs#vp*4h^X$z7I~1r;etY%^pKcES*0Voj>x~Bghigwc z{N~zk{L{7XFn@FHRsPMjPuMt8=w|(hh8Ou;^b4dnhiPS%5G&^Ayt(!W{~Omn4qBXM za15`3S6G70fXm|I1{`|;G#;PIQe^GJI$H&0)2m!;eP2-gx}ge zBl=I;UR?XPw$JVR01L>xzWiP0H4k2SCiC<3mq1*#S z^`w~k6%VHpob-O&G(^e1Y_UOj*Z4qM`&`_DfMnpaZR#LXdb#zdMvlWj#|*x=iEyqQ zsN5_6ie22@@k8qQ`=ax46G@rmS%teb2b(pla2KnUu>W0M%C@|xrkwNopB29R^IvKI zT=ZXQKdZ!*I4c16kF~%q{ydHz7kRBQbH4xaor8_TDvgzJ@uzV1W@q-M!Oi;mdH*`S z-l{?GCC#5regUWtZzlgo1Qi50VrQZUG3iU?eQy2#D(vs-MzeFUsQm)JPH8>SA`{`M zM73~Q`r+$Ok;UWrheE#eEwBVbq~**qEOQOclpLp%GjkrY#t+=_*;*^MhD>W zGfDr+<3Ini$KQhm@c2(m8`A&7<3|Di1jdB|E&{!i*JmH-G%` z5(Tu#GFzfP52<p26PdRyAhBNAestwOqALTbVN?AWICe2>NmA!C`<>V+E zOhzw}X}USvW71zC`Ywr2d@Y14VEe2if3N|xk7mQ%)GNzvQoA5;zsh;@T%$lF0MpKQ zGr*3DV*>0xtMPplEPfVZ!x??j*wOSU_bY7MS#`{Q`v++?MNUr)@~gbbPrfkgL(}j=iTyZi}iAz1sXu@-aZ++A-QsFYF4u# zub#g;$#WXOW1!x~oBs|iH72p;h~*yNLXdMlB_?Qt!T5^ z2`(B6sjU@xt+#|egUGDl#H0g;ik^!Md0r)K`FOU)eLMyvS2r^*u-ik!mW6nZ?R@Y* z%3k65mr~mqY=OeO3s-~s_AJxATJHQAg+reT%rJ>Cd~PhL&e2Hqt5X#pCFejaZt^2{x zR(~?rRDA+<%!efyBgvg(%#ZE&N!I)u+K{*Ro+KuDn2mZYDj#il@y60+UKF!T&aDcw z#o9XO-ZFlRQ!t8KJmLBRV;$_0#>hu2l)`In32Rpo?AkHvCtb$|fygm9 zOtP1>H_xKSwUg-2X2M-!>l9_0$jbxU%2U=K7`5Wu=Frj#5hSG)v++vy2}egi!Z9d~ zQF1F#_0})(3b|pwAO){@KB~JdP+@~fh*^Na-ElLXZJEG}MWWx+|#XAQi=`*`|xM9ggNu5X4B{kM*#M-&Zm7iU2%6H6DPU;;H%Ly{5;Z2)dL@d z)=qQrTT|7B=wnEZ__puwIO3r(&eRt~M{|{JJy1E~;T@=_$31uDh>wps^_Gc{Td*-A;=n>G;2mZQGvGWALtVaO2U` zfVg*5zf3tj4m(8Rrg5Jb+5laVthv|z=$@v3rnbbSRTCs3tTJ=KEbRaEbCfCW_T6Y_ zC=n9=oT>yaM@|(fD%!{S3rM*AkL2y~(4TY;wX%szeuis9^J_zc%Bx60<+2G$%bzMSL5+19AX5QzEl?f5xTv zX&QbRf>x6lUArmErp>|Qyn!Jv`D;^+0*f3~=m_0stU@lvK8@@);4LX~U~A21 z(Hx2~q1scvKH$uy5E#4*2fA9#V+HSFcwT${K#1LxE^FZAaZ5k2`rMknJ_Y{6ACjSn zz5^8F%tI&<8fUEFZVfmzDD3zg6ysK(+8N#(UDerYW90!fT(ZRN_F}G!b5Z9+kIb`| zWUV3)Hf87bL-toudm+9jOa!{)VtR_#g0e|J$G7-!6(Bxbm1~QTj?^ANP>DN1Iq)wr zQX^;#5F><*$zPgmUet7T`_Lc$kvn>~1kN4b$Nbq&rRs{djxW_*hmHb>pOCHAA*S3A z#8qNE+V{Y-xc zjf~{P-j9^ix#s+lGcw40%NcPuj7LuyyG1~Gh;}u<`^M!SSUFI9wTEb+7^*>NFpV2Q zWGz+|1mKJ-VyMH!3qqX{Z=7-S#b$`&A0zFDgsECMit^Rx7X|xMB$R~8o4AHXhVa%S z^{UXKt?!@{X|$nA3d~9ha$~wZdzwm$$1InPD`@A=0NBupFKJP2;9%DH*RWmj*zcH8 zxq;GisqUnv+20J?<Q_1P@->3mzCQTO|K=-u(mGAA5T=VIj9^#qxwGI;Kc*y6___y5#BJ;zeKn z6fe5Cz1!2Xx%kWAyL4E}q(Prs0B}HV$3~*-Zi5p0Y$VMWm4B`6=}+@&p?gysKj?D_ zSaD#%Td*Vwle%{+h&r}EW#Yaiirdry>7sT(x+t~jKhs4jWm@G+ztTl()BhA3u0ewT zr$crovs3>P8^m*OVuLBezz>$e&6{ImlSRhR(vQ$Z3bcqU(p#WFU%>m+h?iR=HmzM% zwBDY2;2?{uV~8Iz$|pU5WmCuJf9E3V>L^G3k76Uxnj0|rEj50QsWo_g*@Ie~$~D09$(&a!CK1k0{oHb@)t|{Q4hTdnS*+ydnul;;g!m7GjK< z(vG{Vj24OaWb2?#gpth0`Qzq6a@KHz%W4_FfTcLsv-6-*1xB)Er22lisDzRx7UoTTLHS?-#up_0~FLnx1g;HtBFQyN%qmxNu3YOzkDwqk!i zKw)ausMsq%y@;lGv|@lc+NuA+PbO4nr!*Sa=vgoXR_>x-Y!r) z;1+3n9^$;Cv=s2P_OTcsJ7p1kZR$`7jd2xh+UDNHq(0-rfp{S&Or3kGf;MGlpD z<~nIo>;m*Py%@?nw0+IK`!-X;TLtxxAPO{vPRCih&c>0`YOla{J@O>($fVzto~`Nt^D!KSKSs~u+#OG=C&mAHncZtA zWtXlIu+>zgtAICnnE-JBsif<<{1Ge9q-h-PiyjYl0jGeSzxx`ymE#-igzsIoJCc;n!{(F zwEWj`X~wi7H3EO=hbnh}IkEPGhI}a~`MLnmKcxgMh`Vmc{Db!u=V0_uH(k1q%AkxV_$?>u4 z=QRp5;%%fRvBN2<$0usD$%Lb>Zwr@)-o9UB_b_N=$nlBr(PojJnMCy)HLK)S`D!On zP@reTtCzf(U*nNuNlRZ}-WIYprmq6tHCp{Z=e+l&Pme2rQ> z7oLor>)i+kOqkYXGfh(1KM|r=9$WRy>skqI?_^mllv+?yF-5#OW3Y?RajC6vuW$`h zUUD0Uc{g5=@YPXTJgkL!2yLXce1ZdYN?yD$DYP8TWMHFd-%ulPwnklTpv=`i2M@Mj z#8z>kG-}^ylybE|)v68~xR!k+m=4_l%#8;QCf2(3xQTDlz?>^|o>HlK0q*1I-n0jj z0Qvn46~@gR`82Tx&a}M^<4c|}6WD3tyEDMxuJ$WEg4gpX;NA2rJ%Whic(7AMweYIV z)BXZ^!(INGc|8AmbGnaQ{+bvB^r%HlJol<($fot$3Lm&^)XuAPlzF$bY&xK9#x(6SknYPh(E6f4E9AvxZOwi(U zsX21{W*6x&cSnM4AKbT@Wjac~@v@pfCu;eEzfKneN9rUD#x@9vIQBq?pJ6)*If4kd zjdAFV4i9jt1!gIr%>)VWD3R;Trlrg|Bm2MsT?KfPueCtP#N1=0x%UUYaNoQ%*PCHF zKlNVL;)2H|w=nPbMim4f_f^fOc1cZ+FfCVGHBPSTyQ>EH5KR&Fd1cVpHibX4gVAIW z!RMIvBj$D{hRGkmgIRI@_znxik^&OuE^CLdy^myBCN2flFk(DvdmbdEt64O8*WJ(I zXy3m$^HS@;5^TVa>&2x|0cT{_H_{-Jh;Pn%UGk~I);7P;w^6Ql!h9gLN|j%0F-bQZ zRcgXhH+*d_`|3m<$9ZeM$UE$;oY~mk>Q%ATTRO~Y^rV{VV&LG)Nw`xseC>%anRO3} zdb{T6UV4I;4La2$V4#=BXw=;}nUu7*_xmpQ_0R}H%Ig)fa{Ik>y|JHe#@a_R76=Mf z2#Q&nHHHGobcopW;GgR<1<(ViDScHdKsxo?*Wk8+Xi5QN6&$?)@odYwquECRHr6Gb z0}(0Kv7L$Dlg|F!GA&>4ZqT(+RoX!6U$DH7o0aAmFtk(b_Jt_%+@Nu`Q$roAE;~5H zNu|#k^{$Ped`u+Fiba!X75p>WYL4#;(;z{-`heUz-8hj=rr4YUs{V~D2L;vr6yy-i zJGg-jA{$SxLvAJV8pxR26k&+xhPhjE!19k96b&0IDQjY0srmkG+4q6fLg-Q%KLqc! zF+|2@g1ER0$%gU5W9PT&=f(}rJg;rPhk?H&^oW?SuYVP(-To}}i8pBJ!@NA2m8r1k z=4CTa$ev^h-KmoMqK<*i9F%~Ny*;jyDzlL?8q zsumQ1&R;f63?)R@>dkAz+j^fS0<-(Y^ZXEOQ|32u8;|*?%v;$6j+LJcgG^f~QVFt^ zw~+!T_Yweqq|-Pq4PqcEOe{ZchLV!`QiI(I(#0H`9goPShnH)E&6m|>rz3`j zZ}_JVH&KhJ7BHDRa3&{#%ETF_M-c@mF%W0lz4OWsR!Rduj8m?&5I<|u(03&b4o#b2 z>TbVx6IqT5v{xe6l#y>!X;Wd-(f(u$k_(9rq>I806;cx#a{WRDq?E`3gbFm{BInrV zl;!QNsB(>1BeQsP_42C0Q+%iTS+&~$7er%NlSdh9&sgfi9`v4Z^P&K#2H+)ZYC>(U zXCPk{3pv(M)}~$LFkYvT%&OIoy7*q%Zk_ujJP6HBoah$B?NlL_lAD2Ur}jJJ z80#kzQ8cxl_I$?91(-5^8a*%>}ihTgW26Ao2dlYE$;U z-NBd**Y}%RgI*RT@V)R@myqa6H}iQMDr*L|I21LeiFtJpN7 zcK-by3~=*sAaFBqGiTb0=G)Ig>I~+$M=IIaB1dzs0f|C46Sg1Kds`2)^J|~vk*-*n zIVA_+pM{hD#DQ;r#+4pIs&alS%eaX{P$S&{M{qGZQ!I%VQqxac_h)Q1bWudpQ7%wb za)pq4Dte4SGqXCeDWn7b5=Ud7osrZFMr~!etr^S6SUJDc1XTxH6p6_x$wp0{3%CS@ zYm^eCFG^;G^m2L@7df8?=7%T66NG*y8%{)S%(GhppAlYuuddVq?tl7_SU2qBkzdd!$GoYT?!L6Kh>9jr&uVy zhjL}dD9r#T!%4CL7X3n{xOh5aUhSN*fPu2cTmhFUARk7=ExA|VCD#m}(F)P2jSlLh zu5flIR)Cq)gFayDBzO#O@=0IuDD0w5VVQY#4YR=^?9gkDwwhWuR#R(DZcdVnx+tG+ zmw!XCB*NG>Zsbm75^;Q}qWUtv%+TU|*qEbbvVt%{z$|9~$iqKp=^Yo!ZI6YO%trr6 zj;^<8caCndsNgz9vT;_d1fxveWxPHQBwt;YUwKd}^r?%Wzd8n%C^QPEK) zt!z!?NeQGcsnZxJujW6g=T7yRJGeO|IJUdUX4HIa_4ip7Iz1bNCbo}rXfM#Qq$6p7 z3NMk|;WFfvkxc=Q4Z|i46`Vx=+G6xc(S6W~Z33ER%qw)u=85?mKEjtlTEywrJy-KR zDAg#X1s|~}Czr>_M4T>T@mv+Z57t3=#ItKbLDkjm`zW)9cTrSicb}g_I^vRHZNy`x zt`r<6MDqiJD|yI1^a-Yb*L3FGH0Kor#ho&8=V&(txpfX8F7k|y&!L=r7XsN+9{ZuR z{6lFx*SfS3Csj<>A-Q6c*I!N0Ke?WMyYZ2ORmT3amn}xqp$7B9B}6vE4HF#yrRc*{ zL(I!ry-)N3X3mXN&2|@yoY9ETqQc5akwvY>^fKZ0^3MmmSq1T82}2=a$6B+|qV3m2 z8u5cD-j;AK>fVDA?Bc4t5v%v24bm9Mjo zN_L5PMmV=l7e9=Ws@&Q2Ywc~WN|xy*t7h2`Y{JtLQ`6>;x%l;s1}N(~c(h-JT&@~- zxXVbCr$|(_aEWBQx`f6H0$!q~&$Ko$k?^0^s;4*Z8d&qbBEoihSPtrX(T-Ph)H2pU zGH`H<4Q^7gvP!ud*0XHX#s#BeNAl>wlteO?f2Yd|8Sv!$S?c{A?z1$W34!vO%*+|K zX(V^%>BoyYNft!ShwOwgpwI&Tv49I6JgM?fp|nkh*_hBs{`u{F-Us}1;i2873w35a zg{7Y)T~?SgVBZm{!ANtqzYeJOht{7O_eEsQfT_hpYSqeYa-A5D5>~uNM~g}5AKN$4 zi$;LO1_X2Gdif7zctyuTAUp*M?$h)yh8?2JsdHldBr>-&YUZaA#@_P9X z@%3ulOCPvF3llndhxj41BGB)=E98a9hqSjBacKQITX+FnPdbh!kSLkJ)6Ak+*aDGn zogux@c?m5#(7S=0wHxQOgN$xQ=&Zx>qwlr5g(jFGRXAvXmYmzheN{vgEf#>idT}v0 znbg3HsuH9mTft>1A0`5-SW?j-K?j~>hRACi`7gEG`cLtTfGY}R zgkdptg?u^$;n`Ve=z7hhdgI~kcRsgsP8ZFw>^M?03SybO@V^I{jg7ppW(v5934X_$ z-tua|&~ip;jIb3!xq)YKhgkvEOhB`3xE=UzovfWiZ?et)jH)8CccX&i{}J{M(2>2} zws&mXwmVKbwr$&XI<`8tZQJbFw(WE}_O1S(^WJ;TJ@5D3u|{g_+J!N)E2%N(n!oit z)-F^ySz-j@Nkh{N=ie@g_z!z9!35z;HFrTcOX)##QQhsELnSqn8qT zj^_}XgF`LvI~|%uP1I12hDfoN1NV%e64pgsduA6v^%k9tLkeYrt%0UwhY^|}5k#UU zZv9h^i~vS52|JS5tG)qCGA31YIgo<1(L^3xquZZ?G=vDaS4S?Q2h$Qv)n?_^#AXAX z-`yZ^2j>kLVdWTE%j9Z=x?sD~bW;OG*z;*)FhU)P)w}cg`$o%d`8S0+>Z#~TlYT*O zzHhH(#%lnyo2>%HqrWaLO-zk^r#)y7POVjCx6dZoE;18_7ODv66DLmSV;YnQ=wV#E zK+K7*61$iN5#!;g&Ewm#Iu(CHf#c{m)L^h5^HOe1v*Buzc3(_oP4ygz!oXK zq}XB0>T*Ecc>M7Z+3OAjtClX}Sx%7t?mQtwu zwcDR>byali57vA>Xx!IWfiH;J8oas)8Zro+;bTac6vL3VqHi&!U!z!rGvyfo&|qP1c`Gqf)ktt!Xi*p zJ=gKxN{DkqwiO*c1c$jBLwS)}@%dFIZ zS;&ClY?Dkhj-|Av$M#Rb*_pYb?3ytoZBlSJ$1_#1&x{H3jvH4l*tA$ALr+Sn?(h@h z_i|lV`vhHCVsuWJ-)2s)rMEw3=a*_;(&rA@ofNrm`*qL}0FK?wPBQiEWy#u1`hqZU z68*yxzF8mKA_$&}MfOEWpn70`VLPByl9s{-v&E5qQI7=TwI~0sfCxZzcmL|{e7pJR zUJQ+UKk>Vvb=>P25s(;tyZ>-63-Fa@3KUo zU*h?P?AUxQP#mp%J$y$~N#6)ZvgQhFzn<1Ot=OZW(VAzicC`HFWqWZgo(!94gT4Y> zPrw3PRaa0O?WPWfq%+vp(XNH+%`lN}lu_(u8h{G|?)RSFj1rXUHY1l05`w95N8sK? znVH0le~4n z59T;toyu8{CsGrb={h8xz2mWD2Fh&=1j?uKkFdz^UbyxGz13IgAaI3-{Jy14)|0QT4mssqBq z@INUA9QT96_QCSm$Yc0R!xs$?H`24jt7-#(GL}E~qc~`QAV~M22hzGAtAkZ#&_k{C zfOHKhp>z%H(&r>@QrJ7jGXxW;;cqfJTkL5LbIwP_(4sJQl5I9C5|=`_se zFK`|>LO^u*q=96%1tKyH10qtv5dO9VBfM#! zevgrK(g4-&fVuDMT+BiX=h*uucF#Qm-{vvLv+(O&yBJI1qhL2iv6}&-h+W~vd4@!g zX_xH$hYXy~{*QMzrY>|c1^-v4EIoZB$m8X3iXW?xYbySY=HLO1fd4V)7Q7yRc=hph zg_2uvhK(Pf+t5G+KsnsdKwUzTKwX;g9Y8rQlO;*!FNVia^jfPgK=O131nY*A-`}2D zV1g_Zfaf!j!RD29ky5m2;0)V~=Q9};47#*fwrLG`40v2o`aD7s`aBv*Tn)SGIk3Do zVMQ04`YlUkt#>T1eU=q~PRzi8PgF2>b;^IYe80|yzsYG?Xa!&QUOh3#}*G7p0qqx{nBchSsmEm4kCj64aYL|mPlL<7f( zy7iKHwndRVM)^i;7;l7Jt{3m7!lQ?k^;42n3QJV7sQTNJAZ%ddK3$pJC1)=gTM_l3 zccDhbXG(K?5xQO;3T~37oJAss95lT-Jt?nt;lJ@JFcVRML6j^;)J|MS>l%vGDJ}IP z()3n-TUQ5biPa#_LPZs=Q4e1)@ zK!ycTCA=*gLdEJDRi{svIr{q&)%%k4@5<4C_-ZQ^)|8H$k`&?IAns~#uRKNAf>Ynk z&?wH7FO;+nk5S|*?Bj5B7pu(h%FS#FZE5V?ms&S!&adPD*lGK8T2~aS&f2*oxoaAoNcdrEJph45m5DxjPKp z*C?yqqL4kGZ`eLD86&O~WR&4!!~@I$``J_M)xq3oL#%$Ye5f!F&cmglSDN1;O(C%I zb{BtJr!~=ljf>xx%@adRIva7<-jAO!vC8arH`RT~klsUHc@Oj8<1iu3u%5%&ov+^&$2z$BU-$4s%Q3n^tX_1ngaG(S9vCsn| z3x773lPYj>2#Zf{)dq*6&k*S`#i3huCQrk`NUTkwtKzd0kxf+)yc%rrv%JDRK{Qb( zhXE@^{5y+s7+;YD3E~)N%lZdzq_f24C*C-NJmNfJ1iumANyFJ~~Dfg%U z2WTo3p5;<0q=a1}$%jel>9yS+IdF4Ch^I3*9~)?3JKGDf58V<Vo%@lcWe_<{lUv zeQ<~$@u%DM4`%u7nT4~CMLj=rdMERkuTddhQK&Eehc`h7coR!8SUJS&>$u;(Lp91r zq)ze$jN#0gOaVU}E0ih`Cz7GM93H$fl&$D6Qae~TRdMlJlmy~*CcyvagZcCasO z!Sa1Evbi&NHX=mQOMaU2@Et{a02#{o2`{2&x=skswjBptIcbkE&UBjSq!?&-tTa3u zjwp=ZCgKAa7xl*KWM0aMNm?vxK}^_lh-WzW)g$pa9zK478?jfh$_vGc(-&g5BNQfJ zC#7;vI!i~G3k`79_*E6E-YqN^613y9)poadE_i1HhA6;g4fKj3=^=_)Ntc#IR*tvl z2LDc3WnUTUtuX%{d&^;^we2c018xX096cQAm`OePB5f!fF`*!M`jVja?AYmzeNK=B zD->fZeM)cUhL_T4TvpB%B7}!&KZF(MvM^(9eariBRU9V|O z*AmxW-Tokw}q$NuEcNkogQmbiCf3`XWS6(IZ+9C2ZcY2fIIa%nM(>_;8=Td~>us<#U};Jmj#Z zX3rSX)4SZ9CyRf*V*Gk(%5MNS^wvD483f3+Csrjz^zo8>v~rA9MU073?-DwL&+wkEdQGiMi4D zUYfN=89V+286Nv+(i^6Jca$7eET;qF`djH>0toBhMv?Iv`-(xRAc2oWlAPmNp@8#1 z^AdHvD%U_y4{Jw)Vve}-wUNNee9636b-x_*^%ppF--*H1RjSV>Ov`{@8{K}4GRHyJ zQli?Yjty?GneN-9%Vbqkqn=Ed?0d_md$h_>Yyp^eXXwSOiT6fwG`+yXOmv59Pe-N=VJU6IVq$ z_){7Jbn7x5yMrP%O7arRe{NDOtT*{i)z^rT3iTex&rM}>hWBH$X>`c)8dYh zIYawrZ-FA8wFT^+A~&PqBPVMw8+$Je&MQqO5$u-X-m6ZMeIPPYO)u~{Jf|kiEX2wV zM6-X(ciZ1n=zAVA21uJ75M?2Ex_16dPPJ{Dw<+H~kL3+1btvLaqd#t|Z2&Kp3 z_?2OLaEBthor!Nt=*?RH4lm#5wC~nuuSsvoiZ07@FYRQhQEe_F1P1jQmhXBGE!PM8 zLZ9pLO-SeXYU7rk8#!njTfuFL?d$HPNZqU01?;ydYeZR{AFP$4td`L<^42JNen)$i z-(0%Fma~^LI@UUZV$_K;Rdbf%+Se3Wt~`8yQY(0++o*YI(Qc04#kBqtYJd|~XqzUaSs)yIJ>^p4T ze$fS0eurothyGEys!1eWm4MBkxLkQ~)?8^`QsS7M{A8F(QGd@>p;{t+)dHTria=1P zRUSm|7k94Y-0iC(TxNqCe7~MSs{Zf>YJzC9v6n|)6)+nrrya7d^O?6)Tgcw!2eJAk-#n1B5!e=`wfIA(uMhdu&nqR`VEn13w(+i3498CDxb*~(!_m< zjrr}_b;povYuwiUgw?#LH)-ZSkTb-gg2PwDqIWxu>pbg0-kBHh7;ijneU9tgKfrZ6 z0Sgan{Ui6FRzp{)N(h{fyt)XD#0|`)Y6+I}`X2T`u%=+BEung+cNYPlGJ;hP<7N_O zjH|$AEn94i8~Hf1S)+`*Yti9N^5$Y8jPkBf@H{{a?}-~qwH?>=iVUBTFpf==1mXY` zRH8lr4Cfhf#b=2iAPkC=P43W9&GQH=0QyfEM+tz&gk?&aNEdPFW(n*F>?o&;FFa8o>VdvOye>!3i|=%JtEZV7`Tn>tP>V5J2vhpF*GHv8 zf}b5)6Te55j6c0mHLHyK&iqFjil5WAxy}?h(`Xsc%@-w+xaESEn8o4VZc7$WCpD`M zJpdOBD!qXPIj_$PNZ+ax-pR+nC<>^SKGyv{NPwEkgxquwxxxcS)E6Gm7p_RuqACVw z`O6?j7UE~PfWf!6x_7~OWBzzY1(PfR`Xb-Q-27QyOk6f9STM7P2FoH(h{WLxSsWH+ zG5;PL>j-2%#WcfDYLesE^f^5h;)pf2sjRn|Ce1n_O zF`o79{4wg)?|ZPBFMmrFj@m{*_Iwv3uFeOEXmWb8DeCEd?Fsc(}h$&aCqVsNMziD1w)F*b<_#1Ypo z0$`B&WC6KdVXPxI0<^hET;AS1?l{~LF1Vu)B<%PwENRc)tN@jG^8o03mVSYwnjaJr zLWsK4r4AW$U6;Z-S%;{$t3-L5{$%o>pR0=<`Sl~vPNXAYr0N_jdgS_;5#?_Zf&?ke zsgjKmW~nISbd*hFxTTjsy?=lw9fZYa6HF4Q*V3$ZMX{gWPt`w6G)g3qDMMGSmJ^!J zJ3?fMP^Zor6MRNx^m$LvT@s{h5mc?*X(t|;!MB$!;~QV>kPKX>30zoSy(U;^UMV+EGBWV5hpblFUdhl!&P*j2PxY>1S#)r z7^-L?{rID3S^jDNPru-d%UYuRQi)VBqC`Evx5TI38)@umIE?MGys)S%0F$kA9wLW5 zViS^H?P)Tbx_QBWI&UAhsI+&NZEpGlwHEWoZX>5U^=mSf+;vQV1C%b+*mXH(NmKcx ztq?CQI_3}0Z`7l$8m_OU5cnfR`5%@)a~Y@29C({0-bqPa7KQi+1(%be6=Acv42hs- z_|eA|K#W`&1w}S1e0wu@ zSi0Iz(?lJ>jeyN+aHOr@j>}^^_6WwdTjNZF zc8{>YI(48Y|H&rn{Al0l>|*km)9h7Z`S?RT`+AP0(b;A5j92(r8BG8SYBD!H)_3K7 zWa%)H+y3Gr=qVUE2E1O8H8H=JZW)ji>d$jR#?)pyRtaMv5k#O;91jox+&B68?XoE+ zS+ovMa8zM@*^!Z$I2n?rw6zKSRn||cLZ_ru+l$>z;Yrld3Fo6 z?DAE0r}u19Xx|rke(@0~g~3P#nz4FQ3Qaw+CfW~kyE+pWvz`L|f0*yK|EKxRG5J#ZnY^E+9We*J~YOTuR2DQv+cg-o7aR)vZG zuFCYDq%KcwT#+}O9Ptmka&x)(Iraw3VVa&5hx{tO>?=F_^dBf|ElWmiety4HCAg4JvIitd5E5P98wz?z9$A~op+>vKC=IFD5^6~vIH%8z}bOvP+H5?i(E;}<+u`m%m+ z(NCU^i678+WQui4_S1jwi17?x|FAoY`r|wm6l!1oJ;zh-w4s5bBPQ);)(833z1Q>C zN^W!)hWHXr&cmZ8uOB%;~kE4RM<7=>|uyuv0 zqjEjYH&LvRL)4A_v$a&dXsrjTWg4n&g=~S>p+mmLiB}p)R<%fnEUj*JzJ5-+XCvst zsK{m*v1^qIb#9tK9%yRX@WK{&Hr{6)tN%%m5C>OhTNh5c}n|}|nC~!-sg&+Q>lb7FNY`3F%v04Y>nK4$sfUs~lYnyr1Wje&iyfUr!nH%6ml z=+l!*p2&yjgG7?(Bcw9vK2}}+Rn;XdEYFubP@m;OeLkuM=8>?61lpok!3oi_cO05W z8}SW$!5Jky;7DO0cyl5c%;-w+F)YP=!YkX1CFu3a{Aqe>N-E-g?)7$iudN(=k9e{egD^pAMY%(#;xhdVdBixJ2;~?x6<{z4ZR->c_>whfoFmP3h z_}!w-pD%)(Rj213v;mE^*|%FF2LfjolHg_G;MEKZ(fa2U2b_e@CwPjugM>%w?SP+O zcM@V#gdeXU?z?MLa|Ck_k~yjq$oiBB1m+w7~Bn?{mM@1pGdt8YzK403W>I*XQ{hq0ZNa$k*;GY{&8<(EPo+WxEQWLAGV-?z!JDPZW4@rD<}pG+HURj?^4wj;7=exp(OzM0n(m; z-v5*KOhKkS<*ja10fL?>7?6{4hTSfuJzMt&!SrFw;7uBGLL4WrJSue3e`(pB_3I-) zv{uJqn@L7zMiwvv#u!quqG1OyFlZcx?)*uG9z~=T_qsfrE+#iz1o&VlZ>6VPyc)|m zy*S*pY8&Q({KBQ5N53;ub%!eqWQ?q6(->&)mtCa3NwshNelK&hGK&O>9(v{_duNB1 za*jxgtCOe?SE-fwPD8*5CpS!nL;kaXY<@ZIEe~8!)Dc64!!1ic0cRdSr78ZU(s1O* zX?PUxcO)*PZV&Z~4cqcb%k-=Prz=crYtKgE5RG(AqqnQy&bWt2^wnyjG5jSxab=q} z3)mTcYp{3hj@;kD;(Bq@FsN3{DIZBveo)l}g5)z1VLD&A`j`MM3+})?6R0tMRH@8H$9ZCkZ?T~!08#gLXkqgBDtu>QqTMZ*yW0Ius-8|@ zGM@Pa;D_Kv(xR{LzP!~AqKwUCq3qiT3I`67qO~K$#Qt}H6KOGP!LiYeft<4SS2kYZ zmsn@a0Sz3)TvNH7zJ<$ORB3PRMH8`T=sJ(%U zwT$wsMF$URK>H*Iy(1VJT9$ss{->~2Vv{JFA1sfX!!_|Sw23SeE~<#;FZVjp&)^>8 z(F68936HZ_BOy@M0t7+QanJzHes&zsm;+s9b}GpqsBkaQ=k$};G*pxKE7wKL zOtW9CXltJBL|-eujXReduU2QQ9G2k7pC zdb)b~`}ky;9sU*N%u(?b93ZapJ4E!wFZ=xPKTNNgw|9uVzQ%AuSIE>z<0u7HWg$w_ zP9&TkDR>_$9|iN4OUEKUsLZ=nH8^ajs`~r~Fp~!i=EWm7JA?W}xOkZ5AJn{4y7Gq< zB6kal{R-C)#lG8rB+Me%+#=rlh}12W+IIf08O|CY!|_f+d;Xsp4)cfTSCo%_iW#>t z8oIuc%jsuNeAhKmEbw{QK4LUMCVgO&=%^$Wj=0=hs#sR%*Z`dyy62nb86StzRsJSOsCsIHlnHaht}>j4oX>XJW5Bpz}X1#O}ES?o!PT}j>pTy_sbH=qaeC{R$ z1&@*^NTT*^nIDO%LkyVNkQaiAq{X%-G-K^9_$kTviy+e^F#j>bFu3^73`6rK`$U%p zgK4=#x`k0+&A!kC-p`$p!i|4PO50Kj>axNOYsQe9KQ&@Ogc9wP(p(PoQ0@OQ$&doC zOD7JPWZ14;RG@&@h@YmWA4JE)Eca}yM)&EW{X55?y7wP*41z(yQTEgIeS{0)XtuFh zaC!AS!{OxN;{r@~i=s9)jFu5SnBmAvYY%^n{!TI2C6eCJUZG~GNUBTG$5&O2Bd+R4 zzp=56oCPH?zbu0O5x$TmcVv|IhQFeU_9NqL0N$Q+b`Tn-Q;#v^VwnOiu=)3PRYtT~?BtV+&j)deZ`fLyw z6d+tD>tWRAXUAn2{G1#8CM7MUhQh3JBntS`*D9axN&6!I6;H_T*s zSpA^bdw7X-P94R*2j9vU&#q>Hz$jalLsVr+q!J=|g-Xa9`*rmd%WmtsCz)yAFw!i0 zpc&n875$!8m)#mwF#9To=eQ?X?sq_+4w4tes6j;`p46Phwb#cQ6!vi|8~4j&X{@F%|!8y`fJiKwqVu}@( zz4{6hK`oYbSkHslzWQm_(!uYoT}nU@mga$9G4&>S>YLoG*NN2L%iI5~jcSK@@<{^K zvJ+$A1+=bGLo@s6B8LE^1*8QgP>E98L)KQ5(-LT&D!L|-q=h_%WVm)4^jY`9NLMw6 zcMVrA3mLEr)(N=IsbvAj`WhkG1fK(xg(T^i_mVwr2|`U)6j~4|Uh+^Av{pJhsCaRu zHah5f&nD5*$EJzV*4VoYmO9N4*BmK%>Z(>Cb+~n2ukY+tPPK==qs8GNYMf#Nu63Rki zb%&?h)l=B&!oF3(fxJRuE3iBBDKfy+jW_X@cLfm(H4>jDtCTj|Nrz7FkYIziqP^LU z`zlxu(lVa?Xv{|M$PXg@3Er}y)KckNC$}|gMB3J(8&b5=i1f^xoPY}ir(4Ac1OXI! zUM>z48e{H`!z5+p3h(_bKj8N;UT4sb@FbY)C~V`}4PgOYn=(qcY|unMn;S&oZi*)8 z_n)o$lPzdbt&Y0E@tkp}@b+_2DzW?`2;~?XF9K4Uh_3G!Q%@4U@1V1w&EktYv>uV<~d$m=> z6~Hs+!2#wcgzLKli#>86`yK(790N_eth8}@po=A$dd?^cnM~gtA}($>Mm#2$qY(JX zu|)|@#8OG2u2uqfE`Zw#4vCYM3;s1EO>%7ES_w#tHJ^kT>>Mu$bbXK0>{ec z>Vw91hh*#e54Qvj_mL)zs~%&lu8C4ZZzf=Z*rj9cVA??!_$|e0eqyU-2+#^lctZo# z@epX-H-ip>3^Mx=goB3{^O?d7HW0O+W3g9*A;AJFN~(*y-o^)R<1!;%#qtSyZ{k_g zOnux2c)*)1xOVtVNdpat5z#;O`~l<;Np+iH-l^I8A8!4V04?Bg<{=1QZu`QffIZ>%64J9xUWsO=6;9YCuYY#l0`*q>ly-bh|-d>@$x@)=zO zF3-OHi6i}XRB`7@{sqd(5}PiKSlqIKSVz5C(IsZa%3p^E?5_TgQkC)x#0U5wQSz}H z8o4})*xH(@S#Q(D6%SRuOOZZ1`5Wrx_TD?~)jFk`;90dbAXc_Suh6kzQn0AgW3*E6 zlfsQNzqmZVo63TWy#DNZ-P*7(8RJ@ZHA|e*bY7Qle=8Oqxs-K?_qI&7ER%yEk{dz2 zEpPaR1SiHKWWbbxxkDTj4_MDnCJ;Nu5vm26kc=N5L`Z{ptm(>DLyme1;nXYL{(hQR ztw$O9=h=F09vDqq1mFVT25>zUa*Gn5cx5)6Iag}Vu-xXsF=CyR7kU39N{OA*coZNM016RbN1VH z;TURj45$xPK=cKUQtVB;BdiM{@ZOFh+RxoQ@kObFqAEma5Qikb>FZQX-*IKkf4;qI zNSoSDM>iB|#Bu-{%oc?0&e%)^-_+q&Gczg(P)RYUnD)JAbY5c-qEK^6N7`#IZIy*1>D_!sW{M zGrm%$_^c`R@aiq7vlD`3Qtau)kI$>)|8fO#BL8v)2L{adOszp;oom<44Eo^k69^i;XegB(1sP!@8`=4E99Ni1+`{9;|Xq`!+OU~A? z(E&Jk=tz1g_JXRt@2e!T_pY#P2`#Vh%yQEWOiT8Lmh0A2Qsh0UK$u zdJOT*c64GH}O^l?r<S%gNsniPHykb0}g6_6q7U?X5>b4%cHKJ1ZilNd>DA~Eg zmzBoxK+Sn4rNfquyaCBRL&i7gwATWKGyqFOZ&YMIUsm@YsNEyybLNuSI@fDpfy>re z%p1DSaq65vW4N>O@qAoH(!A!HH(95moc6)Pkxm3LQbWs;+(v#Z)vZw~|H1S~x11&A zwQRy?0o{APU1Pg#9pqjJBd|hAs(V^hXM~*LfLzV2(yV}a#UVm^6)SYvl!w`p?gssR z=*V{;rm=aNvFg>Mn^0pRw={clg`u(L*sAK#NM;dRcUC{0-|@ww)RtSP_kazsup0s2Sq&~D}wcS(=sAtpf_dj-1 zb!hq+y`~vyZa{?4g}US_?xGq%fDDcqfUtnlY$35WHXx$k-g9XSlL=#d&KILNWi*4x*91SJN((BflLPyFWioC{9sPn^r6|BB)q?~ zEJ5uYUhJ18_ zuM?9>za`=*#fLhMC+?k8Qm@s`3VX&FQGq~#UDq-rV% zHt)Sf1uXB~4RGTf_-6nl2{K7N(hhSMWPGLwgsS(1>T8#1->sH=qB0Lb!S@;@$q#IN z1)mhw<)H6LLjYp)&t)+Oa6DqQCVI+^#udq6#!&Gv8yaIFEuEu6ka0e~TF?_Y>%&>H z0hAm#FP5zu;<8vNLm`yAATop~Rsczt1MhsUQJ79n(>JK_qi>y)p*-enDW&7Kb2aOg z_l;HF$(z64>0&GLsw*tkvn#5HKUFKQTYjg0kj_gM*5%h+&RgNkoE zQ|rKkUt+FuJ~$4|P#X(xo!5C)#|u;l4@CLPnx`&=ajelWfV_3Ks&_*xAL!Q zdFq1c%%KCC>kOc&k+vA#fHZ{6lz^q7G=w7QiPuk~)TOb648GA}2|1zEK@fSd_F}QC zw$t0l8tHa25ws7RZ?8zr@kUjUs5uGtZb^T%m}wE7wz8D_`@+83*85gI-P0HD(zu0z zgS&saD>xA5?=pO^G1sF^g$URdYP8R+Wz*N?o8->q}L`ml|iW z^Vm=-INCCBk4=!FG7}P2kp*J*f@Xee(3Y?6akeHt7KkVQS1(l|cB;HvjL7a_Zg}{e zSsfGr&c8TLBMm+jPR|U(?wE42B8`{m{r*s<*IeKOYmcw~ML~+ktu>kK!@}4pgUUvs z5>}Z5H8@*JP2hTW8CR^n*Z`l%?d39X5 z;QLmlU0y!L->8zP4RNFx!Y-A56wK~P8llS)QEa>R%rJKnxqT8ElSfXfvVLwUsnyP| zzuqDIb0B=R*i^ZL9i@EY=|HFD> zpYhst5aGfM?WO(eFpVFhJlR>3qansWl)b*1z&ne3NyW5}FHK&<{s~2ZV%0m&WT&0W z$r7)y$C$mCVFF(>1G&iz`6P@=V-q->(zrsU_Heva5$k%%A2)TM&Z~-R0_vNVrPj_8 zEv<5F_rDPRCDUE*i%*S$$E<(#VChd0<#9-UDrm5r%ZRBGP@eF6kAGoE zS?4*rz7)RPwQ{(K!FOa-$o@J0KUsZ{xq~R?$Yci6w!>dwg&MaNMK=Cl)4ap|CZ~pW zkkM|9Th_V&_&RHlMQ^q)iwWr;Zl3DDbMq~+>)F$dZZoV?dN*YYyg$s`V!mfj{~K;z zyy-7DkF}?Pge$rL^cvL=`i1hvi9CQPr%eyY?2TzC_L$(HT6rj-P-Q2awUzN(_g)k` z2<&x3h3C^gXPq3AOeThY#z+t~3@?x3Y;a*KiX9nHZ7lbo4vTImeNxC@%MT97RgWl8hGp@p7L$=mJ zc&&!AOqhbw4nkTCB~{6rX>T>5P3y z7{^m*oJ(*}$IFLd_w}c)jx@}`xylq`qt7%J-so7Tq6L1W!kU>=il>}P+F~>MB*JSP zaQEa&j%gt=oquu{KhR>t?jf+@NqxTq#Fx`X)9(H5H3IaF`X#q2AH@^dYamr4G-?@U zDNQ^PXELge(%TFz88u;)a(IsRd3t!x&&!Z8Z=4UtM<30uGdLxc97)ZBw>Pmr9c4UH zG{m2?r}b+j5}DyYlwRq>wN?PaZ>!ucj#ep}w9mXukjGnY=QQ&S9xp~szGfC8 zMnsqspl&*&Ayk*&TnSjxWuPo&x!E|}{7}qSc^;#majYXe?Gi*48c9s+kX`6ie0^Xd z1t0Hv?OscC_WjWu0gfKjE+cX?HZv&2`^u8QJ>x6qz}4vQUA8LEkDi{PWt?is%4qq) z?j{*Y?KJj7rC*prb6=X95JTK?{PA6<&%j)IM{fZt1;ZsIJSfjCsT zVi2u8(NvWmmbN>du`P~91U<~IQ(cSQyrkvs&L<+uza~d==Vk)AS>tGu*-6RmZe*C8 z{nT;hno~AqY?cY-(q(JQ@Qq5_0$mDSGvox;R*3`p)&sE@@P1%;zOP_XQ;lt#BA|Z4nT}Mybu^z>_1;q6W6pJ_&^&&V zW0XxV?53WL9FR;uSLH4u97^uxaZrc#F9eT=>{s+8!X-ldr)F5oz3;C8ybkD2BV@`5 zSjo@df>z!#u{_XZ(3%94{n;pwr0W z=@495I3Ss*c_5hzSpRYrEWi(rf4R^+ls`1_RDMA^5D+S$l%0T?OeIypDZ)C?9H1R6 zX)=Bl-!bOp$8Y9EWQaOi*1%sAzg#e_YNKG{B5mV(AjFh@@T*}t_e-cl{VAtwv#t~w&`u#Z~B zWk&J&@mD0&jUh*``J&r4!^QXR4MnAP|3-O=X*~|?tJUw zbx=0xs*i)-Z)E?9i2$(aK+-QHpp!??(i$gV&Q=`GD1=E7&wV;e7;WGz6vRf`Ec3ZL z7nuAMLWBXJ*s)8DK)^LX;KV3`5(#TP6-{~V2>1i+UB+|%*8B9NnRE1YhKQdfed#sM zkg8z0uYA9Lu6#dl4es&US91%7izYT@HAB>VdfFp{^sM3voSOmznwug8np=}44~tMe z9eW2M2H}yqSzumh(C1 z=wl5w3c(-RWyPe?86ATAc^d$hFaCVmW}MU2a5*uv? z`$Rj5yO93oYKQUFds@0kmxyC}ICXipG6M-3#W|hVZ6Y2Yrj*a$TfV4CqeVPlDRn3H z9WaAHyr=3!T-eGC=2=1T1^`C52}12Ek#{2Pyt-vXryg|Q&rMiauY5b@=@NGf=WZ2i zH?Hp`-d4|Df6wXcOzAb#cR$nL8y!tF=;;herSmoib+;uDXEW?zt8YZ7UbZ7%(3;Px zCoyK8(VorYpE88(d(G=k=XX-+ms~QO(w;K?Jz==LRQu~Nb%e*XH3Bp{e*!J?Ml$uK z#8>zD>?F-Z6=;%a=|CUoiHuch5|TV#wkYkJH46t=M|)Y&*!o1C`nJT%~E=RdM$_j*Gjt*+{+Vf#*F=Rd7&p%&M=v>0Fbuj+Rf< z;%czyK2C4Rs>LQ?(>(%ehZksYimo%utmMrvo|90q0bAK#+}{ebR=Zk&Thf*tM*cWg ztGk*Yb1VC#ZC7Vk{Ho+q$Ee_{IhL{u$i6v#(dEvwlqLM3vQS|nu+xHEbS`MEFy=_E z&ipd)3=D6*7OFbN2_wz!2ge)mWI9GMLKm*(mE4k(&LIVE7*Kj12%b|sP}kR}f`j2< zXB1$*R|Pb|bJ023=<=1{BL=kWY4^k}zv^e9=#aYXxor5APu)a;JO4*Owmggq^ zm4C?q)(MLqIi1~&wfjwwu|}Jqp^j~iJt><+ebuH+jE;t5zlM|>IO@D8Kr}Z?^uUl% zKqXs3RD(v}@k2z(d@xI46n;jeselDa(wc%cgGMrTR-75=_Z;TKqTy!Bo? zSX_i;o|c(zPW!gag%~(mw~MY51)E9l{cDg7gk->H7+b#AB8+?Wt&TBR%v=5y?vkg- z>&Sa1U@A;%@Tq8J(cvyXdXly7OQHNZ=N@a-PvS{x)eq{CFz_P`W1%Wy4}se{pYxJm zC5;^L+uj2I>#-Jt^g)CryKZ+(DH^@~?>~>n&0G9}^3fj;Oj{5GTa;fXz-E!GYk+^DpQSukf6nypkBKTFm z(-gj5O?k2eYsYD~t@;zU#ws-IcSA#Sr~ZLyI&zKG|3%wd2i3JM>)sQ0cXxMpcXxuj z1cwBIyGwAl5G=S`a0o8J-8BTa;BrT@);?#ibN2Vu{pa!)Rg5vm%d9z&*}s1J=`QtI zxt4A5NR|*mi=Jc%S~s&A^u;Dzl-l-2|D^SeD%I)vOSHA3_jf7CduFUjx4ffS55pae z4>_M|NQVfDl43s!Z!c;>5q**MQQ=ocdc*rbaKQUBn0$c8nA9@meelx2Jk zK}+Eu-qYzUscsHBLywdCzU5hnNkN95MBXP}9>=oO3WpGAniG95OR_vJWtI{S^%mtl zio>{BUAW8OJPVvWg|%OVzQxbeff`EKR7e|U9dzJ5N+D>Z-&78D`H)I%cnqWvI2$?Z zN~ii0ZF@Ndx~A8)gxS2tkOy7y}Y*YF3 z=>M$4cG$eb0o6vB5H|iH5DkkQ zKJ87;l~pL&589}*+HPROsjv{kz9Q2BLMk>RPhc*;N5` zUpbo~E#I#&f{z2<`SCL5yd`wgyd`y;Jl(t{KD4~0Uz5jdllFm>lZ=!0r{J06iDgTt z{sHxXlZW>)ASpXQC;B~1UuF?7R3dmK@_R81unEpQLu-h?lBy4!_b zEd-hXPXw7&gba!BX9=)?L$v=>+^~b34{5o>=?%VPxNKX)4{Z6kVY8Eg11KRlGB7*rgy`QR zNX5Pt@g(Do@W5|BAY&(g#F4i6_Bl{BmjAFS!JG++5aAt#cZ`xWuWQ3{9iiq`-63|N za!@nw#e_)W=6EV6ULC4VNv1W0PIIX z2jpYC)YI|*FL!(qzEshCjRA+wd}cyZ7Wmpq-rpjLY==C=`#)}hY3X#)(FeV}u`^O_ z3nSJEYKT#kKV^qBVin=E!%}E4d-yhL_bJ@dlAcVqyMRx=9KlbK!)S4N#?+r+EJbw-J#N3JLX+M(oHd^5RHxoSLZxcKVgh}JH4PhxX z-GB7JUz`5%z#qT81U&FDu)-V7#Q$B5KclgsZCdv;nn1O^ck=LPQ z#949c+@tWIyic-%y(8WT-%`=!1!}~k@8&Ls99N3xP8(c)v@9GU#kCE#2=KE%-f8{T zO(>!&5&x@}>g-dGR>A*JO@K1OfQ#HxuE|a!evIW|9skMLORJv+eNb*;j$$nk| zX2qQBSfAwDWOl5peeu2?J0>K_*#8f3ztQx^6yIkHnBon>Uer|qQ@sEGXHivU>BH*z z6Rl-jGdajs@ps=Y{75}!D_2SI1g>W3`PJ{k5$yCZ-b+o$--Y@F11sRH%!6p{?vR^? zK25qKdahCv!m&K7DZUMmo+W!L=}C%8vnWk5;nHq5GBEV{`0|?cIsT4f|GlGU6#+ZF zqdvxV3zA*XS6ICujOll5mX*5$tL|Kd7oA)^^LsrDOtURU_IsT$~LG8>T6KO`( z;>TXllQGb;tA694yl7^XvT>dg5rxQ%WmQG^LXbdWohs<|7H08_oY$9wGGAx84Bx2l zg53Wqr9vakCeACh-o#v6V``_&4+0J(g_)vp$@m}X257Xy zlAtyzfOriBN6d~u!ES;uMiIP_cP-J=^vD%bVCWeI~J4r|E zdm#_|OXW3TmG?BWXJ7w!F_qxe=x;+j0&k8~lsqS$(tjD^x%&QY)=nGP7@v2OrF zyhqvKF1(hxV`*L%T2@qv7K=_v3>$^G>1x#YB~C^gnKgDopZD+1TrykdntUIwunXxf z$I$|MI*z1@?rSgb9Wb`J_Mu47sy|~4SFA)v3uR`x+6-I}wW5N-o-H1pBRi~#c?@!g zyB{b!s}u-~2)i-#3KZ_KWy!>BFqI#Ld{uhVO+3vv!-a+kF;95_d-pl(K0bwBGT& z5&2Vp5}LmtfB+0-Y4tAF zb<9Dyyg5l9T$=qY1`Ps{+WF1c-xaN&pxoY)x^Z8NPrqG8bWQmh9Y_RbX&w#q3R1S@gmh&pNOTBbDFBZ#mI_8H!3|MW4LZRr5O)>Y z3&P62n?6efxuzH0eE~}4WfNOH6t`b>zmufy(td{mEjWS}V025_-ai99gYuYxRW<#a z5d&LqGF!bw4WSZ$H$3`^P{N>KJ6g(c;SKhF+*n}1VDks~_U}dSZLtFHy3^O_?B4bv znO<)@RSA3p-G1=!T>_^4M+2D_rZs$B8CX#H3Q~Cu$7TMexoM*;u2z=9o({&@^e$Ws ze#TDzNQJGGx#soxr>>vZ4>HzTxx--zQJl$$h+3TSaE-&R7a#hs>)8s#o5ik>TH!Os z^PV!f3PP7-65bBCJ{7-~mG872t}Z8WtFi`cAATK97(H znOHJ)_ag7t%CT^553||pj*_7_`?xJ#%Q| z-hCguv*oAxo>7sEi&B^Gr8}f6ZB{7_1|xuzU3nOcJ;S3aa^yLD>eGg%Z826Q=%-eZ z@=WoBxVw%=)94rm`yro1z?WkN5vC)d;8S(6_Sm&OCRd!j(d0EKUnrttRUoicEIJ50 zIb^+;;#OI5=rsObj$&9GlSwrBXzOi^-gncQ}jH@GoID>WxK65E-|56>bc=^z>J&lph=36JE~&d?@ix zKJ<#uAPM5NbdC}vs_3OqsSk4(rmc|w{_e<+K~}`GaN_|bI9=QtfMxN);DQReJdFkX@>fLh0y-Lq~d9g-ea6jWS4 zU3Zt`@RXeiSl-w_IpgL=XRJS2Q#=a(&~yiYp$m-pSghmw=5h0wvJ)`|eIF|(@1@G- zl#9*U6L|V3OuUqAVSTl&cSSUsd|s|8Z{F$HOQpapEQaID#8q9$4}8$k{qAI%G;LEv)7x_s6&g}*{wg;}R4 zw+OO)HpM9`H=7{t-2sgmnwQk1{@8KLg!a%?ZkXP&+_?!-T1D5dPt2~YCww?)n{Aq+ z3xQP{JB>#wOKyI>L8MN}%KY395#}6NuG!?k4d!(-=2#jnuYNF_4cZV z^w-zdA5@TTju(mF@~ueGPY9QLo+R47-qqOio|}sYhp_@E`35Ex8FmsK8$ij%Agypn z0q$kd;B?`JtkDO06r@RV;DJmxe-!ihN@Miou&F21=HclpbrT2F3Z!X+8t%8!`18;y z(chLy8|LhS6Enb4p-M4If7X#2BJZ}6Rzfn~E}iZPFSiEo2{#&_YD{CM>Yvni#i9dE zZ4Kt;0^FgVyxea$+S*>%Hy(4DUSDosIuq5YlJ12+Oum_WdxLMErmNPdp_*05vA?+B z$6-=-=w+tpd-Mk3!xDQjxa^!9L?L(~fPaNmFzStu_#og2yl?iaEj0d`&q2nhb(ERo)SdCRFL=E_# z^*tI?w{d;n`X6>bsUj7Q8{0Csc$J37GsEMP~6V~mm8 z5a=2nSeXW*)c{4W8R4G0-Cq1Mm6-+W!Tx~^%dJ2Jiw&#~&9FD37ah_jN)gfiWP%Z0 zqYWXQPP)g(*1EawI!p_WdGaq$Oa9848nt_)O?FYe+Gu zi_eO^D}95T72|yHmdlc_WZ!a*Nj4{l?ejZ%T3j}I*FM*LR{5U`fInu*X5bYZ>Mwtc zSNMcbS_B+ibeLsul3F1m777$JjrqF*J~r~K{P!dcq$RZ9gANB`uN2fJGQ|zb)HH38 zM!AA5nec4d=q6i{{&t6lOqX-A^0-1W$x%Cmz|~Y#LybHkn@R0Uae5&7Oc1MbUm~kr zUXq{dO06im&gcJtA|4&UeoEhOu1WY(u%+IQDx{U`I_(B)6&M7~dP6^|dZw1n|L(8=T=ztb_EnJPNwnVtE`B}|gl=XM1+{8>JS^F+e0ju06 zy|igz-ZW=*-;4~okDdbw@=UD%NxSWT{HsATGRwajG?xqgvq3ZaG48)NXy&ZI7ctHr zKe(fFexlGg0xZ~`RV461e)1~!(oEM9{1$mQB(EYj>&^_m3HGg*ud}N!f0&VaQvZ&d-b&=lsDEG)(Y-SOy zt~H{XVrP!$irVOGrDtgL>c@_jIP+O1DaU{!H!_?B2N2yEk5#G-#+bV1>~5hIZihG) z$WQc-7p2Y)KD4dP^oYK!oP5A}J^7{V{bh}&L#%m)2vIrqkw&F;kS2Jho~Gmx7XtMT z{EB7`rpxYr2VY%$>BPtXJd?GzmJ}Nvhx^*lFRUxtF9Uw-{+n|6PS#CGl#MgiT}T!) zVAN^)$)CgL?C{lSv1C+WYrdH4_4CfAv&0NAsndKrI(bHq?u%g}o24eb@31~h8naoI z=sspWoLF+BAVJnH!8L~jb2F?=uaY08#$f?lBOJcQDMBAy)8t~K!);g{Tpe8-F)<|x zx^LgR38e)Wa6m7%mbd?6smzAsC*v&6k6c`VA)@n8l`6=7q*&|ed+rO%vYs<)umMef9Iyh{j8OBSLW^7wlRjB7GtC zOJFx|SJzQ}Pl*gPtdOQcM+aOlp}k>{(Rd}1zd>+rTp>@b8Jdq_s4cyk}V zU}YxH28D=V zj!u#I4ZSheS2O;Rl{V&KJC=p@!KyERiYk2++tj=_LKQcuz`W-6=Yi@nEC zf6E~6UH*`s{f_`An^!02Tk0-L=#7%FdubckZZ3F(f^IH)=1u$*?i9C=@C)D6T0;|| z2WC}ld2iF%J4`U|JjA7i*$l1vOXL-p}g1Av*V+Rtr9xDR>nAc`ev?#)(sqDyAuWVl4Uf8CA>92o$mG5utZe z`HQv8mCtbaMd47x^ZCuaFjhZ)%vkNpU>u1^(|Ws&p;7)PKYaf0lhq*vLVzw+@!dOV z{3%%v+q6FbRB3^ef~8I>OlZ`h+261%yY^0A7J=g4MN9M`q9gS)78D$+3@=%c2KUkah6 zNAJTa#-Q$gilgIxEkq9Gl9uSCA%DLlnBe)uMU9TFW6HVfP0lRBsbaug+uQEu_LWTC zD?TMB8LN8v*eNYt@U#qkT1__Bv{3o+@q01fFiv*ea2elEqp)AkH|2@SBUojs`v{CG zb0cw$+wcs|J!R7z$^(}H%Ow^tl?OJzOmdPfLpk5M3!g-aJVXqJVGqL=k4B-`iv)*eO%@7#Wc zHwe7#f0J##AHHf7x}f2qB@dgsR|cNDSJbzuYb1}9yGL-r$fAeUUElr{I5{=pjN*^B zchiYSHZWe*l0z2Wdsh-d_##=RID}9WBNH`jL+C6Z-}@|7GwsibQ@95wbo=Mw(Rh{ zLKW_#X`4wp#7$g*=bB`Il(r_YQ8sZMewSI^^5rG3?UZS4b@2dJSE#N<)WenTK37%| z;#&a^JsWCQG1&%2Mj))s8bcZtOi-c1(5<8`J}zZPLJIVDp~CR3q#3EQ-mQEQ9Ej-U z;nc85;{$4rA$AT)77agvuD#jkue4W!vIL;oCCge*B(nk^-N426wjN?xB{tw$##KnU zM$*Kn3F6U*EDAjFEb2=8W#fmfY88}j5{xsVpOE{5c?1fS#!$J^LDar5iOUsAD6?{o z_1)gxmNq##LlzKGmMlq2_Ug4IyeJ-wmG!BJ+yuL9r{9`>y(p^wtgw8{5S2CtCs@rw zqR%0+7a_RgS%hG2;la_Y3zgX9=?ZPI>Yt6DuMqpZ_3@)c*rYQNS4fx>J?B$y#yB!2 ziNoD~GVdKv@AH9%SMYJ%Hn&%8=)K#1Xjperdm^iN_ZS{ppA+9T!g$}E!n}31;RAY{>QwsAaR2x_Vp$rTVPJnpKEUwgo|))JLIe z_}Y#wMnm42mU$+RW>0vieheyxUyo4PsKll|8?;y>G|TrtbZ=UScfM^3_$i-rpGWxF zj2EGpVCBZ?0?`J#7F$DeJIu>ol}Adnmj_DUDVTi*nelR(87`o@*F@O_L2p{IH-xQ5 zmjq_yB{u(gY;{?BX;Dc0Vl+Bnn%;wB{Q!Fo$Adg${PoTBhB&oKgK4EHtX&EZ(WnZi z6_jM4%DRl9DoX~biC2F+G8n`9(3i`8anf3_Ep>brs|3KT;(&G8bZ*g!m1F5Hrpewj z{bEhHgo(Jn-rzMVH-We{0Cb^I@|tZ=z2{EFkNx75yy!iPI>D=U0u^KQ=DwxcZ}q*V zib}GI_u=4kRi<7F^mkru;S=3x{=M71+CpSJ%c5gbA#L{)%{4B!xHy=@LHZ5e9mV^G z4a1j1aq0VJhO1;;l67N7`(uofi#S)7IR1lPw{}s~YdfDOEaAugMp%BIBRxNDYurFZ z3kyQ`wnZP|rmBHAZ>)pMU-*dQK8c+D%1sKK*ix~5*2do3w*s%?DPi8ONAIaeB18SgmG-&h!7rU7;xT?I{jMi5c~1)bwgfR`8oB6-tUkl z^q(P%&}q)~cP|yMV8>A^l6x`IY^={8F9krK`Q#Aak>!#;z+F*+*@APw%x%{|O>U>#=Q zh!z`?^+a1dD`Rep!CAbD6M

    xz=vw6v-09LgRywpsXo>oIZhO!H~AbCMd>g zS@7~tA4-bM^Ka}jr<)5tY6>iYI;ARVtluPSuAkzmbm`v?yQu-C5gjK zFf&YWOvEd>i3*K~f+~-48Fp~We2e}`udlCNXhF^4lZm6Uzg$^pb+ldrl1DZ>oAf}l z-;w@?XgHfrM1|qkCHpvtl~e+s-!aR(cR2{=<-!c!p)@E#6cXn|W1y zs+7NnvwL{RBbva66qMmvNnLCv3F~kEg_`Aoi0aV`jlw~>+T#84ltb@BAu@9 z^7O`wxRzgrryBWxRuYGUlWgV>q&4tQpz(PNK1FV($?+7mpcIay{V*Cg7<`o^A3IkY z@P^MB`PZwDWy!&Q(ukkd1ER6^1+1QIVi}dOsbaPvi<2fNl}N70nY*cc-JYMLrnB5w zFpIuYmdC}gN9N1LFt2#7UFd}1!pIu-)lC=69!Cn2$R&&7FoA1^;_?rsuj>0fdi0|# zpLFita-})HG0Rx0S4k0X;t{xY!=78qI4oNrJDZezV_dS8Sn{~)Z;-m;^Mx>UOPkjD z8ERo;ntp{lZ}TCGrp&v5%>b@3oZ67+tDJmOqEno=3V za5uwS`MM*7j}&ZsRjAyx(!^V{N@E%*_3}*6?bzw1FSmX7&r5Zc@NV)CZCD+vel;DH z*o|77PHPDCu+rROxu);vOCnG3t--h$f6bK|X4tx@+h}~c8+Bh9#COO}+!#PztQqzY zg4>^WT=pQLqw|#(s&T@+MLs65IkKy9vT)*9L{>G5L{}s%nl;&8jEIydKkNBEWgsAv zkx|e^#sT9|#l!{n#yI#h#pl5CYOIf(KMs%Rt-sk+3XKzY9l0}b-mV`Fc9@VQW3^nj zCi|%L6$PdlIVl@#QmZ4~=fWbcdQ^Jv1ub^FEl>er5<61+>BGeWZp+c1YoShC=R4jp za}L*v$SRWES1H8khQl-|SZr!bNqIY$ldqQP@ReMXZCTK}e+`FDIh~xt8t?RT(LxLF zMizL-wxg#d7pro(IuBcsS>4dwEC9~2%W(3mBToNIbATEGgTwezC*E9J4A#nA%hRI1R`Z=w z!@Hm*9T_C69T^^iv=XlxLY{?p23EZDx<}p4?Q3D?vR#QZA=eB*2;e8Bq5ameDk6J2 z${XLN?r2J9e7qZ-tXu{gn7*Jc-${c$(@n`pkb)bLxDbC9IVMVs{U;()uT2IHXE|B1 zMy0j!hX(#!3bCZ)TCJH0n%t^BTi3eG0-IX0oVu^|%&$-Ar^e1iuvdnQ_#OX5jN73S z?2W?r?XMx-h}uR0(Uh$pc&S<^;^kgog=nWBJU zENB&wjJsy&p>i)124$Pk|}U^O@8rZ_*2$eK0{sQcbh1_ImsgQIVtu~{=dVd8xM<{ z5?5M~+SwDfdO5a+gzX%3{}2y%A%WSh+bk+YS1GRNP*s_l3DU;|mhmdDGKvUymo0Da z*i$!D<*v1@>-cakl@^7qYo(!ASw3va;8Z*`Ah;!VF++dIkkp<#SWb#@_$5N0_w;GD z^`T2era)5Z`Gqm)Tdo}!ZA!rpJ^jQ!7a7yDYBc}PZ_;%WgjX?+5%4zfL#&KF?2xejb zK6hm~2U8Dv3pQDWGf6Ge0M6=wMrNX?1*WJkj+ow*jL*tsvP^~E-C)<#-~|tA1lghm z=z$tX>WU@wqT5WZ!B(_wp=(aQq1a7X_Pql+=M&L3^+;Sm9&mG(0w%8AF@^j6)$C@lzBbQ3ab_q?$@lXt zzwOizh!N=n_HJ}CZgh-`iCy!Mda0Go9ATkjPrCY7O3b%0@ImQ}n9_8j+y*Qb0v}&k z7V~iZp+h#p&dyu@#Iy-|+`M?RaUzhc_JA6mF$aQ0#fnR4l@ov>EEgtU(WQQYiTk7Kk1Z8Efe zo@nQ~P)-Bh^Z5_pDwOs2uksK2L%WgO6m6yfl_mKk?0kr4Ck0l6)bLfzY)#*G` zCZ$9s805w6mo}+iuizw6Bw5}#ypf!EA00y($Ku+5TQOefSrbHx?LZ`onp79@us`IS zDn+fyK8Q|@CzC1|{FSG2y)I)I)$u7yZLv^h+|K5+u`O?I=j?iUQ!_42+4I+_BYKkC zxwsS<SETa{{evj<>F?@vlIBuHQdS z1-fJAC22ixE73GHg zE6QzdRCoL<%H8~b8s&O|)-uel9yTA5ZO6%rZaFEvS>h7RuW0c*MQcq_8(C_?t4oxi zsQd(G$Jo>!xs-mcOzoHE*wOKY$Xv7?;F?-}miWZ`2@XX|;P1qo)BjCkj_m(GG1mwA zJ25x=kHlQbpTyitq9%edP9r(NIj^NzOpMd>d~;_YviUBmZqEDqC1RK+CZ5NGpBxq? zq2EM}6E?v(rfiH~()iDUF4FzPq(>u+;_%*wHk?0x``vAEHEyxC+()UH`XP$89v0&* zY9l>ZkVrCvz2LJ711DX%6jR7A+c`Y)0_#GS7;M*jnj1mB&S89Y&b$kg{G|%4E@r~G zMBNBs&Wa{pNVqsmMg{*nGJjtOspp(CWp?v2K7o>&6>{v4j^l>Hj%?I1u>EpMt^-fP zLIM+;x^ONm2GlKf3bmgXO4 z@F87T@Y3K&clHaMJA{)(QZ26{_9;d3lgfjKP*$^`y#Kj@UHY=*TGlxPZ^C0pW=B>R z;}hAv|IOE9$vgAA>Zk0l5_>ez%qbcCk0M}@GNpYwAr88HkWQzuvM$o-(CLqzf55dlrU{InSJ7OM7&GQml)8@WZk1VAs-@yEg zJ5{7=p()-U-(2hr##Qn->7}I|eEAd>%W=)HC5?h0##?^1Zowf^lq#jeMk>m%BvtfH z9g3rA*eA7-LRncEndt3?fxSu~;$9h_wzl$F(@GKf0##&ig+WtFJv$S@l*xvS_WA-?ElW zArKs_O#l7WQ*=z}OZApYB!qU*3IU!b_NmMk7I@kBVk1TvW}xK~A3s zKER#qRJo9rhwkD@A2xKI*=HvC^w4EhWG0IiCHUBV=P>e#_wES^hgi zI8D}FV&PtOuykWmnPq*GEU+JwQ&C7koYhQOp2bWfe9n1(jf$5N^DS$~Ms>5?`UbfK zQ56qG6)$CMXXPv6@-#RMArfIn_f$&7LJjOGdi@&%NHNoZ-t+}IENQAop+4Sc24|@C zG+dh443c-=SVk&HE=3`zXhrm>Xj<}!Xlg~XsA!D|5heLrVC4Ck1ZY~BX@%8f0r4d# z$dN(ql%BnY@R7F4Mu~jl?h!ke`fySI3YPP^MMW}s?#H85r0)XwJ;d`xK%EleiJ^7n zCeI&}sfXn9$sr-D=;LC#iyWQEO@OZppdnulVB00FfqdtON}`7nL278(>mKV1^vI#jl}l@L@Um-|0X6^lXa)bcm@P{7az( zydjl*@4dQR(Wpdp;4l-qn09GM9zs|C&!waak*6u~MUZvLqN$0BS@A`MKkMLi<>A{P zjU3v3&NWGh*|f#yQep=@vI^Dwa;*E6YE28a*U>Xena3<@DCzcrRsfEbi`7l@3mu%i z3DT;L6}l>R9%DX#e0Jf7c8pyby27w0N~EY*TYFX%NtvG|Wc;=oQ)=<~k_Fu#IQivq z5)o`d*@R2(AL;WgCEAP`pKStN*y?bKEPn$^6Bt~jU!{4WAO7{V1BqIpUnZRP}dTUZT@xwnA zXhwbe^KCL=)9cGI#v}1p#JwjCtGEl&rXN_^!#7G8*1Dx^SCjXV>TKvnI(hS zBiVNtShtyDGSJzvfPe2^=w7(uUm;R_qhttS4q^V|(B56tkSWwbDph&YY4gl8r?D@< zLDmH#7$W$`VIiW?aA((sSZt*ECQCxd$-;>v>Iv*r>$ig*mI0zN zZWKsJu8bYg&zcgTi|7@iE?D>4A8_t;el9C#X5ko{N+9R}Lsr_hrnMFW~#oV;$IIh750z15UTs z!48!5VJ4CC2t;`TPA$*1ehz1D)<5PWDXsub*5N-@}r2#W;Ow9b0=Q+>Kxnc z=tRg4oET0d?|6^<5Sx>sUHZNx1ZSr#>{|mZ(8n}X2z-_zXins}K9P`(aRPPrAk)Nab3VLSW-0|X8Vh8GN?1!8)j3$fvB4&zzMVg>P(XZ`8Xl^ z*!7|Pbw&>CJck?VjS1)h`ntpF+VD)>8?@Qq0RhTwLIx3nctOsf%~48FHxG2Tn<(h7 zV;3+`F0khp7%~iDXNHEeE8Z|#z=f1JXr~O^q&)<;+k=iPzy-7eaL>R3#K0qH0D%@P z1_E~i6SQNa;ats|=OVh3C4dDZT15>hT15}~{hH!|*F@@sOe&)4Q@xd?vAwwgds|R_ zfK(?EwQ`VyZRGKp?3}WiD8{+G@9&KGpP6X9xgVh{ld`3`?GF)(=GCI5p}B3HJ4uZT z`*bW~AoSZV(&V`m%J)g#5C)P*s6LCDYohj9d}fvJ0j6(}t=L@q_dxgGagaW7`-Be~ zhDXrBMa=@0-@L1cSmi+FHyj*RfZD8NousuetxO5-_n@BxP0#v*5}9HZ{g^2&pNR=( zxyC4cG-{5xX*o{1$yrX&3nZ|h--GK(zMYh+9Pl@R|_nZUCn zWT)mENRznqpKhe%N7p2_{~@rdd;kG4IG+= z9;+1|26O~*gi+OURfLh5t2gDaex-xUFgQOCS(0PVLuZSXGB`FexRnA8 z80lzv{9Y){d+$j`ySTi>u2e>}ogqIb*4yGaeQsug-jDtq@LAU-o=hqPX+YwfMW|j~ zU-u&h7Cn!b;oeT?gUf`PkdT`2Nh!%~o2_li*R{X$<`0K|=gpz+{+Tx~TMKe2_E|n- z_ID#Icv?vrY#0c?#X+EM>RZ2!n=K3bSKgcf=%jde?0@NvM-i_~2z{D^e7@AOa`q{1 zVq*B}ebOezm94Y%_v#^=Ge-Tr_qGr*-{-7=4xCJq>7iEjG^$NsoX5uKwwMMjHCwXl ztFuT`3wG~ z^Iz!E?flXC%iR8->in*?KmS|j$Nr=9$Fg6j!2vjNK?e5kS@Y_DWzCtifUNnpRmisc z6kG3@c(|~OFa|Nb&+mz9FXYKPADZX5FxNa&3tm@%oVo8h{~HaOj!5fDCEU)s$P{m4 z|82`MCBFzb>w1Xesg@41hgE@=;xYVugtU)8cad(83CW#dxx--IcH$8Op72!#A6qnx zs~ZFBM&F>Xe9u&+*qzL_|5NCXr{oVD8MpE#Tx^m=`;8OHBawlfe8lYv4eBU=PlS|JD78X`TBFa>CmxS`(bHKWnX!#V4smg?= zyk72HY(DMg%jal*On%QfLK{Z!XSvnNW~@fv^yx4L-VDfhwMPAL+7319;ZoRG_O+TR zMy?b}`zwpijCIYme`%y=uL42()Xn$QhiXBiiRojBo1ILwkM^660gm zIu^wNiTvD+7mC_-8fk(Fm4FZ=DvJdjIFApb=6Y94cyb;ob%89kW~&Y>IekTm4Bj|- zsd8D+M5(;pBhSC*g|U(@<46tXljPOLoz^$T*1!5-K}hA$ac4mp?YVLtq%u%(5O4q4 zJIgZa(O$x&j!L&-p2w-I{7jAXq15qurhf(HK%zxcJZ6TRtdF;Jgkq4Fi<=fEKihQ{ zb?^E>O_^T^B~m8S4w98-M+-fx>b_Z{nCbSmBM`rT@QZX7NAJ zj499mqM7o>oL78S=_SYxx5~rRE1gODQ}ZzkE{3I23ZWmxCzTdqjArUImo=4jU5ymD zM&D-rh&<=o|L~0DfANfB_8*>s!?La0fXpi z^wePu^T;FeR5J^HLn93FSbL+`7JCb=Fvq0KSVLK~%qdS)q6XwHVjDr-m_RJo4X})f znJCk%k7Dh;wa_35Y6kqS5@rTTCJlRB*MMX%I73VrkiXv>+>ack*2a}WbTBP?#!fHG zEhk7z`!INz+%JL?(*N=sZ?4`~;$(1Cb%lvg5i3XfC;9NYJ7>1>43kXzps2`DBrP`i z(B|ZB!xZdf))^*tSbbjpFnqJa92%)vaNGY?0^9bq`R&=UUdyH%0x&^Mm!6Z92H>C6 zfASB!{~W(>m2gj>^e^9j%#SSCZJ%R=)QD*J5icI@xUe{spH$eP$D zQboxlwk;2rw~kwBnUvac>mKYLOpIe7g6(Br@WHNb7z=y{+KX31PKgyE%YQHqWH|4X z)Owu42Tmhsxin(LM)_MyEa%?h(7V;R}b08<_PCy?n()xAEBoB6fredS>nJd z@J~px+R{frwDq=B54JCCOV48;m&S+FsISu$7oUElrgYf0mr$Pmr8~JH>le^aNH5MB zT|PpQ)xS4T6{&5&8hupK!}xMwb%Cyhl6tYPH!zC01Hl@Dqw3gYO30qH4@bsf!^UMn zJ%>4@2%jMrO)p_JZJ_(PMU#`W5X)WFfHX%eDJe-hECSFOhE(+a(ixr#0i8jX^vj>h z3(TU{H_Qsi7IaL&VX2Kt>h#A7&iIlBKog>bMo&33f{T7Q|SPYgds=*e| zSC`e)TZIMAF~^r+qNgw~*huHA!+r}K<3`y(-~U1PQTJ8&7}+NCLv%(nzZPA|5t1c6 z6ciY|nM`5|I0FO&51BDtg&Tp~8~8)8SqKZpN<1edIR%7LG8>!V{CWZcMZ~EkAlCoB zuIb9X%QQz@L-g_cd}tqaR?B&#kjyQ2#7-EmW5iA@LZ8bQCNaY1ONXB|29kQn&+>}m zA{f{391MxN=Tmg#8*au;`_OJ(m&7c{bbUm_ zej{gCCNAPj1UsbIX3;JI3b;(Klu>^}DiQ*8HGVdH;AWjDDQ`tEDr~0#DJmg&4;NP^ zF09`H%y+Uqo%nBG%Xuh(DVb<-h|mdfx3aBz$qyQ@*28m;{-0u{BRNLTCddb!lCPe$ z?|rN1P98;WqqY5;7W~%r@jh4WnV?a8FfldRIzbYvE)3}y+JqErzZGmxN%%20%gV~e zdVwt?v!LFmZE+7{wC-)RK5~BG1&@~wtRPPY=qqaEnl8!d2IFR02~8HsUyk~y^pd|0 zOUTM@rwY7wQoz8y=00+A=Dk^fz?$t|MX9D;Qi`myk4%h~Dat5tpB!e!iR);RqMx~2YW%u_^}pv8 zI$bhxGso8Aj339QBOs-%K97{|ziYE3MN@5##aHFYJEcMwU9%Hgvkqtl;K2>z@H?jH znvKS$5PS`R$!)8Nd*zsFKpOxzEdbm&^K3eHuLZOLaO3U-?=AwfYA6cVLg4IP3_4ZL zl6T>G5e%Gh3|K3206VTiZZr0yCRBlKm8Gl3$uheZt_XEZNttO)yD#MNrlnKEJ^OhJVVBba~o&vju&*bVCRK!A8Jl46p%NfZ3 zOC`h$^b^t@!TBva+~(QGEvJvX;D62t&;@kO6mR+=fHpzh3n<-K?sgE+00bfe5ZD6% zQ!oHb&@hMq1mgM#;TnWPfr5V@6XSGm0+1y{BI**bO(1|Ela@dWMhxr|1ojOA`{ICo z#4v)uJ`W!uk9HJ~_5k#A-pva|Fu~tc7Xv{GBl_YIVBo@yoNk~5n-0)w5~yk zYQB&5i?cZLl?B)z5#P;<`igbRM%E7D!Zdw2V@a`1)gBi+#Ezj$Q4kLtC?Sm)7B@}a z_WbrsylLj(H3%u{!dmps;SM>j4H-=X9kUdu)OKmXqt^y1wK34?K?Nm|7Lnh5RAW`y zvY}=^Iy^RegmDH(Kx`d0GbLJBv<6z__)Ue#mC4%RbvSOZ&RK|0d~nK%@5Co5-fh&W zt@5R{@ECbpF+#3QB&8qo&1V376aI-zKb{^uB-J$R1O`E<|YD^8Wa>!`hEW}G!Vh{bS$gsGU9dfVUp3-0$Q)Uf# zemBio0doltd-*&thFFaXslloPBl<(&lBszStbW<OvgtnEw2c}Y4$;1T*kjAM*m~{{@}*#FdZOU6$wO{+CSpN_ ze3mCqArO9~Qo}o7m0LQrZVX2o!f=BS5g{;ktGrt0V{3!_6r-X7{k(n=aIHMv!zMhe zeV?soo{tf`1kB|^K(qS1bUciV6`R3F)xOsf1D~eB{j+a?>^~Jj(P-{+qx~*_!djmK z5bjHG;8XL;3G>U!*-dQQ;6KZs9)pu!0AVQP%pd(9CEHb}|6Q{EOZb5~ck3))Ha-JVRrQ8W@ayX>XtCG&zCzb(NeDj^|!Yu{3UAmin#YR~EnmEN;Hg zv_>#OJyd+`dem@4suG z%C>D}Z;Xgf22%}x7e8fD|2xKQnf+b-q$K+r<8TB2fpKNBe`DPI{|&}*`00=JjK%H9K=2u6sN3#Y(tChcVKS9|8$GYm7fma%_RYNfC&~pnL zI>7shQ1DCjB~nNQ`E8vS=0_7jueaQG{nZGA1s011C`jc@$YQ;ia0&p*5ncl*=iHeY zC!OpWsIy#Vts*H+q5OhKYb^YIeA=Q|{Jp)p>4F3!z4-dX4(IPm?re3bA4g{zU4e+n z$p@FcmO*Vzy(kQq)CRUnTfwQ%lYG5;%g(k zB`bb@Mv&=0#`S~2PIt^?P;w;3pW6**3f^HmUUDU45Gr2Ma?0#)vJB_lwp!*gBU{3` z;Mv?1wuNy1Qhu;5Otzi(3clys^2;a>`p#z2Tl#C>H(;Vc6OLbG5Hc%G;X6c!F43`P zveLRt6S5(G4dR}Bwi!A_dV^BvqpS_<>;(A;K9aZIba-0^CDHEGO_Lu?+%KZ`A3nZc z`@p-Dvi%yx({Hu74F@80-$l#o9Qj&wFqsNZ{OV6XWc1aoBQc~#AB;&lZC=LD*0gz} zKKE8zd5_?@a-f`nZ4wITK+l98e8-ZLmNK-~aKUx1c5GkytMP`ltBC^VFj31?(E;c@ zDC-ILX3*~p_LtX0oa))VXAA#LZdz6B)_i9^JBoLTukm&3&MDeq&aHy6=5V?E(R;j8 zA{GMyXC1ugs-EUmlCI4MhHs6ckgFb(Mb}P%Bkja6Z zvhwzbq}tVL0+t0b8icCJhYaPhB9eBl7UGRKl^qPkPj!(>K7pgp4s|2fUyU;4AGGK+ zcnHyU`th&ddJVKNYtb8@E41r6*Ae?8IF##yAfaI8We{QI*8(I}TVa(%Rr|5P#K3|^ z)WL%2X#?`$g)8o1>BD3xhynJLY?YF;zJq}%r;yBGVT~4wOA^TpY)NFDFI;fz)oDhK ze8wMV@;cHxlFdL&w|~(J7}lH(7)CXzd+xP>=(Ye3p;+-u*t;$G)w?Ye((QBk;o_GZ z$?Kyn!oYHwumh|?6WGI`TrfdzUcnj5L`V;91GG)N?s`U`R6Gd$ykhfPCd!0xI13F0 z42K|@;E1+B6!F8+H!B(1)zBoIPl)zWpcRVyA45cOjs}kUp!LMdx0@$L*)Z2x*`BWd zhq8B!jXwwrzE6+qUhF?T(Xc!53M+daC#T*7Z>lmmcQpDty@U@onhE@=g9 z(XS}U(R*70uFWpb7}KG8ZPP&?;V;*Su(sKHZ4riTP5rh2J!LR|uKc!~3O!@C_N?Q> zB1nKXE2DA15Yn&peM_h4*DaL82UEW}BX{ORbkZ$hz92_fOc@nGf%ONEjfgwx;ZP{a z56b7oE(JKRb51riiHTV540!yi<4^Z@#iQ$o)XP7ko3l^ol^4IPTXTN<`u1Soz6_HR zzj-+I05e&=JLW1&u5?A$j#DIvQLZ;}tQ7Go=Y`?<{fpj(bKYxL-Yd^}!q2N?PT(U^ z?xzi6z544yr!Sqhx~_%U+H88PBwu=Lc|#D~dUq^kc0@LQZqVt0ksb*Ibhh$%mvl|Y+EUi;v};<%+oUws2vpVAfo)Y4E=RrAZmr6sMU;b({RtHM{a z5G0X@wyduEQR-fC(oqZjJ&s;+zqluKfGD~mXrwmD3MnR~Tm~MJ44GWa4ADI(Gqf3_ zaKbD!mi`zwp}r(A4x}MS)8b7^69tgBv0*>SA6-{sC!UI&B4Wryy1;7v=|i0B$^YPY zoL$qEifzpdq zFOh(&)b}~IptA>;;Fp|}4_z_EH@jMB8sq>OeighGvKeuxj=_=%`fPnPKm|V%sXBy1 z(K=P`pu?YQfI37n#ls9$ZHDQ4Hg&?SU0ld(x+VKk;9~~dIgc8KeNM9)Rv(|+kIJm8 zFDZH`pOvc1mEFe*1S(lhYVPN4ZkC#6I^;+F4ub;_E17|1h%clA+iePhUB7=-S{5ku ze2D~wO~RX|$mIeDF92Xd^itGHLyP*0#1~^ilzYNhB{bz;y#ur?8B2!|M4E$S+#;DX ziF@bRq=LDc!t{L`~x`J9+OXd*`=E!KM>6 z_aKK+S{6q?`1*Bf@%-qROuQlViQ+(&CbHDRjtlFHmBqP6jz8b_Hny zWs+VFkgl6&5Bdp38ih)dUdGRyNN-FArTu1jD2=Sw193Ls4p0eM(TI1NoFIstWGmbH z#qH0>M_Jnb1;Z&ge8)6WwPowq)}C0ePy^mfN5IauT`V!Ua1GVAoxEV@Vk%xR3eN8@ zpNXddqM(rzEdcuZSY-V@A_*mZqq|C5<41>i$XPor0?@~_z#O}5xFaQv=1<Y9Z2 zL4B1G+>Ua;xH*_OBL?iUJ8^>n5szdgx)Tf76H^$DI80r37amW*TP9h!pRV71;LJ7o z;LHeSyn17^o#=rZ2$O0ntm}|dYJ$Hlhi;OZg|#4#NErw`_-`ZN&nWZd{JF@xG1FK{ zr6YmI%LLu(i<71z@2g_PmZPS_XD%>nE%*iazEAav?C;x?m#UM-JqnI1H5@55_ZD=J zQR(9XlWm>L6>Z$+3)FJR9VY@htL z=2=(3dM}{iK*NJAzJPz~&_}pzwM5>+w?_`gLm~ciDu=7H0kcy>OJCMDgNxV}%)FV? z6-NU;;u(h++fvTWc%5uf73Nn*bVUYWk2F^%z%Xv`&#~cy>_q^%1lumj1>bHFpF`ay zpY}kxHT4kiXzajdvpVae>*Z_wae1+G28sHZR}TW-$`1u4uY&h->WqCY4mLZsl-<+s z2YPSGc|ULM2=YSM>*M!^n&|h2E|DJaMs{wtKey8}xAP|@7|4Vc33zG= z72rlPtmQ2iVTc*{E~zN&tod=~Z=ejfm5B`bA=--XZD||(rm!xG+d$tl)j9DeOG)g2 z@#Ejvq33_up+1V^a-XWq5xanPsJg~qb|^#gF`JauaH+mD@r-J%wrcE>kpzR}w~k+9 zC%;*!Mf#%uHbd{l9Ya&&bIlBqY`Xe46zaO^+0$a>r7%TgNY+#TwHw4Rj@ookQ+-B~ zb{RlhCy-_iiSBNml6#cM6p4v}+BN+rNx3SiURqcdauaiUOR-uzLUT$CG$9hBHi%Js zI*$NUKQu%P)y6cgHXB2kAhN|(uRfA)TVh2}bW|-d|I*Ow_)!`l3fl<}3K$E`2}2QL zalG1yF*{xMXk8j&^vHmsqRad)Ij@3n{gJJpRw5?-=UhO`f*rT_Z`vdaIMd8hRfmF~D!k_v z_zyUX^CW?aXaUUhE0sDcg=xNxIwS5c^n`&713Y}%y} z$ySR`oDOn3<*_K$u8{b+LrRTKty(M))sE@0`BPeETu^6rL*v_0@+{K$nPIs z=lW|w$utpWEE+7BH+&!D|Hw{8VmXR5n&SVpb0jC`l6KAfHflP|p-Xq_Z&VW?XGP0EA@9}YkJw&bDNyQv`2E{-Xo(;Mc;xU$Z2J>A zh-(7HHgmjjR)8|{$+%A3UAyKx!?P&-;f7g&b>vs<9~0K?qtoc$H7Hz;6<=eq%GP7n zoGA*Db0brnjp&4G=o^T73RH5&agrEOSWEVJoI}5u1&_cPzoD_#kgvn1Mpuv+8&EDF zqv4}}@#WyN1jSB3$GYzF~>&LS_7xHmEN--98*~A%fB$5h?kX-#Lor+K6ta@eA)Sy=E>3dDT z?3d1>da5q;onm<|p-3|rk>0^6-eddRC}nv>W&}Q zDu{1Nd7czbp^;Fez#%MoE#J^DVd8@`+qIsb@c9xdSLLF&t{n_*_->pO{n2^{tPHhM zzH}3<8r-vK-2$3_8&)zn0qZb#a z-FvF)!Xf4EpVCI@Hv3=OS$+i_Rb$Ckd{>t$Fu^e6Go6BOT0nSk)O=0XGFX$;OVRGy zb1Z+PBh7J)ufHkqK~+0W)-KwMC~sXL({ob2iZ~y9MC*LKfv;FH{&T2+o<&Z^_i@A+ zXO%A3zC}gJG22A!TQw7@-L$EHp=)XDQK^Ou68nhtHs@aEx+wF-vv;mkA{qC6sOD_s zq{}X<{!C<-zsEJmqYJ2I9$vZED;}~j&KHLT+QeXuN!EN8UhN;C?xtS8!<#;ICp}7I z!_xgZNkEE8Y`e20GSvEYNI9pomfP%Fn5Go>Ss`J4s-8 z*(w>`bOd63x0(X&QgV9;Dw;2RPJhYwjdCBZ>-k`ut(WQH>*u?!)(q{!R+M@;jB8&| zx2_-Nz5iuK%~sgS&eqJrQM*Qz)wB-;!vNbl4KT-TngSB-FH{siVYPhfKsOSf`FNFi zMuUAMv}X-si0M7|GQb+dgzLpjV*2sb%pc^Jz5C8VTo7tKX%qrB3^zfSdBS0rc@n>Z zcMJ;(=|2EEhJBWKz=tP*ZrG1u&@(zL-pyep?OH?dwP8+ce8uJq7NXI^?w=*}slGKN z+DO`xx^%yIpQV~Wn|GTQBzYy)ZW`JE2_&s1QDmo;oc?d?FQFoDVu1jvM8DwMa*4P3s;pyrQU*^ zAw$er^gCGUb&_O`s5D|Arc}NS!7GoBbRZASgS9l0U2Zqgv&TU&lmaCUz=jPAav13b@0HNAjoq zQ-IsC5Wwjx#C>Wv0vETbX2&qu0Syw<*H!qw!b$UaiFr*}Rw^@kOO92irA8>vFT#`I zevs0enXFmdv~(LVae*u2v&9W1gASw(YStHR=xjZ%ps>bEA5NaQGX4D*NnT6oSvTdb z*)LTy346*{Kh8c_xi5h)rYi%Z&j#z2R{->;e!v0107E7qL&a0>Am6Nz zzmar10vG@WBxtUla`1@6T6mus7$LtwjBDNFRQee?4(kuIME5B_LBiSqbJl4OrJpm* zpA%T~hb<^IC{46-7rwQ?ed~gakHZ@;A~CLvMNamHp#pQKRQUdC9xfjJzNq3e%%RFy?>9*eXp-WE#oirIcS>1j%8|MA35 z&=F~K>OBh~()AL^99Sc4#PlL+&;p6sHs+H)b4gX$!r~@Lfz`}vO!O(q}KK1`R(PP>EM7pd#R)M3^Rk`;kV8UDZuA56^E!IvPyiLOC1A;PR9Q z&_4~rrgxEs#r#6gs&55xM{IaH9OWzB@ri(ouH$pP<-s^;rjGC@_CNkM>-Omx{!}|V z*F&SmRp#KB_vCCQyz6&){tH1hsGAcJ4y|Q2~*tPS1S;c-< z5ogR_M%@zc5hqyeSDYOuz2l_f`?Y~MQkSxweF4esXv6|+P+!FX)~iUs*Q==fI)I+CYl^(B z2m8s+`TD%cljLh}+ql{Vm3=NIJaKpAXe`Ew=@u4iZJ|s3otL8|&g++7KFq9LhkvyK zNzo5}uCPL6?=?lmwK0z6>HQ7(y0W67$k=1<{HCNw(WE}Re@$7rh-nD^L_|76WQeo8 zde*8ur?JX;PY@Q!VneW>pGCthS~fUn*A<)Q>}~}^_5O!&frjjgOH?eJ)`L%btsEx> zM~-qW;y5ZWHkgJmhC~(IKyRD#ro||9_Mvtwiv!g{Q=vz&9{2lGyz{dN3RxKuODl;o ztWi@cePUd)?+NUVvcUk2H?2vf+2SILiF+i;Sp}qP$^@jp-C}de z1ta@%0;xY(jDE!^ca}R|yO#}Grtx?I(b~Kt8Bn=GujdcR?soaF zB(UODeQ@*MLX zxJseqDb?w{48+K0ESh(Xj-S8N#KsrjV9aeoYO7wjLttu$9mhbh`w1#y13j>gm51zHGbF`f3YFQXphqAn2lqvZD_O{-W~lR+_qWosIdw zq=}h;X=1CN`?%(dnIALuwO^qw*i&a2u0+PHsuEY|luio2x}R*%iAn(X-kDgAck*=3_~%&;yw>NNk4u+ zar*~=qvQVtz!CVr066I35N6gXIR9B*Xa6OyIrU^s8d}j-{Dvt}42`@_TDtGxoiKld zFW+}_XZ*3Bk)d--rWuoWE3Gh(EL*Kj{}sTo_6NWL8UKFyXTQ_~vCAnHenMGTH_;eP zKRC8g&w|V5z-FSV(qGNQ&QTae=Ikr=|7<2o{G*x3fv%yR__B|D;kxa_#wwy18NbGllEzZCjYl8Y*(}>LX)P5 z9Z~%F^_S9H)CH%sTkDje*-fk&N57=F|xg zg9-QWn;$S=6#i3N<2;JVN?s^!RYX3Cd#En2S)J{FZ`Z0* zb$0z`r6esTCFCOErSvhSi9tw}b?o#&fG(lJ`bju%`N9_|--2{x*ewV_`5M-hKopI7 z%fA%ooCL1mXbtZISvVykPQ>fR?(Lz<*I|k}`*Xfb2Z$Stgar6bPmSPlTc<*!XzANO{GGBSIUvw82Gb#qs{Z1Am_7GZc;N)DnEJHJ75{$}Rx(*`IwdGIK)sa%)LSJgu0+lj6?0*Uk039jFUzUQx$dWoajmkMu01M? zKDAiKn>O^}xUP9vlHXJB(mo{NVIJxb2~G=qQO?WjTse3jWX>&ip7-P5Q2LUsibBa& zZ83_#?5!tjwc@Ty9K5!E*nd=c_e7O8zNxMdq*k9@yG2VjOPd%-cAG{s!@@ES7vl5z zye@m(6g#_z`8=B+u?y*S2sMUEWKp1((tH?wfAu3=S!bI52jtC+!BhP=SPP4S1_h%# zG_YIB_((m zZfNLmzqX&T1DO)t65l z;P<9%6f^9jnX&%2_*(3g$6>d7!zpDMImd(CJd9@6|8dulw?xw8Y2`Mp1?GqHb2@C* z5%|{wA7yrc#*9-{pQ^dQ*2&{cT)rOcoUAmH8dnbs+?baxpAQQ!uWK*6=hxE(X0Eiv zV;UJ?8It+&Yl@stv+nIXHu;9f?8US1Tco??ISQL=Xab*j3)}BovJYw8z3gaFG6hcm zV%+IV-z4I`$;+N8&TP+eC+R@UR@&S8#Hm|sMPOoD3TNN2pHxh`3SHe{K)a*E*cul; zyQ|kx$jI#M=H!s$)g9ErW?Eg=GH#1z+&_IyA$wkPo2{dfs^$Vvtc5vi!kD#m-c9<# zvE8n-%UM9C=M&%DRBX9`A@8L#FL*a_~A)3_LflZ*5X!=zEOA%?f zB^dbM-5S)r?(h?692WFydy{BrOvHYJ`Jr$$==yc3O19VrfrADG=n=q~exoQ|Dzo7B zhsKFcc~np8Lu+tFbpLX_5Zlev{MWbJhOgQ_FOTcDv1>Wu7dER2Cpk{qo4&eP<4K0f zH}B*d-cZhTesc=eckuF@?MXTyDkn?D$IyP3BpRyrPhGawiuSIXy2kC1NDbRAD6Q?# zDom`TqGbE2XIRtsy+jwo*JR)>Q!5*OR6WR11c;XJaEE@yT!N=pFZ@Pv4^o< zbZ@_0=l`54!s{~~X&ws0tG7Ro$MA+f%4vq+yd z<~V8vdK(mi9(Av@Pu?!(rKL|*UiedUK%;XlnqQUvOGra?6#-B}_Dv0ry^r z*W#nT6jJa6^pP85M9L(2DS9B(vQSowNKp1JHHyPG7pJ0I$>>{xY9$1CSb8aL?{Ly{ zkS^#uC_WYEj*AQTo;UJCxsa=XbSObHEN4lUvhid(pUED(2CnGm%`K(Fmp_$q57^WO zOEL7>09?Q{dTsoA|NJ7N(GvrM`MK9FRzC1oZm$}I6{MtKEp92y@@L7=J{S4FBOF{K zJl4t6V+ffYz}=11km0jX7<+cOaF)02E3U!tG-X*6PsoH z$=$6DgTBxJ_XPQj|9e^KzczuBVF@P*q$eVq{h=q)7RO3*0`1Xa(!S0i+!F1^gzv)? zP1sn~7>o^cbxHz*d|>^yMS?rkLIa85A|8}Kltii}GNr{!6(jS>km>#rLjJzOezvuP zH3vuZIY=wHf(h|_#0hMa^DQ4bK{*av8@U{!UQ-%#OnkiO4#J*_!63OCooT5_D40eL zD@w&^pt8VhUXjJQZx+X$huT9bEK=TN)n7z+)%b~z8Y%&0IUt!i0ZM!I>TYzcUDOFe z@mNpk0<2|ggRy~T*fQu#_$JAvFih!3&0Ym8noxbf0`|mT#nP!T(e8gRX_8Pz&Z`yc zLrptcqThYCPIpq{ZKX-8CWn}`7_XUS5+u%jaY&n=IF^IXsnhLdyrUMp$rtaxk)Le( zSeJ38W$aZ@prL_KH6>#5))fdreE#ZGRxPo$_^( z!fLMIpy^go1Bk^rQMfj@V4#;x3<3Rj%JVDF-!<0w+m~x~#gIrRsyyBQ3_cqc6=DyM zdAd#|%Drst*U%Xy`gY7&4?kYM8~l1D;UIbz^DqkFJW3fs6<;BFB?cKey7WbEiMK-W zcgkU|uC9*0TKNsl%X4lx=ev308q-m7kmk(W+ckgA4s5b|jG=HCOng2+*9@hHoivfd zR{rmMNlg6Sb{?(ni{`OE!jvL^kDyL;zh+V!tsoK207|Jh`XwfwIp ztDtxE|EfLtK3f9g&(-5x*O$hB=#Ssl{t~QX?1Z?GN=sq*G~Q}b?L;oc%bmQB-GQ17;tbsIqnlD8 z{f}OlKw9;q5$ZofaSZL%nOa;bw;I=yUcM96--=?5nfGKF7 zYNkIj6z?A{FS6wymzPry?cd1Ig22aDJNNRn-QMQ?U_2ggbQ@>X0K?pxU*{SB%C5E@ z2C}O;RUZF|kR$!igq*8zAR$M20{fo`Inc8Oe;Tcbe>GY!$;PE--G&Uq{Ab9qEp^qW+l@V8k+<MyIJL33-w*}-@)^$# zXgI+$xrgg-zjV7EQLXL8JB?qACV1;EZfI+Jp|!A{1?-zlbJQW9$eI~qcD`9OUq0p$ zlJdSonF|WV*HoZjBRAd2jS2EH9}@VBrq3tJL8&tL3L!uLij~u23*Q6Yam*o$6u!g!s->!Pu zu5wieSLmhSOk5A(9FOCUa^iGUu-vJ9vm2e}Ni7T>FTp`_e5 zh;U5|iC%?0(0z3Nbzc5;AgiJkU=L(f*vutj?{E&-Kb>6*?0MVUOfCUVL6@swUADy0 z18+nCt>vHqH34`)OOV$g2wmpaYGg08b?Z=o7sw;%WfCQzJHB{f`=ntPmPT}QpwD*% z5w8n{f}hk+^1)AXrJ#@P5h10Z#Z7P~hVaLe9e1lR)RBY=9u|+iI4^v!`4>N>bMpq- zPX%az&yb5zr&PR){-C`jesT}+Ip|0Q7AK_(EXWBYuD@N%zr{esV}Ffstu!Nr^)3z^ z&EmQ9cr1r$>SUl^R}x<$M4>q{oqJZlw%7kM^A;X%4L0t+RAU2iCAJpNag)F zTG5(xbB1!$Z9stn^py){)WTOt%OSy{u_d^TCA>;3{Yil3P^TXYSS1$pimDb9&AG>m zzjZOtaiToiY+{_}D$PgAV=%Iv zp8{Kb1z7U7U9_@^u-W4)0LUS!^1JSyvG(bQ937AgAfAAC4!%VGJ#mF5uOcP2O0knpY7Z)RK+#~Gv9*NvI*T$ z>H>Qve6e1BH9tdf5S}KXU@3{HJ;w;99&9}auoLIJb43fQ1+EjLvfKk{Kttq)!J2L8 zm!{HZ*fK$HZuen4LQ)TyDZYJRFYlErZn%E#0$)xb4=x0)!G_BLQz{U>Z2{Q5?$8{5 zH=q0*%N|a4Z@>o0zjSkuetwU#<9m+XBzP%kjncLJ1+ir!v^^RRGuBM`5BT+O-9PZ_ zV+@uLQ@{LA%dpoX;on7!91J(&2^LL(T{5!2x@2QL{Itrk%|;URlCvE^)`zV*Gtd$L z@rU)HYN311DJ(4^-zdcl!~}9>8Mw3k$+wL~<&(t^vfl`B^ox{bNFC6OGk@@Ter&F@ zMxRFQzH8Nhj>}}%InsnB8gZ#wH&fZ0I3BcQWS$PBDcx8dlzbN#?@tA1Cpa4C^w522 zfzlP0*cNFvl5%OVAcJ0LW%GM?V#8L3p8)NMG=Lt{e=Rqs&AtoX8wFOj;&_|BqC#m? zu>XD{NQ$}($+j>2!uf--X;jC%e*d>(Ok-IxZ=2};{-)NAK!GkY>p@yN~k zn`Wi$YF)SaGrFtCvyoVeN50HidPEm+YWcAHo*h+lXzIwN(|+Ugc1`>&z8Az*8a1^} zA1k~EEmS1J)V_B+P>0jt=rvb|JM86c73FdNJIs6iOBXM$%e4kwgAUs#hWVj0YZRn| z+}};>_#V?$>~U&#bKX)d9dxP|lt<}Eb3ARe6qd0HAj&ofW%>dL*D zrysoLBrh^loo6pH$u#`rI(CY=pOC#6;ocNF$nt31!T5w6!E>|eOzUDJ)*b4-T7!)b z6+wcslWX=O%r`N4iD17YEXjA&vIeTxG^8xs{|yuIn^{rg{A!8-p+gxWuDXcRpL6 zFt8alsF6ongG)mFNKJ`ya}~u(k6E`#!4bP=0t0EKO)-ZQ6y>-_AdJ9Y({y=Q=vYxg zV&>VCodjCp1Z?t1tB2xoNfUTH!kb@6$0?Y~Va7+WNs45;egi~2J)UHkO*T&yo13LO z)(U^5%rBXrG`g3U$Z91_XhzU;JB2kQW;*tUq-OUy) zw&qU!E?}Axb$Ug5fsYZ#8HIoQBp9b(xKQHl& zIp2$V|2Odu#(J3D1o1bNmu~E(TXst9VI#O%r&a0lh@k?5%iUs{20%nR%(+D+I_HTrp2Xzd z4Mf^J;;V&*G+4%o>WX%SbhRrdf_^rHSNP){1u

    3Ii+)pmFxFs zG5ReY9cj&AuxxrVh#OpfMOqSCBGJ2Og{H;Q-l*RV2X{M6Lj((MS~PX}O*l6V_eIlH zHA}s&&ZWl6P9*XaLxhGjze&yCHD}r6Kdq}^_3l6>K@yp?v1cFqX|LHF$+P0MzLr@) z#*5sKaQb`Jj9r^2jY@ip-lW^e=ANzu)gPk7xl6IH`eHDkOUhL`T?%Y9@IyW0Z9Mco zXS@3Fpk2yRlk@*l66nN*!S~+J4NDzYRzp!BOARCgWkv#Cdgq1#WWZNJWP*rWKWG4! z^+WOtzlL2D+$fv}8q(IC0$0OVy!$!BIv++~%t{4FL8!uZY%P_ML6wnn1{9BN zo^rj2+RY&$6H6-YIY64^KuAlyvkO)s6A>!F76e|SZ6cL$v9;kS@JYmH4Y%UYcQ8TE4@toxxLtSX8ZL{^%T8?;io z^=E-Ba=_c@dr8SOO15AqQ*TL3xLj3zNw3SNT+Py_s54(fDECKf9R-eGdBQJv2x-bp zE}^0VB&zti-VnNC3#5HA1YvBwDXHyOXe&gm*oSZP8MdO(Zaj}etFD#;{2xL~^L~N0 zO}Z4Ia9xi)=5TMMt7yHiQ0$ryAkj>$`r z#4v+sgbK|yc(Q?LB%QBfgNhcHJ>2%07Re&GLBGB3`!FN*SgJ%c)?&GzCMjsOOqK2h)Z25#8A#0F z!E*P*wcz4N2jjq!n`zQk{EYrwo%?4XP{l1aPap2eeg@73Pkg{9c#h9Cc;=Zsy9#6< z%%)GBs zVfBNNFqVp#|4!AAXEbKYNVYyJS!jLng+azE^xFU;#%Cn)>sv97JP>S!lw2eQn@ z6~|#DkMoIx(gN?nc65;Khj{Q|fkzeHVM`X{R_VdT9FS7Cz8uzB&9WIK9>NGzW;(3$1aHcXAm%}p5Xg4 z2q;VN;~E&wrk_bw`RRX?<1JdrKi*MP2ITb{t*iJJZKl{U=l>ir!?w3hWuQyaB{^cVv5nj7F_^BJf7F(}#Z@>! zBvbfGry>xNTO)g7)U3Bap=cZ-6?$EjSP}y_K0+1w9qdl-^u>aG9wp!GHNH-0-khn7 z4m&1XAchOuI0HW*l5`>O#uL$g`oUzqGfkffQ~n^NUYLUk6Y5$_d@vuILoOjB6d7I? zekGb+S=6g1l0S-pSg`;t;_mq{t&0dU3C)A|uh}57scyVa&>UOHxx0V~Cv8|icw24U z;BmuCPB9)i1BM;=K6x^tDZNSCG89LpPQseC^sH%hn%Mkw_$-n;T`%07_9XH2k_b`i6OS_!pV)v}6Tq*CzyMnb${CtYgzATY@sEzjBr{2Je5| z9uM==))L8~$8haUvITMi9WCRhpAiDZS1)JV+g~h+IZa@!F4lb9{DuNT-g`-ju~>!< z2osn}GC~dTt@CvdjtmOc)19a~`f<{fWJmkQ8PPcQmwj5p#i9v_Nz+t<-#X`?SA9Ox z8>aPUe-fIN=#Xlj*+86&61VRCZAl>93PR7 zkJjjPt_GD2u32*Z99yo&>WY@gTDfWfhx8qqCNPr0Lvlvun~Ceej% z%n}+RM5ZEZ;m%s8k|ct%SMJU{1_)KR;FxLY4s}FVqmnEojIQUv?vBZ2oZI1SJ{3Zx zV(#7JPWVJzA-0LDX|VyO zt3w1!_JbY{7ZXF^9iF!a19ywH|fPp{M}!mkeu*@r5w&%U=~(IC3HbmpW@)^M(OPb?ZxDWvW!PLRa?2(>L)inPx>cn%$eKoVGFq~d~H zD&V12Lft<%Q>Ll%v>4((eMyX(Hq6VDhDa&U9>+=*^-vUJjmIg&)L>!lV-`(r`o%L;n`tvOt)+*wQ0h`Z|Jr$-8fiDV9Q zNM3Xdn@Za%c2v;?=cG89s+6PU6U~s3dR=^?lRI;#bB!A6m~jPlGz&W7D9xmruhrEk zS*Il%W8oGMw>00?-Ht@>LhvdKW@Uni*d}Q(p8|Gv&q#}H7FxNE&DSiK?0drROK=rF zY*vhgcbnWpWhWIkJqT!ryA}|E>&{cak=4WmCvEp?#@QT1da9!`#fS|$S9!3~Z0qt7Ow;^i-<4Ktgb9ppv@P`;m`>?z6hrqaqb} zF#4_P6tFg{WcFViNy<|~TmIxYutk;{D`r7%6IF~RB6Kf0uolF>lCF7~+?gvC3nxwv zBb?hfUmHL`>w5Ctf^+#Dx8&=MAyjgww-tEgn=<=Rz4(D!gY||l_FIa>umOIRf$-oRUEPZK;nl=mQyyO( z>+aSmu?6sbn023|9TeB;FY#xt9;;dIOFV3BMa!}6Az#B8%0T9&@SN~=3cN7ra`RI$ z*axfsCcPud&G!A~jg7Xs@Kb)b>2X!%bS&^}&GXPkyf^$%4jFkcWocl$pxKc?WWh5_^T0FN904oO(ZF&NDyUTN`e-4Ue5yG7nBcIE_4o-sb|dzaeKdvd!+Ug&?# zrS(NjumuUkdLj?{(gt>Fy~ixcM(A+0$QxhQV^VAPXebb6Bl!f0Y?N!K$_2s-E5#A1 zHc{aOh6-tXbcdY(V}6~hJ1O?(mHNamjZHndRZf*$4qfus+*$?0t`@@7`DbKJP4rZh zujANMfX5ry5r+#>^kc#dUU2@D7}bjRA#DmMg<9CdtO2MhGwHV3VOuMQCj|Hw>rm}& z7tvNtiHo$AN64a!aaTeJf8(FpB|B1~zX@481!Nwu=^oRDsAY;I@2SaHDkRH-2_48q z3=(-;=ur#~2=>a_y<6Zw*6q|f?p}KAP1h{++K`kA7_vC3MvoW?$<9tG* zNwhR^YzXQ>*8XCE+hqd9>Yh`qMC`}zZuZ-=5%Z}F^pt7agfN;Csq8;ZtjT=-X*`7a zzwJdyF%qNJ!u&)7?$x)EOj^$h<4tE8HC1cQ#0qf4`}csDw;1qme#3>p$yH4)1bBvJ zUsLkVEaUiVx?ocQIIbS26|bD&I=72?njAhp?zthPAus^G5!5X+UFiHYICR;INEUlh z*#-NClu!6MdX-yO92k++6w!0?WY@iPxs?MSRcge& z2s_E-3W7BPWPE6I2o`P}zsdU2MC%z3mV)S_PnlcARW|VuX+1fWB&)H^)*$N>%5xYY z9S%|K-tQO(K``cgIssxT(6au=|BrJlMk-)&bH_u*GvGVisv_dtJ-zW6$+tW`nW7#W zxmxd8w?)xO^G=Aa(2=PmWKMsj(vMFZMnOVq`Ab;$SF!ENipY)cc%LN%7oPcgfo z8j~d@RURqIBBBvZKCdE#x=IXSJ$TVTF}^>OX?D^!m}93O;Lyx|>^C~Ea$08}m(4Gc zG%OLpA?WPT6p`yp^jZS*(Uq zpg-d$bMz4ZZemJ7lY-sqXX?A|paP^WQPKI(is4B6vfEDrJ@%dvBp+y=Hd&i{4*3_M zj3M-49`jhL7AQ175sJGPZmU1@gg%~lGTB^6t75`Y+z4spmt(?#KM@xiD6FNIj8002 z@fHM!3gb}SiP{=Ygf5iE8QeX%7cWis;Xp`EvnK?c=vIYJ-oX}`Ta`aWPi-#;IN3n? zG||lTlloUVyf1sPM16R)Ubl$^3P>yVQ{5fOnA9m>`Ul5doSYIM6U-`r5h}Ybx9Lm*?g$qDP05 zZ2yP0w+f1bTa<7IcXxLW?i$?P-QC??f=h4@?h**@?i$<)1eZW?zeE15r}jSg+=u%> zO;Kc^Y927cJS7#PxUq zwrP91H;UTxw8PLfF&s>tx5P!?H=_8>B&c{D#bJ)N!=Jy|iRFDU0&GMSPI-uIKcYR$ zAv;4+dX~)6`761=UD8Ft^tMXf1-YnDFmrLLDSx~T#B>;0HP}|#7_+@7vzLX8KdzD4 zRlCij;H%KdMj>1XlW@CI1%9O$D*hPL)wY>vL5+6cYzfs|x{qMyjhfx?32!Y-Nsf?q z^VP6Y#~sQcMI(wx6j%g5L+nuN7@b4eq}9(09f{wbuX|P#UMJ*oOGXY>f#PzTPzhEU z<{ORUa;vg`Et!q)C5DdxEBUo2tNj-4Ingu+vJ+>|@03RP1?>EE>YJKx2U=B3GTtzO z=Y!Xi(*PJ`96pb*HGD5vGrcSf{7c_+5$yZe^@vMYXD61Dh5;-Ag3};L zjb~=tWy?;$bRfHR;YwWe4n1(V<$0cmAlLoE=J)EUmdL^3J$Sr)WJtLBu>S_@nQtmV zJePm-{nok_ZQ4~|!j_AH)w4sT34vBl*!|W<(iF_Vn}0+t^{WR@Kk{!pVSkYk2QnQb z%Ng>1HojtCdu%NFK1W{KzPiJXoPN`Lva;vOo^ z*fP=9y7tXWqGgb1S0L4KQ!O+Uj=>vuiQ+LXOZIRw0M|~&DDdK0lK!PdZ(rgCHZwow znjtkGj70ncJ3;_p2os7-QzWGfV(&U`r!E5 zr#KyTr3)Oyx^k>aG&XpHHHhNAfacUKdxU@u?t}7zNp}pWjn%l;wi`X0H<}jeid&*e zNeqp~w-3Buj#oKJT=_mfa-a`6SGvE_yF4yjniMBF@E>fV+PqXubzsPMRBlOVE@(CP zNj2xHNYh)aTPpcQcGA18H)Y1#H#*qMkLrJ=6i;rMdQ(-*_cZZ1!(F1)#Yex_&8yHs zU^cFFf}-zIG|5=e(4`f2`!zoyKa0gZbJurZc0NmM0=~GgA>F;5qObZREcHW+kLURn zc+}PlW?vt{6e*ADwAQ4&nHSLA+t)-^9v@^0)~3ih!#^{dqSlc13pjXt*jz_mT6lD) z-;-%qIY`u8%_)p2Cu&eBxW*Jrr8!d~Kw4~&pknuNr5c*H_r!b(WWcK8%^7!KobPT_ z^w-J1r4PexMw7lh&TK}p=800@6e#l$grqpozqtwa(W5JK%GtJGf*z|yI=ruXY!lpL z4@!)j9zhQq82IY z`EXGNZa3mG`zf1>Ri9WqSlBcP_Osp{TfMp?`}fdmZ{Zs8_(NmWhvi^<=`kXWGJnE!!B0x*-?q<3>4~`qvSeUC;QBi$p z6RcjssW31r^Nr1)qJvM75Ukd~f+dz*;7Tq?{%(PB%wPI7t3;j+c#IJ6Sftn>IK!h1X&pis)b_kdbq346nW)Rr}2ki@(c4T^eV5vJfOHc_WlRacL|-Ibu{ z`nVW>QWG|Y;j~V-)4UY5rcb5s&-$p_c->qMQGPXF$+wCg12nVOn zi0@g=w7szUF!pt;QYRw!*71V_H-Pi^NB)v>PlygDP)`vF5Kog^)@_6yy!dEN4pTWm zPmnvbV-X~zAbud%_ZS780my;RZ|Ct`&gS*Oa|{j?bi`hKWLg#wWGgn+9pKZBwa@S# zk!Z>kbf%$ddO~XHjARu*S}?DqFZ=mZ94J%xAAN>BdQUnym0>Vg$Fvie3u~YV4o2um zOvUwJC@hlI5?Bh?&(el}y;=?sg1x+UO{z4PT{nOU3Vw+wDcBRi~C7E?C!-fhP-e4viZZ^^*+#KW$LcGr0j z=V=wNpYoOjXKQ1oM{7yJKDpg0+Z4R^@6#Qsu%J$m=Wr^HbEq3TyF@ z?{!Pg#I_sxsLmmJ*&W)=&;h*%AWXV4&`i2_ zAn>)skl6Y{FU$R{wD1PNz(gU6C~VvKB@P{7(oz)4*%eWo`va?ig=$Y^wMpAdo9NCIBBpXpBk5XDbu-F$U3Vm7J<2}{ zSukuu-=p8(>Q3SIIET0g> z*roW?Pgw6QR!{o;K+^bOG}zMrgdOx$gb$zvOvDFHXx773zHL6r)v=Z*9$$<*Csk?e z7waify6PJ@`OEL!h9p*F&-r@3iqWI;uVSk8W$AQ^5iBI7#&OV-+a2jM&j~E8u(*Pk zDSt5nABc_RxT(@Rns)LN#o7;PU8uk;USb=wdU%B|$tk=? zV3}=r(&*)DoHVD8btfy!Bhgv7c{%#oE+)rM5N_2;u`@14Hh|=>-DP*led}7V4(Xwlv>$SQj~mF*v~8W_XEasaY@iyr$-D)J!)YicE;=(BTb1e)?#>)Lsp0Rv728$A zV=uj=yd)*%)#!4G1i`x5${TQv{3p2))$}#A>?X+kx>|F_l0GHboAAGI8#n(KZX+DX zZE)eWts8XT57-Y@-F2fJOx8=}3<$`r&Pt@I?*_A!#!qqK&0b2Ja`KTng+e|eu(6I^ z&z_wr?}8p9<3%sphTA}Z!}K0?Lj1^u| zGZyf6N@(7hs-^|=i!XBipQqoG_tUQ~X|Vt9EvD2f-R(Nh#^|2t7K$075$es3GDaNC z<1w|&{r3T64*)N zJzem~<)+(D27x92;zSAI!TvgbnGzNDoh|nW;+#R-Ak7zQTqG8~lRh<`UHSeKp6IFO zOPAtGmcYZ4um>*cptQmV0m$_)QkFyqud+wH-goUEzqv9~N>g{DfpO|d!)ia2j62~- zInNebOA@}6jK6ZGrg1>lH84YyV|mI#qVeP=2qKc-ND|i_AW`Fi4*JfAv&WMwCUlpem(EP-4PO13sa9l5J{AWs!VA262v5(3n ziY*=;qbkzRstyOw9uuC2e0#0X4+fC*4bS~)hZ78RE+L$573bppaygAsOuQZ{ROzC8 z$`)@c_2U%mkwm*~h%r{rLWeOqpZXL&$U_MJ2*u1}5(M4~Xr<($s0rcciOu(1OZKZ7 ztVq#`5WR42)`E82Nu+4qJvKO?T&YB z;w=voq*1cBIas?$^aoR~vD-(;o`=9I8A&vlUmpaHX0QfL0uK(LL8eaxdahCi0uMY) zWi=Kp zDDZ;_FaUgIB7m<90NDeFI2Qoifh=PL{c8u(E3p&|nFcHn8sG#5_{;)`;1LEyv>^eE zDVPBR1UM>yh<12ngZJske|ZWO7%~B>q7XhH5`emdgt|360U@X)0WGL>2clR-4w=_N zX3|Ehs4KluS6K)wiLT=>+?mxN_ngQ;Pge6ZS*M5w2+`#bkGc+Mu zQ{4pULv?idchrz`xu#xVZ{KhW_nfpLU3gP4Z{HB$%&A?rb=d==TrvpZsZ(!J5=cRd zpe2<=U?iP#P47MzD5Q(5a3K)DE28A>Jm&8lq>m~(b&O~c_C!IL24Z~s4nha2zFy3% zhe5|se4b~A)k%e_f+gD#xQ>>{PI9MQ1u;U9z)S3bKtX)xl}I3Z&f@qfgzgj(l;svW zDa5o8WC9VpBb3eW%kS|g4{EprJQrlZCATnOr|nlz5Z7*%b>56iPfTDx5mETb3FJ@C zw4)yh1}nUXfzQaq9|iq!r3L-3$ay24NoPF5iup-MA^d2d!7tKqZ0)9kXR`JHs+z)? zUAq-A>xTglDd00CdHumiGe)`Ia0&2v{lgOBGUdGH#jzelb)f}ZS+eeL2u!0@#_Lu!## z2h=q?rB3Pao^#MX5Wg`r5Z{f6cv#w4Fb?=vD-hoUmpc_^G!P$!SV9o^M8Q8#P4dOnJ3hF-Z7f3)C3Br3mk`C&=Zgr~ZZUFz44D=Lw8Tf84JLUe2 zG?eIjg_cS;mh6cOB;brD2#9$=7{o^Xx(i$eme_z=u1m!Jx(obwRwi7opFWURvHe`$`+7uZr`l&7@-%CkX4?s29C#@qIWXy~npnUCjw41YaS6%>j+11$ zf+HqY#F~9FgPL#7NQ-TF+SV;fCI3J?MeH7lE1r1b42uqip0-?H^ZYs4s)Jt4nVOd? z1=5VE=bS(+z9Hf4*8pwXw-hy5wUfBNWb9F1ltkXtL2J%w)PN}kVwWj zACSPpN!)Tk%*X^n+{BO>nn&OaHEu{5)7lFWG^1uV~e+lXQ~nyRpakJf+9YXlkhp|MwE@ z$DcLjrHfXov2h#=&inBN23kHZCirU zYkx|{7&fdw#zf9->%mJs0p#AU)V>uX>rHeyYUw}JBcZR$zvI55TcUr@OtuYKe$Kvb zyvHUvX#VzJ57ZZoGE2PHPs%^a&1JvM9pAPMOZccyvrX#%Dx2e9W##RZUs@H}7l9YV zmi%x#;j`4Z+)D6JkTUDPa4(3BqKOJ6*3SQE#L@q8fCi1`C2z|f&UXPTtKdu)#* z#j$U;h{IzX52fdM`UMD;)1;+?7q|LJq$0G5EXB8?isKiRrOG8h|1;r(Y5RX5eAfPV z!Uy%+6GABIrCO`pAGJsU;uaArX4Ayo2pSy5|B!4RT@fv#1aTkC!Yw>Bp7+4QG~-Vi zLngwTRjqW`CLJiwh`6shd+0;n#)?Pav0zYsM}Z%E$j*`}u1jGaBV%>~{TREZL;g^^ z>~eBVoQCEnk<1+`H6Jab7VJKwA)(E($7qdSUOz}7`k+2GC-KSbT`89RQHmu;T1spY zqkw-X#gXB^DMhT--Ge*gox)#}EwQX9#GG*y;z_v1FivH%9jE)3nat**)~Bj$+%aOhXnY-Xa_(faG0FO!~Hw48yBTnObas-4Xm zXS!jD1Tho%r~xlGO9oj)A33(VCEi}P{H9N!8na3KK2V_8rg*C$EQazR8e!Cg@9kBy ze6ZjHUUWb@ZX{u$T;FHiw!VDCto}pe)0h?qoddnfE^?N49cguHIIS7`vQHeJIQTE! z4(};ha+XcF8da$Zm}Xc8VLAmQIb_pyrKqm6U$z#FXEVDhk2Eagv6j2U0Akzf+KfB4Hr`ueVxY|HSN`chRNRxxA%BrVHbqtR!3i@w+J4oyp3c&Rnb(@Ir)d!`qdv}Egf&59XIpq_9+ z&B&f`6kFb%VPnRe=dzMb#Mif2{q=(j@WFWINV@E#G|2?u`ON?encc4h)D!s2piib3 zyhMa~8Y83|8!*!xHjlJH3p?LmQEaMCU^%C8H-;*_ulGK!OoJ~AV>b~5SLj#gSgaXh zY|pbC>kX7Yj)8DYnn@d}Xu+Y|(?*xWwOF+~sjU12wO{pGSM7z-0m*WXpmBsmM6mUj z0(U}vZm_)5Nn81aGBe}F5(x0)fb`3a=0`G|M(oYa!I%emNLKnq`dbU=PQh(FiSo>d zor2D-pBqomMy!BEXbHByAfw5;jEC}qGLNTjOr`I`PB_yPw3k{THqJ(2P^TTFR4g-_ z7-(zW?k850DutmGfgZMl96sG9Li14`M%ULDd`Y~N_|-2e2qv3N1uk3l)Pt@m4upB1kmtgHhhVVB8dgeS43I&r z__EOQH!8h=Cx12q`Iun!x>tvf>fiIo*sdTVe89e16(Ry)Jn|Wt+d=Fz$-vi(o&cO` zs9^RLMVn&l4asdf@)sY`XsBBU+U|yXVP0X#=FtSpAd&+WLGt$nS}cL9proq&TxurT zXfXox_)!HQf;V{3>8@(Bk6W{VfO1^Jz``(7fCNxC$ARMewK<|sc%Fbu)q;=%;ciLL z1R&f^UM!XpOzwkPAAJCyxB~)6XkbooRcG%3B*KmY$jyqufPd`TRp>hqIbS*Ll4Kx7 zLH*#qDx6D;%@4t(EeK&o{W6Qe4G5U-#M!4F_UAt95B44 zHW7s%p>XeALMOJ-8+n|L0GXZEO#Mg#8_^gDk8GpP^Uek;VATa{Ipj!IB!lLm3(^EC zk3uQZ($j`16L!TB&BO#wgH*&;*uOzDC(Xz9B(CthnBy<{Mwu^>-c|&GEH})KP|nJO zp?KYd0&-l5M1Rs#L9VMxbw;!+`5gb7vSzk-hg2h< ztlGLv|%;*k`uWoOJBYY?Lh@Ut3o?$JqM-g z**yfWaBNs=E|@rlJ9`UJo!aQFKCuSbruu!S#G^fj?df8O>s^-u;IVz5PwB?nyRRXrd2Qe zgVw0E#qPYCeXx3-3KvuJ%BQpPVy0P3O?D3OSFmfa=5Out6eCu0elW z745MRro}3(X8wt0z6%YjlzV1cLs{l41da`QB{uv}ZRR2=EeE-RKP&7XKXU#P90b)| zS|@LDc=*s~`Awz|Dp~6bR64l~H?;1S6wcM#c02L^8>XA+1AoSZ(RFBkjXy%Q^2&`yX!Oyx70WMNO_h6|pA9`y06vNFV!Z9@#mzcpv_o zQmf3X0PPL?W}kYC8`-(jn>e10LjG@aXPOc|BkP{O?rv}U1dZz~Hrs0kr_M&O=%a2c zhoJf*dJ?&)SFdJ~tbugR8}sMyNRMYtJsQ=_DM^mlkfO`kQhlc5`}#iaQJk$rDg9zk zr1**Zr{PWEU{a!g>xu1Kn@`;Q>50Lq{>Pq}CjKe@|FtIeU-23`GN3r-?G75!1-?5Y>W)|7hpQcKDu|B%9s+ z<7bDI*=RVa(BoZ;#&YsK+%h+&KgbQ{^*=geH=?_LS&rm(cX-fZpj9k5x9_gwx4*fL zRR3@t*_jx`Ft*{wenR6ghU|~`j5KQTzWouAp+FIt-1YNuNN|fRC~M`grSes}lktb8 zXzk}&ww+Zb6J6S3gBgeQP14bT!Calv%hv2e-hv4d*#dpt3e>M5T|765Bmqi=k}32I zBxB9WxdJR7$SRoxOcy@Z)#f4#9c3u9`HwE=|J`xS`@4=ry=1=m2PhuM^cN`p!u2;$ z+=~1UC{AF8KobE3#jCn)-8tS3$1%<(wHyn|7W`~g=&Kl3nwCoDi(z|OAaRq8_nRPx zqy_?H{k=(M-nn)bpFBX5-}-cegtvy~EYIK9kGrp!)vnvoe>IU z0C()Wf9E))q9Yt>BECPU)aiVFM7d|QRch-?cp@;CYdWn|GuV?&+nel6o5+xI`}I>8 zvl@|hanW7#N(lmb-AubT81EiJ$F8s5ALO@lR2u6?JzDl8PIO8uM(dP`nmxqT178A} zcFDtd(n~CB#wvIGL|QR7c)3bVfp)$odkRrqHz87_su5OdMLX-GD(`FgOA{vdH0&0D zh(h1j%tvwC#OcS-lov*6UqoAtv!eP51rI^{B1wJKQuv6sA8tp+?GwO+r{k~G= z@0-B|w+Ru`9CtdpioF8G<8JiPIE!@ze)YkEEH7l2kJk%1H4ftXj!VQHTMrjWiMKkI zz+XMG9@~@}IZ@y^G&mcc?U9Yl2W*-G?d49uz((t-rPyGI-2abFwO0z8Ui3^<)U_R80_$}eUn4hb*q zWmeLQJaj5P{hVcN7Bw!2!a$Y^k>=%vwom7ec%v0g12_8ts*XW#;ZMH0RN*dofxf4) z^vxHE+Sh(BHsuT1q7X1?>kL|ZZA2t!`KBxk=b`?H(hw*^cc&iM=Li%X``vTPwWsW} zyvE(QPy2d#2C>GRvCqdnt<|9Z9!)<%&gqK4*EtpH=~^6w!A6HceL~ozd%J*)IlnFr z+z{$9D@4d$Bmop)mV#N}87eh&h4b)QRet6pnmc$8mjZO4(jC96Z;M5|!y+`65t9Z) zv`qOL##-J8Kik@GRxHkSm+&~?>tY!T9_iOTy@ zLP(l+3Tg;`bspnPK#U6C8A$5^rUnYFO;!@xtBaw;P#m1k`Ob739{QOB-b`NrMDU$! zp_jcgaKr{GGh@WvryRpmfzR;caHu0eXUcs=u)&g`IPmk2+Kh%D8(Is$^HeV);&|{b zE!l+a-K7Q)1%S5mvIlKoP+e@yed*bhmos!2gyHjfMDuJ=0eB!hiqX)eXZUDfXzYA9i9%M! z)VdehZmr-@i0k-Fm%j;5x;0&x{^YQ%YmBJIns*V|>u~U4^EfajK0|9OR z14tgmO_1mPIoN_v;}F#`x7FV*aslUCTOVRjd)|IX^gMm5|H8ZZCI~nOTZd}twt>dj z7U+2y>;he9tmPVqaWs&rCu}iTmH2v5C^mqE=}(Vi`1<~aKYSU$z%g*l0tZGvmPgFo z7ZJmQlZKvTQeV}h{pk7H2}baZ)vMwLKGJr9wD2oHJL=r=Gp(!ptS}S|(7W${0=8Bh z4>s)@G-$tot%5Z`St^LYSUTjIYRu%;|0qeAzU`kd^@)$}D6WG8xyq-Cc>oq_#f*^8 zm;g`v&>*)*UExjj@}z_-LJ{?isp{B@0N-}R`!W0*zy%4w7jVy(47lHya)-ExeK4GW zKr$OxHJk#o)L5(I*v0K}zX}aJb0sotm)^1CJnBs!BD$ZmrulWOur?DD^$+3NrTs^^ z+NXyMiq)`)>|Fj9FcvL{HWW?FJDRl_gSU(QI|kml_Ktx+CHcSnB-VzBN&BfyPxtN@ zrAqf(KTXcn6i6{qGAq+@G1ycsUQ065*0uG%L~zT>b9Aa~{F$F__#1>^ai#@Yd2_@81tA?J{A&iH z1j$ut`%mdY{JjbW9xaW_WOU>(5bpS_JdMGLFKORc-7>eT%Z)3-{Jhco2|_L_OB$(* z@c!vr!bbh&TYgnxtOj!6{NsOd;I>|E^JI1v#R}({!0|*|=D!pva)1v0ICRZ{#_9hy zXHZ=CCm)9)e&8Can+RH!Jj3;>S1iwr-L(&Qjf=-Oc9)MgxI4||KGnRv_~~i6yLs4< zHtn1dDO@6*&0+756~P20SNg5{tXJa|X5thEMJ}F|wl&XoT^{@+YQr#SJX60NRf|Uyd^UIGC}V$?kcG$?@b5A;<&R7y z#TUazC%`!jw*|^nG)m=1q3#XL`wI3FXH>-gK%1%yp02w4BS@v7F0^BrOd0v zunF4+w4@c<((`|A4~IG~F8g(IJy5J^Ce|a&^Q6n;Etg8s{U;z?QLsBmkz9{%O^j$` zlYyQ7FCg5#;U7Ra+3vp;8Dn(Y8~J8%!)hvj`dsf2L!MReLOv3L!2QoS+-3k6hl^h1 zZMAfYCB8-RH_JmgbI*E+W{9MVcDAU70fM`DNRsmZgF5{LRHwfxN#v%}3YcYwkmO1y zi`v8q0}fdS|K@UHej_^px|{_-mot(z$e1Z_0(fmL>WGafByBJpMs(B`pPW65^gJbd zDD947IcFN4iFlEC8ivizG%K74;yEq2?@$K%`hq5`4d|nL z);#Ighi*f&RpKwcekvZ`XTbXP)sGpI&y-!3)hSLDMLD`f`^e$B)y3QT&XsnMo8>>M zQUmM1snV>_u@AN$SEi%aM<4o-DUwa_RYt;f63SRq>@sTI!cWv@{;IF^K04r2812=kP}x&c3W>UL!VhKK^CjHt&}Tn zWUKB$U1whKgD>F-3cU*X{-6HY8OMLSAFgqW_;7MVQm_9-ytMG9?YC>pz*A&ie_Cf5Ah_|$h^0B%zI5+ z2@Wc~PJ{VTpL!lrdQBJ6%mWVvPX+#C*)GL!Wx-n!CRiF-H8?ss4>g-=1tZ1qCffVP zE$pV|D@MpL#@F2%{^Dj{*nTza0>vcg>gWV|u5?YwOP)v+D z)Os;7sKPVjBCeNYt(i+`JH}VFM%=gTX$})4;_T6AsXL z83Z7-;6~)BtBwpDJwW?}#>e2Hlj06v!KPSz6b(?*CfQ?EE$;M(t!S|Jz(Jta?aq=V zkrqu86*cpJ{la)~WzRZ`6i$tPUh^<1iZJbK{(V5PwK7d`6+jGl0Qn8}bBjG0Hi3xv&Da3scbZ1_9{5Ntg%;9J#&6p}`~AePZ%rG zbU)Pzumqo6Wa8#?AH$Jqjs`u^C?J3W=G6~WN?abl*mig!2B0Do48V!Igrx<2ugKej z?~`db!~B|v%v0A8HjZND8UvqZ(1!dhzH}EbMKs|A`UAm}7gr*|Zt0!srWWAkiHB=$ zGa9QBf_~77M0o-T6nR}h-7n;4B7p7ED}qyZ`$)C~)*+&Rz3Df?1$D8(N3zYkaW}Ks zkQ5=|jvQxOX9c`N@wKN}UB*jeYxR@)|I*k?yF(#EHTX{e=fxUvF}Qk{zlL&l(P&*z!3^(lNu43(99nn((Qq1H#w^+ON3X6rq!#uTBfR;C+T*# zns&-ge>b9uC(vSSolj*}pfz)db5jk0s;jC8aanXVpQf$X+w=SeNKm~pC*8ojY#J~b zwC(*kXOG3=)rMEYmidRqyg@_q``h${cjNeTD;F4RPd?Y`D>yaaOi)JfSccjMwATW zr06Pg*i+S`{vBsbii-H-F1i!fkr&P&MA&W^PFI)pv&mhxEU5%!mTMl~Qu>;-3Au(Pa=dAY;DnxP= zJ0w;f(x3^=s*Jj2AC`ic3VNwa^<9367#ULqCOkAztvQc6xz|vC;|RELXmYQ|!t5D9 zY?;hVM3f+@(AN<0b+?BUZ`059(f(v-lIxL!scY+3!s2^!KEk@SRtjGegmhqqR|!k1 za>zeiSC-HBoxwCQ;?}N~WmNrq-=O+_MrjBIBpF2~B&u0YcS+pJi^wg-eB}P#+e3Ws z?XmA3)d)#IvqGIg4YZT*#P|qcg5w1Ep;a%ZuCO7BwO5JhG>HHN=wAUfn4ay0 zKDC@l@`Q)$C%fM*J?}0e+xigQcaA2ipV{7_;p`s>I6PWC!_T7Ywn-|DG9z4yq5`!C z7Ni|^r*r01+Dlc+CqGACBLDJeqY586&L%9#^@^BSJei{uMKZ+SteIDH)_k` zlqgX!|7@!#%suqO6X%)!v)4Tjf$MlxJ*x+V)?rVI}rhHnnrI4Kq=3CT+1$RH%4yLA4RL8!c_49GI}DvkJ3OWr%gLJW=Iv)&1^*5ZkXX{SJJoaBky9tw_H3L`l~p$Q@BNrO&Cdz@0;{26f~ z^mGfJcU9CG$3vib=nk;tL+#i0`((*_fy`)w;&+x)1Rp6xV@Oc^9&nDMFz315&g38w zQdg7>*m|^l`>XXx%?{?KxLVldtHp_;K1ZX=vk`L0CZi?1GtzIJ5y-Wrbs z0(p$!hj24#HD#zLSY*GWqN9V*(;)~`nBmt5(XbyGRli#c*$Oj`>K1BL5q)s{_N&)% zyVUa)06i4|0KeJmzu8$ooIrD!VssNe^en(0VUc^&UXpawTlfs(3U%loaHx-244dcU zBp!Ia2E75&tTF3AX3u!F;c2-p0K3sPi?RfI`74N$5Mvhz0DKfa4Z+VNfZl1JAM(1g zR(aW!MSj)`^r;EvyaH%vDA$%{Unmy5unmO+#QHF81S(= z27P9Y)LUlDxD0M>%y79P57AKPnct8r)3Y9=3Bw<-cD>i1GVteB-BrO^F6QErnLQzx z9YT)Ar5<&3WGcVA_ZO8q#_+9r%$9Qw^vywg3u;5o-Ji_3(38m^YJY@AgE=^ z^{e7GT2`E8c@#NaF$Y^qGe=*yA51vrEOglC+@33pYOpZxr5VPwoN%BzwrCNd{is%}1HsrbFu93wDpSm# zhGS3e Zl!S0)ve=3sDNF*Cjx~htl>Hj|13M8z9g?1*f!H&Qv!z*gTAH(;S%0W(} zUOq0PS!k~|^XnQ~a(&=lp{O^qG#DWDL-=q)LCug^N~qlPSMUK+&V@jsjFl}n)fLnnJaOIAj zsU+H9^b;cO&4Su7!ekkC5I+f_d~RYqS7F+l(&hky%Z09~+#j#7fSj;5f?Q~>a48vQ z6*sALiUu!@529m$zVzNgT zq3IL9;f`JbE4RK>EK^LV`Q2p#K!dQFn$9dgs^EP3W5sNUreXQsbwY0zsb``|O94r> zX^W^Sy|HHGa8w9zB4UI3=eldOj+JYH?t&OqG%4ZO-%3B%C5br(>|$#_k1O|8U?Z36 z>^0Sl;=ekpckMAx(jXW%_FC)QS?df7k6%7BFgBvztYPs4B&;=w1uI|TkYFu#^N6u4No9tYS}u2foJ6mX=3OM$ zcs;78qEM~Ufb(ZrBKiWjEJ1NILfq~AYsuJeF78HduDNAyj_RagdgxzC$kL$qT{J|N zQsTE?IMU*F*Ay$nUC0?R6YkF@WL=6G2q3w=|^ z;rp{_o&F^NZ=O{!G*^hQ^v+fqg)rN7FW4vkYaeypUHMG@&&Y(|;9%Hz-JB|-YBkGUn zSzOdS_A^LV?*f(QzY5fn3@hNeL_%~Es-*e*Bw8fV-}GrqRff~bAAM@4`44?MUraNW z*%fW~o9Y@(M3+mHcyx|vFBH;JR4-Uu6&w{Nn1F4kX1tafk1Xx~s8841{yCER%b1b0 z-eoTUvQgSrVO;t}fina$Uc@%|3A96A+DCiaq8O0_r&HT?8n$*kTAPCDoR@i^u zlo$lsh@n^iVk0vCn~ew$v=M2Otp0}HLw)2Np z-qhs!1Qe(KKykXpjm8N1N1XPAbQlLPA^(g|h!T4;%cbNbyIXoi5;-3Gq6zamLt=cA z@(~#c&zd8eSh53Ern-@)gdsnV!{Vy>d_rWtu1aK{n}q}k`Cfs)JUS@gYyL1|>&6x8>1t}JASdHxXoH(BHLuDh1#4V~qu zlquA$uO8{#b*yh~u?6936RKX55}fR#jk&?+YMcAz9fRKzahWH-9Z;24Rdb>JX)Md#{wXY{+=W&Af|=YvqAjoZ z&RM?imZu7n5vvZf;)A-p=eF3Q!giJNohR|Ig{G57wV{Ic96n_O`*T}T z-t7WO;csQxY8kPGv`AV;l!aD4Rj&wR$KM~z zV7Gi(^+f|{oA-Yptj6PdUsPY;K36bIjMt18bAn;%raCyh`T0EkIzoR~7dm!$%atFm zoi^i4kS-(bQhBbTC_k7}-y5i!RM~6L?bq_sQhwqNuJsMw6tj)?kIT@kRIYW_%59}h z%aOaxS0N9bzmr`gz*5T{!5|!IquTxfPJw)A}3pdkRSC!_2WB z^Fmm3T%EvSF!{%wg9Njt_CLqi-eAWy7NQF`4A%#%N8Dok6>~*b%SLJDIN5r)0;(hj4V252?lOerGpXX$nj?(1jP|soQQf>VFnZI{N zvk`OYxVKInRdKA@Shbv1s=FGdP_0H}gvC~;rxZ3Y^!O0>yF(62gCUm&Qf^~CBs?1i zPvY>bsw(P+hMLlCE_WI2@ABz>bsWo z6wu=+P!>gvz&2y?m*sohd5rjq8cpeq>a4RPl*jdpVD~HC81}d*^me5VEQe}WuiD^+qu1p9WGesq8&A?BZCSJqdZxWJwC~)e5 zlB+_XG2qxVcdUlwJ(6p|pL?1RiLE>Ym92MQ-?B{f{|CPJx?@EK3h@1qF32a&zcvd6qb+rOHA#hty||o&Z)#S*8an~9H+y9#=x?82Q4aRW>KnVK^zLPJ zpe8$Ux3ugWEy{zM^wv?rGwmKHW>UBEvTsu>KA+mozKr~7a{8=wt9jo(9F-_ND{s}p z(A1XlsV@nA^rT1e@>J-Q#tNvLs}WPftsjZK2bp_U<^~bRocNSRd^Qs4eu&GxbrNKhzBMO77z5CH30f}!XuSl1mq0mD-#Q91 z3$~7etfzGploW0q1tq0#8=Z9>1*x}p>wI&*aNph;`8yenQYSDz>uRnx8s%Pinkq%3 zjMi{86&a|lqbXjxbu{^9TSrstXlflz8Krk78pU)82fOt*72>${H~G(f_ctY@Qosv2 zKU$|#tYGVO%6eL-Q%T|0=~Pnsw$WMF>6G1f>obT|+F74Lwdj;}oCX`X{<3u%v`z!@ zv`z!iIt^Noq8dQfVCrnFU+NLDthc4oV8Qj)RiYw~fxaj)T!obst1EIeAN%Sa;*XXc`0PB|6-@SwXC0?8#dWDDr!$t8uS z@`93FIEP%MXn9QpT&xTzRWJjcx#>5p{|+eB`!26f-D9LIIj6_S#2}tvolzdaL@6l- z6O$@dtQHgUIkHceltH@^BdX8uI1bL_V8F zq*D^XT46!aFGm$JI>A@un@w9hEB4)?yXel2rhdI(;d1upCAkXP8wsKj%i65lljb{&KdiZ-C)a1Ry*aIdxmjrz1Zw!67ND62tU zUi)uUFAg@n+Xdn7EeLt6d|L}b880=v9Mll1ht-ACVe`T%xA#^mr3y7Am11wA-B4u) z%D{!xj@e9xt!S8B?WdL#O~@wxP0MZ4LB@rMwo5eZ(|QsNEqfYhRd+olZfy`?bG>bY%4g}?f!ST`wI@hJGrfa@Eja~U(@bO%@d*D+SB3p)7jIf zhA|i%9ht+~XfPU0XT$OLhezK(Ju(cn%4N7oE#t^;9(?(-48_?cTx2?K;^!xq((cz)^Z@=G9{neP6rzjj~A!QGLEGbEY;9h;yhSErs&^&Z6f)PkH> zANZw+n<_++2@T!tnL1reiSC*-td}h6M<~1qOTLUc&>iGQbR2`r!GjBg&13K`V7mu4 zWI9*cjvoNA!FUY5e5nEog}Q4j!ghF100^Co9*Y^dW@FKG-o2S!?Wr{XDReK90sS(y zWkAXN9}b`P6Z3y~*zdRVe;ZGQ`Jb8^k{jOo+(4l<^Z!oH;r#v> zYbbk?2h8Zll|&&x`{F1{19* zrehyLk9r@V1$7F0T)=^^;17>5UtosF`IrVph{FJqecqDeBFtt$`v=v)Udh;1w0Gj2 zLTt(tIK1(F;1HK(3u?(kJzhY7ej`m2pRr4rH?S3gTH&#dg0AxFDvJUC>F8{64739q zG8Y+Cdr%D`S^R_CzCn0SgZ5G%jyZEN#{zqd{71K~`YneHchr$=pIFbzp>@-6x=9Et z0q16dmAl41xNW(4U!KDCKbo%xx@n4?VcmLeL6`YlbV~3H&C9HUlJ$RZcsNX~|404d zVY~is6kMrC0}nu#q6w z$5<9~eg)H`Lx>Gk|M+HBnib{0tz&%--G=1Orjnw0lP|&XN#&LS*awyTm0V!Tal{)6 z95dnS728v&CR!hH(fZ{}*5Cq{${Op~qo@rl<~6Ll0z8tWs4DFrMbiHJgi9_lP=!j; zujzN>i~G{j+5ISvxWJLhACZV9w(cg|mnGtjCS6b#g>l9#pF6w8ZQ|$suUkuHS zT7XK+>)L*CK5VVN?5C>yH!P1b=(@y$O~-!>j`~Nb_>ZT9R{n3}sVD#E7Mbc+&z`z@;{0&Oa?5yAaG>eL96En7PCT3&tFJd~h&FY~f9X0isNL z<SbPsG#(nn05Fdm8)jnnBF*C7aQ381UuqJzWNf1wX)<&~SZGRDhocfzL->9vi_1^`@Vp5d_l3LNA{i;*{TmT8<=zKWMC( zcVYJr*77MOL(#rn?R@i3Rr&9)gqt}3F&d@ze+EbWR{!71v$FpuV2H#ikw?Br5Zf2W zCrUK%ewBb=MT&J|2_KW~pAna-TRmx^BqD;reo)UP9)o8toS|!8k85ug+zD!}pe09V z3!2k+fE8KhEAY>}#Jk^DoJ*&=qfe2A7=pC-{Oq;AkkZ~SI?d2g4=x8&$n=4hTz7Lz z@&zo|uuv;R>Ts+iHU)Tcm3S>jqb$$)KCxir`syC9tR@QlS>b{ea-6$=di_u`0!#7`3A@mtdE(m2lnU!5y{6OBL1*gM{>`uA-wygTyL)c?*GIwtg^e>k$DGFYbn4aX__ ze>fht`rkI5mGwU+IN|jzX@Ro$0wpjGo+_HQtP#cmDb)*0RJ8hfS-k%>w6pw%s_1An z-50X6{khKImA>40jVz9vih5aQr6#nqc*C`IwA||VQ&Uq!$v2{?)g5saE~}xfr7N~N z+pRq{^*;x?E_5tp=rufnCHmjtaFpEtA03Tb|KC=gmG!?sszCRH&k*I#!i>U!3MDoW zau%ed1}2-3VnfmADtiVMFycN!A52-X*n<(Zky6{@G4GjMTb1?SM~TR*)HGbj*(H{n zFeX1(uTU2}5=y&=8L|S(`0>ke{Szob-D`O=rB+wPn<=}DEy5)#b5J8((h6dzSEdVJ zR?&9CsVk(^NWr&eV0A?0*bGq=-Jnz$Ri9ZfuVp3FI>VoG zfyNf9zllEh`_L#1xuKU`@CC7TgyV`@T#tlEA-*KkJ*cnY?@gqs?#`n_BX)<*{oj)Vu{FL&{-^+)r^yZ zHUW()XKQtmHbpWgdg5F}tMG68sjC0uIl|X|Tz1_cfO7pmmH%x#X!E~q<;hfBWzhUv z-O12i6`3x1LIiF4oN@2BUf1xSR`QsJxaO$saikuDuloWSTp@<;#BqrsLQ_5-Q~YM2bn*}Ow{la zVn(C9%RWd3!5A8HWP|?j@CQHHt@saDY{D7=J^cP4GyI-xWWyd?I*|SlsJ~=Bk#`XT zk!ucN@c6e!BBilK4BZ0U;$u4V=3vI&SL^n;BzxRK76uSJ!A0DI(>^4YhF5r?*{v;Tl*h}%><3Yb~1B7*hp-Xr&FoCUKPbm5m zo(%f)5FK3mg07NW+d`B<9CiJDKN>Coy205o;yVF<_;vm#a$=*yKg7OGY=kEk#B;U) zgNwvBgV@eQj0g-9p9HJO-wa-}1IOYFqB}yZ5n<_{^-G-^E^=7x_4U5;K~yy;jhC=3 z`9Ud&Y<&(7K09#k|2ao9|1Ss66R=(C?lNzNLYl=`p^0YKd9;YsW+X>kj0?u^QvH} z1+!y=Q%VtRKy~uRKS%E#U+OM6dw%}Qt|>FmGk=7IhuWS@cb(>$XCO2zs~>sN-yX9|9^h9 zox`tWKL1MQmtU{o)b2d$Bogw&YX`Z(EcKsfajuE%gW#_lf9<$!z35wcs_Op^F<&6+ zdg3;LpFML9S!FYz?EJ@goXr1zI2gA1zqazMe*QayAz*ewcZXQWSSDf^&eHXpKL&Ci zjFG?}S#TUZgA_Kx&o6ak32j4+MST-XZ(O^jz+M3*JH(l->DQmIo`5X&t`=+=t;M0M zl092BY9rO#f3YSH?!+O#f~SW3_lwj&15zUYhlAApAH&0^?foBHc~+MHN`7q@#k+nxnG31O-Mc1JBZ1-_Gl!UO<&o!?Q38LZhm7w9nVde8 zsQ@JEJa{7sm;9apENCWmfk6hbqq_|hXwwx-b4963j?xk>Zh%AS5c6Dj=a9WgY^x?d zB=H%mR0?0v8x^Pa-yj<)n{3KUiQtSNz99S)M`KZm1X z8~?wRCtrKdG3H9{^of#FwbtBjZ7l_>v`Dgy@Z86Pl5#nnnl(QNFK8uN#mmCoOB=|z z_Qj$wmMK;NHXQ=7zczy;^un6FszMhz^ON@$#m1oi5LijxVg%AR85K8>IGz%Mp|gd2 zdknP7(8L?l^7KED2*S&4KP&?hnN(#Pzx`ft0Z{=bIY{nV$!%+Y^2A@(%(a(jF`83_ zcO>OED7K0uU{jsK*ZgOK#pseUXixluK@%6w5oPXD@>Y&VB%_m_3mrnagkH-2E;Fc7 z)&|q(rM{i4dUT=tUYCVltHZEjzH(U!40z3;8#8VIh`+1H2#NOA=7Z?xOSNS_<4-N9 z`*uk|sbipNnWAx}KC5(BiHgO2Xe;5$4{$C*R9=x4u$0$SX-AdtQ_%Wq$O#zplWWDf z{F7@*pqNvK!FfBq2pS)4IbNY;>W^yY{NoV%Td2Vec6?r4mp9b!R2PTI#Vfwv#Gp}t zSyesl)mJ!jNpAvartBUM`##aFr6EoqMQQy=P*s-<>&ZRoK zN1<79z_M^m5>&-icveLkAY}dqUP9{_RI4474{N^?0Z}!o%L;yd5y$g}7>VmG3mS-O z__IdL_~)jL@bk0R6K>I9q{YeMVs+=6=6s>w35`l)GbfgS#glk@2jFFv%%F? zOFwaCz@}jy%R191YNcTAxR622s_T?t`7rl#&5`-lKcYWj0s{W3E)=4f>@3igVYJw6Ot$mPPyuoyuo zvky-6yBdFMbvmfcrSzt(K2wF(AyK-=Y+6-Y>UK{I07Hh3%}r z6v@VZbrFLqRN}=dV9A!&hl@hPa}isf63pN=3zu#6W$ooV)?x#=^KV4U;NQ$oHSw9* zdI8U7_qj5+dRE4mRv${n2y!-5sEXIour#sFG*wPwWC=aB#H&jk6R z<_u6;S)co5(2Uqjjbx^h`>URe4q93tu0K2&Y%_>I>%k&xm-y6`izy37^&B(wd^STE zv1OGVo}j4QEb@QV+5c1;sI|2e)GNb2{9}cIYYW{q!;Bhdcsa^sjA@hZ`%-Cq-UOGeN_D_$+ubH0F37p`U&TvCk;XVe zx$!^E4Y{|rLRlYE=;p@R2>g>od06(!L$NnQ;Q=Z`p zqN9&b!V3c8X;uI2O`%_?_fHg-4``5T>HQ^iU1UN<_EKnzz-HUgT?n+Fz@Rr6_xk&N zEen#Ho5Ve?kL6+h$G^wo=@Mn4EUb@zPsWY}aVerHGuSB*ts=)$He|1}stP00WL(@}f>_g0=Q%m2JoP#=9g@JxK)?fby9_Gp4(Kd*U+ zx1f4~6J_00QjUu*kp<__JO(q}qI?zkJNV%53j;=g8|~&O$&kD*QX8$dE zJhgOW^REj+**kd!MuboP^7Ywi{KeVp7tssX!_Vm_3jJN!zk@UA+K5rW7BF(v3p#pO z(n8Q7L_P&N1y|6rdZGbtq#lFEA9%CR@$#_<3wwjGcO7&fC@kkR&?yzpKi(N8CU4Az zz@rGy!E?uX?%Ko!uFe)5goTd5$Csk5{JuQLv7ikx(=Fe&RExg#C= z;1zMF$P{}acrJhvW1aJcdf_g*jqovuHqdST`WPII$D{EB0A^GwWLxdjg}V73TgwlG zuvf@}@>p;{;{yL_Qik@##Db1{!r#nt<-p-*S9sbck`*L{|SfHLF_occvVFy zEYbhQPe)1pZ`?mRZ1ulwJbZ2*JbCa>h@q=9Xo8tbZ16Zu=*Lou$?prs9D00k;ObYs zIbsWM>QU(OB?e+962d4t32}JS#63tTD+hjv=YGF8IIwk$W{@(K>GmTId+>q)Oc*d0 zB5@qT`;Mg>@F94O0dY;as`(!oUzBFZf?$SR%7jP-Gr}bnm&z8x7sn5R5lHBhARENC zJ&f4$U;!IxOB~19CR1Z$l@!##SHN5k8{lXp{zUdiZ#F~MK->2N9d9>B zQ*()#V(eRVp>I~fs{7xux^?qE3yG7(xeWR-p~vZWsbpfrKk*PdW{W& zeM2UQ`d2{@^;}4)$a`}x&5;?Jdom;vkeN`H5vEMX2Bg6YwKL#vKY;)H@`eBJ=H`(^ zci>(W@A&_O;XypcTcJyA1e!OzcHCnie2|k%fy6yc!ZBIsbfI-)c$g@kzI-Or6Ya~F zv_QGJ(YhfQ%Oa69xVh18I^gI3aQP}g?0^IC{$2FzpC8_TI-9(C`RaVHBUyjqLb0;# z+4}Wf#JrP0v`sh>CqY_)2rgBOmci8ZuUW95dlHvuHytotf<0ck3qF%+H=55~5Y_5* zf##1v>jLf3fd4CIVHaq7y(b;510J4$fsgkYagV{+&Pk0*;U(mj#W65k#E_v|`3(0; zM;0_cK#S;RC03I~g$b%O^Oz?1Z=q8#6KxC6Lcm}k;IIgN0h1l1$~eRfKE@d?i>WM~ zvWY8zn@~?&p)&KVHP{TCoP;K&!1thEj_@np#R$*y@%snk|L!A@$W%A+3s3wu)IKPy2_d{GWrTPh0zM8&8h?#|d52;^S5J5fT4AuysBM z4qgz$6AnCavl4Ok=N>YlC^DLe`4D&!S`+VHn0TDB3ZRj}0k0k6a`DdlddbCzzqiC~ zjU6+5_#j$S=boB6oVdBh4gcutJTJ%eVjZQ@_zK5-y)Clq2f;VQQ0LONlD=~fE1-$wTD zoeua3^n3k*(p>~;^w&>uZFjV)b;0|7jVYhn27;LR)ZYZE#J-d*egHA;F zAHm+9pkr1IrQCPC)&UrH8bjqf@3~Yow25Aqx z5|;#G2E@5uA!}`Y38oO}fTFqZ*u?lb4D9WK1)48_KluS)%&@WS0^$NQyuOKY9+Xy~ zL2QR$ajz^_Yv_V_mdQIp_!3fv=3FaH&=6s+iBPz=7Z-#oZRKDm{$M8*LYyOZIvlqC z6Mf2M)T(WCejAMK=TjidAaFY91N78IB z$=r2}30Fag88MyjRv}o72dI;^WE$r$e}jG>JP{I6tTv+Ga7ts-f@U_Ex#kxN+!o?p^8@%>+NXdPu`I(VQgh&6#(x9^|g{&>#14q=3OD4~Q!eqaIbkkx#69yRY~l03ngp$} ze4M$&Ayl`vtKd3*uOKiqQ#$UbALzIZkS`*QKS_iB=|nC^c@lXr7J6b_vJTeO6JOCK zHeUE!S{p(9vuA7p9OxQQa4489u>s7WM zKMwoDHvh|3o}BoP7@^zH|28gU&A1SspLQ+8J;vs3$j3bm`G`?j;65w%Lo#~xu#ZAp zfGsj~OVvsTOmr8;fh4qgx%Uw6;*0I*(237A^WaPLk}KGQW@3PU)tRv{$-EjSf^*(F zmi2)Rb0tmX?4Sh#3n_1(1*Wj1TvP$CfdK#`)}0r0w1tbV?Zo6AW9s;J!We z^#6OtTwDI3td2;mskkGB}-|GHr>i!qs(_Pd1L-uZU{(GwP zhZIih`%yftaJPnuaVCc2O+2pChECSV#Vv4eL8f)(%^MF-G_4yY)tT^K`8ze*BIJcY zxpJXFT=Q6AsnX7msb^0(oGIX=sy4KVyYy>MmkiQ+Ag=&zx=Rjd4957rM7)bGaELjP z$4uh@#RJVZMxd~d+`&!)2q*D2RwY>q9SXt|!S#G3qWh?;AiQ=GY(xYUNRXS01P1qQ z$XsO5*y+Y6;&5XatgnOtB@g;K#Owwafp%h$iFr1$;Ee4#3!QSvLtuH&9-WByU&OyB ze`)`3?+l6@o?kzBnA@41M>4j0P=y2n-?gz(ixXGEJtsV0w_3zUs3^g@iskr0_t-cK zJ}I;zSJ)5P&%%8di0>1wOPpvQNQJ~nxf?Vkm@Uuf4+@Dm!ed}U$0AERI{Y0l zjE$}l78D6;tj_@}5&4An z(j6q@9jm&6O80+{M#=ndqfxv6yOk%;|C2%J))mycg6g<}c(vya`Y2f_nMyj#Q6wu! zp4&N>QO1mDy+`-edz3-!JV#RbIi9egz-*exQ?UrfLYuX)TJVp9{F`-*?pfv~9-5K_#FjCy#5feTS zBExo3`!Ajktub()je%m?=LVH>o_>Mog}({&%CoFWF_kaiCCWOUWQOl$6e*dByH@st z^m;3&u8o?!LY5_>Cq2tj&rf4`&A{*wEQsgQ_|c}vdmM;k{?B9Ta zDTf>vn#f=i3t_0c+4b~G9a+b}9W8$Eg3*x(gdHAsz>lEcd8~%Fj#dqCy?0dE9#KYp zTcJt@QEDCOYmJKAej3pKrG;5w0F>$fM}u)v|34hH`u|p*I{JTt(5(T`8UT$O03QM# zyAu{bVn(zkz_(-qB#2)cXeu-+!|@Wqi?+QJ1MB$kWa|+jjFr|uSK^oyJNP6X; z$C3a@%+*FtW?T8_N&~@M9a9^zMxcl{Rt1cjyd(D#etmuZ%ll8~V9#*8F5qSSOK3u9 z^|c|?E=H`R^d=_n|YH1&ED>a`V4|{$8iiN%Oyg2WsUH-Wlgk{!6fl; zt47cY`ad-m(DbaP;(rGH!Qo*l{%6qY|66&A^#25*TYbOP_Z!gnKL%V?eoshPbcZhs z$(kvx9dMuRfCRBuj|&PLn!q8P_`eXI`+*qCiH!`GWF$eZUYAuV z4^)Z&Z}>F1|35r@+COalf7^Hp{C_b*x6Z%T`PYE+Px91r!BPRxj{*+)7nyR@tmTdi z+S0<-qY6#5AAOE`NM7u|ZXarUQ7=)*V66S}##QHGXBWdNVuGgio!(>LX^hgU<1_)Z zIs?L!!#6kaC|)(GYvr`PY9(<`tcj@ZI8b+kwJ&0MKSwVwVvtMdE_-2nu7{_DTueOI z66}*B_C%pit_5yx1kn2&75nPw%m{F4VEEUN`WN?d+aM)hZf>-0$knn)BpkST5XcR7~ z*Ok%hm%lCa@pU63kp;SkwMb5l^;uIOfg0;vO?O5L;*+MtW%H+!RCT&!zi3C$`W$vj$!KN0hM;@i( ztx|}?;b+;Zw4@}GzHN*Qk$(E#w~l&#vdoV%*I*%CtQwah_~mbt3KnElkZ(b@L5yQ! z!k59^%R}xvrBG!ItCemG&3tr$WGTaS>>ON^7>}Vc8gpetDrmYTG)B|1iV+ZZV{F3& zD3&03Tz!@*x&ldps<%&?z@JowM5-Ta%Qo7|8!fB*{~f35EfB^2|KZ^1C>j5IIC^^2 z`v14_RPg^hP8<5$djD&u{>xPSt8EWB4h`MjQo_Geo!{BsNyiBbQ3>)c`??*cjS~JA zJl&3ypB#kG_cLOix;kCFA;bytRFvvTGBL!O871~opTj)wVWAE{6u8{7m05YhD&ain z4QE>N20Xx!4JkMPV_+lfF-RMVqd>41NOftM?Ywb-662ct_X=sGG|zG6dJPrx1#(<8*)t z-sg+wQs&_nmzrAy&-rS*&@s@lNIKFiWier{GV1VbV8-nsxi=uJMb<6|E>H-rPxyo{ zFuB6oO{Y;3zX)^c`>Gcr_${Kg&WuGRnnw-z_gjiv|1z(hufhpYj{k@uOakRygaWFr z)U6OUk-@El=vGGs6wX8b&Gu7I{^Sh^wi2#l6HNKK(Hz%AfJbPsP)?z@VUWy;YI=nefEa-Y?WS_!8D=yM14>qw%XR>6~Wm*Mh`|Gp< zdd-D8gH^V=Qmg&%@=~qP_mgAl400Pn(DJ>u5BOcofi^)E@IUzbCAp%k? zX6x6%ISR1n!b{{k#T16f<3hu8UA~kCwVGo=06c6#N-F>%N7^_H>h*I^!oLf#(!BZ- zn~N3JEQt%VX&f}6Mh6#^@d-&h_K|tUMWs3U9$QOgGR8eE|KPd?m+dB`$b}|2BPQkV z!v0oNyMt@XqFJoF5CkzOrtmWh4WUUbI_T7uIHC%Uaun#GM!*SD0c%=!IVkDXM}E+I zh@~|l08hZ6-v>YPe>cF1?+6Pbg3L;s_&ARXH_UZ>(Fk$cd%OXL!-UZUDk?JEhDfh4 zUl|0!BGfeVC7oTX=30*N+*?HN2G6-NGc>qbKo@ceyNp=Ta~wjs=|_06jWDE*Xf{I@ ziaoW~E|LG#CHP-t>Sx=oM0dZ+YBV)mf8V5$BGm$UR;HXl zhi=1S(h&@W2X8|J{7j}sa=gmy<1h+$T~ugYl{erB(X^b>)H4hS&Gjep3cD6XobXCG z4Yth%zN=zm^q#4sO43>qL>9S4YHa2_{mSuQ!ByZ5yV-z2Qc zCGF|iClK@s{5v@1hM}-+`7Aa>+kg>ENN16gT_{7I+o;LncqBQhlmkTMz7F_S=x4_n zp;p0wf=flINR`cJGCiiA-N|&T1!=YY1nHg~Wb9Up{}g$lWisyU8vBDzn6A69O`(5P zaHZvH!*8M87%$k+Chl@a*ntDHF?Nt6^^@M0azs%4Ews-G(=AzVHMYp?Xd8^O9ib6L zKi`IA5VQ{f`@_F*$ub+;T7W;RI(RAY>uY_$2 z;xx!2qCFVLMT$iR;-0@1n8c&djBla=G{-`(SJD-JCR14Wyh4B0rG_Mx>^SCk(u&{B?4qU<`3~(*RzMm7>pY*O`;AF*)^F=&X zvZ-AT!||fgE+SOsFdmm32y?rV!o6q^LZzJ1iQg17Ck}KG32%#u5BK4TrgcG(GjqBG zd-3lgoZSB_L~Xt-D}W~s#Tq^S1cu{PS+|~_aAp4=WyICzu*wn8lKUTz4xc_v`u_%P z{>SY+<^DgP(5?5c_5L;H{rf0+>Yg9+^k+`%J-q+kL!Z=zzQZ%lqLfR>|0b4a!%tjK zJXHg=%2dkp1q8`ffMMy#h9*}t(t2E2_)-)WWn=1JZTp7A;t>_qHsc`ZKfug|O?sx1 z;}JJV8gUdB*f17k6IoI0>MDm`RAV$q542{SV5&1icXR`>Wg~t42u3jlah;IBBul;W zEbBFXMLhR~zND2n^Jkqx6A%nsXz)oyb=%=8epf`N-ZsyM2Xq+Wih%_@C%8j@Mm!go z`jYm*sf?tn!`_I3kcBqL=6r=gn1gCY1j*s^WQg{Ld0yrE&GUT+{0Ii)@TZQ=@NdV3 zCNkK>LKy1q-lm5B+tK3pE;s~Fz>xnlI_md1Q2m-7s_K*RrRx&6+9c%5L&Q2j4!wMW z#Sgd1aF>i)3!N(dfXy*GR0piY;v~z(Pkjf+wq<#Dp1%c04RI?97O(gtrIzDH=Rj!u!w6ts^umu{#?aCnDHH#mAb%A}5-_ ziPn{MPc-IwP-eDlEacpm4z*6*pNm5~T$1IU9x~Bv23=vPLR-fS8Q@a(Bn}n*J7f?M za85A9j0T5-8q|ILJ~NNO%g7Y*uh>GGBSl~fOp1fAx*=0uNpL4q4_W4f8;hKP5B~}; zFZk+TcA(vKwWukrt34WMi8p(fzxDT@{r;pE`%kC$MC)`q;3qI>inym1f|%8?a1^>c zKYI=2wE@5o&16hF^$<|{m_e`&9Ts^U_zGMEu~BOqUm7h-ovwJ1-qCb?#u zk9$IzUQl~N4Oe&IL=-DYikHti+>q`yM_dcCb3)$gczH(5>g2Vu4uGaeCDIxCM>`8o zmUe+*5em6k!4?o$$VQAW41+YD@VJWFQ7WNxQe5LXV2IIIM6kqxE&Pu7l(30=3?K!AT>Kj&Lwn} zW1ZzeQ_WsvV6RqES_Dt(iZyJp3;fZFE zxz^=~c=(t0|MvdB<2SEAo`3!I`T6ND@?Y`$?8E#2`OnwW_wU}lJU#C`l6(^5k97|8 zw)}A)`QxxIf8;x{pP#*!%X4M^PSq`*1#&Z9<0)V&NXUDdf!Oes1&~?iZ&y>(?t|PxFHe0MeY%* zb}$@O#tY%zEOQli74cr}oFKa>Pg?G~o7^{UO!7$w!YOnanu#o#FRvXWvpH7d#K3o8 zL`?wC&k3Y^Y{B(e@zS>+!!i4=0_1YWMHpC+Qt9=5+Uv_Wl%|~k3XCv0O#dpQkX*ix zN2xN2>P&pqJBOIyC(swWPiYNyuixtrx?v)Baq7c@9gyUfYTZvg;{xU}QwRJAj{1k+ zhv{$b3406=dwsDj&@#yS4D$WaVFmukx@+sUx9b~!>cxMEb9xxEE8<>My!@;D{Kw(= z=}{v7WAwB?ZsR|;@#MsRsDy4qKibfbHA6pqPTIAI50%T?V2^tm?4c4lH_qdo{QdzN z5M9=Zx%Ddogc)>ax&eWfaf!(#QfxvE(1jF8uIw(bU7>QfIH63*1PT)B zi4VX8x^C=NtoV8St{lL_zqCup7QOGZo8N}^@2UHchAUcRJ_^rW9a9_C+1FhQ`ONR{ z_OKs7aLec?CiD^cI>6&AOLr`KSJ!>2_59}R}Xr2an`wejCud5ZLZPUu$oZwY=sxH) z?Nj}!umAO;<+)-X#rofHI2etR`roM4|F-iK=zo&XtpeC8fOQl=&N(mrWu*tPKDD4( z=o%*GPHKk|yjDHD$LgUZaauo&PDq#g;x&4`&?)c*E|M~k7Fg}sXDO} ze*8Gru&rNboZkv7<{!c60?i?&)&=6sR`_GD_oSnBBFL0P7V@V2B%spk73OYsh#3bx z0k0BX6rDyBC=dsblzt7zi{G3nao~92)_ks$Gs^MtgzL4b%l-ugCl;K^WX+vqCq=^v z%cf|SnNm15_yM;UF6VoZ_qNh-x;8Q4iH1xIYB#?PlxWbP>*KI7k0A?D!OF+_<$Pf0 zVc&;E#lM1vwISRf1@iG;3jtNC`9sL4lO(Zxl<+k}w{&+eKh<>RD1zYrBt#-6C2t^M zPGpPd=Aa}8a*Zt5kt~WBL1&&HA0s-;pWNzP&X~sepl)UAW}u^pv@v0~3N{8HgIrMx z>sKy>1sSZtcR;Ohsv8SvRxkgvH=9A1R!WiGNT%%s6jO8r!Kl_ub>;(Db?zsj^vFC6MU5>aBW)zDj$+&eaSvBVb*e6Oq`*NQ73 zwpa!iz*I1V%1h=Z2a&n*XZKR91k@eW0FL}D=jvpSG`UNgn*bAM?#vO+b>RuCTx~xV}`F^4vB?(FjdMFL(`xY*@htm9aG^e`)yAhQ05; zx>K|F-B-&0x#a&`i+@dfU&P(yo6(}%ggrPxMe-@%j^5^IZezAaRIZ4%A`)LgG+!`i zZkyJT9k&TmZ*){UK=V4-v-Rsl(w8{IT_91=0ecdYGh{)TRc%7ipTTlIqvEQbzchHw zejAPsfB!mV?u>rDp3$#=&Zx3*Ni|MwMyv}}+fi26R6}*(DOg;T7DWQ`w12lM#?~6? zRt6{_D)bqtvLP8)tSs0SV=KkH2j7)-5QfgK*h8jd!H~toAz$zc=SG3X&^S^QoWulI z!x*_Gv9t>6i*RhZ#Mvm{t=2&<+bI%xLtM8Kz?GS9Ep*%>&(*=ZtzWCiPW%L*+AdyK zglkQZ^YBEAxsuckJikcV%@%y{apQ751*EVO-(8FWxyQjy3VHEoCgFfhJj@(|Fgwu> zw3~PWxK5`FG#{jBTQc|>>`fl`o@nYgAEZZIuofZyZ(#K0u0!{nHj|kP;cgR%LwNkS z4FtSnPrdlRjOeZkfq-S_zlW*(|KrhM(8m953y^=84S?ed1zaJ|m1g()V=w6Ti!G*&S~lnM%D9cnpCO|cKq zAlN`wom1_yD7ad1A?o@K#FHi~H%q(3vgDzc@QSu77qf*IYsJs52rDxh@+27YB!I(D zSRM0meEAX=AvZT#H@ePCe8%y6yvF_!>RvMm71MZsM@;yJkPFXg0`XD%n?kQp=5^C_ zA*B;b0KOxLZf%OqJ*(>fbxr}5-2Zhr8l~?4I%@U*?L4LWe|rk3RsI`R{zJ7qdewy5 zuWG{gTk%iM&Q|lk_nLp+S*4Wvc`8nde}ERzO?eq=k>Y7WYPiS|8z4YdiffyX!=vY- zs<^meCYp_r&ZKhS$1OSlucaG+Jt(B0V$n% ziV7Q-Jf%u(`bx9)?Syy4&tZxP{x1)D@PoYS<&|d@-Uc5dnTjUS179b@X2Bo4UG>r% zE=Ot-4pgGtDu5(t7`wk&A*tFBorsnu7Q}P5Sec&ODCvTuK6nB~eQuqUbQfGf>Q z^NuhRKgv6fpYxA})@6)iViqQqO~?+Y)b12Zb3G>EN|^x8*0DZ^X`WL*=5tm)z)5%u z?c6w7vklu7xTpgTO1h#Dvqm}+2|AkgRnF*7Tu4{0#Ue^QNc|SMB;Yn0m|DcR@Wp|N=tYdU2y-)+#%3s^ z=G50T=_G(_-AOuJr1N_YhAZB*8mF(Y@(n@C9i_1mLf9mogI4hzP~CPc=##n{fg_kC zk)gT6B>wgJn^WSto*-Lw(c1udDbPiJGSA_{^2$XF?&}Mvo4_J-u=nfpH=PoSCF_XX zXMTfuf>u!IO1CCPH0m|Ulcdby+Jt#W*lRq8lyl%m!GO25DB{Nqpa2wqGAOr-WUqsn zl?t^aK^0ENiC=o6I}XI=`cp@!Fh4eLkxM`4M{y}Gec?HlxM5`V`BTdoB4&@xl?xwT zz=fZs(qVeyrWiAT2ry(r%5>YIVCpgDGIJqQX}L_y?5A833jFxD22-D`lMt*)2v$=% z>iQdox4pfx^G~h)zx_dPaCo3CFXO{D|KE0=oc+HvjW@6ZXzP?g zx83~P{N`W5ZeD8h?^*9z@7eydM)&?yb_)0A)R#@{|EcZW_Z`6W{A~9C@97?3n$)?w zfT~+c?gPHY2Ei0jE|)6>pglfcz{G|dnF-4~F!yNiBIc3xGoXO~TggD7(2d;>@_&HK zBH}UL7hPhb_dq$I5>|JG&<`e(il|^8aG}%1mq^+CU+o|Cf3>dPo&WPj%YZcr*;nv~ z2i;`|p$gAwa))#ww%Gi9-V)T_n{<+IZrny!rG)aJH`9DZQf@EF8a`*8EO;KrH2ENB zqjJ2?A5;hIiH{R$HsqDj6kKXukc;L}-A@YkQiZ?M0S`~&-pui;?r4=O<^H$yXjbC> zX#ZJl<}t0d3BIaLp2*#vf#0(2?AjP_ZbMr|)LUpzp-XEEotPxy$mROpjCj}tx@7^v z7SIK@Y&?)YzQBp&PR;rdLt~VmiMO!^;*@Fj@I)N@3n$7yKfM2RHhJ^%)%jj@gf7aM z8cnDTf!0}d{bbr&?HwF>_s&$ zV>Vy3Q<|HT>ob|g6Tm1J=y$-Lf1%}HTJMQiv!6)4e@ci2`jLw2pC(M|tDniV3$ZCu zOT>GL^%Iuqo|E9he%@P{BgTQym61ys(Ge-V0i07jS|4M8QjaIc5dEc)w zWx(V5!GWDrv7t(Xki3tBA*pr5RRt=@xcf8gC7LzqI zH*?a)cHox+v7J;*fF(dl;8Cz9H^rbkS?F{k3uWRpZXd6MmS50(@y_Gmzn@72oyrSn zH-V=-j`Hyl+i_BcjlFL<8 zaBTl8nJ*%pxJy+EwI%+g!qoum?;pB+%aJ0>h@t355xHpLl^}_HXM#p+qTDSwlQ*qD zWCMyG7Y%CoL#b;27K4A?uF1d z>`|0oxkMdwD^?IDm7#i5<2N+*eJ@$=(IiA|WcmH_$I3&|n8-z-7nScZMNZIGF(W$1 z)A`o6>DtRsA!t!ccv5c{y_Drk%4@9bHDS=m~=` zkq2|cS{Gouq%2E+!MpBbb6!v1TRqkZ2^_er*d&AAc*%dh?*XS)U@{g6qsYnUz6cdjn~$>p=#Rd@cMOwj?$y0KDWCpQM#p@dM>2v=?|x~i z;m;ktF;1jqa`6$hiHF;I^zS6?l{rs5-Z=dkl#Fn#)fiF;5ta64!QWd$X;8FyK9f7>vD4*4X`_oR}2h#1XGVVk=CZl#*4dSJA>e^friu(RaSAGIxX{144tkzFID=&d{ zmw+3g4X#cRu-1J9{L2rJ*=gt^4V^_&V!+em@14%YkE5x+ooKts+}jM2KZ640bw?J} z4@A0eg9KS!?=Y2jt@Q)Io-#1#)!Ta6{CO=Q-~%GZjlj75aq2#raPT8=tSeqsNrfQz{)dMSOv%qAol(`|KYIF__~wi%4F5K)5?UfybZd*4 zohS8inC$6ulc-#l-j5Mw@lnZn*Vz!8dV-Cp9CKO}UZ@wk^p>KvYLlTo=^8q0;uUj3 z6?gD%u0{-2GskZ}7J%BKBxeMFdb|@p81lOt6J1$KCsT3l8#bs%JTkY*{G&?0qHxRI z?T^=sio*)Ze zu>IoZBVQT7Y5xRhy4}A3rOdQ!;8}x{zAlh&tf#)-D?6$rJpOfDlF>-`_oTPek-H{G zpG|o|GS|6gB9==L3qJ6^ngPUQtJy;n*-NBTz|Xq_FC14&h0%t{R+3&Zt+x4ZXo4?t$a?4o zRI9I@^8F(;X$P{x{@dyz+Pp7s?eN*eVYrA~0PMXEWm|motMc${@BvwR1ke0W}!8yR};SUFxzw=kv8-k!@_XyRI_@Nm$S0lqjor9Rj3au{UfkU=0l>nm=qp~H_ zBvNon1Y&#P0vauO7N$=MHk=r42rZ#A_COi-_hC8tehB&k6O(DA-)@=#2gy5VqHib6 zkYfX58<0E+!5*-i89(ta_#4W9E_)f8h#5Wo{%}nXh(!#|h36r|b|(Sf=3RHQRR3Lb z*F6~0dnx|kuZggb1isjd(Vh!-u>EG;{QtXcOS~EPu5=JKOC-{$Z=?Q|DYh?XkGA5f zw@fgId-b$Rnd)sQdRf`7ga@tdLtwvPaN%;CT3}2d| z$|!|%H=S(`xSNGJJLw=JnVO;PsXo4}oTXREt^eo4T$#$#Wr|*YfeHeP;eqFH-;hf3 zWP+*Of7(rH4f~0+;#`EGwvgmuI#jz?o3#< zB=pTJ&~Wo{L$K^@nA-saLT0=h5v}cP2{Vujz`qRiZ8^M!9T)7$%;v`w@T=;4ThB z39*)d67et_fF9BG)k6(wT?p?xp{e7LS$AA3#O(EX1k7?6vf=zcWW$Cv=75`xImp@n z?;CVaV}$) z9XN4gC|mf4@|zc9GkvQ|+t#eTD$ad%vVc|kQ=aqCuR0XF_y=5pZf~Mw7xn2agtHB@ zGR-E$I<7@IC}*O7&3r6AIQKj~-tEUOQ%cfW#=Z`*PbvxPaCdgoK;1|vg_D~MCUi5?%hSjG zFG@ow+K$!WZp}ZUxP>77pThI%xw)U70^kq{wgwv zMYBCSaw;YBL;29ku_&LY>9yXYXa8N74l>`S@VBdv`qLM{0q2Qc&e!H!EXb675RtGD zG36vk04ln1ZCCF-&0Z@mw&OBKWs#C{o?y?>12x_>kY%z#_Vh#a#)P@(&bV zG{frzdMgmIyaU-El(l?X%(SRO>u?p2aczHP+X)Y7ch@Hv&O)wKypBDF(e9s8MHSP; zs^(-PW^rX45hBUXxc*;R{eKz5IeUL1#J|&1AjscH33?a7PeY=2#(xhpyvr_VV3AN( zaGY4EnK{3;g(ROOiIV26>YF#I!y_D?W~@eVK}mMh(i_hIiEy3!czu0Of6AZi$=mVN zH$?V3hv)#{i6Vc#?0o#KAIVOyo_yk0p;_DeYVkxsYK?~<*Nn7*VdYuCw+3sJKVMHn zAP_v_eB=MoDdAW{s55Gq28W#X7sUIge@~Kl-vcf8m3{AE`E5-$s9xd(A~TRLVcW zpdaYax?=RhrE9Sx6HOCLvjyOGV6$h*SqHGzpqqV<(%h8%lH>9cPFph#+mO~hEi|et z8Z#!tEb$lpx^)=fte+x=e*aG?a;QH-4~5`QfV_x!u(BcgQYc(~T0jdF`q*ixiS`?m z0-G->oN$iTYU};W-A}|LH=4rR{%WC}g@w6#0+*&Uu~Y4H39JoMN|a&V@n#*R9;dOI z&isC}oX@GGH%FH$;KV_@ftxvF(}<^LN1so>m$9HtOt@BQ`rP=^s`t~Q_RMGf zw+i&<9g$*iB!$HL)Ah9@r{x9M8VCDmAhWl4Z=(P_Eg`kYj>64{U128lCfjS~-V|!O z5u>jr8QkIFaAM@mZ~2)4%jW~xr37eG3)W#;hE#&+`Egzo;AY%Iu$FAm86<4_uim~- z=B)nPTw5Takdtc@?+lvQSI2=|_ZcOvl2L@E&Fc<$%ML2WxGNl7)pm^u!`jAQNO?F9 z0IRaAvpCfrDB49(xOA{TJE(7GuCE9jz%!^?0Ak>@X9`$^T0TFFH*GqK6Ava6GA?}b z2pkD{?{5AW}3Hab8S#^uh0@2OCy>TwKU+rdauW{}m?Qf-|s% ziQpAEXbVre{Cn{-^o%Z~PF9<%lcwo3a9elf$MA~L{wusl#|yHBj+uY1MU{kkzEQn` z<+?Y#Oer|R2&%YC&e08)0+YmIRJOYX1&M223Ak>E&qdnT><6_{{sIwae^Lh|FXySC9Ma}TCMDk0Jq z(D9=G5}4k`C3-xkbA`-=TnhIPU>AVmJZ_GGSD#7U1*e@Q7yLfdVjT==t^aoHQD|^F zybC9%ithSHza-#WrFxqtT+~s<`ZotL?Z}-yi2-R5sD|1Xig943gBHCZFgFyj48^PH4rCp(4~RWMj*{a$bw1$Bpxl|13}p^ZzX zaPp}$BdNwiuv@2LEc*Yv>m&3Lyd`PM0y-b%xvy+^{&5~6b9+8iq7!$I zL9jRLaN4XehxB2E&+1mP2Ig9_Ze}GN@BYy_JSVHsN~;g8mfwGMQZVv9+G!Za4asWb z%sSRPM^wn|FrEo*1|anQ4+I%ifQkq$Nt`N*POGO7T|_zdkgY|rMefbxIr+d!iu4}? zdCTQNP+NG!8zP3q+8b>bLS`pXPf+Jbre?#X@adLT2xb=PYQG{o(`%Byfz7a7&S35h z0|j3hOS$_VSy3(1i#4`3 zuXio9V2zdi7^u_ne$?MVbS1QirZM1<>HQCu;tA(%1Ltg+HTT&v3SfZoIp`8V6rq)p zoNV5DU+J&E;j%>R@#86{8s=F3xxZ;Lo}1JsaL&Gu_&006EH2S4)%apH(Pb6)QUlw= z)4n##r$`H&Tjl#za1VIP{wM_>Re%l$bn*Y`J0wt+Um*Xbg7n$v!vpf&d1XZQU$|93 zpVFt{{r(V0y$?!L!Z$C2q0r?e`1zwb*dg$hA99!JAf~Pn0m~L1AfB3m~$qlD+czrbL$a{{d`IW z`HM`^`22H!abt9p&p_CjA-9;nqZH1+@b7erKX~J;-tbc|=vrcVtl+;b7q))g`Gz4IFOJ6@f~hD z(i_&DRhR!-Lif0;%&m_s*D`F+Y66Lx^*A;ghhQS9;itWANO|256PAX18@t`Y37r6* zhcH}O``!ij4;Rr3%{((Ek(sE;SC8`i%5hkDbXayKg9`}!e#^G-gv8#YAY;_qc*}U3 z6S?@bbIc_Z!c9Fv2-pHX+`;f9%sr0GQKZ}uB5znUoOU0!MLx(zj$1N83a2hUus+e{ zh-iY_duK4+u^K049p0P)skICZ9uLF*4UAPT?va=Lh=}U_htI2>$Ywn+rwX33yeDa* zC!sZ-qKx3;lHS`XL7<(P(g%?J9^Dh@ zmD9cxSozcpd37Z{qVOa*5-nn(b9M9aMDq5B`TlFZ6K=5{_a{%SAW@eXt|q4lUuw$3 ze^4dv|A8tmW(l4D4^$cDW>=p$FT%~{VwCJZxL;t78J?$VildXDVCrOa!f@2C{`N^O zZ=glDApI+@Pu@=m3+aE5$^-MjXAH0xS6M#N;HWq7A>;Y~aFoM*u;BKj=R;M5c)Q&r z+Ls`X-UWDM&p6)LaMlcrDcF*(KSGZ5;(pdsFcPA}9?g6dNzy|OHtwZ&d$<-d(&Gs| zyuQDsw)vPj6MLv}dw+U7HN{nJ#o+=yddNJX!rt>|lz}YUu?k0A#zDy(RbU$5S18K! zi%d$2(wyhNeAf>1d7WcUdT<0+lG9rFddiQKXp2asS-}y{(`x@Fn#yb+ENS)t&!wsj zt+`JF6}St(4bffsj_eBr+FDS49NHJGN3h4Qv=ijOpalCSBD%MTG0hK^0nH~FFoo;XM&)xhVuL*lLjY0Mr8Vq zMARgS)%YgEw(dr8p)ksn3F6!|ETs?r2u>t`l7W@VATF8D6Fa7^8#&D z6H0bxQh05-otpYfI80n9`t3GVV z3W>w>Z`uDLX3Td3a7>i_xH;4`3(cCESJr+laKh61h?TI7H#G@iJ$P^QB0l`~4s@_sL7fJp&h& zKLu_n`^;wH3e~&`Z$OSd2Bz&UPj+9=?m{R^`@zJnZx%0zhY%%9Nf$K5oj3ZK&l#&L z{qqcg-W^8LQQ}v|w>X^u03rK=u7UkCaz31QZmtJv@n4BEidS=A39H?T$-;+a;R|sY zjnZO>66>uJe*B#YY28fcQfFI4T#@9H_JjqVBDqbT#yX6Tsja(7WN79w5Ub(^=&O*B z^%J-PQdjm$ZW;mG}@c(=UtThQRjf(&w(on&C+5=|VTN4XoH!l9V60^}+l z9x-SMsz2%i$UNS89%ZQWV-&&(pA9gxA)@Qlx)M!t02gTv_AhCIhwL}cJx7~5B;Hub~f@95(sFGioEUvaX(?SJk zMsE?|!!V^d@xMuJT+^eFj)j}sn2d$T?RRT4lt-=gQbIExy%Us20ya@}qO}5LbJ0PB zTDK0@Lgl}^;R8}>%i?6zF*E;_8=;z;KMY*Jk_2yjUWf zbUk_s6goe%6U77M@F~2XmQ#i1=nZn_-?q=|Bo*lQ&7)SZ@ZjDA291>*DI$gVOm}$A zolruEI(=#zDprsUZPn$fy?NLvDg>RGUMN;?_45;OO)YS9fY+wBVh4AhIWd75yX5<* zS)wLZTId}e`$)+SpBN_uvpxS~O{WWMAuxOW>O6atH2Wn50!Gs)-n=;7q{j=w^z^-} zz!V+ZnKL7~@0mI*oGISiCygs*20ni5SnDPhI!E5W=ID zVZGm>k?VB)&BuW2S80M{xTa=Z`$)^6!QC(5*AVV;+WJUDD!fSa^j#V_0ruzqtpoA= zaXN#v7wWe03V`+q)+HfD$L&;gg4|KF+8Er5S>yfV^*|dSc&K<{WYnXxs>L~BuS|nH zQ+LY@2q|{=06;5Yy&A~ARW(WT9PzHk_=y?~8eIr3p6YC;?dIT~}vgb&Sd461c~?vzm-yC~uWU3r4@c!!kYbw0q6-*KP$ z;2jXkk}1F%7s4Vh9r6l>C6ia;Miq8ScjJyXoDADdRHJ=P#O<8!Bm?{#NCM0>yQ#1^3mH+uHc z^V05%M7&C4`;dSwyJ4GmvZ6lb-VChW&>7kIYT!vst_GWAiG$1q@dI;hG14#AuhTCH zm6AEM?OJh+M`OHYfL;$XQi7Z#G4nXmRnQLQD;2)M7ndT-0`}5xkxXcn_Pay;s1zzd zpCtmI0k-*qFTIrnth|Mi+j=Ha*B5fNcziU0`kSM_B)L)5D+=QzP~DD+$8vn$+kWiG zAH{4LZ{fd^Z=BTqXCw#JEsrX*{z|T92(iu?8hIlXjnN)>Gg7AEjX1`DLK<~enw5wb zHquth$fN$PB}7#qkABM@B2OVqvO%KL**jyi`uLy#qUZuZwDTfMr}?_iJj6T;K&{Sv z)ca8T8XlYss%{{eD{m6zd)=UNi1j2n&I#`xOWTaqI2HA6*i8kpB9vG)>dF-9J?OcX zr1s!h-c4y=!!D1L1xRf4AY-rm;qK7j3j7J%9`Xh+7e0<_gvAMpuXcyG=Ed6d66xP4xU9_4!@Jcotu z!^TDkGYD$lHBC3tkYPanMLd?FwSlN@Ay)lO6>-i>gGb1FF)p)pnLP$Pj_6wWIv;Hj z=Z_?nJIO{4ji@JHuh6p2p}_6hQCcJ5*cXNt-JBet#XaboB#w^rc!-+2mG+lS#h8c) zzh=HsIjA(=*FvbOv4& z+^`VQ>GRaV6};{yTz-BDzaT|(@d(3yV{|WcmzPv=k=_e+F6w3a&9EtRyHUx(*)8Vp z7JX5nW24Iaxbm*^W}L3$R(|rXBM>(zKWw1-at4vM!Bev;JW|&iK$G@^8=WMt950Pf zD$Vv|8=wL4WLBMPC3h6P!QN#0J~HBYbw;t*$r2TVXEb!Zw8ZlIGgRCupC9hMv1!?4 zd$TkN67UO!my7{j=>276A$mac9j+nz$|%y0|6w<|s=nGZ)9uPC)33I|R(1gDmp?M{ zg=(}Z^cQ7hYh0XZzp}AI8x8s<%J)ba&#MaZoodP7o<+IHlMQ|SF2VwnRMPDSj%n<4 zvs#$Kr5y&HGHcdNvM5~%A#ah}?7Md9k$41}Uwo!A@<|mpYZNTR)v-+9+2n^P#WSS` z;3_wt%R1>4M)XaHm5>sS5LfjHHBJ@_UpW(*Hg0?nyjF+Zwn#)fxF)F$$RxEyGT&$r z*X~X^l>_`R3LWi5^ONZPfA`H0wai_G4Ak!Pws@1sDMmgkBsk(gX|twU8Mcc{Ji$XI zmo4i_>4%PEe2u$L4XqNH)6YVk%KzcfX#|%aWFtd4ZiddbW4{t}oPqnuz!4mbtohN4 zHf1ZQzQtTXm3w!0Z1^zZD`#K4YObV(o%o&IpTsfeIQj!G@5cgq9SN}veKCr!HPjj{ zVfVxn5;D~4R>Ak*ZK|EEldfO-i2_A*8G=vELL2md9b@86YZe#X5_*N={Gq`>u9~bK zp5P#loQ<$hh(s0))k$SHg+<1_ytc=LKX%@wLf^7!mP8hcmmEd(zI#-|LDLc}=u@lR z4scS0B2ZA%+?L@oCTb*wu_oS)S`T@d@tG?NFCYD;Yw2Y5bC#{O(=a&j+iV-v+4hvx z4`~_RPJh8h_I|L)p&@I5;5FZZPYL=y;U@YruPr}Nm>HN( zIgue-Ah$Gv;{2W>fzLrlKd3|A&)&gjOgy*T&N-hgpgv@Zx`?GY>I3X|-4KVkE&l{c zDQfqBfSYndlgc-r`5%`(+@PsW!TNW=1hK;gp!pKW@b{CA^Inqwg>bn^xNEB}zB+TC zFl%Sm#`QT}Bh=tDDx?mwKzIsHWl2wtjhdbmF@<_%0SS{?W9p3tJpVfnnAVwNNo{1b zXrky{`$W9Yh{la&(xYPqmGkNGku{6~gG$IDaj6k}iAObWn;)7F9x)&}+tp$L{!4xK zqMvI5r|!+STYiEZ`#`(Z^ve4uAvl0teW&l8%Fa0@3;9Ayol9qlqLnC3m=PwKf2H_X9oKf=z(J@A9VW7Uh1TvG5p*Y8Dd0I( zsmk>XmEaelWor*P-xU%bP&ALV;a5~!2u;4Fy=8E3*HgjY5{oT&M$0_({{au(JMb^< zQ@HUK5lxCxukzA{-M?pKoJ_vjmt<#5vTkLco$5tRJtue57Q0W+uR>=G=@t+g(fsRk z=p$I=^Qo`s;^XS+Rz4BLaOhcqV2cx&I?;U)eatxjg~{z5uU)N0Th6!HZbAPn^Eczt z<9nE&li!h?sw$FMQ`;y{d4(G5Oj+3Z+$^S#m;9Nr^zeT>_QMU@6v|&|(kLq<gHvCNQ@^{jieMgZ zm0(yCMc8+kBfq`fd$Hj&$0@$O{dJ>#^7vyCZB;Tm$jT4gvR(F{>@i%Je>Q`9g&s3( zfJ6#%?-IsrQ#J%xajHR`%Fz^Z6eq!Rl2>42@}TZJNYTz9m6N9tz?&Z{aJ9-0bcFVK zB34CuT^NR~R!&Ogw2pcL`owOdYAZNbV0Jstc7-v#MG=RLh9lAOFd#ldzrE@%e1Mv& zK7omMz{{P_UpJrOACI4#8X#c21^BA^TeCF?Zr=ZIf<-m=@9Q`I>*mT^hsKX9nKgs& zBj7kenr(KVqisA*@5Dl}do&d$?jiYe-7=vfd6>9_*Tv( z1iuB;;hMDvco2TcX0%6h;-@Sub1#g^YoBOJqE(imEJ+-e$_<`L_k74;A!pnVCAkTe z2@XJDlM$lhnWDu@anX$AE=8l5q&`7ScKr^WQ3w*CqT`#>#ORVKvNYNi(5Ni`Smz4; zELs(_t>NqabD1UaC&L03)?0ta3OzL`t+Xj+aZj?cc_{j487bv$s7e`tS5L-ZH}PLQ zl@p|8TZD{YN>Sr+V<6hvF?_?)qy71v{#R#FZkKLE#~^5Wnlq*XIx>wjUGeX=!Zc1Y zdu0D$Z_;w>*#dz>yo2I(Dl+c4oEv4MkfOeRzm6}t91C4h-@R>=*!Sa$=LsK$SAYDf zaacfNl8UmpiTTP?*PB5pj$igwV@4XSAT$UudN5M(x4JIHB6i8qtOK&|Sz$ zL;ZHI!bSss_GA2Bq=-QF-*>jy6W*^|S4iDAluEAki0c^5*CuWjGw!t?RuV!bwVk*7 zwZL2YOQDy`5kCiQXM^vC{6=;_gjNjEwDb3}6$Z_3N{jFXBy>f0}ywvAUejh>q@s@=(e}8f>Ni>(wr7n-Nd+-Svs*)%@8u=Zm zUb`y2bH>(KJy)4bg(QbU=A&4UflI_CvX)I%pN4_g2T%r^sZ_lYtp1V!K zfodKqC?w4E_lAje<*A8iMlMFrPAHv!U~)+R&MTIh{NGwS#WzL;@@);{=NM> zdF5dOm}(8G#Z^*%Sw4YME`-g67cFHO@JC6O5d$0hm_3!YAs9Kap)XtD0u6I6*lLSA zwUIL(cbl>I&oM^WH)cHnysF&Tgh3G=MS=v;TTK$o&(vfoZX*O2#cFj`>Lc`=;fWH2 zh4$e&C^@ra)T~2Z2PS93vJS&wWXn_J;$RMT^Q0WP!JC8*R-erete|w<=>F7~Cwd%f z?tt8t$$V2Y7IZY|5PSmNYEAl-+u=t3{9g27e%U<$Qa8G&$hl;CJFH&9wfMdJUlRu zp%2wj0IUMSSlpeHN3@+eNGv_2@2PbHYjCApdCA4R+2LdD=6AwyC9rCrZ}QLUcI;7_ zj3RT;q@7_49uOm8^|Kd=-?L%;hYadB9%=L%ry>e+LXIfL`=)B54>hDpjYOdWL?PpX zIA<-Qcz73^bn{;QlS9v&N(#wU{SaC|d+iIdF;Jzf7t9CE8iV6+Dp$v&*Goi9pdpT# z2cI8_`%RKiqRrVMB&C`TT{!Mq%ZX6$5C5s=^R-0 z=&fXn*Ha6S$|+A~d1raWGZxqfcX_-LmH3i2(bU>XsoyVXW`*&m)KB48I}lRs;;l>X zQ0>bHB{fV;G!}l?*+KhE*wDkohFgc_TkO3HCJUB`F(wKbOvJjcJ(ydrWRjfSq?;3l z(wX+)VzifCT8rvTi=n16r%1-%y3F)FZC@IA<351!LJZ~t7>{rA0fz?wp;O!skN~{& z+PlHiEw-;w=Q3J$PuVv7g<#$km!w)d|C9^vqi^=ihCav9%d1yzdNwSJo@im9{@2!y zIg;}6UC&CnMm3x}o`}XD>>GbHU0aVbyJqI1Sx(9HXL{@WXI-)~_Lzi7Ns?C&4$8s? zKXN$CUcBXu0@i=@nhTWhle^NGeA2|s*ogb z$gt|b4S>ouO0BcS5vKYA!iXRI^*TwZ`sth?2!nXQCVdf%ANc8fQ*YMirhq&eO3N}G zhwF^xO_X250P{db8br|t9!AQ)F=K6&MA>+E)PrevZ?1jQ(3wjTyXs5QG|{d(sd@>d zA!O=u1k&Y`yE&y=Q%u43R*Nt*Pu`w6o!u4n`8M`qcS8&jKi_t448NPu)8O{5k9qM{ zSyJ#AN(u<6<#Q-Ubzfed`Y%vDf~XEehy#XposGANU#jQq(r)mplOKPBF6%M0WY9}RrZqR7mK%B7QGc5m@h}8vrb+29O2M<(dj@;MRa{&6 zEABwX#@^pOY~vNGVOX1fgpQ_saATuNVNA$?x&i%^&;rI2F*baXU*)x6pqWxE9xt!J zc`r`+>*ezPmuTHM+xiX^CYIh-+K3L!7Np^(+oRFjt-{Rwdk!U#2>lkQ&Z7mG3cB3W z*8Utr@$iCFly8LWC=^>Pr8N1C`nr1AZae3w28?hm%aAD!vGV+#%-%zCHr`!J1OJaq zPP~+|Q+S|I6l(7*Iq>{Z_&o^E9;^4w` z7&QfBllWmT`kmLrH~%U?`I!FZ2)!=&0fM%#-07!S zorTjC+0*xo^_<=%So(m+9YeT?@;Gx_(Nx^9P?uVqXQ%oG)J z&bo}sWt57h&Xu=~(Y?=WNTEMZ^~%hKn9J|NR=84mFk^5YYWJ|?ybm$ubNo4Vi5h(> zj$S{NHZP3)UuH=(Hs(59o>na0n>Kp+K(l@+Q%`@<$ewz0AJ?RaZ$$JqIa9>3UX+}$ zRpZ_!2yec8Amc>Cf2a&Qt=5g&Gt& zojMoI;5#O~>N>(Umf}H#(`))8E6^LNqes@AChK-m%j|XoXEK5Ken8c2fc=yLGgjBQ zp<+;7GbWOgEQt;rSa`)r;7pt()f+M{TuOQ<*P3cBLryNsVT6H7{Xo)22|Xx_)di_T z8%=aQHn3Oa#{a-7^5a`bF)TH2u5+ZdDE`OFLE}Pu&M04T6(aDSkOcGOQ!yD`PK8tDZ9XGn-%GTtb*q1KAZN35?vz-5 z?Bs$D#vE-zs{ODYdKV9P~tJ5DeX4XDBAsLTl3qxcM%h z6eQzcYpa`O1}>Eg&!|@e`Fl6+=W<9VaGFRr8874YAX0b!&<{X$JK#C>3PgnSkDFt@ z{Ag?)w1frWKO54K3Vo@IW{AN@0Sz0np>Hm)Ke1ZoJ7edTpKl98-ua#kvxxd<7KHs< z!8K&D)(2;5RAd7)|HW1VqzX8p`nMtc@QXbhyoNyN8{nxeJhwU*1fZI-*ayLq01&bF zpI-pAW2hXC;+aH_h|lyle%MHa-lDL)ziPZ5q{jWj0H06t=B4cjBWf_(H#$sFyG4Q&;8s z(qw!QLRwP$Rp{_gw?fQD2G9#w(t4@w)+VaZv||FgHTS#yBos}PH>J}4wv_=EKvZD5pKP*n%@e^zzr`}TkBx) zpmV~Z5Sh5O8XkQz6snKC&Z+weIl?rt-BLhcfBaV!L|o%bUX50gZsrYK-r!KL*>~4=~cuP zz;X)GG`ZyBT{#7f%}h5}d{&Ep*{XeX(2n+N8U<;*fWlHhTRJ~?o zUaKt1CUelI(+VQnLdBs`#j^trsB#zRCwx(_{UL%O8~V1~@eI85R|YwFJgw<|fQ0i{ z=0G-G990f{(>_<1ZbwNnwiob!83lR9<*w|AMi}oWe1g?I*AzYCm``e5W~U}fg(*HR z+GLY46|1cz!YI#Aba}h?9i={#dzr|R$|Bn|79tQFO(Bv{oCZyik@jefdHy!#9#v&* zZLeX3HoWA7SP}1Po%#uyJE?Moe8!2<7yL#cuO5Qqbk6+YD*iLTB*oEPK|H9G^T``U zh7qBV4M~=K$9f)q9c7omBGSS0MAW1-GR~lr9S(QFp_^B9iSfq}Okv*kEZoQ1i@C_G z;(fK#?Qj>_o`hna^5rkeoDamMjy4{hVRsR6cdRW#5|aF`ar&|YddkRytLZ)2kP|Jx zuWV#n=w5x#>S0O`w+AP(p93dj7Aw*6Spg&@1**M6YDg`6-6yAyRd^Z58Svr0fi>TG zD5LJ(UGODEW$;l$4Au0f91{E9?C{#^r?OShu>Z5;8(PH)H_CEuaR zAjXh04BqN4ey&J(Q^`{*wXDP-Wg73TIIaB5Qdz=Jy}jh4LI%Pzx#rNJA($ru3u1?ZJ|&Q? z#wP>JXQo9S2(&3G3l^35S4RO)H@=y-TS%XveCpdP7q2M)8TMU2NwmeYxn1bS7B-&V zsXMdvONxc5!xsQwjII5#n}wzNUhUv!fVX1aOamDjX0q z!D9)d-+}EwaQn%hWooGhga?#19Xke^N&!2+@5}kv!r|0QDZQi6XOF_Lg@ZiSs9pdL zz>mf;5Ye(04@dXPRNFhSyVQc}jgEM_Gf&hj+v3~+>Z$(jbW1Qp{m@FnkSj^UO!16R zXRLZ!G2`K4*o)+0ddz4%W=?6Qw(6%d1sKvH7GFgBbHPoeo4_ZV5rr#Mk%of2a4Is- zftOOqB#SpPC6<=*lV#F5nZ{x&eoJ_&^Y!9B(+@`?rGIuEkoZ(Inx(BdJFKH!8W{Dh zE!p)Iywgdr~Y(Q!qlWf zG+}n*Q9))@8Z$uq%1zC#skucRWlnW`0D!v7p!PSPjsG^*TgE03AS`8K%;7N&T#f5BhnT>@FdbTSeIh?{<}(VS3Sj04)xFNQH#0)%Jtbw5lHk&)FY=qcZSPa)&l z3>I*PZ((k3;QV?)Ydnihryo98{)LNlU7E|DMHC^a_m6;qLjkg3`VcHP{;LPEWU+d0 zzBqVPCxGgG96f6`KvxGZ?2n+6I01up{A)f{a)DGo#YP>HC9kX8 z$)u=La6mjG+zv zOJYn4w(7K%B>KLaJaEiuWOUFt96g_rRb%zrK7ACe(NT^gS;h=88#ll)*ebK6sZs5= zxVY4!j8dUKnQeh5)y(q6R&2~d^EO9kNWA0#@b0P7m~b z>0)tnPNTi+nD+-?NW)A8!S&B^*{>-)Sd*edzP%b1l;pFeke?-bFf%C)PsCG@_0#s$ zTI(AZ%s_|i#YIy4{xBANQWI^i-U!re=x2TlM^zo|uO*uMtH3?sFDie8C&Nn%V{ssn zWCgwU7|qoU%P_T_tGp<6Ew3nElV|W3h#p{nhbDYPF?j34-(VZ2`eL4)^*Z4Pkr8Va z$Qbnvb2Jsm=z>`p-_L)+}ZxrbIp&tuUs$)M*!L^C2&Ah$JU}(RFjr zTE7$kz?o4h^0nux$*yRGrY8Q(?!GXki=1fm1?Su&Z!pz2AgiYv`QE{Kv3Lc5L#K;z zR*PS?s2i(i&k$IUlM~9%hBlKwK00Tm5tkG#jLoYXRz+PXlS!d_4=!;sQ~2n2Q~>Ir z6fRWyc^#`=wKy3@tAgC1kH%KwEk}HvfWYGz%W7@Hv7jXjqgukM>|p z=9EkN5lPV#6Rlqj2Vf@e;=PW(tjnFJ_au)!9$~29BafYppFAOthQ0@n&akxoaI%g5 z^W&F@_B~Q=RUW!`=;WfpYe%ONsNFwJ7^EaIt2Ybpn+IC*Z{G(koY>!qY>m~kfvR8V zvd5|vkOgAwW)TZABle?thoAKNNz1bwM9aAmL_0|YLtYz2=XX%Jc{w4O~5X)%spbj&LjX9z@%q=x2zjJ&;eX*k?Rg?CwbeZH?XW zy#OCxKPH<4S$ZV#Yidt8J)>KY9CAZNuIiCM2HXt&9nVumA0JSlD-vQ7+ZT|Z;L|Wj zWG#<3^#lVKj&AT z_3`?Ymw<`cM=Gm?J=G3d+^;-B6fc&v{)DZ0xI^au(QSCq*kKN~n4*fEVh zmfuDTUJQH==>f|$GykbJf-OrIQ}~f?!Ph0P{d0Fcmbm&0%h2;8+{=Q@ zD}gO(IbTqs5VyL{%P=_?AE&{so|ne!bbDM}cxLYZ6(3hf|2uF0-*0z2#r#k0qpkh- zUY?5mf5F4uRA}!L@u@NZXH*A~7hVp3wA}6)``c$}6RaK+9u7GfVoBbzXW9)D-aBqR zb#Sg?Q!)*A57pHMT+f>%jQ8g!%)#rwSR&=FpL}+xPcNJ3QACCP6OyG?WTjmY@=|Kx z`_J&(Y<@CIB_WkxA)zX;XVU4GT)#mDnnLatNcHIe=_7|<^K&?@7CGprfo25UGT8{4!J{vTp7x@4G#ONapT_W$l)yJ-L0-^PF6&$Ge(-xcC`fMe`? z6`5WbFBK9rBmw3vM^~a8Y+{O926g;+Qn}@baspD%$+k*1OR`j^{XX*W4GvSP27Z3qv?*E}~h| z`*^DM|HA&g>OP!VqiyV5i3hIF;halQ<{r>o#6!Tl1bGM5M@;?o5lNoL0Xp1+Kk4{9 z9SrC#syFM41#(V@eR@~5_ zEW5EhM$Jm=PoZe(V^c$G975_IKI=XA8lk${U+O*d&b@hW{<>?}x=Jun1Y0+ua_+-0 zCh}!i@1Z!2qU=R(k)%nzhuZD~EftMue5K%d_ujoqaID7cL-fH*Nmy57*L!H8 zG58AUeD(6l4O3UuXcDC_2-Wq4u$DFy38PQz1H?x{Yi_t0LU z&6|1;b@vM|Z++C6caypw+gR)q(A&wql2pR9)$94!lLX%0kSI_KxmM9&4(S07M&vCW z6PC&2HJ0{a!;O4DW{q_*w_DWx1R3!SDCzTOr^H^sav3Ve1;^TV+>T= z&3*7zPHDu1bH*z%^`#K8zT-m;JRv+FvCNNph|?h{131RFc9uKsA_b3WY(Ex1i4nW0 zz>^}^5hr5AB6C|*70&!puQ9(OKud+3u}dt`gNh~kWWg1>Kefvdp~Dd%wDY8$+}6v> z_b~s;c!5?eIV#?eDtuM&RE>F@Bs3nr)l0uK?OS;XmZ%K2vL32mtBFLCAxUm!VWA=O zxvno;n}U!Tjq9kkxs7-8jZa<2V|@DzOMD9czh%m-$B+P;#*hYA^&hY}hTH`8Qn|MZ zqKX+wn2-Z{TV}WB!wVM6bNUxFf6)G)g)*E}*M;{ps{*QC<79!U8*pF`FpM%%r5;%Q z&F*o)M*gzqAZUKao+XP^G+(Au*uZNE*$C5mb zSx7E|B)t$MU~woeB$GJ$FlHh7@!xeCM&#f1yLSiU_d7c~=m$lug(0CXTA#q`Y0w&=vohQYm10@z)I!ukS{^RsjQ!z!BOD(l*pwb(| z27{DywefBxv}x#COhVfVV&AwRR(!XvAhy31#I}OiRuKC(1u>D1wFsuKrMh@c#>dx~ zMyjWa%ZVi7!`;qqRk629PIE=RW7*8y&IRJxRw~;{Wm~(M2gg=iv+t&fYn{Ul%WFql zd2K7NZRNFZPhN9E*uZ7%yb$y+E2o9zng-;5{O^C)Ib(7lKK_Dv7*cViv%|Lj{_pzT z&c9=5)D!%?#s-`$)z}W&t!!smpuPavF(N|}hc8@*suSh(Uqw=YW`bMTzTSU6qgg8<{X|_#mL{g!^8#<+zKXV*Xh4_NRF?;(j zT4R<;$J*&m-~MSBlK5Q5)Ktv}2m#&pL4F)MY`P37z8+5DhnCu^zmDky zzc0O)byki~D>K#w!_7uCtOOqEO-@KWjo4R9Okl3(Ed%21mP?7XYvT@GP7sv;bXZ&( zOCLV;KYZxl-6^o(kN(}=43zz}=*F27BMOT^4e*7QVoL(J`gTT!=FWkNisvIbs1)57 zPXX($8Te4-kC>CNnnMc4OZ$&yju%$;p>asBX_(@id~sJPC&7&edBAS*Ev?whF4N#j zFYe-)6}LA$QlX|OBO5)eqSo}Cz;XK-8}$U=E}~wm7LADPb)dk zNYJ~LnLm%r{H02oTX}gaFMqf4a;2x=CIsfa#RO(WX~*Ji)%}XL$UVx`oDN6weCqDH zmASVv_m`WQS2woV{JdzZ2|V7&OnWNAW@g*dBQ`bTUW+jK|BkmB%BRy%<|K07YAN@k zrFgEAmGbshi}_Bqn6Kla?E#BI!hz{6p&WFo?kOq7Qcv|Lc`{u)AULG)uu_Tz#h{=S z&@ojsxz}Dqs{Kz&_@wN~#Yv!*fKrcwU>=MrzevnA7p;;6hm}0tuoK!fY9gpVcz}*CSt`*Pj)M{5=rxO} zWSqvsf5-oh%Wn}C2%}#}G)BP)bBRL5GFU=FB@o&2a)hNSnXnte^{024wE_K_5RN6| z?;nq(Ohj*YcSz+Zy=(<+yqmakO=ikfz1wM_m(a&079>P0Msh?@nh41W9;0_x=_P4; z^+4H~*I~fM<20snvO6NtxCtW^yOI;KJH|BLH7_dL-tn=bN=r;*J$40|H+h*a;m2D~}W0M`=%LGL6)R1?@cQ_%ET33&wTdTP4m##4XjH(yQx<;lhEJ_tUg|2+L~C}p_L-1^s)=9DHa9! z`axm$ExMc6_lhq%eQ0%qFjLV*g@bQ>$Ncb|X9sOh)m)Fi-ERr?9!#M}J<&fBg50 z*MDVSt{rtBz^l93hYw9e;t<{4{cZbv2~T-f*)?2+IDYJZ9AO@kn1rnf9!CrI(Qdcf zhx_~R-*&rQ{O`fh!QtOJ`|WmnfB&Gncks7%cW)i2t0)H)-ulega30;qYX7cm_m9EYd{@s^@B)RJC{#P~8I zA$rVs>6?-b1I$~QH0X*KiyCn=)6Jgif;+DNhZhP|C1?83*DpHtMf%m6WO-DIHL1UG zLe0+HLzh?vquuLH?TW@>5B(Rrtc{7pO55wz5K_JO(1#DGb)tkRKoz>XYbL5%Q(#jB z`qAaeNWD|y0T^sV4;Up*k~wYSIA#(AGgGCm1kaWj?T#3`s`pUBglvLcK8hOpSDFkt z4oSIqGb9m_q?xdY21=8Imm&=ULP8QY&?Ol#PMYvK-~{@uiG&2IZ_6(<96oN;vjBe7 zrRf0FhZha>FospBw9_q2$c|dh@U|?3!1t&u)B%jpLLv(kins7@bVwX5-DYYb!Q7cme(A`~c zMnQ>(B^XZOkW!C-M%Ba>^IK5*6IRRXUELI{H&7jht^P2xi}mcPH)d?=&t{_j{qXNP zP9+#_39Dg#OG~nn1lKsw?S^6K#<)@A7yQHH5AS zzf?GQG$is-13iLfAHB~thu%HXoZ->?T$AuVw2KIeP$Hm^X;wY&9;JfhY69ca0L>WJ zdKmwS#vzS|pA_*dB4=cv3R_&wfU<^AnJgB7Nu-y5l0d=?>jv`Fy}2!@h;WD2LWiGy z_bURbiF5b5b4et&K%cVk+)$=wH=iGFyI&=oUekySNtn5ijF^ybh`eF^D*y83=}G>@ z>C0!?i)=Tl>CGu3J@n{xD&(2Bg*~dNz3vr_)7xA*D03W7;Cq@R5gC(M;wWPyIy^YoQ+nS(=(Vw-<~YIOuW>X{1Ix}_Gn8Dz5x8lri5>|O za3UYo7TI-+lojh4q4BW9Ys_R#r7g2THE|TN8})CAq|8R{s6r8JL;}gUvGvn<$ceC= zQoSL?7n<}Tvxa{AQrCgMpX)!pU92qs&(!~}aYREbiIpRp0bfe-GtV6TuXAuz)c-n1 z`&<3*UY-X=nHx&~3hu9x<*O`NjO*rZo&Aag!lw}G=%p=qT? z%;vk^P~MJk%m9jt7Bo|Ao!|st(uhh*MC@^3^Z(94=jd?D|L@~@fKIWLgvSC&hV-nXn-Pi8WlAF;{saeC zct}L6_5i(A#I8g|#-%`FM4|{O1s{!-kPC-@oJ3gCYl0FiN8WoJhqVVNCPRIk_*kc& zA|bk=a)kcJP75ii4zU<&Dv(e@IErXYTD8`*^NVxIIH^5ACu}@sG5Y=F9EFsNT5Cw< zF8r&(ueC1!;=Ay#eK8vDs(1+BzRYsCoWGTD7T73<$WeBMYOv)6xj|ERNHSpWNnhezA>e;>~SbTU#qZN!GP<0wKg zgUn=VLsKf5_KC>(tyFl)n7#3aMiIIs2!|mFA-SI77HVC!YPAOs(7RL3NstjOP`mve zHBqg9i`Lv8r8b>i_1Pa*jisNK);S<1IYvcA@0cT>-=KT{W<7Wd~t_ zFbYXR;*i9_L<79gKqW(<)}d4o4vdrBCQJ~deYMb-NKOL}c}5xZo767z0Wp3w)+NTu z6165eBV%?=P`}FkC5Q-)(?ls`0yMHd9LH3b&B{1{s>bF9t_MkDG{D!4BQ`*Prb41r zXmN*tI22M2x+>t!mz z>~_*`=uz=2@>~XCADyORq`m;Yxdf*j@KtdxF;`E(dnsWtiKT$Og~sUYU(ZpXH5O3` z8bVrQ*7?padhq+_nR1MFB6Dl2t zu>D~1}R4w@MJ%>e_TP3aR&+~)? zEiEB98=p1Eh(2O5(r)UolmJAfgINaQ4=vz0A+CfL{v@-rmmMb{mP&9RR1LThYVhQUOh9FG7^3n2f-`7f z!6+sq1U@{%*91h!!mxM!QJ1?mcoXEBa2z4eDEL^U!ANZt;DYBW08|Q~ROqeFw)s*> zs`w#nEqa~}bA*xaH1t@+h^0}ec3Y&+!1ZivuOcL<+8C%rH&Dvxu&U-5obO<2=MMAa z3mD z_hIRHtE#UFKSP~fK5T&c0hTf%&8)G$B2=GH63(tEFd&UvbMC5kYNY+HU*kmBrA4&m z-hq4JTGl(Mm1Q)@nZv4eY0X>{kQpfOB#kFggiRzQpaZH9C^SOt@&vD0Z@p^*ACp+N zkdntNCLDPFSb*9u35k``WxPN=nZvf^lK?9$F9%sRff-+I;&4o3#htx(B&5>vXz%qk zB{zKsZr`&Hihd?AL4&YTu@H0^Bd!Xl-%gYQA3+>Qjg%@u<>X8wSP5J>ROe zDNDtM`i1jnuxF}H0Hl`2e;++I5cg1D@|5&Ab*~~84LN5pNFo%aju9SEJKVLAeP}En1ZDyfi z#_W@TUQe#7nq+2KYC;0A7g*ZK)pM)*a)SPqUJ@P?Nkk>F>Mf>{X3Zxc-4f-Rj|Bo= zfpV4V1FW1O)f3uv6B%$K&E)j6_1m}m4s7a%!+C(|ldXQXTE8r+Uyj_D9BO%aj9Ewr z6J(Hyc6~-DsZ}_AzSlr@^PaGjBYy#y%BHmzsw61Kb1P{o`&vy_+4oOJS#xN~+b!>d zhyVo|{i+!k7$Q)jgjk4UaJKT#L2#A$C{vn|uXZiT`GlrKC@Wd0rvK~w*EdcGOb8cL z$SNVhME_Vm>*&o=g%vFk#L#I4r(d!8DI)YZd&BT`PqQ+eTjj4QB$lLUOcLsC%tF$% zs#M=Wl1W|8k*sg5gVvKwwB$I60QY{c8Y?!&12{b!4Agr|!Zb#Vhx*NkM2QzaqOfv< zCkU$s^|_46C;=f;SjosrK;cRr@+47T40Qm{QlK~)5Kdwz2irP|Xtl)($B5kGaT0;Z ziP3q4gDV57vwl$FRTT(>>zWd>EUo$SY_%OE;q+QnH-34P2y{)c+7meo(?IouQA}=( zQU|19mZB!)mS&gF^zhG&dtV<0)=+8@ICD_773+OBm28ZqT4~WlE&7COvzJ1#;wjgJ zPqY`Gre!1S>XlkSA^mtricm_ePhWp z!nx;?03Dkx+u#^v?Ih)3fpbj8!9;;CjPVs{R0$J;8deHC)ByQNpx<61IpQoGDh))B z3@Bv;(=5_UIM8@ZTEmtl_D4b&+;LiS9v^0~lA(wSNgxOf$e{nE{iNMTkBz?5S1*-b z)CXlp4{{`B(g*F4U>61EX27`e^>-TRW<-OL(=2XA#4Ia|e^XS`Ldcn@eT&JpAZfw5 z%4;ReXhr`wZx7Y`qbjUT2USN1+E7zID(rikCqPMA%LR234*Pc4vyrQPFK7W8)NYcn z8f#4lU!GX=!iuI54d>HNyR89xdi3;gMhkdMZ2qaK12L;mpL(f95tD!jf%(MR{>tZ2 zkA&;wx3gF1abGRF-tO*)4=x17?;Bh}GsAPC6wH)Yv?Z>C{*D(tJ{Z`Atc_x@Ppd@> zcF?gIdLuV>11NwuPKDG<{gSxiGm(}9Nn>s*6@I_?JF${%hy)vxyy?=&@y;Y__H6r6 ztsY_yB|!O@W?ro|VYjmHJtm`y513*filY>b^Yov7AW#~yK1Rx64CwHZC`1aG23KmMw7Vl5 z>74!!Vu_R(Ebo%pPN%Y~e~296e@vX2^dnCr@=r^EZ)o(JAmSGijrGg}kWP(s2YD@Y ztRy#11SGwA*EHZnFdNBlAUK4O5DpMxgk#%vY+GsA zgT_Ag=AdO9Nq&ugb0z;58nGKSq=rTo6)3cP(4%Q@bpzot0dxbcLvoVbiLVCAfn($a zGXxKd-sW0`!l|_1FT`^8jRlQ`eP^%9pLkg6?0=~H;hvBofv2S2Ky?>gV=~CM>vvk@ z-foW-xJ&y+o5 zt-?JBednjfQ7D?^?ZCv!K=yzqH?z(HJzd1e!fLgW1Q=5Y5!&0FlY|pNVyQJPXS0Ll zZjOjAJzL}DM6;8}iVyW=5-I61<2~5!{l?<}s2?Cl|9$-Wl^f+$0`-h2c}EDGW|n_# zExj2rrHvAiC08;$>32$Q2nTDo79RDI#xaX0W0neAE!#5v+)E|z6bqYDIF+!d)p>;7 zegH#N;85GNZ`fCuf=$MR>>?vY7`@&$;;i84x0i+mW&md+Cb6Pk+oraMU``Z%Mrs-Z zKX2646M>FTUn1?X)j*f21Qw~tcGpg?G2g?Aahns>yfle0FeMPb{Xqc@-C$$Eam&d1 zV0h4g7cCEZ(qLIj0^C*_^)oaUG)F&9(A|=zxVMxK;WK7FH>NYKc_S#khmN?c7Ji% zzH|}dyn3~hYOT{kFBrel@3Qm(4V!cixRfM9>LXZf@lmyYO2>(}51ULuKW}IvY`x^ zd#j*<16#o2lrl61H(@0*=pv_Q+J=%~BY{QW>4P3?2~Yj%?|kNHi0|*I;Qx;NH`T{% z{(sQv9(IcHAA5US{(mpe160X8YqghJQ4^JEI?+N&F{dW$Y{0R36j|;%@Lao;3Qq?_ zNYOy=jEti@QvDbmN_Di8f=C=TC2Nv6^oML!H_xLTy6^@x zZ74gQRb=xCY-_c1vnOsYQLAPzuvdgcVj2mPS~T0i8l|b#-XX18?cxoSq~}f>xI{M? ztn6dLqY0Sbs>5K6*{cEPn4IW>VA|%|dZMaxGKj!8)A+EppCDL3HB_j;LarPPLdYH2`4&Oh1pb9q!Y7P`tY8zDZIgrS%5fYoaKem`KbU=gXoo~?u)P+6)n;i59ZW*=LIYAEv)<`!Djv0JVkU8ZFd zmzl^eua0&NQc%`v7m9G-xo;V{+UmdqAZkqgbD;|D?q~@{=c39la5GDWD{4VDhmZ#v z^Lw?2$hY31cW2LEJwHBwe(~n`_4D_Yn5s?-T(eDfi%mA0a9q23%N~YuJn#ME2f5!n zns(IKJ$xE4=AzV;TL7!iY!IFjo@+mOHpXn3yQPT3kgB>kYPje8MSiom%ZJvo_u=B9an;LLJlN zhp=cp>D@SuBuyfM%u$7S|M-D@*R<~}0p;i?3%Q(2LRrxTsK{Bc7g(Ln5M5YB-lEgN z+(@TJM9pTB@?mk&>6P?WE5BoQO$4%GkpA|bsb*LR7ErKcxg#G<-`aOJf(qI(Ugw+2 zq0WIl7jv%UJj6jZ414;J3qb|zo3?$aq2-MKAnrIL>KMlXunju_82 z4|~G8kzK=YaXu;Pa`RWPKPvFWr2;GxCiR+j?~ch08sk41w>G0%?by7?o05z#%40Y$ zyY95Qtv%HIC%W#o+O75uqHzc&W#Pi&I5@807|~d*SS;b><&qQMdIX_{>Zhi8gh7Q7 zEe-z*&c^6T>sEpKv~^pn*+}=N_S9pP-N0ZuhI;MB+RwJPb1>lOV@UD*RuUfL$Q>%B z`c!F3aeZo8aLb8^v<7$oB*z@WflQ&pTH*H**7Iuo6yQkR zIOk~7A&niOJ!##xZgYp;4LIvG3r@01T>#=}y>tM+%anfTn41?56E{I<2z z0GL=UKy07}sK(as_r<8Tne~sFP20gy>!8)PdmqUS^~opg_#HHFw%yk>reho-rKpd` z+MV6QsBcpCHZ`-aDunly?$o;NdxUYQ3FF8k4D7txVl=cK)rLA7C_{-N0v`Kz5DydD%Q=A7Bcjvz?6<(}H|pxLJnb^xct{$YMz9-uK8oO{5BTEeA0e5v2- zv*DiN+OHG>tozP~*H{LlS32e97$@)aS?_!OpAU7MB;d-Wf7k*W#rZG8VFi@ zew%P2Ak$gz-TPvXCTW-&)Z>^&J9j-3l%a4m9;cuMXmYfu)3^fH?}!r|PIQDWiNU>? za1u70Tf>M7$@rx2c17bsW&?^sA_*VUm>8piC0^CKQsj-pqV@LREQ&61aOK>FP5E4* z5@pyU9mN4zOhCLi@j0iq0=+wdDZ1Yq}SwU6i&b39hWhd!cbL>o30n^V8E2Jo@=5jE9=%zvBt zUr?aneEm`J=WBgM6o?xIXAHB==E4>{|8zL1it!laLkKsp=@_bW=%A1Ndii{#-gl4{ zJe)rw=RiEwP4*+|*Qa?w*ZX?Vv%@Aoq7%(~tu6&l7P+A3a(d8&9U=Q$M0(7p^@WR0!m@pRb;X{MS4Hk_=W@L09Z+alji;oMOUF~Lpndt^+##eQVAljv0Og7be?9mKW6EiFG&)SaBfv+_ zpVWBWR=AaVOPq0#F4c13bT}j&Ve}`v1XmMP5vAHU#BbRK0p`43we2MDDH>;fv-yh) z3$Cnd`mZj41n`>nF1!FTfFN7-&gAX}Dd10b`53O@i*#HTn=$l9!gG24i25%FZtwJb+@(OdZIcmh)Fi`hG$_K za1seuKtiMfgk)c)S}?k%*j=dDOj0pQIJ=#BrD8~~n-yD;O`^J6Y;326>=|qE6Y4ux zjK0ZuR=(5n#=5VYkr@pl$ikAGGpuZ#EjTn6FlT@o3Di+1MHB(5>SJz)a6T&Iui zl{8Rx%KSG9bE1XaGQM_DA(dij3{#RQeo~4pCQO_H)F-9f1!4Fk6ue;Ho2BHLooYq< zb@3omZy7>qoLW{c7-f|1?@m7}WNl$B#kvWjU3kHOV9>z9h>~mVk=X!W6W;=Cx^dnj zPL9u+*gczh93qSoOu3U`ED0t`)&o;RjD9)Ji#3o1Akvl<2BMjFRv8mLUL|K4p$Q?qwQ?cLBS~8DA@O-^T0&)2jf@GWAJ3r%s$Qwe8?pOBv`v3l)|5wrIxfv|LZ$U{|*wUswwa7Wa;na)6O>{;9 zS5~+x_o!&wv4VH%d;a$8AYy6Q8p3RW1esZ`n*WjmV$?pLU!wUQ2|*Nlc%M-wS&pim`9Xw z-KMpSPqJ>UA<>dwrUcmV&mMB8FPEueUT{2Xxv>krvvYi)uMTm!U#q<)Bm<17{|<>n zgH-W_%s{ElphA)vPf*7?40}Ka*>FMGG6~7R`EkmoQ0UNnw%P zBE_V0hWVoD4E|9%>FzUVU)dD9;G(pV)%5I>) zF`kI2AY83q63b;=WOohSHQTMdC%YzlSXIGhz{A~2myV0Pv&aOGqptvH-!0~A0onIB z`s!fT{!U*B*hO!vuLSIz|CNIoPXD?s^arNWx>4I8E3*aIY+7dL0kIt-k}(>P8ze}; z;!xD~TIk(N>%jNGU8<)T*^ci$a+%89mVI*eOh*)WEO6HDt)bHAwP$8W@daq(aGpyY zjE?P=kL;dbtNk%81+#T~Xt(y-e{UFxnOEN{kuaO(2E40C9GbinE{cuDk__R;P|zi5;k z`>}Frry8eH|H#B!-*D{wGQiEtjhz{a(Wmrq)S!=kvLO1mug+WOWnL7?A_dJ=BPPw3 z@nmBtWJaS@G(=-GW=euqYHb75ifGUjbO`wZvYI+84@-w5eIf;kSiPKhR$O;uflNm_ za)POKc8eGfMoL%kVhVLU0yqKaRwYS9PH@s|h=ydW1r{AG>IC_e$5yhiQ*0t_*kAyp z!cwX9QBdro3&p8mtHMcT# zSrUg$I4kw1$9UI}T%XoQL|UC}>#} zEVzi_&^XX#u(T9^`aMtFuV)f>em3*6T*Iwp%0VDj(>G=zv3U*kftZzQ)r^~{tvqYB z;+|)ZG5$vIM$$29Ahqa`B8TB9r)iF`_G6k5sl9NtG;WqqQwjPm!XNw#rM>zukm%&t z`1%MUTeW?lCGS#wJxyx%^x9U%?FpVar1FNKh#z$Tr+yN`<=-{Q%Ek@lxDS_qAF^&m%bN>&+HUA zzx$I&@Wa_v#A;2emD)^Y$sL_l%41iOAi*Ly;z8iLukCV%X-Y>nKr)gDNkX$jyrN?& z?KplS0k+DeTb1sxm8Y?BWu@^jQp3{DTH4Ln)6krMqT{m`!AdWL9>BukonD&)EtG+v z#zDmu#F(Y>hR~sRYlWBpXoRoLIT#QgiyJuxo8@Qo(}kEQ9SG@HwY_a#3lEBT%UQ2Y zXoOz16-luRKCq@KPIQhei~^QS^rCvVpcJ@PxTD@$V5Jx>yaDn4B(&*P718S1-+`rN z0zPSs-i>rXEDo-AOo)G8jkXy{iN2l3M9C{%*{aD}`F)4O(B0rtj|t47iEouxaeCUP{r{IMgTtXF^DXpvgJIgeH_1DF-CJ%#3KY+KcS` zvKf-36hO-c#S?eq+&3mz?X04K5^drUgg}_rrlVc+ZO)7xwv!2g!t7dUJLF~;TKIWG zL0J#%1Z0JEOlBS&?dh(MEUJWrQXZ%*Z&OqI7+I%~iJAhVxQT`rR@~1g*Xx5iLSsaw zK#&GYu{kPj%(FlP%q_RAm{7Os3uiC%Ip!uIRUi-r0i! zdls>HcyrY|f2}?9yW3SVVRM)&EbSV()rI!K`tqY68#&h{GfU+Qxr|j`&4v?M8<~+3 zJjnfUGZ34sxm4mIa@kbM$4WK`4V|lRbgT$tV*Fq&+j34tMgl3o*U&j#OkRC^hGqgZ zvP3F!M0wauFqacB4wwW>qJ@rQ9YueGfkH!O^YAyE3ZQmQ&c@V{to4K|;>yu_16iT7 zu$}n>QbOKh*tURxSwpp`(>M;O+A!dX>9?So36|O9;c#raFIj%k%}!vMI~RLRl`5@( zFjup2!bBCF+8jQLb-43P&4j$0rCibj5bK;Y<0YbTk+~K8r{TS9zF)MJJY z0Th{raMqdK_?J5ywfShVr@+6pqE*b0pg?WfkPO27SYw67`dVUpBIk@Q!gg&7OfQ|P4X6dIi3>~t9ed$Vkv_YF-6U?S&vt;&ZCwvZbtMw!d0cWxFy_8+wX zR6R+9D`kD-hlRCH7`J`L~p)@`i<^Y4?@}n68>|B;GV<;yrsOj~6Md zcsIjve}c#dWjh7S1)GKD-jv9k{MiMNwO4Ce0UY|uGSKPZdZ9OLqXjg%HceqaoI$J0 z#-5<{8h!7bW&*;UHiK~iIJ-T|f_0dQ{oa+4W1NVBcWKdcLdy%KQ`tPty~}Uw_QVbV zU&UoSi;M?iIANUpdTtJw-kM8p0q4H5ZS6$v@IIHhz*xpIKigljP|%7rz0H7!eTQ4) zK4|U>G}mOhyOa!+|I%5k?VgoaP)&+!cin-$n?i9Kh^?TpPf^*4UC||1aj#-i_O=8+ z-*!H;xHZdykC$<-HP=B{XB~M%17b&VsxMMfReontItCj-ISDR9SA=M|fZihjnt-8&2e*0$wm}vlw2hI zkmuvS6!Jr*(CdtxBma;)z)@64bK~~6e&MV;J5jctp&Di#9R-IRIH4v^xreShwJREj zJ#Py14AjO%Vuj^i4Z-C0P;wnKt3dEywre6GfvTfDFkZ8e2=%jx&Ik_w;8c=dvdVVs~)R=^lhny3Ouk zx7*wg4%*EpVfUc9H#oY)d*mq&_AhrW{(j~xO~kH%$@6-%-ikS=$XgG3O3z3TVLH~%={@ueoat+>+DU|kFt~Q0)sR^kdR|`8i0BosgXESX zsT0+Ej;?gLs|Fq?Nugup{q#Ro;xMDqtlT`bhnLMIO1DiHz~y?L7vkb1uf}~2U5-&M`{J2g1j8tu#MfpDQA4ns~v7W1voalCBJO5y8tk6P_k zyVdD++TH!9Mo_3!1Ah2HM`Qo+L*@jhlY*L!P@m0aKp5*J94?!eKhZcm)^ORY#&xus zf~5_Rv@ImYU(2QgH+lZF3sbG8Q$2aNKjj<|xxIiI5{388eO>B5eRm@>jk9>ioXoN7 z-(+F$$}fL2w}AC?yK!~8nr4i=HuTk-!PuLYnM}_zHE$F>^s#A}TUJyx2d%YC$*U(| z+Pm)HC>i07$NU}Lm0_#i1OT=_cf!nX?5W8Aij$pH^(LkC^<|Q*v;xnFi0isBC-3ZpN8aMjH~u=8uN7{Z9&`_h)zZZ|t~d zr;&sDct*7Q^7yL?fVcM$8fSWA1l_I7#0$R6`U)enWq@OnaoTW63anLD`+St+97IFk zo$1Brly9kMm>g8#pwDG~}+rjQm%eM;V(#2*fcxHv`Ep>1?-E_aB#O}Ag+krcLgR>GZ zA}S;U8k;m95G9jMOLo|&ZSrEVgu`HY^{+9Tc~t7~Ws)rWX8^l9nVj0N6qyOS=8#BY zKD72^aAv7Yt=LkS-B6O^-5u0K$AuKtZml%~C3lfsF_{Wu2*z+$BnxR9Tu*CmyEv)I7rRHHi*+|Q#Nh@cz&AH z#j|<7{vY5H6@7)`HFQ!g-=!mLtTkt}x%7smu za|I7C+3i77HWLLHP`$I&o6P08yEs~3xk6GQ|MM*8nP^2UxLUW5Ir9JBUiY9N{~zw} zA8zIU`*{3=#a^xHE8{r^2$o5kEu=RuCp)qM0zK4iJ!y6JUCYzB_muXR$Q|$X*=cn; zt*-0SY;;q)uz|*NTRmtUwkii=7~V#Q&}|*HIM$bSciM~5Z(?`Ur;|J}z^E&pW_ zlUvu|giys83WiL5;HB+~t|6N}qK1&fL(xO;-q(-~G|9Xd=vWDZI+2+vgCmLs^zLL+ zn}BL5==@q9e5Gtw8-cJ&dR_w5s_H(>QxfWI3iPVXSW6FJN+X3~%u2$w!QniYLAc5Y zOuaJDev+yU!g*?rKbHp7RxCrBOXameP+gj`RlxNtmq9LNK-&b^mFn8!fLB)cK%bu4 zc*DRKmFAU(P;A5-NL5CzO$>owk?wk2Wm*d!@Rdb2J&L87iC3ur>!#U=YIAuW;@2tw zxN+{G8eNTb6l)eB{Ul7IDy!+TK+h-HPff9_5NsvAegbk`iCU|P^;6L5%A`7-Qa4Jd z>&yQY`rnkjdRJfGzJfwHNB?Ud92M;U-Om2e!B+pfk0%QU2LHSOOB}JG$;J=%X&Qz^ zQN83Tse47N(*$L^CW(k5Tl2QMoafdzE!}^0MVs4cip8qnc!`tbci$YmE9X zYtRy%ztm<_uztrj$*lIe)yX)YVKQd%Ie}8PgaS08+VfzFWGumZ--~9g6|7{Rd-9iC z|C$G_zyRi~|HJnFUUB^&b&s~||301vF44QmA3tEcw7^=m2ktUIjQ;!h^{b{nCYL0H z-A@&GMuG@)0b53_lE5-fy`?StH_)-@lpMY!(aCIA~3206}{30TjTqV_eRkU16$ zKO~J2v@+>9-u|N=*y zBswRs+A|up2k0?vk(LG2&w!^hSnHhJdZ3VCCDwV8y;QlTlD^^5CF+%hi(FhgJF3@G z95bYqas(pKt{J_m;VxUz3C1Gg@>d1slK*I;=B#kTmcB8`?29rYCZGj2DtlQH8B!sY z6j-mzOI%}PS8WX;Hu<=TFuNtuk-~WZ(vytJh$=M z^-bZ16d|)OZrH4bpn4BI-8*~=ExsI}G#13(^8&TKcp25hZ)dMuT(G7LGYWlF-`m}_ z?5_FYgPVxEI~|nJ`tU*R@`=C!xw~tL>!4-hlOq=3sQ2N6E~fyyy91!kvkQ{VEr^O8 z_%y2crKSxR1I-{l*0g3%7Q*cIq#_mRyJsnAKB*wD z6#7&Tna)#Kh&luo_yQ~=LkHIsqhH>>Jw2}>!{ALg$}?uNtCRf1=4Tm;YS(s$Z|37Lxx^#T15(X=4L>cs%mkl>Hu)M8wym z%EB3=VSq=X9c4@DYcU{sFu8oaX>>&ckYcF@%_uF$f{h5s>+p5u55GbqxxmW zB5FMv5f(h0h_DhyToHd_m4JvP&cjApC?(`tPNqqmo=ca0^yPY+p7Ud+HEJRP#BaZp z<>WcM$NMOKdlWi5Ubsl836YSA;*gz@@((F#lfuP;6SN7yUC$5Y}|Ym}we&8Ukhu zDGU^3mr`$Vjo-Pk9hE7anw`Z_c;F5fe(qbuLWx}(S{tC!OZ#~-4UAE;EOA6O2jm;* ziH(JR!ha9-s{S1PUPA^nR?+KQU(t#vgzh--K_R^<6WMa&8vA`hV}9myas8;Na%W=M zj!~)SxE*v3O93!0NeB7sPLU?xV{`v4&>6^Y(`*<$&7Ur8NMroXk zfb_AK;3dkEFR@MA(0p@=a^5S(%@jp>gyq)a8=7;t3j>LyFwsuFiHuVzuoRhz}nd9TIkko)nQi(g?-^%kNw(AC|b^=@o{ z>4Ly)wJFH;gMsxC{s>*!&?(E|tjaR@R`FyS?YTVRhi_gB)|+*~B#aD9=_X}u@7Bm< z4$4pSi?1uvWfXC+!JA6I&u7rzuSUTu7v}JT@k++yYTxvbH64 zwCWdYc>wUqP9zohHH770$mDI4EUf--E+3p}BaJO`jC@P@>iV5xaPQ9(fYP1*o~5`= zUsA0K?DDYR8uupknBVBAc=eYX@whh;k#7h_j1(pg-ji5~OYjeZot!qehKOIp!h<)= zH&oCv^@mu@E6V5XVPGtMKTz#hIruu`>QZR?A2t3##IB8IHN}`O|$3 zClR5l(?8aUmYFol^zrphN(?pZ)D4Qjir>P{wI#W~TI@?y`g%8Vl-5%E)P>pDDo8^0i2Ihpk%ltF|60 zlOFI4?-?rkK3kYr$o4fTwvch?hcn880!X5B%!a7ngRbems1a2NLL79okp`skork5; zyI3lhXCElCIGo4q&~4l>+G#x1(1SWv7#dle*>)#w?H8%bSk8z@p;DX?_U5s?q33|z zOQUDdWzmJSxLDCFJIn28ZZ+t&FcfGFc1b0w{OIo&rUEs9`3(@~&p+e;aQ;A{CnBal z5jk;-gt?-K^sI&A8W^0+vw)z6p1V8VC|{c9sI!qS1asj?Pr&f`{8KxXvacv+SAwR7 zzt$E|rA9^Ha9%tNw>H1i{SYC+$1NwuVl^(-!uv4|qtCzbdiMD^{av?UYtxP=?V1Hj zkAI`R%k%q~Z=biLa~rN2Po`Pxnr zm(C<`0*>3@%Fo5{{=bC!S20tT5$kS4I!nWFSk1cDjn?g0RByU3A_HDNsgB@eEoCi_ z{W%|_BpDCQv0>r}=(UW+*OvuL;yg=TgV$ZfDQk3eY>VP#F=SO~ldKZ9iZ!M=9bnEm zF?#vlSUiyfN#1ggbp0+Lx~L7@mRDVh`~$kUk55le5s}ui=qjfvKtO3Bl(h00hq3-C z=da;n`$0eV77aBdq%V_TLq#SlGv!rt?li|Qqptr>>lR($N$@``Hckv~MDJrp5$ayF zXSXI-^7p~KUdTCO&)3gz>->!sw;@Gz!^xjv?T6Z}H#beP#~5M8U6fcGy){{-Tpj=~ zkInJnt|fz@|gG7;WSkdOz|+fKcEvEbh1Odggiu2tNu8Lo7140Z4;OqN-iIVZu0zYPRq}G zF0(RJ)Z{32wv=mI!Z;g56;_rn#IJ)zDnsyS}12LE?9Ne8o9YDSXI=e zQbXfsaPKwYgkomJ0@h*gpD+cNyPbYt#V>Bl13x>8YVj}XGyp~D6Kf8d6$7B0lS?7^ z5y9XntB2o_2<=S8n3Cp6hX^p%8}hnbQ|Vz#Ic^V68@>$_#ysSW)V1uACnk#3zn zHad*eWB{lZ3TSnx0M@&muYN;dfEVC!*ZsQ+H(NaPCHwV~4jU*v2d{cq;QB8|ju1wX zO`1FPGp23-=@kwgKTucgJruohw_<3;j#r?a$zAP-IPYnjDKy57D2D)Ysg@U!Ek;A( zS70W;CaKcv+IgU%6<@R(9*$u(#{{U|Ntl!z1V{g1AILN+rdvGZyHMptDQ> zP;`KKpJo$&j9y+47{}u^R2rlCj>D;@HU$YW-l7XRIK9Tc!$mOQkIURULs~vXP(l<5 zY9iPVUkRK^52w#Fu4rVC_$cy33K2j4PO+R^g-Og;3-qta@z$*VYf1DkYW^s3-6#B4 z@@|AqO;OOxZCN8*CPQAgQ(V_20j(xBB1uPMBk@ zlt)305njy$Devb~sO0jGX;fg|^`L3$hY%#Ei==s07_e_28nEAhnE6~0aa zS*5rjEucaGi{eM%W=dCSJXi=xxUsYtjofr3+$Y=Hxe4m+|IU?ey3On7SQ?OdhbsHo zN(tTmg~T3fcZmRb-7WHVd$tB>gfK5Y zsgCDosb08$2Yx1=BVLsqliXXi^c5nBOJF95ijteC@EXq4)$n%Mu+=@2hoTBJj+h#}W+%W7>)%z8JN zm{LN2E@C&>P^Zj_&GdWBJqX=ZpU^w(zq3nZ%ft%()BlO^YL7xl!8_rWbB7B zp-f?G-pL$G4T=XSuJ+g5$hOtKs#l$>rg%kJo+!x0?c<3E#K435JtSR=@|0aIJt}qr z!1Un!d_mnI{NZoSP0?lfMu%j72My1XaAnWMUJB*2zq4S}8vD~WElP-~LxeY{0lYvE(` zf4&oL3u@{c7n$(!Cn%RAc7cTcjy|%%92`dc(hznMglAgM#f;aT`cpY$)6!?lT=BCD z>O#L%`84}#X4VtZz!?VutS-SI{APW@9(VzgG$?oX7r&xI-aW4?wZ<~-NB$x7N+0c- z_0O`gZh}Ug6GDDfsTxLTW6?3xU(AlDNM~sxM|!`^5-xw#?X>@$y}vXQsSfE1Mf!=kcyw{IEuMXIF;gl+!!ECmS%ys+zL`K82u|(A%+Z$!3-KEMD}sjl1{uymyD`JaXF zvSFyU&Z;a_Zr$W0jQ53=IFcVjM&(hGV7Y4G6d+%sn|q`hDQ$fb-KA4L8q4}UXca4P zIqrXfPzK!uk#@!TRbJ2ZE999?0?v0KGmhe}8g^gnuKB%DRSz%UoGr)#u@9znxzqjY z5B2Hqm?T~0j=`KfAn>Nps`!F2Aa%=3LA7P(*8*F)$L7Bpq^X}Cc_Q3FJ<5JE zYgxv-9=nXc-s!!8yBxqqSY6?L`F*lK6zE0fx~}@r9!PVM5qBv`=VhZeSg516PB(?K zhpyNL9BZht6q%R?Jc624>g(~zr}X&V>ndq{AzJ>9J_=mB48X-l+Xf&!#cBb1ql-A_ z)_MIsrUcD$3vwkGkTS#nHe1K%Z4%Xw%!>e7sr3Z9XokyMYHGR}KOvIhbv++bH#WP{ zV3%K`T$+hBvk{?OLin)UIi$%z_&)3qKmBg5u;yB_gFXV}fcvt*`N&-Th;dsUXf1jz zH=$ptf43I#+JU-km6E;$1UvLuJppd#6)gbxk6M7(XcFQtx8)^2W*qw;rshFRG6j-` zBoTmyL)za$@_dBvi$7|i{e zy?^a&X!uR-QRynuRT<>(kc1z@p+v$#FL1&B6(q9Q6zl1gWQAG65>57X{UK?D<;6j| zY7wB!lu=KOLRy{-$cWxoMXh7={hhnsb>=5s*ge}D^n&*ee4&8(jNTPA5>2X zAAl(phAm4*aws2S@eTT!p0Cq0U!72FgFIpkal0GZ7shq?vJ@*cbH{kIE7QnPN)Fuz zE%}gvDT5Rko+1+xDFticZNE#R%7LkvbBX=VEddV2P%Y{ba6XUGyyt(<_hZLJ3{Jli zP4^Uh5TRy+^RQd&T0yZy_=q#<->y}zIY_SqPZ|OU>8O#-ce`(8ll8;GA;TIm8@HDH zwJvMLRix}ZdDz>5Y`<-aeR_T(+rNfN@5|x-^S+MGd+3(0^INaI5188EXv@ew-Rc%z z>id@l=nb3BU1E}a|MxPy#1IYxdHaAc;j^~}vTmHzsjgcT z&XQ9@U{`E-;yJXVgJ?S#p~bfzco@DguEtL-wA(R)qH&3t6LF^#hd>-JFb3l*DGElv zW~Cub-aTZHf0;b3F{o;v;%wtN*0%1~L*c;%>4vDnqfBcYQ5Jtuh+sso$pkD<*q?@4 zA5yf&{;Gs5kk-)FPWeDu+f1=Z{j zzdQVVAiomC zr#0g|sR!WwUc}S+E12HuXFSZO=9ltE!7%W9<6G+sExzt$JdB-IIY|U#tG9_VZi2Yj zs%()8L9E}ShhO`rfJaWqmwA9uJ7|#Uu;JE}FRG8S?m_QI)IpWkPalK7lp5MKR;m-? zq$UG36al+4x@sysWBnJkPp*^47<8~zQX?C>S&-+=Zk-lU@PR z@pn6)*-uvG-Z-;&#IgZ9lC?nqAIGI_0DFQb{2TUODk9G4?`ucwp6^UxL4OofaeiDZ zWxU>=%3c^nXT=P+gYp$B?+;u^A=nw-0JttM!12f8(R*d)>a6P;<5>wXRy^u@%RcQ7 z@`{SpumI(s4a5)B(L#`bo!9+3ZS>Q;)6nkNn662`zY?#pY}R6Wu={f;gv`1&sjdSWmFcTi(AN>9r}tgiB3Dn;{dzf=Wk^(d?^x)Bb#1R&d&ejdnr@vx?1xISrhD-H zw&-NNS7^8VC1*;V``BxLJc_LtaO?N@f!?~q1VRj)VzCMOb8*Dzv(rz*^dMqP)xr_H zW=~WncVb#(mfySOzLn!>ndmM1EpKcj3aaf%DjVhF!Vq#2MDciGkRov0t}sx{9;V&9 zO(YB1R6Bq9VI>lfLAflr=TPMxfADWo4+D6(_&6+P0kTE(`W>_L-TY^Rm6#}Y>+pWO zhJ*VtlK8yWAepCptuy?i1C~6`co37r^&)(5`aWND&5f5g9T)b^OqYt|&Khzq)E>s{ zm2;w_5I6FEj=Z?=pR;8~ZZZPbTPG{&O$bRg40PPWy|NB{a4Zfu!s<8|_(7}iugWXn z7iglO`@dQ`Em+1eFZzLijNw`}LsnJ4$bhfsxd(=hraP@t&_6VP?O$=N3?o8q4^b=X zq*ANC!W1(EAeBIWxMU*Hm)Y>GthfJ41*I6rUq+ndNyfyQ2IiJK#GlRM|6H9e)htwo zgR3Q-9sODT!~gRKR1^xoOla9XXtQ5lwvbKNmMEIua<8EvbZtaZ9&kwy^-fd9Y{`RH zs6Dm=?&^d7;@`(wNPRiZFk}iOLKzlD>YWc2$z(Ng5VOa zeSFgPB@M}Cz9zZk_N4h`&5}y`k2u{Z2tIenfYYX3O$rh2 z?X3Zlq@0Z=#d<3z%#a1P;H_mx?2*fI(IhsX!KQ?d>))Lyq^v9ctY3icgF>Ybz_!B$ zpf|n=9`VF97VCb1gthBcEm*c9F%{<_OlCf@qEIHhwEU=u2D3(KT&b8mjH!@5ZAT!b z;8s>siz;d2xdHLUDx9JbChB4m`K5qt{>;)Kx!Ra%SUTlMu)B${%Z9ST9R6Gj!5TIV zOeiLu{)h(g*#(JmG97=e#X!D5S&`wp997V-^^c(`m;&u3l1eo=tivqoqI?6&9xKlC z>XL2hw1;sLXRqvHqMenYuI0il*9aRuOSPb4ru1+_zBL=XCM-#N%dD7ej_^%FpDkQ* z7L(C(s~Isfm7@Y?t%(N#aQIffreW@0@NnJdwo2LNg>&MAY3g^)>g??v2PH+MO)k8XH}MS>SvNk4_t^PK?{^&8djCikiW`obfV)#@Yz615tM#wbifewRkgFZpQdP0{ ztue4D3#^uzOTi9zB*go8q_@jTRT>N`Pma9KIBD-s0Fyn%=Vnp54^n5TGYJI za^NZA_a2gcioZD0Lj@+_QjFpG{1{!Sa>tFG0A71>JdP7_%MX*R0bH0amLWP*eX;Z~oFIUgGrQ4zr$DHhDOz?S?F}Sc8cQT}v!NqBNPpP)Q zw7~aSBg<7r7Q&gwndARJ6VF-d3RvuvcQ5fufHlX*7!CbPN!p$OjZ_&Hx?I|7PNaIm326eg9x9jx>IMum%FZ=;mlT>#Au&1e7T_0H!n>q@v(Q5 zn>^!Z5z)H;4%ic9{F+3X+|B`DOHdpBvb!p(sUsW_9Sz7*{yi?$qeJJHa+2g?l??B` ztCA>M3tf(MF)BqosLn{oy?at8?8~fP6MV8R%59ibfXiVi-EI<>wWZsX$<9#GB%Z>r zmhqut;5XZ7#-Chx0x}CklR~-m|kw2U;%8LP9S{YwbDD>T5VsBfUzBRGADF_MURiimJ+{o&skZU20c^Bow0)=O@9UMrYj5%>Aa zAt=nZ+#hAwZ?(D*zZv~dg(St0BP2okZ*c#e&HiPR-)PPhF7)u+Xm$7s)tnWd>$=yQ zkAAdpGF5WCDoyTX?U_RAuSA+G06I3|w&vqR#RNN2EWg+TD3PfP$?RZ#M8UxYW@$W!W^ z9Z$#N98b@mFq_*fJSfP{w)I;U%%9>>vB1{fIZI(+#cm+=tbP(=8H>X==seZPHt_C% zmNGos$#J+0qE6Q}l^HTn^jKurJL$*1e2Q_kc~t16l-bb6T)A3XKB5gYo7C?E(>3II zXIK57nClll>`DBYN!1dK`R2$U)R~O;GuHe#S*CH|eACDj(KS}d^UNlv&l?vR_pAr; z1bi9_eL22YP-KHB2&hic@*`MkY*=Zp+6<9h=nzrV_tI!bm6!Ai4o(f*E7tDZ&y~A9DpCLm+zs@E zk|{u+OGMwk0^7+B%V6m-YP;cZaI0*=-~}LWE7#w8im1R zjsNCpJ3dN^p-((*>{B#_#WIVZ)1XTaM53yT|6yxxJE)Kk=hwRh$dnNKnB50|H*L#RTjAjml`g~}JBB49lrq&;99;G5P_Rqq>$H#yAK8^7FZ?9)_?@5Pn6eHi- zAbsrSK_a2Y`h}^DP50k*J1_Anqw9jChj@Neb+M>Tf(*}vKU5z1>qkH!Ij5d6aMQ+a zMO-RL2s7!-RpiaI0e}#i4 zAx_v{+M9OOwamp_BZ?za5#Sawq*0PgFFh6kD^d9VVj)-b-vPG1RQ3LYI!+qHdcP#zmAl^o#u8Zt{(oc7L^;m%TlkZE(6e? z8UtPx0j(<6^-o}=7{?q^-xI3m&%{7=&sB+j*2GmJiNXro=EA0lq}<%0cU0Af_~N}4 z$2k#3n9l`zS}Q|pS1cj<%nX5;a>(fu}nS^YNL_YibI^k@kU4pvG%MX7SJiAMoBzwD3K)E zd?N-d5dBFlA3UC(a1bBgW3;X2Vn+rHDEi4=- zC{bO)`d8JFe)iSn1kWWUv|7Jtz;r}g*%A*lIrIQ+NK^%S;TPuG+S1k1l3;W(1bCx_ zpMcK`8+J`FGe(fajzhlpDlGYT>+n0*h@?}1n?mqK^8O2YG~QR9XqP*6h|^+$y^&}l zZp$ju%9}_7?b$&xX@;q-<~z&mB7#v!bRke0{pStTK( ziQ&1X%L+(jKkY?S6RVJxk8%HldKAS7c2XArp3HKi{eyLwRFVZZdYDp~!*GZ& zA4W{+*g&&d18@ z%aZy(roKxLU*GSP)Rgmw-cfPU&+GpF?|E-?d{c1EP^2z=T@lk}OFu>2PQqbg{;jLA z|J<2tN<|;!c>`%&a)3Aa()}<#ut~89=jJXhy0ywS^oApM?7Rw_#tL2HTeF_71pd6; zV%YoBcxV{kgvypIMS@$TH7(D3&|B?%%mb2eHns%_C7+^*w>|ShL2+0mazsJ^YzbCe zs^=qn*>oGjZ&#@!bG5q7sjC``qZH^noHAGWv2V?fP=X zruULl$*X?vOkHAIJIQ$88`F?3iE5`kLWR?%We9)e$?W{XhDA@!VPn$DDiQ^!Ze3Et zsuaqjX9k_=MOTH*K?<-#8C1`c!xz8DPv8E$GPB1l?_YU_)`Z>^c;>X1ea7E*iJ4qBMLidtxTecIrEJrhR7TTtNikX{%-`{ zVBD%u{|e+48H>sfKjXQkLRc6VN(vQDDb~2MS8E(B)n@u{JZmcJm&e&$0_Z?JCtAqU zRk6BCU&pv``Jb_t&|Z&xaMz4?xEzMR7RX(`ElwVf-=!$t9wwJJywMzbf2^teze9FT z1d&5^=V(eE7(^R6O1~iPMn!kyqW*7;oqxr9hgWQ(EfZX)&ReNR=#0>5#{WduasS`x zx(q|BqddRL-+t8g?v)DeR)Vf3($?tcnPw-aYAlk@yLS?0_tK9CTo-{g5i|#dEXsfeO>O)Mk8A{$Dgb?4{+1# zy#Y>Nwe9O1m4R6D(k_HTUb!QCoZj5n+kQzc9Nj=ozzo6%Roa<$M2bedUX<0$ z=<#m1vFsPG9~t>-ai1RrgeWx=?-T_o%1vAg6ap!Eqs+kWy#k3q^%|b`ATBUNh(42) z`@w(3s~X2eIaZZ%I;dj7;bc)R=Yd1WBmQT@5 zW=+A@e+s{P;q2Xt1*pC`H@GtBV6YQ-l6CvwpXs;v3ZiBGi|ZcSH}rNU=v2Swwcjh&ya^QCxKOlouY=L!NST5KnM3(RGNP6 zb#qpD0GvO{X#r}Zi_ieoXn^T(WWOdz*eoactuf*){((uie@<31Q!GFDpAjZr@FCu9 zK2oELs+lrET&Rpdq#)U3!b1xbe7*>b%1zycwTyi*15`|r4bRI1w%ii~xB6iGZOhiG zfi_AC6~n*5GSa>{iZ_MJHJx9>1@b6D9fkF{%pt4ES+&|#mgtA1crWcD*a%or!n9LO zx&B%XnFVnd`1y$+uQ4P(1g0Em&l)Bf*8fSsiOxWpvK9N)pQaNi|x4kQCU+&4=F`8 zZk6Xx>rB`OL&Su)heR9M@(47tW!Po?P{7~BLV;LNM6q7MzAYEQ$GY6S(qaXUA7mIE z0eK(k4+%m%ZmRIi0pLj6;^jS?zE=BgU76Fh#?btap4o)rNX?)xFaF~&i8k< z5R#7SGrA4Nd6s1vqV{NxTYp%`wbo5-CKW5{yw0NFl;&BG_riGJ0!>8NV~++;XCUR_cejl2Ni}|X!W@HR{!e7CBuW`|j6Ck2AeW&5`eX9qxpzDvu8;cKVz^sQH?c0#XeZrW z`}IU`v7YG}b$+cd3#VT+!XE<@75s#BJw8Bgz5J-$SNg%LEQG%oxC>Mu)SaahJ{TpURFb>2Ps+Kk6xDvt$ zQ9W6ct2{mZF+!?fiUos&lfBk4J2{T926k!25Jj65+aniv8;QXv%ZRQf=`-WSbo&M<~|*i0}=M3pO*|7bJZAw@gsAa0=b zSDhny9W|6>G&lP-Zz&l3iYjBe2R|LLFqaghu=TF?CG!?+{A2%_V-XE|YL>vgN($|21sPLinA1c6g?d?izsl9iU=-_>X<%Wr zg^G1pu9i^24+f%U$f^@|-_20XUzyQ=g?lI`xc|;tSMqMhuM_X|`t4z_1+(MTRD0ck z&JKq|Jj+}*RGvCPKw;e9S>0pd9W_jFG;sZo1lhvov!6mo4cI4Kxf;MtX9@84(ev*+ zKujqT&@K022aj_H@%t-e$pBCb^4-N0fPK^Z3=gjj*!jl`zH=C0d)ur1as7X4zVj2a zw*Bi?x-VhOZ}{8%x~LmqN7VeXL;K|x3CM2xkH*%%U+c@x{bBELelOwjm>>AZb>Zg< zz=^s1zs7jy9v=VKcuFq+ynCzUu_*Zv5W;52dW#SHvJ(nH{$Bmj8@}|9&H zNLv0q=Cw#9;CsAOON;-D@NB#$T5^CvH$Uc!+Tw4eJwvO%%uxO}Y5r4rKvz@1$0`Sr zO7@3YAKqZ}pJUs&Xa0MHcZ8uXt&i)cW{32qtdCWUH*BTofAr?#;^eeF>XrTP z#(d{zX5|2=e;Z!K>Fb{s_pAo2{=+BVVy|8TRP(-V^x~It+v`Oh8v4%<=>N$B|0(7F zsl)pY^Ry43*L8F#6P!d74z%k#3>K)*0dh}TpF95!gJ#1o28>;}XMhyOF6;Y_KVa(u zx8((Z{VzTL<-7l8?r+!r`|7iwn58>F9}2YVpCRzRYfu~gol5vmA1(YhXRVI=NgMdD z{xbj$x)1)bVe4ONe@6%H*Rxwh;=i6-eEx0DZ=GZ>B&jC>aMlBs`}`O;y|JF7|M+$K z@8;^Yv{yl~t!SV99uC>vVMMp=y$KRIxXXlsG!@PfN zhxnIB{}vH2wRH3G52GD_u0I;tCs15yB|LOnd=O=_eFZBOUj`;s-_)nAe znpOA$LOa=H9i)tLs!bI8E*|{8qe}F1XI#<>&>hbL!PR-v zo<@1{csIQSKgJ7{a52b) zdSZUp#*T-23gmlZEja9TU?OCR&O#LWbYPCi=ZD*>$B!wbaf(0zu#e)CxL?YDc`?C3 zMu$)mYyS+S=}xVEYEb&FS1Wn5GoBQM!=%bdei;Y^Pyf7>kW!P(iPETxX!ocMvPPXpD{=^8f z1ceCHK4*Pr$pV)VONu+dldEqYjzrj1!>d%v^ibnlvZ)%y%lN=GlZ%MF{9 zvW4LdxF439;PeXAm<9}`fx(07QSLf#C|$2QpN|hT_xyEnFRB5$C*8vCqO1FuaRs4_ zz&Fe~_J}F;MWDs5p7|`6Q3Pi}iB{4eSpzUF3b&{gM~eJ7>)8xaoNM-{<8rSm&dA@K zD6TZWcKM(M;!Ucf;T(lLJ#YvY2^5sBKWns5KmnL+L69!9L1Bb6q)uOdUf5qnHP%ZF zXcrRWG}>oxe>r+b3-;lM7}sRJ{uts}wbgn$YtMQB3Lxh%>HdRRlE`m^*x*%uVRejKc;7tuoZX#5#1@A3LS2S@`A%i2 zg!!dsiBx{H*&@bn+KMJkqZy8DuoBkn`d@4)`-jIV4d7r_mmYkpQWl+g-+z8_5u=J2 zq)e%6SlZg>@aKW`Vuyrh$T1v~H5|-y#!|{QF4}pLS^Rsps2wD77V7SWjZmqzDJ?JG zt0$Tc^YmMN856{#Z)K0ec;F@DJx3L<@+f9%se9sn01)b^M&GqBfL8%@SoDEK({SVxEIYGNQ6R@6J3#Q=j zBF&}SVMPH_&YrQKKuLVIs5k4iNf-0_W>U2iwoe)<%`FcLc|FJ6{q+sk)`4v#lAnYG zWsUW>gYn+tsvCiceEs!Ll;H#Vg@RB0pv#=3TJ`|}nng?2&ROsVLe45#!@YnR`XiLimTPBo zM*agDvBxnTwW8>C0d1@#IWy>%$$HQ3r!m$d%32~EhBCwL7U~!7If3XFYxJil5N~Bb?Dzpa{lo+}eaEj<$WLU2O-GPC6NB}_Hu-_jUCY=ooae*ZWBe@Fg zH3zdks*Rs1$s~2?M@AsiUEmP&Np?2o(mgsNJW-jTWHn0MG?S+xq~+V=m0M?azxxh+(mHs)~$r=mx_>);sJLg8P-` zZMk=qFQ@wyzXLuW?y8#e_dK(ZSQQga zE{P%sGMjjn8%~w!4cR+erQeTp<|bS)F_htn^9NtahG35&wLsHHWVS|3qUqgbIV$LH zwM7GQbv-XzGOY#*U$mJ%yv!+M+h|pZrJ)QhIadebu4fXX)VO?5VcD1qdU}0>wM|V}r^C}NOAR8S9 zdV2dO2HWx0urt8kyctl5ac|a!)XOKIG~rG*dmS=+{@-G-?|{Ezuy2#?nLs>$#bD)K z!7*6M{}zLN2adsRQBCij^pp8QK)r$D8}TW~c{ao27agM~OMl;*dqpIP zOmjbTm6#W~(+VaCJ%@%JgD*3XU^49e90%^+DP7H|aNTaKjgxuy$lGY}9N*gVlev`O z7%Zh0I0lPYMgE?Yt$_XB-56@84|SI0_(kZ9*s4Sc-_Zj+kImi1stVnCdMzw-#-+rK zZj87^=8-RlWT~GWmX4VGWDH_GlOfYmWf|U+I>Dg`DdAPDLV*m8 zvKLv<3RW}yqBg~uJi;SMBEuVjhu__KztSQRwjw?1nJ$Y)J2;3w*)#NhST0ujspHUV z#l8>7W&Gs6|Nxwj4s za19dy(DV0n{?JMB$2ZJcb)g<5PxFNNgnLk{9=BsA6FiSr_k0to=2_ZP&!~i-rq9}h zvfwgXb|xexOa{J|m8v5`K)Xw*sC`Y&z>at$+6%2L|I=OBV!n|zDt{OD;?csV5R`3ao(3Nn2y}Yj$ys zy1Y@uid8oQR2!?#=^1*pIu`ZKxLGGUt#x&LHd=3d6(fc=hlG?O3wM#XEq2iKs|v$y zK62_6Un>Sg(YTci*y zs_@fdSk&KrV~m+BnbI;gWl8lEf8Hsc-vHha_&ZFn8iCKUA2n#_>dNl~_!)m|zX8ZC z2A#2Pew_TW0k2!rvG>-b2HnW{yLWkD(XW-CFD1+e$c5yO{=eTXcHuWm0Ip88n)LwJ z@t-7DyqSnIZ6-nsTxkpsNwdg4QwH^y`6@ij%n$+Pz=q4{Z$lI@xe9fxrK&zDZf`@S z)u~?(kJBc9C^);g16mWtkwZE^31WxdHcdegDt<_;FmGcmF&&>!_G1(3SEo1L8#fYi zv#mvZ)IX%_0_{p%OE|HN2v@T8+^fQy+v>!P(pRuo#_;TRWV)(L)SOpYTa_zS)UuNa zql!0h$2!_~A1ZTXkiN3l4^30#o24bXvd}?2j&)n9fdaWt)_v_iDxz>H-Y8_MvW#lb zjIH6EjMVBC<&UV>{-_^HBj&J|kQMqW4#%fHwdt7}xuvaK4Wpoiyri{#K8}l`NY*x4 ztiIs=2pTW(C=txDRf>3*wDXTJVud)uNBHQOTw(BYzr`0uH4gXBUf#cvmv>?m-_%QH zMm;PTtX2qD4M;R*C42J^I(=pDw|ci)zAj*F!1_&Dq}QhCth-I7s8Tp@L?<$U+ucS2 zdK`Y<9(sSi{5z1Lo@xDfpqBCdcZRyo_wJloiJ~7J+KJy}{1ouN<+p1Wxy$y})8Um4 zAIz1W3}mSD8Nv#be1A+ovxv4uJmsdh);S58$4;8PIcA{B#pi(V-uIdhaQUfij>WUf z-JnSolWOabmx9M>GV?lNJ6L#VzpAD`FJC_6-r#C8H(!IKt~b}R(4?%^z+ul&qMWrN zrx3kd;r*RHOSMWZo}*I9O5|XHYAy%4e6At$rfhybUA}z6n(;s*TUD8(yh8zlyQG~5 z)>IT~?6}42Ed9LRTp*`&59+hNw6~S`;m^Lty zQuxxY`yy}4KMJez^kbodu24j8c+m^5pJ0(6sX~)xa03DxF16}w@-N6e-ZF7mH5#9C z2F+COT&`>=AUh~%W|R!?-RlIi!t8@1*|?#oNwdG(APn5m!~KimUJKf_sNkLRWeAMt zC;3&XTPtEhYg`q7k$h{L2YQmloA<@18F6ZAtK*VmoNdL2T94eNFUKAkCSna0l`0kN zqJc#-@;Q-aFeGPrQUjPQYy~cyl?Jg1N$l~FS!Pxgnq}6i-k6T_2}HR=Q*j2xwOK_Q zKoO;-B7B* zAlhY)HKPVEV{@rcrDpcT_dJa%VoFduaa=r+fu;l{rbW}ri@Ieix zl8vD>>$9h`R|??dbw%+UN6nXKIL!9pbNwsW%A=W{?t(wD(B#MUnmG#RrO=D}A`rdv z<+A#uCt^v99MzdtL@B})H=qOA7xm+Ogy*U>W|37NjZ2b%%XaAJIaSUM1khN)D3SG+ z1?MtV>&H&iKwSJn;@2;iny}n$C(X6>*3s5WH#q~Jc5vRg-*@&VegsWktxNj=D^lof zc%cT+xJK%no*hgl#@tn4=cRui7IlvU;_$i<=6qvk+EZYI#Bz<5({w~cMwvPbC48{$x zAZ$fA*!7edlw!s2ifOW1-=l7Iv;yd?27}~1@0z4!ul;dVo8wVR&tETccL7&Vr`2u1 zo($_!&~>Free>n{@d$GrA%3`80QHtilHqycNeC8x_tQjehnmZZnYJT}nvUP}E;rH| z+n%3T-ujwI;x$4dG~%bX@zYC;CLKvx5m0FaCDyC)q;Y>cGnR^yab490br|8`l5xpW z@_67@Rlu7 z;b_l;-P5p(HYi7Bvc$nnG2xrOC8Sb0z)g4TAA@?Y`w|*W76=+V?60SoSCl@O}JzL(3^@TJu2?})(E-Wb}^$rMLp;;?IH<)hVpLo&e^xt zfAP3)no76#rk`9$g(p|1V)^?A8m`Msw~CNvG5U*?dDFEXpMB zwW@3Oy{#z-Bxux${oDT{_YPPA=b-nzBn0D)0)$v_r3z}5)eTJIxAvh?=wxJmyZpTFe}A;@KHVr@ zmpnmR!!8(EoghriVBTVujKdD4h*si5hGLV;A5Jj+{JerWnYKFSju*1$QXbt<$kSio zwToA(aAoE0!diCWGeLV$2#L%yuWgn4X!;ov6Z-qAy(yN7d)Yr-c}YP>zRRp-?8#TY zWgAay;?qo#tU+c%q=isP^x}7+vGN1j%Jc=@?CAuz4m`MVLDQA_+EparQ5pl)eD3*T z&M#$nMAPh$5H~Aq-x73xGivw-kQ{0%c32kGJwg4A!jqKbrn90KDZypjzTHp<#hXh&$(+}qs0`L=8P zPnxeIRbTf`L{4-#IV*`zScm8hw2gxMoFNEw-@S3RhUF{+x9T`^$a0`jfx`thlWqmG7gXOPFYf)Qxw0WcJ}aw#%MP`t^x; z>d1Cx)lB)MlI(m7L%+vxV{zcRIQ336*B+x#U*NbbnnGAo|ILN~W*Yj+Oe@(-?PB#h8C5hi z5RR{)_Q65ouIFSqOxCz!2QBNyR9t!gS_K)ug3JtI!m_WkG&j9hSFcUDm+I>@Vc9$K za^=syZf;J^VTC%u?Z(?Asj`Q zQe{%%cjA}@(dTV7TM`X?sWMI-p@oK+yMPxS)KImXFDjIw)e3ZyciWbx%xt>^(s!T7 z6y;TYr_B%bQ*6i&*t`!|+u}zN<9h0hQ}w!btVZNhnhQ7~7k(x;L}CzXxwF5GEt|EL zy9=OfK}#*Uep9TPmG?j=v*-OCJ5IoLp+TVm20NLeolN^l!97 zs+C&=l~TWD)M$}zjyct%kKc+}?~&J{&#U9eG)a`vDyL&#^nu@1E0!?Lg5>8v)0*5P z2A8Q%P@`CJ^=ltp{kc`Po|Q8&{{wbX&n4D+;6&o*lK;OKYx zcaE(bddY_}HAbhAuF*jcrx7a%TVw@X!iFpAGynlu&t40eZ3Pk#SwtWiDv)BzaA=FN~e9DzOKF;&}Hdt$6 zFnZ!&YWX1y?%G$?hr?ZJhWbhH-mw++iL%io z0Gn`-&)PgxXsE~*-k~X;oeZj#=Nfxh*9zSd0#VZWX^m9h+7V}+*^v1p%G8o4$zj%@ zG<8R4QRfo9X937|#e-c)M0r+1Q38WsWRRk9y--h^pECN3#-E(q+6^ zy7jK*&l6Wm>+GufxPoh*BfF&?KGL`Vw4so3@=)(H37Vaca2dV@h?M6?y*0gc2Qc}a zlUubZHm4ho{m3PCe&8_n4&*=RBMx*1t~=uc)}-IxAuse(qvXf$Y_lPU?MSZGTzHY4 z7N8_z^5}p$hc4}aa-{HIlH29nIr}lA_){raoyOzcDm z29GECOAb!84ffM#Ew53Q+Uu-asm zo~+^0R>vRM{%Yx5;c&aquCNYLt=%C14e-apOl3lX(Vm@lm6yrD-q%lnBbhz*J&Qo) zhpYFTY1c1z)IEoWC4!v|p~@`X)EH`^enMIyoTuKI)w-73b*-Untl>*pOQL>h5?0vq z80LC%grg(r2O8}?5@V>6R__ojJMCx#S_n7@y}K}@rG|cxMum{2JGpjH!RNziy!?et zpjq0J1lpQVpshHteUlRv%yQq`KSv3$nj(ksfp&56_4Qrk^}8!;0*>cF*(WH>0}n>1 zoqR5_iXpq^RT&Kpca4^vXM{B|?U5=olAw3;)CF*)oMFX8C*$oG@w>srG@G2b>vshB z>BHv=#cX@n*=7HNC>AvG*ob*PweIM9-0j8zm2}) z7iOdQ5exmv+W0**7psAmuGOGN7%2kQdt9bl`C<~=pu!)NJR=lne&~+rR47iR4uVsN zpY(gq&Q$htdf~+9>qd3V&ARUx$W|l5dm1zt-bJ+J-*e|WXo;u4Vt-nL&&&+?W}d7k zBq_|+^_A=WtPn)UO`uH03hkEKf@D?<>`D;*wlqPo9h;G#Z^WA*ddP0maLSM)#Td}I%x;cnV?+ag+lxqtH%Bmv^C>bGbx z!uiA1L78HLTfH!Zs4j`Hw2pTXV{*_-Fa)xcJDOd2CH%hB1zIik_s6g zM&Bf*Y-*ZNzq;IMe9OO1Ch_hjeZFheA3i^2G@KLjeYFv_I2e8ZX=D(yb@xOwbiFmE zIe}YvcRLr@Lz*0f4?HB*J=D=Zri_QXMl*$b`U|Q+W{7wPZpKL?C%J96S51LYPL0q< zNSH;Y349MpxnHU)cS@)--$3TNOXOH~k_qR)-3DCctxCsc+?`}5Mb9(I5IJp=5KOQj zu{XTwS~=QIz`8ig;qsZtp52*`*sd<&_DR5u;OW~uDTjZ6$45rWqb7G;x~#!wfuHD+ z2(sSsg=~!1g1Z-x5L{c;GtiY{@?6Z;J(L$KT^E&z%6XTKK<5SfH)^3)sU|Izn1_LC zsr7R`Johkj(j@kU!@P5l?At?<%MT21B}$22h*&Y+fYIZ8y?V+5Fw}%!@1Qs_y`0KPM(}JrDJrZHGBL|zw{1eSAu25PIcD< z4Jtwge&*QJ_=+u)SkP7r>8ftry)*;l)f3n;od3p;*2!KSG<;5 z#fQP^SM=g!3Wu{|qVjLt0%=cyzZC80z<~Jk!_YEBp6q5Xji9%C_Xy5MN6{|%sHa1s zAL@-mzefEmUEZLy3p`CxW1b5II$%yNT1`bh(!+s1bPtaa$sO52q|#5jOmZJ`^N&Jt zsJgZk?vSO&3~VP+XEJTaO~H~iw5w zS^;F2&h=1vbM?K7%Kj_-#<(iRL&^48*ux(>^J-evH^GY zkcThVemyiomET%SUcVFi{ksS3P*Tr6*UpUgJmOBlLx`RW_PTzjDIxJ)B%Bbai~+F z_C%Vd&!!-m$qt`uXIY*+A&MAbhy~WarO_I~#AAZxGR})PiYom=r;mmQ?I$(I_LvfR zz8w#H$Mh$9CA8VoJUX!gZW3f?zH_~XD~;_ILHF{Ck58A=__J-kW;c(d%2C!1f8dS< zm}+O^f59C+_ty7+q2^gM!Q@Y16|`~nc3Ie`=shwdl6xo$%rWmOD%g z6?>OBgdE!MdXEl{H%god;t&v23Cy|}Xig?o(?veT9F4tlkn5!Wt$Kdfjvw3>=M4< zQVOw=h7*qku^3-*P9G&gap3F~xtKs`QKEFy1^gA;9_NKlRZ4>f zo#j}s6puds@_L8=V>6jaKsI|Mioc8RX=Ib> zA9^}G`Q>Nch#AY`&Dv1?)HQ%*)}Z1Qug*yC&=ms$^Cx20OU^9$+OizAXIqX24`8lA z@uJF6Kws~C-!G6-&L84IYcay`ye$!Vi=!Qi7xfVO($=#HXE|elqRtxH{iF{J}AxkEku87ZEbufKYWeOuB=7L z$r>FAy)mC+Q?UI!VeU)??@L$T`yam*Dc>}O`u^l)DW|sBKyy`o&uKOHsb;)(&!+Uy zV+#Y};!b}AH*GP0c>&JnnmEyF=9j=nqB8BafuxSQNEKq=z7p^+;JV6xkt!G(V|)Ke zs=Py0zd+X;+z=;eE!dyHzaw3pS9WxCtZE)wa1#!8=w`pRY#gxmnj!NygSDSjWJ9N{ zfX_kc711#%F%w>GXlr>?+oR4&9-DYrUtbk(IsbYqD#%~X*S1EL-HkKTkiFui`|}C9 zEw1yNtOoU7dVKp)%@Xf=b`o_$;LQvPI9s% zGs|$z_vvc;?D4Mw3V(XbHd5A<3;zj#ofF^EU1`Vqy8^w(@0Gh}!ygk9V4*keQyygs z$JDC$C!RS4w3tWpT!9m>G;xZ_!u~{*1iQMVw zXpjz)6vh!!@kl?XnOGfL*NY;*5wmFza)cT|+N?xBLQP&M0Jc`U>|WI!feqRxfcW$d zZ0G<37`^h}e8{_#)mjH{ZmfIv4ar&OdDNxW(SJX)foR-qdf#Z+63;n07^vra5-zBR z7<+!)p@AkpsTMB#*63)jbH~#xs#EZyiHlaI0ODO_9PsBk`YSM5tybC5Xk-BmjYiNJ#S_j9Ev;|UNuQ&ZYY&YJcBe3bzc?tTp z!n^MHC*BJ6JkHCWI^Kn(Fp0Ho)R;!VDI*0lkhk{HKbc_%dC@Mq_m0!32}@ur*;mt; z4Uv<0(?=xuBX=SE@UPVYJG8oS97@l8vq;4`LJW>1;tw~H8P0{6Ez?rT>ZG83vV0~Jc8U%Dp{|&$X<;Do5-K~oN zgVbW+6rZObmk9Hxi_0)2EZ9s1(@oxgbqsSw{_dSdN{WLh0r5k!zB&8bkYUzm+H&5v z2`kIz(0*yyisDWDh7~hdDIq?{Bq6s8HQbcj@rR&(iL%Itgex=j;KK{cUqd$-Hr%9w zXFdMhk14DV{6{_hd!bjQqaaeC@ZOlS-0I6(tM!;XMa2Qi=dj9y35X5t$t<@X&?``P zU-fFgGt@!#(zajHHS{f+i?)!=a8@VFZy>R`^)tnL$CYnOH>1OiB2s5I|B`GEolCB`?OsrAc5G)I?U=)oTk^3meuU?JM_;wMw4eBr?VlBN7zMzvj zmI#-6#WgcAZJ#TG%3Je%v1cGcI>$1|Z4iUg{B0F2w_%gsTw_R@hIK{{Ic<+zD6Sr@ zKq2}x4$tts2N_0uzO38j6q+sCpaH%2ioG&lPV z)%Ep>%;FULlpXYKEJ6q<_90|L7!B*x5`NbwjpFCU=fG7i8lv%D9t`|Q_Tl>kiyvYQ zzi!GT6V_UDbZZNlpbtqmwm0)LvFF)YAy2@w1!tv{VsG%{V%5yiRzeVPekib!m90zw zy?duGr0_)+ku4a;uAIyd1)r`ZK_gUCHcrFP{Q3hG#m~1D4vStwdcSSh+}6eU5nJAB zGe9Ll6Xd;>cAKBkZ!}5J{_#!B1>cz_4~vUsM}1!N%4Wrx0W6Vr{_v=vk$XY?mqNP6 zoVIwPHTaOEf!1y7{R$ZQ$=$hO@RFsxq zAZs19W)C;cG_iAhp zXFTs&qtUsm1$$Z~5433hk#01-!na|{LdH%8Dt6R|VP`sDkDIKZ7(>c8Al4ysMWJ*S z#S>AfuUw6`@`8eP4V@duEJL{Sni&End1DerD1YF>_Y%O1S~2fJE-){0e$MQXk(Yq& z)Ep7b`eTm{7E;Zkx9R^v(f-gZ*+1Kj>y7EZ}&B3F5h08!gxmMN)=Kz)wU|@Qmn1?L2fU(7<{#P0h&rI=DdO5|QAI z#ArE9h^+jBDe^e1SLp<(0(+?l^t;SeU9P%3e;#pNEWiox5A##Sg~N!&_2El0jA~G9 zN(fRMB^9YJ-20R82;{7)8rtqMh~aygVJuC&{jzC9(LlXiiPD^h-ccx%S|)5h!@ zd00I}iMg|T4|CAGbD?xpKslypm1(u7o-j;$P8?Vqjs9V**mJ8c!1OP1v?f>_tvD0+ zKgH3^JlJ4yv=+n{qKP}$UFx4jU0~#AtJIminiOH!R`bWvKgds7@jv2dCe|kHd7cxTTIaBkq>$BO@Np}MYoYj6*>k*ZsVl{>zcH;TVW@71ScUUXiN2_YW<4xZrJXU+b6$KOSknTs#i|7D)RUAuk*= zE+_uxL*V5r0KAur_3peoU`?v_VFMdj+4cw14UvHTRVO{DsUHBtHUEC`)wFPL0-zQ3 z!~aeX62$_1nwnZIC&5mde-^nI`|qFjhaGMi66pT-Bit!!9rhm;53)%F%D{Wz z^9NNL{UJY3!`68{`P;@VXXtC2|gWQ62=k>X!ZB>G}`I3`)?)s&%^kS)&Bde z{OeSKOp7&M1@+q2ks;ddKo`}9{XoO-4SZ>A;JM?fliPFX9txsk_o)*D!gKVgsv9`J z_wYD<+7SD{I`8C@fCm%=xX?<0K)b8enLp=$Rqxw>ZzUHTkB-O?m)MV0Z-D1qkEy!r z4T^++FW_Imwe;7XYev-l)v}78r9D!B)M^CV@V{2QAz1x@`e&d2XG1io3;)-Pbr^rI zLZ;@wH_m^R;qMk(T=i|C6WAg!!iBixc>dGM1GD>qrT;@CzmH8lrvm7)(8}aN<=ucl z^&igbuMPY89InqpV#dNak{%_6y~FhZ zcpOcd3M!U^w;)srmN!Cu_%$Jw`}NnYY(N zGf##Xux;kA#OJ3e7r>`aU^>h~1q`9R)?f3%#Y&uRavb0!BL-BXe2FWk6p&lub3Z|H zyJF*7bVW1+liBZNES1SbU9zJLC?BmQs335}habp)l1xLKaii}&M2V4%D{g0+adP41 zg65o?=g~Pic@|ez+%pl2^AjzMp<>>l6(`}}y24m~L|~jPL|&OsGYUD_t-(==S9)CJ~uA&BY!;J2vZ!BPGmb?F7jCwyoMHm8K!D zrNk-jLAHmXgw3AjYF1sTAjKU$w18gN0n@|M}3~JvP8VEdhW&xs! z)IWDs0d%Un+?&U|I`d}9F2(Um_}7;@${InxN7!{2L^~35{o$~wqcBQ4i%-Qjvg>rp zg#OeTSyuR2^2Fc;Jy6bG_flg8fzz+w_GzhD3OZk|y)v?XYf(5Uy`H?J8a96A;+sM0 z*>2p#QV3pVAa!7l5n|qyw&O^9GNO`Dx(@%ag&`)eYgZoA7p{Q zqV?kir=;gnHKVZil3v=a%S^=6ys~C_5ON>s-S&*4Wh!gL;BErCU^uk*H%e~sEL8qY zyq`Pue}&QS;eR5&;}bT%JT<;I*8QC9ERw4f^r*%sGNL2wUz`}-pzEW)2;$gF#jU@$ zMrSiuOw8rO8&T4I`NXzfYqX1Ka^05NB>jnSU`JNwdUT7A(rrmwmDk7?3lNK%M`e|3 zGA1Bvg0AOP=cN%F3ELslB#OvMuIMVn3cB`^Q45MnR2>}tNiU!|i{_qM-y&P9ecSmS$!7PUL2@1~MQ>wOSZ{wUTOX_n?{0gNuQ49oGtB&ET zNmItNGu+oPf;wL-=R%Tj$ncCBpTNCnusMz#NAkzT#%6+)VtY=WFv3RHZ38mo+-o`{>Ec z4>l3M_62C@Athrcl@mC6mB+v8B(g1$D13N2@i>?z+hifbyq`1+ao9q#ZiXonK9a(S z>7p=`K))ZGR#2$|&L<_&dCJ3JM&Lim+a9Fh(-AUdjKz}5RO z4C{j=2*EMpjTHj9t^5;QH>cP)R0?Ju(8^B~f5xES;5qPu*fPF$>{rzp$)|nrf4f`~q##Q{&Ca#PAzs^L+Qxp1o4$?eXj+jS_OYw+-R)!n6UA3edkPjA6J$17 z6S#t^&nzJ38JVY?9;Dm5jL02VMj(z+RWbu~Z&XqNtgQ*I);;COllAIX3SW@MP7&^s z+&;3V8%2Z!^&JNcyDFFjO^2=4y7P}BH2t9EiZF{Xs;9cRtY>XualpKS0mp;Bnhp?u zP0Vc>+&MS-RY!7l1JC?>uLZY5Tt72JE!`7SdDc^kwil>5()EkE#fvO$l+NOMpF-=( zp8BE=MN#<^#7IddBQ4R+XRis{^yp7~nsViT{~HB-1($kysCmX&3z~&2{k7QrRk~ra zIEoGw^mb~8;X(ZqG4CL;iZQ#L)wxlNXUvf1rY$EE2F9~)`mNWC4VqBx-mwXHQ4ic_ z6DaG`fm9@WZ9NkNBn>Qdu{OPIjHw!+t>l#mzS<85sLXK3_z=842HEQ)D|6tO$tj61DK{$;1%?zD}OpdR4T_-V?tg@FAE8V47wD(H+?(LIjZ(Or06}KSuUHkXxU3@O?S2#< zh0!$Be-fHM{GP5ag>}9DC1g5aLo=j_JBl~MD?LX2q$O;3U7I$^NA{fuzpu|=#g$rJ zL6xsE&e92e|I#9a;i*h)!gl-#q8-3Cd~K=oGkE$n;PTvy?6ae7*ERRtCRJ2e%zDmR z&=rn>JLHSpYOtW3H72JZdHL=LOegmkrmd4Q(_vCMPAS*Bv7_^+JZRJ^1Jt zGKzI(Qf_AQDQBD}MhP^Loe15^0*|qeh&smD6A4j2-o`W6a~c!ulf)Rr!B0;9T)Kuh z`&~c&7H*4kskWBLh#4YKqq+lDO~3%J+MmRZ&XY4oMySg4cn99qLkvR%`)ZTN7;`^w zNh&CSP8#k|A5K#Fp#66-!qJG<64JCX%>xx|u?By!efS*Kvr?jx`L;$~(^;!Jk!B-u zvTS{A#Y1`}i6*R=CL>EuadN_~rR+I^cf9*cn+hCd(@I=P-jO<_f(KT4vfJ+b9n>5i zvvX1FYQBkC@zY0})w#FXhTgiUU+YSryus5UMVqLR2xLMZW^m{y&ylRt1;lDAMNzBJ zo8c$Jkz?-f7fHk$j0AuQp$?QN#ptKCr{DtL%s0u>_~$Q}$pt+P9U<_)tv*@X+-0jM|Ojt#Hu5SuGv9T%n+Iz{BnsxWrrUm zr4D=V?H;5!3Zc^oFNh|nzJ^}Q2EXqA=!HDzm|H;k&bEDT>Chr^ws3m5A{QNysn;{} z<`xA7qVji6Ybg2SMRn7C`;Opi-0z%}*9DfY8J(wyisn`H(G>qnw~YgTW;ngAOE_LJ zB(U9D?G*6v3EkiY0EL;E?4-!9MDn@^W3N|zu8m)No`zPh_zA`tFTVsA=_>)yx(6fh znbO)?&aIcL!P}H!P=7Q;fP^sP8O{{JgN5*y(b{Y+NoJv2*|#2g3B6PelYRHm7SbsT zEfnD^o8?i1YC4VL=aiZDYk+0v{r6}<^D@W7=XLF34FGthML@E(30MgcOD24Ky#|di zUDi}%zhreFUsI$ak)J{_F~l9)mmiEHYHZPrF6zHke9C{r+u)7FNYvUl=pTGpth8`x z6x-Jkzcjdi$Nz%k+AjV%6s?824^aU1gISeGb*rb>gz)K`@#yCl+_%1he!I>Z0{#-^_SF{*GqqWZoM_gh^_I+56Wb?QD0c-R4C9h!2)5rG zCf5BRV~Dm9qTkWzogKLlUkLs{30oL=-+UwX`ZQZNag^~si_+!`=(b|kD}e&?8MqOZ z)OoIR@kcJmG-Da!FY~~kg&>skhyObDrCu#`N~sMtDCFtX8l6jgSeya2HQ)U{{@!y1 z2G1+^+B9bBqri_Z)esKDCS)myz-WNwJbrhLk^r-(NWMt9N8D zH<*5p-SglMk&Rt1gVv0VRb$oIhZu@~R`uFVAxIz}$U_jeAz9+ddM26EER5{7J^#iB z9E@H<*Sv6w)&^%B6P8~0f9kL}PJ-Uh*i8}X`M%D9%ROdWEROa~SLFWv7bi=V?6NAY z&yCH;*tY>D?{v#lbG{#=VBfisKX$ss>6+a&N$g5yFW(88zXIp$=l3zdOTh}Dt*?-^ zWf({UmsZg|vnEoOzfHuI+anI8BhKC#Mji63|6}j#f$5eQT5uBJJgVh_oS~%(kaBOT zaDJ)0_kYF$s@nPgC_%rw>(;;jj12z!BH+JU-ciipzmxiTA+DKw?LA;fM%8!)7*yGT zJr}D-x?p|#oD1-)no(=|aw6Z@3zmH}1X-_1!t9jqJk2B*9Vp~mBzv=b8(7T#2$1!k zL*c)h6|Rm3E-q3g0bV%%KeCTLE#dnbSIEO&QnsvV0tjAG6ap0IFDp@>3FMR$6s11l zt9<=VH;@CpR3tr=*SSq5d2E0y;6dc!?!MGy9AcvXKGGf$+Z+8r8(rLR-nGUA+f@Jk z1!>KdKGoO;(1n>L_@@HEn|G^110o(ET&{>&C>yMBW;Bim1jZ>Iv6`e#||D zZPQ2xN-~LFZJcgGzlc{`K8iWl#&?SdQ`(4-Bk!`}s6=+Ca9u+4nTQ09Bhe1FkRfkn z&bVWsEs^@o-d;m`Cs~+b`o(d)@n8NumBE!>Ko-KNov0+kf*H(wMR3voxaXB^*0&@w znRvt&KE08XQ}AJ|bSJvE4GFm3=Uu-P)P4_2My1$cc$NeeaymCrS%tlxXh%pGiq#FheyCKcn74=INO z#qh_Y7#y5mz8CSWr0ms>vx>B+j!o#CYB5Dg{h~A0RZCKIV#pAimxd;fLXb`F+_9@c z5MjB#(3a}WR2rNP$-lU}2jO48NVvF3%)n&z74$j(`0?X~toXEIa5;qKHzFM5OmR?- zTnQ_LKr(-s&r!HT2*T~mUi+L(RuSX`Liw~a!z6<6#awHE#%a7Hr7t!_!=hj+czS?I zX$=xy7`Sjj=qWs|J_C`1J{zGg=MHWTNUsw#EAB)eO4%{FH?jyj`2=_bJA6Oi9zT4x zud;n8Cmmg(PCaOm+th2)iso1~v>RZ&To+ts@pCL72~W^nu#Ha0N3QI{d`!tbSmDx3 z&#!CFF2<{D^qlx2Mn*a0KC8{aFdH!ok)kb8JdB(dmOPA|#*wqMENi0Woi@{l>ddf* zk&;-2e~2~L|Gt#V*YnM^TAl82u?vG}vs|y>GhPt9Vc|$+_``}5=m7p|&_2p8qLb93~;wvB{AqS6D&JZ<-TnWF!C)>h`2kxV> znocoHI@rhP`4-F@bZw^D>)Cde7YU;*VuVsk-i6XGJtF$PHw}(#kYwku!q85GPna_b z2|IC%MEt_xVaYD0WcpdsK=b+MYY?&oN8}P*(g)KTX_IN;HKt>N59EF^o;9?t=nXN4 zWIy#A-lbvc>V|}Um>e5)hOlUlagDFmZ^<3T5HsN!eMl_N*K$k|*R1xw4L$wf46EB- z7*n&I5H*bH4c(^>#rq-x&F984vk{6Jk7^B-;WoyhE7TJ@LxEsU`uhd`YShX6j81R} zL%BSx?~9R39xWk?j$0m7uiu`t4gvzgSH;d90$Aap5PZq$m+%4c7c-eYw%)J=0&-H= z`?oa0Nn@KN&t_@9LcO?St=#F`+){XQbR&r{^3D|;b{revA9dBt+A&q>E-RE1449O( zI0!M6gzg^CfF1%!!`)fF%^;~nw>LI%v}^TGG9289)NHX$cWAnDA1W`E)d-CAg==`D z67n!jjT$1Yv}beUNM`AbDf^TYzdrWVC0U{gC&Z$oeaG`m8}bzlwh{ln4md zUUX1*sBHK0yf=L~zn>*_i!3KMkB-}sj08w*~F2aUvJ-XJyio?LohMV1Is>~ycO%z zuc4AXK7^rF9px*!6mTi{;#yPtr4Gk7@&aa4nZyA$?m;bpltUsee>h3+y3w$Q@B|uH zq!^vbLOBhGUrLVs$Gf1wZxf7O8Dj1)d+mKVD$nCJeBAW>1Icw7y;PhJGuAsVnW(tb zA+0e?m|ZNGiKT&X5UBDsJ?AdX11v zv@w7j#Ex-k>=3LCFKBT z$wZ?znFW=pt!n5O*;gK;O_4365QS03GVLh8iKpKLvVK|xVw9B z2-eVF=Q-!CIWyloHK%I+%#W_xf4XY#wRZJhyVrHyH?JrXfwGvzhZsKQDhZi9HNsi} z&q|h{_#k;+-=0{D;wqHa&cXW_5kJQc&~)XH`zeHx+U#ogy>;mQT6p}UD8RG+se3fw zO(7BNA}s!g3qFO(%%~S3%4|o3u+To(dA+K<cvp z1)Q90^Ks}AbHQK2?n9@LlndknCo;GhAsp;*(%GsrC{z3J64;@ZtOYJbt>!0L-$E`g z3{@>_wIwHC1y3(i4uDUu{Qm(P8Nk?uDJR8B86M63WE$!@Nc0?_faJ3z4kgFwmD2k3aK0R8 z0cbT`w~Rzx*7Rr9?pktLyblx*P+*o4~zL*p! z;}BvLf8NPW=3Uu6vL`5(xMjli5(Zo8{B?HmQqo&3Hc6ZjX|c2@i`yg)571QD$!+0a z2xUJDvo06dNgfgA$Gz&NKtjxFKwcE6nAFdkJw-q$3l7r2;@{?m2wve|eH43qAEV3G z?BeJ`pJT6_(4do{liO7*!D@CaES0?p0Dg>r`3|t9kqUQR(G*X4dS<>?4HQsx|ev8vS8S zED+#M()ffT;!%eFc6e{`WBWOmZ&@trM^XRi4?ZFr>{TcG0vCar2nhM4Plse9hz~py z&lGuhdgvrzGUhx8;7&z-HbSjvq*n``gKKcbicRTXQH*7&ekt?CkV4i3p#^HMG=q zN}^R~8fx*4A(5}taut{t0Ze66=QPEchgF2Fwx@)AXm6u|AM3UF?I+V>-5R& z8+-JP)*`4Wgj%Q5o;EFuYK1)Y4Tc&C} zDEc)U!cu!9004mE^Ue-)9$5gWnbsib3Wa_v=<)7_!YFY{d(=4iR+|uwlao8EC?@SB zGKW4;Z^d-F=4Za5GhF0biZW|Vdr$aL0E)Q`SWlQg0@>#i#B_0^!>HBhsrI|puKRxc zTQL^rfGJjy1&9_zON^rqg33zMlycs>@y+MUgA;Ge^c@)|g0KbT5ed=D*XIliZ?aev zBNr1q>{U9L1mQEip?u4Tf%AChN}(<^`4aGC1kB$D8b1bP zN$Z}`E|vAPqFAB($Y6IGLFH6*&WbBLLFc2& zYjpi;+~fGcB+SUjZx^c5C0&I)nQrY-m{K8cZPZuVQy%0QP|8Tp9a3f&>|3&Y=2~55 z?2;EKGKIe$Y1RPMe;oic6#t;hIW31bCR%3-2LU$S+Xk>e3yWThcOYldxrf-$Q+#HP zN@mHH;iq`q(Km59eMr2(UFRkFrY0B9Q?zKe_?}Epywj~g_9&5nj~hQ&fp_Cf2$gn7 zZ4nV7>%epRZXfQVp=Z=THufLw0|x3*gWoEP$@eaH80Rm3?(3sd{ZupT;`f0yx|tsv z4UHs9(gTmO*y*_9hkjdshz}?*(urBu3!VA4kWUi0jGL^5NYTw_s`DGM2-X8PIc0Z! z1;4{t@|l+*44+><*yX2`;@*4f4igR|`_w=dGpWh@ym8_zfMeVt>9>v*$6903!ijn5 zLK4<+h%F}3Tx+ta2o-nC*e8BI6U86xBQ?BP>y1*a-%0<5Vwcs0QAyAHPakWkTmvfWy?au zHv)(K(S+M6qZ6`Vkj21wxdq=3(qDuV(9E>ldG*ka1QNkJ!(=!EuqR2Xk-lK6W%2fg zXsDKHJ6%Y_TagcuUj+lknZ%#v!`mod-}m>Mj;nPx?4|ixTG=HG0os7a<|DMM9@~x> zKyS6YmJQ%Xw=?MTQTvxp>7aTcDx+Z-5_H4z%ENP-LeX2e*pA7EQ2=vJOhU3sJR--- zkDK+i67Ctk#P?Y0YZvrtw;zTkJx_bMNsQBuwxzGxswr#G?K(pUu}+tYLZW?&$8fw` zuai|zb5G0caI>LTZ+6;Q(`)>&iz<{Lc1b-ircDh_cP>zd1@wmFOaW1jlXhOHNKH7x zFQbDyk7WyCd41Ivx0*sQhSel$=+3RWvTlvmG|C~&JclV*UIAXSpklRy!tUYbdhfnd zxCWgg9~^-2n@)BhKbxALGBQi!fo=86r}i;7Ng(3B1rp)=$1!04?$C9^6Pi}eBUOBc zkdK$&=e`%{_44O;Nrt!=614D$b2m>XGh1Nnaf91OHErxT;(3c~_^79GC3vJ2@zoM` z#V)=aEUz16DvU~_0LW*_(W-u7li8F4W%sRxH^^6btO3*~bDcX)5z`DJDty4bmhBC) ztVQdv<%;wuO$0BtcdN6ezM)hmr}A+RTVryn>pweQQl^sIF5#kV-)g5F`lrpqkW&jd zH4Ap5Zxa5xt{v|>VtdM53^+fapmp>6-C!#Li}23KPkQ^kM}`L+O;%0!)kyKfW+Z1N z2DBnXhq048;`vIAfIQ_SP(&zruVMYIs!ea|(~=Xr@vt6)uyc$xOH8fo?)1U}d~#*~ ziF9@nQu{UqcU-T+H+Kn+KX{L*)92+o7mpK3zjG1GXBikoq}^uKZtN3}?2*lN(8_+J z3E*>}S$$6_T&(mq*z&D(N@MDw|MTqcut(nQAQJABF6gk?^-i7xj&Rm}wNYB5_XcG! zvD1>&8L8m9y=NmRV8s^noCM)E4LeO7Uj|ZIvW$75k3t`w4*xj$uDj8eFq0z8hWwcM zF~i6h!0$B+28S8p_2lP|m5BS|*q>K&y%~~|8 zb8PB_Mwo2Kq{gkXMl286jDFbc+g0f9r*@We2b;(8Kea0I6-k%Pr+)esf*82XD<$t4 zXqjYBf+IJ#=YmDRS0)zH-n&R`ui$)P8Fi4)LNtK?XcI%PT-!cm!)jRBN1K4zgu2qw z$hwtFb(YNlmXehd3?prWpAXxKKeh2ybP_Zr=z$*W_skOD0IlyFr z;zevy)-)o#%Hr{oF+gQ{XZig2_te7(Mzp3x+5(_F<$MXrrpLMjz-qWSA$<&2jUhC_ zyElNGi$*;D3@iE+7N5(5ELWgU0I}z;ne+dHVP&-;e+uT@(gy@t2IosFHH zpHG5WQXEufS1AyZDwp^(Ph|*M0qVchHflxWWLF(Pg)H-b3t6_lD)+W|sh12t8SATy zhS!hE z3ud_6nZDXqSOdBQc+5-$WJyu{vEk*=oa&QRm_gV#V#(kW9GChG5?fgRiY>DBYnTxi zOnvrvz5{qKwOt}=QkSvU(y<=>B;ry%M|Qt7ST^LG!pme@+KN9ynN@m1eqHBGT)owq zmXof-M|iCY1j8F`GGP?9+L$_4kv1rN+*dkQqZc;Q&V~24d%(ZFZT#+qRSX-s+)j69 z=zK>FpHh}`K^1lFKdQ+{!-RT(qNhM;N*Im?uPXiX9w0yK!O;90*!{lM0Mx8&b$IXn zi?;gEeRQUo?s;NhdtQgXN(*)DgdBJJz1P9M)|OxbXL7a%L4UVP0%u18)}+=e3$3^% zSt;}TXpiDg{?pp9NeDBAQOS@Fttf+YKL`Ws4AT6xrSwxb3ELRFU0dV}#_Z$u1cC0V z76GgkpOfmyO-JIr+oU)cYZnYa&+2bGiwVOo*L3Ndwe%f95vumrI8#*BrQ(o?xG$&g zTr}g3xr;?Sw;`sp!-Eo7L|7mH! z8ofog?R~nU7paOV4LRE++yCA@K>84U=o*@UqYnoz?{y&|q<%O(7TCnvH62dkX=O>L?J#+x9$VBQ=f0WoY9zLA#}OE-#c3+gWq5^t$XIQ{2gPSl1_&4?6#IBVMTLjcJ0D#1) zT~zB3$xDTpdM00nq*vAmclS*$IrStN#zpsFk{Aj=Bo2OI0c9TxNY;rxPv?ax9x#RE zHD~(Mlv3NwO<(OPYMv$$qyGSWFA57yjO3a`sWdonhdipcOD6Rt+6V<}dlwnKzTRhl zDD6+Jc&ORXz`P>G^+^sPYm>r3E(#pj?J8bXnNIO{YQza4@Su!{IOz&!p_SzPeF34h{_FhD6`M!}&}M!K38^p7QVJ#iEiEJTv2KCp zQNiQHf**pJ7t~p;CCx1UY-!c@$t#$3z{BxpZu#o$3vMTB^*NkBb$hV7BP6G8i3T>V zX=+SS*8i(&#{K_LGY-;sibhiU;>gMC^xI3HvQfFUG>45c{k>65B|Ig$l%8VPRodn_ znw8rx{Dvtp{awE&4;f~pPNa+7oPAEu80?K?>w=g>h1UA{C%GMo?)BhAWv-(ijfueM z+cPaSIN&skcITb$$f{IM3Ex)O1^lcQCKu`AW6MW5^uOU|w1n<5{XgnvfNA2AP8oR0 zlm}J5{DaMB<<$Q@>QssTAKd@{>XdN$O*I|ABN=|kg06K9sCnD_aA`Myi17EubKQUSEZ)EGoBlK6`ZUx3hz40#R9ks~9b2?zRA2!} z<^YMm4o5)we={I;YhwQzkTuwUj_6AMH81~viO6nYMefNFIH=wKnf|Yu0dj*t3F*TD zoB!rU|LbPRe(0kA<7VuGm{)C30pNd}fsHHMf6m7Bb)*+a5vsD&quL4qtVI94#J@I< zPv;xv-}cr2Nt*!W$8P~w`ae6Y0c~zT#t!1&{+0i@>8h%MZuS4NGro2c{9oG{qd0_n z*mYsgcBPJjKMA_27@C2S~I(_{r9?ZM?x< z(dKdD27p3wj&Oy})bWN#{qq^*szDvF@Og^tOqA_tuhqCOl!L8=7VvB`tRoQ_TBF>d z+1Ymi1#N+iH9H7p2lmOaNt1koEb>kg`vB*U%iOqhJg6js06Obmnzb0bgB%l2@zB| zCqP;(1X?y;Uj3IMIiZ*sd*1m^%T5=>-(|&U0!N;@!5!*8I2%Cg%n;CZ4_^d4Ia)Z> zxdK-%uC;(az8Bj@_Qyx&m89$i$SfS7)_;>(DB@OdHq$^NZq=0$kw&9*ulfQw!ok6q zT#N0)A{V%PmHwT?UZ%h2mrfZ(r&v+z*%G#ZZm~e#IZ8@%yT$_)kj+*V{E;v8DF~gz zleH+K$TgV1(G!LJj$JnWaG2p}cJR~gP^ZY&qvOl|5SES;xSC-$xs~#E{NZFXW7cr& z&pKrTzkAxFvp=qxPn0k57SHriV>sMSMIP4$<_l?Af^6??M{H4!w+5J{Uc@`yatorx z=F(tPARGlb6Dgaam?=Hzz?A&E2+;!A`5-@XQpVo&;0&3&XS5@BqZ=lOPVZ0U%Z4;b z^kJv?z_1-rtxs4J(VonnX6Y{7vc>G=4wDgHs$+k$$Nkc&kO{%0rXCPhX|&})!j5oI zgoiH?D_MVR9|V22fqj95_oh_NS#U-;#g?6P>)R|)?&g(cx}qEm?n(Yd!?Lx!xRZj; zF*@R89|bSTH#ZTCSGJHkcGO|v(@E%eC^T1?k}_@9&;k>?m+vrTG=wE3F$?uyNw_Dd zGN+F0>p&}O>MjzG=iCT_FHR4^VxImA0CL3BPXzT`|Eyg3H_ebFxns?7+S5%#6%whj z^Zk)Vb{QyOMqwm*#=m7ZhTMljG)9^#BI|j%S>~Fq5IDSKgoIdO55jI?tUKG?jdgz3 zToUb^UQTUPSNo+IAW8p9YBK7C-e5;iTN5v%M{@w9rOQ}FDn_NX%UIS(ofwp(C{dRL zU?)R2x(Pg)%<8aYME~QGuavsS^OZ{kPr*Xjb-HNO`&->X@2smtf16SC0ZuZ>^>=Y> zvEkk!kI6YTT|env+Gf!-x8X3%b}P*7-R!pc`zl>qZmYTVpj`#V%xTEr<$`?gg?!lElYWVBMxZ*eDlSMP2EBW|WF2B0#M_$%@E3|&RY(zYK#L4M!g{jfz zJZqvWf~zrTQhdk&*7*Ql#2tvhQ`PL~S=C`e;$WXd`m$Ok7ubnZQ4wk5jQMi9hS{}v z3nPk9vcUAx+`J=8cz&6ohYidOFHiu{x|%VKcZy}#VlY<|0VDY;3UTbHeRjP@d~A!W zFtA+L7b5mBa^4Z2ELNeBIY>B)x#W{w8WmugBlHc%0>0#k9()uwaU-4O94lQR9CkYR zGjx~z&$mYU;C6BSKNde%k$ems#+M9g5*45DNcvM9S6W+Utx$>O=gst`gBwoi*qrMi zawWZ}ece}=y)sP)RMlAN{v?CGef45PAF+AlAd#~_DW%tH!KypFbHPTdAcd6Q2o;8K8ow z-CC8IPirsR1TzDHV`H1XqsW5M{5s7N;Fcb8&>{LbDqfSGT`K|Wl2}oTKJp+ZtIzb6$0l?-r`)9lBY|umNeOMKgX%s}SVnXtoQRZ9LMFuo5$wNqkE%^4 zNuD5v7fN6l#Nq}dO(z}oX4kOw&k^AXO%I6_|bF!%CoX;Ditci)(_G9A+ zAp&QqwI;kN(yQ-%hv=LvFO};2nBm@u7M^#OqbRM>EGSd{^yPv>9~^rhm%1GRy;}3^ z&L!>QJkWXSpubcLQDT8&>lL%&YEe4iN$mE7%|z6O%|W%gMZLPqJSkAG3m4{uOrdP zg{>OQGx6jG5;|b73{&&lg5behjxRm^(!j3v8LXkhISp_^zTvhpZzua5>NYqafk_zb z8fqLp;s;}J?OH~z((W{NGi?2{zf9SvPI7!0{{ zQ6k+Od8UtS_=4I>Z+ZX=zi zv=B4hQdgXR26x#^*BZ4^K2dT8 zF-@?KnJIQus0b{HeE{%6-u~SXCc=WTLL@IY|I-OJMXN2Y{J>(m*l(p2vTU-<1NuDJ zcbJ&2EGZ)ooESLrJ$6= zUi{J#qJ^t~oB&MTA7zJA9QrvQ5^lER3cxW?fWS;gtF-Pzj z@I}s$vaNVVv6y*%NE{bhYs!7qPWdBIl|!&1X)I?dM9z{h4!u9qSFcX~4;AGwKo7Qtu(eBnI5IVy%T3OFvl-sqKmfOeOjlc^RL$EQ*6@)K zdx>7M?}WVQ&>}l4ma;|=f~TPHnIQ|bc<@w!nieRqw^J}Uxo*z@@4Z87($ zf@9@S(rZOkRSNP~|7=?fm`!N{Gp?Z+8ClHf`Hov`w6i8j1iD3)e$I&3il_Dlq^e4i zNb8KhQwm$D$VjyL0rPU#s>sz7ea&T2eDMAf3QqGe)E+ndd(_u#gb0*9-U#$ja@1>z zwRh^T5>!(Os47K5r)B3?f9biWErGOlyuT4@Cf^! z5k(Vkg#_un51MwhT#ZmmLob0z(j_$c%o>;$R>8FUM{wq^;Hp0nWSy4tjhz~usV4R! zP21Zx_NY8o@^-nyWuq7*mq^db2~XANoiiW~B+Xuy$#J_>AK<`mix#rR{jWY zNWXtsVQcWydsVj(n3?d*>TEJtJZhbhc23i{R9Cf+vW%~7t|=?B z4q!!mR2%I>Z5-DLvly(14Y%OzHAC(&xPIQsp4D@(s$lkrq~TfB?UwWKtS?K8nY}Sm zOsBWO>&r;K+=Dv=CH#=GC>ri9rb7|pH=mb+onl4*IK+#O6HXSS6<9b zL03%D4T`_@S3Ox}hcDyK%1V1!F0eM9vn7k>}vqOLU3ZA z5jAZ3;w!==DecY!4$fT(u|SOz!yPOA$+4B?D4(HlcT#J;2`5Ip^#;Sh|lx0t!)NeW_>)(ezRUFg#Lt@opXQlz>nfsu^_Rf5q0fR4f zr*pDXptc44XVBeOlVl2M|8ehO|CI(;ccV0j;}slz_eeCZ$KR3Dyp(n118wzs8^H^? zj*i%oaFcN6J?d;KdZ6{S;k3#<#$!@4!cuIa?I-zw0YuCYa=ghO7B7eM_~`?Y#4;ns zoAUX?6S~^IFr%|aJrK7~DuLy)XN9+_wcZDA$b8*j`YFp!XOA{id;hUd=wrkIC$A%5)1nS>6)RO>o3`|k>Cv=N3*l~DIpq){!vgvG9H?oxkg z`cyW!)j&*q|n!Xx(;(xk& zR(7t_>`6D|s_2%5OTCoVcFWo}FCN>1l-5Kd1AZF581+)wBdtLdtQ8yTSmDuxhq`48=603n9IJbQf(ab+)49xXS`L^EVXG>pXIb z!~nEm)zut*98Afn48Fa8ScAaJiS{_&qh55qH8q?p;0;JYv+<0aP*l%DfVMiwQ3i_B#B=h+vqZm$BIS< z=x{g!#Eh|0*zlsq@tM=;)i+$#9IeK~)Eu$Hb_oWCQp%h$CiY*)o+KTCX$Vt9(MIW3 zqyu6NR`ha}aRxnyslR6RTHGX+l}XC@0$w_pi}XN}w}c!Lssadze^is!_ZNBY5Z(?1-kg@A`2 zEtnh>z>dNEXf1Q(#gy?%QDQ-W3Bo6|c~fdZlyOBI@$%2R9Wo#B?ZR-c>jHNHhl_;3 z0wLdTqeXvX3F@>YWdUjLAm5zkLp0zCw1c}Nb?$S@mH5|bnH6Q2FJWC0%@Y(1ZOrHW zDA?0;P6!&*=zh2&OwuD1)o?XZrDu|@0MG<}WAM49w&D8*% z97y$#G3&r0m{m(}bP{2hlXk$dRu4($rPQi&ePUrLRFKGrCJJ}ThnV3LR`gL+f=f_p zKNW52M7{hY87hT_`(;(CuC_K?LQZ*#sI`nAg|KaZuKf8j*^x?rv4H%^X&t4P@Rhqe zR@xudnuvvR<|C^Z$t>=F(5vJeH`{n6a-aUXT}lN<*G;@+WbnGcNiRTMf+ zfSnkpP;8gXiU`+luqM-zqNJ>5_riK8w6kyL_AAVU?&#@W(j%$2)GyX=fm5dkrH9jQ zyPvqB22QG#HKYn{dYH-bq+)x&9}nLion(JX+*WTA8mPCE( zZpjC$tgx)SXDxzLvy`7v~zsAvZWL&amu-P!(8GdIx-?o!&94Mml%p-|aK_Q`2 zEGgj~6n=$dBE+jj;~$?xpHW6swgcr)6k1`=II9fFuy4jHDwIT(eu3VnfmjZpWHah$ z{(Vg~V*}-0gIV2C!4II8!5I^;1 zaC=Yk1SlJrmfuYv*6P7SMde|KQRM% zI|;orVh7vWQq{g;j-j$s(VWxmcvD8wxDN1YPbE;VIVEBlPr^q~>XWZ_T$9U)!Mq=w z{(c<4*ntWwN=1@b7I{YnoGAu;miSaQOI;8uD{CbFS%3m2MMh0}r+l7#w{&BTJ+|K+ zk3q^i>S@i!j<2_cyVqIg2vBB-RHq_2`QmVGRHr!tT>tspnD+%$!LtgQuVOdfN`=y7AiRQ**r*-1|?U>YP&N z+HNs!`chJA3y<&#)fn^q}D}}AewrfU z)Ad(tcBhrOQTZjW+q~r2;S9b&AA65-4#?;TD9ur^>e^O6)?U~d0W3gae%^P+v*9df zWB9`}18IE#3I3&>_xsjd#S{<|bL$jsLJF6qzvO<0V6pvob#Ly(MR%y*+@>cR>HbBj zm$mu*5JO27asASvck!nn8?m#?(z|br;F&H(Y7JjRHF;o{FjWM>QqO>p1uq0vpH%a| zqZ4pha4;0Z+DvxO4pWyqIpJ5pJo0`;?+@KArw+b_2;G1WTq&ar#L|QssBz+jz%ys8 zq2Klojh*(@G1v8A+h zj|zitA`J#^5mSJ+q)`_gQVf) zQjU{SolylEi7S-4t?UQ_L|u_9O+T&FM^u^efo7f(HZ=M4oPxNn{bK28q=}qX%x6v2 zm|UMVT-u*(+PT(3@}@!yOTH>KdnnA0klrLO3T&Rr5BnMrxmPi|A9BYu0J%vX>tG$b zMyPP}?5gz^wjl3}5xhO^#SOdK>12cN^hp6yA{>#?U$FcMUs+RmLubbjP5tHk zTnOn`{(aS};`!2H$vOMBX|*NJ#R|ikQmSCx4-sDny3Pu~h}qnO@By6RW(ZUL#C5wY zUEQD3{Yp9m-MTGfY>zXsY7!Xc$nAo-i^derZp48v?Psh#ho`+C@KFPDJ9KN+1Nhk@ z)g=@fcFmITX^f#4G*|CLdPy&64}otv2)PWjDMMVtI>~flQ=c`$apB2B0FfSDhl!iZ zBcg32V*K#h!M5uD%6Ye0Cwk7#S)8~jmOM+w#?4ats`4JIHjk<^szZs!+J{WtG&Ou~ z362)bYpI>uX|J_}()F#3uX5!vt1zd}5iDf~ zRR=LUJ6+WG5ouH>SS7JcKR&zx4RJr{GxaxjJB)-H>J4|ge4TtXXlihZh3J~}me+1y zvRW->e$bU5BRLzBdULz@{QoMWzBsJx7&Wa@cuOOc=ZEwe z2AX(qHDCEFNhBtP)MX8tb4q8lO3Y3IzVdW;d3yQ3JRLM983Nno-XwR=|@q;OnN6Q{E1j_BoRKaHfSCkSGzGD>;%(t9blr;@;j zS4TDxeqBDcC1a~qHj18XR`EDzWvl{YMAux|vTf;SsxY*n zK)f_+zd950$Z64?C9;CAOd(&21xvctB+nxkPC2P|3|E4zZPR36lxyQ?WN~cgxeES; z@#OLF(&*Ymefkk{>D!TdoU2F%57*+8#~V9F96sf}vQ=wOC4eW-{$sg4$V3qJw)`^dE92pD4FM=eQ zrZ39L3XXKmT^tpMDc7}_@-?J=G9?_74b7A#2CevQJy)q!$!5a3G1TNw3o7acD__1C zF37MAvdXFtD|T`1Mf9WYxbGF|LO$F3snY4r$9~$s{B%6E_>^(KV}| zTIY;lxDC>-#HHl=!NYkx9Hl6nZghy&+8)M;B^=cbxUr`=s2J$f;!#4qy}K5xHTHe4 zPObVi0cUZ&Qc@{nl*nO-;W+;4VU>Cql_v)7dJAZ3w?;Ve6|R9x?Cdd>?|%4s-YvI} zcin2pH1i{`m;Y<~^U2X%j3!kb(@ri?o_dsi-VEQM3pQObDw6g+7pou{**j0=A56X) zem1>I&UT$mXZF{6SNUU(u$cO)*JOrI7rgLdUcx-?4L*wsJqtzm_W@lzK0mu1 zaI{o4eU4io`cktIo2q`5_*`1cqUVI)k$dfcN^tq1y$Ao)5j$1qk3|F1q3^_wg7vfvdK*KWUFk7Ur( zm%+>aY}RmM@JyxdNNLOkaYpq|E%}^d&}J>QJcFHX)=49&7x`Jw@zqF{L)$WNCTo>_ zb2!Vdus;aPht^I!>=Un+7jF~(hw(N{5R4z&sZ%5A#o$v49ctB&c z3JKq_@YOVu$S+64T}la#pI0U72D!0`Q6wMeqauqA;0Cc!HIb(ow;xpr2}`fXcC%tv zZY=4;hGoQABh@@J6{#^}JnBARFh`{g@UxKT3EAmoUbWCo{fBg8kXtid4D zcQ)OOJ)vUT4UYZ$G};oE-taL4)GVb~dj6*2xz8oB#uk*i5?Z zj2K$zj`z7*V`kTG42NdIKE9)!Z^Bp}HsSZ<4ib%DLyS$c_E!){&=#oG+OJ<+c}m$K zz)N@)flb-!(9{e8k0=d_478finr?w1gCVFu!BtQia2_b?Y~JXM@4b}Ct9Oy+T^Zsv zy3oeWfUd%*8WHU07kbr%gd$qnPF@9&facYS=t_+$%Q8MfC7d-^@S1KSM7xwE zVy<`Ra>PMlb7J&e*558r4tqEDXtf|lhNYia-N{UAghG~0kSi{%Lx zS)5}{>Nr@CC75CQ@GNc;w&IOzzcw|}9%CTj&dxsTz2shrOxJ5wiU#1>UkToyjZ7dbP zBD_#7y5sk);IvAS4ZAhjC|)h-ZZbtPuvyb$T}+%T9S{G8bJ8%Z@2@mf9jSd{&KW1| zkGja6In^L_&vtL29jfQeF9Kx3BFuomLlgA4ca%xgjzjc5UqTNE935sGJk(M0@~l6h za+)^JDj#|$aEtTJD}MR3$Nn9nApnbS!t|`SXxil?!v{>ni01_OX##FMue7{erOd}e2nNarRN;A4jdpQsmS(sl)YxD+>>Wea;fc=@1~es`i$ zo?hAN=xP>jqr*aRb#42x_%#`ee)mpfqS-2VQ%%%Njs3OwcVg6(vA)*2QY8JA8vKEt zvne}@k2>OX4b@N0H=syNIN%NsU(+8!JZU{nNXEHf?9T33gj@HF$piKh{o!-Na-0W! z%hZXMqxib*X{9ckuApa9tY0*@&_-6^qx7nS3`BPW6?Zm4qHNRe`tv(C>E)Wy34 zdwf%3AOR(rN;W<{&Z0UFnHTGKKl{Ntrd>Q4T2E3oD{Z0%5&F|8!Do8w2Ol+_5Ng9Y zzB@_#Hd=?Qa!qnpcGbtpwX{B*CwA33Wq@01GlaaB9@W+5Xe0nBA)rwT7E=<)QjYAT+KDfWMD%nulU3bI z`p|g?=tzUqzeGj4L2U+fa~BW~O3<%kmTpT3%fNth^%ES4}ueSp2h zC#4&*p7RV(Vei~4cy3%gbp`)1)CD7z?vg@LnP}X#-BEhp&vD_Y3La^YV}r-33k(3} zxr+PS znXU68VIT*erWnpHEAUGnL*4q`ycb4Tl-NAkx!&kA?l|KD{Vi-ss557zh1Z=R-?UgN z#hO`iEW*ep!kB#8u`ui89K-atTrLD~HF+bVBa;A;=gM86w-q+v$6!?(iIc*dQ$&yYI)J zPG%5P6XngV&;eh)v`Bi3z0ZRE#r(MOcF$^GaZFuEAD@`Bgivu3UuZK!&P0@~LC`6co5KWJH*k31mP~;AVVa_wPR~a~$m^ngO%%UD=!c zK%XrIi(mk9XH+o=+ujb_buFd8Cq}$ua;)+b@6&Wi(kWaIjNOSrzZyy}+8vFRBv>9X&Vrn8 zNCw`Ua-tWY!mKN>kkMofKS`*Inf0@g^jm9W>>(%>fEpM*pd8nNhrgrlSL=Gd*PG?Q z2wKEM*xLXPfZXy$GmGdlwIdKdyK3qv=7n`a$hNJ< z?}4jb3upgdUvC*4*AAuanqy|i%*>22Gcz+Y#uQ_lnVFgG7-MFJm>qM>%*=N8^*J+B z-#2sT-alO>m3B#5ORc>ny-N>{n3s`8X8^Tsp=B{xHgav4e?o#bvSEK*3qL!Ofhkke zx!o`Du))tWu=QDh4?gFX`YomDO9h42d`6TtQqvI6X?v~p$9T~`*gE`iY`$Rlbu^qIj(=_DiRmZMo;^_Oikr(7H~ZsjtYyydq$JS!YiM!i z)qLi+SgT?o%X7;i(3=@oq=%IoN7mfj)Oi{rm7Y>7TN5tnE$yw@FoA`4Vy^d7?7Pv^ z_us&^r1ilPi+xapcizk{?GGKqvdstvOIS@$P-}N@b}#7L@ultyh*fpdA2k8+q!7;%9PKL;!u;oWHmb8t{`-xwK z>y%aAB8GAWS+VhJP?@Es*2A`q3~(mmTkOZaB1<52sxap}ptDJD8`SwJ^4?QXjk6F& z%#V*Lc6X6mD(@=@xDk>led&)%L?PvW}Gk5|ngk6*LZ(aFCT%wG2L%j=AO3o$D)0p@2u zf48!QrsI%j_Ul@y)3t>1dIWkpcz8hv>P7ESqetPrRb-%^Hon)F_l-`um+dK`tsb=p z!X6>P?ylE|_xoE4hn-aG{s{XSBm3jF5&Y9gc*<&Gan_I6Hn^L643o(UfcHID*KmX9 z509*`bkVWDw{C-1^;|G=;*bG9yggF&9871v(5Mq)-OhQ0p2*94tnZ|Tx<7a;D-`4%CN z6&h&f;{8L(v$e_W2{bAlZwrEB64mg?x3cJZR3ep)c-N8h+*?;5Pbsw*k#oGH$H#po zMSd5Ou33{NX80SDq%b5fjDMOK)UR;zRJy7r2G7ElX{BUl4Bii?k3f)$ z>ME=B2+-kx=b?+H=g)+ht|_zf z%xfDUkNQKJm`inGDK>sJ;)+eo&}<(gQ4Pj#`DAb;B~hL*XXciG`16i5VmX*?a6Yd< zGl)&?`>+;iU4&1 zj2{5;NvDuf>O3}g%k;0-2qCAV<~IY2F9soie01_z-OWgbFVcpHg^8|2!EEdtD_fL> zcDBVpenqa|b)W-IVfWiDprIge(Bl(a!mlX%fR()^xt;T~CWs>VOKxR3RC7Cy|G5ax z(z2DNZs&(XOkzru*TPTQWKt$}%x)_Rrh^!00ReNN!I+Kt6?Xc#{U*}`K2LYZN-ZlH z3sz)-J^+Cz^{sjo+yrs0e@T`#YerUWjk;8kDOD4zls_ z>9umMWg3>2OaSLgvcK#6oNzg&zm?fU}D;Yvm1F1$O zvxw@g=GSJU>0OaZN@^!q=m)P5N4@Fb;d)~qN;BsYneVZ{&z7euhXD=6TUt_=h~NeG z7uu0vuRqxbhaq(l);arqld@w6?TsSnWLQ{*9QyKEjAd}{HnU>sQdYM*L3?O2(^YiR zMsj6+%Y+eXsdtZz4@u#HarBwk1#kMf;_wPz*7743;>8v6i zRo|T!b&~nT5gVLtgzXkoZJ=LJ5ZrHeO^v&ObpfE>Ub7ice9}bg7ccSx#~@o#&Z^EZ z<`7V3@rm4EpnsrTqLbRg7n{%r<|e_F*R9LTue-hHS5E5>Ae>6ykKRNvdt*?G?oUJv zY3i80`3z;43_Y(U5_;Vi3f_GF?#+p`BU1}DeG@{AZ9d%v$jS*lCX=IEtzXGaE0l%U zDnjbocm5d(&oE!^UPTUcV!RJWc*xS(1d(x+>P{l(zn-Z!Qr;D-$PriD*|6Ttz^#gI4o_tMpv<87(eLvkLW=K)I%D+J;Ih)b-FQwW4eFG=J=eOlG<~(z`zEt(;r|iF9sm z`{&tijRr;$fCf0P*s8g}r)?5u&;^lO4e&@s^^#%o%acY7^?usOa@p%qVWN+S_V!P| z(u)2Y4!0F;DMTQEhql6N9Q2X7O@hnqUejko&}BbS5rg216#`Be&8KcImhQcOurRfb zCZk+UIWW>M5QO^r za(i3zp>yfB{)DgB*nm>;lES?r&TLe4=uy5PPHZtbK(?jt^1+M+Uo{PE>dZF+z4@#^ zzCY1a?!RkIL-qv1su%?u9cRF%He{C6HZl|}M5zSHLOfNp2^^pWO}4u3LE_@diJ{?M z#iGhFmh92@Gn1>LziT$6ZHLD-LG^~zI2<%Pas3?ooaLZZ=s{S!p!0L$mFK$nq@_d9 z?;nx1ge1Fm=U{B2qB`%84Xb{OD_>^GiM6ci?P@@w2K{IIy^8%HE2s4}5WnK9?iqmb z%T3(?4AE$@p6{Air~94j1)vctS)sZN>jk7*R`5A{U4G79%bWdq4!b3VHc7>M9JydEU7jLB$6v&( z<SM}$V51ryk2m(JaH z{mkIEM*oF?i8<#1I5Ar>jSY(Pz#61bh)~vyauYN-(m^fR`T2f8$48`d3s*&@D6#&*&hZU%`zS0H4oY9LJst4>2K z-wVKrniy2Ku-bY9BBB%!vEq@DCSXfZrU=8`h?9wcQ4_j;cMc&tH{3%rQQU*;Ab3N( z%;+Oejg>(yP!awza5#%1HPfdpc;f_{v5!CFa?F`mkPrjaxNnJ>TnLK%5fl&H`gEy9 zlr=0RuM7FdEUgqQy$-t?H#+I1aC?+zj`V*R?# zn}w+PMd*~e6K>r`0`lBYiJapeasY4Z+c}r5?-k;;`<@SVrg-cXsPzWwBgiaY5tmQk zGl<|Qto;u;lGLUy@4CqYm z1f3Asd!n4b0%Go=J}5?TKjeep_;$^eLQ!~9Y4J>A>krP2Rl)ZVK35ixM(CC1)DZ{ZGNQ|PI8xV z7m28x%!hyM2gr_oU1?MSd|ysNdF?)Z)MFgWwX7{U_B+;^n264yaFD%3GXIQgxoNoA%WWxuuB>cQ%4n-2@IW~ zPO&r<6Wkcg(TuQE@Q6>WeU;HkzJkLE-T$g^?ZhF;y$icyO)&AL2>c}jv>P5Y)z?dP zTy|#v?OVkIWXGxppQ05#1{ywfPD%zzJ}Cj$djbGX@m)lCmW1j#OO5ml0S+93nkQ!$ z%p@=$d0$8*9rNP$bnejPxR9{C^TMt52k1q9fzqTYBV$jfOMIPQkNT%c{PL{zd$!^n z&Q`?CBmW;;B%AYrnQwftXoxGAd<=wy415}|XLE&fH_GYHuuAtW^%>bw!6L=1VpbV) z^O0~w`iYjGlT?fYQ0Bp=Y_2a&p=qS1`G+pm72Qj0QY`K%{b;!V$5U^vA`Hc$7r7ks@k)cmn@nj5SepGC}g=vHEx*KcLn| zTXr?etyKPoEYd|((i2PL#;c~0jOuQ>n(#rW*z!Aeq9qFF46XC|Q(`#Ay!g}IF?0t6 zC@dtTp(z7-?C;;>=E*1$W>X58zAaZG1K;BJNQx<<*O)AQ(L?bps^S^tWQ5O|XYIs| z@0f`5V^+zRfFK!c%K$Y!jL7bB*8d3CR@Qay{sbAoH{{O}JAS}JWiJm|w<`8I|GTvZ z@N^n&BUl~lTNoT8Xnpj(3C^af8ERmp<)ZSYYC#()I9x8B7j6V!SV{8-`sjaHTLTZ( zBx(v)%4b7v?JCF|!h|`+!jI*@iYUXhV2r%0M39}bCfB=bCd{@EQxwHSUuv9%x4KR= z6>-=pTvX&I2YoG_E1>T$?of@Yg^HiG1Wlz-S_?lvBCfjtszYia%lFP1w#;A*?DgL` zqnNlxtdk)=LvsSN5DhjUJ-6NSPz=xApTdazf$yQwM(5om%w53_qL1O(;kp@`r(|U1p|e69cr#pQ@92wEHx2W-)9lx9A0E)@er( zI!%gKL^Rmb1DlRK&!sD7ECG}0ch#C0xh7#8q#Y*-9l_ozAD!LCy^7#p8t{#iM=zPnONQoV(C#UT;;v8hv{@0ipzX8y%eYxUIy&$knwCZA&bpIlirx&h3$>Q zb19T=MR5wv%|eIV`3?3VK!wRW`#A*{a>@MVstdQct6Mbk=h=lUL_|Cse;t@kDO6J_srC5tg*i(@ zLR@AU!dGL?>~?Vqzl~Iahw8Owc3t%Bj#*;4bwmrx;5|o+{OB0?-2k0(2xD2y_1Lzq zFh<3#zbh9I!8|+sJAhFd+JHE#;ICbx(hqd#9H|Z-Yr!GYZTWpf>OHzBHB(ahdy<+Z z8Y(n60U-6~n~Bgjxa)UXhvb)TD{~&Cp^ZH6gK+Zuek^v$Dvi+F=j&wzx93->4H6;4 zQ4UyX2DguzWk(~s$nxQLG*?M~wmf8l{FWO=yB*`%B%`J8?kA7dr#>Z&M!yz@7yQZA zx4siawNtoi$(9K*8yT5*R+E8r-E6QEU+<3QR^J}+*>cdnN6XKnp7kfB7pbkqYy!^I5!kj87d?YrfA(d=>R73)rB)Y|5Jz|Pl=I`l{B_QHV1BU1_l9{(qG7*ZUijH zbdd;}oV}auL2i%YS^77u=5Voax6VQAFU#m_w=N@xuv_V#X!q$VP!5m9_^t8QF|U%o zjli$7&~<4_&>b0|QT`65ccDhN6G2zVb0zqfw~c8fU~o(^ZV#hTA&%6Y?(=y%c>=dM z66IdolEPw+vgikcL8wd3SzUP1Z`cI&8mF-77%$41-sID2scG_QxJUokkB}||gGQD? znt9HvKGWIM_aw>WDs{M@<5~(GVg3=2p!n}CMiN@OH2J+Ca89*`J3T?n>{bFl-p|RtwA5Z?NM$Cfp@go!f|}1kpt|%Lkkg){~**TUnjF5#|%)34j zZ1IeF!n|Cv_zuK5R6m}bpE4G1nM^@W@cgddsKn4+Ew_jg6Y`NGt*RKD_gkGh6rTz{ zLPEH?dA?4yICe0mkC-DU+KS;RIS27484DT5UD7>lyeALG9-DsWn>NG{k^Vgu+4cPO z(4n6YT`<+TF#w<2P}_&vp;BV}fVI*|o`yMIApSTwiS-eg51sn!&m{4r;))rTK*uAZ z8R@Y;QK!PpP%)*kH)C?@UXQ}|G@=h=wxV&?dZvm*wRLkm+-I zjc7V1F;Pw}Iaaz0vd!J`Jdl|eewk-FsuK;D%+@e|s#q>G!yC1+ga=1n%0JguX4ajm zal-wp@+3AMvNaF-nyQ89&)YiAINxABX%(J@rIJd+A(|MjMQ?&pH$J@2;Gq`Hy$4l= zjAt=GEkt=1lR+B?NOwJ+OI|2hB&>Sz$l`+%fgGzSLx9J?osdgxl#iZgN51L;mnema zu%{_XsRTD+Q=t@D{#=CNqK~tLNhJN2@Olt$YDE5LD^gg|O8)kVpex9 zF_zi|(tm!u@@6_8xz^>*RJ0aE&JE5!co#BZxH0~~29mhtF6u0ed&p1uc~>T8tyXqo zD=a6awc&Q`e+=;x#@R}3^rf6QO!O23F1B8aSDx0EXLRJaevQd9&2x^L@+fI(I;qKO zjh^srbeC%IQo2nw;7l)QSh03dfhK0%xkhC_i{xfrXJrvcXk8$A%BD~A^*(Y=0Vxbj zpZtkmdzHrNg-Dz;F0D?;BCq%8vS*Gz))zoeALEPF3(M3_C|f!DDMSI-YqRWbr2}fA z0f|{cfohq*q`Mvjf^hm9zQHhtk_HEgWgRs(vm{9V(GgUlCX+6S38!HBP0Tc*`B$<@9dx6zuIH*&tps+gR1eWK zF5d$tF9*@itktaDOj{S=+oQowtqmdt{({YRsco)A_k!&S-aN_2B(ArDR8KS{1<@TY z*_cW$S5QPbFDn3=NK-ETh+VKa&ZOsY4w0}U5)h2B6XPZ3r{snPU_Q#`p+RGo+E5jB zXEZRLe%-`IHb;crQ$l56fsOBTWy=rK5f!c+r}YPPM3orHX&sjNg#CHXJ^Ew(C+=0h z5zzPWBO1f=J&eNa)WQ*Sh+HsCZAbAuF{Dk#`&SCEVN#^`bsXoz`-j(kld_MjK z;I}jbx4EiMLKq$C(aY4-R%1%yg7uOkBE|#;FE^nf5zryxeN0c^-nYfX;`=M1Z7-~Z zVhrBqEIxxp8-y5|?*fq^-G1Jv<8bM}p~*sA^FD^3{u#~g%)6B!co~BRyjn1WSMd>q ztf7M=Lz($W6Tgyk>>PO>SCau$Hm9lb6Xig%N44B;RRyerc8GXJHkQTW1_fGk;*bqX z26#}YvYQmXu6QsZ4fBsBh0zs;(mR4;F%)`n5&95ZnxWSUB0%xf=n|3=Gl12Bs?E1Uz#PW=+QSS-Ef;U}uo&2a$;ApApHUX1qzG1sI zu&;2O9%>_BE;&|>VZX!_MXsX6lClEpgi=JKhydx(IP?F zqOQ={HpZo8DtAJ6fao4WT53f)UC_wvmaHaee&Va=*ilLWl2T}sPq*pzN`?8}@RC-w zMQq+us-Ai!%GtzNY8lvG##XoDaNz4unVFVkH{GOA<%qqy1ehqvrZAE$_Psg0jk)qC zg2N#GGO6>7nmEsCK>?)BbaG=n?x6CN{Wa?b4t+3m6ZKLKTl8E94J&sN#bVaV@pw4b zf^JY{Dw6)HA(pM|noeS+`S+TEJ5KpV7Sd+6xldU0DZRirF)$?OXU7i5v92+RRx$mz zgrM5bR5zhU#l`7*v<}m>M=q5=SNYXZIa^1Fww}K%A39mxty{{?F1?+RnnFq`eU17c zzTsRFi8kbJ!mE6nbl`B{;gEdJV~Rx_-60CSj~D?zD%?;*E3*=eA29Jl)|(lQUZ=|S zBvgQol)(#Xz=RrYS|0Lz8uulMw~rD<@$w};T*~!NuiZ3wft(Y-RX`5f0Fi_*pyLkn zk0fz*$-H9jnYl8of%rQYm_kT+e5FUoigTgdB*Iq8A559jygy`dL~BribnJLDKYp78 znZk4FP~<(wfK&G&ZX^lg1g1Q>gw;O95J=9M@K=6E*lR3@O(?r1Z4l^Frzh1MHKF%? zTY3*vI)Shw+uS-@C^*d{HIpte$U&g=opQL zpN2oNj!cFN<%#)S-46^M#kHIYQ_7O5SgMxV4Xkb?$f$0!yZO4wqRt6<-J01yV_$!T zRV}4ecFAj<`({-i)Af$#7P@wC9@n>=gkRMye7_6D<;xlYzpe1eb>XS3A$-`dArO{a zIs`De>!?d;nYgFTan3k{4`dU%X=*3Cp3r45r~H#+qEH-4*8%?tV{n^d*VkUK7D0%- za+D@`+svu=rwhk~Zid#Znj4=RezR+Gg5ZL^SjZvyPU9KnMGof-zktM~Aq$ju znnS%r8Kh_vv$Elqk)UujtEp46s@TfCnr%chSR_@oJVvB8Q{K&-(prvty?~Q3-7?V6 zswk^odsL=#S-?kv26j{+-i_mdWs_yId{sh&#rI%5?P zk_VqjZQ94Uu952Ivg#@f;s1v|;>pQaeOdz91(H$xod*8WIDpg~Q4Er;#MzUZOkUhd zXTr{y3PLMC0+vG>h97OhU2p~usZCA`;=QMd{2mDD4Y@OXb^UoB__zdrC>hz}aDNn04K#%|_Z_-e88_$&Ds6^q{!uY+B8IGsv3<{k^2 zPaZZ4pP&^IP|$!r={rB%M(u>8ZBrHl@>2rYk9RRTTVWH{y4XX>cg3YJcR{P-BASkl zLIo+Ca8R^bLvZ1gIR&P>@FZ}pAipL;-G7B=KC(SPc3s)_VDEynTNk@p; zf2rNFAm_vB5awC-r!Zn}AE_j$Sakg*cCJ3$60hf|34DKnBPDCfaPY?-PuvZHvj7=v z)l4-chR2W(h1Ng~-%T>ufP~TY)l!n|U1p}usSiH_QJbNsj}`ZuYFL)jqq3IJS6FSb zF4Y@7%8aO)gou3#(+kMvS3X)Z^urg{q2qS;t!Ux9*VLNq<$3mrmOF8tE;|xeI{IJQ zL2AEBsgH9IeWZD{=^S_FBTcC1Hq+XrNM#heiBx;d$n1;esZabIW>%QDDaB{$JW!pn z7yVPp>mN# zevSN{Ij*^f%7RT6i^MYGJ40f!G@2~;+xMnD<98tDig7XY4t*A%(-Wk z4h&xANJ5S3uRpIl{sod(>;C9OC-%E_q0;4S_7irxuj&W|d_DcW+m=IbQn6FZfR8$J ztd;b_M1C|S1eP3K!>_M0q!CZa)jn^5H*0M>31XryG zN;T@4$RGbrMsy%-MJuEmHzE)2T%310r_ykPo| z`K}>XyjU?zjC4gRiu(|il9`l0!eYgg!f*4<0(%BQD)L>G)#rZH3nVw~4CxKQdwz>! zOGBgfc%!>1qpR|mcdpLP;Z*(vgPtX6Op3*Y=0ja@*`yOGyZN@{3+R~Yq^EWwOa{_A zf7I0LTh0qDTUV7+4TP-P4LZXuf5M0o6O6u8JT;!n&ZVi`rOQUrW*gFz4*k{kD}@r2 z8{$(@*?u9DDPLq4v??!d_$zV%MQXVEYNK9DtlsH=Yw2=;P(k`NfoxG*z&dbo&;rtn zdAHz6e)Ekz=y?*&LBI~ygsGpdE7Zo0l6<0)lhRs!sNx#+)KI}O(hp;_DjvsyM!7V` zM&A+BOU{@)w}g==b|my>XT+E!YXl0+kc0!=)C#=POjv(Xt8uktZN|KsCaOPiYRQ_>{*1t3F{wT-G??F-8ut&>>7Fk2r^IzWFs z2ESrKoy@eumL49lgM^?{9=8Q#fQ_np|%=ehgUQEMiid(fk zi#=|iiA><0X`ok0CYbWQ-j_j7x(UL+)to~APdXtKS^B{9u9N&)CsL-4#5>pM-(Ooq z#|9+sLEBzm^hJY;T!IQ&Us=mq8JY(GfDR37b@fGz<`Rcj{rb`y*q1!=4fYZ* zanWJrLMCh}k#{YwwAjDWhdtY0nDh@({JTByr^C!9k~Z(A?-UzS@C2qL@@~?~<+&^J zu)`K;e!r;n5CFL9VmK~lQdF2@zeCCf6PM^#Gy3Jsg0XLf!h*Ar^Yi3T?InF(n9OoI zlc46JTWpe-A$N!bq!2bT z(T&4|;QYq5D51OzB_&i)s05+JMqshOKYtw-K&>qrIzJjAupfR6i&I)?sVc8R)!fL@ zY3Gsa$nKX9g*YNbOVtz)IM@RG5Z|Rp?#DqWh(dn8k!P(v=T4Z7y&^-+lrU+FrUDs| zaKdHSR-N!Dvfq(i%VbRYy(oQ8_w!6lWp-rVBtA)0J?qR94PGy=gnW(M_ zxJTX2)1N1A@3Br*B65E=Di<+XXssSiVj&R@KZZ5$K@{|>-NbEn!A{k5INDANiu+nq zwi~hdp%GWFowLmcWv%np?`oa9#b|#Ms^Lr!<2h!~DfCf;Ua{dDVGPE=E{(}c{Jyzs zdxkoY;}CqlhBejLE`)oMDWZ1;esX$#M6jO_tvxUI0-FoXg}fC8J`>_XNPn7aFqO{( zDJ3j_kJC(8Z$X zE5oyL+APJk5^N8zjk2eo^j;8_&W_}bYP|Q$Sg+!Ey1|&FPrv0VN^yqd!Fn*D$_x<| zxekawufZMzF4W^eMxN2yTO+>jfV}U|p!Lp;4}oY92ab=1D$b z`I#FYk%{AZu$QY+$ZM7)Y<5|fYPt`X#a>f}e^Qhhk4CZCry#S7Bth0`h4=T}c3)LD^i z)N`by4Y{35jF`h*g;@70>y^04pT`q0riDs;}MAg!d2 z8W7I&9gAR>0R$zu@{m7`bgNw&#zSq3>b<~q-pZ_Gw+rk)j15ax#8l+AN>nDN~mFL zw`U4J#8{(M^+m43;{=2Vpgnyj<0h{MV@GHTAPL6&K5vQdj$5hN?-HOU&!@aGK;g_r z(x%#0#hpudf{BTrnGLw6P0*c-VA>=8wK&`EQ&9<8au@ls4*@T|2THTu3uSYmVqO(ue|uvt7+E0A3UlTKTMK(HrO;Q+>0Qc0G_@S7o5e#M zzSPYZIty&;brP{Wy0hx}Err;*58O22u7$wB2CMI$$(ImRT=@_{buYXcr2Yf>643$g@E=Ew+5)5!+4_! zk@~=ov*d;`P9S8k6H`fQ23&bFC+}u=66Li1}lC*w+Tk@6Dhx2+tB!_@1P z#ARKll83tXP}o7LX9xyzUKB^)82`^`xlU`6@$J%qn~YOu>Fdy2M}6}kJ&bWP)d8TK z_Fi?SEnU!A2UF~6TJ#*reIn6|-^7*`!HpQo>5w&!u|=M+Sd%Rli;F&D9{8zob9|pg ze0_B8wjD%kH^(E0WGzz$DRlOTEeQ$BbaRdAVfEDVd3U$jBU|D!qiwl}QV0_}1AEz@ zVwcA9OlWE8oC6a>e)2Zqx}pCj7wmx21!BWp;Sv#rmJ_-})J3|yux;(|CH_Nu+GjH^ z?uj1EZ`&ibP8+WNlb~Z9$J2<{+&jW*f`+Adn?qOHx~$Lx;p4M<$l3n;-Qy-Pvy{~S z?0_&{xW=~NPkMK_;8wK!6z zd=fVqzuK09YCK4Q-SnxC|U zV4P7;#z>6x76!02JS1aw&dz8EL9|YJ$MD4L5Lz7COflWg2u8`QTm}wXHoft-{vX$0 z^r;3S?iz$$T<q%iybZXVuWMg!?1)wDUxRD{?|KF6n(Ia=BBUpCD0C&U zlwE;at6S?cxu90h7L@Z(9q&Ab8xyBT>`cDi{3R6UFs{@_qtWnf%7XaMH=nU%l!ql+ zMHyKOZEwE$;i46kWKvuI(Y2{mI+8-I=gv=s22@o5$s3xkU*SVskblT`BV|}x|Oqu(5uaVtUIl?WI8?Hl&c8(Z1oGI!c_C?)LoZz)s> z8nk5IBN7i}n3YWueAs!0g`0AO8{=YAa^tKC$j=n^0vsYIDsXc=)WIh(e+msjhY&fK zRDH(P13=nPt#2)ty|W_rsnXo zXTmm_4#!#MJi+wHZ&bH_n~nd1wWE%MEUcie3#Gaj&buN@4FBA-6dCaR0ib1YG}cT=Y-;m;|hj=kYBu*^%K4N(@L@2AVbQ!mi0ywbMtdS#ZtuarDP=5LRVrMU>13W&;0{G^Q&DG@7Nd?|I+aIJvw$xae)|T-OACDwl+Bh2qH4q5!W< zx1`*=N#t#X%YLXLiA_=hqvO;&bBkgMl`r$1TxzYZNDbVSm(LGXNLSHei_7D5v5tE- z2Q%Kaf^rFltQEKzv^oXOC@;8__gg>ECz*5Y_*y$temUrxos_XZ~j)c>#oKR~DM$jjJv>9iq2IKbNjO znSEc}?v6aM)3wU2^fEmQ2J98~wmptw>YNfPQ#N4a$P(#5sc^FeOp*RGz!s zivDz3wmbTeS@&`OM3qk=dkW_NmoTQw)L-r-LErg zm4&;VuJO`8%xYEp`}WZ}(*#$Nd!tT(rnIpgI@4-US3DMTYWNrz{Mxy^QwNz?$ zt6cH7W3k7AH;*OFPl(IRLEZYeUPP?I<_?~a<%m4VWk%5<^tRmV&KOH^$P`Nlr;mJ{P^4;%ht@1jh+D)P!-gaioE-Fv{Eg>bK0C%>ryYik%p(45G z>*emo+g)*Tx)OJ||M7Sw5=W~FLcv0~bcm9}*Gh5rAs#s!7gkUC`fy#+Q%BqjYwvU$ zs;9(o;)W(dsH&)_B^nwEW4Gf}5inlLU($XIj|~1EyvtW)np!=Rqzr|p zoVC|{7xm;XBwE|p$j$Cea$EFEy47!m+xucrf2W(%Q9KxaF5oa}Bx~-di5aPXN|S(}vUtkCOO5H{HeB@^84UqpxRM)I zS69{Hq@aQh3u?(X>~FV}0mAQzflRsbVK^;rNlWfXWdWlj59>f=l~%)fZg7i#DP!fb z)f=FQ#omkut?my%>o%yjv$x6a3P41jnv)W$g-#$7>)N%FPqg}8ZCs}7iIvnG^1&6` z3s3wo2BV3xS!wjQt4jDrOj|3}ZBUD?macH0)IPyB>_RSE(=WG9ccp&9w=K#dwZ$mu z_MBWt+x@pfk!Ev!RfQuVLUq^m6QjhpM%w(P1kl$wSPg2>h5gY%Z!Y8+=!NIRWWP7( zCEmjt(6_M*J_)dGK~^{UASYbEhh7~iJ9CGu)39q z;g|0S`dG{3HvqcB(gQ=hqk?F1GsDOPs>L$JFe8tVd70P7G;=jyH8SC+*@HxuRaEfb zGwQ(_5}D%!X(0Pg9tHbPDv(9u_8C+^-iy=cE;cd9$Eml|>7e&>VfmQtZp)Mvc$AYz zKO_QKzER3rXiTs+eW!K6)&rLP)1?gvao#dO-Ia7zMK6AE2(a<0KD zDy5r?>i2R+cnkjzyx7ErAp3!>#~UmW=j;0|4&glFrZD!~WUhDmF(;m2p@`7}RJV%e`io>7hP2BCXktapA9l*j0F=r2GYXsvSA*Xuztb%7j%~;d$)wKz0VEgKf+< z=-EWDyp}&6t0Xq&O75u_D6rj=f=pZ^QG`LmuHntVr5JrjvKgYaTKxg0WTrk0t>lPk< za1#z$Q(RD8s5%9}Mlg|5_fbMiljcEzg(H1^NL@4m1lDqDW%9vJ$kakqTm1`9W5w%u z7H5a=fY)JyOu5_g!%C_!x@-3xp0zQ}5QoQiDJ#I*c8++!k^PD-HA8Wg(9*^|=B@dQL?1{bzXLa4(#W5p&`FERMm!>C$D{oy}L zvQrwUd~OJnNnjDm0VB^l#Q@3;4$RDEO4{ZX?qO=cO(j6o=W<$B3}YmLoGbt$VLf@W zejIwJ9A;F@pVTzNa2H?o=8PYtCwM8I%$X4&2w|vbv)UX3)3`^A=V^d+{s^%*h(-66 zG`A?H=pr{5+m9oekdh3rXY43NJCr@lSEawV6z=`ZHG%3M;UG$~DbHf%d|`H~*e?r> z8tk(F4dY5i^GL7d=j4V2;$sC&c&YO&6^SH#DCrNGj?x0L9y_nsPD;2Uyu$y$r`>4V ze&W+4h7HDjMdvg>g|e%}N4d#l&YkX$>k$FQo~uKBp=ekUT5Yod*d$ zzwSyMD*5IX_i8f18#e*g(s2;%e9%f_yAzIpcITN#?BkyeirX#Hhk|!K^%4tK!6>y8 z)GqY!z$c5|h#ggQ;EJ%T2r^xh5WR#4ZEv^j;{x20QsvS$)%#o4)ZgXI%lCH#@EFDI z05DB-c{EmC7$#v+75O1#re%y|{0?n1zwxTiwdrrHu0X*R`-6%x>jbabWaV=@=w%$F zMluWdb{y#Yi0|^Iwv0CdGJeqYTkRJ!cjrgqKf}9{FgPjjWhoH{&#bhW_F-dunueiC zbx!-WF_%K-E_YT>-Y@AsugN$r;pJhx%TA6X?TQr>GfmN_B=p7z9!7&Fn|*(l=b1)D zF%cYA%f}-4-amO=aVZypoGvM70-*qFJk9Yn=GqGUiD7zM%#AEpS-n|}s=zr0df&R8 za+omK9$5dK@|qk@Mpnyl$wv`^;9c#&*z)5Zb1ddQuJ(9?S+vBhxVlKC^UO~IT}`NC zB5%m3ow=Dca(`hBOk$vSjJ*ruchVQ__QzlCD0Q!Qezmp>+cJNUSy)Z6_QCxp6*SI) zp|6N)R29fA1)YfV26+6$OCRC!jZrZM`Lt6d&SpXF_}?&C(rO;b=#xv{%q3a0thW0% zl9~|;<2LbdoME;NkSpxNUT40|e8W}M#FrB>eo_9)xLgIp_EXw0l61H~WaIEP2g3z0+1 zW2ATY>QM6X3TSgTzz6Gk1Ud=DgBDJRwBNU+WWIvlL~eSazmMg^g83#s^fH0{n0jUY z2ky1mbOvJmU#MdL159<*E2+Ex{?Bs;@8Rg5=(SIf)*H=#v7-q8i$(VDQ+f2DpD#z#B7P7i2*7^{A8}p>WL?)Q=bpBz8qI0Y5|Z9%6vx7mNf!hjg8%%9aY$5xkM9rTuh_1W$Bej4Iq z+JAHc5TE$pP+}m?1+q6#2iP{}8vqyhG#&T=@=p1eI_A0YYJ?5eH3Dk-?5flH2*B$< z@>~DES#bX!P_;K9_Nhe>Ft%3gcOA#5`5Ps(5ZJ}Y7eyX)+;6Z>2%VYUIc{0 z>~IL9?;mwg(1uMwx$EB6C(oZBTmPFO{+k>Bp|r*R+J6C1(p+~uqey%@U2*jEGp6Yi zCibu0&HkJ9qbC4z!hy@5q}%7MFFtQvz_b6m2B4%%od1bsF; zIJb5f;QPPW`Ks5@o8-mGQM`ihrS9|k$zHn;A!6!(yJt|8-SD5hK2T&v`lol+Ml|MM zZ;b>nf5g6P4S_aK?1{DCd;j@s{nya`gwKJpY{ozSF<90|?`Nlcdd)t1|I=XIL$5|~ w@c(%Jv!)G!m4+Lm|6|JkbqN3eWR6p1+rQ4pf&gG(U?5PQCY%sh3@h0G114jyi~s-t diff --git a/released/assets/rancher-monitoring/rancher-monitoring-9.4.203-rc01.tgz b/released/assets/rancher-monitoring/rancher-monitoring-9.4.203-rc01.tgz deleted file mode 100755 index bd463c2a3737096be442cd15ee1225b882112951..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 238087 zcmV)IK)k;niwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POwib{o0TC=BQCqpQH8ob5y0Bz3Z9m}l~BMfN1#u|4`EJI}jU zGSPtDAc;}4(F34mGq%>+x3T}em-bxAyHGeZ&F+l442Q$vv;BSee>fag|KHo)fA+hb{o(N0@cG{Jz2WbM zI|swz-tW+GL+vkp3L!E7-SFCNRXg{UJUGjk#FDa1jJ6QMT+#`S<*XR@DI26TI~ODL zc?%(gB9!4d86j97=#&*aCh!5Ff~O-ilQI{h!C*?Edd%j7oU=KRGg62sX7hQGQMnk* zNIH*V1w;gJ-{(Sdg6HU%v!6*UyTfKV;aD<0I4{N|DnHaaWJ``vPx6BFwh)T3#3`Hh zV=QG#R3ThQ7ST*doTejG-yu=VlketO#zP%s62}4P?I@uffGmBNR?jf(0?C)(51e z(k}%OQbciHjL`nUaM+BZD>o-|#up>BKO7F<(8jU_RqH5c8OfyIoh_WxzY{Jf%SPy8 zXA9@K`#J3Iebe9BN{EO#%_Y1$VrfcZDUcu+gyR%(l43~`^jDJ3kzSim(O)>8;0&V# zi`kfAo`|OiXNg*$b`WiqX2#;ANNhT|>ygyA@HFa~WdNII45a|~=OWBk~@%Z3iJU)o`_Mi3hY`S$$ z79SW-#Aqu*7PYMid3Z&rifQC8h&iU2#55xuVCa>5AyUeUjAC-(-i@i4V;-MxMTpEX zO-E=-amI@=W&d-kUZ~z}Aye9Y^NT|lr{|c<89f(Gwd}XDmWY{@|C2u(FM^Wrn$zic zQ5Kz3&P0kY`ZJvTdq&AcLks_pq|*iWu)_R;W=WqeNH)d%e~Lnopu!=1-)h~_0?0dz z-BsxNs#>kf?ZR%`Z~OcG-Qixuw=vC-(LFkBO6FMz8 zoS|D=+uPwAz|%t!Cpedct8$!7uEdNEBqwB`4vv9&(FlL5{#J3$BvbuOMo96MTgbz0 z1dQyq;+wN6K@!GrqJ}|n8u}GMj>G%mf^e=F1jgZI`FnyIDCkzeBf}A0<5#@{xs7}5 zi;EaQ<&4V_`gZv3a0?+i$5W#5=OkxB)mganVvtZyV)=27vz^`O{2LL~hbF@Fzz zka#*m7sLMZ{!q76r0FqBX}lPrSCh9)9&;i{Cf&zV5_2NO2z|O#11fTjNz4hB#0<2W z@RPs2M8}1g9dq{4XQY>`1>1vg=7B@WaeR)aM7V*>3o*+%`>5ugpOYh&Nv`-u{sw1w zTABR`PKBEOIgy;k;uuDAXSjQ?s~FmncZDq$J5bSF!%~G(N-}9yO>XKBcXsqd3-X%9 zIGr&e-BLp+V+lDWilt?IWaK9GF5)aD{d31mf_S1E%~PBaPYgmxvXt;r6jXv4nM_D5 zN2vFfz5GbxLYkrod4kl-k5ov}t5-RVXCx`oWp&hm+F~6Ca;IS+g$2<*e!IWg@l(rw z(P`}Vzik*hwX_%QbK+`d$oU&=UH-Q(T8=S>|ZGEUn2t7(-c83u_eX$K-ixO_qR z2n~pg2jvPG2$6b4zNabinvI_HbCA^4b50hu&(S$qctv7-6atB{`?}7WRlvXeTHW48 z=X>I|NcH)iI3@g|BU!0!jXelS23+_TQV{4weO@#Ei zr|$g(Et{a<+OclB-Sueyril;iaSk zF@dd&?Cw`4{M^MM{9=UiOG!VwUjvO?Epn`!@N=>ltyqbTi{qC9r;0*0-G(*j6_3q@ z90qk8q8Z9l9D}~CQ4tEN$DeSXkA6Za9+OlkC~tpw_i}_@RrGpPXuaxFcs(zKL`9xp zsdavJb(wb=+b?*kD6g*r9HCxay{8WYrzTW@6OyNFF(;WU^@=x+WT3qqpeZIB6-=t6~9j zFBuZWSV$@hNnoDU2uzAJ)#Iqv1SjThOtqjsRVGLSehmu)`jh7=T=e2J4J*fNK4+OO z2};gwB;xrDi`fX_alEs;x3!Jt3n(x`7@wcd6Rimc4Jb;C=3ZYxD{Q?xVuiT5I#z9& zvL~vj+J1o&)!bt1ZHZIDr8$(ny|4GP`#B{U;W+i)oPXo<!&8ABWosgLEq+Uvsr^B%Ta@+JN z&#MUQ4<~kEG=4pmjN>V3{sx<>@~LDiD(@whPRvEd96iBh3Q7)QS+4NMdH&XZ5}JgJP_O@_XF6lHcT)$_az8`S!_va4vAl1A zr7HPkDK3O$bHwd(LyT)g)!%yC>-#lL@a+woxA*&M^W!9;ssWsq%UDwa^p796wo4PN z`65zKqX|ukdXLbQvqA~!+xEn^1<&A%eeWoU`yCmqp{)M1{D=_wm~-Gb&=aqKLUx+6 zF-}L?{zs{+7SJ8A)WlHD*`W|Yhzw=H1nSQh6CW?=7 zY%cH|-97p9;ZaG+VNydig#eqMLJ%&HsSE#wH&=$y;wQ|}UcVK)PE-+eq-PU~nzMv` zFfB-?W}R>x%bI1-(TR9!Se`dHH}*^BUd`&5!;`=uaX6iFGF^@btTp>to#Osi0}5L> z@0guD=&m;gxyWDEls~!14=WqP;dYvnm`)ZbXNkXi$^s|8@Efv?35&%bW?4*fDF!)A z`XFaX1PUZ77m<0ljq@DyIpZ4!D@d$3@=Zfs2)DlNYC~unnb!KYLLaC33|ClbSWF~2 z=1lE-pnD_q@X5pVpqPc=K^dWk35(AOx8F*Lc5q9OVOX%o>x>9uDFE;!dFa%#Nr$#1SAL&si}yWu`?Seh!KE` za!xO>BoQ}+YOrNy1wJ49ciaE?QGIiSwPye*SQ_A=K2GLoTOC&am`&0`!5VsTy!K^v2*KRs;oTln=O%j+qd2oDyq< z0wyFoPtnD$Z8R|O+%>Hls*A8DyD%(=9$?jSAxM7{vs=Cwy4A?E>gHAiXF!9k0`OIO zmbH*uJNh;Kw=DsIOQ_%ln6095kxbQ6u6A>s?(rgvltiMYg0jr-ZZaNh3r$*;u!hwD zl&$N=byHvl6bCDk3Pk7gLaL>K6vZ-KPvFFXrNGHA1?5_(Jbv+K$GN0L71O`8Oq%Fs zma>2TpHzr~h{68B-nZY_*~nS)!Xf`>KweKtO=*JAoMuK8QKF^RH_q|L_ZcqV_AKic zEU<78v^@;HXrw30wqyWiupRu=%oxCfry1S{GM0>`9!$;(^?#&T;fN%PBXUc1dmFvf zk~BI^aeQvpoc^L)AK4}q95N~q0KV^RycnT>Jp7rBAO2YV^Z`>jLVH6|{Qz9bg_6Gx z=H)j|a)PDzac|~-j0pt^@}W?OMj4ZIVivD>=x{W}gu~O))1}oAg0E+~$HMDmgapZw zGsWbk7an6`Cjm+FQI62VPoJD68|neDzTr9hszeX<(dFeszaq}*8JKJRr^f698P6Cy zj|!efGs4NAY++|1=k*DU4FdYDQ6D_%%XyxHw$Dx;LM11yhZ6d7rcO^*NHYoE{I*SQ z^UStRYvY{m?9SXLH=|jRrj{iDEIh>^xL1s}N`V1-t>^T=)VG99-PcB#!J6UtAJk{{z zj4U3eDawc=sySyl;pqYq5#yXBNHBd^tFmy`W=v`sBIiJi#|sTi;oLyVW+a{W#Y_{i zgj|r6#C+^!1o}hqJ%;!p|)f#c2ZD@us2$Gymr-UnB2Kgh{4{@RsG?nO4N;1^{ zi>j@aME$=5Px}}R{hmF65=M_Sdg2i}1&V`aK7ew{xFpFjrd;@N5c==`^Z%kJpFW|! z5|Gg4<>(3eN&SRo(dFe&71(M#8-}>@icV1fauLIOy)9hR=V_4<(D)@<- z-L@)TBU=sq1V93HS}BUOw62pYFC7atY8VDH0qy__#^N7`uV0?LLlN}8p`^Fi0Hahi z)vuOno(}^aeAcL31aMBxOFR4ZvOlfSg!MV|TQJI<(G%qNwV~t^@SaMiFN*mb^GYxD zJF}QplxJidSZ}YTR>wAtYFjasL7P_B{{H0k z=n4AIYNKJb&m)mjj?=S@NphCsWb~(1cz_6RmO%5j6EbHP1U=Hn^=Yca^q$)oJ=C)+ zvxjH-$J$!U3zToqC}rn3SF=KJJPQYw z6HpRct+s|9jIQ}|O!$c@Ye|41h3?Wrw^|l#Rm4{N)IyKHr|N`KQncC_YAGpF035gK zF?1&P`am6(wh%sjs$g{aS*G1E(unrFVy8 zsq5)t=p;;)(Pvp>B{+C==oGjns@`$6B7D^&NT%Y{J8rzbo{}7MsHjhY=2c}jQy(4S z%#E&OQzB=CYX(mB$1`yDk3HRVbx$F{$KkqUyy4={-V92HQYs`-=VY)(t(Wtj<9odOVYr|~U>J zvVtaLV8DpMHZiK7h~@z~uH?)--L|8}lU5!p4kd`-cX3GhZPHf|zP1g1{`VZ|)0HLwQ zBsF43Xwoe74FVdI3FE5iDG^#T?zO4moM}`=-9_Hg zxmwF}BJo*CQO|OgoGIJ^r5{U-HDywB^2h3+{OeKw$>Rs^t=_xFMqGhXki0tJ%P*v_UFmA->k6B zZlM}F<%W?sOE6Cm8~;pV`QQKN{|dG6aDpZ7qc?i$CTxXG@t_P0`;p zgcFgoOdEW80r9ZqXln*yp~}NeIn$PWwk1;v<(QWu51nR=lLS4YS)3MNLmgamK89IP zwOK~2oZ#>%#U_8`YFdO)>0!kY6DcV*%$a*>+E5~pXMWybQlOXeQ^UrI8P@2`S&>Q4 z)Z4Zi)IC<~1k^9KUCb+0>(&m&R&o$5FyUD$+NMg2;;@hY`%QPVp?{9wnGwI~4n5UN zWsdVoXJZGYp}$7Tq{0c4pqKN5HQFLq?7TDasA*s=CU7?$YQQof6(`fTk-XsidKhR= zAHom`hkvKh2?oZRg`Ea!QHUN!GlE{TDf%9)8cgZ;f}oU5Cv%A&83yGsVjTS}SmwnI zOWAa)O<@#QHq{_Trl!XZPEo4JZli_gn7H9G3~zvW%BHVX-4PrBx$DG6< z?yHwZybcMF@uq-rES;A%i2z-#RyfS@xu!)PB-*ef#4d9?ivP@p=Av_82{y(=?@m#4JmcG^zie)2vV%V8#kA9#@znsSm{wQV5hY zpq-lRB*48q)jI77nz0W^m;!N!wRM16JSvslR252dXUyuY%IGZERnABwY#oJRL#{K`$*Qx*E z>Hb4i#e1HP!hXU-MLua4F0+sVMS zg^|#yK%9Kw6nJj{s0|}^56rYZbvz4>72OG-QGtY1qYd(??Zmi{hO=?XA0pf`(362M zO6UaKC}hy#z9Q|`^%h8QA&eQnajeqVhr7PKdK`HQ;8zoS?*(j|B3W7%5r`R9QQ?v< z)Bxx)wmiLXrixPre4I9JBwQUQBzcO+$C%{OIN7B{5(_$Hn6aWGRhG@1WBM3=t2UMv zvst2>wLumVREmBpP3}EC8Mv|QjijhZRS9w$Y_Slh($mb%mzw{S&Z%(*(AG;KPqYSZ zF`MTFc&nI(1|j(lNC+|wm$tb!Zufx++pQmn`n@yMQNQan$FI24Skb!?2R|=KBRqj4 zVu50u1$U$_1cu)8N~TpS#8Z;k!_=-a&6=@<1WaV&$3jIt!6veY<^*TL8O(ZZnfv!A zYL^iHL@h|5KBfSYADGkLDY*?X%gVaeVPj?tO$*F%CJCH|*1#Y@&7d^HJXwMg73hia zvq-LlP*a;dO}-N9F?18LNEICJUDMmt0y^f<4S6Jv5c7f@BD>G_+83L~l~b za+b2`;%{W(Ur+@Vy?#*v>!=Rp{nRAXot+?>?R2b&(d$#6`JD&ywJQ!wep z_M!j_CB4#UHhrb#Zv9$^LQx!`$8Y##?;YXufEh6k052UoT47Zp9UP<*a%7i8_}@{W z0Mkzy9pqJ3`J_G0s*F&CG_akP_q)M?22N8{9YJuh%94k|4|md;CbvwK;^<|BAwPfx z8qAg-TE$mC!Wi|=$)e}FQIC^izra9@P!IkuUpGc*@f01tAp@GRG!be5A}y|2LkEPV zR-h4mcIn6$$a&YPy$qViaGNHcK%22l^KwR&Bxk6g37jwha!M1lI~)%C|MBEvr+>_n z3T^?ncTHbF=YAV&*n^6`q}8|s47x{vr~kT(&4+$F2|zgc81982Vh>254SEK{__-S- zlrol&aeV&NQEw_y!ieUe$5b(;Q>;jhWrWbHV>dl-nY59t)hUuLoLNE8>ibtu0i60U zWkS&0^8~Fb(bKXQRqo8)Sqbg=E)dOrwi@cvX3@=%CoHI=QkE|Bs z&tlWpnS)}L*qvg0P7p>jI-R8pPY!c&B7Eu}HXrtraWI(hPg-ah8Bc)9+0Lzb#RoF( zZGkWIdk}$=O5AzHxHU-ZQ=Nn*2-I$*^DP;GIV z(UDb0bH`QVLb5Zx_|6!go^h6v5&AnNAB+M)EqhzoaCB!Wo6_t|AsJj*7jo9e8Os)P zRxFLv+1gNlj0KICn6{LubzA@p^oAvLvhd%fGDeh`u@9N$?7{5GrtZn{ z)FNrBoz2*soVmJZIhL~#8pwG*D3Nhiex_2SD)oOBEK^IQyoEfK97{4a{E)sHJ|X%J zICP}1AualLLd~Za?#s)ngFQ~>G&{yZe1L!|a53ZJ|5pv2{o80e4A$qiJdc=4@s`t}w`+HqOJ1*1yB>Bl`(R|xOyZ*+Drl5>vxvJh?k%7t2_|K=Nh=$`uu`+6%7v5w9 zmXoy=WXq``vi4AVP~Sl4rdmXnm~bf~H}qS2mBS6%vEHgg#*PCKA|03_?k=$n1}8ZA zAxjrQB$YDyhsWAYYimKEM<%C^^)Hus`nUs!0cQyn(r^_(@RWc}v*}>lgTLjofogb9 z?eJE{#}AJQ`+durn8fN#LN>mtdI#*lq2fSXKn4G;cf?_!X~9=53?(>b<_k%v)WJFI zjH|cmlvenTwo1WWrlKJ<__k(UUL`u_$F@7dgA9_})f|+cJ}JI1lM~eYy`S=?FD~L9 z>YwOjiO%=Qq|yNq+eWb2@j?mc!^_UFD8|6k+6ZE>Wz23f0q@Y5r0heZ6>Z6G!?_wM zlzqlMAS~T%WWO1@gXsDevfm6#aJOI~doV1|#m?4zxeX`W!9*sdV~+VE^0^o=kJ;(( zeB0lRaGF!l6PlPSK>C%0X+xNm8W5UQ2J%`mtXoexOFTm71lKU5t3BQAR)rIVPrYy) zeg`8IP2Hc`HV?7M z6M*QKv!eD|OCgD;=zbQ_$`VB`T2o~&AszZsvY4eK^zP``yw$h7<`i+@ z{e!|EMN}F4aD@F@7nl!X9M4E&eS;jE6UP)a>YpkarJeA#(JHC;da3>$I%Dn_V$Z>W zdTKjSTUw@C7;>eCBAMrM0oij5FI8QLen-n=blJ%1wQG)8SCC3F_b!}_MzppX5gh0V z8KM2XZ@hP!759p-VeD(LySMX2_jbN_$Icf{qRNeKc%N%8Wp}+xS-6tjwO6^-i`=Gb zT<;PWcv=&JUawv2@ukKG;hY-fv`Z(H(}u)NHs*dRj=T_8x~67%%HcL!pq>-PkI|!} zpmTJ1{0fmQ$r;V0b)T_@BwVp1aArTkpyfOK+v#H+JRN6tP!TmItF}+Z7O>*(R9`!_ zm9te|f7O?eFSECoGL4>@)zMzicKJ*lhko(OM)g*tAwYjDq5KheV$+pig`S<6p*%a= zYFMJ4qQ^j0-1BIEAAC=~G_m}djZHUP@&rpngWLyjM_JCDJ+EB81#IJ#`+UO%P1F(W zt=8WXC0D$C8IxqegUQo6%!~8e)nOzXB zw;au+JmnHU|ZDFG} zlm-F6Rw`&lv--VuP|mOWO+X`HcXuKXP1EsaDV=E9#80*G){TjAqQcpuf8glfXFvYo z@gF-gEeU7&Ds0w9!=ySmlW~4l2s|Zcl1ZF?w(pB1d=HiYXF%va$9Zv@3&K^A zouPQVUUxP*je7ClPvRGv#B0eD?vxgA1E~#vwJDX3k|N_7Dsmw?!E<8^29`5$;oY>E z{T1N!2u*^CYt#-rs)`qWp|4NI@%G03nD}F250(2-@keDjvwTlKf9>>>-|q&q8&+s) zJh!(p?F7hUT@r(aN|zRZR_{`V^b!c}FrFGC+XZ@cED&`n=?N>c1R0wwXjE%8d=<;i zu)njv)8Fs!?$+My)!yuvm}*y@#t!yfL)!XL+x?nryYj{hTt|%iaPw_lnIbj3DJ$P@ zSJV#Ms8c%CJ1X_IpzBM(w(5!A&%(qn*O%z%kw!J0MB2boJ8&l?CE95|yb>FzpN!Lg zn-J_HA3UxJh1g@DCt{k)zQ|0jNhsE&Hfx|s-|igj z)ku03$i{US=+FHYx!)pY8#Hbavo9kFdt%XEF zQg}lHTe8cC0-UOFhom)yv$GHkWjFO{gW}rm-t%v3tdV=ULRf=guG;x((ZSfux_B_E zLpD;(cmW{`t>c#oF{DFhS>lZ|lQpkQ;a9p}hW-O!KN@y0{~UPjKA0{%lx9xYMX2-07?$EC>D$P@y)(U^%;YNFR6u3c-7g z;60(eVM42YISi3KwmvPZ39O4lb{B|iGcDY&GvMXh)%p@WGIvB}(ntpN9NZ}qcu!ca zPguTa=aw>M3YxvWc8r;NsWm&xt_|)Lj$iqz{CbYN#(W-{Z&afinFZ{8XzfZ4KaX0Y zzaYfN*hDMQu3c`i=Vd%8lhzALRrkbF&zjOFM*psR+EhJj+G_0VsTx~lbP)(8NIt3) zl5l-ky9H_dMxhLBZuQ4YQ?|abHB0bb=vXT{{)!h~nP$GjH$=6x?e=q)=w)QNfYOh` z{&iQ5-M_LAC}r6c6`7B-U?4LW6&2Q}5qC3A>i%*uP-= zgHNj3O5!Y=h_go!e)F^TD4;A8pC!kcP;24wS^p26w|8I`eNX0E$Xwf|3y57?p=Bh` zZCbYx4-*|+_+bF!p$?^Cg6>oz6IjPrXL%=VIt~-*4~z*F@hC0vrq%c>0TWu1jsOem zaD3>z(<2l`F-tYe--i_Y;P%runI9rpwvm=bzWdkUQ9>?0=bXi##X@|(z~IC`NLYMM z_@MuX$B!O-9z5;_c_JdY$cgywUypDh*+hIE(`+)AXLBmz&oN|>|Ew4CM0`%jxX}M! z4Z;FAtg$f`NOcR zB3$4$bWHOB<`R&27bMp8Ne98QuG?9Hiab$&QYp~U$qR@OEF|W#(C&{v*yx7!#=YSw>P*TIXZg=^ylW z%^RDJMgMBeMT&yx&SehK!(>h&=qma^#xuswktp)qh7a+A@4#Lz!&B=>Tr_J6@q>o_ zy`j|>*a*H}rdyhsSnqnUb$SRB&IXzRm#sNIHzui+qYrq|bPI-Z2Kfdc?v(*=?O4lj z8vqWbS*z@@?el->E}K^F$7GAN_CR z+*}CbZ|G&{0WA^x;BrG~^#h&}41uH+1Ed;WumXLcVpa*eF5}s*0X6oW>a#0GLt{vs|p?G;Atk?OHOL=f-M9|UiPY>*-x$BJiZ zOmHro)n z3!$$q7j6(D7MM>fSTzt6M?my0Jc4`yC!wFZS&dREG752XQ=$&@TtikGd4Z=C&+C;!YFzL$ROEu(FFi2HNW{xS)_c9`t zP7mWN`%@yt=975NNZMTSLd7>+E2AD33CvDXzvvv?1tO8CLX8 z*j$xu85Q9=O*Lv2>*_>wALHx(p2W}PYst3F6ZJowex?jabtP@j+Lskj18Ccc_0Y9B z#2{|I&hh1iRWS^nK#xQb&kz>q@V`#c%fFpI)>4GYlymg{3Hes@XyI|W zZhEonCKuCkQA1)eh~w(S!!Vf}+#*4;nWhus`uS=Asd}!OTBe%qmOM4vO<8KTm*lAF zm|UqrNqDXPHzZcl$*b>^Dy>ec)EK_hrM-D}aImMnsr;~|mACbDI$r2gU3SYVbgB%C zRzukt^K?>8`ly(3!u$}>5%VLO+eF!W-xyVtuZC(>LHUyO9On@yN&wQR_(@mvd+h@1 zg@xA)ynS;5gdbxlOC+BtLgSvtOwh)`U?fo-TiD1odUc=e0mFJ-5Bq+ z;O<|m8m5C5aZNp9vnJ6S>$(PReI4A@)NfWO?H&|gEmL3_s#!W47dvbZ>#YXT4{?pT z>?59p*N~{SvOA6mH>o}<8Urs~RZ|L-6+0t`1kO4k>MiY(0MHc|TsazRExn!QrDx>C zSI6o&of5HT%PZF81{Po7Et#_fB~H@FI(F4t)x;u8}BD#)IwB zoif7e>?qsTO?ww#p_e5Uh|cE)WGF#OP;lB;#r}Zm&hYt~9KQIov8~a$s}u9fRI*4a@In&Xe}GhDs}M!{vt(n}Z; z24qawWKW0{QvInf?^01{8y;Qgm7lh(!;Wq^4DGTsP5|GUyap!6mvD)&mge;e)pupO zE-jrvXluYXnqo;l;Dw*y%k5+=XToQ7O-e5cYwE)@GI=`@_b)Q zM~7Z-lKtttLdv#eRn9gqeNU&fZS8Z6BE&KR(`z$>&z)^Y+01E9;=Y$0|9VTqJJW7x zVbqs~CuLRB!POQ>se14Rx{?=e1q+e6S%q9AKse_(hhr16nALcP@Rrq2&{RFd-0+yy z;^cna;uW}#mgW0B&2Xx7uo`Otn+CjOhlk%P|eO8ll%7i$=UoF$Pj~ml9sjJvoA~RycgN<3za#CAPD8!A`C3Y7il%yrJ&V2`R zia*=NwDgG0b32aZF}A&p4v$~yR8&Xh&by6ab4IqY->yCe?5FDXR|9CN_L#^Igg~Y~ z0k?z~#>KpppA5}Z?_M=|$Ss9ME^u0Ct~Y>JzHfy28uV+gS&S76e{L_qYl>i}heIi2 z`54FNPmy4nGo%tF%vj`(X_g>7#WWMr-lwBi#{o)d*=E(JUHjf2CUctUBw*@i;EnI4h(MDfi!~3SxCCpK0JfpeQTbLd?WCB(>tU#9f zAd@a~cW}G?oo{O1DsEW1*(cnDg+j^j)~pnO+Exq|jC9*%t6)CW%oWW0Hj4#Kbv%6! z9ASE?;S}60tZ3x?6>fzfc__Kq9u>jyg<&B>HcQ(mvMeL9v~r*iEr>CaV=lG00P+06 zfECVU z=ZoEv{FqxPqc89*VR5$b2?k=^P5ulhu{Bvzlm)hiz0pG2P_ps1>vdf%;YT4N0XkMX zLM+($Rv z`D6rqpqr9QNI>ois$GN%_Iv>Jm_1kYqd~0 z>)QHtI>?q<`vv!XRf|7Q;iP$EV2RW|a4+>(2(>-R0l_uyOgm*gH9ZqEtXBv)Sex;x zR#Bby_#NWfR09!IYzwT}cUAOFm=b9u12R zDSF3DGoHputn8sN%hwHBrJlXU17jy*GZpNWj_7) zw>YIL5!=C>C6)&q~M8y}=%C!~33H|l^)$6w+El(!RpknRs>?Hr( zzg03866QkQ=;&b!+b#$+#sVn1v3<2Wa7NNODwSPN9RYw12W{h2Fz>1`oPE!|J|rP- zjBH2V()7I`;;$r~|6QBkR?emBvT9fxS_Rd-;67ct^`@vq<=}0@s$`NC&!JVRhS-#_ z%E9JgNP&P{YTn3Kllz!lTXCa7l=wh@5psZ|laigqn$9^mP?^<_5FM*gcvwbqik z)gZdn9NNcg`PaxKgSz@y27}01N_xmdhpG(O>d^@T#%KiqQ!-E3pKEW^@LJ=}ZrIQZ zt#O|=_hjXctunVawqu*|TeWvZ4Z*g3Y8RSdbFE*ui>#&LRm;sYK1L2^$J6y|Isd|; zxuKIVcjDBY-Cj9MmTj$i4^|(9o(y@tE#*O4j??O`YpAN`^QA?`azdHPACbOd*zy(9SS%mEYixbY9Gnp#KKV(z2ST^xvc@^l!}Ome;V# zsSlh=66v@)DVv(>tJ4hU`63XTKH&7ItX@;$FVQ^ZoI$z~#WfvQy;7|1)=1pJuqwik z)HG|_{35t5u(~;c5+W$CFs|m?2>C|IQrnXj z%mhciNsbyv*X(=)go zZJ>Ip_q0OUAkKFKgYII0d*8eR0pU#2$oYrHICG)NfX8!*2|$0Dr#KE(4CQKPzUqY~ zB+!*uGaG$2_XL~B9-0%JnWYf6Wz0yQ~~B7BtI~x8HaEe%<5}g>u6j^ zlrc0dFvpoBV6tybW&_j=N;AxpB`8sWo>=$PDW-ko%l-H)iUjAmR@x9nA|dt1x?m7ly?Br55~F6J@m|)xi=J+Zx^TL6ua%W3J zfp{!g5Dugo5X1}UQN{p4Ufd5C_@f#aq^$Y;pjPqu!EoN7p+u+J_6v0XFc^dju;h`* zXESbY5tJ8hVqgu?=AlxjMA0_|xL|29Cr2r!^LJ#Pr&tn?3W(C+O^6egUMlJMB}N9bVq7wX~JBrBCs?zCy~k+HG_ z(`4ai9`r1#ee*7DTpR{C?OQwL@U?9db5ipos6AfeVAG zrQ`+Is_hLeZwlFDLSq{CDDl^fGh|%LUMoC2!(ZEa#Lo2FK02(7A>6n*oXsd{c~7lh z1XeU6XPKZ7L6d>m9TJ5S5g?`%B%11@w~D*~i=|~vFu*Z{2F>xpdZ=oJj1Uw|&=rNN>av>dS2o6!9Y_+ zwJ@&{@?%TGy)lf9#xnE`(}z)YiBicjX9Et2Gc~t4p%8Bkgh0rw@U(P915*OGtiW@m z|70#?|H)HlgYB!A1VS4H11|w;2tyu4&Z~Lv z2B+B1Y<#ATs37PXWGl54!83IhiCK^p)=FOjl+Mcy2|=9+m4V;`i1FD3OsCLQl6^WT zgi8bGiU~h0q;s;c2wfxVr)6hh+Uw(1n$1IjInF%{jGcJh*c=SaHN;2#KRouJY3hHL zmWJvk{DPnBp*fke{t{TBd$sFmJ^IJLMt}VA506KW{+W0im?gSc{wQkCrgK-RLg>@@NCJ#un;|bDLb=5-e)68o@q()Y+UIY zWoMjBDa$@Ld|{&LE#~p8>AjT;&*UQS(yo$VA2$pr^fXBKp@i^~Q)pxlGy`Dm`Agd@ zgpoR_($cStrVyb#j9xCZm6VejUVhBA9^2j;bKlfQ6Kh3--R9j!M>Y!;l$^QXGa`Ro(TX?dhKP1NB7#no8R! znAPZ^S7*)z#Yp5d%ka65Np1Bu7uv|xoJ-}XK1EvEY^QZ%30`4Ol^CHtEh_>hn}in0KeMsBuL1`~pBuDIc4Z1T$PE6ckENj)e{w6^ z?|F3(mAvex*y&Qm)YPyD+SwFCYTI1Rmu`|FwXJsHOWVids%$AdSii@sWKqi+s|LyuB7+QB1`xMPw@1tB39!HGCM^IY5>K7HszGX}R+6`Q#w z^TW0IE4yu18^6PLq0=8!RiWbWSPGnnOTM=36;IN+vIN?(*}7EPB#v5yR!gNDq(CsN zRi4GC1x@3AGsK{U3Y0?CjSz!wR3I1yi_r~GgK$SwV!5>YotBe+Rz}fjKuYNp?Xw%hd3N6KfcAxOV%P z6HZ}-)2C|Zt1WHJ@Kv`UzD6d~1jfc4>%DHXrIc3iY&TKYP_5n)k_&#BNY7e**pATWEz724)o4dLakw2M>{1Y#;=vF`D4Kddbl?MZ zSpU&45_>-e06_oSSG&%A)ANXWpFSaJZWK^YJNlg&`go=-Quv~W`sniV(>uDfyCRxnV5qfuY z?B44;mN$@))NclSPmZyijm&V?8u3$PRwm4^e1Z8O#_^1_fHAnTIdPv_P61S<>^s#D zhQ6yW=DhW?3F)3Xs}feoypZVB#K$-#QhUbGQpsUzj8J7EH=qo;wq8&_omj)N4@bax z>Wo&7t==$^7sEh5X3f4~2^pdNy>A-2{daGI*Y3Mn7rrCWtBlHyq>BbcTgg`fESz9- zQZbW5k8;9I!T|9UC6pt{33;r#VSS_QteQ|H&Sj}$w-lmM3sq|~-B`1f7Ek@$6dj>n zxy9h{_cT?ZA-9dpANtIm){?zydt4jVBk;kl3vr&Gvmi1I?RDB{2i`~Tg78!>tE_=E z;mqCGfm8;GaJ{bk3bO|HXB&f5ODkSd3M>Sfk5e7O_GdQMdOPF>kVW%dXQ&%Vr|iC>O2?p87!FK3=F}0YHSh4 z=Kz!gyIL#5mthD%_^K=gh@TqXH*GgxA$x3nQ*>leyKT&lopj8OZQHhO+qTuQ)3I&a zwr!hr^Ph9ieYoSiR6W!fRW-i7_L}pXYkqTw4*7Sn1hQ87`&BZqz~`H=Q0Z0>Zi(9U zs%zJo7z{Ei4+C$g=7J7DRlv(yNEbciQ)iRz(RHb-1iAR@OMrbryB0^u$Pe={6)$Wr z`p1z*>on#5LtoEpMzBc;JF@0d6^#>acwyN@p@fJMzrRZULeT zA+Ui1gFrnP7C?{}Pls&F%>Qti9;(KFlyOo^N?E&JSj^G~!|YD_k1CkYDo}U0d-ZrAJ?Yl6a>DX1yF^AMT=2on_7d}!G-wbE>yT=!L#f6*eT&`zK5q;wngsEcC3M1s8 z7QRj|kM&giqo;MupRLjC$Gz(H{|7S6z=wYH2o1=%IIbyC?0vWmShc8J zZK~aSzX#(z#x4HYfDGNeN1m$XHxgvLLP#toIV&v0ikLzA3o_q~3KD~{4B=p$*gniC zqM)qU!LJ4V9E?|nggkQMqo!^}laTTUIiLXbDLV9vtM_)WbOSE7tE#F;Nx(#nNX=qf z7!)HBqpsV>1nbAMOZpJ>Ep{f2daT#0F^?KA)mkC3k0s%Kwx;t%y#+91N<0pZ>YiM% zYOM1H++1GYTq!>T9=c9CUOoV3Pd7h>1StCs5F#(pv<5bE!8hFi(|MQShyvHMebwd zj`0}g5T?+S_0c<%xl;iXHr81+ZF?)ww3gIK&^1h3hSy~1_m644I2cDNk5hPeo zefBM9mdH};g{!GyL-(8$)Tpr36+2$j0Ke}!jtWx$&*s+q%7ybQX7vuIGb_a@@#3d} z3AxtZRj3|o$E2UBk;^liVjkys`Oo)+H!2FZq{9^KQ0Wr5!nHbMtf)KUh)#QG>A9#_ zW8(YVY=us^Ce>vMI^2Tk%)UV_3Zi5nw~dauIk{{PGcgLvK>(TG3M<$Qsc@KK5g!F! zmvs7}3>gdZX@Xw%8s3&E?e0sX{g#R~ig0~yWF;^`JjdtRpn8y8Kb~-~HdB~zXuSU5 z9kGT~{rf5Ka|fO>C3cP)I@1U9oqeL#iglH)(5DBHYl&rC4OT};BoxCw{y4vlqSH?3 zIlrm^MA+=fVY+1r$g~$6n-ZR$xY;J*iHqh!{AflpA*K9r(Np_TEhXjD+E<zMDIq zEPt-HJ3rY3`n6EiH_!L8_W;j z1TF*}ZJ3^?setwJIEB;gEnbjOpwK5pX1AUAK}I6=X77%kN)=N))PQE53%Y`CTyvjV zIIA(2UMg)~*5YjQR~f6oFD2J~nvF@i439*t~5=n}v9{I`80;FQwR}>C|vFD2F`}I zk`KBHZ#C>{M0VnvpAXL>d{T3|_SQ6X!upQMIQJu(#I66iH`r7~Edq@+8!e#)Uw`sl zsTRPMB{Q*$2Btm#$`A82M5 z)y%F}@==+~B9MO)`0MaPo|;}JT%{G<^opxv!$RD}n-i{=3Wx7xqEnRMsq)2Y zM{$2kn;Kyzj^ONCU`n-r$E1vX0a98Hxof}t#3(_>ubkXaae**rPk6hF8OgRU9 zJ)wV|(%p7`#Pm{r0U8XBzU|!XTK)V0Zd5ajnign3yMdN3Orc}hqtP%lD7uw>U4x5k zgE8u6ip^SWd?Ae$$#y`%W9gsv&R;%4LH}eg^cZaO3G_+8f-j+ppmD^jJ0H_(e>>y* zh%!rwlg)Ma3ylP5vc7*K*tY_y!ES{ypdT)6)=yk;g*cm2I76=qs$K@5uLKnO2%R%` zOX)BSw9_7jYc&|CwWS}t1kJjJUKV(t7ag9UU;Y}XFyT}?Fyf>c|Jy0wBcQDrn}Oef zE)V;_?Q(4hRiakU;S56LOpKZY+V0vks}AKj$+l-6c-uEEJvu@wA9`U8Pe*3A+Qdmq zO1YBf{`C~GSz5(pn(#=tudIW5-6{QvnAyG~uwMp2=ndyinEi{j5{`Gvquv?3L1SWf zdaI?p>HrlHJ|%*)3!S=D3HV3^T`veGofEjSsd%=ynGsB!JYCakpE`M&LkpJN#=*$( z0Mzh1lV!LB=F}5Pz?2FBcT}B_Tl}YnRCPG7u_V%E?^lv=Vdsjy}kzL{hL zQh7dc*AY!xBG$+8p<-P-XK#Xw*pP}2OM+24wck)EGg}mb<-l_>M{g>DHpHlJdvhxs z$y%TpTFgtJfl5n^_$)_EbqG*SXa;j1=RU2?sOJw2YPs0BUw&_kr?UXHv`mCxSuS`|3bIGC;zlx(Y7ywpe|zm8zUX&N7C{JARJd%#$pipA z3=7Y5Cy%8T8Hy(0Rm>nWo?99|6Q7NmemM- z1%T@cVB}AqMuJsj?J{^T3?SER<~dB|3vg}kUIXZf8L_6yB0Zg}m+~L^5owG^Omv~{ z?}^bA8K`Tu@mhe`>ddC*-wC~Pv2qJXmZZY!3{l3VLIFd=aBi@?m*zgc1ZIMwoHj2I zH(1raVzm)CFo$A*rC+LcqVpbllMp}d5-(y@*N*!w?{LSIdG|RSLiazB>||gC9Q`-Y z#btNga8_2djckHlLE9-)K7>JynBUAli&g1NUB2pE&xn(e34iDH^YZCra0Ya~60oBW zNX-=Lg|J?X&nwPTrNWFxcemB?Q{oa)!1SAftB2#%U(SWNga&d}TG4|zLUWj1uW0?K z0%98C#vjPBFhc;LZ>vBQWU{#SS)&jPVwi$3MDKhE94pK9g9#?(bl}ZUBC=_Gpy-H9 zJ!VNQ*2DdRhC_B_7>#5W>F|5U=kgPF6s?cUGGkbg+M6c8*XPLha~?;9Ix!&!gk5^! z()&?G7VL^282x^6AT;~2`+){r=lX%>du%bd{Zj(Yu1(&2bZ8l~y5n*>y?kmWSljxE zFJdo2v_L?Nl&@(~8B0N3^Fs7l<3T5Wj0;mD!siu1U=c*{>pUj;PB(>~Dt>YD7-}>A z!$F7=5|TYd%2XR7?}M?`>mCI%U)xW#0G9&+`L1IuS23|lvkY^t2OalirFBXg=DcvP z=k~UIe2>d zbeq7#uejf;N7z?y7hg>FZ;(IabIH+Xu$ws2{c>s1pkm*G!I!?RhobavTMoY5;&;*$;`h55Wl zFDEi)KRXJ|f_wJZU4{sF#^?V%pwcl^QJ&`bq=ev>gAIisiG*c+ISwn^G$(41*=9Lw zy~tl5E4?cN%lWc*ZWevugbcG&s=V51qxT6{Ci>`3@Com2`fEzusv0 zw%!0)q;#dbBGsoSxlzXJYcST}fF7sYPmjNV9elja2SCf6b`-!)6PZT#;9YgF&L|^@ zyLzSP1yipmRI3=*A|w9CwV<;obQ%XJ-r_96sq{~*iNXGUS)iiG;4Xj5%b4z0fdT|J<@7KfS`4M7^S|{Zj+-`=ei_&FV5cgz6li3mec= z5*zIG?gu+lH49*YBTLni+{Ooe$861@G1dq3n98Sy!=I1}$T&N|wqez-zc^j` zK&uF+>-zdJgrI-*1YYgjs4f7uP6o;WJJZt-W-pIF9g$WEz$P+JX<*u-Cn7WNgU!5O z=$E@?S=B| z2>P^?+9ag;gPVOKszxAF8F8N(brdSWBV@9CzSB8ZbSHW)NW25#9AuzjR(@6kENQAd zG_WNKBVqdVLq@#zG!O&EY;eP7YM?04FOk#RC#zSbk%1U2@?oLhVg||a@6&Odbx<6z7T?C?IO);_1xk`VW<2^4dARp9?J!$pvHg{oz z!Qc7kl}~h4?vJ5(xE1sf8is`A3%iOn?&es5m?~db`UU+TcnAGVBP7nMoepr1-w1P= zV%bA~^*V+!Ilm+8H?^o7dPow0T4=uCv=-RG5azey$+cp+tasWx@*Eh!l<`?R@}6EO z1D|)O|8dHQk;fu4iRFu(Z3qhL3Ze-n6MRr@S*Q5#0UPpY0bQ%BRr3?~qy*6RT!5j^ zh~EP>AHeO|Em!5JC);f1<^Zrg?xgh%$dPD)8~l>&oS**AQR(TR#q$Zn)94B4b>G#r z;PvLlD~is>;5gU0e3X|vXv5B+lj446aLv0~Q`+|f8{rdH1@xAYgs1h@Raf?esh^v~ zKkY>M(qYCl)p|yIcExMlLWxE#V6dy%ZLdWojeb2`+a%^H(7(ig9QqLo z1^8U>ZJb)wY{&}9w<3d4zeIkO1+kf%9}G@P+r;Aez8`Kz@qIOzS)B2C70LlF{~!V` zV`lkMC4b&^bgR#jy*=LO`41a#B(qM=KtxbbSrD2yqN_0mO_Pi^uxH8Ghvh#K)ZdB` zI!`ZPLs2U0He#t9v;rqsg7(Zq00SkXp+msqcef*|LUC|fHrDpBH7PB=TPbSZqF>!OfJ_)%`LHIXSP*WY}0p{tU(*qyIwT! zWimS9HZ|mP)gJAp?AR{Z>0XhZcWq4{=ek@28V5dQ1_9;AfKA-%oejXwxKqeyt_t44 zifv&8KSG-9C7wp{a3HWp;lz^)>4RJ8QBS#`cN>|K-OO}AAthRM@>^ejt13w~89~)* z<#eWH-;k!JyGtd5BcGbAp1RXiLM=3b9V%J~b^Qk#~zH z^ErKWz~G$v->lW`fI%*URs8*06=!YR@^Z_f`>d1!$n?R@1Ga*` zIKTK>TL4{u%}^eDB(|%5gB;zTk3^%8y)$GYl#2zGeOjqeXz#d`X#GyII_E~*Usu$^ zq2cVXiMQqU38lrc6!%QT_;(WbVS#Jn)^K6mz^M4yp0WzeOCsec%5;(5u6=z*+2^tb z%$yXgx4Wp?)WcN~T@FOam<7LIB8)Y5_Su;B6Q#C@^H`1A=SxqXxS(EHZw8OJ=pqYM zDW4&eZLRZ>hZU%@+(p&b0e5@pFy-Y2*Xe<4q&w8amC=dR2XT4Lt=I7U*7No{;|1CD ziT}Yh;04&x^01}&ewYGt)=XTo2i(qKx(^7%;8Cm0*;!>UC=?WDyuzZl%EwgD3T zXJXNSUimQ9QcjcQgXPM%$WSGBXFiv|K@T`#rCjatO+_1r`8B^XAO%dKGv&Cu+k{4* zu#O~&2u)ZpjWGvFqL-P;Ok&X*zllRrbsLX)%Ic_lw?h9d(CiODjJF(IxD}HkpGT6> zfs`u#?>pd2^Rp)V%j;{ViW?0{a_S*Udb9j2%#vwr@aZo#DM7HWsnKkBbi9ujE}w8* zen9!U;Z&JXr_(ddg!lv8z4SOYBaz!iNG0y~amVVpjwL9M9jG$tC82_y23T`F&8D^T zyk`6Lq(!#N)XamOFxbK`BTF+{=Z>%T(zBHp?S$_d7uZ@!Ku?2S44}!c)(;=>rJD0} z3b?AclghZB+szRR_R8d9tFB3s}gf7jR2X*tSP1~Bv zWtWD2Ma|C*sBw|`?tAx}GAH(gPaZT&Y1X0I>R0Xkw_l0pHy_URRxY6BUU@Vu<76N! zr=NNUmlo(mnXWS)fqsvM)t={OS1%W`G%Fd0BN2Og*}k~i5upn`_*|rs3-HuOw~tjP zSY4VUA%(Nv%h68u$zq!Uwk%*?pqUN$tOjaaX zR`ELT{8>K3dEz(8IHr+NzCTRSi_~F4-TVH&V+P6f^8T}Yv9AG3+W2i{z6*v>v#R5j zVX9MiQd)+@(E=0goxEbR@U7)7))b8%DopD?35|#o%DW_c!r{fRODxADH@&b`Tfpx7vSZJ8}64K*HurdyM;HSV9RUgHl* zi>`sjW)d;i?wfw#7OeLkZG_hGZ#TadOTfqH?yl~Cv?!OK#c~0>@v=F!1#kN;-1@Z9 zZ}RW_dK-_nXwAxsb0yRnMJ-D0inLTE`;UE|Ro5S%y(O|jjfE8j4|keZo8}2Cmf3$# z+6C-g$el0+6Mtu@v{vKaKVhya9sX>Ug;ZFqtblm=8R&Q|?*VMbzh8Fqjsaaxb^sSH zxdGWOn-9I2cPEre%`K4Cu5Ky8PC@h7A-aiRkDbb8)Sev79kAN#hq>@-cD-Z>Gpf3! zBDS!~fR+?2C%9orxIVkt=(os6zoh3LuZ|g4tLGlbm$x0eBaOIkKf(w=F`Pe}J-;_r z`nPR55Tw|;qhV+Bt1p{%fEGQ&mu~}>hIKZ?GHU<20Gs}n!23Cbodo5;u*qQ^c2AK? zBcX!t0{RgReGOUlj#lzcof+Q18~EUi~3smk>+E_ z^o|EGYVQ>*?1UD|fRXP9FF@Re$MQdbo;a}e^D74Y zerJTx;lybKZcHam$H0G$VP zi-t0-YGm8MCPFw@wppw4+Dw04nXoRHd9|WJ-7vsUZf|}twnHIYWK)N~ZeNi}fO@!TLNbR94i_lwr?<>n7;5W3Y zAZ`Ej6yMo!+`NqM+Rpqv17O4KqCNV#0p5H=zVR=AZ!Q3|JeG_8t7vS`I*V^u@^dBVxvbiXQ=g^{`ki5#R25%S>~;lq-BRGy z1v{hpnLC)M?#WXsy}R_#^TP-#h5&q++arLEzaHE5+*$?YI*7L>_M&8F2MWu^=^K)J6mQk4}7Hel6&}SSpY7tfs>}! zxR05eryp2io~=tB?Qpp)5ni5tr|iGJ7>0LUqKuw~SmlEo!bmG>2)$?`A~hEW|(f`{WQe8%1?g@$97QGEkB@`R}jSl@5ayEp;52@pe_% zm7Q|*=cWF7SFlx)nPs@GtOka*{sfh^0qmax`@Wto+(I$H@v{`p=fw>=oQIKD5xlJv zR|rZUjP2Uu)64j|i;Wihuw(PKgL6+NYis5u^X8_nrJVsvWkG0H9nTV2?L;-@l*c)j z>C)0&s_y;^<6vqEVIZ1g33zBlb&eP7i>LLqi|l3S(o+RT&J9AF7Wd)#$xmW_I<-|x z^0lhE0wl}X_(py&*07~;Q~E^evi1&NraR|0z?hma;j8VMW|s0JZmS&tXz2QQ)%$^d zilU5@RMU)`X;S&x_wLR$vG8d!8eZ;5+{s{?xi4A2U~cB}gRqp1PeI}sRx&BDYM`A8 zd)f;i^=cbE2n(6NAM1JR>G39ctOTIdkiKxo7FfGaMSaz?*EaliCmNpLavVR|@(70V z^HUCZr0SEyzaETZ9_6UM_;Rn7@BJ=sHa`HH;|se0JJYV?H@h8jVWl#>obdvPoXQ@*E)BzybwmG-(q(5)&g7>H+hx9TEH*-Djau9L&Pr2ORCw#yo zkUVg|pYXibyTGD}l?9OUVG_0YTX0tn?s)$1;jhS}*PKwCDm^?Y&f~5F+SiPv?2O@~ zHNyA5hXq5%e0&8uM}?tG8q-T=n4e6Khwhdl@V?E__@Zdcda3JLpIKmC&3o$hW6dVf z(v}5S9~w#Zi#i(w)D6=N?H~g$c|4&R=Y^xJ^66kEM-OPJVS8oMGZYK-Su>I~05bK( zKk%PCzaG3Vj09|;s>4v*&w^j zT|vG}!9NP11x!B~qCv`S%dWdID-m;?5Bq7@ALB-r@fhWMtNFI@M7VzlYPxCN%juv+ zgZkcKJ3o2vWv}mTSYF|o`_4YoP5$tD zvfsBJz?(*zfF4OCDYOgQfyX(%?3MLu4$3H zv!`3%xn76>JP5N99T;bC=Jsd}0j@5umW}{hT_2zLEf1wUZ0_|>7>O41!DLxeb3!ar z2v0lu0j$`+*uQ6U6*;JeLkPH+4OvUS2|XCU0IMG_$HO-N5Kwb^p8g*g|8q^6G$r%cUX+!DP09;qfp!F*O?7|tepUjbDlnf%-U4Z+=6uPB3J;CiPCNo>n^C9 zX+RrB$x(0;NXgU`T9d(Uy4Gp#V_o^qFPVmr@T0V!)C2|!yGMs2+l;;cWU(X>nc>yT zTb8k)@1-%14u6XF@8bjMURL`*k|dO;PyYDb#M=h?aC-95*9$E#eJ#)mJFJZ3-_>(~ zA-vT>%X=FQzf!gN+y|zxCO2@DDG#Sgdq1OLRcZ#&{!`Hga8skDZga0D)1LC_ohfuD zGpWf)++zuWfb~elC@Ba?Tc#~Y!b0Z2;nv5X_qh^5Y@^2-zR1J33K7**sIUc!F{|i> zF;Ni61i9H4ivtA)(bLFr4T&vg$s@$n@!+)>WgFTrMib%hU2LO4!yUS!nbL~ORPM(l zRjRJ4M<=4AU`w|@2`F(W3{skwT2fCBw~`8UPd*+bsM#p*ys=;!HFa%NQN<{n*`z_1 zzj3wZn(_%F=!w5Qqsq0K%?Vvi-vl<+OV8d>?t2VQ495r3+LpF7r}I;UwD!+!QJuX# zV-aFSM`~v8D86!8+?`6XFlDOu&Zvy>yF5ZfRTHmVCcH7)RaV~eB2u#(e4+lK$T;vv=VP+>J}wv>L$jjeO)5yRfP@J=+Futb~l zYshX2Q=0CnIQgNLWsz2}JZ?P>`Yvem8TtyKzM%15wcF`3sWNLIiPc zjTR*2@yt%vR?`=K))_s7d@r#at$Q-Dfj6@i4e87^Ml= z%U7K$9egi2d{c6hogm#;WkuS=&T4MlxFah3BTgB`s=$|EE7(W^zL?wb9!^($lGK4b zvTemVSuK)z?PJ@Q(J=IFirnbC=3qB&Ky`egAA-<=pX_XvFJt*(;)CfCHpK;`ZM0+7 zmlE=14>b=GqPOXRZ(#C?Ed#(j1+8;G^i%p7zZ*<3@31ntO)tjb`BIxfOur30qfI@A zYBZlQFrQSz1BeF!!8ZfZF7%X8!42Cwb~voi?tcof3;$k2!e`?el)_v;c#j8dHg%QO z<0sHVrJGLV9P{|orRd6V4zPLJ(6daBq&Z?uT?(CJYR=vnrm!{QuTIB|SqLvCjaB(l zOaJjUVGarsQ{w)v@^v|I2&!o@s?`q9qqijWTvX7k*b^TcINPZ;ryoFHER)@+KUJ=> zk?MJx^~rDaeXK%gE!VqA@m#*6J#*33=nWCPNQlUA|d|A8YmKf%fbT#KXsLIeQq zy^awuta!MX77+H|l0)cNQDnK-So&r_DOBO@hV3wQZ=!ZrJ#I^)9po~!wvP}3t!$sI zz2J$^FdYADP~hs0Dw2H!B8{w{IC}(=BuqZN`u9fL{)`>vg&Uj-MF2p8GER2FmKg3r z*UP%`9NkXyt`wiDJ*!nFs|D=Y(gNu2`g-xs=`kz$zPow*-SvT^sB4d7&{I;6?~J|A z66f4fmyH5h7l(ogyJ{;|myPTQwBpRN1zvr%Ot5sJ0X5Cjlq?5Cf9~xAtPj*Xd(;lu zTRPC-1xJr<`UHGC6b*wV%K=XYh+#-tB!~RjH8a&p?XQ)g28;F$9Yek%$ZgY@9E_@M zALPIs1dk)fJTA2n+u%hN#blj*gWw%`zR~U_xOS$w3X;PFZ~-4veDUX>xYxW*I9=2D z4z~SLC#!7)liBPBi1KgZzn*qmA9a7t+lud2-qZ4@M8ZDqg>szgu$KEVH0mVjoKkw9~FrXGValy(*s{PF4Z*U9@D?afsMzJT&r_w$8<)9i^#rP8u~9&PY8 znQ$E*D7o>@CeU zL||3MSu!l>{w-XM2w5_8O<2JR$0DNYqRB=;#jgq#|2MW%M0_ZAGhX}mK0Q&5pf7`i zcLqPaOH(9D*sRok@o3?Gfre+`!(;q~G|O+F!_|kPR+=~R&e6-f6QNOye(mH>mFHtN$~8>r3MOgb0VaV@jg zl^n>vTpV~;`4Gf^!Nq^!p8ptrw|F7oCdK*j1NYlJ49kDPCt!g$_l;jaz+@brxTL!5 zN)9BXomD*3FtbUyb?Je6CPUPI`Ckzjg(?{cMYCj%U>zr@h*-Y*v!LSO00rtQ2Fgzg zn>NA_9vp7hOh(bRPAo^;z`(>**Je~n+tXGwl+&Ng>X`!+>AjCenp2|<2D^-bN+-D| z|7X>b8dHH{B#;WdIInsZk7DfRCepU~nV90IO0R{;!qJirwz3`J1iuAO*(hlDmM-Yi z#(-0dONnFzvd$zm73{RIl!pN>4=)p$z@R5mPoJ$0yW&5%l`H8oInxR1F{Sux2)$j*NihcM8*t`?Jn2~~OB}t4r zI_$F*({X3{lso2HcpZ>^H1l493*FoY2(qd~_sb?Fvxnu}a!7lX{7cZ^+<@h-DxML- z&(DySG|zEkAG|U;L+wpTdV7#)70=8OCio~B+=qn-P17v>qX`dXG>f9%L@W&9B1$T_ zq6j4r-_#XZbx_1ZUF6L$YPQ%f!aXU=Lv&iPO1{+3_dBDDIU0s4k}q_mRLEANQ!q zFO|WRW3fxTzLGLG3>7IB>k$M%&s5Czv%WGa%~0lv5S5@7M))27q@3TnL^MBpIT5Z= zN`#dLQlK9iX{K*e)OO-fyGDCxEGx2PQYkJ=J-G*ksQG-bt6TUJ4qS>A)=!3WV!-g% zBu`Q@cX`8*bF3~{Sq#_7vSKwC$>5zQT`j>EkyLh3*{le1CPOJ_{LFLb=xAnS*nQjevFfFzAZ-Xql2 z`(jTgun|2c9C(u3aXWq=ulBhc9~fEZ#>IwSXF8@#2o`bF$En3*cu2W%AZhXYA82BGUy~w@?Vo7wkrsQ z|5oEOG443d=zQrp?x4~C*}+*e^+tONj|T3&gAa5Odi3hbmC(1!f@s7(F;Ff|1K zoqqbOvXo_TQt;9g@xC_in;!3@Ts-${BkxY@5E)^lTR4d6_ny@=Nh`@G^)I4HXvXjNWxUnp-gB+cVvaDYN54AA=h6&r zJ6Tp6(Ei&txy`1>%D5XChI<=P_S_eH;fDL+)A?&1`Qz9*jZtpSFC?)pfAOr->H|E% z2v!QB%Xo(NE}aTt`Be5a1oVDO0;uEZ%MxxaMIFsZN`n1l2?Q*?$nVsCe#rFDs9#sk z@SUqKe|aNy@rZ<4_SK4K{pSuZPhbZq6iPi`P}ai!~O z;g3eG@j+#lKZtc)|KrLhL2w<;#cf(?Cg8E!8OHJqgCE?$xo`t`ci1|zRCqpZoE~yX z@T=$XK_k4p-hS8?7C8sFPWT3)JnA5bPYR|+H*`7d3*V8XES3mf`58S4zS%rq9LuTD z!Yd^c5@wf)@!80ErsX!aaLyE;T!P>i!OCSr>ZVqyFS}rBw`= z-4FM2gP*RzLRQJ4Dj4BYooVg^JG&Vbu&0tN5@oq%5wx%Tp2XXQ98I447Z3x?s3H$y z3^JP2oDPKuMdiP&5|yd&6Yn_ z@vmgAR##jy==ezSZ#_Q;9(>BzS9QLP3)Z@5h4EK&xd3uUD+0Y8{{!sKqUeU?UR8Ad zJA)$vsv3P{?S@Z0F>;5jU$38P3V2V^jL$T%i%3;Nm)yVnBr zZ97Pb9c`1$9vj%cJP&LathekD*nT`plMiiDKB={TE;#h8gVhKL5+#-t_!MmRtS?XL z&HZKoEp`^+c*efJMG%TW^5yCjRDi4a8q~ME@S4b1Q|fAYPnYs_&s$D!w7Y+i(;A2# zO`o!N@e(vG1EUFENr#d)CHDFD$XT$0;k-Y{rSq_zQ$ojJAZ-k0N6lUb+`U7%?N6tV z*bw;po*6qfm~zF3E5uU&oc=p-;}*C%tXR;-ptj36zCLZQwtrha0==59GWfCPCMMV@ zc)ZmJ;mW=^65CM8rs`7adp$8EiM@uBYrIMQ^+M%B@ei|mH>1uy1vaB zsCwqlzp}zgkRp#DfAS3b3syjKXvsi1K-_M@0dg1Hw(?vk_9_y0yWm z(^qo-7sk5^FE`D7k$hiN99bIdE9oDhjV(`t`GOtbCP|?Bs3$hGkdHT4>N;X(CFk|C zgq#k+7y<)<@;X8=v;wnDrb%(=&F*-&JL`v`7BT zBB`&Q@C+l8?-gFm9bFh9$DQ5l}vt% z6 zWW{o*^TdGvFnZ7>Qi)PqZS=|eAKhS@LKBzrXbk!U!wyrls8tY>DD=aUH8`4P#D6#p z4rxXv#L(`b6myIOol9vT4IhEA&JF1Kr zZtSj0*HvXeMU+Is4e>n;tJV9_(y(DCk*GP%t&K}U*8UfTSqJ;FZSN$eb)E9iuv8iX zrn+C35{T*RujuY755r-c^kt%qiY|4^zZ9VYH(OvE+pEweWQlcAoT#O-xtGtihHPIn zvMH~U!_)M%#ARfNZ7h3^RDUyap+;HN)75*is_V8Oe=k1M@@AeVzW^(9D3`(2tmvvX zPUaIbF=t9?jMpZ8_sVxCK>2##(|ROMXqXitZ=ya0u)chDSN7D8r?DL2!pV)RNmp4oH+K36 zUXN!4WJt*1XRy^#y)^A|D1|xu+5W;~01ZM&D=EzIZfTRzBk7kWffZ3_;pokhrpOUB zVa`#M*Q{&R_BnW)N znZlLPQyhz_v^sgpXu9F94K0#^9f#ePGx0y<@6i-a&`IXWDdmsa45}RxtWR`WsAcs< zq$F>w<4mHVHmGRDnW^vOu|zD5Z{G?mDQoNnZ=Ja+snKEsVE=Gs>S+)JrtvO5=KX~G zRdPQplrS>wE!eGoLDDQj?<=O;-)B?}r7;q*m}V@Ff7aFJq~>)ATA2|haX+$<|7%a$ zt*0>#P*hD;4GL4c@Wgv{yG-^IgNvAFxPa>IGHTi4vOIy`DxA6sDz4^j^BUQI z4?r2JP{_ODzmU3>d?O%{7~7HE6fwu3cPI5amY;nlIMd*Q%<2N56)>uy1bX>jdp%zR z+h^v*df)JXJ^lrS(Hvhy2VdgY0D%EP1*4$&00Ku7Ia8S3M}8hesI$7@Dd!3g)Ev6i z8G|D*XF^o&R{Dwy_SzMFf+5r=+=5hxs+EU(+cwJo0Voft+@IgERk?s&Q|jaZ>(mf{ zc1O82Jp=93Ky8X;1AVf6neW@^&YK!1AER;vnYWH(UZ@K}VdGD4N02WL#g;c^dfP6P zW_Q>i0>K6b`2ln=FsRZ;U=Yg4a$){`7%>#=Vu2Lp+k^4d5!^vR{A&AP-&d^OSdpv?PEaSQOt9A!tlluUcry4Yyt2yS4G_ zJH`RZ{DFT~VC$6bt3a8KYlj5*0-3mX;Y}!sKnd#GtxP5wB9CP>rQG6X&seQbOC`{Vg}=b=rCwoGWz z@7rq|CIGa&D@pCoW=#bN7<0u(Zwacr4ID?_`j%*u+rytL3r;I2Gf|LFoIRqeKpsi} zh21=i&g29dHnQA`NU*0{4iiztDdb}YqmY)-b1RR@LdM8}T1T-S2I;FxPzq_A>co-H z9g*)=XnyboOj}OGV@RpnX+?-=R8!gwmMAejYd?iwNRJ^^sl0SFU^sY(Vs4X}qA2x_ z>R-T*LO{aUTT1yeBQAxjNxb;WZ0MiS4uB@}UxvVDI13S8dsUhslI)buCGa(u#-rVPQ0k%2P>QOC@@B_oWs!hT0!BfvvE9^hZq?uWnVe zXZ1>v%@tpq3DPs5Ath{XVL9ZE{?i5YAbebI}%okg`k8pa7sS`Ta z!-F&qrv49s(b8WWCQ3{}?Ej0Tz#+j#G&d7`z6$~A>w=qNqCsAm@NT8Ce6RO$ILOA_}Xr1v}53X2wdjCNk@j6%{M zHTB1O3XcaLd4i4g65}2(Mb?d+@VpTm6pYBiGF1wsxDexY9mP0>3>Caajx|mLP?#wb z#Jz)gB*R9q_tD-9?jY1qWD@1pM>){l$gC$V9dj8V4n~jTIEjAd-AvM__9tf{GW8~> zYxGN=yq}Mb{*R>a;C$30J<40|lsjo0Fl?6~#r^x^|IqdpKyfYFwl?lA!GZ;McXxMp z_n^VuCAdRycL)S`_uvF~cXxYD_SyUFbI!f@-TLeObQRr2uj-R1|!yLK=V+OG?xJ|J7b?Urzj67bVzw4M~@cOuxwg;dVK2q zS$?F^j0HKj`uyfvG!_0{ig-N6cC;6|AU}XI#lZqzA+y&R?xj~!yT3!oSWDH*pB1~! z@MU61{)G&lw>ML)Dt3}>YLUSxN12q3;dEv76V_`KXorlMB*&zgaH>>_a9*u)0a$qT zqG`>6&qA(vA`K1UP=i7y1LNnsV)~WY89sZol8v8tv85NI{U|^8Udo$|xv@zJPt4=2 z-Jl!**D{rRLxy(oIxYICb39Q%Si!JYC(j%zWzs!qwJT>d96F;eJN+Xox-V4~x{iXt zPR7Amqt_f^5Ka`X}V9=J7FK(Snb`Z(!@6#s!3OUt?eBzegtXhN+pJb6j#NBJpBB_NUmiPONiLuDm?3Ewy%5)=IF z{M_P5o@2)4ymf?iV(Y@akoe9mgmaX2l1?dj4QFe9U^*VFR^_{3!uOx}Cf6XID=N$c z%<`X&NV0jrk&tg!-p+*Y@sacam^DS_!zgL-=-oR>jgp`>(Wstx~M zTL}(hnh7#mp1tgqqQTY##N>i)TJO$W>xb?PVoKX~RHFMp4J?aJ<8~oO_H~*}1OO9} zLOFC-6RTieKNnt)?hEA&)3k$V)?(p-c%7REKx^?Z<-^eV{_+G;OfCk_XN?CH_tK16 zyuRIAc+vyTID|bQ=d=bXssc_|l|SWW4`P~d>h=ODTH*myIis-^xl+7j##)d5iA_07 zjH#jDu;%mja`zg|ce~am^mfI!MSvNu+Q`tYh%&}n!lt%mHsb_s#je}h@Tv?q@-$&R zOGLI1R|Eb_@r(VXPPqV^*v&_+goeaa`!Jz^Yl;C@?20Uqvm~=&=$lPkye-_K_UPsF zuY_2+#XI6;LC?dpWhJ1~EPD7`Tk%9k*L7R&MSw3`sD4)GmB|VFP^0)nvuhZlo;Qy$ zH=pXacAAsEH@QnC8|@((D$44?m)jlVO{BG~d7PRS_iN~vw|0xZOB!qFhq+*hOOxKs z_0~(T-GYz9FQq^z(RHVI@XNKR8&YEyf>s)YR);Rk z&G92cy*4AF&M$^xs7n_U>+adq!xx9Y*3I`Ds&6m$)XfhUXH@om00Nz*?T4RRTVa2N zW7pMM0IUB4sq|@e*W9EzafZ zMaL1|7GHbo`0|{cnpH2zyfD0aNg5;P^rqe z)?V4&b*rlq4heDD1;?dyjV1PZg|W!e`4o4WgDTM|sXy>Gjv zkTz*aiIvXv*)|7;9=0Vl+^P2t%^QKc%vBSHmIkF)B{oism-9+1&}@%9hW@G{;BsAH zOK!qwg&Y~Xs=F6^)xUm_BXsIfrJnZbRUA*Wkcuw0*MY~U%Q{e{Q9&WES8~~_QEicG zpFWv=lzi5vy|W(`?mn@0ZKMCpjMA;bzXGWSj1#s&sZYeB4et51%r~(GL>ub(G^n%R zj>XmzYF%{QW(_LPj^!xu$&u(g?1trsY!+D4;UK(%cEJ(5$MA+MI4DujE^|r=wbflz zSILR4M66GcTt75L7pU%Gsx3Id#8rUyXgA4#@||XY#PM-s3JvimirZtNawkdYHJ60> z^I9TB33-2VZt&(Pgvu$=f^AMacIIJkPV;+Whss@Xf57i8vKYKgpEFzty_ZhjTGcT= z(GUGL!+k#}ji_LW4LGBBxDkq1`JRY5u$F^deGf>*g_Xl9uOaFz@Y@-iF9`jmZYU*) z8-E;%R9RRl38eYL@e!OIL!Hz}lShPb-Y57E- zdEuC9AI?E5&FpS#^0NnnEs8Y+W--IKE?Byso6YEtCkC@jetDoLe)-fBy(y|O&2d|K z9HnjDm5Bf#CJ&FSsvmRX>%4lnEX#Wyxlf)>W9IM}PwwBmak^7uf!;(L#XXFohxvxn zYHcvC!WDypd#9Z^42U&R&4f`V)kxWdwDO1rwv8kf9A#K>c+nN9e6FSP9pB1#+p_`E z)XtyMl=GuJ%dGp_`b8+6ULIH`| zMq#(o4{#7$XDreG$3fb*x=K|d_Q0a` zM1Ad$kXH@vzG8G;Nj zF$!1?!-b}WwkQU&9Jlm6h2ee2+`Y@_DyM=0I3Mp-oYa#{G9p9|t4uUTe5{|g2W$Sd zCpKKl!x(gr01gf6eGYOuYgXl&i>1?u*_~@UgO&oqwpXYT%Bi9(d?>r#OHGKyOd}mo z3!q5+anJoBkc%)raL5l8VpmY=G(^;c5MZAd#p#q=sn0_ON`1zbO`W5-y z5un3|xp>{9B9Q)I$$?~ocwhV@I@;?X>sh`(CgoU+Z2;K&V?Ul!(($x-nI&I(&r?(v z8lI!A7Qr~rG~}^8o{y8|tqjez9vBHtMvfmCqh)=173c_1$jJ4Vg5<503kr%sKFOwD$6OTb`%u6+#ux;lrB?mX5nJ58cf^#xLj8D&hKzQz<8vP6usuV0 zqIHS#Z1Zo7`UOiy2@RK9+C&(iaUs3aP7@q*$3q#D>BB@VN?>3@s~0VpAYA{mBc7jq z?}&lN?&3<3e~P01*%251*%6bLEatrup&&dh%i*-jD@g`u8W~vRxF9DNir%VhB`}x> zTOMm#M6?Bs+YUkG>Yr!~5+i!aEMw?+rqxWE1MjKUdc5mYFbu+g%X<{7L^32;5#bBW zlx9R}f-@w{LElkWs$dwB^W9Gik(jL$x7~|v?8eS5<(!YW#S=bW3Uz##L1QtgO6MS0 zW^6R`^$;~m(!r6p8&@Y=yne}|*71|jSg}TX z*B_&)KWAh{$OhX+g}JzUGi%!;MGM}w#}bFXDf0>Ecnqw^DR4zCRun)Qkg)6ss1NZV zQc-NK6SU0_hB=)2DEbtr?JIraM)@Y!FU9qe#zyoq*R_7sBiC=Rv2YzBG=0 z@W77UMbBCGmA>CbgCU9)!5Urp(!Mz%E zCN^%b0cEl&+Xe7I6X^xbLM^1eO7wf3!RbTN5!cqOFV&dNQ*E{lL_`5P_9 zREE|x{L+DDzuDpAV#yIYZYz7nW}cX-dn4Bh;3T!5t*;!A?RYfGs|l@AjD;LcJE>G& z@-1iE5S*c%xtv4X#EW}13jaPdL~6!K#S)m7^M0o%L=|%AJCL&vu;*MG_&KpZpV7;Y z!s&}#ApO@Bv)41fhq^=+`nM3OkHAOoE!fQ)q`ICKR&S(VBLfl}#Ag3Y5~RIRrp|JT zwY#MiZXF@JbU3#M%12V8oECaSZRImr&yKV4^7LP4a1PVg=0vu%m=2i#82HPQAvxPj$Pa1`k(gOeAkPNwh zpSRB81a^)oI~6JJ)2r0|6mG%?J`elk)c-%Aku4^B&#-=XAwy&ZTCFQ12sR)ctRVpX9zQ zdkvuE8D;jfmDO8h1KMxndYyL(|LRR)T@!VuI~*GX%V2~rxP>-R{aSH^{7-L6Oz3Fd z+aQ|ysFxEr6QKg**W|tG2_%n#$Ked>I2M98?j0s+)ZG;Uy2fK2Eni}@bO1Fua~bWPl4>`E-A3w6NYW~ENKGHd36ceJ;NSF8f7 zoU=FtXEs8*u4jhtwS}(LMS(V->rAJ%OIoDT47;jGX>y(Oe!g!DqEM0@Pq*2e_zZ2@ z<-8!g$jBYaO&3sH>O;(E4@snRl^5BJdt=B#BKMA0B&}1=0dG~v>7Z!%{)XRu8qU?5A@gLy02sV{VsIe0^Ws}#WPGoM-I^Yy0Zj5 zk1d^319)Ke`m=f?uH~KgUTEN!c6n#D|A{MYW#(5~VRbTF-DDRXK5y+|AL#1bYUza; z*Z3Jwi}Lpo4aRRzKj~fEd?4=&{PlRXH}*>wOynv)FXX`@p$G~=6*8^d4Hh!pfS6*? z@aS`v4+PIfRnJ}6N)s+ze=%srXLte z7W;@q{QFQuflr5}Ga$>iw0Qqk+;2}QJD*#|pVvUItf{pocc=Kr7y)q(2j| zwM=5zDs=ZeI)=uinKWbc)Nv*+3Iuy(FKu)>AdWj!$Obsa?BMNsbJ#8Se9XIi5hj9b0V-raE?-u?u=Bsr#ZaM{Nk4rxaMqsHt2?d>-SCd}p^q9AT*#;_f`>~`61fdu`vyncF zy8U8>m&|P{{m()EYgRI>i zXexLss!eoj>N_O^6B~P|7)p%$4n6DN|qXROkB@qQG+acc-4 zI)0A7hW}9o0tt@};;9IA5ospbD7__PM?ul;c@CZdB3P{=vb^|>G^5RoOnmtF@&8D` zvMTGJ*4X;eK(x{BDAXAs!p69rAoFvyQs`efl@yFB5xzTF@}zmp$oJa@nrI_IG=X3odZHLlQch0Fg$ZRhnG)(x&V4JOpAZNZ zRRq2N16e`$=BGo9&C&Y=@fblIo%-*%Z8QM4<+MlIT0NnO+c;xCU%D<#K=l$$XbO~I zmXuOS5sH{?&-nTFAGmGFx9r!jJn=}|_IPD@bJi4d-ZQgVlC4R4SPQZE&m%%HSK@sL zHvrsr4uIRP28}6UPk%Ft_yF_K-oibi&HdR(8Y}i&d>*si)26HeG!fOj=WlZiRZJO! zuFjM3M`sWfeb@TNY_lo6K#U6|l*1OPVO^{vAiS*RV=#*nO zBCRO7IJ?D%!0VI9x)C4y@P#&=;i^7ig&uWN=$Zv)VN>KvO<^A|mjZFid=pg;Z(Hk) zD&Z~p(t%5OxJclJ;myDZafaLIQs{MU$5BP;(&+Lop5d)mabPk(GD|ZEZay+OB6s3v z7Ml?^95*IIEQD7>s@L~dT3u&%8ivDnen%jXH34qc7KiaK){<7~Yi9foD3!b|utier4|~9$TY9_rI^7-UEIEvG&MK9FrmW}YA9Qw|ymLWb z2>GI*QfEao^Sf4LE=;kGn^W*$CRO>t*~fMwkd^z)?=4CY73Yy~n(kzik?`#foSleS z5#WjbY0O_powyk*?RlUV%zzVr5G9+uW%2pOLh*$w|H1#AoQ`pob09Y*H!6l=?6BO#J$`8v3>$@Ii%z;onY+LigQ6;q({2T`bEbooFY( z&Cg~Us(}JuXoG`+^%j%rI9CU!U?$EWq2>v>*m8QPfSs<+DD3f5S^h-|`;}@%N?ib7I{F7+%BKt!{lSWHjU}RgiAxld1^U}TDkNpQs4pc6it;1VBs&#GdX~ajGd}9=X*v*q7s1t40nGM7KgD+*P zc_(0c|0G~~yz=}fBjCoAXEA!)^WjZ)J}$`5yeu$??3aA~LQjiCY@*9!XvfnaF;E4j%rQi*zZAXs&vsJFz^EUQ8b_*4htAdD4t3;rEpt^Pa0ik{b{ z&e*s^+S!4@%4(boNW2?LOwcu@@iI=nRZ@|OmUlN`&huhzD2-zythw5*#?0A%^pDQC znxt_1A}f154annke@e;h`uR6^fM?=g-2qctl7E#7R8P&fmx9!nn=zNyJM}7iYN(Hl znH7C#Ml@fo@FS^@?*HBx2#xU8=n@<;KoERDxx)C>cBFZtE!J)v`OhRyoDQVdEc;Kr zg24YiiPO}8FDijc$cCD}_MhC$-3{#NZ*C@T>fg8-Dz>!$S4kX|){lR&tV&I{?=0&n zpRpLB`SXXS-kxf@$#pof`}9X;#ZM4nU}K>WYt#PTF_z*1b#a#|0_0`k?odn^xKJqC zD4C&l|LY`9>i?X?(GRq*y8bosca(MLe?VE`B=W_it)@B74cF94`P|(?Bl>3zv&Y3R zQ~sT0m7)hwGXoxf^9Z66|Lzg613UtGCe{DKBk1_;5#)^BC6`wJ>_`98BOoRI2Q}kt zvDyIe2r2;{L0bESlw^`fdI`Tflms2P&;`+5mM!AOOH9z@*LZK*Fzk4cu04 zmYg}MpzFAgWMc*#3xEQG%zP!XT>+4YFQ$a8&e?=u(N-&vcyp1x>-H<+@OX1_moS9f zPTzg9+n|5U89;U(w?r;%l)S%a_wo6RKvT>qx6`@QD5i_M%YKTFdti0BpH_!GWiH`w#8FE8tx_xcIFdoUKno$RTg?7B2LX8R>cQh#^T4$n;Ry?dG$j*{ZM~1b8qc@Nd*x-!h0|%gKCk{`FT}*+ZbDP& z_&j(u^Pb3~g3m2=g7_|4!*isM>R!Ok6nj^?*<9^(G!I{ZkF2Ny$ZS~+DO@j2nydustr|HA`ONZs#c!RqZSzgLm2I*(LtZ+&wqmGQrIT=7f_57KX#-WN+&k!h zA|?pOPdZ`qXoFIHTdjD_@IEZ)+al_W^B9O*^3(=n&G%Z4(LXsmTC{cYgltgVP|1mZS2OK>!)sE&9)nG$}peis&w&GH0JRqVrRMUq0PB|LX;@OA`3Wx4&tv@f(u6U; zBCcGbupXO==dZv55cJQuFe45n9`HUT%*42Sy&}X@(Mc?OMkFkGZ@Qjv;UsQ|74dTw ze;-On33w7I5hhnrK)Do`jTi9UYcZLCau%W-aamUaL7{{)4NRdVsm5{r(qb=H(J%To z;K}?9*~5kJQMrG|Wy7}ds^f>}LKBcOfioLMOB(n$|Dg70*tVnULSL%8SSl_I8<_em z$VG4c)Vvp+T_latZ;lU9C}7E@`N8XoxXrDL3oS`@Zgo-Ev{k&bJF{H<$%hu4)_*as zU;kiSzv_(AN&bdhg92ms9n+B|g!K;OgX={l{09f(Y7V~XvwBkItKRR=i5SeGZ0g0nfw2GA#Ks7RynSQ~dP9=<5$9^gVrTU*UhK z{WA+ke?YI2&F|3b#{UL-E%^(2Rl@|YufE5IUAnx~()7|q9c(oQ^-FAwOl(Z3kvH5k zc?qL*R-a67oxwKveqL%@1>wkOobqC-`~gd0Pp}U~oq|2BUBZT9DnMvUy@(Ii|GQ z-CSbCrCG5dJ*Jc^ff%_D9Rbi^qx~`#7Jzxx*3AxBj#o(#2|+GXr-AVHI?T{I#d(6a zr}mF-i{F}@;KfFM>czs{*aDPrkhc8WZnv}B`e>*xlb)|2?R$^^8mKjp`!q^1fM+`I zSe=p)lG4&GeJ#b%*yXp@jxbVF9zQAmQb%p|Q02wV$yxoc4nF{UeFo7$T)21+|GUSJ z4D#FKC;BM0nQI&^tXE?3O8GJ%JuDs}6Tel~l`yQ~i3i)A5hKyP-3bl)#V`8FARz(O zfk`3aKj-@O@7`Sozvud=;D4X%9WVZ$&Gk70|D5X^-{*SDxy4cE!2be!J%;{suFtT3 zpX&>t{$;M00smjm^)~0ZO zxYB&qrn-ZVuGME$>VCR-r0zLVf&Zn&UuOWY_&;a-i4K3jPxV?S-v57{wUutN%BwQfG7$NAc}JJL2}GkPy=lQ{a%r^TsC3t!%kU< zkjb|x;TeEGYVO}#aB#4M?ff3EjqKxsXK86PQW9K%am@;nzMPm7=9TKXt4JsedsIE$ z2XUgMDCKU|R9igzFu*`o!l4$#AGL(A&Av0^g}-Vfjz%>rl5d3zJyoQ18+l)>2lhyf z3xhXw;7H1se@hR=+9cd?qaW{Nl`ADcii02v+e`*0>ZT}mNl;CWzy7M>TZK4d5DLho zR@%uv$+^DX#w(sYZgax8C8fKE7SLKf`1mmHrmeDi_>-Z|6qr?n+0j@XkZRCe+&&8@ z7jEBc$b|hWZ%V3jd^(^g?Df|DlH0&iwL_!x;+8KVQ8iXb)}+w-e0$1jx{nSc$R-gU z#F>5A8z@r};FYgCv2u3B7ze}x2D?CYrtVq}{;cEjlLu8>7bg_o zSh{Sd`ZoD12T;$nVxbrlxAjh}JUw^fLD#vmr@kvl&$R!e!77Ey9d-seuP|hSkwm@! z4hs6!JLq=!m=EFgcEon)~9PaY*S|SNNiuw3r!Thzq+K6!79f zyI8REj(#hUXg&0~zVXOfyUyqG%V=_ApAFd{Z|JH;ZR?p> z3hw8oh~`LRXg2Fqienp*=FXLhK_zIDVhf9W6_8R~Yb?(OOL5W(&B@*S79Ay+6#^O@ z0(SoM9e>u~b=zBDf5>}mTy7QwK1sXAuPi27zxul(PQwO|3Y!O2z=vW{`=I#UJmkG^ z0mjuA;sB^?CQ83h#tj zBixjzLyw4%%W6$5l)qV8i{$U7jsE1vme}gY-8Rtd1{#gWe}-^=!$p1Z^bvZlvdd}x zG%x~LEKc*Shj?y)c~A!QN+c%+uOi%6k@Shyn2{|IPs>S82^*QrdRRpn2d%8|QtYF( zSmX$3@(hj;%plCenO^{!jb%m)O zt;6=^dBW~*f%Cs0FQ4Rq)t0Uoal0Eh59UJJT9w!ZYGUKE3(~~%v=Gg3-ig?0t0t^B zYD+*C6(-i&SvHHl@U!jmRWtX>zE+M#6W^y$moGw^vbNx*D^KcGY;(yT;)6Ha;`)U1 zMB80tJEa?#i7r>DRzFa&%lW!ao#v^}EV_R^mcw*i?@Gx5MYvm_&M5L)yRZX8tjld? zk~^HS`f+n@4h*AOWbp*j%5}AEKXo`;y@wY=;E}YGGb$y+4)W31(!5K+Gy;yK)wws- zNRPI>Go=upeaQTvQ=)K;6k3*X=WHXxSQe11lPF{)VjuF2mrjLAH>TvZi!0ezZ^$rq zXmPvU^t#X9WRM6&9`eLEw@`Y15M-|vXX>1U+YM>gy>4^w};|N zi_W~>R2!cuRdobJ<4Q|-u3ef3I$j{T*y2H}f}H1^){K%Y`73@AYF#8a?HKMbr-EIi z$2?RsU52LagboLSNYL=!`eLz|M86uKxM$lOB?-gu798UM9bhg5E>wU$vyEnQM# z{zpc6`CH3TPc5S!bGmVlD!%$i`zgjyW$HBivj|Rq8{VW&C~K!Pq&MNzWr(PVg{*IP+`AakhUow zfkPOQ;@efRT%fy#?Wg^$o4w;qapt9lx4R*Nxl28) zy1Op?9`^=91jwIbpvry}1pJ%m$T}GHU;uu(^Bx3Vy);&Qyb%k;HXlh2n3p&Q<&&Rc zzN?AGKyBeuT|aYBvvK;FUpl9AmhLN6{UALd?-9;*WTEb5g&N}TWgSL^`ALAdfn2E) zT)|J6(0Kr)3ycH7P%qB#D}(Vn!)v;cQnbtOGd|B>**1 z9RN9~O`URYuXZFmNk)wx@-@6*{nNb~+uz=$rSscW@HI>Uc2|Pv;XB;7@mL{QHsr zTn{MrEY=1vyeog6G&rKUvgf(4sK~(WJ#Zu>Q!>xjF1U&|_6z+NzX4L!4oJ7pn|>$s zcZ><0MyTiW!jQ6nl{^XzflNfeuaS1Kx3hSOJ_&3VJ=%a#BoPacw_BKM3>}Al$A=O3 zSxo*pj4Xa)0SqHaD>u}-oNpD?4BK!o|1ck+m%;gx2iX{$F@IdsHwtFh7%)--2@!F! zb(0%RV$Z8qfBz$N2WYU#hk|1Uk1dtW0HJm#PUo)pzYQUKzkI(5Q2*!`y=o{4BhEVi z3crv&dSR68Ih~*IA>F|EQT(r{o#17(BR`SOHnP`j&F2cT;gllcK8ksZM>Z7S(I| znuZtqAl@lh{_mL4u%#*W!77L5y+@7>5$a1q=N6+zIRYdcV)W|zWQo(JX3;!0E^Y@0 zFCPaMN0nUL)ke(v`V(165+&;4$Jl7xOYld(oS2qCBCK7$VJ!5)JYE639l=ks-@{uc?s}+( z3kQpi4VOne;%|-X9%M1W81gRr(~!%D5}Y0N}VvAPxiOyyUgFC?+Km^s!t}Y zZ~qy6U;6Po`riH^tH_eQp#N9&o%+w{I}tk93}D{S1I!y97|s2E%o~C7^{BF>>CbG1 zp0hYr(n{Y_v5gF2O~MV(%#(5J>s5M`l#1E%E4LRpH)B6k8g-xGd%( zX0bKVei(IGMqu-Z-D{(Zc{FT%_A2c&0NvCh%{R?u)=|S*uB4<>SX?7P+uKrXdO8GFES5?@wiBw6;-pCnl(Qb5#2lwakqGRCU9EE^R;46w;!`{1)^bz)2_uj71NU-GZnEH z%9FqnstYprD}pBhr9~H{Vd5h&(&Vn$s0Glt1a&Cv-iV2uzoWkMbmDqcC9OrW^Ge^& z1xF34bXdY%4{qb7TMLhTXrq<{ls6*4o_oPlAJlAOIJu#C`LKeg&)s#DJOE^DK^Am&OsRQJ9OQ$(eL@ZMs7 zje$%M&uh0ui1{vwI4BjI>O8C3{1XUrQOYs3K<|>eHN~8Zb%_cN;x76xQ1uut)IE2a z1cu(GVD>q;L!$mB-9hC97!{p~BevVLD>kuv7B}n2<1csj+h`uPq2c2vM0+=b4#OIm zr29Ah7g<7TGh!aPZ--laS#Z(E(~0-vVnm^D&+K|C&wCT-NGDjiJVLd5+>2lKVM0%y zx2rSaSIjUzaa0{*q7Pnj7q&n9&8q9OL4+K9E4y)_9P>bp++9a%^9p~xy&8YxAL0w@ z6>y9Ree5IB2%{cIK(3@$p(f=f+)|XDDJWe6_mnJ@i1X$rE{YP5Nx-w4{WunE6ZawL z^nE{S-g>mqwVJWYW|_v83PS)Vq1G({drh=n&Lm(vu#Sc^f}zilyB73>>BcM~i+9o^ zQzFUN&-^z7$cclW?eX$C2F(Ks2~ya#^D9V}cfxC*Fr-@}eH0HTSAuIi6YE7#@$N}a zR=gP2DXmF%m|7*R=4hUtX|1PIj(bfOuhIg73={XULy8lSVhFa`P;XczOj~q+D6R=K zD59go{GzH|_HTGgMoT2CczbJPqSg0qx)2$sEjTz5ie2wdf4kF{%czGU~lhH-eZsy z$S>y~;Jszh&Qj|TKX-LvYZQ{Pf}NE>pC7+e>Ay`Q`@hKD@zlJ?jiTVWo$i*>EWYXU zcfCU1@_m2HIazqSJv%`A{&w&c=t+-+Wd2RnoYUwHwkf?)m>sf-gubDxVhIQtn2bUDXvTS;8yPEai-0UwW4_myH|z{#sow%cR6;>5lEDYM@GWz zo44pTA6uKHe!RDf=Myo%ox(Gj$7P+p;-#JdwE$30&%mc!fw@mr~Dka2%P>>ZnHdZ5}e{7Mrf+WOQc%A3kF8*aNzlbSBx;+ z391tMl6rq)2~|d+Mf^$s>Pe5O?v?oDB1+A>RO-?i-3%GvHN$onyWq`29!|{k`uXmu zF(e$+#W7X^5msXi1YaHO1NIOD!a(?T3&HMYTJ1!Osm6Aklm?|X>9;^yW$3iw?$P#W zv4U@MUY*Zz=h@V~94GPr+TPr&eTjfqFsUtLw3usjo*{MAX)!(gr(f;TiR!zna86+6U4!inUG1g#VlDic@+opa7~A}dxp#q=e?0MpLkafK@Z+=Z%TC~7L6U%1 zxhH8>|LF6Co07!x2#TJ7ktE2tQ;QcE?{2c}M;Tp4mWbl5QM|YLqtiT_yIJ1Dc5GoK z<2#iDG^{qtEb;VyzozKs0NsOW6_EAXuIgA(*F%n+k>PJEmd>%Y zr*A7({jzyDA1*6x>6%s^RFN!Szwc(cs(=jlBZO%RSODpHr+XFPn-x6Q^lQ*jB5yfm z5dJD>QmgtLkw|w>=p;qDs!`x7AOma!Y;+LlS3LurfM*O8q4G>X|BICI*HZ(Ky2&Mw zI*|I6#18OL7{aTH!K~DbfX-F++uIqiX5U=gBqi??(!S*_NV6cn+80B9HGZ|S6;kZ| z(tCmIGMW6c2HyKB$sOP-psL;Ysr#x-^Sm8HvJa0w;_)=I?Q1Mdz)`hLM?>ax3l>;* zwznY5N=1lTzqTdKR9&4e@=yf_P#1ig3lG+c8KDUaDH(tqfv#t5h~a#7p9z2-NkKR# z+)|%Or(UPnW;=*XbxA6r~tw`K3)_S!xw|$)l!_MSk>F(H%mSJ_rL24aS zbd?w`1pRd7KR}IA=dQS!?rQlKTcO@yL6eiQK2nre@E&sZ%qa4ch2$vY?VGC13qyM1juOF2c`UP39M zAtE6=fOs9z<#)fPeFP9;^K>zm6InRs3r=wm?y1&ZpL`brS_G) zL6BCuep?uo6j9k}gPiJ$O1BwD*DZ~5^JY$;#?I)43+Y zfQEwxEc;UN2c$=5W=#QDd2Z%4khq#sm8COPn_7?TMQrqSwra#2VWlWyKAHVuf5kSW z><*9~eJoISZRPWO$zq(seyrio?jk2hR@9~{$5EG^$}4PZ>p0D>QAhssBIY{%lx^*u z1>e);wUy;e#zK0_)Cp$~sWUFB3rTWQjV$))bS76f({@}vi;TqR!xqI8fr0d59LNBE zJx)iTKo}WUd=xw>dVG{MDSA-Z=hCnw###Qxv#wIGQEPx}iX=WbM2phztQ!66b8XJscMqPe(!{nd)ubLa!wbBed9 z!H5iGvt|J*k4mQF6vbvPH4+S{1D=_{3B8496-8<8W7}>BT14`st-6Mx)jkJyOSjjU zIM55s<7~~-EMv2Br4w78k_DVClQZ|e-N?QjlS`qeOBNaAA+6|l*#MWeBUP7G{e=G2 zT?2Doi7d_JDSX~!J4LUanbnf|bj%RSp9}lnhL?D5PAbcqJ&IeGRMt*YEiDqEf3nN3 zo-F>beDK*FiEB1aIm?S4sphm2J1j5x;yIzVrn-SU- zZ4jM3q0SRhYg=xgE125`H7YRqm7J8BpXd;YIhPwL6!mjn>>m3ni;2;;yt7+PvbXp% z@)bt|_Z&PHdP4@Z{c;jZmo^w~7xY16N)13=J#Eos%r9o@`n9t8a}!2fB+TaM|$nOmX(Ls3$wQ2vsZQ!r&=Uxa^| zs#}g{ZXlgt%eE@-b&*x8FlTUV1pJ``VKLw~n?+u#s7b=ILI$(lF0{>#@1b{;9IG`A zHDbzpYg+CCGmi9&Pe+K?x7HId9j7~5iXUwO8wlT@X z*2K1xiS3Cq!Nj(0+nm_8ZQHi3+cSIb@9h1Z@7!DGW>u1|4ywAkD_QIJJnR3m@9jNC z-?(^bXp^aa#WJ%8fA?NeDk2VwU?3LUCJM$)KTO$WE!>q1=DJVb$~09r$GPQBN+pV9 z`OE?LIUNym;lLJl9eMW8mfieh!qRy{uZOZ7Lbr)_y2h>sYbT=HH`xz?-lpg#`#Ia? zbVXAgGq_XDZDvn_l`e|+J-&Z}_JrY#fN!q@BO1tMtl6T}zV0g&t##cJNfrA&YSQ?? zPagbD-cJL~c`WX>NY8KV*;7r^*4q}pX%FZEA_y%dLLZGYtubyTS6fy3_wywYTT2cL z$;(}Qsm9U2vP(dYk4>8D%*PiVUX5&RIP^EPA1D)4CHWFPlW$6PlYMb8$X=vL%fMFX zxUYx_Tc(i^e2QTcoQ6X!?mFrZASbJ?z=EekwtGTxDCVL9ah84u@p>85e zU!s7b2?G@$(0nElsl^fehaegs)DOX~L?jo= zC6wGP)1~Q!DpLQ45s-1FD_pXYerUjjfJ3CE8hK_rT8Z9v?u|jYWaRsv-VcJj*lcS9 z*_u=N>0E!mqrAhzLs-ntAxc%5`7u^Qo~_8)*n6yaU|-EUtN%DZ-ys8z@~)mrCFp4$ zoE9;O3gKtwNB9c8=e$8`Xy6ZiBN#dMpsVW{a6?Rq6@zW!8(>{*H zT#tZMwJ|_|-{Pk7XRSBPDTnSL=+d<=JQrS{M!RM0@PK*f6pQp7i)%HS1xEc2@CNfZ z1hsqotunWkMKVfTOc?&ANdG-+=DKR7ZIU!<6`lfdYwsyx>2Xzxv(~G}!&U>`lUtoS z29@A9xNmgEhPqBY%m9Usj%?GUlexie;`p-j)xP8NW1Yh}A9Wh{PV7_-i+iRY(f2#x zlMCgQ7>1^`m_T>XdGL468ICSeno4r+HtbcCX*&3gqh;8(>8*&0P+ijoDln=nYc!-$ z1J)WI60)Byj->nsL{t4VHQZ_D!D-J>YhznRD&)YH2ZF=WwoDk%d8W7NICFX2jtDE~ z2<41E>cuCohrM}h-`^9gs(8lrD?Pt-ajF^9dssGs5DJWfK$CiVBesJk2E zxzAo!27{SFaGT^XKs!@>tzE#oMDn-HhiVIE_DQGj-D~))=8It=`UAvCamu@JR6ah+gzaaq+(U zDs^~CBvQ-lMq6~TJ`7m1-+F37JelNF8wJtiFn~`$PN+zL9gIa%eOsWh5WEnpaZ1sn ze+6BK*61;gWJ#G2v@r}?KFlS8RfD)5kmCDf8jHsPKc%CCJt=9)dK_7zE}Qsel*wgQ z?X~iwB)S{B_>gX5x9|P1Zm5EqN}=0C#kwD6H{DrYBn24!+V6GNKJBw3+*YfsVC?v z0{oI)jcsYCUO|_hl53FRb1jyRum$hJJnIZwc(h17f$aog;9g_euB-8W>vfLEi0&%_ zdmX^5HOwqZ=L0V`8m`&`vby*2f{o7iG<=M>>o+x0vii*Q8~1yb;LXQl&TCc@T|py9 z!uoe)80I0KbR%w3+xQP84@g~Cc&W!H(ia9(gQEzGysWCJiD&-f0Db;r^^jNn`*le8@=dtODoq09G286 z8oVC)J;JBEKYJC!$c=vKJB);snhmX`6Q)_wxBNkmz33$G=>A0ng1tvIB%^f@;RzTJ z;S$>5*LfJBHLH|6h(L@@ z4A>dWqQ_?A7y?XN6bBx%Kw29fPp-BmbP_plR~{KF+F(#SGhtMoGe2{xuH{S#k7DV2R*QAP2t!9gMwZ=@9QNxJsy1~C$w&xptx?E zddzS7jV0_zo{In?)0M5d+28f2%#XZg6yA2VzTS2vu+|ky&a=2qa=)*^eQG3zgCIsO zC?)!#%Ajqo>HHzD8xNeu7(o8cC2x$6j6z%2JM8+Jff)WwL}F96$MA-MHxa%~9e&`3 zy8+d!)+Pk;yKya_dqq-07rtvlmWFZ22)N}S)IpnV=D52)3?bWPx-Df>KV~WWDf;bt z;~>vWj6y*o`k#16-dICO>_U>GtHi2H9H`LR;JnQ0DBH8Ri?Cp|wxK;|fU5NTkV$D@0lG zG0yg?>AA>TU;PxN7NITF#QsLrKf{`6QY>Pjv{h}++#U660v6khvt*ts`l$FOKh6^= zN!v#bGy0Yt*3?XVmrG)Lh<#Q*w0@6@*d&8CcIU|THQ3alJodIQ%rb|KCXa1=EyXnc z(M2m@B$2VOAY6ZmE!k=PWP-Saux*bmkN)p~Ld5ou0p%#yh-Fuf#Q(W#%Eo!h zt&Y}`+{aaZ$jsC8o4x3}jL$ZH%0L9?(fHt{9Jl|Tq0q4|!x(V2w%!`4Uw4cLGnV?p zbm_%)KR8~*%Yz8uNUkAeQPBUGP?jIGaG1;lok#C6(eVn+*TgXcz%m#HiN~x5Wu~c3 z99Gvo$-gH4u!XYP)L)$L=w+6^E!s@-lAcX}chh}nS^sYn3jTe|Wb`u{I1&WNt?@zL zCd;P{d~@!=`m^gLj~?<3Dz?Zj*UP9B{3mG#2XYUh3@2`6<*ES{*|rEKlBJ6j64^@P zq2q6*`I|Qio+u|GT1#oKqb7EVrhkqo#Ab#O{}@r0;{Izy(PbqIu1UPq4SR$37>pjY z=!vOjD)|35qRf2Gr0Aa7UY;VDt`F`G{25U=nHJcwV_d5GdeT>kPCao9p3KkE!^eVwL_B%8IG-b!|`(2<|M5nx6}iByIu#y~%% zGcpJcs0y5xcJb4ptaCMNP|q2;p>ameB~9NZeN`Ip=;7BPGR#mvDkA?BUzgoB5w?n+ zX54AiAK)e&H|ZYUSjR=#s9bU=aTmT2zXO*yLM4;qlTkLE?+!^%i`DSbCKP{GOBcM; zEH{>ko@S}R7*Nc4(>Z&sQJejmSA-MCDE#8-a z>_Yv^2If=^TsdY*iK25IlZgoJ;CQLoF_Qz{PM0?9XwJabEt05%AaXH9QW{w?#)=c1 zi@eOTG|*jc<}K=)%~WHXl1@k4pitOTD@AFQCklVkOgEP-$$smA#6( z2&d9UoBkAc!)^C@r$y?hjncZb-#Awr%^giN7_Xnm7smw>#GfO?A5@mz>Uhd>3{`Y2 z&xQpB$Xvue1zyGhM_sY+oXX{t@F3JD%B0g?Ek%6uO(zNul#y(T<6sGXKoK)n4HDZv z`+7bF+uq7OK$6CB5_(=GJJg7`lD)6-{aPrCsx+CE%#pIY0uzy{S525JBvsmAIj_DW z1sce21|v}Tj6@YYo*a99M0cTmKWs@@Kj3z>KQC*iKfJOcUcLBa%iG8&IiR`8!;OyY zlg6a9TRDu*t2+9vc`b^}1u%6In_+C+pPzUll#~K$eo=^&fIG(b-%w^zhOL(()ixI0 zy`lMJvk6+|eew1TUGpp4S z+{uPIQof75IZI`fJ%De)A17f1BpMV@apFLG*))DQ-3+jrRNl5oax%gkhvI%nK%79F z%k{OXJl--NuG~jznW!z`0^TRzYrfCk;~&1Tc+B?WD_D!qr*>!tVrBE06$Vj*rd*ja zUN^{)ZB$U87CJE6wB$;q&ky%4hcaGQ0PZcPK;4`h?qmBl()Y@l;@p`l<^F>lb(5A0 zHDy7a5<~I$yGcA^^+M5=-5x^>=Pl%cYDpo!#gvP+ZlK^HE%Q;)l42*UIAtoIe?2n7 z6u!TkX($c(de=^-kw`>(T_@>MVlmoqAC}YfjpXDsS}SgvJXNKkE4RQVC!(TA0eXFC zsIE)oU>qlvd}`So#cP)qsX6r!nuOQ;{i4nfz@C(2Ek1-q z?ZU2;m`9A^EeN?K4oS!Gf({yc4pc>ibc|4c=D5i>@nY4N!}T6w#I$|Qo+b8~Z@+-z5#eJFjj`NC~{Y=@HS@Ha< z-1hXB=Lbxhj^&o$mm*ZRmM=vt!G(hZC(9lGK(BsjmPM#s-t#pzN1wny@z3`p z7Tu4T%SyiGgu**pc##hMq4j215E>}Zb++BI{ z#vntK6Vc_Sgy&_A4r55K$EPQ*SBJ;X*!NWJ$FZ%?3i_kAdnEk-GT=r0>(gvS$oBeWNSbH*?+QnLW zyIdUsWXcdXZYpmkuu>%hHP23$rkuC%Ruf+!{Z0M%ow#le_bx%+b`y$`XJs7$;d)6K zfg@w5qPow}3oBJADxzEdQ;x1|tl7rbRgRUy;D=05tuV)JGQtnD*;mU2{j!F>V${X%H zMceG5J;~m)XT|Ej%PMn(*ZCUkQOXd{(|sH2JHgk`cvh2P-%v`DJKvSApI=J8m1Y~a zOg6N38O&DU5U~2n1^Y8ZnQ_;6#?^tlz2Sarj=7@thSz+S#55~U!?0z}@<()t#Wq7p z0;k%$pOV@5{fj(&PK^c9jF~~C=KLjMG*8v9Aiu;a2thMW3-r+14}sG9a$BHxs+fCz zui`0#;!kurzQ5%~1UFZSyv}ms)e{^?9pwGav}md4)lZti{~@B!|H1#Ec@?Yc4?R{gm8X9VA_j2;#R9IiYjO~X-i>v0G2<_y2{NbM2ZQ*`UjE_TBq zSa49|jo(SRrn=}TFNh#5eMGh!)EO-@fkbjd;c4k|Wv6oWqc*$~1Y zYqse^s>C2G+Id#9dLe7qwEeTNsWHc zUNrkqvOV0r8; z%&6~#BGG-2j)(zWLspPkJC-G z)U{hTs*m!9K|U7#;9MK(3g(QN7y*)n3SUCE8{akDSFYZ5CM8i#Fl+cy8rt zhuyBAZnO`5toS$hH#ivxtm^5b8%6C0humlm35{LA?=qVkaNE&=QTaC|1hTE>!SA$) z-~jLK7dv1t5HFb{+^HRlE>~DnY*URgWq2N^H(Gj$AhL?pLUHKkneVrYnt@NFx9wmVV8JXC%4W(^^Pp#PAWK;W?FdLRR=MT5bt9)}J} zgWE#~NiGVUX6!5x_XVN8ih#yki}7-W@FBU$KO{SkujxP!2v`&jOf(#%I)YJO3>)Is zobjhH7)aQ5^FCr6-fKv>AJHz@3Bi5sCtScq^HPz3Isv^|qBQY1Q!=xP`Al*OBgkF= zQA-3aB)C5`T68r|Q+EdgG1LS6{QcZRgmVx4R~oJ|3=5uQy4eZf{#0$KMe6^ex5+1qG)bhOx7#B_q_-V|@{JL4@QDEp$0^u}pjv1VjSOfV zUxDAnJ;c-bFv4^Toe4fTHAxN6JW73b5``Xv7kWPYL+##Rw*@p=pT(ewks7a)mXdW2 zX3?D6*k3S{w!ycF|-17)3E_DT#o%Q(8lmx-nr( zI9g7ph&YCj-@17eAzQI8e0GPkG_?|(V!6{87T-y()FQ(H!}CL!c1py4y#%Ri3HLD^ ziGC_gEGz)_9SVA0`$p&Hbo*ZkqYBC^YA^cBEhHv#;m%>iUJr)c2D8f&$rF+mJW56#^S?;-Ip)siUe)9e{eLYz%3!@Ca`BK0dd zECnf8I4UtBz1K9fpKo;gt)b!Kf97*zxtLj=^f{J9>M$(F20Hh@m|!+eas=qU%hupX zE05hrDJ=E~e&*c_CSO+8#FndR%+q(#Bfz1>!G2|w*m($?4n6!xnO;=!IbZ`Ofaam^ zpnE%jh3M(2=VaN@%ig2|3r=c{*zb*4H3gUO0c`DZeZ3w@kF}-K3qp04HZp~Uuq~mf zixS%jU~HOEyY*;!o7EJgK?`-%F_9_c^ytVi%2N`ygN{;C+=~q82HMAti|hpt zZg$?NzKMcW?&_Z0xJ3&2Gr3o^*C$_2B{`J3ylpOI)6T*acdmuvRanXb0Z0lL3|zu7 z^E)Df3-s;6%u@rI=a6a7*}E{sBZmJs97Oas!wt45zRGVR7&G_=;aCaUzc388t-TOvjSR^9_jE zms?wfdS206WfJIyc|tk}M$CJ_P6mr5AfROSa5Crm|94iX^7St(G)$Y|770i}Bl#~@ z2(j}|R_H-NRtsQ-S^!q)l5xWOmlZO1ByLB?Z3>MXuJ^d4XqKC-5u?uu=qttuTTTGC zG8hR{xNBBteQ?9_4FTu=9LQg#+$q}0o^75(!-kl*SKH@P=sa}u5!W}GeI!Z=vI6XG zmBWl)SJpAI&rUori1E}faOsTifC%wgWOYGY z`)(@t<^Jc}^2MVKBF1W?y&fkb?9GJcIdv|6#2#kQt_ZgdlHIkm#*tPnwZduvH99S- z^x9qm4&JY^*~jZArQ2e}WF3@`BIgZv%{M=kXdz$PJ~pP#gopG&OP;`gIA^=led2qh zNhq3eE5rHiv@-$)5wbdA6job5xW5p2@$gEK0uDwhv3ZBXJ7Rk3dTHV41@V&dbF9y} z@*y0aRy?fkuFt=I)+P{DGUgcz^VnsG8F0W!)%lgRl`qkvP$F7WL&c}-#WAf{yw7MK zI=07jQw;waBvVi|-FNquw8Pgi9zx($phWLct_BsBHZu;!sWwTlXfNXY# zN%@8jc}t=C{McW~MgJ)8H1*9x-V^Ze@QTJ^P;nAkOJzY=75Nsog--DEg6$Fj7>O(U zldQL_Hu@1!Kvw`RLaohbpTG*~cKuDxGr@Uk_tLi`awgz~msFYaA->nq2whKME@^Hy zU_*l-Fpwm!i5tJ;Z|}NP`$;UxuJR$6m8$fSMju_u@C7&Ed?X{jX;Eis;y*G#s3kI7 zDAeOiW`&aS+#l_!?n4*7RZ_N1X+R=`l1fRigLai-{1Z}1^^YZ_wSIVzq|+2#l9rHB zBWqru2((Mp2v?O!Ep&>~YkhS-zaHHbLWw18IKQJm9W04?rO*<1d;ug5hsU4p0DsQo zXo3!IEos9Wf+AC-6ja``@eq>st7d&-OUx+H=l-?iox$AG6!xkppI**9C|(h1k~EJE zkah|U%9j@!iyEsnLB7hARajLt?LjO)3i-N#(brI%z-8~O0NU)Vw$lQ-+cfkI;ZO3Z zR)wD&cNMEGphviX^3b-$IMzB{Go^1|?ZZF?asu0m%tTw8%yopEzOk{?>Yy4=}*6?d8r_&={WGPoU$QH zvMuo;?nCDz=If9^=XY8s#C}ZQh3SWIQdY5pW7VZA%RV4vF$B?)nI9KKH zG2YeVGjNpwVW`8ANRD<(iRLfk9`fA0F?YGlUZ2SJyj_0ZIxs30{xETHuBED7EE+kR zFB@xYRZe*qRW|B0GR(YCF~nmnVMH`jIas#D;{8O{M!GxLbvi0+;^;mh2_RVFRmLcj zp+erUKP8W+@I_rnv$W=d@WaMjn-ll$E|;@~gtx40=-yJn)5_!TD~zgI{;ul({nuZ* zx9pvE6y$+sTllM*Rek_t$6WA&KUvygHyK#08+&Ny!U>*UOQa)N$X>$4l?` z!e5u1ubt%HAAd?ZPnq9~|MS@j{BE(6-3?_*hq4Ce4xbwTz5BjX{0_0gtIJD7u(f$% z;4o9fS9eH!?mii_rSJaf{Ax!fdh425r%qMWj=;l{3C`O#!X!7#BiaIL$V~-l=!XLj zgUhH*c}Q1NH}d8m(!#JA0l|092J%cuz(>FrKoY$P;5|dKEslzBe|XOx?XUex$28$B zzPkQ5rB;vP$+g{D5#>AEfYV5?QzF0K_8Ge7Tk}z6V5JtKxGM{Y+0$~Q(mz> z1R6xSC&dqP5%k7xz@U<>|D zPZ&LZPd{4U-=cO{Cz2zc4KEA>yLS6+`hw>$CxQtCMhn>DzmBlM?7Sd+iI2b-u(e@Dwe~ zUA>uA1Bh(jf_d6DY^ABoVEM=we|D12{Oq_$tyC$ma3oIVMP3seTu_gHVwbvToWAyU z*B+sLGHODJHMiNu1#LH?yA7b2X;ZTKC%qY=ksT|ZDqxWxpvaV1CF}pz;9@~gHi(~Q zNoaICS=CZ?c$9N#EbUllnxCPPVnB#@YJE5ZddhmP3BTgr6v9t3a9D_(Q&&8E%C79N zD80b@cKI;&TuEzA;pIG|Vesbe$(d)p$Ho)s05>Nviws68B=(Uaw~`*Q3#yNDd*vIB zFy8Hr6FK&=)x(XmtOBt7&pbb3N~I7P_s3t`TU);njfp-!d-0lG^)u9x`8R4t$#2_? z3}grs6AKuRT|+UgRV#`x{{=WfP@|RrdQ<#>Fv~oi=c)6-B5n6z)wsyT$?m>zo^}x9 zvc`3hGCAhwx7!O4%rx%@zyGITreOmR%pUzkyoJosBF>NK*>ZpL`} znfwc2wG0CPS8~|_^F+beic+bCdgf_hcR3M<}6%pi1>-dmiesE{R8E|rDvC30PLIxapusd|7sc?vd#!yewW^1r)Rge z255rMk$pKhKjxoDfI3*%3%aYO@Uo#|1kO?<6CHY@GVwsiY^MHJ+Q|ch`~770=vnfo z@c9}5;^1cfcZiduH_+Df4*9 z*fN^!NY%_$3A-0AqaErwC;_Nu60c#bfi`bUyq=ZFRUuH>xTMV73jF_#|V za0tOru})CS+`VpGYQeFi`-$$3eT`a7niFf?JioTJ3;VW{?bQ^8@OtfK6|a-YMc&1AH*e^MX#?aSU6>XvC*p!%uBgQ7kW#GOF(>u6<6`i1 z5wz?WoL%d-;9^*P+75BEX0t?>YRwUaZN}+7Z>|1-L=Mc(sPB#cTw?fcQAkF4#NW86 z4YRqg1^BxjZ7Z8-yQP6-TYag>${R(4-J%wmzNgTpTAU+=RYjDcs1f{)omS!2TJ_tD zv#MOG0A6X&J(F|x}~` zlG@Y#{*LQpv30Vb1JxCB_Tt!z_>!2ivJu23oyb=fmce7cSjOi$&>NvcX;K?HNq6vb zijb@0<3GLS;CVdUHK4a-)Kq*(GEq2lc$9B^HN|((fzMU1el4+QjHr7LCANz%eS6(m z#1%%p&Q^WNee1ih&Px^WJhXNDk$Mz3%f4JLKhz$4F*}>TwMa^2{!WCJ)?J^l)4F({yQ!n3?^SP4G zr_BB3J=sb=?9aFFy&8RN$(((jKYNoY>owqa&u_2>cF_&ary5tp-e59nU2!_F--JOX zp;0S^>RtGt*DGrl%&>_b*~l>gSI0cxUef{Ven>+$N90c%Q3hY>m>34;hvg3gGEv@{ zPXbGtn-#q>*NTr2E=He*Lr%oyJJPB93CJ#Ooz){?@4hhJ{U9~XdB#xDD-7zq z8ZHt$0QZQctH?*9NeemYvi*eCa}kd?b@K(iiH|7lfz2wj8Ez}9wV4OLh#i)V|1KouPMv%K<*u(&-RKYG-NtN-OmLo zm0FD(;ldV0kJ=mL(>+(LpD}9-tCjiD(zQUU_b_#%nG{NHD);Sh<~vKYsR&5N zNRT%*JneMh52Kvgd?lY>unM5RGdw)eKSm&Ov98KwFr6Jga#(1kaF0j`A~BL3X{2Cf zYC(?C`7K(GS;&Fwp;3jBn(#V3!UxUkkFFGBhJ_iI={SWBX$MMXqd1P@r&)2 z?LiO;Iy5dOLT;4@P&KqkoiYyfXerAXusVP6S4{6*v)0P;PZ6zf*UbDXVo*P>vn2RN z@D1!|0ZL_6fxeK6m`nzHcrZZWLZAr}9U@FpvC&6%6*)`hhWV1(kC%Q=yjVQO&Uxs} zocrZP<`8*EAS6fcdp69mr1>uPg8>0H>NUX9~JM!XA~e^7w)PfGss}@V8a(~Bv>R#yAiZtLjl`m z26GK)f-iq6!P!B7`3bXOnT4r%<^r|n^hw=Fb;KN~$DPEVZtz$^4GoA6(L3qn9%K(> zkI@5f2z;o3!?5MsUJVQODlYIAS_sG%8aKE%;2gf4j*P-f-gY_61((N?cY?ch2}NSXC0#&DY9yp4YDY0 z53Me>L?Ab%?Gt=X5cN3}rdOLM?Yb~>(q8`^(%}ZSA`FN1_%Qn&> zWBI4YLi&Z`h3D}UgBxl(xsHY*mT4?-@a(m)d&wC+nBR0b5@z^8f8&tuPicDWINd-4 z9AAr`pkdiwZzL5lMlCngL`8{O&=>6k>~_0g^y69J7cq9uUKY0PG9{E##&0aCS$LX~ zU5Z_bvxjUxg$>HDkhvOs@-%B6-dtX?*Ja3Rs5?74P>4Iz)vKeQ6hYmJ7vSAsir_<- zK1~rizYIK6O4R^5*xQ&s)IWy;2$DZT!Gn&&>jHgk z34Nc6t($33jaAABB(G%)KYaL_n!H6Yo%c9xwIPB`L!GBZcA^ffA-o%JZUTs}f5T!w z?F2Vmxw#OD(}jc;@l(JJxx6vf%j-I_CQo2KK36A>tfXTbey_%}qQ7jJ=dnLz)P*Ei;q@V*4FxTFFpcTK8duz zp}2HBgoyea!(en6re6%hOZoTFpd5?#zjjY(ju2&6Si)g1v>=&w$CP|R214HubLu>? z7P^aMTObp8II+Tq`nRTfnl}4`n%t)Oj+Xz%$`W={Jn@Z}j~5pj!SvYcho8@9$NvbH z_g%wbq7+##NH~%Ir)b&knaV^RkDL{D1&}LC{AaHG(9*tpQER!$95uGPVKeD&gm>3E z*ls-J9tr{l>hsKWJAIk@*%YWLpLgmWv9ZKj9TTP=jC<&aub!L(>#H9Y8$n_AjL;y4 z?XfOUo?p(}2}d{7Tz5}8!U?db%o%%fi2p6j1w;wa|1_zbbIkxI6&A;=r@(h8ChT^o zU^kJc;=`9er|z6P%;BvXjWVMxyEGGgE&{S#ygCTeV`et-S}W8*IvjnvHCf(k>QnT~ z1F*afn*m>HpVwEOv)Mf!@}rVgC-D>yUl|_O++D<_O}mh;m`K2)hg|+W7;nSSpJfkc zmwzmKJPiN88CB8A6e5+vtBTb$k`i`|R(a{Bq+J1D`$_JUDjpKA45cCYDV!75|Z&mq$J1s3J8m>Iqfiz%>!KM4+YZ6PXN0e zslmq0C4okG8cFef5StorqOvAN z7FU3TemTsM(p%tfw+ z2_{D{>PI9+*tM;+VzIJnPHJ3h{b6ZSv6D_?H&P-Yd+ASO*I}Abai3nEkY2VwF|SZ) zif&vo5>i5aT{DGroJw(B{k1WqROp6@IN4!6HPo74%}=LI8MI&SRc!{VVMCE zW8y1^j}G-Lg%y)H$A$X!03v8gL^z)*Rm0|{uW-aradWV)Un?e53TraWq#@zVZ7EXe zjJ2|2eg3)g46VgLxJSqTX677utv9Mj4r|J(-R2(bY1URUTfGu`rX zHlN3GzJs}P@_yA<*%1IzoYU~p(I?zW8lO7#(XlNC>O5obENX*=Qii(bteBu1fdTSP zX$8^+(q+ZfHMc@#zNq!0jZk^v|7M3cmz$8gvudru@k-v34WbLKYbbAB8~+5+EfIor z1#>lm;#@FPV4G)KLbc1AV_~F!*P`?$rp9MEoxqxCzy2+!q*@}pNzy1T#6cr1~ zYOI>;ji*maE~t%u6)?BW5Q*`B5)6O!s3uYaBYL%^89SX6HF>SIqzvloERR+=__7<% z(t6KXG>5KdX)JQ|x}~70HCi6rdtMeC+g&wNjSm0FA&TA@CAbP1y(u1@U104>tSlw-Q+P zn-SoHyYEd8NIYb`YN+LxEs&APd=QGxU5d{wf*s3F&e76r1Ub(Oka#b!5jI?6So__s zM>YPywVSh*H1DAxl`@!7Cu%2T{oWmgU98ZgY4k+)qVDRcFQwhBD5)=Z67*n&zIfpa zrI2QMil-DkJaYa5$fDU$bed6jg-e7<CB3e2$EkA-hl*<6zVTyHFI&p{GT4+Di1GeEO?&p@zk~u)NQv-}IN1_8Y2LLLAO} zocAEITsA309+^u*)rP^}9m(%k1AlpBZ%*WcywDsq_P>;G%&LCxRz5?3g}HdU%--S^ z>@Mf3FxDndg7Dc8tToH2fMvZ<+s>3jR@yW*s&8?MPl_W~=`t%tAl?7U)+S9kePdbG z{#~35jVXtygbXMp11v>rxx7$*v$-0nws0u=Urkfd;K7{sA1}bf;7_9j{HIZ3HwH9H z@`uK|0hf#b6TncB?&+gAvFsNMWLpM71a@i5|1LKjHz-vGM2isP5RR)pG|ajrT;YFX%OSod)9nu+`N@=(TWHkF^Y zo}H7YxLMIVz-jx&66(#)fN(Tmsx%ddVHiucz{6|e6t%McP#P!jSfyHAJkF3(c&qdKvKZRz zq-e|+t-_SX&WZTt$$_wkMK7;s^;sl8$&=5q4B5spDg*2G2Y@Qj@VYg4cMJ2H)=@pO zIf^RIX`z|?j{r6a9SQKQ#U*xGSujOqPtD@GXx};^ZYzGYyEsfDY2T#DC+EwSOF}Q( zLDz!JQ(FM{#xu^HB-#{VQASi0x2-E~UbK|729308-JfR`C#skZKmu;NIVL|(x)UlU z!QCp3?b?=2ti*7do#5c#%{KzT-@kTz|MXc{MB#F3Oea#J%6R0)eC{KkUnI=3Z5*ES zo^Ko3>_y>QQcI+74&FD`wP2Br@?Kxtjjcs62FFs7Hf(uB0|x)#dg+*dsqzEedp*5t z2pa2-jhoHx=ymKN#%{`>=6=_Dz*j-2I!DZ@bJ1%9h}*dTEZ>5630T(1XL--r-Jux%C%TU)Phe^Ii|)JS{;$z}Y7K)e zMJxBRBp=B~@N@c)|5NzN@Tf)e%kEsN%Axtu0kZyLSK#nZ_6lDNJ@z+y#r?PJ)yp4) z6t%Co;hao@mJHW$#m zrP2Gm*p#3^`=WAmlh%L!Tj(l$_Y;u09?bsDTz906qjPVhMo|7{t|I&L3eeXio}`OH)oOh5iwI4^p#TXVE%GEGyQh9 zRGPX7bIg#)Ro0VCxSyri7gu^vsUO%)l1R3Lr~CxRcPIO?6DCWiH9P-$VBDvG-(Hc3 zzT5v+z*I@&e4B?21$l(n!=sf}yt9-Alf?04Oj>%^3xn_}rLzCzCHE`gb@w*6tS?1l zr)6?j*?QY}#<1e;ZsyS;Md>8;BKJ#=>h2Qm_#QN)XR^f&c5ANIBpD#Hn{ym8Hozyf zyFHy8xZTV8YpdfM1!jMmJidfR)zJ>1CN31mUkh*CP4gKlg!2Lcjt!A0)ZXIh%`~qQeU@w=bn=BTu{VN zYPe;5xkzu?gmL2wNT(@h2zzydaR+Own7<|d2F{*imK%|&2cV857`9YQpyV$Fz{yG& zK#IlmfOlpf#ejTdAXLFrArU5EATmJx-UHDci7kPVLU5qmLfM*8Vh)nr9323z0;^K8 z2c{ku1Eo#~1En4}2GTLm1iXlNh~U_g;# zL@OpLjazeXk!}6{I<0Q$+r*ts_NUH?(^Rs}3V#Q*mh6(VUqdh8Frj{aWDsyW-X%eO z>}h>_AWVN=y8UTQ#|=t_`vy?%Bb7IZie>K*DLFV&adk#zk4x)cx4H?>c-iTmp!nza z`9X}kW4xfe?QVS(Rhxm*vEkE2AdPalZ4#LSB7kH)ye>%c; z#}U{E;lL_@N4E;{?d!{iy&8$@f^+v|`)xtFwf%Ss0L$VwLY$RWkq0;%lvP*j|jqm(w7v7Giuo{i3KsjnC6MgP}ehA8%h3ni`fcp-s{3e>i%2dUEEcztCU3c%%+f(_(aL&@swgNJ!y~*7g4BjKG;gQvAsf3-p&J~lM_!X`5~K&AW{5k`{<}@^Azt+{Bh_6f2+5- zBdy(3(e?VrQU6GiVS7_(0;8KLteXv~5NG-3*QC`5vxl{y`vk?KZzDD##37Hbc&7`cj)%Xf9{~aOkLEw88yhPS?%+gm@K+@k~N6(U=Xwo3Eq#I>lxIR_r>3rDUr)oFLUf@5$d=vRXy; z^}F8iK~xU;RR#6(UNX46S>?te3>;~H?Y%%QSyOm*2MV<=TIluW#11+(V;sUK zajnGY^;^b0;)F(|$gXMWuI4BJo-qdaHAji1Z=h7&XwgvB}4_y8@Hzj7+)FSUZ^-^!^i**t0$&HbY+^(Y~t810Rx zC)$v(TzY!s)Mrw(YD*~vV6a>XR%v+97*V!IVrb%DWRx$VQJGEF%eK+Nw z_SfORCOM)AHVZ&n5bQG`D$U$SDsEA~fc-zTy>(bt+q*9O(p@UuBA|4Gba$t8NH@~m zDc#cD-Q6ungEUBYH^Mi;wf0_XpZz=6`R8+7=rtyD$Qz)~{XBO#XWLCwj*H+W7iFx! z2|gC>H(7-j@kGKWPql@-z~A9O(%NqbZ)4=y&0stdGKR-5kaZJbmwk=NZP~X0;a;HV zCUPeWk-*1oKqiE54vNKg zQsqP^Xufk%V4*RqWY1cszYfP3c^BA;mYh|94t0+*!&D`&=#GBgkn)*q45Qe5rCM6T ziihlsCK`c~@G;EM6_agbqk`kdZGHFt8@A4eNcN}z8Yl`bevRe{kn)ZB6+9uEfSa6k zvhoen8sce~V|a($`fhEhwYm}Uw6ZsK3jH#XqWgX~+&ZY}c|l=%nR-hi7IA^5!NovI zpy@@Zj3mSca+15lE?e3QXzG+7<#S%?1>?^8!bBm3V<81xciF zSrlzJzB1^dwfs1gq|>Y_e(Usn`6eVOZ}*2Q!O7>gXn3oteR!*i5Jc+)u|(?>aYQjh z9i$;e9hl!0cf$~=0&8vqJbEO$h`(yp4k~sex03jM@`53nv4b+Iv9dkbNIWdWNW3`2 z2>8g4V9-cefMJA}A;LRvLvKS{%rWzL#cqcuh!m-Ei{3eylnuxpwG7tq4@w+X!JiA`fE>^|Dei!HhL= zYudn#sUsnQD*Xwv_%?2<#Bb*#uRZ=rjOi;U#=WlGL54A0DD z^;0D7+~?<>clLDrW=2wiQazD9e4pRYhfJNGf-$to;I8+iI^E~lhWXe}2yfo3Uq_xS z?BH_){9>|qR5v?tgl5kN+tkQA7GW7hU9!D_wNUV&|o%kOyq9k zSSAFWsZBS)BMgcWJR}*le$G$oRw_FS%EXbU+T}Ey!25N1rSz-H$|P4Stk}7^yCl~?IoBKg@U+(zxb2R~BUs-)pTrI$QSy9@`hZ>FE6p{F0>#G@ z<>VK4jS)ai66>Jj8+uZl9ko;|RqQ&}3nTK|;E?E z!qz})Vl$laJBfdmq)5*-!~hmlJE0#5bOSh8kjXF!wj9Rx>Y9K5*euTIofMuPqEbIp zKVT1WOw2POxV%3rH%Y4YL)r;$}n%M;=*b)aMog^YiX__;$PF zIO3@xP*$+w(6;O<^Qp(QM|fN#;89-o8QiD+XK;Vn2!Q(`f@49@RMO*^jSbT)dyV0p zAjr37mZc?)sZnSKipW=07Kf?MLC)X+t-cRZZsrW%Jc=jt80)M-itUxwU3TIaD6BwW zEa;4vNV+0SIBnf&Ha09uU~Y3z>yG$TWO#e=OoLTlanXUS$3}ey(iY7Ql00W!Z-{*` ztnt`XY~9_+r}TSkIY)s#AxiitNu{lckBrl+)D~elvCMzCc4a&L<=RzZTno5%;bZ-a znLp0t^^vb{MN6c$-l9%YASyKh;mi}i2B7AfWyDL{#!RUt)48pox~_Sg1sly_ozbAR zw6An?OHFX_sVuch3?00-+p9#w_w0B~lYk5dt?8pkaY2yp99gcBg4G85JG-*W*FyL- zG7ma%hW;;ZU07(J@Axh1L^9V!M+mt*gF}6mbu(y1Pa^*(uD^c9^%igcDTtT;ryxFy z-}-I-ubjtp6;XL^jC@osmHlt8_3gqA{7;8zpD^#+s8;PTK2VJ3Fpd9qr*zg-Bp{te z^)$ZtX^xf?mSe1UM;)a0GeJ3Jt&kvwQZcMC*T+)WoFYrPRVS07FBI0_hLYuby3tWU zimKqNXCT^tRf)j>oUx^t^PhUJE@@AL`*lqmH_E@)t2NmSH_kT zx!C=VJN%GDEuXWyIcn@-*6@?@mNPjzxx$X#-%o|X9!JLao0H++rEv}GaY^UN5ylfD zcY`7ZOZ?B?!7k}SV&t9@0KDtDXWq4T7IFxXZva+Ji=X%U0gwoE!{Tjxr;dopxKdZf z<9P*31=D>t{@!^N42(P_G{-}?8!@G-%whaN4=tM{ISK2;p{9W=1w zHF)(@<(*$8zlxO5h*&``=kgGnbHa+;$XQ7O)uiX%+BCjTgl%{(|8Ms&mO-9)w)Kna4?b=k_O{-VqRyp-& zniE?vo97kBRb>LzUyBLPZ3 zv7O~kDl639g%*wEeklodG&zG5E*-X!Gf=M0qNi}V8C}7A~nUJ$b5mg*aufc1ibRc@6*j zEQX-F%~!3Pw51Hq@9v|^k-vusxpWMuJGzj!D#d7-e+|-?lx?C0tMfE{>|A^_Kgc%$ z2va$))fdjX$?5K>GusFmNCgZeDxH?iw3JlR%h%rcz)*(=<%Q!jqIRo7Bq5l0GfwE> z(qO_YoVZwY8{{MH^f}WZvCcAS7-DmSf4BDD*isK54mFXhAl8+Pqmum|_BlGRg=+S} zU8^iVOCOR%!TcW3q@@qCLc6Y+yu#k_7=xYuH{4Vf z`<{DnW^@#bM-&shom8;siS_$dD%VhL96nM@X^+X`j>?V}e$?TcGrusG5$s8<`(}RA zGUE;ndQb9C&1HT^xi-l;%`ufR-Dm99tr$Y^vjjOtTmL+EY3tra%YBF8`9^~uNwWrN z9^t_p2*Y$ZFOV+j1=6`)*yUFmoi#716ba{)wiZ7F-klSrgo_B#bUd|w%mypH^P2+C zDO|kh@zY*DtD^(9mFg!Ce`hn(G|yDV>1V`?QxFwkGLSsU7G@F~@X&dEFgqG3@Rdz^ zByC^C>}&G0NxDP0Z`(6I6#X|oL}54=K+Q*#j>`8{a@sJNIr#zOuQaG?xnu>kOCE8d z{#%z`_EMNsVV%9mxv#-dsnJ9S^-E6xzBphWw z&cO1fJQ(&5b|X`K^{Ma;(eeQD13smxBRR;bI%;wozgbwrSB!5*qNSJ%#H^E+;l^a}(gj-PJv3>}OfOD}~I*s%%g`2BIs@LT~AE~7e&?`J) z8ZUzj&`V{)3Q1p-O(DGMR4$Ru$*lXupm0h_hmI*~*;a^Er>OeIk6I}tS62c!CfNOD z(5~qOh%{LG8O0oow5UW%R!n|GQ&A~i2*9{RXv>nS83G8(73Nx2Mm@E)bRmQ;g*10dC4Q++l-qv zmmOJDh~q04c2it#_$ckEidTqh-q!67HlDr@^mvPrsRG&BI~;y*?$3E_T+ka1iNaz% zc&Glf%MUY|W=jCpCIMxKzr&8C)%+N%xlK+5dnUY_^Eo?$jYWa4|HG@5sPM@ir~|Vd zw%rtxjAPyvlM{w3`-{|DF_=^vT7HEcUVq>{@lI+ea%UtX+!4qHc7ZqzEx$k9qn5Bv z1(&_?(Tz6!Z)wOUlp2K-79`0F=DGrh}e)hLTt#C^pGdT(nR# z(4F%Dlr-}Npri!=B}>qTYIEfTA<&xV6bzpo#cug!0-f!<+UEXB9s>q_6YBH`*u9d#q2X=Of( z=pTunweLr~3ISU(`pZ&n>YoPPiSR^9w zEQF{4e_21if-1_8KHY;#prSz~ppr%eFJ_6NN)89G21}j>?$t=dj9K7BD{!I}{AB?r zTFb(;><2&>@W4va;4N2`A6e4EIyVg#Jf+9&%MX_+7iXv2~FfG#^5i4P=o!m_O4`<3@W`y8KSS+uaCkOHCk zKkgMY3x`)T=}--X9niC2uZ@kH4t314IRUv_906iCC*PH53$xVqp}#b(|N?cJZEoY9a71Xij8 zW5Zh9V_RBa-QvetUZ>XXID7Y3RYLLP-BO!x>>7V6#>#rp$;fCJ{;iWSlGxF?^LEz6 zr-FF0x1-NB`NeIN>{V7DTE=Q?R1~?qjsBJ*xjTh|DFg}jd49X(+{FCf`k8r{Z9qRm z%g9(rKgy<92qiqLxO`M-<)}HmB(S+ucIPmvC{gUR^2eaL`}^Mp&8Gjupc&gC^zY&A zvq3YCa#;GPjFH^~kQ8x!Xt^MK)qno89DFlRJzrZQi)t?1p2by0uij+T(xqBz!u70q zcidl0lwZn+3byZ*eSY?l1M(>-nm4kBR3a8y=9K~jDx@Lw4Wc3Rht(UAx>6B*yR}A- z_po=&t(&;^W3+`syn$9+90QcdB(eRpedn*;zPOmDan&D;&jG(ab~b#qXkMwN(z8Fu z8M{gGj{4cb%GJrdV|!B&MwE=jVM(BQ11I4a}+R# z*{@Fq9kg=Zh*NzuJ^?3XL7Zyq;BL!$QR;{$lM5csGG$x!i!Td3vjg#= zdwxqg)!^v>QtxZbsMVKQanreZ@T1lC;rW&GzJ^rl71_617Tud6;;V`Cjn}k{m!|^! zY^ek~>12mUW7|ia%m!B=O((!+&8ot46|h;`pkw2$<~jxe9&4?CJk~~I6<_q+b4{$N zWTgYpf8^W?8J8A18QqZDJ?gHF0Jm3K}9RCe<*Pq|0U)=XL2 z&kk!U&wvsss&jSq2pR5}#37YJJGwZy?d=~$cd7UZD&of56v^L{@KQsjHVAU9YWC0r zJ2-O)>&)7Z!S34O7EKOskPI0jjoB>#^XI;7{bxaU(Fh9P5MjvXP6W}f;_}jl^6C)@ zOHSsk5qJ(py~&$b!$Myxp4Ho-gQxUA?+=`4106^~Z70uMKx-P=k8&H-b&MVL6;G@U zj@2y&&?^N2x56f{9nA0=*&WOjA69YVnByG7LT0*k>-?jk`-Wvq>CO|Y9;~sTog@QZ znn#5np!s%?N%UnmC^zSVlVgoyWcuE?WyRWGEs*d1It={Xq=?U%jA?iiQ3NLY}(i786aataJ~Yh9jZ^KU{Yz$hDFmu9G7Ve)BB4y8dRI4^dSi$yk({L*jM2qN8=Hu9V*hl0Qv_xoc5?-C_Bv$d+L{yG36PbzYho-b^)Y zJbPU&Rfsoh43+U%=l3kokc?Iqa3=D3I;#dtQL2GW$Qwv2%ot_5D(#rCtB~k3!GIAc zD0`542D}?11Bfp^4F^>XE#Ni)M)*LpqmG)$f5wHD_;m|T(g$@TJ>mn)Qx1(kv#>xL z`CHpL&M4;xW-<(nPr6JSu5W30m}E3qD!W=P?HY+0Tq5IAW6|5^53CXrIgg6KC*(xa zKIcf^-~Y(__yIMg>a^(Nu2#V1@2lcy=^^wYARvQEW_l>1HX5GNy0d74QCj%SYra4q zrgX>TQYSUm$e-$qBg&^Y1LZ+v@U~x1@Lb;4y(%f6F$5R2{AU@Rl*D1v zHjBX1HgkJcRkg&C(l&8Vsc6;EJE~h6fs5m#)+nB6n^(>80vG2DYc!4V$FdjIFKFC~ z(?beCB~ZK|LHSf>ya;?;B>M+q3~hLD7A!#`hml z-)ZuWiDIOvg?%Jh&NWS| zA|8e`HXPp*w9H{!yb37jgrwW$h@3LCaLJJVlKgQQg68|)fgl;KES2lGVZ)dZp4#2?qh zEK_VqVvhiHy5ll=EfgdB>{{u>yN3W}u#-$R;u~}AP#!=Tyje*3r_;?I`}N9vT)FTQ z;jFR}&`MZ0hP$@Rpe@WlAZ8ag?}~uAhf!M5 z6$}sv5MED3G?(q|2A`Rz{BAHRDpWFA1uC1#GOlt34{f|>^H;4Qf|<|uv(nR=3fDIc zuu)Ilf*}5X@e{#>XqteM;iE*XGfa9E0*g9*9oqD z?%gY?^C`~#)XQP=ty8h`S@-|5VtH5nkBX&o%u(XGV(I?R6^pDfP_eK86^jGqpNhpb z_OFU1bY=+aPsQ@>|JRB|-?Z=tr1~t(ileL<4rN_+7ixdC!0oV5uNl{(lAd!bj%nXEzIfBvZO^^>z4BuL zC|PD2lh_ZX7|blXPT~X(a<>P`wG8Li1O2SoxjML|=5aGdmwe5J4#1jDeg=iF=sb0h zf{W1USbNDjM6&WaI!e&O6-ZGHFEHZ&krF4=s9iKQpwD@Yet1oy?*>fGkPz(>z5IX9 z*D@tPyU={`jY#7b=!@3C+A)JfO7xd@J!_wG#|#&~KzKHxF?=?mF`&o7TU;VubMFDD zZ317I$5s9WRx~KV!T5M<=)`>URLc}orM4t4QYroc!qy~l)on@p&I8DaGo@6*vnnO~ z(4_JKOW1LzSV`W8Ou5=yV$r$J&h&RAK@EFmlt+8!+R?buVYyXZ9$$YlaTluj`S&HF zWzr${e~d7S!uq&MQF-A1+yEDX=T<7}Y&o@uUdM2_gub?nXYGpQu`50cjMwtal;Vej z6Rcto+L=-tN=fknH#fdCc#k zi;rz3ztETx-YH46btSUpYb_TziF~amtcPLJD4oLJ z+{)o-pQ@;taayTdU^z3mtWCC?RPMU*se!8gR{A4+cd6{^9YR@qu2P)^Z|9}sw}PXv zK5Nn`f+Rcp4Chp`CHU`hCD28vK75YfkP(}Z+R=*O@+gL=q^)_8w@2h>-eZNpUHe%F zab3XWYni6GBr2J5uhw=*Ubd4T9gkvIC>1D7td#C-Uiltc)E1P2d+uw=^3k2aogscz z;G;g6VnZmRbC#*BQ zDemgpOhVWFCAYQh+GhU(gU(bpx3rP-%tQURu-{WRm#+Vmwah2qlwI8Y8>F-gcGHub zl_2upT(oe>NvP#Y;F9o8K5sFf~>AA;;fqcMA1m5_Oa8vBpbT=G&?y=LXqoJ zc(U0?8b-YR5_=uCWy@~*9BoxHzYEIVsYnkY1!ZH)vY?cz5LX6 z2{g7=e!Q%7mJBvNXE1(S>6}#^)k}s3Oa-K1gQVzh(}MnEMRd05UBcVO33+=Kg6r+( z{MDfNZ1YefXc(E)(!?RF1sz%jBx3Gb)>2!HmKsnH^V%w$();P^J=pTl#rVV>6k^qH zu~P!a^lI?1++TnJFs`I~y_Um9=MWaE`#E?oRl^DFE4l2CM+J6%HRy}Fx@J{XDH|Px zckI}nitLng@Q<*T6(|R%0|#=uvY@PGpiEMx&I_0-LJEnpG8bj-834*8VGjlRvq(*) z><%0p673|-OGS~$gI`(K4w_5*L@6H4-Mhpn`#@>yKgmk`L;^Gt@ze|j7o8ql27-ll zj9#fLt((bwshfT(@H+Ek*x!5N#z$6QzPzu-LcRy)F^b`BMpk04`tki++xs5;wR8>p z@2q7iX!YI9P?Ov@1=?6Us=N#cLkv8F9nnFbr^5~?Lb)KY)Oq3PSSUfC!TM+t&^tdl zPi@G9v0+#rs97J}`*nf_FwnpwmC!*|q&*;gi9)ae@JLM}FrsD*qI*0qb1+iSTnQ)= zil|vb*^OZTbE6dWJM}_r-YRBk{YoMr9B)H^M%e1JG6W}w46Ku~5@<9Y6(Wr~7n&2n z$-x`)ZF3=!laTq@e`n zrOuBCs*lA1(SR1AUV$3+!5VOEAiWSktTZ5NuvMA_`_y^xE-1hIo&0*xmuWxH7bPfO zOE`M3MR`+D;|N$IOvo|wi*qCH8s7u@(o5hP(9Zi))tbSqv$wqctE~NJJ8xnjKma0h zirsX40E`OB0b}E9ELL);^^S45k5X?+D^8ZlO7Lz^~wN~OC3>+O~f|AaglT41=uY(AJmgQ?T(YRJ98KODc#?V))S>m=j z;e9^U*n{{azjN*-6L$k4WU_;J2#NY{)XxyNmTH>58j}5YshjKXk-4US$KYB%zpR&1 zaJ3C|`M8e?2`N$9LSF;L?VZi2qCzpERbSw&Ug*<_Z#S61li zwy46R`~hWM^0vl^#>1XC`(YtQ1h+5n8q-#XL+J5o;DmWE17Y-1fN!jPFt>fYy53f8 z1a@<`z{cgQMdB_$M@G7&nsSk~(%E62=P)%ra(r&uhE{vi)(|!*Y=6@Ck73T_?(6pp zvi~M|Br1xIVcT+cAv&7lNtSUAA7)HjINqo3Z}U;M60jRDIX%puRxGvkmSwvHnj~$R zw9`HT{yC2;>oFeJHP<-{tRo8NC5|(U>52XMt<^E)18$*U&jQ)k=bguD4-EmaqC^}k zge_!$WE@cN?)hnJ$G^16`ENQiCf9EAxbpN~Y59Y##rH$%W?48}8W|#)I(tl2^mB~Q z##Jr5LR=mO?D6 zwnIIz*elSbRuB;QWCO%??6e~<*$0aU+4-Z9nHb0r?n2MGZ24Tb+IwvXA|!WE*wiE* zT!zE1C%Om`k)IVD+|Rje%#BGqlz(h<7KQSeQm5jVzV%fCD zHq(DzZ{FmYiH>`b`3C1rDxWnObBY@hKaLg5KcMDt%2!bRMiYFvtVO?etm7CAE8IHB z=&}UL+%{&%(}vz>XB=|oQ|$Bmg9FY$BhsGMKb^Tbxkj?h2mwPPOI;Z&>tjP_T*S6u zq;sh$RIhGgHawqhUHOhRIx~u6>ziPqh(x0p-MY-^t)5{R8@hAhntyiZ20y=a=SpN} zAFx^lkF`D5_SYH zl208h9T<$G>^_~38jxoZW_xaK593kr&|4P{PtRE;41KL9919e+?6CQghKfh7v>Am@ zj=R4LQx?N+YMtt4H!GH!76{w9m36{^S_T0D>Z-@}Gede0>cU0o`rcMc0G~jxPdVo) z=8l7Oa)0JdAkog=4+@1X#|eUgsshumD29z|;n5 zC~)H`57a1Ct7GO)ZYlA@LZJ+?$;4c`z+`D;P-e|^(tAp20SNsC?&6Cl>fSDOwPSb zc)%DLoHMWFLHrR>EMuf1Sqai+&cMbQ>Q|QAH+hY*dLlai=Ry^8@c<8@g88GE zCcIf_fSZiqR+aPH^BXfsDyoVuj;zWT+3zst9W&sLsV_} z)PujP$EDdYL?eRZgNT{tl#yiGs@iYfrkiM?c(7W~up}v8BAF7%vsjFDE zA`m*+&M&j-9&Ga~5eltdW$khpRYe>YO|A$WO)j?w6-`MT2~7?+IEX?Go#<^*BXH4K z%moJ=HhBIh^8J8Bm1KhivE0a@1cSiNbHEZMAHBi4E^p7tp7Ip*jz~3GyYuN_5P>Xa zgxCX2hoh({gNg%sNqf`;QD+Y)T_gO%BzDA-#eke1++E-wPt|T zf`ZlJ_2r(PEr(Q^ZZ*+lFtjES6DOlTukX>sxmtf%i)^08FA1 zp~=YS3VL`i8i03JANnk2=ebcBnU&+`CX;Jr zX36wFm^78}$47V3c&jW}y3`)Z%Fff|kc&aCa!aC^wiyRSr0@Xp+X_Ztj(TBvv))GP(t(vXwtEL_z=N0Fbc~^Q@ChVCz@@i81TlB|E zuUf4h13lFqFAGr{2wwEc|+EHk2%U`zh4J zo1O9S!6A@$_?|Eh&dw(n%=^Ls&@aq-4iB^=J#DhZ+?!sD_OJNTUaVk?Ye$z${=4>X zwH)EIx}gq`z?aJ18a(icSa~hI7NMYs9Kpi;7L7oS2=BqZKy3U#_gYj{SWSaZ#HG7d zqjN0P_y}tH>I##=VTRAk>SYO90ySZZf$Xf{?Ra3uG6nj?I#;}Uz&3aAat z4dO=Y9oR`L{YfdB$e%0uP#umlZ#2BYc5uh8lg1reB@V&7Ft3q8PBZKvYtSmF1I&vy z8U$Lw0?mSf{n?X40iS)NF%83pXMJNR-8pVRB?9W(h64*NhW9#sr3YHiodWfNh0;cX zu(VOIj=`{KGa%`ZbvRW(p+-`jt-rkbz{0GK6!AcfNvI&;IS~QRi5GZIUM(NJ9(ezz z0+0YyfUJelr}viYj`L1O{(w!U!J&?zI_V#qOzroKu~u(-F7c_};@28) z=ww50Bb*6|hrZZk;(8V;p4XTn%h&5j7HGVJXA*|ulf;D2elv`lMp&6D{Df&P`_c~2 zcDz~qlZr--n-ZEeB3ns8$A%pv3Wg;lmGghY4guf(g&p+l3c7SGcVN{fB!~Rq%2Wwq zh8~gE!-jPOs^8-}i@bNft!6$mtTLi5qCNSsX4>rcV*d~(Z)kaio@uc z61Ndc$Bl-Ci}g#wvoX6nxPdGDzg6MM6#sDAiTm5c-S#)9@oB7y+OGKPnyR=$An%#n z_1|!!+T*F_>7Q_d>wM#<+yB`#@2UDn)4X`hF&Ai>OR@oBYS4fvob^Q%PVo;>IOBI~ zplR;t)bje!U9I{#@R@}jACr;&t@i*{c^v&RDYl$&u3AEiz4b2f7TmM1)N4W2?~WBh zZG1e88#c+-?^-TI=rh4^O5#HR)Y@YW?WKcBw71{d}_i%)H+kW#CVV(HNPQ;hI4d zxHUT$FZZMxR^IexnAzAl2)i|aINsj*=nW9ZJNi~ZBP`tzc8>KI(O&aCT`gRbs(@~hSkp|oLR6J7uXEqn?1bRQLDt&V2~Edc z<3S#L!ry~jeX!5{IByW3fw_vP6Jh1P;%$Y7)CKyVBsEK=u3#M^l@-6&Y0Ad(%3sxk z_NI#%d4*>Ow6JKe&SVbmzZ6Wy|cMp9TbXV|AzBn+c;JMQR!hQ%l>m+mZCY&BsO{vG&O@A`sm6OLaUEi zd|U1PaGrpsnk$XxOBbC6{epSxOiRsN27<_EjO(EXRWD5{pn4J#;3KK>_UK^X=-#f; zA)X|@c%4WyKqC8$;R~a-9|h~+K~=ti^p2!J1TSSq&e}QoOh3Q&`s+G=NYiuWLX~QsvCIj_t3Qj6#izvDstXjy<=t!GS&F9 z$2M?fN%4&>dx)?>;T2V6)OLfSi+@IYOG!^5Iue*kAw&L$>*}#q3Pj4(Vl;*%0k8;C z8YM|Y)l&S}IPtvl-;r@DM9l&0w(A|-y=p|CrFjhg<#EhiQiMx zDRHT=($KyD98Vh9ufNMj6YCAP)o8yMX*|Olt`zwvG63GJGTB;1^XT6aq#*}l*x=pD zvU8E51oSf-G{18l(WpI)KJ3?oS11%d{%RXIJiTZ&zC2fJ{bL`)Px!V<(wJ8oe$bX` z+Qf5Zj)@$~2QcqrCP#lPvcJ=CNA%zHm*kYEAiG>b5UPY_=87`Fvhk;gg#wo_iVbls ziDRQy*~KO&*_|~|Wan_Rld*%Xo3pDJL9TSlC25zcbn3%obdVnZPKQJng=p!V0@*R> zIx-k1z0Rx3n%>KiLBPv3rHm5ygP`6f^K19MSA=&2DWM8Gs-HpGEtQtZH;7Hp5OF>p z1->W0;N>4gRIv3oBAQVXhdrGw0zaJv5Rs>*IMV4XZg4vdfQTNO8i9+uqOJfU>R3Jk znTv`vNy6@mUS8bCc73szW{3>8o3wSNrLNoF6-7%@9e$S8E8`Ts$3=m78=z93Ro8i7 zJhQ<{%Z)t_vG^M2HCb$~uqu8tw zpC`#J*hF*@Y$sJ2MT9v<0&X*znhmf4h6^{@$-U3Rg}!7nY+A<9>rOf?-p1bnHUpBt zL;EK7wUC&xFpt+zen3)95t|`~CJsGBLP$VB*#@Q;Y66?-<3|(oASZnr?}waR02|OF z4a+nE#0$tTH~_lB7L_Y<-OSqHjh}c0Y?Gi3KP(N1Lj;Sza5RYI3XkF<3*NknHk2#z zNZ*A@Hpj|=^h8F!a=Plz-=GLn-=1k+8<<(jUQ<4u{vwhebS4CIOMpkkM@@x>apK9_ zc?f~xTYj%;XMTavZ%Bcf@)nqbr9k&N-{YdD*o~kOaS(AxgC?>)>%ICF3cQmTRYM^=*n2gQ zZ-+oW9O`3AqYLBPx4HypKXp*=oltU%g$j8tJux&|pRRYU6WOaD9;qB2geB5eDB6!} zo7|taJ;wJ&ujWTxDM_Yk@u*()AX6bywX_oN#Kl$+;-+{7UZ(}tGn};~;Xso?lP&++ z*-;Dm8BYDw@!fUwyE-<3rVKFzBLt%WomH>S@)X!r!l$IGeGG%3J^zAb3j}`u0xf)I z!AouzMXM?XUfyzm+5>&D=R!o{BEt-cn%}%+)6_KR&$hJHzZ+k{-%6*+7Ocr58sTB` z)Lz@=0FWq#>!&;J;VW*ImY$ZDey`XiU8y~udQO_;YG#@5r&kinO;gWnkzBHOE^+uz z#5nZf-OpP=FP2h7gf?s6PHR}!BfbOQn~{UqgPv;T1ut-=F1SaObp#{Lu;g881TWw) zgKrT5bAUL|!aOL8!-ltZv^fSj8kIsEK`$aT;96h5gAPmYOkef-Rtk8&vIPMLcx&}#~u!ota!e7I8@nN0GWMJ0#gK#Spk5| zWItw{0my9AjBj(>YY6!J;vgshWVQ()Gue+R0T5I$pW389rG2MG9srP8B!FTV02HGS zpqK%?$Y*4BUQ1*PATwL9Ezn2|_!xl9zVv{zz?iqSfllu*tH2)tWVQ+*vyK(7b}&zf zM*x{Uw9-ES$n4LRe5exunJrp@f$%^#cVG>_EG;@#&;7hQm7wUH;OKQuP zLB8cMzWWs*9qZ?P3^*3>rOLJ;-XqJpeKuO#VZb2mSO?DaD?yzA=T=XFbL(FHz`2NW zn22jo1g0!F0SspvrB{D--fD;qXah7rh!RQpqYo^m7!LS=*ExHo*Rhd1JBadT z#q1@=fECCwplo`{F#wdg+b_!88D!xa^*bEbZ(*0`To(I*pZ&1&mJQ-;iAr+Q04?JyL^GqsXWv)pg!ISrWP4CsrI*Qxt- zxy%(IprkN$#;UV^#KB_xH4)NFEPU(z2h~yJMmNrqrK_{RP|8AgGGFpoZ!ZBsUBaJG z$g?&@_PkfMcXiPB((N*fm|^5f&+=YRW5|5^o8g4}O=-VPt*IayTCI9nOt87*pn`r} zdYC=p-O@KKg+GL;+7LY|9idCU4hN}@I*Y?$j9jUp#0f8s5mjrx3uR&#TNy(gw~tXO*zSZoc8+ryBmEwmx*Khi2EE@ z)60lcv9_V@VVu|L){-cH+*76UWgH6r&4Hpvj{08++Z<7E9fORYa}`dWa}_3mTm`eF zt%r85YFBdto`15RY|1^q+(CYeIQcE}?C;g%cG8Ri_W&hNE6mS-W>PPn-lWId|zpj^$!$>L-RL^^Q!?+ z96rgvQ5<^k9~3t+|NnsE?D|j;{0gr`aTBFcfMD!v#Q%k{ovnEVK)I{H7bpjiUSFWx zrxz$^Xx3wwRPz@1NMsNan+qU0-%W^DJyi;dkm>w3ZiJ9{95v9PP^d4@#D9h9?_5qg4FNqtjcoy=0LAa~>XA@ZsvM zLl44h>&ooFADLSo%Vl$NAHTBP;tbIv_kVwH7d+gnJ;8UJWRONfWAMQS+vG8)*^lX5 z`p&2%)^x_j_m+8$?_06Y4|@IK!rwElUZXXNaO^z&Z;}%ven7OUY98FjhOPA1A#37P z;BAVh=*g2L)<_B6i<;0)jlLbiMQT=?2yFhAgTHZlRp$W{af#ou?dIOt1Kuu`>QT$z za8PUxL?;w)V8j*7-2Ze@?{aIy3__b$y*tzAagodk$0pyZpT|j2G*OYCHddD2#62kQ zE2d-~^AA_>rMnWnOw&dqv;wpoh5^t)wf6FVYt!>Kv@xuXPP; z-#i*2dwuI%!|srtP!>Ku)0V{$;S%Sm{m}IJ9M*o+HJ7$%Ln-&NG4v`N6G)FP2^E@M zRVVN}(%r$l(SBOfY`uy7m9+zOAo7*zE-DjSfPavp+j+1jt8Dm<*QKYGw0Z_bk7mOX z_9J6Hsu=&4%-@(P#s^>TX|yaV)I`#>{$0WmUJVm0v-y2?-4gY{9*?kXjMmEo`y5GV zNtSzx4t)yK4t-djZ;RGaqbs!U9+c9L+&iCeBPJSMom~?xcQjHbr9hfZ9gTy{teh zTZ7LXW>+>h4yYUG6Dg%X{pLIpsGBWpP@N+{Zy1zU}QZ#~lb=#-gV2+q{A-L=7GYK+RA?TB*Ld9%L48(BG~;K%q_sD{_mEbnmJ ztvuiePa;WYliq!G$!OMWgBBn2g><%Yy^?nRwv4F4gvFn65qN90An#Whr&9Oi$o^$V zg{tNrq9L_464BCVR8714@IZ^v%BbA&+fBCC7&1x7ku8VoVT_7blz8-X$AGO@6o@22 z9fYMS3P<-PO+P^=httAEkm(yY7ytQBgt2!SgRoM4hQ};qqtvwYW3m&mlt zIc^>vekJR6d@@<)KY?lM0a8hz@JNBAgG6`-FVdm=1u*$X!R>85A9-k)CB8C0M4FYcWg0*Qrejls@ce0@$Z_2mP_*s8hM7* z#!Mne%KwkHcM8vR;j(sP+eyW?&5A3wSurZMS+Q-K6;*88w(V4m{Z_5j{jKi)dhh=~ z*k{Rm@E$x*u3U4@F~&V2%X|;TpqX5)6Xb2&IZs#2<}M-fyR-`jSzwM3fV(My#DE!L zXchex^s@@6#QaXOKvs?D%-RIH7SiBOu7zXizM|rjz#l^Wpqy)@)F$_YRQ>KI^nH;NM`EoJ%VpR;`6iL_XL1nh^w= z5oH=66K!d#0BZv*TTMR$-Dd&scM6~X~dcBwe=_Q>ixQh-Sx#cc9ae%g0=t*i%V_> z4WRsyv4_={rz`*q=;4)6 zf`b`d-oazWx8Iq{*?0p!t;J?t;stut6HYq_`8Y(ZRv5Fk-Kii18>^I1$eZPPouyN*j!;qz#T4Nv8sGr!M`3beAFvK{(_l z^f{&sqoiopNCs)1Y8I{(wnESN7xa|)`SFMP?9j98buahr65#wy48s7ypP>q zzFD?w&FsEEA3Pe=>!?7B5^!Z{Q*l_foYTIy004K|(?-4X4{G%s=o#)U=;d(Ok}22@ zZ|ntRvN}83ebe#K1N9G-(V;x3h&C*QDc~qlxaSk}Pr#H8?Ws7NPT;V%n!uu@^bfQP zz*r7JWR%7-_M@a=zICt<7P?CSK01{55>RS4W4!Jyp_VDJl0v;q9P%#g@M1(dfZbo}_^O~r@ zhN3$%K(<)3O`qvUOh5(Jy%Br~K(-*en_E!XXF6D5nB+kceXQB1jNnuHCh*D&eLV zyb9W1g5}3XME@RnMfkp8E%1@w6v<;^=$+}2N_6F_5j~^>XDSktvp>V|kJ`Xw$Hwic z&y>I7HNEZ4WCD)BpNRWM$VqUyS0ZbaJKa{e#lQ_w0)G1M*ZS8NNrfrEtisFb%2jJn z!8p?nWD{*ShKi?2^#ulsehN1`ML&-U`}G}wycW^yp|l|0A6SE=L#7U@({BNEg(Qu| zm>}IsD_FjttjNwlGc2KeO3;usi%*t?4x8ZY{bDOP{jxTNTwhR`@Le*^o%3Tz7I7Co ze5{B6j?d%E@(_>E@Mt(fj(vs-t8-yS;+af1r_xr9QR0@Kxeu%c>%4J85K)=RhGWm$ zbqYGtcVIUH7eOl?^EOws<6f?7%8gHI)9FrNB;dKxl-LN!!uZV4?R)~u>Sl7jmTR&C znW7K=ZIwbB2U%mzX|u2RL6W+fOYIQ`B);8k>8dWsEjWLGS?K^^79E}IAN_M(v2?(8 zAk>14qowG^PVTMgv@9!>V7R+M_5<6a3(>mAO;q(aVn3P$CWbq}RRTVx_dj@&upY zVLsYwewJl_Hmmt@{(HoYja(XQB;qB*!OwlF7(m1sRUGdwT0L|RTG$Q8@UEr(kYtUI zt4403mBO_6FrOxUX>u~#aFmx|`S5p0C`5lG_@5TaPqer!mO`$hzp&8pi@&W&Fk<|N zsuj4eU+X<^=K^x^ED&N*}EHzX_T{^dq*mi6%C{65;lbnw4rn)&$tO{RJ8 z#~-mXFB7~*p&lXk62tVd_3`O{PYC&brP-(eXq{Ffe`}r8e`}qO6^Yl&f3(h^r2jv) z&f)yRe`uY}zqL*`{seW&-wB~_VE;@A{gnATA><^CKAAIam`?Itu;hx(C-DC5tDd=GKt@UWG} z?BPq#3urn46vf(xb|H&k;Swg)?EEv+to&D|S#QQ-`gBLt2$a8AIwI!UYU-Jtaq24w zsR8KR%(vf^tf6rM_h;H5V7D5^sYNJHM%c{zJ)hDSdO%M#rcr&wV}A;hT%X5%clSCT z%7*wEw@L?z8mgCQ!g3(=T(njqB@xz8KWpk^F?w3U{0>H*d&3D_%rsjq=7446E9y%J z?y}=LCC-Qu*0ke_q%LNp`0(Q(0gg&Kfj`;Bm*hMF|B&L2pF3F-KMDV|RAWpDZ~Wv; zNKK&B;}sg7-8pK!Nb;qD z$2_L7HIwvLPlc54D8=;sh|RH@&vvZ{#&akMx3y8@#z*KT&Sx(5Cl0CkiY9+==0f90 z8nG3fJqy25JcwrP5(}j1zH8>~^cw6k3?3e;>isIcF)g)?@-P)I@$mExd_F*CUY(qT zO`Om>11#lNwJY*=Qg~7YUs1zbYQ{ynuM+tTBYrRDV%cY=m_8E0^_CbCNm3e;$|7;N zQ75#isk0*jyNM0NzdnssLoO;3Se1kRr0tWEjy$le8pjIj#WXgVvwm zajLrH>@<1*S<<}-6aCSl=UaE?a!0c=k_NGAz!Y${iBBG`{p^5k#>S$+nVItXYCc*6 zVfw??YewGe;2jIAV&mPLmt6NleH%T8ZscH504S1V99;8#s6tXhMO$yhV5)x6QSl zm_+jFo6nJsMtScp%AWnwZ4%>}XtT>%-V^>$kMfNxfoGW8B7lCO;|?&!Lc}>&IU)sNqwS zq!YV|8Aqm;nRj!O@6Sfk9}ng&54gPhq*ob?D`ZCuLuKc!*{+<*w#<6=7Yv=@&IfbV zh>X)b=W4sx%__=#&Bj#^=-L;_x$o8LNPCe}hv`T>v{rzy0uliqhCp1P+SkTG3(lY?CW$(jSES z8SS*fU+`_yQeyH5Yj{$+`DA0E!pZc zfPYq*Nm*ClZ|85+8y# z!1WpD(SdmSBkk;ZN#4?Ng^yjCQfNyAZ+X`)Z{eniC*x7oW@k-CmZr01OEAL3Wy1EM z+0ES~_SPHmK}I@C?wR6kwhp!2gC8eTJyRQIVXq*m)($WWeB3-fn!boWR7=p;VDhm% zo|=wn)v>HD`&Isim|@BRAZ7_`9*nzJD0TNHDO#rc8t!Gh5mq8Vz%4DJ!5yY*eDcW} z7_0?#`FAKqRStq(UePmb%6^0$&qzS)Qht0zm%Rv+sS6i1p_cjOHvW-)8C; z{3Bs-##T_Q*ex{!+u`#}2D?DXZN$=LvM`dZzYlev(M_Aw75Ced)u~xsHe+yfx`4nM zFMNFSz?17)yG-<4NXxt}^XRzK%B2`C-3eZoaBt`~QY(D0DJv53*))0LOD}w|+!##; z1mQcHBP0jeUJEAB1QN6-HFh;8ZcaJNb$Y2-Uf;H!cYgA!?RmV~}gRx3r5Y;&pvANp=D zsgq$q&Qa}IDXrQ{U$ep%nph=H8;!xx4qL-NvU$F(uFB=ha3f&F=p=#XdyNYe6b1q` zaApdG1;oe>%gF9D0Sjdq4@L4T6Ep-EiKMb=)x*LU>*>ZeB$fw?Mt$SvP#>H$od<%a z$_}n*L_pnEN>+2EP26codN#WPnNM|eNRnw4w-BLqAL>*mCgM(=o`lNqd&G}3C3)AV|OtPXl;`{^v@<@T10A}sJHp~9y3U0eW!SJkg;UKCkizXWm#%93E9e3 zU}j7b&_AC>G{Ln^D5)xBp?7_YQiZi(X_4Gwr)%M&hHQ14nQ5L2*u>QUN6Ju0_S>#k z9y)1qLTJ#KJjvUuFu<$NP;tkym`E!P%wnE!LGzeH#M4Pa@VYXa*$&55GxtHz}7&A%SKk~y1}-hDw?D$x4{`<^wvzO z@z!({E+2e1FU`ReW~L*gZ=1_@$0q0Vs?(#c==?paQ4x7K#cT@pFvBZ6YJ2aJZof8Ab2;Hb;< zJh}hJDvO_far+v*!~Tx)>Gsq!9V9xrAu_g=d8F{a+In68*m`U7M)z6N%b5nC0KVRw zKfc~oyV8Q&dZ#l%6iCap&m*EdI<66l;o$($nC0|l2~GJGpc$)Dlm0Gl3SssUNINVg zPR0U&y}}RT0wTiy##{8Xc}>_H!!>;9P4n1Mw$)a6=UxRRVM;C>qsycegw1dH%a6y- z8}xh;)9kh)4ABZjzP)Qmsi}fzFmM|&%Of^4!5c_VDq~s|rxX?!9V(UpxSogyfvraSA-cXTS(b3(qqXsR70Z@R=C(n{ z=6Yz+=7W}qyNRvi4nDdwaU%{|q5smu?1b&(mc=e2`DM zj%`d?dYRjYYVEs9FL2pWEhKe5YnSQ8#qG0)3&+^_`{kY!5gFH9dv{wGRo|iNrX8Qb zM&c>t{%bx_-BRM;NgHVb;5wXKfyNwgg7S(dAJvtK|q@G3yCxc6Gd zL%N@|4F5ECaw!mevzHfbHJi1*v8 z43I)(k|VVAUrr$$(d-DIyMcdBC5m1RB-t($2!n>73gHHeq(lVU0b4cOSw zdtBKPeGE2}d(*23MR!vp$kJrBhEMaZDN_RJxZJ?((Wcx0D*}v!kJtT~QY?ob z?&SE|c8U{zw@TEPW(_GrE?v=#^g;!B>(MPu@dVh`DSO*r;dnHasr|)O%OF(+zU2gL z25@Qu2UI^_oS(b~O;$$tEqz($RbjiZeOZ7^vB7;=>J7KPiMq^#a*wJ2IsQ~XM4r;1 z-@pgL0je)Jqaz0PO=6&FP8V=w)7?OSJ=;8WP#9}#AlnWrV)JTty#DMnO^>Jn$-MK+ zaYrRnwoOxsf*!D68OUTdRm_HtvN`Ppb7ww&mC1apk)`m~R-({dJnlOMd|V9p*nB>7 zC}X9}k(k80%ln3(ogCc^-%Yxp3ia@yv1|pAU3h&JUaV%9o>jOMsgD0vuT*fG9|I&1 z^v-a9W$Wg#1o{4uT}^XII1!FcPP`9bhN_X&w4R zXA({AwG~B94ckx7Km=u~0^viJdWaIj0Vp@Be?!Dh1PD>Y$m+3ClUP>6*fK6ZQ&k}E zwMbr6mb0tlz%`C^k#)a=lW;b9L(HYy)MEHTE=~q$y8h(heY|1Wc9s4NZH)(Nk^4l? zLP*(Nxh+^}Y~tej<0y=~W)4R_*liTbgj!d0ti*O3@e5P`}pB(o(YmOt7XhiuMC znjgx!-}Gqjx(+8X!9_DKxKE(XWiwhKrtzK>Q7eg`9MPo7pUibL(?*Z&WbU1eZLE=% z98s&;ksQ(XoOnEc(>XRov+tKm!Y~dQub?&r8$W$=+gl(yI8XLuaB#%>RoAU0@0H1X zIe~l9M19k<4@d5c0?I5H7WubO~+X!{Nf}E zy3Bz%Pd2U=7&lAiliGm!dgUf%0$D=UFw|PR%Jc>Da&?M!8C7#KbL-j#>da1)Id`mB zj9+}NC1d7a(W4NJk&L4h5moF9pp7JY;ixHCGT9X3SSUy;Vt7o&%Exo#V^t;#<1yA@ zw34(aNahZghKI`bR)#}p_Sc3>q#Q1d685=VnP*^{U70nlWV7mN4-X{5t#R&}-DecP z%9Ny4keAETnU6=bN#3MIv`C_)W7}ykr$^M%mda?dl0@lqvW$%MYE<;98G(Tteh)KZ z83q*ZeLqxZi#_->l6g#&+p5vmPve2ttWBueu3Tn6I^rF5h5nRh9+RBo=3k zp1k?8K#uOhuv$(V&18VSW(}gok!vwfG&fX$dpp;poDk{WYHbZ7mwevVM0Jj*y&8CM zuMs*ZF0&RR6S_AP8^*#YvAKo?8rD$RPsob!0~&WaY%8n5Cm0f4laeo^3r)Q*Tb=EaF0NP;LEu*bsh?%)R-oP? zm!TbjOZ6#IiXnIeg*ccA!X-pK2WvKz&@yGeXn1Oe==a zQWApwN&bV)uTny=osFN$)($TvL(zhftJG6z%9xf|-zAL%tTn#OcO8)4Ig|Zs4+Inf zw|0MHR5Q06hnV+N#y8+l?=4Kx=KyN;qt)m5{O5}H~KS9Ze zmJpP|zd@4q>GM$LZrs@}G~m(lStU)5AZB;~svBt_!=^(p_RR1iEF8yQdGaAJ=43l` z|8S!LVbQ^&7vA6MXlLKREB9s*AT4TTDDsK+-=#(WUMoQwQ?c0>u@bjY%cGjo zM2U`BKci%%{M{mXWSh;3VWSl+*q8y78513YV*jw;kQvGEeSbNT?-Zko!?fdnr$h^X zr$n_gUUJBU`fV{xb{+o$%y6RVYE(_gy9$rOlAYd#kxMJ~Ti6Pg91K}7eI+HS++s)S ztLzJLd)6FNUqryJ`RzlFWvWBim64jC0~cr6`&Ds7N5(9ax*y2ycAT*PQ9&sEw+Y!+ zV{nne<`icd{foJ+%p2mGo6BfLEp9cFHKluemmyV7cjrtsy)xV}jG`rD{%_DCHwFF^ zNFF2M1?t07fi`Q+qp;!k~VmE7T#fMDg)!@tukC%qR6C;zj>O5s-u#!1N1F*hO#G10q_d=yb8Y905*7VMhpE1gY zhou|0)DP=w+g!?_m#Pcr+@Krt8dird>zQWHUY!larV!#37Ybh~?8^le437BLp^FDa ze-N_T2vQpC%g{j?x7Dxg=L9L9tEtJp&C?Y3GzO?@5^E-^rg<>)2&EiEjw{=r`=`30 zW&gq%Yc;2%qX?Rlnf{vqS(rQ`)H|$=I4h?V?q`?BizfeXHqW-ZE%m2*%Sox3%Wy*p z9p<^xKzBY>mviNHHmB(5#5fCFn#*-ACI0i&a6O$N%8&bk)u`+3xBj&!33rjZ=(8a( z0HC^tDyG)%P8=p?di$fmn(T>O=$PMJTSo_Pw{8~I(|xVC;Gu1mC3;-xbd3LU_o9?* zMC~af^QJEf>tC{NJOp}FDjQMTzIy~rv=aLTX|UwKLq8(iew(SyU_=URbnU8C#fkx_ zyLkIN(zC2`FJ4c83Z&Z)=hpQ)>q`kh1yb>W#$|;mKU1_^t7-B7+&z&Oo&U9aKI3{7 zX8^!B1phl2#~F9wuibNRd-NR3rz%GUog zD2}7(*}tGT2Cl!MI0)Z|pBQo4J`WF5TIlH$=qUulNcuY$45H-STc%An?yie@lorn6 zp^{zZkp!kjB7p9AlfU*jc#T0bzrPd5t^ZtRh8K0oqMQCWZ}S3haWczGXE#Xe7RcfB zxcYS6vpjc0xlV()#a;V~)F{<2tkQd?Z{@uSn<3 z|3S#%`Ax_vCH@Bp((s=k$WS!^2r?IC!S!DtNZCOA-&IKde|*rv96GvT11#85|LKGN zU2*)|2W^PFANETe$!>8`b!~llC+m}9q@L(^E7+RSFCbJ0)5*Wl)t-h1J{=FK=>`ZD zQh;74rfxp*?T^ZvwCdxzxDR}<`=mVBH}b$J3KT*7?38!R`5;95oHddZiPZqkdvRfT zt~*m1JKj^MhSCe#mbV(lmSHb_+A+l#sXL%;ptp2exle~PIY)``VueS{zgWpA_peZe zLjbH4lUTueMFctl+@Rm}zvWwm{t!A37l@Z9{l%`~!f|w~6o${CUY%f=C!@ z9`~V6^7>yPZ#nUcOkkr4a1?iTqhrWfN#9zybBXMqXRE#mNLDIc(r$&9*Pi#AOECX73hA(G zn@~<-F6}Xxqw8i6kPYxg3*v@*uqYN}M4s@l)er@)PTQOOUU(Fcx48%86^$j{mYO8= zRe3^7=#?elkh*ivu;E>TQZFE`a7ql#8J3a11`@Ig8Ui5DAz>0)R{{0Oq$>(*CpY1D z>hOlNF-%l0S^e?SKMOQvuqdE&<+3in-+N`hMH5;$Q9G3Xkl|0Hg=h zVGrJ=wvvG3>E#US*FQzj`iO|#lkWloUIHe6j4w~+!}l23s!Tnx-<1!}7a7$xGnUBP{O1)WG*!{nTDfUc;vX1#ig0SwR;Zfd8z{% z!PUeQqYG`0_FV?`pP?{F0RFD<>2edzh!bqiE;D7JHaszsU!&b=OlqaIY{HEVkd_eY zEL~|#H2UK}mSU1W=NI78J>I?bH5pCzBC%gsF7-#3>gh->AMA(u2&A#~N2U@gnT%QI zp1`HC$>wBOjen0OA5!+h(41W*pO#hPr?FEaU?{td>Z8d?7`2YPMX6u8>xWI#deqY) z7KKmXQGLzb#t=qsoG|-_1%9lXh>zvp1-l{Wf`tpZ^&30#6M4_w%k^Lp(KfA~;|A_iKuo1SSGxzJwqGGib_1hjiBQ z>}C9h1dsAQQIqRZPJNA7%_4F`tqJcO^Tr0B{`m~mjC_`enkwI~_KZl9g0TkS-_+~- z&J!x47O+Nw#&JImII>U}hG|OCZB3?dv!#VRU!S3R1Yuk-(SP_u-oI(oU2_B7`m-+} zj%|vrKt!nkX8<@M4&ZFQwI~fxG><*F%AHKfTJha zDE-~?Sm5!y^`lg8?ll`U3`d_~2$KqfJ$5+KNy=Y2+f9=#y+n(VT$%a>upxw9q2MH_L$&p9#_joTp;X7RX0b5hhM;Py?)ul6qjmA9 z^G3Cvw+KOKhApPkR4L~7xDev61@&fP$r-q*NkqPC>uc7zt^k*<>FDH)FpONo0J%4t$dp-x|G78IfR(5F*B%ApKf< zZrjPi!zYd3w{JJi6&=)<@iujB*9OPU4;V~@Qdv?{S(ZJR^CHT0M6Xp(`NSin_N0Fk zHd3)&mxz3X1ep51OM%7lz9`6=g^10On2Cr|#u6@xl3cjG#?><2Q1VZp3ti19?Br6xfPXmE}Anf?FxLh zk*EHWb5DhE72~d~hyutZz)MKZy?=IizGr~xXh@bENr}UARvr{PCPb%1sD;l7Cg`=CKj?FPQ4|xWoVFQ_h-%_ZX zZWN1VF#tW#8U#8^l@23o{M`G1J`Do9shiNgnzbn#A~aYrNv{=g4h|_gs8T6h+LgNT zay%5;jNxKhEo~jeFls`igkfZ6-JpZfsn4wmT)KNGMrOq=d||wDp(aQD_{;|w5q=$m z23!tP3TkhO&w6>&A-Y7ptZ|x5hT7DWNcUPC9A9qqYA)H1MTjV#qbMDq<4ckg$_j>m zR7V9Rkm<5gDjG{khTK*r6i36Y4$(-<6919|z$4V_b_>4Y&N7M2mZqv=MvIScQQ$?^ z0V*{naHL>*_@AxG$1^gEzUNl>;=vaH?06u2KP$TiRO*biB2yN{okOUzGXT%ziCd zb$XJ&s(rXiz$IA!h-F_IaK%4z)A3}|HuT^xXhc4%s)#{2e)4i~l` zs4qVUXz$B`vT;#~6>v+>>#zqBbx2L~&!hI?1QG=b141(<@Xc$ZOkyv?IY5NtZbKo*X^_U7>aI zl1n`Q=M$Y*(OGRS1TTxLyZjS@&$BPS zMZ-(}%?Mj17oePFxe%P1a_@WFlqshRP>Jr7sMLPV2tQEt$sb^AAdhKiAR;A1pe(Okyw zQbhm7?q66qcV4@mctX(a`QXT8j*j5klY%zp0wmE8Qy+oF#v?Ybnh(NZGMUB^KAGYx zziZXp7q(zOHo20_*Vv&6y2+NCWH(*&ITtH9qNV_|@3o=GCI_ymlG&FGks48?$6kVW z9=O@QZK&`Y@71HyJVHVES*#O?i*DllEcI;SbHoALYR2bf2ZE6-IS~xHZLvW^h!!HB8mD4X;4!lzT^h? ze&ism$Y!vt$W>e2bwCxzIKpUKSyd~CSabYj2|4#}Q5FR9{1piDki$GJ(6UbE zuKYQkF~p+5EF7L?L#!TV?8hIK*{R@xD?qtLHgCOn_Mh`xYz(I;*N7$sd<)WnBz`4= zYNw6Pq0zTPG${)~+d^+CZi6-@V9w*x>rm5S*#UE?B!e}XJFU%8KC^cf-7Elq8vF(f$>)yO|7vl+we;<$7Te~ zRm(%9ll7v1%zJP}F|fxbPP;r9mix8G4A!$$8;$Q1vTgkZC~jpg1g?%80;fByZT-r# zTJQ{=OmgH@DiXnmkVuMS-vzo)!lFb2J;vd882HdZ*jD)(X^Gda-niQ9nR`oD)`S&0 zvB?i`c{RUovS!869x`g`Z}X)&&QrvdSu%HISg2+9A8}T>-4>&=;Q1J4pLj#u$_?rm zkUvKV5EEC;AJ8<(?FEV$8{`lTQDQicEVdF2rSz4rQPL3eM8o1~63@Yz4m%o7zK~_+ zh6!qiQh{`@i{a)%sTl;TBvLrN3a9Rh(z~6`n?cx%jYhf}qd&(|n9F>{mRd-3atTr% z$0rpUvqn4en|2KPK0@zW8DOKd-2isl$CF{uca^QND}~uLqq}4zy`%k0wAhjcy9*_c zlGIcJ^=@$gHI{=1qqrY0of<=Zsazb|p9!mz^;}eAHHPZX%l0RS?sL;ms2CgX}WWP zO4C+%SuQ3LRF4ktCuA>D`yQP+!E6I0)ts<|s%5ONheu1; z@S$F74y{IxOJuzpc8h!$EfkRV-6bje#K|rw@ICcT4u-@%+N_xuT@SDPeyJ=(J$GFB zaj+u;naW{gUrlMRpjg)I>^QOQY1gLeSDmX-3ADey;JoPObJLF2M!EC-DmK=*^;vPQ z_E=i4@knwq!gGmkU5Ij;YVc^sGg|k!ba8h6F9QL?$3*!8WRHQgxHek0*AXOJuK?*s z%KthL#5c+S1_IlE4Fr^-M~^Af$k4_U+9ng)m%|~=}5}8KJsrec}qhV|Cs}H|IHl06nE5! z6ej9m{C=FDo?a*^bb>WyxlJjd0kfzhklB`g_I^Pu>`rbe^ta znLol;z08HbMxb6b|Cv7=}W7=^D!jhSAZ zJ1DRvzRQ4T$Ss_EGGolW0h-xK!xGCPjw0LDc)3k%dRg9xr%acLgE0jMQJ=^ZEGi$~ z#o8D?Y)(RFx&k3CSi>(^<@zIw1~B4htsb3XaAe&aO+W3M)>)FE_CHcwo7nkNwmvh- z!&Z#N_aD-`-Hzu}iBoH9y#F$Yv3&JjU40qg4v9(yS#6a?I?t`yQeeCq`Z5q{=i0Y7 zc1&KhB>FI21?gC$U@gO)sAC?rMpbOEy`MUgVV^;$*-s)K6B{>X(d)fo;bqm~GY%LS zjx4b*qg3X$6qUpv=-J$kCwmHukoU!2X1h|z3Dyoe#rrhpeSZ-y&=abDu6QN}s!37= zG03D?PI@7Nfpy1iy^jz7qW?m9fz^X4qP!c^7BY}?K4CCB^GLwod@az{``GDmb={b~ z0k-6l>Ngvl23(k@si0Pr9S5#6Ur$}{wGlCxNgN$r8o;+_J6*Bh>AfK!*Dxbs;O(t7 zI+>$EZG&f)bTe})SXbZB7{;zr2?qKMR&AE(W;b?WW?Ut5Wa_=VmzESoy3Q#&-Hu;L zLkPoJxE3FF`JSohp0fjrp4|Z@f1RkvFO06Ia#mPrFR5^~Lcx!@7!chj5RR$hq@RdV zImlsRG4hg5$Y!URhWS8`6Bz=vsIo={=u~evHrGOCBR{4LGf*&caLTYuS+7hD`#LiW zzu>yzW%q5|h_fs@z4S$Uk-dd2o(aW>jqQ#_#lc%T2p0E{Le{JaSX3wWV^Q>);`w|7sN_0BLaf6 z{Ecn?+7*gHr-O0QRlx^Wf@MgGmlD(dC*5q;F-$dwC8_ti6$+32R`+=(Hy+WgJUMgp zYb^2I{U#bIBmRz&qW+&Jvh3Nl5lvB!-xnR3OLqx|&*y@eqUy8>YB(u~E40K^4!hjz zi&et%dhjCC3Z2BqQ=$WWYp*qkS(Qt-U=l33KAUKkz0^=GA0Q>c`$NE?afRF6hV7A+`SAUnL%fNPS=Y>XUo(|zQ-QYcHQw4Xr$ zrJZOO+0=BPj3_yzB1zX|xUN}jc!;&?+z`J%jelIL(_6$(&M%>#)0V|)EK}E0To?4L z&33e;u|S)uLjlycVlEOqRYZwilAtvk?{^Pjq7m2tCX=0kbw#;Vjk>58l{NvZ&}Wxk zdJ>%KN-swPm74`nbFPbmASkL&9;69P{3sT7BtAOru{6(4R(rho$h+fwXWMR^lP@a+ zD&X0Qf@F2hr$ify)ULH?Vy0PGyc+By@%!%#sBu3f}02 zch`=Y!(ZUTto>AD!OO6_&5yHgzItI~_oB5EFLNzkYKSF*4NuJbz2fBx=bYTt4zaXv z4%?tGd2ZC#{rdYabM2fCP2>&Wt@B*;~chl%yDvuj)mo5IM7nwfJd8kL#Dn{CAz zW+F;8M*>PUi_mRFMY>;xh(~2*iG|8n>NF96M67FtRYK9}JKutCKoKmf&NK1nSry4< ziL@$s#hGuho#-StapAXqgb2Bqdlyw~Ogs0FEcc;HKf)P4L9YssX$O1DHdWm`lXl%J zGW(vp9RsZb|FjwOt%6zoPD5YlAF9T|{at}c$W+Ml6&CsH zj9RPOtAZ{Cyh9BqgR;pNUfrdvFk{IbNc^OP$mDzD-u&FT3%=)lg)Rs57=iHoTMgUn zA?VPuqzT#xSwBzo^#CS`E*LJ_RUZFEp60^ zD-yYxGy~>~;m`eV*HIQ%gvjD3gbBbI-HdrzJUQR`em$CUgMK#7De7`1`;nJ*UG{y} zHD56U?VaURkqVN*%3MZ_dO}6dv4u14D;-gokbM%XV6}g$z?ump;M#qy=)={vLt9Jw zXL{v^h11}r!}xQ?LPLcGFP=@#S8JCy$30=k@BLXntm9RSQHc}0qO6s@)^In+?f4bf zOv%c{TkXXPkfP+&)pl~Rtm!Zpe=a)K@|>EbIMpw(tB^U@3~#45PWZ4bEM@A*%AAmZ z<;vK<$WXQvku3cdVS5So5LHRC$UUHXxplQ?>*_e?pi2-Pv`*jMPm9@HVo=&=etIw< z64-3Uz3yl8gqp&IN-UktLfxDL2v35uqBswLL^Jl{am4cq&swjx%OXYFQ$ojMu7!J| zh!Nq(-?QEG>EI<9YlydJJ26U2wv~SYcKf7Qpp*7n58Wdr0q-;)oF;BbYLI zt!{gplB=ZghQJ==IpD*Gasi4bcI8o~uYVU$jAX2iWvp(*1BxfklfxP{FS!h~iB0qJ zjFe0u@STUUr{v)5wo&{@C%qF;aq^IVLE$JMOQH`z{$Eb5l0NJInp(lze^0F_+~1V| zQ){zPAc(T<#2`bo`NDQ;0IjA~7>J+S)pa8v3vMRb<)!e!nV>iGn)^gePMUshV-xmy`ww z$9EW~Tu4Rxa2@AVd_X;pbN5Hl?@Box(@V(@SW z7{bmp6Fu(Neuhm3V;_0ieeeCMy!38;`a0c(75C`PN|Q!gZdo0$o{r*1priM!iw4)!Fz+6wtZCa^MG#PkjF2R0d;J1H&*a@Q zHx^ymD8&S9I?HWBs|e3A^lX4$`M3KJY#gVEgQ_p9FUFF!~7x zd*`A{<9xhXiagxDgv|5!V`ja%-evK+uKAPyoED`>t|qdJFMs^>$=zV}N&hx=%f>%O zi?N#}QujJMO)ErCK^AI4rUfx0-6FKRxismy2D08$c;Ou+`eeZ*K->wH*;Uy^2dBCW zl5SgJ{U+k7gr2udtH58}Ns8Z9xv{`-^{u2zk;u9uiBS#3+V5Sw6qsjoi9N#NS^oL} zQfvJOk863G;w#}uK99M}R^`qMFWz?L4!C5K^&hY`5m0 zoZUzu&aA&RluH68j5a>nwKbq11Zj=CHBiH4jjNJ_zs5Pj z;{OS<$qucwD>8o%lp`uG$_hZ$4mwpDc_U&MG6(lYg5C6b7F?^l*_T~GwhaUl523RS zG&2|5uew$^EQ@N??hYZ%J)Wf*fwPK?#^7U%+?}O#v=D0zivry#qDSQoZz?tJ=2MGG zw*co~qCJkl*Pxh9u?~E~ zk%xTorwPPt8K|>%%BBRu<*y=qPpIWxaJTw%tkc0peKF=q(3iu{<&Fy@gqGmoPMqlv z*gx*4{j4tY1A2SCjFNXs;4C}nY|lRgZTN_dN)7 zf&ISm^?Zst=hPVyrXN}%lFgM`@+*Jjt@U4mz{e{Rav&$-7(wy*}Z#Hcyc2= zUSmbx7R&!b+FM4&)u!8`xVuYm_W;4&-Q7J{fZzmzOK>fMySux)1b27W;10LQ*L(NZ zz5DEQ$Gtxoi>iWpSFK_c^PTqSZYc^VQCZ-$SHVk1yxEd|U2_4`@@Ze;#YYoO@JD z`(~Z$rqK~qSzKcq5ogO<01zK*yvTlxb<;U&v|%G!bzfici)}NN3#YzVc`M2i9_l~i zLM&HvaV}7XjKhJUMosU%VvVhJQwRMS;)c2BYJJAs~<^)y%0dsU|sY=n}~8?P;P+4fe4FX=A3GemE8DqSlb| zblrb@SkpxxpMG><*!|T!y%VcBm)4V7L{zJieTgNQPIIh;jyzW?F@WgdMAtuV=l1i- zhY`D!C#}Se=~G9YqNh&Q1w$ZI13K;PQBVUa9(U;68oz~$U=ZfM{>zOYj~<=H*R&0n zd6?n~)E^X*TY_u#K^X;UP2(=y)Fm0yo) zdaar1BllZ(6Mlkmtqgzj?vEwr7e3#j5f`9BFUKUg`V9j2(Fz9dv6bVubA{ou`}%FZ zjvBbZ?PnE@^BSaPl!-tL$@Cb;-0J~nT9Hq~hKfNxED!(^ct9qC7Ck6{WS59qq!!bU z#k8FG{h^(2)FQc^^w&iYHiM3nL8*DH`lRB1!aMw!q|0ZPrWG4jxv+;f0lE={lYND^ zRgkLyRe^HFw?g4l6SxwZhN%H`r-3)J$Er`$tJG)wQ#1y}L?)Ww1G1z+r1T96vlCYv zOS6*|6P^#CFPqmyZr;$kN{Y}5_0;sh%1fy6_~#Xgz^XQ{5aiO$3c-=MDGR;4jm}mf z3F0b>3v>$d3vZo$#Vc56I))XW@I>M?aIB(y#48v9g3-FOhb};NpPTgKQ15@Y|r`qext|@N7{h4oS|BJKLet?4 z>09qoxCMFanm5v=Mq6o-P?a9T759ASQUV{S3(y!QIxF&IEjpT9*J+1e+i8o@E=*Km z_Y3E8W~+aP7Ku@OnK-kl9{byUiZ89_Q%AE3#3wtR5?j5^V)R zkCwn`KL}k7H?3r2k6Oz)f~r$*3RO9*O$>PUeq%#O!=8qb*`JwB4pOv7Iv%mBG<-Dv`_L4`8*q`c6>h}$0VyvgXWe2vKC9ZoKC8{hhOUUr zoo9GQ1B7F0Mt90bE_#p*>nrCxbI(7Yq)InlzZ@H@_~!IZPb`132OJ#r*k_4brAX5w zSfy}TDK6*MX4Zq&Ar{(vnu$80*@PqHz^diQZ2Kk{1$)hJ#G|-5g6an+apwzH5QL-3 z$u<+kms(Q%_1YO6EaO*g6HIH&es3CaH_ zJS*{1g9KT_f(9M)`)soHg7jDy5_xcH1a7`dIZ_unD7vNVG1+;z5%+?T<6WFTY%q_* z;WZarLLdHXzsJIUd%P8O$$c0S*7vPSHe}#eON2cTw;PJaPFx>ing!L1|Cfw`WcMy( z=#};+nFKk|Ik9S4yj-K^i*MerE~(9kz+q`{hRiUXK08-vL&|R6lvJZ|QsBP5@A>d! zH~3@F(c({KAk%3b6H!fNhu8dt#26W!fEBl_sd=a%Z6~YzIWGog&RddvN6NTFA7j67 z{FbbeZ}`%Up;nE^NMFoV9iRA7pX{?6f%F!KaWCnM^hjf|G}C8bYOz_2a)etl;Aj3_ z+no~9Pidm~A}z9a={L4Px<(Tfq_|7_61a23;~$*USvz~uvAtuy&m0)!1bLBz7i+mFxV>p^fa+I5&=>`84t>^=0g=y0JpyOxqW4K z{*rY&*Uel9SNt4O%M{vVvrAqRASv5hTNPHNuMU2A<2ldV%aW0RYO!Zj?DXC^2Gn^h zUZY>Q>rfZDy8JM~*S=6~^_Zg)jb@<_%Aakn78i@i*t%m6)KR7ata$#HaPEVv50V_D zy95>=OrGkTolc_T^s(>gWs#6PezfImiwyANMj)jb{|sBXj&+le1&Z>Nq$6U}hhyqq zV65iC0f&y_6xe_Wo}$qo0clm8WFub(`Zi4mtG@o(_l}L=8NqEiN{z?}QCJ$7tWVGU zW#2f>tvDZlvn0A}mY9oNttlltZuD5Gb1C)D$>~``swOlB`4_R~%I=SQL)1_T=-${l z_yMfdC3*NpYKC&lL*UD_Y(h&l`4KMUD`#B5P<_t}>5t#Uj7edU)sZ7!2lt!+QK#=C z2f+a><{Yf%4R=lH%&M)k?&GN2Xk6$c{SZq3%Z8U6#$__tgRmpq6+Ei?%8Tw;aw??n zC(p_qnfR`=xiIg#6Q$;0B^e|M0g=j_6gt+U8Er+&7zEFLnFfKWe4O0YyK&?DzA`xD zQHM~`A=*E68Ui~b8l@-j(Zl7C%t?J(nk!z>|18rS{lAfEM7(r~QxWwxD-6K4YSHJO z))TKjFK)|k`Q)D-M6r=)OrDRCj{4t#3;4fIoxMq(Bd!LK!Nt{Fc#XRbJ z>O}kkSswsqVI?xsN{|qKEL_6L@T0=@T6W6nHl3{ME|DS@cdo3>1H-EATXm@Z~dEY6HXh^+P$-* z`qnFy3B}3dIV}E(K<-movZeEd+l;Kp)FkKfGm5FKvPt=wCj^C%P&cJVa)czyJoBoGPYhT)zeCQiA7}Ur>u`hGD)PHtCy4t6c;LOX;LEs8%K>|VHz%j-`ll{AC4|;kwHoXZRJ5EUgL&Gw0*u?wTY}$}5N|zAs zaeiOGP0|^sgKqFhz;tTdf&MO|fZAxGFlna!ttY)&Ziv~Gd}VL&3gY<8yNf;{1mG?7 z6NHXY@k0W0LV*X2D?(3F|K91RBf-e8s2}>VfXs`AL@i@Cw~o}4(!km`PfgH0Xb)o_ zlEQIyW>Z?k64uca2`5wnsvQA0<)=>enZoRFoQu%jS6N>)^GcHxBJIZ+c$x$Q^8s(Y zscc5l*tQI*oliG71|jT_I|iZJ0ulxx398B$ERAFx;@ zPs|`=(5VJO$}-jIMGnHwn=+wkyEI^QK0$T!J=V^?O%v5$lAet3dtaR3ZFoT=g`0fS7MnVeHuqW zE^t6dK}0=KK~QA=v_SF__(MFi5PZ445s!;)VD)|WTK(88@<|Ep(I$n4W?s*K9vTU$Qe>BH!@2YLc;HytPo#h*3RFLX45GFC38Z2k4P1Xc zmRS$8;`kUUlQZG4%g5M^2$Y6YFw_Tw4d8>ZFI7)O0~OE&h^U$90>K2OEhnP&l21g4 z9|%j`1ufMShSFqaBB&%a?6bj}R;$`lKEhgZnFLN0x#{eMALOIZLU*X>)%IBdZ31_g zR|Ip&pjs5(VH9!YZ0ublCO66W$R){v*LmX8MJHKvN7K>j{p0d$J1jIP3h)ex%by5w zf?3Copy2qRM_@RgFYFuJZ3Vp?lL(O>)Y`T|29ZH8!FLL>Aa*zussjg^pga>axzR~k zCK7xFLA;x~<~HfWpS6$#12Jqe zFPSDlgEMqq1AwEq+TcGD7&f=V_#EZ|#!>P$Y%p}dry+luHmr0kVe;A<>>2PW!rQ7% zyjF<3HMCKMuXN2e0~~g#wP8DaOX_~2d~7`f*Ej~gT^H|fm!F&Gst>_F3*QHq($E~Z z1yoQMh?BxBh!akQOVP@07!~A9GQj~Y+&egexBLaf=$xM@(K%<}JDM^GgZ4807}4A6 zWCOG$xY1-_J1~PvBCvz@={q6B5<Nvhx~;*ENBDT#YOsY~;ErOB(jtsVHl)S|DGd@T@nKQ* zRr1%THFZ)h08y&6KMRiG`Oj<#^}#(?W6agXVcPs=XNfZ&pCf$oT!8%}~lK2W1R3UPvo`wrnG6mMsCTJ3TV4VR>cE zLvFoIM`7|D*`~jxgR`SkDdZ+fk_-#{(uy@t&=-r8(}uupRQD&N5x~xnfQHokaF{x^ zRYjtx_}iivtNMgG15eicCu$p#FUI)oA$$X~=pogo`-D+$t8|-m0uS|3q?=vI+5^eS zGD%%8mZ+A>-VZRJ#6#HU44>AHlSe)r22M>U*EE4OWMmg%Q-YQ3$ktY~6b{xre; z-oKfA)!>lrQUsrL!pKM3s;rluL&#~UJuRJspq z1HqGj&P!ms9H+80M9FjEPhLoTsQpfAPyhK&2c~bU#3AM2?+zcw|Ha`$8%`#|lX9xG z^G(`EoauH?b@IT2zL^!8zmn)Iz3$e}n2fpx!gO;RPdrB~j{;F<^DM5M?#`vOyRbKsfqi;kS zZB=!~?ie_vY1YIhjk)qyh3)a&t9jZb-_I82LicRO_Lfrmt$Oq`uvyz7Q(6Qcw7cTv zGyN3{tzGElo`vaP@LB?GW1`F*k&(W3>pFFda*Do@_z7T|k4QLGmww;h_iCk&$M4im z4Vv*PURy44Ef+pS690@8(((FuT(LJ0wfA&)(DBxC{`68A!)of2NA6dqY?t4atT<0m z+J95o+^QC|3y_FslG))(y_c2N&=g6)r{d|idLC9}`?a@QW@hz=+RbIVRLm;{^%#$# z3f@Tjp)sBmCfe^I#E0DU9Lsh&lzsAC@|*TkuHz2mt*Rg6__-_u{B98wz%{B(QF8}brmWSGi_kplS@rZIYXa=g;W%AdHhvYy z#q=xXhqnuoQs6}7f_7;yJNBpXZ@#ATTa}W-gBg#cO%`LI6*E?^^)W1=d7*+$HP_EM=?5B7ti&)?78x*df9Yb8O2vD7i%QO zYZVLq%!ON&TulG0*<-VhX-CG9i9`VlP`^v(NdMCA`Mr*J*~3CZIpgGv1Rc_kha3Sq zt5+Clif$K(uVGa5e^O;!iZ=%Zsd%*z0P8kOuyt44B}+Yd9e*AkuBc-t1~QLxY~DW~ z6j21UoHiq$)z72Rg}IEP3BoYeukZKWT3PeE2XQRpry|PCFYi;&T{^J1!K4qG|N`j3~c*ge%0vk2YRdkDO2q__ZrfS3*tbGq%yQ<{+v z++fhAzj=txvNQ%MS5INb*{vUGeP?5*USljuQ{Xtp@m48|-LH3(xyB(DgmLN_{EEGD z(#)p~F*jytk8FC29*05MN6m%}Rn*`yY>PvS;2SM#>{VuWz-*V?S5$jo@j+AIf@z$f z84(G*gdpryo@*`cbP^WNQ70y}xP3r8&k!GZu{{Vo(;58ubm$7fFN?C*#CK|d|CX_u z?~0rlp-q*G)Z zr&Fsk>u)cud>*Bc5X%lVmV}(RBg{Nsh9~`o zAsaKumiCbiM6V&7ZUIfDG$&MQ{URr#tnaS?1(*UGUz(3CxQ#!gJ!#?t@R0`NMS^8k zgo0l>$-tu?RVk5IUw_?tFE4|c7|uZgfcbRB>#I9UjsdmHG2`K~&zxzR9B{lxhEg+X z6N<(H3+0w$JU*95o#afiEKxf?QBWd;%p5D_hr2PN-veUvdwP$k)cXMI!{5{x)_W~I zvy)3z{n@%_!XS7l+67@k=~kh~KGgMQwiM?t=$!l@A!PP^~1<3Ur(KXPIOoA?m1GvC7*M6wCqQ)&V6>+}bb z4a!yM#-g7%UsV`x*thb5c6SHAw zvW~in@TP+duPrwfF_1y5)&x6qON^)9BBAePRzbi&Fi?PVCMO_$#n?EQ4$Lv^*P)Vh zMP7^SX1|Wd=E$C91f^AT-AMQWBV^Ybqe|~{|sBR zW-2!ACvrlj6P`X6iVJXLpzT%$zkG92(TW3;?-*NA8L~8fhc+ZYQk?UWc2~E~9LrKe zXs$n?n4rT{!lH7b+Oe~+uN(^5xW0H{O@C=Ar6GQ@jA^MkD-Brv zgCT8DTI)!qh**E9ETt8=Brjv6G+7Q+J{zkjF7p>HrXei^N|LUEi^1nPz#kb2sztJu z4_rXYML+il1fXb15ho}1HSW#qb|dj2Ns!y;#Qux-H-y?tUPy`rv1Z9dz0hBSje{|g*}W-$ zgNxPwnhg`vBR>g;Bs2=*VML-5i44R~c3D1i2J5OQUj_n3yxD)rh@An`>)Ze0tXcI3 zw}#fbTYE}NOZyjdO<4B3x#lBjB{^g0-S=z%?y|D+ljS&?voj-*;;ve7`0?b`TiALg8@vykxD1c$l1rSs zZ8FSl*)7~5Yo>W5Tj{vwJ}b2MY0+H2*K~;Wyhs}2W<66?&1b2Avs2_qNlI$r)#DTS zf02#%?_^_5SynA0w{T*U1qb;nBx=D5awYNL{c(z0Sv|uv%cs#ro$R+?Qct;_#_0z| zHFLS|>2+kjEylb8z3&<4I0E?rHT`G#mt`#O_9P*Sp3kN1@wK|(b$5RfV@rPj?YJpU zw|EZr|EWM8nRn_1pQY)eM%lyP+@xitE~&R=IGKKGdKzuGDa&uRxCKR-R|p0sl=OjQ z+svXJAwoE%?rNP-EWJR~;@Vi@P^P>b@tO~-G08u&`KV&%4J|_a8V)xy?Iu<^-iP3JwkQGVAq+~a_=^-Quq){DI>re9Ti_5$ z$!iGsO#saB7@+z>W&la9;Ip1j?5 z3?6O~U3jp@cf-wyd&@ErZitSMz$^{G5vteAYx-r}I?Kwp0BXtNO^U_Dz$u!w8-{ z9K|bVy~bG`eh%R|7c8`Tq*oVe><9H~=4`h#zk-h?!#?NWO|9g=MVZQIGtW!VkA=V- zpLnT>&sAlfnR`K-^VU(Qa(>>?|8PUMA8D)1j|4W{Zys`%b0l>OwyTXWl7uD;w2dDs zTO#9Y;;`Oi=}Eb}rr690#=x`z4ZoSqz744rC3l)z<4GJ^yQI1EH|vCN{3OBe@TWkw@ng5bCNCX>?)sOIUwM?#!kBb zZS$^Eq6phymJkC+%KPH8#X94;zA*CX>eEFJcz7K#w;t{U0CA}=MCG^JzO_NXF^ex*>5GO?b}Sm z?7=1~{;hfK=Zg}OP7 ztOc37pZfCu!qQ_zb>fXNKnr_tXUYkfp?FKtf3nz6XnAneD89epKP%^r=b>XGOy*i8 zTeB&`i#xHES&im>-2JI3t6BwSY^i8z4!z0d2sLCNwi8oHtJ_(ey*m;m`lLOJ1(Tlr zc;udb4jMQf(OPxsIKq7Z6xz-<>%DVCpwCKGC%V((y$~2SriRlnGe4#VB9}kdvE7!q z%U%CmsOW0{hJP@hx$q?JCAYC64%(rka|v=6uMBpULbZss!jYA=W8(WFgq3GFZ8}vC^;TdWbn+XA(;1yTWyzgAm{h-Cu4cZx z^5LOf-(D#k><0vPa)^t-Xv?lbw==W#Hn@qPt(ee;oSTVi%$gq^LqRU-=0mGwwn0JS zQBMF(*Y_*X(eYddr&hAr01zwg0rysnORQ$s!zc|o)a&^aR` zL4pWLAdCagxYyN14w{b*u&!I+=&nie9U=MLcO?0ovxV=od=&uF;JgmrV^f!4Lnggq zXl{!$y#wxgb}H@>f60}}C+OjG`w8H4yC+o-c}jzC3-ypnJSVT{#BKPb5mh3M@+~f6ei6F3cEC>Ap9L2LBe+OD$Lb2u)M;LB-=_^q7^RoW6mSMCI zCySMY|1~i9<6+4v-79rPTu{?Ha%BY~*K;y)`eqn$a#*4oKM^YGd{Ix*pERSN7`=Pnl+uHj(R;T5qY(fz#@-}LL?$44lRnAz4{!@t2Fzh|VxcY#2(a={F zzUgk?xAwoa8GK^@6Ji9-#Tnp?;ZlSy(#w&=qEV}{pW!2hmiWO~g(M%Tf0vrh##@=T zc`-TB)ix?bLXI9Z7{n%^$~&*HvUc%k?9IWe8sx%*9X>B&LodGi^l}O~_KRX!r^JM-TrF z)Waz<^_&NQa=2mFznj6u-_76<$WLV{_~Z{23wOy*nbGK;5`d-vsTmn*H5lTP5_A@V z$N$N4nrQxEIj2s()8O|wJx{!|oOPl1A{jJ?7O6H~Ff8?n1X>+Gn6W)M;wZ-;Lc4sb ziDTgl>1n;fJ_QaHDyDowDGrv&Thq0DN2hw~*&zbI7!V*EOHh9Qg-(-X z>0jXUEK95UBF8{h{CMqPyqf62?6&H@Li3Z~A;i22wGxnhQJDBa`C^;94 zm?YVjdtS%IzJDBgL4gX*SWL(T$~mD^)Lo3{*Xk&DAl_Q4P&j&)i4bUMBRt!3h*OLY zJatK@Z{knu!^!>&mJa?CmZD$%fu$L>27(QdpFiYmn6AGh{%geSkA<-wv7HyJZkbb zdhI=%uE^#2+3#WI+j4N~e&9MdQJ$?>yf4^${H#~2a8DISXM9B0kmJ*~KDle>8_ME?`MQux zH_>p8yGrl9&nHhy!ta4Ik}f9g$Nk~C1Q5bIpu{<{-L69+E%N*&I0JF)7AUJvEVf(8 z*7q;+N5!UDn?vvTAWV5%t}1^ZtkSLkD0fwV(sp6ycS$=R*41F2HX@4g=Wej5jrDOi zmlNv)Ak#P+l_#*Ur5`&zt0$lT@E-SKUk}`kXk*4!mH(dj{2&`a<;|W*O*9hExw%Qy zpJCq(c}GeFoD?P-u}F+N6i@k@#9#PkR&TgL^I|64Seo|){046;0;vbI2Udu)UWY={ zxsFiPFB1(S9*D~dA%M!U7=`9rw!WjDQ4QUf-3@!llSUhbLz}4Xub4s9v*ch@yr|Aw zv?~*`<1nQc81WG$zooz#$UnjslAfz!9(JjeW~P*quHdYa7f#I;CIxiqsxdVI;IeYy zfWtOhLtM`U!6CAeC$qD0gxRcz1l3w)?|W7I6i8Jak#-?rcRMerjg(g> zsItD?3yvQ}iaa5?sx1k%q=Da$N*qILXrvUad9FyE*v^u>Xr%W3aJ~EvkUFuMCBIb% z-nttH-r`*;mg3d5N6RSkyE>nY&TPm4HpWnWfgnu46P~a-;{V-PO0s6rMu|Y>rfb_k zdkUj!nJGPu4O(2QJZxSl?eT)4YI$?Uf~VN%#gU{82xbfp{`LGUU@*3~`gx1!R*AgT z<|-uwKmBRMG$iKt#%SGtgSIzN#!n#ZB`_RNU%=S4$!37p0Mh~(I)j({178F8k~Uwr zZ??S}Et{A#iEOpO_6!&;%tq`q`pKatI`k*rHYGZrYpOGN_TB_RfKoa1V22GgCb59v zYhOFqPDMHAIBc|mOf})4fms*0ihwr6i{TLvv7Njlw#qlDmE`}3*zQm)Ts%A0>7n_zk+bfB?Qp1JwKGUGcJZ)`H}wdj0ae*B4*S&3UZx7260gE1oAkGW>?#X z356lJUhm&N%nx=X;`0b{V@VBq^ZqnP_*Y$t@PtE&b@N0`gc}6z-M`O7#<+aW_h3QS z58Hp-=BM@YRtJ7H^_TPbm_G#FUZ*|0{5V(tDaSZqEa3hgo3uN(!lmLqr&S(r&)8nS za3tETwKWQ->YfxQhWwMKyI4|InG%}7@5F`OKP>S{p3Q{6a!}dv&jTB;tcv6ZYZqgeNsxKRXEZ1J-fk+IfRzWqU%~ks^v15vT#8^qjc@H{jmdYHPMLuupmTJSu zZ7s-0j(W&U(p zzj_>iCc_fi8a)UM@3kfWYwtw8^F)oyNxB(<*1+m^d7TNtb+d#7&!BrSXs~cdU!?PX zGZs$+g~7tOkfW8U;M(Q=sN#wxy7OLd`bLqq>u!SnmeljFV_kA+MKo)uSwh3@D z1Ar?mi7Tv)ifp)WDHg-7Zq2c`QFIKVhFJ)ZJ?ym|e7gD5mJ^Iu3 zV!4n63@i3&P;UqE7T^gK3j){M6TM=g-b_0vpUXq$+MCNVqgG)AozHnL*=cSmU^7c% zCGWa6jH?#G`+qB(s6ttJFP=(}_FR9*Y4Jd+1PSYO@oWYO7He!rOyj4P)#kDK@fy@x2Z+d<*m%*f=o-Y@FCR zNhNr1oM<8@$BqXB$D9cW69I8jft1@>MzG5Hm}LXu}8DVp^Nosg~4iF0Lpi@;@Uz)zyo*OGK7 zh6W4|b)K#*LVzeWm6I<`+9pyq{D<3JrblbkiGQ5uOwDb~te2+AsscW#L31!m?(Q{vlebKTHt`$V z%lD>bN0kkL=F?iJL4_P^j1hR^fByghh!{u16p2R{^L1d@%aK*d`y^R4QK(vrNDrOl zHCImF*1|w(ohfO$IE(M5xZ0^RHb3h@f3ZJ;nd^Yc=uys@%Dg3+Epp`8G=}E+4e<(+ z7eMA751=nDo2EHk=Zs6b*qU(HN)m~#{q0_i8LD>mfC_!g?Du)N$|@lgC+Q?jRAos^ak zC1A#!_$Q1)6E?6U;PmVYC{^{D3F zTnD<&AQ78_Ek7`YPQIqt^@m+o*jphTZCyVTT`+;V#-}JLHGAKTCcc)m5L9&AB$_L+ z@nG6ItoTQbpQ?*kx&EmZ*z?n_v9!nc(rZI}uNLU}!!FYDRMrhEdD-by7H_D~TAGT> zFgzTc9fNdz>H~+MBl8SGDTPNtAWl46mWH|AB-p6ncJDOs>A(u3-KxO7mfo(UI4Hr1 zIE_)9Cp;ov=013NYw>A~wHqBgUNbHLy-&V@>r6<;>%<28ebd^h5x)SwQNl~+Qy~Xo za88@C0DT<@;tBdVg{fxrVl1lfV9y^7Rx?q+;%k&*0w(enNUO~dEOG#uWPKfa;}2YB->3Tr+$!!1LsIQBY_HFCwN+u13JDnP;nt`ryiVaOy!`T#M6|{Mspjkt# z2<$*V9X0cbQrNZg)cHCkc)8>|2O(ZV6lsN}Q*WK%Gf!rSMBhDs`%(nzQznQ7v>yba z^Vi8%tK#)hjIMR4Mr>L)R^-fhnw$4vD*4i=u`G2VaxnMHTzKJnTr}KPcE)rPlm*`# zXsx)Ri5@X{CY0dmncyjm4;~2HDzqRX@K{GXwU0PMtpjCsv7YmBz}jCm8GI#w=$ibi zPS89GQI=D+5*8yO@yZG`3KD354ly_kG|Jf-${7yv2SLtN;GMu@bYB=r z_Cnf2ZrQ z(+F*AXf_B{7Cx~E*gxVvN1YDU51JS9y>Z`MIY zbG;b9j|nh0l?BX~Zg~ibj*mM|A%=-_=JmSUsDSSXX;1@b=t|d@FXcQ?U~qJD(!9e5k)}uflN(##zRI zPgQAK)_b?Q609@y&AEZR{Y?B|MZTMO`70n24`x>8_4zJSq7>XucMuB781e`ziSY+Z zg1#b0Hzr&?rIqxJt+iT4#cxbKFL{@cFF0KLA(HDLzaD8q!}g2D)MM~S@BvF7-1qMr z{m>^@jvK=aW+(KwOKxz2%{?SIL%!t>LHYd1UHi;Ww!iJlS<3uj(3+~r4>Jr4UU>F*fAM9_|tgSqsxn}HT?&4Qin)J)#{s){4XiGp0nSF zi7&Y45KHJzP}RqV8+h{}^FT}4HEoXdZH_f9Ak)|P^3=1^Q>JgbSab(iQe~2|IxSHR z6ulQ2T=q~$fc2gERyNJGB>l|vo@R_p_0^9D-4*CoR#a1be49?`4?}Ui~fmB z#ZvxIir-LQfs|q{KQ4yG*{XJ_-BL`u@JiG(cwErVOogPU9)=TVU z=Rm|RA`=h|Y)K3ZghxtJJ2J95GI}V81C;6z>DH{;_Ji$1QbU?QiT!^nN&P>XCLNCd zrhoUn^NPb9bZTnZulNAkL&YZyXg5hdS{m5pi`QhdI)RDQ_OxKZ)4W)g1~$N)*ndE% zOiTY)gxX}x`A#g#>u_dTe)DuPY8az&d^!Nspb~iZ3eln4J~4bkS9*F6*2G3P_jYCT zEoUx~baf}~baMYsY>FXDj<=Dw_$7*TTt!*Hz3NB!gP2j~xnyYYzsG9o-eWai3IB#p z#r}>?qlFeUB+R%^neZ@*swpUXAJm7ZC4y{rFe#~O9;uMP*vc1^l-Q#WiL(!9WJ|&Z zaz0~hy6xa_9MW+>!ZA@Ord2r3$iia%-|bX@27xhqdSoxZv?Mx7{sO3d1B zfSh{~I4F|{pr4%{2b|FSvUEB@4A9t8E;?;_&*y~ehJ?J*yYf*V;LM<;0gKh<^}rQU zpRuK<-Hfrd3U>1QU-S@Z)=V{@nGa1M_x1YS+IM24w~K{I9Mj-`_bKEcN%t$}uu@0P zOhu)bq0Uxh;;M7YdG@>q=Et6o*+b9fnN?1Ksq~rLd3Wh%4Ud$9TdZ+utIm_T$VfH3 z3%4P&4}IG%NmIp<0|_D!fXl``N~cwd%)Va&m^#jpBeOV|>`L!`k&!rAj=NC8RCr31-k0rCW^G}Wx7mJIVSXG@h zBpWIo0iIH4m&fvc{Te^Qmt>eD7%^uJD2v-fXLc?XPc5eos-tZ=kC~v&ve0XL^c;-} z7saxc;Ds^0s2}2nbO(K9gv~j^pY@u%d3sr8dfs$CvOOP*<$IrXppftAV`R*9oO+s6 zpqN{56s#gQw%kShNexMeJ8;Ck-PLqZD~z?_e*Ul{0I_mPM<(653ff^RdJU;`pWSNt z#MPno0ZpYSaz&t!O3r$GioH?ZH~Z@bXnj^GBu@MvXND-LG2hO%HdYqa6h* z7+Dd?o3*RU(3O*?>_@0v-S?&GvyqPk<(Fg$V@ z8J9`7jhTJhE7o;pr}!bCgfg|ls^zLX^Nn=gjhN$-cZ@HRE~#N{zEKEJp6yt5=Bf&C zuEqFeo6u}ja?4V_Ky3c&K~J$MJmsN{{mRv5XFoYqC;m>!I#pW(dHSyQhsn1nFhlkG zLoZ*g!zemZ*0fZ}L4;^r;+j;jXk2&WL0PyF;S6b?&mg0F9X5WS&1tZYnKr?=Wr9J{ zc5yS@Bh1ZgdtYon>!75WjaE;Slm zy>lxyAC7Qe6!SyuG_^cUl(ScXYq}loZlzGT?=l3}7sW5EiG0BHb%W#46H?{^IqjBb zpTZZY@%=$-BX@bvl8x{NFV8Hf{_#mZ!LR*Ri5YQaggsUE0O8T;wxD{4>C*fWywF)A9?WYygEU2d>40Qyjs4-GVgm2*AyrndY3Cun_*YNR>5?*|Mn)@L&alk5_ z=Jbi_Q6P&GmJ2)U?Ue?gi*IP}zfBG>$p1!pXHVPooXM47jaPZ(nM#X2tH!vas$_E= zkxJWKr#GZ^h$Xij-OFZ|Gj>?*Bv}_R?a5uk~R)<4S{gA2xY|@p zetYhPa9*l@akPiS#r8aX&C7`fEfysXM8>Cnw)bVZ0~&;ABLzUM>$ zO@YPvNDB%nWnC(GQ3epb)u0b*#>qcJ1}l^w^?&SW&~(%%KIe7s)r{_L6rph#I2af7 zhO7T#LuWVOB(X|bG%90vd5tvQhqu)F(oWY`PwCV?j8&Ke@1Iq74sYK=P<1tX@>-e1 z?$GYO^BskmDD@cH+(Ew<^s3757$K4Aw|Ib=^^ac~oo-19q;B<;Fl&}M^(hE`c9Y-6 z$4(mf{Z3d$36~6pq@wK|wKcPy(RyVXL%*jl+!wMc# zz_daPhdj-lJ*JjyYctqSxe9#R8yj5zWdY#!z0lHd zted1p?w(eq!82?0%PATZv>}kYm@3N|Vp`@-)|OB?wiu>vW1FPTm*HF}>nK7QDC-#V zCT#AY!HoygAAXqRPBVtoDNvc4=1!A_YmhI9opOyBYnCrKY1hdRDxI2pL?{+3DBb#` z*>jUnHl68=7hK?s=QC$H!Hvk0ej`y(tM5N&4WeBkBm|H?<{YG7;6|!WpR-p~Zgl%{hO_U0VZoPimCQtnB%#5t!}7&dFl){Ao97WBnb{B*pLjpi z1;jDJ6%3`c6mw#tYL#(aV)S^7UUMeGQap|lgFzVXF*ga0iBNn;8EHT{yOC>fCaLw6l4gpz8mb$^UZDPU zNIM$Tnx4pyeiiqs@$pEv35A}xE_%p1p5rv^L&!s_Fkv7zTEH-@$uBcyP*&SI*<$kG zGx^6)JHMJDzOzS27LaPQ)2D+qa*(I72me-gr+}}UDyi2#*EBW4HV`Sdx;46ZVw`kn zn{I%;yY`H8HAY*Z(`w+RITJ?Pn{0~@xKl=pEKUOCIP1jf(5hvZ_0d*Slz>n>KU!gE zJFvEEV~7Yg8!^HMh>1L2R5yvi>(0%RR8*!Zh3pGbv|A&baKjK`*a-G*5{|%c=-a~L z-CDYux;pwQs{6OL-mVwwfB53w0N?$hgL0|)P>vPAqHpEGRY; zc+ykKA{f2IuSqB^V_F?IOaGJk9xs=}5gwge)^((jd)Y_65E;`R`xwbWXnS^xAB&l0 zBCQ!*Ds?X-JU!{=?F6@RIb&u3fe;vh8GgP02g5)-znsRlf`i@ee}}ujU=O^P+ZqVZ zz#jND?Y`7J5&Eq?-~WCxeg51q27|*xbALJ<42P5H{^lG(A~8OMvS-!&-VQ7ZbU2IKx@*#~Ub3hkq3|*+`6}u_ zcaR^^aRjagk1i25kHGtY?H<{X>0D_$dIZD<;}Q7sr3xq%>aH;l+u=O{AapW%BxdA_ zjYZRW`(}2vr_%hV(7i$i^vl$i0VVT)fB$(uG5_}u`onhqZ{n#i|5H;#a>F~H8z{7< z{@=-&95GeTATA`dXApZYoZsiMhO#Glz>I!eNfZLKD~=-crk-U9>j?C~?d`4)qu+v< zrM2`QmFPUTh-fPDD^d}A@MlI)0A`w9>?A!gu!gFqc<@b0BSMqCMstutf( zR)I}G*NXz#dWh^v>_xc9E`=~L;f?PChqx?TP)jE2@d5($TWOm3j9tRKfvphK z3XgRZbd^_ESq%73M`!aRpzYa^xyYc}qiPVz;vePq4Z<@Tw3qsD#F>jZ7T96rKe}zz zZ#iVR!;WP8#Clc^t(%6^O+r`+I5!il+%@*mUCYgf@)WNB(R|(0O;hX)>(+?{UFLJq zDZx`TE3*np*8jo5!G2=>KkV;6Z`c1#JQ?eMMD>&kpnQt{Ja?ecE98${4gVY(E@X|Y z{K|LT-u1=Fu0im0wz4*mkcCySa29gDyFfB~Z6?dqJBVjTp+MuJ=)V_D4k6-*8fAU0I}Npm)s>4LH- zj5B8W+}Sp66F(m&f0Zy);~Z3pWwzCUS%3XMH(cF;)hs{xl-hs&=ZW?I;Ca9G|83-H z-u{d6$A&FGD*A4%zcpKbF*G-70V*x8YWv0cu(kTKpQ`fTusq73>k>sA$ zKb{}7@_!RgJ^4Sg$V9h#?nF0wh6{B$k5mCKKItBt6Bqp{WK!?)dl7CBivCl{N*{@p z6WF!1{BKgotsvK2uJIo|659SheRYv5{~{xS3+2fJ{~abKq(O|pBLJ?TJMllwAQS(! zxarLQxYn65fAn{7F-H_Q(6tfeNC&zL0VWI}4A>lk1hBw`4tex<{%P^lg<$6DlL<7z z)Fn2UGv?5vy}cP?b8jLH5M|OUe@-ki*|T*{xIL2?o(-{Fa`xbjZaWsFdz|#U6f)20 zEo>_`eDIs5{hl*;1r3f%ZWiLV9~~e+hM^#SB#0Ry3jC(cAk(^jBBn0T1d_Dh)7XbM z3}TKi*^Gw6fM1_OGpK{`%!QP~Y8_&NKl=4QeS9m*hS49tCtLV^JC>g%i-*gmiGSy43Rh`^28SjV*BFgScwMStr8HdNU=^V;bXG>GvYFJt0yg#L_{#y4eGhX zWAMy{Q*^`YaqX>wJ3*}#wB+b)PILMWup-NR1^$_rc=x-CbLmuf^a-*MLy-1P&ffS7 zDee8D(+nMT?`klCOdn{;bvL&pU%-M53$;R|4#!GjQ-CK|i8pdI%JQ7=6AMPJFYocn zYNEiO6)spYo{LAU-%ap;BkDsrs;#Wujnd+|7!7tgeDgIGLZ8v(oKWVIS=puKZ%gKf zQjseq{HH{+WBK)!jU{fRM%zkaY8}OUba;3E#Jp9HChz)T_(9W-+OB*ix^W4yd6YP6 zs_;|}lVy}X3r;D-#8il%V0LBx^5>|JkZ)ng#k|EVe_+h2DmYk*z2n`gf8X`OyCqLe z{qJI~V?xjU!;ux0!7}}Cf0VNS`Kwm{+rYE5{>KC-ytyMSQ1)J+1jfNrMbm~g!Z;wM zdSQu*R$niR_rHR6mfuhn9j&JOLUy)0(;2+h7hA89#c@+nFUzddgmxBhxVDa#Tm4~b zYKkcNMijNWBd)?_HMF&K#a3s#v!|y1=Rntmj)e@ph9|H@|2xB5&)w3%?~3Mn;G@U0kF9Z@+pLli|fC>2K4XBNzBSqZhy z>ndfq2$W$*oG>)F# zbud9T>sNwUA~G0s7K>&zgpTAid#k<5vnI2X|>{F{EN>i>9#@QojrT{j4z zT>nqye;WL7P5jJov5G75t}_Jfj0Fxb1& z-91A$=1@*|`ESob<_|IxHN1kD(J1e-50XJJhK3y3pud0cgP-hH{D&(xVU2(uet(b| zeor>CVUH~wNPh^_UosoZyNH3vHHR>G`r8wc(%2$~ZUJubF`aqzcksl8HeqnAo2JX( z`#(JjUH;<_4^jqpo^VjcE}TLax}B##1lhF(0|$c`^By>|*v?pt2<#_5309H68N6Y8j>Q>7cZ6Ca!qPwM zS2{IZgf93+c-gtqsFdQ9fWr&+VtLRNo(bRi^#38d z*!W7fggDsm_rb8g4+dsg$zgv0hW*lFI$nU0omXnIaCAxmkkeAWGYDobvD7NMX$E)* zpa0oC6N}EN80Hhtq0EK4?KdK&LRlN4?(V7V5NM7!v5=vuwNh|Pcmrc?Z%@b}VG+LQ zzv%D%pr-4m-ef#Q7K5(OtAeHG%#ICCDMhdW)yW_K9KCybrMuwlj{*~eF}-~10a z2AcN6)6Dlh?T4o^sL&Mb1Okz_48C=k>2MH2vz} z*;izcuZHJ-o&EWhUd{Ob|NLq@2Vco-_La=8zFxzL-FebUB;OU{yToc&` z!C$xj+Hu!<(YNwc)&Cu0zC_gZ#BBmUd*%$X%4R^>`H#^kng9J@Fl_UGZRA=0{C5UJ z!0d$X4zZB2NW?IlrRz6;4CEmgBY{7%;5d2)DQtvKu5@GxZ9|MjeG^M>T)U;fUI8UL z#F?$>H=nScfGqZ|7Hk=<#i6T`JzF(uBh}k~u_6y{#Ua0fr-uCZi_|{@QX>EN2dVo% z_DB8p{*R43OUr*H9|bY}EZ+I)K9cFb;%SqrG`mdpq_BnJUB9i&h1BHkU6ZMiK=F>5 zL(F&b$n&cxfxps2#`l6uPM^s{01|Z`ype=Ueop`vG?Ti(AcNS^-3AJ@>58SfqSPfv zX^9p$z@c=Ad7-;A$lfNlRTCeQ_>5I5g)iuhic|Y0^UbKAAG6s*!B$uhz-9}h~( z<#cM+{2;ubm1q?&3wJMVAmiE>i^5o@SOwU02*mEn43f|bYx1fJUF6J9-dhwKgZe{Y zC3%YxNZ({s+(6=ZN(hF|=JM?k&?-X{Z%oV6|3D%LFSq@$3`k^Bm2Ld?d%*=n1)Ss{ zxo0J}t^LUpe_1ovUZTZlP8Hsfl;5D(Dw2RrbPC__p9vPD3(BB9_74V)T{uIOxeLi# zIUbRWPI@kM2;~xbA^W?^ph{UAOrMqdcCzZxx$b*i=6bCT!;1OJWhF4+4TEmXxB(#k zt{x*K+FO|qqMxtSmidf7wV>|XB?YC9fTm@N#-;kK(p@Dg7Wbhog)2Y6xd>5tMV7!) zUQ?wVRl-j}>&qc0V9Zah73cC#t|ftDP8|m4?erpOe6;0wg_5a1s-5$XL+Edz1~=I8 zd396XP`^`M93~g9_<9qAMgeA7^|V)C;W)}3Ml5~Fvg^$Z6BoWudM|uRgXPYX2k)^!ZAru6<6U|6={Hw*;{x8ts_vac2GX7{aOS> z)u=8j`1M5`&s$<7uD2{`AgbZd8ZqNfOdH{ovo{r6iC3z{8ZsU5o7hF0@plzrNH?^U z)V`!VIIpm((M)z0=*lo%>((i;9lkR8)(imgcNL*ZH?$P-lSZHNqAGfnCX!^T3ywS@ zK!Xif@uMCe1})@rVP#m1Ae7k$C;D9vBBh;zsgcfy*jPrz8rWAa){QT$+288YCbRt{ zR%+uUw)(R6 z@*Qij0o?gFqGj-J=BJwY%xt}YXS4fUnp-_9V@%5rC1V6R8!FY>Nz1?tAdAB5YVETv zFEwKTExlSZ;_5TV|Mq8sd{J`-D6Oo{{W54qY^FvsQ_1~RPeunVtq#{89t^e_#GmzG zk+n;F>dM8Gg`+yb44q7;2qU(rvcnS;m77KWuR8mmN&~gFmV$a^*oS{CF>r0JyJnbC zBk?uTNB;1T3(c3Fi}38+m_yUE5T3meem(#7s~c!|!pIMIR~d1LMP`eC!$nocSsZ|i zr~!5BP;8aQ1&Mqz#EBwQqQ2s36T;U`MDF_Xayep9GG%4NaKw4UC8%)?(QM9+z@Xn( zHk-{5*U+_9q^*m11>`FrU@-~T6MnsnfMdjht{Rh}yr?Ja)Rw9WUjMcYu|<03S=PDg zS4qCj0w=G5)g^zyb${x8Zn2M&1)9I*4}eR~)Wx^RH91O&#&`fqwK1>Sr5dPwS$QTG zw|NN{t8+olrT;2kGKw_D5z3AKX>Q29RlbQae}qE*6^%Jwq{%V6vgNX|$I7iVc!OZ3 zBMjZho9h3T;-}J{v(m_u21F5GolX;Q#oyJF)QR>Q(B54{gf(pGl&WDDiPu%v<*eqG zTHHh)PJdk!f7e{nWc}3<l zaSdpOZU*I`L-x1I+p&2KF9YTku{=BQ2>3thu~E>%>U< z4t2KV7=WKxl4Jh~uPM)P1<}z*$KeG5@wBS{_9oCT)cYq2%Lg<_we;Z%x-K%IB1S2+ zMPRe-=q?1>Phij+jC%duzLo{a?QP;7*QfF@|I^=N@pOqYQ5M#xzb9iyg18jXlo{+4 zh*lBg<->bYMM(HlkHV+w)v;pPl2;i%=!4lCdX|*`weEl|lmEj(QvM$t?zj2>Hu7vh z{%_m$u-mi@Y{wO`0we7;vESlTL;f#y_v_y(-2XKgJx|F0{_|mb{&yqKhUI@=DyVZ` z4?Gj!xBEWutUa1w*e5j)@fK7sa5}7-O3HE36|&$Annz%&Ta>RNe+M7^ePO@|a9ok= z6+mj}mJbjkz$JwBL}A^s$n{y!&a1GP+Tg_;QGh6Lq3K~$#|&H}HV2sCUEUD*PPq7Z zLlHzuk6qEo#ADzZ0z=2Zamf`oW)K5Y;&KxSVhRDmz=RH)3&6t7ZI?Kz>2xF-1H0hl z?OXBZiRjlLF7&-bK;&ucsctN})A}@w{e2p|fwsdIFOeI*a9qL{PiTg3WC(Nk(n@{v%!P2z))C(GUu0@udvo2meDrKDx>jtn z4qmRx?|@#7r^vExOP*t6{#8p`JZwtmu7&Ph064<&njtBhe~f~ z28l99;6y1ZLz>=TgJ9o~38Ma0&_g{JQY!M^Tu5_die{b+i3DUSlx2h|)3E_*@Ivhj z_}dTQ|Gs?T|GT|?BGDbV7sWgNKVf(fkMUOM0vmzm4R0Lx2nZkK_(~vgN0V@j=Q^Eh z-54Im%BL@%$>do3@+B=$Zf~`2$i=cqBn@tFwc8H(`9EB~3J^PB4}5qZ{rcy}51-D) zZ(qH>*y%{tAG=VjY&*7ovlB7zI1p`PPQ-DLRv>~)6{BS^b^U7=Ea)D`CE9HVOcr2= zm+pekWYUf1a~DLlI$faoW6-)ldotkvidonN+D`9TN9%yc$6(;&eM;OTFtT$}qf&SU zxn*$#3>PtE=vF?%z1EQh&5zI`x>=$9k>T6ZzRvwVENgZ2cv zwDt^-&0CIKuDeZ%hfQvM0wSCMwro6@>;CkPlh>j0SrV4pSrcfTW#>;M^Go&rdiEb=hS_xf&%yKlK`Q^}et*BU|2FaD*ngbR zH7!0~Wfu|g-#uIBb71c!F+AbG6E`anXLsfy6N)0kv6v5m7oj!r9)yXC3|(Yg`u9UeDEBhef*{Mo{5$F znbZ>}gjk>-sWik@T8Q);uKzCt8scj&LnNR(7P#!7W zgltfm`qZ-v={e{`g#Quj>rbLCY^_Hh=GN@IOo?f=-1Zvlc$f<0u~=z79pj1~9_H z_TuI!7>t08u*V?nf!E@aK+J$R*DGYLtuMd?0v%8^6CRrwKZk+6T`)(pIq)Yx;ENeH z7F|GGV20N>QO<+X3N(oA5G?MM99)_0i}3(;vX)Ha{N-=Z?}KMTB8t^U^czlT zY+BIFCQ}!Pq6RVH<74f^zqQ-nMqvyW$|5d$$&k$<>4&h$%!XSu9No8_)K zqKwR3-5&qp>6jr4?(};vUUUm+jPPtsp+T@o#}m)Ege-^k*usIwnum3F5i&rau2*4z zF0f!Hrfl~Hqq@>2pAV#xeJVXL@*3-Pv4gKP8fsrM^et8Mf<)|q=(cb}jy>fP51V7= zB1haaU&0nX53ESg8q3F-OB_OVYqJWjzLo=o04*P+Q+W`3@()g1!=%0?|a+D{L z2P2^;#wF`uRXy=FU0~y-zooSn#J_mK=D>lj0R@MG=>i+T40;qYbbF?YiRk6{TDQhi zj+b!&<`Ofd*@?o%9%37%lOeiPD79r&n&`$Q#O7GSxeBTF*D2I~xwts1rxUNB41suqBxL*RxkG+!d-l^9UVIHxn>@GiC%IAd(cb_ z@UJ>E<|dg{!$fe-TgS3Ku%V6_7t0V+&*frSX96V!kf|5_b#jL+mJ6zh}u-*fO1~dW5vPs9Add} zg`*VF(gOG%cuiaYZ*<$SI3A(ey7m(4<~tqJbBvfV*Hi%csL%LtUwUj2Luj1Ou0-1I zok6FRQ82-HQ&lw>tj=)%imTr}h0Po>sV9!^Aja!|}!**J(p1Yvke*gPq_9+J=SS4D#~jWS@KIG8+QeP>wI>S(X+4mafHvJF z2Q&s_d|x8oMHe{49Lr;-ae(51=4&HR*hlVQ#{q=ncpJ--EQJmQ;fdgSJ`&M=)Kw5( zI}SD?0tzI^%|!x(yEbGlGHC2{<1=x%F$~sM!hn(oeH~(UgNr~rG04O`8(VP7cAU9R zIpiU*yl0P&#rrSf-{Zfu|F?4nMGnueA3e&cOW~dqp08Ui z;v-a)U|q#>{GfYmoCTj0+K_APhwNwJz6-?nG1n!IwU6?s{5fRWZ8y=N7M!COV#7bj zE-S}Qv&X7+1VMMAstO4^Dxso=Iui7#O34TkfNIyoy|jpKRs~WaaZ>IEO$lbpGx~!< zB98C~n9#Av!j2Aq2MlAQ8-xW#f*PxHz*0nhsY9FK3>x1#>I7gEZY}1{`M0TOZ6WTc z4_YPcwT`Lfo|^t2&Q7|6WV~ZlS5WEx@8K|+|802C?*DG&$@BkY5V~~*wXUE#t{`6R z#6jnhg_5bHvm8aTg5=$;j2G4%h<&_+9@nM~@2NI08>OBu^9CQ;?u2ELH&DQF?S02ER39-}ul+ z+cNY~(?f3+><9TQq5msO2qq@n4Wc=6&4Duge}B-A>;FS;0kr!6CY~bwznIXiInbH| ztL_YY6BsG(?}-Udg2=FK)c%X-Lu(8?WMiP1_PIf&oTpzRdg*V%y!I@sQcUGbc!jc# zCz;`U8AVE_;;xn5AidtwscWMquaRYm=t1&OOyM7wb|D}alU;vcq|A&K7QvW{~w)+1@o;vz} zg3zr2&>8@Z8vq{z9=jJ7Kw?I;Ccw930wjoE8fYpsD#P&-!Hc%c!GKH)YTe)mxz-U2 zGvfaI9}xP2lR;a-`=g-wBi>mm8jC}*lho-b`ZEX^wTXwB2v9rL_Ox3*@i-*giuC^kp<8{w)%P3F z_s;{aD!(TrEV{*)g=Ec?)(&{cc0hvI%f|(U4UOSG9Q(fzp80_oi?NLimt-VC)Kv22 z%$Uz)@;;>Zh69Sq2DV&OQ8wz7)^%$}T*T(~143ZY@R~&91c}o^4+wLK5v?4_c28&P z9ZlAUGFR_(s@~(7y5WgBy7v>cJYaJz6Ez!g_iv)sL0{t&H5-ZdVxrc;TZM_*rjWg7 zPksNNiy?z_S6-J@DGyYM|8M_!a{qt-;CcUf>;K!tQ{exL5xRB$wa&i=oPUz1P6SH@ zKtBmMdMQL~aeE@(>&TaPL<(SGzf>LGct`>K7Y?M1yrA%n5@%Ntjnhn;NtB%tI(CQ2bPY&PS#-n)Eq^_0I_NtY{J+UUDy5m6I4c5Mh<^3GJyof=r zpu6aW?YSPF5OO*8TuZP|j@T20KDidSy%j+3a#ZZ9qcbDGrGepJL+W4L%WZ>{e7U{V zx*=D~B9U<5=0PmaPvy&{GNN*mbm267iD@oLPKgU&zCW)_4Zr+d5rRuR6Voyph)Hf@ zx@N?t&&ns!%hiLEvp1E|>zBVP^zuRJ4k|;ha{je({N`*do)XMlVp-6A7Z)=A24f2A zsS34dkg9!`6fr_zs*9kiSWLJnHbu_7ec}`u!-BQQ7wuTzA=yGV%+ln_^(L)Vs)+?|85&ZIZ zNd*hCD#*7WTO-CXG2yFV?&Tr(y;7($hSf@Ug=RjwK(dtKI(81ONsPx(8I8FzA{8{< z5gMauS;Yv5yD>Il0u)P-Jgz=V65Z1<{r`?r^%jU? z|Ns8r@Gu$wdvMSnwEq81JQe)^j?;$zw%-5RssAz+|7zO;)tZwYaNJQbySl1vP-Vn&Ib)aNkIdswIg z5Ctx`Y-LuSuu3=&dizr?c>^9`$c7Z`ff29~_86oM+IJ2y4URA?hA^pbhJOQ@khaBh<~s z1{s3u+7k%H)p0t&1n=_2b0PC^i%ZQdf@gfSo$DCrSR@^3ma>>IR~dD9HZbG%klY&( zRw8Q`1Q#d-*C%|!mzZ2*?Y7e>iC=~}^?lU~5&RBOTW7|+63wFq{QE7%t$&$U&sX7u zD93-q5GH~0Eo55}ttceI9sziKoZEe%X*Aw%eY3KFPyLHD=(1ee7+VHR zC7^(&yjb+cfd)5UuxC%83&<1%w{2`daz#)Eoz~_+2O8o1ARA%2a7~nb%KT1TNpF(% zR*{g(%@j+qo>G4~-c#?>(Gf5NNX{mQZL01VjW%|Cl++QHL_3Ppd}Y+l?R(x zr88Nw>N2eYv-x#e0lnrzoxv&_U8&Xnw|S{n==;erbq2W&A!zx*V|OSrJpoK6j}ecp zhs9){+?)^{kq`kX7PIx6;2Z_map4v6oni_@Sg>3l>u^@v@#@EW;-PmX)^%%0@P6zBtGWrF_7~ZgO-i~>h)rmJe?AP^G=aTPV zWO6Fegh;hOo~0=#(4pI~m~;d~;lW!I0Y8(8ksPlw`#6lkT^AKvRpkvhLNqO>H1!Mv zLUZ+ryu_|W5huJBPJ>Nzf$yqV8@;FMsFJjn1d&DVkQ(bbPrr2hS8x@01Nk4H4^#Oc z4-O96_^(Yo=Ouj1^ykJa>G#AwtN;FqHVy4C8V>+$u5*3&u!FXaXgY7 zRmuS(a$g60EA+FYj8Lm!K*6P=RHVx0GnpPy&+cTp)q=Fzeu8w*4l;JD#ea&t&@vf! zc8%RZCrsB}*rw3GD!9^ewc&TrZj2XfXcKp_CG5a~SsOdZk@`vROF1Ga{tns~gz1*7 zw;Wq!cC-mb*^JPLqMz?VG6>oSfc@bSrWcq>Y~jFTZLYhf)(uBMk zN{jtF#Av$lkXORC1#uc=5z!uu<08c(198va5=`PzXvR0u0GeT;*DL7?Ka+{95K(+- zjubxYIOn{my>FJuIj3izF6J&_%tCnf3z}7n{droM2UyrRX9q6f5eB#x<8eU}3*XO) z>`!`EF>tbC$N3^2E7{a8hv9h9Xy*|sa~O}y4urW~N#Ra32%%C=>DX@ynqvpLh=jMr z#E1L%Skt;7$eB4=fSvev5l-&^6{0p@mKDGghhl{ue**iXWm&hLpKxjaA7#YVXRyi< z(31Nf4-cL{Px}7`ZT`p2JmvmBpU|!Mul4>l=KVXDJoUg2dHOS_^&UQa@1alXLf_#T zXHm)}tAw`)`6(JaSi<|y%&j9dE3rEp z948{!M8(IN!y?C;z=_tCb&oaXdQfJzY%Jv5mkzZ~-Cu}9J6w|Go*pvMbP8QzsX|-F z3>n}`_9PA!{X1k35pYg0#Eb@qf*RC){XR2~!OO@L@vqoInjuAC3rvcGueu>qUP*Ar z6AxMDm>Y|nfRFzQFE9A&Uv{9~cD1M}t*bp5Xo)vFSHJalU;O^87yD1A_e|?_I^ZWT zXo|R}7J``7uy7Q*oSeM@^4b7kh-NaToq7l;eas-(h7OB74SWSIg4n3FjW3OsCa0_% zRE9C6So}NTt%EM4Y%Hrpp;p0WsL2hZQLm?|JCd7mj zk-6CSFG$VKk#hxI2QM4K1 zoi3sX!ZnHb4RViAwS(cPGF}MxW|^zFtBCh%=LFeCdD3#<{p7w;W0Frg5Kf`X&{Sl} ze0Ad>na!~pCkDO)BWeP8eoi3WV{@+0ikH6q7>?O@6(E;0F2cZqluEDf^Il)Zp)~CT zP+)|~Vft4Yh2-*mJW7>uRA=m~-Z{hsKY_m3eM)PvJN;gN&^STXd&=cH|m_)xjL4fc4T z!5%7+bK^YT%kLkd0nt^Rm|MRhK$t;ysv8h!8JCz`A;l)t0G&&L>3zlFII|#q} zolaUzjT6e0OrRj49{T`{q3gzO#fqQD@5%u@{!6=pY~K4$yZvq7{ylXc(*BYbnUBH? zSI5*wb@p{vLO%2RyF2U$5Zp2Pi3xo~z6tR7+R~lM*U>FS1+iiaD~CO$z;lAQb24QR zubmcBU!ZYvWM5gGkNy26vAm*bVfSzc>Sk0)yZwnt3iXfk9js8q8YoZiUdB6B=HlNtmIDE3#SX(KH-vAbqT`Tod-Bp@^+luR@CjBzgKD}_L_eeyEy_Q37O>%G9 z;KdSOH1M6Wid-wMfY@RgTmVzS5GpU3>l{Sp%Aeg!u@X>sPy;yhvz)7wJ<{Z^Y;FRK zotZO3IFlFSnj82IWL72~%dg$ZWw;n3=(X;Q5sAdun0Hli`Mh^>ZNsWe^Rj6J1IW;^ zN)-og!{kk}*gOS$rLv_K9OL~0T`!o1d2D)TGjfRqror{4!j$K>F^WcLB6`VdFl56D zHmHoPIsQw-S2pZ@_tl-4z3;wK{?8Tv=SKW%+Pfm|Cf|$}-6rh8F)ETz`F8XsM{^gm zHKKAwtQC>?8lu^pL37izj_kN~kb147+5(!_!Je((B$B?wA?^Z+f)3b`n4BUD%B*T* zivA3i^C=Zq_57v58}{4&@Zk5a6Xs6o*PAK*`sb7?3zt;m)MmuGP_-Rpbxk!?2cCk( zMQKqaAW!>ut72@Wk#1yw0-{2nkt!RKamC7lT`{&&%zN-%SqEY0?2s*Hb_WJMrDc7?3+0?4*zv ze`XR6*u=xkAqcZ$ZBM(6CxGj8xsY;6FlxKJVKrQ@vu$CDi85`h;scFU z%n+r50$GPz&QeqCBQyv$kX7eYyDSQ>=Uj-oegpBO$;!>rF0m|m=q0?Ot;)r0;l*0< zvn#^NjD|c8hCB}7@DomiC#6`&Mt=5gM^AewN{2s57e}uZ%OhUyp-ro}wz9r<+ zbDBVW)c(5AE0lTNG+jvP*b;zm38Gt@VtvoD`hT5MKqdEo9Sn!5`@arb{eLr0ss7)d z0&122hL!(NEstI`q4ukq@WWR8le4qc{2#pLpLbR%rGB1@lj0wtMRZeMhFYX}nvfbU za>ND*kd@-v=F{-#xu_~GZkUQ@V`-FAdT8pHyK>4s_@?e?*}A)^2EkMvl+!o?$>rr=Ft1#wAaw5}Ur#Y;`-~J@IpxB7*60Vd9;A|c1 zGnnQ%^Baxt^X>Uc#NtpnD3#`=8fBYet3S?Hymi z+_QCz{)|dVl}_k@o(n19IFvW^>6C#f@mxPi{?kIbaxE57>Otza$Rz={(ZIwa#-%R~ zOhhkZ#6_5!ximII88s)qrb)*ET&qsf{dqdS=U{)yn^xoW6;{3>NV%mnHbMxSq;t?J zo&l=cjs<;ES0iu)lO!@Ux0uAgp1eIJuImZ1RTsStke32o zGJpb5{K=r)Dw4epW>zZHk_1&a9mjs@vF8>;EOEog z^7E&bGepcDn=2PSx_}EmOQpl~#7!|~01;rwhLq{HL&3yj%4Oz4rqXhmnAuOcBoz4Z zZw;nCS;rw*;}EQ-bkx;14DWh-W$T|>`+vKG-r!(Q)nqGe1D3@99rg#w`(H)}ZT`Q_ zJURP+X&SF#2hi3jgKoR|xBkt)g5A8-=HH9ni{6Xf7me=ysq7T)&8aV&*#A@8d+0lW z>G|320Y1<@z%;3IcL7zml-vh=gAIZyqFgRl3P5{$F^7o_H!>BLcVO<(;6=t{d# z|F@KZLZKVGALRc4mqo;5yf3=IM(>ewKqaj13ZWlNBo$G?KHyxZ^DmLI`M=sf=>KY6 zzdQfut(F0660)!04-dMF5JDB6)8r26Tx_xV`Mf2ly|?Kk-`u#3u1X2zL2s)0jHKLN zk~MtJI$7{MjcM{h&PL^Uoj<4!*byJc(rm~pqba!5x*!+Lp}LCvpj{n7rj+RRg0Z4-Q1n>>-bJp;dG+u5}--rR<^il}$cogw3G~Y}t4qeSCov$DNw>A%?~%KND|b1;i=S?D4TU_7_f+e}4S% z>1_P=)$5C$=m=euF*TY{YXYsa?EGoX{!v2TMFdMx8Y4E&%Fi6<{`=i5QYyWTJ z$+7=AjcZ!`yvi;j;=h4u|B@J<4Y8E`d&JqDdB}vK$WZQx1`edw&VLAYJ}0aKXJpd` z2iC>#UU329Uk$*`*)6lJ`5;Ei5T%g|pJN|{1e`&pEV$FUg_5KMV7U)MR zs(+d=sjq$}lP<)jNG%cXCDu<^rh7qx3;TI*VU8FFLRUsEWkg4)u>Cd^Ie21WZXlkI zBK#|{IW%0>TI7Ad!IV#J13}Du>aTok6=d{_E|NQa^LY< zdtkrQ7%JbBw@^2syS|x|Hns!56o~DlVgf7yN&=69HMuDU-SJ$fV_7H@uW|c$6}0?< zX7l$R2mixVBIs0JK)Vh+<#CjckKpcGaE;g;;V7tPFakEh9)q+8Uc2xQkMk+Cpp1F} zw!Q!p2y{TvO!x$2{Om$XJlBA<3+8Ax2f>B!d@;kuq6>%%Ohkj|49SpfB75q`+nAJvD%1!!zqo;cyN|NrY;ag4PwH_$J&Q~`;i76@biD< zQU;=wjbWoG{3VB`=5mT(y-*LBRr~&_q3F++&001qWV2BtZg~!l%2ekTxn2ij%|4!; zMhwJAMgHOHIMXlVDK6ryNt@-aIiifrT-_f3;pvzm3-0uLFJ5#DXpHbI%t$=(j7!LJ zSWjer)jX`bi;w{Vb-fA$bb$psF=e|q7}b?F`FtRi>{IE0k@4~CVh3MoG}OL?=98w~ z1&M9UZ3#Ez*i$a?usLQfa^lI!v)RJuffWf_WBE99i9@JvZC1f`{9dE5@uZGB><2n- z1LTWH<4@9{|BMjv7%>KZd}EvftLllb=>i)s{VmG1ApXS*HU|!L4JbGiOc&SyX3(RM zq1!WEM56O+-5O6hUd92KOU#sJCkhvPh;5WkhUikE)Rs|cq8pbGn_~&*Dx}(9r%?Ol z;^M5HPP~Ga+nj=%OP)~C5R{lR<`l}UF7P$lgZ@EGt@M>fu$R@MpMJVnI}Jfnn``j6 z>w}_a{(QR+1Z_}_ROwe)f2@mbztQJ^}C^vRQnjp}uY-J3S! z+PCm55&tn0u>w~03~;6SpPwHj^S>Po4%_&TO*}dAA2AxYM?cz-kflRHd`{Z70~9d^ zZ=*dPXtYO+$^!RUVIPvwt4DlfgzO*8v`nLb%`=ot)m$$>3jyS@+sb)=qgO$UNy1`~ z`x;?{fY|C*HVBkkc*2n7JrI;GF36SqK{IjXzv|4Go1`#1g?efQiEJ%8_ESUIP{)if z4-iw&<;#Q41T`RL$c3^LUl<(ZKnr1!oNVf0vD>X%vGXRPaoMc+<62+vrG^WyE^pI? zQ{qB^Sg?KV7nwl66epb;}UT3Y_s|yJFQ6Ycf3zIV)o74I;c(j z=J(^EH5zDT#JBYg4yqy%&50!dIWN9+#%o=r{!5j&&}YH#PIDzhX#&rXWO~tjFvNUT z8G?T022}~Co;cbxzH32NlptIowUt4WD|Z?r9q*Q~o9nObv4_Nut#G)Spy+-SIjP_U zJ?MDoKo$Q?&>2%LD%8_g|7OmpB3H3#71t8RqFY^!B9&16rXl|bdP{BZ&=^9`At zXM+u;sW-@&%JFZD!YkKem)>%uR&64rCtX8_O>9h7tKu&1?e(qUTKdH8=VG_E2=O^y zVXt@6Cqqt8WBdc@zo}##`-V-b(dP6WGXIEwL`Yn6_XlGU60RI3AJEI8xV|bk5>>T; zDW>-$ms`Jy${UkQ3M@K-X|j3y_HdZ*n*N2Nxo_MN<70j9kJnhs#Ac2nYU+6IQF!^G z`OtJF8qS4zDyVffP-02ZC0=qy^kv$CHIyYZTJ$mBnMiHbql&cIPq9#Suxf!)J;5;& zIPOV~G=qKnHKAe?1w6Whtv?&Od9(E+m<-QmsCj}IxC0DlzlWgWbsm4LFVtT_^)6id zs$(^`i#=wWJpp(qPEis{h}|C9;_uBuFryFTm*Ii&0o@z$CKHrf1BNWWXuu^H%+`9edOUdP7F>p(r5>_ zUFl6iIwol!J9t;3Pd%KHudeT`v3lUpOAr%?1G88eB;h2D(us>)WAzssehXxdx@0AVN*!W_?6ro1lsK7IqwXYY&4qp6MuevDPdFxQ)KySwM3~hBZ8;NvV7ZCUfPMJnueuH zRvHgPaq(hTX~j7z?J}eVs$yH~K69nzm+I>bv>9wzRj)mJtbcbh6~N5{C>%5^U$VJ2 zg0u;1K=U9+W~%n`LKWwD7yPGbr7cxbx58cWMNM$6cwRCO1Ck0k^+kjRUv8MC?1i$* zH#lvye9N2yTE!wTQG;KMFh9YGY=Si4D&HX(bC90l)|8&%wU`aAP+NWzcCg$G1@}3w z=c$MEEkP1sBCMlcmb^pR%G25kw7}=pJpOmOw@IuVA*2$PiyEtm)+PGxi zD5cdevZ7iqwdH>Vm^lK?IykkFyihb24gnW1qzKg6(m_=2KkcT|#{I-t(Jw=hTmC=n zgH?R00ptH*A2nBZy_a{jrzjZ6s7@UyXhEx80RuUxB(MA^L#?T$ri8v~6>RRt zHXLdt7}02@0@0{tlR04aa~^z-H0WL6vmVAZbzTU0+Fc$rOT7eAt{(?kwrhg=-;W`r zgOIMCAExnV^c6vz{OfF=sNA~{Jhn^Fjx8a~0Ua08W|_YyZ;fQ~3n@vx7@HYeUD~#1 z>{YQJsuTFEGM}@ZhYjkG>|!2|bbGvQ5?$11w&BhnzHY`uNxe60?3ZdZ`X;BaBaTpe9&fDzYj)cN?TR+ifhza;0W^(*}k z1jrb6BV1Ff@BrRuWHKg^4Uj=7UQcdxN;ZjZW_on?^n$81jHK;Yvh8!5PY|;hsQ*)N z!7M8a=*hQ3Gc%3n3bu^yIY#EA^Sf)#1wV!sl0?QccFuDJf)o301c7J#AonOfg@;2I zn`WWD`=yHiuSSufIXi=UIj>fa|GHPQFZ#9 z&UY$@X|NU+v+nWv)fWryVb{(c_Z?R!YlmPKzAh}M1V6Zn+Q7<|$KXUO!H1vgKl&Xx z9cQ7f7uC6vqWG)1j-{BF1A-LACT(4Vy^ak$8dRJ_e^gmlLcsb~XR~Jzqi-qf3O$?% z9VE!#*gj!fj)FF^$kvE%0~O(EqTcgQ2K}`7{c&=Tg+x$4fT;hrtq13Ah4|%0Fc9bC ze*ce>#eQ?Of#HQ~p<+`%-_#X{-~ux%p#xqU#oUdsOA}(BV5vnchdWH-;oj$)Pq>i- z@Bbi$Gu})#{Nrb!h5xjf_#+_RlP`xRQ{Z%e|M7ptVu>_JX{KfIS=SFh0xh6wv)0+>G184t%Jk=IzIh8>_s;gGigB`2C@WO4C>C%pE{e5 zTd;eP%z2B|q9()E%eJUtILLCheWzglAdG4uz5D|U+Ud_JF?({X?FKt64A+eP5-%|%d*}H z_;O}p%j(r9V8_LyS_Y+Df@0qa7Cwdg`?-J)6iRs@r6Q;EPn%A_q63KcxZ-{)6$P6G zOy%6x3`y8lupzq(_VQF!ChO^*j$5Nl?;S_^Np><*!`H^FjV6G0Su`(_l&fVRL3<@& zDj){DVJA6mR!;>o_;&~`q)Nvfv-eKmxRCho5azr_u+S^zErefslFnp5eg{lT029yi zu>x}~{6zVwB@cd$kV2c@;o(O?1hp`8rZs{MU-q;aW!QzO&x!4$MszP3QcP z<*DYwNgnpUWUH>q&Yn!G*T+?v{xzI&LQP>TJY?K;=#3Dg8+!Rk$-MsnNZI(4>GEmE zy!~0mVbUct)P6)HNIHeNul@T`{B!cgAh{~TylZL6r)E0gDF<3Rqz4s57Y!n&+UtHs zMG1wi{A>;{=>Z~IZDjaYo@#DB?Axl&?$wj7ONz0Wek=|7^l%wSA0GDee3%c#KwFsL zBGi*wu=G5iD&biFEQjXX!6VfQC&HQkLX^Zxe%gAy-W%Gc!Cuj*L#?4-~-D2Ct3^YyJ7r41fj~E zm4#?DqD5@2+YO#5VT=wY%5|IGpMH*2HH4{8ivKlI;tL|rxH_lt z4Ill!WS?B+_f8L=^~)^YW~#wg`3y|*@AzFWQrl|K6+~mDrFB@dVZOuH)CCYPW19P0 zYwtv{VB-_x2afg%8i(PgI8?XT!k1Z8^}v-fq!CUN={MI>86(Nb5SL!cID}|b;l*TG zsy=G=7Ks51Fi2Yz^`9>f>1SaKyqHSBB!X--$W*O80YkRTOeXXlbo>h*a@Bb$M`1NK zBY$>uFS1Feg}I15W#hu(;nq#q9~%3gT%*M#c_w6HCFAT?CVF@`NdXWUfsnh=kjVD6 z#?#rtxN&rjexBSE^%TNE{^OoMvGwWvU31w`@U3H@P2|(~5Ci>(zo>FX`x;JY5vesZ z1h_e!B0jTR&zMogxI`zgIiD3IhyOjmLH>qpjtw zLAn*}bO)c5=7i0^py`A>FHl0d{sPk(CHb3(Q4;-}Z8TiPMWL`Fob3l*VY_-_5Ub;^ za}{)}@EEN;tH#yCat#tONWf5aNjj_#k z_b%QRq1Xks2Ffr-dS3kX8Zx8ey$9Dtl<1LuKGbA=wk0YM+QoB44oeqQ_02G)PhrJW zIS|GCi=KGrL53uk;g#<#uXD-_)!Qns`cwVHK_SCdq@-$qK>a3VpAF6$YJx)ju=x9U zXTq09AZ+I!Egf`-8;WlaZ}eKJ`K23EEheYm-Muq8Zxu4I2wE*4cYu36X4mYjG;4?RW>cG~OZPvHkySB= z)K@&aB9p^mN@D)|M;o|AiG<~(1|yQ|_?;;xfpOX4SG4b+lg}OA<$hn<9d8uw4E zfr#vVGz5hnIF=@y&<6BL^O3%gpOuT8ubSEsUn9Db0e8lcQoZmC5P9O^$ZNX1IIEGk zf;jj*3onx$x%8-Jf?sXYPxM*}vLNIthMds>=@?Bil0V8VX0rpd{_;dKS^ue;3=TnJfA{Yo5*ag+bNqeo+FadatwblUnB z)cgG(!y$kKDRlJX`p>6GCdiLM$?F3kz5j$J>;q?1^l_b#CkXS=FevgyHr*WmhAN~Y zMEOMV6Ris1{S-dU%}n_7`{0Y((FRr-6MVTdo{#qvJX9wHNYuV`7Xg+aXCTy)fb|!A zD`Si(g3p>uCTBkKFvX~{nS_B9@oNDR$cHs$$JvSg>V7vd?TeoTI%nn_ed#Txyx!g# z?6n7G(gkac79w;&B_otcsc`DHzdUB(uZhZ*%V%OV*-E!WGFu{tR)%pV?ciZ$jF$Su z>#RV6)#@+Oc9vcm5sh_xBcVn1diBPJGgmn(t`Yc_eq3&A)b%LZ!$aF0g4L@ zH9@OiI=?kN4~0qslv6DZLM0mw*54uy3l$@lDTN`M#ODOgxGaR6~2Jvl?q z2Gi6Q;`y7SJ#bpE$r@I{q@-_Oo;VsOlp8a0j{jCRBWtJF{$<6Z?$U+dPk!BSWUJh_ zFT0D+K=Va+EET?vL8P8OVjh;8WN_mEn_6OAHg!=oEc3yh(TFJJ0)vb-SS~^q{C)nu zU&T?PX_@UL39+%?D-rFJp%`~dc0!-QJYM(8!2&#+ z8{c2yF9JT%S0ID@yZu|Tcczv&e5v zGgSH9{0QXQ`4mXqc<4#&cyTFyBo^|$uKkayy#0@=G~53ls?x^PN#Z_HRYtozO)Sn9 z{98(lt)=rKb0yiIkZN&bWv*haWiA4lPZLa4T&`0Kc@%4UrxRWYjXda8EgamGF6S=Y z#%q@Thmd3yzk@@biG^j3JXTjJZZzEr+%OW6FD>p+(u+DXp;mM_V2O?sytgOhuPWH0 z-5<^C2%d&^^XnT@9tu6bntaz!xQeT@M9kn zW0wD8CnY78d34$B-{Ue>!kup!l|?dW@RU9mr=JSlTpaeKVbC1b8wnWJKwlO>o#lMe zf5ScMiNL9zK=-@7B7H!BAiw1`XnjPr7x+~|yFoR?1W*%#2Ua$%hAQ3o*-QW+hkU;_ z0qDkG^kJ50YF_Dx$Nkxm2s?`$mB1O)w|wZY4;I+8(7`_+TNJiL7Cdwf6}S|KI#Nx& z+R)$7bjc;;+0SotT2`#=Vqm2`aEbj%YpQUYT1(#;)Q6O_Zs;M<=_uTeEMwsPWWrbi zJp>bFXx_JifVl+O*tnSuI2T}E$fEkJ3*~LtJRbxLJ+V7qoddr#a-;N-zf7iypFswO z*+aH?MQoC_?vU2)|GR>7RKnY$?L;0vhp8s11?zTB__uJ9-pID2PVZnv0xIvkZ#;HcjR{X(%V=pzZ~^A(_LsIN#BA+C*1jIn3iH=dvo0nWJ1Ra zk;O|NIQKxiPhBJK$5(4VmMq|lTrQ9k_KERg%&}MV~ne$SU$~;AGvH$L@lg?>zAzitu z9tJbV8I7G~Q;sP1I~A)>O2D$1E6x)Jb6a2aHu$5+i(EUYP=BiL50U%h5CH4v zfJrdE?~NgHq^G%qyOEqG>cM9y=^33I4PU{IRIvF1goCcWBVre_~rxu$4X z&RD^B_w**XI$?EAKfl90@yNm^`oaTwmfkvXSsHZXdyH2nx8=t$?*E=LzaMlg;tdSt zvwNw}MMPE!&`5~NHI3rtT^5qE`OWxAtC~(A-FV%KLcLrB;|3tkVYo~za-9^@5+Lq} zPgx%j_lKFgB;gDMW(}w$*V01Qz#Z*FR<2RKz!Nf8($QR0jKF>D_!xQ%f*rGG}*S-Wvesup9XxMm--R*UZ`vIDDxc`#pmR^96tv0*^ zbWv|)iFbN7cT$F7gC(xj^@MrUb((Lv_qkB43-?(0d^S#Kekp`0K*8KRa z8F&@Bo%47A_|a*hBSrYPJd3gQK-@lBH3dQ9%TyK&wAAf@zzDn$62$N&YWL~js~129Y?)yG&s?LEQ1i`#eRSGI zZ_e93NI6pIw|{jv=e{rEP!Gl%fRV_bWp2Uwoput$hfnng>Idd7g1B!FPC$5^_Dlgw z5dX}<9gn=QZxm~KwTy_v^beUh;Mu8#ZLs)%7LW!lS=E!$;9vdMGyJx~M#w^pnDSy@ z5;z!uB+o{84YIhNPF){~msIuze%{hKTISR&im6aGuJX@g3N_k#yc4WfGPJhuBgTpa zmkDE3{>p<9mie{*w%0Y}*ZEG#9jArR=vZ0oZQ`w!{ivfFIw;rXE%<-prVR_+KG`XGdamA#oWYX6FPR`SPokF48w z31f}Pk_1V$9@i(e;jGe~cT&;Eu-zIC0)YS7Z0SqJ=D-CR7!q!HS5g7&7ES$(A%0LR z;N&|ViRK}$zNub_`&OBkPGR&aBnL81aS3Z%luFgG=r6B$q~RAOt@32Q_W|WiyV5NB z{E;@~(w46rfjTcn(NeP3;<)_pUBrn?+d_BaHIL7+qMt66z}65zzmw``3EH;D^|Be_{;$t{~`2<-*dcVjWzIC_lP?A2Z#eIH=fT~H((RE{{ z)t<%e7msB2cO?e6gy=_|7>Crh`fCvM{nnhc2}A!Sk;zx4^$fNAl!3}sVa-8E0_YxX%0397B z$iT08-!#)mLxv7s0)HY+YXer>La3TY6?VZxgNx5|IU&7$l{wyh64tdyv=C_#ol?T4@{54rTg_x8 zqqF!=d3&m}tK<8Xsb+Lj$5TZ9VuqpU-*JiJ@E(tR4Z3AaCx#rH_j+cTjLzMcxwk9? zbo$(NFu8AgaaTapKbIsZE*_y+?~LyG?(z~UE>im;&INr;c??_9cbkab%gZcpKSRWva(=*kG&Zf6>}>r@ z00$T#@sKf~34FYcE=CTDe84nBUK@w|{dn9sI&^DM|hoNDMFa1rF2qLOMqbWCBVo72J& z{MTXFDZOspB!koy7yKT+!@g&i8jg#niRv?*mP4YrRij`brjBX)!6rXUDV8oZ2vhkr z#p|R~7}Yl+R6>Y5hF{ai*En6uf8&g2+Pw9F^I98m+a?z2_&!B#NG72rl>SZwzkYwl zsT|;kp6_Tcl9NF1pVvQ2&@z7=JXm|c)8b7mrx^aC5a);uq0O3XWz;Sv{tOGASh}Jo zsUI?dP89Qy98x7Tub+WDog?efX$+GSXd_KIVTQ)GYrh(Gl7{odz!4OLsQKB4GHuJR zzRjFVm34oAV)QubD`#J{X0D`#6)(*0Pwe>jB=QqCTXqqxj+juIz6iLW%zE=o#Aq_fW)l~J!BnNr; zT$qJII3j&at(28hvGo&9zaT?@U|CN=fr{ z`tvuk52WM+G-NE`ycSx%QG$dg-9%o8T}5g;f6+EjjC0FpEA1H#Xv+`gr~gi+oJ^C+ zm0KP~a{fpX|HeT_KcquGz}~_8i*SCWopT|RPkq=Fc?nZ<%%^+6byE!Nt_;{Msi-~h z>0u8Xo>IOA=6qi5a)G8h`RhLblY|bNfaa@ih7uqf=YzzLSNxSG!LIGP*y{8H{EXc_ z8`qaqjS$1Lh~PT#T)}A=m1R9SHfnkj_$2DpMFb3Hjp=t9&F!`9?v&2Imej_^OD2lm zwaU~4 zksE5$-L@Y;$3eHZG>w76wdJ;3%Gr2vWOil;53fHJAHLr7Fua zMEr*kEn9o=#h!rRprU!S%@0Mj#gN21+B*jKc0HAE+oI8B&M4_e{<5%;eS;M#K*7d4 zcoa!Wy~-;acK_bd2{QR=U*g?yiMrJTcB)r3^}ktLwpjgoe&ssj2zP*xux10`@Mn+; z@VVgW3Ha>eRXhU1cIi-uYKrI?GvB$BaK$?z?cUIsH`2J?==GSV61CDH){ z42j@D`t+v0fQ=4ds%3an|MN=U;=$hn_A+0gw?U9~&CXWn*r>+Z`hy+(^S2r68W^+) zpCJkSCT&eOCq6y+V-eade!Mz-cqYspH${>qv^x5D6ePz(afV*;udP1g4yfgU z4tG|uOAQN(DLu1}Zeud9!4>rkTZr2&H>Vu9&fMUA)&uddNH{Q%DB5S`84#eW3ECcc zHGFmiRC|K@{e3`=U;nCMj<2I-pSq0zNb7FZk$TO{pD%tyFY6kw&1*o9!b_IigD*Ql zOviLXo~B{U-J>&=_CXAIL>F{lZChj-^nS8@_WNB}RvokDH{7-aSm~-zD{JeOVaSI+ zqk95F&FSxc{SXBvo@xbFSmga#FgzGggQj6roz(fip~ws(-Bnv!Tdkbj(-G3qh|z?# zBkS~g_@e(P;Bf!pA;Oqd<5QNL-Za;hNus61n3py!nCd-|>+qhyMaQ`ljeQX<6cG;o zR+ycXX_16D)> z&+)0%w4QAf!hJGrI!Zpoj4QRn0Maf&7T0Hd9_2O||IS7lyt`o)Yh)i1J1UlyX6q0f ziotr%p%?;fWBCNKs0Ebr6AIWF(cWN*eevv>vPyKD_|>bvEJTd)X!p*2uRhl`ZO7eW zdz~zW_u<=toUBPzVA_!D-IW^pryHMoeV zSl!GOTcgHfE$PHm*v?HKR(Fq#=$_*zJbm%}3Ra0<3U&M%$%yU`YSBHXJFjBe1EfIB zatxbG)U3k4L<{&(*Jr*Jw1q+7yOb$#2nep}vRG@qA<}ERlUeSt;itU~4w+**8B&Oj zIL0auaAIh0=ukaZC1FPRf zb)zr}E`OVGcx%)QYI>nLA4BGP@$figrl|Hkr47;qu7U8qa*+~yV;?@r2;T{MrfiRu z>gsUe{(y@{MO7{{V9RCXZ#t4!ruZ z=83va5=!s51_tLKr78VN%qS^5AAEr=N%#<#`h-pd_beDjez|NMR2scg$o3z6anAv&2rde9KpnWGqDez?}hi<0}QBR9-?jkw|; zidKl3x8N^#VFeo$;3P!%e)X#TJ7(3Ih4@d!zI*heU5gb77Y2%j8dC6{TrepS{8NrW z0z#X0CMCb_QBikYRpt0n!C*arG55@57z{IG8K0iSK)F z!a?jKi0Ld^-KyA75$8o2`LEK9)PCP1`k`_IRE~}-7kh)}C@i+S>)>_Tcse|H*an)- z%kfzN?bti}wA=LD2}i`8ml9#VMpS;IL}EpWZ0-}L6-m@F{UfBELGW0U)c1u~7;g1_ z^72}?a_gd|rr(`M-?0OS#J=}W*E{)V%Mh!QrHo`(A4#@fdUG^f$j3gu$ZL&kaUNc#h3@aViQOWBpsb(*J7Bes z7eZH!f$g8k9krVvcjD>e4DvGltYcn8pRUQ1tE%*S-_MSz@yS5kD$?1Wsu;a3D^zuJ zr;eo}owA5mf&m?>bo)7mwvBuF?UU0%+{d^oOJi-JQ(lFM+mvk7SeeVaJ2kO=|Ecsk z-_9adVSB1wwittKd?Zg6oPmJt0ely9HbP)9MUf;g)WP;-zi4YnGB}R~9qI@kH@UgM5Sd6z&)mALVS3)8fa&P9BNdF!Jzl>psJH2PNE*p!AqH@v=F_d@P?f$-Nr#`K-T8`*?N0_2IF9g);MT zK^a%*xdcn7dVf!MvOadG8>wfJ@%{+D%N~4tQ_)hFQW9?Ls=4r>cgksJy{#(iX0C8x#Goh=M5+Ny*5zaB z`q*H2@I+BpSPJi=s{8zOg&R{+Seak+7PDh2luO@s9Ro&pZajg_?qlFf#+;Ti%dm6d zcWxoRetSP~odd??gCtD#{VV(B;=^nfOdUA4Xby;u;2|*!B09gBJzb2vVML{$txm)L zP&{n!{tPlnHEA1!rr_@CVTl{S>p`39zPgybI?PTey``6cNRqDst9<-xV}R$|3PzAw zXnO}3P4OC-fijtmT0-p%jGx`Jev=hXnW1=_ntY*3A7{smOuA95oB7U4BIFVpF^Rby zmeSwU#987hMsdN3m2J#}R~_A|zj?3fi>Jz`_YX@QS<|v*jvqPjrUva-b`n824MM9_ zt{HBo+b1&g{yF6MNdq$x;gghVs6)@r{e!CksG86W~BBctKtAt;^4b81ME`t_d z-cbI{lprOzW2im*lojx!Gmw7@d78zMSL7lLnq&R)DAbvna%PSI-vOe}j=Js!;)@i0O{ZF85E|By%)XG^05K zSAUtE!;^pWU5k*fFzV^2Z4zP{6j!%WMo2tOZ(T1DwjVf$qCmk}14@Z);bIMz9`Qn= zhfkVeSHmCmXU^*lzbCwIyJp9!Zda1S`_EFbkxs{w&n9%K57bm{7 z@{*@SXBu0Q8VWE7H)~9n)dKm^>GU$nmIxG zw|Z_gDwYr*Nx=u#H1t4~s4^=v!4(L#cQko7yXiZ!7m7LqfKf%7J^t5=twZR@wS~7c ztm%5$TDxP>s=Or&-*;0D`o+jMx2-UK$wWw6=ip<;^Rv)?f6iQKPn#!j)5!|5;_Va& z>6rlcewI$0FL?IekANy=l(44?S10I8nFx-t_0Dbm8Ap1krkHCcs}_wk8?fdPt0FRC zqr1-cXj9dQ-@V)U;=;cb<0nJ5xg$$P%#q{u1nO5TsR3QPq5d#@1$HaLm!Vw}Y@@L0UH#udn|_bXJZ0_o z_vhGg#jsL?@2I+ifbtgyY|!PsRnFuYC|sI;WB6zgCSR^qPP?X;nT!k z5U?vA9N-;ZN%XDeI8K)P6olA5bC`19A|LJEo{m=}=v0X&XaP|Kvc=P47MIa6?~voU zqYTYn)L0C&vkwgacKN1sjugV5?1KNG@|7zWr?Zi$2kAUHtOgCiW+pvB0J`sQE*7&qk79y}pgExvqm*MF zQ_SqEi=~aXp;dyosr;{S3ZdXWEWa!S_`&ajUd(NG;NHD2RLJNkyKN@WSW(#aT9#(J z7@Svm@@fS8>%>3!c~=~O^t6C`%bzyI415Ri<)u}yJ zO(^pibjVuQdTTiNA>@M zDAC=xB5c54H=EHeX!RdXlZk5v4J`&O?O`JEK}T=;yTF&xj^U zeM%ujZ57c@o^gfjzXC%3@BGha&GQyd>S)RsaxNf=typ>+bA1^K8?!tZ`oI(7H{??S z27YQa;n6DU$;+ze5kDe8Um+7`zJtY$|uyui%!?asTl~&5x62wGWM!q$$03ydyv= z*VC_bh(P*cQgky)&u47LIk=ZPEDPj=AU4Gd%L>(T`e-UfMz!dFaW{ViS+pwfg60VQ z?#m@AHZn1YWW3^-oMNpRcn^|j%Z4Tb_+=mdQ z%mB4XLhJK{pZPs#%DBA(Po7L=s{_`DTx^!Hwxlwenv$Pg zl)yQuIHb0%mXdc^56_gNKT0C&H_It&I07ekGo=uvW>|Qu2UGYKg(bb%?DPq#->mDS zqUNzz2kVF5Q7NA!uI>cov`Ks7-9OIKBmIBX0T>ZtddJOr6y zzT@_!;iqilLqUQHR@B*Wzo+-^91p_l1eh7>K2`j#r6@a@Sl?@GYlE!zZ!oF2*v@$Y z>qgy64H`}J_{z<$IjLm}%3nN`A7+nSmUp>kky-=|nHy^FPO9z0wk;{E>gLT26aH>Ejqtp6v2g20F3tyM$sg3d z_mRpRU#N)0geoPt#+whDPP}y3#=fQ)iX|T|2MA*OipXH4)DxSdWiX~fs#jS>gS&v~ z<(`(}&ZJ($)*@td*#l+XW%xAvbQ~mAsJH%@)$2`-nunVoGOA5~$SVrkF0NWRw_ktY zCB^d`Ubw4JndxF{NQ&A)G$$5OaxLF|QX(_EHc!kktLcZ{P7)k+9)NE>%%o~qrkG5TSr+3a-!%oJ_`y;`nwriTI9Q_NH`&9o_UE=)r z)21j~m6yD>@V7g{)AEtCZ@;l6I7~iAey6z=Bcef0$e?wLJ<3~cnR}TZot#)bVNs75 zj%n#&>5X>TO9hgn@%@pjL7JRcGilRfNTD+bI znJhCG_py5bHYU%s&{394_)rl`zOKA>o@JU4J&%wLrttvzh_hK6vLX9O(?&`g^$##D(s!@FWLZFJ2L zbOg9eFaI#k5l4l@cfQ#%XcjV|Tte>4Ji}C)hAq%`Rp&6F0ck@KQiWx~&O=?U=ww{W@`!vzHFyW9A47%^r- z1YVhu4WmNBqpPd4XX|+#bs&S@E$e+c1*kC=Meex!@`(%hZjilrAv9mQvf^1{3a$M? z{D*}cb1;=u!heqeQ$rtA{6W10@VNe`s{`^`zwh?(;_3t%611UF;-_^-%IC6=Z`j9w zPaD&1bj|=@rZTR7-R56K%|nmGfh;}g)md6{%4)Y$yA?c+uN1cFBOP|fR9 z8Yme9`>RYOZs5uLG3(rJap90tq)_86@5yuUHPP@I&$i;0_q=X-T z9}-;FlPy!C>-;d#W>as4TW|jz-$&m+4v1467dexu5y@@xqo%r^ zr`hSccR<+SNrEvkGa1ChI;h>}GXE=^m;mG_G!63%&vkLZJw?#@^S~kBn8l_(}>HBlpyQ6t@ zQ>_aXaf{#|7iN)kA7K}CRPbwz10ppNw#Q{DN-uoa6Gv2F;r_iVYi{$utqK;L5niIF zQ)P6oRB{d?R9s7pGBcF#a*L;V-X#Wy>YaUqC&lel{239=`MMD`7eja7zB5z`h2$5- zDj-)n!Ik>FR6K9k1fN+0N}p%=o{u_T&#R2j>3hY|Z8w9*T2cGcMpBJC|Lk!_)HM^* z6f{RkBv3yRTeqV&sBz}sCI=pG`aFNd9pcxc&cd=#8S6*uU+0Ak?JyMHFOJi2%j>Hb z$Ru@CS&i!02#;QQ&MOM;oEqVL5CFT>t_GD@s{%i-QGINvgyHEUmM_e7pd%5)TL{bZExy@RUW>kbhPWo|HpkKN z`vGHgKY5<1nbF{4W03xF8WxSxA<{}%v(Kz_eD zr4bX(8L!0DmqNt)jt@2Pgz$jGGC%4ePKTrn;27W9S?;up6g;M}{aE}YM(m~nPl{Ye zoQM&N%xzIsIP*)r#{7x^EfsRcF0n)pDwgPz1y|_))GkMa4o85{&Xaa>TQ4u)!~84b z1zNS_sCYxF@KwQ6HRf@W(0KS(Fa6H6Z{;OeqB7XZdZ>P_CK5@8B)OG^g@(-My1r~} z3PNTyuA|!KHr~xQK6M?B@$EA#@hSNKmMOCyLjq_TLmFJwf574xaud``<=!fYDrO{M zLJsI{ncbQXFIX(k>0i+NLHmCf%5YL$7v9gT3aEOGlLe-3z=1u$Fv>`kdSLZ8yT=tD znX9-U&P9UxRYc8rQ^6_1BK|h1rSbd6M*S)2Q?AC9zLcVOY%5oA-M>W z^g@t;#i6*6OycOnn1$rWf7fXkk$>0k-W`nJ@9gZL9~8BgCnV#}l8(uRAe<6WF6Qx& zdZ#_3zzZBmKwzg-gp&b?dG!jq5RxRYpcbSG$EFqb>W2pn^t4^C7FteDe?zIjLxLV3 zj1~5Fs>K*V<6%UE#DxtCn1sJ{o)ni3lvr%(Fg42hkJDF8#S~dCwbZhKN^cAs3{uY3 z#=Di!rlD&w32iHgedB^y@!h(D*#1@!+X`Y^LG0TU#6&vQBAC9G>f$vSA75h{sh%z_ zCz6N{cRRaP#oj78%@z5MWixX-7l>zDscb8iZS7_r99wbCzMCelbq+TyuN`gWwXM9i zmDj#KdCdu71DCP$LeRggoEDO68j%0>KmV?C#^gYJ`~~wcq~c0vhi(1+-}Sqlf5*_M zC-`}d4LDh+eF3s#M1~{|U$_p-jp(!v)!#mo^)jZCYyh;*|FaioOOY@6DMq(Xr=bV@IO<~XDZ@db%v_V!=2#w?SL zwbPxx{nIcc@wtwvshSTE0=n&k{5W*jbQw~7J)FW1EwxpD9pl?+UuZn#%Z#iau%4@H z!4eR2d97mKVu~z7ZfK~fdJ!q7w2zl|I-4T}53BW%Bua-gHaYTD3rDR^>!7%y(^x9P zN<}dTiT+kSyPU)!;RH5>LBtA7PKR3knxpsPej1QziyRWTSN5uyctXNgdLu4>UwSX= ztQ?W_n~i8#2|Uu9oRD}Lv9Fexz+BH;2E^MfmlA8&#vQtxASnOou(&jqK78nZ z_|U(*Q((a#{kyvvDEn#AjWZ`k6c&LR;0rCqmIQG1?Tie~odXpW&qs7nDY`G70@htK z@S(^bF(+X)hZKyL_8-d}FRbiCIuGGM8_E&n=i_!OIh${vR&t(^pm!@X ze;%3nOO-UY^72+*{%+;vN>9H{2+Vtn3CxPpj>X%m`xR}Gdz7g;9ggJr)ZKL}b8ltt zFE=x_zT<-ZXM zn@LDTjdCg-RR-$MASA0r=CulzlyC6YV`j0`L{NY503BblRH8E+2P4AKYZg<9Pwz5o1Nt=~981REKORY$ zh~Dn*kjhbd*$UWrH*w{f%#^Eox6?u|p^r-}NQhXB9_esiPh5r$|sURa1(!qdmfd-s?mT76ABqCT4bWO<(pylM3<2OG)fA#Cn zt#POjsorr7cypWqt|tP5-bsk4Ca`y=py{&`@_dmU#7V-0YIQOle;8JwLZM_R07jN_ zQi0F%aNgNMAqzZ!3={y7`r^R4?zV1sNxZuQ&=e(1D}9bJzY5t+JYDRqw0e{-VwtTK z%oqHt_YH9O&GroQm)nHuA{db|&S2{vW}oCFGJ6lda;=v)vbrSWB*K!$`7Nam`<1r~ z++{WBIPWi?`Rucs=Ao|}SeJZuQ?G0$p}`eceZ0oBHL6<>75`QHbH-<{%%y>_ugK@;j0es{ub{@(j|QHpZ5b-h~(iejgS#ZHS*boYxd z3Na%`VR4+(;I@>RO8wiR=?!zMtByOjN*S`p59kaVRNsK{=AO=`0p35|H{5x zJL*1wS9i4!ADW27A-cQ!+xGbqp7O4;Yq$z={Mi3E!aO7~30o69juz~r-EOxJ_xIty z?RLBP--Dxr!@qU*+wH^l(caNs`)}>;-d^|UZ>ar=#|}@bbcesS*Y2x0xUb|<3-V!% z#{}%~0`-1GAq^y|U$pC}bw*$(Z@sYvQ1ebNVmd%L4p9r@Ek$dnCA}7j@nu9p^qBF| zHzgYen71-%&=oHhHR5Kbn?2VBcU=DuFBGUs&h(+LUv%n=^s6<=@~9MRQh(!wnw`0a zF0l+oyVsrC6^+9l`Y(1_8xx6@w%4m6qe6fi_aL71+x}>`b`iHQJyw* zjT6O2=)MK^tfa>PJz^tMRPKH!SKB=RJ=)BOr%-GbQ%|!kC;oo(fN;Xyn z&U3`@mR*tf-_|yCSI=xCm=A^OvKd1Q7PqcMCau((&1Q}(@Jk%Da4JWP)4yOnw630r z7G)WyFeg}NEF#NtjAeKMPa`6FwI;#|{h6~gfqG3;SJE9P+9GA%4dkhNb6Zdm;SQ~Z4nOfaJcnT_00g(BF91d?%M>!!sQspcu06%FYRTUIAx)+Nw3;K=6t$t181p1(@Kq)&3C<_ zydB|~0TdN2Xr|aY!3n;k5tWpP*74~}!vuv_k`B-ai+_=c?eVc>=Ms)0T05rP|E~a4 zu87j4y!NcRUG>Xj)#R26soAw|GY8RQ@*h_OhL(eblmDcYlMvO<>|ZBm&jiAppfMFf z;R>DV^9sY|^cff9oQQ;h6sfA1!xpUx+oI~598sY^wqPa99iI2&bFcnN{@)srXiSGO z<76{^%;Ep-!*(~%|2qfWc4y1~@8fxZPO+4P#{x-)^sJ+s5sA@dN+Tft1P51mNJOjl z0KHYju0%z~r9fgtq6jGkAB~le3x|K4L|D>mf)Xr8-g_K}wFf9BLw%h1Sf`#MA-bV* zg#On~3n{4%u^4J9kWfN6ifBw)wbrxqi*w01sXag^Y&>Q$`u*e_g_Mh0Ye?lT{HwvQ zwJ!hSyYR1lF&gfwf9y|j9q(ohUE)CPc;IPS`=KRnlG+cgOMF%Pp(V#j?T7!VJwU%> zPFX6@%V*C;t!2)dYb_cQysOJ`_Gj$@QcK62s@8t}^`50_3s}(Z={de>%Y5y)Y&hr|NX4YQ<0Q8U69j2rEi@*Q)4)TXQ3m}cwaa`!j3144iLtUot%=Ua zm|YXpuX2A0B7);IQ3{y=jjRvHG1XAv59_vgWggi1a&zfU>4o%9=e zRQ!rOmqFM^r>PjJFMw|@!D$D4Rh&!A)f4buN?1%{DPV7*F*^I#a};QeMO1=@QU7XB zC|R5Eif**KnCV8Kt33gxRKoqf9`_Z4uN=ly{4B-YrggcRdhQ3qE|$VUgxmNh|yFJRw0#O9;-! zXALrs8d08wc<6u3bj6py}I!e*(rw5X($n5yN$(?E)8%)k(nV+9}*Wz4`6 z%~S*ZxCmb#fqSVPIF2U>j_F8<^718#&GJUJp0P}v-YX#9WR3>sK4iU|pU z50CIQ0THq=>|KA<<*p6h1i2<0N60e@J{D;(Qd#UgdaJW-z7&!weh6EO zo@c`xVdOgvJr*%yX%wp67U?r^J=@x=2nnh-1}f1FlrlQ3syPPdJDA$J!#p_y0lEs6 zy4{Fg5fAnjIwKLe#*uX;m@)kR;>YfNSUTRS z>TAN!P^Xs<8=!uGrHn{3Ypkyb)hCpMvug?rNaNO=yQ-ZUX}{~&I1zSf5pB75;9j_v z^-gMK84YsguxedeGuH%U1`0e$<4F`@6A20EfGPwEjZnKh!E4rA@0!5JB$h3t8trAkmaInxMM0vC?eELlI2%ZXyjQn8_a z;rtownW_^2sipDXM~@A}J=B*xCHahp^9e||M7ic;fq++_T&4N| zD`!acgm&FT2AoJUIsI(?_U*m{o4Vm}9$@-ptDmjbFN^AzBljhTT3#Mw7Sh248Dyee zpAkxG6;7Y;HIUuBCoJX2UjU}EX|07S3Ci)@N}9^PR+Cls{nJs_99r^r%ljZAK!HZT zYQ_bI2$U!x7UCG3t^9KkTqQorlxF0sT}yI4p(zo{N*1c=|2qHmjS~VB!UYwwN=Pu# zKbFrrdb3nvMN0%RbXvjbS8RTY2tCf;Fnrz9tW4)t`D+S^C21OygnApZkTk6-)pw9& zQkQci>l^E!^&}H5IZh(Lz2B?GijDCAPR|Ad_1=;&jS=IaelsFb;>C|BtlZ!U!m2@i zE@LuEK*$tUGO`j-xRQrFNz@lZ9l)~`C{6~1li10@wvHlNZLz{JBDZ*)L?CivbROa0 z%7E&uA5?f%1;XIEri3g@YrZ^NZ3js>y;jwYUmhg_T~n;~M9#uAQ2k&OlN+Pd0V$ZJ zs0q2H+2u1m{4?X;*N1^Mlv)JN98_(^df!bY8)KQ+ezl(Sirws1~((HjcGhmq4j2iEw{G%ejHQZSn`Z;?ztpD z$7ahmI0jieNjX^H9FuV{QQ!+>d<7a+!i1oPl>!enKt2-ax0gtcI7^301JNS`N*Td4 zi}Vr>G#-=Iuw{w;ki<=QK%gW;46xFm4vl|52T##gqOw}1MextMt zr7bCalL#s7j%wS<#-&H22$kg(LOr;>cDvnQoo+m~w*u*8w369&HcvJgj9(q)+>pyz zR8ufZtwT7uh|&dV=V|+Cdm7)wa9)p2UY?`#0LMbxS!_s(-CPy-%Jb6yVwZYCz!i_= z&2V;*#wm6|K^3IESz-lj`PMEDmH}|Sx7&>d%)(#=k<4SIe%qyZhmT3qkSw23OF`@LVVbGvyU+iR+-h<3*1T26iE9qZsVdYSDrnbZmy+ z$c^0q3gC@XA@x$fB(C^Oq~$=;n43z4-!J}7tRx#E!Nw$Sx-@dUGl`l#+kRB5hnPbN zP(G%aS8Gk!t?YY`$*AH3rr3w#C`DsE7;yEZEMOTdXhAHNG){dBu{+oV2a%PIQ8F`; zbA<<4?YPnA)U|noa0s^?Fjs-V>DbI7!X2^AE(hXA zMVV}`u!FS1U_V2`x#U=qq28_fXT%x^lt!$Nk#ZOVI=mzbkwT`ymD(un?g&RZr@w<( zA|(dPyJWW0sqE?>B1iZi6K5v<$kT}Y(-Pnt8vQ1S_=QAcJ@WvhQzP9$UJD&7$&C{M zNiS{)iWs}nC&f_&##1eS#S;?&fXqpQw=_M<;8>cZBe6b9SJ1OqtzSGGX8Ni-mEbzs zpjVOg0feJUG=KspavEIartMT>E6zFHeM~u5e8X@`#_5p8II=Cn%vm>q5*U|cgs-V~ z7|0}x%$}m&O}D{;3aq4O=WPyAh`tn?IUvN0k8z~anM8Czf=QrdbKNwQ5yrIl7C?*1 zfMzBroFtrKE&l4GyeM)mFGl3bLl?4`XnRCNubmyoNXANkMnfWz$-xt9c^#wvNI__b zyKm0*GT;!4qlv00+_!c#p^-%e3N0V>XxdxdK)6f*-9YP*oFsSRtATRh7a3|Dz#IyP~WJbdBtg}E*7csK1TCF4j#uP$?_BQ7v;Y5&FYE8@8>|nW@BjQWX z)_6J5?BucHLw%V2bN4=zR%;L$IrNUOrwoE_wQpr2T!lo2XB`j)n9$~j1z)%%9 z)HdxK_7$dJlQAK?$Vd@JueXgjD>(Y?rD1^?z}bjNtf<$vsqG<{6NR6Vn#RD-8+G+W zpySh*NPBEG&}AxtMJlr0wbN_N_poBz=0r6wO(G0T3B+%IP(VXB*jRAfGO|7x9yH*^ z3^pAw^Yq`akeo6u`_`nevjQ=MzPT(r^jFhj@oCU&+ZZXWBf&$`TE+jf%K!J*H*e2g z{`A}1mv1)X0z5DNtJ`gt{Qr**w*J5O@jO7_o<}cJV3a?nG$fF?96WY^aoN6f5#qdh zwUcVC(?Ty8ztZor^Z^ZaEK*L; z=^26yL||6cJc119E$UB6+16Ke|4^Fh7+;xmX;#34pn0_yX6&(n1kr+(Q@fRX;^&T2 zTi_%PP>3bY3&YviDG{pQlMxB7GRJF39448YXpn(Hh zz~YoLGzK?eB{JwDr)S!Rl3*i&Md0a!9%~6t{p#<0=4goT@2TMbj{G;($87$8(CHp_ zit!(Ndt3g0FV6#1$vkVdms(L1m1#QBLP;^FChKg#v3V3(?mF;XyOat~2SiBGK<|u< zqdQXl7#&J=w3FlAieLJ%BEXt506jf|GM#MFI~@e&Q10gV;w~ov;~|ZQ7tq%3j$*Nw zkT4ajH6aU9NSC0qW5%J+&aG}huz&ywjS7ND95y9uk~s8-Y*jbUqaC{N1~hFbJDyc! z^9gKgwR5v4ZZ1))W-qW;ghXN*36okh+rb*8sny;gty=Bk4U?qjP8+yHHyEt!W5S~e znBS_yV2s(T0q2;U=z?I{=GuCqs&g`kz&F$Q#8ZC}^b14j+nlp{H8kwWp;o}F99OB( z79SRqY_zQl5VcM@0Ubk7sf4elPamCDr~P+L5r8R&YLvosFhKYpMJHwS7C6jf>)RP*HQnb_F@pnfJ2osop0 zm+^qrYW;pcV6k8ksllGDgdR{?sxslCGQnmaTZU>V^AqM4TGg>zt{q*bWfPZ~$S$vr zb`4Tc)@m1uaNoIa8M)f(zyly^O#O4A3hnM_2}b9l$}ey;ONJ|IK{khw2O9HxwTH;J z-l2DA&tE-1K7W4k=J@sV_m!BcP77SKO?Hb-Hk)uz28=e94xo8 z%D5{+2;Rt1@xP z>{?p)T)3h!$=MLjC3 z=t=8Vf%>#{TdUbf_ow#MW0c*%U^#|*?Z(>AwzqRI;OJvW@%&a29^=RzDy8~VX-aW@ zYFTj0iHNiYcmE{E9KwN2p~G6?_Z68Gk8`rls>3?jz@sPAH-#<-sXkgT5e?co@|vIu zK^of~avPxY5;%L2e0KUtVe-voX@8pP#Tj&MlLN@%iwbKBYSS>(o zpa!VM*6;VlsJ5B)kD5)}!BOj=)wX*d$qn_%C++whG;g-u*EFVM93iEskH^}b-NUGF zQua1Av#%w%lIvXfMi6R26Tf#|^&`kKBKZ1tV zYWw7OpnEx-(u?PxWt>ac0F~v?hDleU(d)X+9hjqLbHI2&^2f`ZG(DdTKjie~z@7Q4 zogcg&6f5SO*~pF{NV(;n+VY^;rw?`jr^EhXeqJ7+F&LbCz=vAGr9FJ9-|MsCp5ofC z6auXK&WG1n2BTLx<>nYC@AO&kd;Omeb(|#N%BAHlrCjRU=;~$U)$bYzT6=z*a3Ubn zS?}HZVviSgMm_|EyJrk6na5NsLpap1hw5Zd#0@v?|6C6%-gf5A}y_j$kHk@0- zhziO0r0;e`<3VNvib5g@AJdo^qk<(~)w)vTjl-h#_TVgvE^%<>+=fm0T%i(W*draq z0a;8yyg2bWr?vvUJAvdT^e>kM1lH3}Iw9Iimk@1=JOCcqyI`ZZ0NLO{khRy8BcipG zrb#uPC0N^Op|=cl4t>mF08@LjxrD>mX%sqGv=KHWiywzqAJMvGx%))q~7`oB3Z*px}J{ zQSs+%eMJ2hJza=tie*)i$_DIM}53%!|i>qZj&oU2ma*ljKe~tW4!=j z#W)8R-z{u*mMP=>omtI6-|0_vq5pACz)6*d{*P78rXP{@>o0%x{rRW$2af!UOi2Q+ zHy?Fa7t`)>(`N(lSdK}64H&%d{8*-sCM>B4#^P@8AJI#lzo+!kMqPW^!n_A zyyzWJXjzS?q>)RaG zm3m8@agZ+6a^ZA1BphM%C%Xh!6IBtV+Bd{+*#-gTyk52KB=0F2XMVH!iwg^`tZVwO zE`S8^n)WWd05X6eTlLQ5?glB~Pj>kjuHlPxTo#)#^hd&TdH#s{F9&a!Jk`FAbAicR zbQCaW*?k|LroRp__69$@*70x=s3ZnP@fHs^1;=%_wcmQ8IxdJwHu8pNVH$7}30FWu zqymIwU#40xx~AA&sMt(WF-kbQoq45VNUoa|Taitox?5~)r-kepYw;86J6DXp$#_=2 z)AGi;ubYt>4I;?GlAJTHNuxHgaorn~^QtoY`J1~Dd2p7?%|B8orE{wehjHO4g^Yg1 zwdki4ToVWvKeI&Nfa5j$)$Xs0_xW4~;p$xy8H9^==F%jtF~U7z0=itMkL{H-P5{GP(lb` z<&wx7LX7TL_WSyO|L^}t*sEsDObU`B$V;E!XH}&YY`6mOyG*z|?@y2@^VG zqCzS(P;EmVP)=^Zq5@|dp6uY7&H_t{gHZHk&U(fK$2Os;2cLF4Cg_G-LP(#ZF`MpD zO-cd1CJj_7q=!=+`}VRN)VcU&JbYB@mv8Pil9Kz)oEdE0y%B|WTy(MVQnZbX|i}O4= zdnPnajb+a}9l}8puaJmh^Zi4 ztzQz$Wn5%;4c#@{t-U9^CVN;_!Dhh2-Ab2^i@dYQ1dpSy0BGMW=4%1j_c;3MVAlRl zUkTVnZ>z5a?419VgBec$x-Ikvrqa4m+aN2m1=ws_X6FI19U_u38ju?#NWkJy)b?8F z-An7h_rP7Mrx@9e?>%yv%G{QHa`sF|6nHFf*6yvL(&x2jW=HV_Xyb66OC5}k?Us-1 zo?ol|F)anNb$e*H_S%1M7>Suz-z$+Yo8<<)t4JK0yb~^pjmDA;LELptk^L+p&B$sw z#ij2{paX&>$nBX$cZ?&52?(v2mgOArZYS~bacXhKh>!YY+hz9A?nS?7lpOo9a%!g< zr&9mO#9QBR?EEso&C89Q8H&-T^l;RmkAAWs`nRvnTj*t86v-k5%~c~N&6e?GV<==s zqf|6RV>D(;f>vs61JsIW&=hnC`2w<=wXsdaXX z7!O8DSMXvAbvyz%0q9mGNkmR?(rbu@WUK`i9WCkv`IN_2vanNZB5l}U0HnfFsr2Mn ztDZW!=ol#=uS5$(gX3~W5x0^cd#8^Do0J+9_v{!%4+JBv5+Khx5Xd#RGId!JhfO#u z^{2;p*N|MF)<;BNVApUGx_Ti+OYxnzBi~OBF@IgroVMmt<-UD&Ud$+HSrja|h~dyU z&}Fc+6o2|XPu#C(5_f(!^RisSt!2tVAXd{iW+Ab84fTPTm1@eIaI`dTmQYg(`YysB{0pVM`Y({^kcJo;jrQhMaq*k_bscvqQY1V=C=9ej)+3 z%B5SC?y!}ov2kUk@i0=u(#~4i&Dhh>oPVO@vlhWhFN7Yz!r`4>n*uGAfuP1g#TCSu zrSgW*p?7PAm;Y#lugy6a5FU#gIR=~MXYe=6crDXy>X^h^D zbU-W)u69g_e_oBY8A*x0oySDUD_z;D$y)h+hr`h2;L9c9%Ez%S7k0UO8L>-y771ph z(9Ndr?*259|bF zg>_739vtoIu8%CLgoIKas4Q<&Q~MZMr;v%70;9Nzh8I@c&nMUGgE~TEM5REG21~Iy zDs9ZOKm*Jzx2>2^$QUxkz?#DJ=5$AY+O?Nco@`8}-UTPQU#PC=w};-@g93XNv3PiM z)jNN!J@dQURWf07m?|vo8oAYl_QCq{qaPbN*CjJc&pB^xf70-Mxhh7JJ~nTBxI znceu8I~%q6XtAfjzqO)O%#ff!ZQ76w!u(icg~j?>VtXRzj4r}Y@PQFO$lHk=XtHlhYYrm8!ASb%c*y67C`nNwE$E-NrNjQ zMK16r9zxV0Cu=cQIC&7e2T!|N5SiYh?-2|K8;3`S2RqixLx-bgq~srD_ii<2eG#tK zPae4IS^UWKw+<^1-T@`{W;^+}l&JECg`{csmIj!vns6lEG-u*Hdnb<EL>yH*BK?G`TiSVLzNftINiop!FJk z@114>!kspQaRE5HJ6 zWV*YQ43z)US*-1zl~+(rifeb>fxeqUaTdVM9Yte?Kw$>hBdNz?rZduvm@Mrc}*wb4|%c6l#=QB>a%)`ha5PeCQiABt~<3W8ize^3iJ%r z#zbO;NrgpHF_ zl3fLd*j*g%fp|MfNDtNP`s@tmMY}47@P-o{{u)P<9s&WdhCtv5sGMjN3duMgk{;^( zOl!zn4|+<^NDyH<*3RiY^bDNoYp&W!goQA;cA(XeSs8j>UeJi>6|aNjmLjPW)q9Sv zbhxVq9w$kmW90qxKULx|qtdM0JhX?G%_T~=O&7rBdY%{J;v}!eeGcT)Lvb2KHI%K_ zo|$4DhN6F!rgXKbvLBXNNJ3(niiJisg9vTRxZ{y`PYfC&H0ZnJ2{M4K=+I`TmSk2K*^6D{`<}l907iN6C;zl&!-tvWG=?N+2=!O z{ijAys8j=f_(4Zw|L{ZR1gDdNnvGDO&1OIt>m(d5o0mV)I6T&H*{jBNw3>pY4Un`g zB*tIMrUN&5{>OXyVBQuS&c*mT~vFqPtVeiT> ze>1m$^>e#%b-J2njJ!7V)tkZCo0geO&oVV{6g~8@X_#A9R5b^!wM@yYCt%vU?%*gH z;f}}r9o^(ZfmMMAsMTtjzsj@LLj{U~l2zq$vzcoduu?G={apj-W@a{9_b_PLbm^60 ztKI|vwm)~m%x~wP?xi3Zfxdu-w$Yc)UF zW_F)eY_gA-{MS=*aIcvL&%CH?d&h3ZnN>y`62#_@hP3@p3ZwUDclK}WxM!!4gZg+z zwEOb-s|tX(_YfLqdSe9Lt<1y=zRdaxBeP|IW0G;&a7hZRRaX0al;a#kL*Je0#pjf7 zsc4uSRN$duF9nW6a}BUP708_@PCH5R&b1r*`d>)Jn{qH0d1pNC&O$cU=X*Ao^Sax* z-6gT-F4(m3!Rp(=?oP|M3g*(qW-54Qh3hSKa5>#{zoW$Nx4zqfJA8w)5-%buBm)|o zG#?NplTAx@*r#psVzGq7V0rbgF`Ic*>hNWfEc<5wyE~bj+OQOv3A*NxNMb&;_GEBo zsZ6cdQkdOPlH%PR)I`UH6xD96H3KDgk#I`V>aw3hqu}VE{T%fDB076RcIAhcAi5$e zbRnVHoa5#NZJel?UDd8vbauy$y9yl^u78(|zY91>&B8W_(`r*TZUA_Gn$*R!dE`^0 zqFqA(pCae0YJ90UaKH7CTsMJTOpO9J#dq|w7Vc2WveawLDNDt)tfKl_t1O7UBDc7l zBt*}^g4@grNmVpYGC#}2WE4$vPVBOnxvTHp8+|XPPI%~us&HHILafS#O`3BB4=>s6 zK~pvp1sG7hv(=l-<+-~!T3@+BQX&8IEa#bMMJ%{lw~smU|K48rpdkMr?jLlv^8bB2 z{=s6e*7TL}90LT)q|Fx6o0pRv*#Lna>b9P=I{U8WY215C`%C1G_xkL#I-OS6^=US` zDP7n=Fw^eTIzpOwidtfcFRZ4w()J_ z+s3zzZ?f@_4vCOGBu2PPG|oq=^k`zLlVOUI$;mhyX|hL+3qwu2XEU?d!0_N-D&N0 zpC0W!ZML8E+U@#RE|T5rGf)1T;BmBWA9LitgTtf4lKgjcxRw9zP8E8LA z)dt}_HOHSz18OUlA$oldD6CDirh{|f!D zLbTY`7q_pd49?O2+6PC4`=7h*!=tVL&%HcZI57C<1z6&U4NW$Fuus!4B#P=KPf6V? zVx1-^+cil<6xo`$)#W_5zG>0qyXvlf>#wOnT_WRQ-CmkO()+Z>y?37CX6$ zkHt>yL7}!r9eClx5CfNEjl%sXkP+g;2V`$^u^bKF-`zpRstHSVI5^xH33*6#PGGfX zG-?mfW7;Au3#gv~PiL^!Il1*fA;C(l^CWwza!noD+?F7xOR3_ucbIT0XLu|L4a(Gjc51G457ph@t}Q@-w<@F;E&{E4S-Q2qTv#*TPZ^gz)IHjJ z>JN<+?~{R6Y_<*8wp&qNV=jGNEuWmAhkU_R$qBWZnT1~I3qsz&vK)AB z5qEbwD53S?gWBa2fdg`P*Amx3%f=^1EWlCk!v|eX0d{u>K%Hk7B%50h6+7^0RPjqq z8!iT#rBc`%$gJ;{zN{$&oNG@*h(Nlbf}n_~r9-6+B7;pynTCmUPFe#n{bq8?Eho$-M`zmk$Ca_S$_pq&aUm=P!B&- z?WT8K+iCsXJbZ1Zy*;_PHbg=aYKmkD%8nc7{_Wp`!GqvSq$I~lTkxEw7Kz8;H5d$L z<|Cu4$rh?8%8Ajhn7$lG8nT*ew*>{5s77dO{OiJF&g=J zEbGy>l+=g;DT2vm%T2;-5~zIyOe|@lV^ZK*G6`e)JMonHtQrcaX2ytI{s*G8!N(xvuoh?2K2CV}~_qOu~NPHDn2exK;$Cz0q)q|q4# zL@GoJks^aeev^Y@98!W7%ItbjA~N?qP$YnI0gs7tG))y6%7#@lL{SH%OYnGrZs1tu z$aMYmyTmaapm*(D<~CI5hS44G4R$iWW}gmY9N#&^8M_<8VN2HB?`-!w{ZX-cB!f{@>o(-?Hcb z$9S~=U#s=;qa(b92x^Nn&ZQKgFJpPiX(Q*;CrC&~dh3+9vQlMOdOFhCqL>EB2(|yg zy6vS3Ac0r-yS0XX09AmWZG=`|XuYGLAE8_e3h1XYnMhcd3P|x;F4LI|ou>gm&D3R$ z$WwkQUBai+Fc6UEf_kY79l*KWtOb4gWF98XW4%6*-lN}UVFF2&B0?xGg;zuqiqzR6 zoeNJc(cn4SP+@dY`$7d@&;i2<1@A#cP1`U$3 z_Mq(a$t{ONA&*tfDbdfO+WgAYyZ=9!qdPkt+TxTl0w}kOGj6l-L>EN)#!SC{#vBM2 z@bP0B&!egx9nmA@2{VhRgNpn^2IH7B;~R9Bke42%w**OxbXI1nt<+ap{ZR$W&1#4$ zI`1FMfhCsVVvo^%IqJ-QEbqhWHbDvTfm;-q7b1#PK;y?5X z^50%>Z`;a$kMWf6h)C=xC0nHm4i76Oy>*32pma~dJ6T7uQK4akGV?6-%VNnjX7M_j z49`-srRMgL4!TDH4Lr^~c3`Q_d|~N~BPwFL4bZ!F0cEiMK6|9+?>(j5f+UnMNOVKu zAsawMu6OG*Mlv~J_ZFeC7TCF%KjIPxr&jnwMI&vNGdD?%0uaR%S#-s&97b^8O$%6%2TB zmz(EP0%!GRvPDDFY=P?~v((x(JN%wIfoX6pAV;{Rl#%BkUw&!?#vpZ6D0e<01+K|R zZY9{B>@IIJU=lM$oPM2wuXH%21<|?F&*(L(C3f?2^G{Il@N-M+4%F}X zbsCeU@bsq3Lz#U>b@RhqEos6q-z7lRBQI{7Djo!`BR`RwvL$w9)IucGL^h+)X#|ry z%_KpAFC+@0X6zw@H#E1mcdiSY4Ga``=IyDhjMp>C&Xt9jtB=f76)-_p!L#K&s=EJa z!-zYd5jr=*C3lrz(@|&CQ?X;wfTraa>>%HYy-PlTK$W8?WyYCBW^z{2cxETgv45ox z#5rq6#q0!rd=$4}pmO5eWtx4xG%F3K`cy#43Bt zTk3xXJkyR?1b?uUr)%c;@s?ms(1jT#?z>IQW#Auh6>fLzye38yZfEIgU~m=fB5;e2ba&kyc=Fv-n+8x!;1B7k|vVz{*l56Kh*k zu#!n{&@wCa!lt1$jKfVhOOC!V(HBij?Hx>G+j~9Q>rAU9WhZ-NmN5Q)IyhCL#&`Ki zdJHv3_fsd^qW=%JY#}~_q2Tq_P7B_2Ky@4-n2*$^6@>FA2DNoXTb#W)nj>0M$x=lNX$Cq*;rK-OJ~Pl&jzb3i%pnAbMD2f4Iyd z1i^k+NEikVP*0PD6dIAx*D5LDqmfpb3#hh^mvYbZcWr0#N)fh^n*T`bADdi9EaW{A zdCGftSyHR^0iQ0eSsx`BprE+6iza*?k|nw#6TNf{Fzhj8o}kiajk=PRB{e6cEYWUP zfV(aN^|-sedAZoT8yp?qA76&9i4nv^*Gc5fx#}M7p7=@eiy+BOfofhd+lSZp{^{c8 z<;%pVh?vQ=p3D1IJ~OOCVF z94!!h=QFxCHv}k=IMx?P9tcbLZ{*Rbn~ZYjuN2B)X}g4((P5Ns5t->rEuv;_@cFan z61iS0s`nSv*&WT5bMKxFja-z#RJ^e?iy-odZhA;G+1ixyVsWCPDZ(Pred!(ilSvaueP4FjKIr_XF9-mAs;d+@NmMnLF66$3JX~e zpj_{q2X{`myVTfmEAQNhtoN?0?Y8s)-DuIk>c~KMznt8PC&29_vx<^@U~MHtcK79$ zDia!}{0)A$^5t5qBTtl`jcsF?1$p^HH^Z_GEvxcH*~@CIZ`1?}gN%{)uee&6%cHlx zR7b^!TTE)hB;4&JhC1PK6pJNtA-XO@b5b5nDP+oCtVoG7h@YTsTo@F1V2$@Gs=tzx z(~McOfwO1I zmL>4lM?mGg|4`+QGh+4qNA z@jg-1=$`Y!1+a7TvID5zy6U!sbdKjZsgZj`JS*I_!PH3kKOA`f(MG5 zYX$5da&l-9l2Kl`adMT8PCo8ALCpS=L-Xd?dAUf_@e+nhXHn*J!M>2MRZ}<5E%3mK zZ;AG)z(Sw8%)Cr2wt=h1uTVksDqEfl4h!#joW1iU&TOMGAd(@EjrTq9x8(^XY`>3# z)5LGDVL)<=RHX=iKs$*$K49%^gNgG&@;Nr|)usgi`QUDPMz1Up4Ln|Y^3efYTU)Qc zFn&!KbC&HlGz~?bUyFpuL|ACwk8Yn*gYuG*cX1g=c5r9iz+w=IK8{Sx~a#0?;VLBAPCx9@i+plN6$ zBal7jkTl(pq8F}_-1AUxvl=U1g&6)08&*oOdgSGyXCb`$12G0Ru1{WOBJBEm%-pXt zNE#3@j5fu2CFRO9UzjikV#*$JNJ--F+ce>sJy4O=NsGIxfz|Bl={zuFQq^FUrWbrf z44%xmZDs{HklMj?si0%8*R+@kClw{FUV}mP15Du<9DA}tv^~4n+L+#$H5{5%@T?HN zJJenM@?WR3ok@rKlMmuvt7GN&HVht;r*PSshUiin1@jhFn0izUEaxPsJ2W3g6l!_W z6L<)}K@#H9sFm*j$W-&gmI@mpCK3_*aDj^REwTg7WpfBMpHEa&{jO#eBPxQfW^bYS zqP+sHG@nOykrRNfb=^e0$vM*MCtbv5L!DaR{))Qe4BaXw8|(!aSt@LG8j%3tK~U*p zS{+=%xjo4HT>+YJY(AVX&5HA`rx=GA*4Ed)p21hf65%7;E4k~6aJMBI63Lbu)p__` z(JVoP2AL>foXQh8TF+EYrh3JF)K`09E+t#P)wVU8swOtY5T44QBpl-Th{WN7iQS~y ziu1s`EZy5S6Cf0$6uLn>z<-3g(KSX=5R&Xs^z;eUgML?xllg1R%vy&oeL^zOA+v|m znt;xU2Sdt>f|E~9ihL8&+jY7Jqh`S+{o1MaJ)@J9J{cugfStEED^HRE99>(iH^k_N zs)fL(f zlPXVdwNeFp2du4bd$wiv>D06)jGhx1G{oNoy@;?`7CX=cltIyp9S45q*8E6z7jlh7 z%#Rrd$eJBEt0o5(BeoH~MSCKbD$`mb+UnS8G-XG-8`q* zedk#pOP!8QdQ6-92Xd++nJmf6 z`%g$-pG0hZ(uqoQw$b1=wr_nSV}2~GypZ|`epkXvloY5!R3Q6^1l zep4XmGlpr6%NITeN+JFyfUhUEwLD_8TOmh(3}Ubs%PCc;O(yWTzs>hq2P?kzoV7R| z!$y|L)zB1dC}B~@$T-0%cLL_<41uph^RE-}LU1z_R2HaPDmYEMg!;6{vSQb?(ZEdfD&5Yt0F6aCd^BdcQI++VS^(+{6d=5mFErS`GpWP{0byNY)e&pao6$QN}wZ!%d6r;CXz+t6s(l0LwVCH zXp)1uekPNHD8A?}1fRdnEG{KCSQfQYSHsccxm(2}@Rog*M^4L@{o=Zty%o4Vz6pGM zey#!l?Y~C?KlNU=EqXun|8@hHtUhakK0lj_Z@N7{`OksxRI!7=rk8Cj;QF4g=7()0 z(E7HU9?<-MHePoR&F_44qdh%ur}P20*0$>2x+UD{{B;WY`xDi?Qo~-_=PfkFtD?|d9nF!+mP?S zp$E*65B&5c|Bo)4=eC-_n*T(rS_4R{?+diX`M3rEmU5zjcmFTY|KCj_c+9E`L~gF8 z1@~Lt0$yHXUICxz0oR3Js=N!`c0^=jbi|azyhAHavFiYN&iNU;Jd`t%Lp<8m#nhy8S=2 z{TETEQ@v6;fT-i$#2{|jpT4O7qF()r;QvXzfAjgh=J^i^kUbhkl@f?~+wJ=Hjs-ka z{Bn^mUdlMJ{-^M3L6rNtmu&2kJ87!fpY`juY*T8EX)k=Rza^jWg+c{UL zLZb4gE)Bzu)w#>5)5c@Jy<7SKmmX@2RGik;g9jmxB9o2wbciVD9q@^Fnuou1Il~|W z_k<@*miZC-#1&r_n>-O1^=hlr$bqbwJ2y}(=vYJj8Y`2IXEHYw{*qLZy~lJFWgy)_ zjRZhPw+%>?#mdpckTJ7gok(Hvv*tFA8)}u40v&ec^~}z`TOWCQ?1uZA_)!h;^0O*C z`{PsBcm2(mZwwuo85=FUzJcQ-_Lox@xLVXNClm<%g2^+`1DBsNREi^mHrYSC_(%(# zxJ^lK-1EoVY_MC%q<^V<5Q^s?mnm0}ZddJ6_1&^X5&o4F*YcV29YMQJ%Y0EF^7}D{ z%R{3N{XPrfS~obJ7hh^WLe8j99lFHthkh;XyzFtmXM|MP0!qUu=WPCaD~@ckEYcLz z^g<>{T}~&TZ$4-0W{Zq40XsKXfE%3B=HZHeA?xuF>$=Wo<1Aaa#jOU8l`l@6k@cKd zsjkQ`aU7_Nl7jHtazu+MP>q%%US4|wsto!0hn7hQFEZ!t>+a|<+s^q!Aze;y3SXAH zVS>{y(GA*_s8T)B`jEX0?rc4m$+lZMJ3ENvfC^p9tLzax7fr`!Ltq76`bn#N!V7poQJ-vMEGU(GN(6zZwC6)cukY%7? z)=!*yhAP_*WOf^e=>zTa5#9r#{Mezp^vEG;xwEJzi>g`AK4OLTRL1Rr-HcyzFuW^k z2a{OtZ>wr-T>AaH_SdI%>&bl3rJ4-sddlvaboqcHOH5EBW*v>NRRH;w1KYhf=E|$l z1COknVIK$vvRhYM`TccK9{|aND(03zkP{5ClyzJ1+pHn4Lk)WOjMGq0i(W(^PE!6= zv@y2mWVcb5iMPd{t{KOMwfynSJrFTDjCs5)6bW}9=Xpd*>2du==Bs*z&Mk{i!`vGS~G@XV1iPY5hR+N(S5Q2i{M)nkuwhHD|ZrdHvvi{jJr% zstK)ZmGSnbzA~M0yHo?2@vrrZXqg~RZx|9R4=QcYBRe@{a%uY&Ds`s!#Q8~oC(^c) zrB^A)*fan0b&;#7mhG^%cA(ut7G-^IIH??FeUoizo_=<}Kd!t^2W_kxo$b zqYUdrfa^4^Y-(KeZx|o}S+y_TJLPJ2Eg03POWvcC^c-8xEiF&j9^!~k?@EGnbRJY; zgVh5h3;8hw8ef*&afjxVRhVgWMwxv2)1~dC5Qp=aAX7-jXVm3c&bU^(sW8jx=+STu zcgD>2jl(*xYh%Gv2WXxt?B1Bvo>hc&6NU@-id&c zC_n4krMbZmjy+BJ3coAHw+_Y-`xbdNlnjBG*%}idG^t7+Hcp&p1L_6ZV3GmyIGeD+ zO$mK!w3cPeC{aKovYJD?S)Dx?EAoS(-ox)i;;Z&l{RoOv z!cF)V@-uwe;WJ7HlHQ_AEY-B-NFe!$t*qxn4(ZnPrh}!JlTt0|U%5(TWL>=gkjGN5 z(SR|4a2TW4ABYG6qx{}qee3W?P>DbcJ}tlc;;74vjaHwq8qJKqfvi(W>Q(}Ba6f0f_)w%J$lmGUQctjAD2F+mGzse<}xPZ%1~pd z7C$|tnoC_32nppFo+0+rzHV2?Yh@>+LrH?tY{hmjR!%ORW?<2989tnF^9x``6iA|w z^*Yk~X2dFBzaAXUSP~bNSoqndN5iFb&u~F8Fu;FA8a|K>woPJy77t=GGKv^}JrEsj zxz;|)Yc%%KfH{Kn=A;3IXu}Gg1;t^r$v@k12WK(QNG71oX0-&@ni@r41qys)3 zq*%8VkFZ`b4AdsE?UhKlfVa`g`GILzjZmxA_Gr47-R98M)XlGTI#$M?>iWUD0}WXX3U@smj4yP=sm>n(@6eMdCX2uy~~m%z6_ zACOP2YE)zR9<*}E;INz&xm+$EkeY{(_RVYqx5`ws&0B9!f5R z0S3lz>*8JV(@=U+bj!GrYka z!!=~(z9^m}ha4S^ObIhihsh%ag>mW2Mi;J5c|4|@8=vS+?$@jslOY6lK|ZXX}pwo^WSZoS*( zv3Y*39d;4sHy?P~3fMZz35;Q}oO#12Lpd_1#n4TvouH|dDs37A328gjJ+mWDYjBnz zVBu?J3(^xV8ICd`cb%v-WSCldBfe;g%}UVVK|3O$-7>Awv@00WgB#e1|!0JT8h;pIpK7cvUgzv z2>6QHB$G38i!`WKecU0Mp1-I6}4&H#5rwVhb9u3h71$FJ0@k5Y-b2{ z_+WaJLqFj3ZcQ`)9LWUf17UsR-KBelroku=p7at0znI^4-od79Hk9CG&}9tQs|z4= zez1an1xL6yV+s+#wUY{@2u-}<;7UN67FG)8;1~NY#{_5l%9b%h#Tx#SPb0)7MAvK2 zlKAGRN8cmY&=`m&wTpl<-Y?AuzW|7~<13PiGW45W*t)JM4poOP^B4f`QWE(ch1XDOA?71@w|H8j=_Dt+XL)+@~S)W>C1_ zTQ4m!<<(F?YK6kVltLt3U0+GsyZgsgh|E&L$48-+R-sGbeT-&bWQa0vN12to1T3mY z7h^fFiOnQGZd~dirA6`!`~_djQ-MGXRu{aXEs$C=q(FNz-}|=WD;C{9EVKR}Orbml zZYa6N2Kl!MhGX*|sT-pe1l*S@szcujU3|0%XZ_0jBppZ+kq5H<^$T@i&D=_#rT8U; z@<;~IDa;BYt8ISlN(E%n>QmzGFvnLJn30m2AlTpVmQ)i?@p0WDe%fsm_tp%kYJPV# ziwn}~&_lx5*i2FhEM_w=e|+)0DmKXQ`CN5gj0@7GyDDz*vxw!B28b~z{P{w_J; z8liQ&azDno4&_}iei74)NJ*R%KhcYNx%Ks@_<4m3YhzA!F%Yg8QpX}GlrUw=@vQJzQG+-$ozZ%dAPGUe(m-R zP~>RFtZRW1G+(MU496MPEx&GNhMQ!})F8}5O?~)P^v3R1Qlhl@sYpe9?^sfycA_Wa zCIjMvnk0N3_1L0I;UT`QfAlyB??Pn52(mBsZ|?<5I~h@PMI&(#y^f!NTm-hPSk%P? z_;jIgaMmnBKm>9HSbSt72DBm3={Wvg=1L?v;VGSCGiX5JhFp(-aireuf&1D_(}x30P(3xAi7R zhxPiX5}#U)^D2g}Q}5)|w!!ynxrzJKE;~(x8_qjc=JEV|Rf?oo+O3Fm4)xllOa(vx zP<=1_2goWj)^gDiij3G*7K2jhb=$10uxP0wcE8KV+vMOah;~?IOaqf%4HE+jqY%El z@+=1Cdl%7mxq0v5bKeLayBOKhClF&qp*v_M2&aw0HG3kglv1csctH+ZF1#?YnCD0r z=lbPc~W$At<{NBhMDFR}cv*-KlwXt})p_B>cv)63~-xbFydflEXw}ghi`S+$CI5JkW4R zh&GOp(%5i9@m6U-f#5^|#2F@8ifkuud$b?sWbLMTrmg{t<{~=2MwIYov0|pD=4t8M z)a)6h7Doi``o`ERTM<^mGzG zU89{zkM&SKIA9E=vNHJ@{$_gYuZ`-*_5g9kV**_xf$u^{`l)GBo96OqX_)~|XmpKp zfFmhZzwmw0ya%4!Az$tHjg7VcPrB4zl@S^H9{kCq$o5F_mBUxlT4b-Rdldoq{hJi2 z@3dE&i`uyg>;5Y}1KG?G{Y#gaepgrZ zn#=QWAs7X_L)NcUxT|Zi@E|dmDn6k*_J<)aM#Z~<6bT+eM+#xbsvc>uv`!$&T8Qq1 z8sa*M2FaYp3kA=OJkX-$30(C-!nj-w#%i;>E& z6*kc|qmE*EayZ+2Dl*A5$wL;4Dr*>2j=V$s|*G5@Cd;Z|OfGC|zE9w4E!QmMl-Clb{Yp%ml*` zvRsNK05p|e1|&K$EC&f^c<$zC`NG_1Ozd&_IxE(3IoyAm7miMq zjP_4B>L^44S>0M-Mx){yxyVqXZ6Pn)0lM5F}8PvW_+nfXvI^pJ8jFC&v z>hcJ{rKR`ez_Y5!+7Tqm38%@8U?^f*P*Cu3ihjeCkXw@OR~E7|$kj_Z8EhK&lp0=l zwEvrPB6ClMkB;Ii))2>Lr*^CGyr4oOq&OrM6P|*6W=mXiN>4Dn;8>l@EMX#3L*kk3 zQ`)^gy(zksuJ-LuVBL|BdtmN^L(MWel(0KIalB!3oPINVZv$~ChcsMzS>9)D@cHh9~pwI|HYYq*8gjZ_r7Fj}xv_mab3g#IsIG z_iYDn(RuQhLBQK!~!V47_+bTU@i4iFZ=I8x};Li^4_h4xk3+=aMng1XYqg z$tzn5g(@_oE}V=BQL61`SFReBhmMz5cE&93W*+h`4i;TWh&);eve+Fic7c{Lv>Imo zcgF>S4Acl}p9&LP+wXJ)kUeD8`l6;~#(bKBD_~bB^@i{*|4|c4FH_1~6RrJrXDu{gt5^kos~chzU~9&uEM|OX%sjGO zB!!RfODvtv!)TgX8N+e+BzhF&WqYdWY$NBMY>%nf`v>=i-0qrSkdpM(ybwkkL`%J#kcM4SNOw&FF#WMG>?;|c z`*M5Ik?19f^{0>mFn(p@D;Nv>+iAPsEjTuRoku7caMh;~wG=Ixx~78c{nmhFD&+kk z($70621Va>mhAeRMs|jM#zjpzMzm*EY=?zX$~S9v^iDm6U00>F zta~nxzKU<@6^hwM<$Qp7`$lp_X4Tjv$~R0{S3;!3TSjndQx-*T;}r7nso*cD%2%c0 z@AmMf6=q!Wjo_i2%@mzrF)u!wqEi(?X>BZ^k;XNbPJCe$=3z$!*X{R>tnkC1XAChE zSk*9rffib38(*U^w(?%T=!dhj3e~S-UoZPlQJiz&>Rq_S-J0ARQqYY!Qd;cpr0ydBGRZwr!`;I<@+8is2Z=VocJQzMGhAfWF)0%>fan||$0&qsm z%l56Cbwj_m$Tq@T!VY*#DAN2Lm^tT^7)~v$@Nurs-)!?qJ+{+!C1) z@T;`29ImC1ajcg-8#RwnK)th7bubq$`9UpX$Fe{1YpwCd^=`PdsbDxe$f77$vI0up zN&YNMD>#E7)5|pf&e>A=%dyAeAHY1T&H|NrEF07^0&#t>NJC_P#cXo?IY+Lg zyXhqt=uU)THpv?D#x%$}2pP$sx3%URcmv$*zp`qU)JYdavU7hA%S95Y(f;s1kjjX{ ze0teEy&XIv2QDa%Ly}sS``iKm&)wjpe#&KpEF?wbe@Q@d(SjVv&xSY3zP4pb)^C%b z^xC73_)Nl)S1k;vt@t%i_S^O+<{vcMe8c`AIcRFn_;*r2jJzQ-{^a;j`h=HMn$NybR zougD4ex-;u4fgHQxXP!sp8Sf3t=;+<`q#5UF(3>d(Uv{x-Vb6_log>F--uKep`PJdS!g#aGv zt@9$^B*poNrnH2J-uY-_KB&Kp=;>s|9T+jV$+38~5oSoW9U2XNkrx=7IS^8RG{PH1 zIj@>_O|H)}W1TW91^P5qRwy}g|A#~w=W0Fz1%!kcPSh}IpAJZe03s+~Crg}7^gQtj z6TG=G;EB}OX|_*m`CB!9RE(X4a`J;tj5+LC^upqYNY8A<4(%eM(#|s9e$dN2QYK71 zJ$y#CA+Zvu%11R(v#y2grISZU?H(;O4})8UL&hHSDVZDH4DcSBg}`f#tE@=l>RvNM zv6uhN8jFI=Rf%Sa=xT!B)Qyrxv9nsCSDIG?GPnHl$g7*HnC+zgSH3Qy*UQ^6xG(%DQ1OJG<{eli^mTB0$p^6YEp4_u{7OC;EAhebIBZWkwV9^05Xh)3_Z=&? z&a`Z8VMQ9lq%$T78qJ%trgj7;J{!@NzJcr0y;-Q4aE>+Gi6;`$gtT@q;b0ZVH|-P0 zXi4}zvGCK9YGCTXJOY$m5h|maOr|yjQSZ$0LHI0F|EAzw<`=4ytnP*vM>54D>trbv ztVQD}Y|$#0dU1oJe;e#=`VHONd5MB4O^tZYh`l?FMEmx^5V2;=O4kYmZDSc+LS}mV zMGU!7g_jzmYLO1J{p94|qKgF!4DUC#GAX*IE#P0+t+mZc8M-o?b8*~eL0vIcgfTEi zku>v<-^wbu4HC%;KJ4l6L{_-|m^So_$z&eOA+2*h5o=R8K+ZzzX_fie;)6Ba3?!Q$ z?%(*tE;}sM-#Z&9mQ0Mqpb{@(v)PO}JS#YDCSD-xdU=!rVGN6F%%fHy#VX)F#(qVz zzy)^kFoCnCeN^ztv}W+BXZL2Z(Ec8Lb9UfJdc8PQ3?sBMR!`P#rK@03slIuoe?h4H z@Xu_xv8bV`ZrO`|TqBsv8>etU6!H^#Kx!mNt!X%IlrTIH{pmG2D+mlX(%0Cg6;rc7 znj%_K3RKm!n%yXd-}RXD1X3;^Tv2F&dVkaCG1KqFeWDb z&f$@78E0C}Xx9jBjlr2J4gywGd{@gEOZh#TRyRt+ZG{t^>t9p-9Fv@uOsZOIZ{Ap4;sIoP3Yr%| z59s65rScP`RnNP?zp+{i6(;Pf}yp>|G%)5buE&|Fj_dTWY+>q;?@`U0lDE()hHM3|`zx6PlQ2HMxW>_#e{zA9Y zRko^Ew4%IEsOwFJYkp)@s!V2|TL#O;Df_FR5IdH?w$PO4{mA0}KrVb|7p6(3@?u2= zjA7N{sQzhjA(s9{56fet1`BG=*2pbeELxKpi0aL?Xd@0@wJ=%!s?xrxg{(D~QKKFz z@H{r%0wYD5$HzRErcR>D?Wj&A9|3y`V;#i2mZtZl>rgt^6$%x>$yGaHbiJZgI!L9~=#Yr%-drYLjq0 z4LbGAZ+*`cu*Bx?P{U2am5GHV(-be9fh2!ap%Q zdj=5A@&p5a46lMxWy97m$Pv1%PFA&gi4x0<{vN9;_^L!KV4X_dX~3{F-RFTPgq~I7 z)E=;3KpdU&AXd?xbZBX8+^t?0&Q4MxIew=W@k+~!J~Q32zyz(9-*i00rmYjNtEkg@ z_9qGkeau#a#X_xBBp{Q;z{^7ftZ&5}A4w`5j3+Tq^mU?`l&3k!Dq@c0h^nU&V>@^~ z4IiSl&GWE7FlVA$Z!*cyVD=sY$I2tI2Xaj1H{qoq*6r0X@UnGklvj6lq7ZzvIOB`)>j@@S{YesKlEXGdb zJ)Cb3e5eoq(oLB(ou*1ZKW8w>?-8!&(7lTkTnR5nH9F}$dK0d~*)#IVCpz9Lxy#0e zJ-We8RZ}}f|1e$QjrS1IA-DsqgFR=&O>u5JI>}OXfxfP#p0*X0*!ZlLMkyo4Nev9c zXu7_amMoh#=u=UomHsRE8z>Y~94(UT=hJOYz<#^^#@qh-V!Qs?*%b}E!IlqyK|!vq z6h<*l3cL}L=)2X!>n!o-{J|1)qH&U#5>AW2jZsaMrOmTEE$Wu$BLlg8&>=2rDD}1B zli**|Kfh7f zT9%sOUY3^869aphpF;*jBv~k6flwR;AIQ0NMV|t$VyQT%XWvIJAx|Zr6=t6_B76$K zXWPA!_i7kB2&WD;Pu5p#-9t zNp5gX@JsjFfXo8?y-NTOpu4#{bsy-t-p&EIFXV$a|0|p0Gq2vEdzu8G1M?P|ZRDy^ z?TphPKr_JkRdOZnUr}~>CK^ipIr8S!E~MSIkWWQ7$n-te%~?E@r@qH;p@K4cVuh*w zDMP6d{_jvoD=QH?j@^*g#f*EgQ7@6Rz5B1BkYeNd;=$l};lk;YL&DAS3n6)OnOk6R zgW%&Wu=(xF+Fv!X)d0Rprl2WZVfnKK2#(2!A~T%RPtpL8-#&=uerxjU#?-95A-fT5 zKb{?Be{sDPw}4xU=JManlxl9}XfFx9@CG<1P39Fx4e9Ug+{(w%Gj`8gxPA$;MO3-sb@ z$%!I~a(~8N-C>O-jp$;_ht3ZY%`dM(3OI{|QXx1cp)?K2gpkss$0jn4T0QBu@q$0% zlx^pDl9Bd@o26PsTnn;(x|JInPASOHXVTzBP)r%$XMPl={c<%)&s^mq8Vy(9GvkQ# z?w_8>9u#m`d4%~SB<6E~%Y^;fINaTe!GnU$wXQ=u zmRJz5(?%l)4=Nl<9RXgUT*yS`L!bwjYk%CL3c7(a&dt1EvgC>5&vu+=QT=eDORX{>>0o+MuUC4^NzFc*w=HI)puNT$mk;Hz z!eb2PjHMd@Sp_`6Zjy@gHEcQKFT6r=%ROI*Ij@^%JmuX_&R@Xy-!W_cdN+6NsBULj zCo&WzC{yz<@}MA%2fy14d?Ct^E&qE27*ns-U91oLu*D9(^>@k0fj)Z>Z2u3_^ZsM| zYB6%%Rnjx`+QZJgHxuhs#JhZXJaX|AZp}eRBocWnzA(N~LeU?=iZfAgi5`hGgBkVS ziQf(9kQw_lc5bhNP!3OKKbFVK++q^kN;;Gw5#qmYQnfPIgPsYkt@BWo*yOEpBHY)N zp6IHlFg89gVf5fUaJu~X(LmR)oA*=1tJ>L9-V!37Y8lbsy<+TyOKunCN!8W{{?-?< zw;>IzECgt4`|SnjQe%4Q`~48Lj@m99cVK0bf@2`logua`%$dDXaE|o^IbUOJJw>F= zfmh_U>JDnJUW-X$fWWU95x>3;*XB_PW2!+H9zVl=PfiDSQ)!l2%<6AL;F!0g5|(|= z02i_0sqExIjn{YrHeDZWjrGEdbXzocKcV1!5IOGcp9WOLlTJFkv!oeQNa5YCUVI_3 zL|)=6_ROEfPki856tf>WP7Fq@yxWH2J*XYo^G(g1`97%Y5tAh)9wO?B40)V24qblR zVL?jk_rb8`o#qUMhlau6PU*)tN;cE*t*WUmF-#D)8;B&I8&Ij5o9ZpNDJc7KJ0^+& zZaF2Qhu@ZjQZCtbv?G>P85}|AX^jpnCeZHTY!!*Gn^Q1*`q7z*Ds^#EC;Ts7q{uVJlpi;Mv;jVLAR|ighI-#J{l8*2) z{7M?c2<%9zrzz?H%v`Y-LBt_ueJi2!*tdJ%n%rmL>e||R-3O34C)T}3hIt_3+Oo)Z z%0yR&^UmF--5iOU?1vV$2(i^rg*5uOhtLEY8m+^QusS7FDsoOzaxr^XMs;8)SD(n) zd=T0aHy3|A9`gA|7>)%rSu5hcC2o}R_ye(&U3a#+nM%oltoCa{8qP>)5X4@>tSq(d z&_IqWi5cVe{ahDt4i05;@E(J>mCbSL2{U+ln>$kjQza#tyqrVYl-eAI^2-$1Ua#8%T&)B6#@^F;kusJB zlTwIagc4ri6R4iuPWqsN2@{zlx%}M$!wqLF3^9+9>y8k zcpUkeO0L5tGeaK(9?wzmokl>9@X)|jc%T9W=t6S#SxH{eLM+rbBQY38E;Yx743Xet zYbmjCD|N7&89SBFBfKPmroO~hteh{e4^&zv+I{&t9#hUDYT3vK{q6fqmapt^8p`m5 znmUA@HL>FPKt?goM4Y;EZvfB%WHF=N6LwF+$jl6(%Z(Y!ijz^?9<^Dazm$8mC`Y%b zJO%HaJ_C}aFwrj#6K+(d9Y(QXr4ueq&=E}wQFkY(Sz&g~l72#gJHUnpyBk9KlICup z*bPIM~u0y$e_*kc)5P6yiYWIsJ_1F1PW$1&6--kk*A^u@S_zHilpRGYE7{#-HP>` zig70@81ASjqM8)c{6M*I(f{;Y>DWBS5qT}IZ~~QY5FHhV;=t31Da(!fg{0FP)5K?w z-7=tsu{v!=fDj6OS>0R>d|I+xQ<+1n^;#fRpXeS-)ZWq~#6D5032pM!EW2JT-ne?4 zb*bUNLAsi`YM@!Xk$Y&?Guq3>gOb93Gr_uWw>UaE_T?@8TTUR%nma*~G5{fOOdJrq zlnm;gEuu(lAyJ<%zuA;-+50-1EhwaiDwj~+eKFCa=p=yG70f-WGu?U8uzX&k!c)kz zIW`dJ@@;zuVwmqWuL>~579BGavKHzl-a{e+M0W0a70iwXa=#>RwnuFOaig!fBU=gQ zXT33^uFLVZ+Us9@KHmA;aqfXW-MQkt&%173gfX^Pwxf1!uSTq_nW!X$B)GIkRJpeG z%Gb)Yz-7u-V_);pOZ^ugp6AsAHM@!xK0LNZwE)?KW?`ZQyC9) zkH5BGPM*I$Z6^s!L!nFWme2Pi$FJpe2(@zvb3dI(6nzHI>jQIDQ*@^ok$w3*?~jDL z+#a`=ZB^W%ZDZva7<>hITe;*c-H0uiNY?L>&v~kE+dK+|N6)?~;sc~Ng52JsnM@W0 zJ8w8z25VjIJQ7T3BBRHq>}3YFM<3@wg~eDG6DKql&lco$9GRCeUpLzjoDuwa+KUTe=3|b_@JE z;G-%Wc&r8hly=Xr*S`Y|`C=`AunfYgF1e+~9Z$%_(qRu8GOmS}C8%S*1;dr;$UdRI8#J${le0N=z-(*18#d>_s4?iSAEqP*^Az^1_Fu{}%wtKsCP) zi4uOH8Z?^zPO|0a55Hz&QP`o68B2{a@^7o_D$QOMfaOcC=*6Bz`2WIz-{n(x{_FR) z^Zb8z*WUj>%2Rd>lCgiC9H*Wa#n(I!LO|I+0^j}|M*ANN@z?W5>WxCI1v~~S`HsZTXkk=SdB2vnr@A`SSK4Tj!xva|0RFfqpuhIB2>;J{|2M9q zhX40=cMI{K_x7#+?@^xmz!4Qr+Whm9KH37I`Y~C&aCLqY;ooM&2(*@WBFh1i7ei>| zoW~%~JsR%qkia#yQGXmKo5k1v;u@ej`EPGGAOB&iZ~Z?W=SlSy8(&A@oXxC)B!dT? zDW?Rrxfp)zK^WGTXI5If{dJ6yl!|%P&WyTCb38^~h(f1$8H z`l;dn+r0w*)7IABj^+Q4@jQG8o-b?1rRL~7OWs_X<}n*p#s>@TV+QFpZq8Lb;?`V8 z=xJ}F4X|q}O{fq7@?m`n99L!1afL)aBg~KqX;hy0^SfemSP4-=BxnoB8I1uZY4p$$^=bkjqnLgCs;MDnes(|#fWD0!UfjCt;Z(oNVL}h48>8N7y1v1&@rV;f~z2vl1We{{!%|L;k z{~-z)BsTD6Opu+b)SGqIBo7fo>}x#G+Gn9>3Hc8Tb#ZesuwMUH!2jRdw&(vxdCIp3 zc_W~1f@(rFs=J2Ig#VeN>2t$@euhhtuT%90&l2ljCVjB=zt!I<#DCe_+qLWeF`n}E z|4I(Af&J?^PKF7j6Q<*aF$o!9Zsl2nENJPIv3Rp2n2><;n;H}7dK!%NXc?~t4TsMxW&Ri<^lLbTh6`x7&KdCu zW~3vV*KXodi=$}Hp42u2{>7sB>dN#AIWN{K%<^PO!phq$K`*R7z|Lo%zb(4|r{TLF z(*A3EyVoz+f9=})|3`Tq)&FN+{P!$S(78-`{s+0U`y4i8Umo747}s=>`1=;S$71&^ zh}~0nvt3U1XGPWd!T>hP*B$t)YK;{0^GixFN9nCrsMPf8tMYU!aphatPfp038E3yT zhrh;7f1f@fD_%a>vxxkc@bQ9w8$Xvk-_Of`JNrGW|9O-rcNXS@`y$3uavR3i zruyfhk$XW{;I)0BsKN0p=&*^782lej3Tj{Qe}5#{PbO_0D{vP3&)YI8V}n*f7|@9* zLq#@pLytUvvT-{m3340}Hr9y=i^6~r{w4x!V8>B`aQi*}Bc_C*K6>(T7W<#j)_4Ex zqkDvJuhDw<|049`#l>m&qulAXKCN%c%HE;&6JB8(J%5hcTfJTzy_Ycyi+pp*^}kRk zs5<-4{$76l@9l2c^WUR9CFj3#9`F@Ji24%zLdQg?jLjrjeP(;@_u;+yTbZ!>n!h4LS&s9}?P+yVJPd<`d`Oh>MdoE$@cH?rl*Xy8 z#9yA`G3i7z-xqi7@&*`QpQdjI<$%NGnX}$s85$bIw+%v1+aOBrZM<0}axNZ?Xh4%Y zIg{kCRZ2`kpTwrUkMUxGa@{aUFbyDTZ@&9-rkZLE@dvtJT6C7q3`p?l)1Wdzg2&SQ zQJ5OC0xzc~e4Uy;$U9uPg1f2*S0YejuVv7OJO72R2ziUn9&O!$V9sE&J0Zb*zVRLhUTX~nWGs*+ zH=>w~=m+8nKKl2~4&uucg#qN`B%z4J$fp76v^q!Um*+_slhztK45!mDKtCOxBag~Nhuuc4Z#qMK-TJ1J zOrzE}|F5-%e!?*gXAGSj9kW*FhPk0fS{-@U)#^}>;I2p?hrhM}Nag%%Tk54x{rW#U zJ~(=H+?jey*D-(n@9%B(a`!*|{jIGnyZ#^JSwlaFaYjE9e~J$I*tc5Wpp$?l*!M;7 z;#)FA+L)8G1OXL;-pRc0H>7!t+8V=n+}&)o*4EI)%YPl6wOUtKS8f=v&?havoggZT zS7_oYBTom}Wc9o*PJkrqBGefnrZRsk*a!b99a~__Mpx52N4~fkRM+n~kUC9VNzvPY zR?#$5pSm9LNkZVWQKUyAKfIfgASt0lW=WHa8ZRJbG)Pb=Ce!eSFr?c3-`SAF0Z9ns zNun?SsBz3#=u(_0j+*umFGEzr%#P}ac17bD!=T~-DQjCKWlg>(U=)yBG{wJ$F}e{) zz*g%(z7Q42*Zdbh6m0nPnxLD0XREV~obS-hR;SnLZDt~3n(cYWaYkY6!q2;K79$w28FW}WI#_h7^w$eVM#n>0 zq7k0xZDBDt69mHqAE=eaQcyPsYkB*4I*yc^Df9^FJ*rLyU>)vVpERuGa^hVCs zJ-Skk4_Ec=e?6NHNz8{N0E_0j^jH1bLaX`pewnX)c<+-R5sc znEJDrTufrZCZX@O2dLlUO_vLZv-<`uyhmp$X`>b{+rUp(KvzzARZUoSLgZ9l6?C<= zxm$aHcJ{ZPBJl?9arLW_`I}D_v4Ub6LKVudp^CJ71ge>Egid7^1bJXPVT_Ig6ono$ z30q|a37uO^qL6XXy=wjNdQNy!lqRhy9bM(5pr$k$bR~FPmrK!=;4#{`dNpGS8WO%e z!*+bNSwh!-r`OqDyvGc>*rc{KiY_+6Xd?t>i2VXJ8M^xW?$GN!8-Ban-yM1Q*|Tq5 z{O#_yjmU3?j%`z8+ zQLCm)N6=f0ybN8O(KV+FVw~NARIEs(3=s(G&7{K3( zvV3|~_M*gP$597qs}u%K0ug}D>>{AABK;NLWtQl%3|%T>+noL?nO`bbIbEx;{*pkH zapj=BqL5FA%vhrLzx$C(2-Kl5^r-E@+#>vV^tc58K1I*^NEvFba--f z#)PK?@ua^gkT@)%>)rbm_^J_wvTEL|VN*$s4lFqeE^dEYSb0)ZhDT;E$~s7n&J%gbTe^egoj4aR&R zl!3uKSzp+hGIS!c)Rm5|z>8*C5mD0BfUhcgOuo8t12?1y$3)*3dYfo<{-x;p+W4xX zi=Xpq5lzR^OfTxkqd8CW| z_CqWN&O}aeGO40CB^HuG55j7VViJ+SCcOo=h^P6NWT(Y+C`-P{CRl#w)=`q z`AJ>n(g72?KAqAGH(qfOn?^M?i}-cuX-zlZucFYCq6jEs3h7s(%dnuS8^;TsvWscgv6ZS0D0mbXsP3XL03s!u&Vj>mJy_rC(`7Kk0DFKm>>@)IFo)Qp)DV0Y>x1K zaTh^<8ClTARdnNCp)f{QMtriXO`r=tE&defV)XZUbe+@Rvvlb`bA3#wh4feb-VgLa z#?cJlmM>6@qj@cS`qLrE8={1gaa`%9YECGjt1MlGajfgFhoZ{}kW?)19-SKVN}hkG z)mM+4N1PGt{T$PTya`;=m|+y@ns;C^=t_P{qe)e&gjVFMCS4;MV4wb8&i1S5N;Bot zU%f-^RP5xUW_05^Q5+@&q{lWY@518znhj4Y&n)){3{Me8Y&Jw5jkO-MFx?bgE8XMp zEqfB)21hu-^Em50IvI%|5l@j92I~nI4vAcb;Vs{HCNx4gL12P9i_kq7y*>zCb8egN z5l`y4Jgo!7=#5ZV66bE7?$On7#_opUhozLoWptI^Hr3OW;BhAXRll>{?<{TxP)S$m zZBsp6*_)?(bk%OJavmzuReHr#PgnN3Y1K=m3|(_hM@720_*Xa>p?@NIG+LU0Eh>K< z_@G=&h#`4_L0LummG}e+Zkpx2N5`NaAi)idLvhHs!7&wzvoy+$(&2cD4k!A4HDw$WTmk7t4=;RjNEXJhEp z)d5k&SW~saS&ixRtLyrIGW=7Pp-YMn4^G#iipw~Mw0U%C|CbzvD;#IV-G~ekHLu6! z(WOF6JqTG+9Q0>nTBlkPbe)Q%a-I1h<_it`VK5fjQe{G|(yug*e1mJGD7@F!q^VxS z$c#4BdYr`JY&=0p!q47p(8q1fm2PF&Rm*)rR_%>rk~0n!`15Zvi_2pkqS}F z9-OYa4!cK3Iw?5eOsnk~9+WN}zO#x?qzRDTO{ES@>_IH;z!jt}L6`C!ph1mh<6f<| zb%vstPH}uUS9!l8T_yr`t#|`QvM-MgP7$6Z6A~oUt-McIQSDU%Ib6k8FDB9}f{P%A zI!Eq~hCsnZ2T^hoPW>xzih7EY31tYx6k#1dA?TXiiG%=deAUT_6b8I;^Pz-ZtGR?( z@g!7xt((?kn3y)OoLO~>)m`hB($(OKcU4VJCfxblYv zM^@BiCKu_NV=o9lct!q|q3d*xm2jS}Iy2!F zH93l|+8geaE}e9K=_{K3NxH=D{WhS#&BzPt6F5v?W$7Y`@Z&0*&*<&zlmGSh`0~Zc z%j4Gvua3`455SE!^bB38@KhmSq~=fHR3dKRBRF;^prtTmFmOooJl36o!wc&g zet%O$1I=slv{un|eyGIit5Ui^SHbt{aHOw6l_;GV$0VLDA?Z}or4dB}liA)QG00ll z$*|V~Stu>Ltd%R#6~<$#hw~ntc#51b9^-&A=(VR@-oKqtSGa2$1IZ@g%=c2YPE+r+ zTDnG|pEmOzy$r|H#Xb_R`3w={s7@P0#M7LZzXT7frOTs?&!{7quUF_E9k>a-!HICj zya}l%x`=<5^GzI-h?k>oA)&gKE-+_(ON9d&1H$+l1PctpBk+`rhC!APP-=3D-<~WZ z>DSVgx#_+~YW~i1YA{MiS6s4x!1Z{G6L<28B$Lp~+$e}wd<%`69yiGQwx-Om2DWirqPAZej+g)mD>5hh5@?PcqR-Ru4#l4AAFAKNS*q4 zb=Nb#h$D(z@TXt&5}>NXL8vVe;6O0ehx8F0qbWbXLthp7i}H3h`HWopmpXO5p;HBo z8D3-1_(C%qCF%mbil)#PYuycfA418Sgm26OpD!-*%6UTz~&St zN@~CZlc1YSqi#-PQ`M@HTJ$MfepBp}Z$nS@Hhm#S2NYN1`-qYf`ER#ayymMgQ(SWBH8U%fZ(LrxG z@wb!-WkQO{tM?zXCdyDe3qU`i#%{*=z?~%P3}K&zC<>Xlnczzi=)FS+FJHn>K_U%+ zFX*Zouf$xBY5i)s$ktS1OVzZ^MYg#TTS`|cXQ*QgDLsuigG%1$CZ~+Z()qU7bW2J8 zQ%$%`mubCul?Jled`s2u4>H?Qs>*kvn%S08(_pTt#7lNtIbU07rlsVX^K2tjw~K7^ z&ob$z$>-51pTD{|<-4Cpf`nq9bs8TcQo3f0#Q!Dpjjjb<*W^x#7Md=gpqw~fFmH+= zivMarSV~uf8M_T*Zys$+(WMF&bg5r8vh&K!)egfU?7*HD?5;auDangy&YAk?dsc$`&^vuI!*ljoW7s`l+h)`+VWGU)ThEl3M>vZCuZWbrz~?+Hae>84RP>5#23fj zD|s@w;*Gqjr1yfblBGJAUf81&!jeZI9Ci}n%rwOAoRKe?16=aprMs5?tRZS=89D(%#{P6mb0S;TJx&_sCnm}*Ce4Hvk?yzos)O_5aU zNiE{&p$!nIGNbX7*Bm4$4#6gi#8b)`a01NGE%AjBNO>P;=z7b@K@=Ut(<-+xE_;dq zX(}BO+XGCs5@K~6wnE!C=MQ{J7g!VV{yv-eRrd@TLn7_cYUyH=-52B@p*qa!k+K^n$Rh~MM`ac6w=hIe`br$)erW%+W(tirFaEXI8K z_VM$C2sb9h!9-AZ2r)~%JQrD!b(F-luIf8T>x@+5tHO0@CzoCXzsB>Ok?TmBdqG-3 zQi8{w^7J?TPQSB6WR$ADD!-4cB+R&y>}1m~c@tSq+MK9jC8W)bCbp{GRd^ftA@+{U zOTRLU?kY2Bu|iWLThJP+QXNxynXcIRG*{78evf;P&h&Z!&&Sj zFLbXn4kwkRqbqk7`;d@z`JW427FE$zSe<2b%`;qp@MinHCD!Czx(enCWpvFmTv*X) zp^C183rZPX^9&bOG+NL?;+q>1$JCn>)=#C7qM)|GN;Nt;x_EzWT$z9kLi;o)h#bnD zVqS@W+;jFv;hrgz%lO^m+A)g5Dc?9}422PiG5@f#yH8XI5WbI=bpkNfJ}HxinEtSGDb-RN|&5n%p?1JCV_mZ_@cD6b()GfHJy7UtEX) zr@4JdzD0Nh%I;K^D*BHyL;_ER%o8!-7VWA^y148)BtAdt6~y~jFe+yvg}8whB7PM4 zcQC*ZGKQfc8HI3nHzrI(XIaQ=;9dl-J{A#ZkPLVtl zFMfxoe#@}8Rxn2j4BQK+m<9usf&z3@v>P{^3cTvO%}| zj}4K1Q$q*{L>Q>xlJloaHXB|>0OA6eERud+x8!yjtOWx2C@7qEIX%31QCd5#QHE_# zJ1HEYg6B?4cZO5^XadAYUlE|ggrK>>ao49qjg?@glP<;sd27H*6J`AG2l}TY(>mbJ zE;?M}*a(<-9VuUU3#2j_#Ey>%1fjxcL~hX(Y%omU0x#omAZ@Ta=zHRaw~&#AQ+^nf z)0Iyi@*(nZAa#lu@=d~9rGp~aoyd9yX|JZ$@XnMv6fv5-f>dx+Xgj~MFc_eF4d3(8 z0P<-YO3n75Wqj#$I>s-+^@t#-J}(YT*b(oMTn@A7geE?Oi$3S=){;v5shMa-J)Q&) zU9Z2jy_5YYL(R7bsIOlO1S}C=sn}Ktra~DKk(@-VeV|rfCuK~+JQ_oco;&lq2sE!h z$+CGV10!!YPeg}z4J1xw1&1X#MO#`!XJj-$%E3}`3pbn^b`sq!nR*yUAx=1 zmA&!z{1iBHx*g|GuGebk{B(T&@^C-1a|}luN7>&=7e*Q&?TrS{nl2>_ z1vEwxiIXTm|M&du8#xjF9JY+1L-bTOKHEQGMh^E82^`8#DVXxd#Gcsb7cOVUJJvB^ zE`%BzV2b&fL4vH0CzqD_=5sKY11a*xXigLTGKkUWa9@s;@DxSl_XPV)+bxOnQ&mNR zIGU&Axx}GD70TcM^N6d?EvCFcfb^Im*JIbVbvhREo~XzZqr*sygwU5Z4jc@AEo(&f z4(d)DgiLYT7%+D+UV0ELOMW;$I~7I(^6nwPeP9@&YU=y+7T&p>DVgCR`a!L;IZdJo zR3hfOhkKtS%nv|?-1SBRGKcj(iGOuH_pS%^_dfCe!QXP&f0W^TvsC~TlFo|~Cft5G zb=$pd`L^Um%DWf*Xkkp|==E>s7kp7hB=oT(^mO0t{w!zTY=w`g-WpGlrj>seTLdbW zRAlGJ^`b$~^`hN$>sV@)h=t^_g+s<0{%-eY-gG)%a$}02;!S+F`!jEZ|4%ie2M%_q zG8WGoIa^|(5o3QWw5S#j8c+H5&Btltzlr-?>Ta!oUqb3itFbgYSUE~07Du_-7Hk1B zrWkUNV-hjMWmYf&4v3J}EG(Q;_<`zzJ{HKRw)eB)1yZbLqd+{Rd<&!$@iY83^5U2T zmN-|0y%~ss5SS*TUBI3~5 zj0CPQiu9P08faj&1ZZEnwx@hZFp7wqILh94miV#9Wx0$U93LwyTN9tNB#Oi>kF%LD z;`d;Gj%HpIK|fMU7u&LwjF>lJGentE{8MdYT7rTqM13vDr5h=WdWs6xmP6DTbSzcb z^)r?`wTI|)*FxyMZQCF8S(e=?+A?bKRw*%M(|aX=m>a9_6yIa9*e5CqJl`bgvU|%)U3Ocd^c9}~ZW}5(JV5#8& z;*3Xwp0@M%f=O>n-i^9xD_vIA{_j<|#dR{{9- zMOs`*{OY>>ON7Iz7pFHi8cq1^VlfE-4o9L`o;{ph5qOiAg>I*qFD;E_BpFSXv?5Vk z=m#;3PZf@s`(wtx$QV}iPUf%{bf>gJW3}=b%+-XDnAS;ynvA$}Hb3}2&bj<8E+**l zxwyg52>le%Tb5ek|8}}lXjD`+6t$#ndR(xj(FA#}E!{Juc|=UbRG|SEM?w5oHkMXy zCUZUbkqejki{G%Pa6bG{VetAVPr52p^7EuuCEZw9J1#Nq;TWHp9`iJfmTqm|NyG{wP3SVOdTT0yTSKs*9km84iC$ zV~_Z*WH`#m$)Ujw0Z*`)3Z;(`d&mpm6EI3c&7_#3OloIocGnr$gHHN;>@%1jrI^fq z{wMGM@d=6IOa@~vfGRrT*E7YqvV9qnMGlEizffKKx*tW)l|o}?M~(g-y=c1 z@W;QCdG@!Pl)>j_4GTv%Cd2R&*NZb8*Kl!DMDsj+!6+?dseq~tsuzi;C6@1hG2t|C zMgO3psUSwWtvOR11jN6ujA|8RR1N%T7}ak`Ld8Cb;)-tOBvwmGtSFUO!A|?nC$<(e zv(!o78GIZQ7B3cKVN|;2sC3n+m@=%ME%Q;NtW;Mp5h1NGA3N9ZcjCE2J>>%_j}b4P zlE{)$!KJ6w$6JV|pG8}*`9RdtApmQ0(9c+ZOZ>J9HuCQ$cgCp3P%4$lM9msc* zWKn#mwdRf&awa`Q+yDC4zqXa^N3TgRMB5+f$C3J$gg(VCSW;w;oQ%>OCIFu7EFp7W zE<2GW6KBrV!Wz_MszYBD9Oy&gSMh)ZYC|1FO|njS5)l~j=&@SUJC=1CAR4*CCa}Dq zEJN&x{ZwcvhrOQhUZ^Vjap$QpzRYNZ71pm%zQRSxPB+4Wr%K~_O3Y_ACZ$59aD2=~ z>P|56f{)@1hJV^BL$+8%IJYNVfs8gpy+?!EG6^Hyh)l@GA?k4AI+lJR)y(0)AKOoM z@(--n&zOE#b;*sj=#4mi04_-Cd;NZ2HH5YVI~Ir};tbI_VIe#;0{XX|>hb^UUJ>it zSd9PAQx5-scYkoyZ}I;(kv`o$GzD#X$W*=m`I!PH0i-Lf&3Y&N7dR4^YNKxdAMNkw z_W$7M=&0TQn@BnBG!Da5;cI_yA6YJ8PUL}Q@DQDfs~jq>4K6pSINQoz2;L;c&8O>= z8{#9G*_u)=HR>CT01o4#St`hstv~CU%;Cy4w7Rk`{tvx$t*&9tVs#A(%$i|OVe|09 zWQIL|i2g$v`5zq32#cv5kXWnX$6gXRQ!kj(G;@q2?|0i9MR@AX{%4l>gwb&U ztg*%Wf6zZVJjm_;-QE2`yZ<+lwvg1bDr*xJvM4+Cwv}$IbFi{iwwrJRwUFWaG(>Vy z^&A=z%DN@%8=)9aIL84VgHY-WFhr(Nzh!CPBB^8vKpV#d$4RsTU)+)u5w{D}a877g z7Y3XclgOKqAjZCGM)giwiUt(17>_*Pi|1&P;0OmXAI-T4l z9DTa8EOBKKhV0@Czj(eO@hy$6(@u=AGXy$M$8yC;f5X3(_$*sU{wnu?mGz_+6`jk6 zFNSWV6C=)h>8J0dQg5oC@en6SDHbwq3A@p3fWut1!nnp(-BCt(e7U_Fp^;F0Dy6XSS4$Xig=0G3qhQ4cj#p4eWSW?k zV0grsU9+AF3Qf8pb-P+s+=ERo_rK8Cb|W(JSRBoJ7DA<*L#Xzuf+dJS`%Rh?4gm)B z<=@ZI>G5mnPc5{58E5>Gu7E88zGXI^;Xh~qTbNukrIJk;i3AX;wAJj&D!a1EE^o}9 z#xuWcO{c7w&xAa=g;plFJNYN9eU6P?04gNqr6czaLQ@*hNad1SV@oaNIr7E`LqKKa z*NvoOclnu-e-+?Wy{nmUhXxJ_W7ZQsUp+qI$|$@SJbXHM+PDy7C&wxgYAZS03roYOK&ocFVcjy<1% z%hwQXKiOWU4yhV8>KLMJ;Q*+9Q}w9R-lZ-~W+x=pqWXC__2P51%XWdP;t z(V%CU$i9MgY;85dq+M#OW@7gDL?ytfdGkF>!R2ZKQn21NH_eZQxQhd~n?eWoECWVZ zO!5{og4&m1Cxz6tvZ3$O!2>!u8;m>(D@7qxYS<$WL{DoAh50PNXRZ3~iBm61f-acE zi)R({6m&;DPT&iVMG4%@e@a|<9RMoPu{Lp%5j1I3Dc7T)=K6t#-|V${l(l7+<|3lp z3AUAf=NrT!k$n6id~D!JLPTiQ+arCSO+Q66_zxYWA6!gkG+@LimU`Nz-$>ww)HAE=a2m_W3nmWsr{~B>j?U7%<}^uzuFxW=RaeeQ(KVO6hfGnWeeXC~N5_ zAy@))^~~?oHU3I*Bn6xiczIR-Z2Ur9S5Nu~COz|G`iBzB%?$DzFPkE=n?DQr_VqUM?(0l*bryNtXy*!SE9Lwmy)l~bHjb+U_r!Eub8skuO`Ez|i} zgftP$7B+xfxm*g>(tKeH7{T-Sve!{)ZEGthGjWbk>l@C+m4dIiD6VOc(#aP3C(*_T z+R6bWcq8JUqBV_vBICFCMEK=+@-FMpfH@vbgn;TyDHmFmGcP|jq+txi7W4uxrZK|6 zEW#20k75W)h-hF&yqD%Jz8A+nk;1Pe{_5zRd8=K!j<}^VrMYlM}^u#EZ z1fsWb_BqxP)}8^+g5Ccl!Y*XS8wiL)7{k&0DfB-gGb+83oFww+XcUPl1RtmEbf~v& zS?SCZFP~coIbkwHgMNP|{+t2y{tzARzxHJRBuC3+&*k3ReeJ=Lkg>QC225_LjT5o2 zA>L@K$qfk!Iyz#2(ib-`}S zheJvG2pLe8$7iR?H()lfJPz8@SO{Pc$!zNaf+>cS5m%Ry)&gUi1THx6 z4y~ni;Uk}pv_~kHt=_#ne)0OHJ#)8Yb6O<{G-!GwK@ZseNJySvFD}ls{DD*m2KB2L z8~_BMQEXeMfv_XtXYf<>>62EX2n6e#7^YM$9b}`sJG(BsK2KzRcH`Jmt!9ID#qiT7 zq%@Io4sG!KzPsz09i9tsZ$5RdG|1w-HT1bCO+JF_CV2Ocl5uKKuljuKa4}rk0^4bQ zE=Ynz1r_7xP%=v!7-d3lcrhdXm^U<<^Mwc6W$9xJR+~aCsEm-|cL=#@R^otdtDYU( zYRyWTr4{-A<&^kbOts^%{wb)2|L-2{9_8&n_Kpr({=bRz=~M3sy76X1&=HS4pTzT! zJfHDlai(O5p7ieSES}4H`7u;4BBu5kmWyr4d|f5vRI#lN>ZTb%j?JQ!x31H&n?Y z0m2{0?T+T6BDLjI==I8iD!_NPn4~}(d@Xkav>-h6(E9YroSjthZdYsFdFgJdV;Z9O z9W%3>v(5)Y<14*Es_PUQ*%4I6FS?zlr~|Q3Iv+TRDF>>eHg(V{QddffE^zOrv%G9KF+?O2vkkfEQ==}F> zxaz&Agbwwq7fi}Xs;cR}6zT`7+If=COGt z8L(`7I7AqC}y*GXe^do&4mQ{;`6?qL}_0&;0TnpOF{1B#6<5eaTfyco(shr!O6%N8Kmo!V`40Ro-$FL z*S8>7TUcva9nW&BBUf$KxhkbN6GE-nR<2lOYY ziyUJj3WhluC&TP|)RAAaUWg)T|G|uPZ?-m>$6N-ccjAJQX|_UP;l@~3mgg!I)vl6t zrDewKuo*L&Uqb~4JYBHF@y=+xvS6+~lm;a&1Sl_X_vQ>oBof@D)2eDcd;8+@&GGA( zX?S4~l;h`!&WupSfbT?nSKbQ>-v#QJVl%c8FuK^(`PuQw7idp7J{1NOAskJ_)?VJM z!K|i>y4|$Y^96683|HqwXoW|h`0jk0CY;F)|ujpo~U zvx*l#fiGxk@ym9z#*GK;1uYq`)(xx8Jx(vGJNE$HumN~yUQ{hSE;p;J;thF0?G+El zt2MV&ON|>Td;49~PT50m1Oy(K2 zS@r6*bV0r9iL_~j@+EX(jq>@kVU^}9=b~!OXU(QnXI?KCR-SpHY*u~UOXPy~>K+&y z5>WnJx2WCn_qc}56`m~@wN!YUtd^=$pMYF_`iJMnts#?JJ{K0MtdshA?ICraKYFa> z@16W_M(b%VkkWUIW>p~_;!4HNGbr|QDEozSLI;puY}uT}WTqnPU#d`A;woFHIF0v* z?(T+#pJP1Hnkt?`8pX`K^61OenHeZfB;UIs0b%Scq9bD7Ii_(O{zBsHHAF@>pAziH z(?7C573)R-IN@Rc1@ZCxoH#Ua*$^EV8Dar1Uh-Q+uN*%u)x|8S>+L6{ft^kuxL zO-V~=MarPRSZ|Y$sFt=>h_zPIV4-wVb&-l7WGISMOrerybnd3rn^BU|CNi;;N}9=( zYTA?$izsc$3{X_kkXfd(ot5?fE584P?x=Yf*xL91{$4TuLmU5nBdMsF%}13g*a67M zaoI=zvtq&andbqYc{ceTQ>v*iEF;akc5^TJ54{Dx>9i{Ur>;`s3wE&RG^mUJFeuu8 z9qjJ4{C^Xv$p5p!sLX3jlS3d|dL2i=w`ng{J1;o@fLi}}x}b*Icl|K(Zakk%%<#G@ zI-xYX-44)^e6Z#b;J{h9z*9nW? z8PAm4aJIhkg5+Z+ALKa>=J0zGhCUHt*QFJ6X_X?xtqegak7Wq@Hu7AER4e0gN0i2B z!Yi`%d*sYBkURMS|4~GjJut$}ZnRN;MSdIjb3RBvdp;3b1vR|uxU#fqjcL{MpM~AV zF(B&hfBQ#y{GY=?zrFu$BuQS41Gj+;a9=C&HbBGz%W%G>Rt*x-MUM&*KeG{-a45h% zJi_e1CnJS(ZU5rw{AzY9V}}}Y2_v%`5}nXlh$DhJKcay>II#QOey5C*f-BFq5FfWc zWK2eLc~a-c?VLfK5jU4tmA#61gy+}JK0LkOP8iuXeT780dhlFZa?Jl?C)j%U|6(7Y zI{v?R(9iMzqy63emj7=eJuv@o9fa0#46M&dXoc2OMSj_kl?e z$nA_}eWB!bnPq)>pwgm7Q{>Ebvn=;#6qw!3HK|mX0#LA15*eNUBIirnsc3-7X&i?g zH3Bhps6Rv(Cude_%uyX{y%-!+Wl&g#`jpeyh9$LSGv`J#hO3rgMN`pY7B5k5usnuh zN#libo$PwbzA&z7n=UIoJv1BrYSaDBe;K{FMhvL6|Jcvle;gd`xA(t|q{cy`7YPbV z&TnsV4;2)ldJ30)CtOgxQmANR{g92M&{2A{l(sICjaR;4Or&AN=7`{wM zTr7%10BgAa3wyKJvYHSP^PP!*KtRv--KTk47yn;m0Z?oIwV${DIyyRR`Ts`J1MvT{ zH~;n+c$i~gHOqmF$-sRkt+gF^=(H67xA~IxCIOAeGHulG|Ng-skN>v2+uHwbCT*cJ z9LFRQu-;;B(e0E3Xq0$9cmagixyBR1Y-Q8nP^wNq(*tt$Z zz`kYH6Pw+J))RY#udOF`JPWNS|7&fbf8fZY2}7qZUNVc{_c`0LY|kaQC-Oz~KVKuG zSZe=k@bu-{SiJxD_^-MBKiF&i|2C7hP;s8ouf(4rkW4J=2|DE>gzqzO2YO$U9ZyIQ ze|WqsIRB1qSzBAGdgX5DJM#*N{G= zt3gwu1=VFbfT|ikqjLfP=2vl)kSqQ#UVMfj=$Ai7P!Zx+eT1EeGG>lSNL^;5m;X9@ z`R?@f%QqLtuMDceX|xgLK(%RoS652xMzGV9knHJ7xlj6xuAcRu^_vZMhHAsqqO$a7 zWJbUii09aKiOc_O;>s^i^{2a~*0pJFT0hn&kXve5V18?HHkeDvW*@W?qj%r)=21N%fNJI&WCJnDgbR7P}YBcagB#U6x=) zwbC~E0y+kUbdf@^88J&m3@y2s0L4iD?PI8DtzD)CGz002H z)fRHaYMS!vWtYnGoUhWWucVf$bzO+>l5R~Ky`eGZjW`w>AmYO2We7(^*5V=>_;ciq zC2!CKcuX#M+hC3rR96pox3Y@PL|Du9w0dH~o z0*z?|qdV3iO72JX;laV){xXtk74}9M4=GT+7EyIgRR6|ERLVmD4rJX#uRwJH@MA&I z&j_Bz=op>JQV5EH$jX>E2^tBeWmE^A-*7tu)n;?yjQFS-i7t5U7yoJM-S5*@j!0BJlMe#r$qj;7pXg*$o^V4W*fyFAf> zRae9C=sNAjR4;j=m*VnN-oQ+%Qxu+5jSY z(6KfkiOMU;Qf=TI-IMHlQLQb^t97ad)hUS5y_d+nsIJ0Lx+beK%_oJG+i$%XI)d2ssmhE^is>^Y}t}3Xmz!_Vm8*8PyFzySf zzQ?%VkLnVHva4#U%ka-uBmBNpFLBC%=HpLr$`}A^4Ne&owe2BKnR3Xss@+%t3Agdx zm_>jq)$?Vj&LGR(XSnZ0HLJ4_$xy9ck=C%Z?@6`5uxoa2)Tnq5d~YJ>EOk0*rwZd#l z6W`^es;BaWgrF=0%pis!3Js*PX-SGn4M@Lo(R*l2kX$ z{53kRv}rA=+W#lICT9`-IPVD;)y8O##Z>G6cbND8>kkI4|IbEJE*h+ZW9-w3?cg}} ziS5ze)N@@D3{i(m3LPVhTshz@A)X6~J4Etpc|OA(S2SQOyRNXpDK9A9d%D6ASgqMG zVbd_8AM>#ZaTw}9`}V-@TW;!_Gvx9QLrI9Rc}PfZdzP>%U-gLBJBK$~j9$Q77Z;o8 zSm)q``W~0`Y)g_QH;g3$&Eins;H?{zoZUYYyKS)lZ-nRn>I|S}{~z`X@jv@}`-koR z-$dHd?qy<{LE_JEFzxy4F@({-k6*v)j%hT*F&9+Fo=f z*+pIuQ#7YZq>YQ2ZCPpa!m3x=htLM5(=sYKj$=xmk*UOexq&D|UMbkrjRyCZURczC!!IQ;(m!S46p z@Ae&Mj4{T0ef;deIXoJZXM*_toHlckB&~$q;#ClrT;YMvhMtm-ptzb4m2n zcq$M#8PW9&8=9-`&Jq?23r}6_G26)$e9U&Ntz2m_bo_QFy6EsL9(YlDF`|KRf2^Hl zR2=Qrrg4Yh8r*`rBoH9DySozzL4r$Y+}$NWaCdiimmndyyE}AEzwbHclUZkGeY4j5 z>s8g&kL~KGYVUpBo5NIyDVnZNYvsUsd>>8W68#f1O?1e2AL~s5SbnZ7UA==ED;zy6 zMmA340}@(j`@sHaCV^3UET8xf3b;@F(@o@`;RP_T?p$l`rmzBXkC!(qzSVAc5@4DP z^l#{v;UkHCTz*DV<}0V_^FbBBfTyPi+3CO&Oou5+Ev4+6p2&5(IVz91JS%=kLRTp= z>*3vuaL1qZjX@ZX8JZ5gpr!C&cHE7<#5mRdaF6M7)8%5o4mDWmOCW8n2G>w_7881N z=D_mUhJ@VdRe#^H+|Y|hZWEW!VbHXuB5Cm(v&S@zF&N2z&#(8>U_;#wGa70ag}L*I z>(TqUlb*7>Cd9K~W<}7@J@MV7T-eXV1*u-MdM z*f4b1r_WHSrtPdq$&>2rtTh%QtreDiMcIeZ(pI+|Wj4l?cB+Q>+^3W+E~H2(PQEO< z|D-CM$2u(agEaL^;Evi$3QCk(lliQ-LU)Wh`N$L<^` z*z1V(icgMUy`47_B5Z`@bU$tab-G4m9<`&aog=6THjT4%iw}9A))b4Z+8>PXhtF2N zdr_1o4VWmQ-sQhbbQ$j9)55yI5+cSIMW(KLxVXeuMVkC08EB2;4c!>0kH|+R*=4Bz zBU4YB(|svR?*N{5{DhKzFd}pqF1bB^C_nI(5BC?72G*?kLH-unmqh_0T!RapllXNU zu$Odh+ED7o2R~F7Q|`M<@kZ*FALYL(~e(_iTL$<|e#m0j- zE#E86+c_yCu8-YMcDMX()%7F7=+yPKRxnO?BL8A8Et_xE&dcxZ*=D{ht7FinM0fmt z`*wAAKjRyuY?8MVGXrH#?Bao&t#rM5$~Q7B&?T=Vb2JV)hFL%m!HCP7(84UGjWy^p zr14j*^%{<0nxKR?3!yA!D*In>vG7&-Kln0QRF-G#L>=%}jR;;h1t^U(S9h*63}jbB zO_=`v-inhJc*%qlLL%J#fUiaco5U=p5bh|0%$)fC_NSzImY3KK7}g#(kTvX0+3UeA zJd;IeE;=$F2T?9bv!;th=cgxu6fTDijG1S}N(V$@=g<86c|D2*O($M?NK)5l?@X?- z^c&5`V7=^(-!P*t$xj?&D^aJ*7hWZfWU^nyvcpr;I(5@3l5#+m_$lY_5~J>%hmm0g4lttUvrE^@HVUja()p=+IHCyy;IxFl(EDiI{s#jv?8C= z>lByPR*vH_YI41d(fTABM;E|H zOq`q~R{RnD6gQ+@ka^T@1D+oz+1>emC142}deCru$Xxjp)6sp2)5M?5Xm_Bvoa=D{ z@2CU%M#0c>>Oi$qQ_4d-sKcGHp7wMDM7!J?7pdv#tCFeBow$ZG*%e)i5{N$z%69n- zw(_Gn)d(;>nJ{(x*G8r(nD0Ydmb1{{-bZM92W(J5^mH9q;*Gzkr-mhD4Bmq6RZPpibcnxBBWOFMpGeFu_er8vv zhA0oAUaj|>sYC#caq2!)RF1icZX6E5_<4uDbela1z_bVe&Km+ zg1C}w3;%K@A(BQ&9Kqpaqs`n2fN%Lz?O}HonAoI+G=Z$Z93@Md(3)(RwuAC29DFfX zzeDC1UOZhbf{AwH(5K{Dh98?TV$SXk)o#X=G-g-jWv!vc_g^=r)>Tk!Tyi+1Lqt9O z8Ez`SZm!pSHzF$|gWnN4$^FWSy8VdC_FI$OSkpmpm)u;i&}f$)zA#|>kVsr8q#$9m z)gH+)YRG;jel4UdmTcB}7^Y9-)cU1VmTtrb zwFhjY0!yk6)`;cMOke?vi%OFKcojWM*z@IhOSZDo3Ya# zBxIHpK^SXE?}q;|7d`sef_@7ZAO!vZ+6i5R=Ct z{bFw52s(es<%T1_3|!ut)cYKEzU9p&ram~6kLOf_Fu)T2i`i4qk56f(oSop!uM=$j zq4jCsbrr7tC@|L9(dX&&`|Ai>1p@U0e0^%8Yo5vQgu(}Ewk4O2VG2jco_Y9AN1Ev* zkvp_4Zjn2?RB(4L{*XxcfK5ODm`s}OVk=>^ZzX5*?O<%h?Vritqrb>ET3%e}JqT(_ zMg-n&$4m{%QcNc1PQLHKf@&eMOmrX&c2ZW99)hS*_NdU@J4;MnF#yY>cw9?yf8;mQJtV^Cd)Tjtg$*THvZJG<9XF++wMqXp>P_sV=( zA#hPx?rAxSak4i=9FwZ8`s10{C%JaM2m+D<>1!70BQCX_cy(2Bw?*udw_k~XNaP5W z`i1ltdZL&Dx?*5)&uZqS1Jv(2J z??j{-tf}bMDJ=vd{q<|PY>0$FvYoxnbUfyZREKtTzWV7fAA<@by@i``2~_+da#8Sw zDb!~gJHkS?z^n03H^Jh!M;qB5614Fu!FW9MtOn}$`3mWiDRIeGh7%9k}udsiCXrlMP|MfUlZ@w>QFBu+skWO zE@=Zp_8BF>6a80h`P0+A-LBUjQ|VxeGD(5DjUG-wKh0}1L9HnsT}5Vj5MMm^gz-*nAl_v`OpXvp98HR{ z1=T8*-Ft}Qa?cZjQ`3_9o{<}_f4@fh$kMw!4sCh2ASeyEe0$LvXs`bxNA1EAU&h3} zkc4Ed`t`{C!NQ6;GvDfq4DSFRHL+UAlbEw3l{~NbpDnIm#u_S?oFThyt2QL(X_^T@ zt;zT?1oC>cce4la(F3G+&jFg?74gxU_3{X(88pFt7z0X-!iW*q&*JY0L+-9#G~UPZ z8Q1ZgEgJc*YPyGNT^U5pyj%75Js+XR9iX(3?%d^DXHe2t_Gq zbX%xy$42oPA$UT_xa^a2&)&j#R1kE6ujH)AYIXfqcWp_}qrFm?@bzEbVVke>KY-VO z4oI$J$ERbUA+A1X(&24_bRZLMU8G$RjYwYqwE8qF~x|026{dtP-d;6EWo3#PL>KW)+0J%qiIZ}lgiw!qzs z--UvQYVA|S3}&B+x!2L}fVPw&Hp8xZtFuyw+AZkpjC6Mg=$QfgkN_6c)@7lECZuJl zzDUV1#3qvZ;;^re9pME}n~pN(-|_s_E#gg%(t=mrWbE15A&5cg&CdeRN|t%c>*_= z!&$ZXT$+YjVt=qla_FD~TH{XBv?|F}OutTE85aImV?xZm&lQI8TW`svz}+MMTU|Kr z*QN2;Yvb>7)m$3B4Aw;wGS#KbArFv^+uW!njRrOSp-7<^%! zq`Q|{mcG1X&{_Wk%DqTq12y`M$|;dxhy#qWLP;i9lyiR39vXkRPhG+hXh7cRu1O~!Nx({7uQG6RMOk+gQ8gpK{3=@K0-+aIfXKt7fOoO zz#mX4xD-LnFU2&9Xo$?Ms+u8M=)ntrERLw&5wxI`XVqN$HlGZ9KFE!*#C682)kk=T z$S;Z)e^6T3<~=k`!z)h}6veMLjRKQ)S$a_B-e9IfV2K3o*6^m6ow?^8>q|e3dTdOR z+kX|kiJc{Ft?tK&uMLDa@8JoTIy4f>nHc;Os*;LhOZ-_cxLalO?pkS-UaN>b;OF&g5;~RrP z&J_A5E}D8ng2s1Mea%9py7KL@&TmGWQsnzV&=mdyJX)2kHIh~450jAUxZ5#();^3}VzH?b^45=wpqwWQfvL3)F=BqWIn)?AnES>k>5qR7=<(`GK$K&wOkjT=a^&MO3v+gV%P%WB@Nhf=< z;|KAW)O&fmwz@aVnx`QI)I$|nI6BR81U5O^N=L?*<*V77RxgQuf=eflK^`L7q8d+e zKdSSGWlbd_`=y1Q+n19gl`4V*lgbqZPyM3P{V{^;0jeWW@m;AdlrP!D1iJZ`7TN*Q z0Nb_ZZ}b;T$YFABb_-sLsBhcLzH!$1c%qm~dP-?Uo)J*0w$5nG6tCWr#rDs~RDPqm zgpDcSrHk|aAaRU;!FGjF)m^&-uX*scPfAeTl4f>N%lZx~h^#hVK=veK;^wt1^m z&QC55a1&h8Zq^sxOZVr(`NJC}2H6Y~`3`3OEhO|f?8)VKR7?r^`{t7DT5cON-Xp(* zl%?#^(fDC6SP|9lhzvd+3m;oa>wIN}_uEy|sn;({AFikBVQ|XTuN*{Bdt4$ZDtDwO zeQPFf-AUx{ud=ImZXu1^~OuF1`QLM|lYe24&6w?J&v08c+`RU8ohu;T!DfVv=v@LuwTyeUi)~#E0U`JIQgF!LKW|}5H zkTM8c^&XIeG=KM80WAJ=Y-}xmpST2=w?OA-WG4-mM!f%{_4xM-)@51x3+Rd@b@LcL zmoNPe2#jt6H~05K*G_MFzzK}HY;AwE&pSsAg+&pjr*^qffz#I%VhpPX2;9n zANg_rrI~+c35T6mAe@Zq^oKXJ59`lTZEY1VUH^8i!f6`+X&RZQ;(xbGU}OD%v0>hi z=DLrsQtZA63r0*EpmVa5)22(|e>>mcyV=*BE=#POqn$1)@I4s3rt+UQ9A;PeFN3QJ z^?;0~qR}y_zV@Yw5Hc$^e_wF6xprpqpI7{AQr0bPT*3dC_kG9>=mt1+-2%V=xj8v+*@Y-2CH3_sB`W{lFZBQ5=yO$C=`Aowi`B-zbKi?+(tW%JMBm*z zorBr}d?J9lxO%7$&xQ8nyESz&e+B$UR{Qx@Zn=VIll*sNYYLs|9C@7d^t!>X$2=Ga zZ5_u}Q0Z}cmJ2*->$Ah~1LxfRnp%21&QXo!m3Ci)JLa1kBZkquz?c&bZ@p5NaYUDZ zmymwu!O4aTk%UHUDp+7u^$v%bj*sS`mVt84LwC_xJ{Jm+^>G_y8K{E)jWX3uT8lS` zYeTrrEDXVLmd&Dbv`yn}8n;l|AHUt@bhMv?#On<)Cq2DZ!v%LhIQs_AGw|7s%^qlK zYjT@D0~GRAU(T;AELQNzVjc&+va&Psz?l$1hxsT^t2gxwF^f@a|34QlU) z3rQ;Mr>uZwOmt=@ViWe=-|@9%UC`@_$Qu?N&xa2*4PIJ|4RJn2)v+%r{stI2+8T?? zk2-y&fhpNZw;si%jm6(f3RL}^{qZ%0)Npwi^=0eu+#N;C{8CApWly&`N-n!|sixop zm69~J`|pEVwRCqGq9=+dQP)}u?4fe&ASwPZLTp@*_mShqac^9+JMK0znuWN>s{TyH z&6*!wI$-0^5s7%&<*<^Y#Z&`ql(NIDfc8HA>4|eo>93&A<^JHK4aP8#%drBfPXP zavme>^R$UbGR|!zmW1_uIn+k#v$CDm{pq&oF-G{Tdm~hu4QXuAe~~}YrY+QY&La>D zHmhGtOp_e#*KnLSW5@*q6}g#@`ty|}y}bub==(5yY*|^hRNtA(@#i8EcZsDGLQe@+ zX3vJt7SB(mU$}eew`#zfv&ac!ft$!J=KVQ-W2|PxW?kj4_g-~x1T4gDt=Fqv>aTG< z&aO|_Tn)T}JVbvg2i_+7i2l~?d9lPGDO!18Xn3s{t>Pr?3Yo7MB~#@SCi$(b2mVUb zZqYMd5WsL{xHfz68Ho3Q9uM^8(gn(6@po7VX^>pfyOEvR%0dI!uzk68hV(Ls~yOTF$1 zP$ynUAA|%n8qa)H?2;qfNqq7R6IwpRaJ7(P53CW2)JB{p5!5zLJF@S;OS@swK zu{E&#Q@g*4Gg8!7MCxTdywiJX`n6GsN{4{OyiZDl9m%!?2nySyT~Uf6%ER2fsa4bs zthS#99{tBZBDzV*Y&`Y5=6VMRd-+(q4IE1q&T+P;9lh6`zqeiDIH)GLnQcg_pjfZE z`f1V1H5gbcpYrX~Y&p!u13tD7AyV5_0cw5pe1qtb4MCIu2Zd)?%AU~VSLm_Gskj8* z4v1&P^hW$R*5egA@=`)|gG)tm#u-s2#^=R%jLR(R6NzA*=mnh_FGV-aU z)hrZW)IE59hn%(TI<;6MnLun4H@G!ihH611UdF8SVe33IL%;OLB7a=iHEbJR=_mRg zKJknGJ(xK};0Hb5TLK;UC47G{B-YU15MiDxukfSWR^i3;W}0u?o|>fqkXaR3Z|`vT zup1)Zru#a72zujo{j}Z@kjD!il2jcus1QBRtDGh^r*?J=DNN15qV)4IuC17ZGU29c z@;0L9z*=x&kW!Jyip2j#lI1A1I2gs5)os?uRbP84wLw?Bei_)d( zK%2FZ_PXHn3f?$P1YD*3lkH_aQtYyg+vN}0%>W@MKW>NVO|qA{j7<9NntLpl)=bXn z^EI4fah;G7UVf5{ymg!t)N8@F!P8hPPxM#~V&K%K9)W?h9|0{V0|(4zrSPkW-Pk5I zD6%57>z-&IlMyi3)_z>KZ%klfTMacT4oRB^Mab4$)VizSgv(pQP?DDh-Qv<4s;)Ta zt2M5&AWW$UA3BVubvR5vkNYK2Mqa_>?=*WaC5ciR6!hxOm_gT`g*g6Gr|1Xn3&&E4?;GC3<%;yxGU52cA zd^m^A(3C)7TU7&EAW2?Y{3L-X{N1UC6CVZb104#QX7j*ENK3!NkrSt>S7 zl|^TaU5i}m@62*;T7h53zLvNQDkNX(IHBjO#50-E@SQ6XG1(C>EQZ3}V+vL({Icc% zVvt<5%%3Dnw}G~{fVTjE`UmKg0k3m{nYa0PRg#tbsmnHgmu11G!TNef%5)boGzG|D zdST#dnb(JiW<=KKf~&5Uq%-m70!%po@*B4|-!8N7ToFSmUiT$uXI0v}7&PrVy}2c; zm1`bVnUwkhw7-|5I=$QGul&&40Q>9RUUPJM`v;=?bVy>*n!~Kb7Cn0V;FlOXi-y># zf-N~Ycx@eH7j^s@PrUb^6dFx1P0+|4D|I-Jkp)KN&HIObZi~g7pe`rB;#lsW4XMqK z)O}X*4i?)O%OpJ@%Gg>B5KA6E8XT_Q)gBWmQSeWP(=sxA5*aus2{w?%x)Op#H-qb9 zlec#vbnCoABQ2Y8AsXqZQ+;=zPH|@WaHrTfz||MssZ7OF%f~PCaY1}!MPz8I zZKw@?I>bT#<2??_3~}<+ufin{?Ka9imI(>lA8;twi3#`q$d~p$1%oJv63+7aE!tG# z#k)@E`xy_H2VD(y`zq1$rK{b7j;bww`I*J<=fQA+H4qdvG^~82?p2gCHUIaPy=*nP z5-<#gQ#WVYmyys49wr=QGu#*;yEDQhpPC9dTg#5GZ6`D4fC^Bl@qoic z;X^nvLLxz3o3KKeKBjf5jtLSl#TUg7+xU=mK46$E9r!0SSnQ@V;Ct6~&qD#qA!A(~ zL2e%Ig^H?t#W(qtKgt9rVs)@dTAiAPx33y=Y$EU*la}ge`!t|tc*-KJOmgV1 z_4>Ga%4;LD34UYttyT=HeezWCCDrpbL=4(KkntIj6 z@T)6+{D%9(D#=uxQRoNkK}L;!!#pKO2ade%XL`AGL+n>vp&jMavL<3NOBPgKoe}Vd zaomaeb(VGh-$T~g+Vy*@%IOKnh_p8z1y*0`)$#}bc;g*R@I2S77)KyuiqwT{$vOFT zI;>7kT#7Ntf&HylpSq?=@eD(c)BvP zkD_*Z4&J;#?>iuB4&PewK3n`M#^MKS4Vtr2cyALUX}4)4I1R@0=^$-cN| zbE20e#s)Fs%4lW$VE08j%l%q2)Kr1CarAr|+bS!8_+GHLQTXDJdL|Uz#O1Frv|mhV z{-DosWiRv@->(W%RlC7OE4xsP{@*rISVHzq#vj1%N6Vna3E(_e?aTb+p$S@?LA$P$5~|MpM@C<62bIyaz_A@`)V{ za@!%+gLdM+9g8Nlf1-#_=0{oD#ZRyi0k}<$OmWWo_=bJHM(|U<+ggF`N z<(S7%qIWiMZ4p}gF#UGg3V&8f2_Jl(Xtv7#tPZG%$|nd=Y|0aV>b!%oPaf|^;`?g! z$|%&t2DH?Zf$bSXBIrd{Ux9;nRlw=_`S(*WU?da&LXK!xg7I*vir6>#(Pa=ckzlfH z%&~k=pn0dxwARl=SoLVT;xWrXW<8Ki^tCVj4m8-p-Zf}*2XWlnoq@Z&ASHyBAg@d` zEdXr#`pj>%4%J6DNX&h~{CsXF_=R8t)g~V;q?z)`wt_K?DUVor%sFDyTEipFg>qO1 z<``>hozDsYtBnQauO1zc=SO)eydAQnwkRTB3>^?s z*tBn?dhm2C7zGJ^cUkO6*LuR56}`>W`M&1WoF0|?N_u|?CPxCF)wdeTZp4%(xmS9v zLpb&O((;T#;%2?AU1@zx$k5s}KNss=!j;OS&0c+`oD*x;=zCj1uQ5ga_d=>8`WEye z6MsOvR+XEH+^Hdqa3w)~3y0-aKgk^QIomBK`mTXaG~w745SLivg>uJGv3E^Em8bKS zpFQd~ImS&~qYTdXwNvsDRGf=}XG+kUYYZNx?Is4cj&nQ*@P{-D+(i+Gdl&?_&J2&j zZgG0%w@souQgKJO!XB@{8W_A74ZKvW01d4_IQzO#G%(ng(d5nxRq+zeyIB)hu|@E> zUZ^Yy*W7}V5j&Ogae~e{E@Sj2q6!=K0pph-HQ7CHe^+?TGqdq_nD5}Ae})8}ce z%V{m>gKI6Hqq3u`?3bD<9-2zU<1HWpZr}rW{e1rvLfW)FvjFSjr5->TKY{Md#agb3 z52D6cFrI#sxcQ0Tq4|Ia3z)&9S{BWAjxSwv2bjZjBUth^CxttH0D26;5OY|vKked+ z=VvSGE6j+~F0ZvYD z?>k+e&#UBsHkHS&-71Zjh8@idW3(m_S+ihN^BIakAHIA$0(uS$j5`7oitpbeui4@? z6M@^lLERgm4T2Sc!Jo>2Wog|9#nn=v>=&>ez0jp`2L#QvJ^;B)Vihl-#6{rzjI{nz zm@hs#9%!IcWdcBykHF>txS-%wv*U`Vh^+@m@di%G@h*U8DMX_-@II5wn;t-K(EeiC zLLR08-B`rH^rdXb^lg*eicFe;tWqh)`Mn;2Bb>_ar{;%`ytG+%Gue}E=QQ9Yp3r2|O1 z4Ho)O8hYd)8qrPy%#~WBA4XY2+*AwrA9Cu5(5HnJC*zJK#%t*f{{%qFV6b@INX-WT zrElhBVjyKOM(q3zb!U(S7G**Qvy@VA`z@PtZu`kLzZ{2=PKh3m0FV??a{jB&z0-#g zDdV+$p;v8j7GA79ALH0^fk)zV8o5)zjV;Eg-N$iaqE~<*7&tQqRs8~NX&`XT z$EgGD+>d%i&=ED~T)0Zeo<`%Bn;iYPZ|^*D*s|!TS90psP}!&yU#b@Q2~X}urzT0c z3$fHasl4wEQ5gtHvon7mWh6#oMI*@)I>r(F>^k1Yi`qMQt$GT=%2XjBJtmM$R!#mG zXK++)7`e=I49Q3tpzOYIQk*aItUNh&NJaw0o48x=7+i^nO%zqJXQ3vnu_--Cq{CHG zAA}rd_;a}eVZX9e3E)cJ3_AH08Q_@x`P!ptvQ8N?Nn;oO_Pa|TJ_36I^;C>S!`JQ5 z*fq54HvBI9NblLPg=%V&@FIRq8jkOCB8glk1y@bwES)0K;yy}(djo+w$sBmFUey4I zVv3DM@?2Va#+tqGFM?)w+V`@JtO#A=h5n>{pc2-j_Y`VRV)T(w*#oXD3AY%k=@gf?jC zRU#3Wd%no6N`(d-~60@*+kV~ zflb5QyPq%InXd0Kh_SNQt_(@28LW#*<`;Pg?J$)BhSKEVctHH9X$@8%P?RiELv!`ZlqCLULI{*ZQdw4M5HhrYL(O3AL8fKyai2TnlKTjUzn(=iUqF6y5Z{# z$69~BBq|Q=Fi=6uQC;pbRxBt|0Vu99k8wscl^excc?rvo+*_PMGQQrj8!1K<-I7IS z*KRSCR~-2c(ugnB@HF1VUuB81YZA<8$od)@>KHNAmP;f1eT^M+m~b$3U2~xNd@Ler z;<2$|vVF!rxEjPL@!h>Xss%*wJ4^0x_Jzg~&eQ~ZAtX`cB75&hNZwEr(^jADeGcBI zuy&|VL zG|zC7weI%<>AQ~zJIK1^*AsBF;i(c6(3*I-UJ&_>L_*j$1Ie-UmJ&1~$;5TcA@1}| zcd2Ml!RKOgg|Vk)wYg7o8uSQ7t@ITJQsd(@puRak2}IwsQ^B>Yxyw^w z_v^Cm=058doUxP`9z55d_bI_v z@ufMLQ0%GQqr^@zYQNcGu{3oT#pr`smQsIWoO5f$b%6~-Cdch|_LoUq4I_sIT!RTK z1)~pNEFpRJYr9Ooqc!Jqdbp|tnLl0;hHk%b=FJE$M$WR>%4hfzwbK3&a&&Coa`{jb zV@hnu;8?v3qYkUp3gwc|b6Ji}XXEm@g^s+B0sZ4{;D|-h%uRwETs%;<2Kwp*?;!+-PpJAJcb)^I~^K_x2HhO(R%4~!R1QSfXchl*boR%CytLaZ0 z9fRpI4@~5UF-kW}cp)O5aYsqPk;tw`uk9MVkL&U*^#Q^vN6x|;<-Pxkd#b!q=azed zS?B=B?%b}=yCCStGlWt>SU{yj99k;ES?O^+!I^ILs+9AmJi5?R7#gP1!kD7|N*MZ2 zNM%6{0;ve>B5Ud@A8EJsN{jsmqhiU(k9M2=-OKo%C54^-N(B7&+vK=1HWhQrLZp$^ zF3T&k$y{Bi&yMZg_FHqQNJC@Jyq*^2+2Xf9lp&&j;}BRyqtPVaBb1U-myhmi+naIR zlvNR(V@Z$q_1PL8TXd%xf)ga?a&;erH?zBa4aOY zADknI(qnzaFT`P$Dqj{kcHM*xU*KITW%|SF8kNId)JoyBGW3eck$cWU-$GndXKygN z0H5mT*Za2bLqukgmxkoR0uC54gFDMVQyLp?ZKl8T@NbZMi9LQ_C6S}${0mIc5{5yw zU{AFVFVbHA2bSVrsQc%OM$M2dz1juGN=@Upf`MtjbevWsP0OD>x2EE-Pz2mHPq+Kv2(En zFru2dPp4SQE~I%b52fFI>vyEJL*4ore|(qe5c(rv6uuEzCL3$u#T_jQ$p|KX2wMw- z=zKc5!0C;O6ri^V4{LmavL;qBxbYX1f@G=~D7K}0y=()R8`93jX<8&-@;>ua^yph_o%!bCTQZqV$yoW~iF~mG;+~bl^DU zlh65uSMjBDWV~I?&d>VwsAUL+6m#q&h@0tpINR7s4xc+?+}wltrHTiYKZ3!@TFLL zp{ri+1NmYr{TQ-C=C};KtG&$cPdh(i{ui3$((rO~ zn*|N)Ay9N6EedIl?g7S@x&^~dkeTeBnTANvc8cZ3f3(PBS*+SHEOfY^K~<2B_M}VV z!M;Hik5VC6(Nos=m6IW7YF92z&PVCtoHERk%*_87j&(k4W@!j#IeOr!p^br;mlr&kbtASc zYAe|vUuNPDvC9AWO*{=yQ$+3k?^sH|JwChsqB(1M%}*s8o z`<(2L+1(wmnplJ$RGnsKIWH60-qn(}I#C~t@!SipH3d(iwd>Lrj`z zf6wWAk1SE{XV|L&cTRCWhl-<7?|>V(k^!>Z`%L{!4DN$zhe@e`Ojf()dr7S5y;YUo zJ?duLkz~ZXwQe$P{OYvyISHY#Q8hZZ-eIv`+{nc7p0Wk0@j7r_XVCu>nxcCL&TjQJ z_$Qj8orhA~0h?QeCRlildOu3OIHd(!i`Zm90W*AQUNW4Zm1V-PhOt!BGcBx($6 zre#PnIXsmnK&5629V)&iJ$BJ7{fTzb|68=nm$7@wRkVz)eyxVOFK5T|CkVupoomh; zSHnsWyH%&3lS}QzhhtJO9VWQz5YR+=q2kv>PgiVoaANsSIE8rfMi$HDsgfs0dX;6i z;o<-rJv(nmb=*~DU$kX`ot=om(e1jiDPv%mytr~jgEG|Gb0sXS4D6)1!fyW? zmm*<58}74&!cfX=W{I=x0mz^->kCg3R6Zc|(e4yPMJ7{Nr}d07H+V&9XoA#x{?Akj zL>fEmN0?!4@84943xrDPf>0?iH89|7pDqf3l$5Og67q^asw7UMm>8d@npRN31|=P~ z{Yr&j6@V_{(6SYmE+A!lLj+GJZ6wofu_u&guhlI3&xT_is$_IfD!&hujJb)Q%;^u$ za2;ihDR?4u0gulGy+OfoZrhLMra~X&86wtWACe^(b<0M&GP5$xxiT|5rG>?19L9aj zXyQNg^wW#gzea;TV(hJ8rr#tH(2$pbltd3bB44?&<0hXzm~fb<@E-A}V#4;j?ZJ!9 z^Fdh(|3h%mFK9Y7Orfdph{}Jp$xj$0#Zde!Xpn+5oMf|vClRTAg-Uzo?z>01Cj`KG zS~15Tye2TLuMp}k-*6ul?sg({1SMswBhkNAnxeRZXU2TY+4YBGg|{QXFJ6;|OX0igOJR(d z-w*2?e)wVw1)*T>a2alK(h@{2fA6uy_nW1D zW>!x&zk=Ub%(Lxo7QC&yslKfL)|6FZhdj$f$74oCi;BBOiMp{)=r$uZ`^}1q162wEM1@^%LQ;E!3-`UPy*pem=Btwtz; z^Rh-{3Qr5yO=(nng2om6^4^N|H-``*j0zF5k$7-RBn%6+$&q?yo7FWZNYr7!-wm z&041ae_#~~v837`h(-UMRWWxT+W&|x@Nv*PHm$#x2W%a(aTm+trm)8|(7Kr4UK~Ke z{oBPM#cFI`dFK2NJ@%i}Hg$IP7Kx~eH+MV2QoSA@75-A0o*%^RypEW~tRWmit{cc~ zn#Nuqc(e>Ij?9x`+A~ED*TXH-xp9ZF&uY}kQAPj8k>(va!P?{Uf{y+`%Hy%5{3*ze2ul`1s|2_uygO?(G>_%qmgsj*WX{KP4c9D7_fWVl8C4TvNz1wn z0QX9?p84ItunCn2wv!T1nxHM~PMt!4;aBLaF(bElH>`~G_C5~qgKat7mOR7J51hB3 zD3tmlu`&7_Fh-Gg&lyg(`)iMJZ8ihA#bbmr+r8Z!AFmIYuwsuYQ?Xz+gr08hQvkzM zh3XH*m(9vWaRRTWFQ@kBiiSd<8}}3VO8ws=PH$YcJ*1}z!?eF-QY9U5nf@qnZb=oO zU6NRZLU)aH3UU|9G;>w)s)A= z%-7H$9ln~0nE6>h`e#^U(OqFLijf&(7KYK0Av0*#RkZK@I?RVA_Bc?YeVCT5cRRn& z{n!|))9nWnnH*8%n@6XbkV$7rgZi$nE_M*@q0Ix$Zi@+G?`_k!)@zBY$K&G4NyCq8 z&Fou2%Xnr!`T|D-{!ZDjc=6vQ-q`@sGxCN9 zBNCb8IN;l!@b8@OQAGp9;~<-840V%N>OZZTeBcs0SM)~VUrAO9pjeH(Oq~nkG*IPu z$HhpA-bnBPq=?2JND+-12|!pFzVe6SiM+U+53ixZ`7O;E_it7*J#EWsbP!1xo&W z+iLK`r~uj{!n(2N<%vtai3fkH;kvS2R6XC7_grSMEtN7zuJi7LWkm7ULB%ckB-=|$ z7y3kvU4hV-HO7igh?M>AjA7~&#A#vB-T$hK)$uGD=%XXPPzJO!zb%8E8Ks^{AJl0H zem%l}uIg3Iac$vi)$g-e7p-}JF&7!UVNl({>-5D$WJ-j|`e%u*@>^|g=2o!Vr*6J- zAmDWs8+hHoJndS*js@0+K}~u6UAl0v_Urj}J2R*Dn>$`Jm+SD*>&8G!otO3&2+egG z7}M>QOoKooa@oHA8l!RhD#boN^xsP~_nNBUzVdBvg_RE8+fu02DoNW?n8#6yHv08Aq$k6O!&(*ed z%wxKgmTGxB_K!S$zz^gU&I35NZn)2vCLgZQgO!NzF0Me-ojvXW2L`nfzq;YWWS z<*hmWN_sZ=L3%9j&Y;XYa|zDi2KjeJM+N%&Q-g`*D<$pR-Wm(SMWjwUa1eD*&ElbC zSqzwHQOX?y`SDcd(jwRM-hjQNy>AN zaVJSvQfJB5!`McT6x){Z|K6(B+w~W|*=g@{6=E;!@E&!V&vzRMt_XabEC^ALo^G+X z#iEp3(kQ<{HPbhLTL}YY`KfI3an}JwgeyItvuvP5E^p~NY=rB9%|EyNrNqvmmVRAW z_sx#FkFQ{C%6pA4!Po==D`Lb%LG3sBQ!rS-c?RfHVBC=`_0=?X`X$96Jeo>!aO3yH zl7seGZ?y0>g1&8G#87_k3?@&4^E~R!&TD#;xrgf+rQaz&lWp(DW+u-z>##g9@diGE z1bY62$MO{^L_}{oItf)Ks(<>@lv_P(E%TQGcky8=Wc< zE)w}RsAoUkTZVGzJ!4#wUhe@Vkrs+wW{x%* zY-S}@4JCrQ1uw=+{mz>%w(7T)whX?&#Z)gp?psF%I2`bm-zA}B7Ic{Otp#DXP`MUd zC#tf1=XY<4JgYXusqkIQ{h#H`vvZvGf zIa(=Odv|V}C%A}W-#fZ^j3--^ab1TE6B+F!;+q6#5ZIJF2tP~}uiWV$ahVtnpBYmV zms%=$5fTrn^ey?bPGdO8(SO|3vDHJDH%cWIk5VnPXLyEsmYpHVEUZGN7MJ~X@)ayN z=965qJIn;HA|@}^5}2d&s;`Oqp10+lcMWZP!T;*)t)rr9`+jjz0Rag?Iz_rcq(fRj zx*HLY?yjLhQd&ABr9nY*=nm;-h@qv1hGF)Z+xt1sbHDF-e{22D`D?GW*A?ITeD}WA z^$pTKT0MeA&v+G+(dsHpyq(e>{mKo-~2_Yi?uI$7>=s8aPSUAurcj~T@ShOj@D z%2CYrx@HnGng^#_s)^!9;_yfLXSihGnT|cj3SX)Z^d`z&lX9VrQ8ll7a7G0=cr>8x zqBusmIdVL_n9$Kc$6HR(RD6+zFQBU?^C82-2cPF<#aCOKt9oo=4$+zAjCGDs0JN7U_^I@KHDwHV&wq~`gCxTOh?M>qpVZEw4N9ZVIaQ}FjOdfHnAf9e%!*ykD^Nu+!whF=k#JI?t{1$!5oZLSqAzw8CMiZd>0-Y8&G;y^dyxP~C1KITK+a z_S#`9KCLGV?N2oLw7wrs21tW2Q-{Z<2G;;C?Kh`AHP3^gRV~S#(}wKpMf?7#1(%8VC)9>>;!qPgQ$P6-$V2t z!oUeYEZh+adI^x=&hD<|U+yu8E za~URpIiLTm2rA05`)l2nWQspazJLAR0tQfI*PsEoTJYnLZp!38l>OK3J^R^c|0abG zE9kG?($xRC*+0qT_8Y8$-{aqq% z#lnxH>Pi2_HRKmG4DKjm{~JFw4In#(7+phzBhZ#f69=pW0iq(yQUIqd#($UK{~*-=`s!Hx;}>59=t#MgAFJ5~Y+=<32(!V! z=n*0QB7lk98^jgM4aBCy?_$}JR6h<-Mn1^;K&XJPfHdOjAJYD(VE(OAr2g2ifb5?T z9^M-e(;3*)GXZGJ`Ja@?KM2BdLhk+eTsmi3=;NMhF&!;h}S{m`st5&K=h zsyLGA|C2KWqAL+*!um&%=|G!jB>ec|j}BTk?9l$+>58A%8%d!Gc}wUK%;eRTK{(n? z^$4&kI4}3#R=m4=%0BnEFlPZw#Ff*3R_nb!?zvCR??luG1ETX1|83%bq5J=-n9tQT|!uTw+>E}*?=@)uJfMy-Gz z(uDu%Qji2dOmt-twg=C?$s@|wK)6>4z|X&l)X72?wf;jPBAkH}3fi>(koHRrVT%hK z^#REIoUic4xPKY%-=oB&GB5rm5Ywv%fB%Uhp(IN~RseBtSOz8ulg_X)z+pGKj1HKYsN$ zApD^t6E2>71Mv;{3vl%R;$8Wl8nB0gQISi-Oi=$yvwLt1n)~Cu{wU~;X%+L*S|P&x_a=x$NtMkj*nll)gV0k0+A;SLiq9e`hT>Vx(R-T){4X> z649hM9uvsJ#D6|E{{vk9$5(fMkoiN2_JDK08RU%PwRsQeG+u{;JU>z&0<-wrdG!&2 z-n_pS`k^{x?|MzmKCmCt_3YBk(q&-QSRM+_^Z9Ou>}$`yZUe{Sxx?2Y4R4gcjPwPZgR16nf0rwiNQu@LcJ(NcT~Dx`Q~JCVSaqj_B<`1J zgKC3Ups$7C3N;WGHxdBLwS&A5=2F`#JXM>KS_5)!ytmGAMU_23{kJN`L{&;Yu5JHhDj;ZcyC7uezx3BiJw%hM3VT znxBjq?qBzk!{Gy5(LEB2Z9aDS_VB^SQ(>=FYqsc+}%xwS^z zIESi0l0W|Hjizi|QR;pKs@VP`(h`C4y7?gVP-w=ym$->^pHh)|zvIP-3w zxWSVRJ1>Ybf50?GhxPDId{MYLp)LO*w!eC-r z;Z@znX@&Xkz_=Z>=P|?*&-XZ;@R8l*Hi^A+gTD|G>Rw%1L!VhMDP2SL-oBF;EI!cW zbeXc}$21~)#T}Fx+n+F(b}>N=t|jG*Re8q+M~fMN+Zkk0b`u7@;7>`|RoHr9c~Zhf zZ$Q35Hg(z>T5KnxVkKE=NKKw$6Oz@j5aR5^ij%qa>&>o(t_A;u-8T_s4SR zL!UJ*EnvWgW9wF}f;h+%!}ddWBJTT)B|J-~ewf^K7*o-5+A9Y4>~eGCpu~*p8)#hf ztIut{2F3C#s7l4wh$kb>*(2HTjj4`TR3{N@+G;jJA?hwKFkiqVPa<0}6>*zlRNtkQ zjLwaVmA^R=7+|>=q2#7?7+Q%!S7i)>IJi~ab8 z^fs-aH1DeY3`WUWq+7yt5i7COKFqC!3YrL7Xcm}2|Skc@S6S?2s8PJ$6 zFcm=)wGp9s{N5GzS!~(P`#1{$S``oF*SLiMhxf0|flrO|AZjhTF-s#nVNr}E5DrJ~ zj}^20=T0vZGSI`nk$`2bFL76})0q;NSrEJ_eYxUi&+@W76LO*Ay#%8c^D6t0jr6_9 z-$BFPiw5$~g$?CXf4IG+)@|pYbvJ;W@aLwbm6Ihe?M;F+glZ|+Ht_o_dq=3F>dFdE z8Nq_i#;qAVHOI^kIl!q}SIG)AVJMo=t+7MxGJ%$m5VONCX+OAsv+E|>kve5dLyc`S zPWrC=N{*X!ru@=sYV#K+U?fYjF<fIzO!E)E|(7vPS(3jie!ZWR2u+y5M>N#*)J2w{eV z3OG|-bIh&#`d((l9H*<2VcrN7O|pn+Q9LWsnYlCio$M>4C_$cu7vdaGvIGWud&Abx zM;Cg}%#^@U1$4xbCI4y=k3lC z#_vsMYRmEH&D@l`q|0!R4o8ucV0uNRdr!ZQQVBoD9>l|@x8IvJCpYVUb0#_}JQSMd z(8tmAY7ucNw*U>&&TXJJu4VXGdEB2%l}0AUnOfCBx1>R~rgMerE<0-`klXH!f$+jg zLC4?5M3Z>qqf8<02=IYU%V>DSs{^4|HW8_{uO`tnj;RCoKi1i#_{>byuba|jS9B#5 z^MzfqNt%b%{J!A)3Z0d2CDa^xskZ~qa$(jnP^<)~8F(YD6BqSFj#={F-$Tfg;h-bx z--m0r;JB01%}WB8O_lhy>6pO^yHN4mIvZ!k^GK0}aBH)>PwpHc_r`>m{&$})B=^yW z9BcG0bKt()j}0ZJK7C+{LN+LZO}_}}YwwIoN#u5?&{`O-f+n`vYaTv`0`dFr#mc5E@e1Z3tb!aBm&pE z`ZF1DL`zwH1o`zMOiM;~a9-YDC&&7SqmuO%&Jo{6L3Pl!)4}KxTiY&NXSbQwn>+(eT~2ec+nd9Z04bKRf`Le>DC#RB1D=H z+OKlS1y$9%M(M}{n(}A##9soYtbWJUqLX*O4D2p>6m+v3hnxE=O0kl^{T{Ax@!G&?n31k6QnB6+iTX!=2g?kv2Nn6e zX|z_8_S@cl`da3op6aGkW?nY=OxnAEvlQ|sxd5i5r_a)Aky^KQQXZ1FfVzLtkMF0J zw0mxAN?2LQ(+go64!K<-JhE3bmcgF>aWqfz<*{U3I_DPK+Lik==HZ;?K zR_aF>y`H1t={wSmUZNH4`p)cjUnI3#bz#T)mp0s#m6J9U%RF0L^Jlh>0Gn z%YKH{;>bzVo1})m8Q<^J`DMlz%@)4d<+Bu91<&a;^w-7;?XYQ-R&@<_qSm2PD%>ED zlvGA>i9Bzyr3Zr^5s+=!E42Qk?r@{pJ)I>n^(L$VeCf!7eeZHLYa~U!A`AkPNtE#G zTjOQw+|4{P0XlE1;&C;SRO=iQk?iiv&OY{Bk?l$2IL4?aag*$&asW`Tc^~l5lBecyA_KBB_(@yy>((ROMdR?`P>g=^I=VIHuPkQ3%I|9WjBM$d}zjuKiP>x6yp zN_bzdIfJTTb2y|QCZmNP{H)REKI^WX%6-DZWskmY^htW!9bA;O9M$xLnCk~bjj@Be zm4+c|^6Mz!q8#x|ssu>Kq&EXw;ys!M|>9FQ$Qf-sTOl!^bwc}d*z%MRD1bTNJV(!IXCw!*O#=-@dTXsyE z;}K>VrlEF4Q^AVI#bwoKv@3^4dw2`mqX3Oqu(gIscy_bL-TRE{%p($mV(v6r-FH&; z`TXDBkj^&R%7~KA1j@9orENnwUIYEs%fv)U^3Q+8!K*vhYes-YsT)W3d@izc)=8Ld zP)Uyo6NpT`9KE&cV$WR5Jf+6fUeb>GXg#Iyww{Q7uqix0@0sgbU)qHCKs-8_lHJHUua;Z;13I^ z?W^mtel7;n%A-l8)%=D-`mhbV;oy3cEWq;;T?z`Wq_1#65IcYz!armPy7Y<1itJfL zmaE*~j6HlF^Xk+Q9%#I`y5!=8d2J-Wi|rd*Ttxs4a86_z`iai!1odT^5>%Twe_Vv# z9_my7%e4@E$Ax*v_5!AJa)ZNw!y>mxoGVGYsVD2e{KXKf@dD|sZHpDjijkStr&d`? zG#`fa)bM*bv*tbCR??>QSKM(N3d_-{OSP zzP+a@6`0ll7p?^=-tWmYu2&{`^_Nt`(sV)ZUXeu!|0E9DRGHE6w(SdG687Byw+Z-Fi(z{);qV>B0G{j`aMK zpJ*1S@%jxyIQ%U2s@aoGi~8a$Kc0>iJXxM`mC;-fZTG(USaxCZZG+t#0d6!n2kJmI z5eSnx{8TfuYR96gi5DJG;i%zi5-F*EH=?fW{2T|`ER;_DWm;ryLq)O`oUE14O=Q~a zg0s6B?mgW%GJJE`>quou7eb2~o*M`aE-ca-6bGwSiq-k)mcul<5jiE}hDH5`t&Fda zg_}(rM%osyC%>MZMQDuxUHDBNq*fUKI(qLtWPJ?h7SL7vQV$pmF!-$s(c)G#b1?oW z)@0S9)N>%)`%T&TCB#STD2hhmsHrnD>CRzSkDjsj0xQq1V}tc((n1%JCv%<4=k^6S z#K10I&a`cDs6sZ2;fqB!i-9cC08aSg8AZ^U;iT!h z-r8h~J1X}E?^e3oO@l0A;TWJkX)_I+J+D!H$WPV>93hmQ0kCV}E%*R~T>67ty*;hK z5PGzoqHlp;g^4W2gHy-sP+vnI*Q(anwq9UHF!+|!MJees+Mb3>=Cz)z)J6pKI3ced zt-hS~K@zOdb!V{5UXNI?&YnU>FN0n=3tz5ZsqGcdFt^KL;5&onew#O~;9=30ve2iv zM+TGJt$op6SFG5@g6(naQ654IiBt6HLiw&T1j=rJ@aO<(Eb@1|HHOWWm#j(ci!92I zdEdac7jZiYEDEh%T$-ZaWrFUXxcnlfiiBx4ML)Te8NPjhCw5Vh>>cM}3hDrf)x2Gz z_{Qi5;H$`mEK%nvVC;ePrNBWgfS-jd6k#hwOknn(m#q6+|i}IOy zwD`S=z`9ri@f>=cUb0R12U4Gt;n6ORiuLym^y80NJG{nCrQIWtAaI1?N&Mu>aC5_9lRDS)?t1FW+x*H~xjFo~n53 zV%?yOw7Nn*dMU~S`0W?!T*+u(URQXakMx_^$r31<;r6$x69M{TUZ>?dC4-#-dr=Fe zgb~RtYeRCI49IDe?DWT=FU?UOX6=>LJ}_rXH?Aa_t!ye*?;lFF!P5+|rYni<=RZ%sB;7e~~;Il{?}0YM~qt z{eJO0_ZBg*Ze@U41-XBK4bz>Sh$5pi{t6*3wR_}V2i4*u0y7`w`s5L_6RfP^pyj6R zJ+|yDhKcMorh1G;WR2KbT^_XIQqz}M4y7bqMBv>C!=Rl9s;QZdVE}VK(Did%-HHT2 zw*Vj^>kr03v-m7GxxFZt3qNzU5#9n(sS4chMo8r(lSd*7`sTpyZc(`#g3O<3y-Azq zc-PnRZhjiutEGkb`cg=5+AB~xzQe`E!MO}aAJ4(|%n@B8{drWhDKK`_apMdT6=*FK z$7wusv~NY` zsg=s^lt`ssWsrs$6U+2yfvAXo*~H1k>S(&ld4=hHOX%8aol9q?%F?VBUTpT8ifBEW zW!=*-h4ZCX>ygSem4Vu24YIBN@Z=cggNJ5uMLDHB+Ij4Xy<)VY7mg`Jnt^;Qx)_9% z(M255;>BI6WA#0*0bA{^KkwdglCgiWglS68s;4xNsp*>yjj6!IWboyBCV&2*$Y9c6 zFFlv070owoBry49Jl)0G&u_aZpimE&$3Y#QXhUAM)7`id74!NItsHkRO!fmNJ^;Z>$u_1+#H1U<1I)|)vV=J9&j*zq4GkzT79^lTofG}>B2>fk zj5v*=I$l%OQ0I+6koCD5p9!p8E!fDWP|-y=A7h4ROxE-^S$ZLqp)o)K6=QDvtpL`; zU(&HhM-T>-a|JbVE-_k(hch45wRP~7H$ty4?`_m!k2~Z#RlMpp+)1X?w~}{M3tzC9 z9LtnF==LFcQJ>syIn&>sckq+!(X))$aV)MFY4M+@l(2)|-n}N7p2wWYG$yheKP8e? znW|xL+2mZ}247u**Jm&S=@{PUONw$+mKFz&kEq)i4}ss7%5{%;2D{ao`37L_ zJlNT(P64TJD3|(>UPiL@zc%Micn6JdKkZ)Sq3okSzoh&Xy_OhJ^DHyyox1)_Ui>^QX;V7` zhSFxFREb`ddWJ=SSIRe)y7*E@<0;=w$2sqOxn~ON%g)x#JGpze)*LmfFNT7#DVGsiFD z#B#6YphndvF1TX5vZtcuvF9^zPIQETbK)JsD|I#geLa1<$al|(OS~uho>$oAihS|~ z3p3IcJYj^gZ1~NlbQUL{d_ zk&&7dUrvUTbFm8AW5*01C&{=1ur}Kj^7jx|rjDwuz{-LY@_IQG+l4{-_fu2(%9caS zqBre|iE`m7EnhK1$2_Vv9;T?KVM}OZj!2enMmq-8sSgSMUb825(=^6ffwd1>v9Pk) zX3F~;RPz<$LLv2$OP7NokuMWX+#3fImJOi(>l5fM=UH|NK4p<-W+7S3!JU z6fd+Z_c{-mo8p$YG+GoSEnBwcyXPurQIQa>=b|un@~)^-IrZUda^g9*xd2`qmJf|( zHY^vdWqc7oO7UIRK8PE8MQ9~@f7}1vBtOBx2*^Ai4Vp%ThQ3-VP1_i1N?TfzSF>vVVat0Lx<(Nf7QtlSa+7{wG-`x_ zjxIpYZmMg(D&Cp0|MKIWrU4GI6<`pADeuwgn=|~mw^e?xc z(H-t27XgIgpVDbO>IRv0+uzI$TC6~rFTM{uu8YX5#J+7?JUg3%tA|3&BW(+i4bGKW zFTbVSaGdC|i0VRt+esKk_&9lL0AX~3H5#J-PA1mG>j-%p?OkY&Z ze{MYAneov=gAmjuDTW=roFv#WW%sk^M65rWOc`5baF^NO&MWPeweLjMGc$ktiHj3&m>(ld;B=#iy^l#IH>{J`-Y+p5B%G=X@>$?& zy-LD^dZpQ_rFE%fpGz%y<7BlUX>(nKBUu}FlX<-l*3Sj8q=ZqY2v}+y-X+`Qp5LVb zmy*~XHXX@fCLUMYZ)sdDYa$SO2-adMjDX!+CwQ+eRw5 zLHBy)*AqTTkFB(MCXRsZNX=0z8OaI-i7}!r^KGM?j_i_3M%@jUoxM&E_!X16?=(Kf zD@b|L`Wq>Dg-3{jjb1$JKAu}>`_2KL1ErY3(OXJcg)zv?#{Ry>kMdUKqZC`X6IWwW zRWt4VuW{pPj#Y=}5Gl%HR-;BGqo!@tRy?pZ{c)08!8oOm`l-YL#&ouHp{H{8V+wC8 zo8%gjzAGnz7f*>p11OF?+SFMp65|HG#&ar*-y?lt4Ql#caU0bf{k)5NtV zIx|(;s$m_h~r$VJ@lCt4Sb!!Vi9yJ79vK)rS&0pl8WE<|&N( z=7YC2Ha<|pGblMaQ-UPHfL^z%P_W63+|5fd8zW9p=<-ozXqBUoA~e8hNJ69Qb@Z)K$jI7)7nilcbqF^!vz*32dc|_z=*0 z46V1aeVWr^uHGg3JdTp??JTyvgXR85#uU|cm&rUJ3kIyVf~>)?hKFIYd#RSaV)=$& zDU+%erN0wJx!U5@)f6u7L@$d3{UFH?R|K=@{e08lka@~7UH?!N6tt92L|EW7y37|e zJu!2NzeoNg`v`Qs=2&(=QvryxEda;J+Ay2<<3f_X%IOC5ovG7M^VOAVgZuKr?~87P zX8XMX*+V8pl9hU$Hd`sT3p3>kg2rJUS~9QwUTl4f%Bqk=FUwyLYqXh3W7e|mWx4O? z$k0*%$q&@qPSzm1UQ4^r)O?e7AjK{(IJwel67Eucva$uf{B!@ml3f6Aj7G*-J=cB- z5Ke=VCGIeFq6td@UN*`?*}I5LcXu5`8Sop^4YW_duLX*naT0p9(^cnXq{pyZUwlv~ zg=}AMi%pAgAimFsWhyO7VKD)kLn)PRppo(!iz+;CDzfLG^S9CE_dP>i_JT#ZL$XHj zx}Vp^(d8Qqf(T^VLh>@}GqZ1=z4~DFceP|%jH4V&zufRsD+wo{t$MT`Gp69E>f&2y zjaTjIcjv)h@(6$p5}MxK0>6n6qDVP&a$u} zwXe)nKIDma)25~G4@CCSG*E3FvAn-I;V|6@s4TVee<=xOqdk}b8570L1X*n*SSf8* z7zZ;dIZFrjr@N$9^w_*wSW%Cn!?!O$@0Sgj zdH+OY7u*xyVb1~XkD=h#FvxGF(`us5js^ZQa&Nag1A!X{D&()mssb{&$@SxvQ^^1@ zPnrj${RoZaQR)^-6+@v99+fYXD^R_ME8nV*dP`+|^xq5Cl*M=0*9cqjvNq+9yB;7@nNy*&94MTCsbsC%JbyQ%GHp;b<`Cx71tM@Wyx}E?3ceQ#mAC z)%DdOqf_Oz0R6uMw4bOj?x}{nm4>j~`huL%NFr!r z3q!Y<#V-^dPan>^rJd#ZD^hyW1~Gf*H&q*L{Z+cZk-`tpg-w4~9g!$`*QvhoaZOg= z$8sD6r%X|bZzZ_B4_u&kvAJR=&$4m#92Nzn#Pb^Z|4)R@BA^-`G`?N^XIyUE(-{2i2lh2hm--p|}QcPA~H zoK%saTk>hrU&A-*o)L`lDA6Y#M3&%JKFIvQ!?MH@*T8ll>Dfu`X412-jnNb6j~g}cGPO`-R|3;$8h<1UWDIy(q&QZ z8OM;z_j=!JJ83Fu8Rv0`GFM{(-D$Crj8^W?SQ^TPnBpG2UY^cR{2CETPD`Bb4C@U9 zcbC&kT)6(_sVPn6k$j>U}qm zuF$kbNP(uE_LZl*sO!E~*7XHn*`#(Rpsx?S4VAG{oIh!R3!goZICnryp%F|j?GuY<*r@gQPc53?&JIbsORi4N$X`}T49g6ei?=jF%S@NnL)Makf*Ncj4&x8E_3VOi2S0I1CJc@}_A(@Y(~xN3 zazrA1#%U|}a4GRug$p!e)>UE6RE99tdT~#FAf_g+s%&LEQU1NGPMVxW)fH;}m!*lB z*}}8119j%4NN;`SyeIJJ`EEts)cKC6+LCF1-AQV3!o*p^9IySrPwQXvo?K55Yqj5| zO-^a1(+KJYA7M`#9f?r)-M3uPVn|i1q*=NwljJV{NWowrIy>)5mWR1d;*D%kdHI1& z_YF&<9bThlp|v8bXHX67_IJiVdda%7nE0`#nRz(F)*U;YvFGDZFq6*PS{V(8+q9eM zpD8+V+9hhIQhqb|`0O2#nvBS@{nw|@zT=bI*-^kG)Tpe*Yx6Iil#Z#dukX`wO^L_6 zuI*PUslBR_ylTeX3>ygj%?N_HIdl1{*Hk%FVv=T7OiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ%cH20zFxr2|Pk|+8b}kcAk}pYGGd*W}ob*igBxxTz={bA# z^td4slF+6IHUT=(BwlO3#`pI;+J2I6p>QF1g@T;O@~)n=Z-U@&;Hw+H_Z27~JVyE}VNz8dZghP(Su_jh)OUk!%) zgTdZcXt1I7mp%m-IR9#J<+iGw`$8U^rc7W#S;|LS2;p4N368|97>AVg6Plj!5&E=+ z5JCY;@tlkhtPga;iaa9l0ihyKMrbBP#z+1BltT50&HGu-=0wa$!Gnm+=S51zqCX?a zJcuL^?!kSRagh@|M@KpPnM9&HY?hH63zqlKiZKbw5A_b2k|Wd;c|m$x2t`=ngiXT; z3y~062p56{H01&($q3bVND$@mH*+kaS!4Bx$Tlg7ZQaIVG38l;7lG>hYYV-xuq?zg z9FY-HFI{x_f(tTlte55NoW_I))AM|U$~s}ha>BSA$gmu*{`s&GN=_1jInk)r2c)Ia zF9qR(2T@jx(BA%F(2SxjHz#wJFGgr@Fc`e1jb#fe*HOk&k_xvwTR5ZNlblnQj?npV z3ul@AIS6;3g~P3w@F=I5fOm&1Nk}9(;^ds<)Q~(N2@`$B^q@n`L`BRsbQ#Z%57k$h*5pI#wgiToxjraG*TSgI9p6mOjD8r47GC4c|uu{QcTY6yD{Z+oJVI{0U~ou zlM$LyoaV)tvj3dQ7qWL-NSC(X+~Uy1=^4(&jGpnPTIO3>i$_d||ID9^7hXwtozv-f zQ5K!kobd#ohcg`idq&B5Lks_(pwmU}V1@H@n#LhrkaUXk|KtTHUWEhrzSX*;Igoc4 zyUWn^Rkd1|+qv1cUx$0)&R{plqruMB=RPHWy-x%GcaD>S@C`D6OZmT@ohQTn8vnPm zKfL4rZsOTS&&dQAi9l-F(S+qy${KKiqqA^p8@-)TjwnYM{rAD^SHXnkb1dY!IiU%W z1)h^A!8t+aIH!0lPe#Gen4nD3{TR_yFtlJrjs%%!^2p`k*48#UR;$qAg3uvLCv;lm zaE5MeZEyQ;08a-+9OF!oT$anp%F@@XtxcxU93V=S4rJIf=xFIZlT=!Pzq&)Q2X(^Z3ag zKoEF3Lg$0hcQ_#jAU~v-`BE!$d@Jdw&(JQY1qoQ6=p_gh(!) z(|m;bL`3~^h4eX3oFd=SggDIxkHQQjb@`l;MeTENMix$y2p{@DB5c2|vt}jm&%ai; zx6#=yzbR6Ew#!dQe%_I+)V9Vh4>(l+lD5Y7HfRnGp1;1aQI^fc^GhCzPp|V(T)Bq} zPUH%q5jlt=R;1!ECoxF{#R>Nc(v*{^$jQkW&Aul&oh&YScBl~@q26cQg?h%;JawB0 z=~YkNy9ru0LBF+QU3a_d(f+K75A1TZZ-5274XZ@b@-wn?gM!b_moE9(X02>@t&Hr>7bg7N#v%M{gz|GqKRaInja)5qteo&OvKXyciH(cnmjWk}LN?uoHRu(O z^o1M-bsM57$`TxbzO7La3aZDSaF&gJLJ1y|gi9!IzI*#(gkDzkdXy`@>SK64FStNO z7Gt4wesy)3a~T^Jc_JyVs{#Jkg zmM(iNi^}ciDN*$;w%V3BA-T|pva|QqezrfSBqcdcoHu9BT%H`bxr{0iy6yeJIi?97 z(}apeTbUPm&RPMSB&^zKLPX_FNd^8|N80=ThQ;JScAuuxrG<`3#PYaaN|C37F$Z$n z^eM}#2&)grW??jbJrOL&Q_}nmHdW>=cjX<(e&~= zOMOcjg3hgu9--}RbX=rk#?DZYCn(Fwgnob}>n&nfiBRlai`7rrZ}-a5eM>*k)Z=S4 z#Bd&OYfMO7L_}`Pk~*qok9fo~i9gP=H|7&pBxHno;iI1JjNaZ&9Z1Uk3`Gx03#-QR zt_7B?s)X|~uDv!yOa*;2z1SV%c5{c$2nl7qz2~|MdLk+{>v+#*}v*ac! zALB@0;90tR{Fj5nl9I!u`f3UeHa`U?IY+uK{O8|XX+|qQW|sE4t(bKpi=aa_n^07r zCG5R!K`=S%B*&4cSq2>*^T(Ryd5tq|zohTgjE>nq2{aN1(`ino%khAcWn);}PBIeF$pU38c6U!%;Mf&@eYP=X5${JVjYuYV zKZ8l{XDkjtfkee3(C@Z!mf?KP@(qLKB$6EYrlBslUEgN4A+(KjYoVzS;v}2l3M&nZ ziNr@allva%-U!`)bbmc4dLcMaM(BRbqBD}4ZzV)CxFyIj5uG6BMJkV$5~QK&6OxlO z0v?W~aC<&yIgz-_#jfdO!AXqX&qxY;UQ$uG;^qoSzG5l_=4UV=AVH8oPDRADompQ( z3;|PZu^HHp0`mt!*~8HDMtZVrOL}1X+ul#bi~&4&n&G`CW5HPBz|2`8{|_W99FSOYM0Tle zZ=)AVl13*9j?VO&Q(si;Bh#dWLq;V6!1tYw7bEn;{h!(R{*Tp9?=cl4v^(I{55T3I zOZjVmUVh6-MzC-`?#|qg5uqSK-sck0AZ3D1^y20BEsnYvw|E+Qy0jWX@by&nm^+;e z5GQGTDw(|G++j@2Bp^XPh!MK~@uRh5Lp=Z%YMwKcC3+}C7Z>;4ia4XEV6OEih1q*D zo-uY76nPTNNKXE23R?>~r%zyP;L&e|djC-<=2-&TJ~Md;m7KI1O6bd}JUv+<^dva* z+cvq)Gut|?jdMEOnb}WvM$;lm3`+o5IEq1VuNZBW0t56~&FMenx0p@s*G8D$ns63G zS;8CPF2k!P;s|pNM644fKw_4&VmbrYg8SSws=Ow)w-HIFG$kQ=Iavi$pGCZK#FN{J<^S=TS^muzk4X>;FJp~@&A7J#hTze z3edkob6K>;T?pG%=uX~coHp&33WNaS=nCAs8fkUN5*j}x7ssXz}B zlA`dhvbItZh2H~D`w$J>o;`vRT8}h(6u){u*%I< z@FO|9ZB?8`wi@~gfH>;3QY2|;dGB#SaIsUL3zg0rbA1q_fxn zql7orua;__4-FoC)~Hx`a8C3~GyCNg~Dcp4}Kd z)H5ryhkAMq^&U2K*HY9f{XDQb?G;4yh6!i4S89;ltAXyLsJB87_4H!xp`NphdZ_2j z@1+OT)xLg7BkRz7noe`Vd863hrhoD7Z;ammZ;T7BF2)r*eNJN%%aMGknn0AB20~Zi zKa&-;jt^d=z}I}mY>sIPo|&exBP?cIYpy`mqr0K+djimIW?0M+pRpo|m8b;5gA4j3 zBT)!a)e&5_xoFASC0Y`xzHR>PtCNb{QPZmFPMaD^m1&1(j?)4s$-*jtfTMC8oLo#q z;^U!Io=Vm0_9oEx&4EaCyLNQ#&&tqh_STGTqYl;UmTJ4y=E+|pJuc`(jde{#Q!vdK zj0uVof>RQsB17Q&jfzx<68L{KDC0!Oi2z|hu17Rp*qapa5hv#)1py5ujDy{Qz4!BH zr_zXSYE#>7+Ax>j|z-p_f-~`N$B|DJzDsSq1ZRKA zz7nPLR>%m3R0Asp@;*lioseh|CFEv%MutmKh|Xp3DBg_UV5lj%YvsHM^d!pDzwtU?Jy5leJ&5q$iJ?r8vTiuo9L+_1IYb0FmAFw)cwZt|_A z0~k{^U{y{ANSi+eezQLrP&ms-8mnC-VW~(FiVUh|?8UzZWRoN)L zI~+@0PZv!mVXCw~%NQ%c!J|T_z%^0zj;j^n%N{`@;U~^<J(^RReCdp z=n$uNbOoCdF(bKR;ADRs184WxQ%zU*MB}b#S@X+qtE_ml<{R1#v!yHERyTyrEHrm& zdR-6Ll9ZJ9Wuq=TUmZ3eCcHfI*CopvF8<8TpkOGWTo8FqdTZ2pIqzD&$GIPd3rYlr z!H9eiIX*PkfKbt!Nw5t%s(}NvBw_uKF;3(u4Re&T*ziBjiAE=8Fha4&h&M(rTXOv?GC;k*v4K_F663sd4zBr%ZVo($$dYgnlp4vLX_p4X%M{m%`KOKx5^}; z;F2RNXiWMV4DW9ft@;UQ=8*&Q{^e0g6cUExzu*L?k)6-#YZYJWSV|fWF)8nSTnz)uD7{`X}1y=SddAPNEWT>RIDuFOPp-oman^|J1phPuI1VyzTzr& zsLML*dC#`{is5*y7XngtR&sHJ+{xE$xtBP=u4|pWoB+S}Sf4n^@=e++r*5&~uOMB_ zTAH0iIhN?_3pBVMN|}%{!{h3PHgW^^>&U*#(eVV*@1%{?mpEtmf3dwawNM=R3oJ`4w5xOsF z&*_60lQ~N{5uZxC_D>m$KiTvAlUzujoL&1c{KI_~wIae()4OrP#>PDNxf?94k24z1<88ND zZkpXfHFU}iBXAnyJVtE%Gl|6i{?Gs6a^c|^3ml@?YU(Czg-vn43=HF<2;ORRTnLuy z`_4Y6(*Wnuj0zHoA}12@AY!Q$+m#|Y-Zt$U9AE3-#(G%FtF8(VjC-=2Wq683$>)0~ zL&jnr`s6=0aJ_@&B}m>fS591jtF_BGE;~aV$OR!j!yZ$n$)QAFao%7& zYQ&J7@QkI(;L8b!hYd$tGZ6Dt9(Kx^vg9)@=~5`ec`5SHY07dEqX#sNk^*d~y=%^g zFblFaONo&aEFPuU9B)Slt{AMXyG{~cDOXd>tUX-=_^@x1P4I5N9n(bnM(2@ zBN2%E@}(B9eFCJtDPSB+=Ve7AKv%024s(2_XpsZSw3rtuC_BuRDfy+qiB;yfD1@4+ z07jON(6Hp}>71b0tP5Ydo+$@2xquKHGZU8EMFBkcaAz>PuY3SNRZ`v@iM zM&~Rk=HxKJbpBQ!KIOFqFWDI6R6k5G=Snj*)oy%c85~7~^Vci}nWcA3aQu&)3i4eV zk=~C^LF=XBwt$d{x$D1mP~RW?l{(z0cKHSV!paA4Vc9C-9=$t$wParG6k1gSD$-c( zCv_Q;64@i11JA84dxYF+c}^lBq4TD)bW*zwP*PHUPGU64*&OAJ2}P!#zc~S79R5yS zr~b~-{rjqlcX=}M`w16m#%-;l5tvG;Jm=_dZ{HrF8BXIw{({YCFfO>1OCC#nRjgju zP6nEy(l*z`?cUd6yVV0xzlQ@A^}9}U+=|1-iq4HV_<0E$ z;0YWN3l!nhyCbzBFw~xxGOb)8j*`S2re>8X){Mo(V}dkl-m$9tgLMvHfGAuw7@w|1%cDh7#Mh{X_RI-kC&iC zIeMi1EaFQc)YN8Ak?)vtpxjw)I*dJW$|@g}$$}yNC6`u}U=LD34|JufAn8La4J{-c zQJYk-j3sQk_&Zs+7gSzFr(cxA`YF9lkYJCM?pKkx$7q6SQsgAi<{1sXY5!&^S<;EO zB}yaY*ECm^wvPv#(`jmaeJf+9=La_(t6jIc^&s?3sxh<+ZccLMy-knpWLPFfma%i> zD45h@dtQKrl3HmroxW6Zw|cEYp-2wU;Wu2e_m<>yj~USp052>%T47ZJ6&$1za%6`D z_}_u208>vH9pq(N`J_C~s*F&86tH2-`yKB<1E(n}k07{MW$}IPhCAs@lUpWAa`Ym= zkRQMR^=8Wrt>UU5VT^ibWYM$TsK-e$Utl0cs0aU-uNxz@IEoI}kO9qD5_35KffCn@ zp##D~DbR>IyHw;0WWDR;UIxvhzfEIDpiNn-csZ>~5;IiL7)}@fIi)e$84L#D?;f2G z!y^_~aPzpmEBXRj_uELp?pO3Bt;QW-&^-b?-Pc`gKGfTZ2g1t7a4!TAdq4th&@*Vp z&)y)Rgt2UlqqE1BdQ*X7Mid7QBn3C5h-<0DmAsjEUg+YEnCBdOr5)xGY3?*| z(NZXIEH+)8IVe_%*(uuR1YtCz(^;}`~md*Ajdf zR8yR$bY#@gx#g;HA=s%}e5Wj*p5`neBlJBb@3jI!E_+j0b9AQ(o6_`DBI#XO7h)FT zl%vhyP^=UnID^-=@@k*&j{SoP%LIJn!1K(&ZZaS3WMxv<2+oOEw*m1 zn;Etlhl&L@r!k4JwsEL${3gPZsB3Kvu-vu!GbcEYW^Zb_(MsUP^=rvWF3CuFDP(II zs@kx$V=Qn*Gt$%rySq*4+U{P7pQ*V9f+biJO{j!ot(+uJ$0n|pT3wyREx+GkzDY=4*ix|<#2;`q_!#%k>x-*Px`uuy-RF^ zkrNz$mnI7@l1dr9oJ?z~6G& zKsmf8W_T;(IpQ$TH1DethGHBs{e{F- zsNfuC#^qaiN=tl4TczMG65bFRd|R%mx}@O zm|-~lI@}3xl2OnT>X<7)`lWQVYk*f&ifILW~8ycMvl#iWr`a0PZf>Q(0{G9O7gv0s^3Fr^c_Rw zI5<#8ZO3a%OIPzluGCN@^GqxtdyeL%steKWXnBk-8#%Rh^$}|eQbFdb2e z13e}qw72`rd8b%$r}!Giz8bqbJ708X=X-nXeBmUj-01rEx#m)K$GMb+E7=`$m0P{Y zZMw#FE^&dU)gkEB+BF_ua(ocZs8&wfbV365kvthhVX z*G_HaY?aqv^(ExW?Cqs=qo;axv==m8K9$FzTfDMSofWAG&>u@Ee*~Ubcg0(wr>A-- zPfxcRmZ+oX(NHD#Jlfj>-;>WxEPrNW-3^;O!4Od|_W|5dmUCy$E1Pctn>ghz-*8T2 zc?3JF^|wTcms5j;D8Wbn9n2UPBu3Fed`>yD6e3Zv99wnzCNYZ2i~pGylxa*e|BZcS z=OkD1rLwisx9W1(Vfs~1l_G`{D<56Kz)^?H{Cek!i?{;l^9NPD`#Q-;Kf-EO)YXmd z%6*sam3L-(0=t6FayB-1LQ4Uwf?dIygRcW%Q`FJrZKH2ZHBI4%;qckxI{5zi5CS9* zQ4Xgx2>7*9UNef-@3n)ne%-G<8Ueez6M<-&j@L`+M9U_Atc162OpFy3P9OY$gMXj? z_=kso?98;pIm=dIvo;z!)xoKVveSa&DLEBP;N+8eU&Q`$NuIE$G>02VW%#R1sZ^8{5zSDMagh@|*S26_IRh8o zO`F+W0alODB$(Jn&A_9oc;OcM@?;!mZ`_TEJ0|8(xf>OCRF*T#cl7huPCxUz-Jo~F z3QdjU_Ex5y0C}uSVo+b{(gM)vUCNMN9KjvNV{K%+KrfFtqE;n6VMQ7vZIcC!Dy@dA zVi^v?;odOZ3wL&EZ+2^M_DW2Zt4?DFL)(zDepGh9`r59%@dDQo?LORmTUVw?^>50` zx7!u9!#3)aPW6^by)Edv60oUytoAe4@ypdEI(nc`O(uaduv8A*F-eGWn)k27`tm2s z>A!Ud^%;rIc!R|21+6}>t}!i=#6WzbeT5wtENwmsung>U zT5Yzb1{Pk9I)*MvgsG0+n+MP;9-I@cr=Yf_sv(4?=2 z`@1!gWM4K>q_bx{z*(m0Q4HC*ZUg#Vhq zNJt8=X<$osd0&8&6>gEVCULeFg1+n~KW$K4+u42kb&WN$FINa_Fw9juUnM$dds!O~ zMs~HN2H?}_;RuK*xRfNOND#CK$Zvho*Qw)}~dyDje*Psx* z(+J)X+G{4X%9leE*(2lAvYNo!IAphhxHi+my*dM4zFn;^Q6qCpR3?pNP|d-uB7t{= z)`!-tWdHN1 zHTnxe`55bHCCatSF7~X9C#BPRL8W3gIBh6^bD zD9m5C<=Fijdyf*9PEnBxnjmZ-=@~$R&Iw1X5FOEwb#-F>MkEyYwBD);m2wK@hP-vHT&V*ax?tP-lJ!VA%#r8u{j5{Rc5Q|CHq{`otIf(>Vqw{(j7& zGm`hiKRkSJ?^FL_H^>tnh($*DH~)Ho3&AG*)0n1{xj3Cu9({@+gZwA8kSF|8OvZ)! z|2z}$pO|M8{%KNh5{cx~te6s!j3@ll{Fj0hMSjKfbjZu-s@=q!_Iy`<35rVnExhRzT<98;yVZCuD zyuhE(`5@f=8Zx3N+z<2EaZC~kKPm%D)B^>r3^l=jDR54TESSz17e$(qM3+|iScc(# zxTD{gbS&yuYc5jcMRzW9h#tgq3PD%VdorFec7}M7WhQ)x6MP5uav7dlMdG4qQ-~il z2zLiYTVNviI+<>1s$;#Y!B*)ZbT}Jm23)r0_)MFm(j2|Vi>6yJlrhLR0CBH0cw@&} zhT8yeFwIJ3hfSaVp}MSBu?_@mhVNTUla>iodKCTsaT&rMyOO!9$a}1^<774mgBfh^ zvW}Oo#Rg;yVSubo;JZ{AHKQV%<~SxCJzzPaUXDoefpWngsxcrYJq`r=lsr#hL5JwS zwR3a9wZEa0p$D`??7htmq0|p}Mlb}Dk_?b+c)<$vp7L2G?7E0%%K~M2JD_7v9VGzrJ-Lc^(w4Wc9d`*Fw16i;p- zPM5XePPpn^g<*1n!#R$eWn`<7We_Va!~Tdt5ZgIhpFU97|BY%{d2C0@u)8oIcMEt_qK z+=bAWmJ8Pl5ev+x5v&@Bi6tOv7al^sfMefJU9UzVBpHRcxe1Ynd8VK*55rhCpwjwR zTX64;$`GtLw$WGZ4p&jf09GkqIt->0>ar7r>WQeqsKg1_#@@E)DKIT8=4u^-6;FG_ z?UpQNm&jqZ-JHV=8jwS;;GuJpk0oydN)3|dELSE127*pk24AWnr@TR`N-}dyfxed! zsZ@FxSJ|Hs!8f18b4HTpipMVwp1*#fGGxJQY8*~nqF-kR+e3MjAx&{LE}{uR&&sf( zx5DPCY)h*M*J-Lzt5{bjqPrMhclRW2E?+~oO`fR#u=<%YAl0R`J!@Z9KnzEWs(UEsYldF9KH6$w#4O6nSpkm+Zsg%jd@`Ia^g9Qf4C4+?W~C8RO!O;?ex$ za^3V|S4}Ra@+PB~@CTRH-q1sZD$HWPg8Gc~iMzODk{d>2#dXr>g9hQRq|| z7Nv$VGv?@|n)Fc-%L#KsKnKi?Xl@c^?>^J2C|3>Ds)BMQ={e4VoJavkq2eZ8QSX%t zs1p`mG4STiF%){ayc<8$`JBcJ$<;=cX8nHXeBVyCZ+{R~ZC#b*b)0pEZb?+-4lMg% zd3_5^4ZyJmwW0_0iKw8md_IggDyrl_<7+#_X-t9$=jib0ojNf65jW@_x;YHj1g*}^ zWzb(6!-0K$u&M?y`j(O;MrQv*)*qS(lB4%>-$Tkg@Kz`pWBC(mmFI*Uk5VYbE^BHN z&v{odkSevwh@hI$;K&QB4ivFbu4~eRm30-}{(|*jn^u1zFS@&%&7o6(cZg4Kz^ohN zy%ya4OI5>k&?2s>M{L$4I%8eez^$)?yPW#X2&LVF;>%?UEJHO*XX9dr?P0vtK>8uJ zF`IqFk?{2C7s`f56?*BWE$gtO8xBLWEVUEB*E+9(&hf=D8H*WrSzVpdOG%m@J&`3n&C;q|U)~+y4JG{Yd%Qf~ z*V56USDR#aIxms3Enbzg%}L+WDQ#Q(9HRiSl)&_w%;0lt+fg=il94EMlH*@(X*g%v zH7$(#(r~1#YC5>u0x4Aw&Olf4!mVH-Qah`Viv$Sg9A|KBLKd?c@8I9Ex(S-9hnO86 zy;`i?uUfnW*U_?kzojWoR1Q{cEnw1smkg21j8MCf4TO&$>sW;nh+0PI;v)F?5#7@O z-W2mO$AL_h+xdej5S%+Beb$1+t9u2<`fA(akgR4O~b92 zY$M<|uPMEaLUib)^AT)HARv;`tdm^W2!cLAP)%2NMB|=lS@FwotE_jk;v3oxv!(0Z zR@Z-IW|@^_pena`nf6##>MP7moMbs|D2)tsc9-Het-4sj=w~brY$|d6uHDxJtgT3V zh%-E<2^F-orTE+zob4BnCfvl|-o8E3KinN@Zl?V;2}|)Oo9X2zwPe(xAy0YbY)`qM z49(xZIx%;mswrn*l*wWmj!)O!+6#7Sd{?~)Dedh_Nok_RmJQveKW9-fC#lfa2^kIN z@wP~~likYcnmK011m`4w%g#s&0XXh%e}B8TzuK^pBMet#a^3nY=;lp88W(L@iJL|} zEx$yip0+x}oTDJ%g5_Xe&*O18#~*@m!lJVv);su{of-11zsrP)ILQf)7bun-x!t*M zK~8aJTbq_1vUz64u{_4Mx6#4TOO=Z1u-th!F>KbzHgell$AI}%-Tra_4b>hK@tzRK z)W_kL@Lao?m-3UQneyGsCJ(u#u*f-13dQw$@XGg%FkgXw?G=l#WZ}=uC3sB{Z1r#` zVJsWt=QxAq2__p> z<5F{$y5T9DP*e#Pgp2+!1<4mQoyxV;-#uMl1j#|k#`dTPj?Xm<>9bkNMvLTP=0V+o7Xg-b9H%kAXPfD#*%B}rLeYnU4?qzok+Z@XUA)e>$LBI2QA zq(c;wlnG)5wUQ?>{1Uu>;kHqePd)2Z>l^W&rT2yE^2VD#ObE`aB&~aI8}7VoO_%%V zx;uYGY#PVHF1~liugZH_rzJyXYzoY!z4#+@mrtjD@%e1_Eu0S9Y6 zUezkH(+Sn-uT)MojrL8H_&*LYy;M6_nlpkbXlQ}W)XG+-#EsPxa|&oO&A= z*X!q#05vV@+Rnkt+PPc$VgfU#S7nojwIOAT&>@E@O&;rNh`mqCSq@h~uMpZg@DoC= zb&N`PO>;OXE??PQmPdP$)QPPx?wUgZ%h8Zr(#H!OvBvk;53AR2MN*zjib2K7-`Pt3 znR~0GEhO}Xyw=gf7B*erXpA{fbZz@;cHoR8b5tt39$Nwc8xGpW31`k#p+EbMd%aIW z>=>DjyrIcEPWazQGXGwg-&W40>auEB8%hP$yx=}w*!3oVMGCC{N$shZf7 zu*$*C{g474xm3K7tH@XH^?*yJnN3hnD{KP*)sw5je--Q)&fLS(a_h@%q_zB4k!p=4 zbE`pgt2wlb*YdA{P6l=PvGfKpX9?*c9UZDNWUEKV3mBsm08Gj}et)jKP5o<)Tf1R> zFSN#e+T4?sJGRQ)UfYgs#&6Z$o~oFXjC6 zhvu42!pw?Ow|0AFEMB&?>OEL}5IQpC)wYxaX*o`-w~~w0+S{n1!Ry>Yj_7`Cw@*1F z%eRh=1SlBF33yMNK&YOc31SMdbcBY3*j9dxKhSwGN1Xl}G)v2Bp3r}jrqI6;n;Txk zD5u`%RFFW$)k)Y?UtgW1ILj8E*z_JJhh_De3V(^_Da#q88c?_u z`Zsn63T1;h-wh19jREd_a}ETAQ$Yjk9~$A*h9(0Z&n6}S{biQm$X79xtDU*3 z7ZwvwS7OX;)Y;tQY$AGSPH?K1g5Q=lBYl+RWJ2;sa*)7&M;AciJ+qo|2zSAZzQ(qW z#)UvBL(>B1I28m;_KnG`hnhxdhVys{N|d8V#y#~?2sO3Y^8-C)wdpXIzbUJHP%@6u zRhJt(G%MyH6}0NJVu+&;sIiq*Y99&q*tK4I zYy!#!+SqtZ1P*<5@4s1EJ;>Znye(0xy6PH}(()p4J?CfZ-iNyBq`SL6mlt? zb=?HCD*gP2e7CZrS;1!&X0QKTleoXug5N5lESID_SbV8XH>>zUG$B}?!c}~pTToT* zY-uPEhb8mEfm8#6H~~G%7$C@r`(XorR0D&QHJ|R+Dn8vG%o{Y6=tS9mf$kp$gXA16 zc?5FVjO$wj<%JvX8$-0Yuhc0~bWH)ySyIf&VS?%WEtzKt7Q~?fyfk=IqoAQUQK_cN z_suP&as$3*G1&a}9gAw$yh|Au`vFcvW2fxDHf`dZ)cgo45mL**sN+RjB*qZ^7aLbA!c`r( zFvwa`Ua+m2-q7-mviR)RXG8gSn4nC>3`?Qoz$Nel(SmG8WYF3a<|a znlh?{d4-T0TN>_-VQdtZzHgX1jH*kN3YJr6U@c64+%0 zo+II-ITzuh$JPehRjp|!;GNy4U#oaS5LXp4fLg=!(#s7-(%f3J6!cJkFM}t!IC-2` z^WODNv7g!aR2fl0&^5?bYAAwZ>da%kAS;XAB2B+=s;7{ z|1>EL)phsxp2Vcrgjga?AOOmHbk~|$( zx<=V)PNtNlpBla}-t-pd(X8pckqb}7BJ0wwlwcn=3@G%}OZOp#@RCz#WDgVrVC?xz z+bo2UJgJh>uZ$)Tq1=yN&Xtvvl^R}r$dn%2+#2VusgEMok_Ow&yNwQ2pg2F`Lo+p9 zMroB9lN(XI#dl8GvD#l!AhiSL#PcmLauhLgwQHIo(-x)J54S42>qOgAJr6zgMFE;h z(jBsQ;a{` zmF@Ptx`#?$c2n$hsbXqsn0xJPiXk;^uI5WO$&i{>yYQv$V{uuw6faxZ9`hEllov@O za~5dFnvpIP#^gMd>uvOGe=u+;b)y|T0*N~!sgMw2a_*go(^JRA?f&EYE;Ma$TUD{? zTQWCXo4c~xcD439Y!^D+L6sFM4v(e4d9dVb%U*FLol8rg9hE8Tw2gH?$<*MTBtxNR9y=(=tc#+Q7{-?12yn>L?xC>yWeR!>8EA1t!`eXbr$Z# zkJpK2EQ#UrE>L&5)^Q#Sb+4$?f9b?vWkw$3A>iMq=nFHhu9{MmGbYsP0Y0ptG3Xvu zMll+roxxxbR`oE~pdI!UflVPx{RpKJE%$XjM5z~~bXXRjcpyyAes|<&piy@&<&l2G z{B&xq!SD4*L(C?hE7J7Uyadh<=ak7sDv6QcHIsYoz6s2^hDp+MnzK|6pFgphF^6ln z4;jfRjBxT;?tHnWwHdzb7R1*`MY4c7X9eV?&WVcGC3hqQ4NSq7LGRO=kEPp&j+MWn zjWLeS-s=>0u(1^}X=&%$ZzEKYrK)MUdRy|sS(#(3Q%0qPj&qzZf^Xs^*vDg)gHh!{aJgMJEEN3){ay5oZ!@CBW3TQw2JTJ=cm@O^kg|NnhGng zt4o*e#<+VXqgxqvPe=BK!cjdwUy1DqecCc?N?MI}q!NdlLBci#p)T$XVSs|E^Fswb zkcagj-6E0mqYnVozoFc9_M4hV)cg1m34No0ddku7RMW>(Ws#CEdMHE}7au>OP}#nP zOKksScXSH7a&4fCi_zNE1)idd3n#x8B%5(MXGhox6^iVmMjCn^Sk_ZR%9&shOGfDJ z;gNl>?pR(!LQ=OG@I5)gVm8vlS!={iky)8AxAHm8`w@<2qy>z|mCcF$)N%@-DrFy5 zKWO?czv%PU$tI+FYOP9GA+kcC6CEGpgb3vsLrW!xt}#NDh1`HL!~wZIksxU1WpVC_2@PGn#E*<_I95&bo+Z}g4gc5UKg$-(aV&Ij--ovMO(>N3@jXH zb5b#rLk}{N>x2RPF^Xx9L{7*<*$v|xWoA`}BC#$@6}u%Lm0GA;lj+8orL=hJXS(PJ z^~x;)(hA+bqfbdmW3J^clzi--ZzCv~kivfFM1g%>E|5$Bm>_bayR=h?-x{Y3} z{9|yWfAsc?#&#yQolGWnCbn&7Vw)3N6Wg|J+qP|^d*}Dx_3ZuZU8hc+7w1)XRaf2J z_qw~j>sr@Z>l0YlYBKQ|W>Fdi-pnB26@n^8kU1L$cOk6FE#0qgSvL-K0n(QM^L}t8 zgO`yTXA;dmyp2*D^MJ8De5#Hz|%0 z6;KK5iSuDJ!8PMjDJtxUguKf*Ot%XVM6H$+hm2?!d@`nE43%)41A91(G9xT>N~jQ^ zk=`Itf^khm*ZlI*ERf<&SL7#)#3;><7sV@<@(gk6!%hdUhYz#Y4DtRGRAFML-st8e zFgzjeI+ADnujE~Eis7hT{*erG=h7m(ZuL5~DfThs0kg9Bt6>>2aqcaX&*)D3B(;SX zoP(??&2q$1BqpnAMa`sXK711T{6Wcp^dVxptakbxXAE2xtS?o8T`QX=y>-3STW?n# zUz8lZ$?(vWj*L~KPt}Bdf4C;8;AchA->lZ{T3`C*k|Z~+R`{c)_iJ&>_w(yE(^xeK zD9^W9=XDNl%5A@gtqm-yyjSAtNf+0SE#waEL;;Av@ z3$OQ9qhf<-bm(e{ z+#!mb|K+mUH~AX4fFt=U;X%P<3}aoR8yMQr(J?R%@N55Yez67a3^qi^EWxe5zcSB8 zZ6r(t@9u-a&4+i9q*7W({rlN3L{6^4=0ZJctUIGN;h6s498va*R|=TmeCzYe_kw-A z43`}F!;s@|$Lpt%)0W*oFG3;?rHD73fZ9zX6$W#GL-VN{)8Ih&Z8h_e58{o>@J`~c zVa74SCL_PnU+a|QE6IYo?ekh=Lk=!^4Z77Li_O<=mgXg0i>gq=B8pe6#7+H-0arxo zNWDs}JWn<1XSb+2Juat}>a(JyZv*3U&HWp9J=U&iz{%nJOS?irmqgR=>kv{Gg;}!f ziFBoO3Yy^6o-tO}9bVFl_$7Y7n50wZ;ySMdH@lVeQqq|!a|&%N zc%$jf-wfxTIUZmfe;|>&S3Q4Bj-bSrOVwejr?Al3^PDak)HC_6HPH2~)5eYz!7kBtX7@&zrMTPW{5pvcDh_0S&#MrQ=fC zG^+~bF%@SjsTWa9_+x`vIv-Vrb#(f-nac-oERq~-brvOpJW!SLZ{BupOn-1`@sEos z#Twc%4ER0nMhgo@en=5HTb)ta-`rq|ljlwZ4(M}UB}PP+NJ_mQjnksl)_`qpid}e> zP-+r(8>33_w}3X}bssp1U5R@yS^bs44v3BpG`sbae*#% zv5XaHLxO8Iy{4qu2bgBiwO6A3kde!6BTHrOt7F5^l2-?N00lbHXZ8#2tV&0g0ekH| zp*C{kkv3m8#=YS}lUt^Wa<`#t)^(~9-=pA(i$<43e`qvB9-@Od>>R4g2$&Vky=`u- zmGI8Pzq3`)mg#%ORtk<-`9D=VFmsuYS%0-~5Zoyjd7DQGjtczW??JrDS zY1z9_LKoohrkl|Pd#!FWD@C3cq^kXRol^p;cI5u84@O@3!=;L=nlq_xe|je1nG(Dq zwT(wf|8OCE zrDto){cY1_Re{&?1$ROs8P~9A^zzllh+v~*a9VsXP;$5YGCft@JtAW#T1Xr`e>~9j zFge*5bLsqL`rI*6P<{uimTZZ=2)9uFzMoi)yn3Qm=|?g%|3T!|MQ14Hes%@6pa7Zirt!y zLmI&rWq&%(CQ-d9adR^v%aF6l`NYy&p+vMTAq5U^uR?Ny#`5=OBP%uQc#y|8&$?D5C<@g*6ftWy4MrHzNhDdanE4yNK=LGESF- zP#C8gRuK;qI>%u7c}t3WOz>IG?xV>I zJ_r}5qOy=i${iN#G*?Dsh1U?|ACf@kkylgbbX)il?&kc#!H5SxrO2F=!*<2cRKbQ@DS}a1be?x-i2B;B?+RT=jWp3PjP{6&CSOWA<1 z5AUYIAcW-nszYQPkjK%$<31`UNqE#$kIj6%JHQ~;!{i&u__qpL*{S3Aqe6j$C6Tf- zcpfj!om@9`s?3KC!ub^i8Xg_Tgil3^vzyiOz_Ri;lgnbv_|enJ0?>5@C=T0a5l<6Q zyA0V22dtrze}+>10!|yamjHXh#qH=ahfn+JrTs%se~*idnCjWzf5TCPe$m(J5H^FX z)P+9Hzcc!zSmrc@E=h;hnV^qLhX9QZLOLL^TxJ>YCVd<=-rb>!2JD_ed`rqk` z(_-qF1H;4+!4nOmJE5Y5sZ#d7k{Y8jGs2RR)AgR&>S2)n1jM@pIy%9v`bXoUE&f=v zh76noo2kAqZ&Lp8cK32goRN#}`9;$k10u-b@>Qg$hYDTO716bG|MTDE1L|d(>vJ#o zzco1i#&4_#XSD7bwcr=C?1%Spms0@jc#hw55CwM~f4efNOydV}S5(S1MoO_Z!57Yx zvE#OUB>8V1KS1mrQG9BABk2jw&-^`e zjF3(k&i9<*U%^oG8DiE3zGEa++EU}>xC{Pkb`J($E2ONgZA@|=d>cp@^B<%PU_zkh zPtCMz^t0u=iIV`qI5XW$5(+`j%F+y!S(j+B&4>Et-$U-25LYdXKc zwZG|Bb8Jx@OvH#x^uLyN!`*Us#GV`5qppmqask1&t3A!ZdX5q+3_zC@VD!|WRLh~M^z&CCdDot`4T0uv`j3!6b|VuYWS(}vO8H$vd+&`AA-bp1hXi5NE^ne@IYnZUz-r#7CUPCh!iDG! zOvugVP%{HKAyFNj%i|P4_uA8y^_2w&Y~k2kYx|EH)rJN%cV!!keM&g(XJr4uahd2y zW6eX1i-6U{*1fri6zk@3tx!-(TghEE9s}Yp=JAekB&+mzzR-FYaHEP7mfMU`Gij^% z`#2)zoGgf6?8V=MN$EE_3yUCgbn?J$AdF^$&y5s*<$hJWeOR%3~L?B4mC0toIHmL^-3nc0)#h2fvq>-H${VHCQ@d8rsv09 zV*|!29Kf#?_-K&?+`;4hj<4N+@!e@8*UB7TstPk5`2p>rQsZ~R+%1LJBEvJ!O5&7G zxLO)MOY|b!;UdMMK}eyG$M(6W8$mbfakDH^1DYL5{Gx+`tAo6*gH%1SwCiLCbU786 z3CN@{`GW6Fdh}E10ODO=Z_NQS+?R`h>%SqQ7@cp6isf-;^b(=}=06+w&8@i}U*rGb zf^H;#zdI(QRxiLPFy!2{i&pb?*u&AyBf6#|+y%tyO$JG&DY+PrC(Ut3Rbl!^L`TyI z7KtRcxN6_O?fLe>cCxamniVlH)P8AEzb<7zodGr0YO5R&D)WIIYydwuKl|^~IsQcK z6qpY6Z-Rm1CI-|6L1!9so+Y4jUm-ap_NYj3>d_&(IsMxF95i}X_3_+rh<4w}u4e{N zDGFpV{CHWieD8U1R`@$O_NuwQTRmk5Gi~d3c0sM`|K^4N|7xs-oelbFL$}0pZCmvnuj8mux`fsGlNR;1y z4wIv^2u?z=j%glC{U!qm0du}R$M`JUKNF*;S{KF-7Zr0qeXX*psQ6&_U+{SdnPjPR zmvj0comiWROI_+#32)sp|4^*3bCbSh!c_-s;>q)*j*zN4fj$^O=a5a#c_on3zEmf2 zh@S%LAiUxjuLE(fFk~ZBm#JvPcH)CsjG+4ZN;kC?eKgi?wNxZNhrC<9$jcbgW1)_GmFVo zLL}1;kjWmuN4(tp;PYVBJC~x_)Bk5rC(?MBxTej~n$@XuY!q~B#;?2kpvO1)yA#)y zMWy;?_j-7y`?-VXVLJ}oVLoI3+o^w_GQPG`ciyrxRA4s?e!#JdgRDa%8x}bd7*y9l zD%|y8i2U>;yCScxeoz?87=AsIj{*>C|0!(p{KAC+fy&1@ob>d964`|?5AY&CKQX0Oef>hU}ulG@r1dG&AE(cEjRl|gQ%>Pt^wOc;EbDLQ)ONK zJqXU+{!QRhJ5XRjx3|sUkthvgWK7J8s_ZTtqJ*Bp3-_y^yLvww6lg=OcNn;nr}cTC z8WM1L2bzuugljb0cQ|3e9&zBq28*zmxvK`D(@--0;285-$|oun97x8dIA=bH8*4bS zBtwO8=!Ur`6$KT(-+jVe=VV?`&dB>963}|tj|E=hXuZ#DpB@N!p$!Unkv+~7{r8H6 zWyMXQue14r@@5i>X0BN;*arbQC0vDEPyt!DcDULM)p!@fyy#1=)?Eh9^m-q#=Wcab zd?2-%xa&A%z$vxo2W0+b=-}_T39MV1H6BpI!^=F_z#TbhsY9@n$0sV8;J_R)4>Vdn zi9B#(sNb)#$x|;mnNP`aYj6Q?Xu33Vev&;gtG+1bkoh0dMd?<%&1Gjucl z=KV(1`&31nNLRzg+GoS`SB_(9Pt2?S(q|4&U>DB^5YK}#9@sE${JCz!ih2tAFMN$` zVo~EKagA!5g4(>_hZbOhb}+^2*V6MPK4-boo>CeSLKL0oz9rav#MF6b8I(?8VQ`8# z9NCA{(c>H23O?*VkozM=3ZA2hf@`upu(tV5a)c4TK3KT|N8(Sn3h@G@12~CHe+fT? zNg)D)7b}WFRgnX4Q~H!61{`r8kS11U>tRR3wb;jd8h(Ydk)33U@mxksoZnp>^dSn+ zd{jYUzD=I_GLkK(H|Zo75R?x>3^2E6XCZ=`%N8u=0iyIcc`c#hY{-*lZWGbm+N8Co z+6k_+8GohH`(}K&^??oSz|bTyLjrdDB;d?+Z8FfuuGMP1pxxntLP^mwwKj`z3*_b=(XwGT13>1bNg6^L53AkIe@%qW=p zAWF&~LY}o9_$rC7ZC`4wRYv{jsitTSMV35>np<=)W=!#Fm$KJ&1(Agun{hBIPv6N> z6;lPlz>$Nz`VdX;Yi<$`)w=h3`GL(U2bd8H?Cj8=0M>EfZ@zsOv`(^j zIW<(d4-vJKY|gfv^iDRR){OK{vowrOMHL3_r(27;9knCs2ws;}gHJ}NE$X@~m<}wA zNgqgWuWp1D6D?u}&sNn+4NU6iWQ(P%`W?~j+&xY3Yz*#!S$wsvDf`G>d89omUi0N^ zH5M;)7!~iI$pH8CFSxKuwXXb`n*H_Mz86!(MskV$B-WQF1}lHZzmRD^V5z|R6OU+6 zA!JxsFrlZO6*CG9VEB(^GLD>02n(2}ZST{4p0`IeEs-ZJ)b_br!E zh2QMRC!mddNV%dzoJ@jr+~N ze=O-f@{Zh^&S0uF#e&I`jw_-TmX$+OP)KRins=&BsvI_!N|uT35i_zQOdpj_0C9Q@ zE@?DP9Xv=4qn0R04SnE;iQjj{+7(~22hg8>%F8-mVF&@SDSGt$vxMLClY+e;yRmYj z!U^Kazru4OL?}a@t$;x(efSewGpBqGR+~w-i*AA9{SqqLl?8X| z{i;0VLoTWla1!y@v*5Bz`wlE*1R~yi_ShX;7`Sg(0A)9!d@&>R>hn3o=Q;emT9K-B z4;US|G=OGx2adGJBm%xS^HyU=?({u{ml|$INv4CxIMR}|>*`V$1jTg}T&xd1cu1{N zv%n+IUe)IwFCNv8osy3axAz`Ak7^;HogVUP_eu4QtNjC2fAkI}BbjQ;%dD@8o19W|M4Z3<2e<`a@(1y;6c2!YytG)Hs z`a>2^QvR4nOP|Rx=*V?+W3G0mEMfja8$OS)9^yz(rsD*tqnzpK^)2OApRT}e(LFFRK zC)89blO&MC0@%^_kdwx`?i?+fCec55mLqH&h@{oJ_4W{x_so<_kzPvG^PIgfO+kGLWP}hWj54N znC-o+y(#*wD?=YeRLeP;4R*st^GZPSjZC92`po(x5Djiu_0jLeLiU?(jlKP!zEHaFP=pJ(FEQ>@Ub=Q($S2Jbj#m^V{y(V^IcuoA|-w9Q>n zG2{U4%0%+QC}fff??M88W331Fzi)i$eFqoF;qHkA{1D5={JM$HJQstkeY?kD?X3l{ z4-VsKs6G%p0g_Ao@rK`voqNmAcqndbzBF?HH8mi5qQIAs4%P2_z19VM|ATQkDRTZN zY@VgxVe|Gm{Ni@*od~;4mogw)lwz>|I@DA~yliRFLf%yJl|9&S+`dWd+sc++0J8n) zr8@;qZ!dJgeeDok@63J6mhZajJ80JI&o;9l`cDXNytKOstlPE(wQeYtRS?%IA5eT= zcz10Mc6z{{mjV0j>75wRo>&aqmKb_uqZ4PhY60*0iSFv|%Ur-CrRc~)t5t!I%0=Ln z`cY38mHf@Vz}DzOK9Gl5d8-uMxyKiZFIP7dk9$_vT{S%a(^c9zfWg>L*|V?yjc04O zX0HwZOJ5$kRSEb~C5f> zG`rQ>@*BA|{Ndo?6wC+Bz2oUG+k8*6TrEow-XeVSzB3Q$7XwZ`o#<=FkInMD@2%l# z3#1NAe4?5n?q#)By!uofa6r1*zp6N<61OXe>y~`4F2otF&z#->Y|pJ4ncbs@o=b$B z#eLun^7TIOI|z+ON30bJEG-Nui7jAu@OY4Ph zDjH=t(wfyC>g4wUtb}aRyLRW9Iu+qAvEvlIOdeXUL9OJyN?17ghVeMMlBPXu>bW#n zoWZTuE};AS`EG8uJKN^b4+13nN_#}=nZSXqyj@#3!_!s7AoX;-3;Ic38CKAMQIU zMDTi&=0fyCwzhbv)D&YOH4v>4{|ZnQXOtY}>TBO+?Q0y&2Gnyr2iAVL*{fB!EtFlw z7?%6wX;?auvPUO9*WX2`<5Ezc6I-53iFO|5rEmyxbNsHE> z*30uYW0#uYbG@TQTMgZwaXA$YTx5DqL{OKNBJ|`XbfkClLg@W-r+7bn>40#+^jhZg zBF!ckMjvzI28XRvO?-v7c@a(7xvsdS{EBjxl~po=^>$2npos85Bft zXiuhE9I{fPP79k$I|Vo~@Fdsg%`mPFJnKQbOO7>^rduuH=55!Wd}t-sE*o!LOE$}L zv_TEH*6@a8mljWOC1u^2AMS%CM;(_w&Ql37<;qLc0{7{!$iH?r0s66k2SFr%C0lEH zz{B;l93S9eml3!V&6|=7JW6Ir=`WW6rLfry;w@!%z%-VnUJO;CI{Y4Iz|eGs91lgr zf2eP^Pyh87(zNV2H497j(@|YRTBcX`zAF#SVlh=6NjWf60Z|;&#RsKK0#x(KC7$X$z+myFrl)t}hV0~!aYrriMi8AV zi|7c#-QTySOzG`JQY`K;C~$pEAhKqp%6A*;9EFxoM|l&sir%z6&y z!7-D;t5~Cr6oWOMN5T2*Z^(14PcoPQwo>TYcxU?-)pfRjL$M+BiN7iNNWfr04YWQo z?(yaJlgv5Rvx+PZ&YqA+O^ZYy0#Rb8V3jOI2 zZ6K%81bluUJP=IzZo22SJVU z>{P?WoZ&?ZE^(UNMK3H;OsT`k#KV%x8vj@IQ}Ga?YqS`XR3NpvN-o3{S*#-oD%Gl} z-s#64g{ktPvMc}f5reFDS-Kipw;VPEbHV+3CaSX!8dR`#=mKq-+AZ6WjbNm?M0-J@mV5^m2KozOYVnPp9GkMaib6~|79VI0I*mYK9D zTcCpEP$rYQC9!lo&!jAN7+cLOM*sY!^d8kd?mH$dV9_+cAtgYiBvS_k{aB`S^!BZ$a}{>F{1WhAs|n0u0N3O-pIJX(XnR zc`{LBRdjl_00|J!b-IK%DouN<>ImPGtC6DmTI}~oiTUfUz4Id+LG(OOGmwLc6}(`K zjn^aia)6^|c2ugq%Qo$1)HC?<-+(%G*%EFimxrOs@q0mWBs@fl%<03t-?EA2VLT+o z35gx^yxu5yrF%qhW%D&nOo@q2R!uzQD{YSHMm??=Yc4&NEh$FBZGD?SgvxZn67IXL zr%{hZ^-F3F`jAhsK*x2)N)(2y+Th*=cf@65mq(f69eSH}wtd#F78#uV4@LGbXM(af z3-Ps1qzg@=3k5nXL5;hlGP>y0m?W`j%MW)RcTR(c&X_UwsXA$?@-%P5)iMn zpwC2!|0EV7exZpe72XJ|KMld+kj0SOZneuf`bfR6kA^E!7mC*;BwWBvj&>ubeM$gT z5V`8RtEcj;8KRG9%Ml|~mEQ=(wGF@7oixliAHI0aac6P30%<$Vq{xx|H-BTlS8e&M zH01kde8#oH++*JX7WKjvPYKo$!XFs*S1UDfU+=Q@bn7*E919{Fb~I`K)RHcwD|lqs z_c^}taN~F*RY4xOb#8PrBGsfzu&B_`;nO^l#@n)H8ZzDiy8U(l^z5!LYu*_nTtD_> zSpt!xt3$6#2{ySs%lG(Ybn_V@C$`+Tw6!P4rRHPm^l5Y+68SZtj=7zLA){; zy!tT}W*_=9yu^kcWSlA8IAvJUDkhzJgI-iFRhm-~ul6LgDM1rOE_}3VFd97JOxRSw5fnrTE_<91qv`R{othCAV6SSno63jr2KO#ke1xq!yyw!J0 zt_aESs6WK2L}Iz6tl02rJUGAbFcHmG1Gtwgv@x^Fn;62Sm7QkrCXGaf=rw777PHmk zfLytPT$NtOfrBuBXhHa^iD!eYE5ZwI{FLYUYt9i|pLX%GF*81%WfnCJ1&l0W(f-S0 zzF34#!qwMjZVUi>nzIbHsa?3D^Zuz)xE{b?9-&PmvN0@@;eRv-9&p6KydnUDc}S90 zAsUQ4tW(YqJEoHXat(ES&bkX&j(^Obk^#AdTJ0M3L$38Qj$1wdY)NKMPX9$a?7+Ym}VoXqs9|Kq#tc-Ujjy zB9+{^t(SZ*oW=Es2TO-@dXP`LZ(L+nU@WM9Y^{mhXbZk}s+q6AHWKjTkOJ#bt$abv ze|u`G$IceOmveHnRt9{1@s8R4LZo48jjr7>UPI`PqzhMakYv&f1-yt$<`Vd2f=pf?gse@VsPrX1!}Okx7G!Pjo9Fc{Awf?j8K9P z{SP>tDtZ17-0FKxolb?*jTT~G$$`IZ5HN_oGMU!OtlsiQ6~Ia2G;~PsIvuV9O;$!m z#oZwW-9`w6dn?ScJ7G{9|H_R4emxUOxBxKSa@M2uPGUJZ_KH|8GtrObGJnF9dJ~7V zyXkmRL0NE++pBrt5latoy}M80KQiK}_BLV^ffnmd`w^Wa5d>NKn_q;1&QzOu4n~&Q zom2P5V*R`-Fwo*;t;p?$R=~TPB@vS0L|vqikpn{u`g~`kGJAn1@EyaA*sch%4I#Gl zf3%kYyg#DxWT^L&+A1mmci1sPh^v zmlKwaSIt^R9EFR+05d5fvqM#?BjX^)3gwI%oruek$IqdR6V|QTA0&AUXr;L?ZT*v+ zz01pg$gPSfp2PXfd!9>lAqNpLuO4Hwjs)gktL**hW7`4ww@adMB^GsO&T-|^7{i!0uQgj`UigN2{$vxB0ka}JICpIZ)G!R;z?+s zS63um+EB3G35H(j4-e2ouu;=^qBwZslT(bZ3I`*u3}^%E8%82Vb7HN(S2wx%z|T!j@V3uWtuWVja3>_g23 znCbM!M3A9z5s)FZF=c8s^W0PF9}{{K5$@Q*U>`>NWmqv6d8>hW1<0BWiyafpR4wlA zZEY!DcdRYl8K{PgrVCFV-a#~hEoHjoGetS`I(noL?xPHmL7wv}Y`sL2sHlK(p9Uz5@8d@B4z>?#rdXA7&kW z-Kp$qDkbe}yG3ehyk4eQivpjx8^#Vaoi0P8e9snWKGeL&J=e|f&J#ex7S3dRt$hq& zpb98Re_~f9+{E{drWvwR7{QLbLUaVl*XK|Mps0nLSi50WE7LZBzlU0KyiZff<;%lA z{mS&dzKN})!x?I5kb-+{xnJb`lFJJqj;hNdYY7=8C;wqzef)3<;gI`IX^}@ z(A+pC>{H*hp4Vt%bMAT5knps~O|ZeaSiDZxe-OL$yBIVrQEiSuyV7pGuG``rlPKnK zjN8E?^N(`qvSke&*XfMH8e0?#p$XMpWS6un%MFLM$YX&OvWY*+4!0g*&T~AH#$ez)G8Hr1@)- zQ1kir^zhXFk3a)btXT3Bf+jLENL^g2K*P1piscFSJq53M_vM!$_MQeB7R5fcPeI19 z-TaQ3l9-WoI=((qvC8y*g9gfVkPI3nv>bLS{8lxQm}DIZ$IJoCy#A+w<32jQ#18JN znLo}`SRCZQ6MTr5IPZ9Af^@`$=Z(;yP`HvbR(>VX+bW5E9uW>)n>1&FA)p{r@h|T= z`k^8t`94I)D7=qAXQ6e3_xSWkS0{&syjsRh&~FqL+L|exyTERi0UbDHN1;g&WivBa zx~vPjigK=jX^)$t@b|TO-|RRarQ$h+jodr!Lp0=(ZjnG`{5_U)Wyx^tPdb$cRs_;X*k6G6Wy00v-gE7cVlJlTQ=k#@r6QZh zcBb_@RL~wvPOH_KCeaRt(P2lFJ^#&KnAuVET<{i8$s|F+LY#;5JE3@&zeMI~^#P$! zI6F1zWgK&Rn`VWGLJDUpGG@OeG0gGwWeKmglCD++E%AP$Br=YEBw(dq5IQX+65+}j zsdM!ui9aH{M=-?pFZQW)zRgc)0^}tDi(BSrUeDmD?s&Br9QYznB$X&H4i1Tso`YVy zg%l;ZM@YqDLOa}|BHApqsHK>MDZm4!Xt}iotYmleeN?<5o@nqIRPrZP3@Kat8>13i z=9)tOTW5}HN|g8jej$NuJp=OZX_ED=GXc`QDyFZ-rpT>U)_k_ro?s|Nk7r96ocQtP zZUk&)^s|zF4V``+xR9(6nfuuld?E(9eow81F|f?a(=xIAwaPNrmJWftxE3zs&K~2UZwE|?ufHa-twNV&yM(6^A)qKkb6egs521F0w-<1uhDfG!5PMSy_Pu^q& zh^B>3U12%a)wMR*et88n%F0N9=3Jiunr+nqEr{My75J`dB2q713B>M_#Fpr8Q*yb} zpJQ^;RxNz<9w4D9p9jG;6v{S zSc{9H2k0hPE2Mpf4~XqUe&fksP*@>fMDYL+g@#|(7`ff*n@}YIAaX85{>q4K{tHm| zUC<@=w5_tctYEt;zhQe}{guzacN4Lid}&kjC>_EJU=bJGY=%jZDDkDiW?^#|x_+13 z-))abylIg-{+`(Dw-brvrW#GX|<9yzM+upjXGg4aCWm$e_Bj6mGJql^Nz+ zqpZXTR}aOL5?7lF3F@>XqhJwN)82Q9>sXa-am&b<@Z(dQ!>_4pc!AY62cQ`+^sdiC z*Rp^As^wp#DRO9{_=|m7y~X~r6Nwo{3pru*M3DJ`^7t&M3N+#H*VS}EAj&R8tsU$r z;6gTq*Q7$hEPXZsB`YA=wA7%ypzgFjAldi%kGo~gV7rlWh-HTmD6DzO8}R#O1ug>=_?Z-$q@YHu-Z z50GD?!+4eA<7d7rl^<-1BTt2Sr;-$2-*hLPE8YR@mi%<4QP3Xwqx_t5*M!CFy zd(?O*u7~B)gDh% z#9-%_Q;Esjl<1DZk-EhtT%Qd~Ys zjLdYNB*=scZp;m+6|)GNB@qc;RcmTM8b^1+my<=?Tq=26dgQd48n-`&NF8y`Jmsm| z!V!T(oz?V&QU)!OM*NB%oFxLL-t(0z-)5ZQbB3a(iAa`{DU%irXGXUqlKvB1nM2_} zt&s2jN$9%?&ukH)g|dy${p`H*MO?T;sce(_;5bo*aau3n{=Hp0@=2CwnL~DGe;}S; zlS(2Q-R68&>&k_q;1h>dIHRsG_>gvP2Yv`V?Q|t}C+|gMS_muc)LGU5r|wr5-fL=R z>+|hv+-kL#tLyzRA5Y^}K|@3QQTFPvoOFX`xBoI$QPs5id3WFYzKywansWvNllguV5hWYmytE zfJk#D?g<4P1wQ^ z3Lzj>(ZgmsjOZ~7=U6E<0o@2H^%sk@#+i;j4qyt$b=r$bb}^?U^3y};Su*X0B`#># zE?$}!{{szC&LL=~RGxyuC@w57>d!4W!zpxG`cDly8i7wiP2EM|)V5Q>xZQx;g`Z(R zsYYKfw7m?p!7J==(vLee3V@M(wc<;M9!~WZcqkz=-uu->=04u)qj5LC`rkT3$B>U|`<;@6sjV|C@B-&J37oI>UFbyP-S6;Pd+% z<#O=rJz>}8IQJm$oeGhEI9t3XZjNIZ9BVCTsDCejdRL|OsDqa6s zpXantE1615OWfNennxjQP}9nAFg@jPMl8-Ae~2$>m>q;2KlrNY{vt#~k8@=mYvzUE z@~XU%2BN~M`<#`?>RR^~?Nu`4H!4ttNt^bMSv6xCkB2R$S}4&yl=OS*1w6x5{h#V3 zGwxh2V4^t=Qc6=%3z1N-`od#(r%o9_z(y`LQb`8#60_xcQ<}wNf3s@(62sntoZkL^ zdQA{{0WJ5VM(l4hcokD0-BDm1IfWmO16H1H?{3m%n(*(9z(T4keEau3^{{arS(t0k z_M5Q|=w6!u?)$D6lv#Bo>OVBf+CNlItl_C)6i{+=FTsDP{3sIt9Vxx~pDw6+DZM6! zv&0y1qu}t*of1@dlY0_CyZ(!}L>J^A>`Y`p(ksMv=oK5htkiMD;Pd@Gt*TW_Ch~X3 zD7R*i6uYv$8AZsqW{Qj4+X#ytThh>W9|7!iIpj5?uo4Y?^D-lta+@Hg=lp_cxR!!x zQ{PwmwKr%J3G)X6rZfNz1%)_w9vY^Ux*QEOTpC~YPb!qAQeP~cF_9YzyieyK>ieBJ zi0}(c$T*eVnR|x7z}^NNNiXRZ^j;KR7$_2(k{c>gRgvq(Y}I@}%!%zsB=?1ik6@NR zH>islQSNkpsmtP-l0&!WR@HG^7Lt%$>-{szoxR^D4$>Zo&3Sj$?+kkwb#H%eH&B;; zl1h2PL&_3prKN+vDXB+0Tp)0;2~PkECzY!%b=LFQqc4&q)_yW z-*SllKRtooDsnmSmeC!@2boC)!bwLBY7e$c?*qaanZFE5Mdo<+Dm&Qc3o6Iy+hIQV zh8}-Zz~OuwZcGVAOX1LW9buAQ;qM45 zC?*mjCr$4>BO&#@ZG08v-9xs1CvFWq|5-Q^5Rxru!P39j{t9F+Sbt}=EL-Gud`a6a zLI+yDAT#VhtiQANDnza3ch+XVY9A5h4rAv#M|WT#ho!9RRnCv);sQ?UGq>ftK`OQiw2g`Y+2KJiN+$84IOhH6vKQwPA33>yUdnJ=|nu_|2R! zw&fxz0zY3mF~Fczyy$9_TJ_Z>Vg9JS{FSH4UB`74Z0d-%v^!B=UvOUjUmn3aq?Zan zQLhA}JvD`nl{~vT66Wce_y10`!tFJ&aPf6;KS)jz!56q5Gnr?TEs# zD;SP^=x6YXH?!*S(U?}uJ1kLR2G&7}064!PHHExXY+y8Ok6M14g@P2*fw~0vf7#XK z|EKKA=6d*@UETk$>`JZwGd=!qc=>z4YD!~XWhNP3L^}^pxtP2XO)ZJ_3hF1O(c!d=8gogVi^T^2 z*$Fj92Erk0c4DUSs4mkJ9;Ncl;JWAW>`Tj3$P9c< z)3gTomdaNcZTBPR8uR`#;}e&*49gr>8au2$k;vljCRyZca*bueR!u8OQTOJhmvzHv zV54=TJMcwB|Bqx`Vwz_Ci0n(NE^4{Ft+#HJu-yq1KkP%?A z-AT71>tZy;zVNO71>7*mSW+hu#_TcLHN8jDFH;gHyw1YWn=4g`D{{u@cPsiY$y9t! zLjy(wO@XKcM`2q^9w)!Mz_D=oT4En7gA7o!MKU2w{1qn7Yl1uK0x5SI#*40R+AW2n zS*k4T|9>ro3NkXMkgSJoY4oR)vvI%wJcSefv@x*g9nutc&SwhT%zc;~#T+TAL1I*y z|79r*8Gc&|zSbf2?WLhVo#y@$_d)KJ7@`=;#oev6Joh$3sqOq?o${y?17dj@#Fmde z9Gfh#6C>oj4eCnIyuVh*k?oiUJ$N9Cv(nl9AGEy#aGibE_8qgalSYkg+qP}Hjm-v) z8momN>gyvAX2iuvQ~NcQv{ z`ysgSmhc_!9U>)sM&JIPX(_UR&Xzu}x_Gf4K@wMW`lYpmlLbYQZ-^2pkFh7sqaG|M zt}*s!OBl`6F+Yr_HbslcD~y4OGDJ`>ftdagfqtPIIc(2xo+w?yY`dIVqdvhxXuiWIOv$|9YC4Q~xOPd#* zB%qCl7AsHYi=ZGwx>yi(-g`|T00CJD%oX;B zg&?ZxixXtxvAA_h$92CgvZ@l4wa3-)3Kbf^VWIn=@m1>{#$l_lb>+Tp z=>pWIU$39NQn$6v64&r_mgU!Vce&gGlbAf~O=xt3YMZY|QT!ITL+ohAH_8!zBU{w4 zLo5RDS`#$_2tN}99}XB_MIM9~#8deZ2p>(PwpWZ7jyxkfOj_;(?u*a`h(1w=s0zM* zHi>12=;)4bgla0tg1FpgDr;sCYk+cJfT~b90JR2`)Y}*-d6_WtcYDMA@+a8(7eU!d zCZf}I!*L>Q>9H~rBo=kD0I_0lFUbUbBU2zr9T3U0*<=4;+>D$d1o;WQ~Be*Ge+LB*2m&adBS0F=1J(w-v+oQT|-Mu{Fs*@nk`wxH_bK6M^Vhj2CNx z!CS6#E)-XBzP|qtu^#ro(2Cynf37C2z>u?#|ezs9=?aZpX zYAz+J9^vy_us)lLV{yU8=mc%oR1-RRk{bwpwg2Zk1Jl(VkdYOOq{YL@2?*5%=%mK$ zvV8a5YA|+{nw?%BPK7jHil&bc^a9Z+ktBs(8D{gjW};^}Dz+DB6Ir9@i2JQ#IMNG; zp@b@~z%_fI(M`f|1hvT@`46}KXY%U#v~vKY`Q`QLto?4i{jA+1`1O}hp8!32sl8EPE^(TT zqFq_vc)=0!oPCR{*-Ig20z&3;k(g{1i3w~;?%vi;vwDDSL96~7S-_t) z#BiJArtHjZ#C}q$@qIMWuWxrCSFeU|URq1v-qLsSR~lkcRh13DKb>3+_7Jx5Rk9ho z-0Y(~zIiQ&?P@I{UzWqg?hJ?Yc53WCjYx6CJ*fZ_<5{l0*bR)oAa-vR6RvMp!{TQN`@ zY*iVrz@_tz1_+`^Cmg4&ec9oe!oH=hiX?LUtP^NjEygA6U>$hcifWpX=Mj6MEv7}u z`c3Cx@h@4lREjwA9HQjOT(4WP&z{Tj-CGPN}O(4heDDMaShd&}@%9hW@I-;8C4m%WlG`c^p6XRQE3OE9a`o;XCxGl23c|N{=U+Nky01 zYQbaEWIt1-Qb8eYlxaDrQEiiIpFWv=lzdjEy>l25?mDq?ZKbznM(zTfau2Bnj1#&^ zsZYeB4el9U>>J+}2<~wND>`WZw`)fFDY@HoH zdlsjYh4I3*MSGU0W6^dorIizX=EY;G{STkDQqAtRC#^jg?2v6BFbf#Qb-~j7+-ygx zpBT*W1muC9_~nyN^rooBG{?&naFlj*S0@61m^?hv%d6+dH+c1MSyp~|O8sZx|s5{!M^hXI#F{AY9kUuKn~+vEvA~Xz#G<1N zD-JK3B9+gzRF30Y$zEFqv6|(s=Y|3QPI!-#^P_TCS@h9^gkA_kw&k~iXndLklQsv; z2sO|M0Gg^WzBx)Lj-HOmZK#(bYR>?+1*K!7Qh=D1aB}tCQPwghL z%1j|Rm7+aD^=L}uT@ecg(?>r!-jvCAAxt9in|HL@H))OD$&~oNAyc(!0S>_39}?-wwip?#M~$7hM{28`=cYCI)3kn3)G1q9{q`@x57U|NF+K2F z1x44zkNU%d6qAK|8eF~v7~gZjKeMh<>|JRPVviQ9t zhG1WpDiUSJk@;Ik{Piy#adM7j)MJ!5`>_P;Stgh;|D0qFRJfUmQ|l zrByD&Ejn*I2~LQAZ9ZWv_ce=yp5ukhkZ3k|n%3m$JEx-RL9DgR&r)USlP`<#1XCz> z=CnlXk=G?#$uCgR3CZ+4lS7D4^NYRS;)7v}YFUF1(i=`i&lEu>*Z=XeQB=SbPyx2zdXhj8N(@atVb4XQz#Hirv1 zaalj_(>w~?hlxT=X2e5vy+!1Hp`=04OIZe<9@IItJQMd2HdUcDin=p><<0&Owgh@U zuq0~&Kv{O7FFEfX_6VU}6knsr3l8aWQb|Zh1c@vsURTr}gv0XIZ`!+d5W+MYtulx_dJ$z!kO0C4yMvS?L8a=#(ZvO7w)?vOWPXFdk3`3`p*{ zOL73c_O&4q*-+z~!b`kv=6LA2xH&J*_{p{1TKIK4JOrH{z~(^xDI>@3I4b+K&Kh@^ zdJ~sy2MsA~iM^I*vv7S;K5;dHB(-M?^wrDKfxCL&lK$cebMDI-IEFo46Vsh7Q{Mgw zB0rhu&>L1TG9Oy{XDCD{y#3}qdN{m&r(~et0Xl1;aYA0RH9Kz^kLSOZnCfcL;GQ zd*KafC(jo)6D&3JeyK-;u#Q?T`bJiO9qQkPjl-TTlzTor}4%9H1+md-I5@ zB`MflVNUxA&SrFI-83hhmJPWt>h(2tSQ;hy2Q`FgSkUKof!}JVZVR5XTV$!60a+Lo zb8&7R3}jJ|B@UvP5O4l+^MfXx#=rSX`oI09`~7*b16GI8T|0@gnW~45?)P-ek?gkO z1;Ai3BmHeKy<`fy)~Lrmlo>FuU9onNZ+4`NW(bBdyoY2;$1+kONG4a1g9`8 z8tq!NApgu{=SlMPYwB}0gT!YRj31>XjzCl)h622~G81-%71vcC;Icffa@7{#>niWD zVV5s2wKTmnr3PD!DgELbBH|kW5X|tG$xA4uv-)IO%M7-`ZwMwz%LItjm@1>cM{2-F z)qguuwiHtVLfhi`e3*5)GI)ovC;W--IWo03gF;errQdc0-JT4q=FuSwHGZqH8y@X8A->oSu&!`87ku&A$d~(y&aG{K=1sg|f>hqCNzzkbE4Ze^VGM;K#dxz9h#$cJSBP32MXF zRb&<6HTkuzyOvr*Ry^v`MG%4&Kff1#FR-3$KpRBCL1^kr!Bia>KX#*{O#U|vR#@Tj zj=^Zlld&NG9R?f!D+ar<0AMgYELamK1q6e=EKmV|*e;ZZ$p18CFrFGKv+PUnxrgFH z!*jIVEC|?%hBWqz=i_8a3qwI>aRU)dm$U zFSX%O?xTpM`PECdC3Urf@Rb{1F)dcqS7>pr6k{zs|1_StyWF>sz~Z*+={(xF?^E`3 zNvv808a=rOlXFE93rUQhSmt(^buYF=WuQALiFK? z`Q8&)luF~pyWF_$Plk<~=OBGv?fVO;4Nm3Se(8N+S@CTLHA(?fHm^PQ26zf}J*Vv`g3p*L`0vp#HmVWPNW@l14z# zo>6Jke|hdfy9X$F9M3ar#@OcGdqgV@CA=O@@6VM9^@k=k1_SwUo>9ug1zYvIuJXeg z%nF$>{$w9ziMkk z|I?Bd%d7RT2VDI`7-tR{(J$>-d#q)aHpZXOcx3Erp@iPL_Cv3ny zdBP1xydYP^_ZR+sDWN#vO-1D=~#g>b06joc=rRrNAK#IPcA_HR%hmT?bhP`BcpwU7s|CE{+e zVi9f!?4vGcgl}Ov6ZjDRNp2oQf3+ObJOun-2i|3qZgp{~_Rg3J~#V=8W5{Fe4H- z00N%9!j!2%-tdoX$@mgLz%$ni8x$qL{2}0>(4Un?D|W@Xm~9?Yj5A`bg2v`jKHVC!X@p6Y*$4vgwADaM#RQRgJ5_q^dIXFKqjhA#A z4RgAEEeXc-RTm#g*KjGbs{Mld5Cd-e_rz^8?xQH*=z323SWbA)0y9V3N9n?}Ub9Mq z73gGQY4|jHdW^mTZ%h*K;1%iXjMpv5Sd?^qfycQHR?v|Gu|R6|GQElwt}O-8*@TRS zk~>;q>bT#r@{p=FPL0?9t;`B|FVo*pfaKIW3UK;Gz%-NfubEroEnXt*XMWg6fucyb zImsbV(5w>LL&6blM*?ws0oN)${r{;whDiKh?J+R3a1ZlLvZ%??QB4y6rk+mE3Pd$f z0eTlxzTL%`!zo2&V5EF$_knxO>vnVq&VdPWOQ657fG&jn2Uz3%#1OwWf zV^%PnZIV5Ai^|M9IXK(U5{c@+J~tPEbIV`A!=o%J{v7(S8J`7^ungXidKB)iZU}Oy zEbn%~W@uIuCG6aryoW(?hR@Q+bw=c=I!pj*FrD5FMRU0)cYIri9eIL9xm=FnczBcW z9>RtD%my0YaL%OeidBH0HR1K-$>L)o} zW(VtA7@%{jS^ZP8_S0k7j}_xi2I-)MlO0n}6fAWQOM@rU#6KDwK?N463JJ-%v?u+j zI3qNiZTL6C#sH{B&CwR?yB7zj_T*wA;EfCBuPk8pVrKPc`~2JyfE(YGJ-zFSt>u-X z{04u}hQkvBA+++r=4U?KW;KQ*f#cV&i1v*D3sbu+#}mVV7=U;zJ9eXP)Uk!f7x>KA z0!PGrN2thM@RNnE!vSASa1W6u8*pQ?%xZ*XMf%9x!LyX+k2x{V&b{)Jh7er^?DU|@zKiA0?eLQ+u@mY$ydiPh9G zT{ORDHm4c;yS>WOwG~EcQMqXgA$BI@jddst3$g=jx&%7_bG_Qh=^k|;FfoHYcRWcbB;(z%sW(h@Uy=w1T3^sHj%hOuOs zC2FT(JFSy>ggjFkT5P1(TfKFRC4>XfT!`yQ@})lo>Za&%#X&?#nhzzaLjYrcl+I=8 zy8U{AJ~L4O)8FP~#8^?CT%4tm+>5q8hQoqMBxA^`@5h9q^hrnRWtNc8oqo4s68WD{ zd@V}qR%)Su{WZ@6H1q%)>bAbFx|Zhz)$}=DMmj8UeUdK8mCg91)ZMyD#MGgsOU{<+ z%Fk^Tl3kQRDox$R$};2Vs^&Tz&2^l`k;r?+`REmn^%ahZis-6YZj1Z^Xegygq%AWm zzh`jDAv_uX&I@|6|KJ7QsM+;x*kYW%w*MwILkpJhM}&0>5Mh-7Wuz#dYOYmZuQBqP zzNX>*co6I4zra432VXj?tHwB#o*6c&PmQ(m8D(P~76<3=z(58Nq4AlIM8~R4&YyCxXg$Ht6OJG!mS+u?yQ1OlaO}5yTRluKzrW^EJWCobO*v0&J#t zlOWulI`mtN4y4yKJD@QLWTGHq_=o)if~3%~pkyCLf*R`qCIK$MBuHET*GZha8`#r7 zCUK_z2^dhZrT(u0gO-nf2L{@|fx#VqRW{JhNyyn6&A1pnX>2($l>J%Z%_ z?h(*;HK@5;nTOlj&QSt}IN|pKf_AW>{2Q5`D8>_%6BDvvLfB2Fg!<;Q-fHP51ilha z5#{}b7|i}A27R-J|CSh#Bvr~6ZSydkuC5SZy+(qz%k)cfOkxNpOCO3>`}KV zz@p-|Q^*-gNQmB9CLhPds#8!-I$b~Hb3iT39J@;_svPY@8~ycC(qznyO-g)X9%JJM z_1W2Ct^Sn=x$J35F12k!O0rw)i|2yi^e0-GRWa2lo%h(x7sFIhcOC6^>P%hmKsg~& zw|y&+r~{CacsXGVAX|}iw)e&WL};exM_9_jeTIO|J`YrC!?Xd)ra%DTH#$t}!Y(A- zhFAY>*;e71lM0%S`)~$kz_9@6j94*Wp=@UWL@v+t&fcKj;oHh4fM-iT|U`SIk@z~V)1gi0*l-(<@U@o3c zf2iB>kse4+}>@Xju?;rm}O6GFxDKem1zBw zv!f+DCr`+F)lHR5NlRB1sMCfn-1*<^!M@+=hxs&DS-q#CIRIcgtQK;WMferI7xqD? zdb&nI{i656zO%I3p?scm*)$3SBF{1p4qU+MO@wJEZvh3Ie$)op_e*lg1xXf!w>%rd z^Hsh4RS>i2C176$$_ost6%bNE;tb5xBwHa1gf}P{3gX8snx*FQv;gap=c!#*pcw@h z>Ekhed}+j3SQS?;RM-Ge1%HM2P6|L3!Vdvd;ZxkqZ>oT&@|!9U7XCpMK1kdEs6v+F z?@I|O0dFG4!(=H6C>P-)=Sy|>or(*?7N#!U zW64`TIr~Lt4^g8i#ql8$87#3V=j(+P;0z6MRAm-4R~v;@E1~_;*Y*|ui|C(OJi12% ztd?++Z2G^U{g~i?ru`@bEyke#jrK!0{<(T1{|{(Ctb@t_FWPTN|L;A|4OV% zoJcTIu{sUJe+e7`22ns-b8frb&i3-6puS9czJ6%SfBZ*AdMVE}+qK?BJ}KI>OzB2mHGq!Gl|g@Jy6XaQ>-&7f<*8uhs8Byua6Pd#`ukUsjuZ z0`+fz{~`)wRwqJD27V6bvVLg}wIQiHi`>0`_xK~| z{_OGZ0X+UMX45bK;_(-e7yM4WGOd#p_0a(iko`;Q74!NJkDpv!@PrRAi*o0AkUy$L z&Jhc3qCl;-A+=b+so<>@SB?iCZy|}IVB}?!35}eXmv3jaF#B!-pr0|%9B)O+K$}o) zc>Q4lJW#`}*DI!w9%?ma!_GA36kMKv*0E^U`PiS9v!{&)!ePr5y&b1?C*>s8FJe z@x9E6SUg>Jv3@Jo8)?7Vk=&Iye>(X&X{noFVF!72ECl&&Jz+a5-C?b!$1DEW7~LN- za-XwZA5Kbf*Ul&SAZIUTTBc;9gj_B9{; z=A}ic=#+(1;TZ&1K9Xb+CP7Mhqu(Cr?w(LCCP&xzBs~~W z7~W3BZ0A_GXBIH@HoBk&kMafEahjYPW;Hqp^XPXmYjcs67G^kJo^D97IV$7yk8Oh4 z*=hrT9aa`q!}*Kw!DQvpUiW)w*cuXT^LCnhQbiotxo_1FcDl;LH%+aV&g@PBCI-?D z+&b+)+eOhgiaj;48@V=*(;7k@1EwdmZ|=q1X$n_uwRha39ym6$EU;!zz?OmUoW#lI zaZ?lLa5Hs$vqP#5@|A50x}!;kN{{{B>=A1%h_F7PspSSCj%*h#+_e<$!0jCH%#Gr> zx+1u{_?E93g!1i(H#ozUfx3_xhqK4bJmQl!^5zQIVkgnT1YMi!fWv&5e{)ZntvB4{hxeW2LCY7pQ{F8vug_$i$@XdM*aBq4~i9uLXD z`!xU7|Eo-Ac3Zi1hh;1A^4f%VkoD6Im2taw?6Jq~QQyhbx702av>b`zp_|-UTvD#5 zR0AWC(k$jVe`?P?vYUQjE5k_-`kak#2eu0ec!S}WK;`VK^_@MgHm!noC7OL2RYp+U ztqAS@T*;V!?3uEfm8``|5V<~bM=IT~C&?1JA>LZ{h#nKMuYW?GDDqFg+z(nL{D#+3 zn%jkBY2mm5RV#hF6DfbRg3;-qq2Ry$nFKd2MRlsH@BsUUXEo_zAgCp>)3@NRE_;L9Ie^2f<#-4L zZmEa8k`q(x!Pp08Cj0|NFtH?EPePdb+qBjF7-abDV=G$ll`zf{2s665OYf9FgwzUkjW}`8%<4a*AJa;0ch22@B zvPk%n&7q_=rG}g(kuL^TSv6C^Q{5ISTsEPl18eO}-4p!=_au2dw7HJC$Aya=-bkl zmW1oSyQ4k5GYKPv*U`tvI{5#wKx>DxW2#; z^xg64a$Ay+a`ZRhekGxE7{H`8OyiC}=MFfh_+*-x*Qc3bcNBrQ5C$2Z#<08os*pl zrbk&3Sn3mzP_e}8Pw~Nz;)ApS2VqhdvtyJU4Alc2{Us!7&xre_!IVKdKz-{4-L!n~D2xif?z8${P!0lZqveA3friiLGOVI* z1AY{~1AY_|LN~>43I$HF!Qly9B%!05V*t-2Cu2gVfOA3fcLqvc8&CSpRfp4E)1vdQ zKf=j85;-rQd5_k54=c?AgG#Z=Y*em|6R`0s;Y}2bK_QrTfMT0ay7Fgl1wb-Wa@O@Dn6IQZ z9t(UhH9zSM^*BP{X03c&9X3L_vkq>I%>=_s_3bC+v`<-|4iEcV_Ne@i>=Dl1J9!)d zkjJrvJ~vNM_CLZ$|*M{E+T@^Y#)L9LrB{92H6eT`$plm(8}(l z+~7{MLr2(H1z=3<$wmNm{5IE77Zzml%trdGN%#nG9$5p0P1UkF0dseS)0MD4ssGL# z`RXBNJ{Tsmu%@)j$PhmSs#y>G;WsXm=GJU{Aet8Yo85?R37BMm&IU}fm+nD^0ww)k zSpf@RjF*%=O+6YaM)Lz2H;}}kX^JJEUX$zVV?@4$)=kp?9%^sk!>#^nTKG}?SEAS~ zs!a>GC1>s6(7^0Hq$V~@U|LY7HjG3&G)yv`K2%A8O-Vs+T(4hWOG)vB{;Fjq{X$@( zm&Z*YbA5f>Z29abqQf*Qwah;f#rksPk2qpYtxNyLR9sE2e8+~XCL$YAvz5|wl5Qkx z{}?G|3dAN`n#rtPI+7H9U{Y3PGLpC(o9tSLb;1Ft4KTdKK|?2YeOK3Oh$z_-qj}EG zx&8C~(aFV&ivc&lumfB$SYov{DtU)u=%1a$*~OU=d!)ZkymNd+ zHI0*whz=b5HW3B-$XWWp6Cpv7`k7$zXcUTCXbOaC^ z_5iU#cJ{AgWA_n!__x@A*6lTEbs;p&6dsfQVW=<{<#`JDv{jU~O(8AKKj(`;av*a4LJLa)TV*q~5t*fW`1PW97`{wg z$iKuw;2VttdaHdLiyHtgq>TNE37Ef({@~N^x1PtAo3;;|H9{htrJz})c-gCdlDPQH z_b<56cKkOkycl(fDFPmaK=~^!G$s5CF2pNb$OPcR*T*Tj<>m<%Qk0=A^)iCMsvq`@ zn>+0cyTxm+CMi=RGngn^jSO1ieeXdsY%SSzba@x_u~uouEVD-ARR>xSR=RSWi~yE^au=bT=IKiS;ct6Ps9m^ zTN_YZ%DVGyBHvTwtDhwVGrLIxdwq!8ODt(4qb#E3bKf2olc>~UUQaZO@y^6^4g*;4 zI#(5z*lWt0vY#nKQrjRZQ!)CQ7#ExQrU6rHwhYs9*JF!zmbRNe;w%Ll-143XqUDGx zLEzw|BM^lz+!oRO{i#q=fzk8+@w`Ul7`%3sij;U z7Y8@j$YU_2PrEnvuw|Z0wg{-7PF0cp*8>36s2vi$O4U}{!%MPVq#hDe?%cf~1GF6S z+6?~6WLu$5 zHr7>It1B5GwA(Kcrno^*b-)Cm)s3RvX7cw?kaEc&Ua+ca4c+KyS!@f>&{WE2Q%=Wi@t|ZM3mnbx46Z>L{CD<2+%t;h-*nT3}aZ_(IvU!yyeVfH^Z4cP}+PW zUAdB3T7EL@P+5{3B6E$OE7Q7t&{@i3SPUJmF`I{k?WLS#(alg4}ro)ypS7!>+yRDJuW0d3{o|K zWswrL{rEC!hWOw3JhA0BBA29#S1zKA2kQE<@}qjO;#0phS=6_c)-3S9o>?3d4BlJ2 zy}8~omyfioeS~z`bqcgs)4l7&0gmY5^3uSAxMr>2ombraDP-ZO>(^T^e7i&4=A+<7qjk?VoH@-OgR-_1}H+fPGk<9q?5$lO2qMf-z3B0}D8u~R6 z_xU0VRv&MqQ;YeYL!rfNj<*6F)XF#+ZxOL2pR@xYm;GPl#Gr2ZR_{7)`52^JcM4OB z>&)K*fWe>e7v4HvgX_%RmfQ1{I$rasK#qOln%99M<@c=2X*ww}6NSK05w?enCd-+15=>rEY6Wz2PH?MzlVT~jT?X0vj7UB8%) zPD%*P0$oJ_SWv~juT8kd;BO3G~-H+zI_D7|3Sn_;9jNh zTr^cLgTM0`WDkSBJ!3an&(R*{{Uz$K-$SlE`Uu^(DJuH*hI>=iXGz>o7d20*%-qzU zRxwQ6z9SX$r5h4$K66`|kkiOsf46r`K_{MgEFqX^0<41%Roslob0U||xG|Z2{F$Y^ zA)n-C!H#MwiwYm)CuD$*N4;jR2ZCxsgb?W?5wu|s!~QC=C=!=1*U?DJLAcL3%roB$ zh$l3v=3jh^b-O%`sV{x8yRb(e|H=#IRbYrebsYV}DU(r1o9Cv4x>Cg{zc8p-v46^T z=ts4tklu2VQ53rDl%G-5#zOY>sS=*Y&SFtO(qx!_2km@PEaohe04oGGxd!qi}0E{6xy$jT6ji1 z$T z%uNvRD)A&u?;ClZa8r_48AjFlrcWU+mhnJ%8z=hqn36rg)Btpc)9(^>gl)b)@fb9g9a)zX>Pt4c=F3?6f^ z_zbX{`t)tps!ui>2mP|lj;?X_K^4*RwPNq5s|v_aAAG2$fCZ4AcbZo&zFF>bRi6eO zCDOLj55l<;Cbe?w@OZj=LMJKGHH}&s?QTIekpfv#t5i9h)2J`(^v zl7etfxFtW6PBqekZ5JMRq9)iJ!~h8H4!!`26^R?hdXJXoj<54T=$Sk$-5vYU3asup zNR4BXt`ftApr5WhI@Abt)~cK7o|bQc70L}3G&vdTBSoPF|Is4s1hyZUlk5k6IR2B1 z3}>(mh>W}@pqclFV^%YqWgLyargNQaNiPD54Sa*l#e}N8){xZzPG(M(LQ_2s!O93Y zR4~xyUJuYF&?a7#eZQ~0uYD0LB0S(BOV+dum48`F0`*G=EKm>0gFVtEC>IYjOo_V& z4fSq3r)u)4q{?s2lrDn}?3$Gf;u_-m*45nu9Ppgi7f8{l_x)WxVquF9Wj;Sv%Lpvy@Y` zZH1H)8X^+1{U{d{yw0^@p0;eEjCgloWksjGWIuT=b;FqZGMLR2k5iT$Fw}9K=O9;>O4-$3~mSunTvJy%g<-lxW`FpLSF zQu|8YAV@1szcrLfim3RsUQTsYrOS+?^Oi=rX)Ci=vcJyuY4*6YBu|d5D6beyQb=dq z>0FbcU*od|Ec#3pUi%N zzhWz5MmtEiJ{G9Ew(|MCWC2cIAJ&kyyT}Qm6}73#apYx(@+#Z<22PV}Z&qq-BB)5{1!^RCr-83I?r7+nPBd-^RdUlvY)__u=$mT=6bF4L~E@ zCX*BDD|%he&jcmA#0F=F-M>m=&|SP|cxD18^cJ4w6h&E&t$V?!;fa%W>KcYt`yANK zU0!42Krb+lvsF*Cj7`dAPHfpq79Z@GoVoYyhxhH7T=G0!(#aqXX+9zNc6)A&e0+aj0u*O95X zMEfAWj_2fueV0)mZK1LP8OOFYsjQIDh%5!97n0)5_8vA;!TU~${O$`U59waw7AVjz znkeWl;pNMfu^GIH%V%<$D3_fb_Lt10gGwtVSz1EGHxO+i0MSh)f`*MMr+4I3i}-Ybz!Z3gbkv);aZB1vDuQ#XM0x zVkIoo+ulY`<`}1vV%}L7x_?_VzK1e<`HcQoq92L~JMv zk4vl;$jMKWgL=Gv;mf`V(o^_G5Uh;^>4wpcBsD>GsTisHGYK&g*;Zt3>xyD`Z}+JbvVtk? z?|#{i6C=+hw<sxceT#28$<%phGe#F#CkF4q@(J4%I{uNI2qe)fF1yKT#!) zC@eWp>S-AW>IZezb+L0cd+RS=g-p?0LDEBN1D$E5RzV_s5l}$_W)1y4(VvD8rtB-O z4V;#sc{%k2H|V-SmS)-pmGqB=9>-;-lV++eI^F+|ux|j4tkKquZQJ(56Wg|J+qN;W zZCex0Ol+GI+fH83|DSixx%Zv>Zmrr~olfsm?e1NbZ+%$HpS^w$O*Cf9-tWnsl*8I1 zsS5h8(0r9~W^3ADnqBt253Gxw3e~%>79L%EscfSSSU)zcWnq)S4&@383$_NDB-B5N(A(GLZU$2p{^3UmQ5ZP&b|ce8k22J;CaQQ}!&I@lq(=IT8ILOz9anMZi*c**TlO z0r9W;zvdRgsQYm{p00IObnN$5eD7)8S6G2hiP;*tzY{cOB4kA_wQQLq+Pwz#if6eN zkTeg}-#Dp3xKYX|L-yVo-NZgf8*?9Ke|&VwAHH60L9EXAiC=$V@)Gr?HTcX6L5BBt|;4P49V+c9L|YMmF!a^g1n=~hxr>9 z(=@2*DV06`d^}#x^ZL&aYjboDC+62#!E?&a``p6vP0Mw8zc%|FKW(mDGVf@LExynrhM1z~a@VtCiauS=5i82Be*-6aClS~vZg)kp8oP&drR+CT7 z?uirP2P78Xykx*mk%Cha93gH<7A~QF-i_I4dc5)E(ah54s|{Z3+ApvuE{hI(TfXDc zE%@eFrqz`G&%RFQpuWz^(@4#>o$Fn4S=<^}_X3S3*oa5!NDhh>pc#ReD@f2UlGGY@ zqNk3M1Ie+*5FaGiSVdpDN$9eUI6z%pX+?ltk@FeyYlTo0+|`Py%d_%#t{#!b8nl2j z+_37Xa4Cx3MnWJ4aGlT0v5<^!Jq4Z+`ux&h2uOC8G{}1;g9bT5)lcbPxT@8CeOWD1 zJW4XZX|6%2Hpj{LbYo#a&v2zdUO`?bB>_hiYp8Epm)ZAY$GU(*&yk^gs%ji{SdbXN zA7QIS-*n-iOQx*GVN6)xRNd>cfcM~nS)yJN*f~N*)00F4#FIhbwshc@a`u+7;1Go# z!H0srw?91XUlK!)Ag#F}ar<2Q-IBCV4)cK6jDiGakmFBG&3#gnUHTJtetJGDd1WcD z_@WgE1h4d^?%*0;p zs;D)hl5;@jz=L@O3Iz%Umjpt?kODyiTn!eC?QS&m7133`*bOp|2L>BsKtJHN5Cq&7 z3~Q3}Vs1J5sS&{n`9LADkU}{puL4BXOdfn8khEl7R(RDYeqD-zors&{I2!c|PLP@k zxHDT=SUPZ>zJ{#;?xHyVX9)V?u3LCRSf`NJx;TO-G?b>#IgpTFJhjCcp?^PrL4bmoq4Q8QR z!tBL%?=0`>Q5BZL%W>Okb;&tjHidz3a?nC?mURLhN`-Q4I6|7@=p#{8CHq+9p8*)L zn7<%ugW?B!6qaAv{u~HpfAmaYkoG7BB+FIMP8=4?#}SATav0O$9TmEvkr9ZVd%? zJ*+PHa0sEVd=;#B2!<*e6Lar$s{LzJ(-ijEC|Z+RVqUFcGq3B@$jxLm&Cn@i_fHR` zEW9!3shHr9@@7Akemjk}G!!b)*&0WtYR!v*6O4(WzNH_0uWu+V(y9T8%%zd%I)-#S zMu!Ro{uhT2(clq$?O*mJ4of~OE?K-!N5Ch4xim73nk8Jco|LnfBNN{t0Um8ErtEv3!- zWKCDy^-;mIt*U2(Wnq@af&(Ghz3ZWx>niWLv6un-plfH(sd{oXk<0o7kMM4x&30kq z-}{qHs@S|KdGq;8G^~$A%k}c$O`kV}U&0c4?8yiiKk$%F(Fb*zvG7*JixN!}ZsW=42AWdd8jjSP}0{Z>E5GwMqmar{~c=}rlM6g2#_1VM$AClM0mvKZ-< z<9F-P!Qq0l8xzL&geTGiXFJbYTxJ?OZq(g&dh4JLD6SyXS;sG?Ill+j-CK%3OIZ3B z_cxdD=R4zvVhLVwYha^m`8D(lV5eQNpAW8&2_&V5yx-fKSd5Au5~{`@NKPFf`0|N zvrF4UQoz>8a5Fbf{yf0IPS#I?Fj^0@j0E-StEo{)OkL2TdSIX)S*N>Aw`Tdo1C4JnFGY#*r){^!)vh zm@%m;VQB4~LFgpnGChpN47q7R=yFdq8{|oj3X>9o(?AyS) zION6!9~URjy7-3BgH*+hZ0-IBq1PS~U<8_t@~y_~F4|%POeIM}g@Rw#7c&v6@wo=) za~@}$gFYRMnTjE>M?6s1wqrdgm6>Eh zb=$XqOUUqXW;Cm$jM%-RhPcvR}8m zoqZj(86G}K*XN{D#6D8Q-&EIwns_SnjSTdyZpNgfN!`Riq(3KNW&+7yT`RSealka@ ztE37)T@?K*9T!T@l=19KGofi9fpJQ9Y*Pk6$9{lF{{XHE0ZyHyNE!H0`K3v4kQVkx z9o{JigFm!IfW<{*fXl=ePupnj4pLzGkeA3XKD~Z`;bjBdZ2f-HpmkCb~-zIoVqgH zgT3o63%)vn+%g=`v4Lx;fh(HOEmK4HRR|pd2lXABLZ6VF6Zd3w++>vK2JuRxx$srX z!A#3Ezban88lx-qmi#)Ye!cxMH!0Gt6UMHUi(L)8q5wxH{+d)r82@VMuQVy(M38`@ zOadAf)Q0#PWQ@_S0<=$*pB>>enFK)$V69ymtK zBG12?f4kiW7dokHF|F88=7;%BiPay1f@|@v{vZo{Wo~=l&&g;teO>y4}o1$%NhyP$saGL zb-k^8J{CDS1@^tXjvGk=Rivvw3+=x9iMS^h2y3RiE0Hu`qB84>3g!U$PbD<1pDXdYfzJudLi(~D2? zSGMkpjQ&quLq2rxcOTAXiIKspxd+{m_)4A{Nss%K@Vde2YXU8IE$b7nQv@!(KpQnrEtcP2;uFn# z&tFOf&P^LN&n;^_aG4JU?R zsim{j8fA`?`h+|O1;u_il8?XXSqchus%i?JnfR48f+XJCs;E&CJV;y%_vhLj--|$6 zrrt%ubBil4k&bBzQItm}Oq#ezZ?O=|!j71jNNeiA3AV)FS35*33d`MB zC)l)*-?8kLNFTEttL9;8?PE==;$vyq9>2$U9HYF+ya<*hTE*v9I$>FY4-G44i&g5Y zB}6XpH#grjWIKGXU?^A}%Cf3z_;Q$Km$|_-wtW*PSmPA5$?S$Pj8bJXI8}Uq;^Ad` zno(h?W4`aZTq-%wC*CsZQnArWgt|6htU~Kr{{mUDn0b0%gd=3SMpV2sh}TiMMM&gr zFoyt1ZwMc<=(0+KX8syvg`&wqv>Q)(gr zzna%>417dMa|OOd{|tBw1ekQ0&l+Wxb|k55eWXT ziiHP(=OnPBNYo{Xo!^2f2QE+KYv1T(%NP658r8Iy)zjLjYG~F%kM1J2t{Mw2bmy4V z!mJOMT9u$6T^l7GsP5`kYB6CWXmy0PVQWy(y`7RPEv zP-`k9!thEmE|A9Ah6ok1AN{b^#307-I#^xQI10z31tFdmH9~|5Tx9a4(B=l}6pBo1 z@bj{j(P%<+Y#)QO4%@X^4l*OMZ5daR?9#7>OipT*qXeIwlmxZ>yQ)f-#8%}ym)ugt z1l<4y5o^{u!nLzGVdtChY&&wYn)Whkh%+-b7eB7FA6 z5gJuc+}~m12M|aM7E}xtxDl@D&jfb3gB6qE2q-X&AI@Wh6ub|p*pQ-w(DQ;P=AYOw z8_o@i!Hoh2i*#9HndVHE)yu_SSWLl&VMSeVxe;KXP^pNFzd8i_8jB&F;Z~kjoa0`H z;4*8uX)vyOG3l4)fJU)(_iX|{#AS~co#SU_2X&J&!apF?yVLQpwz#j8{1Hd+d|&P% zf0n_V3C9o^(@^Y$vU)zPJ4dD`Fda!Ol5q44f$!ksfDuD;0o3eA^Jn`pXVPEo3mp2c zhp$TP{F3cq@B{KvF;p39)2&^bM(?sO|70qL6%@Lc)w;1b|qx-X6O_R4u)k3 z41T90gOP@xfRI9BeU7^AWtmKuwwJhu-#t9prqr5 z-AsWmhO|Fn4g|N`+$5ri5!vlAHhk$FFQdNlaJ>7%@B?-L8=1_a<1UO@_*qO)XRAM` z@p>S_o|6@6RI%m?i2pFnB71=lBt&>81&fN76+7nve)O73Wp-l=k-$fe{GmfhczX!=FRZJ8}o!eQi)GBZ5 z=3soyy1WocvfpO}e=~R^K=I2`+4(5w(oc_E$I@}Rz@aook?j{#MCm8L_dl2{(>6}JLtvrdt^Q}LX|miWo4O@;~an`bigZ5NzaR5%!VCz2wh zu=IN^bU`&ey*pR=m-2@yM7j5UM7dD=a79bOqY?2Et@kYoQamoLIp@U$r4=nw!N^ke zg5FZ!1|Ou6$H8#6vx=hP?}3Fyg^ z(*$r|(M5Z)LnUA4JCo%iJ3^8e2}|iUc~7vzr65$N)WM}{W>hDnPC7=9D(xR-TAFX5 zRzUYRYI(I8KQkDmPren{L6oN%yDrAfYbqZ;34CS3g&e)@i%)U)K6q2dWKZVjIWGC) z$H$-3e?L!h9Un8T2>Ff#sR_`%@Lf(q0*QD4W37atV`c#0Az~u<2duTo)ph7X)A`5I zv=19rdb>Epvv@5tx6m1M`&L(%HSvIri~lEFZK*CEi?xsktz)1v`vut|?*G*XaUqjn z5uLd$T-P@IhHlcgbN58148w*(+Uy%n(Yk-I%HEc5rTNRwWxucSa`LdgPIdY=t#R}4 z@f^A4Wk80D^WI`J=M@4C2pD{f``mRM@YfQn&wFy~Uv^UhrZ7ar7G}V`n>K`fqI`ZE z{OaJd5oe4)5O5`t&GZHH;g3G381D|arDsQf3Ac0NME*k|Y-v_ooc&876!-k6LI`bU z97JXPjLks2+nrcs92p1YQDv9AWQK2$94~v}9^&$rb7Ws)p?hPvLTgd~ zpPqc!=AR#S8W%ba8n7sf{fUI#U4sIN0ca7YnQYh=p;n z+a{M62+)`6XI!d1WRGMoK~zo9sO5xZG}uI(iOwEMm{YW5)P&K>5xG_O05P;v>|sE| zG~qMaS3lL3>lO{&Oex{$qbKD%15NxloCtnaFPm1V*@uGkaX;8XxBC+GL)XezxbWoX zg6Su%u)mc;ci2Nyr$N!`h#_>273(4O){ z8J~flFeCLMxYx%1c(nQ>bdP$RU@s&E>c#+Qj z7H027AAs@@th*C^?l=(q(Ke4S&r9i|sfns9I_`ed1NGju^*wqiFZMfz{y<=_CnmoH zoJG;=>(t;oDx_sv$kJ%|L2$D*gmGPd-Z+@XsWn#%>E{_EN6<6!IqUU0SaK{r3Y5+T z=NMvX-Cb}+vi_pMi72_zcfEej%x6$_w&YRFw*)F!JHAGH3R_p0dMek00u#kbIYiyK zn~k}Od0IVCEz_{77ARH(-P&(9cyY?2C~8)z5hb*2uD17y4z2k;Y2}&qA`TtWVE4=; zDE*Dhnx8oRE~eWpLyZ22k`iIdt#d!B39G~|id?`qPCtFwbIU$&SK2=x3%Glk9Q3_F zaq>MdY7j)8H*yKvO&k`qPQ(~M-_nK{XW|w2gzar`-$O#x5Iyo!b=dEJ0(+RYN@yIl zHIMW-!oGhuvt!gz^uV`%%NLo!V7R1p!ZHK(!{`j~yQxj<8MjySKz+{>xRgrVpYF0d zMaXvt)T8H!Zn1lfb5;MH9jd+z&^mGex0jLwfAlK8!fQ2=Lf46xkrg6^BCaKosolvS zk3xRm*`KoT9Iq8dGjIdcgQujy!`F;brq{oPFa&?ZFR1gxjN=am_3>y-c|^WgQx87^ zGzgl44aZ?m1Kxap^E^ZJ2)r!JdeF>%62J~rYa6_43L5wVRFUc}5xNb7Po8AT1il2n zM6!gB0ad9N@iEGGn$91>3cV=(b?NuC$D+94uZa4IV9oke9l_1|`(U}T;qNiWU!i|a zJ5d=5U6=}iG~5uq`i?d2cL%$12fs|1KL%%Im7qKqE$mEGj_VcCG^sZ+Z(XRFKH#cm zyl19(c50`1E|-t;RBL9KcUeBYiF*i6X8{&z=ItJURVASX8N90K)^k;ec+A!0DHKA< zY1nu6pJTz<88|3Y0z_e@g2zhu~H+P~iC4sz*}Vuru{1Naji`uso(_diKJK|^ys zGkVw)fp^anOhBV-g^_*_f~~|vmzsh^_5elqH~mlx1;`$RxQ}qgAm&dW4xG2AoqaG0wlm#4YPQy~981tS^ItC?8Zx3!EL$9oY9(b#Q z>7Z9}RoeBEFS7?LWS8;{5x!$XIXMbh19f*-9}02T{`}#VKWdHBnEfEFBMtj67aCxf z)&F1XL0DpyVEm`nV>S4f*3&?Pm6X2vFRjOpgNNTLJ2RtD!1ymWnrzUl4haProe~|% z0_|*E)DUcN(w9gv=pw4fX0`)93qb|NZ19Cx{KK^3FxJp?d$g95y4vgF>H$>I&)DW# zH2DuzoG@Ijpp%x?>g!^yhm*{>@hhf9Rkfpy&b(S>x*OB|RSV$s#ka*J~ zSU(y5-ui~JBBL6m*uO*`aYuBte~3KnKgK8H=f2+Y@pCD!L>vt6E5>j@+}3Juc$Taq z>D^>0rWecCNLyy7OLJEA7)E7SozHWs#43s{scc?U*t_d4YzPAYzlDTZoUU1J#YfYzj_4hTF!`{yNg0~$>>)7kt=i``x#H~Bd z#V-nwvf@a|aKz8%LYB_#aflI;<3C`TxmY1Voj93agJEwSOtjyFfg4``KuF%yt! z+3J6hZ#MKUkG8Kg+w9%E!-v8lyDwO7x3{0Jp0JtK->+xTAwX`;4~n+fJ{{pZ3f0!1 zy)JnTk++d>MUA;%q*Z?SM}G1m4$BZxfXRnQ{bJ#`Y zPu~iKA0KOeyLx-VDe$BDTih+%AQ#gM$qCJHIt2kloON0A3ms^TEcAJ+@V|UqUmk`> z#em&>!}A{<4;0nJjxwX5U&@8dgO^pP+6tHlW1vD4C2ouhe^B}OC=;4(`Y?m%etlos z-n=gyeX37c2+d=j;40XY^r4z9IIfyJ_4qk!4XcgnB&WL@impTc?*MX33;-Y{%gJ=? z*f^e^Kzcck2rr6$_`T(=5G4OHppd_hdsKV`{9k=ByIZb`n!?X~E%)}Rk1uS?Jnz3A zGfIn|48G4VPn>0EPWi3Vi7+PRWd&@G3~oU-#EHjfbP|*vZ9l7Zk!h+&_cy5gVxaC= zV2Ut!xi?dDpiIcrOZKL?Rv`()HGSTaHsJ25Ueu3Ryq;8o*NzdQbM~4XJ7qi;#*j)% z*@1ScYDJXGK@#CGJXo zX4!{j5{74;Hiv7NFUTURvdvTq?!!kR)d>^g68@-J+h{`()NE}*kn}y~>N{2O?0>hSZP4=b6neeUS$0h#p)+$K3^>KIIe1^7kwo>t+tif5O z9H0i*xB8N2V8-2Y!rx==$^JZdIyK1uIa7~u4PT1TK)AwWCRL;M!=vka*tN$m4eq-d zc9dSB!)k)?O9=kNKIeg-rwX>4@am-%)<>pD215}URMtl}14Y;sljB@RXKkVX zvz{65h|ol0W&ByBgQ|~a?xFYwAq;9FEMHwIN3D|{o69@e1WkwjK|Ad|epG4t(&uYLjaQYLJDkhi>bX>gdRNJG-e#Vq zlHEw0`O%I$MfhT^#DKaRVj}5a>AT}p%_BN$RfE-_`2b7vJpIt##=vq2o+?y`+#G+4 zSXgC9F6f9o@KRmaxuCgf0WWZcEIY3WfI2_$bDF$%$ewWTi#9#iTe1n7Zvu9WIMQkz zc<&OZLqRh}W-JuaEGKP8V1&ZPdCNYqhjl>|J>y&_T%&_J`g}TkE`Ne`v&Z*|GgPGJ z2=@4D7aS`YHLe=mVVGeUV9ko3v^EvX3FzOHDG^9_SNGC{#|n_0hD%hlHA3`|xhdj< zLd_Z=&EJPzX;|VWzY@fjhxW{Qf;G+`uCuGc0u!A9BdL`I1q=lYl}^FR$Ox&NG=|{%=Y2AZxE#E8$3l>X~nsET#w4B6E$Duc{ThNX~u0yqW17%TBykzU|jxl0NL{5*6H`=yc z3%h&smyng@SjZ|Gc2Q-UF9z6U_SV8SQ!QiHQp}->!7DUPK>Ki>yKn49$f_6&A zWzs)GLbO10@PZG1o?hAF_-Qbqs#we&Pg^DLR_;7I70%0S4qg)Pw2ffwzD&i>e*+}x zFZdxSjRE_6a7qJn74_0BkZ$rcKzYqetg4s$W&8c))KT4;J|8w#pR6wJOB z$Zm3yqkU!DCtr2{r}^tVg-o?V}_F) zSL@0+^LPNFhqI9WO)pnsR(h9&=C74cbx9-pq1cLI^$_lOmz^u( zMh6@gz}dwLGxx{Y1? z04BL>qoaS1|29-cmwEiYQ2an6r-jsYasDgcQI&mFnDm~8XPfz?zpEka%a0^C_`M+S zrT%eF7FC1729i%^Y zxJ(_2oCpHgyK=s{rve$e~48s_pqUfdA3#<3Jmq~2zTp?S&wZ6PDeQmpGwk4;Ro^v>c+}F#cDj)`Tqf1F+Tl z?ahUi_GR<8_RPC4t>*>+yVFn?|FKT>5RLv8lzKn#{V&gPKxt!_f{K=d#W8FOq-@Etq zHk~f*I(~ITIk%2eSJCixqqdGeSGsmCI=8AhHKuZ_OXpOoW>?TqRyO_|6A~`AF8n!U zwoXxt(9%_%39UML{4!JiGgf=TSNo)OA$eHnyCw58e9>p2WDJ;*g(op;WH`HPY!ASY zwCDN4-!xY3djTzf*gS!KP2M-iR^^=^=dOOfkdpCjQfI@Prb9(p{bXiWBZ2^}q4~Ge za`rdIbF&no)3MPmC3Cua#kAK_+NWaYhVPCo;75SOk7`M>S58%XoV3m$o0?gbSt0Y1 zL!|U_J5hsmtQChb%7*!xd(GwU3Ejr(ga{`yjWdG3rlT{GQ@1&xtk>E$e)`Mu2k zM(>VQ1zVby-vL6U4feD~;j?7M<%sG*xweffi~H!31SrwOTQj==%}Wgf5p|0@QSk~a zR7GTniZ}Df=2@g}b)L7RKu~gUjU~CBm{3r$W9#(P$o*QN9IL@R4e+T|1l)UL|QFi5t z_Z9FI@SJx^zN|&wSHHQ4qSC*z6L^LUimqQoWC*y)QbGniC;}d!M`2+V2o&_FJ2eAf zsrZv%^55c$-hzW8y53Ld>Vmigo;zR_K9H%lTw>^^V?no!fw7&&nyl?XNC>qWXy~>Y z)`MAugpXPUdL)k+NaDn6&B$s$=D9il80^kRe2|0!h9* z@XqELh3n)te}RkG|I#%c#$(QwS~hAsUAsDV*F@)=vi{?ZF1|89wla&nQ!lsFPD+5ds&uLO#&- zF*Ot78fbVcY3_3U8tU%quokABuwAnWkyv+;){P6p!Cvfea~A$lWt3G7J5d|;t)h=S zNSW5l;ZPQ#KHa&^76A!3GtzD`EocJR2BGTCXXy)%`Ge-vp%nNWup`8rN z?Z%n~HjJxf;NAHC)Nb=IdANB_d;8{SO4>84BYeQRSIHCT=JuZl-Oy zV!nriLgTq4!eR!p5z+p{JoyA!%HFX8>w`tHvCpQp5O9G*w|m*d5vSrgfN?=RV}F2> zZ1?tSnO0+|FO(ChcKDyTV{aegpkBiD31V;IIraq%JSNrQ)u zf)tfjlF!v+!j<-lX8R$^7h*%jyhyWO7L7C)jDO*#>riu2_lw|4IIqx&jc4+jf`=v1 z%j$V5klml0`M6bzg1CCgl9?KhPx%|XR_<$cau6Fo^h!$EKV@nt)FJm3L)oSNG8d3W z>as+Z*seS=%p68-9)`u`las2fo>)q1b+GHNb_#!9a9r-*o0BTa@Z*YVx#XB_esC$9 z@#8YC>VLlPo68ErF;slAxbtl=SH<+-uO{^wuUr7U0#meS_Ai4p{*3Zu$IXt07=JOa z`f37ifP`=5q^}=Me&g;TMWAB!8x8tbX#ciF4fYiz$T=+bUR-$JopFDlK=AGV!o@+asSZs zTl4vOEF+kN3@6H2uvI;?v)`|%Keef90tXlN;}52`Hm9-Kj;t!#NB+$!|Crm4{-RxTUQBQ9Gwp!?LgwyEa9&Z2n!MXAhBdf5XT@})*HN`u2P#Ayio@Ehgrl(ej~oa z|B-zi_f?l()#3hUyw_ve^AGtdYz5-{hkSK_{1^H9O1J|q8M1n5NwF2@n)o0jRWXC} zKZJX`{?~9X&zM+(d*t@}JHdnHw@v8IlM7uXv%Gxe_}HT-(1%AI5{F{Vyfb37 z-=K>N3_TQuERFQGvON`UqIB&f!r7t1rC$}pU_NpgSj2l(`S+>@`IwO(v2dogt$(z7 zTWntcNI26iCIIRB%kaOGuIK4rgQYdE`Ov;N)@wzi7bIpCvHsEav z@F`!G=SR=T)G|)9WM#B`XLpl~qIMebQt20_(A-s?`Yq*qnqfjt=uM$}Vx1?I`n=9E zqGT^fq1g|aH52+eza&=3A3)vq6fDq8y=Pv5C%9ZOT&FPxpwb)GU@GHCg`?|gMBQaTH}%0sUf zINiiqJcD8g&9dGGYb}Wb-(H%od7cl=_dd3!!ZV1E_*dWkn&{?r z>r;8Lv{6M%h=B?+{jSambRq)OJZ8vK^t9I8H;ZiXvR>&$5_81posl0tFq1Eq(5aveAW6cyFzsONtmqRvvyY9AKy<)#=(<4CEVDq;`@2BWx0=8jO3^$}sV_j% z;NO6xfuuWN4XCAQ2o*35CnH7h(%K1n@%@M{vS?-SM>w58kCKR72>T@^JDI5kO6Ubj z5F3SvVGubhu0Z566CvbiFd^kKr(hhuY5f+=E>@NcObP(hH&{+;=}I>=J@9#8BPqgF zUZWrf9wJIWm3>+BjCT2$pN#H5Zj^KEyY|?vxpcF%b@`! z`8r&RezaO)xl?=c1TE(i#5Oekv)7*zDjxrxJc!?ODasehobQ1LdmVNvKnn8H9=g>y zrA^`l^<7v>F3xOd=|=g*>YUHR0jdje5|$4{!S!oGpQgiaLXhospY3^72B1SRQ1h9< z3@Z6-a#=&t0Oei7*4SG*uUr}8`I{exSleGRHiWLopf-qyg3tnwe$jg+mh@QV`v4Kr z#J_x8zWb({Kl{H3Lmr~M<~EMu(8&5k>8blh>3Puu%M&iM;L!MTe|*myTQo&-HU9 z*1EIek6R~rbaGOxjK;OP-j5gS(;wlBE7&g&Yp6@S&@_%k@u5W73!e6sgYxCJsA{{K zKFuG==wsqjwRfUwtmNeQ)rAK}B~2QUc5!#~?9%qsY{sb3o!8Gvs;pX+5SLLGza_Z% zcus4AHAC&byqXLa4`P?a1>0O^67LZA8sUpZzK!n-GM>k6c)CU)#v_dHsiy)a?D6pt zAjNbox4!a@k*KAO=bWcyP=5G@dRlWi_fAgieqz2SXPPP%#eC1;eSdj&us|NdcC&Uv z^Q1z5xy_QwDJeuJ>8@n0YX)tc?k4&!#b9!$7Dgn$VEnm%Ej{#O+Lmn>cgD8vRApXg z>sMWzIA$sD5kiD1iVr6j*V$tyr0*K`qoMCU+Dp`pDT^<;ZYStQiGq)K=NPsN=Kfgn2DmRcektGuuJNt| z*YvlW^s+N{$9xu-454fMW9BW^x-p)2yrgQF0PIqYKc~GOxTd*|Gw~NMq91(;-NiNR zurBWJHd``v#o05v-zdvD$#24lI?Plqdv`V8pr=O4ZoF>PR@$jsMOs2<+`q5I-l2s~ z7{rt-A>OfET%8E_BY1zi(T$k325fx zU4b}TjTFS4EG}T-X){C$p1Kox5@QVEbo~i?wbY=ZM&q;b5%hOjY4)#Xg7d3Y&G+Nq z6=|Sgc~mj!uISLiz;jDx>-(JXVR>N9!8Hz6)=hIuUJ>D0LFy-+o0dEWK7^x#)|w}q zpkEPX3)of?QX#FRHpDZI@&Kb04BUyAb;}i8F3x@d#Y1~JZd@mX)k0mLaP;U(+)# z9DM`f(h48cs@yS)c0(}Iyz? zR8vDVjA2Tt9FCf0tz}9ng9T!$wcWLoY>i0ajOgWgXXjG?fSkrMG%R-#EQXsIHQ=ZH zwNmkcUqyH?k$*&mI}8@?i>B>929&MDr)mg>2A@-YT^{3A=Sk9G_lkg8P~EcrQ=GiU z)3*?C!A+_h7n?iep;DS7PEo)I;)v5eFrzO#BzcGj> z;*H^E_mfn>`Fbn7P9p8j5k@XpPbT5q|1BTeQUgVW0YN%wT8t4|$_zpSrdY1HKsrz= z9%-qTH2|G2t9t-)5=kFzy%e2KmQ&bgFNf4&9uRM#U0>9cXi+tQHILzdQr&uS7~l+` z0hCogc)k`9YOoceK#Ks10J;F1J8-#~BpYo2tOQ$kYl@1stqxGRRyMc50-dXX>R+|s zi7c?tQeZ`>060YfT>)@PrI}<&c~srtwlcU*4LgDC;l1J<)gPqau|T0{T=50kFD z5>*5DMk8OLi9)IB3>-*;0Ut<`0v})xHN5|@{@=RD1I<<28m@nHL>N5xqw}oJry)&TPRt##JM8oby94tElg}l4 zCUbNWnE_0>4pNlZOw>;OPI-({u!|QjB}*2AZ(xuE54@x=>>i;Lynn~zLrenW6$%hA zkRd^69}N*8O7UW*Nts zEg<}U6hJr=fz^2Dq+X#yFr~CBNr6vA-wu|`NVIQ{IXkm=GRu)kaDLs#lGwn{!5D3r z!2~koAN@LB4!MY1kLV@!w$zdOKA_zzd20fwQ00mgo+C1GlG#1YdU9D%S>sjyefp0f z{~KS#Uqe23+KX8y?Wcf=`^ur+|IkSoXE;@VpQc{x=`70sxhN}oS}MBsGUqtLb9#d(Ck`TJn<gvn^^1zsMp@{I&DNDsAs%Jn|q&&*Z&W1zW5B_eW{Ws{_XF^C1ylX7hU?{H|I%$dgw}jO|Een zMJt=$i(uiC;O7yFEEA*QHj#@zKFH6klIIXQ&iC|Gb#jxXLt;)Zz-Lc-R8FvXzg5ao6Y`!-yWXy0Lp`eY)J;J8B z`B^U%&iujos2zf0V`1yjIM+e-;Sdy{yaWliF2jY=tIsVI@0$^2QUqQ(Rl?zV!ZW_b zKl$nsOFpV+2;FE`n#smYvDIP?vUI(?yQ%zUGzv;Y;-~*lU@!b%z&QbE!JntC4-*Tpkd8_+yB7pOd*I|x=pjarXdcvTm7kif3 zyYt#NoQu-Ky8!xUr&EgT#ru%JC%YJiCLY;7)quA=>WWU!-U495pgmTUBdBJ(5EfEGUt;@xV6Pq#3DgSAMZ~{Y#$4!c&&J88x z6nf;bbr3Ze@=3reRJJwz68|U}JaU|;o*8!r@)ax+2r4qHNp;XWz4^~vdPvL_d(7{6 zz?c*%TnTAsV0a=NczB`|c({rLE-*YdqTh*{I0hS3>JGqg6UkjkYbgPGdtM*z_PYl% zlWhZmxOg8cut}e!t@j?1MDl2hDg3QCi=TExAp;&zbqc6Lu2nSJdjfya6VQ3D!f0zv ze=z4$R_9xPkVfX;>euRkC9jq=8=|DPbq}_e*3}r%(mes$|6VG0e-UN4)#jP$DWyt% zKV3RRC)r}u+%5^#B5q5#omMMbZ4?SXl><-Jz-&jfXQ{JxHpgdek1-O2I9sHf$b8I`95$Y;rC239a;CI%zm)}Y2Y4ycXU1FvZ2 zBQPyl#PZUdAICRTh-KFR=jt z&z&+v-Z2|SF;vr!ct4+p zA7?=%E{+cgq5L{(=TOSdW>f5bU_SEWHlm;64!HG9Xd~kt{)sG@!OSU|g`~O}TddK?P542T%&f(^3!@;L zXWI5QbUPpmfb)xMD+=zl})`RCgd07^N&$YPlO7ug|KspZ2t}wr|OLJ z&ov!V;SW(aX;5FQYm-u;T-2#R_=NzRyW&8%lognR#qa&3Jko=tW0v0bi(~wl%PQ46 zPS#Nq(>;a^ux6UxHtu=AKAMc-lrFch7^S$vp&aHP8en{>fj^@4Br# z^n!UW;Ob@*OgPImg6l**yIDQY+X_;73M>RpZLjWJt?*!vtUWnqo^mqj`06k`S9`GQ z3RhNbuCVhhJts#ovo%I^UCM1tc-*Yp0^s-s#mI^$#FU%04`EfJ2y}K6KVsr3?DnwT zVhIOgHR6x8eH} z%jc24R^d~~W2AE4=?gyiVvLV5pfFW~wO6!akN zefH)KE0~GbzEe|z6DGnP>caR20*QRIct|fPlR3oFgv-C?{0qUs>Vtwq8yze4=ZJfv zBH1U2ijZygYdc4U!Ry0>hK( z;FC0Ci$bz5+CaRt7f+2s#s~gKF`VWRZ8^9@n3ZnEp@j1<{{x z?dcOR{WdSMcoXfDC~obXT-YFOZ8HJ}tzO$hI5pQRpQ!3wUvSCIK!p7xF3fI8{u%D) zU(#RjYT0)(b7B3@$#H7THl93Z99&bDxb?HOqa}K1Ss6D1Khf9WD9Pac7!%8uQ zQnpzuC}%nxi#DpsR>Vr@{&Ez&gur(D`kfSe1MxuM7tZoS269kIv zS9c0mS0oo2Vk^>4^LhKAIJ7}bP#juQO>A+#L8W2X-$@yM`_%u6L(8Je4LpS2b9Syl zcv+YlNGJ+_&aeS%{mtC^8h)R_6oX_)kv~i~`6&BM_@KleU)8STem08=~_J8^@T4R(!m3`MXrl&JZ>DxM8 zW7+QO`lDt@4lu+&ZNqz%1HW(yCOFA3LbqNL=p(BP#pSiF>7#0o?a$-Gl$E^^KeK(d ziBJO zUjJOcad7uUVMa0Z`aAyYa%7|84Z@kw2mq$1|EJ)2!<7z{1T96`mT8Nuiz>#6*)O!& z8`3#4altXgphV2$yLf2lHIpUJgjfZZZ8u{Qz&OROQ_KQgMYjNt=j=|gx?I1<@AUEG zS931Vu1;yMSO-m--TE)gMG;bk4DQDp)1p5yhBFM=i9u?ynNhq~u#e&JF6O30^GLLz zls9V;yP(miHz*7m6SuAL^tU{_AiK#zU*L{#UbOmI%ORI+cS-Z9bogogPpZA%a~N5P zp`HZiE$A=nb8+IPnN;l6$epJ-^R&~Ea>BK)R~s~qJ2{*1A66LUpTRsIzAY=uZ#4`#Hsqox7VLas@9>t|QQDw1T+RZYf1p*XX>P z7%X(yz|C*Z^EYv8+gL|`F(wm}?L?yT3Pno#%wsD@`atC{6c0!z{u{GHJsN}(K$=RvpyW=QF+UMRj+b5=;bS~ZiH*+cB9*L*zL*Ki`< zD7^w-G!O@wG;Lh-^0@bsGS&Y;xX<#taLh%h;pe9{7v>yg-s7msV4d9?vy7<#C-y#BCH57Lb>5#ilVU!PPTzb zbf4FqC|^u;twzLMV5)o;}6#d+$1v7cR@ zFE&Av)bT>)*q58_XyGB8r$oE_(0^2^+SF{tF_H>wl$^wqylI2dfYfPC(`NbsMOAxr zBl0gABkcHxOYAnbWHUyn@m#SJU&sUq4KCnD*~p@0Yju~Kea1gz<0fY;v)8WTsahm| zS-SQ7n(VexxPyb42+eZ9u&!b_^G(&SKsj|L=vHGx8^a@weijCMT)=NAAyIFb5O~=z zLO1h`h`x=Mo~h8g zzLDWUkgC{-k6B@3_v7fvG8K%r+B#puK$`+lalWJ2O9|EDc`i3Z^+!$_!9mD8L z2I94M^kbFr5D*glBuUi+rA?(a(69QT3ruap`x0Y6<&n5aZS(enZX#NMSxcFpnL8De zTT-%OpxL7s&)9cW$O~HADl>PB8YE606jl4n@U-UX2%muKW6f$2!8mr0TMRi{fE{e8E(9>snrL)WzV(3LgIbhnP zZWlyKAQx4{5f^W#epsoVf_tfOOv{5p40JaY|B#HHidUmxXM+B&8#w=|C9yPgY@OPS zJ?gVk{(~ydFB}}~TtceRwDc$hI#Qh!Xfxdx2a!?;{nZx3_adf5LYnuZCL{hthiF&4 zv1w3HlD5W${+x%3pc8gj{CtO^1(-l+SG%{?VFJF0S+eMU=wA3QG0b#zbNW#pwbX{mpK6MQ+Y zAPXFaa*uefvFYGPSLU)>@*$6zO74cbHw~0BgI<|{`h$4q2Y)sWnP|O<@-S{oT&cmt zR={Q@Z|-LFDV3O2TO2WWGaU}G%gnS6d_Wwp^D`OJpF}(Ur-a``&-u-fy4D6hneMs7 z7o^ps5h#p~Vi1>FNUzc?Og>8-a9eKdmT@v5+{vP^L(7dx?iA%fONmDJ9-M5HC< zohY%+mU=4{fABGKrp8R9(doA;n($zwc-&@6Ra5ckl36{fHy0H8gn7j zGryAavmX4rmsv7Ix0(SXMGYjK1-U^l_F_dexQVa$l#l6Gn|$jNg4~B)Q2`5#b{t!$ z??>=Fu|N0TXbx?O<0+PF<{5(;M$@BqDRAq+^13O`^XN;GrBN6=40S{OFl={}9u0|O z7X9p~BC+a*J%Cq@aPC@e%+Gf}nc`cvQ`#KZnzZ{P8kPSY&V!`7*Ls-6iS{utp zYPG{>K!JEgBlHcP@NuCFKw583%AUg!BSOc)8Cs)f&yKDvznq&}+9>ml8rt5U@a)(( z*1!E}#GxPG#6Ruv3WH)(wbF{+9YmHL^ieYZIRE?J5Fu-`4}Arp4U2sBUJ z`{!nKVD(C?!^L*8#pkRkE?%i?w*^FjbGvMEx2}D?cVdirb7@-}@QwDQ=&1W0|2t>p zI6EWrk!53pG)*v?+74_m;Yn@S>SrZi#;M$uCYreubU|LraB6IFb(DtIY-~R z2)}gj#ft%GeT9st&;V;QoL8?*^85MyJ?V6_3-X`tsn#B(}Q>K_M zMMupm6Q<}#Qkba|TXre~zhE(`5jlQa3L+ZS%!-t`!gvZNPSyft!;=t>K}L>44(Bs$*)KZg1ip_KlQqsT7pK5?y^j||E6s-!(t-?b zMM+1}Kis`9Y@i!VW4AnU<3#_g{Lp|x)XP~U@?XYU>{FX93P9_^w>(TKdHq&&b87x+ z?pH%X!Gh3b+X1$LX|8ZKXEqG-9M3xk?u$BV)3$Pi`|XTpZ0hZ_-TOD6ZDx6C{O|s{ zd2$53rT$UgX#Pv)IfC_}pt>dCo%!l-6z?N^Z6#C0so=3e5b^E_jfBb>1ndJ3nhtFL z_m;)^pOz&%-g5IePt_QlpjbL0_OfC9X_;fv00EQ4O6@EA%650-E)*fJcSuBrHuk|6 z7{rut+2^aSS$DjMp&J%vO|cu(pD8p2CR2n2t82uYKHX6|yTZ(D?;N;jia=nA3M}+X zuD1Sms;_3Qqz0WOafMp>FBBZ!Pu>RgS!4V^_D6DMRHO2KL=2&hn^rzJZ@MK&3*6)y zGz<_+EPm?3emx7-2BpwAJ9jdSAQTTOY8Z5h(&A<+)Ab1%^@hn~hvsJtT}wnD*d?mp z^_m2&2Q?D`G@Va)0HFYioIXV;?EBj;gm z)~Pux%VyFezI(#tUG{Ydp|ee!6H?g8)j*>} zCrfQ}gzo$J^;tbXQt4_18w`&fr<$T?by)`QoP?}!q6GRba_hIh_a_@~#Jk878>kiF zD2+luczyz|^hZ1Hyp-$fQg1e@{J=aMki8MyW57m*gb7;on33r z%7)^lZP(YY!F#_wUz@RLgKEK&b(7=H!<$(zrjN(N;a5eioU8TW6tF?N>1Q=R4?dD$;f5aHivnZkKR`)v^+EVX-Dc*hTjSvR0YwqQMs;+2;HR;vOad!w~0 zqL)UipF<2_csjky3v~jz_j-@KrIkg0Q$LxCi=XE_T)hwa!5A70$^3J^K4_Odv&;UG z%_KfnuK(ajm1lBLnTZa{`67r`TL(Fuk=418W!>DP1kG`}uca7AQv9B)?IdfQjWk6k zJNR>_<41>|)G$5P71Ytz>`78p;i|HXc*i9@)-MO9+h{7tN!xpxQDX>0TvqtlQB5m$ z2#0D{K`}msDY(W3~^I}O!Cpd z6|QhWO%Kj+U!Lb~?T!F-(mx$hk>S#?6!_9Vw-VufKTDKC2XMXYo~}swun=*z(Q@&# z$~m#uF7^vK`j1lqe^8OHqyKP+G|czX@Lz22=pm4hVS3Dx7>_0bah!skJTVx<$)QAg zy7r%97;IatRXW=<;bWI_`{~AI6PkKAU^l{SCK8)m*z#sjoE^64?8q+G3COy&Qu#(J z^}2~xvOk>L-+!i=RHv?j^ls>xbv-r_KdX)aPN^}-_Xm85CPHP?+=!AAm(c3LCuc9F z8IweM$*qpR5-+TatK2|-gYxVqi2g~Chy+P=l({ZsIcI1oQMsIh{WuunBplHmg=@IO zf$<4>NrerrBA4l^a7jhZ8RC+j-ph7ksspL_u!%c^;Hn0+riLn`6ZVmiYAC>XlKIot z;O@dFS!p5u*x@o<9nZKQm4Cz`6W-!A)!ts6SfyrXZ6`=LPg+z16+e4aHIPYubp3Gm z2kjEeBRm!3u#dN=Gv=~V(EP3t`tdhl3@pi;GU@g6vI=PDA4hFD;~j#&HIS@(u^tcs ziJi_s6Y%4zWF!~Nj&@_QVPnyiDG(S#M*=}qP7N^r5(XSjQUs5IBx(}@6L6suxcdxP z0+RyNS^$aQ1=#gey$FsCT4bO|wMuaWYT0Cse-I7h=RX+F3)zyWg7dUVz__WZ049=9 zz_aKIp?KikT*4tPPBbr0K5u}&O?RCI5OfXnZM+%b{V)Ni9zYuh5gNb@CMsBw3PyK5 zS-+pfmr~#iSdk71P`V9My1W=551)exEP<3Sr?uiLXlTZB!K|?<1aZlHFEyAtVzkfz z*H{!lRT-e0ju^^MO9~Ny1vo>41+3lzv?Dpex*`4WFaXT}yK57j;zmC^;3nVGA)TK# z8?m3Z3NS`X2!W_60axIwqrjQ}mM7wR1{(C6R5PKssBO%v!m8ML{Y5W4qCbWEslGO} zS`Z6K*t)}k*(ky;9;7`F9{ecz=Sb_tSuCl_e9TCM?rD89LB22HKZdcP8(qHBCR&1e zTEV|P?H3{c!4jgd5g~&FFyp>kp~jhmw*bU%m*N5sHV;VAZAhp}Xdg;J<_-I19BNgN zc?11Q!|_qHRpfu&)3UjcdMVW$vs1F1c9X0xkzKUI1%CFYGnZt6MIXfK`BzUXX6loT zV`6jE?lz&RthW(v%>Je)=?kCAGZoShLR_Kp+liKcDg^@tlFuE>S+GMh z!0!;_x(I@{0o+=sKS7OeoY|Gn|G@uXx9s%Wf&16k*qzJZs)wwGR90kFl>WR*a2P{H zOojE2IKOI#gQWJ+vvP@>W444fPAs=A&kudz8tM?)VCQSTc3 zJ1ci(-skpqW(c&V7=9z9>I5Y%ZgS}o!90<5-f(!`nF^NU`19bi$;xHj4{szO42QeB z1Vihr@^a&6+)c<0Kb#yjXIEZPu|bFo-Y)g5>A<6!<}RJUCfHE^Cmkn4-G464NnjMh zjd@qBM!%P|e$?O@`0LiOD^VNywCSt1k4@X6<+|aJYDfOcsf!#m_@iypiq6aZgYhKy zDgPm2Ysa6Fr4jqC`vOm|Wqxk&fYxXxfIkDH@3i+tTM{UGk?h0puO{efnD;r3TswcE z^%Ap(^n-;`lq~)eC(cd_xsntpHGjG0LuSDg^Yp5jRINbGDlGPsE7@jei*errPR`XD zr;k4mQXWWl8&yYbl8vQt65+J3=6edir_jWF9y5RGCmcw4 zGMBaq7)*Eujd9Siy4b9A^1^2udF;{7*k=oet3V(KmA~-!pVT#N6ip8)A-n=YLPkrRal*x%B0K z?{YCz{t|QlbC(h9mzKOUA zo(iCU>(8PX;?NNO2E|Gs&6?h@wGh0mzzjbX8Zw6&O0*dpU~=fnzf;XnS<-dACTS|o zW(JMnqSc=_RoOB&L^l|On#)-l{wrm@&}<)vhlcnpcnreTCU`7rl#R;sBQv!97tg;{E=_y7_e@(wZ4FbfniiDDF*?u-fc8 z3AEEE%L-8`y~GpU2SDMFEnnw)ogB@I3E9sqIlwZTv=dYr)xlK6+nDIj?UVwZ`Z5aFKiaT4wt8Sd z3}fc}JKcJ(c(xXX1`5KQtgXaJy-dHTJ_)Dl%Z~(=)&7(bMb%mvagRos6|IpQ_5K3c zol+&(NpbA<00)_oe3rIk_9{J=f#N~3;>JkY`=YqmPZcj&D`W(LRPG_7yO-!sW3Gvd z^?4XXR4RL{2Hu#QYQa%Q@N8gWEGQdHCc9Wy;sRbaA#3#{VPo{)$G)JvTf4UcI-&eQ zohQ0~i+NUeKaAj?#}vbBxg&XXBi0>H66WM_^wc3eBN79D3^CzOimfZ}>wXh-nxE;t zC8dy0uStmxQ9NBHv_{IZnx@4pP86AUBuQYMW@Bd_}LUMlZy)Mq0Kn!~W6J-U&jqOovf z9z-5q5izpui#<2o4-ZGF9pKd9%7fs_Vr173F7$zo_1!>maB&7ZC$eKU+JLtH6AUat zdF&jzci0K-x8PuXEpbCo5C zlhJ!JKDS%>sC+p{SuqF5e&;bU#b`V^unuu0FhKwE(NCZ3N>|chuz~)^B|v|E zE-(g#TR?9*eD4_J1Ax&DxO-=0C-Ef?L=++*SxDAKvQp4VitZ$+uFgD!@`fK<>6^yE zXzx-GPyWAX|>xTK)SpGu0oc3L3m@2%Lw zig})7##H{aWHE)LGvvlp7OfRRNpZdO{%R{ky4c6pF=!K!j%&9O9tlU z!1S16O-GXxJT)AfknZ%mi?)rPXct?YN;cfiWodc-8U zk3|dPFf@{9l*_@%tmMD(e*Xq5Q@&I-e5zKy-{*}qc)~*qTWG1Jg-8c`p4<5Q^ZGnenrB?dZ z`X}0%r${B`g*BDK)37gyFTB-tN!T@rRG`dC{R{2PgdUou`+M$TCVPaJ&v7-ct!s#R z_{7WhD*@L;%L?L%Q&G_br`Xj9CTfz|e*tczCZPMTIY|;-fe0|nA zu>)&|-9U1!KBt$iM!#%TLcyokw?#SdIqbPT2DAVjz<1~=0WI+6q&s}z!#V=6F?d9- zMSvaIbg+Bn?p42*g@6{T-BIAA&MG%x&Ego)3UmTLfST-(2FvkO%6b0mcLr+b*8r_7 zkOHpD%5bfh#jqKU;Cu5N;3;ifdwry`8`4P(Iq zW6R-)uFwnxb_!?xhJmpRu>cZ1c#;K004cNtQVb70U}UCo@R0Rtx$9aRaZL!|&V#4X};}zK&}T@%M_WBEYLyrUwJtuM_B9jpM!0HcJ3-vp)y; z6<2}-paDpLkAMeeSinUj&<-C3@b~Pd4f?7~kBYZnA28H*@54tOF$V~JuUM4s<}v^_ z12Gh%t`wsF$L`lz?0}Lc8}sZPp!j!F|=M5oG!U1Ji}LzG=TeY$z2#(qL`JjKm>4P}aR+EF=V}|A8%*b}AKl z6qP!pPQUes%^U7Sj46s0lPKBOk|8K(L>Acf4<{fafHZf_u&Yb>RPMilhh|gnkCe~c z-`JT$sea}CLx@kz52s&dHI#IAqmNks>5BV<$?TqoXoV=OUfzDF?vuwvLj>n_MSm3F z(EtIQq1lsxRktKu3<{&7!>)^f1s6dUVNkPC6JcO#<&E2^oNsJ424<$C2pS6-JI=X? z8t?9~>uIx40O6s5b%pVOm|d0OtKRq)Uh|{|arqIwFG*qc#$6mKo-;>uc*%&HgP;I+ z8IRfaq~gfGa3V{iw6bC_94-;Bqw30D@3ncqBrA(D`))S+S%>QDEx8SWvaaVvo;VAPWR*f^;1Jx?tk&-LL~SEe9!AIx`QwU z=%N0e#o%7-XLry0+t-d)FRP>v{q49JvDY*X%iLqCj|t0we8+}=#}lVi|A{AT%Kle) zVgS9!f{Z3|T}rJ8l(%zo^Pf8ZkXc~Q;fAE`?d|3T+Z`Zt|l zGq{r~bJLcj_kRN?LbR%|I{QGR`T5L0r1{i;k>+ld373CK^SRdlUrF=UMW>?0cD{$k zK+QS{cs|6D-;&~~4qv@}I0Z z2H(F}bNl}{tU3Aro;8QS>jP(9M?juh(>WvKYX}Q>_pGX0=IdF__>-XwuZPt@f_K4b zVi*xo{W`zU>5pV2ftD$-Yg)&PWUZA4b8~~kEVbJ&pck_NWSO$i`;*LN8+ZxYgAQ_z zdj#M(2J<{zheCs#$K_ujpn*OX%#tUi?_bhd%qG?Hf@2KzNrkkCQ zgF>Nfnb_!OT$2yN7+tk?Ybn)~7%OtlVvs)s#}IS|t~oA2yU)@JZBO~?ER;g$v&IO2 zW#6|kCc{19I=VB^H5LO=d^SG%7{f3vkmNsF1ng_(vl1C{B1bZI=zn-{6B6TN(lH&t z0Soonh!6_XyBA^n7BCDcNK^n9C}0&CNXhl09_8{doaYvr_mzzbg5=O04ccGR{E^~O zK?{xIQlBi-p(EVp=O>PMh)&54o%An;dntxry;-B;8bREB+(5gHM~}FXs*^0=5ad5+}u4S%BwQR)8W>*=MA4WHSwTDEQ(=<@@}kA1}3r*JOBZf9d-M!Q5YoNfZsxGZBqasur zSawCVTmIu)$orRXAzh06SIrg3wg3TNu!BRNs7w5ATiBZY7V?j6;rZRR5R&-UwvgjD zgqBQA9#TJ#G%7_lv*0s4`XvTqcMQ{bH@Ox1goqwvIGvI{@r6u4o5WsFFR=Rqh?wsN zSr+sS1?b+qq<=h`@eUE9q{8jUd`LY{r(llm8WiaTqlo}@#{Ih>MSP506u694|T9W#}kjfFCPp;Lkn9PpxYZj7epw>I&f}BajXEjrZbowM%Q`7$KbYLjDVH z8oekpv$mk~x6^8M;yO%omt98gw&{bzmGfN(T7)qz&zj87Pc)l1oZ*E)yfQT_5k>G0 zPSR0**Qs?{yjKrZdPQ11obMc$cNJequM;>q0To94(^+tydQe){Fmpt+5XPvNe<6$1 z0Pnn1MpF5^W8&tRnK~1nua$xeV#S(k(KJ-OeL8l%NS$Z*`)6*71Cs=Z6bUE}9a*o9 zosPX7sbc$_iu8#se0k&?0?YDHDYNL6=1I{_=kB5Ip}1%oe3)M51ux9%`k(#|fZZ4c zq{JwG;=Ct4f0~O<5oO1pFEK0S7ao>YbYwvfRx17v$BKqwUG#+^566-HdRUckD86f} z569C^1>T522z^^u0DHlwadaUrMc!Aw!W!+&c!YvaYd6}zzkEM+=TZ#X!(<8Nr0+@$ zq5f}>WW&gv#_>4!JzDI+kIPLckKc4t3m(DJ(?l`Qx}Ys3hk0BK7gnjRR#`}B`k9>6 zX3JVwcKTLhQtyk8Uwr|!5aV|cgi0US9R#Th+Kk^p>H_Vb1JlcQb>VVPb8rk{8=Nr$ zOa5z@!AIu!Jy>EE3nn&W^0^Pg(r~Gg->HR7r?oY5o0VBv3ou;ewTUtXBtJ!n38%Bav+65OFYtr z4VNNTpdzK#p=>i=3=}D>!4%3y193B^=m%3pZvek)piKy*Rbs<__X2vH1x z{i(Z6X0h8GqwYTCFP#fVcdyycqUHQ6R{ZCc5%LQTHDRdSHH`xZU)mjO} zWmtJ0O>{6Ac^=NQD09yT3LTfD0AR%`}z;hG^9zbJd`hx#~dO>{fOoh0(AG~N1`}oh5%n#k`7D{$qkN`Wt#xeB9 zx3&ggAP7D}sbO?)fZ$^f2tEdaLxJEULMH)2RUepN&-*zVUjL$=syPcehg0A(GBY@T zOdsU2As&3N1%!m z4_dm4974K^+HV9TX2mBff|J`Kk@L%YRd1#%ZEfhm-se{zAl8C5860F{>bm`PEa6Ak zHTC15_S=5GVKE80iVWb)ii9+Y&k$p`K7uctSNJXl_1Q9~6XaLw|La$3yHA#4`%=C~ zlA|Ypo0pIi93HS(o=K5eCzw2w#1NyRDy5Nfa!z8?(M3 zRYZ!+v08?&$r?#D2jRu)sAK^}K!#Xv+JXMv#ed1bC=Wl~nLx5tiK*xxfM|s=AkqEpDA4aT&Ch0K zIh9^29fhe7=$iCnBjBJ?=msb_qR7CM#8!c^|76)NvH1^iDCOt7 zIMmY_i>>u1HjPytTBkV*3nsvaICc~<`!%Bk!6~J{`nGPl4`wI4)jvBsvbuHN{X8Q@ zCqQnnm?F^U+)covcy9wc+qm3Is*-66cIf|fK^cd_4gJhO`|Y4D7Cc6k?qs-)@;_L% zbI_?B(!<`79NhT<$oDkUBk%_#5MjNYx_S<+ZBujzHZAaf=Kg$kpXC(&92j3mQSuD4 z{ziHMxhL0(?6Yt+#8wcbz4mywfngA2BuM+=$oocy2jqY9mHl7(pH^e$96D;qlE2XZ zBMfQpaR1}ju2rKksUDjJY<>C7)$D}o2njMS$-saTSeF(_^>VYZ9a=;=(Y{{grzjFe zmdZ?~IOq|{)&vh$*|c#a$i&Dj-Chtq#vFV~^8DHwh0X|CjICtIP3QQn<%0WtF*c(~ z=0ndkXfd{ufZ4b4<3L;P61MNk12ZuvnLNwUbZzDjU<2$jvz^@poq6mS2@j|8eFGw= zYOIB};^{FiRfYXbU<2oQMnS2;NZwmsBs|KoDd@&8ucDNdr(eshC|j>-#owB)@7$l; zovVsuJe`b0 zJWE2pciJ*&`3&Lc$fftmw5}Or$!~}X-N@MMw5jtB(Fyx};FGY&*QCD&s5=~9Z_KGh z(2Bf(t7@z9#)k2NR2oluBz6@fFLTgB#>$Q^8v`Tz2U`1 z7)f~z_M={9A}cIH41~VqJH0Z}3rD1b_ZAC!t3uV4gW9u)EdJ_6h2MTHtQY!#<4{sf z?f#<|5vuOUG|#5>Leo9xItDe=Z?ZRg#;@o9o@ihto@(ac>28|s-%DuEN3suui^4Cm zYI`ALuclZW&p91!u~Rf_c=>p6qzRbLTN0osXkvTg=lZ zlCH28N0~Ph5>#^)x473;2Kd5Cm2*@<$R*w%6FuftvyGeDt^1sg%S>bRj&~vZ^Z* z*+GY{uU<_^pEc})=O>&D>AlY@du|_myl}Ji9};A&x8SwUY~xjmCT>TSr>mt>TQ|e7 z8Rm1uXIKWEOBEjjvbV zKnRr!gK=?rCK23AKc-RgX*wycK7MR_5C^wiA8{Ax8ch|)Vh+Ua zZVCni(a9?$I3SAI7CF?m7_biLEQNbN0oI)g0PF1F>u5KosM!vNKrb4~XsC7i{BXca z5tZLMpo=aJ=mY+8XZPX)^?-PhUIqZ2pdMtzTkjuaev_v*OE52xd{QDe|A_iar&DZy z_^-1LJb`>HKewLpk^G4-L#x}o3=G@m`P`mnl;$&s7%7hI6vJ7h;fCWvOR0om$j*}W zgSiSvO*Mzi9-m%Mr%U~PpLtbJo^Vxp?K?4J*yfKZ zP&?&54OH+o48IM!{!nYayw$}TUB??;-{y12udV|9Ne5;*$$LdcBPZ3=14@n(KN@kq zHW9A9eBN_>@Pnr9oF~?wEDugByQgrya#d z?tFf*pAZcr22I{RK0#$0J~UyuWpdKV8hC6pc*Z&QH1}4ws(xKywSEkW81dvif!ArRk12|#kOr56}w{F zuBhUqcRlBvd!O^(``&)Ld-R8lk&OLq?~MPRbFJT;Yad!2xDEzQDNv0_W4szfn-22N z-~MWb5zdI!Af28^*X=A)h?t(Ewe6uMeBr%gJ6m5}ksqzRlab$ozD%xR|DpDFnGP$Y zlS_GV2DKYMoCPj99CTs3;gjJ!?5Uvor3-0x+LeUia&XBPG6|+TIB*_1`>E;_Pj8|@ zIz$ASVEmPUqCqB-4AC^ntRj{2I!gOEv|w?r5$l>Mg1p`oO=VVsM14ls zB3}hQKvhW?@`0SsI=9CL1u*KyP^L2_R5PJWd83jfkfIqxAFlQXH&Ech-tLm^LLT|) zKj}kpl-nD7;MTJSs)ibxE2dU6v-Vl>a5DPeff%lHwcrD_fZM{ZVARnYuIp;Sw`_(^ zhWlFr&+#MEKa_+uGSp1*g^=F=_3&63(*K#t`}$9A|;eXiM2~;3!aQI%&`ph1o?Rn^Bt8b z%`ihzDbNZ;7WG-#KI3P$0LL^N@KR7XMirzXpJwrcVQUszLYdFkADex+fX9c_6y3L2 zBTCB^-xx=|0pI@jkOL94yWK2MB*?HJJYpg*HQ=xyl)dWVd#0=%$!$k0PY5OyL(?8` z|M-w3AW}@J3=q;v3t!rS)J*>H&~*^xz8So?;5$>n-0=qX6V$#rn0iV$bG?IfZWNlHcH9(4)mEsY{D7fva9td>o}T`u1RE7EWDp1z+AY1m zP<|W=9846M95dBHg-ct9jTgFdi8NU+qvL<|XR;6zJp7IZ;)sJh^o-w$bkz357O zpuA)$K#>keh>0ZC0#r=sZ`AiCuqHcBm><#Pzq1xLN&?7hZ-}E<*KH_6f<9jVXR~oW zu)EiUfvPz!ro87Ol)Pu-@vuBkSbI1P6p#$S&hSp#81Qo@he(mU~(Gv2bx@7RMPZNQpS+eE%bBghy5JPTT2U~8#>>DL~Ud|I0gtz4OQ6l z)7~!gv*^k2^Vqkltn|ENy+7R@C;zyCbO>#=W_bOcG2u7W?$fUEmCJHL7r}b^a7cgZ zP^$3gw&+M#|EhHCF7*qhV`E_;(qvWzh!G?CppM;1@Gh82X$FdHw&B@isf!=aj#t4A?6bz9R z*;Lnwm{!2O{YUf?pFYA974OrqxCWh`F9Cor(l@&Rsi}}F|55g$n~#fTQ)0m_fYt9( zJB*KSRke`=i$;(50^DaLTL{ull?ngm^2!C|2jx!)Bmhnh)GL-y0wmzMl$j?m4?9=5 zx!7i8gXjkQk&hqx4bx$(un#dAo~RF8SkS-XcEzH0K28EBT)pM@8#)A9oxyy4u6-u# z3L@}t(2LSMu!~m7Ikbx}P7-O|`lhFc`WeY|SGX&Ta9myo_p zB}%|yI^>7G`1Xisg~tD}4%PAgYaM!)7V_+RWER?&*hLWEi8UQgmcYY?z$OZrNF|tc zcny7pS}kfAH@aa$;N8}Gi42j!Brq}DD93a3tC+}#kp3~ieUTqj)+D>blaPl{=mT0z zn=38fzFSDLhHI6Sv43;5qZ|vyw2k=JA{07Oo@*f7Noe*p>yK@&4i1sd@Z$U&m5(ie zkDC0!f2(UFy1K$Ad@~V+kjIjx#^zR>g?=p;#i;^7D$)N!Dz(^V&Hjm0P6CA5zmQ5h z9;+@7w9^6b8>%f_joD0BFjC3?h&5K zy6)#n3*Lj>G8_NW_mvz@88v9BUy6OI}fDp8Xh*h$K-ewE$ z@*j4R!B3)f{W1pu;&$7&ATTI%ts$bIeGe`P0=2L56v zVcq|Pnz@5}v~qSG3XcDWP;+RtW#b+Iokad8I$8EFbh1%>+~O~E5=Z<0S9CHqh5J9z z$-}?U$!A4dY9RnR*@B$+H*|81<6r0`{vUL*)aKvNNz9skBf!a%N6h?{md@&${FCWM zy!Y+t_2bLCrS=T&Q#sy0HCf4WRU3Cts4AUFpT4r3nfQjW!0rCa^%W=lwVZML$M zwe{{hNC6_@OuT|rWsKO5hC2U`X_nox|a6 z{}HxH>auZ;pTD1&NV-4^76q;N!7$MEO>BELI7(P$cVilpHT%b;hLM8|9Zk}<{h!=4 zkGG5T69eD-Um}z_VviXmH7<14m zr1bo%-oc}X;7;Iqr{p48x)AMxy#eEW#*yRWBf*FATZ?kXm{$vc$Mo?FhS(%suoDnq zROS9w|HqSiHs|l9aHmKPkWjdiWJUz;(s~bLq2kHjis#;2Kz@@CZCa*JpbKjVE(<5) z$6M55Q7KLSCQfT3cD9^mfU2KXu0p<@d_U7J{)tBZm2Od>Tlzf{g*zR_m5}7HXp|-K zg$;coVc1h~C>G&2?>NOZ39`n?KHX5aGBUYM0~<}4q!fX*I_KDAENMroj>{Y{0dUh9 zKBu~S-d>wu&mc&zln+sIAUe$A`rbmmr-J;vS#(+;)ptkYht89}Hvcb2<|82KSSrRk zpDMy3Bt!O@haa4w-`@ihEmik2F!ozv^p)dVC2BKM_SBIp&ejAB#BxhA-&krZkeVi< z9C$zdK1}M%`18MIPlA#Jh`ST!TrSS?(DT$WC@ z=cl~v`pHKbe3h})IXzFPO!bjR-!4A*DzEJ3w-CE0y_ry%2W!6IZt&okP?sV>?oR5_hMb(T!|k9JJtMwy$>w6y=29;9L7D^zMW7Hc zQ#jRgogXHsW3x^$3+uhH;kor<)Gf62p5^>`ji0Z7{fvCZCxG|}nBInXKR78~%?e|W zwGgs@+u#%KzVkC0SnYNo=T96Cgk46!Qy(NXvwzQsn9(m4Gs9~=WeK1r^%)Frb9#OV zM@WZy3+e7;yte!R1-dL!gI?{&H%U7_4#nlAp{jOD|l;Y>fydY!l~ z$mV%C2bH~-e_izOF+x{Uuunht1y6nDUHAlt4cuV%!k(snA^8*kQPUFYg23=`1+g=1C+!&l-S9~>ZZJ^B91o?)KiZan+ADG{hD%AOjmBF z`Vx8FrPIN~4DK7>YMgjj%uo=Ycyj#>M0I%CLv0`0o<`zKlon~9W~m`7-#m)o+#Yel^UG|o=N*t zY>UGwB9G~$t9I5hj9SATmey)hjz6V2evb_-qO(zZX&X+oR*mn}lEG?p;b$vP%&kQz%jhJTTZmQgnKdmaXu3P5se`uYkglt(2G=A! zXaZLJ<{N^^(OtAgynK!_HXzs4xsOdNChi`L%y?uph~524b9{yZ;H&%fxfrhYq3>Pn z4F=*jz>sI71hJsa6k(hDeP-a{4DIKhbqJMX1hMeV;-#A=A|WJT@(b~N1eDhFv7G}E z4)+w(n+Hv|m9PYZmg>iFk2&rNGqTS7C;LK}iTjEDV>|a3gBRJcBb4TpiGl3=<;Avh zx4P%Odi>90UbC+@Suz)5z2~0~s7KY$>6dSP>K{ApOHrkT@lw)Pd}&`jBDB0&C#xH8 z4{~S_O>mI~{cG%J^N+RF5Esl+z~N8dsJes8&vlU;w+mh1lNrNH`N0Gql?`K0U+V_G zmNa|Y8c(Az-xX{k$*yH_WV2N_8x{saG^P~FS;$4zwF)g%L3#8YOj*s3&F{@sBXOm5 zADT>^m|lk2p^`*RJm(*DP2pR@(;YGah9D^3`Vprapco?uf0c5 zTMye&J_&bgaw_f_W^Q?SE4Mba{D?J&I=L%1X07dYH`Io#s!C+6&h*2 zxTb9X)be7rAXn&VAkUkF&jNR1LFc<#$Y;Aj&lH;uQnO#$P@2$MR7`>tO(T0W^QuwX zt(aWY9Iv>PkdbXW-yRr-tRg?fjtwwb%F3POoy)Gj6s)q1B7kB%s&#!Zh|x>Rlg* z*WmJJY!I+xa+SjOzrh0vjRXN2ezO3=0%GETW#Vw1hJ`Xogd)Ak1`P*BA}w!Q_qO)O zTD^4)kLQA-)!b@0HUuZjRIK?T<;UMq z^lHe!3gPS+70;C1L)o~tJ0-|Gu`v{&X$^0=sxdN4O&6KHl$)Nv$}o9LmyKLeYoWvC zqGZwwF!;9)aptHZe!GZM4B4 zUYH%iRGWDHn8sh=*wuW9ArR~5@B8IJ-EivW{j(u1*uYJ7Y)e-qhYOp+3~M4LYBFuE z5_NHGImAp28>Mt0GvQZkTfT9guh}kKLyUGST6q(@lW&JZ8eM@@B7sb1mqJY9&x0I6 zOv0z>2z6U+Lji3TPXV3iN5q2d*pn0Q*sB3==n2EMbq0IQ4`^Y!ALnpPXzY0d2DM%q z5uihsST|;}pak>?A1C$1NKFP!!kxsAddTi9l|=Z%(VPfoC-J9Jj0@AvMPr z%S@?YUYDQ}lMov%l@27OfFeo-T+10m=O+rkIE`#_eK=7qOP0HN5#>6!4)asevHc(}CVX$ap%%glj@5cB?jJ zwyKI4<@u7Jt4okQnMM`fQAsw(=o5&X3uMuc|8%lh%q!FwP1ZL4%qwu)=p3 z!6fQi3xSHmGL?D=)>Ml^u7_-z-Oe;VJeI|HvlUHq0Gt@zE~U9uajaP;CB?~Q!w8U0 zOxBTyE6@D#uO1H8>Eh7+b^`L;5)9CNQ7cRp+PXl!m|2x_>gHP(uYc^H(~q7spPMY` zrRN+bOr-Ex=E{S;{xh4HoM4Sdo4Ansx5}{FpUZ#kpM%phr9R`e;gulYv-H^sKjQrj zT%LxT-{`??^6_2f@_$j7`Naw7->^Q2o+h>c zV50P*X(8r~l!`gLp8syHSF~l`ri1sH0jE2SzIh!Q+do(9cYZl3qKI5tw4=@9T_5^W z!O?R2?=*3DV`Acd|G!sol#aY#{WldHye|J)!BGkJBF^=vg5!T!K~HZ0R?vE>?nP=} zKSW0Qdx*OB4aG+WF{vAymCZY4s}pd2)q7Nh7of8o4scK zm%Scn0@!N?;s1@jzWBel*NiIgxBs)f?gQBCuZ1T_o12IFdn!?BX|2az6_==!Q>Q*$ z=~H|ErGJCgc>VSEADv-jfX=W9&6vgpqddmlmhAMCCdN;h?ACq{Spm{QGf{_;=yqWO z$(MnkP9Cxi#FhF=AK4O$mq4mUC{#fo1$ z>nc~|g1K^ecSPfORWlPow8-}lOyUalK%Z!dCqeRFM@VDU`dj?)@m={JOp!g8Hw;29 z?O0laUl5nSZNEtTrgz5XmbHrIUH1ANFV}|aL7EvoWYlmcApJq=yP7+-+fVflh~*iD zv;X*v-oO=qibI8FjqG#_PB`0Ty!;&Jk9Y98nf1W=c%4lX6Cxg~oyqZ~yQPTRZ%^mJ zo1Z3a8%L)8Vk1R2G781!F1$!3pEqA@QZ4bXSgiSJiw( zs?FJ;Shl=wRXJ)Zz+bhO$om+SqHfogqY5mX4k7|xt>n)3Xa@K!O@Pm;=|C-4(Mgss z8bn-C*curw0+}*NjTm&@>w0aj_#HH*_~;g-bkPPorARYaHS?xnt=JYD0%Sz^F4a~! zymk1r@uj^o;yhL6cPyArLo!K*Wv^Zm!eBG|fW6po?)Z%_;>dgJ?{|)Zx!*cwL53YI z6Z>2=t1Rge)XzCwb98j0c!~dw!$Oz^%tHz^^BUd~(QiRRO~20Y?kA|Mi>G)O4qX@( zKW;3En&pokkpI(V-RZ*Jlq@uaw|oK@Iv>1SQGw9T-B1@EX3e@-WLmiz_5#dO^7}K5 zRvh>=`mUNLQ*h9^g<$tHg&nYm<2!Fzh(+f>(6%oLo&pqAf3=AqJ=?Y!1Q>Z6J8xO@ zct5`KiS&CChQjN3gnkRD`GuT*lVT zeF>yTYn${o=a#=Nz;kd(L~L>m1ZH*>P!+#=4?Al|y_stvENsNwW-WpAt`@6#`a&{o z{s`wtJZ*A&q+gu@UcSUxwz9iiFFqsi(qUjCTw^(!*IsFrJp_Kd#Cf!;KBJA$(3811 z)d>i>r5Rd?#FqQ<<2t!uGQlSooZ)8GB^O{FCVsE-%)F~(9XVD!m=OcZ0- z@>JYGR--b$>PLU_UCX3R(xHPCb>)GRR7BH74a6Ior#1Zm*6b3RPet|47a)Ybd~vdS*HdI^l?0rIFv$;Gtego$XITv`0ubmWy8 z8Wh!vI0o#cRdE*P^13Mw=J5^Vf*Rot6F;r*eipeT-_DYWec?NFvIh7HE4nd_#Qe&* zR*GT<9!)vv5SfQvFymrCCDn3=mE9bm+oP=M_OHju8YPB3kZ-$O!5g+;4MmdUK1gu=I=eS=qp zZdeUu1FlJHY+R>qDfu|14LogQSTm{=)K211Q)?n-y-=WM=lwoAEH(OM5{sbL5Bks$V!MH`s*PWHdlv zDP<*fy^zag#E)xgC4o7DCyLYT!j$}ZRL6HdQb~DB+0&;Lb=9L8qVyF#&j2L?QP{!C z29mnC_;6(LhS7D6t+2^Um& zf#RHV{0L9Qrb%dEzxqY+A@6xBlwzmIaQxJrhPD+4iF4lm)lyFM($c^!C1Tcf>_bh4HXu5vD;a1D zI{S$rn9BiU)cFvJiQ`|u^~6a)+)BZP>v+mxR#}myH9tkY}}Q5aVH^QlUtT- z6{jQ)iQR(Obt9qOKKtG_%0Ul( z#D2wjSddM}D_*`h>ewBZ?i!H|L-T=*LKVu+!B9#)-Ov*m3hCsmkdOF#G+Q8LcV z4U#+QDS(FDT$bE)SGFT`Yq+{xPN_(2m+FaBRzl8GmWcq^PVT`9x0h5|z1}!*raktib9 zr}CU!41wVJp0L8mv<}unRQtt?43O+eXL%jYI92*w=soyN$}yH|+E%+`Z%{@l>>Mfp z=V^ZAQcUSX-SiuIw{{XcT7w{t-zhx0kjR8qb4vE;6! zlBFnT51N~R3+2lTeEjOt6;4%M?#HsvP1|}OXTsvo^U3x+fAv2eQ;s3e3e1tBE(i%o zln9Pf>=Hr?iidq>wk4ZpLKVFhIk~#JM$gDA{5o|aO#Hah@Acl`W1p$I1HQ_38(F2v zom0sfMK*DBbYB(@*0SXAp3D1pluov_WAei zZtXJ9`9tnK#HRk|!Noz_w)Y$#|7CVIpU~zAmVX~+n!qXllimd3avX}Y-SK*mMlf;= zc)eoT%<@|;Cz{}6L>~MYhc#51l76)vRQnEDB#O0?bC;tLBS2;Kx~r!ILC@r$ zVjSDffAgO7DgQ6LX9d{*vG>#%{7>&m9r~B|RK&_fEChJZ+~~iz;&{>h%X`}W@t#*{ z|KGglJBrb$)%LgFx(rYXI_XmgbrSoj|J{~%!1wbP(A11;=*bnsGH9;$;9wV@hOu3) zp}qWZVlL@$e`frjknUW@w2dW=0|mmup`_(`Gzm+|5{!RxN@u^Sqk&F zik#SgtH{y60aWBfYVH56B8S+E4S+$z7W{=lZ<%^hzi#t>k_j?uU-vLO)nQf>5L>YVe16{`EcL?Rl%%J`%f*LFnQi#PetCxJ^%q zip+2C`&FGthWkIuN@*}ppScJAN)Dem&_jZL*);;udI6lk@q7WB$bBt|GC5a^*~{3F zS-C4v6C-CKhF#EL-+Rj48jk5=p;=noXz5wAGb?Gu@m+~fB(t8rNwNXQV!U*HCK#~h zaz>4QBPe*U>CNjaK%j0GBWzHoC3g6N^p#^91U9QKIiC_$oP07cyf2T?IVepcR)zi937cQk~de^n-RMEs(CY|?Ui1u#Y$ z&}#;HWv=mHcw!8S_P~Repo8>zVBxSxUsQnhDCEkCYeeu;w;2dUw=j>FY~lMD{5Lxc zADc~?ISs)40Znv{=nFuOGNbMUJ3pTHX!U4AMb%Xsx8-d-%C}`iu|c z@ZLJ%c4v74KvY4>ToB8W_;7r_e{<*Z3ZeviM`FoB90`&M_Rj$zowKN62lGH#Ex??I z0BLB-qz$~|sJJ;=v!{Yj1>^(s((}* zLwXJZO!Qc+4a3pz>F#xAwreTz58mwuHIOB6OlFqjOKB`PXKx@S(I{sW87$5UnTMY! z+ln9vOlRV5i>59R6onwtOxTx&V^EVA9R~3*y)ksR5fn^I1s@OL9feqi84QhY4L+OT zPPd4*t*gj)RL{gXVBrX>WTHJqAM7uu--r?jcIql@;qgKxU&?@pwjczn{J4OcL!^@f z*1iH+gC_wk0F{}+05untp9x-yuWg4na}26qga0WaL08E}{cKsBY9hj@7Igs=c&Rq=p)46%o%xWM}~%j62$K zot4ai#O>GdGoy*XhB_fJWpKAMpcLsu`cnyN{!PaK$>LyMU|-UOeUwjF$>dLWxDT6o zS+WiAw;u~Nv!W}p7KE#;O)jxc&zQV**E1R4mx0qTo9g`xKR6aR9IIevqhps%&HuGO$va9#ci+As@>zoZ= zVqP7(Vd%bi4o}yUDJNWNHm_C;rcb4B+dDU)TF6f|rsrai5JQ`w?D*#~o}YMLZj*Q* zlLug~CeW`=Riu+C?r&M%mv#bUF~Aq8_nbTnK%&X`catq!YjKL|+3U8DQ{AMOE;dH= zfSCv<|6)XfWmnhfAje8R+1&9P)FDsk5qxF(fQo2SO3-kO9fgLDY7!NRQz|+|t92KN zV~$X7S5g)2z&_?~66NeYGpGHUVS!TtVIH6-UJqf$OPBM2569$X{ zE$iMV?riu)ZiaIXKHDgL?VyH#_12|aVog;hcZ2<5f%|gg#8QRc!cX5%2X6vO<-qgG zkACUPrRFx9Zxj!oZ$qIB-)xE7)Q~(R=bTY4rC*Q z4Ee{aTj=&2}^@%h3zFORi_F~tx5-Wm7uQPy@ zJpOE|im`Hitje)+jg^n#*0Y(pxR0rtCSbW`tIcj$tu)6Nx&Z^8o1gCQbd z3B2!0@|OPM3*?rfVnp#oD?+4K9dD5h%+A!ECtv1b2D3G7+o$*#g$ce~LOXSr@bwEr z*il1Sd8akFCDi?_En(?urd;W35BWVcYHH)9xioS;}x^PTR!$~wQb31T^|#6|?r(wcGG8Rk+XKg<>{ zw&hKp7P3wQE;J&)!pBPDox;CE2*(>2O_ut)cy}%Y`g0Es7qFx1SNj_pDexDs7M$%V zs{;4r$;QOpuvqrM!8IwQUxp$Gg}PPf6#jHgwhqg7b6P8d*Zaa!av3(`xCnt$Q+dGlC`r(9ty4apC z`{vVb^BamOeK9y|Ku%@RoF33I*e2pd5Mx83Wp|T(DM64h%vnwp;O^}Du-Wbuu|?)D z&w^+8l|D6U49hHmlo!s`A|3Di%X4F(x#t|Oy62+g8mAaRiD4LIb9f761~{Qu0zfaK6w4%?*blcu=bvP81PsmOr9D zfDmlLAsXMleu)h)jZ*;Qetko)an&ON^C@}-A_V5AA^vvzWJ&GXYRoXh|1D%7?nO9< z3gVJq0q%utS{MXOj{*!zTd>;+>a5)T22=0r5a)e)|9ou4Cy?A1V7dKzaCiJZrA~Xp6aV?rZ~acARLEd2o6BD7E?@#D{JnJuhgN%nL%_!1 zW#h#f-bW)$TU<;6Cd3$zWjH}U;iwkf7u2Lr?>jJ^pQ0y`aZ1#+3Vxi;Iz0aPFlefP z+PPrED8VX)IC%`HZE$$}ZS&jvSUZKXUqGaN)Z~E z8IU>(8#pn1zYC<0Fct~k%rQCe1@*}*)E23OLWL~}5qJt{CMmRUIwlE7h6zB4gDGib zDa!7&5QnI2z%}>CRt}ccZ>y}iG(6KEaZQw z##_DowB7jR5nzRdYK9P&+j%Ey<`xUkw;^kh^5>89(O zI4O3MFiSL1>j&U9jU87}J(LZw1P@T3h;m%Qc>2Ifr!9f*XY(Zgu2Sn?hZ32fR67@zg}Vq$yIMvlvSxwLf7g3VH4T-9a3U}H1@3O`6ilKU zfv?Vlme; z5pw9TbfafV(S~rtwHZqVHFlCYZ{}zirz)?)*fJO}@+A&&BnsVgR(PieDgT`gxHocX zDqjjTe719%{ zg?3lO^^FwNjG<9&F*gam+(-3hBU_T1IZc>VN`>>L)H^OZ&vL7prpi5JnRhpa{n6y) zy)GKeWy!r6bp7lL!s;z7I=>$+%|M0Qib|gXc3Iy?I_bFH-)}lv?-*FJ*x+?(xeufL zW#y~QqESYP=f-)tfZTl6=X`_LX5m%NB5U>4?3hxi&1HIa%_7g5$kDKOZ)+!pc{h;P0Vsl_@*HkEITjoGAHRN*Pb+)P4Lzn0J~0z#$>Xk+N_qOaSg|uu zeSJBJZbZiaHt07%iXtIduq{ZXJeB-f8f)*6N&{UcVoRsZ+P(k-h4K49C4;_#fk6y? z2X_1b3Y#(LXrfQ>6?#iB)Q#hh2tel)WJHKlo(Bc>l~4|z6d%!h&^YsjmLT=|9$kXG z9E!cKyejrL5%7KHZz2HQ1?t7RRo?tn>^q5COItA2wzTKVXkB#G4^1w`&%vJBP}WW2 z$YDlo9=2?b#Iu5%GOYWyLZy~x;!#auJMLac|13o&~-siuP)Wdg;}Ngp0mZ#JY-pG#cnEjiH}XPDM5Hdq9oE84R0x zs_J%ahNrsrGPafrASHa^NlrDz;fdMBOp%lmlRxN$t*w>pU3uZ7t={^rKHy1~8X&45 z>)n9sL5vqMfy0~QP>{}f$7-?=l{9}IuGHsjdg`}U%RU2p#T0k zn~3{a=pFsp2}$_v{8Y~0H5Z%Hy9`^Aq5|E{?1fsZPEBs2re!AMrcLGGmbtk;%9i15 zF=J}x_1H@NMPhKqf%X}jPG+bYbV6DE1%gh7$GgH(XG)qWPvKX%x)R#RMYKAObg6B3z3%07GiR|~9Jy@rt&xeonlz0D)0%>Nmz~NY+}{lZ;)W+q z<8s{w&E!f>^7^gb&Yr<#BuGf+B5wtHyg}ZjG$L zC@T^j=J7eoE4n0gjPwwL5WmXJSMKaEyvn_qC}Qd=kEk>gecR1noz7TsREGI!(ISr+ zS?smS;rT^m$5_@1`vxm)|Ik|_Wt7(^TRzH6{nD1ejM@qP6sGpHNP9$JZ@!%Unp6I( z@8Diwc%C(O@+IhbeNGB?q_YJZP0A7y?k*ly_e3%FP+iU z_1IJ6#jD4cF*TMW+>4!_eRDDW76Y&Hyp58K=!WoHz3JqW7Dc&8JCj1MzFlhyPA77CEW5QC1V zLmF!kY?q6t6B{hcLC7nzSr~5VDE-CLfubt?W6ibYIdd?v!756$CO)Z9QcAzvGqX;D zcYfcm(c5Z)bO?E35b4zZ*lsT@a_g^1QbvDu4c^_FCw^cjDyR^4Vw1a`Z=R z;e9cWZOi*~+5_J~k@|^S=n35~F%nUK_9iZlew?vz2aD04Anrv9ncL@O1ivJ*$|=5) zy&h=~q+K~&td6gwKc#Q9TxD-yGY?Lo#S3l7s&fxcj8!A+wBuZRJL_6^ZOQG&CfLl=)M}`SWK6lvC#$_K2wMYJX~V@MW%X zjflXAu7;NnilH|#cHi$R7ynD3b$1g%jgZTi4q(b@GcTqrO}7V%9Z@h&WXFO~6vsW@ zv8z2%Y9?4-8epmvQ;7T+j|0bzNz2%vyUF z=R#w!-@zVFm?VL1wd#zYgl%pQ-;bW_iNqU4)%!cyRO+I!7fj1e7anG`?kEDkEO?&kEO{(lTF?AXo&=y34IN-Gp+yZ0mZJ*-kv(o>i z?C|V0v^tgWR$)bdHg`G{_q=Ib|7VOf&Q!1H$l{CbwMd&h954S1E2UiS>MXI@a*=bc zMEm8Sro411AGWYit~txI{P+5vrnn<-@7dL|vG07$gWP;;+x$G`xnYr0f!t+AR5u_- z`RQm@&fJreJ7oonopm^!rEU{EUS=EZc#ZZbKWQ?;+iza`)y0dAm;Y+DRzZBgK6S?@ zWkObsS#9rcn$_VMHEk7@B!j?0)mdn@Et|@c%rX|7z$kQGzQPkiuF~vb&5vz7fJ|23 z`OCc|5`>5BAMNV;w^0`62k#laYwYj8kFxM`)3W(Y`3Hf50|t#}y4>}mve)AowFxdY zz9R;Ug@T}g@w@7L`DYPC&hD0i9Q!t1!APINdP*I26?#@@>e8P+g& z2?>ve_z9SN{s-Fsk~0&q;?b&uS-N@QjQBVXl;Ki^sdWVAHUrAd7(_DlTiA+ghkf(lPA*O zxCHT>%Du1f!6en{&)6>~zun3c{yD%>{ofC;a;Z*7e@>g*pmo&DRnA6%9>UGhA^f+} zRU`I~bcO$$bnPDdn{-XaA-G@kOO^fnuk)+l6@TVe-yJ%_(BLgu(*9$91^dtW)vaWI z%e^SARc;U$Oi~VDrnTIyjof*TDLwzBdWWCgUk`q{f%Imrl^-GkqJ#cc|9s9Q?eonY z{-bOcF2Y2>8fp4Mh&|k7-VI;aY^g@5ZQY5`-LD(s2R{sTuF=X!qGtvd6rYROVQ`qU zK(h%!1?UT;rGT=&E(v5k3JVljN`K!le@l6n)b#nfJyw41m+ffGF@s+0Fe;8@iswSG zSV^Hv!yOYY&$}s0%Fh_TakRa%=nKMG#whE!OXD*!)f<6c?D?Pz>F`CKK+K$XkNX_n zr*3dppTa011_RK&L5Z8z-)9ke$3d4CfxXbeSAAeJ_rD_z7B+soqYnimZ4|u{wUsAe z1!mHe6M73qfj9id^iXYO!R4*MP3$l1IB)Ps=Cg#3J;SgFmT=uw+T=y&t7c?^q0&Yt_|9$!u&t5nMQE&Gn(|+EbXv zWD6_MUW^f+Qz}6&=oQ{{qnb|_YE`r<)(F1Gv*(D@ASgrt9=9;m!B1aAywQHnO7zr+ zq5*^@tP$XSXd^su7o=feBfNFgVI_z&;^;z7(qJb+EQuVLADl4!Q2SITEB0Ydw(Wey zoCL$=)h~0>g3i7d&U$Ie4tBZ-_21lhe$Ns_n*pL zxp^;lmJga&8$+jOZ=eaXQ6LekW8OO~)}HBj{Pv$VuRf3DRYI~b^`H43lea$YT&qYc z8y!F0AB)yQUV91mXgfZ6vW?nqackZ}X?wrh^7YYg$NEjUw>;Yp3~fb4$^a+ehb|-w z)T2x?A&O_p-4hcqFW6#GU*EjY!Y@e^+dzXib7jV2Ga)LCG$1G)pPV3Rg>cdgWjK7* zef{=RClyM|5-nG&3DtfctI4L!x4m=j*t-Q^qZkvSKxI4k!HMm1?*Whl!-R%_VUTby#tN*k2xi}Z~6a^GdK@~8*G2b!f=e^z{ z{P`07kA#3z7YfA0opRmd${0* z+3+!F?4T+{TcB!yGqu0d5qQBYOn)T$ zTr$U!(tveY-!HX+y}gKIa7zP`(4%L0aI`S+R?B$~wau+;!aWex42uvX?MP;`3qS0U z(T*)8q*9MUlZNn)LB9?RK6=<_H7t_q%5k+v@T%+FFp4^(?o|?pEOLeC(;`IlaXa*> z9QSSum(me#4IP#N{}?TzB&1m?qz1>jWX>WT%A1#fw|x&sVI6gx<@yBr6S)jw19R6X zrb6#YxzK54AkD%$ac5$U8T^dduS-R!7U^;n zv2(2QB(rd+6+B)FwgGTbx9x}9;CEbV3fmmrt5HY^1O$^8nm6`-!-gPaC|Rx2Mp-a4 zLmgwOy$MK+`XZm~?HLh!KVCC6GXYwKH5!>aZ{M`Ta`&U8uA8sMQeKZlOJi>Jppfm@ zBUFOd;fKdH%W*lgcyK;#k4{k~Q0wFfMeptl@7?IPZ7l_0&*RZ-zh%{shD1-c znuSeGTm)LG4j#J$fn&0Qu^O&f_O>KfTRU5M=qjp`B(<;2st%L~(1KYJamJY%!BRfk zXY?aRGGay$>B9jV4uX(j3ZqK{8A@D0_9I$<)rU)^hI;>y8-73HZ`s<7eW_DUv_BMq zQ5>s}xR@_!G*1#)jwTezqVCR{qmU;K$5`rVCCE;;8%?dkU#jqs(qqwIv2y{odixe) zPjh3%9@ZM|+@E|ofQe4z1}$eeL% zxI}G%3Uv$^LWwz!gxrK_Q?x_gqUy9tIhHoTCqCDo6}#)gZk_EfcPA&EMao&+hZ8>X zMXWau$fag5H(UrUY2$kFjPv0j$Y-XaGERLNhTmKJhrt{?30uwXDtxM1(W%r|wm;eX zcvN^SAFa%P@{;$6tSCGDbh{f~;w-G>{pOx3N}u|@o`zT>gC;bBXH8_ebS@y4N{Max#SJ3)5NSzI%uI%qpuOwrPReR zSH>c&AoB*FD7~ACF30j~#eL51>Aqy#iBaVkh-tzynati~Z{xa=1&$U|=j=q(!YG*} zw7y*4uM$Ky{g~M{F1zZ8c1aYPi#WEa;-B*g!NF&tr#9P#9FyL62>!%U@d4aEG)%$Ka$ULrasPm~41>?NNHhSCr#(fFyCvY0`KJw63~NQ2ISDk@zM8Zq55s z8hnkTE&o%20>{XCeijuSJ!}wj;Ywz57OPG z%sPtz*UWszqHoi+k~Xl?9N+@fS|141>P*me3S;2AiZ&a~n_kv)3K&Ij!D!K}uzSrv zM-51pBfeT4oEG{Egcf~nEJ2}|n$sKjYLRL!Rl|^Cy$4vM89(X22rG{518cRiy^B1J+;&$VJv z?)*2tHLfzj_-~5n+)2vi6ushQVnsGQMj3`A@$ng zWe2HHYyPOHt}G=Om4*%)x#ZK*;?bu>h?JEhby4*VRHJ7S(k(G)(r#X2a#ET&Y0gY4 zm=q)!w!3M+-D1}y}J}H{lPQ(sdvGjy6pbq%#Iky>!^6DSwkVUlVy~0k|l#QD-!zHM^ zj4j)lO75Ne#pA?W@%0fE!$qP$=1P5WEEAnocXtLZ9@}D!dwEY5QYONu&3siUzkt z0a>oIWI=O6YL3r0c4+0kdf5Jr;{sFfIh`fB>EN`hpBH_^UKV=A#SvfqmZVp>msCbl^#Gu06xq#SwhU?c&wrnE^K?tZ#Gi-< zLfPsq>2BW_ruwroDrjpUpE7oE7h#O$~_o9cawLk8Iyp3|G#xcNH(!y)IsYUns|n5uU7Yo~ao z{&sZy;$mtFpNYT#s7Jt{#&oT@>pT zNkf-<1!H2o9VUdxLb_y+(a7GXOyMSi#8FXgH*u4{9eZoEnGGB7QZpD8+UCAYAZ;Tr zqKx)~DgM0HwTkBl)aq{a5P?W$zEY602#_2iv*Z%TNFW|(Bf08&qe+4$*M@tOoJg#M z_9ZQ^TnUNo0`{5fRGG_H#|Ub}2rc0kmS>RCT$h#Po-UzS>9KsOS9HXN4aGoOY!1ti z#%(HogCMJvp5^+%hp&_@CFQS1+Vdy8VIZ0ZU^lScLjHMHGq?PIF{^=lu=lfLb87DN zz6f0n(>(Jb8Ba5g<_h)tR+kq|SJ4k{EJu)G&z8F#y$F5kt;4H1v*uQZyK{$E$Cxpn%nQ`o>R}A5aXGKHisiw*5r8G%+b; z-mljL>k*WX{okNOZvZo#L2v#NTBRI#MT(U_COJ}F$3<=kQrP$65CsP@kWJhBlv%zX zayJCgz}P|}kgX8)12nQdgV;i}Fyw98k%T@!I%IkJ@~)G0`_}Fly{s~LUfERM!{iAg zF0m28+t-?`bw;A87T(!b<_T3>_^RdwvY5_=Xh^y}GDnH)WCvm(E$}2kb?@aob?qri z!m&l;Va=GDT-_rd;pm?O1&GVk;s=OhHGl>{f&>gSVDgxpxh6Efb<=>D#QNKUf0qdD z{_Nj(Xbg;4g_2XfO@42fI_&L3IX@S zBJ6@@&`6ZOqy-6mJ4ZiTI-&=z(LiSR0KPb$`tFX{8+9?MFFY_Fx~DJv z)vUI!5fC09AD52QDkHr$&2G0KECVl*CW_1%hzw*(B|V6~JJBw4;DNEffvJ8=SKKki zfI7Fo_=)s(8Kgyb1{!cbaAfYh)xLc0zzSK^y>gba=nxpdunAg@Cwk)ORK}T(R=|57l`|h}C(g zpvQpM$pYYYf?B;TXE;!MW#Eg4q%RJD=cKx#0Ix|fZsc3QpCeRZ5EroHCe7n}!%d^kpb#F7SV&s`sy2{Mt0=*mPycoPyq zbY&qhv;e#OXpelfhDSnRN38_);Aeo`$LF-4>UxOY;vI93!KGy=fp zm<>=8^kVhWG5(Nn(3SHu@ZCbz{yE1V#}wIEAOUZTQ&gJ`2iOIYcNmLa`;wv2=h9Fc zT4J%PXwsS^yheqiasf4~nf2+HlvdPDEo(Y))L4c7+=gIz!0zV_hWtwAY^z?=>Po1d zU353#&Wa!*PEfFB5B@#PgFEjBBR*m9QGP-*3k#z+>K)N zVt*4s(#n`Khrf{^Jl(^;=*+~lVN4irw9%8>=KU8Y=zz;R$vty==Bw}$tG z6`GH~nLB%|Zs+lqnQE=(#plV*FEMks%iWnFq#`f^eI~3~U_R5GH`sUC30D*Qk7She zxc*@k-lT2N+v1 zIU5PhPsCsU|MRTG)$>2IlF+O7Sqa}wFLA`9ZH%xOhZEU9Q$9=L0Lq7j7?{j?3aMvQ z@Co>WE|gPEgygR_-ooiM`7=J3d@v)>ow#hNSrik_ShRVN5V_>Gs-*dt0F0YXJ9z> z4Z288pt_noYuZZD*`Bf#NKfIT_}~{T7Ci`vCHVwuy3;AKy`oiI z|EEqY>jmgUPdvd+dyjC^H#85M4E!C3+_Mm-V1`h4`x2=s_(uzA>B8r~=)^xDpD&QA z?~qSF%PMsk1S6KfzagK8KOi582V%f-1AGzB>vpV0`$CYN{+eEMC1F}3_(aKsRi01p zqA)Ux>b5q^v>TMuC}(mL%T&ou9c3ave17=J&&14B@PU=s*<4buZCSS%MQ8xU`1>Jl z>TA7RPC%K$Jgx@zz}F>=fV^U z${{=^Vh2JtGQ!m-QcFboJp^?zIG@Aj!iI8>x616KY4RO+IB!+L=pL_@wE&Ek3+v0_ z=mE&`{2HWk_P}BHC;&{>g= z4K`?hLBg7tfE|hEu~d|<1dQFG!nUM}oV|o~Ss|;J&o?^7%NU{c(Wc`}ycsixAm0hM z9=LF`ta%dy?HY9Nx)*Py40fj~H9(-cyKiOjt?2Le@=U+fw)d}9JGFU58PL*`3)d-N zZ9?RI9nM83)Pl}dTxSTN4PLkEt?XF?Hi8yG)gvWfj3EVo(RM9P zdn~}Cn!sE6c`@B*0M?pN8^xZU>P)a%K2l+n^%cC3G-%AL+GMh}M9SX$0vI4!(A8fp z7hIr9-Rnsw8oH^vN{nY)LzHh4L9M=xB=i*4qEoD>xD?TC6rS|U8pp#nneW>xgOgi< zTMZKxc42X_R6md*^-7-41S2nNRmcc<<)g8 zj#Mib_{vkI(ig?~G~H9no^0ieqKYX<<=cVd+hI!|+GXh9K|xRbNQvch%_oD(($(uG z)YaR9pyRjO3lu_K;);YAKy8;%*~PSrX}9FE&0+^mhr&mc-T+$Jb#1f(Ocha}f^EY< zIRCEdA%Jf^li_p@6|wl8p6ExOPV^zu{md~GR>1RHCMVX4Rx=fbJjy6tzik>BWK6o2 zM3O0r3xbC7`ZN}D9svz=0mZj54Dlp@@?pcd4W{ci7A6NHUm%60!K0LAX*d@>%Z-;= zJg~_fq0}3Zp_d~S+E4&$D8YpobPo8S_KHa%mQ~4E7b-1KBQtAHN@+6DteZAOoGe-6?v(?qoBwm5I|x+0FESz(;p_?|WW`Lb zQeY`$k%f$<|5VXeVMP|8VsB93_{uQJH*V|=dR0(3ySf;-4Kp>aE=Auwd5kE39NP@S z16JRBz-nYkpg0Et-~75_r5Gc5A(xAEK_wm_pg1;&xbad5OaUb#EZ_Wcr}t0Gq?6E+ zTBXfe#TXLJ7xEvF(;id?&np5FgQWnD0Kpvd0ur0a4Kt8}#!(i7@Cg)IflJ>p$!gW1 za>i_${RqGi6Bvmhc92^UEn#Bn>5N`XdwqYI(u`ywg7<0(K!mVT;~`QL{wxaD=&op# zBUP0GR)EPy6)4#OrAS0i6rx1X8$d7<>)HpJ6H{&U2~3eZ6w@EF%J61}x8xK3ZpnUI z>Ib|~H6b->pY+nA1N_s*qn{pQlIDW4V&y*q*m8^!eHLxO#Xh(n(A zZ!YCjvGTOdQY@)vJiHsI z6&ywyX}{c}rPzRV*oxh0P}_K!;#99cuK&zaLnRTTB`yggzSdfj@@`*!?x$e++z!(0 zpYjr63h*gA!dj5*`+cjDb_*&#i?=>xKp zXIa&x1U{05U%WpY)s_|qYo?o1>wm2@{5oDR%CczwX(rd=5yPom(aL}Uv(rK=ym%po z=V6S3X1eJ1D-#YNJ|?4gdzyfck1fvS^`lzG+Ce?b%B^LV#JaRV{`8x>MMg%~@A%lK z{O1Oaq*;=H=cN|C@Ecj~pX{>hTXOPQsc6WRGH=B_*?6#~Q zvL~b~j)NlZ;TI$;ASw2iB5?ru;-bA#_A_Nzk^>Hu*lL{gbFHys74LFi+Di2BX08_! zyrko;@bV8o(%h5JV&bGRSdOgBd+zdL35sMOXtu0tj=fDHw_x8H1^-RhpzFCrk;?ld zpkQYsIYVPBB1w=!xlD$%(skxqMd%FEJx11%*ps7c+c-|ZVkQ1BNiheS|0Kndm;p(# z`_#K$QvXL=1p_L93g+W&BIlBPQnMFc+_=Ev8$Xll3XK;t+Qfv%p9)GCctoSPbp(iK zaUsm74;qL@&o{DlYT70Oib3p=Ktw`A6bUrR+c^2m19c}w(ou;6^pxl_A%K!JH#VC z<;p*@;#e<#u^a!!iYNNxUC&h}!#(^raPzSY0NmUJLP^~vQplpL#GL(tv!|ul2-;8|;W}EC^T{Wb zgC1Lr_E}iSjBz|f!vAR(ytJ~rh1Wpe?;l*AFM7qPgd$G6Wzm>&u|IxLvdUfQ02_9J zc;?zd9z1xMj-Q+97Bc$tXr`3Ge0xH!D!8?2!CY%Es6!i5bTN z6u90%xD4Zb8F*;%jwX9e7mH7%>)9pbNMlCFain(07${tU*}HNh6t5e-OeTNAF=e`O z#80J{c7#$Y(h;o}sDlhA@qS^xFaS%4)J2xi!PAJv$gUazFV59V2HKqp!L(%~V)Og@Dz`NcJTEyWv(X*WKW2Ppn zvok3m5QOEZbFc-afHOS}Fnr~Xd>Q_P(oS+)M#O#w@?wG7YQCcmIc|-1-uj&!!A_5e zY@@?1PPf|&1zUm-eE}!G5%oB&VrJ$?VvT-z4xci^m#o%pAi@^X{@}N+IEE*PjLc!^ zN7J4tAWVQO#BkUV+(B@jf>5BVv<;5}+aaB`O z$c8)EG4F8yMhp1-$>HF$@~FhGtBBaH;4&gGiOQ$0U~R#+xoq4Z6wjvCNYIg4?(U0%rmrH<@!yQ=l6rvOiu}(|| zI-r><7Xa>x+uAtog?3LpjRL(6Jp%J_xHm#?2jpQ0bQESM3VJV^M`Zv%U?pLY#(*vt z1WGzX6GIy@C>&X~`@T%>MM)jiX>sqYoapFPp(U+rzj-}FAD_;Gxu~aixyt*1cyP1& zwWE=rA0NnXOv%Y^OogG`zq)C$z2U<{yFWdUUptNpA>!l_fl(Kp1}vn&Y;m^{L2oh^ z^x|Mmsh*@hwsiZlB_DLdnN@ZBLO`$pxMu!Xw;$2Icc#Ytu5E9AKr4_<2zEa6h*Vu(zE9y^;7xj;?2}M7I+Bcd?KD~>>--Dc;96YqLB%ZQnGG^8s@KRtSKt8UvgJE zRnZf-#ya5*zvNJxH~&mxlrJ^5jdFg+!7DF)Cmdx>gOS6ZH90eBfvDzq(#+aLdFU@R z7(bs+IB~$F@+ZboM>_nbz;*kSmHtJ6qcV5ujo;3if6`L!Q-O7GNBw~pa8XuRU!0Hg zAJ-Bh><`znTDhtMphr`UH4539%j6q)bPr?M=BCMAWqIr28!+*#OLs?MdjYN`lmF2J znnx%4QJPD+?YEA;j7+}8se(*1<<>oeDp;&tejQD#h^l>4M;M7${B4bW0qgvHu}m73 zLX+*LWulC2lHin#neBPrR#SNHBwij){G}##u9MyGIwqwte|0sFZ9UEtef};~`=bAq zV3fRB%{H$u|HQ2%mN5wc0Rng%YvE^D#Vndd$}^G~+$w7EJ%HGYHHJ3CN`deTf-6N3iet-_wiVmH_ERbc_=TVYAj_l0B2MGx3igF{Qsx3dF1jRXH)Yx1^)36tPwzgClI3lbsmn7@<*A0!H2^4E`ts6 zf9^7H|37va7zD)y5TNvE8s6O;?j*}plN#d`J2U+DIMuHIq0u16_ub=cRqF`nYiZZD z(E7vUl&t%=$4RpNw?=~qoz{AuN$jtcW!E0pTZ9lNrQ85*3Jm){El$gKi&N!1d%dY$ zH0~{ow^0t#fpf}LBvm*?q`gVyE0BN35>b4Pk7AxgA}t-!aHCQt9}^8p8N*u89DmJO z8IkN=axSAxKf-TmDu(a#i@ER5SvdN4+M_$dt=zM*rcmau1`OGw2)iK2gW4hxhY%Q4 z=pQ-(;?yW1Mb?5swKqrUjE?=?^rWS3=*=?455iqhg}RSmrfe#^km=8S1q{O17CgmG zfoue`*ugrr)chJRG@2q$pgD{1H$Q)nj~>&dTl@TEK=WnLqRC_nw}dDk-M)Tm{oZl^ zdiL}{Cd|>ufT#B<<8+9qma8bZ*c6}m`^{q=Rmbf8_nD(jIyx8VM7M=g^r5)L8O=Z< zDT)COT>5|&GA0DQq5zvzRX)b(+JvSs7RKOt`$6N=VV_zh@qu*&-lqjRuNzABxJjBk7pXIYoj9XjBNMuv!g*iX` zaGbz?9(CpXJAd{8uuC9tM3I}#G-4qRu%ObhdEC%P@Xr96iNt99OC)pZqjl71asek; ziE?GGR*nX1B0)_j{+q4E8+CNx@GoVI(W2XBtsNd}Pf*W<$ymrxt0t188WKdN>fJV0j@}Gq3RXF zKmN2oE7XuQ+v+$@V9UbC_ESg)9Y$`Lx2{lvIEg{qqVMzQ%0e1)PN~0qXxzpw?~9}H zk+g5f6JSh;Zof{eT(J3S)x?kEe}X}g^|{(>G38jM+RH`S#UukS1|Ey_Z91r6fyXFO zk@9Pp@uv0S!&6O}f%;xcZ3ggDh*N1#?vxbFVLL4vnKEDgs9*D^VHJ-5wtf9$T!yU|AmiziG0!=UUY<&dwX{@8tp zadWr~bA?l@4AaK(1_A^Eg797|;&6kMA% z(PD>fmYUFFrGzCzXQhC$Hz^?uRW{vO{vA3nxit`Fkvv(bjqUX`LCdqKQ3GnAPRx%e+T>! zx<2aXu?ooobhqE05>?>jj+kjCrjS`C)+xUx|7mc1k~Zk$W#o0A|FhabMlaCg zJnSR?GgOL?+O6ZjGXa!C1gX@O^kR8au&INVf=Up^YPT)&R$)BJPBRpR=4#mT> z33Ohxn0#N}_1Z0es50|E>NQY|lT&yuy|y8c$uH36xhY;Mqo6S!nTUjq@68|;U`uqw zecyVc{n|duY$N!$x?*2sfNX*G7SV$s0uCXB?}rdU&*8+h9=>G+=82P_@$3FdtuC)$ z(Ayo~C-f9CMGPRa*Kvsi_*Wq(tKzc0O0s+V@WU;(3bg^xwk-EZq z3PQimxq?`E`)k?}@LCQz+!>!yI_SMkCgOR! zWT&?SLj~Bdv_nNw;`@+Kn$>{J`>L)?10_N-;wMbQ2zD9ks#1hhn~fd6!FXIou7Dxq zdnuG;?gY;}!Kp+;JV!kp6}J18XfQ=YsfU7!c(-3CI0=gN_Yy^CA4!v9Bg8A2n(5~X z3zm{^=OW!cW#v?TX+C)U=R)e!4i&V9nJOb|xJShh2nM>wpr_>rqgkput-}{4z=S1x zVyFe$M_+Qq+ozWB7D}bF+1RFqFhI&)`K)@R$m^TPhnTsiD-MAhZ@c7D z$7b`Qe+k60;VucoWT{A+vxG#JW`bGu9sK#>b|viZ?qbs7L8^z^L|uzGxp+opy{U`) z>UR8pXZH-6ep`#gzXWknCH1a_Z2;rw`2RVMhDu|WOtD&Av7B&f{dku*-DD;XFaZDV zEQYf(qkH^z7UNL=(OLZO>>epH7`IukZn9p9IQri^sEkzB>d1RijlLvy!R*lzUMc`E5wb`@L~u*#^W#0nj)x>-ksFX8A9O(K-8Fv|-5?K>U-h zXz+jZ6;lL9HURJhZ8Na{4eY9+-c!I)?tt(@pvpY2%sJ2$B6|9geN}Z?W=`e z1$2>EfMxhZQLjP?tCY_|g<}0-LeL_s{@pSRmjqabx-NgW41@d=0G8n(S{k#Mm86q| z7u~#@6@8UHUlyc;NY!?nXtOI<&I`aebpC|<+c=Cv{UrNt9P+&zhjNp%9BTN;2~$Ph zA@V1U^@DC|_Yf&1a-NazMFHYtDpnsz4qK=+lxV-1g&%7L57vGnAU?V=uM^d(qHY{4 zF7+g`$HKcp)GS&ZUU5zjEBFijgM=!i#3$51I$#de*Y(v0>ULU}6RJiy1M*Rw z0(}K}uGdh(_ZiDpcR)~fa@p`;3%vN?*d@6()?;CKP*oL7lA!s&)z{#t?38pVL5bG+Wzz4u}J=665hgk}3 z2#cxpAA~Fl;7FPE@Z`@Wy$NfBH7Srnp!h+2 z1gu|VTrG8iGDnQk>NL6rvHy5yaIHxdcNU4&CCi}Lp7-#-Cc{(*=7h_FN@EBe zaE>taR;lfR{}2#%mF6ABRThRC$SG1B%o`ayBJJ!Owo0BCj`ri4w%#M6a9ZmKn(L-l zHS!fA?w-&76)B*A>ac=~7hHg_k{OQ%^}e@|M9YGBNUG$+hg0jw((Tp&X!;=)j?D(b zrWN9(#8}z8R>-tduBirp{e6g!y7A_2(>2O2(UwV!X$Rjcz8!Gc&oRuy!g>}U?v^)2 zfUeo1K?Zi9NK$VA$rg&jOY~b5EWX-rvvqKnR!jlC(zE}J+SMG zmxK803}V9@fFDAX&;~OFe^MgvC4*?-GLgEmvDD0}x?t7ymU9WU!d$|rkqO`RBgxW|L1 z!d=I5w$dxnbh0uik<{6Dk*iCpfarI+pho(oucWt{zcv{WhO~gPwYfw25W@T~r*LAm z++2d^Qxb{PHd2HHG7GP}Y-&ygquXJ6t^JVlM)>M_JgYN?27?XP;Na zNc>(H>5A-NxHZ)7c-$XoAI!;qkWpD8{gC2O!$o~&J`p3@FC?}pm@JIdxrWoZhN!Pe+Yh>*EXekn zIV}ljemK+oXimU_N#DBwze)OGV2afJUMuk}aoTr{$4KkD4jJz%`OPFNpyctQ>6 zl^9{8QBGT#BiGKPyOBt3w`nx_g*drA5pgD(PUU5-6 zlAEm4QmgXn>-#!VGou2mQUNGRHU3Mx1R!MN-kyhI`PYz*TrZKwpl1j$6liE)rrTKy zI(H+9UfuLk6}IFkyS+l)YBs^1>3uNAKU7P^2M#5Twcn01%>Z0QLJaGIn9=u&R3-j@ zHA`qRZ`b~AmN3xxPqRc0WN3dpmaWQ> zDheEu|J#sFPs@KoHqte}LpEblGKudY8!@iG>QlXcnTlw|?;)Fppnne8i2k2LHlqx< z&nbvaZ~qIK74LW0~8ebs3l@$L~nnD-|A>5VulF+ou~OV@TZ4}1G_v4$kWIJ@-*D0hkd{EG~i!i*pCq){GXAO zYJPQ&&g_`%y#9RqETQ{=LM_O5W!AhXLa_B&c+3O|EL7c~q>-&}mJD@v&+2tH!!3j> z$vK2eTs(M?N+f`i%R9|*^(|nnMPyKj`(<=6vpT)M|C6vA8GPbW2M(ZcwSNe$_1DDr z$$<1o!4ClBRLO3Y@tkAOCx=Cr)FsmyM$W?O)J)=)^vAz)@;z7J(JI*UWDu!oGJX?2 z*p3Q3LD*@6-uX%1D|FGt-r!@^)0)UQxA4s5@OyfV%GcFlsZ`MqzY0Hc{#2f9AD-b! zEc&9x1X@_+;#95_J^%~9O@ZGS7NMrf)8Q#9Koo5$C!~%CqQ Ok7Gm@w^jJkLJ-6 zok?$7I`m49)Rta)*`{#AnbUkFNT#aV|8b57J^`EP`xF(ChdfAY+c>sqm`RP&k^nLu zdx3axn3`%|YEJEUA+F{_#alAIk*Z~A3j#bQDuljSE)^B8l;TT7#f%@qiLH_qKZIH~ z%lU84%{yLdKTO-PJ!+u@&FWc0kS9)@M z`$`Dx`opZ~^<)Fb<12^o6V^%2L`HzE70s7l2s%u0PbIHDDX*fU09TP=oA9Z7Urvux z(eo7U9*rcIKBNbuPnLTWDCm*wMf?>~bu-PjKm3BcFHxUu!NY$*rAq_Tq@*dVvuIF9eZ?po#D2* zntoQBgJDRFBX4mxU2*9eT$d7@hD(ZVWMEG1aX`x2Scm?!{!^P}1;@O|Div?E7Se3X zBP$@4&5>k`3iN$NJ`LRDD}QCksFOQ7A+vyq?1mtp zYO}A)_?9x;<10{{%*-1jj2ymaHpYWuE?%yhbIn-09Y2H1v$fPhB3f3kW4+~X(90W> zMK%~q&h#_UYA#nboNw=yX2is9!K(U8>zmX%aV^Qf3v^KPq?9Eet;blkcG&`Hel+Ob zs{qF+;Asm#R$M{QVvf(zPiQTIKqSH74Q*>sQH7pbmQr|3;L4!6Sum)M#s-uSKXs`9 z7lsAynWs__5`$QwUCrv3X*8%Ni0h0>0XvEUW2I1c=`iMbTX}xi3lnEmrztr7Idtn3 z{-rnmgxg2fzdutEGe6I5>J54|KE@vD@hl5us2+pH=7JZxFW5YD$SwUXy5057W?2k< z;BNmJ4T{~vprE!q*qGgB^-MCuC~cL;6J`JQ^x#B18PL7X2we?kCN8_u`Qia|4%{Ib z3fRZa(^?|B#h8KxX95u*NR*6F=I90i z85U8pB&lbMyKJtH)xt4Xx5{_1ZD)-;jfzD*wr^BZ0z5-#XN{VZT9SuXW90CdKNsS0 zjf`uTB1eIDr>?98ylrwyOF)Cnzq5Xk+P(<))nFy;l#-dDLV8e@T0e++rrKpkkMC4k z@N8(tA758G_9UVWA9F2O7!Mp*Uj%V>`pi&w z>qTVaO5)P-ZIys+Mr>R?Ivs&{FTn9-LuWjkO`lKAE*|&_d@ZEf>cs8=29y3u32b5< ztee|<)+Ju>oR;fsA@${_c#Ll0qVSU?Cp43d9ISMmod1`DpOPEN))`lkU)3^uT8AV1CI0oQmsQFifxwQU2vc&Zr5fHhAD<1-3XD&UoM@jjl(YjvaRE zYgiB5SdmKP417lxm2B9%pT2yf63vVFX~%+wRa}ur`KiU3<-u56T=~e%0#6pJ!1W_` zpA$4>>kT{FR?`jp!-UrzJ6WDmmm?>?R*`bK{*lwLJKzn;&7TJUIc6A_T7< zpA~)b=NnFo%9hD_`(rHau7u2LyUMcBBM+@LOQmizCX>XS^)=RK+VA2J)&tX6Jy!{V z^E4uwg{ULYDWPyzAhyT>S$%LUn=*IhLIFZh=Ji&1!AaFSupsusMK0CnW(9O4ksRr% z;c=Y1D$hRxPL-fYlNVxWvy;h_Q8R~Or5rYK9b$8LS&{5&n6g#6;hgpg*Xv%nvlY%- z+xVQLV{3QP@kvkuzW6(fxq+b+N`JQ5fk;EZf+&8T%618Z6ZwksD-R4kDO4g# zf6_=kh{=k1s){7yYUZ{1V6r31gB5nHoM@eu1`oKMtt6K<(q_fA6uL!$x^?|p&EPa$ zN083k@sBN6-P~RGB3tCsgVv8{y`)XbwKiT#D?y~Ac^=fzXZfVK>dce_X$_>VDy1UY z;i^W`YQPGI*K-tgJ0_m>6hXdDc{=D&;X&8i#*X3WP32|6pFVTvAy4>8dCp@lI3w~= zEcu50;MG9wYF|QTIh;9NINbxuDTi=#JLyzx=UBM5!3b<^B;2XFw5EkJZks)JP!KN0 zSHqAC9)m4fS<@~_pqfok32P5^5l+OS0L4(^HetqU$o=flo~0$nLX>vTPTMF6iIq&e zL^o9}eG=&cfB?Z{$Lq_1l|wGm95BpWz_H#rN#kup`7~7VVy2HmB|e#Dj9wnqk;W zjByvo0_gQ_fqOqTH9sud@Ki=cf;-(=`y-Li^<4cwgq>4#WKq|yW81c^jyqPzwr!{5 zRBU!^+eXJWy5o**8&!Y4^Zgg+T%ECR>SB+*M~zWy)tv8o-uXfTeiQx)>8ze}uOSU} zgk0AiIqBV@WeQ=(Bu8+`?FWR{pqN}0*PCA8S6`CXsmwUU_nL9gmm))NR z!=?(-!W%)RSBf(c&qUG%7l=9-R2Fn@rT%|`mn5r+r}{Pm-eAKp`|vM!r3iFbXLXHm z|8~EFleu&FP*@&h#Yz74ezyGCTK?ywe7;8v=3#0v4V?NOz$8&sX1ixXgxqd>|$dCSGeuw{c^lBz@cQk!WlY(;q@G}0^W+>Aa4iR-5^S5RXzgZIevO1PzkPOnhuP&rUYGOd z-JKpGLcCzVBi(E}YbWB^P?2u(H~r2Sv8*t3N<&@)m6Hvxc}4KP({^~|?~SkmvhF20 zDWm@x?s1+8ZE)nafIq;=#oCM@y9^rG-DPV8l0Hg*{`}k?O>P8At1DH4O_ra`p`vj4 zgncAc?*anD5p^gT`|b?dpZ#5$oX`Zb>uZsz%uTSFa->Oz@lH8o;W2MNdP^3Iadli> zFBSLJCG1^v)!OOB9?#ws`@t4&o;+q{8&M!kC`IcM8kvqh5Xz(@&3ly*T;x`>>e{U@4uF>t4te`~f0Rc>-g%Ml8g|td^XCPX4=e zOB5`vSkte!8NPWS=j^K6X#w^mN)4dK&2S~U4Tl($@9-IU!m5f|mey|xc>VRQqrbFi zl>dp&b|~5#`MeG+fr`FL_FX!u1thflOAblB@YjRg8}aL2Z;Sg+;b=-0=aM^VD$}Ui z-xE(3QC`JAa8o2ra@ePiXX{+DU%Z81t3wM3jtgX&nyXQ!-_Aj>LrcWkGk3{Km7goZ ziZ!5!v5;j@duqA&JL@Q^UfV~-$?sMmxBchH{6+c9_Z}+)U=kWi{ZIzB3lW?Ki418KA{eTnKMckD#uI4s zx*BGDb@rE@Yhaq1Tbu1@J~KGqqhUx13&P>gI|)!EJNvTvbiJV&)=dl zx{8Q%I9`PXiD(}|z?+U#&_6FnEg*`M7@33~SDZdJ>x9fiPzLr;gJZlXq zcAWSxiy_9iEBdW;Dm}E6-0IRRiKn@!sm0p7 z7G(_d0b}8cV~m6WH{98IE5igkC+rP)+u8zZX)DC6zn+2EI!BB*bKS$gx3zNQth$Po zlEUzUTb?gIQu`ABY_ams%&VZ*!KjTt1f}VFy2;%^Gp#l#GfJE}*HCdod%321QA-yy z&AkdW8Xvr!k<{1FAbjZT24nAcdJVr_LV zlU7xP>1f%sQN?8lN{4JZQm6MjDPr>SVK4BOT1Tva_&2y$oN)bVz3DsH(VD8@kkVCw zt=hL|2i9(ZyTwHi3l2ZcLkNJksfa_n41_#J{|?|4vVH7x5M(?D$U6^K>-~YSxQ3QB z{;I>d9CRpSAyunz(<-bVADg^DcGgy}$Qla^wq2~|R_|`P19twM_XIjbJlKy-)3OTI zR=43_>C2r<*X3npk-wZIRH_B`81yy8_2jhdJ=*kqZO;HG?gl5?TtKjp4j60V7GP(xxN6S&oUvL_VOwu#m-zD&;3Cr#W=W?SA_H8?AD1 z*UFu_Y;9dMkJ?Xsy-+#zqXMap66|5+dU@R5nxe~4H7%LSuR$3z{b!Mrjrc`$U80q2 zRYJ|ihEuW?9)?=o(om*T*X;`@3@(s!;N9L zc97uzrG~^ado%A|Lb_}!3fC#Hu(ZiiP)HQ}Y{rpd>HPG)ZE>EQqus9 zxrGY9yR3PHfK5Jv)Pe1{1v8+wR9ZEcRMC4UcUo~@4fC!8c=VQ2x6z($AA=!)?t~e^ zURH72SdtG!?-ioCa~NJ1<`{K2+>cZ-^=G_SQNM^fxs52vqsEcP{!lI0l+0nX9bL~x zrgJjR9+Z#}#?9|+?q=YJ?&+W>B6A=ar^*mxB!1i-%R3o9l$rH-67t*75b1|``<}3V zBfK5d!_9lh^o?&*60)!TsmPmn0r1zW#FiwIL>*t~!2UK#RLUq0yE~$DOv34OabJiu zOACAm<|dZ`a0_&*a&kus@Ji%pc#aI=aM?xbn!gkTl8@Ihrp$L(=gY2Y|^qxH#ahqwEKwdRY;Lz2lmLgn~h zla0M>Sw{d$FrU51Xv@gqbvvj1P;EeOv4#8__xb#Ylbv;3_tb-RoFb&Xiu3FD1!wSi zteE_&{4f^*ND+iism!Zn2ppM#e!wgp%0xNdvYDk<9W_JLd31RG7L$fHZ@ppkPy!f z7FG-eKIX;-WCPlP{bnHiSeA_6gy-&Wh|Sb${L|i9mOdD{LJ|0Ke6qRExCwnc#}bg4 z(+9Y{TLJ~D71#(1&iZZt4e%lgL73?`Bt!F_QqF+@AwJ}NI5}N|1YRZj2vPz*52pKE z4MF_U&GjgG07;lvTd%8?*L2OJoAY#nSHWI6+%U1jknku`PCaZ(d^}ua=-S>FlykI~mq+JM-%A!ClbVM z(8#5g(se+`ys!tun}Wj5>h6iMc0Sx@yC;s3-zZyp1Kp$IVhj4#l+^TPE>D4*rSs6@ z&}&snEx&ssjXGJE7KvE_?JjsF3WE5ET8}~P_Xl>@e53jkxk4(gRm)lbYHLf4Q*nNz zq36AODXX%St2H0N?n2i}RD0=k_}W0?uk>nTjdF}I^p}Z~J*`+Kh8k)oYiXQNSOwf| z6|Leel0q;}=*5b>(G>5&V2r7WvAMS;Iw=Ke;%9l8>E;1pF+{yOFC#2OD3Yt}_uID- zS;!c6s9-0)Gj=*$D&@UQWpzGbFiW{r-NcuCz>H`nLD^TSy+niL8}RzLLGYiaBJ?y>KF)^%|%upFvscmRajp&M|Ci6q&k^uFH1ZLFUAu zrD~Z&GaY`@SXZI`z-s9waD^ECIMH=s0iEb#&>bzBIBzMk29HYX#cR=Jz7?kB*}s+LeD zBU+8311kuYETH>(Blo=(Vuv5opphlMedthHesKPkdRcp|j;vIa~0W`Igjnj2i1G#jz1Ej2>0s>Qk-$6B+t zefEc@`IAc1_GD{~xmR*o8sU_6zUdP(bHr?XZQJv(b(uO{e=HvB=mD&^hM#!xNYzJ8 zGrv;oJdtkGjJuX$ppgM1$C;H|=<4C!M|{TG6IoHdJ#8#Z$C+m=2*0*I;e}|Hk*!E^^$S_7#QRJ68YEiw)XeVBy> z*&%Lz8;T`}s!tNSi-^#-7JAkXJtmEX=K7Af`^vbxa&Of4f`qJu_qzKP-iOjS?)U1{ zQFF!{1L=(Zt-z5uy7sPvEJ-PxS0z+-@oSqBd+Cb$3Pv`plR}cUtck^o=S}E<_*O@r z#kvZQ_wYVx*^IwO(A5^*qJUl>=m!nOM6+u-Sg(cd9IHLAVaAby`xu(LuBtI`zTHON zCNuYa>aE~S(Cc9K9%v5Uq**+!jq7xseW(3J zqpKbA7FotAoH);2*;`-fOJ&P(4cA=-xXQ3rc{7y$t>+_^M^O(Y|3)PU@V58Kf z@`^iI-#9NReaNiBY*D_G#LwEhpZ11B)q&oUOmirL5WoZKJQp{~HK%vE z?k+3{*$DMY*-APd{3VK-?}_v_>kdf^jo9Cnzz_{hsrt>y3E@+$2T;`DClaDAcU@O- zPJzi_nj)qL#r-e-O6+SKB23Rf$IAA#olfG$2Gx~|KNIS`Fz`E$QaT-`g^B-%FUL=+ zNI7(c%mKw9YivA4@&`{wgI=>o2V#YLP@6_EMp^TnVE6G=*bClJuo{xa)@avzW zVdkshwnDrEtkgwpmRcC|)J0Ml;-`;m%{=BQ zP`A1=so(b-eZTF?_x|Q5>tGY%YVXMQ0-vD2CY$Q2@iBFY(8u$F;GCO9e%P-9Uf0)% zkWzvB(fajZs^aZ_fq397N?m%@G{WTvt`iK;Lu=b+*ifGa2y?f534AY zV=myW!p<4?;Q)j%KM97zdeh+|1>?Ri#Zi0el14Q4C4}(I|6IM}a~;BsmwVZRpSg)c zGC=`k9S|6u*S%hRXsAccAxx54f|z{-o88Ut>k-A)^t_>^LY07bORqW~Bd^uR3y3R2 zb0^XWp9ZUaA#Nw@kt+Q-Y_3a){65-$#OBE*grNDMSLU01iohL9@&d=My_@H5?i%3` zed8LQ`A$TXwP$S#)EGXzx;f?Lw=xieq|x(2tm5ydTcZ&5bD4SJ5Q#%jStayd{k`MO zL)w@B#fehWvEmpI<%_co*fC;GjC%K8d4xmnhk)*A?g?Yz+cD2M9ey)x{*|U6VG&N zQQd!DmGc4QSH0ysYZDL0-^XZaqzqzwI!&kcbO3p-NT2mSod{9$vtgA;J}^yB&XBT< zk1z-Y6*1o$Q%vvPgV`hUh=@AgJe=ZJ2eW;!y8NPoGNMA+q7}u6wzynSF(xO2NcTFo zuaQygiHq?|A{=lhE>=F&E?xT;MJ{p|*u zZDk0Cmmo?w>2n}^X5Omc@;xZNJ-fKFb6B4JiMeZ@r`mX__CkBJ>own%G2JpSD`N7Y zcaFhEHA2?O8YYT^b|+I+J)Em&5N4p498==6x*)=br9}Opr!(tevtp`Ajs40UZzOEnKjz;12A|)MzUW!Pt6T6Lm2RL1Cz`zF_|%F z_`AX&yUvMwp@*4Q23>xyAH`p_%c=Ahkn>NTg+nGW!xCH`TzY32zr1IRT*;w?M zi{njU1CfAUe{*M$`ngoY%&=G@B* zY|Kq2NF8JxXO6)%?uaB8Z@e^0xY-sfH>O#~$qNe{ z5a~BTe}kYAkV$ok#P^Hk)W=cN;kUrl0^=#n>kzXz(y?p6=lzbXARBZo+DEjz(iMZA zcf9|O+)_SY+G^!xzvX)1y6GS#XzzNCiM9*XV6i`-|6J}#%aaDnIgvfEBHv zw%dbMK+gO(W+6ihQuNzxNWEjXogF@Q!QFmL9!7L4z!f=WG(~Y#25Jy);kVnXu&6Qm zYA^zPqMK%MeU>e6Bi0VQ+vl{7+D5Z*R8k4Mvkf)12uz-pj$Km!++)7Z(NuS0az^oe z3Axj-{Bf>Dg4Sf^^WEfmsujEo$#0=57&uoCB*&*>Z9tt0vi$KD$R{l9aG$oj0k_bn z+w^5$3e788RizvZ)1ZKoKWJJuT(3SP*#s`HA;9DJ`C+RG8ZMH79^4Hir;EWn7a*Q_HJ$r+5#8O4OUT@V*ZP!#1Zcv z@Nxh7y5{R0vai{BOqz25TuS2lC&%GQY&NKYW-29r{96MKXCM5`oH=v!b!xj{8&)Y) z0;@XigeT|EYD+<;LKzF1B(mvXMEUw}fE`a?+{mx{d%%GzPVjO1gMuF@ok&+&CliH) z4$)M>c=__ZyaV810Z^KiWn1n!>k{$>4I z3r#c*X}@tIIXFB$eD5O4&BB>FR<6JMuQM0058lIv!3@yk%75R-Xd+rRlY`B(C0X9I z7zYdLG7JOn>JQG%Xxb!yD`h|vgH^m`DQ z?jdVy=3_npVT#Q$-`9H!dCj2pf34x<(#iy%_i=h&& zq4<=8;=l~GQiU~~EEAp^!l5Sa3&Euch^YwI8 zzu$;Z4$5)rr&>CIniz+EUwUr3CVP0>r1K5sa0FMC0{&>EiR7rbGmlL2_x2vqO(8=6 zvk}0wWJaLI_Xi_E>RV96=f3&JmB-BtCkB>WrrZ#tIs$&H~jmCK}c!OZOLk6o0CvNC_ zWFl_KeED7ZiBw|0N#}N~wfBG`Zz`6>>2Db4UNq+}aJkXQ9N|+HY*$;bX}u#}q4Wpb zL+30qSOMhrq>JxP@H6>%C|k&Ve;9?|xK>w8B<*1K!t^ss_2s`rR{6+v^}Rq>!zHtk zfkz0_PUo;Rrj)(lO8ZD3t zU4(vP*!+Hm$yJpafErq6>2Ol|{t3GC)m3{2>2(4Df&?hZucWX;+(2JOrFbAIM%U7( z-X=g{^Xr~2J0HOKR_!c6$pe@;XyY#&U5C}n>Y^TC z7btj6fX5BsZKp?iE?e32k>L<)IKWh*!kHHygC+@Y9PMB-qdqru5( z{BBjKhT;v!biG!Lc?*nrd46EM1YPEeCk@@7`=YuDG~dgNYNA#pitPO6=C*a&lkGST zJwDfrd4a>G*4Any5Kod<31pGCx6%JxQ4j(|H4GnE_(zSK;RsgW!cush_efb zjl20~>8WPrYi3LQ!3Dl58eyTtsmdzi#PB}qrRGrZU#!udp{@i^HAH11FTH0-8C3Hj z{--E8y0jOB{E4=?jdVmGWO(C(RVcJ%Fu}Q7zpO++op|;R62UhA8I&>B71NQ>jT7hG zy6A=qX^ZTt9kE*V_ivxVIl1nz6JBFgbp?Muw~JLcK>tn}HbI+{$;Y4xGWT-?TLV!K zebMf9PFVj$rWASV+(Wuw*i>_uIa73IQY~A>?`Pj9$$sWhR(=pEttuOHD;!j6LzxxM z=xVb(P#93Qk&*n1k(a6y^5_T0>%V@J=JQbp8-w?nCil*n&kKfe>L+cKKnA} zYx(B0AkVLmeAV#iubiUb^P!VWeph_r&P6Qab8fUNmW~sQZS^P!dOVov#2~SXaAV)zd>V)JpS{tP&VdE z6p0C(GsiL1rFfQ78ZIok9wVlYAi~WWH^xLXsrbG2`0yol()JNE2V4g)B*BFell<&Y zDA@L{32%?rM0V=&R9_=ek@D9ol!Z~TB|f!_i~bitFb^sX(=i77`eM={E~+45qSiN% zW*+|=Ab7qOe4YR-ju7k`lH@lgj)xnGnfIhJrVWU(*B#$O^Y*shrGe&^F z$L-Yb1YF}e=WdoAiw`+#G3)*I`Ej?f?)?j)eep|(pi~wn+^+wmXraiTjy%2d4xCNFCOZlrfd%Y^Et3xDj-+PbQDroFRiTRDt#nY*1S=4C%>tmFsY0>h4URcz6 zSz?cwl0PUvhCIaG$S_@l9#uUG69w^}?v9;yD%6iI~lmOK}I*Gin6<*jA&hjx)iF3sY@L z`T3UKzrGg&aVokVIW&QqRw7=mFGn;aBh@q>wK;8CwNzJ8-_VzcVb2^Jo+O#Bk53LI zkzAoSEm-a69&b_-r=pH^gZ*8H^XMKHTKi|>zjc2wi79h@Wa@WrmBh(@ zOENx-oBpmrx4IboI9{yYt%2ae`@y7_nwBE*1>Pl*|54h0T~?V>N_!POB48?s(b!jo z>icj|9SE*LxMLpYj&zZif1$|m^&a=H#;S@nY5n6+n3=$m$YjwGpBrL_vCpn9WmXp} z1Fg^=I%=(}$qupS80(M$HiAKwP(7z6sYUif`SIxo=1X!_qRgY2!;BsBd4r z2fAqWYsnH3Q||*%QQwD_L49%M!JuuI_4)1PcO!vEqq03C2j6}d>yxK63}Efq$Ly0L zzoK@eY@+Ad$|bKu%1!&u>Cc>x12Vtfe9ZglrPIA{pBb z5k0_)`VZ4;rzbHr;g3a~c>n(5*#Qr?ml**6-4qUS-Trz(qTz{v0dF?aj z!8_!SO@buZL}GeJ0Q?LyeTW3ytg-!9ovhTaLMjMuc7qvd)YD#3H)X*-qBpoDzNzn+ zMBY*NJxp1jxExacM#xAooddPKV{wDRYgX%DSbR{tH{ ziyuR^Gt-oMS?#QT)OYd|bB2A}7?VEk|#Q|gJHsAZ3$_Rbiy z+MPyD)1XYlxUEl-v0z2Nf>Ya~nz3~q#KO9S;4jQyHcQq{4#m9feSsrcMjJSBz`oZw z(~xnIoQ+vTi9ta&V%i4eYD|c2uA_#FcH6|RQhv0f{E$?C zWv6K~6svO{>Ug;1!(eqg+Sb$AL5C~G12>oqW&|t1vXGpsQW7?|3qx9cKqVf6coB|Q zl)+fxoCTJ;=WQI-2eq+<25RR&BK3|m@EV5qmf1v9B2gy_ll0hSH@q{Rm4IB)H-V?$ zIfE@rL{c*RAKEGQ5n~9Mc4(GmZ%MP=lKvEXo^Qy><_@2hWjM?V;)xiGNjf^CPrNuC z&nFyf8+v#P`i$kcSY!F}I`v(CCln|~{?qdBRsPFz{I+zqXcjw+T)|AU;OQZ}5c ztGFNe&$y^d?Zg3^eLIV5NBfpvK1gfM^^i~0U(+Blk%XJS&X2q@AES8q&sH8aj(=Sn znfuTzgvzvvabnM732@y;7NXn>2Yt96LXE5^lK&h>}{ zDdzSW)je1ziB8*%r5NJi7Ia;;iq~UxR`IJP4Jt{}F^M3XPpQxKL(3W43-XmTLAvrI zAtGX*8)!$UJijqrIvMY+g;r|euwhh5q9Dqlvs*esCg*h*I0mQS|X91^=}dz(+e+9E%i zYhVVLhyUw=+eZITk5Jd5@9=`$Lbwl2xIS!f1t;Ka%sq(qm{L$2NT5hUZ)cj_oAw zdgEdXZj(W2m*#{fLQAUaqB6%@*4a$rlU1l6H^0=X6hmdZ3K-3y1tWsx#U-HJwS8Vr zSvmqFHs#v%8fP^57tD*?6lsk*>XKxd6x4C-1Wj{G$F-kr4K~v_f1c|8rMakUM$+|i zNF(HXO=iie)USO1UPEh8hXF}{_w-#L_qME zNwzce!^zZ}`(ylZnDd)*wR~x}wn(BqG+tV~y|wE%%G$B8uzCp-749KEdyEG4)9`~P> z1Y;~Uv=w-G`KCp=xhBKi^kKLBb2;58PQWrf7x+Mb7)-u|dOLC5o~NYynZv!kmq-M9 z9iDc-Td=@`)v#MoC94f;&V)=C|3w_#SJG*S{j3&VC|`x8L?V%pQn4HVL=aB*=!KIBsUXP%Hv%TIZt^cEvlilWry{~Ys zVvDbP>&V$tU&l~q)H`WB>e!EW(9KInE2#ZWy#WMWsCVD@4V29Zf|k2%I%EN}M}Btd zcg9U&Y5BK}fw?R@cF*gOhK6ZLwSL<$-M~p%hp|O+P;Px=41X=m*&aV%Gkj(5oD*q` ziA`#U5|d*KL945^{Cz3oTr_j7sWH*b=*xHL0U$@YbpDa%>oYFVjPD*+ir_%ZX&%V9 zmdvaEaGfYB(a$%4#z{bgV5|K6_&zNN!%C?(+-Hht6OR?d%tnvWdloM5O+D}>`Px>tDx|L;W~ z5+$%3yJ@1MR`3em#^=W+{5Sp0AWW4SDtbeqb7%3c6(SeraTYl5;{8KD_Uh!7uQ}{l z6sa;+C#085f;#Ka;gWO*mR~k2V{$_FUN$6{PfNEYPBD98)?DkFg+Y5!?%Tr0A%^eM zzvwRjdu&0p1>3&sc*uFVeLl?BFEvD$u8o0b8+#1#D0xB_h&v)HfqOrdcZ`T8(KBQG zLBWd`M0{HF8u1=!unOONlj2YV80@J%ENs1s708%B8P(8B@YBm^oCZ!|NEKTHu20o! z<$7$`nj*@xB#(5{Dff1b)-*($!Oy|e9Ez8*WRoJyHfcpo z&qchg&fgXOs-v$U-1>RMs#$KFyDUznwrWFGulh8|!t$?FP@no!+7zpPq|vR%-YDX# zK<$Q0eBg9SSF8^>tK+kV`ZiB%Y-kMowz>sh6bagNUOT#Ocd$>;62n=|TUgUHnfJb2 zkY&y^641i*LQ>j7cm*huZJHt0%|)m8e&WTid18~LbFvKf2dBu^U%S+^?ki{ggrH*^ zJYf5*jumr#6(T8}q^jb))wm`y4bB%ax)3V;w%QX=FMJXnwJ}nOiuhCHmtK{J@MEl8 z#+W?u4JGdxX#i$#`9q zug>jV{oOrj#QuJ<#K+i)7n}9I@RwXa45$co6c=8fPxvM-?5DWi8i|@Z_0KrLm*Aoh zgO6u+zxD%2LV#wl6xI322oZ|!Zq)@Il;#pOfvsvUhCCmJB~y37(qIe^(-?AdzI|FU zvdCK~KLLe+aTbNz57p&(p;`0d{ZU8MKh)R4IF8eE-IBc>{&ZdWo*2%kYc7Pq`kz*J zX>G*-@pbz8`l*3b#Cht3mgWKdm7#xMPR^6TNV**ZdpMf8hUh5+Vh(<9b|O}^+eKH# zKWKC!$=||5=qZBH6i_}Lh5Y~szmOg49V(Xqks^l=l>mi#?f3iI@32lmIrFu5+YBH( z22f7iPu2V5z*bw3zveq%n41TXGX^i6lx6qPZG8B4UUogc0{Voy8>Y<23Gz%9wYz`O zjoi!E1qBTn=8Knq*0+WT>0sf?Xg%0OC~PO=>Xw@DTvhbn45!?=51qE$YXdtaol)$h z9(;K#elPgjqV!na3tWjwJC63pItL8x8gt2>0g5$2|7O(+KtIIV5sa(BmQ}#`j=OKt zQ%Q#37K1Gd?J_b1Dv4!pbRTa>sv~|4+kCR|)0cpA9R%e3=J_zUtWh4^3@$5S$dQH41wx3z}8iAgON;EpaWTXc<*gBF`Z$c&cGN zn`g85H17$#SL#jC30Ia#5N}|~gB`Eo$B}##kslJRYkYagk=n zz-@4OF|TiIQ^n{5XQKJ7c~;(4%?0j>y~3#Qrcvhav#Wfa6p7(m8@`owu+=yaL)~k= z<7#Dsw@8g5@G>yz7i@!K9iG^mV3@97n z6WQjC-UukN7IMtIG(!*utQq0n_C9u;u3^w+1COPHDaUQ>(NfkFJ`;9q=0gbF6|uE^ zpK?Q5+!y}OOSxG+*S)I1Ic(5z^UF%hv*d6R9ZP%G zN?m{HJ{?B5c{{v#XuD4_Q=r&LcXNS7uBwp#<|_fX4f`!teJwGTQ4{APx-r#sE982TA5Pp#>w;XZ$#~p!FOk(N%&l0& z%$kTELD4k0+9Y=4m$okSqa-i4!Jd7}wdOfl`XyFWH+h{N{LZ9&I}X2N((&2O=CW}0 zxZ(#?!8(hfR;Zmq;{Al8*s>hPR0+1b>h!C+{u}U zyN;NV;$C+h$WYy8NeP73*Umg_WjZu)p{zMdLip-r5ZWRWi&KrYj za8V$idXNwdlH?UP)AgVRyBD{mG_2O_(Q=^T@-BSIxo5U6jGkt)r7`-MOOstZ1p&dF z*p^R8q49a1Y*j=vSM9QiuEWro{Ok>RIGKi#NACA<(?MbSO>`RrZgUu}-N;-W93v;e z9TnakRp5}4Hu1fS-zx?#IS-F6PuHxR-{`Gx_b3qk%#afv`>z*3PW~k;QEtu#;#TE7 zTdZFB$m6d&c`2qGSTALyqeJw}_v$l{ha!0D2FQb#p!5pFZ~F+k6fAuM_##wj00}jL z;;n){OQGxawu8@lw@S0Kn)iLrS%58_(v&xE8pY_ouLEoaZ+zRNJsUCGj&XECG7-&a zyX=Ia;^U&Kjt&!=thiDY#nZw{v#Uw^=bh}XVvF;uCITo<4`tPIjYS=upQfiN3i=D{ zp+4c@^ts;A2!!c^rLy*Kvdxc|q3y$SCed&}R#cyxp6;{5QY-8&7*fj2Xqp8`BibR$ z0n%=R$3KKD(zX~V>O~t2fmGIbzx#B^E7#F-BhzSbhTYn|~acEK%#!)I3udw9YzSHc=W`fNwHwu0ErqzUx z+%$#ye|RBYZt&_fBmcwhsDMO~?J7cRmg2{N=g)f5Y{^N1ziIE6MK(ae)LWQ^8>OI~ zg;udq&8_6{Ds#jjer)0~`3A!l^>FS5-$XX0KWW>Vs4BVF@^^^=6H_HbUlcd1`kYFb z+Z|V)YbyqI4v@xxcUWci17aL+lZ3YXfR+OpzOZ>Q7TFXnMb2fWBC)$?pHbVZEq)5cQeo#174UKGoO7=$k4(>F;UAbc{k&uV$K3AV-MS>w)%h0$-cRAy@O<99 zl8X^deIB`C6%gVbtf_pW+fF0Jb@pu{xnz2GJ=9xnl~FJv#cc<6Ah5laZf^{!01OMj zLDwE_ULTT~iqJ|Wimf;nW#m&NfHHjarY2p%Cd}=WBqw|f>q5`sf5n&9VPgLHsy2mB zVVN+Kib!hEAC_P8$HZr^439Gqj?G+r(*0kd@frIeha0(?O{e_yMY%o(!pBQHj9Pw8 zGFr_KI88PFvp2%<_MV=md!^dXzE4pnXRiX=rqniYxjj()TgbsD>;4coX!~bg&SxK2 z98UwJ^?8bD`{u{Lk0YZ2M?>5DYn!j@6!=%_8L0jf;rVDWUEu;$dAa#a-2d=l{|t70 zN@AR~*!erKN>BC*viFO8!BSyKXM`^J-mBd|98Q=CKPABSY<)v*2Aawyt-_{^8=16%{3E@dKtnV*4s?z?}^ljCZbt>Z_ zu>HYWa}Q_@(s4LquWf_xty0Jv-^>fzZo0f!$8&NN*OOc%v{ovVvqQ|ypxPZjeA|lk zT7~Me03XDehidVd{~I|pCgkH6M35ahw$jjJE{ zq6O*f_H)eMPAGCYtG9fai`KF3b6WU~|H94H;Iauo&LDoz<9~lh%Mmx-k*pkZ==Q%9 zN}VaUQHxqucJeu9<|t-A9qx%|e;%Ol&`9?>O1n8Jz6>vOOTH*e2n~#D6QLZM3`)eYXZg_StgX8@q5I@wrBRHdR z=izbtGx~EU9ilN;T|SUn>Ba~_D0Eqf`NpyN1~O5{1c^TfAZBpM zI&N}VEmyUFg1ZDoS)=6+cq{8Z!ZZ>GlUu4=e{&ZVoH`&T_k*SvcdJXGvBtYnxc>hE zClV#oZ>LzXwz_+n@u^h%GFHpNUyw)7@o?ctQkR0;oG|Z%LEpZ8{mO<%EWDPeI&S$j z4W)K0Y(;XbIl(b2AS7UWE{j={aKVYUv=JY5R&{(4x~M`_{^ds9_t{DKPXS~AFhPG( zB&CVn9xJTxV17|w@wOWG47}NKTlgE+=US7_lx3Jbx8pGL+<;2vS%_pE&w%#*^RX2= zB)e)7po4$*Vah8yhS%Z;29Oi){2K9qr2F3%5@@rSfqaLLSLZmX(@ACY{=6)Y#s{>jD$gQk}uO&8~qNapy z0{<6dlH=uiXWw??ZLAQytSvNau!mNq_fNx_xNn8dUa)dM{w*l}AJ{9!pO<8=6JbgT zL8;gv(rvu*{w|+Axvt?+H$aRlWhCG&g*gz?01^QOx|y0g5dVSB{Nzd=H|gZ#Ylr5H zPyYdSguq$47Bx6RVyah~Ox~qV*J`Gobv8;pd?Yd0iBcJ!jb+=Xub;E>H)>_xHCxTu zZ32^lAQ%I2G)Js+3A$IxcU3sHGPU;)97>b!!(Sy_yK-_FTQ_79&mOIZ>3k>8paSHo zB!*9h^8}AZWG~hc7|AqdQD)a%!Yox$76f(aBq48(MwK3xM&G}d`tLY-*n7f96q@~2 zdEj+ip!-{suLJbmosKxr>ga#il42L%hhk)S9X_hz;}Qb_5p=T~?)CjVDc|7=Cg*(Y zCvyBApJ8dKap1206c@rOh4_T}%;Q}%nh447+MH(|AMD`_DkhlDdUPqc$XZ8>5RuL> zS|lAIFwxV!VEqYFE=(<8^=xd|4}@m5igL}w@#P{j;cqF(9@8&(VC;|jy@Dt5%8;hv z`gC%)VFRKlEoe9s6P6@6zc;(E1)L}d(r2QD>mI3%Y&&kw?zjzjDOsQ*q5rJ}B+);} zx%{bQzp~xu=T4;|pFig35er1|lbgB>LfncVqa8$=h2)99F*7=4p&*GX)l>V|PHseo z-dZ^fewZwkU}g2&P=pD0-Z_N=!U${|k~Io($10O6gt=h7>xt;>h>-X%DjvI8VI|m| zO8)(>(DQ0jIzZ$QfgrZSH$;)X*f`jPuy*UDIT#3d^{>5{E4|$=Ua-!X2TAV(8q&hZA@Ml_cq=ol#hJaa7ROOS^ZkX#4khHkeUMT%I7j^p6&5<-WUYCnBk92 zMf@gxdgrz0Myn0Xvunb#dUBNCkrAHT1dd{O{J^+qzQl4T80c8u|Do%hgDZQZ?$5Ym z+fK(u$F_}*la6iMw%M_bj&0kv?R$UuzHiM`P0h@|=Ukmzr=I8Ry*_L0G_jzVIQ!Wr zk<$l<1N|D@9!}JWFVv^Rv#JZR1FR(Z{yq-Dg)&HBB;Xt37;hs69`CT9q7v9vyAoOX zKdJV0328J7l2^1w@9}=B4p+(O{4QZq#_FgDJE(xt9Mt#6BKNmeeYowP=$_s6+du`_?osyVnRe41Z-#D#HVog2t}xQ# zlOLl^S+<2jQz=B{$Yp?-{f34*-7lV@<{vn}k=4{f35-L_3e1JZ%Tw?z$`*qzar=-> z4=lD((<3cYiRs49U{WKE<=~*d>otp1S?-}AOtC5;3{!z|LNNiwrd0hcdDR~B1Nk&2 z6$AQ}U7VSQ(Zu(JXPD{Tar#{iXSqEe@tYq2n`5okK!bC)ZidK>tpd*(nh$~Ogm2D8 z1?l5GC6?}NM(@uJ9L5b0{zs6IKsS)}JT7+qE3cZ@<3qrd&Gsc^-KW6vL->E77vya8 zqA%)A_HXFrf=`9Z?&LXfoKmV|#QEkq9r@2}*L*dTQe@AW>M*QFmeRS0QytO5%|6Z6 z&e76Oe-u)AEOI^wFGKZcww&>ak7iSXxRhlls2u&7#~w}TQSfm9NU zjZsZl9darIdpNiPa2^b6P$Qznml4h3KEl)^F^3@Z>5o+29JvO~v% z8f@($$NnXF=ybRf&hAp}JNNpvfCN-;t9y08JRiBCYNS8LN7BQ{ip&$dHq}l5V`r znpNN!R~LTUpwu5jl);uk*N$rJC#Ep!uQ6{1j|?vvB%}xlh=(MJ48<37pn*ibM@3`y zhdo`zZW1=%!Z3I+Zg$&DsWGDMG`v3PdURWy`P^G=# zaah4-MO#fm=78yhYy7;!o+d6orsdzo%=?}GA}K`%$oRD%5q#naaO7a%8PHnIyR_fK z6|)gu%du~ThoVnJ*WjfEKEF^9bM?=yUN@uQclL51m{!KXYqF0k;5_64_2oYk=5ynT z`UI(Kz5njo8!d4MXn0^b)x1Fjf$9b;rsEE>tXPL3cuiPo@NaqE6;${H)@sp$xEe@X zTZpO;Z~G5#>wiI_0}Wdi5O#m~_a1EtYx~k7`wG7~Vy~cqZ9^hnl(EbY9||s^kv~JJ z!>&p)q%o^Zj8W-gx1SL3m`WOJ89_s(kb9zd8}umPi$qeSgir5Q^Y)9aaN0EOdxEHU zWr!#eU#XFEs_1LYFXC1z4sAcpB~cxecu}U{aVy@w&`}Yw=phHr$f&tAvjPFZ)3%a& zx0#Mi(<(bqR&*z^qK$d!Kf^E#|_0kNI|t=ky( z^J=)jYXH#ZZD~`JYLl;9-LehlCxA<<6<8h~ir|{eergp@MgRPG6>WM=;{Vr|*cpEjadv#hxp_Sa{PSY)XB*wMRRC6jZXG`=3^d{`0L}3j z{Qv&Z1(D!61sk1+Rc*mp#YajdmzD-g9C55nS$1cH9J68C zf%@u5`8f;maaGjH>Gs%BcuN7=j&Z&5uV3TZylTwLO>&RciN`kPDbaru>cVEaRt@q? zu5O#bv;BTp@A!Tl_u~8Y2+JGU3dOMRSq5FfVHBwzKW~X#d#l|;#H4dULN_nDa2`s> zgxF}o)CuRol*Er~Y!v{v&Xe(wFYjHY3LSfz^sA6ZBDza!XK}6nG4R3{PXJ&G_<3@%*3oLGpB?fW>bu}Tj=TCVX(wpI;sRzR zd*~VyL|(B5w$Hlk02jg>;M3|Z{`Abrd6B)0&&AOr2ZTzg3Y2Jza+l?l6@rJRORsA z=Zyfa)_@=0&jNAhftWZ_Ai*SQ)txS&scYGMKeBTJg~lNc)D(El>WqTEI-x$6*ju5N z{SX(rAp#Uun{X8y07S9k2ZLWXL4faogN~Ha{r5bv19b%RCI8Sx|JK3a8}RFO7gJ&@ zh9>Sl&O$U36afWxXkEF^`EN*fwx0aO-TFWL9hZf^%q58EP+LOwySq-FEi3^15lkcK z*o?HD2Qd|ulZkd-+>(d>lgVUduq(T5*8db%zC;Gf$KBE`V@;iaIK9%?l580o{cgCz zUnz-nUhd_hGD?5jrxV00^uQ&6{;~c)y9)&U>&b^3(F|3serM;IcBvqDB{9PC2=-Y{hohj@MA~V(qg;iI zVw+rheOka#2d5W4CW6TNLn-Z{sQ`?@Cqp{3G-r-~Ca73^@a8>b>XA}@G|IQBqS{Gw z{$r7kLA z->UI}70=4e*mt>a>-gA=1Io?ScUed~=Pg5VQHOCO=X=@;kU6K%2ag2{hhhbodIgO8 zI9UAp7RxyRcC-owK!sw5i!ZA#za=~1Td&qh3?l)J9!Syh+8DO~s<%0x&&&EkX(IR4 ziHdENYWp*L;bllBXZ7pyxU&L?QcZ|3mXNi51Vv*VXbva=xOpEf$=~)OC}?mvC8#3z zBi+Yd$TYujFgRUdD;W5#znvI^ZPACq&aj|)QJ+*RV$={qGw;dnveBbM@j|epk7#Vz zkWdb~=1f*F;j|$2ReD^h&5X0?122ZV0};hJGI;_>DfW79q%;bj>u7qqe0*8VW*rPg zxkK{ob8_PS{?P;8l~3sSt?(NkQoo1KfOPFhoG0%azq>!w%!ZA!qTQx=Iwi8Hh8v+S zBHlOlx@dISr@X7H-R$x(t_0v3U;~H%D!4#C`N3}n4@u%+8L%;|VgL+bvz6;veyp^8 zcW5a$ztf7pDlEWa@wGbGGR9*px<5C>_hm&J34Dlv3(<;i#M=FMER|s|TM8t&g+Q(v zM1<3%`j7nfSf)J{8Rov=h;HJCW2wd~n?sW@i&D8FUIf+Hw7~i{>r_PBUm?tR`48*# z@4xC9GB;Z-!DH%N6z^&&0n<|7yRW%0==_bo{M^}2sU8II3FE@50pFCMAW*}6QyZij zvTkjPXv}&BKMYF5b5Qig4m>4;j8O;6IlB%yh4`jWtw6SPxu$KzHAMKNKjyEKQEof8 zZYSlSkh|WPgP*+Y?a{=y1?}FClXEv=P+8QQcpJDgH6>ILO-378Yry!F@vZI~o`!~S zgDC9^cXP2Y@D0%H@tz`>;kr8yC1A5p#UoI2ffyT*T{27JIj`~zvT^lSVfPog;(JUG z7|HkVLGQFnPyqzZGotu2T}%Be^t+2p6|r+6bN&D8S`SO}PmRYuS#1sVK_~LwrPjSD za;E7VhK0!Yp$o$!LvjD-9W8c(fpB~+^B23#u5JD{RQ83M{|68Tm{EXZV9Idu;viv7 zh}c}@^*L*4Lioqac^}(ja)(^piDHF|%LC`93&Kl2-cj_89AldCimi6KrG-m1wGJ~` z>GhMj{ZURDyqSV*pYuBeZD=!b_pj1UHwIL$^i6Pa%!yOE{w@4;69|hHOXV1x)Zj$< zzi7mIuSJmbFnVYxT?^E7C8xdLOfW^l2mhgn$`Sveh$weBy&yV*80h>yf4KLhrx%k1 zjzXyhdnr=gXEY{{|HweN2Sf41jxIi;;3KQSr{~Fv=}9`FHaC^Ht74z+S=hb=#4fq_ z$TggK{TJACRw28NtpUYLk?&u!EBLw=0M)u$XQog9Hwxdz-?@>nhLSJTW6E0=S%WUX zJ(~`Jz&;YlOgWhYDb$1ZB`tx;shJs=Pj$JPsd!RLO-)xhV6D5m$X`#zaD2DA+EUgM$Wz5aefahB4}Pl=B=vvLVn}y3AcIbv zw*?0=$;Z)3-C0x^0zJ~vcJS>-cW*9SZTwBXoK6i6oy9k_s1}~DmxM|Lf}|5aFYP~C zZwC_F_UKdiNz*q=$u>U7qG?EA`v+&7d9J5#>8>5oCa^tFiZ06i68s^0LfY||pd~fZ zKjC_!)?jaqTimbT=@b{4)u-l_ZA_NVkg{krgp!Mj^5{kwTb=De^eMe*UKcvhDWfF6 zVsM^f)HwG^F|jXV>L*K!j#(5 z{|aBMLm22=Xx~Hp56S2wFInGjAG36#Z}P7Es?#zB)tzQ$43SsfSi*K;3nj+#)SkAx=!NJ1pT#kuiyT_R&KDQ}{QsTqQ#=9eaz5|r}ieE(%6lw#ky-D!zwAl+Tp&zhjIH{DikXMbHUVa}%euVvm zYcCF^#kclG#VfSw4W~G4;DV*Tw3xA(59jzFh!Vqtz~fMX<@2UbGjL+4ylo~-!N~Lb zDRDy1Hxq9zlk4Q{V&R`Diip`a5}`zE`ISeSq^L)#S|9NxMAhk5rdKP>qc>9I32w8` zfM-mk!`4cMPad!ajW$;D_0hS!N7h`hq(!|v4j{%${ddJSWMp7JSIj_?YYgg ze_URpB;`|2(gP>=a#qyL)q7SW7Uy__M8?_{i!jfeHWxqu;i$c03--o?gg1e zSyNfDN(g{*HsCB`4 zfq2{Cn@3T#U?BTj%hxAVbw5Il?LnZve824Z`f{qxUgh~N-u$S^YWTx0j=lrWxOt_I zfdahTwqHFP?&DuQ{4qK=b{AhZy&oS!jthJW_xm#$%U<5Vt`YunIG>S|Y%%Jz7@!>8 zOekZ*5XMxTJca3(5vWiDq=6=PL&2C@M^h+1W;bex*jl=g?uIq_Q=Hs?IAtF5ud2pO<8QW0-97LNSnASG326sRD*7|Q{j&sHg4XR?#J&*UW?XcY{grlm z13pTCR_QDR1UQzXJm@z_snLNmz7Pq>p|6a8I9lFuAhtBmU0h&24 z-oUvVFL=bH?;b{1I(R|r$B}M>qf#6#un}HR5!B)|V{*qt+S<36Y(A547NZ{RYZV5v zDX`?eSLR(wT^w%@CcqPKH(PNoHv!X0qk?fu^gQ-oZ$D?v0EGqux|!qeEW>uN z=kJ6G1f5G9C{IlcULL=ctGl0EAt`&vd(RngVr@}p`Vebq>iW*Ivps~41^NzRvbGXg zMoC1>)0Wvt1m9A&hz1jH8Kke!10*s-(oY%9Wb(<@(ssfo_=XyLHZpK1s(lbLhBB>1C+^=WTaS2d=KVG{O0~`Xh;%-pm`$kpcKG&p1W^`*fNoPn0RK)MQp8} z`Wac`NjkgVFvd^xnh_;|657h)8hay)_%BX@1ge7_$nz507_;=b#sf^4Wq-VGKz5(E zAE^w-~`b>SIO_za$TL8~ffdWmo>9AxKYWenv#uHJ73rI4$FRNx-Ar z9Vyg^SkkYs2IxWs>Ot!nr+K5VM|5~giCmL5*>%BWX$3L>k?l>CwcB-fwXsjGJw(c@ zpLp0v#DgE119{yO(0Z@@5-7FM<^s_in{Onc2qAG80<&KR`D#X@(sg$f+H-4>zq01B zqUb5z#9wGPERjsveNLwxceTJDY!adkYf$lQQxSx+?cJ0@9Y!;fYH){^(T$+x!}{;g zM}-z|4*1D;)5)~k@QHM=2-umsbLjXlm9znHve2gXu3dbCxBdlJ=%L+ptuuGw9f@`Q z*+oHF<)W~2(4?P|uEn5+G*S8TXHZSWOuT&>SJr!6XtdLr(S>)JcvW=hMJ`xOo;?7w zn)V{sa`GvEaVT>_X$0mr;qSPneOEgQE-_6#V-~t_GAdr+|2i+J>z*jmg?Ia7$i7Vq;mlag>r}4jVH&`#I03pyb6Tr1 zZI`e;zCRX!>@i*ie!}NHoIysX^66=(zKV ztl`GT?o&62ywT~)JuZze&YNXzhsrpHl4t(|O>%kH`wM$vvIphsvVen{rO{g|lW?j` z=C(1d?l5C|1>#9vj*-BPFh>~^Z=P;N73)svff!e6doFb(;AkBsSd9_QrQW;;Hxcu+ z?tZpY8KcqUy_}f9529m{)Xu@<$_xbV4q<4ddq2cU&cy#O4lKz$IQ4VkCO(NjE!j68 zg18OVi;cDmA8s0)Smopek|HQSK8ZLvPa~skRybKMutKPAM2b88Q08`|eEHjcU$GSq zfmmq^_@kVfPLzJ#5I1d=BVB4)B(GFK z%zsAD9kh*@o|)>mO^|J5Lp@XOX_fdjbF?{!goO~@suZ0XPLwi8lmS2gY=v%MUhmv^ zreptfWOT1v_e=2!_^psQD>@XeX8h7Us}A7ExAjn~g_!n%LZcVJiRm{R4&!-W>EQQTVLsVQ!6WOU6PA9(JWvq0&2zmzk-u&}dF{lDKvZYNp=wXfQx zckSw%jkOm$j8;1_2inb(7o4VLQy;ATdu9GK$E_;L%&C0Z24W$d5qO+k>1Xn1bpS#C z&l)*$Y$METe2%iLH=jRxom2~}Kk$4F>|)UqNWvLyi5C#goKtq?O9&eZbDG2aq^8-J zzs5_OBg+3j@%G$Lh0+(%i|`<)<|K-=?9pn6api*1#s`gF0o@Ct2|2qD-$YLH%iF@VlyF2wW}8%iRztSTpz;h_5wlA<3Shdg|gvV%mqZetR8Cd{YneEs+d&>BZ81 zp=BJO{9>@+Ywar=$`kBa(a&(`hBP*S{1Qk-?7_0IZ1?#DUVdFT;{9s)2|KeBrw}0L z6;@4{NLrpX)#bUbGU3{~(y+yy*ukUj&MjI7OFl<~X$g`{9$SrZ!ajYGL-i|Quvigm z+d`{Fi}?Vv(q4)jHDXfqkC824Cn%`!({J_K_6YdlUNQ>AaOzwFX~FF^!u2Q3O-psX z1U-O%0+CN4N|#ow2WgS+srL@^Q4fe@>oTRjK+Z5tKwi<_0|Wuz;n=kH6unq;OSJ=d&<`685txrN>qP* z4*Vub>y$C3Z&TngH9D^HK8k^*MwsVjiI;wU_%a{^3T{CKTUVTV#h9eNQ!>=}6RT=z zyxV8L?7C%99z)4wD^&Hjt|HVLFJ{4F{BIS>Ib8iXsf(MuSJTz^52^w{yE<^Qzh|$l z958hLWu4FH9Mo0bO9u)-C>Tf}-y6V{K&ki@rCM|l-E%5l%AA%yiZ@)#zy$-{#bF}g zHw(NN@f=J&U|r%%&}sIVcXvmrpNf-q#E)W5d10y&*2r`FjTuH_Hr6GJ>FliF^tARP z<)++HHE#*Nz6Bs~a(QFt^aQ*H>;aU7fIB+^tLMO%d%8lP9Xqi47?@)T(8&RM&Aycq zf^{2{c!-e|&cMzrb<#UuNlA+KT7Yq*j^hf_F^s61!;tb!kA*)uzy8PoEpQNcZe(+(&Zs?(t2bO zoxC~>1!e6-8-+EYMVvG`P=m} z4z2-7&%dE(wd!VStPgA7YQEKC^&Cs?p5@rT%xL#3ssL_((-(xQmYIesrrn6*M1

    Gk45I) z+U6lb@E7qE_}2%cUKp)_)4iFQ8a+D1ea?JcZzP$^hjOeummD98i7GFJiOas41_}%~ z_cwaFrWyJ~1YS}4GA&iX7sa%xl`2(hsaMv7+ieZ8e*GxnJ9!?gY>TjnG;h~znON6} zJvvk6qIz;~MUNiOgq9`iBy4XIm>0A@)4>e}G)9&h!slFO0fFpJ!>sAh3d+$}A&3$;yYf9~m?Mb?yXU5KzbN)Oh5FT?P5M+z0B@%;Gat5(OK3_2_jdWPH|lr%@9b^|U80PiDC- zhq3-^4#K%ZO9yT47X%h^F8_4Qy}*ZT2LZ6IhObD&n0NIkkohgBpAtK6b%>!JpDRk& z#@$28$rw&9O_s|}!ElRisWu*uL8sX^&>@ANKM|28=v}*oN&m=#NlkUS^`WB1WpL+@ zs4^4?KKu*DgiT2|fNUw;X3-b9%psiC5$#ywMy`~wf+oniV5nF~YUJ=a5CJMs@*=e= zNT8IOfMoCS{cLd@Stk;pM3F;ssB~Zy|M|nR25#I>77KlYHdL6W!F%NJjT})tdq|Zo z6USX@J~{*9pL5P6@yLu+FmqC&Q5A(S-9Q%EFmp_oj7V3zii_;B0iQ#0=ZlQ&3LgY< z?K#luFj;KV?^~F=#Qzri*KP=HAAp+^tP{YM$-Ct*w+ldr<2jLt2-5u6N^i^4-B+rQ z_Z0ccEIiitX4un0^Qo*so{RwUI_Fb6cSOefjyb`SM7V z6$Y-6&}lxZ>x9_Mp)La(Zdn>__fg=g5%kCxgA_j7v!kOMd+CXzl8iqm-dH9DBw1FO$pI)QV}Ft+k`GnX99%scmEfJ8sx9ehzqdWo zZO=EN7bNMoow)UlkDZ&N4ASp_vO9H@RT?nbtbhruIju4xo%2@(*K+&D)K}Y$ijHMg z5v`i5H-wM<_h}Io6GpQj z;4EUT2iP#y!vO;Cf0$b!1(Buh4jR707F24{V&$^2bn zwB2vm39&NR>B=N>rEW$x{oAy&=X-M*SXIlk2D{sKama(|$`3wZIus3$f(G#;4hN`z zhYwVLhxi|U)_S$|XmkP%d%FCZmVh@08Q({j0M+X~pv^nfhijE`KR>$>KW!>Mb!>n< z^Uqj{_kR6*Fm02J_!|ci_D(M4TSgJVA??uJbSWTycKh7unBwe;P^0sMl6GgdT4WkfylLD9n_nfn@wCD zvLUk2NYMFJVrvY$Il}{#QCT9{h!N%$IY0lN*fv&^OQWMkSdcd;ofte)=5?oC2k#q^BR%f@|l0YNx-(s#RJF zxXBgxmA4?{S;sP!cTl2GA8QE(=xMm)iWV19RL~bcxhq{<-I1!E|A^pKqw` zT&5gX%-?P0S?XpB00-VXGqZ%CXH$I)10Xt<%Fxp7SvdHK`YblFz%5JrCK80LB z=C>UKBcMXGpMB^BD44~M;O+<5FJ)C^37+phhG6&M_n8}hG?T+n32|@t6D&|YOmHNP z@3&69FtuaL(o{234Nrz%h~Ljoi}w?J_=u0Jq{h+gJWD0*WLwYRe^JS=nuvcEfB)H^ zckqSr(0W*kJ?RcQdA!0h6#(u5u404dbr)%<(tyc4)gKlIcRkNPmyx{3s>7;q+Ov<@h0fAX@tx zdVwdFhqghvb%W3X{z&nMZM(j48L0C zfd#<%OoHJF^-rF~!qjoUD_PIP`l#{K^?Lr{k+YF%uv}tG%AvVlwCYTq zD0@64aOopbs)pBOfWu_V$KN)BK4@7hKO{SMVFPzn6Z1yHhoee)Hdlq&oW1`VC|-Kh zeRar?=torGYo-c9RP7>AHQGnOCNAnhN59)q(xLtv#a6+w&p@?C{cNUAqKqb zVFSF>(KCB;4G`_Tc+J^ni>baItzEZI_6-}qVYQDy=y54`{(jz1unu!u(_maoau96v z-Jgw;BiWv)KU{8Td*)mx~5U|Bdm#m|Swt+9~PWXfEu|7V0^f7_(TwuUj)#{(~k zkj#>2*vR1XpIc!7JDkZcDd>vt?dO;2?`4~<)y{NI=9cW8QoK;Y(N0R#+JF4qT15v{ zhk>8O@a5X$T*@w(C!#~1wm8l*jg;ZtD+33Yka{^^zn#!B1@wf1*OB6Wfa9wCsz*N7 zn;viw!)phnT|X;$&yG-raCOsosbr`JGExKgKzK3J(7;bd{c>zOl7Y>QtuesPw2>&{ zY!Yz!(jH?GR{%p4ub1Tffm!kk-SSFWe}#4?P2?;yVd4T?oa2)Soe*Y6u>UhCK-5hrEv?a2KWig{QK;YKG9`xeCJ)6ZMBxy z^bx6J9`HbMk2YoUOlmZ%vAYorPYO3En0sn-De-F-e7LK^S@t~FkvLB*ExJDV?1X1J z45`26cyPFz7(PAOC2>e+!qu6wO|@-G|HGMgzBe6bg})a0{1O;iX!P`*QO$%+ik$%O z`91hYN3G_(0%TP3)WEsad>tzj_e6^1$d$ifmCk>_C7^>m9SxAHoA8Pev#AMJi#52C zJRIryE0wIe{cR1$^#X2|)U2GmG`kGf&8>rj{>3|ER=CV68)cV*jgb37@+=5*ClQ)Y z*FA7NhDY3`%{WPb&h}Ts)ICd6C-g}n@xAme4e`c!9_@r*)F0pZ8Qw2onKy7^Tgi(S zxHZz)@R^2leGitMZVB!#5>llkH7tzx*u3SoR!2qu?$z0V{KjSMHxqwiWz+5$dd#U-Dp5SMp!49$Pg~x9=SLauarLhi z13`NhV3am%v7F%Zm#X~LC(>LIRfLw3BT11Ddjg}<@ag?A#Hp5oxdRlkn4{UuDPQMd z=U96ZBM)Yo^kXaWQ-CBJExbd^=tp`bkmw5I4Y&vBO9k$XG}Zw8q+c^gpl1w0?(5Dr zepe_wMhe&33NJKH&Yxz;JAbW(1>q1^aA(#-s%c|mP7kT?j!ez>Yi=AWu9FfiKz%33 zT+VCGj~cZYu~w}=|G9Ca{ibdt9@DpH#M}L)3?4p;w6Hx;>F_p{=CGI!7FjFgFYL#~ zwGm|cj)eF;TEpIsWV|$86dtCx%<}FwT;WbWWnPr{ck;M{H{smY?eH81f$km)iimQD z`a?>xzpgp01_d4&Rp|&H6>#A0k-p&M$cxWI4gjQ8?PP#L_#~ZR3OvKJDjzle#5Y4} zx-sGyh=llu6XCI` zI*(ISKpH-prLCynwA8@KhpI|m&*arV!mi$Q zaj$R{lBBW`;!-9}pwa$rcc3{*{zv&aZ{;po^uZ%1OeZxbd8J}ZnwSPzeC&(nh2`Y= zSH9ATiN3V86gmBuAW^Qlqvw6;b{nY>jZA`$l+jXX9R+IvSr(x=13J0nuM{-%3{*8T z5w`s2fh1MrhxO%W`L9f?>R~%~MgVGDtFgYaBxjp)_{gML?ia9bf%+2YwH0)&(G9dy zty`Z|tjrB-2i8)7d=|lY(EiwL#qT9`6o-O^?&z3I|CiaU@>aNU&M&YAE$aD(1yhA5 zSq!8W&N_vzHh!VWP4Vld;D1=F0+a&gWi&f{&bv$yfdZGVh*9r5hA&npK>e`?$Tz=$ z5q&VoU%r66OUD8DO~qrV-(VVBKM3(#TYqW=o$2s2tNnGPnY}x+V(lq>g2ODcrNWUI zgLaGdc|_q>7nt)m$Z!mVhyf3*$%QGtcD90+!pXUyV;=#RdZooxVJ0<1GU|LFVTFR} z!YL)p$|qT(HmTDI0H9$KGCD-h3Wpp7CMvmuBSPU7hMTdQr{X$R<|5MsB@fRrk3gB$dDwF?G#V0>Wa(yt3WqZ`$}n%x zMIia-CXY&)EXpJlZ*KmSN={hV(E;qi-n;JG)22^hN^G_8Msv?}dp+2t|0%JJsp3=8%vbCBoWeSNEl}UmiYJ)0wc_qIV!j7LTVu(~`m*<)jq6 z4B^1Cur0AHAe!Oko`7?`j_z<}vE4fRBeE+x);F)bR9i1)c{mLj1?qNDDWBP|u_b1V zsow75VfT=A3MO%V0UGR7&|4R6jeq+EMyhqlus)6Wt1*q%-`J*`iZ1m~{ZD5=>0Lcj zrf=(&>18m|ji&c-`X$MjN+R$vi+EG@?OyuU?bBKh7}f(X#ZU%JoAE>H*m%A1^5~}e zBKp^Z^#rVBe!*zG(TFahWK@k{3<{FM8^FRI-47;AbRC2JM=@O zYc?RW+2l}l8vTH6m%-`hY7cd4pRJKV^}8MZyqE9$C@;LI-^W_-Q{Szp4A|Q7@uBkt zZ9qjDdmw!dtCi>cJfCx zF9G1XRU`#dy23^(g8KYOk8j|}MFy1KOGO@A6xFS?6oueo0g(#jGH!qjaX_!nQrVc6 z(U`Qm{R$Ue_m=NxLv)~f;wNluE5{Y~lOVyERfI}dF$TwNm!MpQxkhAkKpLtPq#BLiKJnEd&AUod*v)C9+Nx|MC2yo@y zm}gG)-pb`+v=i?@O2zoojS+Pk5NM^hg-37Fkw?-IVaJ3Nr=V|^vgnABIC$@NdPm;x zT-6<$9)Ai{zwkoe|(C%6r+?AM2efG-ZQ3w+;rG=cJW$)n}nPU66qGy z%*R6&d;bTPD_#_qn_d1V?qCc}vh^u+_^kR0+9>A&-uP@5dl4~e55+!z<8XmXRw5@=T&%`KQXzlII0{eFh+>Ln--aS z;I{9FRob_DRd4&pzcJ6{djV6Lk$zU;%JQ54UtK zu*iy)Tu3j4H8vxhnykn;?U+Pm#u&HLGuici^%&xVA(}imzv-9o@^?H_OJjaiTdOP} zlK9_v zrGT`c_68+_OsdzXfOZ#~o!L}y4?RqpZ3B9C=r6zjoUX2`FNJT_patj`kUTYE_na!a z^5W-0Uw!Ru`P}%{@$_E@LEasjp(!K>$@kBgMhHJ}U`L>mGiscw=4D}%{7O@2y;~)yO={Z`b^?lT#@umGO zZC3LI|Ij0Y=T$EYDukgDAI^f>`2mY*0pYC`*$8#thfU?mwp?zSGK`9eSs|_}`6`l! zMYkL+WP#X2(b+-Uc~4-ug2$*9KT+RBhrX-CW6H*f9Mz`Ds{SVv%)DUgMyW>245-g$ z_}KZdbFKHypSJGCs);PiOK$s&HDKqLb=p(U^fK_om#}Sduv&2O!y#tl)oklkcU?L%^ne^? zZTYqzWv!$&*d@kR-&dyIFy?uBlJI;n600>Ph4+Ip4a=Osp!$f7RC6`!VfwKalYHte z7?8pug*n#Oq}Ni2Kzz4m_STQ3Rpz4FS z;+KEnYIWmLsjKgdUyLuje!2wj{`0s9aXbs=B;T0duu=^b#bOb}PlX}STzcIr_QYSy zoD+@i`r0*Zr&Z4C0*TXTKqES?z6#fHFmwvkJBPK6y1EK+0nhPj$06?rwKCC(i0a&M zBuEH(Zl@DwBTb!Z1l_L{-bDJQ7nrXh^XT)K_rO`GD)xRprP)r7w4U1;*dF5+r#z`IiozwS(XB}mM`fDD=Z!3 zm#L|13TeY?PvRdj`*pncEJ`z_5^jQp9qCe`ke%#?J6qV#G$dM37AXjHB6d;xMwl5s zU0mA1xfSBrm%-3a24%3`&Yp&IvN**YZ1GJX%G27i(~|Tw@5!Q)(KY;{8AtVY{U8tEnA0N((h8&WK{4#1CShVLH8 z=xjP+7V%?kJF=k*Q5QDIFlw;|u4=@DRO(r#+v|LX&|y{E?vFthWs z`)^rmbnKO9rnuoyENxq0aAYZ4QEvL3FIBJ(PhzM9a+^px5hy1YA`3?nHDCrW|J}23 zzCP*9sc!&CW0STf-eODCDj#4Jj@5Y+dq`WbcS@0>@R^?(j9iLLqfosC@J)KSg}qK#SDi-QP!w=zKMAB7sn$%PfL)Tc|__9^%5OP%lA9L}<> zKq+7yDla|M}|Vojsg024k3>{56{3a*H)Er;NteW-_23^DiDiz zQ!eD0A0>|#++N%T*<?wG4F|=7 z{fnZmP482uRKL5Q?=XHRAc{iy`hCnS?ESGJB3D#(Re(gxQcQgvl7z7ssv8L3Gj(kC zR~1$H4Fk0T%!@L|cI+vOe8o!Iwp-Xy&A`vp`YB3fzG|o*BdTY`%;Igwq<=O4bI0a} z0R2lK_POWzqo+IZBx)S^@IobGs}9(Sf3nT-v0aC1T!uuNxVeSMYA(YJ|jVzMUOb7*T%Piz?AdrgX+S?KfMF7#~d z)+9c0UM-anJJgMwbmrB|mnuvBwMeH{8g`!JnWFIoi}g3_I`!6^W;@cBy1xN$!g#T& z34j`z%FoW;G)z)-z1O(yREttk`Bl6vLbRDBFs1K?prZjp8EJ4qsXFb0JuKRdc)^EW zs+8Py#D&vkMwiG|{-U_ylV4nj5>t!LO9XJPMa8dV{y_G5R7PE1T74qaHiz#P=GO1> zb{tq#W6u;lgA;b~A*p&#oH_AY8Ex&8btFb`v61e3k6*Y=PVuUUJLhZCFn=id4%GhY zpU@$4Io>L|9^t_JfOvFutR+ujvU&0ZJdp>qa+1R?3fHKyrHgp_2cdW(*5z4E={YVX*nZff@b#Rv&7W3k4R}VvE!*<+ZBnsQMZdTv zU{@^t=nQz?sMu^gQ5i4)gZTUe+^9a`0jN>>ag-?Qd@a(?^74zI&N4$)Tpjbf)0VOs z_5V6ZN%#CIT6OcP2(AE)BuV%1mvG-%avUV~t~%#PzC*Il7%#k)RRL9Rak9YF4LGm|7)BYXQV*>D zZuhw2BXboO#JNZ?zlvyF!6ODVicS>AhpARPd9TwzozAlc>O6a{m~!V?iFYdrbjsRS zz4-0v=DKRzc)nL^$Z(os`sVyv1-^a4qI4WrY@iT5w*bP)Z2~Yo?Vu*Y*TbijV@aOI zEF>2}l3oZBus9SKl1UtW9J7%8_|G~GBl6Gs-G_tmpF2A{=m$lug(0CXTA#q`Y0w&=vooB_R10@z)I!ukS{^RsjQ!z!BOD(l*pwc_T z27{DywefBxv}x#COhVfVV&AwRR(!XvAhy31#I}OiRuKC(1u>D1wFsuKrMh@a#>dx~ zMyjWa%ZVi7*(7mky z`h5wY9n?fmS39~@GM*9@uhL6$0Tq=%l8Or)MJ&JoD6|En_wlYc-fzW{I7O2CO%#{v z($ZULNo}RKt@O5)-u#c>n)FtDx2E*g-AZp;>1`{$eWTKwNXKX$@$0LUtKg7&D_Cs> ztF2(=!{G!gFw$=&tK7S3K6I-~R?oMB)wdv6%@wJ-tBX{ns#}rjs}QMXdBrVu_PLM` z-a<`%BQo387KXMWTLr$hBHLDEn<290%~$JN!`fS+?Yj`#wr+IaozOPN4ratK8`|)V zh*eutn69^#tG05L2gg>fGVi9!RaNl`Ysgi5Te)g0S8e60Z&9vVGZ3J$;qZiSL~z^M z!_Zc4tH9S*ZrjRjGvv1JhJE|DX+XAe+g5Jd%5C4Uq_s7X>3UN{EgVrSPOLEWF;A42 zm{)Fp^$?5E8xjxYsC=rTzL9Cw7Ljf?A&!(#nr%}XkyI$~hED0_&m4zTA-*7S%-;Ts z)|h3|v39!Cw|^RjBtF+MHC6KgLO{2DkROK*n=V6&uZL6kp{2I!uVZ{W?F)^ke3_B; z1J-kOEm#6#F0WPWTTGE<$PEoORWBmtl=kt`PG@tZ;9<2Ml0@l{#wJI;YT>BWX&n?d zbQ()VSg9!HAkp8dXP1*WB%Hv8Fo;-z$>~t5Uvujh{7UJ1AL{W*pdLQzMYYwxpSbR;`xXUDn<9j zQ^2}w20j+~BjzNm=8%H%(*9$aE7U-^u%aYu>Q8L=6BZ?1 z7iAk@d2DV6to-B+e5tjcjYW(UB|OkkOkIwXYSO|H9Zr)L;M*H=O|0pnR@Ko~1pWp@ z;3_BnO^CqVtq6>^BJe{Mf!l5L16nY*Yc7FTr4##BGR{!C7)G5mJRi4P$=Q7Sypr>b z1if3C`OC=64^`6K%FA1M`MZ^uD?R--Au#VPCNL{XI~MP&?pL%$?op=ZbU2ddQ+L;` z%)OPlA8uw|-PmUH^P;UL@N^?H?WqWxnQc#x*wl=BEyCpgGu~<_pHD-XlgN3irQC~_ z;<-vz%G+Bl<~!A5zK)Bw2P_H+2d1}#a?q)|r=%21J=LS+*>vrI;E=|{N+}i;gMwB- z$5heeUV9O#_FpOCld>llCxKQ1N<9jKc`&N{A~Dxov`P{jR`PViwqLm0@vEK2l&%Vw z%6}siHj|Kw8s$_vstnYhK}c4M%xe`aDc|6)$IN1>iJ<=I5jwtPsYGWu4n~Bdw=AZT zaT*W*8UHgbzeQ9ajD8`}7zHEDB?=YGU@B6_>KLn=qF{bgZc~RN+j*k^pT4EaOu`9^D;k#a13dcW9 zkRi|p6trkfA~q4|XO0Ir#t26&9ts)~gpnW;v4Q&(x;2J^lw+CoSwzCZ_%77jK?!Gn zkw5~#uNX&T#tEXa-X|%G75+!;rh<%6NCyML1sZVnMW&^Jl89hI&^0ADfR>YAj^F+K z^3AV5x5lADqGn!rAof~L<($n!;Z5GM%}s@2JK{9#yy3WbuP z02o=yNd-R3!}(wfg)Hy@GEe|S>Wc&Gy4$+lCGqYKKvR@3t@Js@{3>KO@pQ4b(&|yV zh-J1`FkkSm-Z#MAH`_DJUv3ksi(o{?ID@Twn0=Cy$m~7*%C%nJ$m)`elL$*1=eLwP z>{s3{aF^Afmt9y*u_(yb z4+^_)(cQehSA5YK=YJm*es_v5_S(e~1x=`1_}vM!`TNtyi&B)ct?R>5P!u~oEOuIi zqPt&wQHU8i3X9{M2DhcmZ1O56_TLO_YV}LbZiHun$teC8=IMR)6gKzz=&$SekN`bDR{NWWT>ERRaDCiOQ? zsM(o&=n~6dw0qsDUC}t~q5ou;wK0)cX?wjILaO&3`uGvGPLwbOs6uyl%|ume3T%o% zKe}8Qsdq{|0E3O_0i(o8GN(-($4r7?W~$Vc;Mo$R-4SC~^&U!?kWH}5M^QunN|PbS zAt@Jch9n}AG!qulKxuODQlvpZNJzp4x+DX}NfTZNoIt-dk&r<3ZTW?U!^e$!7Ql~s z{LwFl0fa07@HgStG$6-8z|vU0TdY$-f|OG^IZ^87t;~AoX?!f+vG|NJSuktCr{4tO z5anq@*EmsZM4kcyd*~gxCfs~dx~$T(xEr0KG#!BY_@aRx$FS;rGQP9oV$-0{!rlD% z5z60XrT{v|Lp@eI52$Vq49qIJ;ABXJ=H*UrIrLTYGrBwy1VPm zC@Ar;1j8vDQtI)~sG7K9ehW%}!fJVasGEZI2CBob)gNYdv7TM^#*9t<*-X^GAOBg$ zsbphS;58vT3#W3#IQ=)Q zht}0I(V{Hl6y^l$j74NwjPoufL|dfHyF4C64WVno zFBJ}+42gWwKu@6ACx7OeLm!@K&hX^VT$AuVw2KIeP$Hm^X;wWSo}_~0Y69ca0L>WJ zdKmwS#vzS|pB3>eB4=cv3R_&wfU<^AnJgB7Nu-y5kwC%>>jv`Fy}2!@h;WD2LWf^` z_bURbiF5b5b4et&K%cVk+)$=wH(wrZyI&=oUekySNtn5ijF^z`h`eF^D*y8J=}G>@ z>FXESi)=Tl>CGu3J@n*lD&(2Bg*~aMz3vT-)7xA*D03W7;Cq@R5gC(M;wWPyIy^YoQ+nS(=(Vw-<~YIOuW>X{1Ix}_Gn8Dz5x8lriJk}& za3Y`77TI-+lojh4q4BW9Ys_R#r7g2THE|TN8})CAq|8R{s6r8JL;}gUvGvn<$ceC= zQoSL?7n<}Tvxa{ATGxTUU+O=-U92qs&(!~}aYREbiIpRp0bfe-GtV6TuXAuz)c-n1 z2V4E`UY~3hu9x<*O`NjO*rZo&Aag!lw}G=%p=qT? z%;vk^P~MMl%m9jt7Bo|Ao!|st(uhh*MCwE&+K0(XDhlW2<@6aB)2eazwi?Zb9A&;L6I-FA1&|L@~@gif)PgvSC&hV-nXn-Pi8WlAF;{saeC zct}L6_6WUK#I8g|#-%`FM4|{O1s{!-kPC-@oJ3gCYl0FiN8WoJhqXs2CPRIk_*AE! zA|bk=a)kcZP75ii4zU<&Dv(e@IErXYTD8`T^NVxIIH^5CCu}@sG5Y=F9EFsNT5Cw< zF8r&(ueC1!&3EBn`(iZQRsYzZ;yT{V8oI=R+VQ~Cvi3tu+$6OhT9^2$_CrgKliCme zQ+tGd$DFcMpw};6idxH@HP>1+BzRYsF~%WU~8wD%QV$_`H!mX0QM5{!wSYu>SWCkM_3f|302a=wzgJ+K3Hn$5Di0 z2ARp!hNe_9?GusnTdDApF?-_;jUseO5Dr5ULUKLDE!4Vd)oPC(p%15;lOQ8npmzID z)I{BOx7}^p(EwjFj@SVGl?sVc zp~W2n;!sFA=&FD>Uvg67Rm;tv*(=b1an$Em?Fl7o6JF7cb{8|<2z0e4z?4e3-`CT=V(^s%R3H2i!l=|sJan8HNN$;))qH4j1?mzV4wFAfT1i>*K2~l2uM2w?MF-9k6!gxYTB%m!}08co%23+Rr z3mACTg5h!29n3Nae`o>632`N~@F$s_z3eyvu~dTlplZO4P=hB&WCALi!w`-C51c^* z3q~;^A@Jc5z9t|-7KXj+kGkBo!J8o0gyRT#M!}~d4Mu9K02e%00iaR)OKawufXqOFCuuy1B5Wcd0Uc0cD zGiILz^m=kt)g&{^QWFw@y};5=uAW=fmlO0~=_TPYkwjDytKMQNY1VuK(k)T0`B)&} z6)0D!KETQuQazzvH<1A+(o9Z2Tfcp~@4%*RIGhKVKH2JLtMy?~{c_~K`2pwCgiMNv*=^^SuVLoA-pJ9Qg~tR5q=(P$fY*o?A&%+1F~a%D#U-%9=w<-fnpx zLD3@V4&Vx5~eX?Jk)PSBuc#a5rvf- zJV97BsLy3gMhOU+!b(O~0t#31kSB@yVyFXnmIB4efN&B!IoQ@wM5`@UI7Z|akCO;Q zPK?eY99$Vto%MqXuc|;8T-TJ4WogZqXRGZX38&Ypy79}SM4)Sm)t<;%mKjX* z5zalA1nAgo*#^fTYbPlO3!Gyz4kikGVT`Xpqe_?%)UZl?+8xNCH7N-rEd};h22qYJK4DOXcVEcyh5l4x7TjB`>WH9$M#kros3p8+s@|6CWG;- zqnsOZIg4rvW~p@uCl^t=AniPFKW|Utn;6dP(aGy`bROVXXgiAyNwJ%&;$C@P`k(Al zPYAf;k-Qns4$?TqE-0viv^PtvfGywJ#lbQF&i8h^(STVPj35|AsGsvI>sw5&1xX9e zRo*ILMl1Tid3&hdA5~#(I;c8A(1x1wQDNWPJON6|S}v%QaM-uQo{e1XdqE4(pmvjl z)mUpf`0~V>7gjWlXgHsD+HDQk^P}g7Gg`o7V)IW;9f(%kZesm!ye&65Ok28$bcPaVn%<>X*b7pNX^_NE&lfsqp*7--(rELnPRkej?=cxwe83d@P#mRbtOo0l>Lqq+SCUms)WIT`wBGzcf{1R7Op9csdo{P>a#~d z=50nv=0+MK#JZx9aQmILN05I7y1Swy%a zw%O%C{HQ3C?G<*ARv7GONH~`qOET2ERsW1w1A)?r^)XToV?c+OL?KehG`Lb5rQIFj zNayr-5KE-QV0o9!b~=?^{fEdA{-?y5Nk8#4BLA=i_>M-u2_k+W(OAzs0O{07caYaY z$4YYJL_pGu8-gOnuJlQ96oK(n%U|)tL;xUj(%>ykk1{xxCh175&(an2ELQ6m4~Ln) z>P{uNjyC93WPJePs1gmJz=@m&SGj3BmDq}NPIn(u&K2JDhUkLlmMf#byo&G2>$#>2xL$9gtuWXxUsh4P}He z?Y#%kVltqa2?{3(XIP8B`Y11ooXd+5x$@A3EGF6>5z%XB$1#$z(x1_gNMv&Ggj!z5 zs6SE=8shGobG-~W#Nue8DhhWVZw^|uC-H&^oipb@)KLuzPbQGr6s2R)khRyPnX6F@i6IwU8_o%m{?95_Z^ zFhlUL=xwf5D4a_B{X#5f-&oLC*mw4t{E3I9&i==`AMObm5_n4L4ODm0H70|6yMCud zUQUt-2mWa%*hmwR{3gh8k{t7~lA3)Nno`N*EQ0sPk9Yl?jjT%T)GX9DYOzY~N9%PV zBLa?>tpasUf`E@ax?2J(9=bXEUZ>5Nq{kh5TU)zIY~GXB$is!ayC0y z?&gU2(z7*QPBc4ts`yY}CXtdJGv0&k-fuh(fcgP)^xwyC-?&juB~Z_Zl6Qo_X=eG? z*3z31Q`#sIS#l-AlYXbg9Jh?D z4~7Q~crk-b2h2SEcPu2QjLW_?DeSC3454o>%MSh3v{-x^^x8H?O6y4QkhE6u|E%)= z{q^1Zv)4cU_Wt#|&A0&1i~s6&+a>@1qrTI;mXE5@(%yDWV`!zSGWE+vVO`UqBAd{nKU(sAPL!zNP@(78U1(9#%` zeHn|C6LflpAOjJYRW*+w1A2@4Q&P6|Roy?7raHz~CS95p@E~Yj?S&b8Y#>3jVCB?q zC7<}Yi1+sf-B7(Apl@ZW2(SZa!I6ic{Ko(fAaQ3h45Y$yZf z-YRI|z!tDLr3{V1O<0Kxy2$C7wxJ~0NMI3o`k<#;!c)KcJ6|{&;`@6l_`f6nP4zLG z{~vU^hn-^l$KKwS|KH2=2vsuATJ5z~)I?>PPP9-`%&Eyb8*pqMMV7k`Jl8Iz!qWi} zQZ Bjf0fR6jx0eyj+vrVKz&kDyE^oAgcxK{=GWIlj2dNx*nW?I^j1#3;nf)vsv==hxAm`1{+7R`3BMrmrbcSx&NyLiVW>ABMeF3}AJ zEBl!6XaeT9>M$5%_G-X6CMUWen6|mLo~Y`a3?lH&G(PdvUj+TaQ2I9KtX>Tbdvd51 z@G8euDzwFi#UvYT>jFfrQ%*p~5L7DRtLf86r`2iyU6aI5L}I1+h+0$YtKC+o`*-y8 zwKb2y%l}ZX_Z#Sg5@{}pk`V^rIQs&0JIgrV2*fYoaKem`KbU=gXoo~?u)P+6)n;i59ZW*=LIYAEv)<`!Djv0JVkU8ZFd zmzl^eua0&NQc%`v7m9E{xNjM`+UmdqAZkqgbD;|D?q~@{=c39la5GDWD{4VDhmc1a z^Lw?&$hY314`(mmygWXCdGYS}?aMzaF;$%wxMrK|7MpA~;kb77mOTvRc;25+ALV}U zXxdR@_wZ@Jn2S;ueOf|zouz-Rk%N_Y>`qsX)5meBQ@jBmB z4s{OfxtMb$=OGTVVc64$TnH*y-?Z&Z4J~K<2XV(4QO7t=!L=|uh3MtbZw-V7nF05= z3?f>UiA!eJ(z@ru6^%*GhHx&?BMX$JYZSA4vKhSlz)o!(S5RF4HDGL`C$H8$0$B4#i#bOC3FPEJ7)*}ctR6jM%BMd5x zXleLgaW+QJTDJ<+=dIgX%|^OEx2GPX>;?wQG1O}})_%6Vor3{KA47_lx03J}NA6H5 z)u&2RitAI$f?G~Rq&2wvCpqR24rB@))(XF`$fS6jlXX@d*2xAQJ(<2KbU8@%(SnI+ z(9V(91XT#?$U04Cd=cDkpnUNlM>8(52z34w9qB20rl#nHc5zX3<=P&kv7T4srvOLl z#yLlu4r%NN?OE%#b(=f%ZopZmS#Xk7>H-i)>!kzmU8ek_Kzn{CM`YYWuP7I?;kT`w z2EfE>0b&C+KsC00zb{6$&8&aaY}yWvS_iGR-TO#xsLwuY#~+}1v+cg6F&*OwDMfue z*6!>cMtzgAx2c(ZRUy2ubf?yB-y@7eO&CWWVPNOg7Neo{s5aEuKp9FD5op~KPKtzP z!vFXYG_+RRC%*&T%i)w>JpU}?T*3yZEQdBsx(bb6*KO{=95tH*#siW+Ugo6f`DFMZ zr>_U@%wO&N;Ps$bG3U%ib_7AnE%(%x2hBcxumd<9_7C&(@&Jv&;M@Z~)DkZ3;cNX~ zpAGjE*M6fAVBL2UPfO1u7RMn zm$wNg0y3TTKKxni(IgF1gL)d%Xy>kHf-)42#^V&U08Ne-bsAUT`WiwTGqCqC!YR-g|jklcj++hqZP_4JcYi1ykgM4KWHfJgQ&*eEVQHh2_d z?KS0yXf35_QjKQ`)^=LxJp-LXA9EPM)ZT0^;V||%FeZ`E2IPod*L2sBI+* z8evChT}!=dud>#jWSX>dc>=I|wc00iia8!D;zOU%3!)91ip{BCS_Al0`-Gb6LFT{B z{4Xd_aK8Se`17^CA_~Nff-{EMW^-W+o_{)=RK<7<@*#v9*mMllIdssce!YCYQSUp* z3Leg%kaHlO>L&XM_3P8TpzD1-=-FYDpU{csy;he3CyQLrb2-1z)S&p2Gtuw@6t%U~ z#>jp$k(sl=axvNOnT;pY@u{ECu?yFp4k`q4+s{|eME+|YfN~NhdjW*%?T-=BPLf$V zp%3L6n@axVMR{23`&?i>**4`7U78$0}#jPssZ9m%sY{{L}ga zNB%{oBmvi(PdcoNY4^D4vjKQ4$0Wc84BmHsEYl|wmQ(~|akuwR=(Wz@Q~GG5uDxtw zUJe(%nsYf`^bRPrtj1H)$fe^cSJ1wEaPAON5wL3lDS&cCg})yBgfZo`I~pA(-x1&= z=TB<9ZY$hMy(P{#NSA84a5@|kjxhR*U4pBLs)$nU8{)TYg8*}0uiAE!_Y{pYzuEl7 zg#}mEHT_o?KmvG8dly~+89z+^5u3YfF(z7J2+Uk4a_gP&dNc(@2u5(A@nkB6IrQ|vBOY$mA~C7j*PyizeF*UgHp$R<(UEjG5(LiUWc_zCr$ zD@NaBJS*R6d1Kwz&B%-f5oBRW&KcLFQJdJf?hVR$Rhj+#&E1GRILqbcA1Rd5xmAb5 zxbT!hM!(`(^wSBh351KES)y;i@tXZ=_t(Yyd?|x)^)87F!bLlCX%g2M;hr!7U9Quo z_DUKkJ7xYGg*nl}ZW&)YsE|srG=?cj6hAA)7852;0qV0-?t(CU77AXl@6A&3%ucnU z{kC|JskaQFG)^rm7mPAW_jjkC6|%OlmSWw6(Js7TKrm?FU_{Ba_Q-62uZeE~Hr+UH z5huszOzfV`JPr{?38vi1FqQ-pCF_ByAx6I(=fxVx0uX7-3Ioy1JFAR|97ZZ~ZWQeM(RpB^`h)SS<}rA(=<)qm z%x+@zT8LD8FF!(OX>1b>*qkdr`$qd~s*XVW5oU25ZKx$dQ z)PT?l6FOv~LMk*+Z9^VVPHw=W0%seZ?BJTt0!xa6Q1oTadd39DHle5opLRSZ=!RTE zNS~uIo9p+p&TV>U;k7>mXuj*c!rYfdrXZuA3wt(wLZoRCd#pY}eqYY02*q4#Nuz zjCN7nsnw1nI3|?znnaU^3yHBy7ET};yAru{Ul~KOr&BE)!sQq&{zD_mt=b>GC1}o> z!GFw)^E^3wAv8{nWzRbvvMy`;=% zaNVZ0j8C#|ts&8pU#0}u@XsD{r!SYOVqS1OYq_xtzO!?Dpsx;bxnHZjCL{xlsQ(U$ zM1xfEh0H*y&E)_ymXeH(!>GYsA;YYn`PHm3JQ$EbYCn@}dqoQy=oZa-`j9Y5Vo70< z+#Zt;Yf$WV38AVwqSLro;wyq6ghK&s zum~sKs9=H{P%exsOh&PkgQ8B=P=T9Ha>nXT%gP9v@DM`Cv-_)`*3|+hNi;#t0m^Qm zzcHSOsUTdfUlPk@Tx53*-8I{-y=S{7dstP$X28SUN|%m{ytBvzkE5>uXx}a7YXRB! zIQr^f*8Wak3D`w%tFHv?od1=B8BYJYE%XPb(z;RGAS<&4*lb#6=K--DB9bv0kQ*dO zz~WHU_FCw}YwN)G$X%+Z7}<{RJ#v}K+?IWE_CiM#cr0+%?yaHH=e1{MNAU${<8Yo! z9gL3cmXGY7U#tBwEd{f6duX@z+JA2tiJ4d5E0HjpZN<8nq3w~`=xr;i1jlo}NG>=;B31S72yAkR4v$Thbz zby*UJO*kv{r^k5LkX)bEM?_y>*KiWLdLczi@tyZ0-%k!Pe_hd>w&qghzJGIG%qVDC z6fC%i;m|nHWw5jqfBHR7+;3+RcYZeWvRuQhWy(PyR?|0TA+dQ4^?{g`YSoOJsI5F} zwc?&$0`N7F? zMvtavwN|xp$5w{r}wPT&xAsvnN4$mWm8Bl*pz0qo}wyhwb#BEh|la4 zIe++zNbtkiRm5sdtCiYJWyu|#Rmx*mk|4n%IO0Lzy07hWhG|MiHb63x2uVV-L%gA5 zD(yIaA_2C_rCXKmu$8B=ab>0PFjB+P&RW{d*wfIQf1=~F7Qsp{gdV`c;hkQa0xgt* zpvFPP6~vgO@`li%cWZ^0|7e7-%{dql9*Y|}2Akz)^V5ZxC>;ptSGB!uUJDP3c*|L@ zO=yH(wG~OR3qG)>DNb~bEQ|t{O!T7qu%HyUR=A_yT41FZExZBo{v@>NRu$3e+24Vs zWdc5Fj6RHXKr9Zfc1(zWUX8XHNr}Fl$3)31UD>M1TKWBe!_ej6%O&B;$FVIJcDZ{Q zu}gav31+3x&8F|~1`N1~nUSnaH$ff8-v5rjaP*QTRg^KH(I9k!DRfx_%sX*=X*7h3pv zLqS=O>;zB{NIq3%QI{U(JRSSsR&= z5Ek*xKEE8@!0dIMRZ zv#_1{15!fXV%WBTfLTMesM9zOsM;{#is|>DnhBQK#w{8(d!#rj%edm`tIF2Z(icV_Sq zx|Jjr^jfz>W2u8otVugFc@r#XE?h^$g97hPb(d5#3cdJBMPv9H(+G?`)&q~+SW^&< zgD4FxUF*gsrBmpn>J%EB;_P%81ADVnckxB5ex?#hewA8JJ!rYhofesAU0XVxo%Yt>7iT&P{kz<^Qf_G`rb3)4trBm5F&3(vk>-NMB z0AIyrJd2D6VmM)({CaKeo(Slc}-ub`R~*Y3IleK&>TG!R=sW1ph36T6~IuHs(BrtEDA ze!lH|W^rql1s^ZtTx+g_u+BR2h6corFnv#tu)F`<~ z_#w~7|5nHkl|rvGa*q5%?f^$oA~#0AcX7A};{7BcJyfsjvon|%?W!2U8%}WeYaC5_2n4_y0)Zo-a-vZv zB;$BUdZ_a=ts!qc=qWuTL4@g8JE!;13vi~dxoRg77Q*1#fmTCiW$1Z%MI)kDybh9E zilk0d?>V~C;jS8ZoFs*gk@wU8REfikO0#nF&>mhkmnhvfT>zKsd0vQ%le`-DIgn2e z#c34PP_|xsW{PzfivCra($%KQepqH935jJY78=zIBD68%il1sR6pl&RO-#5L(ZsUw z)8F+CLnG}qXWe74V}W+BE%A5+G@XU=Q**{>_d&;EHAgqetH)TH!#ERPnDOz78_|G| z8-K}&r6F>wUI|__!rZwSWqemP-dn zTkTe-*J*e6pBq7;QVsaw2OW+5!w;DgoK6aAHbQ+in*m|0lW@3fUj9Vm@L0oTuNv3U zY6_M%K+?957=JCB4&3DV(=JT4nojlP-TstwMCA4YYDg5`H}`d^|McCB%rws89dk0r zu78t-y(_=`&D;Xk&+W$5>1vuW^4ic>Zw6y;T4pjm%hbG4^w6iKVQyJb)f}|eG9|B` zfobo$gQH}GJ0A0QbdwJSRs|lRR;y+HD$iOE6(|NuR+Y=mX0BzxO2t_8cMYJMnb~aJ z!=Po;rB{ZndJ_QH{?Z9Ezp^`m7WFIm4uczeTUNa4zc~RN+j@^titBf`zh|M1jY5SiPM(@w=?BCdN z&rTx;_3?~o_vP_d6##GVAvDhP#t6DwnTZ#Cne`P$X3GG_B;&N0

    i9OJdJmuxaCi)whG)otAGE%%zLXRPf9S*IVk~a=Ph$M~U6HuI>|;magh_Rj!zcQQG(VJR{bbj=}= z#C&M&$>7XVnOd=>FuS27#k)JGiH-{?s@+;^21@QC;gqD+Wj}{T!O=ncIq3UEboPeq z$`3C=bVXL^LPE1S$IT1cI8igZs$H+>?2a3E6*??j|1KGS7jTf8g>4Y0)uwFR0Py@Y zsf%ax$frg{yM_QhN6uH(_)>A;e(NE*ZUVcQ8U=2O@91SM+@X|Zsn?iOmWpXvMfJ5- zSrB_gZgDwDh@OE3x0w}^s%V~MewK;JD4OP+*kv(uSKqrg`d&<(@X!%e;kMv~Sd|N# zH0KH)Ub5SRrfen(Fra#8t2dd;b9ZsHzH)`6LjLDj&NI=9Sa7v&A9LjYy}j;1LHuwK}e|;&xH!YCt2>+ud!o)c>YzEq>$e zmXDroZa(K9Z`FyZP_V&6#xQF+H z=lkUFd51j1&pMrM8xQdQ;a-Paw%hxi&i-@KJ?PekB!&xg!XB!3+ucsH-D!3X-nXCk zI-Op-)7tAkKiYfVY(ML@+x4$pB)ivVp8Pk#<7nMJ=E#2shewAc`S0jxEC1ccQ!W2x z5|dlk;Dk`c7z&0=ec+|-imoA>J)(w?#6!_TAO5T%8)%YwFVL|P26ZAcQwB#A3+Ua+ zrZxf9QqcLeJorl4tTqB+mGry>s8!W{n5QJv*%atinX#50z?4P`!qp#3CO8-(-J9DgnisI6FrG?&V2gP^)JWvhVeS1yBG%7C^Buq)NI#R0FZ?twl% zweg05FDlI|4WZbGH;}4~T$>mIzariBxXQE^Jm4#fYnPSNK>AsjMpahRWr3bgvY(q`S0UI+di@OKx)QZk6YJ-o)s;zgI;C!u zP}i6LEA+pr1-GkjZeL9soTLA>4~`1{Ki&4xQD>|F-N%!K1A~8FfF+LD&}8EW`!o$h zqNrZ-l+?W<)@g#WU6Vvak*#@KUCwjso0jgsx}wePG{s_7aJA$&R=RXDpmF_buyJ9KUlR(M zW3fQaD4ZqU$(*iUu;7Yt1zhbBTGWfqE^ZydPY4b#$c9&hh8VaUYZUHBfs7CzKO%dZi{)tW{_YMkR!vx{!@=Rs zNXSE?a{{Y9qfvW=p3)X+SwQ^^cshf%&dIF@3JF$XohR8#m1`>L8y;PvURk)v#kI4e zdM(80c%KZkVzX_yw%v;I8guFEYWd^@J>(0nN=~TN%q;XuUl8&JmgT^6 z8?Rm86mCcnGW+6&&1wj$_t5jb!{^ZA>j6q*LF_#*P}_@_Q9b;2_Qu5pYsxUA&`0&X z-CfJ>njb&9iMYGdK?$voAJs0O2po{RyOy{PS~fm8VgZhNA3y4H3b4C70O~xuAlcl4 zsMvu|ql#Z@+Hf(@ES19EKxTcn^kq#M;9PqeLIlzc6$C{@EgdRt5E&HvjYmdV0sNS> zYx>F{pOY$F4gNp&{{6dc8~Go`zd!S@z)I~p&L^ZSUt4`Q{j4`hTR)p7KDN92-jmbE zhDbqe+0Lq8(*R>1#0{c`&(Ry=in$LV1pWiKU;am=rimXHnw+N<3*kE2jdQ z$tV%q|D4zMA|W0RL`GNZwhS9_ef=6y;%14TF1S-ZZ^;kgE4jY+nKbTC7RCBsLR^k0 zS#YCmDj~`8I3G8!uOU1kNBQ7r#G+5i(3HE@O`5@g^Zx_GNv%vb6QCU&o&;67Z z{65idA9<#?u|j9$5UCI?M2HLu`AtlUc1Z~>R5v6phy7a0-h4-XqqcDqz$WL zh`bHRm*VLNJ;1ff7Wszx?*hkkgx>W^g?rGT8^sGY8uVg$%Yi>maI&z+8C{IwvL#v` zI!8liXj#B!T27aAmOw;Ee#(?i7;#AGf{~OtgnEe|F<%{gbzmXXY1Txxnt6lykYQW$ zkbuA|^;_unr%v{!Vdi3`ORG*C{MP&Fb6-(R`h=YP>(zzy5&e=yDP)z3 z2>$NQy&}3$B<~jaTKM7?jh>??GK?2+ z8;w;_f7HNoiyESa!TXZhu*C{oY!|~|v-a{=-2<{yQC>92@y>7peY4MEpdlIVxpvc-SfVt1GMlse9ty$tsGC3=PAT znO9Lz7fY@)i&xQPSdp3|wRDa+=n;i}=rQJT3|ln|xTQ0WeIC9OD1*J9idTB} z-IK~K$l?btq)-x0Zyp+Jg_8@08;4$lN=goV{jbaPdaQaIg;6Ng z7e8LTW}WK|gc_}<_2^x1O48m>iUqN=s>EK~F zCMi~N1tafTY*HS}@b}*@86hxE{0BcEQ~l9l7SZ$#M}t*bP4?~L@C1yGIaRjxT8Gl$)yRVY*l&mVjsMNp*iCO#AHku?eFnW9_=S zr^bZ?u*u4-C!G}iv!q>8?9A$1*H__l(a@S8|Hb}?T)$@^A1}p$%b!UNp9+R@JN^? zXaOwn5QmqLBH(Uz`My0Ys{JEY=4Lr-bH3nl2kj9uW>s2>dv#ub&c-K!Xon9NwyUG` zVkF8C*(hOuVlE4XOU_~*5WY6qQgcwbHUnGjap3^^(sYA~w^YFo5;~2vrq5KXS>T7NkerfnN1 zvvt0*FN>|aqbM>IQW)BoexOxfD`QvhVfcY_bIiz$E;|mHVkx-k`Lt)5xD*I>S{~+} zGfebuJE+pXOZ*+rXX|}FbO*Pmm)_1j|83*_59wvaL4RS-?h*2lUf2{!%Q*vR|J53& zQDJonp=eKo9JAa~L|OoF<14D}A!-Fvi)-AxB9i%bjWlBaY$UJnho8!EWNWiTeq*Fv za)qjdM3+Lg>_g7E`b2j>{(PhGQUWMl^7{K7_T|yGIFZKV1gkt%zr?rzc*4Lc{LhZ_ z2P(~>=@2}Z2E-AT(s^bd!9X4rnJU#%L}N))dEo-@lr4S;?dxTd2FHz`WZRW7-;j`y z_N5vNQ5jtoU|>F*%9kb3K2qfrdi&>n=e3l2aGhf=;BuFbk;vPhA1@|Ud2IjeKZuE$ z%sOL-SwQymJ94mZHF^gjiemk^#jrlfMxt{#-F znlBcKj&BE1NoHl2hAzz)%jS9!twK5<{tT3rrLQ`$LI0QT=K|>~i=B_U|J-x+ay<`9 zw%9GluokSEE7_j_wfRGR7^wqwDaWOR3bS2~SHP(&HZG^wmiaetEyii8yr{w@#b24& zrxXH`eSQ@rQs<20iTu$2LTxN2J!!nlziX@q6@?THLmJ-uwLiulRe|t6T(R82p;!`m zx0IG5=?OnD5H4uz5w;ujC|z5VghVX;nnVB z-p^DwHUw^Wn=3=Gk#C6cO~Gk!R(C>Lcuj7e>1dBUi9{~{fG%vipnspq&pR$h<1wu{N)IH;njt!FHitaQbrR~q$pTUf&_rE0a9 zcS{MI5O+F557JK7wDTWk!POmmCx1?A$5PISNTlTQYggKW8esSC(?2 zBq{~FCP?{`JA-&Gl7UdK4{BHiFqt3#T`?_W*Is>GDbqG8>AQy9~Z|pLfDfH5&2;W0pj9%&Isu5m7`xiMT!yB9 zm*rMsz&ad&8pa<3L6$}n$gHz#4&n*f*+N6-rHV_PLG_DOW&4+>;Bx#wzv7X`u3XH2 ze^pUj*XNexG8Ztwx~x4}!qie|)WfVW0c$YnxYxcg2v^u&g$!GLVFyotsIb4oWjbsa zkMg&sbGsedac;p-8L)E(lSOzjwD8F9HOQ7%>Kf<>7Rc3=Bpjp|R=eV4Rd6j+Zz|?- zI_H~&*c&+}pvSCuF%a1@%DWv@dpAWlI`!2Dg6TZ-=vySQY`+5-u`y$pAQcrACGciu z0nRf^E3eLYw*u=F`i@EG58@b8G;E$Ruoi!uhe;jF*rTm!1?|K zi??j&8Mj5*54%C$9v2#eHFXc^CDqR0Um|)*v-gKz&_12eW9py`g?hk68HCkOy%P#H z#QT1`-BtN|NS;E!49D(AMuowW!+AAe=*h@QdjFMX(Rsz=y)A}sT0B-Bs(X{g88g}u zylXt-%C~_qxU!nZjpT+K4WIsXE;SX(0JT^k8P1TikdK4@qq<*?%DIfy)vK_ixNVI+iAV2gc^yG`trX681RQ zAhfH00FjbvU5dnDD1lQl3;gkv`uJ1WVfp%n2+iaL-+Vp37I>$?C9|$Eg zp@MfhIQHrk(FoR6V!%FHJj9I?^e%F>mQ_4$hdk%Vu*FOv94}H>3HhC(rTee98=}sg zuh0Gn4=V^>xP0X%<$N2e|HDco&~iX1LL34?&fGf|h!2yUE_8C7;`8<>QGGqN`h%J` zI)26e!X_ER8Y}$tdEfJ#trBLCBIkQzwIE)xQFuTrSvsjRX}JT6yCu$hnsd(BhO$>j z{K>aeNW#e9Cl9DyQP}!d0^JZ~!ZG768996~wnPnaINVY12!Zfg!70#m2Zn4f#}1n| z7QAU$DYI}2xW|ar zj^Y7t+zs;deeb`-52;tF!eZsTkBUf6*4}@R5Osy+gJoq9eSNv4Cb#wmL)VqA0^^(? zt)g>mPfC^9`JHZu$sw%Ma@q8h7r`z45y$5iWYq~sX97j|nSSe-yJBKtnjCc#b}^1V zEbGuw<#Cy3lY<_QH!@@@!8df>*F?pKZ>%rkx6)E0p2Fd}`c2#lNo#$-FivfVncmB5 zv;iek;{xK3U)O&iF!S*N;%chGHVf+c&XkweI&1MpQECLygj_cABg zhNFm6RNkrijJYy5$8cFguwtns%tWUt+_N zC&eS_8wa+pVF0lx{IyM`uAy)AM)*Z02v<0IGYV4FaHG^I`A#ZS#?p8*SB70x@QMc` z86#1${WrJjEn$(OU`umy?m_wN?Uw4B%>#8y9$ZwY+6H@Q7*|KYU(5R|l zaKvuS-Uj$Bl_LA{d}X5fNJcijz9>^{obpU@lT*&dF~gBfHd3OAY!uknJ$O|av8|2^ z(Uou!!zis2DU)(90d*X&@1vfw7VGzXZUfb|PVJ6ndupw-k>1m$~gbY-~oe&zi;xnD0wgfcjwgBs02>L3*+ zxHqr><=F)ev%*J{fenoV;qv26;pEZ<^eoRmFt~jlV(+$OL^L0N8<(hjFb_K3Le_s1 zcXqY)Sbe_vLS0I~bo+Zo5rbzi75cYySThD|wg?V6e`S1l7cV4IHtq6ERJUm#bU0~p{p*|*(Rbjb3m?sM3{uqt2!CE4hir;* zJZvHYt6Lxh*JR8$S_q&V z|9>e4Z43BXDO_#NgsIwH8RG%ZH=bX1y8ckV`^y%F`RVNccq$P1BL#Zx%AniK!IiN9 znr9?f2Wkj@UO|BmSDUQ=cHeUmOZ`i*F)CvFKKL&y3z855RhiU(6IW*muz||-09x1r zVNS;U^)CJUiT`T!|JD=#auCQY(E~6&?9z4;hk5l+azRa9Kqd)U$|it;2D!JN!8tn3 zy>4*P4w=9ob<;E?irSYIG%_j5SX9U?A&Eo6p+5=H<0Pm~FU-tF`dw-OS`gA}kHx{% z>;+Rjhw8T`M?24dGe7C(b~!z~YvQJKIYpwnagiL^bmE}njLyIke{uQ{5uW|^>=&k` zS{C0xI1srTiz|422+FpE&7Gz;|6KMd&irA15y`8B590$4SZHK;jv{rG&yoz@(X*jA zx!$$mluKHUB8rUPn6GcQa59eR5702xWdK!RLYe6t2t9al;3>fe+W2o{k{rry;#xyu z1A-{Z;VAZwrQ0n06gb5v%&;Qr$m2|T*=QZ|Za663kVoYNjxi%wdJ&6si<~m~6qADO z>#n%(#o>@I~A)jmG9;pfe}TlUucq zHy3e@lrus7+=IW2nyLq5=1jz)ZHZ-iPR84v zJLZr7rHmIXUz5+@x1O0N--=VGF_?^{Y!G!$e(>$D-zM7^cvOiBAcV}xd65a@JqQv$ zPM3W3NuCFC)sg;BSO#wqDj5H73K+fW68zee%9C@EgjBNp+izClVTyBl@Kpp0t-a2*m5|m%! zg5xf24(Uc9MvGV?HP`BkDO8mar+sv0Lp-{nOu3=Qkv@b)@$5H@;^C~Av>eB{Z!B7KttUnFk)2xMIH8NhZ^54ivwTbzA1IXV?HLS$ zO`?S+53AHySm_^IQ44nT-bjc4qG^=wsyfRNerqF18qc~NR(JaC1KjwBH0!d}pp^c7 z+%xH1g`Gr<5FY+?$C8Hn0iLqWrkz@2Z*-f|7~+%sg>2rd8|JG+yQ!rir>F$4MB4^+ z`HzD%O$LWStybivdw@h9iHwE2Bi1CeCQ=+;uv0NFoGh%G;LG{%4Mw*x0+Nat?3HWE z`z-1!9=&YhsrFuWIf40<&!)$daz?p@4iO*}9rpmO%F7t$U4_Lbxn3FU$DNzKy`yF< zZc)FqH`mqZm$X-5)d-<>@HX-4Ai^NPHdN2zSO39U2uU3G;?;v1Z#ARrOnK+^NI&NC zK@$CeO=FpMN|^x@nkP+niNyP${yZV6ZY4RUmWHC`nz$9-o70a5+|`Ur%YLp|4&LuN zR&md{b0i`K2Tdl%d{fX#r$&}cc4Vs6Unw$>zZ7Dp-1uS%RR~9n>G6VneC{7gQa&XZhzh+Z_NfF-rp|7Hres?U_Qb_GC@!NVo9cCk${6u zXOVPbLWWC_IfodQ45@4xE5;I+u?0*7JRzlh+`va7HKHuHKtZU8G8TwE7`S3fo`QG)~2qW zj^5p|h|A+$3bVWuBvt;m+zWbM#GTm3)Yo>?obnfmx8?7zFnKRJFeIM4@skWPXFkE; zWE3rB{zmOT&Ifa4JJ|iEL%<~W-REG?l)Fx1iBnOD{SOgo7E<}GKFs;bHz zBOR^|gfA&@UP(p-G)i!dDpPp&MLsczhCnt(u`7OOaH4`zt5+cxWo zG={qCz$fyf_IjGNp`H56Gkg)Cph-_ztUVj5Cv9wcU(T@;ZCKghu|>%U!q_fJEV zMD7Yov<$O2i{b);$)2J%1Ky2Lj>Zw}A86;%>DMstbtpw@=cxK@g)*bw`A;;DuV!%N z7>Q{H&G8Vndx+ol-NAfAg1>Cr(GUF_Xh1jLR1WZP zwY|u8Pq41Ei=rYw4rZsDXE|;DV3P3X^_V=)QlxsSs7qCkQ{rU>x}Ds(RDWMHpUDoR zaj5yb^=kNWS#jxw(N@RxQtZ!6``t4H;|xjEQ#nUUyh3tmBH8}XuyQI9I=Vb!w69}< zQ@WX9NYn{Uj;yEl&Fc#6zJk)PZK3>j%L-=&W6=x!#PW3wfg7gww`dxNa&i8OYQ*o= z(tKe&{T&a9Eltp5$ro}?uUp3Y9g&GuaOkQg;pE~_=gg|X`OAV1ChekWJ*C;|IEuOw zy9frJIflxdX6lvrXviXNiC+m9n6QiBoZX2}Vz+#5ePp5QrPX&RKYkn+I6Z5q8h}IV z`s#215n+A-E-;ATche@K%5<;@SzwIk4idFt|K4K;dZYjq)r~8R|9o)qLK$X_FZOi9 zWc5d4g}t%qJEA3R71J99zJ+ZI1jq1X!N`5h_*<%kKN19)q&*@pk8a$l4`iy7XY;TS z%q)Gj0`s4?!Iz5&Pc(h7JmUjSXqk@XAY3DXJrzBoa)~$5;gKKYv7!&Y=3}&Cm`H&W zVffUKF?=Jkkavqx94hsUEL>2)%!4Mv$a43h$YtWo8?&-0N^9?|pQ5N^2njDm zrMbrYfvj9JxWJKHX@L{xWKwQ=XVT4ye?LKzjCiwQ;A&8&<&3NRFlMSN`&~~HCPv4^ zM@3}g_WZ)Ys*iUKm(>O?^Jsa71dKXkh9C4ZAAz*PE-dct)Y5t4f^o=hGY+u5HINzSsj{&dDEkHsiD69w-QI`I&{pKD%Ucd#oX z08qA4C}^YnkO+gDBxQ@3E-6gVGZXv0{t?|e6A8)sT<;Q*o@$=Jtok6rqgd|*V>;$F z?3s_Z1-oU(r+OdK!;+c_!K0Tp(zc_!tlSNsjMlmhm8kvWi(QFOU+i7 zQ>wEUx|$kxhKbP4SHMd7MQ&FVG!)HrHP%kVv;68;jNG)+0*?ztv{hyr&d%9G_DtgY zoAuj8_j!c;dsY6t6;vf9MM?~snA#QB)LH3Z$JWmVWyjowHuHA%(JTcW6K)^r^~05j zjGxeSn~Vgvo#=nX-AL5RGs15hFZ34e*;3F9d z+F!5lc?#W#c{4|_!7X>9UdKnl<*>|E?@QdnkFB zAr;w`IQFSGJ)t0-#+6ozt)2m8Ca=L@mGb@|+F2lSqT=e5h^I`?WsbxN-A0wIkq@Qy zk1RSiW#3FfgYHNXb;DAHtrY$jE3;kJL?w#_;w5<@B3x~ole&+@#>%F4Uo%HON<`ib zDW#tPgTx^FaKdV+qpNX%%bT0w2hbU{pZ<$633sj#;h*Wzj{={tHfHC@X>-f-c{RFB+T}zI$t&$+F7>}=Sv(OQkwnE0^qVdi)GPf@zdqaKo%_~wIj5j*@fbAs2LS!+%PNlp@ z+2^q4m)vFo%}(PTS8jD%#0PORjm4BhHeoTJwaXI3KiG5{oeerXHdAFa-|Y?yv)I@_ znkcao!rxmrspu{!+9yuc=v(KypOU4!7%Rzq0pI>c5NBLl4?n&9OvcOztUI&utF2X|;ntyq^5IUYb%>sBoO5QeepR zhAmgY=FMa_N!gq+Uy4?lh>d$i>xFkq{Z%indDHQ#5oJpK;$8RB_kgFvR`Wj#T|;iR zl~=Yc<%OfGpX)U7tknS2+Y+)Yo2GB#_Lm=ZOKO#lEgOcu--9FR)FB&eKv6^1;VT9| zV;gOJb&AT*r-IR+Fix|O7RnNL`2*&A_6$+yeiYMV4Ex%qo`GN6AC|F8&p{*RXL6HPc!Tz=NujHb+xIB)0)~js zin(bPnrD^sCu;Fmw6ALttkW10k5>{&2MihtkmyUTWZ7nyCRU!Hd%l4_Ijjkx*`7QD zJ!)K#zNvQLlv0bUZvUq`o&XFsU**FQNRQ=9mY4AEhe_5=Gi$EfB=Z8#MbqCjfQv(* zh?{;2Ad{uJmYr(e#j~CucGH`(6?L{jGfA0IX^54(`EZrwA-!1eZ3qB0$BM;v<+QNeRgA{TY8mC134L#QM+#^Rw8qmX&(qU80OtW%%iOH>If6 z7C*nfbiCbaY25h%q-2_`ZUbX}0V@x{^oUqEkWE6C^%iROo7BfHC#;o0_G%%zTrT}d zlCN)h>>Tm*pYOWxJaPdXqZfvmG_djDo3k6lxgtQI^Z_6y%X|m!f+m(AmZr~XNEv{z zNM?K%*8IB#fGn{85*s@eSuceO;1`3miTsVjHs}PZr-ccv#^6$TCG*z-2 z_*FQqxLsPPH_chE+pqA3s5~lHchQ1-N_KiQ#B|o;uq(`HjS{hb z1w@?kM?`rdX8gs0uEb^P$UG=0@p_!)%mqQ}OIEMeCQ8a1hc}F^xBeoOpi;0%tQo#k8~-|F`g_oXn%l}S0FnV_e4ReMCTlp$}kZ!!Q#@Hd?2!t1k*4*&;h zfcA6MZtctB@^Z;GARw0=2rPCyrkibD6T_Y8VZ2d9aw5zmtp3k`rDNwUa4l=Z3)Z-jX4EcG+w?9qIYKiD#&Ob3?5>+z*HfVw`|e{E#}( zgApRc=|^P6+2vrsn>86Ji%pAGiCAT^Mv~WFZ}LDL&C*%fs$;27zhNL_BTX5XRU$zl%m#Ng8 zvspPIc;oXmyWHD##_+s*5h+|H8)fVd8W#f zTGKzy6FPZm=SJ^0rPi!Hw1Q~neSJKN^fmC@-=0LGw1){xh_^iGygexcWpoW^!?}yO zRUmwnc%&_jbn`_lP5sy&68cfm#9TE#uSMiGwUk}RYVy(WR+@GbNRnCu9I^Dn<@0*?>2Cv;?qy;@VLt|Z>t-08Kx zt|A|`H!EifR5&Zu+$9g&z*YICr6+xxAkcYbdgORP%J!4FGh3tMsU@Mpy?cE`?8 zMBcCcLVoTg*&>F+R=@LgN4_?|MPdw39`u6w8$n+&+yfyBfGzn&jY6qU0 zn}Q}FE2lmt0fX^*RkBLV4dKE}ZdwLj#cUehFhU(UB5+u~LW}bc-uQCyJL|!! zdvc$~qk0k>wu}&Z+^}}@d(^r+<-wKNf7@1b^3QWVXeH;HgO+h8P>}J&QumS56UJ2quRfX+P z^v}v6*fyJ-R#;2hOncj;QlZ(j(DqoFK9bR+juJQuB=9~cy z7{yUBD|dV%M*#{TlE5!zPj2dHKErf@lLqd(*ppBJ~Qh^M;BOoT5!jgGCl(e-EkB)tpy4M}roc zi#q_9QzxQtPo_)f>*OtUzJk{p%@TYCeAW_~zUT}3AF}b48v7+2*zMttn%K1d&_~Dx zE#K>xE;d?QMbYF~;ZMw~j7EI(x-VW^Xqj+hV}>r$ijZ9TNbChn zlpZ^_5BzP4d6;4IZ2>&`QAWK61i0yW;iEms=)SbS`I5;MY~MyAr47`y_84ID^M!WN zxv!c6B94>5?K{yih=|b7en9YTR#xguSLB?|nYnM8*bbY+`~AlgjgV>31jy4)CGT^L z2JKH}a6mO0+wv{1Y12f%r3a>!1x}qnT`2f{^c3YNj`>GLlCjbBL+y@U>0g+|Ux-mG zyL_2?UHEMIZ%8#bX(-xa-V?@unHYb}gUJ8V?Y$a@rTS*-O(T$k`A_xwje)E8Iw zxOAWQ72Kjkzwc1@gzAkk zRdk0oBpKdOfPy$ik9vmD^M09icwGp^3(jV}eo*@6(b4@4zqaiNl|e)z>aM(dAiK8X)tQLO0jlidJA{iOkz zi6~2LGNDV79a-@KDMU2C1m@4tadWqlGRxGxD&ocAJ20WgcW@OZi!^H+tXdF0UsX+^ z=W;D+{Ez42y%j&`KicfS%Kbv_Z47h#O{-wp!E`aYdxSw(S9<`#l~B@*ILw6|9eztd zzA$ha^2cJd+e_3>*XYWwkmfp5@l3ee#Y`+9c&@Z zLz1pMv~F6v=%=rFn9;?se}0c>t-y2B=A5K2_=|+aVbkUk1DVEYd@LEs(-!}Z`~m#; z$lz&*u1nvj_hG^_GK3KlRi!>3Z!xYh%b#N-DPJfIQTvbK6MPztT z`1s0}ss@A9H>$I%rKPV7KIXx37SI~`O5G5qvR{HdIAb4f(;b5(F$t8Xzog2IA zy1}hEgPoqkL|zjx!3%5=`6R%NkXqn;)kEkc$#vzcgd@I-9D|V~pT<;1t4CEj?o&$- z{H@_ItNx;82as!IC;m zPCS#-ND6Pt84%&G=m&&2FG22!Pe<}!PRVyNWoZ3n|4E22Nm$;HADA&bLE|BENv41P z$l^ufiYU_kyr&_#Stu0^52JT{uTECNnU}VI2)7k9Ghjt9HK5n@ zVx4hWbjwrZTiYTb_>_2Q$*qQsb&fURslmulmTa0$FHu~(B52Uulf+#|U{;&D{% z^ySSegO;Qq!PrK5pK-5!@JQ<7X!!G9%G_goZQ0I|LRDziLoU&0BR6LAwW*g@sq22s z*;YuRsQUlHg!nQRFP~`Xtoa{)od|zjpX3kVH8>HceDdJF>H8jl;Pw|1!T|S6*AMj{rNh=`{+@TL|HntbY?bjc(;| z4I>?`lg5_S+-qFQPj>pKx6ov&lH(4M!V? zL0YyUZTd$3b|6-#O7GAcE?4@*O2~ULJ-+@vffTaR_=kn6{oH%BDKvH?_28B&osBHq zS@D|iFP5VfhPzTxo04;lt2gmOIIM~Vdj$Ats`{+X95OS$^t!Z(pR^fC-5fh(CO*Mz>U5&Ao zRL0{wN|fAzt7Y9cIJ2_;B<~)Xu<^bG0hi&cww`xrxk=zcGAoxMzoGTYLPd?{?AQB= zgXG)VLhO0M1FZ!)EoLu@eeryphpt=PG{~xo<>oadr5U^WVfs9RN1{ykEIdgk)3MP? zPsA%DugE`~o#VXKc1-!2G3BxUUpS4Nsrou8ogbu~F=_JE!wt+6Z)Lyl0T^Oq(60709C#iErdBE(tx^pT}WBuw6S)Ox&F z8|%T8tZ7T*y+zhA2#d5e)TT_nBGa`s6mc$mCCVLM3d+ zI~dU`tc`k&;^^ovtbUZ+!JP_xaJUAVt4}5>5IdZ4nH8CS2`*GS#eIP``si*M!F-Ia zYi<2cZOv=HkmsE^O$Rm%OGcgZH%(uZWUh=37pZ)xLE&YP*;l?S* z%S+Ez%VMaSYv33S4yGf8Exk;fR5-8% zUzq%+T)z{2%FXWlBG|r8Z`A#ErXp)q%An;Au00W2?$v~y`MbSu9^yHt{mRJ_``8dS z112urLK-F1v>j$Y#PK86os;kKEn`Eq7-24(zt83I@xk3{osYw>$IKY*~unDO?4jFQnuGhW+qLSe~i5MoIEFVf1DU z+_)~5@IJ#B(~ibAGShAH9}1NloAU163L%<3R`bg${OoUV)lOcGq&KQ&$#HhUePkPDsflQa z}Z|VsUli@Q<^9m8#_-PjlcJ$-7O`QZ!`^_7t(~4B?TKqdG*|l6+B)SGOr$df%X4zqW30OTD3c3m zw($*t6)Wa4^C5dP)Pw?+n1x`T(S+Apq{7gq0GVVyw(&4(bgO7sND^dke;rL-Q3j!NW z*>}22OZpzqf62bTFE&k#yIuLh2Vg44j6#f&`lxn+hJ-np6ka8{-afo5J?VeMhy_J5 z@}Rhcr~J=|SITv7A29Mh;J|-@eiBXOy*NIh(NK4n0HWPdV$U%WlgIgSie8F~bnKoz zII#w7VDn8ehdz_QJS=&RcvVH5HxCp}%!m88f7}RZ;3?lt9;$^wZg&X1{KZ);kBi|R z*yuK$2fJwD9;(3a(=nDnd)YS>#Cv$rH9pw`YoB|)kEiZyZs*?Z`ka&`Oe}Zh_h;*? z0E@@@pzZ!xjtEwx&OCg98W63$HD9O9MS!JBUN*~NVC#1oL=gPAN9YUa_87d6S(VY! zWKYBb$%Yozhnj<9`!sL?bGi~^soClYb45{j1=whI8qx^y+sDkP!l&7UwBaWX_>y1L zy>l7}ZI`t$ZGk#4>#8*d`B&yl( z5aX}WN45UggjwOOykXTNwOCQv(sPQHmoz(~*4g|nDH*{U9UMF{Er4EnTG4G(_6M=c z;&%=rPN`iN@%hUD9&`_O&Ul>U;+;7rY}I?SS&50@Tb75@hYElxgZ;$yl_P zJuzy?C)#u5Po zl8!0QhfX+iiv`oES8<8dn(_J;hM&$+c=1Hk-lM!a2*u7B(D+l=RoVYC4UOK{!rp`# z9sHC(!tQtqIE1nSaFZ4&;lS!Z7xh$;uDr)l4b_)#0Sk4ek+uBwC;8=4L#QM7Ii5ZY zlHfxa${)rq1IIfyH_9RB;PeYCu*D5eMWMqL%_u#;Api3dhEPP{&i5{-YS$d<9i^tg z(#7U=F`?79g~$%OKeobnTz+cMv?Fe&V%C*4}|I56t^d0io(ot#BU=#!X0)hzoC ziz>8ttDRazeTq+@L2%wd>{ZpbvQ3x`*c=JLv{k7DOm-&?lkLuskiCCJH3VYfM+xlN zv80_SUyCbR3Y=ilC`TP^s`^xh<#%2;Tq z|E~zd*bA2TlmI$$!fQp9PN)AjP(v1LLj2s-10sMisDOZhY(mq6vt3uX{i*<49$BPk zz&~$C^w8&2xtdY*szbwhAoE*`eokJF*o0cX)jXGUU^#NCxUDpX5G6^%&ozZp#rO`G zySDll^Q@PspW|^l@_FA(Bw9jpy@Y%bXlsuTdfvS|5Ygb0%j#Wa+HDo!L6cJ}<9a{e zql1K?zL2hQ(DufDSS!CXR|hmBtta&a}7(RAw&|@MA8~t zSH%JB318RGO|%;7tD)(!vbm(~(@qyD(+TR@CR#!u!30(KoFipL;$ohqE}8307h}|x z+lV_SeXO+G2vTRQvL&;Kxrn4+3$T38EWb-_5x|ac=wf38BC~3NkQo{BAi_BK0Rlo5 z?Eo}Iz4;da(4hr(h@rYddIfV{3-BPoI4lEh51T_W5_M2g{qLZ}zw#LWLIM1Z!2tNw zQ=Wk$m@T_YGHWPDp&b44pR9wxKN*I<@f{tS5Ccq@b}2|%9~56;Kkxbvi~|Zhya)`8 z{0;nQQ_uVxDM4#TXGaTo)S=jf1FE5bpRe^_8Q=dZPzP=JKVgthbbmWtIrr(mP#ph( zm&j#*sCb0*HGyPcF1VioM#%lhMfVnP`giQ&-?V$4OyT|xv`YVlzm`Hx()S@4s7?4A zA>t8jKll&wUu%ND-*6SO`39za0I0(Np7*Bup_J{vUHNZ<{qMlcW@_3ka9ZhiHeR*< z?y@$3`lK(QsT0Ud+62DQAt3@DbR%0J2XvsV-4ufLev9c8XfW+IxC5a>?k`S{hED;* z{|77t6jR^(0Teq9Rlm{9r&w%sHluTpZ_Zi z11LMy{*6GX)U^DY+vHZ|488+A5r8(->(1`~zq#G+4${{mN`&T_{sQ`owt4uU-QGwJ zH2l-;bVHVi&;<q^wPx*MS1{Bs7Q{Uj-PkB{=2UDzk2+ieFJi?IQ|6eWwpy2I`}O) zB(GD~?Gitr3jMi4{qHo^Thfdl&XZJ{*QKl6Zo9wYBQpGlMx#4f~rl2BqQ_h zrulD?EZoPgG9_IFa3~?PTWx>u0WJMEBjG-cn(!aUSY+n=zvibl^~isH^uNnZ>o-xq z@Qk?$CaLIJfMQX?eC!X<fWIUD@k`P7U9~fyVs*ZNQI!)=j#! ztpDD%m18iYz)k;d#OKM>l}YFTgEry=Y%aPmF_fc##eekwv3p?UFY`Qrv@g3tEkluL zA!GkKH2!BQ?w>CIPgL$4n3yXEvS~eoB--J?=XDABuOaupQ~zS{SOO=6UA|4oVe_Y7 zh6R{-;w$EdNz{VlzklxG>LB&Lu=)lE=nQX9ifP^eqc?Rpl|=z5aR-Lfzn- z!bJs=yYLCE`x+G=a%oEYe*nTjJ-^m54j~t({J&6Kz}?mz`19!?h^EnPn&6PeI3Zzr zdwg*4!HL7Eb)Sui>g4}BbiQ&9>;r3#{oFv;Mr4ltV1$0f;f(rZ_V+3Kn>DS>L*!3+ z<|N46d!PK>^{E>b@+K+&DbG8{QQ}MzpLlZ|{yiby45x)6EW;!b(Bh(-mNbC1>^ex} z(xBw9<0sCkb6o!#*}nfjHU9U}+2QeV1^@fV;D7BTC1VVRMEowT4F6*qzbXMM#xy<; z!zfi|^#F3)R}xAbF|k`^;6GlGNxq$n5%|2wr2{t#T@t5sAiNLb$g|}w)fV6SIF4~L zkCH7`Nr}tu`P-~O={xx)G|cP7Y~a-Vq`Y35x(+62-ankG0U)5U6i zQ2X+Il-vgq_TW>RL_t6jI>;Lt^koB9{_$FTVsnx%VlqNkQ4sjy^vBr4DPgn01RX-@ zWfF~H>KHBG5#cn&qqGcg>ai4aF-Z0<&J+bNYj6KUz$hLL3wn8eg zrHmtBZMm$95S?LxyBudhAOkyJOx{H4WkM)`;sMW>FLl8}DC`$7LP>%b?A{18TxLOV z&7;RU;;iF;p?OBZxL}UM4C;{Y#v%-&;$Na%w=varU*y?J?J!_nv4J8xPW%U)5?gwH z4e|pg&Z!*`B{cmu!E*x6@HH^X!uzZz$9;@bYP0|J7{w=XjD`hUQ2Q-h`G zRf2e_1#h4o9wgWmzz?T(7%?hHLR-3^7aHV+fRUV2>Q6(2(PiRCFew416oBs1h`+h| z@E&3HQC!Y4vMeupA2LS$64Ti@!iksTfY)tyH%kIoThwO%%s2blfpgGtw^y6w%l$z} zuqE8}eji;%9?~RT)|JRBi@q`=_e$V-l!wAciyfVpQ6fA=C9`6MG~+j1Xav`^@Cp>B zz*0mV>gh>D9S8dtsREU@MO@+uCX)I;X>`XGrjiwKj%%UHY-kP}A4SuAZUu#wRW#HXamIf!5zlhC zYA^8;Y$e3O!Q>twM%r;m!wg=}O12#GOi(;siqJyj$bCfm1=p2a2Y}EMaWbnQa)o29 zWW}cx&1tk>9w|ReN%DY$5gN|fmIaml4HsY7TyYeADB_1x0dLQl8!Y}y@NfanmNT|{ zvT%b4-&?@RbfErz$=gKxT3SC=AKnwWc|ja`ToRo{G(8V|ObL~Tx!ifV=(q<3sHJ7r zc&{IiP;clQI!DfNPcU1SGn9@{ec>hDn=ha}Hl0lF38x96bW}HUeZ(ygqy}5M7yNNespR#2)$pY?;z~mIRF!`=kJr;&~l4m&bYR3_` z@;MP?KNX`t#_m1g{_TC;zh7)=8rag@qMU=Ts*DmlCxY>xK)V&%h$>NQR2&*R4dnTo z4`5%q&DV{hRXm{jNW56V^${UA&OlI_^FQZg4kzgF@T(tu_DQ~Jb;-{7^qa^dV#a|d zfmR1jeTe7LL6+56c^G-b=C4ldc4_skQalKL%H5QnDOYb(-2@9OX~4L7YU9we^XD@- zRtoVU7{g(*&1AyvTZ`?Iz$*cPp7nju$D$b^3x}z1%P)*D`ENcpu#_)~vF9bZTs_Aw zEm8rOzf<~Q=|H3TrkWFB^T^)}vF8aRZJebu5~e~GkUu11#Q@{Tvr6@j(4$q5H$N<3 zWr^#{wb&Ay{y9JI{NmC@qgQCWJBY6 zZ4g5i;^FdodGSJIS#6QWB%$Dl>Jnjwb}7H4VpPzJ0Q+;gny9JjO$8ZT=+v6a1<&}w ztv{G)8YOs2@@tN?Q)EXoh}Skp#81iF5W)ac|5w6T@^?O0q*e~|i67#? z|5XK!u}dd*{NS?vl5!@?Ns?F39+yABFwYOCFh(OLY53`jS@b@9DIA`;qzZj{hCG~N z6uoE5Xy(U-MZ_*uDZ(kDDNfQ%=+A+*06S6E4pJnAJ3t~XD@hj0^Bdu0?57D%z(S`g zvGPkU)LtM~XL5|i$bw2|RDY2S{4s0G9%pnhjy?#Ve`0k6deF_oFA25Hu!1^nTw0r6E_*z(3iom;L_|Q~Ewiyb+>l z5{1)P{LR`Hy32C4(nJT!!y0mU^&mcr%v|Fo=9K06Cs~N5ZL#cRQ`#?D>+HHd@k1g5 zB8i1eJ`gtp!$!3e(0HNFNwr2npd!TMCTM(!?jAtlNy3LaZYLVzDG|M*=t)7$7~}9) z?7Kmfd2r<$2hnukhd&cn9(mOE!!%;z1+}5#!M>mxETw&ldPx>Kbk;+d-P2fS;JgsD z?osp-o`)uWz?iTK{KO9R9-a00KL(KshL4JRd@md(boKX@2A!?Qu3 zgbxom;cUTv7}~CQIk_UC$D{y1)EFka-y+Q9kG@2w=<`$CaUA(ic|iZ|o-DqR9}8e! z>Kj6TgU={|*0`PTf6jk+{S6z!f2k5m%oiF2?(`}4vBV8x-}63dng(eZ480IeN>ceH z#~55Z^4YQEnUu>&>>dd!mJF;3?@36XA(FZdzgM%3qOQ~qBcD;Ou@C-|6>>kq4y#Ka zl90TYy^SDj@e1@YQut&_V#Hvcd!El#$OX+HsQ92M5V@!&IT!^=UzFg#@v~U)5oevZ z4Gi81SV1=RL(PlL=YG%9+CK0pC|)g*Q6ty$ zr-|>*>~S_82ZZY!VjPk{{4R&x4I=km{Gxj$Y8o+|Vj+{11#ia49BJ7VB~!)X#l5)j z%Fr)XWNCj&rHA$jOp(NeLpNXJw=q4Z$fR)plw2xrD?+rde9w|V^+c0qD}t@e&*gmm z0?h8fR2;)noGpxD{<5;s$l-t_sd(GrH+S2e;V^_piN2*;k>jX7=%bkDDh?RGD$8Gs zg9g8;@$x5v^zYep%2b6gL;XIwi@~u* zGG0I~4g9fsk;@AV{w8UF(fWpO7V+z)Bro4H;ul4D%hpl(O6y=x+2-Wab)iq?Bnmtx z)$i>U7m1K6AqhvMmu%RfQGSIMzY>oJ0w~TgeL zoYi5qi|jh5OtG%!o`xi4Yv)jXNeJH@`nQ~k7uYuc85HAnBr3Me2436ngIp&tNC{1K zN=ud5V@%2E@#=NjbvY!6Q$AK(fVh;{k{jtk4cfvZ;CG64NT zUP%4|(lLng=Xo)0jY$q8?}3~{gWFt%5{e>FBx~ls&)}x-hiDw7Gbi6)j08{`iQyTk z)tzE_+Yrwm#l-^JV?J1F85Y)ePL1Me@+c58-goLA8z=r8CyU}^Qogsv&A|`R9LGvd zccbuuBtkFhhdvX+=QwR;@Iu-uTFvF}3o@%8`XljZCbV}jCUyKP#qfI&O{x4nnhtU^ zCxnzFS1B!iu@ny%XU!7J4tO`j!6NltK^gdj-cF+AHUk4Vssz&@nu<7#kq2`UVLW|cOV(fQh8M80WZYNMM`PGhSdU_SSEwXkeB>|Imx7p zyNf2+W#zLZ06xxmDqFls^qvYH%irDQTOU{3f!IL#n=wkFD7|I9Vt?1Nbar8v1I(W@ z2J8|iUh3Huopnq;N%&!Ixz>lqXntt5!Qw*o|6N*9eqx$2F#LGb+6 z2b-L{r^LIBk|_>FKpFKTf9zpGWbuP~g6N~yFV8QxwZatZ5Ilx6jS2Pxux?4g_<;vm z;d&6ZmI4pQP8!Vv{ofTlr8T1)rr=A;XLM+AHs!Qty(PcLl}w* zGrW;n4(Wucf|dFqx}A|AW@2I*2L-7}gwxTiA=n71^F#~y!S(yHuhOq{6Moufwb`t; z)oNiS2L0jy$nmdv#(eqn%tzss;JyqpjJrN0i(K z(R9i>_B?-$K?uEj$Js9Z=_k#$1wBW-`2uE1T#cpW3s{3aN2f=p;zLHsEv131RtT(Y zH{GTIMbEW4L5R}emfrjE?E?fnDE&J2L+{oLS>u`SJ^zwEi?Zj8yU=Hz`+UBLk}3NK zH?Jvdj_V(8YBon{y+7-;*y%jo&N^omS?oWf?JY=F-SP$5xc1b0Nss-jSAHw$$-jhh z)c1&s<-@ZZ1>gsr$ETVziIR_(ijM+jCUEA$iscJj#iSDurZX}}z6>>!5LOzZi}EWc zwes*(5Sut4n5Js8ov=|-@%CIC?xpI{JdLIV#9tmQBoCZbz0^I^l}b>Rc9WyL=cD#l z$b0|2KTUkkzW<8aqFDYEdEgA4;mNS{64_>2U9k=-ng^8)e)7k?g9C0LRJIV}B~B^@ zP7cHiBHNBP0p$@$xFsl$Jp!lVy&ogCjbXpa6PPWx`)o{@RDfI@2pgzEP3pAcTj|Hp z|0N^e`T^l)b86pv1v}mvR*um13psO|U3p(Dw>;!jXSxv<>p(c>kXb08J~h9@=GntAf3m$ zE+LnGWrQR_4I8>=$ghOU$;Ki>7P9|B03-h8j>p5xQk_2Dsf2)znPA@K3auj)Wz$KA2~OM@tczSB!zaXs8Sz75$n4XiGX<;sEu-eWUolGcL-AUqx93xo zWMRl{2l@F3?*Ed|bWa4sj3W^yk}YFlQg#0NHMe92a@o-x1bKseGC}r}#T->fI+Q^R=q9m02(f?82n{!^JJw-Gy zs}6igJ9@e>CYgPWttgBBx9vqu$-nM2s4BWlf_gGpbqZv`|E>vOLYfTaCnEVNqX<<2 zJXgs-WNwgxKDUqje{*V&|B&N9vFp*blYU57Y@;Rq%gM>`tQ7xYcywm)A9j+44*HIy zXc1)z+S4LkDpNi5@#7xc1=aNrjTe%Oj4Zb6rFZv~r1BbS+c_sHAmS*ca1juvKGP%% zf*fZD*%3To#W|A@G=$g&Q3Jjd^frXWH) zs2u4Yd=X1r8w}z5Ap?KPcv`sv@#ULqE|%$DbTFpEoQ)4uhfX?OMynd6)GC6tN_U?k zM%2Xw^x$JZ^pxP4M(C@9XDEh9s9f|R+FObC`XfT52@M7uq<43BRwJgU=8t=zeGwkG z;?pGm+bZEs+NeiK>f*R3{@QbKd>fMV7SujsPM-fC67R_zgN!BvI`+dsZaM^${MWzA zEOe$aOPj{LBQHsc{eW^M3mck7jsG$|4mb_4r2@z5+eD4^dytE9@E$KHauZBv4)prl z2H(wR%Eyu<=*O$qPv|}qK1Nm*jZ;oI534NkE`=5fg58#(R1pcN#OC}?xO2*_@#7Vo z^i23owcXD0P-P2C3$}Xz1v3)MP{rHsy@@<Jt+`(%_2RNbC=dC!DY<@1=0GV;ahfq^ zEbLm?H}S{Eo}|Z}MRKOU5LAu6P$Q|Px-c)gQ}FV+;X2Wa6wUDhr4ZE?O~`vR_rokD zd91{OoAJe^G|`mdKpcg@`kyERru!bJQaXiRvb&$Q*7gdg%7eScpuX=it9yl6y?%A| zuZtHo6T21#s~&25zsVU7w9%BCn@zqSf85(IZ0;{|l1EKPmaXmh!ZJ|ausu}22ul0& z^6g7-rYa2%IR39bKLP6DI4%VVV!56-mghyERf|c85mwaE1AC*7AA61aOM?DE-D*e4 zuC3f7P&-Vbu@?WdjvVwln)+e>EUCmSkR@nJVl-5~^-K^`=!A8$ znk7-P!zj(emgf#lx=7I9b`murg#LYg_2%Nucca`<%LOBAp?>lH@|V8=BY<0I5K+RV zC9om^pAv*hHL9c^RB_~S)9qyLhhV#nmL$E#ZT4E5&(AH+ubfu7|LM=etF+N_|2sZC zJ}BM)4i8U<=Ki;f^xJQPr|7|-k09dj#19DL`_JcWSlk&Ip{E1jSc9k5s}HecL%IqY zmWyMFe6}zyE3<7o{}o;+93EB{IJ9I_ET>WvJ)$(pLKmGL!9V@^bvBv!A5hQED`T6^ z<~(ok)OsP`H`FUg76c3QONImf-iTvvD(6`LCcJjYpRzVsFDM!l7iW}!{iGh7pWp3# z5{Snkcw>{kCq6|_gfWG<2f}-7Ox%6Px|pDZpGLeAb@uY$8Su?d3)(ntzz>E@oZ7~r z%|!`0BHA5L{-{P&=4s5(X~>xjA^-RS$R9oLKC2p?Y9x3q#Y0=sTKKv$fpOx8=>+w@ zr1qDzSE`M-yUIFi`gdXdX%h@%+IYzXL#|$9cl6Qb{}vYA=n*9( z4w&H5`#(L@yX~#NpUV5agniLWd@&;8o2GSI%;tz!N?So-tHt$10Rq>E()&&Igkb7^Jy@grn(-ow(+SDqZSfv{V1)r?+=X>sbc z+|B%h!_o5KE6p8};Mc6+j0AIs&bY`{1kEn75TO97{w^W6Un@-Qe0fHRQ5=%-JUJfax_<6|5VD`)Aw@qWE|BiSn5Owok8WtQsD)Hw^4eOU=2k7 z!SkT8)FbjkkAx{YtZ2&%t?4o17!%f_z}2*(=kD4lMXD`40j9o0 zFC>4{3|`cDaVr8x_r)z2lX-GK({hfQpjP{gK))F0s+M*pPoPflN(A|Z)2MREzsjvM>@?cWE33qcaR=n^H}0?*UbB0*qq z8w>_B^GSpDh!XTyleqxGsu5V>)>2$aq7QADEA8i~-MOIuX0+{@YAjhwuKn74a05!a z;5lmNUAx-9a%*B~Mpk4n*`APDQ)Y7@dgD%wU%(qIBQ>xvR`QxgiCs{ns=%+5waB9| z$g2Z2FoVjk^q=U}=r*fN6(nw+2CbWsW`Yx*P>V{bQaJu9-1lSyudht!(^x9 zo71bG-ks$6!|Sult6av{M?ajt*71?5*~JX5QwAgod-d-1$>~L*v~rLFrO(^Kn+R9v&~-=6*7_ovsd&R(CsJ$iF`*`yoFidHF7MzxegwL5dB z*F{2sy7MDVXVeT-vE+H_%=(NKD7*Z}+4=R=>&xq(PcP11{j&*u`4USgs@#G_SqqEI z8BUjm{;Jvi%I7X8zMMH1Pu26XW)%g*FlNJ;i!*CwY*`lhCu7QKSFV;NSCwlRGH1xL zlNMvg%A74_#u^1Czg){TN0+gw1~^q{iMX6kPpv#Enbs0q_hI&gq12qE!O5v#wGxMN zuw3+Xpt??*E$H8A3(`uGa>jtk_Zyr{Lbu3s<~T#h0_WVTste<8&2$Vp%pA8ObHV)` zJv|9Wi?rYWWILa#rCIT5q@rN6_sPSE2x3^i_cdAqMGK6=9-^3@DO#q&2DY-xvYLCP znhUYdd@|51GqN$5luL1>)4(=yQRv+42+qv4Djc&s9M_sfIsjG&dG{jjAO}R))3v{(wTy1a5(A8=m7t{^& zTssz8_BANn(dSn>p|9%>xv-H}i6YIe!c{btuToxW){HC$`)V4JtC{0Q7R!}pWvR3G z+gw#SFiFiZMOb?`0g^SwFtIzC1mC ze{pv8&+DU;H)n6J-(Q|y6gyj=FMEb(Fjhz=7P96a_~8PN)aR(!TJW^Cvf)yd$yMW) zqx26=xA;L*I1jt3PT3T&u3aI@^PZz8yRG`}J3qR-{N>%n$@V;%uR*P(k=e>W`6G3` z65qDi{W9Eb{Se5t!7-Y2-F5c%^6KdI>+AE^?|(ddds*F0j*y)zd#WzfM6m}{+<*r9 zGYE8?9RTf2cyo2W+GST+vwlS36U|!6t)e{HE1$NDl3p?w>t|uTji3t7r`@jLxTr{@ zn!ZT&m%MzbtnBwRn^+^FinJ_lrI^36Qvv;yOAU2k1!{Y4Ow;8R`6cD)RcAUPR4Bhi z$*5W79UR>0i1EEU9AHAu<8X*|3g}D*jq;gFM_y$K*&Ny;Diq*litoa0Ob&uv+`ZD_ zLC>l$STp6QSoAbQ2Af_baE>wsemi|BvD_CdO982;?^VqDW+ie=>p@FE7L=1v`;mfr^Pzz8C{DdCF)e{H4V(F+gKs!SsaE5 za8V8SR}`ZnOhbLK4ONyET@v}cK1STUEiUT!3%Y#)_mXaZh3`xDTNPYX*>Eer$=?(e zN@*x|6{IT&LY1=k4wC~UD2T%Qqr%NZQF&G88MlT1rF{=kzS_~9)6Ojh^+q7Y$!BMF zjw8>g18~x!JEBU13Tir+%q}~B=@yd2PVi{v6P&P?ZqPI4#0$o)>{d{&+ncxdYm8*e^mUchG}6MAZFO0O zm1jcf@02(274in~)@UZ>fu_G3Dc8!Vn`d!nS8^jlbn3A(Qksr*Rsv*XSJ~hdvQ`RV zf7DQJ3#EDDKk%@$ap+^v?>DWZCjMK0Z$BUZZMT20W8y!oBWc8kcxXE!1W`sg2rpzL z92d6HTQ6`2h{qAV2z}gAafRUvfh!1S7wh%~3lGz8iQt=**RW_Tsl`e`GVo=1nnx7y z#k;3Jf(1dCq{k+Nlm{gTr@g{KV~%|>T@-5AoO+31OPj4cvI6uaV`ph^U(9^W!Y9P^ zufcpIG~A>+$c{YlQYQoSq22x!ZJ>6WcAn=@#=!A1VvLT?&(N4=%py~LXs2iz?dPb? zA^*WK_YTKH$TG$WeFrw8^bg-7N&DB_6!{02K%-X85v(-)k@${->@*2Z-J)H^mCD6Ud(j;a$*rMcl-C;2%%r)}T>M{b z;u`fr)lN{y{|^oia{T{bci+T+UQ3!wgQfEHyT0K4LZ|faBG4BUUGwu=(F>W?!6BA` zWy)@3sEX3Aj&+#Ok8D=k4a(BF4n<%ohVl5!tus25A2SR{sd|#gj151RUQ?oW2G-c{ z>kP<52AnY;JG82lEEuFLE)UDtu(a%FX>nmB(C9OI`L#Qht@Ko~5dWV``%@qPf2Y5n zkN>}aVC4U`q&ZmnJcdT|GR$Q*3`Sp-?G^t4wEPx&0ct;Q>vCpx48;{`fF3JMSST$Y zMR6&;Uf@Y9oe!xY%dh!+TI}QLbN0WVZ67>QgjtKc=cO;v(-V3rf6=UZI~##4Q|;xT zxjn8o(kXaKq|IVo1lPY?C6+;Z+v=TgUcH|QrC#pwP)}sxgFJ~P)Xhg$nUh14PAvQK z^AbuB`%oWKjn+vg)5d=Qh~Cf(x;VH)JlGn+3F_e4NN3hme85SY*TH$Yjz$;XYto^(@-jrRLZICje9jI1- zq`E32;REvhN_-Girc_vSf95OKuPV(W|0_mebf7y;&jWS(pZ)!O{QrHL-N^rINR<|q zbY+h`AG0m*l_zi37Tq9MecI3%S>|jN=QxNwoAV&@EPoII6-Gfb%1r82sswA!_Dy<> zNngAQXMsz*6GD`uwfV2>sCbEzcqY7484MA36i{qwU>RDT}yFVmrZO z?o3ViuYAjr7%aj|uWiKma=Mi{LzACr!UBzWp>0GIy03LZof7(@Kq%Zds3Rz7awgch zC9^5lo@cxwti`oSg`9KqW;ZF_qg>SwX7$ZV>rH)Iuh0lj&Z)dGGa612AG za}!c~)2yTAQ;7q#&U1Jnx97Rssw+03e-w5+U|g@{+czJHdFc~f>{$u{N^@)Ms| zmG~uSooT*`&f)G{rM)x>Ng^ydJ{3VAGP%SZKB7MdC>vFEk|a^qq>+*BjWP=@GuG;h zT;QLAQiRnkO(iocJr@XRXgjx9#H~&f=NNBG)`KRi40V@bLi*SfYHWv&zBkl{tb@jk zI%`zfWsUk(JC8f&bZpXm@?S9af{$F6H;)ilXaBo*Sh)Y$G5&w+Nps)G^J&pxlOc-3 zj}ILgRcifazX$;#5Hm_TSWp2C$JbFDI+zel7#p-_N%%JwXCjWn_}UN08OGdo@m-fB zZa7QOy&VTEZ{)eCn7}^Dv7HHKtAhP&MV|Y&7OUb82MIx+1S94oann2yNcz2<+qf<2W5;!cKo{+Wm*^fE%WYr>IK(64#vp@^>1_UoNyXlLyOQ(?iEZG z_B+8JlWyeG36e3*wC`-<#9owS9)Ij8FW^&$kZg{r&t51Q0kEX|TZG5_&#^b+e?`GK zN86npKa@3>JN3}t?KhWar|3h!bMWi`SZ$@x#1u-dC)jpzjD8A9f}T-1SII>e0i_q^ zOhT1`6GcTfVSNRHV7CkF2gK&xUQZdyr?S!+JkbIrD<6>A@OtF=36A;T73^sBnZv-r z>Y~WLMw?(bJZN{_P5HOGS<@y>OW5)eiLaQy>9bwm**-APon8;^_I6O;t;@OF>!aOX zZ8kf2K>O3OT*C*}-;9y5XHFO-apz_LLXG_-I`j z@NMUqRfyWrZ0LJVTm5Rz`O&SOAg~B0$<$wTX4p}5IUBx*InmzCJ+RuFbyF&xQC7D! z^Pt_e@9e~mY4$-|{GDl?D3 zF$%_yo)bPgv-olR`y;s<)Bk>doJM<(;duNQj_)4t@o>8RY&$cX5yBrMFBZ&^r|+^; z@2Qpl>xpmKUs`foO`1pkk3!e=NIU~Ci{Z>2<7S3nb@zWe2YdPZzr&rLk^k3`@@{jX zdm@MU2N>eKJ~ILwGO5dCCx-LlcYihuFRfNk)1TJV3y$t=&j;xS=vSZQ(G_YxFSi2G zer}G2E_1*NOYV+ojfDLrQBP$b}pivx7(Mjms;`lk( zri8Nuog5uszx(<0;^OS&6ooN5{^{K>Z~5KFt9QS=<)9rM^y>2T>g+R{)^$%xnPp&UdFMdAbD8KCS#nCU~lYd@bAOCdm?%frC z@a7+H--+^$-k+RZUH@`%c6FN8@QT%-M7F0dHf3DnP4Ps8l9dmlIQ$Je33lZZX3Qvm zy5W6rZ^!P@`C0mrE;cTGOAlsm*-dadI`rY$`EmBa`PqpwezV|+yeF7%j`56cx0@IA z=~3{o3A^WOFPMESe?N;NA5U?R*gg-*SeA7}SYWQQ_X6(fA`BDo?E<)4L9E$t{}gGi z{r}FH+xF)#P5eK1^7lXez22eO|JRY$YX1o?LS=TJ=Q>{dhY%%L{;Z|D(stDdWiDG# z&CPvjB_l7eeeZW1i#pN=jjIr{3A?9w6S}xyaHDNsnmsk703(wsdm04`2=*tY@{@-| z4!=+i8twg#v*qUxziMVy*s*UDk{V^?pO)99{k$vy%a>l!^QC$C|J;G!d8#}A^?SQ{ z{=dI(?*G@4bjKhb`?r(h)KyV@)$H;{?ayJf|EUmvJ%6O$D#Th&Ln@a9g8u&`QlGnd0^=KX?7vT%cmJO&@IOy==fD0=UjMt>H~Qc8 zq|dbf3lxAqs~DgJ+iwyeUxehJHx|EwF;I#yuo%9;yaVvZJpui>(>(k?=l$QfjvD^o z+utw5e?B-g`oFcL`oIw-PTKVKf|p?aMxp1C@|i|l{Ruo7r3??jdZBrk^0$T^R} zH;-s|u!jRj)kghsoNVS_|MP2r>g2zJ{e1j~oxbt^SWimz6>K{SjF? zR1>OE+%+r@vQ-|8j6}VAlUSl79Wa;X|xo z|8_c^3=>EvjOBze4hdjx6T}+Z!%nA857_-TGIom$g7vIbNNf^ z$yw~;z>PvL5LokGkl^^v_N)3q%!tg1`qfqiTfZ1Lu` zoA}h)QB<)fwbg)sF)O~jGPy!7i?uSdJYEvB@>WZb3+oTC^O^LQdH4S`eD^Btzjk+f z{eu11zPbNjOIoY{PgVT)EKtxT&w2R=xwHEmHe_EO-lrJXbe{P82D`^#_sogiQ+Kni zC;PLa>U?1U8{z8?{8hAui~0E_#h4@aRx4Dhdi9lgx@lbbmiCilGH1rwPv`L0*y-=- z2^sNnWoaJyFQMZF|2BsHg;b~iJv_|Ie|v{LqyJe;%AJMj;J%9ODZUTmTUGtDYUExJ z7HDl>C~9y#3oJ5`5rh9fN(yRU(SLu!wx3MeGFIR$_FuMnRK^Caf-s;HR)&ad=!7nQ z`E2Wcj1$!9u&}Y67?UUr2&PXWzy|I}$o_th{)jzHP#-<}G>iQwwDbL6`{)tb_qS-X z`~ML7>FVmd`-$&#J5QV2ys{6d{ft)FMlWBY_D-+YM!)iyg+;!(;QF5{6jYu4Xa69- z{txzd%=vFENpt?w^MJ1)Le!Vw7cwS7X>2C0tJDQ_S};nGCUB34+oO*Vq`s|;52R$& zh9XklDR`i z65 z#5SrKTxl+_@`dKF$WRvJJe55yPKw82kl>GrFuuq<)CHffE=3!swiJJPYLBrM&3vET zweuTbczm8d9q0jv^&e-wzcMs5h;JK&uCzhq+*^6FOypd9H1Yy3dEhgN|5~QRB=m8t z+WROE<|x+*gT(d%h}xU)zMQG1SVJ^H_j8L*?aY7-Pfvr=42eDF=AW`WI_OMYUt4mT zH7&ylr&F79i4W~=7$x1IosjO(3*e9TbJXrYKtsN(u=}|7ul!@CeSSk1l42pyK~wtV z9Bh5rhl=$8>#6)x5#?Sg>NAS%{5Mk3owcc$gQdloZYYW9xVQKY$6v7&QNRCNl&yN> zAdK;Xb=1lK`@8x0f4$zJiT}5jw1Lj;B*Ae&P!b|G%;g z(f`=C5M8Dy4B$&j5{ht)d@sOO%R0HdzD&Xxw>HpmIGu(8`uX@0xn4|K*4RtB@Gm33 zWetCiyYR1gFd290KjJ633%Y4RL)*EXMQG&tn6$pN$bHoM)*9Nkt#7Sl8nwRt-_{2D z*^a$%M$p;GDQQ`E#0g#8viMzB%ko@ocUk^8{H+B*Dwki|QrD*X^?z}Cbn@oZnz{?u zQN8{T4|aOF`=9>d&d#n`|LaH_=tnlr=qKz?(J>wSR_j}I7LdgDeHOg<9uJW;=A@AdeL<(8R@uG#`A% ztEY8Q0ytS$q5KeHD$}QoebArWu?4nlbTfVE@CP@8^7=a+$em^`rRaU&mC-a4uevVw zaf0EsQlyI`KYW;qIQ(U+7*ps8wS-5kg&EzT-Ky}f{g-vkEZr-VT|tB5wO)d;tyB_ z{4xDS4+UGkcZ<nS&GGMFq8*y8 zmzJ6N;I%}(_`zg(>%?Scai+cm#s&1BOD)Y z>f8TzHXY)a4oLtO&2{;2`n83Y^%uISgX+9V>p2fylmh9ZsTX+D*%YOant8ec&tHVH za=J1Io;PK5*&l(fS)iqCNxD*|c$vg@g2xXfMbUXIvLeFsR+Wx!KB0E<5aIR!wJ$>8 z*zY6PPH-DNRnZG{`Q9B4Fd^r0IK-8?(QBR+L0&{~l7PQw6pl&rzG3i>6O^>C=(z`Lh^b zO=3(Yq3^Z_sNbVa=L?9k`vxt1L>D4!qZTgOz^5CaE2q3FCoDT5aw@M9y4up*tvx_{ zhda*^djj{k^3h2BO{WT5L9rJ?6~eEfjI>7ts+n+v&iN+@zJcw85N{lyD0GQR*fJ}K z>D*!*g@lUkW$TC5b4IhGG;2-i=q4uxHKkFZE3wCQUkSPrdyKYj-pojXhL~>8upQrQ zYv?+(de-jzJ*Ln_Cbg{*bdiaTwnAWrwqKwoLs$RM8M?g}!|(R{`yQXW;InSTXg)XM3S z5%lIGFGCk)bj|647-#n&6$=tQf-nU2awT0addv5hh@Ma}zXU6z(ku`b2Jp9_ET3PL zJuh+Dag;&YN`-;5fCZpay9nqj$$vw4nFV?*LzjryR?%OY`6a&6)3pri*94-}m-Q%a z;86yJu)OrutVebjs+28`XCw)y;@DJM`fBKM>eloli=9H}7tbq4^Xyzt*DA&_8=X>9 z+#{{tcHJ0f#EB$?5R_=hzeQW#NT_GAyS)f`rF5yWDwV^G?~#P^iL-Nbe0Fj{n5P7G zxxXopIMmSf;nyYjsuG2=Y~G7u6IqoG)EosDAV{SvAAPZcPaL_f$0Q0#B2%W1!WeO= zG36R?VZwl}Nl20--?Is>IWIrbz9HZR0z<~QzPm|K7bi}amP4}nm+CJs7}J3e1_o8K zKC?3==!|_*S30@@FPcR~L{3)&zAETZ`Rdjk+>jzW#`3<<-A2pvFG1JW##aSh^qf~C z=g9tY92_OsW!FO$baj_d#t6D#-c}#t3v|(Mz!s#0t`BWc?sf1-dm8zaM>@9OUd3Xd zOyt~7CS??-#6ni+L0GL(j3XSl^iO<;;|FL1zsu&jMhm?scr^3b-JW>m1!MHVVKauS zRhjbm=$A`$^!f)`Aw6Elq3`3E>H5i_+r5<%PltG8VvW6IG8A$I zD;Y4M>w8l#!;P0*#HvwE%_4pqx>D0k_p2y$xhMk4m_q)g=u#|b>c;U(W^F>5jQ#cE}upCRWd7LH?;C zZKZTE(0MI&kBGly_g0P_pdn_aNZ3VQpb^^^oMTMLbtc%I`8cjTp%)J6w=W2ipQ5cW znc$cb93Yq711)qMQ0UUc1uL6h?+HdSd%{hw=opeDj4^WU#LnbjN@&Z+8LJS!uO1@k zFXa=obran=HziW*g{&SM#R=UBvsnimprV_bgqq&m7O2$zQ z-$Q!H#%{VS~Q&ka4=q5{7VI1rFYgKe90g{U4J)(1EUh(tqwEXIk z@`wv;yT8ObX6T#6uOe1(`ZtqDxoF$s!G?$3vA!}UC;K*=t@7z=fC-Y z+Nsz{Ma}5W=|pjuV2~c$NZ*CU`86A!m!4T35g48#8VK zOt2z(fk9bG{-yW?4(^(L`-o0KKY)WfFAmuuGI<|t(m}2{&g5(w)_ah`TK;B z!ZTUlflf?bUOrNOgh5uUE{cN-`?kDPp~A%0KB=YNJ^4Caj5u*WU@+cT)E}h1r*B1g z46`Vu^hjGJt`W$8ider~sJw?y@QMnbw!PH`|NvF&1V~(FA#X;JZ;Y5VD8Ys2mFDs=R z#k|e81^qESTC#3~3qHcg-f9FjY4nBaSQ)+4dWe8E;oCPSmzYy6_CArFPel*#vgKWz zaRa74cUJvf6eX#2`2 zsk~kSZW5WJrgYgcqW1$JO0N?K-` zb`O4aJPg+zy4mZ;q12TAlw+P%Gi1vwVW?=CnO$gjRtEs=)M7%a5hAzwbzN}=WUp(G zbPuuB`#sx#j|Zj9@4>ZO*|(~+oBaAco5K0B>r%J=@@?zQIz-=7Fl6BNOEPmNs}S?L zkHr5g9;{3NjC*C8!=;XI%Bp z1Gl&ysppsMU+nG7vB8?(3W^Y2uw80UB(FcHhRvoq%Iz#eB*@e0Vkl86rkzn31u_<8 zA$c>!1<%&IR(*}AW+nD^;vtzyWB38TTSw#p<#qNc>EVJVdtmKjl0Rjl!$C)xc1fAL zHj{3_v_i&Hm|m#yRNc2h;yL{OALvw-*Z|ar;(=)48;2HhLEk}i9c8(CSb z=HngH&RV!L4?f*>ff#Pi^Al96i?h%Nl@|gB!V-S0&rp33ftPTcG*|tkvT(E?>4q+* zaN=*Rk4M*Bgvi+d6`3Et&(0txoociaUz`o5b@u(Fbm8DeI7KHKz;~u`a}3C$6wr18 zY8vI~cbWwFero4^4=)q=#NGDbL()c8|HPMf4w!UdNvQ$xv*S~0eGH;)Ub>xJibik= zNq3A1!8`bmW&#!PTA}2b6n}qdHr)FaS?zPp5z`g_YZ8_VX}W2c!)(dnM4a}j?{JAA zT!p0S+)V=4agPl4_4u$0iuS|-&FUirA>8nFoZ$7ah0N5&w1)UQd1scI;6TcI)3~nv zk*cV1$RaIgcfzF|zA3L%lFN+4%XR|r5P*k$=f19e>1<_oRffxPCrWkK6Taa<4(J@H zo#vBy?UGDoCmY&JdWqFelvLzL6c!>Iwv#yO&7#VHS{8&?!oqOl5J@4Qe({UZ>j}w; z`pg2>Oh$rrag&6e&X@>WdXV5_Zh9IZOWz||G|#UqU8<=!*e(9@sW{H)%$ms z@y~kO$3J$5Qj)t1(`jWj6w5<2I`cn?)WR&0-FPL zCeG*wHF%#^YOE_fJ9?m0PhQ~U^hbtC2>FEN&=Z@({tANBZvq#B>7O)KbxE!bYh zDxy$X!3tdx)z)7)2|xO<@qkps5spiXC)+CsjHVX8eFSulH1psXQvCo$B0i(U&*Y3) zP)~yxM}1A!EYPbuhsLm5i@nmVD{x7tYw+ds%Zt%L$~uP$Qh1?k!;U!AK*<5{(%SM+ zqnJ>4^mIC2LpFuCBe^6Jwv^$d0F(bZfHR5+v*$|kbo}TDnPd-2KH3j^?0P6lD@{L# zdAQT}<D0Rp#JCgAyFQ;SG*fYwtn*{mIm+kiX(S7s2nlmf&J>CR* z7AaXNnbW$WDZpaO^Dl^arO{^@0Ew1NsuPu^=?#kqW*JQtd3kC`Ll?e!9XIF+jJ@V-6LJ9%K7#Wa&LXs4JpZR6I>ZFwSZ82}6Lq zpM`@YbRkm$S{JS7c=8uL6#(I42JRd+a1bDTXvys;PU&c*qn9I?pW)jiHpcIg6e{KU z`Ou9WoGM%Uo9FRSG2f8%>8FXJaHsZBThulTZh@J-VYc<~?=e0plibA?7WJ@4M@HWq zhafT!?#bSefYK^?|+x&oLTO0*^6MjFv>?Cq9 zHz#6tw84|>jQT#+39XEeWHd5@7ofOo5p*$wWy7kv3BkSV&}&=EbPIVu;QbgEq~e9Q zHEC=q03QhM_5D&H z2a7bPIe*>;ReO|Rtp2;c-wC>i;x}!=)LM!aiZ+({d`y-rvah#Pwk_XPSEd%^IHroU zPV;u}-Q6DQSv*Uh?!oT%jYIr~`WdiSNBdOy12idVaI8s6lNP1%6ImA{$t0!%pR=LU zQ))bx8^8Ns+j1)eiFd%Tm(+`fQo2PnH~KSQTKEM87H#3k^QfItw)62n{0SQ46W(!; zO8cVvOxaaKMEe5W83d<2gaUC+{yX-}o7lig!a+^}pGV5?!*fRlF+#ga1|^Sr_;{0c zWhO}svjXZpJA&n&3f+QY%VVh`O;C<~ zjR3Cv4`qn^?m{!bKKqTc%^QdAWpXeC=>u_&{xx4Z*NpWqzAbx0{T;Zk7I_N9(-{vb z8ZOGiJlD3N$H(2vosG5w7-0k=--tA<$95)U!8e;yW zNYa&HcsD!5uHrpo>1Nf^n4t%?6=%o;VlMoM3B;z48fuW3Wa65strw(cDqjvBc5e5% zaZEqrbIX=puY$gm#cE%(Vw^xxk0A^nLa%Oy*71v?gSps)8i7(u!4Y#+P%kGwQB8168g{X! zPg{QLRz;+`Pm_>rl6=) zZbOyN_)PC*oa_s^x$H{%2u{bMqxsqS0Zsd0O)qE3w5RvbKhIVmZHAZ7~b%VL!G5VZM%8Fe&n=qg~(X2@J8?t!@QD?;)+rgg*& zZ5aAC*Wg!U}@V{mEczqp8FD67j#FxMrob0~f4x>5(;HAcHOCz_y^}Fnir_ z;&?-r>W*d9E3jVhYp})HmaYcAOMoF$F@9Xyptd0+-I0`m^|P2sUP0IGt}~}Ou8ix` zPeA)}2Buo!0>=@l6-UW9ZL=5xSCdP@V35+5C&q}~i^TYmUpVusKbPU`waZ{_eapN+ zURyR)Cv@g&qk5OHGVjY$2yJ(!eWBAwQ^KEOL9j=D9m>4WeM~*EbnMHHPZW9i zf)}J{ZBWCw-wI|o?61bjcUpK4%HQr4&mqb%p(gkWF+LDNZ=Fd$x5YgUIlhc6#Zc=d zWH0r5$SL41P=fIg#$a|oD7po2%Vz^zgzApx6Er0hNl41<1DT9`3V+g(%4rVnR4L@A@k8YkC1T-@*!&67ipgMXeC^Ni1 zn6C!QXemLe%V?KKLa(wCQ%p6rdc$zXN{Mo*mMRP>p#g)VO&Pco+Hiang2!I_?5EHA zmmM$?OfK^u@-<#%qO$kMrz|Hp$QiJv5C_V9WS^AY`JO9(6WFcfJV|t_b`yl;0R=Ry zUE5+YKdcNolZt{(!J)>O{rs$AoUU~}@v3og*GR7)q4xvesdq}mG*r7x9|Eulu*DsL zut@6`l;6aW$ym8!+AJ{4E|ooqev9|-?r$VSgtBtVFOSTvEF=0BD?xm(JLwPq4Z5J&gz`;wR*SgfBCy%lvImL~>-Y<-8@=I@rdhj0Z0pCBXlmq*-{_X1-=nlz+Q zO)$0XIN~X&-O*-nSov2p{~zOmAsrU40E9wnL3FhyrZFpXy+>k{gwYgWFY2=CSM%1uMgy3Ouu!IVp| zV#Dz&D!7-Cyp5nA7@bjO5qHsd#ltk5MYys(#POZtcP9<)oZ4qQrNSg^X;pPNlfJux zL6{q8#OagIkN->8V3idn)YiN|az>6X?t5cz zv|BLS_Xhy*p*ZfXUxyHB`e5X8SCKzM+}EPRKstWeiCxAS53IG`nl0_cYr}sYDU(+{ zi7KoQE2I0dmW4YwX9*gk6xkH*<0S94OpxJV0TWwEi%wMoSa98#4a6PEwSDc!=4=k8 z{oGZxb3}2&O?x5p;S~Jn+TLf=Q4Jnitz*&B)^gSAk|hr_V`T(YgprmqsdbcLz03Hs zzRMCSb`zmUw*C9ofw&o%(w9p8mx-t?`KXb{U9cuP$Ft;4vZV3tp5{vXmK)s47M8G1 zO;F@y#qSuNE-+@P-yL0g3aUX|czkAIls2gGpA5-;ETL|N+{;IRH67xWH3c7lImLwU zz)3w|t^Fk^^hi+Pn z#G)uU@ho(7c6P7`?Ay-%>u@scL@T%nUZCdyH+4Zddg0yk_P{k%d|09N31h+`fM_$u zF>N3MH!Lv;PE4UvouMjw`Gui+Zh+NLz3W)nq@26`Xu9i5T+~U975SX=8hk6d;*K^! z88$&6ZDFYJ(D?*>$(+^}6{>DsYloN+p&MKCI+-8{#j3LHT9ow+D>we382*L!%d9M}kfC$2?=xI~kTA(@=znVV|+FrHLv^xCd!Du$Zh zmTO@Ata-JJvpnh3D&DL^&{m_hNJX~u#pN{UMwbQe1=VFdX5n(6 z>emu#X!F#=(BR<%uT8^C*JP>rnBW}frj9@p{iA+A zLKy+{f>J>l~S$+eLl34k|??5PAZMEEU(2a;%+laM|+F&kg$@=!N+R7 zb|{9VT(Rl$>IDR(U9_N$-4j>dtmXrxKGdFjh9u5*e+a(nBI@{oLafYB^a)nj)7ed4 z=;DG56t56Sq3eK15PC^-&t`o*;6UEZYzH_rR*)XG^ zp>dePG>Ffy!IK@tPKePMw;A0a=V0CMDJQc8V6*mNQ&AIl&|NH2T6bdmkSaJk1WccK zz?XdO4Q99HytXyWMuV}MAvf45#N&sY?=vFtA0sxycUm`xy@*xvC0Vy$G!1XIElaV#m_}utDeCg19!XTBN<1J#HF}j zg+LZz;S0b9bZ_d0@|k7%pJX# z#wO+G8LLmCA~Xe=vx7Bm^N>SBqC~-PgXJ*taG+o=dweu4$qh8OhC*HiN&CE;B%jkx zlik*q?#m*}x6f?H9K~jb08f(>J%w75?Nm+ac};9Z=l4y4rLhyBn|FrILI2{y4#Wz(hY(J%ae4a9gRJXgrTjq4W0g#}A#~XR^M| zcki4+{Pa^8|0Ra;oj6Gm@6d!*%b#a{Y*W>5w;u}62D=f5+_*0N%yxa8$>+y4Z9}7O zwnkJAp65QFZ}w}5<|dk#DxuGA^Gq@>&-*yjJ(XM~SADZ8j?H>AgNeN0t>r}YttX4Dj zh{FsgJ~-kP@>*^35oUd8uc+x3hr%*@a#XIV=$XDkh~BU*-GXdr@+HK@Al$TdiML&W z05Wi<&pD_h)${Lxn-TC39~Fh9qld45gMC{Gg0 z!(TRSgqU$5E%s;bf{5GR8{8Hb}$5}6vl5}{?Vo%lV$;=KPEgWQCw+G-VovWHDAFe40=bJ^W3#X%MURU{Vnt=EhH~-25mTOn$tDTMEplk)ojwt_jz<9v&@@&DA5RX zao-k0@&dCTSUm$s@UqAe4L7?s#WxL!w<7$AF;c(bB$n5}Z1tu~B>M)aH7~mF1C~dw9~x+{ zudral&zvVq&AxF^z?+y;AF&N0N(pe6=&=e59NTj?3875)y}zIPBIcnRM%sxFg)2(o z8p2t*7PCop1Q-U%Rvdge5U+1zjKxlY@F8-WE*7TR#6mStJv9*}>2<|(1MI}|(1e|u zIHBPDW_4B8dSDu^c6yp{oZMdz8;K@kX3=kuMR!Z=s|ojQZ|7aiRBLi6@h>#6ql*%J z<9Iuf9iyTCw$WJmx;aQ)sr`O&asP0CbH5qN*CFw)FR2~>YA=Z{JtX9b+cp}l=}f9| z+s=TFMd$q;lMrA+tP44R;KkZzjp@j@XymN|%CTb6z5=h%Y>dGzb0PSG$bAxQfkV+{ zqR2t5{2JIVut)Pf2-sNSd$-tD?%WYsY`5@1Rz0ijg0V*Hjcc($W~fpsOBH(358P0+ z0P9iTlTF(9D&eQXDdur(Rm7zIA?}*e?|tnskGu{`SO$cHt(3BoTf5-^Q=OwC{@>hQ zULU@j$(}mO*n2TCl1%$TYgJu#fng|iAJ7=cE(DZ8Z`-)>$?K9Gmt;*I>DygiFaJ`w zV6Lg2nrz{?5YAgp8+soz*Ez(!cz?-RykOBYZ@9d%9dTPvJ@9gOOqu{=*AA_|Nf9@c z<5XQp6!R?TE zdrMxoD9Znes+{p#Ee!xWRE263CWv~dd#s5q_>j?nS^CsOg3;}OY5uc@V|P0EtRtu0 z&{swghe#tfwGORL;TfAuwD?y7eCw0j;y_%F969(Q~(FP~*=msLP zM~b)FU9URP{15xBJn=Z1bad*G2^t@B=-2n>Smp$}H!Cs=E6$}@E)#ZVCsyGLV2{M= zXTR}TGidbqA6_q>?Gb&ZroV9bP7*sR*E>o1`AoJqA z8dt`VlzpN>VWb3Cv;O#LFiB$szy+3ORlGoTwnJc5AQL3rg{!>=Bqwe9n>SW)l=01wi_ z;7!dQxXJPeytp_|dnB=zPETaNkqMwEbBZy4nMpuiX%jU86%>CjO*;S~^a^iQoFs%+M6!VOJV4#RiXGm+ z5PF4c1jC<>cBIlY7z?G_$`W@{vg%xRva8Z<0_>fjj=#1HIpK#Vdm_3K-v;JMagNJOM3-=$(yc~5!zeLU zl(U1U3I|gAUNdVDJrA;j=?aZyzhejCFM8gt25o@Yb)3(H?f3!PDijGOMQk6`jiG#YGVNd(S zd&Q+H?fN-~O0`*wy}{C{cM!#w3B!psO*}<-3rgg9*GP2OgD(^J0PBFaGH#T9ygysb zKiMS{FMvCgdk`~2dlrVbB@t?b@hcgDk&93t_=ib;lH4bX)wZUQ)E~54gr^at?0wy_ z!@fKwjOi5d&u%;Gh9O(u1zR9nn*1U7&DeBX@Z>Sw((d{JHabVTTSBa~QW6-#qR)DM zRmrYSp5M}f*g~X+=PdDZb7EQIPlgIjqq_TF-d2dJMHYBRd*7L0S{vG&x z4+{J>T}P*JaeRo)eX?tQXOWMU-^kQfanIwm0;Matp*mj!fR~pb0+5#M3T?h+W6Wm| zG*1N_*)~8I3+DO?7F||NgiMa&BoeKV91~SVf%0@%8pdrP8`4E=*bW)eqyQilON>sp zYSlD}w?ZjGa*bR;nXK?kIo!&Z?Lt0!*&cA?dLwQd*f|Ixgll0e5_l#I&v7>7P}M4} z*n3Wr7cciM)Y$)P${8#oQ6B0cMiE$7q=OBOVWlk$pIKQh4B1q7R_ueX4>&7|AbfDp z{wU9#GL-7u(tO;F!M8|Tb8;}1S&0VC4t77#U(#%yO2XDu;Y2)yY#F~GZxBEkJh%)L z4JBYGgMHwpf6#eT4#_ajQ|*i3(#>Iy8U1mvWWov8t=o+#=-OF{AaWiUW~z43253KR zZ?a6BWroS;=IE!(_OrR-*uMOs#TS9WWwm48s z*ahViI5V9vg4-uB9-G=D2~DC6&LeHtr0_t}oIUbdui;6^oqF7YyawuWrD^dWPQL3glG_#q~Ho};7 z1YHGH^Fu8(EcS6%!^SXhwu}x8XsheNl90ZN8|_7WL_|&&9{n7bZm#Qd=E#H1lFSNE zxEqR*JE*dr+e69tO2L~VH4%G6DXu0OD+RVB*i5VxN<9eN{P`Y$#O*}Co;wnfiy!Nw z+lx_TN;@K{6cK@&P%Yy7kP!Yj1@_s-ZG68Wa$<&nxclZ}t>o&ZZ!;;qTcL!u$in>L zvV-9E2VaEvd-L093`Q9D1g}huV~4-f5tmF{SA=Z<*@m3$=vF&T9tR`?wlGpN#Z-Db zfmU#hole=BIMzKaOlYCQG(D*VLU5mlbbC=QMZ0xd{dy*pI+98ccqgQAXe(t?n2nhU4c44^t!K(0htB|w9T%E}8!5Y}tORi`a^SbQIttCQZQA_@ zWzW)klonM{y##;mP`W}2+MO|BaSilZGJM6P<>?10GGgD*0Vf`#La^6RHN+E#0~%u8 z%`&**-F?iJG?61SVe+tcWXM|7EbQ(>N{7Or-Cc_IC%cEO4j;Z&;_uDkpS8_)DR`2Q z`oMF$TS6U=bc%%I9I8xKUpGzN5yRW zfvIE2p>t^?FbiYk<24Xv*3k5GyEG5m@l>??lPFi`Vz2p4sK-P^!K5AVA}>`dJ4DBm zGJGxGii{VDg&UzH|An!h_?ZC&TKc8GzpN0hjp9i~W97j0T?Q{=aY~A1k2T7>X*eW~ z@y>t|!dkTK;pnxpy@Rt}E>OO_*RrfShA(8AHwG&_-Z{zTNDT=mlI{;V5B-2AP}gLR zF8jH12^@PIEA}@5%FK39d?>saCPXSnIP}1)RVc71@QOAwwKkf_b6r? zjY19e;oQcFw95t_4zvR=8Cb}T7fWO~=+^Lz&qpVrqNpmmevDEc3#Oru58-<}vYH>u zl_FkXBk@3AGQ+CghuP`f>fN#zGIAwH3BM`gFfES4urq}@j%L!PFx2%a+Ibdy|7cf| zRd8#WS`&7r{WTw&mHZRD_NJca446bXGgmvxaz1T!W6xaCJ?N#5c=`D)o5=vyh5xkq zeB(xUBu1CVdBW8i zs{!)6do%i9JS<$9|A6-W)h!6=_BUy&kR=VL2WUu`3lHXz_0|Iee91Mx1pN9R{MWyT zT5pH4vZH`#a?ypK01(M*AiEFrK>G`6r&Eye&pQD9Q&T`)uMCUN?p*6TgI#`jQV0ch z0hYM0H+d8OdDFkhYeME$tw0uNFujI97_FDL>?@%5-~Dy;{U!ThU_%(NOKb|t?5*bC zMDssG|I^FAk-q*#&ic16-yh`mpMj4!HDE6;xcA@B90h z=;P)K$S8o$|8pHk8$HUIHh-xMap-RYn6;W!z6OY8)TTe8f+XFwJ^)Dp{BI)g7Qy%n zv^9LpeGjdAH~Xdk*F?Pz-pz^rX`cUP7l7`@pw~qna@DNY zl0M-1gM0LAOU&OWISFp#znFe~z;{SC7SOO8qazE4_IeJMHUU~lz>dXLw*RK-S|CgC z+gnQTWsi5qHxMH+`ELf>#NSen+yXqHKHST_rZoLukP820lK(bjV0PJ8AfQ9G)FouM z2)x(&0*Hcw09sk!3V`~OAS-1U045_I#6p2>n7pwdf{gCn^>NdC7-%f;U*`XR+~FaI z;^QaapH{d)5s)>5lK-oy{<&6-|FPQsHp`^zO(U?akJmXUKyUY{HDLAsT=&1MY58}1 zv%l6fsNWXzot}Sn{7=oo0RMle`SLxK2^a$ML-#=5*NZ>_XJErW6!@QOP+wc(-TDK1 zx%~UwHsFHf&&J|!dHfd~CayH%D8L!qZ}A5}`}IN~5ZLy&7XP^*L1eu2Q{Whc-{L6{ zbip4a;y={9{;ZD!);SDR0Znp~`%3@6xtD*_<^Li6fA$X|5CXl65#E3{VXzZ2pn^q6>F+yY#jpQYdR z{O73uD~R!BDjtUiIE4%g(s&-o3H1OhF8_K!{5_Vs{}7_*UQdVvNayoikW{kqpqT^QhjHsgRck&=7P|LYaAefB>o3q^KZB+Y4|?`abZL8*U!w~ z|GzM(`s`H)@1c%?>^zseFF=U*2fLb0j>paa_KW~Q5wS-BMd*2;9DVZl2Sbq505yMG zYSqldUycN%4xsS(7|5B}?vh)ACijuhBl=Zi5V&#nfC6%z|LGqugv_-KfS@e#PBY+N za=!bszx&&TI#&bRwtKB#g(5)@M81~}5EAh}8~<15`d`1i08FV?12s^>UAljqyf5s6 zEcSH&0_b)h4cydLhIVlyF(BrcUY7imTKQy@Z_SiNNy{Ovo#-&?|55hNK=*m5DO0^l z=hcB^nEA-NA=vf1mo^b)j)E=A$MQ2${w4u{-*7h3U_&16JHYta?-#u-?_NhTYicV+ zH|`|F)UZ3@NQcc%OVE>L1&98?`7H4nz_9f~RNLUKh7kB-aLC&8{@{-E4w^X*u*2p^ zhybM(iep|Be|Vd-1p_+OFo$ABf@2d`iGNDMeqfJ(7z!;8YMA8>%HXkWl@2O-m$d&I zTwn1D?UiJsvd6UO8pdy3hrJhbk$~NJBnewYY%vd;uiBCdWboZbY} z3{N`g88rg;c`$*$+;n4)lZueP_USZD?CK8TMHO@!jK`7pd4gN@To?0XQbEpNpu3H+ zQb_aM`I^&5YwfMTcmJt#wF~QILe67pnp526f&SbW^Kh9Slku#BclHfb8O6Q%a1I7p zv1ehlz|<~Rzm%1$;TsTqXbF@=OvsvKh~Xr@5~%u8H2j7%lu6nfex zOzk%UmPHA-pG7nvTW_9bEW~VXcG7NDTKxbdgv=H~N z9ej~*u$)o0M;Yh>A8m_uyDYCnk3X4%0Vwu9H-N7k-xa?;U?~_*oIPxKbOxU?et*i< ze>F()ogQr;skLWrBmSQI0uOV`&38z~q&g_(dGSm1wT3X0;ppTkSiKqvXLk^TcG2Y= ztkG!;;VoCP)oR>q-vcUo+bhzkO10us`jcP>?v{@<95RH>ozKAw$oJ4f8ZJC4!wY@A zEL_K&9B4Q9)Bw4Hh<)oJF#;QY?p(u4_)cj6^q0Lq!OO>)0h#G2j4#jpF7cOV5>cK9 z2#Lz_TrTAVyoD!0{(%(q)T}L6v@U%4LcFi|`?Zw36A%OTy%BP*t6$xbG@$U?%HYD8 zzo7U93c)6?t!yo(HlGZqPT%qOvDp>fFR`i;9AUYj;-4{TaQV;rt(rDQ80OPe@RJV` z!2Xah=1nkYV*lU?e)efcu9mN09QCzY+S<5)N)IAqb<55{a)*pxWR~{9M53r#R%;v| zuk321grtrGaybK#Wke0v^TsVc5o2~9@SwzDJ3%$>=7ev zrwO}g_g8hURUy7cNU|N$v)cj}9W28H-D*-;q9DQ(S{G>s1l@hekiajn%;C0n%y{vN*sGu0$<$Z&ZNfW=*GVfZAWGYI?(Rp(c z9i{~i^zr5^i=ZqMzl{(dgjxY1qL8^*VljJ-n|e>BgpYGaH%o~A(obAuVA3f;r*7Zv zuLx*I%?)>;n8am>BXGuJMjZH%REXwgK1H-O*7Xgb@#RhNPC5xV$zt%4;c#@j@G%!h z#&*5}bm|1Y-43vN5w^wZBuZX;w4C|Y^7R0p@z%av0bgTZa=_ncR*Hdwb6E0i%wbv8 zV2J>DvYezjqiSpi3XysQvE`^7(S+B^5VGAb7?MLh3c)vr4>r(0wsem!b`;(v;PLO> zpSS@j$e-^)u^syrJW)1gl(Le%y|Le`D-<`9`QNwd?%7oWcX*;ZujXS0jkZ%*acs?= z6I#A-MR$1`OIqH@tO%bZ!nK}it8b{t_+#NH60@{8X`@$nK#JGp9~2oQnImdbuEP-W z9n3R`VXk>ro4bEC=l`MrPe2es!ZbEBv4?kCC18y!Wwbll4_PmRHT%6h=}C!HRDL`r zH8p51S0Zlg%XIWwroo({?O_k}B(My)x$3S_lA?aiR#sgw3B0HU#PI{q@a zzJ)E54aSgfI;SFUzCL`KU59oC3}tz0uKV(1L}{;5YKaegl^O% z^Na~K1;0vuP^UnFsZ2imDmyvpd}h!h$Y39xvPH)kBsr3D&HQZ`z~AK0YmPx~hjJ4& z$KyfWAs}8g8MSpX?FOj*=7kkgA%RZzIpqy3i^{@EC>IKeXc}&_pbU2$BU3M@Ogz8A znXD5&$*(8~2~0;}1Z7$PTR-hP%2{E3Gdnu>LN>KK%I`H6&WMa-TD@$&S0A@Zd?{Mr zW5cgO?c+=Kz8GTX3~!d6eW@s)h`zCStuP|_tS~P4Nk^49^e#?8mr+>PW=?Hp3G;7! zJ@gN13lQHbXeJV8$pB0U`b?sy>01e3uNKKNII}C`sJxiRdW0WoTk3s$tlm5cC#}ex zRn@fU2#z~KlhHHB8h&s)t{vOG%?nCOmPjeMc{K`)0Geki?o5e?e^Eu~CzUAhd0l zSCZT8DX1veQWJZnQlE>3yyv_};Yd-h2yDk?33pd!w8Vzw{CT5m?Zvvi&PczY;=D-P zDdh9w_d8nS&`U#&@Yh;@o6+ZF5Pv?OtYxFTu89`kY&a|x1?iAVUn() zFJI+1^kzG^rZ5c6SFN(5(GI^Qf#DQ3-aU8W4YK8-jPczh z$JOY22>j13dW@(Lt}DX4IV-{R{tKdh+s{v$karzM)&a&W+lECZD#6%qb1IQj@OLs^0|^&yFW_!d|rfBOTVpW$9kJ;ryjP5uNtq+f6`WqGA-UmS+>FH;XC>< zP3a_UU*!McLs-kIDK?Z(wrR3ObvYNXfHcJlkxnPHio%k)q~3@+p-xQZ$5MPGB+rE3 zO(1zo*&?oURtz8MKULvA1y7CKTfpRo4+yj&M@@k30vxv zcfXo_{<@slQbF(7`jh)J--?L1r$Yxl-WG%qnyM8tDC$-Uub!Cpt9P)GNbABk;VKgAA^ zO(t+iCmcy;?!5$w#JS!mjD?L-Ff}0B+Ml_~AinL~s*8!47rQ@q5eLWYbh7 zwtIEtNCwD9PS*H*`8mW$mFia7`nwT^`3e8K#FMYv8=(Ls#Prs_Pq2$JetZ%s>VDCL zY{O{i(5t1+-04nQHQ5HOj)j%FibSN9M!LE4T{<~_#8lHqqEbt zpb}EX!D-|*i;x1zJhzI_8Wllb8#r>?<6k-4&87DiwFn5V_X_2YTmu!ZAMF!(4XX7qUxpR`slXj-cwJB~> zIrVBd2I~S>NZi*h-2}&3ju8H$a|r$3;p4)ZF33YaVGVfXz#dM5enn*c#fogsb_ZNL*d7Rj?5uGGl0 zSwSfd1uQEn%VUwFQ_2nyJ)C#Vm>uQY*JjlDQNW+NyaVfh{w1W^R}b_O*Z#_I$>n-n z{3$~7JUad~(i!SMH1uYiRsWsCqQiY((#snjrvbnxd;ccr6<3=Idb2i7r{ z&|NZou-(VnPZT^iMV|*pcMU(%-?kx*vy)JJ4+yosw1x3g?92bMCS8|_*4OmDNA5c?OMM+r3Pip&f zzF|wVQ!^zb?*qT|_byxlv)=fDo68q>$nUG#v-D3ws4vcoBs+sRgg|~5@$Y12f_E1s zh;as)b?%2x9+eXIvVAI~=Q2?jN9L(K%{jwE;h-2(^h(mWi#FOrRWlVtEc8dC(@BU$ zoU8Ld)}!fwX@KasyMtpK7Trg|P|=VEsC8q9wgbbH_>{|OISN9ws7|mp9vN!kR3uQI z)Jz@Gve?uE25RJ`0THO!!^hX3Ul}r4hsoK!uh9%e5r3||xlR{%QZ8dD42sA3^eQ>l zGUTAa^-}$N(L?mCSjs-|o zz}fu!4+xJlb0e?5Rb-bK<1nrXM{f^dB3?){Z~}2Wkxw>gOXtKdf;UMehl$`Tow-BA z(5M-?_nv3a4YBzUIKDY)bSpvA?`9~U(Z2V_u%UXmVTns#aYiZGh*>n77{MN0V~x_+ zSmTHb!WiJ?ki^bc+M7}OpH|k0XfQV^5FDxDp$gyz;9rMXPpgNOno7HR6mvMQ(*;yi zH7OgKI-rN3RcGVpM;u>;rT~&xfWdSd3D3Z;b)VOix4>_hKvyP9I=R!kvw146LAQ;% zEui_uYR77G(l_8?NpEw5!s*vUucsNWk6k0KYwMMXoZZc<4G*KEbz~UHtzXa?MOKs& zGpBrUVNe5DloCuo*@X$MXbw7qA;AQuJ?&>AlvnPJ?O&UFp4ZtG&HBS-YMahfh*^C; zsAEsrt|%PCdHiG(FI3LJ-G5_KP!&gQff%!*Y==#0?oD8Oh#X~g7QZl}otX3C^g`=? zT+MBK$bI(Jd*nKnfFp;C*xOyuM;jWLlKrD;L>LozagKWdfPM2N02(t{4!_xxkV zhAC?@d1ubID_70C?D^W593R1bB5qW|u7;~Oi6?OKtY1PVP^Xh}d;>3~uGOUEYj?^P zs*-%v=VIyuX0gFjlc%5f*m8CO&+j5$0ks`1i`PKc!Y?ini9v&+=u~Fd>(SC-A!Q`J zRa)T8mbb9U5)i$K(b8zSO2VQ2TZ5>Qd!X#dsA~l6cgOx#VJD!9%J@9d3*R3EaWP`xX969e#qa9or*sk8F!NKo%IJsoa;

    9dPvYtPl8s^)VIZrq4l3oGBg<*gDL%P2J@8_x5qYheD z1Mw1G79GuiTQ7p%sveyYj?dmpaoCuJ^m{9D<0JR;Q~nUEAkHFsK+E@R!7QYZctn;T zi``tkBatB>1({o1war4oIOc*G=L*JZ!9BTM%_giQY2YX&VJMMe9N2vqx4YP4O)&$J^tm3b?!f~Yxq_6%)ju{TAfzS1HOs1AQ)DHEvbO<9(Vpr zOCcG2T?qP_Z=IgbUrsE0qy2D0QW>5&X!*g)M`uJyw8rGd~FI|S3fE8nWT`<)?GW>6!uuD55HGtVOz{9fl3?2 z(k~gG{|uPCHd}3Jw+(8Ut~r%Uu&HyynWb9HZw7m4?tv1buovItr{kf`G@9T)Io8BW z^sh=U(BB=-H(MUQ_mA`BHjdW^FR307Z{c`9)gn(5em%3At@IB)RpiCMQbR`-Z7lfF zdC+DBo{n{q4t`!h*{pfdc$lefeS@K9bT!sJiI3)zC>~#jF=|F4v^WlCxKAHL79li& z_`Zya0|urpvdKZ};9vSOmj3!v4D&*t7H!xzn^KtrWXDZeFwLLsO|ya}kwoIMzl$AN+ActWGbv;J%jF%V_iQ)SF3~Lp-lQ{ZS*uotYRg)H@ zNrt0IU?{>yu9G9ThjO|h8ygmzCwwfo_#@Z11aH!1-cw)H_*>(xVm<3AV2c<9V z5xT@OmKEkhlNA}kpJU0|o9MWnsw#kGUT8HZV0qUfxg9t!TLeCD(r3UWU7p5^z19or z;@yclrd3Y`{I>m&FfYH(6tHCt@-$ERes)~WLk9xamf$`#E0g?H3SYiUA#D=?_Jgj* zRtP07C#qs^FD%1?D^-fOIJ_jbjiGcS*#0awwYp=%3T<*h^jo%uin-ZpWU(rjqog(F z89q#r%Ml&DjqY7Cef=rJ)KUxP7P@da9mR8xz)2tKT}7H^j=Be-PqZohZwXYNY@|$R z{~NbOIr~$^OyqpS)5My6=;PD>XT)+R- za|nGHC+3>u@0Wk4z2@x?&Y$sn6pP@#j0uDzPB7rIwbrua*+E22_HEV9 zY`e(PrdClp<-Q;v!E1}=Gi?6Gn=4!XqLj!UZjE_FY*c$o^nE&z6dH1CsUU)sBLG7A zeJpQ-KCuhsrw08(B9uB0F^%78%Y)rt-Y{>#bYHV z^N4goE=^`17jRs^RN3&;$V}r&FpA!IWV(6V@SyUMi(R^Ld*g*nCr6rQ66DFKcJU;t?V-nh#QZrunZWQ)KrAsf(1VDi7sUSne zxZQ+D0dVH1h!GD1m&lkc$io0xtxaq(;dB}Lf*{}CP(@q=3bT9vCjVJrvE9!dG(*S) zx%9=-u8-oaNfE z<4H7s5S$e=e#__o8Tio%DHg59Yf7m)l)H*D{}y)@rdyH21}VY{2t;~wj8wK4s@EjH zZT~I&5&2g5VcwK6@@I|uxq{1+!rdFjZ=$);+N84$*%n*HK3_1DxthtvI5C7W?cAGV z&j|A*6&g-Q1b3z3R^;^=f+m)q^IRM$M#YbMYnUKHwPbYw)A52Oixzml0nM)-OigGW zd(WY_)0$X)&F6yBHeY<1|2?sN)fn`FnqkD{0nG1M0uJ$YK=}Txku_ky|0x;r##n2= zca95D?DYg%0zr5=$o0wZu!F0)-lHJ}qcT?!FepV!(>r)X)XSo0~UD1jB~=52#}gF;jNExTxpr~D`$Ky>6dC(`s4{=YxFO8HUG zGY^)?Fri;lEh%Z0cq;}WzIoak#p1z=X-YAhNl2H~eQ;s$dKeqok>$iuyff7Ee$`&o zKJe`sPFAvo6rJ=rvk$tHIi)rY9$zTU(UX}GrJ;C_GgKmY{K1**w0)}$Yq(;GlyW^v zSe7}vxiR^Ta6QlfVbJY68+a-hRiJd=?+vWrE7Sb>NXF#I*P0ZWbJ|D$inTHWXHkrym&WvMPO9fKe`D84)kW}hH7 zKR0r!9BYv^XvD7u0XzNf-RVXqtI&hc)CHn0FrUuJBH^cV5|*x#zc>qh%b4UIazj;w zG}ZR~cb-uzcNZ>h2)*s0Aq~io21_i9(v6R(8HDLOZnjWi>*7ZkeQA=weqM^nT45P! z&Zm+1shj-xf4WH^W;l-Y8P}8`u=B?IsqGvaG_@@Am9JwlPL;(!j?f~ZHN6&{$@P9Ix6CI?=_;8&H7AR3%)tPsw zR=*5(vfUS0Q2u8=@slYNyJ58zy+r_4+N>fDr)>?&WJ)+ITMB7VMiR7p#xu{dN5{PP ze~BgnlQIIIq1>pGmXfL8qCi#0L_9czYZn5fOCU5qn^^}p-f{}piw{}Kh3aWQ!tHIQ zF|2{**M;toqok5e-bmZYOE~U>6;mcLr?PPQ-h~7OeX)NLBREnuuV}6JNcf!5UXNYL5Pc% zi3xwqS43dhR8R1X^_nF}G(-1Dvc$KB(8MT^I z64tBA4kIg{;`G>f(4XV*@7{zC;wqD>_*YpayfnnM(}hKd^`jZ8X;j_LLKeD>R+(7x z^Y;t`N+HwnQpZCh0!WY20+iZo$n=XhFA|4O*X-P4OfkcswD=5Z;dl0)Jbp4pA8b8V_!HYipd=T zhkZEV$KorBy*aIR&L&^NJ7^4*Oj#mjAC0Or&*-2dP}_e?Zi= zwV6M23_ubiH4p+4=JVmRc>q4=_SIizU*pN%6-aUY{N}Xg^n=`_g%1#1d=W<|efXeF z*6`47+xd$gb~WfA;F)5-6f;BgpKgNt`~;==S-PtD2NF0A%+E}Vz|cI0_^c;;zLCJ3 zcI|lxr&(Kl!>t#Ij@SI&q8i4iiJ<%Fdx8HH^7u3B)FaVl%6INH_dHaTfBp( ze^0NPHM&Rl^S({N7LxE!Ih%oc|D>&t%_Lsi=v*OaK+<@rs=@KkIrq1&aTxS#6^V1h8m)9%4fPKO1%H>dg}YWL5v#arY?Ms2>BPTTrcw-u&zD`i~;*r9Nf(Rc!E8xWCtMCiW7Ddimqj4%8>n zIsnB{L+4#e?X0SH2LFX#0)GcK2#2&w)diY%9wHr{ujwlUE*IZcTTD+Yf}US?_A^orSsODprTkO`b;)w|%QXNZ4Wni~GJA=vinosuEf{LABlUy4Vlh8SHbw|i^-F1D)q1&4GSnoOtzDE-D~+rw zb&M1)@WR98j^i>580%E=OBm&r{{>HGS6v%yej(3gL@T-(SZ7e$|E>AnK8nah_V-Dw zz^$1rZ60hNX~E4}Us|eXmF$Q8GAgzFoes3R$GB{SXc8f2j0JeUOJ6Po?MDK^Y}!r))p1ytA~ z%kP&#qBn1Vr-1b(Xmw158T@OmCHl#lva1R6`hJ$8J>?6TAo0pll@H!(68_kr6*FC2 z5?_?!@}Whw!H1&|=wX7-RM^M9k;(WF8R4TC4p&DQK$q%GfttJ|+9+s3{)pPE+Ca#? z^?$ez48FPV|I2;!v`xb|PY)OI%WyHRW=UO{A7Cq79$XXnmVRdXxj(2E^k z(YmP-i0x{tZfj+W*GTm@9QC#?TnlD8w$~8TEh&pn(^nfqp`msii(TYBo@(bubvF&F zv|oE}VFDo<6=v)ShSNWX($Dge@p?WE4cs_kzXC(4F!2VlXD4#=(l-^!w;gAd*)oL^ z0)raqj}(v2Lib=}2R{+b=WfmB-$SfjTiCsJi!t;Vzk*!<3Hzou06A#zmG2)=MZ)_g z$+I;v#HtI#S=04q_Ss8l1u$mOtR5MT8}UFOfXZ&U7oeCBE&i)>@nhNeWF9sYx zZcyT|+4`IV$=R|BMdl*WOb^Kcv4V;j2VpDDLAD?ZEk?HDzV?IO@lhATDz29}1(N>& zN~XV_63dW~CE!OrOTessJH(KOBD~E1_aVcpn!xZR3$VMc{~mjhjZB8h(Xu)xY$MXl z_da)ZHgqSv5{kT4qJ`Hpi`E8lQ%9L(2gf}eL>-Zk5U^LfR<<{F>@V9cuQt=Ia8aPQ z;WI|;Gs@8*xS(?eacUm}IOsT2o7sdpJVxV8DXJ9b6$Fa4^H+LYFgrXlZ-^MmfW4^>J7!8Dqz+eQ&)BuH;z#Ey*mM)3)> z0pvXV3PW#J&KQ%C0ZCyEB8l;><*UDi1wI;Sy`3N3ntFR)b!2zZXC)0c_m|!C4+dV? zVg^!oc#A#k%nA18`?M8rK8i2ZwxGhU5&Vqm2&K&y)9;{kY3-c}TeVE3X|PzQRlwx` zG<&dU(ft;l)waan82x1@GP^*x2m8m*r;nFi*?yjYF!1dC0$y)VDJD<(`Co_;L8WMS z%YDVW?~6rkJ8S@UV!0R_;YmvG;fRi>CQ z03XaC;@pV7K?*GsTfAUD<>_qGGZdQf z!PomotlnO0OZuR1J9+oo3!dupKxu72k;Rudz-5N?PI~k$M_T&*gQy%*DFA3K*G^t5 zySkIR0QN0f*ew~HuthW{eAivcptC$(oK4AgGInWg{w<+ZNJQhqM%!-tI74 zCb{y}?{lVgAzO78E`^N+Y0>I3MDP?6uBT(;)rR;D*J@bF$nQ8t)_6Upu{eCPfnQt8 z`{upsa>t@LyPlfoVH>!y@J6&b`m9Bg)42Sc7Tws+E_}LW?{dpY7{t#nd`eb1^(IGm zQkil-CCvB=q)u&hp{D(cN;n0LKLEq;PAA};*_LSFBX%4CDpqUWfcB-q{VGVvdBN*c zHY^ekqSVcu1CETFR9kVg^Wm?TD2{g&RH>h$x_AT=+E6=4B249YF=pq;T!UABpPw9!tq%Vl zPK#4#E@p*~VRt_SYiKA=n@=oPA(vXzV#~Y!j%Op=W!tnCgdJw?fAGgjae5J!z3888 z1#_od`p>7;F464jU87xM9!6YO^m^xm-94+nYshmN*qpAfT1dW52Udt}g#n2}pjhnd z&Hn!W?Uw(@e?BdN$fI@Us=vIKW%y^>F=+eZnzmaWg+y(xcs?!-A(wV|e-7K67^vOy z-4Qdw-8+MQ5_&&YMzwAYcP_? zF7ws$@eFg4BUgN~Z3VquMo2}BcU=ho-Uqb2bv>+>kt^zZq&)Klq z0e^%%p@zN-O^(IfGp-NzA|wc0$JC%J@ucYNg@q{eeiB2$fcx45b9r0nf(YaMR1zS0 zm08`0OdQl3YWW|4@TUbeG!CvTuK+$e-nh8k>7rp96BCrk2#t^nFLGAjy=OkM1m(vQ zEtDkY{N96E*;@NnqW?BJ7*OY_R4_RYrX{m}C+-P%`5}}l%HuPmm)nFRk9z$edw2dJ z*kR>}M&ZJcC0e&iY&Q@YrjR8xJ}A!!-)atD`O1l#v?OQ^G0~3;6I8{8I8oB-$dU@9 zoacm8(xzN0u_OW49R7r27{Hv1gp?!1N$f;zaWb0Y+>dR%g(cf@$Y}0TPyN3*qV)>` zS~vsTgkli|YXM(`wzi4@L)6_BRr9OJuyw~K&GH?zE0gJws~U}66eDytmXe5yBUy)g zZZ9+U*|N$J6bEz_`lY+6JB;Ow13r3LKI3348W)YI_++hN6rziT=**==_rLf-)Z`+v zBbjzNNKx%_*J_kc)9kIH8^Lv0{lgKFvHmcYCb!b5AkOI*1dR-l@9*>G825y^j*G={ zP{(5~GFFs>;$nF#XQm8C{<1D52#}9PSd}GArE?{ScJwalYHBH}hE3J1^tp?wsT`g* zA=Wqr$?J%~Zhk_hS8Qb=g<-+#4Wp)KQ_P2{3`!f^fLsovkUR&r zY$_tXa~|SU__ybFj8L3Ofggf2m9BV!Te?N`B@B1XH1bWkDjGY{44&iHpJBd09mJP8 z&!zAG-x%W)CW`m_fq-uD&)sJY;@b1C_a-cFM3??W!;jws(+|&Kk#|~A>kJVl)KDa^ z%l{^HP1GcujLCUDzvJ>b{B6X`X*hM64e0Qe)^t2utr#GR{awdUux-ANp^?(3wcyhM zi5ZOe2T@h^lPDn;TqG|;5Sda-IPo`>V`TBcV@@jR7osHWwVmlG9EI zAvA`;c&iBFE8*sxrrTmA3)bmxr%aLn#hl6qLCH)TH{_B=da{71V1K}jZVt9`1)HwP z{WD%#7Zy0#uKwrc{_^Kui<1(pf#gks;{LBHH+a$pqvYW6<=c6>I>$R>cu&K*wPe6& z`zYysBd`uxTG1MEQs?O#ZRTIAJu9mMm3iBRT6}P%))nkJz>QH$M@u{De5~`{)^=FM zcaeC(XMi}9b`@clMQSJX09Cvm$|q(N{+o$=Pd2sEfM-q5uFA^f19<%bnmGV{h#*J+(!VW&Ff$}jnv6iZX$d-{@VR50|H!Rf0r)-kA9}<)#HZlX zoNT|H+h}BXRe5%yBtD)HYuUas-J$GkKPb`ap6)mu>z2OWA=+B<6}Tu(F_vF{;`*{5 z)@Y(F`>$o3Rkh+5J9s5JAqziwaC{}7TTfFT`_p}YM zkTRimR+4e$8G4;j>8gSXle_oBakoI<9rH-ZQH@@G;1N0+=!+EA6KXE@J<^$Blj~N* zhv$UKX{h+uS(M?qbR0Ru8A2XLj&y3PytO3+HM3Y9nu;@5vz4+r6?c{kUle7J;Z?iD zgTR$)fpKmBe4MQNOI2Z=G-Na~Bvb9K6-c)5Syyy&$`ESUL4rNfS(3%SDJ0Cx)K$Y= z9j%@aNFpvwQRvjvLlzuKIA0NY?vRKW+#f$Q>`>Mgd*Yr_JH9R-FYLRGHN+Hr*q!Uu zNF4GH&4C@drUrfr+1E_u^OknSu%uiP22O|;yJH=N$-k16qKBWT!@q`F!fR6L|6m*( zu!Q);Ur;Or;b%QXi@5BF;Kg6HP1fx7W6Pfg5>i9TKGC;q3-;)BJuyI#ZP=ar`$PE{ z^1{Iz&Ri~{FJiAPdxu{BtIq~fICf54TJ*vHaXb5C3I_VG=N5qW=;Aftbgtzd+_bR? z*U?Q%&9i<>#R|@}>KuOD^f~+8Hsj$tq?PEr{Iof6WBY`pr91n!r>ea0KU5{ef2qnw zS(}mnr7Gzc8YiWcfu(_o5cwDUk8Q&@B5#FwHA_+M_`#6E>dZ^^^VeT&eny3=q+Wbz zocH%~bpK^4Ghlb5XD;uh*{S`rkl`0hcK#QnBtQK0(VyI&Z>K;zZ(8OTK$t?%AZ6O( z+u2?Ikekcpc@7DVN zy-xpOlQ&m#1ZN>TWJl_(!tjG7o0>u9mTI@O`(-)1!Tv&?XcS^cuif25{uT5Mzv0mh zK7#YwzKJq-0Q}+kDIm85C`$i%_>VCK&KUp`ts^aRieTA?Nw#F2V)q2I**x^dV>m%; zsZWGyP9DBY?~0!u;mgBXO-yxLr~3C#HneyHL{tgl)^iwD zzSTtX4+4|K%UCqVt8Yy~`_H}?eS8`{A2pOJqhErUH}_;93ky7G1!JF*ohmk{~h+hTt&4;2CJad~k&~TMAC_lGw{{vmiO|g-6Bk*x4ST z+;TzS$lWsl(Sm8&bmbEUKJUS{meKKZ50dPZ=trpVR$Rx9yi-&Bg)w5DA~x~CHszwc zlcBgk?deLV;gkCI?ku#eB>%aNF^)6!Qc)smAa+Yj?^a(>thhv6H&Do9M%qdmzL{oi ztpG3aE6P?19v3I(JTd%p#R)2{(Ne^*{xz4J0=$km_E9)+IicwWcwVW4NP-qf7nQJef$_orw9!0 zFp`cE`l)0w+5sQ}j(Hse`zPcaIPa`157fe9iBrlKb6*Loo${&t`z4`saT)cJLWm;k z&7!ZLwNx!&dP|*4jXu45d z0DK9WzZ;a_`H8oKM7b2p7yTH$vlOrUvbsNZwT&0YKA8{YSe)a9Cq`cP8&NIRClhpw zT0s$tdT|AL>3O|BCDbnWDG7cp30Q_EwnnJ7*hNC@c5*_OEa% zc+Di3!1u}k^_Qo)gTlyKpx8gk)p$&|*PV$kK~>Q;xknoBkwy9!tgg1&GlIEjMz7&U z=TcPSL={t7xTc4}9rM>WQK|C}TW{88C=Z%zB?M+Xy2mIF`0Sz>gsZtf%teO~YTY_q z^M4fYgbhk1FNu@WL~Y7rnVD6)mlj3+`6ndf3R9HcLCPrrI>)FdGz;XRdL6hJPYi(J zF-ulkBXs>UE{vHSultn937$3hG2>j5lqe>y?F{EMK~(*`{xb}7?xorOAv>B7Cq{wwRIcyqF$#Od19HT+joNVi?PEwv>&pdJ&8xQW4f5=$TkupM%&vcvD+zBO^ zu+yiup?n$H&{j>h+M9=ivRuHK`I&O%MlUB0*VF%J*{L3rR*fdB1_29m+`AdK%ZnxEX18^gM#oYQ;wnAOJ_ z9&KiJQ&xb3r{|*(8JukUn^mm+o2cz*z^;6UNn$f#F)MU!jN{s%4cY~2kD zD7etw0|c#z{bKO#rJCdY@`^1Bu;H@a75?Dm=K<}?>iL(hEI&Zq=~ewxbDy7oj;M{^ zf(Hu=>%I&9;-q!{GD;f-GFF4zL>wfGnWC}7{w8_U&Wc1Jx%u{#QBYgjrp3Xa4@b0L z%{KhQfea>o;L{Eq$9kNC2I7V32|446md{hlo*edEwXb$Ysx^-uv-S5=>sUDLoym=T zhxd1jZsFrmz|~u^A%>S%gI~*eG-8dQmrcWC*i~~_eMAr#LGqt#H!no>5->qLOpn3ykg}&Z&J7~?wxgyKadIG zX{T?et*BDW;5(rHv3lHYZzP{i03<8~%Y9DVbl;u-j~5j0#?pK(QPdasSBM#HTE+afBp4gF-cZr^|Jf~2~>|`{E;l5_m&?A z@_QkB>TB3W!nKo{|E%PYn&n|k6svz5(p^-PzpK-cFod5kP$m?DuN!3K$5d-s&x>ir$N8$|~MQ2i5LJju~{;vwRh@7C^3~j>6Z>KjAL*KTjkkWpb%2HK)&DdPOADE|7GTrH-}USB1Rza%8N*gX+eh%?x!L#i<%Dewa)ZdSxCLOZ|Z_2rSB>)a`gpV z?o`-LTw^ftWwr>??fUk!t?Kf2B}3MK5`G9YIevr{69tyk@Hia3H3>w=W34Xr z1lZY|#Zv|vJ2U?95Y8EP?}{c1k~P?3*JHOw3C^VY-cr7qx2|j_3J8jGPOCMIQarAr z5dd}Zf88i;Aj(+LjxPYmCGa+zhlNb-v@xyquqxFT4=#N=9)>lnww-9I&GoP1&`f(8 z%}ZTnjokajIg{0m@a_M~ROAmASDd)a#lY!f2Jkg!T|eg^w32b)1Zq|5eqLRvcGmo3 zt1~@?2il=p!aCiHn6u#9&1^@X>VIEvEJ_dgphrgG84X`8F0#HTg@`-le1&^!Y+5qe z+9*kY1nHyjk~3lmzCAC`{~8p1gKPM8X%yinbiY$yRbOqI=5}e7Cb*>5RA3Cr+8q+| z&?;H?Gpq#m%P*uOl9RgU^rT2;L=X+u#%r0(lg$sh4XeXI&U3cwgy|TU(OG-G%tE+wb#EMT|S<`7G^L1^*2I*y_uXX5>L z@VS>;I$ci}!Vli&-05#P-80)q#B0YMeLI@YM7o_()Ws5SG%_tnKbca;xN6qP^IwAk zMpbQD{#1z_griBnjEODg9J5S@9x4{LZ?FX^_I{zlI^YOTb!@hka+O1VO-k$S4Jr3G z3bWwOE_1+}Ntk-}a;j zDx{>!)ECau#y6Io6)r2_3>L7~MM(feCf!7zV~+!keFl{*rIRmH1#$*@!|PKcB{`v4 zzooPP7D=i4jlcKA7r|z(tQyrQ5pL$`GQe9@>tR*G<53nfN>D*tmH6l%aoiRLv8VP9 ziq5PHf4y9Li_QA8^Dg``CDIO@KZ$+1<&VnU*w0 zMhhki-nEZJdrWBD*e1Q&R#2JXVt@HPgh04xdY7Lv~n@eQmOX&JzE z&4=0FL(JDOo##uTZ2X%|?(=c=msgUY?xtn^F0WEY_XNE7n4B1^H!hGyY8iZ3)7SmX zR<#Pq^Yc$8ojG^TN%zcbjtBET38&-r)+;s>bs6JIePS(56ZN4=sz_2Z!9l1u{in49_i~^SiN*b#mP;ZFoWll#<+zq{jSY+B79;kF%X2 zbfaHX=n$jGB27%y6LY^N$uXv_ANoQ}TXxd-&Fj-MPP-lpeUw9rtOxdOLA=QI-9rQrKc`_oB-GF^}`b#RC33U%t0Nh;7BrR`}4c#@hOg1M>Z+ z8QTg3tSG+$DdIX^4JiR?Qh@i7glm!NO@NfCn%GX!&$megYHd-q0gl}sl+JRRl+x5@ z$Iq<2U)ZaOCzRUfm%}+V@GmblWj5H{lV~zTIz05&EW}vpws}$bFn1`RdPouSyVceK zhtm^)kPkQ|xwyo+1T8sS65HJaubu}dfKDT*{J}xw+ylw$!5SN>yBZp_$^fXZ0x=Em zu!(Ouj-F5~x5&c}o)l}kde+UF6h=lYfvmqOx2cSIB~;CY-XNsP&$NN>8aEK5^KA0+ zsIQ*EU^cCe;U{jFZU;?6SCm+5u4pmSmN^LNz}!@n+JZ$1t~jy*n^}7#9v&X%DHauS z>^^8HI-4I&$ezX5HKRKR7{%fg>DIJkN3E;2j1gEN62=4(w*UA(`$cHPK2!9G=^tSl zgmWQ;V+8&C?R*>MEXwDRWEphAwqu*H!Tt@ND}er`TR9pehQtqVcn?$6Sx>D{UPBz>RdaDR)St~*Pf8IVF2uUxZ6zGZH-}|@4Ua(?K z{g@(GNTdS1c%s35|YH~>T{13)X)%iPH)9Ls()e^+H5WA_#}{nmE!mX?ep#Hg#N!N6;rGd$*F*|ALok1m)8tavL#$jOsKre?XIX0{t6j5P2L)zzUjT~^+He2h5-57Hr`Zj&1~0V=WRtB*puS>3Fi zH)9?y1{D_-@;Ql$jT$L(-&qs_8mrtjawZiO+G0+w@z-d1rxiRatkUJY_KUA!yPIrzf1B<#5* zOEx64aWxq-Y-hNJy=>y4W%pqTbwyOr6VawdQolK~;17%6jGcKsDkA7>Ght~QY?iB* zEJL`P^MewSIz@O$+m|3!9E)s3mQX%M4w5AM_cJi8r^a6C%H)$}8bP#Z&jV5b;VJ09B3 zz7$IB{FP`FCt!h=3fI+6+vUmu_lX!Z>AsrdG~Y!Q=!}&e%ZA?F!;-FppBD;?2muGn zi}Y6}hkj#AbJgDKzUY(DkVzx?|6yg^x^lA1q^{=>Rc zaxJ2Jp_(5i%aD?u&i;r#|mmV(uW7Ui1|&fgGF25_h-kL#DH5?mzAA=2N%#<6l{Mko8*vC7|2C zI(rohs-_KItEX6(G8{Ny*d&>@eXBllp62xXQ;cWuPrNNZ#O%G`kc)j-$6H8%rg8jK z1vUDW&tmN6KDiH~H7R(Q*W1sUZL3og1KJbBAGM4@08zoxHbr3x5w+*@57KaX<=U15qThvAASE&M%FE1r%jw zlp8m;*=sxTJK{i-P+AIDfhQl~M*%;@O^1h@^*}y~`S9^LG!LGmI%1%_Dpmpan3u7Y zOc+7DESV!lHEWRXM{Twa-1^@N#Qe+qD_)_A0u?b#`sQfC&dKcl2tp+9qh3nvaknIKvX zVzw?HQ`5tNz(*vGy7(mjDyFh4Kwq#nMf)iO*0F`fF$Kn@Z?m2et2;lQ&}RES@G1ST z<`33k=YlUh!u_l03p(=w>5>6K-bi)fyeLXUw)ncj#%|ENH&X80?oeJ$EGS)cB}ntOhOxsm0kP{*7-Xv&PiSThYl~$(@(C&Bl}kwHhyY8iu1<@3ARg z6nVwq4D0LU*E)wgDx7XbOw{kjmV*Q4SY_}gt;Sy}^mDo#FB+-Ld2)0A6+PIZx!QnN zb$_+)aQ14OcIzYnw81V=PCT+_5H9z?pH2!uc#VJQ<|Fr6mvHdM9fU2+l=R3BNkBK})Dfb2jCENAB-yT|#z~7gOsN=X7R1l+0%e}*Ej4dNtgtLo zZbaWAP(pk8z}D?+g78*NzRSApp*;aV9ql|eXWpyAJ%Zqp` z=Z&Nvem9SP3Im5k4hDhgO+>+YpuC6z)lSDXgWxY70|tpk&cA9*DVeewtH-1{gykZr z@eAU~u$;4RQe`N#6VGXwY;m!vxOqm}>P#NWMwy5zK{la5u>0LiX{>0ytf_;OgwA}% zXW!4jgDe?{$-S0~HJ_&_HdS0>-WJzwNcZ=RIHAOf z)-i4?!9OEmjLhQaHAi+8YEBwZgRpwHD{g)cPXC_+Ox;d~hn7L6h zcS0mLetb?3V~#fS0sduXzm@V-$;6E*@2MwfHj>+p${mdq!KWj`A}TBF!)O;t%#UE8 zmb_n4;S6*%HFm0WA840f6K?$K9@sr!O8N8`wd&Ij`)!&9AbjSE^a|*EbiXED0)#jf z+?@Z)4vj8=Q$z@1E3u6+$VX=Qn()l{pHO`lESyDE=I5$iM@?g zP~;5FSFzKj&Pa>>9EXT$U+!|CwEGTg!9K^EHLV{&Z_ny`@Ag^mpIV#(x)TnOZvd#+ zZWtuzw>RPC{ZRatyb076n5s5(0bYBDA9ZkZ&FLxvA?e$FJL5ad|lMCj)70O(%>pGmgplH@H`YZN5S&u zR1oAA6)#g6F>HoQvt_3qAjI2`$=1uPs<%(bP#@mt`fkS1-PU0uRdM+cy-af zleTr^-2>(9j|7=^R>BRP)KJVRQ?7M9|OgAG}hU`^vGMc8-#qX zT7}KzlE>1i2LUZ-!Ko)|w>4^S&5?lm^`=nH<8lQ!C%mA~&sP7i z?7m*`4Y7EUi$Wah;f|Te(3zJK_`aQtG5SwJuiRP!hL;24TPUwd9c+lxr`ima)hStx z35ToqaIqC%g+4AcC#HKLlKPfX0x^&@InIm{T>PR5G(oEzbsITd5BqoC_9Ajo)pQ?0 zI4WG2+0P+V@s3|kDDB~{1M3HPI_`4W|49rxYU?+mayF@f| z39%$!+Mu$f3c|88OU+|UqNWVQbmm^a|E8ia!IC9x6EWzw&wWVP?CxcS964?`QnMMWc#>v^`Zug&fPEz#N90&l15pS=`+4<<&QXSPJz21J>zPY$O2U1U7 zT~Vuk1ux420BczMWHi8V04$#p+1++;PT$I31Jk%qjq7kE##>9=#5uT$#JbW zp!N}<{ncmn?eg))m-r2I?IY0?1t#ZwIftb{Kd;4Cogfgr<}9&gz#bq1Z`!5o0iB(H zs`bE|Jwt72kW>B(`v9zzAmg&)cEH6s%Gj!a2?$|rda4|BYp9-9jQMk3MmveG(#Ddx zTa4dmp_%f~>z{aa7(1teu;g%?*l2VMFOCa}7JppRYND;^0hJMh_FaWG2a{?!pfs(k z6xl?jMKQzxndTSbx@h7&$bY{eE{C=jeyIGOSk4n;q~$QB`^T1%+1=ptb?Vu3CuS( zwB432Paj+^m=Nuf^KFy2%;35UJ*80}PNMZVw`*d8?0YEY8;oGa;GYrVP`kr(4Pm}FzbD&NKg~LnK2XMG5S zCjb_^vq2767&SRjiZPk13r5WX%quhcDS{Drlgy=A&EjM=0$EMX5`rJ(+vtA!HJY4o zg?w+xR~J=RV;&`X4jrnZEW;0VN&(X6iL+}WOgqMtnrT)@xgp%$(yiuM@1WV>+1n{l zyHChl&c`YpbPfiwPWLYX#rzk(=f*uLauH`+({DOO-px$aQpuD-S>`V_y1Gr%Q5IHU z(gZ5w-|VAnJ_kbe&!EE^y#?T_4v_QewWW;R4E5u3_>28+j@zz>6(c=C%x?)(oql9# z(~J$Qg)eP>&&-3NUsm`zeM(dq_1C!7Z_YAw^>f_<8k6V34UHV8_~*K{^niE@RNg}r1PBy2BAH(8ihS-LiFzh{l<16L^+$tqD=+o;S2_op%%GU(;7avx5(Ph?-{e~n^69NE`LdzS^Va2R zTH06j{5QEPD}~p>Q4QFIhU%$wbAl{}O#X_aao2{nL*K*jOtr8Wvdab|&RZoC z-xnHhwc+KeO;@P>^5YvllGOdKlR&4V6;X(>g%zgEnhJD8!^2Tm#L~@Y2@~M! z1@J+z%-sD$J{o@v(u9>a-~lS$E3z1kDtRdBu`m1Uv{(*J>m}-)amy_HX=q8CPR_Vm z*FC@}V=|e}?);?*b(KhrlzH4gS4WkxGHjmx6X5XLbj+>r%2@iJ4p49OZy+4Jk7OAe zWbbR`tPKhmG4*k2$ki5OKRgs(eF|f-sW^MNW{!T(%UK0mXsydAlj7kY03gN+~mcyxl4^iHr8{*xZG7N9=~0M+mAqd@uG@&TwT#li$^aI3CWPQFnl}JpEF%j2l6;leCgfrA6hq`>(7qQlo!SRmUKxw9ud$ z@sNvZBU_Jmw%voLGI^k@5MFuTf;DEbr)x*86bEIEiVZob%yl1x0fSGFn1G0?2Z`kE3I2G&dnJQHmTDFS(7Hh;8>&u7OqLxgC%}7T|!xh5~oBo`spJRQr zHtof4V)mZICSgy#%^stlLxAGNnmiD<`48@Z#hCXEQJNQx17?4dIkM1M)&|-Y?O}y; z>2)mk*}&(30klLryBiStF{^y>eEM^QThLX}%fQ@iuO+VD{KV2|H!h@fL|h3tCS)(s z>G-YP?uEclqurXvwxyt1z?p%%bZM|vjvCure)5gli{!Ga`lx#_XP1AtV z`Rh!gl#kKeHZ{)1heul6TbZ3Qbn5D(tLtfg0pO5o$N>Bfz@~!-zvOebUqd6XF|JYz zuzI#+Af5YB2x-7=MV*k{^o?)FCa(&bfL@vG0_RQo`pIdKQ_Y_j3}uAiPim!tY|{(*ilJ*2Z{6gl>tA2j8c@wEkx7y_xACO1FlCxkbqHLf zxLL`=ht50b$K?;P~{vB!Az;%))j#fZ=yqx`BV=8$&_ z#Xhu|JstZ;-xGu6<$hqJz4s+$V(HYy3zGf0wO%&)>4Xs2$~Q7n7vevI7_PGBMAfD0(K|yXSw6EuXK2icw#d)y7 zQn$u>7^h7`bQa@v&pltJ3*y)sbowt(1kV(*%iNdn(rzL0(K%j`FrO=0;+*0j$WF<7 zbH7@VspA^O*vOIgPie=V9U{M#m|aS=$`sJ&`R^I3PjFbIc-EP>XH`3J)|G?Jc#?-p zw5;B#KQa4RTU$np%dGcXbROzcs%pH-c7_SH@PN|0F9@2du;f1VF36W;zOqF{_!2Mp z&?)?(^BH&I@SfJBvQoaxYkC!tm82vvp!XDdJJ$agd}#7O{&G}ERZ(7hD%ddd**C z7S{Q#a}^%FpwFAtS}mrF6ICXO&Q5`5ooSD^ayhWATw&8osZOq!Zzxr+35x3Kq~Ddg zg4IB<%Mc^`y;8X5=5-!iHU>$Y=7F@}z;Rq6B+;%8|9F;reBdxw6X~yvLOKlECTe+)56WPhsq8ZSyeb4E%f>7c?pWqII8Blnwhv~-Nlqj zdC`%mAve|4wW0Rsq2j7t_AbAl)IzYpCWqOAi426iiA+%W3%VwexP72^>6#DhkHIJ^ zxe>@t=6apmZJb~GeD6G5pc(LH2uG&sV#p(BIaJxkj_J=*LPtY%wkQteLK4mQ^$Vv# z=>rCqaF=*Pf1KHtKxq`qPg!&^=qi<-{|^A8KwQ7_UZ;UNoo5ZydG=f}<<7Gb?^Y7% zl(nyV@!QkQb=9`Xz0;mi;1v!eAh1&^!pQ){ym|#)2uTuHPzzFpW77(I^}~Y(dfu*A3oR$7 zzoAs%Awf?M#tM5o)nbgG@h~Dn;=%?6Ou}C}&x%V2N-VZ?m>OmM$LXu4Vu~!6T58!q zrFVu61}W!i-D5lml8b@7&r zkFPO}R8JR|6G_C!yPe&tV(*ol=8AmBvYEM^3&gXnRJN7MwstcQj;*+6-%S(OI)@vU z*N(RG+E!lM%4^@Ayyk?kfy>x=A?UxYoEDO68j%0>KmV+A#^gYJ`UUeaq~c0vhi(1+ zpY^+)f5y+JpkD;B0~~~uUv=aMs!+->Th32^2{=~ZlzCC z@4lqZDWA9ECwiFTXUt-9AF}66vGV?e&nmx)Mcpc%FCu$ZN}iq0R`mQ9L{CU-FXjrM zds_kY`w~DqsEMAgc66&`JS8e#rI+LaDk^~_6&E;)SbzagXbVX1<6UvQ--;!1iX``& zC@$5drMJ?O+DdO*>1`{$`5(VE>8mEN|}+g5t}Mx{5Aj?p^e*H3~fcW3VdxvwynrELuAXFuhzGQwYNgscOkTG-RQnMp>2*G%!pw& zwBZ{OtG1>vU2iK_ZRIKtj;&l}-c6OOs^SyYkgN8#a@AI@+R9bmqFl9RAV6co;R)Y} z;I_4gp{?9jfv>IHww2pv$Zg#X`}S|sfNbTqt=zVi+rD8*YilCY^`?kgIHFjbSYha6 zo+vLduiXCXAr_-IBp%99`BX)HBh#uaBHe6494VnR+om=msZihzozlynIS#2pd_m%v zz5N%hG0UW5?R2Ma|1=Cqe6C|^s^$ZPfNuLBKMox>U4|5252x@$OKsI($M|;I7aC9b zG9&8;tmo=lumr?hUaQ!*m?F!N8yae=UPQ_%?c=4L&gMwL!)iSwiP9mBO^$rk!cnW! zIw)@FG?t36Qc=u7qQ6zoE+=tFIDrje5U~Q2)1g+s=IFh+p9W;wB8LR-mAxt^o{;d3 z-iXWJm)^@dE61mm8S8@KW+NI_0*~}2CnTOm?5iavFxT^z0r7UrrNr8`afdD^2+Dsx zEG~_uk01LVKlbnL6j<;_|L$%E%6?jOg+-tS_)1H$B>`N0J0nAL=Rifp^AR0X zitdZ2fOXdld@S-u%t=_yAqC^5{l_xL3oHB3IHcD!OmR-WxT}g?%cX7;$+Z!IKP*aqVjUHA}Yx+*$xc!WcdV+5k(J@OYt7wpV;sx zEK0gA$~M6A*xU|S`NRXPSkpzVs-vw4 z{0)e}RZjey5P`c}5g2Vn;D;+9kv|w)6Tmr93C-$vmoS}3vj5=v}K5n;?v-$RU zCFdCldbcw3mywwts-(GDmFoA&rNXQY zSxhD4G#>sl{%2f%i>N>t{X(KK3PzYq6e^a%5)vwb$d;EQELF*b-4L!neaNg0=+}gB zEE)gv=}5{%^mccLRF2ZiR=~!)i7VG+rd-v#ofdixeOzKeLd0SuM+BvbkeuK#`f!zA zlBQP=l%07U25dY|V=5=RBNC09Fha2_IU&1aOygbiqO$EBA1kV~#5C4pSCDzbcfGU} zj(?gUL!b>PXwjNPY$DLl91n1e5sp|q6f`6VBS9o$1NSL(YYYV`$1>})h=hglU8uK% z63+f2fdqhGF^Yf5eaEhoPm zzx(;+n_qu!jYEY<^^R-6o8t^{JrNM}PC`UAfqgIqO`nyJ=ZowhP7)?mtCQ*Y!>|e! z3ME4UFtU`B3VfD_^T8GhS>OR=pa6)}7YEjLw{^Qq;@us9rYK=r>2r+vRmg7Q>0)oC z)uVI~%WSP+zTjWIZ-BdRwr7~X+$K~P!HA4;23z+q`y?lk*?ahvYrVXY)g>7x5tcO0 zZz*-yue@F0E~`Pud4KuLXP@0P4}IOhy5zH)dSx>S4X(iI<29zOiKQJ{DRN3LyRe#K zQIM}66n5XDyLo-D_@Xn;|2`=E?i63_wTmSRnozg!yAx*f_ot5+r6^}x*N3H`D0X^S z?6e3)cfa_e5HoTV7RNaaZcCZjX)3|2+snOQT#8=)BEZvZ0_~ZU)S*; z|NZLizq2pbj=B%v)m`o5$0j0ii0`LVQYfN(Sm)n z+wJz@{yzM--EJ5EdvJ7c__xk}yK~U)w7dIXw4L@kK76s@6_^jajw zmk|lkQ^rf*lx!Ga-pZswSG-u%h?|*i_EHzzas5BOP@pO~(}%u((Wx)euht~Xqf)F% z{f!f9cIF{KiOq%Oe9v?Uay9b>b-|PenhPkB}@UT(A`}#QPr9P zn}kCoe~egU?Y0KC~=a^X%ojWlOULxDs?4zw!~<6#Mo86hY}`a6YTO))X=}u zWXN$y%Eg-@iHIc4ghez^njE|oX%G++lCXg;$$)Xvgx3Kl&~Hs7Bv5@@exc#;aig9E z@S`4o^owBtAqxQfP53np$Z-&`G?woc>r{{+dh=yF1l{TOtv=#8FGBC4r1unHqrZ z?s_u{N<1vVa0-W%di*o0Ca##@g3_O`T3#ROreM8+>M(5ehnZchXIH&3V^e=N6ZP-M zf7Wp-*;o}g&k@6Wc17ZUTHDZFJ+qBqJ`}3UW(+M@+`1B(v{Gv}n>nt)FLBVqsT?s* z{|)P*b@fcND9bp7Il($(5m}aFEW-E&M}kTAo#fjo6@ZVM_R+@ZD5 z;TPZiihye3+`aBx5{WI)rz|`-l&RUxmxtT#R|%)rG$KP1W-cTnCgeLJZy3MIzkGdq zl7Dgf`bG94+l^{^bBah0J$ai7dFE|lPiktfdqd;&HdhYH9LE#*o+e2|#w3U|)7bl__l`*4-WQ}-Zv0>ZEUDHPH^~Z98J`~vNP8VCD(8SZW?Q% zCxQf=$S1W$cHJUn#d=0)JS_1VGg(t<%WP0h97XI#{aYd_vynThPy`#1Kr(J@{WKnO zA}ps=Z%FZlCVj}Pq2IpNb>Q!p`cH2cE6e{g^}lNz(GW{w<;Z5hms0%9Ge`gH92^z( zzs}MAR{y(~=aEt7h7vuENQ|CFj9sM(s?XYP>&`t#?P7IQSO44DL2Xc;9)aBSc)-#) zboylW0dzL~v7S*~D`1>30k+`l&hBwUxE$jc4+*d9rM+wurz|u!=~WxZoKM$n;4D>W zTB#AU`K~vV_ahuLfTE%W%@kWFIKh`RqLLEPIzD}En4s`V(g7M_@n2+OdweR{xrC#L z){ZIn|0@8ME21HMyliYId#L%t7>&{L2-Aq2(aq&yg+9MQ`p*~K0 zs#8yq5ZzEYLjP;0g_Kl>SPV54NGKs3MKmU@TIlZIYt!2)dYb_cQysOJ`_E+r@QcK62s@8t})$_o-bf#_*ME2asIy;K|NDoBd)xJYAI~FnGEzHj#D=xw zC_*uV%w%dqQ!1JEiOBh_RCvjlz43-d5xOJ@ham|ext`({YF)KzwMUQ8hf~c-kP$6V zyZt9>qHep}Znlq_o#(Yjj~=08RlC;I|IIn&9EUiOq}nIPTX@#(LdmDQ0*2$eYGB>U z4#EOq6q1C*A&G;D26&-?N`^qKL#ZGf7$><+m>@{|YN0WaoCY59j56pqsa@s+V*F^V zON^BzYE5)T#_XD)ewF)65D^@wiBiY}Xk>jjj;Su2m2m)7jm-^Q50b`cfUg-xY=Hhs zg+!^);tm0ED5M;8Rlu7sIVtg~<>t@q6==XX>hmjd!eYr;6cPSbOZWW-ygv^{BvkUL z`F+aS?WEt(qvBWOr3}J8I!(n$eF1!P2~IoUtKwW@uAYJSQo>>qO96WejnUbEy+nc5 zSVSdg81=9Agp#!hujod*iuFyx_{ssQ5B>;YRO+Q3=8lC^H9Qke zsB|2Tr}lCjj&rCq?{erg@76=9X=Dz#{EBp^O?kIC=iTC@ch>_^wcx||5*BH0m9(-y z&l3`~w1nVneAXZ%`iR9yyQ#xc0uYs!LxCIgLGkFTC2W>@ON&Z6iK$v1JPo9n#taNG zIaUB7QN|2B(M&bakBjj25xAGyf#Z0B;FyktD6c;v#!;piqmwgXJRv0#(3UWOC!AaZ zF7x#T3_NSW@Hp!ZW*LM(w1DG;xDs0Ulg!RucAS7%D#3kFHQ+|5!IL900hP^Rh{pd1 z&Y*z>qnMBo`0xl{6A&Q_!`}5rUGCc8O^|ECafCdh;8T$XBehk43!bY0P$_^?p|?8Q z=4&CT;)k%c=y^8G5k|h#&|?uJmPVo4ZIM0$*R!p?ijbgcW1teumS1^Sjvbrv&Q<0P<=v4IJ>66fHZE+xvSc#k@mZOixXj& z7SWb_2kwPyS?{D)meC+*4y)FsHFHfsW}v{6G@e8eHj$8k4yZz)&2-1Hr|ea}89`kBB44Z=#rLeOE1xGJE2J5dUJ1aTlWQmO=%lQWHAC2-+b&64#a zxtu7bEEOB-7tWu-o~b$kkXjo5ee~2o+(UiIQ_|mQq1S5h%1J^49HFzHj!#sZY0^Lw zmZC8ojwHHKi$nvhM2GUZBMkYH#-T#DAlWc6I@bq!8BXl7R@+IMC=Lydv;6|+?W0}P z_c*Wqoii~CO}n~!_NlMh?E5CwK5%{Ng`2C0_i9 z!paSvAgmhH=Q1Xv1cXdsB_k^Vg)4c;lSF+n)B!w8f#PI9IEkGcZ0jhZ)fOupBXWz! zNdzJ%M&}U@t_-No`ay+PRUizmYf8wnwC2mR)pn4C(`!}T_~lU|&^5(sPvk621Jw^k zF}X2H9gu=qikgsHnq9uo!#^|beSH{ML#ajJ%t6&wtoPkivN4uwr9~69=o7BZUJAvE zr(6?0(O!I-mW{BhS84@?^y49oZ~JO@zMW(qjs^VNWpFbB+nB~96gZ{JjvvwanHTq6p zy;OQpACw(E$dQyuAGAk;T@;v`0prTo-)W$m5e-I8v$z=%v#c!sO;Jq?F}p#K%>_x; z$W)yH<2OpXP}-8xH;ItK?x?n%Y+QOYicnczA=HE0Yq#6|)#=7#dn=GmMk|?ZXY*u} z!T8lt&JDSoMKuMp)H;Ndizr=?cAmGNx2N$<4CnReN}Cd%N9ez$^?#5R4+!&-s=0Ehg83 zqy^_HZPn>ZKM%OadYV<`ZlC zE1yF>5w4Tp&fcJ>eYNa*ySpDhx)2nPLN#oSF5W9m- za1dGP7$q|kSqI&Iz&L4!vFP`##-eG;e#Z%I>H`v0!r;Jtg&Ki7Vrp6o*ObQ8yNF2j z*`pxyHlrkTcc(bY3o5jBoJVtpK;a$vpr-|unhu=%*^V1+PF~bJ}RFui~3Oh(E4E8f5oJ)=+8S34te@3i&1N2A{a5x9!-0z8wi&Ppc`l%l9S|4d^J!G z93wB7A$VByHrFZ?PNn^RA(pdmENCq3J9|z3#KTf&|6|<`_k;`yJSFu8s=MeKlR>^+ zztbWwCrN|@|Fjcqq=`s=6XZBaj`>(g&AtmwspN4M!TaOKyME3_R;6}o7U~m zrtBGO74AXkJ3lp!LeV5|2PReqvIji5nROQE=^{oJR;!gHz?eda(B9^pB%BBmORZ@+ zn;k57b3}aU*%~h=nw>mVe5fyzNJ)`+$g6KsAojUJ3`CK2KZIp;Cxsu^Yzf*EUI9R*2@TiwGj#)ezvsBn>*_P?&UMhK~SlE=psf0zX z&Liyh0~o3ThuWrn!@j~4Y%(Tf7a1wS==HV{X9Y*Uy*4Z`12`Koi52zQHnlwjbE5Dw zQqvgtd84kL33Pn=8flNM2D(fout-I=yLNhw`5sn`+nlK8rAdT=DS`Oy4+?1L1{({G zTSnFg!-EFAn8Bt4W}f~#7LrrOW#5_EIti-Z5tz{btHI5TC4bf zR{8(_`tJSN>z{sm|N7l#T!81re|5XURm~&FfZn41l$33KRre32sgCiLNtb2?JP4Xsdtt^N8%Pi> zSUI&@$tQm9IJE^%;sAwM;=C}Njhzyq`aKzu;7W5x2mlz{_ zYMei8F~FPW(U?0s)vQUM>^Q@rS6EAg+VL)Iq5n2~QEklD$n9|*(B(~}r@|6UltEQ1 z8_IyWw+b3KumvnmDMMp$6ILRFE^>ONZ72yg5?BPDKIo~I@YJvV&KHh``2L;>{_n_t zQ+>?l{|BA!VW$}XvDe-5|9g2Jp-SditG(8Wny5_Ei55zVIW<{l1CGt3$a2?#=h~%I zcsd|LiU#^%WE|a*>c{9%s-vA8?^gWMj}-ydlmY1J5tQjW1 zg*TvSL)r1HBAZWOTdSR$J#ll1S~Yuty&@zM(@2=qqS+4CC{3;Q4r$eD7w?!PJ$Kr` zCAz_2WginBO~CwC9R_2}UJW?MB-E6IGp)K?J^;#wVWoi=bZ^O5f(3)vKXl zPY$&LUgfw-g|_&xm}H}EU4W={$_eNgf=VTPHGTT%v^wp-Ym)ehNUSs;QEO^_wcF}+ z|Bjx%w&pQ-`5)@_egl0_BF!aHGQt2HXJ3G>hdE2*@Xx1@RN>}8&4HpyZG&o_oV^e` zI{?(rM4~g2F!VYeuv)F(?*}XvEFv}7vz5>TDoa%+TvR65>|@JN4P}19+(N55cFVP+ z%d~9bG85V5)zPj&3d&mTLJ{r<_bnq=TOD`+M2)F`E>xl29WBA=TvYi5Zf41FMJ>qY z5b{W4ey{cz`PMu1;q2v`m&fNXFWw!$efei4rmE8d*KCvBVw24#9M`VivWKA@&-?S~ zqulQuO*?Ar9zG2ib5Ux_Er8V*HV97%&$XXC8)LT2-BQG1NL5`NHC*(b)P+P(Eu0UA zGRod>t3(c#TiNmY@KBpOsa`i<^t5)NZ|fB`^moTXU$)H5bkwHMPObKySsQN_5lM+a zp^oYCLs+z)^kJMvk|q&B=BPsa`Sg)}*R<~}0p;i?3%Q(2LRrxTsK{Bc7g(Ln5M5YB z-lEgN+(@TJM9pTB@?mk&>6P?eE5BoQO$4%GkpA|bsb*LR7ErKcxg#G<-`aOJf(qI( zUgw+2q0WIl7jv%UJj6jZ414;J3qb|zo3?$aq2-MKAnrIL>KMlXun zju_824|~G8kzK=YaXu;Pa`RWPKPvFWr2;GxCiR+j?~ch08sonhw>G0%?by7?o05z# z%2PNmyY95Qtv%HI2fFUI+O75uqHzc&W#Pi&I5@807|~d*SS;b><&qQMdIX_{>Zhi8 zgh7Q7Ee-!G&c^6j>sEpKymecv*+}>2_S9pP-N0ZuhI;MB+RwJPb1>lOV@UDxRuUfL z$Q>%B`c!F3aeZo8aLb8^v<7$oB*z@WflQ&pTH*H**7Iuo z6yQkRIOk~7A&niOJ!{>zZgYp;4LIvG3r@01T>#=}y>tM+%anfTn473D%U z{I<2z0GL=UKy07}sK(as_r<8Tne~sFP20gy>!8)PdmqUS_1S0b_yaU=w%xZhreho- zrKpd`+MV6QsBcpCHZ`-aDunly?$o;NdxUYQ3FF8k4D7txVl=cK)rLA7C_{-N0v*DiN+HVvBtozQ#w^#{)8!W_#-FS`% zOG!Te%~CXmKqbKtPc1sVCe6vWWi?L(`rs>5e?EQW|J34;w`rNt7)DWXPf=k~-sgN0 zwXH-!BkTyRYpHkbRo2>*Op|slPXKnWR{MlbF~?&?eCQK;L9}60u{rfiYXF~WpHNdh z$o#jN{{;mK&exw5f4U{@U!Nd6zat_2(-DE$Zetnu3biJWRVMcF6S4T8WewWCK_IV zqPCXW7}-xIGIJJKE++duv+-m)KJ^nicH!F7L4`nW`}yjb$bZcPP)@>RFMv?J{V^ii zNis_(^r2j1Q^}vaC=Y9Wp9`!f+on7M41sGnxKY9yEQP&zG-P_z$E!Bn-uLP@xngwS zPwvh*EJQli3lLU}b71k^!e(cgGS1(b)g1Jl{!|zGALj&|RC(zCSmkW`30c4X@>k!V ze_DUw$iK*xB;b1UNr!bY?H)IMHUN+1m;~5>!TZjSW%^{ol8Rs~?)Lr(z1I1AN*`_1 zwU;f-%i*F|b1uh=-T{S{)p$x8xpX|`3fh+s&K*K30(MOx1yHW2@YjQ%Fs7V#N29~! zI|6*<{7H@1ZG~H@x5OC-=~68hPKQIn5k`NpOK>$&6;Y~vL;RL)5Ma*hRohPTo}zK) zH=Dn>u;9wNrvK^!NC2;C@4^cp0|>HJ?@aD)kOKZi}bK@Uv?j4;O(-Vqg^S@o-acTz6aht!Jv^f|z6@ zZ+I4_0Vk1g1tdf&KuGpwss*EKirs~Z%_J40gtOb3S1N|&x>>Om*(9pF#m078$eytl zKcT*J#ps)iXXQIBZ>;;e8JW=_f-Ee_Ipdl%Y7-mRy+JvzDzl%zxf_uOXSv+`BZX2r zx9V^h7oJkc=vQ2eemcQ5fpGCNOY{vmUbA2A{B24{_ga%Le>`6QmmUW+JzSk2nG!tj3~L*9+?gBHSsOL zrW@xi;^g?8iQTiA$05Qf!IV20#*$#7WIZr7#ORmfyjTNS03vN!VIZ1$XO%J0<5hB& z5t;yUdr+K9o;&5BSeo3Y5=-({Pm7yelZxi0Ioi%99Tbehje>nYIuA@#e=vU4JO)n| zJ-+{n*-eaI3z2H?-$>f;N zt&%nJ`{@Zv2m!2I5_v<2(f!JPU;pp_{r?Di)r^@*K@toOV+J@qnW4Mo8okb$bCt*v zNG%JP8W1{RLWfLLNQDNfZO8-4$qiUk;B3Q_9bD5{U`cThioVQQ&zRuYCKUDH(~idk z-H=NN>2ow@(>rxrOUIGlQM zxQWgv;K~YDXyUo+oE7gvP0{?0LsS)@5xU{XIt__?pqs>S!V*E%b|xK{Nq7ik@}2u!+1y z1oMazuG_Sh@k!RLH6&W{%ai~c{@FwB^yM;D%nOcZEjM<-cXo~s^wl9Q_iMG+gk*pb z_1__pXpkztkQpeoxg21|Qj)Q87&W*nWSI3cznV3M2LlpF?PqdruV`Td-J)4f9}*@> zEGaCKTcntD&M;pzoxwj!C*3{hbh534HJ40yO(>C$nLcNUr8ar6}c?YqT% zEg<_IM_(Px+TZCb0lVmJ^_75~^S^R1!|7kQh5o=)S~qGNWM#Ghn@!8?JRr71L^4JL za)Sg3SR9JlUJHGAZ5{X?xl8pFBir%4M=n#D+pK~bS>l==pUk12&xv?`tG5VAqjvDmQPZmV~{>^y{z0QjwS)`!3 zYQ&`3GM;P= zKR7wg=+X47)~Yt{*ov^kbS5(mOqkLB^qv*^nNUbHvuO^nYzoN*o6@Y-Q&dH*_S*LX z@tK_>=MR4o34S=cidd~_wNjg@EV-kzN_p%`5+qmzM?45z_qAQlFiq*m21rH{AxUU< zh&Oahr5(plB*0d=bgR-Gw(>MKuBLE59Fb7`hyMxg=cqIJV`& zE_W{@c4^Nd!K@Uz+4TM0fB`pg95#*p)k`Vb8iyK1;7kaK5HvYwn9zjsD&>I0*O?Km zR(qA5Up7OMlmckkpm^eLocqQEtDRLeP@+vdf)EJv+H|yQzRj7j!*((uP?%jSZHL_K zLJL1{C@AZZoq(*cj>*h}qdndAkwuk|P|5?9PmfVt(i6%z^>L#7y5Q<&bI?&wdu_HxRTjmgxz;3W48)fN5r z&H=i^;2R z&(KVOMwUoLjwlbC3FdMF#sQOHNwm;$tfS~}Fi>d7Y##oGQvuY@$=R4XlC_?2MO-;r zZy+ml7Pd2gKuXA44BHkEFl(q5bsEP3RT~CeG5sD?Gr=;OJRFWq_a)0Oy4eXVbLV1j zsZymC5awz&PMD~oQ=7v_u?}~hshN;>vy@AE0Aih!X1qi+E;6@*|1`Xpjoi6p!v#}d zlX}e1A%G&&5Y9TY8~<`=qc$Hc_7wQ{RVF%h#KT%EyfBb4`TP=c~=V}(_8dCg5hA}@aXVh$C`QQaMX;H z{DbV?t;Vb`!qxi8BX>QEADRB%VFkiFpv2y6C;yfbRo=0XH0|Ef0Mk_yj>MbhOuT3B zvEREga*PvE@GdQSPH1_dbSj&txexhm z-JaM1;H$WdXOZzh3@40}U(d|}(|dEtE#TZ&wymAW9p2|M7Z}S}=4bm$77ALCrnedJ zu{C>BVpnv@RotuC zl)Wv%&$pe=EN;!R;NxYSYt3~K)>%j1(16&Hoa&2|RF&UZl#anhP)>r&&=nyXE}%Ed zxKa+ToJrQowQdEDcB?H7I^A>@h-+%t(9qN0PmI3$d&LQGCM*XmRwK13Rdd{2Q?e0- z8YLGAKjiuN-wOGmQs{L?&XIq}9pES`q`7hXTfcDDot-FK&rl7sj*fyu4xCUEr`$u= zo!S+R!=5(+B0X60qR9xv?=>ZN#G#;u7J@k&n`Y2bSAk4|RT~HRP=aJ*8(Ph%g;%=ky+W0nYR_SM4OiLKs{-&}zu63_UNeXhigi z*Fkbik<^LmJx5nM+*JdQlcdlw@_zcCDsh-mX;y9?+QZA{5~bUw3*d4+&kJ#Jl2_wC z2lDBmIE|tj%GPVoOtB6_(Z5Ply4qCP56dhhA+b!wLZg~Ngf?be@l!2^!Z9hki3t}Y znphTo`n$eiXr#U7ta}W0EYR+?B_5A}rn69fYR(w#KImAi=IADQ^%zTY7-!-OGd^B% zBO35=<1ZPpG(>LIE5VCKm^&AvjPI&u{GA${Y>oD1_CUDM5QiZrB8&Of=Qv)rW~K0T zx<{>ctKI7KI_>WMb0a8JssTUzprf&W_#tzG(@8R44T-}0=DsfVpT4`1nZ{YX zV@~GS^>4DUcjcGAnOng6x!t%rT}?AaUK{%A&0y?J%S@(cnVL6>9{SWY%q=UbnuFF_ zrsUN#FzsD;aFmR2$7BAEZt|hPs=y=EYPHN?wbds&cv6%(Vff?%}=(O-KQ0s>?0=s^^_dkYo@_7FDl#Kv72#bmC=R-vH7DRZU2+P=>6H9 z{Tn;(*=gjUKAsWnzC8Y_0^sdEgvOcP7(sU{Gx35iv%bQ}Y#HE~WSll!k^*a$)jl8P zI0wIptd_8YTx7cxc#5f#c9z18h$Pa_5QDPLjNH?S{Vo7gF)29Lz=D8IQZO zkd5{Eo(<-_?zV1sN$j}`Hf?;c`gX9p)AFr?xpc9a3Z7ZvdP^N#PB-1}D6#v!?{?r0 z-{7poi--!zfW{`x2Smwa(~=$bX`8%QEa5O%Uj1v#W*(I~e3>N6{u#jTP9~=|EJbF5 zt~n%U;M_-;1de9y+2b+!nkL zt8!tJ=3K$UOLlwEl+8o|22}5C^(J$9?kWr`2_RnvHHs7dFs%ZmS2a!&c=$48z;#5W20SR>yT#+%5`T4QNDqySuHH`rnkT z#c#ab^3k(xeB1c8@onRqY&@hxB4iJV5$+xw_Q>-A>2$;H{=sEP4iEP)pAYuP-d;Bd z_wau3e4iXX?~rHsS*O!&;{o13-0P6bc6-0m*?&&D2i@9`#BhO5*hBShyW45DJI&6) z`}Xr*r_*b9T6^8+M|;nk?PtAqyZ)7nWcT{alm8}o9Ie~O9Qp6y@aV84{~aD}<-hxQ zs^z~-Vsh&moDixQL&1=#54^Np(KTeVN7N9Kcqn@4!=E)|15GmT1v*y3piX3F%HW7% z0lhof)Fz->3Oc`*2VW_h)kYw!lAf0UwW_)g^OS@-n*zNmGuF}rn9@jL7_*XaZE!d* zWe~110#mOHw4bDEgK(ajd=2CfW5LB0@Y!z_*%4LvC8PGNXcBQ(uIN+7l zJiY73h5lDS^sc_NeGNr$j{es^I4s!zyX{VUf2;r9$CHHvgMVItC63t8Wa9_> zGz~+ds9y4v)V(6sX@as{lSD+3t$ABr&U5RVmhQj0qRs6z#bQ-(yu?ZJyKjza*TO8d zbq}4xHE4;>UurWdSifVNWLA6K>SUZRFd4J>oIojCLIE04?RijOXA->jy(rdN!8-P( zC*6A%SpS;$tib^0tpCII!G3Z5@9lTC>;FEUM=sI3$sa#pytKetwMXtUKaBqS`0bmf zJ|>qWgxyaSctL^)a{{gkY7et{d=e~#jqQWntJXCivPHP=;U)kZ7X~@bmm0{>FNawt_WAa)gGZmz3A-X)*<|a;P8?h9UdO;cMhLF?{uF(@3w%{QF`H86cqIUTrAg?y-hc6irGVs$1aJ@jI#emz`B zgq!8JRn?w~om|DIVyE_~P+Ox8yzpU&fy=Q*;eHgz2=VbFvbVWdjt1}V?jU2;grzzh z9PW&SJR~|Nu-Y>kwMXbFZIPA*)X#vYGg#}K+HCMWa>h5pX79hY|719eAf!4h&-P&I+ zteNkpjLRPC9_>B%henF`$v`VM+lFh~tthWCm%gr+PfpN7zTm3lgj&taLa+1%A#Y$= z4m`K<+VxH0h7=*QFK*bZhM;;6J>NTg4lTYOpfnc5-tz*ry?7bb!*6GATwJiG3^NLS zRNvd(wd}6>@uQoFyE`3}(E9jM?edAh0lB+tiR++cZkUR=A8h-zhV*wcbNDGF2cr2Hxp*s~toe5Q=P;={*VNbfwkjVN4TfiJ)|lI!5s zbI30j7iZ@dkqlnCqr3=ZbT!#S6-5~`8S&5!!u~H5EnL2u44rmOQ|{0b%0dQXcIh8e z{(D4Y8DEoW3ulLneCJxWqircYBL<`hCYP-@32$hi&Ji%N^b#GD!kH%HF!uhWt}>rh zQvuCP8I{}rSk!hBQ&$8cV~cfLg^f5re?=G_PGc{b38#F~k{7^NdVb?^Y1|vlvh}}! zxEx_T6Gq!iL6W6$J}zFJLwG`g@*&WOWuLU6sc@|uh0{QI#Pa+vyjc6pZh_k)+&f?u z@iUqczGG#?!u-hxYs8k-sPi?BDT_i8o03zdAiH#vyphyTm(DVO51kV;3#@Mym6iD3 z#7kJl?~{D|Br?5?G&-YzNQG!2Qe@D`Z*o$MOG;po%&7-867$>xMFJ=noNKBaO;d%2 zvSHN>QM3X166gAe+`_f0E%Wu#-zARe5qaOr6>dR;!!Vlh(O{?ZTb_7v%umX;?+s!n zp0x*4HXFdLOOnvD`#rm7S-@{f0p&}V_SF&QPL83oJ%P}U&iv5(<1FppCF?* z(nqJnm6a;P(%X?P7R6qWj7aM{)@dzO0S(;3zpX9u4^Rd8*-mKnh1NR?`U%PPpn!fV zvx$s#xquX(SX!{y%+5~P$}JQWd5l%ss?MwCPtCkhPTnWKWA=B9UlotO zb6e!G2<28BOITPfV(*kKn#W#{l=X*XmrrgxoCtZWYE6l87R}~&ratt)V{JXy>C_gN zlo3F=Ra|j9jTgEg$~RW}%`?`9Z~-4brtv(g`eBO^DbJYML^dh%4;hSO&Wdj^TtZCR z$Y=?Y78$I}Qd?=PvihS6mYdZORSe#DtPNW%!^Ji+d^zgOaV#Ih>OR2;Rr6$n;Vw1c zpZok@NdC)R=~x@E>f%3i3-aIo?!i9Ff160FG z@J`lIY*c6%q0D?2`em`?8nbvEO@f0m;1Esb2_1!DpxmHK2(OO22-nXu4()vxaAYQiJUSY0(@*v#PgHCzq(|2?P zvCHJ7&*_Dwf-RW~c43;?bnrVJCUO~w3bQi=SA~T~A`=@af7%F5KG3JPnT7uZ+f06*%?j5!rsnza9s(ZHo{_UwOgwL-p^|DDuJW$MGd+G_$^* zvIMeki?0wYS%oERlZh7`k*@rckcso*h#c(i_xCMAMoetFHC3m=UcL*%B#mmA4uuTe zDk^J}ZGpzKy(*7Yj{W)w&;xq zCs=R@?h**@4nczxEO@Zs5}e>39D=*M1zlK>1Pks9hlIdFf-YF|t(~*ax%=F^?|t8` z_s3U7&7x*8>F#0ObN2X+PT56CN{O4Y5IL9Vn^Cr27fkIO-f73SsQ@eJ{DNIv=x@K2 z>$V!TEi&WcntX9mRq9bLEo<&X7ANswdsiQsuE7(q(UN=*o@R3Fy$2s%U!7m&`#ppr zrvidW3k-nh%OR~Z4Ul}@#Z#`14-~%Zt>`h2EevX1_h{VZUTNW#X*iWp@5vFVF_R^j zaju?*yfL^uQ9|9H8yudUS@$jLWK^opoQsQ2<-*i zfO`GXCg4WwG~#KQcXZqp>xlN@+lqg_BsZpIRcP5UL8ca)Z0DSgtyJ14eT$N9hS$>5 zY}Gu1PZ^<3Whn_+6LDqEL!+X7zyfQZeL?+XSMMSEe3^&)>9&d#s2Vl|{q^9!PxKTv#i8A2P;i?-g zD-J8t6-BBzscwmaSg7#v?KhryZ^)?llN@9V(^*rhy?RFCpt)9LFws3i=yTCBfthB1 z%79I9NBgV`W${eVybn^5b)f*Ddwb3td3D{&x0PYBd8i;EsD_3SGpn5`N~w7EEIoA{ zh>iNrVyL9@GnFWEXw>1Anr_~?-Po@5)j20&{ zbAwHcVg7eN_V%)O7P%#f`8KA>rmm+lfUIn_29b)hPnzXPq7TRS$Mq0(Q;DEoKD(%O z#w$|pku52Pa$`}!8Dw_El?>NmuIV%T7AKh^Ty~F2+AUj(znhd~88aUlJ%e^?24Pz2 zfYZ;W!kWTbfN|CQH!#9mD0naK{-;mx`(~Uq9o_l&95mfwzg|?2#~XXb3wkV63~WE0 zD4by}ZEjdoA3&d`@_cJf2e5z%>X&YOT<=e4xVgvYMdMyz62JHWg<9Z6?kFE7_w@91 z+_Ed{4>Ge(;fOx21EtO8awkujDSCQd{W$Z&q&LkpdA2{&T5QT;pjG9yo1My%meM5J zpo1`W6s9ff^9;e9<1J|!ci8zjqSTyo`JefJ;g z35&wME196w(X}cTf{tn3r-H0s=MCL7SP~ACbu&!p$gw_G3ZfetXgS5ozRm0VIQ7Br zy28QyrJ>Np;arZ(rG*u)Hj0|~_>pEP;>&u|8O9JRR2P4_yQ&#Ch@{1}U^A?$9e^BP zUR;^2Q*Q%~3~6hr;d}(f%JF{wRuPNKski$5Z(2`S85~HU*5pCNBCY1g)vb6xYz6Dt zG`n$+s*=rpp6*l;yjU;~)!}o>Uv2qe?mNHK@a6tfoON28S@QYM2#y-xJ*JmmUm57? zw8w<&n%+Q@i>S=MloRiQhVcu3?1Er#O<}7?o=_IRiLO==_B9K5BYDN2_r!q*s1z1a z3cpNrIeN8mQ{K7EzXa3K&*Oif)rEg}r7wlIBl zf@A5)nOx1zyO0)TrRDU)>c-lZBe%rXL0RCl;0_N)WMPmTmwMP(gw(N^HjW;#HIutR z_iBZc@iR_lK-r50YaZi0|2g<=kh5StASxzz4~j3Lgidq{kxcZtb4?R(zwXR*3^B*X z7reOF75*Ujx|#oEF+XHo&nHU%+~hK>V$DAoQhLg1qtv@EU=y3^q@ey&wZ+kOEW+|j z~bo)MZ_u1URcme zsw=awa+y8Xd_y<>@&M#P8?Yq?&eP7rEkD}znGx5fd-2ULrmRe zNQxRBx<;}$x{AH{dchFKD#x3rIuLw+w43wEbesdaq9Sr?Cf#d|2a6LuHM=zTU*7^= z1~sh~r06|&i4cS*xT+dxIC_y7YWxgww-j$o!2rBT{T3HefY!EA5Cb;!du+z|HuDw4 zBh#SmK&za-X=DqM9`H4yP({=%bib<~M$&L_HDuBjPYz72!_3uT5UP{QXRxmdGkW-H zgCcs*5K)K3$%NuM8L)pHT(gDQ$8N1g)<=HL8laMXp*dk8jP&M&mM_Cr# zRvWCPdy+Q{odqat9Eb{J7<3$_WX?=pexh=XSbUjNAMDqKe4dPcZ(N{;g5!lmKi)zD zKN3}dKEx*|Oda!*D&D%}a7}1wH?v!EmIZa!NzRfPV`t`VltVg({o^k`MQ?o|%n*d( ze%r$224kvn)7aoLnrt#R>Kf-tK1%k!)RtMgp}K@@2cw00q?@Ntsq<4_E6LMt;MTAU zy$}nITZFR-2#*9x5N+FE*PrFPd_=pO>Rd!rPQd(i^alO?Q`J6hjUk)^r;6zx$sRnp zeyYa~qOIsXMPt)FGoF6_S@F3`rHG#MbgNk!cpPdK6cw%(m?fvH1bo|Fk;Tu`eM2yV z5yH*qTIO1+hG~$BR7Npelo7Qmz9zm9QQZt?)c^A1w5oslW0$H4${wA5$UL7H_2Y~l zQXCVHZ*lMIWYWJP?A=4yiIWej%DVhV!e)nfqKO2yRi)Yc_A-r$1BmOrIF1Ie`)NMK zKu)vqe%c9Ize}+3rSEmxn|UWmB3|MVImy{5Tf$*(w4jF=u}#;^O@LT8;A~^@sA{}> zumH6HBR-1`{*tu2k>bK;T4PSYFpkIE7ggT*8SrI>Brb>xYvX+IJExP^rMuqUdt^&+ zo4RInT{1zK1UTCQ@3HlLSxu6l5d~z|Zf1Q?_B=@!6?J2yNs>>bZ?BT0Z@3ZUC|xJg zs#R*fv6J;)Jo-L+v-1s4K}E7mB~`m+Rq`Gdv-UNF01-qLbRxw%lx>5oTj$#K-uLF& zm#F3hOPQw|s+5zPBHRO8L^V1>pQ)J7e@1tu&EKX|vAb*Fhl*E?B^fi|MJ36YqnjpE zv+ic*zp6WFXOPyRpL0flAWYM8sT>!5kBq`4e7#k$jF8B}!no9AK(>s^=z(vs&Ult; zIu@Rd6PA=46*rxn^vGvqbB$62|L2@b>bYO7*mFh2S8Vur!*i6WZtv+ja8x~rQ7MuU zb+d5&6Nv{l+Zj1VG$)9HfhZeu8uf>v9jGXAzg4FH@FPC-b!;URzC?3`tF7vR>j(^E z)~!1qjk;b4jekBQaxV0|w?gTwMIcf646P3%E;7y6YPtv&j`IL?(SFa@w)5hG8i_Qw4-v73!GO-94O=Lff#Df3^QScpRq8{FL=$B_ zPt>3{9q$EQPz8*H*?7sV@{X*Zs;9koh(j|>;tgMmL-LgqW_s3|ag$Zzi}=&~E%ZVR zD*UpVwtiO*XDmVsWAOBjEDcLopkuUk>2Y!?b)3AkD(NwGe(oeq9f4t4|I>+nyDV^y z2lkc|B?Uq8F5CCHY*LOk&Br18BbEcM5uHO@Dq@$0u1H*&WYqKe1X-4(3e?s}YUr;g zpFfE^wMD$ez~WMlvSJIg5DT&~TrLSblo!dDD)4ep?r7{h%9>c0x z^IKVq)PFeBuCt%rRGz~<<(Wvhg|45~y~wz37)|?jiK4W|m6?jtQgzT@c6%s2Sdgm1z8aEMyiJEGxcLk_c0p*2Y*V#A@Xf?gMiTt2EPlOPd(zETNKj0dE zC5g^J(5^`FZorw27ACkIL=W?h`|HD==U@WTP5yH;4A`~wHNuXhBfRzBe+Rz=6$&l? zZYTW5V}Rle^sJV-mIDxMz^IM}G~WX~V9~xC(BJf@havjU?&Th%{BE=G$q=A$@BDWc zRlKb9AON4T00YejUe)=Jevs@0Isc^_^#AD4b$f&NxwU$ z;=%W4gAc^dxZ$lh?eN;YyR8>S^NGLLe-8vS1i3_=gP92a=*+)HmtDDa3nD=CnYcB3 z53C<~eghonG0s5v0DLO_L*~Oka}?0Cx_)eVpApaScYXiA-Ge!l**}0>l|77^U!*G{ z*82gXYhQPO6EA$gmd_5?ThPAR@eZwkti#%7eR|o1w5#BTN-<%6K@Z2Nn6tXpC|k(X-guSCW7`LYpCzQc zEj->^millFd2Sxf*Nsp8W=2oOY7=DiCGb7tuXHpgfie#`Y599cKu`{sgm-nKO;YK>})HU9;qMjw#4i+ganF6DC2CVy>%*};ozVH zN>4NBpXknedIc^tux*{#TIbSKRdH6C+gIv5%`HesgAmKlW0EX7hFegEMF&sf7?%QP znK}VNMRZeg5gM&}#g!1Op8Drg+BMl4vQN6*Rm@Q3Y%$0bv|R$TMnTLTNYy><(4Vc3 zz(e9ihJkyL>ZvcZ6GvRWB)cF@=NXkuJQ^(i31n-TdO>&g7@2R*&u@V?7!4NlFD;G- z71Bz@T8-5Oy(QZ#1c+;k)SES|*JjQ684t__B@n!eiiFizbEZDD=z`1AF5 zAru=_NiezmipRY4=mT^=rdzCyfXLZOtzY2G6e(I3*ARBZT@?O2YP4bns{UJ8FOFbiWrht%a;#lAP zp;bO1l8*N%xxVef#QR8;4JbV% zxs9`H@&P&@EH;g0CeW0DvPsT)uP}2dQ`p5?7$`%=kEoMd?1_f7>&5I`PZ{diIz>{m z1(zj{b*|=5uqAl~p2pY^R)RCt6iFHOvn(N+Kpe^kc|Amhh=M5UcZilf zgdkG!U&OcExld+*64L_b4byJ1_7ptj6oDVVK##iKJvavek1r)Dl*znXF?$j_h1;Xl zM$0vZSy3592s{=1)iJ@!#wItO=2-cSBU+AGxh1C!;S)(#^$qC;ijfD z#Z9CN@L5>b(u9XpWVD9RqJ6vNL4rrlsO6U-`uLAbGOw)fX{x`(92J`w$|o@ee9JMa zho7o-5sISv$_+3}sHFLpxvZ>Hk6CvCNE{xV1zlg^x&Y1$0ryMqWZw3S;lG)`2?)Vz zo?`Ylh_LjP%k$`~Z@L)ry`@do8zc*-;viW~zSU|u#11|hO_lZ}iu=E$*9Z7qNz7|?O(Nne)_y-G|Pnd#g5ob8@R(oIGuvesBTi=Sk$ zRYc&F#bG)Z2GjZ|H5zGeF8(<>V@`nTd#Y1=Y`^rja%c4qyF`Kp_deXeVY zwf}-KvR&%#7t*nbF74r%?1)Q#x_)t##6g|h{R<#dt5X5M=#j*h=Viz=%Ag4E|Sn{uQE#H!^kyr>9PIaZspxRmq zu_tmjR#Y?1i%Vnb`W7aboMbo=2=Q8@2`JahuoS-)nJqCiU|QE%`gS=sVieG51Uf zht{#d8(-RdY%-@vUX-+5GL@?P=OUW@WJyf^rQOBZ_)yHFo=0(6)^_DS(8b()-ouIb zl|(a?eyW_wH^~18b@5dD(e&|7i6$3;jl(g8NHu$)?7{nt3v%MktqXPD=sq2`i)I>A zW?B_v@{uWbrDP}fG<8ehoq$J}8&2kMAX#_Bonb_V5F0l~(8Em<+FOZz(Bz=7RGoed z-q0q~x2ux;p$iM4g&KPK-n`ZE92Lp9fyYSA?{KedUic7!gQ17rBL1~(Rqgt;dXBf} zGaLHK1f_>Zz1}LwUzQ9haVw&0#+n~OZFrPh3&EKpfxIw2D4}LjZ4NWB2^pOwDaa=z z!zTfFe>eHl*npiTDR5C}oN^IL$NKdMaUYq7lsH>as?f!<57yDpxVi3MhR|aQKe=6W zfa)0*t%{rr)zmcsw+aL8TS^7R-GHxW4-3x2+`3BoS-IjQRHea*$rko$mMi-aov)vK zq^h{zeA2v_+a*t(A&8-C)Y4Epl*dU{hZI$3Xw4gq$)5!#&%>}uv%c@1jvzhplF!4O ziABo!POHcEy`ua`xPsqpi_N>^-F$`Wo^Gm7xwTK=$)X#2&bx_>;!Uw?qGGMHElMeH z++I~F?(J8xn@r((EBUGp$Kq4k$N}S?dD3SNS;Vrwrbz$|9RODP z(v0*ZYYNDJM1OB|aFh1&keAbAKSmqrqW1JNvF1Cc2(jdj2n-T1cB)G_{>J)xiZMSj zf$4j%w=MiMM{A>RjF(r=hY% zW2|_ulQn`q*jcf#TF2wVV6h`qP$J-uT}uNhNPBtQfTFIJC8#xH3!z$#e}#6>#y?=c zOr<5kM$ycsifDK4iJm|KyAZ4Ckd@^ra9t-`Ko+V9SA+3vbx20Ayng z>aZiK-EH8?&(Eyq{u=&wnTKRMbK9{UAHC@*I+&RRt_6n)^mwTRU#}N;)8>$WALR+p zPW)6?Gt@N2`E^n%*IamLfW0sS=xZ)ey=E+JJqN^gGAa`QlGA)B{DZxuGn4WycbvPP zl8BAUes$(mH)Am2yBUA+a$+8{=(rCBLCViwUM+CN)0B~Q;oo?c4q7!*@Gn)S8Tmvn zG0Gk=N7-X~;^1Dr;TgB07Fj;9M;A>u)yfEY2GmydK`~P|=lLo}TR@rHCm*D_bpQ|V z;tqU5y&dGpqzr?gysgB&Ig@!bI2j|d1KJ;Jc+-&i6N<&|S4Hf+O&quA-{vH4N0!*K zJr&nxt_GFdG0rrzU^qT;gL({dLn=B0L z6qR2qLUs)w9wXC+(q7_JSg(9OZK>)W7a>_?kaugyZ^`=sf*rj(`gt6?pe-&9Tz1d< zl818vK)I8OA@sr*zJ?4NW@{5?^`_u+p=^RZCddpSt;EixeIO1d`_imf=upaE-tl}T z=G*$nRZ1>L?g;qWn`bO8 z_MyaIr}v}q=Z@zG=hZob!_Do7LurF_Y2&(HNOR*4`hol8>dK+-Dv%OBiaORV_@ezl z9AO-ESP&BfAQz{|9S?$hR_=K7#0q=Ox&HITDR}-yAB?mx%5PRu$C3hUK9VGLFnI*U zAYZGGY4712SzKh-NpmYPH{KFdSL7bfcibuQvtU| z?SQO_de)X%INPI4$B5E)?aG)j@7Ed1Bp3xTWP$jEk2bu+(;xMksW4-LEw^dBa~Lxk zq8TqGV~_=W5o-c~RqmUhWBBKDu!7ccV-#KhG5jZ3B51F?w~8xhD>2}Wl5y_BXW#%M z#`7MuIJ&5e!V4;@_KoQaajLUH7Za)VtXM4UcC^?JFYqH`Aod*b#bILL1Zsb zkQa;EOzL4`thjw4s-J0wc&%6}0t02Y1K+Q^y3D#Bt`|#z^@{t%`_>px`Why6+}0B% zyK$G08XhG|5LNiw)hs4j3K5tXc1eArD@=YS`5Y9uWDpArg4^!w`l{^1l)}uKx4jOa zUk!k$Y9-mAz<`~}eb7c)p&m?f{0Q)d`jG_hNxyp8bIxBr z)en&P1IN@)PJymSKeH~_0lP9@KYTev;qQf?BISfk8pg#Bn>UY6;jl&gv1}k| z<@nG$A68^{%T?BV36ixvA_{-90$gR@5kf@JEjyJcJfT6Lj9K9L1n$?jpg%W>T>F#= z2%fd?zEwr$&GeP%-cp=A9quR_Z)-ze!f3EVLHvSFp$%qU3>12dD{t!Zkm{`P$6ir^ zKKVcQilil;CKhKVbmM&)-UN9$o(r7XGGG@lFh|QhXX+)i z4p9pUE)a@l$^E%il(U3Y9+%VWGsYnrBO55#$lQ^{+c5^=2!C z-i-qL5Wp0aF#>>(kB^IBw)A$fIp5zgjSw6!i{Kb+-$>ApWhP&LrUZ#cWWHC-oovmB zD@XPtRTtsz&csat-W{X#tgGKHcgQN3W2fbzgL@WbFquYd%iHdl7%jJlQdP-3qe(sl z{n$yvw%L8)z6(#v3Fi`C;Ev-c2=FL+DwR$1W=fy z@R^sMx7Tp?O1)79GJVHYSeiL3*?hg6A%Ij~&~#XL@k=H3(3fuv_4V}!d0yYwjo8sY z1IAoUEI6Xgg|bu;Z*(pzekvMy&0-a1IDJzoUa;F0!Pw(`wXi2#y4wTeq+*AS*;qDW zzHYe*;(Aw>V35)+9f;vIxJ4x8uu0&Dk(<&Lg3#$#22a%@*)Rb6$`$Bp?E3>Jd)2>- zxPU1^fwx9>^(r^jr9W0D78l>Thqy1>$2a1`EVR#puUB_!$HAgjQV*vI*DIvT%Cg6= zzxd+}Uo7@Hh!xEi_^ZY@t`G>D{Fn_(_7eR#ym;G4V2QBGQI>L=&O30lOEGRR;L5p@)?O$mvuvwURL^dp4cJf|+7m57BS z=lYLg>s>eTEvrq(16N6?N0lVEKmqkRoVHVkzsaW$gbup0+ zCt+}1%Hrkz)Qb|+7GW1~Y^93Y{06T;VqTZ~(?;W%yb@_?1KO`An;9EC1ckBYlO`X9 zs1FXi&HQ!67~6BO%3{s4ldjvh-wL=h!JHG16V47MwI#^To^PU(GGRd|`J7hU61M0&^SA;nrau+!63h+cf{Lv1$w+KGP4nhUQ#AcHIr|2d<&<&_^f zRKLM*Jn^2+6;-i^Ja;?+%aThw6J@j9cQ6nx+$2FJ?g^s!k7Ec>KjizBd;_T84HU~9*Hc-Zh4%Pr!Q+3sil&_vWENh3x zVh>`ZeI2KbV`8AR`(&$$k?ev=^DasHCIq{z;l##jdt7Q})8ZvTgw;06UElr@Cpsao zD_!2ZBDCrJei%v!W5FD1Qs{8QvpfQB+CGxcyxyOs@T(VtKmR0z&F@!;n#r+lc!t?$+*S9`fE zV6wbhiegVW{!0Rte@u6nW-A6#!jLyp-e7)vibI6Dkze#_&9Kjq*H0w}W%DJi8EOi3`0NoDW4-&MX< zk3ab2vRIY5hiN8anWr(7`pu&=_M+6DHTT)&P6oeiOx2W-LrmR%a~XFof3u#jA>^D` zYA*p2>CJ#?;^ub6PPthBogvP)!zT5ux#bE29Sh<_@Kvz^JT@xq3SN;T>FoGZ@x#w6<7t{aaEixESc zk@-M+6|6F++S%sgNp~L(Bta>N?q)NE`S&L?-}A7XSro4t`nM)eTlT%{E%Z4UxZ>|! zn20fj%e?%(s_MiwN{7|gGqd;#t)AmVY$t3n@=cm7)bq8BJ)?INq5S$431lTlYe@}y z&dhX6$cvux%vhZ$U`AjRMh;el{iwWqh|E_XIoajFl^ho-$TD0&ZMb?6bOyRs#f64$ z;M-Va2HY|c>f1M4t>PZZL*)gY*TxxWiY1?&`8nxhjfKS$Tg(ei@RQ8GUXZor6(L$K zvuZTVyw@68d7?mWKcS#4kg$C!yP^6yn(o1N@nqTLYpElt-_sy!*U9nG=X43XuLuKk z)7pPEvr=3TPc8q9BpXe@eYZ8OOqzqm82_ao<5HZQVZ05+a6ckRk2d1JPSC-2K%tvTp6jyN)FpFUe{Y;!C9JRS0puoGR+rl9|lfB+4F z>y5=FYXVavs&u;qR=L&BHLU?UkzbVgU(1aJ!uWP7Tjin%to{j$25#&UPA9T zrIMqvE87?&lRr#QG((0vn5i-g8*jo))cIpU6+`K29KHHpsA9J>fSHocw!kgKNoLko z?wKStJ@S`~;N8Z#G}&R%7R&EziY280{Frt`9xqf#p`PXGithEJ)CTjPa&xV_5Ttw8 z>jt1_nZGK}#T3h4jx+gr+0laNmkL!-hXIH7XZ*&f8GXu-tJ$Vq4oc!c+M&ax^(Bgg z=127_U^*9Ul^HXw<9NAIF*@)yUT-A1hN2ZY&qp!hDkhfNxfVCphr5%sTenm5vH<=N zaY|2-nDti4z&XOR@7ff+t2DG8-a|RG55LB2+GUMQ9PV8XZxm@HWBhY?8g|y`4lE4u zShB*nMiq0YG96McR2l`sSY%8H)Cu=H&gG?Bq)vu)ddo2eZgH(N;xk1h_KZeUlz1)! zVxt^E!@W8v12=sz^isE#-4g#A1#|y{Aud-WQz(u0hEylous^l>l+W45N#S~HmzRbP zd+cCdy1k%sVT~+qZ%0gU;_0^r^eo=H7(5#1t*BrP7M+~sC?2Qx|3o5&cJkyILL-km zMh?Y`R6;aQM$zftOvFT|Ywplo zsr0t6gi+0E-N@$W`}=!hM6elmR?=1`uCtsTOmTP|}Ynug%oQ%#wU1--chHeanc0AMUk_aTo z+IV4!BD8jch<1eu$09^Xgjt6f;e{>t=R(P&-<=?S2$m0<_GAE47JYDiD=|w_lS&&S z@YHPEm?p{SlU}QJujyUaoCQtNb*=H%ljlP4)KeN9FA>mQG|9+)i6eC5sn@olACGl2 z;#wyIhIkja*)JXSzHC1;$+`Ia(-;;1c?%CC1EYVRntJYk#v))LSc;EDn zG#`uwLQjp3+9P|bU%v{n_W?A-L0ltqiEqY#GT2vPR&)T@cvo&`U~g#Gqc=bg{C#Ib zIiBhhQHRGaYHG_6)qz&bbO!IwuQj?6PIPaTUsxOXiq3p4TEa@kw+k2%sV!w=K^ALl z8&TGq_yd7APE+3&}@olD$O zHG?egt9*XtuF@s;ygt-e-!@=V9L;T#zkrXU3AXEx;J&&gH)^Tt@FK4HjR1)6vJjwh zIOH!# zHU)OZ;}ikjSMN*Y(b${k^vJ7gU={E8Z20AfL$9eE2A_O&X;i~DOAv9V{5sOmslg*N zFD6XbV-<}EtQ`OY=Vm9bMphm}%})k3j%YpxyPbYteR=o~)?rluVg8*jNZk6l zHi5dcIjo~^OgCyUSy#C-gd6b8GfmV7Gf9)O)PAmqm?DyP^PZ2%44KUiAw(ZouO9P1 zg0B2Z4Jv#6>f(+1pzWEpCcczIbkduMI=Mh$mb#VMI< zHxFMS8JHyGpEqg`W*siRnNv3H;;5Yr+$gZ~-L}s*r#O~1&yswP^dYBgHY1BK zWpnv4OW*X65G0Okv-NgY5UzT}{Br#vajV_{J{UCPU@_ylEf4&f}D+g48%jt8BvZ-vnbbw+hY^*H)DC(T}1bwmpGNPW7~ zjg-QJ7PaY@XDWCU8Y1~F=;hPZQV8^sGGj}TXf+$;b=}dZ)FU#;A@#T zb4b9H>3DLG-`EYwOF0{k;RX{;7eRkzY-z=xF-;j>4Mmw16`ppYY0i8Cj;jMK(o|k| z0;&=LB30w*LW`_D-yIrYeIvwHtupV3@B3Leo%_55bOK)CPuO^GI}ARm_&ag|Iot;R z7Bxj9F5!256$FE4(|74FbFBC+{XMv#HEb!yKaV){{PFdRIGr364)j;n#QSI^RzaCh zwDw=So|nh91zhfQC)HMnvR?{Jn6>;In=N%~S&k=Zb*7z~*`2Qx7?0?GUNvF;^B~uV z`DAETDuT^g7*D+;yHrj05hjV8eL2^W=D&A*;}85L+*<_ zC>^vDw(c=zh0i6aIqVhX4)Z;X|g$`=gs| zo=xw$@pr{RVO=8MJ-gQL>5OJki94<3SXk9R;%=zzlpOmuN^gge;LpBn`jEcF`l{A` zpTD+@P2;x3%6Is>)1Bmd=c5^{?%k5}Q|gFs*ux)cFV`klzRc5XcHDb1zsqiD921Qg zrnw$|Q84JL^y*+Pn)XBaKad6Fy|D9ZA{$qW* zqetlr_;r@g4e$wOzxLGJaV=D*_r6=bT{Q#ecKgE)&qlF~J6b~aaqXC!qmuFQ8y8;5 zvyF+H=ajZ|WQvw0sH`Ahd|r{kH*_?GJKE7WxkQ;0a|n7e-1*ZiJ3V`%V}+5GvAk<`Hx zrt`#e&a;^KM3NB*?Cc!AZ8TU>qFIR20ph-L5y}hWT3%hv&IToW@cSp9uQecV-5Ck5 z-_qUQ!_OtMt*3S_=h+TlCbkST7X9)0J!7f8Vy|+vmN07lZgnC4FcRd)!`l(& zcQPzfl;~xe^|-L*3%e|XcdzAm=@*PTi%)T@oHgD=8+>xai?*!7gld|iK2}U z**;{a?)~8CU?x)Z7_0iqg&!ZjJx3A7!BN@vnO0Ea^@QzckKbHtLj_09I}dyHPrlE1 zBU#^`f&{S`90i2r(m?(puZvu-9q^S zjxb%GSG9haV=JEnvxd#W)t#35?2kk5mM5w)iRuSCtE@<=M?Y1CC3`MComX8w5UBOd zH02kl;g#gFG%P*NC=u(T#i};#P@ZdgqDMSmYhj*70_#mxQq24^6LW4>9Hr@bZWbiS z4IEQFg)Q35`0j#oZWFI8&35b>(Jt~o7KiE>0O;*?d+|Y4*(RaK8lHQGvosd-Z*2F) z4EFQc-MRhUexx_ivazl%y;n*#84j#4XqxnWgSeBg)zOr6tZ`-MnZ_(9EgQd;m}TeM zoUbHWUu*MATck2p^2xzhejm2FlpPS;e(Bx@kKQ6(M<<=7NwgBve3^QLnb+`)vTs|u zm9{@0Zi)-(o#O7cT&5#~y1!Zq-~4Ocmo~hSpS$8$hKXm-&-1OKn>NLy8x&xx$B^Uw z2gz$Z-#-A1y(Q;`&mC{j^4vq}9zUA>Y=t+N8S$EOW$Z$KPiiB0V&Rin5So|K7Om-+ z_dH>dg8hNNhIzLNF01T0fBQ3|AxAzp3)>>=SQPhp zylW)VYxelV^+~HYB=T17H&d|#je1e(RdVc1w#QGdjzoWg&^5xp>_{~4+N(p+A|`rA z2*{;8`u7*c`(C8fn3uOTv1 zMb}>SUN)(SjF5b+mgs_h_19rpR~D!e6j9fThb5ZeZwBU7HY5E^BV>mU?fCJz3>=E? z1dAMmb5B#3z0c1!G&T_9LZ@UH%{xTYdqVoN?;5jc5Bl%YMFty@RFy?JWq$tn)X`@B zz!r>$gtO0xX;ca@)ySyh&-4Zf3P1tg)n5F@-!e>2Y-DEtQT zjf`cP(nK>C@@G>XCc#jE?q#Z{*gR**Pu7$FzccyikUu>P3_&15NwykmwKcu%KMk_{ zVn~0!R7=>UdnXk~geiNP{7Z>;gjENQDk2p}+K1iYY*HbJ3|Uv2Jb!rn%^Zn?@;SvO zK58k7QF?Gq*8d`dU%5}-UGob@%&q{>H(eq}B{UstkyCL!^iXhm1Enm#HUfktmUYQ)&1xRIwGd{6Pm#Uc=wBI_~16i6&(pCmR?sv*!v-~%Y_WkEML+e}j?&F4xF zbkpd;zLE2)s4Xo5*piextpIDYB)hy9Yfz89Nh#J(w$fLF*{879R~;K!C->cv2nx(D zQV8rA=~0=S$hc22lvO`ta9tCoJnCGs)KAtm>8E*Bw~1pMGNG3c6Ni>{KybKUb4Xq+ ztyiK-D_9&%{W3vW^_Ve`snQeyn!5@Un+jB)vma#_ekt2js58LR9jLG;lc2`s#wieH zRr$#BIOB)IynGiWUq;nS6M3^9)bd z^^W8RpK4Zth|qf*vXZXnJ`z8n*Pt;rUax?%=P3j682fK?RQn8?R$^;Zlk-x@`i<8^ z9yOynkjR+$WXPUo1bYh?H2Jw*)e7Z5-eRp5^}ja5S#Ei{l;bos_7WBtqu)wZiP~abdf->6&ph$ z3wH49J-zcFxVcN=er0^S`rnuZ8f)BNXr~!hIhlrPan(9LvPp=EWmyXz;o*3-!(bcC zhYBs^uQyYuS^!1_J+7^JJ@f}*Fr$=fQ0N-e408JT63B+<==TWRJGYwmlK+H&_*VgT z^B};9^&SGRH3|r%{7zcO|0AXT?=R3*C7hFgJ+mH&cNz4rG<&N5$Y7_3U5nj1W58SB z42Ngq9~A)y3jdMfeoYdS@*5N|slff+(5&ywi}N7a?1qmwc#Jn-_^Cm^8SDSj89!x$ zKf5Kmit$H^J4A-_zr_tQsd+iCVf0=>d`I=xr=V-xI}?9kSx)9ZC;LO3xoe*S{0Zo~ z%m6VQN{H+V_@C4Fh2iP@SJ&Y50boP&@VMx{Jv!{K-~!mj-UU`4_VCbNdJ5|5G5H0o zDE)4F{ zp6J)=|2GtXJ@=UklKHs2oP=}=HEutrAhT0Z791enco9^ z|EXeV7ku;G{2x%mzZqKw1OA`3*PJW$hpM>d-v3p)|EBKmw6mBH$@i$w5fJN}0q*S} z2n{9WHgxLWaf;tV4Dz$ny{%W4s}Q-Zhr58cPw-9RpO(wmN%p6NVKJE`+d;)`u30Vb z?-xl?x)osT{eXnf(#U_NNgkZa$_@ZF`1lXtV2F3UcQDNC&wra*Y!jt0t$a*dru^-W`LEM(JbnD_MY-Y=l*L3RjOhno+?b32Gc zV4MUGxpxz0hKcqM90x-E3lE;t`%kduztJ_^N!yd2bOYR|$fhJf;cux#!TuY6_SU|2 zMkGBYzpY0Bpe{5!K~7BnGmfJMGZTRsk-@I}`=x32fWO$rKW*GJS?*7{PkJH!rdu?z z{))l;n`xFss#b#lbafs)wC+h5C<+Kzf>_)Ge?z~(u4X>&f;xV)&UEnRO-Xh@e~?RX zDP$bl{HX~jyM-y-lvakVXMUWUiDUmk;|u{O-rjh)FJY_y79=3fe4OybFI-6OFgWT2 zq4xL}j^h{d03w1v3)sSK0Md~7|DfusOW?jP;HSDNldQM!l5?&-7{I+a19$ns$>4VQ zIveaT2nhV4XlSi=GrZNG?dtqc5DL6}j7#th_+K&jzvZvs=#|YiQ2H9=SrrRt{vIkm z;P)>FwESy~sY?Q$1V1cP{GJ_O@xof zxjyk0O8}x{pKV83xWm-di3b_8nhwtM@;}YV|RB7nvb~kod#te1M}0M z4ERg~pF;n?h3~P4ApTzv_=M+uea! z2AjT;hdGerSE>IIgHMiWVLSgAi+A)}v_Gc^5Z!+G4H#Y&fQge8;0%WK5W&3LgM$Bt zryIKkk>6cw-GCng{$oB~1*!{!xc^w7e7@oSzq`=i`PRdts{1dv=S~nX7qTTRG)ZlG z!huP@clY3pE!sb{IT12>vJ760G(2>yG-m$X+HaUJu!CyD=F>Bi)fV8Z65y1}gUd|d z#n*l@`_#nxXsWZYxr@h3nvp}|Jm|30p;ftRrD27sVPfb^3%V*$NH}tlI0~UH29Ada zza&rNKAp?wDJFe4`&#Jgy=$h8dd?Db@CvPw?}`Z!&$>$uFAhtojg?N{XohszRYnu4 zRsvu+pS3F%0PpZpPqia2Ayn~Qv+}w zAQ1+lP%gazf39q=^{~thons6@d49KPOr%)o?U=#g5w5_Ji9`Es?pjxDa`sy`k8mt2 zG6(&e?~Xs92XqBAn>26j2Fst^Z|v`_4p8Cnq{c4p5K)ts91-ZDEzY~c?4DnCG*mQ< zm@vE6aK7|MScJN4Gi*$sJ&>87s_zoml19cQ(WFkYlqErMsIH2qmCNi?`{yoF+DHtH zG*gZmX+fKlqfsJb&rRP;zg3Q@SVglJQhEMi6?r;zIL}2&XQE=`EU4dz7!Dnt`onkb zjw%U7rDa%~IZfNE_(R)SbC5Xar|4&ziKKqLq!#Bh`9GAs1B`6Z_n_PE+qP}v9?X&m#zGWv_F&nn@Tf+s^ z+yfMIWY__jGm=7L55{CneJgT`HjpWl39Ehy0q=!k+&zd0pgB~>C5TAA33`-l3Rg}G zMX?!imu#Ba5v+AT0Nl-`!C^EiLASIk`1W{Hewe(BG)VlQ9_p3rih_ieEA2~2@`LzJHxp`e_}4QQ7CnXhZLzs%$*eQmEJd0vJ}`fEf}igoCQPP8l~P$5o8~ z7JOPt<;r^RQ^=H_7ITe}WL!pywPXa-SYj+7jhQ5kdGiHjtLljzkj15qe#Jjl9gZ_q z5SI}@cbXHsa2Y1LB!%xb#QSQPj}w|zIg0!nD9iBTf3@>~_tP|n3z~>^j?=)Z>Cm(W zi^-zj2^hj5HxA${_d`wPRbZGg{MqR6Ex zzJFSFwiLIBHJ@teqpP-g9J_L4zMo!onM!_>nIO^0m`M}RG*=U*;!n~c{cse69n ztwvR|t^49eWAp5U#Q3=bhod*`1|X%65lmYwax)~=6E{2Yeq;sGuYUF_Insm_yzp2O&{;z?#W#$S)jvh z!K{;*Zn=QOHzAs5G9|SgQ2YeiLc7Lcg5y*Ll1`rR;>Gj^*z1FS>o@84c7>H~2#KqJ z74Qmn1A@S`WSp>$lU*seB0uWx7{aqRq~j%lYMa1h8u@5&j(J$<7m z;3-IM9$bepEPaJH26{^m5n6l{_}9`Vkupc@uy@%_A=m4H-IDt&gyt;55xOfFp5iWa z{D4Yl!9S~OjU`bf=}>$8asSC2^WEr~2HfXiNru1Sfu^r`N=w_!(qkN*d$4Ws)+ZSD zKb5Ki3a7@0;A>KaRqf$~z6T;>s9yd~nLY7B zn8l0v`!`>GQ=ll!;`4Nw;R2{MMds!9$rO1X2VZf>L&ly-+Gdt?K7m+yp#~Ml;KkcQ z>rb@%Y%Xbwgb4GR!ds8zi~Lx9p|zD{z5vO&&y4TF5vSk5pJUTbMARosnA!X=Z_hu{ zI*xPmvJ#3f_6X`RNKezLmeC|ew>r-`W)lC)*SswQ3;VYsZ1i##oX8PLWOEKSjEGjz zMRVWA*3@Cto{)&t=~4x{KNxKST(v`NGAa8o{xlT79pefV3qvb|{JPgTJ3EvH63|Cw z*G}XKMSo;>Gs+zrV=kC-G@gIY=7~um&rJ=F6WRdcvcQlfoQtK`p zCx7~%LE;~A8YnVDl@G!ycT%q+6>YF1{*r4tD^%>ffaHxj`sYI*wnNzq@Q3oG)^jA^ zsb%%b82gJsG-eDb3K=)$!audq(d2pzgZ+WorjSxzV_=wv-`aRKsl>Mn~29;i?!*4WTiX zGV#@+E{CNmBoXTC=_a!5r7Vd8!6h6RuLDwFzOUnh16o$>iz8U<(LKsTwk<9=j^=1V z|2vjTG%aFZD!6C|gx1TZ({0I9oZ3lF6*FtR=Ha0Wtg=~E!Y_D|#5ppHci_FZ!CYrX zaAN`JMhMmX_;8)~uz`D)wxxF+M4(VyUZ81yw%igpShEpEjVENWFC=>l#zPo{mgz=A z8S0imKD6-IHU;Mysgm=6EWE9EY@hnRkQP!vKdy4Vbh#UHZ4_W_hj*KIW*l%qVDK3p zTM|#eEk9Aq&Iz(|H}Po69DVi(MUb|ifuBf$cUOJG)2Qbcu`C=>=@NEqq|K}!)uun# zriERsA6ehVNE6WAe4xowj$U!wDM0``DM;{rE<0OZocI#hvRTVK0GLI&6wwT;V&m}7 zP2?|&V~}yqr3{i=U+u4~z-BJ+dJZO26%FHUap5IuXy8UmwWtR*$Ra_%iuBV5_Ti4W%k`ABO;VPdOLk+jNPks8 zsvlR*%v=2POw;(fd?XAWK_v+LN`KGSP zr0N%UGwNe^nT6mCMbE+~x^ZIatP5KtI$f9^ds~p!1@8NIyyq_hp&Q=)1ZaB3C z7TQj%-(A#;-SxuINPgcZdNxu!{}`JdwRof|cFy;UMw_AT zA4kfn_z96FDO%9ooVB6qL+nennQ%I~M(6p}qq*cqY?@tNR%#_kcutt{;A7pU!P|$O zF!U5meRhdyrDkqI62%p=R*0w4+YME<5u6Dte$u>dC+DH3-?{Qeg|Y0>5iKZooVe%y ziX?L_5_Yl?x>hQf>BMG@ZKn5=Sg5Dyp_=G(YBp;O$5dQL6srZgb}rbGNlD1BOv9VW ztXdP*B&!+KRbrUsmPRLxhcsqsc$>n!R45wO`%H$ox$=gVp)nKsLeUSerHl9ez=8bi zVu+e%!1|wY|7~85by2`vY{^_TfM%FngmsVDYG5v;R%6!*x={nFp+lv2WpMHGTBnco zq$lv_ODvBTNOK5yeh=U2`5O1D5C8Nhse~P+b0^P;%O}4GIfAatw|NJu@nL-vv@AbzhQahu$ps(jJv~D` zW=X~(W2;r$Ae^XH*}yreu4;uJRJ$8f6lQy_1n=DQ<(l=FOnkBNh<@U6pMzw_|Y5%vcykM6Wp#Ur~W ztqO$X!oQ5~YuNd4HDQu29|lHsRr0InnexXv?p1SioBL@mc4jjAr(6F zn-YEC#*(L3h_et>16QXHLhUbDiv2k{t3u^PZJ$nV=Ka3NL$5Zr!r1JAgTNo|aSq8M z|9MhxxX8Wl1uW%p`7wVpf9h4)2n>(N(^rOy+nL#OMpzv;k>^<0NcO^g7OFS8vbak+ znGJIysvjPZfT>?3+sNqHyx^hwiS13m%2GQN(V7enU5Z^5qjEqntVkjhnc7n9)K04x z3zy247=^jABvYocOg2-o$5q-)rzk0GhB@_`wiclO@I~PS`Db`wweN?)8hu5G0CXg( zEYF+-OQKx?nGAGX6$3OI3Hcs*_I}Ti?;1<7K82c=c&^#qkO2zY2iSAdjsb<$DX&3z zGu&`La^8PY&-x!fOHMz9#Ycb*OqCPXvPq%@y52aFy{#6E>Rb#8K!6s&gR4Aj)BTI` z*^W0~FI&-7RYAzot(&feYYWa|4pO(4N7M>N4LQ&IS(W86zTBK*1HrtUVG-dxnBpHz z-uu6wy4Jj=quhI$PB`;R8iowNiKAei@j+O>e6d7%(H2+BQ5~()2pbv_`6**8qh2^3 z43On1#%)JT@}n$ulgpQh|Hy6g`tD_O5QrxX1%7bOXZXige#jl+o*(s+q~0}{9VnK8Dvcv7BGWi?j(w$Rut>{f zu~5OB4H!8Eat1!W=`(*hDE03Rz@3X9Yj-MbLP};D`QTnE zBIWfk9;h- z(PC*h<&r8&#R&gf9XVUGoKeiR>czxSF;zea`$Sbv1Sf4ZZ8jTg2BJP4zEZX_>yOpjAqHE~`cpi&<$p!+eE;2^xXfYk zk4I2&^35aKyQ1LNigL#p_kPYns*otkW&aOAJ{I8lh?J?{E$*yR}sns3v!c^0$0+2(mU@rTBe*dzw;T_jEC>i#+u!7!3C~A z=JdY5P7UhAUlDL5$!_^e^<=EQ-l=-tqGfY6<@{Td_oaKvC8mKNNAXMLK=F(>HzI!n7q+hB7D2PFWUR$ZZoyDt-MI> zPqcX^Ce3>#0?$OxAx8L?sv~c1`*d(M`48C#8Xj9KP8e{mr7;A)fz0dyOn5XB6K1UW zax@c}3ngnIgI(hN5Y%LN6*%pj3<8Hzua0@oK54T<(25}mV+P=P`m6nNL`|T2Vs(?D z6H^(%DHOxOA}LYyqY+ial}p3DtmZG9jhX&)AX{wGse@%)TOpTo>3NiQ(oGNMJozV@crsGlQpd0e zXbTaSfTq$4KY(_!3pP$h`VY&$1ul<3{GmrGv@4`&-~`}TRHuHA7{tUsRHaAF&ssB zmF!h_*U}L?Fm7I`$-KH0)kWS;uT|ewTefYiDmdlnsl}I(m;gG&IlQ$}dO&+5O+Uv9 z0Y6F~2`6^725=kVrR4ug2>dapsBbjZq05g1L?=(C+nYaz7_<7zpH2a>N; ziPQZp>kX)05aUVpp*e`YeiPX0x(5Nk?=reSwpr87r>iLqj zs?=Tz`J}s8Zyw2JIQ%^$6#^B}UGItEU`lQ6Acg(Jx))1gw*cWG$LO(T9EYx|4(HY- zQasBtiyMJ4sChF#rtS%#?2c=s2cz$#R=R%m^AOiXQ!~Y1iLW1-3NLj2)sn&JBfnr7)EV+{cZ@o>LM$F{a%0o!>?uOvQf@_=)TRXHt!mtR^}{HJ%?WW zO^ou*UyYjrO1+FAO?9p{7)NWG93|M`Qn|Q8+>N*^(fP4&^9jzREA5FKtkVb4^uo7I zD%PCkiFx%R;&s%7*mGg}PQdZSRP34uaeu)yPNi1pS%W53^aRnaK+G;gnbeE4 zwlUVPR${A^6H3uAB&Jr>4JmX{mv$kSTHedmh_s5CTCuEB%`XkdJ?VTa7I?{i8k<(Z z`BXx5FM!p0P3&-BR9#TZKlzB%guXW-uTWj7qWIYgSn^W#&jMSe?zqWTIZNo$B=ljg z6mskTn^uCm)3@G;qfyk219ejsbOoPXXWr4ESqXK_mwtji{5g&6m#O-SO8S02o%m~& z3WLK`z{w#Dhbe48D@1urctzgih07Z8rDr}g_$cl zF;>+I%_4T%bCe1UY`58qSZvhGz>C-txAnI+u!1efZLQc_luGuxx9cTW`1y;$Wf#QY zEw!{Op2{A`jz;W-(q}*Qta>0rhvTgJ0CEmZII1BuJ7u_vxGiOJ{h*fhRb$O$n$Ovv zFs=TRFWTCnM8cvi$BXL}{ zB9FeRlFeUY4yn~&7~d#JtQ8A-ymWm+F1spV51kC|Tr!?&OXfc^SCw`x^`raLb8ZSV z@A90Bsn_$;a+$D;A35S9{~dUWS|o7~LE>N=MoE|9N&SK&_>$J54tO?vY>qG{nFx=0L0;fP(J)c)WxuZ#?h#OE7a8LvOD816&< z;adG>F=HMF6o!g;p1fxm#-|tVqqh0geRnwX@5tBO4Klri5EFDcV_TgWn`xS&8qglhFEQn98Ao%9Bk)<8akzetPH7< z>;I7LpbVL=%O~G}4eytmHd`CT&(B)+9=ta{LBg@I>pk$>!nV;U7E0 zxBa&_et@r=xKlXBF%Nr4e*Qc7e7K26JBmx|L)A6U6<$P8?_uOcVV3|U`n|yk7>$eQ z1(^!@gYvX0fxjk4^Ufv~RpH!np2T!KvaNJ|xz!z`?b-oii=>4 z3SIpgO!=&$%KO#2E^LU-VPYOai188Pj)e4d2Sz~VV@s}FtOXaupkaNE*imv4 z2X9sdM#%fgNtQ*F1BIPm0u1Yq5iRY~G5&EPQI_V~|ELFoE_EeJ&``pyYxM|mU6;?C zBfAXIG@rHCA2B&N!I#vkk3hI!H3%RtbYwtM?{x81takJ$%bW16+O->GM~LyoX;Ie$ z-U@M_A~isw#*p<3WneA3O{HEGwmxk)LBKS+L0A%|%6@6B4d0?1@9eiPyJI2yylnh^ zd7hV2_puNS9FyHL6W5Hz5)MJ1V_gtNWI+Ifr>@hL{_|fAp{xzuNiJd^AnX6`qHe=^ zCiyZAo6+HUetq-~-xiKG14{|ZC6y~R0k^t7(6pxf)$L&}t8g-{P@I_X>y;Bv=007b z_>Gj$&#kcj^-nVA0cjln?Q`Q8WlmL{ncV;%-YcJP(g}nyg0Cr%{!gjjjL%*?7-z#; zMM1igt%O?0YeXs3+M1y6d2&-QtV1K{oAO8!QsgZq1tp=;R)FO17a|RDaq;}zD41*;O2%TLoJeBKwA>E!BC@T} zqhZ&|@I!Oc)9Ps`0}&qWO%&Ke+D@L*;OugcOFkbIED%XNXrMn3qq?WW$o8H`RGpq~ z5D{^~WtxP&ASZb*Sjs>9fyMc7H_}pp8ELlr|y}!WKzh=G?*BhbkNK2CuRwJsj z7EY~kQSg~KxPYi_>ukDEb2IqtCs|&$hR5BIG9Zv5ZdX%h1Pa1yLQxI z&SZy~l4Fe0;KeUGsBl>?S{gV>|M*0d{m}&NWJS!fephLXf(nU5VgPdvNhGugB)@!i zb$N2G5Lf;k`tG~}JJkLhUhk`}$zScC)&VeAB&-)FjgXkxAULQnicai9 z+A^cwsh4#O=IVM6G|TlU6bnfk;Baq1>MMPJ+^-l z0pW4osPIdcssWpNS9V@ z6d%|J;=+bs?Wn;|o*CGlMy?I!P8H&R{s<8K)ZdR9$NP1upajc$=l{Vi`fYD-ertdS zcv8%}KtY;BDLtsDnS^N3SiLQC5ong^fm)%fQo*eZbsnK3hpe6O3HWP2)q$N&@WAeQ z|95SO?m7e{)C3-+AUkd@&pgHNkN+K=cfxf z*xEe>v(`5D%-35Y=^2vyv-OaJX7=uTUAeF8^UQg;$H(MxBZG2`rQQIGrpzWUBo-!^ z8G#TXx9dRQi0@ja%Qwk@w?avy$lhOv3r-Dn2?}mvUX4qG=^}WNz#Cf>5F?qfM<{(|6xAo^2{LLbXMWyZ+3d<` zAv27>X=#}~#Pq!`91aQT4M`WGB9o`eih**~4;Oq6ZcM0_jvNe&HiaT%e!H3SjhBs3 z+NecU@LU+oHpwAXM#1uTnZZEKff<=Wg{O>Qg(g=9lA_o-!UtZO;?Q*$@j!dZo-<5_ zy@-TBU#~Ao3aN5Z!K#R$zHXN0rYhCJ`l_;3HPf5+`io(7P6c-y2913qV;^$f|3T1nw;jcRL(n5LtDLIiTk!hO>dT&gDX=!pRyc{}LT4=Y8HSL^5;;le$Q7wpwG|!o?2gI#~$zM zqmlCI`G8s<$b&`v>Jh`#Oa@`TO&3I2%2pyh^WtA*JkQayVB@(Q zaNJYf-N|#&Wp2$)l@|h|rGm5$>kwH2eqIYik!$-rKw*;fI+yb7AnoBkz1qyS6(`$C z7ghLq#meKuag=G+g=X8K>ZCdA-73h8t)jKH2+v0h#%wp542iHSH6=`?F9$`-pal0R z-4C*ms)XXM}%9$|I<&27S(-u+tZkDNEgr5 z-OVj3+C~&Z1ruF|L_eB!b~?H2ytv}*m8DGpH=5dsiyD0qnVSsez%I45w#-WYt;Wo4 z%-!9Leo>VqDU5})j<<&wT^2apr}WhAuUg$35JQSR*CgJEINSAI4Z+K*6ye{9!e_EU zCQ_&78OnXem@>i~g*ccgS~>b|w@S3Y5`3?R^Vfd|7w^X#)k~M`;`Q?U=`eqjDk)#; zm;C2w$tCexJXEZfsB?Y0eLijuUjL0I*8;=&wzdGDz&j;bip&EArej&97mB<@z$6{~ zVsjU1h|fWEZLjr%?TL0##x!wec-FwcmWLAmU40(B zeU4Cvr5mXn{8l4gokpUyVl#8f#Yys0w*yiTC6p+$u=`{n8npJ9Z44pLGlDik2WF0U z(hCaU<|!nikD%#vRggnvGN;u7G|2UDh1`5vWX~~7{$vTEs)`U!h1CLvN@>>32YCu( zXGyZ^y2K}DQNQgGTNukPCWP(KhqY)G=Dk^-8YmfZl)3&ObgW`-SVR?6*B9euff8w5 zmg*oYJh(S^eWr!dB7t|G^i2svLjT|GDQ@-~0)VD?6y9%}G0wv|c;jr&VpH^iG7F4VF`=zexWm$rpzYoca$xjMGnKWh>I)v>=;MgZ5>H)z-X zUEy=9pS#99)%yVG6aKMy-_Y_==ox?PICvG~FOr?EH1_YxTQ~4F{-@YeS$~CUL9XAz zhMFqs=qx@~|DhABD!ALh6KlF-z7#smlAq>5#`sfxj&<7jJy$M-RU(kXAchIL=MT*I z6CL%uGZy5JOX%xp=~uIbRkugR0d*1S``(&0^`cg;qN`m=i82?mxwQRPIi<-DHno&x z=Vmj=CyfQ+b#bMWVKLf1b=)=8Q?>^UuMKO9V~~75IX@WwiH#Df{|!sy9w?-m>Yclc+id%#Ox?N>kk@rJ-Dhol5; zG3u12s5=RAk)IT3ewZ+-;Vn7>6uaVpCpPeoppQrp5FF@gI%!tea5*J8u-sWl09No5 zez>1CXs8LLahILw9=NoRW$#_NEk-X~FqIL}GAdzV#0X^pk)!s_bXmp_s(9yLMG`0tFWgx0eCl zhP=UQfr5!BcYh)hZ1B=zYK@Am)z(yoX3*>*$<(mS64q)|w(d9fFk$Iy+z7Rj3orsb zm(XpkimAQoP3x55gmqf(vOu}j7X6qve_sF#Jg|Az@PllQ*D%PYpN-puXG0&^I?j0r z)kcA7gf0sEnr-Xf$q`7RA|pAW_z9^Z0u6PClzFfriOY#AO%TYNM1=(HhP79A>1F|d z=L;7Q)TKcGdI{k#O%Oj%X1k6v;czweg5dLQbjNTzGbArzR7dRtH6M4j38TvNf&d=705MQ$;d*QUBBE|-4p2HOQ0VJH1*skg zByHD%S~$CN!RlYrcj5~4PWYO<=Es1Jt7D5ZrwBJx7rZ7NaLRC(5H8XM*zqD_6DL(i{>a=2=xV@XmH?3wF|8G#OQvsnQ|Cg*%4UJ3u8IR0j4JOS z_R}waHM+*nx?sEgme6Rt3KeAVrcALql2{(7VpTFR` z)FYCB`yClk6uAz69+s-oI(7uO4=|5^)gNReVA+ppAa=|`Jt{RQAtAaui0m}>C#K)4 z;nDn-M~ddTm{e3L$v`BL4kfabbSo(!akP3f+lB_)h(YZa^n#SYJ9wO-&+>_hNC$!{ z=OQbqA)9Q{!FmHHGevURnWU|B+CKp`Jfa{TZ#jAeW@6-E=fxeAGYyXUi?d%Ci)UIH zLb??hU!MXs+n8ms$Q#o6S!NlpzUJz8EH=E!p6-fJ2Mu8x~Bl4Ix;O1r?whb zKuBT61d7fzMIF3L=eQkeWspoCdsux(qf^~U!GvT&bIn4}6}E9w4P~B?tyrd)2sgQ7 zZ~91Pi8%0)yBVOF=L1{;VY)}jfE5*MiUW4~(p=%sQO8-;{9z82W>#|J87hiezxb(n z^MdN&^h{t0mZz4PdpWMK2!S~IctwR2+mjnSx;k`(z=Lq7OAZm=kWr*L9}Nd;Oy;qo zZ!xp82W?Tvw2e^0$;?qu;y3MH9@#IS2)R_0C_8jyftT`U2q(DRq+`5bBNv5kl#$dB z(o}BtTV8WacqSFrOizB^ToW-*@il{&XrRjNvkL>38!vsNk(u~9^yF8X!$r(wO0Hbf z%QQ{>WjsBKX(bGe)|Z&hcsZs#>rFO~q*`G&%ubjnD8DOV)x7W0XIf=)i=RG9mh?-y z=sX0^UmpmXW_L4nb0=m^F2+e6+7u{=X+8gl=aNlMP2!l=-1oj+23N_H$8TzI9n^-p zg^HTIT^@Z--{jy^j!%?8G*ofWHHB_+s{rc3_NAWoUa+78bkc_M}4-2Iw2B9*g(08@16Z##P0^0+t#+|zC7 z3O?L+KKQ2}{fPZ9KX>CFezq>_X#wuXVQ*#0{tS%(47u-KmG9df^X|(}{r~at&l&%> z05Ii=-U47K0DAO*mszdv7mhhDz{`Jyd(SMO_kRmsb^yEi!>#Fq|1BTN=+ECf3C~X= z|0{Ma@~&LJZ+}9``M(dEv(8<-{)gBLdqqHd>qp4HCa8G>jC-uU^{@ROkq+jV3-JE0 z;O39`?<>*#ugm{`zd5z$qnQUtC@ENfwTk>_@ZOi7@$rxUxi|ku0Pgct@BN#Jg;?+X zk3VC=GTCEam<&lL0jIlTWd$p62uAN-G% z=>P;{o&h2~>O=Q$%S8Y$H|4s&dp;h1&DT$6nTcEFU$$V@(1 zOC40E{Cl?$@{9s~$4MzLHb||U`mAC|t3|@8uE}n=KNfNpPHL&3=vvS>@;Q}iN^nAk z;i6sV5+wR}unbTSg6Y`u!sEhs17R~+lZ+9@-_Hn{eEOc96=#PIuia{qpCJV3ule5G zaB$Z$m1PFj1y5iu6@>c@??)&zzmF??qU+*3B7RZP;6hfqOHcCiO!21C;7~j$tGUH! zUcnnleKNrVkWl4X;f5x5J z`!g@QzIKCo@6WY+ap(mQ97cX%!bTqHZeo6m^Kj7}DaUxYpoY;hnLQ;OxeYr|BB9u{ zQxWp(B?z|VJ|eyPoZQEa3&o2--BR8TN4&-Lm2zF|K*SN_#%uNrk#pXU@cO6H$#tfK z%@ZE^sql7m6+{PHgzWe{Qd=B(&VZeg(H+m1A)JqJOKrDu`a4&Jt>_@AvX?7nwXRW2 z`pl17QvUitzE%xZx0-7!Z|-5A948&ape4lE8;SkvACULhxBZ~|H(tAc35%ZZY>XD+ zD7-!M1+j8nNnmmXQ2$Hbs}|10K0~h>Et#?a|AcoLoHt=FQ}A@3EU<$IJR{5~|1D*l z3U~5rnILK880p?_j}bpOb_OB}XVoR>jqY~D@@(%H7r0`7;x>2U?rjV4Nq$D%H>owg4S^Lam&Sz|x9 zCV4jOrXaPqN2Puwhjc08-#j=B2sZq#D4$$J2HfBo;_RI9YIr3|!>2&XQcBF?;vmv> z%rE$)L{sO^_U7g#D{vPfdo4kV0Ir2D0S5qYGFo=qOZd)uvC|6>Dx8R3pXZYeE0 zI{aE12O0jJrOkB ze-xHQEAmisIukz1T~xh9an1JpW+~L!VaPDQZS2Q$$)(#)Zd;wJUicd}`v^A1NYRI3 zb&->)YW2Z)v+kD=ctwIe#Pgh*G(Jqg7gL-HW7U<4!akp5j>Gs;DQZ--U=hp5jOVGNt1z#B=8QEZ#=t*~|1U)S%tf)1x$S6^-`nb7UA>jsPM%*{d zn133U&-ugK5_f?3@XoyLEC0HK+xZ6IwCe;agX*j;G1=D`IGY(yORfG37lkh;mf>96!?a%!Ug>yIRJ|k_e|Es3+??Dv+CNo+{X3RXsuYtFnnraI;y#hctrx z4YWLqG^)D)w@jtH%e2kZ zhVzlZrmk(b9*8l&B*x~bOOxXZSV-e-lK1J{6wqM4Vqv)qwMAzX844Xh!FyG3qids= zys0NOBRP{jUI?RM!>bN?OCB5C=LbK+By_|K?IcxVF#2qPB$<`p>{4p+G^FFJ&HYmfcVB z%5-YHg0LjSLjyY{MlaiLH5-`uCtLtUEig;dTDf*F1h>&yMC{4V?n^R zjZ~y1QdgadOa>-8lQ+=C#2bNoT$wH&lLYZaH2<|dkN>2qVRMX70aucu>Ch}P5v{bB zG4^np5wlNueZ%K3J4#b~lU3ePuw< zKob(3P`;@u7}V*Jcb1%~Er}~Qi3}Fron*0gs5uf6{}n`%kuxZuGg?*+F31K#+lT3G z4q9yoM2kzlykHMz@NOT8qcLUv*67%b{ zcg&KR*s!PsEHe%X2LzL;U)7>L{6?E|?C}s)Ev-x8GwYyoU>-64gZB0NBaVD~QK%YH z?gVN%!PD@FcWlA(Qh(x6u3t^eX4zlSgXAUKlg65p7QgRxYb%<7Fy(IdNj%{XHy@5M zcHiqP%g8z%*=X2^kFXKe&>PHX?^VFYik$o%N|z4yJt?^dY^Ie8r*XjwXqX6riWkL6 z;>mVmpO?KT(j+EE#*Z;dpl;?xpqZHkj4BAtPb3YPteZJ;&5Ud82uMSLW9-4X$}2Fm zEisTv)&X~roSIhB<9OFgfpdxi;D&r6aO!4_sE00eJmqHkq%*H+ohVLvvR8b8WLoG} zw@V65bH*{?GJ|2vD%%|iBFvnt=8koUCEIfmoJm1DCY-e6-U3z3krmkM_vdql^F7D_ zaGF7WWcv##i1RD z9$1`r&~pCBW8`KCX-lWn|%qtXB^Ng z9&`akbzERio?*Yy;Z+OvP_y>|RLxv@O(S4~t&FeL6hk@@689Ez0cMDYws9}|y zXr|wyWmVSVwfsA&Poo#Q+gp$&U?*DC!<6)D_++l48hH-B} zTQ!uG;kF*KxV%-wHgq&Z4h{?!8tfdMfvHGir{b`z9{V`XDQvlX@ni z!y~~_$OK9bFY6#v3hd&>@eC!?)8fpK8!aV4nq{3WqkcUlHu@?-8y6$=xc*Wtzr*QZ zw0Q+Ps7gW9r#ka9SCHwld(kux4oQZJBhz#s*Bw{hOoc&y55g-b6y+Qh#V{O6DN08>xFsvID zXLPsH3}7T^9|>D^3!PhYj9)YeJPE1~ zc;Ba$8Q^O8sS5ighc^|G+%Q`q>=BywVrRA-fR_S%TS>Km3y#mwNh((a&|*`N`HoEP ztcETeOJJwX_bJsy;GQVB<3$}S6oejIj|=05OOih{I74`*%R24lKa-lwXV99_N`$es z^6XUJ#jK-01Dp~D+EfH#bn@YiFJg22Hg6$Cpb3a^lLUO%EM7oPcB&ZKPK(H}hoRJX zBojd~LS|N0^=a|3k?ZLvID3c1`U=yYl%@G=)D7xN?C{$nvwPAu$W)1vapoB--ZzUp zJ{Lb&;AbRg+uBCPJ29s zrY2a{xIbBTEt5AD6#X@*dUtz<0eMt)s5mE84s5ef*)v^DKawFB{ODAJTJD-k4S5HP za&hghY(oaK=rCf`0k_}N+jUb|UFkHD72*i(1l)*v!rN*rtBCnV`ZHG#J;c$SeFTIUzREILdVBM88Ae)0f;wOrAc@ukRZ`zuUJ^ zb)G_Dqob-mV>%bqp-g)bwW{ivtwg?_=8hno6w%sj{dYvf4*o+|Y{c0_+YbWD6D=al z24+MXr!N@_k_&1-63()asXU&Ob6dYhw%otNzCBt2;Gmz$stq|1dU7p@@qkpP5U5pN z@0g+uL9f$Vl?FV4(IoW_<1jujMPRy8!&*ia(+4R94Oiz%Cc$AusMsbGl0PJyA67A! zl$d?Z01P4#kLu-R=1QTl%a(#q+OHuHLz`%tW@zVYK98AI77sFd_+@a@s3OY#n zJ6;3fy8dQEisk^J2?wXr%?s)2c?Z|knT97IaANo}s3%mDJ$5f%gL_wKF{f?DGGLr4 zjo6v+ln$cwNL`iTwZb;#9tXtAl#9<~3HjkpbPI#lqBGa8SyVx&In zNY4+3>X2xku<;xtm8rcQMKM5^x}dPl#B6aKwv^=%c~=Y-7ir_I0;8U)_5PJB?4suZ7P~F#S@{ANha~bnV)y5kTKQhG78-ez6adPReK>scgUci)OfyjU` zI7tdX3xORWJ|;Ax1Lup|4v7U70dLIQ3wT!=VmQ(ASrM0Bz_c&sSy;u8G_E@)%Gp{e z8wcS9Q%Q-~Pfc^O5SK-nPYFBo5($!Mh?GP<>L5mQ8fT71#AH5=L_-yUet*(vy*(E` zI}fw?gH%hm8db5dF+n15*e{gtoctppeqo#)@t$Jsr3_PZqQc`9Y|$U+w9ux7?TsM3 zO5qr?7cmr<*^bqwX#Oj}-oy$dE(#{4;?Roo`;pyqA0?g1wM8@?d6)7!S5K-8^6T+$ zRs|N%ES`v(ZAg$xd8Dy@ktK^IZ=+7W{H+WSTR1|AD zkX@Ri4N*HTxj)+s4JTkkv%%JW(#4lhV4{>h*Gu#L&%z6yQePPUC-R!_LJAn)%P)E{ z<+S)w{3W@vcFsC|eO2qYp--s4GcnrpgbfL>zcQjo7F?@*se5V* zm7po>CdcK-dkd%|Z|NN!#?*IipL0jm&vcSIZrAM|bPFoUCadd`y-?m@sAvL|Y58_` zq{&dxW=PgJC{;MvQL03-FRubF!<9(eP#LHMj>lUXA+euf zs=Y2bbQxJ)^S-9EYFw^MO?)Hf=K>dwSm3Kp1Ld%9b+?s<0pT3os9VlUXzL9g6CKP# zrtjC{mQFH`Y@tHN2J3K23L1gBr-+tf>!f{EAPvR85ba35xsk#1(!_>O4k{)fY$jL^ zxddwug=r8dV9o~FhL-_s)OweoaDroR1nVM`%*Y9GU`A-DOq(gsJ6wpy-wJ5%Xvs{K zhDvQ@_eVL3(=e3Qgz}(-SOFT)WK%`XjF^fkDVDJ^vO0S8O4>F9xZ(^Cf~-S{dHL~8 zW>{;X!Q94kv{){UfF#`9j+8zaLSp47RyUE|ceFCiirW-F)hkU554MiZ)+F^Y5*d11 zv@%KTkb>sGI^8lYamz^kqySgf%GP>@Zfm(@kVrvWRhyRNP`3(J<%MCjN>W8#+7>Iy zLs6U$a(&Bg9S9cFCnG$eEY(fr>g5xbZzv-GktN+Z&wqV9~I? z?4PlYFb#m-O8?NMfeZTD4)wpYr#b#ZmhnkkeJO;|}lBu#=eu z!6g6XFS-aHnZnv$F&oGUNiYq#6rc#y)JpSb$!NecKr9tFDc{Bh*LT3`;@}QXIr3u6 zM=p%|WsQU8Q{zZUV)X9f)fV3t{6w!+&c>-HT!vNF`7V`&34+}gQ>h{naGjg;2j#P= zx5m2*IJ^Zvn^?PDl;OtCmFMj8AQencEkhG;yZwgw;1|^{?Iqyg9Sy0>C5GO-JvqHT ze|vHD;>ngxRTd^E1yTY2d*EX6e&+)O?SphxZQ~s_&(_>7gL-ye091zjdnmXxA!C4) zCpbw3F;+G!;+^{Oxvk;xMoiE269rZ8iNU0q>fF58p1-r_M#?+S5;VqBlt5HlG$40q zOv5xGS**mIFY(#AHow&2KwOi7_1`Q7qI-uE&2Yjf#dXeFYn!=KW#TP?)Vq0Rbu%}s zm!}s$ogG(9>{1XcdZ=xF(lZ`d*wmX_Og@c1Z*J!{_md3dUfq%9SUWzq42;Wb8&xlY z!u~vedjcL)1>}I6|Kjr#pf--8LXaR)>P2mRS@mhTnocnys=9VyZ}j=su!YHL2fHaoxYv&j9=R{bv0N5lPZ z|8Re&nEz{co&Wc7o==}T-=PT|_aNf$fCfa+{TE|_7H>p)=(`S3tj>3>(~prRL$*{I zmW$g`ZfOa}w{5w)GHF|p|! zN%K12wT`vQ!YDSBoU{sf>Eif0#1rMQrJOS`~FXo?B3r>Rx*-HMVeNkM0``XPV>cFrFe8q3T(5uwoF3c3RZf%uDww5fcdpi zXjzA$E8T=D8>wCZ^NjzB@Z^CwfF;m`inf!8o@U}iz_Jp&Ezd<;)n!emyaaNmQR{pAR$TsRQ|40Zoe`)wX@~PVog_$OkD6x=}%=R8tXbMSS6BmgqcP( z7xCg$!eH)VCA?bs;p=a!dBERPP?;~y|1HG-N6cT8_y4as;(zb&74!dg_nxiee?Q7o zwe%zASD#Y0E4^5##b~a!{Haj3ZSUps$=ItFuvD=SHi62HrJM#r_EAtuhz{7l@i?fh zb&qK1lQ2QMC24uCH#-oVAi`Ftw~Aiu()0FEij*nJl*4DDTxz~JQ9>Evb6rbtk!~PqqAU5T?Q1OJ3p#GM#DsvTV52-yc<{vvde#+onK$Qy1f4B z^y2L0zvqFk*kTPtGml{1*3v9}AKNwNYP`O%?JgeO`K~@CWAZa;rY^~W^Vq77>RLZr&aHPE+aZXVg1=R z*A^&SV3f`f%k<2WGL;Unl_|>_^hym1u`jFwn;*Ev)m)Wg?gFlL=7E9;yhaXLC@tny za|I>f?CD>P?AHpHR3Y%qMenQH#CF86^4^6AV2vP{m{=76WRcQl5S0qKZXs#t>O{La z3A7eBXXaDw_WW|-iqU+#GW3}$KT8pk1vPnMm9bSKbu|krlqcnabbz*4jJ8IY|BFm@ z+4e7-h3)Oq>j4c&dwaW#+^k{e)29sLnw3z(x2=#W)bC_!90-Mt-Bl{Kv?&!-4ozS znr|5SjO(izNTFwy9J1W5F)PcQz26kNDrAhTsFmeJw(CVPOPI%k9=bX{ukYGQW!ioFC%j?V2<98QlSO2~~I(dEe=K9^`=|vgY)#dVcc$uOKnMa1K z`4^d9kb(Ukl}8Jn)^0u&s`5$mgTJ!iz+)iS)ZlU zuqRfhW-rWXw!NaDroC#>Srrg=n!aVhXxQZr2`5#+1av||!ufg3`lLz#ohwiwd=}gh zo!LUZL}e2*1mJao?~*pAkY`-$Ud8mFC$kl-xpwS?^P)g50lf|20&VIf?c$?J*uG?2 zRwjD!-A+tDUyCYnb+1)2{uUS{(jB#X#E>)7D>?p^Z<70qfJ`~Ym~S0{(6kUlj? zo|Z$@6R{U-TC5VWHw-W@Zj+6mCoy9QP|*tNZwW?qn1<$N=M-7aKuHv+{v>dVj<_t} zFUj_GDwpi|E7h+#Z|%gP)`2^-PEk`-YGqEgtHfPF5UPyCJCYAD2|p~_AC)u{W#Ltm zXWSO~wemYe`D#ZKuU*&-wniXJhA;2zDp|aQ4ib-+-4SgV?1ZHY@$3fq4;~>;a6$%Y zz)2!Ux*_hEBN`4{`5CSnKT%hFNSiQ2IzF$FOr6xQ)X!oW;cR!737=>~}^R)DC$Kxzt1<>qP~==Mt{fLAS`} z&hO;80I3p>)qyhaOy@a33HB@-yi(DbOxW)=l-p9zBJm$oSlXBc1myek_R$dkt-F6v zjQ_URJ=k5xe|U_if_;el*wZ11a>7CQU?So8aE#v4(C;A?NA!XPq-Ey}h8j9&AlzNt z+vhSoOt+I)LfkQOBam=&c$p~ z*kN;;IfAXqV)c;~0GE=SW!Sz*10usG#Nw~sVj#?UNIM8e6ui`V54~@o-2(mJKiFC4 ze|VH<<@Eoba%C)c3@k-<)mr@KP7$8=e<5C?K zVA(W%($%zI%as0882XZ+YjIkuv5?yxDt$7LOoK+5DACx}NrY+n$mVRjLDRaDq3HC8 zEFPZuO-6^NvP|n}L{BE!;+)lu*OcyE=3kt%b}q?8F5hA?cId2D^7$Q2bHz-HbGDYR zmNmyBooPNNmw$ApvX$OSmZJX)Nq?H-|L=AWit+ys4%YntqdW_c^hFGf7A2SuIWQ!A zvuv-_4}j$tMnlwo+O8^@J25O*q#nATVZtI{`KX)A;H4ooRyyx9LzWLkJuL~y_^JHg zPdETi6m8aG^t|FD`urKaFuz36YC9X9S!TAELxuLZ*+{44DUl6Jq6pN#TQ!zJ``flo zxG3Jwg;KBgcxVQ)RG|oB4RnivRp;a|4-)HYepx^{k`=3Cs);_uV%qoO#{!YeHs3x-;H+tk@m%;Q`( zd&p19g$**R+{}g{NzVKVN3%2zEI%_ZjRWNH+X4D-$vg@UHY8r+By>zznxMlS^J$Df z!t3l^&g5EQxqrCtu`m&{LqV}<@=3D_2SSS&Q&Hnru-6KwXwApbS4XQoA^*x3Ub5P9Uiq(-y0>;bvz+eU?vWx-Z) zfs4qK1ur5`iWd%BsN4D|)xoa&>MA;pQ@VtG(}&wa^xvdlT1)`cK>zplO7wsC*|W9%&!aq&Hw7xukTG_9 z9vkBAB9+Hc#5;!6pO_W&yO1muZOfrtwVk2*R;z*dA`0e+cs;PRfooP?!mVG*#<}rp zflD(^ywNKQEj5TK=LX9VRPCFSk%-GA#t9iJXKJo~6-SoDU=d!cw$bye;I`I`c!Jyz zmKenI%0WcTe^oWr8KBQgfP%iko-A_y3*UqW#DI&ielUIM2N9W3|ko?Ge(%BIca1>cj!cL~cpD zK)pu40;l+;*gIu!cXr-GZ&*l5+}y%kj}lf$LycqI`kGe$5uZiqKMjX5;e0{skLLUT zPPgd)v%7n+x2FG(@q8*Kyp&U{>AuPIFUag0aQP5Lc~x2KtL-{?j3eBq0Zl03?$P;~I(WGIBj%_blH`uXw=^7Pmg#+x z;BLDp(5Njbh`RPAu`7^|2??c=(JrYpWAe;9ldxBxc^U4%wg5z4HQ*M99pvUO(VW*|qobJb#L#CW1DIzE+? zK;%kk9X=92dng}Ob(ADg-lS22O$WJ+mYZw)Lm}`_Nhl(FHl~ufon8op)W_Z}(Q&J@ zM^TJ7HT$8Ws0nqKBSO`&C+ye`PBk{{fjkC`IdRrtCd%f*Yvnq2*0ASu&4U`WJbmwkMeb;RLgYG_2L{z&4fp2l=6)hae_d(LqoLr{z*c|{19}pZF-yob_WfAAS3gruV)5hGl<)*? zJrST>$7Dca5^ry+F@c}T$EhB~wYD#mPj~09xl%E~exZmc^}JAwldz)LLB3Ew9Sn#d zPPs{7gF(I+Ovp7{7G}*A{EY%KApw8U?d_slGUeC5v5>qNPvQT)?#|8_(GYtHosbt@ zAC2+HYfgV7FS-zalHe7_TCzfNj?f`!Cb@&^Na-$3Xn)`M= zrr~u!!eKH(-P^)9kBy^i7!lene1fGSe<$Q)(uo4GKys#;c!IeX(WIRDn1fOe_5}QE4iwY*8*2L+iBFrVOfD!C;VE+KyytlJsP37mh)@6F4 zC0e#B@U(wDpg}@nHF+gF+UmkA^oYGF@}JQr7!LQ^9e>mO?Qb@WsbVB@`{+mQn7>vR zyPn_x2!c!{HPijO$AErxM?ikjZx*3zL`yb`|XVdgYks z|2pSzs2#&FpQI5_VuHu25lKgz+JL&wvFs4FqqHATuWi>_aD8-UFA&&-qhuT`yE1ST zU8enauqN7@g%@snvuR0XE6VNE7Vfn>c!Cogi{ibu{yR4`IzU_c91;~F7a95=YUiI>JS znMxusrx2)t{_pPWm+1fg&N}|bqdWzY0Wo|c9-USP{ivh;mugwa9F@OE%C850RMr^T z`X^Kox4xogMPCJ@jwq%R8jvCJd(ye1rQ%hb>kp^g!vU6YFmwsQ7}J>eCozj`g{DNn z20BrZl{rb!AZBB9!n|7&KLy(qmL}-r==l2WPp20bXD6qK#pw9Qw?Ds8x{sG{e}1Eq zb~xze<>}SgiTd%cvsbUwpO>dsKbZHIr&sUnALqwM=jzv+)2r)$p1nD_zC6A7=}cw$ zm9H<3e%4j~eR+NSW&!(fst;U3iCM|LFWIt5g*mS9}#0vo}%`oXw7Sd3JuBe{p_x zV$EL~9`SdasKYT%#c{iNA>JN^(@i)%U(qoASpPkZqJWG^nBYK#WUMPX;4&~*-FKbt z>VmNZe7hjstp;{|-u@w;h0gzpx3KNcf6e3nxm(o#boZV;Tc7`r@jR;iC%6dJ*?pc@ z(c0eyD+J-&bYzx&SO+ zdq*$!EJFVm4*ag3ru$!aXRk>A5BAsk|3`VMu0bmHuT!AZv!eLg_dy6K`+K0@k+f_inW}DRIUjMzrxt@SrB!~nS<@bJ9f%uHK1Kjb66s{%!d5hb#u z3i@uI_nRpvxi$oy6(!!!v1~q6Ou!0|JO_feOPKje;qfb%bH%LJ`rIuN7=JB}{m*$8 zJ^vR9{I8y-`(JmrDF5B-uI0av^L(N6UuOaMqp|^3u>E-gL2ct(6gmczaJ-?#rOZ>5}+pj@9>})|6#Yg z_WyXCCzDrfeH(#uw(|m#Tt4VrI~7@*%i+gXLa@F*u`<%_Z)1)WS1h`AQm#T=<{)~< zNnA-8OLBTBevUc6W3g{H9I1EZ#!cz^4l=LKipF9b`jG$qO*%&VJF}XZm9o5HF{)*t z^Ldvuj!U6WbMIgD09lOwFBJC2JPq`JZ>N<1X?OSFU`_uY<5_(Op08`irPt^zOWs16 z`C~TfiYp85V+ZNAH0Qb>sWmqddfMA)3+$RI3+jvj#jrjlimNM`xI(g?6=ujzX;fYK z)2D)*m<~|w0A4Zd{}Tr|^hn&cfvo5!O9)jru~uUmn*6)UcB`t*ibhdY?-B&|7vj>u z%N^Tas{%hXw%C~A!<=c2*sHe**Colvgv22Z&d$|PtQWJOx9iOaUlFl5DI_zi09TaC z2T6!@RD{ZKFGha@?#Yasiqh=SO6z)sb!+c(UIs0?kz9o1~U zP!-$WwxT}jmjaf$3KEXG6)3ake~cK1!d8A6JIPL6>Fp+Kl2ybI`xY;>>t~^73H}dD zaq;|YV6*(Ml>h&5cYXhVl&AW5P#OWP32F${sC5lrDF0^xrZ1fi^b06OzD>~|JWK3< zRdi+hf493|ivMzWaJb(8kMUIR|JQ1Yt=zwkkqw&Q~W#6&_*&+yrZOA=PE8IqX9DntlovyCn1@Mnj!zo`wmDCpege2VG`9=(!i; zh+L^KEjlK*{c=`cm9-0z;zlggoMsO)&9oZt1NPOSoQpRPf}Ij@_E2L2sHfr3%$D`4 zH|O-(t<0W7gnnUt7`ROB=3bD1U`|{$y!JdkwK$4qoJnmv;9o48ukXz4kjrwf(kxH4 zB(1#d7R<)_9h`jY=f4&`|FiJjtF-^x+uP}u?7#Nc`u|6H9@YP6R{ZyTqM%Dv^7410 zv-=V@WM4nMPdTpXBJuavxqH^Rdlt;y)1=w12K$R<)%nT^Y_zXC&{sVg#pV~clq8PI zTdmZo?bTQ3=~m&&_h3Ic$#dqM{i+=P=63q~{28s;%auKg@PCPzFZg%v)W7gF$$y_c zEAoH)htJmXpGSELcVRKPFJn9=cPzfO#Xqag+zZTt=-4UW^$n` z{z!0;jM^qvU>XN6+A1pJ9HW9Tpd;Caj%?^LpS*aobvGmlavT{p)`DrRAsZZ5h17YYT{WdGScEbjlqgYNqN_b5-r{jZt^d;<}pz6QN8 zF%fEGGbveRRY0dDqXbn1?$L33sv`v1UuVV#vI)}rpM%}C{mj4b|9dkI#r}TuKht(meS|fVk21=0uCCBH|JpMD=S*o0}@lkw>rwb5!B}d z+r>IY(4DubSb(I(L>wrIM%)`RA@MiNMKquPt{|&)7_yiw*+&!qf3R1K|F^SqxQ_q# zD9;8u$4NrskfVelInC&9L_*Y0Y2edvh$8IW;vwN~YXe=4CSYO&4 z(s1|`jO7zLAz+eky~m;7+CU*0%FL2mQA`H(Bk?62{nNIK#5P4Ngqi{*6p8|avg$1FrY9bY1!#=PYYY0`mzCHO73|6AOFfAx#eup|D_Klvo=WDWJP zcbi6NKm)>C-?{uQYJKPS@ononHyKB*@BXK?fqud(sGrqtL0Lk z;EpUGvtL?}NagZd+v=51^Zvg$Jvw=P>W=-T` zul{;+(Q4h?+;}YHEFdj$oFFQj*V)8%MNtl_sqRHz0ssZp6*Cnfrm}b|$%pu<99!VX zMmOWBqh8$f>ic&bD4i9qh3H*K>tIUtr;bkok`VZ8HR+QmVAC-PlL|;wm8`hz@d{!_ z0|$j-GG-IPkskNI(mshpk`OM6L@b0<_EL1zr>|rE1vp#V{wOzaskB*KuJOOWK)a&YPS(PKXra~mH%rk7Pvo$DA34r|#UA{evNT38 zVJRRin;k5Xs{HlXz(PE9F?PMB}b`P~L7*OnYk&hG7MxSTF3vdN=LPEm%dCdA`W@+?F6-7`M zagrq9?>P%DaZvt1l6DV$LT$kz3m|Qi(Wj^_nCo^A?d|OBpwFmHLz++=oR9!dFNw!O zpSOGHaOWv%D|6B8?Vfl$z%)o>ay5zxAF;r1_fU673|(y?LGI@m;XS(0MdupfvIG2l z18^0DSM`A97eqniRRdSsn7g%mX#d&nQzYMj9@o4Y*uTY6kvk}+47$*M4RxU1BM{B7 z0XkPz5Y&O=gmXF!QN(<11NM*|BxPBcDsA~ zgT3cucR+4z5F;Z^Yn)P1RN34%4C&@<@P;MlG2tYfvAN1M^KdEgZv7Up;8J-^8sPdg zlP1rG%Z}GIvz2?BX;!r$j9NWhCW78#;N{>Fgl>MgAja7paK#!#$`OH}UcQ0r`Od@f zrK2azSYMiy32qhuVGZ7&L3ejZJbwpwQ3ER+H0Y!m@}HRW%_DYFE|a&YO0 zZ8PvyvA%SzYPcRk`YQraR=0JpHSj2xg|NQ$)$B)k8Jfvk9H%^CV|{IEY<)Fwc};uz zUdB!l>r0h2vw3!24c98>F&~|>qPcs~J@);W2Hj5&+q7 z6{9cCpc6;FPbEiTK$ODt0gI7JHD;*+mj(>r8Zn+61r&4Aa9_R`xZ&Uh0#hcbzQ4&) zha_G{w8Qh|AA~O&4#h-h1A|$-zO*yt=uB2=Y8~Bx7tOLPqJnDFU-5G^7Z} z#OMqCZS-*ZrQ!P4=&FWG-18dv9D^^LAX5g`$8#*sW1aA`<%IPck9#6vm)**-F;v zqIaAO(m?9=^d}k)(R)v>7$sJf!sDZ#FVWGff0_=(^*UxjKw>HD=e9W^q?GqpRzl=`HjK6J9p)7en{Z@a4^F3HTDlEdfKtIIsPYRW$d zF5@E7eE&Q?f7f|U#^R=~Yngxvoq&#Mjv7C36Wc~L4V(B4^NplioL3R^6)OV5m{R!% z!DU&{G|l6cDLM~y51dDBE;NS(`bgUu8Od1#To1t)5QVdlCdY<*s6V`DVlf$7-=PkE zCG-I}R|QuSOtPQL68|#`w3Wgolg?K{caPLZskicQi26jDA`u_au!3z{a*atQ*BcQ( z4M;rmhF-d)-#+KaR7G1X8If2393o%pftI=sSa4Ou1*=IrGc%n?M#2oU3#RT~{ z!MXAeV%myv#%3_zSJMdaWmQ32H_^nqK`cf$R(!IXZGa0tE&i0?;`Fy!a9z^h@^BfP zc>$*5Qu&+i&JT1Y^Js@}D>f+S(N+te|8xxehHRl?9v`Hsnh{FqCJ$F>9-HvBD!8lw zN#*wL(Ydv*)cto{uX+?T;(}oR=a?qsZRnA?2}T*NSr--yuH>gInpCYw=z(Do;dyh^*K0v|=jhVb;OmIx4AT7e26JV&d zGWwx>bT|RefR`~Vu@FVLDj^!gY>aS*O1TbPbV;Ns-O>3O@|njG3(@;i(VG%RSIHv8 zp&$x(Vlp7HAoiUh3B~P@__oLbN3=8Py4`1;4H8Z!IF{Wyldj{jm~6vMZNTC&PLNL$ zOaty3ROxYxAxn+ue0)02tBD|_<23boFYa zydne(Vu^Fq>1Z(&f_0EBCu|(tfK${{l#D1xz@|v+_z^+3WGV|na^o8}$5L47jpv_A zz*>V6=7Be%MzwC%k7Z&yhvm#emspcpw-T;7RJ;$BFDS;=L%W>^dt;mXTxD&g93yKeVjVNp&6Tr(_&i*Pkr3_p;5<={G>VI^FI ztI16Gfsz~zSEGhIgUb}1-TDK~{uEsD^nMr8UsLju1_UnCH+i^7BK^3k)-!td=IsBx zJH38+_UiP_(d*O8$_wyZ2YL>!jCrbIFf#Kea4J(4iFec|h!Y%pBal*9JQz5n`9ANY z;PApbmfznP(a_MEBCK_AT^?(;`lb>tkX4AYnhlH^RI}2#c}(JT2~MXLE|XCtw2AFK zl9Oz>og8^BfrYZRt48@CxL7=-W;*ZDnXkcN@eqfU1J<4je*bPnJ?XA#O(Y+&H1IRA z&b;1fjc^TEkPY)5y<$V^;Q-0kVueU>G}49;@wC9^FG0f^;qoaLE9wN+>kYa`M_xiF zIFZhn6GnZBBJo|VH+fMaegV3LnCeEjz?}6Rl@4Sa026NzY%mCqAWCw|!aN`#)D#fE zJ6nd+Z-gtS>ApvL{myb~uv$kqg0o-Ye!RnpH+oHy5%Y5z1^G(MVJh8;eUcC_$*z{l zKbE`bXPS)A&qr6sKT5Huq9%7V2$0VZR^PO^|EZL{T)sLzJx4T=<-i&l2Z42U71tLM zA|4PD0l7Tf5f>j8`W$X8(CSToVEmRwR{{Tt#B@+;=K}`@$Xer68aCY02qgjd9Mgfm z^@;9oQ?ZF7iahYAUsMTDhj3tOD;PLnjLju|K!<27?(cxBGJVnB&NiJqP zfiXvGEEr!JVxw7IfLFuB0=d^c76cGV-UfUt4Fke?Wq-=hMK&+FaLN%U$+jyamw?SF zER@WE2Nppm8AqLh#HMak6}^~Sw)&>YsW^t7n#HMNC4yR66-Yzav*Ol01ApRFkJ7|O zgT!4-Ad&&W{=Dm|Zcvh)FgZNU`EWLXBvN!hiT|{`FRQo^weB2PcQh2`r3As~FkJLj z0Dnih6eeUjdCmD__e430(-7nndhSv#ChjcR zKWf3{P-f)jbrQ(=)>|fiU&(6ApsGHF8dh5d%^Yh@7hV!=)pTv4m6m~Pud^+twTpcF zKV{L4lP@DtzI=UkE>1t6gbBp~cjvxDWN@XN#Q!3*jjknJw`8hW3j-HGPz{`DSPVr1 zC4S8TSO!;wIlp7EKMS^{;L;6Cxb&|E*rb@dB6DVqhG(&Pgoc-zNDHnxCbAx15`uXq z5=uHv(`msq$3!j%SAHTTTuswydpqh-+x6Ou`$C-UCQ1DL4BXFts^F4rZS^hbShBp@ z(^18XuWkK-Vxl};VXYY6@`_df!5)y8)Th!#3M>u`CFb(Br!8}IH9DxphP-$n63A=s zjk+1!h(X@e!h1z{#a5jOFPu>c;mIQa4kw9pX6j>a#>`i&0l|3)a4-IObUZ`+`@l5- zaGB$8re~>yi$jVIfbJqoYGbZdN@%C=bt))?sUm+{2~DJjk1ckD*l?joY=v(IYL-c* z8PswfJ+uW3RchugbLn7nSYQT@Qy#1*ogT(FqyQFbiWR*>CcZc&V7Z{?shs%m~=BEMLx;Rr>W+#h9-? zK7Jk%>Bgifm<;L;A!dnRq#_R_9Tjn{>u?8Uoq;ZVQ&N|@h4M1^HJn;%)r4Cos`p8|j7E({p4Rx!IExgQj>};6p;HuW+-lGe%-`JqB>(%4ytlE6x9v!D~fPCiN z<{VCHTSqru8V692cf_9yDU0ghD(%iHxMmqHKzOrfJ4@`znQ)cN7pmZzWw`J_qlG%S zN-ii>aLqDYc%adOVG`d?NE}mtMp!>xLa~Cz0xOf~6yOs0+Pbk5Hc08yj39ETaEo~@ z19HzeAEkSyDz4&pOSNMZv#~fhQ;t|fVk|y9*xs-JS6CFOS#X&FONm$kM9OveW$ELv zn%k&`3*t9TaHUZ4M|Ot>pg#3u6o-;CB)5cG=+K0P9h7DZ?p9#1r76@0ab8GTwKWjr-gG! zy+wEc!tP9zD)C1-BB8HC=E)dvi=wI)F2Q^DNg%FzCHDR`%*urs%Q0R!FLkZ>8DWg)MDdl|U;R7RjdD&UC}u8VcnYJo0YGw_G*o|OCd*#yFiPw_Zt zS@zaC&5=$9?z1tbVGm_V0bCvJ#$#idFPyRDI*o%KYX5mFidn)u7Hsogr}O76S$*52 z5Re&Rpo42cpRRe@zm6b@3*=-`@Qc0`wKK_DAb^ifh10HvM>H>6YiB*GuNdIO=RWzi<}z(7j3D^T|r&)3$_~ z?Ox0J;<~Q&3-WqI5L90@2PW)DV5CsPZaSe!0O6u9#kdWp(tc_eN~tf3;J)W~clY-5 zA62ONb`N#UYncH{hF2<&RV7oQ9LY#dGS)soYt%_OlQ5sg5Tj>mf0u#g%_r5iXr*V> z?G%A<1!|yh#w$2H!CAJY4Rk>UJ)|8hHMQ{A*s_!8?5fhkkR)e*59!}Akv37;n@nHZ zv(5|n2obc(2mpM@C!1W4*?M@e>p7i}!!I=~DDz|8#kDT5{j z^oIZ4E)NCmkz%BOT5`_Mho?vTy9VcIjyQp|zY{KuX+o4Y8a!);DP<%{3zE}f zoG0YJPv5;26A@2xgNyqAC&?o)RPFBvm*`{liR+I}kD zmZDsG_ktfS&}2e>e}8($7iCVf*bnfY?z`<@#O&*>aEdC{ct%uT`R~XgP_gKRIX_{P zciUlj@KhE(F#*CU!^Lcc+n6l;2EUtt)m;C=fXahhQhog^c?4q@3l9I*oVL`H$S z-9nIXRbLPYR4$3}#lPr%?>Zv0jQFk3xo*GRSGz#z1i|z6xrPQu0r>i=EG{*EdEEXr z_p@PClqa?{AMn$~>@EN}9L)={_i%AV;Z0r?x*qy`X(=otA!y95)jPF8enc`plQ?4G zPlkVyMpkknayT=F(^#RlTKNoCY9a)ub+AB9THHC0Z+tfsu7BgfglwMT2`0_S&v|;y zN-O;LueWNAVpTn?rED|eifx(?NECX)JwupB6e&&>>2h@x)PHGX=~QO2GJ>DDa#=n2 z_1bMX8xB)e^qzN~cj~3&>?tYojJG^yszLdCZ928GTpm@+@!w{Z5vKh{8TnBw*H6>< zCvmOS7Cug-@3Sa?2mvA^{BSrfh7B#2nU&nEmU`dZSFNO^Lbc>^ojQ#@hRs$p{3Ao^ zhcuT!%lz}p@@uWOk)L0RJsQ@D&N9FIHwgL)%W@zQsM#z1x(MnT`Pon8BBF691dcRv z3ex0?f+tv!;-!xkdniiaClHj{HIo#IB1z6t;;z;8x~=ki5i^({c`<4J{C7V7!OKgMuj19H5WJ8X`Y8K7RIY(gXR0bnQ~gSqW_|*DRxG< ztp!6rNof2~9o4Dns0#Q~Gpb*chU&*OFQyE$qOm$cVNE;8Uco zk2gqK{)}z?&JPmr@&U@3h<%ce38lDYGzmZDbQC2a&9&dfgKseDkuL7HVpIFXXCuC% zpGK51f1qR*cHxv#a(*fyYsjex;0`uI%C}R6b(h#SDB!3c3`I2!%MSEA(Pb>&Q@7?p zlyM>5BTxVFkAFOsx?g%plOB0`liu{@Z{sXZ{SYiEj4j8wG=~X*Cp!mq?oZ23WW&Vi zb2YODIhk_Pmj%0OQ}_)Zkl@--1yK{C6P`p6Bc5!^HNE9HuM?8yA=(5s7ZhcvH}Ia} zEoHCW*4~A^byS?el0J;P26qd=-QC@SJA~lwE`z%}1a}Fp!2<&X2?U4W?(Q(meB8Tx z@9zF~&-wm)PoM63tDmRZtGiGwEyWx~q;{2dW%a(k?d&s=ruU>`TM291O>6QOS}7~W zC}IOeb*l}>C>5PtFe3qeoMHORl}3Lx2~uYK%HGO^IwrH#`6^-k=4elz>qz?lDV`BVA84kbNJ!ywVPHh`(g~85a3WdS|nMrgai2fo)Vvp{* zlcF2~35HNAFMd|n-XyK=GHK#h997txW0E8ESJ8h;>>~8aBGL05+VSk(c+f4s{yqT7 zwd&C$aeo2;03Dk9?+>&l?n6Aw(5Wx<%iChc77ph96P;QgMz=4WjpCC{k+?n;Y~!JS z6|0;h)h&@OXtdz>I}rGCHa(43PNtg_UA~g({J?st6G4m20D{gkqO3(?$Vc&$_Qr4_ zH5-{A`MHW5arry0+;@gX%tMH*NKJ9cB zTS*!ZMB@FmS=|+(x#aKiRuj>cOn_XzTIgaF&p=!zgH|US%55f*9_qV|fE;Oy``L0> z)QX#cZxBn1Mlm$+C7!br6YUD(3q8XxpLiYKF7?6iS(qh#s4&!bHyC=G|ll&qz^1II=y+2s4v3q^f5i&fzMC= zB)YOfsVz+I3x9*umufmjG8vz}P0Db%l}@>Kq5PC5f4HhNk>;gmkqJH#sei+yqHjEKb^8VkREHgtt$V)o9~|?aro8p` z<{M8D?(Q{ScXZggrB>{#d;%e{`B4|9J-$K7Bf}0+MN_@Wg(->bIZ$r3&W_s3msRp& z*Z;M$v_P0tO#TG@yR#39c2%FaE0w(dDM3kZ|CB{=&!MO(^`_#3vmX}fug^u}mH8e< z!P_l*P&+zrM9~)3QhF+xl$&4fRMOa$N~Kj75G1ml){A9`dw-H?OU9jY_j^21IA3qp zjFRkOxh~1P@1^IKP>NzhM>kMkoqO@}l0IVtNe}Tw*^yEHhM7kDbphagdMayjm%=`3 zi&2D_^Da@#Fnm|qX)l-w0FJALcUtTb{JbLYVObE1{w6ATjBOhT(`S^yEbW_k|Le5u z0XrkYu2+xmqL7u2Qm@3V#NG^8Yr_*js927;M>rZUgaHhTVRAD?xHYNz;F!hzNv)D} zbIYX)Ycv9l?oAkF|L;y()u9f~N@axU53l>%FUvGw`nApcOj=73*7;Gs#M0u`9b@6% z&LW8!8fVQWIG1U*%I%|1U*T)_hCMlGYdMZ~g%u^_6_jP*=V{uX&{MTriUfb!Gr$tq zY(w4rB;?Q1LlGzF-~f z{=H4s-TfCu?CGLkbc0rx=A|D(0=6E6q&Z$gL~X0`l#Ks~WzYcQyhK%7xs*L|VZ>!c z%!WK$Nk^O+n9y`7IX?PYfv^?bVcxtrgo z)&$bt`i|3c@hq2(YtIIR(^{Uox+DX-`9Y8UL5mX1u3J6J5GSogIM%4?K(OI9sA0W%|AAHckR5UY|jO`F0Xs-o{8~3#)>|ZMdi< zhZ_sr{ZDUtic%bl(EJ(PFdF zY$S|2JSzKpwa58vReBRXKN|vR9v^`+yA6|Uk!%JX48GNGkw@Bg*raJd<-DOQyJE{Iv`vpkHF$|T)lOX+)v!+EgYKI9 z^h`rGbj$9uT;ztayT{nxj#YS)Zlw$D+Mt^|T)EF&K%Ngezn_SV2|u9_PN=<`%6_fv za2q#ID7ZN;oDND~7pqeV5cs}v?&v6Lw)gm`xft3-Y#5xMwAuS|_i*)CigGR96ae=r zT47?knIJA}By`#>zV|1ppC2iP8(=ec++ZX`-n?RQlNui{wRQa*_I;@Aak`9hs-y|b z*;3TRDP}=r5$Biid0dO*?ti$w!j8U?o+WLdGs8$ro*uusfk?bUDyb5lhJSi5)IX#bt`Wt#vb&o>ri*PSNoLbAGnhf#x;q={_hLHv(Z}y4OvQEmn%j{P& zdu_WRuPl9^IWRhEDu~hPTZDCF=eR)tZaqY-CGNl>Xl^6S4I1IC5Aax^%A~#Adgge`CmzXsVs3~-q-P9P) zR%!wDoViWT5o>ENV>2D%zHrW-@|Qd(%#=M0B4-D{I*|)06*+ zjCcrEO18dXbAvH+BR-XqJPNg@!*GsR9w^AA*E*}E1S+k_;??0yz$BA)*#XYWG)3zn zM5W^ntIN+!kqA%o^r`^bqCW(&Uxald)Tk<5L`b#`ZR>n0_VTPyAI|?)8C82k zaV5=`+v#F?N|-ivg)nP>`_|R2#bBA(oPKl_MH)uUWXn%sSp41be=i1b8MciPp-N*^nO|#9S=T79TD>Si+_p22li4odAVy zg3)>@YRMG_9W_`>d*D9ZSEDD`_eNLK?)#kxb8$R9Gh+Yf3(+C0ql2`tigggjU9&Jc z>vG%!yCwXlYS@8;!=M%`uUVV&QtM^$Ofl2Nv#Ib3=zRTnrE+Q1@RrrPty+ieuIzeG zJ4naAvU{Ds8tywz!=3ts0Ny(1$e)1vE8=td-?HKP3P~PYgKe6%`01+^)ct$Mzw+=x zmw4#zN?y8&4)$scU(w*NXLQzpw?FI%EfW;4UbKwKy1AHR&vXs6Y^i(TYx`ACwRBEZRo~bR{J)J$_V@KD zmClUcuuhn2m-H{v)r|lT;)1wJPm^9UuCNUjw5Ob_eiRJ1QsxYMCU~(d-~lK0f;fxz z#wxA%kUfI$Oqg|J3{Rr8;4j2$O+27YXxIISyw|7Usqc*(61QB^LdY1IL_z=gYqbY3#oSy8zKH|VTbVF zLIZZMBh)k+vaJWn2Y7iR?bB|M$D&u$eZ%YI*G<*KBF%n?NaI7Hy@K{Loi*-eHVJhW z`539`Zd>DRqy4sPp*k|C_>Ad(LLnVL0hl^SHArIad~#prO2>ZAJK!RZCq@+YI+}`# zxdTwQDPVdceZPw1efnVf$_pMc&^Q;=^JPj>hH9=6|I_Fb%3aA2Mu}t)Y)-~=Y@d#Y z=`UF$=04A$>$&74y1}C1GBPx^bd{<7q9;f{|2ZH>(owV*?a|}>e(27CZ-WxQ&U_J8 zz7FHJ=LTiSO{J*={=MBi+=W_){R=e+Lit?SG>Mm(>PtLl`#NCs)?k%ns|~t!1WdAtPzmQRE2GN zO}oYv%52q4`|S;B`f2`w!v4m8T9a+Y-RI|idBRSC8-RZU zBc$U|FyE00vXnxu368T7(_I&331GNRn){4EAbDF2=E7Szp`qO+ zOR7F{eF>av1jOa>liC0t{}V0pARgfH(kPo!=r_#1oy!}HCE8N@V{BhFp&Ms*r=7<2im=Q{N!b zvb<3Cu+Pa)@veTToe9Y$mDD2wLX*uy0qF-HAE~GfIqq=W{NOxQobB^0Iml+puFPG9 zXIsFcR`3>b21CX_5a92Wavw{vz7ocY+q3H+mF-ubx`bupxs7Mr**j_(5apHGUMt~h za!Y4S?0#DUkhemVGxwhkK=AP)6LsM9SnylJhJ-x?Pd-6kjn z3=J(NxY={(RG+0U)l1<1V~dR_b#X-UG3?6ptOlzU01%cXStu&TuM|-N=7LSA!pSBZaq?SdJ0Lr zu;p1~re>Uqa3E|tjvkAKlX2u>(mfKSLxt%Vz*&A58^P81dxGy}zyEp-Xme$Kz2yc# zW*bKODkI_E6FsO;yCjvH4CasBp3i&!SuR$jTr7svC?&g`JiQp)EXbm@nnr z_AWiL*jqKx|@+C|Ft@h_%*&> zm4c5izQ04haO9Y$GFVo7ChbQ!-ZOsD`Rhl6?5^FioIc`VUUs??Xq=_rBhN*O9A(gr zlwT((wFFIX4d8&3WR|ut*o^@rvy?Encw6V3JH+uQf4};5vP@Ivo;(;eSLelHv6AeG z952F;xIa?mmR*H# zq!dD18Q++uqgC8dDaHyrh8?}Yy{#aPzpQ&c!G{RmC|VaFhBxfg~&`sg}0=epNka9#atG$xk2z9|>qyT|N< zCqwd#_;z;PCrwvtT{~scFrkER+nnTuP(oLIY@3~rhUOyFt1srvXZ+$ zEHE}^_;;G8a5{@)%}4`IWEhuTo9%aQqVt20M8}qA0pn#Xybg$f2m4k8k;jkN~!2vCg9D?(^ol1U}Ge?6zjSyhJHm#|*K#GdHLwRkU?1DI9^dnQS~8(u!EeW|q>ePpgt> z!gbuK_3|-<)IdJO1eVZJHep)(q-Kqh7&GvuNGD3jySkCpL-%VyI)2M)=mXamP`nBgn@*0blbfImW(<6*ptG?jS;2Dofr-$Z33xt+9^l81IIcn8k^0 z_f#HOj^;>iC+x)r!$3<-6yXP9l?jN^0&zwe@SJh~PEo491~ESjQ{$U`cPagF`XCKg zf|INRrBR(I%P)pa6F8m~oZQ5X`*9ccubb8dxotI|wksHlSoaE>@iVhYH)&8IirkMs z*qhg5fv;Z<5d&>ncXDIeqU$-dJ9g;nIQI|f%tU4IM0RXk+M+Y)t%`NuL;eYyeOVfk zFY2vI(7oX+{L5@9^IQ&uVZ!$JegGr~7w(47><~q6M$K~CwCX8ds%_9)5E~JF_@D>l zFYkJ|u~8G#+3!u&;_W}-{T%-c-P`}Tti2V(M8&2GD|WHI@l|xA$sgD%qFq%{$}J5H zIU3X}H8R=xTV-Zs2bHzwC+}Y4ndeUFFFX5H{`NFl9Xglm;4AA>m6qZ>Z)7eHO9Z_(-1(PId+sHiqYm0(B&1mbaoAd(1%#}fq( zjg1=qaWq1g4Y!s00p;*<@u&7)+UC?$q8b@BTn~F_Kt}8-0*9noPi&4)QdvBM(1Ypc zR%kb0(PNkxPIdH247Wwh<3e+=Na-{ESG01~57fLY?>$?HjhwuIdYgELEyh!jLdF8? zTDxpA08Ud_Qb$zC-0s_JJ_FLGbvmC9h#!dB$& zB~F!sEnc_DgTaw)m&20BXM z$CB`+@FjmZGj|}h;Se0PMqT6612Tb46Yl9q3$S#$nDlo#LweyiE3CdY(V*j&Se2wg zd;tg>`jfW8?FQh{Td3`Evp3KmY%2Gcl5S^Y3W_<0*s1#`J(iln&3NOr$2?T=oKu~a z1WnaMq_|G(Z;7hYIA>_f@_%y1XP`dUShnUsj~I;v3Rs~GXGc()w`MvY|7-0V)3PzqwM-D~@H+VM?}maFv) zkF%z8R==dI3S+3r>e`Llu&3zqIC>5s9awR?53`B0YNahovYgFw0y#7PhS_K%pD!@G z{U#}40NTT?8zMe4_RbwID-Ru;!=R{SjpYs)$7~h)Lrhg6wRy+cs9=~|^2mcDKzDvF zxTC}TdUGi)*IPPNNO4F$lFE!zqykg{bF&E; zcT$Fggx$6xqrxq!5Q$Sbq{!*b_e+DfhTeS@{9LeoFiN+bcj%~)Ir|C8!wylI^EH+N zm29g-g5tIqP8_BGE)*2>{glHF7{i*D?$6IBEO2-?xamW4! z;P}?K@&fR#>^8iItiI1ruf-Nq$rT``c!FLr37y;GeP4tdBD^i5MX0hmxsNVVGCL6s zDHk7Z&@a=pXY>iGjj65)i>ekBjG=U+=L5$`lyq|o$h{3S3s5<@OD%gHB1&2$3b-wr z+08!OYSM%Hr3IM4ji8~wNku_UM#3p|gVj{Xe;MSDQlFDmwkw})- zJnY-Mz*?!c^?2BD1iKgk2md(zyo+Vjl{BgiCMk%DM&{*E0D!X7n9j1S_F^1xT6b4MT%0Z^^)-Bsq~PX z2#+b(1fLuNspT@$Cjdfk#Pz1~B&kAAX9mmZ#|{^p%*g;PZ3KOeZ- zn(?haME7QTbib`5t66e%)`da7ZwUDgm#0K*$Ki*sg{5LvR#NJSJmiZf^KMz2s++xHzP@)mV+S(n z;a_c~3Ri&IDb9Y9hn>33G)#D zc2;_|me7}20}#zc{oYK2JYjOs^cPXMqW_Rmo}eS%Pe1> z%kP-)p{0Gzq+%t!C3rmH(~VjU%XMrU#WaRmkci-%u5&UEZcPTIxA#3Z!jL*~>iYV6 z&U2-gajM!~kEGX8=S$s>%?0WO(5;_{$g79nD^Ki_6@hIKf7Z!;D0=yUMo`L!1i#d= zkOUO@d(}?va55b@sadAn>3$4wgzkJ15mAZF^;AaONk|}0#jT2QElR_% z|KrUSM|EZVGl`JCKHj}5t0!)i^0=KRZywGGu5r^zg%og5(e)TzGILSOcx}&$;rjxb zrpqyf5yP}Yx%@eNX`bHz3-LOKA`#hMO{SICx{jaic^myaN`ky@YYdVo zhPrA(&`f`I))dnvnT2s%{}t`9UC1I@7>v|@NvhS;VR)r2o~|DotXXyV&{h+%kbXk` z)l6F(+*k5Nj(1^J>aJggM)LO@#H+pbWz)%fa|B|d-WL!%EQFea7b^ui9I^}|~tf$T=;}IuL+%3r@3f0yXd8N@U3EC+Kn`@Ub7nG)2 z$PEUcD%Bf|em#r^7zF;pp?)w++)gU6^=&Cs7HANeJgRin$O16eXBuu*`xKBvRFK)q z9~F@}+PXL$jTw}i7%EhAP20_mKMEU?G%NhjmpaRZdDUha_tSv4VQ6pV;Kxb3xT9m)mz%X_5x%O693i!)37zD~Praqw@Mi z0xh3)hv`7000O0BG;3!k&+XuN@J2{PYlyE!)5$=yZOR+KcA!Hsw*}(;;8g=Q&CiED zg|uZ_TyGxi^!wV9qi2SM+}7(QN4CDPtOc+QLX=?pv}Z{n)93kNvEWUS<2Rq#_*PmwCw& z6oETlq|lMTUr{FmR$e;HFVvN-B7|K;1U`-o&wm$c+Qm%=2d3Nl%>H~4n;BG=6A)$+ zwfy+=QI7DV$>xlabZq^fpEObLi^ZRhtffCp%Y1j)ud>U-h|8#7b$B*jCvbvYqxBhi zzJDIB)@3ZZ7_ErPLp(J+L6kzy*1#Z^I;-jYQLx)1w-p9wHj^6sl?whG(NIB4oY0mi zrx(uU3$#jSC%k`x*sLqj(WXa380$0VpN0lXq|{cZe&Ki$jAU)<)~+ML>?ubL=dBF< z;=@*?L3eF$VAjf?X{p>lpIMvhR^CF&kv*lHL3xt8ANflbk@1vz7vm;e3wPS`PbTto zXy2$PyMq4_-TVjz{aHsL42DwqL)1wn`JOqi0@UxZi?Lp>>!^?ksH z+6P^_6Qv#nOt}b*mhDP%#YmI5ek#V>a#5Z-?TbA$Omwe^+ESBb@O~OY^bus1DQF1a zfVVbm@(`Vr#!Yh|J4Xg2xz zGkXLA7}Y~OuCnVVL=gK>?l6&b0^t{#uXYJzijbSfZc=l0s?cF#r!e+4Uwx*`CDp!&hmL927Q1(vPp6+r%OS+d=?b(FC#kpm~Fr zYNL`Kxm6)VvAi@P33{}r^HDBjT5M;08m-%eRe|}T4s}`3=<+A5YpXqX=%t`?^AGKB z%r~;zk-qz@t#y-YGThhnbaL`3jFhs-5h2ZGYZ||(Hrph5oMM777q;$6285tISDU#5FtQaLJK!j4KHpbe1W1MJo^?>NENgr z!*IEB_-1}sH{wb z$_E|;wsPN>Y^agLPW1M3#QAJeP}s6(1d`ln+T%?g)LEqQJc%LR=Jqw973Hheuv9)%EiS zwm=GA;ncNcs9UZHA;RSy>7C}u zEM3{-$RK&iIN2$l-oy04pHYmT=I-XwD7glO{7^i_l;|Qz)>}mxy?fb~hi8+V7-`?w zl$9)%srOnr#j&f{cF@>A_t9EbHp37I|wRNH7?R3zp_pbyp5%{m1<;} z*b}-CZyCc^oh9apy|2&+jrAQ_o5Fr;>US7@<4v)Yp=V&KF)AN{uW;k)qL+`EvQm^xuUp*ZzCaN3=I*p1aG8tA3$X zAsvXJT=TyLT{hs-{qr}M2A=G{yZ(6L+kC zel6KG{afgN%lIEESFq*i_(3ENO#i&t1Epe}V?d zwFQGApZ}xg-HQ-=ma%`pa=8Nf&%|y-UhsrL>ic6l3 z|BHzKh1q`+__idkln2p8fGH$^6u%>~y3zsuFXQ-sc&2{YOnq13t{(w(`SvFA3hw@g z2LICAltH!qpH*!;Vg9E%9lOq!9zon41`mJ$n*qp%(DG{g3qhX02Q zga456f0BNzR1wt+DZ zIOKg!_TDVst=*~f+rLZ-AT>C#16W-h(ViW;>mLptI6MNNKW!ok`M>^8bACthZAn?_ z48jB(GQ9#Jx$5tJMf@+~;hzDPlve`aLQl};xs&zk2tZ%y|DS^Yq3^%jWSR=^%DZKO TO`)KmAdrpJXeFpb4ygYR^KY8X diff --git a/released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.200.tgz b/released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.200.tgz deleted file mode 100644 index 046d45d06202fc875b1582a028d2629722cd4923..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 113779 zcmb@tQ;?=X)Bf4Ermbn)wr$(CZ5z|JZQHhOP1`n}o%j8|f9&qb9_@Wlm6>r>+!1w< z5tYA8{Aegtp#OXTN+4=O2_*(&30XE7Pfk`NW;F&AWmZcqWllDEH8nO_bsH-~I}=Y8 zMSETeQyW{LtDbM?Lykm(PX1T@K!-V4^_?aYb^jTgo$j8y+d>Q? zLTGE4eV}}snK8f*NCpr;2{M>zN2OWjc0>+ch73@o2vMK1VggM@W_9tt7!@6Ql1NFJ zeX2^vd01_uzxRi;o15Fq4*Om|AU7w+7I3@KR@eL4rmhcoxwP;5yteQAKB@BO_I|!@ z>+^lKKe_@ke&q{gQ~BQ7NE+MJ+vcAT4vi1PrVI7^1}B7OWl4&*6pEc#Po7!|p&UBR zE~$$wN?Bb?<&n+sko^-wwXS$c9aNh>YdNTg^3@>c;#CB%-QriKFuS*`Dzz?4Igi}UuHG9PA^L1s2Fp7n~6IbC7}%<@gd5wdY~#aiH*dk@C& zGO`)>cDrO>s-KhNdtc%1{I=xyv&KT5&W8kg#tqQ-|6Eyp2i#m$*^fN}7<1_-z_XT! zn8Dh*4=pqb)BWyAJG7l-+sTr@-oLKnk~&nVt>C05vdyP^9R?C(sKi!P9J!{_$;1+| zh&fj>OG03YC&bXBFk2^?t;(MTrHc3!s|LDofVbrTB<82Wc; zy8YTw$4XnAc9X{5Ui#A-Mve4Pj4p;915YcrrF-8fxifM1F4+JlcR7E}MjCS|dD&ii z>N8$|`5wz0K;68q_xsx8hkx{u)brNvnf~Xc4O(&|8&>Sk-PL#E--A!ljwN>yGQb;T z_xP#F2QWP}PtVVw9dFCAdB@+u>4^nEiG17(NWVzu<6a(iIAB`-_8maa>0OCC@BGu} z>)J{S0K8<~_TtR}#yl>Z9%C|1JUjiKM|d&LtsnT0ucFbISxUk-yU;@q`@Umk6uG-g zsl|To<0K0)S*LsU!F)bfy_2^Nc;7O<4)OJo5*M(hSoH2$=Cld?1jkdggvJ*VO{*&O za_LIC`MqSFDrQ284E%!tR1cwrl+FMprYSR)j=gWM#Kssbwh7bGq?rY45dI4yNlaTL;2U8L$5eYhyliOxbogi)hNu07XBk>b-@9J<5_y z=DJ6uR!yb2&YE9#{5&Q)Gg;$%;KD6yls?JxQQ9nVNhFF>KbwrIMZ5o0rl_R&o`cGm9^IE%%{X0S{uf zGF!oc3hI@1=5pz_@crR(!sKBDm;(lHK5j-4wF=^=oTiBFf}e6~KPZbGxV2zis&>O< z7JTMSKLa~s>~xGr$Yw7A&_}UlpWWv_TJw4215lQ3IBdFIssgY|`1Ub+ee?J6ZnXk@ zzMt8PeqI@KY5SljE$w+wA`(}vcu2(b9{1he&a5BY_c{GPw?h71ah6Z~ql)Dr$&0gH_2Vo~3&GuFjmvQ}=zk!oGL2>EDa> z-G_f%k>|f|rIlWy@>Q2lC41{%R;Htdy`5D(A6D_oWZcj_K#BV;rS;xO#YA1Bk&p?< zH%S;WzmtElNUv{Nv9sC-U2Ifvy0eS{KQ{_`=EhwJ+a zjtnk8`Z+y80K1ESKlXiD`JY5`AFi?xPKmcH#GE2wn9kr}=1i(SO`};r&SV~iU7_Xw z80clbROjzLiFZylr?C|+VAxXMB|=5k^7|r9<=puv>?e8J2PqILgwe(Wn{toKmSlh!PEFmLKakM6xINcA9rc7ZT!gW zq{mIT-trg^e5*WTfg(0HqZ(sMh=xC%zV*qLwHi`i+9Ie`Sjt<$mz!s|mq3mlT}IhP z#y)-8OTT5-`g7<)y$SJ$U$ads{A5p9mfS|U65M`DG%`2$qBKj^;`=l?U1gbb zLFgPln9Tovom>p9wM`_}NYN`B=Uq@c_-8Q6mRtOg3f3502pmn~sSarlA*$jHWtz4# zt~cbw774(S2nh}-l1fL0WoW@LO4rgJ=bz&ZSzf-_akeET=ljVB!Wu}S^dyU>ZZ372 zO(KmTcOZS$k(xxXH46t_7g`#G7m-?o1^yuqiAt_M3!^X_BM2=QbUvs%s!@q?U`(r% zluf;lAy24MC2Zfw2Kn4?8k8uhu^4Jpp20w=OeAHeVGK1YV>v}hZwKmS)-BOb<@V9Z zI$y0AhLmVQxlPq#q(b2zdRISd;n%G0?(6QMUNKz{BAW%?S~2ew>J~-Ca4vN?Jdvse zB0{mG>tMKxBRQ01hl{_D!s%M_r%Y#a^DjMuuh(ZXE*`%wkS#lsif4BjX=GR9_qJ=+ zhP#XuwdDWX=G(p!9Z~ae+R5zZ9&YEHde;$+BmPl`c@{%^o+*9ozjq+dGt#bDFIe2O4c z0f?j$WtZid7DU(p`{lq2Nfl%hjglXtQ#yw2p{-?t4jzfRNilhSunn@(0{-%g$@KKM z@_NRosHg1u++@XC88A8*6q4{)ry^3byn=p_x~03K~P7-91!V-+~DbMxA# zB>B3gAryPRVp2(R=C7!Tu=`b=!5z_J0}-mmM)Ke9Lgd4nE~Np1Ft}?bq%9Q=w*C#) z4g1#>P}R8!;2M%Ggq<22k~|E(8rZ%oZ;%q?7mD%Kee)JiFz_+XN)67UP#J^62<8|GOKpSydSg)75XlGb!BvkYE@ z$ljyZuVb57A465d-!6NcJF}Kt8{6NcAoX27IufaFALGykN4d5Nt__qAsl%D7P)I%9ekyciS#+Ahn_hP*AvZv4{Kxeo!3wyY`@JX-yg zf$xc3jecjEXxOOwgd<=#()?wk8WGQLmX)JFS8{WRIPeYLR{WUU+i|gie-TYsGe~uV zkw!;|s7ESM9_o)KkdIz0@|nX*b95NJZx!q9III4mqNq9Q;PEStJj9UEkWxbBSZEZ4 z(Rv7}$&y;smX zbJNJfKfr&`u47qfhuP<@1DzA?tY&VS(M3pY2E_`$M5f=c7#w1U^wjPq^wgV>EO9`y zmg-iTzvRnR zo!D2J>`3l}DJfd^_p8Ilz`#C%a$$5vlFcW0+ht7+uI)(?-quTu*VQcZMMHuz?z4u6 z7_Zy1v3H(goUNy4b4FaF*glqNY|g)n7t=KU&qDkb(F+4rALwepIK#5aZH121ir1NR!c6 z*EdhEO{_Xb@x5vuvxr~xw4)risIL_35{Y5xKJORHtpV}07yS4w!uXjA^}9hpO||8| zy>_{SSkr4sM>fE_2mvyw)N)cOk(pI+G09|Bbh8n???QUPuF=m}?H@AQ@so1)DP7>@E;?bam02+K`Pu50pO12-(@Ot$0!0{3fLZnxwi znI+i8jkVDU21K+KC0;E!>=|yM!WYM^xApF4d9&W~mABC>!BF z`}X1ukX^DmxI|DlhRM-h9o31P%fK4G8k_3fMmpb=qnl@>(vOd^ z%Z`u{1bv-!hUA0-b1-jEWLF#;2a5SJgxldD!Z-MFIi~%lo}T29P4O+4afGkO6h5`e zd3{2%>-bN4v&;z4`Poi#zq(Bv3PB*)x)=qHEf`OkeRBPpkfhGal%-GewsyfMui5UzuiTI@PPEo>~#+UCw?- zt7Wi0A|!(AGb`#2(mze5`5MZSDLt*D(SQhSiTp_#zvKgIMFk_OecxNNs{=swS7!_7 zVDRLZb^o1$hXXqPu8M35MsOg$IuIi0&dS+m9`?OkSR^OXfe;?t{@4L;_}J?uj1z?H z$9%-}`5XHU@G6J{KKwDq2JL851Q>_$g~7dp_UIPRMF56@`g;k+Ez*CFe!2zwuq?9; z`BpLVVgJPxT>soH`$K?h5x=*F$#3BvhJBFZ$!mn20P&`~vKicr0`H^1~s|oN5xc*ZS(uYbhL4sJNna%rWce*SATL zmHk~OgU=q&3zx3DNJHCfMlGqlq#h>5BsWK5586c?RcBA&he3q*da-Y#c!W2(h&#W`t}P+rXdmR??XCr^-+*3} zQ#^uq#vk8HtiwI)IZOav$NE1n#{brP^zHS(7XIPh*niBPv0h^CZ+WHvkNZ#k zPou5(PI7+>PwZlj@MExqhcu#0T1C++u@q33tXMKF=`; zcQfYym4nV$SMs>QWSEL(M8oIVq=@I|6MvfvMs{ z3Bzu{M%@dU5{zas>@9nTxUrQzlzUfI7B2hNhAzLMHwI8db8dKyC#%czVM}q1e6}Ea ziZvnBR5YPDn0H;Y0Tz&Vu`)Tc`dKLJ6qg2a8Ip3A@UxUe2BOZsAD<6>ux~PFbJI%uNKf)#8w{L}O;n&;yJW2d$%%xyWo8A7R&3XnivXSc{N)Y`S=uxe! zb{WA3ftO?y-mi)Y^^_e3&RQlAc4LQJo8*1=U$FDO-Jp0*xRWj7wns>VZPX@}X?Hu; z<4rU<+9H9q%9CBJ7UcxjG$XTliWu>R!0(uzRq5zv6CnrC1Q|zCe0JHxm?ZByHw^O# z$UBWnoSYaU80;1uKqibhn(>hAx~fnHv^8X6n{3g1%)eBl5fn=p7Y?0UC=^y*a08%= z*!C3%igG89c9FA>W5;rSCD`xkCG#Y8;X=409!u4FPA*cu3!s%XO;5JhQa6+JdEOs< zebcX<+S7N1{F*XYHDub0<{nVM|TGSwQn_} zlzKa!=BYa-qK{!W58$tE`j-(CNzq`}CR%%$3fTwe#kr|0-nj}o+*gzmCkwp```%}u z53X3>W#PAzb-18dMGEWw)MNw^;tqDw$VbtZOEH%Ygg@1r%grw z{Z@3Kt{#*Ul1*rnBkSny^#+_~xvQ_a_lP%u8qER6az_1*??SWyC|*5Ky5Z0N6s^yo zb0JzhDP9HaI0_ub89{F6fPPT(N6AzZ|2c@0>#Y4{7HQuO>q>c{`n2O}=cdT-vl6?Z z8}$si`J@uDT7mp3R5lAxL+`RZZP|PBTqEkd^@@L0()y=p*ctRFN*x?9yOK>s%`uW zEtyD>)rK77*enhn8~zGr9tu0dBSu%gaj5phD(*PR=Y#8h5rD#bn zi~du_N_hKU;+;G0$SDhDmzO?F@<{@HIs7%doK?ph->xQOqmf9FsE}i^yvdehiK~Mr z!Afsx{B;y=LE;ELaOH{fv^##qpTRD7j9a~=M;6x_B-oh~(Gzc3l*~s&8B4km=#EpO z`Cs)vs65~J1)yhnf*fg_nKTfG-{@C+SrFlrmMag4cpKHLi^=YuT~%aW3CxttVxLAi zMm-ITx$72dXjjkkkN!H0KybvaE;&z9A4m zbw7dINg&dnf>$}EONC0O@di=8%DT4Zl0?u4+xaoAV0d+b$kf@%VFMNi zs3YJ^f>$_kWqxkDyhP*BLIEMIFYGJ|HibV9vUsTMVbJj^1R<)k@>i1Obi2=0+fiw{x}2@v1Pob$8xwd2_Lp8KYwd0(DKwW4|c_%ZL_DDMKA$fJhc zsHOVB!o3*!rV11jZ&6(WwCZ|dNf>X3EECZvuY)clYD%^r@)h1W$I`7vQD!K%#f7kL zNJPT|Po%N~d^a?B14Mo0-cClhmu*{!iq&o-Y-Ik?#2^H%xG`HQfZvVdN6%X6~4*xv@ph$#zH$ zDc7Bu6dhUU_3%O{-_ice?EB@RPIJMMCH^A3XY0kH>{q;$@-ry}fRmKUu(fYfX1^g6 z_ATh0ckJsn;PD4lu++QU=1Ci>n0~_Nt56ab&omK&S6g>!ZCk)XA@6~`W++B2O zm$qIRlXI8A&x&PKpGNW1^UA`)+zJz-ZO=f!WbM`X8Zc{u zuLEGlz5*}REUzbqpGXB7X`lf;7=M}h%qPeujO2zrL3*>OI6Dgk_h^?$Hv{T7H7S6k zT@2upqHw1&@?r9eNVk7rNzyjAwP*<&UqDLHU2jy8yG|7^@Wnm0G!eHYc@S-}+1*%w;5CVQn93A`1Nlm7&J3gPMt>o>8-%vBj zwHn0HV8yGNb;OABk;)rEwSSynBn?*WqSBdSzOfMX|o;`lz^@-8r# zo*dTA!N=>@VZ6-I+GaBvuRgLac579C4c@Qr*&4WlS4JL!gMUy2bD)L}ygb5^heR8x z*gSm|pifvLiuPxzm*eNtG3GcSPCmwqZsU7CA9ZxA+ z26;GoXG2y#VjR8JapCN#WSt$Ei9A!oQ=XzG8|6|6OSAEW-&fG4tq|^lEkt4!K4`D;9Gql`KF>U7PVV*nS&gp&%j2>&($`CX!6j{aF z_V&tbU^4ene~nm;s-QWS%Y=4E_@;61R#=0b#VX8vR5K=%Ot|m)eLlA-XB(YQAs=0Q zeSD>DA=(po^!j7qlc(@89}LPAXA+d^p%i&lU>AN8&H64;LE>+)Y7pAfrSy5`{Df0! zZL=!1`Di?RgRKP9a^eb2GD-STCw&S!t={is;e3^oSt%Z*(9^9lX}>1%lDga584xPJ z(a%c@vaV~4^TkhR1k_+Jl!Xwhj984e96$@y$dI7>tuuX9EA8EL+soWw039M2%K}{? z=D(>r$c-_oYK9sfWw)FjKBPvZIgQxGP8ZR}ym^KDI*y(wHF$s;n=;TubHYaWzH}B= zXZ-{*qQ5MNHa>B68ffJOQ8tV#ia|D+7OY3=GHVY+$r=3xyEaPiUn@Yn(49fQprORW z(k2^6QW1Sl6x74=K2qgWt1Ri?rVGd2Kg~Q+F_z4lmsOI58`v3tdedMRphcBUU+M3V zfhHj-ejq&B%xnP1*u1UzJ%|!`e4^1faoQ(8@yWDNyQf4An=~FJ*`8sKlS*h)LN)bU ztCyS{|IzqEai3-yxSSOP*UAu~Kwzc!VjI64Uoy#b>6Qt*O5E7>3@dh}sKJXxt&Q)$ zTiocykG;6@vqd#t>Nyf#QdMGE(>GX%|CVfEM>n2!=aHpEnDT<|&Y@^dM}K!VvY#|WD}S;PkJZggr(y>7u{FZLAb^4B3XEd#%?~TnNq(zBAJ;HuH075 z^{&`y@fNEwBRBm@ID`oC3gHkHLLjpce**IHYIX z8O-zrU3d>G9tYvbHNmDX%+N{~OBiR3;OnQcl-&!Hcd!=Oq%NyYL4Wk<1|+U+?;QW_ zJlw*%N$T+d`p(2v5gG2!H?;UE@*!}tODCXjzf1SiL_wg|^@ zK6N+wU7IMPy3Hq0iD7%)Ah^|oN>{0u5{pZ~ym1z>(kr+*lMP0d^eY@C3NGI<)QA_z zP1FJ^_|$zw(dO8m2`yGf>}yN<3fMhpd;Fb8>*PaOUerYSrLVqWomo2R^tcG!kiu`!L38KLH)Z90TK~Gh z6`V3VjMH`H6rFa0JI z%w%+|dln@KYQQ3y9nbvW{UG6osD9~AXyAy;B3CV1aeYCCP0hbWY|z(0&7L^jF3}*o zRAe}bXA@pSuFlaMjO#Mg&m~xU(xPQ(DCxMLsyVNg*ds=Sm{o>@HdUFBukHN^wn43v zrDcCmZ$lv{Ea1MM2wCw^AHq`pu4jzV%Fshf@d9;F(WhyBuFxTKUl}G@!s>Qte@rmH zgR>P{o?OX1pT-Mai$ktbufmH3`_i1udl!U*;>zbl8Y^Q`Z)UPYa>W;5ny+=vdY?yU zCs!>7HS%b;_oR7@eSL7VyA8IrEJ9P-m+c-L>K=J4U&UL2Df>QPWbIQmgnSWCkd>m- zgi3!`X=(%m@99eLP^usH1(rI%_+S>(jYVufI-b?fZG1F?>B%g%+gxb+e}bFR#z(PP z%lxtaRx#a{eE$@)6#tgf17#dy`>%i6m<0C!9&7qn-uWL3Ww)#`%RL76IQAd1Gd%L$ zsO`PV;M>aAuXp3fotg=>?ScU>AS%;1qb#*nk{j&2a|7&bli0O}d zXl3*zo-Q;qA2d^l7wB^?g{}dzSi{HQ7Ky=v;>*>X^p-my<8O4;=bp4a+GmXad9a6% z6(K+&zMnac#;zvUFsMhXMRByUUur1qx(vc6ZdDIsb$(L*s`I$BEOZt$*;djF*2Q-} z;~wbfw~D&_7?kpg_CGB>>x2U=kq4{3e>-6=l#-p~WK^LdtRmW_jN(IgM&-UmfT^z* zvfTn=wqS&xeOnN1jOfc?cDRkNr#J#fwkdi~u(a!?bLQb*c+|i+Zr^s@RhLaMW@`Uz z*yR!|ld8mn9|u*_{Bc4=@4SURyGvCzMFV*il=vIeU!Rej@i=alWhFPeLVrXb#QSA5 zwqTOGAX<*W>WF5Tu|c_^Bp2>dKs=1e65$_W1Ub6uwpTY%l_t=ll7#FvUjDEmUEkZy z+4p|@GS}9Zt>4|#dBa_Jz*ho2a~@;PGu`E0z5hHHpjdKlS!wd;QYAFNV}=TXdNBUL zSHaYSy!FHmp+!Ljlm6;yC;A4~DonUa^eC;gJ$IGT1Uz22!%@0{kxxRWvyjCTW9)TzIGJH815q(3u`UW(66$owm3* z)y1mZwMHzV>-E{0r0cAp0_rMzO{n@ge|fJ+EU&qM+Rt}1X{NDQLya5&VWHbt#4_`m z=ute;Fj2+l+zGb3(w4pS!j(jAkEe~~9=gF{Q|K|t=V0?-fjW*U)AW_s+(4d{LfM!2 z$uve;P8u*D2Nxi6s)46r|0-@ss2xcIOY}ps6Y{C0t>xoVI-&E^G85XJge*&o(8`1p z67e{98Oz52%0Nu>n67lmCK7G>C!|w45x6~JQ00{T;SsidB*#VXQpsA4K_#-pe!Nv1 z(LLWsl1JXFrxw)I7~9w@?0pL0d9n9tZXDH)lurjnO`ohg0thW+_Z$Xl@@ z^wX_6ys!O+SOR$>R6JqiA|XC}^R%Ni^Of9uqwAh0{T53kPe7dEqtGZ`7@Uvmip`A8!3cnGpjJVzM?+B3wl`r+^%yu4(x_Cdun%rcs*7k4jIik;Aax_AYt85lEZ zF414mjj&uKzmxR69V?wjS83ASnsRil_u7Jz_JDx|n7E9w^zbA|6J}Q_u%pywlBdJK zhdM<5cJFfNpD5oxlmofYJD_d8o4>S62&3YU;2_Qd zV^GWPQNT_)WbT{d> z`nG^TAb%>oO7!rly4sak@$HB8O1R=4PK4ir?}mBGmIuXdCBzH8McKPV6{oR|g|%?^ zu&avx*;163U@K&Ye4_JO0FmG}kuAeLI@f%f!wDitcL6@*`FC2fHG_4Ka;IGP?PZ9I z1($E5F&?OPQB$YA^({)TbyQ~pWmrs_U`Nh3qV5?NpsMeadO}DdCZl{T;S-{1ouvh| zwCSw#q$*Z3KgD{&m6!9YINPP)Qpf(%9i|Yy^DfHHDBfAfw{D9Gc5lU{|{;3bIku9+B+4J_7tx)m01mB-d{69GavD>V^!Jk z)ZF^zPP1ToqkVqnv}!Ul4PDG?kUqf-s4?!?~+;v;lQXDR)Y-Ua+qCd?z zeUc+#l%0rXv_&NN+b>DRDuxnhUbnV_6fMZJA{Zw=#XJU@$eC;&@py{~$qG(3RhhdN zO6Yl`;P@={nW{0l5r|TPwo#TxBUUw+FR()z4cNpO}#vS<Ni%Ii8;GpVrWDKJ)BcQr7?G$ngMOn1;XE1 zP5yvC(`+wdV8SH{VP>S6Ol0V8hyj8wIiWOFW%^#zLb_-=A60cX<}=jaET)%Bo4qnj z8(3+LTX1FH57)owwV{xs=tbg-<^71H-vc<)X;D=>hMhAoG~L(mgnHXl;5?|dujir6 zZFo8J&$#<{x@-N0ilUd~+>kH?;nu!Ytv-Gvv@&t1^ZFZLN+?w3^$creCayn zQuT9uAGt|VWJF*~?gbrz|bqJ?tHZrWuHJy{>+E5k@;%?|GFucrYf zW3gr%Utq?!lRjIRW!8$&G~M^ct&i*YH~*(zme|QZ zXu_Qetw)WqsJsL|ML_`7|Cqodf8DN{=RCC6TIh)oJ9-jN@Du1@ z&_#cg`mB=o20wn#$Ear_VD-CV@MW^)Al8r(l>BkR*8}327oFC#IV5`N}j z8ghMs9qYIthEAw5Ok7@D%pWq>N}fv}+T$~KJqr>VH}T$h_8$-2A$O2ya1e|xFCli? zL)^u?6>dpA(QN5U4oBN_5^r#}M|2S}JQE~Goi(dDRCC2=5wX|~Apln|j7f?t1GC*k zzeJ$n^z;2Xa*m2tVJeHxT~ySz-ua0yh69Hy6_g0>3*Mq=pWha|%gO1Eo6E4|{m6z2 z8W=znq-P^knGh1s9c{LixxE{hJFY%F?r>E@n9Us7KtykuMxn=NeT+*a(gI9E-avfRlFRP{8cg$nQ#SHdOT zChjBi-(sQHyHkI7VXoxXdf$Fp`73gk0Xab3jTkrbxBeljdFC=$H1d@MnaP8|v|Vg< zlyg_-I~f*)i=CSk8iUQHR>pB_LC~eulQ|Nm>|1|IwRd-bCr`Ce9^_C}TXRBOfZA>7 zYwa7rt*CRg*uY*`BMPa(@TCanJT^bj#uVs(27!Ra<{?mRC_^;cyuznoEa z)M$Bv?zLj4fPI#;S%lUaB3-^-DM6wGv>2OALdk9kj>V~*=#PTQ5Y>vF9FFOzwz`7U z$qg}y?EjU_O(TuEqU4(diX0*@Sg32zTB?9R!hoarBQ~Ry-Hcu3lF)Hg3M@SnOwsc^ zLy_;SSypXNFKm9IXxnw=q7PM>;n?k8|Db19Ocd@@a*KNCtHo}R-$my{X^)9SLFZgi z_5P01Xd(!gv3Nm{19-;~&t+Wcl1Gm;F68e@B(|&qZH)(U3}J{Faa&Xv)9soyMBnSO zVXQ899-q?AdC)ox$d17w7&V>R&uk1;bjgvap=RzUK2cU5JW0Rh(P>kJEM%8eD4W3i zV{~Dap}ENaAe~2$-1xtN4roe`5B?X1mfL~xj{VYZ#-Z?wx61ok#N0AVt2tp51zNk( z(6s5ji4wZdigg~&m4_&ui=-K&q>4LvUI<(*>5 zS5B_CZ!xfQtLKRy!X~w8mF7=;DBOsx5LN0AcW9wfJLqwK)WN{FQx!3FyuK>7Q9sXY z!P+AU<|(2{{cTKHqI|DUlUk{gv9(rKSDSpe&`!hEg_(%5%&76T&2%#RQ9Jzy*o{;5 zy00D-B1|MlKxBog|Cg`N6{pKt=y455P(|NF{+zIrhcvAnv9mfTJDn3OBWc1yr>jC; zD#@a1E2Nkq`LfeXw-^_IwMkwjScA^863WWfoN0a6s}X9P;Jx3Il!VDyi65h8Van*J zUHxO{HE4r?#T2Bx`3G9NV~lYk+rHNz^kY46_G&!{<@7A_o5o5@sQJ<(t;|Xl!Eo7U%=YrNjiFaJ%GoVuBywf-J*5ihSPvi+!2KF9mr+?h1)yt{}6OD*c?cf4+^*b z8;<<@e|-IB7Wg{_UzBY1*VvtS*3Xx2_PRyXAj)d1a;1Ba-y8RgMe2OXf{L zN;hYSymfqEK`l$mOqWy>R0|~G(G0yhM%tRY`kuaSuYV(O7dvqCM0vQw&^{5BTn4on zsiLe;TCUr};WzNTEM!`WY0C;jlADWhw>jp@JzU3t*HG_xpv?y3etpjeXF4cLR-a$@f96&@Hk1v_!Czx@%=SXY z=Zjx^7Vr5{veX~3tbn6IHf>3*`GOs8u1ACKZ)~pN5tJ7zkMXml+2#?V0f1!9<>X??G0r8{Y?IsOmZ{_^?9wpoK*uOasn z&lJufYn)SMLS-^|L&)Fc-P`iWBWXe${R5B=&Xug3T~UD1_2*2zT%8x+(rzXsaYrGl zoH^3J_*M7_Sm5Y3q6Yo_?Aht|Iqmp#)D6EtjMA=qc4&N@oBdo}9L%_1mvFmX95z0M zYz0b=Q;>+^Kgu2eIeR*ud7FW0SpE;E30>&EKfa)ow|V1`JlQ$pYikOubr|}pWeQjP zmrh|idGr5YL>nZo1~SfI%AaumM_Ds#pU!33G*M{7n{P{HV+-;ajx_bN>hN#V&c?bm z55ba(Z)^?bWsveA-S=W0EIiJCkal49`~}u9oKo+J)=P4>z2=#1QEK{>ufUw8&Mz~c zbz_7MYtkCK`#yE?aJ_nb%eU3uSDF&84AM{TyWU}Edj1q)M*63?-(rD|y{%LlJ>+Kb z9J2YmECugAG&y5?5ADepomtc!PJ~m6A$-OLva=o+hC5BUM1S65yq4=E;|A05%S1#e zNZ-DuC>0ZYcZLG9=P*hqhC8@N@1E@+kW@8aI%zcJ2yC-!+7v>7!zZdiUuI0muM)YjFo9k zfmOPwqMZ{;F4O)m%Jy>oLPR$T9om3kS{~_a-a%^8_d4Ro43Tny85|-gyu4)Z@EMw4(C!5-nmTkO}^4#l0gtw{~ z;dC?)>aj&O@u%!o|MaN?{>Mc8HnLIG8c%R)F^=9UP&B=gA=%9;umsa%x1sP~+DMc& zh~|73NcAyHh_iLQGb6#w>bgKrjiF(-DGr*399hZ{!9q&#QK0!!oS?a+)6Kp27NgV1 zotT*vHTi$z>r_tYg=d*Rj9bL?jWI`e3#eXx0w=?uJ7*|PGpjN=@&BE~qnLKNAMRwv z<|p@&)6-_u!jV8Z=-f3EuY_1fC^wxvK^aW!j69bPP&r|6Nx$(z(pL+Q7I^Qt3^%NV zGL;VoOWN_JB7&;Qc|VRi*MXVI#F|vikyZe9X%5-)4?I%BIrB%+hPWH`2Lf-fNNq^I zTZt-BqaJ6g9mk5TL^C8butrdaj!qy&vm90FNl+3lx_31T(m}J`s2xWykR(#QnB>u3 z*&Ulr`(ILR+q0D48D6^r2wIIWZ7K&{rLX?wsajKC90RSQ&Rc`V6oQ|tg~Gb68gaFy zS$-;J^Yq(G%Dvz%G;y6ynA`f#B@3z{M&&W>hzm|s0}JctuMv0Lr~utdNz@Hj3J?o% z{leK<;a>!wUMQ|E_)!747xK#sffNwnfq0^zok$7mctj@UGpw~c!p$8GZ8->@rKwyd zNcLy+2tC|$5ieW`;cuE+SMlp?+$NZjB5hlQ-Ywga8feYX8&%f`SWY$&ZF`YU6b8Jl z2ecmJ0&}=n`%OgQR%60pPB=`(wDJHJW9`Q)#yJgj_(`_ctSlhrhxFV=4(Po zyB*=Mg5JJ)-biXUc?k4w@}a2RBwwu$k*luldpYpvy)gx)BA%aI@Vkkn&CmF8bpE4` z&9C@@8ozO*&RAn~-jbgQpfWrEPsB!h*m%5Zf#CQ9TLG_vR9PX277)TY+UMW(v`|>< z*dbq99OfcZ@%oIXU+vwbe@k>4w22=rV2OKo4fS1q4;RA6qzuFtgJ+9S5xi_%Mm5@f zz>aFfYaP4oJ)bYT`cyvq)1z`XSesF6EJ(^^=Tjpg)G;R+L`1fQa!E&ti}}#*iYWFB zKdfCP;HZP>G5!aC)@l_v*GkHXU6fYg?HbB5N{2vp?DnF@@ChufD1dQBPFpRn|j-&ko`S zXc6}ppr0VYs9aageg}r3vS_k>)BTrphUYG5@cx&9UNZk@`-ePl0B$U5{|M-U#?FJ! zAF{Lsjo&{$|BV1G|BHS6)CD^K8NHYv%gbo!JO#IZ?rC7MlOcJ5Utjn5J3TZ*7KO0h zT-m$Ecu$2tKi14e>|p9*7YhyHtp_>Xb18JY#L@NtGwP%W7J72UEb0<QyVGZ zzw}*i;nduL|Furlc`;z6T6xK)&l&c{7$<#$Tp1*piZEuIGpdVaP!Y>3Hb*+Odm_KI z$$M^$v0#meLS&H`+su1s5QnD|y;eRp)i6=dq-JcUfTXz=+cRuP7X&ONtoz-WZCEKdNSZcrHB>c zRfAaI%Ap{y$c-D}nZT-ws3LCk{6}3?GFhD=Eitu*?K}v}{TE)y+pkulLDKp(ZXoy{ zUiB*ib%C9A`~dD@_&b`-C16>A@bnMBDN#1W6QEAA;RC1He}|S7${CNT(4y{+n-PAA zHepmHI7SUw|D4LDBXVs{M*4K6Y;w8mg;gnqUS*Z69D5z_|9=04n8q(RL3(Wis$Ydn zR8L5>_>)+RRZxudMGwA8MMN(ZLEp1h40@KNWkQS*eco_J{lC!j+H23gpZfAE{(njIA8F=Mpy6Qk)`J0<%-+?@=g^dWEc99g5~3-hFoS zEcHmmjU^doRi9?DULPYhTjKP;@rI$KJ5H+x7h|Y!R|Mc&^tG~a6`IiRwMJ7gn~c!w zlJzU%hXxN$g@zg|^AQ=wYup0QP%Fhm`?d60lCuc2xUGi*<=oVSu$J8`tHCtVc90P~ zf^O$_%bJ|Zv`U@j28tHZTd!Ii5Kb?{E`*dt=P-{Zasd~^kf_uua>D^UG$!z!yTiiS zvDy-UkTEMU*O(zY;A{K%6jKJ?3mc3K2wEQ{%$7{XllSSReX$&LFkNdUfgvFuNnPf zK8EL=4hidnox0es+nZPzVS=PT_A-YN*i*FBqL^%~lu=siTytQN_d zgL&dn0cE**-E>f%*GHPFjaakEA)F&ojs`dgsG^CrfkSV-fH=8Ll+{D|e-IG=70_Rm z9-nkKZjfOiJ2^+cNAJV)sXH)doH-?0jLc|_sGYn_vZg2zYM(_kguxo*6RZO^vg){5 zIb4#;(=3;O_pabWDC_Kr;I{(c|Ujjlc7RbnfI<7i!BohLXuTN zA%(5PR||g{4c=8oBsw@s@1u@B%XBS7UBX(1DTLOTgsTZvF?q4S zb&+!=Z9y6w&J6~?vGThLmGsY@a<`l!>A$}YWw?+)mdVl(L+6eA!q+yD);(so;{F|exh<+y4L8G_d8vQtQx8Gw0IDKmHRR4}fdLa}(Qzjr z^8o(pR>@=ZrDt3}?*B+G;3d)OWH_inzwDg>OUip42Z9u^AtE-%cF$7xiVw-8l(dwM zNvZ|SO^Xj{wh%Hb&VtI~jEP5KU!~9Qf0Fp4n1*#G|7j#tp?icmq7#MOn}Mmk_Kb6 z;?ZiE7uR+)P+}0>$qhxBOzIEP3_d9ZR)N&!bF<{o_mgEq>hO0URA6BzNU9D|Da!b? zw-cBh250X`-PTP~z=vOn7NDDIRp)r_*23h;5uxG@AQK7l;-8`&sG2X~;u~FZJL)%D zAbI#@2^|DMc130ZBYZ%518|5n{L5ul0%o6=13waXM(kCzaeNZbpfWX=geBo_#0@TW z26mhK;zMIdhYpgD5{;O-3MfXtV>aGmX zj@}A&^~vO^{f{src0U^Y#4j?r*e)s9gni2PLBM9l$Ia7o`*RiP8u;Jl#?xvKaz=IQ zvOyyAZt7GX?iTb-p}KtowdsOzwdHk0_%XEid8xIb*-t$!Ey}=`ZD~D0u3SCj$bZ892h-|W82Z(fk zHV#)RUa#}Sh=BSA?UVKk*z$`!0>P}wqO%%mpt$|SBcEY4v`rqQydQ9zUtGE z$@dtkah5ceJ_;SO?H6Z3PUdXhHHKLKsyU6VmZlfT9Tt(TQ52!!iM-9}?@(H&?4PBb zuViCF;$i8e=z8!}c5;A4OTtUFPZ*7k0uQ6>}l;GauW> zEOMh5|EvUAtB9E)#(7!ODJ4-w-dv^|v|NS+B@wkrKWtD1XdO2ZHil7-{O%PSOhDHF zUQOH42)Y#V3j|3<3N(Z{vywQ8b!Q}h4sj8@QcXljqzvjlNpVmKXi&(UkU1x&x#9CQ zRZbu!EW^A7=&l7w;M*Yvq_u65BZj}-Ky)~ZV>Q4Y2Y%5MUt0fRn*T+d-&4Oh^8{1r zeI)7ozX&wc>=%Rbw)`IswffEMVH!`H|8Xb2_^tf@|5A56hX1$d#xcLB^Uo3^=|wN* ztyNt_gCTDVR{3RTVZm6H>PRlVsk$UGLkv>Apxx;UgobcBUCFv8*e*2{wC zyif^60~2Zi-7$vggDf$F>=;y?O?)0)j|3^pFbcpa?aE>TRA1*}AMEHj(=bRp2l8p? zy$vP=O9<&i8Ll2k{`=*ugVTfurVgP4s+K|wFhT}-8H)yL`kp(7@Jb9r7-0WsC6d9e zy1sctXqrz;-8!8>#CES$T(m4fzISpaY`gZ{-C!~+@ff@I4?Wi;WUzuPkgPXwTS2Yr z6&jUdD~m(n+?+b>0hoB3i)-Wcy|nxe7YN%%4Qex2FyUv~b;&vbkGfwHSqZsHD3oH9 zcg~DN;f%O0=|nooRdwSod_g7+g1^3%R0FkvYEUs38BFNL1vzH1sQBrF*Aqzfl&ta)FAdo}oMB?*geDOuUTZWTp5#`$ZzndDB9aiv! zJ6e=r+^E+s=0Qx&IXLoYGbqz;?vU~;6U6~jc>dJ{yWvp% zm)aflHWcl==sIK*HPhX1xCz}$v_7t2)4tvTlS2-}ws2Ky%oCMF3S^cYRST=zGTw`p zh7e4etsNa7j{Nlpq7BwQ0d=k>-B%3SC?hehYg*nfmaB4;niG}kb*eR9ax6Hoqo# zotE7mIhkz4^Ogna+uaS#L(fDgHzrgp$xRK3YtcgPP5}zSnG}Eus@h)&Lu|o0UV2XlQ)G*T$Kg>VNXicSW#(txA` zPxcR&vTAwXx|A@(hG#&s$)v?8CVg?9V6bzF=OUuJoic*0E2Ycr?6O@;jdiDwt*?8W z7|9BN%YNC*6FW8EX530$xV*b*R(~6!LX|Ie{k~49R zsE}$qT?`m+k2|Yg!@X~SE9`f(PUV3xiEIPDYc%bp=VSUi24yirlCve>qAYomX9aefO3>X_hqqFtCQ zWv&57g4hI;i8tDeOtmc&&oRB*`7O84c}w|5rK4sn)@hirQ8!16ROD}2*fZlC|FWRx|7qB)z#T^FJNyc!g7q z)JoA_Fb~rH5vG~tX07pzj=Zd8>Lrmf42A4kOoB^M*dj~ClQ*ED{l)*vdQhZo`0)bx z$q_m=1vE31VAvfZ!h@*N?>P`^|7>O>^t$Z$*jtPeM}!3Wd>Dqp^)eSD=H zBZvXoZCr^&gz_v$)2`6wH#m!zp()??5OpJ4t_o6q%%F3|w{3v#M$=iD7hx~nXcAhE zNcPF)tLL;`jHZfB6Z}QlZI4;^-osSz41L9Kwb_zZpg}iHpKjyRnE%WE&!> zMd_fb|D4t^=%8lf>*TTv7TMJ9Z^0C@#j%DA32vg%Yzo8z7q>|7mJilO{Sn3Qs$buO z(%a#3(#+#SE?dIIS<;Xwnn^!v4Gw?{KtF;4^{SQOz<|pJY?ptXgE})97vfx6inh&p zPj)4PX#AM(gEAAemcK>jVb9fiBiz*?{9*Zg%8qzRHODzlcF9sVgIkbhP%ve<#hfmP zsm0bsJI_2o*-Xw@epyW(HBI#M)-yx; z^X>b6gHHA3`t`E3lS=pF2!0%iI>UHv#Pao1-AWFlJ_lXoO6{}t5<(5rp;Y4)#J7X|tPB$Ti z&xWD#l*jJor1`*TV7lIBdUu(JC|AfyK_$4VzvGB3dcFx^}8>L z$RcfXL`+3}mPHyRzl9aFxN5|x zQk&+|0nG%I7wszH)oI9_qO66VJmU>5-nRPD9LF{$b07}9tB|p=L67aCh*L0-)tpI{ zEBK(uA!BxeRvYCPkc*Huex<0t#UH|L7ytSquUh?7Zo8Gd&FB+>0G>e~#o_ovMsJyK zJ^@`q+;Q+YS>M+7Q`#%0f%u*tP^b8sTdAqZfD+@7Blb$hZ^2q{r;xpujqqA={8Cqmr7govyPV$+F?l^>BRwK#`IO^cf%DLk&ddE*a#0Z7{hQI z{qiN{xTA<@t)a)#ql<2b{=Kkw`@bJ#NloxC$XKeg-9`V@U13joD)_(^JHV4GoG2Ms z_UuD}FE#VzzZ#NC`MmzV^GwXA4xMnpfB6MGZkU{KT?R4~opzi{xiXx5i8q#1@8+PY z3|znIcfFA*XTURs`?DOoT9UeuuPJygH}PH3AG}aEbMBKFP<=fehN>mljZ<7@1F$>?Y&Sz@2I_%vVqmI;Sec<`1IW0%KepUr?fsc6@zabuL~AfG%vnGSYucv#k$O`d2a8)#o6~Pi8GSm4toO@tk;x zEDb|#Y~hsl(FZ>&JtjcO=y)VA;RS@j3Io5mQl3ezz>2_~MaxQeeAJeG9eCzFtyt3( z>5x3dNv0~7XhV$C2jTgFsfCrN1%%!iav}Eb@Lm12z)(IcnvX&wS_|(#?Q@tggv6ipSLC*c2@!;LIVf*)_Q6A(Tvnp0#Po&hUobF3fGdUu z84oV^eF~ZljuG(X3-98RxFm6V!$aywXBpv?bnj)cQi&(7@ z0Z9k7Ea4S$3^OwqLr~i7N;QG80;<#d07udu-W`T_)^-uZ4LKOtWh{>$_@==LyS#>J zQF{oPUz~+>;ok^>kQ02m9N`E=dgk3^$_hfZokv&;+2fGA;nlT9Z+FTeu1EM{P-x+* zY017h*0QOy00o0^E9h2m7@AB#ZD)Zi-tcUL5sTaYzT2EG+jH53a&{Fo9lw{hJ%6L? z$l=rINIA;-EIA_5j`+z+(3(UB)Cj_82jHVG*pEGF5)a2sW3L<*4_7hp!@L4H@a^^Y zTfaU9k|LxPwu&Ol9Y{Onj}ZG8A3^K!jJI=#4d=i`>EZx~=?W(qp%QfF^G@s)GnI_(58EJi%_^nEPBx3e)PKxIXmK$-wbIpbgm?WXh z+%}>eO1V&!cx2Or&&PScMim8R2Pw8qq~xM4<=)580oYS@US|Lbi7xWd59lWGkH~Hf z>fSyl8 z637jTz7tltvu6k85Jy6&2PqrDq7*`&GWxqc1*Kn?anngQO#`{}ALP zh~}^VFh14uVaRiPYqF#*)px%XKyl_IULr~BfXQq}Z+knrt^sgq>^z}15EVklrdWg> z-BHh>gc_??80)%Hjf$=$64O4D5pH(0IZ4WaWE8vIa19%4oZa`hDu}#1d@JUQ&2cII zW~n>BB_tw=GPlsQ=9@DAG+pfi9Ey%5PN33=#(YGdxxz6w$)dG0kwk@=L0Z7ys57Y@ zo>|nJL-9VD$T1!1KQ>fPDRz~$%wfy!e#4GI(=FRJ~W&;Zxm3)IEzF8kz&>RHg4bcsxH?txp`bBVEh7*@t}hhnisS|8N!8JJ z9SNBb8ic)Wc(n@2(%ZOZQbllRca*#j!%9=PH{n`vIS-dIfKjXI2m>%P3rG8#CuWVi zzpG7#ozWty3}#mqkb-uVjd+&lv^4m6=R;O%8uSninl&3Fm9CJO`t~1ydHo5aknZ}b zJ!sxv;h*!W&k!r5SB3stkEYfVE8690DTB@^>lgTep+d>DhMu@{S+1i0mUD}xy&Z%9 z4#dneSgxOtJwvg7r!!DtBnL~(`m2O)QOnImlFUO~0p?p*w0an}9DW`{nZc~Vb|I9l zww6noj;U~tQMid->E_YR{R1{<=IFs5f=UzQ_QU)(n0K;Yqv*XreZ8t<>b#bC&_NKQ# zNL|Qzi5df=-pNcoj|p7i`jW-oFB}(M7myYdYLd$}eS00^MvR+W;daxkG_ln*p<9yQ zG_i~{q3`!O>R-%|O@>zS#iL+8Wn7mIDET%YAQ3hrL4_i;nU?DcEV9``EwT)o4U3G6 z)Lwa0>jfokOfXKksQ*k|#b#0@w<^aL>b~2b7z7`eb&yzn0?GD2Ttxc#lb1)Ek95C| zEr+@kx2~GRi8{5ofQ=)Efp6wTCqk|4ZUqO3^(s?4y7R+W9w;{{z0WdKDp1tT8tHBb z=4B_=7{aDC@+IX20FM626M4-$_#TQk*xcg9d-0@h*lf-?1;O^L{2O^maVptmo!$yE z96a?}KV?MQ)RCWnMcR+2L)}+al(F9ETGPdB|kl;EXy~_?6!v%h{U2 zdFuPaBWqy4{>^pE4MlgaB!9T}77MGdyZ4+pL!g{eiw*IxOYt~G78hez%cDGYePZ=m zlf9Qbu7DF>5{vv=gKX9atma)v4F=S(FiYOHqnp1-eL7wTpJBmpqn`#c zlQMBBOhv^z?x+H&o=2uFb)HTRB8Hp7_h8%lq4azkR&Wp=`NU=2^%m?tvOWp~p6s%t zi+H1O{jCgNTxFQh2;B;M$F);MICkRIWk&}TEjyL^P&T0xtQ?$XSjEV=ymn6|aa5XE z!0Iv;H36t@5WPGfQ3y}-6lu#(vx7U%XH^*DDAD>)FtuoEctRlrgI1kQoKJ{1@ibbrrc&QZR zDl|v0r*NTmna%|n5v-CI5iQMD+BpZUAxrO%|)>Q1n!sw&Fr`ljEvE0Y`65M%u|>u5l#xVwH(_7KfA zX7^d*a;!7L+zKWR^H5>)`yTokrDge{0yZe($_;1ts5w6J&Z-uExbp;XjNHNv{8Az^ zZ`1&8tddh;LF67tC#4Adxk`*NtEcaE+>4o9$(P*_iXz2aIu;$n>^S(UuDCk%Du-p= z^s?^?npn1P9rxK=GkY&ytd%h9N_l7E-*2(%P*OHen@mJoRYzkWnT42O=qqKWNV5Zk zaNt=j;$sNV4(;(*e>18pFf723Aw*bffjm^d2FIcjo@1ss!)ixU6~7u8_hX?Hb#9GU zm_YJH`lM603cJvhLbCkPN=L3Q7)yx65CXAhf+ci9)0pN3X&(9|+nMCkbu0EUauOjU z9^ijdd>sym*qJ#jYg?L$bT{D92wdamsbkQ^F#Y_s@SThXfKGJ@gpL@?%>Xi8O;`-! zfKmd=kuv)IO3?22Qt-^2Gve^>aP%0xm9YP9hnlo`NjP^tI~(m>D+&Q9lO5-(Wv`QI z%+89m)>G+tB{^~7x7n#!O9%e(f-8iV_GDr-D(^}jkPVGCJ@fmO-L`*w8^6tFJMCx} zk3QT;s_V1$!ku6MhWYyMHnFxhzOr=32ljQJN{L1V$X@r**#wbU^O}Xf#cDE9xbt!tc;Lus00-J@OfJj zZ7+p4^SJbrK>f3Fzx-s&LCB`hTIK@?eB9LOWh^n5ytm@0&7~7Ibz47f5_VzP3PYv% zc->3eO@Ir>RqH&%+U~T$&PLLzD*Jx>~%`o*T9?))$pY)8)qjI zOaTBnI6?FQL4e`1joLL`#>nk&xL<7`9;#GDmt09as#QsaR|o03v17fH#i68KtY2i$ zsYsTbIUf(BrpIz549Mk{xe^l5NV7(vhv0c^p=FNnEi zx=bZliTlu|Y(0hI9xn+oW@44&#Af*Eo1VaL96(dLcQIeLe}ynSVqxVVstZ8huSS*P zV5#1GMp?NpeUe|@DOZz^N}jf;NL|(kqaeGwA9Uoriit6ImSdaLNWH``1L2tw{+(LH zqKS4i!c;#(v0g~H-OdADAI?k0mrn=MUb?uvx|CIE5|a-$tFx7?Q(HtDEzYvbQv}+0 z_YJ4IIjJM`qj_vzMcUWMVT_u(t(k~@;l{WJHD=K14(#_(J+C_V{Evrn%;5_Z**=G% zsn4=VB;@H~E&`TAzx!z(kLVE3rb5ec49NMRpHWvX@%(E;DRezB-Wyx#WmDttROySg zkj{nBigO=~Ie*uJF{jhOV@nR+yly*q_!cH4xFzWplTWMvqmrgr$MY<1+IEYDlU~QE ze&MN^1)}%r@hs2A(guRZjOwhM?u9J!DSzP!?e5<53?fYq7eEWEPmJ~TCSZNlk)xj0 zN!P}Y3)^2_Z7cl~l$bcF0%0V4*O>W{YI&qT(bmvJ&V7Yb03n;*QEuQ}*M*R%GBOwy z#2#Fo72%3Ec@5Uk^a2YcC+B#=?XS(_o33HFD^q2EmL=IGc8;@ zEUM(AzrkU^#YZ=a4lN_~#Fh27@ z(e$MvVR9=ETEUJ5*NUqEya@7G6F((>zRJOrUrRLgC@^dY5mxx8f#kK@cZT-zyQx0S z`7wdEn#DF?sjPo+mw+?8rfUJO6m8vDijPdpYT?`QX%G(2bki5U!SOq}ab%BXvIM_8 z`rwhxOd4>L7B#~rJZi3xjhBAdf4yIUaT$`2B|`fw29gpg<=iYzKR^FDq-3LYiTv|( zvj-^gDk{;Hnq$qjrK>HQ_n;}e$_{yi?fJU<%K|z+E+~UYJs_!Y`{n!QW)}wlgaiqI zgk$U)X=ZXES{iTvVAsnRz)@zfoO~!^f?pj*J#`Q2ab!=pm7y1Bi7qm63rOP}Ej?9S zi}P0n!xyh@wEMLAFEu-(+_iW*Q9vnJ1FM@Tfmhk0_A;8@DLbpk+M87A{T!t@B&Lj&`iP)sqqVAIk@H9 zh-dgw-JT)KxWnZc!%)+z>5N>lgwRHxit-;~26&y{%=H=oa3ZdF`Sj*~!m_lzT}w*t z_8Y8c0f!c+uH8Y7bj_&0nCjUw@m33P3t zTtkl8DE+B>W7m{Q!KSXmtq=XCB+?4Dlxc9ds&CU$6tN#IpQgM$8t5xee6G6*NN&a> zUm{5xBN1Bhcwaw+(@?*L=H(dh^8i1-d1O(f30S^e?CU==`VrwhjsirLs?ZM%_>pff(|N;u=hY z>3jHm3x!|tY@l(zF*Q-_vVuuX!H4MHN@hD*Y~r{Ch&5nGQgL+ zr4{Fw=5X6BKEM3FmLQF8UE{|AqXsFZxI^3HQ-`p2X}JMpI`h8P>W?_$CXLw-K%HQ7 zwE@m~kM3-1aL7L}Kc_1LSol?ObHx)MI4)x&;&tm$#Xm?U-&sX^*S=S8Onzi-hIHXHkP2%qW3@;KNa+!_dC*B7>nsky zE0EM_7in@Wb?+fs$L-z&{q&pWsvir??EO28Ev8p2^3-bLdE8J2hn+Q!ijNiF3R`e-5(K89Z}K%3Nxe z5~eO-fC&y4%ZPoU#y2R++~0S;DK&sc+u6YTR>BsgR-_yyq%xqwy|Wi}vxe7*E!y|r z(Ep+e0i~qQgbtGBlz4w^Y;Qoj)zk3pZOBmQUVRjb{+up3ir9Ju+RW%L2J6}!_B25H zcq;yzit)t@-7aA~x8^wD4YVMW)Wvb*G)4)IX^&)>pV8&U#o`cGvW3BDxQ57Y((QRQ z;#xiD?ZOyKz2HuH0sWl>%HVdpT>XRpUFqdkN;VlZ^zXTor8qk{<`yEeu5n4`2YdscGJrczqCfzkv zQ=%4;dw(;JT76STac$WRTc0N+CG=4|Q1eIK3KSF(!by;Q`=duu&cX(^2zCt?kmO97O#&bI;qlD!3 zL0*G0$3AHQLxl+6J%fi$Y@`F1f;i3Fg`-`ElFlTGmhw!x4>L7j1d@1Enx|;h zo|lIDJeo$_a5?A_e{|z!C~;Bif=&zJw)|B}W<(KB*Uc*rMJ&MBWm7}c($E&BRDj67 zYGZDrJ*3tOh-n9&opWHMp!41O0lpTGqn0!ggnzl|PW4f@`+?LZseeKIMd{IS{$7HL z!6f$Wy+H4-_E||`-bTz|S3{?-izpwUcjBx8W{$NOsJq zMX$Czj>Tq7N0Q1YNgo3yyezaeD(_B8!AaPd+48aHNjFA>!sd^R-szQdWv+E41(WK1 z`#4gsu#!au0{8)#Z$xx1gS{*kQ6rKp3JAu+Qjm~rman%A2Q|(1x(YO$k3m^E8QivD zs+^Ivf@yT5A&z8`i_VMHX1PkaW<_s7?Z7vy9bR6^ z3AjhZ&W=plT5gD%INIX3I+Piy!1$^?FcO9?k|SGf)O}Xd zh?j5h*V-Vi3)FA=$AP%r@A=A^gv^+iTc4VEn7AD;lh;s~!N)4v*%o;3{WyX%)y^0gJT!g*Jb2#1^A{ zT>r_L&!FM!<3$`mIlUeI*cA0ZirzcP8eA)9Ah(;mLQD@>oDpF{qIEbx&mwo)IMxXz z>vU2%1+zdyGf4mn^Zs2?jecC_0a%NtWpQ!_n@mn<+cT93<1tl~?}zC1=xIR=oj|FA z!GH(@LnbPy4rok`n zdqyK{1DTAgu=+ouk1bf)0ENiCKbOdyfH;h>Ey+>^Y`xAfAWomp}}(`&gADTq|uG8}csp)gzv@jI+^(%V>RLu&N^ zkI`0S*vff1kEeUqBJWr)mydTZg4eOQYy4}#QkNP-`eJtNd88jK?s0sxNJYHM@zbhT zC6hAg!|C}KCumBsfKo>0o8}v)kpDV&;O7@>np%rMX>oC=n`MaFIBM+*4L=dFG}E{x z9$D2F7qujIUO4dwms$FDk-rUd)c1h`Hvxc1bE9)tzWq-2X~q>$uTvqE)U*{Zf4YmV zGn}pOdF3MJJBbU_&D+I zr?w>mS5&PE33Uo$X{^mLAw01E9}Ynn;P?P=Mr)a)7TSSdHSy$z`F*U|K4VIcrm{aN%Y ztrf!c<7DG4(eZ9kowVM%VhC^4djDINnaw}89>e3mF^<#8JJo<`4 zXkb>fL^kw)1xEoY=gtW$6_^j3#WQN-*AHYaxGDa@nV$=CY;&mi?bD|UNgD5?N-%Tr zhiyQw`w!>_ZeEApGBQBW3n2{Z82-s;PK4F$^Ns+UE1^QsR52>MOOBGH4xX3fCX=>Y zak9Y&>!ThXrR&f{u9w9X{o= z^|+zE>-&l2P?^J+X~Ql_8*A8tX1sQ$8tzs1V&IP)fuB2Z6nIFu`lIZlT}X_uUeGaD zUYr=z9;Auk6_SOwcN4WT>c9VXB!$iUd!}quVP0?@)?!0Y%L{qyLmdF-^RGpypp1vheq%XsowHzLNMV58oo>Bsy&sDKp0E0v#F3#IN0_iJtR$p)=doCWe#)3pu_lNBf&mWE6d;SxZn z@gh~n??2Dm;N@csql~A%pJ`N_#!!U8-}to4cm=%cR&mY~el0WzajA5;V59ilM|1wG zv&n6lVm4JRcpbork%d2q18hM z&g}>|OWKSau3W7^W&Tf1j5GD9hFoKn3K zxu7@TF1P(0dpX{t37-1yRN~nd6Zjn$5E4-KE;7CPgs<@)zel0s5@j=Hpxb1Bs)9j5 zQPs34#50@7;;OePm5MH@KhaJBAN!_eT#M{eo}9s9XkI+XEiT@N#rQAG-Ay(ElS zG1ItJ0Ij{!xs5E92{bq)mie~t8%IrzNOF=i#jDLlh=oI3xxBhSK6&q#1_qH;$R7n; zn>B}#Zxz{&NRU|-qwP}#Y=bVaZgtHanL5iekd`0T555unIaD1?D4F1eGlCn0>(OZL z3n++-jsgQ}_mhZJ%-o1fsBs^D-=J2J%Aw0T?wdVNJ7cD9ZUA%kH8~O|0KlgRyw0-*1>n#}}Td032TUknvZ5PeD25kE^0R52V!e-A4sSJ>a3BNd1di zAX|MydtKdv<-TV})6ktC%0sm^Q+Y!Ny=b<4V-!|x->YAL-& zZ=*@JX-y^^b`09)#rf;BvM!pup%-wvu5bolU9e1Ll2vWg|OF@iBR^j?u1si=#=X zlC~^tx2JNSG6D669ubXsJfPP+myC{VrA0oa;WfS3;tlI9okCPG;F;8#sWa?aVx~f- z4_SWcn$8w5gxL2Rt%B@x@4`;c1MWddq#VA{)l1NKK_H-ic2yif`8tEw>b;sswd|mt znM*Yb^WcNmYKxbf^B?$!5)v^{iO$oI{4vMdVO*;{1C z!-sjsms){0YMc*w_UzrN09fzQ)YgpMOizbLg(oLJ1YnBVgB!t1_z6+*OV9daU;Ivz}N{7l`qhrw7S~**sDsoCd`Cn`M0|y!dk zfmzzw|0;RCBD4Qx#u6n8ps2MA5V^y0>p+H~s`9lW+?Tyr2a@sC$_V#DtUjjN)CW&l zR}YZcV@VlN&4z6pxYo$ha>zfMoqHS#@v^XM&(1cf#d@oSYVQ*|*On75Ie>^8yb8g& zcE!7R0R;ge5Vuvd45n>d)ISs@C?SOicygm)X0c9_?s=tcH0sSlgb9g!gfBp|A zR8_X+NMG)VJdDRX^`o8Yw?}klA{nAR*Qb+SsGm@}JvD_P=xs0j=x96apPik_P>R43 zlO_t!!}QeR6&50qb&T+R3=hoz+!%gp0n7kUTVfEjfnbO*c+ePQF6x9F4oDx$BDanw zgeArNr+Y}4$uL9aH+XqOaB9{m2i7SC@4dWK+iJYBd@95PSl(#!AZY9xBx@e!j*;K7 zd>P}P7ho#**lUgbAj-@@gsbnnBMDvK#lW&h24%)c3N%7c4fZr)GqPW~EHzo1UT64f zXi+&k9+RT#k@gM3D{6Y6>;vba-a z5%yKzHx(sO`nsn5n_M%l-ljFIWYppFOYx7!+y;WHovXN$A4`%0yhDvPTe~ zcS3`4fyIGv?r7`>v6*`tjXIxOV*;9xc4YqPeG9Wfnr_QW9>|icCF&4_+eGq4|NJ5Z?~l45U5nyr`70heW{T6Ya_AqqDpntLDcr`>02pv2 zA9!@aCL{_x+?)L;E!?RG`0DG&fto*ewxfoL6PN`plVPw4-_9FD=R@vby=S3|Q?$qD z#PavTB--ZTo)da2NAS;=28^B~8 zD0k;748E}aM{zclI`d)}qHRHaVorwnjBO!0pduVf8hQxOp!_j2#)#x2HHCd&HI}N! z)pQ@L%ihZ9J>W_@0Zm(tnw>RRA0Jv5NOPx7_^_LIbjqA?W{DLfP-MLur);>`+2RAQ z#$s4W*QWA9yQQ_zZRSx_%%3N9iUL^^r6_MKLBec{9Qa~#oIH*61~gMF00725IV;IV zoPrXWwSWw-#HSf8)Dm76iqD@&LdBNgn|M0tTpHBXZ)VF^oTz>gh3)-ef_*7AIlOxz zZ~GQiot=r~59RXgH$P4STjJ|Gc0GzSMTsrkA=NAF(}Ox)IubQi0s|%0{W*!oU8ib+ zz+gv=`S%su+zO2zv=^ilB+Z)YERuyU4x1V9Mjj_Yyk?Va09%$RAdvi-MXI|VC zUNp(fm`QAqsSWeMVd+d_7*9Ao)~$U9e|umtm&q(EyI|6W8B*U_F|XJibRtna+O>cQ zOMYlPug+-MgcE4%^xE=<2=sKFHnT3Yq+{pmu{6$Ri3kzs+Ckl3o7+vF+#^)gb2?Ne z8gq%OVL>H_H^Ge}i+xz%g(f?c6G{uymI>!wyZ~#|35)AHpr$FxTYAJ;(gbB!!}b1p z{qYA^W_NvesH;bNsd*V$wf2xQ8_wZ*n$fQGBg?#GM5SUG!VrG4+pw=Pli%4={C^3c zpUi>xRc-qMb3@_Lwp$&^}7qc(uQAXij%CN ztd~$PrTrCi4`y;aApkX0W(>|qvbuHK#<~*%9-rd*yvr#nKl!YKIj?ZduBPic+k5IlZZ2 zD%`cv?^c(b-!ZW*i$#)t2Y^0mI6nifsS#6y%B}|qS#^{gQtEZw3rcT9%_bxcy5WrN zz}p-W!YOCvScbB+>UE9$IX)t}<$@lB!q%V`;73bZSO?jGbY?=3lO>`7dg{RYWUDy` zXeoScOmu!&=dU^I&W9}eGjMIjA=)zvIC2`2gBi&ra_Ph=8Lb&~Gck(<_BA}X6T804 zjIY3p#G!6wEx*oX88vQv_2s99gc^MgPm<8b&nfz9ZxqDz*(jZ!Sb5Rw+p%U|Lmwx~ z%xjg2yBoAM3EFwyjYqqd^|HVT^~pN~(Y8EP&wq0|!&8duEJIgwxjVXvH;DTNBC1jf z`NA#~s!3w5iVhJ%9SiMEyAb_K+T?j=`df9HXBwKoSX4TA8l~pOP$Lk=g5H^=tnVnm zA(g`lGQ<-k;B;}wS$Q9!h7TH1iz0mkt`FN0pfgilsOv=>CA=EONhrJ({|HQ6k{2|N z9ZQ-ZeMQls&M-QiQyj{^Q#ZG|K!rTAvBy{u)+@(yrjGlpJXgI1+nMr^&YW|~&luMt zxu@FKP5}ILj#Lr!Wi?Eeh;!^3ylAoEwHlJ+G5b`>z`1KmxrgrgS6p>6mN>F}s!$7?~Yv#mwA zK~3-p)$Tdj{2Ay8&F)$X@s{J_J(BGu5_qKI|Iu|%(UEm)ps=Hk?R2MN+eXK>ZQD*d zwr$()ij$7hv2EKw7-Qg+TqlA0>*rQxO%@gNg> z;N9A|`)}isH*=`T*OIweI>HETB$944jCS-So|9u=0NmqYl#5w_h{23)NgDqrH8cwu zKh4d}pzv4-Q%^vAlNd~F^a#`U94%vDWa{XvQp8TQhtSI%kd3O^6B`r@JSw9gSQnY0FX_-le+c@dS=SGS0Cbgw$5F6D~RkI;9JubHoH>KGfXrBDSgcpV^Mh1q1o;d<`-@hb{zscx(15cqIrztYB&p zJ*~ubQV^Mnq?A33Hvv|PW~=KM6}kpWR<5C6&i9*S4U~2EyBrzyq&iLtsnD&cd+8r& z4As$P)%A6V5Pw&6k^tl`vu`L#KxJ(1(IB6_4d=dWUgl8a3Rk}Lt>%>Aorq~#F+b;A zJ2?GQ?x$J$>g^+n02hQ)y1(uX;kGTyzhUOB_PD7uBsZqB=;R-LeBEBx+p$id!4INO z$LQz_{bRT65Xa<}HFrVS+?!PJ(hQ8SQ@U54Z38Y{(e|q&+jWcOmT-aTH};P6NM18K zu9M)^t1DB_0afNItz|M=Ti&G??jsCZK9Kilith;qZ-+S4l^A*A5(!l)7}N@k{z>C( zsB6&0$K)E>0WvxJC4Hbp7)gfnbo2HReF^V>Y$#Q$G#lE+dpE&RP)WsK)lUnQsC2I^ zH6}~K)j7d#(qq=k*vuNG|4yhXSN{wjQyDRHA(iw3RK!HN&fqFbUVPm<%d=1S;~N3@4j zxH$T1VFvm+mz+krLfPIg=5>=H%~DVt^TD~qZ`AW0$?niEb`>1Vjdj&x>R%HtUOk-NBh+4v#V6R%KJ z58_soip{59)w}LcP`FkSi{@z(>B`zYchev)N7$9;hV+R#qq8s6y7LQiCW}r0j_D6C zuiSSU3$FsSrGQNrzFPKUR*i1Uk8g(@)1)KYNb0{MifbiQ7KX)}-HZGvEpliyIHy6c zdGw?cn0Tc|of`@`bD1@I`C;Qv#7cg&jeb}SyFcITkJ)uULw-E&kELpTzJ{i5ejLkv z-k%`(z5K!NexJ?#cp6{)yuUfE)%&=X`xMbdd>PFtOu?Z2Jl*fzT+v;lH}*F97L>pz zs~}!RO6}qfF$@=+%tIz9^&`7GS^8R=&4cs(Pp%A|_+sEM1B5;qGzBKY`BGooDQU2r z_le`8B4Of(dPB~X9tKXbTGOh6THnW>+dEcZnF*;XzO%@U6x$)En(~<&wd!<|s`5H= zX*;?uYn+>KO1)!){p{8xB2o%%P5hep{+>6icK8Ey{n8_ zv(4`r(AyK|IPN=)?|7XilnM8|GI$u!d+K6@pwN$UV%;mdg)7o~bGv$q|7j1^Spg5Q zs-$u)SotK&oPfePnje4on6z!v9h?ZzZ7v3Y2|ir3_l>Gzz`^gZ87?3(i)v{V98(3*?4qunIZ#WD!`k<%y8W&qr%S}c=cdaXqB35_q{>K+2Wi78XV z)f=m4@EW5F(`AX3yZpkJwMfffO=N#FFsI-ksgsJ2R3tFd(tJq$owBc*=+sg=t}|5^ zy3AHZ=tyKhVg+zGQ|Me|1mOT@u*sumnu)KdNdH>nOK~5bHTunT%$luaoVk^y9^;#x z_-Y_9jjd4{(H6n?p>s#GV$UciOZtV#vmdQ%Fg53g1A*Ld1OiBu=BDfjUq@^YsxL5C zp4hj#+q#Zn4&c!p1^D>WJQN&9~z(Hn|lEy}4yI4n{G59CtX;-4zUHmTKKVfb++h*UU7on5<{meK` z;AfRXHlhe!e)-+^P58Tw-ky9an4-mtwwAe>C{akQiyA3?VQr*cf@GSW(Z+~=Y#qdPjtPZh~b zf2&4vzOSuqD_y~2L_sqQ2pKl-zzeP zdq7!ERh;HQ)(ZaO*i?;KuF(x5;9u0kn`QBI$D%<=AeLnvv=n*^FPw?f7rYQ#Qer|nm1x59P`MC~R)9cQ@=vAA%~R7Cza?gAgcjCo;T=|tN{DZ3%J zt{)T?)^{v5Rhc~Js@T{y0C7WheEYX0Cq-o0+MdsL(^AyGF`IB zM)e9xyZTWuf+i&aebygN|ejpWrtvQ7x5R7 z&Un1VMj-*gKZ+$tSdrARi zp-e8ORFWgEVQvMp9xzZg6z#cIHnhxm;!udU$S=xkJGc9y%6j53!Ti+*TFI3U3E+xI zqr#OjJT+x zmL*DiAn{JJDSuADAXN$?4X&Zy+Y_d=B_|g~ffSw15k$i$mw9^*I-D0yLVGJgEBf6| z3tsTvE914frraI*(DF`GE}0=U#r6Zsh&xcWvw>O4pzU&(QKZeDS8Jn{O__A#24k}~ zkZsaBr!i+MAQ>$>9Oq47PgdV9cXNV*9=XQq_E%z%OEKtc(XcN`lGmWoTErZL4m?a5 z2%W2mhcXAA!Rt488>TLw!sp}TV~!1s({Zxy#dF$mrJuHwc69BH?L0KL+)H_GL|m9- z7kONgI;TZ)*TSHC=+u&gN+l(um7t*CG}YT1Qsic#PrWv7#H#mCxYUvnFaiYWOPHf| zs4TZX`kbIltkMDDSuN{5sww;6t6AbYm!f-)Bl*+W^z52Y65ll*#4@huz{H~3Cget< z%jQ0{DPa^LGd}cS$?Sx`P2#2WKqf}4A=4f?o>>sTD`v2BUk|RqxW}_)& zBn$l}_XYFMoKXZ0lUu7O{{UYHpTql}YDz7#yi%KkXd)-$g&SO;1clDWEs2#ZU!$)#pCA6|4sKXvr~0$&6{FGJ?x((=t49bX z)vuQt^L&QaPYOraup7U8-GZzHr*-c7+supGHpMtNO#v0d{cfwS5}YwcQ+oE`axQ_0 zXGAgX`DRoMl!2Kj?F2I<>)W#?m)n<&8@~35TvnA)&BvZA9BFfJNIx&Ob%TI)!RlB> zNYX#q{4R%JF2eWCAGYozmmOF9VlNZD&-l~N{LuzaWzYPzT^|RT{J!t!vLBPJwS#ZD za*SO~Z}_h)uOj3iz_BYc5a1VK&Ok4$S_@D6q~~^Nmxl~llw??a z(YvgCuH)EHeunSbSl*I)Sfm8pdJr#7xc^(S*+KSs_<50OFwX&&34OH?D?-LbU7B>2 zrp-#G7CoZE5R<6w(vYaLPxkwCRHgWN{eI1j^!d}V!b4pb^7vDoyL3*0M0a*$1bC@} zmf+7C$5w{!W)VN7AhZ}TuL;Ft?ceTo?pp?6nl|XT;W=ZgqQ}V>0VVSl%2+|V1ktU_ zGEno>(Hu?BFF$7@{gnFa+1*xozA!^s2||cGmtCw%G~hjfwy}|@OmaVpe58Z%sKQd74MG zm#{>f@Kv2+9UFYEXpcGP+7j!XO2Cw~5UGd`lT;?%dQ50gO>CAmHH?5%%jscBZ8cPX zF9o$if{x1ibs!6K4M@Nv*I$u`K?AgEbtR}+*Me5sK{`0q2jQyGmvcbjw#CgwXdUug z)u`*z0SDF}3%Qb5xM6Isn@YW3fS;Zf9LJRd2ew;55w>!3*s?Ow z zS5O5(O{M7!GSA?K`|ym1d%c|(OPT9pDO^wUf#{cv3hSTLzaaS#z!Jq+aw~(Xx*(&n z7}&@4$X$my2>QVmHIA+xJT|3g;;X6_u|Q1}v+o2w5FK(^4ea^N8_yj4huWnR{Mcr~ znZdOXbcj>~MuXMMX6FXo-A>5We;^0YlD`>dDf2S*QaUCz9tt%~@+9cN5KTM_IC$ zF-KDX3xFAR95_mvMMWOZ9~nI_tCWTDt1$n&gzmxZjJ$w`Kvr+mj6JJ%@)-?61<#ZF(qYeeXBRY5sUN19HVi@dV zzY@gg7#vKW21&*_2pmo`X!RbKo~Rpo&%wSYYp8bE@-3vIuhqm0Yj!*|g*;53YfSqNB*mSH&DY70Y(d$svL z^q+?sEkJ^W#vH!>Z3t-zi)t98u)2#r-!E=MGy3k^3yx#bD+TD7Z2 z$d$KlIYW6z%NW%_a~XT;+?71i$!g&`B^#wyMbT`Q&h#Frf`VBmz&_lBn|>0VDbWt; z%eL5ydhG<%C;Aj1SM^ekof=jZh32p=L{dYqR+ zm^2OB#fH(Vc^6fbSSYH-WRvj^%r)DV7{{jcSWoLk?E9r`#*_MZCER;;>_R;5lltDT zCIBgx?N(vo>gy9;!YQm`9R2=pvGG*_AmNXj;z44qYm!*eEkfG9K%`sBC7@=d^jHEgTx2!1L;KwsZIfo=s)f;lj6e1rxJr^)5xDbh{wVG)LcLaWTRKNraVrZX`uRD_y*Y{ASQ{r#47XRv24&|dk;k1-+17f2`A7JTmc-l5 zKTT*}$0K{e9bUu;^c}}l++JG>$ho{AHj4556*`^2jLAPhV)_dq2&n?Z2T3|p?#I_h zA$&b1{zFS_{ImH@Aab+3YSV%W2ZE_!!Pi*ieZ79s6sa*Kj?m=^%0^ml{KMvTgdoj9 zS$qIIt8!fLDS|Wk z5j>~+G@7z1S&AHKRJwyE=U3?frxlv4HNktDZ|Yg^sq%l%<7X` znG*76p(=rAn^}s+WyFk-(i9CfMr0zk-zN`b4TzfQX`}NEgQ7sHC7VFx z>WQukh4Z)f>$YYZ_PH9FArE0mjE?K;y9iK!x7&;xT54%@fIYI~IAE+Pw&{4?g+ua* zvI+jtxkVo9zqVTTNhySH^!-GXo?pM8p8;%JY#!!2WuxJQ(Y5|2n$#K>$fu%7I0 z``|WAJpi=C$p{2U*DEZ5Lc{PuYx7+L+QnU z(xS4;QMP7m%#jV4dv=WVjTKM3u=dR&pEj{DFM44g+DB-IOQ>?8%|}>=%V602%h%xF zP-uvbtf;DxLm6%*AQk4$VrO?*ASV{+rpi(Zr|Oyz*&=w#+!1SLsGhT~{0?yR zp=K;t=;pZuGjcZ7yu#O@1JK-MDjL)p;zklgh_3-WRhNK` z8cupz(0dAPlpl&FH-dXkU4O8=$ecbOVz%H+1!4U(lXy@(V&3xoOdVRrgAn6fE-Tu` zb?1P(S&2c($=r)|3kuVYz22|iyTJk^H?rtArVaB3KKeQi>8Oe^TvX8tk?1wnB0{Po z;OjXqjgRv{s!78Mrwyk=NcmHbve&{5aFEZx;D<^|5Aq&XF0A^HIujL)oBL%AA-odp ztYV^gv+!XwRplG$Dh=Sl+4Y%164KYof08ZZbalhzug0ve^IB-n)31-ImwJh}Eb}@6 zmLmr)rYj6w1(TE>TfkBcS+6;s_shgm4q}Bo1glu5HgF7w!eK%h47&DChUp7fU5OqM zBdmq*yT1k|f`+jXfDoZ+w7XF$;8k%6q@-}dXz|$yA*nn?>uFE{ zQS-S4@gc~<@_aG4=|*dX5svTJ;g*)BfkitFLNu~W6F0DG<;t(n3QV4WLVX_C!5qe$ zcm)RAXaxquCt-7Cjx)v&aW^|Rhnf#mENV9d+?6W_4srKayh4o-P><&@QYH~$oH-#} zLbXQ21Fe5`f$oE#H(q9;2dj=MJ1)7emOL-8H~Fd68mx8ZmOPB`=-G>K^ui93Y#!fv zo_$$@d-&KbKDY4O5b>ESZ);$@ZSCckWso%MiN>U1|jp7IpKP)6fWvTX~HexCtPra?=s+Q&m+z_!oiPtx$UpBmku zI4)mhK7b|;uQKWSZT3if6wSgqUKCk@Uf&(5ydPW`%s6T)BCFcMLv`U9hY1EK;y!=q z(P#co6wyRTQ2lt>-iU_|Z6KlbW;*$G909zR*zcYLc0vL8##0by@{+b~q3r0Y02lr8 zq}YP9V)6EGy774#(8_D{4XB*8!pqv6emAMnhauo|NcHIDz3$=UCYqYwVr zWFGv%Z{0ok13y94>*FlwXXrpm3Qw^uop?Bbrlvr>8yGJ+HcH@nhA{P>=L0&kqM)Pw zcRw_Bq@MV=Nd%l8hS4-!pN>ct%u-r;BuV_v~50rHbalxsdN8;ms+JKI9F$D zpB}n>2L3tPJ=W+oyE_RH>Wl&GVQ{caM!gmm&EfiD!GxwT>n1m?bpW}c=m&V&!aBWL zh4@zd72hu{_FL%kVet*4pUb&>OhxN&V3fTqxd+iQRyn9{C905$a@2lQebj?1s3Fa$ zbw++eE*t1ZTW@lb=X1je(nGhzr z(LP7}jcTKy3WeLUBFm`iU{=zSa1^kA(ye~dQ2_^XdZXV=X2aEjxXR~-yzjae-bRbh zu3ospsZB9~^gfnI+T^T2&S@mob^s7~ke{C7UZiwjBb)EsR|4yVv%hb@y%U;SuVjb4 zb^c=>*@p}Xqkm83rXbgu7?BmvTH1*K56YU@Mk4@Pr+1NpZa$)$=*Q;%GO6^aht@wQ zF~TIEq*~D}c>5+1*f+k(#YRl}S(UdtiB%zlY6I&A84A7}9ByR&*o)nEv z6E#MT!1FQC8>^mR+dCuMh=678eI=_2ij({6RJXNo--OQ9qG!e>dbQ`Y@hJz>Qd|&o z&(Eeocqv_%yYzUz60nt+?u>W<%j(r@OCo7%M-d>piE@gGJmk%*IR+%`q?RMyQcr$u zH#n_B=wjW_NY)=vN|o-3X*y0lHuYyQNceuf4c#K~Z)SD3pHv=H)IhwdPw|*gmYd9C zN?sm}gbP-&(u*KgMQBe7@b}o=gUFcI9IzQp5fW=P-pwWNqgCErca%}134;x@p9X3i ziYF&J7DaecjFV}a?3mxXOsKQi~dB>Rz2a!=$AN2#N%qX_y zQ0q0Pd9vlBi_pA|%=C_58qh3rcboY7LRZC%+-+ z4fr-pc?lGLHP3S3zWZT#ZCz+jZ9b_OKXdJT@0$M}8kpwV?b57unqb>Mz<1Hwc>hOj zJ!4&^>m$BJt8*_~iS)%^R|`5WA#w`LP}(OD-nho6%4$Q2;ntsW(&`-e^!##ja`5po zem@@?DB~^9!n-lZ9`xN4Yg&G^z*zFeTC(Hol;2J^mMO8cVPL5t14i!VUH(MTXO1 zf}8Q)edMx0fV^H=cF+mGtf(iDXw*kgExT19GevP%5B0M6th_-2)QWDwj~-bxS757VHkKjo(@Qf7Y^> z*)SJ^VmhK;=nc{N5j4D1CUxz&HNOH1hk}Edq6dVKjTVV2)o23RP(%6uWYXwS=d0oA zz=}U-jQuvP1qgyHzPpL&V7L^Uw)NrZ)ED(MfjV&gY(3hf_G|n~Rbt)6@@CGDoiMW| zE%g!OO?N#vCcUrT4`-AdQ`pmF1@dzwnL;M7`%RXaFL}bLDkIxV?F{$6Y%>9`S#H06 zyLqU~os?>)-df|BLyXg*dMHJ@Vh1xdIPk`?MK^Y4AOd|=B%=0OcjNz8wtO_B^N>E%F?h? z!#{zsoh=g7m`jj7L6VfHve7>h^k3yQ(u4o}rGA-$YM{{QQ%oU;*Bn`_S{ACxw@L!_g z&4dymQ$#(;(*0mE_!FG!ozKQ^WR+quAzo*BTA`<25mfI?VWFqbU@7GsKuPIXAkU44 zzUw9xZ_+-mKR)~fPMpd{glFUHhEa`9wOL;=8G-jxDQ(Oq+oY9fS0a|}D}`IwIk`x- zNzt#=l06^9$9EpDq8}cTwo4hwrF)*f#1&fTrZ46Nr%{88Fu93~l2IubrxfdiuDc#KxWJaWnSNwuC@7hLFk2_Y zK1(xndI2~MLPwZ|YDmDjwEVZYX;j-Ze{?}rH%Y0ZQXiYOHdcD%u&qg^6x1%wdS#1m z%OO*obFeWd6eR>n@Ud^-)29;-ECwZ+N_l28#H0$#)qy)e&jD~Oo8`PWihW862)6cG zh_Z(lx$$+77eLYXe#&s`QkF5{8v==JHJ(`wjU9gyLlxs+l@2y)kVL@u$?$=w@Ru5% z*NSJfx2Z{@-LLqDcv5i5cxtLbHod*&kg&A~Y;_7G!>esf2#%d7RtOWx8oq}9j~^;@ z5jro_po_=uHmf{@ZJkzKJ*^;|psZK9IFs9$r*-Sl?Z~Rzw!2sxAhde%NvSmD!a$rU z=!w5#6B;o|iqU@V{y!tidaJCFEdgrGsKiyPhtl7{^P6 zVZSIFQ$TMmEWGkOsO0P0-Y0i>Jx>FbhX9_4uVOEo>u#95}rTCdq{B@8T z3LYO=e{5J=Uk9{iy8BsWY{$%nQ}8D}D0AH30c(E}9KFUy(n5{qe#w)sjowd#;$LOw z+MlG};<~RP+>p!K??ihKP6AGaL_V8HC*?O^&)%z-8qFf8=(xK*5cBcLP709noH=ZF z7&!OiO2e>?ZE@*`lDn0{V`G>e;c)Q@r>m6Dp=I+~X3i-#)|PR`7#<~j57O(F%}9Pm zEa$08>-jb4g`L|U6Er&t{pr2(ikf4RRl}%y8xi#jWT`1`{ys@8Rc&bu$4~ z{VJ<00_FV#ZW0QJ!ICV~37m8y0FR_gQ+2UULcjr670z$6>MRfVk5wc6(B`nRvnLC% zveI-j@4%*Cfkp57XHihjp;4vVLFfwglG(wE&UBp<*-*k4^x|u*-DTDE!eurLpwarb zd`C)ZtI>J~9s`&tk1k9MTSn}l1#>P1nQ1~*Sy7o-4i|<)+%AD2(I}&Fa>F6M7=aQ2 z-mgRaAKS4?Sq1kd`+F~M2XBY%`1AzseBKfG@|Khyhg7_Ixi6zn@*qK(0aLLvTv+R zKc9D=HH}XhR+Jq59N^&6`~3WMVJmt?1=#$JS0Jk9!s1Y48Nu+<_3iewq9xf z$Wh&Acd!rc)q!BU;Q&Cd%4Al3fk{eA(owfRC=VB&nwm&=@(YaJlCS1+*Bcmic6lEL za55tk27X}w2qcuS`W?;^x@1;J4ZC=E7+o(fv@kMrbi|o>11}x!;?KmDMtho&UBTLj zQFX*ZCM!=Hvj4Jusyg!n1uO*R^#C0JY^8RpvSp@PKl=kh+SJlel_Wr$#i%?z(CdCnUr zy!bWF#u+rLzF&gk7qRGL^sk}#B`9)={=+QdMbB@${R=LB)d0IvEWoHi%g@t)RYtG8 zFJN)v&<`%jiAD8Q_oFXr-XAJz{!w-0H)H%#tG>~0I2%%=2XzIOKPPF47um)hct)D4 z4TNpfL^flu{^Y4Y4!(|!;MTqd;ngQ=3eQkbsH5LwF%lYM_qi>7yUr@pp+F9}wX4G% z=csCHXg1x1Duz|zYD>?z9?{i9?Ncof(=3~s$s0`6Y0oo9fl4h9+g6zgD+jpordhnh z=9XY~wi!$;6ZtUHP{uYbi2ViI=2w%EJw@Z3%(*s^OZN%2dsxl(O1M9Z3qs_ygTx5; znyser?SD$)D@NpV%4dHGhmz`m50obcF_szl;+QbJ{+XMYz!dhL_hV9D|3;F+?+sXz z=vGE!G2jb+W{Qyx`L@(cHWp^cA!k?<#iSy-QDBa?Z+}aYWhefxyD0Mib{AuouO+_R z#WSg_bjFo_Y%^W>Ow8CXcX4f{?*DQZJrlu({^Kr!mc3GTLs4`w9`unjVjwc3iDtV# zIYP}nhE0@Sk-p9)geRutHzDk}Hg-#55^j+kF$0DsyD zXKnK>kBLpyjwpx-!^3}X8TUhr75+<|l6c6&&i&qpg7`yYHPrDt@4Q#7?stY@1u5;DQwsefjB8#sUoB)f4&R)dKp!BF%mZbvwS~W=MczmEo5iOjPpn*{G zQm{v@d1Jln8(`{lcOZ(5*eT$;CjEKyJ`VtT_#yGeqnmxB=6VCLnGU|R3M{tdB;0xj z)^710qH@77A9>d{J1W7RERRvX>FF(7Wt0>b94x@pC-di((M);qjb$~?wm*(=1!|b> zRBN`Z68yy@v4&ot4kjz=bS79@q-oGKVa`AD^g!rj`>U)6yPecTw%B^0{sxaQ8m6IJ z7AXL(&mxhPkh({|NBj&|w_xYfvqSM8eevGruI8<%=9i~fbqA{P;4L~gi%*q$IbF*} zbs#lvMJ(=pPY;(s&7o{HLw6C!)iAm_>Bt5_!t3~Kb%e=ys%n#D%K48k&&4@|;x%|% z`B%uViyqQP!+i%73;Em51xoAlyOca^w0URt8>CMWZDz$B7Lv@H-9YUQoj5}^Lo~j`TSrml3`QQ1sV~^jV5X7 ze8Sp0;f)}Z;YocQTw=Tbv5D6_%>P3d4_p2f8OO0bc6nGtH;yFU4d0ZE_GG-iy1Dhf z(8VtJ+!bsOqrv}AZyaC1{_k52`pLFrx<$e53syz68SVwzsM&dyOtKweInxa(0Xgez z)N};PhH(}Ivq(6a!*wS6C-$uM)Sw^RQplMtAa|;~RrltjqtdC*FCD`^`0VBoLuY^Y_T^l-K z-TGKwROuf$7kAWcm3d7CNv?)piy8_DC{-k;jdiO_>FE?_u&?UbU#XzEBO*pa4{(=+ z8B0yu-MX6Tw;@oSv~E}@mjZM~f=ulX>WO+hCSOY`3z~FTUb#$9Jp$xYr?O}$CPyUC z6%2X=A3JfmIxw1)Vf}r3$^Qiy!=$~w07ho=^OMPeNlvdf4Ii-t4^gZx-8o^kAd`97 z5ln8tOe=t|k3is!7@eEJwdK`UMz<5BsyIRYh_7&Tk-q1}(ZToicAfvim#^E~%?GWm z;DfIihW04RY)!7+t!nGS>gN~0NJA^)e@b(TyTh7^T?H)^axJiYC2Kvt{xMfjqfI2aoR9sz-zYOJU@Y60MOu_N>bGd2BdL|4Hg6q(Vgh7|LZQcEFB2ELmhNX&X-=*s4Q+-g?Pu4Dz@8WWQsF zWsFT&!q6&%(U~x{KuwEKMuIj<%B6fT%XG%6*XSsZ=>9T^0S74e;E~Xvt*l9>q8IRM zMUe!;M9EpmU3ESPO~Vj|WFby~Zd}vuoLvCzv8ReOQEN>!u~$@6Ws??1hLEi)Z~lv5 z#LJ_m!dH)om5oQTlF&Rs1o8BIw8T1yQgs>m_4yLKhC@tK+V~gC0}}&XV)oIa<(WYE zelSE?1n*F;h5UD=0C?j!ViPWZoBt4uspHoGP~I^v{?yIXf*708e1@afQ>ou7tQ$X4 z)b=3*h}@Xm`wZ`7?*v*;-`N*D3B9PxeK04>p>3@`X#z zLogol*meN{Hc&-rEDhao3rx8srKk&Eoxw$46Ba!YapQ}Aik&yJFGmU zz{x}Kb;CQ@u|D!OveWOq4m&Rku!W0=~{P{au z?06ZcW6#!8I&}+NE!{L-zDUu*C8N}EAGDoUfRuqTgGL9=3#tL$P_f&-1*??H%zC`T zf_-(l`NV^iBOMI{grtx;h4A(#O}KN5=(c>5rD}w=IKvE7yuV-M$^Zq3-mvCY{ZsQV z?M+R%BW}GxO-p+66^%$k?ek_3sAtp#)cghh8y<{UM~>-t7(JFGLWQEzooB(epj6N3 z;+mWl5szqxjRU32844t4V*7c;SF;EGBEG2Df@rbQFNCoOt2jW#A!8jQa3#m*^Wvi8 zy+LqIOdP0os^CY?qT@jMPG+&B#}?@7JQ*Ep*js7Bn@MK4|C^dDfqpN2upvC-JrYDa z$Bf4<3NfyyCYUQt-%t%iD>l6ZG|znhd8S$&gisPMi=yKUU6 zL1z0`f!pa?N=u_K`%*G=^*Pz|WLX<=-kF84fJHYoJy;77&^VpG3xNh(_9^1w_9Cf+ z^}a)#N)|5gzJClx!9~)2)V~>9Nv`pafsx`vgR_BvTkNIp+4DY!JaSJplqaf1*i5#8 zj$W_$CsQsT_crrR90)`C0mUYXX5%=lAk+#Z?6W( zj&xgUpjfU?R_CCx9bivU9ygbyX;(>>jZ}GzijN*TnXc_Hi^6KoU{v-*2WWi}jJLkV z$WDSXwOT(w-6Hrjb>lJgXcQI*lZ=Vk#sf}fMX1`J zsyU1)XbN?>@A4(I;Q1;diTlbv{EvdH%lQwd5qC^&edDyt5sq&l`4W^xB$Zs1?gsqR zZieuNzZjUtY_T~ou`_lEOZ4!oSfr3W7_Pn>7b=OH>tW18>eL*$?-W;wCphT;2Vtzu z^2~a{*o)}XEY`Ko0b8V?3Xd5)V15CoOwAA*xIDMV~Dooo>2`cJp41n($_-UklY8NHyu`ETiY6b%V>nUSjizA=&ZlE zhWPso>YQtP17`|BTx9bW9iYZ6YD#M6#B|6x-UL;F)J-53RPd9w7*$5Z7MI!-LFpz@ zS6F4iLokqY3@DDX?bHBbrxuQQZ>ReaYd2zD$U%fnMXfOX*H&rpCYTGH0NKZlaBS^P zs$w`?hqupB-mE#VNXw{S(NZ!)XSH5AZ5&3)>3r29c=|%SC^AK_`|V&d>_xKu=~l}AV@!#JE`sSn$sAaqQGyPG zRX$%YYvjcqT-O{S@Yj6%;^PA!ZzM)7!Q@scs6MjP`uJtOt5paVZf<{E+dqDkDpP;@UJFy~lTZgVaijb&7&czfZ(CrX!;q^}ZBFnLmYpQcx~>X0s$NiSg_<{X0F7dkJy) z4-hval)J%F(c!S1!!((Q9^a47uYIi-X1Xd*u)H*`DSa@!CLhGr(D`_eLi*O7xolbA z@<;`D3EdfgqnI>F^N^a)s(E zZUkd~4>&$E_V!+pwrY`!B*4afJGwVS6O>XoEMJ(cCfr+J2(lAK6hu5A@aR)@Xfo`_ z2=-w0xxblB7`;2aIiR+?9K!@w_c+X&$u4<`C8A|xoO|3Vgb$eIQcw?2r=&mdWR}geeUb8 z4is8aeDCY?@`SMRd7+^JHgvPyP@7+el$pa4_i<>wm|qK?>_}PPHsngM^@&w{E5HaTUv=7t zWcfJj!P!>kD)kxpZrTsWoEmpuU$67`oe_)!bW3v5gY`5!{stW5xr4p8hZTJ7DdXI5 z&S&zvJU`hHxkG&08oMq(nJwxNLG?JrNoB_K2vr?3;~(ld6~JN|BMk7&C(8J-Hpu}a zS=;j{IYw%kBx_6lWkwY`KtTo-BNPp5cmbJcLWPW}ciRCMad=6&(wQ3+U3Det7rq{0C7fAJK^wPk#)@D z1jbW!Ys3XE%*@;gCQU|-?Duxl{gA^*X3eX{TB`I3GJ9<_%_~4`0TTFOfwX!>5xvG# zP-k)D`VN*2*~)W-KZ(I1p(-&ul74zX_Bg5&k!07Fhf+n5X;nYZGe)Ik&Qe3a{U}U{ zYMuk|2U$VO=}jhMW$>si#6Kx&txh(%ZsSlp@o~nq z6vPm!vhB}5E>COL>>;?n>udK~Asw&7@P^2+V<^|}+={+dtB*`S!I+g%50e=-S2+E) z0AS(LHQLa`c(##D9@5N9xR*}Rv>FPl78Jp`N={(d(?IB4499gEZ+h>B&iL^?+7{m8 z^L4PgfFWe>1FI;8bz2BOGj62g2eSv}Jx(+soJx+^X#Fc_)N54BmQ2c@e!rxgxw}G9 z;Z#L?Xqfoi#AG_QK>A|@-_Q>@^-f3bsA?Z{ts>M6st?nu4~U> z+qP}nwr$&N3=hm{L#1c%VgQzy-+ZR6^@U?1F z62$Z_FwFP9%Q%FKBy95Yp?Z>b5N5V~(sipK3u#PEOZOVq*PH9t>gZiIr)R93 z=Kk@_Qa+w6OMBqfb|0&0+?hsNR)s^O0I7Jh+K`5tT|du8(%&w$a!NKJl_VJ}80$xe ziL(Jep)V(i+_&63BrI}2UT}O*xSH@Y9wtjNKSi8vwmephGmVccpohR&uJ}9H`F9LQ zy5gYq^-6kwWzduu%~a|eSCqH7vnyO&+WuCN?Jh4(XUZbFqhR#`ZHP;cd2|b)-CmEK zX#&W90MECvcocYem5rJ+iYjn2?y(79qUtTWV8KrD%jei>GLCM!!tsqp1NkQtyn&vo z3l=em3xy(GGum==ws+u2`cP^#6XaK?b7g{4lYNd-f zyXqS!IotufsL!*Yxr9AQON!!wS5-o(pMPnw4XDW@GVm_P34WMz>wW3wFM{o_|H8-^>r| zUkv7*r+9OqvofBAZLT)Xo!<#-l|-y<*m>i zLv5610@u#jpd~Xun)^4%>!{&xnH(`*H~LiNtDZu02_LxV9zP#0n_1x)^5sX`o;w(1 zN$lb|>Rr@fCtd0jPIU$XN$>2$Q^Uk+j`gf%+O@>jOyk&$P0ybZkEOt(;%l86OiSXh zgC*VK!Zfxt_4Uthv%9Ce4Ni9mH`E^r(+R~3|3z>1R^<}ltSxu1VpR^+lg|86<e8jd zCqWwl2g5ilcT*{@_F%&Z@1E8S(*E@J@o;hS`#OF54EXH&I|D z36nI$+;l0xgFA_DG7?Ipu87jw!jC)kBp60IL_K@z$CgZH0eJ54%n4vWSj`dsFxyNn zTt|T2)*k6GeXTe*_34benJ2U;iPwunL@81sr2IYxzLmo7cuy$gSi*?t^o2(0{uR zySQ9KewN$5*~IzNR9|4D)oHZBmDP4cz555j;x%@1T0imr&ff;cwQc_b=YB?pe*#1L zNVF7QXV}hnxdqg&`b-i4QiRrH_BXE59cGqmvT?Fjr>B^~=y3A4q@$F26((`<3)7?8`xU)WD;zwx2hLxTq3ScUJsZl z&XvA;orhHOH-qfTd^1s`nhi;&NLhpW{{BC%Lq~0cjMD32X=2~CV{0vU^z$9dG-9j; zHEsZU#RKPlYWLH*;2(unqEL9w7Z!Vaven zKuGHcN@v_569mSq$*|RZUCRV5jEA<`SY`gt`C#^>$E_j*J+7dKE#Hc{~!H9 zM+dgTy4Ix!2QS~S1(C#==C`e?b1~jMn2q&e8%^;7&_Xzfj5S}9BC-5#y~Q!$6Ut-1 z!7+-@DbN{f@|%Ky^|O7m|32;8`nrwPBLe}`tuulDG!E@y$!#-v;ex8d$Qj`0m?b2# zw;&DyhpD=f3|{q6t*X^IbSMNDcM}70lgAmtWDUdQ&4j797<9IkC^J)pi7`;5{{XrY zwNm)60`VVRo7uMApb^`%e2OE{L+vkQvQZj7}G;i|_>`1;lfbz1Lr<$fIXo1hJ^ zYoXAzI6bfL5*@VwApvPgIAT4nWcKx8YCx!QfZ<+D(P;g5H6Dha{$V^y+G?e661=UjLV za06&bm5Uvpx(qL^8&I4zFmJ>eZPi^%oyBls#)Z>#Nthf9d-2VTbPqXbX?vcUBq4Z| z#0u@jTv9j?62E|ClOBj7s4~|@+Ztp`>j7{vzEERW@jpRNlvVf}r|-GU<&*IN`igWl zaTqif*`}4wUhvJ#m`eFmQYv%FRToN#>BRZcF8_dw)-zT;yx9Kwf|Y@uS#m)J*A*&p zBDF(q@J5JHe_h~vD4nht4g*6bp7U8uUSVIn9*Mq;p8(8-MLg z+$@BH5kfeZbv~-Qbxx=Xg46tbt}Yg$oza(dk&g|jKJM)P!pS(xBnJ9gIaa(aZyfChjT6NoWjL8I3W!>dz%{Vb~vhYGg?~(_Yz9r;A1%2tIJ@l z-h*B*$JQC@gvPZ^VYictE^X0b%~8pO8+I8jmR&A{i?K-(1Kqd5ZisLiF9gc& zGLY3U+P&2P*a6tp6yi1uDcJPY1nM$JC`a>zQ&)hBv8odBsY-4p+)}kefAsl(csY4K zP2{V4jE@4_P9!TmE2vQXGPG2Lz-7Z6O0d=Y!>~Gh$yu01s(Wz;$$7UyyVg*dCX*IQ z@v=I-to+OJ-w}-@{m`(wU`wg+wa8b-X9KjGe5v`b9&^wI@9;tJp#=+t(|ZkgH79Ml6Py>}AvIT9TgF6cpv3K7joE<8${* zM=cwFfDj_EnP~Gu>=#irD6l__zR}O;rP>!&;3+MB-RE}%fMiHfx&YF#QYziS>aVZC zwQh_75b{8LJWj4;a!3)*su0a4*Z&SnLHChLTF^Rbo?sja<4Naqh^};~%TD)^jxTnG zGgmxvkcyK7tV9t&>tH%;j%1YS;jr51F5O^AZ1FE?A3WGSl95{w0oR7NQ5aKwSslb( ztPAJVh41L)&k)%*Ol6jUmg3aA4pd;m?jeU2 zuT04O!uld@0>HdJ!KMBWXZNRaO{D5&dj@;QIRJG>ygCal{$Viv@#7jJ?eF}dinrzs zq0W5^2~)(AfOc1ZFurm!#vP_YJd*W~R%;%Z);f1bXv#@Tq_35Y3s&+$FV{q^U>Gm! z4_M&q;`uqA+TidIO5iQEha({#2?%X{S$WJxkQ~qaDG;tCyze}}3w}s{bmk1IVeDnf zweJNll%!_9{f7_e3Q13y(=ns~6%mxSujhM%?lhBRjj1j#tX;DZkBO z13W~hwV@jK)zSOtIIk*R=m!Zs#1+t@tCNiusrm9=sxJ_wOgh^Tuf4R64IH0=8fttM z!7Pondjw3PR6BQt4fNYn@(c01?WTjd9XYVgm+pH-sjTKbM(48Q2bEl#KF#Mr#_g-X z1WNL_9@rk~mt0|Ogp?|mGhNa-AzHJ@^4BH;VL%->Dzn@MKq0yCLQ*t}3&S(jTOc;m z>3jHXY9t@y>FQ-+M#1+!*wThnI!4{wx1g!@F|r^eV1zu_*52~gebQe_jG2$eplTgR z;;42-L)5Q@dL{3J=%)MDQx71?ez3-3%LwEM4nPyS~{+9|8Ta)XXG z9=wWNWO~?6siwCit!F()cZw5T;^?HmR;~CS!fr?~jflNonLbmAIkwha4O^MD(}Q>Z znp#0Vj5pMpj_d~|bPG+RPJNEhOt%$^NPvHJ3A9sv`b*g5#9R^em{QB+q`$1VLUrD? zp6l?ww&MK3gU+F}5$g8VM=3;CAM%3*bz!QpSd}}pdQZez@^e*fVSA3#D~eGG(eQUv z=MgL4CsB4lhTk-9a{WO?w^Ow3=!C1+jADQnHlf*`QM6R#Rq_*E496M&m4<{?5QnI% z+gwhvCv-ej`CyRMrc#aFcnqsvMoF53TH#UwX1;XZ zlv9?MhnwmRS#!z4pChIxpd4|mp<|*{Yn67V2nDwUNEX1aq6s3R0f*28jaG`WZY&$s zSAT1NCN})bnRG+eFm*;L7m=YRq+XyIO}1n&jKL-t&gK8*>s0iv$sgapEdc;Jk|`CR za2dv4KL9o~G-!UHanNSd=CGw!KwEtR|9R=xiL>`D2(9=|W< zKE(-2)gQa(EwAEEmV9jMYe`~JomI;eG!tcjbJdwQI`l0!VRB z8o*V9UNk}9&5&i`+S7Oy>AT&aFexJZH+lYLvhw?Hwj+5{5;v)Y!Nw3$ z8ri_hvkfRdPe%gBUg~Erglrq^j#YFIiDbwgu~nuzb_TVUnivU!(3^i!XiyT=w=|NW z!(Lk)`xuKE_EGoW%Z3#J)#bA-TNwJuvX07w90^2OmVfzrv|3@fcdNI|FJCwH{^jfS zh1|r=R{pxFI&Ge3oc}C(zljC+8MsM2Mo)m23@@Rh+7ApPtNz2+r=oCIr}J)t*gSV! zVISE$=ftc}%#$Al7&romeAp?)?nVAISYx#tc4FKZB=utc; zpBxdjj}Di{vf1s5#JBbV^;swwV*>?ccq9Uh?-IN$7_|fAv5zxP1Q{e9tCo0BvijS) zftdr7iY7GK8QiQ=7togJy*B*^uwQ0_EZDj>Sjl)1vA3c8g%uY?qaK(5a+4@*V6lV~ zsW4SEHVTNV76JXH(Uci>zD=71NgtX4IeZ`1=HGeaK2`*^%U{->99qhR+QiQp&?a1b z2g@$m7l<-z=i85nW+D!GGS99_oN>39RX@Kd)5%=HIH~YHXN`e;yaujT)cBdiMYAv; z5xW~MaOzzWorAJ?pU*U98!D|g+v)1yu)PfskR-E~}NmJe@$5kG^hu zP^fIxO^NUzWXDTGL@=D)3{NrJG^O_7VjX*KZNTfu=7r{Zlw1z2Gl9H@+e8 zUxdBtKZJeCV>+BAt1p;gwrvUnsLPke(ZJ^v-N{;oqEV_B|8k7M2;+3M#Tz@gsmX2T zqp$bf9|st?5yMHBdAfI!6Adx=MsI*q8FNPbKJeH`k7;w5VNX`ZTwjsq@)xm>GFw;* z2adE<(ZN`V0O`0wbbyVuZ)M>MY?J6P-c0-I(%ZB!S+Bxu#ShIoNVEYqkg^wjO?h3} z6&l_AU&emWMAm5&-i}BS5~(K8*7XEubISQs((z&SUyOYut^=?^ow=z*&T6h{NDZri zpK2wYijU*75!1QX;xfgRoy3nWiL}v?kIhn6nPH?hD_++sd}3(6ANn}EB(l)E&3Kxo zTfZrOCDeyjAIO&QXTdyGc~zpL~3nHwc1{DR^404;eyg zVC=XojN=)gtW|CMu8{%U6l0uM=o_ShH^nZ1+iQ=Yo6mgI)sO1bafr8>RQ2Ki7dS{X07`|K$k}?8D!GLN6 zSUH1(o@Me{P8~%?kWwTQh!5<)22Sb8kh>i*?a!@7QG(kjxz@OYwF+h-f3xb%F2NM5 zFLA2gxseu^VEcw#oq~^K_mHkLp5?a1KuiBn$f+un!=V(ScW~z{h-Ss*OC~Q^t;aO( z!sg@9SO;WoW$;WOnhKk*a~iz1bw$UUIu1D5Pjnke&Y^Uiv)n$0$><-HNx)zc0AZAW zOI;yyof&~|%a4MNC=UJM6|atx9YQ&t_t$Y^+pX`h+JShPcF}ROc=gK8Kd|f@6?AMS zmdak3^vr#KMmr3ZM=nib%r6_wG8&pPko9d$n5~~g;!JJGj7UW2CZ@V|m2fWgd%O4Z z7D3f=A_~Y;gpz3pm&TY-Gllsp@R$`${jflXV*;QCQu2Ks(IN66$tSh;mDWPrApJO8 z)EKentk(^+Z!!`Bd>b4}a~7X7s>!VnYdR8LuCpIZK3>^l2}iJ#t^@5%d37}lZg$Dd zk$buk{o#@2H&76<03)~RPF``S+9p?I>~v2vRSzO_Z9Ak@r?_)sS9pm6gn2Msx;Jsb z*khHfIXXB#>L604GZ@ZRksZAyz89&M@~5fE`n-FM=#mQDJ)gtCw9+S$m1`X@;=bhw zjjrbt$=0Vp=ktt&{bz}S5p4kDgQIbMmYOL%sHbeIe%i>24dzM}r-7j$xMO4E2PO8h zRh3#R+wf8+$<7N9Z7A$W=UCNF59T9GE*NFH?NWZ=bZWVsixDM-zH0$z=@L|9iY5~CZj%m)OP0`NbWo$^1J{pilO z^kkm9;+Ss9U`X|u{JHunE}Goia}grA;Y?+-{3b92JSqZyv#*KV$Yh^GAfq|2{VF-r z+sE;iV@N_$VRq?{^WwC&n;tQR5I`UW{QRz)Jr)R=<|?kX3E9a(gQ=z%FI9lP{jJb! zgba96{-jbxj#@~p8yAo-og=&>Js1UibGRIl=%#(D+JhP$A8khG7DcET`F*!xf;%fL zZXD2RDDDzhMdQ*d#%3O5Z%!oRaDMJBxCbm@R2)cGWe{3{zW)CFdX#Sq`>FK-!LZCm z5!64o1fPzBRJQU_9-^7Lqp$$=MKmzFnylxH5yDilwbb{Fk$?bL9q2iI{!{a9#xLgA zkg7ADKz5C6g|!R`{STBwP&1GrTMgftqR~D%7deuDnS|sbqmD#5-zN`v(=~m3@YAjX zn?PI-iUQF6)6kuAOHgdg%h4h(2W%C9ozqhzkp@cV@y}*Ty92lhmCB#rvk!dKcgijM zWbp3R;xAU)4Q?G!*V(16)a4od1Zhn9-9A1wt?XpPrd|A(_T zU1}8coR?N()I4B^Rv=11wYX{BEq^gllIlrGLF!gU|bA`JNnm{WHY7-w0Un98x<4HyRnk6v6ob|>vWNz)MZSG!=4;( z=d$B)o9kevmbkR_Ca3>)Bi0gvJDX_yHePAMj=|%_&$-k`^FkT|?w>d10f6c>(!wgJ z%>z-;d|b*CC2|eMidKUn{qCRBvA!U@)(oBGzPp@gzSK{ zN9(>Fm24@scY7|qT!M%u8VipkgMq$+X7tF@)7tkY*Cn;Qiv1=^sd_2NZx7#IfKdXG z@e~PAo#bkC6$Dot2)I~5!{&Uv!GPSZ5;)=J8d6>{o{Hxp#C437&%0o#1Wz6_S6~&) zkLZ=5TAqeF4YrSl8H8}8x&*d#@_#G@-CFM?T7iUpfBRV3y7%hkTn|cvg$4%G{t7tx z(-g)lgB&wSk#~%oWymaQtJJE47H_iHw}q*yiPv-;2DhPfquyJ%m|Fdo{XpN>IfX|V zBf_#|a9A9RMI?ykiX4XRD$)z7qe&1Jl|BP6pwgtpvCVjWpfWS<*w-x&2`Sm zM{*O)`s491nuOc`=tGn0NypsC6H3fpDjuM|Y~An?b$-fV&(<|j6r9li21440(l!~j zX>Fzp5J0}s1_d-F!V5Ihbip%g(PXa8p$NH_t2Xlw(1#YiE(a`-rW=SsL_`!RnG+bq z(%hgLKRXsCp<m+6O9u_@VumJFRtLib13`wLj zhVW%8*Zlqm-4zn+=!XR4NO5Yc4F==#vv_BF-T$*%rbhcpzhohkKCnf4E zGFXsS_l-V#tL~~{VR-B!;@I0YjgPAen?A~E_Zp+KJ*UrZ=D13#wqav;$UPMtiKH#_ z^LomtkN96Y*V+xYMv+qDoN{&Q^I)pZm{q(aX_@hV58Uh0ietn{pX)`4WgYg!Zk6rx z$D{#g<>T2PJ>uE%NeCRdi^)v{PeB#0sq}Exa~#9bQ_AABe*_r{Bw^r|n@PhgWJ?vj zlU7_0sp76-sc#L;oP3RFDr?6;|Lq#;axeIrZ7Eoz*!p`fqugb^_Fo3p6hj#paH0U-|UagzMphFRw zq^p*OLO8i7+mH~|R$^J&O!6gM8(G&ds@`GsLmw%up7E{oM7j#$(FtcK&PSFgXwEa?nT83s(djpw(b`-*D6;eLeL`vCbqdud?Pi z2=x<;bZW_4^4dK+J3hYT=YhNyv!A49c;On9eWSVD6*_dFHC+^B4w7}^Z-9(F+v@xl z0ux5Kd~{#hsgkV(_M~uGBs$i*8D215tAVt)!9Em{-s_>aL2h4w!q{O|s}aK~*=oA^ z!sfZX=w`rXY}dVG*Nor9N4Yag$Zb_H^&g0v(*ue^_f6keo{w@2DT|g|g<`zl{L`K5 z2Og$btK`~l!r`p5F>v0!BF$OkwyK30{?SXiD~MKU-L`+wgl$Qv^HQC93tp-y2K>e` zCVGaiv#KL1ZC7eJt{iO5jZ~1MJxK^7S_b|1$dI*{O^eruT?L#PFM=o|8*W7IY70ln zYTA|ep!I%<$l>XBm$}xfB^r_4G2xWi@QnOe)tm-NGd|!eb~H1KAm*wJRBz8A`bKyV z&bNuM5kL|p0Odx&Z0*vNenk@>ZR}(a3F~-Be<}YOvHwNJ(c7@&YV>V(-3;CF3?Xq$gSiviwnCXU=?xZpjMA_NQ_3R6_1Qn zv9n2RAS^y0u2a{D5T4K?#@ythc8hZ#v{l9!7B44H3c=_*aax31sTuXEU@W zw=hR|cw^hcMu-0zF(+-8U%X^-_ zB8F5$R&sOVLM0=+)0gJ$SVC6^FRe4T^0bh<2!>_i1DDwvU|UJZ5j_wEDyl2$p=-zB zJB;y|fX zc#K@ep)SN z%WbQ@f1TP%3!)EdTF3(Z{ThXWWQ%_4aGM+hsyyKdW@2F_vKV8=$S%*$b;k)DGsCnU z%TmuD2y877E^)vn!~_w}31=aIw6msH&I%W;xed#gOGyz*t*Z{ay>BUfeDUakhhDmc zqzqX-PPFDj%61S1VS9GO&fJkK*}uK6BkkXF@YYbA^aPEB#`5x^>j*OOa|o}l(6%kL z@JPpb@D_nb(-TKB1H>%mh@8UYN|FK)|LyS^g`-QruS1hx? z-Xo2KW#niY@|^T3NF8R55q5a4uI{|HI@%wWI@Vp=ay_&__2Wpup9f3s@`FEffGa?T zY4;*4d(s|NKvfbo4mOL!6GfG53BvmcH|i!cCO=mTT`j2n%0DxYD0&-*H17w^7bxw zwCCN?zI+cIBA_uk`;0{^2_uQOxSOga+TE!)6St`_47ZiFoDe)zJ!Kk8>dpJR0}ZUE zU<)ooH+FCuL-l5rfR#-A>blVftYkDv4KJO`pjbqJ_-{JadHslf3ca~De7RTVY#7gsdBtkue*J1guwQpq$DLH3PPEli1)(9FWsbWF! zC31q*P;M^wu!vJ``M}C`z8c)uokefV_C?WVRN33lRfZf~k%_CB)<-EnM|dYsLaumb zP&+tB1znYAE;}?vtYlJL5wC9=7a5zUk*XaFXl7wz@f#UI-@(li(b%LQ;F|#;L}vew z9*q6cSa>+iP3gP9m`_mSimV#ZxMv>I-rFQM#~Lk1A{d`5eR=PKLhV43fTB<$4q~%n zk&NJbOFO<}031c~EJa*<>+2R@FYu2pTQ$*lZ3u$0FN0CjlV!CqXSFoKWqwncaF?kc)-89_>q(ng#vCNRZkW;%M)5n;`)0l=yDHoQ8?QebV5rM+% z%5@ml#s>RReVy|fR0XS|yN%G$s2V5(Uki(gKw}-n@FF`3-}Om=zR;elR?JDcZMxa_ zn{_o4x7DzD6qk+j*ICFIn-*ln+$GA{iUwCEV62z_hq@O2MpA~8J(IMUZVF#1lEMVS@DgfBg`B2%?^8V@Ne>#>R1WaQaZJ+d)XZ3|MAw~MPQ6paP$smY&< zpfERj5OXIUmJtvWBexdcR^JGh0EQ%}iZo8G*f;(RJP390I$#DESSKBkc+%gXq5?N3 zI4dU=D~)=kdh!jgv7=={%#hBPn_@<}Gy~Y`)GXUs6WMMQ(-fBzUW{f%O3~jBn}nRH zG#TfRhffaQvGK?*H;--wle&uKES1`eq)u9<;!elasyjVeiL{SO>Y3T;@}~Km_tU*XmrD1eDl^F#;*a=>bg+=y?y*e~%}4N!QOedhSW_ z?7U=!e55?kb!YZmT1KcA!suZ{1EgwWXw4Zz=~W3SZ453OnrRYKB%xx>^eT?|M9{Q7 zkFt~9oa%Vpl+T~0r56TJ#6y+Hr7`5mS~OQz;WeRmeUtn?D5UgCU56<6K!JS`aFPJy@lcT(n?A4f4hA+>YG(Hml! zRg?tnM^LrvfWW^ht@XJb_%P@=)b+-aP-BXY^~m*n(ZUwx8Zg8idDu9B6xSfPVX3?* z>vTkb7`tAfU`_Fnmf(6t92#jH@qnajBY(i!Hhx!?l2N-}8PstI;AgMp8wgo-6U5gq{Piuoipr;xYQ6w$b^nx`1mf1M%o3Mw zP-(_GJ-|65JOwzwhm#Z?zf3+O-F)}fzS2kZ z>0jW`n5BXvBWH;ixBa*ms zp81aaNlioeAwitws6F>-;UFHd@9KhYGmW7cZkICYq0xw-Rw;x(qc(cUCEL3RvZQ$f z28W?HZLF0BjB>kV_5&OFi5f2brLM9PIZA zOuW@^*Lld7yZn3CO55jPtP5}f&?^z~Xm#J?bPqWMboVEXbw{Tg6iL*q1nTp?g^i!~ zerVHh{TxMZEWiql=z-e|F1D~h91!i_+U%C#c6&Mty6mUG`b;N&&&Un3v@JWQ9~$UQVI=$k@L$@6;(%CMLN@Uxo@E_Vj+WK6XOI4A)s1IWe2o_=~*U1IC?ojmaFB zP99_;>}Z%|6JOjmKA5CQKud$|`ZfqnTL!K^P`(wjidaH}@)7S_0R|IKf2p$Yw?^j7 z1UF|X^WsWAM0;#kIDCSXiRo&akKox0)C2lO8$46FgNy4q4i>Iq0EOLf^k>QiDLN&ZZd~ zN5X8wZiWEFCEK`;nG$?zFd;(GA@^lru0pt!nlY*S&B!y5%I$bZ@J(R!scj*>nHV~q zmWT65%qTwzrXg7g+EB`brWEzHwUPr|l~A`wRFvsFA(Kmn1r9Xc$R}^Q?cg=R>5l!*zS3|G|iQ4)rn@bW;Db+a; zonEd+LH^;isDBO>^94znj1>VWJRx_vrx{(-R=J1@U`xMn6IqA_VP)4vEP{ym9(*$O zj2T6zG_{>QUXo)pHHT+9-ms}-GJQBF!*E&~xYjaaeGzn;?5*VcP7QQ5(JKP$L3*LLIa6i;}{3@|jMSwg7}_;?!3bn4D?vg{|n%OMQYufM4#!)p6HHVe^gN=>D+?TQ}$)VHT%v(C1s)@p(BTWvVK%Vrb-KJ z@+w)lEU9s9ss>)x#ha}K((Llnd3xzGpk}2bQG`MB@Z0yL@&b)a3#BjrFnTQ0gr(3A zrD%Nu66ThYw*V{$UILjxJ0ioPQJe2rQ8sF49(SuqMT6siQDB!Yjv$ftorXBU0frIB=L z97v+UP-adS%bt~A>6W}o1lG1}Xc=@v>j7i}0lSPB)D*c(XFWW`IBibX*?D)J@NaVOXHikTs}?OO9$ zUed{$k>%+Xt8u`p3jIGGh^Gd;6KKiR4|};)qpy>Rt1gg*@8ykIn!k_)$!SfgURdYr zJD_qNo-g<8hDV(b#0VzUU=PuDno}LqZVf7G1R016-d!Z+Yy50c z*u^Q|L}?|_Gh`#` zTHBgeMhKz=`u`blZAcA_5k-BE`bXPU5*sKyKA$>a-Y@!R@zo(r5P+2*%gcl*2D)8KA?xM+W>yQAx8)x6nLZ;WAW+=GR7 zcL|8gYYT&wAuD|DiYiSdo45`z>xyL$z_jmi7?!dI`p_|sv$a?&p>vdFFvJYL*C%of zd@rrp`6E)?NPl3&x3E$l9g)ILeu%+WHG>RXV64D#;ak#-QxqoZ%9i)~eoX!OZ0_2HL9*_pUx(FA?fAgiNS(tG|H8kM zm<%p|<-^z=AEN26nq_{t_h*cot<;2ZdsrW>|2wpU1BsRpt?>St1I>Uk2Ui3vIRjyj zv2X%fifW(VJI-$gi&Cd-YE0O2(~hGAv)gx>xs7YX=^qFntb2YR@K=xX-2*m`(h8j*bx9eKUA&7 z9&)BCF6Y=EkE%%`PuF*4unjE-o}LdR>l$HeR+H(cWqMxeVMN8OqRVU(v+x>IWm2nZ zjeM!GY4bia`ZjEVIJPr8D*pJcxBcHVh=kX>#)#>1LW!fUiwaA)l$GQ}gn)+n_fUs+o7Y^c_jaY7Jal!6i6S(pjh zQb>LgzB@(1;X^E25TpCi7OFe7L@B{EXP+&>@Uas_w6? z?jNQx1(eMBxq>J~#z)eH?MoGonx##%H5Ji;O8)pIl#Iq85N7!J`iqK?DO!q>V~$xi zZruo%Yw1CK%kp5LLgsMw-{Yz3;tn%=-EeD25EACsp6eK)J2d#>LW{)54Iw3Rj?cTz zxXLE+Q*2oYl@IsrW=NM^3`%@BE4rGrVJl%PQsWJb_?w7y z!^(^ulE~0lm$;TAI{ANlsHadlNZ=+scWcwg_W%cay0;EagxuatYd3- z*sK#pmGAU(njk?1(;6DJDohNM4?oWl#h}^819|4Xt)yPhSW?a^bK!Yxm+u=H)**in zQcj%4*AW0L@i{LpbpuOd z34sq~%|ts<1xE^H?dp!O`qK>mecX?*jh2_lO+6E2mWN>-gLlvK#-$<@pT{p1VczyL z5|ps(^W-3W_-;-=P{@AHuz+YFgzQ8tT0|ra#&r!#1T_>rVsFw?MM3G+)nH zxlG=Z+QLHa=1W+pCWW(lpik2{5e!g&^jkp$$2E8mn&7e{loNS%hbwMasnEB`F_Gt0 zL3}xPKkcXA^RHYNX7avPHbaw2`frkrsLnxkr4{d?^=Lw+G{ZYoJBUcFsCsd%!o?>x z7+U}ETlBgzpK=Ym|AM7ZQ<@$4+z7YYQg<&b!6FpTg*MF1h!HZAYWn#%<_`^8J*^fh z*M(ew5dm8%p;1kj(C@)k%X{0AH5%tBb517iUyt0R=?V44p?*0dL_mKw-SuDoX9kDX zubvrnk(@4H)X>iuzd8h30vmAU$dPwuGwtgbi?dTf*&;O$N9`ZKK++Cs zOv0yg|6Pn}WC@HH0>R!fIKf>d_FQMPZq1Tu4WrwNieD zfHtX$I2J%xB?3u3$yn(#zuX0wa6=YcOx)Os{ot9o?AZm>xjK|nItjrkF|z!deKDKD zcl3=9J|;~Kpa4p=^sQyF#8@bSWyS~^p?3;7Xcogz;{$#bRqbjIE-$46hERxy3(Zl4^8-u|M1)>{3~R>cH-q4`&&{sXEf^D#cY zwrf^4^0m9IC-3&+L8UAcBYw6K5f5{t!nu!nGS#y3kd>ZVu}cmnpw5%xx5ZMKkKzfl z4#-27?b$g|;dEQ8Pl3LXB-WnP>+>iwYgcg_I9iB@E0m4+Kt=c*;1k~5Cv6)!N}lM~ zO)6Yz9Ik=&k%u^K-H!enPYU4<|K-Nd^juJ`dcH$_746zDcN8PnzBO6Nvk<;hnNH!( zgXezheOlM{EL#hKm?l6=cLNSf131zm)EF)`d}434^sbTQIepiyP=IX29H+~4%ityF|NuJvT0emz|d&X`~qDGX4X`Mn& zw#Ati|Ga)b@9%zm2GuLK`fWDbeNh3`A{EKJ;xW!JH7a}6BSp%QaBL}uLYy|5Sfs9m zD)bv0HbuEq1}0xy{^IBGO*6Af(Wb9>&@-9-6J;~?Bd|fYu2zA*!Er{dDRq9}?Z}vc z5in(M$dpyKb|Wi0IPoThARY8KeaP8LQJp+c!TBv05VUPHnw zx+0;Cvg4k#+_eXX2&g_1Me7bI4-` zX9g#@edo=>)M**wmct2@+tIMo?*}T9vvH&6_rt;=r!=7|Ih1T-DmT74A~661iF{+{E9bj<-FqccOyEF-A&@?ht9NtRdkM!c-btZ8itfkpF1LCmC% z^iT&(20JuN@;~H8yXtvGow#prKE3U)gfdeNt%bXMUQ)Nv#BU7b(BCQAaZ&N&k^D=X zjcs7ND1WR1D_*h2HJD9wIY+I?Zi@WY%~_bcw{2Ll9*q1`6el9?AscuXq`^%&O0fF|Dd`5Ca_QIwZnE`MgLJZ9nyynhM6Vv_}*0x8pAhk3(uq7JH~td-c(CBh5W zUqTOwr7R?2tJLn%6f#aN0@y3A3ADBVMiVLuHo){fa&)rc*j$iQ2kRbP-V>zngHR?Y7&l=fLZh+BY@O<{A${gmJk`=AWa4b;Ax=p}olfKhL~&ugnE{!{OH3Yw$c1JY(p8 z<+C4KGvEkD@{|~Yz3ztLVgx#o1#j^EB2az#Ei(kh5d??fu`&5*bNfm}s+V|o%VCf^ zn*R&sKpMYtiws|fgzXpFMxF>6o;(RUJQ+fWCqsv)BWkckS{pgIBOMNqxO1$#Wk5$o z5cUbqdre!?gy*YBdGgk8-G~LlA3PD#1?2T8Bh5HHn|QbzA814F$|4aP%x!_#yB>2G zp=2Q$h0Lu7+9?lCLhK~OM$qUNEyUjU1B^E_ZYyAMUodEC>8|?oIL6W+oGmhjcW5}I zxmmda5JE+IqWt%Fht!jZ);hR_NHKrqw(1LVptYvS+M=1_F95{Zxd4>s+UA5%ovbbK zwB$v`$e$~`gHyI#vPA!dl**Y{pndl)txyO4?EdwaHrc~048PaC$s2@t0}Wknk{drv z3;Qr+fU(Z8213vF#*`Rn2qg*pF4Ua-xMsP(kXBx|FbaJlv1H`ExG{@SX6%$)0h_A- z0usS{@#c{wWnZ-JAUn4ea`st2B>36-eh*!l*}>W6UV31I&s`v?#iR$ke>eJV9iN+V92v$*Ol zM>Aw^t~TTiOGKW=6l1*IeP=fd$Vh1-1%bild-m?~>Nq^Ng+=V{6idfbszcj=AMCGO zQC0Y|0`LouGgqf_PQKYXJrX2H1O@KtQZaqHQ^5y&^p5#bNOsR8d7cU|$FO^z=ofuk z@Bd^{z$VMtifVpefy6jNjdqyRio7Jxp);fRu#{8Hvh9nWek}|LLVk3A+$F*CTz~at zV9W4avsI_(6owkHPY{Kq!3a5H7zHY;_2s$j$2bg;S-Ol5#-v~T+#&?7HO zU6k6dgo6UG&9iNMvUXaTqtNPc!OX?U@)U(GR0A3v*eHOaBMRWO8)MP%{T0jML?ci; zkxZ2t*to1C1S(osU1c93(i@^DJyQaUG4y zg&+$%2%D^Ltrb*TKG?#1?qf&{zsypn+ZyI*J0vGx_rOF9+*&vpDGIuRJsB~l-B(D; zG?N>!!>`2y{*E$0VO#a;XH{jKwNTo^wK@V>%rD%S4|GeY6lI=Tv3B5&dABpj_aX-d z3KazXDiz@J)YNSDSMygd_ab7y`rodN0oO9hgJyQl9^iKDUf-9Drr+mTj8Od!w-CGn zphRHsl}3_+KRrmUnI|4RU(&3X?F&iDykavini3wo7@AJMR<6p$p6AORB-mE<@v1h} zNpBhJ2I#tf)ch$udq$pPOCux;(I=G*ESH_$o5vzXP=E7SP+-!4v7x1fmQmT7*2IzrV53Tx{cMtA)ZTh8^l{_64`@=ba;~< zZw9(;MM)lL5Li_U`{OD?36rvTq^UQTrbtLPgg{%}FkKAy%CSqfBAg%^L{=mKrN1#8}G$Mom3{w5FIBA#rHK)kE zM4Hk;V+V%IV%Z&dxpbifXcF+M*1BzKc9!kmFv-wXsdw48!tr%-ma_XZmC{$IFf>>4 zTl@0}^hp(Y_Uc*X1<$sp{)}r%EQPE-6^1){_VO8dE+mX5p*hJIy=PAOHT+_WmXH^n z;1l?G)}Y^iF|hvq79lby&Xdj>k%oTHj2!sU%702{e{?fAS0KbHFUDB+$a144wnJzbu8G(@25%kWlIFdVWeGY#H+ zSXi^tq3gR~vI?W8Ndl*uyk_WJPrr7R5URfX7eaD|>*^iE8>U|)*CH5xn0mYLIa<D?yKEL}DC=^z8I7338UB5Yh z{qD_tlm2!s9%fq1O2uYe_uof@`14VzwZoXYMXx`oO~mhAv?*qpQk!()JYPcSQzB^v z>p5W3S(aIb6xWimQ{NsEsEc|0d)k{;EE^6P+n8jd*)VLVkgorvTP>c~hcFQOsd`hr z>mqFm3z2ZgwqyV>WGSTCZL+yPm`-52XQg6tZts$ha4KW&5*W-iTkcD!YqrFiO3ea6 zgqC{Ea?KG#I6yK>j!w$i!hj!vRB=c_!)Q96XP7@ePk^K|f~^PPV$8wVi?2&}NF_}L z#C1qmrPDZ@BuzIw|16H;kbo7u=ZC~6o~M2EZPNAvS~le;eB0U8E8ib=`bV#xD{|)> zY!=yrx*Vvd7Cm{_&3ksq>Z^g1r3d z%P;5THJ4B-pF>(m6+l_I;J;jGLLo;6F6y8`05iSKonXU=H+;2*(Q+uCx6F8=;Vbr# zWA1BkoDk(^^Zso73DEMCWc-eirTR{avZ%`-WB6O3$AspP`U3-~S4A=XQ34nSj6%Dq zrk-?iN*GPnM&X{}(ifChv2(Af?h53u#t-q_O=h34)H`4<0I`tb@3`1J4~E2etPJ7~ zVP&wmb?z0*y<=Ng8*^1c>DcgUyJWhKG+V&BN+AKTJ=&nSVYTl%+S2T9g?pyVTm1q! zR!D%ctOy24U0$RY%LxI;nCs=*+I0$aS}jE*Vn;Du+QorDEHhrFluahvPU;|LRypkbi~bKQK0IRIoPYWm%aP5I>27e ziMuQYy9{3@oma;2m_Qf&SX~e~XPu%r_Ps}BQPuMSjPitRSoB@ycvc7d8SGySC z4*1~Vn3H#wvzT3#6S`0$D>Zgq|7h7x)J}pyF~m+nj#G8xu_9phG1Vi<0N1h~jyt@^ z0Fj=-3-DITMO-CUCA z7gef;b?lSNTr;_(347tIX5qLYmnpHPd78OA5W*fclR3@cOR40L-hQ4HYwEz4dNRo( z6gKEBHhu#?ZN=8y+w|VRUzCRM(lo^!CC;4N&r|qg3!50*;Tp7xLV(gv_`(~com}`T0Ta!P=<7Z zUE3v5460GzBSSZ$2$W10K>DgO(@l3&m>sP>9|AH$GGucYm==5oG}6ONYm!Nkjli^{oQPlSTEw%l21a!f^lMAA8fOVXz`8D}Yv5zuH}i@z_Ia zF@U@qjM0Vh?IY8r;vs*aGCjZQNgZg4JaubdigTS1^LM%s7CyBQz1gZAR`|)@-Xzgv zZ~q0@+f7>(t1_-2hrV$Z9I8afpft|V>7792h`TZIo*Xt1s zrqEANdhM927r=W1V6^Bp@Ej9`2pUiDf$Np#xj^2mPDw@=EK{ebvjNu$}tq zLuR6@pPP=?#~LvDe*nXK7{!au(?)aV4l=z6#!Ml8?_6PuabC?b}pjhvZh_pgHK z>h6g)P!qTO{U|hnsb4jWie~9+XyQT7L;cjg7C4qj&m&JW#+*msx?V=ET9oaMOiqBw z3GgYM03Mr$)5;aG1n?aL1I8+RcDx4*<|MFr4bo=zn)3_vqRG~e=c6PiC-eEqiSs7d zja%yF>`#Q{iAZr%4G(k4rP6S5*ZQ$P*Nq!%?P3`AE5O)}R&mqi&VRet#amyuRSv$L zXobP^HQcL%)2eH2*pe^ic(_6$<*QcB5k zsJihaw|Yg7a3)#(>_iGzc5<-JRCfr1@?x~~Fe!-Vcz`!qeoyYHR6{c*V=wZQ-*eRm zi5!?{ZS(MeH<5qYofS1ni-A<{svX(o)w5$y*nMgI($-wDIzyG{a^!W1mplfbshZy& z6g=V_m>*vW`ZgNqxo!A@2ua?--7qqO_IL|KBJ;`kKN*yeibkyxnr2=JtPH9^ zx)p2ODg$d(ZGY#DG%IGtgZDESJ2HjdEuH{6rRf##+(5r>m2SNuz671#eg&|m0s@sz93B0lqv33NC%&r^ggZMjE4+v$cxkFjUsX_sp&hle=X0Jl zH@!oqs|Z}?)|WqGpLTE4QZYGOl{`J_1|8tG%Orx&etXemu;229WaMH^^PFYgmAM0! z*k@4oAruD?6pw)P@XN@8`jpT%zYuu9tc(T*tSu(rUbvF;S(%f(+$>n&G<`ZKyHB6k zbyx-#68Xm;-$x@pbgj{YkXib`Qw-5j}H$=O!1d5`k zq{zw@@3C5cwAi*fZpTRK5d!5<2*a-!Nba^Xs*I$pV0j8q;q^`nojsWRK@_%D@J|`w z;qkaPk6J=`|BYcl&O*t`+@ED!-_ylhEi;kaMIniNi!FCFW&6inC=sIr_e{52 zGqz{QyKW$)z;DMvAM~e(?x%Vax%(G|bN$pgRr_AKv|V zM0^5#uLh3vkp3B5iR{Yx4)8IK&ZP z!R@MYcJH#Im2gg8zqz`8b8&wA=JnUa_0N65bWUzXZC32n3hH`l5D!_8>(sJMn%BNq z07aoWxy-q)qLxB}SCWa`#`~B)twnRi^(l&37Il5in&0T{l94NnrKoGo?kg`<@d&Zi zGSHJyM}EL9(yklp@J#}Ts75{ko5RWc#EC{(gjrP`syQLwyTYTV zM!MMn#|b3bxRKVL?vDQ5y{*cHKhSWf5A<@+@_}nOiV3=bM6Tg=J@OCNZx8!4o~y_Y zUx>|yYqF+lU8VKa(FoP4-hV_xe6A+dUc3$y#-niKPrh@FcNDhj&n@)$5C>_X#}5Tj z^+C;6<3Akxl;tTRJ4P2|aWB00@U2`gD6qgpQ>H1;LIPh+K`jcAiPbnf=MEzL79*=? zbY`e~nEW4)Chr2o4I%0|Rgy5oWsgz3KFNfSDuC@$AuOWS1%~k^sq=>mCO2FeR?;b% z1-ku+`{)pHtvY>u;#^;t=>UT>Tqv?YHWV6zE!<#lg=91K$Q9TsAa_B?`u6VgxOo*c zoC(Sqtngi^pWKL83RKz0$C(4M!f%#s5l|Gek**Fw!TaxTNzP1XYpxDf9?UQTvBtC64D2b-|8C^cGfSvw?;EiYFS|xBkoB)f?K#|Ah8@jyo$0s| z*1R29L0JsMYD1>0+HNwQ-<=Y!9Wyg~!iF&BcW$>zMlU>PRE+oJq+G=zM4epTT-;pl6!OBqHO%^sANI_2KeK)q7O2mx z-*+Lxln<9IlQk{QOTB*0RU+!>nnYa7RS!gi`_va2YrH4ByBejxY!9 zDp9;b+uI4lJS91Mz^?{xC-?TBZ4j;5t2Fz|*MIihD1WKav2BuWpvM}z4(b>jX7C_{ z|09<7SkoQS`M*n=A*J3QYJX}{IdU*=wHg_bl|hUBrpPbb#tbwZx& zq!>hfI#NhH4%SlmZ50aN|Meq!h+sd)8e$p)y@FTCTdp)lU}9fTC<_9kL!P{xTwVbz zXYmtFQ~5RCXAX=+g7zk=Vt5hNlb-8s!4pu`ZZEE&4@Lg;6{08n{)?|(1{U*UMXHaq zcYH*D(?Np5*w{!ARBq}zYxb<-t}@G2@$6V}W{U6oq_};!bjT0(=OoBPu6CFR36{d# zhlzNsA|x=4Wg-V_i~JwmGo6{6q~{l(^809-{YRpC6p()yozU~xK?cC<_cuSiJ^$v- zTU*lsLI@CEE#QINC+aKyBz5olfd$IrJTvci>iOp6eQz<}kvZ*$+Hmq^&&;2|2<9xT z?6H~EVThra1mwpjGu`w~lzalegPAc>0ad@ijQ8_6d{R0N-TX2>73$;$T05_mIVBis zBn=xk44f%73}Ujo!#>$Q+S~d!v*X`~Vb@VT$dWHI%6m{Kc1~^Ai}=qQG!iykF;$*Q z9}^dZlFmM>cm`_KTfhU1Fnx?!!I}&+x0v;x@GprO%-#$U-X0S?ci~>x&GqXcQ&?Va z6VMe5FNDi!Y(U)~oktun{DUdMecw8%#X{$F*x);!gr~K4^7>hC;DE zX*t}gf@K6xKz#D0kN{i7F@3p)Wk4I?*#1K4-LqIe8~)d|Ky z>t9tpBBd?1KwaOKW+Gn=qxlLy*ny>0EWx%28p~r*X9vn*_e{=*T&OE_)OE2TUpkm> zSB-KIjeHz}?%*PI&L^VMaYUEIuZBEa^Ej%t_@YH9j$g9(qO^F8L7MC-I6ygo{6n=(49wL{Axr z5gi8#M)(CGM)i1{(h>C&T|{C;pW})r?LK1)OVm$%iHZ7&DK=3*@wKPNZ0D*<^*|Ns z5q);ntFFs-HR@51=r&lndSq{-nNKXpJU&BptNoS(NeA^4T@S}^9*S(LpWz@Id_Lz; z8+^tF+(dOc9F&94s9iN&E4zM1SIv%^R#jO$rhfMBEW?(mX4{B8J6MU)YdWmidA)&d zH#nI!fg?K}QDe}1X}qdL#?~FI zpV$h7BWLacB=)UESU-D_W1Ij-MpY`@9a^-EMkb|pQfecgUx89PR7-KB4%z@k>#M3b zqR)2y#oqdgW7OK-N{r1)iz5Yt!J3SbH5a{J$FtqBbr|bsd_~4FN6E-b@wFL8^xUlC zI9#Q1jC{0bJ;(alPc9o>rW<-$pq4VCcl1T zT9aRY^6O82{m^q%zrGdE(WxK3`92e$zO9mVo+P5o^{u#LgRZ?OrLEQL-~^ve!=q)& zjV3jEwa@K~PRTJhOrEl|>M_>jYhKod3UhK!BujX~8J5AP_;=h6uDnO2ps!fAw1p9J zudtS30>!B>TISIO1lHGr#pl;v2n?v@vzTT7#qow}=JD z<`C?$;1ag=4NF8Gs)JlVjm`6Bw+FY2tbI9BjZI5g)jhta8Be+1R<3hf;*R1uvxJW7 z_FUDgOlVO^L6bF8-n>x;wwaYteY(6CEFK90F!XEWq-;y1&@ODm4m?i%Y)lT-9vl>Y z0!0!nw-A34XF~Ocf)wCO|Nkf=vebba{pn?#>c?ba&ornvd;=EF%*cr5YG{5SZj;x8 z_~J{l7Nt~kKL_#^{0;TK4{5I=f8}y5j?8OfrQ0ZJHS*q%YBnUq4yBM<2S?|x z0|WR+DHdBDlT-fR*s_^S?*7;f9@R79MlFvTJF2twu=KGq+H_>zAZXrB8+2ycBw<){ z_;p<^E*IGEz>*y^=Q@bc@v?Gr0pcIc3|k24KQ6I;XHzV;hZgJ_u2F?Yqvz)U9>c(0Cl@g| z2`AUzyl!%(Ynlp0zR5&#M_x0~1N{50hZ4IGiU-!Nl8f~4+5!_E{x1j*UoJuf_+_Bs zZ|Ew%oQl!d;i$oD4yJX_Bl6p|c$jH1D;1mZK;TQnEbiFW{2DutzhU!+x}*g-9^mih z#=rjNwYg?u(A~HqXG|w&2`koTb|{|(SvDf)TFB@Mc;_S$S!Pi+#FAXFVqJCe^fUTc z27E2`N8jjl58rqaX|ua^G&>XLkiJst+KDuqUg?6ufX9$iVv1Bdp9byamous?GP z4d@w&J60M!%W6Oq(&dqbidv@dj6g2bw=QC1S8>3QRXeJQV!7hr1@eLuZ2eFyK8umM zD0qZU-dnNaxjVPQx-^$GB#TUv!Y7p!l*-=ZbdiPJX-&qT(UsYB4Bk3RxibGHH#cv= zkY46avKP{N7<#5`ISk-8-j^-z{ z{aY!i=hy1q>-)W5W*m~p14&d}`uUFA68~n6{SdfSh@#ABuivs&_~L*PF!=R-T>|4# zn8Qg1O+eZq6#{n`ALyTxaUVioEmwn*Py%5bo2{i=X9D-;Lb{Yh4?n@B}IqUkt zoBPFqyfM+TLm6O$k+eq%kB!MP8lPKK-7Y~c zA5JNXH|CA0)92f$tm@$eTnsR(K?{QtMA_pcJ(lu8Vm8~5Vus%nF@e^UtJn~9x}#grskw0f8UBh zL;6px;ZUvFrqH3SFxmD$scnC>LGp*{g{m}ixuN;YoHnrXd&btl40bv7oVaLaASjq_ zAd#U_qn(6o1a4Ez6S@$4Ku?OLC8hnM$xy{WPb|4leE#2f`UJ&2GY6~ZF9KV@f*Bd)=t&GNtu8+T!a z(azfmzPm+~cMk6TCVj%<$n}uNv#b8TXWg)Sf!_M84G%QC5F5kRx={I>fCLcYfXNov z+}-n_dCcgV(UfFjWy|2-39zieJ>?m6&T|JB55ZwqQf!!Bvr>`2 z{Qt=p^H;CtFLyia(>^+hp)}QHgOfIe>34>INrsvD3&4g*?MrU5-k6fCRGLXtxgZ&} zIk@*i6P_nonS!^0qt-S>`a%XUg*R@dLEO$owqgeUX zWuKRM%49|Xq+$cSw=HQ{bq&P31v4!RCe65wRxcO% zOf$LRIoxxwgn`v)O|V`a@?5VOm$n89*-)KWi!vYr3;E(W>sRK7?N{&pL#BJA$rP!f z`(6_{;?lu=yr%bPc1oEtcbsGUpzIxEx?Pv&tj&EIzv5|a{7H7T>(~{|-1%TTs{VhlkTVOo4nH6)7fZh;T9zm#SmDq9oG+Qu@PCSG>&Y@>YQCkLEcP2OU%q_#)t6twe_y_Qx%=NgzWU=I{^Ql} z|M>eqeD%ja{^83n{^R8rzkl`nm;XUtKJC=;DV3)3KVBaEt=-A}LZ07N;*6vZa};Sx z#iR{W0qLe*`F-Q$KZWv)_1Ct&A|o z9yQAmj>P5ryjn0#U;XBe=jqqvqEuRJt}QzJYqsP$H%#|88>VSWH8tnitMrA80VFh$ zWlYXiET0>RZc*|qWfHznF@~4(FXmtV#sVF1k>BzSQ<`pyuSs4405~#=-I;XG_cw+W zneQVU4e4%V4MjLkoMU|xT$ffS%(&8j>-h1lvlSItDQVUk8L}^)ugZ+d-Cuu0FmOlS zvk&=QE*^3yL!!Q};-|qN`E_lrGVC32(11EPW>K*G{Oapib+)-o+&IUS*2)4niAJ z+p{0mgg1l&^OlVQa>^geQ^XX5Y@&>_9XJYAE})`KRn10=Ik^C~0p@NLLFVK#Cl_?X zvJ2Yd7e6N14TaUrkaU>vKDP^qM}#;Y)VV^oz)DhK96EWjaWL`FaMXIt8Ldy~JVIv$ z?iZGqFKpOk(`W(T?y!pW1lsK+m6sVqXs<@0P-PYzJeS#)FtZ;)A~$DDrrl;Lb0C|H zYEIq@&AujARGOZynJPrC*o~G{v(>h;%ousNJCyi#O>+Uf5Ob%TF3DFp_(c}mE;gv< zg#2K*ZDsq z*8RCDL~hRGnW2i=!37dzCM`wUuF0@L9(dt>U(C*cIkDgMJMf|%^-pfpKPkJAd-Vo8 zr2EZaglN;Ofyd7LW#Pb?><$#N-mUPlKBI7q!yI}&7yzRsZuK-vQ;soNSCLVxkzr|3 z5o7GJ2-c#a`S$x@`L$VeT;eQt;E%J~wm9Rto(Va_mptXO>sf~DYDIk>tv{ddg5fSd zaGFCAi!<04JwFZ(GZck5+W#;kwZtAditg`EW|HZ_C)WOBQ8I0_QRbfk`_CW#@Q1Hn z?bv_5_~Y-toa{dz)&g8iEpBwD`9k$=G|1^JW*?)FMwqyTk{`&Fk zKg~f`R+yS1*7l>A)zT2PcRm?@Cd1EU`1y#2AA3-(C)oT576tHCl9a1N+_N1R-iECr z#vtU@C~OltuWU9|dkj5A2ydgbSLe3LUUn7Y7<mg07oOETVc)pMNE5@G>a8z)U_b^Tuss?Md~+8@uw%E^_k0!o zUd1V%Ia~~Q`|P*Xa_tL0P*9~Ff~sFDrLURt&4G~>aRdR>Pp@Yq!ovOS5t#T zhh`}ZX5)6|;x^N}sshfy{N^O4R=-Pq<*DoCjs?KNNW4ZrfR0#SD$izK~odc`v4eBNqW$LCn-WywyZD53bMr}K8pFie|rOKvmS1(BhL7Ud+amfiAUy# z5p;SA6o-!j;xLrj(#P`#*x6d-LcR@n?i%FyYu%b8Yax_1fT4zZqFe;H$e|7cKu7ki zKju}TAplX&)rLmf^U-*nl_KvjdkANWLmxyjeQL8e%)mJ&J@yWrTvi63-j09% zGm`TsiR1hU%^m75KhIQMxWvzE^35UrmqeVErT)_ynvi#_EjzZC?xFT^;HU_ZM0cdN z^{(bQQbY@v7DE=0@hEa4*@``4vI);uVeP`hwLOun$Y>HMIut2XZ$w&VHC~LR|Vh87A?e~E;u?1e^Vo-qA(KEef;2wfd2%DQoS4Q7;+zBk}k6O}X zsBm&ssSnn92cr1o`TTb;4qivQA2uvh+pwJ`=H9VGY)+8c-D&#{PLZoR<;ztTmTd|m z0o2@3mpul1OlYA?$!w$~1npHRGED;h=c|LsXA4$_1BiAs5BmlI;-nR9o)IpoW|-83 zXCXLG>Fc6ncMWIaYZfLKAaYt-S=xXA0n9E>%_3nkZL`fld2iqj zVGeNE$v7y84T587-x80B4;aC`TV`CX|?jE;XyvQqJT z=Bs{JLiQlR4$VS}$L$9hqa9sA)9bf{tw1zJ$@p=LdH!F2@#=s4!J>I9OXFU3PvCcn zUQ1D~)=gUMH4iyTt2&8SsGQlZcU_)BUuY@{-Ll1`%1x@=q{>y#q{>aIT>mqva+508 zH>*jN^V&?RTqo6@Qk8>{7VX^^^4c@{~m`B{W2u6@C`RW}l zMg;U+xOe=arc~3NF$Q}i!!wAV1&OO9(_c#lujHX>6eEhs#6+022J{(4RJdnsWJN@m z!?9>&9Hrx8(nw59M!mH$EF)q%Uf@Plcp8ZgQ6rI+O@?cmL}oUJYYV!kEBY(U2tJ>q zet1YK*)J@WOw8loo_Vwax+3QDZ^Ahu8YQ$p&XsgSJd1_^WCK8(W>CX*f|wU$IZ?#c zNrKoUI})Aj5a}@g4`&7Sy@my*N!;6cCUI}#*h8I8;@%|gP2%3fJiKQT_db@m$E4m< z;A@FTEy*t|;h;=-RFRM8iY29FH+Q`Ffl0oMF6+k?Wa`@l1v4kaH((xK$zetK?%4J) zLK{x`nb7%;Z9|D?t=Y8iqpo>(rLBi%vRR;yI5ciLEsLZpYE7bl`wl_ zE2#tr;Tn0o2pyfdUmcKD;55n=scDgkN>-usu(Wf`A^Hc99V)H41FDKU zS>_Mf3mgNN?-Vh%iFZRkJP8lI9Acd+W5$W|dC!N^6`Vw_*w&kJDE*tzDlEC_7`6E;8*+39sW7rh|8}(f8*!DyrInDlB^8z?~&?W|Z&xH^I zu6@-x?x@TBl)M+({O8RhSLQ=`NY;8Sn0hZXv^}g;CJZW)AU3{`BTT#DdccxA;6pVh zmnf>c`2{Ay6}ilfBx+|4fR*?O?A+Nla*@y2rqEm0dr(Zai^i2BrH~DJ^?WGM=i>ik z@7l=DdsU@w+v`2s>(~uh()cLc53Qt`S>H#@ph#2|j#vaufF;$e z_q*RfCcsCLc(7FJZhHtvcxFmu5|2b8k@?F^M$G52EHu1>Ni-2#npQ9ckOYz{w&Drd zuyW<=XQAbkd+CB0#i(0D2%mUp>V}zrc>@}{uU8W2eef7Y0uTDEVkMLnp`szA=g@;6MAJo~ups2?y_}i;_?+_d$>pd8Qmz#k< zsaWlBtZHa-XnrmAaJb@NolCOwt34b45AS?UIq#$MzhjA)vdUOFuJ~Ud|NFbQzyIU! z-oD+>|Ne)!zn}8Ie~I>u<$v$7**|CU_s%emoB6#}7YcrD(!RI;(#!eY?hp#4I^lck zPhT$Ed%L<-lTW$(>wa+pT-4zv?agTm^LJ+T zpQl9r5>ADl6{eejZ3&admz<@iHs0n$!j?{}OfzpHa(!>*14b~P6(|=eJ9l)U*Nw}% z!kd1r?s~f$O=VQm%b|-z$ShTWi?C$rC0xnxYVy}uZxDaJdSXfC3lZtCO!Z8#md&zWvASeBT=d-dmPMrqS0G3*`yrt?(eS-3 z7ijzwImBOWG=~RL6STU67r=%bmt-TPYUbJ+_cZxOuGXH>GqTb;2a}4(YNI>x$oOil zCM-2Y{La+`{lc?$N9d_`X2B)zf+u&g$2%Mnfn%%2J8 zHX*kqmVE?@`$mQT>SYE^?6rJj(xa>yS@YG}uA#p8gQ=s#6E4$Mz_8Udljmr6YjIj@ zjTI|5^$2O^%Vl6357>XcDKegLWjK$#C9i??xH^%rZDyi)GbiU(6?V07r*ct$*?dBG zR0KBs2ziHS zT|wQU2F+XDw%Eb@bza#pb~7UAe6YLDZg%}d5rj$CmlWeQilRE!v(#bCu($nWrqo`kl8%Ip4$rs#B&4LHN%yBXy)^XC@tHh0(l0(i6!osYzC z$fh%Ex&Z zm~@Rv*Z3#WH6n?kJ!OPh=SQ@2?b~r|Qq#V5FfbymCRm*BJ(!3L*r}xXijjA-cW>YN zIjaRg{{8PF<|LdsG#paWSj0RJ;oQ2dwc!X?LN^FH8l4oaZzOG?RhoC^kv(>MJK9bWk}!%p@*-^9Z_zJF59x)rm5TVMAh>L zPF}9iALiOEF$(McZj8?(dTUs5?!2ieO%L2Z{!OYM1J3z;>$d!pxPxT>PEuu=o^Nyn z^t)$`?LnDUM<4Vt{pdg1v>=SZAro>h3XzG`u08j#`@z9rqXmep7DlrTD{i0mmU6P0 zPxsiNHr-=;ZMw%sc5%ALLYwZf(>*rWrhDwb!;{T?(ltD7(lvT*(lsVsW70JyUBlZZ zU1Q+kquI>El@m<7T`eiv*XW&NDqM27b5i_>d~l~h*>5Qs)pqOm{TJnh6cFK$u~(@U{*Zx+7V7(;baRdgC1q3rwXcOCd)RvYsGIZZa9{al0A6 zlWZi8zT3$Wu8X#Jr6ZvCQT2hduwK8HMAgI1%azG3Fi@M!=YB= z>=94%xk<13ZLIl&j5C3dQK_;<5GB2|S|cnX= zicHJZZwF2GIBN+Rlgw+>#5fXv?b}aA(Tqz4HkxEaa6V&jYvWV}Iw z9Lkqt4HIOfae|C6P>``k3NqGEK}L@^km9W0;**}ax;A13$0kOLJx9Cg(*mi|B8dhP zstqPjizFSLVhz)&MN%D+bS;wNxcsF3c7RbX>ft6y^2pmnE4#9_ugG4m=oo9G)u8VB zdJuVChmB)R>NoDIbZbZ*BpRsv8%A?UURmqeiER4#>UbW9CzI!)Klz^h_yq+sQt7$a%UwtEt6|WZ7+~ojk+^p?(4M)Z7;Kwy9 zJ0s=Nro|^zlCsL7UWCYvSucvD7BiSo$e2k`?T1lgZLxZlBB74N8ZaTtlfg`i+-xHK zOI;oUGndECEU(8nCs(iu+MVMPR+46!c#M%g(Oex{ho;q;W4H`P!|WfA471-eJ^hoQ z>?4hO6V!f!+P9$g@DfVCFy`LPGl0d9#oUu0*9>-)$H1nSXj5g17mdSOV%IXfJ|a*_ z?pbGj5dkz=?{5?M4mh+WNMz$?p;>0I_1*;43ub&({5U53%Q}&vF`9sL;%5PUoqw}t}aHr`{NsjKE~G5h#v5ZV;~PU>VHY-V@y?!=-~&9_|F6Y zhCq=u;quZkEd_+^65QM?!zBYnzq(S~rWBjPqIj}lOL^mQ0@O{&I%n*ad_kFW^ zoYBc=cpo&WN05!IbTUSrissJ92V+g>!Sg5W*o*d~9BPgO8?C4^Q484KNJb?W&trF;U^^ggoK}v@Dmaq+k}Llknj@{ zenP@eNcdixknn@uosjSo5`IF$H*G?~ciV)7pOEmLHX-3(1_|%{6U|tuE=y4iAFp+BREw);W+2wCj(KA=_ByEZuFn1>f!%L1SJ9~CQi z-soHQF+3K7uqlxK92)nIy{x(z(4 z$S^3)C=2k0a^5@Vx{mJ^-t_N!djn>dl+ipWNjF!r>dHn>2YvR)R1E_GUx95Ug}W#I zf;hZH`8{W%jtZCC^qVJhSZxI*hloqUM9VULyQ@A;+)lqbwZA2@v^fa55zvb+adii@ zz!Rd1Qdvm;^nVp5WjZXwNSE0Lowgge60F1Soa~)t z>q%#DNJ}}#=MN8If)?!2y%aq$UnzyRkC0@%EMZRyCh_5Jg4Z z7p=l~F%7aTu-W?nI%7P7i+||7`p@r#?{*N_OMXj(%WP)Gyx3(C1fS^lx1W;l=<;^c zal=grL%l})@BW!-ft5HGIZ5}tWy3ft&Zi;aLHmm3DsVH4Y2g$^3@bhrYvV#K&p0nP zY+}Td*Bz_VCK~l})5$4cK@&#|bh3!D3zfFs% zrG}UnNpwZU@bxPY)OesItnikds;Wid8VCimP2M1;TMqVYv_L z6+q`o;8qmT&=T$A5Yjay)AHEbr?9CRT0}0}Spg?Yjc2txk1e}dmTqvWa(16%CigSV zR}wHWnXw?5Hb1gzPejM#+RM4HRkCas`h|?)RgY!K0u%p6U0+?uIX|3yJUVdY)Cg`s zx8w(#7zGd7i9?$|K_NJZLrYKnb7|3X{4sr8b)0*#oO`1?Bizy=?0=w}c(4{>|F;)} zQ71-ws--njD@#)L)8*IC&N3pwQ-!PQ+Y6+|Gn^^tcA0T-1w5h%K=d?-2{B@I*6TLN zD%Rh;pHq0e!ApeRH**gM3ni~-SJgE?{8Hzr+i8~53&I^)C2+l=XQW2+&2-T0>393j zk7}EmbPME2X)Pql>00=3fIrxsUP^cjh&{w=(hjxi>>z5>4x_(W+J#43`Ny|s&Qs_F z3XgVpFSHvr>hkIOYr;C11XVM@pgGcupRDInLHQkcXf{IRD03k%SluIpD0)&4h*Vs! zJ||-Oo44yW!#}^Z1w-By_hR-^KdD7KNi%2la%otzU1m(y|^!j)A!kPh$eg-X>pDDZw#bV?%Q&_HGReb4+SSrJ|Z5BBrr zm%(qmQ|TY`KlA`Y0J=ZU(`v+KBJ_$?uNX+17wx5gSC#Snt=qZ1k6$QwzcdAdELeF6 ztBW9$33g$x}ia|9J@}5ApkcBTs=lf zlX8Hizk7T%<*Ii*zWto}>!BWHUfCG7&BhcH7Alc|>Sb$r!jZ+#(2)N2`h{Krw~jGv zEaB!aengRE3j71TKaUhu>#--}=92F>n=hy61xm)C7VaFDZvCzWnHs(}%!FHpG^gdi zpcDaFj*!Y_`6`q#Y-%vw8_TLB`K3IqfMBGNNMK`jxbA_D_?iLImaUF~| zvt#ZDT77WBXhW?%*dSr8;ow%Rr<5R>qg>8Mkv(~0EZ)KDFxx7RYp(Gx92*7RS{bEI z?_>J;q=aw}Hc(l;wjEE?NVr!Usg=UuT?+%r#G%yXF|^?@^H&l!#(XgWHZhH{vWQc~ z@;$B_EILVd^kjUJppa%&9F1nBW++jI?^SDYpH?Q*Ydt7sOio2$Qmg}|d(TEOv3xaT z3k2-8O}TMt$3;~_$yI9Z+tV)MM0(`W|Joe)5#LsuOyD!Rd&g)#H#e_o9Gmv_3#qz0 zq5ByTj56)m&&YXL&Y>Qbc31?+00nQj%u?!K^d=M z3Eyh*yCy&wU->Z;u6-`d*@yl8(kO~QIUg}G-%R!ceIo0~%VlSmW-O&^9fZ1uTD$kQ zQ6U(GXFsO&N97Yk?X5CFXsKk}Mu3NC=6U1mhnstj_I6G41F%dNREZiY&vgY16Z9$e z@D~)6HOwGgGe8owaAc?O^>{%j(Z1%=nzvi`&Os z5YAN8v?X9YtrY~0YPY5uB-@fo_R-erZRX_1*~@2y39rxM@-xYyuiA$C~+kFgPVC8BI!WP z7c$bJR7H#@E5iuRfZG^C61Km0zzdO8HcoU!%&JS0@Ls_{<$k8tC0|d36}@OATzu1~ z9UfGD+9aD{hooi#ERGN?vMaJ_04NSJTD@F;Wyp44KUY$;2G$^g-@cES+{cfhIJJ5gaItx)Rbo z7)=yH0kFRK2pMBN2zAVOzlVVorySc4f4J;G6GjVI@{zx(zp8L1=5g7S4@h&~`(!{% zFV^1D-h>~&X6CC( znzLem#OOUxV_H8LRZ>?KqTYSON)@5N6o&*+G7!{Wc1ry{qCRod{~X2~WWCin{IO?zX%Wiwg#s;j&ptk(3dKF0W*~xfmNwjR=ndY|to+>0;kFh5I@6rskX7Kn)HWX<;D^gTC5b zMdjPS+?mk3CaKpqd)#MBdqEWslnW6MjHjx9X;IQwpd?&zgVE-LjkyI7i(0O9o0UwZ z>yqj$gYK0X%JkSG=u8zmq(9}0q;1Tpp!ZwJAyd-z|9Ak{2}GT_Ncp)F2~;WolyX}= ztx_-$n~FE4)R8W~Vg`b*L68e5D5p#bPR|gK`S_GawI(`m~ zad^Q4U7&b)iZNbV^t`180R=OhEyf-E}Y}p_%YdO<7o=UfWoJl{#Sdhdzfuou0r7L}g%oo#RUG?V1c zWVz8(uEAt~K8)!P3f3-5+71fV&di}Gn{=RgY$wQ-z5}=#Qu~|0-Y%Xgqc4i;&Udz* znJ9Vhnky9Dlp{T-O#S+p%gcYVRLIJnR0!tzsBXjyTHTa6ZEflgJl{8=a?Knr4;=&7 zBbNI`^V8xTyD25rQBbhie`J2@^P$$M(NooU{jhwIm*uu|wI>?Gd7QuM^sycBWl+aS z_NIwZY@dT+atKW^SsOGn-!zNp;Qcgf>2oBH>4qIdVGi2a5@bcW9D z6?7bkbB1h;eJ5-)T?b)u_TkAt@sC;gG*oDaWWM^0V$WjAgQM;;&R3CC0k36rl_hoY z?;=&cz&Q4_{Dufr84{iU648hl{aQ~mvqZ_2z_N8tR+Xl1eRF-93%?UI^h-~o%lxep z+EO2~uZ4`_DA(m*O5d0Z1#TbuV8F&QS6@ZP-6{A#sBzU6^rC*(b^_r6R5Dw)){3`#nCN?A0VB2+)$l`o3f*`OO`IO9ypC;sPQu9h;fcav{h=&gIl#>W`h-l6 z)^KHaGUnTFl3ZTLiB3H)JqcWO-8fzb{n(Rv!B~GA zkxkdNkd6~SbCFG7Jb@+{FVnB`-<1|3o9ACO8;Qf$!~VZcZ8ljLli|Mbz(2$G`qf?4 z8C}bHhP6%H2BQ;!=I!OExullqa89X4OBN5F7H*1@h;D917rtDA?0?gVrpI0kI<{53Wu6A597UyDx;;gRUiG%GDZunCOV*u%BHPle?IPxZV}2~ z#s)p|yGTh*fc>n;;>FRXxc#Y06p|_;JqzIAHK=heL&+Y@5w8w9NpQ7R9#vnRe^Q=q z{{kbUFXB?4&qsyFFBwV!xA5d#daW_7V)$(wP9PR8z!;8%buV$kT|OtKLJ&*v;QWT_ zoj^JjNB`MI87&DVwaj2NwT*XxgFv8{Sooa`osRj-%uVw1eF6Jq}lz#rmKCB;Y%74*|$CDolK%JaRF8WnXv;ysFEPaJLK;8Q6 z>+vqQ*DV7dFV+ejx8F-C)-V#0(ZO*Hv}Pojf?$2tEkkW>b*Siw9(SNlh?QE&Ue8qu zv1vD0G3;K70A>C>O>_BUoq7?mIMB>)dMv^ideRmQrzu)ansztTM(Ozqg%HkwO*4lhhX&HR%bH=xIpzWJNMG@$ z_fdqdZl{bmA?)AU6{4@c(`DRB>j4sVE`A;2_M7|J;BKA}%R07VltR_zHu3V?L?QEN zvLf5)2*O{v)tAp~kU<UnB%M`2f_ZCz#jtBmrjWsDJ-2ceVRd ztB&LSJyV|vHC~d2Iq)Q_AKZYqA^GsE3zc}7P!+{9EHp;jU@Fak%7N2K^FNNLpE?X$ zgXp9`K$jFTQc-(?Zq>90udiHF$6!Z8k1Og(%Zv~V5@l}RA1J(J4bDC~L5aoy&N-{q z5Z=a*52r;Gi2WcR}Ew~?t|8eW?Ii9c!uA5Ga1K7sdYbS;CHS~oJ&Ci%>aaZV)3xfS0iA+7WB|y>age#ECvln>k8Xh{^^1*0 zlpQ?wiH6zsR{nz#d!U0E{k7JcmQc-A4CE#6)}R*cmGnGbw7~B+(?GO+U2NHbrjNv< zGSB3_(98J0`6=*`nEX*kbSs!0^S1Q%TdLvYH5`*mH}ift2YEj*s%3CL$3daX;`a*7 z_GT!yZOBf<%dBY>8rn_NRvNl}J9w|UDsi4rL@pmZ@3&y&x%6bZrEw3_7;^D9Y|jd` zoSLdJzw{tFmr)t}bY2#}?TURqDTUIGaHe!6puZV$$q=|Qmq~)C#wQko=35;Qq=UpT z9?;9il7Q_jdkb3r$(-Eo`G(BJV(M697_Em*#A6aSp$>b2It|m{;%W#MvX&ZO5Ya5~ zUS296JbW<`3aW0l=A426Z7a%I@hGtUJ~oI~Owy30)E)cA(983Go3dSHOlfp8+( z#+ASQc(Iix(vlA{Lh^--v|TdKkR7+1NgZwM9YLyw{R%YZa+So)y8t-DSjaodv}8Or zPe=_N&ROyvqAcSQEch*X1FySiP9+Mz;nWDXPQHXgwN3ihS^5`f?}M?R+2gk|Fh`54 z60paLFQFS=+=Er=*)p#6?v%Kd@GI=OTZgOO5~ZkxEM6WdOhn?kz@I07ucG0^l!e*I zU{J)7es&(I)b;I^5|(WivwfIHzxugnqaZAkr5y zLSQ3QPH9O2Vux7fR%#3(k34S#w=#sC%356{pu~iIW1?{O$*zhZkOslB=Opw}y)WQ- zH$rUDQo2(B_E_rqI7ep5$Fs>Jxp|Atzhp#m64@BuC_>B;kXmkZ2Ws zR=#%QapTHacuvKg zdFo^_Nz*%=yTD{w7YW%k%b?X&lHbejm9^_MzI|Wak@*)XBTVA`5xwM0c}S8$&dH-j zRm;NC;Dh0|-*V4nZK??U>)NfVQ2?&oxgCGK_dMCUXY1p#R?h}4JMOm(EFi$gpA5u2Y zz>?$NI?VOd+`0gYDQgQpCB}~+Y?LV2reqxsj8?bGWtQ=gcnjq6%G(eq(^Qv4*1j|| z$jxe0f>VFbSHlk}OkO|Ipga{A@docq*3_DN+<*Ybi%@#oaKqJ%&<@(~_a5CoTCVZ; z4axRXI%lk7A!uo{Okr%kf1&2bK*K`z;ZW$UgL8&;_)OprK_odCZ$!}5535&2hdnZ* zje)c-Jg(a@!MxCnFJZO1i%p82u1>3$Fu~!hY3n?XWwa~VzLE`g!b#yiH^PYrX2IfsA9Bu^NO0Uh{>^#-IZIx@&LJ>aMnqh;0a^6wgFBX#cdGAdXIp%Vy@7gLEj z#r4>!+<`>-DUgpDc!<#s0{OMUAT1ex0-(eg=cg=3Q>pQS_;bUP>Xy*8BFn*<xzn_-n zI)*cfxF9R>w3Wp8AbyN5x{iTRjj`$Qkio#~3tu{_DV?Vt=o&=fzp3f!I7iR~sf5rk zy_`50e%VdKeSrEm;tdj}Cu*WHfAb-;@+;T=tz-y|x$tOM13S#aOSlm(UqpKvSKKoQ z1XKciU)SG>7Clc@Z|JD`pl1C>2s(K69G}D<>$Z&+$3kH>`3cw=bB1}i6nK*t^z`J1 zL+>!vjzZ;LEj%KocqTCxJ5%F0ZY$$#^|iXt&HGgR;75We&%yQY8$eu(Mz-lv0U^E( z+l`YK;Mg@AXVqG$%C{I(S=k8erW8={4(YUBDo2)~%&ibChgRlz#gRX%ny*ZIPtU%6 zfq0FMnWsoX3uiBI!3|usa&rDijfrP^bntoXHGvXZ>vZTKOqmK8t=YF0S ziNzL|iNO=d{31+ecK2Le)iET>7=n0QR4JPbLBd ztbvf~{m_RhD#6}4X3{56U2Y{%gzpk9={wH&3Jp6#zwyu%teWiP{Y3Wyy@FSYFJ7vC zX!e(U+W0KI9);MvlX!aTI@r8Ub8_Wnso34)YuGzvf?wdZZgt95cN65XF)6*I;nfY4rBnXgKSv2CbMTMq7FU56m)Wzt#I4~k{t!(Q zWUWXkt6c-8H>kYSe!hU0wd7gJl5l zQTKdOD5f=3Rv6i;FJ%tFYtqUQYxjV=Y^Q_rA%XI)*TDwphau2Kop<&9^3E83f!e%#_Tb6cNIX}^rVAV=MajC(6M4h@9y#5`vq_MEUbDk&B`)GCN9j9?mh{=o zZX#E*N559grxSCRT^(6jz_{5idI&UBinc48=fRTen7FzL?Gj)HS_C7;v^FkwGb0}? znL<%(${L3Zaq5h^H-ES>XmZWTW0`A1Gs|x*m5pGaL8TLX5SB})I=@^lC#}K;oP;Ut zJ?nm;m@`9)@SOV;v8U~?r?qi1w)HGTZYF-oN%or~GBVw_-qj%^eI{Y9K?m*#PHib! zO7Z3cu`DcV*(WP1g+vCyP>w7w5^%grL%ZWWsC`Ho;U%I=>IDnVpxNC zCqIK3E4R#yPNx`W;GBuK+$J{FR8f!i+sH_$O<cAf?w zTPwTeJhOF$@1=v>&dfg?2pzw`^`!nGAXYeG2l!uM>&=0Z4FZn^H4!iykYy`W{3R4h z%IL#Rwm3%zOF)I%xH}SZ7*Lz^9e56i<5a9rO7IbzP zDl!GuP(%oh`J}^EM%c>+x#cYe2G#y<$=TS~o0qoq4L1bVNKoYPRxsvG3-dgXV+-kJ ziaC_6Cj<~5_jcHMHfph}#$^0@<-$tv8pQtoA2<(cT)+FXBxr$E-E^TPAeUW{sMXa? zDL*1i7072FN)&Bi1PXr4(*)jMA@f`oAZNujONhOtT>Q``#?zSk$f*;PRkC$0iB;rH z7IT(sTMyWCuXQM3Ms1FjN%2ua-EtV%U$8etFj5v1jniF|nDB}rTWX&98(nJr#|Qf* z82-<=akQfA`Qx*DH(p{d_M-RshoJQrqtRip>}>XFv7Y?QM9O6%!FcoJ%R%pG?vN{j zHnECGNXA4>BE6Abi*-tT^q!LM&nLU(s}~@GR`U=kLCdTQQ$>GEEaA@(T%y5Nw);m# z{MeR*>3~rKl4L`-SB-lNrEPQGbeaigLDZmsCz z@Hj8nb|cjTl+pgJ7iBfqUS7TOF3Yz5&okdG^Pa~CtMfwsQ}?1|)8XwG!y%w(ZY=GF zFvvXU&U}l@+OBYf9jXY5+$&aaGAW;j18JPgj%-xlGc9vSyUqenW7du`h57`xuQZVl zQ1uB16YgPN5$t#BnI?T2kw>|Cln%%P9yrSL+ie`!W>e(O&42M5Dy6MaJdT$Lb-&?^ zx9FTam;vlosg3_(IFKrpx*O$s{DLK?G)3i6*puNhF;#>#>!|Q@Q~c=kaXSZHV~RCg z)umI({G}b;O;#h@abK^`oq8?ux$MNqJh-%2_#4Iym-vv98J_33naS8FELl*TwF5y zJwShhH5#+NN6g|rzRgWu09gGZt`2LG77lSG`~$vCQ-;fzBrDdFqIuV97y-FO}bKD_8MHgJicQB?PY&wZ{JciJroii zSOP+a&S0_e9mDdCcGg!le3f+ttuh(i07q2*HspHPSaC9Xt;*Iw z(gGm=^byG>nqLN$;P@Nu128g{?cqtuC_JKQCq_NwS}Tu1Ijaf~@*8q<^!nS-)l(C} z3^GNF9P7xB5~@ye)bNz*E` zmKw|AAT>d7s&>MV5=5jR)$dHBp*NPXa$}$-SW{8ER%+F@VC#R;#EKNK%GttluB>tp zO4w$W;Lwrmb^c3W;N2gfCfa!CxX@x)|@Iwk7VIWa#)V%Qm$!NyrH~Zugln+M^b#K*7XzUj2@4KhnSGo zsK*pd_u(@Ct%U=l+703WGgqhvYSnAHt<6_|CHEw4C1W{M-HW*XGVSVVv8#6zg^)ov z!to8bkXR1YF_wLx-9SGy zz%Q)`qlvkrs?mz04WS%tEkL1ytUjBZwMY0fbUg5XLsu9AX?s!SRZh&#NYDLW*$S|- zG}f&S*UOrUdMo*aCeoWGepHwV+7IYbrJ`QV7VN6F^c9KGzK?Kpkh#q+cWKw8;_8G{ zruNlN;`s#=vAv{k`=PKmNy_ykdMfo>QxW-ZiCKTeVegWbci+tLqs6dJsGu=U?!C1aTVdC9p2yovDp5(r!XuN2I3kadsL=hiG>d2W9YBi_`soXVpQzBOO~-R)h^; zK2gm;evDuOoJSl%#H4TAa4Swz#$vTR zX6_WcWDf@&RZ2=P1I=AVTx5<+z+DXox~_B%wu{_TAzW@VUvuO|P+Vdf8Hh6d;)h$D z`bd?C(_kiPVL%I~o@~226I%%!Hk8Z4k2YdQE45_&p3~yQ~lm- zrUqLXHp3V{NEyjV5K z{B8!uFoC0$Zuj<@y}sD%ZY*0>sz!=SV(i`Jpar!IOYc`2rZAy!0VWwp!;EQxw15d7 z*TnoUfh}MO_ z-#>7_4bsBblYif8gq;-zZMMd?((8Dx1Dakotq8cFBK^QQIf2-BwOZ~(~WA6xUC4YvD%QW|8D{N`S7qaL&oD93?j~WEvxTsX3h+(Qwpc& z`SE;5SvGTJ{y(HfGWV3jysLEKw(TeWKOp zt7bTf@JHg~Days8!}{p<`S=dNkOu^P14I^i3F*Wc$`Ne5d*Q=jmg3>y+YWr2Abhv0 z2u^;&q4U3_+$p4o6qDoF_9iiGOkwiTL+o@C3if|h@SR8qU2q7UPzdb>*ptw;7MJ0! zHy=2K9%{#~*ciK54*RfJFyh$IB&ys!U7)MK5Pl39?wNCdxvR$zYGMhYbZ6RW?jd(1 z6YfM+biKA}62s8h6DJ6Tj|*2g+`hyBAt7p~Z^$bLcX?DqPp;G4+tqGjM3D)%*Mtl2 zoP*A&ae?it)?{tT&#Mhx*+bj1(cF1iuNd8Ml80>DaFV*p`pX6I8nQ3zR1bNXWRK~z z%(Msl*#MkZw9BHukg2476pjhJAP66UWbVmyx%THz(*%1^o{4L7DDt1C;~$^SneriC zpPGd$zA*YiHwb7cJOJG5--jb@42i9RhKZ$*u&y0!5YUQcdn7j9EDR*I3W+JIYu2T> z`jsQf3KV(!w{shcM3bMs55@}BR=YA7o1>@zQ(>|Fca9BKkuN8JZq4+Hh>mKSt~vuW z=ozJ-DFNdFeV}Bl>Lz)h>|}6NhiN7aSC8$p{?5_VQT3J+G7=iTw(#zhkO=a&2{!Gs zjQ{^3{INxvI~eOndLk$mQ0ki#|M&3yN&z@|Rx9Ed%1G7Q)VD~!M8V#f7fGVJ?=ZL} zi}{Q0erWu3f~O3*TQg*uLG+$LlTb=s*X8lW1~&ZDczn0s9vIC|Ri%{5c3vr>9Tg6_bImYSP%a2p=<3!qy7)1vf~YGu4P%GmC-gr7 zsKC{vCJaRN2=sWHW3^ROu1B>;)Qg;DsC*T}UxD5C3d{@NNrKIBBDAL4i>d>U^wUe< zm6Jsx#XMak+~xZYA?Y{bv&|3RUdOUj{m4T0y*#i;D)dVD*5Cicw#dm381kmqUNvIn zudBmwC?Xd$ioXRAnjV9KLRdOsnDm$r5a+U7`F-dK7WY7hrMn=D{2Hzc@-7SJBtx%9 z2YIT;qpgVe{==;wI6}nphTDJ$1Wg^qnNb5chW$Gm$A!8)+#jGhWa{aVP3|s@w$&>( zHeDw{<1J0i5ETLqe>{X8f6n2fdkUSsQfRirCDJ|aPaCz3J6amBs6(1p$>2~~d;#G$ z5#MD@DB&t%f33vzRn}6u9TMZTpht~{TM#VE5h+Z#K6Sa3ZbP8BsNR0%<3{O^gjm!b z*3tH~?)mAeD=(_E>ti&?3ksLXS}ABGADI;#mDZZ&y%->3Y{KfC!UcNumN1q=n6UP-F37H^c!d8h?x(^gFZB;GfgJ30-ntrT z=jv%v17x;MmEN{<8Tqw-?|weHbnp=TW%#q>1AR6BgQp0F;W)^0ovGbN~vw}_Np*+{AHJAY^`K{#yX?$kn(nezl& zgAr@$QQnPNJje9_%~Nv5x|8#x7)JBBkC~RzYAa~hx#%?y5QP#uzX59zxu~{mfvbC@ zRZi-yW;S0p^{WAWjtrmO3O2KxXvuDT28&wbx?Y% zA)a8^4@RVDApID4w1Cz&Jg7%^Xetp+qMaLwVL5>KC9bL7?)vKV-1Jz-_8~h|snGP%IV-VdFwdU3%77$HBV&ywUzF$JGC;d-?NaeT|S=QVZ=0(ve{7K}*w z@XhFyWtLqCy{ZEoEnuc7+q{fLj2K_{>Znp{4hJ6_beGZs{_?>#5pGXZa=flpCQl!X z$JjmYQZ~SG?bZo>X7LE9C~V{x5Nre{KcEK}i-x_jEs}rxZmSjkGRWrqvU6x^FgH60 zyVIMcWTe!&P8Zxl@-Foxfxh1L{;G1Uflka_crGBjL_p~c;g<$~(&6*gVKiFH#(W-j zIZWE9ufo_{38QerdAHe&bF%FFVmHJGrdv?ZcBM0gw#g;F5rIy!$3eZM{W&eP^vv{l z?!X?cM{JQFOV$EuQD;>iTwHgYxm)qeAUDN!!kqW}TjOQpko7v_g`>hVKs}TXUHl{~_+rw8)~zJTVMGzI=^;O{D&#vKOCCsELmzUHy_Bd-BKGB zZPPl>rMAOY`GDn_ZDIyermH^=#= z9z}W9`tkF!$fiK_tj2a`>==rw#SCxs20VnaC;?zsE_ajv5n}rX+b94zLtPR3J0^DK zF6f*Crp78s1mCv~sEuQEuvMzHxC~}Zw3LuQT+5zIJP2wz6DN<$g(!1Ca8 zw)<%ex?63wj;cp7WIKwyLm-TE^8()(YO%W2>YDN2*5GD<$wAoBcIx|ZVIiIS9{ct0 zdCJ-wc2$I!gh0fFx7ptV3VL993mEmiUGvyIUy>=ml3i5Olb-5Uq~ESdKX`WpbY>Bx z8Mf}w2{hp(Fexl$>-V`QVxUL=7$TF2DCecBR1}l8#9{D;aX-(%i=?Onr;Wy)8C4|y z0xEmf)bmB(ksLn9h(=6G6vdd;X!EQz6jcXrQw+e7k*hls%rCBGc^eWmA;Ui|J&>X= z6Mv@GUufIvTVy!ys=WMh3`5!q@aFDGNbn^IqOiY4(~g#m>BZkJ9i%Xb$RAx-_xbj$ z;KDMlYOWBDnC;|v)FZxy>^|1^2ouk!u*PqEt#k;`9THHd$V$4hN@cLRbz~BVNO{XP zOes=DIKJmC&|$2pc+1nZAwi?78p24ak4RZ8#SgJpG>%^i2jOV4!(Bax`3no8$WA5q zw7@Z!S+M4pXy5#{u_pM2SKrm8|F)*<_%Wu6&ZxuMM$x!FO+SYf$*Fo~{%dIQ2dq;? zl<~OL!R5z?1K~s*-AMfbjmg!i=Nj5~YK55d*%I$htM76Xt5KD!wX#s+nxtVXUYn$x ztg1xziIMw(g@^Ie+C$8}w&ukARqaNxU|=9X@ms!@U5)lB0{^uzOh|NGU6FukGQ=L2 zAu!lt03yG_0|WV~KmzpOT!#r(Zh*gJ$8f|n&uq`*Y28j_o+Xs~VZ+&VOt}w)MX1J? zrH(-cASeYjs=tiLNc=06#1BP3gdH*-$Q9!V3AB*Uj`!^Fo2r}$hDYrE%i{A_qVN!7 zxiI~=kXfOW(|Dyr6NAZPqFkfW{z&yHPf;iZyje6fP*~H)+8(CRI7ICGh zgaaMH_lq;4Nrzs+?RfY8WpK7z889eg2Z$;~4mhmSv!49bk27^pZOfs8*V-~Q@r@bu zyOia998nf84uOX{Wp-c<=yC`)JTQygoC! z0;bh*Gw8G7wXbbywoU@L;8X=Crt;)k`a8J}IO%}~*~68o-LJ%>tA%CS z3O9-Z;@w@`n$V)oS@@d4!Ij5leep)|rAY%SiJn_Riv6VJNXZ%B`bijvuEWf)ql-qc zwZ!Y$OAKicXe-C2QBIgW&%LDu_Zlo^#gr#fBh=~@XGh#9uZW-k8n}t4BDPPCmajFv zpEq@^a-Z}d1Zmoq&zB}2u;hj$b0A>LR`-JV?zo8(k>a!js#MVAJ$O8`N|$i&cKr&@ zmmIkeo)?1NS!3F`NnjFpu_w;PzGN?awkClwz^m0P5*V!i$lYase? zEfJH}JO?}M;f>9Co#IlZLf|I7x$@@Smb-cy@}TlD3Wl{t+JEhFUqmIU#l*xHv;o z-Bc@Z!yEhmM$8Yn@AY9ErGVpp;a*YJp zXql2Icnx`w!+g-on7^ppy1e!Pg$8+!hIMz6_fQgZ>_drS87|`MLJgde~Z$>0D@y0YWHHQ^xP-t`Os`Hs! zR)xAmqYY6QYwh^TKTtwi%o z>%h8U{fGXszgC)To~Z!by<7lZLNTBcvK+Zx(q#feG>sgNlr5ZoQ1uh(eOF!Ik?11t zQD~P=>Lfp-`FN@W=WXixg4_Mx()ng5bJ|%w?|I(^c=2sR1sJHuI>Meiw$^gzadqeb zjTn$z`E0Y%eJWqRUnujzRtoUHI;Xi}+*N*)IsTiSW04X68|Qd1vdcGJh<=Oo90m-`6H|u?hW4XLUl73+&udCL&)(fN;mW zSgp`El0{q*@2#>z=k2G)1HrPci=m#~EIcVN-sDm~$giGp4GXQe$y-zGxk&Q4q}63A zX|- zgHo=GAK7~W@qZRlh>jF{$L*Y=qgY8?^xCCyFpG)tmn8MTFGw3gZ!8-@oSMlv}rJOjhk-?P|G7`OhR#tPO$ z4d+bu0SF_!&~`>5yIoIUUDrwC6rV_(PR(CyUcd?C>9r|EW@elGpzm}wapb7${FHnW zO8?{PiR)w1pYZEaF!@O+c=lOSf}M(-5M!J&dG)le-7;a>;ax9HB4-?*XAoSH>s;TQ z%*g9hoYD}tH>q6YGr){n>K>x?qH$@bQk0$fa(u``bHRxDJj!%<2cmh3j3z9#xeKYD z3#!?kd!LfH^sLU9)s+KW`8iZPJ>m)>k`K%V7AyH zK@A<)H>KDxwPuw>RmY-~dmV)fNv7FK?`DYgOGKISycfbW=`54ZGU+Un&NAsNt+|d_DB2n2t8=u<(hTxG85?XyR{HHutt3-Cs1q~dK z{{?>eyE~XJ@;iJ}GPU9e+^k+jIq>B{bieQOsWr zyd5er=+Cm_FL?WmQnz)%l)(XyD{?zfX2e|=^1zCao^-FHN>~|mOrzEhhd>@-)jY*( zU!-j9@e9@-SgN)zNbB76BZ}1Sm!ch{8CRaxRddoMoDXBsK&_zztE~A$_PjM{pHY3* zFC<3Ro$b|88dhZD*37j&!!+a9EVg3OR}m}W8nff8%XamY;e~!qVOiUQLBbp*OZVApm}pxs!<+HUxEV|M(o-`dh~S8cdN|N;Nv&sTaa! z7((;l23O@xf@MqN^?q_Bd;Sc^s$-zB)k-s3<->NrSl_q!Z<*Qz z79l$LW*{`%IdYTe!QW|<48n>NX(G1P;;~K?fp~X&l#g(Efj`}mB&Zumab=#w+-Y|v z5?j>Kyha;ua7lw)aHptZ%PPBLO72&*wsrczncwxNKpx9`wka~I9C@2YhBla)J2P1x z&wc|lk@9jVgdwDaY*@;xO_Yp0`4LR}yMiHR1J@4;)cL(=@_>P*O%f*O&bx29Ke;5Y zUfIM-jONxLi!3fucGAkmgx_=%{@9cX!Q{pUVDj1!ctb=cH9isMl)1#0^VoYk7<24>B3 zPQl6mF&hL{*}T~JuH~4z1CP$U1f=oUZaNi77EC=dh9d0F&R^@y(aNw_0|eAqwE=Jh z_R2)v>Al;{v)*{P?>(npi;r`jbs5=u#OjHyaue``+~?7#qq8j>i5 z;i5hOoD#PyT@R3BP4IEtHafq#HqUqBIk)&5OR=sY#e>zejcQ;YMsk7ZH}f}#<5;th zEm9)#Eh`nkSXVj!#Z#aUzh0}00K9}WzL+WmcEM?_1eFZJda68vvIW@uGFNr=2oLmu;ejDq`eH5v`B;cO#ZeD5thwTY8)#^6-2@ll{ zddmpuHQkPnHug*zc4Y=#nZ5Is6pW}e9$DEhrVzB|al8tR%S?@z@w#}0oQp5#sIhK#B~PQ zK%a(3~SYlN>FPDk*r z&6pKbaBN#Jtr*ogv(b;zrrph)9GoT6L70G2wpaHv(MxiEbB#TolkdF29cG5|ok=&O z*1Sw-1qBD4Udz)?Z|nRP0g}Etst_u|y#Y(!l;b2uGb6raKkc@khs9?8X+?3hZ4&;xD|Po?T-6BPxyT5~AHovDar?!%G|1;5`*nDccL5A~-ez{Dhwkf`0h@CrpGEed{qD5+5}fl-jEFTv4Z zGNT~HqbECRx38G^sNEttGU_qu2q15_!7yh`RwuTsY!|mm1XM-y6;sBx;Q3J4c)P{Q z#h7q%=Wxb^mIwKx6M8-}%)H$q?w!4X#D|{;>5^`MdQ2#K1kJI*>g^WG3fR0s?Co|y zKzkHj(!#!m2S>(9cM=u!-fjm4z()>L%hSkU_(+Pqkom~K_)f3JO=l=zzTHL#&qoe> zFT_3=NFPbo8E!uiR3Aw)F7&<$u#Y5ryfFNB3xwpiTcp&*Hj=~QEP%Gf+|IDM!}+^U zMPzPhcQZoUjUQ1U{J-74tZE#eA|TiWn?hi8x`6QD+UW$MQU?S{I#UaH(g;M{;G)tD z#4ABZ)pAXZ99Js&c5`R>zH3owa2+;sAfwy^fFXyYiU#ZokmTO)yNKEpwvufcKO@a6 zwWI8@jY2X8m6rL>e-CKSUW5GquC9a&sWCT*Z+|p}Mg7i(JjtpQ(O*CoE`sBVU5}o^ zQB3ti{fbpM&26YL^M!(@bi3KB&kRs6^sI9k=EsQ9g*~fKX+PS9tg4>H&iIpHTa+8T zA|q92*Y}E3TaGgRznQGH~nhm@z-+pDOxI)dP{pp@MyOx%}@#brX#qAGf7eg z{|srz3sEVMxo}1n+a%;8jZ~pCD%DLX7VMsfU01y-p;8fy)CbS@0@tJAps@0615Q(_ z*vy$Wq}@hn{CaHnCCw#t=2-*m42!6mXoTgMASzAd%$%91*MnX9D^JjdNjVTU&~Ket z`S)r=^I6Gg3P5B-gmBC{12uo6c$(CFoxwcUlNz3t5o0VFmHrz014H~i=YPkPH(a)= zWmEm{r8*@Wnyh&qV~7B0CILdHC(GD}z_z&J+q!Ux?qkq!j;&_H6WN!U8LUjaRcq%Uhj(?*DSlieX^BVa}%gO(M`0O7f& ze7vE@S)FDipq}GHD%7=6*L%M%SFEXwzkS{4r(M?&AmyC-m%UCM60@d6#>(MZoZW0- z%RSr>DMWfA+wVu#nCb;-79vFvd0*3lYqnA}SsTC{{spjJL(8ZyGRjusRLR;%L{;)4 zW8_b@N$r#^mn>2Lja1TJS>XBMDX$G%f3pAf-}(#aSCa615eXcw;6Z!*+5W?@kOt(` z23s_S**I7Pr7qTsp;^`;A?H}%wzZH3Bw;Ld4w|%NekCWI0<= z#kaK|!d}~zg*8j^mb?aHgl{%1mClO(Nd$EGhvWtW2e`sE#b-6O!BM0oFpia}*>{Lk;p06Sb@ZPtdtn2XV z*}^{%ZVS1!tp9yO5qr{`(xhEBZUJEY23QUur}>UlMItt6dCHj96d@FKQ8M~4H2O!{ zlRQ&}+^ItDKSPCFW54(AzaI?l&(!ei7Q)s?acw`ZA%Y?wJn}@Pib}OZj&bb9pkY7M z#4^+g?}~!u>A(~zVHUgwCxT8@pmy$dmbwix^YccLF`^j}L0 z!@Nq?WMabC?S*GY7DHkfJtro5u$|7&;tC2eU`z4eXXvB6%BWO4`Ew?c2R-7L)9U2> z$GhHpoe}2b{Kq?T$>l>R+Qn8SZQl=BF{tBC{M69sA@pnf7GSO)f3$m8I$kHEB2)R@amMjdRj{Tk6bO~ zE1%iqdQ;=IA%xq6*e#eL)laWfFRzE{u@>I*2|QTV;*q2RT^|r5M_5@3%u%s7-QWO7 z#HJ|4hRc8l6D%9B1>7#v2#XV3g_I`+Lob(!-bMB$JBT3;^vC=e4!mC4NPttKx~XL> zn`+K7^tF)mu}Z^b-w7+%$yv&_XELSlPN8cypOI>h!$Xrw^6K5IIl1E-p3ySfowi5Z z%!Iz5+E4jyxv$>7BCkaWz0sG~jL|K#VV{`G5_Ir4bN9;ns-`zBbQdA$_((tJS!_|S z6RV%RQf0+n=~Y^aGC?^E?$R{_gvDoHf;rL*mFMO>{HPZjmK{kunZrYsOY#ab_`mvs zQl13UwW zb#%GW8ryT`&>!%@98TzI#pTHugPl_~He!NTg5_8s2^E9=y4)Ff>rmkixH z>3a+Fu4%Pj@aY+r)JF*aOW&i^A{Y&rwz%*$;HP`@DzH}hI^@MnWFNhnb9Xe%5x;q|^&5n?gl!5uo7tibd9 z`TN`JgO4q}?_-ZG{p{ee1%EJ!MjeHFv7zmbeh0|28-CsR%KM^|{gu{q|fHWoEw7t((0-M=&JzzV1$bL&$v0ldb@Ge-f{_d`8 zz|+5x@9t{7u-QkR=vU~jL}TBHBpF{aCwMQszcwQ0N|dp6eIf22W}AF8Z({UABC?Dn z)ujZTdH*4`YQ({(0Hsi{D9(|eexDXP! zj-ABM*04{$muN8t(~RZ<1cnPK zX6NQC`2xE#<}88E+_L4N6Lrg$7%N-SGUI*oq+q%X`j;)F+;& zuKDfG?FBs9)t~U~CTpVc{ZV`WaNcu8ZheDY&tTMs-t6Sxvl)JSR;100e;tS3moni!s{IL1#MT+?F;o3}Ra_dAGUs`qiJh=AEhRhgqd^gQ5Oh zu>4NZUs#nI1+n{EU$-hCV^OD{zL{)vHj)b&b%Y}V* z@9?dE2HTSXgBGHwGB>IkuH9}+~QbrcME(5L=0h`Yl&P)#%ENcAn zybFYE)hT%ky2so9{Gb1G17r7{z=FK};~)MoCzqy(4rg_(#QJ(iO9uF63g~QqAw4s} z=1eg7R4gls*?IM%Wjs+>Lkl;#DbnaAO6~V+{0YqEDarT)BTEU{d7B(B2!HcXOlS_E zbLc>`Dw3%$0$>Ojh4zD-I(03f0Ph3a&2Z@p%4_W0B~|YH{T3+S74`{BTN}&*5Q|d$ z2QD_xy^xr8(r{@MKa;s9Z)F0pnej}yMnBf13F8jiU;E@p?eDFx=9~?oV5eEylxZ?#|%prr#?-#(< z7;1*vtr!GVZ7Ew9+adTklP*b~s=7cV!$SQ@Tn?D+{6U9l;DVsYEBu-7HC5k}U z$7M3~OD*%^qo$zurZ=3y2!k%8K$LmdWi+CC`Zsh>Jn|heVqJZ4FavWn6b;j;SWQ3- z9>hM4-xn*>?!C|G5xR&;9&-h|yC$zM>QD_^Z}mD?tX$HBy=h;~{J0?-DY2$`n%OuI z!k$dUIsK)yDH0AB>eh;(G7joS$`mU%JZBy3ew@J?tCV_j|3*x7E>d<= zEix|GcO$Klp9Wq<^uzzp-qk&~ZDafUeE$ke`ru?HvfI6#PA9X|8OKg~J)5T9*lizo zAQHB)p$L^A?dbmXcYuR0QY3I7$#%RIUgAjP5x#M7K7PLqA0t>OV|Rj~?UG2Qp?2i)YYqf(##R1C(UpvHf-LmdXs8-1=Oo8?jbfxJ~O56cruUc!gR#j1O4 z9yngIrD)daEy4;>FZZMx39s~7?%CQO=2Un6k>WqGWe_Rs?Bv=y<2iM19KeUf(Z*TZ zmVT4fcjS&XQPN#ovJUc+-*Jg!-J7s^XsA8_yMp}-Lw0V9!9en}YM{G(hXVJ`X|VmJ z{Gs)`qFX~wb=mW{;582<5j#@xz&S78guGT36aYjxL`_upD>wbEH&Tt5st=sc+SpM^@NV%!vpFcKaOOtj z+EKa=*wH)9n4wXn)!TMvxhmYN85T3U!BnwC-u(-R29~t_7+e4o+4NR@mz`GbOwEk) zB5t&o#vS_7K^ewo)L_onyy{PSi%jP_xT}pXKVzPbPt#7aW_H{0a<3CKvD@Ahh<*0` zS$~6l&*u#zXA4@_tO}0I0a)UcK{S1FAf64%lV2^wErERF%mX>M*vKD%NLueh_NcJD9^X!k%2LmQ~ zsGvdEpJDKO&ISXH-veT8z6mCgk@R4;pxc6ZB1t4f_0i8~@A@zG7r@VF@BSl* zHf{^%A9Z*ZDvtco6CVKItA`_Z6k3yunzt@$DW-T8m8c!D|4JB(<}GhugPLVf*B7k+8SM77@pKG8OZqvIp18dVOr#s~WEGXTelB-+@TdQbO=e0y%oZXQ-N9_pi|+_5@w45Kzd zTM^_Ke)2W{?bC-k=pmO2T`g}BkTh-gwD7DY|uG(s^gM@JuZv4^D z_Tj;W&3(Lq9v|C5dg$?~AgU>-Sy%tvu}@iD0$vQki`SDhc&`fBuovPg z>fA%`>yyOi53g9W?6*jUDP$V`li&msW8*T2B&tR>C~i6qA@*%d)wQp zVKerHOKq#rxeKE4r}vb{Env{FCMavLf_JO+Fk;DTJ`+N%IS?3rt7;8^qB(ah^qTW|( zAslu+DLU(467MAb^=CU< z8%8VG)AKf;ZN_}3{k+XEo?fq45cS};0uu-lZn-aB&Ib%rp)?N2cmBB?wVz>psUlaU7T}Sh&zV9)L7UsV_GNN zb|Oe2Xa9S8iRBQ%gcI0$UNM<*0~)WTk+JtW9-JZ1$Qh#7&vSQx@S3-rwjz-O*tZIF zvK33S6fUd)?bz0baZhIaL=JF-xxQT$k~_4$K^W$1QnP#b)#&MD-~PJ^qE&O1RzJP@ zd*DX-$)#hPB;ANa4_&8u40bbk5W@e&?mfnI2mSodj#ki9A9uAs^?Mmv89UmxcRxA{ zKqr|#1>uRdp|w<9js<=?GET1}^0F;fNz|u3g~UT;O%H!?q43kczDEy{o{v~VOs}Gs z`c?9Q%N8OqL6#=U(t*)2PhL$fE;TIY>R+@hn>TQtSum1D-`<2H!$Ytqy=>PjUg)dZ z_1UGCA<2(F0D8jz{OyNtBZK)^k?NWDjz{!2?W8E=#ztyI<;wG{nY9YDN)4CWv$5*T zA-?ZPar7>5n@F%##1y97O=RcWBL8!|r89MsOneje{5Chu z=_S!$3b22uJ7M6l(-{EgAFuxP;q>jh4~El0hY$d~TEqjnP1F~DC5_Me!~oSe&&!>Mm3TK)h=Fl%9DU;0@csxu^OH1gwvnQkTN=yaHibEC}Jlox3x2l2BbmJpu5^Z$zVEt2m@Ddq_@`qWs#BPb}$b z5^Pd!2_dxkmdigMq5qc@EPn{TkJ7M?`w^j2Ap8la{fNX|h~fZ(I3g7dPVB*l zAHj)ZrXg}7Sb%*SEDFmY%1)36t$*nxLQflP0ncwsD^cI3(R@W1?7&JFOR!!=jpbO> z*#sT-MB_rp1<%mod9iiAbTr-0)iQ}jo`;~D9Hi0qAefF3B1y=GoaQ`6NgU@z4x>s2 z?8hjnafW1&KEi{HlHI1bl1CVkQGzk7$&MQtB{7RX8Qu6SCS}~T3fPvDoXRMP6THh) z?8+#a7%o$ivqZC5nNczcio4mDoZSZsg3sBP9hsed$pWH=f+2dCsA-(?0WFgRbvogs6SuiDdg_4ueW#73E`Go@v3K3I@>C@J3R@X18dfiGx2obd5jWRoxHAR8!O zbEplJ+<+UD&~#7^l&o2m=F0XZn>8ENEXS;k;m;nnGH#jbKZ}^NNhZeN(e%wOkf!f; z$yRv<=IQTto2+^pw0EfCMVY!QiF*s}jlO9rOjuK$zKb z8z8YQ7ojg(bw{28N3xg-hgC!CXykCIJzQ#$rq^-a&hyXj80;88SEd7bp1@ zbFQ_MOpJY|#Z1K@$;pW1Tnwb z_RBT7VgYyZk{bsYTqqpdmk^?f<`^$#YHg9&7_9Q^vdW*z+c2fzNouOBOW_3In; z9Gv>-$@i7`^bJeaX;Fx-Zm-2>mUQi*E^Ql9lMQ^h8y@XSu5MD#w3i%p!qg=z zokXn3SH0Y-UN|PFq+tbLaRxN_6h4RPVCg-OioRskjUh&;17fY&CUmuG1T7X!2JHqN z*ko3sWZJwJAdl1vu$HUzq-sqX(b}*PQ*qq&v)4Gd_CTfJCqN}>o3)NV!I@Blsz49$ zoA5u9h^n;UMn8UwyZW)FFl$<0Z}?JMI4h+is-vO*1Gq`0jk^CgR>kk{Twa!7NLrJin#IXI7V*P7k`IT-S7IFiaik7%K;oCo{`c0V^Y< zOj{s^1QR%-e>#Z<`T9*NT_CZ}YZj(; z%OLfp? zoD^)eI5AcED!OGUYTk+l&471G3Q<)CRYTm6GqzedArIf8$3jS734ukB4yL?%%gp#- z;G22w2J_gH;F%E+KS1~F7g+x2%D$klp@HwIk0WmcM|vpSX2``2sN*FoiMV4;!%HTK z+fBloFR%7Q5V%#J9$@gF6b3)zniOna>aESqi$fjFiIsU^Xa0k~tGx@Vai&;jXk z&q{^YDFP#q4fXXTHf9tPhAi)>CX&^XYcEg`oM8AvfqWJsbwTlnt-KH7me+RO3ggne zp)p*vmzuKC6R|ddJc5yInR+ zQ|U|mwe>pK@vlsi)$4>xDGKf#BniM&e^`|Iu-L5``lR3T{IUaQiLqsHD#b6MrXO~y zI!u%driSYtH-pvvz@qQ$_QnF3-qfu&X6SG>2hnjf7)SF1+Ww7}H1VxF_olv|))`Y8 zc_fKy?0!CQTf%3?*slY(R$|pvbkc9RL42_T1q}T9wl0Bu6y|u6K_8GgZo#)u%{V~j zG{i_N$hSXy|NRtr^CU!bR6~t{H^(5Fqe7$L%~L4?F=yR0c=NP6us`(Xgl#o9pD)bS zi&?nRS$yO9Z4sG~+`V{SUQFgl#vU>oFL8JBfe!o1!OP0L3$yAHHI3)nP2|!=WR7Rq zr8DRvB73=YiA;+;H1Twf94h+_8;Om`blWk%4IOlc$z{tqTzpXmf?d}F@dZ2?6DvxEZOjQ&e(V+7-}YMW{So0 zzmh^R`C-V#i;0#^Wq>6kY4;Kyi^(#|&nZuZ0Z_aLqNLv+eS7e8g3m&bGD#&Tyzb{ zZ3TH@zS4)*T6E4>*d+pHT`$U!k^1Pr)R(zZSUbv$ec{n`!i_$&gJe-VA58JOlPh&9 zqA5pz51;QVV0TygtLH{IdQic}igOoMyjY{jHocory++a5grwrPdaSZOQl{;qG*aIt$cD|Y5J0wvaEZnnx{5WVs5;rQ z2JR&~W3xX8J_>cwFRHH8CV5s{fCHUX(1>Lpso^!~O74r`r+Q+4)tiuLw6+ge7o%G7 zEpHdy{J0RyKtVn+u^a9BWL}B+$&#ujD0R7Q_`GXHBTq_p$Ep*_Z)dbA7QAIe+coTj zuK27F^_`k-qL#cbl-m`#ZIFPpw&%s^_EJvy gT9WzXzYgV44&_h||NQkls_QjSB`i<{k;Rh`LHh22V9g_}b`U7bTt!`9l!-qcG~ z$$?+e%+?O*s^{C~kSmF(Q*g~7(D4;kV>{VY!~fcLySwKuWt+eE+?m_f<9VjbV*xfX zA%q>;5lFGkyAAM)DGBtI0ELutT$N?zOzPfg$^uM=68R+`sMSPboaG{cj+sJV9x17? zQ`ex_3_siK@Acv0?d|=s&AHnT$ji&K2i%^w*Y|y~@=78Quz;nBST`u5O-k^_Q4lw4~D|BiaI3-Km ze4JNY7-{@+0PEUbgrXG5^l`b-MOY5Y;9P?ywGd=3*5@dn1P2?ms;S5~7a2VXyD z@H8E&D%N11k?$H>bl~!l-|2f=9AgvTH)~5NrecX!1FTuLaXUnBN@-FelG2NqO+=9d z%ela;ffN)^OVRM(Y->2Wj3V}`Zw@4@Y{V8)gED1xe5A)2`{WfSC)p)vs&+fhW#h$F zV`${O$r?G^j&(akwRx?8r)07NcyC{CZ)<-AE|m-x5**b0&F8EYD-7c5K4Q~hW`6PT z=6-k<(Z268Op{E(-@MhwTu)mL4(>lScZ>U#%m;3nW@`)%uFry2OeQ;riA3`=z8HI0) zMCtFxsf|}QQs)=Z(NidVcB8znb^wH7ynd?ydIml8M^nEwyRgAeQJ|*dOglk^ww+wj z536%9iWyKLKqRIqg(>i-O`bJO4 zc&LC{YEE^x-UChQMuTp2ATL$r^AHRY&JNmq1u0}lc6o>RzBMr!IBv<i-2*lj%)*UM6;eu5=<|`K_((ZT3wPZtVW#iFMY?d;1xdAL0m)=A97DhTw-#B8 zG0hoh34Z)toZNqIjMK`)v5FObe7>JKx9$b&6@CGB ze|h!ZiFf62j}b{fDG6DJq8ITdvXzoiXF2c`TM0aGj+O)deHGG(Y5{?)Bq?UWq9X(I z@BY3YI6qyr0N>{okKNc)fC-;LL8@}-Zx?5hyCGYtm8zWdq=*n!@r*2TK0#`*xk&9q zWqB`QFm+wmpA(R0c?$!;ehA+|_qgO*w2%?JM53c`$Fk`6A{pzUyL}|M9?IUocRz

    %K+TK={N!6{uty~LA2if~KW4lWf_7FIsm5viFz6|+TTz%AZo z1J2rij+#N!Iqcfbx;E?tzOj|UNl-rY(8E#cz&%x`V9U0LGKW;cPQ75{_5VoJrnO2; z1+mc4vHfCBp`U__e%aM0QiURk)J)D_=RZWe@{w**?G=X2k>WSWbmRv})5$$M9CxqU z%h0#O^)x@Qy z5Y_O9!pu6@*BkR8D#ynB-PRWa{T|lmaXJtl0`J^VYOevEX$~DPot0ar0h2sUB{+n^WTFHi(P=$G$r7fpg_C7t`CsF?+WpaFS@KUFoZUno@1!=pMKY??P zqm)7)!Gzn6#0MD>QVL!!J0O@8)3(hdG|H{!T@Fx3seJmGp4Tz#vy@lVIup&FohKJ{ zaFTCo*B11#Z?S=!s+6!2JZSgrc#ek9S(%fwxVk~u#vm(%#pSd=>oYHKX&SVd4E^*C zC;c;quYwq)evEfxW8^ccZi6hRCZq@g+(fb<`{M{6PI1~P8A0u62g2+6NjOD1XYZ#SJwnTXd}zY zH#g1!sMZW4d7sVU4_W*|#Q<^G^wbQ%Yl0@(a|Tug+rU6A2ni}5L-EwnHpc;nworza zect~Ia=Zod&6JnKI)~<7=A^HO`q6BCF=G`FiXbv_P1jDj#7X?<(L^MY@YKDW(Ouhb zz<^!v*Xv0pRoPaDfBUyp*Z35AE6>awtLO6u(R{HXp5Xzid>RT{D>U4?_d`D5t`=pt5@;A=`QE%vY}XeGap z13DMFIw_eW2Xb_>HB1C=t!??2(TtA1Tg6EKj5xb2qN1dYYG`Rs{S@g#-FmCu1q)q6 zA5j>6h9NBC%-jl8Bg1Clw0YS``h`T{#l&PW(@Y;?duP@<+iLlF-D zKNV{ayTQW+fjuepbW=LWhVJ%=jYM}k*%X}!j1SF%uPvFJqGXKAWx`gm{OV#yD=33OJ^iO_>*dA2bZ zMXjVZ3W4dx1u(`8m@}X^6A(aJdXxvBZ@HXv{O4#Koq4%3crP#~P#Hk-JYfFgTrMmy z*p|%IqDB*SpH4arYdj7#;#0O)jcm9jbCXdR3zw?h7_qr0AHWuDwPlonj|MD#s!iXz zPHqzvX9tPWzWezuB=sFZ{#7Sm9BIQVkDnzJn-+jA(F zK*+IkYGkL`*NzjpC#FU1tO%<|sB;mLI{gyGjMT9(i#^hz z)3bJaP&WU1TlPk@<`ZzszKcNr3m{u+a+a8+j(Z1rPjkj#J__3qE!Z0tn58qVgK`dvr zxYMY=DId0l#wiY|uZ+Z5946o4lpN}-0VeO-~7a_hl2Ge5LqnPp_8D_$GXhWB86Q-%jCa-^ev`IVr&YsIrBC6 zQgqIBZ62cq$fq3b%Vl7RU*rNd4}#<(R*7|gDTY$h?Gcoz+?r`MiP6d4wiWe>)?!$U z=h6fsO|4E{>}<_oQX@C9$|S|_lvUz9Ug_h-O5(h}fz8#5LBxOFFPPU7;%PVd@mq}f zGYg8oQAk~_=iXee((PB$Q)f>W&?^TIo-9r|wUmrIv;LoIw)x5YD>ligZZm^4zX#X0PFDaClDr z_zhBmlQgfR$TGy1@OMyn*1!V0rwgr3AMZ6B79h*u-Y^}pdB2Zw$0?{yeZN*;<1twl z%X_)xs9jYSsG~ToQac9VO=~ULJlu_;8gfhAl~r{iVYi*8TsRTgt=WUte7K-0^f7z3L_ABHu(Zz2pG0y$-poin)$uw zAgKF8b@8A1rJ7^bCk~wM;I75E%qnD8XI)E%dk?{&w=rf@yd>o?cV2X2p6H z4Sk-Hlt7Ldt}B>7ZxsK!-oXKqup?rz?(&pc>U1GO|Hsf|?*ZE3hXV7e1f}ry&7|;| zSt>{Ga)w6zSCy-YRIMZ%(z{Dgrr57pZ+E&&ZUX$-L#{Kpu}2a!(Dfe_(mMO|w^eOR z8Oj+cJAK&&ney`wx7&|>kRmFbd{*&t^cZcx3XTz-kDJkq9gO4X%%r`Bit049pCy`7itAr zdrfm;3{Xx@TRe0OD1sd{-bSaEW7@{Lcdf?9YlNl&I)4l_;BT5%O$^0ej%Ov~lx%Wv zZxfyd?7ObVje$w37V0UH)*`#nGx?WtulEY(Y6*#Wyxsr_P>ak_hM4{8)lG6;J z(aGoA2gv*y??L}AAnzioo`VS}<)xlt7J;WfwjmrASV@qVc@F7y;FnB(gd;W_w9BOj z=J198XBZy@K9I?@$z3Gp3*a$S03zly-wN(%N8&pk`vZ&R2=U3iP=NFY6%^<*h^W}e zJLYv8;@z@BFYHs^>ygS(}<7fop zwajU2SdXvCu~j_-m$D1KpzGPL*OA7zIjs6FSw%&v94Q`-WImM3yK1gJu+IZXuMJW@ zO}`?#FpK!pd_p=tg*WG4dqn>BC=x&U_94CQp!Ug${PZ|G-RLKL-`@sudGv+yVF3st zTwaS=d47B;XZeL5Oujx>Sx5Ug^O%45og4pUSb&|^nETuRi3CRb;{OYM#{NnEPjrZV zxa*U~@_*BR>VF!K?gy!ZT^$Ka2c+Nqcsgqe*jQkERyO?&y2S!avsWqta|<@=qm=odgW=J!zK>r^-Ce71Q++nGo4x;h6LPf&jhlNz zM=J84?}CiMTz4I;yH5v7OT&nrgKg1i=hp)ImQ}8P>M#v$nR=}_^!zsqake8}70F>k?Ok{db3(r%|`kcYA1 zrA*9Lgd8*@GY!OJ)m|%LKX8(R%J-S7NlgrPVi$G5AN^eoIi|%UdduaRjPV7pO|3T0NlE#Nj+(3Fm-HZ(M@4sg9LasQ zghtC}hnI><+AoKicbZYEVjJnIZTB&Osm_;ma6vy==1HSLHs!v7cY(U=176r*YJ7_1 za==gpYF;oikFK%GZWS41ZG^6lVjb1(#6(|btAeoiV)cq){R7nAheq>MHPLsV+69=_YpXq=BJY)JccHKwwxbE8C6UVglwb6= zMqI#l#_x0L`2F9d9KWVxauUmNNXLWc3VK72iFOz{BD0s%foZAeuVO^mKRi}o&6HzM z#HKq3lOfw=xfXAkN{1-n&n4*8a6-9I>9oOdK|N|^G<&^REbL>qlUJ6Fy1TMno+O+^ zQeNJIBT_`QNq(-9iQ%p^WgExUa`M>PmI@TTn1sYXMz!E79X}I4(ekdmmJYRplzHwdC%G%J4sV9o2|1J4K zU_Sz(q`0#Sd?rEgfwL8)mH@~+0XNtoF8Wx>BZl3(LEk=02TbU-)<43e*(=sr&I}Gd zD`Je!vtAO81~n=*oE)R5xYwOQJp|rA@iq{KgOc=mn0&s$rdnvaRFTd_4Qaj>Swx>! z<d9( zNAH29sY|I#0~Sy4!a&;wf$-poUB9)OvqY0O1xp+MSkMuQEX33^VZ~A?P$_T`&3EG> z1rgu-I)h)wyzo44u$(gkGHZl?+;C}X>q4-s=J{JeudhB(YT*SCyQklh`y&3fo;}_M zG57hC5LQSJYQ|^`KH)l!zaCV>z=&hdRKhPe9h;GPTlwXXi*q+JPCF;LG@c8VzPKsZ zNXmoFmMJ?0rkg4UavE0qWA}fTH!%d{X zX4L6O*tn*dMX(GN0M#^y!5D|og~WRKU$-9$uIKcJZKO-r4nu);S3|AAvO zB^2NHSq%EZ+rf}?ZLgCxJ$4QJtXxFXZ3=&NT~Sg}aBNmBnIVNGQ;pmglB?4=*lo=EUl0!K{6F4EVg=#S%JZngI3Z06Nu6oN(63X zm74a~V?s+^Pv_Q#^1ui`R3Z+~8_1!HY~%jv`!PqLYasvXj9;m(NKa`VUq(>C0Sp89 z8NMu+NBt43;7#(Vj^RegY=)u=NS=z2PElf&teKOPr7-J{fo4#KU4yHol|gc2ft8GF z5Ve(ikreMCSEwLNo|)KNS=NG2&@3^=-; z?XuaHpo3NIiUHIMM%Ee2N18Lk6+kT7gV%jRFbpfTt0*Kk4tNG#h)5|c<19%eS*K(x z+QMzZo`nTGBJ7_)zm|{+{`zQ>Z`Co$u#(J!EKOSz(8o$3C#tNfFb=IZ3BNB)sw6oY zefkGkI{;Mk;rDiXbU|031)oz+uoZ5|X)=p4wSZ1v6_@!zwe1p|fv$u|>VI6cl}1(L zX%%`a0APY|_2XO{L3~N3Lh6|(EI988E#q3`#&jL#tKP8F)MtN?Ph-XEu{-}ca->>F z(hvhq!2zzncTodT9BSdh&b-&YR(~I(h|(dYC_$93hh0mohf*c8k=uQ+Q1(x1P?dr- z?Q>Wnr^o-zKqQNCs+*rWOg_}$m54R*oiZQ3tHRnk(*tem1+vsP#nrra;t^K;14XFB z($xf2z)|KEMD|O1kER*aFEj;1Nn8H&;jJ&ugf3o;ynY_kVhm=UOVmSGCjD6vSD!>e zmIBj@jwMSGeScrH{|l+a+i9zNXxPMnPuXnyH0wtpkOeL~S~yS)TQ4~oeIQdibCM{g z`Mh4tF=EsFg%PqQ|ADR)k8~zB>-oDOJ7C368}eq(!(&YlsdWT}4ezucY$Y)Q9FxBU zZw^;o_hs72BTttmnbMrWrHox*L`T1ETvYcCO;3Mr-oUH!lyB_OR;3g|s%Sou;7T&z zIyPJoHRt1a`J^}=Z6LfRIwFe|Yf@UK(lbu|vKx2cL zzf7z3+ZO?SGU+6#2oI*rJ2x`T)STLTs`xjjC@kp6M~z}S`%ujUjRkNp;HBB%I&(;t zm7>yT&I_Sh041{C>M16_@!v??pl>ftri!=eO@<85U}e(0|NenK@i!WjuP_qxUeklLaUjxk@jeJuHdq<7UgD z@5kM|O!K`7tCO#b=kxewNCztKc6VgVs&-D6T1ADS3_`^r0i{P3e!&;{wAU^*IQ|Kz zC82$9aJyR_z)GY2mwmD2x8=h(*h(-vH=f9(vXs+Q@~5!#>izbX&7+d&^58$mGNsn5 z?S|4P=4MBKNW}ckpddZSx?v$fk0_HJ*oM7G0h&`0d;mK&iUO#WBhm8BXzH$6+IQ?W zm-&wYPz-MjJaB_xz=6jAH~koz8hTiw3rAl3ln#kL4cH&G?ua&~tTq0Z5pFF<;RE=X z)`13^lWC%tjq|8(s}I;w&9h%=6O-p>F_K;&Wy4KOEIb+XGQt$zGi2fDa>fT>&&E)! z^`f-PU19Xg+RAt=ZL$f(6(CdSf!!<*l9$dkn$G6VU3AU?`7)}8R??dx_DSBx5P#Vf z;^WO=mzDQIEa7t=(1b-qCJ9CAYPq$PDYkbmi1Cmu?d_#G{(QY+cUC4{f6%vft3uaj zhUC7t8DS5qUo`zKJmz(FW)`d>1YaG*3)m#;FT^-Of)P8Uz5NmTmdvTy^h;mRN1nxjn?OOdRjb6_=Gk9tRJa#D z#Ob#)YfKPE1sMAu1G@>EjJue>yS`_inVReF?djWfcA2n9bEvlNPJg*4)!V~!8D`bd zZHl+r`kw=0+veD79r&3JZCwPWbn+uk8mFGMx4rk=w~m4^+IutIHxGkW+x&(lHV*{+ zV3VO{?Y6BwXoZiWECQ34dBkt2ioG&z22S!X~Hv3qeC?c-Kv_mEcab zrc;&5CdXCK?27R0^FqF_RrFt&B+}zgNC0E6bBNn zLe&Zf9*dP_&A4~(y>07O1TZmI)UeM_O9G|6*vh`Xfx;H6pP5C*PJXt9G&dl7eXJNm zCFh$uI*@65Vqh67CO_W|rs7L%83#VYF+=Qla>%LicY7Y!1%GWx(BI!Fx^8DzSb@y9 zIS3v92O%O8RS?J4?h>2F1ottL`&3nAP4|FDz~-n!S@Bmn>zkm#hD}bHh|A+7bYrSu z!5_LiAD%fJAB)D<1)gBF*%zU*q}8*BO*@%4kzf|%6+O#nVNgSpq>KWUr(aJIKTsN%9>j)Dcx>`D?8;lmZfxp) ztG|T&i#6)FvQ*Nt5ai;cpnMzX+wyex6%n21;XyCKI(6BsLqo|&0(HuSZKPf%k-XOV zwyQMNAnPm>Xb@#2gR^d1-Hl+Ebb^fIk@7mTTN4q~ z?v`~|m?~Qa?Elu{fpz+rY$2seyFq*`QVzHuhQOp1QJM(nr&U4fJDL>D{vz%;fJR)6 zvCR&-hHQWyu)O}yG@ZHsjrM)3 zI=#j^6n7rFsnCTv)w({aEIxjld^r=R9YI=A~0aQ*ek3z6zN+7=8$Psz+0VN*nH~# z*jp333LkGtYX|A&cb;_ha|znOTzCmjeFjy{=**&dJxMaz8F#eiuh#`Np_JC3s-(ab z;gHlNVVP#yn^4*p1)x7v$ny~$wuu;d8Qg+qUi?GKud|w;Eb@lTYe98Z5@|;w6kNgl z@#w&_e7jwBQB4;`=a(6Fr_dsLLD<^HlZtgts$328zVX80?I5tVNb86qD41YjGu(4E zzc{v*U7G6rM*WSB_A&Y6#G>ICMSCg|YoTP8 z2Vk4!l~^LyYD^kP;IL;Q)j~b8R{vfXrh%{?hvfEt{Dqh)GS&XKsvCnZ7Y#z0T}&yd ztt4EBd|D0MSw=2C`}n>-21F5}YvDvXBjSw*$0krD17~zMF7T5w@ZUbEK6vPoKRE8D z)Zk|thzfBlOu*^kmO*X12Y2^<)R}`C{;UwPivQzM32DQtT%@C+bR8Nx!fsOZsOg(W zIIuYr{lM}2!C5PPOM|9lc~!4U(pVbm3@fCjgz}0^Egm2Trq;{wvV#0N_`+4xvRp(nP;jB5{!Z+jr|+AeQOc?4sFsk| zB}o;TpW*KiSx&f@!k&@VhIpH#yr82M}mF-U7!=ASE%lx8`Jna9k@^? zcLwZ?5Q|FTO2`dK^n&^UU4Jash93BDRl48)Iq7E4_LK z_29FB$3=D$2QSY*C@*itL@OB-0}NTz_9^^@t@<{)F~k>sxDp?yffM8E^iW_T-*iOEZSA zQ|lTC=lE$u8dU2~U{i|V_`d9`#bei#d zq63SZPXG?B10;y7J2knMH9Rr}o=*O0jpjbJE*5{k-7MDGGwp20b76LdNwqX~7ntl| z9v*)>LBHJ8n6Ty+!?W%)#OkXe64AW*G<%VgxBBXzM2WW_{wvYadpI#cOMw^G89O}G zo8=I1j8+w&QWf0A`WE)0ox`qb#%C*Wexk0BZOVzxZ6QRW+aiWckLbKpF)e3^pqYD! zna?;GY4QyA0qSkCoootX{4DwWs|?P-+6Arc_SjeCZFX_J$K{Y14dFjKKj9p%xjz>- zKiW-(e}`q+4#)L^wU*dcK$o;#?H*TF>0(lC#LZZ_e=E!J?6KLmxn~pr=t@O8oCVvx za=e*)s)K7nxSnhLOBe1uM_4RMnna zT|~}UgoEhTKg*TJ3ShJ*Nqp8*#z(!RbsQ8<{^Fb0fwYx9-}N3%`C%^gmp%7zh@<}I zoy%AhEPINl{x*>oH ze}3fi)*`k9vYvV=8)gC11+Lj^E(xpLG~L`y4ahRz#yS+6RQ{p>#`Kt* z816oZ=`h^c4jV}whO#=7ARoN2^J?DOb;cWd7Ty_rf|(tZC_Axkv_0_r{5+amLg$357XL2w{G-aEL4?hf=U;_#G8x?Q!EQ2 z?+gB?s6pKdb4s~`9fmx%xRGEKAwk*d*7E#O)^Lq?*tSiF*46_?w1fFtAy(MC0f<^b zU8xEYy#%X^FJG#9PEv_{suKN0L)#H@VHP7IAhESfD+!5Sa&+0h7RV@_A-Hc_%tEmV zl)u@{)1J~udIjX3T_H{t{w^O5yM^x(yAg&Js=E6%A}SK=%D2EwP`g^=P39k^Lv+h( z%rgGpE8pF|rTHbMzKiSWR--*m)Lk=g>NEYQk_SXEeD7ckj=qG*6E%D z(JYT1*TQE$aw7rdi#rIlj-#{5pi#ZxSEp_>xH}zO+fN;_;Z4%^sh_GaETX%IblHbT zKXHKZ^auVfq(NGUmXlngnRE^EE{AsQ@i*luC-F+%VQCXJf`0ol$I)sTpe=n4cH0Li zS8!m34C12Gi=mdXvlCs@WV$|{?-RtZr&jm-a23a&sYoM+EY=V1mT9LnEAb+!Wp5pe z#-8kt3bhd=^A<-BkJq&T(_g7%8^*@Qw^hHlOggCI=x-O>KWne5uk<%ba z+wk5Mw>51O+~hl);FrE8G-}E-3tF2Ddt!4Ppn-t`xzi<^Q{lB|KmGgAe%wJ-u&@q- z5<)Ny0>XnK)R60XXVmF{UGM|@$Atfx(jFA%%>k8>g{T!_#mHx6b2_$=8I;e;IOpp&h%dFoq%IBJ7ufj)XsCp0`4GJy^G|!qtok6kgK3 z$?P4w!ZoF%q}+ZGf|88HQ7>UP|4z6!{dIGdefG`=9)t!eU zE;y#PCRAN>^5eZ0YprNLy0EO{o#=dYED}byY30fst>}1HEwq6XghVo zHioS!c{h$K1O-E_-lfMQWv-n|1pI>g`JjY7ACvU{ng(4Kdz6Y zH6Q;7aOOh^NRbpX-h7qKBhHd+{?0#lkIt?tHik@0nvUbclOCE>r1~#3rg!tRWz*p{ zet~NvJMpO)vf7rEBxJzU%h$zfi_rD3%2-%`FNBgSbf#BJA|kka1dkT{Jv*{x9C@Gy zrR2U@`LLn>>{3TzG zfj8Lx31`AKDF_U^;$|KicOPVMqDTK)_}j^lO*QVVFfC0vl<+N5TZ^2~h5DISxL*o zbu(U!Ua7o^D~!~cOm3hlc%U1^ldLj~51{7sgfICYIv#N)_g;Gb(QU<9rj2Ww#WDP6 z@!GtxB(7smK*X(sam zvEllM>c%W!Lz%Lg*;=Dy|HE`K*2ET2m`}mn!l{vKM|VZZlOiPV+ZK ze1o4-m;G)rLwgZvyr+O zZ2Frens7S=6F2k??R8eyQI65Lo-PlLePomlV#=8&uIbHac1#V42I~6#-w_eF>IqE~ z2c=aCPJ?oC z(~uTg)690fCAMr@r?Kq21u3F&$oW98OgBar&o6O#VjTp-XwUm)8RV`H;0rRLZu^nMaiHMY+;DwbIV+LRm&j-uH20AvJ+6 z;%H-YrL5BY#NKT(N?FVNd{`zwJcyijI&G9pEQ?muc?iwVRW@oI3^NrKuC)6};c1GI zG9rodYzm?SyR!iaC&D%aY}zK|T@_V0O|t}BY?r=D`MOLoXq)UovJ~VL=dh|!{Y_o4 zMlFKc#o_IqZ3IRE_t)_-8*|2H%{q0P*d|p7Ae5e1U}Qx{b&4@TeAD+9oPM$g#$K}r zu8gT&;jg&fKc4a*Ja?-Mn$$3TG`j6Z2G*fO)zjVH{(AoSK3>tgReBP-;x1tRwE()| zFZ3B-G%N9w(TcCT+f!kIFhF}`31cG96@tpOZ2S;;vF|jT4k;Kk}X=%2PtId$Jxuz$<5>a z`*>s~8GgM7y1-6?KLi&7Q^{pg1c^RU`l$2CHJR`lF~WhjqlJ#PH7xTVCm;3+`@fw0 zDjIJ*jUE(Xt2#fJJKMq^W81{YK}y+mpb&Y1ND%v=%^qL4= zAdmg9`9K2wZ@qswQ3F!Q`ml3xc;C>7!T3qo(^0D}W11=10v_6SaxC*euiM_oqHs7_ z?{0FzVY7?<2ilp|fNyd61}8Ba+qrMO>(|`y$%j#M7$w?zj{uFJ#KqJ)m5V} zIOFu^o^6KTE-ik(u8!tij!Ssmu8tdBB6dQhE2&7N@SWu^fLuKTp8Um2Uim2W ziOBv9RT_qVlgobGhLt|Jy&sj0j6DX|;wiGy`PbiVmCfz{gS1~Y#@OfFElkSq17uZR z*;kEg;N@exo@o0R*lZ1L=${~*MJ_FnSS8Q1q<2)Ddrb=4YqgCzUI#qo52Ki}!}%~0 zy3`jg{$Xuj*E8_0#4v~JSQF~!iJJA@z*q7-pFfp&QC`@9bt5#aOPlK86(3`W#1*hk zQPj=3u|==H^bY?AYrEh!;fbHQfUF+Hlp(D0pHm-L<|)O0@SiJDoQ%;ZAxlSk{hX&% zjQ8H`3(cOwE|J+@x0|}*+~tz3jyGI!{KvCvQ&>HH=D3Rz(33WTa{;rjLy&KY&%auArY2 zOD!|tnb+O*AeuJw{6NAtj_&^k#lEoB+pv>4G+{{>E=b`?A#@P&LvVyn zt6~GU#g+F_&@ijIU(lXj(az-Y84k(iZRJ2~yC<6oV1Qcw)}t$PR2l!x^HZTCQ3NfEkqSCXiR}NzXA`X?^Z>Cm~o>vOF3u zguH8$Ny1my6`VV7#{HUz+d(y}p5+UQD<#b51c{cd8dTi00!z#4cbSXYq<5v^Fw&mB zhioa5iT%B#KK3_eeE8(V&q(T?W+)7H{5KNYwp0o*@&x$EAR+i1i~spU%nqund{m5s zGj3vHkxpnT#j#G&Z}levmRe_&qRULYY}@#vX%^M~U#w^Ez?rE3f8=_>xJ5OALd2|j z1_6`4fuKTd@&t7->1+52T&T(!i?6JUU|3^ipG48m{L`p{M`UAxh-Ko20UbF+&B5=_ zzyA?rlib6c^-fV#fw1ZKUkr%A(_ub#htq(&-3f(+>2l1-#M$Pgs#=3=O`>!5E3}bu zf~;nYXpN9t2I*!ZEIE{|t=Q^jWfQ7#blT{fLLHMF6E|7rv|BwIA6GVjezvFB6*X?z zDsG5zpZf~fjaTR{0-j-U#q>33Yp6_MR@4-5LgDtq%U8wVJp>OR(Bx9+unrdR!$({?Vp3g=I!vB z�f{A-LQ=xBLrybpoCY!Er+196%RgTdh%8D$t?4?JI8s?1bn0SBcJE2f0bL!@lCU zPsfhwkr~m0{?h1+>0r%V5_}e26JgjH*1(5R(eINPLp09GYaGcf88D54u+y}6)hST6 z9jX)qe5l98>NAfTilk(73h0p#>QPfOkWejPThq|OW8Sp8Bm14rCJmB*RoOy&3O5{0 zAGx!`}MCGflv;+3yUTsBs_#C*uZwq%e1$bVWkj*%*;S* zX6XKW!fmTgxPPZ<>sN)W$qvr`-fDm|qHTEgUAd!iwoaqD5)N!-f-K;Ga;ymD4gpzs zo9q&tPXM8;Zre3uQ;#3Lm}mW8&iPy7Kiv6`gMRPEjb8i@80F2ITR39DsUFJzr(Dp) z58%P6=G_JGJI?+~KHgYa)nB{!YI@hSM`I(0dm(UfU=8&16pZ}c#|^G7$nW$A3Ywx;aY+NQxHPN6xvxNh*ws<(#ZF)ga2S{Lke z_PqNgwobEF+X*t9+PL$NYZb&E*N?qx?fD(M?3{(8b#`TWubqT#bOen_?VOY#LeDOl zBs`+`{;t-#x1)&Fd17!$UEdg`EObw^8%bBx_SNyZHWhgei3YFMa?iI>@K;a-Ta|f$ zqTs80!sC_8qKGWk66gRY7|c~|sDUFJe0q$kdH_crU)FmwVW(Mp%Vo?N^~RVae}h~Z zCYy;d=U6anNMzEGDk!x?I(K-XytFHLZH%#DkBCELlbP7g`(%=aXOO&BJvP-tJ16WQ z+j;ZFY}{*E(}?ep&rW068ON|PzGPz{TB*l~+4U*o6(S)jg+Wpc2G4|JNbzssR0BCw zw(~2#s`%v>yp3kS=8vdyP0M0!EVte|zE<2K|3dfX-oMH*^>mT>=i(cFKB`v+N1c?s z&r921Q)Q#KtvCnyIp7u?v3dCX5wa6w9rA5TM=UTX4vvbTV6w!@0!$Mk8Bh(*%S_^x z8L)>8X|EzA=8!9VZ(piFo~T4l5-rPkLDdcgc}Hy;3DZs1)OusNk*VK$>ZOZ$!Mjvi zYS|=nWH@2&3r7$d(URzb`1}El8R$EW!asts#Q6ku4DSHW6ZhdMIQNg(0OZRzMKaw2 z;>fb&iD9X-Q1z=oBZ1v~+@=z(I`okl+i_gG+kki-Du=|E{mhj`<^;ssO#n;nq0K9ToFF8!S{Du8iqvS$`EER)Z} zvs_p|-GIMA$^jzt?R83NiPX!W`oR7DRRM7Ep60$y(51)hD?u%nK^YgU+O@R|wMP}HF z``Q$k-jWEAfMl1vslfRWaF^E<;f2yNa(H!$%7cYV+PYvL7D?6IQPW29Z4j8zV0p(Z zS^!w@Ffl!U$!W|f;um7|@{K_6KAUN#szqV*#D!_)XJw4d`5`|>cn}RePz7T2gn(fW_fz(K)>xc zzaZUpFDk73kshR(>_gWwt)-s3gzP0^zk*8x%X}VGc6tRSX%fq7R7X+(pNowpR=#}M zG@s5p@v3#EY@ht2A@%8k{8KNqwdCR(Ifx3^USE2gRYL7oFVib)qLJPA!rPOOMW8I# z&9haGQuPw<_4Sogt(4TD{`-Vmi)yP3wU7Fh7{9GJJetOVI*zhz2*}!@rV{rb6NPU_o?s;LO*_IIE(x? zJn%W|f7}kT|4T~$XIYg=Wat0%Zh4fpIt?_*ZQQgI!*esrwY-)Xy}IeW`-b;iX<0+e zHk6$dx~t(9ICo^=ojfORruAyLpw1kXhw=q1+V7aAWN>@@hM4Ui>7V zjuZ<#Oe(!F$ZAt9_*a;SB26-uZq_?f2z3 zp}`-Cq^-RU>2q{9+jah|yucz!#bjl>L24!B7=sqe^s0!#Fed@!{hU%3*Uz#Nerfjo z(mGz&0mgC+G^IRC2f+&j{E#MQ;`7Uk@Rz{u7koD7p>mF2-_Q3xLowmhQ9^CtaEE;& z{}RRkB)3;jvk_CWUEC?(IIEG|T5ZIaqbF+!ax+T|gR5Z`0Q*No(RM7Jy!~g2@<1|{Li~^b(%STW_N)WJ=b(?@X zi~&rekGRFADi|H$HN@1{;Q*Z7T`-}c{go&nHhc64T%-~7T(g4+XY&0C?cTGEGO(tX zUX=bR9Xfw&K7rVn&)Tl}$1!99rQ^p^RmZ=%b$Nl~%gEI;z6IAAAwY7l;ik3?%X6wpr3Ci)rz>ishik5E_!7d|$+ zu!xkeEoTgaFNVWt#u>eqKRmWkrjh2a$gaX5`JM~F*~4F5m+;peO>>De$Z#6}4&L*; zuXqw!DMoi?%-NybQv*uY0t^6P>4){Fs-(Jkq^T10p2x`iLsp@XVKp!yG=+Bn{!ZShCL+pJx%Py?>; znmh}}UpP#O40m(%6Q|)f${hC;QP5mYzly|V-i8rj%=}mKZC6{k)=3g?Dkf@SJ7*0T zbC2hNj*W)rk#t);{3Goe(I1>WrV{yJsd--=h7f1RzgaQ*|H*-vLCR*`L{$(=xgV5Y zQ=Iu$g4Y~p7{?R=|EJp`fFns)rVLQZnpVus7nRfk3`p9M7*E|441pY7HRGUMd5c0D ziMz{U0`vHeYO?u0D>YfCR1~QNM5-qfoh<>sTYPkYUul)%UhNKi;Xw|8V9I!mImgCL zb+P%6$nyvHId9$-EFX^v?<4J)B^uJjT!1@by{v1#4E9WA9aHY+Zfhy!y)hp*R;&Ly z!Ennu7d+NQE@iSqc*Y^0njN_B*frqTYlNf-X)=8`(HiMSDj^n5szkJ-^z`Twu5&SJUQ45UX9<$H~QqMvcx|pETX>u)43(EdAWijHbQ$&D;WQc)TgU zJ`J0vj1q>r^rNqE zG@ZC@JrEUvF*yw=u`8wj!jvLqm5Id}grpf5u=d|aX)>5zbmq9xciOV(uqRZuy<9PG z+|w#xmf}Yn?*G!vU&z_PI`RuNO(f6o6yAS(^hJ2tzaaE=^Z$UT&42jkH2H6H5?9Ik zJOBTi>T`kdzl(Zif|BKB%8ewK{g`)I^-)ib^z)b%ue&OrLOGL9DPOAW9n~!AiOqq` zU`ZuS{>WnegEWis|Mw4A_jLd3r9osqU?uTPD(EzVJ$S9tL@ZLFUc^#`xOB)S-p))P z3ZQX@xv4)Ak<3XJwEjL5A=s5a^-i#@83uwXC}Bx5X2xGu%h{B<-M9fFf|A%)V*u4#UAbLJhh6;f{Y-pkMLxPe$TdHTty=peQ%%dX6|4e6~o9Jm(4qWpE zC=(4)s(n(k#vp^_NC8W_{WaxOD;gt=C^j*J;)mx{;SIq5l{LCFKDv?CUf}4nY*e8( za|RJ?raqSp<8!O}CX!W}y_+Ls^9>=dr__wONJ436kvg^d*%o`)zgli)Jqv7v=oBfdZI$yVh%C!q z0R9BtP#dZ-e$DHlotLK;^?aXuZ+Fkj$k+3jT~06^Y_}$E8MAGr*u=Q5@yE(~68IBq z-6N~tfhPp4@yj(ybpF~k-a4M~AG?b6dlk%VLX_DIPR0O*cYvNB+K*vvG&8N;H-`n) zNLt3dC_&TmZtRk$?CgC;d=4evvb7-gP=VDSrfZKUD&n_VG-wPx%Z^&}6>0U0>L}rL zSryn0mPmZ9{$^mZxPi3$`;tu}%sD*isVg`-(AJA3>tuO9fD68>cf1Zzu>Bkj(xFdb zd||5}vrRM-&Jmk;RW+<`OL;Ap|EiJITRS>FEcogR#N#dL>FZpSy07RpQAUzo&NRGU z%vWV5)gLM+$JqUfsSqbDyKV?s7&h>%vhNOYi=JcX)Mgm^EQ|!*G23-fK|ugrY2#1I za9YwGtlu{5HBn|wEde0~;Ee$RaiH;6r8!>dwpw6he}Xpavfq(g06{-n!q72d)kDr} zyUeYQhi6m$65bAZxB}jB{nYa2&dM-qBIWo41CMRbfiF)tU>0OW&;^_Z3QA}SdVpoR z$hK90w!6umkLf|+#$M@7ejSj{$ZUnhw)`QbBt-T*@Y}dIf?dhaYD+zeAxoV`G5Ibw z@Qy-yr~G6n)5Zk{%3gSlLZ%In{7}`x7*xnJv2|t^l^V6DuTyskGi7RpyP(?7iP7uo z7tbN&BqF`|NP$eRoUKv*&@|K_D{EtKua#-bc{Aboq-?JQr$ZtT(AxEj=O;-7hg-{m zHEh5HBZv5){mN4d;fO2P$4{3}XCp=lE*h|ROd{2kEN0Wg2_}b7mO?Y59AsWJ+9Prr?bL%aPEQ8&ol=keL160HIRd2^Dxjhq<%pY zb5&}nOdTYaQlKWgCF%zJ1SJsah)Bgp3x9RI**XA!_}Dh44slnLQjqi!nw4k&lyA3o zw>evuXY_2N?mAg>yTiGaiC@kX)4{t**2~X7Da`ov3@U7e=kV>;5p10-3U+M4y2Kn= zQ?sQ${ZaYSlHrV+7^yFhT97nq3a^lAyEW%m(i(MKxrBRD3z5_N@;F;7=)Hb@9&)t$ zjw5p=d-5qsYW9LZiVZAE@k&O_lk}3;GZ>~88pIf9`+LmRwzGvX=29`iH=)%zm^j8k zbaw9^T+OCfM~_LmDWhfnI_>D)o(Z7&6+)5{kA|?L!;qdTnIaA2w8ep;<88ww&ku7~ z~@z+FwI3~qXY}d$0HuiyE^M9eLbq)K4wk*z*Jwfd)I7x zg?SG;#A93>r5VewQZMCpNo?ALzACQ_O5IbswlluPx(8qIcUb$q+Andh>?xOR4$Dh* ztD7ZQ?*7|Mh;j-$Y2}l*)7daEV5}Nf#Nsi&m-Gui&S*Dj-RElHVWACO86piuO00zJ z*OyM})mJ!r@fXxnm|NTtCuG5g=f_8Z(9XhVo`M9zW@ioyWS2Puf>=emmWI%6vFS+^ zl1w3y8WS@(Xx{|qUjv|Y_MH6k4uK9W@NIc|#taYPPOhR|VaaQ7_(z+ZI;R8Mja)ez z5B)Wh!mt;#1-ctmgK0YS8z$BVZ zmPUzQPSxQZ@dbfZ2l}VFBeKNUPokR?2nu1N$UX7ZxOfscZDd;`C>I-Pf|1(j$M9-{ ze6EIwnnbHUeeaBu+*!Ayj8kY6E@@fOu&Vd44nOR;TK>oMs+R_>!U=fE2&SWTgQVZS_{0RSaJE!ky@eE2o(wB=D6pz${?zVX6S2 zkCXyS@qzm;&EbvOog|EzYDl>IUKWwh{5A@|2;RBqon$J`x>r7UOTdRTQ-_3Ojd4sg za$h%6R)J@~HuA?Nfj@bFJN2?v0!3n7)569)tI8k$+TKJsfouPj>%%NH`LJjmAE$PX z?9_RDE5=Iv35EfIn{c{0wNu{jm$S#6@0p)3hLj(YAF7|4rHY?bzc+>wH4&}K;*Xuo zdU-$8E)@Hb{gWP6*Rs(jeCYQ-B4OFp-YOBU(C@3m;rJ3&zR+e!ZOW-d`0~{4T%Xf6 z8shcj4UmcnfP!m5sCqu_Z*xK(X4>zq^l?h?{{Fv8^}oo*q*WHn*x6!6-y>n&sp_+3 zLh@%86RMdfN7vJRpvIBVx4cmu04R)sSi)@SslPi}+qQfq{2ZLBSEPhlrras-BZiow z@$wtqTn4Ea;V5m3#m>_)&H=s)&&#=Jfu1-GnVFs#8XEz`#58{4vUCRHk)-l5)1t`g zI{oUWDLA2KM)7P(7D6g@2Ay=MxODpdXqeXH7~YhRF?f|nwF+n}=c8Kz@4#T}}<{o+769t#`NigdmMqq{5x}J7k%@i9bVsm&7?!*nDmyd&`LFM3p zB9~;zLYa06mGhQdqsGOnh}_FCzVa$qvAWDqt!8swMJkSy=az~z8@3!Ct@Te}{qvr; zzyQ>`OCrj{itl#Ay90ichisd81(E?OoC{lTH7L{)uSD4U0D8$z1GSfu=eEZwI7;CT zE$2-g{BUCa%TmfS{mIwA#**sYY*eLz>o?u5H!{U^c*Zb4=3^IgQuoBmQtpQ<8P>^H z?ue@BSFu%bAMUrkq{9t+@fQ)^qR`F^ezIM^ql2F{+O%%hc3r#IukrpDC7$yrz)RQ= z2vonFn$M4i8Fs}>uO5b*8Qv3FxtFi;Hr|)a0Mf}~anO5fULVeiM|au2L+1dP1g{fJ zt8_}gEJmA#Y)EqBW%G80!Ee5Jn{}#&lKt%Io0-Ml$5=-kL~*?_!Wc;ByIlDO1WloD zy%R)E(JmdZ_57nL!fe0V69l~fJ#Fj3Y*Q);t6dAc&LZTBbZ){sjgeUUvX{L_oN1d7 zJjwzyCw)?)^dnw+gzWUUL9n${HpD35zde#yKUm6d z&*jj>RX?-fBvN_8zo>KtS-PL_#`w9-oSjTX2q~3}!wIyyk_UX@qJ{fFe?6YJI}cc} z51k8E??4SV)$nP`N-wmxAe~AiDJPK_$N`|tfn6Es*YB9opQRFVoh=Tu-3-DtgjU@? ztx=T?<&0Z|#;%$Ps{h!>?FBaCsKruyiry0rj3;0-((MoBzYP}8XL|ys{wq5Tw>(Su zwvV5m-{@|S8p-J^(f5eym|_7aC#KBY%+L(sSQwhPZ(fhV!)d!j^-pUE#MBSdJARew;hLlZ<`(bg?}#>nTUT@1Cn2{&$0&>-mplohf&zr zx@C)*)07To&FDg&*|X%DdsfqI9uZeZ%xbO-p0B&oNj7{u*rI-hSk@ZSzBYfkuwy@9|8LpNz!Dl)|Z9!)<@lPA_Tp7L9C*ubs<$ z7a9)C8LlPI$v;P2Aon_QeD2{I?6U68cF;dzC-}bsVt`%&QP`C;RWDxCnb%b z6wIr4B?;F_pguRQb!H^f3LDYxG-xYmU=Yy?sTE9al62sZbyw zE3WVi%i;tO3Tws|k@$ucIsRr%&hCC|mZk9Bu0%w!!#ia<5ANd-+r{3R@+lr3fAy`ST^8KzJj}3nnVG*gx zgHkBx7ds&EA(UE!&m8@rPa=gZIn9z@US|8jG({PuW+^$VRJ*Mv(v7-`sHF68m86%> zZsFS0dCI2n5Jnn9OUPX$CMzk%!?9bl(1;CDRqch!iiHb60Vaw!M}^EAlvicohK`W$ zu>j}U%iV13DCSz~jABV9T~SwpQw+rl%he?w6Q&=N4UuP(%%Gm&I;UnDs7sOK8J%mM z%?l6bDAFZxjh0Azj-BT2GqmQ9=bEMfCif>PEIF@{qiB@-8R=IE0qdOK(zr(@Q=(hK zQbM9lvf1VjZ=;+jNfYawo+{NAHrf_{7iG6COrkCR4hEd`vgF95!f$vIQZSq|pOp

    `U5n-lqEmg%PzqR&PvLzZi27s)Y=R-5jhlm^A8r8adTe> zENF}`#XsW*Ux>xwGK-SOJOkAN`NF)B&gLLKZZef2Ou90kQZ7*7*bu%5TmF%+2*H8Y z4sY!17gggXE7&zbl5(R zeUdp!RlS>H!e5g1iaXla^m~{htG#BT1Q|kVajUe-UB{(tYMu%j5Jf%3_sD2w!7I6; zpDx}FOLvMgjKzVBk64brl&->Dg!u!BW~p}UF^kjZkdxntQmmJy2t-w12ss`GAtcn4 zBk=IjN+D#g^#D^?yXxI>9Cn2T!-07g!dk_`DL)w*>wKUBqH-CtZLT$SauEKD&(p9N zSW&ybt83WtPj_Vf%ybrPzB1eL`KN5EqKeofas9*#UtFRXkqBI|{E}8_BRuPf>Lh0e z!X+F^{3%+|iIYx$vm>KPIX!nz<8hXnn8E5Y#MJ?)ZV){^9#IHRbLFe$=DLD9(r1)^ zI*k#ufW>iE_T*U@B!L0xOn*xA;W~g4QJ_C)^WlOl&|`-U3cm~O6SR3pSnhW|4d-lK-Sz1e1B(8GihZ)V()Vg#4Pf;moaU%M5}XN2vo&7EmC3TX67#;`Sz>&_S=hzIr=P591_lB7#B!$i-NXV> zeRz=TAGK#D-q@_djt{T^94y*7!9GfaW=%W5OjUC7-3gCjOpuB|zFTBCvLECDXM#BE zRYN$e;OWy1Rm&~Gd+gzS&B|G;m1C#kg8)%X=wc z6>f(Zwdn^Lbv`>)?L3ze0E|bxohX$&i=ipHVpLy-r{IxnO$%RJpl%fQ5w!cxffsjC zWFyXPjq8;Rh;%se^(`2zee%?Mo=Ugd^eGHH+)%3OveMy9OM&FRL4(vd%@qyT*hgU} zo<(#M{)0R{{2mz>VIznD6QFvHw8Hhlu=hL0YYB7YF+g(?me-^c;sY`?O6mydF>91~Y z=RSH2F@+a~H}}ZWg@9#9$`Y+$Lv`{*EvfJc+~XanwcTmoGWXi(xRt?H;;wqyo=FA1p8cSUb?t+?ESDwy0N$NaLD69vq#;O30}nYy%>vTB)Sik z-SYHs3ooda0gVEWV?wT4x~^XRm!)*9g_Myz08(fQ^Cgk5?y8%{V|%Z_97uTBMlb86!WgO>xEkZiVpQvdlsZOWSH0f~%Ald^=r*fM2sR#b)~Iaf-k z0JSO86<{XS(nl~~W(WD<`2C|G^X_~C7+cQE6@II1$I!H+=@5?$M+or}%S?By`ky{w zyL^U`)OGn6<8}L&2;)P)5i#M~Ky*S6nT04+@m8KeN|k3^i%BnM%#A>x2^`@hO{sZt z$jxkePB`wsM4i`X%3>4ZI1Z7uC26NV=IR4Va^4Oi&uqdTOoJLOCj8BFCP!ok(0;U( zQOxh@2~Lyriva5@T5Dh$;)~&mz}pIHd>S`5xSk$a?{CB5uj8OQSPCzjYIaklFP4H^r-COPx?oJX+hzG#a<%utnt4Rm*<+f8^ISoSfZ{i&~YqLzNl&P;Wx0`O*-7M1a8)#-p4Gq%z$uA zA1{G%t$(oR_Sb-08}1wo9ZcXytCMHEtg>FLe=cnHJzJN1mnpCbQiQ^YX|Ff`;dKaz zMKaaXgffA~&;qCKJu3}zo;u-4m6}@g7mMdN3~Z#6PhIEXfaq`Dv5<7BWv+xNfZou} zh8)3u;{Ro!MwR+bygSscVLNVS=lOVZKIvG7!r=ILL(5Wd+er~PO#;ZTg^jUtW8AtD{UWN;A7RShMa-!bD;F-*Y9nI5$(kbLEak%a7ffa6YT)4f26R- z%lpaca%G(7@i2$C$yiXQbTM%F5hL&bcs{ zlv0cKs0hyllfWjnAp}>()W(-h7>a77^~^)b+nW;ALcmFr4%aG7n!)s%*_~82F9$Uf zpB22p_Zm`WMjhn(Es@d_BIlSHn?PzAm{<9=B|l`ASJay@2s{uV!ygJ8%EQ-tOvIyo z!0KDbkryuhh>e27E;K+omvPx>042tP=6b{p04GV@!zlWhMV z>wzHqp1v8Hnbj{$a$bD?^QlI0h+B``CyQeI4qWQu*=ViGqlf}{xm;)nb=SB1x`$$OOu2I;d=uR}DnW}g{Ny_bN!xFNNd9lOcGjFb^m&}7)whqOW9aau!I zuT;9sM72Vj(LtgF5>k0y38ce=UCCjF_d%;_cHt+l<)5a>;8;~sBXu1cbkx0@zz9?7 zqWdkaL$pL_3M+#{?HQfixcNB-?kMFZV#0N>Bw}}hzMw499SF;I+76F`=WOYG*ye8w zmfVZ3K*jzl5qUl?LhjlM6k?`RN23%dJ2}!S7&(T(HIw7>Y1_rRA^*aYY*l8$xrX-1 zp8`wPjfuGa^1zgN(Go*dy!QYAcDfANpVET#dFh-0B&7AeSMQ{I3Jn;JE+$y z;G2$QgZLc~)NAbWflHULebP-*sXA@2Pfn{^=jpJ*vRk$@n!!nh&JkVw9S=pP6*k(M2o04jAT#{6ofI0`*|Tt=4jz$RvwZb zf8IK0f>%BLcSlP~WLEn#f(%L8!GoEJTAksliKPJvmSpf(Q^y!` zfjU>!jmd1cR#(GKIvdt)s}hht5b)lXgPZ_f28(wsrQeaj)_vJANzShF@GVm6Bsj~C zO94+UyD>qFf_Wa;-wCRJ3U}#ukIs(QnY2ZBkj<2|5mcHEwY*hYH?qvDokYvxT!t|w zG5MamZ~FJ66-PoIZPU5J`)ewfM3(I0xSH!M{%rd3oi>b1G5LM`jb=}@P|9S4at+(`Cb#?iY zZQLVwZzb+8b@Q4(#%Ob^91gRtKEsG;oi2%dQ)TS7kO{9}zMj~fdQlckCo^6%raI>z z4*8V`ipZUocKjjwx*S@_iwj^n8uq2Xh(=Jqc#7a{4yd|bh=}uSn>KLMsr{_Z9}5_X z=Dy#X84n3@@0V1SG@r>3gqOG)w#qj~80+CHe@NV>i7a;)^(fD5p+P@hqdB(l0ozE3 zUZxU~Gxq0!-asHE~pJGnahqkRxX3o zi$DiuMV8*&t|-X)1>T&tJBOaQvDzk~{=^zYKPGOapHsWorb`M?M?S=RSL=2S8)nBT z_mAfF%-*(5L3=z=V`(botBzEPQcE=6YB(=%3V365Yt4NKw#tijE*YwWWM4AtrgsPp zjVC&~5Q0=pO1Thu0upef-N@ftIVSkt4}ccmn)pJ*b#h zArvfy z+%{AGrmQ7udT4$Z=e098MU=0o1!Eo5;=o3lgzu293PX0CE##&Wh)G+v&C@T)b+TRC z%hBk%*O(-Pn4gj4P!n;z<4>-iVDslA`U4%!_Uum-JhprL0cv}>+f)SOI&=cN5+r#= zSbhhs4QB~bjRiE9Ih%%}rbTdi9Fu-2q=zIqjzSC?ZqUb82odU~>88oMG>^w)u7hkd zwFy~Ccgg^jNDJ8!`PsgoQci}eCK}16GQew)HO{gAXgAgf9mP(VOdduEfp1E#f06Ji z6|~@ejLYI4h(bSRpjg{sasSz0Y@XV@v*I>1&MvhIt-|~;0-GioMl!W9dFY4mEZ0J> zq$4f?H+FSm&D)wSSq~8en>#dYvs=Q6xyp$gK(hP!Wna0(Tml8?>jPl69@@SL=Dd(k zg;*rtCjc8&N=%|buGTaN)F9pc%ujD78h+uRf76JuY*NAuw%&#oKa^e~GCM-MWs$I? zBTHfRzAiYKpC2?|f^4}#8)himV>PuY--^E_Z`J{)v*{!nbhdW>L4Z$0Y|w5T!~tP)&C84f zw^YM>9Q4tlVm8CjmX%={$|!EmaVKd2uMJc)!;uXL@q$|`=9zgB%d6T)VX+Y@IT z5<^zHo6OJ~Sm32#-t_vb@_5@1E`_rSde4X{?ci!tPVjty(xTVIAr=~>$6H&E$j~O} z)Nd)Ipt+lh6&4xnJA(JQSYg0WSbl?4%ho%p zgJDsVB-Ehqk5=jq4}%sZ?t`d$@ktAJ8L(AciQ9V8J`95CbQq|-6M2gCSPIb2K`+$-?53efPssHd9-gyjZLknL}ee! zu4~asbQ1?)r_1adOcz+RK|TVaRfuobJQw=Ej3bI>$%K;92L3um5?>T1J=+56J-GC} z;6`@~;>6TusVvZz$8w{3Ln^4BH<2q56N1R7{vo=$v?MCA!OzAd#s|x<@r-Kg z;oNL_2gcuI(;h1f)TKEUftMC&kALZNuj;$%``);2X?0Pxq*Km9YluYe8d1`|bCA0} z&yZOFaB0CC<0NxfyBuIZ!<5(>+W{DiNUMz$^ToDPub_nEGn_o)_Vx@}*_nTA{6#j~ z(`CLTRkK4;;wZVM*#8=VMt01_Y&BI+YGR=auGRoJL|hbODdFKboa|fg*#-&n){@|Y(cBUoxW{2`pmmPjGpjAkZ;Wk4@<(zVS__N zWzJ{(>tQk$rjcLaGp{w5aCSpoqSqhwpGpbFvl2wT!l}=nh?^nNzK2LGHuvEqcO7J> z;|&U6005EfOyQz*{rPq3V7K-_M^{s_=5q#%@8^ zmM40TWQEiV2li2u_tif%z7u$xj?Vwt6e>0_{=Vm5GVGf@7wy~*>O902gzqljk;GlYw~vAQdw!|l9k@n0(nK|B$w zJj@Q;t93Y0~G~)>e5^gAXda!2DJQ~eIMl$$JoVEq?`4^ z36;^y8*&HSL~p;;_uEOvX*j%=$s_qVwbvm<@aeyMO+e4Pw+K2ep8M|NUulThz#r;})EMCH;0*hY!7h9Cr=s8Ky!_#PK!f zmHF(*O_MCRimyyqxch1tAEBjK109zGR=8k6NpAXZr9*@7ol-~!X~d1kTn%o0s#93` zTdD%aig#6n73iHK=3is_8|ke$BxRxyiFpXYJ9Y$ZAJe4_@%8>k6p2tabW<)bx_97L zwavdzvjD({3~PB+ikFYhizDJ2BW~oVG3cQ3ppdNuVD3? zbl)7SxmDPXgxt3QdT2+NX2;{`iL{Dz#M4K8L_}VAw5L|Mk;aFViWA!0j?qY|{j_R{ z3!U|HPh2fWKH=D}!Um$4-a@@e%!Ta9qiZa7U0rmx6!Qlf3Q$pkqoQtBmr|((-TBJq zS`JY{9SM>7z_#H$rNhFIOs77v(r6*YNn|s?ax0m{xvtXFIWXnb#4HoSqQ_^aYA~O z>M0-=dmo~9tNAKp%j43NBr|@ZVgp_U{p3X@r6$a8MyttS4k<_)BV7`ZL_MUJjX*rBgN0j0rl>50U`rvROpsO68u+++Hd zigx`SMBNs{Y{IONHvszD6_&+$hAXX{!W)Ps9N7Xg5vEbIbrhs$Q_h7Y$0p1bn2o_w zV(d%t-Dz38b#wTEE0WcuB$kW|xaUBN5w`=`Is6kKxkWPgsx1m46LJ{W0Q}UX&*$xP zt;|7J_~&hqYL%;SvLdaOx(;%buFcaoBh*}*am91KQz{*<66^ON_`_{-zp>AD8SYI1 ze%1M19)5YZe1r3M$O?~Sr#qsr({{HRsDci{oyciD-F6Rl8kWGgP{E-M;QowqH?YCE$7*-6(X z%P%RQ=ZqIG^g^old+|o~g+p#yG=JM92h)YAn2Rk_S*nn&SrGGLBYLuShMy6_Aj#++ zIt}c7!4|nCU=L0mu(Jqy2u&b1b96d@15Y~l8Dr~I)d=0Qt?VyWu zh&Y`B*-cf#4x87vmH!-5jI9xQFHK}kZurdcH$thHJ+G|z*lm*gG@Y$-h^+wEQD}jC z!N4)PBJ}^DN_aG$!M(istS}8^wX-jNFK!==j-@WJba)uh05lo)g5HId7q%&C;A*^{ z32}Bwk3LXR_$%c^qaej3EOCA=2lv1De1+l?_Kv6uN?PQ%+)}zt7zH7wLO^30@#{9u zB%~xkO9&WNr2> z3|kagLk43eg-22WO&7wT)2|KJ&IF5kX#9}6e}DWIy~@GG?uA9%WKhGaG&Y_HzfW*5 zAvLQ1WR%Q{4ua+tA{R%QN+IlB5%f8r9|v7& z_GDY#Ph50hnPLW`_a8Dfi*Mm&iD0)59Ey?O%>X-e_pATxy~~8cs7kJ1wEq<*x$pD) zX~C&!x?$z9^DCoJ>v8M#?`4~=cJAnka(d}>?^z;VDo6?pg(MLxSkSBf+eBv~uU#kt zH?JEK0G|EiZg2~4QgY_4^>@jSC!B$Y;;Z?oUpdhKd&7BJH7E3^XfvMEwuM9D?7ld) zQ!dAC5-uG7fCPI4)Ed>M}!D zt`ltg8e~BHVn;o+b)mhPZ(%3dm{2FM;th&*)vt&pSy#a|>Znf11o*1f1MMVP)0D%J z$*Yb)XFbE(!~~;Kgs0Nq`Zkth1$pj_4T#vTgCN8MSCs$qI^t3!$wcF#0Ur(t}8pAA6CP-Tf|rgJL8vX~BwpRe>E!UuNg1`+8iC&cHn_ zo08~VA(RAc0+&>L=UkSwc| zb3XKQKswG3C045r^{-NJ-zVp4TnH<=yD%Dt7^20NbuWfk$JxkJZ?@}$?$Ki7zyM2I z&#^ofwqUSLAwXF0quoD&N_*OCQ-3y@InC9Y8=NJ7F0Yi{X%wzZh-_I_!{*$WD%aR& z`C6c>%Mo>XdaPSElx#|_v=;9~?ESrlHe~;H|5NW&f}Pt*`kP!M@_6l#jY~~8^88>S z;%U;upHKb_0Q2~Y1#lN@?K}0SJI~NIq}O=x2?`q|o+%47KnoZg2zS6vLXCI-dxdqvvV_~1K4}Ud*zWyX1*okcoXFa42V}O$Zu1#EAJN#yf4Zyx5 z!k|^+0O8Ga#yfgyRfZO8^PmpHZVMND9MRfl^y`C%#Xx4yobT_ylcLe;Sl||+9Z(;i zQ9rtab}<%%87u60y?Tt1D`vM{!sj?@B2GE$8B1SX_C?*dx2f1UUwYdU2xG#n8$OSp z9&G4Yvd8O-$Z5W)A!8W3s}T)6k(KX-*5@0?n&`QjowoGfCUUNZH=R!edGz|v*L#&w zl=s)~!26TeL8-SFO?H6-FXme}LQeN}yi+!D{&a=MU9W$27kQBtxVf#LOv&CH$B}pf zrsw*}yKuoFIb1>sbrXVtRQLIj_*H*mWlz%|pd zy(6;J`;=qBu6aJtf`A=gD&<%4f$G?I8A){O(!uymR$8mb-_7;ZZe7lVLeLdd=x8Z| z)e-*`-(?qS#I_oEdq(w9hbGuQ-MHqzqUCjFTI<~-7U_41Dp(gBD>T>S+l*ava=J4{ z4&#An!oQI|hVyEyKjPidI8dyC+(WWKGLc^IGc@aVmr--}1 zlc|NZ#>+B*-=Mq&zqpnqia{pA4I{_HJKe>UxoVP35$>vq(tTd69-Sgk#|?(=wtB(6 zDxj#{tBdTVlmygTreE^*`jYYF8wg(x@5QmxmIuXK zepaA0NTDVueD~aqIWx4q)pfWk&iHF|aiy=zWyypT#RSb46Fq?OKd`Ll(l3xg4rC9c zNVT+T;&1lG;V_=8YvhexHjLptBJLc#1ck9KHc*kp9-{_l1pB zuGMNli`=p-7>c8<;`Qf%sO!*evA9}xOx%K!-X(@4q1EL(>Shx)yJwxv(p?939Ivp3 z+Qie>uIzDIL+~|*?9)9u`K%hCxFiP)!ibl$Qk!e3Q|~{yrEpcV1vt4k;~f(glB)I0 zGotGpq3vyq+b~Uy1{2K`LJ4Lex%7R^F|-aZM9T~Td81-a6=>c#^wcfysl~iLW5;T^ zop_y#Yb?BN!5{iu&9*dU?_!L@sb3%Q5>$JFP#UK4U_1J`%WuseKi3pu2zoEZ)g-e5 z6X17rn#< zsoFzrO7fYUTg`9NDHhsKP~XfcaLJNV7vrT`$!Pot<=IYRq`XReO;uH;*8qMgHscrm8ofBOLXQ+ z%44-55HWq!X6iCC0NUM)08i<%7HZ5dE7+!OlV7>vE#|X5~tF-oo7f@%wlbyaA z52;kAwZ{m!eHbGx@Pvg(nG9BLh!W#CJ?pDtQt`6Ji#?X?KRbk-<0BepSiU~0oX>X| z&>Xk|>3iCrR+Q&Pg+(E!2?}YX%bQIF=b5;ON_uN$pt*!*u% z(4kH-R9z~S-IJGnhs9Gw(I_#~`ssnvWOs_gqIiaU2`cOqk;m-E`k)U%$WFiWRz1;( zoaAnAw>n$&`y3o>f}G8!%Vf|nNP=c4DgLEt9XTeyZJJs2=gb8OaDdrl6=|0Lkhr+m z^u=nQh}6RdvRKrcG`QWa<2vWWUc;0Mxo4G_w@WtfCoo}C*P9DY62uSO)U@f`AMP#J zr9{YoC3EsNt%7-~!wB0$M(lz95Jk{vvY6b`nYmXatY~;plEO>*o z`cW4@f2%n1@bbAy!4O1hBMU2+;NAIuRJ~(#Cf^gb8%;9dOl)If+r|^yw(UHzZQC{` z&cwEDPHdn2=Dh!P-t(b%?_RZcf9TcPRdv_ppt)3-Vv?6g4E?)C{ww@7i zWoWe$N|j7VK?4E2xmyBP%mhj|RxG-38VSVtuvh4AsX4dC^)Urlr#@l8qDFp1baXJx)aSv~>XDqw_Zk}3M+P6EsbB0C z-FzhGyBTiA@&c=)02O$mJp&*G#b$Y`{-vIog+mIw;&AmrC`@nJq2^W<)`*vv&FiEO zM>CQ)RF}|fSdXsgD;ST)6@l>#fZV^#=%k2D+T5%J6>R8-Zx0$Lx3LVOOdO=R&#xMA zFeiLb!9o?`RpFx{Fa_414XY1O*d#vnbjypw_u+@g&TBoRml&EnRLjNliU#><`a*x4 zz{B9G@Xq^9iOt#`@rDFpYauUT8274P(?ZWvHRz!Ii&k+NRcChYX`(tc>gDb}XpFX) zFI${3lnl(0!^ARe`=G$r;Hmmh1cpU+05eOAMy}BO36w>o?%#am-~s0v9fnB}R)DBU z1_JH(mM|+A>UH*L6Dx@&t$EVkuiV$-PY5YXVhc;^N^sBy7j)wxi4A5S2xD5*!DvQ( z{8qLsJJYFg!nE=%Su(dOql!~%P$BYcb1myoZ))feQmHz*;e@()~q&y z_gK%_faG{r<`UR>V9wTt_vb|rXRojO-b?-1nAtY*Q%2v7V)G)qFFc-g5|qg@M({z6 zOIOBr`-ZUl*>1J!2{NmgO)+<-)_q^LQ_99I|5-DuQx^f1#sZDS92)yp8J7;@xJr(| zd!SOc5yq$c;Hbqna)o%33gZEQk`#e)Llgv?p!ti0N{L>AX=|Asi21i7wI)fH%=}uT zPdm+U)QaRv8^^0h{y<^qS>DCA!U$0_Aw(^M;YUG9nRAnl;T?geG zb?q>P>>{g)dZrO{WDPP&ow~wuNf%LAUJ2nYm18mo4(%dc3M7_1cg{c34n-Thr!q^4 zrhvh>9u&kvuKsRoBox#Mah)2IN{Gu=_Y4%Gq*6Qsnc|5J-D@q}A+-hlP~fe-rywC{Z8!BLj1MD zBQznE2I=Z4jIyK1^Dg_4>QRV(#q9@Z1<$NTxYGHH&KdjWAJ8F{`|_Ak%1z@(xN6hA;>x`iluYC2=B6p1 zPvB_P1}ByZNi2*CG_+WYH|xu>_(f>k?DPF zngBa{PoSq3U^ge6C?$Shri;a#;A`q*$4Nmk6AG+UizcO)iXN%JtT?XVTy1D&Ndh9;%N5p8Pv4=t^{D zyWaz3s*i}ekEqC~+9-7rI)d}(-0s(vovLqtoElWv8a^Y>zQ?jkZR6MjTZn)mQ@t^m zDGOUIA6JXZB;l2`=8Ng@NFdpCr;*7Qx*z=X^o3dt__rZi+=tVLf?dtmt$J4;8)`x* z_JN$5waDyZ^0jYo4=*LQ7rClQd4|@?12RglTZIiCxSmv)i5Lo*1N6SMp!Mxziz=(9 z=S?RC#=KByTyN6Qcgrf0$EB{8FTTc2?2$<9j?#W5`v`$f=0uPJD6|5)KO-_f*94pM zUNEbclbgh^%Na{BSC?h2-y*89RgVyunfo5Y9u8TVZ{D&QJI-6|>ia618-@6XH-V~Z zE9C}$`ZzA0(kJmhR9zosDgq8vM(Eb9hX@v|I#$VRQ;utq3Vzjb4-hHGX2;t%D{t{H zGMU90tQ9C30BC*5eBV(x9ul>V_Wi5XTm(FEs)p8Gn))2_o0&VVX(?{SkpnS^=G+C_ z48;s04l%FKR0=g5RD3|F=)Sv>955nUHY=|hHrq4LnFo$O$})IXkT`dbL!+AvGVXy^ zKv1YFI}`^E_=IC(MK83vT2kUJ!dV`7&XxPQA|2)xgNGm#jcF&)6RTqF70S1{K=vQ}alPw$@qE6sDGkU0!*OBquZ#Z3QaxUB?Pr$eAj4gUBn<;87N#r27t$EAQ79eWy129*iNW98 z6;vB|pi-UBahp?7o?nt`5=z_#CG}|P3~fTsj~p3wA@+og>$NOJ(lkZ|^PW+9tgg05 zHwL;!0j26SZde=_x-{hK;vNu0o$i~B&LdO6TGQld)?(cMmXE={XXg^-v6IMEu3}^%FHAmINuK> z@9i;LRW#e(D-7eyx#~y{b@1PE@<(xPG3IaN`)z)ik#Xuev)PvoZAMbkhWH`k24JX-Iimw{Y%wh^jD z%fZ}sdmws7AVEC#A)`f?gOeae8b-WX$`s|gv zjHUh0w=E!3C6<^TGU(<@-EhCjK_U`fLdD>IIYTSVpnZIWj7xpRI)tlsYdLdwd-iKJ z$)~O?%a5@!f_Hq&qeRZ|e#=!Zj>k?5LB?9hS;(YaS{fuyi(`#ijWgd68avmTjUP=y zWSo(z*&!Rj_oT#)&U-?qSn;7^SG;&DYbJ}5>D6#Uq^M!ioHV4F zAMKnhPPK#a_dPl#`=Uy1B~91Sl<7m{?ENSdM)^!L1a=|XPSQ4hW6Ybl9~rUHNKaUZb!nt#i472E%0TZIYnLb8E? znCUkktSiVa;rqsS1N2GRUVZ*MmFD8x%&}0%G3WAT@XPj;v)=7+Ucb;=FNC24Hx{8` zHG|_E#QLBTK~JXYeAVyNW@|W0^kN>b+xWr>N*^8kS>ddRH+tV8w;J~7NSss7C;~OE zy*h`7nQuJ6i`x{+E>i|&mzhhiz&W4T0c%|^=V6Z1-_PSmZTyDw2ibjgG!P7LmTxYu z#7Wk9pQ7FK=4^+;(a!apVBZC5s7f^WTO(5JNPLlV@i9M-(;!G7(I^c6ZhTS7PiaTfKe}`d`aWGR!||&rCXLt) zF}`YHh;dJt<5~TD$GxRsuL$?P3md|uRlhTdFB`c2WZLxw*QJ3~*kQg@j8B~cW;{gt z>%0*1e$QNWvY=zM{BkI^b1SNLCFq<;Lm0GS-u_KOMOa}{BdwJUc4_^+8c&0t2|^uF zy=I;S4^x+#${p~OD82KPH)3|%ifWiGTF*R2o#$*f64mTw10-6NwYRw3VokpDDc(z! zfv$)@iBQZ}Q`9cwQMF9B{$3+h0g^R$vVn-(MqITA2kt-s#w3lJX!=`XDw3b{>;n&y zQ{el9Yzc%pVWn^#;Q;6Cxm)h%i3sGkzpY*~iC4Ne1GAZgH1bAfd&0U(tFadiM;yW9 z9I1zy_5-6y+JqBc&vwO}tm8RnkZ@SH!;&{RaxtpEkg6wyQRs^I*PotVMcouyYjqcM z)+2M;A_dM6V&7;L#WCGTtR9>NXVi3|c!S zndR5diy(>TzJ9*_9(|9%LGDcX2^e8~b_;!MX}^5#V8LW1bR*5NGI? zBD0Yavh4Tb2*SeX9!29?#GF30nR*cq&u5kta;e6-J+kDW8EKEXu}rAg-y3m#WV}m% zLTy1}W35pjY%I%VdU#qj5cyPk+>!mRJJ=k)Hw*1Vyuh{pdp#E!?iypBW+nPL?+r3> zYJEn0jb5Jyhv8d_P|a$vP$n~`=-|mbjoIg$pC8Byg%XeI1hS?A;=??ym+SMTQRd0V zgo*x>LP{&tjLAR~I`O@U$R;~t7{pwbZ94n+yWRLI|Mv8?SC0DPG+LbeB8G8PHp3{E zNo4&Xx#hp+E!-$dJl9MXQ*ZGZ^IU7q1xFFXa)}c|Ee;7;%He}2HMEhdsqoo9PBlT5 zPWOdjY-y>&Qnq)YMDU5;p4uQg#Lo7$s%Zx~d?J}A-$zi9!!q9nv)fe*x-()<#q`T{ zGC(OP!)p2 z*J5=1uLa%qkyTr2eB{{d_@*^4pJfz7NTAJn(V%&p%6b?BQ`%XC%(aW$&V5 zJr{S8bv)t?Ry(m94mihr8XPM_e@KxX=wRZ)1_n1gt?(yQgRYO|h|bcIt@`}eCKlzR zS#RZI&an#c+L=UoSRKL(@L&z+4aIm^*+qGp_jYDXct^4RyTV+Ci7cY(|C&B7QT2ko zor0C|zHPxZrWKY(cbXo*-XIbA0u* ziYMTM#vwRvGFE|9MXJOcg$PKi>m*tpE&q~b7&(hyaCdK4aF?P)q;rbU-YM{k;4BAm z?Bj9tnr85TiezEr=QV%0ElmgQBvyad+==z$UKAJMmT)eyNNyQNUN)9vNkqJ*R=cJf z-O30D=ot^Lgr*F#jeHoW?(#OZf=y8=n>a1Wrw4#0NC`Z5#+!n#^Z*&6RY|B~2Q@FFL;( zQ(4;0^|1O^e-VkX5aBa7>ZEL?+nNs(f~h+EQ!f_L`8|edA`9>t&@<@t4Z|dopbs9& zNVfyWB9#C<3fail&mWFOAvP}PaY4v!LwQWtw8RW0Le5z zUEpLFR9tRBJF(ucK=D%W7gAwCoJ9>Y*T4FS5gzPpN!1~oAQ|XYzyb2Xi5!E96{>PXQ~Wh{MacNYB#YdHErY0DN%ddfpc zK3eq^4GK2Wr9a^EiyVndNUf}AB7RCnkZ10eOwi%)wHC4O8H(X>&Lo4r&?1Y@??Y^GKUzn0e|!#V#E*{witQd z0r`K4qdW{t-!UvM16TVb#h-f_9^cu)>z?Wu9`}z(1F#PmYRiZ<7SsnK2K8y|EilVt zFiJ^UDjT{YLDH#PYM{NKa8{AX>s=bAspsnMH#Z%aih;^+>|}3}Yofx~(mfp4S`1@S zc>xCM!R60h)m(4rRg9JcGwVZacr zKIjl0Un-zX_Ha&(uWEUc2iCyvKn`{m`d0*?ej`5E5&pcmOp%6c{lTmL(jRM5kEo!w zto^g%^BnsIW6gzC2J{_whPt*_02TQJ z1ql-DPf(zbS3zOxDco`#70fRB6Ef#@9Wf9b{^k{H4=QUiJ1U5{7}4B!i=}Fan!(I# zi?w11Gs`RZQ6|9yVtJTsK&ZdW>~EwO{bC^Rx)&azBz=#Q4cs1R=n#E|n0)_n2AUXQ z{=~klJ`uhdUX1*hM2W=(Q&a&N4hW_#nrqX}^o^nPZZ$8?jg&}QpKH{{^=6_#@fEpM zR9(klYWEM;a>#(MyX6wQ=VI4c7RB=@^F-q+5ye?~r5LS`XoV~9qdI?0Q}Ytu{xPFb z_VK&@Wl(9&0UqJSJAw1@s}A8srySuOu>0rZcGQ+=-bVwY{Y581-}PlS`=d8(E8E8g z^3i5@*39)Km;D7^BL3c1%OJ+*MI^%qk3*f|+bhN=9@f7d?_hV#_2s|rCd1&ljT@ z6Ogl2k>zFVz-lCv9{^~K>h)$MT>&BYoqcO8M@6K$ctKPKLgi9ApGP_NeRA0c%na4}GW z=i}B|0$E5eA%2S<5iR~~t}GYq;^nd&?n{hlP$IdZMs)8D2V{q_P%UNhWb=gI_#H)r z&C-yyDL-J^B{$S;`w;PYe16=#TRLPHw@J$Vr`VGEDm8V-LHdLHk$KEK=1a5Xe1l?2 z0@J8}ZZG4SOJsw>5m?k~+=5QFs{Mxw`nTENUJXN>+U2yLm<5C>+dmtOGiMxpQ5EV7 zjr`1r>Kp!C#fRJplLdLj6%L)Q){07o@-Jo~-Oz4o@filjv$%OOH$pXILa&NX6N$#= zepNyPh?Ed5Jz$rZ#Qh+fuX&EgmFB15fvaH99kxWC0DF#j~FFj!u ztEA-;Iv_EquCqg#WPwiz5Unvpi4^;@%p}Uo2s2p405j9o;n_l&>x*~e9^eDD3KC34tl6$`db~wrMa{BTPT~FzE+|D@;{Mrt+ zU$^U#8FKuik3-Km>P-F^apYBJUZ3YK%E&M>%0gx9@3yu&fKSR^KZ5lHrc#7lukdsa z;Y9x%=`&e+TgBr8f&qfZhfa9qeWIuEC7}9+jLRH~aW-Bd_7<=2xm0p@cqINCBeW(5<-arf?~swBig)YY|aM^B<^0y)bCm0}~Ry z_a*i>aKfpU1V!v+*VK6W=Hh zg(a!TA7pZmAczfWH51H&w5GBRL;>OmGJCdQXQ1pzH?4%=siPU8S`N?x8$aJ|ok}N# zP)J+5NFDts$c>u+aC-<_Oe_8uTg>`!x-{s}uV4VJu*b&ApL_=`e+@1UR+`4}Mm$i( z|0^G(9BU|Ti5T3}*ReMfoQ46uoHCX+tY}vv@QQA^h_zo5-E0ZpU@@@TXh5w&=&6#( zLiINQ?*jONRDHrwx#hX?l?3%^+5X`9y_7^noK$x+>j&@d4;`=g+5!DL;!vV4f&rdB z(du_{<|Z-n+H(rQRY)j>Z!;vkzUOXv zmOBXuffeWYrD%j{c$TIC`sT0S3US9w*k0Ut`CKu8+&olIkvbc8rAu`I9bh4cY4$#e ziRpd#L_5JAnRN&U53TDOG7 zt%uwM9kIoXdBg7g=5H+m7WiBUPEQ41%3bR~z?z<1^D|r!M#W?llU--!@$nwB16Kpj zP__T&Zo14P6KnA-I?%UDN~y<%O#tGWCv9B`GFZf(er!V z{5<aQIkVjiFQX{V{RFc^iE$u5hv|*fE@y6IhrvRQ!bDX3wa{guy=B9PkL{0La`IKj1nO8qm z+6c?!a^iOrt%Tu)yOs||+Zef1AayOQfQ(d_K!QepgJe`){T5ewRT6Ym*<~k9h11p! zP2&&eJiXHQa``q6iqweoGvWb^x%$bShAbYe++PEvNDQ*rrbQZL;1*fFzhkR($VbQRka@-lmG1OBPUM}>+!nz3@ zr;(9ma&}w2mq8M5HoCL1zc|RV36TB_Crlw6`=~Nne*uttV=kf1eaJXds5X9+?QfKZwu^o0gIgvYW$-Terf|Zw7eLmQ%FSb1k-b z9CIfQQVO6Z{kVZknnPBtT9-q8r!#&0b=ZF7Kd3u^_nQm-&ea=Ly({{6 zux-=e4ngsTt@in1TOqc6UCisb)%%rli-~JejZgl$3Z46rQkZw{5*k?HK2f7DhT;|h zc$y{tS^6W&xR>7Ot%fJ9cWYNiTWhzsBk+Dl4;ddtI;Q0sJ}-DvggLREJT0C(1L<<( zIK=HJXytpt@}apQJYE(-+_4AYAo4!i$$c*lAeja9q1Ov(H`34t={(0?GrrBpQNxtn zp3k$nK=(H>Ue#8j0jh0yP`2G-{c;e)uePkzE%39Syfij?8N4*MdVB;w0@a2ZS*YH# zta<5W7Y?ci{9Ogu#(KAHEf=AmQ$prz!z%S0-A*b6SfmUp#=TlE;F+=uU8JlIQUyGD z3oXXC+0#mm&sCXC#79z>{TUbz4Duredenb(e*S_7?cwdfs)3E`VofHIP^ruZJY-P@ z!tKeN+0#qsuyzX!p`N^fC?U~!>rdC~jWDBAD5hMYe3rStavTbr@hLTyA2?AMIRmjl z(eUYnJ%FC8FDZBR1dOq8gUsb-!8OL;lrl=La%|`SY|L6<2EA*=55=pZjtMCE;q@4J zm)i*Txh>UjZ&0Q)9Pds|FhkMd_WrnQLzKksb_--S6P@!retSr-wC9WI7=Oy(i{WlM zezk2|>Eeh*z+i8N^hYe#6%uRM_Fk!OBiW;>=F%<)>H{V{|NrXAr{vS2uQCBtDzjEZ zRPwXmxSF;RE8o$<5VioO{_WH9DKmIMR)(cSk}&|xzqBD#x!cF~`gu}@*FXE0n}$zO zBXX-QrZ3 z9Bra@FB;_*%NxKTx3p)C#DMD zz#W;IZbuj{XJx&~{FfG6V?7)Gtr?U)Pa!-|aW9x;nO8~0WQYDXocGR;8jxI@cmN%s za>HWz@Y9l9>%h{orD|p2dT-bv|nH`ETs-ks%I9>TK z6`|g#9z9hJ-Jq8%+1ud+ z0uA&5elUyd?=4*JUEX&Hn1arPv0$lXyB$*9(ut|%bmMd;q{`K{Q}kp?eQI35Dmq5w zDpHmnAUu~sxT2Lia%ip;|K#U7n3Dl@D5ZiRW1)L`UHmx3RO8{ytQn)y)9f0IFaX|%I-ua>E$mZ(}RR(DfAX=lCV2tAyS2#kQa#BflBlwCJVQyP!ttI)1 z+k842Fc{`{QB8GOd_eHsH4L+__ydhbd=>V?M@uKr-J1!CT8JRgMguUset!dvW;cWv zNQh<+lrf-=sRZc6ipAw9)kY~g#I#yHC}PVe zWa`5py{Z{;?d`kAfkvKAF5=aa#{k0k~Q=zGg z_n^HQ=~ky8u;5zqfyR$t>e`7GU{&q@-ukXJyb!#wrN@o>1IfO7%RJwQw^WlwDU1VyC&Zq*CVH>GA30q3Zt_fP&;dg%9Dl>l0q{a zf%)wLd5TywfuOQmZk?X1WDwh4NFE|cnr=3Nlae3JJ?hF-S+E(4;P{nlq?MpD$qo5= z&QRN@A*|%`#tb??H_p^0pwS~R>rL-62;L?%IAmE-VUmUnkU>iJmbdS*_K$wF>$MFZ{J zNCcCyHlq@Y39D~ZoKa!ON)h@Typ!b+LQ;`5N}3AeCRS+#Ksiau6u6twWig$TcoxzE z1-)1J1`hryQsxIRq0pEFW@I6|79t*wI2yT#crq#TZLLBGBqW9FV@Kb{Y*#F@zT5MrNEfmywFsrym|3fT_89G00{I56kgd|N{P`CQ| z@(;v_S6WclcKf^qet;9T(3R3nZ|J-YYIxtN%xEJ;@<6k^?3O>#XRsN5DxxP7c9I>& z_Uubmtc>l4UEpXcMZbLOp*JX|n(@=kUFG|mPZa4C!%p7%7VxA`c-;2?&==ifk3cfC zah#*;7tZxdA{vwjR*#!$>_BU09ypd>(0nmXGtL@1f`l9K+O?)n(R|me6K*xu1)0tp zhuo{IccP*i2ShMY@>ldDFVF;9n>5e8)frn+(vHZQY-YH!ZtL>uJ+OV-a&A0*cd-p=y^s`l=$Z8A%|qy1`GGON%ejwGOIAq7 zjt`?riDY>aJu2q?1~|g#EJmtujT;KvG@_R-tH2W@53AE)=SBN5FA_SvAl}n)l!g0y za`o5V*sjIEw*P2^Kstx6<_V0S zec=~#Igu({J1hYC9saFqS}LoB2qxbD@ zB&&0X(w{=(AKe@yWW61qT=7=CLDX{BsL0OFBn%+!zMLp&uV<)X9u)#ZRPeP4lDKsF z53mVHU`O*cB#*417Djc&q8v$q@nae7x|`WPKKCwwYO`5Y%Jnj&ctauK{&!MsCP9g; zTc3rtkwZt=>!9oOI}rE98+vhFq@9Fc?t9ZlaCry zY(=@*oteF#_eq__<{Fe1Hd#M4pTWaN!8(r`#yPk;J##9VQk}^*%Z=ONd;bdb2J8LD zU|f}i^8d$RWc`o9xHN6qCv{)+Q%1tl0caULFg2YUnR*b^hQSOXn$S<-F7YAA8{Z9L z`929n9qm6D)N-D4C1AoWTPHL(6rOZyaJIquyEpG;SpElGCGx(< z#XQWdWH@+?l%GocUwER{E$)qSwM8#;kqV=gE`jhM$&#>oT@0CTX5Wtyv>fPE@X+HR zS+*>*dKYDEp~FE5xmhw7Btj^K!z;fijGX&}cE)tm+R;@)N|mQ@PenHV7lY8K)MNaE z{%thPP}z@q`4?jH;Q*3eO{RKlq(!UWE|V1kl}t*_I%ACAB*T_;}C{>!)+47&EeQpSyUXG$=87Y z&9RF5->Ke?jN09Ye#_DJmzPqB@-DmFH=Dj#1$YY_IdCUsfUmhMkOqcl>eKW~_$y{C z-%I_KntX6}*1LT3_A=Wwv?=)RgR*0B`J|cZZ)o<%L>?a$cmkML15>EkytQtpGb4NP zT9euJgk*Y7bNvj+?tl2Oys6vz$e;p8{Qdx|g;ckj6t9?Adn63|+=10$u_DLP>^l{w zqV{c}jblCAvN$8%wmtWzDk*t;{#Wrc?axU%tN^ed=AM+KJo*kRj730MSe|L+dTRVMur0l_bs7Y3EEt+DSxB9Yq1qc z>Bs%=87FbMUib9+MwWZxS6^DVV`*dtfX&vH_GkCCE-98+{yMnWjUICTv{8?Y_w)?U zp3Va|a_PQpDPaHLL+1$&i7fhGgCFwWF?qf!b+Mc zn08;`&Vs6tqAbY1jCLV)PRfJU4GveS@FNR}jQDYcS5_f80x(u|D*01RGdwWYD%|G# zRC&4`ktDTWKNjO~k@{KHJDJ%oUTTw(L&TaHN&cIb4}Hcj&4E}=If+6P$1v!fY2@FgPwgi5UPqpeT0Gl)Ld1)vbsW%d$9IfAS!l*uFq5Ihl*9WAOB9-^#I)JnI>Q`O3qox9xg<+vMd}NGU~c@g&u31Z*3t|; zUuiGA(4XZxTqz#EhHgaiMr-2o+mqU1;%ol{AQ#<4vpO4lyB4lTmI%-hTtf2r?3Jq- zsgtMRDivAxFzz=~9CeK6^Z*=+IR+m8^}`Uo13ku(j`vQi#Nm(g=B5;J5CI8lI$t2R zs8$nE)R6B54#^+Mh{bO8f#S#LNIWDT-HSQJ!OIg~R&R^Mr;hXm&*cxZLw;|$CFkJ^ zNLiPTIYIK;rktZj4p*YAmbq1`zK)O^hN8nJhfX>rRkh-C64QW@J$f+oEocqgAbzb*lpxd^b9D{ za+4esveaJ~y)%Y6W)PIB4qR;Cm7+}JGFD+d_U5)J^}0f2Jq*xo&i^=!MZ-Z4d4}V4 zDn-+@pb67#ViTkw%S~Q5L5=4IQ_}RcyuJdpew>DrVS~_>mA3@)Paiy)0Sj)BHhgBh zFDxR~aEKT4fnfg!!&oNvg<-sUxj2<1tRe@gmt5u%Up$BOfN)Q78tKq{;xaCLp)h_^Qbk%1J^8QXuHfjg5F{g*$77w8nl+P`Jyo5woQIo zyZI2S?}HhVt+PAK>7iv5KlIF_X>WKnvA{Mu(6l-w^vRwV^2ivrH1$zDo6=ATR=u_^ zIQ9|E}|qvC_}TPvB+XdJbO(>YI+Tde}SP5P=CwYS?0moZpOeF$dsNqTM}=} z%!rLq)$c}-j&cUZOYOsk9xEyiL!7sV@#6?f;F-4)C6X|!`zOU7l2l2GUsYmAvmvWf z@Mubi=>ht1kM9L9oqB!WcQL{$-NHJ_R#o)^!O`D6a$9JZQ)jzb{)bs)lZ~c$=Q8}i zFpPt#vwU7Q|HCx?XWDumO`ZKTCOM0ucsGfpc>kZxHtLJm_;02VZDZnNp~j#Qt{He2 zas_+Ekz-L_xQ)X5$vGa+ zLprUq>}Ou8Vd}&ycbGkZ6?+X8y8MxCB(Ogf3}oXdU1OHpRP=Nkb$FC%(18dhxd4B( z(U_pI+^jyc{PIYrl#FZMTRToiRP}c&siu51J^?dDP@<8tDJtFHUoSF|0&qV?O;+H+ zhromsx%=va;qDn9#{KYp3;mEs6QjAgT{s&^5 zkC;&0#u6c&nOXJ{^&vP=xHVfjO3N*F{f^hHPKDzNlS9AtRrUfO`Y%`^x4B4Jt5U3i z)s2^oCQuY6gIblw+^6W9BjWuRoX??Ig?$XESlF!1vG2;!Q@iLtd0l|!18zb*?Xq=^ zUx}<07`AM~g70_CVYvyqD9OKtF$C<2gjAUkQJ`Mb?nO?Nv*N{f{8%Z8&22P*Xe-ir~Xqnxs4^rjr> z6vSRKXxrzMGkG89W1rW!Y1SxW5JJYJl<6zhqiS7prXUdcm$XJ{8Q$hDUo6J$SzX{e zy=B8)Lt@obrem5>J{zrZ3#JU)EqrJS?sw<`bRxM~627=1w|<;)gh&gm-7g7oWw+%I zLR%EHKHi0NuEt(WE?Wfh7c4uzDn}0PHuj0T!03=!K=lN$T#}X4)+~9#?8c66Gd##E zM>om124gziRTNcQXYpC6eL;{64G>LrIx1YrUU3R)Wdh^6&InrWxx!q#BGyCo-7TL( z-=Z4GRYkv=72z~6S^P!X zV+h5hS>M?DY!R#9OEOw{LovLx>Nhl$F`dDML?ql4`T`LLSe6t z)j$MXXY+%Zk>7=Q9hNcKfaa zXCsVBgDeZZ+PF|{S-Zb~Kl0}h1zkPdpBAjBpn0+Fok#)`21Cj}7Sac*CC)W3C|Hk^ z3ll$wbuRsUj_5li6rV@ua^SSWynFe*qvdz^7M30CxPaII4)N?-Wt=Judl7vdY2D7Z zMxz_=3c~EwIBZF>Ya1MHVnsb-50%TtFC_NVc5yk#TVWytnlemG>=D5%x%%`7z>T34 zPD)FoefH7>YQwstKeSQ1trkDyZVh*-V?pEs(>+=?TRc<*Xn%EmYOD*S?r=}6D*D=! ze}Ndyet-#zWsKcj{(1b0Tf*%cxr>f%N`b+v#&T(Wff$XS(^H6`_!iQWaU8;PQ3=PA zyk3Tm__BOJK7IMt;2nS5jaou8eAlG1<6XefGONZ7u{f;xS_oyS$E5d_S6i&+Nc#o+ z6B6C$J@Qdst5rW?Lg3-f0!KXUTH1Fm!q%g{K{e>mmfJ1O$?V;PH8$C=E2&idK240! zp&4Ebl5(B6h|O`vL2dq|_M9Ac;i zUPssugELF0vU9d{JiFZ-f;fU!CBod<4%cF=ATgUbIJ!F@pwO9DObui{K&g-M6>n~z zLo&`X@O6-%!t;Kj70xp$OSR`KFJZ1gCYM;)P>iV!^pJT2_Uo$^u2T~6{?&n~2Q{C8Ynv=a&&ENR4328|cfoh_o4vbE0JgG(`^_ zmNZ1FNU4~9maDh!Jnu%Lz5T5K6gNQQECr%@4HX>s^|X>BCsUqCqA}~+o>;X!iDZPi zbQusxEW3v;3{QZo73-Nc^k;^~)46RXQs!Y&G01ukl*j*Sre?@=@GnC()4B)_D?M*} zGa0woVaK%AajQ*VTH|5Hwju~$%6$fVTUd&UN`Y^SsQyd$Op>H8$R@e~* z*|a0K9FopRn-t7rRTyze(#w*tVYP?sBF&*N)%*AG*#lNSCEs z(7SEhwr$(CZQJhMwr$(iZrir)?%nR`bMF1-&P>Go$;f)6Du30AH)}o5S~&t|CzH)D zWadFj1=)~lGum6ityJV-=HQakf!d!%(IF$1M+ucui9+eBLCIUwL&BA_1u%Y6eTIJH zZt)Hwl!Iojkjmz^y1|K>`a+0C(%AYIV}fsRsV|LH=%uU3Y-_W&q6?7Ox*Fk6X)nJmbdX-7 zqF`_~af2XPO;GXZJ0}S^7{rdya25HO5H0Rfb7^u2Rm&Vo*(L0tXjGJ#YV-XD=ft(T zVuMblL1%|UO=Z{YWX2l~4`hSQuZVa<5*-fg!iz;2Z8rrod|HkHbYKv6W5|;VhjwGA znv?~EW@BOh>si8~Uu2OPrI*lqJ|tHfvb$(3DBUsPqh!tvRxH=`hAovE;lZXi0inM1 zUdDr-Bw!Jq_159E$@m&(08`Or;m?=`n2Dh&nA?>wU!7b%l|(O7S)aqD)pd+y=W=qT znAiX{wmTV(BTUtiGRUuKy9tLFReP6IFS)qY5JvJd3(8smR%6F5p{^VpBu%?~d!PT< zW^!^8Qw!hgf8@G&16h6(R?-oa0ry*jI#YU_m*x)O9-gCTtw4f z7)qMdNT$AGQDKWcvDDF_)xUsfb7^KOO$62*68-VB5S1Kr>}El_yc|1Je=YI`INQo> zn{Vq9^ z{~Qpy*rrKaxLK2v4($o@Q7QUUCK^{KPm35X6zfThK&Pvdxd#}!)x3b-B|p|#(sz9V z6QfDU7K^Yp8QY3F*N2qcN{=!fd2Kz(rICq=JNraL$3oF!@GowfOAfU~4}C^SBO@W3 zhX@}g;*hZ*6c(SLqQYOf$5=mZlB{l0Kj%J~vEmno>HY?VunF_TA5Sj&Oz?GAh z2?$M(M}qoTZPmPtqXI{2N1sZ(WfLf_L41~+qNW0*lZq^Z@7!=&a)x|NiELa(y|Zg9 zB+J}=NzVX4=q>G;izt}&(9aYNyQf&2$SfK#=-HB=VlJ6vJS@|EDT&R$pbIuz(vB`p z-+R4wJ9;~tV6}#DgMA>;?GZe2?{wxbl+XT;+OxMRmt;`gXv}Yv&wbbJd3S2{VAsyMoEc zp^H%-`rB#w)9vM2d8QyAqB2a(1dL6(le)>)J@AogUeL{cA^=yd@y#Q7JZ!25{qHqb zmo$(@4k~kSxRVRR`S#<+AXchK-J|lm=rJ#rd~i6v$u&2kNp}H_xSro~n1KEaQLKJk zJ~q@+^Qyo(|B)Yff8>Y!&V^TiGGb1pfjpD`1PfY4``GM#J{CJZxgXmv`3uN+MLJbb zb)^+S|L#t(Xr;BZ+HZ`X^P8S=b@NaE>9^9sx4@s>glh7S6D$||oV?2C-G(v$34$xJ zyDQhJHnR)0nHX8?6Vr^KRM=ZV{NfrIcw<{dUpD7$UuH7_toz(q*AaQXjSH$jv&#hPcTKo8qn_}Qh%od z#_ma;26oFYq%G80T`QsRc2pkMcjM4j#}#{j!8C&yWk!V)h+6W%agg5ebRqC3*Q3f` zQIgHa2nrJzU(t@>Z%v5_*=`=UKW`Fv%p88A>+9!5jeE9naEbit_H@1c|G5r=->VMD z=vP)&_g#Q{&%#!KTLBPPcjeBwe~ug|U^+8X4T~Fn3gCT)`!cfb7W+K)1Kvh{Ds297 zAPfd$f2vlK5V3nXNGSK~?O_KOOxWwZx9rBwnRl@yCMjfRZT|5eG}l)7|6l(B7UV3R zA3)s*h9S?)VknTbCHJR461n{v zvs1tur00Ko56)Nl0t9dZ08uxR&6?pnz67L{cO&H!J= zEFh4)`7v?WOjYG2a4UxDl`JlxgTXjC>*x{dU60_$E9l36O_+L!KxbHpGSY__8vus; z45BDfC`1_I3yht<7%%zeVz4~{ zZaRq9?w&tgZF6~dXI!6Pld3tLz&Za*fG}VjmEUv#lw!E-G84JFc1n@fcT>F+Pw~!Y z#p9YMFe66C>;2Im@Z;eVl|&#k;7H`$9Hj+>83pQZM-+`U{8nP4_~;$SBBZTVISGkK z+)%2KDR=5CW+HI;l``Yubs#T+nRp^NC&U5hWb$=V(h{9Ub+|~_tf$769C>;XmS`ZE ze3<84L=P^4XU43g(Sm;n&lappfpx%DfMq2PHhjurth62gac2LlQ3sTD7flsr{m}_0 zPNOAZ5)AD52UDUwh z6XtcaN9Gj}yMC$RCT`gK4vM56=FN2(d!>kOfcDUsW{CMbvYxqF>vf3jBGUh==^@g3 z6%C-Nv{=t>p$9xJzr~j)`kfH}UGx2k`6hA=P|m9t0Omv7`kjVx@fdT3f?|CW{Zd#g zrwj`RLl|qo2gUUSV=kTc9+6MNjT3PrKL%PT{#4e*xYpJMp)wFw%gd#TNT_CNciKe( z7KGY_v&#zy<20QJ$XoSLJ^ON0-cl&kxd}>+sikrY_aVwua6v*6N zdW6gIu*S`Jb@{i~U|bt7gRy=sI%Aa{^jayF?qGW)&P`IQoisFQGv~zR8doUxGDfVh z>j;tD5Y%GK%BkV;n6=wxMHR(%ImlJtXvtAfoWL)N0+81F?zj^RTK z|3LCHyvzR-Q3~f=P z=I^I}i8+t_4?RD5=mi_+z^wG4^D`Je?*ke>_o_7BOcTGf&iuXc`J1KALdmDr zY+r^qFWh2Dba(i469WnQxeGVVYbAtMcwPM-8wq#(b1RisdhnyAv-{H3W+DsB1Ga8$ zNa2KBYYW%4gI!CdD%y4f5bYP1O|Db59YC5xOFQp`mbmam{RBw0EkN5AD@W}R4fBGm zSJuip>h`L*mUfZ=K?ct7sVzd1R_D@nDoLVLyoaq~=N;+HYlUue2Z4qBydn3ze65QW zXj`>BT*a7tPWghr@NW_wprP`_;Ckmuo?@^=HYF}DE%-Z??=gKBv^e#iSI)Xb-*Qs( z0dL3$6YO+osJbAT6oeuBoI!02lZvP=kvY=wy<-XXow)mkSPRC8h>!2fPaC(xmS(!J z+?7{k_3Xx!jt8~m4xEv(r!hXaF~yBJNjEJq#SJI3YicZ!f(rP0aL`{QDx?ovW(Ict zz>&n@sw#Z!qz?l)DByrteZ#&VS97Fe=va@s$D<4-quutp&nyBl^IQcou_FvzzVOn; z;2r;)vl}ezGfYLq7vZQz5Fzg~jNgKbxHrAdB3kHc7@_RqJh|qrd?xJxA@86&?SV0% z#4sU=E(_stZUUWq4Jw34{+uRnjIp)dAbe=yuXMwYqwFQS7pdxKCAwBsE;0e})@|dT zu&{Y`1h^W;KH$@k8k?t=SQrt8j?Nr2>4y?4OwBSe=9I%F*}Gb<75NBh!_mnzt^FQ)S4eHSfvM8uoUuRRVY_&U+ zV^$fD0wG@H1RSWsgWbI)a8dG##~*k<-6Z2rRAT9}R*Fg&2)vU4asWbrMDbM&^8uKN zpooq;DVK2V+--c%%@mM5W-=s1RX_SMFR6iLbXvO=%u{Lmq_-yW9ZROJE16;AsrbGJ z%!$vFs3qx_&=Ty*4%e2yfv4VHrnvTOPib^Vo^I)S{d}ahef+>!;wPsdRh?gOz!!8L zFz_O6qKnn`P`FRD1@cW(GGjHWHw6TEyf}V;KlSS_Feis*s>z0Be*pY33D|iMIj+tw z-WIEbR^>pdoof07G*}V@6o9Wqj);4{59seOjdxFe@-Mi%xAeWDRq`Sa2D6Z zrepR;sJs@00)@dTl-N(|BK9MdJDjm^_C-0TjtTlN$gU%%bR^~kJjrExtQiL~GVtg! zXCPG_gaA7w7So}xpN+4k`}$gEBonL6xX>JLyt79NmsyGxX7ZHEs!Voq48f?@HvdEl z3-zb`7Yx8wfEDg$^2nBWVZ;rKs=@DhuE2eN_?(W+C8>V^yBZ5L<i=8!A zfnxb|UGJns-4Z)Mzap$Lb=rdBQXdqp^x`Xd(JUc?z~pF&#A=WK(Wir%Mn-RM7cUDY zf&a;tF0{rG=F#3YZB3AgB_Syj^vRa~o{!3=R{8>Hjeln$qmJq}nh2<OvV zDeg;Ne}1m6{TXt9%h^P9Im{q?Fo|sc*S*vKnaQ|kS6FT{&?Z6EQ%FvY%Ba-zRHXN; z7U<1#VdITY1(6h>_JlS31yPnytjrcygiGdQrSJ2su z42D_}m7*KWM501^u(a8(%3s+6S7^S*r-BgexwGQ%qnNU=r3Opc@)A*E6xn=RtbSoAKxj z(}a|q_vnJLGNmfXTramin`HGF){yw^VrbQ`{N%5yJgUI$w;y^cE6OS;Gkj1Quh<33 zq|AQ~S3NN{GFNW1&41H{McIa=j26__1DDW-M{j{AY{Xr&)`}hLcyqc_n#T2G+)*%2 zpHnGAWvLIVlWxV=s@RL;bqq!i0=$cruj*UXxPG^~KL@$gtPo%F8ZEmYf~xD$&eHpK ze($yQkwN+{38Qi&XQu34{OMO`GK2ekaL;iLv)Oz*>0x_z*LlP;VR7RwM>CQF0anHdXnJq%w)9US$-d-QKRNwgW7~J!@8;w%%?-ja5~w z@}M(j4q0yivSd|f1y3Kjm)YS+hD zKzD$0_*6Ec0H7w9Yu-TLOPqF85p0Jq#I#C)R2`vG6xr6(Nk~0x$Jl|ot*54d3%}C* z!Ru-@x*gL7n00*NaqiG^61exT{LScGLWS3D=tdXmK!q|+g3D@h9c( z$_MG!u`dM&(BTF=87EXnOuCrNDQ}*ZXeTbiuavnRQ-y%tTmhBJ%Y2O^BADxU3SD=n z*!Il|kAfLJ%%y8K3>BAaZgzGvnRJ=a{{VJV-eWhx1sF9->jcoZ29TseuWN5)s+yG} z!vuVN)EMwtxEx!pUP z3n?MZIsR0gfop*VTeniNI5&yZ$@nYqab(AKq>3S`H)o5KRU1|gtE)y+Z0|(P^Wr>67U+?r%5{zMz307nIOrSP)|TO7ekQL zd`ANK7@ydq$We$~!n^^LieO4YQ&RkPF{)%EeO`2ibsiyYJ`S*3_f(YxIuC6`+}J5q zd1UYnGRuC~t~X~J3(Q*bY{#P{>5HP+Px8!-rZnkmnW^|uj^a~E@;hlBZYF7-&)53j zIbZRk*U#n7+j!Faw+Hcs48`Yly5if<6aPN@Kdaz5<`;L7EisZ_^kLq1s}G5^Yh%Kw zJnAkVN76_+C%>z5bX2iuF!(@Pz@V2f)hJ2JKj$PdJW_wA%b(c(TD~J6s zcJ!&g9*74?RS-Xn-SRBcSkOQk!1*7>zQAoJd%lZld<0^|fdDcw2X{2i2w%Y>v+VTn z$-P=R0bAW;t4>#lMOra2 zs09DMzt1WzT9zQ+N9mNNLwoLSuy~$$j9vSio^ui+q&5pQ>kZRU#GqzemQ`+VnY>9* z%;*#2Js^q7ORSQ22H2%p$i99{+n`}{n z!qH>KGZ9T&khvICCcYV*=}bc~20})QEV{34ZDCRR<}LPSgI&6!^H7Z!47ZOV(yF_q z;vdmb{?LkV#m+(5H}pU@{gq9aw#%D!w}EaKofRF-ubk4; zHck45xGb8ngcIgQ+_Iie5Dr3Q5X<5yb4te(bqA-kM7%5FChCV^*kkGwLX%*+F~}|* zM4WTIo)0{|_@U*^F#WPc!G$V9rQ!Qz4Iq7ZA2Wi9k4GsnjXstB^4_<7-?^^&8O3M& zoZvsQ9jzh8r)Y!D3wfaKKRCj_1#*5l@q0v@TG@xur zFD~XE#xD26*jo;Kbx(F~PxqbwAhF_(Q?{#ID^aXvc}q1~3nadC-HBE${(ZHg@EYu8RptLrjCohl>NljeKZ z*Vld^#9TEf6Dg(WUTQ}hIej7yh90TyOB-r`d<~a_M#o_~jpdz53^SsiX$^@QpXN~0 z#jhnS{et_SrIET+S&K#%Kq|@c!TX%zxqqu}-j8hFw%V90@aNZ)5QFpV0|RoRKI&7Q z%^oQ449LFI9mc#a*0zC=@BTyC37caU4ZM~%Z-?oV0unv!adH$~V*9FgRXpzxk|`+C zl;yEyzkgAA#w*~CpAr_)x;w8jhf>`xTFq||?_P1$vBKH@L)kh0tPnQW_7RBe2Er;x zi5&Leb#rgSJ!xl{EqxSoR;`ZX4sAE{%p-)z#d7A`vvx;lJ^9SS=Q|(-aGcTt^a{kn7Wf2x5M~+7|8#Lu~|AULJaTFH2vH znu)+e!}>yd)@H zi)^b{BhC!>6FL6Enk)3QN^ZgA3*u4+cu7CA?;bTT_x<(vrY5TH`ApI6Ie|T_*?F|7dpINUuOGZs^Y)W{+h;MEvYmAWew@Qs+5o%!H4bn z^_wK;T=fGOFc#*l=a9#%wR876+;Su^NP`Z|v+dlX)ZtZFWtH8RvQkCcW?ZBeRe4Xa z#HNw!&6nc$zk2aomBMBt#u^`D!cf8{>P?#xi^24rh>$ED z{wI(8_sT_~AesgU#O*BNUVG_PT&;RE_p6cssnTxF201HKUE>CE5XJpK3}s78!=L=> z!+XTh#PF#EiZ}nsVN!Xen zMgBF*5#5>b5aJ!fvH4cQ6HR}nPtBs|?`8^0N^R1buDh3=^W=~>Hjf}xH}5}5C7Fi6 z-RExFqfMyB$>AUaA4gIINTG$7`{EtG*(dzk$>N%A-5U|D*SQh`FugFa*hPNlxrs?A z>8pYIeaTmVj9}(L-Qp!sZKVVOcQisW$DqH0kfqVy+Ff&>U6-jhD|Th%cTzBuhxlesU4* zyPAsa)rd9ye;Pq-&1$OslB8_~_(MjSRtM@D z*D4MvxE@ezCUTLGmm6ed-vL(MX=w24Kr}OthCX4fsxVDPY(i~L$U?N|vc8edvgM~# z1v9?iwMh!`)HPd0;Yi=sV@(RG zEaVAV8nD_SC7WYowg(7!f%OS3G&9;OH1|r)U;fgi0*51U3gaMM9z4j$cKtzLTo!vc;vGDkoG`#L00J+!2@dO+;hE-e&s=gG{R2}LxY3a$;+o4y}$`BePqaJ z$W^!2c`@EJ@_irV_8U-<#P5+hrB(88ItubsOWA3gQT-FP&*x>>LpK}GBTF!@?Bieq zXx~=%M(Zu}(nALtWXHSl-*=ZeHo4iXvbuWACykXKYZgcT7Fj@UGrLQl(7s-*b~=IC zTcC8qe}vP>$Bqu&YI7k;ITkm^d{4$GvkRh19EY07hA$;`6O|byNd9}+pEFI6BrQK& zp-mRw3L$DYT1sYRLy%Ted8U35xlj73*as+Xse&md(;gZL_Ari|W^lDG5p)EAkHAo| zbgye+k&t#0Ox~~TY9Z2#bavAZfaA)1u(C1;kzr*AMtj&#f2KmB*`9(mhO2ybhtXm_ zXrE`6qu;KBsSPJJt|#VO3HtPq)n(&dIY;&e<~tJn2DS*7CxMP?QCZG%VKeY=?)J|4 z{j9mb~v z-a}E6DM!|!o=FQe@a~R=`SAgVi)B%0PWTaD4$g!j^Z||S@hrtQqUzn!0@Qwuv6aO> ze1PpDimlVk95yW;o_Ss31!jZaeuyi-nrui0J7zH9e$tf4dW9kC^Xei-&*J=)8Te2i7F5li&X_9Ce))xK3anqNXx$*mI5WTMBoi&Y+L51v2V6m}wu zvCl)+thdxSAp#bY!Wg3{%2zfuaUuM`gSghNFOQ>XWgot5;}HC3IJ4x5>ka75x@E0^ z`hm9mP~rn4CBzNZN=pLR_De4bcu(6ABP2tfz9jClc%v}mP!4oac95}^fWMx;Kahx zs6}ch#U!+$Cj&|I7B7ui?SZ2G#KTikGUsciu+I`awF^_OQ)}0Hqhg%_ANIf!6GfP6 zl^O_=wSP-r%1vz2m|Tzp)T}_Roy372shH8w+C0|>xo0<&;VvYcPTG4f@gXDt6iSpN z(QQ9xC@)vvszAo6@(+dsl%vq|_{0l3M ztw7Oq-}RnekH(q5ll*q-18))NZY5+yFTtsn0!oK1vV1@UjlE4|yNn)3xQtMFqi@jNL$;d??_IBG{VdOqt%o2&CRc_E0zZ4Y7Eqm&N8Vqtx8Qyp)E8GP~f7!I12dnV@CD86|=2k+> z(-^8c%+v~u_933_SK_3GCC&ydi$T~tXDt6nroB1Y&mxw#^ppNo@hfKUm!h-v6EM?W ztF!df2h`sfK4o^7DF)b0nINXHT##^tHq8fnK{XOnn7z)JK$DoDhOaCU(uUuw$a6<^ z`Xa*$oU(m{41%iN%?i^IX)%d|h9)$KGaxi7E|ca3B%Esm z^BQ#mX(;@P+-HcdeW)E`CAv%dRuE$~6ZF&v z>cdD!kYCxAvEnbEbI|zc$5QL(-c!|!){Y#~IPORY#{tDKZdrz_zIirqMa`o^KB-T= zXIff;+~)gy7FlXzNpWaGW+BW#e;zFEG4=LrAs|;J|IjrgqXpvlt@!JG4gWA&LldSoZf7fl05jOB5 z6}}K0{tRNduUsNNMWN`_kySeJs^-Wc7oUNom-Zq^cja5`y;l~WpJhjd!GJri%Lp@#ukvQM#3+99cbHwDw)fb`S+&d$!ch+>tINprgJs{r7Xo)=<3k1dW8o^75hU z2r}_=DDM{kwk@^r$i{id7J*0e6GsXI#4P5BoWozlc%-pkU0~4t@{N|W)C}TQnMPhy zMQg`*4^}-Zd{gpYl)NB``UC9Vl%`fO>V(#K=$s$Ek}urgl5+L1(YdtQ(ATX2W4GRi z7-hQl3-!$}SZ4m-BTa@+ILO()rSbSTgY!N{4S| z4q(#zy5A2}2djx~Y~fx)IC4KP95<>I?-i&4|p`37~|!if~jpr-={^ER?<+yn{fb}R7= z-B8EpOQ%X;#n3~V`ef{k>$A`~wP}Hw$=ViZ!P^^mGk&7X_qmskehp97-}evF3}rN( zKx#Yqa^J8QyPmq@od=#zxzl;vF}zmJy$|2M8$64=IVesx2Ctj&g_Z?r1R_oLEY4$r zlvRaPYY{vI2^ceKd+#HHPe?VR;WUPbhFuEQZbb8pR6%Uc3tKT)0@wwAm%5uvenh`< zb=8(mdH?TVNQ}J$fq1{Cqg~}c42ZxMI6MnjEtE`@KGHsFwm5gk{v13O5=cDuHp(LK z@b$FWY$^AzA8vH8x?-JptljwG*-Ta2^+MLNaqC+a@36A*RJFX!ZUfShKYfB&*cMIX z`f-soPZb#(5(=p6wh?{uxS2Wx68*nl&-L#qRA&PSm1r2&djzam@~U0a>Pk`rremN1Bnk)8)t%+{ioH<6PH z_T&|HHxw;k2$L)31>Yj4*-TaDa*oTnl$VZeTo>!1f_%6PMs44e9B0%6LfjN7Ak{c{ znizvr@(M)u^Cjhr=Ktu27pkFa3e9CjBubQwORJIePZDAf2sP5TiIMH>~5eNydFjTJ_x}2lzJVc$1<8UYcwE zt}WG$rV1&FBNZXFuT{(qesOb>xP~QCCNI__ba46mC#VY;pvzWU?85+tsO-aV*z#gY zJJMM@o$xe2(!e{<^4ZRQ^koFZYIyc7KQ*&paeI)f*P4nrx+Q@bB?xBfEMn@C%xsCw zEII$$+PK|Ak!C@x=rVc(gX>58t~0W@Xv0#rsd_t(2#aoqwGOnlnG80zPz$T}Vhvnf z0_%?(xa!N9R5;??czfN@ck(=pSR?e>JS~f>vLWSyS~K^L^>*bVln)sl6~xgrraDe7 z`iVp}MXL;fI@Ti(818F#SF0$|tdISPCkRN!T}6QUayi-W*Kbdbcf9Yv-#4$KpHiPz z54BId^L{*ER`2^Ksv|RO+!Jkv;iF1_2JU*Xa#AxW8c>UsiHo&Fa4|a7j3>&Jjb7SG z=4rmoUaq}1_K7Lf{sKSn?5%5Aj}an``9#V*`{^WQ=t#93(p1-z&k|wj z4l=V(x}Zp8oFAC5>i0tG5X|sJ^3#wMZh3cQdSv4U$%5 zwncoAvZggRkQB*ZnwG<1qJyli;=fnjm6C;KmI;t0;fU(Zbs)38bKPhH1r4#(*qGwz7dv8c zxhYHBWvHVwcu^Z#ADQ8svUzV5xUv5Y0q&wCW5tgZaBOUHEDo7wj0c2$X#2A&9g9vq zS3HBnLlK*-^GZYv(R`q}J5p3@b1~vu)0ekUE4Df6jGxLW}rwyAWk z?G|M>^`XCQ9_@#n_r(&{&vHI7z8RQ^zNCorob;F8ZJoqp_B_1^9H(+Lqg+zQeYF}; zH7dk^woJpg{Bi?35KEf(Anx8Bz{YDQaZ-9qV)_th(I zipaSZO0gQfU1M_eGZ0izr*AS1Uf|A!R6zjy@h8s1o%Pz`GnK=fWo?H-|_N1#k21u1hyf!gsCAKFBO-$F=yobzQpdQdK+TfYW9b8<` zajS~^`aU{$!>|qE*T(XVtoGHbp1`{F_9dch5<|_KDmU>9yVLSW? zsA?y{0c;BxWqOledoq$*v*F<)8a>=wlx|o`j3%5swk}n5dAZ;aOF78p8JV&3miFMQ z)wCVs^9gG+=L=Is*9i5z;Wfl5V{~;`OvC`e_iMqr=U8A6r^O&c@CD8;7_aZm`6A!J zYPpqn%V)S&V}z~K?XFax>c0r*>d2oKXLvfjKUC-&U&b=;z8NY?vS+%dTeI=UxDG48 z*n&i@{FKZj3CHEDZ3xb;m!crQvY9o!28ntDrA$W)e$6{2alV2cTGv!OiS}bnJ#`jX zi~?d|(}m9mi}>w(GIfg?L!&UUnLnJ9VK6a=VLWWLtYS2JJS9f8UmEd<^%tmLA9*OIAzx=BXC`Cp#U;qYH?nx2m~D*sKB}{0EZ4a^>elp z=!gY{^XXXz4IAX{xMQCw3s#Hk|2bNJHZKiO|`q%8)MNK!)zqdqMRUvI; zGdiFn5f?7)X=H{6BuwD!=qoSKQ2M*&3|^(E%DFzi@)6z)mOgkY_UhE_pW)vtj^;4#X0Kui(av^F9_ z4U^_{9ewx{<~O16_oIC=zYyCS2yq`}>@hnhf-oKYhk0qdyl})04rUt|NrV&Or6Hd| zoVIcPUi>(et=1clv*Qn!3@neXSd0Rflxcr*g5TC+oj^%0ecH$_>%Sh3p0@)n{4Q)x zQTapQCnhx~yJ1`o?1JDtJpbOa8yfIY<6X-#!byEUq)5o97Rd~KHC+TVbD zq}=AWsz2YPt?{=;=YS;yIOePo=NV5WcoE`0Xqx64a+jjdPz*ao+-3bc-P$QZpE-V@ zin+6nU{pYqRuVl!HlnVxt$ksHAWEeF&wy(~YG8~g>U%UW+M$xvNa6AE)CKc)F))j- z4q<`-to$G^&$Zx^8Ri5R#_{!#wRsOSL*52JG52%0z)z=xw~O}QluPGGe3kGjmP(fN zch^z&vea!H)FU`L04T4JlY`Z`uZTV22JLspKmT(&FzSnSGA0+Qs3+buxLfZo+8^rf z==#~I-s~w?hs`#xK*BrQgv8{u1wqOYJxrBISfh?D57&*;Mo;b3#O& zi7mn}hrdr!R!cRP+eyWSjxCfPo=sQi$n~7)n!>kBPjF~UAhQz=nVT+fysBuAVO*jo zD{9v<&H|kFDhE62lFALHSP{CpeGC=O?B^9A=qMPcY+yv8Yl0~pq=bI@^QV*H>PH{B z0acP8o<|dd_rKutKvtXVA!VuHvW@+_RF4sOxO^&pVyG===NqC$jgU2y@x;>#9goxq zqI_EMxvzm~NR5dyk!6K?uGrYDX_qNYJ0@>5^RX2Le{9?PF6YEyt)9&9;FP!&Cc9o2 z6Kulg;qAFbQ1VR8cJj)k{?ZbrTUT1hK8FtDUQHO`FO)YhXU#cMxg)^laHSs~85;8p z$flM_JYZnNoDtn=s0o@fNL~Tot)gJb+9dVJSL9jNg#(mlrA3Zn`nn0dTJObfke&A5 z{99$9xD86y@l#;HNbl=JMvzpuh7$Q00movGz*NQWfZ<8@&g8iEfe;b%@|9m7jk&=} z=(=Uh6Hk*{v`@LWbm2c6IBJ0e`r_>fW^G-o-ySP;OC7~>{Flkr(vkeN(Tjo;MJta6 z+#k07#_UNL&?cx=x3>;=&r`T!D(1ohA(WD1cnDl`%m|0r;hqjK&}k zX88E}i;9q`T8ffmj@dSDJqVX;8NvO_@?fAs=5P&P<7w*RcYS+3aBD~q66V*Q>lk4> zH2C5|i^Ru`p`~(;&!;W8$|m$U?P(K`Q~et7)}6P5mDDa%Y}tub5BD8rNSECVN_;pg zx|+1%E8#0rRDADJdf@2eG|hvoT`M-TL5DC8(gn4a&Epa%5CjFrr_ZAAy&> z!~^QZ?fC@v{TiIi|3T&`Cd#73lh60HfH8L;n=nR$05`c-Y0!@tPnBaxaK1~8ioIJO zLr^~?4ErQ&CXGC|`(-YS5gkQ-p9|jI$P)h|UfAy|!GuaddQM(2Q|}=0h17|1i&6D) zmBVA0TJT1qYxsP7ILdx4Td<$`VOFbNIvO6>%1wJs(J-RwtZWReY@~cJ%7Kh^#8-Gw zL|EF5B*TKvgtBI1XRIRjp=_M$prGnPtzz6d64`d28*obX9e&vH618dIfXe@O(A?}L z_@aBInlSM3!$4HL^NtBK?D0M~mI`x3EC>d+UnDX*1{y0T3y%X8g@kq0#12^l-;i1` zC^CXP5-l)>@~9xfH(sGw@T|V5n5X*z=_gvx+hD=0eh@#nKf${gipwerB2#eP4dJ=G zzMq{4rd<46^0>nDsThGqP=whR)CBHo-eoTXOLDA|5Cv0tStP?IvrBC_pePG#2m?hI50%5!dZMAnmu3&k($0{e5F1%QU zNp*{gcdL(9?a>Zvjms)Nh?tPgyojjoXILBssfw{q9JAJ0n8LHk+aHZQb!k~^b7V}@ z4ihv$z-k>Q;@AuGZGYiQ7q;1XB86XdQlosWi49I{)TY4M54mb6|VZCFQjBR$R zxgl?EH0K=F?hOcenpXb6$j5% zrUn8}rpzLxeK zm=)3x11#qBU3tr1xFy2$tz3-_@NdEy%*$%1Q}4e40qx=zs3Vbu(0zT?u^n{=0M50v zLU9F8Oo3Bcr*mmR{`PAwo{DV;?Pss!BOV23NZd}CF@CaO{hpwFH zULaj3tPD{^tz*w2M9A)#Sk21uywnt{v^{M5Y!{LEBsBRB;y+ZXa-?77z)R&^VCAo7 zcE=6Y)lK|3a@M=@1ISF<_O-9m-+6F}6sU^Tr4q5cRR~=W!c4SF-NOmWx}Ti}d>-FK z(@9;malF1|pH4}g^M$?Wz8l*L+H)~m>x-g})dc9%mbPA-j$u*zv{H9!=nberCCjBT__tk=scu!O0^&<<8m9~XK zyST`g@IW-^ATmly^2g%qBiTCI_XQYP%z@3yQ6s>)$PmhT+?@|ZjK~PQI>~|QSSvO9 zmg0JLm0L0M1@8vU)jLnevrdpFIuVvYT~V&h4n6>e+y?ZkR?goJh&{jy(jq>iaNfZD zu1>)zh?h|bS)=w)jjr^2Nt|8e8I~|V_xqA*J0WIv;YpljhLG8s=^d-j4K6uORM(m_ zuP-ODZaOTDo79(?96`)tN5)G154mw@UZ<-U5ByWi;slUbW~!?*f14*rLU>e zkg1at9VZ1#fAN88djh-8GTD& z8&sBwe~gOW0U)^P$9{`g^)#34yG;%B?viPV~8zJjWE`@gt4ry$Xpu-%Sr+qP}nwr%e59@{qe*tTukw#_r& zU#IG?b8ga|?%X7mi=^LYt>z(h5%s8Mu)fwRIz0FE*0k9ar`zV64u0|Zz}*QnzZ<}z zA)dJ!eDQCF-jw>-mM}s5D<0Jy4aRAGiuTT9pI5le7x;+T?)u#67-FBCk4@^5`M5wuh_>O10cDQ%xd6Sib&wT;$UGeE zE)GHaL14_G61;umD;9UHFH{bRUm~bEwJ^)TW1Yv({cJC|<%O-wV4DMPY6qw{1=fVzi zRuM7CC*VPEA%$h{jY=t}^Ff>4sP7hBKF9^ogLhnlS#E|5?|K+~J+7l(Vi3$(o8Y;6 z1V@ZQQ$mc;`6AwJJTMV~8?p|OFqDWfDzZqk+B z;`5%rBDZp#zDAO3>QyFx2_Ko>$yCf>{em8>dhwUE9rONVqNRlJF1DL*w7aAQ>j0&t zEf7W_jRYW69QW9yc-ih%L?$inxImzFF{BhD!dT+>hbX3H43{CI9#dhK-2`0rtKaV? z==~HHX*RsKe<>pzm#EgB$D3OUk)Crjcl$TI6J~h;t@e!a0fB@htFzhXN=+rshb3q8q~h!baixc!OhqjB6e^O&EF-R&$8`; ze^9HdpmtXReD)tqE|p~^+BeI^f2 zi|#Cc@Ta5HjyW|KWbmsHFitBJ;vP2=(T_QwPM-489H}(ed=!-ELjwoI;cwx)OV;wN z==)%>&EsjQQELRO!sFP-EiP;%A~hUN#W*EtvaydR#t;3W9DI9ZG3}2 zjz%h>|9ht1%LA}^u))r)%vL+5X!O)!aCWTc5zU8Q`YQ&`29AAzQ(z9t^_7;-8(lk}H%YSg25$`Vr9KyK{H#WAy%YX>nf+i;x5m0R)FE(lU zf||fIbqIEOYke2iQwXE5s@Cfr#P#FTQA3{x_F=91cE{%5q`)A(X&WvpN}B90X1uQoK-;T;WuA@>UNH*{tf* zSuX23uRYuj*nW-A>L)exTZ>qohZqxjlq3b7FfDm`FAGCl)aOSnyw9ES$zqDg@z(N|-DHNdhN| zZ5rDwfkYg689~^+I+s(AEKK!jH+#vKp)j`?JXKzVS{_z)dpaq%VK>1P@Jm{2zb(JW z9Ztuvscq-Qp1X=AACIyBrh=!UjO{WLAMow9Z&=OJ{_Bj9s=o+>8fJ;lw#+L!>C(O|YHF`Ioe=9RK|cBGp}Xp2tG>c?G-1(te2K7& z4lk}8VtUQ%^Kp~T+hI(S~`0A_%6mN(gDW@MXwu*)zts-EjUS2=iRXZ^d}llk|!LAs@UKlhfrbmIDo0C}|(;o;FBS=Jz4v(C$G1EG z2Zht)YpM!&I8t6H4}cnKByxu892DeeTLAlgMu~~oQ$&L4r24A*(db)_uB@11aMhxm zZ(Q9ypA#JcBZ~fy(`XKnFp!QPs#ulXbx}`-zs{}~K-Xw1de)KZvXS5Mn}tuPkp=he7x6NB%E?_LoAbGE>M*eORwxsQ&49Wxja^~y@#NQS+i&uUhb zZLIXddgeZ))Ead~g%`CN483n`6a&tDMtgf{j|Jxxmh}kWz^Lcf-H60T(QDFoKi$5q zhhxElPpmLgA{A3S{U`wJPWhBA{pu1#G$ zOtjRT{4Tm#-*GG$sZp^VwEys74d%v5{k|HDw4PsrwnV-+1+t72N$W+>CvQkXxk!@K z8Z&^2)Af@~MXf1O+3(MB0=kn2I}6*5Mr#hEtHUJNQz3@J!7g9$?MwR}J`lk9x#cZO z9dz@>wFrQ^8UEQ)Ab9)<+N$F#BaGAn|#QzyZJvOXl>p|G* z@-FI5qU9EZs6lD&{s%Ut4?=KbkEL$Nq})KK>{w-Nf?uvK@P10(?A7Hkpra+KT}&wx zKWVbt;j#v1elj0&;m>!l{#D!vl-ua^uHX;68WX!fEud)l-b5P}==Z-TveaNhYZgn+*1 z{eFV8?GQ=o$XNoq42S|6{WBF>mf~=JwpR%j6kSx(oOi2mzY%J0^1K!9XHvWSrm{ zK@BWY`$Vs9)2lhSiBX+2DF(KtS-SW_q5-tB0tE?RqYyR%TkWH|kap@?t<`+IbBX@1 zaWDwRM1(=y;*qFlT^52vRGVIPm2SyzoLPy5$PH!TpDqr>Ak%@V)S5{>Z1PKATgTx& zr$}H0)g5dD#&0AsbaW;aBKE!j64+E-#!Nc&SU<7_-%g#mw1+rigV-UVM`V4YZsuJ+RBuYpsL70{HSM zt98PtcH-7_-oq3|-uG6@QXeNUTTF-Mbx@c7bx?=tHRucIwei_?2=g|K{z4nwsVNfh z`Y$|Q45x=RXXKhHXFfD(y^`_DQ*6qW$Q20&itr`LA%`mauk+gsUzs-n#)0-@uXVr+ z2H^~I(qYz=P30u8H)Yt@TyWI zI4D;3Lkbw+j)mhxwu9Frn3bReWgvfth#|5glXO!fqbi=RB&-iRV$>Pm^N);0piL#n zSDSQ^hVrnUfSFu~BLv1=0E=pTLX;NMT;+zw6kuvB0Pk>VYhRpDMPJF=BZe z(SS!g`Y?1ccKDcdsqh}esTLkCau)rIN0nQi|8cB9GWwN38}2DX&t+Dv8wTfIUdbZK zK0oXK?b>P-t)n`CayrE}@5`48f{{9a$=-$(iD|_~zJWB^n~-1K(ydvS+sYLx`qPEi zX8`pD@^2-k%@eS*1wbrP4|s-AF)Z&61iw|!G6(u_>O9HBrH{!qf(yGh8xyc74|1cd zhR-AkprllM_>JZWf1q zz*g%&z3FcejhrwP_N7~fR2?c}9eT&Iae^=((__i{1A-s03RZh#UGNH3CwL+aFayO)=ILxxM&K zG@Tc?P1+-RP3?T%h@UNA*l1A`8&t;@3hibA?K)(LUN2kFWx+mZ^(DmUmRV*rk9E_z z4Z?lEO!0*r0R- z!*xSV4G81?KJRo{_Jvolc%jn&#qtax;ELvC!s&Z^B7}^HZ>ukx7#J-xfFTnzFlW*Y zPDMZBa9vjn8s@CvDDKK~6C=N=x0JzyTYW=Cp!Z=@|KJlLgnwL_}u&GgsAPDDV(&#FoyZ z@RW+E)Vaf}coL7atvGOtD#9aFfD2~$jPO6a<|-VQ7>7zJ0YKHeX`EdP9K#nevs0M_4+CzO?uhE06V04^p>>1Ga?y*UwRwT&&P*JI}`?mC5pw~yrgTaVGo+|*_mm8 zDsUJHy?+Dr>cgIERKhhB;~23bQ^tBR$6R^YGpbJc{lP1Y6X_mG;m)Z4I-pAmoAdW7 z-l)RdU_R7kM^G~8V9(T#=*F$4S=|p1WIbTI8Da^GlPN8>LMh#)E2uWYIsgRBvl(Ck z<(OO357~@yo34f@o^E|xA=Uk_^u@H{WwlHMnPeCdcrirZ?S~(YWRP(^*;XziD>XP@ z{q%P>D|MT!p4W##dzQ*@1+~(hMC57A9la)#o)y0LxBa1ovaLi?6V55o*^*af^95C9 z)2jHEZpoJ=W#cr4F1NK zhsYPey9O-gG42~PPXW5ALO1WW5cwRzzN@yl7CAv=*WaGs!mv>?>VR^iK@38|Dzhi--+TL<&@5;GzHfiX^NPAyqhn3vuOZDw( zS-hQFuOm=6n_W>;Nk^fdyM2Yz9y|-qIdB(Gt@kcgj8T9cLA>>EE#>oTDszA@`h@C! z0NtozFQc+dOWo4Pl|{(4`~`mwA-6)Z3B6_@=#FCZHStF005`bm-5HvfZ%`2H^iEh% z#YdrG=@ov2&(tGgG-eJ|a})Z8$D4Wu8j6NtF3EDdA+A?lSs_x$#E2DcrY#VnXK3^s zGaK_9kL+ipaI6EsQ8>&~E|~2#eW|Kj(Wh$NvZA#p-8UYg5ILe9o%_q58Kdv5X#HEHB*Tn0(#DT z@uC~Xa5O+VVImv(pj1QOCN&5gsb+;^lg3(wd>t0n6&Kl)qd&5Y5DrQ1aL{RL6$G}( zE448)H^RXw>?=5pz`@_+0uC|LcB~TVkJDSMn)e%wy;N*o<6hXWcH$_2VwdT(sCBd?hbSB@Q=S)m(VpF%G0a1=d2)JezPl9>;_BdN#<_B{%Av zjS^TYFAfzx(x(O0Qzo?c(c>!uk9awvAuMB@w{lD6F_1hAA#({0Wh!XkGMbp0SYiG5 zh{m_TlB#F;W70ofVs=|Z6^6dRbKbd&_770``qmKZWBzDvx6otIj^EwV#P0^Gl@d?! z&oQy5_FNJQ7}(g50pqs1=2JPUo2q7QR5`fR(=vBHxhO60sc>(7-&r8(qfceDAGTw(BoRH{|`&d*uK0+4WY#6>58~j-#H!UvnoY+d$nb*pun(Be=Q!Nw2w7 z6vfGB%}4V43z@x5gxI(5;1))uso45FAOtLJ0v-etK1ZcG_*akB_Si3!8{oBY^Yaxd z<+b2i$_+64kP&jdDM@heYDSBnfG`5NDHM*Mh$el`d-eDS^c zBS1k6-njFhfwQ0eZ{Y>5z&&xG6)y!5z&)eE$gBH8`2&zg>;^`ocLAPtYbo#o4O{~p zXWv&;VSdHh!Eq4=5e=5WIu$Ly5P)_-c=C7ukgg2*LBd<hr&7pG8SI*W*_ zo5q|ciY(bx=Q3`B=Z1MsKRFwip1fm%ibTuHCEOLokp^&>qY>l+pL8b!!1%6ng(F>bV#EAc7> zdy3>{Kb2q9>qdJn61T&uRpYH~SR5lmGsVs*Y+3aj3Cs(AiL4CVWrh-Eo||)wg5}O| zE`sIO0kSJ*!+{^|GFz#`u8ddb&Z#yO7OSc*$CTxEaZl8mmanlH&A_P{J!ZgJyXo2I zZNN^KqZ#mZ*{xKUuTXiRH+9Cd_jT`IDbRLH=ye8$U{sHzd)0_7UO#BXqNN#Mye-Ll zoAxLcP%H!Bl-{uyj0l$lF3RTFU;lltVC!fZvKsy#}P{!%?P#f z9ggxHluItp>+eLIoG!+0d*_DB@2HJ&{TiQ--{m$N1XuKu=9kZ19Rl#>1`18b zqsdr3n`W*e<;ED z93xzo?IJZl(MpTpl?UqZM^8O?wt%-pR{C%%MaxQSF7f*2Vam5{t5rK|@5k(OHU!0- zKkF=2$XF;!2qv;BZ+9w!HK!*l`m}eV)8Ih@F+5ry7THJ_&C=Nn!tuy`*~q{x;o+e8 z0*NBgwjlT+nF~FI1fc9n|NKx8)i3&Ef1R0TosXCp&9IcRdjq3QPmYEiTUq!L*d?w6 zzV1u^M*%tWgWscm!ahA{(5EBPu#RD|Iwj{Uj4NW{>H;^%ubl*e>v7=|!^|u}nW>qA@Q)EhxC)@I1IldVvJv+pNxh za*EVaEq=m%7q5PeWx^8g7Kn984iL>p+N z;u@aM&hcWNmYRlX3&q{J~bRsGjp4k_LgO;wm?43v6Vl^ow!3?G`X z3xNntaDC(cn6~4fD>yZ>4(8a{K0sdsa35YE=KyFTce5Q`0QSjSUKYn=!||^WUnZft zG|Gr_3esI~(IKUB(LP!C@k9eLD#T`FF*3|Id2k`kNijS0w5{!5%N9ru5jI{jRO9xQ2K(x623Q z1$G?yWv?`0Eri;6>J=0xP;wAQgWs1$Z7!+cFzT(uSruv2aXJO`90IEFBZkZwmC!+B zXUDvV)p*=b)HG6$6GBYlC6!)_5(1RgF0$zA zHYJ;Z^QTg-RM&X^*uZnkkGhKy#OocEVbUo_zmjag2UMyN9wUq)KCf(6c{ur9txW{8 z_)T>2vsM>w?Z6qPxy`QJSzTn0+}U3xOx@p zqYkTWSD~m0(c;2kaoHsyCSzS=HDP95hN69q+u76p9gx|QG;YR`^Fpk^f?b~b1hoB8 zlRAHEYJYk6y-CFkCAk+sQcd;kK4>27(KO}SD14AJ2`+rtQD84@AGDg|HqkL#92WI)}K9;AR{mvtS|FJ2}EeR-S_s` z*KzmH=@fADQr(-kZ?)cNKWo;|O7;%gDRW#0`t$_!(^`BTdU`Z_9`}+z+{kzzcCyEb z`4VgtOP2jgqBQzx1NVd-M@yP4T+mb@rM7K?VO-HW1EdJ zT`Cv7ZJsjHwD!e>81`iow>E83;BRvD6>E+Dfre{mvV#eXJ9?T4J5d`AzY`0&6)Ttb z_$UZgjwg$GIU5qKDRDjBXz#P8PtN#$fC%1Rrtwk%Y}J6|O0nPAxISw51WmO?I&LCV zIbuKB!}$F1jg6|plLHVPILd0aKMzFlnL{%6pLbl^6kAc+-iwHgp|*A8>$ls8uF{vs zeZptIb-(QJ*E5OrLAR9v1!p11xSTX$xQ52iZP>%^K5jd#b`F} zTiKdJ#k!f&#e!O<`Agnv1K&38Gv70xDq80^O37RTTltw&$I1|>E5}Ptmw^cZRg5iR zVzFpJPKYh2+x5bMrgdt~qI%1;&6yj%8eIlkPmpFMO6ZQ#)zO__cfpDsvE37Lnfd-z z3>PQ`GsSclc2ITG2k0~~$smg0q}ZzXSjD=Q3v^3j+gOyh3t#TvSUsd&{555^c!~o& zKh>javd}x2ePGeI{OBL4WYnV-XZ}py+SpuB85Mja&}$TohbB-^VE*;!ZIJt@p zUyR&raf~*W@8-+UcOi&+tQJMb`5w5_P5GC1vtPcaF`zIJV);qsx<871&}n(cSt*R2IabQ(z3GC>0_AU(A(+gx^`sh@@4#T12-YRmVOXseQVLc!!R(ct6|vq z;1+OWhj^47_)#m#Z{T?7IeM_B>bKKix7sCO@3R~to}n8SZD_4q`Y9^_1mW0g0&R1B z?J>(^<}zg=#Z*^sdTZ~jg@Ws^;{Zy}4AlmrvApYl55slR78n`2TWd|pCR3wXHmd*q za~Sznq5hECf%|NUpFOCMabDjinc4rSJk$R`zBsWYTn=LeiCT6NBcH7Wp=SOBh}9 zPW)bG*uk7yz)ToTJ@~k;vZ}IAGrVbZtzwPN7FvipJTmJe83a|~{)bQ|G=$zDORW+B zJ2T~ELu)05?W?KWX5@>iZ7-^yIv<7S7{;yY3FqZwzG(fsMz(K~j&;||h~pbsp-}pNTmI93 zL3++??86^fJ^rZv@N0~wgX)ChBcw$B(?_P2MnSH;HUGKC?@1G%=h0;5YzT+s(Vs#} z&mm>XwzZf}m9c!~7j1enNoQo;nU_WTh)$*db^M)A(C_v9b~e9m@b$m$;D7GUU;I7? zCThB0?<>@MeqvMgKfjkM=zjt`KWmjoN>nn&fBtyfwz!eMKzsOVhchSeO)C~rq9(G* zfEHzXUYYlgi)H&IPD()7JUe}V@V8}URfp6LoWruq2bl<^%YQ94P5Bwbh;8rrL}-+ofIGv&k$ZSy@dtsGmV&0!vsBO{8U2 zY4EWlZ5149j+1!j8^O?@=uh^1MuT$g67?Kl7qe`k=qGl9063VSbTFS~-PprWGwq0T zV9jrhVnsM)ag4l^wNh5er8)llS-v~KHm9blSDLS6Wirv{(ND%q?&$drG1!gqHn@5C z(BU~&2odqo9g+_eyuVo2GF|1~%>#6Gm@F`OdwW`f@97EFGKxXIS)P6Yv-K&8n4N@Z zdyDARu#IXYSGd=))Dk{%l^og)UyE^^(dlL?!E6_it8gHNeo#Nwvp;1$ zTTtKhFH271MNKT{8J4`b-%>m_?0KHwvRMT?g%I0PIdqj^X0Nfo=^RJ7zzt$6YBuMu zgtUhMJ*LG5Jxt0iN8V2$&pGm81KQ|7jed z_m!!~hN?&>JY(4Nu|r3Qg>d94bq==iPcG``aJe@*Fxb!ED}731*20)21ymtFSdqXS{cCr?}h7I0pJdcr3@Mn^5C)8%fiwYojm)`PS#K zL$|@hrPAjY0O&{~Ett;B=~2YQ&q*khkcixlpp=_6$-U6bTNoOGINe(NV}-#}`QfY_ zwwX1;ER5O^2u(67qZQGpn`juwbK4)p1Mpi|iCa?=fz^(g3rv6!FfZ<;S-JI-u*j%Mwb2 zW?oD0>5GG7Mgis6_+uz$70&B~vbB>tNwN?qU->msV6tvjILQzEoXh{Y2e03?UiagD zH$tx`_naGh=WX_!d(8Ghy5Z+$?xgcEL;L)VwsEuSm%-nB$K_JNpz7rq{@da z2MbFcA_k-w^0Fqr2W^M(pJ=Cl5S@=xAH$;7K!piX6rtxxQ)YR*1r1VwDPw)b_KVVa zSC9(i3)EykXK>nI^%=|+JCey&8}}x?m>rkj0^3OHa;j8sl28lIc66@dm5YGY~kk-+BIA8(s=PLeV)qFw# zedxMw-}zn`st&71nsfFn#+I1Z7h|zBDhP;7rRQ7{GtD8<#W0NVJ6%Cz%T zj{{*`IjkL*wV`GUjQC4MrzkH7^9W&l5k?=Y2KLEbPBPwSxNIF&u-xq!zi;M*2lDWP zPsl0Ub9(+672Vds8SDEg!mm`3tmJ>cm{&%ednGM*bLw^ev*T_lM7)T5QS(#vF{hFU zbSj!KTHGCl6Vb1!#;_i8M&0nLf1rsszH-z8iGmA-QpH|G%j^guh|LBb&D&FdtJk`m zYL>#f70d|y#Q5sPpREp5@4!gm@A4dTm*Fm6fC5Bjri8lKj_W2Q&4s+yyh*8plWH0K zvIls<>*4<@YG_n8YO~3X{~t$91=rDpDq4yy6cOO!ra~$&sF#dIzVw()5edkZDkYOF z(DzA2;FvkIS_p8M8w>mg7~p;ps!a|eU71QKALnR6aP1K#8=C4H`#;%VsUw3%npM;ny%-osXux*PCDarS&*1!~y**ZP;o5<9+A-8a z18X!gbOI+WEzR}60DzNp@>4{HOtuYE0v`7NS4hJ_5e6GzY`KFJ8xD`NN;!vownG?g z>K>Q>KW3D}uPN*-hy|OTd!8?WL|N4#?O_HckOFiZ+- z7`*v$P6#j%2d|g7H`_Als2D$~dZjz?;|kvup=W|VxGABCk}EIFLR?+pg-rIKDghR; zu~*ATk8gdyyK}$Kz5)+w=>t7i`Ca#LJ!!@2Wm&CDR(MXS3a)VV(yX;=cU``q?pYO- zcGF17fTh|LJ_2D;<%kR@!aG|iD^?_=xKKnjZ zsc)sfl-rBe>^F-e6-=XyzcNC<9XC^ochG{y*|~BAqjzqtoz(_q&RWO}GnGX!wZ`ga zB?gUwaj^Y?7B<9lJRrglY(A`LX~aOBb>7>)3(ZiHbsxsKjE9*a@I@o3PLT1V#q3N7 zEmw@9AVWqrT*jI;M^W6%sf$NN)P)->*sYm2Xz{eHq!%n5@wM!`^}*~ z4|_+01r!GhV4EQby8>yX7j-0ps7(%Olz1uOQZHOI@X4Qry7+>Hmi8;SI!XW4sTsq& za)o>SkNOJv;WkHd^Fw1FFVR!pzlIdAiKM4CD3EDSQIs!-IwdJ#Yx`jzoa~LMy%JwN zuFM`8Wikt4=dZ^f(oodB4)cux2wRRLbD0fp{(vNckp{ZP>1R4|^MlJ7c84PQ8y2Rc5;KfC9uI&80;B>qn$_u|E?4gLiE!@tf|w)3{_ zhO2NPr;M+rV^D|ZJXx6M9B4uiosa*|xH=hnA6My0ndV8((#Tt>LIy*XK)}`=M=aB^ z=h>UUvn$L>u1-`4IPhX)Nb>FlRX&it6L75qKP8@7v#Vp4U|MPYir_<&t^4E_ql*k6+ zdAGXid2<(^xfgB+p){8Ep6{tdM*5S_AWVda>Ry=WEQp4ZN7v357!x30#9-h*CHD>C zoG@eUDXINndm?l)}mo1iri3d06J3XD}9*ol*hsj=S1B4-NmPvmH#a zCV;b!{NUrupMOJ?4C6m!phy3*5}hd+FD&#oe0TovtrxMX(uM0i&`zb5>8By5`0wJA zP^NTYUnTKW2b&CI_A!<6zyCT-^|IaM@b(4@9+zCdq3FZ6IZG@21eIgeZ|!T2yQCfB zDqoCXu-Jirij0~D>dN!W^52>k2liqDU1`Ur^{=*G{r;?2mwVvr{@`kNCaDgOJ5K!o zJ?-pteO=x7Jv?9ee!c8`fA18(-{|kZ4WIYCtX}3eyn2~qjZ}SZpF@NC*^YO&eE(B_ z=;9?nk#g;OS?2d?v%0yuR+HsDy4HWme2^pEE@p#m zZ8y)C)y(K;uKMGlbx6ObcIsi+4!W9B`^S4s)6?p~R*nSctZ|&>fsAOyjT+w};H^`j zO=7Lh7^2HiXBl_RyK56?nWr69=#-LD%qq;4T$v{%>{0Sc5z_-$#4q|m1rxF zV89YQWn^~L7GA%2^dm)Xpy)CGja(99Z6bMBnU*864%BYaGZnI`VF-JQ~g=|?--xR^rDGTH)PYAZi; zt!zn9naTHY5{Z$rid0Qo&Vo^itmq|%!Gz-<^}*Gj`tCMa@d+MKKk;s&8i#njHE0br z?3NPFS9avjWRV*4>`1K#T2C!U#3u{}A~rW&j( z|3{&%w8w@oADk*U)Z)wMgxj$-zF&Yefl(vU`7nd*xp#buGG8eoNSLg3%a2~Ne#EME zawNcR7$m4uxiLTQS|#wh>bhaI@8+Vt-tf{)Wd3c}A$#C*IGhL~(T;|a%nC)+)yAak zWAKKDPjOb)8;2pRZ&#T_(kM`6TS4Uo)1P#R9H;o4??Y7ByRQ7y14xUI&Iwhv0eO$> z3aoB47v+98G>is{d9V%|8_LZ!_p4$Q|29G|$nEbq_IE__DNG_P$iRLmCMwIr3fc|d zb^aIRtpz?8emH;Jl)XISwfbGc0YRS(4PZO>mE&83z*+!$%`YRELxFL*j4V3#WM z-b14uYaK22Us+2)1V7L0h}KBeI9PI&mOMr|sSdVV+v~S*LqgXv7`Y5e)ozOJSvy?{ z0nSdt7dlpZ)uSPlLaHN8W9*eN1cn$Oz|nFMY-|Z^vs6>u52J`3g}7IF5Rw=}l_{VV z;=3WYBOKadhGW^4_Y_t%@4&y3FX{qczy@g>iW#HhVw$9>Z1x&Jp)@`FbK$1TJt69q)NjAJVTYzO(pWK)r~1qE=TdzXD)OmPvP^>sQ7M86;J>BMG*L`Jue8I z_j8PUquzgMO~x__WEnCwyuoLH5o2;D>&}LE7R`pkmL{c~A{0$x!Yi1vslv2+;KuAn zz9xa=;~qyWgno4@B`$DNcn<7t*yTqbUJgDnp*lv(pr}20YL80oE@Gp(ra|TkXBLGB z0F``7`dDWbFyf3ig4bq zY(v=K=zcZ%=n3cK5DHGv%R#4KZvIzf$2d=(QDOWs+X&_y71w8x_H__%`0Q0(;)j&v zQ>1Jkur9CgfwqX}8t*(Fijo4nj4? zds9hI{Fm(F%NS_K|8Fx$xJ^F|%LGjGwsxLppG;*0{z$N&COQ*~95RGl=W?oP@tUB% zrds)%QFYe`dKZ(n888WTx2cCSWKW9yc94NAmD1BGH5y)lFx80Vq3aEyHZ>69$|t^7 z%ZlI2tWALMG&EjHN%#H*>?6X_-rC@spm-1>90Vc4wY`S8STKCI#`|De3<{!_28RxU z^$#wTN7R)rqWRzN0LEBHAIALw{2h)*#^zkH#~^(iV2@hmA88?c<8~(zdH&r&KQaIY zkbtOSkIHGhE%Npmah4%SK@9I3Yhnm-u0wd&;n?+T;EqHQ7~*-r9rvmc8OGCJr)0$l zXSR3Di(slJ$l9nJx$$C|#dVZ7<8mka6o&A&JqWWMm@3oZWq@ zLwu}D>`2;?$t=rD+wdF`TwIiUWJ}fF?4z;nzO5GrN_vD-=u7t2-CUAl^(}>6^j+t0 zYftW#3T(iN^AJ2}ZOhxbzY#tT^A=Q2LV*(4I5*Z9pTrY-u-y$!7yACSyJapOfTOz- z%g8-ISVv}&e>XnJ?RcBtPNaU3%Q@{|@YUk&%4vI*^lm1_kBD z-A*wR?sd%kPdCS0sJ{mWY5Pr{#rR)4jVPn{kX!V`b%&M={aZOxtLh=}u1tf^pLS1R zU512|0tyU({hJjQ^m{ahLk5hXs?R9cH(xuWF3*JsB^!@%u=Dhv%D>a{|HvK_mmxib z{KU|0Ujknd>sQa51u81d**FfGIDDX}xTZ*?{@w1ZtbBC9grYy*m6K*4`<| zmZ)2|Ev&L_+pbz=+qP}nwzbN(ZQHhO+qd?A_TKkI+}HauN9M>JuQMWhYyIn61!5CA zF@cUGe!C&ZPD2vzfSY?+Ebok#JV01Ta@XObjw$%CT27(5u8TN`hhvw{GYRlYkq!8x3Q*#}}iG3tMEu=@8LPOn;1Qk%RaB|!BclALy7R{~j5 zFqR0{0DtuuZ@mtJU&&wpy%jXn<38NRVx`nvz4G|50HEhpp_9zA2=eXw@-k1OmeDj~ zj2+FiOzcpd@IDAdB0HRhswI;*s(|2NBHyEN_0&jZxq;8OJ#FEFw5$LsBln_X6M z;XE(FO5M0Q6*Uj!$3Iyko|^=YOIB8VXyM16(S=*c|5(sY`g)gk`)mU(q#*Se_Jv<} zRigh`qho!ub$X6EXcT?RHMgBMh2UX|ZkHx7bZ|DDJ$`4$CvG&--2$W-(G8Fp?2c0& z^K3Cg?PoV@zlPVPP*4)Ef;h~y3|;zU_Y6aCQl)W1!X+kNus<~rZ@20e53-kMj$d9b zd2Pn-`o;a!Z6%PwQSGe9MV9vbMb0ul=;X(I(9rO%c~l=)aXhs{AD7K!J>uxSr>^ly z@jzSLOve^dY*&hFJu@9Q2T_2k$)s%`BH}h5S(eiYpt;5s+?&rutvDiw$?a|)R;8Kodn zjZe)H_EeVvswikW2@yPS<=hLZ?z0N!_jLH=`FA{7wM+ZW$O!Zv$baJ@;u%Gub!T-v z3WHQB%CI>&(B}N$HNJE21Bi`U>{18U^1O7aDDSLMN(OC|uJC=L!{WmCxo=K_s+WV| zy*;mPWo+oiXjy|0a{O>BW7%-a{WYa(J?QI~_23(nr=5`5%&s3KL)= zhAWT9!c8h^=!ClgS@t|2#-V&B_?h$AQIUfD44RG4%r)1<{;~MG>nM%4&rG50=Bgi& z8`nB|c$x@ZI|%1g#u+l^1qXx5Cq#^M&+7iXC)qt`f3^$T$W%iIFAET|23e~^r)}2~RK^D(sJ0Ize{W1ue-uX_d0K)lwa&a|5uk1M4m8lBwD5z3u>tKY9ljuex=l62u_A~l*6GbWLPc@ z@aaP4-fOD^Nz{wD-VrVTUW=sz32P-{e1a^ zJ^DT)AeP+&lFYC$&lNGckXoXcWp0>=XVM2&SM$R>NnB{?GR){Gg=}CVnpWmVVFcqJW4KV8@Q-EHPoLi+o$U=lRQ zgBX7w;r?z=@A{_SF-~T@keu)d>wyFBq@Oh(Gitt8$nvQ(EXL-$;*l%bgaR zo$?D2jv#Qd4y!DkKZE(c264P|auBN*btgZC2msDe<3gi5nllN+SjDBw-Y4k<1Dy-* zI6wy_Q#Ri>Imb4G%DTvE77uLT0nz)k+vipc-L~qOmk0AT4`uf_e;0Mx9xamAqZPnvlm%Y>+tWs>sWn3+%k+InN90QL{;7HU z<2sWB>VG=0GjOLknGOt&m+$aJ8XNqK# zPKP@kb`I~O5F2#SI~tm#SKf|{mUpg)-r=b_F61MKI^gMlV*m{S(1&5cW{r|a0Mf_V z3?77bZh$szO=E+a((z|87;J)*pbZsQEoc6Y) z|3fT<7fzNxvh#l*5Tl6-MUab5Y=#)y+iHYpt>%=mbjUUiIw8;Xt9%Mcflj6tnCt3s z{q*c{a!IVq-c)d6*zt|-iyXzC(_StQ9M_5*c~|Dp`6H6F)+nW&|}BQ1yP|9heBMdVF}+7|4{O zLrLj;rPoN(L?o`BBKm}MvN0RsLHI!WwapC6rKG$u2F0$Z<2`%mgHJa1d=?i;&T2|> z$)U%acqx{Wi56oWPSkJ?QaAAp((C(D)kzP`egWDS$vlT31YKobt zqq#aWWGXf;xJ6R|T~>77bvFq_`E;KJz4Z)Vi)ql&o7_cw=>T)4LSfPbF!6G&J7_Ze zL11QtF+Ww!%1Z*ygt3bsjtX|e;vT9QpQTTv&pvPA;WO0Ba1x^We@#hqk#OSogf+@h zMYH{w^sfUD|F%r~)-f1WWvR_cN(93>{@MVDmB0c1k?3rhhnjPqegpC~hI&9JBtBrz zGyvX+zJJY#2(d8El;NK$6# zp8G(x_6EF_j=$1tCOf0p8z=M{r(|P_#J8ZIDiMOrm(Vyt=+h-Ysi=%9^!C1wO+=p| zQXIp&C%;DmnfOcgB4C+1RpOFQ$Uaa=_^f2awMR+VFUt3dAWtzFnLEB;SCie!xaTWgUU#=N<0w z`lWT0)jYPr1EQo#?_7hDZuw-^H|ccy^hcrwjD;)(Wv<_ng7h_ojIgb{(xr(NLHp`I z6pVY5-OMQaWBb<|-q0lu&S`qXh%oHG)Amc%ge#V)-1}(d&dNgi$?sw$*12R5yLor7 zKtz%%He2kV9|w^d?*gw@Xdkm)FYM@wq2=WAEY&YNyoFL|?Yj~Qsu>_uSd;o?=|hpL zu5*zx-U0#35KC2HxC7z=pWi*7sXO1P?67q)#z%+mp9^oYuDn_RZakflvJJ!8X?I#v zLhJ*{9#y7y#E$Ae+>SXW+1x~ zx}z7FW^L+j?#61AqfS-b4LwwiHtRQ+9DeVEk}`(=fVxop1Lc%n0~(8hQp-RfAi^$7 zi89fm%m!E*7S2EW;2xkWf6DS|o<6JvLU%>igw#XlyNis=6fq#2woSK-7eLkkn&0YbP^Ph#x)cLg~vBASZMRxk!|3uTNO={ZW zXNJu5>9F!yE-P~>@a6}R_~iHI>lMpU1x%+_X9uh5U>Lv7ws&M0=>QjX0=672yvag@ z6Lk9!SVOA99*9lmgkOsO^#PmtU~UN&h;9bb|EK2euu03U^aT#@y%zrA;~MsU!c46qP+`!xE1Gg1m&Fn{O;{!Dp<0Qk;eOrJseSi+_u^r?T_T#V< zw`Eog?8{!qR?|(N$lG4G+gK&&kX66w!+Gpb!zep(kzE+ieVT1agsC`)XMcl3fXp&R z6yyBKhM$R6kGqsq(7o6d7!l{U0F788fjFES@@D)yE4}5x!^xR{(Dgbi+;SeTVCj$c zKf1l{D5OMv5SPXY#(ebY$X2QXt>pL;@^xYMZElDUEJhtzdub8z_&M4!bi7CY>rsa4 z(ZKUg?DGI@V^^UL+}HybulRHcgbTzI6YMo@rb8X*UnTxbB}!|(Rvud)K9(Uw6urM- zE7T+&Xamy{;3lmFusjr_XNKO(a5I>0pA!3oluM&QyygwpUdeqLrDTm{;`BO(giw|{ z!J}r8f65Wj*NnM^cHBf-x(VBMa|0l$^2ml3tu#7}h>O_s4g8sfy*whUH`jjR)AUYk zP@yif^SDj>jE&}~cCN{r+H_U%=Xy(1^4PL$Ja*t6$1N`NiPORY#vE6SUiNWzNQ&&DWk=~Kb#dB8{YJ!g|JBLC7qq=2fM1(s7Wpm-@w zxuNj*k2lslNNZUZBBiN>qpr1mm{#)xU869e>{vdKs<-?-42^rUrEh=kD@F8P``Nt`jXpZZRU&$d>;@@3MdyL8@&QfxA%dg`EzsE_7l zp1baBq~~79MRJ4)+v)MzskLu_QovIZmf^m>?vCX&0_54Qt_b(z&g%nPx|?nri$YSQ zTGJgw{n{394;Hd1QN^ETtC$<-wZ$BuMhys>Df=MXjZ#v11T~NNw*4H3s<+TGqZttH zOa!*1htVfl|9v&JTQBwB+ZuGzqgYI(zUi-vL7itjNcY7r$q?=j)`N?`2fRrSr-C}u z;@FVxO>X|rBC!4XQg(fegCy`fA|+oTYIFJO{381-5@#4hGxVUSAA7aAf)bF@A*2c3 z6av;-WyVw`_V9964(xf_^+7N&wk;g-Q$C=gV;@fsoJJIiHPQp5V}KKwbIo%mn~RaJ?ZaZNDly)aAb`KugE z3*TfsWo3XyDEm71iWM8njsySEhK6QH=Rdc!UBAqbZv_-U`SY|m{2NUrnL#Ytamu!umhtd)IRjF>^J)cBV$KhtsZu_*D> zB5J1Za9PtEnQ;InZ?B&ysWFt5$9BJ;sM?@J)MU`o;M`F`A_~t=xHh&R^SUbtl;bzv z47ZRvt@#Ixp=8FLKqvn2RkunUr%pZN_;XKC@}~My3ZrZ!2|CW^RMYJ#DZAOIRgdHN z5qe^9>EqbQbgytVjRp{ zYebed|MDr6lk9d}l-w(bM(OkeW65fWKYAa|Aq0&KrA9lbUJ1l6clGQAkA+oi_$}dZ`O&%Y5%G>872gS5w>< zY@Qn|pFT9~>p21bh>4(44@>~J5i_o04hjBx%M|qtdWD+t{9cjEiF1FtI?;HWU zx|z^wUAv>(l(sWU+0eZ0olk(+MqB7p!5hBgPs-eq4uY>^Uj?Z!5NSMq`xEPF+{#we z*P9hXiEEsvSKb!AF^=+VP^u-;Unc?4%3==+j1J~Vb}fj`gv)+Qr41bhN*fKl-kqE` z-)cPRw%v*L8U$o|Gy3KwrPBqq12185j8k0zM=D}1Z2{ngld-Z9!Ul{<} z*`{2!>^S)TTjb94y@lC;)Z8ZNpkeu`u6ls<9Z3z;EHU6gh8GW+D3%<7P(*y2hf)68 zJ*aK;3{HdCSc;Hei1gr&4v%U;K^xhz1!2uRFJ6#97r@wmpv)MLHOw-5CqdZ|lW%nU zc@|M;MvuTIMn0t^v8aN;X!3dsJ(^TOs|da%RtO<+ce=Zf>mz`OLzA{l&)NrsVsmd2 z2(nybbI_zPTtGv%W^vSmVkE~&T3HClw@kKw(}!>}WOH!-iRxK8sk~@kc=vx)mtw^e z8g+smaeUxmo^t$jbbVk=5u$~qnH`K;2dZ18pXZu$wHLoxm?EDZX*jOQ!17jsT|r>B zXmVyI{8SbaHp23{ddMvPGt?^?Jd>_#QVPV+8`oy|yBvFqlfJu5 zCC+jb-b<2vK8};-cRYW$D2jalv$vO~@IDf2{ol{OmzjzlU%DBK9(}RKJQO8*y#KFP zU$Xz_kRU;05~l)p_MlbXoC}i}GEKsx13xIMcJ*1KnyX+%^SLMaQ#1st!@T6#& zXGBO&76JDh^X$$`x8nqTn2ECyH+jt{LTk~Wt0!gBj3t~fGa-SK|WOD4FjaJ6zQ5s_*LK&8Ah}X~zBGl4ooK7~NjL=SKj70(ZgSDUD;Y zMl`q#V2*wT>2YoZ5tNRuR|JQgQ$w{f$!$0scEf#%z#-iPmnqIySh#|jE^ht1c~SA2 zCp^j|8HqP$DKuvHc62;p$)B0J$wi7Vr%{{*8niVPpLrV=1V~g>BPhxBVadyt*g;of zdr>Q?04!ZrnCq7iuaE$;%w$rrOHK3X1sjI(*3F+&8#`Z|_1(?1-(NI;evT+0(P%KX z5PxSpq?illPc3?Ap44?^2yB)cpfhQ-b@cpHh&CKZ)LXentafnhJpZAMKqBgRtlI9u zgjH;4{;djMCh#vLhnc%FR3@%1^)=Z&0o2McYX-S>K>=d8kz@AeSs7ztV6nCp2y zZQc&gQUQ}ata-bMJaGfH2vjU6V%12A_enrZ?JdI97W@u&>W-onNDmR6$q;D;mTe%L zR^^)OHhn(k2Msm){Kw=)r0{_Bw@|HBk8ddfq3uT0Hugo3DfL=?$+ryd*EWdBceIUl z653lRkRi{UQW>c_<~c2$ZH3T*wNb(-K$?MgZ+t4psy{sZ8f%!Lkf}!o(FTzay_$0V z2_-fz)uV@y!2IM4ita?Bfd<)F8ykL&%2=k&k>`iU{ydE~KoXFYKPs!6u@oI0=>qgc zWG83;7kKDjwZG68W(o0N^L>4lijw%^33K-t;Z;6FoE>c%JBqp*hPxzc*vRt4)LKOe z;5$Ez9!VK2I%+9r-blMTF5$*h4lSjn(b0T^I>WKy78Y+FYNgN1mZl4b{UC$Zrh3TI z?M?_7`F^~%VOi|`q~!KM&Z*erK}o(kD{KY>Bq92eVqepTx0Y^$v1{ZmB56wMpGP%{ zGYy%(Rqr(+884V=At?#VE<76%ccj7l^>l$ZZA-wjJL5923C#2$0R*aV3tA=1f`x{8 z(ObNJccBfaZhBHMQd_1ZytRh>T3bR~LA=BB@)^pK{jTx}2^s6}r0W271IxC_9q zxAn;(uU}ghENguK|U4DH|03#b&qP+j`et1PKC(?p7@HHtE!E}qPTQp8jJZt1YQg)85^i4_MEnCyHYCw2

    }E+x&XyE&^Mz*YWi~`zC-18x0gQaK;j8&m;;zHOK`Ux z3|UTD21DS<@?VO7aybnCpB^$ARVkQ&HbE17n-$UX%8_Q@gWZiQe}2E;aZL;b^E1Ga zE3;2?-g=yaBc{}MK;*Hu&6!>nc_LAS#Ue!DLn+Cc)3`H}+B^#$r_e>UT)=l;&s48) zHTgke#ShFZ%|;|^_2bYZGY~YdaFt0~hb4#pCubC8ZtuKab~&X_h^)D&9VV{1DVOK( z6TRCkp5ch&6c^ku%~v{n7`)k@3_0@2y#eKWz>XAU{9Us3g-*ab?UKMXJ_VwacI+}G z>~{E@(NJWKn$0EMd3U{?V^$0HUn;Q`dkelz4d-7cK^9*GZk`)v79aDhDYMcPtR65G zF3eN@&(T~r+cYaXF|(}WfX)MY%6gCR3|YuA;(MpuKZA%?3V%t1f5pC$Cr$3^9Akduo~^LYh1TGV5&EV+fCPD-*DyPNizLQukg6m;0=pS&43{eL>$|mpNk$n;ux%XG%rxuE$SjxP>3#5ce zFo~nuLl|-GoIz)C%^GrH+3JeZJs)*#KU*7qm!*F&epcK!PMo6P_H}%IK$(Z0dCd1; zSD|KTyr28U?PCXYE@SE7KpeSZTS)=u~1uH^R61}Du)pnrNM1I4MAeHWI&we+!|c>A@??zk>R|s$Eh?f#3*uUQkem_y@iaC zHX)^-={9Yp64XZ;jPHD<0q)Sxb#r8jN`Cc+5EmdchJ$}0vb}11A`{9=sb>!k%GUTtL$$t&*{hGFNMnIrqFWGZXn1rqQHV^^>3@_I z516wO@nC@rKnT=6&?_%UPKRGHG!>(yeBtx`x=`$2^Sr-6ZDVg^MAm>>lOWb&hB^jfPW~?u zA~5sISX8-c&fzj#5`==iO^${>!SeY4Gs@6W3wfj=iIT$-Cz)w6!n8Q$I0}>0x@qPs z*_?}`;7L=ff=RZS4=?GM#%rD1UR9cmI2Y6}y13UqOW&Z}Y@71|{Qn34 zA*zWW_tpntOpkDE4oScI{tB+qN@Gy~^d7%>t#j8Y$&bA4uL$WRxvS5H2_~kiV&>S2 zQf6G_?^k^d&z7#QtGDyVrJqo(m657kY<$SJICDZhdD^m2k@Lsj)!5L9Q>O)kMp~*S z|1@YiHkI&OI_FNl>o6UE&y zXZFn2QvqD?pDf^&o5x}I`>A%gRO!1MY|89Y&kjx6pQY!miUO#OBAnyXGC{Ln*%gr1 zdcO~0J=Z(ETJ3~w#VGQ^{m^_k=hOJGS~$nID%N7^sKay|P_jgo?tq(k;?K&&_jXcU zeDOSbBWBzo%eQ?t@=}?*ez!iB{B?iHV&`-O%SLU22~(MnxN4k8^kKZ!S5KVXt5P%Q zYDrA9l!7TV%Nx%~67&;gsOS0K!d5q_8W4x{RA}ySdIG9_st-IMHnC8_>ibFB*zuT@1rlp713twi4&9URa8XUT(>=jDi`W25E$ zo6!$Mx~@yP7?MtU9v5uj;lcHEL^gj3;6XK@f!x6Bha#)&lK_<~Cd^KYoUxd9k~Mj5 zaFxZ*@1v;Fu$6xL?NqAk-utTm_8QbGXb)F*I1bLH%e;`3~kIsb_Nmk7l~=0#m0rhE(-S zVb*?(zt;v4T}k=0@dmXrVUD=gVbq~6_mZ$@ndx$U4nY@lMmU{^QKdGWFVgULt^NXw zL?gJp9R$)Y9Ns@1B{NpHs+=A(i&da=55S7NZB~GhwOrF`+vb3h2(H)v#+-cyXutZQRoTTW8oB z#%EOczjcNMjt%^F$oH}T*JC(ErcF7-E?3Srz1RUMpq+%M&LYUt|tlEbbbb zUNHqebd|G!rzTy&L0tTkT2)P8Nq{Rx$SMrl>Css&N<(VvfxVQ;5SVRcTJ$AgTF`%i9qh?@HCjvRlQN{nuTbW`B~lR zW?O`of06kB@;#2K$tIL54A|TUwrUfkTbkUgbVHc!r=u+)8|nAFfD6}HfgljSLS{;4 z>md_e>acxv(k+}J2(wJM(Pt$)uh^d~{Fw%h zK~`<02vm@Nho}H1m84NdQ}c4-1=HJAL}!b zLEeN>AY_F3gG|)sRd$%hyOo9}vlDIx0;< z9ZCt8lAs0^^O=FL8qUv1sAgo6NLPARSiuApJ4AEXRZ~l;jVQq@X%g@T2HttYi3Vsy-GRCa3T?y1X_w(t3xAu9 zlprrd=4@ieNhnGO_sP363Ng?VIuOpr!Y|`Al9~0_fldfX;^N{WM0L$9`&776U2N;5 zuo?YRj-k1vSbw}_Y%YvCYD-jqzYi4HM?ZRrIY z*!CWfrg-VEKUT>DJ}LUAJ8U}GN-(X^y4$@5E!W~lD4e%i*qgU2*xOZmHapw{*MKP+ zSyq9UGuZ3dzL#2xZEg6wEKk$gb|^FIo-b)Vk}nPE z+2A+C>xsV%7%FWADV>X1^d6*>T{H_Fe|re$uUpREO~Ye%7R7{?ehoJU z_3{Y2$XKW5Svb`di?AmLB~1KELEe9V4wgdM+w#LJl-w#L#A09&;$K#rCcsIQr+-xR zs|fGgi(iLDq_KqrpOk?Zfic0NN|nN+L1&|>8`E_orhHa!Bz_V#h2)dCEmaun_cae{ znMlmcGy;`2vRux9HWy_el9`IyYMTEF(Qdqv|@Z8om6n%pFMCt3eB@oxy|kE=*g>pO{OCbS&F9fp4b zRxj^-gbj(${%t~SYQD%gReqDl1N_3`b|e`MIH7PctCtR)vf%FM&-)&gXM^rUI`mj8 zM>$?W7PUzu{Y^}h9X<4UaVjxTe<*@c9&7guctoL99vJj7{)?hVp!e5qs!PjVO9XSt ztEK_Uld7wP95m^6al5k0sq}Z2hVnq}d`fFwOMR-@&oC=|^12h~_dHpj(?JkqiZQ++ ze@;p}ShlNS{w~Lce%IU8=@+=XxSZ0R=B+^KdgqWmyd1n$=)Rk()mo4U(eSC>8f;MlI|c3RmDS zoEO;s56?evH~sG`rdI0z*>J?{FUplA|3gE=4A4aqf6;H+?q zUZFr5rmn)Ci%D3W@NcN!#?aIyx0do!Jd0gy*g81>K5q?-bs<%;VYAB?hw?A~;AWE7 z1XHttDq|kTrF$i$-SunNRXO8Y5UNuj({<_= zH=WyuDSqkvBQ=e%{{wXe_H8;0C{=&FzM&jTCz7V4D{m8}d39wyQu$2ugqBL1ic$`i zeZd*JT)%sIeIwH&(TE={^_g}cItg3OP4$oIr)v0KeCcg(JmG4P87oFzLJQ~?Q&rJH z79WW(l`SV{2L5NJpx5WA{KJQtn~`j$Hfkd0l;R@`$*e9^Ms3#rGaKT12jQu zzj;+$aUtry!iIvOIMW&XE`x(yM8>Q>M!-0#>V!Ar25(WlnfmdWqZ|qOA=aZ=?8lM|$-l}d*;pwR4q&;XI-s&@ zp}z=*MfS=*ez~<=i;;y4?<{6k3bH`zjkzFmlW(%H>SqQ*FB8GF4&FlgSqGfnG>5SN zWwvjTnEcKwr#6=T3^=jy|M=tC+*WT9K0h6%Z8!QQyy036_J=yUCls>e;-+ntx!Pf@(J0~| zmbVc~2{$!#W19CGu{Xc%&?!kDi!LPekPS7ebTsz=KyS$qNN@)f6Fv-hW@&~eOfUlNjui05BKlf|r2_#CZWpGVWNip?ZY zNH$w=l()~p?Br-XI2w%U4O?rA1T`YU}8-6?U8-10t%zGo#ugd%Z=9+It~bk3bqny(fK#w@cQ zoOzseMchj@gMUR*9>-qc^MhCNH8&@S)^#xtc?*q*h0AL6rRPgoyqoC`-sPwdaEccX zp7$LHX*Mm19!bpQRGM6zElaEdHT$M&)CVCejlGDpLn?QZR;yysA5y;56O0*6889(D zHVGVP`Z7}h$=I}F!2HuA95sMR+9PVoXd~T!;pLYlH~MdI#!Q(_~>3#MSl2& z?bAOtH{T)+qaX&P>wg_K^iVU3Im|F)tIfODF+e=pmbID_2V^h!Jp+cXmSIZ{d8x|4 zs|IGWvXNMh(N`(#Jru2IQxHAqHM1EL?vE1IYF`8515%s@kb~sy%=4gZuT4Pfh!>yR zs}Sr;&h2j9>C!RDY+N z{g>eXFRA}U{%*er|IRSuzn}L!Nl|=t)%^bKh}3T<&D-Yu57hrX{=c5Uw;VXlQH;{W zze?bPUR!+>v?Yf!8l}C?$|p3>>{E`HDp)5B+j^sO-UnQ;WmQ?H2;&0p1l>ACMqFnLUe_N*0haAdiXg@ay}%O*WzV}!R+N>~ z<*z26R8Ai|rr5*`PCz%a;xXijb1=U)JByH#+u;1ewlR&;%o!}ZYMaj6#Dk~?BIeE* zqTpDHKeT%Mmg({yh3s6PsiEjv1mX!lW#$jz(7ePofmp0;w$7>l+7=j-U~m+20-y3V zT3ATsa^Q5^x=4C^$1DjG73UAT^jQQEp4IwCz>?f3(6EfbFP21gy?7td@vOI|4X)KG z(FSaf=hqAor`dTx23Ca)XYJ8>y%yBSXnlf=g>3iC&F*+!5VJ}=nZBWEQ1*Xrb@b}<}gio3-BZSox zs2ivkX$oS&(7CGd`1D!LD1+uV3CHy(rn06g($^QN&(}SoUszJ4B`5_e-FQ9DjHzjR z+1=`<7`~+(eK<1z%(O$=Ae;u`_<;vcC{6?9>VG1M|SKESRz@r)ymu+QOs2xZnjQ_$MN1VFBiOQ zdGFZXs@e0$#bGK%g<1sx$G=a&m#4xaZFB{Zam9Oc55)-Ay$hG&4=A#YH)&n&aeV|B zyvNWxVT+%CU@1^((dC+qgswm4HV(dKCyP8)o^;O#B5czNPB%A*aO7VfOOYT=82=|yu zm{m~C^@!V1l)y--%hgvMLk-icxCTb+1e&We(#I>nBb^Jv*C_7Mw%KC6`Q7f%&*|p6 z+$h^zzq#LCtpx+RGD|NH4V*tig)(8&@)}~9V)NW;g|KvWr z((<5DQ9XLkLV-3@MNS)y@v38sfcN4rX{9F}j_2VT&Pq2Qsk3Zo1Qo^whF6OmfLDP! zi&RlVv@=6$M=myC?u%tQl)I*}V0+G*W1>gma-Xh3J>dZa%b<@6-(iV@;@jBg#>_yP z093K5rDy)Z%@c$UJ-NT?F7859ayb~8b2Zy@|2ID3I#ubcrJT(+5tf+sf@Gj1pWb5# zG6MTp5IHKd`zcd9@|OYkY~R0X@)_gAUFWSpg|?e@smktwznQL}2FCr)0E=c<+4dfd z(~!vCIG^7DaK;8t`la~7Hy8h|TsLD+2#tR$Q1TD;rU!_SAXs$|;)Ts(8Da=^B#A7N z70~&-bC;pM?TY!oe{_JByV}DuUoRO&i6PkWuQ%_1cO`COM@$pBYx#p4!R~)C`UONh zHANa=>qQj+%TT(!^vyYcn}yFuFDR0Dr@~6n+>P+LCLd%$M(JEGN1gFeO2Y_~W7iaO z;F1cUDNk3a;Z_2a@M`)oyD=KGCDpXBA+m{AjE0OD)83N%OS2DzHs? zs_4f*J1nbix2dR;%a{x$S*<;LzlF$XT;G`?-aI}WW>!JQ6yvNUKm3=S@h z8*TJ)=eZ--F<@!b!HL*_9$Y6`~*Y>{!e0;^D0+a@{JUtUO4B$@4ba*DNaleYoSDQ`$#9U;_4XNZW z{ya2E3F*54+LW$_Sm7F63_4Dpl9j#(p%S^7s>7StPMLdTi&$l@D7kvh1@-wYpxhFk}QbKT(X!? z{U7>=S9QaE^oQCDiLaofi)PxQzw&1CKf|}@IMAQT#fNJ`%TbB(i;1k5N9P}&G~dY zWtA{eV51d=MB=Hnr*t;Me+0Z6@KvLu?X$2WzUSFRmm|sCVE#4u)Jm;uDUP);(^Eh_ zdw-xlNU$3S>}=Y#*So;B9I~5&N6{#DhEX;EF4AHdQKY>^(^td1@1n{@-J|IY8)el( zw_kwUC->Z4wq8hc8rM^+S?s|tf7NbUUX9e(LF+4s|Mhw!{~`ae`N#Sn=|3L-v3v7#kMQda&oXW^ zOzeMdcwQ-p{a2+VDRe_(>_L(pqowQxE}i^dib}DYk}dg@f1UI!^t;+XUGk^SQk87Q zCDhP@bo4dNQ?Q4YLpVhUtD6cC=3e>!+IWDC)T0dXR@G)(;wW+ zA&0kR{eAr_a|HF=Bx2*Y%*3$Tg<1Owlh&z0fz>)#F9aK`Gb8kL>*b@qZRlh=CMq<96=Q;Yis1dhe#CB_rpbE{7v$9$Zql!INhoIN=qgY8?^JCCyFoG)tmn8MTdOw3ga98-^zyMlv}Jo`LD=?^$do%v=AV z#tPO`4cAQe0SF_a&~`;4hg~mV-PcLt5}!z1PR(CyUce3G8MSFeW>%a0pl!OEIC9i= zeo8(GrT^pViR)|9U-0WvF!@O+c=uULf`f`&5aXOOb@jBa-Ev{s>0K{PA!nSQXA)eJ z>s(t-X6AJ%PHBi+ODY%n3^3!Cx`$}JX*a|7k0+B zK8n(JgU;FirNt>Q%Kt_rz?_`B%q;!1-!}-1Hfc>&>#LovWi%%Y71Ln{@3MEJos!43 zkSN7#^x&%pwtIEjIeD%;%2(Ici+@1-zJI?JT9OghV?vrIZm zYi%Z-Wzt!G**Z(0FMT(fwAa62EwWS+C{6;{K}(BJrAod4FW8WTO~hu?uE9`uKwhYG=sWN#s`~`mHu_7SCVNS)XF#?+%w3PEJQjdcVbiL z3g{g%-Zq$|Z91t0)Zkblx>r1EvTI(r_!h=vNrIEkydB{J%MQhx{cT0Uq$D z>q~dJ{{?>eyE|Ae@*Di6WNO7zvcMAE`m%kUvqwyjBZ;Y5?MOvyWk}eFO+85SnK$IO z_??24rn8U!mOE|g^X-YryDlGR<>PENo9TJl2ABhlJaeH8X2*HC)vFB$w;2jROK83` zvzWgc_;skopuftFzv1mOTHV$SQwAqIuF35{n-OpSW?Xw(SI$%MQ--iEPu2`OFn&ItLAoyeoQ6!7wwfj$UKi6MfG4hL$_6Y`Y~; zM_}f{4$*2Vm=Xydh@F37J-(=L_wrB)PoFbL?qs5d9YI~|AKwG3zvb+&!4#>bRHM_K zdLbCYkeUY;T$MKkmMx9f`^Ay${WF}aj)}%rE6r$?5BvRMV+T0d8plY<11ob#uQg5S zYFNs!-Vk=|`wLzSG*o~JKuC6HI=npFCmlI}A3%9J?g&C&QD^eJuOrAae4^nV(+78# zK1lJheWm-=woYV}>iS}>rQ_7;D03%tOyV0!zeEe^<2R2!tZg(|c>1ZmK*Q)4Xi*%~ z^ff3l#x;gMtR*z@PGfX4==NGVsg7IY&HR$5_psO$WHFv6iKy~$dgNX2^`Z0KeQPL9wL%EK zWonaHgy`U#fz)j0%uS&O|Da7V2rEvc$=F(p$GT7i;@$04J|g4=@pMO#pl%|?m3b3u zr`?%MY*A+F(}h z%v5MVOo?@4glO zUpd0U3?OA zSxNqP25B^Ln{W?x!<*!v4C(^e-LQs-ao%}^sy!4o?1zC+{&!PQ9ItvQP}@)7uGTa+ zuxg%r3U&sF*(9*a*2Tu(T8^m)@aU{dK$?i{rqhvR!PFyTD8laS`nB#HtqglLKtPRE z8vsY(s7%(KKD*sI>rI6F-gE1<_&DcTmyvBmtX|kEHwjP3eIAWEy4u2#*wJfa4hXae z|JKb97xe|;l(=2#dVm~jl8@t#(fQ4_dB2m-xy8S+6#E)dyjVTQs0Q|7CKrf)vwm~9 zjx`I}CM6=@vQhzzb(QnKdm8lN*K2hVfR|9l7fXe}DLAc_pprpaPnAbdwjjF!vA5!C z{_yX>UWwRjs+_Cc85Ek}i%N-7o~2s%I+J`gqh+$@ia|Y;Gg|N&Ob!y?yZbsx(xbuix|&r3+iW&dFF4Pawies4u*g0OpzL?KpfhH;&Rn!y9_1Xr9tC zHQS)C{-(su3(wYm$Ujw2aZ4HN$Tar&6oeKDoYU6tam>y6N&@qI~osz07S+26(-Z#9Ija>{Lz9#kp-V+r4HNqU~ zFTj28Z={gW+)~;bNSiDq%!6YZA%p(ulbk(T*3(l3Le{NaGOQ_P?|=JVp#Qhc0dDn) z>rAqNJ`K;tOT9DGHsaA-S{5g1)oauA#!IuAuh}JR#l*Hy-R2q<{AHzC`(=8Xag}0YvdkOXRj~G^85$4!7{IuXsU}XF0>eM&a2wydv zj^JHeF)OIx*k{4CVpP}6#yCowcDHhJaFs|0VFF6oUf<6|Z^`-1HI8^rzVjw`m=(%* zrreNP^D>FkTuL!suOag)>qV)j@2SfdQ}7U+#~ z$ana{qYU>_g;WvlO<3}l949fF8SxeSX+QgQSZw8=Ru)&=C*iNVQV;LNRgIv{MMg*_ zcOjwn6Q51fS&CTZKCIYK@cX@jIbXN%P=9FxOiTg=iQ3N>-l3?XMZwPx6*USLFbY!j z6*w9!W)!4&^kPTt=PMRIYCn-28TFcUB#^hC!8B(qRwuTsY&W+`1aw97HB-iC!SkWC z@%9rd7h}@NozoeUS{~$&PU`u{H1qZoVR!Z>5}$q^q)WO9>M^P45j4jptGAz6R=~%b z#NK`mNNA6uOIq01@Z`ui=}w}O-rLVX3Gk5<)$%kl89tI?FJ(S5F}^dZamyJ>m~TI$ zljkF+y_aGiOr(z_>rA&FNUDz{8JBwBB-lriJzg4q`w67vx1UIW*}Y(I;xgydgQoD$+sVOmG8S2l?K;gGY2xtJpdSTII3vCuK-2v{jrOvLt#7F zrtvG%{G<+)J+@Iu#-Y-3|M~5J_Ubjr|L^KfxKJ8%gZTDG(^%9WY{-+WN)i19WWf*| z*X(-q5{_c3AL^f2h0|C=jhio&G^L-Lz5dJq^}@(HmtlU4m|Zxs3Z3?&L&&P?dF)I) z364d%K@%CNI)}d3oZ51nVWC^w4)vE5Wu=L#Xm(JLwP6|tz@Rl9hNAq71zQtZ(1a_m zp*UU}i5%cw8T-zGFk9I;+05nBbei&xU>n(uIB;PmBFDMMbLWLQ$rtvgdgQKS>YW4R zC)Itm`Xm5%j^a}CzcWx)+-Wt$@Ov|^RvmvWXHRZ{%$=g8VyU;acLa}iyV4A`&~FBU zXE>82W$>RN?RX(71u_@z$YPs>Vx*BObVjARDaC@_^Kj^@*CkXcf|>dd*q zxEE))8rX6VH$)1Np2+s^BYRBsk~9mEqKLe&X@Qxo6iwC!Fo*vFSg)aN)P{_*oj6sp zHWE>lyvP{&L+w&KWy>W?)PEhbwr|UVnD{ zFfF73HMPMPjcGOx7D1_t{bFdAbx6oL_P1?qqyb47Po0A%EgAVF?o3DOQ*r}dhUPEe z@B1XKo>)@365;~f?Tol}(O6A{4d>N~ur;h0C>pJVSwqKaJ+NIoEh?a^c&}PYWe09X2 zLYY@JL*8MprHDTAhhh_p!%Ph*J$0Y49~~`rzoh?^ffzG(uC)$hz7j( z?KkT_yn40p9|*UN+*;oMzN3ge=|gGCE}O6bFn$9phm_NNN2($b8}vM7Olyjein=Hn zeHfbkBkf6^sYCA6A@`r5L$2}Pd(Ynw2KQ%r_;nj$>#Ml-pVtsUkq=&ZqEbbr+9}64 zcjM5oA8K+L>VkJg!SZxqiIgxKUV{@srzja&u^cWaOl=`0lT`+Rbrar&96;L){s5ck z2b=xZ(!#K=l69Gw^mS|S?8stB3}fWPWDmB>`B_{+AqIRYetU*K%Bze@#gji~B6-j= zj=8N)&VRh?{jM{^oSgr7M=rU12xYt2uB2`Ikdg;1DSdJx$yz|iOz^E)C_=7q~j>btZKexfS!a!Sq&~4%TfaD)LCZs1e({ zX-@8W@t$0@Ds5x+%I-(FY%=mZRE_ckdxNS5^!-O&id;R>O_4GAp1fjD>UXbB$*ZTO z)c=vIrF`Xcn_O>dyf&n8n-seRGo~|%UV2=RAA@>a^wgrOMx{i z_Ldt00EyTXrPy#8h+u+e1CD?@WE$ad0#itNN-*?lndnnwe`F^y#DV^tKf{67OPdLB zN>sPBjAc{JS%$tAl0H^xxa>P&@j$4zNG($tRJsQ#hzZpH%Z-e=NCT9I1|vZ*o!aU|GSz0Z_78k|h9&h8(*M%;D76S?1Ewu5d=2<%p4)%&5#3Ur(FM=A+UeW* z&AgL5DPaMgb=*g)5AApWT-4;Xrf~MC1<#v#tvUFs!I>fysCcv$4qNbgU#keQnD62a zT})QsdH(tP+v|g`Eq(4|uPy!V;I#$+Uo8u#LZ-j^4;x&HNe#kx#KT!8J84%S!O z$*sg4ybB5tTR;|WQ@wY8@#OtPoNN#dBPIgUlz7YbK3fTFR@e1{9rPjREn&ra856_1 zV8!~oyRHLI|BZZiSL=n%Ir3z`!f+)z`%Wau_>wund*So75jj_)jP2_SdH=B5HMBnNF|q1KW`R5^pI=sC?h$ z52g~BE|i#^o4e!-oXVKH1O{`V_8+>^H|f!NA;rd^{SYtp1~3?z7E9C{Btu$}CW)~jw9 z>$^c)YVMZEGgaQBi`B+`H#&+U7$mhBIV~(FWDl6?*5+NaPadN6R&)?MlBvpU4gj(A zc$t(YjbTH}2k+c1j(1LO^ptBLF6Pf{S>4}757lThfpMP9=O-v0L`kHgr8&|1@9wKC z=nL&I{zqE0daXcKm4HMTwQd@^hATtF77U1}uQ-TVSHd#j(JF#(0;P+3V+mX_*g%G7 zEL^Q{6LGU#FZW8e2dTDrxpjZ;b=U1&7D1B!%VhA%2v0tErSvb3Akm161)sR<1)rEp z1|NT10G}RT*OCE`__DcmAxp4`s?m>!16zlh-VHP-bRk7nDJ0$eqY*n%oCJfiwc|kI z)MQ$s2!wrHB}2c|G9Nx_33_jN!x_vl7%~cEnTJD0Bf6)5Lw4ekZN!Lu_2t0~tkqC9 zOrv5o2{CvP`!s%Eu1tIMKBq^>5R*K{1iQN?uP^FU4cl+^I#;Y*(uBQfn`VC8kj<1> z(>%>=9tdGirsJIcQd)9ItUPbG?r~&RMi^{BEf&9lpB`v=+Zq^50mtvxV{2P;t{DLC z4-ic|QI*EQZo8=@qSPi>sP_bwq+~0ttCm;`5X%f!`VY^-q#X&@*TUWzH>}T3YaO&p zqa=$hPpzVl4OO=`qqLw>)_sb+3nWFt!JuyK7%JnSZlp}Ha>H}h!S2U7tg%a}r}l5e zLgyl7H`OBJa(y?_8~JJAr-**&#Td~;>9Yy;eV0TsD7CX??W%>K-BMXMh`hKPMunNt zn)4wbBP9F(*}J;uwry;GpYLCRNgtfdM0UHk)9GY(I^)<$uV>TL8@uh}4n)EhHWZ-} zq#fPA{tj^PMT!ItB-xI)!b=>9Ji<2)&d2Y^Oun=lh@kGjdon8Z>2LKa{5*PTuPQm@ ziMN|GXljpe8Bk-q@eb@NdnnZyP!1@QH&&bT|-$|QErR?cK{~z^i(>S zd!N+Yo9S@5GIt?Zj0UT7kUMI(`t+4G;j`Jv1p>c*+5%@~6wEUdC=%86BT1#cE?RY9 z((EHMbHOZvwU9Itx|J2|SVo>dg!TCgA0EX-mZIn!pNbwo@2*VY;3wx;GDcU|ZyTMi z6!-N#ZOYTjiPV9<%Hy97wKyw8^QZxqoe8ClDRu)Z{K4Md@1ldf{TbNX)w6xVoZeb6 zcC4sDDbLUutU%ZihcWSiLKZ*#gqhub)B*+1EZ-!YKGtBW)uX{N&FYdmJrmNeMMgMVQtC`*O%brnD4ZTNt zNqQc9@xB(lETKR5+)ONI$;@{L%8rPjA~`q#4o-mhvk&M52)1dxTDc^q1473@!dL}m z;63mR&PJ`Wt^w;8Kp+JNK1y_@`tLX5cP6Ts*&(YpXHvd{b5dZ*B>eV6I%w6!p=^vtuvle=f(ki zNE~gPwQcD)S$#+DXcHyfwI%ByFZmspIM%%hn}>$#1F$RDzc6IywipZ~KdT11%XcVn z@0m}B#m$I;`UHlT+L-iBG|)@);42~;@{2wjG9zgB zH$ViLPsaa`Y364%YL#ed<=MtbB??-(5$l~QiLr9i-+Cj}h^hL(`K*l{l?3k=FEpEj zk_u;TM6MmB>wq1-(~KD!Ra(7mXO^qNy_#V$vl~nmOXS_ZfM{Sz+mFEoFp*7f)pyxx z<<8X1C@{e9f!=q_@a)u7kVU`0_L6>G(A5Bx`239WVDfK@+>} zO@Y{F-=Fn2*!O(iFmkq_b} zubv)+;r^aa0qQ3jW(;GxVMMpgqziF%BE8gtr!e4EdB?ReN#bAG zabx6*$kZtK^Uj!PM7to8FT1LxH4~kz){&|3I31okvnuulrY`2}au4^ehHXv)E=Qo7bv5jQ^p*qk0 z2z@YMl7|W!ggq`f*==awWC)-A{V>leio%T#wyN{)mXK^t954r$z9WnACG z#a!J~qWFwL5_u0#4sOck!y%N2x&u!%cl>5-)=+TV=#T;w*8(ls1UW}B{R}XH5M8R zb(aIz{NiuFp-}?Vqk}ekQlAd6wEaCG*5;dF5*bMkW(&G4m?x4%LR269eD<#YQhx#b zeD>}?f@tHmU>@?k739T>+NzBIm{^+0zlAijS0@jCGV@V$CC(y9Arq=z<8yEd-GkKa+d0Gq=s+e)e7 z?I*UHI2i`23_Lop6B=@Q$#on7P`x_N*2!T9E8#IYe|P!m-P!5&yYn~1%IBeCdQ7f` zH!Duw3Ot{hj)(O1dTq8%T6JIws^-OL6*IX*UCKoJgXLt*Q5PkI1*@w(RC%MdP79TFM=( z6UQ)W6SNgUj^QU?^WQ#w*zKobT_Jz?Oe~kYB?~GSF0Ic;Be+$)eT`E4obRfw_Bu!y zN8!dF{cIl|T-e;l8|d+|9i)dIp9-Ryf|_;p-yQpu)g>T1q6t~-3m*e~D=P&Q7TwU2 zwUk#eh0ph3D^{Wsw|RKZBc1RKL{`t}O!e+=`ad2`-Uf)Pj__@Any`+`&bfF!NrU&Q zfDL;guAAn)8@+9Vp& zQ@FRitr|9CU%1q^3Z1(k8h?6EdE5d94Qqn31}k{CS`Qj>>r53_r*OQ{N{w49A!>x7L>|NKIj-9d=%s>Zak%-mSnXYoZta$xd6U3X%Ow9=s z!dQQ{v$bKgf;~NN^Vw$1ciPX}4CCqbdIeDrZYwZ>AmNt#;zb^!^&_`9c`@E{C*=}{ z5Os8Mb#`?zAo7CGdS-pQA5OG%JF|Wq7HG<>KXoALChx9U77MyM?b^jTmxZ`v=u3@- z4Kt>7!fhvl6ms^zr+b!88@KuS{fO9uj9cP@{F7zdi^|i2MDiu%V{eT zIe>kuKqp(VG)v*a3eb*ieHiy-#!ut`N0{r|RUx@U+Z%*oz9u!hhhL4JPWJ7;n;=>> zS84Uro4*Hcl%HHWwn@^BNc7Nkn#W)_g9jn}Pwd`fOn1=F|LkZ5J@s){`%}M{k(IHd zZF~2lvjB9G=~ED%Xd7Bf)#X^=rz7L^IwCLIVwFUF+EYk8RMzzH2Nw!I{p)-55b61d zHN^BPdZ}L}AGmBG0uy9uqAVR49rNVXEaovx!!6#K!oWdX9RsW z%bk-|Rq37`_rVr?CfhzxO?2#~vmRvJ?N2 zne&yt_3wWFNo@meCT+Fc7ort)cHsZz$ZP%e4NsgwYDzV29&jQcj&qD|cam6l%cb|9 znxwinNC-?QNr_H}xi~kT+JfA{0G+>Z594d}gS@JZ>Hy%z=% z3g)|E&e)WS|Fx`=EA4I#nlk21v1=zX#AAyJwR9pfM-~+ZoP9pTQ!4~lRwzLxUZ5qv2guxE1bg=~M zRn%CHMV(F1VNWzJgk10p9iA6k=SxS^?OZLBXykbay2(KrZ4ZL!7$K5`Y{+TOW0b^k zUgR*UWWaumk{V}72I(U_$SB!uiYs}95g8>I!$}_><9%&tg)>O{;)yImxMv zk~qP;JjJezl8NCmB{@qpo0S zNk9$}Cx6HgIYARKK?9K?I6@c^5<+B2+z)kxFK7~p44HZ4NyCyuEa3~DV!{^;*@Q26 z?&+NA>{zN3EYuk?NBOEfZC8(vIzw!fxjIu?_U3~HnTL|%tqz||BpvvI=EDgek3}~5 zk`A(g@->IrK*;h@}ZkKG8S74t0Znw#*w?TV{8eZf{u&sKV;^IT@#RD|NI4d9aTt#sA1y5%y%ve4@ zU+~O+S*j>-046y8G9>Q82IxzEhmvfDKwofNfmtGnXBJGd24)J*;1~>E%D*a+T;4%n zundHmEw=#@+j0^5vQ>BFDR3lkr^ku(XlRGwI8_g2QL^-TkhGLm(uzY$mBw8>8?(D%#WcUt@_y6m$06n62-(++q zFcy8uaqZ)+4+q!&!?^aZ3|Gg&uRq$FgJ0j5gJ1t(0y&sKHp{`U-)q*vuYd6CAN=~U zvRA*pQP07tkDh#AiBI3KWStg;=<4=bd}c}49_rGzAvM{+hr8j?uH@<_l|9<0=0$tS zQ724YveHS!ntavEt?Gqia!MLj@D*o3gHPdem=2cS1F7gsR^1q4ggPMB3hpLm>$lZK z$u*mbt`?{R!lLwB#<7O|+h`oP)53b~f_?80?8}NbdRkwx zLew!HWM6ud=iN|(okhmJjJ(E{UE_F8fRq!FzR8!;8fT|aw`gKG~|3Vs4qlD1jv_!FE7 zHK+>o0KW7-u{K^xSCW zW>-mN-3Gs}2@eK-NOKg0BUiU#&wCA4yG3cM$a5d{SW1aarH~p2$LP0-3jEoL`MSmA zl>ZZ+>?f1k568iyCK}x1^6=PEqfe)`k6U${M&=Fbo436US~G1?FyI_M_iS;s0J(`F z+h@*o6rsuXv&|ojZNB^Gg}~^;4ZG#C&7k0c$NSSs^7S(p9%-)=WzM?L zWK09wBn8j{fY?j84PLt6XLSom{f#Kzcd}Zv?w1|ek8SEQ%ay7Ja-4!}; zcbRN0t7#qa0`<)*`e7pOZ6v8-Vj9e{WXkhfT6|`8sp<5fOUiXkmj=Vsk&dx)AbB#g zTote~LdvuSVn{H7Bl@S4Xppbpq|ycAdxQj^YQygeX4IxglhlvzQu(_G?#D*;4dw?A zX1+FFIyaX_{G*lH7Gn1wn^-@X6!Z12gk5QlDp(p5Uq|p55@%gA$KWI!eR_M|-<3Ym zQb_W)62)h7&h$MXJntrYVhEwQBX?CZFL&n_IN;$wBRu?O9_xVTfrh`Nw|F`gbz|2{ zO}}PgTDM#x-z>!atQE6PvKfyAz93rhnXT2g*mnE_9`9Y3TA>{e`g3*Se|meaju{NP z8<*sSwZ%!nR*Mr;m9L^(mZIjZXwVFJr=$>7Wl%N54LM`0g%k4dEqW}3^py};1nFSP ztGCRI4+g%O=WZ~MJqex}0r3NL&whdBkFM+s`WhPep87cQMsTEu!fl3J+<-b>vXY29 z)-=3ilDOR@y!rBKPXvKm_2~fy|4Cu+Gp*H=;NjQ6@hfI8D z53X%4BC?a++-)UD5q@Ge_gcGU@ilg<1Po~Ep6F7 zMYD|Crt~qz-O!(2UXY(b;%*?Tjc7q5I~PmJ(M(DKICNO8ODB$iJaq~s?iqkP)~S1z zxd9!JF88cdc%33J0@+YsPhw+6F=5E^j%p%VExGmr1;Gi1KNQGkAyO9ER?TQ%vJe(R*et5$zW=@?r}3%-487K&Telkfay)$YGZ~DXLAr8M}u)RKcMa3Xh{>_x^r*p z`)QpqrIAOHsK)N+1Ggo7W{mwhaBC%2T}3DTmK($uJ5a#DuW#!T$VXw0CmHksnd26G z3)PGRWKKhjw1Ry5!}s4$fj3V=G)Fbm7Y8XzTHGF zT}0-1mR&l7E+Vp*TbIbR$U_rP=g6V5->{L`h)lN~^V`rtcbHtZoWsTEr6q)tc;4Dn zHd<2Zc(z(B2Q4WwevE9Fd4|q63yzGWP;{1APHq`Kcoh@4iq9Ska>9}gkLQeyXM&+- z(q^VuJpU^x6q6r@T)dcQ*;EEtGLm*L;jx%3qx{?=ce+G(`FKhZ-k6ue(-+#P%+i*+zIJ9lqa@EGB!ojxx zq_+KRgXHh-1xJnCEonVdt4&+^17mBX1;d^CnAm7$-J#laqZ1i=9PK1#Bk=6K`?1h! zS=qe;hw)&27GfAv8{L9*Q(X_)r5K#`y&HSGV5#W+OPzh=-|ydH;1WZtO58(z{W+NE zZrw6S5!AUTTwU~yH92g8-jiB&ONuJ~`fAV^*Wwjx!^x(u(KQ65tG{hzQ=;M4aWrQO zddEfAfZSG)7v?K{Xst!(jD=kyVAl1b92u#P{!4wCD}}YA%-9zmO()#wGdoBYwe!Ig zuRFO?ry`ni^!M=jz5;f4rN4S^grf%)Y^*qUVa1Cznrzd%3Ds-lEtRY!ztEcA!rk}f z)#ck?Ua28Wm^UuY$GnVIK8XLgTYk!*jTy(_-dee1hK)V2;%Mia3BE%T<-x+eTb2(< zj_j+Pzgn_|IR zR-d$uGer(OSY=SdO6~Ci5W?! zjiM{6)U#+CKl!uQ8n~2_M1dgHCTVwd$(l+-IV|-KwRs+!ON~~7=1e`gVvVY{(hv0o zxKu|obE2IO%RM&QuCe=Xv(4z$qMo&^S@K$+26_l%qp{IKKRV=PyI{OAR3T(Z+rk)L zHE^zIUhQZ6x_Y+>8@#_$d-v3uRjGP@tCs9@@btm8pm$)ODVbDLY7^|lZ(xWMUBx!naxs5nTuUsO^sbv-Nwq$&csti z(Vkbr)W#O*vggYgwn@(DiEF5sq z&@R~oKV0q*0J49Y&&xE&ZQrk7zcvBh_g7Un-&f14eIM7GJH8)XNjp97ZAt1oem|za z@GnTLt{1A3!TlXM0^XJ9eLr$UvuK)XO7r_CmJpO`hmo`c;%l&>$~NigOaB37bvSr;sk7&t{zOWgr128GMD$WO~xJ93@tzrdma!PZwT$?wQ3?+f|9j*`u1QxYZ04vn@R+p z<`tWDzDBT<;+$B1i7f=fz{Zi@^Zs?&rN6iSi4}M9sov%Mxfo>vj_gz#<*O-p^Tz*H z>igaI+w`ETh@B$py4Cs5jU5l5{d9o3Cb9tx8mxU-5rYMta2PVLQsm&+pMX z1W(N|^qv0II7Zx=vEoAbx}Utr;iu_#@vw^aP&Hdex7oLLX=pz@mqLz}A`uEH`)wY#=lBXlgGj#df)tPzrUs`4cRd~|NrMFCz5+|0K+Hy#cGLys3 zULlt+;k3HGeA%Ko6g{3brJa}N|#2Y@?%pv#A}8hLOt>7ZWPdM(+xG=57W44sD>?@Bf8q;f#? zzkCsFfz!MQ#Z;8iIgabWg~Iw^GkDd!qUp+)&p%vpxhvlfPvh!+n+*UT-gke#iA5ej z{c^hs4gKkCKK1mqAA@=FD$c*G>g1>h>)Zs5Z3FaJKk^zc&E$+!wPp!ff23~OU6$8h zo(dsn>r&iox4@EmQ6Xz>iAvPDU4#SqvVvFMVRM-g9X>JN4`XXgu@t8klF8qBLe`b< z{LzdakNP!x^Zo?b%QvTeTA+hB6^li?=u%|eCgBUS{sbwB&Anh@7Nr;BL#@obHs0S7 zno{fc(C(4uhncjGT?mSSTztY7X+iJiWRq|HNg}{(={NRTQFcp(Ms_8(ChC-1IQCe- z5l#DU7eWdq4xXyG6xU?mqRKc@$zr5#E6lIp&_naBGZV-q^^3q~ic5jAO+UXUzV>t| zIEN@~hI$(Im2^>DXaDMcjQ*+OxFW2jpE)PAk_MMiWJy^)J=LXJb{*<=e1s#G+*VTK zYu*lams^MU*254La~edOvGQw%y&wCm1dk4DOi_Nu>8Wh4z~k>0`q(f!abfecv$-#{GS>Ts02>DCRQw%-faGGXjxkmXWp$!p!GLbSfpHO>^YTyX1M<9xMVpX8ffS zRsj9j$P?Qq!pj45Z~m_LFyCFafVcCDr2kDwvzQhoD#ZGPgs?vR+Da|dCnaPgdoswS zX3(>7umjG8YQ@RQdPsrjm^pnN0$WMzt9|?wh@1?}3r{2p8o`QWI!N?S3jA#2Qz1Fc z!&~(54$`l_pyxX+s?9UhPj%#=H=LkPPT;f5B&E`WX6{GXQ_`6wBK=S)Y7WdFR?qNQ zbx=Nj(#|C4Gk;biQZ&^fSFc=MYFiSc95V;u9Now%l|{Pejc}UY_W-?~{+5^DEMEgt zGvH=hQBJ+O$R>b@SCAZbv)gL+eSZrdJCMwh1=I^XX`~3()UDtW5hX#T!)>AJsS^g8Yg4+Eu<-gLT2jaJooR% zR4oR{gcJ~SZEc&+hGe=)xIfQ30yo5o5o~V>TTFhly=7$5rgW*3As27z@2W7rN4pKp zUc=SeS2&9*=3@*v^^n}WT<`WSvP?wpCno=GlpVud>K}`cOl|l}Ml10(5y2G1RTdT> zh1bR!4zVoZTuRK2DCI+wu?7W|{CoqUS(ecX)l{q|m}cpxJ}O2Erx2KW=BTes>3Mz~bH$^d#O6_4LjbGQb57IF%jr@~n?bKt`E z4swkg8i~KeyGH7>t&*Qf{kX%5{N@d+-aD|P8@hx!z$H%yk7Kaj>#$F=t8X)%_WXAC zB(5DtmxA+ExxzoRcJzXfMNL4}AEIaDoU8kGFzvk}m8TXeR5ViP{<%8B?czLbiD@N( z<4gRu?X#v8Mo}!itCqwfl|*w0JD-ltDt)7jg%JvIJfV!m&^d%ELf5Trgden)Vd0q_ zV+T}egps_>Wb=kBe4=82*l&1f1mHD7lk6G+tAMSmq2`AKm5HNxXlt3_fJ2)rLCZYt z{R27L1o>jjO;nymb1QXJ(?xx6vO1r(3q)D5fW;~LRx&_Vh1=?W#rTi_r?L$PD6|2K_HJmfU7 zAXJUJjP*bm*ZGC-J~%f6dLay_RpY)6N(g+RVK>{6gFEpI)IP}3dogbBZs=P23>>3E za1qLpP9@IjJ7y0Cyk1^Z|2ec)P?`ue*`$vAe(v0n)Hrk@3v=+*FHTLiut{h|zmR=e zXWCjx>BAdxbOXJVQ&Cs$bzI~9?_Oc@Z^PfMmO&9xW(>b5_dFG;W1M?R-^B791Fztz zJUZZvLrmNXAQ<{6l! zs6xdVKR+(L0x2atEk-l5z&&%mt#~^ejx^lXcwE!UFs`*79zb;Y=msSe9xe? zP?XARc~{7W&BG#}vDEhQC$1Qy>*1f5dEdD7EH*cGd`W{Dc)zX1%UC`oKo6eA+C-lh zwvbxO2c{L}!x+(HPJ>>LK>%s${@VX|&Ec5EKSN{h%*~O;dxklNN(Ykr4dy@QLCyk$ zUCvY`Y&c%~;iz4|`n!%sbkgQBffcuSb|MO6{z9c2BPQqg9oU?;ru0|fgFa)QO5>M~ zlj{J*>1Uvn?_QoG2}4Ja|I8fX#N6&Cf!cifzQS;(>t*PQvKg2|Ol&D1t-03VwRz-| zGCm`9OV~uHFsuffOz&fDHKEtNQqcY+XV#$a+3^z2qyevAW?>6|*P`=~nDC?g6=X@c z_a+Y6x4=r0<{lfAVKQBlRCQ+l2fC~pQJXku4yy4671;a>0mMaW3-yf5U?+Ckh`dTX z$q=-pB8*TOQ?-F;DytwDvUCuU9%br#5d+!-93QP;Pt%7ZiR)ByX(o$k&&e3s{*fH4 z)ay}tOJKiYO;w)83Q&(hGMkv@&_{G*n75dw@qf-w=O@}IMy6mak8QB>_NT$wcGFRy z-cheRb-dJER7P19L>Y%ukF}UWiWCuX(O7T4$TLh*+k|eto&SNM~x>CKS8reY$<7= z@C;Y-KGrJsz}a2nJ&-~F4iDR<#-a?;WLoxV81 zK3>v3EXAA;R@72MpfB>T@#m`nPTTq)bO6e0lJynI3EIV1_Sk@}GcIFqhFPalkArC| z#q2vmZ26J1ql^)WokZl$Bk@zkw?!YZ~#axAIXp-Xemo zhiEUGLo{(-j9kSy{HL{T^Ce?$Jp$X~qH1K1pLczNZ5pGvg7seq#aC24e|JA%bNsdY zKF6}f)(lS9zfA=W(7APqi+>L)3yknGUXpobJ%Co*`UIM)z=>`-l+MQ0z5@H2!e&aC zc~1{CO{qdhet*KeH#ILl$12%*i&lI$PVV*1RD7qQh1bpeGe_9Gvx|@k{58Al!>>5i zOCcmp8?UNr->s=`wUt2DV^v4d-xGrXnKWW4rKEzy#8x~yAJo`vOlS9{SD)bccqNJ8 zpv&4rLkH1=ue#%msrK=btoW4g*)eI`K7ru1xg$-&9#I!r&Xz=t%_asN*cC37Y+#Ay z+E>md!;OCpxvqK14pnr-odr%rqU3eKYU{#TRv&@B7jr>*-uV91sXlz^D z34{2q=Tv;|3Byv$G7Vf3h(I<~S_I2zfgyMl3;j+!t8@X-7*vaZKoEE~rTl_07*>xS zBBAcB^D$(v%od-pZLwf?2lWjmWws!>SlDUu?}9orqECIJ8%3GWrNVl)Z#E*%EMen% ziF_}16%tu)>ugKl;SgI*RoPh=ZM{FdJ1;afxfheG<(?{qC+;Q>K8-`-x%%}d4GIma zs#-ini9Vc@?5A9xSDu#x*C?3bP(j{UM}>N|6Fms7Kr4i5&*)`XtNu|9?7yMU&D0Tu z7%H3ZN=CZ9&eThArL9B@1IO}Er^vjntIfq5a}OSdJnj+kSw%&04ZP5h zXwj4`q!xo9hEQTJ9ypmzdnppJWih3sRA&rFeAQdUe_iNC!MTde1VA6v+Dws|KO>## zXOkn`3N2_%Em*~{xFCe*b8%4{{wnB~gL{cAJ?C6E*vOtD)`18fy1YTeGwU<;dQTBq z7sq)TQTSk5>P5CfB*dOsC3L-6ABH6IC`p{L?`3xOe;zp%DaJ>THg66X*fe@6GuUWB$!y|{P(;mn>sg_sqGRJwuT25Idc_Qo{A=cz3EyaC9`axZ z)bZNSMQpV1X1D`V!Y|r?$7|&EWrSs%o~p%$^R^S z9^+5%S*8Ey{-}R6vFd!1pWc&DSMWiI>BblDRG`7TJ&Y&C{7~E6whSurF?r<@9(`vm z*u?ylD0~L2H|0`*vGa#=Wa2)1vhF;vS1f3LvB9{6TVt|MENJ^&CKSKu5JJ+uQHj?d z^8}l8kGqWf{{%i?(FwO#=KnhnI*SDjU`@E)=AUjL!{pLSyjpKVm?CUhk$bXMO?IY| ztkjf~ii);3(54Uo?^co6%jx%Ephlg+aCt+(rH4r@_4`w-#X`7C71Jb`+I{%E}3XExlK29$`#Nyb+!v#BR zk013f|MsrLyd~U}c&uLo%6O+7fpZZ?5p=_&#`oZ0`0cAP3qQm1?#%To2)SmuOI_mx zd}TX1Lblulh-Fb}cV>eQmXSwc9irrhZwiH3*xV#=QfA=FV@c%W5wXS}xHHbJUpQ8{ z<+(ftPw3SvROAt**LV7sR`vu(G5IJ@$HB)j++_kTuEDm;GS@pfmK%WGdSP= zpncC$Q=Lt8twIKUAI_fdv-`)b4tcD3xG)~H^b#`BlIosJj4W|+6y(;@AeJ5^g-a%_ z%?2I;)F~OqUyQeA)`>XKeVG{tEy?I5PRDS!;hwNUDYTk~t<5<$Sv0~Uy|a#gbY--A)&$~rxw>uB;vQ6}s3S;D^i-gQK1sWO*% zMsoi=UHjphu{#eZIw|NB73iu5rG#V?+Te8d&z(RmPF=-)4E7 z(K;Mjx#Zy2&Cb!^*7Naq^uu2;DSFhHdn-zFU=6{Az*Kae5Q=9zGPNx@rQnZ?n)k6X zT=1ackU(iDmE`D@Efv99zJu%d>lMrx-e@`*5X_ht!j)z2kAa`-sGVqKWiy*M+sRez zxj+8yJrEpONVm|-1U)a-a#@;AdI67^6^9c&8-+_TF+71gl7k+Aba7rQL+MYEW!-q% zG|-9(8^(5V!6xNv+Iz}Uh3NQKymQYTB`rpFegj~XO&RRN<*U=>tR*h{Y&#nph5id= z21SX|b80n{G~wgGoBq1lCtv<@2}|&hDP1bIF8~mEkGb8;?+w7oDXp*#)sSkWWLdSw z*$eU`5>lF>IE`%-5br-$UU>8mMacJt*vrNoF=4{G;V=MfH*?B}R%QCnjhVG%mS#_G z>aorL$#%{~{)c&ib`cYEH!RjwYfu-S3nu+ zuXO9(KJHsByr;qG30e^0R?qGk+_&wp(RdwVeWPw{=>#1cVeng4GJg)BB}MJ zpC&2jcVDP0zR3k6d=JVx-!43f+iitORnZWO;kd|O32^sx3Rnlvf-#OIa`6Y*mz<`>ZKE!ODf7;!Zu|e>e#%?SNP_j z(Ilb1w?82{|>q9sIDr{sNFgxc>6O~TA`8GLgB^H96!eA!TyvNB>P^?Wd zqYwn6bswsy4wx&?Kh~FUjjZV&CxWGcsdSaGF{{>y!4z=$CZtu9CrXzeT`BDN4hwcs zRPv|;I{pImo_@h1=+xs{zOHmOvejKAX*TqM-bnMjI4N_XJuvIF4pA~To<*?=(kf;O zv<bj~dk^ZAisb~_HS?f@?7FPVA=M8vc zJHG$uX6P+Q(_0F~@Xh$EX95}>I7DB%CQWsYLItKd7jCh^W7;w(syvviW|tpgM=T+z zp;bcuqU)5Zy1MeQ5$T~JUXVZlgiN{FHD)T287?ip*2by{t;GgP zj)7EWj>WV^RtD~I|z|ws>yc`<~~a&(KyApk=(E)NN?6}uFg`y zRk}rrjez=dIy3_*mvkHoHZC<5ChCCbREH0S_#kQ5qLz@c4P0^cYf!KfxW?$>h+{6v z7PWX=Bt6RVScPf6{&`j~%9mWV@m89tg=nbee%7W;ap@vOk;CMtrAfwC8wJ1S`(!em zweP(AjZOY#bI@0JhE)OAL3!R1&yghVNU2f_GmQQ>d^FeD05#lVJRt7)u_{2eS~An} z!NdW>IsX9SHx08~D-j|YcD!n7N3<9p8J&|_Bo=IKM$0ycGmMwruqWxfb=VA{#DWAy zNTQ&_KO!RhohOm}VQrdV;?8ZhJ|_K+VI){E)8qlFR>Ll2H{uC0S;?&4Dd_rpbg7B} zn|64u;UiLxV^C=0Y?{aY)7R6ZSj7X0oknb?Zt4+sug!oO2B1vLbqF=@WH}^N`a$vJ zsajf)@)*lpqVWWj_KC{?ec}?)cxbdSpi$ja&uokak&LYSd56Jye4|i(OEnAyd+r?DFrcuyJ{qxQWd6k#( z1dG)h-+bXPrjpK*iU{D!Ju@QG%uQ%LM~b~!1)+gPzG~%@nT9JSDNO+b{vYdg&r^n_ z*hx!0Cp_V*gptFmtX@BPC-35jDAkP^l?52DL;;>=u3mw$#E2IDQ3G#3#c~D@33o?C zv#ggMKG!j&xJs_huWvq6IvuUMOXtpPF1E5n?$AlsV77=8RyW%i-RxB3s7jcjF)rNM(IYx!2K1nRlzJlCSko5-AN$#~?L>DF zBO3-9=+0(HAD1qo+pJ&U#4@^#78g0t1H>GR7rOBPe`#)tQ;KVSvubzaJuT_ZeOWddX*uo zGJ`WdoAq#pG_IQ0bNBdM9qEM2aUj-)2m-c9y9%(*P~e4kDenIHeq?fLwtbTp)dVri z1?H@3aUTAydP2alaXk64tUvPHzOpOOd{pLb1_K@L(hIHe;U}1R9!a%fCix#o%Q^G4iLR1Wcq#O*M4#$w>-NdN^vae|4Rd`YM zBP@6wNr%lFR^gnI@u)x67kuK~FIN&n|GSPoetR57mR-^?y&p$UlbLiZOw-X)WTUpG zHVOUSV;hjT`0wh-sO#VY`#Pz|2j~k2Uqys9P;hAO^Os-Ts}ORSp29KXS0gdrN~2rE zA+6{6jb08XW1f@>M1kIfumwKGlJOD(tdXLb?eb7LX@l2jRVUd5O}ez`q*hk*Ky()r zqR=OlHu4_I+9bXK+&8cKC6T(o;u>K9_b~h|*~TKUEI@eb8{m{E8{!GzAY1o=(-fG` zzE#4PfMcw|z{Sf5yFkBlsuCQffvtZ?{jDQ%Wlll<54@qSUlMLEa1a2T zLM>YaY%F%HHHFEubzkm5%7fJ&UG6vN;X35PFJtn2^ zlr+C@o<<#Sno3$WycAM2gl`Q)JFeED9FpraEYKB1mlmgGa4>PdpKdX~h0NPBg2yJ; zPL;MwJjm|q3bnY-p#rBTbf}RS5`Lf^RGn2KC7iriaQa27t3LFMPOw27N`7m4Ln55o z!>ZOQU1h_7<5~>?WUHsaHbSc8H>mGfl0lcF5V-VwQbWGH^fD+zJCou`5t7bb2&A=G ztL)%2s79C~O%BEP!TPd@b%+Ab&9Q8rYV9(?_4Bl9y{zo8(fg!ln?}1lt-sEdq@aTo zB8K*X7QUK7IN183kF1h&;3^%evc(t;XadI<^Wm?0xYz^^yzj|DycM! zx6MSK%)!GTB|7K2T-$q|!MB6eXK>)alae*md_@f&5`~wg6|p!hW2;qTt~Gt=p|2i( zmUB}U{+sWZI_gfGsg`|YXAli13}cb@9C!@#q??tT=;|EQSlxrktWZAO4Q+=deM~<3 z%bGjV_EY=0f$)1PArLCW3XB?gwqn643ga1PUWm93LX{4;vIOIn%gD4cU(GJoY?f_R zmM(<8+(%ndy8c3W)dv&n#9UU8m%+kQU!lcwD1!u%0J>Bbj^i11Q}t)bp6qHAl_;np zJgkZmOuJ}%xh9KNFGR4^0BQ11jgt1}+?Pn%muvZS8{1lc1e*3(YL0DsEHQf$%={;N zP10X+;=QV>sHV&6i{Es`BUmoYC@d|5J;4?W1Buaj!*qJ9W>A0*@*ya(AJkvZb&~Nk zW|rk8x3WC@Dj)q1P&}Gok+5f4j>*=DZWy^iwXP%!`8J1a1cx%rA0i7mGUK*WH(!+| z(4tWY<26=(zbswf+s)PUes)~P!Jm`c)75^-UAV_r0!@FLZN@s)aiqkv`ztzgqG{zZLf*#>B;@7=hRa;6b}A#n}Ie7HRx{Kblo`e0(B#ET579Gyo{jGfIcqQCOop)g7lg`_8_%h1%ici5?=2oik(tJYtnO&8X<9|q{!w^9v?#v$VrtR48ii=Aa=$4UH zCW+2=84*d)MVI9F5rAgrJwx5NC!6i^v60ib1SgC!yT~mAvf5d$~pNW>+HKo zj{Dpsio_B^N`s001nf4VKP7&Y54@L;tq%ZG5C9DHskn46UY|z1~ixcTsM!R0^ zHdK*}TREbVa3}zs8A-9^$o9~7ziJs8;6()j8gZ<>B)N3j0^JC;7<4JFiUafp5q`bw z0@O#L*&Fg#4UF`#VYk0Am}c6wdYrrUaQX7XpjqYpdwRMQgB``}q!0=F%~Z9R{v z?oH;aCH>ZeH{${@;&aI+p05^HY)zIO`4c>{P@22(*E7elccN_jND=r{ zZkM{`Y4*}FA&inQii02a@nDGY#X~ka4NoX+5oG%`HfWFEU+gwM7gT2(RVw4O0Lita zqLT&CcFQ+TDC^CV+{x|!cLEp?u#M;rF;=JQotzt{wKJHH?d^P2eCTaB_l$ve0r@)80OXLrB^AFjS(lY|}T-*7c zJC2eSU`-U9C0WDXTV%z;i)Tgn4;1xmzpFk<@AwM4O3P_-Gvn{5DOWcEb78fMd0Sih z(iqWM>5*o59oCH2nWbI^T7PP7dp9ye8=Pv&Z79O!D9whX{TqI@ zs1V}Pt&Oe@W}M*E781$J6&h){Ap>#V1=%uAAdN=JuI`tL_~GWj(792&E-Wch7wcNT zL6kEG0#;#r7NJ3JMPOCRH?zOJX4O8if- zmET8`zke*5vv6~nGeW+$|Jj7f@3=q8K9-5}1%M~n#m~s=|3B#uxB0(8H_inmOG#GP zNv;O)uQ3{bJv%fk;8VOAtap7qKChAe4l(iil7afUti1 z1HP&g9(UPHy_AXHjbaViZ!}R3lBUm0n_w22iIJF>0}tpO`hU*XgF=0ab3g{M!uS%+T98A5TCepN6@AYu?5jZ;fK z6$GIfr=74^K4DW;nsBuYeoMh#6K$-6ATu_uuu7v8idu9#4^BCF^YAr5+wibe1|l)X7o6)`rL85z5wn&CIkBWsL)_{ql(z|EMX%ccgn`S!N>rB|OWM5CViFaQTNl^A82`19NLD#(Yj1OGqmv4~k-4;%L z>Utx+>nStsRy4N>(_}Y190nBH1AlnxK7?`5%W?499TZe2Y9H~X1WnDoaQ;_%-F0OD zrqpYGBINNmV5OU-`t82b#QjPQ7F*wntClk5kA`LS1nAl{+Kh)Qw87?NX_zcQKrPWO zG>gcij&J%3+E(@-o5UmaUpt@M@x3ebe*Pdc{#;B`qRwLc;i+6R%rz3Mky`c_w5{&S zge{d=gV7k*cJ=_A_{;J{GHn@|OWhQEZ!pZi2}io`YCAnR&!|l+JT%TuV)+!i^^cteTf! zGzA1kL7-Zb5cp(X=s=hJiQTKqzK3lEfC0Aqq7cO^1;1_Tw6Z#wSj~1#_&O11^Lxb& z)GS=QtVU>zRgj1axU%1YxZf#;Sd-^N6}E0q9Vbt3`ju}YUs3|vZW4Mt;R1!3{id*c z_ba}@5Gts2=7_DvBmTVvw~c-%)Rp+EJuxgBve~Z}oo;P{;wxf#%|VAYt)I55?m*HZ zZ`cUM2U#nQOboM_*lgfjV9@^d@_jsYw!)zD2u$NGDQaEm{34c$L}rWtBZmJ*uq)aX zf`uJ$b#vn5vo3W#Z6b+)M(9QKYCs+gN~3Lg_cVp_Y-8K|nNi1>xFiDWRUev-hS|bB z*}Prv9oG-9)P#9r5+P*_WsFZ(weJw-NA$cdL*; zn=7Y>^N?v$oxL}l^y%+c*!`6!x?PLEW;rj|x(@3ScjCanoAQdT`mQa@895@=TpqD3 zZPfa^T&m;Il3z)0(rN7${#iX#UjN?qy{{6usx4qcUEY7g6^!~phJF?tBk;G_2*aYG)d!^zN*VDMJ1#3geMcy&*2}u zpln&kEDRiVm0w=N=;ehNMs)vV&BMroE~)vhKw_pSDi5j~)mUpmps*k)uZg7SSc?31RIK0>4$KshUxZ^XVRjCDg{Z(Ai1hpBGHi6ft zK-m7w@_D68N@v=xYH&p_DM77!>H$2m-F@13U?O`J+)X(rNIb{tj72dxpJ#9ECPV4c<>H*gV+f)ddqjgo;|CRj^y-iAt`$BGU7Q z_77L7ZFq7F#YK0+F>bQc7}GxLF2M-zZ*Ak50VW`Z1{tX@!0 z2!+Y0KKc-%JdMBq&pxIK8sn_3u#U5iP97Zf^zKDwaM_h`Cl1ku!D+oq`II)4n79-j2W& z?{R$BfjERuFoZx8V&VflV;J+SNXAh9um+!YiK{%X^<7H7mC}*K_|4o&^4ZZEFCm$|r_xfY?2Hq&qb<>kC+MzxGUzIk1 zcKjU4U1yC0@*g~}q*qmVi?ZRntl=OrxG*VvnB2VR)9dML@4n)VB8cFHWId+zBKknI z04P4b@qR%z11R6ugI)r}2t^TXW`Se)qX^o$As;#X(4e)&@rK&eN-mh+Y|Db5J3|nz z7k-;xAZjfAJtj^qU;J&Uf17z7kkZW+B5xhvS5U#~I^8AL1l0m5csebQX?~K{hPk7k ztr_Rz?dppI9zZD=p9QHvb*)+8Qi9*{Ecl{vRjrHvd0PKGZuF zXtU0|Ti^3emEPp}Y(CG6@tjJw?6wGoD)c`}4q9^A)fuOW^pvl5V zW2Z9k_3jP@0xK9HOUvQ)%B}O6VN)w9uQ&N@Bq@e6EjW+Aj)i)O3t7v6?;^4Pfe-zg zkNc!lJ}?*kABR__FRGAm()NqgC_u(W@5;O!oED~hM{30nV(;I24CKMq#)dXtX`$*g zzlD8ch9|3R#}bA2vIs-t?1ydcYa+Ni*`+_8!XKb#uhTdFO6&mW;qt_}h1HoxvZ}@~ z7TNf(=0z|3soA7=j&fvLTz;T5R)iG4xkjS#=)2@oVNNDMv-`(?o3f}rAfb?RYuZ&X z)sYRRFTmv)YAI^`$8)oX4Q=ZA!h^>F!dIZoVFT#nOrIw&UI!q#2hYN$_#?AKZkjur zSA!h0KO4{pv)AeWu|hK7>pa&g;3`1n z5(Rs^_WKsX=7|Bc9iYNa(GI(H$}CCs$eU+-etGpjr2Vz*INh|hzGlfow7BFO(}HCk ztb9QKHBko(kGrM?+Y^{Q_l`Xbr_@=R_>!D`qj4%*m6|^7%b2^^PBL{&j0k>MtJ>W8 zgSC12AA`0ehT5Jt8j{~l)GlxOKTu|S{;44R?T+@pWQ2)+YFQpQ=Vb~WvjW*FfWA60 zKI6Gg<&dtZ>k8fNfY*#AdE^4Nb`n#Dyoh~7b7Y+@7yn9qq(pr%PAP{f8Rh{vNvW9V zzc>(`EQVU5v_5M${)T^*`+@NqZdn3DcExH^*o@^H653sdQ(MU|>9yKo)-EuruJFMi z^)oos5p)U0N}=N$_MaR19jhgs?;4qB?hu%Oq*Vfw0){;A>j7cH|Dg22z4&wiD?3|V;_H23we$`Bn zR`{}>vMT1~R|~phs~VXcUZcU894*|a4fiwPsXC^#ofF?Xd`6#Ize0wlwLdliOb%;* z(Y&cdbxA^rVBe8sv!(^KU}6k0(5#lN1i%d`^bmhlZA;HIo^N>Rb0Z^OP_jB5&VhO? zl8?uh-RPe@uET$uh~FeMs+toB{vXDsP&K5yVg-?w-R&?Jy~6m7p2bLa{K~5}Un16P zS!HY|W@6;*+*e=hkzzOmZo&tZc}+GE5OEk}^dG^_=yUNDyMg*mDmuc^5i=$+A2TSG zbPun{N8^QxK%q~CwoT9pfqU{M!wzv|opnUcTdi%|u? z;L-vq!^Ax;3Tm*DqfZA((}6;gTezdv8T$W6t--(SjV6KgIuP@TFlLw&Nit8!mbC<1 z8$@RuRBE8$2bz!TQ|h6#3{%ZSSaGRZSaH!rBF zK@`yXYS!4IFC~amIe$VKs3IH;2yYaG3$aiGugIK2mbFe-xP`N^JvaWN2%YO3(e|7^ zo|k(r@|7zI;$2ennqY&i+Z-cGq+MI^vsDLb1GNQeqxvR3>){%lT_5U^0^`$KSlg~3 zD6g|cz$^@YB|aj~gza2>E6>+rwC!}$D37r&8)d63VwBx-aF|ENJP-lFVk;zmyDK72 z*!#E83uWyZFOJ470X&UY+_U8wYQv4sC^tH-AEB^h&Hbx4M!$HR^-VB|_Gf;X)k82u z+qoq$(82)s~O8}M1E78^A75)2q`%aVJ4E0KkPHPWN@ zUN$nFu-{Pj!@+%OL>i2s9U4O+UG%YQobS9F(jRul6$s(vR0kBM;5G9yn)}i-1}x)1 zoRm%7)iUGFyNY>051L8gs*IDyJQ;=D90pYQYNV7*L}XK_mUNV`m=E2yh(QPQQQbJG zYAaYbk%p6*Qx{I?Ooa$|YUyvOQ;LdTX8r5Ox3UV-fv84Z`NR?u5^ug^E#SJRC7asH za1%&@$H!o_GV}o7u-YnLRj1y>Godd5y(NCJ=LK|_4b2EGPe&tu8=cQARS{p(87JEnj-x~YUoagrZmKwr_gw}S- zV4+7>tfDSa2fGWkE?sC6bspI4Vz(E@2@AdBOh)ph6@7Jr-x?v-4L9{V|C`smz6;gb)VeEm0bbD_fP7)>2T6)Jrq-AjQS%D z<9@(y_2bNiSTjlKG(|Eg31yTUB3%D?pg%Utx-X40qxVUIWfPg$PkW{kgk=)Emp#{4 z!MG%DBG`EeMlN5;*iuMtQOwPv*_lQ%Fh6AfgtO9!6}IYA#VSOEQx1Wm?F}3Y|0&M3 zjZqC~TiPTj|DfuNQ}8jK3Y9ma#xtXcwmIK$Z}(n$i70~U$#!rPWA5%ChBmjX|MIL_ z5)^e_@Ub9ob4#9v*|g#k>}!KpaLVlJ(aC2o%-G{wpM;#Nn->%nLB(Q)oA%#-`Txi| z$Jkz?HD1>?cD-xcw(WM;wr$(Su5H`4`LDfe+wJW+Hz&Et{W7!iX06PJ$xJfq`MuAC z)1w)jfSVvJ(&G#m&{~B_%p{h6T`fm|-j|D*Ae|NS1Op5NdBra42!5FW)Oe%0P%7QJ zDx?d#0^3!Zs+uKnrrM%z2!`V7(2?l^x;KGGc6XeH5gfr;Vm^V}gg1fY3wZJ79{7hY zzUj%=MAD!AgcGMnZb0<>f7Da9n&_b*@MXb6mPY`8nP|hlKK*x8 zjZ(1%i~iJ@_WJg-mTj-oCpmxAKPQF<}#)-zf#R4IK8Nau^YQ4yA%0*lL`{MHzzQfxOmN(&H8b;0e zg`1$H^Ssf++Qw?p6aBx$(|lPb{r8mRVGY{SeG=A3ZtVrDoN|7<$6@g51pb`%uNU5I zvzYG2)pzskek!y56kXRw!9UFj{z%HTXc_UIuL5>@jbolEkHH1!hsz)9IwemEH)4`j z&JKqyq~7_0SoLRgO~ZM>b&QfSbI@;~o&tXUm5-fBbsPxTgKn$x;rKp{2mnIJ-kfqu3CM$E4VgV7A^HWTcoRAYMhgs|zw>PVAE2~M@~ z3ZK9SbUIbpAp--B!#qMvx7|pH^1HfVmaUTsJ-$|4V+U2aQSIf_#`Qu zi;=Af!MslP7I?*S6|+2g9~5hLxiWo9Po`fF7UiD1;Ot~)-e`f;IXC*#V=a=azWUf7 zI1>#V-?tZ*1*}38Id1nQvs5dVh;HvkRI4RqhK!$wU0O7o6_m-A8ZFiBkuScyC(F|LI=Y$u0PL3&=}CsEvE+bg0YfKLJv2SNSStotcX<3?Ft^7AvZ4|1_9 zzl8&drm-8Qr6}yR$U2eBWb5*hAny|>MhNJA{DBfsBeTxym6K)ZJWU!!a9(4T*E7;T zdfQpLpU(FynYnVa+dA4$c=PtT3t$-Ta?IFATij|lM`nFx3lALVT@2@Fq(Sb}ToBX) z@q6A1s_vy0(_6nSDH)XIR!=KuZRTjCO2C&#JvZ&SNGSGLWF^-#-U56C>~K$H@fag( zws*8Ya$gh^iW4ZF`vQ1Yp)8oN{Ku_uwwU)9?&ai3{YF)Z5T9Mf*Are@!IJNjr{+=& zBIj(_$KETiE!lvM^gbDt(ahE$EF`UCm<_eZ0==5iRnnH29Li;D>ihn};oe~Km1%r( z)5?hLmwVzD2RoP?D)FL#Ey3gv5NBeui|DJma3~Jb1PpVrNfc|HtFn@r?*sqj^BvDy z>aFWi)gIddchL+7VXD;hSKxrA>$`}{JzPw$45%fgH-P)(uGNeT1na241K!zb{>?xW z!Ob=*{L@fTAd%Z?w04?qf9ruMkKCN;RpIT=#AeZM(JzuI^(TY+7g=fSt7f+YJf@s{ zq4GuGjUT8$+QXgS!Q7w71=bT$|Si2*FA_6%sgJr zfSwqQ*#VL(sr;2o81BI4fZdw(;;eBe1cpj=L&z#7LsoZ}WRp$v(HkkUX> z9}%ae;JU{n`SrK!TOzaUNP?G7zfy+&V30NYc}8%5g@uU>9HTw2c1yBI`qfMU2}Fb+ z-7yLAgvh3lHosa)ioXR#TncgYjU>5D>KvU&<)JtcvQH(7)oDAzt(7XaO`3?iYSH#Ca zL%u@z0yFb8r{a=BK(P-8f}BdqU~?)Py4{4+Srl1@A;|DH;^WwOg1)dg-W7(BMTY zO#{t@0~2aIAiij|X~jTaWB?$w!?oc5-T;~cJFh$dB?!BM?Bc?uRo|)yhWSmk0-svSw|`pb&}XO(noW#S0VR` zH07Ep_ZkEDp`C_Qr%J!Is4~yidM^T`HGVp8Pk^8=)XIXO$(CV&9?2G)Aj|6STnYM& z)07g60Z0Y|^^YDik?1)CA@iV{N6`Vgz5CHx_#F|PEfvZ2(tRWsSa1`aHQa>_)~Vf~0HDFS)&HTI|ACyo&qqH%^FEsL(@5(3zYuhgx#R&c zcjJFRH0EdK4wi|`={HZ}A^OVrXC_lpoJ1k`d+2axEYn0+Z$Qh^PM?He*qZ#9rA zCK0N|R;to=Hwo0^ag~{Y1|oKq{@XfPLFmmbMgTD;VyX%SIts#A;vRn5ibK7H!f_7Y z1+iuh0)6R`&o**si7T%n5t0}^@QB#R%$d(HL9)A~9#0KpmEu}Y6QWh9u)u+RZg2ra zner5y$~Oz<+ATa~+SxqdTFMZNv-q`ySp*3ie`kzd{H7onSwDIIx9Ke!O|>CQ)4;D7 z+zsi{Isgh&!zzOmdY*`7o72Fwtvfc6h^Q29v*9{C*?F``mzNs^c1o*go}&~;56SkS@KP8$PS3|S8nN;153F%ZG{E_ z*a>@6UIo6lKwM;NFiXm2^NGJsRc)+Ob9xs<$rKuaUQVf4^3VmaO<;Cu3 zzSaM;tHxsx2ctCeck8W!+IY2Nu9TqZiC311Q`Y9zU8^_cPNNfHm!W{wHWt9!L$#sP zwK61{z8P0Nc|x>`MePvy!W71=s{^d=(nNWX3{gNG=_VM9$g_q|#wyZwMwD&*t}@Ba z*G@vu3Zs`F__#L<^QeHcFjsgI*X*wvNrp&utIMyA&hj`-RX77NShv3^1>KZ1^xs;v!ZuAEeC2&GqiqMu~8t{F|-7NC)+dxc}Bos8+m7WL}sO-yWNdnWv?Ff)Z6Vg_m!E?(Ay6h^A>_&HoTAAdZb zBm?Y;6QMF&_lGu<2e;kw=b?A0zK!RxZJy9RLM;9xxStM4Uy!gRG`bU{W@C}7_x_Co zpR$z&zRI_>v$~Ad3&n@4%Yax4INp=sfi-LA&5G-wR45xZLW%xn3L}$!EG9Oa7#G-I zc-?%S51gz~XkC4iISYzfR$E_4#Y0e-B7yM`evqw-_W2|REjZZX^E=O3m0_DAta!UAjVpX#9=j#0q{jEyt zJ~@)RwZt>l)5 zt&^Mh)z$^eyge!{ok_!tL`Qpijx>ylO>8juy<8f8=kH7$2C9GMcilgw1(5xBX))BK z(}jrq8ZGjJ$?F(#s&K-drdVny4fE;YlW+KjfVa|Y)RVlQ2W-c6*>n|ao1_QN-FZaW zQJ9Itb%QyaniiMf4uCR~XI{e_n8xD*KIv{*kY?OKWbrqEyvXYfuSiedr!J_h@iZ22 z4Knh_+KJv;#&}$bhzYKG30_T^8*pWlZ&qf76XWv(NsI`O4Hc`EQF?&30iCG(Q z-34|it@5fJp;hXTE!FaFSt`>QRD3_yx=Na76g)BVef>91riE(B`VC`}8H@_c&Jyn+ z`cL|@-a)X7j!iH*&sY}ems17UuS}|53|yGZ$dWHzlzLzfD3E-CAO2fzA&0a(RxU|0 zxfY0ijTTV087&tu25H-c{YYqQG-eZ|&0F z0-c>L>{ve({bhZV{o^drKJn{`ho--v1G4j86QJJ4{H#GOXsSZ{Knq0s+a0Uz@ed9~ z9JuDPYzrd?x!Dck8?<$LR;67*XYEnzLVPuxw$FacgohPY`;HY^!GD!*xp0V`+2m@R z=V_Y?>@faMjsfL6xz&zXgfE@} z@ni{BAsR45!v&Lr*B>p#BvDM60<2gJ$=O=SPow9pWb4xR3t=%4RUH^;JY3lxe;Jr9 zbQ+ItWT@`>t+z{v(jI{l~EjGdP(g`;y2IhyR;CyBuQw@E> zUHi_Aw51NBh5Q!HNEH8S9Pbpc%O;A%>)5XJoKJI)2wr(#EysxsCTq$q3?$On3n8Uu z3rbXHvzbl&t(vkZi>Yfis(YPB5NTtR&6npUWYAzUz(q~LWgkv3>O48%PybFo^Y|WR zo8YM#1TuSGEA#Z6vp(ohtu!BQR3U;Afj9^c3aL{HoC#3td}s(h_F&#_sOU2b!c&rG zkB)Ve0u4?K>2-IvN|}|P&JJK6yRBmv2~B-FSJM&EqNqdG0eH9xXp8hOVs-3!9AeDj z7{2Q_!^lu0+_p#)Yu$OlyNX8H!cT0wBao~LKai{9O7<_VoO~Odq~r_xA}*Z%d_jIK z@HsKxJ+u4MJ*2!Up)?m!W@I|zYGV2Ik99kQ77hVQZ`!hPwvo(`YRD|YJR*A74$wqa zseCQ5yo)C{BR->ItIhQk7Nz$>Jmf6rf|hRuO{i+7U{>0<4FbE;DwKUmN-g2{ zaD3*NoL27NZwvG15q!F?dBpiJl%RFj_B6$DUW*s-x`01dm0`QiLY`0a7c6+EOTtw# z_9`>a7aEIS{@v-}vB#ehwfD&Fn= zb;F`~B?yMB6~{RJf_ue$Q3d)U%OmqqMu4$VZ84kZN&GEq5jQI4SIZ}E*)Ri^o3e8v zjGT>U3gCBOIJ^kxvm4c^^a{Kv!g!2~O6z-F^=Ia@z`5P3CRL}@8G$MtWvw>U1Viv| ze+c!4j`YBwTSIQ-fi3qI*kU@kolm)*kK|g6oA=TERuOB((a|RlQF?W$+8^#O+~Cr|83J4x45(yS)$cRtd|14oFJBZd zx5QQH8%JIeS7xhN%7OaPc+?-L?LTXcU6en#7a5MJoP;4V`|!r&JzF4D7G=tiZ7u!-eOAl_UH;XslC z|GUFXUT`2S=ck&wwWb9K7_Ooo zbPj4WQSn7|(5)A}`X1CmCV%!BXY*#PR{oXRn2cn?tt|7m$;$mG&I*%WUatk65a;^_ z+*Udda=d8#fb^Yr6EbBz=pr1oY>|jAmA)8v{|o+{wf)fToh-N_Pk9ncQEMbW&plAhacj8)L(!1FM81$1Hmi%8I z?UTBM>73GSd$c^H;xWk>%q93YogKe3%Lxn$&Gr5O(IaD=;EfX^9y_ce65$U^Kqr35 z5Oh%4qT1$jNaLZV3Q9$7z?a@?R9ft^IfV_pYQ;cid|6kvU}8x-7MhawrLj!m*8M_4 z(l-N2kAkPsxkbLOE=;!sdETb5SLvL%S6gf4RD2Fj?>zYN-#V;W(UMSj3Xe(swE|n$ zSPPf&aorfUKAQ{N@Nb*XGZJfLBji>$4p~iHSVd`XJ;|?J2xK^V44+iiGGa2Lo4d2AR^JG`EP0+-7sLvsVOJu?VFIh}SW1O0@CW;< zYK4NHe3H{XlL|rMwkBEHxql8PE9n9r!6b|SR!s5(;#hTf+bdc_b8ty)_-_cL1BBUTU&-@mOFf zRGQ`R@HUE^&XehxZQ2|8y>!7f2)*ji5(ne3*Ul}Awwp(k#|nOXW=D*G77E9T9avt= zz!6Q7?%v}K!2{65lu8Lh%4wy-)={`CoiMiTv-8Fri>*q&!6AP%dQk;Z39|VkRVZxx z{#g|WuC`R?#x_b|xqyIu%rk*eHCiA;icQN1lu*l0CP&Sx6eGPF?!1+hHNqkQ>e;7F zQ#J5!P!nqc*`KjOpskf5%h0qq%yze;(li+VtRtH6@!cwGgs1KtGHN=6PQ~cf<}t3L zDlb;Slj;;UVcE;#LlBj0cN=P02m`=*bEol{jt~UqrY}(05($&wv&i{MRV{ylmS#uW?e zNUYb92&|Z@0m?z2<$!Hk>B%sPWyq7iLW`<4@4S|yr;C9p+!}m0663~d#gDE^l#7HxGAJdIXV{#Aj<5>}yAJ05ptFxTVOe zRDb|yfO}s|y@R1CPS=LQ4ODudF&kpIfK671s}w$0C@YmHw&#?U7SxiHqiPj!(p%Vs zG6RqYR1*}2^JXsxOLXV?=$>z!iP{DLDO=wtu4s+O2gbWR4G;BLK*L@$i|`$E##|HL z_~a|_@e$Q+mQ)?XI&cQRjC$H(B%$cOZ<+dxr1%@e(?`rLUC@&9uP-lnPOI zuT@q8RR0E4)sU;kzbL#2lfWx=?F?>onf`8qa*^5Vv7=YxFhrhS{n_(%?4VUyQd<9% zXHM_;4@RLm!D8*g0xwuM*4*kZk7 zbObS@5}%TX6rFZrgc?CogC7_G(2UheWxAf)b$Ef%l1-9dn;U1B24 z`VH_zAqwr06n)D096(B!LoJ#0^jb1}Yg#h&1aTaSXha*?S78)6&3MyErt0fv|fM$#OBC49kIK-kYl8&EeWvP5Kz|sW7|Z zF6n0#Fih97frNs3VZTsX$c2WY{_-X>KJCs)yLVVenHFCGIvR0ygL{&X$eVYCpR3^$ zeH59(njw*b{;z>84{ter!}OGdS(FA>C#P zZ>F|J&(kThgGSBt2(Yr?110h8ZqW+(8$8Zq8BlFPs0tiYhf9o_GJ@qm3nW+r+4(>& z7JqrejzsN8IM32-35KY7GonUoTD4~CgBp}U8ddH{2*$bxmMWXmUZ%zh&?Y5|3QvM$F zUYm_l?xU28MPGn6#@Tgp<;3pyCp7^0lc>MV_AZo%#jXZf86C?^12)+C^X@#RNf96L za1sy!E|~T)@?`rrkD4KKsn;L)J~5X+zUaZ^~aDhebZ5@MM_KUGQ~KMV_NWCZ2_+?`Z|rZ zc7S#{k7T!%4ZbFpo01z%57tq}0ywdf12B#%fST*Mnc!GcDpD)KyUUvZ+jRE^p>sQJ z%=IR4u9rzNSRrbR7P|rdvAOU-H-`L^>GFW}f2`S;n|EEnODSsqN@U=eC2JP6DmF1a zJI0}A`{&;dkoF3X_iC!Xnj(c=nueWp=asE^wv)%RL=1hhk=b%G8)hxsZiII!M9jVp z#G3Q>EFE_~2|cyr?5!O~Hy<6Niskkk~; zXYF*7b9rV1)on(7B3|oK3hkUX--zhm_UR-NWrnyrGcubnoy|+osmb@;?6TeYS=$?N zzo!YRRcarsjY68(*5*X)a{)ujxG>g2uz<$X0jD3jp^ki=x8lQ+Ur-I5Nfj}JU}sgp z(i!H86z(v(k^Erlpi3@?-ZdzIpUQsI%`;o4!t!eLx%J?-=C=NIAxgpw=) zl>Co`SJrx2PMi$!*1^7qf5xw8!=tu&AS>(JTb!=l8>(1g9l^XNCN>e$8p*+tD8UCO zEaq^tz2`*e>CV?k&0mNaGL@ttE^$xE%(FaRY7-9@*>!#9uzN*#e%qKlenQNgvkB|T zhM4M3qB}oaiohp5(Mz|BR9$Wdu1a+43o1=EqZP73QGd@`VJirbT{fFYZQVe+lZbI4 z>GQmw+~uAj{mI{+F^R#a_3>CC2NKvpKxXGP0#~+W81dy>#u4jslOwWr5PzK9H*OV3?Gb$t;y-jl>T&-J>_Q`*BFpC-$JAlgk_Mty4#NAl-1Kei zQ>~hb+yI%7$05&ES#k2|m4EnxLEsg|RNoz&5bVvwz?-Q+pK@#??fUh%$GU0gEhFNPd#wT}sQDgy0o99hc^}k~*QiviGE;EUrneF;1BKO8OZw6fAuHwAM|)t^0FMIY zl>IVvSRH`HRyMb?(8HeHBxag2MEx(h9in9-b9i|?8t;hIrp>Q$NM~6OF*BY6%fj~i zN(*XYy#WYZ=Pk%cL~b_jJ0)QbQ0d)D3tG+>>FA6JF$(uKkT4s)dRo(7P{%J=npbBRW@Dn+}rYtkObf?kU?Yb|~}^H&Kw*PwF0 zp>2Q_@_liA8lk-Z2(KQnPw2(tg?0!!i;*N=lZtw9$QAS}!fdDS+uh7`di&VIa?>is z_?~JI2#V8%YCJda&Q*#k=c}|=3INn_H7$6cA$MQRDul zsy!URCX@A;^mptYmF!HnsWua5H?XC1hc zgJ#iqpf{5L+#b!PHPc3~zaEi@0hxnuY})H)Z5emo%<6dmns*DKsRDA>KwiZ;Zh8L}Bj<#+HDD7ppimMs*PN-D z64gfi1D$=)@2{F6bl|kk+P_H>tQ{1K4Q9-MeB zyT<_McP}7gj^F{$5OAbIqMS?WPpFT!F2`cyQXcC1hG@;)Ur0|;YjjLker5+_l$5eQ z#Ai_M)Nc)Bs2KS@GI-R^PBL;SLKw4aHqn15=Rv7uyUe2ZG@8Lu?u;kdf)y6ZhGqGfrJ8qTcR1B#*b=Y@kSktm&{`KJeqh8zqxGZp$s!%6OU-lJj@kt>OE z3MVeq(89fmQie(cIxT*e6-MZn3?a5Qz``zlu+7wEk%3)rfd2;-Jb;Y{QADUTv9N1? zZ_iEyw#>Pb@X=;L=*F*65n$Cv+?607h8kARiJ)C>IkaX0H#;+TB&u0)hTstB4y_})BA*)jYj81HMkFwQg(h1ig+GlC3;-T%jas2&5C zQ3fJxhu+@^ves(CU)_7#UT18Ht^m7t_pncFw}cRB8ai7tK@~=j-H*kX941L$sfB=2 zAqzWNIMRQ0G-dQrnf89K@QL*nFqPd06GT@iaGF>*IaW*UTkW}@;4&2M)cnB=D7P+< z#ZQ}Rn@cA)j7T&O1PTl#YvGI7QRBEYyD}&gmq1S95d-h+B%`N4Q-R-jdgoHF%32KW zc2s5d+l-%1{uNUEwd4a50AD}1yh*P=E)@~4?} z10PpStGsL+LX9d9OK_iyh3*!OPw3|lARWFD;k|ds|r9TjQ*;l zaA3-M`V%Q0IgwGhQ3yYn`8hWOA?$4h|9;?etFp=L@8*nb%McbRYm&QZU6|Dn%r*Fq zCCQTYE`Uw)f}kvwg?vEE9Z@gLQRr84(lzwo9sjw{GL{Ul-m-SLyurhn6CrmjnWDeC5jVUux`yyeB^9$XAWNuQ zP!7pth-i>L9bqd1{15A8svoTHWwg7u;}n!>xm$=rthhPMK(5@ZIs*Hvc!nWvP`!>O= zR$VL5cHq8h?~}#}SX4Z<1_g>|f!;fDP=E^b4S9_h20qtLHC{pq4XcGvShN$C&yTVL zA_XVE_OIh#PK^0}Yo~yzCEhviynLcddo)Kj$9`O}NjHfCBZ=tT#gifSRIC6k*E{VCb++QD7lnA~~LsBtywqCI{?O1vFO7?|2eFMx4G9_(2$nlg)Pyqn62)=M&97 z_BEF}BZhS6yi{l=z^pR}n)rRT3|D!=#O1*BfMsvTM^88bt*8k+=v`g#alz;lWNt@Z zH-PNTOie-28zSgtWSmZRB|D?ukOgcP+DmP#5Aa^a;Gt?4Ol0=6W3yIAA z*JqNTxZbY{Wc7D$HO9w=6OTA2aZ}q>Y3gV5E>acXR1|oGio^88e=Via*xXZ7BBra( zhXCV5jd#Kpn78Xo^~&8@vKr-VJRC}``MeI*3^LW(C;5H7l6CA0uVC>;GD+imL=ti( zb}a$v`MeUr#l>~imP_gzj4(jJ64x;$(G9VRdqVrazuBKS4A;YS`N~a-*v8>iM=x(6 z6e%CHG2VIT3uV7(n8>gQ(MJ5Mq*7)vD@a@$34+Nr8x-cDHj)qTVC<^&ZJQp&G%;{Ed>$ZcJBbc8uxn_2r-Mt!?5LT5lc2&gWxALSc^c7|b8NvluF zGk_&LUZ$+TQ9-f)GO{C)G8!@%#DuzpA{jONLwxMg9AIr=?l4l*YjK(wu6>t`byCh3 zHMAH?S))zwdpn9>SP6C_-U_frK%x;-knWrZ^|s34mM|vZ&7?I?s4L-iFpfA&>ebe6 z*0a>}|2cn3v#kFisiO4AaeQTPU3-CdUR&jS)a!(|v97;GZ(V(nVTr_Dp3^7-H3r@g zA7EA5)a{riW*JNudR5}*wL;&j2fy9hnr)4kRoJOi73V7Q^K>;YwOp|c8kp@-3`1iR zr`eD$+dD(0_T(5$r3i|%U4w34;D;I~j0M`TS@CJ~`nmVP%8ni`@26+`A75v8wDmXb z)ai2L-R4t~-I{`n^6>kFnI75L4U+dG7_g#>=5jSoHD_g{xw|RGMC`YG*d_JmbZuOs zjFT!ldJRwPo`Ot{QT1rDwQD|y#azD$TeKiNQ8LC5cZoWEjBI>RXGtxoa{Z_Gj6DrS z3#)3hj6n6yXI6+=A5^5-wT2ydBG_C@VoEzfdk!}mGTKoe!`^_B zStmiQIU=FfBSdocN==XWeLekFOK){WeP4vC)U*>wQzp5pYa_(U>>j_EVdmRSE1wEn z(iwiMvj51apY~`&e)fh-J-gxpn<_@b0?Xc{rUCc-T~Cyg%2gMbTk*p^_6JL?4GIeS z0U;$aiaD=fJ*JQ;6e4852G2O%tOwXJHF)z;yF0_izi*fS+4#3@hnvbalfXHw38U50 zH|!R|=x=oHVkl-p430@=eC!3LP}8weo+eN6=<^f*#v`g(ZmpHiI)`P3N8*qTA;K{h zE@Twg`{h9`#bzL{9as(Gh#|6Of6W({xhOc8kyq6ZvlH?)UL8&*pcX;XWsyA+pD|0 zV@UvQJI^1Fxy73yYJKD68HR?NNX1$gD_MY1aqBv<_Y!}k$4xwXnoQLCb zpJ$og+F>DMS6YhrM|#Nv&P}aQJQOh$UWW(1Q~v+-$;LA~UGXT)j@v;A3rv3K0Ux zIvez|A{1&T^cq?qduvc;+x`b9Jin9 z&(RHjZrkMVvc-DY#2QFLG?cg`R_>1;gplj+H)LKB|G4_l zbbyH6p6XqWbO>@f6fCxhpnlVAQd-iv7R98-htOh^chtw!FJekTFH{%iuJ9{K`sI>c z=rYS^j8-7wM8EIfmE<3L8`pYX2=`8+6^Ko4-eP`>f`J2bs}e{mR~dX(M>Rxhrw0`l zu2me&BhNnb9X{^P5{OTwBoZRFt>I9&Ed!fj;T%N+5-oqF53-}aB&56=EbAT+f{w*ptFkLZ3$9rb+n0v=gr zN2Zmzc5=3!nXd>_7W_-0NwZ#RUvOd!Rt6^WmsJSeScxeLueWP5?A@@WdVSY<>d~G4 z6}e`^?;f~4Cw!qCeptCME{>4$TD2)Xq?nc}mP|F!97#;tL&i9RJ(#~QZ9X&8U$2Gh zGRuCGjALLO@~Tp_*xIZ_z2v%?lUTPKp7Esc5z#@BW;2|-Ls%|pl|f<}ykR;9PP55e z7_jm0(MRM=ZG$0i|3=|)GtgU|c|2bu>+S044ERY_5L(L_RW5zbTMPwo%jATheDg3I zQ&&CW*L(+$3B*Wx={y%J5aHv#_-)*3zWW}aVx(szK4wB%B4LiME!(!X)?ekQU+b|- zKAMvf8VX4+oH(bSOA}A6C1Y5`2eGW~?FN{2Z)1K8u32>Gtw{Ui#T7)$OZD1x*P-X@ zf3;*Y1IYLNXj}gwY*x=Gb#zfaUAf1$ohymz;2}=MN{6VEdz*OUUc0AR5F|y)+9RMV zU}x-l$CL2aEndkVITYTU-&>49R@W*}pq)px3|4dh5t{?6lIO!9O|ITg@7YZL$3i(# zTJky+`Kx=Fj8)QJI`i7&Gfe&D8;NT2`qxez5pYh!M|SZOufTic4W!hi7XbpT;zcsS zlRyle+$I|S7n~e!P-sH9KJ3MYzG4@|_7&Km)cFno$)Qx%CZMF3c3PwdO8p+)whmPK z{7<0l9&75TS~h&s;FU&}mSg_u-2B6EsJDe(hYs(gKI@$Ux^qz2QhQFg+$b_Z#0EU) z<~;|Dp_`sDdxdf3y91hvUzl<5_BM6efdGCR>C2I@KFoA`REfe6i|HxtDGj@ zP?l74G4H4d(;=43pTYGh;fc0eIf8TkZ=l9TJ(tCn%H=pupg(rUX905%sJW{|_Z&h# zm0RSXl91EkS78TyS5elMVjN=-qbsBgtp{(4H*e9<2s;nSWX)BkmooAO#-BDcI5^{C5?l@<|7?M$~ z6@+h{cf)tf;oCkli$UN=tG>R|;nx@J5@^G}{R4jcffD>)fUmLRyV((+vm` zNGxg8ud~_}=mYhHWLyJ_N5V1juui9KmM=OK`H z3coY38M%v(5UNW~O5b*4K?>NqIl#GD;1c0quFckCy^os&dGW9j*K8aJa1LC;xBKmk znqE+9!=HekcA>4IJMN~YckW&zaw3^(vyYozw8sc@$*>)?b(0}#5Ah|M7?V$2{)I=P z3B#u8?ZRThW`MZD?Uylr!^6D(UNHiGi{AE0n#U@uUyUZL`E)-YJX!bqz4DcPy3F|Y z$gR%&_L%uI5Jw#|2U)`_)az}ony=;mDfIT(;V#$O4LLcVi4*Ur?=Q0JG|VK4sI+%r zAkv(yM=7nl=0RY*cw_&rR;pnw?=SVS)oqfBJ!0^fSim-{`uUA;)dQW(I47mX0PIX1 zJm2sRGM=?poP?lWgS9O-@jp2uT5)#9q8&MQm>NPV23j=8;OYfC?%0%z-k2feR!{BM zZf4Y#lMpSOMGR}R#HQU6!~S|oFfS^1Xmg)Yl!W&;0`|fX9`y|*nqOG&jz!p+Y9?FH z?y}4|j?Lvd$0fsf!(OIrTrfY#PVVnq0R^~hstnh;7}lz>npl662mLA!3YflsDN(PbLK@1PD6+cNtb*JDa5#aSJk@pilHOS4AZ#+r31Bt|M!cSo!mw_OVb zfpR_5W&^dlc{0`&v*p8z z<3a!>#P<+__buyrtczsOgE@m~vaM~}1e<*cc+AJ^TKVHwjnnuK$U6tmA>j#O(k;76 z@aFwNajo-`cisWCs6V^)?g`7(&sD7uChpl*OeL{4iH7qaH1!zvI9*k}vyLGtZ_?8; zu$l{=M){QO-X<3dEVrS(f7jVFoKjdSTPIz1e+ODe9a66(2jNgJ@m{=K~^rYAq*8DzX|^=H+D{_#V<|; z|6ma+kZ=BX9*k8#-bnI!D@@k=wDh_9x2OEIA8!isz~u5MFw&1@(YU|#dv)lIwkX{O z!DbcxN-;#e@OU=I6AoBcea7&NB+L74uR%72Z(c>>PM9na(s5h>(f(CuR?a$2fv3(* zl~Wq=nw9}D_>I0iNN?5y|Kg%Ds5dX_&5d4NKd2hCV*MAuTRX-seaoR}s3gg@m(!OP zuF6vv^JR6x^%WY|x6mgQ7+=JEhVSX`>O5MXf02 z*2hgAF~+2aOSs~MHmaP8Qg3Q9u1qE=E2}-7W+rZl)V7inYjV?T zj`aa-nJC=#pw&4PRYIMENOS(?F|J;h)txHr`DKc=!WS7XV?I*DFGfM^_F}AsU(e5# zBKur%_|l5KCP}xzxA9=tx?UbM`Df}DNvu6Dl6T>R?!cAuGGqU7K6ghqsh41AFtRFD zC||^tQY~5BP02A*xO1_ix*s{Xv|T}9wy(n|1<)7`!J^i|)1WXvh8BxF7W&2}Ydu8? z0jCjDm?4oWji5_F&e8vXIDFKISswL&xVp#SM*nbe`0Z9(+qP}H-P*S8Zf$IB+qP}n zw%rt4>)-vIbLN?OUgXv_$&1V+x%0j72?zlkccDXPZ+KEiN;%1T*N;+AdMQW^Y@uUQed;N2R5OhKMl}*>C%a!6YOQYT= zOP*4+9~(jJ=jUe!;5D56 zDcSr{vb1}DsvBuaH+Oq~%A4{BpP7#D?Xi!;uG>-uNb^$OiqU zmFaFA;&fDRv}{P+LA> z?r2$d$F-3Jv!^r-gl#6beHD!U6}M|fva;&-d!Lzg*V45V((6+w_b0w!{=J0IZ6nk}y8e#)Z5ti5cMR%Wx`EEwrv3%auQRAg}s=Y%%1;yrhY5}DlnS~>Y ze7|7ogHf2@vqLSct*jC80nMAF4>JWRhico%wk+2Gx_ZXz2~|i^t3-h{3pz<6(_%Mk z0aZJ?$(O69t-B)X4+?G5`2(0zpsd8xYRRv^n+DgIJ%2S@o-{z}T4|V9V{AG8C4YKp25RmO zk9ho%V zAihr-yijUc;q-#XG>?NYThk2Osd4Yf+-%wAcm8%*srZYTLCmg%CtLk$AlE)|{f&KS zVRPxlhL@L%+N}RLf$$!Y`m=VPJK>Q7=iQns4}nGQ)9$;v-E9ku5pT3oF7qAG@!)$*)ri8awqUMfBq&0GNd+I8ZpqF)cy zfTrjJTpasKQk?<=G809o?`1NO#XO_R=7=t77fQK{8aEX!{v@55-@77jfGh9EhQg~b zS$$}qm6y)7!WQF?;urMHgTX|S5PtnVs^o6c^2*patlQCd#d#i$dPl<_`|jPTBqkoo ziD$;5PJCvHef&^y>EgxM?c<*|qi!Fs5C8I#aGy^P7b{v{Zy_r?-zm$l$76Wk*UuQ= z*Mpqz6y{V<*XQHLitqd9&gg}p-kOuL;@sViF8+Jf)zF9JFng1q{QL+d6l9Wd5o8RI zdtNDNOc=ww*ohtK0#AyJuH4rRfDOIyLa?_Me6Ki+A}#h+sfWd!40y)p#947ZAJJ2h zW&{a?ZRBt&lJfP~6`n_KCq6=ws_xa8DqgRibEd7>ut$qgRH?kQn^4x3veS|P5K3co zWZZXGmKI-{uCkA7b9=<#~>w__*m(1Y&Iv)fQ{PUSZF5EUhBxZwu?K0!4j!p@tRPFCe$>QYOuI-xu7z-dM*e zpGkbj+f?BU=$Gc`8L+^WjbW_(Fyh6vfUI85@PMO}mKFYwJva{)4X$NXmGdyHuMB5Z zJ3~9tKqTSxhVS79qyjFkYwMC)U0u!Ijh83Ah9Nx`{&*XfkjM|Z8GQO0v~UGr)0^_U zlx-k{I_sf=2*Fab=z~NjUzLO_d9Ro%))ShA?kZ^uFgBMZzuzOuu+@&>SXc(0!X6*l zSnl4lnY^~__KZW+Y%D_jV!Pg|>*`g8ehhG&Uo{m;@#$=BaaX}5YmxTYx8MdUH{5y@ z^y(V+OIBtN-l0S&3wlTnuc>;2XiVjbN^aqahEcWwr2{=G9j+=lW+gzk8?J#}IW*!q zZ9KqDgl*5?40jYx63ZYMhDo15rbXjQ=&;O$>$MQE#y5O|sJjcc5>uvxsehMF<26JT zq{$L1cYmQZJZUOEO=Q{|n9?-hF_8WmQyxo0MEla3oVBl<>C#dn!D&M}z3d!tf!XT?zWF@}4B$>L!m+UgVX7*L+UNY0jx`r=L&&)sl_oJM3l*Xwf zvMHA7r_v?Mvi`3Gs-{nvJlolh24fFlWKSnoG=Ts-#o0+)tmI>jDbEGk##_5y-{0N~ z$dl-`mJi~^f3Z@b;(TV!Q%7HCyC|G>pLk7Jm02$=I1V0}Jd;}o)Hawa zF!4y4C@uN~?kmR%OwDjJ_CciyNGVoc2Q#><&tg6&uQi@!o~7ark_~3H>7aYPaWx&4MqN}Pn6pM1rXv|*|oabcp zghZ)iSiXdOdJb}t`?sUc4nVip_lw!~gr0Qz9$h*j{_FNB%o?hVgTj2F*!=4{_L>SQ zDp_qrn}t6s@6>boN6$lzU3x}Y^m9Y6& zuFoha_ls1!SWd6NW!aD&QSA9OPxtr}-qM zjIirh*Nne(uWniwFz}C1o$PaAp%#m`G=Vm!TsR*n`_-wR!(6Yfx&?YWhzl%7sm}J; zi6lQ#k-B1iU@UMuWb%l7yLx&^ztamb&<5dGYSpFux5ZWEr!{MqAryTel7B5d5v}M& zFcXrl#2(Rzf>-28tCLiIK8q@Cg-EKfOuSxWc}mtx-my9@b!#a+8V?1l%7>Rs#h65z zIzz|!c*w2(7&J@_&tb!ux_#VW|2l{vYtTslxKeol^+_o;p)4P&??U&iD!?gJ$ik6H z^B^#=p!y}Xad=ELZB$9~yUW{DW+CdAF|IsJo zxwEO<6Y<#mL8CxAMQWZA6;YQZSfaOuCY;nF7s!hkq(tdv=mO&svJ@F~RoW0zOSWtbh7EdN5|jA&KD81Sp#PJKiqj%E3-DK0eh7_+ zkXrR|v2jGfoa?v1UPFPi0^||YqY7^Na|}Cy*sCenVTT@L#1lB^qgjd>M&6H7KsXv! z!&eMhi66xm`Z?)1B`13qGI!4zpB)ugTP~|It?FmNzEyf1j?tr|R%$tNVJg7BQAvqf z0a<}&YLwLdwwH}wR*Su+h7u5Q@h+-VRQVg8CZ{iG82zRNeF2wjm3HwJ!$_WK^F_&( zPF`GD?*fpV@;(jyB~=K($^1gh`dYyF6O;aRf4l+cemiK{0UUmLeR)iNz2F>JO?;K* znD(5561ZZ1!Vsi93E&(DkCrDDfqh+EAHXgG6Da)(VNvpz0Hh+?>>E#Dg2wDu`Z(%t z8ya`$Sr&0$dySJpua@A@-Ysi%e4B|-hs{K*ubsSQXVY}tyVFq^L9vRJOS~Kzf9wP3M9G<+hc7273_F_)>yVu z6jzJ5S%rbc09H*19&HfUr}YncZsYs`wV|pt`y37b#W3?*|QY zw)Qw799w29aDl3-;vk#*PDZEEB7W3XC<#MY(P+S5{+6^2V&bi;a#dd75$hu?mLT+` zYP5|6wp6^soM~Mbf%j(U%3?e=kxARjxm#)6oQ?0N55Z>Bf$KC8*X>T2Ep+;(R)OYC|P?`wSX46dIJ z{H|zO${T0wNI(aDdL~XfcNC49$W@2m)7&Q&;>B$mZkHpAV$i~+SL{MW{E(%!kMFAF zHz>#ho<3>E#e2%4C)XpS+pjNa@$7ltrMQyI>#>@UlF7cUroh+@T$~mxOte`^0Wzs% z)wE)eu+btaNIenWF?}3z&RJ8zkc=ZJtWyPT*9Cy7g zqUa;1pF>f9099?ht-Nu}Q3KT8T_9&R)6NVo1;8Vu z8jxk_UCj>eSe-3|tv=?!QwW7b^_piAJWSo{RPK_`i86c7d1L1HZKy`sV)ZN&mO>Z1 z@z^#m^^ai~{6iMrU(I!eU(C28&XTE;#Wk{FrZP$Mp4BTX8wl0b6+j6KXIqHK?Zj3i znBa#3pr+}T6!i89y6XOtsvo>C(g6sUITDaeLh50L!r{LQH*N*K79wD(z9ZuE#o!7cIu&%K{q)>N@|~H+5%WM2)7aa zB)DOC$acA*&S!IP9z*%vaS%TouTCi$*D%@fAmdk`9qmxuJw={&nuu`>w(-1a!P@&L z3sxYL2o3_K3k;eA7UVW=PY&s!9B#a8^Bj1G^02YPmF!|{R1afRVzxoqn>VrB@L=oM z`@4vvd419qZm$_>6Ru8k*7XD$Ja%4xy$4&9fq)ZO22@n3|F)dJYuv#yG`?IinGb+O_zdH3*ezMf$JP=>%KjT4c2Lb$o{-P!jXWY}O5 zbDG1TT+OD?61l@&9ke}!SlD0?<4ZSmnLVEEh>7J|n%Ha; zaAluGL;^fgccy1!N~`LTJc|kpnVZej(6J8vOqxMgOj0G?V42W+1Eps33SGluM7QVr z_fDnlEd07Yuu3Buj0RHcUS#PFf)hZHYWEd_h-6)WU7|^Hxvs z14Dm$M6Nq}NFmZ#i@dB}8oPj$O1s!gUcEta)ASuBcN1KW8DIXzC-FmZY zC&|bYi5i0ZyT0|#$5Lqlx zU`9-kCQ;`oGg5pVHfI=)r$2+TX(~C)Au_`_gP~M09Fk5KBb-mUQ!y(%$0*w29H#hS zl-z+~m-Lk&-7h+;-N0@H$V15ZeU`X(>rt5M5$6e_jf&gAZ9m2fxROZOZB*RK+b!-f z;4{f+Km|`BK7gh-5do5A7CNs1AV_k0di`@1k`U?K&j&INA*2ay9oG}%C?9Xy zrsyIMuJ?Foz1tA=;8>1vS&Uk6>uOx^&?Jj3+8b8yp<;eIUNg>|;I0N^iqzep%8a}| z?I7a79S34-&rP#X8fat3aBzthcSjvsrtcclYBGY--GX(?XR8APbfphOL6tLc1*whkLeziJ82rK=n;A0v zqt-I^BSR@1<~PZ*AEfBA%w*xH&B59xrF7v_a8Vui#09JD7^?OUS4ZuB2_c($jC16u zC5QUH!K_I}ZScT>OZ*rd(;gF#*CdfOajb`7`8USJZOEpOl-Rpqqw6;ZaKl?8qwBF5 zDRB02BmD*O#&V{ih+zX-2TRQI7>rVqmdb|iNT76@mKsPe2%L2!ih75JSsLcLhwW`g zW>YVfcMh`miT0>a#&kcY{UX!kG%<*&dK#7c7j4&PdQFq%Nv>aLUQ>5}AbS#Pbc6fT zl?zYnsMX#4T*7cl;x4yAn$bXsR^M}QuOIO7Qlp$oQ~CxT7iqfr1mNZIbY(Jeo&B&4 z;L(5Vefq2!$G+`06v@F@kYN)B2XBGZz3y}q#?;xE9iYta*iRa1OKrG4ji}+hVr)RM zd-ToVfwZ+Kd^!E$8)jLI()H;L_0 z!{{@6cDbg`VTct6{;ad$F^Lp7{AAPMkvTVJ<_2IX6Zean ztOEs+K3QhK^K*k~a7Pi1?6z<~AzGLI#38%$Kfc9i%5*M2=3C&f><5m$HFZ$KhNIQzAe>Q7HipGdC+loXaG zmSL2tUNgdN?QFW(2e<6z`L>7$yU_F7l0Ac3p8{F(0G`3EPeQ@7Pai^?f$Tom z!LKvp!);FiFe5#l`fgdu^!21mr2kyY`{~hQN}AJNZ_ug z!L&NZ&u-WCE_qMOcM;M4rwrY#pD%)OH+Ti^;wrBo6*I`>LOwgco_$adj7Z)wAo<1m zW8!X%NO+~Hl?2`+RKJ6L8({?qt)9fdQZKg>g$D|tB>E9p9CL+iwRui8( zpL?N%b@U56Ub^Sd3@)QaAK#dwiO9)x@+OYuiR zs+MDpL&(U7beh<%vv(|Vq1p?uI{sx&5YX;$z97qvH^xBYewcmtItyIi{l+R28}U;w zN{7lf2EUqTLqAsD-n4)W<&lG?^W&wGJ#07`m5_@@(j@MuM%q$JMBIOpJ4jb{f#oZ2 zwP;%5$_2;n&YbJLFC6Bj*D;xekNwZ`KxVI2{dGc5f?TL-MiTA(Zbl8_`i$oY?XCnA_Nz*kS_>!)j5np zV_2QM;Oih8k)Spt=7_|PgbqmzYgF4OX*R_mkQS^kLJb$_Ut$vDV}czlV}Kp> zVt^TaVL-0iMdwBZ+;+oT#sPrl+{EoSkFyYwm|583`uj~A(LAV zn?t`fQI7hz9tQ!MW^VCl5h4|e{>1|ya0KC6z-(qqY;;`e?F5GI{V?abkI^vFh>~rc_r(2t6$4N`qJ5G&f5NtQQ z+=@d+Ti1hk`>C7-DP#3y`@?~&?eEk>Zc5JN5d6tK0R&TY^kAkc`_8KD7?WQSl$(|Y5H7dFx` zTR}YeNs=bG@TyO(+&-ZoMst|G|CF6j0EX$xx78~Bdmw}hTLbK(SCJB5bWJMG1-g?+ zunDoWRnM5zv07wJo74AB4R;0>!o1iI5vdC70WlS$j)WkVCxU`W{byKy9AV$V1uEws zC~QFmBFi4b!H~TGVGd48N#jsNG$F$PIf0){i<0&8AqqKr!yA;5?A>OO>^`eLQS5vq zRgdp$kp6HHw6yM$JKC{Gf{m46L)(ylGxbGaT&$3)VlUR5CVxSX^;x{D=<@=J3-PrW z11Y&9$4Su4MdfCW#orHaS=g7ttJt5~XB$hp>uWVdD|(`U66 z7G7-Q7x=w1yBG_FH9(*LejdnsUI*n^X+hgx>yqlqv(A8Q1oY;?iR=z{&0_v#IHei* zzBuPnWuRK6o}n5kN^Lw7UT+%gJv-1fqc_0H`{%)ve&fmQ%GYMa2Ocfzog{Mo@<=FIp;xn;nDHd7N;BKb)DelRtWCh99-hL?+itY z3Z%+2g4Lzm7BCxgc#>T1y3z(?_H1W#L4D5PtH7&!SKli>H-gLqfzwilI*`BSJNKLn zH^dQf3FQR$St)#sr<{;o|3f&Pi@Y88c^G0fz7=QcCTVfy=%8tlgw{z5cWf1#_%nQ$ z>Sy!0dq+>l_l+(wMA;@E`ev+>Ql2cGMY7-kn8J~~?u?83&8Wn8Mrx=p>qUSW1bq}! zX-q>wm~)`0#+-2GQ~T>lMDByXxuvEgKkWqSX^3N4{d5PA5b?^19X9IJCATYC8Bx!* zTf5{EUKh^ITtyv5r(XRPQ8Zmq3{*=AuZlTuYIsq5dPFL&7}riRn{MlXUqbJ;i&ir?$RR{RgzHLbfRaJes^^G~aQR4z&lGV^iC4>j{_ zehc~57p)P~!b5FQJeYFk|OyK%5zhT z_Ngx)>8L~<^W6H2H{um%j<%@o?V!MfuhatPrzHBc|7zn?4yPuoz~x+B&H?dKx~z5U z@su196`Sslxwn?ugZy3gu*_pff<*f zJx4BulqPL%;Hje!A71X8-}CiBxpztX(gk8GSq%efMqIas82Ef>I`DcYS}S5+TtwJv z5%tTKJ-W7C(u-~}QF|5lLW|cKPtqufK=de(N0^L7qAVZzq&zb(h+ksRQuN+g2sU2! zT$ulDcrhhw_LVYQ?o@c6K z$Xvx7@VV}^!}H_M1>Y^7&h9pN-66bCe`qWxR8N8@z1bU;OW?D%+`WobIW!M?^S>&W z{##Ch2Q`N9n_1AW*gfGidg9sxPhto52o2kIN>|M;672hi_)i;auX`1?Q`b~_Um_b- zx_8rMNcRFYw4lGnM9qO2i@OEEnO69gSpk%(FTIH;O^@2|j^6ISoqRv8U(Xl%$oMGI z@$3$;g9JG}u5_ zq3<<9nWH}>8hwXtB+lcfERymDKlX>BefFZ=8hzBlRXQorJo=ZChv*_X8LtN4@zg_Z zFdaZP{$jd=yaBrt4007)HO%j<9wXl?>s)KnxS>lo(7=3FPjL}`-NjAvG8k!Cj1H^9VK$!$QI5jIAxCbi{0JY0p~OViVjwHlmUgbg;JC?;j=5-=uK9f7ms;mxXG0+EHTfSW_IP zbh(3oY+nK4lBh}Z%sK`!)#{4+8-5(Pxmte#Q9T-)c>mK`nL{ICVQVV$8SO=PyEq|x zq&^63loVai+h_$OFqT9iliTwy%gmQD?Nphb<*9aw^H91IkJlu3RJYeO((OS?wO?ni zuWh&Q1^S+Q+r1ONWYOCapNdq7AeyAGWc1^qBQ7%*K{ywS*ybQ!c)JnmKabBb+a&1Z zS1wRx)1PFRU>c#h&YtU*1L3F2WtOIRV$`AQ=tHwp9SGwk3~YDVe`T?ARvDE;0qwvH zd5YmdN*8}fR{4~vI_y*1^5MM+BH~GDOx*i(le~t~c?Yqe)Lz<~H&joJgiLb@pA1mE z^=U_E_H5>UnN{XTFMvHORZ*_mzI3%zgrRZwPAO(^ff)9~$=Se&+UR$7Npr)3f@MLl#o5aF#TgnoN` z&~7W=9$(A1$M={9@@c3B5LgR$9SU-#`8b@1r1^1)9my@TdV(o%CXDzKMa+{t1vag8 zAUMSBRvB~6De0;A`9nSX%=MoZAZ~){g!2|%fGP# z6I?`iHa@Q5R8ixu(hnMQAm&g`ZB_M`s>VELbHy7YAax&wrS*|0H}i>JlY8AcW--ph za$~Ss4R?v!Gj>7kq6Wn=WbM=DURgJs?iEAkWuf`d2rN|^FDQ~mocf-*{j9!+^-7xD z7-`+WztTzedY;ywBWE<~C0^%2HfUhh`z5i3Cvk8ZA&H8oIDb}TDRhF;8V8S(s<&V{ zSDFRXj z7L!UZ!K5C`yqh$~qm2@)a~yK|2#26suNQoo8&`_|Y3))2TKae_H?;-yJtP}zkTOhL z<PNP%xfKjfYu7W8a^|P{r7FYeox39K-`pS)_=qS&-4m78->$03 zX=6UM4S%ipVg5QcY!--*tXW%&pOdDoi~p{u8spcXB(UUW_l3ldU+Lb97GzWF`PufN zJ-b;dv7-n6p!{<2@o}Y>x=sX%75!U3;CytvjRK?;M-KZnJo5FJvar9B&iJ@(`8mU_cL3=Iuz?^^|(Z+^)5UIl>La z!IU8}QB^SvRbzibi*fnb+Q>X%7$IXwz5YjacCg2wRYPD>>p7QKPu z(@4=Nam?Ko%ta}C;ed7sE69p*B6CciuP4l9EgE7HF24-W1J8Y=T`Zb?Y$JYT)~(-l z>@7=XED@DzS%ZA|SP^^Mz2E2uSXjp~decMj&n8&1TtsU=aPM=Ej@tJTWqq696p~@ z=f$ev9{EpLEU4ppzy9B&b|bGSvXnXXD_?IG)tF&R_{BN(t(SK@f5+%y%bf|mv^uUE zzoyr1OH6h$q&GBcYaYg914cX12O@@&LFbvl3@-uf1U;z8Mx<-_M7En!98WbB)N|9IkTd zp-IyYpL9ylY&iv)c`4Tvv~u+}cy5239m6_^`{Pli#r$V$PYHa)}zF5>mSZa57G z4U5X*t0^4JMvY;N)14S>w0H}Z7;Q}kMI1tec=<5!@<9+8@Ka=9(X6V#+lqD|@=r=W z@c-$HGykJ6a$VgV!Ic6K)snuOX47@*BW|VSZ|h5 z!iV!yJ+oM0Jfsa!(hs6zYK@0$!ylkiucuSr(=$B+FI&?-k47rE9q(`PJcul&|05W! zCnF#10?TZ8Nl#wD_4+)gNu7~QXJ59>kD5^yBUY52d%EjaSY)JRrmV;ZRX_cT>jeNW zG)~jgm)m9+Fsj_hb`SMi;06zZ{eSek6wQU!r62;lr-&|8*pS1kQ&wiJCZwl|5M(8+ z9KEe#hGu4SBh{y%Wf;wYBFVy(?$Y1Wc;fg$tUk6OXrcp#!Nr>=j; zlL(lzOIGvFB4PNdUU zl}aXGVHaw&I;T^-1@9^Q{rMIeNS_Rk91tz!@4J>Mt*`zj=VBoAD@|x*IhP6*j+PrJ zmI>R^s6GDJI$9+YDN@Y>?)fXju*H!VV1hZSKHE}s?SI0XTKcAtC=@2*W+m1v(|-)6 z4ql$5iu`qZ_o!?YB+mo5CNfU4Y6|J-X?agqj+{)`<7Z<3|0#;Y_mddz%wpT$5@Xf|(|>!T!>IdN z40j{4hl*RdZ;bJZQEdCt%OtY%h0DwGJBVv^IQ4(e(K7nqm%{$yT-xe1(xyN+R8bC( zll$HA+HUr09q1!?;>eSd0kYwuLK+mFX+S$D5ulW@c#*cq%(=0$ty4hJ2&lg!iGBxfH`@HzWpI*inQ@&H#*|; zW>*6vLa?Z}8y||QrYSqupN&j=cyDRHRG)`s4V*))q7K&N;?&B!V$IIF<05#pp{W_5 zl(Tx=A;8gN2?NEGd-M@sF%>+D>UkcgzdmYjrpu@UW-~Oa6Nqgz1_BB?*3tvo_3BcFG0dWu?~-NpjqLXq8UW?0WTPgk z;W~GDk!o`cDWoIhRG-U3PTeIQ4EC)sI-cIB&MH!a9)sl!g83UT6EYpdO|ea7Mpp2n z_Z(i{qJQ8@9AoM{dnh0)Atsk)#nV1G|JreR{uu~*8zX<&ySjG$M(chLRhulSDEx$} z((MhloDy-rp?Cdxah-BM0l&hY_nlQ%N}mmwb{qa^^c;b@?gkH{l9~A~I&Gbja8MdLT(1tD#@z^x~$1w89XnZq_aoz&xXn%{t zFi2bQ0o7kS&oxMa#0uB`#O}3_bLLF?Kj=tr0F2+6}{*@x* z#fNBNM9v!z^PjI>e_;Gx)Os?hWgD!88%dgrF@@0`DLtA{=MxwETa{BRCoRZ$(Ru#B zSt@=BLMOz%Df7!ICPSMXDt?guETt6{l4lcT4>D7c;ZTsF@gLM=8ZFYfu=$Xg9pq)8 z9y>&9VKlCdQ+;ri5>pC=r7qPB&{+U+7Ci!yx}BrEGa#0bS^(~q2IvC%GZj>lV4iFA zMza|E9l0jF;>;8T<5)gY%`)VKN?m{dQaN<^)P4eWWi{9T=P;7j${>uQs*SzZb9NKw znrR%J+|d`68fG|}!@N#BkZzVk0bnOo+Wd1zvtY8n$N!S@TV}5J6VW=Tv>97U^3B5L zrJ;zW-bsjYwt?k@QGdxn4ssZ64oR1iu6YpneNUxg^n!<#mI*+bX#swVP2gjY2>ndw$8gF0(eqy!;2oq!4TnB?WPwkiz! zt=&?jiL}8W?cjq_a20569*+td<2!rSQGI|5p(d*;32J4ST4DUVo415+LW+k^P45U( z$tHO-wZCqvO`C_U{{RyZe;CCrR(Aa6$-TcVqiL|_RvqK;Ff)W$23x-8?AjA9fBsWm z1B4;Q97L`Yi^Qu!y(5t5>uo8@7%DK!aC5obs~`y`8GNEs?twGwwKRlM2_ zW3Iu$u90SUaoKmtr$Mwm?Sga0{xU|<8-YDs`to!*lFaS!zlL8VSIqnzhGQo0Ya(j#KrboE6Ow} zV-(TnXzrfTs4GO)#{k|XGlTj2S~MDbn`bmxr%*IY2b{pbErZAh9X1SES$R*O@cc=eDO`06v*|PIHEET;u1>UB1__4Nq~uwoggqbA$eO?V zu(gyTq^SU8oKou<`%hu~c}I8ltuWrW4<`zm39O=S#cG_k7i#~fFw))mI3k{{x_Q(Z z;elusG_(UUPat<#MYqCHgoiJ3H@81S$eh1RXYW46>PNwbrCS{ioBL?kWUl-zXxfWk zEUnPYk2D?6$U<_K6COFDwwB>a4tuD}epYSGRAnQ7Pb$t;nzxdvYg3mz9jkO7|22N% zWV*G_EC!`HkE*mQ)>jow*XhpB6v~;`ykdh3>>AFeSv?v~pG{DV)w|=ygx=VP= zMAq~|LD0QE2-xY=G8Xw-{U4@imxH79>N@;?=%SG%f8=-gdGniU{N78S{R{QnCovX% zUHn?cR(id{_=h+CPwczS;D71H5N&fxz<&xO1GpEts)Op(iKZ}W*QBQJKZWt6dnuaE z=)1=~OGp#s&p(Cn$G5^*XN)ut^gTlMc56|>SMg+`n|(Pl!RRFOqP_TkBiUO59-(^n@!S4^$7 zjZ{k^8lQlLGC0v##Uvd4f&5iAQV<3~%ybDGJR0oJKZlVWg8B+c1P|uhVLU}aT2~8R z&z(TUmFr9lC&7exgl`zglz$#C8!4+HP(xX!nlijcX%)*O;lj$8Nrf-e#=@h0<3V10 zgzFnXDcb`ylRhvdmN=_dePdlY!!YkwZ z2uA-D_1Bc7O%LDXQoY0~J~V6isiNvG6v#Qz_6u{*sUFBqEe!4fp!*dA7_%q78PVib_bco#|DM|5J~W+-e3vJyqD8>4*4y2GMAs-)sN$^SD`W0%{po; zP-55ZSC&K6W>Ie5rbEgvOceW1Wdqd^?1mi&owYq)H4dA*(#?xb*y;H`0YYCjJD#6b zcHdJ zQ^>?vFKT%(61Co%^2g-7GMd+Evy)kuySYTt| zw8UCL;QJ!_q9}}v_bCN4nzw(0BxiQ=az1D86GK!g#cR+r5H!Q7oR1#i_-#l~UOk*lYOd(>ix7LrYu_i^&q)*x|C{XloI9E8xW} ztj^8swN!w7=EpH2sDi~ur4TF{X-^$dE?gS|ui11BMb_zbR%2w2ucEEC z&xxJ_ItR(+{yB_X&u&xoHQ7*hcqUe7YI0y;xa~i$1O-mbozgyepZ#gi(gibVX3W>V z9mZWK$B>Eu(-s=Nd&R@u63vBpVOhjRBICAXIp43ll6$#b{2Q|lgKK{ccTz%d11qrU zlJr36sip(@tM`X8psI$8IVW|M^8AlA6pmG;c$N4X_^vO5u#)3&J%L?D!mX4}2-olb z#o41<>h=s5M?%3J*)CWqa>hE?BQhqe;S~~Xr%M6n?XhRoYq)m}(FOgFIVLlh?y@BS zZRxv(V0F|}m+epWi(hoN7E^!KG;OLG%pi6)bq)A2M>b>cormu4H>?2Ya@7navmBI+ zfMK7vxG91HHuCRI&ClHcvN!3;u^oS~4{u2yzAtAd@B5S%&~8IY5m?3aG|S?u(sQnY zcK@TYY^`yoVvN;6xiD>2D%2Rxwkk8Pa1D!mc}ZH0YB$671T{-a$xpfWm2{=5vZQ^BgG8Vo7CfxMomU_oU7|~tMAUq3PXilZ{kDaurugpjk{($6lv3B z_S(prH@GqR@E|Ao((2_!^cu54T_p`$`{*`g>;I3jdkT-N-_}5%j-7Puj_q`8+crD4 zosMl+Y}>YN+qQMGzO~lg`<$zDGwVM~H#MJGRr5FAF^NREU}o^iusYCXl|f zI-T2YilqU@<^5bQsEQ=Ar?vgIqfmt^*>)}1q`8e}w`nyRFhe64Z@>z{uOQRs9iIY6 zpH6aQgHHXsF8K1i+z>hX4z1aofogD!Ih2qO>o^I1G9RRpMskLi-Oe{a z9!kwwX#gv$S8G+t)r~3K*?rKg+?>P9@z_WYxetxCX3_7v`Jy?wIRtl97}|x>*~{0y zs%+K35=Y=hm>D`wNxBzCA)r6Obn!W7ZmJt=ALK3O!^Bn!O(ycy%+^ac^5)2)_ zZbbTDfuKS}p92zQ#tuY&Zj*?YBE_j$_%V=tAlYT1Ey>#QQ{UQ95H~uIWng$dOINb` zo=g=RT_01(JIz)n>?f@M7>@jNZJ{C&QXMZu>A1_G7S>*+=w};qO=L74 z7RR-}E3fNOYTj&st?fH{$!FO=>}s??)%7hfQ6wa54Ooq3*hht3aE27ysS?74_H9BLyxf;}(x#38}XVlp(KT#QU zh@=b|rxnILB71yXhFqLLyHe}6p6gLn4uw8aPl|hfZht4)*gd$IT9<|5qoHWUGkdTm zJAJ=SW&rfy4_wlbsMT?nI)6-);}r#9K9M)G6mPrl?h}-_KBla{p+m zbUt*9>n>Y{#9J0IkeIxKYyImYJ2?;ica{EFGHLz>Zf=eY4kg{cIrWiA;l(PFM+dnYzTW25T_rPy z(2n8zJ@$E@x=h9#VAWZLq9*CiUR7I z_MhOJDOwm2(<2>oPmCvm9@HNs8ngcZ__tr%FYWzQ@EpX>LnXmV)oBw9W6v}{s%bTs z3BXHkhzr7G(#!0FK72?Ev-<$xW7RaRT&!-QyX2 z)t6T?4HhpAeAuSB8WX(Z2lpQoEo|RS%J5Y?${3v{+D7E=ofZlAcazV?%F^D>T$WU` z;2%H0Ey(Jj9uUoswS@#J!sE=um5|o9E3rRZ*^+Dh%d5v?;i@c3Yxj0WCDhC|>raAe#Z`UaL$5 zpCi7zX%C!i5qPgc5Hym)obLQGye-ML4BsWOO z^lS~X`q`CW_H1o#vC9ZQ!v_P?@^VM-{;TBXD_h@oL__JuBGjRfQugjn=FujfDe`lJ9l^l!X#Ey;cJ%dF$S$d9KMY63v=8<9LpM z9zW6Qhb~0hXB7_Q^}wjs2s?d~w8HBVc?!Xfv7O#qw$-5}Hc7t1k{iT+wfLoa&b29+=T=WDyJZUqA?A^2^ z`YsO()KV?8$c3^Ps!2__8mjTsvOgK3gIL-m8BY#&hrM zh&}e6Pr%~Aw#H|d?5VwGMRm_Wz;x|M;5&&+yMJ`uXqwNYB0qEj{9dw%LjD}UAz*)A zEY0lIjMk@Np=iP;NuVHA>&4hsyjV zk7_*B`6MOYNF3e$p`j?pegx>=p6W+05;2m2eJMG?SvHll)1vm@txXf0SHgt_*`_TTD!Z=+Xm`~^%{ z?!vb2!KFZDqQ>|2e8W;wftB6t5#BneBK-2lBx8zH>hBV$DIcGkD?z@1vrGIAz^APh%cr^^Wx+Fv7s{yt2 zg^Ksh#4Dj5=fyiA_M|Q72aOa{o_r#k)WB1&q4Ic&y&tjVc}DELf}t#06kn}}m!czgfUY(`YSb1_k$9C526?n;@ac7JJh z-=Yrg*>H>nQ?rA1g5VFyRQM|$QE>OeVW2Ejb`>&C#)Q=v0^EzD0#|HNYG7^qVW1-GW(TyDCJz-o)$FFlYj_R* zVke&pe(m~U2T3o{^I~Ce=LNzp)KSbCt20(9c3wKGP}gGel?)`|`oQnrRyA~h!?YRj z!9hK-*)V-Gh7hmD)?8a@pG^#y-QV0baL7|qbwYEj6qt#?7JDt+0?ou=iE7vb|6e6H#tK0a6B8TAn`&S-gvpfj zXjC%*i{(>v07oND`{E(VIyGvmE>KaT{0SFJ&$PutEw~Jg<5e7E87X6(xYdn@0aFK2 z>i<`eX1tSzJfq2d3c{Uz<}0h?>nduk@m2Wd=&BQ%`bk~VxeE}RQD`Qc>Ftq3$XTLd zB^pgk_O$MCDM3$c42~MC2PHRq|JeD|R?W)iCx`@OBGNb)^FdSz4(bc1XZZDgZnW{( zCN+3EqITgyYWQGOo*A*wG4;<){J+%wKdaWG7aVEY_?p$P*MIKG)FCr;vU$@5IZBUM z=uGBiGIYxJZFto&`$yfO|55iH=MVk4m3ICuYz)_U1XDwe$e+y&98ZIw{@ga%Qyq3W zFtIF2TtflD_C8-Z2uuuJ7uIxb+G~tQD_juE=ex}g2^H1|oZ9IXl#3!w7QQf!*j8B% z6*j&+dzKD@Nlh^!EPBZ>8XLeLk8AtwXid{%9v5~x7Mdy5v5n2-{sQ+-7t#J=gqIjnb)--xHXB7~pj0q<0%=k0<(pSEF-`1|y zs+c)DcW`y|aQxjYMYWI0|CkoP=KV7qh~z^-dOF|*<#3FR1rtqAG>w|5+cvZRA8P0N z7q#CUimUyX+QTFMOYKqL)E;sP2r=Q?UBxDU^0Z4jf|N@7}5?0PyaxHwb{9mSuQbc3zv zb94$>)o)c(QP+Inb0Su`a$VrdZTG90_rM(0HJ~?4-rmIH?fpItgFf0rWcTpe4n*05 zH4l2rb{Vb%$>wt7&fN13o`2bptq7$&`3T2N48?$s4S!PLnGxYoE`@M;i9+=bL76Xugd~b#C7kU&<$7>KVh*g1Q5`YMcEC z37WZ1%V*s501f(dWsLpZ2J#V5XjanVb`h{V@@rZP?U`HGXmSBCI7(#l(zS(0DnO6`N6fh#}$YXdd zhpS4iOA#z(&#DG!&hLX61w_Er+(v~Aw-k{=XMw(WUZ3?*<Ri4wuZ z!|s4a5t$*C{+rkX5x$9CUp6VC@ZGeAxp7{9<17U~Ewb5!LT6igq#p(PRzh}PS}o`u zG^vN;);O#^mC&Ye7+W^&zdP)iQSefF%4ww z-^5OUwoBcUGjaMdej1y8adz6h`qKCIFJccfc$beTlfG%92OXOB8_31ef18agMg*Q6 z-@Lm3(3+CIIvSDPF#D&z_s@5+_%9c9>Hm70*}}sN;VbUyCi#h7S)ZO8$W5j(e6+A# z`bUtt4a_r2i2&OC;?UNja>d-7$NtBy6%9>K>6GP-wqAPH13dKa>09rSg-3z?Fm8A; z`ilu$LmdX?|10cviT#K$W#7W?3#`1H$ANv!Xib5V=rX}ko!Xg>W$)72K(_~q=AeA* zky(T4L4*wG0Stu!9f4e}m4?+;=CUg>tVJLPv<4g+3A@R#07L>W&`PfkzF04F2cO zFjNeWF)tr!osPfSk|ZS_{}OiBAO8~evMlS*r3u-isx9qK1YCKajM)G*#~!B3qYYfD z<~J<*(%;;YlJeVJW0b+J6Qtl&y)pV;a!#&fNr%=x=E}2L>iT2>Q;|mhE9|8I7Iv(E zguU_13YkHova_q@op-lOVjM5j9sy^>Upi!yl!)BTD%XQl1HK*#|3$MB$*sAntQ|LX z>z#V?jI<3}of3>EyyyHlN~=yK+t z#H_I^3HbrEgK5s=wy`DKQc5n??+^)^A0a0ump-Po49_ulLtS`%zw$v`3A>wUQ-HAo zhW;oS=D|L+Cu!w7FB#%qgdI9e&Z1Efzn+7$NB=eVZ+d1Z39hY+WZa^>MFgee3o3nPVvvBgDVOv4{3oj;uPTe;K;v$}3$83)953&z}5^0CS zzH8QJMqF+)rNaCU&w?3#sA&1ydFM7>aJwm#(Q+JK#*N<0&lB7tRQ&MW(s95aXUfs1 zADzZT?Dv^Gm#%p7jY3t;{DR^eTNU%<(#yOy-oeQRv{vHp&s1(&g{`RQ-AK`+zh#m6 z=mnROc7P3(ywOarr_00kkJ`;4(f zY?ooF`&4em&MQ*UpTgO?nI>E=5%4kH)&U$CdJ0oOV$rFEzA`hTYl1-IvN%Rm8_m68pIh<*JiRxQzY~1l+sQp^z z=i`fKI1<_eHC}9sA@}^kTFhB=6^Z-x`_~=dkR=J~$y~r!+^JgCy@6mOzv3rYw2i7R zw3)Ck?OVWxztP60Of>#g98ao?2`^m=;~FN*d64x8p`(@pZBIFrjG4=wP8;^g^4q=M z5Epo(h>6n{+Xd7WAh%K|j9|}6?o#hV5V>{o%k1j^D0??Gnl$e5oSLKb&B7x2^k~E3 ztTa4t1;m9NR$BqC%*fV%lpXLdWw$Icng$p+)Fe#%w;WLrQRvd9I)&3=P?(CdO8H`g ziNh$n-tA1_Ck3o(G&zB;Q@onC5Mp;~sh0D)j=n+eHX1x`=y8{iE!ckJ!f@PThqG zpBW|+Cs_)wMG4+(_7W#oT#6E33A4Nf_p%fp*HRQ8dqXV$tQ94??!I?3s=hZ_qP3d| zvo={21wQ|I?f<^ZXABI@0Z2&_gF3|E->ZH~+R_6Bi(-T8+C|-SwcNAyrq!80-+$BFUq07b;_vBAM{%SAAqQ~!OgpFIF^Y@?mpjGe1pm$K z*=Gbx^MFJ4It2(-d@4GOu~2fgC~tDjBwx7#)7s3ltD{XFD`(RWrwMn=4SYMv#vB}8 zK2rr~ijl%m6uMJc*a{4P4E%`iv+e&dI}FtY%KtJuYv5|`|1f*-*)Ne`_MGcP#b`xc z{z~$3Wx&WG#X44C+_9-8k0DQtz1gKH`+jP6qcbFJV+Iwq3v^cX)^8ts9;9sGd@fAk z5_Y8+1Is&48BHgVFb;K@iWB--Kkg9Y`f4b9=c*@a$rQ94v!j5Wqel*jute-kf6YhS z__)gDg=}9FF-u@Vl>zsXwGbJqpTHIx37ZBRu zHs=i6E6XM6WI)%yoE*``b}$7_faL+wirYufza#BG!;t-6E@pLyY&FugFJAwtokR z;8ZUN_BA`gePt3`a5Z)!I>;bUyykA`s~l`x9qm?kppX&%B&>5hl~AsvdrH<>^2fJn z-l&xCKfR>Y;-G+N>`fLQj-63A~n-0+Fy55nky(+ZdPe|Cl4k#GWCoqHA>({5L=fVQoN*-z_ z4J}v$oy)>jQf7KLE-t=q#hkUolW1fa9xErCxP8NS`>$!e%3P{~KKjc&VwJHU0sJ$G zA!d!MYax;2^P-wYge^oRFF(OK>7}nVQe*H$(aZDx;sZ^I+~R21jo~_sZ8hcy{|FpR ziow7Ci+p{oHtk=MFBq-p1;dHk8RKy{*KUBG{ny8^eK=&EV>aMo!J!XZP!U|_u*b<& zWPuyF&QI}VBvQ37U#}ow*Y*@bZ6-XzURMO2K)NTdukdGO_gwji9&&WkRre}aa}NO~ z?;)&i=zKeHFp4jXyATa#?3?%ftt;qr+i%ZD)+d~X#cFoxw z*^W#jh0s_V|8RrJR6&yUlb@dLx#w(vG$1K=R534WDJaH;6U3X&9?_m2Vg$J{O!k}F z9a2>9ROxtW)7m#ELW(GEJB{OAS>W+v!Inet7C7_jnV&J&bD_Jl>KO-fv#%lD;0Ys> zz%t4M(DU^4c4t=`yqnmLE%yiprPqpJ-dy6{+Ky71N{6|LrfLpC1JvfxA?T`7AJc|< z(?nMQuW3Vme(>4>rih3ft4-tdaGm-V?o;?ONhb9;Gon2`l7KiIN1ke1G)3(9_oE5$}3+kmgYki5S z{Ye^TP8~?3`%_M$L(+`|P+$P-PD{dJw2iPR>jhM!4lDaa+RlVNK~+Ig<(zu+3yg$phctzLLV`jn56_!75=*Rcr0u-`JR#Rs2Ur7OQT&~&eZE{EZx+BriL>m zzCohLW*GEGaDDQeAnk$dFG@_|YRz0-J;4a8TJ3$ta0}A5R2Ndoi;s3#7*=wqqzTvM z_gIXa9qG;71)44TlH)=Q{;ES zO?a8&{LEbs@HqKCrejw+V@u z31dT69L5}kUM33m9S*JLtIV1TNOddq`?i%=aA9*j{)>9~%mS)3BA@xj-S)Ed8 zvX9zhH_tmiUW_2xmQ%?|5miXfpwzZ;*8muSa5N!G2F38qSTz>ww(T19H|SB925TsG zs^5QgPQI_NAKy`@QnI(11SG*!N@!T01z22PTl%h@Se*SrrE0>@7BIpR>+R4!g;Qm0 zCRQ9jUk^#3(`>V1C9UIK7O1ORDcz;ubU>?|%GyI+tkscu3po3TLPJ~zu6VfJ^$uoE zs;J!~?Q49B&()eq|3W^=kQ-3Ro&S1jkrL8Z`El8c4zGTKhI+Y)SJ1-IW2aP0xF-%H z$muVobG($mhA=QDRDnDDod<;bRGL?v@o3er%^t}Xn+|mgUQ~hPH^;F3IP?;#5zyPI~`Hvbkv+jd#8A-L;jJ)8m(1|Sa@a8v+t3UeZf!M z!!L}~Uu_(}QKc*z{QYrg)54{rOinRD(T@D7JTPXu!$K4SOj==>(%xdaR$5(U%A5)B z&BiGt(73~S4$mF={k(IdU*6?JR8%thtzRN6mkmIBh2Di)skT4BHpzLJzn%qC{3)sz z25S=f5-G^ku>|3LLu=DbzK@MsedS#c&6P^N>xt5G1uh)_C0eJrO#VejK~8s&o}L!d zvuV?M5s5o|q46|&0PoB(0o8}`?tNpt(lR46(x)M|zuSPYw}QLI!)cY#o?|*`lKfIP zxB6p_1L85Wr|b>${n2u>1=OSMK_?>Ust||4 zSoIc=A16+k`tJ==FiX4=qc};Ib4k9E7h4>s%Es(IsozQIWF}abSY})z8hiG9QVjuI zKv{DNJ%Z&7=V0c9Qi2vxfPqK>EW%?Qp8oxX*Gw;^?T^@yKf zH3MCgSr^O9?uI4*W3_qoT(uxmrljy4=pJ0#HNaE=P4d=(X*ug?U;4};L#9XcT9I~M zHYN#DxwqR?(_{kE1sPl|ZS3e}YAW+%J@gtQA8$FT!|~N-12`t2CX-l#?pg=i$|`jx zkwOQ;jLz%4FlPtDUyHPV!;jRZN`2AE$`L#QES6E&La9Gsg`>1E?x)%!a|6q3miQL~ ziz;T>3!FaSmi!#{*ToN!ww!2mLfKM<=pt3E^NFNDJx@;;; z_|*wZ8qMksho3qDZz0! zDZNvKmO|!`a5l*&?a2%D>y(|;V)*rtJ?AA!NtlquJ(pw*Bk|d#mK-w>F%x3-#}jr8 z6DJtB9RN4zSSDYYqsfPrZArxi?j7sMPa-p2RbJe6Yq_z3>w4$)qSM@(zrYjm4|VGh zjcL93%HI;q9)HUS-lE6JXGT2n_#2x$R9g%+_Z9_%DqBgrAY5yQ^yy#mXp>;ww6rYCv9$NC5;9J&p12S9(k-wxY~fMWT{`r*!W0)R2}H z5Y@9(yTHtz(yR}(PvmSE!l3k`lF*e(Voepy(N}vJ(;gqaf=+0>*@xO$=c#V)DJrhRmC!ViC$wU@?}sLe~JxUhIqLEd)UeT7<plO@LAKFr!2xffW)#m#LmW@(NC7G1nsx5 zwZ#JyB4eTa` zja9#$O3L?$Ctzw1ng(vSt73^of4PC1#|_BM1?QFnX7sWS-}7Infw_m+OytOqCFq97 zdAU(!0kG3aWil8C4!?TgG{>0SegKrmB|19@mY0Qr;WB5d*<$XovfV{&^Gfp{Rae`y z!X4tO6)e+nv}P9RvJ`1+a~sh!R4a*hm{oek2{_u2q& zk}1^Vm*l!(!K&i+S%@g^$Q0cUhETj=m?utYWWxDj6gqEp9Gzj_ldfT`aoSMMQGap> zISdZTwnc>c7iS}P#54xXoBH%il$8yzi^4X~Y1)z~aur$8)sYjGw9MAF6i>@sG6rN} z=keL0nf$4LXl*BijFuqlVl2+kj)-rps(j{>W<*wgdnu=N@`#A^rD)ezRVoU|?oDO2zy`loEFB$+?4fs+RO3v58PRDNp?v z=Prd#+j+5xVtR4JPM)IXi4TbT8W7em`I<1{;GPecxz@qea(hLn9;it{GmKX}6bi{! z{jfxjJR|DwBZie)R+kB2%oW`c*tz00MQCcddSYGd^%cdw$LbK$-45@Z>15J^hGtBcW>So(fYXq=k*>$>SAzG zg58$pW~#HSogP#w6C_BlSRM7ZB&eB{y=9eJNt4_A`|1^(>|AnJm~4*(y*>^PY6r6@_0Ps9SX^&j z63bA8+l@x&uX#`ss{}$<(aZs1wQ2AU7&k4(9AflJ^~GdkGV7Rv#&-BKBXc<+OdExrM!|#;ZIEsMoAqdOv|3-7BtBdE)%KYWfhw z-Bo8;LQ9%@U?^n?!&DH0(iBXlF7D@O{VvxL6=K|b8TI+XDE96pVP_DQ@{C{&yRa70 z_>=e)WZkw_!yO`cU)kBTs8o3-i8(g1@BrxG(!QG+)PuADvK+l=!W1lf1ag9sR1E+Dw1(ZS^ zr}Wk)h5gBV@S#e|i5wyn{t=+{d}hs107f}6qFh2ARm~=JQ!&$QBU`%r%hQSeg_z1T zdss;{g2e_=QQEX;9>h=%O!bVCeI77ax1B+DYpNMc;dJ<*OV(NUla=oI)Amp1X354S zj)7T$g`$%P%t`>a{fZ__9uq56fhk);f@-0XMz~mFc|*)j?p=lYLVb~&If8PB+Zyh} zxq!`<3I=1^XTmyzir!8}JxXB3cTs$*9%`{^ESnNk*t|OiwcS0mpanTV(V;eOgi_H- zoW4U$V_0rnmR8J{sh+X^duBw+_sj_4RX{O*lXUkq)Oyd<4|q<@Si8fIgfH@yXgQU) z&@#}}Do1b}UCd*$xd9Ueg5iilhiCB7g=GaXBr^pg;3rBa@erS-FAZ1)xl$^)tP zr?EnTSyL);O@`&^^vdONPkR*~dll@{Ns**9vIj;lp;4W+j2b~rWC+fr#-uj>g~3)E z+R)|Wvu@&HmO&}8q{hJIR}-QTbuUC%igoyN`CrPFwH0Yya4ba-w5b%eLk&^TBdhMU zOj(iO&%-87L|n=t_0;ou!p;WX;^sj|_9QKZn4lJlnXKJ=NhU6X#RDUBomyGh_#m{X zh-pFl_gP<6$#q{hK3`v%Hv3)sT`XT3UsNAUeO--o-j|N=o_%!@l1U+43)DDYZ98rS zDa01?iE;UkR3jjUE^(HaGzZ@al@Q0iuamB~O(!<-(F5EbPub>2G|k#!A^Ro$_�q zL<3b4&D*HO<=EsL8j9?iHW?C4yAm~u5nUUbs$syPS>cy1om6`u1z*}(2@fqf_FCIR z--Bj3azu%i+Qj^--#tX@yI8kC2uX;UZAuzt+;4f*35||354DprjYL#VlJL^DWJ_zB zeEo!{%MGOiin;L~v^qta*71=hfveijb+QQ+%8_9ZRg2p?p1ROc+f3deI`zbwCzdJJ zQflXo)+T7@y0|6f!F)ydHm1)pk`nvm!~@J#^#Zgpz`h}+i(zdH=RNA@e#;7chEa0K z>!XsFM`pW~%A7B6HH=j=A9-3*V~_28GI zToQ;VrODiytjNCu4bvHlb76^MNa6PcD_uo0>xPKS9Lvxv=kGqI&6<7Kzjnu7#yT5K zg;%c=4>A6ZB-WrxH(oE0{%(-8Bylbjj{6=DWd}>$u->#BXAvCXa2vJh^i)}1pIIVC znL^xB{hEM>e45~X26&a%l#f;7D}xBrbe*}Fk+MK~AeFcIe{ZJ9PG7vlOzJRy1HLXJ zhz;s;+&Dm_2sJ88HzhY*%6tRR6X;HD1nzd|p6-!b6_Rt`EAye+3`o%ZdlK8W@%6sv zaUZjYfrvnaYcZAxjVRdHq8!-bgeoc3fQvZ`vU7kctix<0&v;4H>xzIfc0VB^m@6}u z;(I0@8WkLgL8t5^g23806_9sTp=j4=#@56gj_9QySEAyI=7Y*#lVaFlOOo81y}tmg zc`n0{L3@2aFj@LLk%4~@c}*~KkSjk_dhQ`q-vP_fAm4{{ypr-?=*at}pZR2mn<7R~ z1yt4!@h6Lm!#Jl>scgFB<*n%r7sg^o5UVRtcuz_3-drNUhCkI|z&38q5T5cL_B~#~ zTX8&IE9OPz7FqPjLH(iFX@L^6)j4tS$#XV<$a}FV3uY=rVvU=ZdODwaj!wn9(Ixzm z!Cl7Vm?mfstGWggOZB*{U*4wVycX9mtRM~@JIUyb;EwbuQ>;Lu`*)~FmT$3KZC?g2 z%t(UjVwS$qk!-gQJWo5+(FD?vHmcyg5=GhO)zKnpYH|iyiixnS_tlFD_KV+ZxR?(g z!$_Se_LBi$~gjKu%h{XzQDWZuIF%gtcBg-^nDY`xTufyAlD z)hKC;bE4Yq4rDt^_yKsoN^cjq;p5^foN!65>Is-xI|1%`zkrJg_hevAX*3^Dtlb_R z9Ojx@0UyJIMQp>1lrs9M7lVHX-9 zb)3#2g%JYBzBt)Dzoymc1L2;9dNzV zi6x$p<~|lFdC0Gwifa(HEN|}L))PUCMO{Y@U?Qde)@#F0y@!ID)r&3On7$}!aWFIIWSF$nsn zFlQxEVTcplYK;9d6VAbk?!BX93C6w|J$ebE8P? z=-qC`o)%m!KSDuaGAyaILp`q|driNCqiNDu#yjMr2}*_G6rw88^ZS7j)8yUjt_8Jo z-zT@5GnGWw#3=va{NDH&eZhC;Qcm3f7bYG$Y*AnpBdBhYA)bU*C3kZfz3oyR^UTnWljw#WCnZ04&%hSBTRK(#_s(e)M0;BQWk_C zq_9fsS218IOGM%N0~KT90?96B+gCDaZDFrDu;R@xeDl?73QemX*s!xHToV=vA)4k5 zEc`AaU;GXrqvmlyxWjsArG*7+$B*$_`C|S!y7(iw5myua6>2OG0rA?)7`(jA7CFzU zksRyM8Jc-!t1p*^njr>__jBXVavA#wl7ii&S!3pQyyb$Bg7e>al|pQTHeQaO=6bV} zsS4;ocnaWV@$5X`)TBSK?tt3>E=Dv+#SCw$%c6IJ(j74c^pW=`u71*{FAiCk8p-ViM;Y0g$)|aqUNr^9;Dk zFk~u59HH#7|FdlCl4i)fI8w#gTS5DiOPtaeF-tXwp|`<*^9MD>wqBL89DQ{6zLOHo_Nj#DJ?Dr-VB@!G_ ztBdv1Ru^gDCSNqTmY>p^pKGq^yE%04Y^m2qu;*?eLOMJ6#pJYvU`kNr-?v5N2a=SX z`%rX5qx#@lci0Vz8~we$Bb%&EmWrnAC0Pv7{jZD(oPD1MD>lAJ6j#!3P$QbyNw?<6 z5QiT`Au4NrI}Z_O!MKPmXv#@(VA7W%e)yg`e$NLKBDQD!hZZ__zL5=bLqQ8P_=o@=z z<~%`f!h@Pw8DgJW#a=NdX4WrT#|PTI#7vs&5+g%bdzEt*{G?ks(#Mb@b_8HW?(W4kRJ^!TT!EIYY?Qr) z6M^9lgL#+|@}8NfVItE{dGvK}q`bRip-Y+s@fV1uyD(7ER>R|10({s)8E>X;p~!uC zGpy`oBTLVN#GtOkzOoT;qtBQ`exN>jsqRerVlFafG=VCqq+H9Sag8ZOD=N1y{knz~ zV`S6mI&{~3z8v3W=NLDaG`UP28FN4+A&?zN{z}`@t`KR)g-?R|`YQEjRNWG>V=s9R^C~0kH%3GQW7!#(_J zVQ3&9<^liIF_kGMCg89(H_5kd{evGXmy{uEf!8ap4x;TLo6`Sscu;H66n@c9Z}o*t z$E1X+^CZJ4K6!~3+vchwwe_U=aJE*wU8P+|AyXM|Cy9-rkc6pBsHeK;GRJwH1p0YQ z!Y1}Rc~|e9@f5h;9G$T$@=M=jn#FJx)~09iJ~NzA$s-J(s7$=L%15gDaltx-#!eE3 zC#B(x$13&p6v?4%LS|_Ews2Qer~wTafC{vsU((qR`qJvvCt@ay3h`#CM2|RHUa+A? zgWN%Uq?*iT&@B)DD0Wvtu~W3zE@c81cx=~^R8%pu`1i_}HcxW!6;$r6esN$lM=oG8 zMf}{{vDm9zeh>xm(ir3%w2}LU+>mm9^6%y*xIe+ir5^Bu1;m(2^OUu|U!kk;MYV$! z(x(9E!*!fq7UXP9!DzAH)2dD>^`vbz$OF$yuI+?ww2y;A04)5h0_RMW`SfVE3 zWom{H8iJTel&uph0*j4p#bP3VH7Kr>QVzWCXc=7Gy^qQ|z-?o?cfz zZa50E6Uxldax?K$=mzvND3#BeN%V3-v3F>E3T`G2=Fo6q&W_|V2%7G6Ne0?{VL~-Qcp_Bur&lxnfq=LVOvCat+_!7VH>wjf8rZx zZq+(j+}SRZeei%f&;@c{#?D^V(`J1bgrmEG*?AHz#ksmhN)o#6)F-C0R~tftMaiU{`0GZ|VE z!>k--HMI8{%PsKiS@y+M3NSvvHv9;e@u?MuiyOS7{9*L>JVmWaf1Rq9cbnDc4347< z+|NuYchFS}LOuvgaU}12xJDQZD#$Zy?RD)5s3;E^n7oVIQjfxw4lkc=PycMl&urhY zGltP-0!;o!cx84|m+lzwN-v)%)JMdqFZ{?M|1zFj3_$z6Gg?L-l`KLCu`Hr!@e8sp zAu@JCi%0GU(^`-a4l<|fabRi)&JkW0C*8PsXLZ$SECR0L6%G*B&}3r~43IFNGsX8; z1SHj`!7bqLM00uc+&ma>OOUlS3Jt2HEIf7hR_+LGc#v3!F}`aMlehx-7o7MIjC=|B zQ)jcR0MD%0PmVkV?L>nfYqw>mg_37FRDo^Yza}2OXEW#7)z_9Y(+Z`_mWXqUULs=e z?$%A;<0oMcv!NObg_SnU0uEC2lmNr2Ell#25N-Elq|-s-EAcGTUK&a-77aNsNsY z8%^9{2!h%&K@m6t)CPG#8wXIkSXtz845w|QWINzwje>0fKK6eI*@)d14Q#ylj@l4l z$3-OS*mQ9I0D)V3%?CcfWP3QB_@h{5{iB!1ysMV?|WYl?UovjF-M?5xwhnKj516NOI>tPso1NWmT@P>7%3D|4*+U0IKFhqRmx;Q{`xs}e1+fH zxDCpTfKj1-N>;sWEvtO}s{hFKYKW@Ih~La@$Y-AHc&%n@3#i(NIl%DT=k0Cd(o zGY}Qi&tAoeAGKZ5IFJ;LX2s4CRr80MwNQ$AHHG+6-EC^6Z^fVd%C!? zB1NH+yF$D-s04yT@I?85Hi$9y8rSWsb64){$OG95&wSR{UROmMgpwL8dwVF4HQOI&%|bVGWs(x{F1cYm9uO&Vs&YM_D%G} zR4w~pMiZ}Yu6L)^LsA|ukv#pCU{i24ecMQ9#-LXhUHdccq=wvMsF8J3lgQTae&Q&E zrL8;ihPY|qIE^rDEYLb+>dBeybplbiDg}Fo!rH$$4gU}gas!Cx@)vwNsD+nfK^6j1 zEY+p23$WRu0HqiUFFe^zREp?}KWzoVFn?rT#cp|wl^SP?Ola=MTks)8tcAq?1Lr^( zzY?)o@ElW`=5~Wvu65ryEu{j~43;n{=>V3VTT;8ltG~DL^LM#;Fu~BaZ?QD4p#EFU z#1 zYl|;%lYlVHTE==Vs#jK-+n4rG0NC zvhctoM&Cw3&g#2`KF=HIsJBm$KA~G@&l@LvtAuV8-)%BOyU1uY zKuIgR$7hjjGa3j}(@X=Pd{R?v*J3D~8SqahRCkYa>PO5N7v3EqwCsb7VNn$Zzxx>> zVg#j<5CX;%Q#=akVjRsw2p1g$i@`oa$QB{w3ZIW+5YggOBUbDm@z#q9-&t~l4Bv!= z?HAfco(LJ9JPA5H2_eLj(BbKc8tjnPL=NsqhXE4zj&-*T=%@(7A;EdCX_qwN`6^PL zymec*V!`kSM})Kic>~HwJ5J9e9`42mnvlDyNW=znTOjssz#K*>S(J=I=GFu4l?Nvw zb`oMEX!MH~V(*6m#@iXUHL$oV7<9CBTm5+)V;K(478%1k)F0B^u3P~Kp&~tz?)$q# z8c0Oz9Na>rn7?vc_XRo7O3`F(&`j|c0OIUj0LpV^azdy|)`obhQ?^{P zME!+S(wbPHeg7`4Q3w8P|MizH+5IdGzt_LXTZDK64Q+0c9Y0J9`_N>7vCgpu!oc>% zlo)6TB?;Uvyp=u=o zhA_zJ+fbPe{1MKp1%K3R#X#{kB@7J*sCCD-P3bTLxdbpVry-0I%YqQA=D$pqdt>2i zij*|pv4qr4p*+ID|{IN_=Urn>r*)= z-)yZO2@)iN0uOX4nL6F6;DbFn$9ySDcF#)kJQZM$VfQ>yFNU_>|H(=Ln=EH5s`z~k z5@QWD%3@AS@{&A<&a~dcQce}iwl4xvn&qUHT1FVq`Twr>8YLxL!8yV+vd1Y3CY*KC?gj*| zUSX@9cjng=2ghmQW~#hvR_Xy&!G^o(U`-{M+5pvR-}OJBM_yE_sFYg?2L)i0XWRN@ z5G%)DGFVv2DCabQ2<3x6u@ae#-ir?E0)8FMxb_5GFfF{<1&sAsAyqy zm3@RrXNZpUObOW1w44WA{Ray^uhv>O?b(X;T*gXy@S!WJ))5C6f-KA+OtQYQR#0X5 zU`=TUOUbC4OZ3z!v^i5}2E0@(`&+}yt5^SsHc-5QgWU!2N3v}H*YVMSt zJtNPtr52Kf7?Mf?%Vnnb=COzo)ZaW76qt1JlJX>HYb;H!pxIFgv40FAtBpmH8Z46gy^3VUMb1XQs!rsZ>R? zY)jZd(gM5=wsd(~D zCXzcnvH=H&dx8}gdVyHG(G>k)LVbd=mx3zjh`y$08}fuFHAH+UI@ z9JbAhnj(i5Sfvk=;ZzrTs!$lI-&h?E@m$JVFWyR<$PO%|#hY|^Gtg}-D)Kss!7gv%zO-qY)%iK{aTpJum4qa|-1>88k-{F*#tkLt^3r{vk= zQtJQYYAK)j!b>kVwPP5n9GWUr3ud~~GKC`;xXbJ5^;iq<`2>1Bw2+z#L^SiVlqQg(kPQ~K%@hGt8CD|a5AKB*+nUOlV5 z;Mw-nopD2nr6}u9`QeV9y?jQVixNhY(41t9-ZQKGYJRarOUR2}@CkezYtZk%2(16G zMTi8&dD2@WQq%95mgAp+>@CU!`7j^~t{H%k>OMV0sHe*FwjDqVSS?I+oH1z(y`#TR!i=kEQNCO1N(W>udM<`G)>e+{a{+?txN!1Y&t)av$5`l}wu1-=LHxL=d^B4?*?P>DXN=AS=mh1|n-Vq(&`yz|3Bcf7Q2 zm;$6=!tOR#%OVpC8@7DtxISE8ju_U5>&vGd(kS6?SN3b9I1_q8s3S}GBnSO=Q-(Ao zx6Q4@=DX2avfOBi?GPIJYa+If!JEf|C8~Bwlbbcw42Nv0Oo2Ba7FMsc@A@uSS%=Zn zB!N>+UNdyAr(fGj2z6iX3qCo+cJ&V84b!iYYY_}TOr2f$94%?N{mIwqJ>?lSsAiI> z7xPvWrUU{UblgXZ4;`Bwd9Hgn154nGc`Z4RHS@~WpxvY3;R+mjj>-h5xl%=Fi}^0@ z(8XjKp6BNe*Oz-=Tf-@q-D?Yg(E6?|_~C|?_dGEcxFI8J{)9KzzyDsb7z86OK;=|D zwZVn0@?*GyH$et+ZWsvMrUn`BkdqC}VZ=m$o07qk5cSp2S!<{})W8mUpYxWmV!e!s zq_|+k`rDhf0Z;#pe0x*Ng^r_XxIi2XSE8}+M3Rgz*&x1k_0iZT{ zXWqmDA&JN`gYqesI5FF`XaDu66U^x2^SeKRLSa;gGbHrc^_%n8@7~Ne>2KHKVWz~a zl5ED+@O>1-pN~qd4P)vSgZ`i{5x=+5rkG_)P11$+dH1H))#7=*4+CMCsyFq!Hqxdr5D9l|O9Fr) zOHu0GR<`#CQwdD>tdgvpo4e#AoXVKH1O{`>mirRwnk})WQoBG9p_N**Tyew@_K?hw zqnC1~FyKcZRUA@K7)|H%4D-k536OL~uyrq7j6N89@%7Rk(vqeE;yOxLrPDZ@BuzIw z|16GTNWk*m^C9tx=jjlA+qAuamTmb7-?n!3+V@AT{xPWMiro4J+n&Lw1HIYGe`GWK z_N+)7ihml1-p4ZP>^S2-foUg7UL3hPWDuh zl5Ut{B}UkpNWR=;vV32#{6^8_&SS@(?%_{*50CYP*|3aisn57^o2VJwb#+bATPiA^2<4S%}Xei&mk?O z4xlV-@Lw(zp^zg37q!EC5$F(t#Hq9 z=?lv1*tyqK^#$_RKrf|fLN5`@3`1J_lCqctPJ7~VP&wmb?y|)y<=Ng z8+}zm=~(}2+hn?)G+V&BN+AKTJ6f-}VYKfi+EVXsiF>BXJN*JUmQR2&tOy24ZC<1k z%LxI;nCoTRnsxGYS}#Q_Vn;GnnZL`kHgr8&|1@55JF&=%T`#HWScQl|8t!TzSLC~q23JoO_0lA8^9 zG-%>Ypt^TwEP*RVVKzs`d|H$Fbi~bKP@tNV8SK^B%g+5-A7Cfv#9kJ`F8!BD@0Agr zeDF%?UL3(rBQ6$v;;t8bVlEkc{C)v^I{Uij40yzs&8-W$+C_jn;Dd)_PTm>LqIXqJ z=t7FDQrLC#qhUKyI|&BG5IYGuPTh^eih$Y2RF5P9u4O(PcX*EhB0Yl{23|dbg>eu!>RjAb z?0%fVS^$!Y2Ut9U(78z2Rkg^tT;GheM!xTP6{8u`nodHO@CCF8Lc@V0y07}W>72iLO5eLsbq+fld=za;r`vLv}c*z%}ut<86`E7 zcxHAF*BdKL3%&yy>0qX{$t1}}VA@emgtv@1z7Bvwwks#!6EeSHLl1AI$=v%%&AlTX zE;mLO!oz4Y$J@E1meq$<)_~9EAQuRJ{amS%FDm8RUE`o%BT3(rRN9OMLfwsugw05O9+X>Nsrwd`=QwuSet=eOSpX}{z5>58@Ux2+`w?(lk;}UY{ zTW7(dO85*);|!h72}F*#8x!vcWd6%fnBCp1+D_e{LZo=T9>HJ={dlF!yf*+w zi(UiAF;NJw@dO{ZUTK~SvKru{gX5~f_u{>?%%sjh)eMutZ`ekZ+c1l;o#>Zay_y~n9xJKJlI2i!<4JDynjZd4vgX-| z6t3;$V4bP&5CrALXz4I1h~s#GH(7p9?rAAQGbLj$@|53mIRuI9nP_A4aDX?Ff0>;X zHA#bk)ab%~ce0?<_LZwCdBI0xp(a8L$10Tb_Q z9u>U*#*GPqvd)TC$6b^xqF0tJ7XNZEN;+?e!D zG|+R?@C6Yic?WmH$OziwEf9&!C*%KQP(msiwMrqJZo=yi%eG&xXO($f5blR z-=>vh2L4@PJtr4Gh>=OuoIaCFip$CwaA5FwbfFbWnDmKC$bt3@jw_k3YVTMtta7 zqX$uD=>tzOL`Rb6y2BTr9)#iHfe)262~5lw#$aLuW@gfbxW18|L&rmvIP~*|BMQ83 zr)46y%8pjXYO(|C)O&mrsQzYf;un=M(FnCBl5eU^(VU4&W?Roz_&5X)-B}rX#H|~1 zch!yCcNhRG^TaMt>k=FCHc5Ttv_09TNAgV zCG`k_G8Dq_D+ZFg?TsoUDJxi>0#taj(|l(SCVvoxjTQV;26#9;?#-hrp}hY_GazfB z=SxC!A0s(_sLn6`3VkwQlBWt9L>?F1>^8J-Foe&3-_5h~qHxED^0@(f-WyT3l09KY zILCS>QyTYY8Q1r8F;~k>BzI9rBHv=m9ZlK%aTiKN>%ark?bnRW8FH>02q`e#>&;(^ zp&c#_*y4ggHRCED#59PIOsJxA6sX`XqON2L;{gGnY{L`sOYH;j-Nl=Ki$WW#gf)=oDVKLsm5pCPm5t7-|I%$}Q;ChwxWvXs z;!)(NhRz}#Aq&_#60VWr>a|-uLSGnjfG_p)vli%%1;mGUKOPaE0N<;HBOTH|JrwGo zc6AFBesn?|0&I@EY%igPt7}#a+zdOS3^v`d6LO{hAS8!40xY;)SI!<>cC-@C$?G>) z*KaP)Z{NKBn%MriE11s7t!T`OgIYmTPYvQBn{k~Qwn_8G7Ym>$G$)riS9R2qPw+}I zk(+oQ-KVi=uDCiyG0UK?uUY#WgIzLmg|QS(t=WC$r8*uVwps>y5}L>lxJ9~kV=cak z=MXi>Ct!0pnV(qED64U6Y~XACx!#h)&12l)?Oin|oKO#?#%? zzrD9*wQvXO5A}gw?pYqVhNGCE9Z2LFUNtf)qn1w$NM-)3q3v*L^T98TaW*6>{FJfi0l|$ zkj1|6-odxBy`aDX6HS?-Jo5>B4F#1bL?%|_@SJ;y@LP5Z8og z=2T0<5SKkh@%khaKB@q=O9j7(+7uYZo21DfE?BwYQnQj?$;{L3N8Cq;h->xf8xrS+ z!b}4UPIIBi0@+Y#47PBKy%i;!u}3b!Rsp#SqHJ#OA&;9=LBpD$ticN3h5E^@h$T;z zeSEAr5G(v<*%kpsAsZPD1at+17Ns$_7bU;v85=IMq}DuNImLsa)G;$@SgbP#eSW2K zBIE|Tg;VhU`&*JT-PxMUgOvw83{R}_Y&HXX%JaW#xirmQkRO@(x)#s%iBA-HSPRgo zD{1BxT1Q);KTqwuXZn3D7UE^s>IJg?C22f|d&{t+xvn)G*TR~!18XRYK&&=oy2|Y) zK~=)I(F`f| z{!sfeG=z;&HHs!f)$P z_~EY~(L)6LG1d^%8t4_gO5Sp*Fai_%fc}TU^$DQXquK^<9%kqNJ`M& zL|qIoqI%MEwJmr8s@m_82w2uPv53LhA9y`bYc>Vt7r?=6@iXC2Q#jd}}s zfDxvTF)P@RVP+Sz`4j#n(SzBWA;Q~Zg6A&m3%j{~17z~c>s<(uic;@Sk!9V;uP4}yMsTcG? zl<`UFSFIOzA{5MTyE$V+BL3%cN^Zd2>P)52n_|z7XNmg`Rn*b(^x1Q$@aTk(jPJ%f z-eDSfNyR2OhX9nuCO97?$&akG`-5q26n?!v4f~+=5ekK3ebREcbp^`^o`Cq|OHl%B z702}D29ndHD4&|*6B}9#f=z0c;6j`4dHlyC^uG(i^1I;sQ7pg%%ijyN@9A_1gg*ea z@9A+YM6m-w?CCWcoVWoW{s>MSvkfCRf(6*O!J>E!ywwTDLF-@DJtCzIwm?(gmS!Sf zh0%P48|=W+I+kEtc#Y+;sI!4`*aMSuAs3no9Zg+q$d~q}+ts5CqLGh7&RW|sCHGWBj_Nq3YI0p0IjYA| z^^>C~KdO>)+_rM6EeC5VNA);RcX_C~a#Wu&wM@yFBRaY&b5x%ss&;epjNv}`MAUO` zo&zg8H_s>_YJ6e}Jq(Q0U-BWkPvR7Z@E3m=(d9syh=DQ?BRcjJjBpD=jOy_?r6Zar zx`@PxKF1YL+I_|pmS~>%5);i6Q*5Gn;%iTj+0J#9>Od9h5qdM+N^|N

    9|NCI zM&1PbinpO!e386(2My6*l`r;Qji}w{v>q)m$JX;}p7_dsqeM}x0T`(9H=@TwssT37 zc!HAA6#|aiqCz0Gp?Fs^Xy5+F%>48=eV^d z51hn4l4WEi%H5HT5G=x{%TdLe0J>VkC!NegZe3y#ep*ki#<*w!~J5xK7pa`Ut{ z&zs#I>@G6)ZIrYcdGALx3kk8I6jI~h=>0V?fPYkCu~jiS<^PQ>+sWki zkNx0L0~2o5@@TN5dRvF3kCoP@Bl8A9^S0WcHPa>u!FG7>0 zv&|p$G2i3Yg@}=dOSa-tjVQr`&D+~a@_dCQ6E;<*c#+jJ_sqBM%G`CX$(TB}Ns6Ea z2(cG%8$7SS&vJ!G{iVK43tG~euuzm-zA$!ans~$C4EBw_xk{SVOjhio>*a+-U* zKy9-MG$!J~Mv|IJOgp$lWbpSM+>g%i4dw@Tc0L#{Yd04l z{?Sac1)u(76YF<2#bSGC!LD$PDm)qkKYQ>P0(V`xh`~uXx&G#Ln=4(@R7mnoCXzey znt>kR-gg6(*o9C$uy$3sNDr?qFyZ0*Gvq$8<*saspKqS z#rn()<+C8mM&w+HGP(lZIY~s88B`6iBp0k$*PT55j6N1ZdLcwCg0!>c^;>4gI}2Yf z#xj_Xy$OC{1&E)3JjVr=Ke@3lfEw!fp4vF_rehC>EG6Qel_gJ^BsDj2 zHD8_`sX*XfG@W4ZKPe3U2sO!JUiz&r^P=g7=ObZVKQ8+U!r5y%WZ*Y@aqXjs$b@F> z^7{y7s_u?pfBF^*=oyGRR%t!UXh0Lv<&lMo zMy7C#KsMC3DPm(*F<{7Q9Mwd!TypRNIl&30ekc~7#YkNgJbWkbtyuBgo?BsDnoH`F zMJ7q%lS&FwW^Z!3$b9a!HsjCeN^d#_Z=I!F>i?3Po3~&{uW~Ed211(++pDvA@Yo)9 zo{;a1Kq9@&Q$1WJTk%Pz9|T#gL(CzP!|$)TUGwDb%CVP=QvWS?{?xjTc7HpBVVXf- z#jCBi4#&SSQ`WB&Dy2wx;~)tDrZ$&F3YW!U(}0_P&-=?RoGpwkom>=G<4i3 zBPuoAwrVq2*$*xHwcXxW0K-h(N@J!RPInRO8V$zL{DiiDBP9*|THkv^zYoidA&K0R zMAfIC@3<}TZ^qaUfm?+rs*Dc$EjxuT4k!VGU*FdyFdl{3pJdPmWcFL|EmU(HAafXE zL<#cpt1rJC0&gCKX!c5|KJaEAM6Je(sJmHieQi5-#Yc3^&6bkJQ)F58&PrO8VRbV~erYeU&+!Cw2b z)qFWcbu-2M z`Cq|KWAeiy4{uDgY$yXP7)g7S@Yt9vqw%>#_3h&2^8S>fcw^p}I(@E<%BUVzz{LQg z2DH#CK~w`y(qkzfBxbXP6f^vuh$(DqY!Tnz?6^znKTlqgUwBQp$++L0WMkZyEeIuR zlt9^ODM}(120S((t2YPc{OVHc^N=w{GdU+c`TIr;3h6(MhC`KNn?m`v!erb3q_+Lh z2FV}l7wXc;)rRIXecHgv?-*M>GuY+Sb7G^JfuLZzfkcK@jdtR*5j53%k7J>QzD838 zFXNr_nTXw(S}zNNsn!&-N71?KTN=AsvrzQ@6=dHu@3(arRAOkBi3c2Sa}Nf{4Ku?O zLC8hnTG2PwWOoX{la$tyyn;Wd2BmQ=-Z15EHmyeI7?7_2Z6lik6St0|1zXd5E~*my zRf0S-Kf$H76;*94tO5bEH5FygO1*D>1Z6H2){Zh`kKCJ1*rAzSB#YYlWP;bdEcC4y zU2^mXw|!dxyT5^-erW|qClRdgsojMcPqxv;HXApgevN!XB}>UWn$s2PzRz#2zIpdT zFJZvEarwH>%V_(@?%yAlpRzN@5!c|+W_e(SjlHn^Xy@Go-`yh0I|uiElRjZ_d1zeW?6xKmrJHz+?+-Ztr=}JZ5ywXi74%GG*{@a#|EU zfn0C}FEa|c1X$MKp7IPj=edQ8hv2ZQQf!!7vr3Y`{Qt=p^H;CtFLyf}(mr~LAr)0s zi<7p6>35ocl?*fS7k~|snwRWkoiQa@B^4`C<$`3?_Tb(NMR=ZMRSMn)mRsxwNSG+a zrVT=IiqxooXuj0y^?P8iq69q#Q9OF({S{a1YB5j5#u5F`OjL^6o-H!5INMM?1FZ7f|n%LZlKEU(7bGQ3*CY*UPars2N@OWkt&sbF0`o zE1I$*6WdLXJIQDL9k%usRLh;-DPA{1g|*yi>5pRNSDSraDT@ z-YuAJS+G)%TT8y6+NWCRV0GWMcdl+0dA2lf+GF){kH#~=X4wlff8l4F?t3#fv zHRGkJfkHM^CB~u*h`^$Jah&z5^27G4^Zp^zJMx=E<6sGn1IW^VKXV)3c;ZXB(RHC6fyNPf>5Z zvdWm8Z|NqB{l?3eFJFH3<(Kf^moH!L{`Zfs{`iOgc=h`~e)Wex{^5@=|M==ZUVicW zS6}?`Kgi3cojN|1RJ8n$mj{1qcXGdw=eM;uQ__byiZqpEr3q63>84rxnJ}_Z@83$M zB?LBmIsg5iY)(#JL)c->hMOm%WJ2ms{nWS3e&bZN(!v~jR4hk05}WVyYQYqJ^_x4M zr(ctcN-D9rHt6uL*^=j6Gu_{8n4&3FRG(+3(ibuYkkCYyv2wOz`CLnMi;8C{E8z<@ zV|Y3LV*cfC4A21=`7PftspzKon&cG#fFq;Wok{O}f1_EE{yxIdkp4!-P=w>eIW{-J zb!BwIj7#;mo*&;@TTzi!CCxe`L-xh>ilsuP; zHqd!}QgMG#w4E&Dt4mw<%zhaRtoS#rqhJ*@VUiSTOBKwrb!BQPIyYC!oZNusA#H#s z$oD0vKw_2if7U(MnH3pTY{$5#FW)k!8M;JH>u@Cl^H=3gZ|F4{(pT((X_S;b6_dI= z#!2V$-BIRYzYfw}Z`c;-2u9u1t`N;_pB{?~v3sI_*lX-92wqx{AFv1xZ=3gy?hjD*y3X$vcc&4eMcW{9O znU#hjUDu@FAP>Coekf)qU``x%{RUn%qyEW``X^}?aUNGYGhbiRKys2EWEX-Xukd4TYha8 z9hW$Z9r)v{u`SMcu4bZ~;Y*J4+4n5{b+w{CkJg{hcfoL%A2`iW#NrJ0#lVljVfvyF zNBbXUq>btw4}bXT)sFq=i$DJU_mlnSV?3Xk z{inUne#!Qq-I*NM{&R!9zr*%B_Mi5T9sAGD$ad^M?O#8h{ii+X+6vQ9#Mpi$Gg=y= z_Rc56&t&+S3_l;y@M8|D@dWE1!J+`ZN|JJ!h;^tA!;hdD0W|@7Kr|RPyA! z8Vb*9pRjLiW2A}ZP0iL9E-)a25ZD0?2fn!rBiOUsn|r>Fey`&c&nzwmynXiDdb#$6 zA1J7l4_?);lhW5td9syR%=O~tJ`GnOAWbE23(|_iz^kc6qC>M3g4wvexw!50uDXCT zFuys8snu^&UwLYKxnmx%FcPoPPk9&n(JihP+W1Vxn3^<^_0QrepM_IH{fVKGK$QM{ z_EGqP9md2LCcZH7g-^~G0u2_7maK##h~M%oCTrzeg9K1Anwr;5{V9FmK`I3O1!UrZ z#LmDfJA=B3MVY#(kN3t@WDAUN$f#|`?efQ*u~eG$5X&p6O|b(8NqvAeyL=TqrcfS* zYw6i!w>S<>8-%@Y-n5rb?#mI}Fl0B3h;~xB(;?M_?Or4tS4Lxv_HM!=H;Y%XU%F_Jl3{A*8)|MUHOaD-ZIB-;iNTPaD+Xh$j94VrNO^YE5$aoYv zDcOoWVzLR(SAOln!L>apS&`AiQ*lpi#zf4aD}& z$Jp;ZZDI?&#>Jojt)pjp&A>ebp%5lFk*>79Yq=9x)*n?#lThL0x>6sk^A1Gu$@BT| zUL3rRWYv(jP#yqj{J&2oNW&Ve_%^E4z^-`aseWzp_QQx2oS*R@>DMpCeyat1j>5@ckpw7!%oIQL2M8lONW+t zOnhKqr$kR=c!#u>-9mqGQstaBlPcFswWn0& zAS5})0}fgYwsx_C{Ssq=N@S^nE|zSI1?}? z2QVW0uSan!9k?I^+dizm4XQiyLG`T|RNVGRLR6VV89!zr-`=$4XuG8V(ya-naDumc zI}J;?35~{NtdhDYgZ=o$IZ0UA0>=h#p)brMZd?Q-$d-Kdjus;VdM@lc?od;z=*}3u zJ(BPY;%7nPD#;AjlEEuERE=UpF`1YMv(A7%qlgOojE$^_=rSCOM#fP(E+&n{#AGyE z8^baprsD)|M1`l3=nyp$S=l69+axlx*q4Zr zO=yH4A?d2!mZ*~E5~6#Xw9a;wPW?(}oFX@33LfQ1^d!&Jho+6On{WAscf^kNv1r=W za7+a&XU6rP!4D#L9Ogs0k~Uftissa{h7*1Jb;~vR!uE!}{<Q-Z|4_&MR#6H+5)G zc)Rbu&;~`f0k>w5<|_LC*n9Wp$Z=y&^#A)Q5N$`O``)Tjx9#X0O@O7YS?_nhflPppBJp6U)ZO+Fj_}N=$Rr+#L?ZK-nOo+pTYV2& zNAnbH`HK%%!*wJ*8|X0Om$M@#n_NAQdO>Yg7RS+pxUU(Z`rJe;6wQfEQ;8%>22fmJ ze|_rfhkO9fQ>G@+-!qkwaok`u)xBz$;xgc8p9bc}@<)c)vjB*&)9rc!JM~;2*#1o7 zbZY+E@B$>e*CqzMXCZ`;*S;o>9Cee=$OobHKdwJ>sXvtabge7Fj%H@p%TpCArD9CTd0w2`ljvNZi^sa*@y3worRZ-K!>> zMdQ*=r6@b|<@k_?=8_Tfc`OSJ?_d&5#FnNNOaUZ;q>8P1Lbj}2`}$dEIptouAVx9j z))2xc9-F#h?qA-3hVJVXh;KI@Ha-q3FhBh>!>AS@eYdpGoc+JFI0Z)e-=v_tlnZhJ zDP|qzYunEo%SW5ErphJJbH1Y)Gx-a1!ZHy2gCxbOccRV6<3>nkj1eq@{G%@(*#5<= zv-1ca7Nsw4@)vkW^!7oW{R@hEynx?cEP99FAX)Fh7`)sJ{G?*F!?CKN$)WkR)WhM5 zgLN*+&R^}>_z7{6_jZR+DAftyTR(ldZ13&rR!u(T?q3g! z^G+$=rxfo~ig#$IN%4Nx%kkbW7`g&w^sF%51Z*pq zJig*Ao!NMsGYMNdtuoELiOBW6l@A!fd{&@br0l}cgI!fAwYux=ZZwrqO)rNo z5+Sox0WQLlrB`qzzpKgLV7)>7^Yv$zRK5`Le!L|TVkH_^@iUnE0)H^2&IOFmZNmbq zm!yhI<7TR7g0*ax^@`Oc)8V4$#pV4H~`rMW= z4~~vzS?%s_@lxAl`?40wMo`Y`8`B||xIZ(nOf$k%vUoKkiP#pE(sQoIwA|~fB32Br z={USIV($O4KDkXr%RB{pN4_R6aFSlw16WpDx8(>Y1Ln_!bDNOc63adU#Y3aQfAunh zCiYUkGU-t^jBNONW7kk${K3@G;R%;%D`42_n#pstyR|s2wZ@8-+j@jF^W`!yjtA^N z-xe89xH6naUXz!=dR(1J*fw)fyjqY8s|veXxKp{Pzid9CJ1T{TX#IWXGjX_)!ayaG zF<6TW56P$@;iArjoKzn3IAU^SfPQ$aUl975h9T31kas6q2qw=MVZew|k~ zjNOa~Iv?z=vzuK%Q3PSq^(Do4jiRWI^(=K;{K{jCg6?8-z#s;lPmv^vby9g7(G;C-vH@pUd^e+5-CSAkPCSAj}N!OTkjY-#-bd7%^T_chx+EYfD zb$&!U*P$K9CN=F_2LmJ0YJ$c2-h+wAfSpR3uNiqWfAjjapR-y3`d0MuP(c2=E)U$Vt|LDGsD zWFC4@U*V|bUMjW)AB!mAAA0zz+!N)t=&~KlZJN3rPgFgB;N;~B{b8=%5~Hvl?#B2$ zqMr;aE}S(NypvQ}rso?S0sZb-V|!3$)zJriOh5XM zwk-%_aL9z*i$Y{#y>HJw?0#@C*k}PFtEJIw!;0I7gQc8o=F>fPs7?3SUYqW*kzJhb zvCyV_>~xO}w&@-_@bF|apL7jRn{|{p|R;5a|(+`a+~0L_Hcc6EV+3Le;Q50CTD)V=VcSZqZgdBfp58A<|iIGq9{; z>Z?MeFXgL2r0RsyA8Zp!e?sY-)<)@Xs6@WRgU}7yZ%GF&fc~quzh4QnubI#=3xpXq z3vcUyp*xbLx82crq&ME-u)tKBvJ`S8A?pdU;wF>90k@m+JIO}k=)0X9;ksyhS2_av z5LF*I3+wfJPEw0t2w)1X0pUt2M$RLXNwSjJJ%C5h=Gu4ZfG2YtU3OieyB>uE?}p{dUx3kF%DLG0D6} zO^hS)*P;Dn6wSC)V53P!BnLZ9H+$*AMv;w4EjG>=LB<;-$gzAm)-XXv8YjpI0|gmt zq#$Dr6=d{y11Zk>Ek5a)t7{`xaBO0<*mJa-J}r}KlZ$}vAq8@INB#*pJw6ZH(`-<%4ijJ{1S`F&1uLqHrb=Wx8q<-bTO1Fm8 zL85`mzhyL+ zLM>P3j$ znDwGaYB7Teg^Za5)qWT?))uQ*DH7^PtN|0UJQ>WS$jv6wf2qquVCM4JndS8u7vvf? zLA!HY!b;LC6OS>{Cz`8c>(I11a|)NiXqf%uiDC8!rl)@rlzpU8Z-UxSQ2Q3t9$rGp z7slMXc?Pifv6y@E^yFb2h=woa>jpzYCI|lM-qyCqKKE_n#h#r2xi2pmP4iThJ-RKr&PO!G z2|*Zq?rS3mM;hdhHO7xxog=H0M06w40N*#Q#|$xOd_Od+#~Gb`hW9~}dIZ_XN+)B~ zsc7zud@$C8KHhvDfh8DWI=6=L0L4?7&7&k@^iGSD5YcAx=P;3vG>^wz%gNx?+-Dlc zn{a?+yji?`8x9RW)+FA(4~INcQReWzu{++IGRhPl#jP=x*BJBnlZ~oD@OrNJu>kfq zUpr9jgMFqu!BbLH%0PKXBiRS3{;JUJovHUi-2Eo)*%1(TCq=U@kAS$lNgC+;Q4n`0 zRe-)92XPPX_(K+Qua(8QJ4uG|?;f1H+d}Tezk6`*?&*xizxQzN9+sc*?+0zdzqi_i ze~%pOgnys#@1Zu~-zWV0gnys#?-Txg!oLr+3I9If-zWTgt4;X#z)&Xq`-Fd=@b44; zeZs#FJn~iW?;Rtw69n%u$2R#>MuOm-G?y$4f_HY?N!5|#CkhGgHodkH@}rRO9;5j{ zR{AGqpC>JZ{IN)QHw%af2|pp>CnWrYgrAV`*d`?WgoK}v@Dmb#Lc;gjgoGdL?u3M& zknj@{zG)K@zS|}w{Dg$}vq^{5VrC&?7dTTWkI)q8+5Er$F^J z+jhscZQHhP&Kc*7tLOW4|Ce1=dyRV9d#y3o{JxqK_29kr_VG-FO0sUB0&B$ds{w?Q zFDZRSPLu2a>JvkzaT8%rY{a4F8Mvx`tErb@n7d;~6ZK``yHvgPyKACD$rGW}VQ?(d zrW86}QD{D@F4w~LlnwqhT zDDC#<1NmG%+Wt-^6#l;=4xI+YzaXw|V$sbL>9IR8P~^|T2OLtrA!s>`(1N@s8hD@Q zaSkzbOjuHJNv)qfZjT=KSWXE1nwG9xOm~lEQ_xltatuj(O+)Nbu|24&4~=QI0RUii z5E7i!erMCk$ta8X3%}tsSG*M;@pO0N)UE2?>TK`a^)+S-Nz@83ce)T$(0jn1`fT0?v#Jrv%|Rcg8|0|!(%w6vB$CbUOTTI)o2zrl)2e~8|>e3ABJ{u z&v-SwT_kAc7Lq*5fU5F|r8&aJ9llycs(Ploo_i-z%IvS_hPrzK=nmdr#|Q9Jd!4-A zd0ZYAS9UlL{#C@()tzb?NXx4kMZYl$Lcx`ndl{X)?_u1=cL*4qOk570bG9T72DzI+ zl%TkQ(xYFp$fKRk;3~UsO85-My=ktXpBzHI*Pwo+<$@FJr5|#cno?zi}*R67RnHqTjA;xM>~G$50$reA35e zSgxfXzHO_oc`T}{{YhVr1o^{`6w6v%JX{hqBWbN(?G`}TK|XlQg9)@g%=M2KpObpk zuU}j49bkPDgP<+XulwNQBB05XkUr9x=w}KUx_w=mlOGPZhSXZO%Z^@I@-27I7{}6o z;Rx^{L*XFelFho2kNc2Nu^?D`yQ@7YAn~+x&fqv<``| z`f5gCtVTx62uJ!_vLDaUx&>$N8jqfU=0Q7o54LzGiQ*yUD{6l4Lq%@JK>S5CRP(Q> z*Pk;v%d>5(iABDRFiz?>h0xL5={v`3^lAA;vm8@l?^>aocn)oiB}!SRo#c75L$qH= z=sx4sR%GdNB)p^B)jbCj#ke>yfm1pIa|cSpVJ3YfE|*H&?fu$6Sdzo5-O=r$PBS^r!6MCBgZBBscErhB@~Fg}GvB&VON}+x2Xd6ZGq~=H#OfWk zYQOvlE@S~y<$+Efr4Q|GPE7wt7x61FOQM=@!}o3daySFwxwq;h7kwp{L2FiEwNs$~ zXP9gFuYm?N6N}k{iqnjX)$BvnY39;;M)y_K=#|z0tBc7m64h|&-r9z6>1cNDTf0Qp z_G~z|ZNB~7>lyUYW9YuO`p>=J{18O`0VA^?dRXB35ih&n6PQowcI431PE+XLFDFOm z&)u)1_Kb5m-f{E9O=PQySs`{TBDl^#Gh$-}#;R~u)LZ>0$Cb6UDg{zRlm;?D5?3~? z99ug3rxFfb99RCblw+kjE69q}y+#mI^S(%9_ppx48FW<-zVY9VlTErcn(V4>s$ez- zf#u{ND0bC+Cz~0jz^=P?D$RiDQmilw<~Q&@GHzspJQcS~FS*F>`cJZE=+}?7K(PDb zUesQa9BoYp0=6sk6E)%s%NbHFEq%kxr-E8gf-;_!D%-vE zk~dm9L4U`*J2v)y!;$TYgw-c-A#wUmU!id?K!jGYnC&MoHlKNkCP7%PorZ_3lB8`F zq|DZWXmookSjg7WFy$+8jVLS{(QASiW8!=Nmn(1~xv$%&1nnx>1Ax`^V{z3TNY-I9 zqd=zpu1It4-s^4mL_*Q!ve>V&ViQBq={6dU)?Q;jB5V{`$Ltvzyo6ib^~!cjz2)*n zX||<`7-qMv8OTu6%tFeZ>yB@fMMR>Nqr`_=x5wF zf&I>P0E<~qOM2>`!k=z?3WxOmZ=2#YQK5+P(ecgpqr0n(aH-W?qLvQv#zDvAxqg*R zA<3{w)Pl1e-Hz+GcrvgaSnPz4B-P455+Uf$+;~xS@yE`EZGk3Ls0+7$IvY{K>XXLc zu|29!0wawS>Vt}?<R0_RvbkL-qURi1G zt(}4#D|su`_6ARFs$^Jbcc3~pE)`GtrO$9FVF@WbQ}g)0vK-yKHzRZ<_;ak&ywOMU zjEJIx4&zAIg(@x(C?;AB@`>FaiEL^Aa~pFgqGJOZqmopu<*u673xek$D#tqahN<*Y z6eBo`H)Pw{j3ec`?DEapG(~->ufNZm}_zfU-QDS?l7rvk-F*pf$J8*Wf}z25v1HsVCT>Y>wii zcNmP2zL23d%LZ_XB$*s?6>FDV_LdWU!7AU4zs`XvsbLQ=N3ikNdmQji1yFTCi5seCT`j0JH(-V^gjs*&p8+Y7sIZ)QCcCWK3CB%qDWo&S2p7%-(Z2UeDMd0Qj(iyZg zO!3^}iiZ)V>_7y#xnbhq9cu>02&?hZf4|Q=j-pz>s=2>q?vXxvy@iKPQ7@RJM1>hF zDGJE&0uDs}R-jYm1+(bggo4tyTaT_GGA`$6%t6bBB0JY^0>#PVfj}m@Sr(z?pJU&X zbQvSvqZ1PEb6gmJu1D9x+;+scm8v1S`pwpek4c4fZ6&B^e?_YL;`3`jiu}#a%IQ4A zV3~TL$Y4lRVQ8LxN453_y0MPG)NeFBjj}UF7l=dga*si;WD@a?@BQ4iHxYt#u0BXw0(3MTCIoD8x5KG5u zI(dh|N)UM5zP`5o?pyE|pK+=LMXHXe{83hW#%}BNiHve%KYgIf=%ry0?zOjH5>MP# z3EAuk6dfGf@qLk!uI>S}4c<7I#A$?d55s>?bgGVbw=rZkJuKQ+PliTRVh!R|5r!h> zeuNqlEU#A}L+d40QC4&KI{R=ED!p@!^68`_SzjbEo#9W3D)6RI&+jq1i3f~f!i+;@Z%eOmTZ5QfVtE?86O@T?e!1Jx$MtQQoyjFL{fJfvfeDKTVR;to4N(&@*#!VaIRn$veHb>w__+BC?`DkqToiBo0Fav@zZ% zG9I>-(+gEy9Qd=P6y?KLRlLX~<{5}xspcA(RtcJD&HEnUG9wfD`2{I)y{oH8wC=Un znig|vrE`loiXj_suVL=W;G1EzEJTX_%tAuV-wX9K_Nb;a{_fhv}Dllb^&(fJXLQ2~meUU6NuWN#R^(xPX$AI^XfsRFSW zIiSf=fP-VZ2TW7Ei0+S7aF0)le&G(EetTj8+BCfTOLYIa@&>F3E>7&HhikN0f=Ik=-nSF2Fv=~K^7xPm6 zG&7pMuMpx zY{nvhbmW*yw?AN{?vG<#A0-}gPkl5-u4H^b8^Nj&!zS1F7D7umoJv|yIAWGy6b1K2 z?s$N%bfDn=H-<$Zrp;A216R(_#Va{e67l|zsR_1*4wKPe*bG!TbJeKKwVNXLJwfgx zM(#aA?lmtnQi|HjI<%d@b8Ejd`;=`mZ7;)#;AsO&Y*SKhjXH_zM;?QUyG$zC2CC%Q zPaG-XY!Bi`f%3rgW8y9|<`&v96Cs&q?3(R$pu~&GO>EjYEJRN?>4!V0tL1}2NPth8{_M9-wi=qWnj*?TMY=-@8=Q~@rD~jzf%367 zHH40sfi12rW(tKZeqD>dODz(hCKq!5Quff)BOp_H6s~}nUm#*u6srB2>$Zhlqp)@~ zY~;w8KVuo*zsJp45syA~<4x{KoPY;gq?ONvEr6DSZ6u7Yrqzhc13_?XVS9U(&YZ&5 zY^9|jD-+%U7t|mNCk8Sx4wO(NYIs*Z9$~T*f4~I*S04yh?3=* z-<^yqOu9?Rx*9d%foA00lKdw8yMBmilyx&e>G8p;_fmB{PVYMBIU9r#`4|2H1(sb* z;9Lm-#VTnk4TVR)yfNoUQp>XbP?}0Q>U!`0ZnYZLJ;4gkj5h`=e#<}5(!8_U{`xhk zeRmXCOZI>pyI=gShF5bv5*qs~k0g;(sV5S;t#6P#!2?Iy@))3f;OPbS%#k9DH%YyW z$JFAG0ev=j4)!sf^psv~URLCO8N?ojH=~Gpz@uwY)x^~BJV+V1I5nWfbK&A&>p`F| zNUuwQOyE4`ucy;6;*}&5nty-Da<_(CY@!sVDrxE9XqhtTn=61>XWe4Q@l!%;AgY7Z zmoR5EXUFWbAXYu|SG1C)f@OPabaoQnBkIicNj#N6GPhivU_#Y`t;zW)2K=L#Y@425 z7Cu{rYBha#F}uSkvw7914?pR1MhO?jcsiYRnI!8bPGPKFnU`@S7Zc%5h~HHY+_S@> zIfl9NZRZpv_QZpKKDvCLl4pH$UmkS)o&sE!q}JY0_SoP2Po#Bz<+BQ=o0Ki6VoWll zT53>47>||(mYWV3q$a)yMe=w^+o_RiiIonZ{vOMs&TwB}XRdiRLGf%?SB&~G=du1x z-7Syt1z}jy%&B&wJ{^nKc?Y@VsNxT!6-=$O+G0*{qXrbN>fQ10{ZV?iCStX>vK zcSAqR|K2$n)WKnfbY~*CB|U=m&AGVPVW>@>VxXlQ5ijT5`qpOh<`C=CyL9A6%Lb8r zSuW`pk!eUf;2xlpvAmzQ%)`OAwCLY-zxgqYY2wzq1v2xE8@)|ZgY5O?%c;uK*eX# z2+I4#j9%M>o#|f&6)@u}NenU*jYB_+Fm_1;QkaV9to4|_%G&9(4FN_Q3gje&NzU3< z-pro>-}_v>7mDzx`G70Cj-@>rYEo~~P{j{s_`SJ2zp}!tjnX8;CqOY}CbN=adQ^2< zL4Q>6u@jrJ1Ep~R4dgyRZXZN%MKNr`&8We9o^1bYdQgtT^FzW{44@*q+@-lNU=(Cr zo>E_Q1#d4CDn~Ca{|z|^9Tj-kwGCja@v|%=W^v9@ICQP)d2?{Lf1lsnzVd1N=iz%# z&?xfhEQzE!Lo)qO*X6l#=W>}}zUb6lGXi8-LzQEP1q)U+h@k&1*TRh~`RK~WLT64} z!0WBR4$Pd|~ul|Pbu zE!32H``=aF?&UCG`tP$8 z$3gSt%kZTE7iPl~LE7N^X2JAC%`hozsc4kRLes$E5doUBZA)WDhwQUsi7|(~sK4di zzx>t|iGMjOISKu=1n&vA(1#*iiV&c^RJT31?UUIMY5+*%X0nRHvaXeX*^HV&uha&V z!>zFJ2)8Kn)*|ES>~L5yo10StrCx2GYp64nmjilV&($1KqG~f~negtYp^+u#W8Is- ziG$v%LzG2mk7J!>Zl2&U;kD=$iyc!*fgA>n8M`f#uYX-=sJ;e&NKurpj98Sq}0dm1{y+Wv}Wo<&oj6Wp+qo@$~D-iVO3=c3>ABNzzVHMG{P6N#v^u#znV1bqbP(oK&o>nsY(36 z4$JDJcDGNdQ&19NX4MQu6nil{2$K%pGpO#;I~G1Y!FZEV4tbk&pdR|L&lahqutR`9 zB!t7)?L-}NrXk7)QxVV3V+PT&rm@kj+oG=YO}AY?qOJ@~5eDfCV)c&A;vYJV4k5!I zJ|##LwZLYy*Kv62kCG|U6-A()X~dFRC<8t)QD2m?u)iyJ(&rQ5AZj57E>&U{-IgwE~f9yg=|M z=W{Wrlf~3*xK*3cf1>%>p_+LC4Fn9BB^kfD;inCEY8Jhfe^{(UUPY&$Ba8R;zv8pl-&{q|GUQ~k@G}PF&3y8mq-Rwcy^479vEF`Od}an=vQCeqt8?X zTvoq7BEF5m(9Yj(#8!G_G71OhH zQhwGsckg>IF4c-BH0l69IlviH8}GZnQsW?x9ANah_pD)lu?lnulq0 zu>NNS5juS)>zO%pIS0>lhnJ)rv~+bWI~k7Y2z!ypUPZx*Dh0Kfh9id|@oF(xspT~) zE+Exr481|l-XtH)=E@YPj%Z=IxdizSR9pAvw10|CozO+=Rxq9QoqN`UYPK_p>T_INKG#( zkoBFT)RlDwdCqsHIPQz0&=>l&MNXFBvy(OWL5|>4N&Fjm4#67w6mPrbzc1zpzG?j| zuf2_-Prq3M9*g6A*8g|o&ozWK|DpE64$YctxMxDNp-BS}EAs+zVZ@(HyZ!O#Olz*vz@Z%0kfJP2C6Oslq_p9(8hlmcA<9X;dt}*YK?x^j)*J>r z@m6NjMkjaD(kh&QNb6zf@vJ_w3%1D|O+2UxkRa}~NX3RS{DGCB*9lH%(Fjg;S?f}+ z`GC!^;+CFY9P8%U#!&N=%$Jw+9~%l<5_Jyaj&|c+riybc?ar8P+7?JFZs}#&`bR;(x{Y>7eP3IThag%wOv$)3@haG+HbeTk^-U02B$`b4Pt z9>*JXsF4$&&M4bp0uSX3|ePU#TI-?03#4HZwwS6N4f2_<9MQ20!H zyW<{_?cXlrZBJ0Kw6g0w`Zw}N0IgwO6%wtuYqMk;^E*4bt?;IgRNa&!CAgCZt^!S3 z+wzY*Eeir9%c^0Nr24R=rBdu5YdQVcB^zk_iU|D)v%{;eFI(Kn z7^>0wMc6u5=Z;GZY-CeWms6!qUuNtQlgppX@G44RJ{4mB1-C6CR$5tX^Mvpnzv4ZS z(-MR9jV6Y;+&Qg!fgg~cX*{=F)xX6n$KmbfA`#%=A=Tgb4`HA;8+CpGWrad=O5QNx zZ3qYcx6CywVB|a7h;)pEjWNu%ogP+h1}AC$S+572+y!U2{u+5Ir)AM<#f5rBL3?&* z5bCqzQ4YGoXaq971toAq+WsXPNXJCDw%bUS_xOQA^ga`~T_|PlV5}6RwCM6pM#2~G zqvQLZGf_qDYLB{SlM!-hRVUi(NY)B352ZNJo((GY6&whhl+3gNDS=ojLni|;0j${j=-Ib{weB@yzrUyba zKYg9KTg6y=MV)H4GNiN;_yX4}L2k&rF$@*TZXn&ED5ICav=pFfM2q~xVJw%Q+Yb|- zSZxf9*7DkGb228@LDxH!M6STx!{xFidh)wG?(Wj{b$w|&>=U!{en#?*yvP~sUx_hS z6#LnMd<}4$3_YWFQOQ%{AVO+!T-Yec?Z&S$DTEMwi!sUA1`)Z)1mjIUZ|f<1+Fl^v zetc_ih6ocQR8Z(afryQ~i`3esHK36e?=@;*Mp-zqSN+Y3D9&O^dWJa(l>o2jg-^UC zw=<<%Dspb{IqyN74lZrGXX&T99lfRTU}!ZS9A?^_QBF2luEa%cZJCkadsOA)VCi=g z*RW~MNtC6|^{zk0eTv?&qXDEBI66-aKu$%YJ5;Wkyx*M_5K=a4Q#+KqPUX9)a@ z=Wj594Q#d2(!L0d@fq564q~55rg(FlBSePo5I(arXS=GK+iZv7wm;PjayqxWY}J^) zzUH}7gWlmLgNbv>Vdq99L<9zwoLgKIO*Oxsj#|g&p9c9%p%MVeo;3K&)TSgV9%_jm z?PoQk{-&P7uV=YJOK_@7!9oPNpbJG62(Ib_tS;3{#_=1#)wjF}DYe0!NG?w)axE!G z!LF_^f(?(iAl+Y1p5{G(E~SO2GhgM(gG%P?AOK1Jf~k^*G3*C9%$)%FQ?j zywGYb$J^cB&$|gmt5H#(?|jBljTJ(O!i+QGor)pK0xyT{)waoCXE*pvUaZ!}Q|kt&W4j5_Eav4k^oP#x?qNB(0fA;AOkrTb>{s4O zox||zek;fLu_i)R0dn#&e)hC4==Tk!WSCK#xRPT^C9#%D+U^Tj9@w{k5+Kq`6xS_# zN_=qs`zr8Vcrv9HzG;P{9kj_v_gEMFsd`l^F;4cUrDLtt^Pjnw+l|QAsIgzD%5Zq8 zQW9`y-T;y!te2%MOt%NDO@oked-ll?&|Mp8_PoVuIRPH=&z{=B@$yW{5R5hi=alZC@_Ib#jOWxIh*Et-xU?MRwBQ zg5|Gpl9fU`X=t$;ne|7l&FXH+;Qkdl(K77L!1V%8*r(SrNeGAvozW{?w_8xER|~ss z*Eio_jp7Niylb!ExPPSaP3=V0i=O9tI*q0M!Y z1?UzWy)Kjkf*zwlK}K@!m9feZ)N?Qmh9s*qoKiNF>BoN|J=ZMYe?%ZT5x7K{?XMTF z6K3Q`l-MR5^lYq<0kRe4!n1HQbJ zq7|R0bbRO_RDYEh9eKtnKqa9@Ld@!jBKUKJs=d$mIt)tvyvdd-H-sbkC;e0f!gZH& zXNwwq!GqWzPxb^rk4Tf6;B(WLPUL6wQg!EX{T#AaYE6#f{avny9q4TJFolegOYPq0 zAv=z4@1`IIg(^~v;=3oeHL4KsUN|T7lA&2U1b&Q-8Npm5Oi5MlRy`cN^GRp2L z`J-9HMxYulcuBY!1S(}Rs1-R6j62XPE^~>)2)V2lBmUjc9B|p$WFL2081j6_k9L`n* zLSp*Ah8A@@o0*dzKjLyF_x4AOXlW7fJ=BUnY!9=3nbKYg@#_nfAP)2=CPN5nopR-y zsi#nYK^zH8HTiKLkiJ6_@AzjIL``U zGGbapgkNJ%IqLXWs?%RNb;45emQE$na$JeR4$^HKe)}%9wgvQmnxiF?JeB`!+YTHo zS{uUYDF_S2XswG*xg4o>Jt$~j#;y}EQ`#rL8wd0c$)S^feF zv0W-VpKDpFCq6e2hnbAi-#X=nUpm&fXA7f@uj2Dd94L*VH`k~&ijPb@m0|DyW;T5n z0fbSi9YKgw*RMd9+1L<`?Cl4O+uE3BeV^^$A*`b_tX%ZZUf6C`;1rC8SW|qQyL#+$ z-DryekyfqD@3WDEfse16F5ofSUq8EA%7eOMIa=CIF%8XTQ`GP%#9b_kZAgxyAM9SNi+8>zfD;(p5HpQIEJP$nHe-R zo9bA}&ThcG(kVFDZn19IU{(u@#QWwqNU-KBs|wS!i8{ zw=Lp(_~@OOs?q2n77t^LbJ6Hg>`mbiouO{k3rn)qqg~zy|wbi$)k-d*}aGXlMbCkN>|34NJ4&vl=tgHhMY{l;h&S zbTqk&|J37QMpRjd@K$1ym>e43@E2$(nP}5iTtxTJgK9>!szjwkkX5#`zLn{L< zvQBQHYKhsHKEcTs31H#pb@cYm(-{$!eDurBD!}us+~f2jv@?2sC#smLt^q~`4*<^h z>8y)&JJ9$AEE_k#ijZZw7Cu(DxmxcaiL<#HLyCPZTFGZx0?lki3TDb7<}$scTJ634 zWZPkOIQ6gN6J0;lf$BiL`bt17vEg%=-&|?++2K~i%b^6MfWx>KfVGyhkB$H zLIIDIX%JQ94MoL96m>vpFY|O5vTzdf;nBa)Zo#9TdPcz0;VR#h0d=f2NzF*X$TYI_ ze!zwykk03S`wG(1GslGcP-=*{ydZtCVbD?(=B>6j|K%&xi|`CYbPT=8QsXzAQN+oI z-g)(#6|<_V5~00*ps7OhTOS{#+z^VW;F1|ySKEu^7feR?5`G+{LEk1Q)Dvhc)^AUT z<$uIyyl6n*C#>v!7-2^Wqn(n8p`68{qadU4m8!GCF2EUJrPh(^3 zHV~Fj?#T^FVlft{`u@wP1N)3UF|Di!89;p|n+5wCMWsb~sw8=A0P3VW&~>eO zxKrek{LAq!{XIuU5YaKJkp?f_TW+MqzK>8IKQ+qkEF>}{!4M`C!USwAB9;ypw@@<$ z6;Fjfle=Zfwa;MB$VkBc&N4m|F?hO6;}mK+uu0r;swJE5}HK)<&S|Go#P5+2=y zi;C`zD@3^vP6vHj-9iyre>fggk5lbb^A?*0K9NL$t;I+QrrK|oB6bKsRyJ@z-jgwq$JPH5|6K1#(v(s4OJ8qBRku|2+>TE}_g z*Yvh!fx`wK?hV7rnvH&6tL`k{DQ-1uwC(8B5f0Iqs%rSlCTc1$Rj>A#!wfeIt?jqD z;izTWjr=v<)`LF5QOhQdam%^p5%KEtxn*HWs``b1mN#0$OBie z(VVZ(g2HS!r~+4Y_zhn_uR)kjmn{NFCywcLhr&l|LAch8Fydj4H71f2ipNHDkgfBv zZL@U|R-YJ70&f@?;NPyiju_5gw6DO`uyF zL^08Y$V8SfQ;Eu2zbInc6W}^x;MybNTJtg|AgeE}z})mcvhqLv8^1=P?P56UGi5-D zVL}qEa&dEnsJ=$jLXqT{y@)V&@*VyYUxF*)9e0*{#1T%1Iaw81zbcc}-;qdBHuVEL{-Ra@e7J!vU* zWLY+ryCCHrp%qH-m}nVFP*+}mwFp{6RQDXiCL@{1Hj|Q`@@PHhhw+YdRrCUuOxQk9qTN zceI!$zLifmz7!tXse|Dcgk0G?fkih14MDAJe3H_-c`2q&<*0%zN#4O(|EAnE?U&c* zPh@VsCyBB(_6J}nAbjxolfDs@NV@MSkO$06 z1XFdCV&Hl5)V{>mDuOJs+MrKD^gon8q?kp#Nyj{ewpaQxQJzC7{rwCpbi|nJOK@BK zAc~rbei4midk$dw{zPVW1YpAp;>mk@Yq`H7w-L$Fa%Ga*B(o%#zD zZZ2%mG*1E?E@+mRfv9FQXT*-!1Pe86YPP@<3KWwWLl|m z#wZd#W7WeUMCda;>QQHl?V+MMLjxoWsn1P%}!v3%&qpdp^xjx#{kXz7jOSiHWq5j(QriaNLZTE zRjmKX_^}N5sPZ3_C@Q^l7b%3a4I&G*_;L z1wElqJix{#9gSe}tUWC3pdlZ&;s^=J(tZyDND;h6Q}S~vAt=%3Sq@vRKsszZ0T#41d<_K1E4AhdcE)(mq28GuT_12B>QH*6qrhm1v4B7c49= z0RWKL_==6_~nMB4@B`Vw`oclQqK?v6@Im#lOea({jpQcs;xQHRR`Lw@>#R z9a9iA64jt11({OQX;gk-H4I6UqMg*ZvF!h~qp{H+pDXv=tya0wKM46d-VPLtxXiuE z2WNkvFnU}EpG)gS@Wl{pqI{VVpa?46pbu)N|1i=J;w4o4-Jq!nB4iHh)F0* za+bq0X}#x7LcaEV=6Aq-mi*vS{=)aGB56K-1yIRC#Zu!O52gpU81fm~PAxO11(&NQ zIN|~Sa^e!gZe#uu{ITyreXB?r`J#M!G-#_5<_YP99ULt<4w>AjW=>#S_y+8v{-kB- z1W&zjC8JuRHh)NXlqAMgrF%N@o4sJs!Fk81Qwd7L3PL|=w0w6I{7TsyJvt9?J!+}o z1@0t^8mtb0I&1>F9$oH}?;x!1cfbPY7ThM*|YWG$cX-sFa_zXfe&HfQv|jSuJG zql6y|n#@Ve9o%7*c;1ip`Y+wqPw5d{b|A(2-E*1ma<(!+0_E#;uH;u|LrF*bhu*t> zNm1v8rC?@K5X<|#b)rh2xPO%@`k(OjrK`DDY~NoUST`yK1vvG!{oThJA}Iu;nR;Iw zFEh|pmJ~m!*m)s-p7+`UUh!Hi$P4N-M@%)PinNPfI^RVL&A-tLY69nJCN5T;l|36V z)rpJMp)B0#L>5NwRQhl}hg7P=oT95VX$G%xv7Hqj{CnONLrpZ04nn{z@Lj(Df@_2W zeb1c%QVvh;d{$E?sbiJrthB3bV`gQ`g~H4nudm{-Pp>=aoaI+3Ck>rvH@2H)%l z@`r}EfVRCHE+v(EmXtUln7&yyX1QJ7M$A5n0If|UKlFk%io#+m3noHZuwrMn_!=#8<-G)PlX3GtC7+ zrW5GqzzjMCgrb?WJ(|lbY;cmTv_1zrU<2P8;sl(E7dS1BA@H7kS8NbuG&C5kFLo>! z9QQkbHn41NoL>0l?p%_d)Io3xEdQU{a27a-&m@yFcg#}xMi@=OCXLB!=vW~TxT1_4 zwA`Tmi`xw=vgj>eLeVIdp_o%?7ofjI-SRG@gk9RRd)lfK1}JzF*t62RSv&lYhUP7m zA|@tSUj?>LE%rtf*j}T&eoKDuzcDQj7xL{cC+Xb<%HLch6#wEv;UE}dH@-VF*J(HI ztM6~uNE4o7=bgs?N6gmR#gP`jT*h8RU}LM;I&$oX(XzlJeE$Ecd6;;51224!j3J|L z;fSWlgQi@^A~%wpWU0#sLsPOLg(eNcO!#x6hc6N@nZfC>vD+<$4QTl05qjXcoz5!C z+8ep(8a2A%TPjjXFY!BC+z+hPPN%`ilF#-xy7gRo`H~u!%D9;!7SIWP+P^Wz+3Xp=CQrT zj4ksu^o1FJZ>lp{-NK0!)1Cy<2~&)x)c^A_m!2VE zn&yPh_Tgt}f6qpIzz1xd!iKuyHsKuhpCK(IL4fvnZJI&df9 z&>DDPqX=1&A2zn7@N=soL4foM55t=yyf}+lcNS;tsHHYpX-a zyY5~}cYEL|VRt_piIQbDfTZ|jDfDtYlgGdhTS9uuLX2FKO0dtv>P$9$x`VKL_!_yA zIm!E>WkX*Hk1s3j-}#;WU*4(X`&Qf%8b1#C5hk=TJ(tW-EuQsS`;2O!#-Jllrij5v z{}v$<@J|hw4=~#t`Lkx)R7Un4dl4Imv8aFNg18!pa|u_@%1~5+G3E4|rCPUvT0l%~ zt<`BvhYk@A05iDGQIDme)b8X??3*`*1$d^F>I=y~KgCY>R&^U+)bt{k6)6|YXL%54 zhY&C$*x0FT5vw;d|HUO0t3RH$tKslAqSW002zW&|Qw?JT>wGsg75)4JZHZTRd_8SpROkYv*w2lk0O?9{nOT!Ao+P zj2>cspe=-8LlzNRIPOOl>nMIDdpxOuB@ynqFk+Z%i`Xk<3fjv&jzmD4Kl1XC#6*^h zDPf%m&ZK4IEqDs^2$*XGWpjBwSMhcbT0ju3-9Dmk!Bq;*A`Wmsm!&S$7@_T~R z-CnRv<$#$DT>Z!%p|NR|mGp}Y+wQYW*>7nZDpn!HCk5$u8GBi3xp@ zS31}}vpv*Z+`ACAUOtQiu=)ypI@}?*W5jY7CG{3OPQh0?(mZzDN5$OcoF0uTa~u67 z?qlRi*xwBTdP$R!(bt+WWn4EW6H@$`v6szC@kXNyM26&jR~H{mQ`l9oo-F+Q(JER% zVtO^w3t3z3o80Hoq3>IcXH75c#~LZ|RbrLdE0k=&awFcj(VU#?ec>y!p2OI`%@Cie z*70c1L3=3d+vgr3IhKCm4OpuG$Ua_uS~|bwo;~0Fd)amZyg;a*{r_+yaDof?-fB(O{-J(Uj{cg6%pX*PO|ddCC3-2 z19{&vklCiWHQx!o<#|SFj4KI_VXfG#PZJoSLS5_gNMw+y@}6*UC9mM3cZm8Wo5K_c z6a}f85D#ZDWfS7PZRAppAWtZPB-t=Z90)9@6^pO*6; zXP{NCTz|o>;&oJGv>S71@}Pv~;~H}3?VQz+r7DyZLmiG$ORE5wuZlTpTD(~C^|E`Z zQy0#fs_m|72@Uz8lkF(0({M1&?j^};wxIV1QOIIS5JxjCAI(1`^i><3thXod-HMQT z#12a)6EGC)^<-%(QRgYEhk{0PS0*wD({QKXq`8SW3!l;t0PT$}y;!sZE?c|Mv^+1{ zIk+-7x_NhjUV)Njhow{NtZhPm#x~A!IpC(M23l2w;LOk=X+^Ryj?7D?M@D6>+~skC z^ z;X!LOyy?YED0LIw+Vy!m&z?|@T{e4pUkkrdQ~!?uq9|S01QHUp+ZSG;sH8=~&krRv z3MMcLQuQS`8cb#sqMUS94Hdwvg zVp##3H;BF6jtFRvqDxxX*YM!TIO$HJg5KNhr~vrLfogdg84Mpuu@^EQ85rN`)wt;l z1+BZ`+XNt zo5EJIP2*>zd8KxgJ+@Iu#-P$N|M~9$?b&OP|KHV>a3MA37V+(mrm(2r*^nn$l_L5J z$ihW%T(RrXQ#gvLeyCru3a7aZHDV=+lF2np7F}kp46)NpVyO34Y zv)CDb5^Rfdi&tc%>g@VKacawPhJ`-aa;U#1FDp${MYE%vtPRsJ00wR7Fcjrq%-NdI zf+k#fFN))}k;o1nq_OX82(y%pk^B61viJa=B2oqTCu)jfA@ zQ|}lcKB=y&)h7YCa}<}7|H437afj6q!|zSMT6z4noIU#lWbPC#6-&LPy(4(ETa{+0 zgnrWz+{2k9DT9B8wBx0y6v$jSBa2-U@{vZW&>5BLwiHWt&%>^(UX@U(2uA9IXM2h3 z(Qr^$dA0$kDOGIlOdHZ}BQ$Li5<2sw0d|H(R82I(a!e4FCUR!ZOw{YaF8!4! zXv?G=2pj0P&aC`p2rv>K$=N_(CNuC_93t>uKBJmT%!9JG@N6r+3-yE zCQi#wt_*@hk{2EEHk3>1uwh9&gOp}*vN*~B4AT0f3+q=vk0R;I+R(HSV%}tTh}j63 zk;tHB#VSB}p(&qk=y6u3ISHue_>c;9ZPfMNugeu1D&ucoxB6+qxE5zO8`$aqH$)1Np2_z6ku|1zL7Ig~QAFO?wBVYp6iqe;Fo(YY)@x`P^+iV6 zN}MX$7>TG#USy2?sWz$2*lNWR_1{P(?Uej1fVcp6J3Ve)G*;tb!*O*yYz-?0l13|G=Fl-)4{YD0EH+*}@I=f) zW^n7bKzGQ0HHH+iUGf||R>#3L-?T?5^sW)v0;o=UC zs>8NT+0a)l$z1Qs1^M&df^YzkgSb-%Nl1R$4H89)t!=&%CEKx*yi5fkSlNyzs#lrH zw*Q-z0+=jkYpVFJ_CwffyRxumNnVqeK#cJ1mZh93mhD~XFpQ-ct;)k6e|qL4Pnw&7 z6gM4Vh)UmqB&?4^Cyv1B&Fv&2tZy$?5L$L|Q2h_hYqTy`hI{0QT@=)5`kI|8X~Oe$ zL;>FW_LFrTUOij*1L3xiTg&?2Hx#kYdQ+OT%f>ALjNbsuA>=gQld4F>7A;R1)0!fL zqAp8DABIN%NPCiJs*pQX$o*%ikZbJs-u?H3!Tp&Ue%(UY`Y5jL=QTu7)R`P|;_# zECuGMIGAp503>2tlw!+ez=H{v4cG#1muZB>39drQlY*g_%S7)Y`;r~R5C{5W{tO4+ ztZXE}jHqsE8Ox@cvkZMLBz>&XaM^dl%5`#{vfa5%>6;mJ&E_*w?QwW$Qb}ICd9fgO ze9JRhX8T!t#LZ0T`>Fku-Sfw39hJ zRJkNCAcOylFDT_nFik!-q?r5DDgkKLCSTl$O0$@QP_ zOgCPAl?i%6`c*r7o*SmqZccxxN~Tqhm?C}l*+cC`|D9Y>MNx?{forarug^lgFP0Ej zYtp;9H8T>WG9)1N*M3M|my`ZocjOY^1MJUR@`Z#{9Itkc4IEQ+fXfV$hOK9_>o{?^-BAW?}C+e z>NaYUHj*obZk_b4g?ZPs+AsL@3`^=gg#V>)QECy4225LA_!98bJhwmji0&xQ=#pn# z?e*#WYS9UvlrRBL+U_IOhqgZe4r=mJQ#gOrg6Gwu)*SrV;7k$E`HTOYi&GV@p3fcx=HBCef&)a4$BrzC6>(^{>w>)?_;30Bomp zu(sMxY$dMXT~L771hR0N>b3i;C+;U=XM=DUF%XcZ#GAJF$x2`|yRHXpr;pih2`e_M z7$4pxD>mQVbq#p>Z{)kXS}$z&ktg~Ux+~GxcP2^3SIi0C3-7P3$hi__Y+YZ7`-j;k z@6DSS{g8+(V~MrV!oVzP5C08ZCz!d9+eB|R`z=oN`KRlPtM}K7ZTg#yc$_OSuOypu za{)_9DTJDlk{VOKQ*01(Wmr{NhBK~8#%67M zh$ra(^yhSISg~T*XKZ678!d+YX;#TIvs%2YcOTHcS-q>@wLV_Wbb5{-*q#KCcq>st z=KC&xFqOb?A;s*%oF!jiSH_$r(3wwcb?iiaVk-<7>qb98xYue7nh-XncRv-anl8T#;MfVAnGkwV}6r`S)y&-<}s~ zGvi;!q4%YXItR|UuVC7V(icar4w+P;lg?s{_H)#k4mr1_%?yLs7EIo4ZoPi>r>=Qt zD*ItpsoY?wKNc*%Q#5(-*s-T`_^Y17V?ALO7L(TN&7ta*apN|q8D#QrQ0hFVcMDNf z@2MjpZP#*PpFKEy>pz3-$$&u%QB;{5RSnp8?D&y~rBR;7xUw1{vK1*KOJ0`&*NTA6 zXAEbihYOZ9etFRaLbmFZyawIl^?&})|G9y&`%Yj%UjOkAe^`(!Q$&Zex>jO+y`v=q zd@}`fw!e^`nP77!7^b)1^`!)Uq=5j_d{=mpeLU!IJ z#|y&WJQNd}1Lzz&(5#AN>Wcsv0!E?3Ag4}UODMqm!1i-o`hxNrJ9kBuJAc0g%6El* z!qV0TvjD`R6#s#X&2uj#rkylg8pY3K?#Wx3Kx}3_Q?AjEHEF^)1_Hb?4z&j!*k1N~ z>s2?*?Ylu+YVMZEGgaQBi`m9~CpwBE=p?lfIV~(FL=Twk*5+BWP9CE5QgjeIlBvop z4gj%qf0>jfjA2X52k+P|j(0(B^^j{IF2>L7SY6*mchzV!fqtGX7H23PL`kHgrPf zSU`qnES#-y8*#GStPWDP2dTDrxpjUXRM+hs7D1B!!({Nt2oFAZr1TGtAkm0}1zX(l zf-UBd!RGf1VC(U9Eg5i&ubNXAq6CYm9R0XCuym-Y-9U3fmr`VvLekBTM(jj!5_HPu zjsuBPlWB<}5cYAI4E<8eeE6g(=)LI;=P<&c%P0_K9(EaxsGj}}-4joIM~qlkUmVQ9 zTn$CTG%8jT5Q7J?PviH+%KZQAUEOorHnzXd_piXD4^CzxyWQLAbTT`gacrm8v#INi z-1cz?B4G&|ieL#+j_zN72RQg5MdCx0?RYD^#F5A&eB+#hbACU!_CBXa$PnW+#sr&R zqt_QERYUWwUY8B2?{P-nxTcvuZb)ZJtZKb%wOh;$LFC1JI4VrlR;>>vGeQcY@}6IV0B5Ba%rg-vGOFtbl1gn| zr0PJp+DB%}z|5Sr5OflnmF4VMN}fH0<@pOAp7=!OENcy)iX1U*vtsJFmw!{36ZU(J{3p8fB882gTzY3L zr_Q|r_~3E0aoV>f-z4P*ZE)=+-PI-OAkXQB@;KJL5ub;I>I1MV*uP@P&UH~3NOo5B zbeHdXLnnxrNd!*tKcY*m77nA`Z(#3m8qk{LZ)U(|P z!iKCXR^xh$a%GQiwHE`|*$701#mi zHF5UYhqx+*>MjE|G$%Fb)vF$Ks?I3JqbaoUR zZntPA*&KvaICDL6^(fsr?C7mz%#f(k;%z;%Ocfr)4D-3&V5(>$@2&wNfhBc6ItE}M zn_jE$yp_tGs+m$=*uA`^F^4`kP=>x4)tmDrExMClBh#4yBmxuLpiBPnM*}?CxHs~5p_9fARbTxl&wjFC7kH&r_i;dYO|Ih)EV7=%NUfglGB_h z>A4sSiG@1lz*WEa+i%e*0pihKn=PqN3s~CL4)C@4-kC&7(xdr;mKm``l93SACqG|Y zbzkZ(fS)g}{v(JsmKm{-=Q-t{k1QL10hW!OQGe+^v?ImFS4^?-M0*rEsH3yW6LbO1 zBjGwJZZBQ(2ytMXO88R$e%1lq(SZ2!-KXosN5J>$;7Et;Pfri+pmyz;#82N*Q-IB3 zmhGj~(B>1VMoxyFDg%%9{Dg{}o>Lh|093DrvvqXX!Ap3GF0XDsU0s~tU0uFIT0V6Z z(^GWEtXpx^DzJQNG9J>_>#f>0acS>jB`69m(RE216Sd@1yt0CohSiY&0A2j z6zcklbbn)1Btf?jOJS-#VmU_`96BB$mMsHr5^Us$JVk6sqK+}t_$Ho3WRXv#&*9|s zM5{)H!L8AOujc2(n)NA7u#~&A>J*`0HO1*$q22VraXg7Ox~BG~dqBQEw|Tp8E9wvR zky19K3>?Ezo1m^pniexFW7ob8??fFWzza=G=f>x``0M6&)Kfp zYp;WZ@hIH*lb`j&J%i1Byn`O^+d(?$@u489F{oKn|LNGLq|5=?F`AG?zi{K=TWKkv zu*inyq`|cCDSWmE8&NVwJD;d4p|$oMx$6(Q@gK2TQ7BqSCO)P8-Df<&6^|HzHQ9f}3CO zP)UTa73GtS2T=`Atnq9%lm3*~{}y^_Uc5nn5cTUqJr^rJYtX}rNsGGWs$HRRTm!8m zE_40vnRs8Qg>cw)q{ys)j_l3h-a2gZuB%@((*_VXsed3v|4AnL(v1u784-Ev>ON<*}M;uZ%D<2`p$ z%Ht5CPOj${^Xndw7kt)n>+Ah+q^0}0_5H9wV{ZMi15q}4x@MWJaCP1`t4qo=wjt3* zjfM?Vu60CpCxR4o@xSM{u^b{X;RL##bHWoWpy66783(W9@iOEEU53c@^U^OsXh|E2 z8y3g`?0N-S-mtY=3fEeIyx5k9aYv^AM0Rk5skE*#P7T^#FAVc7D#-)i=W>8-ML2j$)sbeBwde03tcC945m3e5Tbv^?mfzN2mSod78lS{H&gvj-CmBY zj2>;>yEn!I&~hSAL3pC6amhuO#{xf{s7tRC^t#EaAnMbBLgJyas)s+CQ26m*Kj00K zoR6`Nm`+7+<*Vo;{xZ?7~l7-xP35mupjKdlfWi&+uKBtmkM*AO~lzMd#bS6%c zk#F3d-^bD%UlQG=0Q-lq37s1|nE`NlGym7e^Y>RD6{mv?Apm$a&kf{0QD5;ZX?WHL z2B?g?nYrol`IhKrl*~6Vr+umqr@S9&`6D>Nw1<^^>1K6^&fuh$$d8Zax*2UKdWL%k z(PHQYF#S9&-tWfYS^F_`^4IaHP$zTww7#_xs{}%gYO#%r4V-Wu1~KW+uxFb`dwc(8 zs{Z?I*fy#Mw&aTf(-9Pk-l`pX5&oQmldy9YWAaqSHgSe98kA|`8L%>MB_3de>my|Z zZ8yyHVA_x1lT1`*?+sDDof15Epa z9;wmb#1?$`2`+KeG>n`G8em@si^4MSvJ<31>)#rQ(9;TA!1CMTf|biKnlE#M9Y}6s z3AUBjSssfz8=%7;X`BnWU>Q0rFSg8=_NLpJS_aX`(-3rngEZKl2&Ur*k;r934s#wy zNgU=ycB4vq?8i}3{S3(ccdwBD2b`CU$tl*4IPczqfr}K{sKmAh)Xfi2JL{N zjj<{w$lT>$9OYL`F>6Pe7`sf1iHbpxlQEKW(UF?I?WXcD+LF%5n6i|Fz7)^Rm>{{! z;uvOWOwo__Ua2&kva> zGmcHtmOZ;Mg<;Z`!*WedY{WjAWh4`2zh()FWvavS`Q4Dwf+29{0B$11cc5@x{o?L`@FJ5qxUd^`&ew>cG- zRPtz_s~5GABTkqyC%KUr>+%&ZH=-9#(K)I~Mk`8y1|P%cFda0#N2H?9NpY`;5lV+x z%dt(=)~~A@C0A`KvRa@HFpbi$8OLh!Z>4d>wH{i2=hVb?dO_F5@Ph4B5?53q794tq zAYUq4%V|9)87qA}$hLGQ&sAT7o<+*P9BIbpZEbjuH@KiVZMNp>Tv6O%SZAuEqr{$b zJIV-GRn2g=BHU>==)fwoGD@b-djaxDsQ^p4LQg8TsAi208&MUHGe0|x1G5Jz1wR2Q zNmFlS{7IY()u{^f0KIqr!x1ZT4Q}+~w{fN)sWY{vrFlcw(!*H@9Z?(&-5-dX!{{Gd>_5sVwLh(b$mDQ zL9MC^K+ly{u6C7B)~)mVlJKB+52=nKcjU^39eA&a)o!D-)yQ){>ama#8%iNn7aW7% z1}gAp%NE-vCa3(L@MJfcTz@zW9yQY74wr|;jv9PAtbHtnH658ZC@pVo4Qe-SmJ#3_ zzO-y{B?GyEAv-dIx}B7FU>WVMEt{r*cN>Dk4~)bO^U^KDq&ZcqY9SB$k!e`hQL`@FJf>K zPCmWA?CwgRaLzb-U$E>mx+KyLaL>Dup6Ej;PUNnt7x{ELN3&O*%7rqX78EE)x zyo{$)5f-~#YVtJ=)4Jyp`DVo)W(}LQoXn^v@Fk)ZpUGBy8{3Y5z~dcrsbTWsL4Gby z{7>&M#W53u?nXH}BTaUek!p3Os`6EI%bJz6VRbYE-Z{!xQ7BXmc8@MdwK75;zeP`l zkX|tsiy-YxdGVH-@y@{4i_{I~sVBh;BOrc+?l~;5{K;IuAk9$c?x~9-uLOH~$lYep z^*yNLImr>*kh-Qh;mGVJuH{RM0}%x7)u%@o{AY#1PcW05%}czsyLsV!P0K`B*QedS zf^hai4;lGRA6)wwB0R$dx&Af67@5P9U3)}-=pdW!h2{7UGucte@-g4^Ul;Avnacp? zIOU*R;)XonXqIu^lrE;Y8T#|vYxFZnoCdO5vj#M>OSZ-|nn}q4hjy!VYs4XtCr+V& zodLLGt+2C{1$0EZJg`z>bqdD`q(glziH#b?fFsLZR3lDGPUS6-6P%#4SQRg`7e>Y{rRF%GsH(T$V9e=KxEM7;LbCywiK@tE=wTDG64~uEdkSG0~=a(Kh zO^nT*Q^{|Hs(zSMb(km#ObvG(ZU(LUfk)r??Ue^Gys2w#Owr-&4x-^`P#4XQ==)b% z(#W^w+#CCTTxSevGs#w()c=XD_6qfaH;<(V_%7?l!JEg` zfy1FU2Yjok`Fw7!p3lP-&f*)+Z}Z6X&?=g0^Ojm|Pl$t{ZyUX2M{jn5u)a>9ZQ z_vefaXM#n|q}@z0fBsicXiR=sEqmJMZq1tVz>5*{0qWt5&A|4uq0+N`UTk&uYXL3OqKTtJ?*0etRwKd6_YW3x0|Q^7oY*6taJ;g@c=h ztgFU16^_3BXZ7tTJ0yQMFBod%c8$xKSZ&hF?>JjME$Hvmr$|RL%MO*U8=1(^;b=!b zAAx1>J&cD|%1Z7PIE;JiGh_XjTJIJln`(MUFGc69?^x{3iiD!~Z)Nt4eZOnNfDwa> zf;~We?Kv3eZrL(O5tO+oR2cfoo9s40?n#ZXlDvw)G!1HXwKyk@JK2O8T|z**_*+Ld z1sbj|juvEvHY(Fc|v?R+=Ew@;$n zTezEb{)ptrw#w<-)wt~0FzlX3+OW4_@CDxBrtR!DU4`=(vBqlx+3E|4pOCAU^ud3( z!X@LM+Je+5D_Y)=8tf98vDuviH%u7%S<&XwB~MBXa3He^YPRkoHM|8~$$a7bR7dQu zauZ^;)b;`EVo)ny(q`2zPBXT46y!4%yU}dV76n_Jt+8l=P?wvUF4~6G{46IMQk-$R zoZ&iK(S~GATaz*8~gjypvwEYve^8$a2zS39_bl7xXERVQh;WlrisLOHDE4z+t8E2Bm#K?@?DtVk`Y zE%ZZa0O#UpCPuWm!!nNzwrj}#t@jzdl9jWD)N5MG(?AZPZ!~sVXh#RVZdQcWiYf%H zag!;>s|3zv^_#j~ pt4RJ1HFXQ;snU|vC;xRU$8s#kaxBkM{yzW!|NmPN8`S`E4gk!{h~xkO diff --git a/released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.203-rc00.tgz b/released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.203-rc00.tgz deleted file mode 100755 index f2994f49c6dbe1f50b66fef5db64f83a28dffa22..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 113958 zcmYiNQ*KkNHj&r=80*WP_qAM`=3 z?)};gp~Pq`AGqQ+>V%x0;j%*8IRrp7L-ZewL=XX2@% zXwNHQYGVs@(f#R++nz$%!T(+>;CYmC@h%~iQ)}XT|CDNENzqYnno{Iwx7AY(y$YYG z;R=cmBpaDD`TYe0Dc~Ou&zf0aBVXcO$!=Wn4#fF0w#5xnt0K~m0E&OXO(!f#=Jz>h zXcujQ?=Q9qz5zeO=Xr|bruWycUmM@vcbDq=-y4cpke4nSe<%FKw$Qt&*&ox8)H= z#3whdSbUyoN|}&YfJuEuLsOL)Os_*ak!s=D--AY%aw< zp4T`UYvp=!q7DuY)=IbL1>=rCY8};3Jc%G?-M@Ojo+>ZzzdN@-?RdTk_g_J>6TsJaUjD(ZrpD zU}(uDkxiot;Tgb{$QYQbA^^PJEt4;J=BeLh(I?+Rqjg~1-PR37N|9664f_dY^tzo3-Z}eoZ6JUzM9&UzVZ`K~P-Ee|xI( zovotU_0*@)pF5;n41M=z8O3}d>DX2in+f(%N<{={k&$r{qJ9m4+C=Uzb`A3 zu3N6Yw|(y)TlZhTvE-HQa*R`|VpnQ&HWgEQ#J;m;at}pz(P*l!wMg;4_X#b`ng*o- zs1Fki3nEBW5x)H}FK^Y>q^*PAH!N?5Y35L-9&*f_(-|LO~t814?dy|J{0OB zG}G5Py<*^LR#Gtr{7m1}e~SC4>c3HVCXP7UH$J^G6Qe1a={&@ertVju{E|%*krERh zGH4|VAYIM-Wbz`RKOc;Q`KOv8R{q4}qJL#Yu*r^ECf+2LOV3DfnR!5;rN2^8fvaY5 z0I2Tr&X`2UNHwObj0vbsav<1Yo_SvnLQM? zqm2CAF0DiGclb$cUWg3+@vCPz# zLV}c;9JY50xO@qx)b-^{7tA4dD31dCY+^|ycyGi_v11hdi)n+IE4IK^!-%-_lTL$} z0du*LSQ#V7BRoPj+lk-3lpFThz54shzD_;g<;APFYtN@k-&#dI+gROSx!c(`8~#0f zuXc;ye8Y{0986B@xFcW%Ma>Y1kqIk!ZTNg|IG?B<)BImdqWToYNFn7}A(&v@U;eXj zw7ieGqSTKw3})L4(W7gK*tw(+UC{S0{vU`y?;ob;%7JT%c?_^sYN!u~@;DLTD?aBr z6-&!xXZ)lbl!_2YZ@-L^i$ka$Vmj-ZC@=Cfg_n*k8qavYjbf8Zo4hs&sU_0W>{K^{#ks0 z?4JPP3-(Wh6iv^mZc+v%j6W!ri14MMD&A{xJWf#jjQy%)Bl^hs%?qQKFESwQM)~=1tVkt!E^QED*5Su$ zL$fg0avYajoJ^PNkmey)GbYq~j)b1R&l2KBRpu|&0QlyRL{kWU{VFLw5u>9%Qd<{u z3!SgN4a>h*c!Fh+#j4=Z>&-+B-Au0a@G_R1F9XZRDpYY9u{m2$1E z&l};)t3B2H8zCpD(Av9C*>9}h-?egj{r;_&{QAC+mmL3XNHdrg#VW-5goLm@{Mt&* z)W^kSB)c-mC1%hwaj^Z)1!_gf%6dqF=$P5P?E;%gYb(9{6o{M*%=3>V3L3$RWI9On zj|%*3W0N7-O+%aX@D9>1zMyB@&8kh))Q`2~px2zBk51q-%p@h!17_}rfJy1hVv#(3E;Y@GQI44daE@-|l*%Gqb4ECgZ@b?; zp8l2>Uo4;flhfd4n^8_Zy2vKq5icOw>}EGr?0fzeK6W6P#q+4=c+yA_uBn^B#Ue_A zN(Wm)Rg=deHi-1Nh58)8nY)isQ)t@zotv4L1|7gxE|NI$N~rGjteF-Z)74JK?3+lF z2nEd4OS$e}52;!Vk_jmw=GxjeAN9#}6L5c?wgs+<6C>DO6E>OrW_n7=q)q8kCqm9& z)!$TMevfn+n!SXpwJmcNme0i)aOxqsdAZ*1o@bee-i=TETQ5C=xzIlnA(>qFmyA~8 zYb1inkEDwawlfo54kD^OFh8fU8EMwQ!saK8=B zA%nd1hmhh#Mj1nAXjI8vWuA(~W5-iJpK zi3^lk4lo)ROjD*!L{}wK zEG8Oh%TrG01nps&SYW8Y=d+r0IakSqlvw)XE?Z4Oz2Reaq+h81T~zPn>*uV!mS+IF z&IxI=k~@ZTi=&uK7r}_zio^pM5mF3ZD$~!O7~Qg2Cos&V>Q(x!hf@CVH93oG&}$*5 zpm`#kH9ZS1Z0{h~z@d@&OT2Tq4q%o1MC!*KR_HfpQ2Ex59bMlk%mFTWGH?`w^;V00 z0;sylblUaX-j%p=99ay`Q{@VO*V@(#LKZavRlkp(iF2;%-Nv-{id3GQFIUk>q5J3R z2)BdtxGAQU0FE#5+qT!5Rv1OGzUV;-Rf& zh64_5t^_Ufxcd*}a0BF%F(*-Z2F1tS9za4Eq1LRpFfdgc}orc^}l8vqhsie98))}?)NK1uK@?;lgCSx7;l076b;4p z)xO^}GVzd8#DY-O?lRW>VO(eDzI))@4CnCgd! zE_oHpbqu_Or}AirGY&CvE07BboPy94Vj*u4nSoEt;g%FhZO0^G8wL6})F7v!VIl1mzB-H9AaWi z_-M_w2CmE_AC>VLshh*bLxo{A*kpPhYN`mm?v#S|COESOd{2)SaV89S{W1%h`8yY! z2gQURA)reZfL9xsauUi1a8^-wGMf?&0`o{kj|99Z6g#lS?vL zM7xhi$@UKAV5MFT)0+eP467@1HI{+84U*Z!GzZ_K8^XNBG>!iYekMQB1~D=PV|i?Y z<<~#;&bAwl0(FjhU8!Rw=Av3MZT0SJbmStytGBf_dWC(nE*p9H2lx%!bxaHFuzTHgptt^NRyNK~>gEF|LsTc4 zB%PH!(VttfCCXsrVA4i3LG7CNIx~sPhgf+z%#Iq5 zAbx^o6WCJHK;ap#jzjR77pH|GUVxtiqsA!Kn3Em(hF|}slQoTa z)@#{_8*d>&=Y6!7%>kM?FGh}H9RB0#mieMFw;qA*QDGIb$IrVy#x{*nT*mrug5oQz zn!CO0w>kRUd7EX~WNQMa>)WCN|JJ#2iHm;=Dh-VAGG3H$a+;=;lu}YbVqz;AnG0%YGN!Zp z)T>Kye7KZEaL{G#rlEuA##h~T##DQMPF8%(^K756Z5v1M+SryRVUMVdEMrTe#%2?P z4(tqa_uc+li|j{f?U(QV23I^XSH?VEUk+`-;Ft^K06c~uspW& zmLa&c5*&L2D zlBRE)yULUVr{%Lyw8xPG2hwh=W|<`&(4vKrR4VqwXbrtC*4&J)ppe~a^D7u>p{3E| z@>j6ITQs&U?zlmG=Tj;^_qbt+WvK=(2}B^9DlLL#w7?)diiLg$o>jU4Xbh@FKp+S_ zn^InW7!0dNH<3`+=GiE+S7x(M*p^tZyMy{VlQLV7TrBJq`B#3e8PSKn(Y2yX=wd+~ z+ZP)VXO^&WokX4&y9$Xcw>7{LcqqhHQ&o1xMO*I=@AflIbmI8=}~)?tBO&3HG0E6_5b+7o&y){1{r zJ^OFyGc$DrA%=>k+v4FauT%A6Txl!Og22&S)JZb0t15HxhMfKTK~Fr$>|GDNA{(HM zT;ri7I{a-dSliPguJWlrR9?HRy1iGr{5k??rsvKjCrv?$=e=5_(WbTZRqe9C(`}k- zmsU|xT>Z~9Bw94Z^QlE3h#{2N3;RxHQ(lThY*|bxDODLm5ubHd@t^0qQE;vz(*e+j zH8zuE=1)kc`T%l-8=-lP$$6_778iu@JT5M3!(aJ*a&XU)C1;##2J3)HVjYO!!Ha7| zJhNU?ueTJDHF2EBVTE_5#U5lUL_+N86+-9hQtXJoaWU=U{+h^~iol>*TLoQ{XmnQL z&8*53(Qg(YDF>;p?8(RhNlQ;mfsTFobb+MW9I(^OxZ1UkQr`r~=amKFOuM;j%zskm zzyPQW52hKGPP6K%`&Puc=hL6oRm|3Vcx2KY6jePT`lD$K?*o}CMJM$%8ejo#k$6d? z=X^jdC}1Qtul%fbwck*ERoTK@umrQpy0=RZ5CQXFOG9gdkZs6M4#Y%f=D&`x_xN5c zPEnERgNY68KCgl_KJB;TNAf@oqCMgGZim18yJtrN9KTs&0{?B4eKQFY3Wt3JZqYBA z5BZw_8R#RKu*$^U_G}Ol!Z%MiY+FXhg>i}@J@q`7lR`n_96YlPBd%xXi+Nb<#iffC z0sE~q5i}0z?Z3BZ@=l+iF?YFVE|T`S;cgO=%ZVzRAN;AOc-TF)STNf^Lei z&E_`ZtqhSdP*}z`e1~KF<=3Rx%;Awu)nO0hom9iCc#-WqY%Qm(k~|)EhY)LW9rBhH zWoMtyhqXt*ZYlo+<@hYrG~yJ8BUL;g9>r6RXZA`QbeQbqODYm~MRjMgiNa^VdR->eBYTl`b?WSCrfiI;1w2$O`( z%W{v_s>#k&k`SK7)*yd`h;VJo1e;J@PuBxLPZ`>dVHsDXl0La6!Xqi?(9G_731Af3y$UM;74ZzbfUY| zWTcx(Wahx)qhb09+0~5T5`FsJvC6_lTB}slrord_B52X|)uqET%ynniP-54m%At~8 zWs2rzK>aBeSFx0RI8mXMCbiZ=5J*SCy(vpC%(**|Lj@egh;K!Va$HYS=SbQj1b2tS z^slgzpTha}1?_p3nCfhxYZWl)`*3!Do!&icw##G9!G-alr5BTl7FTs=Vq}Snqae4G z1hI4@DO@mVZPfD!pias-{$ji_vrfc;?#;~DZ%#%pb~=K)3HO8*N}<&>Y-!52$)XW< z8btG(EeuL!K-J+?rxT-M_(c7w%t03%u)Q?^+l5Wjg+P$R)W%jt1`yK@_@w?4Ow}mD zPS_Fd&__O@H)6%^lq_O)VyrPci5X0{f861eHb23Kw4V>^6{9JJd3}3%sWB>G8IM!W z88r?)%;sT-^vyI1EsZI3vH@$e9Jt48bcv!%kgJsC{~CxASJvqkT|<*Uj51lH&l2|C z^R6XAOO?66Gm`t~>DmX^gxzs4-a$d9s6baWASEQ5&?-mqySJwM|`&&0-7;Yr}C zvw(4I0c68>z!RZpuKb+8zK%a5tkS-^i^JfY5Yh{?yg_#DDe z?Io;JL9IYfcDu*9@z2|CrQOsOpqhWDr8LM@4t))?>o;ayB8M+*#F=N@JwE<;XMi+~ z0B)p_`xeW?wAR7k@&yOKE+AWfOV7vO(GP##r0_vw_O&q0fi(md0#ng>TqvIH(9|~n zgn~aVYR<>XaNdK8Ljt9~M3SRJwnPML=@zd2uU9Z*c!TLgKrmx&2v?T5KL&n|qjsW| zmCa1KI={Y=NRvb?BOcXA~_|Q1+a5j1X()n49 z45dFsmUY8PV}A=KY#7`5Ih&NPY0n8uC8FbB@s3@0l(ZPxx%F=&0A;Wbm#ZZ zPz|XDN|qICoZTQlA|a(|ij&v|0r9>g<@pEyP=q{hh+P2Yun7~^HHX3XRuiX;Xl17V z?5J6DW(iZ{4yR0i##)6PFXtWFK-Tk)p4Nu!&ZJ*_em?4M}d2|8mnWldQ{R{7cYK zb$l&K+SL&qc)3gO=3&oj{w)noPtbx0w`ykB;I4I>jmGN$>kD;#U4K`gKJrMIyaQ8( zYCu3K5J{~k{Uk|2zw2CG@l`Gu;cGzF`DXr6+-@^Ws*;9S497+OQh>X=L%=$C29$y2 z>wtm8o$l?U(_r$Na162{kr87*h4B*y@2>l$B1lM4%-IUG*~Sw)QZJp*TvAc)0=5xw zpkwnUU+$ZYMw5sd*jTQjvqPStvID<*rVrupU2Y@efY~u;ny7T*&9}i>BQYQB6b3Vq z<~>H1f?{ow8HFGit$SZJxzAj2_P(}=Yh+FLFdi%oOr@)gjaj)$45om~H!iK3JYKT& z;7Vb~caXn>qLND;(Ej&Z@9`Hbf=(T-<;!wM16%ERl4gA`=(RM@vy(Cx+C8&g%OE9V z!)X+&AgyAiK)m< zY4@{OWK_+;4MVAjXxB1FB^6#+-Yp+c?~2EDtBEVlO*UBxC$)#7nTDrKo*{>l?Y=u) z1^fImJ(n}bA#cff>KsnC8Fs-WBPGyzRelf_F|48S&!5ia%QO40I>V=8B^pN|!3eAa zxXkx{99*hOW=LK}n)H>ShcLswS82j$Z{Uc-qA-udb`gBI!Tcl=4P#nbme> zYhlHAdftFnwxhfEE{2}`G`+=84Bw2udM2RJfrIoVtI||wC{$pYv*8x&Jf_V9qRIow zYIb=ccEl2b8d}BV&$>>jsw>Oy>yaKB;`s@r;RJnI^pb8ozTdw~XY6i%aeKujS6ir~ zxs1%mP2&WL3it+Fmc}meKv43bv{(P(R?uvWqz*tGhlEW|U>m!bijXNYyTVK*GQ*|C z*IHjOp|w~?$u^M6%(j@H=9Jrw3o^$>?kP8Wh|Ob(0B>#Qq7~(Up^+Wu5P7XS;WdGA zZl`X%h%#rrwOF{k476}lN!AR5d9euFV&S|lUE|#vh3+7;CZRYnavWPqK{oT@sXvWo z&n4{;sAW+u*4`zD%ABs^nZvRTdK3sX_LDa)ZF;gWdIKS{Of~uH#@u7+AR40>Gm;y! z1nJ58&DBvNxI(u;u^v!&Mu%n~<&us=!N#S=!bBYqo$Bz;@Wbj{3!6hm*Kx(wuRy_y z;TocgB96Euo7LiNk@P6bVil(N`sP@{D4%oG##(45=cA#T`dAw?#ia`sMGlf57bh57 zY!v*O?vlxLR=;xd);IW<%t2q=8CC>b2jqE+J%^LHBc)0#%rN?1@zGpo0@QGe@PN4E zM=QSpYRODX`{VlzXZ-z$Uo^~eEkuZ9*zu|*?a^XWD&M;nfL!P8_ z)?w3x67v!mA&G(x|A>h2w;x6FhO}vdi95E~dYSawhmc^wOq2VmS`0gp-H6A@WF@nD zCZX%@(51=)Y}(+ph7L(NjzFP}0W=SLCod<5v5NZ=+YQ)EUDU(uUK;_`3_zKfYY=MQ z$#O`l^aJ9_lQpy;WiggHL}LjkZQ~aK`ozVe$*BuHoNvd9(T53T2jm^c7ZSiY<|nDv zrws&FgVIA0V+SONqGG5OBs@M)>4ZTl40c)W=^hvNkQG($It$;>3SoxMOqB7Ih1O18 zB%I1L%Ge=}?4KD>2#On%UxxvY$~i^J#zpOljXi{JsCDb|=Y5~2Pfur%1uYsuVf%RL zdB0KWcM8Ij_dN%rCUUs0rjw*i?}jE#r<;aLJtihFJR@Lp3jS1LztJ!}0**a$Y%3Ot zB+RPGwu-2ROrxNc z`sSP!aw{(42^Ol>zxcvoOeLKq6%oLdyQf8@nH$l%4;6c|@~Y%F)nrL~2LQBxmWu`Bn#_7u?&oa=JJH(@;w_ zGdRMMc)rhN^E=jrr+3_!#9!(l+HgaWr&JAhQkwZFU2K1nRlzJlCSX1W& z?|T5+HlkaI;dKKIbZ0Z9_X`)%E!IzPW7-GO36nz?7qKE92xTKpENuMA)M6skZnMO} zC<-RWATOqnjFo)!GuuH7D>^C!Y;B5BB$dF!C;>fe&pcNyHCir~c3ljvz8P}rI#zO9 zAr47iCeW*>QgQJHa4RYYp(Y49&nO~d;=^a+m1O`eRg#_kBT_6BD+dR8md@8ZoUZzq z+h?klUPZ`?%)qqIMjf0XjjQI>>>WN=dphA#9Ei0cf`Bd3jsmPR6nMdHio1WFADNt* zZSRCd6+z5WzB#K}-0<0)#^!7Ee-~by%J*LUn5DvcFIF{op4`GQQ&zQbe!~AUzkytT zay{SLJAj|y;nv)&>dLcU)3>%M8W%Ov7o43vQ{$ddzp20rzD`rucZTKmH{tBxCM{A2 zTbHY7XbA5dNHZUoX4t^A5pa(0+Li-084t0mYrcn18CsjpjS0JzmPzo4V`TPD&MQ3A z%8fxeO!La9<~dvK9j`vIjpNMaR)TcL7OvdGYI%|S)kCjpJ6?xQTPMLk+S@YRmyUwg z+WbbOwvL3op^{+7Eq2WtDMU_x8~Y@!vJ2dk=ej1@45d!aJ8F1b8VWoHg@c#rEMh^5 zAeT%SrylGC3I<_n1NW09g`gH0`TsDd`|?(rsiTYd9ByZ{m5ebd$<{*OQ%$Bh+BE0~ z;M+7rQ-9gR~en;uX_u`42Q$PauyQ8B!yQxvw18YG!S!+S9}A0R0o=(*}Wu?Zr~ za~H_Qg)?#UNy-*Obq!@;L%MOFvoJhmVIW$nMT^+>D&gfLAu5JJQVs-9g=0waZs1e` z*_XHSDm*Lu5$3-Pr^DtBsc=rpc+?%~3qJDhl_`m#|6Ri#yEzIY0~FU!?Zwg4WF{R6 z)3i4i+NiCnO+deO+Xf^q{JT6f>fArazDnx$0s6$jR}o8{+xR zLAK@trztQ8xKYBFfMcx2z{Sf5J4e5DsuUcdfvvkw{jDQ%X-+}@aFL`h`NR%fVOrlI z#+3?H*f^1uyOr~G`*8`Ey+5Q*-K9t#k`WdW_N4A1izG%~=+9ugF^!2nls0X>2fVJX zUmR{Oupa=NLM>YeY%F%9HHpcy?e?C1&i|^3#@=Nv3MMGs(E`D(9aJ($qnuP!0_Kam z$CX~*jTePnTwXiR$(c0u0b89g3Z0o|P{9B;RiC$3!UZ<%^Kq2eiR)!tv+wn0em!G9 zd-$$>5?N%gR#z~%4b0@cCmvjF%PU-JW6Z~N43Ij>l-3zBkHJ%iIeQ(0`$0bI@mxA3E$ras?I8r5>8$uIQ6X6Sr>XrCs;2I zCBHefE)h=cVO3+5uCi{xaixX;ve{j48zEKv8`SqS$)M9w2wZwDsXk9$dI^-FjY;vi z5J~4Y1kzfpMRwo`R3l80CY$1Ge{D&`Iz)lz`baicwPuOn>S;=~PF8lv=xxHYRijOw z)?epRQqVyP5kq@l3tvqk9Bl2tM^?!>aD@(4*fw;uUljSVeU<;@e@ZwU+=V|=Zn(T{beH4I{}%qlKlbIH zNBmF8dgNBvZ86a&bMP=oiO#w%)%2WY@NHxD8tgmpq+|^?T~dRGMB!y=MJx=-*lJaq zYfT+^=&OgHW?z?v|K>ZQj=B|Rs$n1A9zeqh!&sm_10KaZ?qVe;x;z6lR`*~sE07O& zL)&IaAC-^(wC0Yq{m_1@C;Zw>2!sl;0;5KrDW7+W!g#`&6C$pKP^H7ID8{(qGBT~m zQ?rXTn_*j#r3;}i^U;=+t~*y=@xjD8HkTFTWw7wnS7`Pe%pgG|fG&}R<9I^dQ2qI3 zPj)qmN)%KP9#TaKrd_bTSd~Sq6Czlwhcx-8MoD{p=1ZjP%e8c}g>9`r3{86^HOn?N znh2NxGykbxlk}Azd#|V}s_C-&;x}IM2$o4R3QNmikF&+XKw@-UGo9S18RVmbybDU~ z1@+Z&9cMg_nq_&(EicWy$VdPCE*eR&NZ2(k!(?kfH;i1TT2qpRe4Rx$f*>HbI)Xx1oz@ft0=TavEp>Eh~sJ3Xr9;LpzK?rgi@F4*NOhNiy(n6XZFx>xN? z%>*bGpE^=|7%o#uLEL7#!l{K255DGA+{i6tcJeMN8I%C(7SwY$@-&lWU@PJt+jdiT_qMXf_l~=&zmpk1 z(U+UY&wKGeZk`!U`urAD%-SCYxn{S_1|6)r zFrJQOwByxgLlw!mnJp>_hw`m6Eh&~9*%sR7S0zIOyr4ipBaXG3B$rN`uN$EjgD%BY zzK>on!mkI&M|}{Qxh8+nz(@}pa{C*DX{KGH$GKAnmnT0I$`yt>B*aH}f?=#)wuFyq zY{Tnp&}50~6#x+44}snkp9YTj4B-m^6l%`LB}M?_osI-M6_r5cmA7NVt%u6P1 z2UHx}9DAioY5Od_m&}s}fgiNtPY{6FfX$lC%ETGuyFe zymaeO5%@%Ihr0N2=E5-{jFK;kg8%?Z?;N=e1uv}#*hC9n&-uK$I%@i?r}*bB(Y|s% z=P%AVRi12^#JZCTIJ* zWtQ@N8U;|*Cl&F-&4HnFqIO(Z zQl!q;w0?sqXZ8oIz;-V{gWibBk~Q>5R~Q@lg3EDQB<4bTod?8FeQM97&-0fG`- zO)(YwA7d-OjU<2lD4El6bD2{@zSjR~LghEyA7?Mic>4UeC)xSW%B%lB>kqg2zeU&1 z`NfM#R@h0d2JkO28h<_8H7wv$ycw){_hQLA#(gXCbeA(}BQpiGf}t0%Ar>K>Q8Y zQ09TKe*1raRwX>_u$g)(6Tcb78nRz&qUSmMkni-#e{4m~F{Gj|d) zOqT2`uO(7PTc*A=(u8Rh%P(?dT^?KoR-(Sdr}NE$zVHf9pK`Mfy_7SA;wbqnXOcj~ zAUYhQmU_$&LNiV~X0d$4rm8UEY99EKg1sVIUjspAY*=QMMkx@r=yD#IbnwO}7Zs7i zZZq9Rrn*hk@r38$tB1DXVXFv4Vvf&0)3-`nO^73AEeUdBNu!3i(NidPrKXmp$6sY@ z1*QMY%aUtzM{t2xx_3{-8Ce44wda`xVkGZQdgb{%fOC% zVO>=x=kFWqDP7kOpt z^b`ul@`0(;7qUq;&m{IN+qRR6X8u@&F5Oz-CpGVRaBG%4yV#vh)_HO*Wt!5XP$ ze@@%tu1wfmfi)0~ab;)!jT3)SmPn>8BXgmfV($%x`8VNE_f2iP8|MkNahZq4*-0$# zRBDJ>`?@nCX7Wiq%bcfOxcrk;X1P)3Mr$oTCyZW06j%@_=g)zs%}DhTK>Mo&4-=df zM_V9hwp&v`U<3rJB?*B~=9vz3(Vy78s`P8fRsi_hc25+dXgUA4O|4c|I}@wfjtO4} z;!IwTxPh95ivOj=EQO0HO znAvXJM6Y_}fuJ9 z$!Lfz+>_1Q_0Dna;8IPPCnjMcN;b3c_5`~f1b42{%RHr}!w&a#F z1fM@;kY{praV|d^mdi;2A|$Vn_%^5q}3IoD0(86IQF~zK4`^XmBc+1AV0MF z<_wIg>!PW1A|*B8zMbu96uYBb+Y@wq83!Hmy-Z~oX0tD^e7jK^zvM+-ZZRqur8_*C zkbV|_{~2Y|I%dBAu(Ryq3PvwC#4w`kr)nNX7IZ<)cL@?RNl~$1)u6^&0|JEwL3u?a zMJIO}lL9XH+d(0`1l=^%(g%Z0s;_oVt2L*x`4zUI$cqaj_ zptK3RJ_X8#kTjjMBl{oS=<9~|x{{-`+*Y3bm_BfBd^XMq+1y?>^5>DK-x*el7FMZb zafa|C`hDLoHu*?m&Y2}@2~^~o$r*}t2XH@}j`5d8&=sZhud<@k@AbjO9!S#C=!&yp zIKqm;Kg*r;9t5T3e2BIJF>M(Ld)fj5`C~W-iETY|^rDHAsVq%IT1$>2D!Dx44;>v< zt0_!{e|@zM>!u8=YDlzUy~E_zhF9y|pQkB!gg`hBiZn68HNESP_Qs*u57_{S$hVs? zO6;!>^@hn_FC8^a|Ee`V3olkt%Dku9`^Hdcv(@1Jw1UlpU0z%;@k6MnC0Yc#R3541 z+R7t6uWA2qmDq+S$55Pi)gR#|JB>2!q3#e2^IlveJNW-J1>Y&97ug8j;19qo&uJ#e z5z6WXb%#)xjOe2eBFfYF`zxBTmeUw#ZHBdGygFrg(?ry9UG|e2gIknh+Bo;2Fc1Yeh1O@`p9}q*GM2ViQfOE=z=8HUO93Z6fwL}S--zYH&n0zx?po%?U91a9a}ZyotiX`9y{t5@&_iO%cpJkfUb ze)!6?ezc>fNbXu|9FYIuc?G?y!fTWb-$gYCiNU!^!TrR>d9Pk~Z(G+TZxlfUFC^;` zr5DjVqQ$r3!z=G6WYah0+gi|bfEb}DqRk9&41W|s8#m+whaVcWwm9Bkt6K3n^Q&!X z@KZ+!!qxn5^K(Rv#lJ_ysbvelE%k3QuL4rKxI*Nu<9qYVSzV_(j9ftKqvW8)7p;xtg09t0)g6>a66**` zyZf3fd^C0{{hx2{P#~~^5wf%#UN77_9~m|^lJa^JPezhrC{u!S_-k0G7r2l$4EQb* zd++$rzxlY2OXLG{(Eo9GW%{BD2`6nmOO1TX*yvrFmx0s5lx<5b`$6pfTZ@6*-&|kU z#w#gMo#MB!Z^-aum2F?7@Lm#OXqb7o&3Q=#cPG2>$5Z$N^yGE&%3pyU06kQeI6J>G z-9T2^5XK@K|Jk(Qg+Doy^u|$!OpD78l*WpX;y2qsG!}iEd?L)r^xfqC{@uL$9bb6x*thT{D05gp`WVy4@w3-HNY4I~uqpoV z43V4W_QvG^$IQt;881( z&3x#~W8+hvt5go@^4iYOopyN5Sds@WU~4BaWytf`2Q)|4nKJRu)CWq`d*hTcsNx}> zZzm}g6a8lgqT_{7OO%!;?S|j*FLFOHUc)U*V9>5eO$wW_Y+XXT^I&o_`8mBtTg=)8 zM%5KQ7^H3*hdP2T!B{DDY~6n3+6KW^>558w-38p4U&ENxR8z+Fe@7y!2v0cVty9lg(>1FrBT18@29!3OrfMl(v2BdyCKLQ{z{_(75`? zCV4vj)FMV!g#B)kk zr-NBgj|K9v*wSnLS^o*c7UUl$Wd^(y}}4=AxGvztOW8>5g7_ zwdRV&dMqoA?ZixsoSl2?iab&b2f#seY_f{gwn*crVpo?_Qfzez=hIoe}J zCFWuVq>}F775Qkq5Hr-cpywWCVr5#y70s}zcM7o|J_05qy}J@nT_l%9WM=>FC05dq zPQG{;EnwU7iMs^qSu<%-OQ7aAteJ)X!O%clq&B@rHk9=H4_m8p!4WLzBJNe5IUrN= zH-9p!;OAdhAZ3`ir$s>xRB-g_AZa>KNOB9e*EmD}|EM+ir@hexkX}1t9udYgb0SIR zG1-!qU`xH|w1Y}D6nuZvQC&(Ml$K$tnFuQ`RWmD&x;e$DY7E^5#+nePWSfL-hI#dR z=j!X34bb=1Ax>GPJC4e8e9W8vEKa=@hHKwjC_G7RCHfDe4n3KU_5-W^chszsD(up7n z^!Px2=SC0(w6>Bpy5LI*;#9_;PztID2Lr+z1>r(0RL?6itB_@_(;05zY;4bs{~$u= zI!m-QtB>d9o`ZbpN`iQs)U+yCZ|gS8h!Sbn8vJC{j#^J`f!d(HfzNud3TM}gdZ@to zxEj{FBM8dtY!NU6gI|GLv&xI3aYF!4;}!R0d5T(p?K8rSPU}Y~ELnZ`;*HTK9%p?WOrrgf zS88=14AJ@~D15>mtND=pCJqYd_`Kww?V%I!ssn)+3Tp*E4b@_U#$JR0<85Aa?`t8l zFtA2?(B1_g(+T?x0`B+kQX|q}1ntlm3h1JbT;qJ_+>rjTGcH32C#O1~Fa@ugm(tvo zoHAe;2jZk`=&qC+Z`_v8eRrdo6s*WNY0QyP$jxFvg|9?P$wWjphH6Pi35)sAZHXAP zGauHDfvUEEbrESenK^ahgie=>fTx!HmO7y*|7F&3J zl@6+a3&y!PfF~4a;d8i2Xdw}pq`GmQ-wdXxn6O&-+_#Uy}XQme*WO zSf9|+Mj0&h;EGk)De7Q%uGXmwO`^^N3n+4XW*oQBJIZ7vUtHE#C-|+Y*tMH4c)pBh zp`ApalGM+-&gt4sk+e5w{#4K!M7zI0I$6jA%ZZCueAFm(5*&YKP=&DKpZ zS<0wCTtDUq>{d6%T!1y5lulD9laf$Mxh}%>j|cjFqqOV7I5T>WBv>|)iT$K|GC^1- z!F$PbZ3T==;yQwzmtgqfg^VqQr~yU`;w$~?NpwURPyb$7KKDbP%&BIX8jLd zBN)&O&%jL)mKkt{4C$=HCFYXKzi(C}K_4qcOpz{1c|+C=h4{p-8wh`yuBq|GaHCYa z_f$z2^#paQwA8dp;>>hJ-w}?)H=rZa2lj3QkNw$m9z}2hXN~;=?hxJvk}u-JTX+%} zx%y$C*bvEh^%qW>9Zvv9n}udr4IByR>g_t7VAZLQNY{qv*3%5gZC}|Zwh~~WDm2e0 z)-GqCR#AgwE#ftF~Rg^B09c^ibGqO$4EZyT{E04)opZWDyY;wwlou0=bfGL6nonL?X za?N9Vn*kpdxr5Z^2dR2)%|aTji2+E;^=MfMUT=c-`ppwwsm~!rm&dE0o4RE$3U^|X z)-I06ZDc-$LRgI#^ev+Wzzs~2G7He}pk9Lh0oBjlNDZ6_*c5BnmDdN<*fjo&;)4Fg z>UEr1%4t~$vUTSTqie-9xEDeQU4{m^f*7&Co(#vcusck#ThdGz;1k1VmusU;pC!1| zCaZjdp3v!4Wk(DRIgbm7Fx~$|K~z38gs@h;=~-j6G4_&CzCi6)c5C9CD}c+-s=_Br z;arXFObHcqbF{%LR;rj6F!-X_aL82{PTV=W33)Pt+i;8&Gk|Kc_>t18fNh&P{RU6%d&jiJ(4TS5kS zuC(rhjd^S?E6BrW>0zkY?Aez|gp3DUCJ)2;h`gqzq*0vW{^!0xSVeR|9VwJ{&hBSYcmV)qwxdBybARSfsO-zJa=DFZWjF-;Q3LtU%46?k6=gMj zR$ttPTOQ#GSwn~4EZFA^iU|VxfMBQ$)Y!cHcKvKsxmK%a* zC}H16LDi$&a&`ybii%NL4sc#QZ@WM%RR+E~?zQc}O-i}XDl55}^&aReXpeg)i^mjI zx4WnFng3TYu{4qLbs&%z0A{uyV*Eo;~hkJ*~U!nQM zLnkA4Q0YZb8scbrti*=`wgQt!NRo}sA!4BF%BeU?8#v0%E>Ws|smexfaRB_UKHurG zt@G zG2DE!!jYzm0;$|yvyJm?=X)PaWz_auzY5=AHa4qHn?Z?8c>p=oQB<{wpPKz1@Pu;8 zmC84v2i8`Ku<`;ThPgwPl(QX_vJt3IA`cet7xOmUSB0fjbX3cTDzoGYT<aIg)>Wmd>wm8Gc+9Fqf|PFspd#?4$2DMX|{ z{V6HQl*smP9Rann)BsD$_*9aZJ4p(ev;}&R>M@wooR#}1jUobuxdmvi!qZn2A6i%$ zVWaMYG1z80bp~7q4TuGbgCX2uXd|M0M3?ABnw5*VXr{J2F2>CkXgXO!|F2khh( zU}eB4s>?!qgEb&@mHHp78RT5&CbGbm?b@2HpFgx5oOpnM6v9qPS<=G`lO)Wo(cnd^ z&4SE@gA(gJA-?H!=)^$(%B+FZkJf`9y{~Br?!ED@DM8p5<+h$hSNHzv5aJJS6{&cB zO)34RlDdN+URkPt>A z7{x)H15WQ8u@4C=rJS>i60)85^Kf_G{MJCd;Vap`d_LpzImCg_UfYO6|VlpY|xnp|`~2i|V+!3}A> zR+=}pH}FLS2L`bn(;>kwH#g12u?)H08{${No)>%yJ~0+p-X3Gxmy@k9SLA6`=WZqX zlF}x*;OpytSISpg0d0~7_@>ls!9M{#&|f5Zwx4;*rI48u0&wjYdTu*PRDv{7bCzTe zdhJk_3eTSw<2+FT*tx5|%N_)ay2>l)^0E^i=qZ=i{uaXP=kqr=^<=PPvNIwqaocPe zY_iIHjJ2Zc?E1E|LmHiGD(uO_6sskma))Nt;n455O4K1Vug=w{BIwR=M=2h)RP-3q zj(nMHvd~iJMnXB-K5`0y;B%2698p4aF8ii_Mt@*KbnCaMLF|ltT2u;i=+(v6gfLBW z=!lBs<%tdf?kIs=4uLm~6UbuFa%u)-BXFgq0buf?4qcg2rO!5Wc!5;21_PI&yXPUm ze~ZXbH226>nHu{*C~#RP=Rtd22mVpY+W%0^|3FT^*OPxh^D&0%%UJ5?zYuhorR)hY zf9rohH1=QS9+s)h`44Z>^Vq-q|0mU+?|+kCI~SBLBwJ%9xf>up#cB?EbZA?`rh3y` z@g2uebdUQ~9; zX(Jt_)*`N>z*_&xGSkb-00+EumZ@bh9h4wc3999x4k0l>vG`H0rvV$5Iy7aS-)kaO zO(WEbt=FXg*(Ov^z*S}e8jAd*^k3;@6_F2*7$L-jh?y!B=r{;dnMcHVI}Xhb3g;z! z55$HA2=ujQA^X^|6|TIBL}*gX&@*B)3s)iI6zQK8^#mFi>r}T!+EDFcg(XhxOT#N5 zs??XbH2!%ow_f2Hv+mX*w{pf1oaOHo%o0f0ga;G!(su=+sK)8X%$D~UG}WdYEkplO zaCf9@n?NW`P3tT&=tW}IT`ohjj^4N=V&ZbR?WWs^6c5R|9tiw=02q57_NpKh)`Y?{ zL#y=F#5fYRvQTHHG&-mUL&Xv|dMbH3!d2E5aJt`uEX6htWEVu`8;^ACp_SZ%jzW_l z?39BUp924T5H7L}m=#s4#Z;zqO$Xb|g8mh83Z-U{w{senJaiFk3z&U6Bf_)2-1ip` z>)sg-GF)mDO^&L?6qNP_9}vVo53J^zOutJ;Xcx8Fd3|43c6brl4|-!thV7@mluGHdP)bM-)^?x(mS~_NwETv5vBv6J?)#s7|)` zvzO4f#^@ISKJCxJJSpNT&KI7>HP2Kd%@V0?cm1{1T^X;X3TG$=>)zh(4=>@SBAG-- zPX1Ci)y@|beK7Gr?^}JV2mcYNX`PqK#YM8H!4X7*7$%aXTUxblrmeyK_B zQEMY1FN{%B6hH_xFZ#gScBtk&N9V5{7Y%|POGhYlwo6M`U&S=Hz}D-;E^pWX5thIS+&=}RA4vEL8vPkktBJ_X$KckX zZ^il&fAxF%MMGBmmEzOQbzmGN9N$^U(1wl6cGYcg8k8+Nk;GstrLpM&7BjnTtSjs< zyk35z!|;(h(?3k)Q+!f5>)4hr-a%KioWA1o>>s+)tXwBVdqw zki7sX!$IjZt*;*Dke;oqyMHI@Q3h^_AfU=qi|HV1xF@TZ`>n&~!L6DoZ*0PJlzeu> z<0(cbF!oHdw^>SCS0K2n3gj+XZA?OiiZ?_rK%&@mP)u!TTFBJkU}>|}kHddugFPI8 zWSdTpTSorjI?iP8n&=&;m%$NFI#Sf<^YpT5`VVvt@=mQS%@e@Dal0&r2jdqO`%eFL zyc2I4vIcQ%VjUjJmNeLRaxqo|pS6S5RvyIqTe+s8FhLch77}9l_B4$_AXh&qfHddE z(h2EyTpEHIQj5+SR>e_gUx$}{aZ>LN?vbklXG~ zGgQ&|(erwtY~bnhWzx;wdjPvF`MzygYP&7OO=@^*l4l`Ksg$R-naK!^;1tF>9mS<^ z@8%(Svvb9==!{O!VAeDz)zz6@APc8v7aI=wsFa4^%bbhHKn9jv(r5iKBtiw3r<|`+;u?d@s*MJuCRP!S>u%%>Y=tqAbGs(;iku=_XCYmYIPRCEo9NCHe-w4Z#)7=W%Pd zAY&Rf&I~p(CX-6U%y6|U@M_9DYd5xq=2ho*(BRH+H`QGtsIzC1h7zP?Sc>$q<`ilh z^6}vEdmEqgf4b@}UN3gi&*<`!XEYe(*^-CMDj}|Q5B!8j+Plc@lGF#6b0@=BSac9K zU13Mkt8Y3H+NF-!)2tp=rLs*x#Sh|aYNUC`!IPpsHt}(?Emg}l@0gO!VN_W6R``a| z|5aZ$ItumBvkRpZn8+gia;^gVl}+7`feVuzRrali(g^Gc1yU&ZkN;L$$|3!ksFWm~ z@sz?497uC;{|(gb`%y}2)J1D46^Dbfe#{Rw1)Uu-+4k^usfxI!{`Kliw3+1l^L|Av$oYXelGM1}8@Zmt=KMeHXWe zv}@F;#i^h-2GpkV!S7>grqw{RU_(k+k$V&ZcT#`Y1l$ae`ZEN&U(eZke=6j}32={Z zNft|ETC{@(AOMk%qrv>O&T3-9QwOyt@}G~QFp?PNR#}0)#eGYDDT88uR}hGz7`j@x zLFMbf+jcM7&@J+2^LELBdPzOQJw|=W0-Pcsiy*I=Hri#&6vou%?xyv14k3krm$@K0 zVf46B+|DFPxjbD|C$BD!q(E3^8-i=5Vg2$_4~d-n?f)^KeBS@F{_{ng{*&@E^V8|| z){d9K;FM*$GHTWJGfPE-uCXXhWXj=o-v;xzS zK%QtFstH3pS~NX;``K1X8qJ(7$cDw3lBBL9|Udv^X*Y=R5zLX5<^; zHgI9ABXt<_+ke@dR54TYbgzg*Hc2Ew*KWP5mXoFJFT%cO_Q&Y&PC(CYA)qr_0o{~IA zOq`PxXh>3MzlVo)>b(4HZXnCVeFKL`Slaugny!d8WdpMAny0&zCLR@c7gF~$Op z(T71Rj0_FJeVa6i_JcRPn`pEh{M4=o0x3ZFi9!`ua&US5?8o>lwNTg(aq0Zu3-Wu3 z-@i8%3I9`t=tKoQq@Yutaj)a26m%UsQ8wYS|RA; z{K_*uuReI(6&5HU{BqmyjQ3?ML+h>YYl-K&6))m*1%Iunz;>I5yqpy%TJp(|gsWld zS7uo(HW9zhwD<2a9J|%DaUGE#QhUFgM64&>OH=ORcxMtl+JWN+Mx-V9sdt-v8eImD z9==uo)mQ(ZXb)##&nZ#?_33xKm+v=MXmtCL>goT^6&}@ft3LNtd5X(w$gWDA;QsNp zWm&o&3`5?IW0G;jvu?4h0)3U^nf)vy$keR1oJ;&7{+_dp8y)+r?F+YJlo88a*(C`^ z&ekh+4L>LXUIg^jo%&pQ9bOb+GFC>V{iC7wEBjUO(jK5i-7R%Ns7g;&uLCv37=j-F zq2AP$5fprH#DhGvBe3IWNnSA_S&Buk*@POp7W_}R|CDzmhRNHIlYh>yV z<;vO7TI{hjgbBk2h^;+2`Qjzcs4Z91;Q7W4DIcCA#FfE-N`Y1VxqvQ&#S8xSL-BS` z0!ZIE@sYZ*SjU;9oV}aak|F>Ei*7SUIAT4b+>pcV(Hixmp;!@DNA|5Ggxi24e}bI-Y*xg&hw6VXjIX{-(o4dUX%ms`eB%wYm$!TWBL1N>&i~ zaGWa$=|y~nqu3A0W)*2O^q5-ij>p&vqt7LWX3+GPS(%-?)III~Qd76lvIGIcRn&*h zLv1B4y^0CG_hwMvhg!-O$i3id-Hy{PyiuEwkxaaoW%)5(e;mhIXVx$1x1|5g^|1xF zlfjFeAet~FeFuu8@_F8ZOw|aw3`ZkdBBDoaAjUKJmtaOv(6-&fQi_OP(>#VkcOYXd z5G`I}6kPA+s@HSemUH4-tnmk6g%tQeQZ3W`a#Hi)adhR-# zTDyco#Al4AWay0^gsV z(|SZ1T+$u;bi8EZu_+iVWdwKKUHI9Rgoecy`WiqC$QWmMlSGK8jsQerf>8?&}f(TJ;X)CdH zfAA%w&$23K8%NBQJt{d8#VgZ2;Y)Yr7$w$J5GVLL#lUihjxr@frW1<*nXMMyfEIl5x)4ilT9VQ^>gf?RGPmK-2OK%=I4Lw4)VoZDM1ouge zH=EE|Z7RF4>~-leh)S-9Ee$M$;o4ZwSn7KcI>gQf8r7k<0a(dVxf3t-5#z z<0X1*fSkRYnuly>gr(%RNMYZ%?43i!lBi8RiH?H3h}EOz^olwLxg9{MD>BRNEwUFR z&ih0JR!r3p<#51i$S%G7Y!t;R^d&%{O;v|)QQOJO)zA!X1HKoDX$w&G&#p?8n~u># z>{(AvtGRY5&r47&y#Nuq;KuSgI$5}It&}ZU#dB>7z`sIk%x!w@)zu!;CeJ&aF{h$D z;C>gH*QTmCThTL_J!{UxS1-5kav?ZPjx0A`UG{oZBvwBc3gJNR?`QcKIUiwDNZePs z!OvCEdw6@K=(p*!qPrsEq5^wd$(|qIBdpk2(>v^b-1TzO`tlq8xYzBZH}AiN=#h2Ug}1R^xGTUtLlzT+R-z~ohEu1i2{BocO7TuJsSx+} zTjwM~4Q@fzjJRnYMdL-92HmLZWbvTO4E7RMip<|moV=NYBl7ke%wKL|2Loiu=mJt- zxqLo8nSL(_mFg51dBeK1<=1|D&JuP(q;S^_m)e+QK!6x5d@G9Lxq(ws{d&w%P?6wyp(hQaw{=`@V%>q;_)A!YH!V8X2vWWpX2qhf->?-iq=+i#A(i6z>dpxSBN z*!)e(`HPr?x+(A?_gxJVN!&3lq)vDCZ7(T(RZVDfd{PS)K5(D_{RTnw4a2#Oykh|R z`T3t6w}U0AQ_!`{{!3tkwkFQT)v+-Qg#Einj;qOZcpfav{!9&D9`_y~`E$&-%KV0> zY>-XRC_~#85(?@s$Cc7jJ~R}~w-33=d2e3&qvIyZtoS<6$(V~f+>3ln|5Gk$Rw{-V67>UDsXHAE(vPt7?vX)kWd|D_Y;L! z!u1^o5{*B#^Gw-4&I6LDn=NQH^(AN=N|_~wt}DDggkAZifz==;)Bwl9e4%j=AM?Gl zf?d?Km;`qD^UEs8DW`@qnn?tRBN^#;d7|mHuz|MDQfq5u7S{{*+^llqe&V)J&Pl$? z1{6YMUOPZr9l8E`9F4F&afvhzLmVq0P@BNTco^hNk5KrS`NAA1yWNz{2qEa7XFCOJ zDDXV%(J&p~+y$#B-$AFR8LB>m&hnR>vO?WN>&h-*7xO}|H?8piCE{s7>|q{p#O zhOfRQxhhNrfRmmsjBsFdV(IAI<+R=$-c=t8?0T?fe74&7g~FSD9RLY^>cFx4cUl|9@D z3^vSprE+}^yrtYNwF!9sZR)B(1A5#HI60l%sVq<9vC-5)P$Z}lm%z}bE?b)Q5Jra? z3>}2l#0$|W!V>hF%OiUc_djGopovUPBT;oU<5A7Rlo;i7i_l)c14y&ZNlG;mZTIME zjb)Dt>bv9X3ovLh7nEr$Mqy%dfP;`#*E9H-yRLF=GCCU98K$8;v!b6`OL%qBw^^)> zL$vEfB>SCQ@C~v2)chC*u&xT$wKHqEHKuU|Pz!x`Qyd#AMH(e|4|!8y+ur_QbROre zh5kgY%?e3IYedcQQunnZc2{2L=FlUV9#7bS=eh&AMYkoq)RNBcBu378@>U`1Qd6^w zQyd!hqkzseY43;x@0Qw|88XkC_`UUQl=@p{*CXqSS;W<-yUFK3ZxbHqP$WAll#xqO7(TKuoAuDjh|_5G2L z`&yvdd3bR>%OdoMYYh`)RA)t_SQwL z-QjLX5su?qDNkmOdK7Z#J;QnztZ&9+$v^qM?f!N+<0zu9r*AY0=ao(m zQ%T8rc^kc*%H79pxmbIWxO;$|ua|QCh!D~ksvzNjCbrj|pD*+|UrlxjFwXl5`#Z5G6`mNY-^R@kvnj2u`lViN4t3 zF{c|HeHS8c&weHv!NN>XX_Q6rNry_7UKI(lo48OY9^2E0-OIv%Ma-xYrX(%6n{Xd( z$mpIWy9y#?3H&mXd>Ek;ldvx( zecp~zdc3ox-}yST$FTWy-(IQ|z(Tr6$?bf`5G!_#BK`s@xZ~U&^AtA%dVW5zzpbbj z@)07}LsCmAty9N0>FHfiIbL0>3$Ppg15hir-Bgo3sg~_lQ4GETtjo z;GQUwaNv6Kww{`lwV&tKJew@4n5GBTMV7*;;nR9i)9R9&Q)=f;r1o-#R*)2Btf{&Y z5M`(*qd6EZutPRZR&*VkQJodn@*jAh^n3h-^rBGAk{5DJV(Kz$$pTU<2N52uHvOCW z)~aTqHi9J-awu|DRiD0l7o0v}6M9860ea&SzxlB;@?Zdk);6E3BtPw~QiFCG^A%z!yrw|qVOihfYII^VzNWDZv` zHVQzaDz|nXp{9E0G~Vm0OthXN5=`ci<3L*~)lQ=Szh3K?IT7OTtNPR_>?}*;9GU7qAT77Iq`Xj2e^i2YQZ+ zUxS|xk0K7(32U8UW@;w-37@+RmtO}hdmb*oJk4Dq+_%?$u`cQ8!YwC}{!0q^<)++0 zLE0``J92VpL8ocgFyc0W|6UzogI?7-I~6;9VkgNqNK{R&{AW5mc$MPXcn_TB(yL%4 z#eh5=PWSR$JDW#k*h&9x66@CrB%^=1eWDd|OISI=uRalJExVs1(5^DxVwOC|*2V3& z)t1ym218JUt{c$NaJ+0h&q|`4K(f2lmNeW?GBH_G5;R_&z~Q!fKpORL$`j*lqA?Tb zywiCBpRV0(+jDP%>9(ilTpQSLgQ+l7{aC2O4^RBL=gV>QtvgR3P?t-v{b_CJ504;s zArPbKK~RoW^H&aeX3LRThyz9gB0<^6cBr4h-v-UyzK8(HTjxC#HQG}qM>LEYjlOPc zoVzFcqa9s34DPtH?<5#T-N>;%R7qxj^Iqir{f|}@F7=`(k%gOI$$>lM1T)zgO6d`_ z#*wXyLqoI{h~KUisAa8PEvv$|lCIll&GPD}=>&CU)lb=_9yydum897YtMlNVA1rdbZq+ON8@Mq>Gf46%~z3GMteLxJT+~hjG~JDZoKYIOPC58`@jwfkKc#~c)&gN%@z5ownXgY2o%@(@xP znik_CO&*@%4X&LzEPcR)zwxaP=Q(ng3AQs=36{-6vyM=9)Ow6%Yq8V0EM?3bP}MY0W8sztWZ zGsOt>TP|1Xp}e3cHz}(8=eRzJEuhBR8ObMBqSvLjCB3DjG6AqIc{^&EBb!u4ljo1F z&O~b9`Q{_xbKtqz-hbWO8$hx3fZDf{a=_LnVD%iY$ESX@#sPSN6Vp9g75iq%{?kq& zx_R|C-SNzqzIZN;|bpuv}P7@vNd7ljQ4abh$7wxaD{(fGIl;N$m1DTEG=j zd$}Bg{;FAfru`esMxI=&9!WIy*}P5g8(Gdr-pn$joT#oQETTqaY9gk(D>ZZC zlK5?ag-?UA+F3$JZp+T^8QUa&{pb7k=Vr3V#Z5S2-T(cjo2rvFcY`z84#?Cn_{XUb zDijXOUt6bnFpMID(Z~iRj%@F_(3DpZfQ-t}Y1w%NE_MBS`4<&1t(+a!^&J>K>ufI(vlaOpdvHD_csln%scpN;vhOOM%~I){JIRIx0p1oLAa*mi zMq`J0-5uGs0-!@SukwMUZ)>=7bRiXGl(cFl&ef2E;$){oooPPF;T60rwh+CND5G}f zM2aXqoi1UmG@;Sr_gJTg`^x;y+EKH-%NXuBdr@X+*B9cSN3nbkodl_fQfXmn*Ye$) zp9*eUcrD?h#R=a-*sLnZY=n9&OELvNs#X|Dx!HYa$C1no<v8C_$R`cfzv1h z4xwKkXdFRrJq5V_Z_j>LLZz+_Rz_bV*%T9`JP%#;OZ~t;_vfi=r-GQ5$1}$HZwaaodmnenr;OBZCCNo z%#ExMB0>^U<1({Qekk)B0d_ou=X!yo(2s6)%X#L`+-#dj7AY(8`xyho^$7G`*uGVX zij9F<+a!RH0-dE?Nc$arAHs16EhWVsDsw+@;fJCn>#Lul^Q~a`bnas49rNbQz1vL% z*|T9P+n;8x3Gg6&0d)Y>hBlFx!SjAa?X3j0?FmQ`XmVJbOiWNFr#q1aX^nlFa3fq# z7&Pe5D1rBKrC}3sjJt(&2>F4(rJkof}EnT7Lh!IFqAru#U- z6LY^I19xYuxB&Ay`v!68e|PyGkJ9zHR&L-P_k~5cUWhp3A|zzn@POVWUJQxsW2!cp z!f~1$j!&JhOw+{kB->&xd66gy^t_XtbS2cP`iTEhn74juSyZ>*k?0&>Yk+-!(4>NaFk zvKb;8gzv|{R6v2JjWe~*H%>A;ym|==%e35VL}Aw5oEqj>V>eG+0}-*-qgOWD{>Y}) zPiCd<%H6oZ868pSJ7cX+wT_?cr|gQnn=;Z^C6+-b1*>W|O=nlcAq)Sq>1X}4z^T&M zE7Wq~dgvUH#t&RlxweM{kLQFuIdxEg2ndLLO%eyc)z38FLJo_gXx357D zPWu|&Bf4Ll^x^HGhOQw!KJL5!phy*wrM;s zA@B8QRPDniRk$mUOv(LAX9oc{H_p^^G*)6?6sVU4sgJCfggAf$A+~^j8z5oAkM)D$ zUB6-IvPxZOAyy$dmzyj@%33X7GpY(=u3FsxEOvpq{3!GdHx?&TJw-JBG-j(_o5U?$N5%7;pRebZXPbL!@rFslh(^&(pH3%V>BVix-+{8vg^DunVbY zC2-&SgD56Gfv3LmKQVlaA>1!915$>V>UKPd z@-au_qsM^|?)&Dc42uvglu32fGK)D8vgTMwbpH9Ua1XVyJS10R5A`pH>~JAN(>wsE z6;mU>ee#F~Idm=8{6&vJ%?bRX9W4<{)tg$PD(tRt>$gp#t?YJO+6oESlmgVSeMiE! zuel1Aq~_oQnp7x9#!0t#!{1;xfW~0INkF*pVO^ezB%9_xhGjzcle99sfL%JuBDcf5Q#YHjb2zRWC=obBkJz`;lVJzz=r39O59-@m zOC+L91<~VzqM$8wS2ATxL@4knH5o-p3huZ0gssJzjiH5u7+wG6B{JmBBPx~!W#38t*!3 zGUO(EEoP#6wS<=C;SY$iJ#(>}Bp=5xU_})z7_bKLV|mo-|@cW{d` zO{?hYH@$Fp2{AiGH=@bbZ}=XUa^n-VX+wCSWKAIcA@24yw)I7wC$pl?518FI@iG!E zuBp>D2GzfucV)-33v&!^Z?uw{5a056QjzA+9(Cl6WOplzE$;^HJKk!_>O_4Ge+Noo zn+CPvjDp&X6v^8!H#-sV@$v_h-|LC`{rz2|rjtmPI?Y{MA1PL0|NPAYv)E}?{Zizb z!HBQQ@z0F`A+m&RdTj<;Z|Ngkr z=Uuk9ZbZb~{R?g4J-y@}_l9m5p{#4oMF-Xz0b;F`7Nl`A;hdVII_4CyJcLGihE*;D zY3y^*$a>NujMW$Oe&ciovFOw);Qq-^*^$1&xJ)AA0rwiohox7}pS% zu`X)AqxPIH9fFbx0gr7WWZXQRoSuB9OF5?XE3?$<6ZJETPE0B2jqJkG6L~F3w^F_X zQ)&H()(#+=^#6peruf|766k%wJvoh1A+Wgp8}nTj3>I40m`GT$&E~r{qbpjoG_JaQ zrQv86bNf-``f+!bfPW<~nGmsUhm3q+8`_D8>?jc`Z-6Z&g0S}MO`uzydoicvl;LLX zw%GDTKk`LY@V(IW_qZ`67En5eyFkCd&-X>|`8f~~n1qfdzgrD>7r|q!yUHcKjcI})}R}a<8jYnL^rIM&F9^y=#bf`LokEsvttw*{gVRDqL0|L4N zcGe%C1X6*9<(v2u$Kt!oN6QJw+Ij^_w9DwW;aVOIu?4Uid43GCl-h%gzU`DFR;sD; zvbT|_U%jK`Y?2Pr*|(lw;p%5UNYvA}zxLvZf%BR^b4y?N1V5tgAf>Lo2@&WNuTltK z1Y_ytw$TW_;pA|G!xAG5V6V0e6nh|cZ@`A7F89`u9Lr^G1Izm9W<~m-)F0998bGBl zHG*XK+0w?f~^6+pND-c=X zGR5M1nO)ewA;Bke&Jumj5qAfTmAjAo2px>nK#0=^-7pJMZuf?6` z_x4Kln^t|mGXCtl!IUSDK1&#LfLS_NhJYmodCJN<4*Oj8v7A7iI z;-&0PpAadV3Jjxx+!oc8TKejvz>Mx63@XOsa_q|wDeLfqgE%9y<4Vc!0%8w0<`?D{4zVpTK(Vuq|`&(-k>jnM=`ups0SL^LZoLw%&N%qtamN|5r=8{EJI=e6s zY0oyJl{Vc9ATa*=VB^;+)v;9$miyZ2wMfOCFnUfcVH?#8&dpK9~AYkIhh#_db09&|NW#JbLUrMw};AnkajO`)}~^ve0XVm z=vo=cBZSan+hzgVGCA~c-f+5Xdxs9;_CO*Y%ju?e;p9#8EWs1<-r;L#L}Ivf+aD!( zi^1Ud_C?7DpFlcPHPteY#8sNtnsx|Nk6df!vN+o$qeT$fMhpj>o|^u7r_j`Q=~)?A zttBtxLaI(5)2k)c`>_7ZO^z(*RMzVDY1cpaK{ipxtgjw{n`Y=984=<*l2+VIwuYLF z$8X+QybZjeZeAT^=j7!y%EK*o++$006TO+oUInSh%4N1hVS*HQ5nq)iE{XL7C28QF ztiOxoTaPY7uo@?uNx$xe$@^bcz5tnhm2ZQ1GmwX-*C#nrZ>u=w^BGO~etpnmJPpYsptSu>-mZb!+v45_()oM3)Nr7y}>Gct!pQOtdS zhaz%`K@SR9TWC|r^DAx8wSd1^ZKoZf z$MQEb!W73J2%)X~JILW?1X|Q4um0V|4;zlqBwdO|%Ib1-MgX zU#pJ)wqtKd(l7CEJ=wQ!Rt8UN%-kc1brwYNEuGOHx=~$c9Xv1Q@98D?6OIf=)ujC{ z6mg?cOA&Wha*7h}Uhb+LL=GwMR1lmW=rT@SYmR|nRqNtyQdpcoi$k6WduNxmnW2J! z(~SK;T)ks-WYN~P9d*#L?XDPIVaK*@+qP}nw%xI9JLz<6TW?OE=Zx`l8$K(=z2=CFaJs3+U|iEd`Hz1Z$;F&8r#X90abIZ_Xu-5{ebfZb;2N+S5x?;S|ayX#e!i{3wylxxxNmFL$zSe^`RSvG%b}3^6bH!lG@}=|b_5 zrB?5qB}*yPhYKZ^t83m*Bd?1QLJR&SDt;R$$h3;2#joB|;h*HjV{#Hq1kJ*^(CEaj zJPW~iU$eHM@zu+>E&|RYm^>n#62K45zC||skOJ=Cnhrd?d@fV41yEYa!^$Oiw(T|k z+6=8A`e_7Flt(_i(7NF0;LU(Rc6ZfC=(?gC`^59L6E$r6+ek1EqZ=ZmV9EJ+e9XIS z-=o`H(9WJE$$AZDcmdKoc{>L)UgaS?r`kULPQL%`xh`jgvaAreecsUI$_b**99+)Y zKJYsp-Ml^Af7W$2JQFhB{pMIgHnXG3<{H3oxl!5HBl-U9%+=~hkh-bnyaUIMIHGK= zMKrIk%6x4bt*Q8+Vfn*Zuz20?*=m;01=wmSkSdXof&n7_=4RowYRXr-xoX~p*GMGF zgS$$9OT)fBp@+?vJF8|aU_bshK*az|Ww&8CGqd(j-#eSZW}2>CYGVfF!Sv^Mu&7bQ zh>i~6Y<(VFt?rL=xjqAf`pDozjKz&XiT!sSoET80K2DOD)qOB8&>9FBxSO!0nrlEWG%xdWXT75KEQtAy#bl=ejV+pB2x+Mf|t(LruXMg5_g}k+wM#K z__*l~=~G7kjY9L%FJE{9t0XAn71iMV8t1NzKkb`>Zl`~%RgM{1M68QBGd1t~vmH}5 zZ+TCfSsc5F(3O-T)*8P}A-+VXz%?wI$np>~)2j{nWY@`8fe4Am8zw1M3JyZZv#g8S zk~S9S7%F{daZ6tR4i&2`8?Mx@*iZRg;-1i2qE6p@w44R%6IxI-k?7o@Dnh!T zT?)0%9%7FXwLOo;q(O3GN?EanH)6beuR%OaKD)?rvYv4i6IGo|qFOb-JU(mIUj`+v zhPf?FQ(EPiHC<53G+Wv>LDQ@yrfr^iKP?%^1C)X|M!2@gfC$RR9<5l6O!~vsVw1pM zh_d+g7hUP_sKU8CTnB6dI7gsStJ9^fpElh}wrJm`iM~qZe_QNJa|z19nX;JFP#4T! zAy_OnRdE{|i{uADWggRUu&~3A@G=(X(5RLjRt*Zw_$W-Kslm59>n+AO(N#*k(>}6w zXzrm7j-gNcVfVneBN~{59oUXYG#Pd3s|Vw)`qr&M%x3gO>X!c3a2TZ+f=^GM5{;LHq8c$N^WV7VqC&TN!~Fq>fm=_Y z*w`Hn<@{*)f#+1AzYiJ-bBrXbW77M2?Dfn2>3`~y98cTJH99u$mxS7%$J?Lp+gqNG zU!lvc*WDJMr`_((kB9YTAJ>q+w=MBz+2dq2B|cAx8L)HrM7pX0w)29ClA`ZrIk-#-z9!uc?38A+ zp^?tZRS`P z!Q?vodfjKmagl~_6H4kG*n1@pu6O5`%}YspF3e{x9bnl}xvRv@_i*XmMF*AH)~W5| zh^p?WeHqb5fuWy%4g>d_;dkKNusp_^<=s~AJDp8pXlhDxmCU$5Ksa?2v1vEE-=cMO zMO%$|_7GcLC-NqPJT-<7{d-TX4B%%6kWVaorT^dw_1@gBpAvrBLUoqY;9FEs-3vy2 zO0ie4*0sd*g%MAx(SRSJ5Vf~kS`}4oX|HpuKRD>t^=~)w##l84hPl^B5!O~>gv^4O zSW{djZurI0S$%EU`T$3;`f;~Di?OG&?~zo^MznJsWhmkWvKD0c%9$t(R}5r zuAOqa^gum;vW&i4xKKF}7hu=2qRX$+c!s3NIwpT0Q4>T84x){?#BssORb{i7 z)uCC*5@f3FFKeOB{6GiaL zA7=tmPzb2vDeYu>!qsp?Vik_(&>iY94eP^mQ*5tiIZT&#Y0YG>Tqi~c!)aYQO^|6u z7m0Nk@{oGrSwlE*X7WW#Im8R_?k>raHm3SE7gJ!OGXme!SEc&rI4j(2+Jaa<;Gb%$ zZQT8z!IY~$MiRBb6^Q2$ao|za2-`4&rcS#`Duq$5#&n%3{FBR#x!_GUw2h}xT%OE5 zjG6lj1jzujSf<&`ZVP9X1`3(JFoh8N>N&0s!_4oqIjdZ--7r3s_HuobF=3F;7Pm}d z$^4=Y%U8SPbLOukA#G@};`4`V{2YuZK+mdmcHEoG{_o~#^zP`BxXLq@ksMRa$&&M@ zThMN$RV%#qeXiHG3KVc1+kLzUYLDM^t%{^~3If&jO=o()^D`QgH%=!B>gHhKp-y80 zGv0c=pfW@PW`rV00%}#m)Q$~@4n_tsCCj&@v$p>HIk(4}Vy$XfM3W;0c+jxPj{6?s zJ!cx8EMT474Y0BMxtB;+pT2IwK3)0@oximXxP3&L$=&dLa>q##V?uqiT0=YE#-Gy? z%AdVCNsTxtVMOzqR{zuTaWD0#_)0>i&o4Psi;aKa70r zQ>}iNdQ3Y3=xcPEzK7p}Zi(Ny7D-B!)3&lYor?<+E3fqZMLjwFKp=*C5g!L+cybe8 zW2axYkHghN8d&y+aF7N{hg(3;L7@{4AIVK1RWQa`=!27JK@~za`{_&0R_OU}r`|`e ze7WJdix#@NMyl|zWpFPnFh%~jL*XBDNN&dmLQO0%`lij|+^)S#B}NlCwq@pfo8|a* z5kcB3xk+F*eXZH?P(zZ@g6iRYFO8n$sIx$7h6V28Fc|TiEcY6YHTKv=A6)U^QNk#; zBD155?nky*m=)>~W3_E90~s-8u`c84H5cl!?8@IW-^H&RpYtMT zBdvF4WiDYfd{ramuje5P*tWc14}9Kc4Ot`_x;x9WdoEF$XoQ+nn;-RSoDu_=$`cAG z6{ZVm8k+*Gd-WG~g}JO3c29sOb_E2>JpTqS%FHKrQ;c8ZR*UJfVLm(|Nfg-9pHGb$ zzhL^D>AMjp2m$vVUHbXqvqlpMfm7(zS*WZy=wsKf&%!uL#Udq>tb`tO(&WgJ9w^*n z%?qBR;qhjD@%+o^_V)ScEeWXkFyIAdGI?PoVyHgcJFV%V_Ws+B{%9^OM!bzYzs)W) zGEQ7(x0-VRU+HcLs|Gt@Gvm=6HAe$l^D8%jLLuyO!@ie=fYM(soojqf)7y!I)-_bk zT6_JUzyO}m4Vbg@+jX`5Z+%XuoPU1kX_@tKQ`Qs0>}OwNwU9LNVG4jz`9^3ha#G>N z)V_lSv#4!%Ext|MN#b3G-y0`vXFMc7P!hEqvZidVY7t zwp7o7!glTsuA!EUXz4&A)rlK74hRu;>Dn+w{b6RbN@zATkMm1^!O2_PI&kjOp$H&~ zZTjLvnc9K;J)4Wh51tIYl~{OYe`QsCo`dL1N}S826sFe6ox@8p>Le{_rh>4O{R9JH zEg`W_l2fac$AZxYW$I&tB zj%BAm{Q53cfeu(xUbwUF;@n8<0lc{ef zp(hsan>X>>ZaY3_0w?12*ubVDDZx1r<&pbX@w?5p%Pir?mCnc-& z?4ToB!93t2`&>vNZp8KGMrOUAZLhB2P9P&_bHtO1x^o=Hf*HS7?IC*$epL`=rLT$e6b^j3a!Bks*l-(JY)0r;5!l;}fKm zKJ{2L%st$s*^^+cV;rf}CQt4%TJ}EQw!IiDaYS@cLAPG&Mh1-c6Hy2fDu(vTfvw+% z?BXk=o$D($AY2q$%Nx7fvtO%!eCkLu$E2t5z3?neQA(kOEjPN@UwAAA8|uOr!cz@u zssC_X_}QczwFHW|+_Tx~%(H-ycJx!*jldaqDJ60y9|W}{|PYe)Y)8gran$o@x==fafWpbC^PvN$R^xayxYOfZSukmv)G@)9} z{o1567_8>QObCC4HFjdB`=We_)_zU?a$dN-JNzTkb$N-h;m-Z)P>i2zCGBK6)rjA{ zGMdpAO_R;$gjGhkqBmg%RoGwoU@XnStHD+Qo~mHc?ws4U&T3y0$I&!glg6>hw=&4v zwcuVBL)wa0dfNBQ77v5As{iHWd}@L?iFivyIK2vrSArV!YZ76_H0vld6OwhMfJF-oFR!SLl~LBXX&PWg+R66s3JZUDlMZ1j!DZgfr} zw79jRSBKtS?$h&rAbu>xxDmG@##c2AIqnI2B5QyrwXYQH72)2Oc~cOeq&XG$xX96) zY1q4> zFM^!c7M+g=-!XCL?Y6_Bnp;7RgpG)#5Aa4Z|td?urErRE}aVH!Q*l=5)!v%|b^uP%X`ls4FjofFB< znxx>hx%gC7Ot(!Sc~Zp7_yMYW{@n6G)ra>bquqIOc-vq#kD4)cK2~ip46gD1iKA|T zD_C1_g!%8ukHW+i>oU8#jV-_$#l?esK%Ch*aJ}c%Nv~cOcer$*XzKVux&i+$K4@xV ze~$rJS3xcU{CAs}r-WhTS^DMZY?Op7yWKdVuqgUR;kXtN$4@PeKIDV**=6}$>IqKw zELj)^x+6{;W9nb;jrcy&ANfdMrZTuV%L;gHb$P$;A6AToK2-0Iq-+hwJL67gkvvE@ zIR38emSCe_63jEKMt_vOe`Bh6tcn@X88K$i1<5D-y%w%iLPjeyem=`<0tX%*jcNf<5`;tybjwr>ed1Rt&t*cFM~|INX-=J1a_yG?1$dB z5SA(VQEc%tJ{FCa^ovYjw2)&#PAD1MD>{93>W}rs=f;>SSYY64Y!{2Wuf!P-P(DQH zb&@iwkLWm7()U$+;%k{@6gz!l4SLaE`d_RiB754raCa@_yckMp0jT!$-{Zmthc-Pd z2`5#8?vG?iD$?RC`~BA^m*k>ZZslUmaS9098HKr6?86HPU=0=wM7UUf33D~??#vo< zkKts0EiA{^O8;B#FZVbOVYPzYor2Yg{y+TdjH}FzZnQmqeL-A4bb@UnqF%)EGJ;$< z%&5RoLI0oxcCsRyNJs;k=lJRwWe@QWfPHY>RIEHed7{t^jl_#m$4R(6TJ9ywAaahd z;BL~k;4VdxL^~a!y_4@1!D$BK$jANgHAw$~83o7C&vW76j}<+Pqe%T-b0-esy)Zt) zE%AI}k?abdoJ=emtB`0*?Pg^+rlldCmq$FfCT6uukx*_+!3lUrEqC`}WI5DiMU8~F zZeBCOGY_@0b*O4X{jB5(iYZVW`ig)~j30nrOd&z8fW%){}o9djV3_T2zx|no2_U>Rzx2@Rn~BGKr(!TC3`ZfPtaXQ6{o$SLwh$-vln1XJ`BkGu|O7)$33fx zPmU|OF^bo3^z+xm$MuNbgGO45iMmgDyf7A`BjugY36P zL)!vQNER=_uLhS6Q@kaVlH|OXP(N||arV=3=-g5J*YqBjo;+GV5?of;Nd{Dn%X3;* zgCUi{7=ym<%JopJ0+?Uq+UCY-W{xv7vsm%QQBrR}#-BN)(l1 zLg57M{y|WtDI<0`qZeGd7JNkhlb@?QUr9H=)n6g**qoL!lYdXa??Co<76(@OpnfAi z*b*aMT&74twjy$CybQz|*CWfTu4o}ue4gXpV68i|NQ1t^4|5JRHAcDkc<$%L)K%FQ zV7{FJV?A*1c}$KBBn38)_Msx5pddkl{fP?n2r4LTJOo>gqJn=3BSGf8&LIba!{5B( z>_TNtWk&^(79*SaZZlU6(*R99w^=HNv9mmbAEguAAy!7n1_cJnOwS@ce=Y@bZ+H?Q zOZ@C{w1(dW4gInN6p@fHUuj_K%MjqbjFy%<=DjqIg z)>bxHEBYW^+Ff?^u(aeMu<=fIKF`I!;X#~k(JB(^!6S!e&?OT1;T7paxVxS8H5V$GVW|868|Aza`n#7mIXfSo8^q;vE@CNV?-PgaxzBw)wwd#@FPQ;eQi7z9OHTaaWx_`Dq97 z&-xxW_$=h{3_@Yu#l(PM472?!*oA%|zp<2V|c^b$HV)!1J!g6%>yiWaN9tibrgwq4{9qtN~E??Znfl&3& zn-18>*)+3WAH$+Mtj!kZeom{)l6JPew+Ea{PY3C23uQ4w?fCsNwXYu~b^MH`!U5(f zD?L-0SKY_bu7Aw$GDcwu<*f*)jyr*bp{q#iz5o`x_DDm%RiHRjXmyaxy9-vz&Wo8q>CCriYt&Vu&ru@W7e|k@%ul zMbpx?A~eiL<;Nh86hS#QwL@`g=9Q+DAX_g?2cY~ciRSA`cvjRC3NgbYq{U)tJl)qF ztvVE5F0BLUIrH*rFne^PyPNdMKPz@92Lm7@m`&<)l%tku#h3?fxXGc^v>L&^9N`dO zE8pq>Z-F14412J?{Dh9Acyr)+?S}zQ`+)htiw;+__3c;fBxG!jVoNUQeRv`}4zDB{8A`-IRRXNQ2-W z40R$Ws)cejn+K-{+CKO+CTi6eC$8d*@ehs3cF(7v_ua?t{&344r<7Dmu6Vs$(ke@2 z^pS%&f$N1?@;m{$%;)JI+mtApY5&@8<^`|NhN(TYM9{dlPO7QPHx(4y*|ngkpJKl8jNQ_f7m)USb{e9ERwOQOS& z2Bmo-u)qdOxzS%ZSYhVw#sP(Y>jh|}8K&%mDi+GU0x7UNqvd`Qd^4EFdLE&`Y8j%y zg8F*B4vWrsJ3v^WMLv4TMtDMn4srPJMn~c$Kg;@iW9+0J#sic_F9=+(NvXfu&uRw% zDUQjjFugd>ndFMVLW2dHIWlnDeLpJ%9*9Vtmy@YKepVMGPv*WQ&Q-S&6qIsrci3*n z*`AIdUeUWb{jP_HhvCyb$h*IHe6ykt{ri9E8YZ5~USLi?>(3hs+(sJe$0u1RZ$Vr) zH%0J>+8QP>Uwx|-Coi0Px`%W8`5WakS?Z6n`v(LNg3E_qaP@t%r|>19`h|?c42tcY z?#7|b(Benc81ABA||oa#K}kE7ajwL zAiKPh>Z%wC{-R3dP-defi(`Km!zEmX)c;iM0^NA~EXRz%#0(ExmLZLbvh!5s22n-f z7N?!R&8Lcvp_*C6DI?9&>$-k1VnInj8H7toOf1y1la#!JCHbw9wcp*cf2RM)A6s0F z{n?D2#K~5(z<|~F(CLMO2-8<96$oqTjfyhxvmJrgMZX-Edtr5iN);+u{F!1*JG@cj z4?0YF6z||W33Z$UVC-P*IidT+)%q7NP}K8ZW>1&(z~TCd}p%b?@B|G}c; zn%J!Aa9SGLQPt9HRN>{oKM^|Lh?e3(I`^4T@*ojw+8GK^cTua zD*!xoEF)CY9)@od>D|VubV>jX(AouX@S~(KZ0_ZB7c`$y5Y?_S&iZh?)bG%%0D@N7 z;o{^^y@Qs&1{Vh_&R}^X@2e1=$;Bwe8c10n2RHS1?9K+KVS%qKkEe||*p~3UVp=TW z?3F|}TfjG%53V)p)2I`BC?_&gp9K(Hczxhh9|J45JyyGhEj}gMA3UH-e<+Irbhfh) zx&I<+dnVTo>fMosl5`Oba`mHj$}tzrEHDnsnVt}KqnxmPm(nsoOBc>7^LP`ley3n+ z5}~L)XX9Ukgp&U@`-9u}+%?Z)CjlX_;+(J)gE)=A!X!Y??DbnA{G&W!z#lGylUd%MGx{DwimN;@LQUI9ME;%By; zbp=ZK74gzaP8+zTF&cFaZ&OLL0cV~YzK9V|*uCG~t$V;dk26vF3Ex4vOC1PU)00bn zhBLyLh_pho%bXk`!DDvdR^TbR)>-bB^8zZVCeM=n&sGUZwYacJ@r33n8y6xCtLQ62 z_o_Fm#am||7Z1BfVFdYBFS_5vCB^(%nsYP(!La#bc^%p3H-F+1tcA?O12}H|j3Mb_ z8H?i^@`LSzC3L=2X78;Zmtom2KGrrmGD3{g=ob-om31@S+vJ${4lF2fhweE&NvfDe zPCa@R=V%7#F2?FAC|b3epO_L^DpH`j3Ivr5g_8qIdh3S>`5Vz3vn~5(0nFuD{Xu`< zX1Y1m_$4sC;{Q|V-$FJ-M2GKm$U-qOke}D!2F$dBsC0A4@CeR#x)%VanIfy@u=h&#qm+;vi?+fqC5I`sSddZo@q?ei* zPM^74+uN4tNzu{m#rOk$=^rv`{Nvp+qr=S964^K{?VH+kVcgsCMz|zYMTD13(PM&W zL>gRc>KD{w78FSNR25*ES4hfj#AP!%@qZI71-}V)t?Z8#GjOJ0=ulaD{mZH;@&P3V zRaVZm6vOxUuLGr80ADoYcBO-DwC}-dHIPLa3I44|t=#gFK-vmC?)B9IP2V>+$$^AhdpW&2Z2?TR>M?kTZj$UG61N%CDz-r}8;R8j#FQ7`oqC6Ph%K}m8u7XV zN{Ny^5q0~S$H;-qpJLvhH^a9wU(#!z-zOCZo z%0ktLxrBdO+sv1aX;cr9HQb2AA@oWmNbo*7b2fhViSPzi4R>2KR6D=`H{5{ z;{6a+M$eIVufUlz6Q)^DbE<6JaUT=F9@E`ektQ$^)m~1I#h>w?^rj7Y02&^IY9|VB z5jT9k7vt#Sx%vzd>J*gLuA~!UA$&>9&bG`$bHe$aNn=8nZBvi^%2*s(YcqU z066f|)_{(UkC*||m-GsNGpzQiwAfPkdFw|xZE@cE^!##ja`5r8dB0c^Amu5`#I-fV z8i?bLIV(GsZ>WA_Dc<2yK=?Nc)0k9JKjTX;eRTv8Cb$d>%qD6Pt-(Byt+#}(#XM+0 zGQoRIF#U{Nk6!>}%u@-3y$(j;zxUx^o4!}0Rk$k9+yz$9MrdI<=&yx6bJZg3F#d&X zK4!dud;q`U4Rw-SHZJO}nOMJ%5dWU*e7PTB%xlx(`L7jg-=+a zV$`Ye=#Mrj!$;L%GoHytEW=^^B~50o_KF^bEzdyKtSc$mntG%Uv|SRo{1g)asYR^m zJ>@U7sRD?_qbn$mcPT{0>TQ^DArv3aAFv+%Cdnf770(}}hf~L(Njo4hdO^wl%L8x2 zGyGNeff7;zlt>US-djPadUhZk-=CYE>dcM%kMJ^J&6nn5cO|3CT4ne7bj?G#NGvjZ ze{KB{15gRyCo1Db)CKY^vgYY^oU&$HqfcTvULQKA2c#hEKpAg_7DefB^5ZlX9P>JQ zdq^$)&Joczew)k@$yUF6Z`rim#utU6$!vr4M=##y7isw8y{P3RHl(uQ*tYQ6*O>W; z;*&`xBkm~lnR9Mhmbs$5yPDo77nJ-j<_nT%U&DT>tH>W$a0pb*ReB@mRgWb|Tje;4;q{Gw8R7@wyjR95C4F`Movp z4E@Bn>(vdYnD?~-00E-J;Zz0X!w@Gfq-?}rx>9E0wIM)AhZ*`$t(M58JM2P5e=rnRbMcav;l1W@WkLb^bDoTEsUea9#c) zG?SqXWxt>7AMGoK>X}AtnjstJLrRDphvNT=V)Q; z;b>rlK8aAS#;!9>q5^wR35|++s~=WZzTvm=-i2P%dN>9)fpXkauU$dT>H?(wkvz<+ zYKeG!o9&vzhcxgHeU(ez)o_==Ko^?#y*U^furu694ylzxY~Eu5WN0*D5AqcFw9@{d z6wf?X9s`SH>?zS&^V4!2Rrx-3_Qpo~pIA)*_TEG$w%O7wnDFcNqLKPd^IB)aH@~=X zb`kU1aeL26z+oi&YD_rGIFPv#;E9M#pj|cB9qT&EpL14bedQ6Uw-Rlt|g?t}pg(qu5H}e5?XiJ%7E{?8fitvFzz* z18NUu{)dM#yPuXtuN~Q$xUz3^h`s|@t6dFuXSa;Li$hZKmNL%2G=51<M2~I*|8@&!_M2=Q^otBrrJ9PP+alBV(-;;H7vnxG&+6F9(!`eU)^E2dzs_iKcF= zB=mN~^7dXFfKOT~u0!lBqYQRtQ3fIHqnOT_7WK=19c-!BeMOfe>OoVR-`$K6u4s0~ zKNAy`<-^d`{*G$^mkulqOcREXG6q%a!K$-^+y^Wg0+N28uuI9B14p#v69xFf$kZ8z zi;hTRZZ_dgOIZv1HA9%emkkpcV|sl&;Ld6>kdyFvq(JUDZzFADF>GTS2_v(veJ^6K znKENZsFceZWWz^`SX*y>N8Z1MwI5(M-3LK8!IR}8TXI8sow&DOk8`S6BHQVZgM)KB zqY{ZLkbgl@2F6BzyCEOaId>?qLeJpj(L4uQ9>Ie+_22Y70o&@c$Nki}OB>F%_yuTD>n& zaEW})(p>Z9C|dA<*)P3W_#1V!pNQ>r@8d6qj=dmlX&mSn=JYa&M#yY-{8wL{>Im8g z?47(UJPS@e{0~Ml-74Y0MB6}hhIG3!S1?&z)Ue>o7C4@Y1(%yyoP>Tb-3=p0h@Ju# ztJi&bX#pT`%BC<=WA}D0IW#0Zev@*ijHlg5Z(!KtEP{~*6A;1rlLb;BUfCAa454mX zSp}{7cpBFrFQhWQXmQqoY#%!nr2@>z@u!9|fMe0Zm|At#OfoZ98*cpCt{4RlSl29T zAXb-AXXJm!M_Z=JFhXr0qnQ@Z3@DJ-eT8pl#w0MI3fQ)gaIwYF%0|SK zNm~5TEQCNok-t82u$o-)Kb*^^#n|TiF|&~A7c_eC^&DKnzDj3VhMpuYDDY!qq6K~& zsToW}XLiEkt!#F5=&ke$0}HkRsyx6~fOevbmLjXgeLBPfKaFg>dE1CdIcCUw8|#0t z#pqd8u7CW+r_KKz4L{*X(G}FKeZKr-FA|g%)V19{Z-edQMJ;xvbTb$@{QArX~zBv&_O=r^Azz%+0t zZ)4l*xLrhR?fdbxSRE%p%P3%%&{|3fc=*3Le#Ex%y+Vw+@~Hgp6DHWIXJ&YWQQ zu3IJCs&DW!o;MD=RaxysMKulzVWZ`*>P22)@U=#1oO`P=w4$XQk~LY+LS^47HTf@H zy!2f;o#!Pm50S#(tG5`#wfC36m5<71AJ6*=h5)p{2g~9Efu(xh*hW8J`x~>hw2-c) zK1X$(Fk@9euB>#)-{qxd0-x~?#(yzjW9UL<(2$1ja7MH;j45KfMdV8*_D?3*b`kFz z5zZT;p<`RdN7nIO8b#yjhi_C&jdzia@VSdL9$)`59yTc}L#v~=GafQUHOO=WTB>sv zs{!pT`o--6`8fr#338zkSqRgmzT;U`f^`&aLFQhRybFY+Zo6I zf^<|f&rynFAF0RpIK#XSIPLbeNj zHKZrx>n0OHM+W{hU19lD;zR+e(2&!+S-ZR>k>at`HzV%Dxt~04bu{aCC6>bRb2Z{} zs-FJLMUdlw3w29sQbJS|(Z7#ol@d#2{h5N3(!^rskL|*`0ej7eCln~5OYZ`L^9D}i z982B9{NV8i!48}=;=xgH{u8O;vqri;?C0fY@Q;jXVpxhVos+x>3V1DSsX$z7w{~1< zGmc{i5QL+3;hMy}n}L$pR{CAs-Uc;S7{kImQ9+ENwWIa*`ThA(<+5ZioXo4JFN=zp zjYUv!LuZbeG*OZ5)5IvSAUE%Y3N#%w3LH|gd_Wl7R2V~jf_~6^{oJMK zb3rDbVvgWQrtOb~K`kS|G?Tj;2k-?uvlcbcExss{WmCX;HIEY5o15&O!3pC8G<=u5 z7aCP*+*=)bhnRdhn*8$4bPqWDo%XRmT)|;~drja@Vm9>;z-T!Ud2bU?X2k_Ke1_EN z^_T)Uq8QISZ<+2lqb)=%D?D{~)h{ziNk~mvkPj$-_!igmUOv+}Oii6_nViBYbD-MX z*Kb1V-ShPY>vqbU@~=ri`Fl;0oGP)PhF7O7&sdC0P8K0ai&@xvS;P!Z&*Vm`PQpq7 zO+g~b!W3@O-_khac)%^*6A)GLzD1#0$eFiyMQtVJ+@a509wkxp8FR|i3Ct(x7j>-| zw;)v8mh#vyfPMxWJ*-))M`_?vIClxAQ z#SZR$oT1xh$Nz1dA+|2pMq(3u+T*9(V*y1FO4!v>q-93nBy265B6StnNB{nL*%EY~ z>(-{w$Ug+5kKL)20%~2VE!!mq%q8kLVg;8PL;6j@;L?h62=f9l9}9JzF(t!Qv623F zc()?*8!{RJZ_x2SSZ<8MTmR6DQHN>&<1Vtd82ukx5%(|;crzq-4lRG=j_VU-;s`xy?iW`>GFz@^-i3-?DTA<)vt(IVaBdPSba*knjFe`>u4X zP|fG%;?U@9{pz6!5G5>S%Zz0v_RTdF;2wvMy8@_$4!A;31<)!U!`uC6cml925$<4j zMbvV7Frp3a(=Df7e2lXx>&__KjHzF}A+I?TKbjx6V`JVQwzaWCc}u%{0LawUjhXpD zT;%E_hl_v8jRcriz_>-qYrmVHAJ}?SuUeaTo%@fqG&Mq$aMw+`_}O|dVxhV6j=us_ zGGODV9~MY^8{>ASI`rGVkEtgzNKe#{5tkGDCk+pFY;HHf$I~ffo*{YhJ0?) z%I-1WVKLe+_h)vha*LFqCt$h5V8Qy0`3;9iGpy3tuvL8Myr))or(ZbYCm7qV?(@lt zNoW)}02(L9v0dj^$p3*b=B@bEHEcd=+#I0m(k2xKUoe(?zJ9Ny$2@G|*?xcAoc@p5 zoDILq!gdK$-nXpl$XBz+X!H#)cxa{c?4lwH+pMn&Ylksv0J`2tEq5t<2daic3r`b; zS#@PCYWZ~3x~6g~h9ctq?^#Dt**>@Q`bOq^(pO(Pnj9meyzYwGIGMB!2^3 z6UU9vkGg z#+ywg(|9%5RLoL}F_>;o{?44bkg_buu8eLmbzah)&J_-Sq3|OBgN*dC%sab~26Jqr z=tTlaRwFzx*D~B1db&K_Ha}ezEUd{eR-%1r{Uswe%tKc>ew5bQU__U+>f|yxvKR?h zS+)tHy%_4~D@T+3w?JX9UpPLw7~D5)t8*)et)QF=`%32v^JEaX@0k2dGM(>FV)g=@ zX2}VZy*!C6AK85?yMVbcpXsse6-|@Y%^-@Uu8w~;a_|)4ovt67-q#VA8)Vs^!MaO1 zmH4fMzJ;4yVgFwYqaL=kxcAJjrXV5pzvcF$3yGe&xcrQikw5nnBJJ&AxlvUj>+TS*MdwJRpS(E$+Y9dZ~E^6U$Uc<=T0!f@l5-im1+ogz2^Os)^7;oAa6hN z2P|C0?Q^D~+6Gh6&7FpauyCjGu&mZXFZfKhUEV^sLZ%2p^#lohr)GZ~LyeAsq8*16 z$p27*m{DEV=E^?^r%aa@f_cOjN#ghqh7rn>(;cwtk*y+g^bfu^Jgu*@9-)L7A%Ce=&@aWD?7LTYfYFsSEU(=YwTa*cyyB zYm?5-Ro>dL(hm?IAfrc-MkAa^5+qqwa=*~3(vwJVQ6lfe4F7EB-|I8^))>-WslKW6 zR@+p4yUVIEpiN3aJ+BmEtbS1U4e*4w2$MY}bjuDGVaq)F2&7jZi#44qaP5kv+bPmE zD61%OmeaP#thp_7F-wGML;p=>_QvS(Q=V{0WOk@Pp=VHhE<(OvKGWD`Ft^#n=h@a} z%Ug}~g7m)>M%47`--+G{OlR~Nd>m~lOCoiD%+)4~!&KQW!o&7p-HdB3^G!afKvE8| zr|}EGf7IgUA&{jmQ2SO5OU{GHHr_Z}f*7aRCl?JN`R%N{aGMOqOZ)0U_-14RXHHW{ zFo!~-fy2T{{Ou5ueH(aODImJbH+E=q%@JIzy*)1=kiC%Uk!<8RN0D)OwJk{ zneje~^2qA#IT~E#C#eR!C56lB`VMu8GYM+9iE)Y3hZAjsCXr~3h1A78QT`gRTCTU= zhDZ+lRyFJFU>9g!jhb=jIy7=i#EFI^I=q58+5BXt+fopJiNtS2$I{Ey0r^%cHqjru<-o3R)>lL~?!#Ot@@J`jsks9#;F7L{%279;yHga&fNz5FFuGcSWotoEi$doJh?p7E@k0p{AeTVjI6eGkZ8`w7wZ7zs+b-@Z7E;b2XP>P+aZPL(Un zlA|)l$mNwcfshW#4si^9hlZeA)hPHU+npbTJ|qoM2cf#9iu|*cTg8$4uwIb7L@yWo z$*spJ&L(-)-|5~bTM!#qBzPoNUnba6#K_!t<()Hj92vKLU03~LWj%?(09H4sYT+Ui zy=Oh8Ljdj2{IQqz2c#Qm1K^p0(Qg6j%(~kH-+UX8$9eXY{(^{kX_-`4ih{kRRvD$y z;ywJydTc3zi$RaNSi;+i`ZIKJ_1me^;_-1RAJZ1~kpcd3JE0=Wf$)ZMf*$8$+hGeb zUMczvNEQ#U4u4K}RebbbKllDqI9-swn zz4;&=Hj`GEs`05CZe3j3hiQZ455ynLK7peTG^icQWQD`C-%crrpnDqPI76H_><>3? zTB=Otcnj*-en4~m1>N<~FLR`2#jGL_h#xr?w@(DP=h)^NX7m^m8rq4sKjPYyg{RcC8X# z6_%Zp-j?Kc$47_ZjrSLZaVst(UGnedFIVB_9^t!6ZmgoJvYcKkCD11^Y6F^bGy-CJ zzQWo1+=Qenb6M=v-;K^y+mi@w>#kwQX6=r8JS=G~9Mx_W5gV{KC^?*QND(h5e|DM2 zyWFWd+!Cvbbhyyb9FIsEp+NHrCXHSm|9E`WEFtacISY(z$o%}MNARn^r*GDKPD;cD zA4Ae=t$_qx-Lgi2Lp%1dyFh?G5TT9O$TXL$Gmf{o8}Y#h|yhG6fd>!hOw5lRM7I z3Xe5uk)oPxKVJp5{FJ}A-PmPhnmzjax=%8f$sSu)mjiHA22)=tcirvPpo+A0poDo| z$E>NfFB9L>!6WG15YItiY94)h+NP#chx6++|8C(x2kz^+2uncZT4v_9_Gnzx*`v1TwkA-I{VdRbLmC2Vk#OrpS4) z*PMM#Xqzo$4<($*M&2j8!j_~L9Z;i%a9NC zA$!U>LZ>m!^pF}OJ}@gpHEM&~*XX-5%l~8SoPsQEx+q;nm%41*wr$(CZQHhO+cvxG z>Mpyg%dR=!H~$}ln2Wi|llexTbCq!--~Ft;mh?;{#cR-sY$Z}wBhvk$x=boh z_r%5?RM+K!P3X1j@4mAsIPr#J;4##mr-a?y1>(Zr&^IVqM^s`ZNTj+A%1(8G#)PL%;$fGh?@!qLDPQ-U z?%28Cw`aYz$QEZb^QA=u-YamgYboYgEY~!3Q_5>Z8O*Znme4AugHF9dvvkt4pV2@GxwWwF0_>CZB`_;j}E zKR`A-z05ORQ{%Og0cvG{u{X%5)DqjqSBO)@A1bR!H+J|w1Qi^fCTle=+H`EufOL{d zDG8%m=&_Us=@DNo9sWV^#)x7o*!h?47${W&FiSgT>_{zeLNowCF1P0+|n} z6P2AH3E0yH>oq9}hvbkd7a}hVDDV2@poav9;u9FDrS1}<#eJ_TtNujUx`0!4gEk@( zA0(>Qf3!_Cai^u&tXZws+2v$Y(X&*`e#YT}Z?FN4N;M|c;l%xNJ!h-yu3-9^j$;TL z1cJj9>de}q(*(XYeHNkBL?qyDk!Ti>EIO*}7Ixd0_^2uO8=V)mIWBU7+@;By^}5lh zty(iO#0)<$%&*DYWYmimGRmsaCX!Anp{6Wu+lHx32#{Za5MwFp=y5 z;YwGuKv+UK4(X23hO4``3s=jNPP2)qRCNwV4md5wuTr)b_25n$f;4h>uGk1G0iSj5 zqgX(SscE9)JH(UfIxD7X%$Jxv1S+Ub7v$cRRt&5RAh#i(BMQUKUnq1IP1KC7V{jVS zdDXFjuRJ}Rx|}Qc0*5WKY0(vF(dMQ{TY^-!mLvvPPEScak$IIFdU;~EIEaW%du_>^XWS?BM1rEDq;DI z@ILmej}ahr(2=HB2q?_H@XT!#+-lfkx~TnXv`ws@1_o`R>_n`pyi*R>%uqsl?j3Z| zW>41H+4g_C*@|Cde;x$r7#JM{jq8jM4!>Zq`l5IVc+pvWP~RtoZop#!%LZ>cix1Vy zz;0(j{{!{Jql*aZmt6`M-QA`usUL$DQN`lHI!71ymKzV2fehPn<9VJ1YZu@phx-_R z2!eGU>!y}jZ^(pyt!YLlMCaGj*V|p!@9FCMa;-mO*W@mcEelr^x+B7s(nyt&DoWY} zciTN2{LyK0vx!JEjdiTXCPC7rAMpsyb=os7;*lt_~CJVQ0eZ) zQXGJq^FDm#vw#5^V_bY(J=C_+Om-37st}uCxNF4+|9x$Fh1US9h*1I+ixC0^{YYCWZ-n+&G_T3t1L(QReL?0-1WID7D#&Bq8*!9<$=X4(h-SZ zHbf&CZH-Ez@Q|JBaNwE&mFpG%V19&mGehyENJ~CsVv#^pAay3gR9>{1Any7WE{}B&Y8wSb8WMR$i+)x zAL+tjrVlLe^$%!(Gt0(=e;Ui`iQ_EQ_jdghNU3jKxS%Xwh!Gt5N9zE9^wQ%(H(I6~ zvYP~NvIlSIfNKnRiSJrRm+1Fy564r`ReBiy6}hxhR<>qxKXJY^&tsD^C)!`3?{!BM zj00=yyB?4~Pa_r}JAu$we*wNc(?^b!aNXJIMy5@^ML&JV2C{PgE)RJb1ip;}nrqJ6 zOT-OF;uVXCQjl=^xk#z@8y(H4 z-I)8x?@luj=4K5swgC)|7{*biQVKGq6q~vHBF81T;-dv++quG-ZU~hIoZ`p-Km9`$ zb9jOA8F{*#0U}v2>?kgI1IqB6x7zYGpL#O%WD@4rnOxGkJp`SiywlE$bc_TMJbsZu{6SF|HyL+So6cSBKdqadARhA9oLU#n5o8f0U99=uq= zB#jj$+uI{%)&j^1Xk5G!Twk=XiDaW!71eI5l$W$fieO^JMQX9KH$J)O27cg{V3knc zQly9>&0Wk~Q0=&G_83|0hfiV;^|PMI5HP%BE{9< z{}2NFA@=36jtMhcntnySJKwdO`c@ExeXsg{yz9pl-{Av$U`HWrZk&+X_)X>J;WL+Y5FX zPJVjZNRJANja($rmQY0en@0MqCUUb!(Vy;uHlInGRK?|NS|F)M)(tLNUOrrQ}3m(&f7 ze@8OHw_b+Jnmv_$?G1j*@)g8dvWop4JKe@chJES@UO(HnQEg=F(uL6}*s^%fvG#>|0PuF~rhj-l@V~tM zw0)24q_rbdY|}daUTbS8MpaP0F!9^okI-!sUHJ0>iWO=94@ z=$#KSln?b>^`2M-;}*G#WaGyfx%nhzOQE_(GBJx~V;ql18!Z23n2ky-hNbR9g?hv= z@dzQ}+48Z7{Gj=Vv={F}c-_a0FMCn3-3HN)K5 zZTN?@E8nDWRXpd6pvNAr#x-dwE7Oi&JhK5ysX4Q!!z_!9AYLc;`hb0A;i!s?3=}w; zd{ui87*%S><=t;9y^X@#(JoH6AI&^1-}HJ}cE73=F+n{l;R##>q5>J4g~_rl($W6Z3RcC?SjH=rQW1@>+OTihb(G#2Xs*EQ}f-C(c}BwNUf zvwX%gzJG5?vLPOS>L;4qGnxR8vdgHPOBf9dXOUZ{6Fd9&5-DB*x%4pMKJ6-vM^^xH zWI_hGL_x~COe?T7Ybq7xNI~SjAD%w4+3imb;bg<4Lb+9ioWMjzdi%?sV-%E*KJZaj zsfgw;@boq6Ck4v?A?=_2vwJhfV1%vCy)z*XRD^ zeg(~%2I)VEp3&qM?u`%ohqBi{wCDyjco7B?Xw;(!NI<>{{9L1H(lcc)IQ8;`>u*c1 zww3MZ*zifJ;XQ3cg+Y2qjU~&1EvL^v3dlLWf%3ErEGY32t`D)R!no!o?$N-3fBfxR%1b= za$Sz?PVLHdv$sJjR;rq>>%Wm;u*g*yXhJZdJy=#U-uA#CyYfXTQ6xgy&rY;SuJ;7o zeswg%&hq#4ajjqxqRe-9LTMgp-8!_RtLtTCMNEcFd$w!5Bxv|)TumnZO2MaX8xz7^ z?Tv$O+KBK@+XvqjAS(l!pyo|vH^jU{)_^FV$fmqAi|WZFvgffa`_JNxbQ;BzS#(z> zkzKBs@@@?FAHtqRWWPC&;<@xXh2nYd`LbL#f&C8HpnN#{@7_zE|IS|4D#h;O91C?K zWECmJ>a087u$X-tMf(e!Ir64v0~>Tzp$m!3HDDamelM6k`j|aR%ssif61aWc`dRE7 z*A-#-qa0W%f6&4XGPV$CEEC)4cOjyt1+X+f`*fGVWJU7fZb7R-EEsoTdt|2#csD3DbyR zb2Eedp<)<+Zc{MbQL3P_%X%?j_U2?Yu>;`iF~}M-s*^XKV``VNG8Pclc+?;{2tD?S zsHU++oFN&uW6(mnLe5P^JmlE2#Y1i|r{0_dJ*X|qKLR}m$sGj^)`cQwJWQHxnaK{$ z=SSr^y8U{+nx!!JV}L#nLlPttgNaO*PID zYc@s=M8GX0xN4XiF{}HtQdQE~G&EPi*N(&)aHHH<$|9H$ zE3uKQPoMzXu1&vRJY%r|9qWHO)p5)=(f&$W=bgpqN|0u(s7)vVNV2TMbDvcYCa1aBNFezcy2rkd21m z3f5&-o*cW%ZX-(e++RGlq!tz^ATy8ltRK>1s;W#K{+~kEL5OKfqQ}uZ(LbU}&YnHn zdeMY@wZm0J=}zKV$vUb9hfQI`rd%LQf&}V1q>k&ekGO}PXsSPS{M4hU&{BkN3U281 zhbyaYw;Oa)wV|ReO>RR>J2+npo|ot77Ln9brOS>Fad(iiBn?9-^G#Bcsc$no?!I#b zVwlHtX+pG;b0Gp}H?9zepBDy}NhtpMv>Wdom$=I$6`4RwYvy^ZE;OS0J{}1kduyCM z6RmA=IMveMr;wv~CI~j$wJ~V0#>PkzLeLGEQcp^WxYJRGiF|0c8el48IKnu7st~3C zflMizvWI<_H0!7Vp%f7( zT*?zk@r0F=Jiqz?(T>e1RCBY9t$Q2~SS;-Va!W7Y&XAS9&{ zb1a4zJN?7gyW4oZx3jRzETm9Lx7%@4uL*)au+UySKBSu3dFt_giL!}>_IQHQCyl`4 zLCHlE9bgb_&lNu?Kp_0X*U4W76#wDt)ywT%v&xNsUAnmiXc-u@YII?|=glx(B|nGi zdpTA(jh|<--I}v?tGBENC+mP*1em%EF!k^{{srvb6k4p*qHJUsXIlRPb`uxK{7Ibx z%?}*_V4np5_IYEv)Mv8u8Bu+mtIh$qJI)zWp<4gno>X{;9%b*ueHNU;MVj&ZuTotx z>0Ys=b$OcriK1iQT>14Kh5U`$@2Zl&^Ouf^Z*D#)_B>pWI<_Re6t4PFOP6IB;NDL= z-P!j~(_ROB0#m(t@n5+MF2kh{*(HH}Hoy)p^R@9tqbprnGsumO+o;Tw>UT4jO__L~ z(E|NE^B&h2xCDVaP_7IEC3(OJc+9e(xkah%;XoO>Q<`a5!eC*>7xy`+)?C3b#0#C1 zn4rCWv`&UTrx?yQDwHkK0|YaZzl@<>F17gLhBmvpPkb2~_!@!(0?3T#BFCU-YTOAG zU%pstglqrCknmgZ9kb5b(jZ^2gn%TUFYBGHgt;WQiJ|cH>H1QZpn`W@BD*0ZxxRDr z2K7k4ne66%_83grn6EcrcacUfI7)VcHIs3a?#y~$*_9aIECu7mxkue@XljOx;skJY<~$#3`%nuM(I#Y zXbBj~MzDuyBw04vSw(axKP^6rvU#zJZGtZ(L4N%~^!D(RNibZFhyhYD2~x`riWFLQ z)qu2wQ?eQfi3hd#%#94-8QtmvR>o2?P=MYQ90L5Xj}cjOlk}GHFJRxkVqfsS2#}@x z3RRz?o57WxRAn`@dGi6Gwhd7J~^Y@WLSf5VnJBnzl2?2 zO}MU-b=KLe6uwSCO^+cBS+N1JqUxWUl3=1|kPL*>`)v-mmjp%s9Y@?wgXai}C1 z+dTQoX>#66g3(oEchG%~L3tbGlOk z^N(~Bh`o9w{3E^oSA6}1QMJ7Yg9;$}Of8wx_*JSNm?5IDIliup^}|L(bPUJAvMljRZyC&&Gcddo&~fv2Q5GO7{R#JK>4}h`n}q zRG@rn8@|?IY&RJ+s_)DrW37{&r;Fq2HY75fNy;wwT_x2U|TueA`3sd3RsN0Ab{aev0Dz?fT!j~P%WBGbIGD`sN? zfp41_c^Fr6ERJzGz%poUD&&Qu+Ykp51jK_q=}fVo#(kXDZz~)P5-^sQK=2TNe0!>~ z5G=S@I4-z1Bo|J9nD@$3zYb3Edk=%2iKsP>#nAh4`*v(0B{12O0e+rho0x%`LqguJ zhlv!Nnlxaz65l`+kW}M~sT;x)ARaDD95b*~GiiVv-+m)tgSY)VAqL+$tX{-QFHkrt z6vj)07BlhP&&8t$KdZB4zUoWbSEDhNGb-5HyM*{hKAx-49~-U+?OERiq(Vo;9_|iA z(-;{Za*L%^751H^?*128o-%*^0y;=O}DtKVj{ve+=ZeFpU*S{Xx9L5y7H`;nIYr7fTI{ zl(t@b+u1K@jt$3Px6P-!+><@N$}`>-O7s@XGoD6!6BRV=u|KsTh=;!h%Poc?5L_0b!4YT z3(!>7LS_ET*tvVsK&=loa|>Msmyg?t3Uimg;Zxcy#n}=6HE ze~t!`x$n3p7HMlk0J)z<-RZEsN~GsbL)fU{ z7nB6HT!_ofD}|Hn6P#FdCpwV|VE&XUIsSH~q&n}C(cwC9>}REbfwR9utF?O#lN4ni zh4Ny(Sx>MeouER7p}9||7tLhAF~t{Gn!VtG+@C5b3Ek<=^|<(xiK23^eKR2VR({PX z2`C)XLP6+c(Gi>^WT{|2Wi%9dGoBr!HN`xxMKuN1tL8N^fp++8ml>B4FS?VFu5p)F zm+3Z>k}_rkUmzgb1+98|+cynkP2k*iOg7&9lvAj)ul$L- z(5g11QlI|$(;_HlsK4oa{v@Q@DgL>>Qp~DG#t|o_X3A@^vM^7Wg!#mZxL4?rS>7c4 z6sOzzEidYe+FOoI29pIF1(uuPZebhxvm}hNZcoSIbfMpz!owXR_x=(^Sr>2ut|L4q z1cgHD#v6z<$ZAD1p(6P}+G{nq=?l<@xY!!x5_Aoz6)s>*2v|>74{ z?wu~BBoDp6mkE+~%Czp>nCYQ|B9c8}gJnT~h2>dmbC)lFEONAzq?|(Qh2T3pa~_O% z<-xG|iyJ{n#gx^stfo+qh4%JiA9|y~=?L4r@OAli5nLHjd>I9E4(T2{+{~*U;bUKS zH$ZWMoyuVEQwracNpa+r!f6jKitIbyth_<-OJ7MrZ;F$XoiMm}&t(gnJ7KH!I(0gC z^NfWY*7){)G~4tZ9^$<^k=naN9o3f%4 zFewT%m8nNV8LOm=vry?_bx$L)ex!@LK^}s3_C2<-VW=z`PEf3;qs)72B-)Lcwh4lw zcTN~?)?Xc}EOHF{b=vw!GLuFUe)ix`Pr2O|zO^$HA29wSp-(W&$N(e=u`Mp^xsGgx zflVF0d4IpB%M-bfae~JIx69Hc{|ht)NsPZFie7=wn=7knn7Wv^ToT@A#_Vu#;~0lb zgx6>+o!+xeb=Jkq24EsnD7Do@WHb8}SR}*^HP%+P5B$kr#x`|KYWLVfEJup#n0%X{ zF>b>6^dfmGrFio79qZY&FoQ2IXjpHrak*Hx3Mh!6spZ0&F<&2}aK1f-*+dupTARQ+ z5XWtlIz)eG$qr^OF|&kcC7`gbNI$}C2|D(B6~>Z{$l=9}Bs~E(VQq)NLw*JPKrt-% zSN%|HEbNuBok+*b8dwM+nKD0uiDDXuyP40-pXOSm%Bq?UT=;x2W$^4DumqU0ao5A_ z8tuv{CmRh23TO$){SVpjdJ3i55TkUN&!5ZME?SIyX+QVnNsB2zmZ^>>agMr}6_EE3 zLJ=Nul37iB?{gM>q^pP!v3Y+bnZ`(caBHT-2tmz*UZFf=CoppZ1p^#PgPgGTqcG=r(X%T!n{JQJ2v=u1vMKHB@4$xROOKhSlF$aTfV))CS z=3bcaB$NNz-=jKUK=tZWvQDQursHa<&sR@8%PBrKlxwGQAvI}UowQe!4 z;E1WNRQ*Y6*bIhZ6VyE@;4VHxf>Ma1Y;GjcN$O}yMpZegvB&pL;WG$tybpt{pYbw8 zegYE+0rQVJRungy@+X)!a%na;u3WTs0(O(SUfumGAmU9*-5P2yD+!$753VndC?#Gy z{#2mvN?a+6wgUB1{1(ER{qt)c-YKi}`p*bQdoL!mdU3@b8`X{cwuiLT{6gP z!e9xzN|7^?-TE`$YC(*Krg0|4TO)fuV2Uc&YDS}-i0QbR|AGgg7enBQWml2`RDp8V)1B!;C<<6xqw1B{oI zD7evi1>_%baf37c4L2Rap~`D`#=q@;%n|sZk%;|1pBet4+nRw|b;DIf!dc~QbU49ZJlW087+eT{4}jg(r3h81#3*Anj-ZX z^ZTCjJp4l4gdaCrX69fo&(npaCF1oX+aWGO3>tSeYeFH?Umb`k4S)ON#9sR& zWK45uE_lM-)(gEY8TejduZJ(&lb6$%zgEk_=^M=adMKxFB*pM3s?RPTt%NU=^2qD3 z-{oSAJL!mHhl1gWdgR$V`oif=Qo{@*@0quXST8)O>5aZwHD&j4falt_@cC#wnaa=N z#~_1T&G4nP&th049GJzCN~z==wVXqDa_01vsxzltay)`g*2f^xtq(9tv??)E$smE! z&sW|){sMhl56u3q&=@Tm{{7W$sk^pW;}jh78|?4%c!2#8{}5QObU0-@|r57=2ck);vrF71vBJq_I*rOKvg zB{f%94&BBNNuR>_^n`cqY$D^_A7Q$Mof;lFhcY}YVh_qYydx(hCks3fFoJ-asVvf< z7B>&q^%|Az?_XY9_ptNI=>1XigHjEKIDDwQtm8C@Y;G{QKK!I!wzX68h~Q(h>2krI zwGEhf@I4{U(Jx(K(flu96K*n+NKjXZ?xi5#oQ$4pw)eNfb8++Hwb8fw^w5LX-p|%Z z395Mn2l(}3Aw@s%X&rWm%VZKSlqr<=m_>*NzJ@<(wQBE5&_>tl@N_jgII0XzOVWHS4^r((*7Zz!F++?kY4zCVI8gABYZo~hx2 zGKton<8;VR)4R+R#&J?JF)q=0DYOHsj%=tK%iUa_fZ%#>f7+HUU=_fHOSW_F+=isc z_;*LfVCpbLs~5}JQknu;2j&_~S_m$}J)~apo@K7VY{1|5D}#s0H3h&4m2nuhy95vb_3bjKaX?VD zYbs7d*_W~~Xb%fxBD^_aPB z5`kY10V(PbRJEcdQma}M45vQUYOGh5d7Hwj_PcK4yxj|1?WkchW&EV>F{n^I$!SFm z6K8#?&_x2G(IbQ;6iOF{4I{s(VQYa|%8yM*lU2*CBp7-nv?dg0jO|8e8lvOam~L`F^iH8mEs5=@fv|Iz5%c||=I5lQ zZ3Q03lfZyUF9cpDkK8;vckJLvLQmpxtN`su|0$pqV&j6_>fn+5@`BNz@=ktu~1W6-sOyWF)-iV#uXI8kHoZ4ua*h98G6at zTb(+RHI`rl+o}7q+m54+Tt+L$yJ-3~a*BxnY4DLULe9^V?~9{L|Bt=z{uAt1`q%o| z{?%`(@5kHvtLS`gT>iaVnu8=#BEXyX__v*h9wphNmP#oJ<&MvPg} z9rZMGOS2Sh8tde^%JrBDq5CQ5*J0-de6C44w6C|&Ufx1G`NI`F#%)L+?}uN?3aN>6 z=0bZmx3SRP*UUnD>jyIFQ%*aOLyRwaZD2Q3JQ7&wx#|4sEST&c40Bk86hpAZ5ksE| z)cFbLCx9cN-Q!TIS06qX+%x@&z7MDW#u{3!1a{vd4ycursf}ndtxqeo>=lxBWUggm zNs^Qe4yZKkGi}@9CgDL&PqF(>FEw?oIaSgRGD*4`zS8j!uF~Bu2!1PSz$1%C0Y@16 zF5WCl*`i&N^Z#pj72)kiIJ0337Q5feO%$@MjEJ~NDQe;BOsTt+O5hp@brJ*e0 zCd|nNrnC+78~K;7RExeC7}LOW1Kx6#iHhJ0)$F9yd?E_NBq0RGp`Em%pFU-mQ9F?_ z>1^^K$1h!Kt~d$kqTjL%yKHGvr%NyQtUEs2sN_%~pzq8!5x(SLAYyM>rY;Iq=en>77PLzU*9Gy09B8PQi&J z(o~~2nP=p?pMi#d{m_C3SGl!BKF595zjg{`$MO8EmK7gdXfdb?X-Ik4fuZN9eXs48 z;+k+kUSHNeY`UwT0xhhlgJr%lMB2?n+M9dbm9bL0XW1wwu zXOig=Ao*3R)c`9jFVktCfQ0ALZmkC!iOYbuMamKPKyAPq;Iv5ene}m#(a_ssJ(g~el4pk!c>I#O&^j~I7M$jlf86uYKu}L zkwMNt;*%tIp?9R5XUGc=b9#!mhnOwC5EsS`UjvgII&EyVTK506+A+k*>e?B;wD9@l z)haie=OFl@^B=sqZj&@dwdAjkXSlK({h<}nAmNo+p1^w=(8*p6#?_)HS7pyoE153z zaDkO-LTa`C8|&uMIXNeyJj1@FKqOW7@avuuYI-msLXk0!^%v~f@R9Xh63?2k7jSiZ z2@VK*Va)OGLi^+K^tLTeU$NG){*p|SauReAwaHD%n#-#tr+BUrZm;O`y|9dXKkb%{ zIN{H*w$la(wv-L<_p4x&-m*r!yT!ze5bS_TcKvsPefTW~QNoY#_8|lV-?ztw4pwZf z{4c(PwVIRc&+ZrH2Gq&jyB@ER&2d9*u84H|->5OR{w!s_?6Xz0xd6-HsavmT$W945#oN}=`s^VK#R^PT(4+{Hgp${VuRSTkKIL; z^B{n(k;ui6QHOmm?p|>dSX5?ii_dd%OlFn{%=@dhbr(SB2${fBtZ16Vc@1D~u*I{*QRq0a9+B?5?*_sP< za_wLPMW^wp98+1zZ!W23eLJXkQ*nc-^$;wpZr0QVAyvI0y3q;X4+CYpIF6tMW$7jJ z-{pU{-ht9rLFbkK5{yIX^6yitnMqi2uQGzs(+CHWgV9LPSw|u2(!vBa>;!P|lF-0q zI|uE%q;w&3kyXc*pqKjTJ7(>m&_s6q==XMa-t~jKgIcQ*snz(Fv#_e+4)%Ttq+J!- zPCQ`?HvTWAP2x05sz1!!;A7_9_d^pEpq{Z(;7tyrs%3)+mO57ib^L=;V)93_o5jAZ z90mupCvL1n%bUPbt%h>bns*Mu;s;)7>%<^!>w1=fw{f2VCz`lbTp-@4K{~{*1R7>8 z4PAl>rmpTmbx)E8;s6mewGm3+gWR#}y8^Mx!ba)oLA~)`FB~m3ve3Usz>daSl|h@?bz5~D?(wYS{&~sReSa{)*$GIa>I%f*urj{9u2oXcA0qQpHB_yXDH;A= z$2iEzI67;@X?KB8-Jxbga`WDi`XCQG9n30ArMRFrR2XJ&uF}fp-nV)*+^{?THJ%;@ zy6~ADZnPn{mzl;Vczc474%#Q$Op-$U4apuw)mGDlU3Samgk!e=H{Td$#l8MaRP5tC z%@&%L{Dyfyp`{<@WWL_d^G>Tkbku9fPv~hqtfXhVALaQCRkYG(;K6(FW(X-#Cz@Jn zBACowL;#haPT=P`0A-iE?lWthm#Gp7SKJwkCh}e_u`wx$yKdiiM%iym=P?VWZHgfa zN&m3(8E5-&3SZKf{z7srl=_hmdp{H&fR*;)Olj$c8|5Y3~vBruQP-<%NbZ3EWw>p zHaghH;^MqxM9qf4IzQvJq{7cCxb0vLD&=S-rXHR6?qom5i^QL~zB%_by@|DAO2}X)rrSf51}`iv(aZUHc=Q_x#$ku;br&SQH4yK9+^^S_ z(q3ZQ1bCg57xpxy%$kj`qP2177%SX3trnnKBGAucgOLU835Icz!{?f1E@vV&&hK*a zYNUR>cP2zUAdr>UGd+K#NfPv|yvBDQR*6RT=Wd@|#I zf>uBzdbRvUSh%ZYRbquJ$tlTIV{M2|C@qsSIdb!Ku=Z7v| z=ux0btIq7z&Eo%~kK~Jv10|TmK)DyWj8G5oYR*o_+F2wec#>l43N2q#vnn)PwD#if z`=|>y;Yh)RH9Z#fcZA>_QZG$*ia zR~W=1B5TA~?f*t%j^K6yOci`RF{ZP+f>Q%N*m5u5GpD5Pv&20~MqlsGw!5p%?7HMQ zTWXr@QR~rL!c)yNMC)iIBWMGq^PSn*3FB90u=!L(_>bdr=*#_8moU5J~fJAf)Z@cLaamEc<(EY z5iHLI?CwGY6MkMBfV{K@H=tfO!^kWIs4v5FuaW(MB&rC1J}eSbI3XhDSYl`jdmrJJ z(<+G&x7~&GC4TvY4;m>K-9JqtgW9_mKXu5D?-5d@z#E)@F7yFI5Ka#;>I)PDB*FMlN)BBSXTsM7d0FF-|lpiX(c%!A?KqYt#nLC%9|(eTvYH zI#1__-1sw@=(wFLGRodLuh%G-hzxG;sk5zY5}$ioF@aIBS}~T$jDmf{SA0-HRNjj$ ziyD&|b?L^?R7LJb)im8fQB9Uc)wFdWs?#Y?@HXX3)Jexj?5>dmzQD)0iOJ{J^IWDX zl90ze17*qXCl)9{|NPofI>_N_-<2JJbZ0D(-c@9P>nwhL!sWJ9ivf6rksOy-}TsRLMxXocnUwTcO|Rj~p>`aKQrw ztXBx4uk6lk0Cgs`x}KTz{fx*V$MegM zr=i?ksIO|g&uNC&3DBtXrHyx2KoQgg9qBhYsNpCASv~Z6%=8-v9No(#tBZ57MWu$9 z69JHaG+8$d7SUr?;BU-15=qPtb`o5AkEXI+`2Btr z4UlhOo-G)icr(b*P;+fK+R~_526f!5X zJK5BuLHgGS*d_y|_aa1>d^DAREgMUID!}C^!iI|wN1Etj7_+@xvbUbOz*%;gK~-#~ z(L@D)ybxaIukhS=;A4g-E<=|=$hm*|d5Voi)3Ij^AxKAN$WJa=8e@Ert^KGy>}-lS zMhlMd^4&1FP8Jq1|7HLyu%xhI&Z$+<%1eIW~86hS$e86Y8AW^ zXYEPTQAt*)eS05+T9pW61oI$Fk{)CKtD9i|`To@J%t9!UMv-GvF8u_+j>eQax2Eic zmLhkmbLl*VKY3mURwLowu-ayhK4 znI;-o4cL+)cCqFpz5pDvLp{%~;QE#gY%>e`E~;U=rCV6myr&pvCuFYrsnwj+&Z~J- z6HJuKXhdZ+VRQZIQL0tT1A~HCcfUtp+j)%34}(&Fe3!0$*xOWpBW(Kp>eCuupOd7w zptX#phHH0?GiFy=xsYiQ~kzJc8Jxigx|(R}roFIAdGP(O62Q z7SdR#J- z3)`v;<;p_}2oEvWd5{JBY}mC&*O-+a#!gQ7Y%mK$=DGzWeuq$F9^E(dt#_=G@k>eG zi;Ts3jiY0xr=-|00H;3;kA8y0RdV8T@In&eI?fWxb9J;7gcOw-ymcB2vcJ1r`dg0g zUY;G#gjcQozL(~`A0&fbags|haTHzIl;Th;_?^37-%7>8aqIX&+##9-T(C9wVz076 zjFqXPnlYPX{@4)~&JQj7X`B;M_UB|T#9K}XP=1G&Oa98m$b0rk8DJZMa$+I z5)=2kn}i)3@u3-v1YP%-w7d5B3rhXU1YiBh8bq?*)#62GfTTJzNcxB{)xPL%;klLG zg3+)cz5zA)ppnvRyoG&Ji`c>VcI+&Yt^0e-BWcU%K^AfJNQiyp#G4!E(=4J$eJ1u6 zrCo4Y_NOyUh#e6AGXkVuP%9tS*-7xo6zcN;cOZ*3Au35Wet5En_)PJKVEQWLp-OBq zt%KSGTMe!Zz+vF)Q}{k*f|WFKoyH@MQr5X!kY=sRJ||5{a0NDvf$~g%mKR;Ad$hX0 z{qMbdrw7B}LYsXfOI^X2_Uu^WN*tNIZJcc)jNfW&a_>a-Mg{dwr$(C z-M!nkZQHhO+qP}nHm2Y2pE;O=Bu^@JkgHBAsaoq^-wE^4hUV+>(7EtuWoSA{hvbr` zW*kKSpVH?mOhdu3ZU~i27FSJ_xW2Ei2`=!i+-qpLMyVst+Zdb#D7RPCvO}jZycEicSu(_LRPCz z|0lF%yZknbm^EoHBewQSU}F?fIha&d0XsX8VlZKL?<@@CGIm)A=2|QS5aA`-2^G{) z33xAdw{xXYGX2&QnOt_ey-K4__cee}VBNP9(5Mi*!~_A>!{qiX>Sx2;5ZG=wlok?jb~E;Qv~nK9(r zvSV62_)b(CoPP??c}c*(xfKOADdU#oxO<)IM=|MDXaF{f{j;{d>MoWWd?9J^l5!-+ zOiBfV^>~%a4>}|hzngi?c*IkzRv;0549V^AP-eLO?-g`SQHq3c$L8o}r~a1}HHV3k z?hi5H##WC`52Q9}IWW3QKr{1!$)yKqo~h6l9PmnrT7bnT_~r4@G}QtPrSX zmQ;1zo1tcqHJ;pM^h)7BfGc7fQ}NHKI5TUzVg5#RLMN}=ha0n(6(z%iI)3+Dbcu+M zsn|x}Mqb*5`-7WoHFf~{Rj96-pJcr;5B1rt+cPR}GgCexDfb0;oasU%NLl%sH{HDB z&Jxm6C@YN%_wxg;9tg%%+%AY>A>b~zAx`hj%mIGG7NFnjfA%fVh>lnyCd?8Ql z2^r)$D=_>s(mh~^hU06bYaizkC}b28buR|CG*h1js{Rh3=BZg$XT4erf6^S5aJ$W; zEMJEIi|S7`i6>RxU8f>v^r~BO`~WAY|7w)1zNNw_x`5CA=AJ7hw7c9tmYAPQxtaj) zub`5#&+m_aZiE6LjjZsKu@AG)lRYf~OvR6uB~)v&JkDZ6!!tmK!OOe%nCZJ$_7K?8 zjV)v!rCcHyRCiHw;jSz!vFao|Y&NYK%jmPPczLHWBkei@PUmUHbgc?a#ZdOi1QyY% z%G6ys>(Urrq*KLdyT{@tIro1`PDyGaNP40q;N%IZn<)c$!qOf$Dl)pW{jrmGXpIFA zk}#nMd(gd8RyOroI?l5Z!K{V&0RA=_ERr!Fo}azX_mY>Bo9#}3>fXypj4m#&bCqKU zUHQvY<{<9!a~%8 zj~JRe#h;N~ZG97XhqYEJi%9H9x=B1@!HQa^Wq;@tdg?f^_S+I$w%sYM2sn-Kt-8cR zSb?^h^9f)VHPn>B4`ChbCn9RbFfo^nEVU-GVrwY&Dbm}U3-{X}*l`!<2i?eP}Lg-RSrlE*%V)@7pdw)CkVksOQK zHAH%ASIOV=Ls0uYfP#;JbRteGQdqphNIk*}w5E{=ey>+b)@m#lsPuA%FTkyw-Esw> zKI&inmo=nBm1c}l4kX)4h(?xxFu(3(Vx=x|_>bk`ebdo{%v;@Jmnis)m9Ezn5AV*b zPk3hM+wm~e!4N5aYzXq(!H@~_6PN$JZZ7nfi82GVyO0>eN%K|pWB!kfwxY0nDE*w0 zU}DXUfENuO9h#2qVJx?BFmUVlxK2}hSHgGsUwgkBez(n)1go~NxmnmW;F%OMvNCD`+1dp4@i7KLnx z?gFKRlCMO6znp;tG2%ClRrDXWOsW4_Hx4?3L4T!&UK!jT*Xf3pYt0`TOEVAPXHY2a zPK5+5QC@X)L#iz6Ju->!DkZEyWnG-Dpn&IHPk8l_nyglD^LOgKGuu=9?}d~#K;{$> zQ@8NGadee%6%?1J8J-VyA_tNC0sO^&iQ5+(F&53fz?tqvc-7aIgfX1ztYAYC9aB z-7LStZg!jw$ zskaLko8yef7K=MNMST@O$Al|^dMFMcfoZ<_*X`iaE!Ldc6Z1c9vh z_+=w*Ad+A1uaTIYGK2H^x*%6;>PSyXmf29fUQS(9k|h&nF!a&FQ;uWB(1W`Ubf8}O z_TtUDSVn)MSgU~s0vTF8Qqi`Rk%tdmQm^9-#n^aTnxl+Jy`) zFl#lAIjyl`PCj|nVMFg+ymhKRvB+wgSofx3y{As?r^wvlw82RB^`5LdY|K;OT5W2h zwoSHq*-WclMk)H{VGjO^o5YPuuE-Ui)B5v~#t*usEQxx}f3}j7W7aAZ@oKV6%7W8@g{mcFi+utJ?#-#Xs9^e9%Jp^O; zcYdBv(4HJJ(*jcD2&#)=^Zi@h?a?F?z!wFjF|XkVVC;Iz((Mmr^=t~Bv-h3RFy@lK zMRpja{|!!;3AJZ*^C9^LHg%I=@E#de__a=!o9f2We@-nJ2sns+`2jLj5Tw160YU*5 z%vzV15oTo~h$J+rw3@U&f*d(rZd#PT|9QK(6XbHqSR~imYfS;jgwL~w!?#yj7bqUiyvcY?0lHs zB1xIS$Ix63vq>FtoiWEEVAbj8olbcB1YQdu3sY)jB31wKdZmC|7ubk>f!WU@8Gli zcXf=tE=9Oj^2cc2!zhpxw^N}VRkU^?Gy){2^#UX(RT31pM+YEhy1SYk2IHX)x3YdZlR#a-A=jVnbxH2^y1IAUySuo?>;1 z*v(tM#2jser)?6MGKEQxR&!|*m(`Gwc$rC-G2^emYJt9y4CAYUy1keU?@Tyz(@+X1 z!x#Y)%PBRBHxRGY;PU3$<8-es1e|ykfo|j zH>sibKrqg>L_*t3Lb``2ho*HTO<>5JadeA=D0KyFMI~U)6h95z=X;w1v5wMsOUH1M zcNCGAtb!RM3LJJSlc%9E(&QjJBtM~^S3Op=(YpnWUaQYtOu*S9-7hlR$xlVCXILxj zZZ)q7OlkXR__Y7^Iqpp1E|zzefx8Do4BIqhL*|R&9}O^h;ko!mSoKNPAbFC@oFtCYQ!~>Aq2j8tVW2@3c5CmAEhoe*3YdGLmqoeej${?_Euld*0tINE0Z0DJHcxcGO z%U-t)++au9l=&4_%LPwvU4BcK(wPWBb1lN_e9~TLV5JGA*YhXx$}}{C#pQdWi)Q<{ zy~^QsO6UTEOJ|@9BU2@yNe@rw@vfGS;E?^>E*oj7%#3cQHj1o84@Hl2j<&^}nOoPb zvXDYD8R&dCVe_1s`!mgOssWK)b7QQJLvaUREfKY#XrK@;`T%g-@Qu5zqzGy%F|un^ z(R=1dPTX)t2s0x@(G~G6W$mAQ0uys=x>gfmN2j~>oGz|ju=-Q1Wb zS1SehB+=1P_uU6(^1V5t1@;?!xN(|-W-}RpvwR9y;aFD9HM66+IOs}6M*8FBnhc;t zEMH#^iGuTfOKY07Em!m&F)N7|BJ|@XlPABB_;%kG9fSX~E2I#?!`Le?I-i)ZY867b zF$}N@C|RuYka~-RZq@mfO;?=z(4*_EH>iOq$y~<}VyR4-#}MbrLXB3D#$S@Ecy~v+ z4V@k<7ZvWnzp@}Y{xUYGfR$Cg0P|r*1&|!)GsP|Y9hH2ojD(E+5o-P^#odoaTH~`V z1JJovT>XOKwGaE!gd>Wv>VYcTRi0%?CXl% zrWsDgH_4OP4CS09$v`Q{aPsB{XbBRX zER;|hy__L-z)bWC5d6Fze4K{EdRaW;jZ=B;k_VrP-D|qM?k}L~xw`HO){^*zp%0)* zMfOfgwZpBj&O4mCf`tk4+OVnktz0!q9p+z}8dZ{T*2;8^umV1^Dw2B3qa#MiSrEMa zx^kz|N)4NzEQ4YMZ)dZT>O?o&>0MN}TD?N}^^CGtLCm%E1-D7U>ZIZ$GK)-{wCPkH zf=yYI0m$4X!YkG904ttEBdjd;of`{r@a2L9(7cC&4y`>3#>K`Vl1t<$I@ip)8~!Hn zhV~Cbe3JulVd1~*YR^&t;-ZeH6g7lN$;ui-suN$9(_CQx%YQ%Yh+w@+S^vBHd;LM-!>kBoCZ18G zxgkl6(g7S7Ff}&`$#{srDz{HDz;)DE zvn1GRzVmKKKprVQVIs4F!+ea?l{jrwx-;f_L5)dOGb=yUsJy!7-v?%Z7K43I9TN2N zW%s=Tb_`rZvR`%}$vu#D9F28lmCZi8kn|B^EqmsqY^7=9l9PqyuEkfI_UPU*z4h&L zbvojG7YGjb()^T+9hPi<6t>yH+4b4Z_C~#WE6`KOJ0I-}6|ClfywofVkv()xMx0Np zx5sM9ou;t&tAHhoW*l?U1xHm)m`JJY(>Ec+U0bk{#~p_hT1+{n&wZ9vXF=_f&$Uv_ zi(RbB)2kfZl3dxE`)9}skC9t=5_SRLze~uQtap`WR3tUsd~(G^6CS^syj+B!(Lr-f z?h_n>PZYum6UX8*kJL|G9qDb*PzwPjhjL=Q&k3$4Y?;-4ShAMYRA{~d+=S!TG<@Mfc1 z_?mqGuICdp{>p=dFZOITOsh1r(=L0mph2{o$xp)2V3|x^25%7>)E*tunW@pI7t-$s zzhtvX#mWPGikW}3d!(0{j@5}}1fHIu-2&`)sAf|phy_}0hEP%ni(-dJX$G>j95C8E zU+^L1bP8lQRSi3IYU;|On^cT%`1@J@;#_a@vj#kO-X+n{u&~rw0lv@XD+27DK;H;kc^L(HHIyRn74o-!~T0m)WG;{o(oq{^F@u)zi4{zXbt|*=*G_U8UM*!xKq2(2|Bq+T(A4P zYcnob`AB*?w~2E>plAc9%q)}Ic{yU(V*3xp+3sQp9lHC~fA-#GL!lQr&1w$1Q6vrv zfPQM+wJmaNEbaWt$k%G!augT z^zD*Y|7m^qMTW9VKCz==zO!&92mj4i<|P|rAc@3D9Ln7#f=X%~4(kI<8od@AhuMd+ z+R~Tr3e|ZEd?0b5v&2nMByHsfx|3{7pc7Q_2En@OSL8(1*L;gHVNfv*x?B5~fdP4^EKh z1Yl|?AX+Fqwg&*ACSRyLH_l&FH+X-l6slNbct_roy-O#2WP1Z8b%~POt$$Elsp8rAUV6Sz`D^7X}5vIQH z!~v$M&&0A;6`5{tdDmq;ysuDXOr;Agv$EbXZMSlh~4lS!#Z)*As z+OcD|5(Dsf;lf!ftFV(*u8%RJ0(zX^SGuw*#M;vrypH);G8HuPtfuC zZSeNmaZu{%hM$=$!|i(GLCopqALEckkUu(C*{sX8pp`JYc*MxuT`+TPlxSNn6sdV` zbDN`Je-9p0OkU<5PWOD8kWl>HR1hCS(6$Yxdqw(*-stQ15Q2D*H%q2G>Ip9Et(C)qYnJE{#-d!?i5i4w^~ijyVnkRu4JwT41G#{TN7+=OVq*!>jRB$6 z)7bfyU-4ia9-CQZvvzQ=Y8hTm#F<;FCox~&aZkC9FEu-7VTN*spG?AWly5k!RWjrW z%R{7Bra2x*G1QJ#MxHMmcj37bf%VSTBq!8UlLyu75gPB>ots$Lmp0~T zmZxUk{|qNz8QOo0eDBKxAzJIXF*OyqYlIZVBrO*cK7jH+G_U6}FOYx>PVTKht83EK z?)1iEGoGw#mTmLSG6h;; z)H+FzEHlU`RBHr~yad?Ma(9|pXR?sO1p*E9N10YVJjnqmf*}i2}{1DmEB%U(2 zZ-dzsWXaHHpW@ceZT<&>fq17&C=QLVFiitl%;h7Pz?obEP!dA)pT{s2qnP;=P1403 zXOe0KRvn$*XdOi#49`z=wj_Q|xSL0e8uHaGP$;}M57p=C?vIJZEuc-?b z)%N1D*u#w9|Dr=?Anx9-8&I-3jbGo#Wx0JEPBb;$(!dYM(f} zi%Z+ZU1p79ry0WgjV9Mra{3CQ3_ICf$w8{?Rh1tM&X^v(hvfD`U^blHoA=?K@8hO! zWBu|DJMrmMiD?9t%9%+y9>{u2q3I;D0{Gi$@&8uym*6Dr`@)^J#ujEy4V1-b14FCu zt}NZYlGpC0`%@z7ppFe}{B_U(?hs>7T7!;ctuG;SgE_iOoUz>&>Our)GVoI*kwz4g z5$tBh<4dIC(=%GrX=kE=;aX9pOBh~r8lk?yn8)YaI^3Q@#2q)UTHJ_2GOlpo| z{dO*gnqmkD5Yy`>ZU__OFfG@XMK5u)#*00c>_0WS*2HP%@i!i8TGq=NQtDC<@KKM# zDW3TX%IZ;7NIgWofj1yOQEsXb1T+7I$VaVaEntEkypU;Ty(=Z`VdG9$qKBh*Suh^7m z_M0^xcs{qp;c5=aB0c0Jq=?f#F2kWosCp$@fJOONB{+#6KX6miruA@mJzkd*q3}cP z^1av|?d-!DsF%*KGgML40yEM>uee-;_=`VxJ-`D;lCq+SK%$8lC`FVuOsN z&e9mG3B=&QVshLhBaFqc)>ws7c@~WDwrXKT>7`R_nNRf_IHS>zn$yLak~RHcRhaLs zdFo<){HUEoiy!3{SMvIWH*6sM7)O4=wJQInJDuk4)B}0i0RTgJd+DU~zEVtn69qW) z8~1?hB%4Q5j$+Z!=L5UFEv4wdAlu+j&0QwRc@1TF5vO-$xks?V7JhEgbeu| zDBHlSs*D^zw6(eOK&rAu)bRF9EtHVD%;cn;Tr`jx&@y1s=5jLo!HkUeVJ5kq7%zc{ zoX@mijut&UuH_h^PUk*2u8mhg8mdQDkl;+mMT~n#L=8rdI&#wWP;;Epkfc~m9?c&X zfp8FicQ)l&HtN=Vt(kXY{aVPrEev}m8%{kLPsYKVF|v$UNLr|PT$xF1nRz@W$G{>Xik?Fo@-x)x+aMgUE3(W0x|39K4;%p4>*!3eqwYvOm2DL4zK1LZJ2LHT3GQd=xgmO#=>LpCFl;?3?o5q;gnl?>UE6W}uwepE6fXjq%7*t?}aWg63pA zS^Pn}Uf597Pc4{~ZyC1PbHY}m%AV@+Qq86DJ&>|Gx{K;6m?4F4boig8e?3ki{KUb= zX|BC@EHApgn{~J1q6& zbaofNQUd0#lYELg9pX{O2SiPE4f&~G+7HavvlLJ^jxb#>*(;h!*ZL^X4a?2IcjkNOBr4(? zQyJCL51yX3_v0W z8?4O_>G#0h(W%&xhKjvzlP{wet}f_*m^h}+_$=vFPs&F&s6@VSf2EpxkDs&uP8o=- zL>3bvQUV3|BrN2gf*<-*x~9pG67#7Ac#JciW}Y-_ash{ECFu_=rYpyP9{tF6r}nrr z`?PKB#XiqTLY0-4t7kS+OZ6;#Rv4y+_4uyCmAQ?{ETb#ND=X9?DAS0ESixR*$pxN> zs}${8>9$pE0e~YGtu{u;WfCx-<>^ikk+-G7HyI5nk`>K}xDn~+cl zTg{-PsbyM~X8WlC{~8jL5Q?}Y*SII9iFBq+(<Mgh`q+a9rYl!(A<}s7sSMyA(UE10gKh7Upq<4^=a~w2#Os z86kuzSb9A=;)CT^_&PP{w(50@a9WZ*`I}^$X8X>&Ep9ZosO~Mzwi`#zj|g(eRjgfM zUa+Y0Oqe+kEmcCeR4s-j1N;P7l!%A(p^*KA-}c!qRF6WgR8PJHi#-a*kjjcbv=Q0& z=li@mi(gEgCDImMGL1fRFR=~Uy;4ppC%n{q_RXxm$}TNd8YtI$TEMS*5}p5Y03m!9 zw{+ppuN;0WKm6$8n-uSIeEJ%-sl7AH8wKh6!+%fed>^1bBr?e^S7xRS0%zA4i>GB1 z8*yyRX40l9-TH*PUnD6HA9_l%{<~z=?)H4Uub}M-{P`{HUwV8zpGJ5;M=EG_e(!%# zd9V8~KCdw;I-lQ56SUs}ou2Du2a4jt6F;tQw=K@3FOY8D8WD`dUa19QisCBibjY#R z=}kG{gqTm?Rfg&Ux(z80J3nK`hmXvG*vpo!ZUhn}h2M*^UK^LJFy%=o$G;nC?8$_6 zZ#=*FtU1-5wgb0!=C;y8gbWKs>~Cg``%H`Cj|^xOlU+s*1wU8U4qz5xiHcHkf?sA$d62(NcZRVQ#OtWcI09Vte%v$}|Qa}sk-g5+2BRz%Mj>2 z=DglcqkP}W`;mJji*SAx`QbGgc8Gt}0CUA64f6UjG`?28ZJ5Hb>}``{AX~MU{xGjY zG2+hBdh82C(1_bd&Nz3Wa1#OUs-pmvL{3qHl(Nk*Bsdt+>M=Y8Q{Y*mryf=FN9);?~zGnJ!ulSqbvpK2`>V5 zHDk!sPO>XfC<-5FnzHG@wxs%zMT(bECEH_{u5rI)eyH29LzlplVFT4Wy%ENXyle75L{kFSOPH6j->hBm z`Bn{}IGkT8LDbWR&bee6TM)RI3=ku1lX)uvkh+e8Rer{1HBwY}% zMpAU7pL1gFJdK}oo>@MKH+-B;>@`1Tpr5~CHf~mZ)_I*Tc{vF;>V6u1zFdF%+$zT>P6%x_WHEG7YY0d3k5a&3K7e? z3w(cJy!lIHXQ~SB{kuYZjFllwy$dyIBcosYZgoy6YenlasYn$$Xz{4HJ>=~eF(81MQ-&5Gju_^H65@#> z1N}rAEP|5%c+(Kmk9tY>i`cmf3ZwP3?}jt2)onB+_Qms_Xh^M0vXLhCjh|cWw7xBQ z^!r-|_lO!B_7{N@sNxdpoTPbtQQE7M6*P{Tt{=ak8NFo!*I`(}Y+jJ6rjTU_294+m zxpD2NVwWDo6{)(&Bw=fxjmZk`x!Y|)o2QL7=CR}{W-kWb#B-4Q8U1dM@L>RqgIgFm zBt~HnKXIL5@Zry;CAGbL_mk_j`r)g^LOPKJej&YYUa&iX6>#e)U8s#QXgj9bs66`IWUX3}4rVY(|{2tm+!lvqV2hI}6MMgU08_7dxD z`gpr(BE2S1UDpHsvxjVkn(s<08d9#)qf`xgYX}}v{~^hI(y|M+%b$t&0tz#PKQh&E z@48to5=c2*IX~A!eHW(B1Ho^#&>d#_&)AHE&%kACS;aOtNNtu1-Bk6qYejeneACQM zYXvPMfhgq^X<>#nQb$o=$XcP`X9DzNVrNbT)8!GU_Q)3;o2(PzmX`|3{{I zuU9b9{yD0WLt&+T?UrRaPy0VG4Q=gSV$mub*(h9jqp=Xd79s5xM=mvip0y3;e(#1= zm-;X_SV;MHC#M?tme%PNrh#zU)?>+GG`%7s9ks9?BDNPLVx=291JR`F>{NO6|3PV( zVQtvZQ8+C(%p1QgvLb8UgA&tpf$xy^TU0q!SxYaxRLaF*6eGgEm>6R4~?-nRqu*9yb2mv&G zp>3%8WI`=ZXU-seOuzF2y{nkT2_70;?-e)Su}e}p9mhBQ7{%C4TE)9on0+pSr7230 z>!vrEL1O`>sry%QEpq5E89J{u{mjn=t@c+8Z>stB{H&|o7UHW`{&G>N$^{GcbGj(I zL@L;kb19X5skK%>Rm8#xnZ^3Rb2H@g#?Jsd7!)rEG}F15y63WSi7d{YCVJ_}L=;qK18uG68yT-WRcgF{sj}fiz!w zc3=24AMS9CvqVS+qm7WI7Jerap3-jQfbb0*@lc8cvV#$-!;Oq)EUOlzL`RE$^32_< zZJ7ZCYk>j_1{HDWaa~?-I~fF(=5T|6mRZzecvc#Jctgoc|L3UX9YurrQg_@F`#!U12;ew<~qFM&6(f{G7uf^CfM37?)$YB}<$pq9j; z6c!7TsMoi1z)E_ITpm<1-5ixv^?3(iuBsF*x$s4`CKz4EKIz(W0FeUCT`7wbqg3=s z@DeWoOIzBNP6LbGQt?X-eH5pso3PkOTjh}qpnosDNXzO9jm~kMM&oWS2Z`Ba%!2s@ z6;?QFYx+s_1Svo9D-Q(8Wfk;;l!^y>uxTS#OMZG_TZQ))&?xUx&y@GB$L_r1Hm=Qef4A zr2|N6Y2Uc?_(}Q35ZvjOEp9!-Mc+=AjuPR7{mNKU(ok$IILxB+sU4Q9y8l)cxIr|3 z4uw?gal~gsJEq=EtidNpS7(cM<+4yl9GvoRu0;L@Y7n4=9}gCn2_X;zkYcVS<|JTYd1;Sq2D&h0y!AG5ei=Z0}xt0bLRHTa<7K9^dYh1VD_ zHd|4E6;hzQ%hQa-R9d=vWrEGi6+(_r!Y8b-S_ePys^>#d4B0}`+BGQ`LOx9`t=sv=;V7DyzO{c zKF_3mb}>dS7<=0+1^M@|nC)ovJlc1+a0UvL$-HjApG_Ef*r>Lc-;=xixT|HlNZj!h zx#lQz3UW$^zcgq^zc}}u5^v06qdK*UdpNB3e`fvrIw6ni@mI_<2|6Ru)#y9CLpC{^ z9Nx$jU!6BgGCP(Qs=lf6>;*e+_;W;Hgc?or*lwq+>bg*~q-En$P!?(K&h8iomR1B| z3!hBYKph81IoBGV)3=EF8bIzuqw8sniK5m;q^ya- zs>qF4Y1B}uT1k@zgUZd?ZS;@49~lf`(p!v7hRM@r1O($p2zV`|TD5xDAl7o-+{ zgm?|2EWNFHm|OZgt|H3hF|x90y04I+e*IjAi=lg)jGfT452f}qk|bmKq&d>f){$w# z+{Gm#Wu0UrrAdy(-(F=W6{cob+kw0INLvTFPTyC0WG@Te z;V0#3%!)$&n0%G2yT9gf)&W9v(BXBcW?HQg72Lt&#BL$tQF6BN+ zJf>dHa9{Ra?l*MQ6RyN!iA}Dvkz{BWeZ^DE+BtIFWc|!uUn_c{9A4f~6j- zatk&I^xa!|{s_2f5ZjD0(^Pbb#j=xr954A{p9{P^QgMUc7(`;u%Jq&|Ee{f8_(=dK=6Y z8%vql4hI@qoC+e<^b3xZ5a^}Syyw(t##_cp%~$5qAH1JuR(J=5X)FvFax*IZ>=0Y) zt>yJwh#`S%nbRCPg=!Xgm&hG%ReuND;d4#%z3S0qaslO$#<7;lXS_U2VC*QF@MYF` zmRX7^&WKT*jxKDg5-@SJq0(gH3J>b$_7u4zG?3hDhK7c7qR)8hWypAyNxX;IfOiN{ z>KBDN>Q^-(@SoWM)uU{(7U7gDHS2}NE7$zDElrv~qHK8;rVXaRyG zhuTO4h!Ij4@RkB->jbUZN1oRmW1=qi9b3Y)oZwIhCyp5{O7)b z9VP01fDHpFRYWd{FN#o~jYnzCfR1I`f!>o~Nfh0^F$P~9(d<%0m2XpnnX5&2s=w3dZA2M0Xxo-I)1UD*qg%~ywM(L-9h=aJc z+QnL$<@@WtBhHAt2b(quIgswh1pJU~WYer6lzRPeXKMVfbmOAigH<}wH~+FTo06x- zjOj(ki!c(o24#8k2*6^q^2!-nbm($-1e%hQ@Mykxh*T-QemqY*a5U;4ZFnIHW2)R} zs<_-$h`fPSoqG~NUi2Ua9sWc@pH%p!CBaupI~TAqO-$B5?HD`$YCXh8&Jp5DqA7+u zG(xZZHjZW(=?caYTlC1_HQsDAV;^1jcT)Z}QH&>&(l6j98~&?3;zUoq$*v3&fC$`( zHd0<|v`exWKWW;z=HHMRjF6_mY9m)Kq1T-JP6UDmOn@hYzwsQ#>DZ5PMn&l}C+nO(a}*5*%l!4noXM;qw~}w? z%3#Zd1j;ep`g`~sh4zyKF&?mM>hPg#$3L?iUEduc#s^sTIJb1%Pw+alxglh*F(lJ4 z9Q{$YfslT-K7Aa&xgobh{iMT6g`uL`C{joWR=$nHu5h#g%mU40{c$7S^RAa z`M=c+K1-L_>p8@QSP7tSy%yXj;R1$V1RLBl=f+H2ahb|QW1}h^8AP(ekEcif8c3fW zOr5~1`NJ1GSfIhmaRse$Nf3zKG_rxiTaoy{Aijw`xK1`@LTOKV729=!{}mg~7}{vr zo4qxV-oN^=9c4r|g1N!$IOrlTklK^q#4vD+qW9rlE5!h=ISI#w)U|nN0vh63HEBoW zA{H)!N_1h0_liBIh1l9obEh5LvYF4u2DEcgVA{9`3+?zX#0nSW_ZH;z!w&9cH=5TF z|3&>@W=Db{+Rt@gTL<-__Gic6lk4nh(@ziBlWV;<@E`A4l24Bc>DQOhKAG1S@E;s= z#BZVW)g(+hC&-{Lq}Ch!^&fo+RB zjP>KWnzUpoVY7SZ$KF~mSYYDwLV(}Ur^6Z+`RG5p%?pg;Mg+Pv_@>6*A|iMT^vjC9 zf`i9c{l5h-{vIijXN|PjYu~lZe@}iJGFb5UI{w$eRW>8`b|xUukREBIKz`wtYmBd8uFuK|B|4yI0x zc4IygXLh}x=P@s3?t@|(_*bEmK=y3ToY2M>o_8SCi#zTt#f26omi^=aWVMl>?3d`! z_}7ckan`yAUlOItF%#h}=-dCp-aABB);0XTLB+OhS8Su=RBYRJQn78@wr!g`w#|xf zp7(t39e0e|IIYtwVeTT@uuI)Yb5U``HQ9Fx^Sr!0hmHRs1V1xeF8GSQ@C0Zt65W=?=MdfZL+cc-iZR ztF%BH1@Vl!KZo5MQ3v6HVfJHN&K2d%2~$Pi!%y>$l?e74j2b}%;L4^yJ-jgduI-(@ z+3&c_P<+gR0|&F3_H+!EFUg6py~vcOy|~rfmNq6z5k?R^)17aarCqSyyowp|N_rGP6)Lru#t zWia$kvGgXBTP7r3qO*njRRaii=$;9nd->)B<$osuW@@hy+)tcF0@{vh=Y1}+wU=k| zmWiQez7|49j)vEXL+qugbT32PH?$U(X;;36=a(yn+v8_Dbx>n_)7%;vS$X-$zO9J^ z4nruYyP{Nl*Khh-}&~8g0oX->4LD@3Z9$ zC1)8i^56MA=|Y>;loS;Rp!qoyA*p`f#tDMUQh{3pt0HR~6FKT#ePT*;kScAapC_1D znD5~Fu+o!_G`$tC+cHWw+LSk&EE>QA9;eaKMRAbDv1fWow<}sHA%owrXRZJzb_h@7{HC+{3hT%UPAP z_mVk%7;FrPMMwXM0miWPnNfQxJQ>|l&5o&{X|^;Vpbx8fB1PgC_c#28;6mErWA}4G z*Oq_Fs};dU6k@0sJPHsFKYj&=y%i4seKzqu*wpQ8lsGl_X9A^Pw+%Ys3PLc zWg6>35gKv^mX~d!n8Hd^dE+WKZjId9=LS!6&fNSqkh*lz4TtKHdUeugh%@W(81g@O zuPhW)&A`B^?)OBm|IFFkT776!b%sH;HD)*%-;24rJBByDTYA$y5!3MduKu_N;B z<{`pV^;;f$YP<(s^4BSk9G-4c&!SKHcS_Itpsswrz(agaab!k6mM<_Lu3X*=+Hk<0^Y-d zC3`huHor`xfJ(iUhJ`dC?QKzn5iuCVU2R#;pHdz%giH#sY;SffZyC>P zScT1~pO4&Kb}fqu8>O4Aq%mZw;fJ|p0;7RyQfs-%0sfYj`|&j^3S z-_o)7>LpA|$EW-q5miuPzV9`dXwKgVaV>MtM8jz|CYw4^2#c=Tmnz9qp$ub{2X5P3I1-U+d7t^FMZbHZz{?VF>b(`+N?9%xc3Hca z(0$5&``YFwTn?4`VFXc1+Ilg8g4;qs&6v)}fzrp>9gf3#^F$au0+gY46yVpLVqVEM z3p~`)O6@-;wDXDaVID2uGx{t$pJx%UuQ!t`1wp%)1``Q`D9a6J)XNs+Roi-UY5+Z0xczywc8C9`18kHI$g&%!ntw(>E8O*NtB9$@N7lDW~4VLb| z=tV~H)Q~LUu~;_cMyH$J+M`XlWWZeX!<*fxKGr~;K-Uy~8j&QC9vy9Iy}a*S!oygH1_ zy3ve0g;b&IZx_3s#aU#4$0G`z9YWxy79x|3MBPnn@Uw8D3=Wfz{obX`CW0qox_QXL zC}q0LTh}sj(z}4~xG7o1QS{cF%+taS1mmeyc?N(XZ-GQbn0A)XX*@@xjqYA`k6BG8 zA6*Y$YSMFd5Uxm=WLxxd)R~CG)upg_Ul2(d?lgwfpy(=r1Nd=$0oGE>(XnlxlkqBc zT!p0pm*BomuZRMWQl^145jRv7 z8R1wQcNYYvjLE-><5dsj4@{wp?FFxbmgzI(E=5Hh zf(1n{9OG^SDTY;-7@2&@vF z0*6Bc>V5I7C?2G*;g)**I$R<$GJ)O}1``*bu@3f9QRYm5{By?@T zi{N9z;(T6qX;OegqRJaCs=m~3@(2pZX>zK#hf~=gs^g+3{J8o^WY@445dM$#7^J_O96HF=JVFF z{kaa(q4rkq;NW<>yI0adKo87Apffacf5gXp+?F2U5Y7CUT*@@M^iBE)37CbsI&&(gN9p;|?Dsw)iBfXDgUTvvm6ll0P31`TtN(V2fyAujeG2=VXP625b zu^Qj81+U=KqLPG!L})R5E6ed!?(~;yXL4%fv-7x$Ki2*}gS{w0tOwCGpY>(gGt4+RCf5R@7M<_-jPY=P3Lns za>);(a_L#+yp>V>LbJB+b}%($s660I)SxPJE;^e1))#%jBCc4N58 zrH3kQBXqJMfve+$cjl#e&0;w5_b)G1&l97mTT0=sWje}Xuu2Gk5#`K-g+T5=@Rh)x zl0-k|!Oxy>rqmA?`R8ic(7(f7O!lI$hK=dDQ1_gZDfR|TmA%ny>SCk=?&yxjiDgU< z7@`@JBN-I>-ohy^JO^s`Q?x<6X^bhQ3&vY(iXU-LrLO_ z!}fK~(?m{tyGIK<%M}>G5w^QYlmscip&N6Z5SKLWeeCrH*(i;-o6HsCbqGq1p;9ldkbX-ieocRA+NY82~ju zX+C{pW6k)Mz${kGYMo9iI&hAZk)&pfVAS*uf?Y`vAEN4Fzqx#<{ZXT3`=c7B$>sq2(| z1Z1u4%%AY>vrLV8b)_@C-A**r(!l0o*Do%-3})o79t*O2mf*}UNv2;3r-QriIJfp2 z@9T7+kb$o-TF7;WlIK(!0L#1}FCDmQE;gkBx*f+t=!V>7n`oCQR!x~HcJ0`g=H+C) zrQ_zm^pMlG=>Z@JX5Kvq7CuxCLwwvUsr1YnX{yr7g6b6t!(r+woVnP<(ebHc{T7DD z%>_ScE*iL8V)$)<{sI}`MvhZ%J6Pe z-~nj*qqTgc*jr&mZ5=t^w@+0S0My~}usMB&7EQU_W9ys~Eafh-jQZN?YnZn{O7cUu zU}XGyj4S&W^Jm52jd-HxjtIV$5KBg6>X;n(Ci7I$ewqNe4~;T0`*R8PHSs+Tv=NO$ zGhquQYTjD4>eI?Ks{znt&+DO+LDRM5S|DS(fJ3%>`Q*AyzUAj<+zC#Lv55!?||R|^vJ|h++rwSE&H^|n)E|% zV9#XbKSWyCnX3{Nkzwy zlk0hIEA=N-9^STj$Gi||J_HZaqexa>$>rRIImlow7?QGeP2Q)x=57&sr- z8*qgAlqJ&|LL;^Ko|iyNLFoy)m(v>lb>*5c20IjbSo)3>ss*nRCwuuk3hyLmaQ@Qq zi!l~$le1O@>G~Ps@i>kgq7USQEWgK=8MkqK?`Oei68PF~$T&RA3?Y_5U*Ne4c*f)Z zZhZy_Gftk6ta56QdNZhV3K4tzD1rxcjx9Y5x@1Tl5UVTlP{BVPA@Sy zC-Phstoq5AZncK~1Z;xkEdG%|;AyXV9C?|_esT1(U4_2}jiLiYz}LuWjERRQR*E>Q zN}dPRo0UeC4LtHe!f0nZ|51;{&(?_cM(tfqpyoOf?23DPSdIExVi6~TueIIK59L4; zQ);m3Gw!&|Epb2SD&}u~5^NYcZ}_n#0KIe3lGb`#F@&^+b$aD?(HrY9&jzhp68mcs z38E}!zrbjJjBLk)=G3^%oJzK#!$1kpz~9x=anfCh^^7ER_2~9+9ayYMU$jjMcR!K* zJNl~VQNFTmO=&`uxS7s%Nb9bNhh2+prOO8`cj7+sn63cyM=eefJXh)>iEr76_yUl8 z;~l&-kXVXCa?voNpPf}#PJ@B)v7O$J(2P{Z))iY3`bY#k#*riHAQz~UKmcbu18~3f z#E685W{xM{55GrXcz-AsBu6?HSv{iwn6U9@27SCUoSD(nkc=3287Ul^KnPnQKfyHhtJru;-YXv2H{DccDus|(HG*x^uOZ;=(_c0-pJEN8Ua>~TFn6irp_h2vimOPAy_XnlGH+$&yFQWB2k>+E|Qtc zs5lWtfmf5!C6R?*O$N(!-A0AEWSdN2HmI2zrTrNlX@ZrIO-(kIKQ>^!8@1x-bZvjH z5G5KB>w@OXxe}o)HlYY|gvRrHha*u+nAHQ*5KT#FBq8p6AO1f(mOb!lTK>|L9Kf>k z$n#A4sn^Xx9QUZMV2iR(Q#&r0@qxR@jbjCU%5SD9{)IZvAM~(JQ4;&9lOgo_Jx~?; zK%a)N1wF)Eum9(w9MMPB_wu=$Dd@omr_V!CyvO>#8^5nXSVN!Y{AXt@4BcV$?}^k> zP{UqZeYBJ%iz3_7es{HVh9}xN=L^lt6Q*UOu|?Q^Y{X*b=u%(>AvMD>(m>#YgV%l6 z2$k7@g~U_XAV~e_Ja&S6(qSrq^aUdF;-qanR9Gqq;iZF&wOKZEg|i)4`(1opW~l$+ zNl3jh7Nl}Gc}CFZpQ|E^0^#!-%ejdYbcz-u&GB2%K=Pv4c&iHO+x*W!%OOlXU&J(J zIZO_8%=A6r1zU8LHKI@+$WHK0GjQO`b)n0-!|-Sd9ZAvn$bnmgu7T9wf5#{H7gZ5y zpbe8uYTcnr#PUeFurp>-5el`^nKjyZP!^Zr`-YkggAQePQJyl6wRm;ei9Pl}cS zln@Q9_PtE9xJX3tXiL}@v&{Q!L>4sl{4+0EX6ggY(bAt>F#lYYRu!tX9dfoBZ!=S! zrf+h=@z6IxS@BFMfsz>I3bXo{YZ;i*`^}y~0}OO6V0XTYX1f*b!|I&$R(O7BwM(>Q z*KT#8#l|+gu~wjo25@_BYIGkYrd7-cD&BnL$L} z_^O;Y(5s{k^QereL>OY4qt$UI-xjjNSoit_D?rT$FVBIobq_OQCF6UWES^U zjO#&-Ka({R^JU;puUYbRDeTIhvvf_dVNJ{X;gaful9o#F{mmt{Bj>`t=^AWs)=yY} zp@HOBD5Rg4SQpX@*1hAbo8PC-w?DY+ySugD-z@DuC$OL~=&-&6k!{SAPa{M!zCDNZ z2A1qWt;$0`O&T3seZEvl(ri6Lcr+O*nN)GAz6@)o^zvAQ59$Jxw=QKu z;Gtn-^iA|dQ5!n#feB_bXFCfgXLj*=-ti3yCgC*&6PUGK2n z!8iUywKAqS-)A<_;Pw^+6STW2Sc#BDliQ^=eks3?4-C*K?x%OdkOt_zH8!$X!gzl+-VeW)v?PI()Oc^=FDqM_o0o_6oSZ{g9mdXm4X+5J2}6bh=yhR05sG0MUz z!5g=ruO>g}cZVsz7b^B{;2t#1I)Xmeks85vR~c!dr_~K((l6r+HWEa6il%>42Wp=; zxQ(tj$FBNR;>)Bd`Ul+nFddxK=FMb8I z;+8Wewc5W0#r?KWvMzPs-@)yb2Y7Y!)AecZV$qY>rm_%wBtWC#q=}-)GYX@81SqLs zf%1?0dm)B*k)Yu{ZRY@vmT(2>ZBd$wS*b_{csw= zb@6av#kYdOG%`J-On&@ztiDa{^>P(F>p21%sxfte_isG3Vtjh^$i1 z=8Jfd-KfRP3V8&t4Qk)ErD)36Jb(g`W8(^ot98p8ewt*1K&vCXqWSE1iA0c7Hwcr< z^U-v8Aq>N6fXc{~vi#wB zHsC8@@&i*IfH+c62=K@;k~jtLb}j+O{}5|Q-F3i~ZP*oP#X*rZYqFB@7T))B4*(Qj zzE;_&4wQUZcrLv;3N?Kq@^n?PH+h?7WXxJqHG9BUG_z0nJwW1guCs)~1yx0xl z4}QP3qqvO`No(D`I=3*qL_R)=4{OQO1j&<~_dwG7I0a5xcVUGU3VZGOWg5x3_;X1Q zw^S93oeb_+ZB`RdLQT2#&1rmpUD};oAd(k9nkcWYQ|-nug00r7dRUCA7C^^P&RsgE z1*y@*6l?}|sTwfVg!mZB6hq3%|rbLyWq$kNxc$9$j^K51b(g9l50nO^~*u@%} z?0QG9FV&N?jdN`XpE+Gd?aT--*<%!(=;2X^M#yA&cr+NI^AQpXqu}~*m08UufIO-)5@1-&(|pp z8Pg4H$IKPV))1+-VD6AV0lBfT&;H1$Isf-2Hv86FU4GDD8M)kHU*QGOyw z{?h}pNHQCqO>YZIvs&Lxt1&0fpYv%fVX;qWOaOBx1F#{!bwg28^I=Nz!{)eOA`j=X zsfkH)GTpiS+e!tAACf8C6MkrZ7G*E^MoL0OLwkZwDRaVl)4NNbPPJOM@y4FS)Js-- zB6?(1zaoBZDQv+RGJcNq{jERDE(Bpp2*ZLzfTeCYF}WGHJ&BGeA5^L)D?kXO#vIYZ z!|7rc1*4S8uFYOx62sM5l=l~nGY89R*}tl_ZLeW_OQtjB3N8Psuo62qnPEDZ2pnvP(&*g6QuY+Sjh`XA`;Y zfM{JGn=Bn}Wy-v^!rO4n`mKh*Qa2}pgHKn^wleE(UX5QK4c#~n|I^GAJ{E}Xd;%*W zdU$nGz#DV)a|S0&JI%&bo@pg6YND9s!S&~;W?!loPHb1WkyrNAf$ z6LX0AqvdB$8y&IdmaQOqTvg=|t#P|?FrTS7P*`=>*25I^>$vexxaA|5gB(18rw*>i z4g3y7kvmF`i|dB7A{109uwH?Loz}0^RND0CX^#GYEQxCV4WHNZ%aII(=f0|wT+G#6 z#&59$pi6Mzdzf$dXP`sR#9{HE;WFc9GkaHYn!U81)%~kt^g?fd)6JaHM3j4@k36PF zI5q~VUwyxc&}b#ODD>lwuo%Fz!;kar-DzI92YBsJaD(2#Pp8~H)6hH(<~Wij z*7kWVOx|HW6U#yt|H2a*@kTXRm|G4F?Wz5sKpzcWYWOmxokL#4-ZbA|fG3N?O`vDr zX~nx(r;H4=E>JkcPa1s2VRUz1R|8c;or~RHZkBh%-ydzVX89zxP`kws{v;G;bX?s- z!Rzqu-nvXZtxk@%T5W($G(K1Bvb8(L&ipU| z?mzklrJ?rLE+X#C859KOKgTu1s&pP-mflL1^xM4h@M>ILURbt7YUCWcPu>Z`V(HR` zzbyp*H}VFeNbE5Zz-v#eottVi*J??$Yg%D6rp2DOEEU$7I{eDwz_NDtusR5r%v4D3 zaC#!TeaN57x}exTuaYDkIr6dMC}eP|ZF?$^APWd^kCie3119pkeU@q`61Jx{-$+;1 z8vM~7b_QAA|HvEO#=;X#Oqchr2hWiiy1sLw$vS8GUD9D9Z<|=DY(Ub$L))NW1K`^) zr8eEOp*6n$Cby;LQ~XD%_Fs>LYV!N9DIFrBJm|rs#3roIFXoJo2N!>bQAd7;7c~7pXWBVrGSW z3@IC7cy;uiE2cKUqzb*Xy_7ylf%Nx!L75>;8QD~C-f=izt9Y~J*=H^ln`7&Su+F-d z>bf<}1LLm#4plF-sMLC5&cJ$p+O(Re=KoSOfPm%90+Eh1|8F!6Joy2UoRbC!^+?0L z_7I8}d8p2zr~&RmnfqqKMx2QWy7rLAi-FL|Bw8`#89PL#BF=_gw%=vY&ZznLoGzeS zaOU+3S8po-Zxg?swPnwI8`jWl0?b!{GK^Z_sr~SsER0%stK&#$d(g8bW8M#tfU)43 z#{)ygKRj4t$wy9bXrWpQq-UL4`K0MlQrS=QmVV(zf^|2BRP~eEH!S-Iky>@cC~sAQ zMui8m@%NoUA_0Vj;qzwO1+ zgNeGS)NAE}l$!XYsl+SfKYti6r6n~R)g!hUZFUyRIMcR*jGDo*d-_lw&lcw-!0d zISt`i0n?g?F*^uyRfWTR4TC<^F0I1cLqdb>ZxG+<7UD2~zGQQk3wEwmCoV+yGHSTIn>Gozq9w0%2+lmkOzd~Znd`xPWL zu5fss9!;yQ~31BOTc>2YOS{pv`xBtVa&@?*oMmDzK=)hQA&;V!yi1E+}1_FXYl~hCwHKA;_<~g@Mqdil7F2_re_;jeyevjVR zi?OlPps?uJRifPy^`$!It$m2M{g_I=(JlD!u%7rlv z95tE_D+#1Rzj30#K?0hZku&_7)SN5$z(&-=g`B%^nM@|N+s`o$8B$z)s9>h4$;dKW zs-roT96n7z$`Kr$9OtW>Fy~CKqqayzi5e*?_9rht3oWP>STf%?Y%?iw@hj*>#e``H zv4{X3(Ma`H{N23eP>qmSS3FjH?wS_4lu);}@?WSQ@L$f4_s8|W#DBJ1G-1N1@~MXp ztAfI?Ddfzk65s1Hg^=@maeZhzsfOp)tKn_i6pa%w*bRn*BNyqeR>@VWL)vUsf6d9Y zH3+I9UBL*#E_N&^{d4smmnCKzMmw~z?x0E9t@Ihe_O%xAe*G%Ce%+bQ5&y{De~Mm~ z>lffGx^`g*P;OxD6oTFg1TcHkT7N~)#WKxsRNoS!P9LDhXlw^NfnPu9L~r>m2XSey zW2xz8Kw@n#4<2-~|MTbyov1BJ^YV`(QyWs6DTTAkoM-mEb<^b{KYQW-p#3Vcn`RT< zQF3ATVpUKOJT@l?=mWXy&XQ4s%tE9dQ`rNwrCw9NI2TN8#lq1Jf zhW$Y!H9tJ-`bhEMd)lLMN=4%X`fxV+Xm+{&*I;^vkyP@6!cnsXqe!?{O2-3C#RGYF zooH6U=yq3;417657q8?@Nu+yZQbTpC@HZQ8^R>YV#*qBzx7&d}* z320i&3$VXC9yqxk8;8$O7~7bRyA7$(BWX|tD%_oIpexUzRnSG5W-dca?LCHJqlz(w zeB#c(?=uH6qK=kD0am4B$@`CYJQibCz6a1Y@H0(^Et@eZNQaNc;GMp}Wh51*Wb7QQeW zzIrlEQ1rLHz|7fng)n}5O^6i97J~EGxYe6W8C}h&l9mU6;Mv0V^(me?g|693OF>pD z8XYdWV3&(wSUMysN>H}F+C49HMDXkMd_S3|w<-j+)CV4@AtJf^2)jo9RycgOMLVJ< zX0QyesazQpWJ%N|BV^9C>kXAoQZoaZ8WpN|DO$yE|EPYHvq2J-f3i{=8~q>3pJxuI zV6D1VB=u8~n@njs@u>TCn8*PT-80LM%tC98Z#$TR(3d;m#UGJ* zuHn}RP4mQ-wy~t`g09)&J4O!w$y|D8V{^!cwivMj^EZd) zl2v9wLF#@D${vwFw}^JsvwKp*($wTSLK(awE3Cz1^%6w?QK&yquUmmq=qwSmuiYf> zg*pRX^mxMZpov#{su-~@x zVwR%`y{S24{Y3pm-WK>H8ov$MXzU)9h6Rv6VA7nOx%=Dapb!Rp8Oou-;t=}YGMpqu zI$=5e0>a3l$GttFuJUC*x!h=BQ}7isrCi^jhba^K{}kfaJN0a-U1)#ctRWnYhm3i1H9D5nkUAPkGbp=9qfgB!j)(6e9@v?G&{qV3AM~X|34mFTS z2;nP`nv+`wMTikd$k$B zN~xZ(mlmt>6Dy83A=og*_mbM_qdt2Tw?PyzH$|erm%{L9Tr+vIGxn{k)10Cg=w_UM z9sDoby~ytw(e!jnWimkd_)R_uMj-k-go-5n9hUo!I~NI>+}B9#?lw0;|7*OEqXPuR zZMQ5ZtiDexe170VpNBo&@_^B(%ae)Phbvx~qYSr;C#q7;;}#w;yWCnFB^3=*9Yj^4 zlrSiWPFdK3LC$0O6L=w+;y4pqX6a;pbp?;HaWjN4RJBiMA-%}!)?k1qg!4L&DH^&t zf~og`wpmipp5C(b*z#sK!}jb+;o2`{qIr2HKelZggX+JXkHB4j2~Axr6ERyg(#*Iy zC|F{M*-WHhV%_0u>A2+1ydK>^40}0SZ&TjHM&yNzh5^-NffFk_Ov(<;hJnda)!(PU z=K?-Av{$?0vn6la)GAlI20uc@Tm9hT7dus$eD6yzx4pP0PB_2{KS7x+`Gs<7Jew4sx@^_X%W1g}Hq?K^yH z!k2!7E3xyU%+_-`?#zF4cGqDpPG%17HsSIP+lB7OMtIgy+6#C<+l=DP1yWpVFl@JI zbr5iYr~o&Q#Xd_JN@Eg9@20=WzLo)sTiSnWKWZ1|b)Hy>rX~B+KTg@ksr3tcRcK(t z2DL3+Prah~LAK!jme0+>tFP{E-&f{O#2U%|{KEAz3tDbM{XU94CCbhAUX>>xU4{GM zf_}+Ws;wsl4-oCEGDGDapwtAyFt3ZGoZl)uEzqB1mp{y}o^y&0s<+5nm+QSu@Vuhd zoGIjtswi8Me%eXtv0$aE5j(5MeUxVAZq`xJv-zbuZm}|ejX#CNTHl#e3*K{wR$+)& zaFHxs=QTRArOZos+pWC6hW?{1&lekFn}4HUHNUUtk!y^M^KI&y&6HW%c-a{z#Y)?_ zanVwNI6d?I{i`$kYvt?u%cCvnEB0&k)9^m#fgt8+#w@~0flY*lEl zFJ&qT=%rXp&sd`wGb+z$DTw~N|WWy2(p>Uj8uV+hQ~t{aCUY1EX7;S`9amLsddod712`Lv@0%gIA`etq6D ziN0u<5E`}3xIbV)VRA_$tx*CFrg9$IMkZ^vF7L~164~gRS}l)6B8#C{b)KF9UZjP= z|6Po+_eEQXh)4Alz0N5d!mIzB5s;9a9I55iiv5)7ZYQw`B9|Sl7jmvUi>xC>mo+np)IGUy&|!Pnj?`ZJEe=G(+jnK+C(L4Vv_Nmd+o$(e^8p?CB_F?^kx5% zc5XPIb8{~F^F@%-?MXt>KPx;F(J+(A{jsrnlSv=2yICnsY>Jy>il`Nzp|zbkIeM;? zIgi-FUZ!>6*c+*NhM)iV|I0iacXETscMp#wr)_G3Da(c_Urnblniy}Y$q7nUyefhr z2gZ(@TFA;7LYTm8cUaTyoWSul{ObX>_qK__Hr&h?KJOYa4EQPoGX%Qclj`h}O%r`LB=c#Y zB22*jmg~~f3-tx^$FuGP&wqfOYP-)ZQAg9*eof|@#TwS)q_>-HD7g%-g0!3qy=dc{ zQcIj^O2va+xKfvRJn^^-u~@=1%_;eRKFp`43LB)kCKxnLp%#m-Jrdy0Fsww9B|*j{ zfVj=fk;;|EQuM%Z;%mPXDb_hL&&qjB&P$@90ia~)Vw9XTu7Y#Zl)75E%E>0N&tt24 z%=OE*t`=lzdxBM=_kFAZYGXo$Fb)*W&XvA8NQTw{f@}E+k^=D2tofcp1>_yOK@qlj z{K=$h;}0~>R^~+WEeBsyV>ky4w~#l!-!h7}g%5_?iS5lkr?~B%jQBEExiMr#r}Kd) z<7s?GfoM{4(4hDkb`xmX4 z1@vBA%7Zi*jNMv@%Pe(A&9 zzHC>~8CZIg;l()`E6?I*&h2@Jnk4I%A7_x0TC4OLGGM~QeIRwua+M?KXw^FSlDntO z;A36Vi?u|ho^K<^JImWlPb+%iiwfm)r?Op$^aF_L5bUkgw#c-a*bE2>B!GKU4i!Am zs4A88IckFDx1m>fyIR)hxOfPaBSam`@cE_MMEx!ztJPpT9d}*PSc+AV0oLM}YI^U)J>zr9=LYMnG0LS!fTYw&*@FB^)+}2X z1L+4YS)rUR&ueS_oY84n$rCJCK~A2Cz4Y8l?kJ`z=4)&G>>zjK+)(bi<7pw6O|%?y ziu_Pk48ytfU~RjIM{?e%|8!GXpM;AD)iI=;&_Z-VrViX2=IN>2Oq9dC=jQ!RoJy(SjPYa!?QT0rvv({ULh2%oYUMu;kz;wW`Z zNHNa&kb@oT1zv#@Fz=_)q=K6Q;gGx`WusgM_2J1Na!_jpXrpCU>jkd8nw@;eXu*4K$B3L3aqX`8a>jI+#K#bnn zHU=ysPU|1>-05r41PEAK>-e9Xu3O#{A7fPGf)^$jX)((X2WASCbhJOcc0$wb$I5n`IEPQ>jE1H3#dv(%Exw~9D+?R0>p1Y10EpP3o8|XJ4Q0fYvqd5s@i7zx;__dZHd=>Xxiq4T7DxvtI*Tpbe*pFUh zd5+<~h7~F;#c%Z3fEw6NE$!`Y`*k7LZK`mpzB!7s^rie$w<6bc827du)j9LmAJ&wNcA!=Zfoov*{gX#1rxo2r8qfP6Cf#dwX+5 zFdiQ+dj(L5y=u~s>e27sT@Tnf_iARNT=!w^9jB<*@NcY>FA@pMv+_M4r$}*{sFymE z3VxmZ_F!eV=|t~iIG&61vUKLUh96PUDK@~qp4cjE@Z6hShP(?ulC~t)1!pqXZZ;Ol zjg#VTjRhyO$X5ogdAd=yv9tKcz|sJS#e&44susl(e_3+Kh&{FOYN!9xu<4D?(MC-E z!M2>_$)MmP(F?k}*|`V=zm8&7zGVG~f?tmJkc>2s(~d)6eUZj=F^=2LvyD+v>;>?*j^6h83N)`_drr8ywnbn-Dw9xgRAl~M{mJ}mT=*Qa_ zOch<^qgAH&#+`4oQ-`zj**Z>O4YusBo9d}lG$lJLO{OZ$CC-MqnEB$(sZ88VvU$N& zUj>)n&&+dD4)&e_ygIShoqc#F!FOE}?1gNd(#K$65Lr4C>Lo4CegCz!saQ z+tqkc9q_T4C9(*Q?3(44CVpG{=`e&?h0JVB*wHCNqU~<^lG%>iBNwD0>DK4Ca8C{x zFn=}Xx2~~4`D`V%d(Ko_{J7RK3N&({K(=W4YnDE(G|2R9KNjr2eN8s`(jFG_s)(Xz zfGjS)Xrt>Elpl`{#?PO)NSWG8DZZ4lWA-ymK6Y;`0k3IYRoZLOCJqTn3b#sggeDnCdHzc{m7(UH7o}C_roo|sG)J2whoR6!!228&F9DXxmJQPL^p?Qh zz)XOX1iJt)IV!LJ(W>5~ON23))fVBC3pa5tZ#ccVzV1K($$lYs7_^6NO999Z3B>;s z3Mlp0s^w{9FnlD%UdVi8V0@=nkPLa2&#`H85err z1lUKCJzW@ny9Gk>+bvS+VjIa}aTY+^Vs2;H+~NG)ry?>pw7VIh?Z%HN5dPn8Usg4a zPZ1F8f=wYXI$c0`aP4#gQKL!M++is&yO3m3t0#jZzB;V7p1p?<|GoaQ#vnE66MQ@Y(A z)Mo~$7kbvY4D(~e=)#^=sI(vLLRMAJVrTqGur10hUXhWiv+D=NsV&DD7W!n%q5hJ* ztTa&-&5m-iHcZ0+7__0oP?Uc$XKO+WnsDX4D2~@gB0G4H#=f&5%u+T+Hgotim8QHs z*hN+&4jhp*q`IzFp9J8}QCv#?cLvIeJFJEnesB8K z%Hyx)?Aa$EbEjyjSn4h99l@jBsx(6-^qY?09?m358T>P(9WO+sbX_y+K_e|q4Ddn-Ip|%(3vL< zurn;8YN8RAV}htOku!590INTPEc|*g(H^X64V-mge)4(G-Blh6v%9bp~qw zM)5SM`8tDnt|v7-DtX}~=ili@VL(@ixd6V5CW+PxmB7>F{s{rAJrhK}g$61}`B%q$-Ln_p@QP+FF zE>~=*jK6)|>Ze`T5Fq88`RBb(9TT&rM8?YDTAbZ%V5!!L8o{-68+Y7*fP`$#d*j9S7HZ(;7*gNGbgg zbm^Fh^*j2y)xbw&wyv$aE{Qhe!fSctuK!litQ$jZ{^a!}^%CVi@+?hgiNSFugvM6I zN5p&r@KO{Xo(YDPm&P6wo_X>JBm+;oH?Dt!l%us#l*I0C0Px08slzP(sMXxYU< z^*=SQ(Yjn2?vW#QQBbGpYj&!n3D4IN1$ghH_umf& z_h)MObqitZqqw%8*APLG4<313@^oN|lrRfkgA+lg zC>dF^91bW9Z6PI-RR)fA-NI4C(9u*jGhw{ zJ=jj?XK@9E7_g=I?=$pKUT0J)p8PQr$%7to%xQIY@#9_Zz0L@8a`EFGx#IF66zyWG zlD6-MlssTc>9aFQHUcVUf^E%05ppf0g>)KPjYUMvkzu6quvpV7kEpkce$jiY=D`4<=YPU<3*AKsIzG~mc@|sL>&)sWFH~8v7kZUeqD)W@gS&LY z0Acabmtc-GL*=hGj?6PUi4X<&wOB4E`^^pp+-UH2K(&^37H3Orv*+++0~X z-}0@b?Q_(XUKpD`c3)m>>EA_8uK##vy7B6(Owbe3uiDx3+%TPXbNctHWLouzDbi=3 zJ=9+G-^mqK6qOhgxaOMq`YhD@VhM4zCcT?mGb2$dLjqEN?T6%bIqA>3BbWFdV1M3{ z4!fcj%)6%5e!-__SW@pH{4afr zQj1_TVA|rsmw=zde|=uDCeslIU^}IQwbgcFD{%$yf&#=QkcHD!uialfaX%3|8-&A% zfq*n6-n6|>Rsx&Zbv-s|6Kg>3HZ{Eb{heTu;(_d}G<6Mb(CE1)S_j&YX%Hu*v;3jqwKU%{+`Cg*M7)&#o3s_1@ zA=HeN)R^*}VuP3~!>YRtV=_3>(^({ud5_9TGBTZs}f-*@?gsRV`#DP|YuEcpVvGUhCS&U|94V<+kp zTVcRhH~If7_8Htl5o)TWIP>t491uXLGL zu9tR`mNXR-D?#YFn8n#7X}ab4H?b8%3YPbr52;T)PhIodo!d)zva3Jg+fCL)-DQYbj|^4 zn6zGR4ppy=8@EBtAd`QCQs+6nTZpQ9PaO$qyOs<4?7`t%{~2sg1`Jw=qRQN;YQVl@ z$B#TLjq)_cmDLE5twmNCT(GS1%Zn}$vQ?+#HRv9%|I2^*FAa>{ zcLEFY`uD&4-GW@1B08MawG!*=9W5E)n<=2P{e|?*1e-I#;8U@zC}!u?iq9pUj)DqFbW+8Id$q< zLIK_fwx8qD7nIl7xhtyN`TH$UzANk#mbNyS1t1os_)lDHo_irN?WEz-D1Ih$Pu|J| zVl(5Ja*ckhNfX8~5a5+@s6Ft&_OjnwuexDw-woPQbGJmEsq!9O%r@>j(NPpZC#j9d zX<<1bdcb72HqV-M@(`_;qJ!9xOjTxa0Engg%cL}63|m@0c*kyWybE%xhg<`3F@9#p z>iRCat45m%^z&@7I79IuN+K04&5qW8cOPXzTWE*z-_xR1YXzdJ1O&pUO;gY{oEaiE zVL(KF#X-!v5|#l^mJxg#NL|$HOW=sX0x~>f;cSK5h?C`Jb&#?>NVUbwt@HDsx^CyN z2$J+4CWA*tc<{j^rGIb)iAEeO*y4^CY%zxnHosp0TaT}6$$(pY)ttHzC0In|=*P{0 zr9(~a2AUJPlp?DXl5T!9Vke4|pi?$?97vp+OiL7ju#d}R=$BgN!zWEa?@ezwhYt9x$S#`gF5{uP+?!O2Wy zw|hICPG+Ywj_ve%Hg&y`+dl3BNPLL09dCt~I1+h;Z=7>* z&hG~Yu}|ao<;u9V_c=X6h8U+YCfNKMy}mH18k%qQx@<^&k2CVdHO>5SLpoDph0DCq zc_4^M%kwAw*?uasoA zp}AJ{flzg$GfFGWx#21Db`WP7l?JslVxWvmbt5MYsn@h5o!I?2hc&R2da!>ZI=W;z zxosB(<*Rw3H}YoSRfvArxnl$mrOzhl`z{eD5^85dT+~9T-C}MCA}{8{QDLgKYJD)7 z5mFG9FD(Ybsr&Dij7og^TUoiEdyV#@;C-HWy*Y!Xrn$Od_E0gg!hJz|oDWV4YPXv> zkUcdkTq5ShNP^cTl!X>$#t3i+U_y^irK7v|S>3&f7cO&U3&CPkSe?DxQN7iNP1eAj z&7><3`1SJ!I4iwio{2z_QC&ZfRBG!YRR_Y=J~C4VX6CGgpp($7EN913^6Vij&tLfP z#3wRmS!?)ISvrWs@N;y&;;9d*_oK;YIw+EKNS*ca}YCzu$L?8t_ca-Sl)gKID8t}aOjc}_Q! z$Fc5>_&g+3AAnuK{uM)Zu8YDzva_nEyL=Y~?w!(L{Y&XXYj;JnhK%ZR;Bkr9JR*tM zBNdOh3(TjupbQ9+F5XKT6}*3?p6x~uHe_9~8rNHtD|>vay%@M22OgG*k51;}WK#8oL&cNwsuIjKpnUiF|;r3NbR(^yVU z{2n(Y2I}KDUP|TCSJ6PP)q`&ktI;p=Y)FitJ=_4H$b2&Te?&4rN26A;1{aoX92G3X zg&DEVsS+3~GyU~#q!=+#A2^?-v!mc}yG1j}<{+fPnd_0ON9oRCM{gx#hD4PXZ|j+5 zs_-CYn9uD7Q$-VbcMT8;EUEj^F#rSE^jdxAtyJz*&6M)O?&U3wIrO=KGW5-;-kdLK z(Vg@fna*@@TdKSKgn2qVOMZ=mE;&j~>4K4|5 zd9n3Og{SH8(3w?`FEDju&MxzC_Y9N3$~4mh)H%e)Zkss7GI7bGc4qQ|f!{?&yO9hn zusFA>qFvGvul19~w%NEHp{YkGl%WuYzc7&8-C$H1%1K4aTtbE0ndV!2vhkC8Sb4#p zGr+^yo2~@C;sLM$M@qiMbY)u+0 z;Y4RYg{~b{o3#v~&gk}A#-NOqoaRJH&&60sEYv9nuKLB_ev3v45RdlSY)O4uz|yvM zfUnK>&LmQj9?ciD%!nnDjD)B@`T63i`%-rS{CsisA3?OS%!q|N&nf?WWZC!&ux#v% z`b+nr9Vs@xVv3C?+N01x9i3I4pbKao3D-$+d+Cx#hy&wP!k7B@vkvHv2E>=|K3yk1 z0=`!VM>=GGdU|LFwQI*De)^7@0&EVmY%isTHlIi}ax(N(8F;kkCsgG0oXR)?pn5f& zt)s&ZUcys!d3F2g>f-$F>hc}Z@~Nwso}xQu-HM}Df#p+^@sPG&Z`HPmOM4e9K~Zpt zu1ngOs3o7`l@+Ws#Qqgi9?d0f-h!H?P}f(a`x~Po3A%+?3RCS7%Q?c}(D4YdY#DHq zU?V@|DPltsb&R3LH}NbYi+mz|4kxE4S~V&RZjBCnH9sfTtWRlzrQDrWrwIM3DNf%C z?WPBg<4Ls9HMKY01M>B`&D(`rQGck9l(HdZ;24hD1a(Cs$MBP_`EQ>-PWx$CSCKz_ z!PaZqpcUpTlh$XW5zMOIzeb^b&UV#admSW)&$)IND z5&MMmXo|XKR^OO9Hx_0Z*x~` zSW+Dmm4-!j+91|1Z=49Z5wUU=-28fnN+N`W4R@41sw9)}Qhay`G8U-yW-;IocfU+;$_E#1$p?}r5% zbL)>Ch_cDkHOp*;tMj&5T~eO04T&~tG;El1ts|;C5u~7t|2@Br3Squ=sL+`FwNnC z5dAZD?@_Kh=;wd7xPYFznd*P)_Htxp^l0ney)hnumJ@jj!V^u6OD?)R7WnBzU3#6M z*G*OhQJ)SJ5)YMCJ^ayx!jJ#@0dI)pe2jI(bSio)Uqv4&Zy*8_WJ#hd85r%m$t%(I zt%T*Q{)O|reh2571|zAZ^~MYtUIcs6>t*Q*1}C*detb07&1gf>Gu%6f7DF$9>E~(jem4%!+K-`=zm89ZI+@F-^{tgy zB@k*C0`Vnj-XKVR_)M>@aG(ygq^Dx zlczGai8F-JpiC3bfR%YG@c<)SA1NbfyJ4mW(|!b>WTG;AZ;0~kl;F7w{X#$2Z={?2 z`uc7MYQpe}>72$6)cwKth>1On9%U!~BQfVIZ1qpKe?r@UnMr#s_Z4ecnH>0kJMda} zeZvzMkeX7Ay9bO2h~pfh+Z`p=-E-;vrzWW$3=$$Hlq8Q%hq=B~%A8Jl;c9XqJ3E|t z;AyWn27mf-n(xPYDF*a`)$vK`x1ASy5en+Ne$LpKivP8&lDWKYb(%7Co1)i_XNZRu zRn*e)$Q)Qyuyn#p#&_Z!ZZRbuQn3lnApoV+1m{Vbd?M5C@9J@7@Qd-W+XpsFC=`nI ztaP}B!7^e`0DSU$R!i6_3hB!hl2fH9zg6TDYg~tfbmfsc^tXziCe3={UKynjHu&un#@>tZ_03G&7<6OuE%g|wYv1PurH{H(E zGKfZ=hM*f9q`~$?FdavTL@pb0nDaPF;xI3=8&%R{KaP^>XGjL=13bu4vYQZB@&F@p zl;9ZFWW$XdB{7LVIlA#lOv-W7%3)g$awjLx~}J7^$hB@*!F#a>yb46G#`%pxG%EFmT-^_l&?9|21;tcO_b1ZP!5!&Srz8W zwk4T0JE~cRSv!V5yWdK`XR7;b#GDN>F*=WiEjve=wC#eevI@-e+jhIGdONgtQNtT~ z66~wqhPe15_u?KJqMwy7_FRqN?sJ|_R+wY?{A`J5_DfPlfdeqW@s}WR3LBs;=^cua z83JvI;|fd?i7c~VkToz-a017m^HRF0gi?72ZHZ+dOl-Lhkl2@t(3ZWrBTa!rNlb

    1D|rkG90IJtpcAE;r=< zypOi*saz#+K{_u*vO*?yiCPPOe#k_bacq*d?AeVe43oATmTPiiBlgiOBbg}sHA_$| zQyrGi?}m&P41qfba1$xM19kiV^>~1u@OEEibOtaMZArP>kM}+tul673YJaY{I*#}H zgRME<>)Ud?*FU;IjxLbha=h2?H0yY;f4tW}-s}6yLGSgIdJdQR(Ub2hxzkrHS?5{C z+OoN0pGoj)FUn}!ks55^<5_sP&8e`Yl1KYoy{L^Gal({2$&JKVm#=ua5xsDV&QVP= zT2TTt_!vHi>7eO7A{Bj3ihD(jP&&j~j%}j0eqG%txoT69)dF>ZX_S7=I98K?D~%(r z_0aM=rzWn`3%WLj7i_1JxS|TN;Ltk+`BKqZPU|_zSn1gENHaEX zYr}iI!3E7}vo%-eisBB#I#V4TCH9=#QAW6`YKF5F;ZD0j2UeMtQ8IPj3y?=j1z5@z zdQ!1PHEVR(h^ly;`Ppe4m_1M__z6%+ntChaPvTstPF0`>=)LEeg9?IqgTDI~ zt!dc`)gaYT9`{?BstCYv8Bzi6X?bgFP`hcfi~#5GrDcmN8ORL`*&%bTy$DUZpLPDAZ}UAoFGP$! zT$3f`O#%fEJl>s7oR&+VOjx%?L#x8H+|ynoN}YAC%NRSpNerL`0I?UiHh67*pOg(C z_1EGst#FM^$4XLi{zmzwapnzwQ`k4+;vX)=w&1gWbYgvP zQY^Mp3A@4^Rj@QhzV_fT1kSp85rdO(^6C9$cUSs^bH>s8f@Po4C6RW3d)|%oL?1$N zB6n52$ft7)9P#j95FUQL@O8k;K*L|-WjvjVu-N5Nldox*);*WVH!JoqYuK#iWJW!K zFA=TyOt#|N*mnE_9`Be-4U-oS@^f+Ge|mo@j+q#AH_Fi&X|l77RI4*pm9L^()~uur ztD_n4&QZpSLZND~dvrmnl@apzEqW@1^op@q1Zii=i?`H_cLu&*q;4=zJqcbI0r4Yr z&tZY(Pv-gsX@)v?PhA{&CD_wL?lyz2??D~UNsict)HTfsM`ky1Eniw3h#+vUK0U(V zKPwD=f|=xOUgE9Y%?syiS|-A}KJE4ugtHfV$jEp4;M&I!;TbN-^{)}e$Q+*R+9Ucy z2ibHlEXRMC$&N~vkNKwmx@f1)Tm~@5DF@{eH{=0FvyAJebTP%v(4XI4qn|YtOIqr6%hZ+TJ@)A$M@`{bH3iO#s}e5? z-*sAd<1g@1OgbXpI?E{+|DyT)qjaRVrPgc%q0MUBGub?_Y^SX!*mn|;NUzIWRG08h ze3Fs_AgdH2Zw(_{&)>J}aG%I>%A}yD1x{s`PEV*?Q;f_;b}{@jAks zvy9pck^o?;JuGs0SWIh%Jn8p5zx2RqVr=f5N`50$^~0p9!$e77YPjogGicopJo?6O zuRMU^O*cF7T<7wn@6T6ch8@f z=aV^*u@{+*7qFddpu?eZ@RBm`+^o7lP5t?HBe`@QnZsFj;S4&D$WCruAk!iZO+1_< z7nS`M8;Ko}={7OHEjs8fCYLScaItx50inpBw>FlI7L+=it>()?3ySm~Bl~5ZMdzD2 zM@CR+be364ZdrWrYE0m2eD;`=6BcZ^KWA(>6D(>b?PiMk^S^>ZWAeiy7jI0oY$yXP z7)g7O@Yt9vqx9S&bGmqUd4Eb#yfZI_r_c3KDbqtMxDa4uK?}VaL_2axdMM)q#Z0!4 zVFtg)Vu)>(FXGpE@4Cc%e7q%j;hbL4T({MLL>UcBpjS$V7$?M?3QQ2rPT=VLY@_R&uYvVcc7v8SBT?dbc3iRMSIx zDLQ9;$6{|*Bow`WE3;dX)&%r=<%a%ckpv*;~!q8XVWVZ=&Pilmf zBoX;7=H#W`u*$tKL`5(3i2-#W4>&~SZmv>+?Ip{%VzZo|+k^_4udwyZVI!Zr{v zYkH9njMR<&QW|qP(|(j0`9i(vggbqv2T7xLKAPgS;gvWQqbWy!cc1SnV4J!8>ZK8m z9#ycRVy+7dnr)-WHtjW`cn!VBoaE>iT;e6zzOU!E?|*qChA`mXxV{{^Wz_OP{LQrd zlwKPXj=_Vqa$<&!KCt{~=er5MeG=u~!riR%Mnw;T^&N5bR#B^gNKV9eFh%IV{ z%X|i%uHQx#%Q={bkdtY0_t&%( zcsNM5e88uP~S`hJMMQTxPp&v>EI2T7VF`~^KmU(QjT|@S7z0c^CteiEZ zUei*Z266~}qp{OMJ38ofvm&%sR3T`Mn@l-gC2%gQ-yCNA+H%^2b>5%U-UGF!%0Q9bnBz`W>w-|cDt$<(jt zOm@M44?eFt=^fg9Xa6Tha;A{UoADxvi_c}KlT${z>Yot|pwHMm4| z7f?JPnTVvR?=Kig0l#=S*33d{xe~8RcB6`SAkLq%E2f`X6`p>StuPF3GHF4)aKJ%B zyJQ`7f3b`Io&8h1pQkx)dMPLc+IbR9dxfBL7aI0Z%~WGn!BNCT(E1na8!<1} zjdrGbIo`ZzZWI)HF~{FVJbL*o4Sgmh z@#~JW^K-&XUQgg1ItmeG!kC|r58Iokfl;_LB8pAu_%(Bn@>h$iA`+QZtfiqn zI+wu8T;m$dI_4>Hn zZLfTOciQ!EVa|RxqwyeTeZ`{X~)|M%A05CfeQgE8Ij;H7Z)1Z|6=oE(pRoO<@ zzH|blN*tA>D>VaG=aF`|s3xz~_oOB#(wdjlF?8l^JI-aie6FFFqxWKp!k6D zL3i*mm+9&Gh@6r$PiYkq*^1v>$9Bo%r1Sh&V%Z_*zBM3iG(!9leGWWfL~+60X}Xb_ z;`-rg{Af)^ctx*OcaE7(cDK>Gv03A2oNbDxO0_mC$>XSJX-b+ayUT3XC^KcCpRuum z95p*K;2j=g`t;qr=gsqX4j(s=7!%}!krOK5EP$VS(meW&#sn)_;gP(L9c=tHQyL?A zKl)30XpD!C{|L$OJ@w;TWZn1t;}g5}D(U`Hj&3-1wnwh^YnAx%bL8al`{T-Z^XvYx zQmyFgnJJg9HzHwihm#zUteVYTJi6FYL*>W!Hygiv~$w2SbkW00x- zY56y;V!59$(|fL|@Qm-+3vR)&O#0~efgjM?F@shf%v36vkA{A8WDKry+7}VkF|V#(yIwNa9zGww1*~1+GQNJFzbh(lGxM(7HVE{E;iW0 z%xmrSC9Wa4eh2LqVRo2F`_Kum5WvMJWS$oIW=1;s>X#%8%$9y_rx|IxRA^{hY-6lO zxs7dy`5VEc_huouVB+Ahl1pJt<~6dEBb78p@}}JE@)uf2zEx%dnS@>u_{^UYplp+m zuZhonZF0^*a_hnF`oD@g$S$+PI`5-Vl^mA@HS{xQ1eQ|Z(h4jot0yNqRLd@dT@DYw zh$MCtRr#8Bg4|@+A-;6cMMND3P-iTCn_%z8J}SVYLmN_*p0K+sn#ytcyF_VKi++z|`i8)2YQX1S2eG^ELgz!7E60GWFs4fl#dec3?2WSDab{4XK20U)D>zOC1Z#%kUXPQ+NnPipHiDqiROd`WMG^LGH`9F3! zt{Gys{Yv=L*W3H5v=nAqX#y_@ko58wM}Flli+&))%*qHfDtj8{7(s*7&op?|C5uyw zM{a3_r@Ur|U-p|AJ)DyZuypCxXBb*}w`w)wNptk&&`W?STK=U^6-BumX;-nGD!~a{ z2PlgczunK|?I@m;Q8g&;SzATL@TWGIWEjkU;hgXaBiEDjH*k+!uRkXnmsbrtX4vz7 zOZG|vj?+1&etplutYVw7vUMQ+8igH@t)=Jl_DQM|*Y(KIdSB8G_?*lZ57u~Rh)|d? zLl-7`P*6#3`j}g0vUU&E48l8ISBGH@2o{yEQz_B|WC@r-3D$^o>;eRy zFv*W&&so24dyawwlIdQ~BW38z9iu7sJ#?8X*hl;LPP&w}#}1OKBwT4v9V0~=3L{A? zP!BONoMBMR`rJ%C-b9)Q#bPpSb0qJ9$~|vu%9n*rvSz0~egb|Tt7^@xoh=Oxsx<)T z*#Gj4MT10_B(eb<$@Bm{@E9neu4yls>P0MZz6A$;jI&ho`e9d!IAtdf%MLhA0&d=)cQDQ3ZU$Zphri2>VMg`Xpc$<^(ogb-S1tqV!$n+-H4 z2~Agte(RbWcbxYs-4n5i`q*CYd{c_CFx-02GWYh?A@=e4{jUszL!`#<6qw3}kWTto zVC|xwO>vrrd{BwfOSc#kapDQqTsCMU(g=_l`R;XxMOK1g1wc6C74Go-&*a3Qsc=%I z1>hcI5qgZZe&mNXDNnka(HJJ5={F#_Cxe3k8!yBT0Mn-Rk0ji*1WA^^c@PJ&lbVz+ zBHWjz4k+i#*2?$R$|o36ay-izm|>l%uoCoBmFeb!tD6(52+#TVWc)^M{3VMn43(Ih zf}O;H_7X*QusnN=KuWc|(tME9nJRU`W3bsc1z+U0`w5W4w1w&J(J6F5Fz-U9p~k>b zHw%Hj%jY76DtL^wpj%@U^XZoB(myU1R0bB4QO%YLtOKw{x0c{u(GOt(wDYy|oCh(w z5OEeWfFUgHl?$__R1P%13s(#K&y|qWc>z*4iQ*x~8RrsPC>`2VTmWZL)4ESEipmjt zE~1Gz`D~NeVK$41kM2JpQIK(xdD$hzjEu|G>z27$l1wYF1fy zPgv;dx{1IU(hQ>Gr(~BR80*#vrOZo)Qcv0e3r-XfW6aNje;}~@dw-@vCg3H(umI!! z{ve|-N8Q?geh?7=P%k1q&D2)nzKbnhU75WIaos8ida(IEGh=wnYnVM9&fqtKbWc>tLZ8mpIW=yXs_d1x!pd`DZ-Ur*IbBJ4Z!9yVHiqqNO(U$TQ8}fiCo?xs+cop> zukz3Q2YWlMpdo@WPiC4f2%_i)6V(V66zAT;ahSs=^L!^mY3>lhx1B-#?FQB13<-6P zgN2s}7)4`FA}UG132P`?)mS1qC552`;t=exqTfS^VQzoeaIKpwzwDpbj0I(MS$ZEo7+? z5*>mt<0>%UivsksSG_gcw*Y9r5J4faR>q}URFmhPso@*$U;DRnGk;7N&_A!iE za|u~M?=d#k9HyBrliy%@(`xs9pZue#2Ta(_lUWTYM>JXojb)No3=p_?mNS1b?pj13 zskh1*#mm`6*oC5+>B@*$xbJ;I6DWRS%g?-9_5LFm)*;>eEs{k z2Gy=hgD#Tgi{xOOvzuoT^Hhsju(fLsOV2j5Eo>119s(ANL}RAfc$1+`$JXYbISaw# zT8-I~kz1}pTuk=gve5ySv-%?Z&G%?e>(R-gY42nbkJ{xjSX=A-zWxHIj6@_1aY^U{r>1a^K#23Zk$Ay z&b;l`a|-{Kv2}_hj@2ihcZ$F~9U9E0NNsjuXR&i79#{b9fo+R8@M%#jR7-U3>8|n; zh1)a{5M`IC{85q!Aat9ewsC@Q zF%{VeVf}Jk-Dxlq4g9@ zb29&h4y`;JD*4C4EQW>7KfR8wvf?zucG9Z;_}#a7*~#Y>n=MZA;Um^MSI+fi>>l=s z2c5d5LNdxsIT68Z9fCKkmp6`gP3P}lM1Va)k@nK0O8aU7eBayPM9*K;gEu**6;TSn z_QeF?L?ng1XDMBc;j_ZoNTOPt74g+6Fhh7Y=kY>(#mU>3GwvXt1$QA})*s550BT;!T0FlhdQ+uXLg8}A`DN9L1B3lw>J%K7*gI~8)LP6{p7GuFyN=(M# z6h851RO1k^t~hp-hGw-x=*&JMD}@-@1u5!U#6I7=G9CqvbXF2q@T9(d`sZiB;6oJ=60E0}TiTwZ8tMR&rWKp~z)js;Om$ z0)b3^;#R{A?@OFJOlP2Irnr8Jowe^;j5kciE58z^crTnse$x}9v3UNu&5*a~m$+X* z7qEfRp{GncZa9ZU1+G|E+%dQFh@(&gJI{PBVEY0=A3Y;4fKHYrD7)!%q{VR7zU#~t zqtrDk?_KuFQLG%n&}Z2sPp~!HqW7Yqa`UrjZ>E)CzAbNjBq_!|=c``_yod+}>~Vj? z=PBr7g@m)l^9F?Z=6LXnQj27ld5p0+GVKw@+#B7MaIUm`t0cP05uQCt3a9ovN3PuM zCJ2?>QJY89b&aNWnAZl4ep5gTE7Mdv{yPam-r!68Q71!l=`V%g4-d-Dhce8zllC#7sgTc17yEf>1D`S`7H_> z^fgB}JINuW$N*&Y5uVB^frbx08}Z?DOz?9O5CO^lsQ3#LvTtx>V53|KS6CC6LQaI^ndPq?_rVb=aD1tyq9vN9ukjAHSoT#1iTilY?S*} zM>^7zNw7^yNF?0CSxg)y(N-qNr0~@5e<+!99S; zHVX2`#khMxSoV{91o<+;iNHt4Aygt5P7kmZCmxFxDh9ni5-CMEZ}0aI^`k!)W-M&> zc!oLe>f6Xdu7^(frEjVUv!&5#0vrlSy_x^89i|~@dJ;`*pF!1z7nf^>Gwu0ZBAOxjX8y~Ja&{~U?TYRcb0^^(`xnm>10<$oq`0xSU0*r+nAC<5gX;H2k zOqB_gs6g~GI3gJhNMv|{2Yrk`NllrUXeaDg15|=zqBri7b+j&`k%6u(SQrlJG@h`a z7}P(6Q&&ge=R}%V7|TooLn#@8;-fh&Ddlci1TJ>nj^QA^9&Kw3vy@L8)IG}+y=0b< z<`f{P%k#`OMO$?WNt; zRGzyt34}ea7^eJJ>{qDg%LPd864hhxo1SYAnG^VPyPUv=#274+K6^(xh8)F8g6u8+ zOarnl5>0Nz5uq#!KeGI*+X3^w8Xwo}^jG)6o{Z+rs(G<8ksblTu8Op?=&Qp7ibqvl zSJLQFzMN9kO_PIiYzz>GjC-z8s%$;kf<^P`sGj<*d1PfPW!B$v?F8CQ6Q?pc?`yQ+ zfy9U$p{WS&TKMz;cA+$FjnzM7Fcl#x>JnvCcPrz<$7!vre%+pa4j!9csJw_?@a9tr z4+2jFb6-U#_f&5P=HChrjo{b7F?^BuYq_A z7c*X=I~q~mYnh)%rBRLdlbcc33^TPtnbyhpu)qBtkYhvb2lt3AWi_B0O1i4(P`3|{ z6__&R=%le3{y|6(udtqqwvH!575&a7YE`#GJd$s*#`~ zz1QFfW0m94@MCaiRA>^};2eDS+UOR>1WBN!`^CHgiA^W$Xo=WpwFB-)po}o0(%1!pXY`o`k zU7`N3@PLLO3|ZW(rW2{7pZDx=PAbAfL=HAdI1hx<_$|f_zrxqR=Cj$gUeO|Jb2Xxr z1iHzQrwobq9D=a;#5&lv0{RKmnzv-;SM40I^DJTZ{XjY`#K9-T#cmdQSh=~%Jp%T6 zmFi-$lgDNyxo3jY3`^jf;sYNiw zsSyVzFi?Du&!XHusi}7@=KA&8EZ}uJzQ(FIA&;NakVh4``_-B76)|ld_{^ zzNwmPlMF>1iS5}_B4N8olVG}lwLT|-uJ}`8psxfuI;0h0d}hsXM$sfZXP3&w4icl5!b>Bp?qZfGPCEG`a4Jf#f!W}_>Wo(MODu` zlnV1HxL^O0%feUROxZ#P5m|R2_nxt@KU1q@L3@&hP{qI*CVtVxL9Q?*o_5nA(_z*&93Fx6>Z$_kg_^|sJ-2*NyHP_9B zm-H!G%n+CkEq!|j^FVYQ1$)l?k&`gS ziHm84Gffv5U@;?w0=r124!_KP>bm?Qc?DlaS`UbHI&rG^S| z%}or3-TX#T_IfXUvj+OU`iEU6`%+%YI_vI8p)ig*Jq5zq8&r6OHD?)=45|-_?D3el z7|C4XsqOJ0@=5X1?}P^D=`8sf?8uR6CD#Vg!eNC1(dVA-{jcx%arUjWQ|Nq!EI% zkNUHZD6LcL^Xf}|!u4mmuGeG~&q1G)a`7}I)|0p<}L z;gtTW-}=61wG>|COo2_Tb$7SaI+Cd$dT7F1Rv6ETQaPq8+~=5kr(6nj4y$0}QNxHb zqUgHk^Xc5q%rr8EA*vv1adI)wmai*d@AXT^JALJCDw&z>pP?n=BR18%)H32WhQrmS zD%Xp6EdbU7mVRs6>XE;wa9D>#W-^R?S5BT+J!z2W4{Zu62TwZ=sTtmOPdhUKn=su} z_MOOjrrEh~!|2J=G#afj#5cGnRT%^h+&Xxo21=bO$y>5Ls0w1XLb*AJycJ4BC_&3F z{_-WahaIe>cksTp!8JsncTh@SlPLt88fR2x$IgT&kLpX(!jcpPtv8?=7p_V>s?U>> z%gQr^GT#4g6705F6Raj1CNi1?!wRIX(?%MjAwg)OAB`k4BX6A~hJ0xk22U;dBXdGt zPGQ=obNg^2-XcH;E*rkmM zaZ)PfCR1W9!wx5v$hw$*5>K;-gaYHf=uJVNZVI>z4g}ZI0KPzgwdd{%VJU8CyyDUg zD`vT<{`W)l$l1I)FLot&-hVG*MlRp2MfIMns&OM{vByrV?LUH>udW)L{Y5pkD^qSYk}D-E3ZAsb&o+i(p9a%YGP(` znELf+@B5}a^w#v|(JDg`(l=9M>+nkG8 z|Dn4&Xl0Dp+gho1?L-!?aYyHrs8)K2WzI}%Czpoy(OFFilT}5vb2p#s0H0Ryf5^}L zRg$p-C+@7i&t{*^ECCgOePpHp(O7G?d{Ge?Ui-m~vdYROT5-x|z!&n$94qq#TNfmg ziZpDWJEV|ZIAA; z1@g>y;+h0?7t?7!DIF#(0~%rFgQl!U3|D2MtdNtN1Z!t2KDd#!MdM@MM8s*q+nlV` zHF+9l(~=9&+X^S|nAzE_ZSCgGJLuDphLEpU6ciaw&S;LA`8{-vq(?b02RngVqQ@RQ zsJQ~4kWD7{xm}3@d88CELAWI40aZO1=o!6X0HB?ys`kWmAyvJ0S4k800Cy@k*RV=r zPj|rB2ZR$C&=6~bc(sE@_xB!0;vK@6W50vihqVFc3VZ#|KlKY=|JIXjh+w?_4kgWs zBZ8&OMA5APjQ}oLHVh(JwC^U?wPibTHvx9tQ4EVJ`<(g{oa=K(GrmJE&`hhkN;!&b z;Oy#gzqq-`pWB;L;FSF$8NyK!%(#d+KlcSw3q4R~{BT`tv-w&W__E+3!z1v1R{3!A z%N&<6U$NMNRex$sJL)y?c+63y#Y9REvDxA<@o1nG0}_Ed3ag&xOvq$r{#|5x1-D=q6-0<)SV3eewAU*Wv94 z%bV~p4WsJ(!cAx@`(a+!Ty1ueY%@i1l&u7<;}miJQk8HZ3E<_==>LA5&^=&9%gj=f z4X^$Ho;C^CUG!L4A;vcw&pHQqz#5?9kPn zuH81VL;$x-ZW6^%v(*~Fz)nW0yb{#bnYQPd=7Hc@O&N({*e%Jo3TzdKT4!XRb5>Xx6K5*Db<(( zE+K4su{zS^QGBkt+b8e=jb5dw)n1+bFrNt1Z7&j{{H`vTwd_^b3ZsRwn~d@aYQMZw z1Lss8Ty9zgE=dySVq|*)kl)GC0;f=}Y?ja9gKW(qTc%It$&CJBQSP}1&Ov_WjT%Uk zd!s)+)*`Xy3pB}SS-d#p$J3c<9)lQpyxn!$IMKW@_!Hh?TFN8TrTw_B(P5t>{>4@D zQbEa{_8VGhR}R9Q#S>;_*GgE@-*lK5!oYc$5Z;yOg?@mg_A}j?Mt5P6*o};3^>G^= zPGfqoi0(KSn*7f>B4ui@(D&tunw8&kMW!2dm8NJW=0HWPY|l3Jsd9118GXjAhDDxvlfh5bIkXI==r9T?gsL4AHG32j77 z_G6w#{B>)k+3}7ytnY|~_q+#AWIE=qUyp^NEyT16++rVa(dX#4hpt7X@m+_M zu|Xf523KQWIN*OgWGv1m>BP>PaCcv4otbd{uWEi%sKXj908M1AgJ?{QhCN*y@MW@Q zX>H3SD_VPUP)MFo1WVO#S=gim_lg}cDg$kecI7xQ;O0Pzv9Xd7I3#ryJXvKXDgF9b zIK|TyPn8(xOm`qts)(%)8(N&IVin#RLe7x2I*>}VH8xNIC)#UqOWm9duQkbq1y`WD z#m;4Qb;K%3z}^=eY`aq+)ZjfWss}n6YQ*9*?WVRXOOVZU{H0JID>{EH$xE zgnnrwq|uQfm2@^zMgaciO>&KgGb6PkuEwQUkm+Mj82y7H@m_#VB5Q)3uc#NKqHyUV zPCXfoVsQ@CJ$da0BbWqPj9;s1yB)BeT!w|jO$C04Xk#3;4^$sJ2HiHifNAbHFpRD? zgO6sn5k!c0GS6l#cpu{es?VE)jCW#{dQ(7V@+bLpmycaS1!i4tQL__g`ETN(u+XML zgQ!^i?f?Wqte(VOYQtTB+gNB>Jjd}3k>u7P@O~R5vn5FIrbjaHRJzcPblfSj_a5Z| z?Lnr>nHFAS@-cATCdv{BO8c_6-|=02-iE8zB?X7o8XzPRS({w#Ad zy0^cUwcxh#vj%iXmY=*PRK00~8CQB!VX-WvnU9ncsSV@q4s+@oOG=%bwJbAguS=ag z)Ii(N+Qm&@8NBohh{IyHBSB7mCiJ&B1qM`+jai2Bn~elJ+u1GrE5Tj}RL`EgZ`V+z zTq(@fi4Y%&Tunt@``)Pk$%XPxz3JMoNtf(M9!;Gn@qA+N+EYwbSYiAv0MdzerXMKL z3?k4y&Uy)KS=EIH#kgMllMlouoNjOJliO$*QfhDT0MyE5l)qZbd9V^@YZzNiZE}Ik z2<_$gpzR67K}P^-VAHwew2q^`D+KTt$YNRzA34>~I2Og;e{ZcrNEu;4{LFt{n`Lcv zkZw~#In!8@y-bm{5$|1C3HOYN2c^!mJDa&-0yNW6tHR zvGd((JkSA!Wj>n34bD_%Q5iwnYQA||O{x@fb7#Ea_OxG%Ma#&GY&QwMzP_aWD@fbZ1MOi<38s>bQArl_~VSbfAqZnKdIL2|2p~5Hzj*2 z(it_tR{{4TRdO<5z*ZMHUYk^lZPg2_wcDi>O=>2QDWHg3F&g|H^xqJW6t_YZ7Q_Y; zI==4BV@t&EDv`FM7S@|$nmXc@GR#h7GwdV=(D^1sOQ9$M<@?l>qnSo?mIqPCryK_} z4#5sY6HGLl2&hwKSDAWxqX(Zg2vyFros)5LjG>W^F8%ViCvHooWMC1AvV_`=MG6OI zPS8Lb=&KiqrouOTyBv{h1)K2%tp%`W3J7}Xmc=-(3Xk9ijhn^7s#Bgfsh>6LnsD@6QC(cm+5$fOJfVi@_^9^MJAcL zx07u$q7--nLf5}Z7A^FdmE`vgKh5zb3MN$i7sd=NlX)Q36Tu(wG9#GEw#a~IT2K?I z@m5)Tb#zJd$w_v8Fw!HHq4Z)N07=@!bSr<-z7vu#OqAVoKdR_usG6Qkk*)R{4WRZ9fr;=zK6%o;0d1n*1SIF7WCAE9jsW#|qxRPmRB0B@csuQ7Z zdhUZ!pRoRAejiQYM%nBaJnoqatxJQmus8=^Nl6IR=aj$`ciFa_?KHWYdQj*uY6L5e z*uen{b)pW`@4C<*cG_d&|Hg0_`?!?X21mKqE7LXRzw}!<>{7*wg(Gz2SN4?H^FG$n zGt?AJjI7+WyGb+*F)3@95`n(hu5o%Oa|dDt4nD6f)+e6(8SiZm^34-(14kT@z4%BR z*Pt3tb6y`2TL|oLVLGgYci)>QcY?F#rrC1|D})w|OKE-lkU?82MHuwmunzS|B{S~`chMHolZB+&I`3SwyZMfU%Du70<|FAy@--@4u z6poSkXha5@e4ls2VT)Eb2*Hip(pLdG9#ljS23FuP1!pnmSyrPZ9k1s)z`DmPMaS`J z6+>UvF!%9cq%>qY{7)axQasDmFVJB4I14_ayiJ?i_Rr#1BY{C0aSqG7k4=kh-lUZq zoYTsxm2Dfzu(jyQ%OTQk(^v6%E|_R5y=l3;Fc-0QdfI-Q1jDjt-?Biu%dpR*=dE>T zKLprhA_*p(eAr%~vS!*!n#IS{ja;*#shpiT5s|8X?c|`DG#aYfkwW`qdZlPQ*3Hd- zVR$7t8%0FfhJpwWh<>wi5@!*l8AT2c2jm@FcplvNXkL^Lm6Pbqm~CiPIG-yOOgD!x zBrV6)t$hL6p09NTpG%0tg~o1gQ?ux=K0(TadI1h5>!X)z`5@}|M1*F7V&QZA-5_{} z(T8rKSGB_LHgAlSZJqw}B*tF}KfC7J@xt*s!=*a;3G2cx*(xiMBPu|^gFwT0!sWwM z-SrK95|Hp`b4`U)%rUctqR=mFn&&G{&Fp@FRAq+J!CUGGXpZZr*wn=E(}q7(T|bs@Fsmli=l)}P+DmK=Vq=~5`s!N^P}9x_$! zzrel_0 z=XuXn@Yw^_<>LalG9->gfHy1@C96h|Hu5URMzMI}x??E1aOLl-^s^+f3|+M}v`%Kz zrZ%}s+!n6rWffy9gV{N%O-$~mtDW^=G4Z|7Y}U!Yj8+UQ+S*wCC0(KSM8rK>fC=(E zKK5uu1ijUi)K0cazhpcu5SQ6?2u_W_;>C)7IjbA%c=)`l!XQQw@NxF=vl_oN(WcAzhI!*0jur19MR+bzZ;-9Qwy>NWeA+dFJ3AQU-m8jT{A>Rle?H$H*PX=@T#SW9l#{HX_n-VzsX;P4l`Hi4V9~>a&gwu zey)ZhyiEM^khrWoUj22nXwk>NJ$1v!!W@V(WkXcvN=l-+BInmGzBKxD!MXMb6@MT zPL-%+s(XKQ5tW9=1~vOg886&N=TWlV*{@8y6R|LWM z8~BnxlCQV)+y99`gkS3hf9|B{B;b-O|Mo}ZcI^K(5=U%s9&YrqQsJya-h1ghr<*p{ zucLWv{Rte^vBoom?4n6=39Gw^SC_~Uc4Gl|$HAIXQsc2|fnM-L2-W?1`uF1F?&$P#=v(`xkfudbMu9F-P4!6i0R7DU(Nm^z>iwv8$XzvyYp7ROH0cuYEZeU z;uZ2zhMgs@geq;rxHj`dzT-s$l2pGSuEq$JL0xRqmj##g^GAAu3ZHe#;O?+;x&?LMb1-?FN~7px)r zbFWUFm!sFW<@+F(&5*34z2czB9W+Z&>gt+cOp7_*=I`r=vw_zo_^zp!q~7qY=9Bwt zY=9|PZPG7+wNhAGEHr}|U=;wKlyDsfq` znG!_@V0p9Pucc{6Xme$yMdM+{Al4*lvquV{5hrZ5;B}tE0{^Y% zNY(#f?c*@rIvk6a64 z4CH}UG=#wG$sDCC7&YE6Uvj1kWF~k`q_S%CuOO|g|5Q~#?FDE=fV+5j(~`;MORDK4 z;3o=S4j3H4?7j-HS04DyAzIj}l=ktJrcjMRM|g7<=pw^{?U_QT=jgp69BvZNXAQl#*fGUNM@E zr7;d0m#OJ+X=~dnj8xQGX6rWpDM-L#jxZKtg0?*Ee+c${8vX1E9>DC+*b8|p5*Ag5 zg1Uub57C5~$TiU-H3d;e?s&rZ6XgW05V$vMP%c3{mqQ$fV<7!_W;k?*y0)W>NiY_H zob~Ub>Em$vIV(C*DR2v7W%kVr`+1P_0L@}+K4RK&xgTu(hdQj^sN)>qt%64n@~^ao zAhd!c84r#)>EcQe384OXlm<%-J40$=M!D)j5BUG6b^f=EHC7+ZGcfAVfQG1|@O}0l zO`0+GmNBf@3bX>E^cCC|WOM+{)IxN)DM@jv=)u_(SbIgi$tJND6a_R!Io*AgiWdgA zUJl&eZnrk5%cE@28GeJpH>@U!>U1HzdT$-z(4~3chf&MxJhmx}A^N&o%PiTe5jEMF z73AX7FT0&EZHN5Dh&1f{by>w#vnU^|Q_LAR++&NO9*(7zqI6i_QDf3sbg)L19}u#aKNf+Sp#$lm_LN6~ki> z;k-o&UC*!-cFP_T`6i-sQ?^XQV~Y~cU%Jle(zy|>_f(KiKz?cJ8~hqN7@Rd+ zpf61}OQFe_UAmL6_73u`BGFjPUy-Je`L3&ah7EYbd5Dn>{qO~3Sz=Sf_X}r{9oA29 zBUn?tI5%;7pe?EF1+6hy!Jwh3dJ)=N@?pE3 zy{sYuSj2N%+5REp|9WTVTvDu8?aKcZOS(^!UQD&ZO(M2{Xzi-O)e@JQmJi^gs>3<~ zSq1@xX{HNNBF5Bqy@SG0**93e>xddXnpeT|{*QCcnEe-b&Z}>KUz%6p{|AhA9K7Pn z(Ek9^kJtZtfXjY-_n*5U$G9=e1#$c=MlQ3kGiP4KCR^#^7c_PC^Fx_on=+_$bs9Q8 zvn;p23Fd~IG)e4joUfvxA-r-Sk9J%No-MMsXNLw_I=e4iZ6>w--SG_?qYh>iS~_?y zoE=&!)N!_3z-u6_n|x|4e9i-~%(Ct^cHV?p<8*3P&sIQNH_0)Y+8(Ey7V$BfS{_N* z7tk?GJgny1nV>dS z3qh95>873>g!2X=t9=d=q(r3KXZ2`6ua8xkIx2{_DSl?sE*SCZJzo`&Ne1O5tHH0R zN0XfF>kNJH>>8q|gC59ECduW@cc>y+lwnyE27d3!X+F|P3fjhX63inI-DzBo;Z%;b zzZu>$2_aAM=1WEg)A92DlqiDf{+)`RCm-RwH|({zjW-<@UwWb$MuNFTG;#MQ=2`PL zPgrWKu7|lv_1pw?;s5uH6loXTej_0rGB_2SAfxjR?-uul@1R_ehB7lF9?HQ%x=#z& z!f%)IyUbiR6QTNWCALAsK#Pvz<>lNsY?RVM#L)JM4hZ3}D zJGO1x=81D++qP{xIk9cqwr$(Coz1?xTlH0ae`cn-dVWn;P4{#4eRY@_P+&;jo9rjv zT`&<$SMH?#yRi^QrSTQQnEL(VP8XNG9&b`9j9^z{=qwja=}0Lq+F<_VdU>e4sKHaT zsH$HqOu3W2s4o&4(Z?jPmL1@p`u`aD3u`*Qz%BNI1+~7nh57<+bGajSbqA$*Jy7+noQf_SX$m6@!`y$|c z!3UjOz1d=_tgSU_`u{^btI{DC0@bTFlL9<^m;!$ulDdY?saV)+G7&W2fYT>{dP*KD z>s--1@vE5Cj-)#0Cv4atD%g+^49=4Tkrn9iPp>S|)NAUq<(#@Y({(#07V)6ADa@nj zsyCa1=vgR;RknhgF<1cD$igAH1bq47PvPyFe9(c=Mg$H9HHe$Ewf-6&(Z55S+CGk> ziaL%fEaZ)`;x?~(I0Xywj0&*BR3e||&js*aswo1uNChs(UltMG*SfbW*Hz+Cj!>yL z$;Ni~7nO%|(7=@7uz(!EY0VKR<0Z#}vF=!2^`jNHfDGXg{&8lvB*rb@Eo&>+S1=FU zYSrX~aC#YTCZtL_hj}cL4Y(SHM5XyFI~>4Es|??{J1m?PBWO2-j8}=d#s;|oFBRx3 zq>gsNm#r<`C;~C`V6*+Gexz}=XS1UPy0IusQ{0p3`Y-rn@P1?|8wI4~QLm1*dPyJD zSu9q1dWD1)-EE7BF*u}?3Bi4VUdRV%V)s9QGcu0d@KAa;>;LE{*Bq0`_Wv{<6fxcp z%bcqof{@w7`$vGBNr!vq4KLaR=CmsT%dSX~~FO8-d9b3-Gkbh|(< zCNdT(a%{dm9v05lI{r;`6JuQ~rtbpHn2QW_dX7MCf5KoWr{k3bpqpgn8zI!FkLdly zV9JCqhq_^@YTFQ^1vMFmn6^$do9~f@{{I^t9%$l`VT-uqOi>t zTQcnOd^w&fLZ+aVn*S2iWjf$*p~{tnwPt#f$BNY4oEu>EY|Da%212EX!0sm`c#~5g zXwMxj;?F;*h`}?@Wb0~9)g4tr<+zQvlyY)6#lVmWw8+FWlvxmeE&HU&ne!`d0QZRa ztZ{r0dczC{GpP5yeHa;K^J!Rp2`d5$2lBuY-H?ntd{${|`MBg(39|6?JXg0sJF+&^ zV!?PsA=O=G^YI^M5XNb;YlG<}DC@3Sq09~h>DO#Vh9yXeL~CF;MDlK8B-8*B5>gt- zOZ@?r$1V04rkw#9U5DZ^4u=|gH3?)Zx7aHa?F0rj)~d*GLa^%4iR5^Qg)Q~OL4v!P zqf8^=v@p%Ei;?k0BnH@{I)@-c-m{=Fr1fC4CAGZ71TGy!$;X2sOfCWX$4{Mr7-N5P zF)P(gH~r?L^I%}O34nKDtyDt}0h+@He;Y=ZV2v$%#^GgVaFGnQJn&IY7Mavp??W8F zRoPSEQO6rvUp0O=MR73_s+$ia%04EcFi6zT=Uqqh2i@FO)O?vm1b~K<*xpPJ|#&@L~8_>M%n^u6>M^9>#A)3Ck z>l1e-_M~3ukA+4sk)}LQj3w8MIyuZ}tk27|GgmNAD!k6M@lgG)L8=urekSqI&BOK! z+z$FUcbQUNqh@PShSsDRORv`8Z){{X@GbkhLK8i^@V;Dw7BVF;*~Ec;#&Fi>y6ku( zNR=xbcqQGo?Np^mwZ{!5jTL!5Qh4krCnzj2a0&dkpqv@{3N-+8w~f-D0a#VG;XqO^ z6(s5xv52HNnt5l`>-rU289e+pG8tztR5R@_gxDEJRFarnAX9^QI6Zz>pc%*m6eXfQMX^3tDzDHm|;G%UYDln8ysYtWspxa7A4OTC2WPd z=9a=;Bd)5t=L-=Y{4S6kG4akF{&@V`f3=xz(0FFT>knZ-G7ezVUvN_rB^WFN6x+o+ zSEL2GSh9H68Et_y3mV#Ov2KXlEhF0Z%OEjp0vx)&;H^)&zSg$BnvD8d!_&-$<2t|^ zip|Txi(L{KGy9i;N}b{VHw5)@8&3S* zbHx5%Alh^H+mpNC_mU%8znwaN^Z#`Ht}^}Km%e$?H6(b-k{Q*(m;H9alrvNQ1^=eR zU+R~MuhsG^He1H$jH|}tOCbwcQyH@K`K<{^3t6Fv2x0y59$t24u*BhY6pPtW^XZQ< zOdhgH8D++>>a^o>(R##(i^3@ZW_ec@p_oN77X?s9#~lSR_CfWB;g8mt2r5xzRG4{q zp#`1S@|I51pO7-K524}>Ex`CW5Va)!6P;uYvK@gK1V|gLgwo$tBN#@3XZ&(8EYbur z?ebqCz?LS+5n{J=z>&X%%->p(&=j? zTvlwFV(*HQ4^Y)zmV^KrXUY!v6wzOnx!4kEJO$=ls+|28+fum$yY=WPMYmqKR?$1jzv?6 z*AER2ZY#evi`vQKsBah9K5bR#^D$cfw;9S5B)wXgrs1jk-|DE9Z=?Hg0(as%U%wI0 z1V~L1?3wv#fHDdK$Znfh_K3@-#dO<|?S#ENe?c863B*w z!-&VZ>?Rn>?GBla5x)g)`M`5|QyR9AA(+f@!N)DkxhIH8ut-UXNhgyCC?Zn&KpA{( zfi07i5T-W75^M}!OXN4)pQmg$T}ZbNytRxG1P+pek<2~n>~-1Q*z|r--2CLoQExss z&rbL!jdfGy9|c^Mhh(0J?Jk~K#Na&eEIE#hsA$b6?^&e0DKZesRy5;EsXs!)#Z`4S zefb3|qA|QBCUF7iZflBM7M4{T`1y$#fPrEN^Sd{@Y*2KKwFp|K}ZI!Eq zoY*nhan!YlJQc1g<`oyFa;nMzKJ()k;Z(t)v(O0UjWnyH5^kKOFj86?9m_YzFsy0-0nJH8*BR8m(xX$@1JaT763@4q(0|ENCdszq1js4752uZ~Fshtgqnx zYc^yrz15wG2!XXt0mE`n!%tI9hKj$N?y3Q5953b^MuWVX9Nn8#4`YK0S&u=`|&9!*rm8~;Ps4A4TtjB{@q07$&i#tqQ zM`ySqp)PhLXYfE>Mq22LEgv+qce56MvQ*Zec@l+?l69WVMS_@~#Dk+S8xRmpDGoYQ z4-RcyO-XjD=zwWm?~oM9E+Py6RbaLs$_)*hrP}d1m+f&cyxkc9**)PWYe{JEd-;x; z88B&cF)lh^7H0wG8gh)syf`W|QCOu}%I%Wev<-VzSs9eRr*dm&ev9=8 zxe(~E@qcw#;#t{KDcc-YknYwnPq5k*+l-5H4nJw-SFqRJFf?SY8dt*RHMy7ak2ua~ zH*MYj)4zpPV`KscPN z;X$0TXFw3ENY^qDdM&m+iNaDTq|#&dh6nAN-~wv^R4!hVUp~Jgfdaplr)R8)P@d!} zx)rv(21hZvN-KXd-`^seu2^IIAfdO3B6&%ZAS>^e}4>W;_~6MxBWG9V~~jUtc4SCisN zp0tr|&EQ-dqzPsk;~%4|4T`xMVj5EI`t-dsZVDH@jxuiHO}M0GC8Mg|!#slUtqfcO*$Jqv-VaSrS(ZtCF;>238^n{^C+#KN8E zi5s`M6D07J3&1R3?_sJSps%zdTk(O#F74rs`kgS0xmsw1$6gk(@BB83fC&D%=$&vX z?z(qAcuU}i3`>WkQ;kVXG;&`zQdWUizYg-pCSd?Ye>=^xbpmB#UDLwGJi97JKy7a# zoZxl9%JpHExocgKlk2}-X%g=j{?%{pTea;)7 zD*aD0@WWr3hRAj`>6ac(<02qx56Z*np&4J>TZK4k0klWLNF*NZuWGbAw8y+CRDom- zK=gSMhbjh1fkHJW_t&hQ=0qcT6Xa4d;E;Mp>i%!HuVrCRbDj5E#yI7dfB?}FW_n~3 zvMS4EoNRI9?~(BCRE^m(VTCix3AN0VqwDEDP?JdLTfV3c02JmR?7tl8scCsPZQBZ! z@N;l#-jR~#newN$?~x=_%om@UkHzBg5cLyR>#kkyBOIeyGhOdo4pfV8s z^~?}uO$*0ToC!&suuX`~E--9->;4cc#gvccTl8EZL99z%G#Liz&P=qLq=y6e7DMfBR-&P`4e0>aAE%_+_;3;|I~Z} z{ia0mD^>i>hX}V_%#9>{YWk|p=BfnNuxI>1Jj1>VBZw*8-m$)XVY--{MsEbTzV`Mf zb=OU8M83blW`nz#bS3hWS^hdIMhj6N&||c*PunG~zN6r^I1XU%!}KqaTrtqkt(as6 zKxhuh#vHlEb@%YrGpg+SP+gZSoGH~TpmtnStXDaE6_k1!B2ZfaD^`^lsL^e#Doxv)lYjXdZ{vH)3?!Q@mH@rC z;q&FLdi0R%J9G(zN$@_wvQDS+&tkT1$cCgaS+;0b9Q+o`aZER?o9l1R0dB$|JFtn6 zQRpj^u9;sKLa6gM+x?ay^*(FQ8zpRu3qN@T7dba!xarv*8$v1OxAXPuqF2+LlVe>eK?SvkAK) zotyGaV}BtfWZET!jIzPVx_i9b8EniJEs*SyUc`jAueoyB%m8LqD=l{iQJV z&B((}AP1_4P;i6v(F=^=%VHxUbxI&W8X72KjsfNBVWf$|Gj2gsI+bn%*M z^Ijk+-CAu`-A>&{Lv+FG!45`MPh5kQcj&MVqYlyfHDg(eqLD!F#CML?-jj^LM7q_P z@ivz=j_3lADNwZ&X}%ZsWEM6)HrLo3+|lnU)^&|+nP3AbBcaM%OH~VHo$VXDYhI1y z@VTy0gD{&yvUdiT9G1r28w@`J`>3uMGNY1Mpj?~?8VbrEwO?)`!L5I8KrpcI(T zffQC9vhJrvF)cIfXA(2F@7QDEwPc0eG`W`J@U6JxU&yguLL)X5w^^(Nd5sTA16~FK z0=k3&aIEt$qUJT|c1BT@-rdFqjkZvA-=_LtBR|hZaCF_|_++K?tO^GCYYU-H=@`Y& zO^qE_He=I~DvhgQhmF9F5(!F4?c+os9v1l)W}n^ z+{Cp9{JuWT#KI9~Zp}%Ditf<9Jb2qsJVlWv9#t8nUN+iZprn?=gvtN@@gLQ_gKf8) z=+~6jy62mz1q%P=Yo|Wa(sJwM+Qmc029*n2E|9 ztS79aBO^|58^s|&s_i6)a5@Z+K*#v5zP!i>@@2UBkZp=dh2J@D zdiVQ9P(Ha%6*fiZB0pGNWK%A#|6Jvmw*t}Ly^M<5t}r4XX!KOkA>S<7`9yqt1&aDD z%AP`1>#Amd*~GTg)|JAKk&pPJ_HI!`Di(RM+YNVi$OWA(xQNv11bbW^&Os3Ws)F5asAXXhQO!_ALxR`)gw?tlKxk7AsHhr!d^GL zYJ~)YV{9|oJP5QqO72Ix+SKhmBJoS~_R3eBW7mORA2YXg3-{BK6}JnGn)EH zrgIG$L|4dz3CU!Kzt2gz@Hx3UUw0UyJ8tBwblUmAAbE#bSG-Nj%kz2lhs2y0KJArMB!#^4xQ{Dds|& z1=K5C_v}J5RXJu7yL-c%RmsT`Wu^?S*&0dzncLE1w$|e5Qrj%R^x+J>HSZl}9IetI zJL?8Hc$4dA)}L|NjF|R+>0!|pd4HCUAL3jos8X6-U#qoNwmX+~O7l8brg2tu!oX+z zt$A}8@SER+6^s@w=M_Us-mFGQ1+7R?-~_y+g&P7&EjLk0Ev>RSjVX=$nqTU?5EX1@ zDrh$Jzt~&&Y)X{Ui@0!}=0kbl+ZbiHs>LqQ?U1r{vY()Z<*kKzKK98raMsiJ4O09y z=C7VKi_i-qoW&SZ6`SxN; zSNOwh>DG4p>|eJXo(D+(Ci0z&IHx({QndQ$WdmfG?|5R(Eq_waW%ahql^`NWZ64G% z_?vi?EUYu2Lu06B1)kZgt$Ag33^S$skXbLV#t68PNYJZr*RnKNOEDRcXjbbdUvjwv zPI&*CQ%VhRm4T=ji6bW>BZh@p@C6^=*eiw|wjX1P>DPU^Od)TuV>q$Q!`o_DyA-Bk z5?&40Kvb``Y+Gngog73AM}?M?9XsP66yH|bOu*6q`DZJvRFyh>r7zMMy4*;{yS6(_$4L~~7-~F#t zXm1^~@D8JluMEfdWr~8tQqDZ}r{9Ag+0%J^=ta2$@N_jXV=%x|vy11_N>5y+nCu<8 zH-LzvvS3sX1&*j3eu-RWw{cz0`uJi(WnpGX1sMk7i7DIp)MHsF2C?GerBaZ)zzn^f z%9X}tIR|7!@KEG0n_QRT&N;w7#dQ2^Qw8Ub=6(G-mDmS|x@A5g0!Cy1RvyKV!Spf+ zI!9i&kIXS9U6im)Z5HJwFMZVmsH=bbWT`9wAI_Jqdr+?TGNQ)3AShaPOI$G zr1uC*E0`FJW5pE!AmC4kw!}L#p#D(KOb|`i%7X*1jAs7ZDOT@h>UDJAHzgv=dNtts zQb}oc80SEmFs1*`RYLShr&6!uUNp^ep3H_&BpGJ%xx_7JThUi_#nqt~O_F)5yR9dr zYSrE()km;t%2|fN-{Nf#+9^}N!I~8pYK8=cG*Q~xCYnO3T*PEUqx^Xe;%ZQW(I>r> z??H%q+;1?0BU$6D~OxCx&cc$oqsc~3+HSMoD% zt|vo7NQq4&Uhiv1P+BfJ0o9l>1Y*|&N$`}VzS0}Q>YrqLGn+i~h|WNpI~CKPcqf#xAFBrXt=1P%C0fwU7 z^Ppme-Lw#|)}j&htm0D9KkW2n-DR)}Hv{!rb^S~_AMNwDABzY8M?;?r<%%C9&{Ul; zsxCtlG4VDhL@!Md*7Lgv+P$a13)?6&VW&1nwF~+M+FZH2XK_|O`0Bh)o6e{~THL7W_Zgp7$ZV}}Ar&iSyW3U|M3u*zwi zeeHgl6p5N-&zTSYCIWGWqHlR$AHz>DG34r!V5~@Q$A%tHu^N;U9ne_%$5!k5bj7iq z52WMqFw_y8#_z0d(;_>8nk2lVGwA8uKY+(4cEj{!ADlZAHV;f#q~xiqP8h2tHzE2|>escdTG?7f7IOkYptg6PGRd#RB(tjaInd1+J z@TAaQcE>y_HNVEk{B?aJ!KNF2=t<$QG(FhJ38=11ro?X-pQVwmWmxlJBOh%lW}*au z9Gt*?4SUT7NL}Tn+`WDtTfY$gEo85c1t>FaH-o-w4Q@hafM~hWlcP z-wNje6x~P~#3RlDVvN)>{S}+>yGPiLfJr1-ZO-{f&E5s#Xupy4m!$z<#=f4pL8_y>sN4#jIs&W=KAX4baDb@?Oeyf{@98W%-#imWb3J@&9x?UhsX za1wiF=JR0fS9LTHY@9aSC)@?|qbChxc~6aT9b;GkTwPRK1=5mQ{4EE(DWl1)dU35a zFtx#cXJ-<{W`#7lBD`pQoKD{?jwaV{j?D~bw*{=-R^FssmuWAEXIarj0y|kNWHYO3 zoRs?VG8_uQVOa4nhevdXXWfl&I@!BmTew$|cVz4a072|Z^9;`d%1T#5;%y;tjXJ&hYuO-SbJpbe26SeeF ziPPP9OkCD>W_z=2%VA?W@`fbZ_VU{2LlItB5NQ~tkC1;Y{p0%g6p|AF5{ftgiZOAI z^wsjLXeqq?gIzCQ5_pdx#?9ly&y$X<7Y*vkv9}r5!}y6%IjEv5zvJ~&3in$6fBN<;zaKhm~_s?DNtpDTXhKfC0AP8o;)a5(k?({Rzb-^ z8TvbH`9v{`*b${5^P!Y&CqtSJM~_pz8jDvkc58+1p1D|{XwzUzJZ4+r?=)@wWSaN1 z?tR&duJkfv|4P~xe-bL%y!IM~bZgE@2uh(1?wd^~{nlxdPj5ma4%EPJ-Uh!$CSq&_ z#H2yr7YOgtYwJ;rtL`~AU?*7-EAmmO>45ba^|V8%XYoUk_l5x+m3nAoT%e84G>vqL ztj}_T{lA4B0{vGUGjv=mDz?|SWYMHqO)y{6#opzL`s!W#=basr>z~r3&N38Jv4|qf zX^mI*{KZM#?~ea!2QqAAwo}`<7|@NsEBb)%{ac|Qm6Y$dLP}4FoMUZh0;y$UT@}!g z{*YZ>(P+XX^hAJ+cqnWrkJ#=(*NFB7tZ$(}-nhUJA0-D~Xn=fDaNlkQF(ZWLe<2D5 zr%E{lEd`?IB~BtolmIIOExwpo%^Hpcb?`Pn>pZBH)#hDap#car>7buceas;uSLNGG zGw*yS!gk_kbnfuP6KGq(l>AXolKO{-7(dzO?V{;1*OMSwP65S8hTU#^VyRPlGXxXC znrcw>6^|K?go%{<4(*%iikRxfRKfL-Q4Hd}&FC)}lQhCr#4 zZ?4zD{(ND(yQ)qEM;Da!6aq=9=GWZ_$4Abn+X}nA`cw%|CsFVqHg*gd>9vf3KadqK zk`hg*8CW;gGC;2f`r@7knOD(SKgnq-;IhA8E-bwrg;tzVeVI_=kxNKXjge_RJrw8- zizvBSaX>YlK7n7^5V>gPV>;DHN}E2n3wclmagma;qAq)kfiY4IbdED^+AA};oUaT0 zNivF_DakS(ir3Gni%PO$zq&OhSJ5Uw5N6L^UYt?-t;%(qKDQHu&CQOf9B(mwq?t;&h!!S#*cl zOhxyPTFbGPuWIWu7RzcI(UKOgexyNEp7+*^(f!bZlToLd*(}cO8TK>A)nxh7JG*$e zOGTWmh6%xzisadO-qRk-G@`$Svw7M&s+(wv5{L1l!CLD39*Z6!$Yq z_If2A$Hx6_jN_3rQQB}6`2kd%Md5D0dloB?!gWqJEXL<~=VW$BVBN;3H(5*^H0SZP zFT2&Z{CGAb*1dUH=S8FDQ(|_%TW1*K_4@CAFE5(`8!ch^WGXMT$o}AWJ{ESUOSt4N zbA$G4-^=Aup591?{0$V$H!vA>{l|?IRzz*pA{_eObKAd+lIgn}xObmwo zo(LvFVKVx(wx0sS&erP>s}tu)_F4%|z7y6LmFhe!KB`BjXxgbckkzA?6(7dONRy;^ z+eU#KxMhbQ3_6Zo0YEmB`OEaA4uk>jsuwZDI4E)J!Sq--j}$$*n^cePQ9VJ6-29-t~FAGMA+ zt$cEipCCD#K4HEvzRK)vSG$AZ(G+TKw_e6`0B4xBA|s^j4e8rGTdIUy3{P0RFu$m6 z?)}9_1+6i-nfT6pkL5OCQU!1?XQnOKO~8cWzy(66opH0IHfH=Bq zH%y<2=}^*adOv6_g&F4Tv4q-%RFIDxy*WqW!IakXt?#B%vNu z+<$*j4@UuHkhl6zb&f?EJbqJ6c#Fw3hzf=iCa6S8khX}A_MPPta!e($NM^-RPMwS~ zvh{nb(QxoE4x(hDFfs@N3rpRT_-Av!IiDjuHjiLL>LDZ5>K3cJyL^eoYV*!Yo54{g z*=15i`rAQ>Rql>XSo{2*jn|jh|in6pp=0F}TVih;~ zR~6zs6X2F+aRYFHrb14{?S9W!u0-Ve+)OXo(ND0TYtf>)&5yrRUBI|>t|I9D6K2dK z8*K&2i=oQPely1e=ny_%TKdFBw!x?VOQ8kL-Na>$Y0zPCQdnF}j8G=~o58tpwcYA) zLrk|=WH6uTzL(M^A!8AR-nja*jy^(V&J-`aU0{PGxSB_~vQZJI{r1jeoO` z%~c~B_;WeQ(ZpEu8hQI{CZPD%H#Rg`);D}XpIyGJI-oT#=vK>-cmwAdgi0KNh5?CG=4kE&XEq_NHCHT@ zK1lzq5+&xidLb4D}3rkmF4jYKux972Xyl_bR%^@9ezW9eh zyDo`>T^~u`|1?EY4iUHyKRFpEUv_B%20rorZ02y0KjXH zDqbn55UwUBB5sI|xATiqy30i{-WW~651cdWVz$%^OW0aR!zp|KvK@1c@s*i0RM~i_ z0>Fzd*}}7HuISc4AJH=sB6P_tGwR2+lT`-c-eATpK?b=2`-oILpIr61-A3jay5jD= zl@W9>t7=l)+6aFqKo#Ge<5ep#A2y5WRmZO<$X#%g{ev?;A7Ez+TTM(DmKC4!xzNfuNZ~7}YTRlhT|Bt2yT-0XA1cg<`0qm3N;UHOL%1FU^cA zw_OObutuWdW`L2;2WO}Z^ARn?NpzLd@;Q-{CfV?mUjJa@?W<#Y3NA+NX+I5ExI} z*(Y_9Y&I$TBagd(eBT(_r2KsCO(u?hdW-=Y>rr^Snh%=-M8IcjRs#QmShvE7C6#hM z-}cMD6h44{@8`PtbHhaX(qj*a6QOkz!?w8-!_#Fy>(*w5|DtMIhlWk_srva0AOFRCfF z;lVT7eNGbBe+^YGm!Q&pED+$=CNCCarPJBF)hHqa9UZb9l|^aaKx#;k+rnSw7^40< z_AOCHs288V$2axNLC42wMi!ZQOkGpcFWo`ZZ86Oz%nJJeps!tFTV72nMDFezJ%`LX-Qtn@j;SHD1s;47VX-VH)eoD% z%XjmR1I1Sc*w_Z`30r5u5RsWbgh#K`vM&=CFEKg>{J^|BMX;~x_V(V_(oHq@>ouoB zStG#4iUNdc8P$}phxFV>vOsjAqj} zHR2i13~M!Z)HfcO9YVhB#+2sAb9A)Rq?K+`GdeTrrTy>ZeV9Dr4;`r4ViL;*R91oY zY);AZ7W1#53Oa7BDVKk_ha~F6&KA>!VX3M3Kts)up_a}VF>EPBO0`Yh_>V6Ksg}Ay zv3-9K!!bOXrlbgS;n_gg46msV0*@+iWXVegPywEWf*z1Sb9*U#x!G5mDvna*OJSkb zuyPnzTX#om$F{{`a8J|Zdotd0r4wI6cMpwRj(SfFVShY)3QYnj?KE{$=OGiKC0f&#C_KIZk}RNiyRGo7f+ zaCY<7R>nGzoH&>kLXI5iRMGbRYQHS`@R_rqPI)1OiZ_>n*dLkY%i9kwlBXsAqIU8w zrHlab-105mO&}QY?*q@u?AuV=9^Wg@$r;o#-r4Ot%r9whNGKsgVgb1}%lFE(jtI4) zn2O@Hy8TIvotM8C&wF!(JgYhJ1c+^0L_~udP>%RS`>{|ty)21gIF+>bzD_kx`JCc2 zx|>-$q6?QjNLLkpk3ttg(Iaq70Ccw3KJLEX152I@3xI+UwVmlBz-_XNs-M#5!|%O- zNA}ri8C5>roNZ^;$J`7hUvk(oyf^B<|J=UH;3S@=2ChdFF%`k15mV-^N4i8Wz@9)I z#%rK*pKR2d6Z_Zv4~+d!V=t=3G2B1aT`KR%dZqGZW36PnQsZ`r3Dz(l25yZlPqqff zJ@9=t`5v((x<-jFN_ng8P1^MPzT0_mwMP+U4@&Q0tptfq{gnrprSi6UczQu+hNF;d z8w_=!Yo9?qBpytj$ii-(Vz-;Y-um1tHKrM#_wUzW>mhr=wVY8^3NNB1h~U=@?r0L9 z551W+wadP(-^fJ3tYlZtTPcF!UUs`b)+3fzA5pSedKMDPws@ridN`)49b4PO?VdVa zzDp!a1xZ0+kfh=T3;NacQ4FSvI)wso^Ln9y;Mq?ehPUvhC1*a`^iTf05lp<4U(HYb zDnS8n8!ppoIblCdoAKOsEnJdk_ro_-;y-(3I{4B?qWWuQN(k{Ay9M*)Dt}|VE!TRO0?4(zZ(50R%@Kz04vO&$ zg%mmI$H>$gk7yZ-Bz?5j-6v1@I(a`rr8GU7UVITCZsYf^$?GowSJeIZ6iqk&9F4+t ziUF&@tnD23ie9hG9QH83!RG+lTHCEF#P$ZteiQ>v|f za5PnhkZi##YIvH?Y_o73ruH^t!No$N3+UMQMO|kuPc(r`qoK;Puy_h59z%{@m1F&@^W9e@rWLx_=gm$REyMY1;h?0yQ$S<&bEgXVS(@DqVzs; zZa&muDTDE83h;CQ|f@OotJ0*W);#3Bpe{Hp2+#fyDVaj?8eEmz$9S z!KLU{p||Y57y$Jp(!#RXVSs)-u*91o2!RB6CCx= z^UoObYWbLVv}Eas3s%1mT_vHpj$1`sv%ww!lhZy+(i_z(eCL3AU0D_2g4j}C2LC1x zAfBpRa$rbsS%};5qd!{d>&r0r2(WQ<9ZO-O^8nf9`3D3zIl%OlTUA|{!Ca@JHB`3L zxr=?DpQ*l*%bpt$Ij}DWPyb*oU*eeMZh)#TK``j*v}|0Jw=6utys;8@H|!9|qj&;`vU{QpE90yvS=w234Oq^5jO+x^(JiqgnN4;vKiJ~VUYF431mUFl%UZT z#L1W8CasU&Var(vb)kTt=T_yLd26GB_ikSGtZwMqhiPnVgx77E+vn;bT#jL^InMcW zWnRKv4Xj4);bMkrk&5)PCNZjGFagv^s(?$DO(Ab^hqafSxjYyhw|f<_;S$hqOK)RKXWm{xE8C9 zoUYtxO`WdT4xg^zOA{188o5ULd@a|D^nCv|e7$$uEA@0E&dinJM|tUn%kDUhamgad zAD!#`sm-;dmoVS($I{w;Fn4Q|Xj?7>%Xw~dpQGYTA2_6xv<#~w)BUQS?_eN3DKvtl z=NMpnMe!ANs=eYN0`(rNZ!?dK<&J8?*&2-X;ohQX4Jqwyl*2)2mgu?SP^s_14kxyG zYQ6U~C99r;Zec5?U;Xti^hpl|7%DL5hGHK<6vg){&$&~k39x9zC&1pG`sdlU~GQj*nr`DYWq8C7Q zLVPVGQE;smk@=3}siBEO$s@I!Xp4tCOH%JuGb(4T)u{2T$PbhtcjeQ$`t3NTf$#heTV8WJZ2Hz=h_s9)2A~Af5 zRbLU-YyddEZ9&4}8;~YhWx3QHQHAQYx-IPZE!T>X6z&GeP(G-d0sStUo4Rk#5ft@P zN_rYvW8u@VprXUu_-c{)KCCZulP${$mAQ&-%I`u0WDRA){Q3^4X^QHW0WpRxe$mNb zy}w>>`~jZDUC$lr>d{VeURp-AIK+I*DY8g2){}YSiJzLdSZYHM#$RR^@k4R!lt`CP zf)@JKJV-dlVr&JH*&xAG{QV$Q%IB)=qmJ2I@ga~q6@GYPeF_xy$E#-vQrO112?GB4DPdL&NO z{K#uRR~e)@Jy6S5*kv2sqy#{srdBt)^z%r=tTm%8Xnw< zUEevTSKvjGP`9%dmvD4x)j#-Z%TEvSHF}($w4slmQ%u#~D2QpZk=nkIaw6BaW6it< zzD`sb*UA%jHLUdsT7}-tXFE1cir^`AsRx9S4g#p2g>%}&R|@N_Ll*^nJzZqJB4MGZ z>a@Xv;g<@P6fxI@hbW;gCC-|G#1OKMd4Adc&LdP+rkJp1l}_$PdHHdaIK;8APuA(H zsfsWd^;n{;aWpA7o%}L(0cZFTQ~$-)Jw`_sv<;(Qhq5& z3`$y8leb8p&0Zn@z}B-YGWoZnHBtO!;Oy~C0C%Ql57-p6Y$Wz^V@K5A9K1$d$OcZ9 zti4xNNF7)AO$-bcQ@=oR2|xVzZgZW=>(%CVc~r2}do-g!=ic<$DgsrK{$SU&;eDg{ z!P98^$(^qp8Nz{(DA>Ogrd8BOi=YGH_{R5|%E!5hrNgZ|UK^6($7y*UP6^7*w$fdwJ zGPE0APYBWqqoj&`^{8{r+QXR#4(IP@klOc;dg_ZT*j>oH7koFxI+kV(kDjRj%h zWA_o=;hJv#GFj1YIMWZ1(Jk0LocXQ{<~!5zwLks2-*;QV0cl$)a{s!e%a-6(DzV#CyLzT3TdCD3(kqmK4U4)- zqEoWBYrm>?bkpuPZK`KQMzE$2lUxsPaG5BJzFBb))FP{4jzmJ|TfW8Y-h<&21(q3> zsuL>FrzzfA0+V-{TD;Zks| zH<_CCQNU!XJ;wCKey_H&x;LBVpML6$^;qpVTridm&C#O9aqfm8LbTwjhfxK^M-4O= zI8=>aqx>SLss?z02PnczA82=(Oo*{pi=SY{*L-h^vx8&U<4dr#6xq;Mp!}s4(oYir zUfc+;V8>7o{I%|lX*Mdg%^Cn^MvuM{%WR~ul_}rWXz>(pyF6oo+O^U!r_0oFbgFQD zZwGAa2O03z%!Y?AR#&6c3CogWTaanTZZG_a^BO3fl8DG!3cKWIu(SR3?{6~yz%Q?Z zw}#0{%fF;AnS*yKEi0VA;0f%KAiGSlA`(OL((%9|v<> zQ@8I0FIw1Ldx+50)S@<;z-JKOVpHK7mn{?ph}jslMgnr`m8*foq!Ue(RjWjY!IarI zB^^ndN^(urVA#Dg%RT#- z8#3fj>z%<4Sx`Ik*)1Anr)GXI4#B9&io-_f2<4n&+vx_DaZFTga+w;VIm;Y*$3MDOt#KWTY)9!SOae@DU}p%o4w+z~1=!=2%hAbue60?D zgo{v?MW)89T%I*}S4ZoangQ-nXf)dNX`2_#_p+_}_vw=Fas}Ya1L+>2xi~X6(>mIs z1#1M$C6*dq6BE(G0LZK}dLDLe_%T72l3ZHN@{{Uek+}es>2xjlPIsf_I5+w#nNPZB zt}fj})Zq#A*+A?*Xm3Oli-=>#F_~u5E>=I`vB-)cO}%{U8cGBFlb4DQMq9TX0mEhq zZJC5~yhyLD`9-W000Oh%%8;O*>4V^h@QO6@%M~7Jur_oQuAQr`^r> zOADz@)a*WtkD7b0Mk$B!H@SNT&d~@eDTIK&0X14b8C5M}Qnvks*Wx0t2GgS?Z8^~1*p#BU=Pp$-BtI2$DUjPOM0a)C#gU~`mzmmcyI z06Ls{ieYEkKqD8~ovE|}2mj~3`vuXYwAEH z#9izdv${M6ZLamJrTQ(c8NfHc$GWz3SHAZ>TdL-Sr1yk|99<9HK}ug}-m1&{nwop{ zmB+9Cv9mg)yvTjV$3+MruKM;ix*u+&u+Ua;tWpVY`Qh*tU^jne}A9PMZ)VmjpSkzJGJ7R zvfExMi%0S&b!JMYBCaSiAUzOMkJRewrsYkWO^Hc=1X}l(OpMd|>J&z$o8~jnl;wR! z?Y${@@SH>*q=n)bEHI@uFh3z$=dW2DXZ(s>rQwz;u?&r5uIafEf9=uUv<@e=Ye5kf z-&{)v2NBZQ8>+$8PYii?&*c<%D5&+$8yp%PHCo2#!X15`j>E;}?e4{M!*;bhSdUF6 zNjBVC4wy>-dDYOl6scx#lnUw27;8!wc2v4GOdN|uA z^%c`5XT}+;@X>o`TK8&Vhrw|OEQ?9{<1Z>9=@RLg=(-mVCXvB<{%3o+;=v3hT<@D` z>%Hs{zp}GFBjGdWRkEqEsY$JzXgE2aU0-BTZ&i_euS zM2%C~%qzkZM6&gZn!&_!6-#d{Ass?DGl^&La+lNFT0qd=l0qzO>yhcNhB^4O9=VqIh!2Y|H3 z{+C6X`$sk#Mt`s-wuyn*U)KQB)%v*5E+ zq@z-jRa+n5W&Xo8tl&lq_G6{D=PbwCU`SLp92$qcaIkCENg}BZLy;L2F@8*H9ODvt zJym_47fB~HKwetil=T+PC=%{XGoopt0vP$?h1ZhcAs<0SQ&|gg9w!i&eY2CG(8Dt) zg3c2clLpQQzk5LePE~6lhgArSEsmaYwzyb+O-4SsNn^u`4(%RGwP8zoo!5)&Ge95T zHx`0WeM;lPX_eG)mr2EzAs*+FwXR#{u%Z5XQ+o2~8etz|tb9lB=`b{HPPmfQa#V1> zfjzv1)qo+IWJbjFM(<%8e-rx4Br@#waV3&{?C(jhloHWW$?-$T;I` zAyX+U{PyQFKO{4-kJ%Fh7!;AaR|O*UcFC0m$k9w7_X|~@5eF&O#p$kBjK80R>|&D1 zLcg72B9x)@gYX+uk=rGEXynJy*H_BN%NZYi2vv(gd%@RGW=lmuuX!bY0T?3XeC3r` zRX38Eta=OXx=uKnzDRPLx;pV5rkoogwc0%GMW@Xr)j0L|>Xh2Mz1aF6bWCj_svLHK z6sC-MI^MT4J|kG9C?#tD4MWz^O^4l&xB!my>4i&&+6sz)ouYIyN^~h#-D@`ZM?^8_ zhn5pdEL5;|bon}USU<@R<8U9_yraFh%0?gK{#)r$i}B97pDG)5yWVg)cS4dt{xbwZ z4aa{)E+164J$VCqFCq1rQ=3+1?23I)mhUnweKHgy9_swz-;*God^T@&KRue$v?v9( zm=hA$K*wg#P+*!-S2X7qnw4cae03ONInZahp<=mjwJ?;c;8{ankhRB=O*Fi1hmCZF zXut7(T=J&Z)OuwRL2X4Zv}vmweFew;IWa>Udesv*igq^eXzR7Rp_uGBtKkcYxWU`# zRr3UfS(Sw)JGF;M;sN6G{^73f73jFljmRmbsex0c5P2yf+-|`;QY~pWHyr;9X3toI zEe>Xs)VB9mzT8Ty1DgN~AL?kQargS+b4hoxAI#X*>$I7Nd+P6DJ4oCI`Jo}>WuCIQ zg(dDY6<#GEuHi`Kv83|qJ8L1qK#Y}|s-s2Lfw!F24<(!Sl9}WRk*$f;TU{cyzPZSxqO%SnIZrQnsxcLv? zx>nH25E)+vFysy)K^BNIhQU%|_Tk8`T<$Fk4+!B2sO*$-YR2ldvlK|u&e^C+8_6PV z6#gKAn+wYAV-&V(Wig@Gz}kd3sqQpl>l?K>h+c*>SWLO2rgol?B8p1mQZ$#or9T8~ z%O12=eM4ypU##$AIVemnesPpErAA%t`P@)I7ckQT2My8gXQWma2T`3sC+{E>x}cv% z(_GqT04o=`=xeVcgOdDs`&stdtK75KPhJY}>U`_^J3@4W#polf#?;LL)t?X5_jh4- zhIT|oxUrQu{dg2)ibY_S=(JUVS z+}~l4Zhk7$Y&)H(uxs`4A6X`}&TM4IwJH;}qW7uMl;-REh_)~hp-1eiS1s@ zQCysby|F>Ba@RXl^<3GxVGqb|fI$Kg+SbAWC{La6{=MRp5>u|G4ct)+jKd@s&VEB8 zmnwsD?rm7B;!K)!W@Xo1m~qSmgTN#Q zv#yfwW&)@9CvnzuWSRbrO2`~gh*(680gy|#ofKKokXU3(4JQKVxIC?CZ2mSpOu?v- zqDO1_G?s_G)34Z0q`V~vFrlLC(i#uvDcvZjSj#1^X zDrj%}7LPBrp(p0qy1vl$-pBoZ>J`K0cO=oD!*;%nXn=hE_o&r|)FvRt&Oli^ z7rcJbea!}JV_*C#ZA56xk_PWis|^`R6t@(6G}b%k3-4p>`BN`QXVxNMrU|rZx;%C| zz2yLt$4g~3VVI>9f%FlSCz|W(muuSc&Xg6TC5?p}kc+k5DuSxVyZAM$bLrEI#<9Ey zk~>p8L$m(*fh0ZTd55EatSN|CizagW#oM~b{UGnysEa$$=$R<7d?P5kHU&3HX+Qjv zl|VHqR@pNU&AQ%6Z_&(sg+(ubGE}KOe6d!gURP$kz2<+wxf5FLe-R zt%jxvR(wfOdNnC8iI0pM>O&H<6F!x-^bx=c6|S)<`wb@3(hfhJ8UIHT}uh z`+2sZe4EkWnr)z38{DVbu|@JilRl~wZLSEVJ*%(7H2BC>M3xnv{@De-q=QRIa6K+O zC;hmz6%;e%;H+=u22&`oo5qiS1w8DPE?XdE=%0Q_t%qXIqc;;+1);()tv6ecj zHe~9SfyQ#PC~IIv#mI8Vy&uigY^`@-0{2bgoZ-LPHMv z8(=_tg}s0x7RE0BAXfa7al|LbWGpM#Y6hD|z2+Q!VJa2TqS9pWqur{{kTI@{oB{Z; zjXS~7j=aE=4REqDy2~-}XF}}L>>ip=>CEO{J)rkFz0F-lY}m$ngI2~Kk{1isPP zjk`{X7g%pljBU$2Kv~+hb*W9${szSk&BLd>f2`>#&2I0rgHfw2#zb{r`NY+ybRFR~ z7D#r(XpaeaS4r_VL};tT$M`|`X{wEcLd5t?+pT2$&`7FJ;n*f=$9E0>U#R=1QyZ!| zbaR4k`7$tUOjiQB6KB6pWc)<)Zx?#2~#@a}m$kt+8yqF2V3pw_Ad`|Cw z)0zYOjP_r9>Z*)rNeZi&CUE#nlGrY>%wm*Q{(E>qAIC`$oX=tItGZ{|Xm7dVY++of zabv6_p(9^A{P1B!#`dt5x(6q9Aa~I3eKJX@t<_k~38_>F{b#hVImCx%iaP_XQd;G-s^bw>67R{X%0%4U{C%V^aF|vVI@Kx+@dF$}B@I6D&-l&3e(mvl!b2 z`nxc-c0x|WH5K1>+L_i+YAu7JVn<-Ceh=o;$gdS3Zn)hObK6|TkFA>ZWKAtS2>KlN zop?S9S~lt)qZGG|T}Xh-HLMgD%5+};Q^YGI*u4E` z$wFubKl?MV**_!w-{CH-`ioy!HGlhW-uBqYG5;$45@(|eV^8q!K#l+=$u?uhv<>w5O z_*tCNn|Yhkn+!EFgWT`!ojkwa+?F5@0zXEfFw;8@G<<^~zqQN1mQ=6~QZ4UI{g~h0 zg$Tc2{oVS*_mT|_{M>2U{^aANai+`9)a~Wb9Y_DmxGU& zR{;WbiaNhP2+?UcM60ycEy>-Wo3H?2o`|Vr`6$qCnoBq(*$B_Um$d8!%)UhrD|!Mw zjq1K+LpuZQohI>)+(qZUUD|Uh**$}o$cXoI-jAIoWv{_-EP?StYS)lJ03P&PNKMf( z|F<#6NhoYZx`4TT59$k#3~7kK=(1))Eu{dD%jWgLDuAgZ{+AH$qDo`Hrav>3xi0#5 zKN0Eq8=*x8Px2RJV9Xf|;}n)q7%tgZk0;j>qYwlR#TXDMIJR{WkqA7x=|6AKZD{w= z`0L?q6)sBAw(5+Ml>i9UI#1VzXPneY(Ks^+=twLwbE zM@M@aJw!Jkc7~NF^hzv_fXI4wZRm4*4FnQ~izcT_o0kfMWcQS%NKw#)fMHAeaabEZ zo`h*U1H9P-&QpZZMG`ZRwJ#jf8vC=C5p7Et_gPI7ec5rD%Co17ooOV1s8WmmEPCz| zBhIIWO-TLWau{1HQy&h8O{ZS45);RZ)A+=SbUR%;0zr7gM1EJwSd10}Oc6PY=Imyg zl;Y)YwcyL$EM?O&(s~G4$_9I5axr_{*<*Pll5Pgtm~AcnS|{n6J(RXT2PpC=)_;Z- zb1kc4|G<-9o5ucS#=>Kr(0aCC7a-1DB}p*h|7PHFXQV9Nn*fr*^OgCiXy~y zQSjGiZc`!v&EzjoOQzCiMX-rbnN;)}5(KoHWj~sM&6&3Q$?fs%&7}w?#AJq=r$?8pG}VmNExO~#5z3KnaRL+0{9v^@WyPpK3ih^^_Led2vpR(ElJEE{1$ zd;Yj^0G1(lYuGK&kV)EfA*JzyTvQ>_y!qV;V*(;;+-TWRkqX;$`iK%L!mntKsLl;X z%h!5xCk;XbuabhPznvr3o(>a4DxPR9BbxdqQ@fD3YQg;%?fdT#b)BBusKYy479AM8 z0I_1#?ImMPG9QYiUDcn&>KEO_*ZzN=&IpLFyOE}ww@8P&35%fpc4>yXF{wj(ZZP)= zx^6cqmjcw;XSy*>Ils11Pj(!LpGSIq_P5?!S-8LaC}y^U?@T`4SFjFtvzbPECFtFw z0|*axMNIyC8hv?Y`ttj4k!J+!n}4J??)GNpr!S}s_QCG|x0T?PI!!@2kvVr0lO)-+GW0->f~4kz;6yZFF!;V&%G zzoU{bOep@*A%vuVouU)|nUH;8K?{fv#3lUWF^LYj$-4gE>hw?N&7Vs@9r=Dv0XdQ{ zI|B2vF5|xSe6I+Zs8Z<#yo)HSK`BVLmb*JUV!5#pH&vGMm{pf#n0BEnUT@S2{V7!A zc2w%JbXtHb^ql)d;!}IBWu&2+gQvOb@baQqKKVjQOs>2Rqa!}Z^{zMzV=eve@?)OE zH+5st>Hx1D@R8H0raggrW$)-~olc{imgmK7JZFEO7>^zPHyQQk1FD1H^ zWewGR)MF-Q#!`=Fz=c!4#MTmaA%Ny)7<6*?Hd?Ia{`ZrPcLAVqM3?Ubo8{3kX%6<5 zt2Tv}qDfgMg(fGB$YXw^EjXprOZYIu{uD+wn@4lZ7|=jSFBVxcP2 z-bt~Y$t5WbLKJBT6~FA=+T8^~3eF&M#Yom|ShAUnNY9|;n~}|M;GgN{1x$!=Mwl31 z(IFL|_bh8)cv6Re1*m`T=aM7-EEsU9$jblE>;TvfirSMj#?L=tOR}Ee-_zZLn`|d$ za)Nv?8be`avijk^GafI-v!>U(yU4!%@{$J%QHc~Jvk3wZv$QiU>2tsh*Vz>tmtwgW z!(39DAYnTa-lJ69^HUWxkHxH0R)>WY;^eSO?l;(t?NT9iv3 zYLVQ9piAdOu+gk$@#XME-UXgSMXb<~m#95qJEk-`>;;ercz@sC9q2gcl$6LQ0@k}G zY;naU9=HIAyw9wYR&kM~-)?t!7Gy9@MpsVq9(g48tXv_*17@`hvQ3>qG|+99R|DcE zcy(*(NZ5tMse4F`W?A#jztEK%icAA7Ng5ja|0Vu@5G4=wO)e^3X*P;sBL>m(kRJQ( z>GBzkEWNUK#WY8-W=>{FDinn!6l8v#N6D5Qsk_q*D5L z!1g-J@pT3Ai#^C4^gKB^iJa|2K4|;to;Hk9uaxjl97FEA!Bz5oW%_0Q?PqPO6hH*y{; zNUl%%JC~+C&yek!6L-ditH1X0M z0TY){r~J~I>NpwU;wtrUHnU`#vmg)C6JPMCp6nVz(+LYNijyS`TeL;ld^VJiR`J><9ICkWXx^DSQx^4%b zY`SiVt(s3}<)K_PZLP*t-j0KkpbE_BD4*o>PQXZw>vaBDhU(7dn22jjBFG;wfLs7` zqTICuK+`5N!*!jZg|?AC9o))hM9={3Jph+LDoWFqeqL`;>p2xk{c7{(6!ac^f4F5QlWQD zn-!eH(%2Ro_(tpDjV5DSZDJqwBsQAMV1jGEFPxe)rm9_^^`23iZ=231AE+`ibxDB1 zZZ;zSKBB&FO5L#018F!(5798+AZoV~TjAUi%czp&IpH_Sk_%c!#|R~BjIhe{3ugP% zPZL3YU&{%U6)v76y6B%5pq7KsnotF9q?(q1Jnaxu@2YJ0u;MGscz4>&?bCzTyDg)K z+lQ(>SZ}w%eEm^`I~cqSi;+(yWp9Mus1T7!Yz+V%$IVY(JsGDsc;g%X%lJ6=Jk@U> z@%C!zvVq^4CIRONb?Hh~z97pv8?m<`$8LDZpJXeL3$qvSE8lB@mKBicl{>>AP)qx} z5%wEgl!RPzT02q_ex6%CDBh?w8m{%h-kVAa(T<;*ll_PEOlD%_>@;#4+`Zd@w#{4v z0jJG(t!lHIpW9c%+qhhkM^EiP3|$6{o3m6S91eXr_3u0HmdRiV`404QDunAP$PDZ@ z!I?DanMj-oYW?n;TxjAbnDK!p9ukWx#@16ne;PC>IA-%0Fc^L%Snc{V^DT9O)P7E)0^ z?-joPkP04{-sNT|1q7(bWWaJI@R~u>eX|1ySF32fthcV+ecH+1d}UJX!poBUyB0aA zQI&q#K3dwe*HYHz3x-!z!8i_xXr6@?2?t0=sx%;@BfT1@(qvBj)7ADZuX`M?GJObC z1RthFH!y1TP@+nN9Y$r}PD%2nzfn&QP@%-K?!`&6mxnnnIC+y~8fmI>ezCQPgE*C{ zpM3h<=c2=8VnbD!nG_2h_J-FpZKviy`iS&Qi98f4Y(7S#=%zDc;MY9|4V#>iL-kY{ zYor{`D5cF#%(WaB+GRm;86bQ8oXnjO_;hyp`dd+(QQ3oXS)S)Lp{zV!LYK5Y{RcHh z(?&lMPZPa8C)oej?m2MAobIgMNS=szi}_hO%_K$h!sva0GJ7~!yu%7)<3s{wahuc3 zMEKTWB)?YTn5i)A=0#+ps_G}|=jV+Aw1va?4Zfp_vl$U5Zp3sf)(`~;?n){{5I~rP z4!&Q`M%1~}DP&n~-zC4~aNt^V_dNez5vLN2ikk2cn>k-f8aEjT{xnUd!SS5?_5O75IPLe3`biK@cP_1R4Yd6`D6G~PQF0a>-eB0jVa`XW z@TYp21B(-Y?z4BTJGc9yX8Ov#kJH0}^E){0(Ld9=wOOVE8S}kucV-3Az|F>8PMv?Z=|~2iSZBj&`*nDjIhgLZ|*NdB}36;81f9-BI(vo6B%zH z?$b}370z7|hDp&2x)z6{Uw9vX6O+{Ey96$GQ zhs=iKu9eJ=;jST$ffBDU>18H=O|a*tm7Y7V8uxb^W|$fM^RQcieog(oR2NZY=;C=+ zCB!CcTsh_2eGSi(Q|vBldz2>R!(U`Qwa1xWW_G2)YA!jRwid+1bYxr*HQc9#*!@ib z58TJ!1yKu|(9@hkCZ#T`ME5SwCLHEe`pB79qL8_pcM$374@4b-(aZS5x|(K0C7sE5 zMt-w)ed68cO%tN2C1=rxs;;&o8{Xau7p=CIRtHEiz>`-GhnH$dCv_jD54k1i)BTZrVzlE}z zi!A}2f4ySUI`Aj(O26d@An>xDf8KR(^z$IXuX8-dfl^QNhsB=`dROyU24EXFEuJag zz%DxP$b2|upe>hs8Fm=cDA^CRF7eJp0(9yV%~8umr7$m>AmR)!0*LqiRlAb6!Q#7N zA1IBnr%*RMlqKcw965rc;qlSaCRthYf-$+%HCPXml+if7uyl>zHDh=m%@_Yls%?+9 zdD!l(Y+r&7H@gOGK%@ zJM}1uK31hG9(ai!D3ElGs1?ZPkw?aDyK9cg^5s^i@kyD)XUapFA9WmjE#K2JjS_NP zDCmJV>Ivx{WX$ttN|iilPx4R_Q7C0abOixw*>22XNC+0lGL{u?D&Ad*TA%ASv-Y2R zT2fvK5OBk4wkA_bQ{>3wPq$ut!VZh(lJaD{a!Pj(G69hrZlcPOwK1253g+P`{Y_Ik zj3xMA(8pyf8y5A|NRuZid)g&rJ^&!p5CGm=4+r(<~c8f3}Dl;g2 zJ7VD}sEv?6fCGjeZN4OW-xl0 zK64BBbDTqgN*@`47HA){S+6L6hL+QyYjp%+{1TanP7A35Svbx-b_iE)U-cY=dfOH& zoJ9Itzps;C%Dv0)o4a)u?;mETH{^tR7Y%ur$r(keydkpTuHlx|0RJqIG-0G*9^(d2 zyX}}LK7H3AZ1*d+PUDoLc#xWo#^*pH%F051v0q?+8QnZ|Nzr(O_?4_;^e&xP%9VO> zGwA_hwC)P>t>t~EimH`rk4eRBB!Qqx+N52wSu4qbR2=&@KSB5vg;=s#(XZ5!LlcDO zPhOuQTrX++wT$G_LvMf5B{~=uKh}9S@q>$y*>Rm8nNJK&?^mAH^hBv5&Lr?AD09ESP^mhtgko*WXB-HedtRrEfX1lOD>H2z%P2Kuw9Hb$rQ2^<9ZLu*8NK!Ya5x|(PciTk&9zY_j1 zYe?eX1OrkQ?FHUxO{wD~3-NnPE7r(lnw$#_UdQMjwD+Ge>~+HN@Nv z(K3;|)SVY3n@(n=@r&=Qr8K7b-DHbh)_@?wH!agF z+x{F)<~+3a5@zpvu^hYbF&ku1*drl0{;eP&iLCmtJlXMORGIUD!U?f@nO+pf?AX0jcG?)={V#YmA| zyj(n9%_d8n3Gy@_SevKapgJr-J=6{GRZnDm0Nr&cLIuCuZ6o6hg$Oj!L5hZL@4&y%1A^%$SYfiKf2OGbz#L))C1|E(r=>N8^4f=8Yka~h^g916tf=5E9+ zv&|!=qLY&tUJMr5z#$RN_8^ zpV?YNh2bp0`9)1Xp>Ja-20K4floq%mnXF-Jv?Gb=j*qlUr23ioRYPj4Rzb>9Lf45u zbfGlsd?FXU7@=3vjk%^oH!=P(cNKOUd100p+}Eaw;qT_~vdb4Mkg}6>3*X?TU%^G6 zhL_QhuD_#8|AwF`)k|lGD$CM$k7q-QUNcB;vGtZ!Gl-ViF#^XJ-ZP!5tZv2_9Jd=s zg}-xSWBseo1X9Z2o|l^1>=T_ zbAS^pZ2CYzpgv4Rzqm+Cpy>!$)pB?|O042fY$H9o0+6){$^5_1l)o0qZ}R-wCeE5b z(Vfw;K%Pq_cD?!&R+Qu;uQ5q3Hop2BD7T7A4LkteM~hb4=oim8Kc|u70@GWFkr6}5 z1sHphY2v5#^T+|VPcIYNhj_JyCT{PUB3@7xW3{|!1oO!X(^BtgTW}igm&s49f6q})R%>~L4 zmf<1kuPsK{1L}LHG#Oqo0&LvtX@uxIASOmnf^JBTWufb>;KldqH?NM>q>HBOPo2>t z=kuCZxc?VhWWuSG_^-d%%kzIq*H{LH<7TYt?*@ebu@^T$-B{H<_`h}XvVJPhcN*qZ z2)u^XJ+0b5=^}@Ez;SUEqP;YybdntUS^4+a#2&PLnwJr(M68+ry@uzh~HhG+CiHs0zQw)W0 z<^gFdjg_z@J!b;gRo5UWlY~9+mqi8@&>4)mgTB}jG)e`U#HjshUD^a%`b^pdMcc)4`P-NV z^E(~7P@c!P9rWC1NbQJABg;IMwlI??C7kzB@w{3Yl5IxHcV5!|iZT%N53xjS{TrC6wxQ)b@LaNL=eC3@;tt|i`JiEiT#oVJI?RXIKddm^ z5&H57K`=Pr*D!)Jc-x3S;uf*}FN^t{Sj#s;=36P9Jd?pDytZn!2-32wNBWn!;K488Wa|2Ppp1l2jC+~- z4fl7wGl9oHl#xx4Z-3}tHn1*bp>ay%D#fK@pfhk6u+z$Ys8nZ?MtZalklJ1E8JfgN z6vnGSRQ#0g(CNHdoCJg#`Mq68X@Bn!@z|FHyxyM2Zuxfo&XLS$3_{2MLcnD)`P?+L z)=?Pu>gm_`m*WDR9fIxJ!=c?y2mZMKi1t-md&wrZsH}3o0bQRgkXKGS=fgjl)yUHM zyv`lGJTs)zZQClO=@(x|tXYee5&yIhXlT$l=AAqpQgCs^_OQXM;zAXovXG&>yJ2$6 z@*jcmURVVV2dGeLKdFm6fJEU?p-;Q_891si&&ilh+HSRVzVoiJ2jmUE+ZiwxeM04K z>8)I~gt>XS(vObtC=u&zXqZj3>QbtnW}uAcX^PX7V(Nf2{&{?+KHP9DLsOAx_6}i% zL7z=N;cvu=o=2R=<2c@}>7^@*v*cUr2BX8%4WNVw`M2b(PJv&6MAcxOrg|QaJDJ=q z=)u(jtyHdN(Z}G2D$5~XW~c?hjPYPs?z88GNPg~*R;);Zypxe&_ovPaI3>`!c==~{ zR2Sbe4l&wnXD8Hu3C3#%`))gH5)4%OlWmf}e#Wmx%@i`?D*jDtIGg8nVccY6=71Gi zF^HWeS=oHz+6U2{5VJ7`Lu@=!hmo<&|I&-Mye$9gE}pdfudR5%%PPK;CiQ9kq4I+? z`utqxF~BBu=t0Qc!16K~{eJ<+pM22&=dDHpTv~7(*j%l{4l$BGgy+pId97E`#`X~hI)MeNgsOp!o92C{o14fMTUCBY$G!s zPEJv2syh*deeJ^0ZMH3g(CIsoL{}H8-o~?^W!sdSZq-wKZAnSlTcT)rrAL~n#R&#M zwDjsdw00qO9?tP5OJir=O4pFp5YmcL9*NLW=lUTS>k`wZ2kcEO+zaYxE~T;`e?{}a zh#iTzAlMe9t2A!&>~5qwf<&~_{p2pN?XNKvX5qZoMBeK<@!M2WTG3;D=Qhvu3Q|m+ z%c7;69hbgQGU^w8?#AQpLT_4v3H0ixa1t_HlMSEpG;Ne)p*T379cJM2`49_`Nc0lN z?9pEuQVlV)E;W_m!(V8{=O6e%7)jB17~Nam{bhE#K&pxpm*)J$lN}5KACLAwo>Du% zd)|*e?gk&_P9xvmlgOL$SaO^Mu6F8!I%|RRr578U(7Y=v1f;MT?!$U7{yCUY!6l0WFwBD%J6E4uL0cLj-P5*n!5#R{Od-MgE5 z{cDLq4ZoHdP9hg+H<5l6MyrvzP~Av~_@vXb@|e1f(RndHBCtYN+z6s4_(LDR9nKtKK>RsH{$iQ_{@s!*+1kwnb{6 z+lljN#)B{wDTb>LKzd5AeagPBk-lq^3k$A5jEkMCos1T$Y5>r$3ruH==(?;KW`jd5 zRYfv6f#db#KS<|#_{!*BSputk{d({?X>?dri_o^HV9vv8%)Pd;H&CZq>aXn|E>sn3 zC3rZ&U%r0OtrY`4gU)L9|792{Xb0uS<8Vq_>Lg`!)#%eR5)oZREXhNWOMDZRn;h1)4aZtjk%aNKWhX=wcu1hzdbn>L456XSmu$f@1U^&4$ zeX1JK0NYY3B#Xg)%UQHn<>`g1$Dm7r+w7y4lL_b>B(5G7=j_t_tDmBJj<}M}!!*~a z$cuk?smBC3}AL&C`k2%2)TWjjq3)3Y;&AIVEs?@*9mi^*g-`#1el1KE;zu z^iQh76Z~Nqsl}YdfMS}jmPxH^(h8{5k{oxPRNEJk4_h7kMhi6(yHC6xL+BfbsSmf& zyChL~yw)7G(XdB>{<;$sTUh){>^x)A3qsU2%PWssIEOA3dWPHU(Nwwy=&9Dl%W8Mb$vuFPSR} z@kOW2AP)K>y#f+9Tnm2qwxTV#`^vqd?8P-dqs@9?T?@`Rw)$U%G2x`#Gifm5diJHD z7%qaGFY*NT3`PH(Ev3WT8uO@m*Z^;QTR-lLC;u!`=8QvX@T&p4snEyD4-K{^W!W|(Jo%s| zO|mE60%DTf`>7Vh(JSY6i-}thq!anvFi5H!WX*eu6&^^8#$gn~(4ERc%NhtW$oCY>#a5N7Nv4l%YI@!U8pxfFP=eU5bIk=6t_sl*$u@61 z&85Hzgyw=*60Iiy_C(Q!7qpd-mGC~Jggphy!&*2{>}pB>Y$@!4)Gmh7)6e6vI9?qM zXdQ4#Kz88{$`{ln(_y+p=bOW1HiwPmF2-Ss(Lqm@YPbSc+7#85t1HUQoeUB;p5Of5zU)#E%LU;o?Ojd9jwu7pm(HeuE%oXEiO zA}J)(VGOfH+15N4%5ftB!9=n2)KN{kCqFMSiLP}!jADi_EJc0?{$GPJ=xJM&2%&&1 zu1ObJ8YP3aUs}>7Q5`_$NiDuOE&3DEYI6o9Yt;tYt$&&=k5y-YN1DLKP+l8xi>~>% zPpp^Vv>KMZXFvi2u9sQ5NIP&Xeh(;? zELV}V>HCktDEA+OF-2AwM^L_ozbBJh3bDInYDYC(af)f`*d%9&6Ob8m6$!@no@pv< zEDQYW+C`4eDu;!}%@MreF1kJ|Jm~23cY_@^lv*VDWcio>b*Oct$VIKq!sICoN2@8# z#4TtDd2xK=e`3W8zC?E;n8JYv#;Uvr`|A7V{-ZD+8y4#Yjr}CxCBn@X7Jjc##C2^i zIEYA9P9Qtz`%xIvP+<(X9yuS;43c8ERK z+^Ze8sC)!>jbH&P}JOzaRCSH%@z>Z|LFwOxI_29CFMwg=#w8q!7ro7}?4g${y8OD(F zDHUbP#Z(e>MkDnGlRj)Q@+YVjEEz4hFsVp=?9q)k?Wt2-jh_C%OI-3I$%@4FKccmSVKrhSP zdtgWe8_+uAS0T*~xUo!`w!Cv>*og}LNHa(_tHqkj@DOLy(^r2L>0A~j$IyuCYw95*rY+_N!W4+mR!-RbvXrrrX-y{ce?LIFN3z^^dIgaO=5(W{gA? z>15T|HG_YT(6UKTqj4Y4JChz_)|uT5kC}Rq$TTDIA}W6+m2I&|-)m+j=8L7*lmHe2 z%85DTYC1^aIZ5fY6N>`DiJ2xAIz`6Zo3957Ix7;1Tl9ksd}29_ePpd&1Et*SW%{qf zXf^P3-b_3?#{ip-4CkP%uK=L3IBd?yqGBIxSU)X#TB)~0nfoCpi=R){-g8%}75>!;ki5@z_skC-(_w zUkTHvpp9*!RQwOh3z{S*1w6YdL?d{jZ>YH0=F{GNZhJ%~T5_`(_Pu_*YujmBNAFNS zKK11=;zwcBfF!KddRkWbJ6&i?_jz8PmnVXm&j$sCZ%4n_3n@?s&|?YzbA(Oj!vYPb zD|GFsHg}nF^q+;c4^V56~}LjwwDynp(0UBHQY|S5+6s z{C0P|itJu~^gK6rK5v9dX|*PSOb|#P=?3Y$$NXmj+S?`FTUaPw@}l>|=RJFm!EMxb zTv!D2Zrw7+)kXP(yND{AgSPT2aVIt^%x-N(Jxu0pwoVcM6(`lTuf|I*(%G|z>?kS! z4x~zu?U^6$7=IkVU!DFXT{(?@e7TpoNpneYkcR7=Q{(v)k$LsGKaPHkhC=~3-d=MM zXuvjI`pKUDv_YslXPO(q^@>}U*DE(Zdy;Ek>{Hzf(DxTLX|KnUA)gk(fSyzz(gaLWUC#}U{ayWEy}iRjG$?aA}3cxrnWxy;yNuS zjv}X0x^{!0t6dJ5L|2gYxRa(68~={@)^@32YgXp9%R&((g3psOSYdDlBWxzMERvJ! zPb?@WQkEU(Q8G4CY8C4+t#YSjht%Q0$jqH#u1Hh0_%73I|NFZC|FCtBL6Wr1!hpxN zJv%$LZQHhO@7T6&^w_q!W82n_z4OiUBF;Gx-=Dj(D!ThuMR!+Td1pprd|cv^F06sY zS_{GU94I~*?&>5%OE*7|!e-VzyR>M36i$h7>(|GVT=EQA9X2`kT&WR!G;Pd ze}6YYw{hOGeUk#Di$qdY2*p~Kp|n{4=k>z=8#G_l#$_IfzqDJf`Vw?v5$IUPvpglAVNBm@-S;Al<7#4sJ6 zb8C53cy*g1YK1lY@E9!YxGK-1R@Kz4`eKt#wLv%6gH08W0!`a<_Xmox7GMgs$P||& zhv*vRR>v*Tlz_HFC}SkF-FV9E%KoE7+BQ8o@x?@R;11y^7SMmXb~Z2vKgU$fIDzz@ zmZ!VQi0~C8=~g<%p*QMINs+L;L$N$0Z4py1TXQO?M43vvCU; zvht{9e7U)PsfpcXcYeanYZ;ixF5_p$XXOCV+38_5k24p;%(A#+>?a*())-u4|HIF# zg*uX-3n;G#QA?bvgu8NblCtRc8+dn?BKVb?oA_O4)*P1SiAWoMqO){f`lXbk)0*3y zVJ`M&4eAsq#~p8vF!z$~L{9>$xmHf!R~ki`!JI;KVO?QQF!R{aq0`q)zPr3Moh^s* z3mvx~bVEYsJEbIu`R95(Lkn2p9c;cG-lNFFt9;CYNlcNeVUJzp5<{QG6&GPjU^dTQ zi)n1j4UvB$7BnE0=oR8rL#TvRLO2}tn#qo{tD_TN%ZEy{g{V+z3SSN^HOaS0t{wg8 zN&^8kd~3Yg3^x%*Vg?-`z|GJw(edK%MRS%JRWamA_PrA+xIzo!Dw$psyapn-E=M5_ z%j%b2*aW($8SBW%7_jq#b2DXG3qTy89Ci-NklZroguG;R)}^CDJu46Y#Lns|6JVFX zqhYs57~*ofH~)shuvr)}z!JhYPx)#|Z*4M*&~6*vwd_>Y?ERFHZ}qM;UOcwkQl-ty zJh|YZr!o;QMcwnN_MOSWi!Wbcf*RfoHbuz?>#>uCWaM=`=d*}yi zZn4T-gtO{&-Pgqmf#k%t8~DkK}N6LJG2;{cvi zDm?I0r)ORe$H8iz$h-MwYVkTU!nV%DuO?r07qLF(dFZ$OtCoCw(>Nclb`=(=9!X&s}C+P1|hwO zr;peATN+&PJtA??6fa)%Uw+oVge-7$YmozfJqwU0&>dEYbXjn1c=Nt2J9aD4UiH5B z`=>*0b^y*_XGm9O*4ZGb%QQq{I88;jpE)~v+J5T^Y1n@ECkX%ypD){+V|U1TU|4f< z%R^cYub}rOmbH=PE3&QSrd8hvez~MVE>=VtbsN$N*_YJJQO$Z2YPESAr7#AKKTs`y zF+mV^q|5_5XBE>J=`L*+(D*p1Ov~Ikbu<3hM2+qgrL-SrUcp2;==G;p&GQDhnTa+S?LA(?#uV%s&izC_U-w2xE|A{m*vBP zUo&xj^LOS4{;SS@d0NgyeK_XZXlzm6_qNca6LhFnaxv6X1R0CCnUZ@Ax;Sae)vYcx z>ZB{wkW*%e<-=$I#xf}EBL4{ExneIVFATA7Gzxk_^6pETa^X(`*b@OB{ZP=!mH$>i zWbcD*kty`zmZ!wPgHFJ*#&=P8Iw#Ns!Xmm;nh zX;|By!-Ye0^E5M}HG7;P|E^{HeRE;vEe@A!EylteWoiN%9WaQcOrsoW^iy>F_=6IM zeTzX0fp_T`Z=%au0DO{BD~@dPM-p>!NBuUt+|U6RjAAUFC-6-N$=dDH=fx(UbD#d@ zIX;E9>oJlG&FA4fG|hlXd_mg*SgO&g$4un<)`=BUz?SAPvF2UKw)dq(SayPe_eX`k zMxcn0j2t?t32!pb);J?L@;Jos0HJh(>8CC~)8D=^Qfj7p&5ZEq9UD)t8PstD)4qEEkz25ejWQmREDO zJ+$DZ?Rgr~q>wREYs_a0DUl$UA4Q~_44{<3DzjX4ErHk7KEPIz^EAekdzI+Y&1&(s zGCm48s%DbHb>(R*W6`NB^2}--yinRWF|>2XB^4HvY>$-CvM7qBrNV(~SGJelKJ5O! zkmV3(R@^Wl^~K6us2wmXJ{WNtZ!3a#rL*=i*r*gTzQ>C|p@ayuiu%zd&`lffRSd|uj5&#Wg= zf4Jty3(HMR;I)G&>d&RuNoHup&j=D~P>ZE2A{fT~^mCjq$OaY$4ohqMRrUC>Qp&F2)3A z@UV9qe~zA;h=(fSG8Gr;{>rS^y?RPFuc{0ka%&@=)4d);qG!ey7&PYEP9S#gCLV0z z+awMhdW;|f^%{;h{4^Tl+xqi!TKDo7pv%YDh@pH*(`;s&@vv_C7fAy*fkzF3hlxWP z4-=UELAYqXGy?YSBE0+b&v&;Om`j+4Wt?q6YN+PxTGp~C3=g~Vn{fQ*vA!Cu!&V_q z;tt!-P|A~&5?W+Lbka`c!tfS`{R7@7(FJej^}basI7ux=8d`|@88vmZnzI>PW5MiF z@)pDW49irDx6lkb^naXObydr_pF?m#8i-e)qwjH6 zU+$x}+Mk6l_wM@Osqa;!o%&N_atlr5^1Zy$2{|g2Ek)vqNnY2y?xa{K%t4XDbzl^h zo?biex~sT9`iY?ZnTaWw%1CK-OhjG}yiCk{LgmR6X$~)q66j z$&Z|GoB!)Du7U6C{-0>;-aD2oZCvBZ&*z^jR`Rt;^&PFBwE@m@BUU?;c^UOwvwd1V zwN25us1ZKkY;3t$_YSyzt1fKz6*us3UE`2VjMXDhn^-ws#)190?6W7^t_83OY^gk> z!C_8*Uj>NFjJ;QO^qsmJOebqRkgJ#bZO+Nnc8J`%+0|6bVy)Hzur9c^dCt}L0es)y zF8q(Tvl;x$+drQ+4!bZ~XC=I@9QCZV)9e22?GLV4MV+D!b_Z&mx@j^sqQ{()w!5;q z_p;5F1w36u&W!M7yqL6?tiGg^tsQmg2a$!D**7|^7`(<+tKl3zj807 z|D5he{m0)ZAkt4I+1cP%wBtz*Hf#(7@hlqR$UUBjcBTmxY>&u7+2n(%q`DrWBU8c! z6EsY0+r;R4!5h<9JmbjC%IV1-vN1(Z@uss|4zp46@^Uo6G!ACtrU=IAE-W@$f`uw9 z$@MxVyaJ>+#ZYmIfugCfP>BH3Z)ta5+z_aJr|gBK=wUn_AZJ96Wkwa-F9<_$7x0PW zsPI1&Xn9aOhGSu|#Qyd}M--t!pB#72)t2gA?XMQ~d~L~I%YExsr?+L#lTv{w(3>!}z%Q*7 zUPM?JZkSlFfUF>{_Z+P(C7GbclI~6e{)-ZX-3j*m^n#rFbAYrijT;F5ZveGhGIby8 zlh+&m0mLtqtF!RZFGjO3Kkjj|fvzv=L>smgu3!)&cAVEA}aiiau!{GZ2S?NQo2}jsSDRtWl3>x!bQn+|LDusKPO?EwJ%hYf9kP8VRab3ud@<`Q@PYR7P$j#o@A;sk(+VnBHh#cOCP&qhaH{u)xR z2mK{{_wYp<_TP(}oz3{??;THMi9MSAkqEt@hHs2{w~Woz$e!qW{m#>*K&*{Ae!ne_ zTF@37)0|&+6xOUWOG}QAn^BF({REsfcb~lzIIYdgp6BBGt<3jRa$8`L)aXf&z%Eii zpw4~}LhWaYE?3$>py|@r?yWpAv4#n8kXDZ$rRZXOg+Q1Nop;Wn1%<}WkvK}}CGsbU z-eJCp*%D#VJ=Fs7fkRRrT}Jv9hJ(}dfIvfjT{(GKE_bZjGgLx?y+F~FicgRi973kOi*&7N}Y zS6l>{=K#dq5uu^SCe?xsP#r?cYet;DG1xXXJX`6S7#CXcKAj(q@s!WAn zy2SXysT88BV9g#D)owPo=zSPC(c0VuR>{}6+u6s#e}Ru?k$?1=Sa}sPhVF$IZ?K-V zH_~OK0B%Yvg-vdzd4#ltgCvtkh z3Ie;0QxGw@40->X+2sk`nJT69e9c_peG5`Wk9nfbzx7f3osZM+?er$(D)h~s55{om zXTCn!!l!O~$6=^o;gyzF+~t|13i~xh20=X#Z|I}o`ior1xs|_}%Ce@a4z*$?#)R(s zuBr(0+_c~#quAq-)m+DUOYjlEY`L&SWt6Jv>23eu-|vgfbPrXA=T=AMm)7-n@pNLEr%TpK-m8A)cltX>sZ8oHu z5vS9p!|~yMl^8U}FvNC5HF;FQC;|c=6_+D_@?26UVRnU@tg0laG*D|LNM9XZGrLG; z9$)nQ<4h&nqSA?6RKV_Uh7j$q-=;9=RW<8C$P z`0U);KNMVDo-uaKiQAl5q&^5XIDv`3IjF=QMgn=Rw3x?fI}f7CmKO%Urxs1%i^S^> zf)K{(OFpHZED?8%jg-Z++wY1duJ(iWTPm91fd+4QBoj>R61guJzkv~QOt4G_o29&| z0X(SKa_!t9%fQLRlA5gzZ`Npv=*sn9nlS-f=9jr13wCae)~;T(9Bb(Q2ohqLG=r0% z?vllgtX7Dkm1ZSlBVfe3QE(sHO}Ww6yUZD|EKzx|V~^GC{yp~|zf116MRM9tqbhkZ z+XVT-+C|D95qac?gYaft{Dv@T%_Uea6nXR|({7b&>lc@l-#Kbor&nGVbqS8nwqSHp zSpH`4(kbo4#_h+5pZHhC6l0cLOFL$6p%od-^mw^DZ~JQ6Z$e76uiVe|qGsB)CHp3^ z%%;%-#a_2RDps{=sYiMIWQ*-IB72p}&Cq3ADDp!-{hrD?gI@$nQiofB0Fl1P3^Z?C zYMHOxboYb=)F{n4sbn19=V0TL+h`H`KL^H8El^vOaQ7~)YxI4{S^Ey?CSp(c6X$&+2ERczxB@l5q9u&(b>fSz8KLJ z|JoL@0JR#{G&`pkOJ0k(h1C!@4pP6`;-5`!{H+Y+=jq0)a^v}|!^cLH1(41&%3?}A zI!qTB`V305iFWBA>@bNK3cv36rhcRbYgKJsKo-6D6Dc)E5-VBM>4x zos|ST{vmZIFbQ8kQZSBF70g0zsVWo*Fk;!7E}r*nNsaAG4n@Oy5OR-a@YnkW_D5YM zLevB5x`BYsPY6$Y{5r}Kzmp85H$d`V%95RyY^68undEu?k_UOpPh}~79%ZSomwMTM z;;-cSo9|P<6YB5yB%zAEMZX+@BN=o;Xf3Teif)Nm01p8+~uy1jIwH9#HqmQ zs(QraPCey%u6A?5wr(&vN1MlCkTKT*kj10S<4BVc!T%t)@A-1OCgFw4WP(&C5@H-> z$h^5H8KGQ5YN1D2oMj&m9!du}^&DeuF7=qMTI@$3n}8j0`U#U-L^v_Pgj9hhyX^e= zxw%m}g;3pFqe)+cOJX<9mV5vSB`ZZlx~7t`FZvl#fNqQg8l0fX+W%i+H#02B`Cr0b zs-XQp!tU@nc*;PI*5h>UcuqZr9?~wwyv7rvU8I15A2VhC8&ZjG3ZFKN2X)aXY}aU` zeZUFu2l`$1p8SLum`Y$GNijK77@Ts1ZRVsYgjs2E+{sEdjGA^e$U+P@>xcQX=S)Me zC32>l9G0(LZBg;JGjX<=?l4lGMSj;m{R$l-tGi_>4vmQqfLr<~ag4};V+1p&FbOg) zHwGeJ+-``^SasrGMTKbriyMc1@>jDZT3B1N0BV)`cbGgcr7Mi-2K5qok-2NlPoy8b5Z zy81Vx zDJKOP^I5N>t$Mm@?mF2Pg~-(YYwVivE;iyY=3PBtW&I77Z)S0IwLf+vj)TwY5frs< zEZk}4w^H@HKJMh(9-G~60cpD*X@D^u7IVDgStsE}8ETa4(&b66xM4e(D>d{+#-fnU zjg7CPgv+)>8tq)8OWhoMFA&V(h&|mmwHv*Ekp1~*CEFz{=xj>3Wy|_M$i7=d%apL0 zu=oKLgr83Kt6D}Pt_XHnQ2@!`oY(_Fbkk{c^RCs_LJ??o6$K@jzyX8+AJ&sWg6o0f zRD1R8Psk>7-Z6S75cmh~fv8yVasru6Z7%LMRwk1J6XM7oc8C|4893zGc#L{!u|Wx# z1IHt1)qjm0;?HTFWiaxuOjc~0{o5z}@TnkNyu@4M=|3qFQ`8O;^$vn@Wu(MTJ8=kc z&%(@UPnt`9<%rZROyZ6Xws9^ZdkaN!6xp(nj+O0*T0dFn0^K3m3!@VvPQYx}GtW!4 zo$emT`%lowH6sISKuU_-jyv9eN@Bxc$ppqj^agE=anB7r7$oFW#m%H!(!NGR1@`wN z>d~_iHKD2I;(T_o1$S*=|M5x)iVxzH$gNZL)?(bx9PG;M^?Y?)JG?^pky|?Uo+-P( z#_>y}rBCdkY#Y0zx;(GnRu%XqNo_`uDj0A7dxN0Sk_OqGgr| zvR}>I{_X8GNO2w%I8#v!3<9DCV8${kO!w5hRI)6Z) zu~3KpeL(jHVw=~`&iY-0<;f73qTDB(Ggjeq_>@bdA6%Dh{QS>+VU8+JZj6IBQky>ha{+l8ncHropeer z){{WHbh?VUlVpTv4XCfo-mE4@kF*^zT?OS8r@ga zd9$w^$EEm>8|@Nn@RPebm%jWpPqpTlEo6UiD%LZZ@AQh@FvHOXqf8piEK>q13;kYr zy_7c_8xASoE5}4%Q|UC8u?@K!OE>gjX<|=`uTiWxj6+R@H>WR&vL4APD1X4O*MFD0 z5{Oeb`>PIYo^wNon>ZV0VoAX?^LYNlp$!-@e(e5ympO#_?)*j>IGF5|V zni>U|{=F-qKn*RrJdmjH$T<yOTYlOX?Zg09e-J)#b8u6)b@s4w7rn?i+rBDAhKGd{OiU! zBYdC=WHW>wuVJ2+YO|YH%GovWpv**cBuNea3XaL6Kp)hRATljNi@W%1%oO*dysWnH z*=5i~Fi9{WAN3xgx*92Pkzx2T3l;(Y?HLaIW;)+FH^->Ly1{H59~qHTqHOjNOATzY zxS0Z#Xij{$1>O1t{6R=#6k-{=f!YS#$|nG>7-B24i+BSD;qCQ(<@2s{lxv-i`3f5f zq3tjD46qfda3%#ohO*EjCD*V;^k%Wc2Ax!@qV}~~vkwe6|@HaQrhb;AH*j`m9Nhg^rd|bggiuFO0{B?z@vJWDso+D5I#T z7;5S|42;TxkiH-f5w2Q|_W=z{9*$mz0o8tZ=FdS*Bj1BrnVZJ|{jNz|2AEed@XJp9 zGh%tNNDe~L>rTPB!>_qZG`5K^X_yIVPVy5nle*_DJ1=8Mr_SYWr*>uToa10aIN#o1 zjhCAifI~xC5~thsu-nU6+q|3>xoriOlg7!9HOni1%N$UzncbyNIA1Te8=b)JEl>K9 zL6LNd@uNd`djeQBr@qZ`-;*(_?!xH8qex2e=(UtCvT~C|ssAiP1ydv`GD_pMx>S^^ z`uOAcm3Ed+sQoUg<}-o%B=X}@QFuVjrZy6wdsKF^>5wg__{KA4R8n;L!A4>waEQxI zWD$09Wy#(t>~4qD3D*d}?+vY;eT`|V>c#_w>lo={EqmGK_P1=JE{Uw-7V3nVbEQS^ z!4BX%k67n|X;KeQ%bDdP;S~%2znOlm~`;P~6LZ&hGReWGty- z@!$*{)2q>x2#at>NSJ@8UKx}i@~2V$oeM?OTwZTmK^(h_vdO2qG`Ig`-zHm#G)d2z zNmmB1uyYwUv|v$p@J<~(n0goH#4n}Gp*;y2${889fm9xWRm2BK|AgbBPt3i{W3pyO z^#N}P>4N}knRaD)wr^D!j#t&ljKqbr?K{sY;m#6_IN-L@P%4kw+yeLhX6v=j{7}I+;NlAOY44!>>iOX4^kI``cSOtan#9 zFjejjyCS6q-bY%hj{*=^?4MPgVX2OSD2yw;HUq`7l4TiLiGRh%+@36MW9yF)TQdE% z?EygmEl8toHfv|PZV4Vss_Ab@`nXv%W7vzea>*f}wcK`oaxnXOY=)>)Z9anT2~p|$r2QiAPp83n$RjKJ z+l_RsVM1X!%~=TcFDUinlDE|Le@a>IDNI>|W%XhJTksAowlQvS=wXhm%`k-|HmUxB zvJUK6r`O>b!9SCY&t>2!TS;nui;y;BU2K>WhS0AX%6J>@!=mcH9C{PY8uVL?PiQ-i z8dc;OSQolD7Y$lE!a4~*O-#D-ebEvMoms)}X)8AXk#rTs0VswKo`gB;YS-(N&0wue z-@Y4SzFqO{EP!^KLF0ljUdzgl?4!z6fXgOqXnn#3|2DLcFPl8<<26AVr%j>A8G2{! zHfMzbReRDvAPo&`;i{Rqs(WjiY_BiTR4n_@#&yg_C!>)E_BX99X(7MCR~`4PQ*rF_ zVGnd~*0uAP8n&|k@h&b3yy$HVVLHI~Xawh@vUnRD54`TQ1YP8PE!<{k?LkH_&={#X z-pUS!+nFK|1Yn^-AnArE%SGNSqbmPQVY@lm&nBr-xlYe71K|keO(`^V2+Co#bC_yL!CyRqbL~ELdB-Ky@3%JxjW#{H@2FNJ`zFJ7LOy-Dx~%j;Zn9i zG6N^A9ROJ%xxV5_YGZf2Q~-P*BD}sAM#Phhq3$@+>w2Xt%0I3{MX`q`X$~@?Nyd@h zc(Y%^>gpF$i-{Nj;EZrq-x3Fu_%97N2LXb3n8j$AB(S{;=g5ssKLJ8+hkHWw zN(~pRO+WVP3#}|wyLhDRU7qC7f*ZkvhGN`Ojdu5xXmHi>x6q?AYq5psllsK~z4lKMNV7A(nPwJ5$Lj1BL7udhBgF3rx+g z-iUAuwvt*fBE^aqhGQ`tNPF-;AE9LKMrZvoTT?tN^p|vU<0|c>l#?Bqo7d@GL)){X z)?*vrB7R%rYv?Y4(84E#VZ`PBM+VD6*aFsRN%N!lC(4ir~3t+jRY(Yy16=o)T5tfLK;cVVn@MP(*|OiB|PLZ(ed4wM7+vm zkg19zb z>0-u;U(U<4*k;%6``{Q)w{qte=g_>=3WTc|>{>9d(;95nTt*fc1r9>|-Go3%bGXX5 z7A!VIj{Q_cDesiBSK0a0#&wxFrssRhK>XSR;4roxB*1-M2@QjDtCdL*t;`~UBN$B7 ziWe@G!!x9S)&F=gyUL_tLIobW6jKrwJMwiLoYEmwEtKtt08rzka<_ywD*9myG!|C? z_X}sAAvrPAbXVRTA?Z7^L317!>6mv3^X@N`{5%=VJZPbKY}u1P@O?`f6eJNWluQ9$ zDIFw3y%*9>?pS>J$%YX_``7P~uQ*_TN*z&e!?48sKMF^!{#ezBa3PdJd7c_$$p@Q# zVT48d>D0NwRpWZLQ&JttbUjZ(5Lq^*6jx)}Sjef{nDKE|@^e(Q)0KPu_y0bsyzTUr{y@|g_znWiH-t^CU3H~a>+=t57{>TY?sfhR!K~NtXV!Z z_c23F+2iqx)o-9OzOl`c9l=)EvK{GM*0@ypH~IlC0P?HT4K}Q!5{CAbU-p z*h;54MDXd$<6++@NV;Syu$MpGKz(}(?%4tc&7Exx+lg!F2)3a^eRFd*mpR?Y!+vW? z^(!38y~hBGt-mQ`bx=Q649r*PzFh0b$fv|Rhz5>iiWbP^h(>JR$M%>eNUEBz)@xIm zc@_rj{XP1KqCcU3UoS+r98}LV7LcupuC{0hsbwoD*EOQ9XQoY5QHqE$HYh*p8BW#V zHpxzMf2iqnH!XRT5mo9Z84plQ}VbD)jga&I)DDN%c|hyhj_Jq$}TB(GN8f(XSnlH=ELdcH~Yf zyNXWTjs;hqbnxHHs)p%#I<^M6%?Cm-%z3lb?ZR zd&Y=i)l)pG>?<8{qnEqsY;{mRhAT3+23(jlxg_|6>_@*x$;@ZWdIWy-ac?!jcQ?IF z2_@#OM*ahSGtVKv2%6JN&BuZbyhP)+b-i$%`cVYqt&)a~)GE<$LJfCGt@oNu`r|H? zLiGy5!{-CiU^e{I{Z4^IS<5mlw7!HJnUD?ZN~)M!7|Yp_=E%LI%yR*t-RSKWn`@AX ztckvSlV$jVcrGjk4$}W)GBe^qza1${CEP{MZYVUtD?v3A+y+)Qmj)G)VZ2urHr4Pn zg7O(&X&~s@Z7PbW9(2UG6KpiW7rY8mK~Ae!Kj|wcNu7cq9CEDb_4uK z8`vp<{J6c$|)hiu8rnXo7V(}6iQY1k7KfIYG zJFj8-b~8a-weFRm4~vW;Nq>*l0Ey4=Y?dMrwmkX0HKCOCOex$~wc$X}B4v*(y>f>eJ zjk|WHZ22XPCFwHxFmQ}YlRF}%+ehnKG3=MPz2fHvlJmBG6x)Vl+0HBm{&HU^Q>Q_% zPkhx1%d)H<7fO-?D8u8iHKE9+A#N!}@Yf%;7vL)SUILs}GvSMc9rKUONAE^IOh1^G zpKIE=>Tw$H95&LBw|DSef%R8$BTYA@n$1Vae?zw6@hxwVy=41{7M);=g_M=%dC+mW z1Gi(Z%JK!sWtS0d$7;X3-)o`?c*ZJ`?*wK~nRahe{3>eqRcCqBH0VAcRm`lzlGCvV zJcmaY7@0v<>wl6Mhe9wK_iSNs8!y-TCNipnUiL7X`Or6w!u@_bh+DH(cT=T`cOU$? z>RLXvg%BHDelXO#Q=;+;>33z%4{Oq#p`T|o!!|d+1d$FpvDrYHD-M(pwaQ)mju|}eiy4J{OtfD;A z7q@(xgg5NHgp$F|QV_OnEk)5Pn~+{D!Q%8Mw3(Pf7DsZjvV4R4VDa`M+@1H_^`Ig+ z#45ND_a2^rle8V>3f&DcrT7!<4?b=x%UD=xDu~pAiv$P@E-`eLQ^<~0au*skX-;@3 zT)d%{Ys?BHRaD<|zp>0%%MMJY;jv6Ro_cZ#F!o=WOINW*B$4$KWK zerzC;qr|>zVO5u4F`Sph&60EVf&+&zEVY@EC^OhViGlv~-mZNoKBB+Vw6io!F89R0 z+^|kN586n*AI=LU)0}_$ET!&wFSl+qbS7=f3$}E#y0t)?f-1QAcl7Y)n!?I8+pmd* z&a_eFg!}1#O6FmX@poJ@pL1^9D*1k7!7Ti}EJbL0=JAz&ndJ`tF!~xNw#vRz`4wemg_MwZBsfXa(r(`-g{q=qCfQ$m*eRctxrpM3XegE+FBzEoflJ*)dbe|@btPJ{$jT&Q>Q z5ngB*q2>TDBym$KMWN8N3rF{PdOKc}!p1n~+-CNMB?+qmwf1tL@J@RTtx9*(uhJ?K zYV+?zy!b|}9&%+^fhd^1?x%yIK2Q)|>y+;Et}%SR_;NapckrUIJYlhq)5AY}>$=g^?>qVXpQMJ&l#g_5Sq}zHXcQ+JleZc#W$u=uQ^zx@ zQ_Ct$%$s(Z({*A+6WGt}F9J!t?uWT^M@>g_KVpiKvRhn6%q(p*uP@lyTU|?%4Ufcj z^h#58iwfAI%Au$4NrnGLst)P;Bg&7m@+DMZ^x5KlynoM`^q||_u82gVDzo5y3bfO3 z6D$F!JfPB(nq*ErI9>LpFSir4=Cem0Q_?Co!o8ih;`6+YG!x#*FDW}|kBDLC2pA+x z`Y4g@-N`MZ?P5uNw>SHvgu^$Rj&0t8!ld3-2UWd@1M_uBzK52HDK+fG+Sn?6PyQiY zcoPUpB!NP9#GUZA*X)+=ey>!d-2pbFH!jxt=V4unmPN)>_GUC~=P@2Gj47z#cNY{Q zVe59!_CXm;43J7$QF3&4gbKT-svK-P#<}ZOy*m}sp^A8D)sHAVEY;keYtBGBi?-GkZPHYpBqY7It3i*x?(rD)FIZlE2L#Wl3Z0rt~8qji!ZNMEkK?}^8Ku2&n=s7~E$xfJa?N{_>3OB}?`k$~eCA2qp*W}}43JE8v<~62o*}T; z4xd3WOHp*lcN-N3q=~AMEe%@KZjuxAG!CP(BD~9lV{Onqz;c(2Ie5saV|OZ`dTtqf z2UJ%~c;pRC;k{{jc%lGE$ow~n8!Oi$-!g?UP;loO5O;vBJkJDH@H+PF#)bhy@eaNW zP_G+O%Yctt05r~@$aTY$b&?MOu*W~SI*U-}IwoM|IAY5VdA~*_qtI^4rrz`I!FqQD z<6oL2@O0u%I=ponvYi=ZWQvT)!sE({NRFG4qE zVJaN+`S~zCEwWD>6Zo0vMx!LNs3?+We2}uX6B{mKM7NK7(Dkc^VR(?7LFDeoR){PTO^f&@5YIe8q=fr+UevwprS)sm(ij=-5 z&6$P#&6bETAdReMFtvG%;u)+j{zccGXm=Are+o>1P4Om)Z1kFb2!s zL?uORn%Gas)tb^}J|r_rT;i;DZy;dijZhIhRPJA=AsOL#Cj`CR^uHy0zUL1nAmS_E z;N|~{&9RloR6qk>D>?i!`BC-Kf5-})<)}#r=m+O-54E#HqeYjNM*!QkpEF4l6)x6e zM&cRFAfXKU3N1beDN|8??rD=3;+vO1<|2I^H}?v-n7hoc z`(smCP@+=5W+1Emj7@ZV(Y}?+lE#o8M7ElVq38-gPBjixwESs)JT1~ra5irxLuqI)NF&b3_*Vk7a*HPyS>{3hTLn@kO4wl7UB5sTTk~(QO zpY(x0<2o~%<(a)?DF(97$);3L5TkVS*`QNj%B1(+F<%|Fh;(Wde_`&=+jB|A5+l(w@tR1E7D!Im zrgb4rzqG;7&v__xoBM;2H{V-YDwUB+lNo_dd#6$v@vUd&Y|&TW+7GcwroUYtUH?yX z<<&L2J3V}!Nqc^xt{nteWX`VYj|SiVOVOSx&`AqBP~gx;8AybU3K|p{__iq$q1I4l zl-|ys4hH(}?*25KDq7Shn=`4O)=$$-U+Yfq-@n%114Kf2D2$z352toROkNkEZE%NqVhQ!6(I25O}%pGe}ym|R~keHYV zPqv%r+t#Mv$H)o*1)TgSCa&Q;l!Q#fNLE-xli_!#IW^0R{iMHI&Enn4epPtH@%Ak@ z=UXKy(3*}&q^T*>(uN*|LF-cfXjTh>faHty18bFF0&>~F{)(aU5+P2ifN9jct0GwW z^M|~k+%Gz5mgVCk%V9>+;@pd@z!D|%Ezd8>m>*j9ikz{faL!0seD!opo-d<6Jw1+; z!x0FVer*b$-q(Osf5fo4S1cY(J56l{T&6IRv#t2A;H%mj0JV zyN%aDH!BFc*p7FsMI-Dcmb{a8bPr`=+yA5L9fNFXqOINDZQHhO+qP}@ZrirK+qP}n zwr#un>-U@!H{$-OH7l#4eq^i_D{JN$&(J;%dG)djE!crpc#LR6$lhlSYlkqj^`C{= zJ^0@1m8xA9Bl_}+Q*YbHbt8*2r6~+BemMAxcoXKH#CJOX?)R_Uz7b>^axJ7O@GOaZ zy~o!)8?mjJ7$Fm6hM~y9mM!c^^Cfygk+L+S50R7vr?luq(6Ytt>4nwjn-&d@6n*`f zCS@39(YIoay?K4^kfMx}{|)-zqMgXRui|>Vw2W5$A7(-xl!JX zRyZ~H5ki4o0lwMOmSD~ajML%J^PIb`6@ zR}`foa8ZIhNEBJIn{rX4Ju{q2>#1@r`X!U{8liGq|49LQrTJYMmFgwl-Le)+cf(;Z zqZbllvz|GYd;a+Cp+xyWqI|F$A}2SGLLkn3#%LeT89o30cHMQqUrYo(HsZgR3>OKc z>>9$OF|8J7DpY9Szrx~JacsF!jR%j?`+K%txe#p?5yIB=Eg*(Bppync2_j?U#t14Mhw37&mgd)>GWnrW%8Awh9yw(|L6ji?9u)(DNRi7nuFpqT5M#9TgUsLy$007h9v zp#8ni!%67o;BmmVXb!SI+6|jJ;zTu>jF3Wv_G6=-_62AKHfUHZOAjAPL`%^?x zi9Fm+$YL}A|L6(eK@}!{+(?1to4TN69r2t;k@QlhSzt%$d-`qpP~7=gJr0p3f8 zJ*}NH&hchy^&}pLUq^n+pPEp%fCG$oImdAk z_Amlq7^TrftE z#4_75WH~h6<)Rm^p*VEUq+-Q}<*_*@F_|7*QaJdgCVRRfvJ;3WqoHg^OE0^MjF^z!`hP70L0 zM`fkkmo>*Vy4NCu22VYa(SKGL#{)fFmT~o6FLih5Fl2gW8qo9Jacl|PKq3(R`&t$g zkU!7z4kI}B`yNQ9K-ap-C6ZUHk43cl1JS$}FqX$nnpPjY(gT4v$~knOia9ZY>TFST zTw^o1ip>5~a+U=f6ND5d^g5)Ub-7a;0za|Ef`E|faKCBy7+87C5XYPAPUB;Lfr>$) znv#9Fl{#uV(37tO4-mi2obdhA`+5BS+{#4jMM=w2C`b(z+Zy+RrH;U9D6SP-s%Kg- zT30U5|MlqnuVnLuBYa@FP{Yyc@pBnUvo@AGh@_gZFoE2EP<2jpt$-?FaFnpaFpSE@ zsl<9HuHA>t+yzgj)cm5~LuJ0bJWRl?(X_;-#{?rX62q^`>%xP~!AcB^%5E0yjkG}V z?l4oD*wtg0p=E09EtW0oMU!drzv7T3)s=uB{Q|+M$|-5{w`&k(5)%#^#0* zgxx$9kwF*=SUC?i_O~30M+HFioJ}=Uh&%OuS<9|S#<+yKu!`;M)--oRRr%201FC}3 z|I-VE0f9C%$V09slC*l7+$&=XGdiWyy)cu|=-%o+il>||Co91$ zR;uhLv7*T97>cfIb1}w%pM#lP8OpSMo-vpRy>;T^>`5K!<_*|`r!g)AvJw`QUNI=S zh}3;2#+fp&?ia1y-R!kZ!I#qhLcZ4xQ(3cha)R|P7oW(svzcbl`AQ6Y zUrXrQ`C3_=Ehdi(-I(`NDOoHM3odcI*}Rpk`?xb^RZb4cK$>A0cK@VPIs*a>dH@xJ zU0*U92e6{|R-xMBIWfe9r4-cu%8+w}?m0F=mDr2*<%#__&$po_Vt+v*q$a}@LZ=5qK zn-t=o<$Xq;BhS}5A;F?|8{O+6^u`ib7@KsDXtfCaC%v=Fo?~O-(KDG|$xD*iqB2XO zbXQtSK0OKiZtelEqSxu_<*4J<0ERlC-lWx-e`UH_Gw2mA2%OsPtfMk1`&2Tepw^_T zeJCyI#4R_UZ)^AF$2z8L-KDOUJb2a3dH|lSy88^0kv|q={juC{Qr*W5idLZhAV?|p zq7s(&Y5?84 zMAu^(U~mcHlyu4*!*HYq9nWXISkAsEUf!M$Bywa?XLcdM9GxDHUvkZqSK_w|4X&x= zB;}Z?Hq4G#-}{3?S<_xd`%o@lsnp<&O(TVAx?-Y}0gs+w>F-8Jd!<=#VMAp-G)1-K zu&j<}7#P~a>q{e3l{)JsQ*&KHwCO-?o>%*KqHU9#?oEY1z4TJ%yAGCxQW_$JtF;s$ zh)_!YVn>zr4O}r|+O-CW1_zt#m>7F9gDV8|aR$u`$s&suVX-0>e%P#Jl}0uDGW>Jg zWL!b211S0}Q5T_HQGYb5QLO*5J@EWm2 z``(+GJ+csB%1bs}xE!}!=;=oB6-cA?gxqU$Q^iU*pXF1m0FT-iG@RHEgkoCC|b5XJv zD!b-9j8f$wI2Y1bYNm9`4OGewdB&#u<>~^@r^L-(T{b-yYU1+6loHJo2AeGsOJL?F z(;=tauRCqA6sJ^nquc9(FYszi_yXnERvr45;XQ|N-~{I#OauCj zMzql3vDE8`J7Z1`z9&3Md_>Bz@I?=to{4~#ITvCMs)rQDDUZ@eW^;b01+d$>7`eDD z>+YN+k{#gbc2*s5HG1$GHpYX6%<%%kZ_62Q>EEP&&9tt|^~^f}7YEsMJ-EwRkF-Zk z)a_xQn&itqxC^Fz-7b=A*DjLd*zUm#)b7IC3X54UQMa|N&gc>?;N~AZZfwW<>A$F5 z6%K-EipI(P)tPuO8{z8`^yDE;iE#&uTkMtKY2MHt#1MaJ9`;%XJfjHbnbHhqO^{2e z@mw(8oQGyq5fZsYK|0!qXXwtAVGdTwQrirV z5=bwDD>B{=Lad7iGmb4xANavNl`AJLK=mZ0V9%~jH0p|*U+4KrHG=v&|jNGIeS?M@dvjJ@4^=35ZQ%3u5rQFL1m#Nf#OP3tyB_vrFnW&Vum^hd= zNdD~QrZo}`J#o~z4ntowENB8<*{VqJQ2hOiK@cRRC~q-I{#_9&Nr4Cp+0^@WB4dEG7^R=nIl_k)j^!_2lI)C z(TOGkz_=Y?eq~ge?MuPHwDH&rd=z{vtxPiytskR9f@FY_gW@9&?Ruw6(lcdjYtwk* zpMoM&xS8q8->$m;#$7HEqO1%H8%BwGgfy2Vq`hE-k(IpMxU2E8m!L_z)!6|p3&s~8 zMaLWQ(23}|;9L6j$vcRJwCPa!$`?DmzCD}n)t#S2}+w`z5-J;1}d!Hm9wDIjyN{9=fQpS`P*K#-0QTZV=YH_@t;xK4k-rp^V zlm2e(C1~N>ky?8haOva(fp;3&lbxzjpB&yb?%DNZX(~nN&g3sh_tK3`3IX7 zrX*R)5PX*t6mXc*%cb*IaYRz(i!*F@y17o^iB+pw z;DTi>EA(L`FD|Nh5cde*^nc_pm}9JFgd^5TLTj@3Bh{K>FzVQ3Ws@-n{w=ozt*+uw zzQjs*7s6mGE)I3Gb1vY>d&5SjG~_{h?%qu59K99@XK^_qldqc zc7#8STvV0`#h{7}6)wi9YBMoB1|LOtQX7AV-l3QBC*oH~bnn5FiYtqNdHEkso`In!go)JXi(3p+R2e0&EK zb!`l*i1-BOepy%(s35(x=LwAoJDg7pf4I zDqUYyY>G8$xNzGu`j?}`9xZNwOBBvEZYLh^O%+ZTy@e`@v9OjO7cE!Q<)OE`WxG?}X5Ba9-fc#PkeC=z-w~Y3UMZ`|qM2usCo8 z_NON>Bb2x8St;S#NjOzeOU7W!WiPL!e&43&gLITe`3ROW#5>CA`5Z{elg-&xxAx$; z?G232VOng**X39(H}vF{lSm!>RZ`ZY8^jDL5)SbVkCoF5)8=1|Rltm)oae458n%1~Y8#`qT35~vcWXWJQt|`}N{d+KlRrNkT6Ti@bgKh3| z#NRJX#vctR9zDd25A?A+A!naEwbMitQup#)fkXSgDO;frP@&h$mo088JCy5Jd0saC z8Bd~f)q1i?@DueJW66VW>Vx-e+GES~@I%`2gwd8&2Qej9-%T2leCJ*NvuCT}V`z>Q zm>}e|>!)M7p;_3};?@0tKN68T}Ae|+XE+Q%A952_q;xEMyfZxyK9YAxV6RZL7|t=yCe8}` z^wP`^MK?XkaEF$bc>%J9CccHEMAx_5M#Fej@vT5{Y;q67Y;UVL3U;^j7L;hVuTjJt zNHo?F*>G?1d~JAYsY1Ete#_&X9%Uc-Td_w#tosXB?>RHw|2kpdKA5vBM&a~+MT%7Q z#SS_pPb_obPi5P_!UVi4ah7ztp%4cO&IfYc4biU1&F?c==XboY^X0gBkolODELyQY zx9cU;a&`4a%=nSsdtFL9ao{oIX$`BN4F8())sbMTndQ{<`{r)C$v%5&QV&bjsX!ZjPc6K|zNQ(7Ic{He(uT5{hOLy+ z05)tQSWvNL!CA-`mkN^`3wOGi}e&*wI5ZAFbqbBIr+o zOQlX^p_!&?@|iLryw+$`G@1y(Sm4}C30s9~d%bv5p$-w3X7|TAfk`A{&iz)%;EmxO z9>chYatP^tdn@ANcl%|(NCGmcJVEKFBUr->R(!Fop;yJ03;j#g))Rvnb)>V7(w;nWRR^vy4NNVsXbqa z7u>h64e7VLkbm8)!J88T{$N;!U%)&?>6F}dD5D2N`T)$O29J7nzjttO2QlG@%rVbM z(L3-qjf_vq?Fz?)rUT?TYgbI!$>^*`>`g6N6$_{Ms$2*#ege`_}jU4>)~v2^NV!mwfU!R&9XN z3vfZ5)S?>NmmyuUyEX>9Q+Ngdg`n(f$;w;%Oxe!~FpH z`3*Ci8UAPws3!m-X*?sGqPaMJfsP)gu5vsNS=dv8xBJQ8YyF$vYW!X^Y9v5Gy6lUoU%jHjW-0yZSv+R zb>+#4L)ni<-gI+jZyjz}0$f+Ja=Je#bGH|}JIJs>??AK)_`#}<9P5vkrLS%ARnab1 z*jPq0ySp(jeOU3AMQ;z3tF|$QWEEA{$lZEr4FLPO_i!@-3Pw;YFcRi%e%q$5EM8= z`N#pk7_%I6*kBm%h(FmCuaO@~1{tnlzPn*B>2KlbG3ipRP!2@CNc4U=RAH;%q3O0r z)c!=M7JF&K{18sV7%KxV>NTCm`Wgk(8h*}4tO_*76t49@@S*O0-ihUOf$YVYvy62 zhrv9am?R=?>(MWJyi7B>JxgHJ!UsiS%0uylw1(Z0Q0z4`>B3F?uA7PN0LYA1`WtytxiLMou6W)J(G|E57Y_ z`nKns;ilhp3MXlg&yDr(;X&HxYYdn%oxgqNaK%o>>i$CRccA9RGv<7SZJ&elseoA8HyNG-rRuo=e>=R$M@@-rB+s!2wKtVonD7qGcfZe1#qb9W?@|U-hgd z%!uTpBc6TVG?uByS#%$>E3T2DRX=G_EvJapLqKYlSH}Q1PIW!1GZ|e0=ys&W@ zjqPJes(m>g6_R7IK-V5t?O#(((M2_(4e7(LMdA``E1dBe! z_$Y<4(TY^#fd|P*P=p)K{9linC|-+t9=9s?4JdD#l8XMEBT+I|HR5=?b2pqH7?+Q@ zBT5@pDwVylE)vz2s6<8li;r?c96XjJ0Sj!*wjL1Bs~8EY7D}Sh_s(j4mbC59svftc zem@O$Y_W^7-9_zV-Tb5q{VTIXsy4_ZC+l6)_gR^xaawMvLc$eSC zuKSmF3RUHz-uXmhE=d&xRPNz@aGlh`AlA33<<4nlMWKca?TWwWsHqZlN!tk2B5MV| z5h1QMahZVO`kF~!(utk9!^l1I?qeMBe;z}nfksdqqcho=!1SYc0V<+m=?y{XKg74- z@5+qrqbp!#CV%*1<4%=m-n{#xRu9t?zF!FfdtMg5PN8=eKX<36!46EWjsqfmnHQ}4 zN`6)c-?L=uR&gO$QHD$V3m9%2N^pgCtEtc!oDpTKd)&8 zZlQqieE{#VTWUYYqP_nt%8$G(RukEAKFg1qFdaIC@4JmF{;mi$?vo@G9g)-?j@IG< z0AKRYltF(IQ~L1oNI52@dX`LdnYV7ej5StbC%OZUE}O6!Z!^1EpB03Ea|vDEyn`4W z0%P_{<0-I- z;$WU^_^l@?L7_FG3o^u0q+oUN$=LgLLkVB0MbGnh_qg2ch9XX$Hz5z^wH0%y86_Zd zlojI`Jrfs1jvY&yFnmSTJQf(-E~t+be^NI$J3)jzlC{QI;n%HKb+e`dN1kgRg1pRx zN#-ZGmj+DgQF4sm`v@zX!#IQ;UcXpctg<(CIG!C8&U=ogb2L}xuI)nUrI}7E+?t-2 z_g>jd$KRa=i;yAgu!;Qx%BD=>`%UaunRknK9=_|L%>3($9I4)t<%L3jiKbX4z={Jl zP?>$>KIU^ZSI@(M=%(kYm`s1!w?rx#Fry0IAZ&g_B{5%{x?e(k@KP{@5ZlPY%jNiX z?6vlHqU!JfTObvbF>oHWT>R)@{rviBZY~hf^@7)OjAv;_FI#pu6sPP#(g#RHlkn+! z-tQ;!_NM|#GP)4UYup-Ygd19v?Cy^9kpJW~*tWVo)UyBWJfHfralY!s%ceGCwg+i; z_jJRx=D-J!}@s!C}xB{^23CC)H#6OOL0Wfb}PZ91Z(_~U+`@Y&C>M|$Annhc)KV9u^g(M*wKMNB!>p58}Wl8uBl1q}?c07J~!NWUIFBRZS=f;%DznBtW-r|9GmaB(!%W0WSV#SMK#)Ov2AxjUphGZ>qBGTKE{QP!!iw_2#Aa9 zZ_2l;9J@yLBcrGyaR>30hmkzc>@*nPvet~AX293^*$`y~A+^O3gK92*(N-pTt^js7 z^$C!&qAFikR|f$!wW1u)PWIUO1RvL?ti&-H#%*KE`bC*^h&NlFBtq!E)X%mUG9RA8 z*?u$wxcCC`ea!=iks(yxlx+oL$TiRDXGUkr_lS1qB@`XvOr1eG@0_ry?R0wPrPAwf zw|Z@zm^6MFz1+Y}$gQOxgjwC1H*nJr4C|_YTb^tI@94lEWd(ZnNaVm{w_)77xv*@$ zRQ6nEm$VRA4FFBi4vIE3b(eo$1pveE`;DQlZf-y1x=)^F%q1Bcn&{u!IcOsD_-p?K zp<{w<0|vMHE9VZH^{|-|8M<3rp=h0^*&vzF^Z7G|_MldCOy|mlJ zeCC?rn+(l#hbE6j$U?U^#%c7MB1Ng1KMpchdezs37IDixR*u{WL*3GZg>R6LoaurP zp;RdPCG=3FTC)S>i9&M9pgvTfwykI1RE_!|Y>hqlGbvnDdbLJ~6xjf?#55b>NBNeo zn4e@u(P6fheprD)lgOe*t)MbCZQf@VK6>*cfY|oWZhpt|n5)2@^Y@4C@HyM1QuD;J zaGB*&-PByCM4l1fxlXMPVgKhzmO_|P;cm!!p`EfXY1nOp|Hcx+!8RiOA ztc6;+c(9y6SNdFr%BjBPdX-g?DUwYymHDjRrG3aWG!8SfmmNs*SSe~2Fm)bxVmakz zK`%cVQa-4jlt)-gu7_>*RsLD~b>8Va>J-bIPPpW>V?`*Y&Dk2e@`yVnOOf~<(_oF4 z)MX^ya&!OBxlQgujk~IfFWLLb!$sudg*ERhb^e;)j6Y!Kv6)TyJ!7-S@*9u(a1vQN z6t9*VO{#~qyi#78zCY(}!uQiKJK=aNBbg~Nt@mMxnqr}$P}&SD@>9uB(1L z?VsHlY2?@NL@J%0&(l%r?aps;{rwVK^Zgq7?>8v7E=-dWz4mcTnEpI1&uCY1&$%rw0+>mL>E@}){ofnU8m z`h4-N=iu;$F$iVBvds=lfGFd8Qrcnthz_(Y3g&n&RgXCmx9*;)08x5evipU&_{h*w zmJJ@SD~I|{rEs5QoPC@A4`lV7n@e186rEoXNn?0?E#ksn==j{4Cq)5mQ}Lp zjXW4kX`m4*$iz$yt?%m>jDEO=Y-eQF4fOh}I7wbQs>1_{e_aN;g;?%kn{p#X)(RQQ zOJM$$F@~Ow<|@;N34QJUPGd{}xp_Y^#bOF&n#slZqN0;+brMJ0pDCer0J*puDS7|@ zEJBr@)l5{3<*PCFa(dk+vP@3l|CaY8izoGxxw`UJjK%fpz={b>$rz94C7>y z?3MG=f;X&oH|*r+>lfqd?a5_FW*r5O1p&6$jGyq|`mHx*PgFEWOQ7KG2XM{-xr7IAMc(jrk`K+Dv z3)Fo#_(h0;>yP7p?FHLyKE{)r%OamdL!9Rm=r1Qt#xBTwqtbsw_Q%8^k|`aBeB899 zeZh%5d&l4d=R@veB<9P^%$Vyr=eY)N=6eCx$tKu>+|ZgY0fPpn;(3~EV8-}0 z9hwhs?$!vl{0{g6uP+~v`3FfPkt=%!IGT2!n?n_ zE;^nxgN;Q?uQm7&Mo=%TIs5I@7GnTUM_1d)#pw&D?A_$@kYCG;j~3lZ_YoN6FLFxl z>7wwlNhzC}F|ti}bF;(%7;qlneS@%y9lA3^lbDlPiXbg|BQtVC_NM&LKmWHW324LMxS9U4yzjx;QNg5d?`MVA0G#1L zG}3PRyI{F#G(Z^CsFX@z_(3~&)WoLysxn}C#*B;=nC~RsTYQv&Z$QR7enT_;3X1D7|WX?02&kFcZU#p2aJfrZ@xtQ}q`+{FN~{Y{V7^;+1W z#W4NbYe}KIj4^C8hhf3K8r(wJ!iHfqt?A`c-f z$E*lHwv*tAAXuVXfYg1(WF^)pmLC)Vd)I6XzPJ6dW%AaNrHsyvQB%E`$Y_(W<~bK2 zTpgyh(%gDO@NZck(;()Le~D)EM{}W*1}QI%`%*^TRi$AkI`8se$*SzuFAae(MJ1o* z9ilvM%_4;Ggc+SJ>)9TAIY@b6VY9TCL38?Ie7~6z9!d~L-jFi54)uJp$3R;Lr>q>N z2nJGx|0Nf_EnsBCxmMC}HK%^(!P@VZg2xL#6*j|EA9E-QLu8@~p~l^jJ1Ewpcn%u> zs=hzhgOygE3ypu#dvK@nh4Nhp7Rf3^l#K?SwYv))@1VL$8fejsAy)X!uDruOHx@`x zx0q;wfQ>QPXDmQ3@IiuUo5Jn$@6|`L`Wn8nkI!kdf+{3T@d@yaY9*tM z5U)8ku%tPEDj&h%ugr0eVE_juF6!MiTMHu$6p{XqOrxiIK6%m8i88)_46^eQF3R)2 zV48Cf)_?WLSb!iHg2~HK;)R}vMOt8uBE*wdHbU5L9aU-*tzdidOPQ`5z0<3ZX%v3&d>;{}kl#3IHOwA5rGvFLL z$-xNC@tg10P{q$3n9`IMCMI0DCt#1%VmtDZJF6>D3q+s-fA2nk3R9OxJ#nvCS z@2sWQlVD3NhVu3sL=Xxlh$f$D!CsyVDFs(40SUG;?7>K#TN@VY{W9iGGQ*T*0vMMg zbkh?3ETZJ7vU<6#Yf2(UL|F4jMCSVGS@679RlH3I~_OpTe^s zhFc>JvxZMvKN~@}0z;0k#t!KiKti5Mq)zu}>#I zrn;fh{22xIYo5x@xNx)5{U5Fx+1)bfTKwraZanP6&tFx)8x+*EU*y$)7`1StP|mEu zuKxjFg}bxQ5MO&!+s7tb%K6t2;W`uZ^#lbn?kR}yW=o|glXSEl48c_%PME9n(Gn=_ z5R;#B7tt_jRTq9 z4&CdEb@ey^JI(_Kb1OV|2U&zQvOayVZ4YtYaC4=7(IRzw974&AmvbsjEX7MyNX$Sr z4sHzn(F1yMJovVlN;nOkhw;nYzzncBI>B+W+9F{`&-a<<0~Vb|g{4&0P7Ew=(!BpA zA9sB=vaH(u1==WYe1|PXaIK%jsmFzuHQP1DZ}0kDiW;)0pOqMA?G}i0t5Z6+ z@B|TYGf^^zixI|;ewvuFQM7|>X2@m~m{0t3uDB7nFwYL4@x9x#Y>g>21Hv)=bZ{9o zPOLalpevmk-)HxLe_$TvOehdLLCHuzrHdU zUtoKW@rIxDJ@RBm`xNSsQ|(NW_KA{br7J%AF3?yviWc~dNWU4R&FEqn0940 zBK0+pRR<05jVn}tl5NCr-vl3vVhAva^L-ow+UQAhcEQ~n$bTG?`38gw-{viC@D)&q zMZ4XI6uE)NCcfZ74@}MU&rz;)VOM2g=3wqg@nF}subn1Yd#m8V`hmOglHs^1c<3<- zPpuzU=cs( zDM+;za@AhkBfXlkfO>E>eaa~j{)Utd&PFND^s@m;98vpM#Drz%NNONeqEejBhS1jC za{q@YZ3Z$aGD(NMefDBlMQ2Z@N7c1!E4rAm{Oo8}gwQyJvR6dC{t>eJ(3Ry4tCB6u zxBGiCVH}NcJGMnwuu}Md(g##YZx^n3vCZ$U%|>1SDM8uZVpIA_x;AC1Ubn8@m{a?4 z^EJh!2wV+coc@C#kA3d83kS{o6NzI`&xR!wOcANEJrJ!o1UuE3s?hRy9rK0xO{|(V zdyc7onG-BAV$`yN>u&Vbqu?;=7DTJ}o+-mxGiQVGxNmNbx?*dKM%OaaT5nl!4SZa~ z+lccJ@x=@@#X>Yq61B#Z7-1t{(PR24EydGYWia9oD^94Z=;W8)GFeNRd3uTd&FIP@ zi0nL+C%}Z|MKkuEaqnmPUt1&xEyFdjTsL#&*BV{Z*+JcLHBz4Okl&OCyGzXTNWL^q zPVPNM8xUwM9VYh}mlo8Lre*ay2d&sR({63h;k(~Af(^n02(^%hQLB4I_1Fp~hz(QP z2sJ1N0~G@`C|63fr_?DjC$XYi_^O^8FH%@GMf6f(Mo=qzf9-`=T=ljr1j-_DcHw}H zr3XP1TxvIun5@;fhKdc?Si+tGDi6eUSjw6Ys*L;v8P;9s$Q#q7 zg~=SP&W%l-52)R_ZD(G@9)iqi>r>by`rBFcCQH*eQBAv8Qplx0$W)OD6qWrVj!+To zw}7Gx&>m1iynVKjyz;ft+tl`JG8w2~Xd|eg(Hkd(o1xEXUtY?^s)eQd~?&J!sgb_tN$AABxW6e)E8xK|si@h)O^@TNMYT0)@ z=@Bq$l_VZmi0qE-bbFp1RiXSoKXybWCDm`!FgT%Yr)ywTi)2a27~+>emBlZ}x5+9xKb%M)*40$&D+284Fs1nX^KmVmXYngGke?w0G6MF!-q!51E{DMwis9{R`AOPP8To5 zOaarET{4a$(VM4Pw=_FMi)Rw%ys!aHQIYmm341K^VhK~ul7A1h5j>M4_g+{h|AI*# zO?88B7xHJfICJ9@x2r`sDOO6#KY(GF0TL7_nndGEdRR1xstb?Wzr^3AATSahEtmGa z%sawlNQ%ZsiLauhr&R33WL(-WBQlbvuat({6Mu6y=0xRVq(WLVkA)rTmz>8z61 zGn5StV-StH1p;%V(2Zb{j*1@uV;JP(8$}}Dtz!VoKCNoS)b|7Ar*-auS|t5)awGNqk&^7icdI$Rr%bw}h*@m{{q> zcWKWtEQ?kMY&|{U-`B%pjbtp=Y^t3t$8m}?%fGcm9Vc|wE;lf(J>CtSamN%q|Lvq! z1nqrZ`Atzox5^tsZ#0f}XCR@wl3DS7vCSa=BeLesqvoZ%V1C{6E{aa2OHVFls+$xAu)Fyu3&iG@QG4H5GR~P zUoeF%FdeyVP57P8*&TdR8<(r06ZarMdw|s3HAYHZBEw{#LG)eN(b*a&L)A=nj}aZF z!Izt1^1Ju(Q7)i9mib&p{sY2tCt!U*iu|oV&68~g0F@8bQO;+RepLY%C{s7zCYeH) z8P+OXXX5rfjGx3^KkG>Zc-GjlRc4oKcQyq-J~}hlG`(-x6G@pa{Z8d>A?>#2TsUOd z9B?{3^}TkInd_8jLXstCrpfg?U&VB!GSGO+mD&z=FZF(@0=`m0q#W0Ks9(rQ{3uNX z_XW4Ui4fj?@~6z%RI037;V4mbd`KYoElc6q&6i^$4bSTQ>Rc;Jk;4e*|L;BTtft3rjNv2#M0tuW^9 zNAXh{0ciA1sOb}XLE_9Uueo9@K91hGCgjt8)Sof zl5o_vg*_tSy7V_T>3#h1U78gKMrX!{^nn`^Y+MvuWQ*NE-rh*Y;Ks{doEhaf_BNZ# zh^LZhdVfJH%kVv>(YH^%0t>kA3<@7=@Ak13ScG@&j1!rgWP~IJ`Hea82mX>CN_!X6 zlWthYP9YB$;Qn=?dGiqhyepdokT)OX?E}m~Z_ax)0@ z-VWJ+V|GmtKe*`Q|No0(-H_j1MnNtCyFACMq`u?g@STar3Bdxl)3#h?oDQGD1bbV> zE3AS($cWoU%y^@cKZBPKg~4%rs1P@%e;5e%$cR6Kf^y<+kq~h={;%*6?3WXN)y<5% z4cyB5@5=80n~h+<>;K-6%}TJB0|s&P8E#sstX4!G61#eRRR2+lxQY`iU=3Wu=pi<1j7km-Zw`?i&F*^~-K*x|`(< zuu6@3`eJk+&f&Y>pH)9VAs z6xTz=)XdmXXC}U==CdJg7BetdD@&=B>V)(j!cEzHipB%-79;RcPB@Pl^nRac*kxdR zoX5(EZ$}|d;baxW;$YF0F8xlIZWjbESl!Co=QGX6*4aIX*S*se>FX2{LZYzUaC2AH zk(MG8kaS)Vs8ic@ReQPuEdcM99&J4&mX$3JlWI^&Uf0wN#`u6#wG?#~!*|b_kr-b5_GNSB6A4%i+soSO z*XUX;rFRyWo5rgN;;Tyz9&UcIblT_gYD6P8dYtn==TZ-?vGWDC!{Q+gotcXL_*&$S z=t?V9)u#%86lg^5MJ-PF(;e`{z5}=GyPJSO3tj~v%qccx(eW=f^JmoBp`%{s^hAKx zgZK4s-SVRVdKZBd6;v_hAMD{j%wNPqJkA)D`mXnK)!+})j3VXvMkK+{#IcLQ9bqi? zZYDT(aFW$()c(ei)~dz6kP>?ER1g3$+n*mG9h_ z7ox#5&F9a;O%bt~@n|_JJ`8}rT#8miOAkNAyUEzD+Ljq|``GMsbQURqWAwpNI?7|5 zNl;1ktBa7pt%`<|My0WacS0Mb+mLMXSwvatekqzA864_e-0FNsQFoTQqjek;F>@Im7(U4*o=Y1H5*Qxr+wNhfq17ruMa^cHz`WNLlK_kH?^X^RAED z@RG`2g-vEdhWAnSA9cr>i0& zzPE9fGAUw)T&wf+OcvC~+|T01DZr=V{h8Dz{j?iqCAVJp2~+w0?ESk%jE z&1CJd!*hF{$AqHdIE1K?>BFTA^Ga+g@or#-eIv*bc<&Km#vE=Ubf7TfX1()@DjSMv zZ66OkmC5wUF_isWm17cb2$zY^(IAP@q$>tcaEcB#X3e?`fa*DzC$F`_SDJk=g zKXI>`QmQ!ZYF3$1@Jat|*jensRT?UJ@>G!fJ)%8&(&QU?;>4ATlVT#QsotlJ*5&?g zH&BAe$bH?hqc35TuYw2~!YGqZ9|I<~Pd(sQ$2|TN_Ackw`T5fdkFO0K4-FKD#gv+h zqLba+otjI+lkMlwF&yX=BxWZHX)_8Dvm1%f(GCAby&FlhD{4LH24O#MIOW+hEjzTq zqxqJ5@pvKo`KsXN>6U%to2N7D&bOvwh;P5~Dv+cd3V{UbV86Wu2|3r(hxp_*zlPQI zJU5wZTT{cowd?KX^f_+E8Pkv%7{loaWoA^A?}ijpL?czgIzK|pH|2|vt|INZzvo7UDlG zD-D40B-(PvjS#bOnj2SKkdgPw2Rv^?HNSt72&!&c6ODSqnCQeKdDdUQjK)u5Ns(mg zhoFKAKvYcp`7v7{4WDlKH_v-l0g*VUWHfo(-O$3oWw z08ffGWlB&92ob6wYvZ*VkGq>)!M>Ha%}4Up@oD}=>SbGkG|s4YFq^p+=vrG_HxYN% zEGiTg)+FgKIRAfI#hR7Sc$YrA4%X*nva zbB!6ozy-SmIJsfEXkGSa$>h3_LfY|@S6ex-o z%V3(7q4;*z&xXX?Kb3=;a^2s^a&Y(@`d_7v&{xYQKDVr=H@|Ym*%uy>fPjBhMO6w!D=1^Cz$KUO#VHTDV*sgOTwtT)XMG2gT^`|S)JOpE*N!BIyY>!^5dWpL1ov66&?dzDEPx# zMVYs=Wu>)$Ql7ml>|og1=Gr?gm13e+4P#d}maybeJ3!s;QH=9_q#DM zn01O0nAStCLmBP01yMfBM{Dvsx?o4o5t)g& z7KFfXP9>a0IaYNT3QIMWYaxC$|pcbyi2x=gc<@7WNB_V^E zs!+U(oIP{_F{`$}phZZE+hd6R@EgDH(>n2FMBnMadkKOq}ReXkiRW%jAJ{{ z$8#hGw9&%8|JNssLhI)`c-Nc0SYO>KUYgipWT}n4WJRz4dZ3Mjimu9CmU-K{YaV!Y*`dQHt)EZ(QZ?Iqj z5uciW->mi!k?m=e@uUabt~~}UN;p#@$x+^4u+-prElv-U&<`%W z(&u{;PK6jgeg;NNWnb@~pI3TmTu9Ivu`c=p%L&QU3J~g?x@^|LaF6x7azyB%7Jm(L zE^u;D@aVM;$>~I-Y;AuX+7&GL=q{MF)CvcYDjkM=t-*FzKJk2T7nWBI(G%!bO>c~hkxvt`(bXG+Tk}dkwJ&U)+3lBIwDFfO=RL<4;KHQQ zE)V7G%Rd6d|Jja^7eqa2BoJ9a#Exsv@IZVIx@y-nE;=)lM~o$W;-+3vIrbdS^ZJ%( ztBInimd7bC{CXq>=3%kb(>ETU$mSl|tMgM((u3OF9%jq9;fL@!k4Gn?8h!fvFj{mb zgsLrhZ`o;V67=&V#_WN7LFc(sjwmsQo!{}V&xk`Zp8u=#`|=c z>^e*uXf{mk?xCxFcFLpXxFG95rkkt+&XG0mo%q>jl?synjM1E|Hn$D5*4$xKV)H(K z{e{}Nk^s)~+K=&aNj8!@fhT&Qaps!d?yfkcLe$CY-~PWp#+?kCN{)UWu%H@!z5U&2 zH4t91>mcLN(CT_5LaFvenoJoEV*SSVn{ic6^fG?M&nIvH=>;8TMKAaKxLQUod%#vt-OF6Ia47E> z*48|X#|HK1d7cUC)MibE2eLeQ!%f&E_D0V5LtsI?vx3a{IyOYN_gzS@elcXVCIiCV ze(sB5A!)m=Zb{oUR_PB6v#8dt4hx(Us&2vAbTg{xR)yS6ec)qane__uI+itv;uBxQsnH!50^zVbe^+L zJ=HB4jATp5yUX}o8csYD^0h9okq*EYf^1k5%-z^Xr*-+<@f<1u1_;in+5$M!UcII6 zN>t(=hguo!gfGl$a`ORiga?zXG&t(ILfI7Lar>NMZ7h?D=q=HC@`<}+N%h^iqa(~k z<0LdJ8$fiuAc09Nu2Ccp)$C+F`Iy2>toh=B#Z>GpK#9^&cYi9Hq|z#MD#~DSpK>}f zK?$b^O;KHiQWh1_pKG)Da=VillB&<@I&9BAQ=>hqn{W1^FduUcRkv}iy8Ll3T z_nc@Rj8|9DcsUPPO<409%_JwAz&Vwko_u4o=!^b@eo_1Ykw*TD!ZCs85AofH%sqiV z$M)=X8tVYcGkJ9uT=LCm`t8R#O+L`|O}${<6HJ%)ni3(EEdk%xF-IFQ_4zMS#6>>u zAcly;T`C(v;XTFzI>5zI50EYDkF8TRuJDH}|L}ZpTkeML%lp$-u*PCv3Vmk+1z;p7 za`*|q%_t<9{LrgbVtG87u}^)$>VO1)qy{|(M}f;gtVD)^Ex_C`XX#7X5@y?L^_i$8 zqL9QZZ|^+qHllB)IM+ngXqmEvLc zEiIjMwV9ijF1_Q8^c=i%;IQTVeSYwS_wV)&-;($&5xwg4mRn{D&|cbq*rFRB1ZV%|?Q}1J#@e>^hmOYIZe!?ol_X+emk> z4BMtdQl%%AfjXuRAujsEiBx5UkzU(yChy$SC8oPMxMU48FJ&QXYkSr3ipU~C(sG4C zCq7^fNK05flsjbphl*S6_lO*onCD7` z*L1?F?SDMl-Y2!}(lf&QgBLyAMB1cj{WPz~0rN?@a9T#vcq_`I{?;vqql!QA6MzUx zw8LclLs|8(515pGXb)y0JMzQn;I2EK|2xCVO8MW*vKRT#9!6YGatFB?@$B1dM0TEf z>GABlp>j4tJ8M6~|IGZk0{JtR8OwzBIM6HY$Z(5>JyNuel486sr&H5gmC?JNr(fH^ zojp44YtT`FmQQe+3gM8evwHC4dFc3kGTOma=h~A=fbBhHle8CyqP>mf2dQI@rCF!G zWTvmzfsS6{&rXPG3x-oApE9ts(CoS(^U?=R;f&q|C zJ$jDKy=d)*xp>$zsaV%j)Fl;pRVtJRLo}7R^6<#wl2gV8&Gk;33Tf!i8rj?uBeWp} z_xT!-Y^z~P%-h{|c+?z%Lt81{qs%R)t4#S=RUTC^_J7@XRaKH)&}G$rylgr7bCirk z)+5gKb51H6jk2Cp;gHtAls6%L-CGN7AUG|U1gtpg7P~iN?a%gCO0zirvm1$qiPH_W zsEoAeI+-WMmZfc?nzLJI2P)d`g0Z-y4O zw&kj&GpH*sgYTUVSW;DL(3eX+x6HX9lI#;oXs(<;hxqcOr9F2E#m28jJ2StrzEup} zNhf&ii4oa|GGxW34u1z-rynoe$q**?CQ~J3zAGiWCH#X2Z$PKiiq}Gml($)>e!qCZ zW&}Fc`*f_~m~P;m&sd8!h0_@;w%<{eNK}M%D7PuEFGzp1zQyD$6aDn6mJyp#`s9(+ zpi7#Ueo6(B*NP0zvyHTcnk~cTP@ts|9MWVQE5^I9`IK#o@G@5gj0Y`_g!hYSE$`A| z$pYi3$~Oc5bkaCYnSe~$FNEa@iy^0#1qWK}_Tq)57E@7S;_&;Fx&|PpESek(=ZFRn zTf8yOKIaC@?=Htzj2(T{*Ff*|2o4&+icL5pEP@Htw8>dm-}};MofHtn#?@iE18HIF2s`c9nVwF;hk}9W6#XI>PcL zwtV#x`a6hi4J($xbGj4uW%)!x?Fxe`q2>)e2oLZb7a__33XGwpHFDfn>P)EL4hV9L zd%}{x2py+K60Cd@OL_7sf@D}PLPPp1ESzOvFx&i-s!6HqJDfBavxa(ArBfI~!nOLI zltPNZ>hgG0QW!tDvyU1A9f{s7t0bt@gVc%u-hNJ^x{0YBezkq04Fy}JEz|+JX~Nx} zCJ}=S{`?UX4mdLs*AM>$nlYJ$e75T`jSkX53uRO1c`q;DV{_+qE-&*jO&^gjacKcP zsa3c{2|fJfB9@gv8CIQz;wxKBqDmD%0fI+m_o|}tdV?Uje{?0EV^5aNoD*W&g?4lX zqe$zs!=Ot=6CA*x+zu#snS(OB@bH<7Ui(x_G{~FEmP)y%mFl13c`x%+(=cV(Y+&Dk z8l$<2zQ*Ia+bW$#T&HkcoiKGOb5|o1b$|&4m^zHH@bSmU5@uE?@FRONl8JFZ#okDn zZtdnh88Z6VnK0aGd};Dl-9|uOvh9p$l3z&AV?+tGx9j_$?`fmS_BFr99+Y_|?u1^% zz2~JuMWXPBADXRUb{N5sgR zDV>IN|1@)O=rS*MdST{{JVqW;=7B-hViY0qWX_TMmW+xl{3$d&AjyFWr8y@Rjlu;u zT6ShN>hqmA7(j+(r!coJ*ol9QgvF*AIVB5qf;kUd;%=t`{cSlqAT6k#( z2g?X=$H4y0(9jk_eDxSlGBDF$quow4G4CwW4%9%+TCh3(Trw?EdN@nO zdw{Zzi9PSJ;+1pXMRTE6431vS(>D7Q2Gu#~U2E)}r*RBOi(rf0!blq~C`ZT`DX@yH zb@dETt$|Oy+Pl@*wuoD7)7dZ(`zi!P&TV{dm2)Z>#Rg=fl(G(w7*ghQHy%)uQ0i5u zxkS-pQJPD($^_tmmts`h9^0BCQ485rZ(;+p3lq?)8Bea_EV)3DrH`%ppDyZ*fw^3X zAR!cx#x-rBNTFm{_en`O0aVGr+^NJCKeefRW>+?l(-!O@vUE>%$>7rHVpDoK0`{@khbe`fL@3Q4zhXkC2)N~os{4UVve9O1ifDlS97&p!D z&GjnZIGuaD(0pX-7#^oxPjUPJ%9o@pBHg4?>MG;^tH}s~Nho5vj0zD89$Mnw_m~-y z>5PN| z~l*r2cKj>R|1+J-cEYpjUCskRF?zqh=kJBZ4UymAT- zEXT(h4y{F1c}mmo1lnI=4MixZmJ}_Ql@C|y4M*z;`7;E|8YWP&qcvtkC!q8aSlv6N zoXfudKKcD4`5}A}P@z&}Xw&Bw6Y4!HRzM&F&A%F|@O&-IFzze%=5{}>4c2)VW|dmF z?W!kvQ2%I4^71}|0%8k(2LX+!TS>9+=Vlyf#NQ=4Z$iXr*~Q+675>hg?dy> zoy`R>BV6OQo#G7GYOM18ogcR7{0)acq3w9FR$5^UdyhBWKqiZSJZ)g)N$dCWhWH&?RcrU_`x!gy+c9)NR9dVxI7KVN~aNU7Sqa}mrxhA%iHz;U-YK+dO;w3KhV5#b7XPCCrP~Mr$FfIFp){unxX+9-g z0$;+?H+Y6C6k3-W^vq%#+zJf|=$7Uu+#0=g!{_>Sv!#h5Z*C0+BpBZTD2E$Eo*~)! z)S|+UNZ}=bhau+}y%PxhgL_|8EO;dWqD3tZUJj0zxsEwkJIqXZn}mV7iHf)RZXyY- zDoGyq&nFPIXS%|5)G2WhrTb%(K``|#i`BmO(7~0Lp$)#VJ=93t`d}+DYi%F-@DMm? zMM`wI55I>;7ePk7^Gn5-bhpMGWg~jFl~(~ROfG)2uz_6*l`ZRupm@lL=&hrD;RI&3 zyWm_&wb^z&nVH>ePM4fRd@;o-S3K9bepMJfASpkvpOnJlmb)#c3zQZPTx)&&?KL`m z60Pqf5N8Qb5}#-Um)>*mUVeY28eM`t>Kmaa4YBs)4SuRRP@9bNbtMI zXz#LN((9PtFJt6u;n&MvP8L@8X7-sXKwm}lMl@9D_(b%A#q%Bd)Kq_$%UBp346fdM zTfG-{Mr5O9xSfAJJ0*H}>1VoCjCB*z-;Favt1qd^>FP3HUd)ED$2KrOUd)1ra62Ps z1ohD<=^=AN;5)WpIr16Y`&i={Hq!d=6%*wD+;d7VXQBm04ji+ zoR057Y&jn)U+|DofsWd?Ah$5s>zr{u4BRQtcKN>*r9mS{%o-;n7GVt;QI*i`_B(;+ zUGWyXmk4(nrR@V9s|)pFIm-^!u#;*9GU^p^L>hC!-G!6B82&XZSl+{mfOtEMtd({j zpo3JDYLUkH(kH zmn+MWT|ZCAMElxdzs1I9Ue80jh@#N8Uw`z$6D~ijH9X| zshdbeJGD<%&Rgp^3OzjMv5x+U4tokPXa5f8r@shMYa=tu9W(&$KGq$xdz6+sw}F|j z`?KeTuG?z_J@Xbm-M!UZTY7l)1-Hlyh0nOir;f+GOsDyLbKjt%A% zRuj;seN)a%u=zJ4NUoI|0-@#=fA~?V6%wO1|DyW6?>RhfR(&5_KId!0@i{*Pn=vvC zJBARATlJd5i-+CppY}z*Q_{da?$EYmlq$CeLJjP5hx3k7p(9pSGq#j{5f8XxeDoh zffav2ohZu%yX6{+oI!UxltANr3$>=~IT1?N?FqMHpno@Mwv_bb-}QC%TQ9nPsys z9`M)if4*xOCX@b=K4#Y1w_iE0|zOQDdSwPX;3-Sx>vnrjr5;QZoM1s!6KOtfI@UbM}1W zIJ;aw)dcmP)~39&v=qoin>Wd?9P|8AT$@r}4j`5_lm-1$Qf6P+XCck6wOfG8rNg?=b0?ELin{hPhYu1&u65Xo-%SVElCi!H^Ki8qUn_N9@j{qAG?|tAKe(A@pdYy4aYV^a7A1 zGCB2G3oH@@`g4l@g0ZH+nN0_`HTG?_OrOaVX1t+B#ct3M7LO?TA>%}}IJ&AS9s+WjN{)?1Ps>`;%2?#uNt9m;YuH#Qipx2)sKC+fv9VYdDMt;7j10!Kml^Kg{u$C$f@}WItLKC1u=hPxXL&g5xwPujyvv=u zztyLNXY2oSz<`~B$L>bQYr?}}@ulWEeP%nY^`>s{{#6gZn?AXLB>&0~VayPJco@L2 z`tKT2la0)h2*d+v(Hh?#Tk6Ms$RS2CP2%kJF~dH0OUxQqQ_hP2e~J%h;|LM@8)G$j z_$2V%LFS|;3QW}zQdZ9nbp(i|^Jk&M<~pk9u%=8r+i7G2{L6PB?IfPvETfSoB>vqj zxuP6K+`1y~UR%pW9sPJaEQ)v5pE{I0;P!~JN%k())y~4WPUHzS{632RqdOG-fiC(+ z$UoqNsXsHf5*gB4|3ZZ|9z0+FW==7Owv4%My0ZuaNW@B};@EE?Jlmj&4YVkfJH|=v zzsIC?b=Xt^(?pt&IaqC$amG0uZm?ndA+uJwBMSS)=cjR6-$lf3^X*={kuYHnYQ}AU zo5cY2-A;44=)A3HrWotMS>$6eO>t+B_P_C1eL*OYH9SGa12B`3$!TFzXdDxmx}nWp zbC0ciB~TQOCO&{7L@{uPmZxpNG`zcz&Ze)b9`t;)zYK6lAToV8GCrrhnvGc2>u5v# zKL5~X{obkCY_kS@AI9H_UtIorAEksxZ{q z+KI=TIf)3v>U~g4sKn_0Zsx0CO})vXfTYRR?TKzhqCw4~fA5hrB9Sd&q+lf+m;N{) zrmRT!(62YqQn()MT;iFDgx_ocm^zhPBdN=gAPi%X+sMTY6b=E zzECD)#7dlVz*g%(#(CEk80pMVLpk*eE5U5cW6 zO29o0KJvPefyN#n13I(?7Agq2{ak#_BL`mn^EGu@ZaT-kv2GW7B2|?+d`{{V5aYuR zy64ijgHF2HO0VPr?^+sGcSR5WM{7t7M*vecDzedbbZ4^xExCxD&(Id2Um#}$)6K#EbY`0 z3L{cuf#RY|r+_j&LMG>R)+`{}kf;7ykEU@<=brJuLc`|@A(P_&Q)pP^+92eDeOrgG zlKxr!DEErNm0^BSI|8p)m>z;|);o&XsuBcuh?EEYduQLGdsHr)mxm8nLRRm8 z6kNu;$XBEC@&TtDnwIPW6>|mm8+5?RcyVg@#xPf2Mp zX@qMx*y=8paA9Zz8#jgG@Cm>Wp({_v(c(K>>G?BZvrMW>y}C{+`cRKOm$1OZOfXba zt{GdgyJOmz=a^OnN532&&$rL7T|VlTN48iiWdzNUBAZx73ZGYY56`T6fgZZaTO!Gj zuU?@Xf~8hh5aAHvOAxn+LUeg{REX1(+gai+XEBClSf5nii{FNoswx`gYV7l)b8qDr zN9TA;P>|ni4y!}cRsjbgb`shX(`k^%V;uh23kVgqnHw%reXjSJ_xsh!y5TiWQ>m{h zvMsjZ0udlIL5OwRP@VGB*5$gQTfp62NjWIMS1Z?uNtMV#38`i$X0@JTF=fs>SFXDS z(?pO~30DS9W@pj%Cdhmy$(aeFNUUkcSP6k;fRZiTms_z8e8< ztjY_HaxR}^hdI3jF==^7oclc>1zdKu^?{;WR5o#7Ts6&FBjMcC&Zr)o%cDf(%Ou4X zEG_l?j-`;q?}*ATZQzTdm6aQ9lyFM?c~~a&iCh@Czb}q{@!P0n`n2Fv0Rg;fpQ*>5 zAL}fggv49*P+9b2T-`!=1nmLQjkzW78~HQZWjTIr|BJMvk00y6gq+0KU8dg8aX;|e zcxx$a@&M3=(r#>=uFX`VOoxTwPa&zRW~9>X*!~}LfYNS!3-ix8+A?p0HJyjlnYOk6 zb=2C6P9<*F(hNZVkFL{qqa=l4Y(mSCaN`a1Kej*WU@%~b$bYu&=j|P>|K9dh325Bi z4G#t>Uo7kw!h|QDti1hEm&uBzq4?uV3t%pod#zP>^wn5Lxsz9D;3mszm-508^WHMh z({4zn(C7-NXT$_F1!hY)_3>?X7MN##bz#CTRJ>H&oN^}K zPaE0?mQ+#j%qRyUp<2PRrl4_S-JyQ~02A;S)5f{&Od&?nV#R%ym{<2@+JHbQnb>`9 z$&6T{cCCb*>~Vy07fI9-yFKk9Fc1{QyHh6{+VzZ+g&NwD2x0QMg{**(@sVEou~M!z zI_q-uWGN96Qkhvq_(>qGfMUeux$^aLojnQ$@R5Pb{0+mtdJNNDw500RtP4<+DvO4* zHyv`LC*!K;=Kn+a`v1rI!*;X(kN7v)%^xyhResjWjhv6GU*&UQRYK-|vr5eT47~o~ zFsnl1*QxGmRUeEH*4y=ujG!9fV^ktk{EDE>xb%vRWxw;sShS4pi<$R8LWO(gft)UU z5c)-IL*qemr-{;4TD7yJ+Rc#?w=OI2SylZFKFmnW*7X+jyR zJ*q%9>0mmst|xzTlCfl*f|6;26w4@xZvvNd1kFP^C)G$czVI4vzGQSU4KJ6hRB@^U%HrnBMxX$7($#i(E99}Pygl@=)Zjgj-pl~|O6aX@b?FG!&wgXXy@AebYH_Sew z{Yq0Z;9xpXwv1qR-S@<6SSdvLJ42^F`uawl_GrT0_oh|BO7f(XbGTqA%5l76AXQaa>Gs@nA${JtE0K)2hj>$bXy}o}W-#&_=tk@9 zQxs_fi**u#0igg5UiuuIvFxmo|b@bxOKl6)T|JM7{7{PG!9m$eOpASpXV^W~_ zTM-nWooBs?jOpcs8f959AeKFJZ;#T2OXP~ZgbZwjvcb`k8(yU_ij{MsoHR+>r|tc0 zdpNgtmv)R*R=a#aOGC(!COo{WH=kRKqTKQ81;z+jsTtcWZb7g%?|u@lTn}e<=T46GV9n_02p3ebN zyY;BvDNaOIf(dxZTfw20=Dqdq7udA+{c%v;???Q&gOYbOg4&z0u(%g_RLR^bebKO8 z1H+UlUU>3W))d_kHTzsAXwft*We@gN$4r>>;S2DO+2rSp5{vR;kE>vgaDq8Sj6+^M z)9PmC#+PBLpyin%E#6DlfI3ei10e=IN;D#ui2!|_#xd_?*|36#Bi8#3{1Q{8a8)TQ zM<=V)VZS^YhLt3JwF{e8vb zw4oagJtEOFtmh4wwd7{(%lI7^z(Fs-+BKRTL;kT2CrFn_TFE|xGPUpW{P;a9-WJj- z4QJPcKEcw<4E1_gf588Lh4|~7`5jZzAO4H@|BLwli}?SG`2UOe|BLwli}?SG`2UOe z|BLwli}?SG`2YV2@rx+FIG430)#uE(p@R3ZXJ`z{b7`snGHQpNKnC*sAKso@VJ-2( zY-KBCx3KX~T1wTJCqHy;7AE{d*^-Jseb*O17EP0hS5pfWZ+Dg3eVhKv2O*PZ)mq;VQ*V&&4K+QVYRDc^c|8uTg z$scS-k^LJ_?mZcT=TW!cUiv{W7Kn#G7<~nWSVNHs)P7YO*fO$PjJ3HE@~Fb&B>)}* z;9guKUC4jC)as8W#;#B(=wdiJfoB$Xa_pXIMV@`&Jn6KJ?D2*3I=V-QyyTQna;&K$ z*;2vObvg!~5B?pH42bgne;3{J8Na^Fgw^#F&HYr}OLo;NAqcM#)C5rw`PAuZM?EoM zHDq^VsebE-?`to{ZsUV5n{~U1_f03dl1fcP%3KOkA1%!J`>R>*H?5gk2df2v7+~dFPrV;ED3$KzTg-dWlT-YQqF3 zMzPfoB4w>jhTHp~6hpHUolwIQ<3`gORICJ4Wz|yWG(4;fv=2ud02r$5`3^jLOTmFE z_AI))#xCnd8kDYgL|hSl6_czo9`x*cP%G9nliv9CCPdIo(f5)(morp5#D(Jy!i7FT za8ty@ZBA@w2?KFYGZx;6vQ(Eg{(i)1v$ay77h_8`IuN=^fo=z5)$|YN9UM|>TsR>y zC1mDvRe4;+w~Mz#s~krHV8<8|6etI?S>+N%`2Un8d1teyUpEc_SD$JGYk_LKN>X+ zNn{hd#hbbMqpWg!nH5X6QGS)?=`*VR`(aM!#0s;;p94!v)x=?W^kr)~~va0@C@8NUxQHoA7B^rYJdN&nBi7vb4wia+fTZ+7q z{ujj7+hp@wyY4@Zk~6+9VbkkyO6e}!BV<}?ShP#VPri@7-+Og!kN6My zTfWymNIpjo_@8TiuaSM*k2FSXf+IdpQcjXVcKuYO079&!Blx82%$gH92Mgmj#bs!n zwCj<6&$Eg6A-<}5@@gMWW))H`$0&~Gf*fz5$CO)Ps=^$i_LZ4%NXOd$zDCsjr>E5p zgHbeSPr&gEAXZ8fS7wX_QA>H-ehDMUO}@Rq(KdoVt&tiYxJ|v*ZA56i!z8Yh3kEE6 z8QMmmZn&cDMPrfB5|&sg4}~v+t6y{+mk3g>4#(kk`M>hRQi_O2b|1LT%o)h7eID-> z6_b(tBB%-FHN)3dZ0$=dC0YCX_NxgDvvG~kgrx2;TE3cOzo)2OGRIUhiKeh+E_y`~ z$7t}jZ%~4KG{j85?ad2g6Z&AqudF`sNq&$s(FbS%ioPj3Va#?FRejY3z%guwQmXW@ z8v4tAz}?eEDj|KHod1+tM;4d!oIE!HQRvK1+wb@-?eX_V2a1d@5=@TILXv(d@$Vtb zQW;&|YO7Wmbys(G>clau(Gx7N)I;)B_TS9+T7v7kYo zZSub_noi7TG>J3!7b_YdE@z!PML}=iI0?l70Y{WRgr8g$DwTUO_5M&&YvPtoSA@_G zs<`#H@ZZdtGdcRtn{V}?37i2E#^YEBYby4^zS0bb&2|yp zKV{C_PORRY@z%9$D35&qwGvV4+~TJYUWC>Qctuh*lH@amTq%dDfHJHWr&Fl zA_R0C4dr{S>sW9V&rV?dXmTXHiZIkMIMj}}Pl!PrHT3(3&ojC|Z_VSy!^^tb=~Ej@ z?d-N$twDiLF^CU4%`TngAd`0gp~1ZM)R z&fwLI0%ukl6LmW%oaawydI%UQ0SH3UPIh$N9P7l`%RaClLuj^n z`(_w|m2PirkRCMg%6mW2g}bLS1@|@NrD}tGVxDiPPXA!p#ZyduXSThv>|hEo=>a0j9vnRPH7~DoU)OxB zXeF9NV7pAs&@@8Mw^st@El!8z^Fh6fhpPeIfWpp-p$%^w1TN@tSF z%w)UmI{GUPydBx6oj3u0(!7hP5*$3XXz#B#@t) z)?fbcMQ~P;euoHR%5D*F3GdvJzy1#D5^!a`93I5H;SpN4g}HbZ7N__gCPf=9)P-4k zM&+nvou-}2ILQi31~z1as%r44ztfpybb-Xr_JEc+sNZ&_0??#;8pDaMWoP%Uq!%U| z)Iva&)my^uL0u+CbS!$cW}0>1+3$M&>Bb;9;kjUHcnV)e)jA^IgKnQKR1i1Q;y~v1 zyh#HEp&jUPc^@?K0pcLDRqMbf8qL@{XtQy4@G{D|8FIS5wWAsC2t`9won@;C@WC7h zFW8;h1&KA97HW}*7;~#q1~Sq)`S>Ll!1v)^0cHZ* zfP>^^RfB=}4RM(qe$_J3zL6_j0NqoSL~-O%;Zo}~zUrh&j#GnqD9l+3o;$clcq>cS za%Ojq)LD4659+p>ep7R#$GIbH4k@ul6C->6diHkRg8+CmzwMeaUG8Jc99}}5c}Sjy z&^u{t7F_?T1XkrsSVk#|iJ>Bsf-?anW#?=!(n`@$)MHvQ)0F~xn0j)=?M>4XKhOUQ z-mSzUXOW&^GAHhrxPP23ZpD8{Q1QFHIGXh^E8wbx)<=>2@9iJ9rlJT#vZb9t;qmT# zWN%~jaSTQ(5h?RxwgMi_K?|ma*{idK59n{eX=C3wI^$Vuea)6v!kaV*KGe-|F@*hE zj(}3NZDsDQ{8e6Sbo|cT_N%$kY?6W6@m%sh96ibYaH)fYx%DJ|wC3mda zD78~)mY0ew3`deB71=dzv^tXI)EicPPXR%JK_m<}sfq^U_K9c6-CISr7sI++)}CK= zIeDkG$j9-1z%yQcL?OY)DGP$)8^%QX_;8C*SdWOghnMpWIrvma4W?HBgFlR3Uz;Z& zPrWv9_LYCM&Enx7E!P7m$yLo4|`Ru4&gpuiNU#y1Gd>mCEA$hU(q`45KN3OTpbhNH(i0 zm3DUsy_fB|0^Mvzs`3JjHUSpHWi#n9zDaCXw#SEiGzka;U`Y)@9k~&@fT&HJ%ez4D z6ZmTe=A;|h4x;A2CS3Fs9H)<(GhE%(4_aUnVrt?~lzA;KE5qmc@egxplILKIVU0c& zx}lb^kDi>y+}_8!p;qNWWl%2=G#*N^iI~&TuYk{{O#^(4%zvfm!^({!dHmbs5hHWd7RFJaEtO+3_}ngA1%KtiH+`@$;} zm9!}M`Jtpn!30J@s=fqAgUO776i=S)sNKF|;-hwp%~wnr+mh!)VdL!2CKJQEGuC12C=u>5drN{bV&>Q8Xg=OC*4U@(0jWb6#ySOP%Td*gW)47_Cn?( z1LHfr8aJJxfcbVC9Xua7?1K>dU?6=YS!cNYKu~=o$+*z_Ccr+D?CHYr+bs~1-)@mo z7u!eHhrNMRB$bpP<4*-T7k186l zD?pNazwaVyQ`kzjY5a^duhfpR$2JPd7*ty3KmR?TJ$nuE|GT;pE~LiXBEJ366c+V6 z8}cNpQbd0NS-1#}D|S743P&;35A`cn;WW3Q#>^KAn$qp|pguD|z0kAHWtbl$Mi=(1 zLZ$s^7qY5)7CYllf^AW5@rsO8on1dDPHj2Pu+S%44)xdMWu=L#Xm*s7wP6|tz@QBs zhNAq7Ia?E2(1a`RMRB|~64}9nH1?ehVV1HnvYErDsWj#7!7j2Iap1sAM2=&R=gv#B zlP~S7y63KK>Ky~bC)IVe`Xm5%j^a}CUl=GW?ywqS_`T^@E04dHvuB@x%$=g8VyU;Z zcLa}itI`aW&~G||dpMIMW$@3CcDxjo0+|bEWU)&^KGH}PI-^qEmSV~7dDwN;s}d>| z!AO1ZY%g&=8V(98&odz|OFUs)wA5x*Njk@0Zb-7|gW&G{yRzK~!h5#w& z%s=mS>X?`{B{EhH*W&DE16v*7hDagOGueJWvc^;|NV5Krs_$;bzB zXDU+9$SqhIn!kX(?}NDh%#z9#5EtNXr^l^}#%erlIIfO|tzpGL(r6{j96Dy}f$f`= z#m1`#o`_k<3~v1v=nna>#*iYmOP*uL>NvROo7PC`L`vz0pi9S0tl!bstp+|KvvqCV zbxE`#7hcOFcm4N@X5AQS^Czz-sh24Ck!NW_OAL-PAvCrsJ|gB5fS029@JukQyfmgE zS}LAEnI%*4)!~B*MPAhmd55)@A{OEP@SVehreGx(DO~E!mBPv8^>%n^V%H3Jij|cq z^``A0T-?D?b=bBk8~Umxnd@D-Ab;Ll5Doxx5O?Yz3CT~pL83^pwar(eWII-pm#F{* zE8Foz^(s@@_J6Zd0F&ixO%>nOeh7PQR~FVR$!qcwh!MWsvXoQBvb`%EhOsoGReAX1 zPtSbhNpmxh;-(`EQRzF7g!OUg#1S~Xxt&CW_3gz9Ldz}=s{f&Rjn?JLaE~0Zi-I~$ zU$avsO?bYJD8PH)ezLB^t7i*;Alw#mYgzyMh9dS^Z%UJP*|-IO@f%<{gq-GkQWc5V zqU9-LT2q8j)Md%&!_ep-X;1P@6>_Hvx&I6ma*h4oyZ?SLxIa_FuUiOPAH}u(yoLyh zeDKHJKkwVX|UK>KVO^Dr+8B+c9O7-%3sGe%!J)gjXWg{L* zD$w--F>-{JrNA5&2h$A>fJAJIQf#>lcrd}T0b9WBGL5h}!Bt3kQZV##ndn_)U$TQ3 z;y{1QpW(opm5l_L5!FpCW7$-5mZ7hOq>oh^F8fYcxlYbgwmX+8eKUiu*?dN-Jq`~| zD#?pCFBasEZ+S+`Y(Hy{xS0ukKeeCo+j3vLenDP}5_+RAuNk8|X2U))mnG=nuNLl= z^;J!8TIeo9(D9Le%(K{{UT0Q6d7;XRz0j+)5@mvN7~G{B1_+Cfz65im87j}sdH7y0 zHY_`mb~1;DDwpI1Wbl9S1*JR*rpd>Kly9zLXBxdrBg(CGC@yBziMaCbHjAn&FL>y$+YSbQ>4#6d#JtWzmqGfC@L`~aLqOI z^;xL*#S-FbO?o%CW=5h^h6JSk+7HR=a?-!+j$Gn$nGKc$5k*;bhXKN2jg zUTNR)U9hrF-9}B)Msmf_t&_gBFz=dH`vsq#VM)D*@W1peN-cuXfN6^hUjlxb=k_Nb z(H-R(UGj{py*`~^Ejq!I5+>kD+kK?^(DnzwK}}w23g?en@Vr{onu9+ZoJm4~ibq@F zunDgZwTcjn`3~;T!DI!V=jZP~-5h;v>3tu2Z0TnQk1hDYBpP)T?!|`ImuEV;{`Gmq znoLI=fbEnH)>hkzt;7|)3kndMKo(9@y>@@~#Qj9ViSqW@r*Y$wy z^fCJ_VZ~+@xIoe@sP;lF|F1T*(>o9NAEzr~3@|8#wE_5OOXO@Ffy zk8>sFm1J|S+~?7kDUS;wft%P#{AdmP!0V=&EVE?_Asg-|n6Qe(<@iVb3}467>3 zaK=^1*sN_2@dW*!{+wHHuQEc z|DMh9+w&rAX8h|o^uCl)=fD~F6-+x(`r^pdA(JX}(pikrevUfRA?LQVnPCvyg2}th zt=F&q)HUx+Wk1X+l^YE8$AaZ|iY5;pJN9%Af7Nq%tS8LEV$yoOIaIweZrlbngG~Mn zN}cEQZXv4bJ#{3c?OHDEvj>N7{b#T}88B!eiYjxXssa0s9Y6B0G|JN$S5_lLwjyO@ z$?G!US`o1MjN#1maKW<1FE6@4$X1<_*Pwg6{?GsUKQ}OT-w7

    p%YC4-0Z-is*1w z*GjCfceG@HZ>E6G_7~DK6Ku`|gHOe>qL`gmFIvVEg*CKrlba%qUZT`~zs8@yT+T?w z9~fCl$j;m3ctQA^hhjo=0G&eznpKfZeGvddz$kPWb`L3`}SlZfP7Jyik;y-Y)dG3Y8w3CKQqxhN3J$Wk=h|P>=$~F42CQTT}K!8`q zq4vN7+sl4$z3PU!eK%-J&D|1trpkMCG26KBL`P8souoD*r-kK&=mC@6+B|F4$wRbW ziVk8&GF6$y0U(y{FO$-QF>Go1;2pcg@h-@%9&!!D#rT;WtLwYyt{QD7(9g5Q;ta)u zD2Y_GG&@@V-F=h=ZJ`~;e@}~6trdu>5)cTZHcdg-aAt_ugaHxx6$dfvN>~OwSw`?} zAazl%FM%Tl3&`+{g|iiIBTkl^)j`VkAk`Kxx6aRl>bjl7B1qDIm<%2n;lT%wl>WgH zBpPwBV2e9mu*DoQ*!+G0Y(2iNB?E5pRdeb>lwc8+qaQa1mJT(w8)#1GQi`lnNV@sa zh@B`-f==1oaUgMOGA&UA!agpOpm9%tl@Ynu7vhIFRH3YU4I^FR>!q8R7IFXc6riIwLr zbdrNzc?z)ufQ-Z~YNO@R9Q^;lzTo{9+|&kwmZZCP6@2fJod$yhB+un_kI z=BOr1p{v$_1qd*Mt@vP4Oxl6s`kdH1<%ae7X|;p)UMb0JLvyX@1EK0hXOvc$bHh{Q z?I6xFDh+C9#6TIB>PAi)Qm<)AI=d_?4e>}h5Lf`I3Ju8)NVI%AbV<7xJ1m0kp!@5p1<(niBDwCvexja$nmq+l_4Db z;2aCa=*s%-qtoT=p?tt~ettWWI?z>l?9;9mr-eu!HNdh{p|n25uIGh6`rEr*bo95s z0Drr9wo91PSqsXK<#i~fIXayc2s>gwCf-rV{D&V?v)hiEqu{CK8-&x3b(l&yUhQ?D ztxf>%Tw;5`t$}kfQLzYy2zk6p9&12=dJF6}{4LmQ5@<&#AQjGtTv2A@4!Yq|Sb4&1 z@S`1}S>ZM03DCfcKR<}xxb=I0Y@r+pwV)x8*i7m*N9_J>Cuio><~wh?x-LodANRVN z$xXlQI2FavTcnrZ&4VrWu0<|O=+6T;GnTVtX1gQGj~GEka=ZjMUIO@^eZ)%uXPcI* zm2#vyz`Ymf9TE4<1Jwr+r)UO;T>q2G?HFU0sq6@|OqADzs{$*3f9zXKTdCZsnknUl-OF1VbLeveW$2qxy*XdfqC4p|GM(w*wp4fd3G;M# znzo$Ovt>*3gHF)EZhN0a?6V&(x*O~Vx~K`dSmClHg>z)~z!JwC$}WUr073BpNDnU~ z3+g$cZC(gGV9`bc16q&ChYQr;dPy4bIx5@sf_PTb^Fi4?e`43P3@qs6KmNFhMtm3= zqX$+O`2)=%M2Dl-Lg1U{2Vr=4pksjgfrcr^m~0r5EmP@2RGdh!rQk6Pcu}sXbVkYN zgihr0I|yUUbi3R-#T-{oK95X^g1=~$i-t8T#Ob;%8e9_A@?z_m3QyDFp);!>UtsFS zoL%PO?inV5m1(92sB?&o-8ONEW#W=W?abr_1HX%mb|V>DU~z6$MZ2UUUh5}|ZL@JZ zLQ{`WC_^C(e_3VW!-wj;_#^bufJq)JXb|?e;AGdKeWM|K`uE*DD=!Lnd?=qAu;)Dy#Z!DB z%m~_OT5?R|{wm}89xvwVzF^tsC?t^&@MOISfTeBi0AHK$ok^r5J(@3QnGs7Q z83|E+^7F-2_oeOv`1#`MKZ0munGp+lo>Tt$$g=SlVA+D=S!Oi2W<3 zJeo_|yahE&p{}n;_cumG5_Ai(6sFoEmUD!`q2m!^*)rfJ!A5?_Q^bZO>KH?fZ{k@* z7WqW_98OM8v}#ls+!`JDYJN_vS)bAbOSwC%P7(T5Q=GmP+D#7}$CGHIYie)02juH> zo3{(MqW(}HDP=>-z%d-P3F?YOj^QU;^WQ#woc7bOt|EWob9T;_Bu!ykHU>V`B^{QGuX_>JLvJg9i)RE9}1!xgPJw${dg#qX}8` z3pWnFm6ieui)?648cYkH!e@K1VHGRbG7ZmppcB4<$m$uMiQb*2|Hq@r>i}`l5w=Z6 z6P9t=DTddxH29zjSicwiD(b>Q@5__K<_}k-UQ;f%l0nVPBlZdB(G+#ftiCaIZY<0+ zu)&F4XgoD(muO5*;m-C})nrD#P%eEHGIxR1_VgaRadQ|nvS^UTtP#PN)#Z^0S_;HNge!>1mtKK4U&5q8`jvpaMbME%(){G(_ts zZgJ2s-g76VJPsl1O6w}))S&J4!Z6>Wl03k# zdQT_)_TNookezOggqo()CER&~=i>V4A}NA^Kx~&Qya@KB*Uh$~nKaezE^eg^j(+?B&=daWZ$EtN8O*1OR8RDGJmG!QBt;=LHc~1o zbIY@))+)>@Fsu?aN+8sz7TdVkzzOGJ5R?84 zd$xJBxA$+R>c7v1ZKHZ%OTH*D9YLY!t=gd%;maYDsQZKO z5fghDJ<3k}M`F%b*y^8d|Ae*yGn4jO?km=?GCA=7cHp({`i3ViAT^~JcMlj55XU)0 zw>wI#yXVsTPfb!i7$ihYC`lfj4s(5}lsTR9!qwzJc6K=Pz|&rD4F2@vG~bW)QVi$= ztK*Z>Z#ysaA{5kj{hYBe75{5lC3AV*>NI8OHbt);&kzqSs;H&okvXuaVCjUHjPJxd z++s>Rq+%1CLjX#t3C@!=`9!AO-__&F;1}a#w-0QVP$(4ZS?O>MgJr~?0Qlthtd_7< z6w;S1B&SMIeyhkQ*0>r4n-p7u3vIsV@=r(T|0M*=?}G0~Z2=xw{z0gHkI*p?{s7dz zM`9{Ou>(Quks1w7Y{7@0;1Wko!^nxC0rqvUC@cdnJ3$(>{;iP+J*}_>EWa%-Sh)}!H>#w^ejFv$&yWn#2Y8U9WH%wMcFj7-Lu zmarwBV#1afvI$$_xu;X6vtg+Yuuvz+9OSFEv|SxO>IAV~=ITUg$(v6s$UKw~Z?*em zAnCxCXg(bGabIMUE#V*=C|`4^4V2V?n<$~-pd2VkvntG$ZA&t1c2u(rvvv%BcE6Q= z&s6u>h&dZ%Vssu2TXv2#Y1;)`Wfhp`x9xUW^>%3QqJ}r}B-mHI4RP^B?!`ScL_aHE z?714j-RC@=tT4y&`PmZB?3bj90taA#<1azt6gEIx(mNC-GX&Za#}$|)5?N-!AZuWv z-~^6A=cRO038nH5+7in^nAmb1Ah9nOp)GrLN16hMl9&qnRg2cq(9x(p8nuz-FJRP$ zxD*p@&<-ft7^`A}%w7J)QGUe~vv!n;vCFiWs2Bt}86!Ct9jWQtZYmF>E$NJmDN9M{ zOYz){36i@kj$xL@6#ZyVK1W;j)60@M9&L$ZdrZ_LTyDtyc^_@rQ@Kjuf^=SrWQ9!Z z615im{E&$<+t|R;qAW4=nP;i+LCg$AMbrQUhO~5)&5*@bsX>Y2U~Nz*SF<(uYYub99&9~9NR=~{kpnQa@D3Hs|D%+(!Ia$PEA~=7j$h5FW62c zaYYqk!J&5u@};7+oYr%avC_wbY)fbIT=gaBS)}~Sk!Eb()`s_ZgA1C|W^1m_6~!Hf zb*4HxO6)neql|D>)eL7V!ku=54y-aOqh#v57a)(63b2$b^rT{oYS!qm5moUx^Rv@9 zFngd<@DretH1$@-pTxOPovJ_&(0lhk9I+zT;6^`w8)y2FI#X*}nm2SUJ)DKm5yjEa z{eieiZY%M(@6n32H9vK8AitBJfqfo(OC}V{1{DPJ27UJ}TGO%>szJoNj%xnH_tDEO zRw<8F$9DrC)T*ig^jvA>YF7zm-8#Q72@iVrkm@LMN3Lwxf%lqN?KVnVjXd|G9t$b4 zp%hYe!7=!4paOrkY_V-(a?1Y+Pj-{Z^@qdYQ6mlRaCunlsKKYh+Q(8@(~)_D((=~U zpmx({83E4WOUo8lGLRb>vP0%vdl8y+KkNKK-{yOGUWgcdxF$==n*<6Tc)UBEI4zez znXqn)hE|1Xxu?BGlsfBNmoavHlNdk?0Aeq2ZSdOsJ}DbO>aWFNTHzX-j+Lb3{EhNU zdhIEYNJ;|e)<)VO>5mKf#5JP|oJfeSE9u4yK8yC8Oe~;jBr&`lZMwHs* zX_ENyDV5)Na6fjcuP{HTGxMeM(p+;%#6Mh!ZNX>%=*0Toq*!dH5_W|-s$gl1eC@$w z2%L5GA_gbn2xfrh`v%Xm5!VX@1lCSTJqt$Qw!Z&vJK*05R2$&7jeUm{xZnQX2=@nzK2-41!7jLNt7>`kvTlswMX=a4zlT9SdRZNlO2^TAM;KB zbAQx3`{ZpZ_UW*OH_>0*kTp+CR9Mn8kZX&|dLYd|BrWNS>LnUoxGXt!Fo zMjQfp;uH$l8Gt+13Oh?#Ku4s@11l9)r*ND=I@H&a*r-tqII`?THR7b?RNewP!3l~# z6v$^GQWq2t-^%;QmbBFCmZ>Yvd+gIij+(-=Y6_eeS0!E)zU#E^#$Vv2m~=$Gb(T{u z{zdcoN9jm!ORd=kLYvjLXR>)<*-l$euW4{Hhl!HF)Nt3~X3)AHc=V0mUU>k+o4VG<6dlg)AR3Ma zb|^H_?2 z@3L+jym?$5I2?L&z_*&3&*$dq`8-_VEWY9VHjhkC?w&s{&nI&rV=porFJL>_K!-!+ z;3Z|=xmk6An)>tYMsn#qGKaJ5!WncPk)7PSK&C|+ns_)zE-L#iHWE7`(`{mYTXfJ} zOfFl>;bQaB0z#2LZ*43aEhu$3Tg{h)78L0}M)u1*i_SN5j*Ott=q$68+_L!K)tJE5 z`0Oz!CoI@-f6mx&CRo%=+RYU6=YIu-#^i@ZF5Z}E*-!>pFp~Bl;juAUM(Mdl=5+Dy z^8S>fcxPS;PoL|fQl^Jia3R3Rf);u;h<4`>{t zk%X=rNGN*$R%YMW z_q#R>7%{jg*aOtpo`ZqzmMw!6L79s}g`uy!$!-(mp412{$*cHF)1X#Yi*wSrlTDb> zB?P34zjb6&pyB%BXhBwZLs?sc+=ii7>MMC@ZCPuag>4{U*7PDD7^xfkr8MSpru`^0 z@`ZZS33vKT50Xahd^E*t!z*zrMpKUd?mpjDz&3OF)k`BBJ*r?s#atH_G}}g#ZQ5%> z@fv!MImyv4xWr4aeP7RS-~aMP3}L{%aeX;-%c$jp_?v0@DZMr(9D@gI<-`mdePH>~ z&UX`h`y|S}g}Yhjk4TPetDL@Fjmw@5!|r*c4SO2~U*HXH+Rkp%RXBeUYrH0qt-g@> z3AuVnAN+SKTr&QtEl7>BqU8;#!7h;*o838Z!-S!q6>TnE@}$%N2QsUmX6r6e!&}gm z%oom2b;SNEHz8I_Z6B~M2DRcPZC35#G-GQ=K|WKl8_o7?QLx3?8jB_fb-AhOqHS2s z&vLRM#Tlo|8LqPxZAjL%H95l-on@@ti0Q^ke!9-T5nI#@m-!4j$<=npc6YqNv=BPx zCn7dMytDatU4pE^1uEP1g4FW%T)&MfmUA!@WiiqxXoLO+xSa4wE!VnmxeEc4i4yN2xFdY{oNSvhM+y{4r+4df8|Mq{Uic689| zW<_YNs6x;hH<@z0O5j{pzd6kKwdJ%4>%2dyy$5Pdm5ZL=t0jjVJb7@f@CN)dIpN|k z&~zHoDmp}ahfbNQjQPJxfQ{=Y}~8!r*by!u&BGn-y$+AIq(be9r1rzh8& zEO2f?WNNbcVEF*1iO<{HeAqLjM%Br^ssIeLK0p(GSyr?i#GGCYXGf_d9r6ZkUIXzmogI6-0 z*?U&=J(E+*(#LjUDLG>8s6!FLYv(;OpQh9~vwjWSuNpOH$6`pWW*3mkRJk$it1o91 zWstX!?Pnt84A4t@sxk*GMI3Yl_~}F2TBKSUrABvm_*PBmRALA&nGX<8Q<&Gm%sfO> z`Zt(c3mo*x_T~8cyw8Y`m+1?9Y-w|!opS=MGtp%T!$BW&fcCu~o|m6~exC0$zrO`W z9?(6ePMXKz2k34&aZ;&D=Xy!nq-$Z;f)fSudi*#tq+1F{>yxKFMz7%PH4_y_#xtqq z%(0h-C76xL%Cwr29Sq4f#)WN10?jrr3} zF_$OcHLC6cY7a=2wmoeJ#9dG5G8soqn_;A3-_g3Q#J9?K)v{Pq+LX?Jcir}xz4 zev09aBroY)yqoOq@g1(~X*o6TI1-M9at_GgbMMUnB2&x*{OWLgjr)Ae1p-r>#wJ1e zPJvzOWxMv^pPPZ43X%=i+BdUvh8M%6atb;t5{oMs+u;xft{qs}|?fDt|iy`dxx?a^zp zVO5z%DGj*I?W5>eHXBr|7Z~+Je-m0r?(hR-n6hMUUHkG$YL3EZ9WftHoV;285V#Jrs3v^77la5on=K11h!$sBL;WIi^25 zKXHkvVmAPu*${T|fVX4JF08T7{Y^{qu>^fzkDdo}VN3$~mY;Qzv|WL+-m>&3X^T35 z(hSCy7nBYy#f0A4FIHko7J4fsqbI1UOkM?7=bf9}+BjWtlPA|h2%4qE$Dna`?W~Zw$-(YIv$szE4D)a4sp;sk38=qd$C?Ga z@Y$+d1$!#UH(r@*WxJve$7@LwM;oA=umtn+Gm2R8xC_Ssb9P1?y6^ z8z!?5Gq3s?I2mJUW4uB(y9q!6z@~k6pWkrJ$CWqGS-Rn{>2|3K$R^>_$K?4X0QBs% z1-_lEtQCE~0CMU2U?wf?c~Qd?SFL!-#PlBa++NSD@7?#f{602=KPdpoMuS^q%;rZ= zK;cq@^NR0kC0jpVrmp~V8F|0yqv-fk*K|tYp&!WlDFbdEH8n=`CqWE&Kgz(UWEkPzC(Kmz5I$D(@^=(lwVqS`8H@Yo=RAA4zV9{s zkGZM^;DcoD`&(E|X^5uO2oSb%@$sh3bJDbApl1TsHoY?yJL(ugZvRYuaWYLcLDO<1 za`{u7JPMCL$gdGPc048b6u6#qm28jbVuyQ}gepdSaCqnj>?;(Jwb12;>=ScSXJ}jTF{!7j%l5NL< z)0%Q_xcT5kuSAa_-!9E;yk=v!`xFj4{TG|K3vF3|RCoG2iyX2Xw6D*Ss#7s4vLmH6 zLATJwy4&!KH~FhDi6Wj_ezneQT0!8LCS!*)Q6y#0dF~G`wbRHNuQ6O|FNJfar8Fq( z)X`T8aHvDhLX62~sIMXUj}Egl!;0?1SX33q3}G$(j+%fyZ)b`^x1~wa0z7x9_go z-nScUV&|CC6T!W1NJ~se5?HE3bSa$3yAAyeAuVEkMHyI z*PBZUfl)O7*X;_&uH6_g=lk*u2qc?R*IlqP=V$aMOD#ifDh|ENk?0g^N}gt~S#Zho zvOQb^x?}@GNo;|?SW2V2=E5q23LbzLkLaK7OWzMqYrA=||MS=@Ve0VpaVk9fav7Lu zOh?bG5P=;E&Y*B|O{D2CGMj+qOW;yomRNbuLR#j_@qO4teHK*r82zIM4qL?(DMC%r zf`4(!ong2xDZFL71kx6~%aQ-B%OiSeTk*|ivWIV;uUng_Il62zF#K4X-k>?qlnlTs zSca7=)0gjqI7APcvww@U6jpz;CW)k_8M!>+)>_k&8ex?+3}x+7(!na-(O{D0{JQho z^==pG0xtV9x;h7FaujCUr$x65pm0%|w_x*DMZXeS=NSt&vAY@77y}?1W;=cAlPzmC zq&~Gp(5kSNH-j$!oUOU~b9U=8$u%(b?$(?mmRj%4VpKx{M%tqwtO~C=-6s+3xKXAN z3z=(Y2;ILQV|f@PbI~Ksw6&wZHRv%!#Z({c^IsTemNUP|Zi2fp1sqaKI#H%vNv=Po zzo;Q{jMZ3JK4++PtTX?jxsqbZoycVC>Uw{kP-r%)o}1cTDf>X&FtC)upwIM?l_$&N zhwE$_QC^%s^mEF#N)(n?$`XJHCxWGx!YS{9C$0LL&M$^2ild zF*2J4{bx>hTI5gqlY7?*3e2tFqec5~$*TY>UYSELUa}M9=p4ajiG;60EZ6ye>t@#no z{ccYgwaE5AM@F&%TkRc*H2&ivnbP#|pQIDNmk{7gx(`Ng9`#{MW47}E9$;5#(^vo} zFN-BW2l5euZo?JA%GJbz9aA+WM#)$BZtQ-!o`_9~z*-QKoBJ7sIZR$x_s?QrWWelt zVr_@Y_X~dP5uu+94{|fDnS=i3rZkLMdhNbd>cqxGsPweCbTG<=8KAQYy&FzT%Y>wov*|+au?Z&hE0GF~M^UD& z#4fTPV&>SJCw}Bpj5aMSr-(uozzAwl4q4vmUx*vvKOLB$r~_@PjPrwaO2u)0YipTc zKt!PZp_;tj-}INJmrYf&5~Cu)8P#@%amP#u{8=$Rnd@={ zmxFA*l<@0x^vuYV(sAz9$nueCUzt7R+MHE$ zHB_6)tn;T-({xiiH(f&?nofX+Y7*x0^^sk)G4KVS`kbKDG%FT{W#aLeN%DxAA$p`k zcgeL7drziPlH; zqc?(L|GB5HNu(-bBWYE~D#!3qi0nCf^ER&eK_f(6{QbPwxie?UrLp5f8r;DBtvz1m z`Z2*+XaavT|H7z+)LcFwttg*5G%e~F)ZGTmKf4z7ug~Y~q4StlNKC8wDN0yRAlDBH z|0Ki#!e4bJqr_lrX0Bwk8!ZC9aL-z&t`!#hqXd>)L|$sCym5ME2`Ls=Y-@3>hn8G? z2-!d(7isd%xe`{)gY;|x2U~{Ew#0L3%e_41`=Vbs-fKhDR?2vh8aiWo7JR5w{@O0f zPlkLgC~gAM)w%cnj<#$n6}(#gl>u*yU5&nHn&>!a`otsPH_`%SqZ;8)ua=dg-&b;T zNVo_MURDA)JX>9(M1P?gGp7@4e?cD_C8QXwFm>qPo4`1EvCd-)FUi%W_qSvHsJ%LM5`11Qha_ z`fHxbTb%xBJ@hv??D>t5Bs&*bo$hdW)2Pk((-BmV5#eOzXyx28y|I26_4T~(jr#{> zia_7jd0Cj`3<<_>7{^W9n(N(y-kF<5UV%Y@{dOJ8LOZNJcO96VC}%Zu(~K@+8Z&4% zge407hQ**@JLJc9H=)Pggk*_*+O<@-(gc>9XSd}X5;8*-7WJRgb6T}mv>lAOpnm`? zaVv8D4C^jTuBIUxUj3k>6h_-I)Q^{B#ix9aw<+89Nkq@he=i|+k=l$()+APaI3c+GtltxU>cOtKJfpJDu=nb*DoRY3G_Zng_|J5_=cG2LgvN-s* z==kg7w9PWNX|f;;eU1v3EGfup8?c<^v)Zjmzrrp5 zXmVdu1{t_vvt+U-4-mOu)A6_^56LXaHZY68|A^!Z+tEzbJ>GuAej z@b)g@6!XA?R^>t^1#*sxoDk56;DPApMc`GxIXprfxJMw?QJyyCR40t@zY#cbMG;MiPPmS{2%GEM+j`sZdahJt!q5I|F>gSA%W*dxc&!lpDpq zKiEl~-b@MBJ^YGc2L;9>>{pap2HOK-B7{DRqV6EW<5ZfDp)7^c<2pL+55Y~5 z*u(Klevno)aFW`$-4(k!KcxQZY~dVC-u$xegDC`fkmIkah^8P!2hyv3A)@ZAoIRFd zpSy`gN)jDN;lZuTWu?WWliXOZ&w-Hw$~9LT1fi(fJ)x@=AY!)WGwSk@e=5e#JdY>#0# z)B*AIi6S1;d+~^4xCP6ba{4$_=9uxa(_&?2n9N~0%!_|CN7P!&e(&*E=J4gaL!LSH zBwnxeRqRVCJadS+qIL8!+vw+)MUj>LT_>aWF32;tuDeJ>+iXTHxxAzv7Um=mXJQZf zMICi#Pr$oDxYv5IPq%ou7o~_h?F+QyE#$e-?hCBrZ7^)X?MF!aOYW;J%Eb;1;pq-c zqrf*G^68E(G16!s)WKHQ0yaLd7xk2Y=#A;y=MwvH*Ln^MNYJtVuNUoi>oxlN^52N? zaChuKVbAful>dpIqyOIWN&j#6U-rKoZM`?zzqbgaF6PMI{dn3d^4M75yD-k9??HP! zW!o?hgTJQamH?O{kt?O-MBrO=wP*9T#n&1=L-NOwO!+7V0|HrGZ?! zq?`r9EDVW(sI$*~*L@$Q8z`_hW*89zmuQJTav;D?qi{V|xCG+%wQw!$dTWn2NdSYT z6ujwAx1VUUp23W4#Cot2WPb)mWb3M3M$mr1B?Xn&i(*1O;D2h9Te0G<&GNo$ubBBC z7EruLoXOU4f5wS}?bXLs81}o?;>|U=+roe7mLxS%S?0FSv#Nkc``EAbeYF6x0B}%Lz+5JAC?`NTv9xrqP}GKa3+CDv8p3! zi1{OukKCF=4Qf6Zmi7i5a>r&y>E9<+hKJsis2-O6EQp_m`LA*zGHGgz+9X>aQxW^% z0wgz;`FmF(=iAB>vJ}x55x<8l?M3;tNW*r1M)QZOp{eWl~aCVuakkvbAZU zJp79LJ2=uiSxKmzmH06@M7t!3It}$AjH?JYfaB|khLS+m;tc~6m3u)t)wIhd_A%nN zCs09y+0i+i%klIWRMb)+62kW;6#H z!xf1i--ToWRJ^(exDn2O7p>1=a3fhfDqi_-I|?4g89{C3fW6ZQM9Nf?#_sb_>aIaI z4RdUTbfP^`zu$0kbd?kKUW{JNj=YoFdQyvAszi7dD4+gNyDzl|Rph%pw-OJ#(CIHh z%~vd3&v{AicE@%3&DHLTY z&1-_J1SN`DRx*rewANIu`hdBz@&o%4A)*D{^J$>OKe?_WHcHjz=Z|(c!jzB+xWh%O zcW%@*!smEtgi3kr{;fT~y7wdqDEjp{R&Q&cjm))`3EGX_fEV&yueS=kNRNWFYev}U z+Ab2NaB?YB3wJDzJo%D`WJjd>?z*lhR|^YyqDjeor$ zRk1B;((ra1Zp;9>hct;>z5Onye5e7Uya19y(WSEqY*w8`bLp??Nt z|LP{pZb*n?cCH6A17IZot>Up9#`-Fa(dV4rn(v~I?=XUq#vU&59uC)t8`>DH{i{U4n_&C7zJQvlqSV+^n5@qkl;=D47>`5-9Pta-L@(VAWVNnF=@R|;4 z979T-okSkX6q{-}{j1q&xSICVWrv5kq7~wCJ%a2sOEw;!f1Gmp*aZn}E_fB&jBFO> zYp41?wqj_2FLR{3Rcg$j`Y(!-w5d8m)zYvlLOKY&8Hh5snq_oh!-QJZc7~9LZ$L_i zr99JN)8w*?P^KrEQl>VuNGiV;{j0O8tf{d0j*V-FL%4Tvk&ttQ;z&<&OuJ|<0wk&KoU(QUvGPm^Zs&4vrA$)lgy&r zZL3Typd-B7Wza7`2CvKtfoc?jS*NQUY0QGFg5cBbKkE~9ET4>8!6dYB#MXX7flFbV zU`xa3*JxO^1lkCnZ3(&tJ3WKOnh^_jyfn+S>MA9e$s}+cXDspJ;KUeOjfl$kz&D!) z-5aNrktIw%0l`;xzACtJ`}@2)AS+OOD*-di8C#Z0&_gUb{>knN%Y0y3H3?22SArxA zKxZYT(c#!C`QFNJZ~+(n1jj}QFM|pHYUU|Z+IwP4#Ym;$bm^(;Ym7a>S;tTF7Lhst zm!E+oohGsr07#mWOSja8Pq2%fUeRZ`*~zxH_nJQZkmi?q6bYJa-NgCZBZ(1 zMFCe6d4Mq~ith+pzCGgZ?x%q-xKdBC^-jRw^;4uR&XgitQ~t33YybKALfouXBQWF;KRutD znJuj{Ecwu5Na-S%>t!c%R#Fr$A@9?3Gi$b^^B+{S1X-5BC+rry7q8+e|piS+c zd6dhmx{b$1RJrxdHW&AotkcEaZ^P5Uqg^(U*sj9sBq`7SfCOHf z_x)iB%P^BsddYpjQ}ZE1(N8+V7EruS;H6fx|Ks~Iu{2-h$=UPAN3!fM)NGPMjhXaHBgB-7c+7@dr!gMa2#}tim6~~M zp^0Swqd0bv%CtV3fjZf`xnJH7e-XgvUTzPDiWki(bkZYKP=}YTjZ_#^gL&v_9C`bIwxgD#qySre|-h9hARHwd*kn9?c;?^>6DLX4iG7 zG3*Vh;X_TC%t0IG^wg7Gm-HD&2l+cCQuV|!WiC+}$uYPl&kR~=(Rf;|&1f_h9A&ce zb>UH8xtoQ0YBq#&$VW(xr@*lTE6eqm$7zg_x~a#cTF}xrkK@5Ub&|5JXf07YB`YI{ z+i5Zg@XsO3LkeMv zcJyL?Oh3J$^Ay7Vsi%?IPKN9meSQ7+!Ss;RPWXkW!BXYB-q>)Jw;+)9l-ALF5ovu})Z zqdp$#WJoyMoU69!(U+t%Amo$|(Rxk;>mpOgWe|LH*Gj_V($L~~SuM5$PpAYv6=Xy2 zr*9z1xM|OEIOP(^qJJSgv?)S1*_R$)O$LV7b-Gj3S~^9mELjhF!#lPYf3p@~xs3n%Y`M&21b6bLKLwT@EvYhTzR zEq^8Nic|G6oeWYkp(C=O5>&sbEBM55R_ZtmSw5$lx;PJ^02bHH{)(rO&scuWOWMs) zWs$qCI0gFJW9A>Rxx06?-@LkoewZ*23ieSzq5ouJw7|*)65U2*<5G;n(esw-uLciE zts*95lgfW=S1BW%I7dtpEnE9Q*9--CM*rCtoQ|rl@XY5%sdDeGlq&2F>_~35X_3U7 zZjZVn8kVm||4ARvvju8#ciUkE)$!wE^c!T0*v_AFAs5l&ozUnRSe9f%GX2pTcdA;KxCJ%6d+Xu2+RZQcp~>_?=jbT~Lht$q-__`BoVGy67d#?f<-@e!h=A z&uJi7B4xwsZ)RdS;!Uo;Y1ilcQD%oBn(#uKVPrC}HfwMyHNWg>s+HKBY+x_U4aVY1 z8HO^gaY4g|2yo#84qB1Dr%%H&uAD~Jl^<-B@`KNGzRr|9ay&xT9a_EH3uN!cPa(C< zqfYEp8;FMWff<=q<090yJ|+JHZr{MuZ0obkDep1!C_H`Gi??&M@4BihHd$rU4v+KT z^-02d9gJ7LJkypQ=k*VhoB=8GgA`r2o?jXr3I52{>aemBJa2;b`c31WDJ#K+m&dA~ zfAmXl6vnkAt(_c?+sM5OeqlG<)4Po1gED54#ZCa;@I8q7f~uZAkn1@SaVS>{m)#uE zV^Rb*NDcZLXgCt5+a(%=mx2r@32ee@#ML>QgYaC2`niA6pR{Nh8cI6urE1QrCH9Dr zAZ3-|qEA&O?n! zQg3FmM0UmRZw`V(8%hmS{V5<@h^6o4l{t>p6b*v8qWQN;E`+}{2MlHknzzBmIsU2PILlCfcxlp z7Sp|1bhoAG)c+2)q>YZ_a#Z+X0hh5nmc0LE3H&#dcoJqr0(5?f+-m<^M($ z-SVa!xBtpsxE+&lL*uR+wY^sv{G0ju^=_QGlQRLfU9b=ZB$OI(j){BA6vv(v$1-xy zuC4~RpLU+*2gbF9Sbk`SRz{!rG6iN917?ayg1s)}aI~Q3YJ^x_!*H1q{Dglbz2^){ z1z4Wzw#i!m-mZ`NzP^Yg2lM zTl3~Gr<6;SMl^Fdoruwf z!t{iKHjmofyLo^4 z;v<C8p!ny`(&`>zpz^ zEVFg2!~^}c$Wa3u0iDD@swxK~q|9JwSDSv- zereTBGW|kD>ZfI0(r$|}4oYdZ8dHrfMaE54ZUXNz138Pl;7L8GQtl4RA*<1a0^#V< zjtb!_Dpi2L*{zS~F%E{|o)SthSNxU0`bE?@(~^7=##~J8!~;}$2CuW8ci0F_V9o)_ zB#Ni0O?=z5`al%S{m(kJe=C*NOYu?zeY=0dl~wjT4+SgYLPu^*?476WmmX0{D{HHm zkk<-Xn3W#!Z6jw|o(EUNn~;s8zsg+P1Cs@#Sw?lIi!~E#Fg?SaF-byi3j!*n6b_7V z9l|-!@t4TdX$=9Wk_JfDt%bLJKFMzcZtqI4(xVApKEz773P-Od)qvL*@UrDH4pQd8=n8frSK;6$N~w*|D9QSE z{+5=TfaB>)+cVBkCP3MY5n-5a)!}>TH^dgq6QSk}9TN%m=AWk!B2XTrulN7Klg>)#+L!3;wAn`Bxb8?Zusy;oRj3f2if(KUd z68heHeQ)S5&CHIYB5!__O*pKFGa_N)usi{>+yn0+7SYyp5xfB;k_R7Osq9@qkxY|} zmYSu#E45Mwtp9dyK6*NqY^p1q7hD5;XYuzyT@U99m$5a5OxMP2ZOg6pz{D*G2oZKp z13Uv#aiWB|H5!6wm6?>8a9~2MDdabu7X9dtSE1D(bt82UNAIIrg1c|bt4iSZg*h$j zQB@rn?Z0}1TSUsAUUZ7@^^nXv{RWZv%q3_qnRIAfa{eynH#FClwL0qAXEQuhxO=F8 zbYix{UVpN9=@b)3#vQ~!o%%sbIA+g< zX|odIi~3X1vsj6+p`MAOc>8yICGEYrkRaZ6@TSOQ+btg|-d!?lx=VD9#SD)NY@qfm zboxD3dXg=jZ2+K4xpT=)jGrk-c%44hzj{`EllA8#_%^e!)+Cbn&{V(l-+~y9jW2 z$|W<63Cc;9v5lM>VOvr*od8Gyd2<==QFB-m6@@fr{V{>%A@tpaSy)He3cHuB(f&MQ zgmfGxBbd_3uF&KeXmH_YP0HhB*W3~Pc*P_yDmBpLFtVuzO zH$X>GqslD`9k7Mdv2bQl9qI^HtkcD#o?^% z>qNcjfzl0V{?si#YtLk2R?eQ8$cD@0LQ=u>`4tN-8lYuOlPR^2PveWAd{5a1T?Csj zzmsiBtSt7LP20a&GGFk0ectCIZ-(nd8d$I>A>4!_i;W7`1=UZ~IV+U9vc$k=R!|E| z|FyE_-gJ`Uo7ngyX{%3>aTP7SVH>*S`}Q23Mh6Zvf=ME=NGXs|(mjSZjS*R?bI|ec zr=iOliC92`8j=_N#?2y_r8O5%;Sqn&PEWmWe_`ajj8d03S=ni7t4yc?@D^aU5l!LV zcAukjhIF7)A;*-@bQ`VJ+f6&H+q5D?fvFZd1$RiQW>s|oa%B!{-rWseerc*aV1^{9 zj(jHqVdz$?o8F41n-^7^bo_6L@;8R$t`%k|t&Nmm)hGUT?yTIsr7xV5jG<_uLSl3leuNT`DrCH6ty79U;q^vqg z>c;O~aT}9bfj_iK6Zn$bgocgyQ{Z(eaOV~0fu?B4;CpWpxnpiym2(~Y_Sy@)VPeM4 z63Crn5a2Gf{(Ic#^FuDXLiyX6PE($h@}H1Lce_{&%tS4*Du!Oif9^)>(*u&;&iHwQ z-U$LU3s%o72cG2w;;v?bz!4{2 znap3MN^ej(i#6KwMVA+UcHBbQ$GtRYNk3Ho(VrZOwC^Zd?`VVKE@XVnM};+ST6L`I zM8Y9qwG)aDq){B57*-Bsw~cazO2zBp_k83U5v9&p5|uwMuW7OKlTZr%0l7p}Jg_@p zi>707L-aZ;w=;G+-Av#k2R^X3_mPj8gpw)gETMRQyvCKTH&dc0DK7uP8!dzS<+Ila9saU3H>eSS}`?Z!F6 zdjkSfJT$_85+*y5U&-h zDvslTK($~QjkiY*2L4>#AU~q)>(CA;yW@~htl%2-<_paPloU}L> zP295F$qO{~G^d3Mh!j`iCEX^TBXfMQkn5ePSU%V*xwYQc?^c0|oMm7RNOvRVjr`iJ z!HPMyGUQYebvQ+dgWy!{jP)dom!~_0R(NwQJ8UXrO~s$}!xn=;K$R1v(#A|{(Rr%7 zyZ`;$YH&BIXo@W*F+K?WW?LG^`i~ZLc{Q|yxc0lqWo&oH5-MJkmB!2 z(K}G@^^&}*6g}IWFjKB|2da`7;SH1iePMO-seRwMtYf`ATzj1Y?0 zjsUtExXUEr5G&`KyT_TM=DLMoUfFOiTb*6m{YEgh=*vd_R$_-{wRwrd%`BTJ-X-S{ zb=OsnUZK8@$c@w(lZ*t*xuNeOidJjJ3sbOufRq9M9F99vc&$wsHQ2D0b0nJ7u=W3Q z3_7*U{PQpmt`e1HN!-f?j%Ku)zdZdC^9)F|=}b@LYO0JCD1AP1G+bLT8=;TE zMz~p`3X2JA=#JE(y8>{b;x-%K-sDLC4hFXymvp9$jXW{>doYPLa*wkUCUIm30Z8+H zUuTr!@m5vWx?QdQmTa?uS?0sU-7|q%(W`^_foS}>{MShW#Wg5eUo$7+Y_4C~23xrrm!b=IVknN*A3`DtZp@UBeNcKUWS*?zk~|p6tCPU2>sX+S*b9M`P;oR3jZrA7V1n zJiXe>F3ZK@SLK|5Im#r>py%d6CDK@I6hJ|&rjNaVYj_r9t|UXr%8+C5|DD&XL%^r0 zgIy~qBI(MdSi*a=(n|g`CbOo@U0Ema4hb_-a%k(>lj}{!Ua9rfey43Y3MX zpr>&Y!cSO*-S<0|3YY(9=WX|JCJC*(UcaK8>H=}q7=i%PGpO!*E3DxEp>tW)%KS(4 z4)68N*>L}wB*|F@`#PZa)BeGI>kE~e;1yRs(?3CXdI7x_h}89+y8-*-ht{R`I@yzU-MB64q|f%~Yn&UtB~(>y2#g}MYLae3 zUMT$8v7eCbuyjO5 z0L~-TWR(%Oi%W98-2z0t=X;Hf)vY*Yi?MdmFYra&xx^eA_Uo8j@pL?pc&+LJ5YD6K zei+-vhV~LlvK+FE#AN?9a)n7>9&HqrHRiR-7^B$cOCogsT=YZd12OC^d%rNEdgS2s zVW;Jx-KEbs8|N9%d#zT?DdtoSM5&u~NZERO-u7OXdE$s$ciOX8o182@2sbr{-F3@n z*>HGS&s`dPAY6k7TV4T1Jyrg;TH^@|^y!WrFV^ks>dqb`d5zZhfLGGYT?6Z}a@LkA zYR@?TEeHQ!a=06fbs%Rx2I$q({DYqg6A1h;Rnq+8+D>EfRAZ>Jbo^KI(r^6fxv>>{ z1yYSQUl95T#1!9oZu1G1@#GER-_bx9_Ycj)aUrZ1DCnQL^d;<=>OT$sKIxQVs*lC^ zo#$o`8`{)!hXqXljgP^EhV~L`s6J1T+zx-_9-a)jqK`5Vxozxh&J1$Qt<~icW^c@X zu|hH6>pb@=;3`;pkPk})eOG+?nX6;&l)3Ghj^=%O9My{E`R)4O|6^@XBy-C9CpMLt z%MtYz0NTe~XEyN~c=iYL=bl>Bp&=6!p ztB^erWwR$FQ_w%wPURy%)yD8#Dknd2BAj=|Q4hxcr`p0dT9Q@TpSLRy!VLc zozM#Aur!ibay>QNtINVk`HKjitQU(IPsRX>Kc!&!fi6-iCi*W9M5jw3mdp(|ttKrv zcRgfkQ}s3+0ioLxG0DsZ3MmP#P80jv%@<6%9MP*s@Rb)NK|ktua4OSj5`roQZMJR4 z>}?Ta053YUI-NgukY?A%MKyos|A(&1B*g5 z_8nRS;9VQ&uUjGB)9;v}la<2m4_(LQ_iYK1i zooo)D(co;37ItK&`#I=z9aGwFn$KT+M(wt!hxHLOFMy~nNr#d1H?nNj zlb{x2jNu8M)ryuN7b;erc#`Su{~w6Gk|{pl_*m4|(oZ6ziY3L<(ys*1d#jp(Wrv4GZA8Hcls+_mu$a5XonM~|S)f{OBP?zT5O}~I6CEPPV zRBgz+Nk0&X28+~&I+ABL_vuWmFukH+MM7BLk`JG|4E5N|jaMPx8uvLcYpB}0;^~KRJ zD(ZX{=*+={1lp)5&I!O$GebUUI?Iqga{xI1?xmkSSKJc zDW74h-4<@{XlTnp^e9Z_HbJ&OV?gZTnG1jBP6&II)VhjaXXi1&iV$hrB=&0AiqJrB zhS{jPM#Ofqfo$82aH2BcYu%^&JuWzhhrQQC5@t0f9O{J2TudhqWHr`)xMG^qP)CTc zT@o(Teu^j7Gh_A-8*9EMhO*lh4lU^Io9Bz5ag&F{=%yTs+)47$dKbCs+WIR85w$y} zpj5>BoeOa{aroyWejG#KsN&CO{6LNGIC5u~);rPc2S!k*Ronrqj>nZt{Z?od#Ue2MajT-W@}I7yRKu zgy@uk_+p4`5o)66jmyYJyLY%zjd-nNx80}nVOQ_UCqIV&lRs&Y5$jlz48kMYLb#

    9?RT zY$k1%??2M~XP&}y7S#kXD@6^RPuTz2{nOAFKc4>^LG3(xMUtj0suBJ8|Er@Q7Z%la zKESnpu76Z|cE~WTvHcL(_O7Ri%|U_k0c&H!>v*znhAIkWqoulgnf^Nk>C9Lw=Vv=J zciSj<5MLeG$&PEmi)Hrq-0)y)SI?E3?39lGZvw-nsKZ&s)=s`F7su904czTkh*~I{ zW}jL+pUVJj^Q_Cp?xzR~e76q0Ds7}Kw=A9cgH?_tH7}j{KdW);652Y+zlh(tqZhXS z-`?5eg@x&@T1{(cRbJCa&*#!v{QIcj*X1g_#bzRbN>TxDQx|9iqI4%@tTGvl@wr-D z4aoTahdUvwy8MUlXV&=A;icJnD5lF8^+y{fd_mpnCzuPdW|Pusieyp}%BcQ`aBcCz zd~B9=Um0gcACLseCNi;~^-L!S%OrTMcx7X(3hd9ys$g#mU6BZQHh!iEZut5B5IV&ntNDldkSh^>J7Ax>j9Z zjSE5z!L3z-0G>hk8`AX!V7YIR$**r$fLw^@w+88&4~$mt4O(I-S3IU-lZHEPde}MI zm~n;B2n}TIV+yyf=p_a@*~5j3>G`4;R=G5Kg>{lj%w@d4pZnAMy}OFDJkLh&N_hyB zZFqQNPoa%CB^B7WOkh*wXcY3k%r)C7&|4|`+USt67wwyL@~S1!)TnaD_Os6aFY}yj zgj23+SubK?RB?Bv?29hyRz8RqUb$ze6wi;#mB?D2i7_!=V~utGh8dP<>}BoX$#}NRHY{+Dla|N^((A$$w$XUD8@AYz0O*@&ps(j zPt!)%iN7IevLZCx)*c~@j>JKPYxSvEi7pR8yL_jJ&(+jXBCAt1Zf*S2+eL_M$g0MM zl6O*WLLtls$2(@xf+2b>0i5I|hwg`gAHS-XuSI(IIW7NcMk#L$sj;emnZ^Zt4p(nV zG9M5R{gUfGtsPh{put@i`qge^m_>-ug#KVOl7ZD~hTfQL%8)QRaC|C0RBv5~#x_>( z8FYbGEhjc;WW<@AOO(swI2NqxsVR)T=u=Y%tCO~kjOrb7v$#{))%8+*h&lvwPtyCG`P3+IKD?;OawPU8$g_#S(ByS3fYaoFxbD4 zHthaC-1#5w{112jhdckno&Vv^|8VDjxbr{U`5*554|o2DJOA&&orWvN?#y{SW#2qi zja%NP;8L1yYyab&=ZVx9EXRb%RFdRo`~_oMSJRelI(iV=SM%UU!Wvjo7#crZCNC1+ zI?Yj_scesD;q`PMb9Y^Uws4s@?Bz@N28=~dn`zPQ+|>CN^yk<+CII%NH7GuGSXc48 zCINm?z%EM=mhNY=x{7^Z`X=qgZFeqIb`5@Fchzo&u)5JPU=&Bj16Iss3#l`yj6suJ zC0c)e3{WHnksbeZ+7j<4f7$mdf4Yc=y9XB2q->(gktrcmGJTw~QCXt0*uHXWqknpF zehUQVnDA<%U34U6t^rqy)C`M-KgNPWy)6^pCB57IHK*^lp4zoqN6i=yw+WUu!whX= zeyggecV?>r%57G))cIlZgsa6J(POlFaPt<(?NPaR^+1(!TT_v7xAq>uc2{z~Z9C~JD<BL2iaq z*&65J&)lmJn@oy!OB88mHh&*ZkXXcX!Z_+lTz20?mv)JKAZ#|<7gHx&O;qm~3yh1| z0{^L?KcJ#_BwCRb0yb`0{6*HCP31CUUiYkC-5N4@7j3;Ip!Liyb#WeIJ%y2P?D6y~ z5^vS+>=zP;ND&k{GPhH@+X@jwz>8fGolokWDXu30HqH-c=L<)3Oeqjn8AfP2s90)l z8mQtH3EyvV3u8T>C*PmOMc>um-EZ%ANB)<+K6U$A!@iZp-#cg+p};g=c@MEeHSgQ; zp+*{!Q?DYJWNz(GdNlh#wNZ?%1+<=#Vm1q&Ie&@2nnY*Aq+t*qY*gZi@Y|8!C8E}BBoPqgYfTpR=Q zoPfVd+%N)+#VxC#B=A^N?t&Y2q%Voqfo63y0+o((lM=c;S;xcTv0$0 z&G3eQL`hP5xLi(A{I7UlBZJfLJ1t7fd)#o2PxLry3J4i?x*XPMbY>~mAc3QXxVN=X zY~r_Av(}mVDL=X{d8i*D zg&D3C{ld!OH_9Q}d|oHy>BC4=%T|%EIp-Y$M*#gDn_pSF)=ko6EpC|FumO}?+_WR0 z^$iuz{v?BA5GQ0ps@+H*;NbZ8FO|m7OzhGn@u#Ejp>gHnr|6afd18cK34_~~a^uF? zOKGY5Fk#9nM6tFUxK{OQtD0<1i_eyZJSVOa0locqc>U9!pYQ<8dP@@Oc{OmC#p8*f z^>eOsvOHNaIqsEXfF3Mrxjz8;F^oaJ$3p9^{>A4ck3ccruj9fe%$Knk)mOv!l>WGr zAmV8eZL=ZYdX_Dn9?P4C_9w{5Dd0k2*y=ZBx!-a9qH<1oZfjl z^yiWsm(tRAzoX3@uW2C^bG;%E&z78?tYj~~QbVr}AqexGSMf|uvfAIra?37ok?9Q? zSEzLY^(TL8O4l`wIx<1oFpJ~;BK4K?%4BNl*F_NP0xfsHF%l}`a@Nw7j#e`Y~vcVU#!RBjmcZ7GCb-b?uC;e#VPRWs&~+~%re{ck*1W7k*$!re zJh(65`uki11=|!KYqAmBXPN$8Q`EUrM09~M?1&h1G#pDxL{uv*i|+@(lfK1D`7DH& zSYkN6h$Fo>g%dUiUM^Bt{<;ObgffQde6Ei+k|TVw`4$YCz}$Svi=B`!9dPu))D>rQ zUhN45P1wrXd$QhE%)sXE`(?R-xF=Pb{mE&e*uNd-{U_0}Uk;migOT^>bZaE)QaE)Q zAc~$ZKz?R^^4NU8c?IsI#nGgO4t%6RUI`P zV?mbTM;s@j;s%|bA=O~0Wz6lN3nmJls@|@Vr_5qLIfRMe!ko+{!!8EXyq?q0F znS3b^#=2rctq`!HB2F#|N&%LE%hmQESQ8G$GqsJ%CUO7rfxAhm(LHg8k+?$({OwTu zeKdLH>1dGYo=)>Pi#0dE1VX%%lQpMRbv>~L2!%?+E`iQ>ekZc1^PjE3*5E--Z^^z_ z-20R`kQp+X+!fSBqVZ4Hd3RwRNFHlt7s}~%Z zIuBN{2y(}0)L>q4jGgexojnH_=Xf$A18Dh3HkCh=DWjpg{_v_o!*eoRTlv}|RbaA{ z0V4Y{}Xu3(|@-DK!EmFEYm0LGtC{Wllju-a8Yly6&D) zo*D$Nne7pR8ps}IJ5YjlAyZuBU4`d+LjQo1_EgCklgBC)w~oWz=tZ#YpItXP*&wTQhsH8=dgfm;vewo)s) z8g?CDe{^-gvdi&EVah5a54hfi<+H2E&rteJ?y#J5`Orxnx=;ZMpDD_TSMzr}F$%kj z8w0C1z5QP1T){`&6cp`NZt7`F=n~JLBJS?~xZoK1_X(n; ziZd7Mdz)B=a4G9lH$fQl&;AlFX#^3WRS1Uyt-7xR7CbJXO!N3I0CRD;%(~7~_# zt+M3c{eT3+zLe0N;47%?_oTwm{y)FhDXmw7C`^Y`35m;J4^w(ZtD@uB^)l4$Ag!g=ttsm%}ws)vNAVOYLVfC1^1=C<8dop=jM-<~3Y|{|qGMJq;Ed z-v7Sl3q3ky#T4;J;|1CnKfBAZpc8o%^p5MMigE2EXvU6xDqDA|^r3FT0{%a{THyce zYHB(rh#gc#;I()BVGcP0;!xbBNm0~Z7JJoi4NC$w_@WxY%0s_jl47Fo1cBhz1jhY-vv2 z-R(s28uPt4-Fcn{u>urfetb%BNqB+jMq9a#tcaXB&HS@C0aT$ z=oLMHa3xspjfG_N_X|#VvH&U#HF@M5DoBEFreN%mUv8Z+s$3$VI?u)^bkVO8PP4#R zH4F!ngJPiu7(Y2H&$G8Z{b25nn7lPD0!0-~@*!qJ6@p^olNQ$xf)t~dP2 zOOmNap*y0*D+LFAkVxVQ{L`}fpv`+9$RWLQ#?b9PB`Blgd9b~$CeRkFX{oOGBb?!V zb*1>EP_MG0ny?Dy&7v^>=KMjWJjy&t_JK^XgLUxYdo67$Ls{%fclE`Fo;6g!+2F@Q zxym~!EOtAThFejT0>J)+z2d#^@o?%0b**wyDK=^|W@57B7C{L2{)hj+UT3 z@hWoy)$_{^8ukKWbq|*W=#~Mob6GqUy=R!inQ;}vcPw0KcI?x=DCQ<@>V%f*Ti=Ep z{JLd9(W>k{>$@fkxy)CYAQnRj<`7r^;khkGfELzBut$=y+GJZ1a_WFBNG-uCg-y_M zhoNU(660}CHV%)m%=l1wyLFpxy}0F%MiaJ!`-w4ynXgs?^GkwUI&)SNQ` zeOFb+2u>L2p=C+{3^p*`k-x&F_J=}Ic9RY6)Uo`r2#^fs8T@;QgniHLJ@Yb?#UgS7 zwGvfc;;iuQjOvMQaJK^dB;&2}pBN<8|TK?ONnwicYtM~_>*6R-b;(@yT^*dUPj zi}jGQJp2T^UZ~pNQ{Kho=UcW$5b#9pNHVrGqH$=QzqOsectA~klF6c3?-7|H9{9T|yDlT3?1?G+vMu+58wNM#V6 zC5-{>+dF-cnQb=z3?^`^mPpgs!z%aZb!?nX@D#{(iMXOU9Dp3R)z+!k@mnOww5ody zL8e)X*)^*gM{E7~wd;r=CtLK_MM5?U?0(zOYvtPOYYv}VDR=pMpDB7X);pM-W%JNf zV?AcumD>3JYo|{GhA(x`kPWj>`&wQQS(kYxtm7fs6Pzma9!B7Z_me%hT)}S#U3h1Y zxw65)vqk+RrOQXyz-_na@WK)P*$uzV*=$*X;8{Lwg7a>Eape!WK<+LN&m>G`@d!3I z`CQqYce=mtT#-+Q*}z}??MHH!N|N0F>1=viMUyrzOt2Fwr1xmV>W$w>MY_&i@nz1- zFM~Eo7Ig@7XHz=c648MI+q$JE>(c+b5~b2+%QPEy1n*Td!%_~f;FmLYc=c^@eVMZ{ zTqipB>G=ht>Q(-?v;MHK#KPR+YSF&U&SKadd4$8wz2~zGl9&kECUO@s*LKSH+223Z z1qeAw5-91AbW6^5NnU~+;nvBqTi_wmq;+cSRl%L-x=B4P@jmBjlq?k?4^?^tc&cem z=`H}CSYDpA-r=CO?k~>@hTf?Dw!L z^8!qH4T>&|eW2S;R1Ck2162vS5JAOxCaUFd{4_JLsdR&2uU_i@NstYO_Ah+7_iQ`L zqn2~1T=SvMT@YW{wfRT!CK{{V~ADrG8p} zFVIKlTSmJ@*XM;`K|do7AwX+R*t;$k)w>#gXVYd_Pcq-IB|PLw2b*1o6rCT^nw_(x z&vTS8vWcQDXpdJ9fF?@c?N3FuLl`x4{npsL7}QOAEcy7=k5OX~pPC=CM#@ToRbXRo z18rz#T^rn)@sv|p(`3ye{6vV1dLm_^hSufJ(1`mDV(Oqo-n_yDh*y9pwm>;6y6d!q zo)tz9xDxw?ph`ams|c>|BTlVAoCK!~E4z|f#}h*Yd-yg#?>SU4BIV$yV%_lxF-e1D2mRV7qoS$5Z* z>6K2!ohU3+8^$5+cQO`aGGsi*t2rPv4(NUPr))FA19@yiZ#`FwL4V)w!C z1=`{kdbv~Y=g;2Niw{_JzUh^FT>IQgl*M*x2;_v*gi=)5r|b8xMO?kG-vM=-f8T5g zL7VWD#T^2tNx8mShv5Ch@pRXi2#qZ$>nQ}0)yS{A76nAlXgP>_y!cg#PA60HAvJak znHsi?LEe)WFOm^YXd2r!)-uAb2m9llg;-V5+dV4kDC2RwT`VlU9)(q$Qh%CL;ZsP< zQjd}AKHe7?4vVXL*mA-&{d9_Sor z-gHu9b~{@a;Y~J;ohivO8v+>R)Wsy*GGaZgT#?U2Ti-Tz=Lo&KJy!dz46g-@$U%og z!-crdh(Y_>uD|rDf=q&XX0c50c!K|k zb2neU@XanB?oyXxuVID@h*v2Ad{9w3loalt`oC3}!V{ivKldYnSA|kwrkCJi|p!U1-iU=z>@~c+C0!uuwoRYQPEV{916|ksB*I zog7Yg1*L?=`ACHoqck0T+1Ss3XXot;K{82nqg7!Ck8oVH_^zDwvD(~~3!PYFwLZlB_uGUQ|2D6E(jN^$f%|!C# zYLYSbgW1{RK)b^$+phgTbKRMiGBI1oPQ~NyyT-7v1QHU;V2Oq7H1iQhAps@}%zeBz z(_^5G{E_N|v8LtBVW5GUUfr_NiPFvaN5Srw{j)h#qQMi~m+&r_E0y-x$Hy`+C!Wk% z*@T{mWC@We$KvNZ?^;^3=GC6v73B5qYXvVXx0psQV-b;>-G0gjhX^) zeJrL^b&CHmcd}gL=>Y%>1KUNERtZ@SQE+y4aGBzE1E%D2lF#-5ipm%;QflbFa(E<` zRc^H5XK)gk{1fP=o@Ih5lPJo?xI;tgIKyMC=?r8NlLnTw%$4d+&s(Y zGT3-N7Io!ha2t!Iaz@?;zR`t*G>T23DmPBAeTBWECs%oS>bet$RIFbp&rKdK)CrN} zOm|cL!tZY%wvK@}%(#TDE4{Lt&J;6!syk>^0ta4=@xwrD91>j;f0p5fn-ppAo1M*Z zN4q`h&vbf7N2HW#5 z*VaueJt&5PDO`t>SZ!qjbuCc-%wS!@mq(Y-nD{QVd`NYI*!8#A!g+IgLT*N@f1`tx zX%Q|MLE`;y=3J-~y*6o#HwGVd99h`pG=OsZdGM2!RvM8hwIELP=(*6>OOl16eJ1}x zGcUi5MDAI1&x{g1s%enG$TcAC?Xd4s(_c-{7koj}4dfwpAU571A$o z(gSc=)9|8^t#~NcP^Nyz6mV`FCC5-6$8Qkcjf2>-z_A)$mzotQz21;`Q?oX^oa8V_ zb8b+pG*d2tjau2p6Re(*+&HK_3m}q0C=eXwf3zWUY^|i)w2E*jnObcC(MbgzE*6GmhtAV8H@Gt@ww49l&WDW@B_)C`huw7Kr2j$jOu%< zcleWO$-TvL3G6X8%M6H0e%rT7fW*Yphr>ZH6u5nLYyMaF{yWjaaMeAlX-_IN#w&3F zx0UvK7du@zqaKh+y6Q}ORbSW1EdLga1G`nbtY8Op?Uh|mSRc05%3?M+H?XjCqfCXw z)RzNRs&bY4Ue_V@{LK)l5b%5hdm%Q&THchhDeWBoLN?7NvX0J( zGfXDaz9*T1xaPdbN4#>eRFWK-&O;>1pV%rl#hY*!L%&~;Wz*_4#5JmrBh5oH4mY{RM1>pP2DNp`9M#$0bQ}u#nfM3}XACb! zNxfP;K$fW3R1e$mTc47y@@iL54Af|pg>cAAFKTw0)6^99=2ZGpa~E&`N}j)V*I~lH zCbG69B!J;e7j$m*)Co7!)3Nr%Ci`SmSbVionIDW6(Wg&%ZAiMRWHlTdlW`2bfOs#( z7o_W*>q|YnRKegCH$0JrEOzu7p)Yv&X|UQf=XovC2bfzT$)2#1wvZzOVIn0;A8sZ_ zgWdo|c78-hzzx*xjD{vmp6)`ZbQrRyD^mJZ=94a&-MUmA3^}X6H6hUL?-T^KL^XW= zaTiD^nV*sLtBp}8Gs!P2!8QZbE*ff z%vhz5Ue*;P*LiIOx?1CMi1Q=JmZAt$L`R61k|p@4nMEGUsxohQDDK_cdW2h;T|g^w z{Bd7GXz|2ERX>j4%SA^yzh{?)uQN+uUv z7M?i?Ip!C3{!q*^;Dz;V?kAl=V-07e55HhPM5^br;g|xplD$=yFYNFLaG9Nrftz-VRs)j;y_e3?6o;$ z5F_{_qhdSv&|Gu3odJOafL2reMNQqRr=-CgdK;ja`y(I@bx12Er95e)FZN=dg;4tL^839*l(Ev_| zyzEL5ORMC2w-QzHBy$OS^D`QV6~u`3X8=y9QV~p2V|D~nW3p7fi#BG5(Qyo%qGD!5 z3r3aTv&6Us(QAE4bxDRUi#B+LS)!?u7#7V1D_Rk`+($861zh4^_M6w#Cu$ygDb%NtUY7 zl2c7TeO*JpgAAL~5pTa;dVI)zQXZ>)2dytf z?u>F>V1ylY98{r#+9131NM_?-fI&*qf+;iikg=tqUw(jO++mhWkr(j+L|?zbvAoQ2 ztD9eZ2fd0bUreFSI)2v9#(vZErE9UUXO79?fm2Z&;?o!-q0r>opoTk=XlY`x?$OS( ztJ6(ak>RFC^`N%t^WQCUxWq5hbqAlO|fK5(4@6dSc z9K6;AEQh==4JQTDFu8o^wgs`bGQ)RZx2)R#i!qSg?y~8{0gTO#;8zTHX z#&TIzrXMktPxSVU7?!^rsJRQ)52?xO$0}MlMnJFGwy&HBkRO`_ePY?4Bih&YeSaHl z>t=b{(fgOP8L4^a zx;A1o6}Y;`F~P2>h+3a8Cn$))Xr+Yh;;nSYHlyjEN!E1u+HZvqR~4HsHDJtRGyAMT zO(9$jNxK=88TU+TfxQZt2u_CNgIB1$HDw0&9-sJLcDBmsA{Jn}|4o;Dj*~-q*NU2} zq%mJf;~Lv6upaGBUHy>);ls! zzWvxsax{xb|FLTIrwM4<(qT=-7bB4H|5W#d9(3Uuv$q{!qPt$0KIcpa0 z0288>T8+vk6MwK4xcA&pkYL(gHeT&)5faiIL3n0($RRBSw;EU(WBEtsulUr~cYa14h`+{h<86?hdJ(c0o#)2&89^WjzX+IE#W8K|@qb@OnzyQO zgstbSci?hid9S;;DeTu*yxejLz6H{bby6 zC~*u#{mXt(wu8wID0lOBf@LIqeHJi!3=!~oFImYR_|Q!_1HHt{ncH!V&t+s~M+Qso zD4xk^s|Z(nYqie6qnVDr^)+a;C&0&>5B{WrMo!qEBNpzgVtghd{#AAZEh`c++P6;p zZSgEkk&*cDF|_sS%R2Q%GuI6xDbOhY&*Op+bocJ~>g4%k$DoUY505YeXrjWCH~wAJ zcW9^3z7hdf5&tB;ZSCwNGcj}9yc^VI9ieIO@IE_PAQ)*?X$xD|@x!eND_C?>hH1F;{` z&w$0#`2YMhY=B4cPMi9{zxfmm96}*2VPG?Qs~F8LpI*&l3^mvGxptWPP?-y>)W7{* zv7L5*C0gVS3cydk!q|L#y*H7U;a8E0%2G;UXZ>>VwF=?Nyd#Epj)&mE<-Ms~!3p-~{!y0PURTd#+yNM*DEirI0#&GD!Vxgsfms| zz`JIKH&w2Kp3Vc27D4%o062tnTmPKnwMX^y<%fUGeMEx^HTIozYyAy50hJN(IChdB zQm=-)keUhjOD^`h$eN=$m*28lNDggpb9YCbv>Zox{nMPXf?!xj%kpLIz z^KYh;p~ZjO-^JLB0`k30FwZ>i|$ZpB=H+x*#0Tg%#!=dk7}jEoT); z2GW+OG0>#ZRATc;{4nxVxC7H%becKJRQNR?A6V8o{Zb(PBB-I;Q-%GyThp5o0?_%T zE+68$;XaCvDZWIhL({t{;b|_`+^6H_h;M@26cpsz?n{PMzUtlO+lh=}}EP{!E<2cSWbc3^gs zmp_0$JdjMJ6&goG$$3|FI5&7)C=bCnp_8J$a%8M^_gbtvJSfQOO$f=0ji_2IZ@Upj z;8?gb)mFYHORSh^>C4hZ@z|XJWt_7jPDMyNG_mvZa!#OQ`|qLcuSk)_^=bi&2SB5j^s#&NF(QWreD7TBCIW4?j&URA zgTK9TDJ5FFh@P+CSEKntD}cKQvr>sWgnw-!yI_2L5<&JypOdde^R+lhhK-rywyYcm zMy*QJM_-7x@ihPk9VrGMrE-XfgAVs*k)%b)_JAIIetXdh=FD|CFmr>lp=UA;HW4`Z zV(Pum9IW@Sba9LK_?=k)Tv)_=zAQnoY^^p7#U6^}Lm&H-0Vdg5)R+6sV0ik+Z!t&P+wAkImtdD`;tpM6eQ(X8^9c)+BZ|AUHH{j6bo) z2^u0cF^E+)Stzf3$FH#(R;gxhI^S$;E%2C`6qg9(OP!)Z(MB!G9Ro;NY*B({PL5Ni zv0sB{N(2GHIX3-GvXi7rg2!P(iBl2Ki4tjoqzKIsOb|`R2^WZ9$>Ub(!`pRvCIE!f zHVwsmeg6J?HZnfAX{G4!@t$c)ETSf?)iV8@x7U|K zFkegjeCSLTD{Et1v_Wab2Dp~sLq|3ip(-5in|od91^d#9SQ8&QO!{{4sn3$N_rIXW zUuxJ@XNW6yQ$1NQIyK2_Ivwp4n(eG&x14H}>aRVyF>k*;0(cD!CqmScsq{@B$NA2ygs}8aGNQ{&G7B{ufn+Yg zHz63#uN!oYioTRt7J^b5w>2%L=?$2+-E3an@VpPY!pKwaip zP+h;329ymlRD=sXwdwf*Z`kO^8-Jn4pHL(RP(Q4t8x2>a9eFXE3&*8hHl5<%GcATYf^Y1O*q(y}y5CaJj=a6s83+DvU&;;XX=nDj0G47v!w)B5 zVM(qr)=?)ukxrV!yP1|EuAfw0LUeKNi!_5jeARepqb|e{9#oHaQ`GM?31uVn`*X=s89v;5t?4$teMpp&Ow z(l7?9%JIw{7#)5m=_-mAXC z?JT*-r@yn$PMOyt6__1sN3HRUeZUC=gm=yL6M@S~g$HhGLt)-Jtqd6T4$H zbguCt{Vh@|4JcHl6K;lukSWvF8KY3shKweF=pO&4%MeucY$N z=4Ve^>+_fb74mZNRRLXzkvd z!2n73Q#TiXn&6F^=5WyzN3?WJS&QGSf7xA1>s@-eV4|R)ZFTgY)^sP=L?yp8k9@uF z2@*898z5$IkZrW31f|84@=m&0O`|Q?YZGI0zg711msaXza*)j7UlBJ`MWER=4p35Q zoTU*`<&&Q`p&}rKSQC!K@>3XOZDwl@k8{_#0=%8f$=tzSLvvt1yJM_jKATm90NA8+ zFIX|ikXTfB*$FE+FpfW-w9oJ3nZ#MR$naj@#o=I11!De)BpX)IBG z#y!IRwmGyGyN~F$GdyySuF6KURXL-oo13i7Gi(nO{i7b|w%>rny5${bk_WCC><*rO zyZk9T=q6j03f8B5j#sZSxA#aFqerJj>Gh3X?~w7l!3{^v#5yrZGTpKl9C-OB*(j3m zFyFE2AC66Z2UxC@w2hR0AAxG{d@K5Onsb6&#T*wz;rVxSf?Qyz&d6Le-DyTtxoE3& zJjSs?ZzFqtc}%Dpp<(m3*qW2_PYS(Ix=d(Of$S>Eb1}-*MLHj;PSgDwSWOcxt46dv z*IU86j}DN|PG63n6}*H5Ql-t}Rev-^=0Eeym`ueU@$M2p(IM#6Dah}gRQHx0e~+R# zM#Jsa?u$ES?H8!8cJ-sx*QL08%Y7G#VwQ zz@#a5Kpv?Svt`X$H6e&x@w4du!-?fUYmJ^>IUWHQNj&GUQ} zYJJD1${+o5B`)ymnF|!hfGyf5Vq@e%nP;O~XF<`uk);SNk7(zG(Z4az!<#XZQDbryw$mJl`=TkGOYm{ctjBAW=byEw#>0~`4 zXkI2PD;IjLJZq2K{`$qa45*%COk^%=3%D!*KAUAy-x$&-??@_n)aWd)${DXd;dadb ze1778*P4G4rKkn(IrrJNo!6=NTlj#Tb~2U*3=q^hqRH$atErDl#(0?eQCVfvYH=|E z-|`yB0+{(^#$D_4xpG*_b_qfyr$`py^~}E6O*{QQ-yU*UyJY1avAc0!BnJtqSg209M%(qDiunpJh2Xtcd{@ zJuci-R&(KeR4FFVaG54|=EJDI_Z^VgB@Sa^WXYPo%xGf_YkyC4RqA$rjB`|Ksym1! z9jN+j@$RB2b1+>%yr9q96tBDnxs&*)aEPMa7cl84OFq{ zwt7Bd4GksR%moe++B_!nrb2ymMoxnI&h1R#=LV6^Z2RPQamD)X?l;Z}z8xXE%4zXz zDySbtW4`6MD>&*}074N&Q(Cm3|BwkgI&AHVsvTHyW~T8yc1 zhQ!X;dl&Wg#=-XVQ^4xJYH_R|sAz5!5ggt2UC~@CHx4wyeSBJ_8Ih?g7<)#Fl@s!j9oSZM2UeQT5*OLW(yNZJ#lKswOx9J9f>+vc^v2|A19DQ)rl70hsch^7Sd-}4Atl)V2^2i16OtuZYCuC zRJhjEt>V^(=VVKesCWFM*1YM;-p%A&8Cg=a5YmtfP0J4_p`yO&%q=;WPqwSdTs2v& zMXs}y;5!p*5!moJWhwQpGD5K0m@z4;=9@@vtjQ+r31oOqE*kvjI~Oe0GcKM>Q_~47 z-u#xZO;g%bhP5TJLa5xZZ5RuslC}N+D02MU(qit)i|A_Ofh80|pt3aQfd8=yA9tOi zufK5Y_Oy4OLLb9wHocLkc)`ntN(xxA%9{HA(?{j5dC#uLmg=PmUaEr8F3)&m{p;kN z&L^|ES8$!ZW)X)$s=LA9?kDO%VyFZ1u@*v@F{!IHp{!uh42F)Qr zj(zAbwLq!`Lo}r~5SJraaT$esrYuM;mtzBaIVm}K(`0{cJKBRlQ)<@zPmR?cOI zigQDoS+2&L~04)Ph#79U<1gDw)T-krXiU;Y z-Ju{IXtv9t3!qHJq;vu0{R#5PD@(E1*!RnbD0`?bE^4Ed zN~6EKq&r%K_(X*XeMZi-;sc*e;Lh6$$Ck=vR9ZMRlhA;8=)~?4&+oY|Dq9$4D~soHi_eax%Z06 z!><{ZI&g;r<4~iT0*$wbKx&!QMDp<5<2mr7w#G$h@3At#lQd6Ns4;%9bczmDCIv&u z_e@3b%-rrkk7M6-K@F8i{tj#b;{me3{;*HXtsb|)f=wq-KJ zB_^fzGQ`{y#MjqU--ZQ@#~Tisz0}PyJV<8ZvK3gwC`vh|b}h;J3Q^3D)$pwH+~13& z`Cu7*=Q%^lc zJi)!fZIB+_%P3eKW)$|sOBx@Og$vn=3g&#_E=yK)q;gd8J&l~4(%0>*>&o(6Q2pDE z5{ulQ^*E_Guj70BM3CIDW^y|K2zZcQ;gKkBqw!NVcauvIQUILu!W_&5?~|uyuI4)2 zD#KZpyA@s<8CW(#UsB*tW9(M3VnWZ>&JKWpziT9vap;LgV=>2LL0#=(#kNT#X&0Ex ztEnrz2_rvxY}}2+8#bZerWAQ)oEq#SzwAn+h&sc}*FA=hOpEL_qs@A!iqgA&Uzmn+ zXyGT7L!6~OR6?MO!WP(=NqR^DC;Hgq{WA0WRw8kYcIxY?+zX^fX0aZ1$#`u$s%u&4 z*Lt5RIWNa;w7m+m*_{~peDmP$vsW}>}xPpbJ!@FAU0 znWSiQ`*#=Y_er5Px<2?B{gW22Un3)^#Z#FSkhwJ~UFA0|RVhcVPjIYM)A6&|cYH3S zc(OzpFQr~6HE}l`9jIF$>ly?Lr$!T$D#cepp`eb zQh?{ac8j|l?8|q=yf^$(N&&~njZ?!ztJAp)H5Zf0t5@$HvI+FMGbzti@M;myK11#| zxl=5eC)Ns%ed7^*gK%Gj&J?vRGY%HX7*H!!_W_9^zl(t13rGD(le~vbHX|1y^x&XN zf#}`T?n@nc`=4Mj*G+xj)$dsrSe!a(mNVu29M*N#O9D2tcXZt>+&win-D-udMP+IK zAF|FdI+Lbd+p#gRolI;^Y}>Xyu{m+>*tYN3#>BQYaWb);o#*-9z1Lp*`_om`Roy>& zHLB}6uJcsy`t?F3SCz;=hz1#_0;Kw~KV74#!Gu7!G&&#C=9eP_UV4rbHKo{`>Xvh> z!oYQ{OtIZ7E5Scv^trszo`e>izUN4*C#)a_cF(6za|d zfsvfm*gxg&#aLzxpA&~c>utTZN5z)Sop-gW)Ls_s1o>KlB=&W9Xe&&P&&%&VyA(R#9{BJ}%>T6!J+i=Z-Y>89w!Ch45Qq^3(J7+~JN!y1KK;#-R>$qNI^2FU>B>tdU-`)t1JBM> zGJ44|Knt>HGZHRgvZ}u zQnbuu6=@IIYTU%ip?wuW?}|L81;0HGJXh>A4OoPuz+~T2 z*qVs8Ksyb&epla>G$yf%=&YMbf25|}`?+eYR~4zKg9;Ou@yHa4Mm}dzc6L#gOI9RP z%yiIPUH6NYsSx!;M7Y>`9g&PKaTL12RaO1?J{zuklTMHFUR$Xm0&PR5g?#2JZ6D0S zS5@V%I?pTKM^Yk1;!V?N4*<1RzQLJpT@w?a7y+8z1*#4f6j3MId5*lCTDBjeq7<3h zOcB0XzkUO3%n7rPhV(ZZOjz}0!}s5c0^uqQNA)_Iz?CkygjZ1gnGB%8XB;8DBcoOv z_nvH9`IgqFg6_|8N22A3>dB-!Dq$`;bTZtDG%bkuYU)aA-j0_wT<$E3#k*er(Dw6n zzPZ_%p4Zf!%Siui_|jcQ@{ShN*(f8J{}GO77b3zB&j}V}xyQD*qBK39`-|wgyGQ2d z-{-UGbhm(JuEjd8dAB!XN{3VKdXK{eqar`UFy>N%IHZQPOs;bfy8|GSp?uZ(THvYu z_DHt)#R6fE`GpI#5f=Ef^50_qn0=?bYWSlg$?uA$Q5f+Z)wz6Z0u#S{crBoRX33-P zvhf%ex)zW*;cgh_eoY#K0=V2k3Sh#QP|8D*D{k` zV%`lo27tndC1C^%P{=TnWE@sQ`FD+oz27dP$

    N%-T=zgBeqZi|$%5xubp>!WF`u z@hpHZxu7MhI&w*DX{jv;|oq%EN)`UZ}AE#uVusRDLs+AAXiB zYd-daX{GUWll2)h+^zfKI^95D(jf&$?d={rx|2`YVdiYql7y2=l>#l5;=7!`?2{b9 zwCgmz`z~JY1Hl&~YmT9yT;BrIOK`{FH;S;-^Agnjk--y*Azm$%g8<*u3s&Nc2~OO2 zXFl&pe?dJccUwz8F+LkxO~<8Bu{1gsFw)pbKCa&4iyY$1I!|fVIjPmenRomA&>_G( zoR$NJ`sKOL?g?8qyciK|!-_IkNzK*5|Iv+-qsnl~n5l3aA#IS^^77g>JbBfvV zVVYhQZrq#k-8L<`ay~G67xoyJq2dq6YofAoNAb|0lXt3RVe7gKqIgNuur2uIa>%H# z9eyEdDtGBR&!k(pJA~mJ5_l}^Q%n#y8&xOYt^%QiXpb(Bm$a+8HPh{}t1!h#Yu>G8TGh_o*DcHSTq%t2Lu6~ItKfJ%6uP^xZjy=d zY_eF$*%wX!C|)fgau)sbGTbCK*Ic#JTXx)(=cV*PV+Od@!jI}tk~tax8lJIZO{<=r z(a1~RA_1Pwj6g*rZRspXqSXgcYX^BH@f!i^C9MB>oh&1N2ir$$m&G&_Wj<&nMv->+ zuq_-R?!g88JYpSr7>Edggf{&cVuomff@2n~v~-M92s9d|vH{c&{kvh5TndMXd`JQ{ z&(58hYWfOFgw(lJ{R+geV($BXwEZh$q*X;GgYnB|&-3=BiKxNHx2yeuT-TQ-7#VGt z^w1OLv3Xk?k3WCKc9raf5+S)#Zh?O9F@`qZ-ErvDHiN1rja0QsHq&R&8X2`+h-s<^ ztKdGmNUjYbnrD6l=h2%-w-iRI*U|PxBU39XIfueUOc1QBbmFY~0nBf-B#K&!b{@D! z&eYkjmif_7JDDc)MAYS@X5U`Wab{?fVgf4Dzr?F_{~;6usd0?_w}YM;?C*mephoO| zG;g<2Lq!Rfu+{%9RaF2g?e;pc#>5ewY;{Shf^PmbIwoNAM9aiG&U`UM#BJO$@6+Rkn*qjBp-2SKT)Z9;-kwuOf@^I;g0I;I;B_{IeZMk79pgm@ zP>LnEU)lL;#)L^^K2zCvd|lWxfYK87KbITZ4Ds@-5)&3{&WijC-fr4-dFHSQ1R4(O z;jQi42_eaSh$J7%z2$=J067{gru=DIQa3X$pl)BLU0COw`Z;w3N1R(kI$4uBu|z5S zuGnW0r<_~-#65;t+8;2-`8#^fKsmz0iu>#V>YQgm2rcjPB>NI8a&=kKG7j=aDf3rL z7x@gq=-m2)HSYqR>yL>rS(OxFBWF=Qp~DSylFfd%h7bMPc*nbQDWsozty{^Mfm<;Z z$XER@Z#k?Lglsk449|ffYux*vK+QH1rwVKmWq)QPJv|S7m`Q6|H(7iG1lWshK1+rza6Py+U3~ z%gK0Oe@GN!+N*d%hQd)={`@h&QGO=?V=Jo>U^E27vOz5LFgTtc3d=I{LkJ3+YDAF? z634oX_}4Ptv3xC0s0-so&RPH({@OfoN^CO^5kxz_C>Y|M@bQ`VH(2g=9xylI@L=vd z17Y$3qpA?MVM6h?vM^_z6R$GxTF<)X8qLAhXB9xxthAzghtoGttg2fLZ?xjhQu>;IS0ii>pLRV6hlSjKx^*%geJG#mYb1n(1)Oru$-Wp5mYsVG^kbK?J*@aJ(xTE49_c`l4^JSME@%DrBz<95rRKv_ntHplC+v{{k7w0=|!*+kkC@ zhBZS(+HTOXjmz40wX|#ia11a6Vqib(?a7P*-*>V+%G1qCW`!E)WEOq+mkBo84oHo@@v0iPLfn4~{-K`O>&t(uTg*dGkIWyw0Dt$dv4omq*q{Hq_j&{? z!ruWW-}~1N-{DG$-&im4lYSa2CQ{I4wj1L@4z7Sw{MCDj2B)x}B6;Vq<(5+NNAKzF zKt$X&Cu%nl|4wra+cwl&OVe_yMb8a^@qinOJ zZJe6d@PuoYm9m$qGqxV3v8uVsN<|QIA1@Cjb|YvBvlo-4a6NOx6>A#-T|}h4t@&L{A*e=X`D* zFAk`c2>Ye*(QF(7sni~;mb8aeNXVZWUa&sdJj=|16Y0iI{m$$t2N0B3DP{E<^G8Kjlw_9;%tIGjSJ8Q+w{Tm1@a*tMa~2Cm#JEQ_4fMiFIxV$8anhC85J$@b)z- z*u>D4>J_uW;=tVt7@P_o!A5L@2uq{i1Ehch;}R$+;6>5mvk^m6d5b7nsP`+$`I@Q` zZGf;SBkd}}`~#VPEdYx3P!6$y54{{@LU^#+12Cv;&d_4zC#w5veg_M5H+{h`><0CP zu$F_v5D;4VvzlZCc!2y+Li&M;dNGPUOGEOClXS#{$Z@2)AEQ6UF{+g-A5aQR@3_VL zJkSArCi`TCh8wtrhWOZphG#@%La&o3jY>>gk3#e}1jM+PFflwVPMU`zurFG{COI-G zsuUgGJA<*n{acbg)KuL$Epti;n|qFgx+N6X0EqyOnxVoJinlu+oEk&j#(GxOL>L_er)ayH7P>PnrLg=G4p)&m}WIQMHz0LpvK| zQwf?OH&W)<4mQGr%U-Ym+P`sZ|%lZ^dglj2I@UDc7MMg2FaXr^1rQ zXK(A{B_(@>8jE2l5HqU^tYgTUkWwoYHHm2piS`8i;S-I34u=@Q&X3Hhvhq|{f5u^f zZ4>jjKl1Fi{D&a25b0krSH0QqR30~kS$}+x;w6Xq&4I#D`z$B7q+u zJR#RZkAUkTS5KzN_MTmgm?pLYz7 z6$#gm=pI-g^p51nQ3`?~jRUFECo zfYE|dpTY$^uC@BVf<>{!kxxPBj|d8P;)?)bm1%s5{Br*{>9Qj#HrHq+ zOWcr>i)-4phr*c!!u;OmBN!_@d`S$^#3zvEy^!h<1@3Rv&Hj1X!KPlouP3(n94pR^ zE_3sE@A+oK=Gk)`^TAC#F3E$3ww=(d3^-ROsRjgGhH#p&8?WZ^UlQ`| z80FMR7ZcE5t_gxuY0^`XxMMgBzGCp652-IblwPNwbzQ!E7?Zpjt&Br;L&Beaxw;F} ztCFHQe|^C;jP;ThLBpz=RRC%m=~jADE`3h#26V3a?2rL+p0#6f9B4XWcDX#^PCOT) z+bN}pOJ#0ISdq6PpEstk^m=zvQ!5G8o)U3tuF_f2QgRN@NrIPPy6+df@89Ge zPosx;=b75YjbMI3)S4%El$CBviA{}U%x^)324qO7rR0Gu7+j>FTaIoe__KMu#Hu_R zpbacYjj{--sGs%--@Zxx>Yv=^<{+c^RFuhp=ZfbwgQfpurXX4d(s^2MT)26+k-zxJ zq}YX*CHZyE|DZur3b4Jmv}voMs>v4&uK>dR>=)5I2`v)#myT4aN5S~^Y@AA)Id-M1 z?NeTRKl;zAnj+*N9fpBXi@Oqa0{kEv$7V{B7sI7`y1xn)wsj9~lD$0KVZqUhB=b-s z(CNw6A{Odcs&4$@eV2@Jy1TnERRNHmVFWK+E(A+-Fzg5JogrKG&+Q(tZmy*WF{-JSz zK=CF;s!sa_Bv{9}C=ROI||lo>-N+V zvVp6Oo5u5t#G3tmg1dZj8nl-kiJ&xtFnl=kJt9k7+e2Nor$XNZbO~=w)6wqH-|@=K z*T3$|8o5Xu*Fv**9(dc|tdI3XMW~|^tVSECueYN8!rk@LqM0J>ayXj$3em_>^%w^{ zf;LFI^wUH}>q&a`)24;99M2RA-dXKslv8cxD-kFzuo&I$;N1rb?>m%%yK;3iXw}Vh zZblOkR+NX2z1+dm;dm=0(<68*$Rpq+OU!zi$sbc3xoM@RPRqu99flcZMpy23OR&$W zVGFepKtpGb6QB^gta0UpPuB$^PfoF$tnERXkT-vk^~BDP^fI$^4K{Ph(X^EyX66Iq zf~dh>E#$6GN<`3J{!XYG`1tOo6mltbSta^cd3NDY$I|;BX(bAo+j)DDE`A_15tuzp zmRhx@8Bs|mG9HniY@P4;w|SF9=xWJX3?Zt^EnlvD*TO~1Eu~fdQjGAV;G>4Jg^}h@ z+UkN$o^YSf@{d`*i2>ybJwkq^tpqH z(pIQ*_*tY%_Lz-OP&*|qlk2tCuUIsFMet!E#%-5Pw|i3w_dp5nr&r}@DXOa{HG zxi3=S7&y+KC||)+QLMu+iHnZ$d_U70UU zEMg7c!y>H`N^A)Do)_8?*$#B{<9iBF9=tnwAc;7Hssd0!h*q{8y&oKm4Yr7Fg_nwd zQ=-=EvdN;IcuPmdD**;+SjFCGN@a=?dHC+yLqODS(Nt2Nj9*UW=1wjkbjeLzIkYn3 zTwlR57^S~%N{_jK7yz5BOrE99N#6I6ue=)adjiAv7+fof&WL&(4XSFNcIk{{NwIZo zxoNXmmrq+S!g3Tz` z0;CvOj93x-JX@E;v;YZ9|0ZPX4N#?J{)4QqqN>u*ND9{GWM;0r*Ki@_7(!)kU$oHe zJJrx-3hB68W#3x-HMBUx-*At{=S}JgHkxhbMGGF6uvfnvzPV^#3QpU}F%>7i9+XqekaYfxuhh+J*Z!mZD$K%S(ntounMU&i z6{_fifb&4O<+u28d8>0n(-$aWtAyasEt@@7ev8rXCo;&k4NR8sv~~#0&Oc|qho^BI z5d+=CuTdN0Fi2AkH?3#ta$qY!ShV{QS>uEyT}zvS{nnO;s&rn#0%1PrOsM}oyS-UJsa6@2gkn1FIvJ@%W8i;e8pPd6QHFkbgw5&%_5)^!qwtItB0EOaKiWR{pGDE(vC03 z8XPhN`jFr0Smc`x73gpjBXw19x}Hg=IYjrH!UIEYh@pt=g#yT?G({9k_D>@y?t7FD z3Ra2@U|Z#fZPpKAXV3L+A-f?*V9NqOCp?f^R)WvPS3+vx-0^y@ps=4Ki#kmsP!G%n z$$sz<@%1Rfi0S8KWp}PITW3j@V)y~X+EeQH*a1m4&L8V`B_CI+d>Udd_J4s_n1(a&Pe#m3nZ0}1s3P`zrqmw_Vn)3dk z>HjSe@Pwj7JrR{RHe_PJ=V-QZg!^d#ZcdyYwF)N1(rs=bBhK11Abr|4LiuT298h+? z@kZezss9?v1GTFAPP+f#EaY7H-PfOBLFK^V@v+6<%sPtv3+oAltstX4DnQ6{;F%&$Q&?E3RDMYpRoklv@LtSv>MZW_VpFsPZ?5S=fFD`JajG78t~g?WlnGl`_W zTk)4osCTU%7s?Trm| z;dX+xTS&WCXwHwxZ3w(wWN7}UaAcWg@su$2_tdTZDR9z9Eb@yCgM}q5(glvR0P)&q z?7Q;6=R=IQx^-d$zS#%}Pb+c(RC3wJ-w(ghQtlm!Wp%7v%Wo13+633{qt)kc4;Us8 z`@ifFeO?Vy%hx@a9qhln9ljlP5HS*a@cTq6B#P&zU+Kz;a`k0<$*AHCSchNWt@Zvz z(szQ##GbOb6VUlV78>1}f*jo~F|fYUt=vTryJmpEV)krvQ|i=y0*Vm)d(RJ;o-XeUdK+r7>5 z22|c2m9UXTf)8*^okanOU28l~mEl4h9Qe@_?_?i6Eu%w9NF(i58eIBumJ)(ObXmtZ zwW6Cux7E9XjUc7nCs)KZz^|jH)LJ6o00<$hmrhZam`+c!Fq8(uCC&EPY9*hk)}&V% zij^`u26-{l4G*VFGYt%^2}e^5+7G3`&OtX7IgJw60KRTO>7^uqbl^GX*&zsD>dXo} z0tvtToGe1$7pk`}+AK&foxxNU=p2tKDJeNvINii<0-qz}-K^;Y9WSWj42AhU^OK(< z_tdnbwpd-21_d#miFKQUPGkiR-&c&a=DJjz67ROKU&oMcg0Kt;45^9fwK>ma>y(eE z+SN3JZv8(#i@qjo>ajzovznV+;wJb1dM^HPm-tVOV9$oF4KQT=`S)J~M(@0sq0^}& zfA}P4HuYEik1@bvAT)6CQGL9XIew+Z&}1)y89B<6wgM}Vi=xE)`_?}ATAI2Eggsy? zo4L<$`pYztNY74W=Rk|(>XSW%cQ`oA$^Wq!8I8H;+@7&RZ=K~xC{y0P<%%4Og`wu^LY^CHB4~vGnb}o*);RP>3!{PV1Kum}8#8QQRDW1}R0Wn4DN8`+e$ zKnwX6;nq{lqPU8X{*ONW*Fump=mlrcq(=XIvIk+pc@w)3hJhJMdrQi z6Wxq0K$j-(*I})dhZ7J0z3*Pl~$0DiJt>oKyAFOJTlN&JZKj_pU z?^K`@06v(GT8_nH>X_&dEGdRTtO5rzibr}gQzEF@_LFl)GHVf@A?bdZ>`#6Lyv4Tw z@tippLnE2YH|BuOlZ}*rOB^zXtgxXGJl1jpfWI}M^D966#{7u(>zL&~DtKfLXV_#8 z|9#9V?th=^X}bL4kYG=^?OSDmGQg)|eQ}v@-U9Cqo;!7~Z3BO$xsrxNbsxcoL>@J3 ztw?{mC}(uFyBg^%dpj0c&S%07{ZA~Z?w1TQvdT{c`W3oU*qPL7(GUva$y2`V>PN^) zQ3LyRsW11%?>$!+{w#?rTmB;a59|KkX2f9mA7H7Xz}7jZNX&;UOOjlTUzI6{i-zz| z_~rdHWlfpC&)dv9%AcFzX||Wl|4_gEiV;$Y5pyN zO&;zaYz#d#<+klGnyC@cq?&-+K3#TmPFvfpo3;Jn^Jw5MkZa)A+6}9xKEdy|dPV zwj$rcp7=b85bTlF*xb@W>=}4_Z62rG09D(&hx_~Ikbg2ZeuNV;{^&2caPdS?p65}~ zM}YV0t!!RGPccn=>Z?j}3)w9mj46dO2Stk{dj5KK>cjFSyD7*-&&z?XV}==C0Yx4A zBzAk8%xq;A=mV7Beh~Zq@;jcr`_lrO+sqZbV(Img38!LKrSTcldHH8*Y&oT(}XlaNv zBV*;`k@2LoGmt>cy&k==4gnPvroH~}!WRIPlzFYgDBdWz$fA>B-gO^T;jT)N3ewoy z(ss($N+IwDNHR0-K)WEp>Q?E))X8fCP`+^*fmDBbF^u&j5tA8%8pc2BY90=n)nkYd zVi%@Y!Dg-0&q8|(n3z@(m17htDmQ`lFq1`0{YeTeW25v>vbxXy(!@hJdkp5n^rK7Q zp!*vk;eWg>4Xsg=Jh~BA!m{oHrIi2Q-{&+AcXNS&uY24xq5O;ZK5jJG^b5Cwr*J$} zy8RL&+%L8Hku-GU9Wd4A1mM8Ml-b}%^`I04PjjYwH0X)yfGCsl;8gIS`4(7 zSOsb(V#<9P9%3}3$jhl;*ire>Bb*PN^O&!32kLRiYD(o1<_|jXtHf~Bnm^Q|zWhYT zm?r9Fiv)Nkw!F@UjaFps(AmD**JNHq+}^~YD83-v5{X4bu@wzC2CU)NU z;Tg0gmeLp$8}9gO7cLOb^!QiT$H}Ibp89;2P=X=`%&j&aN4y#s{Dsd_we0%o%ig@ZQk%2*%1iKbx^ixh-rbJFPg^ zSDRiu>3^)Efq;+~vZj#S3erWmG>iXHY_wL7w3TFNUBx0d4DU z!klsMj%iZWmv3yqoNQgQ0Y$oD2T}-E`R{wu5FY$2ctz{Bq!uZVirsw{ZVyiNiY~6s zSrhZDa_pWe-6~chJXYVSD7v0L>yz}wCKAJol?TP5m12}elyS`1#Q3$A^M3z()AQ9V zx-~Y=sb;zGQ{J+DSNTP5uC~V(>ik$=n`kho(u_UxyYWFQ?e_%6{q(;2h@AII5ZxRL zUUvXeT(5mFcbcJc4M;N~s~ouC?AUr8Xqw)bRtl~NM5xK%*DMSfZqQH^5PPQ~!5V`| zU2G!mA$&YFxN}q{SZC)uU9bSX@nI#&b%uux2=Kq)*bsP@EQeW^S-oT2$fzNg+x=V% zxYNDo(38WRCFRi+{n;6chDtn58r)4J?~*!XaQfSNzSKn+kb-Wo9nhogn}V^#mkA8% z?(n%5vN$eK!FscZ=^@oJV-#uZebncqmy}rXG0~;aJcrD+?A(>FQ=U0jdMXQ5lFX)^ zNMq;c{+7ba&pmXP4&+g~h7-Yf683l##`6n=X+s4z88yx3f$G&1srF7!R(w{m^DB1e zKczo95+Y~T-ZxIUl!o!axhcAq&@-cogL5V_N&!Va{1!{}{3bOux$kDGv3KlBCIgR#E)d8E-Vi`!2y5n6c`}iEkWX`ytE9Z z%?Xs;#ZtdNj4~JdTL7rvO{72n-S-106_Y@}5{v#nNH#w@~X+Ut3UUy>*i$$MmcGcN&;60W*-K^_{&iOIRlIiFI zbrHK^+7wgXSBl9TuFQ85L}E$}qHVeCqA-0Ga|aqxszYq^TV@60tc1xSH?g3McR3ak z<`NLW$F`Cbw(0a_?p81@&mm2D(LSd;k=15|U>dQ+166;4N8zT`{QG706El~POr3g+ zgC|hoL}f`Sb+r-?CI5oU0qg+~BUAM*qa95{%gC@aKj+#x2BH1FUYodRd6IlzwKBwZ z-P!8_nR3YlN5fAho(b5Hnk=uZ7dR&|qpCSN4uwD)bm@Y^x@W+%;8^jW+4^Z#A-l_O zytWpR<}@0O+puS=w_S((n(Y8LMEZ`?gh% zDHO6%GcHG=e~up7r6ZGRbAIVOfF~v}tk~5AmMYkS;VCpM2EgEqC{8j)%bXR(68}&k zq0N#Z0DsbSDt4t|U`|Ck%UB0Zeb3XQ+<=B}2Q5GG&MDZl9vT7e+sYsEmZo0|-v7bc z4_8DlD_$rlAE`1KtTvMNV~J8UOQvK?YsiX9LgA-`zj8}HR{XrU|9nDAw_}rl5Gno= zX1nJwqcb>W1p%9N$Eu%@>uKbHcUAj&;?V7z)}-~KHMV3i)h5d_iHU3^g#0 z6db$@k3waYm^-4(Ym8(LEzZtxEsUH6Mn-dz{7rZrhsSTe{ zFU!rVe?SC>qGigrLYjl((lTYz^5!SwR#eDannAKz4fafiyEwa^zWTFB$D;6eOzjw2 z8Z$EWEVX-(X4ViMeO6FwuT{3%RkR%p2;SK&CcfqF>?Q2;DY16T=kvdp9|TGUHdvn@ zxLKb!=n+vRfOmB5YReQWv3@aYU*P=8mK=$#8gn=f{l@0@XR1W~o^-vfUu2!TYxg-U zQzV*52b;#W8RBb%mQB1Gt=nkciSz)A&h&bC^u(P+rWvUxarrZuY_moBP7@0WUkrn$ z1gH>5PV_!k<6a8SQA&@USQHp;^dyPUF$&hsY#m6@Ns&nGyf1v<1M7awJzLERIMq%M zv%aaIHGx(C!)X)A@C*+)=j{$Z@2?laK&`$nA;KYA73ErGVdo$BWLd{z;%$tDQE?@I zW{t*S+;^;|iXKs7TP}OIc*A$%07TAV4r12&fijUH@Z6&GIPtH3cMl!{95z zTG!Oh7~azlk{amze8-{vn=ah;>~DD#!h0kh%&jP909jrN%lV}a``(1a7E0)C65X_VO6l(;rPM$6GAt^RlAmh;Wlu$<}Zi$M-+*VI*8YIF&hh}sFy>1to4u_1s3;x zRCaRj2=`Eh;m62xb>s6ws+3l16vzaF_Li=fzPZnT6rj6a(7lF-;r(9pn((+| z@BVuetql(z$-GOq?C0{l{N7Cj&}Of-94PL{PL0*2t*D2^vdP{d;Wc2wag*S^}}<0Yk6gD#{@NSak;vJpc~ z&q9^6mUq!vMr#NiJoAY1!MAFqRrx?djkafS2rvJ*L3;EP`u3&Fc=C#X06(mN?lQLLhbb%mh zBC{-#lj}<;C?{5y9pzCnHd1O4Yc~bD(Q!cQ@L*=*Z;Ze-5 zLd4hz!*}l~-5KrZCc(-y-BG}2)IPd2>%0|Ait-rL#gU)!4p{F$fYPbdHfR~ki;iOP zI!Gta0Fu)vdyFggrSwv;<+=J6;Mf@4e~T`->G`p$+x+=~V`3n9s^|}r(Y0)FywQVn zI&k;615x8VIL7{EZsIE$wG|6Es46RjT9R*d`+Stsu>TQ6fXGz6(-d}h5lr~IWF4+T z^V-woO&z#z`4-H|hGB|Ur>(}d(HH}dl-g!b7vt4V&Ui$}F6B`=L#M$^noM;Pl%3#= zhz~E6%EMyHxZ1M)lz*2y-L-!F7N&6d<#{P%;mLpjxmsyI(o@1aU*u@vsFu@?*_UP2 zE+>;m1E2C2!`e;Dn!mb-f+uGabnK|=MDx-^>k%!KmvN?m!QrB|#g&fXT8u$jefyLr zB`~<|7qcDU!c%H`;rh?6-yf`zsd=7pV5QGOh6~AD@<6DZmxS9s-F2;cBk%lR3puxRO*q* zE(bpW)haEHn_|gp9MWWciv*>7Y>RE#yqk+>- zU_Hm>X|A%O{P~G`m5#9(4SJK(@7vpTdz&bCmKLY7 zE=JR}K^0#i=GqWF3q8HdM=V*ymALEwaEhK`8nC(IAx#R- zgri-s*mHHZcMxd%(r7i46ev#;$U~$g`Zdb8 zVH})mBB6zEj#ioDCBR8eW0VT=Fx8K>KLvQx{Uhoy;PsuN5IML)8|plXQ4F#gDyKGE zF&5j}LqBW`L(H6gXlMk~dEU8+x~#cWqEsd96rL%mdDaPK(fXuQSCw`~0r7#8-Agvm zKAu<8et{^&<@(Ru3o6q_K}0`W2>%@Qvm>L8=?qevU3lk`6R^qWAwAFfRe7{%WT_db z!^b*4@2Rgk7AH;H{n!ha@4xBS+1-Y$KS&rJ2#@>q;U#`Fn7L9r z13hWW`%}51fa%3(d8c+3xalmk_XRs_WW&GU^+eJcNa+546wm*AlVYc#3?r_B&xgBD zWAG_CUZMaW{Kt*^VFJ8MpOKgXYZwL^XTQQ-t)$wM6DP8JN;_Eh&Bxc%)!G03;^lO{ zuY23@JeVV&P#Cc*%96@ViG@Bw+8A%cwU7w;D51$jq>;`BptDIFf9ypvgtm`)a^H_H zoq`DZ(BYN)>&M#w>sobsD=e;dV zE(+&q=Z|-u0fkrMfhAKRzBh3Cf4BxsVhR`UIzxt(-~{MqA+pC1NUVw?rXuqR@Y^8- z*D1MeFh1HHPOpr7*!cW=bN9JjIX`u&ST)bU@7PsQ=SJ&G^I^!>EEJamVi1BJJs zwA!ct;r;7%k!^Ko>HPcVQsatWgn)cv0XI9ctcEScnA}rJ#;{hMDXsdPt#TNX<`qoy z2NoF8wzNf1$Ba@cGsBtfJUTxYjaivHm#!wE#Oo8T1?&hLJ7EyE%?Ec^WhFBS^mCa6c z+Qf6TkYiS;rF}pt<`Ovkg1`{-sZtLG9~_w<02L!YY3FH?`X2_unK*~>ci_QaKN z&~0gBdB-68f9QvWu_37cOFuYMNyb9J^=jK#j>@`n0qgsg-ran{BR8d!n40K3yP4Ac zMu-4)@kg%A*@S6Lnll3rD%4_NkPMmT42lMQbol1g$09_MEp-#IxW)}(4T$LOqyIxZ zC}5!;Z~PJdKfps^kU|+5`Ebmd>U@|DGq8!n6>1=uAZHCba;@_Y=5QJN@X?jEn+$52 zoh&1Lkfk1UsMiQUokA_f9AEGcsvVtak4+zzW9^J&w#A+obbwtYk!Th-ile-#d5K54 z>qrnnC4tlx;I5Z&=JD#s*D{TNh1KB&J*J+`1wkMq(B=Xb#e`!@b@3yx7~5^Dp}_62 zEkoAOUHw`z#V4PWh-Z$(f*hNu=M*c2IR0CriWsaGGKGS>ldOkf{-6R5DGjA25{eWc6%fHZ1qVUrm(C2<;E8|2GCoy`Lqv4rKE5QHPaXpD)f z%Ja4{2+&So8`qTn$LFaE!xT@2C`mk7Ywnxv=>a=SA;si8AlV+dKSkU`rqQ#UX02Y% zS6VnxG^zX~E>F!HkH=seF>hO_La2Q$M%ak%Bxx$Ry5BW-kSyiHHLjETPRC>j0xmI^ zi#^~^n8IiGKmJ!TSL8fP`#21BF#O~b-_fbsnq3PkT)fQF*WX^*hIPO#Y%7cz+*(7_l zigIHc^GZYvuL>tOOE^dHE6v#yYXPg?K80V(g$sGJ2mwwg>1_7ti2mj&sX8P<^TVm8 zM5u0NU-sVud^pW97mr77mKjzFs3+h^9rtQ{{z53ii6vH!xvfSA-yzQ53X(d43rUx+ z+2p{uEY!?ZT8#Vth~DK$Z58rkIEkaL@kp;ev#DkecD({;XSg#K&la`Ab{e*}ic{hCIz2{X&z@E?10rIh7fDnF^nfRiSl?N;Z2$)o2b4&H zI)Y4;&{@MGMu^SJ?U3fT(vt|gG!OF(ii~cf5}m8GGB8(5?I|Dxpcf=PnH!Zd`w)m1n;SGsErgQ&FO z5E&V)wM?sTkJQhql4wiP|dxXX5UNZC?z{i-wdlKXx)6x%nL4_Xj#LH|46e7(yxei?+v& zWJAdb1RA71)V!jTbKgsMBZmNpFmjM7fNd$stAs8h3>aST(8oI{9c2daE9gF|$%j+v zJ8cTg0W2ogwLhl+Q+Tnchizy7r}oI3TR3XQqW)@-`_G=W`M;*X3%gI7ovg3MXe-UI_6YH=&0X(U zxG0)pn)y%u#m=bj%iSijvp8JW|jX%)jI`d5-x4KvF%Kpys_*0=ue-+P}_SM#KwgYLTOu6w;-7SpUeym9tYa|dMezq~zX znqz$<=8zVU2fuO{pxXSq`;(2cdXSc7PS-1Ac@2Zix`38$EClv?9lHnBM=d$~{YG}uVEo2){p6JzE2}>%G8Pcf< zEE~f}X8I7Bh+!6L(KxmWG%<<+ql8`L@Eh~{Tp~q%4I}g&yhpZ~bDyzm;BdRh)*A`w z;Qfi9Sof3MemwbYl4vSI&e;pr@spHDNL>&5~2MyBS)( zF0H*)JBN)p+CKZ@kmO|fpoEwh0wRj!UT+W-S!&SnF5@_9j^5SYDpt3P)~u=6=Xz0U zeX4+>pWznZEMYIMyi?!E)$eWDx-f?8?{Gl+KO$I)E`vNpF%(ez zB_54-+|>7T^e{`voc+Ypn&%`gUExbJGE%T5N)(PoTA{@eLzyT?DrEb&;^yP+4i9c} zJ98#ws*O^VI1)nQt54QWv!FPt!6GQ6!D(QlTCJc_$4R%&dGTQ8#;W>WKC8&4QBbUJ>io-sm)(x;nhR=C8;wqLVKB?Cb}h&&_^e1$L@6dHvVFQ+y`O z{z%(c1?dK>-DEgH|DL2-CScZVr3HVyIK=&8SAI$>vM6o!xC~kuC7991c;VGEo?62` z^JX!wSxa>-8)I666|z3}`WpeWXeU7Fiy*dTH#Gp3Fs(m9TR3Fi9Tt z%@x3|eWUxK?72oP5*cyH2h#_!AJ|n()qgSv9cDOcF$$Z;%gxI^O8)uzh)rul*X=+_ zZ~GzOSmJ5#%KILaz(OoRJD&DTzvEe19>ksg7-qiXv;SYhE~HXtn@#8)EVXED*v*gu zGlMjP*K)L_i?P}@6B-#1RrOLsm+m-it<0!Nh!HkNDvGYcDE93lIc4F4|*QXG%^3$eOxSEg35K@ zniLtKS`G+p?`*m2TM(8e)1GP{>$j9kiY)ptuVuwJtGRNKj+qqQs7Ir}fnZ_; z|E+r()&V^plikC_A+jYM%dT`ViRQ6y!Tf)AWau@DM$#$oOv5`Ie#ykLo62`%eJ`MS z%=`Qto>Kb>)BVM4B3mnF;T@^OcK^Nh_G+tTZEv?GD#?O&VJ3m^3entP|>;I zy?OWs?{iTlHDCp)oyY5}Iy2G_rz5g^jDe{i0}I`3fh&dG1_bZ3+xXajf0uOkkRsz$ zHDu%k^O9?h953#anFz7Aga3(EHb7rko7^?5(qLgFXwA8^p{4CDo2Gf8W0;!ugarR( z?$Lc<=|$u?hz|)!c`|Kbtj1Cn(1=hR3e!;K6lN9HCS@EDY^Y`Cmd}ClQZ@tC8KMo& zyQ|WGWSdV`61tjdelp4EF|3mGnPzS>v@;fDR=-zA-ubiR9Z^PMg*HhvV9hN1KYShi zkaN}i7kZP{@9lBm-O8LoRj3JAzA#vjehfk5A(C{PbVh77Upk+$)qc4*?l>CewmSm_ zR3+r3QrXcYPY&b1xO_u|0v{x3$XH&xUEO5Wx;<5eaSNUAkyLseKrS{Tp9vdUKUgqK{8f4hNci{0~m#(>PTCxA(- zyeQqGUVz`4A^^-p$yvzVbTJ5ZaRNoX!X!|8tyOn%8%$F1m2VIr_OKwxCb|h@roIQCXd-tSqkg^BmI=GqNUwj!Ex8Ls=dm z(>+~(*@$$u&Q(C=$mv_b*sBBoi%yF{v51)v70hu^g~@l5W*fQ5OyltQu3b^NHV4-e z(%bFzm#j+gamZoWhM>GLc_2AW|KuoSXR)hmY*I^^HWMrP^-0o z@%tFeFoW^RkZ2+8f(6QY%Jv^tS13dgnLyZaJKj4Rd8bhv8mW}}*xf*VNOa{%IXxoN zcE4mdX6x2atd)0aF;DJDAY7VDeQ60=cE%6#%)>g67Np8w)NwFN1JsHVeA-=P^rKF^U6?yY8j4q_>xsYVC#tkN z8#4P@^nFnj_856cTc?jf%^6KYG&gG*hlZFTMbn=|pRLWd-9B)<&AGii;p`re*E!Qj zy<;kHdt>=<6G>W${k9q}SNE4T7(|rHD0aIJOB^AQ50-0shWFLtIuAV_|I*blQXNd< zxW@uqZ+_crqG1mM?YiO@hBCR2Y(Av$^+HB7O)}+b6m~6IWQ9i+uWtfd`iIRLUuv#+ zv5l8VoniW14wg<~x0`J>q;FnmZtB9yx`O9`#?69{-`w@+pqyGqtqIMRX;9WN_KGhP zgMMRFlIL^3NFRYr?j3_TdRx)uT>rs$D(zrbFr$0hvz!LEjhQx}L$>?`omRRf9A@4m zxD^@4Mw#?Pn^v1M=~%F$ad}+eo3e_!cj0qM7W43I22mr8@-_VzvCzDq@4i3FxnoIk zDpLBcm|@C3NU>6Xy|tOqtha>o46Jzd_~+p|s0fFya2o*sU;^ux?`7+aMqRbEXqfdk zYQHK)qASkKG2QOI9h2m7*0v0g? zu2%MOh59_UHkSXC%oNtiqg5>IzR+-rQNCoZ4hV#SY&5=9j?wa+1KQHkChv8i|D!)1 z7#It-lPrs@zG)|HSl@HC0iI=)8Q@jmp0V1()+p7!nhY&Px%f%4nynzcfi-XE_VP@M zsFGsFB)i5dreb~j6!}1Bj{N@W;uu`Xl)FD|7 z#T8C5@9qy_Py8=o#~a{h$vywbe!BX92|KVUGK))&oY5@nPI;w5PNLOhVLGmlCgR#Y zi)${P?C3UiDOBa=H0?wf*AZ5e5|g=1ZL7NEN$-z2acly8@vk{65zIlk*ooaR2OXzm6r$eR}}TWqyEs zs^Z(v9shIh|N9ig))_^<7)$JU7k#)F*^0e9O}fSqDhPV3&%tQYwkhv&Je{F5npCdf z1_-!$?B!DEf}n<>I0u1+l59bj5n!wj|0V2g z_>MA_7Fo>HF81JccLB8-e*+FrLhEY&hp<0t{}A>k%X*>nYOAI36NoUaI{5!3>}>x- z*bU7G|4Z0q80={nSO$fpyEW7;iV5%ZcUVV6i(_WGC>Jnvs!rVZ3Y7t)9NOOuT>oFf zUNtApCbzppksvH)bdP=SpCIKVHcm7R*0@5{vf^4*vqAZ%?`I(F=&QINOw64zTH%qr zKzQxsJ*Um?e+m2i?hj!nOq=Z^8(Hn#s;4o~3@XY*4ar_Vr=V1|bw{vWb(5BCGgJ$N z$RetRw&sB^H6Sr26k_$Y&^9C&g6qYGS=~`T!|Dl*qpnnP2y1oLU*3Rk!M$2@>Fcc5 zVb`(z$|^o-(PXHj;M9sEowhLLkr#T0brhz6Sx~f`RX$j%H9Te@=TDO;sT)K6HK8#j zG6tm=hwk1k>0ILbdguE`1VhW4Bp_E2TBJTr8hc#L6W&h%E;E?MX`Y_eB)1Ai_Hz-_ zE#fKBC#mk8*-XbY6)RHeG+_5ZuM7CL&P+(~Hux{?e-OJSk3NFwbhM@R-j8<38tVtK z+da}jaH$-*ng=sKW#P&{$PD*)Om*(g4qAkgOYAbuxbxHKtII#C;2UGY5|j4BC0GBVo2i20t;hCZSJMMq)>x-?t&&_&L%HX1 z8hBO+B`k5T;YBz%A7avXf1uiWSL%G6l5%_>QZivqVux}zY|PNihX=KnKGsbc)us!! zs|;FCnD1UaJ^6Y7xT^r;NyS)RYRBtYJt7W`3mOvG&Z>Bp5OVVdWAld%jwTuqOH&Y7E@XzE z*l++oTpR)~!W)Jw*B_$iiDHjIy5GRxL+-K2r7i`~>*dEG>>)*P854mH?xMT@VeA5) zj{Av}l)Sj^lSK}wd1;9L9*1rtEvP@+l(%n0}Ar0?$AVQ5lQkegcD&E83 zD$;1rkXVlX-FVLL-~XJMDD+l+)H~}Bubfc8)m|sTQ+RnOL4`4!7uc}83QU5EirCrg zjiN9z-s2QVZz^g#P0IM=?RdjED3O$xQ~vw3B(wFZOI$Go1R|cWp!a%*?M}9Vfmhv_ z{CuC;R8xwNBtYN(CU7}I28vcBu~?M98lLFd72-qpfbc*cA&%S{JzF)h<%psBs9M)Y zo6Vyg^lvfcU6*ORI~xLiENu-kZ<(8@h1Hpvy_O2lS3x2ph6>ETm}9~@bB&o%Nq5FF zIB9Lo_N8kK$V?laffkE*XM=BBCc9_cdyMc6<~v-iEb+f0-VQf+X%^icG#wrZm8Cyh zijx_UzYxH=`QGDj^E)_AMbB`1#vY>Mz0x4_)r9OE)IjYfue|gk2tH+A|6%MP6oN@s zuMhm$-}XN6U%%2>CFW}RkN))&=vCH;Ee%J?qhoGgNpa`UA*#mmkb{y&)Sjgx z9YkYJ8=djm|1$R7MqG80=`*-W*gUpwbm+^1FSncq8SXlN0F9EAW&Yx^WZK^!YiVT8 z(I5&8me%vC2(-;LCZHB6wS?okQL(lQ;V(En_*8Z82wReCmVq(%WWuT*Z2q#7sWHK@ zxvlAE8Z|OiyZ142XTIoG3$ahvA4}1GCJxN@?SJK;=c~b$&>bOVO-GR(n5CQG#Dh1) zsTCTUCOc&(1U}PSXwN^==CLm-M}@9J*d!Oxm8pu;re%UI7ckqHqU8tODAQ`7>#H`=dQVI&oCVO+(|K2MFG|b)Oo6TLu*`=x4 zC`D(=J%&T1sRdM1)%8=m|4@zv?NYpR#98Vdb0VpckXb4|5V;3Bx3g*?z7=Babp>(Nc!3T5CFTEI&gGp6&>o&-dU~jzcuD7*h$aVYkWY6-|=AR~^2*?E=3V7rWLn zD@YSoNH3w*^l&$^GQ!|!B9#sxA+Y|cJ#X7}Z`9wT$K4!k0(MaQ`OP_{lw>=(r%9#a zY&Q!^f~}I&v^@{9y1B9TUq7`vCqSoeCd?5u{w3bmsdEOe#?%5(nz-2bn?SGCZo^Ji z&%YvAU%y(mN6GDkQ8k^tkG@o=EBhXF{uzydv;tE3c(>;h%9=#G;t+4J{w|?VWj^&C z_8?pGqc%PJe%B_;V<-o5+l39SaE^d+v->xvow>t7rST&lR1xA1l-502{+$uJXOg#s zaLVtv3gJt2R(`^}$)GV~EDtyt=n%4^4kBcgcKAFB5DNX`73ytgKFKgEPB}}f&~OwR z5JEtqa^?*|?`5)}9TOIRKyI-aT=M|#L|Ur#cL}(F(el^SBLpoKXePTJX$lDR`TBC{ z{Nf(QVu^6ho|koOLkW&B0LPPx$(5ofZH)V^5Jz-jr3iny+H zoibdokXH4T^~liM@kn6#PlR{T{*WviheQyw2`voQRi>w{tw9*YiZ$DS)T8wXd_dY$ z)CMLG$11^vdvJmxL?Dlwy^q$CxZPFQb<NdGBCe z-$6tQb}0bAU#Y!~#D@`2iN(I#%Co%svTz4S-F?Re+$m0twnAfHd={;5t@v+Lxm0Uk zEyxyg8ej!(({Ismv#(KlsKbV7cRU&Jv>UCP6<5ZyqfNeEF!{P_a_egz_iQn{yYL5Y zXH9Y^>)SPNMcgtVlSw*qzHX)u2PEP$xYccQ)=5@VX7<~UrYm9`KdtBRN_}d0 z94tj{iUMVSAZw*WUOFljsor4}-m7FmJLvtNm9>m*ELdvmx*a6zi3p>$YMBOi_H|;f zzdxV97c-H^inBbu?)|nNGAu+9q_3^m7t>C6MUSnr#XBS~l$dAa;!`OnkG)h{FVjQqzKwA%sGY# zlc61&b4E90Od#1;v${Y`X~tn$B89|(+`5^K}8k%}n)^-bN( z;_ElyytxzI6;M68dkzk6S!+NI4L8rsOuJny_=V>E#VX;!8#8=3rnf!Whu=ig_+Fet z*kNL5mf1xKvtz@yGo7BnwG|_j*qG#MMQc6{RGx8 zcs2hPX(?)zu$f3?$nKqUC!8==#6mNO#M{c0;IDTpQejd_#4Env9oN5e&tC?LTfOLE zbB=J~mXU}C2L-kP=6oe-zTJUWsf&`oNK@!$Z`3J9Kesx?{4w{D*)3LOlslqW&h$@v z@uB!ra-32@be{g>d#a^~9=384mPBKuyth4?XN)H3j&EMvvhA0#3XC;i;fj^V9gE>? z`)zAqReAO6g>?!%k%zN7FYczR*2c0cOq-{!NS9lH<^zias%e!xzwG%f(yTdgRcB^^ zrUfhE?P_^?^hv2N2Y4!u3CitWO>Vxj7#yz~uV z@^R`xv8Xd>*4?RY)TW$~ucT3IZk*U_ZUk(^bly2;PWz6B%C~6>y(}fr06|}$>{CkK zwtUJXT$H=g6s`tnruuC7wD`17KR^7g*60iQ9qBb6U;7diZz-U3(4@)_O5}vKhI+=t zX^)64>?lPlNq*}ibFBg2=a1bkW0S0<>r}gjGxDXN0K~eTB9K}m*NG)WfbPOWWbD_Z?b1h) z{f=b2qM0=cJ5yn(dUpxmJ7h~bvqK3V0V+`qTxJHwUM6YjTR8dN%0UiIoybi_Q3e!k zAXj*z{s6|i>*fq+`W5Uwj7OEx_JjrMreqIsTTjRcqGpD#dQvu6A@9AcV3N8oso^_C zjJhgh9e%<@qaN#!5RFTx3LAtF93tJgx<3YiZWIBECg$S1`dMDa}(p zGXu+>R^Zp}CVoFvH#WroewxV7&lQsr}%XT24u0HsVwm zSenfbOF9|DkDWrp3DOW4EwAZe3G?Ef23*PDaxa|zZ1%Q(!bHCZnZvbFm{*0e7t9~L z+Y*x3S5jQ1*@F~f0?3BgxXq2*JxJ9%6YGaBD=>>D4_r^#KVj%5{`p{kq8QJ8hnqr? ze;FC@!*XrcUdrsq!fc3n-@lpfJsv!KcGwnett+mgns<`eGJeSl5UsV%GRej{% z1{$QP2j3>66houp!7L1vO2?)t6&yKp$|c`dA2?4hCuKyKc;+ zi8Uut!OQS;%MH>teA}S?&RTIvAjlRAo>-0~2*U0{1l_qm^Uyr)jog?KCt=$ol$ca( zCC2Ki$eOvy=xf;@Zhzgm8c8{Klf^zZb}KuNx z$1ITzKZPfHrVme7e{S8dc)ymvpjCjO4(%$#{7^>{?9dG45pgEXtIG+Mq zwn5@|Uq_hbyY-8WYF@O={Qe9l07^?RQq{O-l2O~u4l%a*E-r5VY_zRBJ+@(WY{_-g z0c#vWgM8gu@=)x3oBN;RGn#~JXA7pjWl{bz*m=#!M=p{tqD-J%xJ4UdVf;s#VBwrk z>F6D<{Y`V_C$WL!<70yBh4M`1K)-PNpG9Vb@+``pM!Z}+^0+lB9eb{XG=T;-FVwDQ z@sqT6xgBr`bT6<5avhaS4Cr^C2&{rA)0%08@iykyLz537moC{(7BOkNO~I{>+BUy43T@ zl7LvL<32poI>6pC;MJanwrJL_ex1ke*)OSAedhkYZvGU)+tXlN#^^hK!%}Gv$5s@E zj>wh5P$rJH9aX(RrcS;6bJ*=GUFy?E%E?Gb#y5mB=*mu9SvTe-)Vz7QfOWecbKkaKn}MS%Xazx5C~3hQ~bc1XjA5S!8#O*6Mtd+lp?=g(eI# z(pp64_3)H3Bd9`3Qm&{BzDGOjHO5?t(*XUFU5!ANZ43_YC+#v|ehixEoca`dQ2-c^sxPXF@7z$ACQVC#lZ+c4KCkU1;JX7Eq@sn68; zhzvM91hk-oN#25%Sfy@BFht;3tG>)a?tTHk%=5m9`)oCMtE-a1nC+9Y)u`h4PG$pI zu!!t)r8E*al_mgzNFY`dF_1J`*T5V;hm)0@I<CAlaxlin#D2R`-*`TU?+0Ftrj zJm()!dsYk>31XRW=^fodI_TT$x3~?w5JUiBV_b-7i2;dHj4dD->5M;vcliFV$ zY1FaNfs_IGZ&*X9xvSlSMEeAo6?j7DA-cBVlANg5pLGJ_zidb?s3CCD=F!tr<)+T$ zrYwavSH)XA6zS*13N9KqvAG*q9cqj$tXgq$e%v~oBnCwFAjt%p7)=H18o&+Dv!e)2 z9|af+?73^iyp>zWnry$=Rxd6_H9i`f@!`PV#7^6axy%1;pjpTlaW(Xj zunakNByBCi2D4JiVh0Ujzs}|QnT~iOZ~K5GZCGeG@`6M+1i%2z#!rIYE$`;a(<#WV6_xO=jcEy z*Gob^>BdsWzk=6#BP%yk#j>_Sg0IMtoeZ{Bh~S2NdeZd-&@O$lj{5c#)Ww@?=hov#{&2bboL@ml zls+ERwYh=)bIL5FtMV|LqV~80+|THu-5h=+(IbJ7LYdyH$(GC)jXIufX^gOYR*fz)mhfqp72O*!j?@K|^>j-v%Aq*9}!iV6J=07Zqt zG{HKYv00*+Jzb#ezgJ3mpG?Ftz+It_IjW@jFnwwkvZ|iZ1%46;j6H;ITH$x^lC$XT z=-AX2S#U#PSDLd9!jeefb^*6dwaS9oL)q1*NBdPA0))6L*#<%v+(bwWbIUaOfr={E zW9(l*-1HP>CIR@hYTJO4O=`&)r%yy@WO$5y7!|eE{haZF0`T?;bn5H&+1X3Ok)l|f zNPvbSrO&i9|LqkbT*Pxd7F^TTEb$rtQUB95f(_TxjZ%JeUa?iLJhTbrZY#97z3!=# zZ@#M`Wd5sNc_?!c3VYmw^z+5^%fD3oTRmb}E-zK@6SmL;tg0qVVzrCfes#CfizZU5 z*upq8;!KkZ{0G2CrhK7f7tlYsY`+SP+L25iw9y3BwL$~yQ`vz~c+qy0(#Gh((17zsLnejNa1_!#viKf8o zg7M_z1EA7(c8dWfSe}Ms-hl}>Iqf?4hT<1~w<~nL4h4F^=fDZ^7^lkzzQ+gX;gEa4 zOg3HZf8fa?w`4J24(;sxv=1U$OD)P(c}QWatRpAxGkAZ;MFXI$94L82i3fcIw8aNuG;~;&gwLK4_7#3nXey$TIX!Pp(o) z#xii~^SuzJE_C)3Di8np^=oRByN#43eux0t1=kgkkSKY4t4iiQSpFPge`etl-&Ab> z{Cbv))oTb?VdsDGrfEEjYU)?}9aQ;~?!mHPkjUIPPw<5RtSHtGiIdd877wIH`o3xd%PI5`s(8Mk~$!mdVYgSA7n{6QDc|C8^ z759w2K_ry5CU=5v#f|`Q&Kl(spBy~^*Z`95d|iV?c3TOdgxTfqK=%PUpRW!bs$89U zdw9m~Hs#&E*dELds1$!nI$k7M;zL-U6X^H@TCH#Wp3ivMZlP+!S?HVVCM34zHK2=X z57oE7FxpIL=A=>04zp!mwT&+0 zjq#%zkw_q;2|-<6KjkGhDoI%tI9KBzP01CQNU>`koJx5t&o-V|1ZuyI)Yyi-WCX4M zdNF!hOVmk(IoM?I<*sJ+O!uFyVf9W)?noHZHL%}=KOwSNa)Jp@tyNxjLBFUbf6KUs zr)}0;!9V&<8@RAQ#B&`Y$-{@+4T_q~_hS*eYMd_3a!sm9^Tg+N8$+FL zj@4ga5pmqAM>JNFZ_5g4pN>K+^xPmyLu3o`>y@QJ7-e@Tu9Tt(JCNy)P6Nn68JcN) zp#1RLTaYacKkAHdNKVm{H)Oq9CLzW3+Grwo18f)`B7Ffz4W-BvOAVx;%b%HVLEIIBI?g@#crAyb6Wjv@L_5ph5aZO@ z-ZKz^q}fgQt}zmSJYYaw4YBMg&NYi`G9;@ZVw8?1!V_2Y&~UDajpSc4q7<|V*tZU? zD|TbU8{5^Y)7pH7v3%87qz?hCeK>|ly2uXCm7){ z2DHpZjBacTjqUJRcMn&G4#Ec=_W)#-ssN8+_RJ&iufEs@-J7!Y93suM z62jv2*O(-$v5a8O5yI)?8JM6+{!iGOF+~w2GdNJAi>%vSuRh+)>t=(44@i{9 z=nb%xMPJx*-gF&o^{U|fy3g3SfuE*m0j5-N24}UL>3LXoDlStlmiwp}C{s+A^bd10 z3vx0HPw#i!m_wJ3t?rTDIE|&>O~*>YvCC4-D=7C9fnQ%}vb8wNs2&XT?hcC}(87mM zKeob;HsSU#()`S?S(S6i8ZQP1-aNuIY)4$;zJf_}t6Lz1leST9K_#^_z3K z=U!jAS?7zn5k7VfkTYVI9ef+htI^pa+Xm;Q#v>+#1(`ltuB0yuCwb6(J;|@6I7iMM ze;cbSA%Ds%<~(EoCC_@>`dQ+W!&JaIo0b!+D*lr`IMQi1Is@i8$z)#1mmse(0g6pt z>mb}oPV$KsGM&rnA~jNj*CDQ;0vEZOT_0I5RLu?p0Ic*IvNvAsn`GTIPLG2R%V{i=3*a zyTr2yblxc&>aI-~F`i^Y>*UKaQa-m|$OAV=$39_)BnjCP4B;dr?lvo2N=2<5d*$cV zNPKx*OAfmMLdpSewAe+ZS=9jYAw0%{t2L%HnUda zmsZmI+vKE;4yB2D>uhs!smZeW$)urW!2O@mm~KOK2h5%Rd50)DKsmTQ4&=9wES-54 zY)f+)aWD*(=D*GyoFpCjQ%dyD0V(KIQ|3AMb)XJac)^h{&xwE z;Gj`^fL-l5;Nk(DBZ+)!Kz?S9k+{27%%bP7Fss-6)Uagari=N=z=mJvVttP>x;2>Ep!tJ)C}sf?acpv!ix=@@tKfC%_e&`& z{k(<%k*9X`p@mh0OYigV_apAs(LCu;5PJAW?g&@q#Mtvvu?XAUg6~S6bPi`H=*8JIFCv1Gq4;ds9PVSvSbH z9Oj5ccr5SvPH=j!-H-r$v?yZ9ECMgC{DPtHe}2CB1aF~yx)2XZ{+=LTEQY?!MqD9Z z+@72eT-`&*{@x&W6cc5Q2hHWbn#Y;F`xl<5MSPXosMa4qN}S9iLTGtSgMm9{gePPe z5r+FKV=9FrZ|BQg1Uo8{!Z91Fvz|HjMLb`>y8tf&4b=s0_IRZQ@Eo=Y^8yyzeOWJd zp{U$FATfa;7ah5O1)%C0^?nL>3D2N#AK%~0BKEov784oz-6+Z$osqjj@r;c}j?Q_R zXFL^7P0HxQtMAR6mIJVeaWQu4RX zo#>=Qk*@3n6FYG(8DENPZQhH0cILD&?7YT=mT8O^n8EnFBoDt`FfVlHSw|QT=Hfb2 ze4lczLy>z7e}e*GB=0cc>%-eqsH>E;rIY zTs$c7ix$hO$t+UoG91{nJ((n(Udqa5g_A`#_Hi=e|4edV-~ z)K+GND#-Q+a;s-i?7kdu$`C#jfl=ibgpf0eSJ2?w87gw3Qz|7^L)ArJ)q5UDLskV zBkbNInbX;nK)=Jf^ap_Nu+!%KZ4thiOIoa-dvuhtxq1GAS2vAXMQP-6SC#WQ5i3~R zuY!;HGNt!|Day9HBd^W5MKSTrdWUz--k}7xzT}(BSW0V48K+&y5D!;a8}ae-@L7;a zg4qvUM+FJN#|3_KPi{)}lWWkG7$>I#`x}zGqyMeYWAKWlKks2mTmS91OEd4^ z-$WGwrUYus95z$A8#!=YRZTY`WoLI&2w^o2_Nb$$v!at%*t(?@Z6RuE`K?nMSFfmd zSsDb0XELEQ95X!m@XA%M-tGNB5pXxru<|f6gP=2BBJn}Wt`t+T7ig;S&8giBO z6tI$T%8-*aWtOSImbETo;(Xs6g>H5Ck}z+LyZ2Vaif^e1z)>M>OkZ6iq??j3)UTx) zJ;Rcup=B};`#0-?60wIkT-q#T;2VhmQh@4@KaS9r(z~I zxiT)v6fD`NEOme5-_NrnJ_&vFY45Sr{k4@6bP>wRoH65{O_m4H9;L|6e(W6@WP4SR zOe1HqUEuB-X(=c$4uozgAfUU#w3nVd?K$OyI{j;f;4#-*2u_N|3O+xL2ivw%_ zhCe$}P}XOi#8W=Z%JU&%enzklV1eiVCfjgANqftZFi#6A`a0e|SdkM{dY6c-G;dg0 zKxX5*i%2dbsGWZoMJKw#7FU{OtXVw;X787P?v& z$-|DiUEGj)th)9rN(?LKF>ta@F{0t!Jag;;iud>gJxA_*e&MknWS2M-wbw2aVv9mA z_ms4`0xjQ^J7R0n(Dqw`x_#Iz)|&Yjl+wI3sN`z_g!S^0JO}e2f2RBKKue||WYKq){Oct4C1U**&gcTxzQjtiXz;vG(<2}-5v=9L11TJz6Y zIQqL-$D?ZSHBD7jMdEK%&Mdv=-%bKLhOMcVO4x|@00A+n=9B4ttZ{q$rV*^I z+^?7;Hb-z}DD=}X=k0C0x!=T^$2%CrgCB|OZS*7ls^Mf-N|R{5{(>2uu)jU3q-CL0 zM%R$!5<5n)UY&HVcM@omX%u{k5*x@c%(uIx&dWf3o4((qk}rHPLblJh4`>BD{6pB- zN23Xfg1ya|deo2q`ZLsYGLl040s;812WP|+EYrAQ&W)TGMfSyrYct*HZk!C3Fu6)r z`N^>Q0*CE%y5En)Swd9;dXONnz1x*dmA;^k7pZ&~tOtSI(@{b~Ko{DK)*-ki60`%D z7>jd%ktTr~RHl71X+B!!R^2D z$kTHLmQ1Yy&dQdPcvZxfGXU7*l%()^J;aXJ@0;wL$lsW*8u&Qw!^29WZ<@!Q7h zdsKD3&DEQ@SFMySJHZG=t&pn+7YxEFn62&xJ-TqHAK26^Bq_0sOVBn(GUVKU>s+%+ zN;U;J1(_NDQ$myGI4|0ShtlrsQ{}#%sHQ}So=-|I{gKC%7MH-VZOA}c#pqjtDwlgN zfBWHkD3sTD9VsNp&m` zQAeRMnxh5D*Z{&H?lGz{fT|yon>9NW3#FgFe&MVsjWZ2lbaWZigczh5L$(MFT&FiH zGG+dX8ekHhh*Q&FJqY?0&Gg$q6aLJMm1#;-++?g#6C^cFuZ5A|N5`S4>|r^u)`NF% zYZh}Yf&ll^!>W@2WA8y##{ORZTAu8M?4bU6ZD`cf72mtr>q-ZsacE9-}Q7_O$FR6IQn(i^1bh9I}?HtnRs6qS0qjyBu z+hiH7)>$eGVNjtZvb>ppBzwC0pH5CoB8|U9rGOf3Q%^hm2rPlmNh1M&2~0V@WxJKM zEoKQoS~4?~Sa=LzMy~32Rjv z6rN7P0gQDcRakrBc$<`3j0IKO@M)W3s8nlhHM)rnRaAyZ_?4>`>vkGLdxjAD)Z1-a zVH<0+Lt{7(0$rme$~>=RsH2%#4ih#`j$ivS$DK=X|4HCICJ%L>kcK?Lbg1!2-F~X( za5>96Z)}HV7nAV15JaIi^*@bdxj^L)0!$faf^z77v2Rg}yGYZ89gj;|7O1O~uomYs zTpidaP3Y(zIa_^Yl7zk~@mjinWVTjn=#0)aul@v$ljUyBpXY^@Gs9$?HjCzy+TouT zjih{}@fiI(8#gOHSlw4V`#!Lw%zo{YqGxY3!jeaThgl3rt!j|og@U-c^Yr9h>ht3B z*F~f)C;}-D1dc>AFrggN+;td%Pqrdv(}dh(l0QJa7`Oi!jwnMS2-QQ#N)r)Jw^7X} z@pLmNhWP zxYKIAzj=@#^>{kdxCEbWD!z)uk)#pP@Ey~;I$0ezJ7}daV1b^L7&_stAFDpX)M^Oo zIHBe9|7QgM_KE5LNYDfoo5LaJ$wnC zIU|VS%-h1r)9EOY$bz9yl3Y!j?KbwW@QPQm#SZk`>iP9G z(vM zN5u88Fp2%UDLsU?{X&<1G(vDx*XCADj8yfNnnR)C$K5x_ff_z-J-*8rQE1=xIz5uX z)EQJkJdHkb&XZ;wthtyCwq}&{Yf-CF$9&QzA@h@AVQYdw_J80~%9n9u>{eyi2&>Ae zAa;B-6}lGNk2*DV2>HblAjN4NrYG8R-A&?9E_zq6e4PERj|hA4^VP9d$Z-79nL01H zv=*(OqsynfhuEwtlK>_9qe=>CXfTeGmVamjTx{HT+Rye7Nj;eNnvR54M~RgJ?P9(C z=o}BYiO{l6h2b+8_c|N75u;2z)6)c1^v_*QAxbpu%NS^a=j}~9p*X5r_XFxXA(0iY zs9W0KUtWVtgjf#1RFIDg5SUFn!}dQc4(?!s0jWhs#-u|?mW?4485P)85<*UJK~2c4 zGWSXzl>5YcN~JQic|jE4s+Qj{~bp*l0TpfUQ^8`?j=u z--yhqmiKUg=8OvAw|0=}feI{$5^GX4R;<1^V7;96xtuS{kpFM``U?yuSOIS;X2xvU zZc4A)i+Q`CTPGqk6{TLX4qL7NS)u0ZkFuprOOY+(3E~;btrw0>xJJbpRTHf#Cak`PYm zvB+mxbPcUYxDRhV?ssoYA;qID_4<2YDOi!0s)Xv)q|P0(tjUB9NMNh!xHq)RWYXW# z1qdkO21TnR>S)#=UI6pKNnr*s#0OMCcsUwcRnfgi$m{++SfaCNjf-6?mN&!G-gzN! z0jUi5fJ;J+WU&LAM4GMpmj>=&jNf7BvCtms^gPj9lZ6*B?fM;Rm(Ar_b9UP7>BLEn@#Bj#BXYb!vTwN7DWxBE8mlE_*?bfI_S>|+7t^fge`F;b&EQNi_B&p>Nuut* z_Qxz!MnnrDX&o}$|5SXXHgb42eS!Cve71fM~vQ;#)}p+b1~zTy1_4$6KF z(_ikOL;?Hr4dC%kBQ13tZxs;d3g1Q>CLOsn+J!brBH$Ws&FU6|hHJ7l#cSIzuc9&T zPeBKoY#<|bWVpDs4sr4%RFG)KZ&WMe$B{lvCyJ16fs|MTITFFp74bWKflP1W?=eP6#zZ6Lm@tD3w~z1Ue2qZcF0q04-xQ!{Ar&vaYQkKFDhA7P|P*+deyJ4IgP#=Gf*15 zsRZFMHUC*sO=*k$Bj*(fIw2Fzt#NiB6Qs@6jMkq<+<;wT$m>tyi_-wmutJcHf@Qg~ zAvOE0fxky?GQ5*EK#d)sj~?p9&hey zRpoSDtZ|a)`L#l}bvHQA79`DwlO?VY5XwC_ZwJeNma@*^K%O9LORCGHjPzTIy-*Y_ z(W(UI%H7LI$+Rpq(N1mBvsS8ReK{$~FMiv5%bjO4^}n7sE(*45sVd1s<7$gT?IfV8 zV6#Mgo#rb=1O*CTRAEBz5&oSAv{o;Fa0WK{Nm1wY?IHzz>$m<@hz%XQnijF$dQVki zeoWsm6$H&DFSYb9xnwQy4U*XfXtzx8mmYexqYWgQrCczr41n)r9&0yfh znUd1D-Qkvx=njYd{#q?#qBD1Xoo9B(!N`e-H;Ub{Bb&!k(_6y??%5jN!GC*cDw+DF zK&fkk?cco>>4|58RA!yuaZk|>2}_|q`J^Tk_OG+V13TI|J;z`DACbPeGNmEC5k(a+ zjeW0dmr_x~@YP~@xBocAF@{=VWl|$T-~CfgUKRvT1-14q{&jm9cD8n$N zRj(Qa=bm5KAj>{J>iKo*w20MF?;$%JYnk<`C0}DD4PkL-qlDqwbC7Q$jl8GkGPbvC zHsP)33KzL`;`i!9f4CJdzw7q7|A@K8a)m$xkYtm zr*tg=j|(8ThScLT4vEa}^1=Q^w(iopk3Nz)nqfovey1fHy(x_8jgTrD2_9i!$U?)B z5O!ceV|KXmL1Ww2=3M|cKS2LwhlV{hU-L&?tn*&hVmI$7-yK^I23NZ1o5h7?G)ZEo z!$6`=H|8QiPSLXu_M9XK5-Qtoagcxs+8X2UR|lPochwu9`OA6})nd*Q_zDhDIm#Zp zS4c`harZJB{y?4L&KCs7y{a@Fm1X6ad!%wHEFJ zSg1VtF>XYrs#%Y#z>%}BR&%m5MQW9k{d;Fs4t_EH6~4Ei1CtJq9NZok;hKE>YLt)8 z#Jt4#TrB6-lRi|6*pqy9nK!F1bEJD>G9sg>+<*SO0&nGDp}|Og*~j92mR-A!U!>{S zVc$7Cl^3+Qe02*R8s8p%B6cSa)(Mn+bBUMQ?JL@1Erw9VS~)BsMJoZ@+smpNvk{m6 z3qCwn?r^VHRZ^dvis31GYpXU%JyYXsBvyfSJZZOH>_=^6+dh%(rI&L}zOpoPtM0~p zk=c|Bv_>Ep^e1b4Jxcc=&?#`w9+m;XbdqVFcT}w)Htj~h@37z^fd}1 zOxSj#Nv-$=9ArV47MYU_IzJx^0I9Qee7$-^AJNtYw&EVV(i3CQuepx)qS zv`C&W3|#$uwP|lSCE|6XenxikXou3b0SAkdqs7yiR`g}>MB6d}@5{zYN75ZY?qGc= zW;jy{>B4JjIC9Ks;^?fFQAcSVi)Qd0;J?@^Nj5&PR=v3|!(r{QNtFc4{dg<@>USSR zCd5aw0UcAg)DPwA28aUdwS<`zgl?dc@qMr~6>{qvfeb~w`f6er5Z1KhTe=z}FI8ib zx;E$&jv4$qRPFM)%g!1Q=*Ta_1X~j7UdLL6kcy@!KjoQ3B@&L>`Z035p!)lN5(KdQ zl9|99(l-P%HJuG^?TXJ485a4C`|93b2i@_v)PxwrM1sbMZN=aDl&|YoUUxe8P2^ab zdC(t}Q4ZA-^GQ*%hH5h!FWi98%c>~8-Nk4?`{~dH4=gmz-2lD988Xf-yJVC}g7!Ww zU*%muT?U6}dmWhIjIxsPLIi?FwZI>1EtHl*vIi)CX4JlG8hTRKH5^rOCAC`KV5J?P z++8+b+Pe@cyV|up*7nYID@SYv*!N3gD!3>-l^S%&FYfTJkgfNQ_G%m~nL}-k=&o(o zur}S*i^%`x%`r8m70kn*GzGVOw;9%!eEy52k86=7eYRC#ytS(|67a{A7!X-OdP~>5 zK9d9_aFq@>$8*zf`^c!{5}9=VNd#Wv+4&;P)YxB4)!eG@XR3V=$OcDDic(RAtEytx zQt;0hdhbWR;L3La&Vi_z?=JuzFw2JEPgdQXEuju_ymSupoM*)n@l6loVDi}@gU>Uf z4w)dwM!I9Pj4X9k@y79wE-r>_Sz`|mX02&z19fN3s}bY{iY=WEi|%=TkniJ53&^Sl zSrwIgj)OZ#zV$n_0y}r*r*uocEFw-W)4-6#uHt@K$Rsfy5sU`zuchDi53As@(-=dz zW2vt%nw7^fbYTcrKD@;ILf$oMcqeh6C;1Acmg*RJ*M%sjaeara%_xo2K0!6=`8I-?FB_?{$83<(Z9RiPPsz`fZbEnL0V;JZ{X?{=6OOq zO;oXYt?5&8>Zx0hMkDM!DQi4|U8Iw}k&QRX6p+kOnghMkD2a_uDxZ&_Ah?}{e^#jq*1qSeSHgFZKvjpxKG>pi^S z>QBc~kB->D#){$4fU*!N;NqS@$0OCaa@9E|+=!u`+tqwaeP><|D2i-)0q@-}FF5dI zN>OsPy;H6y#GMvQO};`F*^U1FuV>3!c0p~Ff^=oNUn1I%n1g4DGS6k8%k*gP#Fjr9 zqc|iJ1+>5G;fhVkIup`M*J4{^;gOb3=Qv0w;eyj4FtZMY<3UzHSRu4p2R9=UfXgJQ z`jvj`;EL=mPjSOQq3K$3N~_vF*B=4^w7PwvmEqxxpGZ3#a!CxjWOtX0`eE_X0P6K=({FMr{MLU zWEQ-kp5wKJfPZXwOMMv)KhKoV{WWYxoRZgMhwj>y`;tveJ>=66hu$YI7ZYY+-CsEm z8>TV{2BsFE_D(LEd&)vH(9#6s@K7HV(W(V*qXHvtab(!Wa+w$;ORkBk!cD^&Hc~JkhJ?m+K9N8s%Eah#!UNKRtZV zB8iYu;7{JS(13ADR|ri4P35>;nC+`6ZC6$>f@E0h0n5V4 ztf?9Mb-}rEQFCWOyy}ujRj*D(ac;O(`PXaQs6NkU68DI`K2dA~jSwE-H3==+)KNVH zT_BV&poQK!9a-ACLYkAi6d5H4OK!OOac6)FLUY| zd^=BiUJtVkX#_M%-bI~zB(It9$f!d@;sJRMbK6zv4H4~94C=rJqrr5luB*hwi~eE} zpIQM5A##VNe$g-tXh#C_-CF3}9@dm_+$y?T-}@=2659lSJ?*ipLJN3;@JB_#&wOX$ zVIxQ^keaQn_xs29Ob%PPlAl3{`tEG8kPf+JHP4Cj-Df{xl7`()H?Ou|4);F@)2>Fc z9z|?8UmWxg<@LcD(A6H7Cr_sb;;MqiV&zTSu(Bv$z~yHyGAGp%7p72 zE#Gtpd^hvrYY!sI?^Ht4S_zZxA2o+r6bd(m`Ffz{hSSijM;IF-SN?Z-OYb=lap!`m z*Ae3}ctgAU2lLCp1N{#=eK#U&Iit$?j~Vv?e^he$zHndM^gFc0SA->BVe7n2Nl(0| zCIw;wyl3BqyFYJUMv*WwvZEoupUxPV!z++2JWy5bM>B7(vPyh^B*W4a5?HzM4sV-~ z4z0%`Su+D!+xu4_b6z}*t`WNB<~|e{9s>BonE9zbDjxdef&yM_ILxen4}58V^E6wv zvdiz?mCsjhXzjQ1Be=P9_&wp#@UySuZ#LY9d1Oc!%9p{86n+%f{hEZ7yd{Zu@nr-? z_th+w8W1${3+F3T$wP-~k!XltgH_3Qp^_z4@1}LFC+)LRjg>-p8Hz;q8YX6twH5=P zct7`O?z>@<4_qU!Bt&bX@zd<6+6wA2b;AQO&t&ufj7dJcvy~&JQq(s&m)j{ zIFyN3y!~n@$yg19Z=z@(;LodBp?bLF;l^m{kCNL6sCUoVR&eoc@AdncQBlT z-;iyUbP59f5XSF$Q-QPm4;}v@>~H7D0*NOM(91A#Vh^RS+C>W@0X~BQ8)4YyGSb>I z$1VUSxtAZ4cTk>V~4mg7wvD@8j%P=36u4PX)(Do?{zCZdg zgLhUrZpPh;1(b#$5R9MV_ij+w`gc(jlvvS-%e?j){)KI%aP|6#Y<9-OB#aQ*sY8`g z#r2DE!?T_GwnsE zY*2?8rS>pi%;kB94_D;raiVX&AIUtHb6JnoJ3QcSn)E(I!K>uQUB!x7&n7wv^|M5AqsKTX0&FDC-b}EP1N&c_Lm`#yJUHJ(3;D5 zfBo*bJ$uV3e0_*^i;?>{20o=f-@{2Qx+jEDtGDdNfa`cFN@pIz7C(Kktyrc-IPu=Ru1e=IsU zq4d9A*cHCA$$*Ch@A}oMzS8Y#jDG$ljcHxko3PD}Zxv@CwSlGAFpF#4E-~z_;{x-f zb^EpU`puGj+9BkSx4P?Cx#+zlHqwhxF`BEWvX8y87*hV%+;p}sxUR@+7Ba24kuz?Z z{EIF^Y1$ZA#A2J|FKcR|lFNPt-b*3`65`X8m1HAHl>~>w^fOjjKr2zC2@*0mS1?{Q zSu0E+oF$)ILvVW*Aj?9*_8EdUD?J72VPX1HaGl&1;$|?_ zn65%;aszin{hDKb%Ba)$Ppt~6kqY(gDcQ<($83SnKzoe&w?=Jdm`;r{7HzoQAK_31 zP2+z3_d!TyQ2pQRtDoDwF$A;PVwYnFQn=|$15z!DvzGgv1PipJ10hPkqXP?{mU=)w z6~hPB2KSS`IGU{~64wMCF=DaP>|n+V%kdW0xM{ts8rkvEIiNCH79gtA*(EUz;k*A% z?>hK@K%|_faV>2^%ce}S`%Vvg#m2%Qkszd64;Ewp=nVv}tx4W`1;_o$q*m@2IZgLG z)N(bsv+LA`A8+dHHJg;jMYNJ z8f|lT`lbM%>9H`Xxn@KWkYBt3{K--Dw+}*=nmtn_q^~N{KDmq}?CvE+0zM<#SA5O_ z-2EJE0<8^qy>6QAfV^D-Agk8(i2!?@kC`%Ub10}wFjK{~Iqds+`7mPZ*_fD2c2MG( zt!@iomQ6O8bjz3+KvIKs{NvJ_Loj>;IRes9Jvs8;&f32m|C6B%-v@Aww4JI5=PROq zV@LhRD6|lwW`()h6F+|I-(bH?xF*?3lqaYjv8nxV^Xt;G`#W4_%RCub&kcz0636EQ zN6iBpitb9mBJoG zqSoLRX5(iq6EUvnUD{D5j0B!2?|mR)xqiIEbhN$>MtUG@^EZ4=XCs+0e5ej9umJ4> z&Yb$BFi*7o=$V_>HISdt0YKIfr=ol@j011-b0bs6ku= z0HwN09VB)%^WW0he^j~*AK%rSFYun<`%RWqs8Yr?gCV!(q-3R>jXYJAZ9D-VCt8$w zX8Id-QfHdtKQpLx@HNZKjiHC3j77Y05OEqJeu${;m60bLBm`oN{E}mQ&WGZUjBlfK zdzRbOs@nzdwe+>Jrp{AD$|UqrB%>BhZ04CT%wZ#uzla!Ui|zsNW^Y-f%jiMFs5!|$2pAMDbt2Px8hYDX;b4B_K(eSCoz85FMSF`e2; zueN}@(naUSw>2WzIoMZfU7Jp4&d=!ddY^0sDzQEsNXa~XOGnKjJ55}6xYm=Wj_&h5 zO?~T=btxaR`RSd!{5^3j|9QK$KGWKIfnYD1M(3eD)!*(;;*cLHc-xUb3H7hf-rB&1)D0df zuo_{Q-{_v3RUEa24(-B`$VSF%y51ei-0t+lO>2TqX*SPkX3j6>wL07>#d?maaOgLA zY2k5eJREzPx!H54fD3n;t$mtaA1^jJ{Coh<&kkO_Ts|z%_!YMw8|A;8IMv`c%O-d@ zD(M-Oe7iOT>9b3xK55(SAhJux)&A-b&KYX6-Ppxwt2}C1le&nOtogs#%m}$M0j!Pa zQ^^_Vrm1d@s^Lru!96dg)b0-Qz}xTjNZw3x#Evq#)WvJ(j%gd1046uRl}!GXH!DVR zavFBKpILREGPPyd^FY+QBVTZy=uw17-VUaj`h3`0ebNiXJ|m<0sG%eDg_g+F@i*m& z-Dr0syH{x75mhA-<%H8 zZabOQ(blbOW25!dYGkQJO8@#fr6f^WnVV(5s!iOqyGrTmDUl&e;C|Nq{uK@rWziQa zHoR(t4fMepbfV2y;_9OW4ykXMURi#8B^=P~wb4I$i>cYew06AwXh59hr%SG+MdLHm?NhvEy-ChEfz}Z%G+cXD`OtnHs*xyTE z&GEAS;abBp0o5mb7^>kP)IvGwx!bd=5f$v{YW{vJ84>kn#hV-g0nDk;RubuT5|^?R z=hGAP3Dv7F#sN#6wD;ARa9po}Yh84H8(Tf{-K;$`l3-_^maYavi8idurhDY`HSxA( z##HVSj%~slPcOg)jw{_`GT1Z@dc7xiESs<8kGK9?WtT(FU2NV}T7-$(I*gR=RdXXAJE}CpIIi*Mbc&bu-r0HPpWCgg=5f^}k)JTAp~# z@mbnTS;^8hurS{{8Q({KZmy+!%-^t)g1b^5l-B3V9!(6v<-H?@FuH}@3*^9G4*$#1re zr;HJ#RQSt1woZu#<*}l!J=!%$lPk=*i*{Z!oy)mbG;zpin zthjBC&I`EsF7l_Ej4wzSE*9{m9Z1^o!P%N{Y8q6OsB5#&TY~Pi(jxbI(}M|8@@p?P z>9KoSs=1YrL$A@IfG_2Ft(q!k@*}ObQN!+=+k^2`J?|H?_owfm{p(||Qs8q(K-c@_ zcH!#ldRV~g=1u+U<~DMx+v8=yH!fA4$JvXz-28=r0pWA;a^Ht&%GS!hqzJ(g)q;9d z3Z(>eR<_}h#lX05vpZQv8p`_7;qy&kB`d2dq_#f;jzeB_G-y8ewcIxIV@RlJwhz}+ zg?8A1lzr=HA%N=jl*5%*zMCB5TUG36Q_}%j2uz4)x{|$T2*|{UT&(J(9kqhXRBD4jrDl-RI%t>eLvuOd$MnH zyhpAaZsLBzhQGJP7rqZ&yRZnddblP1p+Bi@8&T|Pg!_Vs2F00KTMYWZWTG0Tty8!^_II2Y+wAHxP zn2%bbj&BTViwtU<>ZeAIp)At~`55OKl>|{GIN|ENIlI)vD0nR#qiZ1)Ges&F;6Lrp z^pEamrqO>?v}PGa27T@8lO*^^hVBYi&{%%SMgQ#04@MVz2SoZ6&t}XTx$^Izve8;| z^>n)!4H9h%!M)mtso4?DTM|`tO<<)xoBV`}b?vUTO||;&eZa!CbL*HdIFwI*u9&Jg z-s)05vH=Q;FHbT?h4&LS$`YuXR~J*T=n$Slk+=R?(EDK+UM797f~X<8M-117Ar7+Q z2w0yk8i0i&Xzvu5h{N@$Nh^tokbe#-C`6O?_k-v~%jM(_JHK~>W<+|S%(T;dn_%&W zJ^)mr|EBiROCmOV!I6#Cup^vw5`6-BulwHe)3W`z?3W*K+-9O)DR@qEi!?_%Jp%D& zze+fS8*LVQj7q=iYX{RO;89H)w04X{#CI@5x$ZseeniEzvQ5*2H=hZKv6 zMb!=WMT&{tT|DVNH)%R)@6x(#$2JT#bM65$!W}{wxW>%38t(Tj#k}#W1#+(fcIXA{ zGV;R)vCbp?2?G1?#fV}a1txxz)Jen?e7z;68+%-bH+`j1r+VOig^wZJKr)zfE1r#8`a+dN;QW-tgY!--cs8%*>3x$3E5&OnuJb zJJ|$VP#RhbBw*3ORX$Eq^iLT-r^5;m%v>A6SKNS|5%d;-bV(&Rd}lwKl|x!gD#Mtd zR@iRWf+nppWjF9eZ0SxGdS3^^jd>|UI-8k*@RXA5l%sHL}+$36`a)`N?48qc%uxx5%nYEa91gdHT$mn{DX zEb0niZ}&puEdhz`Yr40t*TM}gf$Q7kuw5OecshvxZ2V+;XWEU5Z5`$(`A(qtU<#F% zmhE0EMsNlxX@$7y`ej#((T}y@Pw7PB`r7Ne93;B1UJ98BbhE3$%9QApguS5O&M`l zlYt-axXFj7sJ2}_H~fh$F7>G35aoGo79m0)%Is`e&vDO7&=-1I8#hHSepz%1e($#$w_q2*(OV3Y|z6$*LsOjRu~z+jH%& z5W32m7}3ljR)o#2{6juh7AP>+*cgGJjWIbVY(Jk6gM`!8McZay{~gHbYx=5?$qM(3 zvMCW%-N}XTCLY~wb#l7l0ezMk37QQ!WGA|eLY8v~+1lssFS3bKWyey*(COR%KSB*l zd;(&ldg;jjh12|~x`#x(FvmZH109e&t9Sp?S`=ZRgpvb(#Tzf7rKff}an{{|Hnw{R zzV#F?&ZpeI!8I^@3eKKYkBS2djwPJD81=izbH7*%vQdn5;=)D**R8!;eY_QNM`0n; z6_O^u9j4RUsEV>7^D}9k$;SB+S)h0`NAzv*xXj-uZ% zG+HY`dZbrvLY}^C#KPRf{3j?FV>|CcWYB2i1^W*-+y5cba8icB1sI)7Bgcj#z@8@^ zhr?dQE!M9kq!4R|zr^zsxo`hk8kDK{7 z{(*!+VEM5@AXr@Bg8c+-?Sve8|EGi|J}f}4N%q3$sM<}V2(JoevdMc|u$SjtO5sIHK*C>H&R~>|jWr96K3Q`o z*&*t3A*}OZhDpi3F*SSZYxLJX-rXTF#sKS4^(%8G;=H52u043R;)u(rneV$z5&EE$ z!b_TBN<-A_BVrFiF{YP7luKdR&;q)^Tm+XQ4 z6%8(pKSpFj4!1@gVh^9Nel&tvEoFEepMv7gE%b5wO})ZEn=CW2x0U1W1lmS?cxT(k zMT|}6#5tLKpX!EA_hSUiuNjz^apq>F8+9Oxq(yPFNWKz({7qJazx%RN^SeSrPb0Ut zJxU+w3^xkp&K~HLT+jTD-8sKmYu>c>vB{S5{xu}{&ZGj}L4nLWiemgZ(kUur?SQ>O zgsS~+)G}_316f}7-Rnzq^|(OWPXh!dCpFl5s>DK*Z> z3#Wr$NC)|qLl#!ajS+{j17KHfRsXeDhj&BLFSs;-!JENPu17!5F zDg4KkCKSe@=-7Vf3Hh%H#tQJ?TXb}+W?u|+a{h{+98{DH2LalG5t zw=?9`J=nGG>Ss&W->G|k zdp>TyWH@X}9Qh6-GngdTIcVQ>3w}Ov)cAf4Z*}^3r+s}q`FgP&_m z%JikkRm!l~5<7U?9{dz%%tfQbplY{s%3q4EZ0pPPslN1R$B{KrnH$fK6dj>e^^2@E zK0(tSy|TRJ(6B}P^7=?8OJ)%5Ah7-R&ki3_eTOaS>LHLRcl@#ExK`V9N>;u*+nRow zu1}X~(rM^C>ePA+xS<=DLi#5dr~fD-Y+tbB$wNQ=OyLmLy=n=MP(*I-49VaJ$3;J? z_IqKXiS5$jHdfn)x6sVE+8Lf4Eq+1GbvORzL3|Wz2d3HYz>IaJk-x=cBCxPfQ?0#S zt7D#hrK>8q9x18eb;xOi>~ad0b}ouBnN}D0o48r5_&)25iSFsOA`I=PH8=cKRN7m2 zmHc1j8D{z3&G?#8n5-g8^bQ{f&xlz z_-Y+^NK~Za?ZUuX&aTKL;Wgk&UsR@nn4xj5VT)+-PTrDCx`mV#Mtss6=-s!=1$phuxQt;!N6MsMAYKJqd;|?d5G3 zj22;2>S%m&f;0o}{|YQzc(oh;p+vrm5g~L%h7~aC;PTWFnW?wn;fwi%s^60~;;HC9 zsk4feW?J`Pp>F{xOVb5f+*$zbj~G3Loo8O8J|gVdE7N$C2HW{{mJ1Vv(T$t))lr@4Q57ANWx51-IuOIyHCeGg;~2>0{_%v0J9ZTI1U{;Ka)s z31YBtC~=2;o|B#70-3X&q9vE?8YP!%ZD!fXb&URN_HutOg^@-)CLx(-6USmnIxqiEmD9b@*HyRiT5tJatE=CE6WM+x?a_Lb~G(ay)BZ z3{j^1+u6eDZ#jkHOnAXaF@t-nKVKE+8{hOcT#HXif{B+ zv)I%WeO$h{Fy|5b-A5_jM60=BRkzR?L_JIi;+&eEtxB(*eZQs+D#72{~Z?y=lKnPMXLH;UMnsk*zLKvjGv_Gd@n>W7yDUg1Jj3z%S`lC zfS9gvwdRP>PJj!`{>N{`(t>rZcK2~dpNb;$#VHoga*nTgsl?OT7^Bpaw($g?XTvDa zrfnFWmv?1?LZ^R@T&Hm9e`ff5nmfMd8v>s{9mp#~&&qe#l@GM~0WT`R<3lg%0anz7 zSPrQeD-IN$V2M{?qebY+su;zT?kdu1T$mhTAT|qgT3myrtxS8ZKs=Ftu|zEA&cBCT z3!2SUcr9sCe8r)TXSgAB3VhU>6@tn8I=#43?>o05XPp2w2m$u3aqAz)7@ydSpCYR6#<4TTr1XQ(-8r$_;n7+%^$8)~^rI2W)U)@ZO@#7a=fSl~}_{c#~Mc`mi zCvWKyv|%pnRW6d$f~8rdCu4RjsyfnY;0c+teqSl@_zK?UyWr zK#>zuax&dIZc!XNNt;)_Spt=asQl3&!3!)U?>ud(J49ff1QQl79>W$&x}UX-t__RZ zyCm78BQX{ot5yuWDn7zyO^zbQim#<%rc>|6V_Vs)A~Tj@u2DqU`~B{0E`TM*LXWm= zo`5vkD>nz!ZL3u@Hd2a=W)Y9Of%xS>s~5v26Bj@9i@8rwXb78XL_-7|i*HjfqQNIp z-sA9eH4F_m6O--{_u|{rxkxIK6#I7>dm1lYf|FAOn@lOXq_gO3)9;AA+r-B;Bym7l zXeQ|>i7iU?`PgC?u_vIws47}5u zA(~OGdz|shUPUkT(pKj0*6e>f+K2ziNiLWPfyI1g-XqF<7kE=>s={qB)6?IaAGAKShdJ-9 z2DOE}5bT|zYv232=D3TeC-O2~ z=Do_@Ql=ffg>cyD8L%uAh6jUm3zun$lw?c(T&t^hvC4@UO~}!VD~(OuK8Axzbs~+# z2o=89h~UuUxG|1^|v@hke`&V21jA+LZ_n!Xyc?qvhKl}n--V9EjVBPg_ejNIW#`Bex1N2c+@xj+!ML$B-CVP zh0U4Yk3tpQ)J~per=5td-IAUzU;`VHGuGoIgqMF4AYOe?zfaNfu7-uy19?8@VdK4Bp!zk1m_zJa4Y>v)Vnm3vaIYvf4urDBj|=`AbEDSDBeBGWS^gY zeewSnzXkc`USIvR>FbvNuW!>5<&%#w>HobL>xK62ISh3H*6TS@C;OQcPv}MgB!dau z&faiQa^8Oq7w&79t+5GurzGtdHs_B^{tRC^l7u1hrA6KZf*K0<$^U--^-F+ghk}&1 z`G11rQr}9msZ`|E_#@*scZzUHzW{d^W;;0tm>PFDO8b@_$l_ump7*<0em< zbS3IuI#}z}w?FJkH2K$cI%DXuB&8KmVL@)5a57+CelhM(V+B>eM}fci{PpVen2At2 zcN>GaP5-L$o0KmmzfWBJ5G)e&#J$S>JF)H0G4hnV+1s%T7B3GsrmI(>Kzh&Z?gDw3#=>F)abb1zz(-fac9ji0 zx;_F=b3Rl}&yF8=<=~5GJRjubGy{eDYazE(m6Y0px2af2*KkPEY6LpQhvYtqJm4P* zzXDD~a91_;;UwWMo~j8~5-PdYsoUY+=?3QkrCmA4BWbkN1dh65tinO{~I2>?(G^G+9I?n&G;9Lu^R!OxV$heC=Z+vDe%Z3kA@M;8g+A7~9SAztZ0^EMFaDG;OP4jr|6 z$9r7lF6?&@TfmnB$YVHsL_o!aPl&hgh)5|9{sdcS@~6?$dA$#O6S}0^CxJLGJI5wE zSCo;|i>1KC-eE?wDd3YMrCFD4F*)e)p}-Gpa-cA}{N#p;s8I`!?g!T$eFU+ulzM)M<>)Y@N8pi6U|b2C{9ezMUtY(^7N8z(>)))|~JV zXD45C9k9kg#<#4ZElIJ-kr-tPUQ|+FrQ|P0v+kjKkvAIN`_Ay5b zDd=|zCIKZ?@9skUml~Q58WpBGo=E^wk3p%Fi}13f{c_nEy2o+mm`dh7KoWc3!E(0J3H<@&}c#zC9#T1dPU zt@;5z@AC*}`EPvI+`lIo*<47^saG}kpoKDQOpcJ$_W|#M((u@cT(cmyQyQJcx1h|NyiNlq2(<;1g7!Nqxjw$#UjL*0bYd#k_3RtLNv(ZUa zwKeI4uD`pk%2>t}5NSJ4^MKN%*1^NmSoG3SOhAih*!cTn09QbYmfT+0{c#ax_n7kD zEcRFEA6)RFDDk)Rn#QkOMwG)_rzC6HaaJRx-AOAaXde5Z1@Q;%GH^g6%ON%&2-~a% zovh*u;na;rda25cyH#aY;VZNJfQ$5d1+ngLXWmvDObj z>2~wD6(mbw=(6tI*&DYiT!{|>ZImXghy5#RKt1S7-z?z_;VJji~_Im+JjeS zW>}MZfF;{c?HunmFZvZNdSL<9LraIrLlPiV#~;GfBp(AX>~T?E|;D*~KbJ zQgrY<-1s1dqJJ)$T<%L{7-m1__+b{8CM6o=an=icC+flt>Eg;>J+V!ghVgeg27|{_ zq)VjP*_G6etju&1nE_}_GG#W-{X|~P`(;GRHp?kQ0d{nk|Mf3~U=4FLU7oGE-5Tq! z@M>ZH?o0jN4vShbyHSeN6z!2{9*9@8UvJorql;?Gn57?-=Yqd25nRqPYrFBA>mHXW z3+OX13~<op8{53f)|C% z__r;K^`xUIR29x!!KNdOS5Ekl!_QSOI3CDaz93ZL%T3Y2rI^)cnl<2z$P&YfJxMBi3;@bzx*4L@-riHh zg)^4|-}HS_Pwd~H`_Go`ud5tN$Wv5f(;+L9S2~cMfIC%4qPQqqzz>K_C)0$E0Rj4i zf{b)XbggEz1O5(a;9k{oEgg*od#Y5D6VQ~+omA@!0~!8mObzmF{)XO28*F7$N-QNu zg?YZ=eTOo8zkUzkrgcYDR>u>sy4DJ{dFVCt?(!l>(|No9M{vwld&po9G702wADU=! zgj71?qypKyi%~8N(axzd1yR;HcZ>&TBahG@M%ndBEX4J=kSuDjp5Hr-~LQe<7I z3{D{U5D4Q0AFg1cBFB$um9BUmc`$ggh#8zJDUei$v>S~w zb;o5`-M!9GpJ}(NW@9+)>uT~6Fe*_+6BRC*JRc4vm^}k96{8{>Z3j1Yo1Z0TF*6z3 z##lRC(3FH$)%j#1WRVK2S6AyU?-D41n-DR-y~AnH1QUqF@unb+toPmV$}jUYE5V&R zL>X+r3#^Ole}?AJylxX~Cea#DjiW%syP{bg+5wh~IwoD4HkySAQ1Br#>LUw}f1WA$ zz}rTew((@9w7RtQyr^uUTHED2x-OJpW7G`dRyUQib-Av7NxW{u~(C5@^pNzx#-9{v!(aN8(V&;oX zhMf+1Y=P3`&MSs_>@UN)aTJZpwO{F(J*9(xT54T|x1oUq8zM@n)9EAGZJBRc=;s{? z4h|AO!F6Pei_6S|=!-feMqOx_%83W~om6XSD)s&0Zfs^i%vx2<&XfL=WxhBGCMNio zs@@u^HG*yrAxgWB7{wC>CZlv;PO(_?C59>$jjyL8_JS-B-i$j(1C%x zfd#aJE@^clkF|M@X%#8W7>ncG@wz!GO$#r=zL~HVySC5$0hOev#i?xn!sh$@Ib7V9 zP`OYB$Xto^xC|*mf(l?43tlh`l9D*#M@_TFiiito;?fs)4VTfsZkj3Ixpy#MJA!!o zHt@HJ1SG|YKV!$Ep@i=7OVmSB<_2(>?>it9f3@mef+il!QW^v1h{W)$IY5f$LP0>u zHvgOiA9D|Th1;$S@PMIA!j-s-7ZFwz zIpZR|qY2lIjs0FtHT&X>tm9=)?jVjO7Eor4hH+qMbXoDTWS~x9fu%Ogjf|qu7IS-s zf)XI64z@>9(d2!6F#8wvrhWHiwGE5v$fQgtIplio)o)(Ho)%7x@$!zL1}$iFbeM{A zc;=BZ-y44@PWSrRH)O2v@$~k#*3IZlh|G$2))Q1oLZe;)TkFtay$pqQY}B1AObt8N z*U!7e!B57m+dLwx9hS7dPCv3GTKv{gG;XaI3L#lC0`pOa;h}!!{_HBQ+>*2Um%WY2 zVWCi?Xd$q!pz&LSGzy`|-=mS)6df;{A!4m{h>IBOslS%k$+1Z26xeuiGOYMYgwn93l>le}@!uc_{P0Si6f zWdQ#oD65nR%8M9|B|+WH*SmT~5|Vjbqk0X#3QD>VyV@gdShsv(U+0Nvq*P+g`j28I z=Yq*w6ZRKeM#mr=zgJ?n#EUxj9m)i8d2GVYcmBh63534y@?R%UUl#s4RoV?yS+Yl&*k1r0&daOnmc! zNW+!-$p2#RoT4jx)@UDeY}>Yzjytw(+qOEkZQIF?ZQHi3PSQzk&Kc+2aq)bg?*C<1 z)vi@*>@n8Es$IW1=cme#xw!ddxLTfx>PGB=S!|ZQrMJB=MW+&Z{Cq$3kUi>Z04P2D zyhjIb@b?S!qSA(Y&S(Hjz(T3(77e1`6K^(VJy5*+QN~V=EVE;W<*QnKb6Lnn9*Wl6 zI<=|@GyoK#7ktQyjN;&%c*tX}rwS0}QBJy)4JTgj4~yl#jFbW(lSOhcvV#w_yZ?e; zHS9Q6J;E7VkMGeA@u=6fLj;7BGfPtL}TJNXU=Fmy%Rk(hUe9ovd{yp(noua?SS z^Z`8~CPR#iixA7TvKm|FNp-b(qM$`Fw}_zvvHAP{+q)w0sy{_jpbMzY#nS} zatUmZ-Jg_f+GDZc(q8p6US%!VpUeH1nZFyJQk;AU^_XPXb$TX@t8${2y4kTRDU6phuO<%Z91JO0}Xc&5wHCO2ySdKy#b#j500{=Rbep$B}76RXmP!Ov*;yccx& z+^f=M6O;6rZgth&aB{$KN#KdNUUk}BY$VhDSEL1-=qjYG+?H= z+739w0l=AhL|0V6dFd!nspWrNCo^s30Q2NLi+|D#2&Q14M}IkzG8GZGJy7k~Ns_h| zK38|8;Za8*N%GbR>M?C;p4zy-YGV^33oHY<~BXp=BHGp+Y z(-Xm(^zAA0Qlk*|KG02XCH`R2l$i~B#XX+*$%LhCM7~2LL+X@-WPLLr1O>1=t_Gi}9=miR62h(YL-6UCR}OZdc{=N)r~Ghk0uM>ed&U%R~C3S37 zKAyKI7GFLpdze~Or za{BuNTKIY1uMr#}``aWgyn<((1!Rzm!){XUNFcU$^~Ay~Nx`wD(2m?~oxiVdTfemz z29v2flgUU&eus^|6N#8nsF1=H(iuxp<=p3Th1wv8{!OQYFQdIo<6^+w)0b%e&Y_~ zO_bQoSRaq#Cq{c(x;<`U)+xp2ow2|9(q!J_8kx~*-Y*^yWm*dw>+p=2D{ zj8fICG0juvnx|uk&_{eCJ*GOv=u|~A&36)Bj5f23rd0z$+}OwQne1@Gv6NOtf{Yu) z8HqNv-rD|j6l5z=9=H8Km$rwdD7K1sZ6h=Ui%%XUc+%}+PF1yi*>}u_vQX)KN^5;- zL#p}LAUk66+d1stVz=Mr!%$eX6Tb$3Z_~NJ@!a$aU&R)nN|N?xvNTvBvorKE-fCLd z?eFMqO+Q8>CY)^Pgj6|Z-`l^Wwrn%AAq7H}K3s>{r)qvSZ6=ZxQt@K}hEuqz%42}n ztcPNX-TgVpP?RV~X?RC7>)>C}XaiC1O$E25M>C;34m|$bWBEz<->;X2Q0|AF&vS?Q z*@*1gZ3MR;yP1jXy5VxygF5TKhyPy5LSzU3Jx-6~_`bMD)`jf`6Jxx16+PMTP)Vnz zyC%JRvrw!si~55)+HU_{cXb8j1$9PE z#9B#i-Xa+*h1IxI!;+J-dV{y#<#38-SCd*oX3I?Zb&IC1 zTU&SY)A^;PBbUBrd&e8nM!_$8J_y};jO99YiSuMJP^%b zw2rR~dpo?its_@6l~ql34eID**n+-No2EkUsddg7mU53+Mq~Z#E!^ip7RyxeLHaLpKN=Ncj+avE8{!8XXk!{h0AULy zYW{kS+Vjc{n<3C-&)bo6=GFgEnPh>Nx{&9sm_eU<-8%F-L*TzCcs`cUZGwoD}!+##^R6%FApOX(B{v zG*VzRprS{MIRk{fD$f$sRR&>>E*XJ#NDRXr9!Ewq0~)Br>%|jYHL9Y**#7e^d6SHU zwsc}LlqV8IWd6}8=ZYUHzq^u1C4S=7NC&0UCop6HJu2x8w*<;x+aZ0jHsgpJ*egZF zm*`6|f*L>>dYsp@sohsoVZT$So$Li9@=WaB&$ap6yVm2}KeB09F>eH#4}rssXp)sTaybt{1@LssWjL5Xm4(wZR7QJXDlG|BLzj~V!=K@P z)!zkAp^;krFG``Mp!5YiDrk-VxN%LGfE@`wE~&>W*MZlHlf8Z(M|6@ixP0jb#F~h- z$=RrZbTNi{K8+)X8UXnrE9|pp#c!TG1Xwbe2EDZ#F%1v1K!|427kaI(z2NZ|cC4-m zF-@M5ta56S`Y>p43KIMHDTXhq0<*5Tip5s7nfyz@-tRM^a8w;Z*b@TAm))6gi8oU@ zb4rZk6x`Vnf+1nZjesH>Nqhi_cs;D(X$sEa!OdeTeiu+J-6(CYP%h_^QEGTWMR~{*g%F<)C&Fb(O|(dCb_Z%3q5{(E;+y-`M#(U5_VDia5Jkfd|!x zjYfnWJnB)xcz37ZNuM>q&Y1RA{jd73+M6h_Ywn$4b?O_5MVv^!)^?)+ltV2{sln#Y z_>*$?q=Vq=*gplyu;J*u5hqq_=$(sJv^G0Rp`^8J(<^t2K3GTjwrDky*k6-K5ar(~ zL&gVVWV@a;XC~zqRI-g7hRSP=J)J!rr`=UpFGzydPwtO5K_y!B#XF>M4-+Z!G1tXU z3RP|E$`c~Q06MoJ?fYgP4sG_8EOn@IQ=ecqi3yOFM;n)L|}qz`uP+pcw;wwvl)wFnZcR-kSAEflzaRZ+%ajjB;>7fRLOgr@>@=IGYMny9_-Jq*)B;; zMm^m4(Kp)imhd|?^`pEgU-C|igp11UHCm0_IQ^3}D)A zsf(DfY@X*(-s7oy!thEt<$A7mb;h!4Ft!9YfP-AX5?chKBC4u4M(zi4bo{vM5TQBk zvlw>{5e#A+nf-o{$OlQ**ZV?h1bW&4#dyzrrRfC}446 zU}f(7&p2Rct`LRsf9M9-FccF@4DbC3-8PV>^fozmIHw6i3$B-B zS>*{qTz|ISa-9;)=^_q=Wm zGaTXSF8zGG*-zaOCO2Gm?_(h3QM+{1s;3M>1lB_*vl)j!{s??6!n2 z*u9_)`=Fe@kPm8xyUA%k#}TyEP~+2I7`fmohsl%FcDP(Gr!t0q$em##mBF(a>1IgB zf4pLHrVPsUF@WhAuON{T+|}F;1fYMSk!OxVni|MPH zt9V)-BvVnTQ|156dIMH{WG>vqm=h6Kx;?cRfK=PHSRQ;08`*dnT<00xMT{b747C%n z)D4h{2!{bzro%#d_r1S&=VvuKyH@!~^=#Z%GNs{Kc^1|}<>R#s?ccUm*|eMvjDe1h z+&$VAO=jY{`<*AFHPcQcHNBm~>yf)pD5Ws#Lg=#Cr;eaUN+kpqC?P+;>t>JR0ilTr z4QNPwy2E0r&gLupP5ATA+{F-iP)fnLk`sR|9MKH|*I$9dyhDB11PDMxbs*9T^6}LE z)CB_#`3(Z}{u$P*eB^fpUb*XdnL4Dc%9rE$<-?g>_DZ0?5_-ex%G5l9y1yk0UHVj& z`zsYJ^!NMMpFV6~i@KsSG1Fa7=`T;nAD(;JZAvak22A;xVmW19}v_p6?upwKG?t|jdKDp*Xvd}bQ zN|8~=>fF!gBLs}xUjE%!*MU_~mU~GM@ICz>)pBew80Qzg1?!&|D!>|MBZcpE)yg7U zbEvDUC#036JG?Gmp=>#C%73AuV*{M^93XDsF*bPCJfKw~nX~w+K_pEt5XGsv7GhDLReANU z-tfltJDUlEF014XRQ{>`vw!yzjuvHM2h`?}{9Dwd@U^%W+5~?;s=ghd$J*rCs`Bz8 zom?KFxh2K9`Y2(&N@NfOPF!ro6|_H z%g0M=z7-Vak?9!~@{_L;QXqa85Xe4+g=7&K)SMZKWQId2aEWYr3G zf5gk2CT$ir$YXdNP>1g#BW8Sn0ThT_TQ^u-?K|Fxvt(NYT3w+Pt(Sl+B!b-fL6|(A zkLIIGAs9A8R3ivWm;ZfamDVn{Bd{otRnn zabTALeU-eIU8Zc*7>T{pW&Nk%Ba$|H`}OYOcu9PG5+62_XNi)hyMKd7AL11`X+4A#S125G=9g(C z=MpX?J>An(F?KV#<8;_eK?$|wHnyhmf9uii<^hqs2GB%%f1T+xg%fPIRyV+6RJW{k z4CUTua9WZYPfWpPVwb4{Q$0N{`W9_>Ha(6Nj58;xGLoLAK;coYWnAQZ=g<$(vJGg} zBvfV9(&RKad4F-7o^M|0K={q+G3jJQddr^pbY_9}EKMEIA!qmmp}iZ2+NlX3r$kzI z0YfR+mdpH1flGm3i;TeRw3ZqrrEQ*O2X(oWGtHg&i@ZVi)Gd?Zcd&tqEU z%KYUfwJ~$Lk^Lmb;l&lIx!(pN%?`{1l5s6B4i*{#z)aIHlGa!jP!eYKo&`6)2sP?L3vg?F48;p^yPCtoi#k}8I5_(g4qykh;PG4#LQxtlKcn| zFDCqWA)A(zEGN^Q$G@XonDil;x-$`g7GPQaif^neSUj{Z;G8-qq(8m4^yyrueV1V3 zMNGY9y)Ud!RxK7Owyn4gXTnpsCCu}p3l2{rRL~!sKDmm8X-GJ4E< zy2~l7gvinLshuA;NmdtGk4?N*oRv^MTYUAeeiIf0`d><8%T3ZOVQYFW%1hXEBYaNf zgrpQ06=0%{(Z1RN4zw|m`|df4A}7_=jxm~dn}_pRN&`jJ_ia5)!D1&(z7bYWV2*O| z1YWwhp10qHK#M(4a$VgvU6i1p%7FC?CG54u($Z)%UZ#Kc2WCsu@NfFPZCs6HBE0lf zpXOn%<}qo_39NMq41729jsI%s(6ew@J!!bix!KMCsyfeJ+05#_sv5u28{%}cq&5@f z-5MZ|=@X8Pfg032Y#}sROD+ojxF;-GI##+oR}%a;fG{P?nk3viKh?Ny5ylg94tOj1F96$fCB zVvn8{F=!K_KwcJnk@mx`ong-}t(6ikf!v)IMf+=S9g6PIyZ9NDd*_;3XCXh2rHOU? z-irPucM#1+7XQK%9PvRlT$o!93+rk4pgjTsBKnwcoEnD}eT&G5h!y4(=7|}sEUrWc?z24<^=g+n}oi*DSe6H4I8xM@# z`C$Uwe7N;x<)QZ0E+X!%859H--;-KmH9F5PD<5Sm`W;>ccy+EWZ!9|^b@HEj&pwI6 zq8ZXg@|M36QvZyIC@Ql&^cqe83N}OC%005sZ~!J`Q^$(o2{lAf*kdGXZ#{AL?rH$8 z)zTQZ^r9F{%Y7eNDy(x2_?5+hWu5L}4G=DwsnERPj3ji2P~WTi;J7~T(qvsZ^0AU= zWN@k-2P%+YO9*h!mGWPP%;fn8tToOg?9XlfQEqIt_@g}>46?lX@5Ogg?_&{3re@3g zH-i_*3|-c0vSgjJ{H_@=QFqO3RJI`L;9+f0uz~RHS5jLZInbKlkI8)raEAY6)h_l# zsIGAEmf9gK!h;@i$EW8Ak#e({QY8S|y)>xlffXwAFIfWx5*}pPu=qyn;jQ&LxbzBM zAzPcjrZ;7te^qlx$|ULX$d5wn6TpEG)=VHSQb`oV%nJD!QVzoK>gWSkY+ayfHF{Zl z8GW)Msr*J^xe-h`*;H@-Nd#Z3IKb-sGmnbhsdZCGcf(t4!-nROY0qGnsux;BY9lFk zV51;?T3tj-7UO5`c_s*0?ko`L2w+|LV81!7u$kQjd@*P{eH}BR-Rul%vX&`yr^V+s zo2MW!iu3=}Gz5AGW*wLd8FMBj>N!B3ECxZRkZ8w}XYLZ23A-3|*=2>5x}X-|bGm|V z!&x*eT)(fZ`IrXutS@^N*s_J?5MaKoslccQojDBO%fhHfv^tH1wFkdgG3EaN2^&EYt_{ZR#}%Q6VGcutqQflOGEKsqN4K$VN#+Gew8P{idrqrRZZlxZMexvP`tW#Ved1OpI(@H!3)ZEFa z4wB!aMDVY1k~L&%(&Y%4Uc@{CzKUJgU5q}cv=R=~XjtQ5;|*!D?E=JN&c-I*iL9;%37qV z@G@T0zE7HOTLs#}sK4n@<#aF4ChN=UJpMFGlpn+;v6%=p-9fpx$*O}yg(N4*YTql^ zJ6!GG3(yE?*guF2g(zPx9uh-Cq?oCG%C1ZM`JIcM^;eVBOgR5eum13FLj&1u5=%gi7ZX zbArMoM*Hc-$+^_&tSZt_Cx?lOr{xe}rvL*$qzEeVl^T^gdKL7cqk`9jnuq+2=q9_V zD7EZ3S0KjK7mOF4I;4ls$JDQ^{)_Va{>%B{d$|8g{LOa?#!Q%1-}Q2%mJ;jNgP=kiRQ+zTo27?E}-5EMW%V z6h07=V_tf|XNa8y(+jVw-)oZdEWU?w_^5}y+PI0WUA3ohB0TW)nPO067h1cBt)A^$ ztJJf%3&CjnTQ~XC*!aNAMm0{g(b^HAO&O%ZXl{WxhuS#mMrxIn20s6+ZKmU?j|a3; z1`0kpU^=-)#%&H)yY^6}Z-z}aCUSM0^3J>h)?LqYaTNc9_Lq^}wHon_6Z3f%DuDyw zaoRz{mB^rs;s*XwkLy3bi)?jp5$)r=jO)8%%&Pl-b@WQVHD}~OJ#bE@Iv6rn^~SJk zh>{L?pgWl)l`}hHh-6ZZWKtOT2&JYPNhc~O8aGKW4}<$8aXLm(-Iwt&jARgsZE+XK z#FjE~^GV4Thk1mvu!v@29!y3WEbLQFMZ_!Nbfb!ChmB~5h-n9jWg<+Gf~BxMgLvC_ z!O8Pp-@gY%+C{b9YDfnkOa>`b;%#pRTzCzt1}n<4b{Jx9?bHh&mWwG86mgY#$nHmq zI$ac4vo9J?+`Vyja3?h^R+rVi-<*D| zOmSR2UFS<-xh&uDdRR|*)vREqd{WHWUp5fuJz6&qud1l>dg{FpzwA1YNkl$^dn`US z@yTS>AN~yTqVf$W4zq{CJ%axg=(ih&cLZ&Y^Umu$(h8h&^z1CS@P*m<)stn4VzB*% zX2Gr}h#~JiAzUn51kPjY-e4hRd_AK^S`i3>X9wHYr*!Tdwr=+wD^#Uqe6;9_T_K8L z<(Q--LD}|Z|FX~#$*kYwK6Ec znxscY$dYH@8z!BsZVogxDp>hiyo%rcQS&5cizK4(Y^^>v`X9=lZvm%hqqbfw#i+zh zraYZ=-2FC8R}zq z0g*qin0C~wds5TN%=9Kw1-vplyv1|%3dG<^us=w@Tai-mJPEX~-8BA{Iul;xWWwsO znOAzM1hG14`S5s|KJx2VAgke%hIxVjr~#|Q#eMo;sF-E`x3D3J*`Lkm&4A2} zQ;k;zJK&EP{5E9cu?JKd*0q8GQ$SAEp1j{-5e)b;lw+gi5%hyq1WBrN;&R3%gt23f zM|)y@)$4pph4I3cz#C+0g@IuYa~AafE5xsV=6guXa`F%2{|E8^gZTeJ{Qn^Se-Qsa zi2onN{}1B-2l4-d`2Rut|34xAu%hcTc?T*Z-s~H4Xn#A_#*lnxKpp+CBSsPl(Br>& zJHN_W+;m*uu%ze;rgO6q1?IRQ;LfK z=wW9W5Bf}?+D!bUai3*V!w|#w{5#UwtcPKPJ5R2?>3o;5H?q&Y;Ar#squ&_4noPK%$QXRLCKY56)hpW4QVn5T z<>49>2bT0sQYTf^Z@1hIm@3M)Ks4}tFeaIM8h>W$yPlym*T`AQNju5?Uyj?@J^|vg z6JnXE=86Ps6%+Tlco;#LPf!{%jMx8Zy7w8qy~#!}@R7*>cHJks>y_e$)bVRWCeM zfzBsTnPB0_Dw`^-sN^&-Zv^K5SmD=I#31&u+wbcNY`4j2gpO?aA{kro-L*GvQNsKuN@WV7-Fee`LjwPR+T&Bsf8)Mn?DIlE?3k{$fvhy6|y> zM)P9N1R_kj*$XaVsY`>^`>GU0xgC*I%N6BH2?!}xCDY*4Q{yo?sSb9EL>VD7P~Y<& ze)5%r0aET;@brjZGl(`R-Rug##Q$4Fxx#wVv+GTvT;ELjaym6SAsTcTLo%Kwj|SoU)M?C?NBV*fsq0u zV@eInCxpht96~PY59>ruvDR3XlW1fZaR$VNiXq%qIppEKS@Kk`Tz1S`7DKep19cK4 ziwuRJt`&T+qH_LKU=@fRVop;kztDK)wVA;f{30Tcoce3%xAZRb`FH zHb|oTmQkyVqFUI^KhD*iW|lcBteA6+2x>IXUQz5mkMX)CSDVde4KFQPl6&1w=rw1g zsF6IW%zBoj<7qL_Ft!xZm^5D)z{MViVQXwlst4-5Ml99GD7Z?MsPi2f-BjSmx$jgs z*uebWl>ZeSctc>jM>Ds(C$&(HOM>iSj-}H$wx~{Z)}f8f+;Z#Vg)m)|A9M zQk=LWr9kDX)qwVOnM=V7{ZZAOSM%p&S~=NzitKRqxBVmBlu|1~b%=e$t||u>;bhzW zM|3?$$3wgD7!Vs!&g4CYXbru72jqWWW4`I=&bJ`zreJW~mj z8lpD&Sk=Ys!y$VCq4Cl&Ff+aOPcO6pl;P?xc_Xlk{17Mdcc367U2|@d_^ld>x|$18 zhlm+c+0x@$IELMzyT|n;VwOf3-&wczjGvB+GJGTiLGxd&pOa5aXL5gB$kP52qVl{K zQT54+$c8b=rgwU3uGps6UEbQNlE<^e%&nk&Y6I3trV2MD{qsM2{Gy9olodABYJh$k3!VkxqKLsEadrY1<0ibJWo-*6JE z!qzQUxUeoN_>E6WV!@XI$S@>HS;-xF=4MF@^t04bETiwn)^%7K7cJb)3DS3Ys)Mh) z83I+tMDt*6C>va=ziPwk0eyrva}s2P5F^-gUHb}&Tetl~Ewcnt$h0PJ$y|UY#51k? zuj50w`&9QI?!9`pHJfLjseg`cuJzkTZ*FDA7BfnX!>QVz4BnZ|VlfHDkP{o%ks_8O z;_C1-+Y^sjYDaJGxWQ;-Ob9;c+*TJy34DSqgujIo8{8I4z`Zg$%+N)toVBy`h<2M4BNv_-D#8iVGi@fku z`p5H(u$z5<{<3+MaI`qeAc^)gVONm1T%`ILBpvCL7ap^?0kKL9>7;aetvzwqyh5MK3h4t zX{?>Sa3Iso?U>OW5Pp{gd$U#V)>#ZOY5hGmP_UL3KZ9#f;y9~6(@|gsj=^Gdeu@U* zU3ky3vuIlx2WWw~{4k}r#;7j&O%$&mu=-B1Y!nHt#(+?K`-l~Is7r3Sin!SIao}Ws zVTbi@#VBG)wRGxSstcKF067(iqn*qFl|mPt8aft#`O1P@851z9N;74ijIi-x=mYU{ z6?;T{43x$RvX)Kc%u;>4ZX1#P@*PDN7FF3F_LsP;9d#$q8adut0KqR0E*k_vRRy!# z&RXJ86zhUL>;*BkR6fbO2AAUZHNdoS()pWpaq+?8S=oiGdFCKSf^Q7+d?^FIkM^2* z!{efoSIFrC8t*M#!)n|KH3uI`*_2rhO<{~&Wd;(BcN>={ z6Y|CaC+my5q}&BbPC*p;79$d}wIM!HkB=0`_ZYS@v{QexI$nP6pb9hTl7^Sv+q)m? z+}!1VZ24GHN;eBacAHqDs0W?yZUoF)pNz^BK=_r)FhkPF7KN{_hmCM4{Mg^RQsC=9 z0{e6pOUSb&9BTGJb}HRU7q?ard%(8o>?4D7?8`2QsIIt-q4H3lTVFl{HS=A`1@WN0 zSp$rgIUd?zW3B6(UT+$E@O;5d3Xf0ZBZkBwH<(b>0u-32iX&YL_*EDEwP<$6;{`e?S|478a@gI{C+C@Vm z^Oym|5uaN$-eh|tJE=>2!UQsAw2HKbcJ9gC%7J?XTw1P1hB9q?1XXOIE?-jEbfg%a!}D-GAjb_GbzCWvYA`>IVn)<) zbNf}Zh|vt_!Xe5VEur@!tll)l(<%y=H`b-!eJ((z4uESnf#AXQQT#$|d@9CO7A zW2OQ2#IBFqOb|abgM2QYLnq#V>?JpAoOuOf*!o5sHct1Shk16wPd4{<)FWKrsPLcm7Z`8|yhTErK8FD~;{yb^w{MaQcx*Jj^s)I3YMpkBq zyePki97i|iAbeidro;b)TcttTut|1m<_{G{@z$VH7=KW{&^<}0J!z6=*Jc_Gb(DqS z3+)rw&D6GD*jXfU6`L4>xUON@(V6IR>^sV@EaxbNWi`qPx*?fifgn z))g9>;3Y)zXS6PX&QLilX;#uk*rO?A!Pq!=W1;vJ<&$jAEFh7_aNf>Hr|pIKDfI^r z;`Wpj+-@CjK#As-D*s;ox_})PQCEJ)-P~{v)j-W;KFtG1cfxO^$-&yWmr2+l2y_v|5)eU?kbLv>M>H91Nt~y(9po@&sRD22W%LF?0iR zFxNjs0a|LM-CY8ID)yXz+^k1w2!M?M$QB|LvRQCGC~elaCdc|Ti1C7;C`}+-_))q@ zFuo#Znm zE-liwWj>@q1&HTo9SN0&jw6R9uOpa^&G55 zNo}EU`yeC{{TnLkx3UjZ40s|I7*!6>nnH)q(4g2A`dGX|tb`blM+aO8r%?mfcMNAo zs|s-*bw+I(Gk|O+w10SmPL+N*D3Lpqg}jMplpuTdA>QEl3fF`S`Y3kk@2;b{W;GaJuOX4&?{vb+~pZfYPt$2`p(QSbpV#mnGH zG4NqGPc~aFA>fBAb}n~5$5jZT=e}QW;tkXG?*Vyl;t3A(6~|gKxhGz9A|(Sa>f%AMj_`qCIq_9k z_0{}IUwn5&7E9`qtrz}aS?HGInZ(+lCNPyXP5OO${qlOoKKycXA=4I*ZWHl-FQlS9 zcVj=4P%RGo1Zl8G!d1KUd_;{gtROg7tLnF~6^c%0KxHl7xDxO&_4mv-%bsB57mcF7 z)CiV*pQATcd7^b4&i%1bu(^+hRnFDnE1$LQm}QVJ2f#hA9h;CuQJK4>q_7%bh4mM} z;er);#c%?UH|0U8ZGWp}ZAcpeAuKMrar$XZjEq@A<&-SOHv)Bx+4g$_(!+2^@Mp49 zO)2!&)m&zDHWsC+g;P$_hiLIRn4*KwU9*14VJch>)gHd`qE*1*nc z6O_iWhG)nQVoJ(vu2Bz-sB1o6isPBJWFZT3&dFCKsDtCu^>X1j6f*v2W2M@6-31O< zaXQ^^`(lxa$x70=3b$rxZ3-N~)e9FdSY+1l;cFaSt{Z1cq=*{-!baC>N+XgO4LrHW z;QxfJDe4oi06;F4WEUl_NWj1%@vD%rWC3W_3x9AZN_d$BoP?HkvRi+QeQx+&Fy!e; z^xue(+P8*4T-}+yBMb;)$0^}h&taM#=p!Yyt22a{YJ>)9>-%ghf6oNfFLIjCC&VM{ zPb(MY#B0?tv-$yh?LavED<_QJh(Y9TFI`{V!$Ml9 zNtq{rS*m2easUD?qO$_)9^Q&hgtq@@On`IIU(0IP&nSuDzjF2%(aS?K?xXA z6>t!Ku2Rx)^<`QNL_V>WLET;Xf%v>$LtCYh@Er$^NaEdLLRA`J;-$s~Yh)o>d4D^S zoAWxFcx*~IBqN4dFz-ePb#X8oPGaxr#2pTKu@Q+Dl%j*H{3Y~&T|JS!htFw<0p^m? zZCWasaqEqz;Q!M7VXPCXHiQ28tCj9>x#9B#PUNz2JBj?N!2t&7fTPzDl5^^%h#I+G zWI}1UsRS~=Y$9PUG=GkNKIbr<`cM|l@e7Ok5c|E$?dwC|-mfG?uLTjn7h(180f&V8 zx*JbHt)g6k=NM(g0S@<`Po9!5>#l}MD+f^`4%N8J_7llDA|ak_V$Z*S7G059!(>;T z<60*SxM^rNwiV?=zwk>_6Z2T5fgA;;+m?aHs{t2z;FObTF7V3P7hO$03|K4Ti%*E) z$VIexe=PUglXr?VlBH^f!N2{qeG$b-@!g51p(hZWqX$r1y!(Fd^-GfYxD$;@@(jsW zmuXRnRs=Q0OY@h?n&MD)!`Dbo3yps+7UNS3`@nTn_dh=+cfMdJwkK}hduW+?PRKz# z05H%zigXvls<)a5Upn2TYP8Y;OkO50B--pq9{3fa9>1FfR6x%^3+Y8__!n&AnO;*m z^>dd9bSFn6XK2d5;wzKA_gFGFt*tuQgX}XAJIGjy-p-QGkDlatm-@Z<0w5+tc@mWK zEA^@4RI+M6XV*DqXMGzt>6PA0!F3v6qm;dH@iUYY zFzj?`NAY&7~P~Lnk`HxzTy4^p1ccPL#it6dIh`LRN_!!bl&GzZhZPHv+ zW^6aj>ICH-kbI<>)r)jZSNYxxCZl=ft67kZ|2Sf7mEwR!L?`fpIu>V9&dGeZ?b5YY zcO|_thDT7LAA=d){o03-^gxzQjD@4x(H@#+^-LX|N=|;D+mT%76Vo{hu0Jz+IT}j& zB>r{NLV>4@>{`c8+-wJe@O90hQV#9W(M;mRaftt z?>^|zH_2{~&M1mLjL6rb@Ub%3W~+XN;o}`h@I=`2JJU+i{80$JfR54q<1g#Xl^kCI z_c%-YA(on#4_A+-^KS|=>E1-ZyZBT76@q_YM&}~xG(q#OM{^k)gdh9Q#2^r~SU|r4 ziY|dA8WH*f-e!K_7&On!%=fS7d|RD==X+kApMl5Mx($?IJ*V7^gsWzlad!N;c!*$2 zkNF9-L4{XU4M5Qfr*X$XC1ekv%_{M{`aBPR4_{p)#1)18QABlDa^=&2ygFHP0laZ$ z^sLn%F-1Kb>NXZJ<>saXn)8YCdR?;&lj(C9?i+k9$@-ivk#L9R^!ug%-HPU4HGH*J zF!nzU0ApSc5=6&0cLO^b?#lWtIP2DPzNRZ{k% zDii88Ht_eM-uOQ_x3E>KFrTqD)W<|44g4}x?kB6z87{UUn(S0>&fThG)mXA~4j=#& zz@*!fNpY{;69m#^jN0N%9gJpU7^}%lW>C(@C|Y>j3c0J$pu_ERa&h$WN6?5vx-2>A zF@5PQ3Nw2875hLhdyn!vIT+0r6c45BHbLqy{USca6P=D-O_@za<#Fmzf-^(3)8rBh zbTd8S)tHKPohRPnKKmZ$89UdTy8VedA5c5C4dmE61kEo9C%kHh%N(muu%b4nSGu3P znFlQ=BI}cXRvb=!s0yb8SgvW(TniqD;wy#7RZfc-iH2E=jE^R) znDjOi>px%(q@V5mHi_2Lbqjx3%^%Q~6(7aV z*pLvH-7N8xCC z$1dPr#~`<^skx69sGf4jZ`bf)6DHh(0xnhbjwRjeUX>g%6Kf{P>d{ChgE1xms5VOI zDgXkI`myb~1n2Z_JDZZxL3S^l{BmjtaM%ftDS+gXu=yVW-y0z0L{1CK3DE;4yR~`N ztdoamy%Zh9j%2DbivvI`-Cri931isO^1(ZHi{o98TRr3&h>P(vJ66|s(Oos#OrW1< zi^Um=2T>BKXlZt|{=54q3)(_EjQ^e%ty(J(RV5%0Ms1pcuHnoOu?Yhr@+%Hv)|Idf zc(RP(+d%4~US9%73>J{#84G7C+(w)%H>-n`?Ln$7UT&SA2i0{uheeR2|1cRmGQxuo z9x45UBSzXFp!IGKs;c5kQC$?SB- zv7KJermi<~+s7SU*4#H?C>sj~mjN5-VKhh0X&(kb$&8SKsC;QL5Ki5H zw`5e})8ER<{oHG`7X|P0#Ouu&G&RlD4YP-ei52b(+T(n1Qc%0y#DVOoS>X~fFGdo) zE}<;6C^JTYI{*`Ud@3E?z0d0IO}ucKD_aN_qr&R!<&NsDK5ViE?rbJqfxxeyH^5ox z1@lY2@Pl(K7^5rew~tPjvxo8l*ZKMFNa{dW<*`q@TAUUldDH;QPKDC?6uX`m{^)P- zcG1z_{sR2%;@K`?PG>DBKbF^_l;-GkRv_$%{g`-1A@d)8OwDdPYL0@ZmTwSFKh|L? z<#@H%fwnpUymN`|0k;Ou#YDv-7$W5HDtW8{0qQNV+wiwwvq_*Gp@394BXUKVjXUUu zOJU^+v%!ycgl2`;kS9O`FaG=>dgIpb0kVa1B-Db2Kw>kg*Br6?x1F4sSDWv=>FT;9 z(SO|QY9=@Rw&PS3LvN8@f;SJg*t-_FETKOS+{{?cl9}y}C_iEZ70K}u;CKn(fA$eC z0i11Gu2#yC>Hzm*AmFTm(z`vd49-fe(pLleULXP~*tw%bCnu+;Cnx$gK~3DYxu5-r zNSU!5CRMna_q67XJh-iW?6!5S>uRqU!uJZYZgIqiQBby!JO5#?gV!FnCI??N)L`(u zljmx%Sr)|~$Xn&|&^)2&HGFuQRqb2#!0DQ-S-lN!5n70Nxg%9ccq7kp%hvulr@HBn z5dVoTy+~o>CzswC%c*m306useZJhRP$u~*4K^t6qNq2QgI>>Xnp*)UtZ^Y*zq51&q z3ihuUvU6P&29ljsJ>BKIC~)tT2J2r+A6mOBnl)rpmjjPWyyg)}#2%@5#9d%M#RX+R zh;;E@(x~A5EA?zQg0La$iq*K@qFmYITkXZb^*HdbOnh`QA19-d$d=@^-Zy@KO>)|< zW4$APxV%;x6aYjRL`|H1_93oHp}Na}4b4eSdiAOYohmg@d7s8|a^m;6DKStV$MI4s zm%fSydaWLOgIJAzk!M3<1nuDl2u0?T(f=co`8gW3iZ!^fY~!e487|C-bxxJQSefas zZzIKsiTc3#ES((%hubZhNj3)|70z6bTs=y64m)})88alRw0K+3EK`LCF~fXrH<&7# z$h&KRNMK3bkB$Kt$fnooJ8z|Or)s8@7j`diY0RO|4V0m8M)l@=NsI2J*T{6HgWFQw zIWL89AmO!NVZI+3sG?*y_SNlAZbIr%&?B?|tcRW2IVtPrQ`wrFrkSj&s8XDU2RhlkFr zf_#Cg8*_GIwCPItNVgwpQDgOKERVbOIdx`hY}Gs@JMrqEn~HYoa07@ z6e#gx^4Dx^hI0kBsA!1Waum}bLNmb)=1HJ}eMDVO8i)s!0A*{^U*iJwKr$r{`405dhVz;cOipcJLCOqRXq> zPgfV`cUPD1kd{wf#q<>2G3!2o+aJ<+OBVQ_17;H&vLv1WZr6D;NKtU5*LS50yHR%kapa2!vfjjpM^ z=^l`;&u!i=+=}``eWa8PDFerF)F!Aa5;=ySY|VfB^l{ox!@7$6;S082(*~_DUzxN% z8;xLA_5L*q?Q^!P_S)+pVLS>q{^V!Y`*x5HdVDB|Y7A=D)PFkmDJgS6 zc8n%u(J$OM_*Pm9C@iv}IcYF0d8i?8ePu(9kX@?XZG(i)}w* z$!b0$LbW>(7=DXl3xJ|B8yOq~cquE*YUOUPYPz8X8K+rlR1VtKjC>J5&-OY(@EG<3Uuz6Kg!1&7?o&^}mH)nip@-A4L7SP|wAR&l>cw zV$z~+xoTHv9M?eWh|65RdnVo&Y9SnU9Vs&FpCfy7xVH|Qyz6S$u~F8X8EBv^0Sy9BJu(Zhb#2(3o3)>_C)Fo~~JD zD_oto&FYf!jBQA?QKMnQlxrPP-H9LtUHtF)Z7hdKOgMqA=bZ2a3uw5OO2)zKc)SdG zL6;$N{k-%G5L(iP;)Vrs0J~m+mN#szmcq3bATPG%Vce1FKam|AVJfYwj8lWQ*9*gZ zi%RkUzv?}m^xJ<|L9}A7;^L=we|N4?elqFUDoNKP(L&cr9)oEP4}|ESv3rkl-9bP9 zv&9AU)Xh}?Q@58RE2BqS_wJ4H0JNOQQxKkLYFu*B<*~p|C+gDc1ifyuDv0`YppbZ| ztm@&9CKP`B*AI9@B^3MWy!#3-%VbLu5TqQXZ0_f=k+@{ z&omfGEv+|Z$nYZAlU_I5ie}POySuoRGC2D22S88wpTGU^t!FTwDpEbs-|>X^O_LOb z)YwR=sLUg%xRzM!zu4aTK))5FzsO_U%FWxqBA(D zCGz8=xo$=qik{)#L9`fp0Zczni}$;6c-DRlo&0rtD%8nbKCN%9#43SMqgrg^Vgo0f zhe1sGGwj*s(ca#_nX3Oj8@7$=fi3x>z;pzKqPJ>?UW7mA;3Vu^#h5&mu}z#Ij0RI#$UFaA3xqc(v#Ve}|F@gIpfUtz0%y8RQ{2Fy&_Yq_sj!^-5q|J#Ary6YRBxPa7@V%$Ao zL_i$p5Z&%5vF@Hr?>{w3^TWtGh3b*s~qq1zO_c05Bow5Xz%jz{LeqJpIp zUNXKD?{JGL@sNs5a1H?|r6xE}(&Q7Fc7IooD}!H*kKI17Swf*utY@XeH4K&!djjB- z-?Li6R#8Y_wve1EMft5FpIGB+6l_v#2`;qxp36TSq5qcv!J@DXyzB&N(E7JVBJ{Mv7O?!b zxM1ZnjONSSUBPrj|i8@-zh9;2;gQ zCxYoXLL_q8ki(qEQ4)uFk=>}09{X{WR6j#9NFU%qj*{JkxRM7Lk)s61uqGRBItc!~*IV#p?JiRYe9na+l#I>17mAajtf+R}D)_^1=adYP*er6q4Zu^{tM zLcG=PlYyiITcY`J+{b;9O}2!CY@mG2p*B!b18$;(hJ$jTB+aTYSGFz5tl3e`GR)dB z{Mr3h`aM(KXCvlpkcrWGG;G;9(xhz{Y?W1Dp5M0HW!2lEy^9*&$dh1S^)|%C7r7Vr z&=CEse6i{l&XM?*)W_Gr{b zmcM{e8{$$-v_U(dXk)C32{L#27f1OOQ_R{?CdMw)VxnRYw}#=3mP%Z=!TQ*@4MlF^D1puxxRIZOvl z?-8l!b5h(ZVuaEm)^cnUwe{=jM#)v1imVo>15BgzYsRsf{99=pajl1z-#ImLonFwj zF}z?qmBbZQhy{nSEBRaG;btq6D84LY#Otc;SW^Im{FQYyewuF#W;Evi|g!$wra z|8T^LT!S0^_-&l&N9s(iX=&cjwe)Zn zLPr!wL-z;bCb_M|-@ZpH*4F&g&4K(*eg^h=>@As4EE`l1%p3IGw`fhvR;UIM?>ega z58p>Gw^*e-Rvq6Bd{C>Z0?>1%m8)GPly&R;z9c;8-9xIQ$Q`+|VF%u8Vzt{SZ8h@T zk9sVm#D-Ex)dk1kw}A@$*|Np9iODJdCp_6rCf6ShgGY@txWnaPv7-i`4r?DvVNFNo z4NA*fTZ7t7n`Hzzhc7K#T**LgV8{-cbL~ZF(*3OS2Ys9G;dvoq^x>K;DQ^-ec;NBw zbmFvJ0%gLwEgD)CrsbaY8d2)3b6v*R@l9d?EdYqUz_r0^^ZTT10I9zghiQdtY&uqw zlJhspFO4&A_?yDM5hquT3)5Zh1@4r|){qjHo?D=SYClJ_K!W|oTrUPefn)<6saCh&;dy`_Zol4jh=BR?D zG4izsk0Ef@)r%OMgp*J2FT1P0@CTi}R? z|AO%F>xHiaUIrTe8ZYDNRD{JYmzsP{!?fe=-^RA% zAMkj`TxyuSc#xlq6aUluOL5G^pu16y&PbD;Wu#i2sj7Sx-LhsSZCD-6fOn2ERul?V zgWaPGQmu@T$8XV7A*5G~#Ue;MQ(nBKX1p`-^&)kHdFn~=dFIZin!m$)GhIGSZ#H>HayZifE+_8R>R5~qQz)~o@I?2@f9jb>7E zz@go0-5PNSML5%>mzPYCfNvtLO7@g|qmE^V>W!J-K`SygZ-GfsDP#Y`lQ& zWCI-zm4la*dFN);1#0Tgw;Rc&^T-^|vI}R>c|>+{>jIe;X=vi%9J#3Mx7bMRh)lPM z`EAibcQLtaDTj;AOA81^{=BuZY_y=%;cPWu4q8y8{}|aX^DH{w%sDcGLZh?HQgX}U zgI8k$SL3tCoSd*=!~Hp9!UyaS=6of4os-Lo38g#wQa=<0UCoZnsxdtPRY;ewx{ zf&6`?28HY&YvJIgA?vE~O@*Ux|5<(e$qvci%?pMaxn1LOCRUsD@;lB}PYe1x^(oTP z%(6qJ>qaIrbU50P&qrX{dk^EGm9mn11rFoh`pj5Arq;U!$)=hf(o4}f>pK>Evm&AB z{acxRW8d%EFkr;sqF@hDUwaM)x?8pkQUql#3KfRF@+P}Ykb6=itR%1EFHM75T`kT@ z<4!hVMwbwfF8Z*_ZIGEoj)QuvaNFZb~P@0HVnJxkv8mY7<_>@xM@4PO;_RkMXd3f zK(_iq;wR+lC4KPUt#HZsr?wz9%8HgZqz1c0W^8unzzq|Iepa-(bjg!a102Y#f|{+n zNDXg6S2ABXKh+WYtK5WGEwz2Xx){`om$X^6i_?s)9R>MJ#cnj)vqixcXKO5)Ak^ii zri->=H9yPAh7@Oosa6F=LY6Q_xo;7`%k8RMQ5@L{(JCw)k*Kr z<~#d8Ig&GlOfJ6w{3?>aLrvYnd8)J|^~rx7%ds5Gu^h{@l>ZL^0RR8kGX@j@at;7# Cp<}E7 diff --git a/released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.203-rc03.tgz b/released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.203-rc03.tgz deleted file mode 100755 index f1759dc2b1d4d83a136368d6b1120ab31d67da54..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 113952 zcmbTcQ;;S=v##6Iw%yaVZQHhO+nDCGZQHhOPusTb{&xRsuNARR99*2bsLIU9x~YmN zp%k*!axxj0bb+8lguduRMH@`48WI9=%G)$#kdt$| zG?h$Ca5^TwkM3sAewzD^9}K|T%d6w7x3u@`J=5Rw>8kw8f5-RX{KB8p_i1Ct@8PO9 zZUH1}>jQON;fcO97SGz-5kP=|CWLL(hWh@*EQD-jL58sqjGb6dnMw|&96HM>t&bv3 zU0qA-nZb0I!NXo*FsrSP!#uJCzX6zGBasF1-Y7@lL}LymolWn(vu&2g>klb0z-S zde*v7E8m-5cKDcSp6e|Q!Haw1FWVS+2ErK7^8lE(@7?AD0N!i$V^09eJo@piHgb_u zh@1B@g@)lq@0Zk0orf6?vJ`KVYai~3?JCq(u+rmM=2JblDWq7cQB~#pE-8$%Q6$V_ zP8F=uP#9tf(KM)xHp%9T47|S2Hu2+F)4u_XSd9Qt$OcgMZtIra^|EQ}`_H#Vb01NR z+Z3brMYovD`_-IHH0G4FODw`rIvV!0p7*WCPX8+7xAB~q2mR}rae3*KBbl@E@fTCD z?i0Y{#_=2A{c&mK;0qv`Q#;n&xs>~LWsj23z=;vXGurr~91(Uyek8Z!%=C7I;SoPO z{z$Bc?BVqlvgKtpIqNhWlAd@1NageF!2lxrmks#d`&cHq=XZ zY`1>a<%+%Z;0=H(uWOg1m`EePT${7y7~ew%(4NVuPRplcUEFS__zk$SH;Gu^Bh_WR zpQKL|VYEu~?uUAPuC`9v*yDXo|Gb}M7GmNuP9LGpIrfAZG7q*XCk^J&Z?IuqnoKNC za-Y>t)UjgTqgcg1=#B8nx0u-MO`2-JlD&58%_*WW4wZFEzcYFGWc`Eh8cz~cOygVP zoU$tTh1CbO$Y_|WXR}(`v%KpCbyqmx&)j?r#Vw7j3F*AX_%8yw1IQJ&R}y-7`ZyXj zlsC;vM)fbVFXeD^(lKlOx#ojBzg3A|qIzj*>Gg{Uv~asY1>0S?Hhs-Z1ElVEG$QKg zB`WU>F#A~2=Y6DZl=1iNRa3&j7=3To_FH2dl%No=LnY4B9 zaGmNh3H=qnjJQNB3|7ke_n@UKwrG8_hvU>K67q0V=N=A86|2^O*>o{!$*bw+sR%T0 zdw2Pj(Hi20_l~>3WJ}9;L6gkt=>c<7Lp{YtAKlz3W#34OhuN0 z0~O>8@ASpOO~Kp!#kk4+CD3m$gwxVviU?H@f29;foG1JwQ-}WPOrQ+~8`2dUrjtOk zPxBJ7GJjR(3=6TQm4H4k`-Edc4VAMZm?_`xSddSYNNdT|&Rqbt; zqMcawE%TW-ML=-xPShrm&Ty#hZ>XubD(oCuK|gP{#K>H6{ArrJ>VzN zIK9GtkK@6jxV5ay!ubejp;H-NR~OBR)qKVp%pK=F^Aej(FUs_i0UU$fq6&?jnhZw1 zm!$Br$FRke~Z z+gbcJiFOU1J-YEI-Nts`6=EueQS;zSB?Ul~3*(1<3T7Vo=XXi|sTeKQvD&(rTll}~ zyU_dxh381Q41o$B&E5<~;jg4x6R!gaWYxe~UTgcZF*N;$C|Zs8j48_!TCh2q#258% zgcGiOtl>I1z=)ES^Y~P^iu*J^ea$wDe_Mx#_LqVtl|e*Gc^8@Z4UBD#^>K8ed9cNE zOyqw49bT6+8Qbj((JXU|(ZF2QzIZ1=?5#Sr!D3Q18b z!cp_3fbRF>jjPw(g&Q#dfZVg^Ji?9p;mAJXwda(Ig~iEQ`{r$m(kv;yg#L_iYQxJFk+**p?nRWC>H02rY3P z{z*A|is7<|@Vdn^KzrZ@M*&ciUGUVR0>EavjbWanQy-@>wrVgi@=~8#t=iR`K#fwc z0xMmpE!_#ci|9XT^%-u;ul!_15=}|ocXh_Cwx%sM$|zwF&d{Z#gH^V#N+Zkid+oL7 z(<#{Ux8hIhXz#1SQJiU&7Td%R&q{1uhs{wH`;2X#Wz5sW;jUk~Sc)pY>UXt$yxta!#Sy>8-BzU@Ah5n zmmE05SecIXZH89EI_(kBfdotLOg2+P$LHsqNV8V)$i)6!-UIxSinS0NajcK5GEoXI zQgf-un#KA#cf?rb8Hyc*ySBywJtQE6iuzl%A;}`Gycn_Za9s($=lUkWnOhQS z9e|qTP{J}Vt!YxuTWwtet4I?M)9+75DBM(!i)@oB3xV^SR*)Iig^x_7$V8M~gpnJZ zQUopo#-IGA*eE!%-AA`!9E?5Zj>M^%3Y0w)#Q@(&4YT}Fa$=c=d)|jJpGwnd5LubR zO~{$=PdLmj_k!xXYWtvgbGlu&luv*P_nloiT4BQ-bC!RI-bdo_#M9fftz}Rkt;PQD zI$hrq>LG0rM@DmKcDtHGXac7A;{+HGfCSUF%OEgTZCgF}*GizJ@r$|CHqZwtvslC? z-nxqv9jK?UI*qq5tG82=Hta>Xs3re?t1(9f29oyC?2|#%7H-G5=D-P^J?L4lQ66(k zku_a1z&DKeZ4`e29+Wl`YjfrKSt$^!#JVlR)XA-(;Q7P%&McK9pD5cxSa!Zo7iScx zMsdrw3Q2P=u&D94(*o;XFifPm^gxn@SpajAeaj}x)2KuObIDw`F-f{~Gf@)Fn^C$g zq^@$#yyi&DoBlWxtoGGZdyvApe}UAzEDC~ioG_apsLs@%2!f4sObWu(vv~0B6!dga zL81`02q$ljRsmPrKfb{-Ynr2|ZY6guU1XQ$M~fE=Krp;T5p9}w@+I~{ukLK-QuU9v zhK!!dfxQ}#n%_R(eF+0Ly4=~$txn;Y-aA z-cyT8w+sG9^FUK0Cw*B9rf#6ObSUb{-Hvmx`m+a89buMhCB_3XOun8n$n6s_#*TI? zEE}uLHD#TI$u#JOQFT+Yi;)aWv4 zurH8o^S!yDnYS`}E@Dm9GRN#j4Cg&~{vf{MQQKRJ_v^UHvO8hPwz>XB{>JgSa`M8K4e&H5EB5k zTO@odK1ZGII3^ISi3=s|b``r5*uCtjOQqFTFOJPVmXl06TexCrLW=D@{X{(Np(Q5| za?*>qr8NHROgSCGL3V8M=d8&(8M-3xFU#Z8?ngxa4MaOmZ z)sU|a-kL?OEafrK(S}o{ibb!pGU$1%slxYC3jrTimtg$!@o%=A5#5N_FQcNKzjNVX zP)ztTXB}Y#{-uUd;`2`xS!0nk;y{~*NwJ2j%ylY{X5c0soXf~uQzEt54KMUEt+{HJ z(EwM>-O5WM?9CA6v||J z!S;g*@|{y980n|e)Vjc~!}8KBjdg$?!vuC=)%;sjL#V%)rg0MMe|6t~Orj<7Eab5a zmfx7y+gq+U2v$Al^#)BA8i}aMHrqNc(Pcz*fDmPZJXt+my|7DYXzoD$-tBv0`XrBL z?fu`+43!%Hg6Roux@lW~xR=>CcGAqo-pX^(sb`eojNIU=3!Us|Eoo{V+l@tF3CRvN zjjLBZ66E86^44S{cH5JXDsfCU7iU`@Ms;@Mx|TvpVlGXof<82+P;*PuMVSYB>lI0dY`eQNNMaV1wlLj}oDM#_IMc;uv+%cGye@Q(C0hLTWz@CB1^!v$LNf zTyW7c0$)5^!rq_J-oZ&au9uf%!XRw&?+IJ!gG{_RY}vk%J7SEt$SIkm53_RtyOo|q zUv=|LX70~tF6D7N;^&heT;5j?OY9^-wI{bv9U3W*@@DxtFmQ||of;jJZ20wGIayPS zXTFtbv{IS*&L#Z^P=Y{#^OG$ZksO}YwO|J9v4<2dHk&P36^QJ;xgucI!L~s zjkv$>w>kdWeV=1qV{HPX?aNk%{^m?Q!y|lZmjOX~vRITkBuRu~z4`>2Do2lMJhbi* z(!OGR(}WIR|F?5VoIoV8!tZ;;a z(BZ{F7P%r`@g-7guxVk>FD`r7E=YiOXM+X^DgK{!rDfqTr>JTbWNb}kStga-&LGho7v)8E;jg8*IaE z_n$&Mu_02~75{dziVulJTL@?O>}QP;+%nrZL=ZOzDKMU#G_PIDKnrc0U+uoI< zn&+hz*gKsNJrzr$>1mFqC+$=_T8hL-u>XEii-nNQc0XN8s5|@kal{_vG5?;8jDj)v zP>yQrC_dn}&Zo|1F;4bmB&F{v*{Jqbk5xewU3=BRx?KclDqv%C?An(cOxzD1IdRbylhkAXw*ZMm^7}$I4ccKPGw-wsNF=xH25%K zSnX(qRS}C>R@7S6m>&g{LDL!w6$Jus3-^1iUDG0^ebuW{-R%a+xrfRR6Xjc5-K?G^ zBfxn-q??9W8vc3WUWfM3d8^%jo~qGoTd-l*nyf7Bm%E9P!z}_bIkF# z=N3d?N}#|HE8t`O>gncJTC#K5Lm=h{;ZB}bHD6@d37Lz-5XJSLfa7d zG~Y#nCk-Uhw0k=V)Bqdohm5B{n8tWP@?G_ST>3{wgH3>tF~JMlx&Or6XdIz`UTfqd z)*U_;&?*Kf7F^??$BtcGZ0NdKn?37@xbSacNbjAGO{8EDxcd+61Bj~`1>!E|T5%cT ze?Yy~TCti&wRgT7Re0tu&{*5rvgb$!8`0OX$fX74%=g0@DDMsro+32;Knv~cQ7-~K z!D~Db#A3Nk9PmiCWd6`7Zvqbk z-J`eewvz-)ZYivy>$^tMdhu;luHf`ALT_;T^hz&cD4v%&7n%<#$6*eHJR!szT7|w; zMO)bw@L?ShGMi#wARTXlPh*bo2(PyYbWcC@2(Pmh2p@fW5nr}ZdS!*SypIkxxdop` zdm;8WJ82L5Uta{WyxF-54|d%5H$h1FM|$mfjX%Awunu;JF}O#1WAAQ!XE6bM|796} ze*Bl&%JVjnixIfuHlP9TjNx!=dgRfx&5z>q+-zhPaYHc(Zl}#xcd6f?^(r zs_y3$1g)~Dk@wU8ei@?M-D!-Eb^x+Qrp>e6P#K$uhq$H5y4W zP|JL&{ksfP)lP|&sW1V=u^=?RyiV)Pz~it5YI?&*h0I23zm|ob{%7N^EarLq1_uD_ zf`1hd_B+h!N)d-M`1T4q{hZY21^b>x`UG7u?;`2m4i1}2f?K-&!F&g2Y@4bi zM3c$T16YErJploSoDp1-FO?g%DM+NXN=0r4Ye(UteamW(2YyC-baz`xwl@G}bP{1r4O?UlYmU0oR7=+NjfL zhR6OGXssSOi)-EHq@sq?oKt&0XBiG}SwCeEcG44gA-MR{N@MF11IVyCy2(T%n2LW< zmbZjk^jIz!g0dsF$kfrlg)%5T4;Yu5y&STNmGAWe*)8ex6N?$!{d}FA)S2dg>el5l zkKy_6a=E*LxkZa}l2>I}c|h!vhgPDZT=_8)DLB`<539H-Sse zJVx<)5T}=4SNsvWe8blu>;9;nYeFZ#qWL0l>$u@9J{2zmI-LdlkHq7{U56NbPKqwD z4O3o2I~7t3^h9@bPs}i$2GzIHw%RrPi)7_PEV8K_>0Qos`lPlWX$dM$cy+H%6|!O4 zT!2}mP&*%T5?*GA@LSA!-_G{0-j1$@UocKq2xZx%V!^Wcy`aQ}+YB9$&`PJ!w4F6o z&?DULFBBNhmABWM9ueTlxo=9M3J+tyMlT1K7Qh>!U7FS;Od?*`O3P)pD1C; zs!b_Sf5_1aJ}<}}xYoVms`vgG6j<>Cq6_~;_Lb*4lTaQ<*%)?<2{^lcZX}5hVYo&J z%@C4LRmzO4gsgk@qFacpJQ(S9xrHVISu=2jhe+)GsL`7@7Tx2|ul_=VL(MGX*Gcpq zjy41)L4!0*elYe%u84I1qN3Wdoa@j1u!Ps^_!_IlDR1gRHYySXsK7ThR>Cxh`QUk^ z-;w*{wOh}h>_8a%0VMboQi2^Z=|j#|cH?e_)v-{en0of<6eg2X=MTZYIb`qmSGyT> z>yuS7zm?DR%-<5K(+bu^aLP{uaZ`7ZY~JWWH~p!sQ8q(jI%Je6yl2gEX3;dg6lN5R z-kj*ui&TshODN9}hgN^8-l{rcs;>OT-GucmLbZHtsB!nKD~|OMv_e4cdxZ@Qo`yPF zvij!x?}K&;(yM16E@uBwB^x6*{T{SoITE#iGO80 zQk-;)lTvjg4Dx3qqupukRFOGg29A6Hed-BG_5=+uO5EYgTf?~T7tFrmc z=1~#b9wiKRS}qxP*kM+WYo;L4#R>k>u!mEH4WSX5@9Mp7IoRpU>dRP5wXPhZ1R*qv zWB&UR#LVWTXa?`rM>8DA3-LQsd!;&{I(5hRdM@H!@3Te-)<5wDSzBksC};nEG8hcJZRa5d~w(x6pJtYA=NJ z0iBu%n$83)d9J3j<7WXD?(s+(Voo0xQhd;?m&VH+yGO=$6YG+g@!?OU3~E%f4iBR( ztms@6KJr@Ts(-epz@W1BYJ4r2)j?MQ(4(I@7iyMQ^Fxnl0u3}!fNqR^WK^H1=96^x^+zoAZZr^xWtIxlj(WTd4;5#-!LSp>zf+1gbmLl^T~h! z0m>j6W6HfsH0f%!I9teUoU#~&8NR-G8c>RtoRskvX{vuwluV^O&Kcsug^V)QZKvg_ ze_Cu5{HpGgNR-;YbMw|a`Blw9UftMEOW)r4%DDoh{Rww}5%Tc-i-> zQchV(PY`IzNnwP>2{`N!|asYkiFVf(S9u?V@(pZ9#S-Vq}z7 zN$Pt5XZeUK)ezv=2_HMYjWxds45TH6c5!fVdbJxbax}EsjKrxAuZr1Q*Ij}2se88k zS;8wG4aULWD}>%tL;tln%z}?X8?M+ibs3;fSS*Sbv(Urw{-GFk6rX-b+Mc>U283OD zsHSz+fNez#LxgGOR3FB30L6}k#|JzWD^QW@GR@6^_wo4$=Y+5I(H}bLj}09-ScZwu zv|LJ*nOS(UU@&T8Zh8V@Gwr56yaxY~q!g!E1`h4Thavl~$~PAHO?-R%T0aA`NKy@s z?LSZz#LCX)UJ{%+>@>yK=?B+5#cXNhp{eb4*tzj=^xB7nGp15>H6@4i4Ry{xWz!Z) zv54YTBlF>V~1%R->w|?U7qDX+l0_ znfl)`IbrWAreT+9ZB{QIuvAH;Po$!psC8brV$#q$5nJ~ZJJWLm0`+{<|IDWQSUHbq z3~qP)o-28s(=10wTyHpM4VT1;?pVWf?ogKS#tV&--H4N`0&_?Z5u!&iAT^nruV)xn zbM#Tqow5GuehLpC3)jlyHY^re#n|=s%CDia^i%#9F`znDNQd@B`k-^~Qci`O!^zKh z(ln-!Ot|s;*s%BG9;Qs`p%J8;p_}#VczXp8Jo#|HGgLZbMxmP$sem#%XJxENtsv~6 z-``}fcDjw%4MMv=R(i`^IrA?o7}h0roeU%0nN{FjO&BCBqDeetXKKeGF~{BNX&;ES zDnLimd)qgnZFJ>dQ+E0|hDK)!0RVTSssu%cT!M^eL9JFG`ATsJsYaRU;N$=;PKX%o zh0zYmQ$6AO-i{pl{bIOgSO)F;28z%JJ8}7~oUDo|HlyjyM{6JML8*Q@GRCt$@VC}| z6~o+y4lRXd^_ZjLS#$_G~~e|y;`edI;CmtT#f9BWDw z)E3Fo5aMRCOl*t`$fD4EuqIsAWRif85Y>%vO*NLbL;lzHIw22|hFuJ4rqB0Bl1}Ql z+gFN~W}1ka%)qqIMjfmnwW{Xz+&wSnTN?gCEU>vDyg)V5t^$lRBv{3>>dCjjmqZ3l zreEs31}}D{@T^4@Ui4C7ea92le+DlWwHJSG>`HOtCyOdO&mNJ)NsB6Yf4=`jT!GGi zV!nWtKF%NK^niX!W9uQX^<7UBi=7Pl1KP%h$MM*Z(_Z9>sLoQ=x7K)Hl`k*W(p7AC z;&c-m1@^fMKJ9LPi4RmS_YfJ-JCUHyyqCYZ<9GUzuCeOYnz~hEnGSa3`&8st$*^z+8nNO=Evh)hkZ{u8uZUZNhkRkB*_IKi zKJ9Z`gvGC<9dU{t#^V8UMl^V46uhc8bp_v8jtU)zLCfb9Qy1q!WXgZ5W_RMLq|=t4 zbCPz`6q%&1OHP4)_857GtnTjZZP%}Ep&usn_yWCT5NJq@3>KIf0E(ONEF7{i7&@L3 z{pH|6sb%>1EMobOtx9EtW9RS*f<~a-{wTFW7ma_RNjEa-UzssDk(yidGSy0GN;0q) z<^o}MB@aWM(m1DPg{O4k1q@h`yr)e;Gc27%)Ryh9mGFU1cf3v)Ke9i9*B)5C+w*7b z#7!c!&Y_HNR~d+g^@13gRpG$Zv^*tcg~Ry;o@7~{W=#5wnn(WDhdzHhL;bF;ykwPC zHf{Gj3tpYTuhT()<;^v1?si`NFv;$hGT%?ub?X+?Xpav-tWt-TmEe98u-9)K^GaR{ zF1R>S{an{CxmFm{lC*YmJZdHN$rr?`zo&B<&iloXK@u}g`Nr!>&>L3y)QMQf0gp|- zT(Icoh!&m9zd>x!TTjiNFx4heFT4LCWw4J+knXry%g|8LaW_SC zPA#EZga{$C6bEgxB0f*s`vG)~S|?M>ey`4kLQq)1eK!H3{Jt)jrR+`57^8)uo0Q@i za<9Bs)A~%IUFNPLRI-@W?ZEzsU~UU%Bcv>;f_W~L7pew_T%}Hh7YpXODT((s5C_GT z&xtfz#-z^7WP#+8FTgZU>x}gde@72jI~p)beUCZ_+`c0z;Y6On7cI40~ak{x-G z9m&W&ySf_OeA;=H?Hkt=VEUsTSQ&ld%H*3_^qVOn2=us+!qEIWQ^UvX9D>OR=fhu@ z^qDm%;b(rX-6CnZyICFedwmfHCqkS+Y9n(Rj!ssts#A|dhxTM`vs_icZ4Q`?$F2(0 z>fk)*UGZUWM(oJDx22@*uaWn8&^5@?X90WaGC1=6ZxND<1cR(mn`3TUO<)IVaTba) z8gKzNQB4A-iD7F!3cq3>v^N7eF2O;|fP%036-eglWVz7GjK&9(oB^YHM6Krt`lSvz zOAv1?+OHX|o)=v-*EP|`O5>JHa!6MwG!wyg0_w=Z&7hELZ(y#jBNfe%K3~LyHUb74 zGSg$8hP9H6MCT`%w?u;%{xwIIbaNM^b5U6xQ4KRUsg|S#LfunHMsT=&{QT8F_03x^ z*7xV63bac_!FWs+K3~XH^!76~KhK8AX?b(|9etf=+iNwa2!ZITPDEw58EXYTA9B~kth|**r44zj7-eNj#T?@+NJI={t zgTA_d%}o5j{#2PvlpI2*6S-`_-GASAM!*HUt@zQvmTI;Tsv&DHMCHS1j?3AGsE{@@ z&^6Dn9Nxn%;g0jrgu@Vmq&>}?%Y@qBQ1g@+Y2$wR0qFHVf ztohQaonRD1LFl7lS?RYZBfztUllcaw-tb-yujNS4)1U1p2jkz?4?>IS&Ra;y^}hj_;nO?v)&hODk)u zn2^>8S(ud^@@^q!Se^x!$C;3fp}oqS-vg2aqL@c?r;0QasxiF&I%5!p-sJx&mr~d_ z!g2V^afZ7<@}IvZilhO8bxXlbk8jc&p4+<;wDd^4w=bbmj>4f}O{S~pfWeXr6Ilpm z8y=muMM+&}BNZmmo&0c=>6F0`?a-5QP&H^>J`ZaS!vJ|Ul&(N0VkI_Cf|S}YwUVq~ zmxr|6I1G1h>aKCRG9L0qv@PJCIY1ndFa358R;$A7LW?oG74p{rEhdMSW^630um;f*V@# z0`lH^b$9TNdV1SYktZ+G<}b9TGdzC6kUSou+yl=6Cc)-ZA*=y7f+sI;iR|s4LYYPx zEj3GfS1P4;=zy)9JhU`S*%Vh8Z0YW|6X|7oDPeJp}U({}BXUa|xOYMjaZL?7M$?^-VRUEslEjS@aL(?w%?@ z9T;uUSD(z@Iz@yLvHQ^wCjpVkCH6@nrX16D_ky;wejfhL%b%;r*StlW8&9jfC>b?v z%Z7<8yQ$N8xLYtcg&GcxG-eATHCERV;m0t(`(-vp=70tWI*cDVVj&1g9d|xFSy~b` z(4ujPC4xfJeG36lqx6p?$oy}ggN=7iqmLxHgW)5PJEw8p3Vm_hOjr!#s9ds8C#cLo z_HXV~ygt{-Q9+Fjx+k4y@Z}c;M1ncfsigu(FSX^4cnTi?_H+KC2Y3NK3;s*`5nB#a ztCbLMq3()w>*eAcgf7DPSIIrv)`N`{WYhd zQ|~d-6Rc^h{gk@o+ZSAfxEXTzS81bt%coV>nd=|HHyH&rCJ}@OrV4iE0AY-d8UJT@ ze^O1za7L6T4yPRh^vn{sJ{NS|6`y8Cm?kIM_8Rgq{M1Bvj_8YO+?a8HjCDk5FSy(5zvKv=zu|C|w z*c6suc%^vn3bo*bU^3}CWF^6WLV|&%hAdk$P4!+a z$uWINp_r$SLN_i0Kt7I9A}#Kco-$dreJ~KN_ZI=%90tZxfMw>A$5_fQW2s($XPL7d z&yl2W#$tb&GkoRuJuKz-uvy#xvPYA?*MBl^qL@k^{jtWq{*(WIq_*b#&!i6>3(6ab z=BRNl2k=j=s{N|8+3HX#ZhC9({TR}YDPL+_-Iwkkd%c&@~@K$tdLpAscOyvO)U<$!JC}ppHq_<{}{mdRGUKhWjW+ zL6aHK_k161aG~h@aVM)$48bx!?xx>c4SHhge|3h{k`91^$)v1ge}tGGdhqkj#;`^K z3`~_Gm>lSs8T*7KJGNEN(s2dsx7a3y#u66#M`l5E>MlHv#c+~L@GJaN@XkVpNe2PS zI|4NnRjQrC5vX?2n-(rCYJ+XRlxntct2=p67GL1|r=P7uuH+0M`Aa^^*(4Cq3691o zrIzvoQH^s?oHtLI6H>>W%p^OhX?-p!H3s6Tp&>0j3!%r8-vyxO8M5P9jq84 zVPQYh5JySuBZt0wrF5zQcz)dJA#RNBM(S6vEXvmmFNq2d*#a>@)HNrZJU>gtYgAAN zOZ`5-=+u0W;+I@|FKVGrlyMs=zGNG;?Dg>;nnVu_-iJXVIZMnPQ`$C$H-iyXrMuHP z7G2(I4vV{?MFYu!cIRdpz|xk7r+9~VV6Uy*xjo%~Tu7wDo1knry;ja&P4ba%v=K|} z)P9qrdxUVTQ7OfoOLG^a)z?GcuUWGqOoX8xJqo!)qHb1o1$t%& zqlWY-2xQ=1p_9>$sF@XA8Na_+u=fuuvTu&u$qszb$0v5K&#KQ9zCfF1s+3p^U$?tp zX>nJ^Z_dCRh(f=%vj-r@UAE2BWa1lN>ZaR!gJKNFALu@-?Q~;5qckovQLA0j29;1F zP1~^fN(20^j$nvt_sgL^?(fpZ7g$pD20itf16oaapUCpM+BQSCA#*zulW% zHfTB)cSIj^@|y!^Gp$%Y@<0QJTi>}zSxD6e#PWq%Y2mStYAAiFUqbN51YiSdca}qc zwc#JE-p?Nw8pb!OLp{)mQ%N(28t+cA-hgrD8@+ClS}Od&UsS<%$t$Dk%alBVyMW?H zCIXwQf>VPg`i6>|wZH71%NnD@FvDA9G2oRGKRS-m*gM8}$?0#WiQ($Y=<&O|?bc2Z zJQ-pe>K`A%vI60=U-t6EPc62Ywm4ovwEwXNacJf!E~QKE?n*fYRR)^1%2c%{0Dr1j zS8yDn3Q`M^Rr$PUV&Ko#^z$RmxD9TCwB8E|!wxJ%TM4V;tgx@7$UZ%^b^>?J)Q-*= zs-^|HnJe!O;w4ng`FyQD?9ksOweFiEdgw^JXm1O4UctG?KHAZ6q&)?*eCf(-M^B1( zR7ESxo4Q6+O1Gab22OOuoz<-2-Z#P*4!GTzj^cs2m0Iij_;27Z$(;k_fb`a2UPdq6 z>&_daD1(k9(L@rJIPy$aj#-b=dAqq$XhpQtaloY0mQ`#o@3a{DlT_PL$}i0}=3OQ` zxdq;QtcAA23np3;@|Y1OI_IaSb`m#-smn2F|%r*@R*Q8 z+*VgLeunxqD&1dZjQ`=Boe}n7M9VZ|geV!l0So?Dj)$Cy-4`bH8f@5$IFb#^*akS7 zh~}>Y5;hRDu2aJsG;WMNlg9%YTCJa5M_9FBbZuv8{em{npVge5{EjQ*LlHtKIthG# zShIY<01KutAq*LfEUpnU`DFqdMfS?m0=Qy$x(RXTH!w7#wSv|0hu8$`9wA`%!y-;}aZ%@b4@c7|BTu*+VG^g-z$9rt zUmMI~+@1>RYIkcjK$&(6=y^^goI^vfRjq1JF8W=RM3}t$e1Gs>geeXYjB@tAh>`4+ zx4ov0;Qeb&RiuVq0Q#VMT+mbSm}vMd1HMsB)OsMeVJ4|Rj9#8 z%gkCovm`6Mcj-TbJ*^mnzLN))NK>g^AQ7?hzX3ZlWeG|~svJYYM1glf@7pxv-X-gs zEZk;N7B?iT$g&Wy8QMUH3d%6LN->tm&h(_xl?Fw>EwcCSdVsU6gt9VqhZ=vCDr8E# zxF3&Xd4A%$B4AjZlY{YDxp$Uc#qKGyR02HrIZ16@@o#^3aP-{pM&%}W{ympgxcaO8Bj6c- zn6B6SzYzMCP5wiG82&K)DlP=eH-%f@7H3}Xec{*;*FI*CGnH=UxIH&+(+a7JL+bK> zfO!QK8$!KE^|IuPQ0W=G#(1XiYZLez&bgHGMpq?Eq=Gl1(DtXx-Sg-D^ZrNV!-Y6b zoi~a=W|S8sJ1kwnep0)U8uHSR`6G9eu9TxSYN?5<^xu+vpqXrl)JgLy+c}p z8ZBVAd)(|*BjdhY_CJi^}t5-~Y-tbQo7d{eJN7bo@2z_^{UjeSm@3X>)UBwwHNwp+1W+V{_t{ z5tIr~=dE7`SN1<#`@8ptYu_ky-!dJ@fAcu46wLP83%q?1zXgOfqP)FhR~$d>SDvFr ze3|Rc#9g4g1N&!@c{*O|rPZuTRmcJ;U27YC#?@rzZ3?1QcI%)1ABlD*mG?(pR{oHa zzpIW<3pb8;G=xb;MQuHrv95#FX0iUeYrbKShIT%C9EuiiP@3Sxiq2$C!UHW#x8)+T zb34K*XEgOd6oU5{p?h`F67BcP`CC55r8ss^^GZ&!3VEZ6Kg4#b$MsRE6UA}Jcl{s* z!_0~rSmnzQEOIGSQy3Xbu6*&st2SQh|AyLhCY%v-=CD=cSn|A8+{?;CNV$r!@2qEv zm=6a@Wst?7x&B9B~h411#wp?%EAnaIbpEm8KdknF51$MPgD|3}q7%+UHEUx4^Fmb)92)|m9U7@_8^FFY9$27K<-%`wT!*E% zEgA*RYV#QjVArKe%6T<=E+=PHvaGsI=+4b4B{O)8h9`2>u%gqQk3h#OX_GgTJ+JVX zeCoXOshXFfY<-vU zSCy>^m71We8p&-ZlIm+58f)WrVL^=?*K~xC5>LY7loLD%-noz~f{T#gqr&_LUw25S znt#T`x6;fWnjH}_DLEOJ)ff2;%A}%ohsjK41)qA6iKkt~V`z#wy;?x?@)J1k|9@fY zYRqc5qHqUY`$l3_5F3a^CesHbL&>fGFl#DjOfDIB-oNyfgQ9t#Q%{2os=*DVf`Q}L zd}v6)OEaHN!!C3oX49}o6*Ht|KwMe_SG@vG<#3O^;j|zgNBjYS8Z46N{VoMQqh;^)CmBGVf2@x#D726W!`SY(_%z`x$EjH>Vk#i*RRIa8u)mAsgCzFl8 zK08yb<65>Y6}E&|&iw_ghZ-~&e_dcK|Lv+!(@+`#t*FddgvJ^`h^-FCzNQj+zM@%l zCT4qw=Pl_}_!N?~NzKn@9d*TysDoL$PciC%8`j9k`1-rg4KLbP^F$JH$%Xo>sgPdL z{3IVT&bK?9s{=t)0RD;m{8RunC{Q4_;Fs=S2^$0?rp06Im21NF&D9OLFdju|T&BP5 zj~HRw+2$hN*<-?=B(!c4Hkr6gQ6dE!S8?51*CJKW>%o^xZeg&TY(X10B0q2zZ{rr7 z$0W}@2KH7nUby*yP`Diq>t9N#e@1<^=X08QRb}W<%NgN(wbvLTJu_C{pz->197yXm z;h@5f{%Ot-S|>RO%yy!o=*>7EtuN8D?zKm0;P8zxMY$rL|19w9q2raWgh?d+y^5{h z*sdDC3FOuYV`PpJz$8Gqwf75RtrbiHK`l>k?3Rt7TVaxnFi7i9TxrTX{3?1dtPPxy zA8i(Mf$3OnnzNtQHu9ZP&1!VKXHy80{!JZy2fWcd_{fBT#6Ms;A~eL0OIJ}%_AfAF z8i{JB&YO3aeJ;MG_g;+u6Mv#XhOMMaG7JrE2xXHF6BGBK+ZUAS8NFFQ_eE3xs>NJV zGO$yxp5t60DaEcV47N+KGJ>384XX{(qR3!a0gL``^htXvRQt7U#7IE`JUNY}k@o+F zKI@)*mu{t;DpIK~1^+ZMK;$h$I+TTQ1_P^pR5<(R5rWC4$oBpq%^&8OZ_c6?J90j+ zvGpGHpW%mwe)Qu0Hw10v(JvS`Wl;;`$Nx`+3&@p4t+fYWy_@ypJl*|uvJ&wxXN@*Ks+*5&p_&6WosJ;_UEkpa=z)9`(T;5Ha9Zd z*wS)_By)LlaJ(hH7*j^IE%PY6qIzv=66ZZW}YyU)NRhn+t~o4@SNV# zrBlE`GH;WAzW?=T?WBN&1QHaQ{}y|nGuCbx*tI)g{BA1CQDt(4IL>+BwA0P?WWbkN z1}oIP95%=GyKJ-!7k;Q~ETaOVg1Fvmw6cO^f;vrFa#AhRr9Y|@5<%z_R2yjzd36#u z0347*?G{I!XLpIvhr18%fqZoqPy!${1Nd`|lMQqMs1t1XLTC(LBgO}QOTd<`S8~Tp z4L(Jf)Gz%nrp_rylweu3W81cE+n(8D+qP}nwr$(Cwa3OD`^~wCcYmrYI;#IVy1H^@ zuFOA70bci%#-%HKhE78Ae5P!4vFw3SA&pXDovavj9p~@i{up}eqU0>gvDvp$5dvWo z5!uvRWF<~U3H)j4*AzVxg}g6$$#e$rQI4`cGGydM^Z6g>S)p_LLEE<1@ukEbRXFaI zD#Q4j{%%(9L~3rX30ASHb-jq0Uct?otUs!#SK%O0aQTL=O1v;OkC&&Fkp6#wr^yDH zPtckJ>sK58tlju=nATZ@v7Kst;m{r+@aoLm1j`BBQYSMdL2q;yz9S! z-Com#C#ot)(Y2|n*Ooq+or3t5#MPsNNjvFRp&%y1W1X`|L129rNt`65e_sCteBsqD z-3av^a9HH3MJuiksIaL0TE+W)jnr&OG8_^N!^rlW*9|TgP~ol#z;_tx<>I3>q2KF` zW?;6Npf{x&(UYx+@J7En;?FwKyT1Uq)RCsY)(j9!=x}FGnF!X;kD#19@pp z;Jf!nMRMY_C5e$St1&lNAiLn}2ly3Jhu-4s>SAleAVwZ+cONy5v9ABx?rDQ=EsM~U z_GP;Tg}6l=$5ruGV934=7+QH(4Iy2`6J(`mH=)qqRhk$=!Fsq5{43Q9{e(#!_%FQq z-=MOe`+wPIbD_!qa?DL>qobItW&UVC%U=x2_q$@2;&({aes=(Z=-&77xpx2oQn(FUd1s|<*06HU*2Y*e{ zYsRpYhxxH)i?sFXc4fr>`9Tbf2yqOdjofiCI!URzUL^`0(v7vvVqG4q*?%elt13vl zgY%SY)tjXWp`-BDnw+Y?M&A2I$1qEu8R)57|F8GJ^g#@22#<>-os4n2U0z#FP$yDx zHlhLw@DD7anj}nP{nmO!9)*4gZ+a43yn~iOd2iKofb7+=a)FmwwGSqFeLD5X8jlgQ zYb|o-K<-#1fEn)IM{Q*1RpG`8LoO9U0^O#_fk*~pcYI~c-H4iwEMZy{)KO?|pQjGQnMwpz1)u7%m{Q?D zq}j#fl9&qob@0d0pj~CeqN9tUnUS9e{1gtX2uFCF@gUi7(j>t2Zr24~Vmj{K^NOR} z4ymKRy>ueXOnrd@s!S$Ijv+FLo!4LVEvy~{Ai&|G+PMN5j7U0^C8v7WvxP$ ziJBN`nx|M!ndkk0aesqSSNhrpjY)DRUnD1kS>)(ihy?{|5+MaQP<9XkR8;!W3!*KCb84E$z2A5w`ag~Lu&Xawpo12~I5;Y#1HQ0@-NC9c*2 z`)BRej0|S~QKA5Qu~Q$F)0{tD$ke5^hMY>(Uf}d!Bj-;$nm4|3S46~Z?_(h z$dCh&MHoj_oA|V8@c}20|J8DQ1tp4FE5S(%@@sd8D5>ms82nZkfQa50-#t#*EBz}f zsi385L{cMUVOIK=YYQ>c>^!I}!Gv@K&+S7QLV7sf(~CeUPw|gnZKjjRpx%-T zGf4-vL`AV7~uob2Y^$&sTiMC37BIs4*Xcc1+ibz#_35SliJi=3YL_o z88@Wd1>}v@`tI**is@}T1>U?Un@C7EXBfQX0XaNGnMbYz41(>+A25cXuE4 zKcyOEv{lV*T&NY=p#8S;^H4I;WK*3XJt68~I*LF0Yr5GN*$u4Fr90MUYnv}M`$uj7 z0P)eY>Y-`iiju`mtdXIGD$Jx!gaZ<5Ou#>AwCF~F-h@^GYX@sUjy^`T`M2JfR+NG4 z3$vP6BP-g_+XQ-pnncU*UUZ5cbz#gq{D)z=%p|E#7<6czv+fr2>Y8gxTO4)lvuSV3 zT|86(JJ8x8uHPBFbc+Zh;`gILPW>ZNOYD<_OxdRFZ~3ie{M~(=R=(DdFL;VK*Pd5< zkg{spm-UiZcT=YGu{R+ve`wk@(3&iW)L7j{L>@x;9F*A_n*26^)1soIG8X`m)^ilV zk!2=P0WKJqn!zbFJ+u(~H%hWiDwsv|Ia+z=Gnkomeh#@KRgtNTBrk!G0)M@>uXU2U@ zJ7UiTYq1vOie4}4TC9X#QOm}Zzr5aDNc(91fgfixc=^+4%RLV~-c>AnvQv19$sC&< zps(gEZ0a*cdW8Ai% z=am1Wt1pozcsM=66Q{$DAxc(>Tc0bc)~a_i9aOU;ReLRIC~is;JbUzM6>jXP584KT zc4sao7ujT*F^M=iop3qO(X$`yv9%0_eIkGB8f^<(E!c z;{DhK@hMo1`w=7)Tp>xa5g?-XD-6>1?#p(Iju$O;0B0)l}hhD=+s zO?BQaDRF%%VHju60yi!LfL;zUqOGoC921nz6PT^hMMnwT9G_4gf;Pq%CAsM9e(&VP~6+V2lD7 z87f3DIM6V%_Xtb3Y^oom5)0Vwu#F3hB+Ye>O@e9ET)FLwp(L1Lm-wb(oCOS%4*eB& z1ZpU&l{Ps2HOCXYd5j0I=PS+USa#DA1#BfWemaiOJB;^#o)g=<3}hZ z7Yc%r4Ra5iwvU(-Q^uT4#XBizpMuU!phO7PHWsO*(~iy>Ll~mLs9>{m?17YE7f3QOunFV;PzSUJ=!cCl>mXzq%P&s^~rzsW+7Txj{QvE=1DI zZl*DwjL1h0edkK)T<+)fZnu}PF}fSBU(T{PUoE0EIy`s-$PixJ6mRnMC>^I!UKJ?q z_w=+=?NO3fZ0)1Cl_p8XeW>V~^|x8Cm-oN~T2Sad1S0WqLf)A2mJz%uq>w7j{kK%( z@@7+b{3SIKP(Gv!7wd0y4LLZ94|sdl+KQdKv%~wjBs%}Jr-hfsZ%^mHG1|qp&5>KVfw#K2gbwxD^_haFNYe}zk_!==HW#d| zu8KHKSr`K`Xt%aDKS&AJZS&NbIL7DN={DZLsDtr)IgQC!rIc_J zw%r#*?2OAewkcyram5$$bn7vu0jpynPs>hyOi&O&cfQ2a2Hds_C)?L8RhGGeg>@XH z;2Q@(KwM~ob~&y`hMhJ9^OunA#@q|!K0wY-_R%O9i5g;+b=?lOZbll@ePg~(___RE zaedWt7thKuYNbTxk^;``Hwf-`vLc@31yPBWyEBKWv)g{9Ysph;K)XF+uLptvVJ6>c z%-{OQ4-hy?G&*y{7H5&0kAba2pX${`o~q}xfAt4iHx#Zn*8#B>d~XCq|6R2t#S=cgrvM_;SK^d$g<;7;*C234;thQqXB z9;`kt?-mpR>|VsWN4ZJpuO|ti>dR?yySi;x4`Dp% z;v4GkZ^CkdVY46h^Tf_9b{V!fp8>SznS$9gbLAJ)B=+{C9Rn(YOc_ zj* zg`hLEyRE8b>X~`SdU4&I36)%jm^fUwn8T@QaR~m6BJBz-XuE;Xn_NJrPM{Q}IX4Y=?2Xcmg zG}0|Jm^{*mBS~tEM#~>=M5x@9j%k

    io(YbktV7R&K2R#s2>GtWGgc6;sfmF6@%s ztciG+SuJvT95d}?cuVjWt>oLZ33zv00|XvnVBr4k)=QZnd+$2r97oN8;u= z_U$d<98m1rboEHw*N=5B9B-03x581b1VVi?A8;3h(iS)Vco!gNbm;)>zBY!cb_#yg zq87SVqkN)79%ppLdV3tfAc+IkUY75m=OVVah5rO>tI?RlHDOZ zFfDH`AuB&dUKSc;V2uc>*LeO!!^1{Aj@2B`0LG@yonq+Gt#ke6^;9CFej$Nti9Fb%544!nzVBmCVQ7Rs{~(r>ID;xHiN ztcW5ew_PCb8~aIL_xSl>o8;0C1DxG8DY`fpY>K%Qt0^p*R+J?`z>FrwLn|1i-~-mQ zS(-xX&|EpBor3bFTPM6e3tdo@v+!47x~0S0RX=`U?q)Uz=xomej&*Dw!d%fYMz4;|NaJ>7wsLTXJv-YO~gz+te<>^9=KV+ltWU>D;&Dk zeh76Bvged!pO*dy8=J&@T=}}u(5X|5UmK?#ozj_C{xM<9)NuJYQmYl|s)dV>`ZS9% zjI`CSTvb6Zg^Jx4dH#@E_b~|>Mtm_ea*h9Im2X?#TwU-ZHPLW~HUFjh8%N?APq}un zVt6@t2p6v2DnRH-Ua|1|Zsh!hMp_Ro@0RBg7;4cjE$6l#el)r8wvv8lB>RPUA-6No zOH~=R>on-;1pki(-!uu>YWiM9#(IIV__fB`ck@v6Ueo$TcwR`&<608Fu4FG|S+m`v zQRMgsW-}0;I^TERb>ewc88lkhULB3M-tn*Cqkq>vTmkX*YqF33D_eME_l5f5`_Tyw z)n%_P`$K7t(|oYHN}1sH`Jt^zu?`$n#*Tfw|B8Fh9Jvalb+&uLGggq%Np&fQ=vn+Z z`vFx2o7&pVDIaVIWl?@Xnu^8cTt(Fjf`|iZ+VW z9I4gpB9?NXu@a!B%b;s`@*Cm8-rh?3zL*mWigrDw>SXoJLxe#~zNX&vlM_NdEJu(d zoeqHlz4ChnSqPmA?CXo<`G%w+ZU5Ly;>vUt=bU2UX<}0Xr#?Vrk1@gy>mKEr2yTzU zun!H<7_B_#9b|?uHy>9}Cg4Rkm9ZLf*!LP=!X7gSn}6A11JVT}7CvaITnz4`&7PpK zi+Njj23tx=n0y`32AhZna-|9X6h>lNv>T|*cdysjHl%Yk}%2Qq_lin*iW zwC~FE+xS{D)#;yJYLq?Yx0RGFgFJ{aqTw0PXMcDkf9?tqsjL1$Jr*&kY6zfdGjj9~ zA~=v`R|zytNIOCeW3D%xQ6VrTUV<1^=h=pr_m~~W_;vaE1gG&fCjo3l`L*s2q|2!g z_OD!m0szVq*xA^S<G1gD!{0uIlUc;gruS zk9f5N@n#R}@kRI|5|CJaG6bDfw#l}I98#&sXo8Z_`ml8mf8Wi1n-lnum$pLi%%7{u z*8J!a(n<};J5p#TP<3bsh&p4SE&ujEMMeWnWQ1O7#u4j6?HnA%z5Z0l zxLdvijxba&v@o=T_3lsivXtX)j@x8zJ3(;^*oC=_r;`GPPQI@bRNDPd?asv*O zK2)Y-#3AAS(U2fD)^-Ckk2h`tx^zp^)^Y?~S#watDSVPO^InB-hC(WhN1=kx6Oc1+ zAZX+a$mS`&Dq^}fGw8SOZp?Wny5A8+KoY!p;$(kpW9G7Z`1(3%jm&^6lU7I#z^M^B zH)W#i=}vl&Qr^*(3$tyOmOlOY$(%?gyPwqM;h5#k{!N>wIKf}BX{9` z*qu}o?^XE-+rgkxs_====zggPEg;ve!lUR~5(KG_Y0k&?o2#DkQ7+kgkV{vZ8>R;W zjk#00;G0LkI~E^Ni=Hr%HZw?9Jg3@MHnJo8bt&`zrH|-==Bgkn9fd@@^`T#~-#Ml| z(eXL5yC4J7k=#%5AqHqcWIIiNOsow9F925vRm$jBCaV*2$s*qDfU#)bS+W^gj4E(3h>{@z7-tREI>gf+p>;948D3)VyID- zqi4_}ymTXF#cUM_{@~NDp(+>@-prK1r8)ZJe-qV^`S%!k;D+~nqXdYcj*~hRGrMGF zpl5B#cx23AE%KfXO=BdxrH%}ur(w~vyrQew+rJXMPRC?`VA`_BHm!b_)YyOE8r&aB znrQ4OSK~|b@rnGOwAKc(_OG=E%ylWNfmFw-!cY@w?T>k#9}FIxN@w`Bi-^-MW`d?) zCezaj=qN0=)L6MiUfw$O{;Sz&wZ1YMnIO0-u4@yID1E8~aWi;uW6i-u#7^RGDoi$` zG5e!XvEgAQT?VPzIZ4?*W{a1{cDhZ*^D;0~Cy0*(z>~a@UN;U@3tdh|@pRMf=yQQ7 z<`SjV+ER~6v(JIXsB>v1KyMKJV{=WUrPxYFw}xNq(nBSRTpb*XHPT<_ZbwgfI?Klk zZDRnli&^>_{(H;>Smj}M)-7`I7PrqFp2@kaxX!4|@L0}~wErOF42ys@6=LpfonnPs+V)%VaGkaKi<&(I=& zY(%)9N90@inwdvN=z>@ZyIPnP@Pv8x!ECaX+re(>PI4HdA*C75$lfeCl?!h3xWzB`gngm97`z;C3Tx>IEIq=5T)Ah{e4ya<+7 zz6UPk^>->%ARAsGW4sj=jYVImuq6EAHh$mF(#yY9}7JTRnWc zhro07!cSFfVg#>BlhOJoKX7_|zA*^T@)hYS&vHV#F6LB!x;+teV5Lyk{wlFCO#%Zl z82^+PqICf!qdRDC1AbclVz+7fepCrPY|`Rn?GTAY6pxx}15g z3dbQDfxDD7PU98k_C%(v8W{#gBM?4*+T;LxBh zG(f;;F1{|H_%WVc4L)J{tMiq8he;PBB3GY5xy^%MOHECj)#Y8Ue^)9$tRdd&eb&K% zOlg08zx+0ubHx6w#QjifgryBk68g5%>hJIGXPlP#GcBNgK5Ir4yIbYqfnP?w;Oz{n zZ(HAGRPQGR62oTY-}*#ZNfv0vu|#5W*XOf%FM|f=PPd)##L8>sm$t zSc!NmQz?6vL}PJAti6&#&m-BH6~EC!#a`Nn$QwEXUfPYGPPeo>u3s`J(%>Ta_1)I` z;cM_Ylkc#nQU3efLPA@ItsmkP131tlaIcA>qxFrkJJPSGe@{d#%1`>ZmB#+dm^G(i z_}#NA1GQ^cR2~PRik(1Bm#x(6_xGTj!&g^yHhF!*S(8IIWbUqZ z#60N4q8o}t>EW)AqL&C8g0tRfh@snIo0WyEO*!Q2>UA5=_dE4_PaUq(SRvmceO58@ ztgT)cu-7dg>cU7}WGp}u& zRHL@v07$l(j7`0!MS{VXce9}|T)JIPa~MR2_}0a$cB8;fcYXBQQnBaH^K!wnzVY7Z zGOwGeHuDAVmcrWmyo(M4FqXnCO9tEy!&gmNSaaHqprM=CU_hqiOEkVM!B_g~LM^W| zcl0h>ZWHQb(OTyc2-o~s2efkhf-;QiH{2JCeX9)38B1OXRSWeMn19kGS1o2j&gwCBgvp-=QJ@Kw! z-G{M|s1ouhRm3jbt!3eIS6C|oMCYN7lxGh|9eSDLhG9PZ)NdY9o|!Us?k8c=M2?Qb zw9Ug$)64Uo&7peW+2^(&s9fco!@pQk@)cIrrVT#kF%#~cT{#@Pt4hxYB~}q3q*0Us zGJ%Z?pO3!2ATL0qWC?)eBN7$StK9QQ8Qp`!17E-F>>uy82VJWWPR^gVSZ&8Q1gU~% z+<9$mTvGUTf`cQG-wzWU_Ed+H&qB!6@z-cIK!_8jUKQ0noWYyHdY85=Qu7D0QLzQI15fcI$u<9v$(Dy@oqHPTQ z*o(B03EKb~pQtP8Vp`m0hWR`RTZTJN+odTvn-y-Y(}}{0Q5s-9WJ&x=7WHR2^-j52 z#a6x~N*^aEC1DZ9nvyFn9)=1M`rYnwD+JRlCAX0oxoJ@izsXwy@B4R94@#+YSs|xH z#!l1LQ~=ddFz)dxi=T;i%_=rxV|XG#hg@e>m4%NNp{aX%foC)mLoZxn$TwqsPqqSG zs=2LH09s?fGu@**f#bw(0G0g_v*Ldwzv7^lerF%dt|g2{fm(Xn95zCuV$Zw^iql++Z<`^|S;~+SSQd_qgK6o-s98^6ugf|M0k)MDH*fV4&Ebyi2zs8YVlM$Jx_)kV4j5>{O) z6F`p-r<&Is=Yw8deHoyr6qupSsu-__dns3g=LEVW;4Nz?Hz4TCi$M&ZsL z6mF~6P^%K6AU)0@3?qruJ(vII_1x30wdB@^W@~ZIwehz!krG?Zo0TZ~_SA!8%?@A9 zdgv4oX1)eFnBI=`>JV}l6f&F^9DZ9lZ)cBZq8O1KJABAL1b~%vm*^85I$-AJnOC2@ zXU<1jy&-#S_>XqI;oD8EP5)9~f}2~5_8CX!yEIk5Gbz@G9LdCM_LEp}*zKCsk#@u) zvS62%447+{H-nv_lnzm2H0i1sG;~uw@9SEDT>9$8qAGj~>54P`Q$#qLM*Pnl(ZZ z({vTh5Uv`jQCThTu#)7-tM{gcDh=i{=9c;dSdxL?we7#@ay0qN--wo-+U%hHS6pN-qz0rb~j%Y5e*>-yU&4@&F@LV`d(So8I!|2B*bonqb zxW!a#;8ANXA&iwZ&byc(??qad!j`}%U#=Up5dfp849w8K!)w~U$H*t=8-i#8& z+|c$$ETTpvN@C{P3sqC1x~L=Ixkvqh>RCbuPMfZ`6{~n&-Jh+#uPpMY#SK_NUB90l zHzh|4t|kYv9e~L}u%BZgL?}$A@78wHAXs?@gW+`&9O>Rm;VJjRdSWtN$0f%N=;Y1Y zwR`gVv@()I_~>cUWN$mDFoV}Da6=)daVvjFmNKG@cN#z#z@mBALW?SC*5)NY{VYg4 zA3+aXZZ}C4KP8N;>SeNLNa-ACQ(%NB#ZPuTwz(ccMq6?y3lM%KI6AjU=?%xK(zizb z)ndt#ONquA4whyQee4cyt-5xD=3BB&MWZ&6?23Q5?dyYsV+#o=10)qQkPX7RE;tEk4h%+ju{|XSK=F%rE7AMx2zwPUEF+7?T22?b?x< zB-mfrl&J=Kx^q22(q~*xi8iCr2696k(5OAt@(~DBz}0qrJyosyL~DWwd}L0NOGVW6 zjxV`liY1tb7!4$j?b#1EVB+}n1;pWY*HHrNK6nVd6e@K^TzLhh2WJCfhYc{7JClj5 zR)pw$Df!OH%yPYTZ>_`dIGgM$r7H97Fx0wqIPt{7^g#f^i^)djDQz)P*zu!d3%-^-iAKl( z*u3E$`}I5)?0I%rACkkb4@c`VQz-_ZpWmOwMnnY*xXWfCC0wyezaUghIWdv8xmwdO zK!aTGBR{>Fc;tz*!EF@gvS~>Z_<9>+!f-~3`phWpre)@WzC79Gf%_Ir@|QT3=O7Ck z;0(ubp|_!S;hWWuuCC<<{zJshiAvs4ZHk^c-Vv}mk{zqU_^LlN5`iv}Ctq*XL7K?- z-OB7Ju@~$tX}sa`c38tjH8r)m3GZ9UJBb%E)_z4BDBg-~`I;=pDeL{oTv`4^woxS1&;Bb_K$V&($GVS;T-kv3%OcYy(k zR^e#v24^-Ut+!ArmOadTf)+{6bMsCg4D=Ru?-QgP38(v<>@ z?plc3X{o)^#zq%juLE$3x-7+3!N+wv-Mb!f$9B~^-OmbHWp&>L(u1X|vVaZ39r)|H zezJ5#`fE*%yjbS>k2RHo-2llT;4Do`0TzTN&cw3BEX(ZR;>kBS({iH$l~Q|aVt{Lj z#WHIRl+Re3UeRhRkX@sf%u3UfyJL$nJfX~c#zdQX4KFK9$rJfJZJ@ebG!yGL7uRNj z&aRM43`V2=Yw@ngrrgjc%yQv){1l1a14K%xr4JW{=Kv=?Z%7am0Elc?8V|MG&m`AI z9D%BpNS}BB(0Px16s&^VHgqx|Um^-4=-Qu#0-f9Vq4@OJK1LxePgdO$L3byv~Xc|9& zeAhyAVs$nRRW2T?An>wluE_j`8@dh9N9>%G7+osMoW@E0bd6zz512_?uwj1S0U{Oe zCs$*Budzjzo}@>AbtE0ky1LA+4ua?usM5PjqFNQ^!*(gX+T_g?xhrmJKuFf-!yNkp zDt_ne*`H*M_i-hdg@mILu-A(zbOU$qBOh5=AZX@LMsT(u*(4 zPsB11Ya8_>GRAyVMPGXLrdN58C5Dwt5#8QR(8_Lnw(CfVT=w%$U9U#Z;5x3u2BToy zVZBK&g#BGa(PHVjuIg?p6$~~OLQM&ZgtApzPLVO-AwZ$fViYaNK0D$UvK4PKg%*xt zcKwo-P7^swESnaPf6^eyWs`9@_Pmec|HjZE72xk|F?I6SXAIQbjKSO2de{~u0zTic z7K{pJ-H9NUR?ho8KB)Xs`~dpBUa&8i8zt129(hb253QRVy3Lyyoi6)bvo$x2jH+!L z9x^XbI4TR9CBVglTH`~mNjP|&v&GHB7(pFNe?3;KIFF$Xhq>|Zk?{%p)T!d0$A6!1 z6y#LubiqRLe~95KuH!UV(-(wR$ycBKh0!X6;p;RZKa%<(APM6DvToCPnYrP0ZAOxt zI9|CftBQK~sG4dU9z3np=OTS6WTbw!1eN7y4G*(Eaj_gHo59wjK@lzB?3nGSEK2nb zR7;H59{w;-A1&yx_XXj zd6MNxE3fbdVhc+;k3fxS?6i%6^{(Mx+i-5j9EIH-t)wKxw>ex;qTR7Z9lIylT+d+3 zy@7j8wVSd$kz2;U09II~fv^8dL1a#jqJ@-asta++DQ8MSIK=&ro;n$))*)`rshewuS}&j+3}u!DOiCgU4159M&qZ5sca!{hhpx zD3wR&*+Jcj!1Z;e5f%+4#M+nzVIEXQGkJ7dH`#lJd3DcJlGdZwJ`-HH%E)xFetj0} z@hfFABK{H(x^4gDkar>jto7)h{;{C^5V93dhD?9%zkhu#+L@+x<8#yAI#H+ZqvVl1 zbfD(TDJ+*zIYl<}d1cQ#%wN4|&ikP;VYps zY8@ITJboOc+8TzX4uioAC-7)m(qhcT=R@Ihd}h7~ylTMFWiMGkMR=Bq`apuMo#pVA z=3g0VILgs4#l_mAD&brmyFEp^xMRN|$p`Vf2 zg!X>E*Ki2AP9qga0XY4wD*1_0)zd2NtpNQEu+#0JOLGZ1T!T2xRU-d7H+NMrPADff zh<#V4a;~=g*aVxg)GVIy?S8J>|9lt8jj>5~;)TnebDbI4rw;@ne8;J88p*h|&;4{2 zV%{vz6g-zb(}~NC=CHWDBe?$P}8^tozMD7VuoA9DT71Jl8F;4~!Sm2Y_m8-QYpfS6LmRG zx)|hIc6sKGsFS=$IV+Gnzj8-!8wf`7`^&33_pZ#Y&+nRZdJeUMZ+`b4^Gg;S5=z*J zSWuzE>b*LnD^k5AuBvpS;b0nL??v?T`R@WD?|NP$0b<7v5z+7#loLMDK|EAmKTC2r zPBra6Kj%8}N6K;mGF9mElzFUpoJ$IlwB!#!7iR;l+LRIK^ z%#3;GkuKRAurElL@dl{UHy8Ex)Zw-81LNS+#G7h)0++|8NA*2bzx+?dL_68O%%nYH zk`2s06Miw^yP-)=!d{c&W)gYtWLJ3+GZVD%wp z`5(IiJpJHvqj5;KEry1$jnCjd5>F;CWD$2SiM#C(9|P{SIN#U- ze$!ve5W#O4JkX>*ANsTF>R0{RzmbW6S;?+lcG83*yzTdYY{smvKVsyy^)01V?eNM4 z^>NJ9x_*7lonE>JUv_=?xIw&VB6qDs;A0kj`J)>kT6Zccu_8#8h>*jw5l~ea_!kz z1BeTA9hl&*uC}B3LdzV6SiFzZ%X|L_vB(@UgeZC$&rY*~1r zyL2aH>+9XKEl1HOqS>hkKe`=99akatd}Nn_Lr*t+eP$x=ZP>+AMDhXv^L~Q~@DyX~ zGl$wyU~UuEV>Npd?m2(YyHn1MOi;WhpO-xNY@M4DZ-@ZA(xLM>7;oEG=Gh%*DngV-q zw-(cG8w+p@-okeL>5ZFNS8B(ahhFrcY@|Nwr)6{-*u!@um~OXCoLP6m4s%Yo9(C}N z#cL1uA(+2#z)7=Pqu*!`&+1A4^l`5-G|RxoP76xRN@ zUkzJm`QfSk;$EsUdc1V2HGRBf|DD8<#V>#~a*Or(T4@yN`TgGT_1WX7)Y}U`JzI_w z>#Z9uv+Fd@A&)3`bfL#npKn1gX}%VKrMr7$;n6J7wo(j||Jd#}Pr;cn_?KM5I;@^l z=c{q9lb-0L*cgnSZGi0^*+G@cKm91v7^Y%W|l;_w|scTj?iaYXU+S(aq-DxA6sX+7(R3=S^^J)xJ{X}(i zpv8l3y$1NX&s+Ye#H zxT4nf*`D55g>SXYbPm{4XkGtch6U!IrqE~bgZS=@;kLbml5#0d7bk+fe!KF#G0%x+ z{R)ZEa^<5LtHuM5649V=H{6BKkK4jJt=}%w)Umf10`7Vf#CRdMM+0*Kw4zK(fWI$DzzI8JJ`uPt~FyB+%1xkLQr)> z`h7Nc4Zpl&DC(!Q%nY>V;-^s|CC9hP^%9E%*x&Bpb}Xk<7OHk>zXuJF4U{R1n|q*^ z8LB%5#5lIZWoN_9!AAYb2Y40_eGjPXM|UVs=n}1XFXpKy0czq>nJpoh z0J(j{52cASB0YX7TIg4cV39n_i8V-O!z44w_row5-|LEx24)|nham2B_|d7&8Bo+8 z^U{ex`JaY}CoKuaEu77I>g^(^Im0^0b-q?4S<)M9rQLnC4nnqz&V09ZzHD0<2 z|34(p8$gd(<*twYwYKi^35#!6AuZ*92mN_%5>~@%#&6tu+TCJX&QQ?ic z)riEYRv3Nb?mOLXS(rAHaP28YY#9xy;ml-WnM`74W_u?6T(&e6)^Vw1U{p z-9#&&p`SBV){V;4y&Y>~l6J9A>-nBtixPNRL;4|Mw4)%ZSMh?*=(XY|>&Rshe_s!o zpI~?xss?R{P{fsDHAUP_@exXxYnh8y5HWvC ziMj`6`LqdD@5F#0QPoQXr|_e@53Apnq#o@qSI33ReaEx%w64uxZNdk-_Y6i2}d9AT^5nY2dWL?B99c(s((xFtoU|C+dPTeK^c7!YP2cShw3e znbkMoY2RCRcGUrfM0TW%N^xgz{vTEM930u!{((Nu#GYtk+qUhbW7`uunb@{%+nCt4 zZQHpy=l7ml_x{mXy?1w4?W*0id#&gBeh3zMup;tbFs;8tB~M>0C!StEH|dyyi0$Q& zRg%5C4x0M6B5LtKnxPexF)to8FPXd8bHHJ}y>yd%t|`YqiT#}gOuE6hk}RUAhJVpA zs1RoQGuu8PdKos z%#2_)n8E|QM0BBN42BU5g~>Ay(%kamG9mA#b*t2Awiw+=bqCqH+4`2Yk>PrBC9>oq zxo_Q^R)X-j^v&|0icPJQyEV(oDWO4(iTwn}{VQw+@`5jBEO?c$O6UWjz?r5m5$iX9 zxH!HAy7|i3aU&EYQdP1`g2lKyFGlxX&?AOwgeY(Nl& zUrcy!W1elr$R+Y0Qi@6vH*g<$ILSSY4#QCq)=JSMjF_sgHBnaZpEfvR|H9T~$UBq* zIw^d>bE_d`tUm$1e^%VljfW&Qn0>&EY0(y=81?1W(`8%gO&?>d7A8$mIu`4uwHVqC zj^!@ztbwh(AbnmNS$^S&)Kn?7!!Tu8<)vG*+6aDNz4%Hd#UU^k!_0f>Zf<;D?R@4HoMT4etNhijb(X|k*qbWr_WWxd_LA?$XxTcvu!#42V}#GRq_ z(3jIF zrpUS`{+p z)b;N|U78F^tv%R26H0q7t7*OT_#{BNnm>H3Y`cg$oG10RD7*a`fNZ8}(B9_C2-LPX*= zPqS^jU;*-i(D+D&!;>oa(oii!BZ+f3DwPIp%Gz1uopiI#U8?w-Odj|`Z>mdRHrAx& zgr31r3zEf*^%+%P{=Q8u+&=~3l?(6o=zM5;PmyR-g6v=eQG z)CbKIM~Buv%D^bvlrLrvlskf_edx67W7fy(-jRQp)NCL@c|pFNFnebw&sM zVEuQV3=*UF)D&|gVTYcR1%5uLge=k0Y>tT^V=*_c4`)kTK2JFBS7%Gr&7V(l)!kps zK5xlvTb+wvUvGS!FORx9K5rLiw%u>&x9-!bkG~R?8{U(bAbl)7?7HJ_WN7dc?(M<^ z1xeJ+dx`jU$Sp<;2_qV2UNlFTr;Ov5=J-C^C%{kK5$P)gTFeP0Nee#b>EO~Ndg}Su zGZPxj`m<2SYQcgg7~Gf)!@6GjK&R%K_w&AIIe1gU_LHq99jZ!~@xIgM5-7`TL*}%h ztFeZ;2*=bo)N4G;4)WCp>Jt*L17FKJv%I-JE)hsuv%=rAs#BC5RXV=UN0H*2)7J81 zts}hqfyJ%CTe5;T0>hLZj@?%qkyqgCKs+Yeg{`K~>&;c-unJ1^#WXl%pe(wwh@?y1 zPkws(0Ak#MJjnU9`Rk}8MK!7< zy5|jkk!CKWFKdqE^v4`hCjmP`#cXIdHO&HStF7^9-Z*NOcWgCshMF{bg*%su5YzzS zeP+H)Y^bi1m;B<%tOkg}JIMFowZkubmcvdZ-lE@E8$Zo;R1TSiu;0vaz6?$WRa!ye zCa%5mIy>Paxx0&Db)PiZS9Vl1R|)WquDUEMtW;`y=%d^{tWVAe$tg9+QPt@-&Rf_=?G)} zj(x4Gy>$ruxe*Wu3+I&1m1}PKe1@4G0@qB*x*^C*@<<3D;RB_QTLuQjjbYQ1;Zu7 znkKbqsT1i|UbEJBKj3C}r$`>dwL8%FSKTE{&#Gi*uNYKg|8$N&T7b#8tXVcyXb&#~ zJ82f30qcwZ8$4??L~i&`5eWTSh>6&6x)kNkOwP`~f7cG^Gi)_%%PI0iB_Gx7 zbCQ6kIBq#c=1UpoPeL6WK^|l?wU(aR(XY3@BGz7{Lhs(e=koS_-n|IZ1!>`-R~sl+ zySWP5!-Vq>78uaKO$+kZti~SOkF)g4(nk^L{(zJmeJ0NFw_h&8P?o?XOxHl683|T@ zvtqo=(I!A^Ri2Luj6_6Htg;oe(RLTJ-BX&luc; zk5ZTYn(b?gbrr2v7*NL=d zcjkBXCY&EtxM8bpV6K9SQVsb^4^|RDI29>gKyW)d5pH3P+&^uV=y~l|DL0nFvaPr< z+^)i9fDY4HBR~bdALzhCf)J7VE3^SM@WK2=mNd^0U{vBIje?TE%k`k+(%^(&{>7RA z8_$R3AUQX^;dAAHk5Z#*V$1&r$RN4+HD=m+)tglQ@>hv}Hpnk$CcoOK&&;LcC6|6? z84gmMbqJDBpdw+q0z4s&AseNVVcn}M+mYz(%{{>sgSSMgQ@IZFa>`fBrd0yT>p#ey zt2+IwFbac4#_h44f#N$X%AuCVXdvD*%1^n9XcKi^?Soly6>**uT8&qL1Riy}T(pE; z^E*S#e9VpB{OnDXCZJl3!rfvxQHPF?$BD0J)%X?aiO62ODA91DFZTH|F$IanK6#jOmfIl;OD`0y zNRnSuiAngzIVWF*dbgtFu8%cftSQR-K^OwbhNe_9SAQ@#^!;a*NlYGIJwbAbmpG6L zwK)PjcF7Q1XlN3{J$nIxt7^x%IS;vZ=FN%;l^>@sF_4E5NOx}1i$N~*U}%XM4ZV{t z?sO#v|1@4ud04FOkuzs<=3K8Rw3P(dgTIx*%e)U^BNBPlgWPUZrwn+2g1ps_F-6D& z&%21gM6P^^#VheAe8D^*A0%X?Z-!=WIcBpZ`e{vLmHnjpQn>kUxQJr#Xr+-}fKnWH zVP7pRO)Lo|Pcqq$>u}XeM=!2SUs_6d8gTl|D^*-+p#;T6F^ zj(PcB%7tD+R95}qGA8x89r#5u>jFRd6*Bo{4%;U-@#S`R;j;B{*1UCf_~ps>eT%wj zJouWItJie`iD`%RfruINz=yvRG+G#)_4{&qx`8+ailHbFN-OOta2XF_wW~XT^%JuL z@Nv-DGSqF*HO}I=@EXU1pDRWEbUUlqcyXlyx7S3n^4iRrcQj4L`F$h`D=1E}c#4}L zv#?1*mR|PRXT!Sic$?u!iN20|qFk4@aKdIg^7YdFW}?Ot)k6x>@n9GmIx$K?!cD3g zIig}{j~1~;Jo4<`X zR}jO4rolD{#6s~BVXAeJmyK)$V0`5-GfR-}a^7O+$-0hvW^MZS z)fsMoun1u#wqQdgz$Kk#q8*{4K00ejZBEtu{)~##y+JX5^Wz$A2Uo|towe?9Y59?) z@In1Mb2+$EG>67!KFa*Nc&e$FAUhBnSfIf!&F;M9=w#||wCC0qNy~%hEM|60cB za)vpVcWpeI6OKB!!zsNYUrk@i9K3k2`o%9ERl;v^cJH_ zn}1EXuV?9lBA%E%hx}6DodYondEG$Ru=dgvZW`X90B=@3D7!2fv|Sob%?#)FDg&HN zjokM|<6r(xNVSnmPM>&pxglO)gp=%(VWqZW&fA0yo|lK~1df(=XGHsU|2+UvABYCj zu+hjY<(%X9s+uy%0nUwOS9wf$LgtgSzA09+TJiAxL22=&Y<>kJ=^4h2pyMD=0O2S! z|887iGNO!ws(-i6e%|NHX(&k|-GmvN2_A4QG7;eoQwmq84}G8l_#@6Kuw`4QWLZlF z(N(#NAIDA*oMAmUV2ANuH8opBa?V|*zt$5zw`JzKlLZ~4nasY(&b6@G1;2A56@Ji$ zdAo&}ia@1)iIrB)|A`fB34taD(@$9#K*bX(Hi#}oA_tXSNAZh~8Pl4#*LJYpyEoAqP0yaQlgmKR z#pr^)@6WH09%&`G18|#J7%KUZvhHAC2}HjSCJF)3A5;of;@(6-$2_R$ZUPcnyMjwB+I|mSrujN-4 z@~ft}-E-z58);3uF^>a&znXJ>X1t3Kz;_|AGFKI|I~oevonF*VguU0E&ZKV-CV3Do z2}fPM(=yk8(q$p41zqPD}V`(CILuo5dlv%Aw0h7k8?^L^~U z2sT`V00|B~dh4wVstt*#8zi^9k5E{wF-%|)RsZ*HPnFnG7(~Ql6sUf3%Is*hX>Yk# zt$p!tPgp~WUi{tFUty#5Qj!Vuh>p|_w~y6m^{y@*Z4cxsUbNoeP(!3U?f{Q9+e)}> zd8?*#qz{y!(FM}eq#KW+#OZc+Lnl_51XXFIGL0gcE`vr$s11CKqb-=3SJBxbt)Rh7 z^ZkgoPMj*G0ODV9}<1btP=Mx{2@Q8`{0L-Bn)4tH`c+WyjLT6yVdeiayW!_ zzE7z#Jkar%=aHpa_OMv1Gh&sblMhj`p3D1+S|0KG(_Vu11NLd32K%~be<{*^9aKV; z@W}S3W!|)E=(CwzVE_}+N)UK+dS(7E>%)B9H5O4GXVVCGt9?{4o}YsyLs9NlzrTk= zefblf2`t>-2iE!fNdJ4dBkF=&BI-nk`o!u}gZ~CLnbujF-D&&*4TSOd)CzHoj(HU< z$O>_1wjec#3k8EAbCQ^hB5#>v0u z8p0^#6Fo`a5j~+R74BfharW^4{>{jNn*O?mzTV(r0# zdm734>rkkOLMpe0BQFcz!6q!mM!#L%hi-Y8{q>O;vV~UbN-~_^R%`*%Ro}~d3R49k zO;tDfy+_a*=hjELVjZ#8#5g~7o@Ck}0dbp0D=t8icwS$@GR2v59igs%Ib`%Yc2?8n z<9Sl!CKk~H=IAm?p!X!E?C!=wK+fqEzFv%bTxoh`;e&AbhK|V#}No6O1u$(c4JmW21J-1ff1DhQR3=(pp+>;?w$V1V6=2 zMLFj08Jr{8 zGLBFix{I834;1``IpUbuS|$RBHawv(ggb%bBTonz&IS%J7lE)K&NLkX@@~zdV7nng zzSewSYo#O4Jn(Xd+L~&G!TLMJ;Hnu(NxL>jNJquoU~TnIxwp!yx*`=aobV@Fek(Cu z#lyKUtAnQ2DaV4N!U;`$(v<$A@1Go0wa`t}eBl_u3e(>|vw{wQVetp*{RNhf(s+PEH% zts$vEEgk@_&c{JAHaDsti#~U_Ei@Ii)tWnN=pZ3ZK%!|;XzeAJtf7(`Ki%XZ9R4Z_*JWK((feS zE|klw#fPEtID^9=Ow-2hF~@Cq^ep=EgQb7f_jP{uf!5o>KQOv3XQd4+K^_B-_LYa$ z`@{bxI^Pk*U*DojhqcG^Y`PC6m@pzLsHthk2Yjuu?K3o8SY?2`az(jCSej#BeLjy0 z;TdY~h|)c;7~(&%p88Bq52XaP&5R*n+#tXL!Ga5j_HhH0HXlQ5X0YMxBJg2(p9+b7 zKw|Abu?!+`X7XUeh)EO80(DzzM5`N2KX+LJqM0~fV6QSsAAZ!t%7g`nD9tQmzUWmz zd9}Q76DH~XIa$XV1VxP2XN}GanPH=e5)@7!$?g;8o#w{PPl}gaSU1HIlVJy9+@!v= z=*vAAO6%A5V&6{kGs6Gn2!tS};b&^B%ILbKD zxK2P#RCH1b*N;8Vl=o4cxu~ps3Tkn zX881q@Ii?D_W^HjYv}pu-=|j?hVO3}U%Z3eT;Ka5P#Z`1{C~H)?uYkxH%Cl&3S8ql zSSj%t>mhp5jbp+<{(X{dN4JoR%q|gs_MR)pCg3AS-ZW&sDv|WjdvMzo9=^hc+KL7- zhzP(V+8GjmWfZ`MFy^3H!?s91RZ^&jC5nvnr?~YI3TRz%TnxxqDy zh?@)57#fWd8&q8X$rWXtTWta$DV$b8#4cxnS9RIn3Z*s)!rzARbey|2`=J z#JR0S<8+I*I%bM*1|O9};COaQrV&XM9q0(uK0{1DTPN{WZBIgzBCs4DGEB$k{S^f1 z`j0v^>N2J!Y1FG+4gA(cEcf6wvJRnQE!%Rb=$$V02&Q&ydoo|PEGN5^3M}A_}e!2Vj!0^Lb_)V)T+m9$#(~y~1fcwwd9ly%xU5g` zwo4hwEWi)sT1eP=jBW(C99ui#Jn^kQK4RD4Tm+GPG?G~%++v^8eD&;WCW4T|Z7yXN z_2^zz=tso*h4x2Si=3!5=;O`RH&pl~`x7s_pfnH~=XB>DmwAe1CG}|-Ualj%0A?!{ zqmY5`{0~TQGa?Dt(4XO~)Gw{VSNpQmV}Hyb&o!!x_WgmDjZ|s zG71S}O+$xK0OW3@ixpZ9kFJm8qmWs2q#DgBDS#Ez9`(sC->=a3_o?a0pcTZao~BO!;=twQn<4ysi?OqaakHmK`e^_Ka4iM zi(z*s9+*VQ)xT{wehv{wJTc}Gfn>ux)XpD%iXA8B+eGhhw7h9G_w z(`FU1QE-FuLeW1BOjh#Z?3n417w*R)BnFIw)iR7S4xm*_Ro;FmFuLR9>v2O5W-;8x zD$v_RD$v76D9}Gf$L4%o{#Yf)xO&U^`2vp^=>j%{gULaCmkahm-ODgVB2^Z*!E?P! z2Dp8R(F>KLJ)y2g@ngB=kSj3|A1c`@kb&491zr2){R5->ej)QO=-Rr-^#YLGg~k!O zf@0qD3DfN?&&x5;>#rfc;G4;*DYR@~qCvYpU@n{~@L;>1Ve+Nib-Jv(fufP1L(GwW zVydNz4yavgOLU)v?O{^OZ5XvgS@FV~Gt6VX-z1+j={=SA?@$Im+&^_f>fX|QB_1HP zA7q?o;q70A_K(c|-u!6Sp1RO0SUcl7QinCI*Du7Tmdl?)s&}MpBu;~JHcq1uFpHz7 zNWT)g_Zd8d-V>D5*2GH=kW{Zkv>c^engzcau3$5wAE7K&gSz_@u#zwa7B@U;TMaiV z$s<&o7e*F?QI>rHUBnQZKsLKdSc#vf+jEVZ*AFTTViX}SGP&5mO;!F5n;NiA*ztPD zt1MA}YD^z+0r^IZiyWYz{sVpaos>94-x=r6Wxq0;XGwjmN)0@9 z;;lkLC#rdK4;8X9wr|**2!QZNGGQX|j?8D_X8rdc6KD*A84Ya0(>hF%9|iO#Ue-(SE&V(i!O1ES{l=hL~R& zgSz00pudUt9i$-W6WNej_mTbD2wt~NSU(a zqitFLN4mudmSH&@>m@9cg|J5R0ksCf#|m;wz%nGy`rA8;)|{bQ_fwr$^wQ^&^TiXQ zyhKHeWLFm#o@YN^$1}Blc;B%YqKKzJm`4zqd%lHeZmDTh{`5SbH_^NUYFgVMIdi0- z($jOK)|-NvMYO!$nnOSX9DD(Eo`fgR+Ku2+FB#4c)ipkO8bL;$#qTqA_7O&$D`~>! z{>IbolK$1z9dHfa*|sBJZ3yWG4nM)P_eoB{6U-;vn|lyZ9+#Bv;&QZI*fIoB>w@Pz zEXE~Y_QjLG4j@t95vr)=bAntRCkOEQTF6-sxeDHKMvZzSpMjnnJwTlKobxj;_>Zex z832P>+*}E>UHnRj&M2b3D#+*MzT|=Ggj%9%TNdcNC?OMV@vb<~vrkT`BScA0B(=`m zy5w(K{k6k)uko^0c69N1`M7%-`K!SGP3yOitV|$hYk@ih9J+9#kQ>k1!CxY>jj(xC zNS8y<30N(BQ)v=Y5x4``NJp^B5pNf@$}HjzNRT0;Z_`%JlnB3 z2uo$IV3>iITpzc(fF#;iVpA)Lr4FKDTuLnWBTkaZ!GfY@Pstn?;3{vIEbovaj|Wl1 zEOQL)eEI+Z5ViVI?fJQ@0zy-x33FReA^wR1N-24uQ#uzZ=msO(ku7ZQkGImdYAA!# z0;AL%3aSU)T({2xft^EJob=eZ?sAfezzp%M?=SYrj*GSgByqFYxU_d_A$xU^jIjzU zOY&`+|4Ixc=WlXvXk1rKSdzyVRsn#s?+{ct3MuCDkql6*gg}RQ){Z607`xKabSW>t z{yVEy;%AT)R$a5!UV=IjxC@nTBPGd`>{347O@RvAs0$~_Mh5OM_ra=nSH*(@Mnt;Vr@~C32fHqu~%1znN5rjz{|d+-H1L z1l2*Yub%MThL|KfBG<5=bA=hop&$2tb0Bw=?cK`p^?N~eLPZzqQF)r%n4;8Z?&s+F z;Yg@x1q+=Bd_|bnlmK6k?E{dES=AA%;WPn}X8rwq;z7K|$)1}61-3BAFx#2G`hj?Y z;ySyjv9OK3NcOj?#+Vy;;UpqKS@s$Fc@te6P~W^C4c|i1%7~Z|*>55SyBnVlcQ%Ip z7dbaIDQLThg|Kylz4w&zrd3|aUf-p{_F>wMJW|CEH4)(!Hg%e~FibY1+&&2TlNjl{ z(qs;bMVzw~;o}@zN!MBMtk{(|7p2umeX(-g^$ZWv3D?J5l_@v{+eJl}K7jR~>CH`9 z2nzNeHSQ#TB)zbN-%R4l)8FL2oZfC;4|!eDJn$iC&Bj&Eeb;>i`c!Kn3y%DPstx$m zk2`Z_zK70J;E~;7JilFNkFVY->pXGn;I^+gRGm zJwH&ao83paiY3QEJDU*kNzik_`%_*aFo(6?)RsDm^$tOmvX)jIZpI!C7A8I(+Rw`6 zAk&|7%-lO7ZGW)b)8^$Sh>SGsuOzr$iSqSx(T$6y^s~yPuWrvkA%|9>8*mHQ#OlzE z=Nhdb>d}px5=^o`lFfW#Hj|V}u@=1V)^2OlPt?&rx3iuFypIW4EDHl_ zI652`bFfHjRZO~co`P_u6uC&7?8kF>@Dy20erHI}*F92UF%=j|Tm4N*v1gbWFxajL z-u#LW0@B0N@m~rQ-_nqZBc>`UN%AVjBIs+GbN?khS3F@mZ70IX2b3rru8Yw?t;RSZ zGI~$KJ>Y}2=^f=ZeTWcNCMlaNSa!DdqvqL_VD@ZnZn3){89dh4h`vZcgvpbJDrc2D z@XNCp;WDYr81>OX0#~XEbxc6f7q`d2yUbRw&vnU`dxJ8K;dpoIpXN-QUWD;BBq{7} z*8pZSu{q!4_s6sfJHF_S@$XXZXzs@2H{14=F0L4OHFhUBFe>Tpz$lZyA7$;QaS_!m zCyu30f#w`n|Nqv>9Zd^d(}B23HHrFA<-7tIXAOU`nul)0-_HO}l=Z-YBWx)& zb$8`a`78St5a=je^q-^5EVzCc?LXBU4Upy&+21iYjb1chI&Y5^`M+VlK^Bh-M39z~ zZYoL@WyvYWK%O=O314f_UB^E*Gu>>TCUzdw%iiYCGv0N?g{`S9FI=~+{YrFPiH1mY z5h|QfAahl~KqRVp%)XzuTocb)oKv+H&X?M?4)gima_;lIi9D^YvF@1jzRh=xchc(*x9y*3-n$`Q9Dq%0y| zkeWp-4Mxjsk zBR*envj|aUZ5XF4`nFtSkzV`3(`FT^#yJq1l=UfW2ox80BLixq+X>Qmwc(@m(Q}-H z!&E#J`haj4fAios`C04;EvH`9U=PaRDKY|`~eL?SH_!*Qa z*-4mt_5Bi61uO9?<+MHzavJr}UekD`a@ch?U#2-4(%?-(!5EWbyO81~rO%6R3im`b zD-OHKM%VV3CixoW(@%&s?zzb}MrQpacrOk@p8;b1pI5tdGOKm>5*yFzIUL&r+h*svU{ zO@XNZVbbgbVTuzJw9RP<@?BW&EmnH@@`L##)h7HCexyM)%o;G63;3-p#sHUVMMKbPF!sOAPb?-zT0Yl-lE0Y9PHP9g=MrZLQ9^Fb znx#e=@h4WPay6-|>j#zSFB=9@-CM1K6~2AtBV#d<{_aXxVVlU_4)*?uNv2stmIO;K zQdJtU=^1N^O?a!(-y`UT=#S8h--BdYK|ro#|Ii=zx>aJYa6VfNrd7PxXnhxO{8;q@ zvIVjaHs9l8!X2z>)$2@jE~pmR9;xdJ8sRCTs8c5#YR{B|l#v;orArY&NGCTbt8;h03bdR@LJmrmwRcEK*V82>oD_>$v-THcx{8SACk_WB*c%M2&{&{DcPh?)=YOg*Vf2%5Qr0-;c zoK}VSu5Q@V(%YrCx3zBiMiJ!ivYsBWh1f&~1qgYLEY^E8%!dgj@j!L$;ciUzL4Jsy92B%3Q30T8xjli{dU>-u2OdzT37M#*@<_%)n3&?~0kYyT- zqNHZTa1Yus7Zq&9gInP(A*x2mO>zCd9x;~nX$UE~ywiYA-3~Fg@M*U3&G|66_JB7C z_RQG{M3gHOO>rEKkwfMefakXsKrJeoDN!#Zv@sA% zDr_Ty2BiSOLgFA!KnK%fcQm1b0y7b0&31VL*qt`F79B&-Gov6C!>=9fWF*weS0jO0 zUjy`rkR&E1CQK~b(sJ-8ck-iE?eq6MchMm%wKVIOmn84Ph_k*_Wr;E&7NNdLm$h0@ z4I2Avn2FAwT%;`Pp;%yZk6H?kJPz0|3;joHfs>8}4_>XaVP^HF58C`%cV@ub;J?&j zer=n>f5u|pRn-5qMXtdmGkeU)h0i51!w0j9NB(boF>~q*m;C5^(D|N-Sq_SzR(@5P zWM@cNYx{R_5XBJp=N&+q4#YuH`boND1hRpla`4AGMkd$4#v&*aZ`*26&se?S_Ln)e zTND(+!RMtE9;t!%zv5z(@uWXDTMkVE{$CoR`ppsx1*RD;RLiOP1PL43}|ujpb#6Zl$v!h&icGu*hW-i6aEy?#9Ud zSF(#9&QJY9Y+vOd%G>|+-xk|~a-Aew_>qnu(d!Pzj@0}|E~@_@xv2R+a`6t1g6=Ja zG{0n6FWx8u&YjL-A5m#v$4TdrMF4)5D^DhRh=Ge&N~SQx>;EMe_2+gOCcoO3 zsJjHC*FYk!H80avirZ?2XxlUotUykD2Two)Y=c_Q)J47eCcPzd@Vb|OUUBVI+$PbA zS4hT=55GH%SLeS$LrLU}!}z1kj}tcj@en55_)RWG0xypg zMxiUbB}zc~I-IJ;d87le)Tt@uXGjW;987G`T}}D4xbu;yGM`YPT`EJ3)DjTxe#TW{ z<`#^;@KMeg-5JB(BtE3w1Hmn*LQTV({i4rNBw@wkXR4bv@TLH)*>qEV6ni6!#6I%- z%!2D;`)5)J?A_Zfke4zDI0$iqGC9!&j;78ot6KgdOt$$9Tom7@NLA4*qm%5)Bbj2o zBr{tSv$Y90n8r35nz*Oq)7gkkkA9j)k#P9eUDP);sqn#;wmzfam|}Z|-gKbNji>jY zd=jNHIOy(J*JZ!K1U4Yy5{^yrdNbv;sU@ z-oiC))6+r*0><2$#a*-2ywxs7;${-?XqpC_I4g4Dq3YB_S)^ip*=SId%!a9WV%hXD zZ(-CRhKAGs!xy=y{<9P3zT>U;CotT;VMTU?$XGTL#cr&xc?`EX-0znsRR@RDtNV&s zMK_ljL^uC?Pd&@`%m04VO}5g;1lM4oJpn+Z5aUI;xxCt=Xo~e1-H~?4p_QY?T2)1` zWEgW%FoT%AQKBBSMhehk1zWL|V_#j#ZbS(XyBIA$vxtf}gGwX%1A99(u^dUJHY|Mo&@%lqUl zgrYf)FkP2xcd6LEwB#?Dy{D!T@jat1|Fz4Kj#2SLDCj|8VJCArt^K1^M8d&1FjL;k zX8o{kv@ys1yDalxd~q(Ju(A|y1=3Mpz&0&J!T#;$^7Sk7i;{sI`2d$a4l*4vk`&bW zHa_$c^QrDAm7l~%N`;W_shHAM?2rv{ShB!M(k7N%uvwe#qI%167%0W(VXSqR`FmPQ z%D^&>!I2<2PgRpZMuH|n%BgfP!(`UsuiuK^J!Y%i!yU14tGp=fg0A16RYhVj zV=MW6()YMP+>=ziX}=W1D4QsP2Xnf$bbBkyt~YD` znc@mtAK8ZbmtPz#rJt?67zy9`zpGR6-hMp$|>h27z>eV zvj_+6uQE5Bf@-i0qTCc$(SJEv5z z?$XKIpsJ}RsnZ3D4o+#s1_!|HJOVWI3~AKbFdmR~um+0V_D$%;oTgS29p-FnD~+#i zH0&!VKtRO#Oi2WH{M4b2O`<#U4HkefD{=Z+vRGfA@Wt>Mpsu*a9>W_;;MT6jpVKZ~ zQH{zvvJLe=Ct6l5f#GjiDo6w?efHfbaSwjyy)ku}Q3&NpMDM-`wgn`+M;2CPt%|r+ z+I3A9Zx$-x9s{<^3T~#(|B8EI;E7;I%L1cQNzh5cN!g`sp!u(6eH`>{xV;%iwnWF+ zS1;v%$(pt8D!$6h)^uAzTpa6Y;0^ed8?&U78XUAxk;c*Or~a)A&H5+@(#kUBc8P$G z>9GmmOwm)U25Q1(k^$wP8C|OdPSGA!Pr?!c3o<-=%RrOj1P($1vauiJuhtFI!ocGk z{DrLoeSu65<=}9y1@cFGY)C8`O1;s&Ju0KXn++i%q(YpSM%51zD48TZk^&Bia%5y~ zwEPnj!o z-x#Cmx48J9s@R92^cp;6Eq#Lb576lS&n7P2fAqzufAz(v@7@2m?X!~MKcjItFzGf+ zc`T&@)Ue0J0L^s4vx-G|W~|}?-GzF_=~DCJm~qi)WS*jcMK5KNK8G|0c@|5GlmHH& zOcifSCbJ+|N6EyNQkeV@!{m-Z&LAUhV$fN{FYQByk$|BHi2tdz=sS%oHIcIgfGR@@2lQFZzR-!1mLVDbJZ%j) z`6EZ0Y#kD&4Y>5gBP(yuVsN-(-%9q7yEyfR|6vDxKSUn2q;Nj3bhy%Rph{oTn>AeC zIFXDwr9LD4e*k0RvHaKN!`E}xIBOb_U#=pQNWFVHV-npxCXnxOJB<2ak?v|{U>jx2 zJ=+%V_$u`WwecC#krrv{air9WbpOV(GNPT0V!mh6c$p zlTFF8+>*77a6Tf`Zg_uuaQTWVscsDS@qwH4aSQ7gQ5y7yrcq@cYarYqY~)=ux4J4q zY%0U(kNA0cdG$3$v|>l1&dN8i+|If62!=5bnyZ~wepMIr(O=OxT!z+eH0?-YkXm_U z-7jkLnm@r9%N;ZSjzqdvFMX|%8iOl_UXlL?A81PS_SdT2Sf<0+R#Tn`aOB`&4E}ux z%=NJv&|k;d+@X`MK>jyO`yux<)pKCf>n#jAM*PMoW_^!`)fmI$Oy6|3-*{O9UeP@j z+m7z`dx;d^QS0CS;wzNwJz@TO^0&V@cYR!A9KdzWY&!cEGPLHRXNxQRTYNCOwXd0w zrMib?pcfn`FDYW!i_hJoBRj3J;i~Mju&d%Zp*5`2)T4k3IvdwfXvc;Vry0w88aej{ zu>)g0gi(|<3%SAkOq)$_WMnPg|B8aP4i#J*Oj69c(&{3A}qZ3y?ZTGZehvo{P9sE!G7OjfUPjRAp9Y|TQ9(_!JwZd(2dFK z?)5Hi*VGNQIb(KVn0ELL>PPZrQy z{(t^rqc`6l?OymOtL|_aDXnk=ux*&QvgnDtwm~N;BuN+kY0?zWqfSj(t=CD#0Yn zm-}csAI>kZPhg)W>_gm?L{(%1#3sPDXBkJ!v=$fq!lZ6C^fYHXE>EyZA?0eejITcr zi8{&4>+~C5lB-44GdLJ7%BwxTT5{x|JtK%vHK9JtJ~2j?1%_l!wi zX0@6)vNNs$i~So=62!{p`_WM7F~Da(AerM`tyPCHz0l6j+uL_QIG>;amkotg!2X)6wA>JsSSZqc#ArK92v zN+=86Od&7a+YPftop-B zwjJs0yQ?=e8m;Vx$s6i8aY#ie`Nr1w%v1%3+tF&xvql|TG+;eIAq{bO69ty?JR|ap zrNajp<{-&evXBw4+kALm=+2=hYU*c{6hv$`iYR85t#w=BE5vkEjfmVBzW=5MM2}ff zFchz3p%7(tP|@fc4>=Shw1CiXCDoWP1Hn^MNqGou^Bj8VCBmRsRFt?{*Zl^~#I=S} zy>5kJN4tYZ-uwCSZ?$1w~Y z#u8Giu?V28JkfMuISh39HSGR3v1N1a0R2amNgfK4oY}GJrPh&%wQ4hRlyo03oY%4I zc=U@VJgV}cdh&KE!TM>CbX-N`1NMG43Q+o{&K0b8H#cu}@!JgU?@nRbhNg0hIcYIC zc)-Y=2XC0f*R?dzZL>atNxRjTL4V7Bzrr$BtD)T)DZ)8+QfvKDfyd z`Q+s#hZepz2jsg#F$SHgty~uT%H*oGXVxcKNk5u^xdlt`M>#_+yk*)j0Rfeli4RLyQ}RL7LFHHFO2y&W`D%oZB1jr=jExWd+s@k7(Ns1T3Kq(Q zpTM!CHZ0o0teTwl7|PL4OCa7daQKUVwnz}rah}Htwg0iV^nu2*of9!k7a}}Md~Zx) zXR!#~V=7UEzT;(}=22hxx8Ev#dOU3N zFyedfA%UQ)t#VY0o_JojF=<=%aV9j>Rr zKeF^ilWRz;_q+;bT|6e5X{o^qsACA=9g}MO@=X^?!29ia@x6`%^lC8U0FlPQL2!;s z9W=@-of&YV`sVaP48CpMo$YNszHUBGX9hcVwXQ-L3W#|j+oEiV^;BueBII@O*X?t$ zp-yA#b;Mf9?88;IaT3m5NC(i4k&m8+2;>tXKySKTGlH28m-6`^thUlhS5T0445oZq zJ+!||U?*MkfE9Ev*p3*YxZ{ie=6`u|1kZ%wy69zo;_sLEAQ@TL=MsDdVEmJ7po>Fk z@6uqxlolET-N=o9>kougRl-tYJr3|N4&gZ|whPEczs2RBnhhSE^-90y1JhsQ%`0dRyV_ z!q(=$j|BB_{_ z4p~gwjB-TbEj@KmsZozkYspb2j78@Tru_vA9BNm@+NXP3I)R1h+H47vgO|jz*n!7D z7hB-t9o+zCl8%EY7{%^^?;z9jd@cl}*u5-NQ<5pf3V|GySks0UU`vk=+hv`!$7UIH z${Bs3?;pgE9`~$!aE|fe^{~GR+pLe{+xVR(va~gm{fzNuxLcf%JJJ}0{V*O;G>EFH z8hd~V-asvY{+`v_IC3)YL6T4QlN;tPFb*0Dew*fb~?mlR)qr zSwJj2LP5&@{W$TT3y#e%;bIdch@V9P)02P;!!(Epu&;6^JH2LU&z zVsA7lZpTwwGq~{O{UI`BOD>hFmCUD~DkE@+IJ`Rg(4H!XIH^TvVf0p(ND=^&BFlGc_5z%q@KZ%DDSZL>Kd*c5Uc=*{zxrhuf7XMX#HqeB% ztd+q7YSfP){|ip^m!2osgEid4TRZj+a?nXS^3TDL80R>P3yltA8_ zzfzza$5jt8W~cX?P_BDNiUghN=NS9WK^~cQy*Q1C{-{{ zX9>mebdQrZ_dO_JSgHlmP`aRwe7#cz{nuLY5Ar-olJP}niP`e5=&YI>h}j#WB_iEl z;(1KT&Qj(=>U-@o`^eH?JQCYzuT{*(Aiu|EGI4ruzY8-4Kj8n4cFX<+!K+)Uzlj_6 zzJvY#Lwt2z##}NPMp&w#9kE~;B(*8Tdc@gP<)%Xx;vx*7aSW={Kx6ln0m)Gpe zAN@u`^rrRp#C8+81|sj(0}THzVe>}MvUrTMLQTECiFGL=o?V8Ek1c}R?}P4of<2eU zaE~G&?Z$($krx9e9Dge3Vp3!4f?N@ZpzY;SNh(}DwL9&ihyYG!%G2qEkA0d(3hJ$P zsF8I!s$eA?;@k);&)QtEMeq>ivJ|(9;6~Q|eKomnN&#x&E;GXGcv$Ubvbr4VH5k|W zgW1HO28*RqA8xG#S8uQ_68|Q##ZCr}qKRkXa*a0xZy7sQ#C3#pW{Ef!?iwH-vil3K z4$66q7&NneZ(7r2=UOvBH(*<9fY$;%Z~3DM!ex$RhW-h^t^fmjRWZk~XAhi0FCkJfffd!^4;^Y~gW`Lxzua z3PpB@X`yOgr6#QkM%$VWi_*f=y7xea9Lvb)SKctdh?BHC%1245ZE)Z6GMsjSzsN)d zrZW2E8EOxJregF9jgZokB4pQA)YFkfI~RjoHr0|yiinsPJ@&`SaumHg!_}HmIJyXk z>=d>}s?FzHqIY@1Re!RUVwnh=NdKhwMlGBnt^H%3P(3?Oo2oCUwgKHFK`8JXlBHyp+il4H!NoMz|EoOKlV+R>_*#LH9@ual6 z>cYC0HJ@f1w(x7QK?*F8#KpBsubqBwAZQLrpiA4SDC7HW8u>*cC_Es@lNWOqHThwy z9aiiLO5-P!%4;8re^%L1OM7nr9{AqkpEJDGI^ddFU${fF{ZeV;6&WzY{7bk57=-EP}jEHCHh&r9@%MY2iWMw6@rtd=HJk`mXVPxR3iGJ%Cmgm- z8!lsqS|-^EixAs~+&d~67&w44sbyXQk8f*l^6#o@Ay7%k<6Ecz4o9%|M8qqRLK&XN zcbAe+>B(6ssDLHu#?iyByaqv;xaomXm}gu9lTDR3?2a-{Fa&mO9AnAHnodZiEs#ly zFQHl&;ojzhzQ9$|duEmubBLd#7{mIWN_ITTTs+!!-g#*qh*#t$l0gt_?CK3jmqK>_ z-_%|RPdkJRbBAT>9!$cw?rjl2 z_!3qCBO%A;HO122Wf(rHj99Ww?V@nQ9nOd|R)ufcP+Y7PvvTtbB(d_?mf;_2C;k7Z z{b2N6{qEtvWVT#>E+Ev+(*VDY~L)kynUc?u&Y}n2ta>b-e_kX3` z>RZ|a>lVGRcNv*e>!j`NVhIhY|3}(ejl|nPbc}mSc9?DbDd)0dEM5tXpTAlXY)B^G zdPv5OjYmNu>{3e?;|Kji+2xlR#E(BcMf2BzPu)#1kF|qk zex6YzCOM-DL4?ctn3-j`mz4?!{SE`C+ukd%*>Lmoo2|uZV@PYb+im8-~ zxy!ln6_**CwL{qhjef&unDn~}x* z3hwC#4vWT>Oy~T9D{%k$Z?HgvE+rsh{6kPdorY1*q$&UWizD{;b-m(a1*noj_O{OY ziT$40+$aqn%ygsKS>|*yxiRT`^LvR;IQ0wl?&*E5|6=wdRW?=MMe(0K1?JUYn)YDD zc0WVmn-Hq)O9dPk!9g#;+MIV!K4RF}9mkwkv;aP_8Jl+5wyJd2-HmxPnl18i-Tg&Y z9CiOg>`ph;eAi+);N2@)zwxDRp#CLx&WZ#C)iAUgD=d}sT3jz$FW#%|RSJ`{%`lA__>2L_qNzf@9rA|##cq#G254PD5b@eeH&MCU|lp`cqm5ANUt>`Fx^4ZQon~B zKZ?7%yUXu4$i#F0``(6!|K2*#FTwdQV(0iK_O|N1bL+{+A&if}={&Rr277OhfuX%|PLdrH8a7QtpkFrGVAH18;fZv277X?}||svUe>^U?a1E28yw@ zK4)So8X)tN+YeXi3>Flx&L)(1so%nGbgrKvcsajQ8~br;7Yipsw5Y!e2!mJGlAG(# zMx{S|u(DsO&r9C|`5|6j3uAS4Y|p$xm!2N0qwu#mIoV*z9K#zE>%_b(2n4>dQ{S#n5(_Hfisb+1^K=k`E1F;<8M#SR!xkQb8 zDhb_H=&3D!(lp6h@JS&SS9S!9JhOyaT3cA49`Ur_wd)s&*x1qwXUdoOyL$K#P6c>&@T3 z{=#N_D#S39+bon0(85YNcZ?>VDm?KYxfPr`-?21g0m!*{0qS+ANK?)k1%LjcMhUE^ zZYSnzu<8%DGJ~dDt`}su(y2MO3#7O{`}XzgO^y(Fj`{LW+c686Izw<(>so71o-GBB z5hWX*5wBH=`FSFs)V(b$8oGacefRSTwhdNHLk=^I@t%%`3Q)Xrvi7V6_4Es03B4^- zU^#WS8Uj9r9*cSbI}RG8ZJ#Es$2R!}YNMg@-s!I{b-9KDLRV0Chc|pldB4+uqpB@2 zReeGqYVzLkVbHcRZ-<1mjw(Z1dV-s?v<1a)fc z7>9X_INXjfsB%K?;KNpoPe#Hvvt$H-oX*r^UsHHQ?QtmuGVR8&XeUy~?qIa3dr~=D z;ZP7_s(r2BV2O=|;x|?+P|A048S++JB^Jt^-BO^bjNu^t;FI!i1rR7I`J^qZ&xC15 zO<13Y{2Hp z18^f2t8mrzDwgp<8fby6SAkb^!wv6e^pD0Ye*O^7*RU(RDZmd2wU}KA!kF=Yfc<9u z`O?AKHZ`AGHPL>@QKc;i>fTyo_u!6pZ2P{`Qv`Dj3;q5WzEc8)*PV!qJ|fE4-<~&i zUKpG2A7Ibf1r`4X*ejKG&e`OLh8M1`ftq>;E$UtAFZnY}7s;Psd!F}IPNKG0?bfGk zU8`(sz$rUGW`V~}15MpMb{YN=_NzRLrAoB5RD(k6e}z3^4&R%?DZuQ`>08*@F=yR= z#I~tyXOyyH`ZzS5fN+kUFr`2>eFmJAxyK!(UB~{(KY|N43XHRbTv?4rd z8ve_Z(>_ta*QFg$0T>o&7!f_+xKr%BJH@kaihs;s^r4n($S^{?Tywjzo!(%)h<*d2 ze)0VA>L#=RpE7R;fOxG3@15gs`4NGxeqqHdKRE25K1rrO#@aAp=K077@^R01&}QuH z59Ug`*awv03Gvf&k`3NDLT#G>#K4u>T+<2;87ro0#!0R642~h{=Lv;5+~aH0=%Uwu))&{=FMYkQy$B#6=~3L2IFw8c+rLHj-d1W6nub{c z@40_dSJ+zWWLnixVPwjcy^7Rv=VjM%6mS2yJ{85Op`F&tukuSQU)?-H-7}mec(^@3 z1X4F-84lQ=UNXx_ruey>J3V8JNuaqe)wU8lcj7W=rZ$ac-BEsbAHmI>1i&u5%$R7=^J;o)*Q>4wd_F=_fwC3TJcf|zfL165DbYc$z z6e3-;#e1{zW0Ps?_bS-Od4d5lhqPg*3&Nvd_&njgcp{Pn7H!0dWNey2NpZ(yRZZ&HCQG@ivt@`{DyU6({<>$xwg% z_h4a9k+NQ=W#2GT`rD_;H| zV(#ZX57fFu(y`%H*Z41D|2*_2`}rSYFZ~a(+lxi;Xv$Tc*%yI( zAx&8rq8?uA-DoB=(F-k1Ll4Ycxg?^|a`Hj8T=ISoG_R`=1f7Xn1>?vLS*%57iOWmx zVPmLEAP(7u`)y-S=K{AYJeIUv);g%eQ)_+w{hZJ3if3G~j0nSZ=25v>&WI^M2p;70Qnm{;3rlNTS4S!5`LSh=sI0n{@A*{pjk9dyp8?XUh)W3 zuf+$3dMDerr~8cqs1yX_RBbNT%BuC;f0NDD0x8^D_Nz3;ZXP&Ixv3x;hqDx?QdU%b zS3Q-g*w#tn-%o^?8yxw~F0Ql+v z(+TCMu8N0W^1Jz5%$?FZ=UWwq0?ZeBCQBh*WKgdqR-*z{ih*p^hgizw^kKQ#( z^Ciri!(a{V^9cjs$y zJpZHOmGQ}NNbQ&kq53L5hRWM>5&Cz-8Idjfi=cGyu;}geu2>>7%Ux!!thVx&v$S0I z5AHvi`()CJv#Pnyi_RsRVTO2~T&}tX1SW$bw80Y=+22FDi7;QHC zwAcD^rnPv*c)*HYV|&EV%aaY}cXPRWOf~NCVQlk_FE4(t(VS07M1uTh=ekWpEN|hp z7rY=G>iG(e3@8H5)Z=h7(fzmT-?LLlAO)8A|3P+OG~$US@7J6eKdv5#FMojzcqhck zNm^)TC|*|kA4_yP7M1*wRwFg);O<#ju>=FfO6d60#l4~Y6yM1Hk#{0McemK`-IdW@ zM&iZ#N3Gi%u$#OICkEc6XPbiI;)346eR!qyL2Fs1m;*aCW{{SGE+)&>e~|t1Rtupr z-rOZ*8C)@ACnDHY>5Erky%>M(CrWY|dDGmv6S?eQ>RD`9ril<5Z2G3lifDxGFYNC@ z_O#lH?I3tq2@{oQ+8dTkY_pVCuF9g6wO3f_LlAbnZi~| zrmM#N5!XY7vD)J-%lfqA5Z!9ujlFr;-x~Z8+$;GcUY? z_MLBYpDYbxmQ6vmaahnvuHd#x7#EHcd{!L2KW_cK>y{XHFohg(y@NS z(}$@TL51Q(uexm6cWN=+Va8k=ZTPp+e&6OiqLJf1dL+vvWp1$wO@OPD)3>OX(K5Rv%r(>Z8JQD&|>QVsLfn$MaEOAwwiGh)(CC#*4AuP?-H}PVOLIO z?qIAn8B2WnpM1q(p=<({Jv|(H25=@YE?dWHuRaQ?)Y(qHL_8@~z9)4)eR(sWDyFLX zcijFKR%;ji-O(a$SuJOemsI&(KUkiZB}l>eXiYRNe8-|_9r{SvW)mcU{-pYtZJSDG z!9s=NY_y%%gf0|^Q{3w7)R!mxm7TY{h3!1upe*AeyG++cx=#!VjowZ$5Mhwkh+#@X z_6oJxY;@J>uLpIp+RG#8`n&396=Ph$VyhWLhQF+XS@@Ji1v z_s?HO5~xF@PEw^mL`$%u<1^4~H$=x+tR}Xs)YkEuKEp$=%G@T6m8@jd{boE<4Ypqq zn?~}pty&!uW}=bvV6`Je5IQIfbak~z!kf}(Y5|=(4y`3?f$#5wA*DDIZF+_knqkbe z`pAs+p`9p z$R`D(KAcqP?*i#r{bGOpBn3UFPYySO;hudLe%W3Av|VXeXK=GBS;%CH>bt?TOU}Z* zO605jEyAGp#+1EPch#`4Jcj$-J>E4tsmjUV2D`I8r_XNYI7_;=Mf+yRJrxR- zye;$nddj#@3L%wu?FLV?NIg-pQHS{`jJX4_LY5?>H1?kbS7TZsK$7NflQenJc?D^k z@e;kPElFzi`K9J<NKkRZaA1Aat6L_t*)(Y=4{$~L3C9VyT!(aXB;;X+^Ri$c+Ec1UL8H{ zkBmgE+*lov$`n~(6&KZ8UtQKT_a*ZhTh}(OF=Yp}kSK0w{>K85X&v6D6Ujp<$&;^Z z-^i|+4(#AS+v4wUC+K)vindP{rDJP)^ z`mzWSn@17pWM-PX8xutq7-BxeM&(VrpVOB>aQke$aC2D_uskh(oLnnvZt(9oCxKGg znd*v??mMf^O?+w{52#yyn^(e>4ng&>ZODwPwrtBY{)Cya)MR)P~@gwZN>rT3Gt#> z{p_o*fUm4|IEqch=<0<6@+q%rf@zt-&C7s_r^!~K8H1%6U)V3`S#a8r%#yP3wQ4eL zHSF&f=KZBy~bonv-nFVE~yGK8QqRNokv5LFK4&dqLs=1iFeWvPSHNnK-DHMfT z=xYejEqvw#gdy9)>0V$!ETRtXhrUuzEqIUs=UebHiA_$ z0=5D=JzFPUp1CV@hQdU{U1wt&-u;qIxzvu@6*&QM+;CUWE@^nJp>QN^MJPoH?mfjX zl@Nx#;{+3VgSWG4BdTrqYB{dloXu>sFiC#aq%jTs!AI0UwU2{O3GOHzeQF*ZuJlRMrKeelQ3=?O3pg3*lXAZ$F)R<}i zK8F|>x1d&#@<6bD z^>-g2pv&ocMFn(Fa|Qj;jKd13U`3>LUNTZE?Y=0jpL8gy6flnuza-`mb;ic19OaT4 zfz}`s8?|cY7}rEzr~_zJR*L2y(WB^YZZNvV|B2WtWr>PcQKWfd4V*bCC9Kwu|8S;b zVUG3lI-Z-GB{_bu>*prHA$QiWCJ`q8)CC^Z@Wnf^mYGVc%cL^8IGq!bb~cTbFpq%m zugpDE)i6jO?8-7nd7+5GKX?9KIoN$Kj`#QyT3_l0`PIt#!MkJJ7vtaGQDVw09A)BT zLDwb5Y_Hw#KxzN7aCm;P2eNJOA@Ean4@T7YDuQ$mr#|%Z;|(2X?(h(A%Mu+N6sPR4e`_%()P2! z2t5)Z=5-pGDcN}djrOG)P?t-ixl_yMGi8x}$M=l!YWBjf zEoi(T=O%nL;j~NSbsON=I)y}W$F#ysZ_ytLfmI> z*Umk?`(4!=MlBHf;I{0virXl>w#)qV_KkYa$xhKTf{V?z-5F)mE@14|`w+WSzjlFH zIm96Tl*YZ+YixdKMc2CvTJyO z9+nvXaIb_`%yajDeq_wyUInIF}O@W0;8E5$w&(mv%OW}X=ZX2?Ko*0LO*=`51|N@5yozPUgz zcfiH;l9ySAA2HZQUV)33atkeP5js47W;bD2@nJ}S4|SAN_&vR3Eb__$ z@v7A2Aa}{9{6}fa@atgjGwP5D^7VlbKZ|*c8a;xr*z&-Y5u<=%s+UzAd((#-cC#q& zEg}aJc^+PCPdyuL?dI3)my4gf3ZVV5>y z#M5Y66A$D*RB0|XmUvhps&;v7;6Ggo+3l!dv1EKEZZfM8-O6c2^pljlsZoT1pwpv- z#^p*>h4!I{*Dy6g%x0!1B+00yl@s?pl2{T8GYhm4fltql&q9Df8Mu0sV_I702X1lz z3sc%d3P5sQnurXiy(oVcmGMUT9|W|`W=rykGyoN+|EK}4He zReD~(j>2D0=UT1%?oS1;@I9`hjm)T^1~h?a1B;bda~-7aX+{jG;gtwWsTF^<;77TR zsWzt{u8ka`4hv}gNK*{V*t%yuYfd!8pHcG`Qa&mXEsXOy5?ChNsw@ywj5hw#XQbx$(W6oDiO2gNk-`7{R-C@sR5673*7wyN&Ku?xmT!H=(5@d9aa=J>7|_Q|GEyhkzK>a6jZev=r_QbGkR#W2DAS-G)3>v$8BIU7 zEdElrOLNyQ2KrT9^4gkfV{@~NxMGJ)iKX0zG_|-M_z2nlF3~F#MjmEqpNfknnO+)U zR<-@aU-_t7H6D=#5MA1m=4io~XBziCBojK(&1d zR{i|1?b|cBJKT=L`rDI8T=(5eXOB8HP(l+F-#i9TynmPwKx~9#R zRe*J9l+%68w#!R(Wn*@k1WhVgTkUHi0qS|8=LODtX;rBNP3{ut5Pj$Avqdp`xMxBs z=l{PrL4A7vQP{8shco5pCWcbCHp`bKC`+PMUA`^7Y9vd%27h#lB;mm5 zFE8>!J?D#!JPNck;HgjnPz2wrV56kv7gy>f3&k>s>!26?>r-?Zu@w=O#3m1MAmUba z%0)sR7RcG>zM(;rCx0-r;{4#Co=Jp+a5+;;{G5dZg>`0~JSSLI?skOh=bwd%w!|VB zyINs~vUrV7KHByP*&YTF>F~R};?iN(RB1j?_c$WyW$X0RmDyxr6kZHKSBBPOUYz6p z0vR&&rU?h3ePe*Sf~ zIaC=|l8XLUA6B?8L7&mmpF~(Dnym4kw3tQ--=`gmUS)D*te0x=|CKkEV7d=X@wdgQ zj|GmO`KVh^%6)dL+Jl+Qwb$JyWtVHd#{UUuTr%>}`o72M9%cyi4k(RdN4FaSRm`pg z_Wizv^C!do(B@*JDs46ZT%AMg*khW2NKzaC#(>b3_x8Kfh2NSfvo(k<$3xIJc86M{ zZSVA5*Pf5D%g5Kx2e6N?{$p}Hbj^li;X&jElXX3)h}s)Hij;)i67u7*aWRCp4I74s z;h`#R=v{MWBM-~a&&FQ!=p_D4Sy_@X7v+^cAtQI3-i$JJ_vF|Hy+|SzkBQJbPUc*1 zSE=0i2R!`AA^sLhy5vD@Fb_fpWL(^YsohHPhft|YsDs71D`G>z-P4OjRyzNIKb8G| zc+;ps5~o7uOV=Y<)r;}onz*0j%rsl*IT!SJyAtJe)|0!eyRVT#7iO-;S_P0)Y8YhQ z*)SvPNRn;TJr{_g>KgwxQ$j=sDNG_Z#I-EKT8NlZ^PTO`i9G|a+y*#8Z3eTX2ZeU0 z5$dnoo;+bM;d}wi09gPXBu#Q_%DVa%`3e4Wq?=Rvaz9+7>9=2VX1oYbxa;`?II9X~ zn3pYxfT#4~_AzO3BNSVp;%)D%pfFyW0kq$@gxfFz{!eEs!UxMX7Cx_UQTh$pcF#Ba z@_lM#UK0=J$kv3Rzs`vCx&zdinm^`JpSRd5nltBnW;^moulS8>pt*vzYy(s*q@=!U zh>gW(H|p@w(M}7;)`~%F>Ed_pW zo7$7Lg3~qCYq6UCV^UgA%Cv^5^%~+aj^lzGd}vam{GuJ^c?H#H`fo_GHoXm^Q!d89 zh#A$e#;8Hew8YHl3C;U+ZIP%wSJ}ze4ywUKCM$S zJNd^2)s$}=@ns5r0JSlyRq55TiV&=-2XqG-DdcUCY#aAJl#m>~Y)(KQZ@e&)2sg z^{~^wn{Iv?MtmDHHC)3D^y4CuOuw*;)T5Yx zyFd=5NMfZ0$Ny*HV8IGan!t2Viz&8@uQ1(wc(?LkJExBu0?{W$6=@*IUIJrf*KXUf zzsbLh_vImH`zOR4ZPP!Isyz^g-NNAYqD@(~e1Xze%}BLOwy1ZogSDTVd1%Uz+x85m zbX47d;`(tkrH$UW;m39l8%k;{AU-!=7P%J$nXypSt;z)f~Co{dD z|LF!U9dtybg*1(*Kj9`-`D*>RZEF9;s6(qDC*KH8`IW&=WYql>{RWzr+`0KAskIOG zc$VSU{bkF~@WhwmkKn^9cxjKOaN6S!(lE7+z`duai%@)|HVoC|?~1qUus|Yjy}&<5 zz@)7%Mi1;Y9%kRoY@&`iw2-c9NK7dyT?~5u7MHv?x9zf{+9VmW;djouz3?{A74XKr z>g^|_!m8f;v6Rwcwm`KA%}tI$j*AF2c(PwkS(8lgVfcAb*~svSojv%mRF;MLQc){- z%K1;6{^0z{9*YXD2Eo&yicDK3PT}}ay~X?lMDRF`eK}W%y2|1|D*a0j=~h}=V1&5d z4Ak&zu$59!u$03dalcfCUTXB#k^frmb*M^Q$obh}y5U)@8Anofm4*`?$l(QE+WM*b zawjp#_YPIjf#yXVz}h&vF} zY~XsMJ&c?+qV8Dky;hR=qs>zpL37K#mG2AXs$Tf2O?hTTm6>;H6uFc~a=lk_mSlJO z9E+yY5Q=KjWfX=tM8ZTJ)jh?>FWop3yKeW9ht|v0gdPWHz(Vr$DqS@FgwMzEadUMd zOXcS2#>8U1HQS>ZGkc#$x5=n}T|_JF?cQ1IFeP9Kq%}IoPk<7WZ3cW(TQyz?9KC8p zZx()nq4Y5^!gs$YSf(LOFXjVtfoJ6a<56smugKIYSy2C@If!zn^;!6{%u~vCVwI`@ z6^hQWO@5qAXL~Fi1W$OZXdhZnY5)?4^=okhQBQHrycrWLJEK}$~s7#~U?Ag`w zGuTh^QP-XbOtQbwn^H-ja~a{mR?o^=I>mpLcI^}+TTi>}cZg)o*~g#z4g$cQf*Dg{ z8s^^K!Scq67oKV!vOkPVA|ReM{#>kP+>&@jsH>XySq?lf^L#W8oh&oJ-(OLhTE|vW zHJMI*&GiI#J3Cqu%LZQ7fGPNy=%OY%T$K8nd-LUo7YQ-+)Gv8nP=}7+F!M<4;eRVX z&k{2ESF0dP;o3=Yoix>*YB9hTrUmYJq;>CPZ^$w_J3rUlz3iqIWk=Xkl4bXs_MZUv zmG@9BgW=5dX`19PA@HtLTOEnxD}@PDTnXpDB^G~i9!7H-qu9#i|Hw6mAOd#)hqXn z?Cb5jUbzz%qZ&CtRyoV<8r*0Q_| z9y@}dcUKVl)mmp5m;^!f6nQUoGJ*-iatXE*B5?$>BBOR?21aqNQE#{`<4FjbJP047 zcVBp+P;xNB3#8MDygLZ<27G?p!-(d&g9+?}-Xn`VLOq`gzn_Y}Ks~!VKO(;T4VECf zMr|W4NFNKBC44!Hw)iVPG)|BFGPz!1*oP7?olSz&SKT`80AAYM#j-m5z*{Ka#o?nRDFz$ zk~)))CC9%y>&mb=eViY3S*^#wKFS8ds`pb-jMXKc6TW?8$VUKwevvD@L$lN?!#72= zMFTLGavclw5bP?|P)py@&!lcj4RN$nR#iK|UZjU+!g~Nzsm1&RTXLZ|(37c67PSOM z`hKo*?I>oPhrXiI+T;8xWq$Zg^LlzxzKyv`9PF8Ao;7jn%LkEKr=kLH{O+bRT7Ir^ z86^N6Bibg2j_rky$D>AHMrr4kxhAv{Rm?gSQK_oIT+lUJ@HiAU#VnU5S*gSAM`OQ6s`K-!+ zpJ#lY1&TIP*KlUz5opepKxTTo6X)EClw@_jjrk%uDvm=fWUf+Pp+vVzkJwSo6ZWNK2>lLuYr|;I zpN@})k^PIkF_DG?x6<5U5=<6roeLx+otgn@Cz;JDYs2;oLpE98cWr zQG`9Vufy^0UJ3V=L))(~SvNnJm~g45_T3#4fw5Yj6fu_>{jZmbY6>kLq6{92A1x*Y zdmYzgJpnxjZP$O@m17%trX+syjfl~(H7cHW=_k`Js|;J~tG7SJ;ehDED}7onmH8;0 zpy_%%blIMrlNL^|wfa;U7)#;qN&k5sMdN5HZo35?;OqF!QFx>}WD#&2YvIe-R!Wwq z^>LGiSQ?LD2zSp%mXc~$`%i9S=jY|d*YsR4k!HSqeHO#oH#^1@+4rSv1s5ZasdMY! z2MgUEf~s5loE3TEQgDUpP;H}<6+8n~}OtY-!Sw#pSnO2X+ zY|8BX*`-jamIVO=v+Vwbd9rgKl?8xRqj^u!d+4dF`Xsb?6MeJ7H|C}6%55s-o~ER1 zNTXPVqvTLd%lx=L4A$xFB5Twc`}>1BN>WFyFS;DCK4tR@>3iM?bFD^_i3=QgG6r_z z;K(UYxaeK9y5$w_H4(AD%jT((xWs0l!MT&?x9?HmveOHTwMkO-rb%fDEN(1|a>R>w zi7I>_ISzB2$d3b_J-P<$jPQ0cLeB%~*m9@6@~Da^)h3BEGp_~*Mj7u^49e_G2mO53w2*b_+AYq8LWim zdORcqQkjetP6h@R#0+1=ieyVzX}NeF*i-h&=R(^v}=B~?QX z>FlKg9D+|Wwx?JJl=P4sKh$e(Xjz{bGB#Nu<*x@j$4kn*vJbLhH8w4qb0}Q=zhjiF zSf~$mV3Y_32jm@X2SbRJhZ9_t&nr*>gNym|Hh)PKX2_I90jeFToxG!8`twG;W`w4s zWDCZM&oRI3I$OkchfgzRkbk)b;2ucYM$U1HqNTuYA?4g$**|6wN9Zwg_A75fC~^u; z(j&D4dv6NhxkE3%S`_9WqR^^ug5H45SN>Lsv+>1~+s9{)y@%A*B8*dJk7@4JB;KfX zWy(SkeS1NiQYKkRBr|H*m7GMQsD>*lWp?}Lq?kwuTz-)ajRd{%B#Ye|+O^Rzrc+&sY{T6f4$NDs2qbZi15q_h* zKJ7$%)T!9r7KJcpcnYQ0gzY65 z)rNve3yYR+Zeh~aL4!myHhgfIWifD(w-RWxwKY{{+J25)={3R0qCT^+j=Nj%Y`wfG zoVKdrZAXrxXjHBWO1b~tAX;p>Gjq&w9t>s{3`USo2#t0y&Hv%*oPtE>qHWzacH7;% zZQHhO+qP}nwvFAkZQHi{_J8hqx%VZRSxKc*>mju=GrloYU%ik6QK)&Gha$cRw>>KR zT~judLTm+olX$HOWtA{;xWt{^5G(%33WS!DTGR<@AhEX*;(&>5axQD5&&neN2?jjq zEYO(uKPVS*xnH!{3?zH~1d6-aGAB_R!}FtQFSmC!MY z`fRUpwHr^7OeyP$lh8ndZo1hic3$%5-SGV?mUQ8T9=Lh3y+_60<`c}!G#Y_l=;vX= z(5rGB}iKI~wV|e?E_Q6l2lgfRdt%Zj6*4@t^UM(ox70vHA@kCbgvt`6} zwQt9vum|UhTq0Eo%o~K1HD22FzjI(y-Lt4!Ops?B6{Tp1pwGVj)VyF46KnRd_cJz( zkVBDVIWJs;fz;^eS7y5&uONeum`_Y8{o*l;ib|kZ*Cm0>Vsy=b6-(V0zI?HrWlHko zXprEbdWohR??wkr^P>3+2LWf1iAUs6+GSu(9CY#k!m`M{=DyLwQ!lDip-9oe>*8ZZ z$^Ow3Yytpt{ihTk5b@K0aL&>Z>x#|U;oIKfTV6XgEVr6WDVH5FD3AI=Ysxf4v9%x? z=mP1+-iI~#llKC%GiC%~!uL|uEu1x{u%$x}4=?-~5d1ZvNfjdkYV>49Ce2?^5*UWY zVORH7_5poGG4klD!JZm1F-)n87>+ck{iUX8H`CyMIS%p)E@lJk-5B>)#?co7a4;x{ z02&F2=`Cn5~Ns;=;2RcT_^9o&jo*T0VIK zy4MtqgaBUdBrSSTF1PNYwZ9u^#O3!HQ=Mj#Znp)t90MBdRj8ghw2pCln#?1W+e)N? zbj#HR7uWKRrH_~YDLI?ts0QPd5Y=cHyI5m?-z?w9^?AKTk)*j7tX9%D=|qTA6Bt2- zJG*9m{g*{}@Xj)la9~Frc4Qib4+&yL{Pn)kU zQKRDhr9JtRuS0XvjMrXqYUVmU3|S~xutlGgsz!+&2(YU=cNebZ9(OKZZ78aOqW@AK zfJj7L1F~`TE!$zp1Tz9wHLyJf***BPF&of8eF*|Sh+Z6K%8)qPwQ4TG2co$ocs0&x z=nw9+j~(0 zm*-Q}bAaiFqU$g$aY{iI?-8x*l;bV^ak?KPvwT6JsBWiB%NIlrs zcVzE7yk?M?To!2;dVGe@OcVAGjFGK8$!KVP!EOdWg2Gm5D8!SJ`*sVk89sCe?k0AQ zPCL;IABx*ELOWM@RM>D1t?q~dCUjl=#7fEx=h2A53oh|ytN&B;$ETOz54pqraV8dH z6k2W&AFj$_EL!f;;seBZpg+rFuJTyZDFXgj)<(;}`N(fhcWD%1{9z$QSo!X5=%;qS zUOlhAc)@3648+}cO5dgPXPNg(+)>bO@FV*kk{jV^nY}zjZ-psd-$khQ(5u10B764} zTJWvA`3`-kxB$q18(P$nQdCx}_xT6!cHZm;YIrrYxh`UbK|R`QwekB>r;zzERC|fo zj~lQs=3+LPn&DHfh0R9obBG)GOpk^HEwO!>BLTz}F5-!q%u6t#RuxkItazv@wM{qg zG-~Rha|=ZNiqblaPBo>vnnXbzv@f8!S^EDx!0$rNRz{m4LhwqaX}n@mnl`@=FCKI5 zqcSQ?63WpYRFF$RfUuo5MI+#GGI88%JlTLHcO%`Y+2fcW#+UQ93U~LQusveNK}y>d zgv}z~Xs&06j4*OePT*HkJ#{q)$Wyi~p`r4hv^8%BU@33h4XEq{MV3DyZEJjgx(qD; zM704V2YOfpLTla{wgs^AgE`osLu{6mFl^(KVx2a@8SSLQb^%ej{M<2>@5 zQ0otQU?7Rx_eDIlvRVV@d}F;mm!v@Bh%V6aVZ*2v)ZYjtMA5G4d0*VVt%qe%%6m9K zbwC31S>I20h6CV-k1{A8DN@-Rv{=r3U&xcD&5fM6`T_;_m%*8eoi<*up49GirQ6Q$ z)C>(sg{u>DYl|Nf;)%5c15!cQ7Kv^&{UmBLO4rEXrw;Dq&cN1 zr{E7MkFAzl!r$#0;Qr*el%Pz6cn`CvG|X9{vn0u`_|8|O&Rlpi{|PDgQ0%cJw1!e7 z*o(0i&(j-KNb+b+zWVA@0$Sj%B%(Yyrg?)XWjLns@6&2L>JI8KksMUA00u$OC}*BP z8NuwwO~7z?RG0<;_5o2CQig(3U3lXf_`Guukl-L(?P%4C;z9Skdz#0cPbdM}=a5h< zUSP{4l4j-lp^7mO>%HH8z`qMWIs4XS2F zy1>LP(Kkfvg#4FI!)yj#GT%tG{W7iNPB-iN4=c&q0KyPsyXB^pB;<;=H)fVHB2*AT z)mm#3riLIQ`2xC@nxRo!R42NYj(mfFF2O~g7?X_S*7=Q|@`Wjy#QwX>jDFud|Y-7fF#_$UBdj0TI8`!zZ2?Hox~s6RJ~!t zAD=q>N`FPlJ0c%@#UYgZ51lOV=O4ahm5qg*!hZq>o2`m4IxhsF1Bnv&S6&k10*s3B7V&Mk2=L(%QuImpYyv>B*oDY9Gy4 zs`yPZLXOw1#F-9up9~=ls@HxEnwJ3$hS#SLpcltS$1#lCVCqygbo;unALnjhsG-a@ z#&m(JvdpPKM3us-^FyINr#vSl*ifAdqC-{(RwxQ!V=R9x5nzom54NjYth|s17$Zza z6j1Wf01aVJ&1?I4xacwh;WD$`VTA)&gd3hJpv zYT8QWj29a@(WR)3hxBA2Euo{vCwCFTbU_L~!8X%{Y(w)_tNJ<#YOqJ|}Rt0O?|#D#XB7 z*ex1TBaGlDg~s=enSNHnOEDR>oCObvfsetcO!+9lX2@D@q()3?jCbGv^-tA&hM_$( z(<+@&!h+;(@)Ea(RV5A8tJJJWk+E8uM4Sa^A;y8AlWzZ&0~xtNoBb^(?hO{p!;Mn< zcw5%u8t2TeoxbA_u1F^P_B2j&6;D+Im=_CpJKycaiA1uOJo(Nwrs_L$!XvkM@st{$ zlivJoe7Zax(g_tvbkNh716#^jZF|t(_Yf~!iQ<5su)-3khW;0(EAg;l=rVzv`wCVe z^udN`iR6&rH{ZnLr^R3AJnDOPEdviB}kj1DNb-NTHZEETkIRiuBd0zF_XrNGB+dmOF@B_$z*<~}fgu@P z-sm7i8%`~U-;0cS+%!#=D;ir zQhnQ?qD{|LsS68q-baAWaTeFFHJv z_TLK?wUze|Xx%GNw6$SinFwe*o*;$idEUwrNAWyu*HD8B_6#T=A3KGY2BUxMF z%IrxW>YA7eOV2OzS-334T;89r)stHFF!`8c)u`p>YdEprcMMA6`p+v}*@A<{vVk9u z*vWx$03zL3;-Yl^3^!Se{`s|q7ZRVK7LVrXZdQTOfJ^la9TX*fxZABDqDxFl{TRNn zRU5CAu5vyUCCf0DuwN?xSQXa3k0WvI?pT>EC&tjKwXv9QH01=X;s*lt%@A7)-`O|m z=(}SJN!?6)lxCWBT(|{AAa)0L9Tn zC8XBTa4N4s?z8QJM1w<1g`3ABEaq;@1W~|@kLR38-Oj!6*yvEkG5bUorDLhuejNWA zbv}Aoo?DOvd`}crnXLNyF`5D{U1b3@Fbis;EiKidm&y@QEerH9yL4_%(pIVLB?lES zbol2%>`fsh&tvsmAX($1e<^wa;h5vrUZkvU(B7Uud|w6#i3yA$9X${u)zA=~J5yXc9rT>b8mhkT?nu3s=QY}ZI{MMxOZ5mhV`!5t0Md=Z^^EU(5UxNdZSZLUy0BY1(fn?}mONSrn!)E}FJAYqK3ah}^I4Ow*(4ejL2< z6R=BnTcIt9=OBzd?2B|M^UYjit(}D-Eo#R2O<`rkH&o4Qv+?8Df5k#ga9ng-K2xh% z_$M9yaX<@Q+n>eg>wELanp$*xj5YUt8DIzrkjhFi6clZm@~RBMcYbnt{|Rs$3L1NY zHe*btTi~guSKnCUXu?N{Wz)~Nmn`Gm^wRdnpZ3vsy~1h`^D?g|+eJ!9P?qOy9szc; zQm086xVh7*&64XXJE~lb!p{?LXttYlE%5w)_n(>o)>VkhNnEn+otbhhKA>b+*~&k~ z8?z)~(KF}<2ZVQI4oZTi@iB3rR53x8MQt8e0ivhShHyucU!PUVP9vy;p{~5R2)TLP zs+BQLVn2^^Ws1#}&~mSHkj`TIj+@4wkjz@zjRw0Ws|dz*XEE7vlwaWZ?1Kn@cU_{h zxZ5txh<}$@wly_7T3I{Y?qAIHUyiDD*@>ESX(-^$0bsJQ`}mpm*_bWj55s8C!t!P^ zG>$drWyHC=$wmaMcRU@khI3l>&JhMF=AW zqwsCQ9c}e3-Qg#Hn3H9DkL?(E>kH&nR;ug$YoAU$@Iy04+WI#BS;&mOpt?OONwRVd z*>i=nxD-W~{wwwMw4JcngImNq2kzQzS;S&&o$R{=F&^9 z_3wSXnBB4d)a(|AVhKZ%ogDFIrgLir#x1ELRS7LDQ2{OaKp8WVKJCKs+m zH$_9kET7J>5Klt-rGQ~%9P`EetN<_rsW%O5g~v=Te^dRG`K|-VGB-R&503wusUamX ztL^>s%iWAnyU)8kFr4xayUjG#q#}b_8#VizM~U7<7Tw-O_QpN4N;jFH@!)mj2M)YQ z&uFez#R%^0Q|v%+2-Xp-c>DdKnZUTUmN5~S49*QBTXko}0_-{d&|}%oG^G=Vm;Tm) zI`b4Ri|nojJzGX;evG0a3O$=!`n<*X)r|^$*I@Ysr2dn@lrzv}ygH|~k`ZI6KeguX zOdiQs#bVSkenoQdwne@-&cN73Dg|NaW9n)-W){Nbjs37@It9OfVi9!r=%T5&C^!Wr z^>-95;=L?l8P9!~f5=T%X53gSxGZrZGct1m=P&K2=0uh4+g`8K3**Jd1Q2ZcQz(s4 z+WlUFaYM6>r8l9mA=_VqACq9}lcTdF7pKwUhx`R%Ahaj*;UWtW~ zxe+#YK_C9u|mGu&MTyvOm$6iwMVg+QbPf zOV2L-bh6^pxVM$t8)MyHrbt4SFBDVX_fNSvtmC@pPF9IU7iab4+Td(pp%`2cdp}`E z+`~?xPTw~XCSv6;q3gNpN-@|`+SZa=FU_EN2{1PNR{0VclG699{j#LPXU+mSl|>LL z-W&>ITyV>BuhuwFyq`~m9$|XC!-uwKSbTyLs$Y;s&VyAl`r3+Apru4Kj zbv82)QxP~CA!XcxkxB9b>IuxDR{&Jzor!vRVDnPo2(kHQ;6XV*1k=#0P39p+w@|WR zsli}NWY8Kkat-xv@NQ~-vNaj*fgi9b@Q5SUHA;e4%3oz~_NLwEwVf4Pbr@Q7rx29V z`Xk}-QFVY(CU2XMs~2=;I0?mKl(sfx^*{0!y=RlK+vl|1cIc0Oo0=Vf^v`>bR6kU@ z&Oa=r^~&epr(FAdP>G~_gS;`5Z%~$Bp%=XPEOIwRT`?aTWbv_ZpFQX9)!yCpL!c!k zMgzzG9net+mw_8NAj?}1r(gd_%5kfSgrvyCF|*+u-_{`5fe9BTi`0<1=a+7?PJoHHg`aWAS8Ci(-eQ8P$!8WU>mEJqapD*1~+HT~8ad2dF zxkI61WnM>LZ8{HdO5#(MtO6X%{N`6dP6CPE;>G^)rX7pytz0bB!E4~<%aJXU1`kvt zP!YNTEtBd-AdaipOX=E3IAkCnDFXA<=MU-Ci%%hL&L4Z?{@kIw?*xzE{~LNKRP!sP z^0h7ZmMs+&eg!Um=H`x}mcLB;`}~Nhoz+Ip^NEnfW`ZSR1EQ(70~WbYe_MbQMOp2u z{1TSL(hQ2}rI``#g;H}&xv2-9vRn_c(Qio=Tg`#xH-MX#rRk8*e`;n|kFUF)X`>p; zpcd_=1-i9M@H9;dbjDU7xnF=EN*`P3aXBLFQYhgv`&&K{5*glbvyIAoSN>6PfG2QJ z8lf*6V`gzsiY>fNEF|TH5@)y3WH+1OmpUrL1-DBLolP!$kLqI}HjFtnQ#vl=5l41$ ze2CiPc@^4aXPxmMot|Q>_`}RY&j$}o_$0_9^dgRJ2f_O~5Jm&8M*ybxSH$TOFv<=P zU*yRR`!wu094sDv?u6~OXv-9)PUvA!P>M+wX7#r)l#N}RW|nXU2=)-l?Q&a!wNizS z^$=>+IXsW=iZcAS!~7at%kVAwrm_z)9X5KU2$B4y#Wdv&gS0JQpH|BKo*Cq>DYMie0!2M?l{a zk17fU#xFH2HYr@Xa%bgA1!wpWC2EB2nAFsX96QBUaKaK{h+b?T<<&%*WB71Mni@Uq z_WMXpBk>MFk+AK&*S~}0TG71$PC5}n!Pw%6j;NonafBaHf{9i+++%ED`VH7Vb_=F&c2zXNYi-ZS!F?;>2Hr9O|x zA5vcLV8j<(;zG%ln)V|BHC<%I)eDw(0kWlga}-A!iI`pMC&$8-ho@L1vg#Ty=$7|O zw3O1p?Chk(l5Tw%{kw{voHpRlHwfgXk}1@%bOP4^mh2tj`d=<>@?V%GKm!8ye5({+ zsP_i18nGahavf?%S8o zdam*Hw4xRD=E}=$BQHz`P1$~|W!b=FF zY95OIeq@k&GBh@rW-4R#0!E#dnh1NhF!TLulgJwQx-Z#)s!V=j19wRIigkWcufssC zMv*{If#Uv@VCAM`KKFNDTa@XSQ9C_ArA!)$IN0h1cdUS-@~|m#7*G~aZ=HStyww|l zH?JXZJ#rw9nY1)0-XJq)zTb|uKt(hVBrh87oBOcT1NbQ$G^jLi82`c2Y)Kru!uyC6 zg_UXxKAKyMIk(11;Zf1ZjG4p&ncA=jT$aitf}s!9Wi_*J@AUzebeYVuv<)VaG|l8a zHS8W42@Z=7m2BBpi1yp9|Id;Th2ft<&am4iE=D%)& zVkR{h7)``1CdK)WD((IgR{B~k2Pg|Sf#{bpG_*)t&NHOiI&-IM)Z#TW9!xUV48!*W z!R61D5J7u;|JzKpdxC)IT|wL7obUD=HZ%;$O05MtB$h@eEKf9#31c0=ndqeLLVmLYyKeg)*qalG3_gSdswzC||| zCnDdj4pa8{uJ1g8QYF$=WiXfOzBiag2M3|J>FilUa zoQO@Gu_j)9o$UK}@Jt5@p3IaI^?UtD^Y|a&7AO z=XruxC^xQ(Q8O|Wal?v%pgU7Sf+F@h&a(0rPT%(;8|{I)Ru%H7+mSUFlLcJdnVres~s_M;GX4|?b(|F217A|7b5wm zvlC7m$S-*~6OK%WV?+abU|bgxg|+CT@DbRUT@>!9ghs9u^C>@|NK+XllB z506xJeb|*c-Rp!JRRx|auO_D^?tUT=KV|4YN1b+OiV>RO?rJ;4r!PR=z2D- zd~=u$(0;Ft|6-Uac$mtfBwRIjN?A+WY2wYH+kho0JgHULfF~4Y?D0amDNemWh2=%+Pslzpue6_fh4v} z;#)H(mmokbakJu6v4xv_TPj{Y!8eRDagg!2e~Cs%p7+Is4W$@j3BI=u9&7m#xBe)E zP2gRmU7Q_V3OQ!NJG$>5>&(rJh7YacY;k;XezoOo(RyZU=F^Nce;L08LnBTLhkYf{f&kHu*LyPM$h==&_*^k0|6ZdCh3I# zILNoDJVrCGWdq$36*m*r?!s5_n`=d~O0{Q7SI)766p#^hEB`(KP^?zR^Jgd9@!;U z1sVbSh{ZBrv+l+7Cr`cF0uXMnO1H=H56YV5C4-!>Xu|j0^fKgTZcQTt`<8qUFbxDb zVqGPPqQ^d+w=Nzrg474;cg-m;QzltcF#^>XypGoM z=5CXWu7&C5Wfm7GVa5d2Oi)UEn!IiDU@>Bf?lfx+RpQlKE!vS~rK!^tU6o(o8?>Qi z^|>UJ^i>;=O>v%!o4V%KJdNu|nY#`IimD?SNnhl6UF&D}r_6vOabv%h;QO32W^kJAJ_{&|!cHtVivBHjh z%2i;4Yt-4Zc1|PBi}_bXY4cNQL#_5qjoHsONz;$QI?gGK*lp(abBLI3;)m+gPe5>1 zdcegkaLSRv*@{pyN(7|HE2HmQtnQ@ZJePW-g9##%TXzPru}4bMnU$bpw~<2M57~LO zstQKp1ND|s{f^t){n12i_b1}_$8WLq^L@93_j8L^+wE2U^HaIg^S;lk<8$|s>iaq1 z8<#4}>Fh;OZuW*p3;(@*edvQfV{2(&QUvdaY)&yIfm8xCFWvaesBcub-IFXO31Ri@ z@cqHNmX*~VQa6wR%PK207POfAUT&NDHO${U-;eF7L^a|-#Ikd;6hQud&g#k~+e3nu ztYqM5T`|yOBAMej<>cF_A5o$t@128FL~8`|H$R-p@W^WDzCGm>6=g<2r60{=_}1Zj z=yPHxO#oc$u+?jzs33FSGC@@i02^cITFT?(18XYc@ueOc_RQ7@Mwm?|%g_-?OI3t) zvQ5eN;_a@w83jdMdA^E~!AO@&R~dua)%OdwuQ&TX$9wd~;VupsCj7G_CKoL5a3#7~ zqS3W15NxrJJ~H6wm-*rS{06HVq$1rOnsx=V_9{x4m4a@6i|AF8j%p&5yVs&vPny0+ zjQHT6b7_dGrJ=q||6)K_yR+30S=Fxjw4^@L|KnpkNK*@?<7G^Yn4KdQ~p-VF_5Mo zB^hViAQ#221pT|dXvQKjIR;t>OXpe$!9beI-kyh*qCE@P^GZKfLr!IyQKaAhZ*!Uu z7s0???gk3OFS)43-t1^>xo=Q#K>lLRw23|c0U{fvEmv2kn@&H`x)9Xs-v|ZEAG6j( zB^_fJNzZ0KfnpuITP+jK{zo5>aIM^WhAURZGvGB7CC7UmvS;S@g5vA5j4^@3gsrj! zik9`|6bx$kmr%r=8gm*yG=uA;CE_;<@SahFjS;Y;tT;TTm#fC9LP3;IQuIF~4aiAr ziHYDE$E2h}Nr#6)G(zPvGRIx!8!>Z&eGsNvX}--cxWixVIP*UxtO8Be%e{uBKMi$5>638C z#*LbLhJqq{=%MV79(I6HF>TDVRMPCjM%uz6)gmFq!opGYBmI%W!Vgz3I~k^Xpr1CPS^G0(h{ zVubagF$F&#iRnfjx8cn{X%y)tYh(|yz26U^yq|lOs+`ZcwBN7yOGZC$=rg7!KjyZL zx(#2Zt|TMPKbv|tH+5ezU!}h}INyzo4LBdNA1kq@Kj!cqE&WW$^euQ}Q7IwHo+pWW zrVO7_A-S<;uk_$cZUIlRdh!6e#Nz+8J~zk*HX4)%(St5A->d~rnx{%^V)IMY`ZX!9 zp4zP&Q?-NHhIJl?uQS(~q>X;zcK?U=ZROsy`{Wr_Xi25}BGSX1+IZTs!!dVelfze2L)N9PO90copT|UC zl{+Qf_lwUCBV0rMVx1zqN7|R7t!z|Hcj*!IX-x62ruL(zdy8_u24+V15jaY8^9F3g+#>`sOB$ZKf9OAG+sCTQYA7LVx@ErjbRf#*a&D7@TQrk zfNX6>HIkfKgRswO?-L*{bT0# zNr%mApo1BbaV z!9Rcj?iV?)aZzh24AGTC&IGvTj22eYQaT?$>25OrG5e-tMMXNm`TkmAFP{ zWCmPNKxUbnYh~!mNF@~P_X6FjI){?P?&_b_c(@Ho)UO{HrXC|c)T2BmMN>LtYGP;t z1O!Uc&N&zEH(Gbe1n6Y_UppFX@Kxi7hZP-^;9#Hch+{15>r&0HH*0HHvbUd+JICKtE>K)}sy zU?U&Za;U-syu_-6&z$y(on$g_ioOsN`G}FLPzDjsj)0OCTS!fRv#5l-1JsAlp6~so zpVz?hV`|uF@Fi~l9byaZ2#aQ$1%q1mq{60(M7QAaj4QB}Bl5@KmV#MYO{t2_qH*a8 zt*`$nV0jZMSj!y*8#9#HOQ(v)pA@dhmDwT0WA6L{Q3I>DH2QoXndy9x7j54{!YM?u z>8T;LDO5NpZIURE4_+K&nKCB*G&r*$(G!8uk4#tnNQ5QNb-xfl4SKmZeL$9QSFg1b&wb)FXq8KAN+zp`o@)PEN;-= z`ndK71nB%Nhn22P=m@ip`aAZa84AL#!>7M@GyTI0jTlPA7)2bY>HraK0Fovp6{K#; zmn$z6>^&@^BIJY-BTRTehJ%(UVqn0KQ5~(1fv{i?#9Gk5Am$W?87{;EX_zTw!tzlM zdbNP|bz};XJ0s7_MU;GrmLfrNd}lku#Q~^|@bJdEhm8=8$bo$#@h-^~nF3%0#J6E0 zH|5;POgrpQ5LTV&W|?>?_Mfd<=$kJaW$z0Vv{YhS>x0z(_F%nWw#@$auW;_S=F0jt zTH{G+8jrc@ zPsRr8cO7X7MbK~@p9z|FwYrexx|l5S#Cw{$C=6dw%(*;qrj&MX=u7vy=TcX!t;P1& ze&RQnUE;Re$1JFl@!^GIy^ryNmn-Rs6t2~6A3$QbkX>eAE?THaU<|CfbFJrt;opVp z%Dqlk%%<}+j8p0itc%9h35uEC6b3hPw#PK*x8N`;Ag-)@sB3baVNV5KzxG*chds7HM&GK6by&0#R}{4eooz+j^9*Riy z6=JJ%k1;;wn;TvpYj*Gb##MP!Ww+YNV^Krpu`@5*71;LB zXeH8G*{)vDzHpspGjbny_KWx`{>rmkKdzy#3Qk#emtp3$gt1t{G`*n}L>JC~3~#nF z2}h#2=YDQV`I>O@uRSXzwpwCetZEHejl>NpH{r8WOiaA-=mQDlmDvmsm;h5cI=63p zfYSl+g!lUt%Ku&AWACNQ$BT0zh6^3jGU`w0dbMHJ5T32^g<|w%;n1%gp1UtXTQoMX z#o!KlPeCl5kQn5f$yjAb5Xm$6?E`&WDC+Va0=wlfF#CV!lt)D!fEAWsEB`}I1?2r; zqGL_rWf;r>{eeMByL+(;a7+;X?hyN7RgnHxAm)ue=pA!w5k$CSAiU z&*&hg7M{zuzuXcZ={4OFysmk!!@Nd?nd(9zyp~Qo63WGt8kIIWkz6v{AC`LK0>}VLRS;&pjBElWr}a*T1{EJ9{<%x3gRf zk!FCif5pMamp{cr(h4W4dWbDgL{7 zMC2-6NY)~_tO5*%QF<7Mc;0ut&$K4l*`lv?WZw3PJ-vbjt?=iUx^jyLpr6kMbDSXH zV;=CsyGJIwq$rg*G0L#ga8tF#xNxf2RgU5=-xf2&KLeb)iqjvbpEqjz#Z?R{F_hnE zqd(urPqw~4nJcyM4?RE6J36v&J3T@l!}mQetCzWqZ=R;;rBk2V70{r**7M!1K4(W> zwyqGt3fZ?^PYbCN&)YRNONWZr-%oXHH%a^65_desZlNw2$Ty~4*f&=JbCNCjoHXZl ziOCvt1iFL&b6bqA?VOl$yZ+-}qrl8}( z<22aXr_KizHMb?YmH)P{MHDfX9vw~z5Evv;b_uA|JwR3O|7Co_E@KVy>iU|9A3-DB zjA#Vwu3jFD_WQDAnoj`qy>Bvi$kImJ-7%nlS6 zHfmnVb~Ezol6Me!4WQP0!;ogFp0UPw*gZ8%S-QSPrEQjOp|#An0y(PcrpIvz|6l~3 zU?P+vj#On#2(y+a=RWa}n&|4LFc<>Jj2Yl0JpQJ=NZe3rnpCWFJ+!Ld<6@%tWTj;^GoU@9OvE)F7!9dqb%A{v!jr$!KL^lHQK;Y+w!GuYgA|HI4x>bX5!l?uS7Yu4U$r?6k*q+3P0)As?kS!CtTJHE zgW|+EjDLtz;0)>X?f+LCpsX#CC|3OA%Rc=E~@iuBwW36@>RkSpW3`SA?(w)J(* z7v!zk4F_KMPMowUixap6x|>;*1~a1=VRfr0Qt&xIM6&Q0vdUgTJE$Gj$I)Z8vwX7TNv@n>}@}jql zc-9BjTHO!!N>IM<681qD1^(%e>RtOHvY~*TNBI`Wm3|G`&dje0+bs2;Nx(In{NtG83 zD`(pLae64eEn^eYCGl5c%_=ma>NNi2eDEif7>(;<1I^p|FvRct(Asfsd7DU@jrz@! z@{K#8r3Y{sotjy^<8^9!sEa+Ds2RfdvAX?!cSZRO+&16OOeJ2htcSbAjeFUBxP$>t z@nmCJHu&C zu(rSR?H?*@!U&%TEj`m|Yxbbw2Rt_ulM5Y>3s_Dobk4t6D9?!SAVs7EI{{2rYQZp^ zKzoL2-OPCJ8qX-iabXRXqAcaD9QIi3#T=%TE%zR1EpR4F=Dn~^_63_fn(Fqaga3p2 zEDvheG8#e6_xzJ$;cr zjXw1cn`avlWHMRVK*e&~#+e(hm~9=xSusI#>mHF(AY>^4IY*=I;|AH0lhk>|tEE5T z(30O8Va~B)qR!KX+5qvf)`mw89n3<;6= zD6v(P^pwh-n2byNWkd#&^p&!3d!lcSrrf9kj8rHqrm?U?z0xxiTJ2S`2Kw@$VGP1i zw?Gi~6xtC?l2Ne(5DfjizlPDsMpgL%QMk5$htzw9NVy%Itp}lEq@z$hV_bd{ofV3O z5n+jxu%vQO#W^^JFiR98i#Q0*G>C@m-^4$zAPTh>2c#1Y<6Fa3T#PMsQGm;PXI2rsc&3i#zd_3 z#bT+rh>RCYN6MBF87B*NLBwM<>L80#o6zOQ(I@7u!xs*(8$3}63*dw^>j|Wg2Bsso zuL-@=I=e$mYT@lFjHu`eWPk#44 zKFS6(#4?>r%Y8sv>;$Y2NRqwvr+Ko@0HE@sI?DQN(yhwl0%z(JSpWXiWrDK|*Pgh2 z591?t*UNqq2AMT-Y?I#Q+?`GN8y}q+Y?9u$?1`jAn|`N!w~%&QdoC0*Yz8zPp88%l z$;5d|I3dBDJJam?U7&0-QWa=4x0iaqRQab$T(|<)d#GQ~N$e<1821IYp_$;1 z{p3%+v&WY!{M0b}A=j?H$2noQ4j;TcF0OPIj#CiU9t0ZD-gkhrQPRh5WUy>hxfnuz zaPSsr{Y#G_er$a+k= zn^2P{w!*}jTOKoo*uPlnXGT#RC{x+-@WUCiBbhUVbs&UNC(CrWd2UdR?ny#X+vfI& z1nW}Y*d+Jy$9HL#>=>OHA5sTyNN{mctdXs@1NnO+8G{=ydvT@|n1=yBfDba_ zwjmSVsKn3U4L5WP$wLdWu3_ce5u@2SZ#{D|e|{n@o#mp3QN zP{-ihvfN+%uR@E`RYT6MFfY&7z&om?3rmdZHR4`?F83+#Qmm3F4mTbiLM_I|v&c!% zw6aPG{ttWS5GG5rxcRni+qP}nwr!qv_i5WYZCj^p+qP|M`riM&^UQ8mvzl*H5m{Ne zt&E7@i}>U45o9$APdc~C4aX;sFN!hnoSI{=yrW{EGtQCdd;MO1FmTWB+p~Rbr}*OH z1!2`qOnct$S^0asia;br!2{}vcLBw=$i@n7Gk*&=!q%G3T%}q49bHtV z9_>n+=h;a?5WswEVQl5)BLz{l5PBFvPSF>seYHyBS$jV$6z99|i5$f>r8S_S&vGRvE9veF*sMqW5n}r@&lX-%V{M213p1FR1 z0TLc`G*_hvEx(E$UYbvs&UBZ7>L-|bDN%d~Da%ZP z@);XE-HI`-ho$4~1!ezg2HXX1J0Zwg#EgRU=A~U~a9LAhLpG=z=^^s2m zxANeUYR@xGrX~Ho$I9-L!!c}98Olq6@wRuW>J$?R^c0Q=21JMRCU=}qdG3_ znn14Goa4z>?k~Lenw|DDt=@Om;vc-{%pQjwuP3CXF`$Fe>-c0hoDWOGb=S3LC~Tf7 z4-4qSD4t0b10udf-Q{0NKX~i^Ea~3*)$!_pzYzf!5de$TfQp;6iOtf1ic7-#uVK@u zw^gv9B|oUyIB3XT6nt|F>@&n(H07G8d6ygbuLYwS@AeUyku4tW=d|nFWAU$#Qtr<7 zDR=&vYI7d^3o1r<4qG1rDLP@`-vJzd?XH4=E%bN7-a0KVVD!9C4&~X^m+`OcyV_g7 z4jQt=R%LsKaCn0o80TiVe~T%hkI8I z{v^xA1pE^1>jJZ_Z$f1ovgC*2Mo3r-+I%Css0p*J1N7k*qh3u-bIb!(^J^ z&K~Y%SG-B<-^qqDIUhdXr~{&O~Uum0nW>-?sD z`EDm43*Z7xPrubl{{;V!&majw>#jFC^y}5EMB=Prc z0gxH@^_dJOi_fX&NqRqZsaVo`{bEAvBiloFuPF6$tSlHkkW9`wfDr)386JGbWI+~y zCE5O93OPVH+~@(U0;#76r}-4`QMyh1v6e}3|1Gs$M3e{ZY!QboXxZaB51(bLomMjl z%%>upQV>c}1ydCcxpX^vq0a*Ya1p~2I~6BKcHRH9&A5>aT~o{>1_)|I%i3a8VU!4E z@}0W{_j`8WPfGx?lK!3)Xq?G!#o_y23~Wz5@p5j9B`ZN(`dMl101EB0i=MpW2)@4( zXr$5_V|T%V2fBk9oH|#J7&Z60wk=gN!@*$z#TR=NZ#`T|x&7<;=~q+5q}ADUKh4%uS3auG4eKY5K-+-S+Q0+?Z(%oB8k!D?v8Fj1C*U zDBcvJxJ06(Y9G!l_Id}CA(16C>TgcKe>(C_K*#5~V8u@2nDg7}wpx0|$X!wL@i^Up zw_q*n=da$ESAER_y4RMx^X)(d@-TwuRG~FMHrO-Vu`o_J6&&kEe#p^LJt8tI07m=< zi7|IddSX0*f!DcON>XhKT-7BsNQs*Y`AGsAc}5enAYz<$1PwM&wbA$sFtK{&$iUV> z;1Ol3vWlfzm+_dXD10sD!(sDSy>|TVfMezr-85{aw4x~{WU*T}IbX|m>@)g;$0^&MM(IYNXR;3YF}fo(lpdF>>AE6&1F&V)=ikdzk5 zt{*<@Ev9~*Nv;Va_Z|`8wrpZl!LFco_UZttfBl(^Ob}%rgSlFNjH~<&6hQ&&#tonn zMA_8?Eg{qL{A!hN000^PxQ5h=+qjZ1^~h6jHHyi8nfGj(@Pvhwv6Y^*fiE6b+ zC@{hvV8m~eo(fvEr#RfvgU9YE>#4N!>#=)%R{mc64RMn!yI#Hq6A_e#6eh1bLJ7Tt zrieNuEe&8WKMsI~^^{6nLg&wP(yAR72}SUASb)<9LVtnq7Bw%zwkbyaJ#99|SVAGD zoPIjC+D(Xdgz59&VP2??;256~g&n~s=e(MOhus#B;6O?nblGy(A|no9f+ALqiS{AY5%Ktd`eJ`e8R~$jqQ&}trc>|p zEq{DtaR3kMOrS_4+~RU?Gh~#(n&pp)@_lntgZ^oDz8{CYcjc8n+mUcCK=bu8GG;3M zdj0x(l9$2#4I(?t#jtxeGL}pMT!}-E%_ao)wsKt(2i4zr!!Z3AEgv3}O6!D-PDIMy z0)3~hc*;kA%Cx?mCzwEaC**e#vbE@i_cdX0wxqm1DaI~V?S&HA=*6Ixq^1;3ySg(D zj$z%<%vdk!{5x8jMiWqbTFJMX#r-XlDU~_4_q!H1_56ZmGfI-k$%KE{v^^rL#?vJ>mvUJZF+}x@IQapTR}ug| zdL11@v)<`AhLPh!e_;W=&)vN)`sh7YFqg|jG>B(${Rt znHBvI$NY>|(KN0Ca1*`mx?PRaLo!y7+VgV&*F!XtTWl=_ezHrSQ2WzB!TCGVu*6Pj zBmBTHDaX~#&oh#~Nrg6JeH?w-ooGE|H7DVHTpMEq=nM9$$bogmdJIj%Os3}z3$ZPj zcrjr%N_r6a&sv%Ui*L8-i)K?-L+nx-jvBx|o3S(?3^2tn#DsYXnSoc?g!@0fnyW~+ z3X1jIq!AX-#C%t^^mMCINifAC<&ZyhN*eYfjFu%sihqkxeMW340)Lj`p(-zPF3wpB6; z)!du}a-@|M!dF#&$R+0)N!+RDe$G<}n||`q9$>Q~lLQ2WsPKHNt4Ou)b=H~|b8BV( z6mb?qG~QlA-<82NLu*@!79q_-K+fL__cQgVWiTOh?P|N#r{SaK02v!TDcCaZXh1jE zLyawIPdx_s46>}ce9|S>c`>QIubEWlL@oZzYh{PdMm2abEBdeH{xbt#Yq4-jk6Qd% zCO3XGseDq%j#>{<-M!FSu~i9nT8$ z%rR()Oq^0|ZX>>MacnNvz~0OQr4wLV<6Ca-0<{=gJ<>^OiHkU@9S5zl18nPOd2&RSkW%UO}o-bkfSMQ$w!5CyFPUq7mlbGqm+5C*#$Fi@5d%s68B3)Ph2{WAYbHyhzL+S_z5;$hf=RS@~e zIgNgQz(gYe*S0=NBJ`f-XpBPH^nfmcO)-XDzV9uRj(#|ete|kjBGDuY_Km{%07Lme z(NiymRWPQ_T_h7v-q_72B})qN9?9GcM^l&CL=PqtP2N&1Dr@bgh+|KP=ZJ}CkBDc@ z$AXNqwz3X=C+OVP|I9IUn_S1ocp_xlhziG?j7PIh^7@h2sNyb*TCRaQW%d(SS|rDd zFbK6j89 zk$TYSF5%d%SidQ$Uu^lQF3V8Wnx(=S+Fei4y6T7_>6KHPS{A*bh83nPu%Dl z*FGbO!u}6EEB*O;At3V;`G)i@G>vGm^bUnP0M-Yv_yvW!!1~H{9`_LJ4NXf4a>mzi z+UNHnOD4qq7rjKoD^i>Po;DekD-kQexljuU)AKPk(xPBM414I#4y7xX$R&F*Dag{O zucR9qpp{D0KXlrpewWeTm7Ur#!{ zbwo|&@_-;ql0GQ`^B;$v-!jP>766kYLKUw?D|l_6)sOOah@y&50==`W+n7Pwl7jQ) z6Xlvp&VhWer$`eEa*)Z)MXfbmj=y!9_vs&^MW#mTfs}m}?`UZ~o9+Dq&FDPu1y_*0 zVuu~)KPzIF-4FVQy-ULj<<)BQ`>z=orH^vJ64$*1>F#*D0^hTw^JC3Y&STTHTV+8X z_a1@1j-|Y1=NlL1I^2YC2H-6yq3?3&89dX5tHjO)XK$Ws#2?` z=_}*3nq)LCneY=NzE93)N10BhHmi_kUct?Y|5fR#AI!!?bPyJB-wE|@y=#nODSy#3 zM};$c6HtVq*e&DL)ZSGHk+>}ll`EokG?q7|pZyBAC7^m-#C(yy22qYiX3|Ir_zl{r zeTL<+6%xLNFG`st5zKCGvP@#5=Wn>vG`BU--QAXbicLr|-QEtPdB}CRdqr>GX=+6T zhAelyiMUJG^kLabE-j|~i^(RM)>T6p7r1^k0$2JLz+Q^1SRqc`D~{a|_l{ZvjQn6S zxFbD|9rT4>r<%7-F1nFt~bNTNl z&4jja8X-NI3GIJ=?3aCJwZ%x6Bwa^KH8@hzrsJ#2?At2dZD8%plbQ)U?xspAAUef} zzQ@yBJ$ZgRah{Wfe}2}p_GP`sJ9U!#j(N(T|XZWau> zW`CJ$(#iwt)rz8!8!DXySVeG1852Vmho)@B4b@i6U9Si*TTmj#!pv}2bnxXSU7ovK zD|bK;owe_9r&ls`$AiskkLsv;LiT;NRTY<1S#(hwWcdZlq%Gu@l8#L(j!SDz^4|2| zP`9A8&Y%N4drKSv8Ehy;%y{ZoyG|1wACLD+vUtA=yNO4s3as^Mt&EuZm=>j1mE6Pr z7Wb25kd*ob8-Wh>I&IsJW~%ozsU&2yO_$zfsvG#WcKrQ3y{d8N*VXClennWz|Kciw zq&-P6-=J^zR=at!CMcbI;Gq=_*r%z$xygV9qwb3{^i^Q(K$doP=l^+qR#(;|k4;C< z>!`J=spOtH7Mx-z^oeHFH_ksIzx&hCp85u1khb7o+kKgTsE6;yQ~dP)@vH<}uwgPL z=EAg@XGjk-2grP>m5bP2$*XRO9+9^^9HR;w|)NET10Hpanj<@cyj6aE3 z8*yhax)7%Jd1@2NO3@A!H5UyYd%SL9!sL{HyeBbjRS=_J)CUrqf#b*pT7WZxyb%F~o2gO|f52E(>h^=mO<0kzQ(Tm-wwz{}UB z!q`FNyml@`;GOHGIOL<5Z|JRRm)_d^o$RTnP* zQQi-?k$Jp>!G_UdP|kD8AOp1SF{SIXj=KXr(Nug0eU+i8+9<+J3i`FR2I{Krb{V!( zJp)8sh~5Od{sn#2yI%lAw~VeBBUS$S=emNNEMyo<zF4ksaW&JZcJ3PvD)3=FrWxOUgLZ zSjb659Z{J9tX{m--RC5#r>x%DS0@nuc!X2#S~ZB5A>89xGAUd?z!ypWfGr1c>+~`3 zqR|AzqwBCyRJ1u<6q~Ntb8W*l_b)N`x`r^Lv{~_5=SGP)y?Uo$k+-ixq_Qd?i|Wf5 zJWc0u6xp);;P;e*F>O@AUy#r~T%M$>+&SvGv!ZNAP@e9v^a%rQcw|{hDI!_jkFiQ6HI4uZ{++>d(~5z>x}j* zlZGx;zx1f(+(7*SMo$tKZoUh4ey zwlSeM+`FRdRJMMqxX^qZT!(?kM_L$Cep`PMPb=S23`1|?--=RWBGG!GOfT2ddXz0| ztaX*ZN$Oc=)$EtOGmQyvQt2eKe5Dh^Dd7)`j}9eD_dKf2jVsM7Wtq7Tme!m5dHK1| z`f4&?5eILa-=1tk%C_i8bxUF$rPAi%Y)YROXgD{Or9_I@XkSIN9$0(Y{k5s~{-zR0 zJ;t2Y76XScV3)#mVJH&^P>zi+2F$lO#7zT;qC2FKjwS@!UGd^K9}Jz^?SVjGXEb)G z+5WAAfzM?WGpP!7i8KS*;OwFg6uh1ioA|q#@7V_e=o}aa1lfY-=1xJ%Y z2)jFTkOrca_2v@9U(7d)RwC`Ltv}Vm6r&Ftuc6HG|NBWobgePmyc9-7@FD;0J}SD3MX7Ctko(#t{R_?f^OcshS<}kV zgfh%vRstDw97W*5;M$=CNeJMP(Z}Iyw5mVgC6x1+P>6jv!uEVel2OX_=_`aJrRm!w z$ViN!0&9mEYco9NYUevpE{CMXoQR;~v+$5)neWds8&L$4EDu3`~f8gjO!-1C8(zl&RXKseVe zb4(%UsaP&A89p`?wI%DE#+@C;yUdm5SleB(Janv(S3EMxz{Exb!mPgL{tis(0Oc*B z)(>_qVDt0OHryQCTfX6|IyQ7yfjw`98lMb*hmUVNjvU zvrv;)9=dDN14clo?u;|NypiT^h*Jj*`#NHWAHRzKl~cdzX{~#d?y#ryHs}xvzwPhE z*%KG%Ll{VEdxO0CTRf^4XQyv8q{Z@F>N1A?WkuvPb19yQIoqhR7p0*VsvUSxk zYI6PWta^%mUp6co7c?c?ss<+U*GnZ z=jEM`RAv-9Ev7co#*I0edGv5L<#SWrfh9XA$BGEU35&z4udf=s$r$R<`bC&Jch`h#F&9YCFAbJd94#1F~NaxOfWA@B%dRR8PyI)r$)aih}nX&cHQh$D^F|MbHUl zdkacniFE=>G?9;q@$9#et?vnfgc*KK;B}#vd4jT0lF?x(G?|E8ypN9Wf6hb|wW~ks zpG`){r&pcmtRvehzC4uTLU}i+I#zJPb5XI-1*QgJs}7wEKnJqf@}7s%aC&<`9r#8B z(TEBz2P`Op8}s_a7s8;zkO@i#ZTH$9;93|`tc=Mm4VzCiy1hj~1@7#K*Pv%2Xhl%T zPkwf=1$XeD+lJgU z*~*mGPUH_-uLQaw_r)|;EW3g5grtgI0@YT8tPv{;2#2;_er`WZd}6aRGFi)Oug%Sz zSO;G3P!_!c^$eHKk?hIu^18drFx2;>>u^lU&iffDHu558a6pn`t|<3&g81uUHyL|I z@1jzsB!Gm~Tgy;brn}OFwXsv!}~lheBv*8oGIT@Q}BSz`3~ZC zaO*fc%RJTX7%Yv4K&kWMve4y@aQ}Trw4J5n3)qQFJa48zyp-xE%_G#E@oVo`aqgBMsle}fKcV6T;t@q=%S z&(x`N68}^-$DiXGAvX2||1~>vwyU)8C$Aip_eVnT{HEx|I4IjO3bdXiWBSMmeivVclQ^ehR0i=?k^W_ z%btWT<%Os-ekwI5H7t3dQ6$B)hO$Z~uwO}_uLLOG(sUK|Car-Zc{VFJzMi)~dy^=g zdZpd&Q`vj;X7GNBlQxLgaz=um#VMNW%IWH=Pc^woOm=RC%+&XELzn8y-6m|_q1F@3 zP#3g@P}qPsI#p?TVHd<|!RuWhNu`P{0O1O+WviJL!US#`*q&2o$&`;x7&#o@<`o9V z-#u@XdFo9(jgHXjmMh?OVm?0OaC8CBH|z1$Ff^+H3L`6)K!pp9*8PjyjjTiGs<0_V zsBve6>ErG|KMzz=5hmTjvQ}xegsSohhmXLS!0#TZQBl7CtqQp5_02z$)(F$O$l46h zs;{}H2ligRAeE9Rsa$5!X!eG*{P4IM^bs=!f-Vn*pC~E>d*mBUn1l5>mxJYbi?(Cz zKjg?V>kn{XC(D|#TFrP19Rj`wYmi-k)ZVNPmH%FRDt|r>w)!OW@Y1%odY@rq&s$fr zdBjn(wa);)#BSa0l&<=Ay(&?3=az9ze2D;vfqtST4SNtFl|x zFYGhCKrc{<+3LNV!uTC6s4hwpd^NcLgtN;(lqsT%+2>*R>j)v)i%93d$zgl6z=}jC6ZOhIvm3`)E$CBy&xeb3Z9Lr znn~niU}c&V+augUX2h|Vj_}Si7H~KbNOo8@QO4hAtLKukKdl7luXwZ9pGC};NQ9Tv zCiU|s15gpZ&BGB>b5V*iW46SxzfYF487Qf9GkgU7y2`{T-;?ROQ-P_07M1RKM@oaG zA_s#`=nBGmvid7NPYqi4NPl*+D&?yK;XP7Xv1qX!MIG2fMjx?3x2EH~lAtDJ$jk_M z7%FD7lRL@VGq~ug;bl6~V)ziM3^Bc2Y+mLOPzotLhP)-FQ5+qm1t5_`^H5y&!<&ZN zEWq(V9cfiOV(T>Or;RB}A|&nE3}!;a*ygPMx0e`)xAd<~q85VXP$6p~?SSBMvpyaF z;)E*8bTfp8?z7TzR;?J{BPBrzIXV^Sr~|Cezd-vMIOv17JVg;x+S-RWO?$1QMVuv} zlG=yPex^{dQCscYO-8s zI|hSuC+hh9{eD^wP+U-ji0Ehd zE>9B&TVeh^t&vY!%Gx$RRDvr-#7U-W*W<{&(xQj~xh_^T#!D4`&2Dse)?5cxOOa1F zTxDBu#4{9cy>9U#x=_2v3-c)$YIIaPNY3TJ;E1jN>PKNFEn>f5K4pr-SbUj7U{2c$%HRaj%&q zaTyl|-m{dL78-D>%fhPKeWDvcTrx7?1*2IhY4_kh*NmYFgI?vRJ9A_bWU)zMl)Cnn zK%f@kU>>TK0|rcFgoZ73PQ`34oB=Vft@L=~{Ot9zy#6h3cuGX2oSdp0+zwwR)$>}d z&XV%T^SfX{$Jn>FR@wkzf<TDQ05d65Q{dCCP>zTTK_NQ6*>QAtwGlS0np@1;39#u!K>$$G z8kRO)vN9G@Y<0?ZIE*O=oRdff6F#R#Hi4K2KdLVN*cHzZd{T>6!BtV0sz~Bbv$*mw znv!%zfbcY`uS2}e^1`Q}vdxi0Ygk9~YjyLw+KF*re~+?1YD7viC4X3pD06mQM03{v zC>o&n@&F}bZ2vEs22T-iOy{&gJQL!mfPJ{)6=BLV1WK^`V2{F5@;t+v8WJQizOF4TSX*Uuv2+1 zit(v|FXK2ZosWLX)1-Gt!>IYS71w}+q6}XKN_mTC& zOM*>u4=*4Z37P4?K$Ff8z`{=H7;ar<(|=QTGpIJI1}QZ2NHB<2%Njt8l`~V@j+ziU zjkbBpW}ay{fX2;Y*}VWz2CFEr@;7_TRQUpqS(IG@&8&Brqm)id@bM~l;ZM3E>J_Utlb zQO2gJ__51{z1N9%%_8wI*>d< zN<4m$;8^4|>Hr`jdDn(jah5zDt>HdO86}b!-IeqCe1et#!Cl zBe3$W_D=UQP9MwpRpW!P%(&E@hq(G1s=y)d`pM@AQUKR%Z7J1ipMCwX>4b*+J6Zy)Y`FQH0gbPqNv zx;L&6^+F^A_-S}l8Rle1=;&VG9`{S6BVdhzeTF}VFHSZkrT?cq}%*fuG52_zms$$(}Czla7L)5P#z{KuyAPzRsFST<31`I-r{g50>N z=D$!MeEmP1pX=l5zr_EKZzNgjsK%wAFO!=5kQMym5B`7opcizK8?xH|Nn)wvy76y% z+p@xC2MhOwW@F32xUbc4Rp^wknKjvVcIgNQZ%k7&2C<8p3Q9AmJ?6B)%SLZQurwaE zPQOvO#@~7{Bs^-_#5HX>*E-^vxChD9&2ovUU&J*miEL0ETswiIbpWiNeQIrfq!nPE zVmq$y2vK1P)1|X;g`UA}9`&TP%gcdV+wWLvz8Mf(+slW6njJQr*rXM5!fsjnEH-f> zW}22eyU2g$IbOF~FY~jL_%GU*-m#tZijxh!lc@m%;j%e_Baurci4ugnub>E8wMTco zJ`4VBzd;?esw-gpdT9^De7bBENH%fIpg$BoS_{OzW`Y?HbF4X$tXMoYqKjgik7J(` z{0OV77sDtkCK*3VHj07$pm;RGSUgg2*MValh~s+wn~gVT=;DQjGnwd!bZP>_)+maZ zK2$ccgoRp6&h|wK$B_`v857SD5zm&7B@snqX$AVG_mNHD@$dLGGF=zrQJ*;@Y78^7 zSe2WHGkEniqBg1&=j=s2Bhk;Iu2U1Pt|D;YiFB$Y0OuYyPuDmNbj3e zOcltWxTE`Z{Q6m$ zvp5z(*_%R+))5fheT80ObO9_|>?D`|7Q`OA?WWwN!Z5ZRa3NZjP|F-3;m_CU)hWD)F(t6daktkI z%r_u*^c`mjO4ex4ru;X z%iqPl3XH8H;Z3j&-rSOcFq)8n>EEsgrJ#JlT3)8hOQAm54sXK{H$d&Gi}e{$(gj+` z&=!sbTaL`FcE#b%!#=#O!+eTUqMdUdGx9&S`|v+Gku0psa-iNIKshl0T_&o#EimaA(b)Q&co_cvEj9?K4!+gT0mM303XB`dxXml1;JYLWKn; zK(<}%13I^!=fGaKf>Reu6pRi{OtWqdau#@^HWMjm1ot=w+AcW@uV=R)L;lVV`}EJz zF$KXRQ4PA%5UDktCglez~ z0FLDu^F64Qy3QEZ@>Z}?w31B@eROY=vRlxmXytHHgAGIOF_+(YX#o^K<b-9g^L6I4zHyJa^CGH5%f9c6WJCH2@3@u$2+^(Kr zh(-dcDXZ}NEJdqur@lu_og@_u3B)+#?5GI#-*&?yFIo89pDx1g`g=8hh=V+)PD zh8!ivdNz~0hA=2GEhxaPukG(X))Y*6E(*2e`md8eZ>TosNIGMwD_5jn^wRq+T50J;FQ^Nir<=LibXN9k z#8f9OR)?|jWDr}Kcv2g}{yL;q8|D&QrA;?_jf?H9@DkYbtr%*eg>VuEWQFVU`x{at z66AO8njr1;l(}s?WtKKpdCo?++BRlUwp=K}!uk68?aBLH^S%B3=tTWZ_+9roe1w0> zkM~{Y_vjpZGfq3rWJfG>!QaADgYxoKp_G79PRRH~Fq$)~^n{Zt_lsV%XvOx&&)eXa z^FZ;?@D|v%m&>iJTF;sqCk)*;%g!Rd%h!n2M;WNSY2wdtJod~!1Y~2^MMR!7V#P^+ z0>NC%m)+<_2A#oi+1rWX3 z0AN0WVF}2nTRxv-QP+ z^@8($C!q~AhX=P8Zn^spX;0c97$tT9sd=y!F5)xkr0gAwbiN5@Q;1n(${GfCC^()N z6DJ)HaR1_V!-^b6%a?F8YGoMKRQd%lf|y6%Wt50pdrnVVb>aXeUm{0#MmJlBKl0GL zwQ|J71lz0N_Nmq0h$8!Iln;W`_x>C6@^B&l?sBrhU68`fMPe}sH!3IL5QpjAnWb*K zX^bR}MNl{!}Wk(6X>eST=#k_~Be86Xy-%o1+?NcR+Ch5rIBh~R{R@hl2P?w7pl=Ml0-S}O(>H% z#dJ#ZpO3kWOiA-}mlXZxDWp>A?ME`)1^SiWG|3wYaI8h1BgAFh`k~Rch5TqFYm-jZ&sOGy3hhU~GZWcI z^!E^V0Doi@P9^X9d#T;+L8nCBz3imQ);S5J#V1Q)m*ZKyM*cXGGE-LK6k60meO@+a zav9SdMBRheD3vV9z7H)MhRXQ-+3A1J?;Q2`rjGAh@k(g@ITc2j(Z>wjvcj}^*J~X! zs{tB=kGz>91|tJngh|0ZHQhcy?Q<2*n(5Mh0?Zsm?ZC&P{+kC55OXk9W-GyBLGRFiq5G9uOaF)q5UR_8Ev%*a#H zSbH-_c$i48`ZWoYnH=7tMe$av*py-kG0+R#9Gz3ccF0J&cL~)D zCwur_@p;1{Us9uU#6wGIP5$c2zvcTIpsBV#HG_&a8k%`wIPdij{fnjM^u@tEC**r%+;_et&;}Da= zS56RiETI%t7*h6o39r;%%X=^?C;&165UzHX-Q1aEx|o3f0ysQvosOHYIMbeje8vZ~d91ogp ztsIni@mpyMF(xpr0J~wS#|1W1f%f0i}*1nH2!l1{$@;Ul<ZhJm%wMe>iR())ODDz6BUfb zw^*831f{n+Cm!B@s52l_(uWCQ2uY2k6m_hLjgB=BuoSJ}wC$g=M~%a$R?*x3M((ZdF)|D^x(t_ww! zmP~fJ-$_mwlD=+Z2G0)A_VFIT+6VeEjX;~I_v`UQ-A)m!To%{b@w)`yb!P_ec`Qf= zto;HqZz^sL(Y()6u4NLK01HrMqi5@~<}AMIDPX1twB%`CmlI7ORgR6ygJ^HKU*>Xd zWV%=c0Ay9O1;h#HWKwkZx^}y-WXHSmo-SM7+s`uB6>G+;^D?T~0O28g_GCFbv4JKx z62HcE7WgB&(qiZLw-O$pWZ+V2nfO2h*$1a3n$FIC;y&AB3im6zNMku}ulHpv3l~eW8ahydUJvFJ6XO7k8xz62VR?287HQ1}dlx6QR0|$gp zVx;X`1=qlpMe9q?rt49=^(%VJGr}4m5}UMfBG<3BuJ)QB5?(Bxng&hQ+DS9U$KZP( z(}v#VR~uV}=5H(iWOHA z_7))cm}>Q+QBd(nT4m7`u}cmaQ5VkMZ7hC$-6U@`4o;#nZ?=`x&w7Pl3I5=H?Ve?T zIL+iUDi!Nz@MtlYb(sAE6JQLre8zqN(}jP9ww&UX+kp@!?!=mc4k(+ zq4PadFQCazs*;cm2v=3)CpgdxiN`~4*fcx^gc*k5!R&uEoLAR>_Of>*O?G0?_(WfW zR+3Y^SqF0-==orJeM1)@wv`@lPy;Mjw zj70G;`F2kU7u{dZGms^x^!oy*+h%6+}W%Ezeu({larG}x-f_Vu;}8?m3e;Z!QK;?cL%|? zXAt)U%%OLporJAN`V=%299L&bgPi^O2O40)?4qJCRH<#YYn>Ox0S}8=0+-;#u1#)v zYTg=9rykrYTyAUXu2wk$RbMBd^j6Y7i5N3+mkIx+TUywl*_WlLW0Nh?R|mE0bB^vJ z#8&GF#OQ$>$%5VOEK7FTZ_}&&1X$4SZRxaoS7i9d60)8FlDN3i&8{0LQBqo{U%x2I z6d3{(|1&n%w^Qb-70O+Tcki#MDJ0R zhnf#w6;?dj2ge4}9Gs3FhJsVTUki}E_?RX-Hi@pXI|By7a=}j%?EJlCD7-)>>w3>F z(Z-=xIs`8+-9!YuQFQ0}x@3`wh1R3-6$w7NH@hmWaB_(VRzNd_3|!j$Z+6yBLGqQrK_t19 zp*`jxL^gKv=U@h?1<4nkWTSD^sb1Zj&0o8$6)hcb*_;RpHh}#JhYKRWE}-HLwyxWM zuc0(2*kbV$Pf|A(T+~GiF@YtgyiWVUTTJT(eSB9}2Sb-Jw*0pDV+j%coC@U`E&pEu zDks(06wzNm7A}J0id~PM!ck21L;Z?XIL&RSG4q9jrgXbKsLu>gFZ8T)8Ro}`(S<#$ zP-#Efg{-Qc#m@MXU|W=1ydoo2XV(vkQ(KNREcD5iL;WRrS!tpwnjPh2ZJ34uFla-E zp(y`i&ent$G~vp7Q5>(0M0W5XjeTcBn5ArtZ07K3DouHNu#2ol95^r&k>l9ox%1NO zkQQVjpAui^K}OETu*9vRz{4m zWK{ZV><~kFz?>NkBcvhg7I*qptUUU9Q+r8Grk_)la*wAwbGG z^Ur&oIwodKiHw!QwK%)kz*YyiAySC+Ot#;TtTELK(kw)ZBJ#eb1=nn)XtFVYIs65% zUPH^MFEYwj;#A4TNJLfgB4gwawMlKpRx6gM|4u4tuPpHV@RZkvtv}d*`|te)^eajD zy@&)3*YKb{{%rqYSV#kMYJ)8r!)zQZf>Iaj#n3G4kdO2d3#u^JB>j;rHgYgjRmG+GHWhmP5LVEZOz zvGMAGCt?;dgIm7^xv!~ZtAUTmY+YM- zT@r1`h1c@PUH`43SvQ8-{K@M{>Ltp3DOkxx3YU6wrEqe2y&Ybf*fqnQVr6AY zy=glL7k6+}9ky-ChQ4Y^=6Y8y$RGC>gad#a#GN`wLh{pYkSJ1YZS$2V*^ZUuWhwx{ z%62?ay~VIlpqjkA5+#^TqqM%OG z*X&eD6P~Xl3h>^ypRDWf>e<2{2)BjYTGs!*p@@Cfo6@9RHf{l6{03MKA*cDCR7E1T zXnD$*))XNWby+g{Ff{r{+LJs}h1{t^?mt6?Tw}lY?!O-l?$6Zl>lVV+M{#XGuOWgW zA3X9zrHV?mLymFm#-L$8)WkB>3Ga%6<>|l_DPb181}B0}Q8Kb-IUGWw*dz}&HeCCDB8tVC2ijiDS5z@(r0IqYy?!y z1lyX0BIH^~3+Xhp8kH7u0z5H$1bvhYhq}~5g{ZG#w^i7_zLNJ|V^VjLTRv~=OmF$= zVBYqkB9GLI8nLyT7UZ56Z^?Bl(>7+W?0$sHCL+&6)hJJ}HmGVq-G9`j$n|HsEixwG zk{9f=`rV5edGUEA^*?g8k}rH_lbdag*M<;o6JobyhEzYjQoXz$s;63b&nNI;*@#Dy z3Uqxyj2vNQDKJOH!E}QIAQ9W56k9F>9!#)oz!q@3Od~8#a1~OX6b!vwCVCgym+T;h zIM5&SXE^X?Wg`J*M0HckST@z1W$0@m>0_0K%f1sA^DMTg*O}E%UZ}ESFZ3#{M46x*26yR(0m9;=FTosXhRSnu9=_L$ z4a<(Coy_5($|ZRL8T?;-K`BpyY4Wil<(sS6nMUstxw*1(zU5m<+vlh&y)ZU??7qC% z(!YzGT>tUTbmP@mnV=`6U$wL6xnVl(=JfAX$+YSbQ>4#6d#JtWzmqGfC@L`~aLqOI z^;xL*#S-FbO?o%CW=5h^h6JSk+7HR=a?+o5M=tR_!2Y}?A4JY(uu+NLspemQEV*JH zu@iBiXwLLw-Fmmx_AL;Czk$2W(X!0M(xNk;+OO|F-Hhng_n&T_w@agxzeC-x(c+q$ ze4|SQ+)%9?3n9I2VKp}2iPq8OMr&+OnL~fT_d!m<&jprjH|D~-4b=jNY^zLx9|;y# zue9&@E?8NoZlfk?Be`Pe)=A%5n0HO9{en-=u%zBY_+R=Kr53?xz_i7MF9AQzbNiEz z=#KJ?E_ue)UZ2jd7MvV6pw3U; z`k4Keuwt`{@!?&vV)NZy*MO)0M!vhN^}=Q!d7@vTyAq9kXOd)m#hl>1@c!D0oGVer z*7b$Bf0%9Z-n@y?4~fV!mRK7t49t@D@ZZ37f|>icP4s57-{M4{f4aW7dVjsxroY;V z$GH;oO0qdu?(^u&l*fgTz)kEVezb;t^1VchF_>mF7qFC+LZ}%jsWIg{#Rf4~hE6(PG%2W|cfMtHsND_W|vj)w}v#>*Li-r|0;A z?MVQMw-O~}zVGq}QwaY8_^vL9xZ$_qO zrOtDDw-8nJo;niJb}bk7*@MHk{xjH~3>dT!MU}Zx)qs7+jvskg8s%w>E2|MATahxd zezd{@{fENyKt3qUMN@t?TZJoiFk+DXHuQT$Bip1hR_#Ae1b^nl53ZJssjL6u%kZOyUTj%FNb=}Tk5hUq9Oa_mP@Zf_-O8?*p z5{)=mu*DrO*kTSDY<|B0wjN*Ck^#5)syTHbO0bB^(T|%0ONW};4KycoDMeN(B;EXI z#7-0^L8ol)IFL9snU*L5VIP;t&@Z*jhfkV<-kaWV4kHY@i~>>SVVBW}>gnImJ@LeM z#E5nE#lZ~B)lf7{qhd7yF?bOBG=5*KOuP3!qeti>CV9*i?Eh!)>Ym%SvHg9%e+4Fe za559w?cPqOliBHvV>`W`O5KqR=CUyod<%*7sWUyekrf1OsqV2 zse48;DR2R5xNX+AZdWAo5~992KT&tJVjT86gEx`O;z_oVx#R$*9Dq zzm=8yxz}hf3f||5*PAnFYMQGXW)Bq;E8G{f$NAu-pmw{71KCrv!X;u}j3jtnLRn~0 zW{d!L04DVKR64qQpVi%)c;PZvwh$~vh1J>19o1WX*kldd*-W|ufnPswfV0vI=9vf- z8P)XzNu{l}`)LUS;;cvlalR!H{0jY3C?2+RINP*b zt&}6x0q(^>z*z;QcY9zNoRwOouLktJKm<~-b4Q6zPEJoxPV{Ypnz(IqKl>4pGGjSR zs&F;$Y0VpXa9jJ>ZR=Xs)m|}#?-gX-;)oBUpll&`{=;4euRU%}4!&xr!Qgo(&(&bF zEQ&vnx60+Ac|y@^`0zBV+PCU~(=}PMdK=y%v=H%fN2-$WMxN!Ct^ILMb<-aq{u5n# zk;2ALF1<6BQ|I0QeDFBhIPKe#Z<2C@Hn{eZ?&^|skmqzmc^vEBh|fbp^#Rxw>|Zft z=ej5iBs;5my32P_;NB?>*1wcKw02iCYsjcB2OgJr%_EYCJyP+AyTE*k3(9~H>EgYl zQNjCH>e+4tVMEpxt8u+Wxw6N%+KYkfao}N@_~>LlPDUk>Ey-!UZ~Xq6QxUqRcfH}K8@w%#P4xaVxT^brV0;YhWXrXFjX{>ch>-s zz>>Nj9Ro0sO|R8=-b&?8)l4Zb>|Wl|m_wf%C_~?j>dpC*7Trm&k?Bkax23wvPnf5} z)3oKJo-JFNA9R8ScH8?bVxRqR(cNG_&_zwq#R``tDV!s-2bMVIP<9~{0|<%-Kzeu? zSy0ajZSz9l0gE;o7|?o5K3t#%*Gtlf*HPK77sRugo)60I`4hXQWne)k|MAC7G~&b1 z7(KAM$RB79Avzqr76RWqKM2Fa104g@4>U|U#$>~gY?(?IqT)n)Ed`HZz>9K4r87!C zCv+m0-$58-rrYJ#DdxCx@_A%R6#PZ2Tr{j%Ax_tA(cqG>mKR&kRCt;W51m;B`2tfn z=Ik;Lch4{htV}aKK%GNu?6!$REEAV3YG)=d82DXev>VCL0*iC2D%vF-@mfDwY@3bS z5t@30LKzBS_zMHc-3>;Sp`28t%q3K~ooT+cCmTPhhm{xnIRiYLJ?`pDQ)96$t;GhU zJ@oV*;nKH}96nU%#UG)M22Ao;L4&Zz1t+@>?Hdi@)4%WLS$R>o<3st}fIaVtD4ya2 zVMfqK(~@Hv_g5L$_joZ^_XW#7M(Ct#%c{Y$BhgrP~yep zui4lP=L&35(Ga)gD5gP#W`Y~clRyRgh`O9K5DzE;%GRX85>9mXQ|Q`JwOPv$>Wpr` zWemz#$!SiM^jwUE#6q2N;HqEz?YC%@0P$$A&6d=s1uSiA2l(22?@S^k>Ct>a%Zyke z$w-LmlbBQ@P`h?a z;-~MZDZu71%l1-gX!D6wBPT;om4QclenLe~vbukhu%2wx{>ljhn-up12Zn>{sr6F2B zaf^e7@t!*=<#7m6C)e|f`E`%T3qI?(_4R%@($f9h`hHlTF}MEMfhe0iU9-$qxH@l} z)g|Q_+mL9ZM#F|F*E*uQ6F~~P_}}x}SPqexZ~|S=IpGNw&~Po4jDy$lcp377E<@z{ zdFdA*w4@Ei4GZJ|cD({EZ`fKbg=;N9UTn+5xFgelB0D(3R9aUVrv`1W7l!#3mE-|_ z)q6VWxBsq!XvJK`#ZT}4?p&k%WYV!!lCDRhg|3r42GblK2+==d_a5cCgMR*Jiwo$f zo2mY%ZZAhxMvu1c-5cWpXgQImAUx63xa6YCV}YMe)TP%6dfjAI5cTOmA@NXI)x#f6 zDE#=ZAMl1q&c|3sOsAr^@>TSa@&+O>L6#)Sl7Z2_o4gWT-%41{>R&j|>vwRTX)uyn zT5rsd;YF|~y>7M@&7`SzcX2CaaP;F3fS&L_fBWHE&tN`PqFNy9_fc-<*gwBnf%mBE&ng8qK`TMJniqk=c5CFWI=LT}0 zsIT~yG(77A160P{%-r<&d`omQO6HrG(>~RQQ{IoX{1KdB+QUk|bhA1{XK+$Wa%l4azj}3|N`B z5)UxK^^r1ywi{-8FzrY1NhT_@_l79nP6?j7&@c3J{YJXUudnZRpe78jn9gbJK;0jF zkC@oQ=uvj!KN54k!dCxu`zN#wn3=TKa$m8AmC1qsw*#+r*Ec+I0jVj)xO>2efH=+} zy4_J?-94Aye`=EI!5|@GLP_%IbeQW)rOfG+7p^7;va`dP2cGtNWALXRr}=)YmtsI4 zSRJ2~e%pDW7oniO>*tJ(srX;ZDw)gcR;MXLw<&tmy1$tN=H{;nQZ2EP~|yM17@ghHWM&q{}D7%U_91i&Z1XSIZ_ zqL999Avslw@>@kdvBuRX*reDJTxjz>mw!4!|1Tj}eiwW{Y76kd@()7odxVaG@CTsw zJrYwPiX8}IkJM;zVhcX}1eZ8!8b(e84Y03+MPV6u*$L91^>2+t=xK#5VEJuv!OCSA z&6l~s4kS0R1l!8%ERRK<4bWkaG|q)wunZlR7hC2_d(-VqErV#}X$ZQ(K^kmN1k-VZ zNaV61hdGa4C-qAT zv4k!06ce_@kWJVU&pn+ooefKMfQ33i<{)3SrS0nQQ74G?GFK-`OWu59LFS=^c&ptf z14#$AMDyXekNYB3| zd#1Y2M$FkD6QlEJ*s^n^N!u>iDyzUeziqe6s<%UX7d5<*C&9kzZHS96axdxnIX`YIIh4Xk;pO&23Z3W z1t)L}IxnT0N+^|g(3V&R!o-&A0EvCM2yNM`JJJ+5l*ClnuUfQ@hK@$<(Ws3qe*vR5 z#HE;MgLXjC##j{-WbX1Wj`Ay}n6;x!j9sS1M8zP;$r#DG=txc9c2jv6ZAoWjOj$}o zUyA2uOpx4VaSXFGrszj|@;TbFpI(;C@n}mN+hd|0;c`Rn&--Z0p2}4M7o_u2Br9ZM zm#DSi=Z8#`8OJ7R%bwks!Z2yeVYwzJHew&mGLnh1U$X?oGSy-E{BFo-!4SA}05_51 zJ5aa(Uyldq32*mRMrQzH(Uz2}{dn)g@oN8ZuJ-4OtK)dDKiHb%y}m8Sd;Oye(|wdlB+fqSuIcpm`3T>jAJ$Vx6(M`S`RJ1b86x`y`XDjc)@lm zi7ToQ3l6 ztTWZoQDV=z9c6^8s%AJ_5$?1bbYPWP86{Kay#RTnRDh*ip(hnvRI^5hji`#pnV+4; zf!PCQn`KfZn_R;fNKv1~>Zg+c?vY)R|h-(!8N->ESGdjwp_X z?hnLGa$AYNeUDbGt@){&1Noi&4D9pRTQZ?oHmD$&H|V=>(VCX6Pz@s9byV{ozK>pR zu}XQYI=&nDpjK4{pyx^}SG!6m>(=>wNqEq^hg3(AJ91^i4!qaIYPV6^YUH^e^;k%W z4W*E(3y#5W0~PqQWs7YSlT-drc(R*Ju0I?Gj~Z!khs(oaM-4t5);^ZPnvTpHl$N)) z2DO_u%Ls4|Us|@fl7Za7kR3AT+KbSn`&s7?`ZnLg^FqYv!!=n_-Xu`)z~kNN#A&$% z%7k@WG_)#A%RTKiqSRUEx{R^oo5TQG01$hDYlGM3_et3RQhzND(+bzvbgU#L=Wmo> z8fV_{H-&v8POcgkrn}q=+$oc-Atf$7w?JLDihLNc2OUYOn3#IAESU2A9%r9PnM*o7 z=#qR};?zCdFbqm9Q(!Q3Xq5qC!gM5c6X&uIAxb> z3ttDk3^e>TUdGd@2#Z}VHTjx`Y29;)e6wN?vxd!DPG-~-_!7~I&txmUjcvz2;PH;R z)G&GRAU_u;{-^hs;+Tm+ccUDgktRFKNVPgsRrxBqWz9<3usWIn?;K^UC={v&yGIwK zS{Wga-=e2NNUs=+MUZx;ym(8^cxT}2Md}9g)RW+a5fDE@_Z${j{$#FSkY=cJ_teFa zSAsn~eC|({(g#uK{$J%hm3ru53YR-5uV|KT>lzjjLhN5u05hZbdXK=!gBnFne3=!`Iv9| zuZwo-%w+&`oN`buaYG((G|RYdN*7by4E_1-HToGOP6Ju3Spyo`C0k<}&7|ajL%Y?w zHR2G+6Q@wX&H&u8R@hm}0y-jH9$2ZcI)&o|(xJYV#72!`z>#Gysu3q8r}7ra2~JS_ zp+G(hk-DIG_*ULWwxp$Aw@h7W-eaFGa?})_Ra4-+xGM3Y@Li{MH~s=I#iS$ht+SkR z@h_UsKT1b>TWZZV5ZbJ^J(JA?%XZp&f_*0eiS)Y6MRf`9#3v~^0J3UA%w;5p|GwsK zMYGShj=!AM;Y2;gT?u~svt}})-a!(S~kbT~}wuH}=vtI^oRjg_YJbG`rLwqrT0tSA4 z-z$N16lQ;tK^KtO@4?ql&2fOtVTh52p>Kcq{`)cT=23`duZHRaZ}vendxd(zo5xZF ze3y0O;LYRez~RuF1HRSNd_Ff<&*$L^XYmc^w|QiGa`*gsc|Mr~8GDi0cmdnV209!n z2QMk}&dsU|)YPAEH#XIv-c=}u)l`=iFf(rpg7PQc-L9`>6q=zy-P|Rct8D{W%EQZ)t`67Ou_pVFK z$H!Ze7tRTHbnfpq(mMBf2SQ0ZB|vw&XEkCA1s)sF)$M{gzr7aryv!KG1wTat`TI%@ z3fVu_!of{L)>Y%13P<1mv-3GrWrs@F zjZ9?daI_zl}WhM6t9LBx%nX!IMt#=EOO*K8Fm!fmlcP#d1MMBa0w=(<2 zzTdTBz=**`!5*N#_8bg!w`>`t2+CX(Dhz$)O?I0g_oPNxNnXWYng+GHTAY){oovF4 zE+HUY{H-IK0u9#}M+>sT8_L=mY|~y7 zir3J4%t?-Z!6jaT?fZIu`~H_VVh987jqA&yTShG(#NSNIPwBNW;TSwvD<@{y=mX1- zcD|e7+b2=(E!@pIe?)R*TjliaYFzeg7tY~xTk|(7GIFMNdHCuO)8s37g zWWI2Isw4JSxe2jaYWsk7F{l+UX|rkt$_sLM@F7j468 zewLFBDb6@u&TyTrXhX85t;rd#=qzL9Moc$W^3!$xjo6}QxXfqJNv^g#w!7mEriIWk zKM}DB;+@UE>k?!QE>PL77o?WA=lX3_v7Cc>2sxQ1cYjSwF&K(VVTDU+cjkW*87ZJ$;w$n>NPFpX&{HtHyS%Fw4;Mw zH!DJGMHPb9xXF~`RRZU-`psd+uPvudSm*so?LAOys$BH^UM)G~;K_q)g*V`z$q5&S zfu_@tR?#8aJ9Ns-b~m8Tx3FG2AJs$84a|$~_uZcMpG^IV&SV$-_u%uYlis1tclLjB xBxeelTz&!gRV06hn!1JaRB1`-lm9xFV>y;%IhJQB{~rJV|No*B`OW}x4ge-$3%dXS diff --git a/released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.203-rc04.tgz b/released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.203-rc04.tgz deleted file mode 100755 index c771f7a9d53985e251e9b0ea18afaf84aae1c3e2..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 113957 zcma&NQ;?@Y^Y7W1wr$(CZS&W*ZFf&|+MKp++qP}nHg?{3&p*!Dh~0>-i>%CyZ(Tf9 z7xh$rst6(>QGx!`eyD(G3?-ErjV0ySWj(prj9AneO;p${wN$v+71Y()fiAng+;Q6CDcc1;YI^Su@z!3#lX&$ro~AauQMFm-qUkOqu}_Y#HdtWX zf=JcnazS&cn8rSDZgQbd5$bWGizzq8TyD5Bn3i;bphJXxQ}T%c%xnOuzGzh)TJmsd zg>Bk0<^?!i)1Uj-lgEGU!@eivhmVhM>w9P6ru+L?U(eV3{k&sAqeS2Td+`%(U_V2=$_PY{Fcl7 z%zEFV=&6ZJL4{l|@kAW$(({5QusU_xvR@D7vrgW{s{l^B$*)9nxYP{g!nlbxhA_vmLlQ={M(nPF%M824q(1Ney<{TF4F>%%K-~x%*gB_XPsfm1{%(; z`ug+3{^j=mbjE@5H`DLq(%Jqjx8&fn#!{Wpmk@l`{k!Mw`r_*0r{?E<%HvyL=mE`h z;<#}XwvXEfOeo{9&|wBs9lhR3K9eKh zJ*?pZY)_ReV|&s{6?-+N%VZormW^a|+V2!}R{UJDDimpQ@?)Xqe#^E z`;GCIDJ!r~_Pb<7f3>Ql`IA;dCzZ?d+y5-_#2eUvcjM}-sJ0i4G-hY`o8DraxDTYU0LKxH?se3=UcqE z6i;s+jil$3Sqilvv<)LOz<#G)ybW(VC})hJhnIx3fF;?obKf$%MbJllG+9e{^nq+b zU8Rc`Anp0`$u?HRjuI32#q?bia+^`8 zxM{O3X}B6xHmn-Lxsal)BV(zDQjyK}^O$IM&gSXr<#q0-P{^1BQ*4Ej)B3c3P8&IU zv;!&RI4M7OK=s^4neF|?WStTunNA`TMT^{EUNbEllNPsi zCMq@SUff<>d@s3)D{62UG}Drc2}GOM)@gmz(T~yCCRU!tcpvn&%*=S@`Tr15&Ojd- z?pBUNft3V0>@0Nhf6=Ei^kmDD&%pO8-3Its#pG+U-BOrhH7WfF0l+afJE3afhSZ&= z$ermehJVHvM|rz>kCBW%Vm^PQ*8C1Wzew!1%uhaYv?K6xd~@`^YJ|=|qUSDt-c}ZD zKV~>e^kd(5N<5lB$tg>^?qmt2wJPr7Fg>S&Huef?#&&+6d|uh3-2a>72q@>o(aiXj zAB42PqLTLp>87u@p+|^pCcZDGL>A%f6~pY$*dJhnoE{sW@={I4`;5%=Bc`{h8T3D( z8vYmA8Ar>cX{mC0e>mi0B&QJ-fs^Uh@&0Z-ZfYz1Qr>;BzbU+?x`~+Ea($Bnf-G$g?||;h#Tf3 z(8}IorO~;3z<*2-LZNuHuZqF>3F%<|GQOxQTaajcOE6kED}H1n)tgxr>nHwj3iAxl zF>z@z8vjtVq?dmopn}JKH!$(O#geFg#r*RKKeN5~p!N1-2W0FhKR!p4@&E@i27frW z>{xAR76zJ6UUUj|XtNzsOopr1HoGs7&{7Xrgx#o0{l(i;zc^%I6+!*{7ZhCz(9xV} zY)Lvq&z3y~W<4oC#3v;#U@ns5({2J*jLyd zhUZv>S-nTZ?q)p@wz*JnUcKW_u(X*BE!6J{bmJsmE6^CN#+M@^R}R(6?QUC2C`H3_OH#$CzL{b<&3D1FlyLtb- zy!v=JqvjjL^nKr{urG z{n~fU0F%&Ds>C6N{jw-+++%-rm>Nt%vPUzitO~8ZrXbF<<$K<)puBS{c>nEAAR$Yb zV#H{P>+ny`S(A*Hg+$lQmI2!RH#mwv)miyZ&8k1x%(pQtv-BEcw8mET21Z^QldF}x zfN|6)MJuq9g_@F`z`KaPlNO($#=MG8HYBm+zx%GvcvaSPMMmkxj3Vi}RP?Ya_LZsR znSQT5_WU~eTmDu8sqJmOl{iY%Ei&Sp1mT&94ePMkYT}=C`2qmnQ<5(VluaT@2(iv#6hAKL7e_D)4;)3!wj#=+iGpi{-WOw21NCM6YW!>;2 z?s&KFBEP?Z(@Yg@a@-(ncden z3C=uHQ0qUaNe;!Vb20#vGQKM7Vpt{Gc$mH)E#XiLV;<5~`V4q>POU&Q%u^rPQpvFh zyFW&5u*!e1Suwulw`GPPF`VDpO%h@3cn_owt<)gx*eQDXUn?1v&k~cW0B-qjM#5_K zhoNM}ikHF1J|HLpN#;oUP?EcOGwlI7>lhg_P zEMpdh+Q!#-mZSrDA6l*X9BTD^XwibXj1oETH)ucNpvpkpJf3sWhuOj7lGqSDqq_|` z?>{7HZX>m#L;dpsFL56$P>ctuh0fAib9Ghpi$!+DfoC9?ys*bBdK1 zCE$LDc>}S%n75!I%J!ir!4$K3Jv@PndxKHekkU11qpJ|;3R<~aKYf(Zo`m60zEIvW8 zYl=fJ-oTduMuB{q@KC}QO~&dl;>Q*>F9-6q4gH9A0R`kTRBR-uNN@*LZNVLpl6`+v zO-vQI??dGOG@Z!;gQ9U(k4amp?5%$rtr+!fs32+bk-*$0SctgP)hD)^`_!?%r`}R! z^gpwt(^?NyVX|yN76Fa{I$6o9`q0(Ao#kVZ_ij!c!*&1G;I9k9LcQEbaGJ^ceJZKb zUyR}X&1%c$I&&Q*cM)m;Z9k@AT1F{`p+SRCa;>Zs?WnWpyfZ`isnHTtJP9+9KaEvF z5lSj@8R|mYF9i7SqfV`fA6VoduxH^O7h3zVfVDTi!iYY5xpWJj&cckZx010=FvE&X z8>=Ms4da2uavh?ndihj6$T?2`?)rBSj+pyVDo^0Tk*WAlW0v^02`a9KagCJ)0V<-2 z_$@@Yd@b;RXw?G1FtYI*qe_Lba8oi=3$a?;k5HURyuT@ z*x#+>BrG~~m9L2)8t+=yIPMh`AZI4ELKy5=H!59sp1R54S^ukz5BoGK&yqr8a@!lV zQhU0bb12vqH)TXYwT`y{N=6D=m;zh9)DR{+4ow9{oKTN4`MrPv)d!p)*{-YM>yFrU zGKoByMXc*&jCB7<9Y*@~D7EQ#?_Om^4qzFm%OHtO98mCpWeWEbRX;C|G-^*BLriY%ZoQ+v@1PMwj}h6^Jku{K4w}{E<}_pt%qA`MBeQ z_d9VsXXpEIVW7|q38pi+^{RRK`9^Wa%pH(Tu$SYYQ_ZTx5w*ip9Xvh6RnbsCxfO@T z5}Y1tnOLKFCM3)O>7~O%j`z&_}r?Xs2*r7}yqf!KT;PIU*d zZD%)2uM}?5%serJ;@Y<1fWPCRniW7}<+SpKWj5p`ku7N`w)!fjeRP$Hh z#?i8R4EuvptgW{=pW6x6)9NTyj2A6$0Y1-pUDr(MNOLFe`lJMaoSQmhBEQ?!N^)3 zi=JUTTG02LzBj+(R9~6k7)`>8@^ud#jq}ZT+AgbV^4>0`upp@gR#U36v~9 z%;syiurU%ny3)2guSxtn#+FHvSXSRSzDWX;RH$H^f|cp{t%Z)|IAB5RN48C3;pYX3 zP;K$i=lh8(6&|w$p~#vH)pj|uAi?WYwe(};+^W!_!?Jk3NiE@Kr7IgST-6i0jWNPO z)+^eq=R_gKjwmcSoN}+ZCwu``JS}+MeGaucv@+$c2$*T0dt#9;XP{=Sdc#{tKLaY zMOBoSQT}X@+sBGHw8*7da4UoJ)9GgFKz+4zCFN^rb`#chCm(*6OU~YJ`ROBUo_-_j zGqLWkqYp55yy(=f<b*%i;_|TbJWPhhk~$-L|7`>j~KL7KHaTm}u#|FUt)ix>I*=d%Q70(+<20 z%=7_Qu}u5t$uT#TA=NJPQEJCSNu9Upb}iSse9A(orU%Z3uZ6)%XFcj9QKmKgm2FbM z+pU20E9!^{uD%zUVr-hD^}mH62*K3BwFlCBlU_=MbQyi)($lhmMgo=CCO=jw#3Fd% z90tN|G#D&YAv~hb81~_yowcm!4V^j%Ntpvgr3x|Dt5TG;Cmn6|%#-(4FR{AhaVX<)!Pa~V|3$TOxBg31C0(4lJr2)UE?B>cx zVP|NNokx8R0n_*&Iwx%<=%oMi*6jYh4nPZ{@Fsvaj~K zX+!fCAk*O(&-IhET&pw_&P{PMt|#AO6_e?n5MzNgX{Gdg81F|D-L>Q>R9=_R=)k$Q z#3PP}t^`2Z&>%=FpEp)5D?Jbf>eG4CF!-}7dUr?Q-~spFOM`1d5Uohh4n&CCQ}VZ1 z`~0saXDCSYK}3djU)O<}U-mn3Be|dkQJ%2;cf;TQ-LoSBjz2Kbzc)8Zf2c$VL_$A* zZ`0445Bi$`8R#RLuuj4s_;v{KV_RkHbuVEOz&S<{Ui#iROCZ9tj^0>D5j66MMBh$# z;xk1{f__$8@|lHq4ZqkncxBE}nRwWl|9*J z+y=cvG<%?o!StQq=M-&B`=pXR1f4oyvf{E-n-VE@TnzRW9L^ZJSa;aDH}J4nSJ>Z-t<=ZWQTIS`5Wte z^J|UZ2mg=rO>-Q?!49b7_10-rjQ>u!GeX=a=1=!i)ZI;!d6a*w&L!p#|8UO>pYi9% zf4$hdoBz7o_x~jS_4K@lUth9|{wMsW{->d<@kxGt2}NpWf#f%csX8x#g$=w3<}&^g zy3Ja+4qjI}prA(X-gwlCjUzyXB4A8!Q7!T}dGb__jN9Qr?#}pihzTVi-X9x(YfSoy z2^Bl@{|I{?qT+9>7Vt>+MkHUEkh{HxC0~zO{wx1&9u@4LF8MkwFjZ=XLDO!q(O{38 zx}#l{wXrfzc_Q4fSf816l(yO1j0=i3+K(vW4syVwl=h#>%nR$z9$qw6CzZZ+`RUWn z#op6*@a1lJzPx)flc~DuESL&BQ}zVl9T+<6==8VJgsFSr{>G>z2vB+g?|cq^^%r$ra?j-$qb;C*1KS3EM-&{uUaO@|4>x>(K_)hgp1Y!;=2SF}UZIZ7CDhQM!_ zo)xL+W@Ev7P=slR()>1=gP5dmI@gS|@W@;B%3NF+q8J<&Z9pbWIDj~B4qY`!1G*}5 z@pbk{eikIPNO+|prnv%^CQ8L+7u*1-0`^^{zJl!W!)fHqqiBgNq8+#+8*%$1BciJzWZ+ zP^_y9Yhi$gvJ;wcDnKoS!O-17K<%5&sQ&#@P4d+_m3C6J-Ptc*2x zGv{;k&qDA}TfA}SwYe`TCyeKN=l8r#G3{Nly~)9CCS~$KvWe!`#8jmP65;l@(<(&J zl}fV|_l3Fin9S<_V#8{Ys$_M7v@AZ19?@Jm?{iF+AM=LVE^PCWOCCOae;OOp9TP3l z$u4A`qX<3c@ePFVO;8r0Xew|D1lc5wuRudP3+5)yO3LuN|BDh!-slq<36*t9Hc_w3 zF7ZD2q9;U2o7T!TnA!SpA3)Sd)s{5eMvkZCKvUT-Ei4z`B2UiM)7ka?uoMT4`;?h(g z;!3|e4>e1vbUE!Uz0DKpvzq>Od=lAmlG1`9pp&T|#=1tyhwk!yN`?!!7uqMLn#rtT zGi9m-pj;oT5g95K_{$isHx4%^Tje<)V>g)uS-_o5#Gz@Ac&ylbiRplNoXBYI^K3r1 zhs8lw);|3F`PP^vvX7#$EI^4Ri)tJ93`Z_nV6`UCBr%PH&rYy}nS;W?I6gRrb2<$z z_{Y^Xg*-{1eu^#QWz8TX5^Ny-;VEBPKb_%y@?1pcF5d1nYtXcjiu*%93dJ;zp(NJ2 zMgF36x_fJlscv7CSghZvK;dxRiPX*CiD4=0FT!PbRxXlgPC(h=AkvDmS<97_5_tgI#d5L4R$@hnp9H!AO!ejey)ju2-GS2`{D!58@DP6l`w zmF3bs0{&X%@_drJXGaCOS3C<9i};68mQhz7Q}(LG3fkq`n=C_h49?GdAI%?Flb|IoT-opI4ll7-w2+_R=4TC7MVtI@ z2f1rBj!>vLRl;Dk>DVi&Qu^(uic+5vAqfBL5-yLkXObSf!ufmYKk?vSDqOSwDmbZ!#SUxht*;^{sd8P10-*P0OVoAPSj%kAdzkieN#osvDb(WK{^dR@kET*1J8%t7QLs79WsjG2;o&+%3WO=;JyslPgMP^)42kiNsc>6v$n1MS8_MGFE2 z_)pgJ1(`4Se@joL;eTADRR^to8`66XA+c{jZ@r^mwvsE=LAz51qe$B(BcsycQ7l%Y zRo7nmg36;B|H{DM6syIawHr2)n*+pK1;N1#y4X~iQ0pPZ9=_W*V*GEMK&;L5tE-Sp zV1xe%O%rY-Os|fLrE#qSH=x3dzb<958b$dn3^U-G*`4ZQjOx?{7s2i;^Baj)j_lbO zuXxZe7i~2Q5}@dTqdQ@U&G9S;e4=in%eZiK%bJ|I{Qf9gMD?kcI5{iN&&S_0qms+w zGwPqt(!z>JcRvH3tYJ#oN%6gd>w3(mZ#uV8q$+iN|CHy%@hz_I8G}? zrO#$ItaJh;b8#MWBA;ibYx`HTt8A~|){q|@;D%O;!Sw>NUngC=d;EIHoZpsr0YTT5esA)nj}}HyGHli5s7QBN9z^gk#oT zdCF%3?c7FPe<^Lodp28~u>m@FNy<alZ)KhbL_7DJO_th;);y3pAST)2gCS1G%GtOncyt{{ zLgO10qzJY?swlWdowi9!sF}#cE|*)F>jOxl0Wo*eTZ?>yzD$y(cr^2V(h?sodYG|k zKfgo|e7#=it!`W;LGtL`KhWytTQv)Acc)7yNEJ$8DakBN_L`L{cn^zSaGZzoJR7)b zS&|FLjW9mthl`5J*l1*lLSM~4kf6P0lyfbRuhv9RJ?)4Y{VlGMQjE%IvdDDV4dxd0 zaq~}uR{ly-ra*0BGA$%o&~B@cAa~bAxL|mTI=F}n&&nrw&wV%%JmgqwfXZdR8_A`x zjzxAox$hp7!#$c*TcAxVT-wMH$;vS(l(91Q{r>6U=~0Z*!RU59mWUpjF-})iUo!@f z{?Qt^x_1&jik(kzEOoFp;FluCf{$z?srVdo1E^m}61p0v{Kx+3jRaG&gjqt$pm)(@;KA{rUhUpwgXCYs>E^k+riuWiG)R) zwy*yVURDt=EnQ|wWc;qvkjixi*ZqX5sgIYbb24P)0_@%%d%1pc>B$Sh`@;Qr=a*OqO`F3q=Qycml+;TZ31R zQJDh={X945U!@JmvXGZ~&v?RD@FR!UNIgd7ls-%1qg6EGl$oGClK%Fv;O!P1O)qnG zkLi2<%va2rh`Zh=pk^oV@;#3$!dG*4`S|i3FV2OMM^dUZlT~918&@5TTy<|d$Z8i2 z*oIuHoWT~6O7QvFa^Lac7@|tjPj4HTgdcH)Ao@>dO0d>Y`*PiG(QL8WmyJj%P? z|EI=%6~o+y9xalCQ5}4sKD8lW)x3sgy#0&;)7X$emsF;v0H*i}Dit{r*VKhk8$AMV zgRKFr@|2TYewIEI$_Gy?Z+qD$Z#rQ=zRoldR!B{i0qgK@9faOr<038S$t$N(V83c9 zdA8(6s4dc^LB!3!vavBPpo_wD!2r0-i6lW`Vd@)^>MAU4hrF-tbs}CQO}iMf44?0h zB%PEox36R^K&q&^Z2y$cMlGx%jT+#3_MVUHEtOy)7R1~TUa$&jR}sb;60H1L?c`hV zOER4{!!Kn{lMlN>WX7TrKYFR4uKfw?Kb;q=`inmgc7=rTlSQSSXSZnLgheI1KmUI+ zu0ZGia=t$+y&PmUle>76&=<2ege1uj8>Hm%Zo{ajm7AZ;kQ38h>uA zrK|Yv_~|A#3hZ+yeCplY68|r~oI~Uvebcduv|Gh%dx6I?%|yI#HG8z<+>E%>R9&297(+Btug4O1?f+MjxDTgJfX?0i{l zn?}H@Y`^|QHxBu}qmv_LZnQ1gr9_++O@dIAIYw+d_h}4`BNvBuS6|GFl*mL#;A1!1 z2|1$@@|BW{c$&F`BI6~yz~PoiA`j<=zHLwjt#K?kxtR(LYHabKtgv#4m!Gj2@`t=J z$H+ay)CS2VBMmuZ59(liij`0(ug2I-6tBq1rqb9eVZjJ zGuJjo+ogMIhB)^dzac^0!F1kBOoa|hgF;yTq$%x|z*VDf-DCBhU~X?S3`e!JX?QJ| zNH}KoJ0)!~OPWe(x8f4&X@OC^Pw(i^(Q)_T8St%7LCDol42t-JiOC8(FMqH@X*n)lhc!t;GFLA7rI6b3TYJ)$B>h**ypT^ z98d7$yyEc|)&iF?SDB0*Tacx`(WpD2!nS3n?MsCtGJn)NS(d4O*V??+naskfi7xd!h)G8ST?w>@d{!Y=1*GWM5e`u+($sAq~|#8x?{;Gu_W)<#!yfpcO~9 zuNH!7`_ZE??bC1*d-dA{i+?E=E zN!PfQ@Z8fqwcizkiaVuARUunj>-`3D_iS#IrYA_wlNIvDNL zZDdsM;M>KW$|jdmonjBQfx>z0j=L5o#MA5OD`8dXC9Knl>|ZOELTI2X0 zebM3E1Z@f8@T1rYzA{X?w>~3lpNawG^Ekqczd8-547cT`M$mAcu7vl+`k|k&$$d=sW>KA3 zB=*Cj8NEElhf|oIEaKaZ`KJGqT$eFEjLujTi1N3J>a^tlreK!_+mwtMuUb@2txh#1hC`)mkNX^-F>hr z(Hw*;(r$Ccg&eGp6+7gOSNBU}fzJ;TP$bABNF9{6{o!#c_0~M;XkaBcBn>Ip`r3`v@El5m5Wdtz_&7&x!_w}G=ihRdN2+<==9Ru!6t$@| zLo2+-FmBZ->3!KF5kTg6J0H~%?U(s$OH3P6D8cQ)(Dk`Gaes%DuKR>v_<-@YoyseP zcljZubPzGw6Pcay*KAa##@gOPJ^{5KIai$NlPv9!Px<84#I!6tWZL6rar7?1m_guo zv5J?ytLxVvY@ScZrO8&x!U$Mu-F{HZDIDe+0z02?$0rRfHw^S2F&3=~mcq{52UrLX z*LXA@Un~ZymRWaRV zBhkeofymSINk!3R1gj8_!$I4sNCk)I15-mk;RJsKuJ~1H9Hr)lLl~f^pH*!P*Y!zjH62iktNekRC<6rQvH-b=J>kjREm3U` z$R{jUg9c=5R}J-NDydL{zu0SzW-;~u$}-IxZ79u^O!q@vJJynZ5W!MLYs>Pd_6}TO zvuL&HlT4Ebl0zIt(-`}-ZSsX6R8afF@>P%^W}^ZxBP5{L8KR=L+h*8b3inIw+T`|e z!a?Oev8arWx*l1Bh?PaYw-GO-)b-aJo6YUs>tC~*R!aO?F?P|APOdNnseK9r$P&+NM_5F=Vzt z`~~vYUZr9HIbB6#3pZMs4p^_9!Ys6G6!}DZNLPp^xUTZg?uuUKd1f6OO!1bD`O5lB z)$XA?5Kvsyv}R}ugtAm&16xFBz8VWz15uyk3Nz>rIvs{Fun&>-@0I-(5GP+_y4)Kd zENiMjj=5>A%b_J5m`y_cel6m~cW-)S&zdlnErGqTY!=ewCro?AQe&$RwjnpFz9Vj^sor_v2?Ar;m*_i8)7bV(O0D6NZu?Cy_kmy4QzoRO9U4#D`Xi8*MWcnO1 z@@keM1d8l98qhh@LL&sFmZvsiz*`TkL94&vGgBl147N^yT&XT*g;R31O7o@I|TKj%OBhw4+e&cq{(| zizO!Ww}FO>h?(yQ*%9_+`fgG+%8hGQ9K2jftlOlqfwhbJi`xd(FDw*T zV#vBB+gRt-{5PgIDHQYcQTWECAIQfsO0?Ns%2PJ8rWXdn_5LDYo72Ep`e&J?_%W91 z%UHU{-&yu-$8$L8o2kfO_KZN~eGg0JJ#5DIzy3(l_xeBOO%!wSqd(S|*MIc?hqNX8 ze+GT%SWw+aHbsqbJAi*`Rqj`&&Qyg`^DtQR?8lI`Px{i}=}xCtrg4Qfg2OIgfiHq7 z3u_e^Vb25o;`+HAXiR>bwH&{c4LObE3SIL-l!{WR7q-zREgi5=kcwsk18SdOYbq3G zWN>u=t-p_A5;B?o^`7UW4K5s=H|AtDf+1AO&(nyzRj((m@keJ!J?Q`_m|WUQPF>8* zLl1tg$r#osfRVXE6q6GjGku?^c*nN#Stc%@;}+Ybz*y2k|Hv$eUc-ggu?S9z8Gc1z z65d(ZFzFybWk;}@vQn*MC<4_kdeg#%RehipSh;!&ud0I=W$^{RZ|d1Pj7%rm+~tZOL-?3^}8BSS1e|k_Z&5{JqF29M6?0cwKcA`b2pcXq(2aQhtc- zc>cGpGtX{4j>{I*%XUz;pw>6NvWw0XW*XJ>vB@;pR3=1uWH+HiaK2zw6PjGnZ46pZ zDAik{cCb>2q=o%-eH;~uk39PBmGY_L&-3F>H$_8q7gC?1Wnms5yf`X6WDC>)QP-Sk z;`}THzd=z0Eam(Bq66?CEg-e_Uf9f#DC;&{bjdzo+2i9qIDsA*ybps!dX|_os=RFs zZw4c#Mt`UC@6fQ-6c$H7iw2qv?ass6kEN{uPx%h-z)@4Nb9=h~xR6MXKTg$VdaaVT zn)E5yU?ZN`q5URL{|Mn&ty+RPo9Zr3r>}>;U%h5Uln6sJaujlhMAM|^3iQkp!lI`K zviMYAX3zkUO9SbVAIQkFLNBWwQ9UEJGIoElVDBGUXx|jMlO6b=Pe9^amsyt~a)CC* zTp_s_zHWEH+U%}E(3FnZABBExXa9p6ciB2eoAGZ;&`q=V{)I6Vf1vxUzSD*MjMA|D zuWo!v7gS7xG-1m$`o)V_l zEL2DX;G$J+3jz)an}bNQ?=R(n$v%}(M)OcRs7#C=0pEM(KJnklv-}d5#bvD)0a7Xv z;2=xH`Q4jcc4&H5cSIj^ikkyxGp$&Dia-O0Ti@A8IY_m7#Il7M8IjSCDkyzvU}5-U zLa=`IJIld8+VBrn@8^#T^(PqM>|^1)Tdz9 zFI@%g=n0AT%4ih@Q`d+JnYPo#!14CDv+6ax`v&-eezzOb5qvPW5^H@Q|BakQ`STxn zAiXu1my!$j+Vh4es-Pn&G|@z5&Ro-#W45C-zAhdVI#DeR959*GWmVhDJ1xe(B(*k_ zvP-j#IhTnJ9>F&sYvJwi{PE_*IC!9xtBna9o8RjZCCPBVec|#?L6{#r=m?-Q5!LFk zj%i*;0tT6}Q`8pPV5A~=| z(gO0vASB=7BQ~KtYsR{kDEV~SBFCSrcbB9vLq{u!C+sxySF86IXlE&P^0}v^t;MdW z0|E>K_7U=%_mj3Xvla@$Ak-|h^i0x*%=PkqePTzuZnSY{^cca|r7Y}wEWr*;ZFCic zm|4|RdW_2>ZfmF+KSO;QmFzDw#TyAzbVS&P5iiq@5}~B~1}ykrIUaH)c3qg%X|iK4 z;z-pmV;kTA5Y1ovC2b(+TqlP%Xx*5)Cyx8mwOT$qkFaXM=v&WH`-E(sKdZPp1RPh! z1|x(~bQ1V~vt{~#{VbTmgfOQ6gLDzHd25}cicPaB!p`4F3bX%VbbRDs3O_6O#m{`0 zTo{{49A>YIc)G0HPkj%pa#x-fAmu|-jfgwAAka+KidM%T;vc9|?7FgJnEk5vDlA zFe+L5qDFF)-u3_;rEM3NZ+ba#I@d8%Va= znB@qUXNz%=OEO+Vp6_x@KM(cykB5Kvp4G5$+;NW0PR<`Jd<^f^Cs0`d1mjz!TB1*p zoGOt;`QHcS{b%KeA6*W<((TtCMEL6oP=_&Gz z|L=HxSs26&t-oCrWe8oh2upNlYC`!+ld{hi*?V_Az*$aGMTMqaU7%78GPzB{k5{TJ zFL7OotB)KUB?XNqFGkWj?s~JJ)^#tC!rk>B<#r)98b%Na;g8J`U%pvBC!V z4>~WVR#SYB(BZ$dH5ct&9wYrnt5^KH-yIx1|2==>A$-Q2P5npE+dcxG35Mu<%wK@7 z1R}O<@*V=j35MWT@gP{g{}J>puH2scg3&?leavoWYTb-6dmg;T6*3oxl;t)}|H5)= zc7!_7s%5Dc;gU0W&9MxT*GBL+oO5ZFjm`?zNJVc%;q6bKyXVjQ=l!tAhYJauT5lA= zj3_Ti4p{p9{iHS{b>yW%_cKchfo%fB9Tx`xKwTS-#ZrP}*gI4SZzc|>lH)QGcQhFf z6n>*3Cy?u)K_K$Fu9kzetT=-_6%qNrjGWT6CyNfM+&ayANt{Vy-8BxHU?$>@%dr6V zx}`@1Q4>{T=UzD(}AJY3Ht=LIL{H37_>_R=3$F%sz6>-0^a91{rKC`roV%-S9>ZweSFBOCQw zx9o&JJ~=q&C`GEY763{S4U-nI$Z9a5HW|Mp;vM#H@A#sXG9ilk01bvzNKwv+tbnY2 z^`c*htT-6%aZ!-pXJpsR8t6Oxsk;ZxGjteJNBw?)=x_v{ar}326#4)IvBT!(%4{#= zAKA7VSjA0kJ+u^O9)>CRVj<~fGxSDIc5U{2_oZ95y z(LPnf=IiEz7WS~=ByW0jdR^cf2y>gm{7T5#|6uI$`&U)#G{L{s<-~lX;q4&f|3Af3UW9aE!;H@GO;&WdnNU$H1!MIu|34tM)f9;Z;C*gG%K)jE8n!4)%YX_z z+r6@MO}NAaWz|T2JCRIZ^UzouuM-Pu__(?~gp6bY7N?BxLFmqfLJ3@ylmHdRUzK^H zT_(l+GbX-;cIMFRh?rT~$+)zx&}Tq41+6Pgb|N$Q)Qemq^(r0%Anx>P0nH~s=)9k8 z_sG;{VqF|FHuR~SPJ?RJ?qRfr6`g~^Pf=5aSp`=Z?x1VmK%xd}1F^_#`ha98wKe#N zCP?j!$t~;7_lKckKrHuj@@arkEx5i!C~)kW9}OvZY5LP?$b~+{Yzp?Me44Bjh+C`w zsz=bN4DPWfoDS6ENFX3klXXH<`qgSkxdP1uN8>O`d?}(9v6d~YB6w&tA%fMod|R?C zZ|;?wMW{NW*+#=8a+Wln+SN3>%Ie1WWTFB1vm?biu6f&1aZ6<7++WCgupY1oe1Wn2 zr?XsLQ+fDTc}4ajG*&-CY*je+HMQvT744!k3Hv)dUvY=xr?8YwN?sP*h%0tPEzHt= zvQazSkY;-N*PneJc(LBz`(b_6j&_$P|D(l3GVqwAMDsVU z;<~i1MJu7#gD;od!eF`BgEnqNxln8IH*V2+O>)g+U~d8OB25QGB5iP3^T{Rt>2+0} z&#C5>6`_O8XGC*VUZaQ%ELgn*#_P{rj#s{tCXod9sWCIKofJzo%OEnt!e z>bXLrx9o&niWB5SL0Z4#N|N8wo9-wf}Caxs|nJg zOlMpHi~e8elkQZw=4;!CiINm#VhT$$_5TZf);{?z-AX%^r%+!C{cd1{$X$kXC=KBX z22uMcclOUE0+UOY>-mQ?|1r-zb5`}(;qy7ot@o(^bpL4RM-Sfrf}kzD`uSs~tmW-KvqE6*ZDPCx}SQZ8m3$U+wY={@EtleOH~kd9dh&*ju#o06@2s-wigmMg>>}e zxrn}a!>4xtPu{u47X{Nzt)9%twz#aHg3qn1%zHnZ>uL?&Xe)(KKBkzxwiO^6My3lo zLX{9)=Tb4E4s`gxac9tyuAtG|@ddtYXi>Tz%CSl+!@;Ua4-n6)36>JZC2gNHm3<(cMT>R#=0TZF~0q#X&$Zl>dY z3MMpo78G%I*DIb)zH{$Er4T*&|BXFszdQ>Tg`}LZ1zZxeS;ozzbel4BcQ(K%J*T#G z=@oI1%v%+n?|~n!ofMIfK!ZZ_-VpAyN81boJ9qny-%aH>D^0Et$GGkr|2;o{GT=`s zg%$2v4x8o1EgdPvgCFc1O)rNiC#mxqsVFBMr%9EOno!Sh>5J-sL=gVJ*n6iYP1-i> zvbt;=UAAp@*|u%lwr!ht*|u%l?y|mqCt_x6<`>MflNlM2dzq0}#<7lTou8muNc+fZ zlX(8%Ke^Pd@znXYR|tK02jK3=*XRDFKZK?~eq7^Z16@DViPn4}H2SZR;{&+ju;m+7 z+_6)GPm#v;%lU^XAZwmdcyxu&FiFUs&y)==mff%_q){rY6BQ$_WBk3`A75{sl$>Qb zHhWeoLZEEI!W()Eti;Kvfj=dEnj%LcQ1>M-na)5y%2C!whK#)EJ|&XYEdHj(6*{*c zwEwTn(_9n0VnyqE0V}Dd4MUZ9esu14o>oG7UHQR!DIe%`$LqAo zI+@S^7x28+$-8%GuBm^b@(w)BwlZIy3dWnVIPO7RdR(OZ)Kgox$}F95d|ZI4PvO^Z zr@8auo3!*g1-y)N1*OakQFmT>1_2z2e-WzJp=QRrJ_PLam?k_?RY8fYPFB4(_eyUU z#5X6d934#9NxcdMF&Q4~oJ9(P=(9-RCMi8|KM43js9nAg>O0`F$X1I~Tpv(jQ~NcD z_4yj9*^*>9Bp8N~?K-a+T+XAxUlTxVGXP}cqcmaO0Y=lXTTCz;k_~C%M+T41MTQ!z z3z3<|>pX(b(5t0H2LOg_$vMP1ytX63N*)?QILn^ZwGdiqJE%xrA@>Wr6-_Q>I;E~k z14WCN?N=>MNavRkS3;_i3)sIVa)Fm4P-rwNawCDfv?d5$dn3X*aoQ5ZC|K24>nu>6 z2!MWm#ni#K|8VDjxbr{U`5*554|o2DJO9I-|KZO6aOZ!x^FQ4AAMX7B5AFn5J#uHv z4IC)nbOIrpY026hqn-QrLb2 zsXMWRL6bx&N`G!VzCZ*bC;stQOPs&#Ssy~-bOA4C7c9Dd=~%ZdeN3oW+5}azf>>3F zedWf+z|8X8_7|8F;){t+q0!`-Ml4BULo`<2NFz$smP}l`^ls

    |RH0JeT} zJ#0;yS*nDBHdSG_%vN2*tL$pA%fp082lHFJr)ZVnrftBh<1+8+zG}tRh9aY0jlBe$ zJ;}}5Nc)f)3;D)aZOf=RGwq}@G5#QrQhwoj=>?W;@l!GMZ zGv%XKe*u8f;^Kc!hxjl8L}<`D)%esCRFK$gL!y1jQg3+BD@ZqTP{4Mpo_Q%*RAAXv zaf^e^O;Ely5E?h%v2Sk~=a53*rmI)NfkB*0(PXpKnKhnbB^cUgUHEMid3^3u7~3UW^r7ww%Q_BJ$KQi9l~!2TP=2_l!+#j zRl9opW1<$IL6x+7RE)NGtI~X+dM(Q^WWCwscC*GcFKRVyAwv(*=9|1~uPl;h7op}8 z7zIWiFNk6ID>j#~@T`J`)W~eKblxMH`Yn}B{2aWte#07D{f%gYR@rCa0YQz_nhb#$ z5E52c-Eu*?Nj~B^y!0!2u)EsrcAGf-$i?&6ne(gSc`{g*&0hi#KvRq%z~8B*+R~%T zeOl$6X2U3q#Rhm(l_9OMpBi3DpjbZT_`@g$uI4WhzqjCTxD{^c=6f=Exnw~nPf>@>j zk+hM~RGrk&MU7*AU!&(oyWfvLzV!=!tA2W4K5q}buKGRd_cVums*69jkx>KwXx;Lj zqX(-#c4Gqo>fw`5!f0e}osU|y`;*Ut2()2z)n97ZDDA1r#RQ5|n>?R8c3S3a^bJPk zWFVmpPUHjM&R_6F-8A$*Yx>5^-3NQ~7Sof#85XCR!-G!RnLieW^rhg=wGnL38$wZ! z)oa_FZGCfXKtD>IFanIkO{&2~u^E(af*Z6Y&xqIl&7*B|XVFAICbQy(OxmY@B6gYo z^lY75wH~X7+-C$Yd@m1TOAO5^N!5U2r%VPR7b`?Xqq2Kxk0i9*&^70SPxv1r!_%+ZO^QoCMnhc z0b_<(clBWGqE}e+W*K^^f4Z)?RvPNNcKxuXA{j8 zdeBZWGY$!DpGf#tr)iu6xPfDmZ3g;rb`IH@gK1`*^ zo~j;a45ytqVXq758w~~4t6YSYEI;9rH-;okbtB(0Q^T-Cyk;|TOoo3XOZK?s=(*fA9O5*$?^c8bUC2AVigyCxfEcSk7i9OES@<;JI zXG2Y$2w5BaJrJ6H(<_P_DvAgd&Jr#YA^EU>&VHHOhm=QBx?|F}pb&n3E&fgm6%^5> znl>j)%%O<>P18z~nlG`ITftolI#~(abQ5}wO#Shve6YWUb~x$8oT5pey*5+p^c1Pz znzwl%^Zt~82hSCJU%x{jU%UKWO%77$4D;_x(pqQIkZxewEn$6@hEs8o@G7|#u|pp? zvd<_jer+n0ufrC?nX8m&OQy4DqAckD%WK*7j3=)P#J= zfP)W~t_Yj+YIh)D>}JN^i`9-o1};Y*qRA%wjzoFZH=CKl;C7IAP=aHh3@*V2Gxy=| z&Ec?Xfs~m95zIV3ic908=jNMj&oX+Js=mKJ`2{tp+W#6nT8H`_-D#8dpy$*0GgsNz zwxc!jZsf+L|43qK?oY$zTT-)?#>}{%2Hil(YaL~KKMzv8NO%Fv9SAYix4mjq@>)Q| zpk;KjIvRNTyez}F7%pV_bt)YI^+2d;#QlLYIs(4fT^PIKtkCTC98$7lW_^)k+98B z)Vdk^YB=U0in8KtEZA^It96XUiZ{*(Lad9MDW^?!J+9^-kzCa>mdbZ-H>{}Z+)`(I za4)x~LO80c(Dfa;D{UaMSLR>m7M#mgDtE&VB1HJY*c16z$$Kf-M+)lYs>_< zW%i@!>P6%IcSo%y%!ImTVP*=DUIT-gf3v?o5I0Dlx3&I$RNP)`uHgjKmYe85m6l46 zWwK8eqth(r4j%h&zvjsuOG3eU93j=n6p{R_l&G;LvsR6%QfS&XxNsa+E_5C%MQEK?R$${SFqc)DKyswzk?VY5DvGeQ8A-yWy zzo6;dK4VJMc`^%yQ8+{+1#<(V?1Wct@7TdO#}eb~K*@(QDgU5K9SPm_f>#n8o|R4OQWWmzE23~!}vQAU9?B!qHbE>BFJ8-j0@MuV_4&>koL-@?OCrkOl< zYQjiM!&al8X>FGyuV%Zmm;$1biPQ4+s$NM7&x7UnfB`8uW5i2!m<=S%>5DCL6KuL$ zV+k}FSS9&AO!|@=kQfEM*ktdLG40Y|bW_UZ9b{RRXVU|_vB=kyS$0ky2*Jvm4S{} z&4w9*8k;!VUOY3aUpcNc8FxmAs?r;umq82IRW%VUuLUqHHt+kg)8;_`Rj!=1uTZS~wF9(Fm5M{@z z$=;5O#OUTk!R|?Kzm+_Z^AR@$M81}qejMdL$Mz65phEtHYcs3V z5nSM~gI!=BG9MBh6Rkb-rP2#cTzh1ga997FJdaK%OKMk+D$x71JpzOtm#!08eSeYf zuODyv22fPSn2+|nj<1BdmbR^##EUw&x`Iy_g+pxR$0R|o?rnzziuEbeIC%)bS{^Dl zE4|M#Rx41}&l%}%3gzb{)fvL2H}NOu2L2i&&KG&jKl~m}FxcAW`~BiY)40`=c?OE( zRqPOTMR_LKZJp5uIuW>d0Jn~BF|z1LQ2YTizbd!IpSGYKZshpg=VKAuns_c{v6n_J zNG|J*VBE36ul@y9&D{(wSU(gK*9e!qIoQ11Qu6Rh0fOgjx480t_{2*%49cUh*ph&_ zoYTCEc{*K;9BGc&hie~z*7Ivz#YOx} zPg2%Zci!qV<2|4M-a0d)h(8kB$6EiKPKeFHZB z|Jc>~{@K;KDr*?Sx04ru)jjeCTW9f!LGhF)M9{h$?bW{4FY?q73abPw4!FE0L`6La zfI_eERhA6Z{1Xigc14y7?yi9s+@qEAl4Bb_JW&&w%a^A740!WnyQz*3!Wy=LoUJtt z4EwvQc7D6Eg_BS#Mt=hX@*&|bDVQ)rg2FG1-XbtKa@dqJ-rgIQubi5fK|zGN=NjR4 zWBEbz&# zL|9;fgHoG#QIGSc)-&g_$-1ik6?6tm62_p|m_xE425d}BjGfXD&|!D}MsQq?r6TZR zm=b~2^5$~wwk3Uz_*t6mxJUh6r5OS0hW zfTZJG-C$njAqy5wW9QrWL{>)ZVa>2eV13%4c1K2<5z9iLd2^~~bL*-!VCfpo<62{$x>ABl#BGHebVFxDeOFzU!Zr%o7IDj~5t*9;J{ z(~6Fy{efg|FJuPn}jBlsy&2Bz83$yJ>ke!Xj{|1an znXbqa9N?j*N_;|~Pgzb?Knd$^Nr-QI?x0!*b&fQ9PrAt7EO_Cgo;sPPJZhz<_Iypp z3M$}Y_-(OV;gbjkrxQ%wxiCyF(fXM1p*lRm!ZC2l@ZQ(NPRv}op~ZRSyk?#XKW5@t ze7P%@im)y5GHnvc^V1Rx<_dCUAB*JwiUFx>RU{RqcZkD@c@@=TJVbGJ^xe52>OOVi zl$!2W$C?!QvT0G?wDdLevnm_0#8-hZ8btx-2v7h1u{DdI8p4pTM}oP^XjdL|a*y3# zImR-HP0)0kre{+e^=@A}3ZJgb=tya&eVc0J2xgjefx)1!JMjpSimHR<%RAb<7_tUS zU!@(|RvS7AAQHKSzdC?f*av`Uxmg!UwZ=Fp1zH`q&DP%HF`n(d<@J!>TdF>dyGHmd zr|(>BV!fN_1yWuItpQFO0=5wnawov`E)3^w_{KA%?my|lrZd-HZ_4tmstqQ>Y>|1S zP%0TVXOBVOR+Q6$;|02C8sdNg4Ni6DFSDrzQ7Fi6utS|Wmfsb}B?G(qI}VVt>^r}v zpQkgJhfSbWq05L}6g@m}b=!=2#Bv;OJS08LaR|A$*L6*P0lA%bRXdzKD9euDvh!6! z5=Aq_w}6l&&)b-G6Af)J=1C2&NGD)a1jlQ)oJhD4kNl)jLJ5#GXPt4yKh=*A2@FK+3r}7nPV) z#Cwbelx3XxX=xUjDERUadu12$Vjt9OHWFl=IX$4f3*|>i+QjHgk87S_S^{k^>#T!m zSuTVtgX}123gFz{>JLwEvHqTq7e+Fl<^j#3+sJCel?#BobygJu)A zS(He#s>kr_6iW%GT2<3nogcquEgs}Vi~gEW=w`m9gEfsto}HfN@QI~jrUlbCzwXna^1VW6B?ViCd=h54*JAqRz7>+o9sY{a; z!gj#9PnPIQa}+#Vq;Dene3%XVcB4)=T*1G;;jgpi8AHonLltD5rzX;I6X!knJRrB=`TCO+Hu9q>Kw=Ed+`fJR7k3W7m`6 zZgZD>8S?W>!S#}bt%IGJ6i+t=w4i}E?rDj-^fQ;k71}MBXM+#m-K(cq%c11Gv&IiU zjW5r$HiznkXWu-2U{t&+vbq|M3yX`L>~5B=TP@6o+!2R3ot?YiOCSmH!HgpIkn$}j zJs-Wj1Drrmk|aQqj)}QsEtX}(Nnx)X9J}}kp2Lh=Cr6*BojEU>)KlYcvu;O;lVS4E zCD;BZ8)pcE~RPE6+_$ghz4cX z+B;snsMj*Cz!lcPseiHzcG(Jv;+AkC%Rv{yDBDkmwH%NCPWNdpUB}t47khZ+V}qg3 zfG_i!Z%4e-v=5MJJfuwLaFEQ!%+4| zfSiBpoL2CR`Y zlcMKY8=FA^Oss2yx-uVfE32B#ScG1PP?3+tjg^r*y%?IYe!m)8DNr^qF(t;xK^7aK zo)kTHT0qSSVFX@?!XT*9j=;)+>G_CL$dM$$E5J%GC)aXD;=vq!EY7=)x zVWyq*vuc0yh{)CWw=yic-idIW1sGjAy?zU}uVP94XrxF-{YFZhYWH!~@|^EYlB%SD zW+cPuusgNVEx#Rxjbu$XtocgBia^Ff&VPsT%XY&_`Yt4Q47e2(IM;F{c65ctNIA>0 z{C+g6iT4_l1^qLhevXj8b3fl<@FuSS3fKgsYLJ<-9sSICe7&A~_BHu_I)8O3VUv8? zO!~&4s-+z|8$;zCB^Frm`dB%IS*qW_@No_Xz5|`y{-sr<4P3cf>K{lm zmzccH^A=c5Hgg_fu4T*Q?#*mrdLXs#6I}Jle+3vd64SE=GXp?-GFK9VdWXvYy_JDs z)b?x7Xq$>6ki*{5+(YR!{g0n-qjIZWjkG?uM(e4*ElD>0_|oh42USQ0-u$zJ?cYxh z!))Ha`+&B&1YaLi2l#ULbmINj9Pj#Mp4PvXlccd78Ur|B)gk4T4rmAb0ElZ>w!0v% z3m;pp!Dy2n(zwH5)Ty^O8{j-&I38|llOeH16}`p4(rShEx5A0hvl@2))JwiK!ZRrp zyhu%*!^Zlp;}DNzrAwqllj?>xO#lX%jUYd~i(rcyI-4hXEk!)`_p8O_x8ty?bE+>> z%HQOY(p2MQ+E0%~`Xi#s?$#X8&1X*#*S18iT7_87by6~B&mDg}DTBF4Nm84VP zE8S<_Pq{kZWK)*hW3^DxMNw-z0r+dSui~+-caW@Te>aRaiYf5jc{6$(S#mP!)-szX zxIe>v#<`iUT>0ddj&!R^u+=fa`o}AkC4N#;*p(F@ocq018N(4=?%;yz5i8Q`&|j0% zT2TE9!56$7u+5T+&m&LuhE-sp)OGprk@MVhpRet_?CAH#TRwyB*h}1FZsRn+iqvM& z+MnQBc!Lx$Jew1K#>if;B@)=UzfEvG^Crt1kE1_;OLHhZ9QMxR6;Qb@=tji(z3!dO zj|gnq8TF@1iG$}ozYgTK`&a&+4~zF~9o2i&sQZ?gKkU^T#d*I*J?t0cGT@*mt(;C5 zgq1iPvMDf!AL$V;d&u6Ri>mnK^Qz2jrowz&p+DC6fo~>7tWXOpn0#f>#`^`M>?Ubo z?^}dZR}m6XConM`R@$17J#>ik-AN;$PhH?5r!BT*>2-szA3pW|eDr!XP~>bQ9zDJ6 z`mmFxl``X)Ex_f|Sl{WSQkY~1ZDF5O9f@sOu zo5x6At#?XOeqs-)AD6T-%mXa7>$3sXQw;Ck13YfvA{@9C#ED-s9PQhcbSF}^Sf|sz z>d9oNbi@*EMhXh1K{m&>*FA^fihS7TQ?WZq52RCW`-aic`C?;>A;~0cREtq2p?-~) zngn{RWG6wG`=Hi@R0dnVdS=k5PgxA=w3nyw*^QY=Q(5Ggvmk`lk}QlWdy`Xf6E|nKeeHQOjFF&m z1fpVg`{dkM0B&U9Qhje9$7`Ca*_NO{-@l42h$|N`*KDF{g_AYGU|3lS6O*kAOqP*h zrnufVAcl+aC~IdUx|vPY^Kw?O%}+(e(XDbd1@Swb>ugm01WT&3c0Jg|BZGs4uCpRljGLTw2QA=GEKDUZoxH)?YMM@&%*HVi8U#FxcXbJ6UD)w zHdm%-LtqwYQ(RW}qdITO8JM-4_(6?>ji;8X=OFf{zRF4m3%;L5yX^g5sIE20TAh+; z9YiIjNpi8S_Oa^+y!uEFx2)(F<5vuuco1gF`N~X01ob?y} z#kC3yD5rFwF~LvMjufc@s|*Hvy{|@gT&&WnBr4m*Ff(-yYN44`pbj*cMKF(>Vx>~U zM&II-e?MEuUGixkSmZhtv%!F;IqL-~p-P^hT(wkR=XZ8?3g>sesR6B*W}7-|nr{87 zDR)@Op;%lwIN_)c++;gQW1mxUm{+#4(@1wyPjJuX5v=LJxOIOw>Q%}8U*Nei3s(Ca zq)~|quMq)inWw-OjXcAt77wT{Y!t4gVDW)uu(rxFZ9%4Ogf%yZO~J&T?58jwX+_7Y9%`IuyEjgF)d>3J=Vrn=R;?u*OUm`h5Qw*NDlw$c_A@_CX< z`*i}sim_tqz-mcvP7~6wHX*GRti_V?7z=xs&pRyPKlqX|r#P>I3;a4(B z6*jx*?g$S(6Eru`yT%__H5L~($G2kzqj`?4=ngg8pVxS@7qY~AVNFG77nTGp0hUs( z9w^I=qQ2+u} zNaHCU530Lh1!~p`rDe-mD#oC1nNSM?h5lwqXh7*5p7!s5;|NXLO8+avGAH%8M@=O8 z@XLL$4|3xW4>4kj{P4&4mX$lYR+AKU8j^Lq-6=65*z_r)xlMAf+VXGfj<}DZC*N3J z|5}2?U)y`oN+rwkF(+R8Ys&3E26f~;m8!*oY|`@Udc8J`Rk;I2Wr6g9W$YwH54e5J zXoz2F+?{c;z?fsDtp}ae0&UF9%mY#BL20F??+tV&XM^Rm*|Q!iqMlkAwL5!M>^+~q z+&5xMQ;d&|74H9*Lt^K*Jdy;?^mLk|thsrsGC9^4d(1F}nb@L9T`^O1lA?m3p~lId z@2@6+J&{Uneo9V&n5sA%^o|6ll!V-p~T2b5xrGTpiXC$8@Jr&51g*wAYUE%JFM7Knp!?0i<50h*!QR=MZ!ITLRgg(h z%lKD^nP~4m4r@;{C-4ZXAbW(#*;-7Tj9x1eX+qp+*tVKl-^35v5)}9O zua4n!V!_6RF>l^E8BM#)*3?}{wfeykEDb?7AF6}a^%ir)xy-w zuD`U?>>wdZ<1qpEtehpfZ!(CaUX9ZGydOQI`t?3v!B;#9on>t5EG<1R=+8;y%|+m))zKf6snD zSzCA8x1)ojx3|MvipKi}x>U)L9=p-7PId0DQjq(Yscu=Q^+MPEu#f_3X3}ML6_@2W zxjSjbm`qn(s0B?XOs%ZK6qCwoTJ=|qZhZ8XA&tnQm8+gdMXXr(b!tFvFxdl0+nDXH zy4LQHQ$*$jxxN!eMy~oiMb+iXTHorsQ;tknmciDZO?4*n!#vw>-sOd9RR>(T!k8S3 z!}A+|ySJ8V(;MNh0zM#<=?5U3SfW5zq6D+oij23oydC^!i!QYU{2s(AG&N(1;|AGF zt3sp;t?r*_A?Mol%5HN!vS_j882-0LA9pE(D!-kI-?v2sH5c~<1eHCCjZdElbv_dh zsMOq|?8f!TC0DBl)zMZ6O3w#%qRIIU=+xPWf32F zk;~bxgM7m-a?)d_TA`)!r|seGCsktl&l;1J*1rI=l8=n1FOz`xsdpb(q*U)V;|v-L z2i=Ne(zFQmM)Q)9R5<2Rmw{_CB2>rww8zc0-$ac2psu-Y((rTs9cC8#xIVE(%tvZR zumK;BR&M@x+0?QrkVil*HNYv#h9Ata7OGqdAI;4rK%g-$X3~~}P zzwfJbZ;W@plb{Nh+aw!*yg$fCV;=HcxLPC@o&>BVR|WBd24Q~(-}wzK{5I+s^!eUJ zo3<~rg>U9>cH?wpdTzSD*;zvOmt@)td<~|upnFOkMfc@ml&wQ~P$U%rTr4IC9XK?Y zhV8Bv+K1(Po{FMKc?D?V;CfMTmnx@BdB)jTpN|M=fF;peFXxZBJOc&%lheYdR)eic{hObI&8!K!DDtJuOHHsw)(0fXSsm=PXjU) zKVQ~)sawGj%q!mCNCyo0r^jk{{;9-iV62%Aki=YOXzzejedtf@#&HbIKOPhQJDnQB3h> z1!6p5o`8s@@&CvI)tZF7N`gv|7R z8b2)zZcxEpOv_5lCKGvEV#!mVFKk^aCWErIc;v17xr6?~7czO;AnWL|6@wJIfbkkHp zJNLJ>Bx4L?-?C=_&Q;$6PYOWUHS(}l*%;uu#vA1%MaP22mD#fvPk$}bT4jb+Ey`CN zXnPmWwTd!-&H+r~&`B8P^;=Bv>L%(+G{xG5KQ{2ce`<+0nU$sDY91ky{2x!z< zrq+vCOb~a8pVRX`h>LQxAZ5{pb4`g8+E8xyxaVdI!D?7_U-|W;BmP$B=xOD!{tn?QxexU(!8E0_s+aORpuMLssh5#(kl?CQLTQDZ* zJx2|3CepUBA<&e;bW+P`{0Q=NxEVO`;HA>9Sy1W!x$E0M7_+yGehc#sgaTj1hXn^6EP zFPl+@U$L+k%5A*O=2$V&lGo)+qOrUFiZ~Y~9P$u0Xd;)Fl^j4Pwm-u=-;sZoHg;sA zuVte^z=HJUM#gfZ;FtD|-OTYvOkr=wIF6_+JScnE4}r$6>08E$VnsW6oTJEcEb4lB7_)-z9d_Z=52Kl4;wed zZCyPIh*}eCh`thT=WYBIcq|`uoW}k~6lA0?hd4b#x)&KHuAaB0Yj)@C|6+Me_ zs2ShR2UF)`_Hd(@xtmM0*Z0)&-+@`Q_uCv8ONOA+=Pt+~`%{d2 ztn8Qh(TAk>d#TilM`AdY+RH%zn2wi%i9e^nVg2^ zpJ>*%i?o!T5K2yRQYrU-td{<=SMI_fn_DExGpW>R8KdAWi|XSuve3Vq=c4_r!eFH# z2mSz+cbn1r#IJ2}T!*UBlwEFShZx9fBjX z=9p76T)$yLJ-t|Ey@kq(PuwcYA*EW@hKsG{mO_`AX;D#M?&L`_6m6v9obh;Zqiu44 zjHwB#bk0zIfpT+)&<7hI~%N9{gSV z2ZDrf>c)ZS&pnsylaYzx4NEz@_dmKJJsF&`{#>i zMXD4`N`y(Ygvd@e32l~|7F)RMGW=xM55s5MFyukq!JGZAf2$HWDi^0>OFl(@rRLGc z+#PTn#!@}T+pZl!yqKwe&L*iDbM&DQ7ZSWC4_)D4@BGcm5a6e5*rLG5dHjQuXHA~8 ziQgF|_C(XRJXutMxBTX;{;qCr!^LEW$YNIor^#%S$Z*B!z3v<}2{r(SyUyrT+l`ia z#kct>h=0%Ps~3*x(Pj)ox9pG3^XiV1Lo$o8#$=#k5{aSF?KtacB_F!lPG)qmMn;KF z+lTD+tF?df{ewnLz2aZ-vnijnh8;aKaZ+uBP6oy9HLJp>h*M3X(X&$<;)ZanR9)67 z4x`*gH6Sd)y(yu%6lD=T6-+7DFMk|lQpvn5Oe@jWv4e?K`m)rBW;<{zOQRM-6N}Mg z1KkkP88~h&Pf`@)?OnlAqfd^QZWPi$`h!pWpbwN^UzY=R7MDf2-e{L3hQL zuKZPuSq9zvJx->2S15A*WG+-^|F?=etLOJs#VF#Q%P~!h}Xs9_KGb*4^z^|Rcom!W9`T$&JbNriQzQNDy&1<+5kfh5RY#(pIYei5X5@4V!Y&4JFI9o z_?~PyQiePnC|?t}@H_*rSS|JMqnREc%ko1n%hd#Se_rmRL@Y;MF$W$KN+c`QR34MW zrKO=|Zx7dE@Bpvtb9L~asMLP^d@{}4rGwJL|JEqWLi!5|r?a*a6VhRHT< zp_Wn?|Lg6V^^IAGr+Uni5>?VT%}~U{nVhtYqlvp_6B}31Jrf4(FKjipss-<)xqwm0 zBryzHjPyQcfOWau;?PL8VPE_*M`eU@`_UelV<3w3kGwTsR6+-Z`>XAaSN&dlck4hK z%jpt%RCMA1Mha^2RIMY|r1wn|+y3mC5HVg*>x?4Z(@$b&=Zn60og?)+xKI|{dR3#x z-NtX%y!ac~a$(P$GS3d_mV+c%T$%>Wu=GD9VY_-xy+`ANHAeIpCEv7ezLxbx*S&Z` z4AaGShs!HoVF$Yzq?fBuDT*Xr4)LJSrEF6~V5SahO#X|vmzFm`;xw-OIL$} zN@BuTa~1!_+5MXt=xaV-cl|s9j7fH(ip_j&?}|`=Gp~<3J!}5KuBbSxXVtU%^5UDp zNRr@{Sl;pXk+zle+cf$Mu}vksaKgN9*Rkw=_!q7I-Q`CIXsDXOGdWfh4ATegYm4%~ z%^WB85lEzCm$$tiwRP@Jb`hp^!57p!SJd-YU>CGITWLglPAg9sb~hLhv1;9%`dWCI zv!^E)Z#3HbG(9(;YzWeFH@W=uvk;BMM)XWL^!ePZ0q~;}{W!@Ur>4tbrWdoVm*XXm zeOEILFlKWe0xgc0z!~U+l@Vc1M}-Z$hQ#&6Oxy5Nc2V#hQR5~!1KOEgO+fMovs#yv zqA)_&Gpdir`Cx+Y>tntdX7g{R@RN|hF*8g!iCXCRUDzmX*m=AsN5NniH?vrmGoVoe z#oN-1e&1?{=F-0EN5?S{scj&KFNN%A+p~ zz_ei*EF;l9Ny95gB|K@4gN6vS#2E)~Bhp7&M$qr?Z72U}g?T(Be2;neMGwDkh;R;j ztW)G0M4^&%P6|m3O(RFajh{{ivUhc@e10>Hn3I(i6Z`Fk3le^n&D)nNTB}gtQ$@FY z(OYifTgQJ^_!ij4XxEtY&9}l;f5z4?HwM~B@{+P;VzHr0v&WCkUChgRvjvuV-8#@T z0a@ME5-{&{M5zOB83sT-4%M4dGyr^6C@2a&2S%jWAkPJ zYy+62k%F~RYtej+WL(pLSR^cH$Eja~EakCR5Ac-e8Z213M*W??cG(&z0rr<1nf0VP zP6{cIYETaYpHS&5qRP$n0BF#ul}-w7*^AOQVhX1UfNL_8*TIhSKn`zXm~oXWU)El8 zYRF0CJgu0YW1bz1{w4S8VqMMt8AYH=%!W?-y)nwRb)y5y#p)P>aznCrKBrFp&Bw#d za~MM1UnKA;oYgcPT~QeP{$1SEyoTnHU)Fc#RXhxXBTO`Y&5zrlyVqnBS{QEKl6m!< zj?BmVN0s=`#hq8V5Sp#c1&?4A<&~OCrL^|Gb8cP6={0;o?@$#U<4oU=(J7W-6pD!? zRmFy+RAliD>!N`;1*~5rRf>S|#w}G2|E562>Wva?Sq1gVAA7AxG$kq3X3keJ0--`s z3w$dbXUSoh+SFz1%)hA z)SpZCx>h?2M99O>00ENXCi*@L>_a;~KH-T$?mbduaNORBL`x zT7S}pkZtZvZP|0nnaz^%lv=UN^y}x8m6mXP1wpShJl86mfX1poikqS* zolYX9CMP4vJ&lr3EH#tJkX2K}-SgAy_3eJ@ z^>hFF`X93Fe!F?f;_vZ&eBZq7`DtC<_5FC?TT|B(;I&+ zMMso;=MW(*NUUbrM^`P>>*1&65^+kYYRKTvfhuqb@a< zL|bMbI;RU!gFC`YFsaU_QRiEJn6Ez2n2>xG@>$lE>&@|f;ZD+?74e-_lcwsR+DYsR zEL?Pd+EQ_@eRO*_ytFfVLs|HWXO!N5tX+?L`$PBJ$=r!>cjdla|ITw${SS*nFqakpg+ojM@cH@tUdF#A zSVtu_x=|^~t8nO-G;<+yRbwn~DDH$l3Df~Pc0;G7Wl`0-+7g%gg{yvb$4)zEq(y5` zxMQ^lK~pts(A1ZK1Iv7UljRo@-a&tl~ZOx%vV#a zAEV1*sh_d%O|byrDyjfmLbw#%y8QmL+wDc0TH;yhkf)#+8X z-0xU*gmKei6mQ9m_Q{iH_owHX-80n)g)fASwz7|iXni~=NpOZ zC0Xm_D5yr$na>-$Vr1L7W57ADg}vjRmh4dsB}9{O&O^9ZPh1goqH%wzS}f|g;s-=c z59vm7%!FjsqOxJs;=re4#}g<(3vboomuFj+b!8_VGS)-W{G$meD| zQ!lu8RPc zS<9U)+kzNBkngI?tX%ybf0ZhJrjpe@Z70`hdFZ^w9nVX3ghSj@lnF;;;00e5DMCpn= zhN7|H9L6@*kS_l1U>EvrNzE3Y&7jM(g$fOF+sY9CXT|52x>kkKD@8#nCblyma4vcs z>e`7EX^k9wbm&oJipHNpU)!ia!+_fIwA^-wP=_}-eD|-0d2l9 z_-}%Qq(s^^lm_~mLJxu#=%4K5>M`>J$^lfYzxBu#DJmdDEB79AJZFFKN&&?U@P(|v z?A9%AyrQ>vJSbXsY;>xa&s?4*d6?x5!MqlMke0u7TFfJ5mITux^KkLXAuyW@b$yf-d06 z0;>^RyAs=@)l%%rumFS2yu`oDzP9WrfH8?UA+->|N4q;N>^v0-+Z<jQ5L{5)|52Z<c^6QKC?S9cq8&b)-*HPpvg55?%#BW-a zTNvuMe4*NAl)4w;M0&L~dqXQCWmhPbLrt|%AARNppK@iP#){kOno^=lVqHen^LAtd zIW^tCMV-gSm&S;tNXz~2qSpXA0eX@0XH&mzQHk-)ew->Fb-CGa zx^O@gLrNL~rh?_WCX)>WY){^TJc>zt<<_N_8#-e>k`y=%OP&tJh=w?R`t~GT1{kxyUOqp>{K#ks5KE zx#4(!=siO<);Q=e%Vn zNhclKwvCQ$+qToObMidj`+nn$bN=jAYp$yLv1;$JYt41f`#N|k?kw_w8M%C!G;{lz z5;|xLiF+?UFkrmMQyMe3zrMnm3!pz_A7W|@BT~I5?UD|{nG%3+&(z)2cnE&kd&BR7_tl3&*r&%gs?bNc1k%l zWA&P83M6T#EL5enB#}Q9z90eXbIPqF6gFz5Q6X2r+JrbMKWW5P*J`p6Jq)L?m~w_q zZQUV76qQD$XfC`Pw3GqJ`(nKw)z5iz1{cHEL_lW(NE^fSKkvXo$8y z!nHa$h-wAedHbQz1${IcXHq}>Sh>JOU%C|;l;lTSPqS8DY z?#|RJ#$LO;rD3d~_}!_THs=8D{8w$imW~5A{bvIbpW~hPn3MOMAx7_o_Z*IG-=|H& z?hjv%ujB3E_nc{_uIBfgSIfr=c_62h-Dw~v55xf@{jf@HE$y4`EB-A(d?4l!7fBZM z)ca`cS#tU2OraafsWXb>Lpt&1w<7hn{izb0dVim>SrYrKCLTijB0)Qvz^du>g!HS6 zdeEzlFd-`2HT~=a`NP0<(kyB92JVj|x)*^jw{5tJA>dWiu<1U)fuVt0Vf+Mro&zL4> zX;iU2w#%%{H~l7JY)w$hAZf=G3}}2dSvt)E*Pebh2e+C{#3m7P?nsU7(9K^D0MbUv zo&kF)mA75|9@u1-3u$|487`K_CcWYVzu#Kd8g5OS(%fd~L|}n!4Xo0IsnZ^P>t6BU zh1yymofRO246?!855%&ulEcMr1o1YuELJ5mYvCp+Q6qqyRg_u8c5XJ8+M)P|9{rL7 zamxAmHBSk)NfR_Y<8-w865;b9tXy(H&fmxiy?d3w32AXcNi|yObmrCM(8`+VVrzP2 zA?fC$i@KU-#NH7)I@JVSN}IRAOpJ|IB3^}o@?4nYjV2u)q=zfIV7kAMcdm>;_!_k( zf5PxNqNjhYn{-~%YHn8tY^>Z9^Tao{hu_#W6nQ)axIWI_;aITU<>V@k1V8{0#CZmh&3$DPu)v+C0LH`qUZF(ZX6a ze(BX?)Q07O{N>-8iL5K43u7V!tImbtI9-GV*WGu#QLu2EIufVlhlbFjP>8n=1GoV^`Vlp6+9K z8+trYt((1$6>&zuRbZy|rj|*T+_7Q0evack?zFYCP2c-X5d7QqjNH0#jO>+1`JM0U)~P`@nb3Gjkpal{+hp$Ipai#)xV4*kFCRzWHpuwN@Crm2f8JIVJn`9l>qES|U0VI$X3 zx#l@L=9YP4w~k~XO*n8IbmNm^%U7*&Q%ZWha0AanF=pU|s7Wf4vIj`_BZ}fnf)!TL zq6yO@*>iN5jx5P!8Y;;f5$IcIlNqdY!v3mcEmzlnvC0Z=0Qgt4C z$~D06jy1zDa%FAdGv)Er|I9QJL=ZJBF8g&0!f_gcUTV6y-QPn7)%%&2NJJW(M9E&L zDba?HcrVa7k{i&OSd)(ODbuC7#!?6fhqKK*iIB#f^LgYQj^%=!&ty@r)Lo=0Ok*IN zQXl^H;ymx)Ye?WBrw?-G=t{D?CM){aN_wg)rrSQ4A}Qi^{0P-Ee{T7x>eKg{#qlyZ zylt>rK+BvaAFH+)8rS^r%*C+49i;77gw>zP&%(qNyE4bRjV-_$<<+BdP@Lr@(|XUF zt5Llo?r`Zq(bVaqd;|U-K5%Mde~$@BS3xcUJdAzJbHXt4EW>hiHcCR4<9-~`?$ZFGR&XBmS6KJy$tAH&QkIUx*^|G=%94>S@r zlP-k+@t`LGE#%u2^xAvuXR-zj=pVTAG1BVS6cyJpNo4aJqO@LN8pA25{P*K8O*|V( zKt7+Dzt-`OMrYe~M;oI`y>mlDF>Tq}(U&Jf66ULg_#;^HE!nLO-^*cI1B04sK4^^` znBD$?x-budzRt^*rC$n^>^hHOpU@(QR;aGy&z<|yCwiH6+!^F!G{sPAbo1l}b!$Pv zc1V$T*C7@@q?Ri5BKuRUPD3AC2+LH$C=PfTpNr;8#zjA%^^jwM&Zt=0D?0rR>Q9ZO z=f+qo*rDNS92SeaZ=_j{P(CFX43aXcPw078(hoIz;%nIyR6G4*O?uH^`(N#3B753= zaQCg1e3(l)FBer4e?eXmegPI^fRDW256(651|^$a|DA4et$rSHt%CjCg4K!s9pQDBRklVC zx}Jc(5I#S8(KZQ5A7W(%Q9c|tRHjkUz>oxP@*?|42ou_u`05#TFX>Mzr(bbXvC07T zi9$;>5+5o9SMl;_rPnNz$T`A-`$>m_`xI3Y{d9!(PN6ph*BP)AKhNX05aUNS6dcn4 z?}eisTLx$siTeBIP8`GsaeRb3;`ziP#T7gyg;*{QG0B$N&B|^}8&fh%xbqH zvD}t|GtiD&{_f+*a>&Vw8W~^1yk>+K0cv%-FwKVgS=lob3npo(8v=SMVF1cmZ7G{9 z5B?S8s+NtY*|X$nRlBeEkE&7Uelh_zv{ANO&)$;iyP+Ml_D*Q!g`tVwVn*hk_J1n@If()RCj1vUyMB;uU5DkpJiuTV! zBFRHINkM{k)U?jqtP545Kil0xYXo2zIUr@)on7{%*1W8|Fp{5xXws8d{GAeHD-sALbrWJqH$#-y*iay<;I0Gg9R-^x7A(q)ErT$wFr+BNhm zU(I~7GRU-dnbtn_M&{*Ajj~coES#V{Fa**fWyBF@^oq~WT8Joc@@sTg|LZhhl{3^6 zo7YBRa_=1U9_Vm)abQ&l@(=Q(12NLob&4EBDp-k|J+iXqiXKwM*Cp;P*7{F& zdEgKDVcwyp#wa&G@58*9x+;eP%=ZhXSTEcMfgdL(vLc%&hmeuakPtw>0*MNY2r8)T zy+m71qJD9TBSGZ6%^?Sa!r#8(>_cWvWk-dO79(5wZ?jbm(=u6jZ?jhnV`q8)dXi7@ z1X~#)9~2oVv$%-#W?Ty9-|!|tmSOC1v4h_S4jX37kWd;p$-s~x&YwJ(HXK zmnyNkVu>ms#{vxOV{JWJXRD45e6IItSl-iBRUJeno z>^%4cZ|L^7jUv3$dCG;(T{>L4tgURYR`OB4w7cx&acRj*WaESUa-L6k!;3iGx>X{~ zOF$C!wM!$+i$N92XPaSw&wal|sr0MTCew>y#NoZ2Vybgn_$tcpX`uDV{)fx^n|x+F zYE;+e%fiUHN&bi{kJU7ei~{P^%&TCZ9GU{6qkjdTq*b%zNh?gz* zqB7!9t)5dX=4ZW>d6;|7`gB_I7DdUl8oW$GSNTnjkaP-n!6R&&Gw7+@Znd$;Hynm^ zkO~mFaH+_=-(S)ob7jS*4!YG$0Wo=S!e6GaQ7e9}-QD0s5NtvxwA8JpWy{H^ENn`i znQ5%s-kIN3G>M@OD8mD5Iz-ZoJ{3(%e^sHNKPx{61>^|Iv1y!(Q!{UL*z0eLpr!i5hbYx{KE?9PGe{A=B ziTd7u?jH`f9PrA?rQ}N2dnB#0M@FAGOB1+XStidDpeuZxA8<`cqFMB>?Pp#Iifvdp zLCJ)S>l>t6xPfb+ILxkvL=ABo*0BΞK|r5}S{6790Z66q-tng3OAV{s`IyAfEn~ zg?XWtQmC@-$FUX$tG`N&Mf`j8icOkW*}HC%%U3%oIU^p3!4wEKxgn%v#f{$D?B{5O z@nR_ak3)Z-20uop`V^J9w4L_tP5`$rEzM3EJ$jXSacs~IlHE0&9nQ5AN2%}M^ z_6DWI?1^7s$O|)+&2$^5#Ap|##E1~7#P}E!m-}%9wML0`{g#XIf`Am|1~!b3%|&~c z2lheR$21L)DUaXeyV;{qzkP`{{4GO&O51=M$ac%6P--kWT)JH-2eC5-x{l`yh1Gq( znAHoqz9DwA2&8bSeT=E3od0~vay!TOasu>=Q!=z$aZsPu2Z9 zv@w+Dr+!%dTSkD?1Ek)A+|M}#r&qm$V~gIuQ0;otmxhJw=RC(+a6cN1ig0Na3Z{`8 zT&SDK(xHEvrBex6#4}Q5T#MZM4IRPk3oGd95T*o6YgHjxk5MnrfnSeQa+orXQkQ8$ z-}wixCXR!}k4)Luz>i7uiPYtXQ^aDG=Ul=RGsPuR%&n1B5#<~7+z{jsfQo{cMkG+8OMAvyvcG@(D>%sxnr(tBZ%wdw{Uxnbs(x|3m^w%v&hj>lcM*ft7e(*^lUg znFWDQvC?BoR@W#c3!ISRtG^6RmlAnpe8K^?)5vq|oUznl=ED&Z27DZfBWB+eLh7x=_DzJAl40iF5nxo6llJHmGd>>??X?Xb5g%a zRU#JVEaO&w)q&2cA~I`qMt~!g4tAq%HaaWvJEhlmBt*a7{COg~C)cexF@}6-F385( zeXUCl8r3r%3zxM~Pj7VfZ3kVoat{8Qu|Bk~$ZmOSUyo?#aEcwfbnb=cVnaVWh&RV( z)kRW6IDD{4fsDy?p;1=B+ekxXWpN0|WJ=0JXG>(!eGSLBy-;}YQ@CIFa`t-jq)zv! zb})!Ei3<7r;BPI>X^0EsU48?r9%!Si07cNTEy1ez!!q9%e-e23+O2ukVFd$}ach`F zY)jsZu+Hy>bog`QcNd)kZl%&C9zEJ|=;z@migw#cLgx2I|6MeZSEk76U2s6HeJXv0ZrHzkGcgz(HbwvtYGIAFGfa#|ta((Vm9 zs+sssfS>ivy?x15H+fiDLcCdEapi(v$k9szL`X)rtBttyXK^wsrW1+B7>f3%tu%kN zme%dUpUulhC#n0FXChjO zDJeD4?I67dd(v)erPkri>J$O|Ou}~x>}}9lo8H)pJUcTb0w&@Cr)|VZ&5r09{Vy&0 zXpp$|B$d3U&X~UUp9M&`l&lQ$o8s6XO5tn@THFAE+4!KYA7n?tQnzm@0$F~qhez-I zY6ff?K7bV!p}WMQ!gx6y%7zRI3Y@y74m7S>Y9~I(51{TvP}aQG?Da^Y&`6ufITej$ z1*@W%W3eI|Bxs`TN<{M{QYC4}{mdlf)=_kyda}6DV2tKvbU<0@E5+;Eb`HwaR{S>4 zPVvE*paVNf20l}mf*pG$g8`UKu(>u)V8&9|!OwlDii&|_VY$(e&AP5dk>fm8b!cT( z{t*^a;eO45@0nD}j%v%i;5kw;i>M0IWZ` zOd55NPG8{g27?5#*|0cW;UA`XPl4j!-4#Ae)=%okp3TKcB0o4ug?)4%Lp#0xX+VZW3y0Q2!bRQ5V?Kaj3F7;%kI z)_HBMf+Q#;$=dY8{(`lNd3G{}#+!-wcQWRLaPF_&UD$ zzE)!~5gX4`2X10KHYkc25zs*3`K5pZ;_u@Qua8OMV@)R&UzwV({g`DH47V?T?#L*Y z!`>}4jDGqKq>4i4Ycx}DILeAiHJ@^W_GRh*#&sl=AwXG9&7}uZR&7t(v$r22S!1uD z^A)d;Aqo-Sn<|bzdDB$sZ*})gw<>g*X#c4 zQeiQa8zIm#kJsS>CBS$tPHX$Vhdh^yF9(@_w{BfO^uc?}yl?->d%KW--F<2Pb|uJd zxVylHRLS^(!JQ8NRB=@8YzpIltfzWqhG+ zx)?5|sIhnR!#&~9n(ltAKn9q~z!`h_qDcg5r}(S7R8@(JZyx>eBpd+V3?DWR+$Q$5 z^_($yS!eiGv@7v88lQM%zI1Rsa*U$Td7&CD*1@QL$_XRe4gr*?`+E-Tb^Mxj-}#hx zxO}zMZE)(F!bf+i^rlLHtM7GDp^;BQ01G+vKt3hWgNXA@1JcTZ@TU1qB?P0Simk>+ zuGsyp7Kdg6D`%Qxr{_A5tMETsZDA3P+1Wg*O3e zr<_ayr#-4sxhhhb=a5um-EJGgPi_i<<3uPv3%L~dj<FWJ6AMBG2oXC$BAZXO+=Cm67n_Jg?6w~vLrP(}fHxjI(x%xE(0H`by zk$D3NQqsvsm6b|Bjao~~#p>1xr(Lgtu$CAi#A>Z1-J3mfD=D2T^&VEuLFe-?W=vV9 z9=8)4N+7Up^WjBWR|uybmjq^z8y&{Gdh>Xc2~pgAT4VTc#AmQY?T4RBlR zE@8n)o*N>If@{=i7qx|&iCqwy0t>jqEujGYq}}4?jfEcRb@3Ba(~(EBa~5bc8obLj z?mPK(xQT>Synx?5=1f0!b2eF^E4n z%RkMC;+Ma;%9u>@yJ@DoEI+{n?i)rpR|EO#Oa-Z&5@*UML z=B$NfYGi{!A;Qi_hKF zgd{JGuFQ;J_8B=bSyO)m)|$ zM5b~O^0@-*Q}Mw69x~f#AnzL5r5ySA>y4)&Oal1_goukq>az4d=h5+@7qB_7vfsaMfgSkQ3*+ z!+LKS?m@6dR$Bc#52iTHGW`r;2@EOq*1Lj@c!Gef&<{EnnZSb>wqX$a z$J$p(#~@5`-4Fz)_sC?Xq`C#Sd%}4T1Nq67nQ_O212~`6H9sR&q%t!y1Jm)!c$mjE z2&f8qEM8&cmoI9NRG|0Qu)ybTj7p~Q<@ng>!^`9ggPVY!;Ene)S`K*>Kg(`wdYDrn z&qH!4bJ!x%CP!nyGJeMa1}$Ue@`+!wgE$}78+SyoJqBJI8Yc`U?VA6&7 z*+`i|RR6V9NmlP}vuCZMu7sGSR6Gozefk1YAc7{#^_mnXobca{zNCj6I5{cJqP(h! z7xK^wAFFh*r2JbZ2AOrOlv*7Dbxc_Cje!}G&S5^yZTSvzep^_ue5OgXRngfjRMS1* zZo8BPL96xDt7ZBuI=$iYCVOBH#+uPFEJ=o8znemEWWqNi=}-$1t)vd)h4it#_Qnz` zsj!nk*6mj&fj#N->M*f{y)z5bumaoBza0l`0<;rZjkH0JNdU32vEdRq*49H9yeW@1 zb+|2q0Vz(t;+WeX?l zsKw7^36lql%16O({$kej7Y60=cc=3`3A+LmQM2N@D%sJ5q|Ux~Xb9DW0OL+wl>x+A zTJ}k{V-&KHscHyn11pQ?U(6yX3xC_%ub%M+;hisQT90UG#KX@k8A5Vn-+!Tt&1O?U zypSswd!^2aRd$FxdYM(!OX4lI0kHm2&C{(*EkF~T>$*9IbY%GtD~EyVEkGM~8JWv_ z80nTJd{fr8u=f99E>0qtxU@ix*=|@pjmM7`jqq}mxkm8cWY(0UH~w74{8eL(m{rL{ zU|G7{#%8jD&u^wE_v=x!IGH8{s_~GI#FwFi{0ivSaf8aLM z9+c-a#VU||;+WB3C~ma&ztlyo|Di7G{D-=D2T#TDmP%ewI%1e$8VT>o;Cz6ja-i?3 z|HvkUFvpWG7cUTr^paJ;_{mW;fJA{W(X(PfD9Rbd zfHhu+=Nq~x*MwKIy$(jHHMz-%SsE3_vO(eX0`8`tDR`C~?<`{}3&{H{pU4CyRybEj836xcOv%}8*fqO!^}mm8(Rt;13}zayY^ z;ZJ3g6zasE_Fet3oLx#1T@bHU(3u@V!@3|{;Oe?J)Q_)2vJ9xZ zPkYJw7rc7^JsNUqS28A`c7JZPw6}Bg-&Ws$gt(x!2{QN$-#L&36p-VE8nP#LU@OzQ zVsWmd;P~;3c7v^)FNX(T>1vBP4eE_Dlz0;n(SZ+u9*eM4(w(1b@#xVw&K}J<+bJ+k zc@0V~_6(MRhexoTBub@32*IBPz@lJ*ozY-eNM@wi^mFl`&fzP~&+VBheYB2EH9_q#T6T zc@*(Sm4;%W-TgxonqTaxYfCCl+4eW+9ml%D6h;tP*HP+rGD4m1d?8=wG+uJ^jSCAM zKZR`$5iO`;@3W_wk1r;!e43{Wn^^v;GpySpsS}dfKrPXPkQa8k5UniJ*6W+G)aT!@-Y*Eq2VH1wr&!#B%~_Msr3`Ur=k8u6=s;C@nHIBb3)4 zZ11bzD{K6HC2Dk`nfE=y@zb->XdVXH+g%+(L_XpQ2(UCMMjkfG(2r8kAPLeSssO9F zqE6i&ZEAIuFLUALrmI~-=^-*Dzv~UKw znTt}P)S}^)IOIv(2SZL~3^RJsw!*4bi`X|Z+hFrisMMOt0g>Q7I%fp#TS33u2*s!p zC4*bcP1nh6^!?3pwJq8H5;E8;G>JnE-d)iPtGB9q{dtSfvCl{k8w?)zXpwZ!(e%~4 z9F3n%B&2H|YUZxYLx8T=`pqU27r;S>s$wxh!xzV4gnbLE2{Am9!E|dL*?~=J&pRC% z$6<0XiRCfhO80NeBEH3m7!}81uH23DweTG$_zq8L42@*e^p~)UZ>=ziZ~gb02Db0; zzqk6Eqp~^4GZf-PtS(lB^`hERQR7uS&3=OELO<->%2jKtp(b29g1sc1NygbE)tN2D zm(bv&hrhzpO-PvjoVrfgM=17Zjpvh~cn3?nR%-z@mqG70jErFVqF0yRHEjCtu8rn| z=j>it-`&kGQ}VjbuV3C5Enkmgf?&cQ;Pk&W9g7ap=q|Wsh52hBH0W^4dogaflta`M ztvN#1ohN^)+}UEPc2yMtI3Ir7cEJYURSf0!fNF0sw65uf>DHAHKo>{BxgDX;t0^w! zCpsD@t05@CBUh4{H`K1Lq-9ZFz<4SD;3L|P7FK$h$pp=?I9jlInre9jWC|MF$#flI z>(tVu&A?6Zs)KP}du;zyOLWDY?22AB&n8*`uu{N|IoHp5scP2F_%MVb*n`tG2^;F) zNa-SBv7?f(5UkqFPmKO~b^a?eMc_BP9cP+78&ZSG#)NK^wnnw8tPpx{8ydqXiSz|E zh!B}|*|i&0q7=Dx|C5cRgP(5g3e9apWClQ!AO=Ny@_D$_$o+{kycpb z{->Fq1v1LN-ng}hT&JK3h5xhq%w}=15!?22i+v%Ge-%H#i6WhTJ@ z$2GCxbvA6YByEGt^4b1N>Pg7$Mf3~V2Z&oDp^y+j1F2X@7$Y60i!5kj>-7+p{%?^6 zV8abh?aBr0g%0oL?@5yBwTC`mUW82;jE5UIL;Qd|0edEf*btN8pDc;fRqT!fJ5Sk^ z9Z-!l^R$^lWoOs)65~VQc0M6GMy7OHJy#I$#9(0_m zs6aqu1uV(LcY?IPU7E#r6&tP8!)+uP=P2R={34bjW`Vlmn|e(CS_8LsHDS!SbwxL+ z>dQAaU`+m5vj#@EWvc`TSNR=yP!k+F*BfhL>?n-$V~u%l>%j-}HDhi~182>r}H` z@Fo9Us;T@cH&@$j195qxuT3}@SYgJNL2i8bhlV_!;UKNI{&)6A1(0s`4_>!OgxDUt zVD3~yM;+(US{ zYA}~5jL^=`_qrhddgH@NlI!%38(^U4pjcqI7R*PP7MVR`+=wV4*V}zu3pmp~mynag z9mQo)fWEABMMEW?CJpW;;txq3QW*VhJs+wPDNKV-38 zAcFN~;nPB@WyS!hY`s*MB-a#}anVsFkUU3BwQSrKZ&M!GH+m`yRgz4m9SCEWmwpz) z%P#_S*Y;!)x`q?MxDs}_6UOrk1gS&$*6B6P<^k%}fD}8YXG=cInE4gkO9$yseJL@E zOJBQ(%u+s1zWnl&LNfmKr{v4Kbj2tHAnfU5d5DpkSI+xwaw>Y5*=%!A) zbErQm_p?r7>fUvtTA_;ZzrBHxeLP{(a(y_E!-6PBN$E6#<%2KbeaB{*4($QhoFvvlrjTP<@z4|2vdb^BpsgsNYJRvmZ{K6Zp^A*Amu0 zxA?wN;6PZ$L!sPEb}4{qho>&Q!HRzwr~Jfh={15U`Gota>Zc2~b-n2s+8hp}><=tO zR7q&dC_q9iL~KGu%yqH+oJb8-0|z<@nloI(ODYAE{HVD}JBiTbCwW>dmI_ero34sX z`tgJ`zHUGzuL&(hz9H9Zo{bKKa8mxLQ+aoeSKivi%qX}6jdSF zKf;$%fmt_WIAecC=87#w2UTz0bvl|pavmOne8%$2^ zHmd*^A@l`EAuqOAS*vQSvCW;gypE4}IJcHOouyw9xEJ!I4KTD*^AhJcO0k$ln{)q- zvzH!Va14FAm+mbUswf)Ro3?e1 z8$Bge2J+|RrT@6^Of~9N5csD5!abkDtRtI=sk#$8g>&}&gnRDm4Xl$WCCq}d)vW5l zQl0TKBS0WSth9a%6=ywq}!<`vt^r!o-; zNv26R(~fh9(q79{PV(E_En3UyX_Me2Bq}3->!nfU{dzGwYOabhYk|2`*4^j_=%Rh%x zt%vqHv-$qwCeD&bo&(_SF0}rJ+@~}9F5AMnA8@TEe3LYfKrqktk(k)A+7jutou0NM zO!regle~Wrr*pd`4AmXD`C9*uC8AX(&fv*^fKhnHDP4`9kQ7?FyR0zx;k&1^ocavx zU-Hy)Ad+yB?GJD4>cpjM?8F=I1|lfQh#zzjcJgg0Olq&WseLIMsC$p;4sJE@&7p@V zAhzW>aAZa6zzbOXo^glLhqDvKCPh_%UTb`)#;rX#xE$?$Lc`Pw52ObvDrjD6`yi3R zhQX2zjD_%nY>9Kr3kfjf;n5<@VVYmNWFdiqfE4iTTnV00R`syDzgt7PHL~vGAb})? zbdKdUs^HXS+Dq^2NbBFDARcTp9gxy11t|JH9gB+vns1QHGaI;~fMf2Kuz?fbY-xro)ry)lguN76T^r z#zW)$A8(TLHBLL~3ME~+F|is9)#VUbx5=y699KN_<}X^WsS#&xpJU_r9QuKB!Irzn zVQmSg-wM{n-E&sXAzVDqM~^UXqnt;-GD~Q(bGG%py4{^ZxI%`cetU2{uE*FwU^j7b zb$32OVzRFOFqZ#>pgplyxxITS$vDpt=my-N%Me?|&P}MY*ovtwV=uzfDm-i`Co>K9 zko!s>)GL>{PmJ2~?W;^kqXIIPaxPM-QxKHono>cN(?wNKX{6NHS@`vw6XHbY7pNZF zK~vPNMx6#x=d(JLWt49H_PUoct>miE6mUzxkR(AZ=29MD@p~mMp>Ql!RB8(?sKd}y zZsij-H5Y8-=&>vCBPM&7q6d#k8X~F57gzsLr@D7>7Jv)9iI2Ll2kfWM1YWzN`CxHk zn)NBu`HTjVU+`sJVsu-u%uZ?0l0owz*5S1J0F9$v*d(W-D&2xlXD9<$O#nxuHL27d z$|-&8l%D3bN@($GK$WP`0R8$JHVw0n%-TB?r2o!@@I%(QvCWkCz<2 zv>(UL*X-P1-!*GG6f<*L*)n26kL9?xHB{5AmK$2SNhQ@{j6c%t=21$=0uMby()E(l zW6teIqkp*h-+EYcFY)LveFPIv!#0+VXYgFu;z!7M$3?_1w!B805gA<=%HkGy>Cdsa zdjI)j@C;smcR$5^PEFWEt{3J4aH<9iPb#*p|A0P3>Q`HczqG^iCM@N2H(joD(Wd7J z2V#&?PKq7SMvbI8O$mEz{No!4YaHh%LtK}|b2_loZ|~FzE$b%^2$E3vogX3J(xj{G z1Nvh~gQVmDLC}si$e=-4I5>+;IS+NYSNXsv3ne%xn2^{+J@J4TGv;+oMXeuw{RBq! zC!{f{_z-D@{)=srnHw$DYV~5R-XUnhryHD93M4K;ly;= zYQtpEMxy}*dXgUm{=@WXB>X`e0d3KE6-6(RNb3jiWK?O`UmPQxgn(r2Eo->XcAl;Z z(&x#{kD-#PT4su~X;}&QXrSd5`^nY)wAn%ObZ=P)sav=uhi_kSg_xyarqW|et4jYQ z(>rRB_RLHa?VFsN&&+tp?2>=Y!7q19wnSj}xHOvDPPm9;t&+b7dE*o+F)X8&<079EuunSV&lL1BOd9o1Cp^Q>MMF52j#RBOsob2U1C$TuKs5&O6 zo{f85TbT08)7jI7yjKvoBHKn?(I#zf2Fyj6Z-2@UxhMjaTpcpRWZVY{Vm(!OisIM|IMcDN)pO?cLHIX>j2Yh9|$RP{}C=jziFw=UV3Nz8?F;n#eO z6}(z=-bQS4Kg>k!oWycye;YIBiQx+fD=R%H+&^^-05UrP-EKW{qe%ffHif8i9M)5iuZ2jpxh|!;{Xudna znq^qY(Lts@A&Ay9y`(bhExBL$H4PZVnBBSt`kNaD-R)hkF16Pjnml=OrJ;%<*CaU7 zT8XkU`SB|dZks2={jH{#D@b(XIQ!}x|DUqqqk8L@Xo~ZZV)hfe1yJ@gIEW*KnV@Pr zsc#z=U(J;)B=aS*@)L zS7``x%Jbwyz!C~*h;iv<{Zz+VE8bOXr%Zf=@v4yka{tcq4!4abi_l*>p9KJ?jX|4s zL<0V_LiIU+^LR&wtX4fiNYrlLhNi5yE$%-!3>&Avo!$Hi06l&0A2D=Bge>?{i28zr z50Yulzsb42@AU|*UJDv02c-{fB%EwnXWRdFrS9P5uFG1tM9}9JZC}MH@h@VN35$cc zwD9&jZdqQ+`FUVAwEgaJQ1+enSZ{yX3~=e`Tb07`fSuaf@nw^1u5)ddYGI>mHrR`q zFD#Xx1f56M`R#<-RdnR2{_TjJ#G0`{42QuRSoIa+-`_HqwnOi-U=|6>v(6f#5G{>; zriXx;JUq+aHKYZ?EEg3@G?d;E%~@>VNX<(hVtRkO>9TX-swyYa2*peI_veh)^ zklrYCpE2~n@ckMCBl%YC=o<0a>G5qPzs>+Ju%?h)$jZ?`?)Q&_^qEDZ4$luHAr&d4GEVQwgU~3-rRZxRsd+Xn<8@W0VYn z$2_%Rn;mx5C>L6x1PHic6BTmnw?Hw40KvR2`seB zl>@OrXp0zWR$Vx^Jm!u>u-#^j9iKLTKRbNBxLc<2ZZO+DA;;9SxWMpb1X^7{A{envDX%yK zim-leHRS(%YE73lbW{H;ne3g%LC7;l{DTaOu=@-%nJ5k^K}8H&3lX5;<|Hd5S}#<0 zGpuZ?<+mIYDZuD7`j5bnoP-qM7ET>C<|g}~H4AE?{ew(21%#(pHYR_JS-D3>#Ucf8 zbb#lyEI$gb({P)pJ8d7_CT3I|L*6!J;hlBEfj7)#Puw4NuQNLS0Jcy0v=84P$J zo#y~5n=(9M+5~6sqOZiMJ3J=GS7AdQ!+@0gOq1gTH)?8Ol^Hc9b{bt93*ay~N24zVv;+(f3) zql|j3Ud~5aI6*YA>@+r4%?p>uVEcdc4Q*@D!bY^GiBrMVeXco!q{*MIu^m+RIwnJ4 zFbO$aZ2r5UBICc`aBt&$GH$^+jVsKyiKAZjFr|%g?=LI4s-+Bq^+rau!z~vuO)RZi zZX@iMFoD-Ck1dhMdEMF{J=Zwc#f{wYi0^_AhaVpGCr`u@k#luo&KtycxDv>guF7nwu#%GpwJCdD| z9YQ2t9Zn`f=%Qf}J;eI;Zb%cU8nfoRG;WTN+ zfq^yQD8QhdxHtA&VWHFS!TA+bjbbn9(NZ)`-04f?J^)qez#1jL{G2RY?`HV@foQWJ zopd_mykMfBurM`&PjwZx&W-L`!ypPx7+88bOD*H-`xDiRD#dyTT~ogDZ;P^}9K6Oj;8YZs@AcZlZyXNUaZn`ia4>A0@mP5Jr0sS$9e25_fQr?KQ0j{cB(%cMpjcSUP=c>&X}M5kk^I5@cs${^9Mg|KjbxyFXbust0M9=X5+XmeqI=yzU_{A5hr5j9q&YelJIh#|E*jIO zVxQ|p$@R%%q(uIb$X;+PxJwA8&WK zbCKDaF)IBFv=iYIUVXB3ng+#D9)FkAs35xQJiqjLNP}_0E~-M_zyQEu$d@AdgUv)z zH>B9gm*H&PhE-+CI>Fp-%3+IT{nq1ELq1u8Ke`edXwP@`FoOj8IMV$l?L?j;t>0bP3bAE$h@@G{W54}6mLcg?S)6zXlf1f z%$wP$W-ZmNu=o-vXb~C`q}QVmK!9@uJfOuS_K`9jPcD-8gyB zHWmGeC)fd*TGbU5vqe#f!2IEXu~Y9xNgWozB$-YipF@-i1xuCvL;_YRg^ zv@+BFs&0hh`dQ2;*u_8Dna5WF@2gkF`@u?&T8%!i3x`MVh4hjzEK+hck`MzIGoM zOP3&W-L@u$M<|yALfboA?)nylq)4@<+6VhW2k!bUWRoI`KFn%a(9UYEoTXwWMKly8FtQ78NyV}$9!#RR@0&CI*NHTpdeKNa#hpobhy5?O(~5g7)U&>c7uLmDGR~q;?*!vuMvqJ)Dln>@ftUehe&hvj(mdcI)H4&u-&l{`p<`PQ)Vp4(hlkst)!2-ur|4CP^Heyg4ddJXH7%XTQ*JoLQ6k2 z?Ewz@%gnv|z`~QjVGtLbIOWNtg`pZliC;ZJVJJ*pg+qu%NQ;DFK%k+PiAydA%2UY{ zSbK;jIPb1X9h`MOSyAxnhp!uF^cYl0_)If38Q2;LFsa?EA?|qXct@0xTcS)73|KMA zAe{X)`Jood06FZ;$7 zN6plBr!SAJh?rC=Gn(YVZuAG6cL<;Vg9rr?!*jQ*o3vV|r>Zb+q4PbGQnv%(e0=bA zQI_rd{HXYT`I>e+G`a+@m^l|z`zG?;-E|o1stYWVQhIt$0fl|KZj3;uKCCyK-bf8k z31=&8X5&(}QX-9t>LTdOktlWiXH}i$;b7FD1tC+ z*V)qTUakS8|2|8095hd|4oe!iG9Q`=)(Yph4rV54q^Dgx{3V$tJ`MPHH!y9nd%n+z zIP>i3|AW^}{=w@LNNN?vKX|=WXYn7rK5t5ry3uM4gJo5q{J9x7i(=3ZRkozJ{NU7< zdly}};uQT{6I)Qo4?y4FzNnA>Mz!O*J>`-@hSUZIEy9~s19P?^zplX@Gm$yELD_^w?+sWu1O1Kiv7^_Prt@Nvjt z*@l3e5m_J^b^qijcxSPTOKeh0nHD1p+4V`%j1&}+)GKj*hL->IK;ri?h(QL!l>xy* z+66O&)s)R&jIL0yB2xaa<93{PRfLahLe^JFjEe%j9i1TW7kTJmDXV&vYlHX(C zCTX2M1~y|b3DMZBWf&S_0vAbt5_z^V-FE%J@;2l0^nkH_KwRfYBk_)@!0wIZ#ZDw@ zCG^{Byj~izlP6GvV z7+}{0w=k5^ZDjKyg|`kK*B6)`Hb2(T# zh1qVp)sVhdn{(}j>sZ>sCT~jnwr4R7Y7;Z9Pm5^r2|TTMi$Bb?iFYeJj)^qsfikT+ zXWX%1N$vc&z&m9bb??mUoGj|@(F~+Y66I_1H)5fAKi_SCmSe|)=v27$T_MASZIFDW z{(5UOqgi(e>lskt>e1`rI;aSXws4ym_Q4q1FW=L~8-=QBY0)6-Pt<-@ig;I?sY&wW z!-+1)+oAiAtU791sv@Oh*}J89kFu z=&-)$YJD7wC{yBB{(FXMa~s1{yJ}LD6s6)PiE7q@^ahr^o!iSZNrFo98RP64&zOq! z?Nh`9?K!ghtBYe$MH8<6kj)ty^`Pkg5O$j_OIIQs&urX_l;NJGlZq>>VxHX}!k+kV z!j3b*$DDiqk^OY_KZG671d-V}N7itbWv9GSJ}1#~vM?RnM+1IspV=iBM`m=JsuZGf zbDCx%jPnSiNs-Y^y0%qK;-q)uJ|Q-NE_tGD5Iqv5p#ZC>Cn}%-6lKfHjp+|bF4}oh zv>%r+9*wF|zp7<|GXzQMh$_NtacB%ArxTJt$DcUv83#dfakDxwDuPLIjl`IpQVi*4 zrqYJ2%0eRgLIO~*&KVqHn4EtAyLa-!@W2aHh24%#xBr$VxRu1|wtG>+7e%43#7|XO zal+RWQ{jUw#iydgcfuU}biy2;kJZ2Ce1#8OKd0NTV+nKL?!@QP6rWG23U5DG{Oj8P zxeI*ji~?_r#ZNeq9?XkO#a^BUZDR-}7@g(kU^GeFly^Cf_D~viDray57|cB8aw%j% zP{UB1xES!rX!><`CYLyTV9`Xc(jU1AhRCCL?l5}^)}YG>5S9mNMgoQ+fHqtQ=}Pk~ zCMst;(7L;T+KfK|hbN(RH84Sx!tsw?|Fxm8cCuMt#~i5!x>eojvD!&Fk1`7gvyW1L$BCG)w6?i%rw_=DKrnM}1!QZXVWPXl%zbpJu@rh)>u z!GCDXj8ipz`~?`S6LK&7v21~qHrwvTPc9OPikqPX(Y=&H*y9zMQ zdTbwNH65Tuja6FLD$xZMgj*hmzDI>%!V=dSPJ~nQAv#_62eOTKrS``u3H$dU1ta<- zW++F)#tij*cu;%kW8IWtZMs0a@}Sj(+3wZTldn55R~7MiQZa_7>hXG3kFdRgTXNT8 zyXrrXy>p}t)^ifTiNqkS^64MQ{$ds(MeIt-^65x!20J5_xmL-VT zyur}?VU4AM0>Io91d6<=ECVk@H|oMK1ll;@O#KD7O~X10CK(j zID{>v2qt49(B4gC7uR3Cm*2x-Kaqk$jRNq8u>(;3hp_{4b6Wk<2gx##21|GA@CG-y z-vJ9X`bc5&B2l=9!d9Txnjx|n{j>3$-@pGkGg0WR@~C^(A6_{jkFB*%gd_j*P=X9) zI?umhaTS;Z5f!ns*&9V}Xtc+{pWal|cAAvo3LvgL@r`lwpRM~l_H9r#Z%#a)+4yc;VVZY)g=B2SsCh`HsNshy@Wz*j*c1DZ0_ z-jrOH$H1JGo?tvEbcPIUC8%En_?0dBE4W>J6%`CA$!rt~b zcWLI`?$jOb36-Tk$A1|6A27h&eD86X`5mmLqUV1z_FgHV`D%PNb}E1$#?C`04Chnk zso^j}0Yom4Wcm8Q_ao%?f&BvXZNfUjO-WTnGC*)K+3_k$Tye#-~&1sP4s`DqN zR+O~JUp$sb`@=AghsZG+M2^PXdR`TQvbn|x&?2dt@DuSY+IAuI1)~d_s^%SGLv+nN zFy@wwU)6)jS9UTrCJ;8aHT_JjN~&V}K1Sxm8{KLy`sqTe;L^{?j^4igxBT;bHMkP8 zBc!b9D6#{+bQ6?t@P;t8LS4gnr|bmJXL<|exq{k#?2FPtzN-*A$ysD&s^YY187N|( zqqIHf*HnuBDnc`p=ZMKCqy&^$pv%PrwYAtCtUyv1GKVTq#;GbH%XhV;y!^89-W=xN z_ey?sGq?C=Gv{%(pO9z@k(qM$;Seb*ew9=;z0__mim{+w@^|()3!P&Q1XWTJnv1Q= z0ZsVnf}FH%4{*3SKIduif1K(3^gDA-fE=L<1!FbCL8zM%;&{yo#ueQv39w$3cL|A@ zJ%{_OI7~RPT}%|MTO8UfmuWND`O`LCZ^p5viXHRI<982u9K>(oAjRb^}; zR-Cxl_>(}V*>257TF)j65J`D!z!3BrO~T7|lU=zt&`5~UMQ2x>2*In9`m*aKpV_28O2U?;*-t-o`?1(c@0hAuvE zDStER^+;1dpwHKrbN9zpZFJMPlqXmKaFuVbqu<&<3~9LNQG%RzxD3NDA~uSRrieJ> zg{1byiUtmgPh|LY#p{&ef`zoIudGM<-i}8+i@(A=i*|>k*;qsZ=uIeL*e=pNZEX!g zNR}+w`XuhHN1y{z9wOFIc~}7umCB}Lbky$7DTIhXvz zz5K#R12rb`o7Kvqp+EnJHmx)VMMkzMl2+Wf*7&5!kuyJnIcKwePV0#2PHR)ACub#k zl%%ADeA5Zb4S{Snw8+G9uU^FUZz=iM*`UIv0HDQ&8C8TIZ&@PMHaqlWaY!<4N;rF7 z(TH7A$~HUmyr=gL`t==Hq(GNE;QN*8+emyE;go3XyNw+4t1mNGaMay*T)>^e)MzUt z=EY~x`qqm7MwN55*42VcF^4`z;5OYBH5c0&g}WMbm{!M=K6ks}x@mD`JR8d7>jk5) ziw2jT#&ORUlbbVN;C9v|SF)aM^H#(yJtC=u1IO!T`fxxZHoa@zHb^StHBte zp$kd1IAv-<+kD+O;dq|5x$Z1$7r`$HBs2i>t;)zma` zGUm6;zb1*-Zf?dtgr5v)-<&hLX_@4#jg<*Vgs)I!rj5#=k0!c^kLho$t!SD5o%(=h z=$KfWwvA9k@wad4W)@ek0qf0;;I4r3(amFUaLY;^VraN|W@g&;V!FE)E}Io_FY0wLV-^aRJv)-* z7*l*y4GBEL6YwXXUcsx`w{S~QtGM+7gK-}s@535szGnce@G$=5jH6X_;QSb$s{u3BqL_nrR7b??QE0Et)pv6VC2 z=A2nlV@0V+2wWq>4~|CHq2yb!v`F9dYQO&9Cx;T1>Q#~L7c*@hI>KG90U8g?;>add za(pu9w+ORlgjJoH0UE-H5@Sye!$6Bz4%b^RwtVXXVS*QO!( zvXnp#0C|0~Pa$#J@+k**QSL%rxEi35>a*d~;?q9;{P4S4y)WcEB3JT@- zk_fhGFyy!*fZnQQ>E)=WsB#@HwKBHtcGQlxb+V?8W9=H&$d|l40Lyj?e`<|vCx##% zsxvo%kzbRRb02y3JA%!MM%F0wOof5U-6d@AkPXSq4h3ukuy{3KnJEZcnS_OJ;pBTO zI~gQZA{Qxn89=nYY~hL80|?Kqs}qdLSFram4rNB$69%xWq8-?6Jw5}Fswu9@N!eh9 zocFT4aq7N=y6+Sr@~WU!_z5GmTC9CSG;)ntWXz(KbwWL1ks(Q~ntFuLxF&I1OSA43 z;Vo*ryfFq*X`a%VDM|kV z?FakRa!MMLA&30H(rkWM(#aTZ>=X)CkUIZpc})*ATPsEbnN6i27ma)hBj5jk3xA7r5NQs66_Pi~9-nL|th(!!S#tvVof8r@uKz$lQ zp>m~7V#u#t*QM|NmNv`0?|wn^FnQ(K6fjhjc@?sjeB8tTv;%x-mrfwHr(b2LF%tw2 z_~CS9ub;NQ>&iruSaT8;ybMdb+#qGmyA9m$q#2h4glN9tf#E;|C*&rG*PT0>spes4 z=*k2?3Edu{$f#^1K2}#n+RQ~tSIhQr`|HldP|~TRTz3U0F0gVMacDr$5}R*uQ&LDq z0&LK;2LUEUnZI5rW{Gt8DLm05eR#V1bL)oL`?dT9r2+(bXjgGo({TVv-*b9q_gS&; zcq{J##olbg>6Ex-8z_GFb%aT-Td&x#=0(%g&uch=xU>WNvh!8lwiTOjo^?;MVdx0g8^QdHEK(G6Re-%iH##A$mr!l`C-0UPc)Ql;3 z3Ba0Ns%`Q#gsi~mZC%=EVkbboUXEsdMrLIqwIM_-Z*WsDw0p^xIkJdD#d9zma>pW)9eo4K`GuQWZ^QR!ro;t%a zTHo;-hH`s2rh*V;M6M*75@EE>sLBN*RqCzRVYjbTsZSpX2LnDS?-16Y3mai&-I%9f z^XBCW?f`*@>b9mO@;WKG@YZ@{a4V8*^-3gNHCWj>d%P<8Dv;8_u-P8cgcA6|Vj_9HxOMkkZx6BHL?} zR;QcXR#X#C6rmp@RuQe|!&AzPfHDbDxq=et9?h)h7*i!y1LR9~H5_TS5h$#ml=Fbu zJs5+T0CW*91~7_NW%+?0OO$CZm+ZkTS}29{(W5R|S3M#d-OCp}qwMv9jVoMj!(1bO z=Bxm#{$H)9J`<-SQo!&K;DQcDIdd99<+>$-5dLG$`Z9Cb`vu%GkNYOBv(@0Ou1b0% z)=!F7!;0TKnGGnx!ZOd5QV5`w8pLn}{IMGFfh5s7`ev{>94us1sTGXMf&r((a{?g- zJ`Vg)8M%qMKWz~`KW!0ob4x;?t=2#xGCOcSaCR%Be0FQUu_>VGJSXu67R+?Bk(V;0T_F=-7lya3EiQ*71w|vL-R7 z0>et1M@>(aojQ}9vJl){6>D)YY{kl9UGjDm9}v+6C*^Nq zFcGM005v$zj>0#2zikL#CO!!`m6Cv^{qP8*IM^uo&C$T|6YPYd?}BTMEq1G z4t(f}c$HCOjNxMg;WXrX-uJol+%7I*oGaip%kGk<$tX7LpsJrVw40W4uu7uo0H?B+ zh)z&b;kTh{rbN@8Lajnv_tut9EX(A))OYt5<86}^;F^}~qdouX%2p*_)i$9FeUSq} zT4^KbDZJBbtY0vKB*Od-JsWu(vpnjgM(4Sw+G)8)A}SY2L|J>Xl?_dSe!}zBrqUtB z{6ufSYAKrb(Sc^JtGe%1ya`pJ(Sd(C%d2|!s*o}J&)Z#c#n_5x`Y{%0gm&|laIcNZ zUE5fS(@qW7ez#T}rK`GnR&J)UMQw#RZ;=BVDRiqK-VNFGq{|6$yVS`#^4n8T7f-IO zYmXnrKCdT|H+M+zR&1&YTd zmKS+V`B29(ZnKxOQkF=Mr1G}^cbFzSd-WDGt;b|e`@V`KHmJ{a=L}2}YS2>d zOm4eY0fwX_*In2SI_lTGIwf-|q!oVE7Dsj&l%NF*q;ic2^iytW%2~&U#lWF<7%e~| zksKXWNa(jGR*)Y|6R5))n$SB!K{G8*tlHt0a&;lwEy#v|q)}kB_~QtuJ`N zMSws*w@jTMsGxj3#`XokMMqv{9DrM^x=mcNNhJ~E_zCZX2#dB4rL4NTpEF)i0NOr* zN_E{nJ9}v`QWT37Nvy6w;WI78cY6g76Y*S+0n@ZKOL)e2)cP+X^XWr*rD)o9|)(p8slF9?DdN#1^+8^?Wh?@;4RtR+kW((^JL!gf;X4qpAs= zQ1zm=U(L1jqKU*ZwlEHbFw^(~_ks8$Q?5{=3*fJ8wqJ#M?MNm!%4mYhTA{wxsmwqq ztVlc3=@i0{7PjQ8HbvRi!|4)rc4j_Viiwa)@Z-A)##i85jJ*GE`jI*l!cSG&0a8@L z%y_I?{R17NL=(Vufq1g<0br>++rQ#^u&NGBC{9{OnoJR|^;yk=41HfKJ9T5zM9;-VaXP~3{hAu(Y9nEeAHsul#&&_nCrBROs*-*W zmOF>rpINxXH4)uEznK0Q1A{kmu^GJ(_JnhrjqXmTXr+ePCpRh9`wow{mH#0e9o5TSAz=?iVU}}2s07G zqt%U1K4`_AhgRz(IYelIG-d{e_h#bjYS^4QXDVa)BAF!SB5B31lUR~5Ft*K3@?0R; zn$=YLW*x|QUeB9!!9HVa5DsOj$(^8GvBe`kXNhu-PmUfS-T;v5d|d-abX^IdfZFBj zK=lDQpRW!bs$89Udw9m|HsRU6*dELds1$ojI$k7N;)PqE5sz;a@Oy@QJXk~XuE)*hg zJK*UKjsu8685(K4zWYyk z7U~E=mtX^@1p4MH8OSKb`3spd4C>azo#c=2;qwd1@R<&q*(cI0L*#Dul@e>U3UL?~KPpPMf&-LU$8u}`MXQ|9e=8X&(N(z5} z{edpVCxMn-D|D~t(cZz>ab_l6Tmu%bH;|syIk#v1t$0ITDGX;*I=BR~j&%<@UdyiF z2=hP=*3SGV#3*&P_Y8zdgm8JxucK1y2y?uj#cXgJr{ zTH+5WK?=$Q^jnAK6`PU4jm>J+X>R;6hn@w-#gb{jiZXqFR?yMvUq=s;3-1=Pi`w0L zZo9@jk%me@CanI?bPP#K0unPY?r=SSD>C-o~&ozN74O47$lMWGO}-|7&{n z#X9KLl&xzYX{wnJ7N@tyC{c}J2z3q@P8Uzl2ubu`!`_Suk_f5(fhuie1y@dn_2_=} z@n&8(D-3Kvq8wUpfQ1a|!j{vf%V4W#1;^KY#>NfoGnNqRr zN5w#yLb`;1n5$`!qd|Cjzr)5Hs$6V!kJQF#EZuH8MiQ27mO@@Zxt}oX`a+Y9`B_Hw zV4!z*SOlIXE|}V}C2q7am%E|H7r<;Yn;H@d`fQR?H~?RZyi%=k;wF9Ya_qicpp9EJ zi_&^;7dqx)x@HqaL&m~%is;fCV**$I*Ws$IKN7{Y^gHCJCRWm&1+wbIyC_0s6KMZA z<}y4Nz5`7eH3@Xu1|lf`O9#m9IIxJ_`M{B-&izDzgcZi5bp!sIuJD+Q%vq1my|nDB zwPUX(=?Z1P8K+zB^_8ntzNjnyW9I-F1A5uPw~?GGtqr10a9(OWd_q`|$)m+e`m#`x zJN4I-+)9d51&otPIiZTeU#Wv5?RLX6K<<-F zrj>kgvKnK6*yObi{GH?^pJ+j&NwB`JFnig606FU&+yVJijf9xpLywKjhX~ETK_?gc z8K##}RxEL8HOe-W0DD(hNlRzitKAe-qhmiC@u#y*`KkkF`eul|s;Yci3+O%g!`6<= zJTGd%Cy1_*Q`NMWIOc&)J7q)NwFx6eldLG6yjg}y=XMKupk}C;Cv4zEAzK0=9HfNZ zriDwX$hBjyd_3xjFOO@IiQW^yC@k;xNUL#hmDkfPgc(qd8}*)7eB6KYdVo? zSCu$aH78%_F(v;gVtuCOiuYp4H?BJhCn=*`#iV(GAx$=vKahS~Z^Iwm^16*awqLC! z^W8roE~d$>RsW@#^!_$EX{}9Rtkyc)oLp+WY<4nfU=eWdH5$`xfNGDv(?4$?B}-fm zYKH~>?IS~LmId9?Tt*lSMXB+(GY2b4Tkezs^>aWHGS!5s6Z@U6$hm5m<|Hc5U1EHJ zIt}ioIUs`SfN&H^5Syt1M)lWqpD-Ush?t~sW6J1~baAkA#Gkci;5di8LISG*|;bN3d;=Djru!pwm zMJ5yo$6_o2l^8oPAYguyLd!;68MS&<-Q^Tp2M<;}{mQSj9zBRl{v};3q8cldPOeay+qq?diJsOCjOy51{q_(~EEpb+N z_s{y(To^k_?3n)Ct7!E=&B^+QCPFl0jw#(D`97_1B2ntfXN9$giWh#%Ko(c^gs z-NBIe#RBUa1Xo}a=Ddj;^be2JN+7tP2#Bm8&F%VP=v@olM1Z!Jgyv0YJmzuzCtLYW8m+y*{+e-kRR;j#X^M%Vze}8QyCYc8+~0QiN-i1 z2lp&^UHbh}%0f4<&QIW>Refk~+2Gv!{5yFzrj{3Qfw$7R)`8q_29qgFI|{DxFUuGP zz^)BzkBr_r@?S=h!?jfCwN!)kg>lv$Q(pPSmJ?m`L5=%X7B!nCu$O2r8cVe2apgZa|`2J zTvMZAj~U_!8bpL)|H_z3AK+iEfRl}m+`l5G>>Blc3U?0AAa@(z-^(KOybux<9{SxV!V;a4 zyF&hqi9?3UahYjWrZ=Hv)EpSA%yX+4t34#F&QhxsyNOG;H|7mAt9pez>U@jY+P_Eb z_Y^ieb#uGl$yP}i@UWpTBG!J(1SRCrIz5aUwV&S`AXqbNkWbX#7wEcpbaMy z>rOaC$lOx$r_PPwq(p(X>;xS%aV{BGl5=g|lWlh9v@qr>9UyF=i3Oem z>+YuxI`S*Ph9A+2l3H=3q|qlj(7(pME1z`{{*g*$hj~rT@CaJ@VRl-%ldeV(;!$9l zGkN#Z4Tj#ZwB*;&%XLeP@?z}@rY{n9ghL=D;}a*lQ-y|t?A8@~eQ*_~v}qdnXIe)E zn5{h?nPt5>1_)TCxi9%xcWOOLE~s?N9cB1_VeANCQ+a74e31Is(1-~w-tV4?CIZCa z0XSR_eNw{V*5T_ZXva9Zi*k_`^|z9DSfvq6&nf0vrHSpAoffW2hErp zV7?=)ps9Xrtq9pi^7nJ_KC*Jh;`Et+jV6Ze#2lzcbUvbTZhPzLu_~ku-tLhD)7zcr z(^lvLY?e#viq9Tl_8v)}&ZY$V9oD5k5c>{0Zr#{# zMlN?%Ih_-*fVBN8_?RzKd@q=yXuCV|+?-n!70ax*f7j?8N?`3vzPXI0u(FVL+yxJD zcY(GR8!r!^1)9X0{m}Vof);3e+h)R(Bf{y!IB*xEW!TpHM>o;szta4jnGeZdC$wwC zrCs+Ac9h%=plgSeCW@VG!G6F;q*oG-=rgArO;3qMgc0$tD_NEZbavbDQTUUEUJFl>HOEKD9 z#KhuTyEd*~LHDvWh&Z0nn8IMp;N-(ISFMs076ql^_KR++`w)|h1ieD(g|73+*HH7* zcjhVLX_0ftMaF~QQrs~^R>p)$x&~9ms)&)}eRCAD)y-4ftTpc5TLB}!r6K@JnWQm& zbq$|(O58xNmU8qALxP%y(JbumtTR%?9#-|-8rufH0Kj?6>|k`v07o^KFm|t^b#KyN zG;0pd=vrfHwjwE(wG`qjb@%BX7hoXywOd!3xeiNzyKEMJZhQT9pKn0k^yPDP_jg)G zajE{#uF^Oq6PfXqQAwsi$v#D?+Z*40o-N@?=%Y`2kA=>!t(2gPP!^_)8UJk3JYua; z^6c!#-l0L(S9ysvGDe#PuC9@mf&!yJ$d&>;+ADNBsmarxQx1sJKbCOrbG?P2Bq%JP z^V2xcZL7tG-;!KUCbDd%yh@#5*}7+`@T}q`Nsf8M5maSMDt)y;pw}qAmCCuj{(txJ zdTHWd05)BQeDlX}XGaRk`mB<;%ZFLGKg7+>@b-zBVfnsEHyn}D-m=8a(t?Vboq%6jeA#c1DjsLW`0$8Ts#?IeAPdx?OYv7f*fR#W z3~&$O+ZuTBi!HFN{p$sq^e^=|Ny4A5@zRQgswl(^^>&4#>P+>m*!vi2-O2rcVAaI#K5qVC;1bLZ7-*Df7mgG49$l(e}5Dc6)cVq@IU_FJ5)eb_YCis=`G;=B~F#A^YV)$)=YJJTRv zrrajaRB5-tP|M8~M6Pl67)DcB-;V1~K{^J1DX|jZei#L=@~Hv#q#!CSCn`1AJB)G@ zgmTr*D>)dIhSym*>bq#iqe}2Kb!#cic2LkI`kF{q2_v_A+}RDW5&tchCq2KN8p5=tlfi!bvR^CsBO; z1u{CJf4f&n$v`NNt|7=Kc8p-WI%;3A(^VM#Z*)H>sr zKfUU>m>{~5t~W`s)?B);60>D~bvmE>_=gifIj&n0X@d~X@D7$*IbITzY|ay19X!0h z{$b(hdU4^Nc;TSAH=1go9W#NaV<&;F8sQx?SmdqCbLJ*BK22d53J6&IHAl<%`TorY zKt#$WMN(4nLTHn+j~zy9p2!O$&<%7b({izcOxLOg4-&B$H5B(uq0yNWcrUo8Q}nAs z!bMi%Pc~c+cK?-oo(_z4=l4$nHmmxSiqh?Sn^+{v0=cH6#*gKR!>Q;IH_4$)t;w5V zrkVmcfQ0Xj&n8~ay{hYNuHM+KYNc%15lS#>g-k8DU=T*$baglA(V1QCz`AB3Ns)P6 zoTf37KIi^h`J$kgbsB8n9IdC?{;gjQ#t3fJ{SH3eMsd{TPpk3FWexCDxI zLmJ#NM$ZCRsoZ<{+Yi@WzBEsP76}fjhjhB>adgPM@UKAeFz7rw*|;J~n;fi}vtAxR zcow^Rjq!1#l)zZY_CWx7!L!Owh=iF0oO4VhdXn=FxOR_tR=4hr zOKs-UDiz0!Dr150+VYLj>@5gJ`e6ETk5P>Ql>OjbEZLzLNd0v63ujGf9BFW)qszd? zgh0(`GDRq$+PztkDf3rU#Kz%?ST+6CgTP-^fKtsEIBMq$e;N07o##{@-!Te}gwG*K1+$qc0-pgOhlRXjb)jqEc40{?Q?{cy-8^Kp_ z+LxatMdq*XsYObBLNy_D{PTqLZfF{bL47^QTMeS!ZoI_n`J3n@6b@O^-Di_-c7(T` zLK+>^X`Z-skMMh&ETUCAOJ%_HD>Q|dH}j8VPFMd?a#|3m{~;(PuF*2_u*HqQ;QyR7 zX0L|Dd}-qsPxoU0+657` zepop~DX|28t#X6>Ps0K+L)}Of#$GtiCWR(LLDe>F+NLNnfPGUn9r2ztN<*NC* zt@_ZO0hk`ucH36i#@g)A7}f)S*Jz0n_bVy#Xl9oEgteo?*S_>|=Mv066Il1jLv09z zArBC3DjX8mpIvj9oaLQ2)7)FA0b&TK=}hdW5$_)EUI7ZTh!t%!gOKB zL zu&X-{51yqyPhNi=c$$JDpz=V#NECfziZP8{`w`e=OF~u+@I6Mk1Ne(^yPt4GX(9oL z9()$+h!?_To9Pu9h%Eoo2YwG!Klen(Rxr;j6;KTES zpPda;#=>eDeKWK>&DQ&y2XPYjr!)0S(CMb)t4J&fYGHNXG2N?^)p65LYZ`hMCs*O%Sm;?6MvVge;#~<{V#`BU^b=G4O)Iy)1!* z1#PnMh-amD9oFD80%%S=EgamP4&qt>ph*3PcUD1WiXnI7+)il|zV}A>; zcqCeEfzK_UUtdGM6b}w2+1N}l=y)OhxhqES=y=OZj}a5Vfvr#Y%Hzyui3H*}nyp<6 z(LY`9(kR0PBEyP)<#~CdpE&~h_r3%WgO@u*n^#~ zjNi}d~2F{*?N zx5J1rb?bWHmUizO5jj-z9u82Pkiq=c4l>=50R@m^jf=*L)%FIgma{&W^JVDs|4v_j zfj|Yz<4ncOm@eB+>2`ZEZ5MQFM}(##)l1Z2s`fw2*L-;?Sy;Ce*)W{IpCR3PVp)f) z7cCHLt4${(oFybQ(4J$`pHi1o3x=1+)haII?)46GfAL&OQ6<5?M_N}H<*(9Pk!M$Z z7iiLCEx%jf!zex$`7Dd9p%e-A;jG8~?u{uVf3%@me-A7LDe_biSDBjBzC)BTp3nvg zY&9A8hIF1x`ct|920_@MV3|Y}%@V{z%ye*4m;ng(0Z|ZMj)GEEbnhPWx_=Ln=p<6( zY}<xQ9GFPw>`c?g>bTqdxI_#N_2tJ(d;an;EY2ukpgF{g5}%yi7s|yMyxx zF%(W>IK$kuj;jYji~XaVCqw!hinKXNHfVH`Q$Gq7L*JCp-63iG;d{U#TR5pJF4vP2 zyziW+TLsxf$Y8;v$GwuI_fXWj(Buy3H%#l4;*UFx#R9x+zKL%8ZCcNhan|D>TM2tJ zC}WJ>j;BtNh}*CIF^iNDk%CC-mOAqY4FoZ%H_(mLEbW?-da;dkw0lG}DIWTy_+)&~ zj*or3Zw#?awgrTPLseZL4zg-@NV!++Ie{~Pu|BZxLjgo64n{k9PgtOo)5>cQWRZ^D za+b&>V6QF4{jh-Q6v61$>MeVLg!IvOrdzV#X$n9SOFNw zhj;HA+;3nZ?bk5=;R;IRw>#ee9Pc#LRKxOC26C$KZM0_8mQABsXpQrylZD*+*!7Mf$SOnm8sK!4(oO$SdTSeY@^gRi8my ziykNr-ckVje^i}ga3{|f?vu?X+1MM~wr$(CoosB|wr$(CZQK4vH~-(gZ|;lfK6SdM zYN~6dre^v)pT~V>@vFFs%oYPU8-M^Ap8@0AI6s&H)b3(R zoR685akZi$CF{L`r&ne=tc%KD8$g?|O-ac0wwpBH#pa(SqDA#Os7?DisKxO5`uXei z-?P&c`fVs}h9;^*Qv{GpFF4#tW+!8&@J)HzFP4!$m@#T($~1)`*Bbx9na`SkBFS5zRPrvAxs?(TYnrR0oLi@5u2s(au#u5miP?L}TxQV^04^Js`8qU}6=Wf? zv_$^w#Um?WFou7h=P85-1_)eLqCp6QLGvX@m+LfPM!q6mG0@r(1VCvtzK_fd3(`JHspwVgxW5<#7);7l zPJ`@*Z4}08C1l2V4ujrZYUZ8M|2=EO=&G%}>(t$r6{ z9|^hY58gSEkr{P3+;ihUV6r^ks-#bLV?b2=$uA?|WbU4*C?Ndp*MNb??=g2||#jTi6H?8HLmQVbgFPhthG%WV`Kk=5;u0YSX!+}z+gR8WNotg4+0mtJ;8B>Ey<$*E+hLKCojog{j&mgn+w#ER&pV2q zm8jrmW81^dwbLETigi|iEs4g;?i%)<})OFG~!*jlI! zrs2;-ntCzavA`(FTWFw8k+>v9t-Z4 zWa4Iwo7&i{*yvI?``&{lM1sJBWPOz@vp-|BXL33`y|B!0@vD1xSDJ+HSS5eve4lE>&J?v!6UM}>%UnJWrTokU~QRW-bcuH1^q4CL@@fcp7 zmQ`qtSTx_TVKFkt2Yt%odL-nuFHt)?wTY@3Y8Rt1a!eD6`}M-WwGr)y_|n&&PBnRo zk_@dnTZ@IJGtQ7|0ly)?nBwY@dWNR{1svEz)3(u{Wtioj6z@S1NZi9-2ge~aj%eZ` zrpXR}j{yl#v|A*}F*)MZGVu8|QZBbE|FTrJ^|^>zq%0l@cwt22WC+`)&gOHH*rMES z%l5va*y5lwPg*PpSpNc8cQl;ibGcHyBK~vl_@ieH`a4#J3R`xwW~@>6{&SRiq>b4=W3@o$>_*R`R=h4ld0D_Mf`Wp z=X3s)Ue8fPd|U+clw&fx>ak4SAbvo-rU1Ph|J|P?9B*`Wxt#jODcV9VJr!Y8Fe@sO z9UZmNx5{yG9qYf7j_EwwlyquF_{l)?T*V991#@50=Ny-L3Y}d7!#lxi&7dgulYHhb9Y1J z_M~y#MU1DK1!^FTu__mvO$!k>RGCtGV)=($S4ML0FGsa?oDW}dLPJtM4ARJ5AY$IL zh({X7YaLQ?S3LOFrLzik)cxk0Q&jkY9>b|s@oHFUBDE9{KmGAzK<>Y#q#<(Iz*H7d zP^sk#QrMf4dC1~U{oqGtQMr{x-`%@yWsNES{d3cp@GT3>qy!%Gh&X)6W$AvP0E~jf zvnkBr-L&i)HfFo~;CbG?SZBsHgE)B-XJA$zwnN*KE+H8E*_Rp9=399uTDwak+B8fE z+9Jw{?x~wM=MtxIT_nTIuwC`qKhx{j1*e@r@Ii|`y51z|8wZNWn_KmKO|*^zm|+Nr zkjhK3l$GpS@~e#?4}kOd)_w|bj)Y8oAlk5}GOcknGV2~}@w5@+B(oV7Jjz!H?t1Bl zk}ig5yj8;W&!+Z+QM}rq;36lDs5OALW>k&A!*aoZN|*tjs1u6&0aSyAz3|F1trc@GX(j=$@)unB&>7~!^@tVyepjWf z*Mu9Z1MHxxFUJ!1&X|D4@{th#(qM_HVNYZKf zTn`YQFrZ0fLL@2&=j<==do5_{+y#u%TLXvRuNL<#d|F8PX^PYkf?CgLLl+5Bucg0M zX;3~0EI{ZYS;Z50wSMa1icE;R;?qhtVp?Nh5mwF@Sc#@#g3`dyGLHq~fYyMRz%*Nj zw!`D6RtZz|DttFVJItWMn=*>5cXInn$_fx>*MD5 z_*Ci4-1BJn~vYcf#JYP4Nc~2)l6Xl9}-7GqcH!VN_Kw;NJOUX4a_Ov zlyL57*=h%CR$$MGCq63<=ILE{ybKRc)Y%tEIb`>>e{zEem@waMmwO)U?QKprc z;8}p?%iS9#0v{1cMsLJz;P4MjsZU~YOhJsjL-2=xCcd4w_ZcjFw&TzbV+yOcSvfae z!fH~!wGrFb5R>LWCFcust&DJzze9qkrsC=sSJx9tz$j8{l*fC zj~IQ^e^nrfDJA`|E+|JPa^WJ7OH~}967a7u))lKV?{@5zHO5 zCcZ_BBC>a|8;A_*SAkb{XQq}8zxwn(X?pR|ifhiA0THp8Z9dpQ1fQ&Xbu*|epYjie z$)AVlZ9!Fyd+$Zp^J%^z6_--MtFY^U5Rd_jh&((j;-BlVuv?kd5Z)m{t2)(SIFv@- zeUq?!HBcnzUCT?#PvX!tAQXxU>4;0RUkjPj%ak03RY`sC^EmUb*f!ozS8M#Hz#JAg z>{*`gE6+(_#1I@EsAgy9GRpa*vi217+I5c^h~n1-`?QdhK0Y%y|dA8 zPV8R`|3Pnk7<*DIj=?lG>ri@0&@GlOT4^!bkr=mzj$OmP8@-#^UhGUp`rrm{2|eLS zc8`+bmI~B4TD@9}^0kd|7)3jiwkm4`S&ho#YmatW4Jhov~8d!(YW-pKI|o6Qch$pNY3 z^4zeyG;n#8qEF}n#uCF=b91GW@?P;|m&eEG175dby^c27AaPk4rb_r0o(8@+U?S%s zo}t$XY`gH@w;>4Hu)RXiy?l|Us~~85zXT%B@7QJ$rjTF==<{dncf~tq(DcHN!$MNc zve9aPf{|>ThAhj(b0Em4P#%xFa?I80zc^2!HeI7jgdUhvo(2(<2T1)@&YEEHu<4{2 za3j{&5mpx2cCj!#IgX_;Jcb}P`5Z9dN4ty`szG)28Kz7Y&Wnu}MptMbms{!pYQ?K& z1P_+b!BZv}OJ^C|+zn9Er9X5zIxQFZ=T3Sz`N^#JB&({OF#31G_xo8Eq25Z}s~*h1 zI%dqdHT0r~9xSt6je6ws$qazN=)OcAUH@R{Jw%d{p+~{5a@ni-6|@t<)a$`B+Zl}z z(t%~A3|B}PQC;gj3=+UcXSTt_uA)ZNx;+z&umML$3Q%lfYcxiRkQ6y9SP7NINvK^C| zyOHB$*bB{ABahHY9H70K$#RVxugTJ2M&12fl35Jl(H~Sy2cONKq+%m9!6GkOTg8ka}BJ#@d(0~V^~eXsZ>p}Gix{B^WdpdS0O-rLz!>>Re??li)r z5ZFzx>o+eh)U4>^bw=bgU)0bs`oVfk3y)OwXNmpQ4q9dOSj`S+#!thQpzFinCq)u_ z&G`1Dxsd(=_(|Mfyk{2xo}yf%Wj;@*UeaD4VI-E_;zKD^TlS+twLRn|G)q=?f9J>y z6ey23kubYA%}hn8jLor1W!E=e(=Q)Z=&GbcIy%TmB;Wco2KJS_x@^M!-6m9+O`+1n z&`AXU3W5Bjbaa=5n^LU{slD$p}wNvtN9h zB(`98Ln%ho-T}B$UN<@ZA6!+)EYqy>A`TT<&(PlpywYd>$6|xwV zkq$q&V@?Ot=`BlORcS2Z zXa=x7HnaN6>+2plsYk;y)V0 z;YGSC{t>nIg$F&8Ht*T-Q1XRlctIctE`Oe+NSga6ehc;98A2j}lB9PI9U+TbaUrkw z=H9v!$Y5|dPiICKJFBg=It3TOP#l=B2{z9FXtfo@>?_LkIS+V_|}VY zVX3UZgbQ1pmbQ6j=^&yVBZ4-<8uU}(YcE#5ur0)Ja0At(h(|jszcQRJ+EN_vwp)bV z6nPjQLDf4u3Jt@M0w)yq4-}f?%QZqx<>O$e3&gy5$K7->ni0*7 z?63yirj^f@U7r~0p_0sH9KX0Zxa8^POyt|!WyX=z_g!dwD_SZJ`!H|ol!hwJ%7v@G z{B%%XqsQ(+9RmGfLR;;HjF2`PsqKxM7rCi7(adA;eX7K=RgrwKb3P^G5C^+f?9;U* zlhqYDgay||rm9p2juFLRQ!-you0#9zQ_cAX>+!SSWI>KBVN^2|d~ZfXT*B7KSy|D} z>Hm4ANtSD>w^b)`p)LZFPN9vXUTS6pIr7Iy&pHq0Cf~XhVC`* z4^Ko~JDKaN%(iCTej9g7e=AeUB58zFd_QRta^d9m;lH@IO>^tvoVld!f6&_;l5LCM z#H_5geX%-6D)lgdESSxzrVqPy+?QPVJLvLZj|{R;c4<~aq-ox@qZZf(uyI)4K2ule zq%Nw_U0R6%+qQ?2Wv9mX4SeVYXaI$db(a&{S5#WPca|Kva6cxvc&?s>qk5s8Iu;8| z>)A_Z&t<>5p4Hi=gg5cx>|So(fe5vi@++(1Wk_$80J5?O_-8WqZUhLP-tEPE z`|n{@{by42Mkt1N>epr^M=kziyD$Xe(TSSw4~J6M2fZ+pn!t0)?MuqJ%d17rPB${) z-jhm9nr$vBSgaa%$KGZRmYkWXr3dxaes#~!H|uO3?lzCFPA=UXZgh{hHCN!RGKha{ zDzMw7lboy-G;|6+-CKM#StT=HR2_C;StS!HHrjX#23pK_cF|f&&ze?5&O*f-es9)u z{4VruR)#bwB(&7C-c z^nMk0Ylbp1YIgfynRQ=MwWV2$Q^*e|KA@aYV{j2%o%D0{dC;|bL|5|thKBW#!zX{2 zS|U;=-W9|5qudPb09u$y^4yia5x^qSa{@KLXqaOx}7BfUPdC5_I>h z*{3Y}WOowv*h#gHweDmY8E&RjAxbQh`PDBdBnnYU-L3joZeyiBR7h6M2o9r79cDfr z-eA&`6@D{ez$%AZLmq8FCRl$btUrrl68V(smgdD(z)YC}8vT-X=$qY5YA4E021OV_ z`1}5Wgh5kBI`20iFr9Xd)XfU$7L@s?+)ckp4cbUmrGWM+SwgNAoNhi*M`>57levFG z*4w7PY;ZtR&@=t$(4t$~z(Ed!)AYmf4)g7*PBAU(IYD>DB`n2t`f!y3=3D>TraG`@ zs1!Iti>-V&$4UEzX^zbKSDkUADu;bi@Movx?9Q);m$Up;@$+3v53e^Z+GgeTXGnpx z6iurWy_P1uoSmeJuUdaI@?YtqdaOc&VFv_kbW{6o?exm_F!j!f|Gx0BaM2%5ux45{ zIUrfAiL)&=B6kyYY!}#id7D~dz0o-(hE8Rr(S314xBg!Jd>^=1bUtR=$KYD0f}5#Z4fDc%LECY1W<9!o%hv!^H)mB#5h*|e+>f!Tn9YB})pE3t&vsdkj9I)~ z8GlIo?Q=i$u~hLku>~8_7^7n#Cak=)Uudll$U4>~9+3I~T?`hRl60=0PW^F_3QsC^ z;AgP#u)7H&;F7JU0JQ~~u)YElOC=jB)(+f9E|dSB^(;DMTM0fvHxlGZbeATQ9jT9Bt2>jtS%^#+O`%9CDc3V<+^Q4Y zdw9hP(VS#FwxqvJn`KYO3RPqA{oSd7)nMyts zbF0vzzDdubgMTx znj|8*^<qLhfs6-7OymY8j^J}~vM;;z6f9i{gSyqZUJ}jFL*;k}qSTT#uBv6)4*7yMe z!$64XqYNt3DpWa^VK(x2RK~=fc_z@bC%Th8A5rB0dWF6JFGQ@H#0?a*H%|U?y3nP& zXRcDr2X|sF_Df_~F7RNGorSf}$@pJ?q~udeHtvqbk2YDEc#4Bi@OkJ#Icd(}Wn~8* zdXxNSE#!j+6^^|(cC_Z=)tpYudrPf?$s>frj1L>DflSTY+v#oK#ui9&(qUiw($jQy zSd;={sxdaB=1=6(pcv;b;+dj+>9bCrvQ}JVYto6=^ZEYlHQE3_l<#6EWFdYe67jrd zr9LW6)#BuQN5`VcF&HzPc`#RhPhEdVA{F*;(=Ep=^*H$<=SUC0J+)(cp5$R8tSW=? zSNY}{Oc#kDAe@^nD!#tNKw-cz^B>I)wlU801>V+Eur&&HUui~qXY>5zQ$~g+c$z_% zVjfJ{)hZljzomem+l0^$10&{$d>J{wDnGIz%K^Dw11MiQ%A{a0QwwMV$dNT1&(R?* z0jgbp4HWw}0yp6@z2Bi&9D}5D;)-h@0Y4f1sX7)|P5c}qL?zn_TZ)Sbs|m+TBm;>f zW>($r{q5)o3W;TnMWeUHqtXDx&zV#FNO`!nQ5A|z=^PY%#<-bS>P9qn^a-7E!J9FO zC)Qfz2Ok_{pqoIcah_eBMkPeE7DZ8JP+@JIHg|95Lw0wSe*DW7|5!#{`=^rpHiD|z z%Svt<;*H;Nhi8L}L#fZlAK0Esl0S``-7VMH+d)7`Tt?jSiWH*VQi6vC7vF% zS;4xB|7q(^D70Y$!{rR1h0@F%yX2E+=|JIOF+z^EPZg{IN9{cg)dZQEPc)QTRyJC+ zFjCV{8btG;>Qqx=+VQ>#(#;SaA)Yn>|6;SWieSvHNFy_SjW6(g=9c8GR#`lm13bLZ zpk3dCl%R*JW%hNWz0$Ku=_2o&eGf!3A$lB=0eX1T#EZdm)ZSyt;?2{e7`}gB^7_0E z;C8z=8GgU*$I$kqUh?7|yiH#6URgg&Hh*7EAGSW{U|xP=H}BMaH~L(z`Z$X;8-AOA z1MYt2@UN((1``ZF6Q<40*IL|oGJHq{=ZxJxAi(e*=VHj#ej!jn?p6?yr-ZedavHm8 zHix4H#A*}vNS}5#uPt8DKO#%IS{8Njv{*maSHO>~Mr^NoDP|OhNl9qX+3~D&K%yyj z-@jSthe>2V27bIV-~Y#w3hr-MC%wenKr_#GQ*3w&(nO2p|8waZ46?IHO}N^yk>SxD z?Ok(#JY%H|?fQP%^5k%(>7ARaz~idiBO{^9c{E1Qka{sR<%J=FhX)hiLOmZo&|6U^ zoG;jb?7!C9)z*6TSdGz(p1PAcsQ0w7sG7a5bDdhEh8DJRTGAQudHOdbh=oUy9xQde^#&0Y)k@(|0CIyUY&9$T>^-> zpv-M+SN049P67Xv77q!I$Qev!4SiACDyb|3;A#s^ps5!qC}PcMlfru(Su|f5qNXEm z9ga;Wc1~&5FrnIK2zg7UB{@UVF=TJHj(6$xP~7F|po?=Rdx1NEOE~=+>T$`qA0~Pn zg7D8hoB|fNC{&QF$vE@`bahSRFyHgyZnJ6hZl#!6d|5!u5J(W_Nof6#T^tB3NMbaW zhR-*hYo8eF>%lB<^jc1G%UILg+_41Bdy>*#cYrKM2aOO9)fV0hVuuzvt!2Ax9FFz zC%lC0J{0zuym@VcUq>ftR=$#(og^z*44&eH>gwsdS$Pm{BkT2s9%s1c@Zizm@Zw6c z78|=3*@VK0wdV9j!00gqq{NzaqEak-Z{s!EY);m)5-LVacfPQ~kV}|xD(cMn0+`L< zP&{1~w!6$pPIF|2tzZToCx(|V*(`NHHTLvmd>5x_I*fL3{A7V+(uI^&HyYQ!lb=MD z=ZSu2Y7sv5aoi-5@woAPZ$$*G%w2}SJm_OOFAQFCnuK0KC^T?N?`)GhtQC5y8|~Fg z@)P-HTAtU7+QvXoD=9M|kwfr%IE71P_)oUGO85ZHMIY;L0~P9wQBJ{cEHcYaN1=26+`+DL>F5oROV;7b#o{ZOPlXD#i|VvH z@o5V6Z*H>;`n7DhH${5D!zy>Vxzr-Icg$|E4u>;zoXL)18y1u3X@vKaZ~#S6hkO0<3k zz^->sfI_k&1N>L<*pgwX?^0iTdu771M{i-xsXM6ACBED}JcN0)dWOR2hMogX&}o>~ zRFofAsM>KQZfl9bwEYnrX$R#(Z7vqBAbrh#-V27evCGr^ba=iS9=?+|6w3PlJ`CfP z<98TUpE?ka_=s0$ss00|4V#Io&OQRD^(o<_xsnJUOb-cr#puZNT}or<@lh7)lFwJiIcA{BVr=XbY<~ z`??J|+1YZSB3s`^S5`3bW}wK5QDr{sBbw;-muzB*4KnY=CbQjR4jNzrVGpnQFp)><^ zW=2>=2L|(EQc@xfP4rZR1{^ZGB1*0pVX*Rqaib*qRtck%CcMqLUV!|bkI3Bz_VbXC z!uZdAg|R`dud6gs(p*Xdo^O&&!hCswkOM7opD@!oL|-W&vkmC-w&<4QAvGD~IwwS1 z>v-(2>Pv((x^FmB&{rLOKXb$v=WOxK3^wP|g`aM)>!(Q#d63%Q9zlFjD|<$M<=B@O zy?>BoBSXSbK0IhM5?8Lz;MDo(mFSKPemX#8c#`(_&qi8i)syLpAK-hvUVWw$u#|aA zn|+J6_6jr2TKjiX(Cy~Mbmu;v@ISB`xhxA?f^0Ua<@r+*VQmGE7<79(xQv!y;?mg7 z$eze{+zs&fqf6cC6Qzr*fXU~WMse^z4P^(DSmrO9zoGblHuGKVw17cPi@aKfeucwlWAuqPXY2Z%X(YvGcAyDkQd=V_vLk3|WoD4JkL_ zvXV_qym09Q2;`N2T(p>gliNGDZ@fX$fN+KP`xMGLuJEz;(&XdBxe&vIj%gXGcbEUo zV+m^>S895}X^1``TfIfVsSY?1abup+9i%i6l4NLc$GG!btNb0A3uvuD&jV}G^n_Uxau9%_tU=%*FW#1uq z-tJmS(s-bZuuNzls)N)*brDWzp~}8s8y;(E`No|aSRZlQSQCkb2rLBU9g^7QI*UWx z%v!UYhvZfTNrv#jyi5@p=flx!Y{+pu!h;(X6wHktqV!;LF^Uv0kzZkWm773wrPez@ z-HiQ6ryWm({(Kp}pA;vfUH@8l+c)_70wvUz6^DffmXeP5lX0N*FP>LR<80<_L1er4CaJrMq}|f@tk9K0XpLwlw&^w{6_%MP`OL~)aZeTm`Nl8 zRlr99EzauKP-VlzAKbr1v^Mvsu40eR{8^t+;qINjJ33VEA-j0$H+^WGo6sMH22BHX z<#}UyZ%vB>d*K02G-K1cS8K06t|yk`Zn#o3c+U70smuz7OjNZl>o0Ee~h zjist|&+)AuoWCbo3Z1g#+a<_1voZ<$pOq;GUD|Z+V=Vthgt2Yrw=z-ki-n3Vm}3M7`S*_H5CP3Y-!4|qMfn4v23#NYpPl_VOJV5;6XrF#PX z(v!%7Ld)3*234UIM@bo;QkwZ~xkhz?QXyG9AUqRgtF97m2kQU30T(eG31(-*-fx&U zPVi$%#nBaynZJV571(OjUc6bL+@!k7UN*t!(Bc4{o6xe#k*+MXvbh~8CbEWAV)~D6 zEhrUl!PpO-mf8>p3wx@5eQRsKsCn$!m^v{kH*<-#Sdhlv$3!p9B(Tir&O!vSj+&zA zL@UO;ZADeM5>0Qx-qmz)^V`_VAtOB54e~kKQ(9-2sH+ydwzAn~0zn3BG6&*>1;2$j z+3R5uvGgs~nL+^SDEHAA+YFMyy6CSDxigS})iG#e)nx}w^5+vLl z;C_AlxvbJUGr(gynfN=pTaTD5&>#T|Mr*rrPSZHCzbI|Uo7bFbwB zj;m}mulGJVYOK&Y&=LOetZJLGc6jIi=`XyH48Ow=mdCzOKW~0b8u<&lHFW&r62Or| zAdYxZc;BAiZv8tMS#wo-$vQ+_(6hVz)c%(S{J_gp)91^t+o(y(AoZK z7z}$y`_(PkJ!fY=Y2H=teS1$nImea}$aL+ijR^bHN83=x)K(KOFwT|s3E>@P{n=#j zH6H{BT$FN!37C1|)3aH=95!EFJy}{mg%(pwZYT(?9@A8A3*8~oW%DTr=*H<3V#-#b zxxJmemHuq27fpZE=9LYdK+&h&>n8M~X%(Wxa8@+!DR@ zJ#_`Q*eMvlXhA~$Q&b^Lqr}5BLH&r0t>^~10HO$ex$)S!PDIr;u@buoaB0WnWhDnh zk5R;ve<2FvDA!|dcfb5Zmy#6}&tLg|-p5{9oy-mwW3z<^c< zv4}qRX4IXV5HGrl7Mm@F!~)1mj8DS(h_54$w}a-F_$I%DD`{E1)C?=fFThsA@N@2D zc>x?C)%y|GS`&VFHx{A|HE49ueJ9&v^>bIRcJ7yuie$lBFiHy?xFq}9WQoV6T*h@> z7t59*VF%lmVV?BM>KP8E)dIKk?%tRQ&lyHG%Na)3&+-43dGCMgeS14*b*%4@cb4`7 zW32;ahX+`@bHtw~#Cr-7;|_IavLG?Y4ht;TcLO?Bk{(vOC*I1hau)fbaR?SO?V9SX z4=<~MjO$LU0gEd~lJKdOCi{davem#W>d8ZVLxdAxHR~b9ZUh3@Zhv_bPj;IK3{b(F ztWtGWfdpTRC2u>69>i_Ch79~tG#^(OjSH+K9SzTr0t4T)8NMOH3@f;Cb_l%4ztTSY zb1JChwM$jGa>FkFWcT1;>;MJ5NWuuv92)0F;8bB@P2d1yJVyLw3YS8ZhY0GVwuIrr ziG2fp2E#(orBwLLk{M`0x2HrTZ2BDKjaif#Ev}8?Lv2^sib3ZwxZr6qU*U~u`Gt2N zg=eHxUWp(iPFuD7C*lwLH4no!gMdikCI<7Xj(at~;uu*x0z?PFg2U5>d;<5hhQKh< z0|qmF^q_9YbAmk6fr4KY33?pXCDYbr5fr8{3rW)|o8fPC+gQAj`y;i1-{|IW=q_bhYc)mB%O^(mAb!|P_ur5)WkLORR(2Wkm`q<4xf z3vJ&?LwVCWuP!`ip9sl{!UYrG#~0Qls}qbO{8k8Dif>G;n@t6NaYAD~4LJ zmaD(7rtKjp#T%r!hQ)Hss-vp}7tSZiwZIDWpJPaa*Kkv_zr^L9<3ze3EO_~^H03;8 zA&7O+9B+=%d-q2SuE%09!8pea^%f)>s~CnNhV`lIEYWpv5lV^RDjT{(fzqvDTOd5a zvDOiZ>g^k5sTfz?ZT-)Q8M`UGF_6BLvqoppqefa_I^cTN-G^>5p1qVTZHV|ka+crBcwD`gPpqQpQvcN%dR2XpT}XDe|`|J|c+gG-+y7!gut zMaq}tw=v%LsUZPeAKZQ?>jj=|Vhn>I%j&bl#D~stQp*SkWsKzv2=UBw;W$#02BfF@2~dxW4mX-Af6l4ZIIuyV{PEDY_!J46ErFPVUIEl!NtMwC#`l zTHWxx;;VyuPP_gsD=tqCa)cdagj)!R5NL5J-iES&$!Ihc<=f0co@(a$wSP@wo_iz8 zznP^34DiMpiJX;z z?;OF}IFv<)@OPQls;B$2y=G0SEE=6dM%20SxGpjpBhc>=c?_a{mXqq0-3Wg_La_HE zuqGk;2n@`Ly+uOw7U(z3_B(!0%>fdG&Ej7j zpHYjwIT>E5K&>JhiY~Fj%XyoDJpE9z5a2b>iY0wCWtwy54aLQu=-LKv9Cu#<3&DE0 z^|w^tRs5E(bNKd3b1Qkqkvj@cVxRic$>06`2z!h|8tQ2w_Y6=7BFI}AYv80C$xJh6 zG}Gm*xiQDDa=WqO3E`#ftz@hjzl_xC?l_Y#G^QQyV@Kk%lXPr1DeC-veH)EooyLsY zhm9n69X9Hij0darZZF$9v%Cmiq^!0MmI4rNbPS44!V$w>GTZrC4x2J7{(i(+Rs>~hjF?t?Er1= zcfOV;^Tk9e6{ve1Uu{p~?f9P`37#I_UvkvyX^caM{t*vKME6_>ZvBwNGeglyoYOcn zxWaF}4^LXOi{AHJFP>)P&`NAKdQQ>#B*EYEVIm>_~8|rKDqIA@Y*e zYqjov3%kmP&v-BaHOIKvdGY;Is|OBg%YG)_n8n6z&Gqd*y}I;oG$CP*^B@PFfrstc zk>?dg!fYgUFdVR_Q1S`jnw?5OL1r*vrFvODJCyXnZ=-9}|^)UOs1W zoVE52_WpoI2zBJDX>LqSp+aIZKAM5Lw;vggA5dVvSTC3)o}*N$w~`eqB9fhQMUwZe z^=T}=rapS2D)^E|2_k#vD8EissR;aPL}sir$vrR;KL;*=ata8y zeW!@xArUHS{2D>}+kp+&NibafOVxOwaB5L-=btVv`98`7MaT?ndt-0V3a{Cx4TMHD zw(7z4kAL$D$~sG=l0h5A%Wj|Ou(Q)^>F{b$I@hkS))Pn&2U@F@yW@_?j;4MIYP97@0%Bs&R`hME~X zaarjm_UBWLX<$Rk;R>|_l!G-{BMD+1zSW4tYhW5(N=bo{rA9G&0-}pff#PZyVI@oX zi2(IzQ5OBmDR61ru!VW}IJjH%$T(L~__U_x5!OOUP?z+26vlc&r@ zi7QWuW1GG@OJNY`q;OwE%QuM?0KVa%`T{0+@vp`cogCT#GGJazkEomA1DrEK%cu4G zab+Wh756$obB>?Bmfx^BKcLMRgp4+O? zd+k9MPg5XN>fy?hjZLA-se+>KHkqF7#TZ?Yw-1_$ddqV;$z^FC^(@pV>2Ln zc<_}eFFT+ss1Law)TpdJOSrC&v*UBXz~__;>q?Gi@&Z{0`D$uGh#iXvhCBG2*m%B? z29h<^{=nr)ZBvtGffNCSi7XMN3m1B}4U;{fghL0)5u(0qxuWC`Vqq4gLppq zd5E>khA-dhgg_R!Nq4b5P07UK%~JAJ?=(z;!EPlFY;41(Q#-Q>s{jx&ai+Z>@dS>N&7grSkh0aH9!Q(wnj z&R}KKK|Y@{w42mVM64F9G-HNiNe1j@6z~lADvTH2Ljf)?Boy7wi^IBWHqkik-eb|2 zZH@Mm!e#-@%)U_(8<_P2Z(MhD2QELZR7?3UJ)qw{FGB2cC3uXCI+P2xz(9X9YdHS+ z8F@~?(5)6SCL9uf*~cL-O>)())>o0e>}mfzM?=BZ>f#M;O8JGBEEQvfYk;0uJ6F|a zj@6QA7xV*y(PtHk`p3ffyzC=5(KDhH?3tmBbU6N~t+2}VVc}br6UO6~2^WpCB+`{% z3f%_`u$a8LzwMB!@hFs)#slqxDfU`0-?jcgsOE6!6%&4M2L>#N!v3dfTW2!2&B#)Z z=s~KH?0l@(W>2~mm>o2yp#$^Pzup5%k8FqVExwQ1bR)1MlaJiiQ~uSOIKZ-1;4S`A zilaheq4n*MQW`oU(3L)5a*J`p{TMLp(L!uF>ubwQPb`KXPEjzf|LdtEP6G{&Fc*W+ z`XGLw!5ouL+a+@OkYM7^j65H(x+M%XI)!>*zMIcU^8s%<+9Qjd(7B{m8Bjbl{kba- znjzuLg_slglm>O_0kOL|CA=|Z5;ohT)*LwMkC_aFq4)ltE+)apuoY*r%nqz@5LI|lN7|US@Ti z?H0fhzV9LrG9Vz_;1o1}+iZ82v{(%C!GH+kGmNZ87#tZ8e@oeJjmIM{&*wFH`Ry)7 zpa0gL-xq3dCL#OfAQ@*Y*sE-X?xS}Yj*_;Tp*G7!>=I5fHSQwSR(T4{64bq^qV7z| zkj-YZuyxet=R{skMF`s2h==RAdV{(~xHWM6W! zqJ|7Fj`b$nFE6kjZ82Nb8VzurXLI>EWF&LAF4-$VVtD9Kp*qx)Ji59;1&=g$~V#h|k z+!k~#dp616ip%MS8&O)(_nyE!Yg1qFfyt0qT|PT4L-a(XK&|b_4UZRTy?*b$fL2zV zKtjl?=Bp;p7Tb06QNNxZ$lwU zCM@~6UI#E<7SC^Zvb$voTA>y8V@b~ml4E)yv0=y6A+Tmlebjw7>^r#{f@`1x-MGXQ zc&{$fiq;R*sxLm@did~8E>2#LB}R+PGes6dvI+yMf*0y_0MPCR!N!2u%sl$uIDzLl z1uJ0$o(0_$BLS#9an(WSZVi06vWm!jH`n`!dgM`D*&&J>@>`m}xmK)4Uem;}qKAB3 zroJ4)yOt5x9!39vDBmlBJb7e9?)ZLP4X>l|=1KauE{JJvYDC&EafWWg6HF1tramd9 zw$T$G(;}cnXB%&J{qAa0acnGeo5lPaSt}{9CElH#ov*Mmkht74HE_@~l?(^1OD2*y`p)Ia`=r0$g!#U%)BIg^XuW4=XijvEP9X;Om-(-wB z=r$A`eB7Ww)O&mSy8aJ)?-U(b+x=^Il8)`9V|HxYwr$(CZQHghwrwXJ+v;%V`S14~ z-*>i;_R)S$s@A<$tr~SuqiU^rUGq0lYQQ|D*MP^OAk}n<1XAsaG#E1M%iVyLu#m$` zu3KSvE0mRgglMflID+#u zM4}m_n%jLXvq(-$)&0 zh8Bpt7^u(A16SO7t=S@HC|;jvuNUwjPhGxA7e;BA>z??TDUrB1E(15}C=NwI-w|<5 zY|asKU?copPvI}YvKPJwJ<8bR@A`Sj-JS?Y7q zm#i*RBK$?5@8M&n2DU1p2-eT)H6ep`U)ZmxM>UCCK@Em&ssAL+zveLk;EAhEBh9SY zF=kMa9k$TTj9N;p_h3+gZy8hL#;p8p==`$vpRGr}H#BLQ#QOEGSEH(&s3qKr?^oXZ z)eShvidyPU?V&ex-UYIJ>{{ZmfkAphv$Eo%Khm#1%kzj=qcm+Q+?VFc8*2JRWM}Av zJNPq@dxoD8SKFH4=B^Xr#W$Ly*0^7=%hzooG&pU?#WiWG#xnh$ZU))P#eSZBT*Wmg zn`T-C)v}PYsTXuqWaD^!x%I~s+eX&J9h$-%whJI{iJH%KmGro|E!cy@EcRYwqaPW| zJo4?1q>+%g)xL7eR)Un3@cyD`n#NUT&~s`I>H|4oSy}A zoU!W{!bx2|XB?Yy0v#CpWNiVANssnoS0yrGw|%XYR{SSMHK|#@7u>yZRvHXtU7>Ue z;+S2|kQSzKMbxJ79O?M&k+|B9C*rgcJ8JwKjt47One7sbp(J?W_YbBx)- zzWHR#OoAf0fzIA!6j7yR$YiAc!XEilM7$zaH;SlM*oan$s8*0@Cj1mJXbSTau$NsI ztQ_~%-CIzkZ4}@}T`G8gGUzuY%V}4)sFm_}bE3J+5JP*9Vfd(GY!Q!`v)p~wAbRxC zvhbQ!*;vZ{qbHVMLKh%&0MvoV06sQcho|o&BTGqGNN={y{Ik)G*q~TVM(1vG`k^w# zVfAF4Cx!8%e8=;CJ>joL1q0cmLeAc@z8Lr6y1rOdMV04c@447T*S>Tj(jn|a@sY82 zCX?RqXOJhkkAHEP9VGT49ABXCZWzuXlo{3=x6?=)P|o3#lfc3kM&nmcmI<={_7|u* zi>?5=oY#a?DaT4}_<{^(~uCyYJ)eYmC>6 z8$5IT!x)r`(+du%$=K$Co`WXssBrg)s$H(5_`}?!!w0=1Wovn!PNz=qmzH_0c}9vx z#)?c>;0qA7G5_|x@v;Udqo-~agW9E3=hA=;Iz%Np66w$TWC28lQf!E2=EzCaH77C- zT^*v@OMMHLV6);TQr1=%^>^@JMTi?N(5XcFOyZNHmUrNH>F+=>%R6sjL*lb+&1lUn znHwkSf8}j~K4NeINJeA#D3nZV5+5clIazLZptXwzM%40oy>Fz-`*ms^+A`i=ghDSM~Qv;gLlEk#IHt zwxq7bK;D z3copuy2uEcf~JG%R9Vk_c~)&@^d<^AaCc25sMIRu+Wa`IZk3WA)ayU(zHE)N4>S0il1ep>_-AwzgL^xxpUmN67LPQ zanv|>rr=?Dj#wmaL?LUgqIv>pnqa8asLmMcXtyGu6!|jdJiE1Lpfkd|x0@1QGWw)^ z4%fbnIPBTJM7*$Bzg#AM0Ox-KrwUmC<~<@*o;1t|a#aH>V_=u;pkJ`d`>D#BGYhpH zr&JX0rO}PLtD8yGzPV;MbijS)QC=^I#ttoDT{l9jeg+PO`w9T&5wvuAJJ))%2pyl*8nKR_nSjJtJ)gv})3YF5%M1H>}zoa(-9qkJf&5sc3 z;L#{imJL>KhMG^U_oT*=+y_@;bz`T?N?~a!5w#Kza?P_VgcYZkpMgIgW96!P+0?Gy zsNL_O+EOGG6rVAbeeR*EXj9Q!dAB|uuSz2;pIPw)G#7PCnesuk@1ov}U1y-SePDko zXXKO?li6h%CxhrT_UQ>@FjT=;gt!`*UtN_hlT0Nmy9oRR*k?>otVDdr@!K%rfJn57 zDW?MNh# zPJNV*cZ|M=0Ix+PQIAqX3755;Cx1M8Mq~WAuk~S9%`#cbF_X3uWelM?P++sAED|pd zZd+_wRGX9XU~!AWUM%?RQXwTeF89ePqCy`(DSnmwQARB+Ajc}q8f2;jn^lIEf^Sfb zaWEhA*z!rbImpdKId;%zZaAn{SbcV#5>?^{OIfz=r@bKPBzXuTc{>N1Ga!%UpPcT!!7ti#OX8I;8P#o9Vn48 zN2ob4zN!}KeWl4?ncf`ZWZhBTc^+6EW^%#gf9ZXWPh}|drUD$E{VS+!+D@zZ;6S6 z6ck2_Z(JoIS#1kYg(0)2TR}3BCNN07`&!z6at?Hvx z5by2*5Y~=KZuO|{8mh}*DQ+b5(N5;;bTtg>WAx?kk! z^q(u4IKg#!@*bHvp>cVVgJFDyaEU<^-;q>_i4)t&RU&Lw{xQ|OHAiG=lU_isoMgA- zpyXajI7+MUFZ;We*mLCmjIn)mSc~Ag=8tf~>hwU+Lcu5-a8QSRQcilG^fp{9rh=Cq z6Z$h|cB`yCLThYzKQ(&C-nJ&{)k6 z1bj^G1{iqwg9I^COB8rv-6@IqXdohQB+QpqGj0s&T`Wv!E;L@W*>g@q|F`K@`jl}` zq{ra`_?j!V-JgHahLP;6eZQktaSz?{--x=+NCXRnWB2}Qw1Cn+{*v5yUL+W^jJ|i~ za@G}bFVhUJOc>^M9OOUSe<53QbAW8ymhe!w(D=$z1L#7e zJP?lb5kl{bex8XBrMeRY*>A2m%eb6g2p?PX`nYO!mK_@dXphtc=IRkE9(rF;bg~{G zk*^KRq3;rNCFy6kac7S-w|txf&#&k07pMm;J*Wj8jf}CjD^PIvA*mMnI?U+s`sc_{ zXJLLA>Q7&$oSt0QCS_nN!H3wh2+C&n$D6{53JN}Z(FKqA3J$3Uuy-oVX(#x5r_p#F zBi%*H)fhvQwgOFG6{O55%e{{U<9zwwhp`y zYwmkC8hhrb9Q@P5Szo3{hY(mB!jZcL($5i{~mS=<2-(Hy$pkO~dRUw{u z-|k)TnvN8uo8g}A5p^)4U#%F^DyP3(o-90O_=xccggo^qDurg|XLGZlUHzq+K0xs$ z=%eJX;yIDOx?kLHM|let)F6xvwp{hnX)$^5iE>zHQ;j;Txd*f~d{fS;Mk;-c;F2z! zkX%j+N^%t&cQ~81XDNwxlU5m!SV?POELp~-UI@$+xhdUWsjKOd_)YBsEvu=&Kwi`w zim#Ql45)Bcnc;y_ZRV|iZ+c3$6O`3`hIY$Upv!I-}JgC$1`j)9awD^ynm z>qCfj8%Cc7g1yu>2raLa-eCbxuwzaW;$AU%I_u8}cZJ<{g4J)MzQXfoZpggjHw^B$ zmc#jKX@wE=-M5iNB8_`B#95z$cYogCQ~{LjW2!W9D4opfBuQ;#Q2p3epnz6C|0_AL z?vniC_7x$oBt=><(;KWCxEFZ}a>3hqs_E#&Mb{{k`rDIp{feoowMGB>{FU|P5YjI! zDbgC0qM2d*N;qd?(Nz_>x-Ly%qf8%#S-rWn^R-mCW>2Etl0ooP6Vu8a7`Qh%O7oor z6dSU?Sd~3mLET{>=R{(VmVHcZK*absmy#}qD`w#nG|dqLsY3~JYQ6<(iGuLshAQE> z9JO`b`|4$*rHL$Wb`=UZ2-p5c4kwx%U9!`Od4(;3{Ifq7UCt3|#}CkV&OKp~pyhb5 z7S&i-Sr~4{I>ubBP*bHXB09<@3hw6H@g$V0BspxEj~|pC>GD^RCxk`hZVyfRL6kR4 zmU~`<`u*0@G?5W}%+1FeM2wY{W6gPy;VLg@)d9LJen zRVZyjQhq=mF`4-dXIpe92sI3-=GxfnOH}%@Os+gX0`~jKqXDvjr2JtyAa^As?in2C z6W>A3fevg8M004lFU%71-sJY^F%>oO865QXA z@{i9VT0<%dR9pgD{^GfIJxYo{OJz)S_WGBvKCNE!+r!dPQk+icPmYQ1o_d+C6{B7F zw6|l7kZOynvN}497w0pN#`snBsaT zP!6Gm0S2v9JGTl4yQS-M34&6HNrXm#Wm(_|-m5AV1y^QJRu_)nI{bA```5rPS#Js-(BKii_S&{U*HGxIoG~6W z>`4!R+@Fflz~Mti_2Xgl(1wi2N=Sg+cEDL@ocYcL+^u>kpuc@(zFs6}$-WwTLbX6j zts<5{eKx48aKZ=8uZ9WJYe*p>&K50e8Q}e6zu9vOm6A}R`^Y`9(ch$M(C-hmB8lwT zdldp{D*iBbwbcOAT=mkEH9s$LLn5WhRhjSE zg`ftwyAjoOFYPZ4?#+s~w-T;f>oJx0#^;UaON-$hUk~s^yMHu+1I1+iU+m>%VXN&| zPce5=6Fb{ns_yIEFUM5+3iA%Npa&U;RYell5el}dAI$7GRF!lza9yqF$)c{A8ox`6`%uId$Q;8DB* z61g(_xa_UxIXGfUbqh=;>ub&aHY*T~AuJUwf)Ig2>6*ozliBE1^Ek^cq3;g2_xD}( z2EMi+NUS81iP?2bqCq(sGe#Fd;|5QS95DL-Spht4vWs4j=W>zRjhu3lPtKplde<3U zLXf9Pj~QSSF0=&Ecr#sTGi6eG{7X0ffTYE|?ceGO?f$k~<^G~QbJQkn*r5wnYzSAw zLC6}^nuoirn=a|S9dr5*FU ziJm)L#~xdWnxY-}w&>JQPq^Kreg_*Wuz6hOss%_xjTG5EtT$=*EM2}vDzQa<7$l9) zakg={kLcy*Ryf(!ttVex`J?mJCDejFdzXHxrWucWA-ztkLWEl)sdsShX>@@%yz1V6F=80Y^1tT=@@_)$I2@BW-7cEA#t$r5{!8jDZxo@ z$1OgJYo#_lMkq8Lv?t)=mMnq39Kji>Mz8%CU0!f$Z4BK-hh`(|74zAZAo~8|qFe8U zvf5Nq4G5oGKiS-tcACWef?RW894G;!P~nr{=5EF-XQid~ZYXPjDMp2XY&RAFmuNX^ zKbAroqm!JvNvR~JJU)*oy};i2LT%@G_E_oDeNdG`KPJpwaL1!P?zMHkcZ&=%!P6h& zS^Kl092az0pkd1=kfdpW9Ag|3Y7O1w{06Nm-#|4&RAtMg#53HVyu&URILsc9r z+4lEPyw!@egm~96#Fr1syRTCeLVnh{{A5C9LO&qfA$slVaUzu_EbuJCFlVwMs)?V^?ZvkyxelmBec97>TLFHT`%M}dfc1j}j#IT`cHUvN z?-x+eCtHr4faF6B)2oe$TuaFVjVJuBI&O+W3`KWN(vvsR;6J`>}fAP|TDfhJV6#2G`T>?rETth+;AamXnTIaN_r2 zg9<|p(!(*Rvr);z+Hb`c%A_hHNhI7@i+XaNxp1HQwjo4RG{gb}O_G0OWzW3`$GXb0oa9_=XKz%T;vTI2d5Q!*28-T~fLo7&{ndktyMDVl&~vjKl&fg;l1C{qH6lH7iXNa<{`EdM|gW;$qVwqDE{VRNv? zitY*frP3Li&pRqNiQV!dG-8u$``m$u8Kqx6a`n|H@%B)gr)+mc$cfhMGB76$Vu zdwO5bJBQgfuncMKAITwV93n9VR1ys!mcAXt_%7?%qDvfJ=3wmOH%J&69d~xb5awlhUs zT9o(+TQucXShP0{{=W89CHUR-RHP#O|L6@q4TQyO>CG>kx9x+Hv>VBakhBl6*+;;J zUe?kPnS3Qc1~$M0d4V=>3a&Y&0V>v5usY4w?V=wESMuBtDvNEOhcxntvBCPCGpU>Y zhn)X08|qbbhV_xlcA^)>g}{L;=;v8z*ts%WfEJub%%o}Z(D0zh@GYzJNf^T)>HEkw z0GBUv!}s{2LFD^=_s!xCLC1mgEO(vLL>GDLm7oR-9|Cx zx74n&e(#y%1eb}%Z27qgW?VGAeLB13s_)jeJm!>X!WJBZhxoWG0i)@AWYu>r0H+Xs zv)2NfKOY)WWd6N+4Sy`T|Efjd$%-@-vug{260R_XbI_)eg`4arly*I6Z#%vHJ#$Bl*I>&$Vi5wbx)F2I(H%Nn9kZsvh0f+JA@ zepbqicm9`Z>_n`U@B&)}4EqV;)}~C|GA|LGOBPK^Li){tD)v6|E~6Y}%i*}WKO`L( z7i#?!aQb)Ywm?a{Ysiu557A2^S}YL8Q@|lhMw=mF_|=_FimCqz0Z?bHHCM!euKB^B zF#wB)9~=i&aWsMk-`-5ihY6cuOhw|=VO-vgYUHW-D_F!hZ5hR?p&9EtZk$P$QAJ?b z)A9af)6B}nqgF}yd$8>kzga>U1M?8UA3#3E9gvwG}Gy*&^ z;szmz4!8DFAzC6UbBx7wnxJ&cy~#B@Fu| zbsr_huOzN$6XW?pX#___No1~@^RZ7gd^f6e7r_V~`uLCl#q`nW5W>#*L zVf+c<$3dCE2V!Bs-kvDx`ESFPsgr^ac{tFjJ%(;OUd+>UA|fx910~`2F*S3+VU&A# zSH_mSFT{^1=cTySy-(uyUS7<7V^Sg`H>rAGhrNI=qs_(8iT#8&B!H1ox)wu?5)CGt zADOt0s-be10|4=y#$%h@c5D+v<_u+tyTOXaUE);B%I_+2^;x?TyK`|mK~F}<@vBjs z%pfMd|R3ua$v)f{}(*N|@ILrIb1UJH!NyE3hW012s>Jx=kA7y^K1d`|WlT)DG2a*6G( zR?$yjB!$}(M{DY}jN|zl>XL9l(%Jbe|KPFV9@^1Tj#V0~a@1rAAtGX_8F<)Z$p^C|~ctoIi9Y z`@h7$$#(950kiU>R(AMoOzkqC1G5r5_lrbq`g`H|7mHB^9JfwoN3(i=7{A`OZ+IBl z5Ercyt^z%rI^)7KCWiIa4{gCB>U%7oI|4Gy6BqbY;k^Jlp*58|H8Sqm$3P|z)!=(e zN8yEw_C!{wdyZaXWa6}ZOFPkplYL8t8rD`mC=DOWI?qZ=H>lb0+L2aDYh1)p-2`a0 z4N&_43w!Ml_2L4*XV%I(TF$DNrdAR^!7E!7phH;9W?!XaCrQdi=x9wmTl*pB*h|xz z^Kk~2{6A>l60);e9ll{qF6VT~k1rH<%YU#uA&7od-v`y0?(MSRN;@0jHrmset^?YP z>bti~kMu)BdN$}U_R$0zJ*JADXeJd=!XK_k0K>QvCLppvI%$6@v93FRVuHS8jEtON zofy+FkY^m5eHg`EDJRuXIaA9 zf{13&kY<30roV71)Fc6T;+H27Pun(F8LsPJ@BSgyVXYUcl74%W{<0-F+pFG3Zi7kz z^4}TS^-)*X-(%PoiOS&>a2C0K-wGE3oaI@tEE*2oKDNQ~jBKxt?EE*wRtF3VQf2LW zNPjCMB4RMvWPDNKhO3c(4@co@W&Efp#%5`6i9LkzJbT{mY%%IiseqB_N-Ax0#!!$2 zxL_bvQk?5>-*6y#Ub`(63AuxKm%FR)kiw?b^ZwC^(A6U+)B+X-fXwdVu^EU0fY*n8 z;J4^){7eDd*|QJ4!xvw)rE5ZI&%XQ_Q>n9{C_4=D<;dkgu~<1)>qzNu_o(4#d3+;S zf_67a95@9}SPMwN=P2sz&DkLpb3+-}he}8iH9VUi4_AA!E7xcT8KgBzf2yen*wKW9 zws&T6h?11pzchmZ5u+0sdz9zQ_6V?ts*s~FWY~0siX>>i_!t{zEqusZLT!31KN2;C zy z0VXu=_x!8K9xm5r266Pg{P4mDn?*rHz2?{Q6(X?|?+E{E*cdsIc#jd)Re@iJwl?vRfMfM#v=(lV!GunKCT0Ve#j1@tXv@EO) zkpDK8g3tjma)H|XLH^8%!b9RCAE;q_30JDL--FrCHKFie ziWCb~HN(xPP$S;wsZ4l6%^Jz1zw0mFr(D|-nO_bhBd)(a^#Y;H;Sb(= zpO%pb)fE^(>{cX!EF!u@n42rX4=dcC{b9ip+=^=?3wduATm4W(Smg`(oef6DaZF>6 zkK8gXNwfEzCLFgA-T!ynJ>sHce94i9vUp1cL+8mTXg=tde{w>kmk6#~&a~Lj!WX^K z%ky+-U3bxJ)@Gl0XRRWf;3{5CAQ^#oosL%IBOPW#b{D3~m$vAh)NQ@s%ck67m)c_QbQE%Z;HmU^M7KdFZ<*I&hco=q2s$* zZ+Ex(w^(M>gN4@z)bZTWHH`Dw(wG$+oLjFaSeZD=pX8OpoRXySrk+F6D0ytX`Dl4Y z)3<(+fYqpwuER}3P8EhlugwD+<$zd4PA78ca_977*umMnA9l~#Cn2QUw^%~{xob|9 zO3u2($UjV|{H_9X%;IrHda@xsoPM@OBzv}D01+bD=miop*Cxa4zLSff*b0xU;)rmf zXbvb;CRAnBQsy+=FZTn6!uJ#Cs_c07J$gz(e^l(6cXf_l)D1T%UTq7x!22j9S!Ue# z?0fxIs&6KH^zBXxC!3_`C4a17u6BwI!5u*ieg$QtijG;I-pb+s$v(?m{3ys)UDiDC z7Y|@%BTpg0oMf`kca;Rz4#}t$7|A~}rr5B2jBiB9D(I|szfRy7YlT@kiAsVVr%za@ z5W;DhLmKXrB}e|3!Im)WyhJW7HVW*`FV~E-pjqp#JXXeVR$c4favdl~a9pG_ClS zDv%t^_}N}Vj>tDdRRr0D?J6^25RSC|eh#boO--pD1R<$YAA{oPgDsaPE>9crBbRcw zp$o#vPQ1RoQa6G=t`ZyUyH38;t%s|>K_xDi^ZPGx7}$g(ue+e^Mqv_Bx1`n~W%lM9JPbnUxL&+5yrejM!<6_XI5CPK1r{X@b@4_sgw?PwPmZ6nu{ANW#TC2$T8;6 z)C1BL*58bG9H^yCgO}12=zp>4_EXwJ&AQCA*2__hO}nx2?q;#Ji69<~bXpM1^jp`z}35FzXE(Q7PIY%Y&sfeWQI6qjBtN-Z#_AO(k0j`g{Hpb9f^??n;MSyrQC><+8vj zjTQKdqs~^c-q>P*BD^9-nEaUo3OzxpF?o9m;XE~r;n1Bn$b4R%G~4(;4;qe)r&Nj4 zcN5F%z|N-~+eLw|pjh$6349Jny>J>DK@`e&Bx-#j#8!kY8!m7m?G&+VujPdTPkiCQ zh!WG|+Hy^dyp-hus<)Gr}~ErrF@Vx_ml@6%NeT3@mQl1mz5 zKT|lZ&h|?gkzKWUrYA=Jdhx96H-XZDL%AObU{1!|+f|xkvDhr2`lZZz*^1P=(cid~ z4d(Gq#PsZ5B1>#7gDQf7bJdJq@}(oXYL6083V6(S#Zc%Q&(cS0@L~hI2Pog8)Ox2h zG?&tp&vZRDJKPq#L0S{iRq`*Q#@qPIk< zDE7sP)$v_?AfML@2Un(sD!9Ey@jK8WGh0ENZGYafw>`E-eK4mHHYZs)wJXvFP0$4$ z^}*JRXa1Z>8J-w85PN#Zj8PupGptNDX&Mi`^r`O#!M2JvEIRN{W)E7)C~#t?GFG#N zzYb-~+=a?qEgL$+1d|x#)$@#iZ_WR?aQhcVbE=kFEH?OvW&b z8p87(sB;Tv=tO_=q{UGllexbzX{=;_yg$K#OkYJ4pJPnckmqP^VV8g-KhEBtINP*O zT&g<2BjWLj?D!X&RW!xKXL`#s%ND8tOr zH&4!#cJI-Pal z$rw}B{AlW0MHf}c(U3i-r0?D2r~zZqu)PPx1UC_337w{zVu+7TYtJ$~;p|n!Uz~w- z8EwLCp`CxEZ)CyT{Vyz5BSY!8-GeH&P?j%4W8^+v6XmdDJ;>!YWOu8UnOf;Aa~z>m zz{1w>>&B0UhFz&g7IEC1j!5vMM_e|_#Ttyx;^|TJU0pskOk-3+x_;s34OdY65!I=Z zp2=Kq+2lM94|rd*KWcbo-B(SFE)%K9S|w-t{XXD{6~W22{v&j8(q#w-(FF0fdK1T$8v*t%os0DbJ zanM7^)vzd*X9-LPLuk$9&Wi+;h|;gvsta^Q2#tF-o#0{PlHmzA?M?yNJb>z9Qyf-) zjYa=?QNIe<4dc0`K^@@9$Q#a1K zitQhjQfjg#C)ptZTJ7mI$tX=@jnp6_Kl4_gjP zyWq~>$6vbQuzYHry+g>y(9TgI3)EcQNTUKDoE17OrSLn9J?m2OkwHl_Z)JjD;}7FA zgO((!fN&eD-dLtX)}WcmVCqHb7TkT^>LhP9Sxt*{f39os)pld$uRcz6OoH^y@St^S zo{SPk)cQ$pt%m&FXHQ7SZkxUQ&&8i^Z`)1%tn4w7NpcEcS*nUZw zpcJ{?8Hrv#p(5ioYZ8l!aFgNy9bB?t97T9BZtn55=V9eyA%$b}*jd!NwhYvPGFijAwqhX6 zVhbcSR#$FzN7+tg3Iet_F3WzrjQU%+|H6d96R$^Sz{AAYIbCWyg#n#x-8k9(JF1Tt zv9 zH5sn=7gvS858_ngJ0wqa@ECbO&xqbAH-D37c=;=<=EUDh<;6rbX_> zE=k-i@?yhz^9)~quYoStEaSd*mXhrVn2*qIFJnvU%68V`eyb-FzCw@o3)^YcpU)|> zMU?xL>DEJ)0$`ar7E8E=4=yl$RP;F@2G&A{`=C zjf&1LUis}UChS9kdDa}tdWdN$rImym3$v^H}c z!r>OxUt2*mCPl|jVe?2AliR|(#4m+`fSV9HV0&`8>SSblnd>fbyILz=W8m|Y*HkY3 z25NIeNlp05_HWpOt0V~7$@FQyd$DBqe1aU^B-fxw@sRWsy)kR0n39A1C?RSKWfWHc z`+_kak(4Ko1K5e6br2sAMJweqQY=}Mr(EQOYO8ip5own9NEqTM5*DrIejb5obqWnYGPU z|LfRX{I}DH2^7D9K!D98+drd6o=e)Ids;8&TpV_0Jd8diO2Rk#!=Jz>_r6De9E(PC zsiFMySz&54g%m4i1cQ(-L)>rnbd2GNppLrcZw-xB!5aosmSN@EjnosV%!F(WOn_hl zI?gRilH^&PzBpH4l8Jo-+xQQd`PU-ob5*`r!qbWM*(OATZ6nvPHHftM(LCcJ3O=`d z@?4t}dzDgl$g<;?I4Ec9#mDX12~;eKeOukuSMwF-pJME$pYFAaBZF1s@%0XEXr`=K zt7ku0g`nbd#-85dnM*wQGlIqBg|=6kb~CC`q*=h|LVJEJTbf}$3X7~sWKpbPgqKO^ z7)8D3vy@M*S_~mQ?ue6ICWGeS<=m~;J%Yd4es%Tu`H(>NpvU+A`Gwmwl6%Pu18vSH zV_hd~m=+xN)2hs~)n(#O2hB%<(JL4x&`9SB?O4&l0?=pu*-tXuUEcBq|g1)i82&w8lZnzOb>zA}@6)2K`> zD_&}z1XnFP8tP2MbrMtgqHZozinAzEzB7yIqKYxA#|Q9yJ&uTEGcx^ASaI~jBzF9X zt6~Lz$Ml{~T@n*k+0v>YXt>zReaKE(Hqoetcpijlqb!=gW@J;C_uo4U0d2oMB|78i zaBIGR{Ar2PoOs<~MX8_hP|RqW7^eOawew?w;DBi-u|jMRjan9SA%ifefJRaTFGS=^ z%rn8XB92pe^ux3)&hp}U`{OyV?<4(}&z8XID_PCuF|&}|L7-?(nUZ|D%P4)!76#Kr zXogw{#~*F^Ixd_vLXydVm0h7(atV=Ts!$LpK~1qSqhx=>tu|KzuvxS~-aVOz!01m) zbNw{cu?#7xm-eoki!lc=n8M>hA^4Vszv^221YlO=pKmbUNh_Gi5x;#Wh3@i1u^lzC zwcp)VJZl;Iv$WpbL~Gi-AcQ+sD~c}P2uR@56kac+5~BSg()BbO<$|=J%?YwYR0`(> zWc+@c#OB2&{ExI{TMJyIOvas+s#c_~2tF!7U;q7yONDhSrr=)#9~MtkMFo0P#+GJd z_k-9#Gs$4WxHk|o1$GtKCe=J>2(m_CJTV|YbwcQx@GSvn5CQzv@Dm1nyUL2VH>%9W z0&}7yqY=iNn%KK)-fqpcf85z2r(p{qb()FkGNUZrVe+Q# zIXESC@>c$lw3G6-_XvHbkTi?s?LLLEMUV9q4xr)(_ieVTt*W)~SP*bU42X$+Fw7Z3 zd*o<*9fMX@xd_%NP9{T68rY@TqT^HZdLT(7nv!$3nI3rdsMlYMZ%Sn6QUVau;s<_3 z(vlsD(@FEN6nQzKaxR=`6SAtROt*Sbn!jN?7o!iC#BQacYreY1C!X_er`vSCQXoGB zJyg0paj{C3Ze@LTQKYMI8$>*;nZh@tf4DjbqY9G@|EvL+bn`$zcB=_!Rf}IAEl-Li zjmP;d>b?=UYs7c!CfYiM`(afi8xj(Vn{{taF;f;jA-*Jc3Kj`5VAERKZb)`Z-EDmD5Vz!W=16AR*3TFIE)^hi zk?RBJG;N7iz+3zNz+OBkF0uP81D&Z9u4aE}>`Ny`DRXN=h0DBom8*oPPrKfQ!;w&}7QU&s&e{`(OyxmI@&vkQEtHzuLfmUTs^{kt-S0%Li zI`V$hLmK^ITC#jbm)(>doCfPa)}y}N`Ku4VAc-$M;JN>Q= z0jVuKdoXsnPPRMMj2>(u>IgU`K>>o9h=jSst8^9rXuPhX0mf7-IcjSC2|;%D>vZOH zxz1qddjij}1d9gD+d@@>sY$b&`ZZ6UccX`DkEM5K#_0n#Zyh%z{;f(u(B!lBryhm> zAAyLqV0Ovw-kK4F!jZKe_Gg9OLN0PTr!s%r#m;#kQiTz(yH#c*#PpXnSL30V7HUk(5pvkQ!8=%o&VnDR^`$ z%lEqi=pd^la(CGFk@K%R-A_pn!{_YYfX>g4>+kd?)siqcQ|IczR}WE1uon}k6DwZ= zZpOYNDY_RWD$0m8_s0TbE_pRUXjTCE{0WJ~<+J5Gk2@JD z6ZkB-Hl~Q&vCYI*2LIJbx03G`FU$ELdzhbY#@H6{TyqUep$Z!%6O!n5KQL=GBiGGVxMYt>VYCfQs<=fx-ZF2st->exRFPCpsQ zr7;FlQsB4iHL|ge4mbA9uDy)o0Px z_1~YH%$79#%l=mYgByJ0Dgl8oYSR>S4QGakO&Ac7UvUt#u7qX4lVt?o22vOG`Vu%| zuz(EDSU6kZHsWNtSskQo4^nOMa_js&sIJ>NEP^EchsofP5gvT-Na-IOL81`{3%0o9 z1zXG^gU#<3z}DmIS~B1kUp1#LLmr)?fJnS+WQ9b<|x+k9aju^47zBrhH zxf+UwX;iExAm;yP@9Li0wz2(vzJCQKeQ+`p+3ns=r<2*~jAJ{!o=shEp+cSm81+bRGyIUlik<_@%t2GO_a9rS2KYtc)<& zq_o)h4fyE+%3G&mvI$UszaDFB%~LS}z#P?NDRk8u zumAyOuoWLnib*?AT%Qwrr`)hUKdpAq-YX@UZD_6)eIQib=#0_|b8dKwydA_@Mx{aR zj2I~6Qr*Z&L+UjxNhfwc&S4EKr5^0xh>k8ca8#J8ty&*UW`q<(_i;n*G7vOIf&vprO zI%`4svAhnYG)Jei0%1q&$HY4dng8%(YIfUEa}+$ae1mZMu?|xy$E&>#wABgVol9&F zxHWJtCMp)e5Fw9O$zu%&P;Y_VhQ9@yO#73M)^T4SuvEG%LJ@ zJOLVb@#hE88@GNBkS&xWp%yd*5}QfA=7`9a8_!Sz8cW?0ue~T&K)H>IXOK&InlQXYT~xd{p?3X%8cbOslwH~r!{Zn z!ENnhx2TP(7&_cw^9jQvf8+n#nw)V$4)lGkd_)m1{MG6}~x%AFh zPMv!L@WJC~J~GMg{L*sb{+p zgbi6&tj6^g<;ou4YA*(^$AO1s;-i!KI2n~hwj`(ZzVZ8OlGAn_>mB*S<+akF03gC3 zYU1p(4{=or)m;W`XijRFg*t z+-}iKvN;H;aOQgC>QTCL*wI_bm?2T6#oKyjnJPSp8Rm1l!Bo*i-dzJk0!!+CbPT{i zHoaEgc`KDWRWqf$uzPt+V-9_8pbUL8syF9LT68D9My4|z+?MJtKVhB@Pt%r@dbVt7 ze$WXT*lq8#h<*0MMR$Y!Ko>PZ7b{$rq;QVR9$4a-L)nE;3?L{T0O{dnWI;VAw9N~F z2Q1oXU_k3J`EY?6TrWu@UPooSUJ%b}dOj$-=TGdKmVpJG{Kp?R(TER2WAwo4B7dMc zgy?YeS_pje{2&Yu4|EJrKhQAc7?TY{vSlh=h>8>GwG=#t0WZoGmCh*noY09}eg|QU znQoU`r)(NQScY7a?!A6g*aWeMT1MiT3&2DQ{ibkJalFi za`;f47k`948ZgOY1r5R;7o6-mv~M(oPyfD~XXQoVjt}K?1NOWpqIilAgc(5_O-qhx z++Sr}-{Zwx-4`tT9EBwE0iNtx%Id>Dl!&l_N18iq8LKtq95*tgK#3QVzh+}IoGY+J zMMK<{qnHK}nh9<&PXZO}BkFR}Ks=xXC|i>TOE}TlPoZl^)n+Y2s583#mN6(}C8s%2 z(sMBu5({<8fvbM;x8I^s0>q=eHd|7k7O=Ff9pG#8y)%iFq(}1wEi+b}%n06$+`{YMaOEHh#u&vVK@A6Yj30xTOlqyEx;Xh({Tub5)viS{UTP)BE#C+Gs2 zN5XYd++Mom5#qo&mGGth{j3AJqXF^dyHD4NkAUyh!I2KxpPnAtLG9WxiJ!isrU0A6 zEZa+|q0J{!jhqZURR$jI`3V&{J*P5`0H|IKXY1&&gO~6WU0&UOy1F>OySjXbw0!C+ zrl;tRS-0Y-RbctlWIUv;*ITu1;?my5N>CJBqU(}2CThv2cx44E4Y7a4lt*((o4255 zDb)29>Hfy3NP=!5mcmqf#Bz=>ICMNhEL#TLB-qFgd5YMOL>*(O@l8C7$ReLepTo)N ziB^pYgIl8mU(L^nHS1HFU@3QJ)hR;1YKqghLc8gK<9HHnbWQC|_ketTZu55GR@5Kr zBc*Ie890WcHbGsH$T9q6YyR7(kJEk{)>Y&WU$FI>HfV+U%B1z#XauvW_pecCpR--H z*Iow+<59TrCqL_ldj^~Ncn3Y+w}W)h<3mAIV^FiE{?oBfNtpw(V>BU)e&NQ!x6)ET zVUZ2ZNrP$OQ}}ETHmqU=Tc+VT4|Kve5LrFLGts-#^#6D?c^x1wI>NTeXu>isJH_yN zmIfbG0qggIUqxM5=zV#T*!Q|%Nr*`ZbYnH1vkIm zp^^w;E6OJu526~LSmW7jCjBX||1I>=ym*8DAnMnJdM;Lc)}V(KlNNQ$Rl7ptxCUBB zT;}@SGx5Gq3*oTqNRe6p9NC-0y>-~+U01t~jk4y-%AW#@za22cm59bj>nb;p)6?R+p4#Y(t`r z8Vwt!Tv`(!U=Re=Y%I%K*P0EG7etH<7LPTx(t!)=cQkO(2_P3 zH!P3?*!2puykTp#6t1-Zd9f`I!Zt_ZWeJf!(tAF7hkslw;bu-#f^bGe7 zqQ%e)VETDlyx)z(v-V@?naux(TiY{?e|rXwg6y;VE(BK$cACt>F*#^kAtZQ=}JG$_-=Ghk)jN<6>_*GI|- z+HRQX!L%R2Cz+_s-W#HPJ0*DTLch?@^&9CXzrMcPftoP9Vmha>19gA!Jz`=Hqet0^ z|47XF3S0ft?Vr##U}n-@%YDTfRwf7j-wwRiUElD;1*E1Fj|@{lA1@`Cah+s4c()%RdOU?-4o%!XJRz_ee~ID0U!- zJyN5=i7oi>6I|k`X&5;XG{C+N7KLTtWhY33*1t6pp{EtLfaSNv1uK_fG+*WhJCNMO z5^O84vpg1cHb93x(l{4#!7_AMUTm2!?M=5cwG5(>ry=MD2WhZ95lqJsB9Y669OgWZ zk~qwZ>_(OJ*pH*6`Wccz`T!4dlTK#AaUwq+u-vn@$L)KFrG9!6^F zr+kQ(i5zkWKlwv~$Pt=|5gLdD!5+d0mk=UJ;$f&GY>6h3NRXLEp42ZX#1gi|Q%u+r zLpEVcJoj|UbT%y20T${6nS*@QmbR zKJJTbvLzg31LbQDwSkfva1$jo9FzkkX;y`~vTaFb&5ml8Vb+e}&+fO<@0sd88!=~t zOpMN>Vav{uCT+W5tE>X^{I=aLtKJUnUDWVKo&@`Wkh#mhILfb>V%Cl_F?N|26BUCXCu1b%q9ZkZ+fC(Rv?ZO9F=Z(UeJP%sF+p;d z#WBp%n4%x;$>(UxetKCl$D=KAY>$b0gv$-NKkuV0dn#86T#(L7k*tu3U82^4pC2+& zW*nQOEqiuj3d5u=hvk}_*ob{J%Sa~5e$5gT%T$Nu^SdFV1w-J@0o+82??B!De?1FJIy-Y z>mTp+kN5h%a?pEyrJlp3e)Qz~O78R(OV)Xov9@gP*k=;F+KV#UcBBRy_;?l`ZgVOu zspQcEY4L*j?VLE7fk4QzIlj2?xBa{xY zmSdZ!tzTC+O0L>eWVJvYU>c=gGmh2d-%8_%Ydy65&Z&v(^n$L9;RV~NB(A7JEI9NI zLB3S9meYDpGFJL{kZtKqo~ynDJ&TloIns>H+uHCRZ*W0#+HB3$xuUqku+CIRM~OY> zc9apWs+!?!MYz*$(1BHEWt2>v_X6aRQUR87g`QMwQOz11HlivXXMT1X2WAgc3Vs4q zlBV9u_>(vns#6u{0ebKLha*iBNp zgIZM;fSxO@TzCE-Eu9#S1e?#Pu5JMdl;tKCLvtC8n^)MFtfHk3lDE;t6i z4OHOImMykTOiuYf;mK|?x&Ck%JZhxD9WD=x9X0rLSo>HCYdSJ-P+H#F8q{vuEF-`< zd}-O@N(OQRLw3lVYcE2R?q{7p=-Ye`&kGTw57%T#d6PiF1CMv76Q|`8C==Fg(a@?e zE%&t7h*D>r>oUfUZxRD&0YK~pt_@zB-zQ}QNd2`qOefk*UD%cDWQe&a$H@b3{E?o?~K$%s;$JWUcmKBe*- z5AMfK^%dp^b!NVFUYctziTH;Lu`T%QADvj=n-q)fRKl(>M-?oMk*_^?41u$*Uc}%e zoP2tJ+1-^s;hb^wzF^sBbV;Ng;GTCQJ<*3yoXA~OFY@W!0!KXj7lemjFMJ*FGSKkX zco|QpA}n^f)Z}X#rghIH^394p%o;XpIhj#U;7dd+K9jBZHntuAfX6%LQp4oMgZx~a z_@CZiien}Q-Hmc|Mw;v_Bh~6mRpqPbmNhGB!|G@TymOSXqEM(B>>gc^YGs5xev6(8 zA-!TO7D3vX^5QKuw8egbCM&rA$3i2!jaicT+5dh2Ox+49y0QsKDhQVM0kb^a{X(BF*1iIyY`6w&_Ooc3(N5zX0oG_J*L>NQe4b5*sy&0Y{d-s79QWoXT4uCpbazhXVO5MCyX# z;ahnh*^-ue-7xR!xEP;;O`p!grn4-S`W<6qAm~x6X3P#lL7i|0o^l zZK*ZeKxnht_DnVpEZb@83HF@?B+~0L7u6-a6Q88y0LZEdF_)1X{`;D{70o{1I{tE2 zi_c2uqt0>E|8B~LsVaRNZ?@h!JN{fXS-g%g=PaZ4f+PT#Y7dKC9v0J@Ay4`}&o4c2 zni!iqr;^_YRsArj>M&6fm>TXn+zeXx1CPG(+ba)XcvIKfn4-hk9Yn*?pe~vp(f6;k zq>*pUxi|LxxXu{T$UR9^L-u*^+7dof&VCuVRk5lq@aVne4)MhV3K;nHeXj)4QJDQn z23=o(-Zyrk#@Lkr8gEx<> z1BXLz4)|76^ZDFdJ)egwoW(bs-{z6&$=&nk<@sa|Wb8#|;{|Ld8|ZMT9K58=J2$H? zP*Z=t-AFE-N9J&rT{wfzBeIiQ7s#|oLlY0@$VFwp#YSRBWV%hvZ;KAPi^*k6Ib3XB zT0kiB=dF!pqXnf7XRG;g(1IfU$H;z}XVLj)&XExm8l7d9l3NxZyc!d@8lOGp zJ_5_$dl(O`l$G2oa2WU2XU6(5wcagAHr4cyUW(3H-?7-66$wS}-^%P8`+nDk0V4(% z1$%({+H)|_-LhqnA}DiFs4(=EH`#51+>;t%C3zKpX&Th(YH>~)cd`jHx`cpq@wbj_ z3N&0_94*KSZzyYPklQfyN_`~{tu1Sfv#<>W%$i>010!`~zm&#Y&a@w8M!ryQI^j;A z=|R${osXt?ZFnV4#c0aW-`(fC3fN{Yzj|qeqem5NsF>@*f@a%jvQ2wUC|*PFF(*0t z1($dUw(slt?fYNeh#?HPH?A*-ZW*{1M5KZI#ovt8v-0Vc0#7v|(?<;0wILP21URx(eqnVvW}Xveg$7KOt8y>4X1n zg-gaiwFRkBR-)NI{FYIqB}lKH~?G5-2F8z#dvHLw!|(-af9n6ak*aIG0jO;u-Hh!{auXb<=B?$vTs!q~w%be7OgmPHR9cuSHRz{6ff)+$PS&>>) zTj+<<0M5nHOpIuAhh-icY}b(eTkkV^B`aqQsn@iWr-2+o-)QW#(2fpz-K+?$6;%jY z<0ey%R|%ZU>NkfOzqXt7)TPyXvzj^$X6iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBTcjGn=XrJ>dboSk8(%IhKGjEw>+D$v1$&F{)XPAO*UQ?t> zQcf~^_P^gF$&T}3@k63SClMdoGqFv8AOHd&07~FwiE<)xl%R#25SjjXz67a{?;vA8 zgcv6$Cnx{spZ~1>e{yp2^#3P6zdQNi^xePS{q*z6>FG}=Kb)NY{L{%#KO`qXpj$?v zG{_%LI>UOpxEC^jbD=>~!PWbtBq5-IiN!Gitr;Fu@gqU0>6~KvKH2cf-mfibnj(Ln z{6otE|FQQg95Pfn5WJsh$93vXY0UQiOd>;2I4OU==a)pLN08G$Q7S6<`(*vo5#;&( zKTnQNk54AR@+JKHC`Cmi&2{z3bv;w^WiwN9UMMZHYgD3;1TSz-IjsnDWB|S12k7MF zDE7X(j=l1)G0PcfR6i1#s?LhQDF5$He?C3^*Aw~w*XhYWNBJLOJQN+sDc)-2<-gSN z>ffpqzxC-1HJl!;C{N!v%E(cM8dA_uDv?@T2rHCEsg5@+wiD?il_M#?2x(gV8rYSj zT%$Y}tjKCjG)aD&e))U_dig#%RvL7njwM2Rca$Vs5ZCwr)^|C+Pn4FFFB*PK7)7q9 zNF?gdkl}-QelKQ71fSEzzR4C+6#2dQKUhZn^9tJ}+0dt6boG~<6%yEv5JyR(h$yH2 zyw!wh`L|*wH}u?0RU`a9`S1UZl4K2xrj>%OKNLCgv#ZNL-%ZI9GpPTVB)KdlSkvts z)jS(AZ^ypxl!FMarC?VKIDX`5E-2TJzmX)oU<_sq-zTMlfAV3|#N}8D^=vZhgnM@3 z2}B|H&RYMd8y&Vv1Z-U^Ul;CqqhA&fu=( zr|^^0tfVrg&2*j#!4UYf&sUlH9q+^Uy=>-){KF;em(Y87RILUBhUBNI zS~l=&3uukITaHCu1On3}d-b4PY2XA)J|1FS3}(n0`RDOTZ{s!(%$#uZT<4wxVmC6l z9gHzE$_Im0Dv!#}X*x<;Ks0WODrOwDfd>o<%L|u2SY*Ef-h2ZVZ$J*#&F60mPzJOu zxO6%(b4k~r@r)2udw0Qc_9j)F7c)l5Ak$AD`VWuC;aV&b7roeUsK@EQz?{ctJLq_o}D^Ro78ef3Ti`9ea9Q!PQ`Vy_=y^N~^sluuEvQGOO_^Of>2M_6ghzkB-@}i5K{_(m2=5St#%bB)dVg}4~vbfBW)VE9} zMw4wQXHo^gCzLNtYGXTGZegCl(UKB9`7St4$P!88`R@+`+3d+OY;!vwzlrOypFHy5 zCY!8>3Ek_sL_tNvGe=|?T%=$)0ci-A_Y1wys4EtXwHb9#FdF!EPT~MAWjzLDhZ~&x zFz}Z(N=ch-ST7tM09(HT-wTPu9x4Fod6gbkn=eY;2x;WiupZMB@XZ!SkDxDOthYIO z+z;T&+!+|$mWe+AS&8}F1l{ex-#6<;AsZdo$FrOB0QS%R@irG6pNB)k%>EnIx>?4% z&3%npS`5J!lV5|zPc)+r1o7I;`*}YUWM!6%E?EEHt7-SC@wN(e{sE1$3ftbN9&5G>PgB4#F49`UoLNIelGmv*@ zYoH8flu>;*t@EUZTj2(WDFKFq1K;Lg|7!D|0)s7$^RMN6!!Gwx{=&eZD`#MEnD?bW zLs~i-ISgxC6$&pm$)A5bsL3$TX;ZU>!asn+0@KSXqg~&9+!l%inOvSJMHhTG{pH1Q z6kBKJEZN}j2Iu|~;&lxDX7%+*RZkSo*|Xxr4TKMMTZ5(ik=3v+?2HMrnrb0oVdN~= z=;%yMtVy08OV|$Q&Jlz~4TWA# z3Td1x>1}@qOy-s=-u{56A_K~!#S=H+O}eCC1agNERe#W%^LG1(T^m%{?GJ+yArw532pT7u;8Y9ajEUC)IA;Ph<%BtyLv z@xbR6^Q?CSqS{zl<wYQ z`yj;4^IGLg9Qy7#rOKEI(TT@PNzmV&atw^v1H^rg_0$TP zbXPM&-F@*j9J@G&g6T=*({CR z&Sm?O77eDnbhD#o4r{m+c?#OtoWmQgdq9gZ$`{`%41%6HvGn+PRz7lxO=0L z_#F3+dzLtq(zil(z+j;5YA8&$PFW-sJ17$SkQ$d#4|S=9->@&#Xo8Z)lDPEEWJ zWQDSOr>Z8q-cW~b?MBAcm0+~FO;?z+3vacAGuhnl^kw@K)$%^_bz6pZQ+)Q=ba(@O z4XlU*^cN|zV1V6?=(;7*ACUi!ch_jF!Su$$50i4NOufcCV3GJ)@`)4o4TnqJ=E!_6 z8~`7e`^Ut`(MggyMV7|rs|Rnn9LSbdgs~O04~LM)mTtrAzZ}Na62Uc4-W-qaj8Edf zyD42$Wlu~U3Z3ni9R@xgyjJ(C9*?Fc5DtjbU+U51^hJj+1qlpQ_Vk}sJ=Y(i;LVRe z1hK2L5`_Ke32*1tfThS`VeJsmOY}X0Lm?5;FPvF)hbxn-VisfLHef&A=9VKZH0THd z*stutjrzzyX-Yn9t5U3WLOtu~Mp5ZmvMTIDEUljEO>g39p|0j0oRd z6|};^sh-|LYHeM?dy?9I6sEd=OExA4s3k~i^Pql_aO41j`EnjE8^wM5H+6ar9qsTn{vXjWX7=P{l_BDd!Y$`>1^w->6c1Od)+5Yh3Z;!x!D;D<-sGFb735b!~ z?$pE0IO>d&Gm$)WL60V*n{Mpy;)dUVOwXe23UPYtU_ zE4#uMsiZ}+SO@fyHuhoSpFTD`ie464GFrWEboI}@>wsMw*=doD*8#(%t@wE5=fyzK zFJo_b3_ZpB5d1Yq95BoE-G!|$Oh1<~n9{;h1mFog@eI_{@Al_=`bENVo932x>t1QF znH3I3NsmTjKf!Jda)J7scM&Fs1wkj;^$0l(D?T41>Bx42wtI7RB7ZoQr2sH9o$nUb)Lp%#XfYX zD`!!Cjk$=S2B@q$S@m_%;7IvgC>kG&HFb-^#@0i1L&PWvoXFE$P(#UBEBJ}83VMCH zla7186e?^jo%`0urn-)L@Hy@eRdI3;$P)6iLN70t(+Snb-1 z#ZkM_IuWfNtrF(y;gdwV8$s~(Ni5wBpA^&Gh(%!Uq~4C`x;xPifE{$=sb9OiAQ-x~ z&U^S9k1cjCrr3>9w^qZq0Ae>f%71&5lh)-CyU`K(q}vIRv@M?4jo1rlsfCmAd~_Tg zcBgHD#%@HF?bhWRyAfMDS`~NfMttf=eoC?Se( z9gpTRZG&A~%36CPrr@~FkWj+9%ge2Eg@aAnKAoy{n@i&={D1eL?!WVZy%s7&ne zB`5rBwgML^PLWlOeVRz(*CEf5Y!2k|SfGJWmPUXtdvUoGYifAj%ma!6+agav<5Ww~ zxM(yFoM5>qQ7IUseDSS`1>vY3oRovI?1UF`4v1Nh zGJd=&W+*voREE@iE3!r;H+NDEH)FQFA2r~MUfeJmP-4y~fkwJ`Krux%-jbr77Sev3 z-iL}E)qD?Xo}<1Ia&Nl_8&42ml!(vu1Xm%%*@X)U6Gdu+<_s|jLgA7Y9N5sLptcTP zgOXs*fOCA~M96f}gp2(Y87-O@y||nei{`w5(W7&Qnv6$%YXx+Ju*RWva1Kh{2x&}x zI2eORr2Cg*xCXY<0Mb;V8bn#8)pG*V^1p`5{c!M>LTL^eep#cG)O3Ly4rX~uN)GI7 zII=RBp{aMM?{gy|`Q3A!=IFCXE%#F4XqpQ-2#ZQ#IwGw39TB(6lnkKM@@#=zpB1KC z50@)lrIzP7%vNkbnQv->g8SW+WfL0GQ0vlQZoqHlX;(W7=W`_1;+=lNIS%heK@sONJGk7Krk~JF(GDa1 zq|l(TG&Sg)643isYemBzSDJ!$Ok?w$mXjM7*to!r!F%jVFhCE)ULh zB%l<$ujiX-4_I~8+*S*RGH5$ZjR-?6bOIQ_S ziAaV8W-EOR3(d)#4-0Y|Ccg@^2QfHT|5y;Gg`f}S$jf-40n{e zIzsL}*Lw>7QywY&Ugzmp{Y1yIaKBNl9$L=6+Xd zE=x1hs4U&g4=7TqKZ#+Z&t7LrZ$Z_$kQp36#4dx|Gna0UK5^^Kymj!pm#L@pdk;9f zYJ+}vB(EySd%?rk&=DEcQ*D#=hr{!sg5gfi4$W}fd(q2+^+u|8?>R7BqgUhk)_an) z+m~cx5mX&FJfEs)@hV2A<+Wa50HXRmh>#>)@axSpHs7v4jf8E4=}TCDomh{Nrp;sf z;L;Ez?eaXAV^{p=qtiYnUG_40K;EjeQ5*DI5xO3oSKe{$!D#Qx)AeY{+4UI7-j3{^ z0g2rhT=5kO<*%hu84r_2m~Ch}lCu$}FFDsJXCpZqVfvA?g=QMSarMB;`KyjOo$gFqZ2TO21gJk`tVCk%!XqcOhnlRL;+k`i3p*L4YjL zH7?p7%-=qyN*e(BAg=^{@3`7AwTr?&Yz;hS;x$k8@^jSQMke0CNp!hLr$`D(_1%^A z>c>r5>$G$AkrR1WwGfI>?g7rEdyq46d^gB64rL{+qo(zEiSb@QwIB}fV?7?DnEQ-T z%W!`w1_X<`y@MT_9b?Bs!ShJDop@}ZInxb3}_oUDcvdEzM*^uyHM=kiO^~2lH zf^(p3dIR|vqu{t1h705z}lMfxrEX}1Ikfe4hh^zSLagPHb$*o zwDqXGUbR@i4dpecQn2!uB1=q*j{e*zm#>;*N4abRt+zMKY%c?uZ4=8AJ=R4U7iWGZ zr{mmrN@LdCtH-9OfaR3;`eecOQQULh*d8z_nEO~PvryDzOgaq>o!`nZ_AfP^r z=J)JE!QsFLU5fanp&XYlboE2Iq0tUM- z47il54AkHK0x`V|5(dJ22;tcP>0KRAzA!zT85GC|AS-Mx1PB9bRm}PqoDGnn1ZM+o zN>d~-04&MT@PtulIMdBLK!YqVLoF$>1n|Rv;tR@euS{XAKyXBgOc3ZyqcqNuo}$Tmo<@GSv8~)EF0_jc+))-CWFtBmpi!77_?v zp`;?jYY+=ABwhe!f=|)h2Ej8{V_Szqvaib;+DCmFKaw~{iJV}%zc$rK2oq~5WJt8w zD<_@xNCuiLKi=l02}wn>X=jNlx~1D%9~urHm@LtP2IBPzw|ZOH5{7lkhxE$-bIyD8 zUa&c0>ky>((B{psDsKG*Gi-i&%I|W+kq!=Y^;ln6wX?#X0xO)I_h6`T?-oKXv34+% zoUEYQ-6-wM#*Mb0E!9l5J<@R|RiSe(I4NX#9yF>v`#E(};S*pgf5zJTXQe?Gk4V$B zL9jrsFED4~?s?vDGYtu&$n~_USlIU%r;+Iz8E%u{6>vhqYbEoHO&V0XnU5JL{Z#^2 z)tp~xQ{9P!im@oF64JLk1&w_|$xx}r8@%q*O9a)_ccc64&v`uL?A6D;%xw^H2PS`h zXoE}weRg&|n+swA(`324?ucY)S zLk;Q1!>f_Vr6>_r#}YVMqC6&`HN#^nj#Q3S(~pP7N%dUxxnM=MUCVFNFQ2O$+vK?X z!SP0KO*i&`wW1o-qdz@ii@KL|@*IgxKm2-M>eXG>cJB}GQ;1t4ZAX*Rd_tCBW{-<2 zWH8z7E|Agv31^AgU7m2TY;KO##R;2t>9w$CH^XA4JDR@x=eM{p?(R$X!^m+RJ(!KJ zM(0bxP-B)e&}dTpK1%soF#Nii^O0tL1Z=0CH#H%>>gHz;(CiWHW(5d2ZE8l|s35xe zmzG~Q3#j#ZlS4z;@&?19qWc0+ZD>$_SZFrr;l|na&GSa|^NjM8@f4kv-$g+@=k~TUW)H;`rCfK{oRhb%~u^i;U?{F>hxs8 c{4kDjjAI<*cp2mW2LJ&7|A*AvQ2?d^01I5E!2kdN diff --git a/released/assets/rancher-operator-crd/rancher-operator-crd-0.1.000.tgz b/released/assets/rancher-operator-crd/rancher-operator-crd-0.1.000.tgz deleted file mode 100644 index 1f82bb823977e988ba078ef81e368c7d4171e719..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 7034 zcmV-=8-?T_iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBTcjGqBaIf<#boSn9W@fwHGk2L}+D$v1$s5nK*DwX!d`*!m zNjb^v+5i3=Np_qMiysmtI*EAEo{4P&1OX5L0Z;-bOOz9lqXaGFgvj*Avn5D1djxrY z_s^5#H^(PODJmjquB$&?)l(#2Hd7>Lh0-FsLL~}G@Eqrq(~2TT2AJyy5Kc~xV((PI3|)maf3<^SEApWeLr`H}qp{O0XXqx=ss?u!oO6mK;0@?YwB^>0;* z-}=oAHM}`mQJ%hU6qTb4HKd@SR3f$15LPISQXOwtY$wu3Do0X&5z@5!HLy!bxkh;= zSdrD5Xp;Ok{qp$|^zwajtTgCC9ZQ7t_9#iVAg=EIt#5ODpC~OUUo`xfFp6AHkx0~^ zA;Wv~{9eqE2tKEaeUmMuDDpckaBms)&ns+`WJ8~N(bZpaR!CqwLL4QDBBGr7^Hvk4 z<=={#+|Y9~RgLib{6>=Sf-#see4msG{?Ug`6PIHt)RW1q6YklCM-YYF zJ8S);l9v{nU3mPNnEihw`oTxIQfJlf2U|2`@LljTi79eTfz@0Wo(w5fIfL7hpTbX0 zvy#e~Hq&_~1Vi9YK3`?(cf1Xc(W;oCK<0&Di_U?k?>`kgTFJ_FAL8hPH_a7dP!?jo>E_$)yRAp_ekDSQcTz3P}M0|y$ zkW}BcvbZACU7=i4f>(m|;58T&`{7cgNol*Q>%kVVR~0sXwDsWv`?sYdR!`ZFXWO`* z)w|HH`s$r3@`Z#Hr&@x>#a=(a<|CyND4(KSqx>w=<}=-HyH_*)CFH8}OsYcXOmI?2 ziJUY#ICcZ^y22;GRL0}HclW*#IuiugCU$pP=w(wB%)|x+&QR`GeBCrE^76MW!Z7o{ z)8RG(%B%hX6Md^sq_wyce9XBHeqc9`4}>g`}W?C6Of>M8ylB z)5?e&EdQfmosg_#0;3}WO11#sc)G|j3(Pq z&ZG)}PbgoQ)W&wW+`>G9qa`JJ@?CJ8kR_7F^WPr?ve~0$*yeUVeiPSYKY8H6O*UB% z6S~)NiGqrTCyvN4xJbcp0@4sJ?-zQZQCBP&YcuMgU^MXSoWucK%6bgQ4mUV=Vc;)o zl#({vuwFPi0JeSwz84aQJyZbFvnoBTHeZyw7ShP8VLhft;F~Ru9zkEkSZ{OmxF5ik zxic`hEfaqLvJ&&T3A)>Xzi-y_LN+?E4`(;$0qmds<4rC&J`IP4nf*7ab+e3joBIm2 zv>1XdCcgrWpJ+xM2;#Mwck_NI$jU4iU9kRtm(%W3<4qOn`~ynU>K7@psRo{cOh0`H zC}1}7F#+iZV898=>B^8>6*w7@mnDgka{9W*~1**FYJ} zD5LszTIWd*x55n$QvwVJ2foe0{?+C^1qNFh=U>bDhF$K1{Dpx*SI)rTFz+gWhO~4v zav0XODimI9l0W~rSCe6$)23z%g?|8t1*R8OM!UZKxGfY3GPyieiZ1wW`it}7D7Mbb zS+c?54bJ@~#H$$k&Fbrss-7sEvuDML8weljwgyZ2BdcLu*clUKHPu4G!pK>!(b1Wj zSd%eSs{Wui=k4|nyEdqz?feFOyq&L=SFGii zrdm|su?X*^+V2M=LMV755j0LR!KoI;856GqaLxp1$`=!k`dY|Uv>j!$NrrkU;(^aC z=2`CuM76Q9%BOpDa~$yId&9Yt6d4%GE9=qI5;rJha5ItiU~u9bFuOmwwx`%7FZFJ< zP&g4p!pr?Oh(eHLIT13FigBW36@m;x#&V)q_Cbi7 z=e5e0IP~3fN|iAa$d&qvD7xw7!BA>TNXvN%+YyrE0_Jdm27=sjf0*>=3EsiC9xMGJ zptO*Y+!4wv;{hjgW>2niHyq;nx2Bxlej(Q-TajQ3$R|=1Jk^rs6JonpOuSA)Q!}qo>8@sm zy8GfwICgOk1=Ewrr{7$#Xt9HBzCtbpbGpTNX(v{9gWpmaQ6-J{(^@TUS%PYlPewU{ zJT0_P1Q^OokkDLx8LrMyNK}_7uP|qnIOH4fBAXcuh74}HXEbFrKsF>7Y0#DB64%J} zl=20`OF_B*1t=@b3e3fBwn{^}k|{DIhEVczt|Y8iSQYa3&hIooHP;q8LrYxsoy+zm zEgDRD>1IdG9M*6t@)WeOIfpk~_kb2-lrO$j7z91zTro&$ZTO8totSCAaQ8+f@j31t z_bhQJrEi7ofWbi9)lishq4GSC3JFb{BS_D!g+ei_6C?svtUuRIfMHHGH}x0nXmeJ1 z!Ifim zPE}2Iy`c`>+Kr5>OTlP!o31ct7v5+Ir?R=<>GSp{s^xv;>$VK-rugi!>F@^n8dwnr z=r2-a!2r7((RE9rKOp}dZ?Di;gXxWhA138knR<B_ z_m7E>qmv|aiY$%KSNGm>Igl-_2xBW~9}XdpE!~FKe>se;C4y_9yg44-8K1;|cT>8i z%AS}y6gt~2I}Ch0c&+YNJswSuARG{5C3u3KAHq?CC$Ndagf2!J8j{2x3=f zB?$Y`6W-3P0ZWm?!rCFAm*{&0he9HxUpTYq4p$~u#Vp3gZNPrK$t_1(XwVS^uwU7O zYxR+V(v*DIR;7kxN%sS7u55+f-oO*Tvm*zosa**qUa54h;+A-xD|M-@x$?dqeG$y@ zT&o&{om@5?(#~84V z7O76jihbx%SI(mP z3Ud)d4NzHivg+%i!IAR0P&7UkYw8w-jjf03hKNxTIFYBhpoWsMR`3&F74-6QCmr{G zDOA{6I`^%QO?4gh;B(v`s^a7xkR{}&gLXoasGubpNsq}sbv*jA;?RRX z;bK&^^C-4%Y=fsSNpj+aX0oYcq1A2-mNDnNb$6og0Xyi#Q@?h3K`?Y}op=8? z9$V~OOtBlIZmouI0mN=}l>hc9C#}mPcB3QmNw*UsXJ`RF)0>`vPP zjopYU+pWttb|bcQv?}h{jri!dDgD@u*!Z_rPKR$>dSh7M!Hias*BCuc`*=Mk>fvjJ z(c^rAVb30?Lb;{{Pf7I<|5vd>XHR6f8uB8g$Pc%EGfD6!r?P6pK1Cw9OU+R*RDCs< zug)4PVME+p{9TCIt?hN!UhXXxQWOr6`sa3MC2>KOj+<1ikpqud-W$80<@V!S)8Rmi=e6#K|aTpS)K@!AwEBrGuY6F3_*E+e0v>Q-rt z+Rmsp^`FHHATDFQ9=~oIv&lz zR%j$WnuCX6CfvtDwmgJDX8*8?zMU5h{nl$!-ajQJL7`OHTON zYy~b-oFc0l`!tcnuS1?A*&N8_u|NZ%ER6u4_u_IX*3|I4nFkaDwnd(T#;KN|anWcV zIKgsJqEawM`Qlpz)g-6R66&hDGr0N2VGXpN)*|y>3c^u6I4K8Z*$FS?91yc0W&C(m z%usUFs0^w3R%DGxZtkQSZpLhTKWe~dy|`gCpv0U}0*!R>fMSYjye36EEu{T6y$=;T zs`(z&JV$*kx!HHflGtLFr!<$n#A`{Cd%h0+`{{IW(Vsp$ea9L(~RlpNUUaAajL zLsRci-{(d`^1J6c&CzF(TJEL7(KHuw5EhlfbVOM5J0fnCDH%Yi<>>;sJ}peQ9xhk9 zN-fWDn621=GT+n$1^2rt%O*6Wq1L6r+<@Q8)2?H96i;>|aMNaZYcVWWL+wM=t3aG+xyOd<}Bi$tI=h zyiUaIc6iv0`*3QnkcO1EfMA|IXG&CB$h}I$#u$d5CQdA&IOJ+6jG2KUq8Nufbw zX=>0pC7}1O){2Hb#%%+UxY4X`FwiWk=JPyCsH;i08~4SuP#dvPlSVD$V$aNgtcv`s z>dQK4unOHOKUy5=E~%Q8v%CiOA5qxrJKZz1C2Hg@kHEQ4sos5X+@i#nTs}FaKnN;j z^cz}Yk@%*R&I+<}&9Uwq7g8uKvNMQ}$@T@Z_?XNEvs^O{gNMY0V|UDc@u-u+4?uLB zbFmf7@hiWR8b`g5?fuBtFME{>YBY%5tVV0=marlz0T9I`iYKZ;eN%8#C5-SqeWGte|yO`9r#<7V|)4=^&oy1?H-g98MMz6;6t@k8pw=c=Y zBB(lUcs^Cp;#G`J%WJ*B07UhB5Ftsp;8&YxY`$H68VTD7)0eRRIbB_}xPA`hkI??TK9shpo7^$lCrg8*5gYh1KF zn7@5Yl{NtML0$>^-f^{KY8Qol*cy1u#A}}F`RAy;j!e9Pljw4hPLULn>f1}})sLIB z)@kSJBPa59GzuYgpqHqo}DWuNb+w+;3JDl#L3y0Bg1(kr|j zI>6Wk-Fo;w+WqL)-2GC9Lh>sM@{ST9OJ!!YC#;{$9gzMG4~mxnAhV_ zR`LqPoTkV%)y}VrZAXBRbPH@(1INz0hE6O;aV-*%yv4cop0#4Ofk-#r z_&CAcG_X2jh0-W5@+;s&2G2L(KZ_JEh17#WcdC3o6I@HdSaVk#w^uwW@}ALjus1x$ z%e?V2?**)K;LE(I>d;9cv1TLFLld2IHAT4|?n$8?WRXGhvmxQZj#}_V>xb8&1?NE7 z^cwOnM!|723>U~zg2qz*DPP=c_}YE$fweW|a|xw|29%?`7!tUXuFj>nX^dLCXzNjV zy=bw19m;D^rC{YRMV6Qr9sRjcE?+dqj&j)sT5oTd*0W%A|$5GohO3=IW4qM1Ppdv7;q_9 z8K}Se1!8&`Bn*W45W=$o(z`mKd|`SvGboS`KvvjX2oMI=s+jdJI2#~C3C;%Gl%_~v z09cZv;R&PAaHgAgfCgD!hFVf$3E+nT#TS&{T$;jIf#8S~nIO=!M#@Ec@gQc{FSzP; z>fY5~{RVdLmcupWskl~`Lz2+w78dzJLTY>+-im|Ghf1a4vdSJ4fB3BX#(&8f^zD{C zg!`9}tKJobNb$TR)&ao7CYG;LS11p@J_h6`T?-oKXv34+%oUEYQ z-6-wM#*Mb0E!9l5J<@R|RiSexI4NX#9yF>v`#E)8;S*pgf5zJTXQe?G4@lFrL9jrs z&oO7>_G#X5GYtu&$n~_USlIU%r;+Iz8E%u{6>vhqYbEo9O&V0XnU5JL{Z#^2)tp~x zQ{9P!im@oF64JLk1&w_|$xx}r8@%q*O9a)_ccc64PkB7#?A6D;%xw^H2PS`do+sh@aCv$tCE~m-Db8O&(CpAc_pPs8EQy3 z9$t+^E=7s3I+no666G-gtr;Fuainsrntt3jPO9gk&jc&7?OJ}De)(M8*e1v24~{o_ zYr3)js}76IORt4ByBQWU-O=>jKflF=ad%(3A4ZPr=)r7!F*;ug zh8nY+fku!)XZ=P48pJ$Y(lrO^B=klJSF2(PjfnMtH zuEzQObKpabd*gAiUEAPB`v&l|0_tGAZ;yg7ftY=*FWb%3bjdP$6QegVdK35Xi0(~1 z*1GTAkG)5@JDq!#@~i?Poz35;ly^Gx_fmX+)8F>P~z=7({N YV;tic$MYEf7XSeN|4F(yy8xyE05Bf5*Z=?k diff --git a/released/assets/rancher-operator-crd/rancher-operator-crd-0.1.100.tgz b/released/assets/rancher-operator-crd/rancher-operator-crd-0.1.100.tgz deleted file mode 100644 index ea3358670501f95f76c49c1b463212391c5a8df5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 7033 zcmV-<8;0Z`iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH}g5WB}(vgQkM3cLzyAKm!wtLjqbeJfz}Bf>P5t#q?dW;gy|VThcT|{x124 zmIeM}=T|snsB$29JJTK4sT-v++xatz3_;=KnIB*8PBQ%)<292j7(A3!)dI*7fK?Z!^| z*O=uDG^!toOjTz^V3hy2$3Gt*|ME!we>r~h(VRx;Mo~G)P(unDN+nWD4Pk}SDAnPH#qLDz z6HSuere8i^fL^{!4wVL7s6&a6-W(*!7R2T4zx7Ry?-HdY<%@u0Iqx@{^16Ki^Kt5;Lg(m?XI@C0Nt#9MwDx4UY;Soe3cg|Y> zsN|)^W)~iRCT9PSL_hclSL(Fd{a}lR4899~DltW_DX^OB!jmDTDraz0@>BT9X;xAh z(`Gu)gkT8#$>*y~{f;-`F+5%eR z?v`Vb7lFVu$zDAuR~k6Ml8=X27lRqHM*ewt(%ZPr12ZSwJlDD7fVdkOTo1;W8Rdh) zDwRiN=QJH9Eg%{*n*f1t5V}C6ciHlxrI8|BO>H{b8CfD6SG!b7RDJ0c5 ztt_s{bXO?Xl;EXcJ$MZU#lF83X;Rwm>UyvR>{Nw~A8mcO!2WINh}Bc})>ITf4~QX(gf z4vyVGysGdCFqQE*@7=v`gw6y3wu#-H6nfbd1v9Y$fm4*b6<;@vioE=7i!jXm?{qj4 zZo;F#-|pcDzMvdK2iDS5@ZZGjE6q?8-XXxv1U+n0J?}XutVnmBs{4ERL7|t(H6_qw zE7`Q4g54ywtlJ6m`}iB(8>g9U{+lwK0iHk%$X?-WDa5K15PQ_FR7qrs22t?>=(Mt= zzD}6a#Yei^y6gj{#Yr@NTynpV^m}XO&%|zlcV47*fg-=XpWik7VhT|NuHDwmK$YwI zcf$>mZDSx!WrOGKiN1jhO&3w&ASkswSs>S?UDClARLjyl=^fP)NOkYpHy}g6J|v9( z*HS2yeL^sb7-6DFFQi!0bT<}OA-htiwmFeo?KsI}{4BOn!$8X|#>?aRAxXC8#VM2F0 zE>Td?@Wc@r1{Wz9PCy#M<^4i0H0p{4V{Jwq6pRLbos&3#OIeQr+2ID~HVph_jZ)HP z8`cX)2f)^^!1qGpu!jmjdRnE2)#i&*S3(+jHLS<<2z;}}(Ie>d80&409`^&dGIs_B zw`Jn@KvrTtH$ith@ORC6R>(#N_TlX2Jb>M^f4I&C$EV@YFth(gwQiR2ZgXFvmKH;> z#pIWu@e|Fc13|nt^LF0%1zDNpq6^mlcQNfgHC|Vt&Oe|utv*VTO*QZoWculSKmoIn zj|oWM0|QP_PFIH9s?eg%M02>bABY)T)2zro-COZx!SGZRAp|p*Gy{2avIfdvMj6#N z(>hOjxD{@2m=a((IPh%__OCYYDKOa5IR9GCH|%mBkkKsp^TsIeS)|xPkDYZfmfVKe8Iug`F`$R#Pn`ER3Ax8XcXfi8aa7 zV+q^g96F&3E+kIYf)yD~;Cr}Wsg{M(lN8sK;3T(r+dfk}MP0(huc6S(Ng<7MCB5wr zfyvx*#oHh7RAfMTw0PnMyh)ezi$LxWqUsNNbKY+Muxo=V+Rksl$J_Z@dBs|OX{tp9 z9*gi!s{MX2B7}k`5<%l66P#*coH6k_0Ow4ArhGBssIP=vMcYv}n`Ee$A|CkMVxIMm zKvWwmt9-ggH^%{QzBimZNs)n}ys{oWEpdZF2G1_s3xyLw zG_0vH&X9z*qcex#hO45L_;-OyyY8bqgD3<^mJ=Z(sTe0pRw2kBWGp9&WgmpNd0wl0 zi9_E#r&Jj;fn2Gth@zWL9t@?ngtVNOupJ>eE?^E9XduWf_lHS;p5QHf>#@=w0!j-R z$sM7*G9GX;XZGYOcf%pBe{0I=?H6)gvK0xofP5lF!BZ`1J|VVy#l-6*G-bJNM^DLL zSwwezolS}&mT6Y{cBPw_()~3)HZEw0v!JerpE%5z#9Z;3N?iauwVqlblkRF}sJkz| zgku-yP%u4-eEQ7=ixxZB<}2hvFsECLmv&-xH~1};5mnN7Kdsf$mL;e*`DBzM$df_~ zMS!8a013_2m*MIRg+z6M@)C1Ki9@~tFS41zV94OQdqz`617t&Tkp^8^E^&=qPbpt8 zybzS@k3d;rR$wl6vsD_(l}wQ#F@%zzb0uND!m5zJcYde&iMh7W8Cv41?_9PoY0+TH zOE)`e=CFoKk*A=I%{jc`x(BovqkQqL!XW4w=ZZm6Yr}6G>cmX@g}XN@iO+HGxMzt& zDSazs2Mh+(skW12)^226T?j^-+jNCFyYN~|IFZf$PM^0wQ7!KSU$6 z1q1AEMAt2e{($^61ewdVFW$HEF0gJ@Xl24qtZ#Z1)Hb>@r;Q;u!+&?Bh zj!u%yDY7&^U)_7lWly%WB8;t|eK>?Xwsad_|F|DpO9a9vGd_v`?xu82l|3tU0IPr*qxzvZmS74M|^SxiFC)20kjw18; z%T6NmZ2Yy`+t&z^v#Av6(O+|O*&PiFXZypCzdZu`tytVUpl*IPCm=>{yHgK0gTGW{j%kbTlb;e%UeWA$l}v zYuB7;E$OV#F4XofdTF(YA)NS7m%2%kiYtBvGCjGlglI>*t4F)bJvFQzt?UY4q>>iN zVja*++SrGQfBM+)D0*3F$!PVu(bYfqt^;;$WT!z>DB|RFA z{RF!;$OY=Z{`x%LLnc>OG=24Ca8&{fuj{P6F}f551IzpCcjI-%A;wF=mS`lsMev+8 zN>#fYL!E#I6+dTcgT}XS&*1iSLGS{lqDmvzk+NRn>)@U;sq-{8EB2v7T{(;DOUy+K zH9%$6$*Ql521m;0LecnGtf^ZRHntwB8zM$Y;6$G0f*MN3TES0zRnW`Jopjv$rBGpO z>D;$IHq~|1gU@k)sEU(&K$ei76nc3^6%lK6(WE|}z;^m6DmNABGkJWQhH|PYXyJH` z&?6#$M?8Ku+n^ zE~dB}qi(H+Zvn*J=qUf~QBGQyN8F8$$S2)Sh@@@t#NCL!fR`fW--?nZ3W}~n#)&b zjg_z=ZZ7^V#O%iQx@#}@77Hl~he-W%yR(wGpi0M0s@BMXM=bA+-OqA+bGY~ShH@6; z#xVYMG0njK(rKRvtnjA%R!kJeuFTt!3lT8`Z%oc?iAK_6a^|z>hpY%NJpb}4HTVKF zUO`kVCznDaDV>|M>b><*g^ViX-cX8t;3X~&50rRqiWU+U82bsF4H_4b&rWrtG)8S_ zRGa$G;sp?wyMh;;BN)3K<=6(?KK894;ywh^_M#2$eJ~U5W1;e>#lDV|TdRDD5?^s;%dMTwD7lGQit-4R{orJ`1k0#Q?C>Qg{A{)Y z7b#AWRgHa`NaEKa&yj2n=Q$N?i$QOnulJgGZ#h zmtwdEw$lL8RH7P0S*6u;0@L!phRgkM@RmYp4jFz~qm|{8yGMJ&M zcc|}kBO&?SbDiesvq&xXQsHQt3pogjN?|%8toa=gx5|_Zpw#kYfn1*yrdtn}D_y0Q zr#Q@3Y(SZBYJ!6M-IQe$8q!ef(qL}DZ{=xMI}7J?B-Y}ce!@8p`BD7<)-=PDG_~hy z_5*$mtk_?ZHkkf0XVr(270a3&Zzy)JBbPX**G)3t?eZg+bPXCW>jJ(8IqhVVQgv1* zVs<+`?8bdKwO2?(%3DA%&z>_SDlOzrC1PU?!%q_@mQWmWwG_t8z!1?6BmJb%ps_SH z=$sPJyH{&P!yeZq z9W+>lZj~P`j&zq)&B|F`1N*lq?Dd`Q8QKyxa+gQo+^1A;-#czm;!7@{oKheJl`{Gb zEwM;^Q%YwAS-Iv|_l*lFlor`3#K&a&0$F@a=7L$S8Hd3`;=-{zX1{pUN#T1SI?lP+ z3g-BgW~ek|)&?N1O4kW`Z95DXcp}3>lL)rcAuL3^u7kqgr1^~}hk7m#&UEBS&!w7+ zfbd#NIFSqED*WHSj=pM(z*NhAPc4n3UdZ--;Om#Y$^|tV#BNrjwRKBa6=R7=h6QFT zeGCiD$(#=havLZJ2+?*l7u}i8s;XAS3{UdL7eHM+5lAyyy|P(*LWK->l)5@X?mgFg z3jR|bDg0jN=~(?l$Fgw0Vn*V+-*=-$Ril4<$u=GMTa{yb`Wy8if|ttc11BPN>Z276 zMYsCF;n8!EwitLxxY|FooPEm;T6Lx+9wSYg$M(UcAxPTg zc`nDU_)kZteN4LSWpa}YRA+r3VXjb@R*6$Jk|5hQF|SkcmpTVB?vjJsMsCsa|cOZAZ&K-%W2D>;+V0Mh10ZyTqkecr$c> zu?xEO@O`xV(XYD)IFs%{&cyNEAk)~Fm9&nU*5f(GdjZvgIJ}SbaExN^Ge$A5$G)uO z6^c1ck!z}*Ul-es03qoX*scbSop%xO7D1=G5r~!i!b^9k$~ha&aL;X6|)UQy79)x z3GSwW)hR2KMtPoJ0v|GXz5)MPq9+lUN z7VFocyarVYR{m0CiD}W%pBv@!MRV*Zmu;Z+_J*15WgxR{VtJy+x=7>V%+KU>ocl&; z%$j@k*c278obq0uEZ9DZd&(Qz0|o_i8;ffcyrAH8W9N;KU_LUu{!a%Em&n^@k z4r~B+;J`lC5AY5GX^1B{G5avS&&jv{E>VWcv>DkPnK;8pcVRIos7+9-f*1zCvfD9!#8*o#aB7p&5 zNsfjmj6%biZr%YJWO*5CNr@$Z9|ja(P=0-33S$L=BT{67K+hT}7wP$fm|?%*s@JJ| zSAX>z*u7g0SCpsXN?i;|LZe$)O@@pX7B4mKYum4?eIdrbV{v+f)JC1=pLTlNs{ zUqY^WR}><}vyxcnJa0}Cb%Ny*fJ>2~#!scjI0J2b!^!RDVlE^JZ~?NAK=1-36(L@O zSa2cn3@{UXism*5p0OI+IvkRHUDnV(>eKj<#5qdj1k>HMsYXJWSW6*8qQy=*>8wXG z&}8}HIxkH~Dw<6@OH|P<-PZchaQMJvi54^vuTQwu+rpMGtW!RuSN@-K-lO+|%@JFN zAiak+Z-!NI>nE6D^UG6ymm7|BaGMNyTIzU3)s>=R0cN;Tf#b)Q}$sHVOf-DiKw;~{6SKJI01gNQpY`O_m;%qm5e z{#s{c?KlORm5xM6pXjP4so#P4qd%=Tr%1-9?RZ^_QF#64>1`4w6I>QBM7N+eSYv|5nT% zmHuobCi%~Q4=THtruW!Ie1{o!2-aZ9A_Xi}Pw$P&!#adCwVCcE7Q zGP*zEEK$456AqTm&9S;TVe>A%7S`-$Sj==s(|7m$78l0ded&G}Ij*Azv+>2~d?^@e z%yI@AO^V+~DPIbPUpI3;(992j-KpnIO-Qf0`N;z`I|RE~0YXljnvpjuh;II+<=4#u zYJJ{h-w?LE!LYCBJ_A%68kFxBnhkomakgFayb}F9qdcX25zaoB_Y`$0e)kOYQipdn z&hMWC?`zx}kAv;n1~=L_fTtBu2jhKv6od)H>}q}4ZliwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBVciT44_^$IQbl!VsO}o8&PVdsB+mo$p^NZW<8m3^IKU1Ve zQclw6Jm392lI%EtEdG%w(MiOM?KHLt5ClK~1V9O#EKyEGjuNzx6C%?e&z2zd@hxQR zhY;hTO%_ott#|G# zWfV$-{NYV!SdSO?Oa^c+G-xWgdViE81T-+QI3}Pq!(%FbBq%kVQ%v6{8(!J_wIxkc zQ%)inUjw_8 zlxvh{f)!b3*zeT-}*Mk_leSy@Q`HE+PyX}Yqa;}aqiLm}>kmba{PgnTuXj_j#0=^`CP^+!3D$Hw zM>Wre%-gZ=JLMpPYbn?z1CAegnhVPH!*3)BFBpRv!}m$4;2(Y1G;ukWLOq$xI^mvO zcmz?%y|dOoDtT$K*@efSiP`^0q91&OD|J@wey~MD2Hyoglb9mc6j;r5;mMFvl{2_4 z`6>M5G%Kl$X)~Q?LNEmWd6e9A?Nzm=-W7jF|I*CRzmC8ksQeJ`6iB7c7g`z7=a9#yNsfFXH1 zRm%o`Z2_%ucgwNJi$GwSWUn5SD-E1r$;U&ii@^+8BmX=+>22KRfteF-p6lFmKK!VR_-w2aD`iz?*Nt;uXljy7~NV0m^{3 z1(!}IW-jR(G@cTIYVR&M&fcVo^J2y*8D#qDegEO%I9!WG;-VKDPF2>n`pAjA&2={r zO~hA73Q6^CD~l^K-4)6;C3q!R4_<>ou^%o)nv}M?x*lu+dsSiMM_V5*uzy=RV)c~$ zc(#q}S-lJGs;}OuB40>IajGR~T*fweRh{C6??N;4FNcL;DZK@Xc$&wIfME7HBE>fs)K zQ0OIcO$jvFN;d7MU_VJM>vqEYKK@4c#%U&-|E3IQfF}?Gve!6U3bE=0#2&RPRT5dE zK~%f|I;||JuM_5U@hjbLUG@Rf;v^bBF1cSw`n@&tXJWs=J1^3@K#||w&+i+4F@-1s z*KTWOpvraqyWs}OwlR>VvcdEAMBhM$ri-X>5R_V;E|BZeF6m$ls%2@O^p0u?q`G(Q z8;~Jj9}-6YYbg}UJ|P%Ij4)B8mr|^0x*rRxkX@@Y+Z@g-aXHf#Ow53pP8OG0lKPgZ z#Avb&No{P0%Pq_!I9gJoC*K9f30Wd(JpcVcAe%i}hHY-=<2P|V_LB!5 z++>sWFrj-Lmnf)cc;bi*gNqalCm;>s@_wNg8g<2ju{NU)3PuCJ&Pg1=rL4z*>~Mo~ z7Y6>aMk#5t4eN!Y17Pb{;Cmr)*h2*%J*(2gYV$>@Yaxxi8rEZa1isng=n?cqjP*80 zkNW{!nL7i6+cNP7AS*GSo1nWL`1@u(FJz+w`*3!19>D(DKi=emy6Ic;jTQ1~ZsSYUclWwh(tkK00#Ad|~erRak1roT8J zj$-S~oFy9^-r(F{LcEHh->kkKsp^TsIeS)|xPkDYZfmfVKe8Iug`F`$R#Pn`ER3Ax z8XcXfi8aa7V+q^g96F&3E+kIYf)yD~;Cr}Wsg{M(lN8sK;3T(r+dfk}MP0(huc6S( zNg<7MCB5wrfyvx*#oHh7RAfMTw0PnMyh)ezi$LxWqUsNNbKY+Muxo=V+Rksl$J_Z@ zdBs|OX{tp99*gi!s{MX2B7}k`5<%l66P#*coH6k_0Ow4ArhGBssIP@wMcYv}n`Ee$ zA|CkMVxIMmKvWwmt9-ggH^%{QzBimZNs)n}ys{oWEpdZF1~(IF4+baB0kiv)YkP`a z@>1_s3xyLwG_0vH&X9z*qcex#hO45L_)mdKyY8bqgD3<^mJ=Z(sTe0pRw2kBWGp9& zWgmpNd0wl0i9_E#r&Jj;fn2Gth@zWL9t@?ngtVNOupJ>eE?^E9XduWf_lHS;p5PsP z>#@=w0!j-R$sM7*G9GX;XZGYOcf%pBe{0I=?H6)gvK0xofP5lF!BZ`1J|VVy#l-6* zG-bJNM^DLLSwwezolS}&mT6Y{cBPw_(!(`AHZEw0v!JerpE%5z#9Z;3N?iauvz}TZ zlkRF}sJkz|gku-yP%u4-eEQ7=ixxZB<}2hvFsECLmv&-xH~1};5mnN7Kdsf$mL;e* z`DBzM$kRd#MS!8a1PRU6m*MIRg+z6U@(OcCi9@~tFS41zV94O6dqz`617t&Tkp^8^ zE^&=qPbpt8ycCq{UxBj1tiW9CW~(%mE14ogVhANa=SsqQg;gPc@BB{lQ*&*hGql82 z-??mG(xSnXmu_~{%wY|eB2PgZn{#->bq{DUM)~4fg+b6W&J}~C)`s6W)QOq)3wLi+ z5})JVanBNmQu6r>Z4@i)$D~l216up7P-?^M-f*Bk24t=-7Dx)h8yx9JLVcHxbda4MVoojz}WqFUZZzHZCVZi>$yn+|WF zuYnbDfc`2)77Vbv5nZ<=`V;a$@b(IgHJIL5_+e6xm8sWw2P_glOFnVpzTt4G+Z>ti zg#+N@a{rk4I66r(r^wRye0A?Fmjl_-iZHf<_Tdon*wSry{nx|TS|Ydx%A4cSo$*Qh zcQ>VLs_coWL!ql)#8n6^OEUX;@dWpVAa3~}~`h_!#?r>#tRm@^++y?B&o7{4wg$5l# z0Q;3axK;+0D0DsGAAxl)(fnk(kHS=UZ^_2w0JQ{ZZ64Gw5{?`|FkjBYWuv%n|E5mQ!2`D5 zHMhXC9$p@2tBo?>z1TnL9DQdAHzAEz==l;%%wggz5=7%n(zHW zJ()fQcNCe&Uv?6iXXCHk-M&VUoK2-jkN%pQ%kF4cINKk7{Ou9gZ^h!?0d@1UIRP

    U^(MzjE4B^Cwy3|dQR9y3Gkm>2AB}6;gT|L@e?x|t* zXk}OUB9*jA7VCgs(#Aea{L{yVN72hdOGc~LjjsN=cO9^6BReg!@j76bv=tw({Ja?hc*K`v1L{rBhb9x}PUrs=CEgR2r?cvENXjnSnj7+Bt4-;LK5hZrvf zTcVNl7Qu7YC{^up40Qq;RQ#N&4I1CRJ%iiR1;I;{iYkp%FouP_%e)Bu%LC#$|L8XPH~3q|8&v8HZO*w}igZipBqffIR}3u-7CYXv{?RY5N= zchYh1mqLZDrE}l<*i_e14?f5Jp(;-90a-$RTIl6DRYa`OMU(n?0^8}QsN7Vf&*brK z8p^4rpoQZ#LXU|26Y==jaPI{#4;M>+>b@~?3Ost*mqKb_uRhW>h6-Auk@T4CQ^%t( zD-J#Q6D~$oJC9=P#x{8Rl2n&I@zL2Vzl*fg5%)6&G)lv=5^ij>Afm&OFNGF-jC&<{ z`V2yprIm9nWV~Cd`1|zATQcNQl;1#0E&Pj4HLY`*VkVn97FzAbU>S4HOK$yxc6imp zqd00eS|_5_qgBFOJ$#Z#cOwYCK8dBf;ge#z8?gxNoz&YAU3Vw?9JoRgr7X(As z)_M1Teg!b7C`JqNBM7$a?-jyVmCS>pL9DRlD5SYyAgW#(AbTrvfa9TV>e<;N2}tF-H4BVo6?Wnh>d@1<#hPAr8kE49n5GId5zKIw2#+w zq8`3h7(LD>820RODwJzV@RU>!@qZO7boNAst06B^iu`cvH{BFyyVM*7 zL)BMv`Rc5(5;nxm#Xp6Z-P&Gv?d9HLAw}U3sef*FRuUIf>9|SN8aeQY<-M`{S#EC* z5B}az&SKmc#=kD68Q5Ps?Gu3&-j?5riNe^Gc{_3;B4*%?$(b$DNP0}pd=~wX6#<49 zUtXmKUx3DIh-&5JQfMTlb8}w3w?3+nQH9(aO0kc;#Kqx(60c3sLc#)LKY_DB<1+Hu zscx0VsO^kuQ~z1K0OE32@S<}BW4EIm+ko50p*2K2gkai1wBbIC7nfXBU41->7$rpU zt>e)gY=uVBqd9m8X2N|eR35e1*O78-l`m1^E3Rz0v$Gi`w=qjm9-(p=oa~lh8I_40 zzT||T%~s$d#VN9?u}>38{5s@0lFfl!9t$)O%F+n%c`q)PVoeRtn|VMnU|ZxVXq;*Z z8W)Y`ffFnjB`O7DlrO$jP)%~`ETOKdJA<2V9M(YVX)QAEr63&DgOhSlmYwiI&H*tC zQpS&0#SA4!jmnUkZ$;LK@l?5!N`g4$eWTYaxxP z4+mrLh;;u_4A;PR8bF##RD&q1w0cfpTK?B?xgQSRQYg(K!!K);lA11%!@(?1Ny&ko z4o6l7Gc@%M^?hz6B)@yE(;R&kspVcO98Gf}2VqeuOh<$@za!#SnUVpNTAnVD>(jz? z>)~>xtJLxghuMk^DDzECP;h^kvTQ;_8fsk{%nkUhJnd>{;e3w7TD;RwIL9GBsvp3b zW_X&W_FT<=z^{Q7hilRX(_iMS`cSfBS(D=p#r}2V66f@$N#?sZ*}Y2w5ZibJlJ!k8HtBHCf3 zpA;H2mZk=sQv!PbYOQG4W85|ni5t!81_RBqYCg}Sgu0q^yK!Gk3$+m&HEGl`F80g} z$g0TCs=lm)2CLAm@}tF(?vkomIm>Hc{}zS4zSBKJTcSqp@(7&!loz% z3WT6iM!%sY7Kv|4>8v0t*BtA434f)4B&Zq;SM z*hOh(8kMD+`2j^r^(QfG^x5l7=`E-_7czqbh}dOtbL!IV(I;-bnYRvJ_cHaAe(wQi zS8dSmj^tGZc`tbQ8ag7Qda7-*et&pAR50Ah*`XPZdoOxfu--`3?mY*FYxHV7-+E7y zcKecSEP|@zhUZfiEndaww7k{}3_w)B2N9Bl3x2hE#^&4Ar;)IYFntN@uM_Jr(zJPO zA6y!Oq+Oopa_ox#badLsq|06=_sCmyHfn=@D?-D&t|&2(t}MM{+j8^d;vShlUJ`dv%)8^&_ILg^O^R&s)qF7i-X{w~C&V0#IEgM7=@dyJslL6m zUj4X9Yn^tkK5`;&s}@2LihMTZ5s^z*MuX_l@Cr!vY7=ccTK4&FdfQ+xpdvFes0-UA zF1^Crp#zLv(5;8>quq~w-95mWbPsYSj_(GU#-XgFb=0&T&oSN$s20TGeXNIL6my?3 zig`T_WhJjr%xQ{TQ|guHE`^_i-@-fI_*XvR`Lrk?S@a)^y3ltKEJI> zjf=IW8H(cBk-N1V*9XQ-+&mj;9_@>^(~S1TqX}M-ebMS?o$f7s7S|#H$y=OT?^!Em z8;Eq{jgJ%DO#`blRw#|~BEJGYWbk|g{FQjHo5rZM zi?$w>*NYbG*P*-yRSH)AQe=r~(b1n9?oIQp!N2KneAmDvu$E|qQ|;OjgVk|Wq9+K7zEU3 z(fpoWC^#J00PMhl{aQc3I|!sfc8CKTV1rQVb8*d?fZkuDCqiP{+<7u6kkdj7MZjR! zg#njxm4W)FUm&KJLBc?o4VjP<%o8&7~=f6$p+e5h0!F01S@@rTd4Z~T{> zLEmoKL%4qnx$0d}h!oFDVqNgOIZ4zBmP-IGMTQzbl^Ww5wDAomx0{Q(kR-qb$U*|a zOO#ZEcnxB~g~W5fOzqEog1Cu3M&_KLC;Z|=8Tf(qT`H)`uf6jT2 z-U~KIY#oC19@@MaR>iHKV1~^vPx)PLIMTs^t{&?Pt9DlSHn76kc@Ksf_iiEN5^D!D z$;k?;-Hp=DY}{!3*;36^+an!kQWZL9f|Ej)=Ru>&v!7Gf6+Qu`@@K5Qe^wfF@qjc< z8w3mF`W$m6ZlC52H`9NH8UI8Z*yjC(#*rY+FoB5c5(qAQT zRn7U8Hr1Uts2Gc)Dj|K#Q_$Ealnj+>yus@}y+lw=eK)$#{*=c<&R%`o%iIPLcVP0T zN3NJviY)!D&dS z$dVK5zZ^{_lcRf`TN21A-e~02e8;PQsbeaBT%XKP!^u(ARwX&By3K4mo}c5K@=8jN zGSrZ6JiHo-T#6E5bu59CCCXz0S~EPR;z;FKHT}46oK(+6p9xlE+qL{Y{qniGu}zN4 z9~^J=)^ub4S1YPPJ^0fjwy1kaCr^>s^uw?BrC!}-jdJyuoD~w-ZW%{OqKGJ`{=99Y zpO$|sW{*mLHWHKk=f6jl-AmJZ>>_gHro3ZdQPh)23$RjS8Zh ze`)!3vw&KkH#szfEpIR!D!R`A)rJP;hlOT?9&Vg%-#o8GKhG#nDPM%M&*eQuU5ej5 z1HIJYU5)em=fH;=_r~L3ySBlN_6^`^1=PWK-yQ{F0x|nqU$&d6>5^siCPr^!^d|1% z5#5`3taabJAA65*cRKefwDerXX@1^+uroZjy+u!Y|+kDmW6K>M(rcO^b c%n#!j$2i6@j^{D{F8~1l|IFL*UjU{70KpWdDF6Tf diff --git a/released/assets/rancher-operator-crd/rancher-operator-crd-0.1.2-rc200.tgz b/released/assets/rancher-operator-crd/rancher-operator-crd-0.1.2-rc200.tgz deleted file mode 100644 index cd66f36f83921da4ebd88d7b0a541fb4757809ed..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 7048 zcmV;38+YU%iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBVciT44_^$IQbl!Vs>H2JYPw&#C-IJ|r^NZW<8m3^IKU1Ve zQclw6Jm392lI%EtEdG%w(MiOM?KHLt5ClK~1V9O#EKyEGjuNzx6C%?e&z2zd@hxQR zhY;iB*_bVJSR5=j5n`y^&>Q-sY_Wn$$cL}4sxY_%uM24VnQck{SULw;Y$mw4w z6&3tlvi|7^^8D_fC&zD&f0{`0(@~0wNSf>F&sX&{$(PME$yuSa$gWU{LJ~a3IpwsX z*^vS6`U#YilcU)C{dnw^e~nqrK%@GR$W(P!1V;IP`{w62Z+?9w|G&O@`^zZ*LyY^v z0XfARjlBGqI$r&+Dg|u)W`-Kx9IYr%-!%%tQHB~)&`>IoS|$i9lt!tJH!QXj+9Q=C zDZdD5TKyW>rKDV=JQJ+QYE3jrexH8%dd%njy?Op9W=I5|)5X5Y7E%=Xos8dGM*Z^&+a%f0r(SgRmz)(6 z*p3iKNur1-r~bUvglYM=VkS5A+)Py?{4V*=e~*%64UDFhg04RlIr7uXi@)AZ$r3ZD z|Cl7XEG1ae?HtuS8!~UlzVDQS2(G1Imkc<5;At)>*AKsuB)nh@W(?mYrGkI-VbjFr zSPJ!IGV6qUcHt33A@|N&|ET1p#by^Ce$F_w&bVqlhdrEGN#RRo(aJa_><39nfe27!(+56W+*voR9l@D90U`K1?7vc zxB0$(O%kdx+xvk7U<+tx)ImzPeex+6DgIWfDqp-!j9iZt6_uDy>G!>C=7{|LCG3~b zJ9t#B1_OrVr>R;t@M{Zbjk{ZpMP38~(I-1WP_1VqFYo$Qt?Q;Yn}fHV@34 zaPwT}o&#bxGPoIxF*C{sgHrlUDWpVB8XX+Ffp}fv6JRRiao)Ro-w2%v0&EkzJ1z9GDGFv{0|I9# z_ba|`8Wnl@+ZJJ%`9JA!B;15Y|G3-34}3v6h7PQyso=kh*;ksOD7-^}n+bZ@q9 zPFRudJyj3)@Pk4xk!wnz$yTyyKLz_qYFW1v=J)Y8x;IWU+59(UI0HO^7?8cj*;0sA zCm{ByU8$1D5)Go_1<+|_NqwC#r;CqtzjfIMOpB9f{J7+PA?f$l%%6$<0`I&?>jFi7 zcR#;x_{9{W2wc0ZnSmrV^vcHk31|0^k$M7bdl_9WJ*pkKkxYiJp8H94BOnr1AXs2Z3z%Xc@M- zosZwd_1I4ycyNETwm!C^{(;o!ixIoQA1yr;lmOXK`&Ip46$eUQH} zFzCt|7#!wZeb11Vjz$i{+E#_ai%s(9pZ97q%yZh*Y@zT^;IP2-qRMF3w;#5JB0(mX zr%KTU-%WpUJ{-l?nK?@~IK08Rzl3-dL%&&lJyO*Zg>&|-IB^5vL*3S3DSu=&tP4A1 zf~=-mNLUy-%QZSWQxj{Fr^gbu!#Q+97hFi3tOYAFoWS>R!BQ;?r6(z_DZxo@@wR=Y zc8a=$i(f;bmy<#o=Sq6p9|DuP<%+jI;Hk)f@@VnI4S16-=@)_AAw<<5^ya+X{$bY! zRkWSofRDHHwepI!{L)m53Op9!omBh%U_=N7Pb7lINhUbe!Z>5%bpXzp08RN~!ckuf zxr(- zoC9X}C)f5AyX2+btriL=f@oM%W1JxgZAWJg!3|eMEAgKKm3G}ncLq@ik}M}eMp7|O zl&nIKLC9E66w5vcar3-Z`4We|drqk`W&*iVUlBz&oje#yZ3$^PFJU`Ea$LY1F3>=b zTka2&{yf1u_|{{kKLnH(GLkz&d1XA{WX|l#RqlpET>sXT)7vlPx@0R7YytU1ih`$F z(tJW}_lk+vNodM)-Hx7;zp{w#`Z}8wMJ&^-^zBMFFQtcTd~96M5NAPM4?l63F^Re2 zHI=#mc4j@bLMGkS%ush68ZF-3l=SQu+3MTd8`DkG|- z@qSvXr7cTPZSu(|N06t57K#8vc?lAlt1rXV848K&66F=zKV0bAg*B^nh!mPkt>}IPplq;DcLt+ReKj%uqdWBUXfA9QG z^HXzep)<6^Ro}U6U(%w%l$UOH)XZTGmm*I=8=G@@!*vg6F-G~~TZKW;GtL!*q}GPt zIMj)m_6v7!R1%-#-f_CbxVjXKHn-^tb9Uj4mT)SY`<*^-f1+C62fl90 z&~A#)9-9ttps#@yae#i5A`1rC-H5JR68#DJA9#C(#u`j-Ec`Gj$I8@eyaN`ApCz9- zao=#b)NPK;_rd}2ak+m?d>ox5nNwtGe7?H(mdk-`X+;=YLHlqBd2H!6y#Dbpww4I4 zf%4{fbZ2}L|J_aLnksu@>QLxxx9l+R@!++(U-fu2J%VsRoc>&oCZ{htd?`p^sIsU3 zs_MD^6a{a7{2_>4os}T$M^AV=w+1Xl4hw6CfL@~S5gZDMkbdFJqB~rfTotnz8@B=b z;U>2nX`w+!5Ws$A53bb*21--%ep{6qjwRg>w7Iesc6$R){LYRXq^5Qyka(rixr$rj zd9Ku@w&u$Fdh|sw$8)V}5O!`!o9-);0Axw|;!i`<-&PnTevFk;wQ_R>`o-bf)kRDc z;!Ak->}N#y?y8^_4o>y-9#U)T3f_~{_M-CMFTIY2EzTAK&;i-aQw5X_hJaM>vC z+rO#PbMSzzcg-#EtcRD!*=nOqchTG7k|=r@>dIdb?YbrDR}d>K;>U0fCvf5s19Pbl ziLbyYx8{4lP*0{$!5u~B@t2)M=Gpjbcek$*Bxh48(xboT=CV5)7S8sEAAfrU_FJ*I zcR=0zY)(Lo+;*oPZpKk(l$?p=p$mF68QpYaeu5Zt6ePQ~!jKP!^mLdR8;E89To_@DK-_tJ= zj@vZ1yj%A|gUzgPFiLtf8v6-$Ymf`nfB*e?yoXG#uW9<~$>6F47~a%bdt-Dd3I>+< z*LUM}#UaK^!Io$wy+!bxHA+>x97COe1{FVNYJMP7e3^hPy)yb-_iv~x^=R(o=SgfgA6gIXVsv9CkN#I1D=7JhZ z##+Hod{xlP%bj%G`=wA}Yw6s#J~q{L)Pv7)f2fL+dq9?upB8#~P8AVrbkU?fp1^kc zDJnM==`(qJn}%|#DQMw%jnE?^|3o}~Hr#u`%frRepSo{MoC1$t_N9;-*sG6pjiG{; zXe2!*`_%F1%Zft}{)CHB)y|{Xy0HzOz9iM9PkeMX%kLsBb;SLQ0gckItb`leEQsiE zZuq2_?nW#EdnfgFMAzMkz6b1} z6HooxjZX-=_3qH)7-8S~(rQZRw3+eFrmI zMP6g{IPK&0oT!Jd6-JNq35Gp;oC@Wd5lp;Ue`pqQ4o1Dt3 z4f_;{;4U>s!BF+pT)sMMtb`45bMa3hX1BK2U3_@V{&FoG?E^Z zGoM92WJQ4C#g|v9!55(M8lqY`xfB{n>D-)G@2!t2WK<#dhEnVUFL7~rpu}raw2-jC z*iYbW(723zcB)&YF={)b+SGp*FMzn*6};#i!PxC6$2Q>hacB(@4OeCv2L2V0?$^k@zqf|+n13zbJL_I0G(TIEZW_=+oA?(A$v$!*M1lt-u> z1}D2ESVm=Hhc7wdXR{T!NO6j+YV6ZQ62A_4j%0Hnm&XDPgt9aOeBO)8rC3wL^JX4U z4A>TV3L2+cg2qLodEf-gMTttm80Cv^6;zX)I!mal>dxTi8;3Q}dRmLjdnpJ<_28r& zlw~KpkaIxHf|T*&RWU=!QKK@X=39|9BDuMfYPcD*?fs|$pY`H~(SQ?X-~g+w?wE?5O5@Q1cx1wUB$;J=l1H0HZ{Ft|zz*ART(IYlJlp zt%Gw=>RL!+>chbpJR;q{6vH*Jod%Gm64fBeDy^Oqn3n%FT<(X1w-icq$neV=rKF|{ zoiB7MQXX13P;mi$U#_C3eyo`&F_e~Ri`D^I)HSva2~u@>+2 z6V7qSkLm}orWu~5sXbS-AMk5n#o?N?!St6ot3H&hSk~ltL$QAyxx_iWX_EPFmmj&L zYtVRA7w|R6X(yYMs`EM#v)kceH}1o!y+RsN-U5Po_M9nEX(9J25gTI|ewsM3gyN8^ zr7&g&hKP0;=_iE-jisqU=ahinzgjCA_87MfMB+xXy1_uRteVgBD50(<-EQ0$(?V^; zMok*EjEg-p1F|aev#KxapusA1tNdtjq`RbQR?hMo*uO<#ukUov(3Yr?yF3EtKBap5 z-f@c(Uvl~6lma2Bl+kZ!iACa@QaUTh$~DKjZ(K;Bw8+jNJ|^22$l_x%7tC_aI1C;V z7mnRA`^BS93O@kRan8k7FvqVnL!}|JHUM!|x=zq*+hMrC6B!noM6jI>VIks89Tfg1 z&2Kz8)N^@orXx>!F4bHFgg08ksazOW;s5@1^i^8~rdsxUYH1wxLbmqRgUfH zZ`6YbUMjB-oQTw^k5)7k-RcL2N6$stV&Em=`tZ7cj5KW?+Xt71AZeH9xg5LVKOLR+G3m0G$vyH`osHU{--^)n=)CfdYY#?yU!JZ< zOU|yxNcMJQ_Y6qv#^8#tP$+*ZmCAUSG{S5{(~+EwFn!6nMmZbF*$C5*oGmod0FJ8% zR?c5_%<&AGL4<4M`U*6Dq8SZyjrzQTihkEp{f4nzuTc8Mf|Z=$q>DV1mcI)zE2MIM zhSWD~Sq}naiLP*z1l?Ej+TACo8C6q z3#iD94C=ymiA%5WcIW_O7j*04`)K#0Uw031Cf$RaiQ~ILrg11MX&p7K$8(JL0;&aZ zcpvNG7{%OYjACAoLs`iy6myy)*Hk;dF18&3Leed;T@4&N?;_$Yf=;^;h?V@pOS|Dy zHT`(Rz0Yr}QsZK+X@;VBcI0j?$Mu0R6F1LBnn(Mh?KGo(@o0iqWM8!US*LpopT)IE zK=Kyn)_c~9*#;urc;n*)chkV?j1@|wyvVPB4;eh)fd4E~ycALo3f-yl`Al#v1!K)! zaok?b)~cBG zFE|?@LkZ3X+?1wBU;tQ>qu~jo&~T=kcYp?2UWQsyVhP}f0mT=T-&~r)Sb^Y(6qz8< zvqs8AdhsA;*e|&1b?V;LU;PGl@0P#{Q>ih|K^xz2a=W>h z3rPZ8fGi{syhKSwh}R$%Tu3|z%mkmJxebD6tj4wuhh$%uHMEcVG=3y;juJV+bboEC zkq{=yZpJS$??5OB0fcX4B3RRdh?YwLUZ)J}_CL1r5aO6K?gkuq6!Z zln?2Z|L2_d=)GWb#MU85@1f0`VO8Av31-;*@|54@h9eyu=<2b)uxe+8KLu7eJMY0z zSay22;GRQ`;$ z_s>d$E*_AkX@g*aT%Tjk#O>3(;bs~VMv?1jRk5(|F-{}XH8R{L!7Jc|g4ass37a&i zbTc0_Q2MI`uBth|(x$o-2Nh#cR3)Tuc?uf)gp#3BjW>ARriu>=avL=iZ>d0HQ({-f7LM+Kd#@*P{W&}s;x?LR&|@% zc051FIpvj<9%ZN@-FSF461fy5!s=K8Crgya1hi&&OvRDPv1*6e0j%ydW7cmMnr7slOv z>3$eFuA>LD@x|zTDHv+Zat0brir+^mUkQd^H*-GF%nyL=)bpk$q*vYit+G9K5uep2wUD@I8=0>0jdoR$`1?820h$3+rD{TiGH3@o>IOD zXP?V^inDc zVQyr3R8em|NM&qo0PKBTcjGqBaIf<#boSn9W@fkDGk2L}+D$v1$s5nK*DwX!d`*!m zNjb^v+5i3=Np_qMiysmtI*EAEo{4P&1OX5L0Z;-bOOz9lqXaGFgvj*Avn5De{yp2`2Q#W`sw6{H}8J_>8H2YM@d3J0~3p50$MXXrs79}Qqwub^nJ47mAzkE(lkZ> zKKX~11^#32S2$#-av*p&(~j%ZtP1(7$yp(R z?Fey{B#MY~>d#wEn3jJlW^zN%%~UnQ@00)j?o`19SAEHQ)n zk4citQi3(z&QZ;?A@g?Z`%XEC;93fH$$;ZWp5}sb{qP$}!VAV=#_)YoD)>hqHcecP zrBF{Mvrf2Y7al;YyuVyB}=PkimDs&m^YEH3e34 zU3fC2ROJkAOMVJJIn7EcW7so(K7JVvWxhLWR3wbfa{K`^mcP`>zj zoA2A#B%vC!y&pILwt#j<9i)WYC!cbW;;*Hu^2OW4$n{83QHkl4e&5Sxj>z9%!hQ+8 zgGbeBFkndDPSvu3Ut2(H+}(04@*)tJCfTb8tZlN*2q5(PkI}-d0^&* zo98 zux>toTYxg4ZNa6}iJ42f292kLpxV0&juC51Lz+P3@_|evf z3+&&Pj#xcqKb~#ldRFg3yXvcVs>l}-Qk-fD8W(&00Gp4LN}zm-a*gt{NSn`eyX{`h z^p}vU&NHbBoio8nAtiFs=-}85#On&508<%{^WNS2M(9isV4K+8X`z=*Q7{u55I94* zU-5O*sL0FTwg|(_|4xS^;U+x#``sRXXh!=D#V!8Q=-Tfb2ESmO`vL z0kKEzN|i*GXb=@IfKDq*>g$9#UHn4#TbF&nv^a^zk4x?sl74T^{F&G<@Xm|0E>Prm z_w)OPUrZs2z_r_&8K`ny|7o~EvTY2csci7PJ<&Iiq3I$j90aA7rwin|v`ab|gKAlt zC%vOu0;%p@`vznP*oTDC|5^%#vQG#`5hF|#>7^8Fn(oKKDrDE{%r=MfN?gvg1rsx1 zrjx~GmZZLADlwXDLphTw06w97VNx60;c^S}2#%JN=*f4%aYB|z8qa@!5XfeamSLOQ z`S?v-kNxC<2RGSdJxu6c$0Z6X8lE^J!{8zX!wE=3xV&HJg+^VmV64rkgM!h(uX7Ry za4G9CAUoXP+=YR^tWiqZY{Pot=m6OI75H9A9QIHFNYASDu-bf4>RL!6uZH!Q9)WMR zIC=zq5o5j0(c^vqSLV*Z;I>Ts0mw?s=O*ZG2mZcU&kNb;z&@PaoCmOf_K!EY;P^Bg z8fNz2sMgIg-fiwH)Y4)IwwU}1G=8EPbs&h>X5P*Fp&%=>Ty(+u|6NYIPmMQKsPhjf zO{-s|$fg>23NrolA)tWS$j1bvAAkWTD5on!ZdGW}W}-P<+7HAGZfI6ypYE;rs$h5~ ziV%XCOPYbaJzWE3Fr$p>+i9IAJ=_X6I7|sJ931#I2m4o>_Y@dxX`Fv8=Nopp5AqiV z23HLtrwuT=Dh?JQW#G9xa}@0dLYJ{UVS%gsA$1-ki7FKkV9| zinj9`@bPxOR$j4|Uz%!BfyW}elWM;oj0mCNiA2yi$poib7-vkp4!}7RpebKWIO=O5 zSJ8Hq%_bS@rHBVUx0q+WBM{Zb$||4k(amwdo9_+hPEurGD6gzXPfOgOkipGF+JnJ~ zbHMEWLOdwb4E28M8lLteoEg>!EC2U7XjtiK>1sVu) z%l%=}pC@<+-+HX{hk(*TMsi0euZ#zr%$Ys8%H42?>))Dkdi#Z3muy9XEg+vrQSekt znoo%BUNP}H2~An9+tE|92VFc>np>7LP) z(E!xgaZ)-8)q^+4Y7xbZa*NZE_d*J~1xZFP`K8{Y3%qg-oK40B?%jH0}v?7eHpnW)mJhpTjUjOAVww4I4 zf%4{fbZ2}L|J_aLnksu@>QLxxx9l+R@!++(U-fu2J%VsRoc>&oCZ{htd?`p^sIsU3 ztm?V`5Cw03{2_>4os}T$M^AV=w+1Xl4hw6CfL@~S5gZDMkbdFJqB~rfTotnz8@B=b z@g}z%X`w+!5Ws$A53bcm21--%VOy0NjwRg>w7Iesc6$R){LYRXq^5Qyka(rixr$rj zd9Ku@w&u$Fdh|sw$8)V}5O!`!o9-);0Axw|;txa9-&PnTevFk;wQ_R>`o-bf)kRDc z;!Ak->}N#y?y8^_4o>y-9#U)T3f_~{_M-CMFTIY2EzTAK&;i-aQw5X_hJaM>vC z+rO#PbMSzzcg-#EtcRD!*=nOqchTG7k|=r@>dIdb?YbrDR}d>K;>U0fCvf5s19Pbl ziLbyYx8{4lP*0{$!5u~B@t2)M=Gpjbcek$*Bxh48(xboT=CV5)7S8sEAAfrU_FJ*I zcR=0zY)(Lo+;*oPZpKk(l$?p=p$mF68QpYaeu5Zt6ePQ~!jKP!^mLdR8;E89To_@DK-_tJ= zj@vZ1yj%A|gUzgPFiLtf8v6-$Ymf`nfBp4&yoXG#uW9<~$>6F47~a%bdt-Dd3I>+< z*LUM}#UaK^!Io$wy+!bxHA+>x97COe1{FVNYJMP7e3^hPy)yb-_iv~x^=R(o=SgfgA6gIXVsv9CkN#I1D=7JhZ z##+Hod{xlP%bj%G`=wA}Yw6s#J~q{L)Pv7)f2fL+dq9?upB8#~P8AVrbkU?fp1^kc zDJnM==`(qJn}%|#DQMw%jnE?^e@8riHr#u`%frRepSo{MoC1$t_N9;-*sG6pjiG{; zXe2!*`_%F1%Zft}{)CHB)y|{Xy0HzOz9iM9PkeMX%kLsBb;SLQ0gckItb`leEQsiE zZuq2_?nW#EdnfgFMAzMkz6b1} z6HooxjZX-=_3qH)7-8S~(rQZRw3+eFrmI zMP6g{IPK&0oT!Jd6-JNq35Gp;oC@Wd5lp;Ue`pqQ4o1Dt3 z4f_;{;4U>s!BF+pT)sMMtb`45bMbc}X1BK2U3_@V{&FoG?E^Z zGoM92WJQ4C#g|v9!55(M8lqY`xfB{n>D-)G@2!t2WK<#dhEnV!FL7~rpu}raw2-jC z*iYbW(723zcB)&YF={)b+SGp*FMzn*6};#i!PxC6$2Q>hacB(@4OeCv2L2V0?$^k@zqf|+n13zbJL_I0G(TIEZW_=+oA?(A$v$!*M1lt-u> z1}D2ESVm=Hhc7wdXR{T!NO6j+YV6ZQ62A_4j%0Hnm&XDPgt9aOeBO)8rC3wL^JX4U z4A>TV3L2+cg2qLodEf-gMTttm80Cv^6;zX)I!mal>dxTi8;3Q}dRmLjdnpJ<_28r& zlw~KpkaIxHf|T*&RWU=!QKK@X=39|9BDuMfYPcD*?fs|$pY`H~(SQ?X-~g+w?wE?5O5@Q1cx1wUB$;J=l1H0HZ{Ft|zz*ART(IYlJlp zt%Gw=>RL!+>chbpJR;q{6vH*Jod%Gm64fBeDy^Oqn3n%FT<(X1w-icq$neV=rKF|{ zoiB7MQXX13P;mi$U#_C3eyo`&F_e~Ri`D^I)HSva2~u@>+2 z6V7qSkLm}orWu~5sXbS-AMk5n#o?N?!St6ot3H&hSk~ltL$QAyxx_iWX_EPFmmj&L zYtVRA7w|R6X(yYMs`EM#v)kceH}1o!y+RsN-U5Po_M9nEX(9J25gTI|ewsM3gyN8^ zr7&g&hKP0;=_iE-jisqU=ahinzgjCA_87MfMB+xXy1_uRteVgBD50(<-EQ0$(?V^; zMok*EjEg-p1F|aev#KxapusA1tNdtjq`RbQR?hMo*ndP}ukUov(3Yr?yF3EtKBap1 z!EuWcUvl~6lma2Bl+kZ!iACa@QaUTh$~DKjZ(K;Bw8+jNJ|^22$l_x%7tC_aI1C;V z7mnRA`^BS93O@kRan8k7FvqVnL!}|JHUM!|x=zq*+hMrC6B!noM6jI>VIks89Tfg1 z&2Kz8)N^@orXx>!F4bHFgg08ksazOW;s5@1^i^8~rdsv~YH1wxLbmrKU%%{CE~wEU zcC#9-ty{vX7)wMlEHGQ?V_0ZT=6qO?+dx4;h_<7-=+1OjRkbQ+c$zo90P5n2K$_9& zmCf1{DrC5$)YTDk@44Pn@SpNX;rBXE$Lc3KmWBHjGZNSR-i;PjjsEQ=+jQV>RgUfH zZ`6YbUMjDToQTw^k5)7k-RcL2N6$stV&Em=`tZ7cj5KW?+Xt71AZeH9xg5LVKOLR+G3m0G$vyH`osHU{--^)n=)CfdYY#?yU!JZ< zOU|yxNcMJQ_Y6qv#^8#tP$+*bmCAUSG{S5{(~+EwFn!6nMmZbF*$C5*oGmod0FJ8% zR?c5_%<&AGL4<4M`U*6Dq8SZyjrzQTihkEp{f4nzuTc8Mf|Z=$q>DV1mcI)zE2MIM zhSWD~Sq}naiLP+p2|7gd(3!c|_#WmC+!2G`s>*z1l?Ej+TACo8C6q z3#iD94C=ymiA%5WcIW_O7j*04`)K#0Uw031Cf$RaiQ~ILrg11MX&p7K$8(JL0;&aZ zcpvNG7{%OYjACAoLs`iy6myy)*Hk;dF18&3Leed;T@4&N?;_$Yf=;^;h?V@pOS|Dy zHT`(Rz0Yr}QsZK+X@;VBcI0j?$Mu0R6F1LBnn(Mh?KGo(@o0iqWM8!US*LpopT)IE zK=Kyn)_c~9*#;urc;n*)chkV?j1@|wyvVPB4;eh)fd4E~ycALo3f-yl`Al#v1!K)! zaok?BWPXVZY$2*Qt9~fAt&Ky;}~~l&9iaT@Fb?qgzFlXVAA>_7Lu0LausO6e7j*l2{i!Z%z_*g5?r`OOc_*Po>5<2W@=A$?fK1 zE+h$X0kV)l@De2zAzp)6a3S#=FcW-=<~9hPu^QVt9Fl!q*3drc)A*6ZIZEUN)BUxn zMnafaOCdv|#a=n-tVc4?Wcl$XFHJ})noT=PRM9Qn*80$J_`qa|7BmpAPq@|F!j>?s zQ$D0u{-1N+qxXW%5nG2Ky@xh$hE;LvCzxUL%Ts=r8;*2vpsUCF!m6DWz74E!cHV=b z#=Tnzxy0JROmeb*!^1+SIN6E1IA=p!8P>Tvc;^rA>7w4l2f?s7grR@)R`o2_-|N8gKBrPcIQvQ{Rp5vp?nWkh51G z_cFIZ#2uLY>5(gDl_E=jt+TTBoC3{CMAhttEo8}w^*6e0j%ydW7cmMnr7slOv z>3$eFuA>LD@x|zTDHv+Zat0brir+^mUkQd^H*-GF%nyL=)bpk$q*vYit+G9K5uep2wUD@I8=0>0jdoR$`1?820h$3+rD{TiGH3@o>IOD zXP?V^inDc zVQyr3R8em|NM&qo0PKBTcjGqBaIf<#boSn9W@fwHGk2L}+D$v1$s5nK*DwX!d`*!m zNjb^v+5i3=Np_qMiysmtI*EAEo{4P&1OX5L0Z;-bOOz9lqXaGFgvj*Avn5D7OVS z75sg&etQIYe)rFl<2T1|k5W`b(p*=6x~iv0zHFvQ&I+YPc7;k5lHfVcDW?^^jtnr@ z4>D9;2dvRV^OlHaCZK3{@fzE6&o23@FQiICnNCCL`V)!o1KZI15~r6uKyh946~ zk?ScEiTX2ScyFHHiy0EZ=X9}evV{~yekbSmmQnw_!Zt}Z^r;tJ{Uv9G1hyl@QIaSk z%BeqZHDOx*t(eITJvUR;2)|GM`@f?kSp%bKrJ(B%MUMRR^5V~TQ?kSi>OUq)E=vj4 zbUQ~i&xXv~vF|(OAcAWt*d+swA931qZ>zVnO-h>utVoUz3Dt z%=UiZ0N4WB8Fi2nZl8S0MT)&B{6C>9nMMWj1Q~G@`n>iwXe+l~~^bQ_XtHFRF zc{^3h27YY;t#NnDvB--+V47sF9+WE$oM6evL#&Iz3|S-pJUr=b+~$Fq6K{q~>Z@}Ue$ice#{A~fs zfVKsfPA6tA=^8Yi5`t>)E;!EKq>A%m#wZzN`sscD;o&%3i$&t17aLAh*0%b{iM-8q zHxNz4S4av;^=&JQD>B^`$~7f;C0Gw$gF&$$E=8J@w!69>Yyo>!VdFKDqGygjsj)a@==nIt$IyYbG!^_eG5bn06oq#Pa5F&IB3dwJTK; zS)xHyyZ}0_EUB*(=5+B3-EUp?0n_3n8b2<%Ur74BHS=d;zrZ^$(z-yA-`&se8-6i` zC<51RYi6Lzb^WK|2FbQDkfyT1^Y%pFK!&D^sBjRJTAnVD>(VaiU<|5dX`b|sY6+ye zckLUHAz&X8M*nLm6v{p!7)6XQQKXkrtZBL*3#*V_t25gi&MR>_(-ut3fSFDfmsyhf zmZ`*OvJK@-ssQ+e@`XulY=_G&%p*8jQlcl{1;+_lB56GT{Xrm`Jz9osZs+4SaXt2v z2OivHll3s6dmWc3sAzcNhzx^^6bvUI4dL>Bp%)r;#e%UmqYes21HaBm9KfZl$AIi` zgL4-K{<20XX|oOMg`)#t>sR1=A#vD41t2}E(!*-=MX75cjl3GxV|oO>+2ZIC^hJ#I zHb;;90bH3o1B2T#@dqF)F`t{DyB+xZW<4)tqXYYJc5@!U{@Fj?f1_GA z%XqiBuTV>iA=qN_E716fX4HWoUYmJ0?}vh{%yQ8M>;HE-?LIZ$RH4p4pfs(1ks_OF z;3>%T(}#cpW+NXHkbVFLoS>Yp47pXIMVpD{aA`jfGq|Byk$t+i;;Vw;nJ7XCW-e(4 z^7eEMl);QLs&A)tp7d}l+~6=Jz;JNj+Z^m)ZQfI0u%&VSwVZF*)VgpLXjYo%TuN3g72ok zI3JE;>&%=b8yw!?++RYxilN`Ez8E0*OcHSw|Lt=Q#(an!o{zl z(9207jdLZv?GJ&;+;YX+AMjLUKzX!y;s(4)m-LH3?hvBt4|;RnZvU`rgDTq2Z@|af z`C56!T7GG&MFk#<@J_1zelQ}0f+rF|<0KQDYGIr)@j3wKOn|0*G2y7MgP88d-gsjrBln@%1KrM85$oR_d2AvrE!4i{)3$SwDWNq?T; z9enGt(jNj!3mM5Bp}aC4a5881wtL0I z>m)Q~xo$^K$zNGScYU2riXxV2R{D0Oo0rnVH9j^jXo$0*u7{sE%$USn@tR6q06Vju zS|O9}YG$arFTR9h7w1qgJ&An!%>|1VJJ{wcVs$t8EtL^f(s)0u)zX$F zs5bdzlq1N~LJLKJp}YhM&DEFT>I{WMb&2u{b4H0nz5y??nZaPl;HG;%$*476Phg~=8w&jYED(6l*%^xRq~6tg-(B2dNpbL|8e=2UZ2 zf5DD6XO$OR*=BGvEu=Yl%?ohicNOZRWaHKBg**mBBybkF(h?!7I-ys-;EPaW#&y@J ziRXf>Pd>v-$hf)`j5fFF3UhYhjh1jKoBN$UZ-1g%-bcP}%g}C$&mNl& zZ=kP%6>)(6B1IMqu)7gmwVDPZ(ewzy0de|sJ(`@p=u z@9WVQ!5q)EszKPfC2hK|NCJ>0<%>TIO@CWqkoYlHO4Z8E73dd-Z&w#FQHU?$)w7=w z;k&DXRya7-(|bs*tt)s>QrnNhRCjO5#^eCC1Ziy^)Grc_96&H%&ckJ+xNrZaPS3#u zw%#?jz_T7+9%rkKGTlXQhfAX9VW=yALA2|Zq+da-u!tYSIh??WM-0rRJ|w;ZquiSB z{X#vNJ_UCana5vt5}9Y?uif3gMv$CMrAUwdnw!h+XjnMgAAbDp5!i3V;@$yu^Rqbt zF>>3Tdbk-!ol$Zol7}wn(PVVfjs2ZG?sqS-JzSz_3=Jo#Lj~5$j>2$};$<;oR4u2Y zNwN3Kj#&@Uqe)x4=2UA*XN7j5wtvw}t3?dq#D}`nO_Eex^J|dl>7^w^JK9}6+FkCc zVfAQbSNI~8v`7}~fL_wZK1}@6$A(AI%R);=tJjUL{<(J@uxlebEwb@CV3@QOAFuqp z7zp}h>kfqMGg{(MirNH}iO-12VS z3k^22!oeu%(P-=^*sVb>Q2+JU=kXpgxxS|9t0#l25@2{!XYGyAr6?F!-e2F1*A<5t zF9lnok@Ob9bJi$T?Q#rt0vc5OoT&{O-@ZMA+tUTXOO%Q#ja)~{dX2Axd&;EF)7Y%o zhYoe+EUK?C7ctZTl~pIJzAhRZDW3~P<72U=Zc*6SdZ=!Q7$t!dd72AqC>d)7Kk-#T zFE4k}aqpKxg{`G?-}=~8*HI5X$NixyPVNC&LVjB48GgNRHV=3 z@ogH)sivTX<26E$i2NP#_}Osp1uqX5OMmLVF>wk!dfAskYGAKE(lv$(TB4EknCw%> zqc1BCJ@^wYMpZkHV(Z2>c>0o5mp<{)*(|?{wA2yzGX^wD!?F@?Y_lMu!;vqA7JQ6* zC3*S`LX@SIb1h`NTdMf`^vYW@rR+?Z#jkbIwa{{eyOR z)x)DWYByRZqSd2S!dyLkl1O(W2);gvrMuyiV!9i#2<)BI+Yw!NC;A?+gHAm4YnK-U zL)X@M_kZKD#m>bPyD{q4YWNmF>_$iVZ;x`)x;$bxIwGHRJ0X&`#S^;`djT!Aa5A2c zj-$iwv@Ousji|ESx_o0dVoOJ>;*Q;jkA9odkKKrke{1D*__n1thV>oHXcc*l(c`p_ z*K?vCzE&7L&L~SiTYfA8xR1fig6)SZ1M24#&FH(y9aO*dd1aERGt2XRYB!aut z90fzwS9AI5tg#X{#LdOug_zyiUU%)~-eMs|;Si~RZg*A^7gXuEN!1!T@QCHTvHMwW zZw?Rs-cZhB+!)5cE~XjSUpnm*ffe4C--?OC*p+!Zav>sS;ElXRmB&Bn6UcI+Is*q8I+#5=Qa0%Jdcvq9rB z^4Y0wmBy&;jA~Q=S-b$^a#!%8a|C0zqa53S+sC0bL_CCG+CjA8K8zQaTvc6tJc$@3 zMDeZT(Hv}rM$)4>cnD^~eJoTSwb<8@a%+_@QQ|AEY`L?u86~$dOHm%7au}TKmS7o` zi5B~63iKJj<1{unJ$`ev7aKNMf0o|m$PEgoEI>9bk0zd@u+XDfUXhNIJ6GVL8)sY zjj0a@WAKP{|56Osz;+ryno3lID66!3PGDO8*KoNX4&G8I%^|}tYm}0jE|9~)EKfhmj>KBL(@!|ZAwQ}g zz?x=wnx^(#&3?eIffa{q(gxFC=B)ZqvSL}2;|<0Bb>tG~^rlJXyIp?dlCDAHRb9Z> zAg7&dQmW4DM9gl7huydjr}heINO=ng=Gk+mM5Tq?t3+&!Vfbm{#1e`_u9m`>85knk zVWgiF8Z?%s2Axv^djD#zXxL-iHV}y$&FTgN&9Z7f&!dF8nsmEyUrY>L#gXoks#!V9YheEog}uJhJwscfM(*+mocomO-3P}lN_@%X zlT!+Wpi)M^p(PfHZ%XN`AS>4#>%MUzh0-EBgZP+iUm%N*$y_kYHRCXNNL)B}$Ltr6 zIw|}BM8`Q7TfrQ^(hQY`%-R6NRp~lGuWg6n0#9UEXcED8I)sIYH+4|>n>4@iA6&M5fI*J38!*lT!sJp*U?vP5twS(AE>2q)C<|(k9_^ISGk}@gV@b#w6<;u zt70q>$*{m|rH^5uIhpfeL2d&D0U_Fs=At{(Syk1lnBi&O_yVYlCjx0kt5-H_PpFXL zj#5`g$i3%!Pr-l6BZc4VJRPf_=vWr+SIkIU_j@;5R5kjymu%C4zg0Q5r@v7TB6z91 zK5`;br#@QIP;{#w93DLvX^VlEgzLjY%h|Wwpmi_>%0BHB4yahVg_^fDQE-9|>>6&> zWx?1*X=WOgrJMNyMN0K2F>LhN>rCk_s5%!ig9C`zWpH!q((TbFZoQee4qo>%^^|_^ z0cTfj(C?1qRRwu3c=#GRBBOe$ZL)rUcs^7x+{xLY8IF4|dRegENY(B=2Zn3(YCPY1 zPm*@~l58x3s^f;|Qxz><#ptxW)(Z?kRKEuil7tI>wRy(o+tsI$u#GT%3G1&D>oL-_ zd2AnC8iJ%BNcCzHZ97`_`EGjKU@xE|Gcu?P z+a)f&!rP$(j9t*Jhwr1^kAB@fz?pOpawd-N2ARg8tfY0+v>wkf-V3M}#NmCchhr3T zpD~JgJq~3huTacsid<9e{JPk71PDpDz;-oo?7WMJw+K4zMj%%53oq@4Pu29}5%)g7 ztxAoHwWb-0;@OeAwH((6#!TEi8)+Wxi?-8@_Qj(KUXgv#>SvwqEqoT&A_2);oLlc% zD`p#rbmNVW6WmP$t20(8jq)PD0zPE$d;|WoNbyogJt%ai%I7n|wG@mscg1mg#iJtc z8BGU!!(+V68!z)-z$yp6%!{fHofHylHZnal(K%OBl9+lUN7VFocyarVYR{m0CiD}W%pBv@!MRV*Zmu;Z+_J*15WgxR{VtJy+x=7>V z%+KU>ocmU3%$j@k*c278obq0uEZ9DZd&V2v0|o_i7mI5YyrAH8W9N;KV18kE^QRaD z)MwHBo?R$79M}Ntz=8czKfpT(q(OFw0~=t2Q0jAW&6$ASU!x~NV%pq!GANMKLJLK} zVAq8KmvWVX`nz8srk6p&K$s69JR2ars{_gxre`yQ0{H-Bh0TQkVPLI_S^t8w0Wy@} zY`{%viUbCLB{>?NFbWN4x_Jj^kmY5lB_);sei%@ELHW(4DU1~ej!2OS0zGS_T%;Ed zVut;Kt6rz>UH#Q>VE1l0TvMKkYjrs!35{-HkuM~q#@FGkIM{rsR2nX;>@o3&&$@5? zmz+W0ZrMY)e+jwjT~UY>&r4!m@Vq%m)CrbL04_y_8b6g9;~cc{4JWsoi@A^_zy-)c z0>Mj^RD^g9V!?&PbHGgSDVp0Lc*bgM>u^Z+by-9Es88cZ66Yw96HNElrWy%hVl9OX zi57e1q_ZB$K$GRio4hn3sc1IsEKx+U2Zti!GW$G>kF%PR`@os!r6Hbh8p*7A>3*`D7b0%(|<_$N~kT8l|PpgWBeUEV(nXZxHHVIwE`IR=+oj9l%i=rwaealnO*e8?>m1?}f>ps0iP)&U|y3hWU$3xCueca331`&5) z@~20xm{p1_{k6`@+H(ptD; za$Nr4c%!$b8~eXnQ4Q+BpB}MA-Ag)oio~WLe!VaC>Mm=PtH0!|kid4!I7$*lL^<{6 zZ5#cx{97@5RQj`#nB>3zJF4tnn%-jDc zVQyr3R8em|NM&qo0PH5*>|~4liuBvH^)x9ZqvlqO4{cUIFfJ$0xST^ zcJ}OlzlR^PWn07t2@N=@e!)AvbpR(5`ENz)Yh`{W;5 z7Wj{yU*V9U%7NhBO!ucw-71aQ&YubOK4Fv>H#NK zlZhlJZ;oPb_KvZW|21Yg1C8oOB2(2{5E%LY?VEr8{O;W&{{QEjH$NZve~hus9FSAI z(a6hxspHkZRLNlLH#5}m=4eHE`o5JJjxyAcf`(Fv)O3T}sL|$}_==td>NRxbV+5?(L{GluVzQouj@ux;XUEQNY9 znRUV)yYL92kUM9se^j2OMY9W!KNGY6L!uvige!Gc?S8ODLk8akKa-du*A!TN>cW#D zr7CA|Tb`%zlhdrEGN$cxo(aJa_><39nfe`X!(+56W+*voR2!KU90U`K1?7vcxB0Gp zO%kdx+xdY5U<+tx)ImzPeex+6DgIiDDqp-!2e}?8Dk?FZ((gNunIrPsOW4h!ckrlM zjRp+KPgAvQIj)de{ZLhQ7WcjsG#d}lM&gJExh9lzvEO8}Qqk)YKbKQP>^Z;uXGfsP+ z!OduLFQa@kSmoVRsnKnkN(YF>U6%NFfl5zvp)VTwWH|Q$1@A_c{|bv&Afwb4eOpzg zdKeUt=xf}qP&G>|W*qekT$p|pC$vx~&l|r)09Z!6t=CE@P?mM~G9z+H*P!u~5L7#N z+;R3cF_{-LM#(7CPq&>a56AwRaS|7U7`Cc%L8y zTvLKqf(_tGFz)Ve3a5$5vpc->R5lJ>@X&zSi}u-iG#HuHLF5 zUr0!CswHS#>~xOUOv+ROT0IHgk1HWNmb~a2~G+rk&{-hkKL@f zuJ8#kmGL?s+~?T}oe2W0322-adf65lFdYK|XDD|IzJ3xFdHLH8zUlej>3Ae;Vn)B; z?cqnhpd3R-8`4zp-^A=I%}^BHagk<%0XC_g_kt5vq&sib{k{C4&`ac+5@^$vY|>A` zZjxHo?S%O@{zj9;X(pSks0??2ClCX&*Em}WvFZiH#mPy4EYZL!UI3j|meeuUIbHlh zcWakJz_b{N#*fR>FC_im`S53AH^VzG(z-yA-z6>W8h-wZC=AzaYi6Lzb^W^~tZv&F zNK@Hjd3&O7AVXVpJ{$z4mZuBky3|X0D1&NQswab^S^}w(QHBO&h+>9>G5lHzg>py; zMiwJX6zQcDYntxH!pdaV>dZEW^GaOqv;`A0V5XbJE&Nx7-b;)o8&}Sx3foL5Uzo(k zX1GL19>LL)5bX@fV4zmhl5^d)YTD;wHdWjFdF!EPT~MAc|8VXhiK8A8~Do_rKIgTtQU?BfURGF z?}fy1FBO3Ftjd|K)fc6%g*2YkuolxJ@a-DMfS^qoRD%I+_Z|-exKejU2DdrHAAqdH zd~Sm7cH!@u^}LX+2JFMxZK*rEX8(AT3yx3Sps`T%CVFsapLaMK;yIQ;_MW4*?m>Mm{DW{QwL& zK{;I+5>7+2HWTgc(qSNGa6_{q`?R&M$f$apJk zaF`NcI6Cl6HruZ@>nSkUQaS%x&NuFIALK8L47xG~Mu&M<_&BDfqmje7x>ccYlcxB` zR-u}CPMer56#fAm7MNaCWj^}$kMCsfsMa8GBZoOgZ?WqBU6ZA6boS!p@i=tEmK&b_iBs*sP_7fY;6mbL zEm)D^1ipuJmTFljJxOs*2~Kj0we2&tlh-Aj{~8LtoD|YHS2EcC5SYv@A>QGDry>K& zqxlmX@b-G1p%BO&TvWqBZ_nEu9(JuzMcerXe7v2ng;%WQm#SJ+;IRnrB-*!~5g`OT zkq8n z;VNjG5?a@NbUz>pL6YS}$Vei_iISBIG6)&ViDKyoAtKLfl`nDZ*mFviF%!s@`idyp zv^QcXwZ*07yoAjNdEx@*aDfJb+!8-bhO-3k;9IYi;Sf+-$Vlc0<(2Y)lR2{|SGg+= zaqU}EPVcag>yoWVum$83DGHuyN%IM@#T65;o6wZyx)}o{e`OKP^>sEWidd>yY1@@% zUP|{@`Djeg5O+ac4?l63F^Re2HI=#mc4ob`LMGkShoNps`x35QoI}C%B=YSy7c83Z zV3V(q3&EVC7%%O{>aXxyDkG|-@nQN+rX5RAZT!h7N06t57K#8vc?lBQt1rXV848K& z66F=zKV0bAg*S`Q|g;{{P=*?Dc zC|5E?hQ#1Xe$JJI^$M#({=v^X%}>p>h0f3tS9#~MeMyIAR$j8%Q8I^BT#7seZEVir z4cFbF#Tey_ZxseX?>JWsl3E&m<4`AN+5_(1s3bnuz2lxG4yE*+kR8z(XbTO6$rdW_ z1F4YEwB3XB+*&9UvpPW{P{sOl?K&9dR&x`7!LBxEkr!OpW^gktq&a!b3vl8W3iT1P z@oM%$UV|YLIE!3qiI7##LsYilix6YRb=Rqh=Yp(I_U}~Hrq>(l(5>CbxVjXKwzugD zb9dp5mT)TDd#gTgd!kz2N51ZQpxp#tl&0Xoia0=jks=EQ*jN`R{mpg~l38 zZ!G*UDaXq607DNf5uab(lu4~#MH6S*=*T<;Nx-D>VDOStLYJh zJv!;n^=fkZqQjShIEE^H`p>GK>km=z_J<~d=+#*X!hZFH*K=#YQsl6(b_f{6`yRod zkO=7)&MdOS^^mJ#7GvWYupe)7%as-ybOZ(*miORVePp0CB_B3bso{>K`-L`Fw!&_2 z;ECVek%QFKE(8*_;z&>6NUI3UcH4J5x%=9=!An)J-r9l+PZ=d#I?f+Om+9bcFYr? zmLRRogN8-I@dOaem-BGhDDK8PjQ?a%iNi-hAg%`NZNy-;T}D;$)P0hPvKoZTAa0`*^ieLln?lk01m zzIrma3IT>Ub=Ka&yA%Zj%lqs1<8}EV4ne_=Xe5Jq@SG(|Rl6KRoPY)uKWC~zN@Jh=eR#q#mPM& zOUO?Py*#Iih&8%MQXflTGyN2mn~3z8JibmtIn@-ja10|1h{)d&ub<}hUhwjAvGk`N z8WShSqnCauqz3ltJzWP^K}R%_0h4`dfAnQ_LihfLi&53iqv*P^6`r9u)um5-^kbIa zd0J|Z`xyforD0hKH?~?3(cs9JLJNNIdnI}L3|y3@mUAs+yeL)teR}0B8FDGgZ=j_X z{za#n*11eElT959t?tKY8FS7{?)-ypc-6zBIO=|MPDHCmr-ZqB_#~0uk0AK^B$nO} zpA^&k5sSdyNxePMbvL57fbDhSsb9OiAQ-x~&fETt#}+#mQ{0b(Y^{cG0mS|2$^YF^ zPCA!I+>f5fC;e`Sq-*iS{fNDQj#4-|+>ef<$L@43(6}E_dAoD@#{G!R9i56h?niv| zyOe(1kJ$Kk7Eb%GTY6(y$6yXxk=Hm_oc8g0Zq)sk3I~hx35Ek(oC@Wd5s!BF*;T)r~vPzf6%a`AT|X1BK2T?dI< zETkwLJoV2lW+ib!m5!TKt&szdSl%1EpXDZUxc6~GIg1f7j2|wh8Q5Ps9TI^R-j?5r ziNc{P^Je5iM9jcDBxiO+BN;F`^I7ymRsOQDgJ#?5*4-ugj= z97M?0P>OxzB`yvRlz45577`X1`w5%|jmyY)r@B=dqqZ}uRsCo20*Fhj;6>*M#%@P> zXajB^`_>R~ADn4>(T00JUR-h&b@lZmVw4cY*NzYBU?((^0oB2MP!qPXPnXiQk){I8vC@7#IHl1BiS6t z<*`5mp)8F6pZDT&Dc02RyqO0S1GYt;g2t(qpmEWv9yq~r5u#EsM)~4f1=Yl-&K&A0 zx-+=>#$gS#p4P(iUIM~VJU9slW!VWY3C#iFhf)CP~Yc9LY{Zeb(+1;BDKV& z!qGGra+D(~h3Sg0=66KgDpN9mQp?i?a(!Buq8=_GU8R<1IL=lypv;k)px}NtW!Z#= zG}gK_m>ck0&$O$ah4VQQYw^x7?i`2ws9^wWn&D}h+H*CB0lx-T?5|22On#ZO>O=90 zWlfF|irwqTCC=$h8_)L(e&mv_LE}|jz}Ld3y>wEl&g(?XewT+`xeq7y3Ta4r3kc@f zpG=8L3%OH>*bau_r-{>%P#ki#6voWJ5Z(?W{iM*Ku~aqaoD$HxS8GMX?&G$BNZe>v zHyCK=Rr7rw#nsg&+l~8TTBwcKs7b4oanWaHKvqS5R`q2a)mepZl^-3hbeB}k%2-|l z`?o0U^_}h++7dN#mq*~-r&Mo0IBrqmOD>SUl>a@I7E1=Ui+BbNos(R2njC0}xlC>jb^l z9maD!k#V6(1l#Qp79!r%PT_CT{Kk_*J(tJHbUc%uOEnh(;fz1%0#^R9-3(Qvf7#5n7Iv*C~#!(OuqU~xf z`X4&0s9F^>Jk48Q0CllMAkAp?%4Tf|6*Ama>S_qN_go*y`A>Ny_j{eEW3>|<%fkJN z8HwwD-;WMejsEQ=yL901RF3UwZ`6YbUJ9>|oQTw^k5)7k-RcL&N6&@ZV&Em=djHUJ zwk;d9_NGADr=7wc6-##z^R^}mPSAl}!>zh37`rIdOrx-LQ$L_css1F!^*(#uDT6sx z=R#(%2Ohf&ZcbggJ^J{qn|W*J^&nGE>GuI}c9jOh?nqu$kPm`~uc9L|s;An<>)XTg zp@Q*l&K}Kh+f(=HhZtpoTT%%Xx`ObTiblaDt(Fm%J8=g;9ba)k`*YY|qFaS~g z9z;kIF8EdRjLo;JPY1%b!t^Dqzf7#hfu`+a^Wf4LB<=G&mt$A_r=!+*+rdtB;(>+p2|7gd(4&JR)-G z%0VG|G`t*AgX%<^j+R5do8Hyg3#iD9jB3L6@k_7pc5DY@A9U;C`)K#0U-x%#CjFh9 ziQ~ILrm-(8>FhPF$8+@e0;&aZcpvNGIIy|TIIwv=_GKlnkj-g|TvP4*y4Yp}a7lN- zb~Uo^ybp_aa5~+OKu5{Xy>vf(s-_>0xbgh1A~i17nr0}9XGiYNd|Y1`Gja25xcQ)8 zbe-m)Up$)N73mk9e%32);j_372}s`T+QZUxu702xrkBYo!G#%{?k3%r;5X^f4s~kC)7gZcO2_)98 zWO_)VbFQW+*W*1YbPri%(Ee;lc(4a4_@d>*>yUzTplo^#`4=POxG9DU?npL=9!P5E3xsi6VoC@;nY?j);oDQ;T5)-KZeAiQ2QTfYwBHL6gso-aj~m=-#wI0fU0M^To9?UQlqlweva%En&n^@k4s3+uz=8czKfpT*q)~Q= z0~=w3Q0jAW&6$9~U!x~NV%pw$GANMKLJLK}px1=~mvWVX`g>R)rk6p&K$wrgJPnY+ z#R26D)3cdDfqVe6!uCRdFtAp|YUHYD#b5mf_TZYsHRY+eR+nRv z&}bGG`9eZ!d>!73gUyCYr6E{l_lZAz*1fS`at1@2We?&0CFE*wK_OB+FNt-*^Y$cB zCs-~HxD**`{8UPebI`^&oZKQ8b0JB90LVfD!Aq1>gm?{N!G*+gz)bKdn%f|F`f6fJ+wYcYrdl8AIg_f; zITM@|vb+ykMV|ehx~}jEFqQwo+WBXtK^G55)3!mdK(5a*XX5s0-f%k&38TpMw5nLx z^%$q|(6t`8Cc!J5$Wc0%s}a{61b}7{7T#EP8>vxMNpNHzU3)s91==~ zO0`Dt`cE$rR9oMT{m{o!-{k6`@+HniC3mu7&K9N;z zT)zYHM}Jy3w@|WvbN{buizaoIR{cREdeg0CDlKGr66?PlO(v70ti-@@l^0 z)xXp+6+f=u%uvIdqpGb+a#nSl*>pTV$2sK{mmX!PA#E(Y8i`zr5@B^Lfs-Z5V**+; zJf`AERfZ^i6U=}*Hk$$$QPRO!7m-8wEJ zM}B&F@#otqSz>l)5APC)8zOB+o6vkjmSAd+iz#GK+3hBf(fkRgiP}w`aIkDroPI911a--NTMBw9!}}`d+xNhS8u!-gV6(Q-mG%bk zv;yj&yl<|8FpijAtuMRH)D~npSQ7_p;$Tf|;St@Mcr10_yI*^caCf@*D&biF=cY?xw%p=iA-wsNa0m^%HK={;JMEI?NA;aTtej7<)MWKL7y#|K~Yya{#IV E0OmL3oB#j- diff --git a/released/assets/rancher-operator-crd/rancher-operator-crd-0.1.300-rc03.tgz b/released/assets/rancher-operator-crd/rancher-operator-crd-0.1.300-rc03.tgz deleted file mode 100755 index f094bfeb2abca74e296247a8c7f50f682a644377..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 8587 zcmV;6A#~m!iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBRcN?j)|2+Fs^g8eIb|y3XoRv4nb~2vH#eXZwJR`a!@fQs} zK+AT{+TZ=GzQ~eoHJ5H0WV?BoS+OL31r$|9RZ$4U@Djv?=OB>cVuD5bud^i*>i7<2 z^cNrPg;us^PC>#_1FAPGFIf3+D((uaOuPsTM z0(+PIml6g1*WRx%l!43*IguEn=X>GLMonJgXD$4a1L|ANHt$a z8qDpuV6CcKZ3Nm;vT&P8Rz*TL@m{_xpTj81>I9YLldypL)>M zUvgRqM7I-hlq3@Kvg=@mr`E?Am#!qmfWBnc}hMKcQTl2X7w z`mn9zvMsrM(wVWtJ*)5tk&C^();}tFY0<30cei0|jy;v%Eu4 zzE}{p_;#1?Th}BZ3bMT)SO6QKtw~2hpt~oZGM>W6QdGIptz+c6r67rbbV`2iWiw0S zcZaZlhu-56xe5jb_}8giw(x5QwAR%v+afPK!L;qYx{(Ym;BxQQ^*toQq(Tfsxn)A& zQ8WYE%Bl~I3KL^HP-aD&<2d)|qTO*83@^Vmrg-m}HShAW5e>^YfF-um)mUJGG1u+d zqX(>B%vh~?hHit&y^OG6Sfy^N%;+{tr30dNl?D7$fK=0*tII|{Y53lw;N6(=-_YU} z$SAopzpW-y-82SB^fB%?sG1=bGY0Af4otlY4lN{z^TsdX0ZU7_QLXrbGK{;|F(Maa zjTD?>407*^TlU^2Ci7xO2@cZzbl0i!upRC(PQYT2gRQJw5b}ayahI!p5N(q$0T+U( zyH3Z@$n!2itOa8sDg+M7xl|Tv>dz~YuBV{TOVN(!m5MOxOZaZ+%|xmfk?Nmk^XafS;a zfZWWWpOxJc8%0E<-jd&w{@(!E;saFrh_)DoB? z7`53-Cg~^9{wXz#+lumC`n5+AtDa0}MXAvNjvyLhZ(z3MeANrY#>t5hUV>(;I00IX zEU9CxbF%nA_FI=jU>XjI+K)@_=Yss~%={VOzu~P1X&fNW?~|7HH8=l7lnvKyX=X^4 zKqB_lD7yhe4?5E;Ep%dI(`+Ink8qSASWSL%1{1sl+^YZGA%M;v4a3y8L&(oM*0_6un>49l6H}Nq zASntxIf#UzMQ{oeBn(m5;m`{Os$#)di%~lTqrtCp90$1E>oJfmqDA*^;IC^Cg0$PP zPBdBo8^3~n76QU56@=2WDrdGfU!=U@Ld&auPfU;C+bxa(p>-KlgMqetkB0%S%$>k+ z8zz2_@QTmpI&?dQzpvNxLbM)WANFoa-Pzas#cj?RJavcq>HSZlRQn$9*Y`CjVK4+c zbbgH#d?FdKm=LGMyzlpYfmix{(TD2)cQx(bHQZLN&d;bctv(2zO%-A(66vS+9yge2 z`Y1=~dqfe#Af_u#!m01AO?kV!bQr`8-IA=xKJAS7x}b2z3m+RZ7bHXC?sSa^MKeN) zx|`OQN5YM;p<#*O?l!e_+L0@BOsnvc4>*xa7;(z!U5k}TM^`^)oiGq%q3`TXAT zf^&a~cpXE&8P9sSx@76^uxF%6mxJ#sS_9?&!>h1I*cs(`HC0@og_g5yy`wWZvAR1j zlEb6R9DK|lRDOO+_3nxwEM7$&*lwC&QhmDk0e{~8r)IVps;uVk?G!Duo! zgm{MoPkDw2i{?*k;LZ1Wh9V%ha8V71-k!HRJa%nRMO*m>KHkdL!YkJBOH(Z>c&v%H z679Rr2p<9-3qT4c8D~UsZI6kQ0-RHh6k&@A19ij2D%y(D*(3wCCmT%omHM|%d5fCOGnxQHZTtY)%uL3)|SvZGk`fse@ZTINd#9eYlR z)Mf(N&c4KwH06yb2xV|-Sr1{;d~%$}94@2~24;vKCc~Ws@9~XlWjF$);v&*MUP3$5wD3*1)^t0t>rW6u4ab1B<)L3yD&!u zRg=itZ_a5n-@ztdA?KW0MKNBQ#_DhI8*WBaN#n!Rn@l@iK{f49N*Ewx6 zK!g^00cK-28+SuFk||KY8dvgjzDZb*u)4@UIKPwpRDZY78ZEJvcQ(tHbSP%!B%3WI zvtPrd$Wx@W#W|dD?HyW_61MnWQQ%d_*;0_y((pS&bz-JD;OcVJJ@m!b`#ypEY&3J5i9hF;+_C%I+vIEDhhUFJqDre}`AklSjn27X_VY zuqtukuxm|)`Ul#z!w5`y|K@#64vkDle>Kw;>vv^nq^Be>_)7pi0{KW9LI@+56tGuR(t_QnDGk63q8pU zxpBuW^Z3hFTjtrE*Y2aQ5q3_KcQN33&F;uA8!2Z;MniP;?53r{YzFJDY9Fg zy4e{=y-Bj3BnMeApvh<_8;8?8_OX}PCtNH^3<)QQ#ihuX?S)}Hg{xvliCj)clVb0e zEwdh?dy_VH&8bp?%nD^Q+wS+!It?PkA>LO|H%U@{!)}mBPp=Fv+R^SB(C)HN4Xaxx zyTX;Iq(ib;5Au>O_F>|lJ{F!tCkrhZtzNr%bUrls1weps_n_x=P8g!(r$uGf zZL>aeZrU^2)HaUgO7?9+(J7h%9d*P$EGHdNKQxe5r^g|; zW0#X-(%JKp^jWc_>#8LiFN~#&|8VI2@g@SbPJCLonp>R?>7Iz~Ftv3#n`gthinzIF zVo}V2qMsJ zdqZ=#ZQsdwCIs8vY4A>J2cB>fO))98sLOu{gdVmg+QbW-wt zJQ#{BM~;&@;K4k#7=x6bc{-@Ren!V`m%W)Hg{F?typF_mvv^QWjL(sKBQfbNg59-m zcpBaHZfF`iD6)-qap0}t_pvElx~6Aq>BmAozS{DT;|wqy|^>!!=Z_FDeV0%F6C9_$_~raku&Pn zd&oTp?QPOsjL3(-?BGrBEec(!tt7`M$H-kWs+)n;jp70=;EWhd3ZYrVKCj^J5 z?l9-hi6MMntC$g|#k;shxq_ma~YuhMdO`14L9F+M(|LTh4sWC5cbPn%LzR#Fj(# zZI~!E6@jHWCz>kmo$wP^5%luP8CtIWl1snk?d_L7_N=R@iqCR=h>TMX2rp57TBzkY zk(jT+Mv}Um1UB7I>qwd3&g0uOgb_uM;+8iI2PEX5i0Y@|-b+?07pny8$c{%R`;rTV zY@#(U+tW3=3ObUJ4CX4>_@l2X4n24c7vrHB7RA<$ZSV}WQ$zPx;%xMLC3*S`T$H7ibHhcvC{_G*dgZSq<${;r07EkQi?04?ozOj4 z{YT5%=i3&nh@Eq8VuxhL?n$nlQe1mxEcVEkbgApOZC>bgD>AZaE>$15E!G5g%m?jx z)ygdw)b&nG*n41ZFW7pa(CzB6^AcOvH{P~UwpPuxCh@lQ-2Z*E5KeN-kHK6>=sW+1Kgoac@`sQ}EfH>0N+9;uZ_L0zuC$W+h-jq>7tV zt$-mG@x_hUPfTwjhX)@w6tfr+!}#H1lA%RZ0#@dU9mWdBhC7 zF*&m%8OeajnQ`@pC7}`{3YTABr37Cf1ve-6`SrNYG#3whClXxjf#)IWYW2ipTp@~Y9gpTH%6Zi3M{wj8MZChO&pxdvLknYm&D6Sp6`G;+c_TyO36SB+dkw&!^S90AYt6N^ulTV5ofRoW+%f~hbgEXv!6LA)V z8Hmz;yeeiO7$}gM>pDhawL~^?>XvA^Y3)Zl;aLwZjGZ7Lrv#(cd2v9|X_C<#8O@Q= z92w1#re)}MS_pF<+7O1wXbcTt3^mS=E@leC=5sZue4_{0~VU=7;1uV3s`@ca{B)VWLHV4=dhXey0QDbYu#e1l_@n<71)A@ggC zn;M=mZxsl3e#cN2lACMTsX{6w>SC5(@pM|um_FsnFY1y@b-Dni!f)K_Qo~h2X&s=8 z06aD3mw5(ebAf(Pq)ol`4Jj3(^inFKeYwLkY6*8G_?(0k$tyHpq4$EXKz~c*`P*&P zNY5w%rh-~fJGeoOs8un8)2qv{TZg{=S_GWi3hts(J%~1ks~6738M^(#Q;^d&{wPqc z&5ZCn*%?MsT_d(AEw~u4Q-wlqT*j{i;ex2U>fPaxz$t{bX)4S$4h_rmIfdI=I!>pb zLIa04;A&h`lKc>u)2ckYF7;;s*r!YjfS zUpSjG6cT%L5IS2HY&9i61J1W7*vDCZwki4+6!_~7cSoS0DI)W^j$l_$?5y=E{Da_! zHS;7xs+?Cu8a$pl^gDtN>d5qk*!sePO$9MMD;abO<`gjouY3|RRrI*yGp5u&=fUN)ShTC4@#4*x>AL&1G1Ij> zHeW;w2OHTP?`$RxdQyD^pxWjh-vv> zjT-ZZx8zbWl)=|E2tjmCJAas^j28^i({R&D(F}CYzPnj)-s7n*(`G^WMhZ19 zg$UE#d@%B~t(|3a92)9Akws~{VSp9M;51FmWj2R_w>Y0fG-nRSlm?}@fPb$KV!PtGOZXW+$ySUjG`IBt0F(E-sKPK@dCTb-yQ4% zn^K*m$u#?e7v}dpY#p(suu;I2#hc9bUCOubEte>9oi3M}q6lM<(r^W%6BUVzEm^i% zfmgOQc88_~7gF);48^AentP$~DVcL>i0Fr*L%_oFb@XBBsEYz0z}B%k4^*b({ROAQK{i?qr?zOqxx;W+Gy%w@Zicw2jOcfv^B%v1t734g1UeN9 z?I>K`yFWCBJk8(k@7Pg(JHNFMt`RZ-Rd%mW(G(2Cpu{j@j zzl2b^FFYcebbaB2>23(Sc%2e>GxAp;gf~Nd;d0ox>{Ydaob++zpfn>=63%KzK_UDZ zhPHkJloL&j+fLAlQ-F==ZrReZrPPpzIAjz*&0^D5!Vv)OGi=o0AW@W`@uy)Ks-X0;JTz&ArJXU2ij=5NJZx~rNv8}JbC`3H>1#lAA|Y|*yA0i)+B}Bu z64q(@tz$cbbZx3((XC@!X)x@H8o>vXO`%*N?# z#dMp_4w5Or!PS8(>#tg-K-(tR*`@cafvIbxz+Y|G=jBv%3rh{_#Lz}dLX+uOL!H*MVJReO%xoTR`MQC2xsyUl}3x&yVVz`pZ7TfBqQY1=%p zlAC*J+gyqYJZ^F0`CUb7T&gW^$nR@03Gcj*YlSi6x6fubkM>2^Zbtj!Q3tQczUcI` zUU3VT!F5PLa^B9J*Q^t>1)91s;$wx|)OS0hg;XFe^Xe_aaL)4v{tHjx{w2h4=;J;9 zR}l0X@A21dRm{NrZl2xiXqB)yBWb|r_r}ol3ufLiG~Er&PP@iZ?xT8r1siu%uXQWc zD{XfGIOx@LChLcN!|l`!a^UxEN1gtHcg$2pNr^akZ$wHwFo(7pf$0x2l>KVgfV zg7^LV4s3f6HW%prb@0ou;G^a73dGB3dDN}6JaWNrTjS$4w#TT7UoZ>37F8Tr#f@6# z73`c*%hXNcC8R}9&+({bUN8%dTBaM?sAXE(sAV3v=RQ!wvTHv!y}_*af*2k{HjYs{ zSNaEud-i=N6=dxdTTN;gVRFXEIpmbz-MeGjSjcLrjcijw-Uph)VSb$Dwck7(S3r`2<2Zm?>b|_K8aRWp214WFrm&Wyq6oelbq5;?eggWOpjB=!T2GbK3 z7m&8UJK`1Ov`}1Pr14JpflHapko;#@5Z$xMeh}s%HctaGxbPutAwUkyXAQ`EgjdjB z2Eq^4s+bMGaT<_N8>fMrk`yosfF&4c9*OsjGi@G84>G(AlpxrUBIE~(EeN~4(uEd1 z;qVkF$7o=Ql=JlRK~}=Ba5sR~Fu3@uP=>c0ZU{^Hjl2pug<5w|kuL;FVX6dDu-MC> zMjA}MlT>KZ;T%S&OU=p9?RSROh*X_5Ms!Zm&?m)*xPNo88eE$26wb>Ty<~a&Jz^^? zn^;o{6cl_a#mYHS+E?)H5~$`}U=Mj%3xP0Pfgs$+^S2Ae1)L+uIGcjLQl_IH*E9}` z``|WX=;IQ;A?!-PoZJrKdTm7(Fb4q)L%P2@nif>Yxe_Q~#rJN*-m)x13NJ5i^U{nZ zyxqJsgc$5Dd>fug9wJInl7(6(Z%EuVqJ=5YW_2Ui=?1DLaUBM%k5gI1?HrUvJ66T5 zpU@22U-Ea0cUsPa#k@LnDBqC-^@UvH%C=r-{h>Scf5IX?;PfYRlD>k1BKG&09g}}3tkc| zj|F0Q3E~(dr6?Q|ek60K%FgZ@C*{P6Gfs1*+bLc`c7NR7ClEK2v}tWZ^U<_;Gka`~LK>6Zd<4=SfBadZ z<|B_kEYmT^c*OCW6zMdu_G5;@Ot&-G(5d|>y` z2sXR|dZ^?+15#U_$U7`DTjX$SZ~OXrCGvSjSW4K!pM5TN1a-Onb`11VhW9njclE&g zn)X(8uo+u$qrCy1R-hKf`$iS`am4IDc zVQyr3R8em|NM&qo0PKBRciXnJZ=d}sxc0mJcbc|mue>?7le*2t$4b&?2pmZ`0s$5P zWjlNA?|v39vSeGtg#-cFCLY=qOTupe3}yy1gMmN{FF{Or4gx7ICRn8ZIa?y3j_*)L zfAP^yPEJn#`0cmq|0gFWkN|OF-N)+&4d%wa^1~Nw&?t9vDoxGC@vb{g!@?Am+D{l9GDu4o#Fey9V(=Qh35z5IA z5R!2AE?NJ2g!26UpC`v}j^7@oAh961s{V9ccaeN;x=79nsd#n`k{1HQIm`(o)qEXk zFxL+dPEIBQpZs%eYF4o&zm>Djr%`D z+ua-}CvdBPmH(2*tN)he23x&NwZyS`tl?zouWmTp_i5mmEulR3VQAp!Du2Nj4DI_y1OR zIlN1x5`-;UevByrrlx=es4pmkoqqlB>CD*So>h2+$i?1X>mQZ8v}ji0@n?MY{{X88AHhnVRjco9&?rMcIXe@O z0#gLhn(O>eLrP>$(Ot<;{yQgGIm?i?&-09P3Wz=Ve3i++;m$urt6~O%fdaXaS>7Qi zUn~e)e7no{t!t7H1=-#YEPxHr)}$jL(A|?y8BgJ3DXLuQ)-iJ3QjkPIIwe2%vY93E zyF=K&L+|m3Tm=II{OeRMTllpDTI=eTZIKtAVA}Rx-AINOaJhHu`W_NtQXz(++%h5X zD4GFnWz~m9g^95pD6^u?ah!W}(e5}4hL_(OQ@r=gns<5Gh=yexz!KZ(YAmq8nCo`! z(F0a5W~|mcL$|@?UPf3jtWq~sW^|jS(g9Js$^!l^K&olZ)ny}}G<@$-@NP``Z)ouf zWR%>Q-&T{UZW;q5`WW{cRLu~J83XkK2c}*HhZYjVdE=MxfTg9|s8)PI8OGh~7?BII zMhZ?b2Dx{|EqiYhlX)?t1PAGUy6aSV*bes?Ctxwi!B$o-2zkMPh_=a>fD1v? zU8iGcfrvtcBG)m-fXQWL**sF$M1K2AHTR+-3wmduiR>chJE{AdVwT@@? z*0=w1^;Q=7LZB3;N+1P`z0MKSkunvCuqlW&h%Y>Cw;#-Qb=A{9T&#NcBr9^xIKzby zz;LVA$9$~0sp#?0l~$b(?(=L#ryL{N1T;fJLhNy=0gc>0YgRxXKR|Y6(mc zjM{7^lk}5l|CAcWZAJMm{n{gmRZpg~qSWXBM-UCMH!xdrzUl>Ho3%Fb#)9?Z+keb3uM~X8w%t-|*IhG!BsG_eo3pnw$S3%7*KkBt@^&O&GYxIgd4C8}E>9Q0RB4y=Fb3taG*1R6wFIe>QHBQ6L@|A0 z3_q4af*2A(yTvf&MS3Opnxy-wFmAFNd1mUvdL%YFZ9(}AQJrS73;$K2_mZN?#+5Uv z!Zs7a7CN!9X*Lm(M>t9ltR_D>g9%;&Zq@(p5I|>-hGFX4A>?NrYur7-O`24&i7Ct) zkQ9ZU97Mv-!p%Fc^Xz zI=@B=K9P)AOo-EB-uL^yz$^W}=tK4Yy_)v#8g46B=Vw%!Rv!eTpLRxkT~IjVg^!Jy3z8vmce+M|q8Xt? z-A(JuBjHBa&@jb_LU8a+Hrq$j>B%!}X`Fv6`wKhV2l)$up{v6{aLoIQk0C7`1q_9? ztqKX7G{w(57uEEAn#61&;WJ`r0qJFR%}3o`Y;Mna>0F#jNfvC|{pESM8Cz%ie17kE z!MVRgypAE?jAuPuU9$9d*fY|k%fa^*t$}j?;Z@ip?2K}}nkp{PLd#jU-qD$ySlt~M z%5_2(j0>2oIW01npr8JnrAic1O;T7B43pe&+IH#M%Io6Ke~k*YoD@RaS2Ec8U^JN< zLcGI)r#wT1Me`>%@aFqGLlKZ$xTuChZ_nEu9=kTEqOE)bA8+Mr;T3E6rKuJbJl4cp ziS}J*gbx9a1t0~Jj5DIRw#URt0nRB$im=6mfx6*h6>UZ7Y?6Um@_6vM!8{wBfT%WB zR-Ne{MUFj2z8lV+q(G78&UxJi8e&62hHfXq>9o8pRzlP1(UCtffHg2RC2T?AiW87$rLDHjVt*%-z2O@SY6~FoZm@)s=r%kjh5KTJDcT8Iux^VlFgQq z*{|VJ(907pdYQKI0b>U1po{aWG8E2J_l@Y z`1n^9D_t$>VIVipe}u-}F60z2XQ^+sZ1%#f5iJ52Ahr<1UWAUFk>Je$v^EU9n! zofbl$;^_pOxFrm@m?H6Rw)!*{eWW=Txl{sBRz0Fpc}!k}ve%BgPT)P~cm<+=J-4>g zuclgqv1VWGM0}6%3RtU)-eH=wW&N1E;*_*k&hukV!mSeMRJ4~ne%?p?YIqlHJ*+7d zrA~i%-Q0kF5Ipk+Y=5q;tAu?<`QLDN4ccqb&Q!QjlGxax9jQp%4%dkl_l2XSt~{ns z)$l-%O-exG;(JJvIRTo+=c}DJ=MH2^tBEnymP=7L zzPc${6KT#B4@J&q$qs`a2VSd7$d9V&5yAm+`g2uHR$mO|HmU6CAJrAh&%9vmZ@+l4 ztFscqta|+0xizrhIa(Ntb_@~_i*TS2fYPsw8f1qplgnZjW8oUui`zV~yEeiG9Cq)a z8+k#IR0O}@Tom`mlJ*L1E={!-oWT<}-H{`qh*=0EPT8%t+bwa_EA{PneKCx>4K-nw zdabJ2cW$`JFq9_&;U!^<&zd^iohV4$7%L@mWp@-9mWJ=wmoZ6*zr(BN$s^+1i-Jxx zSe3YN*tMoY{R8dVVFaeUfAc;j2goH7#(G}E5@E>!81m)ZUnJUo`J1b=7AIh1`bP&k z>*jRg?6gq2^pH)n$=yB-apk@d&9WsKb|Y3)#P{JGj^o6^2WE3+E4~0D%yYGdHiLoE%R*7YxmLD2s@|AyBP4iW_M(_G%T#`4>$gHaO`(tac76R{v|7q6xpp# z-Rz8`-XvL1l7lQ5&}6iejl*dk``AnD6E2n{hJ+Ku;!@s`!I1&9}7>SlZBRyRy64{Ypsvf_>5z@rgTkci_HoM3i$S1U z#$I>|9k=%(oYyRAfGk&c=cZCk!vtd>C57P>Fe`wWxJ4@IlR{wrkhE%Z3=^N`I$%&yPBuXf`dZ9PfzcY&{tZB@IBH z(^OPN)Cp(bNCr}&%=j{L3?fsYP!jo3APiR^2v4mpiF>2g#X8-Rd(d+_Ck#>Y)1or# zwppJ!H|-g1Y8%J$rY(ShK*}jyhr=mXnUC9~wxj)8mla zvCGLZ>Fjw)`m9*eb=8uM7sk@Xe>n91coTtICqAuP&8<#{bWg-~nA*CW&9mWLMcmvo zu_*1tJi+v{eI%#x4zE4B%Y1dcjcX(D$NUv;|$wkI?iy1A4!YX z1Rl1ax*;H)_BQD*M&!d^cJQY67KN_VR+8hBW8^Lw)y=@_Msa}_a7K}ohZq2_th0iDy)R%(CtAS72Sf`^C8OdOmYON(o^>#@Nae@?*@ynPsWPJbr3<{bos=R4Q zqynZQ6{3tUg9j>Zny0Z@aR?b|%UMKSL(XG}0U|07?NE3BEoVOGlEkNCP3-auV#}fW zHcXV7ionvG6HOKOPWXwd2zq(t3@z7w$)(@&_V!C3d)8G{#b>!bM8+uxgqJ8kE!6Uy zNX*w@BS~FO0-Nrqb)?L1=kaYC!iXYBamyQq0}}FYMD^2f?1>Hh6~GsUoT$*^2`QfFYUuMOS~cPUs%2 z{-b5>^KA=O#LhW4u|qOr_axU&DXu*;7JKANy3}>tHZSzL6&cwym#UB37Hfh#=7aXU zYUP#->Ut+8>^(5I7i_&y=yvtkd5Nv-8*kevTdU?;lX%;D?*Be_9{Ln4s9XGu`cCzX zw=MPnI%nmN`q8fSSe>plleaDE-tJscdD~*|j!yNKw=F*TU8*r}TWtC}3#Y@kEuAT> zV=$vtW_6rv$Mk7)~+f1ykSn3an2e!DK8dQUdI7pHxT^ zxXnpjMAEtHbZ=5!C6}wr3OSRG?CbRPxVNkRE%@xt^e(_4af^jrfuQFWvl6f%QpHWG zR=^O8_~J(FC#E-%!-J0-idl?^Vf=70$jAX#%%((i)l2C~eh0Cw6Qi3m#f*Tao%E<*+fXl;okv8eFrv?z7GqXF}+>>k#u$+(KFJLR2J5cP#Ym+DEe6^2Eu;6>*M#(p8%A@0!0 zz2xj#8s8|k{CZqxnu~|M6A3Q%!1EAwwR++)t`Nnyjz@E_6B)^X=HMZi3AuO$ok>c@^amDTl$yb_teInb_h>R`i){g{4yY6&J1Mz1b2gdyxIQ zV4!ZeSm_LXhrw!=fbkTjhC=gh^#CoI#DX~-MyO#6L)pXUJ-A%(HA&ljtbUk8aoW6L z**Z0bqn@3nfcYG-zjL*v{4pLT{X^Q-_4kjvT}Z1u5@!O;=hNz4fUv_3r8tT_MGB@$ zAO(w7ma>Af*)D=pO4#Cig{qrT>-n@b=Q4ErouM@%b+-mPz{zN^H+h8pKb7c&K6@}>Uul@E<)!-5F3+0Q;FwYtxZ|Kx^u z8ZE-E15}xF8>c>2R}S+U<^tsM8`1km{m<`r3F55Xc{d#B-+IkI45-Qf>=zZE=0y7# zlxH~3RH>LieBz5wum)}1*DrP|c>akm>fEJpuu$P$G?m7ul<1>VzQHldO_3hYkomR6 zO%2bOw+aM1zhfv1$;~zFR3Q}-bur7Ycsea+OrP@P7j?;{I$Z!$;Wut|so|=iv<}ck z0G=B2%RB?Kxj;WC(x%?}hLj3XdMOprzTDv%wS>D8d`?1&Q$a1L9o(Qs)T)@l>D6V}twY~_EdtJM1$R-Y9z>hN)eC3i4BdX=Dah#>e-tR! zW=8m(>cr2%RkpwwjWk0q0v3?Bgsy+Z25Z3jB44yCYE06p{H{N3g3WcGmh7{z34= znt75TRnE0QSWPhx=~F48t#X_F!{^@OJ_Pg`BatlmLc*V1sxP3JG~aLVj=ifI zBfwt?vL+N3kVeqU>nuCFkFW%VHCGDo3@PSeCFEMnzXcUp#w-GiD8W2*bRAP(q$V_L z#KhZNY<*$Drh=HBl?*xsbBY*)S3U`uDtg@U8B=PX^Wbt?EZSAjc=2Y;blv^hnCaRb za?EsX+L&wFji?(yYY1(rnXa>4x-`y-Y@9|WZaq86&PYoqS{LN{u zjSl+55nQJtj7b_1mr9qMA?3143p_1!1uN=)^woHzT%JLgrD&k^MK-*`X|tewBZV55 zLWJpVJ{Wo0*3Pmy4h?mm$fC5}Fu;mraGIv(GMmG|TbxfKnzY{Jm%bpfuf1XzljTM7 z{o}|5%*k!rp116}h4x&KHB!)I^tbHOUN$L_=XDLue#*ma-1`%Ih0vrrc!YWOoGCym zF7^r$6Juz8npm-fWGI(Qt}W{5!zZYnKfx7JP?{QKPB2pYM{6X*G+7v#AQHPdtJ7+_ zx;CRYgxh4h#kyQDEbc0gc#CzWpE2ERnN|!GZWUEFM$ru6Rgs@n@A3!rc!6Ez?+$i> zO{q@OWSafS3-kLPwvO0R*eGDi;!S4zF6G zz$@DtyF=503#oW^hT>BK&Arh0l*~CbMD)YZAz)$oI{L75)J1_0VCz_&hboHE9KMkZ zq(YhT0XTc1Tb@I?{(@8DARDcQQ(H9Q++jE@ngC={H$&W1M)bSTd5>ShRWZ0#0-cJ5 zb`-8|@&g#PVZ&6zeoqX6>=&}U7i|5qN4X$c3)@cA8s7r+eDyZuJzvvX8lErQ*qjf% zUqYzd7akE!y1wwibT@=uyiN(c8Tl&^!keMKa5-#T_Nv-IPWm`{qRZx0a9-6em($1JhMM~5s9yU1Rq*DfqIn24p^fe$lk&w9ZU50K?Z63pS z3F|cd*0G&Ix;E9Y=+?2VG#GY8a%26z&UCmMIy@t4s!V%*w^_fPTDNeTvlEh?@Z2_0 z(7~q4-AFAPHPtYB+B&XD(rsOm#v-VSb~p{qc?KJ>?!)UmKo65@&x8#iXV)NkAuxQu z{xnW(E2itjy3546jdR-GM8l~ernH+Jt=mFyJA>wN>$Q$apS4VOrnf4N)P?*`6J597 zBkwtOZ*%X;({<~}*>xMIz1y@qIwZC&xZo=!h>xXE8I?&ZW|uh~r?VB)bvoA|X5)0W zV!BOd2gwxR;Oan?^;a!ZpluWE?9zMIz|=KT;IFpp^KvS>g{6jdW7&pKhNXg*oM0u3 z9E6tp5n@&dY31y#o15FRZW!Su*!o4g!~E-Fs&oNR2N@D{jd68jY8!!l*b?}4W;Km@ zrQ7!WM;SOJH0S9Qa3P4gGe6yAw_EF58FG7dFTx$T=JrtJn_Z(p^r$&Gqz1K#HjjHd z*b~kN%dXB|1QO4*uhs2qy^gSb{L(A93+-U+LvG#d^MLmLy1#=n>F?xB?uG61A4zAg zY2BWqzZZdA;B4IH?QPuVn>KFqsy)YTPEufsD65>R-R8k1-GSOwVBdM4E#ATDv~8YP z$<4jAZ7xLx9=Evh{H`K3F4dMdP@wZfS3+h?bsrMLMjlKdG!`yIOll-|AnV;{}N(2^zk15 zD+qdx_xS6!DrR7QH_z^Mv`Sc1*dt+$&1vBp$n(l^Xr(I(y_ffsRf{i<>*SeMJ zm9{$o9Q5irll8;C;dbf_oqfURpJLa|M^f@AQdV}(>+Kpp(XkP#WffSVcpRmPF z!TbJw2ev&3n+tURI{0N+@X_*k1>$A2JnB|j9=YJRt?_Xi+hbJ4FPMd1iz*JR;zlj= z3UR zIJD0gg@pT>&neu7#tXfKU)M4e7|jVA^qJNq!H5#f&sgho4PIgHH+id0@(QO~E1~*? z`9R_J2M+@Eg{On_14A?bJCrElxPc-1fg;A*OXGS)3c?Qz(E#iKLY?y)Mmf?vgXsy2 z3rO4F9q|fsS|~0t(s(EQz@o2LO8T=)>S5FiKUvj*fn!YgPm z1K|g2Rm_IpI1NasjnlwQNeUPRz!D5JkHq`NnKqB42N_-lN)T*F5%L4Y7KGhi=|YR1 zaCi!oV>GZt%6WSEAS+>5xEnxg7+m~SD8pM0H-x49MqY)SLajTf$QJ^oFjWF6SnOp` zBMm0sNh&nya1JBXrRHSl_B%ssM5@jjBRZ#O=#%0@+<&-O4K7W13g_jFUb4LX9CgcO$(~yTnQAg;(NDYZ&{Whg_jq%d1=NH z-fmtRLJW2nz75YL4-us($wDoYHze*F(ZUpHv$~P%bOY6rxDEr>$Ehshb`Hv-9joHj zPiO}1FZsL0J1ytIVqP7_*F~zei=7qx>RI4yPcWJ)i~Yh^CDj(Dnw2G1A9+e!w{@Y- zs;la$Hg|gVBsY-?T!>O1w2C~l8oa6K@z9k!W9|L3R7e#MrlxIy&;ppMql-^(uD8!2 zrUaOpRy8xe?5O~vWx7^|Yp$_)?2xls$UI?_7Ll&!V~V8uCJ>WVpWjGZO!$A+Z)Tv-o1?0*Z*o@EJKnsxcMfyHs$F`NfkJ6>fUJqg1uqGf z#{x0D1aXX!QWTB}Kax3AWoLJdlXBw38K*_I8OvYOuV1PoOLAQP;JA@n)5iX1*+bLc`c7NR7ClEK2v}tWZ^U<_;Gka`~LK>6Zd<4=SfBadZ z<|B_kEYmT^c*OCW6zMdu_G5;@Ot&-G(5d|>y` z2sXR|dZ^?+15#U_$U7`DTjX$SZ~OXrCGvSjSW4K!pM5TN1a-Onb`11VhW9njclE&g zn)X(8uo+u$qrCy1R-hKf`$iS`am4IDc zVQyr3R8em|NM&qo0PKC+cN;0Q?>zgj=(XSF&za18XRo|DwkP9na?!Dp%rl}(5=S)j z04>|uYyai=hFXHWls_WSR@|MKRyvo~jN|NYy)&wl;o?9K1LzIppga^?ly z&g@)RSbD4Y`hFAPGF1%dQk((uZ`udPU$ z0(+PIml6g1*TJtal!43g^ z`yAdSQVGJAEkDMT08=x-0@P=e!CpUq6?4FxEy(gvXG_70{9&K(4Ws^fMQxHa^HUGH z`b$m=f#_}`PLf1oUUvO?D+$x`Z^c|R^VxJ&6Z|gupZ`5ck`1CHtps%aAYQlmE_1R?ae{?eje6oC0D$eZJ1*UvTfAqIEF`!9aoB$}H~? zlrNWrEx+F9ht@Soh=T0k2Nu8vXlv4u5a|A=PZ>|)Ln*3U>DDoF-BOT5KsqBo4zigg z@%uwKyh9)Gh+GE)1N`euu3GrD16u3qmTj3Ao?zPcUfoEBmT-M=>-ruNVNxN6q1-Yd z@F1r&nz?hqM z?a>2PFJ`RPJVSTEET+8&u5@i#Y@J0tcpE1&0ll#> zvOx;YF$Q^X#Vvbp6O(x{rvwM-ezxyadEAco7$;yk$iY@tE(m$Wu(;1vKZv%;mw*dF z)P1L8Xykd9AT|WU4W|RRQZ!2BcxR+dLD;K?U;{WP3R^$gI<`DJ{no`C>Mn_2?|m1MvR=eS7I!2pX?_j}DSEz*Np^>~#ZD%1*? zA{e#VN+#(i(cvjIjN6LxefqUW604p}XGN*e0gfOVVsBx-;(Xl;#Ky^q5nh32t2hB# zjV!5StP8UIgB-Rlhrl!(615+f+|LF1(V6)(et5%M57Ib5oxAMZ&hxJHoblQ^gIifnvVi*3aLhmI-ldUUf zQiW|Mge`SqW7}*ZBu{XZAXrU)a0U~+0^F+q-64R^pA5s)w?oL!I@Y*ZkYr5T)Apc)z}HKna5( z*rD?qq~IgTh{c3BE#^bN?+d)v?~6WE|KI7Xf7ftVxjH|g(zNO5Y=j7zQz0YZ6XU(p&U_a9z|J;Kf@$LpEm0xh+iW$PWC%Zb(9 zfuUR{WXZUI$%fM+g9-ZK&snNOA=M;>4Z$$U4X16FuC2T-{`}XdP^(EHw0$Lmtq(?% zg(1W{9C*qzL|8O`Vgql!&odMOxrK{rIP~_s-QlrogDTp}H}LURz7}4whF_X$QNd$P zyp?F*cSiUS@K^v+Fv&P0ifemJoD|@Ka-;}bP8g_LF4oajl+Gs^s1=U~pBv1x!3l_J zV`bHu?n&g>W8}Nx+(`-)Y3`iYZJ;4GBxLArBFxU<#M)uD-?=iU*d;GDwpvJ-aIDaV zX#EU{Z#z1(aBkQN+U5$a?K;{shy*0?YQjY%5o0xzl?&3#G?pF3vJZSjo;NaILFm|X zN~AUu$aeN6mZT|fL_sKnOUrr)+vbzwJmzpAg)lHf{4g2rB=~@DR4c;~AQcypjw6Is z#sf?i)SO&pZ#cv~-|BLDhefWhY(>K6D4z&kuv7_>Pp~Pjm^f)dU6$*%4V3(qMLe!= zvPn_IGR?}fU3tt)$?+N=%@NdxE~xLrPb_*&Vvcx2genldFlsHINq03f)Fo+Og4%@z zDyW)7)_x04qxlZD`3gDb)GCVc(ll0ogWqs7qDmScrru=Q@d~PGe^SB#iSt5ni4g@c zMFO?ozVvs`kPDDg5I2xhf-Uk5Sdq;&21ADK`e!s{#6vbDdZJ zE{M9nph(KFnItw`lys=6<)k7k6@*{=smN2Lv^7GUaqazTloGc5R#D(p)!I^!)I#|i zLv?pOOFZl9z#eV^EzDk`dBw&)Zd+DBAnTldwC!u&^ zjOSX}(GMFcPC+2;J~K>^ogjt90Y{GnlJq6VYY_cw=CyekG!-$7brEYv?R$jRz*@r~4%4J9omhkYsZ`zo zTA!5t7@8@QQ%*^Hc|<=jaHj-17wt8zpZB4l8r~J#3~P%;d5j^vanOMNA$aBu*xqYU zmxB9*^1tBz2DEqIovCo6B(X7sJ5rIjxh@hb?h8jt?P1X8<9MLQChsG0@$4kYf&fk9 z^VQzNf=9BX)x?+ziG(A_VM(`P%|DJ~X)$LC5!N0D>`hPNzPc&d5NW;;5Q?1bk{t&< z4!l;s6ELc#CkRKx>CaU)S$#2--=?yszgPEYKk4pukP}|{^AH5aM-b0scX@6fjx%(FSKJw#t4 z?3^YSW5Dy8-I3kWu&}m2-1ytUvEPZsogM1>=gK@%WVbqXvonr*lVm+f4zgfClhIB# z4ySqSV=u8!xLA@H5>60{o3Ah13&VH{(_&7ET+K$4;^3DpvmT;*leTuvxl)463uQCg z?zj9p4I;!L-d9jJNm72xZjngOrv?}8Xm<^0ciE?g)vc3V;Yw7}Az7>kc}W-hFmX>G z3s0hxg_ev~uid=5=ic?8uFKx(kd4=a!ldi=amvq&L7-d4UU&)}xA!re*DPs(ELZoJ zrg~h%1Y;m2h2au_BY5KIs3$+n&!!DagzYlrE66~Y4!_SRW?CEf7Zj1~D`Yvfs3bA) zLCvOsZ`Z!dh8W{Yf2sSxk2;=cwk@n2?}+AXJsGQE4M3jLR8*Dn31?qP22!ES`22MY zB2%DH68S+O3{wzN#ByhA8=AQGR#Vtk0a=_KY^QjbnM+mcT$D zWtqd`g*>OJXy|h~DR*IXisnE^9dQWDNk`PLNu<^3amel1<>Z)j_Piv0RxIhdYRT3M zW9i~Q9(upOi9oFrpVqDBR;NR{Ct^EHZCy|2*>J8RZtj^_ly+jCVEWlUlGU3mrtUpNLrk6ROM;|0!gE1cYyKo=hgGd}wegEl7~3`LeB$H^SPm~sh;*;czaa8)-> zq$DHl)h`aWzRtcRo{iRb<(-`>%`=+g4BKKl&TxkxNsG4{9=D*nAwvpRg+D+_w?J*u z#RTY1Xx$txbL_WX+?n*@(8RhH_u&?o@~U!Whh^%>8FlMD#Yp?5S z;8>@lBN@qHmujsgO7(b33~_=KlJU!!HDrAI_6!P|EUUa}Nu&a%A{C;HFM|gvZkngD zS#by%YRg$f-9XM`hyfxh5A9HQ|1D=e=aR&yVngim3u4Qm`Zi3Inu@^EoD)qI_fGhU zs|b2|h657vPek?8aPKuMm5Wt^b!5k*lYPmBLN?Kwm+k2qT?HMu9G48y9#jcpc0JaFVIt~eY0 zUP+!l0~cj!<=k=+FG>}EonHAXNx9(VH^7ig{-UctS|@Z5R{znm_W7;_D`MxIo7f?l zv3rthrxe$o8H+vgC0*(|?wS{R-HMECn@iQlU5hor9rHnZUbS+|1$Dg>6ZRgM+Y7c{ zD0I7e?7YO*^^JFJl&w{Btx3FVJ@@ zn#sEsb#HgBsJv^jcSoms%exkz{4Uj)cP%#korTl!+m_B0)-jmTDspP$iPPL(k48Oy zsW6^6f1+^U6Q=~RAsEgv<^@w<`5LTGBEe)VDpCUMc%M{A61dArT}0Bk>U3{XT_u;R z%nCV^j_m97^|-gI{wetU-t;cOAaRSOU4fwI7PAttBvQpqs#d@di}>P3>?fwTk;9{p z8;W_1h++J2G0D&}DgkS_FTWL&gp4zyxXmL5FFiRj=R9Ht-k6-(k&I-(9i`N)7*~kmTgRh0*oll}Ky&aI%!GX^EMHTKyp1<9Ux9#Ee6!`j&ZY$4 z$GnR2gp}jpWV-~*s7!3}B`f+&w!%uOe9A?ud2hDF${u9DE*Pj=F4j6j-(j$tC16X! z?ylKVfRq;xk8Vu`;ex1pV=-V)MDP@5hHCe2MF}lA)q+DEMyTOUL+!=qJ-A%(4N2P_ zy?&TPaoRkj**Z0b^QN7;g2e)`zr($y5Hy}>{X^P4F5n+`w~$uJEY1X&56RWz1Yw6A zN_!P~iWJP0Knj+vEM)~{vt3GcLD=$Jg{qrT>-n^`DKm8UjiC)9b+-m%#L058Kgj zhFSqRB^b5Nivx;Ii;bqxXbO#{&}a%ZEkk#+LYNcrhA@IgLu>#;tnvPIF_91^pX*;w zeP}!z7DS*;|Moel)rEHaCpSD)X%TlGpv<1zIQ7BGa+o);5Fl4yiQYl%e}2D75Et#< z%i%!((rf-bU*UtN7#Ti@a-2n6+HjQmv!=1I9RCgu9{No zGfMQ~Ip5$I<)%=VXUP1<;;M>g%sT~wUEVX4h2-WMcBYUDiMpKUQ=ZO>In(ES`9)oE zsm_#jb%WTlwBTaE&J+r{aT$LU#|R0WLTH<&!rb7{ zusmN-xT~e(Z1yoUaCif*#x>m%7y`2i&1rI<20-3`py>Yl%^zWp@_ZvdLB_@XN0O0% zW!g|{tm++_+iaF$&jj25)oE2%tQKAN@%O(ZvU{Q>FTZewgmX;J+5PPb1YF!`6a0sOzF;JhC0|JRlS}m( z6qDu)9^SF{RbvGBsURCdVF_sjy}Ze?UDA9|SaYca&yZpfRzhyX;%iWmWy~VLh!V_0 zN7pgsMQTE`MohfT#m*NNY$}N9UCp3Vu%L)Bc;%CjsiMavr!l4WIS($U#j;%mjhBAL zOxOLdjhU|9A;(PDrj5C#-H5scw1Lo;N{*zwqDkvbe(5Vh z``RmpF&SZWx9qxw_FRw+QqW}dx9rniHYt&pbrI2i%EN5j`xASG(4;ze zgn9OyDL^VN4hj(yV`zSwSh0j;D3>d)t!nARC#ao2!4*x7^E~@ z!RSOq;$lmdZC>EDZIR)jX~Bh5Ji9>gDS_r*XnaZ*oEjqfVdxOBw0s_ZSUT#e$Vaes ztjP?+nsDwg92QLgGO3#(ZYm@CP3XMG zFX5^f+$n+1#Zo&8S2y_)jM}has$st;hCucUS>7wQdD){}60L=8Cu)t4A$q=g8}gp7 z=`j({7jA6M2i`9sRPGCph$dZM_+YwQ!meJY1m2GP6$s(&P+zzlHZFTrZ6GIo962b> zh?Io0+EGvle}&i?GD?I9@l*S*ePz80M+fJIm2Xw0mDBJb5;|Ee2fz-5wuV)~=U^tfP6r%H_Ge zp=oiL#13NK^vIqSI-2uggP|R#@5@)2K*^`pCluXPk7(U@?aU7n!~WL?;pw zSH8>8-MP64apDx#Y5J{WJA-s>s$tQsV_Ru3?26>Z`hA`0a5Z#zM$}B1_WFLaemu5r z;WTF_Bs<}`YoefoO_jTmS~hB`Vf1tBxF$)rbx9hFpeowoG&JWKY{0q?uk!#sOsYK- zHh`SnfaHb1@a^W~II*pmt`qAn6YDn4X?qh5r-qo)ZgRA4OTq07ny0PTIwpPAGTEEn zsyI>?@;gm*-FlC_=h(f?y(>@Gts`gGZJhRQ)9&by*tOt-uaF=DwO|Y{|@7VxTH%NiM+OE&bspuA#8rF?v z8$ubD3R-f4l`L`)TJA@Pc_E~gv$t+;Zp*r1gjZne7wr!7kBh0&1wb8TNYFLL)s3lb z1om-D;MbYeH0G7=+VdY};FQpur!&BXAnM-ybd%j~t#4(>-POGaci@`aLy>QGjRw(^ z=H!qX)F#?K?(JYtI3Fy#I(rdFJlDQfcc}F`!uIh?ui-wlgRu{}b+gX{I{54U4$h>% zlQVe`w$FbgoxP@Ydyf8I1agV9ahtcdahq@3xXr8f9Je`1fhnS_a;o;52bXjQYS)2% z=Y6(#2dC4nd156u_tLJp6cu>d;>Pp4iqyDNTi%dA)M66ec^}sbW6tlM&2Ap;i>}>_ z_QjJ9UXgv#>1Vy-7A}M9kbva8ojb2tCuR#Ybz{WG3b(26c0miNKwRh5TZG}9=MDU4 zp2EXRh~d!3d;G5;=r!KsuiLtqgZbS&yVubwVR1pyfY0xZq3IXQykls(8=9SVjiua2 z_4*1n?xigJceu>qjs+J4-)t6`(7%@+AFr2)Gos0f{{zeDZhVk$F#AK)lwVTri6S5G>60d zFwbkhc{s>Fxm4lMK4BCR?n}O)a2Fac^b&sA$WUN3Cv4DXT9X7LN-)1*tJ#P<3U}Xm5U9^Q9h@H+q5;^UL+ zmNR zEaG+!%Ay^s;?|F74(%`byTv;#=fPrL9mdy1s#X;OtH?nktL^!dE5L7N(k& zB~~AKN?W&eq0OqR>Zvw&diEr@kqTUhQXjO6JhK|St?2R4l{;e{{IgU@6_2K-ZGq4d zn5v_TKi^z$pF>OuFg2@cW_&(S0YuAmtqj*(WAWG_XSI;|iA`EWx}J|IlIp8KOjdn< zC2f^YEJTb!P?bpE@)Ri;5+wsETXSLhcP{|Rw#u*ld;gioefC~`JV@V~EpEZ&KdW3m zuLN28p}u=^Knt`B9RVo)NmjM(`U8YN`O~J+LdoXM?qAgsP3k&9^#_gUP4|W=6&EEZ z)_*yfOeQCLwSyCs6Sz~rs{T&b|1D1m|JUZt929zUQWf@1E~;&zg@txae?nHFzmkIhj? zW3ro%K-%MvKTFhnDE(QkYzkgjHik5G_glV z^wY#ssr$}e?LDF0O7B&|vvP>^Hh+Jfc`K!VaK;ZmJJr3v!}YfN^;fAMf1UO>bq2Cw bei_@?#x}Os(f)q`00960EcL0O02l%QzYF^r diff --git a/released/assets/rancher-operator-crd/rancher-operator-crd-0.1.300-rc06.tgz b/released/assets/rancher-operator-crd/rancher-operator-crd-0.1.300-rc06.tgz deleted file mode 100755 index 563bac8224d49213761617a30fd8ab96c230e4db..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 8639 zcmV;wAwb?AiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKC+cjG9t?>y(P(Aw|rFFlvdigM z=}$h|>FMd|zkmI;{{QLe>C^w8{`T8%KfV3+^zCn_Z-4psuWx@kef!(bZ-4$NIrV~W zXr)w0{B$}P>*?U0Nkfcrg%sgTzB@@0j1;0gdxMcu6y6a2FAPGFC4ux^((=l|udPU$ z0(+PIml7rX*TJtal!Gh~hKHVZTqp0Pg8bmmxO|sT!pggYp9-LWB+RPL5A=&gdV&h_ z4TL0|y-PMfpP-_6_~+@Hw{LzqNkL*k3RVBILSew6e&~*k!D|DT1o{%zG+!( zw`osg0l4}iO4It+h+YfA6o_+9%e;|9v*bVX&!4W5TD?o&NQG1>-v~hI{YjE+A#NW2 zt?mnWmq;ZD%Q}9HDFLSDfCZ>eD2Kg%{wf!MIa`wKP-mIoW%01j_lD8@yrwou+WBb) zUH_$^r9gBy5hqC^F|WG*w3UQu^|x{%+WBm|Y6yOp{LlZMB*_L*lGXyc`H&aD&aSV% z{W8ZZ$WimhBq>C-gB98KQTNkM^R^xOPSr4HN^p8j5ra#X7Mw8k_!~*WN=ng!!n>pr z@J~MM>bPnvE`R9E*x`Xyc!J2q!CspmRlJn7tMK$QzW9HD)uWGKEzj%K_cmyhqwk!Z z3rK+}f@s5a{-+@&vY_a`;wS%|lf0T`NW15G!8rxQe)xQy%fH~>KSk?u0fK=7xs_So zAt=u>!m=;-#i4ag5~3hK_<;qm0os~$Bm}zu;Zw#__@fe4u5{}dxoIg#A|RcU?+4k; zlKA~09NwW1ctoy)fdT$`E>|7=+5@d~b*q*Yr6-uKz1K97qYSPNZe8C)B1|g8FjQM6 z1Rg~Tpq;Gx*r+fuwgY8Wv^kFRfG*k}XUXvDOKXY`o>}uQuNu*?j00F=J6){>78rBW ztvv?7>cx!Jn&;>)nB2<=3x-wcrrM0|vQ&B?YFAmnKP5;tFSxpD<&%c*Jqq5fDgOm! zuRuo0z4`4lnVP0CK%$TFutC)hv0N}vFK}S$Rd8r2L0q(c2@hCWx{YeZ7nEV#gN_k} zARDCM3}cW7SKPAqE-_h@3rcX1?&teXmB;OPk8uLBQ4Y4Uc0tHXhQ)oMhCy^qz64wf zqV9VgLnF_-1hF9)Za5vmm7-B1$2%ik3c_AB1RKCXQP}y>*0JT;>9;Ny&~!PDyRUOR z>tB5PFW0}wvd9EVVXg#HkR5c6n2waGK!nXfY(RYCX}A4gwyW!&{^nvmxF=bYbIutq zg#d;-y*}n+&23GOhpx2hd~}~@CpzUA(KeuQR;pE3Xh6pX7@dPSEck{=RAAL_d-$f8 z|D@rju#Fl0^{|GQEF%njM;p?Vv;XkL7m@=no#P^H2O}&})9)3-v`i0b)#Fuus8lOp zieS`bE19I9M2Dx;Fm5Z#_vzOjNvwJ@ofV}<2RMRgh`oiyiu3g#5E~~aMtB99t>Oe| zHL|3Mu`WsWJ2`A!j)7@7Bx*mdxStF1y*Kmc{P2di9;9)Aym&}jI@H|!7g07`zol6q zS&i$@j3yiq88(kaBgF0aKM-GQb#=tI9kXozx1XPDU9UNE5~M zi820IN(o|21nm~Xl$YtX;2V-2roy<%ZsobD59^WG=(LRT1)@65Vi*3aL+=$uv#l#< zR)=k7gk?Ihv28XHk|#Jy5Ugh3IfEHq0q)fQ?hrs1PljRY+acs<9c$b_!OhxKu$d{$ z8juu)emIDPp+#^CGb9XA*zwRy1*&GjSc}m(1*5@l3LFQx+UqfpEuuvaZs5-w5Q22u zuue2u02{x8zLx^RDiws%^Ezj?F<+#-O5Y=j7zQz4YZ6Xacz%@lLA~)juc_pjDfo4VjXQo>0*|HTJd=Bg~2=?350mjuf)DscwK5(7QgIRKI6_!$ zJiu&8&B;~vhC|%*tuCi`T;%4;RwQhWikaXgOO+tS44dMLiIXPOWw~zKNXcJ$#N+xV zpOs}S)2uq%RmZ%P9Ix@w9zlKRg62N_%%aC6=7={$s1nh0qt^17bk{ILQZI{;>P@CSub`UtCnXG!I4c#G7*P<{ zNTBZ9m;UYka^Iw3RuS(|%37DkaUb^R2rlMRlNhqEe zFJ>{`=n3?uE@aRg>_ zZi~GQq`*4oOapK?uv$>ZSUw{#2yl3-5Pcma}+-b`^{j$}Tc{b;@hv;jB zozv!GjCfwNJF;6E7S{HM8-F`E_It6ovqN3~T$x9T>{h2~cE-_QlB_4mK^BZ?GTO<; z@idQp>?QUI7fTXD!U!uGi{9fbBaj*1@eMgRFW9^ zpk`CRw{PE7LyU2yztnx;M?Ft8+ZI-i_e68Ho{ZJ7Mj+2=D(Xu4gtIRs2dPkQeEvEH zkttB9i2Oq!4A&qCPpxjLd!yFHI^B_b)N{Hd3{mpkqWtczS)Vz#?HO%q8^`jtWxzln zWtqd`g*>OJXz6o0DfeM?iWWd89dQWDNk=rVNu>4Zam?-5=j535_PiuRRxIheYRT3M zW9i~Q9(upMjXJ8RZtj^_l=fntVEWlUk~NqtrtUpNLrk6ROM;|0!gE1cYyK$jl~Gd}wegEl7~3`LeB$H@ZlXr5Y(LCTLj z9aUdHqhq(r-b|4~bH`|2PvZJnJg6YXH|M>PnDiIH?%FpzjqZ9kG>ttJ*;czaa8*A} zq$DTZ)h`aWq0YV}o{cti<(-`>?K7Iw4BKKl&Tx+(NsG4{9=D*nAx8?=g+D+_w?J*u z#{}q4Xww`nbL_W4+?fpF(8RhH_u&?o^15iKu>B?!97_a*J4d@&wS8*-X|531nvsb6p?hUIz5B*4==MgjTrsT|?WF#XdXU5eZmV`=- zC|rGhl@dHd3T{zUE2j`#0j>@=7d%HKY7YM-LVA&rj3`2+q?fFs#iGKe)1ox>jz-M4 zvU^ysA>%r-?v(dZLDUxpU8*O=Ru~qsf)|}582g22hqyy8_mZ<~X?mmB^6PP(X)Yf2 zUL?5K1J6U$HR_4SxIz@)I-bnIUSuRAnuEt+ChSvT`I=JXZM>1i3Ix33n=KD^HYNBz z=2es@q#Oq)+a*{=WnzmjS*6;?_W*Iaa(_hw71>Ol_cf`Pi_Vy!du9R{me0+tbW zcf~RRQl39Nx^*oG7ew6~ivfEgf~PPyRJ(U8N@&Tc798p@LJe;kYA-(T!4-mUNZRe_ z^}{5J)Ak|F&Z#k+H|^9FESG@&9quiKpz%cOAJXn|0spwWg|td$aVEfgNUk3z2s`Xh z+N&&5q+qTDQjm4BlogcCcB#|_VcFLjRX3y7^J!~S=IHJ#LmNbzZVkqWljUN|$2L}r zG^~UZaTbIbh|+$%E*BseD3F>vLq=k?M7F{5j*z`+?Q>9qU^%aga7;EzpAk+r%3u@? zwE_xCFzTEa2Nazan@pj}6q-z-$rNf^j_&5AFel=TVFXQv*a(JL>;36tA|XsZHNU?0 zq48{35P>%R+vlX#7uxZk-0)DPMcjFWGJ9_0)CVi8Vcx(}fLwhcdIz!p`TZ(EoOgRK z#{>OKuldITH96q@qT&iRAl!pX_XE#9zy`E|Z@<{7;Kc`?HOX7yV4=plY)h@rDba`L ze1l_Dm_l8iA&VP}t16x`?-U4janDd5lA9aYxk4%=YPKk@c{(o_OrP`R7j?y@I?I5m z@Ef*T#LrR4xy^@M(pDyu?TESflz9b<<@)|AI z=)K@;&|i~z{&rhE(sN3Hsh}3r9&S)0YF#eitRP{x4*i9f0q3@cyR20YqV3`8g|l&v z?mqDp$SIZf`<2*?`{6y1Ll%dkgzzL6gx=i>eY$w|QR77Ou3 zAiO3l`^4Ftp^(_ygV6b^Wa~Nk9&o-z$^KXr=i91xL4iN-ad!j?+A2C9o9KD{#?VH8 zhhY@_ux6fQNYyEc2&*~fA$=+pv{iDqf7nWPhPQtnAqO^rw%GC-#HXM-OV*;Sxpf>? zcQn^6uL7>Hxt5G)JX5JJzi_35Gfd9d{p|__oQr@n+d!W)63LP;CH%>y`UHwe^92v@ z*!!w60{pcg8$uz2G=g5<WxDQvZOU}* z4>@JJwr$Ea?MKutpbdn!R0<^JEf04RACz&+)5Am2XczMwpfnYra|QTQ=_$u+5cBH4 z8a3t*Z^flzD2LA*5Q6BOcK$Fc87~;3XW^!mq6O&Qy?3+VyvI{r#;I3BJT=r*@i(W1 zHah4JM{u2rFeYh4Tq<31hLo#1E%2<=RqSZ`(U&8Va&-=2mZF8yR~hjNr_F-$jTCBJ z3K6Ee`C#N}TRY3x_;AZ*e|}XwrIp zI0^wva@V!zExYcZy%1!B6to%r9s6{UO-kfNQ$%!_@-Q3s{={A>G^q|AVV*r_3XqD6 zgF?i_7@D6ZRxBYID&&f5t6KW-32Nt0aD^09rUqFOjMU-L8p$wC7DgtB#BR=-w3@!I z%_t7xF4=CeE|(08``RPkVV&t`OgCGm6$6DkMU{ zF0iRpO4>}bKY3|>;KbGuTL~KlOj$fiZQrH*<-O$+C9c!uQdAXT3{o1dVDzFQaj_+< zwkYx1w#e|IdC%AMn26^KH#X-3 z@0Sp2_k~A9lddm)Fx@R-m#y6sTD`LzjYPZmWx|tZv)f|OCD85hk!9_AX~{a82drG4+Z&q}he_-q=1q_6 zS)n6(i|*xhN$FK}XwnKxJ7XG^DN!GI*x-zlP8lucu;e1w*MR6nLgLDIIl4PD7a>lZ z!a8lgO>AeBu1z&8`gLq84aQxO!dSnrHyy5q4$q02E7M-zZ`O~;HZ7dy?1f|}JauY(3W`>9;OPYZ25%JDi5*JcBJ*|Kar>podAdXTlbcvm21S6d1nV ze3&M-6Vr8K-DP6araA3yqUF>OQ`%3CHZ2p}&Y*eP2CZW8*<+^&!94L^o~l z$On$y+uXbIbkllrcGIS5?>Fs^4vAe0F8E3b;*UzGOvq^HZ2hABVg7M3Rr&y^qYMeU#<==1wT-|&ZVCK4vzn&7 z(p`K0qYRu9TJUrZxD-U)o1bp7+pW#547t0y7vT0>W40m!S55o5OkEFNP zv}w=L--|$IIG?t8cbm5PwoTi-ZqIR>lN6XD$||R7zj<&;_n>wi*mpi;i}!Fk?V2Z6 za&s^3noCiEr!8(gzpqG*OSR<<`9m!x;l1~9qc9fy?%C|-$-d~@&17FZ>EIRF7rlNq zC~o00xE={e&fB^7n)PC~KvOqGe5`QW`flg6lnTUEQNKkP&UxO#f8r@Tyo4AIeY(g0 z3W8qKJ^rSx%LSO<&9i$QtriyNBn|ld-V~aC!OS~_ru(7UY1dfFeNwNlVB=2ewP}@l zrQHqy2fcd1Wb?3ZxShI14*b6Dq|;yUj(IIQeTfL2-=gBPcH`I`+B0Avkb-Le6PE22 zydU0oVB3SRr9cm_gI|ROpDd48AYLZRqiL1pQ3!t586UT?JtkHBf?4RbsN%pXZqhQZ zVCPI)rfCwdAT0-ajwdbif>~(NGX2mdEz{8^E%UTJ_kkLgUHh@=4Q9O;#PArhag5rz z(mzN%uh~Z zhxQSpkZ_-iC55}tc%hf@^G1dOqXl83KGT{c7*T@xIqQ6`!7I$eChycqUg1<{B~+g< zzf-vT#)Ck8;_2x8zz_|<4i!o`ZeWQ1P7!0>rE$F?1>pyVXaIHqp)U9>qa10T!Ssa1 z1*F~Yj(7z*D;1X*X}lAD;8G@YB>x!~ME7j6AB1Iy&C`O6E_?{f1jv#3tOa?G@EW?y zK={F0my7W?P74xh>9WqixwmavrH%IlC*sC5UGMJ7-Rb0v_1>>z_0 zX)yUtQlUwQa~Pp6H77@RUm4mUQg_xG(FH|gpA;YC{>{aDbZNp+3!0%5oYLAa0SZ!^XPTp-9fn}fbmrlTL%G!BdV z;5K6z;u5|k>{`H*+>POS?L-!^1OW^~dbm287F5T%5-4EB4{pQ3vMfgmuP*P3%8Vtv z+q^V{80;>58=grXBT7+`g*qm0Oxz8kr76&6btBj52C5}-JqE0gQ(46A9F#>jR?V#+ z&;q(&@^_1OTF!&TygH1pk5uaxJ8Ssav%uM%U^G=0hlQ^ysx3@4D@&|7@>I5N=R%uR zSKU)%?hNcnZX*@A6qP>c6nSPfcw5usp(}UBI{0U)kSZTdP1gdU447)7i$C66@18?U z2{1LUYi4{pPys~Cbe#;>USsjtA!m({`GHM3M7o}jDU#}oKup$sej#0zPb@@?K~Pml zUyBqe7!xH2DLZpvhIcOj$*#(;!+Zac$9?u*e>_Uxnk{a@Ro!0gFy}xN>O-2_=zl_E<3w#oKzDh&N(gf?O6UZ|NN;wvLtV+AG~Sh*1Wa<>k&0j zkN)(8Et=QNk{^j^Uu107r5W9ILvsC>f|df&-7rp)L}Ffb{b~DN`?dVHl{PhCNl=`=B&CZ^NG9v#t76Hle?JA1YF zgmx>vR}0VDAu`zf{c+~4l>WgPKm6=e|Naiw+aA_mt$zGDc zVQyr3R8em|NM&qo0PKBRcN?j)|2+Fs^g8d#b|y1>pOrVq&SbnN7yqp!`x()t7Jt#u z1GH@Ctn=N^>WeJdQFH00LAINRnH5XoS3pr!R279l46i`UcmV<_E@oJy|2SVEpi?gfo<9En>F>Y){>$s%PGA52&tG5v{^no5oWB13*I(cKlAL-$ zH?&eJBz`#^jP-bMPoyEnxI&6>Cf}YU2}TN0p1s0IDGIL${|5%4$dW+%Hfed~;MZ0p zO@X~l{!57x{_EgZ7|KBw2*Z6(JFb&=QbB(3XI#EbC}HL8!A}KHKoVwE=Lh=5B0WI` z`3^!7&fX@QUr$g`-2e0R)$3PpPEwFqkV4gex^B8izO-E==cQCUzXr)mf#Cv{gpqo_ zPBfUC2MDL9Gl5V4brO5A543~(UqN0_q(J@yi&PF41ls-o+vz`l`}Oss{r|7muYaHR ze~7lfIZ#31RspO2C10)oTUHxv^Lhaay*^nJmcH%W3@14#lp=*HA=2y%OiQUi$X6|k z?KbU+EC5$uL}^<88qq63m;!OmX_+^YXqNnY{^j!(QmePgE2)qw*xA+P z_cwFAf*dt}Op-!WJ6MrzA9X+NG;iCX?^F$QrUa)~6ft6f#uxt|uzK(jtmS#V`rZbOa`c0< za{(zZMG$Sc&i^!|L>3g?Rs7_?bCOrH3~Bc~FF2=w*iWCYbNLtC`KM@IEiyk4NM>7#QGR=W^A-uRYK@SGQ_eQF?;u+IvkSIm+Pj;MVm$B*LUZ3`4bL zLf}!f0NTl_4~+^FV>?i0MVsR|59p%(ah43PzP6_L;F&e=@~ROH%Q%1~w$s&GV1Y3= z-P&UStX|Amt$B`agUP*|uwYn~ZmP}bE=#2cqIQ)9{9S@n^Mb3(Rz7L?-lO2%n(|*! z_5x&-+?(G{lc{MM10?zw4;xhN5X%Jv^$Z85UId4h62wL8m+*k4rQ4`hd_ft;J?I!w z2(m#6&M*dfaK$Zq?-G+mxu66G>3+WNRC(Br_ZTN28|7dtYZruk&#<^F)G&yy$(Mjj zLDXHZV`$`gmmoF-!!@TPxKcDq0-7$zarbqO zXZ^;v|8o6CmPIB|3Ueipg6yDk#B`)g1tM$?VguqcPrL00vt3>H^dBzPgL{%SIp>_= zQV3wU)9YhC*4)(ec<4&2&PVrocA`^`5p4q+XQf(og$8tNfYCXK!-8*^LK zOc9K_Y$cQQlj!i28pdr!`9A&HBZ*Z{rn92d=m19$4Y4<{SaH4{1Y+al#0alIvsIh` ztwxqKG1eu?{vd~~%P}wwheYki758&Ne)MMkoFCrs)`K(-kQet!ONW}9|02qU>$fxu zB&%`#*%4MZEeuLi(Q)#2BwsTPUD0`e2vV-jGGMB*O9mK&a#fipqmx>J)X6Ag18Jg| zJ~750ODRE&iJ;wLnDR2c5`06_!&DeI*^N9m^zCcu`S?t1pb?CjKXts6b z%<8bsjIc~6Hnz) z1bcLTjTC$&IkA`!r^USQ_g#tC`h78k>i>5&AKo?G)~?P^s4}ho5ImnN#8M>EkMBHg zFw^u=j?#CCB8EZC*P4V=-&>pVZg=T8h&j3?d6|FQ8}W5X;hdK~HfAA6j>O&B1`&!D zgc5Z(Z!V978(~Ys93u+B!ME9LA55nw&#;wo{~J6CF9e3J4+Ft5?=L=vv~(0O z6xOyXC2Z3aKkZ#q)Awl-v!#Sjh@lM9%lev+x_iI9J?Eu!aV90n*slA_i*Pfx$@TgC z-tmHSe}#A*L%tc$dbqx1>F=;-q)C^9?<-mZ)&9flut(Sh<#;_;T%b(LS+?HMg`8R4 z9T>}XLNdk$%r=~sIn2-xf6h`RN~vZkYzT%~VK{BObZzBz@#nurrCQBOq3tUfZGAAB zEe#>w@xW7_Bf_Hj6I*!meV(xhC@fr5?kCE?|b7v_~q`7n6w2_9`l8~d@nJ_zp6KjXre&@=ZVwXJE*lHZz2Ok|e5=dp9T&N|vK0xNqhcm_$x~V&bF;by=?4Hd69e9`U%o z$!BF5%QUObcGWR2CC6)gv`0`Mx}doaKeOmDi8!S(bJJME4SvJTh&pL}oO+XK&nu{={YeP}B+g33B}Np) z6%wfX_NBjjhFpNW0&xumCD}KO`s75je3RvSxe#$oqn-SI*`A6q>Qk?1U7Fwevw(_nT+{bEg7ffCW z!Ua)x=M+g9Hj~7Li;^BSwVYIhrGoHlKb1v_l(t5QGp@Z~jZ(t0Z#4y8Rjn-rNh6fM zG1TOTn&bY?q$Dm@hvk|j7B~8P5gX7a`HU}r*ZdbC=d04WLINgfx0mjzm8mEfO%jSH z#(1ig9sRJO;uHkZ?lZ##*$GluE&&^yYX0@$T37FT9LVhxE1_|B3poeOS?b&7Fnc;T zh?aqiJX>fPFG9!80`g{LTU$Ne?X4W$&P$$a}?5udVhkaVYK2picLMj0$ zuOF(Zy;9FY*=xt$BuQUzyaqA6W?q+vK~oXKSQoKz)V@P_4XiT^;xJ9x(uob&pGp-i zp!G@FkD-||dBrK|E|2I325yx=XQI2N_0v8S)WdtvHsji2Q66ImZydCse+Zs?1Ge`X zG^OA^q2e#Ny9VvucV{ZxC`oJ#;ht0^Zmx^Oiu=OR(s&s3`8XcvvB~>LTs%8TvLry$ z_F@PD+E2V>-4FbDv8(e6!mN7y+qn&};04Nz zm03m!H%2&62ter%EcIGlnDN4JU1cm!0>Uf8 zvQL^~>%AyQ+!!k*a&31M7?*}`*OxI#h`+<@H|Qhc+lzu;G+5O!aoDw{*BD0Hwc`lP z=G+#08_E?D#-eTG5@E>!7>d=>Untyu`P=)^7AIh1{z(ryo91-l?6pw3{FH68NzgwI zapk@d&9WsKcO%wR#P{JGkK@F_2WE3GFTMaH%y`e{nVw|E+_=-0dHiLoE%Ri~YxmLD z2s@|E#TfCtW_M(_G%T#`4>$gHaP0SDac76R{<$)b6xpp#)9j3+!6aEvl7lQ5(PXrf zjpJz^``AnD6E2n{hJ+Ku;^yn~_QEip!d1DTM6TwONpbMYmRS$cy-8cU=1eI;7NxS8 zZTDM#y#^8D5brCfnSlZBQ{Ry64^vpsvr}>5+{$fWoBj_HoM3i$S1U#$I>|9k=%}oYyRAfV@z5 z7p8h#;{;BC}!Fi_vaLm{43-IwWuU9 z@j*KXtph^9Pf$dY&{vPVU0kZ(^S-z@(E{ONe)t>-1z); z3?fsYP!ah-APiR^2v4nUse7Z=#X8-Qd(?BfBn(mV!=n7|u34Wsx9tgSY8%J$wq?LT zAZ3}u;)Oh?sc7kQIw|*Ibcz;0CmnGJ%SlHxuSul!>2b{M*yrS!^!B_YLsl&5yK2eS z3uEcxKOTC&zm7ny6Q4G%;Z~4Ry5oVbL$uv|h9)f(Ufm-q74{yT?$T2*GxD8oZO* zgD2cXQ%p)N9$z>HLXTS$ZQ}*bax0wNmq3>v2{S(X5Q8=+9t=g6Bge@C@MxY|j6upz zJRMbEKcQo{%ic_pLUYGxUQgosSv;s9#y97^k(l%s!S32OJdN&pH#Chs6xmk0IB-=z zPNXC!-PJD+x1r9yB%X~nbmg6$D(y3x(+t~UI?iy9A4!Y18XmTwx*Jmi6c_BQD*M&!d^_VA_; z7KN_V){^6+W8^NG)Xm81Msa~MuzHy2VGDN}-?Wv`>=S~+Q+J$m=fn`cuT?A!?uTc3 z|C^Q;?zR!{ag39VsF27&{pUZQr_vzF%?+_hmw4XOU@HVD+%|>urVF1@C@{Q6wrelz zYT#6-qbC{3XqRfOB})BxN(^y=6q51Fn6+el`}PD1nq+m}v?NjiQ;`Z$#+Sh(6*n!? z*sM5)47KGfqOPIfF~k57wTE`ByZ@FmUvNp{Q?Vg-`314%P;(n5N=-#zX~Bu6ihD2o z#8m`6zjB6_Yro>sZ+UzBrH?)9DyrhMTpuFilmo&mRGgJ+bwMQN8?ce2E+>I)_wy!F z=C||sHVt7!5u~`~4Z{%$`8%TeX}R~3Rm#OG!8)?z(aFB#LLr-I&GYtjO|F8TWF(`x z3by{}tC~ZPUc<$BXof|xbz>VmW9?KC)sJk+X2rdy<@>I7L=3~K!i{YfL_Ba5E3P=3 z{9Z|sJ^>eHW#!y(5id#=f1O_VD@ldm)i=P9O#ZB^KUybrk5>QDviA9|1uJ6boSWDq znX!M8Yp)d7ffIDevWdJP#@k#(oMlM14~Fz8Y}DYn9}h!s5R9KqNxL_5SCdbyXJT}#s&#g<=>>r8X; zu=gUt#U6MXqOMU-JjNBG_}1}c4)!7=8POa(1~Xxw3d`4&B5&i3ELI@k1>bDBx3ek1 zcQLP`JR;>dIN2`2GAa{We94MFldZ5)s<`5!)4VrZVpR`vSQiY`4Hs*jq3H9 zhtghUks<|iC6I!wlclVnY_?0KE(puM)u_4|wVqE~n=(hY-x%5;(sXMuMw~1cTRyh2 zTBKnmoQSg^%s`a(<8`?J!9ao3+!-3Wn5(LY6U4&z@QTmKtO#9Hr99}@{-^11o- zl@E<)!-5F3>EAvlwZ71f|Kx^;DlOv9Bb3>58>c>4Sq<|VmICDJE73cM{m<_=3F5rl zdpREHUwX|y4yefi?-vzUumR!jUAiB6_7OIq4Sf5>P6aPM@~lbT3I_`{-ut%H`kWGd zc+NLCMujQVA1`4XDUw%suXHC8bS-G6L}2m|*7_m@NhRPLVeE*f*q9h|)``i1z6c&!`pLmEcPfQY5d@ za*f^zz6Sj@nWt~J)gwKp1egkHLG9rNHKNw#0?rB&cI(hLybL(EHQf7J^&r|FuAVs? z=jiq`PeIN%_=7-&HZ{cWWak)3b&Xh7S#U96=L&_~xQsuDV}t}wA+$|XV{UM0SY9kC z+&0p2E(01;4RCk^uE90k5*P!s4b5qCpGH95fS~B^yI6)j%JYr<1UVOXA4yIEj<;Bd zuL9vUVcBQS<_v|z-X4U`S0!7|$&Y~ZElT!bQJin9-US8zvd7&KC}^wbd}^ZS^&3MQ z{T+r;@WYyUk|9;6BqFTln1}SKRM1w*-Tq-K*%{vcd4L?)1lnTDD-fT9>MU7{vgX!t zSl!WFx4aCv!sc2sp7BhjzWlm2r!}q^U%?COnI4_ z(5w*?Z*#Hpg$0`mVtQ9I=oBm|VhmpRB;=|baLH*(seQ_WD`=T@tDx!9&y?x9|FtR8 zwLj#P>Dsm_*R&r|H-I(}+EOWyls7!wNqkVoEl&>*MWbEJbAZxRfX)@*Po<|EuR+YK z|7z5jKfD!}ilH37Y(NO2bK3dCtYo}kh@OR;R*Dv&d-vYWg7Y3vbs48#4e``aQ^nt$ z7TV~bKODhzD#Dng5pk(>$r)0v>a@VKQdhB~=|^9VNXpeYgjtFfN?&EfE1Wh9$~RJ| zaVbQY?&gD$r)}*lo8!<}_lYcO`;7yvNDgOdYOXUn4!p(rB%(>{O@8SsLi^e)hA|mo zbmJ%lEXi%xp116}gZ4s@4N}l%^mpvjK{hFo7flh-Vamg7-1`%IrO>20c!YWKoGCym zE)EJ26Juz8npm-fWT=oUuB~e6!zZYnKfx7JP?;KJNib4}M{6X*G+7v#AQHPdYtm}^ zx;CRYgu7(B#k#y_Slrbf@eb=uKV!PtGOZXW+$pMTjG_g?>#{iKY)Q0_jd=HXfnDkI z9(I9Ety0ovn*GU3^8+Wgj@U}rC}7IsQEK}x<(qewOO&`ymrGGqgfU2IxPsA(ip0g1 ztlFZ)Yuh5jW7C35sd#>l;!^_cz0mlSEIBnq^uy30AhUcPeq1`5s>nyMb*#=qHN|KN zUr7#9q1^Zap1shm&Y^}2PKkqTv>Hxh(S&n{;jm}|kV)N)aZ?%5Z$jriehyc~;8qEA zCNk|PT;1eHFlxhwsfYcJ7y{YPWO?7S&GQ~*Mzj{Tov1ZFhUod~ZOD7RrpH7)U%0V3 zA9%lnP`fWYBARr4>4WKR2z&oBCGd9SFF*)yhx*LruyNVjY6C+YIVjDEl!UX!QBVqh zhM}#W02M@2U$+-@;uK&b`kQ6rAvYPLMmLJ(vte$J-C*1G-Zke#ru#!?F5EDPu*CH^ z-ZacvrHbD(%u}m(mZOnq_r6Sc@@#fn47vomIX<$iT`w(JNArM{%X52U)8a6RJ;c1} zkv%JPL~qcYyecWZtPV|DVQFVfqcSDxBM%##andQH#T=Gg-)|6@z|z?)11AK?1bm8 ziIR>sRqjS=)u^e4(a){tnk4f(41$m1?xY&-UIY7srF3R0&;c@l9vL* zx9gA7#CBr3POQ63Y}z!Z-A%Nd8e&TO$zzJ+>a28Qb;RjZ`0h|mQBM5ufWzX+8^d`7gMDVfI7;Mplgh)A5+^1?BkZeFEguY z$}8Qqr$5TTDWL^V=YUH=)Sdb1CcE9*+{%!!(C_x;}CM2W}gRi@Yll~oXKz}XL2uWpZ-XC zdrh166#cyjWQOx;n|HTqn{V5+&Fl6Qw>e3HDWa@$s`i@)mvj$m*MWWKL$-Jir_-)^ zVkI~C(yqA_6?oj@#`F7%)VNez-jF}kViMkaA2$kP!Ec|;Zl3ImzTHgr#iI^hkbTkX zXM^GvE`#flfaJWLd#_n9W(zcRQ^dy#x2^AXPD`mkTo(0PgyEd$E&OMm!u?B#;n1gh z{4XHrHQnQH+PYkT`Q1Fb*U@TWaZb{J&+kp4>1WKmQ)s#$nw@ryrQ9d=`T{oYq+Xj= zsaM+V0C3Q&7fdz}`-a=8Tjap++fF+D8Sj{vqSKd%(D@B2zGyd&-Jv}L1_CLl_CI0S zUcvj}eFwHZ2wMtt|2p_(Sn$d6cmd*NvOJnrSssPpx1I5E8{1=2#m|_9UWzIXtl}mu z^8$9xq-B~W@e0y%pyznfGS8TWCN0wsZPGFwZPGH2+fyH?VcE4Go8Dm7dqE73Asff2 zoh$u=!~^@jlM3?gimfKKi!eE7N8JA=Ld#p0CuQQ!f^vb^bd*{>n@G!6)6ZmFhm2e0|<4&Zy4oB^9-gZ zEG{7Jes{zx$XThl#7N_v@B^1JnIrl4xFEV`ll>qpLu{TFWOU&}SSCP@%x5jgJA~KJ zT?WDr*1BAbzj0cSP#dR(o0AkU3Vu)hOdz4mX6Q{6=1doIeUI1* z%O=*80tE#hE3tBcl=c;Ty9BBw7uZ7{RwfXJD-eYHc>XqHT)+i_oU=LTD`h(RaZTf} zxDReKh9NHD8^W#xEXnN{uGdav0ZS0TFrR{Y>L94yOnr10wfZBd!A zgm;^lh7g0@g>S<%$zwz*DzZ?=HeTxSfNt=*FtK z^&?t9_e=h6@lMNmu$Whe@%52v-C}1Azj_upyAzD2%Hpu_RYkRhsb*z~HAkMx*6mzq zv+AmQYRsL1J;`mP0+*uF2c06%tOjptdOURH&R7TkEEQ7agQ@9SAd~@9O?2_+o9o?k zh$#W4=5@`C&j%`iXqm2);o55~9y{c$5i&oqNry<+^D#wIeHDnwy3enqtMZA3h%pGN z3h7&sA_Zfj07hKEtvdgmCF~kAWJ_qcTWyz zfo`EA0Hr_4s;*ssfbd6u+O%3I*}UHUt6rj6QzxkTpcTF8-Y})&qT}0QY zaDoZ~w+dL@->db1%U6W|WAl0e3cWt53;QPLb-m;5n|l|qB&^=0CpjpTwgmy6@s`|mJR&LE(`@bGh z1NGofkJzGl%`Ewui1tOsW?h=mT{R@ve<^4w5Zw*qBuOOZRo9=l4>_jQ-^#_K;xp}z zN&e@5PiniDqk^uerp24tV{;VJnC#{wkoNfF z&k{8sdHi9Sjyc97j^Ct6r-5}JGYn?BrRjUPf5Q>R{`fLn8Ci~F1hetk$b7*mD98(n z6zBxMi%`Di6u!27K9I~0z;@!ft>ZANZ2sv9G^n zy+^cL>AhNb)((-u=I_rlZ>97P&iLVHr~3DIxZd`#{%ZB(uhZeC&PX=QFH@V^)TZ__ S+W!Rr0RR6-&24r77yDc zVQyr3R8em|NM&qo0PKBBcjGp)f7bpKJa?}icapg?r+04KNj&L?|5kTr4S^*Je}Mo4 zfU@29-0yx5AF^b(hzAJ*vP~=|)0Tu^0Vq@zstN^x7+!&x@d5-=T+FaY|8c%TLcO_1 zIsM5;J3T!;{qJ9Yt^a#^diwOgr~mxtKYx1r>*?En{qyIy|N8muPp5CI|MOFF>IL1< zN~w_e>2xsG)4@HHh8W`tDZ-h2cakI+DMWep1|y{?ydnG_7=$8A0_nS?<&}e9Tah#c z_AdD^B}(|OgI{4N2U#Et4?XR;PTore`N5xY`7WV^m3Id}6+i(=m{px0=ogFh1Qp~P z2uV15mu!AMK}GTK&(k+=-~4itg2aLps{YeW(?#;R?IJlZrQ-PwNL~sI7qBFZ)bn+s z!Q4DTI6a*SeERQ`*o%Fj9o+v4@`54-@*h~Fa?x zwEfM23IcZuSoJUYX8mtjZLrPT1t|3PWKCH5u5&Y-9Y4mD08?|o0@Npz!(KmsmJ7g~ElGB$vrO=^c-ZHA!)Sh9Q=261{4|5E z|5DIWAiA4~lO&OtS6zSFO2V}ITe%SJe70RR1iwrE=YLOP4YXRMS$O~X+*H_pUWqDKx^;})v=k%}kj}~XgKTC= z{QeLQ@6ZQ4BG23H5SuJ0icCKX~Bsx1=& zkD>+8PF8(vRG1jsfif%F9LIS;7wwO;WO((ZHN^+dta+DLjc8cL0W7hduGRtzjJfI7 z9s^+YV#aFCb95I>?&X99!>V*sZAN!lDm@Ujt1RH}5~P|JTwS&DNyGOZ1@G3B|AMkt zAfx2o{C1j5P16`4(Z_h$plXL$E*Pj6I571pIJA@?E?U2Y2P`e!Mz!J#$}sLh$B06Z z4N`E1G01}}ZrOX6m@LW#B{)d;^L?kv<958qI04xx2U}UYAmk;(;=WMBAi5@B0xktn z_q~pxk>_24*bodioQ~j1(I}DQosljDVXqp34d9?C?EGl!*z)Z3TbB!Hx*W&d*Eyc` zFTVYk>tAG9WCEoyR{|->4mw9nN6J(n!sZ}0AU^T5+kP&1wx-8JS6X#Gy3ex{opOw58_+l_)v7Brpko7!&Osa&e8VIvub1-oj$V`FaqDjgu22yaLTuaRRg& zS<=KyTd(kzgy z#`Q->SlzTRC{0Dj$=i{9%`|jH=lvl_xjM^$smd-HU<}GtWuA;qY6Vg!ql^utiDLT1 z7=J9K1TiLpc8g)k%k*0C4M`7EVccZ5^4!#i^+;@VT1NQ-QJrS73;)%j_lly~)|E4> z!!|R*GM(7iHk$~^6C5Q7R-c+Hnf9lD*uKh*0*DLN0Zk9#+z?i}j<@~+?vesqWW>HR-MsqQ^KtnV98!e9vY z===sL_&{=EF(FQi`OxqC60i09VhGj$?|MGGYq+ajogYzUTKy(?K39mPNTeU$d)#2A z>7yK_?-4}|gP5;138%idHs#&!(s2-TbVu?s|FAdWo07sgFMVvxLXaGZ`?C!q6fFoP z>VDo_9tk(XmWDY-6oP|qv)O((ot`|yR>t|4s=u(qeU!ft7`i?T1jl^1_!!dCQNU1G z+p3hXO;h~1cTr8>r%B9~5@g|0RGoJNueaX__Vb4gDE(hONv<9mEhu2|`unWrZdak%YnU=F`y`u{`v${Jl zmg|IMj0>1;I4yISq3`~jrAm}i%~IG9470*;+IH#M%Io6Ke~n7Dnw3J^S2EiAU^H7A zLcHUFr#wf5Me`@N@aFqGV-ZkTxTwZM@6OvDAGe5(VjshAc0piE+UB-tC_4_kY1*->L`|d;3M+9k;Mu^$DUIn zwV6P+voEnEZFwUKLK$3I)@xD$kE;KjHaA;$cAJ*^*XXbzy_F_6P8i9=7g!= z5TT`BfZ5p1#@$ejWDXRt#+Ce>ZxS{mtS|D9&hMl+)88$$MoVnvT{XB5)!;6eycUED zqVCTrk}_;2i47MeJ!)z>sR&C2;n#jDixeqsjSy#Cd%qf`gk@iA3cRXXTMCj!D1T+B z$qzNh{hdikT&xbuHA^gR^!Fk*pilAzU;eK7FF?*$rE`S@Oww*I-E%8bQ7)P!6i%q0I-uF0=+b32+40#IH* zR8xDUUWBsOj=M>czTkKbVtCEGE)RpIB8IUpV&kZNkMJ5;XBfm`nzW@88?Zl=Dq2A6 zld>N}GiCCcQ_@`?(GLvVDS^&JcTMZ(eJH4hcgZ&6+G0^2V+d~?w4lEUo_hnf_Zl>% z;69?_Pq@DU?cH~0D%>bZYz*O^R3vV$i^Pii!qL)r81(r#9_X>j`$$|oJ4v!6K-2hq zwfC^#kt}IFF{VNy;RteA(rsAtx8qn^%$Y)jb;kh*)04QbZb~*pnlA)|B4@i~$3c$+ zuQl%kOseS#!Vz)$b5%`NUkv59sqN`+^*!2;yky-E{CKge^9sVOdi>kD4Y1$^%8Zp+ zMhQ1YI8X>c>1Rd_vcs0iWx0s4a4qcRT@lz{9AN{FyZ6woyrf7fg5Phe0r+D{dxf@? zrh*#I;E9{=D3DOZECdp#6lUA)mN@E_ro@51;z`rSnlMYfRu^WxFkDv|%aefcim>dX zrr3Hf3KBQQN{L+C9RnK3u+v}K-t*=ox?oAcU3^fkiH zX>&0~Jg?au*)0tVYx~2Eza1R=y;$7Yp{{?f%p*m1tJ5?)<7hBR)|2EQ3q~{t$EC5|#8w78^ib(#Jkb+|$Rx zljvljC6m=_H?QuwcLS*Fvv+!A;|-uN>AQWL^7CR4=$5e;oOSzJo+p}Z3oFNaqB&bn#%fq2kmocNb)|g5*%y+7R46w-e;tF! z6ev_g{w@%PYY>E|R=3o>QR`xz?#MmrIb9NlDEV$tes|Zb&z#%#j5f86V|m*$U?7mP z%wh3Dp3_vc^f{fB`!G613!syZIE3Y-BbwJF()#o`=639Ja!h)AUXmdzmh@eGWPas4bFR1o8v^WI2I`io$9?His(cfA{$#vY1nt6dzpsvjp( zl9TT07l+$WXI~P}MjN{F&Q6u~8O>>iZ805ZxW|vA#aj)JTTtDQBZce2A0VY$pf>4a z0`w=eX%3e;_S+!tOoni1VqJ^-aEnWMUAeNyGWFz)rVSqQz(ISPbQdG?@h^LL(+7(} zS88j?@xd{2mrUwrWObvsKp9v)O!T;gJB@GJN@(^8!QrVp&bf192;bK#mIn933%&nM zOAB|~i1#?g$wpL2WT5`~>(f*kB)PpMHt7;Cdm3zo0EN4zklu9RGYSQU*T{D5bzKdd z>U8uZBN^>dt+hm{A5V!PPLM(}ei^ftjIUpxK|zzO&YPA*Dqt#7AJ zpqE$9&~oipT>33x4dCEA|ZcAR6i~EUa?BKSS46Tc04-Sms}`h6RmmKp03GN(36a0G*`ja zAAMbO=+SGq7!S>`D7J2FgJ-OrDx&(4E!nJi@U(o})sBc^SXH>O&4P#rj$*|XXOrJ6 zDbi=)qO7c(TQ1^7sp7BGD}N=a5WM;Z7?R0fboEE;gznMmKU&s4-?d;x?3{BGdn7aV zPjc;*;yN&6aX`MLOI^oZ^Fps%k&$h4srtBUu_m}@KIp)!R&KeVu6JU>-UD-c!PX0f zZdZ?;m)N?#@vcp>wQjC8iFa+_{vUGZVMxJ(rp3>w?^Vxu*J2N#cUJzSAMM(J)#+O^ zdDo)u?cNoYcP;kr=v8ld*W#1kryBFF#iqZva5{e5(wV|01~XYjPHj4In%nEqsK+lA zrW5B66pno2lpr<)!x_fBWa0)|+`7dK)*F};l(9(~+U zEMi0qI;J|)stc?42xL7i_Q^@{X(=u+@Y6y$=S6uy-{rW^|;P77Y} zVwnIb&mSJ$x)y{BqVA2wfIShxQ}!pxn^Eiew6!U7boZ5^4I)jq24lp@a>Yc zR>Fxm3&IRUX+K_<3lIzxNX?xgBe7Z{+hBP|$lkQ}IVeG}oYzG-CL5*C2qzn5Fp7p+ z0R<%(bKjh1Wl zUhp;OugN@ryR9DSIVHeUPz!1gH>eS{E*EfCkg!{a{=&RA^H}{7!a`kyJN`Wt9aN19q-Z$c@YRqc}!L;1ojJG&SZ1hlb_FlEPgh z9p^HjA=LnfH{cpv(=CB9Fx$|aCiiIs;6 zUK5sm;%v@PNbK!F=zLYO^_+YUINzdVzb}gOZPmM=z@PWHI|2o56`hYw^t^s!XrsTw zFbaNHGfy(4>Xbx;)g1GXK9vgED!JP~Y$ZFx+dq$x1DilwYz~Hf`@nP zebpEN{#uX?p^!luK`(Fee3vvI6xLiS!82rN>v|)WUxJD(V-^8Mlwck@x{fI?Qxlps zV&ZKscD}G+Q$bAcY6hKxB}I(EE1!g1l>;t0O)0g{d2j_Svu+hMUHX|aUH88>WxDo< zoHAY8HszZ3BkC5=20~jZ1(NcXhdYT6%DCm};h|`>i+K)EnhMal0{p4;l;bssdG)^< zHRca*#ie2>htC@jg6N!f{xB;UFBqa{;ii?M1?b+rceCKU$5UO#saHchHPlq`H>ZU* zI_M8aaGi=UCTT=mDqV7hl&d-|@T}BT>}dMYmm`vLbq-;cqJ`2|8Sx6I&4Tic6lz=w z5vIHOVB~3AJIm%cG}e70i`stU04tKiS(=*bjE)0uaXyJ?(t49$`ijuL_KIOlMi|{V z3IR)U*R|&@yY8U95M+ZCv>E*!`*e^^O5{aTM0A+)FdO& k>hsSX}to;_y@kcx|g zLd3)vnx7_CEFl>x15emkf*h+9Td!o#|&xH(RC^1BE+9m5oufKzLmi=bSBx_OTJ~9xt#fecr<^ zu&Gr_+Dx-Qcxis%#MTj82^$4WSv*Q@-=+NJz2y=muG8gGR25+iQW~yc^r9khu_ddv zDDm31$ne;-;8H4{pQHGcKzlDVJ|#;|4H5k?bO^{SpNAipj;1Q|5o{f+^H5DOTEZ8S zgH$LtzJO;hbgOfy;eu1*ARDcQ(^xd&++jE@ngC={H)GsXM)a%Dd5>ShRWZ0z0-cFW zI|^4f`4NoTuwm+9zbA%3_6u3wOSXC0qs)lb!nPB&#>WsnU%d@^&)4*ri02D8Hs=HH zmk?_Ag-1k_t}lHs-7R64uTuhVNB# z`Uy}$H1&0RK_^ZDHln{-HXd@5F=}+9SUwx(_Sg-!UGH6UK4iK-Wah#Rg9uApkK;|l zoK>p$l3|`&y|WyRM7#H8!josS+hWiq(CzV&W$k)t$vT<`tX!Vk8=Dq~N$er!O^@tZ zp(A>W?&Wn!=~Z=T(h5sEV;YqyQ6G5N;Ea<_87=0pve9x;rx$Ax@ma zI&HsAY-g0NO*Jg~b!;mQ#$A!ZSii3~9j=BB&xx8V(_Y_i){nrNiCqgW_(}=l_e!Wt%A^ys&zw%v*@@{oof{B~X*xSG z-KMjLWD0O_b)d@ntClIywh4B2={*}@>INzBSKIY@IThW)QscU@Y(psHQb8+Du#!a% zLd*RKu_%SKa`raO&28Bnc44e{L@N^Ei6hz&dpKh|-t<9|rxx2a-;SOATdnoeFuE`*J(wrPpquNB<$Gsiw z3Fm`lUuQ1@i5J?}>JGI*N7x~L={4Mkb}$Yhw`ulyKnH(4+`*X)cXB2V!uI)(q_@|! zY0uH$i$G>LpSF2-o3{D3P20R~&vBcR6qq8)DyM3{d2mVhpmrVDcRpl`_i#GxnkQCr zb1&_hOHqNREp9x&uSktcwdD=@LoFuZz4vjWFc$po+3e=YzUbS{WM4e#;1$^yy?!<* zZs9Vx9tlX!+qw6e^`vwIz_78d6u4fy=t6q#BKo75jUxfvqERR;=n3y(lW1L z=S*6rX%ep>EeCpzCoS`WS!mKS{m>>Y)6pg^^Rzwpff|-w`?2W_X1y20@EEdjjM}-< zKS(^V?|Z2r@2=QtQo9I~b4D(pp#1*99n-}^R!ePUn+ozF&>Rl)_eIh8&BHwK=kE6l?t@6<_N;Z$cORG%=v zQMmiYgFt=a>FE5x5DmZ%6-qd6V2J)k5o6t@alIl1;Rl9j0CoVOF8D2@9BH1x^n}F) zq}}h1cm+8t6_*%kyc2%lQYLdG{~i}a_iVBsgk^}$(}IjHd{6Mjcu)AwrXwef6 zPl0lbMwUngPp=+jC5#Jq3uptQi@zFWe9PgMu$14*>yT5ZbqAG2CQu490F0SrTWxH_5^RL8jzC}718Zo|Q{EJq5jF7JxUj3vC= zyflOu>@Iv8o=F}fN>P!8Iwo&S+zq0oDbQwhBiHE$swHtf2CR=$S;XxeltnjI&8;8M z0=i%FcZ+vg&V$9gI*hN6RO=QyYxvo-z}cN(G*uRdg|8~AElf2lORPEaRJLyCLYq}r z-BV-k4D3m6BNez5l|JYcd1f_uThrsAD|f~^_-Cn*Dj!Wv*8-som};VnKi*vLoJJ9A-%cP{|RuF9{&d;gKgefC~|JWAi1EpEZ&KdM~5s0CU2dvo{XfEMT$ zIs#DogRJV>^#=%l@~2I!g_6zN-M{K3nl*KTnh#pho9+!$DlRHcZ2odGo6S!4Y6mB% zAaJLE)&0F$|69Hx{2!aQ3sC6oNnO}CIj`#-Z{OUzfF)t|E5q&o!vK1s)-ZloR;}^EdQB*{!|}Xk~h^4-n4RS-rE25h#IIz ze|o|e&1+`Kk3_UDGB)edjPAN2x&BK*OM&Qa7$-?0F|WG*w0+1it^QUno)n*HcTDm> z|9eu~y(HaZ7hV86yT1DN%N(yDe>iR*5{TPL+O{sC`D9wWnLRc~A&tpyJ_2cvKmIIH z^O46Nmg$&dJmUCGigX%S_c6m@rdyi6hx<1iVeF4D!+TI|d|>z3 z2sXR|daUF=15!Jl$U81FJLGU@Z-@GMCGvSeSV~yt&psD>g1Xv%dj@(X!-pE@`+DGg zLwlz>*p4l@(cS{jYfua0eX9!mIARVxzS6I!t{}^FnwU-#(`jOlj_9X}r&9Nwz1n+1 zyOrLng=g&$8EpRkIP+FY|KN-tes-#Ve~0UB59_a1KmIx$Zt9F=!~8V0sZDKaucQ56 Q00030|Lc{j&j1(#01rL2hyVZp diff --git a/released/assets/rancher-operator/rancher-operator-0.1.0-alpha800.tgz b/released/assets/rancher-operator/rancher-operator-0.1.0-alpha800.tgz deleted file mode 100644 index de68be65a48a066d7d401bdbb8de23b1a3a1b047..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1095 zcmV-N1i1SjiwFP*G2LGP1MOK`Z`(E$&a;07Az%nFK#C;a3Ilt{(ykb=Wrhp%HK3&< zn=3^MBxN)+^51uKv0}@zoF=ZlV)|ZW-VQH^{Juk4Q4uUb*)jn|jZ`;Rr-$phy|2-_O`F}k2hgZZs*$7(jKleWsLKcRxKN= z!B;fLVh~s`A(l}oSdA5zEDS-kRuMD?ozMUp2CE;nfw-|*qU4H&pzXyn*sPqjVR_h>Do~BBYSp_Yl#Pn;9&aHd)`6 z)v3`L(Zc^BBwRjban~E!;8^_c4gA{q@8gf|{GS8cp(nj7z{3q zq1nMb5LxO3f~;6$q#IyHamMr5{|`C`u8Rzkb<)rriKX0kWy7r=Gw>Z7hppfM%7J7E zFhr(I;QTf@HUY7EHe;95xxfAM!>8%(-G{1#kX#6VQ!<`xWfFq-6&}tY+RZKVr_?Mb z)!?1#wo%nB=$2fs*VTlHRWRX0SWw}ED!I@i4taXQn$G7!lk>*TGf`vdWUm+r8uPEK z9uN3yXF%K3ZS7gCRYB`k*<6EKu>fv^K&HanH}`bu9p0f0E&Q+MG&o5dc%1*e8vlF4 z{0)n4B{+qQeJU%_87gNen9780wMqO+N9OK(_f-(82LJDvZHnw|TpX!dD` z*AKTOWa~X`y>@2BGnaF}$$fh2=>NZs7XB~Qoff;`4N7qA{_nZtdi*~cj5_{52X>yG zHyl+v|1aRDOHZT2E75ZPAC|zA>~9W}ye$MgcK-XmTRZ>0KN@uB{~TDaZGsn1yd<~W zLv7UYtRjo5t6}k`w+WdV-}0(viDJS;#QI6!Sg$gGSAVDy*7JBkg!SK-Ue694I&}C^ N@GoBr^PK=D003hMEZhJ9 diff --git a/released/assets/rancher-operator/rancher-operator-0.1.000.tgz b/released/assets/rancher-operator/rancher-operator-0.1.000.tgz deleted file mode 100644 index c09004d0927196bb44cc635fb805b03e613a66fc..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1087 zcmV-F1id^CQ>yu z2nngCTr6ySY7RCNS3*q*XKDVWx0U8vSS-cK;e1Nki^&RQ^lL(Oxa?I9L24E=h#Jk_ zZtw-ou>?|Vm=aUV9L(O1OBO|t9_*6R1XM;t=ozefP#Th6wM>c?i$Gb6m7J2049~JDk_-IEX9)ST@!vI0gV%*X|aFz6c{Rl zuxM6T>4Ye#wt89n{YmeEt4cr$Cq3#&EcLpp6}LPV;5#<+4QaG zmRzpa%?A^+BE-9>V#GUHQ=&<1^7x27?N3!sE|u*kqQ=%~rx^(v<(G}eJ@MKZ&^Cjc z9gD3lXx*&U7049};W`XOp6c6vPj9`#2OPoy{+IVOJV_mRod4Yx|GT~)4E%o%Z1aB^ za6Hj3g=GJhcLMh3UsQdpt&+k`b@ZJJ4$sL7GUtHYYaw5=4^re=NyJuB>lGEJ61fba zmMI7&XjT43;*QxOp;`6X@M!UhN7?&Yv^-Q}d<^U~eYjlOH zj&H-VEaT-f_!|oF=>DvU#O`&{*?jH+Z`i9FuKlSyzyAkwb{VHi?c)xw@7E+`>po?@ zw&&F~hkd(|K0Xfg|KG*|{;#t;tyaM+GQqL)zv~3;`hPN+4E%o%>|8x=II6Y(pTSRW z{TTyZhy(loZV5aquDNygx)Si%{vUZxYyW#AXZZimS+HJP1P`8gNIq~5wJ?tt9a-EQ z4XdlYP07@IrPruslBGH(=1=O%e31b>`a|<#K8**`sQvq`=X1b-0Rw&%d0+b^&P}E3uadv!oo)=Cg zqFo7S3^BHL`CMQzyyOf$}(W@MRGAv;bH=4cO z;47MADF|$s5!G$d@;6ODvh5N2&i)QRI+QT5s$Z~|QS@Y_-zUy1)I#Mh%rRYiuqa-J{l^K$2 zCg$WLGk;~;+TmfjWzX}hb^JT~A3s6HsR4bwOz_?OKSGH=@c${$iT{%F9Q08Wz#;x0 z`I934p zgQ#fMSm{J4sJ41p`~5-hf$K^@3MW14NG$cbs}(mq7T{Ypc3Z&#)B`CHVWmWw!1=8u z4gs-zGUL?KxxW1K!>60es}D^JA!Q=`P04h&AtVIrRUY3$vMsIUH`FX<&EVap+HCq( zbW6@xt7gK)t_blit{Cx7)s$!xmpndVPxo_`lS^gyiKwx4)@eq9M)`T;aYwwi2DHiG zcE@6?3tG2pbq#9CBDjnqnG18>@9C{q_<()b!~g1@Mn|aw5AlECg)RQ~C(~fy|5IR- z|I2{miGCp!`?tIkaKHSb>tk(|6t1eH@2%wUoUEX74#>R@@-_RYWS*5o>=dbJgw0c$Rj&)iy1Y9I3bb zF^B5;PkDXOok8d9Z&&h^3Z%=jYHBwn9H1p_jk1_fXNH#JIM&PK^eYOOm_I9A*u73| z>*?Eq*&WL}Cr{9k8x zTE*uTnc&d*-|z5$Fr7{Z{yzn_t{&Iy(b}2MV2-z*#()=M&;Gw#0MCkRZj-&P1U$6= zgOS(T|D(Vg{{J}%R;!{IO7M`p=N#%_hAld>q&XT^S9|MXruRy(QOgt)CL#7u`oeyZ j0X+Ic^I|`Z2SnWd{np=ez<>b*eiVEI^zn-e03-ka#+E&> diff --git a/released/assets/rancher-operator/rancher-operator-0.1.2-rc100.tgz b/released/assets/rancher-operator/rancher-operator-0.1.2-rc100.tgz deleted file mode 100644 index 83ecbb184c17874b627f57fa4f7168d9ed449dfa..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1115 zcmV-h1f=^PiwFP*G2LGP1MOJdZ`(Ey&$IsuLckDUfD}po&|shsS=to?wk$}2z6OkR zvbj>EKvG^aBmeu3lB_tA>|}}Sps4PJ((yh>9{IZ?6&3Lklq+*k)JS!9a(ME6KblTS z+0JHV>xYx7t%(HVXcmQGG?_-k4`#kUJ|WX@FqRG#+E9f=h9-1D(?tdIqcSw1KQwEmv~I6435qrRF5&xM@IXuQstI zxC(mp6>y*$T#e8SP;Z=42J(Z{Ga+Uf_kUih~ilj}^;J$-a=nD9OonWr`G< zi3Rz{%wM@4?eMbd*!2BT=ltUmi6h@lI_s0UOcq_l8VaDF8@ zi&6Xc^irBD1sV~1G+JAwZLDL*8NKy_{9v>P{}af$ zyt8@tm1yu({TEEa*7+a%AjSa)b!!F*u?OS1P(_(vHSTo^;`+1*iG=p16( zt+CRHkx?DIf|LzN;0tJX+$9Z0xpz1E>dLDaI;^GJ*5ka9jdn z^oHv8_nrgF=t>BiN zuGh_kiBo~$O;VxZjjG|$As)HEM@jEci!nnfJXjl<8ep49t~(4y`7H5 zmIzvRYIO~2#bP**V_67u+3)GCclbd2Xb=9YTN)pv4txs#$9~kp|6m#g1O6X_w(-9V zINs=&Qn7!_Hv#XmpvWk4hGK3B<0g^K8YbWuaoI zc^YB`Mwj0R+$mdRG_QUe9JRlAjlHc^PJce_+O}D&YdxWmNuf6m9%`GGNsiE4ek`DB z|0$m@x-;n9{hf-RQGsw-R!!}$lmoQ5tx?(ub!IqnU3c{IIQ@zYCKk^M7mC-ZZ8P0H z-cYK$DRvhK#qHl%8I-%BQv38Md+gREWb4&tz4orF#}w~!!@a*BlFUnK5B}HLomTOA zMJ9Oa{vUMke>{sO1O6X_9z8v7(4%!SpMe~2J&l20NPEuz%@TNSpSex`x)SiI^FI## z*7*;|K{%ZMW6*kSi=h-R$$RdhE@oIO$kOI&SUu})ikaT$yhbfoOqi57Kj|~)MF#Nd h56zGBFdh&|`}?iebD)6+8t8kW{{T}*@frXm001{IGVuTa diff --git a/released/assets/rancher-operator/rancher-operator-0.1.2-rc200.tgz b/released/assets/rancher-operator/rancher-operator-0.1.2-rc200.tgz deleted file mode 100644 index d22f1224ebe5858658e4d55449c580447d172913..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1118 zcmV-k1flyMiwFP+G2LGP1MOLDZ`(Ey&S(7!LckDUfD}o7(O{q-va~A(Y?+Y){TeXR z$>vIt0!ewzjQsbVUaZ)X>|}}Sps1cNvW|Dhqewn?q!ks>5|kq|P}E3uadv!oo)=Cg zqg<2~KpCe7^zkym|L6Y@^#=Yw1v>M;qC5wE z)CBMZ|9e5;@A7}(`BQJ;|5JdabO8nPE6Ai~xB~7Q>bU4o2qA_pkfR=1iICF6Jm-8a zIg8Nx_vBidxdM%RZdnU1?~v6iT0}Z5ei2eJ@q0*U&dm)hm^MYnwr#!j2l>Hpfd6C2 zxV$g2@+;Zksrt_!2d({&c_0|}|0%FtdSKn5iwfoo6IiglZ>HZ$!Qh86wAj0QiVK}V zR5WX>bRrZ~+q|p{|DbokbtNE0Cq3p!EcLpp4YztMz;}G?_ksb`ffR_aN}^2Q_%;%U zfLJ}caq8h*U;g>w)BN)4L(@V?nFxPVGM#M+3BhWX$2XAdN^AL?n&qqs-fe2pMz^9{ za=u&s9z?jonA0#@1P<83`KY=S`1$=4&UQZT7Z1 z9$PBt-LB0ws1=LgGKyp_%yoZHZ@t0?9Kr$qS9dfzN*(wV|BtZd-{pUQ5{?J{KLxh= zznpM9?=Pid|CVb2p~;uVjvceTm+&*xp=MHcINk13>5=uHQYwN1+n%YeX2WUxKQ5FO0jL>o%$9nlZ{fYu67SEb4RIgLp zX1E7>L#^(j*k2&zcYkALP_Bl`?9)#6*l$V5)}79J?cP+EDem<~`tUF$nU~@K|JT`_ zR`c_UOz_nC-|z7MXc~qC|DOUoSC1R^Xzk2rFvnXDW55e>VE^APfoH`vx5-{t0zS3> zM?vfVpCB0dlVSg#0_$~A3?+C-K5!0oFvAv#ENPC0)wSNHnCZRFYs@mmgh`0~lfJND k@qmcizu)?M4j3?C!1sdx0QzqEhX5o10PbKw2LJ#7 diff --git a/released/assets/rancher-operator/rancher-operator-0.1.200-rc2.tgz b/released/assets/rancher-operator/rancher-operator-0.1.200-rc2.tgz deleted file mode 100644 index 37daf3c0ebdc18bb008fe98b168585cf682c70ff..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1118 zcmV-k1flyMiwFP+G2LGP1MOMcZsRr(-DiIVA)p9QK#C+^R2b+(n%yo6w5j0*_BEiT zk&X)*+~=E!D4k@WDPmPp@uv&q!kt63Y0BVP}E3u{qFp5T{jqy zN%5Rail^(3%4Y@Q4TDMG58aXH64x6C6aO6<{|~;jkZD5|x)Mnt7|@6&y0ag4i{le^ zs(IAUZv?6t|JxN+#(AI#Kie4iJtm{k(fE7Y_)q-NFbMMa2Z4w2chBa*34G`Ar$R_W z4U=G*Oo?Sw23BXs6^kMeC%XumfKF)$9nR_pZ6N7XlX^-x6WQ0!)>O$gi$L4UwVINU z|=>oVe1tcG&Lmi2wT6dM=-iSH)fsNx<(1FU493fUolnI>Q zR$>zn>zx_9n$F$LA0Ix=Zf-x+Erb+_@K+_1>7I}ftY&#Mhxkxh$!FB8rnU1PV($%rHObWN<(RVI6JSQutj01A7jeN~MDw(AP5!-p4msgxx zW-5eArXf^dbnzRBJ7&v-rsZqRqxmZyV;7am)sI(g+j$miTaPFtQt0gfyV|BO{ z|3km=|BvqvJ+I&Ym%wI|7eg@~l24pNZOpKFM;6yd!}3~hTg-G`=hbSdV#374`axe? kFEW5ff2d!qoj)L==I^)uo;`Z>=<%)KUv8TD3IHSk04q5*djJ3c diff --git a/released/assets/rancher-operator/rancher-operator-0.1.200.tgz b/released/assets/rancher-operator/rancher-operator-0.1.200.tgz deleted file mode 100644 index 078c0fb0b19072216dd3fcab08953ab4a00c6cc5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1088 zcmV-G1i$+qiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI*zZ{s!)%~`)@{GhvCJ+- z66DC;)X;w~^kK!8Y$r{E1dHljEK!^p(&T$Hq-BaP&<5I|Wu)!N<$_rX?^!O7UJFqa zMd#CL{ToG5|2LY=qNDh9Ham;Y&g04CD2k`k^Y{p&R~x|r6polZie4P6Ke_J&Oesx_ zgjO!`05~Hibry0)Brz2FgcYO%p&T(O6XM<<4&S&7c)I zDq=DLpKO8t&W;O_rl<~fQ7lJi7{?uhb@z@i-)W{@0#c~r+s?1X>ZM501=-Rjz-8eG ztqa=#8y%PNPJ4?InZuwO+;ChTGvW(cC$vgnIq{e=-D?!a;lxYPaVrefO_y4c)e>$R zH&8gCGWaCuPvg8j5tdv2qR3mX|A7BXCJS`0Dgcl1e-fYd`9F(C{=W%C&N8f+Z_#Kc zNZb2v`pmf;1 z_z&YjmG+J+%tjgbe3QT8^SDzh9g$ui@9YkxYZ{;mvcnu;z3*DXjffTGmXG~j z0M-Mkz_lVK6xz6w;KS}L()Df1EjV7Sx(Of9-4M!hwdy3ZHVz*OH7Ltu@R?W!WqI61+_PR=1KOzI>SwOiTx2;j&1h`rX{D60t#X6OY$;5~nxei14aDtpp$X^CxW zTTk~uG!J07DfSl##ob@Xsoo8Z+2^h7vELG4<4$k23U8XrwD4-(T9#vyc`gpRm0RR6E4`k*5 GAOHXoi6W{1 diff --git a/released/assets/rancher-operator/rancher-operator-0.1.300-rc01.tgz b/released/assets/rancher-operator/rancher-operator-0.1.300-rc01.tgz deleted file mode 100755 index f9600a758bd298c5ad6edb2b55d311d3fa93dd7c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1095 zcmV-N1i1SjiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI*zZ{s!)^;y4SAfO0PKni6$aUr0GG`n3CXwx7I>@{GhvCJ+- z5+vnrYUsZg`mkb4vXdr3f<^T%mMG2)Y4W`p(oo4(Xac3tP^Zl4<%${?-qTD>UJHZ} zaz39|zl4zPFIg1RMHtG;HGv1 zx#cp2Pu%^ft#=^8de0vrfng-_CX-2z|7$98w67`vkMVyxjk^3lUyS^J6Yz|tSTf(B zR+c+u?%VBi+S^6|j;1lJt6dZrR_^x7!*wpiwGy1&$MDD8f|f+ ziUm+J@dGYtF5C^K+`2Nb?|bk4hy2gbr-yupLMVrlg}>qG>HlomfA(37Y9#UHtL!^Yz8$$My?ARS5rTR2J_v0xUU- zj1&YFN%q^NVXL!Mw%B8y+j`ZF;e8e#v(SLJC*{hrbAJhLCS#VLK1GSH6|xNp7ec}S*-6pp_nOYw*ek% zn~qDtt*ahVtbhNmF1PwK=-vJJb$do7O|hz)x}TN;vD4ZaWjUeV480%-yyvgeFI*;E zrcYWfC9p|t+vy&O<^l9K#o+=WzxxZBt9CDc zVQyr3R8em|NM&qo0PI*zZ{s!)^;y4SAfO0PKni6$aUr0GG`n3CXwx7I>@{GhvCJ+- z5+vnrYUsZg`mkb4vXdr3f<^T%mMG2)Y4W`p(oo4(Xac3tP^Zl4<%${?-qTD>UJHZ} zaz39|zl4zPFIgu1yR~jA6n@lD>{;#RX(Y~qxJjVa&H0tvId@=I>O~5mnV#$1i zT3POtxo@}6X>S_=IGV<=u69vi*vtc{JY45OTr0uZeGI=XuavtsXi+-PONF|lqR|#7 zs#pLu6F=aR=EB`z%B?E{`@Z+yf5`s~J^nk)w4e^{>Fo-IE@jT?mr226{GUxphyM#Q zi$?yx1vZ-i5?peL;Mb(QO=?!&nueA>1V!PM9r+T%FLi#XX}wKxgLH1qwBgb%!T-UY z`pfYETq$@3W&R6vas! z@xXfR4QRJ|^LrjUU7#rZ#@wP=bA}g;sa(3N;Yjbj!$%y$5&buJl)cJ1@G3LgCk+Y;&zqCxy%U>f=TUd`ea@xj-9x0Z`398I|iw zh|3zTI&oT+8-`7rMP|_1>X|9IX0g8agkq+o-3EB5 zZ8|Omx2}3fvHtzLy4>o|pm+D<*XV8@Z#7=8xl;wnaGxUNW@SeX;zi^pw znLcT`l)xsnZKr!Ang`I|6o(6h{O&JguG$T?+2_6Nao7@I=T2|432*AlwD4-%S`=fF zc`lCVf0Ny5y*@9<1dpBnqpto>$vm2k`u`T#yL#TLM~9hDP>%PW#)uIkMvVB6_%{Fm N|Nn(^y?Fp2006P&FP{Ja diff --git a/released/assets/rancher-operator/rancher-operator-0.1.300-rc04.tgz b/released/assets/rancher-operator/rancher-operator-0.1.300-rc04.tgz deleted file mode 100755 index eb5cc2a708929955bb2c5b1df833ecce3121282c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1095 zcmV-N1i1SjiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI*zZ{s!)^;y4SAfO0PKni6$b|IjLG`n3CXwx7I>@{GhvCJ+- z5+vnrYUsZg`mkb4wv#4-gGKc&mMG2)Y4W`p(oo5kXac3tP^ZlK)sh+)KF~~z-U@^e zGMi4TUqVRtm(1rEqi9OVY&IE3vx^alrqdZ20eQ0#96@d!H6!xsSl!8eC!kU)M;%wv z#vTBpjtZ5Aj5;SU%?yIlfilAkl`*mAEiL*w{@W71mg?S|hp8lIta zRK(yrlcT@4DBruFjz0qjYLkzzyu9dqnXi+-PONF|pqR|#7 zs#pLu6F=aB=EB`#%B?E{`@Z+yf5`s~J^nk)w4e^{`P~wQE@jT?*Ga)s{GW_ThyQaj zxfu9=3ar-wB)H%b!LLbqm(;AhGYu_$2#UfhJMsmDU+Vl&(|VKQ_R_gE(}qj80RIPj z?!U+Z3XAQF|2Q6$N%#4^|IhCYNBEzh7V4p_%3fIwJi-4cnvT2tznF~&{+|Ndr6<+e zmKE$*E|VBOw9D^h=x9P6EpzvQ0@G?_{cM zR>Trw$H!qW0Gol7U`jg5C7RZ<)QQ!jo1mG__2nNQKi^zleQdt~RE6-bMrH9P`8ZR!H4Zxr0rXmTX42sw-Y|1yCD?CdfiH9WgI>hYETq$@3W&R6vbH^ z@xXfR3~0N0^LrjUU7#rZ#@wP=afX+Ssa(42{gK{#hYvW0Bl>UdDSMN1;8XfPA@h#@ z&nD4y(En3lTmP#Cr@31y!~d!7gu<^s+2&fKP6}7`)yJ(8_?)a@a)CDX0-&0IGAh@V z5SKMvb>g%tHw>FLi_D<2)iYCa!PAWD`nA>3@^yvgzA-ub@vQH=%wm1-3B^oFy9w}E z+jLwCZe8_|V*UGfb-C4_LGSLzuiG;!X^K_V)cv#&h@IBXD9Z`;X6OY$;JtjEe&I6V zGJV!^DS=ID+f4UJG!LM^DGnD1`TbwWT(ui&v(G!(%PW#()6>1`PO*_%{Fm N|NoquY2yGO00810D+K@m diff --git a/released/assets/rancher-operator/rancher-operator-0.1.300-rc05.tgz b/released/assets/rancher-operator/rancher-operator-0.1.300-rc05.tgz deleted file mode 100755 index 3f03d44236054d15e1b71a4ac54bc26609c08400..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1095 zcmV-N1i1SjiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI*zZ{s!)^;y4SAfO0PKnmrr6asokv)e_1HVv}CUIT_2%j{Al zK~nCfhW>k@4=c80J82R)SXA#~iQ>$VCf}PO4V7$(CQup;b;_JyEva$g1I@(ftw0DN z^XatuC4_W;$;HKN6irD)CiCf>j7KDzPG`{w$eWGe2y*MF8If1V>Q3%E0hLlY>bR0N z_5c`lRH!s$)H#76SLZZ$D&W#ODntz3?GiAP{G3t8mV1pE8pjtLlh$%?H~gm2@C>D+ zA_m`?9R0l=mpn;O9_=D&hE`LCdj@MCtix=tnX)kmF7t1DziOjaJV6_zD-#0~xpio4 z*aX<>xQh1L8x%+_2Ib)T1QqmbE;I?)H zx#cp2Pu%^ft#=^8YR4ZTfnj9kjYgv$|5sGxXx~%-p5p&_9Ci6WzZm#`67Y!3GH%f5!5W{baYvpbXT9nT7QlajtXtc$N zDi%P^#1FWjxp23ba_h>#zVE&FAM!s#kN*xcEvQ3#ez!!SOPO=}byDyY|0iS8;r|60 z&j(mpVVxwBDq+y>xEPwBgb%!2iLX z`!8~U!eaa4KaK}w(tUpK|MPpp5&kErg?cEfvR76EPw+pArsFREXS2z`|5ISQ^rTwb zvV#4}WfH@OcKN*w9ZjgCW$r#uU|Nl={A^JmbIR0dzB(EFPVZ6Jx&g`{d&~hg`>rwE zidaJI_&DqZU^9>sOi4$%MAKT9IXvak_^>^Tw0-Mx3(nT-cEU$=H-w^CuUpBijKjx54T>V}eRed3qBv_K z9$2rP0c}@re$Qj43lxRlm|HX}&hU~kl}mTMKhk^e@BzngME}h_Wp8p0d`kZ(wmT2G)!`u2YExg{e7R8Wc zUWz07-(+`Mug@zo!Bgk|sH^{DGL6Wf|EIvt)$>L@I?Q~Aa=iC61`HT5V8DOGzX1RM N|Nko$o&*3O003_L8R7r{ diff --git a/released/assets/rancher-operator/rancher-operator-0.1.300-rc06.tgz b/released/assets/rancher-operator/rancher-operator-0.1.300-rc06.tgz deleted file mode 100755 index 7accfb9e8c75acb5c7d16ac3c7076e6673867b14..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1095 zcmV-N1i1SjiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI*zZ{s!)^;y4SAfO0PKnmsfqY%(Tn%yo6v}uq9_8KtMSZ0?Z z36gR*HT2&LeOR$2+ewqa!J>K>OB82@H2K~PX{cmNG=b7+s8i;W+9s8DIhsB;2CuFh%hRKTTmREQY5+a+Ko`8lJGE%zETG>$JgCavY(Zum{3;TcLt zMGU?(Ir@7$E_srmJlaLl46UXN_YBrPSclnOGi75CT;|{Qe$_^;c!D-aS0)A~a_i98 zunDl$aTV>gHz<%=49dav$K_GYzo4;P$rx5+k80h%k}wJ{yaX*XT)V32N=avwfZN&) zAytj=298F_bRl6uKY~}$}9&U0WZj|8cA%@=;*UH@(v?!hDr9$0P(P)bk zRV;v-i63x5bK!0=<<^yfecyZUKjeRg9{(L?T2P1f{BDUtmon${>!jc*{$GqqhyQaj zo(}v!1=i~T5?pYJ;Mb(QOKMi$nTD1=1V!PM9r*&nFLi#XX}w8td+FSoX~U&kfd7L% z_g~}yg~j&8e;g0Wr2G8d|L6CHBm7TL3-wS|Wv{FTp5T8JO~zgRPp9L7|EIuq=}EP= zWd-|{%Or*m?ecpWI+{>N%iMjSz_c1!`PrgC=9H<^e04JTo!+Ccbpw<^_Lu`~_FZGR z6|sca@p0G-z-AyNn39fiiKewIbz=4CCTON}efh`7&o`G>AKNbgRU!PVQCYmz2(aKN zl3QHtwl?iI)Ggz7@L_uvY5UgY7M!iu?Szl$ZU{xOUbm828HbOB8Wcs``|M~6MRC?f zJg{Cn1KO_M{GP{77bpt9F}G+|oZ%&7Dwpnhf28-`;RBB0i2j><%HHH0_>}%%kaI9Ot^d`6)7&kU;r~>3LgCk+Y;&zqCxxr}>f=@kd`?y{xj-9x0Z`398I|iw zh|3zTI&oT+8-`7rMP|_1>X|9I;Auv6{o3ki`MN@L-o|pm+D<*XV8@X#7=8xl;wnaGxUNW@Ls-7zi^pw znLcZ|l)xsnZKiu9ng`I|6o(6h{QfUwuG$T?+2@_?ao7@I>rQXI4sYwrwD5YDc zVQyr3R8em|NM&qo0PI*zZ{s!)^;y4SAfO0PKni6$b|IjLG`n3CXwx7I>@{GhvCJ+- z5+vnrYUsZg`mkb4wv#4-gGKc&mMG2)Y4W`p(oo5kXac3tP^ZlK)sh+)KF~~z-U@^e zGMi4TUqVRtm(1rEqi9N^i`h83n9N5cnoeiY2*{g_;0SW-s2P!0$Ldb*I{}qaIqJBQ zHueA*byTP{WYjrGS9hW>wP#*0fX@*u)hIbQ#b+8Y!|Ee7S_`s4Db=3mfQu4D|Wu}8ITUr88+6E8u_4A-t|x>C{^CE&Jp z1G(igg-_i5sjYV)!fMAKA%S6J?u|yH9{*QV4KPLnKPXeCN6ienC z)XH+F%tO0<&U@Pkz|k~@Rke!(!{#19<>4k5;zkM19%A@yajo2qL5tFPUMkc*6^*ty zQN;qNnfL)0G#Bm`Q*K=u*!R8n{zLv}=<(lSrUi9q&+nEfbSZOAzfKCC;{Rk!I{crL z$!y^NDX?A#kl=z#1ivQbT~f31&NQ_2At(y3?8p}oeyQ_AP3ujH+e_!xOdBrU0{kEB zx&I;uC@i)w{^NL1Cf(=v{y)Dr9N~Y0TBwJzDtl!$@C5&(Xgcol|6(>7_ zTUM}NxlCgC&@R81p`!_Pw9MTH3QVh!m7gsNWKNkn%~vOb-|0OHTQ@)%WRE$(X5Tf2 zTMvb!cm2vo3s6kQ0z0Z!OP!wlv z!~^TKGobD2&F^{abb+Gq8*__h#Ti~QrgG`7_eXl~9X{X~j_AL+r|eD6flulGgv>ko zKbu4sgZ`fa+xlNEIL+Ns8U9aoClr4D$u`#-byB#huRd;-z~^KIlMA%57Xa1#lTo>@ zgt)BXsuQPGxnbC}S!4#Ct)7{Z3!Y|F*RQRPmai)`_l?Qfk7s?~WftpuPbg+e+D(AR z+NR@DaO zm+7;XO9^aJ+h)2)qIm%QO>wwD$nXC`=BnLLn|+rU|Obf3!twk{; znU~^-{x{j3*6Z_%Oz_nCKkDlLm`ulH(En3l=jwT*9vx;rLpk1i8UqFl7%<>J;@KYgT diff --git a/released/assets/rancher-operator/rancher-operator-0.1.300-rc08.tgz b/released/assets/rancher-operator/rancher-operator-0.1.300-rc08.tgz deleted file mode 100755 index 9330d14463b5ed8ba22e56b84cb296a6eee37859..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1092 zcmV-K1iSkmiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI-bZ`(Ey_Ot$qgMcBx04bDX*M)#RWNB9n*s>r6`Wi6QS>{TS z1W9?#4E^teeps<3*~yY1K~a4#mMGpGY4ZE-NJAxCp$U{mL!C0G7b|L9ctZnj@$f$DyL#|F~?o_~~bySELy4xjSCix|!j;#ib85+lz9Fx{^up55UXn2Ow zQ4xdhOpg9w#}!W!lt;TrnxWN{;lN<+opqQEnkgHD;4=R<_*EOV<_X#$U7Hw~$gM+T z!zRE^$8|JlZ%`n$7?gwSkISQ)e?eopk}<5O9@V;iC1Dhvc?nu(xOP?3g_6!F0oSz~ z$Ss#CeB$meZM_2#)_eX42@E6ey~$+KMm_#72pReR8sHgCv1GnM ztt@xS+_l^1w6~1_98F_b*Siv+vcAfNxKe_%yBL07UMhEG(4usnmkM=DMWZWDRB-@m z7Jk4b&4s(hlv`H@^?mQH|BN3HJ^nk)w4e^{>CFm-E@jT?=Sjgs{6CwL4*wVAY&!D) zHL%$Pkl>O_1ivQcO;R)S#x&IQAt(y3?8ui8eyQ_AP3>)p8>Dn=rVW>F3I0#^)PIr# z6c*bT|9(6ulkW3d|DWF*j_^N0E!16El|8c>c!2*=G@Ew$Kc6o~{=WuxOHZn`Ei2fs zTqZGmXqVs1(9wiCTITNq1*X-=%Fh-BGN(+P>Z_B%AM_T5ts9^WGGGp{-FJ=QPQ(&o z&&Ode0Na6-U`jg5C7RZ<)QR=Io1mG_<@ui(^FC%hxrU+s5SN=aatgGK=-SCloU!?KZ%DZPRfn zxOLS-iuLb5)#X-y2EDr-Bj?CV1%lA9eMAN@me))c@DO-qrI~Jvz*MgmS#~G)9aVF=E93#D4(*0RR8K K!bf8OAOHaL_Z%(& diff --git a/released/assets/rancher-pushprox/rancher-pushprox-0.1.0.tgz b/released/assets/rancher-pushprox/rancher-pushprox-0.1.0.tgz deleted file mode 100644 index 83ee557bd058cd2f7f4a46de1a0578dcaa8f27a1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 5934 zcmV+}7t!b+iwFQ0G2LGP1MOXVbK6Fe&)@tMb5ydnQU*xsX|s}S=_EOEtsg2$$z96j zvOr)+Vg&*S29(X%-p{_>Jr4{Xe95$&y%U_0L~y33r>7sk?inDN7yDzLIq6i4(=2)4 z`DXK1x7$73-)Hpu;DCO2clP9Ob+O*=;lbg~&f(tvA?x-Ix_jMk*!~ybrFKn4?q$GA zki>Dwy}+A@#&*zbI9xzS&BOfu54p1H`X7(IEO%$#B-+>*AdiE+z4_~Zu)AAX|3moj z4eM@mW7qAu-B!SbpM_~ow=Q@t*feDx3wRnOvk8xLmJC@w z=Ijheo&iaQbZ5+q188>Qao`iWVJqDN8I3~dD%{o_w(?mDw}G1|^l1TFH)Xc&Wc_RQ z?~Zvi2}f~~@lB1f%>MUx_tF0Mc6$2<-JKrm?sR+mJNNc~7uOa$16$)+ELff}x$f-U zn8$1|4Wj@|kAX>Edm|2-yu~iZpCeh)Du}^DbLXNaJS{2T)e#iSHOY9 zaWVmeW4|3=uprDt%N>Pzhki=-Tkhb`tV2Kbjq#|1KlDd&6L$(i1DGEe{4k8TXnpUB zcPacFc-QbVpWxr%fkv(G{{=mM^Rh6R3ij;e6vhR6`6u`DmKz4#>&WJCtL5GZKM8o} zZY=oouA2RypB|mOICUq%=EhiT|Gk~v!=1AI_YQZvy?gt=i)*VMm|92dT;5|ofbsvKN)1cJ_z2?qk;b6$Zr z^uPr+PQwSkmH@-1xs#~o+kj}Yo6zSkB$#5y=L~$f7YT6pF~}`|wI!C}uAjuia5T;E zR>A-kc_}C415~rn7iE5aUfcjQWvIOrA6{ou;b4pGg3SHQS1wohfI+c|W*@UK_n;u7 zi3&$?CG4uBhQ3-dU9=dGq%kqDMo&)nVd!#~f$HFjUxDUvAN2X+Iz-eT4rf5Qb!jOs z8lv($FcWFhLE-W|Sd5^fRYN$YSncq+rw!~#}x3PH;r<3<3&>hdBDIH`xz8I^CJ4N z#m?nA2d$5Q7S#akBlvNXH^HaV_ueE07Cu5N2QQ|6JLON*;L51d6?{SKp>G&xG~hU0 zl>@?Rd{lNpCWcvrB#1129gEH@y=7+wd z2r29cqgG(%tyqv`(j+9ult65Y;8P&I1a$}J3&uq*9LHgplFMGwElbTPE0o}o>;sE{ z)r~8qxGJr0T!<2ADd7Q}7{yKBOUY89f${e|4ixv6bY3c?5Ry!7p)@m;Dl;hT0MfXO zTjB+Ipk$^4@EzkSZgB*NC>(~qUMZJ78>(T+4nbu@wC@6ffvAzVKw-v^@H{Flr4@$9 z-i`EAQRwHCQd0T|%s<&Zcv77QF7>ZjgmZay!?O&crCcBFsdNj3ltd0>sf|{-VItI=eX_+HevD9O$w+)tm{SA~LI6M z%7A%t&ErBY8rf)E1h>@i3hNL@NXQ!Z=6@(Oog8a?J#dAje0e1if;QqB( zJRC0UNtodnM;2mKUZq%i%yb3_P^NL<$^sEpe&F{6g#(lKP{nVO2!aY>su+P;m>W(?rKsj9`)G9hjmI*(kHw;+$0Bi%2;MZ)+ z@iIwzUs;wJ7s)gO4OD)b=^KE(C!tCmj6v%JR@t7fbsI^4_*5Z{(ei@uMUqMC__wkG z{E{4m3;?B|Dx-gmUY_Nm50wIp1tsIw$C}qH7 z5{s!gsTDw{;C}7O>tExl)&Fx2!UJb3Hg^(a?eiZy-R|ze{rQi(xN7UK%0Qbu0J3EN z_n^DCTiyTN>F(a||J=p3Wy(=<;mLzmmBQ@&;>H2{{piJW2bxWAmo}i7felW$A7Pc_ z#>+yPOv)&fdV(+*mJ4PObD8llSZg%HhZAt>I@V&QIY@GAJ3$vL4M>2TVnjvC+y($e zne-&_uX%>d!656_V`VjrgE|a2sO-UB@8HRk-p-RJJ6+!&dT{M_y~q3h!QqfU?sbZ> zwx0K#=e>QL*vlm6eT1GearS`oWE$usF_W2^h6qKGvUJd7rl&grHMOEVc6%tcOC8}e zj9Tt((14mEqG*YzLQ2#LmD!aNtCobt5X>&IPD%wFDr|TN%>;rl!Xl4gNLg`LjH;>+ zVef1jQ#By>12s_t%aP|Si5MtC%ylOkrKsrVm3pqBvyG!t`4*9)*&*QNQesEV-iByW zi!3OG34Dg99HLpPRV%#X$p$Y{=c4k6<6n%)qex0`&k3hyvp#FLTVy7yl(N+(1x#qW zWm*FX^S7Zz0x2!T|pY0s(KC!39tA$&lqF58>(H;irB6-va(rK44)QYFH9^G$*Mfk;Y|!}1|f1U;R`paG90 z+LM(J46$gO3dl<5R0)fu=hG)*>O!hDtjr_{WJxeA z@0y~&l)6!1b+tbzn@wd7WD2>GakN13h=GIT*}G6c62sASz^3DA6rprfHIlSa$!B4e z2n6#ELAw{vtTd>URy{kz?xwaV$*S&T)6zX@4$E~eTZ>GA6iC?R&_1JL6cH{NA}yQR z$89Q2LJ#TS$vh#XBr5GvGt}FZ)QHk0voWuU{hhiRP1TI7BD%#@NH2iF@q4=*iCze4 z%DS%_M|n9#8irf3*a*pVn6FTBq+u47T-TfSg1RD6s8=h?^iQaKon*8jO$sKpyr}t^ zavF*YYgYBmB)j%VbX6%x={=5v87iGDB`uP5L|smTXj_eZrHYb{uNfE|xC8RD$d%f6 z5N1dm#Ehw`Z{~AR>XJbMxjHYGAK;#;Q1sb{PqLBRO_bGZSy#ZFt!jBlEsC}E6hm)2 z>Jdd|$Gtv#{RYP%&?U_#NoObx@oe$PQ8>sz2b{rF%m#FvR*l?qcYEM`TI6PyL>GM~LPnX|IUQ-e7BJG7 z14)|@gQX<+u+pljW)15mOD?#LGsQCn=*J@M&Fyo>n_oITn>j0|ziwJM`mX)vYo{pp z*B87N)PE`lESzlM`L`(yEXn`(;9n*G-|y|-pZ~m*>%#{JL1`rnLhjf6h2AKD2BqgJ zNHt2wz})M{0w2z}>9wvybS%db%$|cQ!wdx^oqOoNC4M!2Zt=A5!$F57HzG{n>*zWtWck z0}XDdNyr5?y5ZRX8sPQ%0f4GfPdZP4Q*&0ImJ&BYon}a)1>gMbB3y^$9f&Hi4quQ7 z;pEzSE4*#Z=yiLfo2El7wIwqPQ(@t=7G)JiK6mM=6OncbiZ%ew^`y>{ z;6fSc8GZlPpBLu9eM;2B8%PXBcG77b{xYZ*?>##^E;l-Rc2e8`V0k2dg z_u0Yz{_Z~98VYH28zKh@cYx0dohJ#URk9#gh(aC-QN$ef06cic^9P^nV|7xf><|cZ zbqM8wzM)Ua;0-E=@ZcA9OL+p^T|J{GpGb8wePE&e66<(H@v}HBBXeVY&3ak&?5OPU570*dG!jn?B~r3~;NZp+9DmWkRzS7%x>Hs${K`E3V2 zkOS-4DUz1h@VfQ19_wjI*5@p0X^TvCsMVoh1(M&v11#=c8M+c(8pgJFdde{7s z?YS_4axO{fa5AQlod8o>WF%tZb_5O9ByT~tF+g3d432kxvmNoD~ZX%$VCR;r>? zm9IRGggbB5_SV}>?Lf+r8a8u@hFcT~p;dowv)mgM{1#X#i zk7<%~`@7l#0b1YpuySstN;D|E#$T3CMv&m zydcQ1)vNQ%as$F>4%+#TbugwUXzyLoR=VCuEw*a#IYSBe8a65D*_14AHxaA|q`^My z9Wq;3$Uc1MMEc7`lAS}ljCxmXU*FlO@}*li0-88C)aKUgEh}x<1Jl-+gBbhA&W)FK zASvod^e;Ns=BPcEDwH*=J+%&Xyfupzgl)KqfLi$!WJ@`3Z6vhf>M(uQu4pUlz$7CdRh!@U0IY zEluG5IAQGz?q&2M7i$}xf?+z-Pi4?q1-U;e)vjHmfg|vW6uaVE1x*dbI>lZ7?2b1WC z)VI}{j{M|tq1$~u|7k8JV^q!x3{;j{an_~vtN?)ir9&9bFZ22 zYL{yJWn9m1K40EmP2#oHl`=nCD)oBDhF(i0ze<-CGzMIk<(Ofd8!sDs^Fm-ATulwz#zxK7t{!jVMFY9juEjjRR&vnki)#f zM{V=d*i5adh?eFKW_zCHHz{zHGb2o_+rNXnG9&ps$V>=)WS2* z!KIgtc&_%dXfk#Kr@ldEi~pj&GiFZ1HJ*o?vp5^yVOw@0>OX9!(wrZ{7b(eAD#d20 z5~PHmwXuP3nd31%U9$Ra2Fy55`~+0%@>teybJD3Z%})~pI6SneUly4Nc4U#2Fv zeu+Gzwr$QmIwL6ln%s+@WpmTyVX|5K>Ox1*SDX%@!$khQ-Po%XE= zpp&Tn-Ll?SZcn1gTRY^pDl;(O>-P<-X0qY3R>VpqDxK<&4Oy+5CQ;@5%!KG9ey%(y zHdOz&tNO!9=uxeg$uzzI*^27=MMQm8oQzwAqoPiwr||7t*8h<`ETYn-4w&keU_8Wk zl{CeXB&*c7%mDhOKIU`r3d=ToSnF53Il5t(?d>Mbt#y=bEG@0?nwYkF{q)LP{nYzp zz7sC|SASK^cLDG}H(DwnvfZRY4{?*SVRo#nOcmoemS>9RX_#Hls@kbRx8DiJh`w0p zx`Ktmpp$l8|F&0F`*NWNTV6jF4&<3@)aB+iESZ$c>fVIfE!6)N#HCQzT}Z18vsMvS z4fEbwR+VCYvjc7{-PdD+Lk3s!X?G#MIkkR=iX2TcT(TW8-$PsO_f`V`+Gyeay1(wP Q|4Y}u0kyj><^XyC0QPjn$^ZZW diff --git a/released/assets/rancher-pushprox/rancher-pushprox-0.1.1.tgz b/released/assets/rancher-pushprox/rancher-pushprox-0.1.1.tgz deleted file mode 100644 index 743732fb92b087e7fe3169b0de0612a9eb8b6551..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 5925 zcmV+=7ux6_iwFQ0G2LGP1MOXTbKAy}&)@tMvsChIr3_G{B+6zbd8L))#PxirBqh5k zm&*cyA&DmtKrop?d~}+IC#mjoa_otNg_DY)6>((uX_ea=EeSmXHGg3lQc`- zcfPs(YiDQYV1J*{?|z?t@AUTMZ*{Tm?m_>c*E`tTKVUoE{?6XcH*Eh4@KU>GBKI<2 zB}n2p43I~EZ*TGX_jh+I>wf?r zzF|AJ#=(;7|M~iRah&8{9wxCEv>5Zf+>4U23%~P-yJ6Bv#DGO%JbT~x?Ia8W9uHVM z&t|-BHBownZG4{P;V9(6fT_F9?P71rMe6x{z~lhVG>OAJ$-;Q-h`Gr5w7Fx(Bkl?A zAOSOm(dd?!hQIMlz!V4Ux(gpu^Kr-Rx;w3a3qK3foNk@-T(DWnJQnaYO6F4@=PVhq ze8Sl&kURyF4C&697YESn*yF$_bi-D<1u`0i&{ept1#IQ>6mA1IQRveGw61Nox~)4| z|C;@~6CO>&ahzoQw#Hax|NFc9X#acte(#{S*JC?9hyeY2`@f58i=Be4@hlcBPncYH z_HM#sHk^e~0H(*lB(Jbyyxxmjn%-AFm`2zv|FMpS0S2W3tk3-~Idcdk2Ty_Y8&XOqy0^oCA zfj9KP1vXB@2fvm8!=|~DsOH;%XtL|j=Px9fVn=5Te7F}0aQ89DEr7Kpmf^0S#G`OL z%kWmh02O&DC*%WEv(Oi81OqVc`4bI^ib-e5Y&@ZRlKoceSApRJ1QFtz#6Fjua2(Pr z3MFCg4I|D*z!~-(B~g^T!+yf&F}hp8r4IW&nStm^Y?WB@7)B(eXp>|X1q^U48*;S> zA&!yEasjSdvyLmm9&&f=N|HF}CC~lf($Ef3&45?HxG=U-vhC&kkZKZb;>Lq`imdSW zX+maHFwyNDxI6H#TjSyiG}|FD8eUe6s^$O7#l`74n~~%Zcne|$x@=5ZhN`TQzG)E|!KK)H2c zDJ~kK@;fjSY12XB@;u}8MrgK5bzWPB211$6z_jL_rCxDqk8P%~1X#@$0uyP5GA$r> z3%ekD5rB(G!?>|onsDl6kZpjH3e9TObt&7!X-mfx@R2u*a(3-SGX#0Sz!v)%6h8AJ z`mn{$IGzAtuLMsO^rhYr+Pt@SjsL~~TLF=J!7-ux( zI9-(k!fJd}c0neJG?X%&g5_%}o{b}%nHPTOoiXukHyz7$CQ0f;v_LUr$h?y!7vIM zd>dh+GXxahnR@8pI>(7W!|+V{*8!gdaBxd8qSm7+tSpTpmV4BTqr8Y6M$iUj-Yv}! zeMu2g*da!(z|32*AjzajNRBCi*cQR3Kza%44$c>hi(EL4!!RY6y`)=~no(9L!6VrR z76Gdpmr8L}THm-3CD2mB12{2?o4%Klr9uPa?|B?3?k(xOR7fEtnc6~WW++u=P}l*a zaT&M73-Un8%!c4QCRN%7$p)1q1_8BXNPkj3ME9R9Z?a z3{Sjk>8GO5&ncy(^bweUvfF=Bod+)UuUUk1d3DXR45Fo6AML4h3xt$J4rHl~R=YXp z!w2U6CS6+LT0VV}QPst7!L3o<$bG2`Pw+kDhQ6!OWR&<`G_WYi&LrGVpW2s&f?XC| zD>+KVX}2r0n+g6Lsp1Ob45{4Yu~FoWacQNB$knpyPatWqCW_$7o`eeM(#9^8tGc8Q z23Oz!mm`3BRb3(1V5{&+ETf81No}rZfHtO3#&{hfY`l1Wu0V#eC5%aW7UX`Hjt{a> z7JMi{!Vydoz7L@XG6nhvD~wY@b$?XTWCg(MSc8_O0yUHyDiDUTI#i!VkmIt8%80Z6;V3{?96oi8O&H4FrM*RVI00!Xx zl~_I;F6?ob;TVS&VpLwGSbEHKh6qq*ap1}V5mkQR_Y{Q#llM@?uagLZ3Sp`kfmxUz z$*{~bBpRaPCuzvhvj9xRdBhyiotMpJafT(}4#>gB>|~neb6`)CogrQu&TRv74Q?T{ zLsY3*I9g~4n3C|k(Q*r^JOyS9;J~S>#ndt(ZW%g{T$Q&Vk60kxFT&&%pD*JPzW(Yg z`rgqhNqS#dmKhhxECUTxewyhUfW4=oN*#jYNWp09NqNq_iMA&t@UobW}GN$U8w zvI6{)9E1!2rJyRKe~n(AL|kSIl35Bt(6hKr{AnuC^Yt4=LWZ;kG-F_wa_&}SBF9p$ zUX(FO5hqK)T<5^U`G(Xbs7u}z>288PM>^F&=BWnq!}yPP9`BS`x!GDu2Ah{s(p_gE z3qsOUR-jyk;u=f&5cJu&#_d8lmQ0iCKr(76M2n0SO3?cLB1{LgN@#3ohteqOmi7ah z+DGsoAEo{NBn{Z78V}WyaPN-jKk(5h0HonPEIV80)}c~FG4~^^ za$I{^D3eJUg;Gxt2E%f}9AYjr9tLZTX83RlPF=@Z%ru8dZfz&%f~5fokW-AQNSWIJ zpeU0bC;k=BkU1D+(|W9|hH+4bAqSQ1?{)i6o^*Rpp7eHnf8@cnyW>6H_xlGU{Ypc?H<3Sqxacc4!vDsu*I?I2DkUE~pX~NzbQG#MHS|Ygn0S63CKZ zSl%^7e<^jN!0Kv$P&S*%9LN-MCF5v;;t>M}$+LH%fFy>a>3~hgvnWF8sA?o>rIOFm zDiH|g9fEc*o?B^9DXn^Tirr0ZQIb{N$)=@y(j1oST(%aO0x6KN%b^2C#V8_NGDKQ7 zwU66WnuH$G!IODHNJ&)MrDmwNDX9^qOJ-wU6ZyHIDLfiZl$jX0Z{H=`dfTxjCX1ktt{`AQWf9bYprIB*B#XOSzl z?;y;OIEWcjRo~3#qSPgW1afs&EnVob zcGM$^%#M2l_WBKuL7+>TO~%37qBozLv#Nzdlw(l4+#3(rH65IFRJ(5RJ>m>lE}-A8 zbZ*mtev-~n8sgdVk)v>!fetvsnV1jhIISAF>+a&&*cQ2&712eXiI7pIc1}lHuLX=W z=0MUW#9%22KCHEBs#(Lj$&w3hdvp7o@$E02p3Q=l(_c3&9DUb*^R-iy z`|Ar{OX@!r0~Ss;^!%F?23F+%d+@K4|L=GA?$3YT$@SrbgP^n$1|j!r{z7jQK!ehA z6{H%aV_@#pV}TE6Tz6YnAv%^L31-j0m0^YglFmK!U-Iz?NJ6#dG4eo^z^Y+gY|~~g zBVZkQLyl+#y6B>Fy@zaseLgZsoDk!%J?x*&00H2ULSX-Ahz}`x)CXx2h5r1(o3cyC z`+){G)FkAB8eQ{j2o3Oh{Qy8!sVAK$z^OUwPfLj#p-wX-(SmROb{Vci@(x6mScfmj zgm7|gy%pZJX7su}<`}DyA4vD8uj72iTK^~9fN1wsmmJtQ<0BkdFZz;MK&!gKZp^co z4e>mmQUgh_yh0R{H(2{w-~lD-;WZ=%V>{`z4u2U`i}#+L9+exNK07XM0I)n1ze294FyRc- zjR$9V_b{G6fSZtN<8yqAzn`UP#Od5$q&%bD^aWT0HGd%QdhwX67O3LW5FcDq9~mU0 z?+2{EzrVW=w?;x5-7S%Wggd}zh0cymXW!!K4^yNwmBCe zbeRClAgE^R@U5k%bjxz|#h=ArUmKs?Utjjx0RP{3PjJQaU%LSIEBJq}w|D>i=bc=) zg#W!X6$Sh=wW!++#N}SJEomCu5>Q0RpRR zw)<8jY7Hz&HlZrKf>=nYuKcqXH&Ag-9)e=kOup( zcgSpEA^Y&16X`FPNp=D4GU{EoeSK%A%9n282x#J5Q=1#Jx2m*Z4@_HQ4r1&dJJ(*; zfuyJ-(ZA?inWOets!-Of_S8Dm@y0Ax5Vqkal3)GU;kn-tA|gm771#RHP3grZ<$hOu zzM`80O&Yt(gVU>e`<{c%N)#5%yK;-i*S3{P2c}HaGJQHv^fXJR1M4Q_f+3FrRgJ0L z$3$ts0BYqkkS*oBwUN+@tHTUflSfmhSn3qCx2Tg@;L!DcddZtJv+s!yGVu4gJta!V zUnVi;sHJ#gzNB28bpb3^mF$)hRGJp0kuOlkMSanM!K3f>&i=IV{@9r#B(%Tkf>1mZ(@WxF|lA*ZOxLw{WT^+zH?N>!|hlz>pJACWI zM@tj9KS@~ooO>C)$i>=5r(l@Q^-~#iRzdEMO0{d(sGyJr?As4VCubLLpFVqj^7iH7 zi<3|FhTz+<-M>zLU)oH%I-+=3qiMA+zB_;Q>)Fu>fPoQcl2UErxx*ZMBNH1jdXE%q z*SQ4!6X;SLgt-&Q6`?8XZd>CRem5DWGRf7W*mK=zJ~bJw9?SYO$A|QtKTFFehyTR> z@ej2kPrWdbD2Ny`rK&bHc^`u5Hj=DJZZSpu@X{)Rbs;U`(re_irfx@|?fS(E^1&oJ zBK2)`BqVIzyf{4j`Q*aZUO#QXpG=d0?d|O?ZNHFp^X!-8ydrjD+}vyC zyV|ANeihe?n=h8PSCe>cb*0P?S4zF!v7y&W$*W13eo@89@8zJ zWyMD%SC)gZYTks5O0H;q<_e|yOy1PdsV3H{&TD<{jt*~Adgd@!Ba;=as57}yDo|OJ zo6&5@6Y3JZA?cm4IoOeqcZ zb#{l=5QyIOQfJffy5B_lyI$+;|CHbSviUa9it}H+-MwD*{8xX!cfbF07gr@)FF)8( z-v(-a8&P#PsCXjRm2VuPC$6f8P!y4M_K0Y=r!w}J-72aKw(=l{d4-SK=BKm6%7w~( zCG$we`ZcCa%C_|8FB5*=3b1Mv;_JKgUlBHd3|ThoQ7*W54T`(ZhePs)rqLT*-oW7KZGw*lB-mT+EOJ*2|sIN1K%>o zV|uz|{oM?hah~`IsMf`itl#FOQ>U7rCI-sOenYX`gO5$Gb>hEFO>X`~_=@TkkX{|re(-?dMW)ZUk~_W6-|&sC>K);PIQ z-WdCw4Is(hienpgqsS&gmYD4McS3H1T zhI7(^HNV7iGr(5ux(ctYnD#wf`|8&c{P%XkqZG``&C}0&70@dD*Wd3~@LzAYzk84W z?&8|g?>BFeH9~BHD7Pe3IrTU!-;$#Lr%;V=M={;fER6FJYkwy??Hdt5CsF;oWxcQ5 zonPh;T3X*VF>Uqw>6N$osrSizCtUci{;HVo z0^omPv{XQ3yGex};wELo>{wZuD#mdn&lE4xFuR^rwNry`zY~rTeX-DW1q+2iC+)ia zZLh8NH24CU H0D1rba4V^k diff --git a/released/assets/rancher-pushprox/rancher-pushprox-0.1.2.tgz b/released/assets/rancher-pushprox/rancher-pushprox-0.1.2.tgz deleted file mode 100644 index b7aafdc73890243c9ad26e3a5848229902588b02..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6049 zcmV;S7hdQeiwFQ0G2LGP1MOXTbKAy}&)@tMvsChIr3@aT4x5!^ODidf>&doClCzs~ zxhxPEl6V3E1Ov)uZ0~2^?w$jKgO^0h$v(j@i3H~8>FMJ)Jv~tBM&6jGPBInaB#l3` zzuElN>2wbE_89%%->2W5on84`U98(X*gx3WIoRDhV4d!MXSeeW+xr5vRIaJW+!RRh z<0uNa>$?+CTMmj1hYQ+K<1oMfCRbXX|D&;+X04e!2{+aU@MC{>cmDkE_j;xIKY%aa zu+GLPSaAKD&%YZ*apq=09EpB|G0)B1FdntwcNX$i5VvE|XJHUcKh!=Q2fojvK5J&_ zlsBy+O0KYs$I~nr2Hfv6b+^7;S4?@xUBMk} z!1Q4xy5T0lZ#)$+#6G*}!q>!n?XzmIE+oq?|LG!iU}nVfg_ ze#|2_meVjuiX&`N#0_Y<3KPmO_DeTH4z{yAsdD9fKA-Y8$;-gf`1(*U3 zO&rA&P&oG6(FOB^R5V(nAZyc4Nq(a>_%m(OPkm!NYU2<6Roq1FyrBV%4-|eFgj_Vf zZ;AH_{2aK~@H3m>XRtt{#`pgVHGXr`Af5{L{P+a=1%3G!_p(MS@VVQT#o<84)6JMLj`g_USlu<;s&=YK zjLZHx9e|bK85eLL<`K|9qwzd~nF>R}-joNnkXRb2XlE(s?a|mt(BQSTf7$yuy{18?d=wzn(gK$G&|-(c=ro>iXaH=^ zE3k$xn84a$cwpCJAlMXlVpV(_5KVd$c>IL~Q|#!Rfem*<0p>mezWFe>L^9m<;%FF* zrYYWv8K5FJ;e>pk)im$~8$t(+yWUtsqI}S4JRObco+Q7~crDO<03!mNlgQ(;681xK zMXn^s+(F3M5GcdC!#E7%_gGJOJVJ8|xYS|4$5UWkfvf^aE<=x`1Z^BoL!SYzWdp7z zA;3Q3X(qr_YtnH>*kj%rwPcgn=@rjB|H`x-pqK%zfN`O3C1l%+=^@diwuu@S{3(*c zKO`}!QBFj6=b+Vrf87cd*C5#rvC+`7q*u-VUoS7uF4&YfkHA|HDNqGmCHN|Gu7_{@Dn5%Kw-`v&@}lV{npxO3!{1xWEA+r4IQYPb1A}5Xwm)5akly zn7G%RTH(m9m|eA1*H=r1iy8x*G%5z#=*r=zLD z)D7v&7CV>o>^D9ET2vjdPhiK*x(U9Wd~hcTknjmgIe0Pk+bMpd0#`jy%G@9l1yeQy>3Z)*nI&CPMz3)8 zVDf(W_0`4YyXR*=^?$H>`Y9JtqzJ&vGw56~>J>2q__l~q$BN;rF-jDycS{Pke?{$} z8wCm8gqvs&0L8Z_E*iM@aqLaeJ(K*k!6pG5+){+7`KWU%3%!VC9`)oXD`LA5)IquK zmgcQ;OUuavFAh8E$JbMY=HWmLoi@9HZG8v5iEF~ z6sFR0!(;bG+Nm(`GFnp7@)3xC*4uwp9tTeK>oml%yt?6O3f@xAkG5301VTz`4tS}R zR+~BJ<44x|O`5daw0!<7y=n`ef?1=uQR}4+Ji&8V8+t8`Cd1fs!@kv$tW3=P{JD9R z3)odowc?``oMy8$x~br&*ecF2j*!AlE*pmK2&Yzxh@34e{sf!`Z6Xh@^hqd(E_Lim znW`)LVsHg^a5V&|SC$nr4YmlMMAEAmk<{vn3TR^rrHnTL!p6(f3k5QiE}>7-qagFU zuz%o%(%?f05{_Vy@H~JTNEFB)%rFiK#r;V|k`(~2Vhx&>64X#;C`TAZ>ri}ZK~9TZ zmU;w=rO1~$%;IYv<$Te|M&ly5rMg#GhbY2^tbPyAo-bxs4VGDfNq!*6-dtRqGO7=_ z126#huEpZ+aAJ>x6#F=|5Tmjx`PAb|XMg}@8u=|5Afm_*{GK3lVDK)A_)Q#wQz1+h zAutQFBk7iTij4*+_;C_&v@8HqaU2mxbmyis8JuA;m;*BK5j&YA*$l|j%}x=o4Q93i zwG3_{v_q{@v0yk?6L3kwvs%r~x$-j*V*m#ZRZXVm2~o??cw{QP1?z}8-2Ea%Uh~-^ z8sYI*C((0{mT}Vk%Dhauh^Hw?pt93U-vI1A3DnZTD70R{D&6z6Y-7_OKbM+DZ+SuZ zB2H!N_*rQIJ|qJn9YDdUO7CB3FN;GiR|}F@azRitzfJV%R-opax2g&0(rVC*fnCbD zTb_vwOEG#;#3Z?&EC6%81|H1TY+Zu7_vqw33bs)78_|I^OXPJxu$&7~x; zekx_Vt4w6xkhGK~C|7E6g{gcD@@!1wcFr7&r*XL>>9rK1MZ$6+XncPeBz>ACR5sK@ zsT5UB`vFz$6WEVWQh$Gv3hYsghhj-Md%owUKCLrd50|3fw^*Zb!Fe8%%QyBm5R}Us z+oqZ0av@49;4!hqM4Z$NpiyXj?a1q2W%(*Om!K$%!WmS{4ek^NSk??DxYLrw$aG;4ZCC zJ_8FJb1%dw$Bml?axp2rP~r;0U>Gi#fzM^e!eFe?bRSH>sB2$~E6qWiS=$LZU}-=C ztSLqmq|9spkcUZ+WAB=$NE~#sZah{-!#Ie;fP={H?{@c}J?ri~d$!Z@yrBzMuj4-5 z^Y#yh{AstH_qBD}bxyl`IIx#-#`_38<-*wo%Hyf87m2A{scDFi2Pq4QCNn+U35coX z<+0jhv0bPL-=WuHZG#5X5D`U7L>16Noluz_DY0Tn7!1MHCB{i9fJ1=|7onLz5Jp(! z33MqV?ut+q^&#w?P9us2WS*}EYG66ioW>yoL5R4nM7`t@{j3zvHSKI;uN1yTq-b^s zcrldNR-?Benv^07O5p-N#Vm(#)@W1$@0i)(hAJ;A3psvbOr|0!xjiSGn$G&H*=&%S ztP;vrn-nmh?S?50O_9i8XSfX zsYQ^}X#^7RM4~+z`B0WciPG!y(-N>(qv*40?9fbv6*0u1aUx(qF=G+zv;g6~Z=U+*kFZtek2Zx?3^W2#e_;TOs5~-7E^Zt~cxjaYbsO8m%n0e@x-) zIHe6~5-=&{dCbp*(~w;lv#M?;*|A4zSA~L<++#nuLZ!@7k|G&L)ZrxXwq?&(h$w0Q znu5ZCIUqZWRH=OjVYax7aRuDj zDu;*Eq*z-|5!AN59<|79zt?AP-eMmFx}@5q9IP!`^O?z2%?+aLgUV&@sLyUFan@1g zy7_a&88BVYezR1$NgaA|GDB{N=Zkv|gFy;1;0&f>HlTD`)pNJi>w@uVkeONHU35-_ z^fHw^9jUz*Fw&RH>6LrL&urCC$OYUWLbTyPs_ia7;n$3kt*?L6bnPn{mkoSD;) z>n4t#HQ#>iCCbC~1+NA1pQ0Q%>A>}F7ZzBu{_k}w>;K*Tz5R#v|9xB^KRO6X(Zv=v zxncDO>q2-^-1=757M>Q4Rgi2HvcOu`PX(UMxal^o1GFng63d>0CBp>@FgkP5e96-h z(3ciGMh56if@v9KhayeZVg##0cfb*=AayF_T&W<-V3kh{R!s_N&>tU<^>IDiG^ZET#j@mQ#F|?GsCeV-`Eh;&AlspM4XZGPwx$T=AH4wSJ;x_66O2!E|c`xCH<0!oL#! z+w1lo&i~xYrSM-V45Adc`ry6+pvvT01FWbTe{Bd@9aaqvugzGR^K?;MkDNV=z)dOo zUZ0=h;F>xWvT2RzO>@LCR%6-kdxoc9V9LKZK&{fe34~h5iLV4v>qyxInp-w?UmB!- zt#PdkQ&m*+wkWlLKEFIV?Q9mE&S~y0==2UYR&NR@J%on2N(1!pJBd!J6IPoqaUVC|{LZtb<=%)sXn@--CNEa#Z6e$TLor*0Zp}RzvXXmf}=l6H8t}PZ(>s!b5{S-^RI=?IyAdKdqp8r?{ zV|svg?h>U^>O{IcRR`ZQA>m$4k_w$oPP1lRgC&O4=!cylWit!Ohi6WxA1>nToVJUo zch&OM%$_n`x`ZR3h;u__ZcW~@(1zVHrA9f3v43pexM>>}MQw@xMf=(uwZu?`(q@%Y z)uxKKCb5LD4K<;B^kbW6UR#KeAe9tc>tidS7uyxgO-2D!W!d#r1Xr^2J#awExle+ zQ>jveefm@#p*NnyKHJ^hU08lD>E`Ueq`bs-BHY}or@LIGTz(nV^NY{tw_D+OWp*Xc z50`SiTCt|qQqHeZqZTI>HLw5D}DYt90W}Q&w=q;PBTSTl3iu2PT z)Zto4)saqa5nwGBDD8VJ>tS6iT-bD4op8NlWV0!uuD;Ih&y*#G(RS826gJlI>^2C9D>WqCI!esqZhlRaEM1X(EStg`?W$r?X?qgvxy-b0l~57}GjoTYB@WaX;?_ zXf?9(4HbUdC|PO7{uK{s&#IpvS8w2%H~-R2M?6#eSu_~CfK%Ndv)O-9-5E34aJBhx zb0%lwJ8a7`qW)$(l_q}(U!*B#so=GxNRSZTX=4N5GRz}7UA+2k28=k1y%EE(7eIZ zLK`ruOO6ha>8i>8kjJ2JpZqbu+YRJ?%x}Dy`k@24b64jJHmu6qRV7%WrtVfbBsFzc z&LEL>Z<9Y#t+_0FWR2vH+H-{~<$e^m*6y-}BxzWZ_+b}XKkY--zI)O~?WC^1Sy-;O z!dBttAmLxYc+CZbNn**>GDN6?kQG2EOvtkQLZ zC{uoB9Bdq&D*J~8)n7ZU9!^4gXuV9Z_77lKJ~>e@qU^IgGj0`%@;H?q!nf~O|3~&X z_bHd!-KkrG@c`ddSLX%dv=rYm9q5-jn(z55%$w|SrC$D*Lu$I&-ma6}N<~@5lG5s~ zi7Bh+PtUwnPrXm@JJEvw)mH_6=L7w7eVu|4+jS!J7&j?vM#qZ6R8o#3nNvJZ!t8if zSx*f%{Z2TB_4!0s1uPH-TQsZkx4p917Xv+5^7^T8V4b-}Ty9>$f=abm)tXSbh4Q}w zyA)=+4{jAf(kjfVAl6&+suawxH^8-_`>IcHNZ|@L?LOEyC)V#!kfV-=OSU8CTWHJt b-iqO08!bFs57)!>|LOWa371uH0E7Sl%-zCn diff --git a/released/assets/rancher-pushprox/rancher-pushprox-0.1.201-rc00.tgz b/released/assets/rancher-pushprox/rancher-pushprox-0.1.201-rc00.tgz deleted file mode 100755 index f9673ecae3765b03035909a27d4fcaeaace6a107..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6097 zcmV;?7cS@@iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBxbK5qyc>m_7I6t}F*qw@!Y{yA7+x?BNoo+MhCLY`Ay`4-Z zhR7ocHAS!h=tOJ#e)cEoQKk95}%s&!~#N*)LJb?ooPSR+Kyqo1>nsN4}cQ7Sf zhI2AYzImvp-|zSLc6asv{eHjxe}AvP`^{jt-|z44KHuJX{!M?dyZd7A8|Xh61WTS= zNW#DA-@C8+;Qk^HNmC|?q%0M~03afgBy18!M9Kt1%6d~8$CwVGBYBP;uZX1_RVG3% z>6l_X1pBtVTuNprG7{ksOb6W=OQ~d>rjxFi3yHJ#iX0Op0=ue#qK|@R1Cr5SkqgSw zAzTgul4ZruemDsGL5w2eG?V((DM|r(1_WZv5;mV|E|4qWf(@8TnTcVqH=%Nx zkHUz}dKqUklvB(_H)69{o>DpQIp*$-5;p1~l6ZtK_V)I62Yatx4Ypss+U`fum=HpC z`sC&FXz#@sUk-X@UmHh*?$O}68rWMVaR_t_xlr&Bh!U2^YBZNLM*f3_H)XLx)Rag! z^okgoyW!4qA%Uo|71cJyR;A*m*a|jkwGHYd13ScsNQBQ+PJv2bDP)XGxVnPySHtyA zqUrZHHzB+kt2u)yxkL~dMwBGLQAkcBtuuZIHei#67&<`3l;uebEKTOX^Hg<$GK%d$ z)gcKMk3aXzUqzfn5L6tuIB83rDHnD&DS89By2MsDJs4U%{;Didv z=R@dp0?j6hh-Vo~6*lzzPyr)UBw&>t#ujC2KwCjkdI+83@1iY@0FNuw2xqA9Z^_0D ze}o_+PBM%G`~8@4IfU&OJFonqA)F$=q!IpNpfRmj&_vO8!BJjgfN7jDn#w>_nixU= zfT?2ocnHc)2m(6`!^Rf?Z(yING@4cwuj6kuwHXt#{89{?1)!@B;nmLGE8XIoG32R0 zskn*?Q#-bj#gfwdlOrwMN|9nmG1TH=*y}lQ*S)$bCgSF%s|$x$S4zugf<$<86N<|y zjFMbP$LYgOu!j3BTo+p|rEq*kAFg*!BR3xdw)tK?mgvUTq z)%qW~>Y${7shWp3$Ex~Z`$gCf`{BSeYpZLXHsZ-aXxp&J_o+zB5rvHaAQyO~(5HGB z!k8q&P)LOl^|TqepxMaM!6hZ|^V!+)X#iHhYxdlLL#AbFF+v3l};l(S7srf{R* z)Z3Np0#m0)Vi?WU#7hPRIL4StN)mCqVaHS` zWWnj_5eSTOPURe;DMlBjCz|TFczQvVHBQI#YWs(jYmq!x1J?v*s60hAH-yjO?C2Df zXQ9z`fm)B*F*y>5NUGRt%F=IkW^LgRPlmgN8 zq031!8N#J@tGc$_p!}}v43fq}_|U0U?&uC9mdzD5#GBxozU~x6a3}?V>zAf8x{d{|oP|_i2hrhFpX)yWdj43jcp+ z@A+QM|9>&)?>zbckMV54iCwV^uCBVuW~M1Z$M`s(tO@;zTQ8>r-J2U-kd6!0X}l!2 zWZ3E*71c6MQ#pptccRz1Qv;aBjlY8p_@`b9NUDPpZrdQ--#Ai z@w>PKn>3A*JZ@rElUWDCtu_+cq^WEh9aM>_#vBL6I$K0x2J5EVI-eG{z;~ispuU{w zCV^4mCOz&n>2GUovNu2_9^GHO6kU>Kny{UcS~!l-V5GfZg{4AhN)ugfDgCd3E@M4C z3bqVLw?S5g)b53=>T1#g0bE@#T7bOoL{~FhMW#Il`fAYmcx=bv;xTCqEtb%p_`MUt zA71}2vHxlgoapiqiSDv7w8H+|?eF%h_TTnkZ}0h&{r4D8yG8_~Lt0d&b+Doda!0@N8(xOCbnj?g3 zNNE}?aj~nJGfz+qgD#Ma{*$vjQy%rRj3qRhKl@m9>DBw#EpF)|6ooEyiF_o6%GiSs z&vJp4np$70p>=Pgt2DYv8ZTIqa)@vLx@=ufHQ$AlrEdA+{mGFUT&HK3(K_CUK6EB1 zJ0A<7qw03M_n7PdqG?Ri$yc3nmf#7FRnKnHmy99+XcFwLVHWx5cZ{SZ1Jhu2hP112 zYfP9bHi)9GUyPC1GG)cY)Ihk`q^twTeW$KI5W}av%fSdGaf3Q$@u_9fWBvUC+h8f zI)4@b2t1-`{$=s^Jj)WCVJb;tC8J;Tmt06){F!-6(h1rUio|C$9YWv!1elR8L)d%% zeCK%pFcyaC9;i8vBz~7B^ApDOvbtF@C{c0Al6>YG>%udE5l8v#zB1Nr3Rphu!ZVy@ za(+npGxtKz3XxOwLT`s*{Ih*!B|%2y^qAwAe$k{;TDNZzV{h}@jG^2cp*9%e^z_JV zikO`YyG``-+1YW6ui6T?!=9xrPtcctmVbS1`{e2QbDvw-|96fFTW_tALB5rZPy>;COF%*?}ET|s8WQuXY z-6W&w(Oo;J#i|G(O4M#KT$5^e^WXA*;KIwMa6V}dwatjTpSm2 z&(JYk(YDjBqbT$)Z?&I=do!VC+Xj|&8)3Og3^zB!g~cS9l<=0@!o>@PS8b~`>f54z zZR-Jt{<@dn5LSy5J`rV4UFdelf5hpJ-){c=?)2=_o8zs@H@$?}&3W?Ux0}Z&@BZhv zPw!8Tszt1S+a+<#RjGF;XVn7QM(Zj*|FLO|xdHmIOFER&1=5wFIwN%EUQ3V)kvf#1 z)7D@OAuasjM@ad|QsCzTyNUa_46_T`u3Ek8mTyM()Zua^y5fRn-Ai5O&fu+D+VDHp zp;29BWB=H@B)rG-v}de;(JObkLdtrUn{7;0PglG%h&2nlfF?1Ye(a%)dO{@Hq%wr- z{TXKZ*h9761t0}c)rhRoX*VKWRjks&f^pYgVS4FvsS#k7MLpKn@#H^oHXC{` z0mc-Q*sjJj-YZ9G2tpE>i_rMIjh+-2*Si@)n?$ow%*_^@v}iW7Y`aA7d4_(2ZfWp< zr4qkLe@NOLf6G$kqgM1y@lpHgFzEODbs~Ep2UQPCyOF;r8W+t;bMjGD?8cOPAkI`3 zGaW62bO%l;mR0?-e)!ZvEnn6wb^M^elt>>Mku;_9V4?DkST@%<6c4JmtFdyc6?m=u zDox%6G4*9fgU%@u9!+UF@xmyzGR)?Bal#&4u<>z*>^hBB6q1JU?bX5S zle14hy*YaQ>Fxe6uWyt83 zYnXe`mGcZ?4EmHAbed4YH3%hAy2{L*B8j1!!eGnmr-1i1-P8uTx)*<}w;E3aN2~kt z{*)*rbpKtMKGXdT{OxacMt&kRF;-HP}Sb5-3S4 zoDFh2VA));KvCL+$bVb!Nj2=fJlj9{=j$_{dZVnRQlkc3UpGe>O=m2I-QC@#W?$5k>0*R}$4dVY8w0ZJ^bK*ZR;M>^~&- zieUa$AZt|71oBp{Ky6a))@F;J(8TB+n{IO=);5aE(;#qbOSNm1+%ki;UZA$`v8spL z+QOAhr}Y7MJ4Qa5GTqhJ*&SK~A#T^po=t$N0sgd!^p|?p+5a)Te%I)))$#v>`uYFu z!S0~{wEy!MPm8B)P9bw) zKSXp@3mU#sa8(N=4-td3V%q-f(5kO9sgg#WBi z9k3w!#~kFkd+^WVZXY1_XK~}z&>sj^tj;Xiu&i%a)^_;p)ZHnDsHN`O5k#i$UE+tD zHCIIs-6Hs>)vjDC_NThFdY>&s1H+2IAHUG;!+x^jxZ3@Kep)B>_M64^dTVSIud?I+ zQo^gSdl`3bk)^K8qbqZz$>LBa?_72z(#f7>Z7JsDCTEgGEE&StfeG1=gilZ&yABss z6~1t|{ji@_8}Iq7WB*y23|Y# zyuchRZ}kl$#*yjZ&|Y1>x+CLjh}jhfuKxsayWmXtLb>a<5Zy5!E%)peij$D`O1|}D z%x)95nGsHAg>CUkL{n6#{Gbbe3>w<^cQ(>y>#)48Qmc>nObc#n((1wZ1-eZW*+>6r z(>N{`L|d0c7fjBBN7z4{vj2}bsjyJpS4eJ!wqGN#IiW&gs&5xuKbm=MW55SsEo)#E zTAs{-+dd8bA5Jlu(MifUK2#qo^nd^P&hy6o-~FfaUyt%^z%h{$xw)>;%sYIZVhW?2 zCNWJXkdf$uOi&cJfQvlSatFi|lLRIS8yOKz)5#COF(Hy(q7Gy5-jg&AHXy}`xzlws z)2CoDHqi_JZ!3g%X)*_v>Y559$dE%qQw)Rf@buHEWE}NP#?rjwrf$NdzSX|HT(M52p4Ga(bf_o4Wl1>c7wauIwV%9;9`aXJaU z|KDH(ekGi;T)>;d*CJ3F`*)0F5YiY)&lKnE_aM9!5sR_+S6KOO@c+r{{li~ghqL(M z`dD%PQycp={_pQR-T(3^&qgzCMX>Mg1cYcxxP%cA7z0a-*B{(nsvkF7Zq|2Kkh((l zntD;B-8ihI-5|F}x>4NS%2FWkui`|HyD2*if;Xv(!gu()Nutqn0#dX8s0V45?~vP@qHA~vVIMvm7g-A6 zU51=U##@JB+$=w-0kg%o>i4}Loai(TiD1scii>;d3lq>k$L3!-ucL2~L{pbAr5v=m zYqz*SHw=RJChOXTii^-7$FzL&ju8@d^ye+#<1vfN%!u701pD~Zlm3|Das%cU0* zX=22MORb=tV>oY~RXpDcf;0aL{xo)SM|nP)r{hxOkwWN=728_U`LHy5NGpdft+55x zmI#AjqmhQbY=y`KJ2lBj}cd*{WgbGWvM zGB*+Q~-GhHDNN|%!m?jy+an|I!Z-B+#?wcXYodL6}U~U zEY%{OcyyCvrAR#?Mwtr3$dXc}z`oL2aWQTSf@#Jqzv=W2I(0}a%D8C!l3^sZ2-hnc z`b3njWyG?fj4DBywFpCZlIM7C3AcI?Ms*@8MoYyWPy^F?Ga{MhR5mW$RFbOXqlAjaefV9QmLqaArIY`dZZ#j~iKL3ZOB2lAmoF4D zQx;c}L%=~aDiRt=?NVy@@fyxw?d-j(kHfBms` zxU^h<>}7L-5ZdC;S~I(}?_PDzO9DGDp)S&!sPT0=wbA*<`PB$@GCGq7MCVG&D5}BsI)M=Q$OQ&BPWEjT90d{WLcez#pRmt z`rSW%vm9M5w#*txT9T(_d3W|;i0WhCvly*ZDW~4g!4jGUBE9lMg*iBbF%U)K<(UQGISxbVMwpC`>jXo#w2_1!K;$=;K*Rz^Cxq9zt===E9`H@fav9?3Oa`m@Y=g z3pqi#Bq&=sw|aW6FgVmu?PONZ>A55`_H^_D?EWc0+GBK!U@VU7eMJz8qPs(|*8{XXqDNv;eKcz{K@vau~ab7&kpuS%00960xKDc zVQyr3R8em|NM&qo0PKBxQyV$9`25|U;{43a2ByYs8wez>&HjoDnVr-!2?b>Col2#G z+Qb(R0yLqRN)ZMNz>@O}hd{C{p^-*$aN&cs*&lRy)E@-ja{e3qe?gKQ#e)if zCH%kB-`=Y8|L*qI6aPQPvjzt^CV3*kOgxMkZ%}d=tikD&3ZMcA{J!_=VRy{z~COr^}ku-BVVIn765 z#AdyWvl+@M=As+1*(^_~ocA1a_eKdD^$ z@jTku9pj5Zuk35>aL_#*JXZsI%Onngjv*Hc9s*Iq@>q@Lg2u>y((tA%R*0Gs>4shr zLvuIWSuP|HHMXMKy4a{xTo)U`TCKK0on&B#7!ir^naU|p2`q(-aS4}~5dLPk-bpn5 z{`xwEH)AztFeMiVBEyK11UL%GX{2?=Pr(|j(-1=ksF<=miGiib9C)6pPEba%9jKZ_ z{Yk;hSpr!?QgoGcFC>akXxhPfSw(_s&Rq| zMv`$uMJ!Qdqrg|aF&@)&lFZed?Xz@DC%O3=1e1h~NMiM(Oi=v=U=)?5+hd$iA^Cg= zolcothe%KEOrdeBE^Ry994no_8MZQl(T8=1e1OU0fLxn!o!w|+K z5r#r4jHsv0$OX+tmJTi`fnQEfk4^%x0$#J{8XPb!Q;QKQU?@jZNI~ReObOWk*HsHj zb%3mbx`?Bas>G3#mMOXZDyKkV{4-bIGvqTWgpoRFtlK0oPRPXeW2KyJS~7(j{ifco zWapSVJrcuct|neGn2~b?lFKRM^xqg;aZpT!?j{##*?-Tpw$CxfR8o?N+YLLWLLm!I zP7Xm}lyfTQ5KS>UH$Bl*zr~Yts;qH3o>$vHpj?aOxf-}8Fhk`js<|P24yT7FpgaqW zu5;9S%#O*CKtxi-USpQ0v2ItDKcL*wz3S&@nxOVOG!-cwEkJRs)HX>&^Jy9hZ8J{4 za*iTnT6Jis1WHNMi72{MofLhZGZ~l_8E#TMCnXJ_qV;r(;Oo61eE6vP&_RxCt#U_q7_n@wup!>u+;c)lobY*fl#BUDJ6pErLAW&t z2SK34%o6P)r<~=Jsns$y4P%vrZx}h7Lp5Efm>2yQ{QzL4S+m7j=1tFsdZBD00!of0 zPMZ5(=)+H)8_j~5bD!HLPJios{MIhY)AJRdhW}r9XT48TOfuvml-d230+#syTRYqR zn*YB$==Y!e|HpXN;MlI%1(%myWi!(hp<{fUPu7I~#I2Xpf$sISE=b3P>NH-GTQY3* zj*4m-r>Pu6=Lga2+^GRf%Pc)4BTR&W-mZlXwcqad0@v5RGwHkag+qD; zf96c;qHZB#2S^1wf^%1dP{g zu%ZL!)EB>%0cVW~SZ~x5WyNMU8yjtu+o)*DcvRY1T-ME>n|ZIE^(TK2;SWN&io+k` z4y@BOO7gggOHEiE2she@W}T+8Z9GsVpBg*t8+&XKO&L6!ZtI*`X#XEXw?K9|wM~+u z!cBABX;R$A%7ku!N<2zGe<8Xg%QPuFwX|>?p}|Od!3qI2!0=kU7^eEUe zAl(L86;itwuBz)t3q)>pg=hiteh^*FVihU&80f1(=i{**hl|IgF|=4Fdjj`P2>;sp z{|5W7=D>+AACc%T8$(O%zwLhA{@Wbv><*snzsGpmH6j>|(xNJ@yA7IC%3W7Y8gA`L zJF4ON3lUP*yBGxLR5_OWW-;@aB^b<5l9))M{8zJiy0VA|Fx;xEw5ZgY9tq(JQkup} zcx-D{%@Y*EpbI3U|Ku#slt=w6V+oDs&puXNdi6ebi(9$~MWG8_ARmdLGWOuZvs_@M zrq$Lj4~I)4@b z2t1@|{$=s^Jj)WCVJb;tC8J;T*IYYG>%udE5l8v#zB1Nr3Rphu!ZVy@a(+Ph zGxtKz3XxOwLT`s*{EK~MB|%2y^oZk_e$k{;+PZHMV{h}@jG^2cp*9%eFH66ui6T?!=9xrPtcctmVbR~`{e2Qy3Z}_|2xNo-E994wg%hJYxaMCclRm& z^HH7$vj0hziPHQl_97or5w|$x-n#CC7>Y_f7F3U4GR7tHA$06ISfRCr+no!HZj#aT z@U9*2n2z1(Y?B_^)N|)yy>P=apf8xzN{E!L(AbB(1j&9Uv*hO5wXSR0rKN8_8ms8K zvfsJ5XTNR@qh80R$u_G>J#i|G(O4M#KT|H`e^WXA#Z<8cMa6V}dwatjTpSm2&(JYk z(YDjBqbT$)Z?&I=do!VC+Xj|&8)3Og4A@PS8b~`>f54zZR-Jt z{wkQ?5LSy5J`rV4UFdelf5z#n@7I5McXIma&Cy2Xn_kfD<~(`z{rb`IyZ`z9)BEGY zY7y(-c1av_RqEaGX|;g1(YlJyUp0*}H$XpjNrzIpK)NziXN1n&YY9>zQil?B+8V4O zq=i5H2q_;~3jADPH*p_t!t8>!t5)x-<(rW`b+}xKt~jSz_d=JsGkD9EHvEotXjE6( z*sppQg!g!!_Kfu}dgU%xNLkNvvyG|h>56v-v1VZx&?M&5s~*azCq$x6Dnq#5pJAqt zJyh$R<9tcA?m4zsjmQd}b|cbN#VRc<7gU>AS98w2#wF%=t*&Ly_+GlNi-Y9+-$)~i)J%7ZJy{o&(LqsEe-CoRN@!u z4@tY@Z&|8*)QY|-K5Abb2K|1&PGk?{pz2|1H}Y3STf4Tqq`1I4y zZw_C7db{`Q>+5F0bDXPk|9buVjm3ihLEO=C;i8s;8! zW?$5k;#5R}$4dVY8w0ZJ^bK*Xq#i?>!{;ieUa$ zAZt|71oBp{Ky6a))@F;J(8TB+n{IO=RyK;u(;#qbOSNm1+)V~+y+Cc>V_6TkwS_C2 zPOAg%c8q*9WxA_xvpci`Lfo#GJ(~bk1N>)Hwh5r->+8uDb{SEbjIJVt*DlUJd<$V9Dyt4I7sA?aJB?pPjlp#SpdBT{(it)V)jmP_yQ; z=%HH#|FqhbE5-g)w^r}7g=k<{68Pg6x_#JBRvcctU(iqMq~3nBxL$9Ct>R^N{9j6V z6?QM<&MmUkm3ee!t~6O3>g1ivu0%T7ldUbqoZRG0vWO)^INdiP86d z4!0ln(`w^ApH=KXEBx#oakn=Fm)L)sTics8`)_k=cjw9edyJM4Lgfct_+!w}zJIWhHd}|~b(LCu#HU(tTa#7~#xKxqn#ex-PnyPY zu^`&IB)VX79z4SS;gtP<#7TvP>b^p9OSJt8fz1gO5>tJ<;Of!LD;ono04rGo%h2*< z4&3%>=>Kqv$&5}?#_^&0Sfc;?&$pg8?*ASsl*r9>g=XI2^AuAUzO_U zi?NAb_|P9)=~Z!(_ESPH-GpFm8x2*L@KJ^il% zKL|(v<~{wddoi8#)IaX0xJY|tLn9KM=a~ta2!0I3=PdX!9Fgr>$Nd$bT59~%@^+-iea>U+b+Rc=} z>p98St2ecw?Im;Za|1SWX)sB>Yo;mJ+ltQwq-Ot757I2(A-6Y0*YFU+9(*_|vJ}9( z3^|dEw+_R&S$PhIcRg& zZgGKb7zFQ4;)4{Znv*m_Q%Uus=}M~-D)lwe?q>EffrE%JRpM61Yy8gg@}mFh@j49> zaX0>wA_YOpq&}Bt?hRLcxU1DI=sI+69m7djMueWBjN-GRZK}v@N_dPZ#*WA~ZiYvb zrfyq9LpW+sl(!_j``y{Nyi2_S#d$tLvuszuvZPmse|;gkO*x^Dq-anuR;m&ssTC}o zxv0al6;SJQnR5g!k-Ll4D{&tBUiRi~=w^uiE$Hsba(h9!`hDiEBsyC%T*WagmtIJu zi4hkrwSsnz;jDR9@oXaqPW>zR)7Z%!<@soyj!Th83ZXYvY->s9!;RTPS~>K_8XI73 zi7*J(8fhp_D|{hMauwy784h%X)qwRX07~S-fm#<`miKHr70Qb=2{!SM0>HaZbxr*` zw*F&q1xKy}xPpT+s}fwn>n~)MB?wo+6?D}D_Wy46mo9KtkkT1kt(Y|9%JPL~QPqa$ zKDt)?d?6(d+P#;`jsGTr2r+K1r7lCGXZHHezuPm7{}}$=>**gQi7JRTw{~Bi!Iedn zx%rzUHzLYqyjcxV?JI6)x*erP1(1hO6DH%$j3@!uJ77_+qf`{cJ(AII7Oz!Tf!ox| zjatMLk8X0T6sae~C{tk=SyHML*i%|7F2-#^FwL0dH=W)=rw)ll85fOTGK{1a;d*65 zpNP`6j9505Q6(s|7Gda4@*K}B;Z`rgs7^%1XsOr(YG7J#MkLdm%EqOQrZE^EF1XQRb1MTN>Y`4lu*&Q55H^Eazt*Xbn+k5t>(i#kyP<_X@c4N@`XZX z%Hm3r2;r+?o!CcFMM5K~T}tgfUcuSRt(}+kaoBZGH5PZ%vY8(zsfsIjZ5{@N%d=(< zmzL{~y=*QJLRyE?jz)u9eiBxp8y-8eqUuclDC`Q=!I_TPszFg%K~|++r$(zZj>Z&8R;*27nbD*k zaR-xx<0Yk&+$gm8y|MqBPWCIH?w5I`W@=b5R9YC`sh@GXkrTpct;ZEpvMf)=;&M%R z{q7yTxfxw8w#*7hx*<=?&E469A*zo(&tkMvrJQ;{2TN!ci1f-273Sa!#y}K_muFT; zsthylMD>|X(GjtXqA=Nnbegjw7mPX2qK{`O0iVKadkDofn+uZ)$77(duv^N!W4ag} zFXRN}lAvtm-0JDM!r)LtwUb#rr{|K)*wfJqu=`bjw8!Wc!B`yE`-UKv=jaw%dyxE5dzL)0fw^ru~2?)4EO*W4NH6;Kx_0M*BC~^Fo<) zb6N$>E1B-f%kwqgfB0ydsKoX8)=Zgh%m{Z+Gikw6UA?HPUi4q|E1=wME)9U~Q`wAMTQrenLq<~8Ou1T%D@^4&9hahUqePB} zQ&#WDXf12e>SRO(5d=S;(rl<_Nimz^L&FqJPW!uJwX1WSUm5=WhhgAIuko1Oy3aI; zBf?|tXOc*{qCbWZ1Sg2)l3W=e@BoW)Wn&w9=Fm8z+5?_yv=l2&b_SGC2*35p>(le} XJUvg(w|)LE00960R9&@<0Du4hDFo@g diff --git a/released/assets/rancher-pushprox/rancher-pushprox-0.1.201-rc02.tgz b/released/assets/rancher-pushprox/rancher-pushprox-0.1.201-rc02.tgz deleted file mode 100755 index 11d5876482417c0bbf312fda1fe9843c1bdc31fe..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6103 zcmV;|7bxf-iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBxbK5qyc>m_7I6t}F*qw@!Y{yA7+x?BNoo+MhCLY`Ay`4-Z zhR7ocHAS!h=tOJ#e)cEoQKk95}%;_{1iO0dgc>)JGoTSkdc{j_&G~?_`?_f%} z4CiE)eDhFGzu)ig?e6M-`~80X-~L{I_nX0PU;VeYGuZj2KiJ)UvHcD79}I#ePc9_k z-}LX@SAB4Qk%y!ylSERMieUf{5lIp@2_qt9f+1zSDUD-HhtQEc$BtLTQjRJUA(wPa zF&=__+g>guGZYz#a0sS@?u?~WGEUP;SImXPS$jo}2@-)_)j-ilL9+qL=HW$6$u z2LZ{l;%7e`g#92!5pkMH{pu8@fII^NF=h#y&oGt1#vrE%$GMmubM^&PyK^9E3SQiQ<*u;e_$A&@LfXrxgbT>4;b_Xk}b^|ynsIsXm*za&YH;z0$# z3jW{gKX35=i=F3B{Qnrw1{~s;G#`Z# zoAolzW+TDArK`jkJV@{X^i{_4R6X~g{Uc!Zs-*; zG(ch6cNudmMU!M`JnFe4s5CKz002|P z^zjgsoe%_e7KV*40N%hpPiZu*DqhFmYHBkkWcj5SHVZ&kAHu7hy;r)$H)F_Cfl_f5 z6{dD^)C3Ra*RL{$P3%eyB)Ng{v{+p9znFq^k8l za@9de15-5*Z;n;)MA7R7|PKUQV=;AQv&w?b=87W z9U$wVF5;-9DskkbWlFBU$|;Z-|H#$%4Ec--VWdtP>oy6D6Ed;=SSe?lmQ3MBzp1w? z*#)LfkHj#VtBIEkX5<2am6RmncEgUTP{@MQ z(<2ZV<($enL{p3|Oiwh`Z}IekDr=mM=hgNPDc2%-t_H3N%usoXYHkRh!`aa(D9=Kp z>jJeNvtx235Rp`|*O=vLtlL%P4=J~Fulo6kCaC=mO+`va3s4*@wN28{e40i=+l5_hw!0OtK88YMl72vY=}3@d!A9wm8R?_bi@gtcSpIHkF?ii zK^TNPgK!W8THdTsGjhsVKABo|Q&TloTlf}|Gd@()g|2zof7uTJ)|x(BtYrfA#Hbg_ zI3l0~TH?gI?~XqF9J9#@CA=e&!sKhZ#kH`oUVW78bp+oJr`@O);jqgnQ zZhhg9Uc(WQ*qvzx80Hp*>OG-W(0?JO?q=FiQ%SI_#B--+-$ zp0}iaiGUYS8(3Y{%i^F=-4fmdT#L zy%WO!Z2iB){;N4~qRU4ly35AU3j1%jU$_6Z2YY*iC;RU)o_380Mx(T-O6z5V=9F^R zRg;EWd(!@Cc=1w%l=UtL!39MAWNwWdcx zxQ3Lbu@WA;npN`z#W3gs$>={h%QNLjKg(D`qxrLsRZm{MkKN*yE<#c0LYK%#VyKKg z`0y+jSgEPCw;EdaHkwPLo22oAB`Jsa_OHv<^;Gj+NLlJuE#99Tslj!6b{VbXjp##X zg0l0m5J9SLw|kGd{x6!wG@X3aDQ5|u;8^wSCVj~$0)QsL-Wq0+kABBUS~4&VR%b}N z3b)3DsbYgD>e|Mbj4e}EOiT@gdritZfZTWL>H{%++PfT#P!cz&V-}xUCOy{Q|MSNs zGK_|LqlRA61SkHc!;}g67UgHgFN(!X_3q8_LAB8Fo5S)2&(nSJULdzifq8;Mcy^-R z?x*u-0f4|Gn&w{?f6ucl!5OBKBvvx|MSsbK)Wx5fw~9a69Z-+VTW_`Dgjp*S1fdo)SO)Y3lUfOpvK1QJk5?esZ)BD%uU+f9rd?Y4 z_M@?it}EM|i+lF#)-dXIY?^Gds?-yw!WfN(!T%HGLjE_E)1OThTToO?=eM^v+`+|h zA@>X&!xe2i?K+A=Z|+w6S-3Y7YPM})Nw*P}d&6*ZGhA3ql1T|~xf@)(Pesd&aOkgs`3+&UIN=jf_SA)Lcl<}3{`l?Y&+kspKD{~Ks(jN6n%$fyKYqJ;eDdyp ze*5(PdW$p~#s-+FT zV;vgRRW|mIy-UJ-JWqSZ`WL-&mn)>KXSvzNRP}VlJA+uWunTAs^XbPP%BUwqqD?A8 zxZa;(rjI>T>s{b{MYZk)wpWeF8l83{(pAMOEi4#!?G>h%K9?E+W?9r@eH~B!6KAub z_Yz=CF^TPJOyj+Bl!hQAk+}$s&)eupadEwyA+$*}8^zpg!AXl|Gs`wl^qyzvH|UlI z4_GSki}Z)2-SM|9RX%D(-xMFUuMUHLzh5V^2XavLu(TWbi=uJSoHQpNRmE;hxd-A* zRWZ}iLP&Sulww)cFY8B5E!6U5%~Hn?`b&xQp%F<_Di0Pa?}%k{jYILEdb=7cw_1VM z%CFMoT@X`Wc0}HfYmX8znlk8|BH_`LrV}rWQY*u3t`{fl!37%@XUMM8Xhk7u2;W{E zygoVm^wXQ8*Pq_*|ML2#S?~hqs@%U`|F*Q45p}x7{YIN!>GIp@yZ0vtuYde@b4=6N zlD3Aq2VFVO5XPWSnL(!sC0v70BBiU$+$oY6x+x5{ynYIJZ_`a}kgI#~$9k*rG;p-K zFYix@LPGc7mFY9x-@xDgW@qFlLK9;JX@H8Qs*W!5g-RH-Hd({m;ubG(zE*=xBrSoG zw8GgSw*!{V6$=!lO^E!r^`2D2-pjN7lYhQG^Qkw=S}HYa!1Z-=gwb@yV%Xi?U0Qx2 z=nj1r@*3JT;KjRkxa(EwKPVt$<(t#(qC16vJ{ z`kHVV2yYO;xbZOjvk>lN4zNq)tCxd+QVq3OMio)CK5!*b-4iw&I^PCbU3jez-NF7t zVy_71Zw0bO6-^*-qYTaJOURqbbu}eVyH*H4x%u4+NUR|>9bf#e}#kXB6FpB-BDbw;&zV3q&!E|FD5{F1e2A1T6W&>j+X*9fZx z&D|%$s&4#!)$5I(o)yp9_TN2jgj!|)?QGZWzy9uv7f<%zV>}OI|JA~OigWA_s4X5K z{AY#gfCbS%=2+L=gMSux`v9>&iyN$q?oKg8Ep^w9ATo9D z5?(`)nZ^7*+)S_=RpC_LCKd*X|ee(>kfQ-z=`zTVtzu zl^y?=5?+Pf%eZrkEOlibU74Fq7Kb`{=dvr2PWEJLOED)mIg>16$q>#COvr{Le1h`W zb-1Xi@P)(ehyAqLc+Y1Y`_BqLdq>>u4Z#)m-}cV#cFq3V-r3uGvi~0Asfpj}5$9$Y zc*}){u9LQf)nBk<*wU8bjN(O+_PIKPD0u% z`PPpyyG__;MmU)jw#6qAO;MrpgD(6rXlUQx*+`qM!}7XHtv=#2Ex4^os|Vv3=r&Dc zAN{9I|NZAX&l~rD_n*#xJ<78I$3#lx=9WS;@9=qw zDU5QO#5A2iMxqNcK~dZSF7iyv9S~DY5||`xWJEMgCqDqkgh+acI*h@4PtrKpfD|X@ zPS?#$pMu5ML@)fmtq|U&$sAa!YbuZ+LkbbK zyLr?Vve(p$BJIXuCG7^eMbeGp%2t*FfqxYzdfZLfVGz7Yg(OKL;6r_2OM%rR6+Ouj zdy{E5Qv$E&Bww%I)RwlF%*D?Q*vzHDB=xSDrd)3;J`<3d{YO1WvwVl#-V|NKLkRou z;kd|B0Piy7L^9qw4C7|`Ne!4SzE!{P{oq8WaYzJn7FJx`Q(u^X{y8@P%6T1qizJ%5 zgem2q%@w=Fy}4l!yf=vtQlM&1(g;l@)sLnttxBlW*GRjY*~8dX6%R&x^LHBC{#sF{T(h zBHLOHk0wpswuXjq)SxJDNqG0WvvGNsdIO4!e1vA%u7G7luMYqELUfyQLLW)dpkS<2 zB}P&!SU7i4hv#dc*5@+k2wEa{7pqs|JoLTn&D+q;5dB-w-Ie9`f^zly++9g@zGAqF zV^}V|kVq3FE?jB_?Ht2-^Q_|eRuG)|SMaB?lRL`u(L5cOB99b8Z>-qXlFo;v*+W`6 zbZLz(u(m`P1RISs6lWE_kS4i`^2`hey25I}dKCaAa^XO&i!RH1Hk}IPMVbVg_(uWY z-KV;tew|qVF}Q|f*8yC^VVPA4uHp3;GRqQ#>);x?>H+(2xB5#LI4?-)9In?)nsIIU zLbIr9!*d^9D}KI^k_YYHOXbFYlR$(RH`h{^q0w`DedpipnZ|z%|L*nlkCH?cMB6(r zUY*0WMU=Vln94kfY2{Fo47)F+qDh2kH){2X9TM$e$X8BF0chIRrVo}CL!`eQGf3xv=Xf7Y7WrG59Rb6yhIc?orq-b9VB)2WTlKhCd4sFTr|JRmw( zk|q%|TV6T<$$+EL;Fh0+Rp^Gt&aJ3A*FOroLUnMiW43BgR928xsn@B|DvhHtMUoY3 zQ&?s+sYl$wB;j~T=_EG_Eq<5wzwBhc0_uL5S8Aq)6+@+k;hp*!w;MSjoYi_@tfu7YO!V3K+=*tEz7&J2SZdJ`<}&UrAj&Veh!w}q6^_S1VPUtF zdB=1yI$p>L$|XVB%DL6kbA`d7hH59XdQQ(JnX#v%7hv~K0n#3$TLfcqT< zh)MF5aajbDSUFt;pxCT0)`xe=vaADZd9MifQB7an)SC7Ko=odHJB;CidV(KcsT%Fy zXwM5}(#>fVG_Pd3D=*L2eE;F2ZK4v_=UX#nx-lc%JmJJz6Su^EoEv_+@n{-@? z#;p=L9!^=kBcrvfMXPfV6+{qxe@3&Ro+ZU>iVqD_G&$|>iq)MFfWQMR%9V|6>6t_0h-wdbs?k!cIN2FcLLvOx dE3Z$_)ARH^Jzw|vzW@LL|NlSDc zVQyr3R8em|NM&qo0PH(|Z`(Ms{ac@6p4$c5pqA~#akd8D1G0(H&1;kToNV{Hi$y?7 zW19^{swCyao8~_IfutnMvize>klQ_keSWDgh=hr zNW`8!SZg+$%}%>*|2Lb>^8e;R>)=_d-E217?fu=o&a-B#z1!Y<2F-_KVRcKCCh}SH z-n7b-`osLPIP?m;`prmxM4oe;)=oLJ3;HMC({}8;$GhYyY#Qm$Gi=1|uOM zL`^7DzE?fN>Ee8vt-1`FP4Ao6zij_g!V**u>i{;`f2)14WdHlk{U`f>j225Vr6I~L zI5qSF!8P9KKGBmd)M_3VA)X_{KnvN0+dD57;UU-ba5SQv>e+iTL^cQb{f{!h1Eq14gd(VUL_J4pt3vz z(1?t&pD@-Jj0UqVoQ%$d?n_k2b@BZ<1`@ThOac%YOdL%Tg`IX6b{zwIZ<;sRk2nrG zZHDe=O8%@YHP4CH;F1^%MYS+2r{>pK@B#I?Z}9*$8RuRL;5n$6@N+FB8RNw)Mz9tO z0pT!2s6`kFIjaHTA=HK>9HXpRe^T&QcCH?jF?GSgTNX3v*%?awlAzM*FMuFUy3lGG z*Bl!^q%?Bp&* zt3bs)&uNGAvBoLa?KmTLE0H6XD2?)@?*ZVAM#%|tNL!uGkDYJ#w|})(_Wv5Am=TSt zaY<4G_H}%}yCSe88r)ffD|F3$43!uj zCzA5WOTrSB!3tzG@Ev`CSejVup$PU@VM{5R zfyhJixKcE$nNC@DV#~G_v#;hJxegK0!K8N+OH?Y0=CgNKIP1a?HSrgh)$DFL7=VaT z61!oY@Ito>3Fr6>|B~=A!iy`My@nT4!l3)V;D2Tr8&F~e8*k_e5{i53Q=tB}oY zVNP2LK9h};-I8nyV%SFA)~KvS`W?%>X@To-jdVQG-NG~|*Yim@qeLFyeAbVr*lToe zLB+NZbSVa|Ww3Mv1?^fFO0NQ13a2egC7^C`Ikuvf&hy@0xI|z(Y9n z5}{2#eYMSPsTCU?e!&DO5Ao(Tyr3GRq7`nlsC8fq`PcTQWvsza^w+qo9470kbovg& zS==JPvK3nAJta(;iK>`U4Yk*`H7JU5GLFhRVvC?+XPIujuT*qu5ep{9vv&*9DfF&a zjCIeV#A4qS%>1lqUv-qe}P+S|&Vz&Ypdw(Rnf&(Hp4Mmw9#k z9Z4h_f#fts31hQ)sQ^eETh4v&S9I7dyf!q(l0a}xC|6Ewu8(TCri{T5AyI}; z1;jF+a=TKr+4*jzHkA*5bC{I?TZz1=HZLsu#Vl~ssuuXnCE>9611BaoIOlbt_nR4< zTS@%~RV!h0biYNGA-{Jyc!U3MAGDXw|Moh&PyYWgTCq|};#f7N zE$@o*unWie`g;*-5)w_i`BC}p?L2K-w(vAPDim~YZxEtPiDL(wg|lgO zDvOCGD5_jRJyQ&DWmgJ9^Bn^m)~nLhP%63nQE~PSs0XtL?w{LoC5i@ zoGQ~1;FmJxa+NTz1(q^mC!C)SkKgtNm%aYaz0=;{@cnYCwX7!d(dYfcv&-{~4}-(E zy~~SF{a)qpl!4XMk52}@ql*uNPnRDL-~UpLq~WkMjJ0ir>Rs>CT0~bkt8F?3$dDg> zc>ms_z5MN@|L)}M^5=_-{$>Be;G&Ymn|7;J#p7x3)Npos_|MCW!QoNwymIuiGP%m9 zKQDTgR4c>(k6(I&PnSO(p7$>MhZjFrVK?r3ZlHydKiu6FHFEil4O#B)pi%A4EJ#^? zj82iGQhh0gxR|m}w2t4RUhD*j?d^j`xz`n5jgu+7kw`-N(CF`JS5sRHKNShrr8A0b zk&FVD=tl)*aO@kGaPJy2UG$)(R`OVr#3q1mUOGABu}teOsciwt?wzHzC{|I7gu# zPlJVZ$>1@H_3W6sJ0{v(5_B&8{DBYq3k2=%!l*nbwiTRM8F1 zu1<7UU4vMNI{q^U3+~=vfmAjl^8(Uhz0|o|;bp&+!SjWb-UX)>V8vUB#fua|i$Jh0 zTpabY+9i==)WzG2F@fXf$r^OdTvm{Hy2lip&k_@lRETX}EU3RmJC z%Q#rXyWgzBoA#FRZojNc{=dBc`x9glwKrxSY>(L#|L^bZm%smLKkfgI)1E`0XtRST z&;s1T!}SC?3=_&i*7T#+#<-+S&paZ3HW0yRO#V9dnOouE@ber=48XgWoE%2Mbj zJoKIe$Fcj8>SZi(L~k&JYpN&kKd*fFz}XB0w<8TpCS3+bIr^S|e12)NcJ!XZk%%I} z;p5Rcgj6ceA5-11e;xatKm1cR?BA?oGH#eZ*-tg)jX5H-8znJ}C`0A#`06_LcKji^ z@^*Y3nP(yC*xUJ+_Z&VFNkyXI6A?Ex_#Yo7)XPG|yqR`Im_r(uB|9H9XS(@i@a z4Mjo{8j55HP`2uJfBQZhB*8<6ZPjgOjSmt9K0G|&-49S?`_2+aCW~x`_>1}%e?V(A z8of>jiSKS#d^cKc`K=mizV3Bqx)4jE7}qL60@_C&@#7oq zt&%JL+QAVcbAsJIQoYr1zP-XUv>n_>gaSn--B5;C)xZ(uuDK_koe83Tf zRrS%j2|vU1XVYpmtcKxY>O>@DqHlmc$He)BxF|66osAbbLRS(OB0h9`p4cN4Q{Kgv z7(tgwd^7Mda`7s#fXu5Up+Gu<9YtXjxUnO~e2#5TtlvUoJO|7yKug9#+OOBIudl6N z#C(c$zBV)uB0$P);!(?}Ug0{wo<`HSAODN`Z!NL6A`3r=@X=&!pZ<4VcZ&MoYd`7# zqqJve1bU1kpK`I3j7Qf??4wysJeNy5sN^Smfk70XNfD=U7zPo82M`tyExcfcRyK2% z0R0MqW`eG)F^pqNt>5-tK;Ywr)T9?-gy-Z2yXcw#+&^Ag=)Lc45Lc*Bl7vD~7BDQ> zGOV-7bi#l(KyezZR)FBc=>)kXqK35~tS&w!`Gz(7HL8oxq+_|L^N-{wUHkP6(G1oX zhiFbbOpOzZUWf2Gvp>NnTk+=r@E9lmg%Ka@hy*c3=VwEh7j*m=>@dS3F1G6u9J&l^ zO`X8S^?R!1qqd^{kB5V^i=nl0k2uFZ{qHuLMg4DdpY;Dx+B48lw&L^2adwj40keRTV~5eDwSXJjy+6R_W#clHc>8Ng3J z7XhxoIF^BUR`VW`msFwUP>s_Wv=OUMaJ~kk;2t12hPf_AKSU zvBC^ChS~j8Rc>z~%yqoj#k?>mgX6@4*N}yNPqa!E^Z?!(%aWaSnRH7ikNXB?T7Uux z`$2{wiFcBa2!W&$ChUifa3WPZ0aB&G@}wMqhS=eA(Zo0_L&BWpJB^Tiq$FyhhHLx7 zo0r41e_01FZSV5beEFiTY!qg6?8p+eRbFN!KCfPY$ra|gmI4BGu%IQ5DTks?WOGZH z)_<#jLSYhX&33E%b}bDz5IYd_UiBcNz$i0Y+I&veA>#;Bq>-dOse#8BVW0j)s-P6#?64KRX`}PXWuv>4(9)@2ip2 zC6+qZwu4Z;9e&)2=o8-53j3)ES04H4`*-gI+Ubwyqqpam({Hb?M$^&z@m1v%JnX2V z@nU$vDZ3c_XL>aroDL_Iqszi1BOfaZdJ3YI;Q#mcLqPw{U^1MJ23Ox!Vdv&MQ&27B z2b8)*mfwI~(`BxlV=3PoUi?%LVa2lLfTiO(0r;*K|Qv2F$ zr3O~Axni_3QpGf@5{XW^tXxad-T;J^oh- z(-BHRd*c6AuhT2W|IMfKzsG5XlX4mQtEjUg?oW=N4-M{1kti2Tkhuj$&%yP+LeIe? zq5eNpjY_1>&WDO}s2IZ|E%D4p{swt|z;FhlS)D&8v5<8GZK`BN{Ds6M4o@XrW|mJC z;r(1lFP&2bm|m68z@vZ#PT=*?)#*s}ft)We)2kQ7G-%f@nWkwxOOIQ?NMN2CQgMRv zqo}%|!RXvVS3z<JF0tlgPmC1*-PDh zWezdkf-EgfavkD#@s2g&Xd5;)qZXKK-J0!0r^a4CjN|8OT9P74n8O=b7Nz;ZpNSx9 z>Z2JLY%9-Je!8V49|5E%wm7gl_w{5}n2`+Mz7S4jh#Yx7aaGCFf}s~Gcq2Z0i5kUf zOA_c6g1Zb!Atm0@^<3XAPN2$Jx1_TAkzERsLtz#ssM>`5q}l+*g)E4@`^G1GQxW(U zw&4(Q+aa<7={?xIkHIDcd}Og?di)L$df3Wo!oH)`aUM^wcgS8c#Qhg#TNodlw z>nMF2Q0X{br4%`!zRr$=W=kWd2U_96BnKGcg7)s+rRohhhCwe(w9lq**SQ0wVz0s1 zRFK!UZa@hM1ZcVz9>P>pM%a^Flz5P8ac$r;T02Zu3X^nI8hr^OHLg%AEoq@J-q20? zLTTs`hH9^BJ5cER#0`}&!~#KuXIUTYS1LML5C&eb*u2f{j@G+dFm_49K6`v0aVY6Z zCK4P{gUa@Qi>&ODmILJF4ia;K%v4FuJ>=$K$=M@2TcoG5`(Oz|sk3Z08arg_Ve$X= z{4ZQPN4f^M_x^XcaR0m2Y(3roew=pC0}WXV8dZT6%SPowQR!sk*oC6>l1J%!S@~48 z2&3xO=?%2BbXOjl0m(soZq224-)?UY+HM7ZRCO=49rd3j_Bde=F8}Pk|Jy6+f2;ZQ z|If#1dO))E@{5^eFNN$+{Ry=4LT)-Ngm{L{QSD1wuiXoQIQ2|^)G~UwN)(?BUePij zOyM_R`JscTtOs-PEdG>Y8KnwUa)nJ^Uo*3}vR)wn6fLYnS{Tr-Dnn4fqS$v(_qBK= zt4R!@)eWkdWm+YDrxE7&jqG#|etB-A{aFRfo1ok>e!vpDfMOVa*adHE6!X$!tMeWwD&29%)NK^6hcM7u=;Giwn#pbynU#|k~Dc zVQyr3R8em|NM&qo0PH(|Z`(Ms{ac@6p4$c5pqB0YaJB~C1G0(H&1;kToNV{Hi-kc; zW19^{swCyao8~_IfutnMvize>klQ_kC{mdk&J2e$!x;`G2@fVH>spe4@^RyMLZtR* zBx27VtTmg>W_y3%{@-ji%l|hITZhkD`%Uw&z1P}%)@<$X?zNvm^Wj)n-4dmVeAc`- zt@7mlCXH||G|^OW)$srVq6rgYKOkB&^r>h}Xc!{zKuya8Yn32Eb%0Tx+!WrXdSzY* zC^a2X3_FnaR>N@;p^8a>9iU26QCBmiF{%cZ$dD+kn?X6=Op84d(~l?>6}$t}mPg_^ z|Jm|)n|{*^Q3aC5+V&m6mxKmaU{pcF{}UXegiD7DC|8;=W@QA4GF^ItKp3l2UKbo8 z#7Ouaz~zK0pbEIq5K9pzfgSTDA-?SH?$|78D<(PAm4G(_0} zr-oi2xW*gZBYM(-TFv7k#0z8?Xdydrd*{U>JmQ)jjYgDHJ$p}v$mRgQ|4|0GL>Vmu z8Lj>>MJZ{Bmd+?)Y^l>5GchDA^-P+fc>-{b;RHt{VY-iFsl&`rOHQ0Gf<*_XY4AR807V7Lttd zauy?4(}jR=7$VdnjD(!kfbbA%LlTZr)~sVGI4(PB56YN2;NUHGT&s z5GNgIHI0vsjYCozx&A0v65%l;H0po_L{5gx`2P`M3Y`QUxegq>rC$E?m=UGUt;4g6 zNrC{CIuk}6`bffGCDnLF_{;-v6Lg$J#dyNGtn) zjZw^qM%5UQ)PQ{*-)}G2;QtQ}o4Y0d-#$D%eDeQ~(Qa=WJCLn3)bqgPDjA~Ws8N}S zBou*a1cC<`Yx^*w<3w7^X%MC8nAc+w*3DkgfStzOop*a%H@=W^gqrEjc7qz+SvxCq z&0PzX7@j1O^6^D5!7yQzk59*3$TM9mtjg#GyYzku7M%~t^tVQ}A%e-lU>u`;9Jkg!PG$_~eNjRfK9^ib| zkEhscbZk<~6*a8l$2WZnLO$U<>)z_NHa5!BF(qxU3u| z>#B764#Zj9BEYg0TIW3_Oqq$Qm{AS2*R?e$igGfJ$~t0;pkim4ZoRKmbZQX`CdRXO z3(_g{u2+n8+OWwVe~&sW*~(lc3}gXnF8>v}vQAsJ(3fw}m@RasN^8DDZ?@K)4Z5>J zdn&uP)*#3?%T}|wMyKu<|F6maCdf=ufA92fVZ(IL5GwLuyW z4`h0dU-3{*EOQjX-i5qlB^9yi@=rjxFcD_bWQ=7G4_~W)=#D7?4CEC=nsN%fnwc-w{O? zDj*Vp(THjcK?~3ms^H~tW@T}5eqmrKAA^c9c;$PiBS_0C4oM)mCX_2DHrGcrTvNti zh>$45rvhS`Pq|$w+U$I{Qk%+$zd6iGfUQJcRGSx;{bCllX;lk+=8|w&{Js;D8=UjH z(EH5{&aI^WgQ}IVIlAAXXRDq|_P^TyhZr+4i;&;D9K6B*?;q}$&;Jhh4i29D|6{ab zrIf_6YD`<+73Ea?ODzPrHne?TU}O_3nVF=+3-ZZB z=t6M1Xb^a(K$XYU(Ga{qFJQhyJI*$D{YZR3m9PEDd9ATcLW_{j?U*70zm# zP60CH#~KkWfRV8^3|R;2UzQ5=TNzSZS6uaGOZlFSTyOcMN;IP zEF4X*DWw@-nyp7^6zkaub$3j@=X_{&{2xz)2f7Bf>HcSX>HO#5u>ExY^C;~*722f; zy(+Ns<;&&dVM((eI#tMn{H0q(%e!hB#!;GIJW9#cD~8U2+@KAYrSdCJx3^n~JB5GH z2S5?mn&;iHzG6molTUh!x#ExBl5OR^ zWh-2XcP!&z5${2>3UAt5#=HHpF8TlR{_jtaMbzGyd9XcZQ~ZChcd+#R$J74*IPE#~ zh&DTj0xiHTJX}wZ!!V&NG~PNU!4(;!^1bKo6Q|U_D^L?;48}|h-3dD7>gwWIeO zjzts+4j+#%Af!@x{+Q~9{p;BG{NbOnVgF_wlX1iR$$qLSZ_E*y-6)A+L>Ve?$5+>} zx8o1VmAB*T$UF;4$KKAryyx(dNGcKqrzc(I8N>RFf%beFB562qDL#AtR0Sf$#^2$i zfU^DfyGJKyT|WvRkjBRRzg5ov_YR)&|Ho-rNauM+(096!mivc9VF-fT$SsZg3f~U7 zFD4g0juiHDO5ZsNhs53$AdHD?n2E&RL6BzOCp?5maH@rbkSZ9LgDn>#UKFjps7ln3izb}69`Nzw3 zA7{RTPy~qyeH|?=AViHaq8u~AMPAITtq?e-EX+hwDc zVQyr3R8em|NM&qo0PH;dbKAIb`L+BjcI4|M>4lW!uUuK%)12d^o_ldz`*JsLZr;QY zxsp&r01p7=sEPmg4!$Ikrfu2rb8;QwhlBzbi`~UyzW`bio{dq)Q&o&nVw@GUyFVsU zCo?i(PadT8dcEHE=BE9>*XuR^@AtO0pY%6->%HFA_RH<9C%yhwZ*%Jj^d4sVn_H zv>%b8nE&i2y`&fAs4__l?H~fdOq4ksOEIN6N;u>i<&b0u&-RZGpGPz^z+1VS9YyCjyAU#0X%qwHLrIjDWu{As(S%U03FRp5TbvNe zQpgCy!G8wynJ@x!jGp+FaKBpiaHK>jGql(Oxg)B_<-p+S8lg*$8dWzl9LI&{IN*q; zHDUF7vCMk?=v!;+sy%dTv;R}VN>mT$0B*7Wy{)ayrv2aOt?d7!wCO$?8)t0)SSX!B zrxO7bLh2MYH#Z^x$`xj%#5atLQt0%}`2U)jT{1^lreVxXC^U6t|?*a z6f=q1%omJVr=okYfm9v)c7z-y(U^jkB}S38RQrN!DHucfj&L$^l+y_rp+hOL5Q=Ic zXLGyQolq%-#5``db#~t1NG1-e#ib3y(|)p^^o`{eIi4cJObeO9=gTM>F)<*_yG_kJ z1@NtZ+K&cX4e1$2vZU1kq_Z$2F<>tov zYX3h*`}{eE9EX%6be!gX%$@3flwNl`5MN$K29ORR`OP^8r~4riYt{MrutHLXI-A+cw+;WR+n~MwQU3ebOpGWzK8Xf64t{&^W($ zMsUmi-|TO1H1>aQdt(*iRkDe9ULYSgO$R5r%EWGEBDiZMwRG~4Qxq?%@g#f1pD2qObz zesCrxh2Y3_#jZ8TbeRA}nSy^A7mRSU{pUZam=r~&@^n3xMv3ZXz}rl!DljuFsF09Y zawbG)NA*7wBBLj*9sbg zK9+)EQ(GM&R=-l{n6$TZ9bW5MsGb?(@snOiTbBHl`k;)$_Itg)@7IEvWO}i00Aj%5 z5Hp>^kvRB-S*dZ3L=*P?Std%ZkLp20n*xB{XrUS! zu*b`9pwL`d06L#P&lUEDBqxE(%ZfX_Ml&qVWKm^+%gc1xQJRe4^0HH*kjPPmMaO0w zPj}a^^wsU}ZYa~XgSqHzw~IP+hPzu0y()vIf|V0|XBOrP9TU@gO!PQ~1)>_v6`SVr z1BbK$DUsywIh*-nPW8pSR9%PvvqaUT3Lq=W6xMsaiSIWt(h=$lAUxw5y z#J$y7Tf*Krj+^HT&S#xEU9WkpyZf7eil=af{7B?@ETr}|K2KI03Vs_4gHcGKMJ8AZ zzwRFgBSPc|^>Gch?tzwJ@LPvGt5#{t$NzFbvioHKx5fXx-g+bc@AucYSMmR2wC^eY zZ<}>HpdwDLMbiMr4bU2rCVfCxYQ!=#eFJhp?oeZ>1;; zYjIwt zOCj;$UjqT7O1E=m9xv{W{(;COPUWs&g%RpH0~hyNmcpo>(#W+BRO%C6ndN@ML7o?a zJ_0+g;&vMo*HNAcA#=*B8?R*!XIz$=qQPX~>UV-eThH*axPhDqU_s4%a{Q!`8%E;W$WZ0re=yTEGvsR_t>*Tj zjBNX4CNsT#im$WK*Du-ihWdU>QgsWr&QV>6f3D>3BI<7)fvnoMY)i)f5_1(hD}VPK z;MV&;+b^5vf2;eSkJK8~)awu0!fhOT$bL=KZU9@1?(zqDwz_$jBgN}Z%`PvK#f_vE zpzspDz+ih5c~(E&y8-RuW>ecap?}$m_Pe~L(6;|i4qm-}caTi-2b$xS{lB%b)yV(* zo14AW{hvo^Ys+4Jj{aB<@E_0aQ%HCYRGEOk5M0p#Ll_DPvgDld5fH{ej}eSh8VWhF zM?`c;vv48@Oo&2(9uo~0hQvbRl!{WZnLz@SLnb7`FLN>$g-QjCo}-&Txr6X6<8GgI;INjHGg{`K_x06 zfi$`-X-1!1h6W!_{$`hk(bi!GFst0fhgKh1>vCdjNxu46HLfdNWw?h+54SH zvoUwN24pXV-^a);Mqy=X*qD=8nTRStP6o_qwq>Rw1R@cp)a`xhki9xSw7bjaUzpoV z#wvlsq2VuZTbW?awI1UPE+}Kbg*IC5Q72IpMCwOZS5xr0XokYePL2F_kgHzlo1U(I|uLIz?Xm@NKvpE#6!6Dpw6=H4#nOVV9#qK!S;t~dAZsCQ{mbU2)E zh`ABf0wxv$!vU=`PG)s5hr!IQG3Cy+2FDr9V%6>LA0NVxuzz~^!fqRmm|HMHxwZj= zEnYj7x~eykdFu}A!z7KX7$v8i8q;J9&#smwrj;uXR`|aPC{Wsf#Ioq_KloKxkPzI2 z-~BHd_QiQ17!&0p3{OuU47)VWVTzn0&v2piYj7kqrf^DmhHie3sZ^-KYQF&F%ETbn zAsIoLaOey_*$a)oeE9ib|NYUM!?(LT1<~VJ3%8!`aC|6a?1|nxg8>eWvW1weGGk;Y zHM|;De|Q!YZG_rO;0ut8b9nmM-UEjp`j=1Pi&-fKF^3=5pZ^EsBKnsw&Ml$E_k;cS zE7vL)+%DL+j$OG$#aQHnVt6Lzh57PjM|T@Tq;*uQa*~pZBLV#R<3Z4+!3t%6sZhJ zMLUg^PhPH)v@a$T5-Ti-$vbj;SHKWuB3^5fZEoy`CvcFAptF-_{n!BPy?~uOTMy4k zl60!Vcx{I6S7v@_&aOX)sgm(F6kGP^;7?V^ajys@Kr0~r;>IFPYPF(=!|RGWv|iMy zjtYg0<%&AbE7BVX!H{rIxV@%bk>0WbH80dyTzpjJASn4qI;;$PoLij z_EP`Q?5{~VytR=`Rry=h)gJNcZY;2{67CUz^bj< Vs{Oxi{}%uN|NlHB(4GKJ003Dl0J;DG diff --git a/released/assets/rancher-vsphere-csi/rancher-vsphere-csi-2.1.000-rc01.tgz b/released/assets/rancher-vsphere-csi/rancher-vsphere-csi-2.1.000-rc01.tgz deleted file mode 100755 index a95bae69dd841b3cc6d12cebe623e05624147f7f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 5782 zcmV;H7HR1piwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH>eZyPtV{dxZiLcWKW;H;J8k0cdh%^5YMTH3fnTfrlw`+AuCF4{#$J-c;cz%JoEg#_N5K?$b1vd3aA*dCw0cv_ zrN6*4`ooiycDvnvad4pjZMWOSe>?5N7e90k+I#Kx;ft3q4u5EO4%>(AA5i;ghF@J0 zAu<1<{l#MyC-(;_IEt9WlCVg0J%j=*F=Z1!z*18132OzwB^eV4yU6lNWwVfonBqk< z!ZYZi`ABmU>Wv1KtyL=#;{dwoF1dxKSO^KT%BDJswix*5Fka1vI!Hd3^Kl$PrN%=+%q1EuGd5)8gncpPXd{6@Mf4q5|aqH zu7w#Uw2J~v;r4$V_<$+;n0XHELYUtwwy-By!UNFI9J&)Cr^&5?(^53&5l9eCK_)p= zn;|E2;NCn(taiJ}gLcRJ-rTw^PhG0y{~Xf<#M3E&HS&M|@UUH!|NHHiTlxPj%De|k z$SK)BWkPmQqv0VGGcLR6;9%cFh(rQ{gu@$(CtcL&sQQ2=LINLzwta{t4m2QPza#>< z5l;pn7D7os`)k0WF`0}Y;2_n|POvpnHq;H8Lbqt>788hoV+ma(c>?;AX>|#+nCgn( z^;d*`c}v+XrvI|PT5OvnL`Ue;C&b~`gm4H^!~bAd-BQ6%=Y?j8kmwdr%-NiT5H`@W z5XLy664iHdH4{C&Q&VaEbM!m+>dct(?`{m z+Pj5sjwzm0cg*re7Jyra4}{AEQ`5Q%fa1AKN4H`beyScg+aNn`AV`lzk~2yTQwM?! zL6G0fZwNtzZ>ch7#+VAlMP!C2VCp!;Oc2TVB2}ub8R4992%CYj44Rf5a`Lk2j1a3j z6)36p%G?+lngsqusp{3bOhS+kUp2fxPdxmymN4+#E1B-Ewd{DO^hC z5P=XEoZZ4hK)a5y>X-w*B!{KmXb}Y);=KX+g@#r$Vj#$c>a2{Khm$H^b}hg+&9DI&X(#+i5pc1 zSHpMulV?P{Ju*pZXJpPX7OExdLU;JydcLky*?-b1RMEPg0*!$SU&dcx3a+vL+WUK* zg8ldMVE=Gy|9y+{=~EMhFeVY8hT-08Yv)|s9ldCv=I76zYDmU4CQc>ar`=*sA~{Bl z{}QdnqW}OEkp9wG;sa4w`uTek^bb~6@BggK3{tzQ8A43iVg}J>Uc%M;zjM&uFP#7O z4h~;#{eR!2?4Xf$6?Gr!C%Pk1*hQx)L*)E!IF3bY-tlH2u~MPkR2x?_maVp)L1p$2 zjUD5kxzEbV7cm416o;6S0E;eCCWdhKm)68HEQ9Ggd<#@KV*|(Wih&)|+wK{Rwe^yN zv<{XvZWt~2B(;fPk=H*1pOXMif`BEFJX=i}XS0oR^F*j1m~$r}Kigq>vQu5|iJU&D zlj$be&v-_WkA6oHi9(1ZdX)#P1aba@lHM6G+Gedi;8MZiZJ9L#L-`#ot&Ny`=inGiiQ-h zI^$@rBrM9UPBbr~W9V$b36Rfp*Y&Y;-O1uhvyMpWCA7CLv0|MmQ^w1WyDSUDPSt6zZGDm7SM$b zCjI!T{i@I+=1j7H(Js2|U1aJiU4^EoL&{qhGs-|R6RJkU1hcB@NJJ#T^b{ywj38i9 zsLm4YTpO#H((3(OZ48{SFs(eyRgN*C35Uxm2Qg(d%yxFPb8~HG-J9rZ2=*LRA13DW zUB6J%XH|Jlcs4fNEi0H*l{yYDs?=P#;HywP7v*>u#q(V^ruYi$=Z~t0-(0e!KRCO(?ANJ~{TkW7)uLN1`sG?QdoU|U1<_YJoMl3n4?dt}`~K%2 z(rgP$sODJ6MGQyqQ5NvoK@mU*Az~3-pfTe}vY1geSs<*077`$nIN!yHEi3LOO4=P= z+D=DVZ&S9pkemdv>45(s&XZYyDXh|ovXb{jCM75P#rP&G5;3xwJbK42Pq8aBHOykU zI3*@l-fT9D*_zJv+E6Stb8+-W4ufojJ$0dEazTt|x~K7bkK+m_^utu(hR*5YY-~u` zzk8*fobwLaL2npGcdrEM_??%CaYWfYaFhrrx4s35J8mwcfeF}G%%uir=WRCb#-UAo zN@ZHi!a+1<=aJ?+mzsC+L8Jn8V{CMY%Hs(&I<$#!Ox|*q z#G;FSX*5i#A_tdgkA7)HECkWmMU7Y?A|yo8sMmmEGBY(S)c+c_Im5BAfabt&HINBN z)qoPA|GmdDnCdngAW%JSOR2S_G*J8{kT*kHO_T$cpngi?(Ebzx1@qH`aDX{P@{0zp z9WG#uha}3fN)-m08S5}eM|P+zr@6$yVpV}cUh`LtZd(Kt3t{*y5XA7@BY9~3m}a$& z^)Pz~`Rhp?iL76tV$2{Cc1N1gQ~R$p_;QWw&?qro1x7d~@KHjfWQSNmiy#q_&DN*r77 zL0S55BFa&^2rJ0&XES^^xBpDC?_;h7t;zrDblQdcpL?Cd7hC)9o0KQY|H3e1(Fh)s z{-yZpfr(!aPxZ2c7|*+%b!sDeJSw9+Y+DoG`0W^}pO_dB#Gp9>aYq}OamU(}r^;I4=@?X|D zB6TCh+!SO=4W$H{F_zP#zdSn~4nFjU*TeqX>(P1d@7EV6mwzkvHvz?F%(y)I@m2fB zWp&OmSnm{E=@4|?sxT?Ts37U`Rtft2xi!bUMagZ;PP!G-WI`g*s&*Td(b3nuh+Ono zB;jMuK^Su~Cln?bx01!J(xd4nW-utk@7Bfca%)xJHQOw0QV3u-D+1I%X5dwawrfMv zm4WFMVd=V{bY)078&)pHqYvx+yG6nBgnN9${k(ebK3zcaLE*^t!N|((dv<=>*YJv) zuN>>Di*sdSTuPj4ai`Q4KynIt9K^=@=P{vx5&@w`Q6JApG_es5 zlnC{U;v~*yP1Ux6#uQI#2zA>3>FR9-Y4U-jH6h|J3=gjh$UdGyR|H`nqY4lTaExyW zC6YiPyoJM1on%KpkFHNn-w)0j|H_6ZDP{K;4s2fpn3^k0?{hZ+JIC@HlBLvo5G!qLKj7KTuWM1q8X}yq7|llK@r_FNArW*00w4`NXvU zB+Z{oMq8))YjVk+Q1Ne`Lsr{qBcq^@ez0lY*ppeDh1mJS1j$BXWTzNw-$8|7d*xFY zg%z*0ht+P=v+{~O`PidE$|6~Y)JNx2y;)gWvx44Fk5aRd;tumF1-;bLXkDTj{b?MZfRu#oCs~md*XYMgTqLRj76M{}1*L zO8(!@_Wh@CQVMs}D$}~$%S-xxeId5*Vm?|ql^wmCXN+y)|8=m7hdtdz#&q>q`PZWK z71rAq2M`6>tg%1aQvwgz|C#Xf!=%8P{oiT7EXIHKUhZx8|2HXx{hxhHCrzp>Zu?S_ zqLTud&RJPd5(T+YN{^fso+QojUH-;65ow~ZuC5;>ed;GWQYL@9Hi0t69M3@7h{`Hz zW#0%wMyBPT4XVQ}*D?1BTkc}$skb4 zzCR0}XpA-T|3&AZ`2Od?L3(W`s@*!yMUw*PwesC0ssz4Y5jr}Z2Wfv}FJkTD6g)<7W$GKnBWlG(@L&@z9~2}SGUK{FiT z3CvUti!u{C=fM=TZ-sGzp7qYfb0m^rim*U`Uuq$AIfcUT+Gj1&ag3);C}c<^VWKT* z{rXDkh$O#3i0&D`qYQ@v@g#~!G*S3uN4nAhir#3jo5FT)|B2lcw-4`??%G8Gj?g_P z5)h6;WL|8tE*YU+SVjCub~KG3OC-YD^`(%Xv5<@x+AAC|4%x;53&Hoi-e}+^Z;9*1 zlMLMgB9V}oQtd~}bvKDzLZP3@#6#y%00^rYqkzp~EQwl53)(P@T7EM(0~J@m-PNzG z3Qdtjfc8c!n3AE?0@$@TBzBEMa90y;%=ipT-QGF`5qyl9fDqj-QZNP)-}5eWA2f~K zejx(gR2vvKzUS@ipbHNARa!wL2+wP#Jzw}Q(bfK6y=Hb|^N!y+P~XlI*<|CU+BJnI z%r7iwz|HIj1zTUw{DNSs8@htVzH{fed-=v4Lt8HQ`684W4YwNg<6t-s|9~HQtRPksQ(eqVyb7Q%=P6H(w4;50kWgj zK`9n}2Mfb4M5H};5tCEk_ryx1EYld&$CyyB?CSX4%RO+Nd)&J5dim?Idxl$och5;5 zXJ6yiHSU*V_wcv*%DB{DimyO7Ugy3XH$1QO&~xMUlnHsPBf0sfoExvhpxHUzMe5(Z z<6Y$YenZjOd#`i~iHyuuG*H@jG)QGne&_$9zAcT6vL)dw3&WjIZQk4R*}_(Ci%#W? z?ie<{zI!FEji>XuUu4$3Rm`f4n?O>}8$wK#xYhrkGOE#He%(KRgMN1?BOJ$cftq7fx`&zb?wPQ~d5nKepu*Mn+K^2r;T-23 zdauo&%2?*-9D714QF&VH&@)fD=N@uj&FOW#zKYwc_%jpqDH*4JjK z;wvYaa$HvA|GZlyWPxZ&Ebc@ry=P?I_bmt4{@&DJn-*-#@H|TI)h>;i^b!WL=~;^R zbT~B4h0R$!Fa0*U>iAm^!GCzEI{)K1ZgRlk44%dZu;%=~*D3mcJBJ4^4z}n2Z&9}A z|LysId;Z^^|DWdkkDd)-thzIFW4y>W>NI_G3KA2w@Tbc^x+ZR(Z>@vxUaIu}uL%gf zLQnK3z}EWzUljlT!;AL8{#O5gi;}LjxxzcgoS1uUD>Fg#8Aso1>!P>LL6tqNn`d|2 z$x)w(vVU&T^~tyb^AZPFoc+tfW-zXEmXW-ZEZfVug*J1NJ@=Lwd$){Hz>%F!{x8R% z^dO%3G%=Trds&gGE5wxDUyJ0{QU98ZGu<*3nR|TYrBMgYWqz_*4O@r)maWUtesFvteRIT7^IbY_N))rLmVO*IPOaKyB8;|dNtCxJ z-6=zDMm5T_lNBzXziO}0TCwT={9a16jL)ew{guz=*O20aIVKDqhw>yl-*`2jbf>l|NI=^&w0CUpR(mi9u7hkR{&#FS3tyWrv zId7uJN@-w4ft8yuI?IbxORI{%>sBF3*NvX$hn2L4O&crIzC`~Kn6qLYYixp-VF7%3 zt;_4M4(U?PRvrCJiy{H*#A&{hiHqn!*Ggrz4%uv$TcwIt;{wXo=GEr#ox@NY1R9o- zNa{$hwrm9VsX$YfVG>!lj4}Xmw8(W+xO`c7XSeN|LCrz&;W)20H!2pkN^Mx diff --git a/released/assets/rancher-webhook/rancher-webhook-0.1.0-beta300.tgz b/released/assets/rancher-webhook/rancher-webhook-0.1.0-beta300.tgz deleted file mode 100644 index 20587102faa81b54227ed0237600d1cedda8067e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1222 zcmV;%1UdU3iwFQWG2LGP1MOK|bK*7>-Dm#_4Ktm6!m*7pEpKTy?R2KiFr<*{sLtGGt3r3JY0Nu1z46f8V*Tz z^}OtAIc|O}KZ(j`A$4xA6qb=%i}IIOS#Xy^<-5bJndXvaHWe;P$XQ_V!A#s(oi z)s&05iC4|RWa2`oG2tvqzBJbQATe3K0tvpbLqM>Zxa2XEu*)-r9=>d!#aff0c6C5v@d zaYs1|a5kd(Ww2x_js7cdj)X#zX`X`U#~75+oOaca#IlTYuX7vf{KvVDIn|(!xD)($ z{T~fSUZ?-3Kz;pJlqaB$y8#^1f5)-Y^&hz2(DCy19}V43|4#w7q;p7>UqUPt(?UL0 zns!mwHbOL=qnd8(Cm~rAlZ5k$;LOLze+zGfo=8xr_l7a&Vuq@pD>y25`iqcU);~c= z6RxK)XG*7;d%bf{$U8&3{ud=jkb*<}_uLx)Q4s7=$Ny7c+a=M`^T?c!nJqLQepIR1 zTG_?}i-K*BR9K@c5ru4?~E4zVa4Ec(V5JQ_6a6M z+29O?B+pWa2gnuk3ni(g*%GU=uEkKMh^bzT2@dXJYXi)NheIhsgw$i=x~bHKl<`DD zC3N#hNWk(X)&8O^z5XX**h(sX?Nfk*U;$i*A@~{{_Kk?rb~Jiqk?33SMHFDM{p!ZC zo&N#ETs)?p{d*#By3%m)7=#d5q=i2P^3gDHf&rA7H9(~`39W~Dq;Z0@zl$Mw1zFX`oSbRXnS z=)REN#~v}s(-TITcex|a9yT{F4Qt1H)o9PK{9~2zIc01xZoRz*Ya!TpuX;QcMzuek z3$0_dH9yrlOfn(;DOb`h8Nc*>kwp5Yv9IUm$NwGe`d_Th3H;x{8SMK%uhaiiAlLfa ze64rCnb|MU{bvkTsl}B{^mnXOdX|)P&^1+vrO?6`d`$klniv}mD^+E8gK69d&ON1X z3hn%tGwL7bJJ2Eiy91}je|z9{{67h{8K12GMnRnvZ6)=y83k)e{=-`V*I&yhPqR#=Lc$<}&pPV;{f%$u_G z>FJ%w$ie-e=2Q7SN^pq(w&m6MKX6A*$Ny8Hw&ORl=rF_2J&F$Bigy0rFM!ARYM45H zb^pKj{l~WLj{m2?dfg`hgm^xG=2Ju;x5G4$h1KVQ{9m2&gJ$EuIn`saWRVU@?+10! k`=$nfE2wUIoBlu))PJ9QK09>i(BZA%Ul7Nks{kqh0J1rF2LJ#7 diff --git a/released/assets/rancher-webhook/rancher-webhook-0.1.0-beta500.tgz b/released/assets/rancher-webhook/rancher-webhook-0.1.0-beta500.tgz deleted file mode 100644 index 895ec88d471956095194e51e4b99a81fc40e641a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1218 zcmV;z1U>s7iwFQWG2LGP1MOK|bK*7>&9i@nhMCSj*|80nmbWyUb~@8$7}7}}Gs3ci*g$VeLbGmz#Nn9PKDzP@?`*tR|B_epm3 zyzFYbz5H5$INgCaaNR-Avx)8WJ=?w_{kP~$9f{IZVpjqYMGR;_=c+Ld!@}@DJHpOw0t^e(eN^LFaoS!ZS&WG3Q?O*?X&#kThpznHD#6DdY_Tz)EKaC=xsb(TlLxT{X zYRbjb!mH+BF>x)_kZ=|ye>c|pAT%i`FOo>#H}>_?{P@3Pzy24ia|Zv{b-TO%&u#Vp9LTl)Az$n5 zFK5mxbpL?CDz&(h33JOzrDsVw1zl5xSPCtC!H4Ac+mW%>uu@gFH<-qa;L=n2uCSl~ zazg#nd%J^~dHEnR za&-Tv`BZ+35**{dV|z9JcYA~O|G%@Kw&ORl=s3eKJ&G1zi~an6ngNgT)v$E@=Kg=@ z`;X)FTmGK|tCdLt2=RP=;8TQ&+hH2W!s_!t{;y8?L9_ASoa(VyvPg%d^PRfxd{qO$ g6;wB!b$=iV>c1~NpDkLnXz^a~FDe;N*Z?X306u?gPyhe` diff --git a/released/assets/rancher-webhook/rancher-webhook-0.1.0-beta600.tgz b/released/assets/rancher-webhook/rancher-webhook-0.1.0-beta600.tgz deleted file mode 100644 index 72053e5c94e5b204a4672b3ca001012d59bfe523..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1225 zcmV;)1UCC0iwFQWG2LGP1MOK|bK*7>&9i@nhMCSj;n>EQmbWyUb~@8$7}7}}Gs3ci*g$VeLbGmzacFqsMQe0}u>uq|bJZA!VPSZnonjo- z^_@W0*8g@!r8bvz&QF&E=fiW|{p;U%o!a^j`i^%+tkZR2KR)>S(*Q^bhJ#M(-;!bIjETWFeG_l zS1px>d1J5y4pc!meW=P@zQYEM*&|4WV;Yi$gST;YYnirbbtj;yX9S>p$zq*VJW|dA zoQG(76U>=PqyNa8BcYIFoTngq8G|yK(=Hm4Se9|=6+VnQ|8d4+PBo|#?gal`{|Ehn z*XsW{P+$KAyJ0B{+|PEPN$G6zl2yQriENq%645> zI6^d?qNZ-DC?Q!BqlEL3;LOLze+ln}9!XFTX~URuF`>NJTu{H$Uxei1{ux4=a6N`8 zQ##Gu>0Ek3J{b1ve^GJ*DLBS|4>yM`{-Yq+E&tDgO|L{t=Oc4IX136L{$8b)YhfGD zEDAQAQelv8MHI4Wl7|~}R0XW2Db2Th(%QZm#jAymv%5|@h6RH!MQ1WI+9jAYzoc4| z{`NUTQOPqFLIQHZ{6bY~DK~_xtlMKTQ^Zuyh6D$Cy|Ec)L&aegAwudQaorx?hm`R| zLM3|BNJzl)Io1BGEWP_HVc1G4g!`uh2f+fk3q$ZVy6t-rrR``o2a)Ip@I@40vHd1i zazFnAh`CtKvFqO|0Y~_6JFZpdzvuK?{+|O|{EuU`=K1Gp{r7XaBAAN7Piqw(%zQKv zIUO@9{7NUlRmo4x(L~SkwJV<6$d`g|HL(1=2=S7UAH^k}iR0v2LYXjOG63 zx4VbY&Fx)PLr7+Wf0AN8+$coOGvL7(!tK(ce3a=&*>|&2n<_T+FW$g_vdwM)a=;Z8N$Gc5m9Wjv&Y4aTjr(_k$G8}C$)r(&pf zr*o!ttTyJST8B|4oM1{?Bq-{XYkC zt$)bZdi%?n{R-VbV5&+ju4JOSWuMZsq@04TsX{D;7QWy^^84+`SZi3RD%%@O<3@1l zDScPi&wn|g{%O7g9pk^-b87szd;OOGXTc`pvlXX_o(akRX+Heja-1)aW5MA^EWktH zD?~zKbYYq>-Oo}a@quI*wUeuA+Rw|n>8UX?R5JN9J2T-qa!bexOYu6{TCL1+{(pjb zUzWbSd=MEqy8qLBD!)Yuj`82Nyc+*|u4lFUKL=_%ej|&HGyKw{Xz{h!&;O?x@EBhW zQ^#-a|98IsSc5^!|8roq>XHCLJf9!<6w$@)Fb!m3^?4xwSEu}l+4yfx^;j%fq(jpA nPF;7tssZ2%s+-QbKM)1=- diff --git a/released/assets/rancher-webhook/rancher-webhook-0.1.0-beta700.tgz b/released/assets/rancher-webhook/rancher-webhook-0.1.0-beta700.tgz deleted file mode 100644 index 79635516b850792ebf8585e42f7632b2c31cb2e7..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1226 zcmV;*1U35~iwFQWG2LGP1MOK|bK*7>&9i@nhMCSj*|80nmbWyUb~@8$7}7}}Gs3ci*g$VeLbGmz#Nn9PKDzP@?`*tR|B_epm3 zyzFYbz5H5$INgCaaNR-Avx)8WJ=?w_{kP~$9f{IZVpjqYMGR;_=c+Ld!@}@DJHpOw0t^e(eN^LFaoS!ZS&WG3Q?O*?X&#kThpznHD#6DdY_Tz)EKaC=xsb(TlLxT{X zYRbjb!mH+BF>x)_kZ=|ye>c|pATk3DRrc>0^O%)|1YhsjeJ`$Yy`1mj3z0e~G3LP9O!x`0pX-xA>2O;I{lf3pTwHEuD|d`Iy;4>-l??TCRm- zJhLd+bV`Lmx)o8#rb!-d%uyAvnx-`0@=0s^W)!a$I!<$)bPNjyUy9CTX4E8@G{2-; zlm7NOLs7{y7D57Y!Tds1YAH8_tE}5&F;m1;&xQmCdcCn3W<$kc6(K_EA?fwHcpp;6 z6A6{*O(P)z%jZ=4v$FK=uY_SMsSxg;4jcpv;4Tco*XXwIMU=Lq*&IZoAHWw;fW^+6 zSjqkT4WZQ9jD_qwKp?sZAA|doA*5wW`KTI=KWr z1-TP?Dx`PWAr^Ug!AR>dcjVc_*4m|E?Qo|W?HQJTsxlr@!v^El*=evAf{k~o$5Sy> zyVE(-I#wI=Q?0`&6VD%V_1uu|8{Zd6r0*O1dTDGvG14 z8kUaV-2d-<|8X3*<^MUbTA3t(5YOiaK1GK`)S2X}!L3Ptv_Xnb&{`=DN*`h^@7VicB0>Vh-Dm#_4Ktm6!m*7pTi()a+UZQ2VMr%^%n17$ z)CkL!WVS4m|K96Qz!*q(2}~NF7h~yKS06q{M@G`fpMmUtfyqpWr>hUI0L!ul{XWUA zo|j!M$IY(=h}|1_1IHP-o<%IX?^)Id(tnN4)R8DnC3YncQN(}-bgmlXFf0rYv{Q_u zy1o&}+WOzjsMO|?&iUzb;Cy(lyMO)ru2Wn8LErH{5bJbZ*pGL<{xph&rkaUJ4Gltk zswo#!6R(A&OH+4?(<*K>Nkbo~eJpw<6#fX(R?QstKr3&pgM%Szd< z>Iz4Qrc>0^O%)|1YhsjeJ`$Yy`1r5kozNo*3LP9O!x`0wH7u*H8A1iR(`S+MDqXz6@p&d1CanoplpYPlA+ z@x-EF(HxGoxLCN%Kpp zHR*4kGZd9PV<99U7tAkIrIvC-xXQXc7BfXm^=wFRpjR84VK!78RuLkk9un8>;eALM zPb5^LH;se@ET2>D&&txUh*j&3btR3!Dqdmj&k5$G)YS>`hIy(*4La^~p^>`|V zYIizkTE}W*eyVjCW#ai`uAUpxeeL@qiS%7#UoXv%|2y{Uf3Z4e@P8=!yZ+B^_5U2m zwf;U|>+LUR_6v0XfT=3AxRQzPmVHXkl5z^VrV6nXTKIww$sac(W36GOs%&pCjT^zG zr}Rx>KmX-~`ltC0bd3LQ&#Cd>?s+Z$&w@?HXDdz-7iuk@quI*wUeuA+Rw|n>8UX?R5JN1J2T-qa!bexOYt(Tt5bf&Z2UK;dMuVK(jn>m npsqUK)Btb=)lFyJABckb?@P~Tixw?fycPTl0kSbw04e|gZ#`wH diff --git a/released/assets/rancher-webhook/rancher-webhook-0.1.0-beta900.tgz b/released/assets/rancher-webhook/rancher-webhook-0.1.0-beta900.tgz deleted file mode 100644 index 9a2bd2c69b252e6a6aff31c5232930a4da878c77..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1225 zcmV;)1UCC0iwFQWG2LGP1MOK|bK*7>-Dm#_4Ktm6vSS-CUEb1c+UZQ2VMr%^%n17$ z)CkL!WVS4m|K96Qz!*q(2}~N_7u(YHz54JuI+7)g{255|3ruE0JY9Ww1+#5?(C?G% z>Ur7Kc6<4?FyeFv-oWkJJ#Rp4r|;R$2hx9y#?&oQno4X+Afku?4d`4o`k`AG9*9%) zqq@EklePK3nNg{&C7tur<-qaqdcFPg-|xBE{Pzd_ZolW@{HHe`h<&;y?6-G5|1^q( zrkaUJ4Gltkswo#!3$L1k#l)2lQnQdjFeJsd(&#p0K>*Q^bhJ#M)94b>IjETWFeG`Q zsg_E^ywO>xA>k}a{%Ne0z=0|-(~woW%5T`9F?#^1uuns>aPcv&9&O99Y;yvdelh}3 zzGSh^Djq0j0ggj7y$0h*84%NO0!k>%WF~LXRXUh_qo$xtLI1EH233=^Y_C^?!ztCR~qU z%9KtscRH6IkauSL`M)SR0Tmp>zlV#%7XFbCTK#t(+tf<5R6a7tV^VWhy>(<`30-gQf?4eS+_@krWR8@8xrj3)y86&brri+xCp6-q}S`>b4VFa zBvhm~jf4a&pHuD6%F^4v6NXVzBHTY5*a;TEZ5V>DQTE=6D2=1p97Lk;!52}0#m=ip z$^G~bAm(B@$EJTT1suV@__% zk;5^A!f$i}T$T9598K^nKfB_+jeM!`tq^;IVEUpNsUd7MWf69+EHMd0i**#U=*!*p z@3;4(>zmuEhLB7K|18CPxKW6hXTXCogxjS>`6%O$vh7yIHkEI#waCZSs_HN4$=??{pSu^{y&H1 zTz{X>_4dh`^8(&KAgW3(u4uyCl27SgQcgkFSRs}|3t#Xd`Qv6}tU0V?mF)$laUr<$ zkiIF~kAFF#{%OvEj^V%8t)2hl_HWSQ|17qN_-w{$qGv*~ug#mk8;;`zax6Ifgax<> zd;v*F^e#jbru#*TBtDP~y>@a{q5ZtfOm~fup_0j8*`5jaky}JoNQ#%y)@o&q^ZyCf zU0M44{7z`(==x9dq5K{uIEH`6_GafDyG7p;A(?Z^M)40w#6 zhNa_I*Z(``KaT6R_&5z1O nP*Uf9dgTt+m!#dn@)YK$0ZR04e|g`jCFD diff --git a/released/assets/rancher-webhook/rancher-webhook-0.1.0-beta901-rc00.tgz b/released/assets/rancher-webhook/rancher-webhook-0.1.0-beta901-rc00.tgz deleted file mode 100755 index 88febfd29de9302355af52a3be46b1d8ab77317d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1218 zcmV;z1U>s7iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI;^kK#5Lp6mRIBcxY*MMxkp@8)hgJFP0UBg9tQ%aut^z#Yd< z?Gv^X<-b??1VR{AJ0s|Hd2R^)I*#M#`0+WK$zX}P{{`nurJe@&OQy+Qvsm1`8XU)Q zCZ1RPI*!x+b;jQ9jq5p%<9XxZXmaDY-f%p+0q6Cma2%;2rf-}V+iJhu8v&D25hJdo z@hyOW5ff@*2aHId&D9`4O+4Zl`cUna&Spy3>BDMhu_S5!I<{*&{W%hQZ-rVMqDoL!kC-9_3!0y5Gf6_(ge^tL1T5BU3D07+`bMR$GY@qK8iN~S4^a6Ue^Jf z;{R~yw)yYfPOkhv2YAdDm@{8vq6{ac*Uiozw0AfFv4sz-T^0cpLrha4rb_T&?ZeN} zqoS!sgOV(3A=I3S%DIpzi~*F?|9}xo1_VcCJ^R3}H|3gfKTE{3~d>uH!e|PA$ z`F}ea-(LBD4(w`WmLz7da;+yWLmxgg-`|RnSjdRwM|ZdOH3723h7GR1;f3mc45%c7LqB`Rod}-ob#aCXi*lrhB3^nZxB=5+!D5eVXquRhoQw z?|GxD)}UVT0Pli8rIH>y=Xz;={MT{Z|LZvmUgsWoO8I)xD2^me8u6QmB7krvV{MnRhm3w%mO&D)eIe! zWqlULTv{fb|A9g7g!)yVk9#iV=#0wpDj2od*t0U8WIxuWS@xZHp5y$lyz?u#fYbNC z(ZT)CyYl}m*rUyU g43rFw5AMG>i+sfuSG-016954J|IuuRH2@|60CRd@&j0`b diff --git a/released/assets/rio/rio-0.8.000.tgz b/released/assets/rio/rio-0.8.000.tgz deleted file mode 100644 index 168c2af22c7f0bf529a84e9bed367caa19fdf3ef..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3660 zcmV-S4zuweiwFQlG2LGP1MOUGQ{y-i-p~FOy3AC~?i6ueNMI{fTXh`6?okU21s2 z03SDw{PP5jz51T`%4vBc2-p+j*FsXTuv#>)Xje`M`bIC%kl8BD0F&(lF zIpbn36}wHCd{?sv0ZJhI1(;ix^eR$tD-b zCfUDIE}5$KN3ug=rf-D2=5gQW3MLOI{1KNrrIBKC!~<3vHM&gGhDQ_rnMnl`+#w_U zndCp~{*Qj$3z-TePqeAJ7%&1P5f99okdP&j7~_->7Wa9~NKZ)eYuaTJWMIl02$XuD zb)q`8nlz$#JV0JqWq|6fe78P07^)Q0ssNk3^RYsSXA}y+y#Dg6$eHXr~8-dK!no zAZC4Q*}hLC>+xF_k{b?mfBC^DALD3DL~L53NCb`pJbRe$`5(?N&o#&fEcV542n;^& zpOcVF<@tTCYv!*N-}AeF%9{C`RSfzy{FD7uqqsI<)P?b-3F+|&?CE=7-6Zh0ORwRt z9>Vwk0O@B6ijpdF_~8ILOr-cH3$*9+kkOi@gDTG-sX&CR_6-?K)c>=Cy${C+{xE!@ zK9=Zzv)7sPNeNcRb!CSoMXK2rQH+r*lrfW|I=C_e9HLd^F?=1G1|ZQJ zv>$Pg_fu)AJntM@k7$&_ETAuC8kTwy2IMK*_*623DHTT;=i!Jlj9HjZ((oH?0*qpI z1I93jV7mf_GaL>JyghGUGHT|CksSM?A(wV0%^Y`GCJ+m^%t#$DzQXx|2XRPc2$o+H z@Cq_{!j9)%U0rpl8hCHXHOLm|hy=F3NnZt+J)w$dmql}l@M{5IbLHxPLQIeSdEQ}R zH<%4o5(GiZWTC2a`>@q!+xa!i^f$`2SsKGN--~$q!R}!sP0Uec_alo{3KK}Pi6@~L zQXU(E!&Aa;0sX7F(^HL0V}(9oi{TV&I7O@$;SQ}%B!I?t>-B_{6qfi?%u9=WVT4Q~ z*cxzDrrA@o!aXU5WGqtYw5B8$a?Z)K$qN}Wf=NnJ**CLfI(}`Fv?*&WXeD8@fOiho z=7l1GkB|Sgw;Q{g_}@ATu7BasdXYYs#s9V&)A+C5+S$ba)>8NoT)RAYH+>{&+V7B& z2?LR=7{o|ijL0~R?o@%pL>mRcwP(DMsKbA(&+N#GJoJOutjaH6Szy zL>eRJ=);-nAQeyc!VmzF%2?$h9Md?3KF35QEa1H{p2pPDGULhiS5ODGbB4!3zB>!vW`9)|Hqsl$Vqb|Xd%0f|JvkDf6gfx={YbHwTaNJ^y@ zDdY-yESCZp9b!}wnNI+w^^>7n93&tU%Bk^YtHNv=0rH-?uQ4?KD(jga~l*rF(F37vg%kl zf;ogPdTXg2u!JQ(V?*!-+`jmkM}W#)XRobF-()GD{}cD_IZuOS{{MDsw`~8L_3d_h zWB=Dtiq{k1=&RbO;a&3>EWn3+FL*ef6we7l3imB{cf>!lj<=sHGP%F^ z&?q7c1rGx)Bz`A0LU@FJqOuiaihJRnC)=s6WkD<~QHjX|YzWCj!Ga`kI>0PsHB~}o zzrd(EJ>I*!D&alif40cUo(eF+NrP(DR2oVK-s055%xo7bE0t-svo>*>jiac#ODE&) z76@=99^_S!ZfW27GAEv?n^zicY-qGQQy^D`$IR&xj zC#>_u*{6fbY|F!smnVD22j{1I`v&&OxP0VLYY^XgY;Dz)Vn6DK|S!qv%vb zJQ#P#UIbGxS@{JD|z7L}dM5iwhG2i&}(yah#CK?M7-QxGX+J(@=PScK5F z)vOmD*%%t$4;Q4JaG6M2?(4P9>{naL=l{vai-U7t-|A=WW5xWBg8#R(yWQHH|LZ7d zxNQE9ITQX(G}jTDG%{n-Fh(4Uo6O(C|p*foJxV3mT4r3ON15+JXR9f!;> zCeRU7rfwC%vBN}!%5cYBr>AdMv>Y4bMZlbsYC?XjBf}6p9)g!Gx1RTN@iGGMD^RBQ zCT&FYdOYAXB6y=PlM>>HLJ_FRvjw*%S~6A}Qk<6>HrQCt|J_oy|L#nG=1}0W{EzJ! z`@g%hy}AEgOPNYfv#y`R=L`J4X%zPu*U!Yg@JogajVY?OTH6N7;bTC2*)J)y2n1lg zi~Unm14{)~^t3=#_9Yj1e6KypUvVkxzdH?K`kvDUJgonX#!kI89sg->@ZWk$QU7I^ z20l&oKuG?l&2zZ^QQ_@;ZW;FN204QbvM4HKDXKIa^4ODUgx+8kU=IHU09E3Yzk>d; zWJ;tmV6N`n`*-j;VzOJP06QV#Ge`L8?C4?Isb1h`@jk(gX0~Ubb0?o#g)59q;f$@s zdzfN+b=<#UT|ko8rI5Zd6wa1DK(kCDcB=u{<_s~8H!Fx_254gDulYTR^}62_aAur8 zMtIG7Y2+%FiD2#-{Oj1H{`nyrnc9GwS_o0`cfzV60?sq(LybwpN~BaC!DRo=qo&Qn<|)bA(DggWk*5_z61+jB4hf93|~ z7&gWi^Kv&~b2&I;0r?k_0hH@pA0Q$fLESyXCJcy`M*`=Gu z#-@EGBKtl^b6&Nri-agtJZXY8yVkHya}A-U>e^ZvcbZNr@S9AXp-*_iFh9EdYvysz zy(|_WX}8mr{bE!4%-1vtv#&Nw%rbNatV)cUJ$_IqS`BtJn6WTcBK$H$v%*33}iUyi2F;dU?TYlfNr0KFKaEo&IK!+x8LB} zWp8!7wDvs$m2B3%+|g^s|H|=S7LUZZXOb${7XPg`n(gh``0pnFdo5)u?Q4F5E#BZ1 z4bvQG0w#$@$$)M^c%OJTG1Sl#~Bl+VWJA zF>x8yrzS`=QRQfS0mLT<7r%Wx`}OkY!=sA>n^tCW6EmK8u>|VgA$uqPa8;rvG<%w4XmY zE{bjoc!QVH?5j(fW%N(wZ^4$hjML$z*%lx=Zj26T6!HRJTUGui%iQ~am(%xLN5HcC z|Hf`}%KkT+_09d?TFOKB|1SG;Y5MnUD(EWa{Iy5EDOjfN|BdAz(&Sk)fR^chd$&D} z{~E1L{?A&ZEI*x;BZi&Y<Gudp_5L1U5`L|8 zirM!wg!lIqlHmnxbiY+`&~HvR`OAftKZf0Tu$R3Hd#mU-w%$ z13V6*G-RZbz29*J0I`y{&))__+3w$c4JNRx|Ca+60lZYcPS%|7&jizqJ(H z!seoRX46*POF3^N5zvTqej*_cG*EGgj}g8bn!H)2W0J;wM&4d;k+&mk<{L7^_)Y`y ze~VbIzF~&Xw+gysXhHAZUW1x-?ketGSNMAOb_A+sq`E}bie;Q~x$L{U#U3-RMQ!!I z2HpD_%EJ7=E}R7D;6DQpSf>B2o$2$xS>N6K|F^Z2r^lQBW;e)k@4)RO4|mlW>mgkh zO?{wGpqdSFFHSU6X&3(`n+b5wbz(NI%iJ>U|Km$^&;6f3miqs*`Two<#{XYSS>XTU eHh8}D|JNSmrfkZlY|5t0l>Y*JC}^qxVgLY|WF@u$ diff --git a/released/assets/rio/rio-0.8.001-rc00.tgz b/released/assets/rio/rio-0.8.001-rc00.tgz deleted file mode 100755 index 85bf5f0810284acd0c6c5ebb4a8952fbc0d64e37..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3647 zcmV-F4#4priwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH+#Z{s+U{aL@F&S{``8!h<}Cp{3bz~$1Jy-C1igTemct6snV{$ThDdQU@6Gi6E>`KtHbZM8f1gCxSa z&_q+gmG1xqL=z?=FCbbo^r+|tC^a2Z41JJ<2QkW}U?Ej0BU6`?1bsNCVks2fr6_5F zTodL)N6QR5O95jVhR7cTF)gW-1n7gL!c|kHF-_(wKE$x)+nVqvI`wN91a?Mh3ELj!}W%nS?z zE3cRz(;1=^YSm>T63W(5lgOF(f6^eZ*LP*m>p3sI7I*3Slac=u!ZK7(rvTQ;|NZ`c zOa2cA{hj=OmP8X0VI|s)sBi-XQ zC&Dwr*c4QX0Ub}_^bAN2i^>ocAxB9xf(*HWP$Y!%cc8K~6;dk*M3N9tm=XgNLe2tC zh@&j>VQhpvG#WhNWW*3G05B0nlt(~0)CS90Le?0G&SXwfNR`2{o(g9VPL0kn$j3Cw z^3i}>s$-x$GMxmp^n^~?fKlEg(?SJ=Q6BkV6sH3)$|wt~uaKyCB!~=)J~{vq6Jq|w zD8Ipau~mLm{i5|6JZgpc6jnfH#ETCnA{uYW^deW8pREG2DBS{80k8zH(Cs;Nq1{Os zo?{|37VF|?$~4NNv6p70A2J#FuQ5p((Wttgzg(VNc=}FnwT-p*|L~wC|M!Q7gPr_; zj&y$yUcUb`JO}>+nrenHn}I3$np*~%L?(wS;NrHF_r^4K&a7n(w}fgd)OC!I^Qw_} zfk+Ut)N>qww{RR|aAP6nLbF6>g_{pI*$4y8z~#32^W1RvDsf<_Fcn3nL205hRoKsM z#Wip5T2iB;#^Tyggj{73VJb3+Py>O0WlEzgGz1VH!s(ggTnf-qWFv+u7D7W{aQS&Z z48o$1Ohn4&Z9=$dFcqP)*v+cbMj_Vs0$NV3eGW3?;HL0X&masj5n#3kcaHP3kdO$8 zwnv~44NY(Drb3LzG@yimqIz+|PymG@Q1h~g>Np#Dfk?VF1E8xVVmBdXT)L*hPO|=a zQ&aw5#mG{W%G2o$&Xa&4!E``0(KS;xQc6t-^1zrTMynayUFsw;z9VTq}tE4SV2EtXhozh}-)rsb*0 z|AjV`g5eh30T1(kzkk?k`+pAxJNxf>Qr&qeMf2A(w;+<&Mml*_*mRQu=o(vea%=UFdYoMiG_BWPnB9 zo40QqfCCz?*s3vps|0}{m6h0ZlfPFM?Ivjxy+gm4mBSNCJl)ExZP)U`&k zg}3lnplW_~^Nq+RV?=ZiKbGE_bLX)rR`U0wX)-+SnH@%TjPhvOwt*y~`qqpw%J0Wj zc*2%qD1=2S#h9|qWJXHoOKat*2bt0$DKo8EMmLoKW?qr&Vk=o4T0OS=sbDmiF4i_1 zSPU{r_0)pUjk>Q=MzyCB>Z%ljrDSPI%m&s%ZiG?`Ng`Z1mPL8MNWrpe7f;WeRON&oIAaRtWl(rpPGA=GQ`Tg}q5ugt}Pi zD*q8kBpU6{EDg(_Au=p}riB1=!Lr%6cgm2~9aByi{T<~Z+0C+-rL`v5oAXf5uR2xB zt7c_c<|^QdfTil>3A(?);MP}F9~!s5yuMWoWC|bDx!)?ET-VvUsrs;qx)qJIMGaXR z0Jt4=o3QEzXuiRaUr>puT5EG{ZW5Lj;rCfI8z`#pHy^&)K>c22zWF3Q1)E7Eq2O$~ zHBMWQhTox$9*23O0o@eY;}~HT_NSP^RMH7$7-9Id((;cvVKsgG1J0e&goi|KZ|2sI z(mJbTH}B1cUef=!(*HZ6JT$sz3vS?b=Rd>4_WA$e;h?wk|2{{0yuA63e1WWT16OD9 zZn2Uav#QQGxwCW`P z&vbUw;(zOTPDr}dV9<5^fAGG||HH$>_dEW7j?@ZXFIdhlgHI$~&D>)eZOANT^}Lb~ zZ|*y_NYV1pn2xJxqjnrAxU(5_Y~X0e@6^JQ7650nPW{9eX74(M`))}yRd8vJUumLg za8$;ScKm&$+ww>5ibMu75wW#Ph6dRf1U1~s(J-uw~dNR$8PXF}T) z0BiVvus?j?KL73a_ILdM9I4L##;BdE`VZAwSgYbUlmsfpz@SjbFwjE!Hbf&aHt zLZ+jcdL>jT{2L} zC-pffu9p4s`ReHG^y=%;$I}l-mtW4Ed6>S9pZB42dH%~uXR+q#m#fc5pH42$j*d?j zYpq7R+Y;La=P7S?w%i?96)HeK=ybWICVu6%19-CRmo>Cu5s7)?;FF z&WMhE=uU|2%8c94O{G|^XE|zxfkf?+l)6Qzfsi#Ii6s2O*|dt^xBSsCo zG13MkWBQW_(TCxnS1S_s8XaK`YUfzyls4OXX)*hUO-=oed?Kb}d#U2t z;=g+R!9n}}*TLX$7ytPzsU`N8U$8M!ux=@(g>|HTi}_%hW`cwl4Kt#t{EKT#txHDbCgjWpiOgMjYyV-m1MSKgX-ZgQD!~NXQ z5mNh5eMzB3AeaxA$7eQ26B(gCt3fq=Nh>@)FFnYA;Ix$gi#`3e#K2np|9;Tk|GnSe z>HlX*5AlC_bh`G0_y7AL>JOX@|9dgAghpIQe3CZS@&Cc#u>Jl||NSoh<5|)koDr>2 za{EM0z6jtpMxNj3qCA3>1UDo?>V#iiH>Xe zgon-^aE$V|4*rr#9Md}t^LK6j?XMnu;cN{mEywUHnYyXxRanv<`%1<@n-8rHW32w3!@~b>=J$0KpZ@m$@ zao&15Nu9U<>+Hc-BB{s}oPIb_j+aXD8wT3(Xo#en!%6X*<4sf`LhSxPvd!@S`N`3T zPbXdyK2aNM_|O2yy7L3 z;^jwWyJBh@p@ULlST>b+ONvb6J5Y$_doej3ZhUP!SUtHSlRQSvarX9#Fqz_>uH#%F zLhUI%Td~nfes-nu%4ZVoi<63KRE}eMRK7r28&Bwa{R0pZINqWxuOa0aPHVUw=h#N7 z+D=y1ml5PLA4xmLBPy=*$)QmgsQdQ*t&H9C}udf~Fw6+@Tf@%Jw!BruE?sYd_5M=1+91{2=I<7vz=WsJT7nab(1%XUPJj*QBLXJ9{j>-W0Ef| zktsusYzkRfYG-&XMFLZi$%1PdWEspAcsY1^U^cjJn#stHl5O~Dc zVQyr3R8em|NM&qo0PH+#QyaOK`MUipPMO(CvXgGxU|_ZvsLc?PrRIjPFqx@aQ@4WL zeQaxyr5;Ib;!XJPTasF~x-l3C7cyJchs4(7ymWM4l9{Mtgc9SdpzZw;kvf@@F?;r) zt<&jrwt7ALf2Y%F{@?9vZa(YwI_sUz#(HOc`&p;E(d%qJgU-W}vAC5=6Zx$3&A6J( z{Y4t#Txg=H;3|y(GNK6+!z3eGGfb#xXDBrtP|Q=1gl8j^3#a8&6^u+{PR5wR@!j3a4f}y<|yHiYm@_$A-vc>K76?lkO80yl3@zxWglZTRT{?&rwWw+`*Yk)J^f#1>3ZBBG8VW_VtX4 zQpgCy{(pM#nJ~g|Or2C4a+O6TN|~XB;>jFRJu3TVecK3Da@45Wnc1PZsCFo>U__Ie zKsudRW}Qy-)XKVQ58guiKOw9{_3#d0iT&?vZuXk?f2+5(vj30KCi`fNva$Ump>ztZ zRs>K8sZ;3nHX;DZ6=tQxw~P!^Xm!naPBh8vLRGCO6-sA@8~~z}v2xYdOk$2)Q^M3K zW)ii*=dD;P(81WuR4qF?M2?bZOhL;MqsW@7eZjR9jG=r_I2k(1>6i@Bfs|MXMYWLA znZIg}sgy!u9xpa_7O(dfV+Ym3(uUzlH(5`*#^j0|Pmy7!g-qegWfTpW=o41CP0cC_ zoWpv915z@5f}p8Z0~i+nbH^zuwv2>aEWI zW3)ytbWVAm!oJ<`_oRr%sEKj*=`806Rif&w(zP#NAUSbvG&%C!aCsSd0F_oHW^oE% zt+)K+owWo1aIVwF1~y}ZT??-=7FCpzT!|wRJNGO6Sqg1&HNZF;cCVqWvCc$2i}Bi# z#%v!K#REo$iqouJ)kqTe19rBV8Vi)v50N%!Bc`j9Ga_aU~` zs#-0E6opw_8KE}>$AX`tt{I_5y$V2OBg{*NG9j!Okz`J@tzJp0X+~IF2%n2E(nnS; z&cwJ79JvncT7yiN2~d!CD?G&fINW>QswnPEZsgv63F zCORAaE#U8N6qZF!G@fdcbPcBtf}R$b!iivv^5I82Ap-E0qCy+&k7=w%!QE&8@T}Pc zG0eHDzD6LrI4exTmEK~zwHH*6?zh^l*W&MF%pifUz$rKG2!5(#FrjF@!^E!v7y~|* zf?-oz9U)e~QfQg9w{;y{>shFt8shP@o=aPn{I&Y1jKX$1oo>~y1vAO?{M-PM zI)x)~@ENmG;|z!>%xshB9(<-ss|8C=tAn>}jY2u08NSXkQF47$4&us!!rqYNByf2dxYKJi!@^AFRR*}cOmDkNlObGQwgL)?90n{pHsg4* zyMCpwZhv=uop$jw7oF|4QD@F@x5LmYSTqr=9OHYlF<0mqo8DuhM=8t!)#hBWX)aH2 zKpQh9lKcZ_)2f&g4$NxR_4$96sG3v(WJQ_6dZ#n4`b~^Ek4tKy{8BO&Sk+8`-8|H(#V^O6WF4U;E=;a%vFC3Cm1q@eGlC<|+G zW0#54Twe@0L2jd_3Ce!emq~OHcMOFI?(HWRr{4~!2{juqpa0wQJFIOhO?24+;b^%P zkShFZ0AN(<#ax+>7k3B$Kx7i9a@X&|5Otk_i+gQLVN_3PIko3xu0;5=Y^n; zz>cf9Eo0(3$}=HkPI-9n7T|Ek?&jFUc z|JmAZ-v9MFtNQ<=v_>`c`inOI8pmF;UlX;Pi3^PG?Jx3db@MJ)ir3wmU0x>h7fA~y z`9b&!{jDDItbV(91K9b?rbYLJ)!;&~-{mWX@cf?~yngfkAQ|TmjAP09-`v=2=Kt&4 zz191lM`>%feXAY)al48CcyXUX!b_ma1pI~IiuM`8KuC}!=adhDFa~;rV4TxH$g#a5 zq63=w8#!P?6bkf+Xt*#W77`~^l!{Fa5TG0~ArXF=kufh+Dq!>+E&N~h-vi;f{cI>^ zs9!<9)G#6wggzpNv6x^EqSUb%#9AVP7KT1?;Q}nXzW%BkJg>^krQ?F(7`X<@H4dvQ z8Ap0XIP?*6oFEeg<_0-s+QO`gD+YLu1-g4DF{ra7F@ax42x2gx86^yIk(CCS#o~A? zwUEZ_dTawx@*Ms!n=s$HnN?6Uc5mJjMTg4A+^#Fmv0!3q;I|8j68|izq8e2)(qr~A ziK4YNI1UG*D4wa?RGn+D>&lye;4l@Xtnuk$?n-9vsz}Y?2A&08 zoZ!Gr6maHj+ZhN6XKzpw$}opF^LPI0?4_mmkSk3XvjU5vUq@7decx{{B&b9M#FIvE zOPbLqm!ZMOlfT(*2&vS10nLb`W#)^iwg+V@%2$Rnm-Cul zLzqG~u*fO}v;eHr69fCX;v+AmIb}59Jb@_MQ3c_k^pxRlD-%q}R7k>y*xLJ@NOLfE z+GfgL3crt#TZqES(y%cjF+fBWASZohG}|&02!Tk133X?mI$*Dl5AEry@-NKoBV(1o z;lS|cxeXA^xYi?_!UbgvxX?z+E6_<4d68DD!`&2oCYpgTXWEG6f=pE!t*x!W&d+-v z9Dm)Nc7HF0{RW6qnFVHf^}`JKco@ACh6$@Em3BN=W=BjW2ro{}cKC0GDNA%8{cd=G zcHdvZ9-R212<%m8&8OFSUVTfVv$Hc>SzUvJ&%{_8!;^`Zyb9-Dz*WGuV?vv_yB9=E zJO1O|d~_c8?D&s+23gb)&iYNlF=jQ>EIPr08JA)I9SLU5qrI6YnJx(f_gjQlR)5i5 zPS-akHMsjkjiQWb*x5Pw@D{#$_&|z+O(7n@wHI}kb$2QDp&);j^|G!HU3Y@FWP7vz zDmvY9zxlaD2PZZj)P~@1$a~ap>2Xd~@pG*DV!&@i$_r|MHZk(bs@q&ZR z>y50vdekJ}wDk1{2)W2qTN8Dz+U}}zOo}S~YkRoW_t=7sE3oa#+`p%lON*kz!R$cH zjHnhcwlmOQ&^qH}b_a9lPwgI4?p&*PoZc*kZg>Cq5PpRH)5BNx*l@($P9v0S8!*`7 zwNt69dJ~yZcUkX|G@fFVoN{VRlQBHIT9%jwPadrBe-%)mv;m1_(Y=4Dc41C}cN5j= zf7P%r&I7@SC>LQ=^yJ>KOXD0S$SLv+=Ssf@M?zx?r<7;t@K=yZh05>tD?qMH3}PLU z5tIps&hWE+(D=*8pAYsw9KAh!x4TmiJ&Lt(`{^#n2SUab(R*jm$AM8cACmM*g*@$xMSMoI`g7>wbz<`lMnp zjloY|u9CDb#$ysIEQrZFa{E@m5M?4>Ym#klTrE%FAQ?hyC(pXEnXvZ?cJgf9e@>F5 z6$;~xS-Kx!erV3FzlRCQc;|~P`?KlKmCtdn2*l4;K&pou^E7Fp6+IkWSKOiXqE5KV z7cy>F)Oi_5uP+2c!YjhDc zVQyr3R8em|NM&qo0PH+}QyaOG`S<2ibeX+Ma+?|3#DTpzpe{>Dj@lQ(!DhE!ZM_Qe zOxxBWOS6*3#Fy~huOy9Z&0u37EaY8Te2$VwJ^O#B(`o+S?ew;ubbFo6PUq!zxBKczr~9(k?L2|b{gSb`l}Z!&r1Q;l zHJSS-X@qm3iKc?9Gy=$oCQJ;IjA+d;p`x9k)O0{GPeBr%jZiKG%c&|DnZ}%qF@?#g z)hgIOK3oWGpj1IJOyRujW2~l1<9H#cP$@9V%g+nnN@PeB`f2CN9FcV1pnM>S(z48SDKQ!o$~B=JrG1NILRktK zVc7pqk3JJdK#tLqY9+3+twbp^v{*cuL#jt*-;8e?VM~r0RXa1B#znaOkoL$t|08XIS9|41mELaP-4 z6hi70dcBts0Obm^QsP@ihAFhV=6y~y$?QN?jVKjLXN?>JqLeXq)z3^~j$Bj1)G1~X zwVBTwvsR#kv4K=A`*w&NCDE9ImL*1!wOIRtYbh8*`JQkxbd=LE8KOfeu@H)CA*VBc z)gDtRg~U8wZ1e2A-jR$QR*Op;h9})*GwB-3D{?$VhM5*Jg)f&;G-RSrSmib~t0-{3 z>hsnUj+R_nX8qT&A6I4&45&f(JtS%Fd|y0`~ZuxkIm-0U{?|Eulot@ZwY zi1y`63^@)cM`$_C{ggY^{Uj^hZ9#l_85ux2faEvlB%JR1NNl0b&xRF}ay@|7zp8fY zP6&`Goc(Cc=|P@fd46nx{*$%E`+wGJ4Q3|zfDYqqe8S5RGn2O_vH&DC(ex~N4^^_FC&kj(yGJ^PT{Nd zmVdmncHke*b=ug#CUdZB@m0p6ic*p*aYSNazrvrT&~~l{8b`zK651N$Ow_Y@Ui+p2 z?c<_&z{qg%urPEAhda)Hqf(cIIoL(RO+Xe5b217-uf>yw0KuF~)_=wRFKC>9b4IXY z|M$9EFB|@Ud$Y5S{~x4nz^Sbmq<1P8wEIl-+hd|MN?(gn?MXN3{`*xQQpN2)#I{;h zE7OpoFoP>2^oHPA@Ke+^Bh;u@0jO+*dC5>FgcT!_%xSjOD@irY2#X8ha}h@R$g07a z7#D&g*MVJYkm)i3iZX@jWn3`A(e|JJq+(JOK?!C#mPW1SdcajCRTY>S7L-p&EIDJM zv(euI{%%KMS>#0HsWwU1aOyDVX@M!62*xNMezX7)fVULYw88qA#%dJYjs^hFnoSVH zoU7_<1fq+x!XzB&Ew&qbLG|cvquqEd{!YdW68H+7a^sHRr}_*g6s>od_%%Rd(8p3R zY-+0`#OhZHEtB@Pmf^LYh3csx9zW~3v}MU(tB=YkY`4?tR{dHqlT6R|4L}Sy7+|JT zI1&e+F)KCBkch%Sn?(2EGgVqG7;;)|yj5cq$_dTzb(V>e>!W%Qu}A^HZZuyF_1NQ^ zZy?`XSpZsJzRVQ%nj|NI%gex>F3}8&GnrQz;PNuP=_pNxaCzAZC?s+iu;|!~$3%}(m?NseT(M~`PjE;Z zkP=D$fwO5<%n4u2O4fDwKTA|issOU0OkuOr8CU%#Mmj=$A>?@twId?X^_!5I`M5Wn zbwSu0$8qy~!TGFHr|UJ3b$fsFmv{|BogiA#wN%n0Sz^eGa)7fms|Gn+ab^QMj?R$#9)6b&XlC%51AX1o7Pc~1Fo!LBC-HEM%0Hdv5rnprfl z33i*tD7@!lQoj=%*m_1Ki)+Y<0Or)pCdbbjxnU$;MTRQ-|AU#XnW3r{ve4Y#myumO znaNC7Pw{OQdijzqH`I4qlF%)zoFiO_zgF_M5%pt7AnW#+ZAJVqF;}s(?sv}tR^I>F z+HRiz^}6f&|AVwfHFfzxo4<`?580PQ?FMjx(Y^UWo~>@)=16hbsoCXaGQW|u0LZ_D zuh8G>A zpkHbjkqJT{k;7O_Fb7fUSPWt<5kU(>pSW-VmK|Te+zp;rWnk&JU^qsufpU$*>PW_s zo)Hdxgd8WxM1i@PoHA{3R>c*AJjVjvxsw>wS(2E*uOkF87|@Io2D!*eGnt*m@m6Xf zjoJ0H4MfRv_`@v1eCcLZLD4vubb>Nbbf|pH?YiO|3nr!pf4h(<@z0Vfs!=5)J!a37 zDB9S7n6QdcX~$D#R>Wk2@a)tqhyP`mvPAdMuZBlx z*Zn!{!HF-5z+N@2d3v4a)vqKvJ3F(L)eSiKOpLWLJehdOt8nfGTm@`9CbWsWdqKps z;~)3tZ|8x}j(^-UlSK{TY+ffEV^%ZGq7y8baT)gCkzm$5+LL*b>5?#T-y*!Q`it&x zy1p=}nY&NaD9VV2ot=XZZ{e%Q52PsA6ygCaJ*cy+yF;-L1^KhAmvw#Ux)aj2 z(XcPh1Hp(W7hzQNwu(;bcvgp4bq_s*b?1EXv{CJSba45fxw z!|D&uyrK%af-AZ@nh?m&G)BsCd&3Sr&bCMfnE6$FkUW>Dl-X%-|NG66�?$!KHGgCFR4&-}W?_X>f&e=#F6Br%0twDi+fi zeDZRYq5L!EV){PCo-V4~tvrYe;BuOh2 z#v3zqKbZNxIa_`X6O!@H7hCpc;7^s$ajyu(Ln|QF#f^EIw9twk4we;nXuYTtj`D?! zn-z7Q2h!^c!I1EZaC=QVklsxNYF?<3xcH>XzE|>3bPx;+UIh1qudad5(`R>rE2)2M z_SdBB-`YqfRQ`o(axEK+$@1lZCRxYL{u){S?KNawLHunBI}=ew-vS+lBM(!f^(d%S z-bhh@zgqDN^e%x}xy1LnsNi{B)t3D|f-8%5z1|sJYpveLy92@$exH9FVBOYj-Tq&< R{|f*B|NmG(SSA2Y005XoBS8QF diff --git a/released/assets/vsphere-csi/vsphere-csi-2.1.000-rc00.tgz b/released/assets/vsphere-csi/vsphere-csi-2.1.000-rc00.tgz deleted file mode 100755 index 3ae0c9859ad9fc3a93093fbaab8f15e638a9204e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 5776 zcmV;B7H{bviwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH<$a~n63`OIH|qW0?ST5(89@*^xubqYm$S!+vLQu1CZwIzWw zO%f|`Faa=>8At#93Xd6LUL^IfytxoniKPM1Xfzt#jqV0C7ts_rG<-pt-6`hMTi_Y} z;YmxY)oQ&yIMDyLTCM!Q?bfSTKeP{8d#%>~-hS)V53Tn8LF>&AsP(jHl$TgY%ztP- zdaV59{vZX1A(L1V7K%;{As6;yCoDz)PD2L_`!X8X=xR z2hE3?t5BD+I6y|e= zQd-M_0v3=Uv}E%dj>u==g0QfI=It7eqV(52ukE#J0SKRyNSYSOREB*Na54v8BfhGb zN*Rexv+1i{BRoqSH8d6iq-at$VWR1b?1}lLb_0uB#skr*H4q8M91F=~U&b72GfYB> zNeEom!VDAIK|ZE1`kw^6&lEAtqy~09ic=IU=00dB37Qikr}0SjZz{s_5G06(Ad?J= z4Likoh9a$2gZr&k?Rzupwmf-p<^LSh7{t>nfHm@e|JAEjUjDy6*vkKBDf2EUsjOuG zlnL2E^?D7Vh;i9L2M7B#gh(jBk2$=jc+x@jwyO7OEF|!LVA}^+VqXIi_Dd{)8@Xfv zVj+~+v%mT*9Fxfqd=63#ok+BL%8t50L+BQD-C_bEa4eyNB#%LVGOaFP7ExXCyZ(yM zFCQoyVfruotHriK0(6MJenlL9jR}VU)xFP#68i^vR5z|?Vwm>`nzMQZCbXM}UcA!zu@lxbLY;0;%2CZ>kfoeGpx zdu49S3C)6n97~B6$c~-k%F%A#3I$pHhiyOG%|PDwT1&{832qLUn{FAn?G!F0a|l6* zbIwL^AJ9q1NOjBrUy{R8Z@38k4e{Q9{6a&k7||ExTy<7f&HYIgExYF68*+s#fFV%u zCF33R)iB~GGU3{?R-@(kPSu~XKod6NFeYElv7B1z_&hABa6Zx11DFsYIlebp6bL&+ zgC{@=1ZsaPvljLAPwPbI*St{($l6E)H$QXUz{%0ml8Ls4lV~D z^{1K<@%G3hshyEItyrj*tP9=Yd+YhC;@W@GDpJwBngWf03r|K*U<$6W|62Qd?VSDh z>dl*1Tl?=h%Ga+A6u_8-fa->OudJPOWq0(Vjv9A&HPw)eD@>eHzE8VFoP=_W>i;F0 z^#=g}Dj@x(zQhN@pz!neCg>lml<$96R{E(u)d(P>Y%zoIeqO@W`@enA+RvT;_V(NR zt?mAQj+E>(hprh!9gh2PdAuHh&W&3U^v1BsOi?WEecoWX3h_5Ufee_-qw z?=<Nf9DDu$nC?sJ3p+s-9fR!N5eo)fe0i&%(MI3L*U)s}bFo-A)mEEOGvU(L<$tdup z+uD={Vv+i)Z18&T3lUP((@KP3JO*EO&?y`GQwU-T_wU*J0)8x$jzK7lsn|hvtGkkJ zYBGr{cR7k-{*qIjD#q+b^{-!3W?Z3@J#=^H9E`Ios6lzoq0?Jh+UV}CbB~S^Pte_+ zOAX8?&ZNx5>W#+y@StA&D#;93ED!fvEm2afNf87bggE@mi{q1%L2o#GS<;XKR%aZ| zm4txJ(^F+RNENO{MX)Q=a)ZPLnyK@eDqx4Oy7wOno&6wPv!Pm&FXK zz=3Q8gy&7BETxy{cF!JI+&$v5O7@)otvDq?=Dv)Q^xN{uqxd8v-Il1WQ8C|u74EhE z8!!4;2px$#B%uTzV%iu3mNAEhkjmmz&^Z4Dg$M`C0$;qMR|}kbLPhn^pX=1ogjH3fQN! zlU_NX`f_3O^ECiI56}PB8}u}o?%C=4{)Y-cO^|+5dxaE6i9^WqSvW3-{PFC=hu+}o zWAAhCV+G9f!P&`W_o9DxT1PwREHXM5ov1En=bw6~7rSWLrgW74Y4_vh@S-=k>VE9^ zPA{(habB_6>g`sm9Mb}fpDqW(ij}E`l3|vz&hI&!b#fI5jS0|T0OMkftuuQ)F&e#; zKOZ13(j_dF8oBt00h(*c0S9LxT{wY~@}V{mP0Ol?@gm};{S+{j)8BHiQVZx@2a|q$ z+j^U85pgD&&u9l-bkCi-QdglV>X7mwi5WSN%!JAjF~O{|Iua5|Fg*c^7enw_7^t&E zE7Qg*rnGuLQyT#%EJ!O~Wh%#*(3r!;l!KTu8n~Sk+9h*sxb98#Ed+aps`nG~*{+Y& z^sXw;2+#V4yJZEFs#3+_d6k+87km?nXQCYUqjr#WiwF+ki_GD(gF=7+0>nbPKx4*{WD%omvOrh~EhIq3QMQW_TUOjnl(aj%u$>NF zZ{6jtFxS<3suNy%})7~f<`B8HpEqj&7`6uUxG!z_}E6JlcJ zjYcD%lbN_)>x!jjNgTbN!N85Mr!EvH7sPm`yBfbwI4W^M-%kZ@=$y{a#)g!=o44A@ zId7vK^qz5a^H!j?*M5T-N0i+HN3non>k&xYPUbS~n}B`ETqXMc&~^Er2l@E_Ui#zu#zYCNV!hc*z7$Oq2iNOaII z^}0z_eZ*1%uEdn^uI=J&Tu3wpgHi71~LJu8c-ti zzqeTWQ{83*1j@&4Dzz3D28td7c{8-tL^)sy>Zdpg>`wtuFhAW32be=BA2o30a6V%^ zAfd}DWf*8?tim82IYDJP%_RmFs}dBln!jvx+rp<<2*YQ-Acp52$V2PLG^=f_huM9| zUrp*zxPFC_G5t{39ce~S?Z3j{%Qdb-qrh|}7~zP(7YU(~9byG7{8&gfOFrqODN>4- zMdmSUU7-7#OMq8zHWB+u99!=}QTlHp z%2B!qE6DI?Gkn+Eet=BpGuhrh$+JDbdo+$qd!;FPPcu4w};;(xq ze%(LS%MN1H!BBE6VX`o-2Z zi<~Lzv&Qa~b(A<^R;B7c-e-Br0hNZu^Qf*uF4vHp2XD4tk^bphFjGw6yS>_b!mLOzc0h)^O4)gpaAYQn`t$c`#e9j*;!4HKFF6wbA1TDZhvX zqM;jAcf7A5;6O>KB^Z)ZED;VD2DC7QLL?L<03@eGER`q195PTM<X)5&|^B{tc2$ zZ$5p~dxrff3BfBMZ~N$#t^Y&aWNpdqTy(c@9}+r;Ut)T>8PLd1Fszapq#@_Y))=iIJUrtbGUNg6*YGVdPf4(jHd3 zP0y;9=gEg26;c*)8B!mePxNMGY0V0HKRsF%Czxs^&v;k+W%J0E3)iPZcw@4ah_`Ai z99dU!C93M~k}AtfPv*{3X}7{=`J#&tH;W|7NxJSj$R)? z=(|~Cf3~LtHrW48*!f{nV9ow-x8CIAKkdEO+x`D6CAa_Gw{+5^%KWx3Bq=6R!0GJD zf`TZ>j8b^yEcYa7hX1lR#)(K1g>`lHAn8*-?nqAlc4Y!(ggKspv=Nn6)Ndc3R~u4=&G>`?-rRZ_H(2^uU>^Bgepw_Y!dSScX8$apm%)osprjtCmv&s z{D0j($iM%&_vT<5|9_UUvwYw<_2^Z-*IfH$yFK$6+V;LtLEF%gQ^$Ae}##1ojQ8WuVe zJLCQov~PuRfnIda#7iV%e~Pd`e_v`LbTNh8@Y-iB(s7KZO(WC!2 zL4a-ClU}217u!q zvMw2+U08Yih&!4_ki`;V?fO#4&sadl3+)y583(tq&jRpjweGN=Ox_YV8Ba1a0z^U~ zF{Rp%mg#O1xr9RB$;3lvp$`b_m$!X3i?AeWDJ^KjFlzbD+zeD)0(V!xvMMx1VgcG4 ztzb%qQVU?$-jLWe4#8bbv@zo|EOmS95Jd1LVgdp*TBKkMB3`X_k@=u$oa`4O&~>?i zaqZP=J3Hu{gMO7(5DB7IYotA2dvDO?{$FbicVhFl*FI3+&SKeM{3$YTpqo=v%q_2n0rEKn5K4ln&~xdVWj4|G+J%l5 zOfi?qySr+`S`5gh7$n4AIl5X=pM@d#GKo4Q2SM~Ri!}pG@!W8LK`A}j5~&w#!Qx$% z1PAq3g`WUA)`QvoR){Rx=>#!XTa-8i@M^VpBElgOazWv+?la1GhjAQEpnmjE%+*eR z*Hlf8I_RHM2sJ>aLx5@)DTdBCL?n+~?wYwcG{78?;%T*2hyiwdu9-bacZ9%f2oLqg zYI@0JodMEG%PB0-Euj>JOuvV0L3_1YLQ&h>T~ih=W3EgI1VxowybvA5AUo*YPe&%k ziQ4a)qoWS$=3tmutm<#yxJQ@$TI~Z<)6fiKx#YivT9SXO1%EMA>yiAXrlrwdik$?a zUig>j2n~{iTXbZ{RX-gEf&I;^U0+|T18;2y^}gU)MD?tcxxRct+LG8hKz6h`D8!;~ zU}4yWh_vS}VsZ-nmRO18GL1ofj0vq3T^+yIG7ns59=EQ)TmE{KJj1QOC(lVAxvz2S zn&g+GK0_E>i#Q9ql5| z^XiJuwNFZ?kkH6nMFXXchy7IcWOx2A>f6%DC|VMpvM`bps?B>_K3~|(Y|*Kl(H+Ca zS2u6PmGOAK^zzKQw~ASnapOx`s|_HcO5E!IPZ?F}+30)hD;k-oyf7*Tj88thRXU0w zBP^!hf}gNN@80#!-lN|Wlo5_1xl*4!w8g zZ)7aCiJzxn~}7U(M-NyuOOt%lLgmj$g_1n{j>b?7imvQr6dIsp6|d zGG(|d&;MDsNWgs2lvvz|W_r)ay78L{T>E=NgKb!_O~dmjy;r+5YSK#>$fjp0-qYdG zG#55w@x1X`=(6o?Jp}*Z#XbMyC~9!P!3>_(2e9V+zt_(Df7LGs+w=c(l)^W=SO5PSgU~DU#D4;8 zt^faZ{_j5=9JKbg`u{mfy5{Bz?;LYt?zOGV1kq<4eXp&9J|qq*_q1-F-APW4`b6aZ zQN^T>;|k1599(ktFAAIfxXM{ZvQ9F$SK=1h%t`jLw#?WYF-8H0b~@R=9D~w>xbtaZ zE*p1Uk*O=hl-*v5c$858ij19ZPK9%iuedboz`4v%HmhOl(BIs;4DI{p$fnUM(fs}& zC#Q+8&i1Wk^AycVJ^ffZrxi##C*g8@x@)O*R#`dpo($cgIS&0+8)Q%n2|`4KPk-!t<~YK?*LEl8gDIP!R%=f7w0 zN@`c&RRCOt*;+x8lE%q5CQVfqG#KY2Odg2Gs#zD)VM;yS*z9C zU2XCDN~wBiuT|v;SoYAFOS_&q;;8v99XADv*;Y$G4jZRd?J^NYTec+3T9nBtLv2Pi z%8TO_E}y?@uh3etnf&>^lxmL8sWAPO&*oQ<;44lXFGxX4LDaV(!%8g~_bnhwI zvvGbxWjR(AIwjd1#^aovwM~LmQIIBnX?Fl~($v!3G2-(tR~BbgqRmz-t=yb9(PM=) zu)M&^Ocwk;WNI9m7bYNh=~d1)C!=yVK-}$nuD>FE zF+^c{oxdA$UEIv?8ApPtRnd1X^gY$oQRCA%P+x3t^lZ3`27m9_KO_mFWB?-uuA3~9 zO@0H{9@2qMHFeWVn_CHiDf3euQF@Q1p!$~EvF=I(MU*_Lh5<^KWz O0RR8n5+gqVh5!IMR99>O diff --git a/released/assets/vsphere-csi/vsphere-csi-2.1.000-rc01.tgz b/released/assets/vsphere-csi/vsphere-csi-2.1.000-rc01.tgz deleted file mode 100755 index 4d26733b666510a7ca8e2778985c2821dead10e0..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 5774 zcmV;97IEnxiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH>eQyV$5`}6!2Ds!)1QisPjkdJi*>aoVjxh?_DhTPlQx&krN zwspv(SxIB!&E|i9rH>hFzHCDXxqWL@?FL3ttJP|Cx4K(mF5)S0Xa<6`dQ;4$zrZv4 z!=sjVyWM_yaG?Kfx7)>kJMDv)KXeY-d+qlAt4`;|5ADwWL1+I5)P7tvs!Jjy=0CK* zdaUB){vZWM5tCRF7KyHhP=F<-Y~lx4N(w$NERj4-_RJK;FM2rLIqTA#Knqna&%qp8Q(M6O*$*0O%4ivC}bl4>`dpIT^feXT- zE}C~d9LL$Odw$1ndm)H`lUSM-DZ-Q`AsR`>@dVHylEB9}0Q9Uk8a($%pxREQj77KA z3e=38E>;B!^-%U374;?;%7Y0YSpyEya^AYIIb6KocQ>4?^2M#1aP@kg#780o;fu0}us}diYdLW%bX|@95WrNkCt|Skx4m3{pj?DFMrUQd(B`%WBL07?(ADR86UUy70|0 z#gpoeE^oL1(slSqxJ)oLt*Zbio^v{;E9UT1^}ucecicdb9*ZPrlp3ZE1Q~)LznR|< zf(YMGWz38*6^e_<3{Sw+afq29lJP}m>$GNsbH*WT2FfyMT6W+~S9PXFh*hBqlvI0V zZVV00f`S}Ni51AMo#V>UZeI%pS^bA?Kikbf-uK%}$hiq_4w##6Ik=q+E+un_K!|hB zZs0zk(~hy~m;=5fho#A0|YO5!Tszs2d2sE9=i4o~pQw!>xQ4%apm+DK28&wCF!}t1= zXGFX`GD&J@WX>@bswL|}clh3VzOK0TpR|fpw63N=W8lJ<@gtamYwW-F{$8hG|GjLt zJ6rqjDaz;1O%%eIM1UHGd#|jWb7gn*qJf%UzIdu38P}LNm3*Idi#dtp7&ZP&v>Fcr z08~KsOJj)-L}BUY?@iD@SgGFsuB;3)d#V{iOxa=v(fz!HtM`BBpuJx>|LyH}_7ArE z|0&828flkN_ksSRTM~s`bdoVf&hLifShVIHZw3-8723_TaW#Y4YU>$PX8+LGG5%@# zSy}lahCqSh5K|Ih(M8I{5UKs8HSr9~VEP{402QgRf#Z0^z$x?F?heMz{$oNdU(|z>-LwuBJ?CvyF1|M5rK`b0;9*?XW!AsV;X!PVd#pbd&67 zJfp}*zoUpmAw&|r&I4A0IR8OOZwHLF8WnN;C4Xs8v%w&yI8t_(GRYcsa3!O_mu_oQ znux{ftFplx{ZB+l(a0(hg7Fvv*+r*p6igvZDBQni{}Tj>Ogn~=Fs5P`HLUJRyQ#^f z9^K_AhWRT_b*dP%A2mLI&X{q9PWI84FV4X@zk(W+?;JY)rKOF&eCgh!qr?;R<%>%V z%qPyI%)}ba=KS!WQT{5)3|Jx$_uFkzQLRZ4h8%=A{L8cBlapb8GjJWnXiWb`q;!wazyPbjec)06YF!RbXcVIRDU4EwkRPyUTn+jC*}HfB;nn;8 z$Nu{onCHW@lgr-4;Ow-4cFay`X0tUq?RGV$B^WG(2@fV&my{T0wvW$Z6KPKRWajb#7+AtU@E7-6<}o+(76sK{rI~5 zy3iu#OtOH{F1qNQJ9U+=LQ~Wsp=a@>#N`K}vNe1-M%M^(gcFWr}{ojqKlQ(XAH!dM)Z6%*s(g^o{10)SbOC0tN+-%n-WN_vj{C*EHz8x=#3l(ZiGE^p*Xo9#xvd1_<&0e1e9CffW)12E~9}7*jLP@2IthXf||njj!SII)0BI~|M(3K9*`coF8}kO82{hvynOj$8~=NX@;LFoQ7({G zl;)2d{!`+~3Ph7xIb;-aV`@IdiJUS{elrRp6Q~*eq zB9~RFFwo3che0-Sipp}DOAIVl6)5C2f7R%=ML@9-hR*^)49`7~ht`j2R@+z)v-^<0 zp45?W{R$Oh29dBk(u|(jf2F~fYg~s$iRmgZ!ZCqQ5+Wr##0pvjiI8lTe$q)(q!KNQ z%-5`SiSBDQaivWBi9{iZCf`6b-dM;Yx%oE)(hA5*U4Y7`?s6<^6S1$vvGpF5rT-?P z9A%5Jf((B)!*{*?XOeus=33C2{I5=@UAX_b*Y50X?Y}1}kCgv~VaB2nJS6=~@z*^Q zzwV#vWd||pU?e$~Fj<(^auGupHHM5*5=}0R!Y~rq{gi^9;ZK(lo?}As4F!{W_LaF~ z7CBSaXN}z}>nL@?tV-4YdY|Pf3&DCEE3Or+bXl(HTJ%`v{gu{N`J$2kvd$5y8!6_d zATw$xCD4qqoF4w=*~xJ5u|K>T_TOEN&U$~pIzPVnTd}_hC^lop<>8O7+dnR=bB@7! zr{GG5VA`z;lQN77k}hwRpf6uqbIew?miA!#?PT#QG*sPpd@1b?7T0m*xXBi9EbE4T0I*-2l+D{j7Wtg9~0 z<;1v@IM?D%skhQtHMvKd(z^urCs3Pc2wQ_$leHr79n2?dl02sMiOct)a$jc}kus9zK( zaW-qJwhc64TFKfKY&Ad_yRa1Pb9T z9ER#7JNkKab$s$+aN78n8=j<;-JPdk`y#;9T&dhd)jXIjSI5Y9(3(*5&f4hlgOp#) zLebQX>O0=o5OAPm)DjHIDV7LF3jZKsWlfwJW^oo`=l2sN8;OyfVyt}!6@u-RPhk{Ryw)C8 zyG_r^EAr$+j|v%!xD2U}&L?`avaDtWy&oT~niEVtl4rc9{jx=5tA*?1A-pl!D#Tko z7LKf|xe`@(cS)7yr6+Uesj^$?vQ$OC@9o9fmWP)0{$C?_zUEb^b@%@d_795w-}cMx z`%h0&3U|~h)4I}^m-PMmLTo>c`Do=-cJywZF}8{SH-%k1?CCBtrmM%wzZRvhu-?2p zfGBXY#{O(i32dB?{~6`a!a%e%z6q{O#HV${2Gz18E~FtElC^5rm9P z%Rd`bhg+^=?iIG&#n4q_m)EwXWpr%fniNF-sREouGwO6G_p zzd?xZ7{8?qhXU~=ibyn3__!lo>HtM=G}z5xr*Hp>-3+&nAC&IeMFEb`9VZeHjzVN! zZn7>JpnVW%%E8yWj4`w??Oil zrkKn0-Cea|Ee2#$3{qmR99^wwz@i8OnMNJbgCP2uC7J=Icy2hrpp+eLiPQ_WV972@ zgM<33!cPDl>%r`PD@7LVbi#zIElL~$_@4Jh#5h7iE+`x}0!A6{GLEAOG>-m>x!UP( zTB^xW7yWYzkp{?g2vE%;!_XOri1d-mT{9Pl2ABgGzN=Xy5ZvirU`pnzCpab7e{(D5~7yh3F~<*+Fl9Ix;a% z)OpjoIqITb0fvdis{Zz=dvrPQymw4ZLo~sbJ9odYuvgf z{pBcq_}hGCTzM4x$$Poggnxb-279{jW=P?>>TYP_3z%%F7kc9 zq3G;=P&$P~M&>FSC~Z6%WU?o}^M6s_mPSU|lJJ#!VRZ8GhvIf82_3;g{$w4A)8LZIm$cq-k3j? zvCPjo@`O~P@}$O3Lga3zuM~mrzqK)n=8C?%!#?zwlWh$pK?I;h;!x_NddJvr(Vk^AQs z(>{(XFfVa%#o50sYzE^xXBo*m$=qJ4TWB*U*>i81v3J851svJw>~wP~oO^ubrBMgYWqz_*4O@r)=GNtCKR8D=jaG@~xBoaf zO?`E?ub0nLG$-}!W96JyAnBZhtMTcv*$g)Y#F*=(aY}?#7{yplwdJ54ZWe@(`u;?p zr#t$to;g$Rr9bO)b%7!$s(Y`1!J|wq^)nPlyexjt%{Q$z2Ew->dFtaR;&op9p2I7x zU4d5#a2;lA1xZF8i(0MhK-mqc9I~fn=leqh$Un=TZATvXDD%vuUyV`Y3I%7aR&RH; z#TzT7>Y=?>RUly1LuW4S`sRqE=DT#O(^k|=Lcrl$s1baxn!b9&Y`307r6n);>P0nABLOLxbJFTPw^o>hf5TdlMTbKXRcmD0e9 z0xLIRbeb2bmR1#i*R4X7t{Xke4=ZU8n>JRaeTn`fFlWU)*4P9u!vgs7T9?;h9nz(o ztvdRd7DWQqiPL;16Bp5eu9eDa9kOngTcwIt;{tMP^J;VWKE+TQ1R9o-Na{$hwrm7< znLtyPVG>!lj4}Xmw8(W+x-?h;9R5M3SK$B2?vBA-^(JmVPy>I`JB#4Ruj2O6Xu~@eF zEnNFZ2RhZ%O)qV3r39ud$aF;IJ(iN{TW-gOD-9G;3i|MSA9%K9Tef9ewndl!3jhHB M|8#TroB)OZ05j%HWdHyG From 6525034eb206bf5940861fa5d372f2adbbb052af Mon Sep 17 00:00:00 2001 From: Arvind Iyengar Date: Mon, 19 Apr 2021 12:21:04 -0700 Subject: [PATCH 2/3] Introduce make stage-release --- Makefile | 4 +-- scripts/release-asset | 63 ------------------------------------------ scripts/release-assets | 8 ------ scripts/stage-release | 50 +++++++++++++++++++++++++++++++++ 4 files changed, 52 insertions(+), 73 deletions(-) delete mode 100755 scripts/release-asset delete mode 100755 scripts/release-assets create mode 100755 scripts/stage-release diff --git a/Makefile b/Makefile index bcdcbc035..1ae552810 100644 --- a/Makefile +++ b/Makefile @@ -1,8 +1,8 @@ pull-scripts: ./scripts/pull-scripts -release: - ./scripts/release-assets +stage-release: + ./scripts/stage-release TARGETS := prepare patch charts clean sync validate rebase docs diff --git a/scripts/release-asset b/scripts/release-asset deleted file mode 100755 index c7b954043..000000000 --- a/scripts/release-asset +++ /dev/null @@ -1,63 +0,0 @@ -#!/bin/bash -set -e - -cd $(dirname $0) - -cd .. - -mkdir -p released - -if ! [[ -d assets ]] || ! [[ -d charts ]]; then - echo "No assets to move to released/" - exit 0 -fi - -# Ensure that all provided assets exist -for asset in $@; do - # Find the resrouce even if it's not prefixed with assets/ - asset=${asset#'assets/'} - if ! [ -f "assets/${asset}" ]; then - echo "Failed to find assets/${asset}" - exit 1 - fi -done - -# Create to-be-released directory with same structure as assets -find assets -type d | sed 's/assets\//to-be-released\//' | xargs mkdir -p - -# Copy assets inside -for asset in $@; do - asset=${asset#'assets/'} - mv "assets/${asset}" "to-be-released/${asset}" -done - -# Remove charts -for chart in $(find charts -type d -mindepth 3 -maxdepth 3); do - # Replace final / with - - asset=$(echo ${chart} | rev | sed 's/\//-/' | rev).tgz - # Remove charts/ prefix - asset=${asset#'charts/'} - for deleted_asset in $@; do - deleted_asset=${deleted_asset#'assets/'} - [ "${deleted_asset}" == "${asset}" ] && rm -rf ${chart} - done -done - -# Update released/assets/index.yaml -helm repo index --merge ./released/assets/index.yaml --url released/assets to-be-released -cp to-be-released/index.yaml ./released/assets/index.yaml - -# Update index.yaml -helm repo index --merge ./index.yaml --url released/assets to-be-released -cp to-be-released/index.yaml ./index.yaml - -# Copy assets into released-assets -for asset in $@; do - asset=${asset#'assets/'} - mkdir -p $(dirname "released/assets/${asset}") - mv "to-be-released/${asset}" "released/assets/${asset}" -done - -rm -rf to-be-released -find assets -type d -empty -delete -find charts -type d -empty -delete \ No newline at end of file diff --git a/scripts/release-assets b/scripts/release-assets deleted file mode 100755 index 432d923b5..000000000 --- a/scripts/release-assets +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash -set -e - -cd $(dirname $0) - -cd .. - -find assets -type f -mindepth 2 | xargs ./scripts/release-asset \ No newline at end of file diff --git a/scripts/stage-release b/scripts/stage-release new file mode 100755 index 000000000..308b5199d --- /dev/null +++ b/scripts/stage-release @@ -0,0 +1,50 @@ +#!/bin/bash +set -e + +cd $(dirname $0) + +cd .. + +# Name of the directory where we pull in the current released branch; can be arbitrarily set +RELEASE_BRANCH_DIR=released-branch-dir + +if [ -z ${RELEASE_REPO_URL} ] || [ -z ${RELEASE_BRANCH} ]; then + echo "Usage: RELEASE_REPO_URL= RELEASE_BRANCH= make stage-release" + exit 1 +fi + +# Print a warning if a developer tries to invoke this script locally +if [[ -z ${FROM_WORKFLOW} ]]; then + echo "" + echo "Unexpected Behavior: Detected that this script was invoked outside of a Github Workflow since FROM_WORKFLOW is unset." + echo "- This script is only intended to be run as part of a Github Workflow on your source branch, once changes have already been pushed to your remote." + echo "- This script will only generate the released/ directory based on what would be run on a 'make sync' on ${RELEASE_REPO_URL}@${RELEASE_BRANCH}" + echo "- If a change is made locally in this branch but not committed to the remote Github repository, it will not be staged by this script." + echo "" + echo "Proceed with caution!" + echo "" +fi + +echo "Regenerating released/ based on ${RELEASE_REPO_URL}@${RELEASE_BRANCH}..." + +rm -rf released +mkdir -p released + +echo "Pulling in ${RELEASE_REPO_URL}@${RELEASE_BRANCH} into ${RELEASE_BRANCH_DIR}" +rm -rf ${RELEASE_BRANCH_DIR} + +git clone --depth 1 --branch ${RELEASE_BRANCH} ${RELEASE_REPO_URL} ${RELEASE_BRANCH_DIR} 2>/dev/null + +cd ${RELEASE_BRANCH_DIR} + +make sync +cp -R assets/ ../released/assets +cp -R charts/ ../released/charts +cp -R index.yaml ../released/index.yaml + +cd .. +rm -rf ${RELEASE_BRANCH_DIR} + +# Modify the index.yaml to point to the released/ directory only +helm repo index --url released/assets released/assets +mv released/assets/index.yaml index.yaml \ No newline at end of file From 719bc4b5243a24b5bdd897dbf83f4fc1a0e97ae4 Mon Sep 17 00:00:00 2001 From: Arvind Iyengar Date: Wed, 21 Apr 2021 15:18:22 -0700 Subject: [PATCH 3/3] Regenerate released/ directory from stage-release --- index.yaml | 6831 +--------------- released/assets/README.md | 3 + .../fleet-agent/fleet-agent-0.3.000.tgz | Bin 0 -> 2162 bytes .../fleet-agent/fleet-agent-0.3.100.tgz | Bin 0 -> 2164 bytes .../fleet-agent/fleet-agent-0.3.200.tgz | Bin 0 -> 2120 bytes .../fleet-agent/fleet-agent-0.3.300.tgz | Bin 0 -> 2120 bytes .../fleet-agent/fleet-agent-0.3.400.tgz | Bin 0 -> 2281 bytes .../fleet-agent/fleet-agent-0.3.500.tgz | Bin 0 -> 2316 bytes .../assets/fleet-crd/fleet-crd-0.3.000.tgz | Bin 0 -> 9676 bytes .../assets/fleet-crd/fleet-crd-0.3.100.tgz | Bin 0 -> 9676 bytes .../assets/fleet-crd/fleet-crd-0.3.200.tgz | Bin 0 -> 9718 bytes .../assets/fleet-crd/fleet-crd-0.3.300.tgz | Bin 0 -> 9718 bytes .../assets/fleet-crd/fleet-crd-0.3.400.tgz | Bin 0 -> 9990 bytes .../assets/fleet-crd/fleet-crd-0.3.500.tgz | Bin 0 -> 10050 bytes released/assets/fleet/fleet-0.3.000.tgz | Bin 0 -> 2798 bytes released/assets/fleet/fleet-0.3.100.tgz | Bin 0 -> 2800 bytes released/assets/fleet/fleet-0.3.200.tgz | Bin 0 -> 2878 bytes released/assets/fleet/fleet-0.3.300.tgz | Bin 0 -> 2875 bytes released/assets/fleet/fleet-0.3.400.tgz | Bin 0 -> 3002 bytes released/assets/fleet/fleet-0.3.500.tgz | Bin 0 -> 3005 bytes released/assets/logos/backup-restore.svg | 24 + released/assets/logos/cis-kube-bench.svg | 43 + released/assets/logos/fleet.svg | 1 + released/assets/logos/gatekeeper.svg | 30 + released/assets/logos/istio.svg | 11 + released/assets/logos/logging.svg | 31 + released/assets/logos/rio.svg | 21 + released/assets/logos/vsphere-cpi.svg | 23 + released/assets/logos/vsphere-csi.svg | 23 + released/assets/longhorn/longhorn-1.0.200.tgz | Bin 0 -> 11516 bytes released/assets/longhorn/longhorn-1.0.201.tgz | Bin 0 -> 11524 bytes released/assets/longhorn/longhorn-1.1.000.tgz | Bin 0 -> 14785 bytes released/assets/longhorn/longhorn-1.1.001.tgz | Bin 0 -> 14845 bytes .../assets/longhorn/longhorn-crd-1.0.200.tgz | Bin 0 -> 923 bytes .../assets/longhorn/longhorn-crd-1.0.201.tgz | Bin 0 -> 876 bytes .../assets/longhorn/longhorn-crd-1.1.000.tgz | Bin 0 -> 1631 bytes .../assets/longhorn/longhorn-crd-1.1.001.tgz | Bin 0 -> 1631 bytes .../rancher-alerting-drivers-1.0.100.tgz | Bin 0 -> 7269 bytes .../rancher-backup-crd-1.0.400.tgz | Bin 0 -> 1686 bytes .../rancher-backup/rancher-backup-1.0.200.tgz | Bin 0 -> 4658 bytes .../rancher-backup/rancher-backup-1.0.201.tgz | Bin 0 -> 5321 bytes .../rancher-backup/rancher-backup-1.0.300.tgz | Bin 0 -> 5308 bytes .../rancher-backup/rancher-backup-1.0.301.tgz | Bin 0 -> 5321 bytes .../rancher-backup/rancher-backup-1.0.400.tgz | Bin 0 -> 5741 bytes .../rancher-backup-crd-1.0.200.tgz | Bin 0 -> 1719 bytes .../rancher-backup-crd-1.0.201.tgz | Bin 0 -> 1675 bytes .../rancher-backup-crd-1.0.300.tgz | Bin 0 -> 1673 bytes .../rancher-backup-crd-1.0.301.tgz | Bin 0 -> 1673 bytes .../rancher-cis-benchmark-1.0.100.tgz | Bin 0 -> 3416 bytes .../rancher-cis-benchmark-1.0.200.tgz | Bin 0 -> 3944 bytes .../rancher-cis-benchmark-1.0.300.tgz | Bin 0 -> 4828 bytes .../rancher-cis-benchmark-1.0.301.tgz | Bin 0 -> 4835 bytes .../rancher-cis-benchmark-1.0.400.tgz | Bin 0 -> 4946 bytes .../rancher-cis-benchmark-1.0.402.tgz | Bin 0 -> 4945 bytes .../rancher-cis-benchmark-crd-1.0.100.tgz | Bin 0 -> 1333 bytes .../rancher-cis-benchmark-crd-1.0.200.tgz | Bin 0 -> 1280 bytes .../rancher-cis-benchmark-crd-1.0.300.tgz | Bin 0 -> 1448 bytes .../rancher-cis-benchmark-crd-1.0.301.tgz | Bin 0 -> 1448 bytes .../rancher-cis-benchmark-crd-1.0.400.tgz | Bin 0 -> 1448 bytes .../rancher-cis-benchmark-crd-1.0.402.tgz | Bin 0 -> 1448 bytes .../rancher-external-ip-webhook-0.1.400.tgz | Bin 0 -> 7296 bytes .../rancher-external-ip-webhook-0.1.600.tgz | Bin 0 -> 7541 bytes .../rancher-external-ip-webhook-0.1.601.tgz | Bin 0 -> 7545 bytes .../rancher-gatekeeper-3.1.100.tgz | Bin 0 -> 6114 bytes .../rancher-gatekeeper-3.1.101.tgz | Bin 0 -> 6727 bytes .../rancher-gatekeeper-3.2.101.tgz | Bin 0 -> 6994 bytes .../rancher-gatekeeper-3.3.000.tgz | Bin 0 -> 7397 bytes .../rancher-gatekeeper-3.3.001.tgz | Bin 0 -> 7397 bytes .../rancher-gatekeeper-crd-3.1.100.tgz | Bin 0 -> 2479 bytes .../rancher-gatekeeper-crd-3.1.101.tgz | Bin 0 -> 2439 bytes .../rancher-gatekeeper-crd-3.2.101.tgz | Bin 0 -> 3693 bytes .../rancher-gatekeeper-crd-3.3.000.tgz | Bin 0 -> 3682 bytes .../rancher-gatekeeper-crd-3.3.001.tgz | Bin 0 -> 3682 bytes .../rancher-grafana-6.6.401.tgz | Bin 0 -> 27607 bytes .../rancher-istio-1.8.301.tgz | Bin 0 -> 19350 bytes .../rancher-istio-1.8.400.tgz | Bin 0 -> 19480 bytes .../rancher-istio-1.8.500.tgz | Bin 0 -> 19480 bytes .../rancher-istio-1.9.200.tgz | Bin 0 -> 19482 bytes .../rancher-istio-1.9.300.tgz | Bin 0 -> 19482 bytes .../rancher-istio/rancher-istio-1.7.100.tgz | Bin 0 -> 13476 bytes .../rancher-istio/rancher-istio-1.7.300.tgz | Bin 0 -> 14077 bytes .../rancher-istio/rancher-istio-1.7.301.tgz | Bin 0 -> 17401 bytes .../rancher-istio/rancher-istio-1.8.300.tgz | Bin 0 -> 17610 bytes .../rancher-kiali-server-1.23.001.tgz | Bin 0 -> 9104 bytes .../rancher-kiali-server-1.24.001.tgz | Bin 0 -> 9100 bytes .../rancher-kiali-server-1.24.003.tgz | Bin 0 -> 9246 bytes .../rancher-kiali-server-1.29.000.tgz | Bin 0 -> 9763 bytes .../rancher-kiali-server-1.29.100.tgz | Bin 0 -> 10105 bytes .../rancher-kiali-server-1.32.100.tgz | Bin 0 -> 10200 bytes .../rancher-kiali-server-crd-1.23.001.tgz | Bin 0 -> 607 bytes .../rancher-kiali-server-crd-1.24.001.tgz | Bin 0 -> 561 bytes .../rancher-kiali-server-crd-1.24.003.tgz | Bin 0 -> 562 bytes .../rancher-kiali-server-crd-1.29.000.tgz | Bin 0 -> 561 bytes .../rancher-kiali-server-crd-1.29.100.tgz | Bin 0 -> 561 bytes .../rancher-kiali-server-crd-1.32.100.tgz | Bin 0 -> 612 bytes .../rancher-kube-state-metrics-2.13.101.tgz | Bin 0 -> 11613 bytes .../rancher-logging-3.6.000.tgz | Bin 0 -> 7694 bytes .../rancher-logging-3.6.001.tgz | Bin 0 -> 8488 bytes .../rancher-logging-3.8.201.tgz | Bin 0 -> 8769 bytes .../rancher-logging-3.9.000.tgz | Bin 0 -> 9660 bytes .../rancher-logging-3.9.001.tgz | Bin 0 -> 9470 bytes .../rancher-logging-3.9.002.tgz | Bin 0 -> 9717 bytes .../rancher-logging-3.9.400.tgz | Bin 0 -> 10163 bytes .../rancher-logging-crd-3.6.000.tgz | Bin 0 -> 21426 bytes .../rancher-logging-crd-3.6.001.tgz | Bin 0 -> 21372 bytes .../rancher-logging-crd-3.8.201.tgz | Bin 0 -> 24252 bytes .../rancher-logging-crd-3.9.000.tgz | Bin 0 -> 26805 bytes .../rancher-logging-crd-3.9.001.tgz | Bin 0 -> 26805 bytes .../rancher-logging-crd-3.9.002.tgz | Bin 0 -> 26805 bytes .../rancher-logging-crd-3.9.400.tgz | Bin 0 -> 36671 bytes .../rancher-monitoring-14.5.100.tgz | Bin 0 -> 278414 bytes .../rancher-monitoring-9.4.200.tgz | Bin 0 -> 220129 bytes .../rancher-monitoring-9.4.201.tgz | Bin 0 -> 221201 bytes .../rancher-monitoring-9.4.202.tgz | Bin 0 -> 217389 bytes .../rancher-monitoring-9.4.203.tgz | Bin 0 -> 233970 bytes .../rancher-monitoring-9.4.204.tgz | Bin 0 -> 253587 bytes .../rancher-monitoring-crd-14.5.100.tgz | Bin 0 -> 116441 bytes .../rancher-monitoring-crd-9.4.200.tgz | Bin 0 -> 113776 bytes .../rancher-monitoring-crd-9.4.201.tgz | Bin 0 -> 113735 bytes .../rancher-monitoring-crd-9.4.202.tgz | Bin 0 -> 113958 bytes .../rancher-monitoring-crd-9.4.203.tgz | Bin 0 -> 113953 bytes .../rancher-monitoring-crd-9.4.204.tgz | Bin 0 -> 114192 bytes .../rancher-node-exporter-1.16.201.tgz | Bin 0 -> 6668 bytes .../rancher-operator-crd-0.1.000.tgz | Bin 0 -> 7035 bytes .../rancher-operator-crd-0.1.100.tgz | Bin 0 -> 7033 bytes .../rancher-operator-crd-0.1.200.tgz | Bin 0 -> 7039 bytes .../rancher-operator-crd-0.1.300.tgz | Bin 0 -> 8634 bytes .../rancher-operator-crd-0.1.400.tgz | Bin 0 -> 8647 bytes .../rancher-operator-0.1.000.tgz | Bin 0 -> 1085 bytes .../rancher-operator-0.1.100.tgz | Bin 0 -> 1115 bytes .../rancher-operator-0.1.200.tgz | Bin 0 -> 1088 bytes .../rancher-operator-0.1.300.tgz | Bin 0 -> 1087 bytes .../rancher-operator-0.1.400.tgz | Bin 0 -> 1091 bytes .../rancher-prom2teams-0.2.000.tgz | Bin 0 -> 4289 bytes .../rancher-prometheus-adapter-2.12.101.tgz | Bin 0 -> 8358 bytes .../rancher-pushprox-0.1.0.tgz | Bin 0 -> 5934 bytes .../rancher-pushprox-0.1.1.tgz | Bin 0 -> 5926 bytes .../rancher-pushprox-0.1.2.tgz | Bin 0 -> 6095 bytes .../rancher-pushprox-0.1.201.tgz | Bin 0 -> 6104 bytes .../rancher-pushprox-0.1.300.tgz | Bin 0 -> 6318 bytes .../rancher-sachet/rancher-sachet-1.0.100.tgz | Bin 0 -> 3512 bytes .../rancher-tracing-1.20.001.tgz | Bin 0 -> 3268 bytes .../rancher-tracing-1.20.002.tgz | Bin 0 -> 3273 bytes .../rancher-tracing-1.20.100.tgz | Bin 0 -> 3691 bytes .../rancher-vsphere-cpi-1.0.000.tgz | Bin 0 -> 3594 bytes .../rancher-vsphere-csi-2.1.000.tgz | Bin 0 -> 5776 bytes .../rancher-webhook-0.1.0-beta500.tgz | Bin 0 -> 1224 bytes .../rancher-webhook-0.1.0-beta700.tgz | Bin 0 -> 1229 bytes .../rancher-webhook-0.1.0-beta900.tgz | Bin 0 -> 1215 bytes .../rancher-webhook-0.1.0-beta901.tgz | Bin 0 -> 1211 bytes .../rancher-webhook-0.1.000.tgz | Bin 0 -> 1213 bytes .../rancher-windows-exporter-0.1.000.tgz | Bin 0 -> 4955 bytes .../rancher-wins-upgrader-0.0.100.tgz | Bin 0 -> 5726 bytes released/assets/rio/rio-0.8.000.tgz | Bin 0 -> 3663 bytes released/assets/rio/rio-0.8.001.tgz | Bin 0 -> 3645 bytes released/charts/README.md | 3 + .../fleet-agent/0.3.000/Chart.yaml | 12 + .../0.3.000/templates/_helpers.tpl | 7 + .../0.3.000/templates/configmap.yaml | 12 + .../0.3.000/templates/deployment.yaml | 22 + .../templates/network_policy_allow_all.yaml | 15 + .../patch_default_serviceaccount.yaml | 20 + .../fleet-agent/0.3.000/templates/rbac.yaml | 25 + .../fleet-agent/0.3.000/templates/secret.yaml | 10 + .../0.3.000/templates/serviceaccount.yaml | 4 + .../0.3.000/templates/validate.yaml | 11 + .../fleet-agent/0.3.000/values.yaml | 39 + .../fleet-agent/0.3.100/Chart.yaml | 12 + .../0.3.100/templates/_helpers.tpl | 7 + .../0.3.100/templates/configmap.yaml | 12 + .../0.3.100/templates/deployment.yaml | 22 + .../templates/network_policy_allow_all.yaml | 15 + .../patch_default_serviceaccount.yaml | 20 + .../fleet-agent/0.3.100/templates/rbac.yaml | 25 + .../fleet-agent/0.3.100/templates/secret.yaml | 10 + .../0.3.100/templates/serviceaccount.yaml | 4 + .../0.3.100/templates/validate.yaml | 11 + .../fleet-agent/0.3.100/values.yaml | 39 + .../fleet-agent/0.3.200/Chart.yaml | 12 + .../0.3.200/templates/_helpers.tpl | 7 + .../0.3.200/templates/configmap.yaml | 12 + .../0.3.200/templates/deployment.yaml | 22 + .../templates/network_policy_allow_all.yaml | 15 + .../patch_default_serviceaccount.yaml | 20 + .../fleet-agent/0.3.200/templates/rbac.yaml | 25 + .../fleet-agent/0.3.200/templates/secret.yaml | 10 + .../0.3.200/templates/serviceaccount.yaml | 4 + .../0.3.200/templates/validate.yaml | 11 + .../fleet-agent/0.3.200/values.yaml | 39 + .../fleet-agent/0.3.300/Chart.yaml | 12 + .../0.3.300/templates/_helpers.tpl | 7 + .../0.3.300/templates/configmap.yaml | 12 + .../0.3.300/templates/deployment.yaml | 22 + .../templates/network_policy_allow_all.yaml | 15 + .../patch_default_serviceaccount.yaml | 20 + .../fleet-agent/0.3.300/templates/rbac.yaml | 25 + .../fleet-agent/0.3.300/templates/secret.yaml | 10 + .../0.3.300/templates/serviceaccount.yaml | 4 + .../0.3.300/templates/validate.yaml | 11 + .../fleet-agent/0.3.300/values.yaml | 39 + .../fleet-agent/0.3.400/Chart.yaml | 12 + .../0.3.400/templates/_helpers.tpl | 7 + .../0.3.400/templates/configmap.yaml | 12 + .../0.3.400/templates/deployment.yaml | 30 + .../templates/network_policy_allow_all.yaml | 15 + .../patch_default_serviceaccount.yaml | 28 + .../fleet-agent/0.3.400/templates/rbac.yaml | 25 + .../fleet-agent/0.3.400/templates/secret.yaml | 10 + .../0.3.400/templates/serviceaccount.yaml | 4 + .../0.3.400/templates/validate.yaml | 11 + .../fleet-agent/0.3.400/values.yaml | 52 + .../fleet-agent/0.3.500/Chart.yaml | 12 + .../0.3.500/templates/_helpers.tpl | 7 + .../0.3.500/templates/configmap.yaml | 12 + .../0.3.500/templates/deployment.yaml | 30 + .../templates/network_policy_allow_all.yaml | 15 + .../patch_default_serviceaccount.yaml | 28 + .../fleet-agent/0.3.500/templates/rbac.yaml | 25 + .../fleet-agent/0.3.500/templates/secret.yaml | 10 + .../0.3.500/templates/serviceaccount.yaml | 4 + .../0.3.500/templates/validate.yaml | 11 + .../fleet-agent/0.3.500/values.yaml | 56 + .../fleet-crd/fleet-crd/0.3.000/Chart.yaml | 11 + .../fleet-crd/0.3.000/templates/crds.yaml | 2143 +++++ .../0.3.000/templates/gitjobs-crds.yaml | 3208 ++++++++ .../fleet-crd/fleet-crd/0.3.100/Chart.yaml | 11 + .../fleet-crd/0.3.100/templates/crds.yaml | 2143 +++++ .../0.3.100/templates/gitjobs-crds.yaml | 3208 ++++++++ .../fleet-crd/fleet-crd/0.3.200/Chart.yaml | 12 + .../fleet-crd/0.3.200/templates/crds.yaml | 2168 +++++ .../0.3.200/templates/gitjobs-crds.yaml | 3208 ++++++++ .../fleet-crd/fleet-crd/0.3.300/Chart.yaml | 12 + .../fleet-crd/0.3.300/templates/crds.yaml | 2168 +++++ .../0.3.300/templates/gitjobs-crds.yaml | 3208 ++++++++ .../fleet-crd/fleet-crd/0.3.400/Chart.yaml | 12 + .../fleet-crd/0.3.400/templates/crds.yaml | 2275 ++++++ .../0.3.400/templates/gitjobs-crds.yaml | 3208 ++++++++ .../fleet-crd/fleet-crd/0.3.500/Chart.yaml | 12 + .../fleet-crd/0.3.500/templates/crds.yaml | 2314 ++++++ .../0.3.500/templates/gitjobs-crds.yaml | 3208 ++++++++ .../charts/fleet/fleet/0.3.000/Chart.yaml | 15 + .../fleet/0.3.000/charts/gitjob/.helmignore | 23 + .../fleet/0.3.000/charts/gitjob/Chart.yaml | 5 + .../charts/gitjob/templates/_helpers.tpl | 7 + .../charts/gitjob/templates/clusterrole.yaml | 44 + .../gitjob/templates/clusterrolebinding.yaml | 12 + .../charts/gitjob/templates/deployment.yaml | 26 + .../charts/gitjob/templates/service.yaml | 12 + .../gitjob/templates/serviceaccount.yaml | 4 + .../fleet/0.3.000/charts/gitjob/values.yaml | 11 + .../fleet/0.3.000/templates/_helpers.tpl | 7 + .../fleet/0.3.000/templates/configmap.yaml | 23 + .../fleet/0.3.000/templates/deployment.yaml | 23 + .../fleet/fleet/0.3.000/templates/rbac.yaml | 106 + .../0.3.000/templates/serviceaccount.yaml | 10 + .../charts/fleet/fleet/0.3.000/values.yaml | 38 + .../charts/fleet/fleet/0.3.100/Chart.yaml | 15 + .../fleet/0.3.100/charts/gitjob/.helmignore | 23 + .../fleet/0.3.100/charts/gitjob/Chart.yaml | 5 + .../charts/gitjob/templates/_helpers.tpl | 7 + .../charts/gitjob/templates/clusterrole.yaml | 44 + .../gitjob/templates/clusterrolebinding.yaml | 12 + .../charts/gitjob/templates/deployment.yaml | 26 + .../charts/gitjob/templates/service.yaml | 12 + .../gitjob/templates/serviceaccount.yaml | 4 + .../fleet/0.3.100/charts/gitjob/values.yaml | 11 + .../fleet/0.3.100/templates/_helpers.tpl | 7 + .../fleet/0.3.100/templates/configmap.yaml | 23 + .../fleet/0.3.100/templates/deployment.yaml | 23 + .../fleet/fleet/0.3.100/templates/rbac.yaml | 106 + .../0.3.100/templates/serviceaccount.yaml | 10 + .../charts/fleet/fleet/0.3.100/values.yaml | 38 + .../charts/fleet/fleet/0.3.200/Chart.yaml | 15 + .../fleet/0.3.200/charts/gitjob/.helmignore | 23 + .../fleet/0.3.200/charts/gitjob/Chart.yaml | 5 + .../charts/gitjob/templates/_helpers.tpl | 7 + .../charts/gitjob/templates/clusterrole.yaml | 38 + .../gitjob/templates/clusterrolebinding.yaml | 12 + .../charts/gitjob/templates/deployment.yaml | 34 + .../charts/gitjob/templates/service.yaml | 12 + .../gitjob/templates/serviceaccount.yaml | 4 + .../fleet/0.3.200/charts/gitjob/values.yaml | 17 + .../fleet/0.3.200/templates/_helpers.tpl | 7 + .../fleet/0.3.200/templates/configmap.yaml | 23 + .../fleet/0.3.200/templates/deployment.yaml | 23 + .../fleet/fleet/0.3.200/templates/rbac.yaml | 106 + .../0.3.200/templates/serviceaccount.yaml | 10 + .../charts/fleet/fleet/0.3.200/values.yaml | 38 + .../charts/fleet/fleet/0.3.300/Chart.yaml | 15 + .../fleet/0.3.300/charts/gitjob/.helmignore | 23 + .../fleet/0.3.300/charts/gitjob/Chart.yaml | 5 + .../charts/gitjob/templates/_helpers.tpl | 7 + .../charts/gitjob/templates/clusterrole.yaml | 38 + .../gitjob/templates/clusterrolebinding.yaml | 12 + .../charts/gitjob/templates/deployment.yaml | 34 + .../charts/gitjob/templates/service.yaml | 12 + .../gitjob/templates/serviceaccount.yaml | 4 + .../fleet/0.3.300/charts/gitjob/values.yaml | 17 + .../fleet/0.3.300/templates/_helpers.tpl | 7 + .../fleet/0.3.300/templates/configmap.yaml | 23 + .../fleet/0.3.300/templates/deployment.yaml | 23 + .../fleet/fleet/0.3.300/templates/rbac.yaml | 106 + .../0.3.300/templates/serviceaccount.yaml | 10 + .../charts/fleet/fleet/0.3.300/values.yaml | 38 + .../charts/fleet/fleet/0.3.400/Chart.yaml | 15 + .../fleet/0.3.400/charts/gitjob/.helmignore | 23 + .../fleet/0.3.400/charts/gitjob/Chart.yaml | 5 + .../charts/gitjob/templates/_helpers.tpl | 7 + .../charts/gitjob/templates/clusterrole.yaml | 38 + .../gitjob/templates/clusterrolebinding.yaml | 12 + .../charts/gitjob/templates/deployment.yaml | 42 + .../charts/gitjob/templates/service.yaml | 12 + .../gitjob/templates/serviceaccount.yaml | 4 + .../fleet/0.3.400/charts/gitjob/values.yaml | 26 + .../fleet/0.3.400/templates/_helpers.tpl | 7 + .../fleet/0.3.400/templates/configmap.yaml | 23 + .../fleet/0.3.400/templates/deployment.yaml | 31 + .../fleet/fleet/0.3.400/templates/rbac.yaml | 106 + .../0.3.400/templates/serviceaccount.yaml | 10 + .../charts/fleet/fleet/0.3.400/values.yaml | 47 + .../charts/fleet/fleet/0.3.500/Chart.yaml | 15 + .../fleet/0.3.500/charts/gitjob/.helmignore | 23 + .../fleet/0.3.500/charts/gitjob/Chart.yaml | 5 + .../charts/gitjob/templates/_helpers.tpl | 7 + .../charts/gitjob/templates/clusterrole.yaml | 38 + .../gitjob/templates/clusterrolebinding.yaml | 12 + .../charts/gitjob/templates/deployment.yaml | 42 + .../charts/gitjob/templates/service.yaml | 12 + .../gitjob/templates/serviceaccount.yaml | 4 + .../fleet/0.3.500/charts/gitjob/values.yaml | 26 + .../fleet/0.3.500/templates/_helpers.tpl | 7 + .../fleet/0.3.500/templates/configmap.yaml | 23 + .../fleet/0.3.500/templates/deployment.yaml | 31 + .../fleet/fleet/0.3.500/templates/rbac.yaml | 106 + .../0.3.500/templates/serviceaccount.yaml | 10 + .../charts/fleet/fleet/0.3.500/values.yaml | 47 + .../longhorn/longhorn-crd/1.0.200/Chart.yaml | 10 + .../longhorn/longhorn-crd/1.0.200/README.md | 2 + .../longhorn-crd/1.0.200/templates/crds.yaml | 172 + .../longhorn/longhorn-crd/1.0.201/Chart.yaml | 10 + .../longhorn/longhorn-crd/1.0.201/README.md | 2 + .../longhorn-crd/1.0.201/templates/crds.yaml | 172 + .../longhorn/longhorn-crd/1.1.000/Chart.yaml | 10 + .../longhorn/longhorn-crd/1.1.000/README.md | 2 + .../longhorn-crd/1.1.000/templates/crds.yaml | 420 + .../longhorn/longhorn-crd/1.1.001/Chart.yaml | 10 + .../longhorn/longhorn-crd/1.1.001/README.md | 2 + .../longhorn-crd/1.1.001/templates/crds.yaml | 420 + .../longhorn/longhorn/1.0.200/.helmignore | 21 + .../longhorn/longhorn/1.0.200/Chart.yaml | 35 + .../longhorn/longhorn/1.0.200/README.md | 49 + .../longhorn/longhorn/1.0.200/app-readme.md | 11 + .../longhorn/longhorn/1.0.200/questions.yml | 346 + .../longhorn/1.0.200/templates/NOTES.txt | 5 + .../longhorn/1.0.200/templates/_helpers.tpl | 47 + .../1.0.200/templates/clusterrole.yaml | 40 + .../1.0.200/templates/clusterrolebinding.yaml | 13 + .../1.0.200/templates/daemonset-sa.yaml | 112 + .../1.0.200/templates/default-setting.yaml | 28 + .../1.0.200/templates/deployment-driver.yaml | 84 + .../1.0.200/templates/deployment-ui.yaml | 61 + .../longhorn/1.0.200/templates/ingress.yaml | 30 + .../1.0.200/templates/postupgrade-job.yaml | 35 + .../longhorn/1.0.200/templates/psp.yaml | 66 + .../1.0.200/templates/registry-secret.yml | 10 + .../1.0.200/templates/serviceaccount.yaml | 6 + .../1.0.200/templates/storageclass.yaml | 14 + .../1.0.200/templates/tls-secrets.yaml | 15 + .../1.0.200/templates/uninstall-job.yaml | 36 + .../longhorn/1.0.200/templates/userroles.yaml | 35 + .../templates/validate-install-crd.yaml | 14 + .../longhorn/longhorn/1.0.200/values.yaml | 136 + .../longhorn/longhorn/1.0.201/.helmignore | 21 + .../longhorn/longhorn/1.0.201/Chart.yaml | 36 + .../longhorn/longhorn/1.0.201/README.md | 49 + .../longhorn/longhorn/1.0.201/app-readme.md | 11 + .../longhorn/longhorn/1.0.201/questions.yml | 346 + .../longhorn/1.0.201/templates/NOTES.txt | 5 + .../longhorn/1.0.201/templates/_helpers.tpl | 47 + .../1.0.201/templates/clusterrole.yaml | 40 + .../1.0.201/templates/clusterrolebinding.yaml | 13 + .../1.0.201/templates/daemonset-sa.yaml | 112 + .../1.0.201/templates/default-setting.yaml | 28 + .../1.0.201/templates/deployment-driver.yaml | 84 + .../1.0.201/templates/deployment-ui.yaml | 61 + .../longhorn/1.0.201/templates/ingress.yaml | 30 + .../1.0.201/templates/postupgrade-job.yaml | 35 + .../longhorn/1.0.201/templates/psp.yaml | 66 + .../1.0.201/templates/registry-secret.yml | 10 + .../1.0.201/templates/serviceaccount.yaml | 6 + .../1.0.201/templates/storageclass.yaml | 14 + .../1.0.201/templates/tls-secrets.yaml | 15 + .../1.0.201/templates/uninstall-job.yaml | 36 + .../longhorn/1.0.201/templates/userroles.yaml | 35 + .../templates/validate-install-crd.yaml | 14 + .../longhorn/longhorn/1.0.201/values.yaml | 136 + .../longhorn/longhorn/1.1.000/.helmignore | 21 + .../longhorn/longhorn/1.1.000/Chart.yaml | 37 + .../longhorn/longhorn/1.1.000/README.md | 32 + .../longhorn/longhorn/1.1.000/app-readme.md | 11 + .../longhorn/longhorn/1.1.000/questions.yml | 512 ++ .../longhorn/1.1.000/templates/NOTES.txt | 5 + .../longhorn/1.1.000/templates/_helpers.tpl | 66 + .../1.1.000/templates/clusterrole.yaml | 47 + .../1.1.000/templates/clusterrolebinding.yaml | 13 + .../1.1.000/templates/daemonset-sa.yaml | 114 + .../1.1.000/templates/default-setting.yaml | 38 + .../1.1.000/templates/deployment-driver.yaml | 93 + .../1.1.000/templates/deployment-ui.yaml | 61 + .../longhorn/1.1.000/templates/ingress.yaml | 31 + .../1.1.000/templates/postupgrade-job.yaml | 35 + .../longhorn/1.1.000/templates/psp.yaml | 66 + .../1.1.000/templates/registry-secret.yml | 11 + .../1.1.000/templates/serviceaccount.yaml | 6 + .../1.1.000/templates/storageclass.yaml | 26 + .../1.1.000/templates/tls-secrets.yaml | 16 + .../1.1.000/templates/uninstall-job.yaml | 36 + .../longhorn/1.1.000/templates/userroles.yaml | 38 + .../templates/validate-install-crd.yaml | 14 + .../longhorn/longhorn/1.1.000/values.yaml | 162 + .../longhorn/longhorn/1.1.001/.helmignore | 21 + .../longhorn/longhorn/1.1.001/Chart.yaml | 37 + .../longhorn/longhorn/1.1.001/README.md | 32 + .../longhorn/longhorn/1.1.001/app-readme.md | 11 + .../longhorn/longhorn/1.1.001/questions.yml | 512 ++ .../longhorn/1.1.001/templates/NOTES.txt | 5 + .../longhorn/1.1.001/templates/_helpers.tpl | 66 + .../1.1.001/templates/clusterrole.yaml | 47 + .../1.1.001/templates/clusterrolebinding.yaml | 13 + .../1.1.001/templates/daemonset-sa.yaml | 114 + .../1.1.001/templates/default-setting.yaml | 38 + .../1.1.001/templates/deployment-driver.yaml | 93 + .../1.1.001/templates/deployment-ui.yaml | 61 + .../longhorn/1.1.001/templates/ingress.yaml | 31 + .../1.1.001/templates/postupgrade-job.yaml | 35 + .../longhorn/1.1.001/templates/psp.yaml | 66 + .../1.1.001/templates/registry-secret.yml | 11 + .../1.1.001/templates/serviceaccount.yaml | 6 + .../1.1.001/templates/storageclass.yaml | 26 + .../1.1.001/templates/tls-secrets.yaml | 16 + .../1.1.001/templates/uninstall-job.yaml | 36 + .../longhorn/1.1.001/templates/userroles.yaml | 38 + .../templates/validate-install-crd.yaml | 21 + .../longhorn/longhorn/1.1.001/values.yaml | 162 + .../1.0.100/Chart.yaml | 21 + .../1.0.100/app-readme.md | 11 + .../1.0.100/charts/prom2teams/.helmignore | 22 + .../1.0.100/charts/prom2teams/Chart.yaml | 10 + .../1.0.100/charts/prom2teams/files/teams.j2 | 44 + .../charts/prom2teams/templates/NOTES.txt | 2 + .../charts/prom2teams/templates/_helpers.tpl | 73 + .../prom2teams/templates/configmap.yaml | 39 + .../prom2teams/templates/deployment.yaml | 77 + .../charts/prom2teams/templates/psp.yaml | 28 + .../charts/prom2teams/templates/role.yaml | 15 + .../prom2teams/templates/rolebinding.yaml | 13 + .../prom2teams/templates/service-account.yaml | 6 + .../charts/prom2teams/templates/service.yaml | 17 + .../1.0.100/charts/prom2teams/values.yaml | 62 + .../1.0.100/charts/sachet/.helmignore | 23 + .../1.0.100/charts/sachet/Chart.yaml | 11 + .../1.0.100/charts/sachet/files/template.tmpl | 1 + .../1.0.100/charts/sachet/templates/NOTES.txt | 3 + .../charts/sachet/templates/_helpers.tpl | 79 + .../templates/configmap-pre-install.yaml | 21 + .../charts/sachet/templates/deployment.yaml | 75 + .../1.0.100/charts/sachet/templates/psp.yaml | 28 + .../1.0.100/charts/sachet/templates/role.yaml | 15 + .../charts/sachet/templates/rolebinding.yaml | 13 + .../sachet/templates/service-account.yaml | 6 + .../charts/sachet/templates/service.yaml | 17 + .../1.0.100/charts/sachet/values.yaml | 63 + .../1.0.100/questions.yml | 14 + .../1.0.100/templates/NOTES.txt | 2 + .../1.0.100/templates/_helpers.tpl | 91 + .../1.0.100/templates/cluster-role.yaml | 50 + .../1.0.100/values.yaml | 17 + .../rancher-backup-crd/1.0.400/Chart.yaml | 11 + .../rancher-backup-crd/1.0.400/README.md | 3 + .../1.0.400/templates/backup.yaml | 119 + .../1.0.400/templates/resourceset.yaml | 94 + .../1.0.400/templates/restore.yaml | 102 + .../rancher-backup-crd/1.0.200/Chart.yaml | 10 + .../rancher-backup-crd/1.0.200/README.md | 2 + .../1.0.200/templates/backup.yaml | 119 + .../1.0.200/templates/resourceset.yaml | 94 + .../1.0.200/templates/restore.yaml | 102 + .../rancher-backup-crd/1.0.201/Chart.yaml | 10 + .../rancher-backup-crd/1.0.201/README.md | 2 + .../1.0.201/templates/backup.yaml | 119 + .../1.0.201/templates/resourceset.yaml | 94 + .../1.0.201/templates/restore.yaml | 102 + .../rancher-backup-crd/1.0.300/Chart.yaml | 10 + .../rancher-backup-crd/1.0.300/README.md | 2 + .../1.0.300/templates/backup.yaml | 119 + .../1.0.300/templates/resourceset.yaml | 94 + .../1.0.300/templates/restore.yaml | 102 + .../rancher-backup-crd/1.0.301/Chart.yaml | 10 + .../rancher-backup-crd/1.0.301/README.md | 2 + .../1.0.301/templates/backup.yaml | 119 + .../1.0.301/templates/resourceset.yaml | 94 + .../1.0.301/templates/restore.yaml | 102 + .../rancher-backup/1.0.200/Chart.yaml | 19 + .../rancher-backup/1.0.200/README.md | 69 + .../1.0.200/templates/_helpers.tpl | 76 + .../1.0.200/templates/clusterrolebinding.yaml | 14 + .../1.0.200/templates/deployment.yaml | 59 + .../rancher-backup/1.0.200/templates/pvc.yaml | 27 + .../templates/rancher-resourceset.yaml | 62 + .../1.0.200/templates/s3-secret.yaml | 31 + .../1.0.200/templates/serviceaccount.yaml | 7 + .../templates/validate-install-crd.yaml | 16 + .../rancher-backup/1.0.200/values.yaml | 49 + .../rancher-backup/1.0.201/Chart.yaml | 20 + .../rancher-backup/1.0.201/README.md | 69 + .../rancher-backup/1.0.201/app-readme.md | 15 + .../1.0.201/templates/_helpers.tpl | 76 + .../1.0.201/templates/clusterrolebinding.yaml | 14 + .../1.0.201/templates/deployment.yaml | 59 + .../rancher-backup/1.0.201/templates/pvc.yaml | 27 + .../templates/rancher-resourceset.yaml | 62 + .../1.0.201/templates/s3-secret.yaml | 31 + .../1.0.201/templates/serviceaccount.yaml | 7 + .../templates/validate-install-crd.yaml | 16 + .../rancher-backup/1.0.201/values.yaml | 49 + .../rancher-backup/1.0.300/Chart.yaml | 20 + .../rancher-backup/1.0.300/README.md | 69 + .../rancher-backup/1.0.300/app-readme.md | 15 + .../1.0.300/templates/_helpers.tpl | 76 + .../1.0.300/templates/clusterrolebinding.yaml | 14 + .../1.0.300/templates/deployment.yaml | 59 + .../rancher-backup/1.0.300/templates/pvc.yaml | 27 + .../templates/rancher-resourceset.yaml | 62 + .../1.0.300/templates/s3-secret.yaml | 31 + .../1.0.300/templates/serviceaccount.yaml | 7 + .../templates/validate-install-crd.yaml | 16 + .../rancher-backup/1.0.300/values.yaml | 49 + .../rancher-backup/1.0.301/Chart.yaml | 20 + .../rancher-backup/1.0.301/README.md | 69 + .../rancher-backup/1.0.301/app-readme.md | 15 + .../1.0.301/templates/_helpers.tpl | 76 + .../1.0.301/templates/clusterrolebinding.yaml | 14 + .../1.0.301/templates/deployment.yaml | 59 + .../rancher-backup/1.0.301/templates/pvc.yaml | 27 + .../templates/rancher-resourceset.yaml | 62 + .../1.0.301/templates/s3-secret.yaml | 31 + .../1.0.301/templates/serviceaccount.yaml | 7 + .../templates/validate-install-crd.yaml | 16 + .../rancher-backup/1.0.301/values.yaml | 49 + .../rancher-backup/1.0.400/Chart.yaml | 20 + .../rancher-backup/1.0.400/README.md | 69 + .../rancher-backup/1.0.400/app-readme.md | 15 + .../default-resourceset-contents/eks.yaml | 17 + .../default-resourceset-contents/fleet.yaml | 49 + .../default-resourceset-contents/gke.yaml | 17 + .../rancher-operator.yaml | 27 + .../default-resourceset-contents/rancher.yaml | 44 + .../1.0.400/templates/_helpers.tpl | 76 + .../1.0.400/templates/clusterrolebinding.yaml | 14 + .../1.0.400/templates/deployment.yaml | 59 + .../rancher-backup/1.0.400/templates/pvc.yaml | 27 + .../templates/rancher-resourceset.yaml | 13 + .../1.0.400/templates/s3-secret.yaml | 31 + .../1.0.400/templates/serviceaccount.yaml | 7 + .../templates/validate-install-crd.yaml | 16 + .../rancher-backup/1.0.400/values.yaml | 49 + .../1.0.100/Chart.yaml | 10 + .../1.0.100/README.md | 2 + .../1.0.100/templates/clusterscan.yaml | 112 + .../templates/clusterscanbenchmark.yaml | 49 + .../1.0.100/templates/clusterscanprofile.yaml | 37 + .../1.0.100/templates/clusterscanreport.yaml | 40 + .../1.0.200/Chart.yaml | 10 + .../1.0.200/README.md | 2 + .../1.0.200/templates/clusterscan.yaml | 112 + .../templates/clusterscanbenchmark.yaml | 49 + .../1.0.200/templates/clusterscanprofile.yaml | 37 + .../1.0.200/templates/clusterscanreport.yaml | 40 + .../1.0.300/Chart.yaml | 10 + .../1.0.300/README.md | 2 + .../1.0.300/templates/clusterscan.yaml | 149 + .../templates/clusterscanbenchmark.yaml | 55 + .../1.0.300/templates/clusterscanprofile.yaml | 37 + .../1.0.300/templates/clusterscanreport.yaml | 40 + .../1.0.301/Chart.yaml | 10 + .../1.0.301/README.md | 2 + .../1.0.301/templates/clusterscan.yaml | 149 + .../templates/clusterscanbenchmark.yaml | 55 + .../1.0.301/templates/clusterscanprofile.yaml | 37 + .../1.0.301/templates/clusterscanreport.yaml | 40 + .../1.0.400/Chart.yaml | 10 + .../1.0.400/README.md | 2 + .../1.0.400/templates/clusterscan.yaml | 149 + .../templates/clusterscanbenchmark.yaml | 55 + .../1.0.400/templates/clusterscanprofile.yaml | 37 + .../1.0.400/templates/clusterscanreport.yaml | 40 + .../1.0.402/Chart.yaml | 10 + .../1.0.402/README.md | 2 + .../1.0.402/templates/clusterscan.yaml | 149 + .../templates/clusterscanbenchmark.yaml | 55 + .../1.0.402/templates/clusterscanprofile.yaml | 37 + .../1.0.402/templates/clusterscanreport.yaml | 40 + .../rancher-cis-benchmark/1.0.100/Chart.yaml | 17 + .../rancher-cis-benchmark/1.0.100/README.md | 9 + .../1.0.100/templates/_helpers.tpl | 23 + .../1.0.100/templates/benchmark-cis-1.5.yaml | 8 + .../1.0.100/templates/benchmark-eks-1.0.yaml | 8 + .../1.0.100/templates/benchmark-gke-1.0.yaml | 8 + .../benchmark-rke-cis-1.5-hardened.yaml | 8 + .../benchmark-rke-cis-1.5-permissive.yaml | 8 + .../1.0.100/templates/cis-roles.yaml | 51 + .../1.0.100/templates/configmap.yaml | 11 + .../1.0.100/templates/deployment.yaml | 46 + .../templates/network_policy_allow_all.yaml | 15 + .../patch_default_serviceaccount.yaml | 20 + .../1.0.100/templates/rbac.yaml | 43 + .../1.0.100/templates/scanprofile-cis-1.5.yml | 9 + .../templates/scanprofile-rke-hardened.yml | 9 + .../templates/scanprofile-rke-permissive.yml | 9 + .../1.0.100/templates/scanprofileeks.yml | 9 + .../1.0.100/templates/scanprofilegke.yml | 9 + .../1.0.100/templates/serviceaccount.yaml | 14 + .../templates/validate-install-crd.yaml | 17 + .../rancher-cis-benchmark/1.0.100/values.yaml | 39 + .../rancher-cis-benchmark/1.0.200/Chart.yaml | 18 + .../rancher-cis-benchmark/1.0.200/README.md | 9 + .../1.0.200/app-readme.md | 12 + .../1.0.200/templates/_helpers.tpl | 23 + .../1.0.200/templates/benchmark-cis-1.5.yaml | 8 + .../1.0.200/templates/benchmark-eks-1.0.yaml | 8 + .../1.0.200/templates/benchmark-gke-1.0.yaml | 8 + .../benchmark-rke-cis-1.5-hardened.yaml | 8 + .../benchmark-rke-cis-1.5-permissive.yaml | 8 + .../1.0.200/templates/cis-roles.yaml | 28 + .../1.0.200/templates/configmap.yaml | 11 + .../1.0.200/templates/deployment.yaml | 46 + .../templates/network_policy_allow_all.yaml | 15 + .../patch_default_serviceaccount.yaml | 20 + .../1.0.200/templates/rbac.yaml | 43 + .../1.0.200/templates/scanprofile-cis-1.5.yml | 9 + .../templates/scanprofile-rke-hardened.yml | 9 + .../templates/scanprofile-rke-permissive.yml | 9 + .../1.0.200/templates/scanprofileeks.yml | 9 + .../1.0.200/templates/scanprofilegke.yml | 9 + .../1.0.200/templates/serviceaccount.yaml | 14 + .../templates/validate-install-crd.yaml | 17 + .../rancher-cis-benchmark/1.0.200/values.yaml | 39 + .../rancher-cis-benchmark/1.0.300/Chart.yaml | 18 + .../rancher-cis-benchmark/1.0.300/README.md | 9 + .../1.0.300/app-readme.md | 15 + .../1.0.300/templates/_helpers.tpl | 23 + .../1.0.300/templates/alertingrule.yaml | 14 + .../1.0.300/templates/benchmark-cis-1.5.yaml | 8 + .../1.0.300/templates/benchmark-cis-1.6.yaml | 8 + .../1.0.300/templates/benchmark-eks-1.0.yaml | 8 + .../1.0.300/templates/benchmark-gke-1.0.yaml | 8 + .../benchmark-rke-cis-1.5-hardened.yaml | 8 + .../benchmark-rke-cis-1.5-permissive.yaml | 8 + .../benchmark-rke-cis-1.6-hardened.yaml | 8 + .../benchmark-rke-cis-1.6-permissive.yaml | 8 + .../benchmark-rke2-cis-1.5-hardened.yaml | 8 + .../benchmark-rke2-cis-1.5-permissive.yaml | 8 + .../1.0.300/templates/cis-roles.yaml | 49 + .../1.0.300/templates/configmap.yaml | 14 + .../1.0.300/templates/deployment.yaml | 57 + .../templates/network_policy_allow_all.yaml | 15 + .../patch_default_serviceaccount.yaml | 20 + .../1.0.300/templates/rbac.yaml | 43 + .../1.0.300/templates/scanprofile-cis-1.5.yml | 9 + .../templates/scanprofile-cis-1.6.yaml | 9 + .../scanprofile-rke-1.5-hardened.yml | 9 + .../scanprofile-rke-1.5-permissive.yml | 9 + .../scanprofile-rke-1.6-hardened.yaml | 9 + .../scanprofile-rke-1.6-permissive.yaml | 9 + .../scanprofile-rke2-cis-1.5-hardened.yml | 9 + .../scanprofile-rke2-cis-1.5-permissive.yml | 9 + .../1.0.300/templates/scanprofileeks.yml | 9 + .../1.0.300/templates/scanprofilegke.yml | 9 + .../1.0.300/templates/serviceaccount.yaml | 14 + .../templates/validate-install-crd.yaml | 17 + .../rancher-cis-benchmark/1.0.300/values.yaml | 45 + .../rancher-cis-benchmark/1.0.301/Chart.yaml | 18 + .../rancher-cis-benchmark/1.0.301/README.md | 9 + .../1.0.301/app-readme.md | 15 + .../1.0.301/templates/_helpers.tpl | 23 + .../1.0.301/templates/alertingrule.yaml | 14 + .../1.0.301/templates/benchmark-cis-1.5.yaml | 8 + .../1.0.301/templates/benchmark-cis-1.6.yaml | 8 + .../1.0.301/templates/benchmark-eks-1.0.yaml | 8 + .../1.0.301/templates/benchmark-gke-1.0.yaml | 8 + .../benchmark-rke-cis-1.5-hardened.yaml | 8 + .../benchmark-rke-cis-1.5-permissive.yaml | 8 + .../benchmark-rke-cis-1.6-hardened.yaml | 8 + .../benchmark-rke-cis-1.6-permissive.yaml | 8 + .../benchmark-rke2-cis-1.5-hardened.yaml | 8 + .../benchmark-rke2-cis-1.5-permissive.yaml | 8 + .../1.0.301/templates/cis-roles.yaml | 49 + .../1.0.301/templates/configmap.yaml | 14 + .../1.0.301/templates/deployment.yaml | 57 + .../templates/network_policy_allow_all.yaml | 15 + .../patch_default_serviceaccount.yaml | 20 + .../1.0.301/templates/rbac.yaml | 43 + .../1.0.301/templates/scanprofile-cis-1.5.yml | 9 + .../templates/scanprofile-cis-1.6.yaml | 9 + .../scanprofile-rke-1.5-hardened.yml | 9 + .../scanprofile-rke-1.5-permissive.yml | 9 + .../scanprofile-rke-1.6-hardened.yaml | 9 + .../scanprofile-rke-1.6-permissive.yaml | 9 + .../scanprofile-rke2-cis-1.5-hardened.yml | 9 + .../scanprofile-rke2-cis-1.5-permissive.yml | 9 + .../1.0.301/templates/scanprofileeks.yml | 9 + .../1.0.301/templates/scanprofilegke.yml | 9 + .../1.0.301/templates/serviceaccount.yaml | 14 + .../templates/validate-install-crd.yaml | 17 + .../rancher-cis-benchmark/1.0.301/values.yaml | 45 + .../rancher-cis-benchmark/1.0.400/Chart.yaml | 18 + .../rancher-cis-benchmark/1.0.400/README.md | 9 + .../1.0.400/app-readme.md | 15 + .../1.0.400/templates/_helpers.tpl | 23 + .../1.0.400/templates/alertingrule.yaml | 14 + .../1.0.400/templates/benchmark-cis-1.5.yaml | 8 + .../1.0.400/templates/benchmark-cis-1.6.yaml | 8 + .../1.0.400/templates/benchmark-eks-1.0.yaml | 8 + .../1.0.400/templates/benchmark-gke-1.0.yaml | 8 + .../benchmark-rke-cis-1.5-hardened.yaml | 8 + .../benchmark-rke-cis-1.5-permissive.yaml | 8 + .../benchmark-rke-cis-1.6-hardened.yaml | 8 + .../benchmark-rke-cis-1.6-permissive.yaml | 8 + .../benchmark-rke2-cis-1.5-hardened.yaml | 8 + .../benchmark-rke2-cis-1.5-permissive.yaml | 8 + .../benchmark-rke2-cis-1.6-hardened.yaml | 8 + .../benchmark-rke2-cis-1.6-permissive.yaml | 8 + .../1.0.400/templates/cis-roles.yaml | 49 + .../1.0.400/templates/configmap.yaml | 16 + .../1.0.400/templates/deployment.yaml | 57 + .../templates/network_policy_allow_all.yaml | 15 + .../patch_default_serviceaccount.yaml | 20 + .../1.0.400/templates/rbac.yaml | 43 + .../1.0.400/templates/scanprofile-cis-1.5.yml | 9 + .../templates/scanprofile-cis-1.6.yaml | 9 + .../scanprofile-rke-1.5-hardened.yml | 9 + .../scanprofile-rke-1.5-permissive.yml | 9 + .../scanprofile-rke-1.6-hardened.yaml | 9 + .../scanprofile-rke-1.6-permissive.yaml | 9 + .../scanprofile-rke2-cis-1.5-hardened.yml | 9 + .../scanprofile-rke2-cis-1.5-permissive.yml | 9 + .../scanprofile-rke2-cis-1.6-hardened.yml | 9 + .../scanprofile-rke2-cis-1.6-permissive.yml | 9 + .../1.0.400/templates/scanprofileeks.yml | 9 + .../1.0.400/templates/scanprofilegke.yml | 9 + .../1.0.400/templates/serviceaccount.yaml | 14 + .../templates/validate-install-crd.yaml | 17 + .../rancher-cis-benchmark/1.0.400/values.yaml | 45 + .../rancher-cis-benchmark/1.0.402/Chart.yaml | 18 + .../rancher-cis-benchmark/1.0.402/README.md | 9 + .../1.0.402/app-readme.md | 15 + .../1.0.402/templates/_helpers.tpl | 23 + .../1.0.402/templates/alertingrule.yaml | 14 + .../1.0.402/templates/benchmark-cis-1.5.yaml | 8 + .../1.0.402/templates/benchmark-cis-1.6.yaml | 8 + .../1.0.402/templates/benchmark-eks-1.0.yaml | 8 + .../1.0.402/templates/benchmark-gke-1.0.yaml | 8 + .../benchmark-rke-cis-1.5-hardened.yaml | 8 + .../benchmark-rke-cis-1.5-permissive.yaml | 8 + .../benchmark-rke-cis-1.6-hardened.yaml | 8 + .../benchmark-rke-cis-1.6-permissive.yaml | 8 + .../benchmark-rke2-cis-1.5-hardened.yaml | 8 + .../benchmark-rke2-cis-1.5-permissive.yaml | 8 + .../benchmark-rke2-cis-1.6-hardened.yaml | 8 + .../benchmark-rke2-cis-1.6-permissive.yaml | 8 + .../1.0.402/templates/cis-roles.yaml | 49 + .../1.0.402/templates/configmap.yaml | 16 + .../1.0.402/templates/deployment.yaml | 57 + .../templates/network_policy_allow_all.yaml | 15 + .../patch_default_serviceaccount.yaml | 20 + .../1.0.402/templates/rbac.yaml | 43 + .../1.0.402/templates/scanprofile-cis-1.5.yml | 9 + .../templates/scanprofile-cis-1.6.yaml | 9 + .../scanprofile-rke-1.5-hardened.yml | 9 + .../scanprofile-rke-1.5-permissive.yml | 9 + .../scanprofile-rke-1.6-hardened.yaml | 9 + .../scanprofile-rke-1.6-permissive.yaml | 9 + .../scanprofile-rke2-cis-1.5-hardened.yml | 9 + .../scanprofile-rke2-cis-1.5-permissive.yml | 9 + .../scanprofile-rke2-cis-1.6-hardened.yml | 9 + .../scanprofile-rke2-cis-1.6-permissive.yml | 9 + .../1.0.402/templates/scanprofileeks.yml | 9 + .../1.0.402/templates/scanprofilegke.yml | 9 + .../1.0.402/templates/serviceaccount.yaml | 14 + .../templates/validate-install-crd.yaml | 17 + .../rancher-cis-benchmark/1.0.402/values.yaml | 45 + .../0.1.400/.helmignore | 21 + .../0.1.400/Chart.yaml | 24 + .../0.1.400/README.md | 70 + .../0.1.400/app-README.md | 9 + .../0.1.400/questions.yaml | 7 + .../0.1.400/templates/NOTES.txt | 3 + .../0.1.400/templates/_helpers.tpl | 50 + .../templates/admissionregistration.yaml | 30 + .../0.1.400/templates/clusterrole.yaml | 33 + .../0.1.400/templates/clusterrolebinding.yaml | 31 + .../0.1.400/templates/deployment.yaml | 107 + .../0.1.400/templates/issuer.yaml | 52 + .../0.1.400/templates/service.yaml | 35 + .../0.1.400/templates/serviceaccount.yaml | 7 + .../0.1.400/templates/servicemonitor.yaml | 16 + .../tests/admissionregistration_test.yaml | 32 + .../0.1.400/tests/clusterrole_test.yaml | 37 + .../tests/clusterrolebinding_test.yaml | 42 + .../0.1.400/tests/deployment_test.yaml | 202 + .../0.1.400/tests/issuer_test.yaml | 106 + .../0.1.400/tests/service_test.yaml | 69 + .../0.1.400/tests/serviceaccount_test.yaml | 9 + .../0.1.400/tests/servicemonitor_test.yaml | 20 + .../0.1.400/values.yaml | 67 + .../0.1.600/.helmignore | 21 + .../0.1.600/Chart.yaml | 24 + .../0.1.600/README.md | 69 + .../0.1.600/app-README.md | 12 + .../0.1.600/questions.yaml | 26 + .../0.1.600/templates/NOTES.txt | 3 + .../0.1.600/templates/_helpers.tpl | 50 + .../templates/admissionregistration.yaml | 30 + .../0.1.600/templates/clusterrole.yaml | 33 + .../0.1.600/templates/clusterrolebinding.yaml | 31 + .../0.1.600/templates/deployment.yaml | 107 + .../0.1.600/templates/issuer.yaml | 52 + .../0.1.600/templates/service.yaml | 35 + .../0.1.600/templates/serviceaccount.yaml | 7 + .../0.1.600/templates/servicemonitor.yaml | 16 + .../tests/admissionregistration_test.yaml | 32 + .../0.1.600/tests/clusterrole_test.yaml | 37 + .../tests/clusterrolebinding_test.yaml | 42 + .../0.1.600/tests/deployment_test.yaml | 202 + .../0.1.600/tests/issuer_test.yaml | 106 + .../0.1.600/tests/service_test.yaml | 69 + .../0.1.600/tests/serviceaccount_test.yaml | 9 + .../0.1.600/tests/servicemonitor_test.yaml | 20 + .../0.1.600/values.yaml | 67 + .../0.1.601/.helmignore | 21 + .../0.1.601/Chart.yaml | 24 + .../0.1.601/README.md | 69 + .../0.1.601/app-README.md | 12 + .../0.1.601/questions.yaml | 26 + .../0.1.601/templates/NOTES.txt | 3 + .../0.1.601/templates/_helpers.tpl | 50 + .../templates/admissionregistration.yaml | 30 + .../0.1.601/templates/clusterrole.yaml | 33 + .../0.1.601/templates/clusterrolebinding.yaml | 31 + .../0.1.601/templates/deployment.yaml | 107 + .../0.1.601/templates/issuer.yaml | 52 + .../0.1.601/templates/service.yaml | 35 + .../0.1.601/templates/serviceaccount.yaml | 7 + .../0.1.601/templates/servicemonitor.yaml | 16 + .../tests/admissionregistration_test.yaml | 32 + .../0.1.601/tests/clusterrole_test.yaml | 37 + .../tests/clusterrolebinding_test.yaml | 42 + .../0.1.601/tests/deployment_test.yaml | 202 + .../0.1.601/tests/issuer_test.yaml | 106 + .../0.1.601/tests/service_test.yaml | 69 + .../0.1.601/tests/serviceaccount_test.yaml | 9 + .../0.1.601/tests/servicemonitor_test.yaml | 20 + .../0.1.601/values.yaml | 67 + .../rancher-gatekeeper-crd/3.1.100/Chart.yaml | 11 + .../rancher-gatekeeper-crd/3.1.100/README.md | 2 + .../config-customresourcedefinition.yaml | 106 + ...intpodstatus-customresourcedefinition.yaml | 68 + ...ainttemplate-customresourcedefinition.yaml | 99 + ...atepodstatus-customresourcedefinition.yaml | 67 + .../rancher-gatekeeper-crd/3.1.101/Chart.yaml | 11 + .../rancher-gatekeeper-crd/3.1.101/README.md | 2 + .../config-customresourcedefinition.yaml | 106 + ...intpodstatus-customresourcedefinition.yaml | 68 + ...ainttemplate-customresourcedefinition.yaml | 99 + ...atepodstatus-customresourcedefinition.yaml | 67 + .../rancher-gatekeeper-crd/3.2.101/Chart.yaml | 11 + .../rancher-gatekeeper-crd/3.2.101/README.md | 2 + .../config-customresourcedefinition.yaml | 106 + ...intpodstatus-customresourcedefinition.yaml | 68 + ...ainttemplate-customresourcedefinition.yaml | 97 + ...atepodstatus-customresourcedefinition.yaml | 67 + .../3.2.101/templates/_helpers.tpl | 7 + .../3.2.101/templates/jobs.yaml | 92 + .../3.2.101/templates/manifest.yaml | 14 + .../3.2.101/templates/rbac.yaml | 72 + .../3.2.101/values.yaml | 11 + .../rancher-gatekeeper-crd/3.3.000/Chart.yaml | 10 + .../rancher-gatekeeper-crd/3.3.000/README.md | 2 + .../config-customresourcedefinition.yaml | 106 + ...intpodstatus-customresourcedefinition.yaml | 68 + ...ainttemplate-customresourcedefinition.yaml | 97 + ...atepodstatus-customresourcedefinition.yaml | 67 + .../3.3.000/templates/_helpers.tpl | 7 + .../3.3.000/templates/jobs.yaml | 92 + .../3.3.000/templates/manifest.yaml | 14 + .../3.3.000/templates/rbac.yaml | 72 + .../3.3.000/values.yaml | 11 + .../rancher-gatekeeper-crd/3.3.001/Chart.yaml | 10 + .../rancher-gatekeeper-crd/3.3.001/README.md | 2 + .../config-customresourcedefinition.yaml | 106 + ...intpodstatus-customresourcedefinition.yaml | 68 + ...ainttemplate-customresourcedefinition.yaml | 97 + ...atepodstatus-customresourcedefinition.yaml | 67 + .../3.3.001/templates/_helpers.tpl | 7 + .../3.3.001/templates/jobs.yaml | 92 + .../3.3.001/templates/manifest.yaml | 14 + .../3.3.001/templates/rbac.yaml | 72 + .../3.3.001/values.yaml | 11 + .../rancher-gatekeeper/3.1.100/.helmignore | 21 + .../rancher-gatekeeper/3.1.100/CHANGELOG.md | 15 + .../rancher-gatekeeper/3.1.100/Chart.yaml | 21 + .../rancher-gatekeeper/3.1.100/README.md | 33 + .../3.1.100/templates/_helpers.tpl | 52 + .../3.1.100/templates/allowedrepos.yaml | 35 + .../gatekeeper-admin-serviceaccount.yaml | 11 + .../gatekeeper-audit-deployment.yaml | 96 + ...ekeeper-controller-manager-deployment.yaml | 117 + .../gatekeeper-manager-role-clusterrole.yaml | 125 + .../gatekeeper-manager-role-role.yaml | 32 + ...anager-rolebinding-clusterrolebinding.yaml | 18 + ...eeper-manager-rolebinding-rolebinding.yaml | 19 + ...ration-validatingwebhookconfiguration.yaml | 58 + ...gatekeeper-webhook-server-cert-secret.yaml | 11 + .../gatekeeper-webhook-service-service.yaml | 23 + .../3.1.100/templates/requiredlabels.yaml | 57 + .../templates/validate-install-crd.yaml | 17 + .../rancher-gatekeeper/3.1.100/values.yaml | 31 + .../rancher-gatekeeper/3.1.101/.helmignore | 21 + .../rancher-gatekeeper/3.1.101/CHANGELOG.md | 15 + .../rancher-gatekeeper/3.1.101/Chart.yaml | 22 + .../rancher-gatekeeper/3.1.101/README.md | 33 + .../rancher-gatekeeper/3.1.101/app-readme.md | 14 + .../3.1.101/templates/_helpers.tpl | 52 + .../3.1.101/templates/allowedrepos.yaml | 35 + .../gatekeeper-admin-serviceaccount.yaml | 11 + .../gatekeeper-audit-deployment.yaml | 96 + ...ekeeper-controller-manager-deployment.yaml | 117 + .../gatekeeper-manager-role-clusterrole.yaml | 125 + .../gatekeeper-manager-role-role.yaml | 32 + ...anager-rolebinding-clusterrolebinding.yaml | 18 + ...eeper-manager-rolebinding-rolebinding.yaml | 19 + ...ration-validatingwebhookconfiguration.yaml | 58 + ...gatekeeper-webhook-server-cert-secret.yaml | 11 + .../gatekeeper-webhook-service-service.yaml | 23 + .../3.1.101/templates/requiredlabels.yaml | 57 + .../templates/validate-install-crd.yaml | 17 + .../rancher-gatekeeper/3.1.101/values.yaml | 31 + .../rancher-gatekeeper/3.2.101/.helmignore | 21 + .../rancher-gatekeeper/3.2.101/CHANGELOG.md | 15 + .../rancher-gatekeeper/3.2.101/Chart.yaml | 23 + .../rancher-gatekeeper/3.2.101/README.md | 33 + .../rancher-gatekeeper/3.2.101/app-readme.md | 14 + .../3.2.101/templates/_helpers.tpl | 52 + .../3.2.101/templates/allowedrepos.yaml | 35 + .../gatekeeper-admin-podsecuritypolicy.yaml | 35 + .../gatekeeper-admin-serviceaccount.yaml | 11 + .../gatekeeper-audit-deployment.yaml | 96 + ...ekeeper-controller-manager-deployment.yaml | 117 + .../gatekeeper-manager-role-clusterrole.yaml | 127 + .../gatekeeper-manager-role-role.yaml | 32 + ...anager-rolebinding-clusterrolebinding.yaml | 18 + ...eeper-manager-rolebinding-rolebinding.yaml | 19 + ...ration-validatingwebhookconfiguration.yaml | 58 + ...gatekeeper-webhook-server-cert-secret.yaml | 11 + .../gatekeeper-webhook-service-service.yaml | 23 + .../3.2.101/templates/requiredlabels.yaml | 57 + .../templates/validate-install-crd.yaml | 17 + .../rancher-gatekeeper/3.2.101/values.yaml | 40 + .../rancher-gatekeeper/3.3.000/.helmignore | 21 + .../rancher-gatekeeper/3.3.000/CHANGELOG.md | 15 + .../rancher-gatekeeper/3.3.000/Chart.yaml | 22 + .../rancher-gatekeeper/3.3.000/README.md | 39 + .../rancher-gatekeeper/3.3.000/app-readme.md | 14 + .../3.3.000/templates/_helpers.tpl | 52 + .../3.3.000/templates/allowedrepos.yaml | 35 + .../gatekeeper-admin-podsecuritypolicy.yaml | 35 + .../gatekeeper-admin-serviceaccount.yaml | 11 + .../gatekeeper-audit-deployment.yaml | 103 + ...ekeeper-controller-manager-deployment.yaml | 124 + .../gatekeeper-manager-role-clusterrole.yaml | 139 + .../gatekeeper-manager-role-role.yaml | 32 + ...anager-rolebinding-clusterrolebinding.yaml | 18 + ...eeper-manager-rolebinding-rolebinding.yaml | 19 + ...ration-validatingwebhookconfiguration.yaml | 61 + ...gatekeeper-webhook-server-cert-secret.yaml | 13 + .../gatekeeper-webhook-service-service.yaml | 23 + .../3.3.000/templates/requiredlabels.yaml | 57 + .../templates/validate-install-crd.yaml | 17 + .../rancher-gatekeeper/3.3.000/values.yaml | 60 + .../rancher-gatekeeper/3.3.001/.helmignore | 21 + .../rancher-gatekeeper/3.3.001/CHANGELOG.md | 15 + .../rancher-gatekeeper/3.3.001/Chart.yaml | 22 + .../rancher-gatekeeper/3.3.001/README.md | 39 + .../rancher-gatekeeper/3.3.001/app-readme.md | 14 + .../3.3.001/templates/_helpers.tpl | 52 + .../3.3.001/templates/allowedrepos.yaml | 35 + .../gatekeeper-admin-podsecuritypolicy.yaml | 35 + .../gatekeeper-admin-serviceaccount.yaml | 11 + .../gatekeeper-audit-deployment.yaml | 103 + ...ekeeper-controller-manager-deployment.yaml | 124 + .../gatekeeper-manager-role-clusterrole.yaml | 139 + .../gatekeeper-manager-role-role.yaml | 32 + ...anager-rolebinding-clusterrolebinding.yaml | 18 + ...eeper-manager-rolebinding-rolebinding.yaml | 19 + ...ration-validatingwebhookconfiguration.yaml | 61 + ...gatekeeper-webhook-server-cert-secret.yaml | 13 + .../gatekeeper-webhook-service-service.yaml | 23 + .../3.3.001/templates/requiredlabels.yaml | 57 + .../templates/validate-install-crd.yaml | 17 + .../rancher-gatekeeper/3.3.001/values.yaml | 60 + .../rancher-grafana/6.6.401/.helmignore | 23 + .../rancher-grafana/6.6.401/Chart.yaml | 28 + .../rancher-grafana/6.6.401/README.md | 514 ++ .../6.6.401/dashboards/custom-dashboard.json | 1 + .../6.6.401/templates/NOTES.txt | 54 + .../6.6.401/templates/_helpers.tpl | 145 + .../6.6.401/templates/_pod.tpl | 496 ++ .../6.6.401/templates/clusterrole.yaml | 25 + .../6.6.401/templates/clusterrolebinding.yaml | 24 + .../configmap-dashboard-provider.yaml | 29 + .../6.6.401/templates/configmap.yaml | 80 + .../templates/dashboards-json-configmap.yaml | 35 + .../6.6.401/templates/deployment.yaml | 48 + .../6.6.401/templates/headless-service.yaml | 18 + .../templates/image-renderer-deployment.yaml | 117 + .../image-renderer-network-policy.yaml | 76 + .../templates/image-renderer-service.yaml | 28 + .../6.6.401/templates/ingress.yaml | 80 + .../6.6.401/templates/nginx-config.yaml | 75 + .../templates/poddisruptionbudget.yaml | 22 + .../6.6.401/templates/podsecuritypolicy.yaml | 49 + .../6.6.401/templates/pvc.yaml | 33 + .../6.6.401/templates/role.yaml | 32 + .../6.6.401/templates/rolebinding.yaml | 25 + .../6.6.401/templates/secret-env.yaml | 14 + .../6.6.401/templates/secret.yaml | 22 + .../6.6.401/templates/service.yaml | 50 + .../6.6.401/templates/serviceaccount.yaml | 13 + .../6.6.401/templates/servicemonitor.yaml | 40 + .../6.6.401/templates/statefulset.yaml | 52 + .../templates/tests/test-configmap.yaml | 17 + .../tests/test-podsecuritypolicy.yaml | 30 + .../6.6.401/templates/tests/test-role.yaml | 14 + .../templates/tests/test-rolebinding.yaml | 17 + .../templates/tests/test-serviceaccount.yaml | 9 + .../6.6.401/templates/tests/test.yaml | 48 + .../rancher-grafana/6.6.401/values.yaml | 732 ++ .../rancher-istio/1.8.301/Chart.yaml | 21 + .../rancher-istio/1.8.301/README.md | 69 + .../rancher-istio/1.8.301/app-readme.md | 45 + .../1.8.301/charts/kiali/Chart.yaml | 31 + .../1.8.301/charts/kiali/templates/NOTES.txt | 5 + .../charts/kiali/templates/_helpers.tpl | 192 + .../charts/kiali/templates/cabundle.yaml | 13 + .../charts/kiali/templates/configmap.yaml | 24 + .../kiali/templates/dashboards/envoy.yaml | 55 + .../charts/kiali/templates/dashboards/go.yaml | 66 + .../kiali/templates/dashboards/kiali.yaml | 43 + .../dashboards/micrometer-1.0.6-jvm-pool.yaml | 42 + .../dashboards/micrometer-1.0.6-jvm.yaml | 64 + .../dashboards/micrometer-1.1-jvm.yaml | 67 + .../dashboards/microprofile-1.1.yaml | 58 + .../dashboards/microprofile-x.y.yaml | 37 + .../kiali/templates/dashboards/nodejs.yaml | 58 + .../kiali/templates/dashboards/quarkus.yaml | 32 + .../dashboards/springboot-jvm-pool.yaml | 15 + .../templates/dashboards/springboot-jvm.yaml | 15 + .../dashboards/springboot-tomcat.yaml | 15 + .../kiali/templates/dashboards/thorntail.yaml | 21 + .../kiali/templates/dashboards/tomcat.yaml | 66 + .../templates/dashboards/vertx-client.yaml | 59 + .../templates/dashboards/vertx-eventbus.yaml | 58 + .../kiali/templates/dashboards/vertx-jvm.yaml | 15 + .../templates/dashboards/vertx-pool.yaml | 67 + .../templates/dashboards/vertx-server.yaml | 61 + .../charts/kiali/templates/deployment.yaml | 174 + .../1.8.301/charts/kiali/templates/hpa.yaml | 17 + .../charts/kiali/templates/ingress.yaml | 40 + .../1.8.301/charts/kiali/templates/oauth.yaml | 17 + .../1.8.301/charts/kiali/templates/psp.yaml | 67 + .../kiali/templates/role-controlplane.yaml | 15 + .../charts/kiali/templates/role-viewer.yaml | 96 + .../1.8.301/charts/kiali/templates/role.yaml | 107 + .../templates/rolebinding-controlplane.yaml | 17 + .../charts/kiali/templates/rolebinding.yaml | 20 + .../1.8.301/charts/kiali/templates/route.yaml | 30 + .../charts/kiali/templates/service.yaml | 40 + .../kiali/templates/serviceaccount.yaml | 9 + .../kiali/templates/validate-install-crd.yaml | 14 + .../kiali/templates/web-root-configmap.yaml | 12 + .../1.8.301/charts/kiali/values.yaml | 93 + .../1.8.301/charts/tracing/.helmignore | 23 + .../1.8.301/charts/tracing/Chart.yaml | 12 + .../1.8.301/charts/tracing/README.md | 5 + .../charts/tracing/templates/_affinity.tpl | 92 + .../charts/tracing/templates/_helpers.tpl | 32 + .../charts/tracing/templates/deployment.yaml | 86 + .../1.8.301/charts/tracing/templates/psp.yaml | 86 + .../1.8.301/charts/tracing/templates/pvc.yaml | 16 + .../charts/tracing/templates/service.yaml | 63 + .../1.8.301/charts/tracing/values.yaml | 44 + .../1.8.301/configs/istio-base.yaml | 85 + .../rancher-istio/1.8.301/requirements.yaml | 17 + .../1.8.301/samples/overlay-example.yaml | 37 + .../1.8.301/templates/_helpers.tpl | 12 + .../1.8.301/templates/admin-role.yaml | 43 + .../1.8.301/templates/base-config-map.yaml | 7 + .../1.8.301/templates/clusterrole.yaml | 120 + .../1.8.301/templates/clusterrolebinding.yaml | 12 + .../1.8.301/templates/edit-role.yaml | 43 + .../1.8.301/templates/istio-cni-psp.yaml | 51 + .../1.8.301/templates/istio-install-job.yaml | 50 + .../1.8.301/templates/istio-install-psp.yaml | 30 + .../1.8.301/templates/istio-psp.yaml | 81 + .../templates/istio-uninstall-job.yaml | 45 + .../1.8.301/templates/overlay-config-map.yaml | 9 + .../1.8.301/templates/service-monitors.yaml | 51 + .../1.8.301/templates/serviceaccount.yaml | 5 + .../1.8.301/templates/view-role.yaml | 41 + .../rancher-istio/1.8.301/values.yaml | 94 + .../rancher-istio/1.8.400/Chart.yaml | 21 + .../rancher-istio/1.8.400/README.md | 69 + .../rancher-istio/1.8.400/app-readme.md | 45 + .../1.8.400/charts/kiali/Chart.yaml | 31 + .../1.8.400/charts/kiali/templates/NOTES.txt | 5 + .../charts/kiali/templates/_helpers.tpl | 192 + .../charts/kiali/templates/cabundle.yaml | 13 + .../charts/kiali/templates/configmap.yaml | 24 + .../kiali/templates/dashboards/envoy.yaml | 56 + .../charts/kiali/templates/dashboards/go.yaml | 67 + .../kiali/templates/dashboards/kiali.yaml | 44 + .../dashboards/micrometer-1.0.6-jvm-pool.yaml | 43 + .../dashboards/micrometer-1.0.6-jvm.yaml | 65 + .../dashboards/micrometer-1.1-jvm.yaml | 68 + .../dashboards/microprofile-1.1.yaml | 59 + .../dashboards/microprofile-x.y.yaml | 38 + .../kiali/templates/dashboards/nodejs.yaml | 59 + .../kiali/templates/dashboards/quarkus.yaml | 33 + .../dashboards/springboot-jvm-pool.yaml | 16 + .../templates/dashboards/springboot-jvm.yaml | 16 + .../dashboards/springboot-tomcat.yaml | 16 + .../kiali/templates/dashboards/thorntail.yaml | 22 + .../kiali/templates/dashboards/tomcat.yaml | 67 + .../templates/dashboards/vertx-client.yaml | 60 + .../templates/dashboards/vertx-eventbus.yaml | 59 + .../kiali/templates/dashboards/vertx-jvm.yaml | 16 + .../templates/dashboards/vertx-pool.yaml | 68 + .../templates/dashboards/vertx-server.yaml | 62 + .../charts/kiali/templates/deployment.yaml | 174 + .../1.8.400/charts/kiali/templates/hpa.yaml | 17 + .../charts/kiali/templates/ingress.yaml | 40 + .../1.8.400/charts/kiali/templates/oauth.yaml | 17 + .../1.8.400/charts/kiali/templates/psp.yaml | 67 + .../kiali/templates/role-controlplane.yaml | 15 + .../charts/kiali/templates/role-viewer.yaml | 97 + .../1.8.400/charts/kiali/templates/role.yaml | 108 + .../templates/rolebinding-controlplane.yaml | 17 + .../charts/kiali/templates/rolebinding.yaml | 20 + .../1.8.400/charts/kiali/templates/route.yaml | 30 + .../charts/kiali/templates/service.yaml | 47 + .../kiali/templates/serviceaccount.yaml | 9 + .../kiali/templates/validate-install-crd.yaml | 14 + .../kiali/templates/web-root-configmap.yaml | 12 + .../1.8.400/charts/kiali/values.yaml | 93 + .../1.8.400/charts/tracing/.helmignore | 23 + .../1.8.400/charts/tracing/Chart.yaml | 12 + .../1.8.400/charts/tracing/README.md | 5 + .../charts/tracing/templates/_affinity.tpl | 92 + .../charts/tracing/templates/_helpers.tpl | 32 + .../charts/tracing/templates/deployment.yaml | 86 + .../1.8.400/charts/tracing/templates/psp.yaml | 86 + .../1.8.400/charts/tracing/templates/pvc.yaml | 16 + .../charts/tracing/templates/service.yaml | 63 + .../1.8.400/charts/tracing/values.yaml | 44 + .../1.8.400/configs/istio-base.yaml | 89 + .../rancher-istio/1.8.400/requirements.yaml | 17 + .../1.8.400/samples/overlay-example.yaml | 37 + .../1.8.400/templates/_helpers.tpl | 12 + .../1.8.400/templates/admin-role.yaml | 43 + .../1.8.400/templates/base-config-map.yaml | 7 + .../1.8.400/templates/clusterrole.yaml | 120 + .../1.8.400/templates/clusterrolebinding.yaml | 12 + .../1.8.400/templates/edit-role.yaml | 43 + .../1.8.400/templates/istio-cni-psp.yaml | 51 + .../1.8.400/templates/istio-install-job.yaml | 50 + .../1.8.400/templates/istio-install-psp.yaml | 30 + .../1.8.400/templates/istio-psp.yaml | 81 + .../templates/istio-uninstall-job.yaml | 45 + .../1.8.400/templates/overlay-config-map.yaml | 9 + .../1.8.400/templates/service-monitors.yaml | 51 + .../1.8.400/templates/serviceaccount.yaml | 5 + .../1.8.400/templates/view-role.yaml | 41 + .../rancher-istio/1.8.400/values.yaml | 95 + .../rancher-istio/1.8.500/Chart.yaml | 21 + .../rancher-istio/1.8.500/README.md | 69 + .../rancher-istio/1.8.500/app-readme.md | 45 + .../1.8.500/charts/kiali/Chart.yaml | 31 + .../1.8.500/charts/kiali/templates/NOTES.txt | 5 + .../charts/kiali/templates/_helpers.tpl | 192 + .../charts/kiali/templates/cabundle.yaml | 13 + .../charts/kiali/templates/configmap.yaml | 24 + .../kiali/templates/dashboards/envoy.yaml | 56 + .../charts/kiali/templates/dashboards/go.yaml | 67 + .../kiali/templates/dashboards/kiali.yaml | 44 + .../dashboards/micrometer-1.0.6-jvm-pool.yaml | 43 + .../dashboards/micrometer-1.0.6-jvm.yaml | 65 + .../dashboards/micrometer-1.1-jvm.yaml | 68 + .../dashboards/microprofile-1.1.yaml | 59 + .../dashboards/microprofile-x.y.yaml | 38 + .../kiali/templates/dashboards/nodejs.yaml | 59 + .../kiali/templates/dashboards/quarkus.yaml | 33 + .../dashboards/springboot-jvm-pool.yaml | 16 + .../templates/dashboards/springboot-jvm.yaml | 16 + .../dashboards/springboot-tomcat.yaml | 16 + .../kiali/templates/dashboards/thorntail.yaml | 22 + .../kiali/templates/dashboards/tomcat.yaml | 67 + .../templates/dashboards/vertx-client.yaml | 60 + .../templates/dashboards/vertx-eventbus.yaml | 59 + .../kiali/templates/dashboards/vertx-jvm.yaml | 16 + .../templates/dashboards/vertx-pool.yaml | 68 + .../templates/dashboards/vertx-server.yaml | 62 + .../charts/kiali/templates/deployment.yaml | 174 + .../1.8.500/charts/kiali/templates/hpa.yaml | 17 + .../charts/kiali/templates/ingress.yaml | 40 + .../1.8.500/charts/kiali/templates/oauth.yaml | 17 + .../1.8.500/charts/kiali/templates/psp.yaml | 67 + .../kiali/templates/role-controlplane.yaml | 15 + .../charts/kiali/templates/role-viewer.yaml | 97 + .../1.8.500/charts/kiali/templates/role.yaml | 108 + .../templates/rolebinding-controlplane.yaml | 17 + .../charts/kiali/templates/rolebinding.yaml | 20 + .../1.8.500/charts/kiali/templates/route.yaml | 30 + .../charts/kiali/templates/service.yaml | 47 + .../kiali/templates/serviceaccount.yaml | 9 + .../kiali/templates/validate-install-crd.yaml | 14 + .../kiali/templates/web-root-configmap.yaml | 12 + .../1.8.500/charts/kiali/values.yaml | 93 + .../1.8.500/charts/tracing/.helmignore | 23 + .../1.8.500/charts/tracing/Chart.yaml | 12 + .../1.8.500/charts/tracing/README.md | 5 + .../charts/tracing/templates/_affinity.tpl | 92 + .../charts/tracing/templates/_helpers.tpl | 32 + .../charts/tracing/templates/deployment.yaml | 86 + .../1.8.500/charts/tracing/templates/psp.yaml | 86 + .../1.8.500/charts/tracing/templates/pvc.yaml | 16 + .../charts/tracing/templates/service.yaml | 63 + .../1.8.500/charts/tracing/values.yaml | 44 + .../1.8.500/configs/istio-base.yaml | 89 + .../rancher-istio/1.8.500/requirements.yaml | 17 + .../1.8.500/samples/overlay-example.yaml | 37 + .../1.8.500/templates/_helpers.tpl | 12 + .../1.8.500/templates/admin-role.yaml | 43 + .../1.8.500/templates/base-config-map.yaml | 7 + .../1.8.500/templates/clusterrole.yaml | 120 + .../1.8.500/templates/clusterrolebinding.yaml | 12 + .../1.8.500/templates/edit-role.yaml | 43 + .../1.8.500/templates/istio-cni-psp.yaml | 51 + .../1.8.500/templates/istio-install-job.yaml | 50 + .../1.8.500/templates/istio-install-psp.yaml | 30 + .../1.8.500/templates/istio-psp.yaml | 81 + .../templates/istio-uninstall-job.yaml | 45 + .../1.8.500/templates/overlay-config-map.yaml | 9 + .../1.8.500/templates/service-monitors.yaml | 51 + .../1.8.500/templates/serviceaccount.yaml | 5 + .../1.8.500/templates/view-role.yaml | 41 + .../rancher-istio/1.8.500/values.yaml | 95 + .../rancher-istio/1.9.200/Chart.yaml | 21 + .../rancher-istio/1.9.200/README.md | 69 + .../rancher-istio/1.9.200/app-readme.md | 45 + .../1.9.200/charts/kiali/Chart.yaml | 31 + .../1.9.200/charts/kiali/templates/NOTES.txt | 5 + .../charts/kiali/templates/_helpers.tpl | 192 + .../charts/kiali/templates/cabundle.yaml | 13 + .../charts/kiali/templates/configmap.yaml | 24 + .../kiali/templates/dashboards/envoy.yaml | 56 + .../charts/kiali/templates/dashboards/go.yaml | 67 + .../kiali/templates/dashboards/kiali.yaml | 44 + .../dashboards/micrometer-1.0.6-jvm-pool.yaml | 43 + .../dashboards/micrometer-1.0.6-jvm.yaml | 65 + .../dashboards/micrometer-1.1-jvm.yaml | 68 + .../dashboards/microprofile-1.1.yaml | 59 + .../dashboards/microprofile-x.y.yaml | 38 + .../kiali/templates/dashboards/nodejs.yaml | 59 + .../kiali/templates/dashboards/quarkus.yaml | 33 + .../dashboards/springboot-jvm-pool.yaml | 16 + .../templates/dashboards/springboot-jvm.yaml | 16 + .../dashboards/springboot-tomcat.yaml | 16 + .../kiali/templates/dashboards/thorntail.yaml | 22 + .../kiali/templates/dashboards/tomcat.yaml | 67 + .../templates/dashboards/vertx-client.yaml | 60 + .../templates/dashboards/vertx-eventbus.yaml | 59 + .../kiali/templates/dashboards/vertx-jvm.yaml | 16 + .../templates/dashboards/vertx-pool.yaml | 68 + .../templates/dashboards/vertx-server.yaml | 62 + .../charts/kiali/templates/deployment.yaml | 174 + .../1.9.200/charts/kiali/templates/hpa.yaml | 17 + .../charts/kiali/templates/ingress.yaml | 40 + .../1.9.200/charts/kiali/templates/oauth.yaml | 17 + .../1.9.200/charts/kiali/templates/psp.yaml | 67 + .../kiali/templates/role-controlplane.yaml | 15 + .../charts/kiali/templates/role-viewer.yaml | 97 + .../1.9.200/charts/kiali/templates/role.yaml | 108 + .../templates/rolebinding-controlplane.yaml | 17 + .../charts/kiali/templates/rolebinding.yaml | 20 + .../1.9.200/charts/kiali/templates/route.yaml | 30 + .../charts/kiali/templates/service.yaml | 47 + .../kiali/templates/serviceaccount.yaml | 9 + .../kiali/templates/validate-install-crd.yaml | 14 + .../kiali/templates/web-root-configmap.yaml | 12 + .../1.9.200/charts/kiali/values.yaml | 93 + .../1.9.200/charts/tracing/.helmignore | 23 + .../1.9.200/charts/tracing/Chart.yaml | 12 + .../1.9.200/charts/tracing/README.md | 5 + .../charts/tracing/templates/_affinity.tpl | 92 + .../charts/tracing/templates/_helpers.tpl | 32 + .../charts/tracing/templates/deployment.yaml | 86 + .../1.9.200/charts/tracing/templates/psp.yaml | 86 + .../1.9.200/charts/tracing/templates/pvc.yaml | 16 + .../charts/tracing/templates/service.yaml | 63 + .../1.9.200/charts/tracing/values.yaml | 44 + .../1.9.200/configs/istio-base.yaml | 89 + .../rancher-istio/1.9.200/requirements.yaml | 17 + .../1.9.200/samples/overlay-example.yaml | 37 + .../1.9.200/templates/_helpers.tpl | 12 + .../1.9.200/templates/admin-role.yaml | 43 + .../1.9.200/templates/base-config-map.yaml | 7 + .../1.9.200/templates/clusterrole.yaml | 120 + .../1.9.200/templates/clusterrolebinding.yaml | 12 + .../1.9.200/templates/edit-role.yaml | 43 + .../1.9.200/templates/istio-cni-psp.yaml | 51 + .../1.9.200/templates/istio-install-job.yaml | 50 + .../1.9.200/templates/istio-install-psp.yaml | 30 + .../1.9.200/templates/istio-psp.yaml | 81 + .../templates/istio-uninstall-job.yaml | 45 + .../1.9.200/templates/overlay-config-map.yaml | 9 + .../1.9.200/templates/service-monitors.yaml | 51 + .../1.9.200/templates/serviceaccount.yaml | 5 + .../1.9.200/templates/view-role.yaml | 41 + .../rancher-istio/1.9.200/values.yaml | 95 + .../rancher-istio/1.9.300/Chart.yaml | 21 + .../rancher-istio/1.9.300/README.md | 69 + .../rancher-istio/1.9.300/app-readme.md | 45 + .../1.9.300/charts/kiali/Chart.yaml | 31 + .../1.9.300/charts/kiali/templates/NOTES.txt | 5 + .../charts/kiali/templates/_helpers.tpl | 192 + .../charts/kiali/templates/cabundle.yaml | 13 + .../charts/kiali/templates/configmap.yaml | 24 + .../kiali/templates/dashboards/envoy.yaml | 56 + .../charts/kiali/templates/dashboards/go.yaml | 67 + .../kiali/templates/dashboards/kiali.yaml | 44 + .../dashboards/micrometer-1.0.6-jvm-pool.yaml | 43 + .../dashboards/micrometer-1.0.6-jvm.yaml | 65 + .../dashboards/micrometer-1.1-jvm.yaml | 68 + .../dashboards/microprofile-1.1.yaml | 59 + .../dashboards/microprofile-x.y.yaml | 38 + .../kiali/templates/dashboards/nodejs.yaml | 59 + .../kiali/templates/dashboards/quarkus.yaml | 33 + .../dashboards/springboot-jvm-pool.yaml | 16 + .../templates/dashboards/springboot-jvm.yaml | 16 + .../dashboards/springboot-tomcat.yaml | 16 + .../kiali/templates/dashboards/thorntail.yaml | 22 + .../kiali/templates/dashboards/tomcat.yaml | 67 + .../templates/dashboards/vertx-client.yaml | 60 + .../templates/dashboards/vertx-eventbus.yaml | 59 + .../kiali/templates/dashboards/vertx-jvm.yaml | 16 + .../templates/dashboards/vertx-pool.yaml | 68 + .../templates/dashboards/vertx-server.yaml | 62 + .../charts/kiali/templates/deployment.yaml | 174 + .../1.9.300/charts/kiali/templates/hpa.yaml | 17 + .../charts/kiali/templates/ingress.yaml | 40 + .../1.9.300/charts/kiali/templates/oauth.yaml | 17 + .../1.9.300/charts/kiali/templates/psp.yaml | 67 + .../kiali/templates/role-controlplane.yaml | 15 + .../charts/kiali/templates/role-viewer.yaml | 97 + .../1.9.300/charts/kiali/templates/role.yaml | 108 + .../templates/rolebinding-controlplane.yaml | 17 + .../charts/kiali/templates/rolebinding.yaml | 20 + .../1.9.300/charts/kiali/templates/route.yaml | 30 + .../charts/kiali/templates/service.yaml | 47 + .../kiali/templates/serviceaccount.yaml | 9 + .../kiali/templates/validate-install-crd.yaml | 14 + .../kiali/templates/web-root-configmap.yaml | 12 + .../1.9.300/charts/kiali/values.yaml | 93 + .../1.9.300/charts/tracing/.helmignore | 23 + .../1.9.300/charts/tracing/Chart.yaml | 12 + .../1.9.300/charts/tracing/README.md | 5 + .../charts/tracing/templates/_affinity.tpl | 92 + .../charts/tracing/templates/_helpers.tpl | 32 + .../charts/tracing/templates/deployment.yaml | 86 + .../1.9.300/charts/tracing/templates/psp.yaml | 86 + .../1.9.300/charts/tracing/templates/pvc.yaml | 16 + .../charts/tracing/templates/service.yaml | 63 + .../1.9.300/charts/tracing/values.yaml | 44 + .../1.9.300/configs/istio-base.yaml | 89 + .../rancher-istio/1.9.300/requirements.yaml | 17 + .../1.9.300/samples/overlay-example.yaml | 37 + .../1.9.300/templates/_helpers.tpl | 12 + .../1.9.300/templates/admin-role.yaml | 43 + .../1.9.300/templates/base-config-map.yaml | 7 + .../1.9.300/templates/clusterrole.yaml | 120 + .../1.9.300/templates/clusterrolebinding.yaml | 12 + .../1.9.300/templates/edit-role.yaml | 43 + .../1.9.300/templates/istio-cni-psp.yaml | 51 + .../1.9.300/templates/istio-install-job.yaml | 50 + .../1.9.300/templates/istio-install-psp.yaml | 30 + .../1.9.300/templates/istio-psp.yaml | 81 + .../templates/istio-uninstall-job.yaml | 45 + .../1.9.300/templates/overlay-config-map.yaml | 9 + .../1.9.300/templates/service-monitors.yaml | 51 + .../1.9.300/templates/serviceaccount.yaml | 5 + .../1.9.300/templates/view-role.yaml | 41 + .../rancher-istio/1.9.300/values.yaml | 95 + .../rancher-istio/1.7.100/Chart.yaml | 19 + .../rancher-istio/1.7.100/README.md | 28 + .../charts/rancher-kiali-server/Chart.yaml | 31 + .../rancher-kiali-server/templates/NOTES.txt | 5 + .../templates/_helpers.tpl | 176 + .../templates/cabundle.yaml | 13 + .../templates/configmap.yaml | 24 + .../templates/dashboards/envoy.yaml | 55 + .../templates/dashboards/go.yaml | 66 + .../templates/dashboards/kiali.yaml | 43 + .../dashboards/micrometer-1.0.6-jvm-pool.yaml | 42 + .../dashboards/micrometer-1.0.6-jvm.yaml | 64 + .../dashboards/micrometer-1.1-jvm.yaml | 67 + .../dashboards/microprofile-1.1.yaml | 58 + .../dashboards/microprofile-x.y.yaml | 37 + .../templates/dashboards/nodejs.yaml | 58 + .../templates/dashboards/quarkus.yaml | 32 + .../dashboards/springboot-jvm-pool.yaml | 15 + .../templates/dashboards/springboot-jvm.yaml | 15 + .../dashboards/springboot-tomcat.yaml | 15 + .../templates/dashboards/thorntail.yaml | 21 + .../templates/dashboards/tomcat.yaml | 66 + .../templates/dashboards/vertx-client.yaml | 59 + .../templates/dashboards/vertx-eventbus.yaml | 58 + .../templates/dashboards/vertx-jvm.yaml | 15 + .../templates/dashboards/vertx-pool.yaml | 67 + .../templates/dashboards/vertx-server.yaml | 61 + .../templates/deployment.yaml | 165 + .../templates/ingess.yaml | 40 + .../rancher-kiali-server/templates/oauth.yaml | 17 + .../templates/role-viewer.yaml | 101 + .../rancher-kiali-server/templates/role.yaml | 118 + .../templates/rolebinding.yaml | 20 + .../rancher-kiali-server/templates/route.yaml | 30 + .../templates/service.yaml | 40 + .../templates/serviceaccount.yaml | 9 + .../templates/validate-install-crd.yaml | 14 + .../templates/web-root-configmap.yaml | 12 + .../charts/rancher-kiali-server/values.yaml | 79 + .../1.7.100/configs/istio-base.yaml | 99 + .../rancher-istio/1.7.100/requirements.lock | 6 + .../rancher-istio/1.7.100/requirements.yaml | 7 + .../1.7.100/samples/overlay-example.yaml | 37 + .../1.7.100/templates/_helpers.tpl | 12 + .../1.7.100/templates/admin-role.yaml | 43 + .../1.7.100/templates/base-config-map.yaml | 7 + .../1.7.100/templates/clusterrole.yaml | 112 + .../1.7.100/templates/clusterrolebinding.yaml | 12 + .../1.7.100/templates/edit-role.yaml | 43 + .../1.7.100/templates/istio-install-job.yaml | 45 + .../templates/istio-uninstall-job.yaml | 42 + .../1.7.100/templates/overlay-config-map.yaml | 9 + .../1.7.100/templates/service-monitors.yaml | 51 + .../1.7.100/templates/serviceaccount.yaml | 5 + .../1.7.100/templates/view-role.yaml | 41 + .../rancher-istio/1.7.100/values.yaml | 95 + .../rancher-istio/1.7.300/Chart.yaml | 19 + .../rancher-istio/1.7.300/README.md | 36 + .../rancher-istio/1.7.300/app-readme.md | 30 + .../charts/rancher-kiali-server/Chart.yaml | 31 + .../rancher-kiali-server/templates/NOTES.txt | 5 + .../templates/_helpers.tpl | 176 + .../templates/cabundle.yaml | 13 + .../templates/configmap.yaml | 24 + .../templates/dashboards/envoy.yaml | 55 + .../templates/dashboards/go.yaml | 66 + .../templates/dashboards/kiali.yaml | 43 + .../dashboards/micrometer-1.0.6-jvm-pool.yaml | 42 + .../dashboards/micrometer-1.0.6-jvm.yaml | 64 + .../dashboards/micrometer-1.1-jvm.yaml | 67 + .../dashboards/microprofile-1.1.yaml | 58 + .../dashboards/microprofile-x.y.yaml | 37 + .../templates/dashboards/nodejs.yaml | 58 + .../templates/dashboards/quarkus.yaml | 32 + .../dashboards/springboot-jvm-pool.yaml | 15 + .../templates/dashboards/springboot-jvm.yaml | 15 + .../dashboards/springboot-tomcat.yaml | 15 + .../templates/dashboards/thorntail.yaml | 21 + .../templates/dashboards/tomcat.yaml | 66 + .../templates/dashboards/vertx-client.yaml | 59 + .../templates/dashboards/vertx-eventbus.yaml | 58 + .../templates/dashboards/vertx-jvm.yaml | 15 + .../templates/dashboards/vertx-pool.yaml | 67 + .../templates/dashboards/vertx-server.yaml | 61 + .../templates/deployment.yaml | 165 + .../templates/ingess.yaml | 40 + .../rancher-kiali-server/templates/oauth.yaml | 17 + .../templates/role-viewer.yaml | 101 + .../rancher-kiali-server/templates/role.yaml | 118 + .../templates/rolebinding.yaml | 20 + .../rancher-kiali-server/templates/route.yaml | 30 + .../templates/service.yaml | 40 + .../templates/serviceaccount.yaml | 9 + .../templates/validate-install-crd.yaml | 14 + .../templates/web-root-configmap.yaml | 12 + .../charts/rancher-kiali-server/values.yaml | 79 + .../1.7.300/configs/istio-base.yaml | 99 + .../rancher-istio/1.7.300/requirements.lock | 6 + .../rancher-istio/1.7.300/requirements.yaml | 7 + .../1.7.300/samples/overlay-example.yaml | 37 + .../1.7.300/templates/_helpers.tpl | 12 + .../1.7.300/templates/admin-role.yaml | 43 + .../1.7.300/templates/base-config-map.yaml | 7 + .../1.7.300/templates/clusterrole.yaml | 112 + .../1.7.300/templates/clusterrolebinding.yaml | 12 + .../1.7.300/templates/edit-role.yaml | 43 + .../1.7.300/templates/istio-install-job.yaml | 45 + .../templates/istio-uninstall-job.yaml | 42 + .../1.7.300/templates/overlay-config-map.yaml | 9 + .../1.7.300/templates/service-monitors.yaml | 51 + .../1.7.300/templates/serviceaccount.yaml | 5 + .../1.7.300/templates/view-role.yaml | 41 + .../rancher-istio/1.7.300/values.yaml | 96 + .../rancher-istio/1.7.301/Chart.yaml | 19 + .../rancher-istio/1.7.301/README.md | 46 + .../rancher-istio/1.7.301/app-readme.md | 31 + .../charts/rancher-kiali-server/Chart.yaml | 31 + .../rancher-kiali-server/templates/NOTES.txt | 5 + .../templates/_helpers.tpl | 176 + .../templates/cabundle.yaml | 13 + .../templates/configmap.yaml | 24 + .../templates/dashboards/envoy.yaml | 55 + .../templates/dashboards/go.yaml | 66 + .../templates/dashboards/kiali.yaml | 43 + .../dashboards/micrometer-1.0.6-jvm-pool.yaml | 42 + .../dashboards/micrometer-1.0.6-jvm.yaml | 64 + .../dashboards/micrometer-1.1-jvm.yaml | 67 + .../dashboards/microprofile-1.1.yaml | 58 + .../dashboards/microprofile-x.y.yaml | 37 + .../templates/dashboards/nodejs.yaml | 58 + .../templates/dashboards/quarkus.yaml | 32 + .../dashboards/springboot-jvm-pool.yaml | 15 + .../templates/dashboards/springboot-jvm.yaml | 15 + .../dashboards/springboot-tomcat.yaml | 15 + .../templates/dashboards/thorntail.yaml | 21 + .../templates/dashboards/tomcat.yaml | 66 + .../templates/dashboards/vertx-client.yaml | 59 + .../templates/dashboards/vertx-eventbus.yaml | 58 + .../templates/dashboards/vertx-jvm.yaml | 15 + .../templates/dashboards/vertx-pool.yaml | 67 + .../templates/dashboards/vertx-server.yaml | 61 + .../templates/deployment.yaml | 165 + .../templates/ingess.yaml | 40 + .../rancher-kiali-server/templates/oauth.yaml | 17 + .../templates/role-viewer.yaml | 101 + .../rancher-kiali-server/templates/role.yaml | 118 + .../templates/rolebinding.yaml | 20 + .../rancher-kiali-server/templates/route.yaml | 30 + .../templates/service.yaml | 40 + .../templates/serviceaccount.yaml | 9 + .../templates/validate-install-crd.yaml | 14 + .../templates/web-root-configmap.yaml | 12 + .../charts/rancher-kiali-server/values.yaml | 79 + .../charts/rancher-tracing/.helmignore | 23 + .../1.7.301/charts/rancher-tracing/Chart.yaml | 12 + .../1.7.301/charts/rancher-tracing/README.md | 5 + .../rancher-tracing/templates/_affinity.tpl | 92 + .../rancher-tracing/templates/_helpers.tpl | 32 + .../rancher-tracing/templates/deployment.yaml | 80 + .../charts/rancher-tracing/templates/pvc.yaml | 16 + .../rancher-tracing/templates/service.yaml | 63 + .../charts/rancher-tracing/values.yaml | 42 + .../1.7.301/configs/istio-base.yaml | 102 + .../rancher-istio/1.7.301/requirements.lock | 9 + .../rancher-istio/1.7.301/requirements.yaml | 13 + .../1.7.301/samples/overlay-example.yaml | 37 + .../1.7.301/templates/_helpers.tpl | 12 + .../1.7.301/templates/admin-role.yaml | 43 + .../1.7.301/templates/base-config-map.yaml | 7 + .../1.7.301/templates/clusterrole.yaml | 112 + .../1.7.301/templates/clusterrolebinding.yaml | 12 + .../1.7.301/templates/edit-role.yaml | 43 + .../1.7.301/templates/istio-install-job.yaml | 45 + .../templates/istio-uninstall-job.yaml | 42 + .../1.7.301/templates/overlay-config-map.yaml | 9 + .../1.7.301/templates/service-monitors.yaml | 51 + .../1.7.301/templates/serviceaccount.yaml | 5 + .../1.7.301/templates/view-role.yaml | 41 + .../rancher-istio/1.7.301/values.yaml | 106 + .../rancher-istio/1.8.300/Chart.yaml | 21 + .../rancher-istio/1.8.300/README.md | 69 + .../rancher-istio/1.8.300/app-readme.md | 45 + .../1.8.300/charts/kiali/Chart.yaml | 31 + .../1.8.300/charts/kiali/templates/NOTES.txt | 5 + .../charts/kiali/templates/_helpers.tpl | 192 + .../charts/kiali/templates/cabundle.yaml | 13 + .../charts/kiali/templates/configmap.yaml | 24 + .../kiali/templates/dashboards/envoy.yaml | 55 + .../charts/kiali/templates/dashboards/go.yaml | 66 + .../kiali/templates/dashboards/kiali.yaml | 43 + .../dashboards/micrometer-1.0.6-jvm-pool.yaml | 42 + .../dashboards/micrometer-1.0.6-jvm.yaml | 64 + .../dashboards/micrometer-1.1-jvm.yaml | 67 + .../dashboards/microprofile-1.1.yaml | 58 + .../dashboards/microprofile-x.y.yaml | 37 + .../kiali/templates/dashboards/nodejs.yaml | 58 + .../kiali/templates/dashboards/quarkus.yaml | 32 + .../dashboards/springboot-jvm-pool.yaml | 15 + .../templates/dashboards/springboot-jvm.yaml | 15 + .../dashboards/springboot-tomcat.yaml | 15 + .../kiali/templates/dashboards/thorntail.yaml | 21 + .../kiali/templates/dashboards/tomcat.yaml | 66 + .../templates/dashboards/vertx-client.yaml | 59 + .../templates/dashboards/vertx-eventbus.yaml | 58 + .../kiali/templates/dashboards/vertx-jvm.yaml | 15 + .../templates/dashboards/vertx-pool.yaml | 67 + .../templates/dashboards/vertx-server.yaml | 61 + .../charts/kiali/templates/deployment.yaml | 174 + .../1.8.300/charts/kiali/templates/hpa.yaml | 17 + .../charts/kiali/templates/ingress.yaml | 40 + .../1.8.300/charts/kiali/templates/oauth.yaml | 17 + .../kiali/templates/role-controlplane.yaml | 15 + .../charts/kiali/templates/role-viewer.yaml | 96 + .../1.8.300/charts/kiali/templates/role.yaml | 107 + .../templates/rolebinding-controlplane.yaml | 17 + .../charts/kiali/templates/rolebinding.yaml | 20 + .../1.8.300/charts/kiali/templates/route.yaml | 30 + .../charts/kiali/templates/service.yaml | 40 + .../kiali/templates/serviceaccount.yaml | 9 + .../kiali/templates/validate-install-crd.yaml | 14 + .../kiali/templates/web-root-configmap.yaml | 12 + .../1.8.300/charts/kiali/values.yaml | 91 + .../1.8.300/charts/tracing/.helmignore | 23 + .../1.8.300/charts/tracing/Chart.yaml | 12 + .../1.8.300/charts/tracing/README.md | 5 + .../charts/tracing/templates/_affinity.tpl | 92 + .../charts/tracing/templates/_helpers.tpl | 32 + .../charts/tracing/templates/deployment.yaml | 80 + .../1.8.300/charts/tracing/templates/pvc.yaml | 16 + .../charts/tracing/templates/service.yaml | 63 + .../1.8.300/charts/tracing/values.yaml | 42 + .../1.8.300/configs/istio-base.yaml | 85 + .../rancher-istio/1.8.300/requirements.yaml | 17 + .../1.8.300/samples/overlay-example.yaml | 37 + .../1.8.300/templates/_helpers.tpl | 12 + .../1.8.300/templates/admin-role.yaml | 43 + .../1.8.300/templates/base-config-map.yaml | 7 + .../1.8.300/templates/clusterrole.yaml | 112 + .../1.8.300/templates/clusterrolebinding.yaml | 12 + .../1.8.300/templates/edit-role.yaml | 43 + .../1.8.300/templates/istio-install-job.yaml | 45 + .../templates/istio-uninstall-job.yaml | 42 + .../1.8.300/templates/overlay-config-map.yaml | 9 + .../1.8.300/templates/service-monitors.yaml | 51 + .../1.8.300/templates/serviceaccount.yaml | 5 + .../1.8.300/templates/view-role.yaml | 41 + .../rancher-istio/1.8.300/values.yaml | 92 + .../1.23.001/Chart.yaml | 7 + .../1.23.001/README.md | 2 + .../1.23.001/templates/crds.yaml | 18 + .../1.24.001/Chart.yaml | 7 + .../1.24.001/README.md | 2 + .../1.24.001/templates/crds.yaml | 18 + .../1.24.003/Chart.yaml | 7 + .../1.24.003/README.md | 2 + .../1.24.003/templates/crds.yaml | 18 + .../1.29.000/Chart.yaml | 7 + .../1.29.000/README.md | 2 + .../1.29.000/templates/crds.yaml | 18 + .../1.29.100/Chart.yaml | 7 + .../1.29.100/README.md | 2 + .../1.29.100/templates/crds.yaml | 18 + .../1.32.100/Chart.yaml | 7 + .../1.32.100/README.md | 2 + .../1.32.100/templates/crds.yaml | 22 + .../rancher-kiali-server/1.23.001/Chart.yaml | 31 + .../1.23.001/templates/NOTES.txt | 5 + .../1.23.001/templates/_helpers.tpl | 176 + .../1.23.001/templates/cabundle.yaml | 13 + .../1.23.001/templates/configmap.yaml | 24 + .../1.23.001/templates/dashboards/envoy.yaml | 55 + .../1.23.001/templates/dashboards/go.yaml | 66 + .../1.23.001/templates/dashboards/kiali.yaml | 43 + .../dashboards/micrometer-1.0.6-jvm-pool.yaml | 42 + .../dashboards/micrometer-1.0.6-jvm.yaml | 64 + .../dashboards/micrometer-1.1-jvm.yaml | 67 + .../dashboards/microprofile-1.1.yaml | 58 + .../dashboards/microprofile-x.y.yaml | 37 + .../1.23.001/templates/dashboards/nodejs.yaml | 58 + .../templates/dashboards/quarkus.yaml | 32 + .../dashboards/springboot-jvm-pool.yaml | 15 + .../templates/dashboards/springboot-jvm.yaml | 15 + .../dashboards/springboot-tomcat.yaml | 15 + .../templates/dashboards/thorntail.yaml | 21 + .../1.23.001/templates/dashboards/tomcat.yaml | 66 + .../templates/dashboards/vertx-client.yaml | 59 + .../templates/dashboards/vertx-eventbus.yaml | 58 + .../templates/dashboards/vertx-jvm.yaml | 15 + .../templates/dashboards/vertx-pool.yaml | 67 + .../templates/dashboards/vertx-server.yaml | 61 + .../1.23.001/templates/deployment.yaml | 165 + .../1.23.001/templates/ingess.yaml | 40 + .../1.23.001/templates/oauth.yaml | 17 + .../1.23.001/templates/role-viewer.yaml | 101 + .../1.23.001/templates/role.yaml | 118 + .../1.23.001/templates/rolebinding.yaml | 20 + .../1.23.001/templates/route.yaml | 30 + .../1.23.001/templates/service.yaml | 40 + .../1.23.001/templates/serviceaccount.yaml | 9 + .../templates/validate-install-crd.yaml | 14 + .../templates/web-root-configmap.yaml | 12 + .../rancher-kiali-server/1.23.001/values.yaml | 79 + .../rancher-kiali-server/1.24.001/Chart.yaml | 31 + .../1.24.001/templates/NOTES.txt | 5 + .../1.24.001/templates/_helpers.tpl | 176 + .../1.24.001/templates/cabundle.yaml | 13 + .../1.24.001/templates/configmap.yaml | 24 + .../1.24.001/templates/dashboards/envoy.yaml | 55 + .../1.24.001/templates/dashboards/go.yaml | 66 + .../1.24.001/templates/dashboards/kiali.yaml | 43 + .../dashboards/micrometer-1.0.6-jvm-pool.yaml | 42 + .../dashboards/micrometer-1.0.6-jvm.yaml | 64 + .../dashboards/micrometer-1.1-jvm.yaml | 67 + .../dashboards/microprofile-1.1.yaml | 58 + .../dashboards/microprofile-x.y.yaml | 37 + .../1.24.001/templates/dashboards/nodejs.yaml | 58 + .../templates/dashboards/quarkus.yaml | 32 + .../dashboards/springboot-jvm-pool.yaml | 15 + .../templates/dashboards/springboot-jvm.yaml | 15 + .../dashboards/springboot-tomcat.yaml | 15 + .../templates/dashboards/thorntail.yaml | 21 + .../1.24.001/templates/dashboards/tomcat.yaml | 66 + .../templates/dashboards/vertx-client.yaml | 59 + .../templates/dashboards/vertx-eventbus.yaml | 58 + .../templates/dashboards/vertx-jvm.yaml | 15 + .../templates/dashboards/vertx-pool.yaml | 67 + .../templates/dashboards/vertx-server.yaml | 61 + .../1.24.001/templates/deployment.yaml | 165 + .../1.24.001/templates/ingess.yaml | 40 + .../1.24.001/templates/oauth.yaml | 17 + .../1.24.001/templates/role-viewer.yaml | 101 + .../1.24.001/templates/role.yaml | 118 + .../1.24.001/templates/rolebinding.yaml | 20 + .../1.24.001/templates/route.yaml | 30 + .../1.24.001/templates/service.yaml | 40 + .../1.24.001/templates/serviceaccount.yaml | 9 + .../templates/validate-install-crd.yaml | 14 + .../templates/web-root-configmap.yaml | 12 + .../rancher-kiali-server/1.24.001/values.yaml | 79 + .../rancher-kiali-server/1.24.003/Chart.yaml | 31 + .../1.24.003/templates/NOTES.txt | 5 + .../1.24.003/templates/_helpers.tpl | 176 + .../1.24.003/templates/cabundle.yaml | 13 + .../1.24.003/templates/configmap.yaml | 24 + .../1.24.003/templates/dashboards/envoy.yaml | 55 + .../1.24.003/templates/dashboards/go.yaml | 66 + .../1.24.003/templates/dashboards/kiali.yaml | 43 + .../dashboards/micrometer-1.0.6-jvm-pool.yaml | 42 + .../dashboards/micrometer-1.0.6-jvm.yaml | 64 + .../dashboards/micrometer-1.1-jvm.yaml | 67 + .../dashboards/microprofile-1.1.yaml | 58 + .../dashboards/microprofile-x.y.yaml | 37 + .../1.24.003/templates/dashboards/nodejs.yaml | 58 + .../templates/dashboards/quarkus.yaml | 32 + .../dashboards/springboot-jvm-pool.yaml | 15 + .../templates/dashboards/springboot-jvm.yaml | 15 + .../dashboards/springboot-tomcat.yaml | 15 + .../templates/dashboards/thorntail.yaml | 21 + .../1.24.003/templates/dashboards/tomcat.yaml | 66 + .../templates/dashboards/vertx-client.yaml | 59 + .../templates/dashboards/vertx-eventbus.yaml | 58 + .../templates/dashboards/vertx-jvm.yaml | 15 + .../templates/dashboards/vertx-pool.yaml | 67 + .../templates/dashboards/vertx-server.yaml | 61 + .../1.24.003/templates/deployment.yaml | 165 + .../1.24.003/templates/ingess.yaml | 40 + .../1.24.003/templates/oauth.yaml | 17 + .../1.24.003/templates/role-viewer.yaml | 101 + .../1.24.003/templates/role.yaml | 118 + .../1.24.003/templates/rolebinding.yaml | 20 + .../1.24.003/templates/route.yaml | 30 + .../1.24.003/templates/service.yaml | 40 + .../1.24.003/templates/serviceaccount.yaml | 9 + .../templates/validate-install-crd.yaml | 14 + .../templates/web-root-configmap.yaml | 12 + .../rancher-kiali-server/1.24.003/values.yaml | 79 + .../rancher-kiali-server/1.29.000/Chart.yaml | 31 + .../1.29.000/templates/NOTES.txt | 5 + .../1.29.000/templates/_helpers.tpl | 192 + .../1.29.000/templates/cabundle.yaml | 13 + .../1.29.000/templates/configmap.yaml | 24 + .../1.29.000/templates/dashboards/envoy.yaml | 55 + .../1.29.000/templates/dashboards/go.yaml | 66 + .../1.29.000/templates/dashboards/kiali.yaml | 43 + .../dashboards/micrometer-1.0.6-jvm-pool.yaml | 42 + .../dashboards/micrometer-1.0.6-jvm.yaml | 64 + .../dashboards/micrometer-1.1-jvm.yaml | 67 + .../dashboards/microprofile-1.1.yaml | 58 + .../dashboards/microprofile-x.y.yaml | 37 + .../1.29.000/templates/dashboards/nodejs.yaml | 58 + .../templates/dashboards/quarkus.yaml | 32 + .../dashboards/springboot-jvm-pool.yaml | 15 + .../templates/dashboards/springboot-jvm.yaml | 15 + .../dashboards/springboot-tomcat.yaml | 15 + .../templates/dashboards/thorntail.yaml | 21 + .../1.29.000/templates/dashboards/tomcat.yaml | 66 + .../templates/dashboards/vertx-client.yaml | 59 + .../templates/dashboards/vertx-eventbus.yaml | 58 + .../templates/dashboards/vertx-jvm.yaml | 15 + .../templates/dashboards/vertx-pool.yaml | 67 + .../templates/dashboards/vertx-server.yaml | 61 + .../1.29.000/templates/deployment.yaml | 174 + .../1.29.000/templates/hpa.yaml | 17 + .../1.29.000/templates/ingress.yaml | 40 + .../1.29.000/templates/oauth.yaml | 17 + .../1.29.000/templates/role-controlplane.yaml | 15 + .../1.29.000/templates/role-viewer.yaml | 96 + .../1.29.000/templates/role.yaml | 107 + .../templates/rolebinding-controlplane.yaml | 17 + .../1.29.000/templates/rolebinding.yaml | 20 + .../1.29.000/templates/route.yaml | 30 + .../1.29.000/templates/service.yaml | 40 + .../1.29.000/templates/serviceaccount.yaml | 9 + .../templates/validate-install-crd.yaml | 14 + .../templates/web-root-configmap.yaml | 12 + .../rancher-kiali-server/1.29.000/values.yaml | 91 + .../rancher-kiali-server/1.29.100/Chart.yaml | 31 + .../1.29.100/templates/NOTES.txt | 5 + .../1.29.100/templates/_helpers.tpl | 192 + .../1.29.100/templates/cabundle.yaml | 13 + .../1.29.100/templates/configmap.yaml | 24 + .../1.29.100/templates/dashboards/envoy.yaml | 55 + .../1.29.100/templates/dashboards/go.yaml | 66 + .../1.29.100/templates/dashboards/kiali.yaml | 43 + .../dashboards/micrometer-1.0.6-jvm-pool.yaml | 42 + .../dashboards/micrometer-1.0.6-jvm.yaml | 64 + .../dashboards/micrometer-1.1-jvm.yaml | 67 + .../dashboards/microprofile-1.1.yaml | 58 + .../dashboards/microprofile-x.y.yaml | 37 + .../1.29.100/templates/dashboards/nodejs.yaml | 58 + .../templates/dashboards/quarkus.yaml | 32 + .../dashboards/springboot-jvm-pool.yaml | 15 + .../templates/dashboards/springboot-jvm.yaml | 15 + .../dashboards/springboot-tomcat.yaml | 15 + .../templates/dashboards/thorntail.yaml | 21 + .../1.29.100/templates/dashboards/tomcat.yaml | 66 + .../templates/dashboards/vertx-client.yaml | 59 + .../templates/dashboards/vertx-eventbus.yaml | 58 + .../templates/dashboards/vertx-jvm.yaml | 15 + .../templates/dashboards/vertx-pool.yaml | 67 + .../templates/dashboards/vertx-server.yaml | 61 + .../1.29.100/templates/deployment.yaml | 174 + .../1.29.100/templates/hpa.yaml | 17 + .../1.29.100/templates/ingress.yaml | 40 + .../1.29.100/templates/oauth.yaml | 17 + .../1.29.100/templates/psp.yaml | 67 + .../1.29.100/templates/role-controlplane.yaml | 15 + .../1.29.100/templates/role-viewer.yaml | 96 + .../1.29.100/templates/role.yaml | 107 + .../templates/rolebinding-controlplane.yaml | 17 + .../1.29.100/templates/rolebinding.yaml | 20 + .../1.29.100/templates/route.yaml | 30 + .../1.29.100/templates/service.yaml | 40 + .../1.29.100/templates/serviceaccount.yaml | 9 + .../templates/validate-install-crd.yaml | 14 + .../templates/web-root-configmap.yaml | 12 + .../rancher-kiali-server/1.29.100/values.yaml | 93 + .../rancher-kiali-server/1.32.100/Chart.yaml | 31 + .../1.32.100/templates/NOTES.txt | 5 + .../1.32.100/templates/_helpers.tpl | 192 + .../1.32.100/templates/cabundle.yaml | 13 + .../1.32.100/templates/configmap.yaml | 24 + .../1.32.100/templates/dashboards/envoy.yaml | 56 + .../1.32.100/templates/dashboards/go.yaml | 67 + .../1.32.100/templates/dashboards/kiali.yaml | 44 + .../dashboards/micrometer-1.0.6-jvm-pool.yaml | 43 + .../dashboards/micrometer-1.0.6-jvm.yaml | 65 + .../dashboards/micrometer-1.1-jvm.yaml | 68 + .../dashboards/microprofile-1.1.yaml | 59 + .../dashboards/microprofile-x.y.yaml | 38 + .../1.32.100/templates/dashboards/nodejs.yaml | 59 + .../templates/dashboards/quarkus.yaml | 33 + .../dashboards/springboot-jvm-pool.yaml | 16 + .../templates/dashboards/springboot-jvm.yaml | 16 + .../dashboards/springboot-tomcat.yaml | 16 + .../templates/dashboards/thorntail.yaml | 22 + .../1.32.100/templates/dashboards/tomcat.yaml | 67 + .../templates/dashboards/vertx-client.yaml | 60 + .../templates/dashboards/vertx-eventbus.yaml | 59 + .../templates/dashboards/vertx-jvm.yaml | 16 + .../templates/dashboards/vertx-pool.yaml | 68 + .../templates/dashboards/vertx-server.yaml | 62 + .../1.32.100/templates/deployment.yaml | 174 + .../1.32.100/templates/hpa.yaml | 17 + .../1.32.100/templates/ingress.yaml | 40 + .../1.32.100/templates/oauth.yaml | 17 + .../1.32.100/templates/psp.yaml | 67 + .../1.32.100/templates/role-controlplane.yaml | 15 + .../1.32.100/templates/role-viewer.yaml | 97 + .../1.32.100/templates/role.yaml | 108 + .../templates/rolebinding-controlplane.yaml | 17 + .../1.32.100/templates/rolebinding.yaml | 20 + .../1.32.100/templates/route.yaml | 30 + .../1.32.100/templates/service.yaml | 47 + .../1.32.100/templates/serviceaccount.yaml | 9 + .../templates/validate-install-crd.yaml | 14 + .../templates/web-root-configmap.yaml | 12 + .../rancher-kiali-server/1.32.100/values.yaml | 93 + .../2.13.101/.helmignore | 21 + .../2.13.101/Chart.yaml | 24 + .../2.13.101/LICENSE | 202 + .../2.13.101/OWNERS | 6 + .../2.13.101/README.md | 66 + .../2.13.101/templates/NOTES.txt | 10 + .../2.13.101/templates/_helpers.tpl | 76 + .../templates/clusterrolebinding.yaml | 23 + .../2.13.101/templates/deployment.yaml | 217 + .../2.13.101/templates/kubeconfig-secret.yaml | 15 + .../2.13.101/templates/pdb.yaml | 20 + .../2.13.101/templates/podsecuritypolicy.yaml | 42 + .../2.13.101/templates/psp-clusterrole.yaml | 22 + .../templates/psp-clusterrolebinding.yaml | 19 + .../2.13.101/templates/role.yaml | 192 + .../2.13.101/templates/rolebinding.yaml | 27 + .../2.13.101/templates/service.yaml | 42 + .../2.13.101/templates/serviceaccount.yaml | 18 + .../2.13.101/templates/servicemonitor.yaml | 34 + .../2.13.101/templates/stsdiscovery-role.yaml | 29 + .../templates/stsdiscovery-rolebinding.yaml | 20 + .../2.13.101/values.yaml | 184 + .../rancher-logging-crd/3.6.000/Chart.yaml | 10 + .../rancher-logging-crd/3.6.000/README.md | 2 + .../logging.banzaicloud.io_clusterflows.yaml | 552 ++ ...logging.banzaicloud.io_clusteroutputs.yaml | 4142 ++++++++++ .../logging.banzaicloud.io_flows.yaml | 548 ++ .../logging.banzaicloud.io_loggings.yaml | 2411 ++++++ .../logging.banzaicloud.io_outputs.yaml | 4136 ++++++++++ .../rancher-logging-crd/3.6.001/Chart.yaml | 10 + .../rancher-logging-crd/3.6.001/README.md | 2 + .../logging.banzaicloud.io_clusterflows.yaml | 552 ++ ...logging.banzaicloud.io_clusteroutputs.yaml | 4142 ++++++++++ .../logging.banzaicloud.io_flows.yaml | 548 ++ .../logging.banzaicloud.io_loggings.yaml | 2411 ++++++ .../logging.banzaicloud.io_outputs.yaml | 4136 ++++++++++ .../rancher-logging-crd/3.8.201/Chart.yaml | 10 + .../rancher-logging-crd/3.8.201/README.md | 2 + .../logging.banzaicloud.io_clusterflows.yaml | 627 ++ ...logging.banzaicloud.io_clusteroutputs.yaml | 4531 +++++++++++ .../logging.banzaicloud.io_flows.yaml | 623 ++ .../logging.banzaicloud.io_loggings.yaml | 2754 +++++++ .../logging.banzaicloud.io_outputs.yaml | 4525 +++++++++++ .../rancher-logging-crd/3.9.000/Chart.yaml | 10 + .../rancher-logging-crd/3.9.000/README.md | 2 + .../logging.banzaicloud.io_clusterflows.yaml | 765 ++ ...logging.banzaicloud.io_clusteroutputs.yaml | 4563 +++++++++++ .../logging.banzaicloud.io_flows.yaml | 761 ++ .../logging.banzaicloud.io_loggings.yaml | 3536 ++++++++ .../logging.banzaicloud.io_outputs.yaml | 4557 +++++++++++ .../rancher-logging-crd/3.9.001/Chart.yaml | 10 + .../rancher-logging-crd/3.9.001/README.md | 2 + .../logging.banzaicloud.io_clusterflows.yaml | 765 ++ ...logging.banzaicloud.io_clusteroutputs.yaml | 4563 +++++++++++ .../logging.banzaicloud.io_flows.yaml | 761 ++ .../logging.banzaicloud.io_loggings.yaml | 3536 ++++++++ .../logging.banzaicloud.io_outputs.yaml | 4557 +++++++++++ .../rancher-logging-crd/3.9.002/Chart.yaml | 10 + .../rancher-logging-crd/3.9.002/README.md | 2 + .../logging.banzaicloud.io_clusterflows.yaml | 765 ++ ...logging.banzaicloud.io_clusteroutputs.yaml | 4563 +++++++++++ .../logging.banzaicloud.io_flows.yaml | 761 ++ .../logging.banzaicloud.io_loggings.yaml | 3536 ++++++++ .../logging.banzaicloud.io_outputs.yaml | 4557 +++++++++++ .../rancher-logging-crd/3.9.400/Chart.yaml | 10 + .../rancher-logging-crd/3.9.400/README.md | 2 + .../logging.banzaicloud.io_clusterflows.yaml | 765 ++ ...logging.banzaicloud.io_clusteroutputs.yaml | 4721 +++++++++++ .../logging.banzaicloud.io_flows.yaml | 761 ++ .../logging.banzaicloud.io_loggings.yaml | 7095 +++++++++++++++++ .../logging.banzaicloud.io_outputs.yaml | 4715 +++++++++++ .../rancher-logging/3.6.000/.helmignore | 22 + .../rancher-logging/3.6.000/Chart.yaml | 19 + .../rancher-logging/3.6.000/README.md | 129 + .../rancher-logging/3.6.000/app-readme.md | 3 + .../3.6.000/templates/NOTES.txt | 0 .../3.6.000/templates/_helpers.tpl | 66 + .../3.6.000/templates/clusterrole.yaml | 156 + .../3.6.000/templates/clusterrolebinding.yaml | 21 + .../3.6.000/templates/crds.yaml | 6 + .../3.6.000/templates/deployment.yaml | 62 + .../templates/loggings/eks/logging.yaml | 31 + .../loggings/k3s/logging-k3s-openrc.yaml | 34 + .../loggings/k3s/logging-k3s-systemd.yaml | 34 + .../loggings/rke/logging-containers-rke.yaml | 33 + .../templates/loggings/rke/logging-rke.yaml | 34 + .../templates/loggings/rke2/configmap.yaml | 18 + .../templates/loggings/rke2/daemonset.yaml | 33 + .../rke2/logging-rke2-containers.yaml | 32 + .../loggings/rke2/logging-rke2-journald.yaml | 32 + .../templates/loggings/root/logging.yaml | 25 + .../3.6.000/templates/psp.yaml | 32 + .../3.6.000/templates/service.yaml | 20 + .../3.6.000/templates/serviceMonitor.yaml | 19 + .../3.6.000/templates/serviceaccount.yaml | 13 + .../3.6.000/templates/userroles.yaml | 35 + .../templates/validate-install-crd.yaml | 18 + .../rancher-logging/3.6.000/values.yaml | 118 + .../rancher-logging/3.6.001/.helmignore | 22 + .../rancher-logging/3.6.001/Chart.yaml | 20 + .../rancher-logging/3.6.001/README.md | 129 + .../rancher-logging/3.6.001/app-readme.md | 21 + .../3.6.001/templates/NOTES.txt | 0 .../3.6.001/templates/_helpers.tpl | 66 + .../3.6.001/templates/clusterrole.yaml | 156 + .../3.6.001/templates/clusterrolebinding.yaml | 21 + .../3.6.001/templates/crds.yaml | 6 + .../3.6.001/templates/deployment.yaml | 62 + .../templates/loggings/eks/logging.yaml | 44 + .../loggings/k3s/logging-k3s-openrc.yaml | 47 + .../loggings/k3s/logging-k3s-systemd.yaml | 47 + .../templates/loggings/rke/configmap.yaml | 26 + .../templates/loggings/rke/daemonset.yaml | 52 + .../templates/loggings/rke/logging-rke.yaml | 48 + .../templates/loggings/rke2/configmap.yaml | 18 + .../templates/loggings/rke2/daemonset.yaml | 41 + .../rke2/logging-rke2-containers.yaml | 45 + .../loggings/rke2/logging-rke2-journald.yaml | 45 + .../templates/loggings/root/logging.yaml | 38 + .../3.6.001/templates/psp.yaml | 32 + .../3.6.001/templates/service.yaml | 20 + .../3.6.001/templates/serviceMonitor.yaml | 19 + .../3.6.001/templates/serviceaccount.yaml | 13 + .../3.6.001/templates/userroles.yaml | 35 + .../templates/validate-install-crd.yaml | 18 + .../rancher-logging/3.6.001/values.yaml | 129 + .../rancher-logging/3.8.201/.helmignore | 22 + .../rancher-logging/3.8.201/Chart.yaml | 20 + .../rancher-logging/3.8.201/README.md | 129 + .../rancher-logging/3.8.201/app-readme.md | 22 + .../3.8.201/templates/NOTES.txt | 0 .../3.8.201/templates/_helpers.tpl | 66 + .../3.8.201/templates/clusterrole.yaml | 161 + .../3.8.201/templates/clusterrolebinding.yaml | 21 + .../3.8.201/templates/crds.yaml | 6 + .../3.8.201/templates/deployment.yaml | 62 + .../templates/loggings/aks/logging.yaml | 39 + .../templates/loggings/eks/logging.yaml | 40 + .../templates/loggings/gke/logging.yaml | 39 + .../loggings/k3s/logging-k3s-openrc.yaml | 47 + .../loggings/k3s/logging-k3s-systemd.yaml | 47 + .../templates/loggings/rke/configmap.yaml | 26 + .../templates/loggings/rke/daemonset.yaml | 52 + .../templates/loggings/rke/logging-rke.yaml | 48 + .../templates/loggings/rke2/configmap.yaml | 18 + .../templates/loggings/rke2/daemonset.yaml | 41 + .../rke2/logging-rke2-containers.yaml | 45 + .../loggings/rke2/logging-rke2-journald.yaml | 45 + .../templates/loggings/root/logging.yaml | 38 + .../3.8.201/templates/psp.yaml | 32 + .../3.8.201/templates/service.yaml | 20 + .../3.8.201/templates/serviceMonitor.yaml | 19 + .../3.8.201/templates/serviceaccount.yaml | 13 + .../3.8.201/templates/userroles.yaml | 35 + .../templates/validate-install-crd.yaml | 18 + .../rancher-logging/3.8.201/values.yaml | 130 + .../rancher-logging/3.9.000/.helmignore | 22 + .../rancher-logging/3.9.000/Chart.yaml | 20 + .../rancher-logging/3.9.000/README.md | 129 + .../rancher-logging/3.9.000/app-readme.md | 22 + .../3.9.000/templates/NOTES.txt | 0 .../3.9.000/templates/_helpers.tpl | 66 + .../3.9.000/templates/clusterrole.yaml | 167 + .../3.9.000/templates/clusterrolebinding.yaml | 18 + .../3.9.000/templates/crds.yaml | 6 + .../3.9.000/templates/deployment.yaml | 62 + .../templates/loggings/aks/logging.yaml | 55 + .../templates/loggings/eks/logging.yaml | 56 + .../templates/loggings/gke/logging.yaml | 55 + .../loggings/k3s/logging-k3s-openrc.yaml | 65 + .../loggings/k3s/logging-k3s-systemd.yaml | 65 + .../templates/loggings/rke/configmap.yaml | 26 + .../templates/loggings/rke/daemonset.yaml | 127 + .../templates/loggings/rke/logging-rke.yaml | 70 + .../templates/loggings/rke2/configmap.yaml | 18 + .../templates/loggings/rke2/daemonset.yaml | 101 + .../rke2/logging-rke2-containers.yaml | 63 + .../loggings/rke2/logging-rke2-journald.yaml | 63 + .../templates/loggings/root/logging.yaml | 64 + .../3.9.000/templates/psp.yaml | 33 + .../3.9.000/templates/service.yaml | 20 + .../3.9.000/templates/serviceMonitor.yaml | 30 + .../3.9.000/templates/serviceaccount.yaml | 10 + .../3.9.000/templates/userroles.yaml | 35 + .../templates/validate-install-crd.yaml | 18 + .../3.9.000/templates/validate-install.yaml | 5 + .../rancher-logging/3.9.000/values.yaml | 149 + .../rancher-logging/3.9.001/.helmignore | 22 + .../rancher-logging/3.9.001/Chart.yaml | 20 + .../rancher-logging/3.9.001/README.md | 129 + .../rancher-logging/3.9.001/app-readme.md | 22 + .../3.9.001/templates/NOTES.txt | 0 .../3.9.001/templates/_helpers.tpl | 66 + .../3.9.001/templates/clusterrole.yaml | 167 + .../3.9.001/templates/clusterrolebinding.yaml | 18 + .../3.9.001/templates/crds.yaml | 6 + .../3.9.001/templates/deployment.yaml | 62 + .../templates/loggings/aks/logging.yaml | 55 + .../templates/loggings/eks/logging.yaml | 56 + .../templates/loggings/gke/logging.yaml | 55 + .../loggings/k3s/logging-k3s-openrc.yaml | 65 + .../loggings/k3s/logging-k3s-systemd.yaml | 65 + .../templates/loggings/rke/configmap.yaml | 29 + .../templates/loggings/rke/daemonset.yaml | 119 + .../templates/loggings/rke2/configmap.yaml | 21 + .../templates/loggings/rke2/daemonset.yaml | 93 + .../rke2/logging-rke2-containers.yaml | 63 + .../templates/loggings/root/logging.yaml | 64 + .../3.9.001/templates/psp.yaml | 33 + .../3.9.001/templates/service.yaml | 20 + .../3.9.001/templates/serviceMonitor.yaml | 30 + .../3.9.001/templates/serviceaccount.yaml | 10 + .../3.9.001/templates/userroles.yaml | 35 + .../templates/validate-install-crd.yaml | 18 + .../3.9.001/templates/validate-install.yaml | 5 + .../rancher-logging/3.9.001/values.yaml | 149 + .../rancher-logging/3.9.002/.helmignore | 22 + .../rancher-logging/3.9.002/Chart.yaml | 20 + .../rancher-logging/3.9.002/README.md | 130 + .../rancher-logging/3.9.002/app-readme.md | 22 + .../3.9.002/templates/NOTES.txt | 0 .../3.9.002/templates/_helpers.tpl | 66 + .../3.9.002/templates/clusterrole.yaml | 167 + .../3.9.002/templates/clusterrolebinding.yaml | 18 + .../3.9.002/templates/crds.yaml | 6 + .../3.9.002/templates/deployment.yaml | 62 + .../templates/loggings/aks/logging.yaml | 58 + .../templates/loggings/eks/logging.yaml | 59 + .../templates/loggings/gke/logging.yaml | 58 + .../loggings/k3s/logging-k3s-openrc.yaml | 68 + .../loggings/k3s/logging-k3s-systemd.yaml | 68 + .../templates/loggings/rke/configmap.yaml | 29 + .../templates/loggings/rke/daemonset.yaml | 124 + .../templates/loggings/rke2/configmap.yaml | 21 + .../templates/loggings/rke2/daemonset.yaml | 104 + .../rke2/logging-rke2-containers.yaml | 73 + .../templates/loggings/root/logging.yaml | 74 + .../3.9.002/templates/psp.yaml | 33 + .../3.9.002/templates/service.yaml | 20 + .../3.9.002/templates/serviceMonitor.yaml | 30 + .../3.9.002/templates/serviceaccount.yaml | 10 + .../3.9.002/templates/userroles.yaml | 35 + .../templates/validate-install-crd.yaml | 18 + .../3.9.002/templates/validate-install.yaml | 5 + .../rancher-logging/3.9.002/values.yaml | 156 + .../rancher-logging/3.9.400/.helmignore | 22 + .../rancher-logging/3.9.400/Chart.yaml | 19 + .../rancher-logging/3.9.400/README.md | 131 + .../rancher-logging/3.9.400/app-readme.md | 22 + .../3.9.400/templates/NOTES.txt | 0 .../3.9.400/templates/_helpers.tpl | 66 + .../3.9.400/templates/clusterrole.yaml | 167 + .../3.9.400/templates/clusterrolebinding.yaml | 18 + .../3.9.400/templates/crds.yaml | 6 + .../3.9.400/templates/deployment.yaml | 68 + .../templates/loggings/aks/logging.yaml | 58 + .../templates/loggings/eks/logging.yaml | 59 + .../templates/loggings/gke/logging.yaml | 58 + .../loggings/k3s/logging-k3s-openrc.yaml | 68 + .../loggings/k3s/logging-k3s-systemd.yaml | 68 + .../templates/loggings/rke/configmap.yaml | 29 + .../templates/loggings/rke/daemonset.yaml | 124 + .../templates/loggings/rke2/configmap.yaml | 22 + .../templates/loggings/rke2/daemonset.yaml | 110 + .../rke2/logging-rke2-containers.yaml | 73 + .../templates/loggings/root/logging.yaml | 111 + .../3.9.400/templates/psp.yaml | 33 + .../3.9.400/templates/service.yaml | 20 + .../3.9.400/templates/serviceMonitor.yaml | 30 + .../3.9.400/templates/serviceaccount.yaml | 10 + .../3.9.400/templates/userroles.yaml | 35 + .../templates/validate-install-crd.yaml | 18 + .../3.9.400/templates/validate-install.yaml | 5 + .../rancher-logging/3.9.400/values.yaml | 171 + .../14.5.100/Chart.yaml | 10 + .../rancher-monitoring-crd/14.5.100/README.md | 2 + .../crd-manifest/crd-alertmanagerconfigs.yaml | 1869 +++++ .../crd-manifest/crd-alertmanagers.yaml | 3218 ++++++++ .../crd-manifest/crd-podmonitors.yaml | 358 + .../14.5.100/crd-manifest/crd-probes.yaml | 202 + .../crd-manifest/crd-prometheuses.yaml | 4432 ++++++++++ .../crd-manifest/crd-prometheusrules.yaml | 90 + .../crd-manifest/crd-servicemonitors.yaml | 375 + .../crd-manifest/crd-thanosrulers.yaml | 3342 ++++++++ .../14.5.100/templates/_helpers.tpl | 29 + .../14.5.100/templates/jobs.yaml | 110 + .../14.5.100/templates/manifest.yaml | 14 + .../14.5.100/templates/rbac.yaml | 72 + .../14.5.100/values.yaml | 11 + .../rancher-monitoring-crd/9.4.200/Chart.yaml | 10 + .../rancher-monitoring-crd/9.4.200/README.md | 2 + .../crd-manifest/crd-alertmanager.yaml | 4500 +++++++++++ .../9.4.200/crd-manifest/crd-podmonitor.yaml | 260 + .../9.4.200/crd-manifest/crd-prometheus.yaml | 6002 ++++++++++++++ .../crd-manifest/crd-prometheusrules.yaml | 91 + .../crd-manifest/crd-servicemonitor.yaml | 459 ++ .../crd-manifest/crd-thanosrulers.yaml | 4725 +++++++++++ .../9.4.200/templates/_helpers.tpl | 7 + .../9.4.200/templates/jobs.yaml | 92 + .../9.4.200/templates/manifest.yaml | 14 + .../9.4.200/templates/rbac.yaml | 35 + .../9.4.200/values.yaml | 11 + .../rancher-monitoring-crd/9.4.201/Chart.yaml | 10 + .../rancher-monitoring-crd/9.4.201/README.md | 2 + .../crd-manifest/crd-alertmanager.yaml | 4500 +++++++++++ .../9.4.201/crd-manifest/crd-podmonitor.yaml | 260 + .../9.4.201/crd-manifest/crd-prometheus.yaml | 6002 ++++++++++++++ .../crd-manifest/crd-prometheusrules.yaml | 91 + .../crd-manifest/crd-servicemonitor.yaml | 459 ++ .../crd-manifest/crd-thanosrulers.yaml | 4725 +++++++++++ .../9.4.201/templates/_helpers.tpl | 7 + .../9.4.201/templates/jobs.yaml | 92 + .../9.4.201/templates/manifest.yaml | 14 + .../9.4.201/templates/rbac.yaml | 35 + .../9.4.201/values.yaml | 11 + .../rancher-monitoring-crd/9.4.202/Chart.yaml | 10 + .../rancher-monitoring-crd/9.4.202/README.md | 2 + .../crd-manifest/crd-alertmanager.yaml | 4500 +++++++++++ .../9.4.202/crd-manifest/crd-podmonitor.yaml | 260 + .../9.4.202/crd-manifest/crd-prometheus.yaml | 6002 ++++++++++++++ .../crd-manifest/crd-prometheusrules.yaml | 91 + .../crd-manifest/crd-servicemonitor.yaml | 459 ++ .../crd-manifest/crd-thanosrulers.yaml | 4725 +++++++++++ .../9.4.202/templates/_helpers.tpl | 7 + .../9.4.202/templates/jobs.yaml | 92 + .../9.4.202/templates/manifest.yaml | 14 + .../9.4.202/templates/rbac.yaml | 72 + .../9.4.202/values.yaml | 11 + .../rancher-monitoring-crd/9.4.203/Chart.yaml | 10 + .../rancher-monitoring-crd/9.4.203/README.md | 2 + .../crd-manifest/crd-alertmanager.yaml | 4500 +++++++++++ .../9.4.203/crd-manifest/crd-podmonitor.yaml | 260 + .../9.4.203/crd-manifest/crd-prometheus.yaml | 6002 ++++++++++++++ .../crd-manifest/crd-prometheusrules.yaml | 91 + .../crd-manifest/crd-servicemonitor.yaml | 459 ++ .../crd-manifest/crd-thanosrulers.yaml | 4725 +++++++++++ .../9.4.203/templates/_helpers.tpl | 7 + .../9.4.203/templates/jobs.yaml | 92 + .../9.4.203/templates/manifest.yaml | 14 + .../9.4.203/templates/rbac.yaml | 72 + .../9.4.203/values.yaml | 11 + .../rancher-monitoring-crd/9.4.204/Chart.yaml | 10 + .../rancher-monitoring-crd/9.4.204/README.md | 2 + .../crd-manifest/crd-alertmanager.yaml | 4500 +++++++++++ .../9.4.204/crd-manifest/crd-podmonitor.yaml | 260 + .../9.4.204/crd-manifest/crd-prometheus.yaml | 6002 ++++++++++++++ .../crd-manifest/crd-prometheusrules.yaml | 91 + .../crd-manifest/crd-servicemonitor.yaml | 459 ++ .../crd-manifest/crd-thanosrulers.yaml | 4725 +++++++++++ .../9.4.204/templates/_helpers.tpl | 29 + .../9.4.204/templates/jobs.yaml | 96 + .../9.4.204/templates/manifest.yaml | 14 + .../9.4.204/templates/rbac.yaml | 72 + .../9.4.204/values.yaml | 11 + .../rancher-monitoring/14.5.100/.helmignore | 26 + .../rancher-monitoring/14.5.100/CHANGELOG.md | 47 + .../14.5.100/CONTRIBUTING.md | 12 + .../rancher-monitoring/14.5.100/Chart.yaml | 103 + .../rancher-monitoring/14.5.100/README.md | 455 ++ .../rancher-monitoring/14.5.100/app-README.md | 15 + .../14.5.100/charts/grafana/.helmignore | 23 + .../14.5.100/charts/grafana/Chart.yaml | 28 + .../14.5.100/charts/grafana/README.md | 514 ++ .../grafana/dashboards/custom-dashboard.json | 1 + .../charts/grafana/templates/NOTES.txt | 54 + .../charts/grafana/templates/_helpers.tpl | 145 + .../charts/grafana/templates/_pod.tpl | 496 ++ .../charts/grafana/templates/clusterrole.yaml | 25 + .../grafana/templates/clusterrolebinding.yaml | 24 + .../configmap-dashboard-provider.yaml | 29 + .../charts/grafana/templates/configmap.yaml | 80 + .../templates/dashboards-json-configmap.yaml | 35 + .../charts/grafana/templates/deployment.yaml | 48 + .../grafana/templates/headless-service.yaml | 18 + .../templates/image-renderer-deployment.yaml | 117 + .../image-renderer-network-policy.yaml | 76 + .../templates/image-renderer-service.yaml | 28 + .../charts/grafana/templates/ingress.yaml | 80 + .../grafana/templates/nginx-config.yaml | 75 + .../templates/poddisruptionbudget.yaml | 22 + .../grafana/templates/podsecuritypolicy.yaml | 49 + .../charts/grafana/templates/pvc.yaml | 33 + .../charts/grafana/templates/role.yaml | 32 + .../charts/grafana/templates/rolebinding.yaml | 25 + .../charts/grafana/templates/secret-env.yaml | 14 + .../charts/grafana/templates/secret.yaml | 22 + .../charts/grafana/templates/service.yaml | 50 + .../grafana/templates/serviceaccount.yaml | 13 + .../grafana/templates/servicemonitor.yaml | 40 + .../charts/grafana/templates/statefulset.yaml | 52 + .../templates/tests/test-configmap.yaml | 17 + .../tests/test-podsecuritypolicy.yaml | 30 + .../grafana/templates/tests/test-role.yaml | 14 + .../templates/tests/test-rolebinding.yaml | 17 + .../templates/tests/test-serviceaccount.yaml | 9 + .../charts/grafana/templates/tests/test.yaml | 48 + .../14.5.100/charts/grafana/values.yaml | 732 ++ .../14.5.100/charts/k3sServer/.helmignore | 23 + .../14.5.100/charts/k3sServer/Chart.yaml | 13 + .../14.5.100/charts/k3sServer/README.md | 54 + .../charts/k3sServer/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../k3sServer/templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../k3sServer/templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../14.5.100/charts/k3sServer/values.yaml | 86 + .../charts/kube-state-metrics/.helmignore | 21 + .../charts/kube-state-metrics/Chart.yaml | 24 + .../charts/kube-state-metrics/LICENSE | 202 + .../charts/kube-state-metrics/README.md | 66 + .../kube-state-metrics/templates/NOTES.txt | 10 + .../kube-state-metrics/templates/_helpers.tpl | 76 + .../templates/clusterrolebinding.yaml | 23 + .../templates/deployment.yaml | 217 + .../templates/kubeconfig-secret.yaml | 15 + .../kube-state-metrics/templates/pdb.yaml | 20 + .../templates/podsecuritypolicy.yaml | 42 + .../templates/psp-clusterrole.yaml | 22 + .../templates/psp-clusterrolebinding.yaml | 19 + .../kube-state-metrics/templates/role.yaml | 192 + .../templates/rolebinding.yaml | 27 + .../kube-state-metrics/templates/service.yaml | 42 + .../templates/serviceaccount.yaml | 18 + .../templates/servicemonitor.yaml | 34 + .../templates/stsdiscovery-role.yaml | 29 + .../templates/stsdiscovery-rolebinding.yaml | 20 + .../charts/kube-state-metrics/values.yaml | 184 + .../kubeAdmControllerManager/.helmignore | 23 + .../kubeAdmControllerManager/Chart.yaml | 13 + .../charts/kubeAdmControllerManager/README.md | 54 + .../templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../kubeAdmControllerManager/values.yaml | 86 + .../14.5.100/charts/kubeAdmEtcd/.helmignore | 23 + .../14.5.100/charts/kubeAdmEtcd/Chart.yaml | 13 + .../14.5.100/charts/kubeAdmEtcd/README.md | 54 + .../charts/kubeAdmEtcd/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../kubeAdmEtcd/templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../14.5.100/charts/kubeAdmEtcd/values.yaml | 86 + .../14.5.100/charts/kubeAdmProxy/.helmignore | 23 + .../14.5.100/charts/kubeAdmProxy/Chart.yaml | 13 + .../14.5.100/charts/kubeAdmProxy/README.md | 54 + .../kubeAdmProxy/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../14.5.100/charts/kubeAdmProxy/values.yaml | 86 + .../charts/kubeAdmScheduler/.helmignore | 23 + .../charts/kubeAdmScheduler/Chart.yaml | 13 + .../charts/kubeAdmScheduler/README.md | 54 + .../kubeAdmScheduler/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../charts/kubeAdmScheduler/values.yaml | 86 + .../charts/prometheus-adapter/.helmignore | 21 + .../charts/prometheus-adapter/Chart.yaml | 26 + .../charts/prometheus-adapter/README.md | 147 + .../prometheus-adapter/templates/NOTES.txt | 9 + .../prometheus-adapter/templates/_helpers.tpl | 72 + .../templates/certmanager.yaml | 48 + .../cluster-role-binding-auth-delegator.yaml | 19 + .../cluster-role-binding-resource-reader.yaml | 19 + .../cluster-role-resource-reader.yaml | 23 + .../templates/configmap.yaml | 96 + .../templates/custom-metrics-apiservice.yaml | 32 + ...stom-metrics-cluster-role-binding-hpa.yaml | 23 + .../custom-metrics-cluster-role.yaml | 16 + .../templates/deployment.yaml | 135 + .../external-metrics-apiservice.yaml | 32 + ...rnal-metrics-cluster-role-binding-hpa.yaml | 19 + .../external-metrics-cluster-role.yaml | 20 + .../prometheus-adapter/templates/pdb.yaml | 22 + .../prometheus-adapter/templates/psp.yaml | 68 + .../resource-metrics-apiservice.yaml | 32 + ...resource-metrics-cluster-role-binding.yaml | 19 + .../resource-metrics-cluster-role.yaml | 22 + .../templates/role-binding-auth-reader.yaml | 20 + .../prometheus-adapter/templates/secret.yaml | 15 + .../prometheus-adapter/templates/service.yaml | 22 + .../templates/serviceaccount.yaml | 12 + .../charts/prometheus-adapter/values.yaml | 180 + .../prometheus-node-exporter/.helmignore | 21 + .../prometheus-node-exporter/Chart.yaml | 23 + .../charts/prometheus-node-exporter/README.md | 63 + .../templates/NOTES.txt | 15 + .../templates/_helpers.tpl | 95 + .../templates/daemonset.yaml | 183 + .../templates/endpoints.yaml | 18 + .../templates/monitor.yaml | 32 + .../templates/psp-clusterrole.yaml | 15 + .../templates/psp-clusterrolebinding.yaml | 17 + .../templates/psp.yaml | 52 + .../templates/service.yaml | 23 + .../templates/serviceaccount.yaml | 18 + .../prometheus-node-exporter/values.yaml | 177 + .../charts/rke2ControllerManager/.helmignore | 23 + .../charts/rke2ControllerManager/Chart.yaml | 13 + .../charts/rke2ControllerManager/README.md | 54 + .../templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../charts/rke2ControllerManager/values.yaml | 86 + .../14.5.100/charts/rke2Etcd/.helmignore | 23 + .../14.5.100/charts/rke2Etcd/Chart.yaml | 13 + .../14.5.100/charts/rke2Etcd/README.md | 54 + .../charts/rke2Etcd/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../rke2Etcd/templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../rke2Etcd/templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../14.5.100/charts/rke2Etcd/values.yaml | 86 + .../14.5.100/charts/rke2Proxy/.helmignore | 23 + .../14.5.100/charts/rke2Proxy/Chart.yaml | 13 + .../14.5.100/charts/rke2Proxy/README.md | 54 + .../charts/rke2Proxy/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../rke2Proxy/templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../rke2Proxy/templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../14.5.100/charts/rke2Proxy/values.yaml | 86 + .../14.5.100/charts/rke2Scheduler/.helmignore | 23 + .../14.5.100/charts/rke2Scheduler/Chart.yaml | 13 + .../14.5.100/charts/rke2Scheduler/README.md | 54 + .../rke2Scheduler/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../14.5.100/charts/rke2Scheduler/values.yaml | 86 + .../charts/rkeControllerManager/.helmignore | 23 + .../charts/rkeControllerManager/Chart.yaml | 13 + .../charts/rkeControllerManager/README.md | 54 + .../templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../charts/rkeControllerManager/values.yaml | 86 + .../14.5.100/charts/rkeEtcd/.helmignore | 23 + .../14.5.100/charts/rkeEtcd/Chart.yaml | 13 + .../14.5.100/charts/rkeEtcd/README.md | 54 + .../charts/rkeEtcd/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../rkeEtcd/templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../rkeEtcd/templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../14.5.100/charts/rkeEtcd/values.yaml | 86 + .../14.5.100/charts/rkeProxy/.helmignore | 23 + .../14.5.100/charts/rkeProxy/Chart.yaml | 13 + .../14.5.100/charts/rkeProxy/README.md | 54 + .../charts/rkeProxy/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../rkeProxy/templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../rkeProxy/templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../14.5.100/charts/rkeProxy/values.yaml | 86 + .../14.5.100/charts/rkeScheduler/.helmignore | 23 + .../14.5.100/charts/rkeScheduler/Chart.yaml | 13 + .../14.5.100/charts/rkeScheduler/README.md | 54 + .../rkeScheduler/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../14.5.100/charts/rkeScheduler/values.yaml | 86 + .../charts/windowsExporter/.helmignore | 23 + .../charts/windowsExporter/Chart.yaml | 15 + .../14.5.100/charts/windowsExporter/README.md | 17 + .../scripts/check-wins-version.ps1 | 20 + .../windowsExporter/scripts/copy-binary.ps1 | 40 + .../windowsExporter/scripts/proxy-entry.ps1 | 11 + .../charts/windowsExporter/scripts/run.ps1 | 44 + .../windowsExporter/templates/_helpers.tpl | 64 + .../windowsExporter/templates/configmap.yaml | 8 + .../windowsExporter/templates/daemonset.yaml | 74 + .../windowsExporter/templates/rbac.yaml | 78 + .../windowsExporter/templates/service.yaml | 15 + .../templates/servicemonitor.yaml | 44 + .../charts/windowsExporter/values.yaml | 44 + .../14.5.100/files/ingress-nginx/nginx.json | 1463 ++++ .../request-handling-performance.json | 981 +++ .../cluster/rancher-cluster-nodes.json | 776 ++ .../rancher/cluster/rancher-cluster.json | 759 ++ .../rancher/etcd/etcd-metrics-detail.json | 662 ++ .../rancher/etcd/etcd-metrics-summary.json | 662 ++ .../rancher-default-home-with-windows.json | 1275 +++ .../rancher/home/rancher-default-home.json | 1273 +++ .../kubernetes-components-metrics-detail.json | 508 ++ ...kubernetes-components-metrics-summary.json | 508 ++ .../files/rancher/k8s/rancher-etcd-nodes.json | 670 ++ .../files/rancher/k8s/rancher-etcd.json | 652 ++ .../k8s/rancher-k8s-components-nodes.json | 510 ++ .../rancher/k8s/rancher-k8s-components.json | 502 ++ .../rancher/linux/linux-metrics-detail.json | 768 ++ .../rancher/linux/linux-metrics-summary.json | 768 ++ .../rancher/nodes/rancher-node-detail.json | 789 ++ .../files/rancher/nodes/rancher-node.json | 776 ++ .../rancher/pods/rancher-pod-containers.json | 620 ++ .../files/rancher/pods/rancher-pod.json | 620 ++ .../files/rancher/rancher-default-home.json | 1275 +++ .../windows/windows-metrics-detail.json | 768 ++ .../windows/windows-metrics-summary.json | 768 ++ .../workloads/rancher-workload-pods.json | 636 ++ .../rancher/workloads/rancher-workload.json | 636 ++ .../14.5.100/templates/NOTES.txt | 4 + .../14.5.100/templates/_helpers.tpl | 200 + .../templates/alertmanager/alertmanager.yaml | 147 + .../templates/alertmanager/cleanupSecret.yaml | 88 + .../templates/alertmanager/ingress.yaml | 65 + .../alertmanager/ingressperreplica.yaml | 62 + .../alertmanager/podDisruptionBudget.yaml | 21 + .../templates/alertmanager/psp-role.yaml | 21 + .../alertmanager/psp-rolebinding.yaml | 18 + .../14.5.100/templates/alertmanager/psp.yaml | 52 + .../templates/alertmanager/secret.yaml | 166 + .../templates/alertmanager/service.yaml | 50 + .../alertmanager/serviceaccount.yaml | 16 + .../alertmanager/servicemonitor.yaml | 42 + .../alertmanager/serviceperreplica.yaml | 46 + .../templates/exporters/core-dns/service.yaml | 24 + .../exporters/core-dns/servicemonitor.yaml | 33 + .../kube-api-server/servicemonitor.yaml | 36 + .../kube-controller-manager/endpoints.yaml | 20 + .../kube-controller-manager/service.yaml | 27 + .../servicemonitor.yaml | 44 + .../templates/exporters/kube-dns/service.yaml | 28 + .../exporters/kube-dns/servicemonitor.yaml | 46 + .../exporters/kube-etcd/endpoints.yaml | 20 + .../exporters/kube-etcd/service.yaml | 27 + .../exporters/kube-etcd/servicemonitor.yaml | 50 + .../exporters/kube-proxy/endpoints.yaml | 20 + .../exporters/kube-proxy/service.yaml | 27 + .../exporters/kube-proxy/servicemonitor.yaml | 38 + .../exporters/kube-scheduler/endpoints.yaml | 20 + .../exporters/kube-scheduler/service.yaml | 27 + .../kube-scheduler/servicemonitor.yaml | 44 + .../kube-state-metrics/serviceMonitor.yaml | 34 + .../exporters/kubelet/servicemonitor.yaml | 151 + .../node-exporter/servicemonitor.yaml | 32 + .../grafana/configmap-dashboards.yaml | 24 + .../grafana/configmaps-datasources.yaml | 43 + .../grafana/dashboards-1.14/apiserver.yaml | 1747 ++++ .../dashboards-1.14/cluster-total.yaml | 1882 +++++ .../dashboards-1.14/controller-manager.yaml | 1153 +++ .../grafana/dashboards-1.14/etcd.yaml | 1118 +++ .../grafana/dashboards-1.14/k8s-coredns.yaml | 1529 ++++ .../k8s-resources-cluster.yaml | 2582 ++++++ .../k8s-resources-namespace.yaml | 2286 ++++++ .../dashboards-1.14/k8s-resources-node.yaml | 978 +++ .../dashboards-1.14/k8s-resources-pod.yaml | 1772 ++++ .../k8s-resources-workload.yaml | 2034 +++++ .../k8s-resources-workloads-namespace.yaml | 2195 +++++ .../grafana/dashboards-1.14/kubelet.yaml | 2533 ++++++ .../dashboards-1.14/namespace-by-pod.yaml | 1464 ++++ .../namespace-by-workload.yaml | 1736 ++++ .../node-cluster-rsrc-use.yaml | 964 +++ .../dashboards-1.14/node-rsrc-use.yaml | 991 +++ .../grafana/dashboards-1.14/nodes.yaml | 997 +++ .../persistentvolumesusage.yaml | 577 ++ .../grafana/dashboards-1.14/pod-total.yaml | 1228 +++ .../prometheus-remote-write.yaml | 1670 ++++ .../grafana/dashboards-1.14/prometheus.yaml | 1227 +++ .../grafana/dashboards-1.14/proxy.yaml | 1232 +++ .../grafana/dashboards-1.14/scheduler.yaml | 1076 +++ .../grafana/dashboards-1.14/statefulset.yaml | 928 +++ .../dashboards-1.14/workload-total.yaml | 1438 ++++ .../templates/grafana/dashboards/etcd.yaml | 1118 +++ .../dashboards/k8s-cluster-rsrc-use.yaml | 959 +++ .../grafana/dashboards/k8s-node-rsrc-use.yaml | 986 +++ .../dashboards/k8s-resources-cluster.yaml | 1479 ++++ .../dashboards/k8s-resources-namespace.yaml | 963 +++ .../grafana/dashboards/k8s-resources-pod.yaml | 1006 +++ .../dashboards/k8s-resources-workload.yaml | 936 +++ .../k8s-resources-workloads-namespace.yaml | 972 +++ .../templates/grafana/dashboards/nodes.yaml | 1383 ++++ .../dashboards/persistentvolumesusage.yaml | 573 ++ .../templates/grafana/dashboards/pods.yaml | 680 ++ .../grafana/dashboards/statefulset.yaml | 926 +++ .../templates/grafana/namespaces.yaml | 13 + .../templates/grafana/servicemonitor.yaml | 32 + .../job-patch/clusterrole.yaml | 33 + .../job-patch/clusterrolebinding.yaml | 20 + .../job-patch/job-createSecret.yaml | 65 + .../job-patch/job-patchWebhook.yaml | 66 + .../admission-webhooks/job-patch/psp.yaml | 54 + .../admission-webhooks/job-patch/role.yaml | 21 + .../job-patch/rolebinding.yaml | 21 + .../job-patch/serviceaccount.yaml | 15 + .../mutatingWebhookConfiguration.yaml | 41 + .../validatingWebhookConfiguration.yaml | 41 + .../prometheus-operator/certmanager.yaml | 57 + .../prometheus-operator/clusterrole.yaml | 80 + .../clusterrolebinding.yaml | 17 + .../prometheus-operator/deployment.yaml | 145 + .../prometheus-operator/psp-clusterrole.yaml | 20 + .../psp-clusterrolebinding.yaml | 17 + .../templates/prometheus-operator/psp.yaml | 51 + .../prometheus-operator/service.yaml | 55 + .../prometheus-operator/serviceaccount.yaml | 12 + .../prometheus-operator/servicemonitor.yaml | 44 + .../14.5.100/templates/prometheus/_rules.tpl | 38 + .../additionalAlertRelabelConfigs.yaml | 16 + .../additionalAlertmanagerConfigs.yaml | 16 + .../prometheus/additionalPrometheusRules.yaml | 40 + .../prometheus/additionalScrapeConfigs.yaml | 16 + .../templates/prometheus/clusterrole.yaml | 30 + .../prometheus/clusterrolebinding.yaml | 18 + .../templates/prometheus/ingress.yaml | 65 + .../prometheus/ingressThanosSidecar.yaml | 64 + .../prometheus/ingressperreplica.yaml | 62 + .../templates/prometheus/nginx-config.yaml | 66 + .../prometheus/podDisruptionBudget.yaml | 21 + .../templates/prometheus/podmonitors.yaml | 37 + .../templates/prometheus/prometheus.yaml | 319 + .../templates/prometheus/psp-clusterrole.yaml | 20 + .../prometheus/psp-clusterrolebinding.yaml | 18 + .../14.5.100/templates/prometheus/psp.yaml | 62 + .../rules-1.14/alertmanager.rules.yaml | 70 + .../templates/prometheus/rules-1.14/etcd.yaml | 181 + .../prometheus/rules-1.14/general.rules.yaml | 56 + .../prometheus/rules-1.14/k8s.rules.yaml | 117 + .../kube-apiserver-availability.rules.yaml | 160 + .../rules-1.14/kube-apiserver-slos.yaml | 95 + .../rules-1.14/kube-apiserver.rules.yaml | 358 + .../kube-prometheus-general.rules.yaml | 31 + .../kube-prometheus-node-recording.rules.yaml | 39 + .../rules-1.14/kube-scheduler.rules.yaml | 65 + .../rules-1.14/kube-state-metrics.yaml | 59 + .../prometheus/rules-1.14/kubelet.rules.yaml | 39 + .../rules-1.14/kubernetes-apps.yaml | 298 + .../rules-1.14/kubernetes-resources.yaml | 159 + .../rules-1.14/kubernetes-storage.yaml | 75 + .../kubernetes-system-apiserver.yaml | 98 + .../kubernetes-system-controller-manager.yaml | 43 + .../rules-1.14/kubernetes-system-kubelet.yaml | 188 + .../kubernetes-system-scheduler.yaml | 43 + .../rules-1.14/kubernetes-system.yaml | 55 + .../rules-1.14/node-exporter.rules.yaml | 79 + .../prometheus/rules-1.14/node-exporter.yaml | 262 + .../prometheus/rules-1.14/node-network.yaml | 37 + .../prometheus/rules-1.14/node.rules.yaml | 51 + .../rules-1.14/prometheus-operator.yaml | 113 + .../prometheus/rules-1.14/prometheus.yaml | 258 + .../prometheus/rules/alertmanager.rules.yaml | 63 + .../templates/prometheus/rules/etcd.yaml | 181 + .../prometheus/rules/general.rules.yaml | 56 + .../templates/prometheus/rules/k8s.rules.yaml | 83 + .../rules/kube-apiserver.rules.yaml | 39 + .../kube-prometheus-node-alerting.rules.yaml | 47 + .../kube-prometheus-node-recording.rules.yaml | 41 + .../rules/kube-scheduler.rules.yaml | 65 + .../prometheus/rules/kubernetes-absent.yaml | 159 + .../prometheus/rules/kubernetes-apps.yaml | 200 + .../rules/kubernetes-resources.yaml | 121 + .../prometheus/rules/kubernetes-storage.yaml | 72 + .../prometheus/rules/kubernetes-system.yaml | 184 + .../prometheus/rules/node-network.yaml | 57 + .../templates/prometheus/rules/node-time.yaml | 37 + .../prometheus/rules/node.rules.yaml | 202 + .../prometheus/rules/prometheus-operator.yaml | 49 + .../prometheus/rules/prometheus.rules.yaml | 139 + .../templates/prometheus/service.yaml | 60 + .../prometheus/serviceThanosSidecar.yaml | 30 + .../templates/prometheus/serviceaccount.yaml | 16 + .../templates/prometheus/servicemonitor.yaml | 42 + .../templates/prometheus/servicemonitors.yaml | 38 + .../prometheus/serviceperreplica.yaml | 46 + .../rancher-monitoring/clusterrole.yaml | 131 + .../rancher-monitoring/config-role.yaml | 48 + .../rancher-monitoring/dashboard-role.yaml | 47 + .../addons/ingress-nginx-dashboard.yaml | 18 + .../rancher/cluster-dashboards.yaml | 17 + .../dashboards/rancher/default-dashboard.yaml | 17 + .../dashboards/rancher/etcd-dashboards.yaml | 17 + .../dashboards/rancher/k8s-dashboards.yaml | 17 + .../dashboards/rancher/linux-dashboards.yaml | 17 + .../dashboards/rancher/nodes-dashboards.yaml | 17 + .../dashboards/rancher/pods-dashboards.yaml | 17 + .../rancher/windows-dashboards.yaml | 17 + .../rancher/workload-dashboards.yaml | 17 + .../rancher-monitoring/default-dashboard.yaml | 17 + .../exporters/ingress-nginx/service.yaml | 24 + .../ingress-nginx/servicemonitor.yaml | 33 + .../rancher-monitoring/hardened.yaml | 124 + .../ingress-nginx-dashboard.yaml | 18 + .../templates/validate-install-crd.yaml | 21 + .../rancher-monitoring/14.5.100/values.yaml | 2954 +++++++ .../rancher-monitoring/9.4.200/.helmignore | 26 + .../rancher-monitoring/9.4.200/CHANGELOG.md | 46 + .../9.4.200/CONTRIBUTING.md | 12 + .../rancher-monitoring/9.4.200/Chart.yaml | 42 + .../rancher-monitoring/9.4.200/README.md | 348 + .../rancher-monitoring/9.4.200/app-README.md | 16 + .../9.4.200/charts/grafana/.helmignore | 23 + .../9.4.200/charts/grafana/Chart.yaml | 17 + .../9.4.200/charts/grafana/README.md | 424 + .../grafana/dashboards/custom-dashboard.json | 1 + .../charts/grafana/templates/NOTES.txt | 54 + .../charts/grafana/templates/_helpers.tpl | 82 + .../9.4.200/charts/grafana/templates/_pod.tpl | 447 ++ .../charts/grafana/templates/clusterrole.yaml | 25 + .../grafana/templates/clusterrolebinding.yaml | 20 + .../configmap-dashboard-provider.yaml | 25 + .../charts/grafana/templates/configmap.yaml | 69 + .../templates/dashboards-json-configmap.yaml | 35 + .../charts/grafana/templates/deployment.yaml | 47 + .../grafana/templates/headless-service.yaml | 18 + .../charts/grafana/templates/ingress.yaml | 55 + .../grafana/templates/nginx-config.yaml | 75 + .../templates/poddisruptionbudget.yaml | 22 + .../grafana/templates/podsecuritypolicy.yaml | 52 + .../9.4.200/charts/grafana/templates/pvc.yaml | 28 + .../charts/grafana/templates/role.yaml | 32 + .../charts/grafana/templates/rolebinding.yaml | 21 + .../charts/grafana/templates/secret-env.yaml | 14 + .../charts/grafana/templates/secret.yaml | 22 + .../charts/grafana/templates/service.yaml | 50 + .../grafana/templates/serviceaccount.yaml | 13 + .../grafana/templates/servicemonitor.yaml | 36 + .../charts/grafana/templates/statefulset.yaml | 47 + .../templates/tests/test-configmap.yaml | 17 + .../tests/test-podsecuritypolicy.yaml | 29 + .../grafana/templates/tests/test-role.yaml | 14 + .../templates/tests/test-rolebinding.yaml | 17 + .../templates/tests/test-serviceaccount.yaml | 9 + .../charts/grafana/templates/tests/test.yaml | 48 + .../9.4.200/charts/grafana/values.yaml | 552 ++ .../charts/kube-state-metrics/.helmignore | 21 + .../charts/kube-state-metrics/Chart.yaml | 20 + .../charts/kube-state-metrics/README.md | 80 + .../kube-state-metrics/templates/NOTES.txt | 10 + .../kube-state-metrics/templates/_helpers.tpl | 47 + .../templates/clusterrole.yaml | 180 + .../templates/clusterrolebinding.yaml | 19 + .../templates/deployment.yaml | 192 + .../kube-state-metrics/templates/pdb.yaml | 17 + .../templates/podsecuritypolicy.yaml | 42 + .../templates/psp-clusterrole.yaml | 22 + .../templates/psp-clusterrolebinding.yaml | 19 + .../kube-state-metrics/templates/service.yaml | 36 + .../templates/serviceaccount.yaml | 18 + .../templates/servicemonitor.yaml | 25 + .../templates/stsdiscovery-role.yaml | 29 + .../templates/stsdiscovery-rolebinding.yaml | 20 + .../charts/kube-state-metrics/values.yaml | 156 + .../charts/prometheus-adapter/.helmignore | 21 + .../charts/prometheus-adapter/Chart.yaml | 20 + .../charts/prometheus-adapter/README.md | 160 + .../prometheus-adapter/templates/NOTES.txt | 9 + .../prometheus-adapter/templates/_helpers.tpl | 43 + ...r-auth-delegator-cluster-role-binding.yaml | 19 + ...cs-apiserver-auth-reader-role-binding.yaml | 19 + .../custom-metrics-apiserver-deployment.yaml | 120 + ...-resource-reader-cluster-role-binding.yaml | 19 + ...tom-metrics-apiserver-service-account.yaml | 11 + .../custom-metrics-apiserver-service.yaml | 21 + .../templates/custom-metrics-apiservice.yaml | 23 + .../custom-metrics-cluster-role.yaml | 16 + .../templates/custom-metrics-configmap.yaml | 95 + ...-metrics-resource-reader-cluster-role.yaml | 23 + .../external-metrics-apiservice.yaml | 23 + .../external-metrics-cluster-role.yaml | 20 + ...a-custom-metrics-cluster-role-binding.yaml | 19 + ...external-metrics-cluster-role-binding.yaml | 19 + .../resource-metrics-apiservice.yaml | 23 + ...resource-metrics-cluster-role-binding.yaml | 19 + .../resource-metrics-cluster-role.yaml | 22 + .../prometheus-adapter/templates/secret.yaml | 15 + .../charts/prometheus-adapter/values.yaml | 145 + .../prometheus-node-exporter/.helmignore | 21 + .../prometheus-node-exporter/Chart.yaml | 16 + .../charts/prometheus-node-exporter/README.md | 63 + .../templates/NOTES.txt | 15 + .../templates/_helpers.tpl | 66 + .../templates/daemonset.yaml | 151 + .../templates/endpoints.yaml | 18 + .../templates/monitor.yaml | 25 + .../templates/psp-clusterrole.yaml | 15 + .../templates/psp-clusterrolebinding.yaml | 17 + .../templates/psp.yaml | 52 + .../templates/service.yaml | 23 + .../templates/serviceaccount.yaml | 16 + .../prometheus-node-exporter/values.yaml | 141 + .../charts/rancher-pushprox/.helmignore | 23 + .../charts/rancher-pushprox/Chart.yaml | 13 + .../9.4.200/charts/rancher-pushprox/README.md | 54 + .../rancher-pushprox/templates/_helpers.tpl | 65 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 134 + .../templates/pushprox-proxy.yaml | 49 + .../templates/pushprox-servicemonitor.yaml | 39 + .../charts/rancher-pushprox/values.yaml | 86 + .../9.4.200/requirements.lock | 60 + .../9.4.200/requirements.yaml | 108 + .../9.4.200/templates/NOTES.txt | 4 + .../9.4.200/templates/_helpers.tpl | 127 + .../templates/alertmanager/alertmanager.yaml | 118 + .../templates/alertmanager/cleanupSecret.yaml | 86 + .../templates/alertmanager/ingress.yaml | 53 + .../alertmanager/ingressperreplica.yaml | 53 + .../alertmanager/podDisruptionBudget.yaml | 21 + .../templates/alertmanager/psp-role.yaml | 21 + .../alertmanager/psp-rolebinding.yaml | 18 + .../9.4.200/templates/alertmanager/psp.yaml | 52 + .../templates/alertmanager/secret.yaml | 124 + .../templates/alertmanager/service.yaml | 47 + .../alertmanager/serviceaccount.yaml | 16 + .../alertmanager/servicemonitor.yaml | 33 + .../alertmanager/serviceperreplica.yaml | 46 + .../templates/exporters/core-dns/service.yaml | 24 + .../exporters/core-dns/servicemonitor.yaml | 33 + .../kube-api-server/servicemonitor.yaml | 36 + .../kube-controller-manager/endpoints.yaml | 20 + .../kube-controller-manager/service.yaml | 27 + .../servicemonitor.yaml | 44 + .../templates/exporters/kube-dns/service.yaml | 28 + .../exporters/kube-dns/servicemonitor.yaml | 46 + .../exporters/kube-etcd/endpoints.yaml | 20 + .../exporters/kube-etcd/service.yaml | 27 + .../exporters/kube-etcd/servicemonitor.yaml | 50 + .../exporters/kube-proxy/endpoints.yaml | 20 + .../exporters/kube-proxy/service.yaml | 27 + .../exporters/kube-proxy/servicemonitor.yaml | 38 + .../exporters/kube-scheduler/endpoints.yaml | 20 + .../exporters/kube-scheduler/service.yaml | 27 + .../kube-scheduler/servicemonitor.yaml | 44 + .../kube-state-metrics/serviceMonitor.yaml | 30 + .../exporters/kubelet/servicemonitor.yaml | 151 + .../node-exporter/servicemonitor.yaml | 32 + .../grafana/configmap-dashboards.yaml | 24 + .../grafana/configmaps-datasources.yaml | 38 + .../grafana/dashboards-1.14/apiserver.yaml | 1734 ++++ .../dashboards-1.14/cluster-total.yaml | 1841 +++++ .../dashboards-1.14/controller-manager.yaml | 1144 +++ .../grafana/dashboards-1.14/etcd.yaml | 1118 +++ .../grafana/dashboards-1.14/k8s-coredns.yaml | 1340 ++++ .../k8s-resources-cluster.yaml | 2582 ++++++ .../k8s-resources-namespace.yaml | 2286 ++++++ .../dashboards-1.14/k8s-resources-node.yaml | 978 +++ .../dashboards-1.14/k8s-resources-pod.yaml | 1772 ++++ .../k8s-resources-workload.yaml | 2034 +++++ .../k8s-resources-workloads-namespace.yaml | 2195 +++++ .../grafana/dashboards-1.14/kubelet.yaml | 2515 ++++++ .../dashboards-1.14/namespace-by-pod.yaml | 1429 ++++ .../namespace-by-workload.yaml | 1697 ++++ .../node-cluster-rsrc-use.yaml | 964 +++ .../dashboards-1.14/node-rsrc-use.yaml | 991 +++ .../grafana/dashboards-1.14/nodes.yaml | 994 +++ .../persistentvolumesusage.yaml | 575 ++ .../grafana/dashboards-1.14/pod-total.yaml | 1196 +++ .../prometheus-remote-write.yaml | 1655 ++++ .../grafana/dashboards-1.14/prometheus.yaml | 1227 +++ .../grafana/dashboards-1.14/proxy.yaml | 1222 +++ .../grafana/dashboards-1.14/scheduler.yaml | 1068 +++ .../grafana/dashboards-1.14/statefulset.yaml | 927 +++ .../dashboards-1.14/workload-total.yaml | 1402 ++++ .../templates/grafana/dashboards/etcd.yaml | 1118 +++ .../dashboards/k8s-cluster-rsrc-use.yaml | 959 +++ .../grafana/dashboards/k8s-node-rsrc-use.yaml | 986 +++ .../dashboards/k8s-resources-cluster.yaml | 1479 ++++ .../dashboards/k8s-resources-namespace.yaml | 963 +++ .../grafana/dashboards/k8s-resources-pod.yaml | 1006 +++ .../dashboards/k8s-resources-workload.yaml | 936 +++ .../k8s-resources-workloads-namespace.yaml | 972 +++ .../templates/grafana/dashboards/nodes.yaml | 1383 ++++ .../dashboards/persistentvolumesusage.yaml | 573 ++ .../templates/grafana/dashboards/pods.yaml | 680 ++ .../grafana/dashboards/statefulset.yaml | 926 +++ .../9.4.200/templates/grafana/namespaces.yaml | 10 + .../templates/grafana/servicemonitor.yaml | 32 + .../job-patch/clusterrole.yaml | 33 + .../job-patch/clusterrolebinding.yaml | 20 + .../job-patch/job-createSecret.yaml | 65 + .../job-patch/job-patchWebhook.yaml | 66 + .../admission-webhooks/job-patch/psp.yaml | 54 + .../admission-webhooks/job-patch/role.yaml | 21 + .../job-patch/rolebinding.yaml | 21 + .../job-patch/serviceaccount.yaml | 15 + .../mutatingWebhookConfiguration.yaml | 31 + .../validatingWebhookConfiguration.yaml | 31 + .../prometheus-operator/clusterrole.yaml | 79 + .../clusterrolebinding.yaml | 17 + .../prometheus-operator/deployment.yaml | 145 + .../prometheus-operator/psp-clusterrole.yaml | 20 + .../psp-clusterrolebinding.yaml | 17 + .../templates/prometheus-operator/psp.yaml | 51 + .../prometheus-operator/service.yaml | 53 + .../prometheus-operator/serviceaccount.yaml | 12 + .../prometheus-operator/servicemonitor.yaml | 32 + .../additionalAlertRelabelConfigs.yaml | 16 + .../additionalAlertmanagerConfigs.yaml | 16 + .../prometheus/additionalPrometheusRules.yaml | 40 + .../prometheus/additionalScrapeConfigs.yaml | 16 + .../templates/prometheus/clusterrole.yaml | 36 + .../prometheus/clusterrolebinding.yaml | 18 + .../9.4.200/templates/prometheus/ingress.yaml | 53 + .../prometheus/ingressThanosSidecar.yaml | 48 + .../prometheus/ingressperreplica.yaml | 53 + .../templates/prometheus/nginx-config.yaml | 66 + .../prometheus/podDisruptionBudget.yaml | 21 + .../templates/prometheus/podmonitors.yaml | 37 + .../templates/prometheus/prometheus.yaml | 260 + .../templates/prometheus/psp-clusterrole.yaml | 20 + .../prometheus/psp-clusterrolebinding.yaml | 18 + .../9.4.200/templates/prometheus/psp.yaml | 55 + .../rules-1.14/alertmanager.rules.yaml | 61 + .../templates/prometheus/rules-1.14/etcd.yaml | 157 + .../prometheus/rules-1.14/general.rules.yaml | 50 + .../prometheus/rules-1.14/k8s.rules.yaml | 121 + .../kube-apiserver-availability.rules.yaml | 158 + .../rules-1.14/kube-apiserver-slos.yaml | 79 + .../rules-1.14/kube-apiserver.rules.yaml | 363 + .../kube-prometheus-general.rules.yaml | 31 + .../kube-prometheus-node-recording.rules.yaml | 39 + .../rules-1.14/kube-scheduler.rules.yaml | 65 + .../rules-1.14/kube-state-metrics.yaml | 51 + .../prometheus/rules-1.14/kubelet.rules.yaml | 39 + .../rules-1.14/kubernetes-apps.yaml | 210 + .../rules-1.14/kubernetes-resources.yaml | 103 + .../rules-1.14/kubernetes-storage.yaml | 63 + .../kubernetes-system-apiserver.yaml | 66 + .../kubernetes-system-controller-manager.yaml | 39 + .../rules-1.14/kubernetes-system-kubelet.yaml | 91 + .../kubernetes-system-scheduler.yaml | 39 + .../rules-1.14/kubernetes-system.yaml | 47 + .../rules-1.14/node-exporter.rules.yaml | 79 + .../prometheus/rules-1.14/node-exporter.yaml | 210 + .../prometheus/rules-1.14/node-network.yaml | 34 + .../prometheus/rules-1.14/node.rules.yaml | 53 + .../rules-1.14/prometheus-operator.yaml | 57 + .../prometheus/rules-1.14/prometheus.yaml | 202 + .../prometheus/rules/alertmanager.rules.yaml | 54 + .../templates/prometheus/rules/etcd.yaml | 157 + .../prometheus/rules/general.rules.yaml | 50 + .../templates/prometheus/rules/k8s.rules.yaml | 83 + .../rules/kube-apiserver.rules.yaml | 39 + .../kube-prometheus-node-alerting.rules.yaml | 41 + .../kube-prometheus-node-recording.rules.yaml | 41 + .../rules/kube-scheduler.rules.yaml | 65 + .../prometheus/rules/kubernetes-absent.yaml | 129 + .../prometheus/rules/kubernetes-apps.yaml | 161 + .../rules/kubernetes-resources.yaml | 103 + .../prometheus/rules/kubernetes-storage.yaml | 63 + .../prometheus/rules/kubernetes-system.yaml | 145 + .../prometheus/rules/node-network.yaml | 48 + .../templates/prometheus/rules/node-time.yaml | 34 + .../prometheus/rules/node.rules.yaml | 202 + .../prometheus/rules/prometheus-operator.yaml | 43 + .../prometheus/rules/prometheus.rules.yaml | 109 + .../9.4.200/templates/prometheus/service.yaml | 52 + .../templates/prometheus/serviceaccount.yaml | 16 + .../templates/prometheus/servicemonitor.yaml | 42 + .../templates/prometheus/servicemonitors.yaml | 34 + .../prometheus/serviceperreplica.yaml | 46 + .../rancher-monitoring/clusterrole.yaml | 93 + .../rancher-monitoring/config-role.yaml | 48 + .../rancher-monitoring/dashboard-role.yaml | 47 + .../rancher-monitoring/default-dashboard.yaml | 1292 +++ .../templates/validate-install-crd.yaml | 19 + .../rancher-monitoring/9.4.200/values.yaml | 2604 ++++++ .../rancher-monitoring/9.4.201/.helmignore | 26 + .../rancher-monitoring/9.4.201/CHANGELOG.md | 47 + .../9.4.201/CONTRIBUTING.md | 12 + .../rancher-monitoring/9.4.201/Chart.yaml | 43 + .../rancher-monitoring/9.4.201/README.md | 346 + .../rancher-monitoring/9.4.201/app-README.md | 15 + .../9.4.201/charts/grafana/.helmignore | 23 + .../9.4.201/charts/grafana/Chart.yaml | 17 + .../9.4.201/charts/grafana/README.md | 424 + .../grafana/dashboards/custom-dashboard.json | 1 + .../charts/grafana/templates/NOTES.txt | 54 + .../charts/grafana/templates/_helpers.tpl | 82 + .../9.4.201/charts/grafana/templates/_pod.tpl | 448 ++ .../charts/grafana/templates/clusterrole.yaml | 25 + .../grafana/templates/clusterrolebinding.yaml | 20 + .../configmap-dashboard-provider.yaml | 25 + .../charts/grafana/templates/configmap.yaml | 69 + .../templates/dashboards-json-configmap.yaml | 35 + .../charts/grafana/templates/deployment.yaml | 47 + .../grafana/templates/headless-service.yaml | 18 + .../charts/grafana/templates/ingress.yaml | 55 + .../grafana/templates/nginx-config.yaml | 75 + .../templates/poddisruptionbudget.yaml | 22 + .../grafana/templates/podsecuritypolicy.yaml | 48 + .../9.4.201/charts/grafana/templates/pvc.yaml | 28 + .../charts/grafana/templates/role.yaml | 32 + .../charts/grafana/templates/rolebinding.yaml | 21 + .../charts/grafana/templates/secret-env.yaml | 14 + .../charts/grafana/templates/secret.yaml | 22 + .../charts/grafana/templates/service.yaml | 50 + .../grafana/templates/serviceaccount.yaml | 13 + .../grafana/templates/servicemonitor.yaml | 36 + .../charts/grafana/templates/statefulset.yaml | 47 + .../templates/tests/test-configmap.yaml | 17 + .../tests/test-podsecuritypolicy.yaml | 29 + .../grafana/templates/tests/test-role.yaml | 14 + .../templates/tests/test-rolebinding.yaml | 17 + .../templates/tests/test-serviceaccount.yaml | 9 + .../charts/grafana/templates/tests/test.yaml | 48 + .../9.4.201/charts/grafana/values.yaml | 562 ++ .../charts/kube-state-metrics/.helmignore | 21 + .../charts/kube-state-metrics/Chart.yaml | 20 + .../charts/kube-state-metrics/README.md | 80 + .../kube-state-metrics/templates/NOTES.txt | 10 + .../kube-state-metrics/templates/_helpers.tpl | 47 + .../templates/clusterrole.yaml | 180 + .../templates/clusterrolebinding.yaml | 19 + .../templates/deployment.yaml | 192 + .../kube-state-metrics/templates/pdb.yaml | 17 + .../templates/podsecuritypolicy.yaml | 42 + .../templates/psp-clusterrole.yaml | 22 + .../templates/psp-clusterrolebinding.yaml | 19 + .../kube-state-metrics/templates/service.yaml | 36 + .../templates/serviceaccount.yaml | 18 + .../templates/servicemonitor.yaml | 25 + .../templates/stsdiscovery-role.yaml | 29 + .../templates/stsdiscovery-rolebinding.yaml | 20 + .../charts/kube-state-metrics/values.yaml | 156 + .../charts/prometheus-adapter/.helmignore | 21 + .../charts/prometheus-adapter/Chart.yaml | 20 + .../charts/prometheus-adapter/README.md | 160 + .../prometheus-adapter/templates/NOTES.txt | 9 + .../prometheus-adapter/templates/_helpers.tpl | 43 + ...r-auth-delegator-cluster-role-binding.yaml | 19 + ...cs-apiserver-auth-reader-role-binding.yaml | 19 + .../custom-metrics-apiserver-deployment.yaml | 120 + ...-resource-reader-cluster-role-binding.yaml | 19 + ...tom-metrics-apiserver-service-account.yaml | 11 + .../custom-metrics-apiserver-service.yaml | 21 + .../templates/custom-metrics-apiservice.yaml | 23 + .../custom-metrics-cluster-role.yaml | 16 + .../templates/custom-metrics-configmap.yaml | 95 + ...-metrics-resource-reader-cluster-role.yaml | 23 + .../external-metrics-apiservice.yaml | 23 + .../external-metrics-cluster-role.yaml | 20 + ...a-custom-metrics-cluster-role-binding.yaml | 19 + ...external-metrics-cluster-role-binding.yaml | 19 + .../resource-metrics-apiservice.yaml | 23 + ...resource-metrics-cluster-role-binding.yaml | 19 + .../resource-metrics-cluster-role.yaml | 22 + .../prometheus-adapter/templates/secret.yaml | 15 + .../charts/prometheus-adapter/values.yaml | 145 + .../prometheus-node-exporter/.helmignore | 21 + .../prometheus-node-exporter/Chart.yaml | 16 + .../charts/prometheus-node-exporter/README.md | 63 + .../templates/NOTES.txt | 15 + .../templates/_helpers.tpl | 66 + .../templates/daemonset.yaml | 151 + .../templates/endpoints.yaml | 18 + .../templates/monitor.yaml | 25 + .../templates/psp-clusterrole.yaml | 15 + .../templates/psp-clusterrolebinding.yaml | 17 + .../templates/psp.yaml | 52 + .../templates/service.yaml | 23 + .../templates/serviceaccount.yaml | 16 + .../prometheus-node-exporter/values.yaml | 141 + .../charts/rancher-pushprox/.helmignore | 23 + .../charts/rancher-pushprox/Chart.yaml | 13 + .../9.4.201/charts/rancher-pushprox/README.md | 54 + .../rancher-pushprox/templates/_helpers.tpl | 65 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 133 + .../templates/pushprox-proxy.yaml | 49 + .../templates/pushprox-servicemonitor.yaml | 39 + .../charts/rancher-pushprox/values.yaml | 86 + .../9.4.201/requirements.lock | 54 + .../9.4.201/requirements.yaml | 96 + .../9.4.201/templates/NOTES.txt | 4 + .../9.4.201/templates/_helpers.tpl | 151 + .../templates/alertmanager/alertmanager.yaml | 118 + .../templates/alertmanager/cleanupSecret.yaml | 86 + .../templates/alertmanager/ingress.yaml | 53 + .../alertmanager/ingressperreplica.yaml | 53 + .../alertmanager/podDisruptionBudget.yaml | 21 + .../templates/alertmanager/psp-role.yaml | 21 + .../alertmanager/psp-rolebinding.yaml | 18 + .../9.4.201/templates/alertmanager/psp.yaml | 52 + .../templates/alertmanager/secret.yaml | 124 + .../templates/alertmanager/service.yaml | 47 + .../alertmanager/serviceaccount.yaml | 16 + .../alertmanager/servicemonitor.yaml | 33 + .../alertmanager/serviceperreplica.yaml | 46 + .../templates/exporters/core-dns/service.yaml | 24 + .../exporters/core-dns/servicemonitor.yaml | 33 + .../kube-api-server/servicemonitor.yaml | 36 + .../kube-controller-manager/endpoints.yaml | 20 + .../kube-controller-manager/service.yaml | 27 + .../servicemonitor.yaml | 44 + .../templates/exporters/kube-dns/service.yaml | 28 + .../exporters/kube-dns/servicemonitor.yaml | 46 + .../exporters/kube-etcd/endpoints.yaml | 20 + .../exporters/kube-etcd/service.yaml | 27 + .../exporters/kube-etcd/servicemonitor.yaml | 50 + .../exporters/kube-proxy/endpoints.yaml | 20 + .../exporters/kube-proxy/service.yaml | 27 + .../exporters/kube-proxy/servicemonitor.yaml | 38 + .../exporters/kube-scheduler/endpoints.yaml | 20 + .../exporters/kube-scheduler/service.yaml | 27 + .../kube-scheduler/servicemonitor.yaml | 44 + .../kube-state-metrics/serviceMonitor.yaml | 30 + .../exporters/kubelet/servicemonitor.yaml | 151 + .../node-exporter/servicemonitor.yaml | 32 + .../grafana/configmap-dashboards.yaml | 24 + .../grafana/configmaps-datasources.yaml | 38 + .../grafana/dashboards-1.14/apiserver.yaml | 1734 ++++ .../dashboards-1.14/cluster-total.yaml | 1841 +++++ .../dashboards-1.14/controller-manager.yaml | 1144 +++ .../grafana/dashboards-1.14/etcd.yaml | 1118 +++ .../grafana/dashboards-1.14/k8s-coredns.yaml | 1340 ++++ .../k8s-resources-cluster.yaml | 2582 ++++++ .../k8s-resources-namespace.yaml | 2286 ++++++ .../dashboards-1.14/k8s-resources-node.yaml | 978 +++ .../dashboards-1.14/k8s-resources-pod.yaml | 1772 ++++ .../k8s-resources-workload.yaml | 2034 +++++ .../k8s-resources-workloads-namespace.yaml | 2195 +++++ .../grafana/dashboards-1.14/kubelet.yaml | 2515 ++++++ .../dashboards-1.14/namespace-by-pod.yaml | 1429 ++++ .../namespace-by-workload.yaml | 1697 ++++ .../node-cluster-rsrc-use.yaml | 964 +++ .../dashboards-1.14/node-rsrc-use.yaml | 991 +++ .../grafana/dashboards-1.14/nodes.yaml | 994 +++ .../persistentvolumesusage.yaml | 575 ++ .../grafana/dashboards-1.14/pod-total.yaml | 1196 +++ .../prometheus-remote-write.yaml | 1655 ++++ .../grafana/dashboards-1.14/prometheus.yaml | 1227 +++ .../grafana/dashboards-1.14/proxy.yaml | 1222 +++ .../grafana/dashboards-1.14/scheduler.yaml | 1068 +++ .../grafana/dashboards-1.14/statefulset.yaml | 927 +++ .../dashboards-1.14/workload-total.yaml | 1402 ++++ .../templates/grafana/dashboards/etcd.yaml | 1118 +++ .../dashboards/k8s-cluster-rsrc-use.yaml | 959 +++ .../grafana/dashboards/k8s-node-rsrc-use.yaml | 986 +++ .../dashboards/k8s-resources-cluster.yaml | 1479 ++++ .../dashboards/k8s-resources-namespace.yaml | 963 +++ .../grafana/dashboards/k8s-resources-pod.yaml | 1006 +++ .../dashboards/k8s-resources-workload.yaml | 936 +++ .../k8s-resources-workloads-namespace.yaml | 972 +++ .../templates/grafana/dashboards/nodes.yaml | 1383 ++++ .../dashboards/persistentvolumesusage.yaml | 573 ++ .../templates/grafana/dashboards/pods.yaml | 680 ++ .../grafana/dashboards/statefulset.yaml | 926 +++ .../9.4.201/templates/grafana/namespaces.yaml | 10 + .../templates/grafana/servicemonitor.yaml | 32 + .../job-patch/clusterrole.yaml | 33 + .../job-patch/clusterrolebinding.yaml | 20 + .../job-patch/job-createSecret.yaml | 65 + .../job-patch/job-patchWebhook.yaml | 66 + .../admission-webhooks/job-patch/psp.yaml | 54 + .../admission-webhooks/job-patch/role.yaml | 21 + .../job-patch/rolebinding.yaml | 21 + .../job-patch/serviceaccount.yaml | 15 + .../mutatingWebhookConfiguration.yaml | 31 + .../validatingWebhookConfiguration.yaml | 31 + .../prometheus-operator/clusterrole.yaml | 79 + .../clusterrolebinding.yaml | 17 + .../prometheus-operator/deployment.yaml | 145 + .../prometheus-operator/psp-clusterrole.yaml | 20 + .../psp-clusterrolebinding.yaml | 17 + .../templates/prometheus-operator/psp.yaml | 51 + .../prometheus-operator/service.yaml | 53 + .../prometheus-operator/serviceaccount.yaml | 12 + .../prometheus-operator/servicemonitor.yaml | 32 + .../additionalAlertRelabelConfigs.yaml | 16 + .../additionalAlertmanagerConfigs.yaml | 16 + .../prometheus/additionalPrometheusRules.yaml | 40 + .../prometheus/additionalScrapeConfigs.yaml | 16 + .../templates/prometheus/clusterrole.yaml | 36 + .../prometheus/clusterrolebinding.yaml | 18 + .../9.4.201/templates/prometheus/ingress.yaml | 53 + .../prometheus/ingressThanosSidecar.yaml | 48 + .../prometheus/ingressperreplica.yaml | 53 + .../templates/prometheus/nginx-config.yaml | 66 + .../prometheus/podDisruptionBudget.yaml | 21 + .../templates/prometheus/podmonitors.yaml | 37 + .../templates/prometheus/prometheus.yaml | 260 + .../templates/prometheus/psp-clusterrole.yaml | 20 + .../prometheus/psp-clusterrolebinding.yaml | 18 + .../9.4.201/templates/prometheus/psp.yaml | 55 + .../rules-1.14/alertmanager.rules.yaml | 61 + .../templates/prometheus/rules-1.14/etcd.yaml | 157 + .../prometheus/rules-1.14/general.rules.yaml | 50 + .../prometheus/rules-1.14/k8s.rules.yaml | 121 + .../kube-apiserver-availability.rules.yaml | 158 + .../rules-1.14/kube-apiserver-slos.yaml | 79 + .../rules-1.14/kube-apiserver.rules.yaml | 363 + .../kube-prometheus-general.rules.yaml | 31 + .../kube-prometheus-node-recording.rules.yaml | 39 + .../rules-1.14/kube-scheduler.rules.yaml | 65 + .../rules-1.14/kube-state-metrics.yaml | 51 + .../prometheus/rules-1.14/kubelet.rules.yaml | 39 + .../rules-1.14/kubernetes-apps.yaml | 210 + .../rules-1.14/kubernetes-resources.yaml | 103 + .../rules-1.14/kubernetes-storage.yaml | 63 + .../kubernetes-system-apiserver.yaml | 66 + .../kubernetes-system-controller-manager.yaml | 39 + .../rules-1.14/kubernetes-system-kubelet.yaml | 91 + .../kubernetes-system-scheduler.yaml | 39 + .../rules-1.14/kubernetes-system.yaml | 47 + .../rules-1.14/node-exporter.rules.yaml | 79 + .../prometheus/rules-1.14/node-exporter.yaml | 210 + .../prometheus/rules-1.14/node-network.yaml | 34 + .../prometheus/rules-1.14/node.rules.yaml | 53 + .../rules-1.14/prometheus-operator.yaml | 57 + .../prometheus/rules-1.14/prometheus.yaml | 202 + .../prometheus/rules/alertmanager.rules.yaml | 54 + .../templates/prometheus/rules/etcd.yaml | 157 + .../prometheus/rules/general.rules.yaml | 50 + .../templates/prometheus/rules/k8s.rules.yaml | 83 + .../rules/kube-apiserver.rules.yaml | 39 + .../kube-prometheus-node-alerting.rules.yaml | 41 + .../kube-prometheus-node-recording.rules.yaml | 41 + .../rules/kube-scheduler.rules.yaml | 65 + .../prometheus/rules/kubernetes-absent.yaml | 129 + .../prometheus/rules/kubernetes-apps.yaml | 161 + .../rules/kubernetes-resources.yaml | 103 + .../prometheus/rules/kubernetes-storage.yaml | 63 + .../prometheus/rules/kubernetes-system.yaml | 145 + .../prometheus/rules/node-network.yaml | 48 + .../templates/prometheus/rules/node-time.yaml | 34 + .../prometheus/rules/node.rules.yaml | 202 + .../prometheus/rules/prometheus-operator.yaml | 43 + .../prometheus/rules/prometheus.rules.yaml | 109 + .../9.4.201/templates/prometheus/service.yaml | 52 + .../templates/prometheus/serviceaccount.yaml | 16 + .../templates/prometheus/servicemonitor.yaml | 42 + .../templates/prometheus/servicemonitors.yaml | 34 + .../prometheus/serviceperreplica.yaml | 46 + .../rancher-monitoring/clusterrole.yaml | 93 + .../rancher-monitoring/config-role.yaml | 48 + .../rancher-monitoring/dashboard-role.yaml | 47 + .../rancher-monitoring/default-dashboard.yaml | 1292 +++ .../rancher-monitoring/hardened.yaml | 87 + .../templates/validate-install-crd.yaml | 19 + .../rancher-monitoring/9.4.201/values.yaml | 2577 ++++++ .../rancher-monitoring/9.4.202/.helmignore | 26 + .../rancher-monitoring/9.4.202/CHANGELOG.md | 47 + .../9.4.202/CONTRIBUTING.md | 12 + .../rancher-monitoring/9.4.202/Chart.yaml | 43 + .../rancher-monitoring/9.4.202/README.md | 346 + .../rancher-monitoring/9.4.202/app-README.md | 15 + .../9.4.202/charts/grafana/.helmignore | 23 + .../9.4.202/charts/grafana/Chart.yaml | 17 + .../9.4.202/charts/grafana/README.md | 424 + .../grafana/dashboards/custom-dashboard.json | 1 + .../charts/grafana/templates/NOTES.txt | 54 + .../charts/grafana/templates/_helpers.tpl | 82 + .../9.4.202/charts/grafana/templates/_pod.tpl | 448 ++ .../charts/grafana/templates/clusterrole.yaml | 25 + .../grafana/templates/clusterrolebinding.yaml | 20 + .../configmap-dashboard-provider.yaml | 25 + .../charts/grafana/templates/configmap.yaml | 69 + .../templates/dashboards-json-configmap.yaml | 35 + .../charts/grafana/templates/deployment.yaml | 47 + .../grafana/templates/headless-service.yaml | 18 + .../charts/grafana/templates/ingress.yaml | 55 + .../grafana/templates/nginx-config.yaml | 75 + .../templates/poddisruptionbudget.yaml | 22 + .../grafana/templates/podsecuritypolicy.yaml | 48 + .../9.4.202/charts/grafana/templates/pvc.yaml | 28 + .../charts/grafana/templates/role.yaml | 32 + .../charts/grafana/templates/rolebinding.yaml | 21 + .../charts/grafana/templates/secret-env.yaml | 14 + .../charts/grafana/templates/secret.yaml | 22 + .../charts/grafana/templates/service.yaml | 50 + .../grafana/templates/serviceaccount.yaml | 13 + .../grafana/templates/servicemonitor.yaml | 36 + .../charts/grafana/templates/statefulset.yaml | 47 + .../templates/tests/test-configmap.yaml | 17 + .../tests/test-podsecuritypolicy.yaml | 29 + .../grafana/templates/tests/test-role.yaml | 14 + .../templates/tests/test-rolebinding.yaml | 17 + .../templates/tests/test-serviceaccount.yaml | 9 + .../charts/grafana/templates/tests/test.yaml | 48 + .../9.4.202/charts/grafana/values.yaml | 562 ++ .../charts/kube-state-metrics/.helmignore | 21 + .../charts/kube-state-metrics/Chart.yaml | 20 + .../charts/kube-state-metrics/README.md | 80 + .../kube-state-metrics/templates/NOTES.txt | 10 + .../kube-state-metrics/templates/_helpers.tpl | 47 + .../templates/clusterrole.yaml | 180 + .../templates/clusterrolebinding.yaml | 19 + .../templates/deployment.yaml | 192 + .../kube-state-metrics/templates/pdb.yaml | 17 + .../templates/podsecuritypolicy.yaml | 42 + .../templates/psp-clusterrole.yaml | 22 + .../templates/psp-clusterrolebinding.yaml | 19 + .../kube-state-metrics/templates/service.yaml | 36 + .../templates/serviceaccount.yaml | 18 + .../templates/servicemonitor.yaml | 25 + .../templates/stsdiscovery-role.yaml | 29 + .../templates/stsdiscovery-rolebinding.yaml | 20 + .../charts/kube-state-metrics/values.yaml | 156 + .../charts/prometheus-adapter/.helmignore | 21 + .../charts/prometheus-adapter/Chart.yaml | 20 + .../charts/prometheus-adapter/README.md | 147 + .../prometheus-adapter/templates/NOTES.txt | 9 + .../prometheus-adapter/templates/_helpers.tpl | 43 + ...r-auth-delegator-cluster-role-binding.yaml | 19 + ...cs-apiserver-auth-reader-role-binding.yaml | 20 + .../custom-metrics-apiserver-deployment.yaml | 121 + .../custom-metrics-apiserver-pdb.yaml | 22 + .../custom-metrics-apiserver-psp.yaml | 68 + ...-resource-reader-cluster-role-binding.yaml | 19 + ...tom-metrics-apiserver-service-account.yaml | 12 + .../custom-metrics-apiserver-service.yaml | 22 + .../templates/custom-metrics-apiservice.yaml | 23 + .../custom-metrics-cluster-role.yaml | 16 + .../templates/custom-metrics-configmap.yaml | 96 + ...-metrics-resource-reader-cluster-role.yaml | 23 + .../external-metrics-apiservice.yaml | 23 + .../external-metrics-cluster-role.yaml | 20 + ...a-custom-metrics-cluster-role-binding.yaml | 23 + ...external-metrics-cluster-role-binding.yaml | 19 + .../resource-metrics-apiservice.yaml | 23 + ...resource-metrics-cluster-role-binding.yaml | 19 + .../resource-metrics-cluster-role.yaml | 22 + .../prometheus-adapter/templates/secret.yaml | 15 + .../charts/prometheus-adapter/values.yaml | 152 + .../prometheus-node-exporter/.helmignore | 21 + .../prometheus-node-exporter/Chart.yaml | 16 + .../charts/prometheus-node-exporter/README.md | 63 + .../templates/NOTES.txt | 15 + .../templates/_helpers.tpl | 66 + .../templates/daemonset.yaml | 151 + .../templates/endpoints.yaml | 18 + .../templates/monitor.yaml | 25 + .../templates/psp-clusterrole.yaml | 15 + .../templates/psp-clusterrolebinding.yaml | 17 + .../templates/psp.yaml | 52 + .../templates/service.yaml | 23 + .../templates/serviceaccount.yaml | 16 + .../prometheus-node-exporter/values.yaml | 141 + .../charts/rancher-pushprox/.helmignore | 23 + .../charts/rancher-pushprox/Chart.yaml | 12 + .../9.4.202/charts/rancher-pushprox/README.md | 54 + .../rancher-pushprox/templates/_helpers.tpl | 65 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 133 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 50 + .../templates/pushprox-servicemonitor.yaml | 39 + .../charts/rancher-pushprox/values.yaml | 86 + .../9.4.202/requirements.lock | 54 + .../9.4.202/requirements.yaml | 96 + .../9.4.202/templates/NOTES.txt | 4 + .../9.4.202/templates/_helpers.tpl | 151 + .../templates/alertmanager/alertmanager.yaml | 118 + .../templates/alertmanager/cleanupSecret.yaml | 86 + .../templates/alertmanager/ingress.yaml | 53 + .../alertmanager/ingressperreplica.yaml | 53 + .../alertmanager/podDisruptionBudget.yaml | 21 + .../templates/alertmanager/psp-role.yaml | 21 + .../alertmanager/psp-rolebinding.yaml | 18 + .../9.4.202/templates/alertmanager/psp.yaml | 52 + .../templates/alertmanager/secret.yaml | 164 + .../templates/alertmanager/service.yaml | 47 + .../alertmanager/serviceaccount.yaml | 16 + .../alertmanager/servicemonitor.yaml | 33 + .../alertmanager/serviceperreplica.yaml | 46 + .../templates/exporters/core-dns/service.yaml | 24 + .../exporters/core-dns/servicemonitor.yaml | 33 + .../kube-api-server/servicemonitor.yaml | 36 + .../kube-controller-manager/endpoints.yaml | 20 + .../kube-controller-manager/service.yaml | 27 + .../servicemonitor.yaml | 44 + .../templates/exporters/kube-dns/service.yaml | 28 + .../exporters/kube-dns/servicemonitor.yaml | 46 + .../exporters/kube-etcd/endpoints.yaml | 20 + .../exporters/kube-etcd/service.yaml | 27 + .../exporters/kube-etcd/servicemonitor.yaml | 50 + .../exporters/kube-proxy/endpoints.yaml | 20 + .../exporters/kube-proxy/service.yaml | 27 + .../exporters/kube-proxy/servicemonitor.yaml | 38 + .../exporters/kube-scheduler/endpoints.yaml | 20 + .../exporters/kube-scheduler/service.yaml | 27 + .../kube-scheduler/servicemonitor.yaml | 44 + .../kube-state-metrics/serviceMonitor.yaml | 30 + .../exporters/kubelet/servicemonitor.yaml | 151 + .../node-exporter/servicemonitor.yaml | 32 + .../grafana/configmap-dashboards.yaml | 24 + .../grafana/configmaps-datasources.yaml | 38 + .../grafana/dashboards-1.14/apiserver.yaml | 1734 ++++ .../dashboards-1.14/cluster-total.yaml | 1841 +++++ .../dashboards-1.14/controller-manager.yaml | 1144 +++ .../grafana/dashboards-1.14/etcd.yaml | 1118 +++ .../grafana/dashboards-1.14/k8s-coredns.yaml | 1340 ++++ .../k8s-resources-cluster.yaml | 2582 ++++++ .../k8s-resources-namespace.yaml | 2286 ++++++ .../dashboards-1.14/k8s-resources-node.yaml | 978 +++ .../dashboards-1.14/k8s-resources-pod.yaml | 1772 ++++ .../k8s-resources-workload.yaml | 2034 +++++ .../k8s-resources-workloads-namespace.yaml | 2195 +++++ .../grafana/dashboards-1.14/kubelet.yaml | 2515 ++++++ .../dashboards-1.14/namespace-by-pod.yaml | 1429 ++++ .../namespace-by-workload.yaml | 1697 ++++ .../node-cluster-rsrc-use.yaml | 964 +++ .../dashboards-1.14/node-rsrc-use.yaml | 991 +++ .../grafana/dashboards-1.14/nodes.yaml | 994 +++ .../persistentvolumesusage.yaml | 575 ++ .../grafana/dashboards-1.14/pod-total.yaml | 1196 +++ .../prometheus-remote-write.yaml | 1655 ++++ .../grafana/dashboards-1.14/prometheus.yaml | 1227 +++ .../grafana/dashboards-1.14/proxy.yaml | 1222 +++ .../grafana/dashboards-1.14/scheduler.yaml | 1068 +++ .../grafana/dashboards-1.14/statefulset.yaml | 927 +++ .../dashboards-1.14/workload-total.yaml | 1402 ++++ .../templates/grafana/dashboards/etcd.yaml | 1118 +++ .../dashboards/k8s-cluster-rsrc-use.yaml | 959 +++ .../grafana/dashboards/k8s-node-rsrc-use.yaml | 986 +++ .../dashboards/k8s-resources-cluster.yaml | 1479 ++++ .../dashboards/k8s-resources-namespace.yaml | 963 +++ .../grafana/dashboards/k8s-resources-pod.yaml | 1006 +++ .../dashboards/k8s-resources-workload.yaml | 936 +++ .../k8s-resources-workloads-namespace.yaml | 972 +++ .../templates/grafana/dashboards/nodes.yaml | 1383 ++++ .../dashboards/persistentvolumesusage.yaml | 573 ++ .../templates/grafana/dashboards/pods.yaml | 680 ++ .../grafana/dashboards/statefulset.yaml | 926 +++ .../9.4.202/templates/grafana/namespaces.yaml | 10 + .../templates/grafana/servicemonitor.yaml | 32 + .../job-patch/clusterrole.yaml | 33 + .../job-patch/clusterrolebinding.yaml | 20 + .../job-patch/job-createSecret.yaml | 65 + .../job-patch/job-patchWebhook.yaml | 66 + .../admission-webhooks/job-patch/psp.yaml | 54 + .../admission-webhooks/job-patch/role.yaml | 21 + .../job-patch/rolebinding.yaml | 21 + .../job-patch/serviceaccount.yaml | 15 + .../mutatingWebhookConfiguration.yaml | 31 + .../validatingWebhookConfiguration.yaml | 31 + .../prometheus-operator/clusterrole.yaml | 79 + .../clusterrolebinding.yaml | 17 + .../prometheus-operator/deployment.yaml | 145 + .../prometheus-operator/psp-clusterrole.yaml | 20 + .../psp-clusterrolebinding.yaml | 17 + .../templates/prometheus-operator/psp.yaml | 51 + .../prometheus-operator/service.yaml | 53 + .../prometheus-operator/serviceaccount.yaml | 12 + .../prometheus-operator/servicemonitor.yaml | 32 + .../additionalAlertRelabelConfigs.yaml | 16 + .../additionalAlertmanagerConfigs.yaml | 16 + .../prometheus/additionalPrometheusRules.yaml | 40 + .../prometheus/additionalScrapeConfigs.yaml | 16 + .../templates/prometheus/clusterrole.yaml | 36 + .../prometheus/clusterrolebinding.yaml | 18 + .../9.4.202/templates/prometheus/ingress.yaml | 53 + .../prometheus/ingressThanosSidecar.yaml | 48 + .../prometheus/ingressperreplica.yaml | 53 + .../templates/prometheus/nginx-config.yaml | 66 + .../prometheus/podDisruptionBudget.yaml | 21 + .../templates/prometheus/podmonitors.yaml | 37 + .../templates/prometheus/prometheus.yaml | 260 + .../templates/prometheus/psp-clusterrole.yaml | 20 + .../prometheus/psp-clusterrolebinding.yaml | 18 + .../9.4.202/templates/prometheus/psp.yaml | 55 + .../rules-1.14/alertmanager.rules.yaml | 61 + .../templates/prometheus/rules-1.14/etcd.yaml | 157 + .../prometheus/rules-1.14/general.rules.yaml | 50 + .../prometheus/rules-1.14/k8s.rules.yaml | 121 + .../kube-apiserver-availability.rules.yaml | 158 + .../rules-1.14/kube-apiserver-slos.yaml | 79 + .../rules-1.14/kube-apiserver.rules.yaml | 363 + .../kube-prometheus-general.rules.yaml | 31 + .../kube-prometheus-node-recording.rules.yaml | 39 + .../rules-1.14/kube-scheduler.rules.yaml | 65 + .../rules-1.14/kube-state-metrics.yaml | 51 + .../prometheus/rules-1.14/kubelet.rules.yaml | 39 + .../rules-1.14/kubernetes-apps.yaml | 210 + .../rules-1.14/kubernetes-resources.yaml | 103 + .../rules-1.14/kubernetes-storage.yaml | 63 + .../kubernetes-system-apiserver.yaml | 66 + .../kubernetes-system-controller-manager.yaml | 39 + .../rules-1.14/kubernetes-system-kubelet.yaml | 91 + .../kubernetes-system-scheduler.yaml | 39 + .../rules-1.14/kubernetes-system.yaml | 47 + .../rules-1.14/node-exporter.rules.yaml | 79 + .../prometheus/rules-1.14/node-exporter.yaml | 210 + .../prometheus/rules-1.14/node-network.yaml | 34 + .../prometheus/rules-1.14/node.rules.yaml | 53 + .../rules-1.14/prometheus-operator.yaml | 57 + .../prometheus/rules-1.14/prometheus.yaml | 202 + .../prometheus/rules/alertmanager.rules.yaml | 54 + .../templates/prometheus/rules/etcd.yaml | 157 + .../prometheus/rules/general.rules.yaml | 50 + .../templates/prometheus/rules/k8s.rules.yaml | 83 + .../rules/kube-apiserver.rules.yaml | 39 + .../kube-prometheus-node-alerting.rules.yaml | 41 + .../kube-prometheus-node-recording.rules.yaml | 41 + .../rules/kube-scheduler.rules.yaml | 65 + .../prometheus/rules/kubernetes-absent.yaml | 129 + .../prometheus/rules/kubernetes-apps.yaml | 161 + .../rules/kubernetes-resources.yaml | 103 + .../prometheus/rules/kubernetes-storage.yaml | 63 + .../prometheus/rules/kubernetes-system.yaml | 145 + .../prometheus/rules/node-network.yaml | 48 + .../templates/prometheus/rules/node-time.yaml | 34 + .../prometheus/rules/node.rules.yaml | 202 + .../prometheus/rules/prometheus-operator.yaml | 43 + .../prometheus/rules/prometheus.rules.yaml | 109 + .../9.4.202/templates/prometheus/service.yaml | 52 + .../templates/prometheus/serviceaccount.yaml | 16 + .../templates/prometheus/servicemonitor.yaml | 42 + .../templates/prometheus/servicemonitors.yaml | 34 + .../prometheus/serviceperreplica.yaml | 46 + .../rancher-monitoring/clusterrole.yaml | 93 + .../rancher-monitoring/config-role.yaml | 48 + .../rancher-monitoring/dashboard-role.yaml | 47 + .../rancher-monitoring/default-dashboard.yaml | 1292 +++ .../rancher-monitoring/hardened.yaml | 122 + .../templates/validate-install-crd.yaml | 19 + .../rancher-monitoring/9.4.202/values.yaml | 2579 ++++++ .../rancher-monitoring/9.4.203/.helmignore | 26 + .../rancher-monitoring/9.4.203/CHANGELOG.md | 47 + .../9.4.203/CONTRIBUTING.md | 12 + .../rancher-monitoring/9.4.203/Chart.yaml | 47 + .../rancher-monitoring/9.4.203/README.md | 346 + .../rancher-monitoring/9.4.203/app-README.md | 15 + .../9.4.203/charts/grafana/.helmignore | 23 + .../9.4.203/charts/grafana/Chart.yaml | 17 + .../9.4.203/charts/grafana/README.md | 424 + .../grafana/dashboards/custom-dashboard.json | 1 + .../charts/grafana/templates/NOTES.txt | 54 + .../charts/grafana/templates/_helpers.tpl | 82 + .../9.4.203/charts/grafana/templates/_pod.tpl | 448 ++ .../charts/grafana/templates/clusterrole.yaml | 25 + .../grafana/templates/clusterrolebinding.yaml | 20 + .../configmap-dashboard-provider.yaml | 25 + .../charts/grafana/templates/configmap.yaml | 69 + .../templates/dashboards-json-configmap.yaml | 35 + .../charts/grafana/templates/deployment.yaml | 47 + .../grafana/templates/headless-service.yaml | 18 + .../charts/grafana/templates/ingress.yaml | 55 + .../grafana/templates/nginx-config.yaml | 75 + .../templates/poddisruptionbudget.yaml | 22 + .../grafana/templates/podsecuritypolicy.yaml | 48 + .../9.4.203/charts/grafana/templates/pvc.yaml | 28 + .../charts/grafana/templates/role.yaml | 32 + .../charts/grafana/templates/rolebinding.yaml | 21 + .../charts/grafana/templates/secret-env.yaml | 14 + .../charts/grafana/templates/secret.yaml | 22 + .../charts/grafana/templates/service.yaml | 50 + .../grafana/templates/serviceaccount.yaml | 13 + .../grafana/templates/servicemonitor.yaml | 36 + .../charts/grafana/templates/statefulset.yaml | 47 + .../templates/tests/test-configmap.yaml | 17 + .../tests/test-podsecuritypolicy.yaml | 29 + .../grafana/templates/tests/test-role.yaml | 14 + .../templates/tests/test-rolebinding.yaml | 17 + .../templates/tests/test-serviceaccount.yaml | 9 + .../charts/grafana/templates/tests/test.yaml | 48 + .../9.4.203/charts/grafana/values.yaml | 562 ++ .../9.4.203/charts/k3sServer/.helmignore | 23 + .../9.4.203/charts/k3sServer/Chart.yaml | 12 + .../9.4.203/charts/k3sServer/README.md | 54 + .../charts/k3sServer/templates/_helpers.tpl | 65 + .../templates/pushprox-clients-rbac.yaml | 74 + .../k3sServer/templates/pushprox-clients.yaml | 133 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../k3sServer/templates/pushprox-proxy.yaml | 50 + .../templates/pushprox-servicemonitor.yaml | 39 + .../9.4.203/charts/k3sServer/values.yaml | 86 + .../charts/kube-state-metrics/.helmignore | 21 + .../charts/kube-state-metrics/Chart.yaml | 20 + .../charts/kube-state-metrics/README.md | 80 + .../kube-state-metrics/templates/NOTES.txt | 10 + .../kube-state-metrics/templates/_helpers.tpl | 47 + .../templates/clusterrole.yaml | 180 + .../templates/clusterrolebinding.yaml | 19 + .../templates/deployment.yaml | 192 + .../kube-state-metrics/templates/pdb.yaml | 17 + .../templates/podsecuritypolicy.yaml | 42 + .../templates/psp-clusterrole.yaml | 22 + .../templates/psp-clusterrolebinding.yaml | 19 + .../kube-state-metrics/templates/service.yaml | 36 + .../templates/serviceaccount.yaml | 18 + .../templates/servicemonitor.yaml | 25 + .../templates/stsdiscovery-role.yaml | 29 + .../templates/stsdiscovery-rolebinding.yaml | 20 + .../charts/kube-state-metrics/values.yaml | 156 + .../kubeAdmControllerManager/.helmignore | 23 + .../kubeAdmControllerManager/Chart.yaml | 12 + .../charts/kubeAdmControllerManager/README.md | 54 + .../templates/_helpers.tpl | 65 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 133 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 50 + .../templates/pushprox-servicemonitor.yaml | 39 + .../kubeAdmControllerManager/values.yaml | 86 + .../9.4.203/charts/kubeAdmEtcd/.helmignore | 23 + .../9.4.203/charts/kubeAdmEtcd/Chart.yaml | 12 + .../9.4.203/charts/kubeAdmEtcd/README.md | 54 + .../charts/kubeAdmEtcd/templates/_helpers.tpl | 65 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 133 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../kubeAdmEtcd/templates/pushprox-proxy.yaml | 50 + .../templates/pushprox-servicemonitor.yaml | 39 + .../9.4.203/charts/kubeAdmEtcd/values.yaml | 86 + .../9.4.203/charts/kubeAdmProxy/.helmignore | 23 + .../9.4.203/charts/kubeAdmProxy/Chart.yaml | 12 + .../9.4.203/charts/kubeAdmProxy/README.md | 54 + .../kubeAdmProxy/templates/_helpers.tpl | 65 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 133 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 50 + .../templates/pushprox-servicemonitor.yaml | 39 + .../9.4.203/charts/kubeAdmProxy/values.yaml | 86 + .../charts/kubeAdmScheduler/.helmignore | 23 + .../charts/kubeAdmScheduler/Chart.yaml | 12 + .../9.4.203/charts/kubeAdmScheduler/README.md | 54 + .../kubeAdmScheduler/templates/_helpers.tpl | 65 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 133 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 50 + .../templates/pushprox-servicemonitor.yaml | 39 + .../charts/kubeAdmScheduler/values.yaml | 86 + .../charts/prometheus-adapter/.helmignore | 21 + .../charts/prometheus-adapter/Chart.yaml | 20 + .../charts/prometheus-adapter/README.md | 147 + .../prometheus-adapter/templates/NOTES.txt | 9 + .../prometheus-adapter/templates/_helpers.tpl | 43 + ...r-auth-delegator-cluster-role-binding.yaml | 19 + ...cs-apiserver-auth-reader-role-binding.yaml | 20 + .../custom-metrics-apiserver-deployment.yaml | 121 + .../custom-metrics-apiserver-pdb.yaml | 22 + .../custom-metrics-apiserver-psp.yaml | 68 + ...-resource-reader-cluster-role-binding.yaml | 19 + ...tom-metrics-apiserver-service-account.yaml | 12 + .../custom-metrics-apiserver-service.yaml | 22 + .../templates/custom-metrics-apiservice.yaml | 23 + .../custom-metrics-cluster-role.yaml | 16 + .../templates/custom-metrics-configmap.yaml | 96 + ...-metrics-resource-reader-cluster-role.yaml | 23 + .../external-metrics-apiservice.yaml | 23 + .../external-metrics-cluster-role.yaml | 20 + ...a-custom-metrics-cluster-role-binding.yaml | 23 + ...external-metrics-cluster-role-binding.yaml | 19 + .../resource-metrics-apiservice.yaml | 23 + ...resource-metrics-cluster-role-binding.yaml | 19 + .../resource-metrics-cluster-role.yaml | 22 + .../prometheus-adapter/templates/secret.yaml | 15 + .../charts/prometheus-adapter/values.yaml | 152 + .../prometheus-node-exporter/.helmignore | 21 + .../prometheus-node-exporter/Chart.yaml | 16 + .../charts/prometheus-node-exporter/README.md | 63 + .../templates/NOTES.txt | 15 + .../templates/_helpers.tpl | 66 + .../templates/daemonset.yaml | 151 + .../templates/endpoints.yaml | 18 + .../templates/monitor.yaml | 25 + .../templates/psp-clusterrole.yaml | 15 + .../templates/psp-clusterrolebinding.yaml | 17 + .../templates/psp.yaml | 52 + .../templates/service.yaml | 23 + .../templates/serviceaccount.yaml | 16 + .../prometheus-node-exporter/values.yaml | 143 + .../charts/rke2ControllerManager/.helmignore | 23 + .../charts/rke2ControllerManager/Chart.yaml | 12 + .../charts/rke2ControllerManager/README.md | 54 + .../templates/_helpers.tpl | 65 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 133 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 50 + .../templates/pushprox-servicemonitor.yaml | 39 + .../charts/rke2ControllerManager/values.yaml | 86 + .../9.4.203/charts/rke2Etcd/.helmignore | 23 + .../9.4.203/charts/rke2Etcd/Chart.yaml | 12 + .../9.4.203/charts/rke2Etcd/README.md | 54 + .../charts/rke2Etcd/templates/_helpers.tpl | 65 + .../templates/pushprox-clients-rbac.yaml | 74 + .../rke2Etcd/templates/pushprox-clients.yaml | 133 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../rke2Etcd/templates/pushprox-proxy.yaml | 50 + .../templates/pushprox-servicemonitor.yaml | 39 + .../9.4.203/charts/rke2Etcd/values.yaml | 86 + .../9.4.203/charts/rke2Proxy/.helmignore | 23 + .../9.4.203/charts/rke2Proxy/Chart.yaml | 12 + .../9.4.203/charts/rke2Proxy/README.md | 54 + .../charts/rke2Proxy/templates/_helpers.tpl | 65 + .../templates/pushprox-clients-rbac.yaml | 74 + .../rke2Proxy/templates/pushprox-clients.yaml | 133 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../rke2Proxy/templates/pushprox-proxy.yaml | 50 + .../templates/pushprox-servicemonitor.yaml | 39 + .../9.4.203/charts/rke2Proxy/values.yaml | 86 + .../9.4.203/charts/rke2Scheduler/.helmignore | 23 + .../9.4.203/charts/rke2Scheduler/Chart.yaml | 12 + .../9.4.203/charts/rke2Scheduler/README.md | 54 + .../rke2Scheduler/templates/_helpers.tpl | 65 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 133 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 50 + .../templates/pushprox-servicemonitor.yaml | 39 + .../9.4.203/charts/rke2Scheduler/values.yaml | 86 + .../charts/rkeControllerManager/.helmignore | 23 + .../charts/rkeControllerManager/Chart.yaml | 12 + .../charts/rkeControllerManager/README.md | 54 + .../templates/_helpers.tpl | 65 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 133 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 50 + .../templates/pushprox-servicemonitor.yaml | 39 + .../charts/rkeControllerManager/values.yaml | 86 + .../9.4.203/charts/rkeEtcd/.helmignore | 23 + .../9.4.203/charts/rkeEtcd/Chart.yaml | 12 + .../9.4.203/charts/rkeEtcd/README.md | 54 + .../charts/rkeEtcd/templates/_helpers.tpl | 65 + .../templates/pushprox-clients-rbac.yaml | 74 + .../rkeEtcd/templates/pushprox-clients.yaml | 133 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../rkeEtcd/templates/pushprox-proxy.yaml | 50 + .../templates/pushprox-servicemonitor.yaml | 39 + .../9.4.203/charts/rkeEtcd/values.yaml | 86 + .../9.4.203/charts/rkeProxy/.helmignore | 23 + .../9.4.203/charts/rkeProxy/Chart.yaml | 12 + .../9.4.203/charts/rkeProxy/README.md | 54 + .../charts/rkeProxy/templates/_helpers.tpl | 65 + .../templates/pushprox-clients-rbac.yaml | 74 + .../rkeProxy/templates/pushprox-clients.yaml | 133 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../rkeProxy/templates/pushprox-proxy.yaml | 50 + .../templates/pushprox-servicemonitor.yaml | 39 + .../9.4.203/charts/rkeProxy/values.yaml | 86 + .../9.4.203/charts/rkeScheduler/.helmignore | 23 + .../9.4.203/charts/rkeScheduler/Chart.yaml | 12 + .../9.4.203/charts/rkeScheduler/README.md | 54 + .../rkeScheduler/templates/_helpers.tpl | 65 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 133 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 50 + .../templates/pushprox-servicemonitor.yaml | 39 + .../9.4.203/charts/rkeScheduler/values.yaml | 86 + .../9.4.203/requirements.lock | 54 + .../9.4.203/requirements.yaml | 137 + .../9.4.203/templates/NOTES.txt | 4 + .../9.4.203/templates/_helpers.tpl | 162 + .../templates/alertmanager/alertmanager.yaml | 118 + .../templates/alertmanager/cleanupSecret.yaml | 86 + .../templates/alertmanager/ingress.yaml | 53 + .../alertmanager/ingressperreplica.yaml | 53 + .../alertmanager/podDisruptionBudget.yaml | 21 + .../templates/alertmanager/psp-role.yaml | 21 + .../alertmanager/psp-rolebinding.yaml | 18 + .../9.4.203/templates/alertmanager/psp.yaml | 52 + .../templates/alertmanager/secret.yaml | 164 + .../templates/alertmanager/service.yaml | 47 + .../alertmanager/serviceaccount.yaml | 16 + .../alertmanager/servicemonitor.yaml | 33 + .../alertmanager/serviceperreplica.yaml | 46 + .../templates/exporters/core-dns/service.yaml | 24 + .../exporters/core-dns/servicemonitor.yaml | 33 + .../kube-api-server/servicemonitor.yaml | 36 + .../kube-controller-manager/endpoints.yaml | 20 + .../kube-controller-manager/service.yaml | 27 + .../servicemonitor.yaml | 44 + .../templates/exporters/kube-dns/service.yaml | 28 + .../exporters/kube-dns/servicemonitor.yaml | 46 + .../exporters/kube-etcd/endpoints.yaml | 20 + .../exporters/kube-etcd/service.yaml | 27 + .../exporters/kube-etcd/servicemonitor.yaml | 50 + .../exporters/kube-proxy/endpoints.yaml | 20 + .../exporters/kube-proxy/service.yaml | 27 + .../exporters/kube-proxy/servicemonitor.yaml | 38 + .../exporters/kube-scheduler/endpoints.yaml | 20 + .../exporters/kube-scheduler/service.yaml | 27 + .../kube-scheduler/servicemonitor.yaml | 44 + .../kube-state-metrics/serviceMonitor.yaml | 30 + .../exporters/kubelet/servicemonitor.yaml | 151 + .../node-exporter/servicemonitor.yaml | 32 + .../grafana/configmap-dashboards.yaml | 24 + .../grafana/configmaps-datasources.yaml | 38 + .../grafana/dashboards-1.14/apiserver.yaml | 1734 ++++ .../dashboards-1.14/cluster-total.yaml | 1841 +++++ .../dashboards-1.14/controller-manager.yaml | 1144 +++ .../grafana/dashboards-1.14/etcd.yaml | 1118 +++ .../grafana/dashboards-1.14/k8s-coredns.yaml | 1340 ++++ .../k8s-resources-cluster.yaml | 2582 ++++++ .../k8s-resources-namespace.yaml | 2286 ++++++ .../dashboards-1.14/k8s-resources-node.yaml | 978 +++ .../dashboards-1.14/k8s-resources-pod.yaml | 1772 ++++ .../k8s-resources-workload.yaml | 2034 +++++ .../k8s-resources-workloads-namespace.yaml | 2195 +++++ .../grafana/dashboards-1.14/kubelet.yaml | 2515 ++++++ .../dashboards-1.14/namespace-by-pod.yaml | 1429 ++++ .../namespace-by-workload.yaml | 1697 ++++ .../node-cluster-rsrc-use.yaml | 964 +++ .../dashboards-1.14/node-rsrc-use.yaml | 991 +++ .../grafana/dashboards-1.14/nodes.yaml | 994 +++ .../persistentvolumesusage.yaml | 575 ++ .../grafana/dashboards-1.14/pod-total.yaml | 1196 +++ .../prometheus-remote-write.yaml | 1655 ++++ .../grafana/dashboards-1.14/prometheus.yaml | 1227 +++ .../grafana/dashboards-1.14/proxy.yaml | 1222 +++ .../grafana/dashboards-1.14/scheduler.yaml | 1068 +++ .../grafana/dashboards-1.14/statefulset.yaml | 927 +++ .../dashboards-1.14/workload-total.yaml | 1402 ++++ .../templates/grafana/dashboards/etcd.yaml | 1118 +++ .../dashboards/k8s-cluster-rsrc-use.yaml | 959 +++ .../grafana/dashboards/k8s-node-rsrc-use.yaml | 986 +++ .../dashboards/k8s-resources-cluster.yaml | 1479 ++++ .../dashboards/k8s-resources-namespace.yaml | 963 +++ .../grafana/dashboards/k8s-resources-pod.yaml | 1006 +++ .../dashboards/k8s-resources-workload.yaml | 936 +++ .../k8s-resources-workloads-namespace.yaml | 972 +++ .../templates/grafana/dashboards/nodes.yaml | 1383 ++++ .../dashboards/persistentvolumesusage.yaml | 573 ++ .../templates/grafana/dashboards/pods.yaml | 680 ++ .../grafana/dashboards/statefulset.yaml | 926 +++ .../9.4.203/templates/grafana/namespaces.yaml | 10 + .../templates/grafana/servicemonitor.yaml | 32 + .../job-patch/clusterrole.yaml | 33 + .../job-patch/clusterrolebinding.yaml | 20 + .../job-patch/job-createSecret.yaml | 65 + .../job-patch/job-patchWebhook.yaml | 66 + .../admission-webhooks/job-patch/psp.yaml | 54 + .../admission-webhooks/job-patch/role.yaml | 21 + .../job-patch/rolebinding.yaml | 21 + .../job-patch/serviceaccount.yaml | 15 + .../mutatingWebhookConfiguration.yaml | 31 + .../validatingWebhookConfiguration.yaml | 31 + .../prometheus-operator/clusterrole.yaml | 79 + .../clusterrolebinding.yaml | 17 + .../prometheus-operator/deployment.yaml | 145 + .../prometheus-operator/psp-clusterrole.yaml | 20 + .../psp-clusterrolebinding.yaml | 17 + .../templates/prometheus-operator/psp.yaml | 51 + .../prometheus-operator/service.yaml | 53 + .../prometheus-operator/serviceaccount.yaml | 12 + .../prometheus-operator/servicemonitor.yaml | 32 + .../additionalAlertRelabelConfigs.yaml | 16 + .../additionalAlertmanagerConfigs.yaml | 16 + .../prometheus/additionalPrometheusRules.yaml | 40 + .../prometheus/additionalScrapeConfigs.yaml | 16 + .../templates/prometheus/clusterrole.yaml | 36 + .../prometheus/clusterrolebinding.yaml | 18 + .../9.4.203/templates/prometheus/ingress.yaml | 53 + .../prometheus/ingressThanosSidecar.yaml | 48 + .../prometheus/ingressperreplica.yaml | 53 + .../templates/prometheus/nginx-config.yaml | 66 + .../prometheus/podDisruptionBudget.yaml | 21 + .../templates/prometheus/podmonitors.yaml | 37 + .../templates/prometheus/prometheus.yaml | 262 + .../templates/prometheus/psp-clusterrole.yaml | 20 + .../prometheus/psp-clusterrolebinding.yaml | 18 + .../9.4.203/templates/prometheus/psp.yaml | 55 + .../rules-1.14/alertmanager.rules.yaml | 61 + .../templates/prometheus/rules-1.14/etcd.yaml | 157 + .../prometheus/rules-1.14/general.rules.yaml | 50 + .../prometheus/rules-1.14/k8s.rules.yaml | 121 + .../kube-apiserver-availability.rules.yaml | 158 + .../rules-1.14/kube-apiserver-slos.yaml | 79 + .../rules-1.14/kube-apiserver.rules.yaml | 363 + .../kube-prometheus-general.rules.yaml | 31 + .../kube-prometheus-node-recording.rules.yaml | 39 + .../rules-1.14/kube-scheduler.rules.yaml | 65 + .../rules-1.14/kube-state-metrics.yaml | 51 + .../prometheus/rules-1.14/kubelet.rules.yaml | 39 + .../rules-1.14/kubernetes-apps.yaml | 210 + .../rules-1.14/kubernetes-resources.yaml | 103 + .../rules-1.14/kubernetes-storage.yaml | 63 + .../kubernetes-system-apiserver.yaml | 66 + .../kubernetes-system-controller-manager.yaml | 39 + .../rules-1.14/kubernetes-system-kubelet.yaml | 91 + .../kubernetes-system-scheduler.yaml | 39 + .../rules-1.14/kubernetes-system.yaml | 47 + .../rules-1.14/node-exporter.rules.yaml | 79 + .../prometheus/rules-1.14/node-exporter.yaml | 210 + .../prometheus/rules-1.14/node-network.yaml | 34 + .../prometheus/rules-1.14/node.rules.yaml | 53 + .../rules-1.14/prometheus-operator.yaml | 57 + .../prometheus/rules-1.14/prometheus.yaml | 202 + .../prometheus/rules/alertmanager.rules.yaml | 54 + .../templates/prometheus/rules/etcd.yaml | 157 + .../prometheus/rules/general.rules.yaml | 50 + .../templates/prometheus/rules/k8s.rules.yaml | 83 + .../rules/kube-apiserver.rules.yaml | 39 + .../kube-prometheus-node-alerting.rules.yaml | 41 + .../kube-prometheus-node-recording.rules.yaml | 41 + .../rules/kube-scheduler.rules.yaml | 65 + .../prometheus/rules/kubernetes-absent.yaml | 129 + .../prometheus/rules/kubernetes-apps.yaml | 161 + .../rules/kubernetes-resources.yaml | 103 + .../prometheus/rules/kubernetes-storage.yaml | 63 + .../prometheus/rules/kubernetes-system.yaml | 145 + .../prometheus/rules/node-network.yaml | 48 + .../templates/prometheus/rules/node-time.yaml | 34 + .../prometheus/rules/node.rules.yaml | 202 + .../prometheus/rules/prometheus-operator.yaml | 43 + .../prometheus/rules/prometheus.rules.yaml | 109 + .../9.4.203/templates/prometheus/service.yaml | 52 + .../templates/prometheus/serviceaccount.yaml | 16 + .../templates/prometheus/servicemonitor.yaml | 42 + .../templates/prometheus/servicemonitors.yaml | 34 + .../prometheus/serviceperreplica.yaml | 46 + .../rancher-monitoring/clusterrole.yaml | 93 + .../rancher-monitoring/config-role.yaml | 48 + .../rancher-monitoring/dashboard-role.yaml | 47 + .../rancher-monitoring/default-dashboard.yaml | 1292 +++ .../rancher-monitoring/hardened.yaml | 122 + .../templates/validate-install-crd.yaml | 19 + .../rancher-monitoring/9.4.203/values.yaml | 2579 ++++++ .../rancher-monitoring/9.4.204/.helmignore | 26 + .../rancher-monitoring/9.4.204/CHANGELOG.md | 47 + .../9.4.204/CONTRIBUTING.md | 12 + .../rancher-monitoring/9.4.204/Chart.yaml | 46 + .../rancher-monitoring/9.4.204/README.md | 346 + .../rancher-monitoring/9.4.204/app-README.md | 15 + .../9.4.204/charts/grafana/.helmignore | 23 + .../9.4.204/charts/grafana/Chart.yaml | 17 + .../9.4.204/charts/grafana/README.md | 424 + .../grafana/dashboards/custom-dashboard.json | 1 + .../charts/grafana/templates/NOTES.txt | 54 + .../charts/grafana/templates/_helpers.tpl | 82 + .../9.4.204/charts/grafana/templates/_pod.tpl | 448 ++ .../charts/grafana/templates/clusterrole.yaml | 25 + .../grafana/templates/clusterrolebinding.yaml | 20 + .../configmap-dashboard-provider.yaml | 25 + .../charts/grafana/templates/configmap.yaml | 69 + .../templates/dashboards-json-configmap.yaml | 35 + .../charts/grafana/templates/deployment.yaml | 47 + .../grafana/templates/headless-service.yaml | 18 + .../charts/grafana/templates/ingress.yaml | 55 + .../grafana/templates/nginx-config.yaml | 75 + .../templates/poddisruptionbudget.yaml | 22 + .../grafana/templates/podsecuritypolicy.yaml | 48 + .../9.4.204/charts/grafana/templates/pvc.yaml | 28 + .../charts/grafana/templates/role.yaml | 32 + .../charts/grafana/templates/rolebinding.yaml | 21 + .../charts/grafana/templates/secret-env.yaml | 14 + .../charts/grafana/templates/secret.yaml | 22 + .../charts/grafana/templates/service.yaml | 50 + .../grafana/templates/serviceaccount.yaml | 13 + .../grafana/templates/servicemonitor.yaml | 36 + .../charts/grafana/templates/statefulset.yaml | 47 + .../templates/tests/test-configmap.yaml | 17 + .../tests/test-podsecuritypolicy.yaml | 29 + .../grafana/templates/tests/test-role.yaml | 14 + .../templates/tests/test-rolebinding.yaml | 17 + .../templates/tests/test-serviceaccount.yaml | 9 + .../charts/grafana/templates/tests/test.yaml | 48 + .../9.4.204/charts/grafana/values.yaml | 562 ++ .../9.4.204/charts/k3sServer/.helmignore | 23 + .../9.4.204/charts/k3sServer/Chart.yaml | 13 + .../9.4.204/charts/k3sServer/README.md | 54 + .../charts/k3sServer/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../k3sServer/templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../k3sServer/templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../9.4.204/charts/k3sServer/values.yaml | 86 + .../charts/kube-state-metrics/.helmignore | 21 + .../charts/kube-state-metrics/Chart.yaml | 20 + .../charts/kube-state-metrics/README.md | 80 + .../kube-state-metrics/templates/NOTES.txt | 10 + .../kube-state-metrics/templates/_helpers.tpl | 47 + .../templates/clusterrole.yaml | 180 + .../templates/clusterrolebinding.yaml | 19 + .../templates/deployment.yaml | 192 + .../kube-state-metrics/templates/pdb.yaml | 17 + .../templates/podsecuritypolicy.yaml | 42 + .../templates/psp-clusterrole.yaml | 22 + .../templates/psp-clusterrolebinding.yaml | 19 + .../kube-state-metrics/templates/service.yaml | 36 + .../templates/serviceaccount.yaml | 18 + .../templates/servicemonitor.yaml | 25 + .../templates/stsdiscovery-role.yaml | 29 + .../templates/stsdiscovery-rolebinding.yaml | 20 + .../charts/kube-state-metrics/values.yaml | 156 + .../kubeAdmControllerManager/.helmignore | 23 + .../kubeAdmControllerManager/Chart.yaml | 13 + .../charts/kubeAdmControllerManager/README.md | 54 + .../templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../kubeAdmControllerManager/values.yaml | 86 + .../9.4.204/charts/kubeAdmEtcd/.helmignore | 23 + .../9.4.204/charts/kubeAdmEtcd/Chart.yaml | 13 + .../9.4.204/charts/kubeAdmEtcd/README.md | 54 + .../charts/kubeAdmEtcd/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../kubeAdmEtcd/templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../9.4.204/charts/kubeAdmEtcd/values.yaml | 86 + .../9.4.204/charts/kubeAdmProxy/.helmignore | 23 + .../9.4.204/charts/kubeAdmProxy/Chart.yaml | 13 + .../9.4.204/charts/kubeAdmProxy/README.md | 54 + .../kubeAdmProxy/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../9.4.204/charts/kubeAdmProxy/values.yaml | 86 + .../charts/kubeAdmScheduler/.helmignore | 23 + .../charts/kubeAdmScheduler/Chart.yaml | 13 + .../9.4.204/charts/kubeAdmScheduler/README.md | 54 + .../kubeAdmScheduler/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../charts/kubeAdmScheduler/values.yaml | 86 + .../charts/prometheus-adapter/.helmignore | 21 + .../charts/prometheus-adapter/Chart.yaml | 20 + .../charts/prometheus-adapter/README.md | 147 + .../prometheus-adapter/templates/NOTES.txt | 9 + .../prometheus-adapter/templates/_helpers.tpl | 43 + ...r-auth-delegator-cluster-role-binding.yaml | 19 + ...cs-apiserver-auth-reader-role-binding.yaml | 20 + .../custom-metrics-apiserver-deployment.yaml | 125 + .../custom-metrics-apiserver-pdb.yaml | 22 + .../custom-metrics-apiserver-psp.yaml | 68 + ...-resource-reader-cluster-role-binding.yaml | 19 + ...tom-metrics-apiserver-service-account.yaml | 12 + .../custom-metrics-apiserver-service.yaml | 22 + .../templates/custom-metrics-apiservice.yaml | 23 + .../custom-metrics-cluster-role.yaml | 16 + .../templates/custom-metrics-configmap.yaml | 96 + ...-metrics-resource-reader-cluster-role.yaml | 23 + .../external-metrics-apiservice.yaml | 23 + .../external-metrics-cluster-role.yaml | 20 + ...a-custom-metrics-cluster-role-binding.yaml | 23 + ...external-metrics-cluster-role-binding.yaml | 19 + .../resource-metrics-apiservice.yaml | 23 + ...resource-metrics-cluster-role-binding.yaml | 19 + .../resource-metrics-cluster-role.yaml | 22 + .../prometheus-adapter/templates/secret.yaml | 15 + .../charts/prometheus-adapter/values.yaml | 152 + .../prometheus-node-exporter/.helmignore | 21 + .../prometheus-node-exporter/Chart.yaml | 16 + .../charts/prometheus-node-exporter/README.md | 63 + .../templates/NOTES.txt | 15 + .../templates/_helpers.tpl | 66 + .../templates/daemonset.yaml | 151 + .../templates/endpoints.yaml | 18 + .../templates/monitor.yaml | 25 + .../templates/psp-clusterrole.yaml | 15 + .../templates/psp-clusterrolebinding.yaml | 17 + .../templates/psp.yaml | 52 + .../templates/service.yaml | 23 + .../templates/serviceaccount.yaml | 16 + .../prometheus-node-exporter/values.yaml | 143 + .../charts/rke2ControllerManager/.helmignore | 23 + .../charts/rke2ControllerManager/Chart.yaml | 13 + .../charts/rke2ControllerManager/README.md | 54 + .../templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../charts/rke2ControllerManager/values.yaml | 86 + .../9.4.204/charts/rke2Etcd/.helmignore | 23 + .../9.4.204/charts/rke2Etcd/Chart.yaml | 13 + .../9.4.204/charts/rke2Etcd/README.md | 54 + .../charts/rke2Etcd/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../rke2Etcd/templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../rke2Etcd/templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../9.4.204/charts/rke2Etcd/values.yaml | 86 + .../9.4.204/charts/rke2Proxy/.helmignore | 23 + .../9.4.204/charts/rke2Proxy/Chart.yaml | 13 + .../9.4.204/charts/rke2Proxy/README.md | 54 + .../charts/rke2Proxy/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../rke2Proxy/templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../rke2Proxy/templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../9.4.204/charts/rke2Proxy/values.yaml | 86 + .../9.4.204/charts/rke2Scheduler/.helmignore | 23 + .../9.4.204/charts/rke2Scheduler/Chart.yaml | 13 + .../9.4.204/charts/rke2Scheduler/README.md | 54 + .../rke2Scheduler/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../9.4.204/charts/rke2Scheduler/values.yaml | 86 + .../charts/rkeControllerManager/.helmignore | 23 + .../charts/rkeControllerManager/Chart.yaml | 13 + .../charts/rkeControllerManager/README.md | 54 + .../templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../charts/rkeControllerManager/values.yaml | 86 + .../9.4.204/charts/rkeEtcd/.helmignore | 23 + .../9.4.204/charts/rkeEtcd/Chart.yaml | 13 + .../9.4.204/charts/rkeEtcd/README.md | 54 + .../charts/rkeEtcd/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../rkeEtcd/templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../rkeEtcd/templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../9.4.204/charts/rkeEtcd/values.yaml | 86 + .../9.4.204/charts/rkeProxy/.helmignore | 23 + .../9.4.204/charts/rkeProxy/Chart.yaml | 13 + .../9.4.204/charts/rkeProxy/README.md | 54 + .../charts/rkeProxy/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../rkeProxy/templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../rkeProxy/templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../9.4.204/charts/rkeProxy/values.yaml | 86 + .../9.4.204/charts/rkeScheduler/.helmignore | 23 + .../9.4.204/charts/rkeScheduler/Chart.yaml | 13 + .../9.4.204/charts/rkeScheduler/README.md | 54 + .../rkeScheduler/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../9.4.204/charts/rkeScheduler/values.yaml | 86 + .../charts/windowsExporter/.helmignore | 23 + .../9.4.204/charts/windowsExporter/Chart.yaml | 15 + .../9.4.204/charts/windowsExporter/README.md | 17 + .../windowsExporter/scripts/copy-binary.ps1 | 40 + .../windowsExporter/scripts/proxy-entry.ps1 | 11 + .../windowsExporter/templates/_helpers.tpl | 64 + .../windowsExporter/templates/configmap.yaml | 11 + .../windowsExporter/templates/daemonset.yaml | 69 + .../windowsExporter/templates/rbac.yaml | 78 + .../windowsExporter/templates/service.yaml | 15 + .../templates/servicemonitor.yaml | 38 + .../templates/windows-relabel-rule.yaml | 58 + .../charts/windowsExporter/values.yaml | 44 + .../9.4.204/files/ingress-nginx/nginx.json | 1463 ++++ .../request-handling-performance.json | 981 +++ .../files/rancher/rancher-default-home.json | 1275 +++ .../9.4.204/requirements.lock | 54 + .../9.4.204/requirements.yaml | 145 + .../9.4.204/templates/NOTES.txt | 4 + .../9.4.204/templates/_helpers.tpl | 200 + .../templates/alertmanager/alertmanager.yaml | 118 + .../templates/alertmanager/cleanupSecret.yaml | 88 + .../templates/alertmanager/ingress.yaml | 53 + .../alertmanager/ingressperreplica.yaml | 53 + .../alertmanager/podDisruptionBudget.yaml | 21 + .../templates/alertmanager/psp-role.yaml | 21 + .../alertmanager/psp-rolebinding.yaml | 18 + .../9.4.204/templates/alertmanager/psp.yaml | 52 + .../templates/alertmanager/secret.yaml | 166 + .../templates/alertmanager/service.yaml | 47 + .../alertmanager/serviceaccount.yaml | 16 + .../alertmanager/servicemonitor.yaml | 33 + .../alertmanager/serviceperreplica.yaml | 46 + .../templates/exporters/core-dns/service.yaml | 24 + .../exporters/core-dns/servicemonitor.yaml | 33 + .../kube-api-server/servicemonitor.yaml | 36 + .../kube-controller-manager/endpoints.yaml | 20 + .../kube-controller-manager/service.yaml | 27 + .../servicemonitor.yaml | 44 + .../templates/exporters/kube-dns/service.yaml | 28 + .../exporters/kube-dns/servicemonitor.yaml | 46 + .../exporters/kube-etcd/endpoints.yaml | 20 + .../exporters/kube-etcd/service.yaml | 27 + .../exporters/kube-etcd/servicemonitor.yaml | 50 + .../exporters/kube-proxy/endpoints.yaml | 20 + .../exporters/kube-proxy/service.yaml | 27 + .../exporters/kube-proxy/servicemonitor.yaml | 38 + .../exporters/kube-scheduler/endpoints.yaml | 20 + .../exporters/kube-scheduler/service.yaml | 27 + .../kube-scheduler/servicemonitor.yaml | 44 + .../kube-state-metrics/serviceMonitor.yaml | 30 + .../exporters/kubelet/servicemonitor.yaml | 151 + .../node-exporter/servicemonitor.yaml | 32 + .../grafana/configmap-dashboards.yaml | 24 + .../grafana/configmaps-datasources.yaml | 38 + .../grafana/dashboards-1.14/apiserver.yaml | 1734 ++++ .../dashboards-1.14/cluster-total.yaml | 1841 +++++ .../dashboards-1.14/controller-manager.yaml | 1144 +++ .../grafana/dashboards-1.14/etcd.yaml | 1118 +++ .../grafana/dashboards-1.14/k8s-coredns.yaml | 1340 ++++ .../k8s-resources-cluster.yaml | 2582 ++++++ .../k8s-resources-namespace.yaml | 2286 ++++++ .../dashboards-1.14/k8s-resources-node.yaml | 978 +++ .../dashboards-1.14/k8s-resources-pod.yaml | 1772 ++++ .../k8s-resources-workload.yaml | 2034 +++++ .../k8s-resources-workloads-namespace.yaml | 2195 +++++ .../grafana/dashboards-1.14/kubelet.yaml | 2515 ++++++ .../dashboards-1.14/namespace-by-pod.yaml | 1429 ++++ .../namespace-by-workload.yaml | 1697 ++++ .../node-cluster-rsrc-use.yaml | 964 +++ .../dashboards-1.14/node-rsrc-use.yaml | 991 +++ .../grafana/dashboards-1.14/nodes.yaml | 994 +++ .../persistentvolumesusage.yaml | 575 ++ .../grafana/dashboards-1.14/pod-total.yaml | 1196 +++ .../prometheus-remote-write.yaml | 1655 ++++ .../grafana/dashboards-1.14/prometheus.yaml | 1227 +++ .../grafana/dashboards-1.14/proxy.yaml | 1222 +++ .../grafana/dashboards-1.14/scheduler.yaml | 1068 +++ .../grafana/dashboards-1.14/statefulset.yaml | 927 +++ .../dashboards-1.14/workload-total.yaml | 1402 ++++ .../templates/grafana/dashboards/etcd.yaml | 1118 +++ .../dashboards/k8s-cluster-rsrc-use.yaml | 959 +++ .../grafana/dashboards/k8s-node-rsrc-use.yaml | 986 +++ .../dashboards/k8s-resources-cluster.yaml | 1479 ++++ .../dashboards/k8s-resources-namespace.yaml | 963 +++ .../grafana/dashboards/k8s-resources-pod.yaml | 1006 +++ .../dashboards/k8s-resources-workload.yaml | 936 +++ .../k8s-resources-workloads-namespace.yaml | 972 +++ .../templates/grafana/dashboards/nodes.yaml | 1383 ++++ .../dashboards/persistentvolumesusage.yaml | 573 ++ .../templates/grafana/dashboards/pods.yaml | 680 ++ .../grafana/dashboards/statefulset.yaml | 926 +++ .../9.4.204/templates/grafana/namespaces.yaml | 13 + .../templates/grafana/servicemonitor.yaml | 32 + .../job-patch/clusterrole.yaml | 33 + .../job-patch/clusterrolebinding.yaml | 20 + .../job-patch/job-createSecret.yaml | 65 + .../job-patch/job-patchWebhook.yaml | 66 + .../admission-webhooks/job-patch/psp.yaml | 54 + .../admission-webhooks/job-patch/role.yaml | 21 + .../job-patch/rolebinding.yaml | 21 + .../job-patch/serviceaccount.yaml | 15 + .../mutatingWebhookConfiguration.yaml | 31 + .../validatingWebhookConfiguration.yaml | 31 + .../prometheus-operator/clusterrole.yaml | 79 + .../clusterrolebinding.yaml | 17 + .../prometheus-operator/deployment.yaml | 145 + .../prometheus-operator/psp-clusterrole.yaml | 20 + .../psp-clusterrolebinding.yaml | 17 + .../templates/prometheus-operator/psp.yaml | 51 + .../prometheus-operator/service.yaml | 53 + .../prometheus-operator/serviceaccount.yaml | 12 + .../prometheus-operator/servicemonitor.yaml | 32 + .../additionalAlertRelabelConfigs.yaml | 16 + .../additionalAlertmanagerConfigs.yaml | 16 + .../prometheus/additionalPrometheusRules.yaml | 40 + .../prometheus/additionalScrapeConfigs.yaml | 16 + .../templates/prometheus/clusterrole.yaml | 36 + .../prometheus/clusterrolebinding.yaml | 18 + .../9.4.204/templates/prometheus/ingress.yaml | 53 + .../prometheus/ingressThanosSidecar.yaml | 48 + .../prometheus/ingressperreplica.yaml | 53 + .../templates/prometheus/nginx-config.yaml | 66 + .../prometheus/podDisruptionBudget.yaml | 21 + .../templates/prometheus/podmonitors.yaml | 37 + .../templates/prometheus/prometheus.yaml | 262 + .../templates/prometheus/psp-clusterrole.yaml | 20 + .../prometheus/psp-clusterrolebinding.yaml | 18 + .../9.4.204/templates/prometheus/psp.yaml | 55 + .../rules-1.14/alertmanager.rules.yaml | 61 + .../templates/prometheus/rules-1.14/etcd.yaml | 157 + .../prometheus/rules-1.14/general.rules.yaml | 50 + .../prometheus/rules-1.14/k8s.rules.yaml | 121 + .../kube-apiserver-availability.rules.yaml | 158 + .../rules-1.14/kube-apiserver-slos.yaml | 79 + .../rules-1.14/kube-apiserver.rules.yaml | 363 + .../kube-prometheus-general.rules.yaml | 31 + .../kube-prometheus-node-recording.rules.yaml | 39 + .../rules-1.14/kube-scheduler.rules.yaml | 65 + .../rules-1.14/kube-state-metrics.yaml | 51 + .../prometheus/rules-1.14/kubelet.rules.yaml | 39 + .../rules-1.14/kubernetes-apps.yaml | 210 + .../rules-1.14/kubernetes-resources.yaml | 103 + .../rules-1.14/kubernetes-storage.yaml | 63 + .../kubernetes-system-apiserver.yaml | 66 + .../kubernetes-system-controller-manager.yaml | 39 + .../rules-1.14/kubernetes-system-kubelet.yaml | 91 + .../kubernetes-system-scheduler.yaml | 39 + .../rules-1.14/kubernetes-system.yaml | 47 + .../rules-1.14/node-exporter.rules.yaml | 79 + .../prometheus/rules-1.14/node-exporter.yaml | 210 + .../prometheus/rules-1.14/node-network.yaml | 34 + .../prometheus/rules-1.14/node.rules.yaml | 53 + .../rules-1.14/prometheus-operator.yaml | 57 + .../prometheus/rules-1.14/prometheus.yaml | 202 + .../prometheus/rules/alertmanager.rules.yaml | 54 + .../templates/prometheus/rules/etcd.yaml | 157 + .../prometheus/rules/general.rules.yaml | 50 + .../templates/prometheus/rules/k8s.rules.yaml | 83 + .../rules/kube-apiserver.rules.yaml | 39 + .../kube-prometheus-node-alerting.rules.yaml | 41 + .../kube-prometheus-node-recording.rules.yaml | 41 + .../rules/kube-scheduler.rules.yaml | 65 + .../prometheus/rules/kubernetes-absent.yaml | 129 + .../prometheus/rules/kubernetes-apps.yaml | 161 + .../rules/kubernetes-resources.yaml | 103 + .../prometheus/rules/kubernetes-storage.yaml | 63 + .../prometheus/rules/kubernetes-system.yaml | 145 + .../prometheus/rules/node-network.yaml | 48 + .../templates/prometheus/rules/node-time.yaml | 34 + .../prometheus/rules/node.rules.yaml | 202 + .../prometheus/rules/prometheus-operator.yaml | 43 + .../prometheus/rules/prometheus.rules.yaml | 109 + .../9.4.204/templates/prometheus/service.yaml | 52 + .../templates/prometheus/serviceaccount.yaml | 16 + .../templates/prometheus/servicemonitor.yaml | 42 + .../templates/prometheus/servicemonitors.yaml | 34 + .../prometheus/serviceperreplica.yaml | 46 + .../rancher-monitoring/clusterrole.yaml | 123 + .../rancher-monitoring/config-role.yaml | 48 + .../rancher-monitoring/dashboard-role.yaml | 47 + .../rancher-monitoring/default-dashboard.yaml | 17 + .../exporters/ingress-nginx/service.yaml | 24 + .../ingress-nginx/servicemonitor.yaml | 33 + .../rancher-monitoring/hardened.yaml | 124 + .../ingress-nginx-dashboard.yaml | 18 + .../templates/validate-install-crd.yaml | 19 + .../rancher-monitoring/9.4.204/values.yaml | 2635 ++++++ .../1.16.201/.helmignore | 21 + .../rancher-node-exporter/1.16.201/Chart.yaml | 23 + .../rancher-node-exporter/1.16.201/OWNERS | 6 + .../rancher-node-exporter/1.16.201/README.md | 63 + .../1.16.201/ci/port-values.yaml | 3 + .../1.16.201/templates/NOTES.txt | 15 + .../1.16.201/templates/_helpers.tpl | 95 + .../1.16.201/templates/daemonset.yaml | 183 + .../1.16.201/templates/endpoints.yaml | 18 + .../1.16.201/templates/monitor.yaml | 32 + .../1.16.201/templates/psp-clusterrole.yaml | 15 + .../templates/psp-clusterrolebinding.yaml | 17 + .../1.16.201/templates/psp.yaml | 52 + .../1.16.201/templates/service.yaml | 23 + .../1.16.201/templates/serviceaccount.yaml | 18 + .../1.16.201/values.yaml | 177 + .../rancher-operator-crd/0.1.000/Chart.yaml | 10 + .../0.1.000/templates/crds.yaml | 2626 ++++++ .../rancher-operator-crd/0.1.100/Chart.yaml | 10 + .../0.1.100/templates/crds.yaml | 2626 ++++++ .../rancher-operator-crd/0.1.200/Chart.yaml | 11 + .../0.1.200/templates/crds.yaml | 2626 ++++++ .../rancher-operator-crd/0.1.300/Chart.yaml | 11 + .../0.1.300/templates/crds.yaml | 3302 ++++++++ .../rancher-operator-crd/0.1.400/Chart.yaml | 11 + .../0.1.400/templates/crds.yaml | 3304 ++++++++ .../rancher-operator/0.1.000/Chart.yaml | 14 + .../0.1.000/templates/_helpers.tpl | 7 + .../0.1.000/templates/deployment.yaml | 23 + .../0.1.000/templates/rbac.yaml | 35 + .../0.1.000/templates/serviceaccount.yaml | 4 + .../rancher-operator/0.1.000/values.yaml | 8 + .../rancher-operator/0.1.100/Chart.yaml | 14 + .../0.1.100/templates/_helpers.tpl | 7 + .../0.1.100/templates/deployment.yaml | 23 + .../0.1.100/templates/rbac.yaml | 44 + .../0.1.100/templates/serviceaccount.yaml | 4 + .../rancher-operator/0.1.100/values.yaml | 8 + .../rancher-operator/0.1.200/Chart.yaml | 14 + .../0.1.200/templates/_helpers.tpl | 7 + .../0.1.200/templates/deployment.yaml | 23 + .../0.1.200/templates/rbac.yaml | 44 + .../0.1.200/templates/serviceaccount.yaml | 4 + .../rancher-operator/0.1.200/values.yaml | 8 + .../rancher-operator/0.1.300/Chart.yaml | 14 + .../0.1.300/templates/_helpers.tpl | 7 + .../0.1.300/templates/deployment.yaml | 23 + .../0.1.300/templates/rbac.yaml | 44 + .../0.1.300/templates/serviceaccount.yaml | 4 + .../rancher-operator/0.1.300/values.yaml | 8 + .../rancher-operator/0.1.400/Chart.yaml | 14 + .../0.1.400/templates/_helpers.tpl | 7 + .../0.1.400/templates/deployment.yaml | 23 + .../0.1.400/templates/rbac.yaml | 44 + .../0.1.400/templates/serviceaccount.yaml | 4 + .../rancher-operator/0.1.400/values.yaml | 8 + .../rancher-prom2teams/0.2.000/.helmignore | 22 + .../rancher-prom2teams/0.2.000/Chart.yaml | 10 + .../rancher-prom2teams/0.2.000/files/teams.j2 | 44 + .../0.2.000/templates/NOTES.txt | 2 + .../0.2.000/templates/_helpers.tpl | 73 + .../0.2.000/templates/configmap.yaml | 39 + .../0.2.000/templates/deployment.yaml | 77 + .../0.2.000/templates/psp.yaml | 28 + .../0.2.000/templates/role.yaml | 15 + .../0.2.000/templates/rolebinding.yaml | 13 + .../0.2.000/templates/service-account.yaml | 6 + .../0.2.000/templates/service.yaml | 17 + .../rancher-prom2teams/0.2.000/values.yaml | 62 + .../2.12.101/.helmignore | 21 + .../2.12.101/Chart.yaml | 26 + .../2.12.101/README.md | 147 + .../2.12.101/ci/default-values.yaml | 0 .../2.12.101/ci/external-rules-values.yaml | 9 + .../2.12.101/templates/NOTES.txt | 9 + .../2.12.101/templates/_helpers.tpl | 72 + .../2.12.101/templates/certmanager.yaml | 48 + .../cluster-role-binding-auth-delegator.yaml | 19 + .../cluster-role-binding-resource-reader.yaml | 19 + .../cluster-role-resource-reader.yaml | 23 + .../2.12.101/templates/configmap.yaml | 96 + .../templates/custom-metrics-apiservice.yaml | 32 + ...stom-metrics-cluster-role-binding-hpa.yaml | 23 + .../custom-metrics-cluster-role.yaml | 16 + .../2.12.101/templates/deployment.yaml | 135 + .../external-metrics-apiservice.yaml | 32 + ...rnal-metrics-cluster-role-binding-hpa.yaml | 19 + .../external-metrics-cluster-role.yaml | 20 + .../2.12.101/templates/pdb.yaml | 22 + .../2.12.101/templates/psp.yaml | 68 + .../resource-metrics-apiservice.yaml | 32 + ...resource-metrics-cluster-role-binding.yaml | 19 + .../resource-metrics-cluster-role.yaml | 22 + .../templates/role-binding-auth-reader.yaml | 20 + .../2.12.101/templates/secret.yaml | 15 + .../2.12.101/templates/service.yaml | 22 + .../2.12.101/templates/serviceaccount.yaml | 12 + .../2.12.101/values.yaml | 180 + .../rancher-pushprox/0.1.0/.helmignore | 23 + .../rancher-pushprox/0.1.0/Chart.yaml | 13 + .../rancher-pushprox/0.1.0/README.md | 54 + .../0.1.0/templates/_helpers.tpl | 65 + .../templates/pushprox-clients-rbac.yaml | 74 + .../0.1.0/templates/pushprox-clients.yaml | 134 + .../0.1.0/templates/pushprox-proxy.yaml | 49 + .../templates/pushprox-servicemonitor.yaml | 39 + .../rancher-pushprox/0.1.0/values.yaml | 86 + .../rancher-pushprox/0.1.1/.helmignore | 23 + .../rancher-pushprox/0.1.1/Chart.yaml | 13 + .../rancher-pushprox/0.1.1/README.md | 54 + .../0.1.1/templates/_helpers.tpl | 65 + .../templates/pushprox-clients-rbac.yaml | 74 + .../0.1.1/templates/pushprox-clients.yaml | 133 + .../0.1.1/templates/pushprox-proxy.yaml | 49 + .../templates/pushprox-servicemonitor.yaml | 39 + .../rancher-pushprox/0.1.1/values.yaml | 86 + .../rancher-pushprox/0.1.2/.helmignore | 23 + .../rancher-pushprox/0.1.2/Chart.yaml | 12 + .../rancher-pushprox/0.1.2/README.md | 54 + .../0.1.2/templates/_helpers.tpl | 65 + .../templates/pushprox-clients-rbac.yaml | 74 + .../0.1.2/templates/pushprox-clients.yaml | 133 + .../0.1.2/templates/pushprox-proxy-rbac.yaml | 63 + .../0.1.2/templates/pushprox-proxy.yaml | 50 + .../templates/pushprox-servicemonitor.yaml | 39 + .../rancher-pushprox/0.1.2/values.yaml | 86 + .../rancher-pushprox/0.1.201/.helmignore | 23 + .../rancher-pushprox/0.1.201/Chart.yaml | 12 + .../rancher-pushprox/0.1.201/README.md | 54 + .../0.1.201/templates/_helpers.tpl | 65 + .../templates/pushprox-clients-rbac.yaml | 74 + .../0.1.201/templates/pushprox-clients.yaml | 133 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../0.1.201/templates/pushprox-proxy.yaml | 50 + .../templates/pushprox-servicemonitor.yaml | 39 + .../rancher-pushprox/0.1.201/values.yaml | 86 + .../rancher-pushprox/0.1.300/.helmignore | 23 + .../rancher-pushprox/0.1.300/Chart.yaml | 13 + .../rancher-pushprox/0.1.300/README.md | 54 + .../0.1.300/templates/_helpers.tpl | 87 + .../templates/pushprox-clients-rbac.yaml | 74 + .../0.1.300/templates/pushprox-clients.yaml | 135 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../0.1.300/templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 39 + .../rancher-pushprox/0.1.300/values.yaml | 86 + .../rancher-sachet/1.0.100/.helmignore | 23 + .../rancher-sachet/1.0.100/Chart.yaml | 11 + .../1.0.100/files/template.tmpl | 1 + .../1.0.100/templates/NOTES.txt | 3 + .../1.0.100/templates/_helpers.tpl | 79 + .../templates/configmap-pre-install.yaml | 21 + .../1.0.100/templates/deployment.yaml | 75 + .../rancher-sachet/1.0.100/templates/psp.yaml | 28 + .../1.0.100/templates/role.yaml | 15 + .../1.0.100/templates/rolebinding.yaml | 13 + .../1.0.100/templates/service-account.yaml | 6 + .../1.0.100/templates/service.yaml | 17 + .../rancher-sachet/1.0.100/values.yaml | 63 + .../rancher-tracing/1.20.001/.helmignore | 23 + .../rancher-tracing/1.20.001/Chart.yaml | 12 + .../rancher-tracing/1.20.001/README.md | 5 + .../1.20.001/templates/_affinity.tpl | 92 + .../1.20.001/templates/_helpers.tpl | 32 + .../1.20.001/templates/deployment.yaml | 80 + .../1.20.001/templates/pvc.yaml | 16 + .../1.20.001/templates/service.yaml | 63 + .../rancher-tracing/1.20.001/values.yaml | 42 + .../rancher-tracing/1.20.002/.helmignore | 23 + .../rancher-tracing/1.20.002/Chart.yaml | 12 + .../rancher-tracing/1.20.002/README.md | 5 + .../1.20.002/templates/_affinity.tpl | 92 + .../1.20.002/templates/_helpers.tpl | 32 + .../1.20.002/templates/deployment.yaml | 80 + .../1.20.002/templates/pvc.yaml | 16 + .../1.20.002/templates/service.yaml | 63 + .../rancher-tracing/1.20.002/values.yaml | 42 + .../rancher-tracing/1.20.100/.helmignore | 23 + .../rancher-tracing/1.20.100/Chart.yaml | 12 + .../rancher-tracing/1.20.100/README.md | 5 + .../1.20.100/templates/_affinity.tpl | 92 + .../1.20.100/templates/_helpers.tpl | 32 + .../1.20.100/templates/deployment.yaml | 86 + .../1.20.100/templates/psp.yaml | 86 + .../1.20.100/templates/pvc.yaml | 16 + .../1.20.100/templates/service.yaml | 63 + .../rancher-tracing/1.20.100/values.yaml | 44 + .../rancher-vsphere-cpi/1.0.000/Chart.yaml | 19 + .../rancher-vsphere-cpi/1.0.000/README.md | 57 + .../rancher-vsphere-cpi/1.0.000/app-readme.md | 9 + .../1.0.000/questions.yaml | 42 + .../1.0.000/templates/_helpers.tpl | 7 + .../templates/vsphere-cloud-config-cm.yaml | 15 + .../1.0.000/templates/vsphere-cpi-ds.yaml | 74 + .../1.0.000/templates/vsphere-cpi-rbac.yaml | 127 + .../templates/vsphere-creds-secret.yaml | 10 + .../rancher-vsphere-cpi/1.0.000/values.yaml | 20 + .../rancher-vsphere-csi/2.1.000/Chart.yaml | 19 + .../rancher-vsphere-csi/2.1.000/README.md | 73 + .../rancher-vsphere-csi/2.1.000/app-readme.md | 14 + .../2.1.000/questions.yaml | 91 + .../2.1.000/templates/_helpers.tpl | 7 + .../vsphere-csi-controller-deployment.yaml | 176 + .../vsphere-csi-controller-rbac.yaml | 55 + .../templates/vsphere-csi-node-ds.yaml | 139 + .../2.1.000/templates/vsphere-csi-secret.yaml | 9 + .../templates/vsphere-csi-storageclass.yaml | 16 + .../rancher-vsphere-csi/2.1.000/values.yaml | 70 + .../rancher-webhook/0.1.0-beta500/Chart.yaml | 11 + .../0.1.0-beta500/templates/_helpers.tpl | 7 + .../0.1.0-beta500/templates/deployment.yaml | 26 + .../0.1.0-beta500/templates/rbac.yaml | 12 + .../0.1.0-beta500/templates/service.yaml | 13 + .../templates/serviceaccount.yaml | 4 + .../0.1.0-beta500/templates/webhook.yaml | 18 + .../rancher-webhook/0.1.0-beta500/values.yaml | 8 + .../rancher-webhook/0.1.0-beta700/Chart.yaml | 11 + .../0.1.0-beta700/templates/_helpers.tpl | 7 + .../0.1.0-beta700/templates/deployment.yaml | 26 + .../0.1.0-beta700/templates/rbac.yaml | 12 + .../0.1.0-beta700/templates/service.yaml | 13 + .../templates/serviceaccount.yaml | 4 + .../0.1.0-beta700/templates/webhook.yaml | 19 + .../rancher-webhook/0.1.0-beta700/values.yaml | 8 + .../rancher-webhook/0.1.0-beta900/Chart.yaml | 11 + .../0.1.0-beta900/templates/_helpers.tpl | 7 + .../0.1.0-beta900/templates/deployment.yaml | 26 + .../0.1.0-beta900/templates/rbac.yaml | 12 + .../0.1.0-beta900/templates/service.yaml | 13 + .../templates/serviceaccount.yaml | 4 + .../0.1.0-beta900/templates/webhook.yaml | 19 + .../rancher-webhook/0.1.0-beta900/values.yaml | 8 + .../rancher-webhook/0.1.0-beta901/Chart.yaml | 11 + .../0.1.0-beta901/templates/_helpers.tpl | 7 + .../0.1.0-beta901/templates/deployment.yaml | 26 + .../0.1.0-beta901/templates/rbac.yaml | 12 + .../0.1.0-beta901/templates/service.yaml | 13 + .../templates/serviceaccount.yaml | 4 + .../0.1.0-beta901/templates/webhook.yaml | 19 + .../rancher-webhook/0.1.0-beta901/values.yaml | 8 + .../rancher-webhook/0.1.000/Chart.yaml | 11 + .../0.1.000/templates/_helpers.tpl | 7 + .../0.1.000/templates/deployment.yaml | 26 + .../0.1.000/templates/rbac.yaml | 12 + .../0.1.000/templates/service.yaml | 13 + .../0.1.000/templates/serviceaccount.yaml | 4 + .../0.1.000/templates/webhook.yaml | 19 + .../rancher-webhook/0.1.000/values.yaml | 8 + .../0.1.000/.helmignore | 23 + .../0.1.000/Chart.yaml | 15 + .../0.1.000/README.md | 17 + .../0.1.000/scripts/check-wins-version.ps1 | 20 + .../0.1.000/scripts/copy-binary.ps1 | 40 + .../0.1.000/scripts/proxy-entry.ps1 | 11 + .../0.1.000/scripts/run.ps1 | 44 + .../0.1.000/templates/_helpers.tpl | 64 + .../0.1.000/templates/configmap.yaml | 8 + .../0.1.000/templates/daemonset.yaml | 74 + .../0.1.000/templates/rbac.yaml | 78 + .../0.1.000/templates/service.yaml | 15 + .../0.1.000/templates/servicemonitor.yaml | 44 + .../templates/windows-relabel-rule.yaml | 58 + .../0.1.000/values.yaml | 44 + .../rancher-wins-upgrader/0.0.100/.helmignore | 23 + .../rancher-wins-upgrader/0.0.100/Chart.yaml | 15 + .../rancher-wins-upgrader/0.0.100/README.md | 41 + .../0.0.100/app-readme.md | 19 + .../0.0.100/scripts/noop.ps1 | 4 + .../0.0.100/scripts/upgrade.ps1 | 67 + .../0.0.100/templates/_helpers.tpl | 50 + .../0.0.100/templates/configmap.yaml | 16 + .../0.0.100/templates/daemonset.yaml | 70 + .../0.0.100/templates/rbac.yaml | 70 + .../rancher-wins-upgrader/0.0.100/values.yaml | 62 + released/charts/rio/rio/0.8.000/.helmignore | 22 + released/charts/rio/rio/0.8.000/Chart.yaml | 16 + released/charts/rio/rio/0.8.000/README.md | 46 + .../rio/rio/0.8.000/templates/NOTES.txt | 17 + .../rio/rio/0.8.000/templates/_helpers.tpl | 8 + .../rio/0.8.000/templates/clusterrole.yaml | 394 + .../0.8.000/templates/clusterrolebinding.yaml | 12 + .../rio/rio/0.8.000/templates/configmap.yaml | 7 + .../rio/rio/0.8.000/templates/deployment.yaml | 49 + .../rio/0.8.000/templates/envoyfilter.yaml | 26 + .../rio/rio/0.8.000/templates/secret.yaml | 5 + .../rio/rio/0.8.000/templates/service.yaml | 13 + .../rio/0.8.000/templates/serviceaccount.yaml | 5 + released/charts/rio/rio/0.8.000/values.yaml | 23 + released/charts/rio/rio/0.8.001/.helmignore | 22 + released/charts/rio/rio/0.8.001/Chart.yaml | 15 + released/charts/rio/rio/0.8.001/README.md | 46 + .../rio/rio/0.8.001/templates/NOTES.txt | 17 + .../rio/rio/0.8.001/templates/_helpers.tpl | 8 + .../rio/0.8.001/templates/clusterrole.yaml | 394 + .../0.8.001/templates/clusterrolebinding.yaml | 12 + .../rio/rio/0.8.001/templates/configmap.yaml | 7 + .../rio/rio/0.8.001/templates/deployment.yaml | 49 + .../rio/0.8.001/templates/envoyfilter.yaml | 26 + .../rio/rio/0.8.001/templates/secret.yaml | 5 + .../rio/rio/0.8.001/templates/service.yaml | 13 + .../rio/0.8.001/templates/serviceaccount.yaml | 5 + released/charts/rio/rio/0.8.001/values.yaml | 23 + released/index.yaml | 3538 ++++++++ 4661 files changed, 787204 insertions(+), 6394 deletions(-) mode change 100755 => 100644 index.yaml create mode 100755 released/assets/README.md create mode 100644 released/assets/fleet-agent/fleet-agent-0.3.000.tgz create mode 100644 released/assets/fleet-agent/fleet-agent-0.3.100.tgz create mode 100644 released/assets/fleet-agent/fleet-agent-0.3.200.tgz create mode 100644 released/assets/fleet-agent/fleet-agent-0.3.300.tgz create mode 100755 released/assets/fleet-agent/fleet-agent-0.3.400.tgz create mode 100755 released/assets/fleet-agent/fleet-agent-0.3.500.tgz create mode 100644 released/assets/fleet-crd/fleet-crd-0.3.000.tgz create mode 100644 released/assets/fleet-crd/fleet-crd-0.3.100.tgz create mode 100644 released/assets/fleet-crd/fleet-crd-0.3.200.tgz create mode 100644 released/assets/fleet-crd/fleet-crd-0.3.300.tgz create mode 100755 released/assets/fleet-crd/fleet-crd-0.3.400.tgz create mode 100755 released/assets/fleet-crd/fleet-crd-0.3.500.tgz create mode 100644 released/assets/fleet/fleet-0.3.000.tgz create mode 100644 released/assets/fleet/fleet-0.3.100.tgz create mode 100644 released/assets/fleet/fleet-0.3.200.tgz create mode 100644 released/assets/fleet/fleet-0.3.300.tgz create mode 100755 released/assets/fleet/fleet-0.3.400.tgz create mode 100755 released/assets/fleet/fleet-0.3.500.tgz create mode 100644 released/assets/logos/backup-restore.svg create mode 100644 released/assets/logos/cis-kube-bench.svg create mode 100644 released/assets/logos/fleet.svg create mode 100644 released/assets/logos/gatekeeper.svg create mode 100644 released/assets/logos/istio.svg create mode 100644 released/assets/logos/logging.svg create mode 100644 released/assets/logos/rio.svg create mode 100644 released/assets/logos/vsphere-cpi.svg create mode 100644 released/assets/logos/vsphere-csi.svg create mode 100644 released/assets/longhorn/longhorn-1.0.200.tgz create mode 100644 released/assets/longhorn/longhorn-1.0.201.tgz create mode 100644 released/assets/longhorn/longhorn-1.1.000.tgz create mode 100755 released/assets/longhorn/longhorn-1.1.001.tgz create mode 100644 released/assets/longhorn/longhorn-crd-1.0.200.tgz create mode 100644 released/assets/longhorn/longhorn-crd-1.0.201.tgz create mode 100644 released/assets/longhorn/longhorn-crd-1.1.000.tgz create mode 100755 released/assets/longhorn/longhorn-crd-1.1.001.tgz create mode 100755 released/assets/rancher-alerting-drivers/rancher-alerting-drivers-1.0.100.tgz create mode 100755 released/assets/rancher-backup-crd/rancher-backup-crd-1.0.400.tgz create mode 100644 released/assets/rancher-backup/rancher-backup-1.0.200.tgz create mode 100644 released/assets/rancher-backup/rancher-backup-1.0.201.tgz create mode 100644 released/assets/rancher-backup/rancher-backup-1.0.300.tgz create mode 100755 released/assets/rancher-backup/rancher-backup-1.0.301.tgz create mode 100755 released/assets/rancher-backup/rancher-backup-1.0.400.tgz create mode 100644 released/assets/rancher-backup/rancher-backup-crd-1.0.200.tgz create mode 100644 released/assets/rancher-backup/rancher-backup-crd-1.0.201.tgz create mode 100644 released/assets/rancher-backup/rancher-backup-crd-1.0.300.tgz create mode 100755 released/assets/rancher-backup/rancher-backup-crd-1.0.301.tgz create mode 100644 released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.100.tgz create mode 100644 released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.200.tgz create mode 100644 released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.300.tgz create mode 100755 released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.301.tgz create mode 100755 released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.400.tgz create mode 100755 released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.402.tgz create mode 100644 released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.100.tgz create mode 100644 released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.200.tgz create mode 100644 released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.300.tgz create mode 100755 released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.301.tgz create mode 100755 released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.400.tgz create mode 100755 released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.402.tgz create mode 100644 released/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.400.tgz create mode 100644 released/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.600.tgz create mode 100755 released/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.601.tgz create mode 100644 released/assets/rancher-gatekeeper/rancher-gatekeeper-3.1.100.tgz create mode 100644 released/assets/rancher-gatekeeper/rancher-gatekeeper-3.1.101.tgz create mode 100644 released/assets/rancher-gatekeeper/rancher-gatekeeper-3.2.101.tgz create mode 100755 released/assets/rancher-gatekeeper/rancher-gatekeeper-3.3.000.tgz create mode 100755 released/assets/rancher-gatekeeper/rancher-gatekeeper-3.3.001.tgz create mode 100644 released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.1.100.tgz create mode 100644 released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.1.101.tgz create mode 100644 released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.2.101.tgz create mode 100755 released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.3.000.tgz create mode 100755 released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.3.001.tgz create mode 100755 released/assets/rancher-grafana/rancher-grafana-6.6.401.tgz create mode 100755 released/assets/rancher-istio-1.8/rancher-istio-1.8.301.tgz create mode 100755 released/assets/rancher-istio-1.8/rancher-istio-1.8.400.tgz create mode 100755 released/assets/rancher-istio-1.8/rancher-istio-1.8.500.tgz create mode 100755 released/assets/rancher-istio-1.9/rancher-istio-1.9.200.tgz create mode 100755 released/assets/rancher-istio-1.9/rancher-istio-1.9.300.tgz create mode 100644 released/assets/rancher-istio/rancher-istio-1.7.100.tgz create mode 100644 released/assets/rancher-istio/rancher-istio-1.7.300.tgz create mode 100644 released/assets/rancher-istio/rancher-istio-1.7.301.tgz create mode 100755 released/assets/rancher-istio/rancher-istio-1.8.300.tgz create mode 100644 released/assets/rancher-kiali-server/rancher-kiali-server-1.23.001.tgz create mode 100644 released/assets/rancher-kiali-server/rancher-kiali-server-1.24.001.tgz create mode 100644 released/assets/rancher-kiali-server/rancher-kiali-server-1.24.003.tgz create mode 100755 released/assets/rancher-kiali-server/rancher-kiali-server-1.29.000.tgz create mode 100755 released/assets/rancher-kiali-server/rancher-kiali-server-1.29.100.tgz create mode 100755 released/assets/rancher-kiali-server/rancher-kiali-server-1.32.100.tgz create mode 100644 released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.23.001.tgz create mode 100644 released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.24.001.tgz create mode 100644 released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.24.003.tgz create mode 100755 released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.29.000.tgz create mode 100755 released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.29.100.tgz create mode 100755 released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.32.100.tgz create mode 100755 released/assets/rancher-kube-state-metrics/rancher-kube-state-metrics-2.13.101.tgz create mode 100644 released/assets/rancher-logging/rancher-logging-3.6.000.tgz create mode 100644 released/assets/rancher-logging/rancher-logging-3.6.001.tgz create mode 100644 released/assets/rancher-logging/rancher-logging-3.8.201.tgz create mode 100755 released/assets/rancher-logging/rancher-logging-3.9.000.tgz create mode 100755 released/assets/rancher-logging/rancher-logging-3.9.001.tgz create mode 100755 released/assets/rancher-logging/rancher-logging-3.9.002.tgz create mode 100755 released/assets/rancher-logging/rancher-logging-3.9.400.tgz create mode 100644 released/assets/rancher-logging/rancher-logging-crd-3.6.000.tgz create mode 100644 released/assets/rancher-logging/rancher-logging-crd-3.6.001.tgz create mode 100644 released/assets/rancher-logging/rancher-logging-crd-3.8.201.tgz create mode 100755 released/assets/rancher-logging/rancher-logging-crd-3.9.000.tgz create mode 100755 released/assets/rancher-logging/rancher-logging-crd-3.9.001.tgz create mode 100755 released/assets/rancher-logging/rancher-logging-crd-3.9.002.tgz create mode 100755 released/assets/rancher-logging/rancher-logging-crd-3.9.400.tgz create mode 100755 released/assets/rancher-monitoring/rancher-monitoring-14.5.100.tgz create mode 100644 released/assets/rancher-monitoring/rancher-monitoring-9.4.200.tgz create mode 100644 released/assets/rancher-monitoring/rancher-monitoring-9.4.201.tgz create mode 100644 released/assets/rancher-monitoring/rancher-monitoring-9.4.202.tgz create mode 100755 released/assets/rancher-monitoring/rancher-monitoring-9.4.203.tgz create mode 100755 released/assets/rancher-monitoring/rancher-monitoring-9.4.204.tgz create mode 100755 released/assets/rancher-monitoring/rancher-monitoring-crd-14.5.100.tgz create mode 100644 released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.200.tgz create mode 100644 released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.201.tgz create mode 100644 released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.202.tgz create mode 100755 released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.203.tgz create mode 100755 released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.204.tgz create mode 100755 released/assets/rancher-node-exporter/rancher-node-exporter-1.16.201.tgz create mode 100644 released/assets/rancher-operator-crd/rancher-operator-crd-0.1.000.tgz create mode 100644 released/assets/rancher-operator-crd/rancher-operator-crd-0.1.100.tgz create mode 100644 released/assets/rancher-operator-crd/rancher-operator-crd-0.1.200.tgz create mode 100755 released/assets/rancher-operator-crd/rancher-operator-crd-0.1.300.tgz create mode 100755 released/assets/rancher-operator-crd/rancher-operator-crd-0.1.400.tgz create mode 100644 released/assets/rancher-operator/rancher-operator-0.1.000.tgz create mode 100644 released/assets/rancher-operator/rancher-operator-0.1.100.tgz create mode 100644 released/assets/rancher-operator/rancher-operator-0.1.200.tgz create mode 100755 released/assets/rancher-operator/rancher-operator-0.1.300.tgz create mode 100755 released/assets/rancher-operator/rancher-operator-0.1.400.tgz create mode 100755 released/assets/rancher-prom2teams/rancher-prom2teams-0.2.000.tgz create mode 100755 released/assets/rancher-prometheus-adapter/rancher-prometheus-adapter-2.12.101.tgz create mode 100644 released/assets/rancher-pushprox/rancher-pushprox-0.1.0.tgz create mode 100644 released/assets/rancher-pushprox/rancher-pushprox-0.1.1.tgz create mode 100644 released/assets/rancher-pushprox/rancher-pushprox-0.1.2.tgz create mode 100755 released/assets/rancher-pushprox/rancher-pushprox-0.1.201.tgz create mode 100755 released/assets/rancher-pushprox/rancher-pushprox-0.1.300.tgz create mode 100755 released/assets/rancher-sachet/rancher-sachet-1.0.100.tgz create mode 100644 released/assets/rancher-tracing/rancher-tracing-1.20.001.tgz create mode 100755 released/assets/rancher-tracing/rancher-tracing-1.20.002.tgz create mode 100755 released/assets/rancher-tracing/rancher-tracing-1.20.100.tgz create mode 100755 released/assets/rancher-vsphere-cpi/rancher-vsphere-cpi-1.0.000.tgz create mode 100755 released/assets/rancher-vsphere-csi/rancher-vsphere-csi-2.1.000.tgz create mode 100644 released/assets/rancher-webhook/rancher-webhook-0.1.0-beta500.tgz create mode 100644 released/assets/rancher-webhook/rancher-webhook-0.1.0-beta700.tgz create mode 100644 released/assets/rancher-webhook/rancher-webhook-0.1.0-beta900.tgz create mode 100755 released/assets/rancher-webhook/rancher-webhook-0.1.0-beta901.tgz create mode 100755 released/assets/rancher-webhook/rancher-webhook-0.1.000.tgz create mode 100755 released/assets/rancher-windows-exporter/rancher-windows-exporter-0.1.000.tgz create mode 100755 released/assets/rancher-wins-upgrader/rancher-wins-upgrader-0.0.100.tgz create mode 100644 released/assets/rio/rio-0.8.000.tgz create mode 100755 released/assets/rio/rio-0.8.001.tgz create mode 100755 released/charts/README.md create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.000/Chart.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.000/templates/_helpers.tpl create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.000/templates/configmap.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.000/templates/deployment.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.000/templates/network_policy_allow_all.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.000/templates/patch_default_serviceaccount.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.000/templates/rbac.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.000/templates/secret.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.000/templates/serviceaccount.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.000/templates/validate.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.000/values.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.100/Chart.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.100/templates/_helpers.tpl create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.100/templates/configmap.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.100/templates/deployment.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.100/templates/network_policy_allow_all.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.100/templates/patch_default_serviceaccount.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.100/templates/rbac.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.100/templates/secret.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.100/templates/serviceaccount.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.100/templates/validate.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.100/values.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.200/Chart.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.200/templates/_helpers.tpl create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.200/templates/configmap.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.200/templates/deployment.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.200/templates/network_policy_allow_all.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.200/templates/patch_default_serviceaccount.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.200/templates/rbac.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.200/templates/secret.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.200/templates/serviceaccount.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.200/templates/validate.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.200/values.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.300/Chart.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.300/templates/_helpers.tpl create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.300/templates/configmap.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.300/templates/deployment.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.300/templates/network_policy_allow_all.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.300/templates/patch_default_serviceaccount.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.300/templates/rbac.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.300/templates/secret.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.300/templates/serviceaccount.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.300/templates/validate.yaml create mode 100644 released/charts/fleet-agent/fleet-agent/0.3.300/values.yaml create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.400/Chart.yaml create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.400/templates/_helpers.tpl create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.400/templates/configmap.yaml create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.400/templates/deployment.yaml create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.400/templates/network_policy_allow_all.yaml create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.400/templates/patch_default_serviceaccount.yaml create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.400/templates/rbac.yaml create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.400/templates/secret.yaml create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.400/templates/serviceaccount.yaml create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.400/templates/validate.yaml create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.400/values.yaml create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.500/Chart.yaml create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.500/templates/_helpers.tpl create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.500/templates/configmap.yaml create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.500/templates/deployment.yaml create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.500/templates/network_policy_allow_all.yaml create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.500/templates/patch_default_serviceaccount.yaml create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.500/templates/rbac.yaml create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.500/templates/secret.yaml create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.500/templates/serviceaccount.yaml create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.500/templates/validate.yaml create mode 100755 released/charts/fleet-agent/fleet-agent/0.3.500/values.yaml create mode 100644 released/charts/fleet-crd/fleet-crd/0.3.000/Chart.yaml create mode 100644 released/charts/fleet-crd/fleet-crd/0.3.000/templates/crds.yaml create mode 100644 released/charts/fleet-crd/fleet-crd/0.3.000/templates/gitjobs-crds.yaml create mode 100644 released/charts/fleet-crd/fleet-crd/0.3.100/Chart.yaml create mode 100644 released/charts/fleet-crd/fleet-crd/0.3.100/templates/crds.yaml create mode 100644 released/charts/fleet-crd/fleet-crd/0.3.100/templates/gitjobs-crds.yaml create mode 100644 released/charts/fleet-crd/fleet-crd/0.3.200/Chart.yaml create mode 100644 released/charts/fleet-crd/fleet-crd/0.3.200/templates/crds.yaml create mode 100644 released/charts/fleet-crd/fleet-crd/0.3.200/templates/gitjobs-crds.yaml create mode 100644 released/charts/fleet-crd/fleet-crd/0.3.300/Chart.yaml create mode 100644 released/charts/fleet-crd/fleet-crd/0.3.300/templates/crds.yaml create mode 100644 released/charts/fleet-crd/fleet-crd/0.3.300/templates/gitjobs-crds.yaml create mode 100755 released/charts/fleet-crd/fleet-crd/0.3.400/Chart.yaml create mode 100755 released/charts/fleet-crd/fleet-crd/0.3.400/templates/crds.yaml create mode 100755 released/charts/fleet-crd/fleet-crd/0.3.400/templates/gitjobs-crds.yaml create mode 100755 released/charts/fleet-crd/fleet-crd/0.3.500/Chart.yaml create mode 100755 released/charts/fleet-crd/fleet-crd/0.3.500/templates/crds.yaml create mode 100755 released/charts/fleet-crd/fleet-crd/0.3.500/templates/gitjobs-crds.yaml create mode 100644 released/charts/fleet/fleet/0.3.000/Chart.yaml create mode 100644 released/charts/fleet/fleet/0.3.000/charts/gitjob/.helmignore create mode 100644 released/charts/fleet/fleet/0.3.000/charts/gitjob/Chart.yaml create mode 100644 released/charts/fleet/fleet/0.3.000/charts/gitjob/templates/_helpers.tpl create mode 100644 released/charts/fleet/fleet/0.3.000/charts/gitjob/templates/clusterrole.yaml create mode 100644 released/charts/fleet/fleet/0.3.000/charts/gitjob/templates/clusterrolebinding.yaml create mode 100644 released/charts/fleet/fleet/0.3.000/charts/gitjob/templates/deployment.yaml create mode 100644 released/charts/fleet/fleet/0.3.000/charts/gitjob/templates/service.yaml create mode 100644 released/charts/fleet/fleet/0.3.000/charts/gitjob/templates/serviceaccount.yaml create mode 100644 released/charts/fleet/fleet/0.3.000/charts/gitjob/values.yaml create mode 100644 released/charts/fleet/fleet/0.3.000/templates/_helpers.tpl create mode 100644 released/charts/fleet/fleet/0.3.000/templates/configmap.yaml create mode 100644 released/charts/fleet/fleet/0.3.000/templates/deployment.yaml create mode 100644 released/charts/fleet/fleet/0.3.000/templates/rbac.yaml create mode 100644 released/charts/fleet/fleet/0.3.000/templates/serviceaccount.yaml create mode 100644 released/charts/fleet/fleet/0.3.000/values.yaml create mode 100644 released/charts/fleet/fleet/0.3.100/Chart.yaml create mode 100644 released/charts/fleet/fleet/0.3.100/charts/gitjob/.helmignore create mode 100644 released/charts/fleet/fleet/0.3.100/charts/gitjob/Chart.yaml create mode 100644 released/charts/fleet/fleet/0.3.100/charts/gitjob/templates/_helpers.tpl create mode 100644 released/charts/fleet/fleet/0.3.100/charts/gitjob/templates/clusterrole.yaml create mode 100644 released/charts/fleet/fleet/0.3.100/charts/gitjob/templates/clusterrolebinding.yaml create mode 100644 released/charts/fleet/fleet/0.3.100/charts/gitjob/templates/deployment.yaml create mode 100644 released/charts/fleet/fleet/0.3.100/charts/gitjob/templates/service.yaml create mode 100644 released/charts/fleet/fleet/0.3.100/charts/gitjob/templates/serviceaccount.yaml create mode 100644 released/charts/fleet/fleet/0.3.100/charts/gitjob/values.yaml create mode 100644 released/charts/fleet/fleet/0.3.100/templates/_helpers.tpl create mode 100644 released/charts/fleet/fleet/0.3.100/templates/configmap.yaml create mode 100644 released/charts/fleet/fleet/0.3.100/templates/deployment.yaml create mode 100644 released/charts/fleet/fleet/0.3.100/templates/rbac.yaml create mode 100644 released/charts/fleet/fleet/0.3.100/templates/serviceaccount.yaml create mode 100644 released/charts/fleet/fleet/0.3.100/values.yaml create mode 100644 released/charts/fleet/fleet/0.3.200/Chart.yaml create mode 100644 released/charts/fleet/fleet/0.3.200/charts/gitjob/.helmignore create mode 100644 released/charts/fleet/fleet/0.3.200/charts/gitjob/Chart.yaml create mode 100644 released/charts/fleet/fleet/0.3.200/charts/gitjob/templates/_helpers.tpl create mode 100644 released/charts/fleet/fleet/0.3.200/charts/gitjob/templates/clusterrole.yaml create mode 100644 released/charts/fleet/fleet/0.3.200/charts/gitjob/templates/clusterrolebinding.yaml create mode 100644 released/charts/fleet/fleet/0.3.200/charts/gitjob/templates/deployment.yaml create mode 100644 released/charts/fleet/fleet/0.3.200/charts/gitjob/templates/service.yaml create mode 100644 released/charts/fleet/fleet/0.3.200/charts/gitjob/templates/serviceaccount.yaml create mode 100644 released/charts/fleet/fleet/0.3.200/charts/gitjob/values.yaml create mode 100644 released/charts/fleet/fleet/0.3.200/templates/_helpers.tpl create mode 100644 released/charts/fleet/fleet/0.3.200/templates/configmap.yaml create mode 100644 released/charts/fleet/fleet/0.3.200/templates/deployment.yaml create mode 100644 released/charts/fleet/fleet/0.3.200/templates/rbac.yaml create mode 100644 released/charts/fleet/fleet/0.3.200/templates/serviceaccount.yaml create mode 100644 released/charts/fleet/fleet/0.3.200/values.yaml create mode 100644 released/charts/fleet/fleet/0.3.300/Chart.yaml create mode 100644 released/charts/fleet/fleet/0.3.300/charts/gitjob/.helmignore create mode 100644 released/charts/fleet/fleet/0.3.300/charts/gitjob/Chart.yaml create mode 100644 released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/_helpers.tpl create mode 100644 released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/clusterrole.yaml create mode 100644 released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/clusterrolebinding.yaml create mode 100644 released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/deployment.yaml create mode 100644 released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/service.yaml create mode 100644 released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/serviceaccount.yaml create mode 100644 released/charts/fleet/fleet/0.3.300/charts/gitjob/values.yaml create mode 100644 released/charts/fleet/fleet/0.3.300/templates/_helpers.tpl create mode 100644 released/charts/fleet/fleet/0.3.300/templates/configmap.yaml create mode 100644 released/charts/fleet/fleet/0.3.300/templates/deployment.yaml create mode 100644 released/charts/fleet/fleet/0.3.300/templates/rbac.yaml create mode 100644 released/charts/fleet/fleet/0.3.300/templates/serviceaccount.yaml create mode 100644 released/charts/fleet/fleet/0.3.300/values.yaml create mode 100755 released/charts/fleet/fleet/0.3.400/Chart.yaml create mode 100755 released/charts/fleet/fleet/0.3.400/charts/gitjob/.helmignore create mode 100755 released/charts/fleet/fleet/0.3.400/charts/gitjob/Chart.yaml create mode 100755 released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/_helpers.tpl create mode 100755 released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/clusterrole.yaml create mode 100755 released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/clusterrolebinding.yaml create mode 100755 released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/deployment.yaml create mode 100755 released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/service.yaml create mode 100755 released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/serviceaccount.yaml create mode 100755 released/charts/fleet/fleet/0.3.400/charts/gitjob/values.yaml create mode 100755 released/charts/fleet/fleet/0.3.400/templates/_helpers.tpl create mode 100755 released/charts/fleet/fleet/0.3.400/templates/configmap.yaml create mode 100755 released/charts/fleet/fleet/0.3.400/templates/deployment.yaml create mode 100755 released/charts/fleet/fleet/0.3.400/templates/rbac.yaml create mode 100755 released/charts/fleet/fleet/0.3.400/templates/serviceaccount.yaml create mode 100755 released/charts/fleet/fleet/0.3.400/values.yaml create mode 100755 released/charts/fleet/fleet/0.3.500/Chart.yaml create mode 100755 released/charts/fleet/fleet/0.3.500/charts/gitjob/.helmignore create mode 100755 released/charts/fleet/fleet/0.3.500/charts/gitjob/Chart.yaml create mode 100755 released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/_helpers.tpl create mode 100755 released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/clusterrole.yaml create mode 100755 released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/clusterrolebinding.yaml create mode 100755 released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/deployment.yaml create mode 100755 released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/service.yaml create mode 100755 released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/serviceaccount.yaml create mode 100755 released/charts/fleet/fleet/0.3.500/charts/gitjob/values.yaml create mode 100755 released/charts/fleet/fleet/0.3.500/templates/_helpers.tpl create mode 100755 released/charts/fleet/fleet/0.3.500/templates/configmap.yaml create mode 100755 released/charts/fleet/fleet/0.3.500/templates/deployment.yaml create mode 100755 released/charts/fleet/fleet/0.3.500/templates/rbac.yaml create mode 100755 released/charts/fleet/fleet/0.3.500/templates/serviceaccount.yaml create mode 100755 released/charts/fleet/fleet/0.3.500/values.yaml create mode 100644 released/charts/longhorn/longhorn-crd/1.0.200/Chart.yaml create mode 100644 released/charts/longhorn/longhorn-crd/1.0.200/README.md create mode 100644 released/charts/longhorn/longhorn-crd/1.0.200/templates/crds.yaml create mode 100644 released/charts/longhorn/longhorn-crd/1.0.201/Chart.yaml create mode 100644 released/charts/longhorn/longhorn-crd/1.0.201/README.md create mode 100644 released/charts/longhorn/longhorn-crd/1.0.201/templates/crds.yaml create mode 100644 released/charts/longhorn/longhorn-crd/1.1.000/Chart.yaml create mode 100644 released/charts/longhorn/longhorn-crd/1.1.000/README.md create mode 100644 released/charts/longhorn/longhorn-crd/1.1.000/templates/crds.yaml create mode 100755 released/charts/longhorn/longhorn-crd/1.1.001/Chart.yaml create mode 100755 released/charts/longhorn/longhorn-crd/1.1.001/README.md create mode 100755 released/charts/longhorn/longhorn-crd/1.1.001/templates/crds.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.200/.helmignore create mode 100644 released/charts/longhorn/longhorn/1.0.200/Chart.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.200/README.md create mode 100644 released/charts/longhorn/longhorn/1.0.200/app-readme.md create mode 100644 released/charts/longhorn/longhorn/1.0.200/questions.yml create mode 100644 released/charts/longhorn/longhorn/1.0.200/templates/NOTES.txt create mode 100644 released/charts/longhorn/longhorn/1.0.200/templates/_helpers.tpl create mode 100644 released/charts/longhorn/longhorn/1.0.200/templates/clusterrole.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.200/templates/clusterrolebinding.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.200/templates/daemonset-sa.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.200/templates/default-setting.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.200/templates/deployment-driver.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.200/templates/deployment-ui.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.200/templates/ingress.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.200/templates/postupgrade-job.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.200/templates/psp.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.200/templates/registry-secret.yml create mode 100644 released/charts/longhorn/longhorn/1.0.200/templates/serviceaccount.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.200/templates/storageclass.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.200/templates/tls-secrets.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.200/templates/uninstall-job.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.200/templates/userroles.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.200/templates/validate-install-crd.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.200/values.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.201/.helmignore create mode 100644 released/charts/longhorn/longhorn/1.0.201/Chart.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.201/README.md create mode 100644 released/charts/longhorn/longhorn/1.0.201/app-readme.md create mode 100644 released/charts/longhorn/longhorn/1.0.201/questions.yml create mode 100644 released/charts/longhorn/longhorn/1.0.201/templates/NOTES.txt create mode 100644 released/charts/longhorn/longhorn/1.0.201/templates/_helpers.tpl create mode 100644 released/charts/longhorn/longhorn/1.0.201/templates/clusterrole.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.201/templates/clusterrolebinding.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.201/templates/daemonset-sa.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.201/templates/default-setting.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.201/templates/deployment-driver.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.201/templates/deployment-ui.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.201/templates/ingress.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.201/templates/postupgrade-job.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.201/templates/psp.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.201/templates/registry-secret.yml create mode 100644 released/charts/longhorn/longhorn/1.0.201/templates/serviceaccount.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.201/templates/storageclass.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.201/templates/tls-secrets.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.201/templates/uninstall-job.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.201/templates/userroles.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.201/templates/validate-install-crd.yaml create mode 100644 released/charts/longhorn/longhorn/1.0.201/values.yaml create mode 100644 released/charts/longhorn/longhorn/1.1.000/.helmignore create mode 100644 released/charts/longhorn/longhorn/1.1.000/Chart.yaml create mode 100644 released/charts/longhorn/longhorn/1.1.000/README.md create mode 100644 released/charts/longhorn/longhorn/1.1.000/app-readme.md create mode 100644 released/charts/longhorn/longhorn/1.1.000/questions.yml create mode 100644 released/charts/longhorn/longhorn/1.1.000/templates/NOTES.txt create mode 100644 released/charts/longhorn/longhorn/1.1.000/templates/_helpers.tpl create mode 100644 released/charts/longhorn/longhorn/1.1.000/templates/clusterrole.yaml create mode 100644 released/charts/longhorn/longhorn/1.1.000/templates/clusterrolebinding.yaml create mode 100644 released/charts/longhorn/longhorn/1.1.000/templates/daemonset-sa.yaml create mode 100644 released/charts/longhorn/longhorn/1.1.000/templates/default-setting.yaml create mode 100644 released/charts/longhorn/longhorn/1.1.000/templates/deployment-driver.yaml create mode 100644 released/charts/longhorn/longhorn/1.1.000/templates/deployment-ui.yaml create mode 100644 released/charts/longhorn/longhorn/1.1.000/templates/ingress.yaml create mode 100644 released/charts/longhorn/longhorn/1.1.000/templates/postupgrade-job.yaml create mode 100644 released/charts/longhorn/longhorn/1.1.000/templates/psp.yaml create mode 100644 released/charts/longhorn/longhorn/1.1.000/templates/registry-secret.yml create mode 100644 released/charts/longhorn/longhorn/1.1.000/templates/serviceaccount.yaml create mode 100644 released/charts/longhorn/longhorn/1.1.000/templates/storageclass.yaml create mode 100644 released/charts/longhorn/longhorn/1.1.000/templates/tls-secrets.yaml create mode 100644 released/charts/longhorn/longhorn/1.1.000/templates/uninstall-job.yaml create mode 100644 released/charts/longhorn/longhorn/1.1.000/templates/userroles.yaml create mode 100644 released/charts/longhorn/longhorn/1.1.000/templates/validate-install-crd.yaml create mode 100644 released/charts/longhorn/longhorn/1.1.000/values.yaml create mode 100755 released/charts/longhorn/longhorn/1.1.001/.helmignore create mode 100755 released/charts/longhorn/longhorn/1.1.001/Chart.yaml create mode 100755 released/charts/longhorn/longhorn/1.1.001/README.md create mode 100755 released/charts/longhorn/longhorn/1.1.001/app-readme.md create mode 100755 released/charts/longhorn/longhorn/1.1.001/questions.yml create mode 100755 released/charts/longhorn/longhorn/1.1.001/templates/NOTES.txt create mode 100755 released/charts/longhorn/longhorn/1.1.001/templates/_helpers.tpl create mode 100755 released/charts/longhorn/longhorn/1.1.001/templates/clusterrole.yaml create mode 100755 released/charts/longhorn/longhorn/1.1.001/templates/clusterrolebinding.yaml create mode 100755 released/charts/longhorn/longhorn/1.1.001/templates/daemonset-sa.yaml create mode 100755 released/charts/longhorn/longhorn/1.1.001/templates/default-setting.yaml create mode 100755 released/charts/longhorn/longhorn/1.1.001/templates/deployment-driver.yaml create mode 100755 released/charts/longhorn/longhorn/1.1.001/templates/deployment-ui.yaml create mode 100755 released/charts/longhorn/longhorn/1.1.001/templates/ingress.yaml create mode 100755 released/charts/longhorn/longhorn/1.1.001/templates/postupgrade-job.yaml create mode 100755 released/charts/longhorn/longhorn/1.1.001/templates/psp.yaml create mode 100755 released/charts/longhorn/longhorn/1.1.001/templates/registry-secret.yml create mode 100755 released/charts/longhorn/longhorn/1.1.001/templates/serviceaccount.yaml create mode 100755 released/charts/longhorn/longhorn/1.1.001/templates/storageclass.yaml create mode 100755 released/charts/longhorn/longhorn/1.1.001/templates/tls-secrets.yaml create mode 100755 released/charts/longhorn/longhorn/1.1.001/templates/uninstall-job.yaml create mode 100755 released/charts/longhorn/longhorn/1.1.001/templates/userroles.yaml create mode 100755 released/charts/longhorn/longhorn/1.1.001/templates/validate-install-crd.yaml create mode 100755 released/charts/longhorn/longhorn/1.1.001/values.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/Chart.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/app-readme.md create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/.helmignore create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/Chart.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/files/teams.j2 create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/NOTES.txt create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/_helpers.tpl create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/configmap.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/deployment.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/psp.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/role.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/rolebinding.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/service-account.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/service.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/values.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/.helmignore create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/Chart.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/files/template.tmpl create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/NOTES.txt create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/_helpers.tpl create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/configmap-pre-install.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/deployment.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/psp.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/role.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/rolebinding.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/service-account.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/service.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/values.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/questions.yml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/templates/NOTES.txt create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/templates/_helpers.tpl create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/templates/cluster-role.yaml create mode 100755 released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/values.yaml create mode 100755 released/charts/rancher-backup-crd/rancher-backup-crd/1.0.400/Chart.yaml create mode 100755 released/charts/rancher-backup-crd/rancher-backup-crd/1.0.400/README.md create mode 100755 released/charts/rancher-backup-crd/rancher-backup-crd/1.0.400/templates/backup.yaml create mode 100755 released/charts/rancher-backup-crd/rancher-backup-crd/1.0.400/templates/resourceset.yaml create mode 100755 released/charts/rancher-backup-crd/rancher-backup-crd/1.0.400/templates/restore.yaml create mode 100644 released/charts/rancher-backup/rancher-backup-crd/1.0.200/Chart.yaml create mode 100644 released/charts/rancher-backup/rancher-backup-crd/1.0.200/README.md create mode 100644 released/charts/rancher-backup/rancher-backup-crd/1.0.200/templates/backup.yaml create mode 100644 released/charts/rancher-backup/rancher-backup-crd/1.0.200/templates/resourceset.yaml create mode 100644 released/charts/rancher-backup/rancher-backup-crd/1.0.200/templates/restore.yaml create mode 100644 released/charts/rancher-backup/rancher-backup-crd/1.0.201/Chart.yaml create mode 100644 released/charts/rancher-backup/rancher-backup-crd/1.0.201/README.md create mode 100644 released/charts/rancher-backup/rancher-backup-crd/1.0.201/templates/backup.yaml create mode 100644 released/charts/rancher-backup/rancher-backup-crd/1.0.201/templates/resourceset.yaml create mode 100644 released/charts/rancher-backup/rancher-backup-crd/1.0.201/templates/restore.yaml create mode 100644 released/charts/rancher-backup/rancher-backup-crd/1.0.300/Chart.yaml create mode 100644 released/charts/rancher-backup/rancher-backup-crd/1.0.300/README.md create mode 100644 released/charts/rancher-backup/rancher-backup-crd/1.0.300/templates/backup.yaml create mode 100644 released/charts/rancher-backup/rancher-backup-crd/1.0.300/templates/resourceset.yaml create mode 100644 released/charts/rancher-backup/rancher-backup-crd/1.0.300/templates/restore.yaml create mode 100755 released/charts/rancher-backup/rancher-backup-crd/1.0.301/Chart.yaml create mode 100755 released/charts/rancher-backup/rancher-backup-crd/1.0.301/README.md create mode 100755 released/charts/rancher-backup/rancher-backup-crd/1.0.301/templates/backup.yaml create mode 100755 released/charts/rancher-backup/rancher-backup-crd/1.0.301/templates/resourceset.yaml create mode 100755 released/charts/rancher-backup/rancher-backup-crd/1.0.301/templates/restore.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.200/Chart.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.200/README.md create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.200/templates/_helpers.tpl create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.200/templates/clusterrolebinding.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.200/templates/deployment.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.200/templates/pvc.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.200/templates/rancher-resourceset.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.200/templates/s3-secret.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.200/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.200/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.200/values.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.201/Chart.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.201/README.md create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.201/app-readme.md create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.201/templates/_helpers.tpl create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.201/templates/clusterrolebinding.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.201/templates/deployment.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.201/templates/pvc.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.201/templates/rancher-resourceset.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.201/templates/s3-secret.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.201/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.201/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.201/values.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.300/Chart.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.300/README.md create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.300/app-readme.md create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.300/templates/_helpers.tpl create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.300/templates/clusterrolebinding.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.300/templates/deployment.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.300/templates/pvc.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.300/templates/rancher-resourceset.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.300/templates/s3-secret.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.300/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.300/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-backup/rancher-backup/1.0.300/values.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.301/Chart.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.301/README.md create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.301/app-readme.md create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.301/templates/_helpers.tpl create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.301/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.301/templates/deployment.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.301/templates/pvc.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.301/templates/rancher-resourceset.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.301/templates/s3-secret.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.301/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.301/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.301/values.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.400/Chart.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.400/README.md create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.400/app-readme.md create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.400/files/default-resourceset-contents/eks.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.400/files/default-resourceset-contents/fleet.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.400/files/default-resourceset-contents/gke.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.400/files/default-resourceset-contents/rancher-operator.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.400/files/default-resourceset-contents/rancher.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.400/templates/_helpers.tpl create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.400/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.400/templates/deployment.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.400/templates/pvc.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.400/templates/rancher-resourceset.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.400/templates/s3-secret.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.400/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.400/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-backup/rancher-backup/1.0.400/values.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/Chart.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/README.md create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/templates/clusterscan.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/templates/clusterscanbenchmark.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/templates/clusterscanprofile.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/templates/clusterscanreport.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/Chart.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/README.md create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/templates/clusterscan.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/templates/clusterscanbenchmark.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/templates/clusterscanprofile.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/templates/clusterscanreport.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/Chart.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/README.md create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/templates/clusterscan.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/templates/clusterscanbenchmark.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/templates/clusterscanprofile.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/templates/clusterscanreport.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/Chart.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/README.md create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/templates/clusterscan.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/templates/clusterscanbenchmark.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/templates/clusterscanprofile.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/templates/clusterscanreport.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/Chart.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/README.md create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/templates/clusterscan.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/templates/clusterscanbenchmark.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/templates/clusterscanprofile.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/templates/clusterscanreport.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/Chart.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/README.md create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/templates/clusterscan.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/templates/clusterscanbenchmark.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/templates/clusterscanprofile.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/templates/clusterscanreport.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/Chart.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/README.md create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/_helpers.tpl create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/benchmark-cis-1.5.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/benchmark-eks-1.0.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/benchmark-gke-1.0.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/benchmark-rke-cis-1.5-hardened.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/benchmark-rke-cis-1.5-permissive.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/cis-roles.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/configmap.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/deployment.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/network_policy_allow_all.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/patch_default_serviceaccount.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/rbac.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/scanprofile-cis-1.5.yml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/scanprofile-rke-hardened.yml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/scanprofile-rke-permissive.yml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/scanprofileeks.yml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/scanprofilegke.yml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/values.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/Chart.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/README.md create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/app-readme.md create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/_helpers.tpl create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/benchmark-cis-1.5.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/benchmark-eks-1.0.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/benchmark-gke-1.0.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/benchmark-rke-cis-1.5-hardened.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/benchmark-rke-cis-1.5-permissive.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/cis-roles.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/configmap.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/deployment.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/network_policy_allow_all.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/patch_default_serviceaccount.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/rbac.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/scanprofile-cis-1.5.yml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/scanprofile-rke-hardened.yml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/scanprofile-rke-permissive.yml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/scanprofileeks.yml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/scanprofilegke.yml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/values.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/Chart.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/README.md create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/app-readme.md create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/_helpers.tpl create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/alertingrule.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-cis-1.5.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-cis-1.6.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-eks-1.0.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-gke-1.0.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke-cis-1.5-hardened.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke-cis-1.5-permissive.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke-cis-1.6-hardened.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke-cis-1.6-permissive.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke2-cis-1.5-hardened.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke2-cis-1.5-permissive.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/cis-roles.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/configmap.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/deployment.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/network_policy_allow_all.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/patch_default_serviceaccount.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/rbac.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-cis-1.5.yml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-cis-1.6.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke-1.5-hardened.yml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke-1.5-permissive.yml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke-1.6-hardened.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke-1.6-permissive.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke2-cis-1.5-hardened.yml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke2-cis-1.5-permissive.yml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofileeks.yml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofilegke.yml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/values.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/Chart.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/README.md create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/app-readme.md create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/_helpers.tpl create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/alertingrule.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-cis-1.5.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-cis-1.6.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-eks-1.0.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-gke-1.0.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke-cis-1.5-hardened.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke-cis-1.5-permissive.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke-cis-1.6-hardened.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke-cis-1.6-permissive.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke2-cis-1.5-hardened.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke2-cis-1.5-permissive.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/cis-roles.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/configmap.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/deployment.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/network_policy_allow_all.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/patch_default_serviceaccount.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/rbac.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-cis-1.5.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-cis-1.6.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke-1.5-hardened.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke-1.5-permissive.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke-1.6-hardened.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke-1.6-permissive.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke2-cis-1.5-hardened.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke2-cis-1.5-permissive.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofileeks.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofilegke.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/values.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/Chart.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/README.md create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/app-readme.md create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/_helpers.tpl create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/alertingrule.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-cis-1.5.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-cis-1.6.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-eks-1.0.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-gke-1.0.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke-cis-1.5-hardened.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke-cis-1.5-permissive.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke-cis-1.6-hardened.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke-cis-1.6-permissive.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke2-cis-1.5-hardened.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke2-cis-1.5-permissive.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke2-cis-1.6-hardened.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke2-cis-1.6-permissive.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/cis-roles.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/configmap.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/deployment.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/network_policy_allow_all.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/patch_default_serviceaccount.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/rbac.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-cis-1.5.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-cis-1.6.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke-1.5-hardened.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke-1.5-permissive.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke-1.6-hardened.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke-1.6-permissive.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke2-cis-1.5-hardened.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke2-cis-1.5-permissive.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke2-cis-1.6-hardened.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke2-cis-1.6-permissive.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofileeks.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofilegke.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/values.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/Chart.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/README.md create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/app-readme.md create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/_helpers.tpl create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/alertingrule.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-cis-1.5.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-cis-1.6.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-eks-1.0.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-gke-1.0.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke-cis-1.5-hardened.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke-cis-1.5-permissive.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke-cis-1.6-hardened.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke-cis-1.6-permissive.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke2-cis-1.5-hardened.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke2-cis-1.5-permissive.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke2-cis-1.6-hardened.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke2-cis-1.6-permissive.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/cis-roles.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/configmap.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/deployment.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/network_policy_allow_all.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/patch_default_serviceaccount.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/rbac.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-cis-1.5.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-cis-1.6.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke-1.5-hardened.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke-1.5-permissive.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke-1.6-hardened.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke-1.6-permissive.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke2-cis-1.5-hardened.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke2-cis-1.5-permissive.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke2-cis-1.6-hardened.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke2-cis-1.6-permissive.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofileeks.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofilegke.yml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/values.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/.helmignore create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/Chart.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/README.md create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/app-README.md create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/questions.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/NOTES.txt create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/_helpers.tpl create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/admissionregistration.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/clusterrole.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/clusterrolebinding.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/deployment.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/issuer.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/service.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/servicemonitor.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/admissionregistration_test.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/clusterrole_test.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/clusterrolebinding_test.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/deployment_test.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/issuer_test.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/service_test.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/serviceaccount_test.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/servicemonitor_test.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/values.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/.helmignore create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/Chart.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/README.md create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/app-README.md create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/questions.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/NOTES.txt create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/_helpers.tpl create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/admissionregistration.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/clusterrole.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/clusterrolebinding.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/deployment.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/issuer.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/service.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/servicemonitor.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/admissionregistration_test.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/clusterrole_test.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/clusterrolebinding_test.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/deployment_test.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/issuer_test.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/service_test.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/serviceaccount_test.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/servicemonitor_test.yaml create mode 100644 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/values.yaml create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/.helmignore create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/Chart.yaml create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/README.md create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/app-README.md create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/questions.yaml create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/NOTES.txt create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/_helpers.tpl create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/admissionregistration.yaml create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/clusterrole.yaml create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/deployment.yaml create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/issuer.yaml create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/service.yaml create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/servicemonitor.yaml create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/admissionregistration_test.yaml create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/clusterrole_test.yaml create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/clusterrolebinding_test.yaml create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/deployment_test.yaml create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/issuer_test.yaml create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/service_test.yaml create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/serviceaccount_test.yaml create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/servicemonitor_test.yaml create mode 100755 released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/values.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/Chart.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/README.md create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/templates/config-customresourcedefinition.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/templates/constraintpodstatus-customresourcedefinition.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/templates/constrainttemplate-customresourcedefinition.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/templates/constrainttemplatepodstatus-customresourcedefinition.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/Chart.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/README.md create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/templates/config-customresourcedefinition.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/templates/constraintpodstatus-customresourcedefinition.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/templates/constrainttemplate-customresourcedefinition.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/templates/constrainttemplatepodstatus-customresourcedefinition.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/Chart.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/README.md create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/crd-manifest/config-customresourcedefinition.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/crd-manifest/constraintpodstatus-customresourcedefinition.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/crd-manifest/constrainttemplate-customresourcedefinition.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/templates/_helpers.tpl create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/templates/jobs.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/templates/manifest.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/templates/rbac.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/values.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/Chart.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/README.md create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/crd-manifest/config-customresourcedefinition.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/crd-manifest/constraintpodstatus-customresourcedefinition.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/crd-manifest/constrainttemplate-customresourcedefinition.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/templates/_helpers.tpl create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/templates/jobs.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/templates/manifest.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/templates/rbac.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/values.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/Chart.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/README.md create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/crd-manifest/config-customresourcedefinition.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/crd-manifest/constraintpodstatus-customresourcedefinition.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/crd-manifest/constrainttemplate-customresourcedefinition.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/templates/_helpers.tpl create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/templates/jobs.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/templates/manifest.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/templates/rbac.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/values.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/.helmignore create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/CHANGELOG.md create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/Chart.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/README.md create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/_helpers.tpl create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/allowedrepos.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-admin-serviceaccount.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-audit-deployment.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-controller-manager-deployment.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-manager-role-clusterrole.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-manager-role-role.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-manager-rolebinding-rolebinding.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-webhook-server-cert-secret.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-webhook-service-service.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/requiredlabels.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/values.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/.helmignore create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/CHANGELOG.md create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/Chart.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/README.md create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/app-readme.md create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/_helpers.tpl create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/allowedrepos.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-admin-serviceaccount.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-audit-deployment.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-controller-manager-deployment.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-manager-role-clusterrole.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-manager-role-role.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-manager-rolebinding-rolebinding.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-webhook-server-cert-secret.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-webhook-service-service.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/requiredlabels.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/values.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/.helmignore create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/CHANGELOG.md create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/Chart.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/README.md create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/app-readme.md create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/_helpers.tpl create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/allowedrepos.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-admin-podsecuritypolicy.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-admin-serviceaccount.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-audit-deployment.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-controller-manager-deployment.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-manager-role-clusterrole.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-manager-role-role.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-manager-rolebinding-rolebinding.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-webhook-server-cert-secret.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-webhook-service-service.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/requiredlabels.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/values.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/.helmignore create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/CHANGELOG.md create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/Chart.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/README.md create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/app-readme.md create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/_helpers.tpl create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/allowedrepos.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-admin-podsecuritypolicy.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-admin-serviceaccount.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-audit-deployment.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-controller-manager-deployment.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-manager-role-clusterrole.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-manager-role-role.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-manager-rolebinding-rolebinding.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-webhook-server-cert-secret.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-webhook-service-service.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/requiredlabels.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/values.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/.helmignore create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/CHANGELOG.md create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/Chart.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/README.md create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/app-readme.md create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/_helpers.tpl create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/allowedrepos.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-admin-podsecuritypolicy.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-admin-serviceaccount.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-audit-deployment.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-controller-manager-deployment.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-manager-role-clusterrole.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-manager-role-role.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-manager-rolebinding-rolebinding.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-webhook-server-cert-secret.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-webhook-service-service.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/requiredlabels.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/values.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/.helmignore create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/Chart.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/README.md create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/dashboards/custom-dashboard.json create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/NOTES.txt create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/_helpers.tpl create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/_pod.tpl create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/clusterrole.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/configmap-dashboard-provider.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/configmap.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/dashboards-json-configmap.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/deployment.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/headless-service.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/image-renderer-deployment.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/image-renderer-network-policy.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/image-renderer-service.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/ingress.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/nginx-config.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/poddisruptionbudget.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/podsecuritypolicy.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/pvc.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/role.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/rolebinding.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/secret-env.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/secret.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/service.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/servicemonitor.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/statefulset.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test-configmap.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test-podsecuritypolicy.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test-role.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test-rolebinding.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test-serviceaccount.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test.yaml create mode 100755 released/charts/rancher-grafana/rancher-grafana/6.6.401/values.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/Chart.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/README.md create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/app-readme.md create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/Chart.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/NOTES.txt create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/_helpers.tpl create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/cabundle.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/configmap.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/envoy.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/go.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/kiali.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/microprofile-1.1.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/microprofile-x.y.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/nodejs.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/quarkus.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/springboot-jvm.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/springboot-tomcat.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/thorntail.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/tomcat.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/vertx-client.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/vertx-eventbus.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/vertx-jvm.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/vertx-pool.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/vertx-server.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/deployment.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/hpa.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/ingress.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/oauth.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/psp.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/role-controlplane.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/role-viewer.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/role.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/rolebinding-controlplane.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/rolebinding.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/route.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/service.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/web-root-configmap.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/values.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/.helmignore create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/Chart.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/README.md create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/_affinity.tpl create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/_helpers.tpl create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/deployment.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/psp.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/pvc.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/service.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/values.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/configs/istio-base.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/requirements.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/samples/overlay-example.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/_helpers.tpl create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/admin-role.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/base-config-map.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/clusterrole.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/edit-role.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/istio-cni-psp.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/istio-install-job.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/istio-install-psp.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/istio-psp.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/istio-uninstall-job.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/overlay-config-map.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/service-monitors.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/view-role.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.301/values.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/Chart.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/README.md create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/app-readme.md create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/Chart.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/NOTES.txt create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/_helpers.tpl create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/cabundle.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/configmap.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/envoy.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/go.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/kiali.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/microprofile-1.1.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/microprofile-x.y.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/nodejs.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/quarkus.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/springboot-jvm.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/springboot-tomcat.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/thorntail.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/tomcat.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/vertx-client.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/vertx-eventbus.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/vertx-jvm.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/vertx-pool.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/vertx-server.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/deployment.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/hpa.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/ingress.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/oauth.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/psp.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/role-controlplane.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/role-viewer.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/role.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/rolebinding-controlplane.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/rolebinding.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/route.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/service.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/web-root-configmap.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/values.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/.helmignore create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/Chart.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/README.md create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/_affinity.tpl create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/_helpers.tpl create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/deployment.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/psp.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/pvc.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/service.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/values.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/configs/istio-base.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/requirements.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/samples/overlay-example.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/_helpers.tpl create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/admin-role.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/base-config-map.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/clusterrole.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/edit-role.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/istio-cni-psp.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/istio-install-job.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/istio-install-psp.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/istio-psp.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/istio-uninstall-job.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/overlay-config-map.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/service-monitors.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/view-role.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.400/values.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/Chart.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/README.md create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/app-readme.md create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/Chart.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/NOTES.txt create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/_helpers.tpl create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/cabundle.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/configmap.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/envoy.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/go.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/kiali.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/microprofile-1.1.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/microprofile-x.y.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/nodejs.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/quarkus.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/springboot-jvm.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/springboot-tomcat.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/thorntail.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/tomcat.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/vertx-client.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/vertx-eventbus.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/vertx-jvm.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/vertx-pool.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/vertx-server.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/deployment.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/hpa.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/ingress.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/oauth.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/psp.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/role-controlplane.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/role-viewer.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/role.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/rolebinding-controlplane.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/rolebinding.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/route.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/service.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/web-root-configmap.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/values.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/.helmignore create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/Chart.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/README.md create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/_affinity.tpl create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/_helpers.tpl create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/deployment.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/psp.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/pvc.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/service.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/values.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/configs/istio-base.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/requirements.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/samples/overlay-example.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/_helpers.tpl create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/admin-role.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/base-config-map.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/clusterrole.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/edit-role.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/istio-cni-psp.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/istio-install-job.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/istio-install-psp.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/istio-psp.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/istio-uninstall-job.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/overlay-config-map.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/service-monitors.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/view-role.yaml create mode 100755 released/charts/rancher-istio-1.8/rancher-istio/1.8.500/values.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/Chart.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/README.md create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/app-readme.md create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/Chart.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/NOTES.txt create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/_helpers.tpl create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/cabundle.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/configmap.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/envoy.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/go.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/kiali.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/microprofile-1.1.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/microprofile-x.y.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/nodejs.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/quarkus.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/springboot-jvm.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/springboot-tomcat.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/thorntail.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/tomcat.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/vertx-client.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/vertx-eventbus.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/vertx-jvm.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/vertx-pool.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/vertx-server.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/deployment.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/hpa.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/ingress.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/oauth.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/psp.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/role-controlplane.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/role-viewer.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/role.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/rolebinding-controlplane.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/rolebinding.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/route.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/service.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/web-root-configmap.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/values.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/.helmignore create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/Chart.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/README.md create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/_affinity.tpl create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/_helpers.tpl create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/deployment.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/psp.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/pvc.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/service.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/values.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/configs/istio-base.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/requirements.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/samples/overlay-example.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/_helpers.tpl create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/admin-role.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/base-config-map.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/clusterrole.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/edit-role.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/istio-cni-psp.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/istio-install-job.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/istio-install-psp.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/istio-psp.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/istio-uninstall-job.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/overlay-config-map.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/service-monitors.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/view-role.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.200/values.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/Chart.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/README.md create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/app-readme.md create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/Chart.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/NOTES.txt create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/_helpers.tpl create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/cabundle.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/configmap.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/envoy.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/go.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/kiali.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/microprofile-1.1.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/microprofile-x.y.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/nodejs.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/quarkus.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/springboot-jvm.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/springboot-tomcat.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/thorntail.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/tomcat.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/vertx-client.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/vertx-eventbus.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/vertx-jvm.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/vertx-pool.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/vertx-server.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/deployment.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/hpa.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/ingress.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/oauth.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/psp.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/role-controlplane.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/role-viewer.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/role.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/rolebinding-controlplane.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/rolebinding.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/route.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/service.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/web-root-configmap.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/values.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/.helmignore create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/Chart.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/README.md create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/_affinity.tpl create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/_helpers.tpl create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/deployment.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/psp.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/pvc.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/service.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/values.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/configs/istio-base.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/requirements.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/samples/overlay-example.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/_helpers.tpl create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/admin-role.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/base-config-map.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/clusterrole.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/edit-role.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/istio-cni-psp.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/istio-install-job.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/istio-install-psp.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/istio-psp.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/istio-uninstall-job.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/overlay-config-map.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/service-monitors.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/view-role.yaml create mode 100755 released/charts/rancher-istio-1.9/rancher-istio/1.9.300/values.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/Chart.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/README.md create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/Chart.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/NOTES.txt create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/_helpers.tpl create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/cabundle.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/configmap.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/envoy.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/go.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/kiali.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/micrometer-1.1-jvm.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/microprofile-1.1.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/microprofile-x.y.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/nodejs.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/quarkus.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/springboot-jvm-pool.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/springboot-jvm.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/springboot-tomcat.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/thorntail.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/tomcat.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/vertx-client.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/vertx-eventbus.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/vertx-jvm.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/vertx-pool.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/vertx-server.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/deployment.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/ingess.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/oauth.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/role-viewer.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/role.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/rolebinding.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/route.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/service.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/web-root-configmap.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/values.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/configs/istio-base.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/requirements.lock create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/requirements.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/samples/overlay-example.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/templates/_helpers.tpl create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/templates/admin-role.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/templates/base-config-map.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/templates/clusterrole.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/templates/clusterrolebinding.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/templates/edit-role.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/templates/istio-install-job.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/templates/istio-uninstall-job.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/templates/overlay-config-map.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/templates/service-monitors.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/templates/view-role.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.100/values.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/Chart.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/README.md create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/app-readme.md create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/Chart.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/NOTES.txt create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/_helpers.tpl create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/cabundle.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/configmap.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/envoy.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/go.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/kiali.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/micrometer-1.1-jvm.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/microprofile-1.1.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/microprofile-x.y.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/nodejs.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/quarkus.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/springboot-jvm-pool.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/springboot-jvm.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/springboot-tomcat.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/thorntail.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/tomcat.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/vertx-client.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/vertx-eventbus.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/vertx-jvm.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/vertx-pool.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/vertx-server.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/deployment.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/ingess.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/oauth.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/role-viewer.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/role.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/rolebinding.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/route.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/service.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/web-root-configmap.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/values.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/configs/istio-base.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/requirements.lock create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/requirements.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/samples/overlay-example.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/templates/_helpers.tpl create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/templates/admin-role.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/templates/base-config-map.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/templates/clusterrole.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/templates/clusterrolebinding.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/templates/edit-role.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/templates/istio-install-job.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/templates/istio-uninstall-job.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/templates/overlay-config-map.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/templates/service-monitors.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/templates/view-role.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.300/values.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/Chart.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/README.md create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/app-readme.md create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/Chart.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/NOTES.txt create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/_helpers.tpl create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/cabundle.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/configmap.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/envoy.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/go.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/kiali.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/micrometer-1.1-jvm.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/microprofile-1.1.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/microprofile-x.y.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/nodejs.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/quarkus.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/springboot-jvm-pool.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/springboot-jvm.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/springboot-tomcat.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/thorntail.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/tomcat.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/vertx-client.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/vertx-eventbus.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/vertx-jvm.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/vertx-pool.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/vertx-server.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/deployment.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/ingess.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/oauth.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/role-viewer.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/role.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/rolebinding.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/route.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/service.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/web-root-configmap.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/values.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/.helmignore create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/Chart.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/README.md create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/templates/_affinity.tpl create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/templates/_helpers.tpl create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/templates/deployment.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/templates/pvc.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/templates/service.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/values.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/configs/istio-base.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/requirements.lock create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/requirements.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/samples/overlay-example.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/templates/_helpers.tpl create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/templates/admin-role.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/templates/base-config-map.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/templates/clusterrole.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/templates/clusterrolebinding.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/templates/edit-role.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/templates/istio-install-job.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/templates/istio-uninstall-job.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/templates/overlay-config-map.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/templates/service-monitors.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/templates/view-role.yaml create mode 100644 released/charts/rancher-istio/rancher-istio/1.7.301/values.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/Chart.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/README.md create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/app-readme.md create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/Chart.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/NOTES.txt create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/_helpers.tpl create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/cabundle.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/configmap.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/envoy.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/go.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/kiali.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/microprofile-1.1.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/microprofile-x.y.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/nodejs.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/quarkus.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/springboot-jvm.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/springboot-tomcat.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/thorntail.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/tomcat.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/vertx-client.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/vertx-eventbus.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/vertx-jvm.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/vertx-pool.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/vertx-server.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/deployment.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/hpa.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/ingress.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/oauth.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/role-controlplane.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/role-viewer.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/role.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/rolebinding-controlplane.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/rolebinding.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/route.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/service.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/web-root-configmap.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/values.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/.helmignore create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/Chart.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/README.md create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/templates/_affinity.tpl create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/templates/_helpers.tpl create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/templates/deployment.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/templates/pvc.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/templates/service.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/values.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/configs/istio-base.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/requirements.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/samples/overlay-example.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/templates/_helpers.tpl create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/templates/admin-role.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/templates/base-config-map.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/templates/clusterrole.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/templates/edit-role.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/templates/istio-install-job.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/templates/istio-uninstall-job.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/templates/overlay-config-map.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/templates/service-monitors.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/templates/view-role.yaml create mode 100755 released/charts/rancher-istio/rancher-istio/1.8.300/values.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.23.001/Chart.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.23.001/README.md create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.23.001/templates/crds.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.001/Chart.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.001/README.md create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.001/templates/crds.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.003/Chart.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.003/README.md create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.003/templates/crds.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.000/Chart.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.000/README.md create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.000/templates/crds.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.100/Chart.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.100/README.md create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.100/templates/crds.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.32.100/Chart.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.32.100/README.md create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.32.100/templates/crds.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/Chart.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/NOTES.txt create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/_helpers.tpl create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/cabundle.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/configmap.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/envoy.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/go.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/kiali.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/micrometer-1.0.6-jvm.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/micrometer-1.1-jvm.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/microprofile-1.1.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/microprofile-x.y.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/nodejs.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/quarkus.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/springboot-jvm-pool.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/springboot-jvm.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/springboot-tomcat.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/thorntail.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/tomcat.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/vertx-client.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/vertx-eventbus.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/vertx-jvm.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/vertx-pool.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/vertx-server.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/deployment.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/ingess.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/oauth.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/role-viewer.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/role.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/rolebinding.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/route.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/service.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/web-root-configmap.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/values.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/Chart.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/NOTES.txt create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/_helpers.tpl create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/cabundle.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/configmap.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/envoy.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/go.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/kiali.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/micrometer-1.0.6-jvm.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/micrometer-1.1-jvm.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/microprofile-1.1.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/microprofile-x.y.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/nodejs.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/quarkus.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/springboot-jvm-pool.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/springboot-jvm.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/springboot-tomcat.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/thorntail.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/tomcat.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/vertx-client.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/vertx-eventbus.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/vertx-jvm.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/vertx-pool.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/vertx-server.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/deployment.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/ingess.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/oauth.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/role-viewer.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/role.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/rolebinding.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/route.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/service.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/web-root-configmap.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/values.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/Chart.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/NOTES.txt create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/_helpers.tpl create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/cabundle.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/configmap.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/envoy.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/go.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/kiali.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/micrometer-1.0.6-jvm.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/micrometer-1.1-jvm.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/microprofile-1.1.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/microprofile-x.y.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/nodejs.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/quarkus.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/springboot-jvm-pool.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/springboot-jvm.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/springboot-tomcat.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/thorntail.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/tomcat.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/vertx-client.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/vertx-eventbus.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/vertx-jvm.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/vertx-pool.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/vertx-server.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/deployment.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/ingess.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/oauth.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/role-viewer.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/role.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/rolebinding.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/route.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/service.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/web-root-configmap.yaml create mode 100644 released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/values.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/Chart.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/NOTES.txt create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/_helpers.tpl create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/cabundle.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/configmap.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/envoy.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/go.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/kiali.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/micrometer-1.0.6-jvm.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/micrometer-1.1-jvm.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/microprofile-1.1.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/microprofile-x.y.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/nodejs.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/quarkus.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/springboot-jvm-pool.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/springboot-jvm.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/springboot-tomcat.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/thorntail.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/tomcat.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/vertx-client.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/vertx-eventbus.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/vertx-jvm.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/vertx-pool.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/vertx-server.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/deployment.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/hpa.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/ingress.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/oauth.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/role-controlplane.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/role-viewer.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/role.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/rolebinding-controlplane.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/rolebinding.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/route.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/service.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/web-root-configmap.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/values.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/Chart.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/NOTES.txt create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/_helpers.tpl create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/cabundle.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/configmap.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/envoy.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/go.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/kiali.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/micrometer-1.0.6-jvm.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/micrometer-1.1-jvm.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/microprofile-1.1.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/microprofile-x.y.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/nodejs.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/quarkus.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/springboot-jvm-pool.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/springboot-jvm.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/springboot-tomcat.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/thorntail.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/tomcat.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/vertx-client.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/vertx-eventbus.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/vertx-jvm.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/vertx-pool.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/vertx-server.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/deployment.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/hpa.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/ingress.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/oauth.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/psp.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/role-controlplane.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/role-viewer.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/role.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/rolebinding-controlplane.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/rolebinding.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/route.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/service.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/web-root-configmap.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/values.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/Chart.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/NOTES.txt create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/_helpers.tpl create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/cabundle.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/configmap.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/envoy.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/go.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/kiali.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/micrometer-1.0.6-jvm.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/micrometer-1.1-jvm.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/microprofile-1.1.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/microprofile-x.y.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/nodejs.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/quarkus.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/springboot-jvm-pool.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/springboot-jvm.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/springboot-tomcat.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/thorntail.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/tomcat.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/vertx-client.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/vertx-eventbus.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/vertx-jvm.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/vertx-pool.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/vertx-server.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/deployment.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/hpa.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/ingress.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/oauth.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/psp.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/role-controlplane.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/role-viewer.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/role.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/rolebinding-controlplane.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/rolebinding.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/route.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/service.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/web-root-configmap.yaml create mode 100755 released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/values.yaml create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/.helmignore create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/Chart.yaml create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/LICENSE create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/OWNERS create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/README.md create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/NOTES.txt create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/_helpers.tpl create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/deployment.yaml create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/kubeconfig-secret.yaml create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/pdb.yaml create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/podsecuritypolicy.yaml create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/psp-clusterrole.yaml create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/psp-clusterrolebinding.yaml create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/role.yaml create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/rolebinding.yaml create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/service.yaml create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/servicemonitor.yaml create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/stsdiscovery-role.yaml create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/stsdiscovery-rolebinding.yaml create mode 100755 released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/values.yaml create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.6.000/Chart.yaml create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.6.000/README.md create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.6.000/templates/logging.banzaicloud.io_clusterflows.yaml create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.6.000/templates/logging.banzaicloud.io_clusteroutputs.yaml create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.6.000/templates/logging.banzaicloud.io_flows.yaml create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.6.000/templates/logging.banzaicloud.io_loggings.yaml create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.6.000/templates/logging.banzaicloud.io_outputs.yaml create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.6.001/Chart.yaml create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.6.001/README.md create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.6.001/templates/logging.banzaicloud.io_clusterflows.yaml create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.6.001/templates/logging.banzaicloud.io_clusteroutputs.yaml create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.6.001/templates/logging.banzaicloud.io_flows.yaml create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.6.001/templates/logging.banzaicloud.io_loggings.yaml create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.6.001/templates/logging.banzaicloud.io_outputs.yaml create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.8.201/Chart.yaml create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.8.201/README.md create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.8.201/templates/logging.banzaicloud.io_clusterflows.yaml create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.8.201/templates/logging.banzaicloud.io_clusteroutputs.yaml create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.8.201/templates/logging.banzaicloud.io_flows.yaml create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.8.201/templates/logging.banzaicloud.io_loggings.yaml create mode 100644 released/charts/rancher-logging/rancher-logging-crd/3.8.201/templates/logging.banzaicloud.io_outputs.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.000/Chart.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.000/README.md create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.000/templates/logging.banzaicloud.io_clusterflows.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.000/templates/logging.banzaicloud.io_clusteroutputs.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.000/templates/logging.banzaicloud.io_flows.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.000/templates/logging.banzaicloud.io_loggings.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.000/templates/logging.banzaicloud.io_outputs.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.001/Chart.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.001/README.md create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.001/templates/logging.banzaicloud.io_clusterflows.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.001/templates/logging.banzaicloud.io_clusteroutputs.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.001/templates/logging.banzaicloud.io_flows.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.001/templates/logging.banzaicloud.io_loggings.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.001/templates/logging.banzaicloud.io_outputs.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.002/Chart.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.002/README.md create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.002/templates/logging.banzaicloud.io_clusterflows.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.002/templates/logging.banzaicloud.io_clusteroutputs.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.002/templates/logging.banzaicloud.io_flows.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.002/templates/logging.banzaicloud.io_loggings.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.002/templates/logging.banzaicloud.io_outputs.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.400/Chart.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.400/README.md create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.400/templates/logging.banzaicloud.io_clusterflows.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.400/templates/logging.banzaicloud.io_clusteroutputs.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.400/templates/logging.banzaicloud.io_flows.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.400/templates/logging.banzaicloud.io_loggings.yaml create mode 100755 released/charts/rancher-logging/rancher-logging-crd/3.9.400/templates/logging.banzaicloud.io_outputs.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/.helmignore create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/Chart.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/README.md create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/app-readme.md create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/NOTES.txt create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/_helpers.tpl create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/clusterrole.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/clusterrolebinding.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/crds.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/deployment.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/eks/logging.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/k3s/logging-k3s-openrc.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/k3s/logging-k3s-systemd.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke/logging-containers-rke.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke/logging-rke.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke2/configmap.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke2/daemonset.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke2/logging-rke2-containers.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke2/logging-rke2-journald.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/root/logging.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/psp.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/service.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/serviceMonitor.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/userroles.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.000/values.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/.helmignore create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/Chart.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/README.md create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/app-readme.md create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/NOTES.txt create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/_helpers.tpl create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/clusterrole.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/clusterrolebinding.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/crds.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/deployment.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/eks/logging.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/k3s/logging-k3s-openrc.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/k3s/logging-k3s-systemd.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke/configmap.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke/daemonset.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke/logging-rke.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke2/configmap.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke2/daemonset.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke2/logging-rke2-containers.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke2/logging-rke2-journald.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/root/logging.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/psp.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/service.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/serviceMonitor.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/userroles.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.6.001/values.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/.helmignore create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/Chart.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/README.md create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/app-readme.md create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/NOTES.txt create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/_helpers.tpl create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/clusterrole.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/clusterrolebinding.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/crds.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/deployment.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/aks/logging.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/eks/logging.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/gke/logging.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/k3s/logging-k3s-openrc.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/k3s/logging-k3s-systemd.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke/configmap.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke/daemonset.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke/logging-rke.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke2/configmap.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke2/daemonset.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke2/logging-rke2-containers.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke2/logging-rke2-journald.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/root/logging.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/psp.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/service.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/serviceMonitor.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/userroles.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-logging/rancher-logging/3.8.201/values.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/.helmignore create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/Chart.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/README.md create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/app-readme.md create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/NOTES.txt create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/_helpers.tpl create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/clusterrole.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/crds.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/deployment.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/aks/logging.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/eks/logging.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/gke/logging.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/k3s/logging-k3s-openrc.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/k3s/logging-k3s-systemd.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke/configmap.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke/daemonset.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke/logging-rke.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke2/configmap.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke2/daemonset.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke2/logging-rke2-containers.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke2/logging-rke2-journald.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/root/logging.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/psp.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/service.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/serviceMonitor.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/userroles.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/templates/validate-install.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.000/values.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/.helmignore create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/Chart.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/README.md create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/app-readme.md create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/NOTES.txt create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/_helpers.tpl create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/clusterrole.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/crds.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/deployment.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/aks/logging.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/eks/logging.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/gke/logging.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/k3s/logging-k3s-openrc.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/k3s/logging-k3s-systemd.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/rke/configmap.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/rke/daemonset.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/rke2/configmap.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/rke2/daemonset.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/rke2/logging-rke2-containers.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/root/logging.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/psp.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/service.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/serviceMonitor.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/userroles.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/templates/validate-install.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.001/values.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/.helmignore create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/Chart.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/README.md create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/app-readme.md create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/NOTES.txt create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/_helpers.tpl create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/clusterrole.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/crds.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/deployment.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/aks/logging.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/eks/logging.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/gke/logging.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/k3s/logging-k3s-openrc.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/k3s/logging-k3s-systemd.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/rke/configmap.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/rke/daemonset.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/rke2/configmap.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/rke2/daemonset.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/rke2/logging-rke2-containers.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/root/logging.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/psp.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/service.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/serviceMonitor.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/userroles.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/templates/validate-install.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.002/values.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/.helmignore create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/Chart.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/README.md create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/app-readme.md create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/NOTES.txt create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/_helpers.tpl create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/clusterrole.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/crds.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/deployment.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/aks/logging.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/eks/logging.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/gke/logging.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/k3s/logging-k3s-openrc.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/k3s/logging-k3s-systemd.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/rke/configmap.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/rke/daemonset.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/rke2/configmap.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/rke2/daemonset.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/rke2/logging-rke2-containers.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/root/logging.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/psp.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/service.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/serviceMonitor.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/userroles.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/templates/validate-install.yaml create mode 100755 released/charts/rancher-logging/rancher-logging/3.9.400/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-alertmanagerconfigs.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-alertmanagers.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-podmonitors.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-probes.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-prometheuses.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-prometheusrules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-servicemonitors.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-thanosrulers.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/templates/jobs.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/templates/manifest.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/templates/rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-alertmanager.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-podmonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-prometheus.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-prometheusrules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-thanosrulers.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/templates/jobs.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/templates/manifest.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/templates/rbac.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-alertmanager.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-podmonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-prometheus.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-prometheusrules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-thanosrulers.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/templates/jobs.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/templates/manifest.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/templates/rbac.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-alertmanager.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-podmonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-prometheus.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-prometheusrules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-thanosrulers.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/templates/jobs.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/templates/manifest.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/templates/rbac.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-alertmanager.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-podmonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-prometheus.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-prometheusrules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-thanosrulers.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/templates/jobs.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/templates/manifest.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/templates/rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-alertmanager.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-podmonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-prometheus.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-prometheusrules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-thanosrulers.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/templates/jobs.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/templates/manifest.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/templates/rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/CHANGELOG.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/CONTRIBUTING.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/app-README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/dashboards/custom-dashboard.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/NOTES.txt create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/_pod.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/configmap-dashboard-provider.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/configmap.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/dashboards-json-configmap.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/deployment.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/headless-service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/image-renderer-deployment.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/image-renderer-network-policy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/image-renderer-service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/ingress.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/nginx-config.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/poddisruptionbudget.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/podsecuritypolicy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/pvc.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/rolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/secret-env.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/secret.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/statefulset.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test-configmap.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test-podsecuritypolicy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test-rolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test-serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/LICENSE create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/NOTES.txt create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/deployment.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/kubeconfig-secret.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/pdb.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/podsecuritypolicy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/psp-clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/rolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/stsdiscovery-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/NOTES.txt create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/certmanager.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/cluster-role-binding-auth-delegator.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/cluster-role-binding-resource-reader.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/cluster-role-resource-reader.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/configmap.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/custom-metrics-apiservice.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/custom-metrics-cluster-role-binding-hpa.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/custom-metrics-cluster-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/deployment.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/external-metrics-apiservice.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/external-metrics-cluster-role-binding-hpa.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/external-metrics-cluster-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/pdb.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/psp.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/resource-metrics-apiservice.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/resource-metrics-cluster-role-binding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/resource-metrics-cluster-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/role-binding-auth-reader.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/secret.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/NOTES.txt create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/daemonset.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/endpoints.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/monitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/psp-clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/psp.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/scripts/check-wins-version.ps1 create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/scripts/copy-binary.ps1 create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/scripts/proxy-entry.ps1 create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/scripts/run.ps1 create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/configmap.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/daemonset.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/ingress-nginx/nginx.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/ingress-nginx/request-handling-performance.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/cluster/rancher-cluster-nodes.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/cluster/rancher-cluster.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/etcd/etcd-metrics-detail.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/etcd/etcd-metrics-summary.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/home/rancher-default-home-with-windows.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/home/rancher-default-home.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/kubernetes-components-metrics-detail.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/kubernetes-components-metrics-summary.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/rancher-etcd-nodes.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/rancher-etcd.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/rancher-k8s-components-nodes.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/rancher-k8s-components.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/linux/linux-metrics-detail.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/linux/linux-metrics-summary.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/nodes/rancher-node-detail.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/nodes/rancher-node.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/pods/rancher-pod-containers.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/pods/rancher-pod.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/rancher-default-home.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/windows/windows-metrics-detail.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/windows/windows-metrics-summary.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/workloads/rancher-workload-pods.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/workloads/rancher-workload.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/NOTES.txt create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/alertmanager.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/cleanupSecret.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/ingress.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/ingressperreplica.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/podDisruptionBudget.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/psp-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/psp-rolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/psp.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/secret.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/serviceperreplica.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/core-dns/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/core-dns/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-api-server/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-controller-manager/endpoints.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-controller-manager/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-controller-manager/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-dns/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-dns/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-etcd/endpoints.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-etcd/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-etcd/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-proxy/endpoints.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-proxy/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-proxy/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-scheduler/endpoints.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-scheduler/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-scheduler/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-state-metrics/serviceMonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kubelet/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/node-exporter/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/configmap-dashboards.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/configmaps-datasources.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/apiserver.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/cluster-total.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/controller-manager.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/etcd.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-coredns.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-node.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/kubelet.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/namespace-by-pod.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/namespace-by-workload.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/node-rsrc-use.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/nodes.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/pod-total.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/prometheus.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/scheduler.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/statefulset.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/workload-total.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/etcd.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-cluster-rsrc-use.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-node-rsrc-use.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-resources-cluster.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-resources-namespace.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-resources-pod.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-resources-workload.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-resources-workloads-namespace.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/nodes.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/persistentvolumesusage.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/pods.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/statefulset.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/namespaces.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/certmanager.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/deployment.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/psp-clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/psp-clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/psp.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/_rules.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/additionalAlertRelabelConfigs.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/additionalAlertmanagerConfigs.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/additionalPrometheusRules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/additionalScrapeConfigs.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/ingress.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/ingressThanosSidecar.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/ingressperreplica.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/nginx-config.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/podDisruptionBudget.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/podmonitors.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/prometheus.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/psp-clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/psp-clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/psp.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/alertmanager.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/etcd.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/general.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/k8s.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-apiserver-slos.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-apiserver.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-prometheus-general.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-prometheus-node-recording.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-state-metrics.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubelet.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-apps.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-resources.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-storage.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-system.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/node-exporter.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/node-exporter.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/node-network.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/node.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/prometheus-operator.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/prometheus.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/alertmanager.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/etcd.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/general.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/k8s.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kube-apiserver.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kube-prometheus-node-alerting.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kube-prometheus-node-recording.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kube-scheduler.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kubernetes-absent.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kubernetes-apps.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kubernetes-resources.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kubernetes-storage.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kubernetes-system.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/node-network.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/node-time.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/node.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/prometheus-operator.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/prometheus.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/serviceThanosSidecar.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/servicemonitors.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/serviceperreplica.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/config-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboard-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/addons/ingress-nginx-dashboard.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/cluster-dashboards.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/default-dashboard.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/etcd-dashboards.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/k8s-dashboards.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/linux-dashboards.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/nodes-dashboards.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/pods-dashboards.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/windows-dashboards.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/workload-dashboards.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/default-dashboard.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/exporters/ingress-nginx/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/exporters/ingress-nginx/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/hardened.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/ingress-nginx-dashboard.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/14.5.100/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/.helmignore create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/CHANGELOG.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/CONTRIBUTING.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/app-README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/.helmignore create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/dashboards/custom-dashboard.json create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/NOTES.txt create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/_pod.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/configmap-dashboard-provider.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/configmap.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/dashboards-json-configmap.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/deployment.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/headless-service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/ingress.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/nginx-config.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/poddisruptionbudget.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/podsecuritypolicy.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/pvc.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/rolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/secret-env.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/secret.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/statefulset.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/tests/test-configmap.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/tests/test-podsecuritypolicy.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/tests/test-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/tests/test-rolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/tests/test-serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/templates/tests/test.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/grafana/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/kube-state-metrics/.helmignore create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/kube-state-metrics/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/kube-state-metrics/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/kube-state-metrics/templates/NOTES.txt create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/kube-state-metrics/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/kube-state-metrics/templates/clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/kube-state-metrics/templates/clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/kube-state-metrics/templates/deployment.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/kube-state-metrics/templates/pdb.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/kube-state-metrics/templates/podsecuritypolicy.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/kube-state-metrics/templates/psp-clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/kube-state-metrics/templates/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/kube-state-metrics/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/kube-state-metrics/templates/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/kube-state-metrics/templates/stsdiscovery-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/kube-state-metrics/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/.helmignore create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/templates/NOTES.txt create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/templates/custom-metrics-apiserver-auth-delegator-cluster-role-binding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/templates/custom-metrics-apiserver-auth-reader-role-binding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/templates/custom-metrics-apiserver-deployment.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/templates/custom-metrics-apiserver-resource-reader-cluster-role-binding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/templates/custom-metrics-apiserver-service-account.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/templates/custom-metrics-apiserver-service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/templates/custom-metrics-apiservice.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/templates/custom-metrics-cluster-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/templates/custom-metrics-configmap.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/templates/custom-metrics-resource-reader-cluster-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/templates/external-metrics-apiservice.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/templates/external-metrics-cluster-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/templates/hpa-custom-metrics-cluster-role-binding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/templates/hpa-external-metrics-cluster-role-binding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/templates/resource-metrics-apiservice.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/templates/resource-metrics-cluster-role-binding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/templates/resource-metrics-cluster-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/templates/secret.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-adapter/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-node-exporter/.helmignore create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-node-exporter/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-node-exporter/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-node-exporter/templates/NOTES.txt create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-node-exporter/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-node-exporter/templates/daemonset.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-node-exporter/templates/endpoints.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-node-exporter/templates/monitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-node-exporter/templates/psp-clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-node-exporter/templates/psp.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-node-exporter/templates/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-node-exporter/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/prometheus-node-exporter/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/rancher-pushprox/.helmignore create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/rancher-pushprox/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/rancher-pushprox/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/rancher-pushprox/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/rancher-pushprox/templates/pushprox-clients-rbac.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/rancher-pushprox/templates/pushprox-clients.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/rancher-pushprox/templates/pushprox-proxy.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/rancher-pushprox/templates/pushprox-servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/charts/rancher-pushprox/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/requirements.lock create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/requirements.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/NOTES.txt create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/alertmanager/alertmanager.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/alertmanager/cleanupSecret.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/alertmanager/ingress.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/alertmanager/ingressperreplica.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/alertmanager/podDisruptionBudget.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/alertmanager/psp-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/alertmanager/psp-rolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/alertmanager/psp.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/alertmanager/secret.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/alertmanager/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/alertmanager/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/alertmanager/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/alertmanager/serviceperreplica.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/exporters/core-dns/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/exporters/core-dns/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/exporters/kube-api-server/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/exporters/kube-controller-manager/endpoints.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/exporters/kube-controller-manager/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/exporters/kube-controller-manager/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/exporters/kube-dns/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/exporters/kube-dns/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/exporters/kube-etcd/endpoints.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/exporters/kube-etcd/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/exporters/kube-etcd/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/exporters/kube-proxy/endpoints.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/exporters/kube-proxy/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/exporters/kube-proxy/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/exporters/kube-scheduler/endpoints.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/exporters/kube-scheduler/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/exporters/kube-scheduler/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/exporters/kube-state-metrics/serviceMonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/exporters/kubelet/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/exporters/node-exporter/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/configmap-dashboards.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/configmaps-datasources.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/apiserver.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/cluster-total.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/controller-manager.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/etcd.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/k8s-coredns.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/k8s-resources-node.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/kubelet.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/namespace-by-pod.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/namespace-by-workload.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/node-rsrc-use.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/nodes.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/pod-total.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/prometheus.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/proxy.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/scheduler.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/statefulset.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards-1.14/workload-total.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards/etcd.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards/k8s-cluster-rsrc-use.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards/k8s-node-rsrc-use.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards/k8s-resources-cluster.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards/k8s-resources-namespace.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards/k8s-resources-pod.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards/k8s-resources-workload.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards/k8s-resources-workloads-namespace.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards/nodes.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards/persistentvolumesusage.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards/pods.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/dashboards/statefulset.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/namespaces.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/grafana/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus-operator/clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus-operator/clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus-operator/deployment.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus-operator/psp-clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus-operator/psp-clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus-operator/psp.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus-operator/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus-operator/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus-operator/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/additionalAlertRelabelConfigs.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/additionalAlertmanagerConfigs.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/additionalPrometheusRules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/additionalScrapeConfigs.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/ingress.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/ingressThanosSidecar.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/ingressperreplica.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/nginx-config.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/podDisruptionBudget.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/podmonitors.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/prometheus.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/psp-clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/psp-clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/psp.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/alertmanager.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/etcd.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/general.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/k8s.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/kube-apiserver-slos.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/kube-apiserver.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/kube-prometheus-general.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/kube-prometheus-node-recording.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/kube-state-metrics.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/kubelet.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/kubernetes-apps.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/kubernetes-resources.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/kubernetes-storage.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/kubernetes-system.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/node-exporter.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/node-exporter.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/node-network.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/node.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/prometheus-operator.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules-1.14/prometheus.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules/alertmanager.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules/etcd.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules/general.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules/k8s.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules/kube-apiserver.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules/kube-prometheus-node-alerting.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules/kube-prometheus-node-recording.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules/kube-scheduler.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules/kubernetes-absent.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules/kubernetes-apps.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules/kubernetes-resources.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules/kubernetes-storage.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules/kubernetes-system.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules/node-network.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules/node-time.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules/node.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules/prometheus-operator.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/rules/prometheus.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/servicemonitors.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/prometheus/serviceperreplica.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/rancher-monitoring/clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/rancher-monitoring/config-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/rancher-monitoring/dashboard-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/rancher-monitoring/default-dashboard.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.200/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/.helmignore create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/CHANGELOG.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/CONTRIBUTING.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/app-README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/.helmignore create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/dashboards/custom-dashboard.json create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/NOTES.txt create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/_pod.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/configmap-dashboard-provider.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/configmap.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/dashboards-json-configmap.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/deployment.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/headless-service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/ingress.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/nginx-config.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/poddisruptionbudget.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/podsecuritypolicy.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/pvc.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/rolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/secret-env.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/secret.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/statefulset.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/tests/test-configmap.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/tests/test-podsecuritypolicy.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/tests/test-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/tests/test-rolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/tests/test-serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/templates/tests/test.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/grafana/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/kube-state-metrics/.helmignore create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/kube-state-metrics/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/kube-state-metrics/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/kube-state-metrics/templates/NOTES.txt create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/kube-state-metrics/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/kube-state-metrics/templates/clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/kube-state-metrics/templates/clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/kube-state-metrics/templates/deployment.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/kube-state-metrics/templates/pdb.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/kube-state-metrics/templates/podsecuritypolicy.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/kube-state-metrics/templates/psp-clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/kube-state-metrics/templates/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/kube-state-metrics/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/kube-state-metrics/templates/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/kube-state-metrics/templates/stsdiscovery-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/kube-state-metrics/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/.helmignore create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/templates/NOTES.txt create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/templates/custom-metrics-apiserver-auth-delegator-cluster-role-binding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/templates/custom-metrics-apiserver-auth-reader-role-binding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/templates/custom-metrics-apiserver-deployment.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/templates/custom-metrics-apiserver-resource-reader-cluster-role-binding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/templates/custom-metrics-apiserver-service-account.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/templates/custom-metrics-apiserver-service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/templates/custom-metrics-apiservice.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/templates/custom-metrics-cluster-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/templates/custom-metrics-configmap.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/templates/custom-metrics-resource-reader-cluster-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/templates/external-metrics-apiservice.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/templates/external-metrics-cluster-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/templates/hpa-custom-metrics-cluster-role-binding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/templates/hpa-external-metrics-cluster-role-binding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/templates/resource-metrics-apiservice.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/templates/resource-metrics-cluster-role-binding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/templates/resource-metrics-cluster-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/templates/secret.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-adapter/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-node-exporter/.helmignore create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-node-exporter/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-node-exporter/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-node-exporter/templates/NOTES.txt create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-node-exporter/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-node-exporter/templates/daemonset.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-node-exporter/templates/endpoints.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-node-exporter/templates/monitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-node-exporter/templates/psp-clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-node-exporter/templates/psp.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-node-exporter/templates/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-node-exporter/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/prometheus-node-exporter/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/rancher-pushprox/.helmignore create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/rancher-pushprox/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/rancher-pushprox/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/rancher-pushprox/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/rancher-pushprox/templates/pushprox-clients-rbac.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/rancher-pushprox/templates/pushprox-clients.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/rancher-pushprox/templates/pushprox-proxy.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/rancher-pushprox/templates/pushprox-servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/charts/rancher-pushprox/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/requirements.lock create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/requirements.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/NOTES.txt create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/alertmanager/alertmanager.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/alertmanager/cleanupSecret.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/alertmanager/ingress.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/alertmanager/ingressperreplica.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/alertmanager/podDisruptionBudget.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/alertmanager/psp-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/alertmanager/psp-rolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/alertmanager/psp.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/alertmanager/secret.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/alertmanager/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/alertmanager/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/alertmanager/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/alertmanager/serviceperreplica.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/exporters/core-dns/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/exporters/core-dns/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/exporters/kube-api-server/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/exporters/kube-controller-manager/endpoints.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/exporters/kube-controller-manager/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/exporters/kube-controller-manager/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/exporters/kube-dns/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/exporters/kube-dns/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/exporters/kube-etcd/endpoints.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/exporters/kube-etcd/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/exporters/kube-etcd/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/exporters/kube-proxy/endpoints.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/exporters/kube-proxy/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/exporters/kube-proxy/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/exporters/kube-scheduler/endpoints.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/exporters/kube-scheduler/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/exporters/kube-scheduler/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/exporters/kube-state-metrics/serviceMonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/exporters/kubelet/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/exporters/node-exporter/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/configmap-dashboards.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/configmaps-datasources.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/apiserver.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/cluster-total.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/controller-manager.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/etcd.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/k8s-coredns.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/k8s-resources-node.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/kubelet.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/namespace-by-pod.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/namespace-by-workload.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/node-rsrc-use.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/nodes.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/pod-total.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/prometheus.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/proxy.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/scheduler.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/statefulset.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards-1.14/workload-total.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards/etcd.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards/k8s-cluster-rsrc-use.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards/k8s-node-rsrc-use.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards/k8s-resources-cluster.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards/k8s-resources-namespace.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards/k8s-resources-pod.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards/k8s-resources-workload.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards/k8s-resources-workloads-namespace.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards/nodes.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards/persistentvolumesusage.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards/pods.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/dashboards/statefulset.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/namespaces.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/grafana/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus-operator/clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus-operator/clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus-operator/deployment.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus-operator/psp-clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus-operator/psp-clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus-operator/psp.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus-operator/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus-operator/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus-operator/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/additionalAlertRelabelConfigs.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/additionalAlertmanagerConfigs.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/additionalPrometheusRules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/additionalScrapeConfigs.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/ingress.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/ingressThanosSidecar.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/ingressperreplica.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/nginx-config.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/podDisruptionBudget.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/podmonitors.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/prometheus.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/psp-clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/psp-clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/psp.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/alertmanager.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/etcd.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/general.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/k8s.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/kube-apiserver-slos.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/kube-apiserver.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/kube-prometheus-general.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/kube-prometheus-node-recording.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/kube-state-metrics.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/kubelet.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/kubernetes-apps.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/kubernetes-resources.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/kubernetes-storage.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/kubernetes-system.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/node-exporter.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/node-exporter.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/node-network.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/node.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/prometheus-operator.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules-1.14/prometheus.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules/alertmanager.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules/etcd.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules/general.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules/k8s.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules/kube-apiserver.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules/kube-prometheus-node-alerting.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules/kube-prometheus-node-recording.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules/kube-scheduler.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules/kubernetes-absent.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules/kubernetes-apps.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules/kubernetes-resources.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules/kubernetes-storage.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules/kubernetes-system.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules/node-network.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules/node-time.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules/node.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules/prometheus-operator.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/rules/prometheus.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/servicemonitors.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/prometheus/serviceperreplica.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/rancher-monitoring/clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/rancher-monitoring/config-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/rancher-monitoring/dashboard-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/rancher-monitoring/default-dashboard.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/rancher-monitoring/hardened.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.201/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/.helmignore create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/CHANGELOG.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/CONTRIBUTING.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/app-README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/.helmignore create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/dashboards/custom-dashboard.json create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/NOTES.txt create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/_pod.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/configmap-dashboard-provider.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/configmap.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/dashboards-json-configmap.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/deployment.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/headless-service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/ingress.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/nginx-config.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/poddisruptionbudget.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/podsecuritypolicy.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/pvc.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/rolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/secret-env.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/secret.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/statefulset.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/tests/test-configmap.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/tests/test-podsecuritypolicy.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/tests/test-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/tests/test-rolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/tests/test-serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/templates/tests/test.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/grafana/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/kube-state-metrics/.helmignore create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/kube-state-metrics/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/kube-state-metrics/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/kube-state-metrics/templates/NOTES.txt create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/kube-state-metrics/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/kube-state-metrics/templates/clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/kube-state-metrics/templates/clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/kube-state-metrics/templates/deployment.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/kube-state-metrics/templates/pdb.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/kube-state-metrics/templates/podsecuritypolicy.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/kube-state-metrics/templates/psp-clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/kube-state-metrics/templates/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/kube-state-metrics/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/kube-state-metrics/templates/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/kube-state-metrics/templates/stsdiscovery-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/kube-state-metrics/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/.helmignore create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/NOTES.txt create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/custom-metrics-apiserver-auth-delegator-cluster-role-binding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/custom-metrics-apiserver-auth-reader-role-binding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/custom-metrics-apiserver-deployment.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/custom-metrics-apiserver-pdb.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/custom-metrics-apiserver-psp.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/custom-metrics-apiserver-resource-reader-cluster-role-binding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/custom-metrics-apiserver-service-account.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/custom-metrics-apiserver-service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/custom-metrics-apiservice.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/custom-metrics-cluster-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/custom-metrics-configmap.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/custom-metrics-resource-reader-cluster-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/external-metrics-apiservice.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/external-metrics-cluster-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/hpa-custom-metrics-cluster-role-binding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/hpa-external-metrics-cluster-role-binding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/resource-metrics-apiservice.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/resource-metrics-cluster-role-binding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/resource-metrics-cluster-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/templates/secret.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-adapter/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-node-exporter/.helmignore create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-node-exporter/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-node-exporter/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-node-exporter/templates/NOTES.txt create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-node-exporter/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-node-exporter/templates/daemonset.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-node-exporter/templates/endpoints.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-node-exporter/templates/monitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-node-exporter/templates/psp-clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-node-exporter/templates/psp.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-node-exporter/templates/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-node-exporter/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/prometheus-node-exporter/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/rancher-pushprox/.helmignore create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/rancher-pushprox/Chart.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/rancher-pushprox/README.md create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/rancher-pushprox/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/rancher-pushprox/templates/pushprox-clients-rbac.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/rancher-pushprox/templates/pushprox-clients.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/rancher-pushprox/templates/pushprox-proxy-rbac.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/rancher-pushprox/templates/pushprox-proxy.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/rancher-pushprox/templates/pushprox-servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/charts/rancher-pushprox/values.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/requirements.lock create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/requirements.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/NOTES.txt create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/_helpers.tpl create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/alertmanager/alertmanager.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/alertmanager/cleanupSecret.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/alertmanager/ingress.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/alertmanager/ingressperreplica.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/alertmanager/podDisruptionBudget.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/alertmanager/psp-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/alertmanager/psp-rolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/alertmanager/psp.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/alertmanager/secret.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/alertmanager/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/alertmanager/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/alertmanager/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/alertmanager/serviceperreplica.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/exporters/core-dns/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/exporters/core-dns/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/exporters/kube-api-server/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/exporters/kube-controller-manager/endpoints.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/exporters/kube-controller-manager/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/exporters/kube-controller-manager/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/exporters/kube-dns/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/exporters/kube-dns/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/exporters/kube-etcd/endpoints.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/exporters/kube-etcd/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/exporters/kube-etcd/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/exporters/kube-proxy/endpoints.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/exporters/kube-proxy/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/exporters/kube-proxy/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/exporters/kube-scheduler/endpoints.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/exporters/kube-scheduler/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/exporters/kube-scheduler/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/exporters/kube-state-metrics/serviceMonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/exporters/kubelet/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/exporters/node-exporter/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/configmap-dashboards.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/configmaps-datasources.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/apiserver.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/cluster-total.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/controller-manager.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/etcd.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/k8s-coredns.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/k8s-resources-node.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/kubelet.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/namespace-by-pod.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/namespace-by-workload.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/node-rsrc-use.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/nodes.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/pod-total.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/prometheus.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/proxy.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/scheduler.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/statefulset.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards-1.14/workload-total.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards/etcd.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards/k8s-cluster-rsrc-use.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards/k8s-node-rsrc-use.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards/k8s-resources-cluster.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards/k8s-resources-namespace.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards/k8s-resources-pod.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards/k8s-resources-workload.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards/k8s-resources-workloads-namespace.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards/nodes.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards/persistentvolumesusage.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards/pods.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/dashboards/statefulset.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/namespaces.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/grafana/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus-operator/clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus-operator/clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus-operator/deployment.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus-operator/psp-clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus-operator/psp-clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus-operator/psp.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus-operator/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus-operator/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus-operator/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/additionalAlertRelabelConfigs.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/additionalAlertmanagerConfigs.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/additionalPrometheusRules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/additionalScrapeConfigs.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/ingress.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/ingressThanosSidecar.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/ingressperreplica.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/nginx-config.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/podDisruptionBudget.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/podmonitors.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/prometheus.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/psp-clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/psp-clusterrolebinding.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/psp.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/alertmanager.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/etcd.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/general.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/k8s.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/kube-apiserver-slos.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/kube-apiserver.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/kube-prometheus-general.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/kube-prometheus-node-recording.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/kube-state-metrics.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/kubelet.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/kubernetes-apps.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/kubernetes-resources.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/kubernetes-storage.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/kubernetes-system.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/node-exporter.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/node-exporter.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/node-network.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/node.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/prometheus-operator.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules-1.14/prometheus.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules/alertmanager.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules/etcd.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules/general.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules/k8s.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules/kube-apiserver.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules/kube-prometheus-node-alerting.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules/kube-prometheus-node-recording.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules/kube-scheduler.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules/kubernetes-absent.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules/kubernetes-apps.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules/kubernetes-resources.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules/kubernetes-storage.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules/kubernetes-system.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules/node-network.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules/node-time.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules/node.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules/prometheus-operator.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/rules/prometheus.rules.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/service.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/serviceaccount.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/servicemonitor.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/servicemonitors.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/prometheus/serviceperreplica.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/rancher-monitoring/clusterrole.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/rancher-monitoring/config-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/rancher-monitoring/dashboard-role.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/rancher-monitoring/default-dashboard.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/rancher-monitoring/hardened.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/templates/validate-install-crd.yaml create mode 100644 released/charts/rancher-monitoring/rancher-monitoring/9.4.202/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/CHANGELOG.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/CONTRIBUTING.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/app-README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/dashboards/custom-dashboard.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/NOTES.txt create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/_pod.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/configmap-dashboard-provider.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/configmap.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/dashboards-json-configmap.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/deployment.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/headless-service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/ingress.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/nginx-config.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/poddisruptionbudget.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/podsecuritypolicy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/pvc.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/rolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/secret-env.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/secret.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/statefulset.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/tests/test-configmap.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/tests/test-podsecuritypolicy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/tests/test-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/tests/test-rolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/tests/test-serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/templates/tests/test.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/grafana/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/k3sServer/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/k3sServer/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/k3sServer/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/k3sServer/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/k3sServer/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/k3sServer/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/k3sServer/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/k3sServer/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/k3sServer/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/k3sServer/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kube-state-metrics/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kube-state-metrics/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kube-state-metrics/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kube-state-metrics/templates/NOTES.txt create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kube-state-metrics/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kube-state-metrics/templates/clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kube-state-metrics/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kube-state-metrics/templates/deployment.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kube-state-metrics/templates/pdb.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kube-state-metrics/templates/podsecuritypolicy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kube-state-metrics/templates/psp-clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kube-state-metrics/templates/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kube-state-metrics/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kube-state-metrics/templates/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kube-state-metrics/templates/stsdiscovery-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kube-state-metrics/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmControllerManager/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmControllerManager/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmControllerManager/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmControllerManager/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmControllerManager/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmControllerManager/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmControllerManager/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmControllerManager/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmControllerManager/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmControllerManager/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmEtcd/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmEtcd/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmEtcd/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmEtcd/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmEtcd/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmEtcd/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmEtcd/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmEtcd/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmEtcd/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmEtcd/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmProxy/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmProxy/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmProxy/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmProxy/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmProxy/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmProxy/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmProxy/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmProxy/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmProxy/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmProxy/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmScheduler/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmScheduler/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmScheduler/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmScheduler/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmScheduler/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmScheduler/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmScheduler/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmScheduler/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmScheduler/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/kubeAdmScheduler/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/NOTES.txt create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/custom-metrics-apiserver-auth-delegator-cluster-role-binding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/custom-metrics-apiserver-auth-reader-role-binding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/custom-metrics-apiserver-deployment.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/custom-metrics-apiserver-pdb.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/custom-metrics-apiserver-psp.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/custom-metrics-apiserver-resource-reader-cluster-role-binding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/custom-metrics-apiserver-service-account.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/custom-metrics-apiserver-service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/custom-metrics-apiservice.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/custom-metrics-cluster-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/custom-metrics-configmap.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/custom-metrics-resource-reader-cluster-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/external-metrics-apiservice.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/external-metrics-cluster-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/hpa-custom-metrics-cluster-role-binding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/hpa-external-metrics-cluster-role-binding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/resource-metrics-apiservice.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/resource-metrics-cluster-role-binding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/resource-metrics-cluster-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/templates/secret.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-adapter/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-node-exporter/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-node-exporter/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-node-exporter/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-node-exporter/templates/NOTES.txt create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-node-exporter/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-node-exporter/templates/daemonset.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-node-exporter/templates/endpoints.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-node-exporter/templates/monitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-node-exporter/templates/psp-clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-node-exporter/templates/psp.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-node-exporter/templates/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-node-exporter/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/prometheus-node-exporter/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2ControllerManager/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2ControllerManager/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2ControllerManager/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2ControllerManager/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2ControllerManager/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2ControllerManager/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2ControllerManager/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2ControllerManager/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2ControllerManager/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2ControllerManager/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Etcd/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Etcd/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Etcd/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Etcd/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Etcd/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Etcd/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Etcd/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Etcd/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Etcd/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Etcd/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Proxy/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Proxy/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Proxy/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Proxy/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Proxy/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Proxy/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Proxy/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Proxy/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Proxy/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Proxy/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Scheduler/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Scheduler/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Scheduler/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Scheduler/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Scheduler/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Scheduler/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Scheduler/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Scheduler/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Scheduler/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rke2Scheduler/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeControllerManager/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeControllerManager/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeControllerManager/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeControllerManager/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeControllerManager/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeControllerManager/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeControllerManager/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeControllerManager/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeControllerManager/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeControllerManager/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeEtcd/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeEtcd/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeEtcd/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeEtcd/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeEtcd/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeEtcd/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeEtcd/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeEtcd/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeEtcd/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeEtcd/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeProxy/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeProxy/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeProxy/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeProxy/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeProxy/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeProxy/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeProxy/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeProxy/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeProxy/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeProxy/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeScheduler/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeScheduler/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeScheduler/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeScheduler/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeScheduler/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeScheduler/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeScheduler/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeScheduler/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeScheduler/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/charts/rkeScheduler/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/requirements.lock create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/requirements.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/NOTES.txt create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/alertmanager/alertmanager.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/alertmanager/cleanupSecret.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/alertmanager/ingress.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/alertmanager/ingressperreplica.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/alertmanager/podDisruptionBudget.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/alertmanager/psp-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/alertmanager/psp-rolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/alertmanager/psp.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/alertmanager/secret.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/alertmanager/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/alertmanager/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/alertmanager/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/alertmanager/serviceperreplica.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/exporters/core-dns/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/exporters/core-dns/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/exporters/kube-api-server/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/exporters/kube-controller-manager/endpoints.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/exporters/kube-controller-manager/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/exporters/kube-controller-manager/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/exporters/kube-dns/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/exporters/kube-dns/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/exporters/kube-etcd/endpoints.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/exporters/kube-etcd/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/exporters/kube-etcd/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/exporters/kube-proxy/endpoints.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/exporters/kube-proxy/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/exporters/kube-proxy/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/exporters/kube-scheduler/endpoints.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/exporters/kube-scheduler/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/exporters/kube-scheduler/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/exporters/kube-state-metrics/serviceMonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/exporters/kubelet/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/exporters/node-exporter/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/configmap-dashboards.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/configmaps-datasources.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/apiserver.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/cluster-total.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/controller-manager.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/etcd.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/k8s-coredns.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/k8s-resources-node.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/kubelet.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/namespace-by-pod.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/namespace-by-workload.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/node-rsrc-use.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/nodes.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/pod-total.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/prometheus.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/scheduler.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/statefulset.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards-1.14/workload-total.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards/etcd.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards/k8s-cluster-rsrc-use.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards/k8s-node-rsrc-use.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards/k8s-resources-cluster.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards/k8s-resources-namespace.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards/k8s-resources-pod.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards/k8s-resources-workload.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards/k8s-resources-workloads-namespace.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards/nodes.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards/persistentvolumesusage.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards/pods.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/dashboards/statefulset.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/namespaces.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/grafana/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus-operator/clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus-operator/clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus-operator/deployment.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus-operator/psp-clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus-operator/psp-clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus-operator/psp.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus-operator/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus-operator/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus-operator/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/additionalAlertRelabelConfigs.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/additionalAlertmanagerConfigs.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/additionalPrometheusRules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/additionalScrapeConfigs.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/ingress.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/ingressThanosSidecar.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/ingressperreplica.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/nginx-config.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/podDisruptionBudget.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/podmonitors.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/prometheus.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/psp-clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/psp-clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/psp.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/alertmanager.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/etcd.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/general.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/k8s.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/kube-apiserver-slos.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/kube-apiserver.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/kube-prometheus-general.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/kube-prometheus-node-recording.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/kube-state-metrics.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/kubelet.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/kubernetes-apps.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/kubernetes-resources.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/kubernetes-storage.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/kubernetes-system.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/node-exporter.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/node-exporter.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/node-network.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/node.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/prometheus-operator.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules-1.14/prometheus.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules/alertmanager.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules/etcd.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules/general.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules/k8s.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules/kube-apiserver.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules/kube-prometheus-node-alerting.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules/kube-prometheus-node-recording.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules/kube-scheduler.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules/kubernetes-absent.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules/kubernetes-apps.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules/kubernetes-resources.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules/kubernetes-storage.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules/kubernetes-system.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules/node-network.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules/node-time.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules/node.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules/prometheus-operator.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/rules/prometheus.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/servicemonitors.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/prometheus/serviceperreplica.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/rancher-monitoring/clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/rancher-monitoring/config-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/rancher-monitoring/dashboard-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/rancher-monitoring/default-dashboard.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/rancher-monitoring/hardened.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.203/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/CHANGELOG.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/CONTRIBUTING.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/app-README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/dashboards/custom-dashboard.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/NOTES.txt create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/_pod.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/configmap-dashboard-provider.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/configmap.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/dashboards-json-configmap.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/deployment.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/headless-service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/ingress.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/nginx-config.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/poddisruptionbudget.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/podsecuritypolicy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/pvc.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/rolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/secret-env.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/secret.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/statefulset.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/tests/test-configmap.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/tests/test-podsecuritypolicy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/tests/test-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/tests/test-rolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/tests/test-serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/templates/tests/test.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/grafana/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/k3sServer/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/k3sServer/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/k3sServer/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/k3sServer/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/k3sServer/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/k3sServer/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/k3sServer/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/k3sServer/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/k3sServer/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/k3sServer/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kube-state-metrics/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kube-state-metrics/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kube-state-metrics/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kube-state-metrics/templates/NOTES.txt create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kube-state-metrics/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kube-state-metrics/templates/clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kube-state-metrics/templates/clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kube-state-metrics/templates/deployment.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kube-state-metrics/templates/pdb.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kube-state-metrics/templates/podsecuritypolicy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kube-state-metrics/templates/psp-clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kube-state-metrics/templates/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kube-state-metrics/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kube-state-metrics/templates/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kube-state-metrics/templates/stsdiscovery-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kube-state-metrics/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmControllerManager/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmControllerManager/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmControllerManager/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmControllerManager/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmControllerManager/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmControllerManager/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmControllerManager/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmControllerManager/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmControllerManager/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmControllerManager/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmEtcd/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmEtcd/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmEtcd/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmEtcd/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmEtcd/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmEtcd/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmEtcd/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmEtcd/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmEtcd/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmEtcd/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmProxy/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmProxy/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmProxy/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmProxy/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmProxy/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmProxy/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmProxy/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmProxy/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmProxy/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmProxy/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmScheduler/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmScheduler/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmScheduler/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmScheduler/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmScheduler/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmScheduler/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmScheduler/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmScheduler/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmScheduler/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/kubeAdmScheduler/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/NOTES.txt create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/custom-metrics-apiserver-auth-delegator-cluster-role-binding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/custom-metrics-apiserver-auth-reader-role-binding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/custom-metrics-apiserver-deployment.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/custom-metrics-apiserver-pdb.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/custom-metrics-apiserver-psp.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/custom-metrics-apiserver-resource-reader-cluster-role-binding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/custom-metrics-apiserver-service-account.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/custom-metrics-apiserver-service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/custom-metrics-apiservice.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/custom-metrics-cluster-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/custom-metrics-configmap.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/custom-metrics-resource-reader-cluster-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/external-metrics-apiservice.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/external-metrics-cluster-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/hpa-custom-metrics-cluster-role-binding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/hpa-external-metrics-cluster-role-binding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/resource-metrics-apiservice.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/resource-metrics-cluster-role-binding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/resource-metrics-cluster-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/templates/secret.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-adapter/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-node-exporter/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-node-exporter/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-node-exporter/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-node-exporter/templates/NOTES.txt create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-node-exporter/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-node-exporter/templates/daemonset.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-node-exporter/templates/endpoints.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-node-exporter/templates/monitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-node-exporter/templates/psp-clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-node-exporter/templates/psp.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-node-exporter/templates/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-node-exporter/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/prometheus-node-exporter/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2ControllerManager/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2ControllerManager/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2ControllerManager/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2ControllerManager/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2ControllerManager/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2ControllerManager/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2ControllerManager/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2ControllerManager/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2ControllerManager/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2ControllerManager/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Etcd/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Etcd/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Etcd/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Etcd/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Etcd/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Etcd/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Etcd/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Etcd/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Etcd/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Etcd/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Proxy/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Proxy/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Proxy/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Proxy/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Proxy/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Proxy/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Proxy/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Proxy/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Proxy/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Proxy/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Scheduler/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Scheduler/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Scheduler/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Scheduler/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Scheduler/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Scheduler/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Scheduler/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Scheduler/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Scheduler/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rke2Scheduler/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeControllerManager/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeControllerManager/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeControllerManager/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeControllerManager/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeControllerManager/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeControllerManager/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeControllerManager/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeControllerManager/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeControllerManager/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeControllerManager/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeEtcd/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeEtcd/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeEtcd/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeEtcd/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeEtcd/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeEtcd/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeEtcd/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeEtcd/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeEtcd/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeEtcd/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeProxy/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeProxy/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeProxy/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeProxy/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeProxy/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeProxy/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeProxy/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeProxy/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeProxy/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeProxy/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeScheduler/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeScheduler/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeScheduler/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeScheduler/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeScheduler/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeScheduler/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeScheduler/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeScheduler/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeScheduler/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/rkeScheduler/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/windowsExporter/.helmignore create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/windowsExporter/Chart.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/windowsExporter/README.md create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/windowsExporter/scripts/copy-binary.ps1 create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/windowsExporter/scripts/proxy-entry.ps1 create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/windowsExporter/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/windowsExporter/templates/configmap.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/windowsExporter/templates/daemonset.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/windowsExporter/templates/rbac.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/windowsExporter/templates/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/windowsExporter/templates/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/windowsExporter/templates/windows-relabel-rule.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/charts/windowsExporter/values.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/files/ingress-nginx/nginx.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/files/ingress-nginx/request-handling-performance.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/files/rancher/rancher-default-home.json create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/requirements.lock create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/requirements.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/NOTES.txt create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/_helpers.tpl create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/alertmanager/alertmanager.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/alertmanager/cleanupSecret.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/alertmanager/ingress.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/alertmanager/ingressperreplica.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/alertmanager/podDisruptionBudget.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/alertmanager/psp-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/alertmanager/psp-rolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/alertmanager/psp.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/alertmanager/secret.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/alertmanager/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/alertmanager/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/alertmanager/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/alertmanager/serviceperreplica.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/exporters/core-dns/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/exporters/core-dns/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/exporters/kube-api-server/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/exporters/kube-controller-manager/endpoints.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/exporters/kube-controller-manager/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/exporters/kube-controller-manager/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/exporters/kube-dns/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/exporters/kube-dns/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/exporters/kube-etcd/endpoints.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/exporters/kube-etcd/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/exporters/kube-etcd/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/exporters/kube-proxy/endpoints.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/exporters/kube-proxy/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/exporters/kube-proxy/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/exporters/kube-scheduler/endpoints.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/exporters/kube-scheduler/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/exporters/kube-scheduler/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/exporters/kube-state-metrics/serviceMonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/exporters/kubelet/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/exporters/node-exporter/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/configmap-dashboards.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/configmaps-datasources.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/apiserver.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/cluster-total.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/controller-manager.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/etcd.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/k8s-coredns.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/k8s-resources-node.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/kubelet.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/namespace-by-pod.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/namespace-by-workload.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/node-rsrc-use.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/nodes.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/pod-total.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/prometheus.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/proxy.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/scheduler.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/statefulset.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards-1.14/workload-total.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards/etcd.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards/k8s-cluster-rsrc-use.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards/k8s-node-rsrc-use.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards/k8s-resources-cluster.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards/k8s-resources-namespace.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards/k8s-resources-pod.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards/k8s-resources-workload.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards/k8s-resources-workloads-namespace.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards/nodes.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards/persistentvolumesusage.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards/pods.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/dashboards/statefulset.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/namespaces.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/grafana/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus-operator/clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus-operator/clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus-operator/deployment.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus-operator/psp-clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus-operator/psp-clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus-operator/psp.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus-operator/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus-operator/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus-operator/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/additionalAlertRelabelConfigs.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/additionalAlertmanagerConfigs.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/additionalPrometheusRules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/additionalScrapeConfigs.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/ingress.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/ingressThanosSidecar.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/ingressperreplica.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/nginx-config.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/podDisruptionBudget.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/podmonitors.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/prometheus.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/psp-clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/psp-clusterrolebinding.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/psp.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/alertmanager.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/etcd.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/general.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/k8s.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/kube-apiserver-slos.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/kube-apiserver.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/kube-prometheus-general.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/kube-prometheus-node-recording.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/kube-state-metrics.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/kubelet.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/kubernetes-apps.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/kubernetes-resources.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/kubernetes-storage.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/kubernetes-system.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/node-exporter.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/node-exporter.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/node-network.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/node.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/prometheus-operator.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules-1.14/prometheus.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules/alertmanager.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules/etcd.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules/general.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules/k8s.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules/kube-apiserver.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules/kube-prometheus-node-alerting.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules/kube-prometheus-node-recording.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules/kube-scheduler.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules/kubernetes-absent.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules/kubernetes-apps.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules/kubernetes-resources.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules/kubernetes-storage.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules/kubernetes-system.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules/node-network.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules/node-time.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules/node.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules/prometheus-operator.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/rules/prometheus.rules.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/serviceaccount.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/servicemonitors.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/prometheus/serviceperreplica.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/rancher-monitoring/clusterrole.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/rancher-monitoring/config-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/rancher-monitoring/dashboard-role.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/rancher-monitoring/default-dashboard.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/rancher-monitoring/exporters/ingress-nginx/service.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/rancher-monitoring/exporters/ingress-nginx/servicemonitor.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/rancher-monitoring/hardened.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/rancher-monitoring/ingress-nginx-dashboard.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/templates/validate-install-crd.yaml create mode 100755 released/charts/rancher-monitoring/rancher-monitoring/9.4.204/values.yaml create mode 100755 released/charts/rancher-node-exporter/rancher-node-exporter/1.16.201/.helmignore create mode 100755 released/charts/rancher-node-exporter/rancher-node-exporter/1.16.201/Chart.yaml create mode 100755 released/charts/rancher-node-exporter/rancher-node-exporter/1.16.201/OWNERS create mode 100755 released/charts/rancher-node-exporter/rancher-node-exporter/1.16.201/README.md create mode 100755 released/charts/rancher-node-exporter/rancher-node-exporter/1.16.201/ci/port-values.yaml create mode 100755 released/charts/rancher-node-exporter/rancher-node-exporter/1.16.201/templates/NOTES.txt create mode 100755 released/charts/rancher-node-exporter/rancher-node-exporter/1.16.201/templates/_helpers.tpl create mode 100755 released/charts/rancher-node-exporter/rancher-node-exporter/1.16.201/templates/daemonset.yaml create mode 100755 released/charts/rancher-node-exporter/rancher-node-exporter/1.16.201/templates/endpoints.yaml create mode 100755 released/charts/rancher-node-exporter/rancher-node-exporter/1.16.201/templates/monitor.yaml create mode 100755 released/charts/rancher-node-exporter/rancher-node-exporter/1.16.201/templates/psp-clusterrole.yaml create mode 100755 released/charts/rancher-node-exporter/rancher-node-exporter/1.16.201/templates/psp-clusterrolebinding.yaml create mode 100755 released/charts/rancher-node-exporter/rancher-node-exporter/1.16.201/templates/psp.yaml create mode 100755 released/charts/rancher-node-exporter/rancher-node-exporter/1.16.201/templates/service.yaml create mode 100755 released/charts/rancher-node-exporter/rancher-node-exporter/1.16.201/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-node-exporter/rancher-node-exporter/1.16.201/values.yaml create mode 100644 released/charts/rancher-operator-crd/rancher-operator-crd/0.1.000/Chart.yaml create mode 100644 released/charts/rancher-operator-crd/rancher-operator-crd/0.1.000/templates/crds.yaml create mode 100644 released/charts/rancher-operator-crd/rancher-operator-crd/0.1.100/Chart.yaml create mode 100644 released/charts/rancher-operator-crd/rancher-operator-crd/0.1.100/templates/crds.yaml create mode 100644 released/charts/rancher-operator-crd/rancher-operator-crd/0.1.200/Chart.yaml create mode 100644 released/charts/rancher-operator-crd/rancher-operator-crd/0.1.200/templates/crds.yaml create mode 100755 released/charts/rancher-operator-crd/rancher-operator-crd/0.1.300/Chart.yaml create mode 100755 released/charts/rancher-operator-crd/rancher-operator-crd/0.1.300/templates/crds.yaml create mode 100755 released/charts/rancher-operator-crd/rancher-operator-crd/0.1.400/Chart.yaml create mode 100755 released/charts/rancher-operator-crd/rancher-operator-crd/0.1.400/templates/crds.yaml create mode 100644 released/charts/rancher-operator/rancher-operator/0.1.000/Chart.yaml create mode 100644 released/charts/rancher-operator/rancher-operator/0.1.000/templates/_helpers.tpl create mode 100644 released/charts/rancher-operator/rancher-operator/0.1.000/templates/deployment.yaml create mode 100644 released/charts/rancher-operator/rancher-operator/0.1.000/templates/rbac.yaml create mode 100644 released/charts/rancher-operator/rancher-operator/0.1.000/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-operator/rancher-operator/0.1.000/values.yaml create mode 100644 released/charts/rancher-operator/rancher-operator/0.1.100/Chart.yaml create mode 100644 released/charts/rancher-operator/rancher-operator/0.1.100/templates/_helpers.tpl create mode 100644 released/charts/rancher-operator/rancher-operator/0.1.100/templates/deployment.yaml create mode 100644 released/charts/rancher-operator/rancher-operator/0.1.100/templates/rbac.yaml create mode 100644 released/charts/rancher-operator/rancher-operator/0.1.100/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-operator/rancher-operator/0.1.100/values.yaml create mode 100644 released/charts/rancher-operator/rancher-operator/0.1.200/Chart.yaml create mode 100644 released/charts/rancher-operator/rancher-operator/0.1.200/templates/_helpers.tpl create mode 100644 released/charts/rancher-operator/rancher-operator/0.1.200/templates/deployment.yaml create mode 100644 released/charts/rancher-operator/rancher-operator/0.1.200/templates/rbac.yaml create mode 100644 released/charts/rancher-operator/rancher-operator/0.1.200/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-operator/rancher-operator/0.1.200/values.yaml create mode 100755 released/charts/rancher-operator/rancher-operator/0.1.300/Chart.yaml create mode 100755 released/charts/rancher-operator/rancher-operator/0.1.300/templates/_helpers.tpl create mode 100755 released/charts/rancher-operator/rancher-operator/0.1.300/templates/deployment.yaml create mode 100755 released/charts/rancher-operator/rancher-operator/0.1.300/templates/rbac.yaml create mode 100755 released/charts/rancher-operator/rancher-operator/0.1.300/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-operator/rancher-operator/0.1.300/values.yaml create mode 100755 released/charts/rancher-operator/rancher-operator/0.1.400/Chart.yaml create mode 100755 released/charts/rancher-operator/rancher-operator/0.1.400/templates/_helpers.tpl create mode 100755 released/charts/rancher-operator/rancher-operator/0.1.400/templates/deployment.yaml create mode 100755 released/charts/rancher-operator/rancher-operator/0.1.400/templates/rbac.yaml create mode 100755 released/charts/rancher-operator/rancher-operator/0.1.400/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-operator/rancher-operator/0.1.400/values.yaml create mode 100755 released/charts/rancher-prom2teams/rancher-prom2teams/0.2.000/.helmignore create mode 100755 released/charts/rancher-prom2teams/rancher-prom2teams/0.2.000/Chart.yaml create mode 100755 released/charts/rancher-prom2teams/rancher-prom2teams/0.2.000/files/teams.j2 create mode 100755 released/charts/rancher-prom2teams/rancher-prom2teams/0.2.000/templates/NOTES.txt create mode 100755 released/charts/rancher-prom2teams/rancher-prom2teams/0.2.000/templates/_helpers.tpl create mode 100755 released/charts/rancher-prom2teams/rancher-prom2teams/0.2.000/templates/configmap.yaml create mode 100755 released/charts/rancher-prom2teams/rancher-prom2teams/0.2.000/templates/deployment.yaml create mode 100755 released/charts/rancher-prom2teams/rancher-prom2teams/0.2.000/templates/psp.yaml create mode 100755 released/charts/rancher-prom2teams/rancher-prom2teams/0.2.000/templates/role.yaml create mode 100755 released/charts/rancher-prom2teams/rancher-prom2teams/0.2.000/templates/rolebinding.yaml create mode 100755 released/charts/rancher-prom2teams/rancher-prom2teams/0.2.000/templates/service-account.yaml create mode 100755 released/charts/rancher-prom2teams/rancher-prom2teams/0.2.000/templates/service.yaml create mode 100755 released/charts/rancher-prom2teams/rancher-prom2teams/0.2.000/values.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/.helmignore create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/Chart.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/README.md create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/ci/default-values.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/ci/external-rules-values.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/NOTES.txt create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/_helpers.tpl create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/certmanager.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/cluster-role-binding-auth-delegator.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/cluster-role-binding-resource-reader.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/cluster-role-resource-reader.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/configmap.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/custom-metrics-apiservice.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/custom-metrics-cluster-role-binding-hpa.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/custom-metrics-cluster-role.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/deployment.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/external-metrics-apiservice.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/external-metrics-cluster-role-binding-hpa.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/external-metrics-cluster-role.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/pdb.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/psp.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/resource-metrics-apiservice.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/resource-metrics-cluster-role-binding.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/resource-metrics-cluster-role.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/role-binding-auth-reader.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/secret.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/service.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-prometheus-adapter/rancher-prometheus-adapter/2.12.101/values.yaml create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.0/.helmignore create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.0/Chart.yaml create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.0/README.md create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.0/templates/_helpers.tpl create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.0/templates/pushprox-clients-rbac.yaml create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.0/templates/pushprox-clients.yaml create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.0/templates/pushprox-proxy.yaml create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.0/templates/pushprox-servicemonitor.yaml create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.0/values.yaml create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.1/.helmignore create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.1/Chart.yaml create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.1/README.md create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.1/templates/_helpers.tpl create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.1/templates/pushprox-clients-rbac.yaml create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.1/templates/pushprox-clients.yaml create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.1/templates/pushprox-proxy.yaml create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.1/templates/pushprox-servicemonitor.yaml create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.1/values.yaml create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.2/.helmignore create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.2/Chart.yaml create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.2/README.md create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.2/templates/_helpers.tpl create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.2/templates/pushprox-clients-rbac.yaml create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.2/templates/pushprox-clients.yaml create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.2/templates/pushprox-proxy-rbac.yaml create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.2/templates/pushprox-proxy.yaml create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.2/templates/pushprox-servicemonitor.yaml create mode 100644 released/charts/rancher-pushprox/rancher-pushprox/0.1.2/values.yaml create mode 100755 released/charts/rancher-pushprox/rancher-pushprox/0.1.201/.helmignore create mode 100755 released/charts/rancher-pushprox/rancher-pushprox/0.1.201/Chart.yaml create mode 100755 released/charts/rancher-pushprox/rancher-pushprox/0.1.201/README.md create mode 100755 released/charts/rancher-pushprox/rancher-pushprox/0.1.201/templates/_helpers.tpl create mode 100755 released/charts/rancher-pushprox/rancher-pushprox/0.1.201/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-pushprox/rancher-pushprox/0.1.201/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-pushprox/rancher-pushprox/0.1.201/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-pushprox/rancher-pushprox/0.1.201/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-pushprox/rancher-pushprox/0.1.201/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-pushprox/rancher-pushprox/0.1.201/values.yaml create mode 100755 released/charts/rancher-pushprox/rancher-pushprox/0.1.300/.helmignore create mode 100755 released/charts/rancher-pushprox/rancher-pushprox/0.1.300/Chart.yaml create mode 100755 released/charts/rancher-pushprox/rancher-pushprox/0.1.300/README.md create mode 100755 released/charts/rancher-pushprox/rancher-pushprox/0.1.300/templates/_helpers.tpl create mode 100755 released/charts/rancher-pushprox/rancher-pushprox/0.1.300/templates/pushprox-clients-rbac.yaml create mode 100755 released/charts/rancher-pushprox/rancher-pushprox/0.1.300/templates/pushprox-clients.yaml create mode 100755 released/charts/rancher-pushprox/rancher-pushprox/0.1.300/templates/pushprox-proxy-rbac.yaml create mode 100755 released/charts/rancher-pushprox/rancher-pushprox/0.1.300/templates/pushprox-proxy.yaml create mode 100755 released/charts/rancher-pushprox/rancher-pushprox/0.1.300/templates/pushprox-servicemonitor.yaml create mode 100755 released/charts/rancher-pushprox/rancher-pushprox/0.1.300/values.yaml create mode 100755 released/charts/rancher-sachet/rancher-sachet/1.0.100/.helmignore create mode 100755 released/charts/rancher-sachet/rancher-sachet/1.0.100/Chart.yaml create mode 100755 released/charts/rancher-sachet/rancher-sachet/1.0.100/files/template.tmpl create mode 100755 released/charts/rancher-sachet/rancher-sachet/1.0.100/templates/NOTES.txt create mode 100755 released/charts/rancher-sachet/rancher-sachet/1.0.100/templates/_helpers.tpl create mode 100755 released/charts/rancher-sachet/rancher-sachet/1.0.100/templates/configmap-pre-install.yaml create mode 100755 released/charts/rancher-sachet/rancher-sachet/1.0.100/templates/deployment.yaml create mode 100755 released/charts/rancher-sachet/rancher-sachet/1.0.100/templates/psp.yaml create mode 100755 released/charts/rancher-sachet/rancher-sachet/1.0.100/templates/role.yaml create mode 100755 released/charts/rancher-sachet/rancher-sachet/1.0.100/templates/rolebinding.yaml create mode 100755 released/charts/rancher-sachet/rancher-sachet/1.0.100/templates/service-account.yaml create mode 100755 released/charts/rancher-sachet/rancher-sachet/1.0.100/templates/service.yaml create mode 100755 released/charts/rancher-sachet/rancher-sachet/1.0.100/values.yaml create mode 100644 released/charts/rancher-tracing/rancher-tracing/1.20.001/.helmignore create mode 100644 released/charts/rancher-tracing/rancher-tracing/1.20.001/Chart.yaml create mode 100644 released/charts/rancher-tracing/rancher-tracing/1.20.001/README.md create mode 100644 released/charts/rancher-tracing/rancher-tracing/1.20.001/templates/_affinity.tpl create mode 100644 released/charts/rancher-tracing/rancher-tracing/1.20.001/templates/_helpers.tpl create mode 100644 released/charts/rancher-tracing/rancher-tracing/1.20.001/templates/deployment.yaml create mode 100644 released/charts/rancher-tracing/rancher-tracing/1.20.001/templates/pvc.yaml create mode 100644 released/charts/rancher-tracing/rancher-tracing/1.20.001/templates/service.yaml create mode 100644 released/charts/rancher-tracing/rancher-tracing/1.20.001/values.yaml create mode 100755 released/charts/rancher-tracing/rancher-tracing/1.20.002/.helmignore create mode 100755 released/charts/rancher-tracing/rancher-tracing/1.20.002/Chart.yaml create mode 100755 released/charts/rancher-tracing/rancher-tracing/1.20.002/README.md create mode 100755 released/charts/rancher-tracing/rancher-tracing/1.20.002/templates/_affinity.tpl create mode 100755 released/charts/rancher-tracing/rancher-tracing/1.20.002/templates/_helpers.tpl create mode 100755 released/charts/rancher-tracing/rancher-tracing/1.20.002/templates/deployment.yaml create mode 100755 released/charts/rancher-tracing/rancher-tracing/1.20.002/templates/pvc.yaml create mode 100755 released/charts/rancher-tracing/rancher-tracing/1.20.002/templates/service.yaml create mode 100755 released/charts/rancher-tracing/rancher-tracing/1.20.002/values.yaml create mode 100755 released/charts/rancher-tracing/rancher-tracing/1.20.100/.helmignore create mode 100755 released/charts/rancher-tracing/rancher-tracing/1.20.100/Chart.yaml create mode 100755 released/charts/rancher-tracing/rancher-tracing/1.20.100/README.md create mode 100755 released/charts/rancher-tracing/rancher-tracing/1.20.100/templates/_affinity.tpl create mode 100755 released/charts/rancher-tracing/rancher-tracing/1.20.100/templates/_helpers.tpl create mode 100755 released/charts/rancher-tracing/rancher-tracing/1.20.100/templates/deployment.yaml create mode 100755 released/charts/rancher-tracing/rancher-tracing/1.20.100/templates/psp.yaml create mode 100755 released/charts/rancher-tracing/rancher-tracing/1.20.100/templates/pvc.yaml create mode 100755 released/charts/rancher-tracing/rancher-tracing/1.20.100/templates/service.yaml create mode 100755 released/charts/rancher-tracing/rancher-tracing/1.20.100/values.yaml create mode 100755 released/charts/rancher-vsphere-cpi/rancher-vsphere-cpi/1.0.000/Chart.yaml create mode 100755 released/charts/rancher-vsphere-cpi/rancher-vsphere-cpi/1.0.000/README.md create mode 100755 released/charts/rancher-vsphere-cpi/rancher-vsphere-cpi/1.0.000/app-readme.md create mode 100755 released/charts/rancher-vsphere-cpi/rancher-vsphere-cpi/1.0.000/questions.yaml create mode 100755 released/charts/rancher-vsphere-cpi/rancher-vsphere-cpi/1.0.000/templates/_helpers.tpl create mode 100755 released/charts/rancher-vsphere-cpi/rancher-vsphere-cpi/1.0.000/templates/vsphere-cloud-config-cm.yaml create mode 100755 released/charts/rancher-vsphere-cpi/rancher-vsphere-cpi/1.0.000/templates/vsphere-cpi-ds.yaml create mode 100755 released/charts/rancher-vsphere-cpi/rancher-vsphere-cpi/1.0.000/templates/vsphere-cpi-rbac.yaml create mode 100755 released/charts/rancher-vsphere-cpi/rancher-vsphere-cpi/1.0.000/templates/vsphere-creds-secret.yaml create mode 100755 released/charts/rancher-vsphere-cpi/rancher-vsphere-cpi/1.0.000/values.yaml create mode 100755 released/charts/rancher-vsphere-csi/rancher-vsphere-csi/2.1.000/Chart.yaml create mode 100755 released/charts/rancher-vsphere-csi/rancher-vsphere-csi/2.1.000/README.md create mode 100755 released/charts/rancher-vsphere-csi/rancher-vsphere-csi/2.1.000/app-readme.md create mode 100755 released/charts/rancher-vsphere-csi/rancher-vsphere-csi/2.1.000/questions.yaml create mode 100755 released/charts/rancher-vsphere-csi/rancher-vsphere-csi/2.1.000/templates/_helpers.tpl create mode 100755 released/charts/rancher-vsphere-csi/rancher-vsphere-csi/2.1.000/templates/vsphere-csi-controller-deployment.yaml create mode 100755 released/charts/rancher-vsphere-csi/rancher-vsphere-csi/2.1.000/templates/vsphere-csi-controller-rbac.yaml create mode 100755 released/charts/rancher-vsphere-csi/rancher-vsphere-csi/2.1.000/templates/vsphere-csi-node-ds.yaml create mode 100755 released/charts/rancher-vsphere-csi/rancher-vsphere-csi/2.1.000/templates/vsphere-csi-secret.yaml create mode 100755 released/charts/rancher-vsphere-csi/rancher-vsphere-csi/2.1.000/templates/vsphere-csi-storageclass.yaml create mode 100755 released/charts/rancher-vsphere-csi/rancher-vsphere-csi/2.1.000/values.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta500/Chart.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta500/templates/_helpers.tpl create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta500/templates/deployment.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta500/templates/rbac.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta500/templates/service.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta500/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta500/templates/webhook.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta500/values.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta700/Chart.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta700/templates/_helpers.tpl create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta700/templates/deployment.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta700/templates/rbac.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta700/templates/service.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta700/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta700/templates/webhook.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta700/values.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta900/Chart.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta900/templates/_helpers.tpl create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta900/templates/deployment.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta900/templates/rbac.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta900/templates/service.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta900/templates/serviceaccount.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta900/templates/webhook.yaml create mode 100644 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta900/values.yaml create mode 100755 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta901/Chart.yaml create mode 100755 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta901/templates/_helpers.tpl create mode 100755 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta901/templates/deployment.yaml create mode 100755 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta901/templates/rbac.yaml create mode 100755 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta901/templates/service.yaml create mode 100755 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta901/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta901/templates/webhook.yaml create mode 100755 released/charts/rancher-webhook/rancher-webhook/0.1.0-beta901/values.yaml create mode 100755 released/charts/rancher-webhook/rancher-webhook/0.1.000/Chart.yaml create mode 100755 released/charts/rancher-webhook/rancher-webhook/0.1.000/templates/_helpers.tpl create mode 100755 released/charts/rancher-webhook/rancher-webhook/0.1.000/templates/deployment.yaml create mode 100755 released/charts/rancher-webhook/rancher-webhook/0.1.000/templates/rbac.yaml create mode 100755 released/charts/rancher-webhook/rancher-webhook/0.1.000/templates/service.yaml create mode 100755 released/charts/rancher-webhook/rancher-webhook/0.1.000/templates/serviceaccount.yaml create mode 100755 released/charts/rancher-webhook/rancher-webhook/0.1.000/templates/webhook.yaml create mode 100755 released/charts/rancher-webhook/rancher-webhook/0.1.000/values.yaml create mode 100755 released/charts/rancher-windows-exporter/rancher-windows-exporter/0.1.000/.helmignore create mode 100755 released/charts/rancher-windows-exporter/rancher-windows-exporter/0.1.000/Chart.yaml create mode 100755 released/charts/rancher-windows-exporter/rancher-windows-exporter/0.1.000/README.md create mode 100755 released/charts/rancher-windows-exporter/rancher-windows-exporter/0.1.000/scripts/check-wins-version.ps1 create mode 100755 released/charts/rancher-windows-exporter/rancher-windows-exporter/0.1.000/scripts/copy-binary.ps1 create mode 100755 released/charts/rancher-windows-exporter/rancher-windows-exporter/0.1.000/scripts/proxy-entry.ps1 create mode 100755 released/charts/rancher-windows-exporter/rancher-windows-exporter/0.1.000/scripts/run.ps1 create mode 100755 released/charts/rancher-windows-exporter/rancher-windows-exporter/0.1.000/templates/_helpers.tpl create mode 100755 released/charts/rancher-windows-exporter/rancher-windows-exporter/0.1.000/templates/configmap.yaml create mode 100755 released/charts/rancher-windows-exporter/rancher-windows-exporter/0.1.000/templates/daemonset.yaml create mode 100755 released/charts/rancher-windows-exporter/rancher-windows-exporter/0.1.000/templates/rbac.yaml create mode 100755 released/charts/rancher-windows-exporter/rancher-windows-exporter/0.1.000/templates/service.yaml create mode 100755 released/charts/rancher-windows-exporter/rancher-windows-exporter/0.1.000/templates/servicemonitor.yaml create mode 100755 released/charts/rancher-windows-exporter/rancher-windows-exporter/0.1.000/templates/windows-relabel-rule.yaml create mode 100755 released/charts/rancher-windows-exporter/rancher-windows-exporter/0.1.000/values.yaml create mode 100755 released/charts/rancher-wins-upgrader/rancher-wins-upgrader/0.0.100/.helmignore create mode 100755 released/charts/rancher-wins-upgrader/rancher-wins-upgrader/0.0.100/Chart.yaml create mode 100755 released/charts/rancher-wins-upgrader/rancher-wins-upgrader/0.0.100/README.md create mode 100755 released/charts/rancher-wins-upgrader/rancher-wins-upgrader/0.0.100/app-readme.md create mode 100755 released/charts/rancher-wins-upgrader/rancher-wins-upgrader/0.0.100/scripts/noop.ps1 create mode 100755 released/charts/rancher-wins-upgrader/rancher-wins-upgrader/0.0.100/scripts/upgrade.ps1 create mode 100755 released/charts/rancher-wins-upgrader/rancher-wins-upgrader/0.0.100/templates/_helpers.tpl create mode 100755 released/charts/rancher-wins-upgrader/rancher-wins-upgrader/0.0.100/templates/configmap.yaml create mode 100755 released/charts/rancher-wins-upgrader/rancher-wins-upgrader/0.0.100/templates/daemonset.yaml create mode 100755 released/charts/rancher-wins-upgrader/rancher-wins-upgrader/0.0.100/templates/rbac.yaml create mode 100755 released/charts/rancher-wins-upgrader/rancher-wins-upgrader/0.0.100/values.yaml create mode 100644 released/charts/rio/rio/0.8.000/.helmignore create mode 100644 released/charts/rio/rio/0.8.000/Chart.yaml create mode 100644 released/charts/rio/rio/0.8.000/README.md create mode 100644 released/charts/rio/rio/0.8.000/templates/NOTES.txt create mode 100644 released/charts/rio/rio/0.8.000/templates/_helpers.tpl create mode 100644 released/charts/rio/rio/0.8.000/templates/clusterrole.yaml create mode 100644 released/charts/rio/rio/0.8.000/templates/clusterrolebinding.yaml create mode 100644 released/charts/rio/rio/0.8.000/templates/configmap.yaml create mode 100644 released/charts/rio/rio/0.8.000/templates/deployment.yaml create mode 100644 released/charts/rio/rio/0.8.000/templates/envoyfilter.yaml create mode 100644 released/charts/rio/rio/0.8.000/templates/secret.yaml create mode 100644 released/charts/rio/rio/0.8.000/templates/service.yaml create mode 100644 released/charts/rio/rio/0.8.000/templates/serviceaccount.yaml create mode 100644 released/charts/rio/rio/0.8.000/values.yaml create mode 100755 released/charts/rio/rio/0.8.001/.helmignore create mode 100755 released/charts/rio/rio/0.8.001/Chart.yaml create mode 100755 released/charts/rio/rio/0.8.001/README.md create mode 100755 released/charts/rio/rio/0.8.001/templates/NOTES.txt create mode 100755 released/charts/rio/rio/0.8.001/templates/_helpers.tpl create mode 100755 released/charts/rio/rio/0.8.001/templates/clusterrole.yaml create mode 100755 released/charts/rio/rio/0.8.001/templates/clusterrolebinding.yaml create mode 100755 released/charts/rio/rio/0.8.001/templates/configmap.yaml create mode 100755 released/charts/rio/rio/0.8.001/templates/deployment.yaml create mode 100755 released/charts/rio/rio/0.8.001/templates/envoyfilter.yaml create mode 100755 released/charts/rio/rio/0.8.001/templates/secret.yaml create mode 100755 released/charts/rio/rio/0.8.001/templates/service.yaml create mode 100755 released/charts/rio/rio/0.8.001/templates/serviceaccount.yaml create mode 100755 released/charts/rio/rio/0.8.001/values.yaml create mode 100755 released/index.yaml diff --git a/index.yaml b/index.yaml old mode 100755 new mode 100644 index 6e85deebc..c9c8bc160 --- a/index.yaml +++ b/index.yaml @@ -12,90 +12,14 @@ entries: catalog.cattle.io/release-name: fleet apiVersion: v2 appVersion: 0.3.5 - created: "2021-04-19T17:18:41.426840009Z" + created: "2021-04-21T15:17:43.274267-07:00" description: Fleet Manager - GitOps at Scale - digest: 0ef37b499661d5c3998c571bf3e25972b0bbd27b8249c384af313bef36ba6d61 + digest: f534c6ee948dc9a5ca2a2b9741ea71946708f8eac788572c24e39a24fedeab1e icon: https://charts.rancher.io/assets/logos/fleet.svg name: fleet urls: - - assets/fleet/fleet-0.3.500-rc05.tgz - version: 0.3.500-rc05 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.5 - created: "2021-04-10T01:22:19.627743142Z" - description: Fleet Manager - GitOps at Scale - digest: 56fdbfb76993a43c7e7efbc6e480a271b6bf88596163a629a785d6cb8ad37b20 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - assets/fleet/fleet-0.3.500-rc04.tgz - version: 0.3.500-rc04 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.5 - created: "2021-04-07T21:48:50.614239531Z" - description: Fleet Manager - GitOps at Scale - digest: a583464aed3ed3c6bd5a6d565decbd6e052a2a1176ae54208dc37660bf288010 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - assets/fleet/fleet-0.3.500-rc03.tgz - version: 0.3.500-rc03 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.5 - created: "2021-04-06T01:27:24.195359475Z" - description: Fleet Manager - GitOps at Scale - digest: 7d0614eaeaf5f1029a245ad6881f97719bf3caa44075901d9290810bb17a207c - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - assets/fleet/fleet-0.3.500-rc02.tgz - version: 0.3.500-rc02 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.5 - created: "2021-03-18T19:39:38.695305781Z" - description: Fleet Manager - GitOps at Scale - digest: 443c4a6b34b021406aed20df13848926328afa4790a817c9ada07dc47a8b8e71 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - assets/fleet/fleet-0.3.500-rc01.tgz - version: 0.3.500-rc01 + - released/assets/fleet/fleet-0.3.500.tgz + version: 0.3.500 - annotations: catalog.cattle.io/auto-install: fleet-crd=match catalog.cattle.io/certified: rancher @@ -107,128 +31,14 @@ entries: catalog.cattle.io/release-name: fleet apiVersion: v2 appVersion: 0.3.4 - created: "2021-03-04T09:47:44.975285-08:00" + created: "2021-04-21T15:17:43.273722-07:00" description: Fleet Manager - GitOps at Scale - digest: 277079329c521f3902a1d350526faa155b96760268841855b066a79c066e1fda + digest: 3dc07290740992da2a36c0d0cf2ef3592bcb1e2c5482a37a49336794795944f0 icon: https://charts.rancher.io/assets/logos/fleet.svg name: fleet urls: - - released/assets/fleet/fleet-0.3.400-rc08.tgz - version: 0.3.400-rc08 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.4 - created: "2021-03-04T09:47:44.974668-08:00" - description: Fleet Manager - GitOps at Scale - digest: 7d9eb26b9a52d271fbb40a4bd5d0771bbef7b7b4e62202db83be9aef6df1b020 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - released/assets/fleet/fleet-0.3.400-rc07.tgz - version: 0.3.400-rc07 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.4 - created: "2021-03-04T09:47:44.974039-08:00" - description: Fleet Manager - GitOps at Scale - digest: 687574de3226ffeb9f1e0aa113221b1079b8ce4b7388deb9f4db21adf910cd7a - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - released/assets/fleet/fleet-0.3.400-rc06.tgz - version: 0.3.400-rc06 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.4 - created: "2021-03-04T09:47:44.973472-08:00" - description: Fleet Manager - GitOps at Scale - digest: cc93d58b20fe2ce8626f93af8a534eb80ee2c9001f1e864981b72c1766cd4ea3 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - released/assets/fleet/fleet-0.3.400-rc05.tgz - version: 0.3.400-rc05 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.4 - created: "2021-03-04T09:47:44.972882-08:00" - description: Fleet Manager - GitOps at Scale - digest: 118b165bf97d80b203e46b7899f619060e95b73a4e86be39230b6cfa24f37527 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - released/assets/fleet/fleet-0.3.400-rc04.tgz - version: 0.3.400-rc04 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.4 - created: "2021-03-04T09:47:44.972313-08:00" - description: Fleet Manager - GitOps at Scale - digest: 2c77e45b0d5c39ffbc45889ee92627fc97360fd002b01cf766efc963933d0734 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - released/assets/fleet/fleet-0.3.400-rc03.tgz - version: 0.3.400-rc03 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.4 - created: "2021-03-04T09:47:44.971747-08:00" - description: Fleet Manager - GitOps at Scale - digest: fb076be2e7e9d34b6fbb7cf6b975ee8dea69d118a91dbef29c77e3310718843b - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - released/assets/fleet/fleet-0.3.400-rc00.tgz - version: 0.3.400-rc00 + - released/assets/fleet/fleet-0.3.400.tgz + version: 0.3.400 - annotations: catalog.cattle.io/auto-install: fleet-crd=match catalog.cattle.io/certified: rancher @@ -240,33 +50,14 @@ entries: catalog.cattle.io/release-name: fleet apiVersion: v2 appVersion: 0.3.3 - created: "2021-01-15T00:11:30.442452-08:00" + created: "2021-04-21T15:17:43.273203-07:00" description: Fleet Manager - GitOps at Scale - digest: 466158346d34e38bc22d1df190b8e8d031da76e6b189b104c3db439c84cefa57 + digest: f33de3f1deb1cdfe0ff8af7cde8919bbe3e594b30e423735caddfcf3117d3224 icon: https://charts.rancher.io/assets/logos/fleet.svg name: fleet urls: - released/assets/fleet/fleet-0.3.300.tgz version: 0.3.300 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.3-rc1 - created: "2021-01-15T00:11:30.442021-08:00" - description: Fleet Manager - GitOps at Scale - digest: 92c54b647c650213ed878a3aa37a1b121d773ea3df107eef1cb80ffba4fdd4a8 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - released/assets/fleet/fleet-0.3.300-rc1.tgz - version: 0.3.300-rc1 - annotations: catalog.cattle.io/auto-install: fleet-crd=match catalog.cattle.io/certified: rancher @@ -278,71 +69,14 @@ entries: catalog.cattle.io/release-name: fleet apiVersion: v2 appVersion: 0.3.2 - created: "2021-01-15T00:11:30.441482-08:00" + created: "2021-04-21T15:17:43.272734-07:00" description: Fleet Manager - GitOps at Scale - digest: 13435d391c5cbc965b57ef20bc8fcf2d986ff7a3e931b69ee692ab9e1f182cee + digest: 7604d7eb2a6ef5b119b0ee102ea528e63db77caff3441bd47c116964ac530887 icon: https://charts.rancher.io/assets/logos/fleet.svg name: fleet urls: - released/assets/fleet/fleet-0.3.200.tgz version: 0.3.200 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.2-rc7 - created: "2021-01-15T00:11:30.441061-08:00" - description: Fleet Manager - GitOps at Scale - digest: 6bacaf33f64564316e3055a64e2be835e59db11c0e972bf724129f084e2347fe - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - released/assets/fleet/fleet-0.3.200-rc7.tgz - version: 0.3.200-rc7 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.2-rc6 - created: "2021-01-15T00:11:30.440604-08:00" - description: Fleet Manager - GitOps at Scale - digest: a5ed0efb4922ac2095d632c6675bd0c15d12940cf3993eb744259154a7946ee4 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - released/assets/fleet/fleet-0.3.200-rc6.tgz - version: 0.3.200-rc6 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.2-rc5 - created: "2021-01-15T00:11:30.440153-08:00" - description: Fleet Manager - GitOps at Scale - digest: 8532b8f9ea6cc1a58e75f12f500c50f1e504e2f1cd17dbea5302067f1e97fd8d - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - released/assets/fleet/fleet-0.3.200-rc5.tgz - version: 0.3.200-rc5 - annotations: catalog.cattle.io/auto-install: fleet-crd=match catalog.cattle.io/certified: rancher @@ -354,128 +88,14 @@ entries: catalog.cattle.io/release-name: fleet apiVersion: v2 appVersion: 0.3.1 - created: "2021-01-15T00:11:30.435867-08:00" + created: "2021-04-21T15:17:43.271218-07:00" description: Fleet Manager - GitOps at Scale - digest: 2fe3aa2739e02cc80ab57ab538f553caab0c68e4d42c36c878418978378704ee + digest: 2b05e7779f54c0bd853594b798662be27043d401ee4df1ef2393d25ae4ebbdb8 icon: https://charts.rancher.io/assets/logos/fleet.svg name: fleet urls: - released/assets/fleet/fleet-0.3.100.tgz version: 0.3.100 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.2-rc5 - created: "2021-01-15T00:11:30.439622-08:00" - description: Fleet Manager - GitOps at Scale - digest: a4a06fb9cebe9efd606bede697cb3153ac90a525cea85d5669bebfec2bd46b60 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - released/assets/fleet/fleet-0.3.2-rc500.tgz - version: 0.3.2-rc500 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.2-rc4 - created: "2021-01-15T00:11:30.439032-08:00" - description: Fleet Manager - GitOps at Scale - digest: 2c8db55082443d3001ee73001f2998709eb626d068ea1d01a9a2a876ab1fd6d5 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - released/assets/fleet/fleet-0.3.2-rc400.tgz - version: 0.3.2-rc400 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.2-rc3 - created: "2021-01-15T00:11:30.438375-08:00" - description: Fleet Manager - GitOps at Scale - digest: 4cb7dc66d8fa56e7c72482a711690c4eec6df2b6039325b7573ff5832db6e2f1 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - released/assets/fleet/fleet-0.3.2-rc300.tgz - version: 0.3.2-rc300 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.2-rc2 - created: "2021-01-15T00:11:30.436873-08:00" - description: Fleet Manager - GitOps at Scale - digest: 8eb35016316c813edec5b6a23e4e1b2ac977f70422abdaa17b27f04ef583b4a2 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - released/assets/fleet/fleet-0.3.2-rc200.tgz - version: 0.3.2-rc200 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.2-rc1 - created: "2021-01-15T00:11:30.436381-08:00" - description: Fleet Manager - GitOps at Scale - digest: 2d931594dcc850c2ceddbc670c26ec624275471e827aea89c911a9c69b63680c - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - released/assets/fleet/fleet-0.3.2-rc100.tgz - version: 0.3.2-rc100 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.1-rc2 - created: "2021-01-15T00:11:30.43539-08:00" - description: Fleet Manager - GitOps at Scale - digest: 8e2d0197e5351976855ab2a353624f83aae1dd20d111c640577c718dbc6e8d3d - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - released/assets/fleet/fleet-0.3.1-rc200.tgz - version: 0.3.1-rc200 - annotations: catalog.cattle.io/auto-install: fleet-crd=match catalog.cattle.io/certified: rancher @@ -487,90 +107,14 @@ entries: catalog.cattle.io/release-name: fleet apiVersion: v2 appVersion: 0.3.0 - created: "2021-01-15T00:11:30.43486-08:00" + created: "2021-04-21T15:17:43.270749-07:00" description: Fleet Manager - GitOps at Scale - digest: 2ebf3211667f09636fe3ddedcf3f16527911039ad034234b3096a2d22648f08c + digest: 80ebb76232c4d9c17199901ccce179c86d78202872266fdec29c417c78ee1a9d icon: https://charts.rancher.io/assets/logos/fleet.svg name: fleet urls: - released/assets/fleet/fleet-0.3.000.tgz version: 0.3.000 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.0-rc3 - created: "2021-01-15T00:11:30.434357-08:00" - description: Fleet Manager - GitOps at Scale - digest: 8c0107095c9bd5fdaf1af65269cc3212e1d3b3cae7fd60310e33ed4f45f60c3e - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - released/assets/fleet/fleet-0.3.0-rc300.tgz - version: 0.3.0-rc300 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.0-rc2 - created: "2021-01-15T00:11:30.433883-08:00" - description: Fleet Manager - GitOps at Scale - digest: 4fff27a9b7181abc19c19ed7c976001fd334bc398451c4f8e06f5175a5449b13 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - released/assets/fleet/fleet-0.3.0-rc200.tgz - version: 0.3.0-rc200 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.0-rc1 - created: "2021-01-15T00:11:30.433435-08:00" - description: Fleet Manager - GitOps at Scale - digest: 9285c78e83af3aa9c41f78ccda82a629e1e5d0491657c928c70e35cdf398a4a1 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - released/assets/fleet/fleet-0.3.0-rc100.tgz - version: 0.3.0-rc100 - - annotations: - catalog.cattle.io/auto-install: fleet-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 - catalog.cattle.io/release-name: fleet - apiVersion: v2 - appVersion: 0.3.0-beta6 - created: "2021-01-15T00:11:30.432981-08:00" - description: Fleet Manager - GitOps at Scale - digest: daecd0f635b0d5e9cbe1661a0cbf9fa863559067380c018ee647c0541f036f54 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet - urls: - - released/assets/fleet/fleet-0.3.0-beta600.tgz - version: 0.3.0-beta600 fleet-agent: - annotations: catalog.cattle.io/certified: rancher @@ -580,78 +124,14 @@ entries: catalog.cattle.io/release-name: fleet-agent apiVersion: v2 appVersion: 0.3.5 - created: "2021-04-19T17:18:41.429573195Z" + created: "2021-04-21T15:17:43.277304-07:00" description: Fleet Manager Agent - GitOps at Scale - digest: 79834f24e406e61945647546053a87191c05b677ad989cd99e6780bc1e066a93 + digest: 219941e90f69b539d3d2889684db86c67ef7a1f29a52dc65bfb6e4b43a633b64 icon: https://charts.rancher.io/assets/logos/fleet.svg name: fleet-agent urls: - - assets/fleet-agent/fleet-agent-0.3.500-rc05.tgz - version: 0.3.500-rc05 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.5 - created: "2021-04-10T01:22:19.630553271Z" - description: Fleet Manager Agent - GitOps at Scale - digest: b1b7573def4cf7549c16d4b35cd0224f9c318e2c4628b45ee229cbf1dcab2f8c - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - assets/fleet-agent/fleet-agent-0.3.500-rc04.tgz - version: 0.3.500-rc04 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.5 - created: "2021-04-07T21:48:50.616307916Z" - description: Fleet Manager Agent - GitOps at Scale - digest: f04117333c5f3ca7b41fa36a089fc2ee6ffba62a41c828677454dab9ca2495f3 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - assets/fleet-agent/fleet-agent-0.3.500-rc03.tgz - version: 0.3.500-rc03 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.5 - created: "2021-04-06T01:27:24.196753549Z" - description: Fleet Manager Agent - GitOps at Scale - digest: 1432bc0719b848dc41794610f905b82a53e485fcc74c7e7778088da60c269dfb - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - assets/fleet-agent/fleet-agent-0.3.500-rc02.tgz - version: 0.3.500-rc02 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.5 - created: "2021-03-18T19:39:38.696249674Z" - description: Fleet Manager Agent - GitOps at Scale - digest: 9abb1ab308acf5a714846b4fbf559d71f0914959593d89e58a82eb134a185a4e - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - assets/fleet-agent/fleet-agent-0.3.500-rc01.tgz - version: 0.3.500-rc01 + - released/assets/fleet-agent/fleet-agent-0.3.500.tgz + version: 0.3.500 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -660,110 +140,14 @@ entries: catalog.cattle.io/release-name: fleet-agent apiVersion: v2 appVersion: 0.3.4 - created: "2021-03-04T09:47:44.979264-08:00" + created: "2021-04-21T15:17:43.27695-07:00" description: Fleet Manager Agent - GitOps at Scale - digest: 92c389d9d8be695fb01d74e9d5522e4a594fe08b1631bf80433a43cfafc12130 + digest: 59fb278112c907eaf12dd963ded1aa6ae03be09bb795d2129fd35b6888fbd31c icon: https://charts.rancher.io/assets/logos/fleet.svg name: fleet-agent urls: - - released/assets/fleet-agent/fleet-agent-0.3.400-rc08.tgz - version: 0.3.400-rc08 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.4 - created: "2021-03-04T09:47:44.978729-08:00" - description: Fleet Manager Agent - GitOps at Scale - digest: 0309e8373110bc1bccf7822846cb39bfb3090079516fb597fc1bfd315d793bd6 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - released/assets/fleet-agent/fleet-agent-0.3.400-rc07.tgz - version: 0.3.400-rc07 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.4 - created: "2021-03-04T09:47:44.978306-08:00" - description: Fleet Manager Agent - GitOps at Scale - digest: 3ea72c1023795f9f0d5044645ee0daf17728e7c2dfa8e09bad134f068d33e0bd - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - released/assets/fleet-agent/fleet-agent-0.3.400-rc06.tgz - version: 0.3.400-rc06 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.4 - created: "2021-03-04T09:47:44.97789-08:00" - description: Fleet Manager Agent - GitOps at Scale - digest: 0ddcf88f7f969a054e665547afc3d051b6f7e889bdfa9f6117d1b54424bc0121 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - released/assets/fleet-agent/fleet-agent-0.3.400-rc05.tgz - version: 0.3.400-rc05 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.4 - created: "2021-03-04T09:47:44.976796-08:00" - description: Fleet Manager Agent - GitOps at Scale - digest: 361ea8b3e2881fba58c75b4fa8f7a3dcd39e935cf53ffda8d16eae03b24b3e29 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - released/assets/fleet-agent/fleet-agent-0.3.400-rc04.tgz - version: 0.3.400-rc04 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.4 - created: "2021-03-04T09:47:44.976184-08:00" - description: Fleet Manager Agent - GitOps at Scale - digest: a8b5d0b5f1fa9fca85dcb543141dfc2b69d9f44e6a3f0e985e5d0d89c80abb0b - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - released/assets/fleet-agent/fleet-agent-0.3.400-rc03.tgz - version: 0.3.400-rc03 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.4 - created: "2021-03-04T09:47:44.975734-08:00" - description: Fleet Manager Agent - GitOps at Scale - digest: 4f1e3b1be448bf6a3ce7519dbf4105469ba9ea60432f64ed7717269b4c1db495 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - released/assets/fleet-agent/fleet-agent-0.3.400-rc00.tgz - version: 0.3.400-rc00 + - released/assets/fleet-agent/fleet-agent-0.3.400.tgz + version: 0.3.400 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -772,30 +156,14 @@ entries: catalog.cattle.io/release-name: fleet-agent apiVersion: v2 appVersion: 0.3.3 - created: "2021-01-15T00:11:30.450242-08:00" + created: "2021-04-21T15:17:43.276423-07:00" description: Fleet Manager Agent - GitOps at Scale - digest: c156f47b7093403a9567dd6607150dcec3d23bbc9089f24826edd255da3de163 + digest: f92cbe28d99ae754a590e3de5a3226109704c7a69376e1b824b5eb01e3997df3 icon: https://charts.rancher.io/assets/logos/fleet.svg name: fleet-agent urls: - released/assets/fleet-agent/fleet-agent-0.3.300.tgz version: 0.3.300 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.3-rc1 - created: "2021-01-15T00:11:30.449607-08:00" - description: Fleet Manager Agent - GitOps at Scale - digest: 8ba8e519ae4e2597ce1a886fc236a6ba17884c26ee500f099ba25881fe07c472 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - released/assets/fleet-agent/fleet-agent-0.3.300-rc1.tgz - version: 0.3.300-rc1 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -804,62 +172,14 @@ entries: catalog.cattle.io/release-name: fleet-agent apiVersion: v2 appVersion: 0.3.2 - created: "2021-01-15T00:11:30.449316-08:00" + created: "2021-04-21T15:17:43.275293-07:00" description: Fleet Manager Agent - GitOps at Scale - digest: d83092027ee970d35edf853bfebe76621e65e98a6451a984018ad50343de7662 + digest: 2be8d753ca9d2ddc9f0c152a81021b146838223796a497841850486bc26f6457 icon: https://charts.rancher.io/assets/logos/fleet.svg name: fleet-agent urls: - released/assets/fleet-agent/fleet-agent-0.3.200.tgz version: 0.3.200 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.2-rc7 - created: "2021-01-15T00:11:30.449024-08:00" - description: Fleet Manager Agent - GitOps at Scale - digest: 64119f4e2708a02f6a7d196289154158a3069078eeb2ff6c4d610ff75553714d - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - released/assets/fleet-agent/fleet-agent-0.3.200-rc7.tgz - version: 0.3.200-rc7 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.2-rc6 - created: "2021-01-15T00:11:30.448731-08:00" - description: Fleet Manager Agent - GitOps at Scale - digest: e4d4cec1d4f3a6cb6de231398213740ab6a63221ad8bb39b92ff359ab203c717 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - released/assets/fleet-agent/fleet-agent-0.3.200-rc6.tgz - version: 0.3.200-rc6 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.2-rc5 - created: "2021-01-15T00:11:30.448438-08:00" - description: Fleet Manager Agent - GitOps at Scale - digest: 901d1ac62ef11449a3a4322be4c361031901491457b285ea7ae50eb86b294c4d - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - released/assets/fleet-agent/fleet-agent-0.3.200-rc5.tgz - version: 0.3.200-rc5 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -868,110 +188,14 @@ entries: catalog.cattle.io/release-name: fleet-agent apiVersion: v2 appVersion: 0.3.1 - created: "2021-01-15T00:11:30.44469-08:00" + created: "2021-04-21T15:17:43.274969-07:00" description: Fleet Manager Agent - GitOps at Scale - digest: 93e1c4ab4accfe23e9367bf0db876c469fa33df306d0c375c4f52cae384a12bd + digest: 1913e45bcda723490e3c1c1613f99a328b6414c472f9f7c490c087d7697563f1 icon: https://charts.rancher.io/assets/logos/fleet.svg name: fleet-agent urls: - released/assets/fleet-agent/fleet-agent-0.3.100.tgz version: 0.3.100 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.2-rc5 - created: "2021-01-15T00:11:30.448126-08:00" - description: Fleet Manager Agent - GitOps at Scale - digest: 89a9c660a7e734b92e355c9cef6bc5ed6ea686a531bd7fbcc9e79740f11ecf97 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - released/assets/fleet-agent/fleet-agent-0.3.2-rc500.tgz - version: 0.3.2-rc500 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.2-rc4 - created: "2021-01-15T00:11:30.447616-08:00" - description: Fleet Manager Agent - GitOps at Scale - digest: 54b08cdc2b3d82df5f200b7ce248df6fd76fcc6bca65566597277223b392694a - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - released/assets/fleet-agent/fleet-agent-0.3.2-rc400.tgz - version: 0.3.2-rc400 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.2-rc3 - created: "2021-01-15T00:11:30.446262-08:00" - description: Fleet Manager Agent - GitOps at Scale - digest: 666b0fbd3cd2c66ec0876c4ab38179ff208ae30e6c1f624a9d86c63a94631c4f - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - released/assets/fleet-agent/fleet-agent-0.3.2-rc300.tgz - version: 0.3.2-rc300 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.2-rc2 - created: "2021-01-15T00:11:30.445918-08:00" - description: Fleet Manager Agent - GitOps at Scale - digest: aabe665aeebc1df39898d541af5584b5c30de7702822690d6a51fe719700974c - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - released/assets/fleet-agent/fleet-agent-0.3.2-rc200.tgz - version: 0.3.2-rc200 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.2-rc1 - created: "2021-01-15T00:11:30.445594-08:00" - description: Fleet Manager Agent - GitOps at Scale - digest: ff1f16b5df2234bab11727a056fd1133266d224739a552827d0c2ba7cce13351 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - released/assets/fleet-agent/fleet-agent-0.3.2-rc100.tgz - version: 0.3.2-rc100 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.1-rc2 - created: "2021-01-15T00:11:30.444372-08:00" - description: Fleet Manager Agent - GitOps at Scale - digest: 5710e0cd3a6d3c818ced59b6cf486579b5184aadac4dd8088fcac9fe5bb82588 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - released/assets/fleet-agent/fleet-agent-0.3.1-rc200.tgz - version: 0.3.1-rc200 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -980,78 +204,14 @@ entries: catalog.cattle.io/release-name: fleet-agent apiVersion: v2 appVersion: 0.3.0 - created: "2021-01-15T00:11:30.444055-08:00" + created: "2021-04-21T15:17:43.274613-07:00" description: Fleet Manager Agent - GitOps at Scale - digest: ecc3783751af209842edc9e4687d01b2a355613b8232d993da9ad36c412ee351 + digest: 8b517f7d18f2aa1e34e5ac475684752dc8ff46f050cfd2b2d91fd343cab8cf50 icon: https://charts.rancher.io/assets/logos/fleet.svg name: fleet-agent urls: - released/assets/fleet-agent/fleet-agent-0.3.000.tgz version: 0.3.000 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.0-rc3 - created: "2021-01-15T00:11:30.443739-08:00" - description: Fleet Manager Agent - GitOps at Scale - digest: 03d3d03b8ae0b079bca9ef661b5e3468a40056fc921ccca1dd75174c5763de3c - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - released/assets/fleet-agent/fleet-agent-0.3.0-rc300.tgz - version: 0.3.0-rc300 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.0-rc2 - created: "2021-01-15T00:11:30.443423-08:00" - description: Fleet Manager Agent - GitOps at Scale - digest: 751ff49e3a02afa1300ef25a9b98399dfa7aad6f3e7598225e3902890dc6ff59 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - released/assets/fleet-agent/fleet-agent-0.3.0-rc200.tgz - version: 0.3.0-rc200 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.0-rc1 - created: "2021-01-15T00:11:30.443115-08:00" - description: Fleet Manager Agent - GitOps at Scale - digest: 2f72018aba77b61c891e7ee430086b91a1d822ac276b2a483eeee00a0e32ecd2 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - released/assets/fleet-agent/fleet-agent-0.3.0-rc100.tgz - version: 0.3.0-rc100 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-agent - apiVersion: v2 - appVersion: 0.3.0-beta6 - created: "2021-01-15T00:11:30.442776-08:00" - description: Fleet Manager Agent - GitOps at Scale - digest: c698ce4c2749dfc4134d08ec4522af59022e3c17ebf1eabc8642a6de57d9a378 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-agent - urls: - - released/assets/fleet-agent/fleet-agent-0.3.0-beta600.tgz - version: 0.3.0-beta600 fleet-crd: - annotations: catalog.cattle.io/certified: rancher @@ -1061,78 +221,14 @@ entries: catalog.cattle.io/release-name: fleet-crd apiVersion: v2 appVersion: 0.3.5 - created: "2021-04-19T17:18:41.434966663Z" + created: "2021-04-21T15:17:43.28141-07:00" description: Fleet Manager CustomResourceDefinitions - digest: 1ebf500a7032134e13e35ed17e88a1025efce673cd8b4f433b2459b0f38f2807 + digest: 7bf82d347fbdb3f4afa7360426d403f750fb62a75e64e442f95a8796a92589d5 icon: https://charts.rancher.io/assets/logos/fleet.svg name: fleet-crd urls: - - assets/fleet-crd/fleet-crd-0.3.500-rc05.tgz - version: 0.3.500-rc05 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.5 - created: "2021-04-10T01:22:19.634532712Z" - description: Fleet Manager CustomResourceDefinitions - digest: 97b10b9c6943cdc972a5a69fd96db4a75d4a0543f4588dd733ad4c9824dc5698 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - assets/fleet-crd/fleet-crd-0.3.500-rc04.tgz - version: 0.3.500-rc04 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.5 - created: "2021-04-07T21:48:50.62203095Z" - description: Fleet Manager CustomResourceDefinitions - digest: 92663c8f47355f313050b9043dd528905df6716c5e90bdaade7abe7fe1c15a99 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - assets/fleet-crd/fleet-crd-0.3.500-rc03.tgz - version: 0.3.500-rc03 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.5 - created: "2021-04-06T01:27:24.198922465Z" - description: Fleet Manager CustomResourceDefinitions - digest: ee5ae9f179dac626c18ca795b47a9b67ba4317f284c60c5e188d23f02cf5b2a6 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - assets/fleet-crd/fleet-crd-0.3.500-rc02.tgz - version: 0.3.500-rc02 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.5 - created: "2021-03-18T19:39:38.699012554Z" - description: Fleet Manager CustomResourceDefinitions - digest: 5a9971ba36b1565f22b4bababd5a5f862d2ca016a626283dfc79b30b8952f00c - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - assets/fleet-crd/fleet-crd-0.3.500-rc01.tgz - version: 0.3.500-rc01 + - released/assets/fleet-crd/fleet-crd-0.3.500.tgz + version: 0.3.500 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -1141,110 +237,14 @@ entries: catalog.cattle.io/release-name: fleet-crd apiVersion: v2 appVersion: 0.3.4 - created: "2021-03-04T09:47:44.985982-08:00" + created: "2021-04-21T15:17:43.280872-07:00" description: Fleet Manager CustomResourceDefinitions - digest: 08a71c3658b502abcac9967992089f06a2e7b945939173ab690109e31c879d78 + digest: 36c8f232f6d3f2698d0e43d7a95359555f0e8852cfb2c41d901eb09f807d291f icon: https://charts.rancher.io/assets/logos/fleet.svg name: fleet-crd urls: - - released/assets/fleet-crd/fleet-crd-0.3.400-rc08.tgz - version: 0.3.400-rc08 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.4 - created: "2021-03-04T09:47:44.985281-08:00" - description: Fleet Manager CustomResourceDefinitions - digest: 8dabeedc21780455b4dbdbf963ca9a78a6d075163c61a282832424a552aefaa0 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - released/assets/fleet-crd/fleet-crd-0.3.400-rc07.tgz - version: 0.3.400-rc07 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.4 - created: "2021-03-04T09:47:44.984535-08:00" - description: Fleet Manager CustomResourceDefinitions - digest: 868f7b6e3caf84cc9d4c911ea03e3a01468ff3e9bb61764c890328e204f3afcc - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - released/assets/fleet-crd/fleet-crd-0.3.400-rc06.tgz - version: 0.3.400-rc06 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.4 - created: "2021-03-04T09:47:44.983697-08:00" - description: Fleet Manager CustomResourceDefinitions - digest: 43f1202bb4e902d87c991ce6f784eba76bf293cf306ad8f4f86befb1af926c63 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - released/assets/fleet-crd/fleet-crd-0.3.400-rc05.tgz - version: 0.3.400-rc05 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.4 - created: "2021-03-04T09:47:44.98195-08:00" - description: Fleet Manager CustomResourceDefinitions - digest: f1f0b41f0361f1dafc601a6b2113dc7956241df6f31392be86c263fab3020141 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - released/assets/fleet-crd/fleet-crd-0.3.400-rc04.tgz - version: 0.3.400-rc04 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.4 - created: "2021-03-04T09:47:44.981021-08:00" - description: Fleet Manager CustomResourceDefinitions - digest: c5c909ed053603f81ab58c8292f197fc86cd7abd4c52c1be7fe6fbd971cc9317 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - released/assets/fleet-crd/fleet-crd-0.3.400-rc03.tgz - version: 0.3.400-rc03 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.4 - created: "2021-03-04T09:47:44.980036-08:00" - description: Fleet Manager CustomResourceDefinitions - digest: b4bdaa0cf4bd59c0629e22da5822d03f4fe3b588d79ce4f17c85067cb266ea12 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - released/assets/fleet-crd/fleet-crd-0.3.400-rc00.tgz - version: 0.3.400-rc00 + - released/assets/fleet-crd/fleet-crd-0.3.400.tgz + version: 0.3.400 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -1253,30 +253,14 @@ entries: catalog.cattle.io/release-name: fleet-crd apiVersion: v2 appVersion: 0.3.3 - created: "2021-01-15T00:11:30.460625-08:00" + created: "2021-04-21T15:17:43.280327-07:00" description: Fleet Manager CustomResourceDefinitions - digest: 9f7fd02d05da58beb8e5b10af0f0c22a5355532112f22d0f9150ed6f16e8d738 + digest: 35bbfc8e2276379965d8671b752530b4b3603cacab9106dad64f37839b2f1342 icon: https://charts.rancher.io/assets/logos/fleet.svg name: fleet-crd urls: - released/assets/fleet-crd/fleet-crd-0.3.300.tgz version: 0.3.300 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.3-rc1 - created: "2021-01-15T00:11:30.460163-08:00" - description: Fleet Manager CustomResourceDefinitions - digest: 6c71754d009749043486ef5d51293781f0a140c23abc2e5e02b7b3d8a416e7a1 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - released/assets/fleet-crd/fleet-crd-0.3.300-rc1.tgz - version: 0.3.300-rc1 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -1285,62 +269,14 @@ entries: catalog.cattle.io/release-name: fleet-crd apiVersion: v2 appVersion: 0.3.2 - created: "2021-01-15T00:11:30.459702-08:00" + created: "2021-04-21T15:17:43.279062-07:00" description: Fleet Manager CustomResourceDefinitions - digest: 170663b6c1b877803057699633b386d17bd8dd29dabe83c60a19fa160572e649 + digest: 025f0b2ee6f8b709c19ed2676faecba9579c9a14d526d9e16573eb8b98d5bc52 icon: https://charts.rancher.io/assets/logos/fleet.svg name: fleet-crd urls: - released/assets/fleet-crd/fleet-crd-0.3.200.tgz version: 0.3.200 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.2-rc7 - created: "2021-01-15T00:11:30.459237-08:00" - description: Fleet Manager CustomResourceDefinitions - digest: e189bf956a74e6110d11ca8d333ed2eb8fca6bd38d9ad9f9aca85f50e9d13c44 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - released/assets/fleet-crd/fleet-crd-0.3.200-rc7.tgz - version: 0.3.200-rc7 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.2-rc6 - created: "2021-01-15T00:11:30.458738-08:00" - description: Fleet Manager CustomResourceDefinitions - digest: 910aa180969f7efa7707860d8003a8a8a4d64fa2943a9d35402fba0089ea53d1 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - released/assets/fleet-crd/fleet-crd-0.3.200-rc6.tgz - version: 0.3.200-rc6 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.2-rc5 - created: "2021-01-15T00:11:30.457713-08:00" - description: Fleet Manager CustomResourceDefinitions - digest: f452552ccb8c6ebd3138f24ad70c83936a271a6f1a58c57c1e8f3d7bf2d9428b - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - released/assets/fleet-crd/fleet-crd-0.3.200-rc5.tgz - version: 0.3.200-rc5 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -1348,90 +284,14 @@ entries: catalog.cattle.io/release-name: fleet-crd apiVersion: v2 appVersion: 0.3.1 - created: "2021-01-15T00:11:30.453908-08:00" + created: "2021-04-21T15:17:43.278447-07:00" description: Fleet Manager CustomResourceDefinitions - digest: 54dba389fc02e3655fe4e47f05f149f4661440974f57e229d93c3828a6a23f95 + digest: f47abbbcd5b2ca28dcb8303e01a5562da698ec78423c0dc4aa249e6f6b3b7eb4 icon: https://charts.rancher.io/assets/logos/fleet.svg name: fleet-crd urls: - released/assets/fleet-crd/fleet-crd-0.3.100.tgz version: 0.3.100 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.2-rc5 - created: "2021-01-15T00:11:30.457197-08:00" - description: Fleet Manager CustomResourceDefinitions - digest: 1f759371cea4364f8a193815c3f1fdd3a518d6431d0ebf24a274f88ee2793c5c - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - released/assets/fleet-crd/fleet-crd-0.3.2-rc500.tgz - version: 0.3.2-rc500 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.2-rc4 - created: "2021-01-15T00:11:30.456675-08:00" - description: Fleet Manager CustomResourceDefinitions - digest: 9b6e11bab284ac76e6e287b5912ecbebf1286ad23b703a90050167f9cb47965e - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - released/assets/fleet-crd/fleet-crd-0.3.2-rc400.tgz - version: 0.3.2-rc400 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.2-rc3 - created: "2021-01-15T00:11:30.456173-08:00" - description: Fleet Manager CustomResourceDefinitions - digest: 317da5d6523ceb6c34b82f5641ddb18dec5fc96ec841949b535979715463a692 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - released/assets/fleet-crd/fleet-crd-0.3.2-rc300.tgz - version: 0.3.2-rc300 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.2-rc2 - created: "2021-01-15T00:11:30.455531-08:00" - description: Fleet Manager CustomResourceDefinitions - digest: e0ce08e0a55def30a2c95edfcfcdfe0ee9ac9f5dc8666ef53626e31cebe4fb4c - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - released/assets/fleet-crd/fleet-crd-0.3.2-rc200.tgz - version: 0.3.2-rc200 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.2-rc1 - created: "2021-01-15T00:11:30.454478-08:00" - description: Fleet Manager CustomResourceDefinitions - digest: b21e1d17af28400b9aa8960c7ee6d090266114b4811c9c5c507ecc1a662dc30a - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - released/assets/fleet-crd/fleet-crd-0.3.2-rc100.tgz - version: 0.3.2-rc100 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -1439,74 +299,14 @@ entries: catalog.cattle.io/release-name: fleet-crd apiVersion: v2 appVersion: 0.3.0 - created: "2021-01-15T00:11:30.453346-08:00" + created: "2021-04-21T15:17:43.277858-07:00" description: Fleet Manager CustomResourceDefinitions - digest: 0d24fc1805c045d86894e092454dbf2beffa3ad0ddadd10895f6db7821908715 + digest: 08e3af78da30602b47b60ebfb8e509703dbedc5b312f6aa3a9e9b0275adca75a icon: https://charts.rancher.io/assets/logos/fleet.svg name: fleet-crd urls: - released/assets/fleet-crd/fleet-crd-0.3.000.tgz version: 0.3.000 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.0-rc3 - created: "2021-01-15T00:11:30.452862-08:00" - description: Fleet Manager CustomResourceDefinitions - digest: c9b099c6e5e83ab677bc9c38eed6bdbe3f15611c261c2868c38aac24f3628c6f - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - released/assets/fleet-crd/fleet-crd-0.3.0-rc300.tgz - version: 0.3.0-rc300 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.0-rc2 - created: "2021-01-15T00:11:30.452386-08:00" - description: Fleet Manager CustomResourceDefinitions - digest: 88e1db58de806e970fc5ee7fbd55dd389ca31360a81a9591b38f551b62157b20 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - released/assets/fleet-crd/fleet-crd-0.3.0-rc200.tgz - version: 0.3.0-rc200 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.0-rc1 - created: "2021-01-15T00:11:30.451433-08:00" - description: Fleet Manager CustomResourceDefinitions - digest: 0f037ac5744a26b7a382662121f934417f76484448e19f4d4b931f002df2b888 - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - released/assets/fleet-crd/fleet-crd-0.3.0-rc100.tgz - version: 0.3.0-rc100 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: fleet-system - catalog.cattle.io/release-name: fleet-crd - apiVersion: v2 - appVersion: 0.3.0-beta6 - created: "2021-01-15T00:11:30.45084-08:00" - description: Fleet Manager CustomResourceDefinitions - digest: a053cf9e74fb7f070c9f46127ae5f076c812dc5ae545449fe11212ae5426b85c - icon: https://charts.rancher.io/assets/logos/fleet.svg - name: fleet-crd - urls: - - released/assets/fleet-crd/fleet-crd-0.3.0-beta600.tgz - version: 0.3.0-beta600 longhorn: - annotations: catalog.cattle.io/auto-install: longhorn-crd=match @@ -1519,9 +319,9 @@ entries: catalog.cattle.io/ui-component: longhorn apiVersion: v1 appVersion: v1.1.0 - created: "2021-03-04T09:47:44.988379-08:00" + created: "2021-04-21T15:17:43.285501-07:00" description: Longhorn is a distributed block storage system for Kubernetes. - digest: c1138d74207f6296f07981ee2daadb9c6f08b1156de297e9b0f56620b5d7bb15 + digest: 98b46706eb8c7b6261c1aa03f5081429867076f8f8f28ff0e4fb2f7389d66ef3 home: https://github.com/longhorn/longhorn icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/longhorn/icon/color/longhorn-icon-color.svg?sanitize=true keywords: @@ -1547,8 +347,8 @@ entries: - https://github.com/longhorn/longhorn-ui - https://github.com/longhorn/longhorn-tests urls: - - released/assets/longhorn/longhorn-1.1.001-rc01.tgz - version: 1.1.001-rc01 + - released/assets/longhorn/longhorn-1.1.001.tgz + version: 1.1.001 - annotations: catalog.cattle.io/auto-install: longhorn-crd=match catalog.cattle.io/certified: rancher @@ -1560,50 +360,9 @@ entries: catalog.cattle.io/ui-component: longhorn apiVersion: v1 appVersion: v1.1.0 - created: "2021-03-04T09:47:44.987209-08:00" + created: "2021-04-21T15:17:43.284457-07:00" description: Longhorn is a distributed block storage system for Kubernetes. - digest: 13e6c2b046fb4d24da32f2d685ea51449eaa377a3e57924ef721387b891f8c47 - home: https://github.com/longhorn/longhorn - icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/longhorn/icon/color/longhorn-icon-color.svg?sanitize=true - keywords: - - longhorn - - storage - - distributed - - block - - device - - iscsi - kubeVersion: '>=v1.16.0-r0' - maintainers: - - email: maintainers@longhorn.io - name: Longhorn maintainers - - email: sheng@yasker.org - name: Sheng Yang - name: longhorn - sources: - - https://github.com/longhorn/longhorn - - https://github.com/longhorn/longhorn-engine - - https://github.com/longhorn/longhorn-instance-manager - - https://github.com/longhorn/longhorn-share-manager - - https://github.com/longhorn/longhorn-manager - - https://github.com/longhorn/longhorn-ui - - https://github.com/longhorn/longhorn-tests - urls: - - released/assets/longhorn/longhorn-1.1.001-rc00.tgz - version: 1.1.001-rc00 - - annotations: - catalog.cattle.io/auto-install: longhorn-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Longhorn - catalog.cattle.io/namespace: longhorn-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: longhorn.io/v1beta1 - catalog.cattle.io/release-name: longhorn - catalog.cattle.io/ui-component: longhorn - apiVersion: v1 - appVersion: v1.1.0 - created: "2021-01-15T00:11:30.464593-08:00" - description: Longhorn is a distributed block storage system for Kubernetes. - digest: 4d9c34af5cb6f983649c0da636853dcb363aa6aed1293bffb11ddfd04180d122 + digest: aba8166911b39cfe44529c1ff3fd910e437ade64e72f39edc20957442605f619 home: https://github.com/longhorn/longhorn icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/longhorn/icon/color/longhorn-icon-color.svg keywords: @@ -1642,49 +401,9 @@ entries: catalog.cattle.io/ui-component: longhorn apiVersion: v1 appVersion: v1.0.2 - created: "2021-01-15T00:11:30.463634-08:00" + created: "2021-04-21T15:17:43.283498-07:00" description: Longhorn is a distributed block storage system for Kubernetes. - digest: b5e9f517ae4bf542afd3f9717ad0c81dd3a1a99361a19ce51effe40a4696f045 - home: https://github.com/longhorn/longhorn - icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/longhorn/icon/color/longhorn-icon-color.svg - keywords: - - longhorn - - storage - - distributed - - block - - device - - iscsi - kubeVersion: '>=v1.14.0-r0' - maintainers: - - email: maintainers@longhorn.io - name: Longhorn maintainers - - email: sheng@yasker.org - name: Sheng Yang - name: longhorn - sources: - - https://github.com/longhorn/longhorn - - https://github.com/longhorn/longhorn-engine - - https://github.com/longhorn/longhorn-instance-manager - - https://github.com/longhorn/longhorn-manager - - https://github.com/longhorn/longhorn-ui - - https://github.com/longhorn/longhorn-tests - urls: - - released/assets/longhorn/longhorn-1.0.202.tgz - version: 1.0.202 - - annotations: - catalog.cattle.io/auto-install: longhorn-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Longhorn - catalog.cattle.io/namespace: longhorn-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: longhorn.io/v1beta1 - catalog.cattle.io/release-name: longhorn - catalog.cattle.io/ui-component: longhorn - apiVersion: v1 - appVersion: v1.0.2 - created: "2021-01-15T00:11:30.462831-08:00" - description: Longhorn is a distributed block storage system for Kubernetes. - digest: 8ab068f792fac6d4de81fdc6f66a7fa00c7d379e46d6715ee25c3c764f5b95f8 + digest: b18eda4e4b1170b7e9f488782fb6409da084b5beaa9945a3a3babe39f031e320 home: https://github.com/longhorn/longhorn icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/longhorn/icon/color/longhorn-icon-color.svg keywords: @@ -1721,9 +440,9 @@ entries: catalog.cattle.io/ui-component: longhorn apiVersion: v1 appVersion: v1.0.2 - created: "2021-01-15T00:11:30.461814-08:00" + created: "2021-04-21T15:17:43.28266-07:00" description: Longhorn is a distributed block storage system for Kubernetes. - digest: 49b5b8341fdc7a39337f20edac1667d1a2f36b579f9cb7ecdc2ebf987e03df3f + digest: 66189346fc24f5407f7a11a41faf9913144801a72472151702e28f808d557073 home: https://github.com/longhorn/longhorn icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/longhorn/icon/color/longhorn-icon-color.svg keywords: @@ -1757,37 +476,23 @@ entries: catalog.cattle.io/namespace: longhorn-system catalog.cattle.io/release-name: longhorn-crd apiVersion: v1 - created: "2021-03-04T09:47:44.988935-08:00" + created: "2021-04-21T15:17:43.28677-07:00" description: Installs the CRDs for longhorn. - digest: 2dde1bf0c307ab4fddaa36f7fec5c42495e6cd2356605e6fbff816a33303fd4a + digest: 305196027ef02e1f01519b99302321fbb48dd5faca8084751758c5954f83f488 name: longhorn-crd type: application urls: - - released/assets/longhorn/longhorn-crd-1.1.001-rc01.tgz - version: 1.1.001-rc01 + - released/assets/longhorn/longhorn-crd-1.1.001.tgz + version: 1.1.001 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" catalog.cattle.io/namespace: longhorn-system catalog.cattle.io/release-name: longhorn-crd apiVersion: v1 - created: "2021-03-04T09:47:44.988638-08:00" + created: "2021-04-21T15:17:43.286563-07:00" description: Installs the CRDs for longhorn. - digest: d5433891d9ca259d2eedb2d969adda94fe2e85b89dfa17e58785ef39a7ac0923 - name: longhorn-crd - type: application - urls: - - released/assets/longhorn/longhorn-crd-1.1.001-rc00.tgz - version: 1.1.001-rc00 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: longhorn-system - catalog.cattle.io/release-name: longhorn-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.46526-08:00" - description: Installs the CRDs for longhorn. - digest: 2ca9ca1b7af582f9c0e89684e4624a4d4cfc1484ceee74f3cab9c22c7b4e823f + digest: 5d5f3a3493810aa0dfd263757819e00a8a483c5410c5ff4ff61f5d5fee3561b9 name: longhorn-crd type: application urls: @@ -1799,23 +504,9 @@ entries: catalog.cattle.io/namespace: longhorn-system catalog.cattle.io/release-name: longhorn-crd apiVersion: v1 - created: "2021-01-15T00:11:30.465077-08:00" + created: "2021-04-21T15:17:43.286363-07:00" description: Installs the CRDs for longhorn. - digest: 585f1161f2d231cdfe9abc44c9f7ef257cc217f611a617be76b590a7f6a32350 - name: longhorn-crd - type: application - urls: - - released/assets/longhorn/longhorn-crd-1.0.202.tgz - version: 1.0.202 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: longhorn-system - catalog.cattle.io/release-name: longhorn-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.464922-08:00" - description: Installs the CRDs for longhorn. - digest: 3b8908fb3dec0f0b70a7775a70fd3f1fc8cb1a4c1b72a7f564e6ccb3c11f94b1 + digest: 4da0eeeef78a45c8b0111bb66cfca1734088bcd9bb15b8bfd6712b0ab6320ca1 name: longhorn-crd type: application urls: @@ -1827,9 +518,9 @@ entries: catalog.cattle.io/namespace: longhorn-system catalog.cattle.io/release-name: longhorn-crd apiVersion: v1 - created: "2021-01-15T00:11:30.464762-08:00" + created: "2021-04-21T15:17:43.286127-07:00" description: Installs the CRDs for longhorn. - digest: 815331159012c16c6cd9816a10a38fcf03972d2f3a9f5fc97b8e0f87e937d10b + digest: c3fc8df8818d884c9df73999999834cebe41ce6567f60222792c2593ad853d31 name: longhorn-crd type: application urls: @@ -1843,7 +534,7 @@ entries: catalog.cattle.io/release-name: rancher-alerting-drivers apiVersion: v2 appVersion: 1.16.0 - created: "2021-04-21T19:30:59.638973174Z" + created: "2021-04-21T15:17:43.287633-07:00" dependencies: - condition: prom2teams.enabled name: prom2teams @@ -1853,66 +544,15 @@ entries: repository: file://./charts/sachet description: The manager for third-party webhook receivers used in Prometheus Alertmanager - digest: 4e6ae29c5ace7253df6d3ab03f365586dee5886983840252760dd1f4f745c36b + digest: c2b4935dbe8dc711267336813fe7e9a1fb6ef6f510603c44359a0ebe2a3883a7 keywords: - monitoring - alertmanger - webhook name: rancher-alerting-drivers urls: - - assets/rancher-alerting-drivers/rancher-alerting-drivers-1.0.100-rc03.tgz - version: 1.0.100-rc03 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Alerting Drivers - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-alerting-drivers - apiVersion: v2 - appVersion: 1.16.0 - created: "2021-04-15T21:48:24.628282101Z" - dependencies: - - condition: prom2teams.enabled - name: prom2teams - repository: file://./charts/prom2teams - - condition: sachet.enabled - name: sachet - repository: file://./charts/sachet - description: The manager for third-party webhook receivers used in Prometheus - Alertmanager - digest: c9433565bc0a26dda6db36eea1ea2d6e854577c87e8c7a10c3c68c4fbd9da9d0 - keywords: - - monitoring - - alertmanger - - webhook - name: rancher-alerting-drivers - urls: - - assets/rancher-alerting-drivers/rancher-alerting-drivers-1.0.100-rc02.tgz - version: 1.0.100-rc02 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Alerting Drivers - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-alerting-drivers - apiVersion: v2 - appVersion: 1.16.0 - created: "2021-04-15T00:36:31.046758531Z" - dependencies: - - condition: prom2teams.enabled - name: prom2teams - repository: file://./charts/prom2teams - - condition: sachet.enabled - name: sachet - repository: file://./charts/sachet - description: The manager for third-party webhook receivers used in the Alertmanger - digest: 17792f352254ecec55f48a1e77ea2f1f73d534b7a56541286c52fb41b7f026b5 - keywords: - - monitoring - - alertmanger - - webhook - name: rancher-alerting-drivers - urls: - - assets/rancher-alerting-drivers/rancher-alerting-drivers-1.0.100-rc01.tgz - version: 1.0.100-rc01 + - released/assets/rancher-alerting-drivers/rancher-alerting-drivers-1.0.100.tgz + version: 1.0.100 rancher-backup: - annotations: catalog.cattle.io/auto-install: rancher-backup-crd=match @@ -1926,42 +566,18 @@ entries: catalog.cattle.io/ui-component: rancher-backup apiVersion: v2 appVersion: 1.0.4 - created: "2021-04-06T18:12:22.566984745Z" + created: "2021-04-21T15:17:43.29061-07:00" description: Provides ability to back up and restore the Rancher application running on any Kubernetes cluster - digest: af2c73d66f7808f710d47df3f0e0053a2e500a1c7fe02fd7805bb2b1457d47e6 + digest: 92f52749b1289e1e8dcbb48183e7e0ab0ef2578af95a51c59447dc49dc6eb4fa icon: https://charts.rancher.io/assets/logos/backup-restore.svg keywords: - applications - infrastructure name: rancher-backup urls: - - assets/rancher-backup/rancher-backup-1.0.400-rc03.tgz - version: 1.0.400-rc03 - - annotations: - catalog.cattle.io/auto-install: rancher-backup-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Rancher Backups - catalog.cattle.io/namespace: cattle-resources-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: resources.cattle.io.resourceset/v1 - catalog.cattle.io/release-name: rancher-backup - catalog.cattle.io/scope: management - catalog.cattle.io/ui-component: rancher-backup - apiVersion: v2 - appVersion: 1.0.4 - created: "2021-03-19T21:11:36.466433266Z" - description: Provides ability to back up and restore the Rancher application running - on any Kubernetes cluster - digest: 5fd539770144cff99063b15c0e7b07e7fa0d61b906f7f741976d1f9aff56bdfd - icon: https://charts.rancher.io/assets/logos/backup-restore.svg - keywords: - - applications - - infrastructure - name: rancher-backup - urls: - - assets/rancher-backup/rancher-backup-1.0.400-rc02.tgz - version: 1.0.400-rc02 + - released/assets/rancher-backup/rancher-backup-1.0.400.tgz + version: 1.0.400 - annotations: catalog.cattle.io/auto-install: rancher-backup-crd=match catalog.cattle.io/certified: rancher @@ -1974,18 +590,18 @@ entries: catalog.cattle.io/ui-component: rancher-backup apiVersion: v1 appVersion: v1.0.3 - created: "2021-03-04T09:47:44.990624-08:00" + created: "2021-04-21T15:17:43.290137-07:00" description: Provides ability to back up and restore the Rancher application running on any Kubernetes cluster - digest: 7d6296d4c459042bb7f85543691ba807ae03cda6d42db22fcdafd01dbf49edea + digest: 21e586d307c78cc6a1321adaa89bef78719f0beca7f181c719cbca27691e6f5a icon: https://charts.rancher.io/assets/logos/backup-restore.svg keywords: - applications - infrastructure name: rancher-backup urls: - - released/assets/rancher-backup/rancher-backup-1.0.301-rc01.tgz - version: 1.0.301-rc01 + - released/assets/rancher-backup/rancher-backup-1.0.301.tgz + version: 1.0.301 - annotations: catalog.cattle.io/auto-install: rancher-backup-crd=match catalog.cattle.io/certified: rancher @@ -1998,34 +614,10 @@ entries: catalog.cattle.io/ui-component: rancher-backup apiVersion: v1 appVersion: v1.0.3 - created: "2021-03-04T09:47:44.989572-08:00" + created: "2021-04-21T15:17:43.289711-07:00" description: Provides ability to back up and restore the Rancher application running on any Kubernetes cluster - digest: 9f44f0901b03b9349242bc2b0e9cb6ec6b3e10f6583f605e3c3d8b87dc5f490c - icon: https://charts.rancher.io/assets/logos/backup-restore.svg - keywords: - - applications - - infrastructure - name: rancher-backup - urls: - - released/assets/rancher-backup/rancher-backup-1.0.301-rc00.tgz - version: 1.0.301-rc00 - - annotations: - catalog.cattle.io/auto-install: rancher-backup-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Rancher Backups - catalog.cattle.io/namespace: cattle-resources-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: resources.cattle.io.resourceset/v1 - catalog.cattle.io/release-name: rancher-backup - catalog.cattle.io/scope: management - catalog.cattle.io/ui-component: rancher-backup - apiVersion: v1 - appVersion: v1.0.3 - created: "2021-01-15T00:11:30.466548-08:00" - description: Provides ability to back up and restore the Rancher application running - on any Kubernetes cluster - digest: 9fe775b7260bad706159af83c256b93662902bfef01cc071f3f3bb780d9e18bc + digest: 733d4515a014e6c6d99f73db30d3143f7cef04a870b19a3b2f5eef5b09dbfc55 icon: https://charts.rancher.io/assets/logos/backup-restore.svg keywords: - applications @@ -2046,10 +638,10 @@ entries: catalog.cattle.io/ui-component: rancher-backup apiVersion: v1 appVersion: v1.0.2 - created: "2021-01-15T00:11:30.466109-08:00" + created: "2021-04-21T15:17:43.289279-07:00" description: Provides ability to back up and restore the Rancher application running on any Kubernetes cluster - digest: 931b45edda48b555f6c5c1179776787b615129f92026658100104e8f9a9012c5 + digest: bd39f041d51be323dd59dbbb0bae5c21b7ebbdca5f777972080254eb996595b4 icon: https://charts.rancher.io/assets/logos/backup-restore.svg keywords: - applications @@ -2069,10 +661,10 @@ entries: catalog.cattle.io/ui-component: rancher-backup apiVersion: v1 appVersion: v1.0.2 - created: "2021-01-15T00:11:30.465667-08:00" + created: "2021-04-21T15:17:43.288836-07:00" description: Provides ability to back up and restore the Rancher application running on any Kubernetes cluster - digest: 8c5375832bcb54fb3bc4d708ca22248e381bf1fcde8013a48a0b37d9a60e2375 + digest: a3a4fcd83c7332bfafe1ee03c17dbdb43765364e97dc19f297884334486196c7 icon: https://charts.rancher.io/assets/logos/backup-restore.svg keywords: - applications @@ -2089,66 +681,37 @@ entries: catalog.cattle.io/release-name: rancher-backup-crd apiVersion: v2 appVersion: 1.0.4 - created: "2021-04-15T17:26:22.1833423Z" + created: "2021-04-21T15:17:43.291591-07:00" description: Installs the CRDs for rancher-backup. - digest: 0c8a620d826dce7c5ef2edffda3b51caf8dbce3f15f412c25e7abc31988b234c + digest: e09b3e5d037d604a10365ec814104582c6eccd91af0ed42a738345c57edf903a name: rancher-backup-crd type: application urls: - - assets/rancher-backup-crd/rancher-backup-crd-1.0.400-rc03.tgz - version: 1.0.400-rc03 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-resources-system - catalog.cattle.io/release-name: rancher-backup-crd - apiVersion: v2 - appVersion: 1.0.4 - created: "2021-03-19T21:11:36.467133912Z" - description: Installs the CRDs for rancher-backup. - digest: caafbea7cdbcc266d2fd3f5e9379fb471a700eef94f2cfc864926aed230a9817 - name: rancher-backup-crd - type: application - urls: - - assets/rancher-backup-crd/rancher-backup-crd-1.0.400-rc02.tgz - version: 1.0.400-rc02 + - released/assets/rancher-backup-crd/rancher-backup-crd-1.0.400.tgz + version: 1.0.400 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" catalog.cattle.io/namespace: cattle-resources-system catalog.cattle.io/release-name: rancher-backup-crd apiVersion: v1 - created: "2021-03-04T09:47:44.99116-08:00" + created: "2021-04-21T15:17:43.291396-07:00" description: Installs the CRDs for rancher-backup. - digest: bfc3f4d5d64a7989eec4d518c36276acdc21f5fbb98ace02a80678d5caf390d5 + digest: 3dedeb53130cb1050147156b87c770ab40a023be25f4d3342678eb7d8a33362d name: rancher-backup-crd type: application urls: - - released/assets/rancher-backup/rancher-backup-crd-1.0.301-rc01.tgz - version: 1.0.301-rc01 + - released/assets/rancher-backup/rancher-backup-crd-1.0.301.tgz + version: 1.0.301 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" catalog.cattle.io/namespace: cattle-resources-system catalog.cattle.io/release-name: rancher-backup-crd apiVersion: v1 - created: "2021-03-04T09:47:44.99088-08:00" + created: "2021-04-21T15:17:43.291204-07:00" description: Installs the CRDs for rancher-backup. - digest: 472492587c7403c45544ee70a9cdaa6c20afe8367415e35aa934f048a7071eba - name: rancher-backup-crd - type: application - urls: - - released/assets/rancher-backup/rancher-backup-crd-1.0.301-rc00.tgz - version: 1.0.301-rc00 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-resources-system - catalog.cattle.io/release-name: rancher-backup-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.467126-08:00" - description: Installs the CRDs for rancher-backup. - digest: 8d6e14dccabb8477c1e27b3bfbab4f8751252d492152a2ac2640bbbb3ec6d4c4 + digest: da8413d2ecc169ba43aa5f6f3cb9da45c297140a1af2e702f11c4645f644c7e4 name: rancher-backup-crd type: application urls: @@ -2160,9 +723,9 @@ entries: catalog.cattle.io/namespace: cattle-resources-system catalog.cattle.io/release-name: rancher-backup-crd apiVersion: v1 - created: "2021-01-15T00:11:30.466935-08:00" + created: "2021-04-21T15:17:43.291003-07:00" description: Installs the CRDs for rancher-backup. - digest: ebf8da7907c5fce5f9dccf4c3fa540f76c296955cd466a15f3f88b41b8f7d3dd + digest: b42794ee6663cb35c6f40c1b43ce51f6b82d2f8efe06421c9b2a1cb7cea18503 name: rancher-backup-crd type: application urls: @@ -2174,9 +737,9 @@ entries: catalog.cattle.io/namespace: cattle-resources-system catalog.cattle.io/release-name: rancher-backup-crd apiVersion: v1 - created: "2021-01-15T00:11:30.46675-08:00" + created: "2021-04-21T15:17:43.290806-07:00" description: Installs the CRDs for rancher-backup. - digest: 7021563a39672f11d7af57f1769da179d3f059d5f2fe9e72c6a1a486a52eed73 + digest: 4d2cfbd4b413d0a86cd3c94a10a3316c44a668c79730a2a4063933aa0eb6e332 name: rancher-backup-crd type: application urls: @@ -2194,17 +757,17 @@ entries: catalog.cattle.io/ui-component: rancher-cis-benchmark apiVersion: v1 appVersion: v1.0.4 - created: "2021-04-09T23:21:12.566741379Z" + created: "2021-04-21T15:17:43.295709-07:00" description: The cis-operator enables running CIS benchmark security scans on a kubernetes cluster - digest: 1b2f82001209464614552b9a068c356a3426f46ab859c3dd5e3bbf860259abb2 + digest: 52aa43c6ae9db78a53d019cf5283e8bcbc38134f91862496c4b2fa2b0c8548b5 icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg keywords: - security name: rancher-cis-benchmark urls: - - assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.402-rc00.tgz - version: 1.0.402-rc00 + - released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.402.tgz + version: 1.0.402 - annotations: catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match catalog.cattle.io/certified: rancher @@ -2216,61 +779,17 @@ entries: catalog.cattle.io/ui-component: rancher-cis-benchmark apiVersion: v1 appVersion: v1.0.4 - created: "2021-04-15T21:24:07.197772144Z" + created: "2021-04-21T15:17:43.294596-07:00" description: The cis-operator enables running CIS benchmark security scans on a kubernetes cluster - digest: c244a44f87f1da19aa659da94e4280bac53925594c7f915b39d9ec5a7ca864a2 + digest: 7df9c288b901b484b58ff44d619169069d0951e283749e20b6049d5dd4b0e289 icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg keywords: - security name: rancher-cis-benchmark urls: - - assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.400-rc03.tgz - version: 1.0.400-rc03 - - annotations: - catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: CIS Benchmark - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 - catalog.cattle.io/release-name: rancher-cis-benchmark - catalog.cattle.io/ui-component: rancher-cis-benchmark - apiVersion: v1 - appVersion: v1.0.4 - created: "2021-04-12T17:32:41.161236616Z" - description: The cis-operator enables running CIS benchmark security scans on - a kubernetes cluster - digest: ef5a38f090505b3a993d9e399f7e132b13878c1a987c3d407553d96ad9b71f10 - icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg - keywords: - - security - name: rancher-cis-benchmark - urls: - - assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.400-rc02.tgz - version: 1.0.400-rc02 - - annotations: - catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: CIS Benchmark - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 - catalog.cattle.io/release-name: rancher-cis-benchmark - catalog.cattle.io/ui-component: rancher-cis-benchmark - apiVersion: v1 - appVersion: v1.0.4 - created: "2021-04-06T22:40:50.996509533Z" - description: The cis-operator enables running CIS benchmark security scans on - a kubernetes cluster - digest: 6cf3883441691b96775bf5ef7a0a8983b4ce147651125ad5351f6d3373ebe236 - icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg - keywords: - - security - name: rancher-cis-benchmark - urls: - - assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.400-rc01.tgz - version: 1.0.400-rc01 + - released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.400.tgz + version: 1.0.400 - annotations: catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match catalog.cattle.io/certified: rancher @@ -2282,17 +801,17 @@ entries: catalog.cattle.io/ui-component: rancher-cis-benchmark apiVersion: v1 appVersion: v1.0.3 - created: "2021-03-19T19:06:09.747464838Z" + created: "2021-04-21T15:17:43.293828-07:00" description: The cis-operator enables running CIS benchmark security scans on a kubernetes cluster - digest: e4e71c09635bf2c56580c7031ba3c0336e1b3376b34049db60e9ceb755a26dbd + digest: c548033c5ec3822f2c89f0a1a19e3f4ce063f59a4ee021523642886ec3bf13a2 icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg keywords: - security name: rancher-cis-benchmark urls: - - assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.400-rc00.tgz - version: 1.0.400-rc00 + - released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.301.tgz + version: 1.0.301 - annotations: catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match catalog.cattle.io/certified: rancher @@ -2304,54 +823,10 @@ entries: catalog.cattle.io/ui-component: rancher-cis-benchmark apiVersion: v1 appVersion: v1.0.3 - created: "2021-03-04T09:47:44.992387-08:00" + created: "2021-04-21T15:17:43.293294-07:00" description: The cis-operator enables running CIS benchmark security scans on a kubernetes cluster - digest: 5e389e57302f2f4ee674490e0ca7dcd4d78b2afd0f038d840dac974b77d66ede - icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg - keywords: - - security - name: rancher-cis-benchmark - urls: - - released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.301-rc01.tgz - version: 1.0.301-rc01 - - annotations: - catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: CIS Benchmark - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 - catalog.cattle.io/release-name: rancher-cis-benchmark - catalog.cattle.io/ui-component: rancher-cis-benchmark - apiVersion: v1 - appVersion: v1.0.3 - created: "2021-03-04T09:47:44.991803-08:00" - description: The cis-operator enables running CIS benchmark security scans on - a kubernetes cluster - digest: 6fec0634cd92f79fa192e7860fd99babb104e0350a9007a9923e8439b761ff08 - icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg - keywords: - - security - name: rancher-cis-benchmark - urls: - - released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.301-rc00.tgz - version: 1.0.301-rc00 - - annotations: - catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: CIS Benchmark - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 - catalog.cattle.io/release-name: rancher-cis-benchmark - catalog.cattle.io/ui-component: rancher-cis-benchmark - apiVersion: v1 - appVersion: v1.0.3 - created: "2021-01-15T00:11:30.468452-08:00" - description: The cis-operator enables running CIS benchmark security scans on - a kubernetes cluster - digest: af499c4fbd67e594057e97ac025011c52f0e02d6f7571532b7f5a2b19ed19035 + digest: 2cce59f4f78b975edd93b0d707c5282fa44a6fa1f19d702ed4be8c221170c8d1 icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg keywords: - security @@ -2370,10 +845,10 @@ entries: catalog.cattle.io/ui-component: rancher-cis-benchmark apiVersion: v1 appVersion: v1.0.2 - created: "2021-01-15T00:11:30.46796-08:00" + created: "2021-04-21T15:17:43.292755-07:00" description: The cis-operator enables running CIS benchmark security scans on a kubernetes cluster - digest: b234bbf851d0c5bf1cb02e51ea647d95d53e9f2302b1e68518eadb694f345a1c + digest: b3a6ce49c5e6918a1658f682fdf25e241d9638fde4b8c046a70562c13228c8c0 icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg keywords: - security @@ -2391,10 +866,10 @@ entries: catalog.cattle.io/ui-component: rancher-cis-benchmark apiVersion: v1 appVersion: v1.0.1 - created: "2021-01-15T00:11:30.46754-08:00" + created: "2021-04-21T15:17:43.291987-07:00" description: The cis-operator enables running CIS benchmark security scans on a kubernetes cluster - digest: 0d4ff5981f5ee48fca8a887ab0608888f85f97285175c46d7320c6987f167d4f + digest: 407c19666ce5c083c50d8ef2cbc4fbc26b811106bbfc6b3d25a659a593c0aa3c icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg keywords: - security @@ -2409,107 +884,51 @@ entries: catalog.cattle.io/namespace: cis-operator-system catalog.cattle.io/release-name: rancher-cis-benchmark-crd apiVersion: v1 - created: "2021-04-09T23:21:12.567872557Z" + created: "2021-04-21T15:17:43.297146-07:00" description: Installs the CRDs for rancher-cis-benchmark. - digest: 00e60fe270f74e664daac82396f45704c317cbd3f469f8ec1cd66aa08206484b + digest: 6c83ac0192359d5c6e5fa4d64ab8564a42a98d42f26cf6a9c8cfaa1ffd025889 name: rancher-cis-benchmark-crd type: application urls: - - assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.402-rc00.tgz - version: 1.0.402-rc00 + - released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.402.tgz + version: 1.0.402 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" catalog.cattle.io/namespace: cis-operator-system catalog.cattle.io/release-name: rancher-cis-benchmark-crd apiVersion: v1 - created: "2021-04-15T21:24:07.199870681Z" + created: "2021-04-21T15:17:43.29692-07:00" description: Installs the CRDs for rancher-cis-benchmark. - digest: a59c001dfa8b2f6cf30bc02ee90b3cd7d8e514cf9828b1d16226f66a0c4f0451 + digest: d7b87dd4103e588bba20c87debe41617e75b55752c89d9a3dcc024eff3f775c7 name: rancher-cis-benchmark-crd type: application urls: - - assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.400-rc03.tgz - version: 1.0.400-rc03 + - released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.400.tgz + version: 1.0.400 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" catalog.cattle.io/namespace: cis-operator-system catalog.cattle.io/release-name: rancher-cis-benchmark-crd apiVersion: v1 - created: "2021-04-12T17:32:41.163425823Z" + created: "2021-04-21T15:17:43.296685-07:00" description: Installs the CRDs for rancher-cis-benchmark. - digest: 8c5e8bd0587f16309a9a586914117f613e0e451fc462cee7a1761d16656666ef + digest: cabb44716892582bee08bd13c48caa3863c9f53218f2ffa1f1bc123ae7234d5a name: rancher-cis-benchmark-crd type: application urls: - - assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.400-rc02.tgz - version: 1.0.400-rc02 + - released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.301.tgz + version: 1.0.301 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" catalog.cattle.io/namespace: cis-operator-system catalog.cattle.io/release-name: rancher-cis-benchmark-crd apiVersion: v1 - created: "2021-04-06T22:40:50.99747654Z" + created: "2021-04-21T15:17:43.296387-07:00" description: Installs the CRDs for rancher-cis-benchmark. - digest: c45c3c7e9a5500376c75f2c5b96f24c25abc1e0ca98524913a69ba8c0445f776 - name: rancher-cis-benchmark-crd - type: application - urls: - - assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.400-rc01.tgz - version: 1.0.400-rc01 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/release-name: rancher-cis-benchmark-crd - apiVersion: v1 - created: "2021-04-05T19:37:04.719390435Z" - description: Installs the CRDs for rancher-cis-benchmark. - digest: f60d4f0e1c3d1c0824eb920b825f3d9ccd1b0738953c695acfa215974ac0d334 - name: rancher-cis-benchmark-crd - type: application - urls: - - assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.400-rc00.tgz - version: 1.0.400-rc00 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/release-name: rancher-cis-benchmark-crd - apiVersion: v1 - created: "2021-03-04T09:47:44.992822-08:00" - description: Installs the CRDs for rancher-cis-benchmark. - digest: 2fa5d4eb62b76871efccfcdc5c0d4125b1bccc0e2bb498732938ba23ed3bd8fb - name: rancher-cis-benchmark-crd - type: application - urls: - - released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.301-rc01.tgz - version: 1.0.301-rc01 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/release-name: rancher-cis-benchmark-crd - apiVersion: v1 - created: "2021-03-04T09:47:44.992608-08:00" - description: Installs the CRDs for rancher-cis-benchmark. - digest: 1f210946fe8e6b3b2b656ea6488536fb942f4ab8202ad6cf265a211e792260b4 - name: rancher-cis-benchmark-crd - type: application - urls: - - released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.301-rc00.tgz - version: 1.0.301-rc00 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/release-name: rancher-cis-benchmark-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.469354-08:00" - description: Installs the CRDs for rancher-cis-benchmark. - digest: 4a4fbd34ab72796c4780acb6ad99de5dad5f5f54edbd9dad281fc886c3a8b184 + digest: 20d71a2ae15f77913229f809c4acf5924f988a0cfc09061306d65c45899618ce name: rancher-cis-benchmark-crd type: application urls: @@ -2521,23 +940,9 @@ entries: catalog.cattle.io/namespace: cis-operator-system catalog.cattle.io/release-name: rancher-cis-benchmark-crd apiVersion: v1 - created: "2021-03-19T19:06:09.747702548Z" + created: "2021-04-21T15:17:43.296154-07:00" description: Installs the CRDs for rancher-cis-benchmark. - digest: c1c3fe4a892be9bac7f9f262f1df424790110d606b08f6e059381b0681e68dc3 - name: rancher-cis-benchmark-crd - type: application - urls: - - assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.300-rc00.tgz - version: 1.0.300-rc00 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/release-name: rancher-cis-benchmark-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.468842-08:00" - description: Installs the CRDs for rancher-cis-benchmark. - digest: 1da104dc221a9772a21e67ef787919cc191d6df3ccdf019f464e3091d6ed0703 + digest: b12e7bc934602f88087b34540446a2cdc8af5cb30ede6d4d3a48dc29ded1daaa name: rancher-cis-benchmark-crd type: application urls: @@ -2549,9 +954,9 @@ entries: catalog.cattle.io/namespace: cis-operator-system catalog.cattle.io/release-name: rancher-cis-benchmark-crd apiVersion: v1 - created: "2021-01-15T00:11:30.468647-08:00" + created: "2021-04-21T15:17:43.295939-07:00" description: Installs the CRDs for rancher-cis-benchmark. - digest: cc33de77923232bda5875b6568522cffe8950e2d9bb3793ee30978c5257f4354 + digest: 2be8b1e2aa24e83d8b20439d0b0343851fbd32495306d38d5d20c62d95b0a8b5 name: rancher-cis-benchmark-crd type: application urls: @@ -2567,10 +972,10 @@ entries: catalog.cattle.io/ui-component: rancher-external-ip-webhook apiVersion: v1 appVersion: v0.1.6 - created: "2021-03-04T09:47:44.994223-08:00" + created: "2021-04-21T15:17:43.299354-07:00" description: | Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554 - digest: 7a196d304a2bad5e585fae961188861da5bb84679e576b6882ebf3fd6640137e + digest: 14ed8a7f5417a863a325a65d1f9ca1e6a686e36964a1b9bde249abe05d530fad home: https://github.com/rancher/externalip-webhook keywords: - cve @@ -2584,8 +989,8 @@ entries: sources: - https://github.com/rancher/externalip-webhook urls: - - released/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.601-rc01.tgz - version: 0.1.601-rc01 + - released/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.601.tgz + version: 0.1.601 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/display-name: External IP Webhook @@ -2595,38 +1000,10 @@ entries: catalog.cattle.io/ui-component: rancher-external-ip-webhook apiVersion: v1 appVersion: v0.1.6 - created: "2021-03-04T09:47:44.993541-08:00" + created: "2021-04-21T15:17:43.298627-07:00" description: | Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554 - digest: 6294a812fd938166bfb8f0f9d84d3eeb47f9387040d74837ff0127b89e1850de - home: https://github.com/rancher/externalip-webhook - keywords: - - cve - - externalip - - webhook - - security - maintainers: - - email: raul@rancher.com - name: rawmind0 - name: rancher-external-ip-webhook - sources: - - https://github.com/rancher/externalip-webhook - urls: - - released/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.601-rc00.tgz - version: 0.1.601-rc00 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: External IP Webhook - catalog.cattle.io/namespace: cattle-externalip-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-external-ip-webhook - catalog.cattle.io/ui-component: rancher-external-ip-webhook - apiVersion: v1 - appVersion: v0.1.6 - created: "2021-01-15T00:11:30.471579-08:00" - description: | - Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554 - digest: 70c430a933e17279605936c73b17cbd192f7f86da0573d6c2a6dbdf745a5c7af + digest: 245d80daa0b7c6316217b2ec9df111060fe6762728a5d9adfb163d7afd02fc9b home: https://github.com/rancher/externalip-webhook keywords: - cve @@ -2642,34 +1019,6 @@ entries: urls: - released/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.600.tgz version: 0.1.600 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: External IP Webhook - catalog.cattle.io/namespace: cattle-externalip-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-external-ip-webhook - catalog.cattle.io/ui-component: rancher-external-ip-webhook - apiVersion: v1 - appVersion: v0.1.5 - created: "2021-01-15T00:11:30.47095-08:00" - description: | - Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554 - digest: a272ec4ad785095ed827d087b8976c7f327e1f28a6ab0cdb7a839580487c40fb - home: https://github.com/rancher/externalip-webhook - keywords: - - cve - - externalip - - webhook - - security - maintainers: - - email: raul@rancher.com - name: rawmind0 - name: rancher-external-ip-webhook - sources: - - https://github.com/rancher/externalip-webhook - urls: - - released/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.500.tgz - version: 0.1.500 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/display-name: External IP Webhook @@ -2679,10 +1028,10 @@ entries: catalog.cattle.io/ui-component: rancher-external-ip-webhook apiVersion: v1 appVersion: v0.1.4 - created: "2021-01-15T00:11:30.47031-08:00" + created: "2021-04-21T15:17:43.297897-07:00" description: | Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554 - digest: 207982df2b8b709b2ac2c9bc9ccda6955bebc6c7866e3531391e7905eafb154e + digest: 7fa93b5a3f3e9bd5ebcf0e8cc670441a5fd63dd611ee0843e08a6521fa315838 home: https://github.com/rancher/externalip-webhook keywords: - cve @@ -2710,10 +1059,10 @@ entries: catalog.cattle.io/ui-component: gatekeeper apiVersion: v1 appVersion: v3.3.0 - created: "2021-03-19T19:06:09.750843884Z" + created: "2021-04-21T15:17:43.302857-07:00" description: Modifies Open Policy Agent's upstream gatekeeper chart that provides policy-based control for cloud native environments - digest: 704bd0ff8114dd0786a67a16d3573d7d96b1abeab6d25a6741e5acaa439595c5 + digest: 5bc10dd9e274f48ed25eb3e37de512e9f89cb5e9a10f55bfc3ea9dad4b9c04cd home: https://github.com/open-policy-agent/gatekeeper icon: https://charts.rancher.io/assets/logos/gatekeeper.svg keywords: @@ -2723,8 +1072,8 @@ entries: sources: - https://github.com/open-policy-agent/gatekeeper.git urls: - - assets/rancher-gatekeeper/rancher-gatekeeper-3.3.001-rc00.tgz - version: 3.3.001-rc00 + - released/assets/rancher-gatekeeper/rancher-gatekeeper-3.3.001.tgz + version: 3.3.001 - annotations: catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match catalog.cattle.io/certified: rancher @@ -2736,10 +1085,10 @@ entries: catalog.cattle.io/ui-component: gatekeeper apiVersion: v1 appVersion: v3.3.0 - created: "2021-03-04T09:47:44.995577-08:00" + created: "2021-04-21T15:17:43.302108-07:00" description: Modifies Open Policy Agent's upstream gatekeeper chart that provides policy-based control for cloud native environments - digest: f912c6f2f214dca2e07810c0ca88904c58909f392e10cdf8a9c43dcafaf4de46 + digest: cdd2cb75ded06543e55124c5086a12c06e323c0398319e8c8984c73e19dd58bc home: https://github.com/open-policy-agent/gatekeeper icon: https://charts.rancher.io/assets/logos/gatekeeper.svg keywords: @@ -2749,34 +1098,8 @@ entries: sources: - https://github.com/open-policy-agent/gatekeeper.git urls: - - released/assets/rancher-gatekeeper/rancher-gatekeeper-3.3.000-rc02.tgz - version: 3.3.000-rc02 - - annotations: - catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: OPA Gatekeeper - catalog.cattle.io/namespace: cattle-gatekeeper-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: config.gatekeeper.sh.config/v1alpha1 - catalog.cattle.io/release-name: rancher-gatekeeper - catalog.cattle.io/ui-component: gatekeeper - apiVersion: v1 - appVersion: v3.3.0 - created: "2021-03-04T09:47:44.994894-08:00" - description: Modifies Open Policy Agent's upstream gatekeeper chart that provides - policy-based control for cloud native environments - digest: 9b6b061a749d2fd7d112753db206e27f472dda6d597fe7f5baea7bf37dcacec2 - home: https://github.com/open-policy-agent/gatekeeper - icon: https://charts.rancher.io/assets/logos/gatekeeper.svg - keywords: - - open policy agent - - security - name: rancher-gatekeeper - sources: - - https://github.com/open-policy-agent/gatekeeper.git - urls: - - released/assets/rancher-gatekeeper/rancher-gatekeeper-3.3.000-rc01.tgz - version: 3.3.000-rc01 + - released/assets/rancher-gatekeeper/rancher-gatekeeper-3.3.000.tgz + version: 3.3.000 - annotations: catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match catalog.cattle.io/certified: rancher @@ -2789,10 +1112,10 @@ entries: catalog.cattle.io/ui-component: gatekeeper apiVersion: v1 appVersion: v3.2.1 - created: "2021-01-15T00:11:30.47384-08:00" + created: "2021-04-21T15:17:43.301331-07:00" description: Modifies Open Policy Agent's upstream gatekeeper chart that provides policy-based control for cloud native environments - digest: f6da9f05a9bf5ffbe59780c578624db93979d6e3c4b3d69e90e5090007aec52d + digest: 3d0e961fc109e051f08edacf9e541e5ad1c0c65f046cae72459df0ca4aa22312 home: https://github.com/open-policy-agent/gatekeeper icon: https://charts.rancher.io/assets/logos/gatekeeper.svg keywords: @@ -2804,33 +1127,6 @@ entries: urls: - released/assets/rancher-gatekeeper/rancher-gatekeeper-3.2.101.tgz version: 3.2.101 - - annotations: - catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: OPA Gatekeeper - catalog.cattle.io/experimental: "true" - catalog.cattle.io/namespace: cattle-gatekeeper-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: config.gatekeeper.sh.config/v1alpha1 - catalog.cattle.io/release-name: rancher-gatekeeper - catalog.cattle.io/ui-component: gatekeeper - apiVersion: v1 - appVersion: v3.2.1 - created: "2021-01-15T00:11:30.473251-08:00" - description: Modifies Open Policy Agent's upstream gatekeeper chart that provides - policy-based control for cloud native environments - digest: 42a1e00cad97b74471506ba628366e005657b71fa38808c438faf239b082bb38 - home: https://github.com/open-policy-agent/gatekeeper - icon: https://charts.rancher.io/assets/logos/gatekeeper.svg - keywords: - - open policy agent - - security - name: rancher-gatekeeper - sources: - - https://github.com/open-policy-agent/gatekeeper.git - urls: - - released/assets/rancher-gatekeeper/rancher-gatekeeper-3.2.100.tgz - version: 3.2.100 - annotations: catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match catalog.cattle.io/certified: rancher @@ -2842,10 +1138,10 @@ entries: catalog.cattle.io/release-name: rancher-gatekeeper apiVersion: v1 appVersion: v3.1.1 - created: "2021-01-15T00:11:30.472662-08:00" + created: "2021-04-21T15:17:43.300624-07:00" description: Modifies Open Policy Agent's upstream gatekeeper chart that provides policy-based control for cloud native environments - digest: 8fdc03791c93b6d6f6d81edf27988c5a31c3c5bc113da8d8520ec534af087393 + digest: 36aebc7718e4afd4d9bb65775276d2288eb0de27192d0d290553a7c7087d7f3f home: https://github.com/open-policy-agent/gatekeeper icon: https://charts.rancher.io/assets/logos/gatekeeper.svg keywords: @@ -2867,10 +1163,10 @@ entries: catalog.cattle.io/release-name: rancher-gatekeeper apiVersion: v1 appVersion: v3.1.1 - created: "2021-01-15T00:11:30.472104-08:00" + created: "2021-04-21T15:17:43.299986-07:00" description: Modifies Open Policy Agent's upstream gatekeeper chart that provides policy-based control for cloud native environments - digest: 5c0c935a6935ce109015e1b86bb4f435c0fe1aad7ee2ad858e01bae57c3425c1 + digest: 15a4540b7e32c62157c37cfdb9230ce4b11c5837a2f3734378fcd7ec9c824559 home: https://github.com/open-policy-agent/gatekeeper icon: https://charts.rancher.io/assets/logos/gatekeeper.svg keywords: @@ -2889,42 +1185,28 @@ entries: catalog.cattle.io/namespace: cattle-gatekeeper-system catalog.cattle.io/release-name: rancher-gatekeeper-crd apiVersion: v1 - created: "2021-03-19T19:06:09.751643119Z" + created: "2021-04-21T15:17:43.305152-07:00" description: Installs the CRDs for rancher-gatekeeper. - digest: 3aa8a1c82e5ba772e1edee2a1c4cc38452eab2e3761a01bbaeea15dead79b03c + digest: 6313419fd955e77bc1590b16b3282541003a5842fc5bc40b4567ffd13bad2e55 name: rancher-gatekeeper-crd type: application urls: - - assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.3.001-rc00.tgz - version: 3.3.001-rc00 + - released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.3.001.tgz + version: 3.3.001 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" catalog.cattle.io/namespace: cattle-gatekeeper-system catalog.cattle.io/release-name: rancher-gatekeeper-crd apiVersion: v1 - created: "2021-03-04T09:47:44.996313-08:00" + created: "2021-04-21T15:17:43.304815-07:00" description: Installs the CRDs for rancher-gatekeeper. - digest: 03e26e336f2b82b0c09b1191e7cd6cebf5e3c5de46666307e9426e78ef487c18 + digest: 48a03a80fadacabc507fec107dbed749d94fafbef0d26e4eb37e92c974a7c56b name: rancher-gatekeeper-crd type: application urls: - - released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.3.000-rc02.tgz - version: 3.3.000-rc02 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-gatekeeper-system - catalog.cattle.io/release-name: rancher-gatekeeper-crd - apiVersion: v1 - created: "2021-03-04T09:47:44.995914-08:00" - description: Installs the CRDs for rancher-gatekeeper. - digest: ad678c2f7b1bf62c2d3f102847e2bf0920e6e41a6919dce6039385c6e70a8c52 - name: rancher-gatekeeper-crd - type: application - urls: - - released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.3.000-rc01.tgz - version: 3.3.000-rc01 + - released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.3.000.tgz + version: 3.3.000 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/experimental: "true" @@ -2932,9 +1214,9 @@ entries: catalog.cattle.io/namespace: cattle-gatekeeper-system catalog.cattle.io/release-name: rancher-gatekeeper-crd apiVersion: v1 - created: "2021-01-15T00:11:30.474788-08:00" + created: "2021-04-21T15:17:43.304479-07:00" description: Installs the CRDs for rancher-gatekeeper. - digest: 1118f66a1f8f8c192bb1793bcddb0b98af0db43b429df684b916c2e76b51486a + digest: 34f449b69d1b50ff1743ae3b1e81553aec3f0a70c8ac7572c60071a8271b53e2 name: rancher-gatekeeper-crd type: application urls: @@ -2947,24 +1229,9 @@ entries: catalog.cattle.io/namespace: cattle-gatekeeper-system catalog.cattle.io/release-name: rancher-gatekeeper-crd apiVersion: v1 - created: "2021-01-15T00:11:30.474498-08:00" + created: "2021-04-21T15:17:43.303565-07:00" description: Installs the CRDs for rancher-gatekeeper. - digest: 4900e53e49c6bdca47af9b37b3d7a7dfe4e16da027a3aaea69f4a211c5ced3c1 - name: rancher-gatekeeper-crd - type: application - urls: - - released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.2.100.tgz - version: 3.2.100 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-gatekeeper-system - catalog.cattle.io/release-name: rancher-gatekeeper-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.474283-08:00" - description: Installs the CRDs for rancher-gatekeeper. - digest: 25beb2fd49cefa59dfcee5e7a24866eb148ab264ee4c49f368589d3e92d7e269 + digest: e3da4139207bfa07850db780574a028b5e32c66c1ee57b706fb13fdec5311514 name: rancher-gatekeeper-crd type: application urls: @@ -2977,9 +1244,9 @@ entries: catalog.cattle.io/namespace: cattle-gatekeeper-system catalog.cattle.io/release-name: rancher-gatekeeper-crd apiVersion: v1 - created: "2021-01-15T00:11:30.474068-08:00" + created: "2021-04-21T15:17:43.303138-07:00" description: Installs the CRDs for rancher-gatekeeper. - digest: ea6fca92a928c90b9539825af19f69378a608e189fcd0f06043b1213bb94cdaf + digest: 89d80de1bea71d134b19e6092ae123c08173c172a5201d54b4baa6afedea3855 name: rancher-gatekeeper-crd type: application urls: @@ -2994,9 +1261,9 @@ entries: catalog.rancher.io/release-name: rancher-grafana apiVersion: v2 appVersion: 7.4.5 - created: "2021-04-07T19:45:48.128527365Z" + created: "2021-04-21T15:17:43.30701-07:00" description: The leading tool for querying and visualizing time series and metrics. - digest: 69f23123ec3971f85b620c12778dd63a092daf95feeba3ada0a616b77e0e2ab1 + digest: f6e7fd0c6148db8e20a986fd7d8cab5865cdce2f2d23bdd1489a28f7210b2ac5 home: https://grafana.net icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png kubeVersion: ^1.8.0-0 @@ -3016,11 +1283,11 @@ entries: - https://github.com/grafana/grafana type: application urls: - - assets/rancher-grafana/rancher-grafana-6.6.401-rc00.tgz - version: 6.6.401-rc00 + - released/assets/rancher-grafana/rancher-grafana-6.6.401.tgz + version: 6.6.401 rancher-istio: - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.32.100-rc01 + catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.32.100 catalog.cattle.io/certified: rancher catalog.cattle.io/display-name: Istio catalog.cattle.io/namespace: istio-system @@ -3032,7 +1299,7 @@ entries: catalog.cattle.io/ui-component: istio apiVersion: v1 appVersion: 1.9.3 - created: "2021-04-19T16:16:38.168332974Z" + created: "2021-04-21T15:17:43.323625-07:00" dependencies: - condition: kiali.enabled name: kiali @@ -3042,17 +1309,17 @@ entries: repository: file://./charts/tracing description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ for details. - digest: 3059579374a09651dcd2d5ad98c40543fbd0fe840daa8cced51044445508cfa7 + digest: f5da2c5292b4ecfc72ba48b5ccdb9716df305aa2db7316de146dbd52d8b7f785 icon: https://charts.rancher.io/assets/logos/istio.svg keywords: - networking - infrastructure name: rancher-istio urls: - - assets/rancher-istio-1.9/rancher-istio-1.9.300-rc01.tgz - version: 1.9.300-rc01 + - released/assets/rancher-istio-1.9/rancher-istio-1.9.300.tgz + version: 1.9.300 - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.32.100-rc01 + catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.32.100 catalog.cattle.io/certified: rancher catalog.cattle.io/display-name: Istio catalog.cattle.io/namespace: istio-system @@ -3064,7 +1331,7 @@ entries: catalog.cattle.io/ui-component: istio apiVersion: v1 appVersion: 1.9.2 - created: "2021-04-12T16:14:26.991925247Z" + created: "2021-04-21T15:17:43.321342-07:00" dependencies: - condition: kiali.enabled name: kiali @@ -3074,49 +1341,17 @@ entries: repository: file://./charts/tracing description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ for details. - digest: 5d90dffbb8b4bbb44e11e0754e5f7e729709342fb317da46f46d7f0c001e485e + digest: ba78e8e2d4188847e29b19d52ef7d3e534d9a15ed7198f6cdd64f6a89777e71c icon: https://charts.rancher.io/assets/logos/istio.svg keywords: - networking - infrastructure name: rancher-istio urls: - - assets/rancher-istio-1.9/rancher-istio-1.9.200-rc02.tgz - version: 1.9.200-rc02 + - released/assets/rancher-istio-1.9/rancher-istio-1.9.200.tgz + version: 1.9.200 - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.29.100-rc01 - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Istio - catalog.cattle.io/namespace: istio-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1 - catalog.cattle.io/release-name: rancher-istio - catalog.cattle.io/requests-cpu: 710m - catalog.cattle.io/requests-memory: 2314Mi - catalog.cattle.io/ui-component: istio - apiVersion: v1 - appVersion: 1.9.2 - created: "2021-04-09T23:52:20.298357002Z" - dependencies: - - condition: kiali.enabled - name: kiali - repository: file://./charts/kiali - - condition: tracing.enabled - name: tracing - repository: file://./charts/tracing - description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ - for details. - digest: 831b0c704be191da3d0b1db1b0dd1dc8280515d04d4698b95090c5186a70d99c - icon: https://charts.rancher.io/assets/logos/istio.svg - keywords: - - networking - - infrastructure - name: rancher-istio - urls: - - assets/rancher-istio-1.9/rancher-istio-1.9.200-rc01.tgz - version: 1.9.200-rc01 - - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.32.100-rc01 + catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.32.100 catalog.cattle.io/certified: rancher catalog.cattle.io/display-name: Istio catalog.cattle.io/namespace: istio-system @@ -3128,7 +1363,7 @@ entries: catalog.cattle.io/ui-component: istio apiVersion: v1 appVersion: 1.8.5 - created: "2021-04-19T16:16:38.160496683Z" + created: "2021-04-21T15:17:43.319606-07:00" dependencies: - condition: kiali.enabled name: kiali @@ -3138,17 +1373,17 @@ entries: repository: file://./charts/tracing description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ for details. - digest: dc5046c45f15be0cfcd219d4d87bc73bd9e50f575260c4918a719c93e5f69c7d + digest: c3e7097d65a475fb2850ede67f6be8ded4b66f696b0a5ee2960fbb69da08c666 icon: https://charts.rancher.io/assets/logos/istio.svg keywords: - networking - infrastructure name: rancher-istio urls: - - assets/rancher-istio-1.8/rancher-istio-1.8.500-rc01.tgz - version: 1.8.500-rc01 + - released/assets/rancher-istio-1.8/rancher-istio-1.8.500.tgz + version: 1.8.500 - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.32.100-rc01 + catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.32.100 catalog.cattle.io/certified: rancher catalog.cattle.io/display-name: Istio catalog.cattle.io/namespace: istio-system @@ -3160,7 +1395,7 @@ entries: catalog.cattle.io/ui-component: istio apiVersion: v1 appVersion: 1.8.4 - created: "2021-04-12T16:14:26.984823056Z" + created: "2021-04-21T15:17:43.317887-07:00" dependencies: - condition: kiali.enabled name: kiali @@ -3170,49 +1405,17 @@ entries: repository: file://./charts/tracing description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ for details. - digest: 8ee32e27c2dd471aeb9a3a1c3794738e6d795cad8fc8a92adb8ac74c61d60904 + digest: 4c3c054bef53e62ba840c3819cf1351d1381d8e2da20bbb959b17f52c3ea6423 icon: https://charts.rancher.io/assets/logos/istio.svg keywords: - networking - infrastructure name: rancher-istio urls: - - assets/rancher-istio-1.8/rancher-istio-1.8.400-rc02.tgz - version: 1.8.400-rc02 + - released/assets/rancher-istio-1.8/rancher-istio-1.8.400.tgz + version: 1.8.400 - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.29.100-rc01 - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Istio - catalog.cattle.io/namespace: istio-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1 - catalog.cattle.io/release-name: rancher-istio - catalog.cattle.io/requests-cpu: 710m - catalog.cattle.io/requests-memory: 2314Mi - catalog.cattle.io/ui-component: istio - apiVersion: v1 - appVersion: 1.8.4 - created: "2021-04-09T23:52:20.295826839Z" - dependencies: - - condition: kiali.enabled - name: kiali - repository: file://./charts/kiali - - condition: tracing.enabled - name: tracing - repository: file://./charts/tracing - description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ - for details. - digest: 09298ac04dc8001c41b6c4366a660c8b12c6b52b699205ee0e5941cc20cf9b2a - icon: https://charts.rancher.io/assets/logos/istio.svg - keywords: - - networking - - infrastructure - name: rancher-istio - urls: - - assets/rancher-istio-1.8/rancher-istio-1.8.400-rc01.tgz - version: 1.8.400-rc01 - - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.29.100-rc01 + catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.29.100 catalog.cattle.io/certified: rancher catalog.cattle.io/display-name: Istio catalog.cattle.io/namespace: istio-system @@ -3224,7 +1427,7 @@ entries: catalog.cattle.io/ui-component: istio apiVersion: v1 appVersion: 1.8.3 - created: "2021-04-08T21:20:12.908647816Z" + created: "2021-04-21T15:17:43.316196-07:00" dependencies: - condition: kiali.enabled name: kiali @@ -3234,17 +1437,17 @@ entries: repository: file://./charts/tracing description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ for details. - digest: d4fd53635e7b3a8bc0c429ecbbb4d1003f854b7c7b94e58bc66f226593431611 + digest: c2dfe5130b838e4ae62daa5ee72783dee62c4ff93a32393a7598db8e70a11580 icon: https://charts.rancher.io/assets/logos/istio.svg keywords: - networking - infrastructure name: rancher-istio urls: - - assets/rancher-istio-1.8/rancher-istio-1.8.301-rc00.tgz - version: 1.8.301-rc00 + - released/assets/rancher-istio-1.8/rancher-istio-1.8.301.tgz + version: 1.8.301 - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.29.000-rc00 + catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.29.000 catalog.cattle.io/certified: rancher catalog.cattle.io/display-name: Istio catalog.cattle.io/namespace: istio-system @@ -3256,7 +1459,7 @@ entries: catalog.cattle.io/ui-component: istio apiVersion: v1 appVersion: 1.8.3 - created: "2021-03-04T09:47:45.001169-08:00" + created: "2021-04-21T15:17:43.314487-07:00" dependencies: - condition: kiali.enabled name: kiali @@ -3266,81 +1469,15 @@ entries: repository: file://./charts/tracing description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ for details. - digest: fae8a77f05769320ce080c28656d5340be16b2fc1997702b444735623e8414c8 + digest: 3b5fdc7d06c6a3878c47030ff2a9e23ef1ab68ceddcb9fd7290f4e3ef3c99cb0 icon: https://charts.rancher.io/assets/logos/istio.svg keywords: - networking - infrastructure name: rancher-istio urls: - - released/assets/rancher-istio/rancher-istio-1.8.300-rc01.tgz - version: 1.8.300-rc01 - - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.29.000-rc00 - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Istio - catalog.cattle.io/namespace: istio-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1 - catalog.cattle.io/release-name: rancher-istio - catalog.cattle.io/requests-cpu: 710m - catalog.cattle.io/requests-memory: 2314Mi - catalog.cattle.io/ui-component: istio - apiVersion: v1 - appVersion: 1.8.3 - created: "2021-03-04T09:47:44.998358-08:00" - dependencies: - - condition: kiali.enabled - name: kiali - repository: file://./charts/kiali - - condition: tracing.enabled - name: tracing - repository: file://./charts/tracing - description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ - for details. - digest: e91424e345f8a654658f3f6a2f513aced8b3d65d86b4cda93fe5b4f7e3dbaabe - icon: https://charts.rancher.io/assets/logos/istio.svg - keywords: - - networking - - infrastructure - name: rancher-istio - urls: - - released/assets/rancher-istio/rancher-istio-1.8.300-rc00.tgz - version: 1.8.300-rc00 - - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.24.003 - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Istio - catalog.cattle.io/namespace: istio-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1 - catalog.cattle.io/release-name: rancher-istio - catalog.cattle.io/ui-component: istio - apiVersion: v1 - appVersion: 1.7.6 - created: "2021-01-15T00:11:30.48261-08:00" - dependencies: - - alias: kiali - condition: kiali.enabled - name: rancher-kiali-server - repository: file://../../rancher-kiali-server/charts - version: 1.24.0 - - alias: tracing - condition: tracing.enabled - name: rancher-tracing - repository: file://../../rancher-tracing/charts - version: 1.20.001 - description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ - for details. - digest: a3a4d39833cb8065099654aac034c344f531c5b0b164a0d1c96bea541d72e5bf - icon: https://charts.rancher.io/assets/logos/istio.svg - keywords: - - networking - - infrastructure - name: rancher-istio - urls: - - released/assets/rancher-istio/rancher-istio-1.7.600.tgz - version: 1.7.600 + - released/assets/rancher-istio/rancher-istio-1.8.300.tgz + version: 1.8.300 - annotations: catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.24.003 catalog.cattle.io/certified: rancher @@ -3352,7 +1489,7 @@ entries: catalog.cattle.io/ui-component: istio apiVersion: v1 appVersion: 1.7.3 - created: "2021-01-15T00:11:30.481016-08:00" + created: "2021-04-21T15:17:43.31218-07:00" dependencies: - alias: kiali condition: kiali.enabled @@ -3366,7 +1503,7 @@ entries: version: 1.20.001 description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ for details. - digest: 3f32923202198fc41c607b179d194d4b579d790246e0959bf41b82a407bf1786 + digest: ff28763d01f5b7b366ea0373bd052bbe579f17c009955c88e7cbb5eb66802e84 icon: https://charts.rancher.io/assets/logos/istio.svg keywords: - networking @@ -3386,7 +1523,7 @@ entries: catalog.cattle.io/ui-component: istio apiVersion: v1 appVersion: 1.7.3 - created: "2021-01-15T00:11:30.479382-08:00" + created: "2021-04-21T15:17:43.310569-07:00" dependencies: - alias: kiali condition: kiali.enabled @@ -3395,7 +1532,7 @@ entries: version: 1.24.0 description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ for details. - digest: 723e0ffa6ab03dde307bcb2848095b91f49d33eae05a4b29c26fe3e4066fc30c + digest: 1e4a14509830e72f8a3d10d6d3ffaf72683dc0243e2cd9d067934844163f9f80 icon: https://charts.rancher.io/assets/logos/istio.svg keywords: - networking @@ -3404,35 +1541,6 @@ entries: urls: - released/assets/rancher-istio/rancher-istio-1.7.300.tgz version: 1.7.300 - - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.23.002 - catalog.cattle.io/certified: rancher - catalog.cattle.io/namespace: istio-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1 - catalog.cattle.io/release-name: rancher-istio - catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/ui-component: istio - apiVersion: v1 - appVersion: 1.7.1 - created: "2021-01-15T00:11:30.478046-08:00" - dependencies: - - alias: kiali - condition: kiali.enabled - name: rancher-kiali-server - repository: file://../../rancher-kiali-server/charts - version: 1.23.0 - description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ - for details. - digest: 2aa1870dabf3548c4ef52dde4515ca6b1478d75e052b8154555c43931829250b - icon: https://charts.rancher.io/assets/logos/istio.svg - keywords: - - networking - - infrastructure - name: rancher-istio - urls: - - released/assets/rancher-istio/rancher-istio-1.7.101.tgz - version: 1.7.101 - annotations: catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.23.001 catalog.cattle.io/certified: rancher @@ -3444,7 +1552,7 @@ entries: catalog.cattle.io/ui-component: istio apiVersion: v1 appVersion: 1.7.1 - created: "2021-01-15T00:11:30.476142-08:00" + created: "2021-04-21T15:17:43.308891-07:00" dependencies: - alias: kiali condition: kiali.enabled @@ -3453,7 +1561,7 @@ entries: version: 1.23.0 description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ for details. - digest: a6a23976155b1c3375406c00b49c354238aa6b837f3b19bbf360279cef59f9ef + digest: 3a7a84aa165a472cf346a4d595ff84ac8190d7f050409b65f2a7168c8307ef28 icon: https://charts.rancher.io/assets/logos/istio.svg keywords: - networking @@ -3473,11 +1581,11 @@ entries: catalog.rancher.io/release-name: rancher-kiali-server apiVersion: v2 appVersion: v1.32.0 - created: "2021-04-12T16:14:26.995657395Z" + created: "2021-04-21T15:17:43.328384-07:00" description: Kiali is an open source project for service mesh observability, refer to https://www.kiali.io for details. This is installed as sub-chart with customized values in Rancher's Istio. - digest: 5c936508b33a984898c6c3d791625b4bb8cbab94326cae669c815965be8ee74c + digest: c02e1152206293d5743a3e86f2dd39a60e7073c3352dc3caa56b0a35cb9cf56e home: https://github.com/kiali/kiali icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png keywords: @@ -3496,8 +1604,8 @@ entries: - https://github.com/kiali/kiali-operator - https://github.com/kiali/helm-charts urls: - - assets/rancher-kiali-server/rancher-kiali-server-1.32.100-rc01.tgz - version: 1.32.100-rc01 + - released/assets/rancher-kiali-server/rancher-kiali-server-1.32.100.tgz + version: 1.32.100 - annotations: catalog.cattle.io/auto-install: rancher-kiali-server-crd=match catalog.cattle.io/hidden: "true" @@ -3508,11 +1616,11 @@ entries: catalog.rancher.io/release-name: rancher-kiali-server apiVersion: v2 appVersion: v1.29.0 - created: "2021-04-08T21:20:12.91127232Z" + created: "2021-04-21T15:17:43.327569-07:00" description: Kiali is an open source project for service mesh observability, refer to https://www.kiali.io for details. This is installed as sub-chart with customized values in Rancher's Istio. - digest: bf98263f3c467b94c57687a26e7de82a06835ba45680231a531d6f05ae0c39fd + digest: 668221244b6cfd762b15d7d67922bde5096585deff1c3a466ed07b7bfa750a70 home: https://github.com/kiali/kiali icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png keywords: @@ -3531,8 +1639,8 @@ entries: - https://github.com/kiali/kiali-operator - https://github.com/kiali/helm-charts urls: - - assets/rancher-kiali-server/rancher-kiali-server-1.29.100-rc01.tgz - version: 1.29.100-rc01 + - released/assets/rancher-kiali-server/rancher-kiali-server-1.29.100.tgz + version: 1.29.100 - annotations: catalog.cattle.io/auto-install: rancher-kiali-server-crd=match catalog.cattle.io/hidden: "true" @@ -3543,11 +1651,11 @@ entries: catalog.rancher.io/release-name: rancher-kiali-server apiVersion: v2 appVersion: v1.29.0 - created: "2021-03-04T09:47:45.002771-08:00" + created: "2021-04-21T15:17:43.326703-07:00" description: Kiali is an open source project for service mesh observability, refer to https://www.kiali.io for details. This is installed as sub-chart with customized values in Rancher's Istio. - digest: a3f8ceb754dba642cbd5fe638858e7ed18c56b2befc6284107cae9fc1a58dd1d + digest: 8cecd60c2fa1ae2dea0c4d3672b7ca73152835bfeb93906113ca4d05c02e9587 home: https://github.com/kiali/kiali icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png keywords: @@ -3566,43 +1674,8 @@ entries: - https://github.com/kiali/kiali-operator - https://github.com/kiali/helm-charts urls: - - released/assets/rancher-kiali-server/rancher-kiali-server-1.29.000-rc01.tgz - version: 1.29.000-rc01 - - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=match - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 - catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 - catalog.rancher.io/namespace: cattle-istio-system - catalog.rancher.io/release-name: rancher-kiali-server - apiVersion: v2 - appVersion: v1.29.0 - created: "2021-03-04T09:47:45.00196-08:00" - description: Kiali is an open source project for service mesh observability, refer - to https://www.kiali.io for details. This is installed as sub-chart with customized - values in Rancher's Istio. - digest: 280bd0454a03a112e544ecacd5a06b793a627198fa06cf6a6fcea261fc6d9f4c - home: https://github.com/kiali/kiali - icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png - keywords: - - istio - - kiali - - networking - - infrastructure - maintainers: - - email: kiali-users@googlegroups.com - name: Kiali - url: https://kiali.io - name: rancher-kiali-server - sources: - - https://github.com/kiali/kiali - - https://github.com/kiali/kiali-ui - - https://github.com/kiali/kiali-operator - - https://github.com/kiali/helm-charts - urls: - - released/assets/rancher-kiali-server/rancher-kiali-server-1.29.000-rc00.tgz - version: 1.29.000-rc00 + - released/assets/rancher-kiali-server/rancher-kiali-server-1.29.000.tgz + version: 1.29.000 - annotations: catalog.cattle.io/auto-install: rancher-kiali-server-crd=match catalog.cattle.io/hidden: "true" @@ -3613,11 +1686,11 @@ entries: catalog.rancher.io/release-name: rancher-kiali-server apiVersion: v2 appVersion: v1.24.0 - created: "2021-01-15T00:11:30.487114-08:00" + created: "2021-04-21T15:17:43.325923-07:00" description: Kiali is an open source project for service mesh observability, refer to https://www.kiali.io for details. This is installed as sub-chart with customized values in Rancher's Istio. - digest: c8a46b8e964f50e93e4add0c0192743339355950862f49b0d2b0131c9c2acd88 + digest: 2b702639bc1b563fa3e9e0cdb5fff1ca4de696860566f1c863c04fb7ebc06038 home: https://github.com/kiali/kiali icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png keywords: @@ -3648,46 +1721,11 @@ entries: catalog.rancher.io/release-name: rancher-kiali-server apiVersion: v2 appVersion: v1.24.0 - created: "2021-01-15T00:11:30.48568-08:00" + created: "2021-04-21T15:17:43.32517-07:00" description: Kiali is an open source project for service mesh observability, refer to https://www.kiali.io for details. This is installed as sub-chart with customized values in Rancher's Istio. - digest: be2dd749ebeac4690827fdfac5b986d35ca3e9f9d1e9536ab093bb83da17d130 - home: https://github.com/kiali/kiali - icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png - keywords: - - istio - - kiali - - networking - - infrastructure - maintainers: - - email: kiali-users@googlegroups.com - name: Kiali - url: https://kiali.io - name: rancher-kiali-server - sources: - - https://github.com/kiali/kiali - - https://github.com/kiali/kiali-ui - - https://github.com/kiali/kiali-operator - - https://github.com/kiali/helm-charts - urls: - - released/assets/rancher-kiali-server/rancher-kiali-server-1.24.002.tgz - version: 1.24.002 - - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=match - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 - catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 - catalog.rancher.io/namespace: cattle-istio-system - catalog.rancher.io/release-name: rancher-kiali-server - apiVersion: v2 - appVersion: v1.24.0 - created: "2021-01-15T00:11:30.484905-08:00" - description: Kiali is an open source project for service mesh observability, refer - to https://www.kiali.io for details. This is installed as sub-chart with customized - values in Rancher's Istio. - digest: 5908c10ba62b92ba0f703ce91c2d0442f8e707622cdd7401cadf7cbbe523eb75 + digest: a86791daaf668b0f67db337a9f37f13d4a836d9bd689401ba2ef8f6e83d9a6a3 home: https://github.com/kiali/kiali icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png keywords: @@ -3718,46 +1756,11 @@ entries: catalog.rancher.io/release-name: rancher-kiali-server apiVersion: v2 appVersion: v1.23.0 - created: "2021-01-15T00:11:30.48414-08:00" + created: "2021-04-21T15:17:43.324387-07:00" description: Kiali is an open source project for service mesh observability, refer to https://www.kiali.io for details. This is installed as sub-chart with customized values in Rancher's Istio. - digest: 57b9db10136f85d6ca7325e69d6d62ae256293620c2654d5478609e1d78da472 - home: https://github.com/kiali/kiali - icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png - keywords: - - istio - - kiali - - networking - - infrastructure - maintainers: - - email: kiali-users@googlegroups.com - name: Kiali - url: https://kiali.io - name: rancher-kiali-server - sources: - - https://github.com/kiali/kiali - - https://github.com/kiali/kiali-ui - - https://github.com/kiali/kiali-operator - - https://github.com/kiali/helm-charts - urls: - - released/assets/rancher-kiali-server/rancher-kiali-server-1.23.002.tgz - version: 1.23.002 - - annotations: - catalog.cattle.io/auto-install: rancher-kiali-server-crd=match - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 - catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 - catalog.rancher.io/namespace: cattle-istio-system - catalog.rancher.io/release-name: rancher-kiali-server - apiVersion: v2 - appVersion: v1.23.0 - created: "2021-01-15T00:11:30.483373-08:00" - description: Kiali is an open source project for service mesh observability, refer - to https://www.kiali.io for details. This is installed as sub-chart with customized - values in Rancher's Istio. - digest: 369f3f444dc357b6f3e574daf63103d556757ee30c9413fa0c1588f1432d899d + digest: 0aea4d28b274a7c2549f675c2a3fc1be165ef4acd72676a18ed5f92f1e7a2b1a home: https://github.com/kiali/kiali icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png keywords: @@ -3782,53 +1785,42 @@ entries: - annotations: catalog.cattle.io/hidden: "true" apiVersion: v2 - created: "2021-04-12T16:14:26.996135201Z" + created: "2021-04-21T15:17:43.329261-07:00" description: Installs the CRDs for rancher-kiali-server. - digest: 79fc00840cdd10b61ae09a3e964d915b10366f1f016fd02919a875469e3e6d0e + digest: 83ca0f23b43db63b7610d28d89098a78a9e6f8fea5748fd3dfec45d109f6d815 name: rancher-kiali-server-crd type: application urls: - - assets/rancher-kiali-server/rancher-kiali-server-crd-1.32.100-rc01.tgz - version: 1.32.100-rc01 + - released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.32.100.tgz + version: 1.32.100 - annotations: catalog.cattle.io/hidden: "true" apiVersion: v2 - created: "2021-04-09T23:52:20.300629849Z" + created: "2021-04-21T15:17:43.329104-07:00" description: Installs the CRDs for rancher-kiali-server. - digest: fca33d9256cbede5244784e9f8cf2d6b4ed3556b5cc59ed3178171887560826e + digest: 3ebe1e885b239795575270dbd4073408b43fb9158ad04f02937114e5b7ab75c6 name: rancher-kiali-server-crd type: application urls: - - assets/rancher-kiali-server/rancher-kiali-server-crd-1.29.100-rc01.tgz - version: 1.29.100-rc01 + - released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.29.100.tgz + version: 1.29.100 - annotations: catalog.cattle.io/hidden: "true" apiVersion: v2 - created: "2021-03-04T09:47:45.003061-08:00" + created: "2021-04-21T15:17:43.328957-07:00" description: Installs the CRDs for rancher-kiali-server. - digest: ebe2573bff65881bb5ac4442c1eb88648c942f9bb2340d6c409ac74d467f96b1 + digest: 4ddd8248707294cb91fdd1c2fd9994417bf265b7f649312e82a4f1a86b60e9b6 name: rancher-kiali-server-crd type: application urls: - - released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.29.000-rc01.tgz - version: 1.29.000-rc01 + - released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.29.000.tgz + version: 1.29.000 - annotations: catalog.cattle.io/hidden: "true" apiVersion: v2 - created: "2021-03-04T09:47:45.002922-08:00" + created: "2021-04-21T15:17:43.328822-07:00" description: Installs the CRDs for rancher-kiali-server. - digest: 07d01d30e02215be110edd55afa1a9e52b3de9592b24151f6450d5f17139e81c - name: rancher-kiali-server-crd - type: application - urls: - - released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.29.000-rc00.tgz - version: 1.29.000-rc00 - - annotations: - catalog.cattle.io/hidden: "true" - apiVersion: v2 - created: "2021-01-15T00:11:30.487854-08:00" - description: Installs the CRDs for rancher-kiali-server. - digest: 01aafd54277c2c010d382a92177391abe11c894ac5cdac331699518ba5616a0d + digest: c8635521da746674695c7833a5509ee92c615adabd47e511e1dd7c2617a4bf7b name: rancher-kiali-server-crd type: application urls: @@ -3837,20 +1829,9 @@ entries: - annotations: catalog.cattle.io/hidden: "true" apiVersion: v2 - created: "2021-01-15T00:11:30.487714-08:00" + created: "2021-04-21T15:17:43.328683-07:00" description: Installs the CRDs for rancher-kiali-server. - digest: d22c5d81a57cf38e56db65a9809167b16688cff39c226f209a8f8c2b616267cd - name: rancher-kiali-server-crd - type: application - urls: - - released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.24.002.tgz - version: 1.24.002 - - annotations: - catalog.cattle.io/hidden: "true" - apiVersion: v2 - created: "2021-01-15T00:11:30.487574-08:00" - description: Installs the CRDs for rancher-kiali-server. - digest: d142e5634dafacd4ade2d93460b2926577ff87e4ba4a1100c1f280e22b8100fd + digest: bd55c5af7c26744e91922c6a9463c10e52ba65ddf0cf148107461f2983a71223 name: rancher-kiali-server-crd type: application urls: @@ -3859,20 +1840,9 @@ entries: - annotations: catalog.cattle.io/hidden: "true" apiVersion: v2 - created: "2021-01-15T00:11:30.487426-08:00" + created: "2021-04-21T15:17:43.328539-07:00" description: Installs the CRDs for rancher-kiali-server. - digest: 2100f0710b74ff80aafb679d626c44033ac77dbc9a050a56f3bb07ad35ac9cb3 - name: rancher-kiali-server-crd - type: application - urls: - - released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.23.002.tgz - version: 1.23.002 - - annotations: - catalog.cattle.io/hidden: "true" - apiVersion: v2 - created: "2021-01-15T00:11:30.487274-08:00" - description: Installs the CRDs for rancher-kiali-server. - digest: e78efc9f5d5e5943b851678c563f445128927c4d5608d40ec233944baeee1bf6 + digest: 5d5ebb3498ac0b64cf1a73d743b0f3f45fd40c0a9ee3b26d94ae60176e523574 name: rancher-kiali-server-crd type: application urls: @@ -3887,9 +1857,9 @@ entries: catalog.rancher.io/release-name: rancher-kube-state-metrics apiVersion: v1 appVersion: 1.9.8 - created: "2021-04-07T19:45:48.13399446Z" + created: "2021-04-21T15:17:43.330146-07:00" description: Install kube-state-metrics to generate and expose cluster-level metrics - digest: d52d15d957bd8add7a1637511b74ebbac7d30104b903f655ba996d703eb6fc37 + digest: 49cee3cb6cf6e09924801f1a44dfb2a1d8e3f8bcac95b7c4e796211c2d41e41e home: https://github.com/kubernetes/kube-state-metrics/ keywords: - metric @@ -3905,8 +1875,8 @@ entries: sources: - https://github.com/kubernetes/kube-state-metrics/ urls: - - assets/rancher-kube-state-metrics/rancher-kube-state-metrics-2.13.101-rc00.tgz - version: 2.13.101-rc00 + - released/assets/rancher-kube-state-metrics/rancher-kube-state-metrics-2.13.101.tgz + version: 2.13.101 rancher-logging: - annotations: catalog.cattle.io/auto-install: rancher-logging-crd=match @@ -3918,10 +1888,10 @@ entries: catalog.cattle.io/ui-component: logging apiVersion: v1 appVersion: 3.9.4 - created: "2021-04-16T20:03:49.193802604Z" + created: "2021-04-21T15:17:43.336208-07:00" description: Collects and filter logs using highly configurable CRDs. Powered by Banzai Cloud Logging Operator. - digest: ab0fecb24b3b53694f21ddc81f52e7eb7b6ed8d7a12dda99969ce93b847a4115 + digest: 5c6bdf00cc42d58875172344fd141bbfa21917e1ef4d5efad80979d33ffde169 icon: https://charts.rancher.io/assets/logos/logging.svg keywords: - logging @@ -3929,100 +1899,8 @@ entries: - security name: rancher-logging urls: - - assets/rancher-logging/rancher-logging-3.9.400-rc04.tgz - version: 3.9.400-rc04 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.9.4 - created: "2021-04-12T18:41:37.101699289Z" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: e2149c7fa4a8612e80840aed76e33cfebd0170316b7c050a0cc7cf1ab18acff7 - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - assets/rancher-logging/rancher-logging-3.9.400-rc03.tgz - version: 3.9.400-rc03 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.9.4 - created: "2021-04-06T01:21:46.069869939Z" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: f4714a3b0503729d9b5e4cda0ebe9efd48dd2d8e23afd1b6cb2365e65dc9c3dd - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - assets/rancher-logging/rancher-logging-3.9.400-rc02.tgz - version: 3.9.400-rc02 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.9.4 - created: "2021-04-05T22:44:50.101273899Z" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: 30d4923f39a8aa6ace97de46f493bccd7eec8237d6dbdb7aec8068040d8c92e3 - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - assets/rancher-logging/rancher-logging-3.9.400-rc01.tgz - version: 3.9.400-rc01 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.9.4 - created: "2021-04-05T21:37:25.589334866Z" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: 4ea5580c3e30c9a1243ebcf5461ea1e7ea8d75967539d5f26d46a5b65eaffb0c - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - assets/rancher-logging/rancher-logging-3.9.400-rc00.tgz - version: 3.9.400-rc00 + - released/assets/rancher-logging/rancher-logging-3.9.400.tgz + version: 3.9.400 - annotations: catalog.cattle.io/auto-install: rancher-logging-crd=match catalog.cattle.io/certified: rancher @@ -4034,10 +1912,10 @@ entries: catalog.cattle.io/ui-component: logging apiVersion: v1 appVersion: 3.9.0 - created: "2021-04-02T17:23:23.032662482Z" + created: "2021-04-21T15:17:43.335339-07:00" description: Collects and filter logs using highly configurable CRDs. Powered by Banzai Cloud Logging Operator. - digest: 2dcaa4a7e544526058314d32ce5c63daab046205e760ba6dba2541ccc6028f63 + digest: c5d6f72e600a1710cc3330195604ab4e0bea2d51eaadf4885c63d529842b91ce icon: https://charts.rancher.io/assets/logos/logging.svg keywords: - logging @@ -4045,8 +1923,8 @@ entries: - security name: rancher-logging urls: - - assets/rancher-logging/rancher-logging-3.9.002-rc03.tgz - version: 3.9.002-rc03 + - released/assets/rancher-logging/rancher-logging-3.9.002.tgz + version: 3.9.002 - annotations: catalog.cattle.io/auto-install: rancher-logging-crd=match catalog.cattle.io/certified: rancher @@ -4058,10 +1936,10 @@ entries: catalog.cattle.io/ui-component: logging apiVersion: v1 appVersion: 3.9.0 - created: "2021-04-01T20:22:18.03796638Z" + created: "2021-04-21T15:17:43.334524-07:00" description: Collects and filter logs using highly configurable CRDs. Powered by Banzai Cloud Logging Operator. - digest: e8f5837404d3c24d8396b0676f21b100d9f2fde1f1c501786b330648986e9d1c + digest: 46f4617b0020c4cddcd6a0c3a8f39ac2ff56eebec0b4b4c13b4821bfb1ff411c icon: https://charts.rancher.io/assets/logos/logging.svg keywords: - logging @@ -4069,8 +1947,8 @@ entries: - security name: rancher-logging urls: - - assets/rancher-logging/rancher-logging-3.9.002-rc02.tgz - version: 3.9.002-rc02 + - released/assets/rancher-logging/rancher-logging-3.9.001.tgz + version: 3.9.001 - annotations: catalog.cattle.io/auto-install: rancher-logging-crd=match catalog.cattle.io/certified: rancher @@ -4082,10 +1960,10 @@ entries: catalog.cattle.io/ui-component: logging apiVersion: v1 appVersion: 3.9.0 - created: "2021-03-15T19:33:50.86544465Z" + created: "2021-04-21T15:17:43.333757-07:00" description: Collects and filter logs using highly configurable CRDs. Powered by Banzai Cloud Logging Operator. - digest: 3d9759eb846b9e8891bc40e1fc6b6fa9f6f998fc66f8a6736f0255f685cc64f8 + digest: b6b5e0c627f5594033b3558ff1f2d9c01b1f504a53cbc91b4e75d443ef81a784 icon: https://charts.rancher.io/assets/logos/logging.svg keywords: - logging @@ -4093,248 +1971,8 @@ entries: - security name: rancher-logging urls: - - assets/rancher-logging/rancher-logging-3.9.002-rc01.tgz - version: 3.9.002-rc01 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.9.0 - created: "2021-03-12T17:14:00.950736124Z" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: d59d5206ab61e47dcf2ebf20dd72c5bb7dc01e21961aad70df7199a61b510998 - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - assets/rancher-logging/rancher-logging-3.9.001-rc08.tgz - version: 3.9.001-rc08 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.9.0 - created: "2021-03-04T09:47:45.011144-08:00" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: e5b5de6aaea6c3a4f3fd60b6045beafdd3e3db3a72278410110faadb8c6e9fd5 - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - released/assets/rancher-logging/rancher-logging-3.9.000-rc08.tgz - version: 3.9.000-rc08 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.9.0 - created: "2021-03-04T09:47:45.010348-08:00" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: 7e1d1f0e60e7695db920d8960ae4f50f12b2763584c7ae03c5cbf27248490c24 - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - released/assets/rancher-logging/rancher-logging-3.9.000-rc07.tgz - version: 3.9.000-rc07 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.9.0 - created: "2021-03-04T09:47:45.009554-08:00" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: 90596ebd741c5bd712796d8dd07954663e76e41adad3c8f5177176414d355492 - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - released/assets/rancher-logging/rancher-logging-3.9.000-rc06.tgz - version: 3.9.000-rc06 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.9.0 - created: "2021-03-04T09:47:45.008754-08:00" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: 261ac9ff48b610df1c610904cb7ff999a619fdcb23620cf90c094adb0e0a1f2e - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - released/assets/rancher-logging/rancher-logging-3.9.000-rc05.tgz - version: 3.9.000-rc05 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.9.0 - created: "2021-03-04T09:47:45.0078-08:00" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: 0e2f0b1f53b4e81488ffdd41bb68693e332bf7eaf29488b310f5b7368858c603 - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - released/assets/rancher-logging/rancher-logging-3.9.000-rc04.tgz - version: 3.9.000-rc04 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.9.0 - created: "2021-03-04T09:47:45.006305-08:00" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: 7f35d0af785c25d20003daf0d0b78a2e72e5b6a9f5e727757ee753c84260ba78 - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - released/assets/rancher-logging/rancher-logging-3.9.000-rc03.tgz - version: 3.9.000-rc03 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.9.0 - created: "2021-03-04T09:47:45.005471-08:00" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: 9654d484b60c1aa9f999791a83ddc5068ec69b0e3becd61b4198e243be7957af - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - released/assets/rancher-logging/rancher-logging-3.9.000-rc02.tgz - version: 3.9.000-rc02 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.9.0 - created: "2021-03-04T09:47:45.004669-08:00" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: 460e6154256f66ea1e91d41a16195aa5c5c16123bf9b3895c2186a8ec69b80f5 - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - released/assets/rancher-logging/rancher-logging-3.9.000-rc01.tgz - version: 3.9.000-rc01 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.9.0 - created: "2021-03-04T09:47:45.00384-08:00" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: 8950865836a669a9190792174befffb50ed1bf9b41be2831d63624ff385cf0f7 - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - released/assets/rancher-logging/rancher-logging-3.9.000-rc00.tgz - version: 3.9.000-rc00 + - released/assets/rancher-logging/rancher-logging-3.9.000.tgz + version: 3.9.000 - annotations: catalog.cattle.io/auto-install: rancher-logging-crd=match catalog.cattle.io/certified: rancher @@ -4346,10 +1984,10 @@ entries: catalog.cattle.io/ui-component: logging apiVersion: v1 appVersion: 3.8.2 - created: "2021-01-15T00:11:30.4918-08:00" + created: "2021-04-21T15:17:43.332942-07:00" description: Collects and filter logs using highly configurable CRDs. Powered by Banzai Cloud Logging Operator. - digest: a27ce10fdf883d5378255e99eddd7a7d5a3a9f6a9b00208ea182d27b98124932 + digest: 7ec4dfb2441832d22651e9263f4bbdcda9e1f064b9e32c70d0fb7c4f6641331a icon: https://charts.rancher.io/assets/logos/logging.svg keywords: - logging @@ -4359,54 +1997,6 @@ entries: urls: - released/assets/rancher-logging/rancher-logging-3.8.201.tgz version: 3.8.201 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.8.0 - created: "2021-01-15T00:11:30.491025-08:00" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: c643abc8d8fa9a6e86de5aa7f31de1aa427cbc1dbe12854696126f264ab45c5f - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - released/assets/rancher-logging/rancher-logging-3.8.001.tgz - version: 3.8.001 - - annotations: - catalog.cattle.io/auto-install: rancher-logging-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Logging - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/ui-component: logging - apiVersion: v1 - appVersion: 3.7.3 - created: "2021-01-15T00:11:30.490244-08:00" - description: Collects and filter logs using highly configurable CRDs. Powered - by Banzai Cloud Logging Operator. - digest: 825b35e6c8d6e5cb58cc27a83057dcf4b941c1cf9f1685ba8de9a581c50167b4 - icon: https://charts.rancher.io/assets/logos/logging.svg - keywords: - - logging - - monitoring - - security - name: rancher-logging - urls: - - released/assets/rancher-logging/rancher-logging-3.7.301.tgz - version: 3.7.301 - annotations: catalog.cattle.io/auto-install: rancher-logging-crd=match catalog.cattle.io/certified: rancher @@ -4418,10 +2008,10 @@ entries: catalog.cattle.io/ui-component: logging apiVersion: v1 appVersion: 3.6.0 - created: "2021-01-15T00:11:30.489493-08:00" + created: "2021-04-21T15:17:43.332199-07:00" description: Collects and filter logs using highly configurable CRDs. Powered by Banzai Cloud Logging Operator. - digest: d759335422822364d842d5b3320eb5984df94ed0aad16e4d33e52c193fa82a7d + digest: a89b3a4327484343c59a88949479c106e40b2587df194e18910cf83099291aa6 icon: https://charts.rancher.io/assets/logos/logging.svg keywords: - logging @@ -4441,10 +2031,10 @@ entries: catalog.cattle.io/ui-component: logging apiVersion: v1 appVersion: 3.6.0 - created: "2021-01-15T00:11:30.488715-08:00" + created: "2021-04-21T15:17:43.331446-07:00" description: Collects and filter logs using highly configurable CRDs. Powered by Banzai Cloud Logging Operator. - digest: 8b20ad589d1cf3e21b0235db0e93d6556aea4b94649a37f97544c65f55839ad2 + digest: 3f3cd871fe5c6708b3fcdcd7a9f6e87ee41eb8f5505bdaed3f01791ac2bf7faf icon: https://charts.rancher.io/assets/logos/logging.svg keywords: - logging @@ -4461,261 +2051,65 @@ entries: catalog.cattle.io/namespace: cattle-logging-system catalog.cattle.io/release-name: rancher-logging-crd apiVersion: v1 - created: "2021-04-16T20:03:49.214426724Z" + created: "2021-04-21T15:17:43.345691-07:00" description: Installs the CRDs for rancher-logging. - digest: 2394c454671389d697576f38532cde477f1f2409c3000245da02a68616d45c84 + digest: b73e869013770d0f462ac77e70b01d403779ad34de300384e0aca6b0ef644025 name: rancher-logging-crd type: application urls: - - assets/rancher-logging/rancher-logging-crd-3.9.400-rc04.tgz - version: 3.9.400-rc04 + - released/assets/rancher-logging/rancher-logging-crd-3.9.400.tgz + version: 3.9.400 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" catalog.cattle.io/namespace: cattle-logging-system catalog.cattle.io/release-name: rancher-logging-crd apiVersion: v1 - created: "2021-04-12T18:41:37.122146522Z" + created: "2021-04-21T15:17:43.343612-07:00" description: Installs the CRDs for rancher-logging. - digest: b184b7cd339799440349dec93f8068fb54af108b386c462032ea2a23f3ea6eb6 + digest: b8f7abc9fc43fbb262a581e6f55a174ff6d4da0ed0896e50cb3be64f5819e04f name: rancher-logging-crd type: application urls: - - assets/rancher-logging/rancher-logging-crd-3.9.400-rc03.tgz - version: 3.9.400-rc03 + - released/assets/rancher-logging/rancher-logging-crd-3.9.002.tgz + version: 3.9.002 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" catalog.cattle.io/namespace: cattle-logging-system catalog.cattle.io/release-name: rancher-logging-crd apiVersion: v1 - created: "2021-04-06T01:21:46.085881781Z" + created: "2021-04-21T15:17:43.342527-07:00" description: Installs the CRDs for rancher-logging. - digest: 51b7a28f0e9b297141bba104d0ca6c9766908e8d11bbcd6b829b894057bff970 + digest: b3d48c89d1f1d4b31e867388148bae2c96c398c9315c5f14fd5b6fc3000e0802 name: rancher-logging-crd type: application urls: - - assets/rancher-logging/rancher-logging-crd-3.9.400-rc02.tgz - version: 3.9.400-rc02 + - released/assets/rancher-logging/rancher-logging-crd-3.9.001.tgz + version: 3.9.001 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" catalog.cattle.io/namespace: cattle-logging-system catalog.cattle.io/release-name: rancher-logging-crd apiVersion: v1 - created: "2021-04-05T22:44:50.116160346Z" + created: "2021-04-21T15:17:43.34153-07:00" description: Installs the CRDs for rancher-logging. - digest: 05bcc4fdcf49baf692f5cda021e0482c11392c88adff434087142a14f2af780d + digest: 2ab6fc36daf86c405b536970d9ed4dcb68f84ac93df7ac3811dd123ba82448bd name: rancher-logging-crd type: application urls: - - assets/rancher-logging/rancher-logging-crd-3.9.400-rc01.tgz - version: 3.9.400-rc01 + - released/assets/rancher-logging/rancher-logging-crd-3.9.000.tgz + version: 3.9.000 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" catalog.cattle.io/namespace: cattle-logging-system catalog.cattle.io/release-name: rancher-logging-crd apiVersion: v1 - created: "2021-04-05T21:37:25.600140939Z" + created: "2021-04-21T15:17:43.339785-07:00" description: Installs the CRDs for rancher-logging. - digest: c05caeebb83f8b92a359a4824a5d0b4432060db03f3aef065536d527cac0963d - name: rancher-logging-crd - type: application - urls: - - assets/rancher-logging/rancher-logging-crd-3.9.400-rc00.tgz - version: 3.9.400-rc00 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-04-02T17:23:23.043909832Z" - description: Installs the CRDs for rancher-logging. - digest: 79a92ba93a3e12ab21904a2fbac1af5e02bb383bb0d0870098823ca3a3906d48 - name: rancher-logging-crd - type: application - urls: - - assets/rancher-logging/rancher-logging-crd-3.9.002-rc03.tgz - version: 3.9.002-rc03 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-04-01T20:22:18.045909344Z" - description: Installs the CRDs for rancher-logging. - digest: 07a532d77f5dd9659b180a0be6e69d4503a0604be096d60f71f9df3d0d9061fe - name: rancher-logging-crd - type: application - urls: - - assets/rancher-logging/rancher-logging-crd-3.9.002-rc02.tgz - version: 3.9.002-rc02 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-03-15T19:33:50.871226689Z" - description: Installs the CRDs for rancher-logging. - digest: 458d13cf6ad6f90488dc73a6a96744e8a7b32b15cef8d01647b8eb9e848127d7 - name: rancher-logging-crd - type: application - urls: - - assets/rancher-logging/rancher-logging-crd-3.9.002-rc01.tgz - version: 3.9.002-rc01 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-03-12T17:14:00.954344407Z" - description: Installs the CRDs for rancher-logging. - digest: 41510a9536773fea4e55775d5952bac7244b2980c49def8fbaf87d40e2455e30 - name: rancher-logging-crd - type: application - urls: - - assets/rancher-logging/rancher-logging-crd-3.9.001-rc08.tgz - version: 3.9.001-rc08 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-03-04T09:47:45.024289-08:00" - description: Installs the CRDs for rancher-logging. - digest: 352a9b536b5ba239f601ab34c1eff9d270d94f7f56f56f954dd1373f51345729 - name: rancher-logging-crd - type: application - urls: - - released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc08.tgz - version: 3.9.000-rc08 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-03-04T09:47:45.022557-08:00" - description: Installs the CRDs for rancher-logging. - digest: 1e60f77e39411099e3014c8b7549d14597c0d46c0d57389c9208c90e38c23608 - name: rancher-logging-crd - type: application - urls: - - released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc07.tgz - version: 3.9.000-rc07 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-03-04T09:47:45.021403-08:00" - description: Installs the CRDs for rancher-logging. - digest: c8bec736459bb23bbc1359c54181aa12671908bc67258332843b812527130441 - name: rancher-logging-crd - type: application - urls: - - released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc06.tgz - version: 3.9.000-rc06 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-03-04T09:47:45.019832-08:00" - description: Installs the CRDs for rancher-logging. - digest: b18dfb6108edf77d1611c6280fd6d781d35a3087096472ec138816d85636d098 - name: rancher-logging-crd - type: application - urls: - - released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc05.tgz - version: 3.9.000-rc05 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-03-04T09:47:45.018831-08:00" - description: Installs the CRDs for rancher-logging. - digest: 4dd87f71a05a2412fd2b4766d9ef9c7fb644f117d2dd19b7e39784b2748ff3b7 - name: rancher-logging-crd - type: application - urls: - - released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc04.tgz - version: 3.9.000-rc04 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-03-04T09:47:45.017765-08:00" - description: Installs the CRDs for rancher-logging. - digest: fed2e3420bb9e53c2324fff2c8ba0514f3fcaac55b6b92f66b4423b89101172d - name: rancher-logging-crd - type: application - urls: - - released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc03.tgz - version: 3.9.000-rc03 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-03-04T09:47:45.015616-08:00" - description: Installs the CRDs for rancher-logging. - digest: be0b8e51b55a6cf501af15dc549a5c38cf017ad3a473cea04fc020519ba7f844 - name: rancher-logging-crd - type: application - urls: - - released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc02.tgz - version: 3.9.000-rc02 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-03-04T09:47:45.014083-08:00" - description: Installs the CRDs for rancher-logging. - digest: b800deea73ac1792fba30d8d8e1bdfd1c3ab44351a4c60a765e1f2af39ca284e - name: rancher-logging-crd - type: application - urls: - - released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc01.tgz - version: 3.9.000-rc01 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-03-04T09:47:45.012692-08:00" - description: Installs the CRDs for rancher-logging. - digest: a2dc007bfb58a8725d054ab1adaaafa72b57680ae8f1e363aaa095970a27f040 - name: rancher-logging-crd - type: application - urls: - - released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc00.tgz - version: 3.9.000-rc00 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.497347-08:00" - description: Installs the CRDs for rancher-logging. - digest: 9a8baaed2f02e43b7eacb4c3cbcd6a33f84645b0d0b24f6f73867871dd41db23 + digest: 351b69ac821716e05b4648f6fe175bfc8b25fee5dc8b7088cc3b77a7d8596b76 name: rancher-logging-crd type: application urls: @@ -4727,37 +2121,9 @@ entries: catalog.cattle.io/namespace: cattle-logging-system catalog.cattle.io/release-name: rancher-logging-crd apiVersion: v1 - created: "2021-01-15T00:11:30.49633-08:00" + created: "2021-04-21T15:17:43.338692-07:00" description: Installs the CRDs for rancher-logging. - digest: 92eca9fef67bad369b311b07974a05d156546104119f6864ff9c46decb966909 - name: rancher-logging-crd - type: application - urls: - - released/assets/rancher-logging/rancher-logging-crd-3.8.001.tgz - version: 3.8.001 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.494828-08:00" - description: Installs the CRDs for rancher-logging. - digest: 7f85f6ac9eabecaa9cf6e56cd3772b0d604afccc16411b3a61c02ef437ff7c1e - name: rancher-logging-crd - type: application - urls: - - released/assets/rancher-logging/rancher-logging-crd-3.7.301.tgz - version: 3.7.301 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/release-name: rancher-logging-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.493957-08:00" - description: Installs the CRDs for rancher-logging. - digest: e75790f7d4fc054e757526a2944475a6ff427f6d7b6726ade7a0db28c7fbc986 + digest: 582846a78f045a48088f355599a0abd62c98ce62698ef7fe59ed2180f2016441 name: rancher-logging-crd type: application urls: @@ -4769,9 +2135,9 @@ entries: catalog.cattle.io/namespace: cattle-logging-system catalog.cattle.io/release-name: rancher-logging-crd apiVersion: v1 - created: "2021-01-15T00:11:30.493121-08:00" + created: "2021-04-21T15:17:43.337645-07:00" description: Installs the CRDs for rancher-logging. - digest: 4947e5272f4f4f9f227691aa35c8c1bef980fbdde725bac1c358c6fe7229932e + digest: 1c24d7465ba9a4ae3613ffad12cea6d6a60df66a9fbf4d0f2674c4efec2616f2 name: rancher-logging-crd type: application urls: @@ -4796,7 +2162,7 @@ entries: catalog.cattle.io/ui-component: monitoring apiVersion: v2 appVersion: 0.46.0 - created: "2021-04-21T21:24:45.358266102Z" + created: "2021-04-21T15:17:43.365488-07:00" dependencies: - condition: grafana.enabled name: grafana @@ -4855,7 +2221,7 @@ entries: description: Collects several related Helm charts, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: 00c5a9ad1ace7750417ed21deb6ba1dca497987d7818ad749414831da9b4420b + digest: bdef2a0dc8ea33e51c614ba9ba6f7d16dfcb30c99fa4749eed429893b1ff9727 home: https://github.com/prometheus-operator/kube-prometheus icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png keywords: @@ -4883,864 +2249,8 @@ entries: - https://github.com/prometheus-operator/kube-prometheus type: application urls: - - assets/rancher-monitoring/rancher-monitoring-14.5.100-rc08.tgz - version: 14.5.100-rc08 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v2 - appVersion: 0.46.0 - created: "2021-04-14T00:45:28.8835116Z" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - - condition: global.cattle.windows.enabled - name: windowsExporter - repository: file://./charts/windowsExporter - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: c582850ebf328511230bb5e54e67637b1a67d8f26b60e72c68798cc789ce8742 - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - kubeVersion: '>=1.16.0-0' - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-14.5.100-rc07.tgz - version: 14.5.100-rc07 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v2 - appVersion: 0.46.0 - created: "2021-04-14T00:36:29.467386958Z" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - - condition: global.cattle.windows.enabled - name: windowsExporter - repository: file://./charts/windowsExporter - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: d83eace264cab91cb4c126a2ce523e683655a536be09e7eba1cce15dd3403b43 - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - kubeVersion: '>=1.16.0-0' - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-14.5.100-rc06.tgz - version: 14.5.100-rc06 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v2 - appVersion: 0.46.0 - created: "2021-04-09T23:38:33.605775428Z" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - - condition: global.cattle.windows.enabled - name: windowsExporter - repository: file://./charts/windowsExporter - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: a2a9228357a52b8fedbb6e229547be80e4d25b500c0eb75f2f6b138ee8bf08bf - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - kubeVersion: '>=1.16.0-0' - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-14.5.100-rc05.tgz - version: 14.5.100-rc05 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v2 - appVersion: 0.46.0 - created: "2021-04-09T23:21:12.757524623Z" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - - condition: windowsExporter.enabled - name: windowsExporter - repository: file://./charts/windowsExporter - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: c312a0114ff600d20cc3ff277246a31fd03645db7185f08760555d99ac7231c2 - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - kubeVersion: '>=1.16.0-0' - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-14.5.100-rc04.tgz - version: 14.5.100-rc04 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v2 - appVersion: 0.46.0 - created: "2021-04-09T19:01:47.090654763Z" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - - condition: windowsExporter.enabled - name: windowsExporter - repository: file://./charts/windowsExporter - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: b13ae71d6e417ff96529789ea798c6c4e4cdf95111f9d21955f5cca0ba278d16 - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - kubeVersion: '>=1.16.0-0' - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-14.5.100-rc03.tgz - version: 14.5.100-rc03 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v2 - appVersion: 0.46.0 - created: "2021-04-09T18:57:12.724760925Z" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - - condition: windowsExporter.enabled - name: windowsExporter - repository: file://./charts/windowsExporter - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: 4e6ec47c084a984ae656a10fc51bbb75cb75e29544a4ff9a73bd1fe1c69b8357 - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - kubeVersion: '>=1.16.0-0' - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-14.5.100-rc02.tgz - version: 14.5.100-rc02 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v2 - appVersion: 0.46.0 - created: "2021-04-08T17:35:35.036795187Z" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - - condition: windowsExporter.enabled - name: windowsExporter - repository: file://./charts/windowsExporter - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: 0c8c9c9bfaabce4a98ddd1bdf2b5061ffa03836b6596e3412c5a790bd28be209 - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - kubeVersion: '>=1.16.0-0' - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-14.5.100-rc01.tgz - version: 14.5.100-rc01 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v2 - appVersion: 0.46.0 - created: "2021-04-07T19:45:48.197334994Z" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - - condition: windowsExporter.enabled - name: windowsExporter - repository: file://./charts/windowsExporter - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: 240add26835de08eec696d8d8a02f8ad0a6e3816abe84981ac4c4118b95503fb - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - kubeVersion: '>=1.16.0-0' - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-14.5.100-rc00.tgz - version: 14.5.100-rc00 + - released/assets/rancher-monitoring/rancher-monitoring-14.5.100.tgz + version: 14.5.100 - annotations: artifacthub.io/links: | - name: Chart Source @@ -5759,7 +2269,7 @@ entries: catalog.cattle.io/ui-component: monitoring apiVersion: v1 appVersion: 0.38.1 - created: "2021-04-01T17:13:59.513019601Z" + created: "2021-04-21T15:17:43.446934-07:00" dependencies: - condition: grafana.enabled name: grafana @@ -5818,7 +2328,7 @@ entries: description: Collects several related Helm charts, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: 3b19da9f6dba9ed6a22253e0c0a89ed7c92a5e51d68265f715a1edd581ef5be4 + digest: a4cc6951bf9d0c683b0f30ccffa87229e8f6d3a467eef1055b44533e00e594c3 home: https://github.com/prometheus-operator/kube-prometheus icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png keywords: @@ -5844,533 +2354,8 @@ entries: - https://github.com/prometheus-community/helm-charts - https://github.com/prometheus-operator/kube-prometheus urls: - - assets/rancher-monitoring/rancher-monitoring-9.4.204-rc09.tgz - version: 9.4.204-rc09 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v1 - appVersion: 0.38.1 - created: "2021-04-01T00:24:29.131143915Z" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - - condition: windowsExporter.enabled - name: windowsExporter - repository: file://./charts/windowsExporter - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: 3e6782415cc47a7b900c4e5c57abd578e160c739991d571d94fc7da1f468c16e - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - urls: - - assets/rancher-monitoring/rancher-monitoring-9.4.204-rc08.tgz - version: 9.4.204-rc08 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v1 - appVersion: 0.38.1 - created: "2021-03-29T19:11:34.094148142Z" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - - condition: windowsExporter.enabled - name: windowsExporter - repository: file://./charts/windowsExporter - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: e7d64d5bd68fe224dc59187410ff5ac4adb99788c1dbf256ef3249f6c37a0734 - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - urls: - - assets/rancher-monitoring/rancher-monitoring-9.4.204-rc07.tgz - version: 9.4.204-rc07 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v1 - appVersion: 0.38.1 - created: "2021-03-29T18:50:17.116905752Z" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - - condition: windowsExporter.enabled - name: windowsExporter - repository: file://./charts/windowsExporter - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: 3b24326ffabbf3d4203981deb693b499d6231b71f5a6b73734fe83ce33c2269b - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - urls: - - assets/rancher-monitoring/rancher-monitoring-9.4.204-rc06.tgz - version: 9.4.204-rc06 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v1 - appVersion: 0.38.1 - created: "2021-03-19T19:06:09.93979837Z" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - - condition: windowsExporter.enabled - name: windowsExporter - repository: file://./charts/windowsExporter - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: de33b0e74170ca8b9eabdac17c44becff154d274dcf09b947994be1c3d5e28bb - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - urls: - - assets/rancher-monitoring/rancher-monitoring-9.4.204-rc05.tgz - version: 9.4.204-rc05 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v1 - appVersion: 0.38.1 - created: "2021-03-15T17:53:22.536978155Z" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - - condition: windowsExporter.enabled - name: windowsExporter - repository: file://./charts/windowsExporter - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: d8fec718599037d90c5a63c9ca9dedfcf3cae69e0a9aae90f75bdf14cebf97f5 - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - urls: - - assets/rancher-monitoring/rancher-monitoring-9.4.204-rc04.tgz - version: 9.4.204-rc04 + - released/assets/rancher-monitoring/rancher-monitoring-9.4.204.tgz + version: 9.4.204 - annotations: artifacthub.io/links: | - name: Chart Source @@ -6390,7 +2375,7 @@ entries: catalog.cattle.io/ui-component: monitoring apiVersion: v1 appVersion: 0.38.1 - created: "2021-03-11T19:24:36.934227524Z" + created: "2021-04-21T15:17:43.426785-07:00" dependencies: - condition: grafana.enabled name: grafana @@ -6446,7 +2431,7 @@ entries: description: Collects several related Helm charts, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: 3e14ffafc25dd769c3b80db1102db1f1fa0deb64025bfae0323759e54209d52e + digest: 64604ea0359b468c9a768ec484ebfdf3f776da5524571c85dd42bc6e600aeead home: https://github.com/prometheus-operator/kube-prometheus icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png keywords: @@ -6472,826 +2457,8 @@ entries: - https://github.com/prometheus-community/helm-charts - https://github.com/prometheus-operator/kube-prometheus urls: - - assets/rancher-monitoring/rancher-monitoring-9.4.204-rc03.tgz - version: 9.4.204-rc03 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v1 - appVersion: 0.38.1 - created: "2021-03-11T07:21:44.739468733Z" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: f68e46357300451b582354dd838f80a68cbda4c4f3d2c0adc812096f563f8e4f - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - urls: - - assets/rancher-monitoring/rancher-monitoring-9.4.204-rc02.tgz - version: 9.4.204-rc02 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v1 - appVersion: 0.38.1 - created: "2021-03-09T18:31:06.113312152Z" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: 66b54a77c5fc817d9f0fba7918160a709debba453f3a5705a16a62324ed09235 - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - urls: - - assets/rancher-monitoring/rancher-monitoring-9.4.204-rc01.tgz - version: 9.4.204-rc01 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v1 - appVersion: 0.38.1 - created: "2021-03-04T22:24:38.312011609Z" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: aba45df29197c56e35ff1f0045261cb39efece2c91ce47ffc3e6b2ae70aa3f94 - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - urls: - - assets/rancher-monitoring/rancher-monitoring-9.4.204-rc00.tgz - version: 9.4.204-rc00 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v1 - appVersion: 0.38.1 - created: "2021-03-04T09:47:45.113244-08:00" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: 92fe184bf72dc5b21d907a158b4e725f4f688d627e5b63448cd47f5e2ef119e0 - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - urls: - - released/assets/rancher-monitoring/rancher-monitoring-9.4.203-rc04.tgz - version: 9.4.203-rc04 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v1 - appVersion: 0.38.1 - created: "2021-03-04T09:47:45.096879-08:00" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: 748ab12856c906c69fd6ec1a66369d790fbb53d8e54763cc737f4e0fb6d07998 - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - urls: - - released/assets/rancher-monitoring/rancher-monitoring-9.4.203-rc03.tgz - version: 9.4.203-rc03 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v1 - appVersion: 0.38.1 - created: "2021-03-04T09:47:45.08055-08:00" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: b452563b7f643a0b2e48720bc7b0d597e32d2c89764e897e896caac4c7b79154 - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - urls: - - released/assets/rancher-monitoring/rancher-monitoring-9.4.203-rc02.tgz - version: 9.4.203-rc02 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/ui-component: monitoring - apiVersion: v1 - appVersion: 0.38.1 - created: "2021-03-04T09:47:45.063106-08:00" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: 381a6a4c07867f5a4a737b49ac1c919ca62d72797054b7bdeeb0f9906acfaa93 - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - urls: - - released/assets/rancher-monitoring/rancher-monitoring-9.4.203-rc01.tgz - version: 9.4.203-rc01 - - annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/auto-install: rancher-monitoring-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/ui-component: monitoring - apiVersion: v1 - appVersion: 0.38.1 - created: "2021-03-04T09:47:45.043037-08:00" - dependencies: - - condition: grafana.enabled - name: grafana - repository: file://./charts/grafana - - condition: k3sServer.enabled - name: k3sServer - repository: file://./charts/k3sServer - - condition: kubeStateMetrics.enabled - name: kube-state-metrics - repository: file://./charts/kube-state-metrics - - condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - repository: file://./charts/kubeAdmControllerManager - - condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - repository: file://./charts/kubeAdmEtcd - - condition: kubeAdmProxy.enabled - name: kubeAdmProxy - repository: file://./charts/kubeAdmProxy - - condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - repository: file://./charts/kubeAdmScheduler - - condition: prometheus-adapter.enabled - name: prometheus-adapter - repository: file://./charts/prometheus-adapter - - condition: nodeExporter.enabled - name: prometheus-node-exporter - repository: file://./charts/prometheus-node-exporter - - condition: rke2ControllerManager.enabled - name: rke2ControllerManager - repository: file://./charts/rke2ControllerManager - - condition: rke2Etcd.enabled - name: rke2Etcd - repository: file://./charts/rke2Etcd - - condition: rke2Proxy.enabled - name: rke2Proxy - repository: file://./charts/rke2Proxy - - condition: rke2Scheduler.enabled - name: rke2Scheduler - repository: file://./charts/rke2Scheduler - - condition: rkeControllerManager.enabled - name: rkeControllerManager - repository: file://./charts/rkeControllerManager - - condition: rkeEtcd.enabled - name: rkeEtcd - repository: file://./charts/rkeEtcd - - condition: rkeProxy.enabled - name: rkeProxy - repository: file://./charts/rkeProxy - - condition: rkeScheduler.enabled - name: rkeScheduler - repository: file://./charts/rkeScheduler - description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: 790ea3458c6170db492639981aeca7376b6b825eab4c623646a721f6405f3440 - home: https://github.com/prometheus-operator/kube-prometheus - icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png - keywords: - - operator - - prometheus - - kube-prometheus - - monitoring - maintainers: - - name: vsliouniaev - - name: bismarck - - email: gianrubio@gmail.com - name: gianrubio - - email: github.gkarthiks@gmail.com - name: gkarthiks - - email: scott@r6by.com - name: scottrigby - - email: miroslav.hadzhiev@gmail.com - name: Xtigyro - - email: arvind.iyengar@suse.com - name: Arvind - name: rancher-monitoring - sources: - - https://github.com/prometheus-community/helm-charts - - https://github.com/prometheus-operator/kube-prometheus - urls: - - released/assets/rancher-monitoring/rancher-monitoring-9.4.203-rc00.tgz - version: 9.4.203-rc00 + - released/assets/rancher-monitoring/rancher-monitoring-9.4.203.tgz + version: 9.4.203 - annotations: artifacthub.io/links: | - name: Chart Source @@ -7309,7 +2476,7 @@ entries: catalog.cattle.io/ui-component: monitoring apiVersion: v1 appVersion: 0.38.1 - created: "2021-01-15T00:11:30.543558-08:00" + created: "2021-04-21T15:17:43.408432-07:00" dependencies: - condition: kubeStateMetrics.enabled name: kube-state-metrics @@ -7395,7 +2562,7 @@ entries: description: Collects several related Helm charts, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: 7e211720b3d489c00426788abec352bc4561dd30c5c502112787a212100c46e7 + digest: 0e032ffa7397d564f3d00aa7719b62314e25f6e32e723de5db0f312f4a0034de home: https://github.com/prometheus-operator/kube-prometheus icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png keywords: @@ -7438,7 +2605,7 @@ entries: catalog.cattle.io/ui-component: monitoring apiVersion: v1 appVersion: 0.38.1 - created: "2021-01-15T00:11:30.528456-08:00" + created: "2021-04-21T15:17:43.39281-07:00" dependencies: - condition: kubeStateMetrics.enabled name: kube-state-metrics @@ -7524,7 +2691,7 @@ entries: description: Collects several related Helm charts, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: 5b5adac2304f7f7cd7761a269a038b178cc34c48d098829c66e880fa8b4c31a7 + digest: 36890f0d8ae2f9c4990e61122d727a5df31dbe017f49d6334e7e13fb9c257cd8 home: https://github.com/prometheus-operator/kube-prometheus icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png keywords: @@ -7566,7 +2733,7 @@ entries: catalog.cattle.io/ui-component: monitoring apiVersion: v1 appVersion: 0.38.1 - created: "2021-01-15T00:11:30.512591-08:00" + created: "2021-04-21T15:17:43.379857-07:00" dependencies: - condition: kubeStateMetrics.enabled name: kube-state-metrics @@ -7662,7 +2829,7 @@ entries: description: Collects several related Helm charts, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - digest: a36daf9841b3cd516ed127170d4a9fc85d1d9d1bdfb52128d232803e5276a0b2 + digest: 4c5845c1ca7c109052ce9cae5deea7dd0bc697cb334ba9d929f4c04f14835957 home: https://github.com/prometheus-operator/kube-prometheus icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png keywords: @@ -7695,345 +2862,51 @@ entries: catalog.cattle.io/namespace: cattle-monitoring-system catalog.cattle.io/release-name: rancher-monitoring-crd apiVersion: v1 - created: "2021-04-21T21:24:45.80518334Z" + created: "2021-04-21T15:17:43.450977-07:00" description: Installs the CRDs for rancher-monitoring. - digest: d8b89b435b7435e2b07c61f60e0fbe456d9a87abf10761ec09f30f39d8da5e0d + digest: aed740673c0445e09f4958a9dcda2369c049e64c1ab2b838eb84dbced3973e29 name: rancher-monitoring-crd type: application urls: - - assets/rancher-monitoring/rancher-monitoring-crd-14.5.100-rc08.tgz - version: 14.5.100-rc08 + - released/assets/rancher-monitoring/rancher-monitoring-crd-14.5.100.tgz + version: 14.5.100 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" catalog.cattle.io/namespace: cattle-monitoring-system catalog.cattle.io/release-name: rancher-monitoring-crd apiVersion: v1 - created: "2021-04-14T00:45:29.22965381Z" + created: "2021-04-21T15:17:43.470078-07:00" description: Installs the CRDs for rancher-monitoring. - digest: 364443857caa7fe5650f994304a7e6ff1e58ea41bafea99e9003e0bfdacab0d5 + digest: 037b4064bb46103113f1c591da57efc4959616cfca470742beddab724a28507a name: rancher-monitoring-crd type: application urls: - - assets/rancher-monitoring/rancher-monitoring-crd-14.5.100-rc07.tgz - version: 14.5.100-rc07 + - released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.204.tgz + version: 9.4.204 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" catalog.cattle.io/namespace: cattle-monitoring-system catalog.cattle.io/release-name: rancher-monitoring-crd apiVersion: v1 - created: "2021-04-14T00:36:29.787938598Z" + created: "2021-04-21T15:17:43.466486-07:00" description: Installs the CRDs for rancher-monitoring. - digest: ec7cb3a9f1b51ec866885c09962aef7793ba7b47f88f84ab16e32143c8c7dba6 + digest: 63a81f944774e646f6549c545f7c6b56635218bc135b9421eab224c6139dcbf7 name: rancher-monitoring-crd type: application urls: - - assets/rancher-monitoring/rancher-monitoring-crd-14.5.100-rc06.tgz - version: 14.5.100-rc06 + - released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.203.tgz + version: 9.4.203 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" catalog.cattle.io/namespace: cattle-monitoring-system catalog.cattle.io/release-name: rancher-monitoring-crd apiVersion: v1 - created: "2021-04-09T23:38:33.929222266Z" + created: "2021-04-21T15:17:43.462778-07:00" description: Installs the CRDs for rancher-monitoring. - digest: f04ebf5d7eb8fd7eb8220cbe56c03ece901b92d37b0ac77b240bebb709ce2d82 - name: rancher-monitoring-crd - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-crd-14.5.100-rc05.tgz - version: 14.5.100-rc05 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-04-09T23:21:13.060766912Z" - description: Installs the CRDs for rancher-monitoring. - digest: fb0a9d0a2f0d89323efc158bfec517dc496bac733cd5509b79f4280a564d2ac6 - name: rancher-monitoring-crd - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-crd-14.5.100-rc04.tgz - version: 14.5.100-rc04 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-04-09T19:01:47.363964786Z" - description: Installs the CRDs for rancher-monitoring. - digest: 3d60d1156d5a23c991dffdf237ba4c4aa25b4af516804dd1b563411ea9bcfb7b - name: rancher-monitoring-crd - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-crd-14.5.100-rc03.tgz - version: 14.5.100-rc03 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-04-09T18:57:13.034996398Z" - description: Installs the CRDs for rancher-monitoring. - digest: 0cd2c6315cbc1d9852bd48d5fb52ec4784c01cb05fae20f0da8ecd12afd01c71 - name: rancher-monitoring-crd - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-crd-14.5.100-rc02.tgz - version: 14.5.100-rc02 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-04-08T17:35:35.357876912Z" - description: Installs the CRDs for rancher-monitoring. - digest: 138559f78af79f702a0f726dec6030b8ed90804d554157b5a63c4a67cc59d527 - name: rancher-monitoring-crd - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-crd-14.5.100-rc01.tgz - version: 14.5.100-rc01 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-04-07T19:45:48.493958685Z" - description: Installs the CRDs for rancher-monitoring. - digest: f5c71f94ad841368b3b88b138efe73c3d5349ec5249dd535606b0fa0b2cbd258 - name: rancher-monitoring-crd - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-crd-14.5.100-rc00.tgz - version: 14.5.100-rc00 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-04-01T17:13:59.563242946Z" - description: Installs the CRDs for rancher-monitoring. - digest: a391c51692369e92dbd9cce1eb831ce179a8c43c4badb7cae7e734853cf36e84 - name: rancher-monitoring-crd - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-crd-9.4.204-rc09.tgz - version: 9.4.204-rc09 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-04-01T00:24:29.18136558Z" - description: Installs the CRDs for rancher-monitoring. - digest: 09406ed10fc925cecaf9aac55fda6a499568865cfd65a893a3dfc2cab08f58f0 - name: rancher-monitoring-crd - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-crd-9.4.204-rc08.tgz - version: 9.4.204-rc08 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-03-29T19:11:34.132322217Z" - description: Installs the CRDs for rancher-monitoring. - digest: 82344e6f4b9bbae466037b995d076a068a35a43314f00dc0616e767b7a1b887c - name: rancher-monitoring-crd - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-crd-9.4.204-rc07.tgz - version: 9.4.204-rc07 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-03-29T18:50:17.156704785Z" - description: Installs the CRDs for rancher-monitoring. - digest: 65ec05d07de3dbc8d0993db237f805f665e33792f5462e34c548ba5a2b49b964 - name: rancher-monitoring-crd - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-crd-9.4.204-rc06.tgz - version: 9.4.204-rc06 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-03-19T19:06:09.973523331Z" - description: Installs the CRDs for rancher-monitoring. - digest: 0b11edae6bf47779275c19e845732f26972c2ef075f5cc36a17b136627c14cef - name: rancher-monitoring-crd - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-crd-9.4.204-rc05.tgz - version: 9.4.204-rc05 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-03-15T17:53:22.567067722Z" - description: Installs the CRDs for rancher-monitoring. - digest: f6112dca3c4d7144a9ed6e9ab241985efce5d15df7f1f4587abd9f00d834fc07 - name: rancher-monitoring-crd - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-crd-9.4.204-rc04.tgz - version: 9.4.204-rc04 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-03-11T19:24:36.957648484Z" - description: Installs the CRDs for rancher-monitoring. - digest: b4f526e853fe683f60c1835e90b2872c7e7b1d02a4e64495a654ef59eec4755f - name: rancher-monitoring-crd - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-crd-9.4.204-rc03.tgz - version: 9.4.204-rc03 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-03-11T07:21:44.755209101Z" - description: Installs the CRDs for rancher-monitoring. - digest: 3a23783b0d8768bc11317fa90a709407c07e49f34b7a6bbfe55f1c67d82b83f8 - name: rancher-monitoring-crd - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-crd-9.4.204-rc02.tgz - version: 9.4.204-rc02 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-03-09T18:31:06.124041014Z" - description: Installs the CRDs for rancher-monitoring. - digest: 6c652db827bfcc5a874f9bd8676547ba6c3e845dc04fcb2e8fe3e3ea6f6ded7d - name: rancher-monitoring-crd - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-crd-9.4.204-rc01.tgz - version: 9.4.204-rc01 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-03-04T22:24:38.317889663Z" - description: Installs the CRDs for rancher-monitoring. - digest: f5eccbacc35a9935dc03dc32f929a1ed2c85bdcf7930c493270b1694e715d49a - name: rancher-monitoring-crd - type: application - urls: - - assets/rancher-monitoring/rancher-monitoring-crd-9.4.204-rc00.tgz - version: 9.4.204-rc00 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-03-04T09:47:45.131189-08:00" - description: Installs the CRDs for rancher-monitoring. - digest: 94e3ca61ac75aae35d2739dc35b7e2c951ff755918fb946eccca6ad4f2ee153c - name: rancher-monitoring-crd - type: application - urls: - - released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.203-rc04.tgz - version: 9.4.203-rc04 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-03-04T09:47:45.127453-08:00" - description: Installs the CRDs for rancher-monitoring. - digest: 338c5e30cceefa4cae16fe6d4ff545277dde72aec7cb1f48404792f4a2d56f1b - name: rancher-monitoring-crd - type: application - urls: - - released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.203-rc03.tgz - version: 9.4.203-rc03 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-03-04T09:47:45.124231-08:00" - description: Installs the CRDs for rancher-monitoring. - digest: 0ca0dfc59cc434faddbe2ef552b9ab669d8de9c8a574abdfb8a8c3b185445e30 - name: rancher-monitoring-crd - type: application - urls: - - released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.203-rc02.tgz - version: 9.4.203-rc02 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-03-04T09:47:45.120388-08:00" - description: Installs the CRDs for rancher-monitoring. - digest: 7ef29171739727ce9a9ee0a1db010c6104c33013855518bc092e85b6d8428242 - name: rancher-monitoring-crd - type: application - urls: - - released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.203-rc01.tgz - version: 9.4.203-rc01 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-03-04T09:47:45.117158-08:00" - description: Installs the CRDs for rancher-monitoring. - digest: d9689596a9f3d92ca4752bce94937e41fe6330e7b34f5af4596ff85edec23d68 - name: rancher-monitoring-crd - type: application - urls: - - released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.203-rc00.tgz - version: 9.4.203-rc00 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd - apiVersion: v1 - created: "2021-01-15T00:11:30.555062-08:00" - description: Installs the CRDs for rancher-monitoring. - digest: 31251cec75ee29975f02f00032defce1dbd3cad5ce1dff44a63457fb3c6f475d + digest: 60945c2274b7c169ad84240e7facc9aa8d3a0a4e649c3dcd6e6b21f336a257d8 name: rancher-monitoring-crd type: application urls: @@ -8045,9 +2918,9 @@ entries: catalog.cattle.io/namespace: cattle-monitoring-system catalog.cattle.io/release-name: rancher-monitoring-crd apiVersion: v1 - created: "2021-01-15T00:11:30.551045-08:00" + created: "2021-04-21T15:17:43.459526-07:00" description: Installs the CRDs for rancher-monitoring. - digest: 3e2c6926b5e0384e25d76cc33fee1782c6cf444f4844901105bbfa251b9023ca + digest: 09532cc000ee5a78dbda15c879ad1af9f9c2f8bc08db4067a6756df1a0206de3 name: rancher-monitoring-crd type: application urls: @@ -8059,9 +2932,9 @@ entries: catalog.cattle.io/namespace: cattle-monitoring-system catalog.cattle.io/release-name: rancher-monitoring-crd apiVersion: v1 - created: "2021-01-15T00:11:30.547748-08:00" + created: "2021-04-21T15:17:43.455615-07:00" description: Installs the CRDs for rancher-monitoring. - digest: 1bbc909b84e9c10506c0c2f2ffa074ebfd49d58af2e3a123f802a668d6f78435 + digest: 101721abb2876816b54234568272d0372c274ed3e4851a9c94077f61fefb8a49 name: rancher-monitoring-crd type: application urls: @@ -8076,9 +2949,9 @@ entries: catalog.rancher.io/release-name: rancher-node-exporter apiVersion: v1 appVersion: 1.1.2 - created: "2021-04-07T19:45:48.554527222Z" + created: "2021-04-21T15:17:43.470733-07:00" description: A Helm chart for prometheus node-exporter - digest: 92884824f6b27ec8193c12ca9fc044b73d90a4fa2a77828cffe4a1f70eeab038 + digest: 8420dd3a73ca5b9658da3d878d755c470266281bd216f59027175a0c0575e851 home: https://github.com/prometheus/node_exporter/ keywords: - node-exporter @@ -8093,8 +2966,8 @@ entries: sources: - https://github.com/prometheus/node_exporter/ urls: - - assets/rancher-node-exporter/rancher-node-exporter-1.16.201-rc00.tgz - version: 1.16.201-rc00 + - released/assets/rancher-node-exporter/rancher-node-exporter-1.16.201.tgz + version: 1.16.201 rancher-operator: - annotations: catalog.cattle.io/auto-install: rancher-operator-crd=match @@ -8107,67 +2980,13 @@ entries: catalog.cattle.io/release-name: rancher-operator apiVersion: v2 appVersion: 0.1.4 - created: "2021-04-10T01:22:20.238571482Z" + created: "2021-04-21T15:17:43.472013-07:00" description: Control Rancher using GitOps - digest: 11f8951b4213501166fb7e7a92bf88a7b9bc42bee07ab1a7cce3c81c6ce3719f + digest: 9217c81bf6e0ff46aae4f53e35699eff092104cf160231d81ec1515c8aba01c2 name: rancher-operator urls: - - assets/rancher-operator/rancher-operator-0.1.400-rc04.tgz - version: 0.1.400-rc04 - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.4 - created: "2021-04-09T17:59:11.009006785Z" - description: Control Rancher using GitOps - digest: ed678ca8a35ed9972ace87b69bc83deb7cf9c0b56e2f35625d571d03f4db7681 - name: rancher-operator - urls: - - assets/rancher-operator/rancher-operator-0.1.400-rc03.tgz - version: 0.1.400-rc03 - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.4 - created: "2021-04-07T00:44:11.378767284Z" - description: Control Rancher using GitOps - digest: 26cd58e62c13a3475145b196a7c15b7556ef9a99815b5b3458ef6dc0080f5b80 - name: rancher-operator - urls: - - assets/rancher-operator/rancher-operator-0.1.400-rc02.tgz - version: 0.1.400-rc02 - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.4 - created: "2021-04-06T20:03:07.172865613Z" - description: Control Rancher using GitOps - digest: cb979672008ecb7decf5bc4b818b17762296a9bcf3b22ce29b10aec0f34b605e - name: rancher-operator - urls: - - assets/rancher-operator/rancher-operator-0.1.400-rc01.tgz - version: 0.1.400-rc01 + - released/assets/rancher-operator/rancher-operator-0.1.400.tgz + version: 0.1.400 - annotations: catalog.cattle.io/auto-install: rancher-operator-crd=match catalog.cattle.io/certified: rancher @@ -8179,121 +2998,13 @@ entries: catalog.cattle.io/release-name: rancher-operator apiVersion: v2 appVersion: 0.1.3 - created: "2021-03-04T09:47:45.132758-08:00" + created: "2021-04-21T15:17:43.471792-07:00" description: Control Rancher using GitOps - digest: 2656b6dcd24f1fbbdd0775cb09932e18af415bf13c6e873ae35c5dbd384a3abc + digest: 73ebe2ffee0dd484246cef9e4eec8b4728a98253803ecebc2abc4bd5700eddc8 name: rancher-operator urls: - - released/assets/rancher-operator/rancher-operator-0.1.300-rc08.tgz - version: 0.1.300-rc08 - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.3 - created: "2021-03-04T09:47:45.132538-08:00" - description: Control Rancher using GitOps - digest: b3ce6f43a280702dc57ef54fafffd59e146bff22d5b3b0607e73ac11be7597c6 - name: rancher-operator - urls: - - released/assets/rancher-operator/rancher-operator-0.1.300-rc07.tgz - version: 0.1.300-rc07 - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.3 - created: "2021-03-04T09:47:45.132321-08:00" - description: Control Rancher using GitOps - digest: 4da0891a485ccab47d970a1b3384c3d260b7f1d336e437991501330d9d7a558f - name: rancher-operator - urls: - - released/assets/rancher-operator/rancher-operator-0.1.300-rc06.tgz - version: 0.1.300-rc06 - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.3 - created: "2021-03-04T09:47:45.132096-08:00" - description: Control Rancher using GitOps - digest: e22a7299a8219d1a6876472d263679cfad6cd684c0ce1774bd88c604d3823ae0 - name: rancher-operator - urls: - - released/assets/rancher-operator/rancher-operator-0.1.300-rc05.tgz - version: 0.1.300-rc05 - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.3 - created: "2021-03-04T09:47:45.13188-08:00" - description: Control Rancher using GitOps - digest: d8b53650d168a955588b9489488b1af9f285959fc0f60028b6c802a8e192f571 - name: rancher-operator - urls: - - released/assets/rancher-operator/rancher-operator-0.1.300-rc04.tgz - version: 0.1.300-rc04 - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.3 - created: "2021-03-04T09:47:45.131657-08:00" - description: Control Rancher using GitOps - digest: 227cf3caf125ed1f2d3329350fdd8b90a788727e620c2af43d8a2f11e035116d - name: rancher-operator - urls: - - released/assets/rancher-operator/rancher-operator-0.1.300-rc03.tgz - version: 0.1.300-rc03 - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.3 - created: "2021-03-04T09:47:45.131436-08:00" - description: Control Rancher using GitOps - digest: c65dd65dceee1e0ffa7228b89ecac8b03b03b233c65009dcac778d3792e1698c - name: rancher-operator - urls: - - released/assets/rancher-operator/rancher-operator-0.1.300-rc01.tgz - version: 0.1.300-rc01 + - released/assets/rancher-operator/rancher-operator-0.1.300.tgz + version: 0.1.300 - annotations: catalog.cattle.io/auto-install: rancher-operator-crd=match catalog.cattle.io/certified: rancher @@ -8305,31 +3016,13 @@ entries: catalog.cattle.io/release-name: rancher-operator apiVersion: v2 appVersion: 0.1.2 - created: "2021-01-15T00:11:30.557225-08:00" + created: "2021-04-21T15:17:43.471561-07:00" description: Control Rancher using GitOps - digest: 8427c5fb912002404267f7c349dac1f51b3fc5160aade214e35e7d5732a3e6d3 + digest: a431b39ca8d0046829be03765882af1f6676862ea1c301c7721defcfc8461fa9 name: rancher-operator urls: - released/assets/rancher-operator/rancher-operator-0.1.200.tgz version: 0.1.200 - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.2-rc2 - created: "2021-01-15T00:11:30.556966-08:00" - description: Control Rancher using GitOps - digest: b0341792bfa98f4680bb6099c8bc5a739cd8fab1e7217acceda396cc0d640a26 - name: rancher-operator - urls: - - released/assets/rancher-operator/rancher-operator-0.1.200-rc2.tgz - version: 0.1.200-rc2 - annotations: catalog.cattle.io/auto-install: rancher-operator-crd=match catalog.cattle.io/certified: rancher @@ -8341,49 +3034,13 @@ entries: catalog.cattle.io/release-name: rancher-operator apiVersion: v2 appVersion: 0.1.1 - created: "2021-01-15T00:11:30.555899-08:00" + created: "2021-04-21T15:17:43.471239-07:00" description: Control Rancher using GitOps - digest: 0a4132fbc7a014ee6e88ac95dc278723c591fe271529d37f529bfe819b8b03f1 + digest: 3ccc2bdbe07d4cbd710bc1ff9119a9f5acf5bbd9abb38878de214dd99c9b4a52 name: rancher-operator urls: - released/assets/rancher-operator/rancher-operator-0.1.100.tgz version: 0.1.100 - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.2-rc2 - created: "2021-01-15T00:11:30.556665-08:00" - description: Control Rancher using GitOps - digest: e952722116cf3912eda2f542e2a703e3676983c6fb1b34e056d4e9c3e79d820d - name: rancher-operator - urls: - - released/assets/rancher-operator/rancher-operator-0.1.2-rc200.tgz - version: 0.1.2-rc200 - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.2-rc1 - created: "2021-01-15T00:11:30.556311-08:00" - description: Control Rancher using GitOps - digest: 1aed5f1bef466d930aaf0a715d1b305c366dc84de6b6c06d4f44db93ca40f2b8 - name: rancher-operator - urls: - - released/assets/rancher-operator/rancher-operator-0.1.2-rc100.tgz - version: 0.1.2-rc100 - annotations: catalog.cattle.io/auto-install: rancher-operator-crd=match catalog.cattle.io/certified: rancher @@ -8395,31 +3052,13 @@ entries: catalog.cattle.io/release-name: rancher-operator apiVersion: v2 appVersion: 0.1.0 - created: "2021-01-15T00:11:30.555581-08:00" + created: "2021-04-21T15:17:43.471001-07:00" description: Control Rancher using GitOps - digest: f7524f717eb372fee5a5044cc473dda94e85125325dbf0a064669ebe206fbed0 + digest: 77aa64d9f0e5a9573497e0f4ae7fb509f4af4df825b64bce327dc97ac18ac222 name: rancher-operator urls: - released/assets/rancher-operator/rancher-operator-0.1.000.tgz version: 0.1.000 - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.0-alpha8 - created: "2021-01-15T00:11:30.555334-08:00" - description: Control Rancher using GitOps - digest: d4d2be199ef6c0cd632e59c50e85c73fd80f0a1deebf10a558824d495fb8b723 - name: rancher-operator - urls: - - released/assets/rancher-operator/rancher-operator-0.1.0-alpha800.tgz - version: 0.1.0-alpha800 rancher-operator-crd: - annotations: catalog.cattle.io/certified: rancher @@ -8429,58 +3068,13 @@ entries: catalog.cattle.io/release-name: rancher-operator-crd apiVersion: v2 appVersion: 0.1.4 - created: "2021-04-10T01:22:20.241438111Z" + created: "2021-04-21T15:17:43.473832-07:00" description: Rancher Operator CustomResourceDefinitions - digest: 66565c595f9acf9968f4ec7144efeb8e1cb4ed5a6a38c2150e28dc919a80d953 + digest: bbe268442f5fbd5a5615e1587cc6705bcc3208d44aeee31d4554535b5f8d0df5 name: rancher-operator-crd urls: - - assets/rancher-operator-crd/rancher-operator-crd-0.1.400-rc04.tgz - version: 0.1.400-rc04 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.4 - created: "2021-04-09T17:59:11.012588219Z" - description: Rancher Operator CustomResourceDefinitions - digest: 3a758f1d00e4f891165774a6510a4ec2f7d8c99f11480193b666d2c65d4670c5 - name: rancher-operator-crd - urls: - - assets/rancher-operator-crd/rancher-operator-crd-0.1.400-rc03.tgz - version: 0.1.400-rc03 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.4 - created: "2021-04-07T00:44:11.381186296Z" - description: Rancher Operator CustomResourceDefinitions - digest: cadf7abfc4f5e12efcc66ece8e2290345789f3e2c192f18d16e532d93cb2a7ee - name: rancher-operator-crd - urls: - - assets/rancher-operator-crd/rancher-operator-crd-0.1.400-rc02.tgz - version: 0.1.400-rc02 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.4 - created: "2021-04-06T20:03:07.174196964Z" - description: Rancher Operator CustomResourceDefinitions - digest: ccb9e8dfd344a6113e8406ea686f0d47825f8427f0c71651c5c319f89ad7e730 - name: rancher-operator-crd - urls: - - assets/rancher-operator-crd/rancher-operator-crd-0.1.400-rc01.tgz - version: 0.1.400-rc01 + - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.400.tgz + version: 0.1.400 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -8489,103 +3083,13 @@ entries: catalog.cattle.io/release-name: rancher-operator-crd apiVersion: v2 appVersion: 0.1.3 - created: "2021-03-04T09:47:45.136143-08:00" + created: "2021-04-21T15:17:43.473425-07:00" description: Rancher Operator CustomResourceDefinitions - digest: 4cc60bf056682d2f809a497f04857295e0150662c235bd4ddb7b1764b79285f8 + digest: b87b2406be42cbe1ca0ba6068bcf3ce16f42227de12997b64ebe6053de221c7d name: rancher-operator-crd urls: - - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.300-rc08.tgz - version: 0.1.300-rc08 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.3 - created: "2021-03-04T09:47:45.135739-08:00" - description: Rancher Operator CustomResourceDefinitions - digest: 36836da1bb6a195783cb0a25852f559a90e535d909d43220b93546a3343edfa9 - name: rancher-operator-crd - urls: - - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.300-rc07.tgz - version: 0.1.300-rc07 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.3 - created: "2021-03-04T09:47:45.135329-08:00" - description: Rancher Operator CustomResourceDefinitions - digest: a794c3b33313978a0ca37f192f95d452312d3429f73f385aa8d9c3573cc04c38 - name: rancher-operator-crd - urls: - - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.300-rc06.tgz - version: 0.1.300-rc06 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.3 - created: "2021-03-04T09:47:45.134935-08:00" - description: Rancher Operator CustomResourceDefinitions - digest: 08a8c134a36841aec3caa04ca848e31456ea6e68eba3c1d2f11c87a011de3c9a - name: rancher-operator-crd - urls: - - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.300-rc05.tgz - version: 0.1.300-rc05 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.3 - created: "2021-03-04T09:47:45.134525-08:00" - description: Rancher Operator CustomResourceDefinitions - digest: e95190052c50fcfddc8582760f9512dd1eae2ad02682ae024f4d2f8c5de04b17 - name: rancher-operator-crd - urls: - - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.300-rc04.tgz - version: 0.1.300-rc04 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.3 - created: "2021-03-04T09:47:45.134112-08:00" - description: Rancher Operator CustomResourceDefinitions - digest: f4254f3e706cd8d9526048d1cc64f3d91962b19994f95b30459fed456128cc75 - name: rancher-operator-crd - urls: - - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.300-rc03.tgz - version: 0.1.300-rc03 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.3 - created: "2021-03-04T09:47:45.133455-08:00" - description: Rancher Operator CustomResourceDefinitions - digest: 88c0fb8ae620a707ddd889ce2805077d3a51284ce6fe25748526c0a70fb808dc - name: rancher-operator-crd - urls: - - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.300-rc01.tgz - version: 0.1.300-rc01 + - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.300.tgz + version: 0.1.300 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -8594,28 +3098,13 @@ entries: catalog.cattle.io/release-name: rancher-operator-crd apiVersion: v2 appVersion: 0.1.2 - created: "2021-01-15T00:11:30.560457-08:00" + created: "2021-04-21T15:17:43.473028-07:00" description: Rancher Operator CustomResourceDefinitions - digest: 181428fac5cf2576f1c35497c142607be81e19aa96b29976d5142cce9cf84027 + digest: 383784b8f509d7b8eeee1d46506f73d69f39ad8016915884ff7685ed882280c0 name: rancher-operator-crd urls: - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.200.tgz version: 0.1.200 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.2-rc2 - created: "2021-01-15T00:11:30.560063-08:00" - description: Rancher Operator CustomResourceDefinitions - digest: 9e832ab034a2e088618f4df7291cff7c432c2212559a4add92bb81c3d6105f37 - name: rancher-operator-crd - urls: - - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.200-rc2.tgz - version: 0.1.200-rc2 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -8623,42 +3112,13 @@ entries: catalog.cattle.io/release-name: rancher-operator-crd apiVersion: v2 appVersion: 0.1.1 - created: "2021-01-15T00:11:30.558445-08:00" + created: "2021-04-21T15:17:43.472683-07:00" description: Rancher Operator CustomResourceDefinitions - digest: 26e61ab160ebf89f91f82e0aa6cbd5378ee3d0436b67c4bdce120467483d7d80 + digest: 5133ec446717fde0269f25fa85858e17728f59cf054bb7de20099393b503d466 name: rancher-operator-crd urls: - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.100.tgz version: 0.1.100 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.2-rc2 - created: "2021-01-15T00:11:30.559476-08:00" - description: Rancher Operator CustomResourceDefinitions - digest: e57f76009845b0bb3ebfd7d972fb41d87687264257235e9d35acc330f341cc1a - name: rancher-operator-crd - urls: - - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.2-rc200.tgz - version: 0.1.2-rc200 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.2-rc1 - created: "2021-01-15T00:11:30.558798-08:00" - description: Rancher Operator CustomResourceDefinitions - digest: a83e65bedd9b916651158896cc38c3d43e063d985e1cfcbbfb291efb7fe3a2f6 - name: rancher-operator-crd - urls: - - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.2-rc100.tgz - version: 0.1.2-rc100 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -8666,27 +3126,13 @@ entries: catalog.cattle.io/release-name: rancher-operator-crd apiVersion: v2 appVersion: 0.1.0 - created: "2021-01-15T00:11:30.558084-08:00" + created: "2021-04-21T15:17:43.472354-07:00" description: Rancher Operator CustomResourceDefinitions - digest: 0ae1a90ebf8306537379912ee8db01c73436862a268ab9d2a1f95563f236007b + digest: 209d2cbcad3a3c15c31a2435bdfc46db77e6b6767b5dae1880cb9fc0035ad1fa name: rancher-operator-crd urls: - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.000.tgz version: 0.1.000 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.0-alpha8 - created: "2021-01-15T00:11:30.557694-08:00" - description: Rancher Operator CustomResourceDefinitions - digest: 49c5479777388bde6cd834868ce1e9d664e3f830848dc629dbace9624a2fa07a - name: rancher-operator-crd - urls: - - released/assets/rancher-operator-crd/rancher-operator-crd-0.1.0-alpha800.tgz - version: 0.1.0-alpha800 rancher-prom2teams: - annotations: catalog.cattle.io/certified: rancher @@ -8695,41 +3141,13 @@ entries: catalog.cattle.io/release-name: rancher-prom2teams apiVersion: v1 appVersion: 3.2.1 - created: "2021-04-21T19:31:00.376394323Z" + created: "2021-04-21T15:17:43.474266-07:00" description: A Helm chart for Prom2Teams based on the upstream https://github.com/idealista/prom2teams - digest: 95e6b362dc67dc83e0359845ccad06a0d38cfbecf45203e6a4d361eea79f1d8e + digest: a8095a1d9ecc199eba61ec3a073bed760cd01670ce575e2b7fb988a6c8fe5341 name: rancher-prom2teams urls: - - assets/rancher-prom2teams/rancher-prom2teams-0.2.000-rc03.tgz - version: 0.2.000-rc03 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-prom2teams - apiVersion: v1 - appVersion: 3.2.1 - created: "2021-04-15T21:48:25.329691963Z" - description: A Helm chart for Prom2Teams based on the upstream https://github.com/idealista/prom2teams - digest: caa8a550e34b092781d1bd23a81bbf01b6104a2be02d0c7e054692fbbe8c634f - name: rancher-prom2teams - urls: - - assets/rancher-prom2teams/rancher-prom2teams-0.2.000-rc02.tgz - version: 0.2.000-rc02 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-prom2teams - apiVersion: v1 - appVersion: 3.2.1 - created: "2021-04-15T00:36:31.780601292Z" - description: A Helm chart for Prom2Teams based on the upstream https://github.com/idealista/prom2teams - digest: 8fb5e52c0680129fb8b4c4074567c909b6d8d38c2bff79d5183edf459cea5af3 - name: rancher-prom2teams - urls: - - assets/rancher-prom2teams/rancher-prom2teams-0.2.000-rc01.tgz - version: 0.2.000-rc01 + - released/assets/rancher-prom2teams/rancher-prom2teams-0.2.000.tgz + version: 0.2.000 rancher-prometheus-adapter: - annotations: catalog.cattle.io/hidden: "true" @@ -8739,9 +3157,9 @@ entries: catalog.rancher.io/release-name: rancher-prometheus-adapter apiVersion: v1 appVersion: v0.8.3 - created: "2021-04-09T23:21:13.122128036Z" + created: "2021-04-21T15:17:43.474985-07:00" description: A Helm chart for k8s prometheus adapter - digest: 504c418856052bc1798476b6a9ad3d2efcc5c3591502af296406a732ad2077a8 + digest: 7aea5a0a8e66a9ad02bcc4ec69350c35d15242524b8052fdf9598bba6bf3f6c9 home: https://github.com/DirectXMan12/k8s-prometheus-adapter keywords: - hpa @@ -8759,38 +3177,8 @@ entries: - https://github.com/kubernetes/charts - https://github.com/DirectXMan12/k8s-prometheus-adapter urls: - - assets/rancher-prometheus-adapter/rancher-prometheus-adapter-2.12.101-rc01.tgz - version: 2.12.101-rc01 - - annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-prometheus-adapter - apiVersion: v1 - appVersion: v0.8.3 - created: "2021-04-07T19:45:48.560309716Z" - description: A Helm chart for k8s prometheus adapter - digest: 85bd2042f013a1ac3773084faf6ed72c55cd7b444eff19778cd4c16e507bf2b5 - home: https://github.com/DirectXMan12/k8s-prometheus-adapter - keywords: - - hpa - - metrics - - prometheus - - adapter - maintainers: - - email: mattias.gees@jetstack.io - name: mattiasgees - - name: steven-sheehy - - email: hfernandez@mesosphere.com - name: hectorj2f - name: rancher-prometheus-adapter - sources: - - https://github.com/kubernetes/charts - - https://github.com/DirectXMan12/k8s-prometheus-adapter - urls: - - assets/rancher-prometheus-adapter/rancher-prometheus-adapter-2.12.101-rc00.tgz - version: 2.12.101-rc00 + - released/assets/rancher-prometheus-adapter/rancher-prometheus-adapter-2.12.101.tgz + version: 2.12.101 rancher-pushprox: - annotations: catalog.cattle.io/hidden: "true" @@ -8800,15 +3188,15 @@ entries: catalog.rancher.io/release-name: rancher-pushprox apiVersion: v1 appVersion: 0.1.0 - created: "2021-03-04T22:24:38.319811981Z" + created: "2021-04-21T15:17:43.477959-07:00" description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx clients. - digest: 6ec2982d7ea75f763859c0d6e04c5ea537e21e450894c5e31d1e9fd3efd613dc + digest: 709cfe2bdf4036bb22ac660553d837d09d46ae3c650c2d4eb8454a6712fe3cbe name: rancher-pushprox type: application urls: - - assets/rancher-pushprox/rancher-pushprox-0.1.300-rc00.tgz - version: 0.1.300-rc00 + - released/assets/rancher-pushprox/rancher-pushprox-0.1.300.tgz + version: 0.1.300 - annotations: catalog.cattle.io/hidden: "true" catalog.rancher.io/certified: rancher @@ -8816,15 +3204,15 @@ entries: catalog.rancher.io/release-name: rancher-pushprox apiVersion: v1 appVersion: 0.1.0 - created: "2021-03-04T09:47:45.138198-08:00" + created: "2021-04-21T15:17:43.47749-07:00" description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx clients. - digest: f66edae0a693decab1d2e1d60f20a3ddcb57fa757cf04368f4269d43ba45e6d8 + digest: cb9552eb4ee8899ef1af5583c8080c27227dd3b10d919748f2caf79cb8197198 name: rancher-pushprox type: application urls: - - released/assets/rancher-pushprox/rancher-pushprox-0.1.201-rc02.tgz - version: 0.1.201-rc02 + - released/assets/rancher-pushprox/rancher-pushprox-0.1.201.tgz + version: 0.1.201 - annotations: catalog.cattle.io/hidden: "true" catalog.rancher.io/certified: rancher @@ -8832,43 +3220,10 @@ entries: catalog.rancher.io/release-name: rancher-pushprox apiVersion: v1 appVersion: 0.1.0 - created: "2021-03-04T09:47:45.137724-08:00" + created: "2021-04-21T15:17:43.476409-07:00" description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx clients. - digest: 4e990a9eb65941dbe2733310945efca11bc839a2543cb2d2ecc29c5dd3c691e9 - name: rancher-pushprox - type: application - urls: - - released/assets/rancher-pushprox/rancher-pushprox-0.1.201-rc01.tgz - version: 0.1.201-rc01 - - annotations: - catalog.cattle.io/hidden: "true" - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox - apiVersion: v1 - appVersion: 0.1.0 - created: "2021-03-04T09:47:45.137189-08:00" - description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. - digest: f9e10374f3d86fe4b9a13ec2ce5bd11d3c2d5314262689249cb1f0c4d4e8123f - name: rancher-pushprox - type: application - urls: - - released/assets/rancher-pushprox/rancher-pushprox-0.1.201-rc00.tgz - version: 0.1.201-rc00 - - annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox - apiVersion: v1 - appVersion: 0.1.0 - created: "2021-01-15T00:11:30.561927-08:00" - description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. - digest: bd7fc397cda47c5d5c5e0bd75a906536b195017fd7ed6876e7428230e6c48943 + digest: a4b3506a74ea6cc4e8c6610cb92451d3072f4f7bac7b503e2dea9423697eaf68 name: rancher-pushprox type: application urls: @@ -8882,10 +3237,10 @@ entries: catalog.rancher.io/release-name: rancher-pushprox apiVersion: v1 appVersion: 0.1.0 - created: "2021-01-15T00:11:30.561429-08:00" + created: "2021-04-21T15:17:43.475943-07:00" description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx clients. - digest: ab34cc49dd50f2b2dbcee36447a3e2efd974bdce004834b0bfb0508a84ffa16c + digest: 4b53e4de2aede1f3d63c815ca36bd61f31d38c59769d9982b14aca3bbf575724 name: rancher-pushprox type: application urls: @@ -8899,10 +3254,10 @@ entries: catalog.rancher.io/release-name: rancher-pushprox apiVersion: v1 appVersion: 0.1.0 - created: "2021-01-15T00:11:30.560947-08:00" + created: "2021-04-21T15:17:43.475479-07:00" description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx clients. - digest: d251c28f9e9b732a02e9c394b0d7bf3a3c98c723fb809b5015bd5728f05ee968 + digest: 73b11a51246c216a7587628fee346541d6b5e82246e11d586b4926254f7999fa name: rancher-pushprox type: application urls: @@ -8916,44 +3271,14 @@ entries: catalog.cattle.io/release-name: rancher-sachet apiVersion: v2 appVersion: 0.2.3 - created: "2021-04-21T19:31:00.381182575Z" + created: "2021-04-21T15:17:43.478347-07:00" description: A Helm chart for Sachet based on the upstream https://github.com/messagebird/sachet - digest: 9bf4bcf83bf17d0972fbca2c45284b1e010358c841d86bc04300c73bc5fe87eb + digest: 2c97d26c9944838012749bacc971e1ed07b54c56cd205c57cf61871d806a759d name: rancher-sachet type: application urls: - - assets/rancher-sachet/rancher-sachet-1.0.100-rc03.tgz - version: 1.0.100-rc03 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-sachet - apiVersion: v2 - appVersion: 0.2.3 - created: "2021-04-15T21:48:25.334591671Z" - description: A Helm chart for Sachet based on the upstream https://github.com/messagebird/sachet - digest: a861bcec2a0e88f9be44575db013807ca32dbed0c32e2c0f088e3bbd07819f33 - name: rancher-sachet - type: application - urls: - - assets/rancher-sachet/rancher-sachet-1.0.100-rc02.tgz - version: 1.0.100-rc02 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-sachet - apiVersion: v2 - appVersion: 0.2.3 - created: "2021-04-15T00:36:31.784073176Z" - description: A Helm chart for Sachet based on the upstream https://github.com/messagebird/sachet - digest: ed8e6d13d9fb29db5b477bc1876e0f2501d9aacaeb62d333e9033eda40211f65 - name: rancher-sachet - type: application - urls: - - assets/rancher-sachet/rancher-sachet-1.0.100-rc01.tgz - version: 1.0.100-rc01 + - released/assets/rancher-sachet/rancher-sachet-1.0.100.tgz + version: 1.0.100 rancher-tracing: - annotations: catalog.cattle.io/hidden: "true" @@ -8963,15 +3288,15 @@ entries: catalog.rancher.io/release-name: rancher-tracing apiVersion: v1 appVersion: 1.20.0 - created: "2021-04-09T23:52:20.836901295Z" + created: "2021-04-21T15:17:43.479475-07:00" description: A quick start Jaeger Tracing installation using the all-in-one demo. This is not production qualified. Refer to https://www.jaegertracing.io/ for details. - digest: 13b38c2242fa109a77d00cadb23347feac25ada3de37ec54f49bf0421d379b7b + digest: 96f1e9f82f4082461fca26d066ef79b477295546d46485e6b31ea7a01afc9522 name: rancher-tracing urls: - - assets/rancher-tracing/rancher-tracing-1.20.100-rc01.tgz - version: 1.20.100-rc01 + - released/assets/rancher-tracing/rancher-tracing-1.20.100.tgz + version: 1.20.100 - annotations: catalog.cattle.io/hidden: "true" catalog.cattle.io/os: linux @@ -8980,15 +3305,15 @@ entries: catalog.rancher.io/release-name: rancher-tracing apiVersion: v1 appVersion: 1.20.0 - created: "2021-04-08T21:20:13.414610431Z" + created: "2021-04-21T15:17:43.479089-07:00" description: A quick start Jaeger Tracing installation using the all-in-one demo. This is not production qualified. Refer to https://www.jaegertracing.io/ for details. - digest: f571aec5860233bd1d2e163d37b3cf8a54b19aaf29774a921e53f2559dab022e + digest: 509c4d245fb245157d16b643f55aa9437cbfe19e087326b0f609cae58d0b5499 name: rancher-tracing urls: - - assets/rancher-tracing/rancher-tracing-1.20.100-rc00.tgz - version: 1.20.100-rc00 + - released/assets/rancher-tracing/rancher-tracing-1.20.002.tgz + version: 1.20.002 - annotations: catalog.cattle.io/hidden: "true" catalog.cattle.io/os: linux @@ -8997,49 +3322,15 @@ entries: catalog.rancher.io/release-name: rancher-tracing apiVersion: v1 appVersion: 1.20.0 - created: "2021-03-04T09:47:45.138598-08:00" + created: "2021-04-21T15:17:43.478719-07:00" description: A quick start Jaeger Tracing installation using the all-in-one demo. This is not production qualified. Refer to https://www.jaegertracing.io/ for details. - digest: d20f48b0bec89328b18304896c3185a3d08b81ce4c09857aa07f4151e2d21375 - name: rancher-tracing - urls: - - released/assets/rancher-tracing/rancher-tracing-1.20.002-rc00.tgz - version: 1.20.002-rc00 - - annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: istio-system - catalog.rancher.io/release-name: rancher-tracing - apiVersion: v1 - appVersion: 1.20.0 - created: "2021-01-15T00:11:30.562327-08:00" - description: A quick start Jaeger Tracing installation using the all-in-one demo. - This is not production qualified. Refer to https://www.jaegertracing.io/ for - details. - digest: bf9ba6be02c6275ca6a3d850d6be8f012233d62f1614173bcf3e95ff84e9c7eb + digest: 1a64b24b3b320407191918acef460ceceebb462b01b7a820568e81a81f89e8b9 name: rancher-tracing urls: - released/assets/rancher-tracing/rancher-tracing-1.20.001.tgz version: 1.20.001 - - annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: istio-system - catalog.rancher.io/release-name: rancher-tracing - apiVersion: v1 - appVersion: 1.20.0 - created: "2021-03-01T16:56:35.108494-08:00" - description: A quick start Jaeger Tracing installation using the all-in-one demo. - This is not production qualified. Refer to https://www.jaegertracing.io/ for - details. - digest: dd999b5d6d78ace23520222e1d80c8e3b8298461a15e726bd41ee4eb58068d46 - name: rancher-tracing - urls: - - released/assets/rancher-tracing/rancher-tracing-1.20.001-rc00.tgz - version: 1.20.001-rc00 rancher-vsphere-cpi: - annotations: catalog.cattle.io/certified: rancher @@ -9049,9 +3340,9 @@ entries: catalog.cattle.io/release-name: vsphere-cpi apiVersion: v1 appVersion: 1.0.0 - created: "2021-03-04T09:47:45.138966-08:00" + created: "2021-04-21T15:17:43.479834-07:00" description: vSphere Cloud Provider Interface (CPI) - digest: 092bf7a60582eb190c1212699a9c277e01974d03e78e2121ecf8f6c460e36df7 + digest: 932e0f16481f28b34d4dd991323da85da272f3d5d4cce28832a7442d4f2ca1f7 icon: https://charts.rancher.io/assets/logos/vsphere-cpi.svg keywords: - infrastructure @@ -9062,8 +3353,8 @@ entries: sources: - https://github.com/kubernetes/cloud-provider-vsphere urls: - - released/assets/rancher-vsphere-cpi/rancher-vsphere-cpi-1.0.000-rc01.tgz - version: 1.0.000-rc01 + - released/assets/rancher-vsphere-cpi/rancher-vsphere-cpi-1.0.000.tgz + version: 1.0.000 rancher-vsphere-csi: - annotations: catalog.cattle.io/certified: rancher @@ -9073,9 +3364,9 @@ entries: catalog.cattle.io/release-name: vsphere-csi apiVersion: v1 appVersion: 2.1.0 - created: "2021-03-04T09:47:45.139518-08:00" + created: "2021-04-21T15:17:43.480358-07:00" description: vSphere Cloud Storage Interface (CSI) - digest: 99cee0399a41911b91f24ebecf94bb88ebdfbe3d82503add88afb5885ed4d1b9 + digest: 20bfaa758a97b0b89c51fefdf70d048a7e06b576932435ac03fc045a295c0535 icon: https://charts.rancher.io/assets/logos/vsphere-csi.svg keywords: - infrastructure @@ -9086,8 +3377,8 @@ entries: sources: - https://github.com/kubernetes-sigs/vsphere-csi-driver urls: - - released/assets/rancher-vsphere-csi/rancher-vsphere-csi-2.1.000-rc01.tgz - version: 2.1.000-rc01 + - released/assets/rancher-vsphere-csi/rancher-vsphere-csi-2.1.000.tgz + version: 2.1.000 rancher-webhook: - annotations: catalog.cattle.io/certified: rancher @@ -9097,28 +3388,13 @@ entries: catalog.cattle.io/release-name: rancher-webhook apiVersion: v2 appVersion: 0.1.0 - created: "2021-04-19T22:35:25.814804748Z" + created: "2021-04-21T15:17:43.481506-07:00" description: ValidatingAdmissionWebhook for Rancher types - digest: 3fb6016b78780b67ebb7a0eb1d9b3a269cbc97c7d079f3b918bc399e299e6392 + digest: bbf5c7240ecea194295dc15a541192b0c9484269314ab02bc4568b25abc1aff3 name: rancher-webhook urls: - - assets/rancher-webhook/rancher-webhook-0.1.000-rc02.tgz - version: 0.1.000-rc02 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-webhook - apiVersion: v2 - appVersion: 0.1.0 - created: "2021-04-12T19:25:21.650416035Z" - description: ValidatingAdmissionWebhook for Rancher types - digest: 83431cb23bac72a8513a5bc10c5d864eb1ba93e7ebf93e38fdac4a108dd3a1c9 - name: rancher-webhook - urls: - - assets/rancher-webhook/rancher-webhook-0.1.000-rc01.tgz - version: 0.1.000-rc01 + - released/assets/rancher-webhook/rancher-webhook-0.1.000.tgz + version: 0.1.000 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -9127,13 +3403,13 @@ entries: catalog.cattle.io/release-name: rancher-webhook apiVersion: v2 appVersion: 0.1.0-beta9 - created: "2021-03-04T09:47:45.139761-08:00" + created: "2021-04-21T15:17:43.481275-07:00" description: ValidatingAdmissionWebhook for Rancher types - digest: 6eb969054035ae7a3501d3e08b4a2d70ab38203e62fa5efbee16347fed34f653 + digest: 0d9ac76eff2b6e937e3e15970cd0192acff99a31aa1afa14941029088dc32f76 name: rancher-webhook urls: - - released/assets/rancher-webhook/rancher-webhook-0.1.0-beta901-rc00.tgz - version: 0.1.0-beta901-rc00 + - released/assets/rancher-webhook/rancher-webhook-0.1.0-beta901.tgz + version: 0.1.0-beta901 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -9142,28 +3418,13 @@ entries: catalog.cattle.io/release-name: rancher-webhook apiVersion: v2 appVersion: 0.1.0-beta9 - created: "2021-01-15T00:11:30.563834-08:00" + created: "2021-04-21T15:17:43.48106-07:00" description: ValidatingAdmissionWebhook for Rancher types - digest: 7e1a1ba8b4b83740d5b301cd81cd48f5ecd9a0bc7bb2ea8f5f021a22c294cc57 + digest: 8881f7cf8b50e3b48a967ce8af477c96f986d42d3c1f4bbb8c0bfc09202d23f4 name: rancher-webhook urls: - released/assets/rancher-webhook/rancher-webhook-0.1.0-beta900.tgz version: 0.1.0-beta900 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-webhook - apiVersion: v2 - appVersion: 0.1.0-beta8 - created: "2021-01-15T00:11:30.563574-08:00" - description: ValidatingAdmissionWebhook for Rancher types - digest: a1ce80a2a1b6915ab379624ac2cb49e1ce27a550951dc88b8f3e5668f792e0b5 - name: rancher-webhook - urls: - - released/assets/rancher-webhook/rancher-webhook-0.1.0-beta800.tgz - version: 0.1.0-beta800 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -9172,28 +3433,13 @@ entries: catalog.cattle.io/release-name: rancher-webhook apiVersion: v2 appVersion: 0.1.0-beta7 - created: "2021-01-15T00:11:30.563321-08:00" + created: "2021-04-21T15:17:43.480832-07:00" description: ValidatingAdmissionWebhook for Rancher types - digest: c7f3d94a86a1960a3bb477d5fa7ec1ce2cda1071f8f221fb7a215a0892b31ec2 + digest: e185c6765de0bb0694d6d12e16c2dcce7f4c785125e614cf6c0020e5982d5f0e name: rancher-webhook urls: - released/assets/rancher-webhook/rancher-webhook-0.1.0-beta700.tgz version: 0.1.0-beta700 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-webhook - apiVersion: v2 - appVersion: 0.1.0-beta6 - created: "2021-01-15T00:11:30.563072-08:00" - description: ValidatingAdmissionWebhook for Rancher types - digest: d0715c2f02663a29a0d98a27aadd7383c2d90c0507e9e7ce8768e0030240c15c - name: rancher-webhook - urls: - - released/assets/rancher-webhook/rancher-webhook-0.1.0-beta600.tgz - version: 0.1.0-beta600 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -9202,28 +3448,13 @@ entries: catalog.cattle.io/release-name: rancher-webhook apiVersion: v2 appVersion: 0.1.0-beta5 - created: "2021-01-15T00:11:30.562811-08:00" + created: "2021-04-21T15:17:43.480599-07:00" description: ValidatingAdmissionWebhook for Rancher types - digest: 748ed52b1d17cff221fb5609bb230467f0a16faf5130122ece6781841c2d569e + digest: 574407c23b5827bd1d4d4f20609a5dc9d4558d6d29ef179093288a4a730ab8c2 name: rancher-webhook urls: - released/assets/rancher-webhook/rancher-webhook-0.1.0-beta500.tgz version: 0.1.0-beta500 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/namespace: cattle-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-webhook - apiVersion: v2 - appVersion: 0.1.0-beta3 - created: "2021-01-15T00:11:30.56257-08:00" - description: ValidatingAdmissionWebhook for Rancher types - digest: 498aabf4bb200fca9d3a66be7d0606701a6be62208776effc83c894e576ed748 - name: rancher-webhook - urls: - - released/assets/rancher-webhook/rancher-webhook-0.1.0-beta300.tgz - version: 0.1.0-beta300 rancher-windows-exporter: - annotations: catalog.cattle.io/hidden: "true" @@ -9233,92 +3464,17 @@ entries: catalog.rancher.io/release-name: rancher-windows-exporter apiVersion: v1 appVersion: 0.0.4 - created: "2021-04-14T00:36:29.86189476Z" + created: "2021-04-21T15:17:43.48191-07:00" description: Sets up monitoring metrics from Windows nodes via Prometheus windows-exporter - digest: 1bf9bd8fb9e8171ea24f5b6321cc16c538f8dc94fa161c9044a033c6452d3089 + digest: 5581e9e756f86bf5fb9e47b4687fe502d43b8f22f0fcad38ea8b6e379caab5fb maintainers: - email: arvind.iyengar@rancher.com name: aiyengar2 name: rancher-windows-exporter type: application urls: - - assets/rancher-windows-exporter/rancher-windows-exporter-0.1.000-rc04.tgz - version: 0.1.000-rc04 - - annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: windows - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-windows-exporter - apiVersion: v1 - appVersion: 0.0.4 - created: "2021-04-01T17:13:59.568391312Z" - description: Sets up monitoring metrics from Windows nodes via Prometheus windows-exporter - digest: 22e1e05ee50870cc705e4e31d763994188d97219d50ebebab60de4d97a9d393d - maintainers: - - email: arvind.iyengar@rancher.com - name: aiyengar2 - name: rancher-windows-exporter - type: application - urls: - - assets/rancher-windows-exporter/rancher-windows-exporter-0.1.000-rc03.tgz - version: 0.1.000-rc03 - - annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: windows - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-windows-exporter - apiVersion: v1 - appVersion: 0.0.4 - created: "2021-04-01T00:24:29.187539249Z" - description: Sets up monitoring metrics from Windows nodes via Prometheus windows-exporter - digest: 64b9687f927aa8b2dfae478f739536e86319a50462a59a9aa4975803564b3163 - maintainers: - - email: arvind.iyengar@rancher.com - name: aiyengar2 - name: rancher-windows-exporter - type: application - urls: - - assets/rancher-windows-exporter/rancher-windows-exporter-0.1.000-rc02.tgz - version: 0.1.000-rc02 - - annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: windows - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-windows-exporter - apiVersion: v1 - appVersion: 0.0.4 - created: "2021-03-29T19:11:34.137176752Z" - description: Sets up monitoring metrics from Windows nodes via Prometheus windows-exporter - digest: f00af930f333b1458152ac6befb0a68f33112a54d5cb8aca6777436f342f50aa - maintainers: - - email: arvind.iyengar@rancher.com - name: aiyengar2 - name: rancher-windows-exporter - type: application - urls: - - assets/rancher-windows-exporter/rancher-windows-exporter-0.1.000-rc01.tgz - version: 0.1.000-rc01 - - annotations: - catalog.cattle.io/os: windows - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-windows-exporter - apiVersion: v1 - appVersion: 0.0.4 - created: "2021-03-15T17:53:22.571790878Z" - description: Sets up monitoring metrics from Windows nodes via Prometheus windows-exporter - digest: b90e452266b18882787703a371ff4ac135b51439d022e9e75370f17c7076fc69 - maintainers: - - email: arvind.iyengar@rancher.com - name: aiyengar2 - name: rancher-windows-exporter - type: application - urls: - - assets/rancher-windows-exporter/rancher-windows-exporter-0.1.000-rc00.tgz - version: 0.1.000-rc00 + - released/assets/rancher-windows-exporter/rancher-windows-exporter-0.1.000.tgz + version: 0.1.000 rancher-wins-upgrader: - annotations: catalog.cattle.io/certified: rancher @@ -9327,37 +3483,18 @@ entries: catalog.cattle.io/release-name: rancher-wins-upgrader apiVersion: v2 appVersion: 0.1.0 - created: "2021-04-14T00:36:29.863069235Z" + created: "2021-04-21T15:17:43.482314-07:00" description: Manages upgrading the wins server version and configuration across all of your Windows nodes - digest: daba3847de46b2af85db462d2f01f43a5d02cdf19ad8377c3966ea8afc1199d6 + digest: cdc33b05d156e0675fc5a4e19b6839a04945e45c31ea89a0837243d14fbe16f3 maintainers: - email: arvind.iyengar@suse.com name: aiyengar2 name: rancher-wins-upgrader type: application urls: - - assets/rancher-wins-upgrader/rancher-wins-upgrader-0.0.100-rc01.tgz - version: 0.0.100-rc01 - - annotations: - catalog.cattle.io/os: windows - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-wins-system - catalog.rancher.io/release-name: rancher-wins-upgrader - apiVersion: v2 - appVersion: 0.1.0 - created: "2021-03-15T17:15:15.620518014Z" - description: Manages upgrading the wins server version and configuration across - all of your Windows nodes - digest: 02c0c5e64d4bb535220c4a0027c30519663c94ac3b0c02062628073df8b8457f - maintainers: - - email: arvind.iyengar@suse.com - name: aiyengar2 - name: rancher-wins-upgrader - type: application - urls: - - assets/rancher-wins-upgrader/rancher-wins-upgrader-0.0.100-rc00.tgz - version: 0.0.100-rc00 + - released/assets/rancher-wins-upgrader/rancher-wins-upgrader-0.0.100.tgz + version: 0.0.100 rio: - annotations: catalog.cattle.io/certified: rancher @@ -9369,15 +3506,15 @@ entries: catalog.cattle.io/requires-gvr: networking.istio.io.virtualservice/v1beta1 apiVersion: v1 appVersion: 0.8.0 - created: "2021-03-04T09:47:45.140116-08:00" + created: "2021-04-21T15:17:43.48309-07:00" description: The application deployment engine for Kubernetes - digest: af6a84abcd481d2653db91960a69c9e235b619834cf81d0dfbd0f6c5427b7460 + digest: 8baa5c330cc152b3d3d87f918ed3ff96b927efad412f4b97bd7db90445e28602 home: https://rio.io icon: https://charts.rancher.io/assets/logos/rio.svg name: rio urls: - - released/assets/rio/rio-0.8.001-rc00.tgz - version: 0.8.001-rc00 + - released/assets/rio/rio-0.8.001.tgz + version: 0.8.001 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/display-name: Rio @@ -9389,107 +3526,13 @@ entries: catalog.cattle.io/requires-gvr: networking.istio.io.virtualservice/v1beta1 apiVersion: v1 appVersion: 0.8.0 - created: "2021-01-15T00:11:30.564203-08:00" + created: "2021-04-21T15:17:43.482694-07:00" description: The application deployment engine for Kubernetes - digest: cec586f9ef5202b6030e1fbab082ef45c740ba749f4358f03ce3423acb310663 + digest: d58ca3b147627fec6d5f4b99fae680f97edaed98967f1fc1914a537dede0d897 home: https://rio.io icon: https://charts.rancher.io/assets/logos/rio.svg name: rio urls: - released/assets/rio/rio-0.8.000.tgz version: 0.8.000 - vsphere-cpi: - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: vSphere CPI - catalog.cattle.io/namespace: kube-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: vsphere-cpi - apiVersion: v1 - appVersion: 1.0.0 - created: "2021-03-03T21:20:36.729288-07:00" - description: vSphere Cloud Provider Interface (CPI) - digest: c989b10ab34b891887a3a1220921181aa3e357a1b1917ba2522848050fdab62a - icon: https://charts.rancher.io/assets/logos/vsphere-cpi.svg - keywords: - - infrastructure - maintainers: - - email: caleb@rancher.com - name: Rancher - name: vsphere-cpi - sources: - - https://github.com/kubernetes/cloud-provider-vsphere - urls: - - released/assets/vsphere-cpi/vsphere-cpi-1.0.000-rc01.tgz - version: 1.0.000-rc01 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: vSphere Cloud Provider Interface (CPI) - catalog.cattle.io/namespace: kube-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: vsphere-cpi - apiVersion: v1 - appVersion: 1.0.0 - created: "2021-03-03T21:20:31.221637-07:00" - description: vSphere CPI driver - digest: d78e5350401a9ae6ec67c160b4e7776eebda56a46756b0e6a38c9a2cc913c194 - icon: https://charts.rancher.io/assets/logos/vsphere-cpi.svg - keywords: - - infrastructure - maintainers: - - email: caleb@rancher.com - name: Rancher - name: vsphere-cpi - sources: - - https://github.com/kubernetes/cloud-provider-vsphere - urls: - - released/assets/vsphere-cpi/vsphere-cpi-1.0.000-rc00.tgz - version: 1.0.000-rc00 - vsphere-csi: - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: vSphere CSI - catalog.cattle.io/namespace: kube-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: vsphere-csi - apiVersion: v1 - appVersion: 2.1.0 - created: "2021-03-03T21:20:56.760876-07:00" - description: vSphere Cloud Storage Interface (CSI) - digest: 2a7e01ac4e05b4224c077c438e5e9a292840040659830ec7d8f9a07829c5b873 - icon: https://charts.rancher.io/assets/logos/vsphere-csi.svg - keywords: - - infrastructure - maintainers: - - email: caleb@rancher.com - name: Rancher - name: vsphere-csi - sources: - - https://github.com/kubernetes-sigs/vsphere-csi-driver - urls: - - released/assets/vsphere-csi/vsphere-csi-2.1.000-rc01.tgz - version: 2.1.000-rc01 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: vSphere Cloud Storage Interface (CSI) - catalog.cattle.io/namespace: kube-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: vsphere-csi - apiVersion: v1 - appVersion: 2.1.0 - created: "2021-03-03T21:20:53.303412-07:00" - description: vSphere CSI driver - digest: 42dae1c284c3c79b3c168f01841d0337f0b9d2bf703167374a184341e7d2bd09 - icon: https://charts.rancher.io/assets/logos/vsphere-csi.svg - keywords: - - infrastructure - maintainers: - - email: caleb@rancher.com - name: Rancher - name: vsphere-csi - sources: - - https://github.com/kubernetes-sigs/vsphere-csi-driver - urls: - - released/assets/vsphere-csi/vsphere-csi-2.1.000-rc00.tgz - version: 2.1.000-rc00 -generated: "2021-03-04T09:47:44.970939-08:00" +generated: "2021-04-21T15:17:43.269849-07:00" diff --git a/released/assets/README.md b/released/assets/README.md new file mode 100755 index 000000000..ccf5e5bfd --- /dev/null +++ b/released/assets/README.md @@ -0,0 +1,3 @@ +## Assets + +This folder contains Helm chart archives that are served from charts.rancher.io. \ No newline at end of file diff --git a/released/assets/fleet-agent/fleet-agent-0.3.000.tgz b/released/assets/fleet-agent/fleet-agent-0.3.000.tgz new file mode 100644 index 0000000000000000000000000000000000000000..ab117189dcd8a2b1de825d6cdda65505fb9be4e8 GIT binary patch literal 2162 zcmV-&2#xn2iwFS0;@n>V1MM4KbK|!0p7|><>}0O(m=yJ$(VOeLWSsgO&)LmO)A2wg zD4_-kmH_RjivD{S07;P)ZQc2FQf|t9FezYnvG~|e!XYC>I(R{1*?aSq!1KK6c#QOO zGSN?OFfz{^P=7d`O#2f+>?5x~n)XL;(D-W!RE11PoPsC;k7G)3fFse02WVmV0-t;y zRGDTxgCS7J`3%i*x|NM84|(~nSjb{LC4~^&r{Fx$6O~KLpkBVKPObF+ zP4XwAg)#!G--d(kyxs;4ZJfY0OH9js%ZWsN@`Cs&cxcPS8y_oO*UgZmU{J&+FyM`j zL{Px>s)75D7v`kFI`JoUaHSePiy09Dt#}55W5!l`uhG*I;t18KW*Bh5v}go&P@uR1+r1mPGHd zZ#~c$vb}fZ8L%QEVPPazHe)xf5ef0NEdwLvgDEkVCBo8QUggdNX#oDsT&_5BIZb68 z1*}Hi$^eGVhgXoh1DH_J;y^I)xaHvF@?W2Scz=6ye(}ESLB`AekV24AX#_7w2?GNh z)?4%T8!VTzQf{|&OeL;~uh84|x|}Prjd{KgjD5b(oz==lF4}C?Yxfruh-+GRYoa%s zS+f)D^Jeq59IY)~)@uZj2KC9g@AE8{yKdyvr?7)lLA(72RiJR7$zgKAz4m`NYTEzd zbkN!VW59Y%LlhI_<{_qA#-gaSGVjlF(n|BnIH_+Rfj&g7D(^uM}3;y!#Y)F+NIDY!88k&m2_m$QPr zgyB@1QbmJEDQ*SER~DR`Fpq}B+QXDJUlLf*`8wva^1lvuYxn{~MAky>N!pZ7rm4P0SFgd~$=#VaLUTjc?cg zJYT?u`IlOPecylk-k_oXgGs;B|D!K-%3pVZ&ig#&x_f6|QqM^mq>{~iUJ zxpcnskmBy-(ATExMxTk6$RM{Hjy^5wZ!-b?q>6I!IWOVCZSg@7t(EHsnNlM1LV#`| z%?5K`?^a1sK)5tC`u)9mJ@tzJvEaG`c483=x9HE>`3e>eUgkEYX3|BnGp|36ndzxDY)@p;RE z*T*9-QVXoqss3LikfK8Z8M$KFTXOzj0|gh-$v>T*nO|A5NO3@R(VYPNz9f!u=0L0) zMdtg21SB{^a}x5DIJy~BQjc544fPvE)yqNqF2NWqh!NmGNE79#pyyHl$IElKi_C)P zMW|i)u|Ma+PctdXZ(vrg{vdt#=Q%uy7pN$Elrr38j1{xkC2gQ=iz{lHQH0gz|I^L~ zu+NaK_guZyt$}LEr=?z_P@4wyV8YFLpm{V o__SD25zn#zz{Bv0MpVvF{~NKo9dyt^2d9Vs0U*U4{Qy1y0NFN6<^TWy literal 0 HcmV?d00001 diff --git a/released/assets/fleet-agent/fleet-agent-0.3.100.tgz b/released/assets/fleet-agent/fleet-agent-0.3.100.tgz new file mode 100644 index 0000000000000000000000000000000000000000..4b0f4f65180523e8ab255b196f698e1753e4b49c GIT binary patch literal 2164 zcmV-)2#fb0iwFP-BAWK)yezT94= zWDvG40&z$r>+|}*UrPcEn8Y&~kG)ezKNt|LR!iz{!TizQB_yTTDW>=>{flhNq;{U1-q+x?%a{hv(6<2R^(ST@?>|9t;(9CL{! z<*}Gq2>DoI#uqMJB_l57J)fkKhLi*|l;YT5lC%|VNrQmIGi1v&BX%oFj3Xiv?2{QX zQYThIlBg9oC5&J}9Mz{l*FxHg&BY8c8fU**IHA9gRKRp*=y3p#N%`1!hpuM@MEEI9 zq;C2_(M2C{45U+ZuIM8N{Yd4{i9lGQTOTuGQD5OMrA)-E*YlN<2sd8~H98i8NYMk9 zxaetCUGccEc3FR{vC{8br{4TGb^V9UNEntx9M}_lzWs+=ue1Nhfa?A~VwMqccn7e@ z{tx=&k=p<9U^pImASiur3IfyF|6>4+VDFXXPf5ZBl{{UQhQ3#~yAm(Js2VeB{R!PI z2}-g#qdxk_$1B7`B%$T+*_@;?0V9IWZ!VD_DOf#}X0W*NLSxj8ZUpO(<^&KWf*}bI ze*YT=J4Ci7mzW0E=g|xVX{fCHttJcugUhiCb`<%9M2N&b4@iKtKo^`{oWGJs7pPx` zh>=htu#j?vs6-STgb-N-qsS#ZG-%#k-6|A87cpSWR|umg!Wepp`BMz6xZ62goL8sd zGguJC4OvhjQ|+0}JS@o{w1?HWS9ngCK$0UI1nMFyowEcw)hO_otz0z#aFP-PK40|% z)^MmgsLmnwB}|oR!ZR2Gg`CgO9H(2}sPd4P?}~*i##3Af!F>wO13gi>v<&LyyXw?R z|KIHXL^M-|VfAb%=$F^qprMTtxMqoIxo>$VQJ=gZehMDiGV#X8%B$;UNKz0eViOqf zMn@tj;Cj`-{l^OKoZ7R5i}km8rb9iArhX{{r|w5j{BYeKL%72CdigV z@6od!XbjojyHW0C#d~M6XNcmt&jAe{^Y$Aom$Q;@w{%P;u8FVE+x5DfE3%Dwz7LFjzR#W2%0@2QY}RY{7ZZrL7>TDa>2d!e>iH| z|KViN+5cm}dQC$V6XfP0rd!6MsI)YByy`ZBRj^eSn6(g7hW?zSfEFVAP9;OSMpmYF zG={Zf43Z5R>%e&%zJI5(DBYG9{Per3X|ngS@fX7fi37M=t@GKXu^U&PYBsx^v`q*y zkD_Na`K>Z-*IrPS1N|qXDbd-X$*|85jsp~NmUH-27*LJ>^{(SgE_q7-tLr1~!}mgc;wY1X3sWEY$QgM# zE67V2PPHjjz0!;kh|V2lb$(2FmgrF3L2v*1R#zbf&r+Y%8o@HnD-D+8IM(a={u?x? zGR&*kcjkF-^^hk8#YA3UM3r53*6(vxO=R)p@H1vNk>38~n6sUbLEwrT}TQ8^or=CFvUjps=@AEjMiwGwN z2?F-%|8O_|8xJR){vQK!x1{&`15T`lJ$PC5i#JAGX6ScE*PGUP)d?~a$X$xO#T4^Y zeqr9)roo=A*OLDvc-+9;Y|gfHAR(#rEWR$;GkaSQD;hT&TjO>4%cnrQ{@*VNOF#@< znH(Sm*sK48X8i9B2BS{@j{)nog8~xL_@%P6ql*GgRh!Ls$KniD>-Wa8TTxBzOuPE; zQJ|Si=Q|H6?oJMUZC>4InP`a&a=YPZX;Ht;1oV?C%Ejlrga^092Sv12t{-?xiO359 zx`i|wjJ)2hlA?fcY5M5<_vZH0EB?oV=kkAbV&+g4zrcAx|3`sFykBVa zi$|p(=$=nTB=$>%egWNt<1MGTc8D}_OwZ!f+YY*ZVQ?Df0e4WV?;Abz>AUAUT%0TX zqAH@4Vo%+0&bd@;kbEO{rd|INb$Fu;1i!QzxUc@d8~=|X0O<7p7|`_pbG7qZpZ^n| zw+OrzkGx1Nuu`Y`zepfOhXgWm#j>~L{K1AETu3MXbb4l0r-7M9OKNP zvu+fb?-LS`;0(=4$W!9zW>85zZW%Y!PZU)T2kkoqW3V7b0D+Ju%27ejqyERsbEk{U zg6Ku49r&?7=fF=hDaub^R*wE4efH-$Jc$>mD0`GV++>Uuv)Jw0K-m^o)HI_AtIhwX zoeyB2AzSacx~W?O)sjz3-8zZ-UH@w1O!7z})N9Fi%4q)zdm3WM={EMiwr9K2g-}B} qF;MulSW$JJWB-AN;T4UjoFVTUvAP{}&_M^MhyMZc=6V4DJ^%pr+dr)U literal 0 HcmV?d00001 diff --git a/released/assets/fleet-agent/fleet-agent-0.3.200.tgz b/released/assets/fleet-agent/fleet-agent-0.3.200.tgz new file mode 100644 index 0000000000000000000000000000000000000000..0ce284876a7329a8f2166ae13a4aefde75860446 GIT binary patch literal 2120 zcmV-O2)FkiiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI@bZ{xTT&$IrDfr7)fMWo0dNe+5TvwMfV=C(nycQ3tSK}%zq z4MnOX<(#Yfe=kT%vMg)k{YaBr!1G{BivP6H7g_9grK@yC? ztva<*8uLM3p<-Z^m%k6zN@PeB21a9}%r0S%6!ce=iV7aXa_o_!XkVjn5{|tTRU&Dj zZP5=#5`HF}WGLa%Xn+8Ir26lL0;1tAAq+j57~X}}g^Ev469WlYew{)W!djuoBhNJAgg-A4g}?KK{?A2mC(^(VS#xkT0E$ZZm&ViK`#*gR?bjz)TrR{<}E0cOOzl> z&MD6<$2RElQfZhWDAce(iQX~1`JLni!wuxn6@-b%zQ3YJT306hqb)dWQI(E7C_R}{OOKx zSqQ$ZL2$MTO#>?+5`hbCp65HZY%+}K8qhkX0G8OWwR zV}(*8p+qA*P`&UR>)Y4euC@NZFaChmC}*&FcN%QvyG_s-(v%3U32o=C7E;@tSC~lD z%5(ANwo~=4ACejcO>FXx;l{=qNQE7>WI=f5R@w}icrXiBo90W-P$^i65+oAFR(7u8 zVL`MlG(AiO<(WshM#%{?sB_Kin9)YY+%CcN)&;zGJ0Zo(n3y?LEWKBrkuiYM6&?8X12pZ}jv zqR|2W&q4Q;r!idF`Tm&{+Z*VSm!l>r(Zpm6yBpf3#x0i^{u|h&p|ZaKRn_$vF0q95 zx~}zIfge|u7C$M$dz|a_$wrSs_eQeGF8$cAsz$0QT(5o0w?5=6pFqR-PqAQPl_P(W z`BE>vj$7@dB#A#O`H~VWNd}JBys?WN}?@ zCLL}`QEW>BG)u0Q>9k{rZHW&m0BD*wRBs1Swn8Q`SZ*`~wf*lde|~d!b9wcqtpT^o z{y~a7?i2#dDYEny=i8-q`3=#FxV1ZMH>NGGJ70lURn_+Okwhzm^?KvctZca1qOI3) zzfzNIy?)iUwmUhlT%laj1TT|Blw9v_BVT$I9_XcL*#C3X4?^C5CH}d+Jec1v ziw1l1zw`07{~wR0le2^We+~+QU@PaVXP)vby#HQ>RBQsmJ6CmM*Tg_fsNGp$SBv?r zYwDA&s%jIw<^(M49e)8WWg8c%wUf-_@tV`cI8THVSstpz=|YHmKZZgm9Z;?`VeG`cl|?2=io5JViVQUd4$OWGwosKx zf|z1@0yCToiGeLnB-(aczpNs!}`XcmNaUd}kZrTyalvFy?fh#iEjgwOw+ zgs*=nR-eFkQa`Y{-^chg$)MTxwl>_9j5WR3745NXHrJ+`c}~pa|HH2v@K3gtk0;ZE|9=kZ`hGj>q|^%`>3^(O-N^y3 z-1pI2!SL}@f%+3>&@GZiN|wwdX919c{wPIR)S23=zr3=y5R@oof?I`4l(SBO*N<7B zXZK$zPbts7%=}?VhwbXr?gFejA3pPD;9?-x{oy(8aV?X8b}Fa^r(#mUX}&F>TtWy|U- z{kE>_Ui`gg{Mp%oJYBCnZ?HeRI(F|>zEp2^Eg9;N(1XcL*JyvMf+~>s?~+Qiw}agc y>k}Y6gDc zVQyr3R8em|NM&qo0PI@bZ{xTT&$IrDfr7)fMI?X5Ip{6T?j81;+Xl(rz4VF&EsbS1 z6seMwbFS+Dy&x&cvaF5wBTa4r&x0+IGsEG>Z)Qkw!4P#oQsjDYwIou9Ym%{(C#B(V zIGjzV_J24WcK?Ux7w0FV$;HLRWO^|f%}$1+$#isn0>h^@qn`?;i98v8bz9xeeIrCT z7n*1)xQaZ0m}tU88pcFxh9MP$7^S8Qib({L@OX)`mu*Rt1bGC$mIeB~ESzMhauQ<% zZq=!^(wOz~3KapPy!gGhRw6^9FfbZxWp)XBB&WZkR8;T?R%4IkdGk69C*j0PP{oqw z+7|s_B;jYmNs1CKjRpwdN2>pxD^;&cJV)(9`XMyL^G12LB7OX zD5`~AH$We>7cYP&X#^_=BkvU6FA?%$&S(t3++KrNfLD7)%pJV&afz&a!g>p z1_BSr7~FI5z~SmL-1gz>vfYK46-paxFr`XM>zQ3YJT306hqb)dWR6UM7C@53{OOi( zkqf@7L2$MXO#^En5`hbC}^q zV}(*8rbHt=P`&gV>)Y4ut~LI@EB=7iC}*&FcN%QvyKT_u(-aG?32o-B5>mUJR~Spw z%5(ANwpI168!| z!)rT&0QbclW6d06AL=UxTkkMG3P<0Evp+((I?@wUJN|3Taz-?&!G|TX9Hk0%{sgJO zq5OX`9(LmY`NhTb82_Jx$})fi7nCFT&TD)~oZI+N`Oviw!DizbM!JCTSC=F@zfV%O&M{0sePt;D3<xaAVTe*>E|l=c^(EZZK#C6=(+ zRJFb<@T0QS;wL3|hjX(z+v+js-b&Wlr62iaSxeQ0n~iVzHphJB6R02m3Fb_!GvrTl z9C!f#qv3GY#sB$uc*Os6P#fEFUO?p-+r11jjJ1$%XOR&dFR!c3 zq{A)A^Ib`RddXEXt#%Bt9r0cT0Cn?*s_h`kM#v-vtF4Bhvj5%X&u{K-F0bA+HQ;vH zKS+^9twMkWMV8#+Vz;y^zae@VHFk&1#=wB7`hJ~bRr=P+*ylIy z@uf%nk463X&rR@d;!_nph>ISd?*k6ye|zUY~P#6DmGxJ-_|0L!;NVm%) zsE(?M2hjP74B#)3WuaOQmO|Y75#&PYfO4e?V`uKI$WuuY+-DCGWT-K4VD=-hg{p{S z!~~NwnBzi73~X^M(YD+8jopm0og5xYf*hAbvmmtda>nVc>=*BkWtVP1>>%tUeE#Po zeBDE_>IA-(`hm^;KE|g>3iYv>Ai^8_7gIhX1eI z@$J$f{EvoR{9jDYkMaLmsDuCB*z)-C|4aAaNMA$!_+Jr56Qc2HGJu2m|Ni&?(d2mk z`z%zJbO9V;KRNuQ)7r9x1)&W7RNwJ=zoZK69r@;JZ*}a02~ch?PHwMney4yaTUK4^ zw{>mz;vY2Q&(03y$!6nuz5UtOv45}frFye(NneMA?oDReM*BMzRDr~Q7gVCX9qevc yp8??sWI}0R^d8w72vee+4EgQ0UwUmG=}1R9(vkju^uGWA0RR7p(uSk}IsgC#q&SZN literal 0 HcmV?d00001 diff --git a/released/assets/fleet-agent/fleet-agent-0.3.400.tgz b/released/assets/fleet-agent/fleet-agent-0.3.400.tgz new file mode 100755 index 0000000000000000000000000000000000000000..fb2d54a67964877ecb78ad887d5cd68d4570e257 GIT binary patch literal 2281 zcmVDc zVQyr3R8em|NM&qo0PI?CZ{s%7&ue{(fr4V6=MX7!;y8ug<+9siduc96wgnDtv7n`q z%`-)+B<0lS`nw-UO0p~~ad$VH>>fNX{AV~b98&zv3@K&|Q3qs#TpwRfiPYhO%;Jy+f zoC{4f6plJI1TvR7V!$_f<&qrCj1w^brTqA)NPYh!i^d!(R0qf}Jz80IG)DT?NA6rP4dFGZC| zT4>Aq&S=7qgp&zMxG)wVfbXgPXQ6;-xJw8_k0wTTs&%2_JAd`R?k@h$uSY zn8J7g1n!YBm~nB>;qoF}kKyv7J%ognN*ix*LY0;_GP`kjTFh*OwX#=aj7)(RK+@EF z>6UU?2)=1SaJC3d2MZt)feUT)Fa?qs1*4piM2FrXvxZ~u5FisGhB1+A->8X@Z(r9F zS@&nWP)a0}XoP#Jr=Ami`?@`}CjNKT@6kHt95(-*1>1PNP8xld62Ud0&2y`i)aKw7 zCK9#sT)w$&HC=a8Qf;8lP2M5g*jxjtu(Os-37@!?Hby4y&BE2D`;s$M3KpUSiG;C* zeb#V4CE7C02vb4%#G_oJ*H&Wq1qKi?22-JSA*)0f|Y=6cQJ4f4!#XXUqbr+WNPPsjd{U{Ms@stimX7X zLR~yTDX^>lKRt;$`Ty*EIN0a^=b+^>fD|*z5qyV|_o;))`znSmd; zhAS*#wW?Zu$MECjQi~sy;2p`;>S%4ppnI)ZSC@Y5FPF7e&0MWqeX#nU$j_gf`tiRm z5}zUf?7;uv^!%iY|Ka%_|Ib2gypy6($Mb>bV#4e7M&a=&pbAXvUS?xEkQ1Fuud2MM&uD2wsRordV zWU^YlYI@s#IF7GS&S`=dNg_(Fx3`gXoDJ;Wy9vbW4Pw~dP&R>hYhzbi(c)huXAr`l zz$s77zVq9)T3xPfFdpi7V{6-JY;Qk5xa*fj-j_lB@t>o<7jpK#5R4{^_k=NVZ$3XR z8|LW%~w5n$|vFMTYHkzB!p|%bYs^iZ7Iu!m3@qz#UWl}F8b$d;qOy@Da2)J1+02z>j@&5zA!U^vyV%+H`O zpUYo;QfiSKfxC@aes~)w z#R@Pc$xLL~70s!RVekaGtUvzCF-e~89>A{nZ+>^q|IODv{yzh?W50dsq|{R(>3=Lj zwrapj_kQ$NFns(}pn8QFv{}+<$kEC5o_@1-bJwEHzwLnoU^nUS9=d;I^}m* zy+sb27`j?{{rGop%%3U(?ArgGop#Uv&d$!y_V|Ae>YVr2fOzz(guh&lM?>UEllmSJ zcXdh6ZH_G?T^XlY-+I{+w+&9Fb026+wB6p(u(xj>R=B({@-^ZND0ak+u@KtKLGhLB zGathLr|tMQX&3$nQ5XN`r-Oa|e-`TCzc;r$e*FK^BiPfYP(S|Xgwd2}e3}YiXZ^qZ z{y#e3pZ`7!EtfO{j<8)E{-x8}Bj#%Kai)ZmFM-2XWPd1y~>vw&9*0f0}{Hom}xuhZ!}N^5`QnL zM0-2f-LO8gcSCcbG%z|twgAGEXct3%yYH7?n|s>Rp7yk-&qx0a00960FY5z%06G8w D8nSp* literal 0 HcmV?d00001 diff --git a/released/assets/fleet-agent/fleet-agent-0.3.500.tgz b/released/assets/fleet-agent/fleet-agent-0.3.500.tgz new file mode 100755 index 0000000000000000000000000000000000000000..ad3b3c698fa76ebe36fbf285a200ea194be639b4 GIT binary patch literal 2316 zcmV+n3G?Dc zVQyr3R8em|NM&qo0PH$#Z{s%7`K(_tP*Cji93n+_UR>x~F1szZm*#?GTj0i<&;PrE=bM}o)n@e ziq20@?SB+S-T&xpbapT}jZUM%a5#uY2hrf<trS9fq<2@uYO zCYlPaVhp|LAR%$dD)ujKo@)HDQkw^kVFpsh=#j_F!X3*Xs22iDn33=jFYIanhT>1Q3|y>W?~}L zu~jBi^NF{u+YaoczSG?~OOx3(L|A1rUkAg*JSc0?7=6Va`aRL+_AT!LfG;kO>jPn8>wm)I`a* zuj`4d`!iZ7B@#+B!adbf&yl`;-5y$#1G?<@Xq9pbn|CL{HeRn2N1voba7}2lZWWW- z9K6CrqE?>EIk&B*>uy@A1=RV;JA@mXZy*(R){-gV6K82-Wa8c!t~TA5oS{;%5G6ul1?3Zua*dJ`W<1Yzv!zCp9dm1f>8(q8*IQ|&o)D4Z9WqR`kU+RG z2!?Km3Nqmq*m6LM1rv+hFk3-3^BGmzGGbV+jMuNF#PG{+-mDyBqS+R;2LLc@JfNGz z+hQzf05e>~&`$Xl4ZrBP*xz514fMdvQInKtV$=Or&CU&8kKi-&&yUl)i^5de1h|KMaa?E3%dXz%~e z0&RaMMWK%81JA{T*XvEf<555rnAm;H##SIFI+oec z0s!jn4OCk}lns+94CZSIL8bro#gA|9ZZ0n0G%Zzq|D6!BxKP?;VtpCnC@qaitjYj+U{~Qnm z!A8wjtvuzEaQ3Y|B54xBwQIVuHqnz4s&E!qYcao7OLeNXTsH1qpMHg%qc7u@bvQ3X z+Bu1$d?HcVNE0{=b`j2A-z^HPux}lYeSYH}UwX#BEa>)EGEt_G7R}RVE2yis=!IF%uF4i%ulkew(gDER!3DfqgFV%2ePtMmg~`#nUb$pq?cZ==Ia$yhy# zZPpISxXTB7+z{Mt%=$YqL;kBD zLq?dwmH*qiwwDuSx(v8~^ntnJw};BdW?r7PXsvtw+bULoF-c}3%dTinbqs?i$YuTU zUye!gboT&u#eehMIsYF<=ll5o9MF#acGXF#r$W*{t%q#YfS2yu=&fM*_^Ckk`7&su zq~Ve!GsRf|q@dqRQ5IFD_Ua$6>@5T(N}1pWa*lG`LU`Sr^>KRtlk$}E$)~9wj4N*Q zQXLA^19?Od4`6%#K4#WbIsPvu+D@F4v>8`>4`w>$cUXNv4x1RdT6z8c@4l8lRRq|z z|2sSBp8uVljrR9{o&`GR{k20pdQHM#F30Dm$de}ZJwop4lAfC!TSB@tj5ySuk&ad&s8Kq+p8;#S-bJ?!y)zxV$C zWhS$;nM`JOH_3dGEP2d35a2(0WdJal$f&ZJ$tdv1d+~Fda%!@ft8rWFs`2wEX=?H) zXxZ7AIGB5>t2heFSlHPEPW<#-SK4NcbDo*B_pR^x<2f@%?TU{o*GL3YSoe3gqf;Kp zT5jQJDNsg0{Rn|BLVAxItuk_d;t+{Hh>5%0eP-l{atIVFJQp5i(AY2kWoS4NsZ5Yy zp3{4Qp7utL{?E-1cUM;~cN=3HhOf8V3&$Hqy- zMoL3{%;9Fib}BekkUq|kC&fk%jjSAK^x>M4M(*Er@MRhUUbF(?#5!#-=rA^Va^ws1 znAIiELl!RHv)(=xFhflzIkiV&*?^9`xBxn737lX^y6*C~yzyjg;8bl8El-Rka7-Cu zwJc)Jeev^cscD6Q=sp_L?{JAa<4HSD4EG3qmKOrqL?Oj5G*CW6_*b|cgt7}1- zZ$`8{%p7qU`a1S6i`UWcH2c*kU<4|PX-7t{$^lcGDR{~4YI`MbSbvPs@=#CGvb?MM zwSJqE-^i~)O%**aUnET6p^@}Y-LPr@-=S6RXmZJo8ueJFmaIROc79pgwimbK-)XO_ zgq2z&hsexs1(qVpiev(!6bnT%Rz#Y=I~s^4`~2XFx~zA*n*InxcP& z^2t8Kc#`DmOqV%*f5&_$d+2@L4|p^pxB(F`iW0ao(qznH__j{?7z`=_ zYk$+2Ev0)tnsWA1Tc+=-ncbsslx4i1Ac)q?&X^@%C3Qqq8=gA#neqTb<*@4bTy_BT!{bF<)CmnN zU9yjYaB6#Ckig9awm=k`C?P{p+8;&&}(e-V;jOes!dyt1#yI*S$ zZ)x1eo^Yax{TFR(2%3kV$!3#Jk2z<5jmb*u8Q&BG!|hAYJZjH%U4;o3imuCRA)|{@ zuLwx}7t!%97L16Ar?gA8wFzHI;6dqCN=B2e2`aqVETXy7w@FhDzu2)cLas1F`Geoji zYYs_51FRBN!P^hQl=feju;N_Fkb+^J$MxeTQKCg`+b-8Y?95HGa zzHR)o!}Y^McqUoydYsf0I)jg`yJjl0te_M4gU@`)cCt;-g6q$>ol3;lD4&Uqm$FhW zqgH2D>n5}II1VPU3U733gG>zIupl}FF4dS~HO*+hnpdsGYW^kIW)vGU%@(k4ll4*3 zmTT9g_Iy?|JUz~FuxX++m0RG|ePuWWU9Mf56>5v>M}@^)0rd9-QT%bdIZF^&df9y8 zy|;i(Wng~li{QpCZ)O&rh|#Q?RCWbeAKLis6?`qKRdMxRg%0l^!iO2+b{Vu^pAuv2 z04_;%T+(J5j>RINn?zZv6e-&7V9Wj@m3c{)?SzlJls*^CZIKKBLitz|RRfCt&3d?X z53@ukv~@xdwOv~nTebwb3<+-IIwL7@BgGOQwYSW@GnyEZ{f3|?&Cph>V-jTx?_ft%NBqc;A>+3Md5NGN-;aTv9Zhi@)X(zOBW9tpj zU6|72uo-&UI*Dwr#NOu7L_Lhx06uZh55;nM+7?;;%wc^!(T)vo5BleQk?@hwUt)uZ{wqlyon~Jl_kbywY}ZD$c`kFMi9#`PDaV({zMaA4pxu! zu*hh9p0eYe%(k?5&J`~Nby@9QSF_GIVXTjr+y97N5s|9Sb$fz8pm)oWsRngeBGGjuUqXz$=?c4mW^*$5aGH0Hge!qetBgd5L_FYaddOq) zlFPVoC2vjaN07fBF*|~H{lM7o10?VZ;HuxXqq%o-SOX=s8w}A}S|#BLeE%3HB`gLH zYFYJP>7frGS)|$?Ea)OkTQnmbjcz02GvSs_m^oW7DA&t)E<>H?|14Hs<>g(;`TbZG z!9T1sk<+~<2noWZ3|HC@V*4k)#p63_lYTnbx>mbiF{`P;q0M*wep-+F`uvEQ2*xY^ zCr136p;!xQ0E^2G@DvAc8q=9W#f=S&@bpDUU!80^8j$<$T$;Y2oFvf&vbcwCLpNdOq0VGJ5x4Y?toq zA7g$a9>=A7S1`3~W84H49s&21eE`3psHiB~8XcA1UG>E}dm(A(A$h%oclX2GWY8i8 z_dZZf-!AUP>zKFC7}>75-T`a&$-47!c$hb`?RhwQIAKw9E4y3&N7@fdWygQ)r2tH{ zi=)pkobfivOUBj#NV2H3_!0}K$G_c%EB{t0-;Y>p(hO`O(&N0~NWOpUT0{&hz7G55 zoj>YpQVuA+45LP1F4S`r?X*i%PQ!f(N1YZCas-w^Ej^=9XJLNNl}g%=5-~tqBcZ8f0w#~n zfEU=VAC?n$te%P_nCI-Lu>5fNR+c6K%pUg)hJj0VAIp-s@^MK;i+2vuaAa5-)zJ5B zRQd4rBTVK%CPDUBwf}tQSK~`UNndvArg_58zS&=|V=wz&b_0xmvWhJ(GA(tpch_Gw zPkPS39J0oVo=Y9>jFz0yDiXLlz9w%GB=ks*UR-{?l{$^v9)Y3eh}~gqXHnS*g!REf2=@wg zumIg`JF|1nLr`2}Um@14Uh-Ejet#5`zeH8-_s{#ec6cH7w2P(&&u;7V?UtnEV|+GD zfp(Z3PeTslNt~*x1qZ1yrE9+HB0Ut^2KH`#tGJ~tJ?c$5j18qj*|&X%_rgW_t9iJj z%eT%i*V3+yd;x9p5QccQzr6I5A*$jS3hSGvYeL$E#!$kUxVBv(ErXh!mvqEyoPq>w zzfd1)J5<(}A6|4CegXdw+g-Lr1sx^Zm6d-Kj72X;+fM8pGnMh~fB{aCN9Zc{a50zFZ~V1zz|{A7(1g9`*;28-fdGF83ciRQx*r~R zvP)pb-)WSeZqU|~M*o7;gv31D3a1_Gm(b^1?q5RVI_mbeVzanc=5Lp^~iJ74Wf$dIj(Hmp~-Jcq|#dQnX_VPxR80Q=J zq-?^j#kLFkk7F=uJISik=GM{kB5bD&vcvf>XqQh|`IoWU-%Z}}E>f+`9TvGkdhUbI zmqF!@O}jpovjGy@Zb!FQ=|N;`bk@*=?jgU$#;kPeRURyuE1YA2D8X|(Bu}&zj0bal zjF1dCd*LiSAdv`Qfw>9-p4*Ye52ii^oSoetOs)CjKeq$)|J&Cn1=QrJ(Q4REXg=lO zzmRk_I4Am1Kq0*5(4B|5T1mg84W5Hn!?_KihMnxyT=S-Nx#C+J_l~9CNZxOjlB4`& z`|8=o=S1FdHSUPUs+Ax@+7lYJX0Hp#Y>6#r;}$76 zK=2B5S*+n5^H|km(=@)Pm}qMB!-H9LB~)kCTlhGy;p~~fTXvp#7R0#{n2@~B&s0Kw zT-f`;uqN_M^`wRhqMfGFe={(RH|!2p!(lIehM0z?=4Or(M+nC_f&By>a(IhHvzaZwTW?=$KPS5@Dj-mH=}{&RGR>-@+O~1 zo&G4z!{Bq%7nMWt=Y7g zUw&t5&65>zFf05%BS2_JDnu~@hTMA`|JBJX{HdmSr9(TS$s&U-9TXy~zy_H+I}_KXl;V<2M}!n?xWd5@d}}yP1I!GBp9LcX%dq}4EP{0j1rt6o%=(g zQGkpK2dbN{x#gKkBoEO+DEaPII5405vc=YH{+gi{t2Q!^D-SsYT)gzpC(q27*`Sns zw<_zKPi|u&PvOK@`z*za@9|U>FOu0!bv$6CIqGupqba$Vrk1zXTvW=RUlAN$&ptbh zg&DNn-Oey!#BI%Ri4^r%ox2!+8wVoFeI$0?kvzlnq83IY6%c)hsn11KrT1im$u?A3 zRD|c0GCG^OZ@elMJA@;xF|wmZD~uU`hn`y~nOV{xtc+optd+miF0dk;e~n@IH|so}R=H&Nc}# zcIKWze7i`WeppU@ZQI#*{15o2Ca^%YPL)^SCtU7tl8n+&$(-`i2Bn_<8s3L}d6-g5 z>Q;9%-215V;PQLE_x?v!z_aU{t;vmJX{|(rgnU3mew4`{xO* z^dpVl)sh^Cu9rK<^B(=@Qm?=su79<;q5)5se$PggY(L|0UM_FWTQ@fRUY%`8%$qw1 z%Ja_U&3c>q7@n(z}u&|iTrC=NsBu1 zohfO}9-(_R+LCh1eJcPeuxe3+nQ>T=HO;}PFjH?p$8!oQ&&*OgOunpm6YcwqqTthX z-`;bo8F`_5DLEFojywJXxqw40Ma$l2!3YRD2|_YsOWtCtIX}|@M8PWwBMNlh=(nD9 zoufpXt1V3%6S0*RlWers>!SF3^kI*X%gswrOGZpbhM^TnRqI zvRI~Wr-*q0wa;XO%;g$I2`6rlaqGml@^vmQdJ>z-X(x($?~q;-WQTHV;b#Dmn!2a( zVrBYm7FIOJ2^yH1vpZc)&zS(9CCn+~u)3=2~Gi+LVdJGXyhMR1~gb|IIA zj?!taCPd6!*!xj(`i~kIP0 zXN4Ac6k@QM7~6pHy_{hMP_4fNj3_42ys1OWc9%j6DHU>>UB@T=ZasfPD>Jqh4#(B0 zvf_l*{#|K}sCAN=XF{fjx9EKSti%TY^K3%0I{%XKpYg)nG-V)pL z{amY`YNI?b*Jx}oe%oGjQz49ZAsv+cq7b%SO_XS@4bKrb_k|eKO+dv;It!?=Dg8Mo zUt#f2NvC0>t|BJnfoDb(hR@~4wz<@{VKzv8WB$&E)a8NpjKFC-q84lKWRPWtI#Z|3 zXneG8jQ_G3kqp28c*Lo_Dusf;og>@dLDwBoJf6LEfazpeJPK*+e9 z*X;blSa{qWohGzDHxjUHXcNNFtWU~C3-0S>=P&a;p|2Bg5agn}L(mPM=HQ|QmO2s< zf6#|vGbgCK)j!p+?C~PQ&BCe#YD4CJ3z{}=EGPzVe>h^+q$J}X|6QU>AMUQvR0%8K z7Vl(S)|jb@c3(g|t+3K+{y=bAA(d^VWq`1(LG?XhrsgPV8h^UR2F*%K7yz`=S^z9- zAoPT~FWBq9Nm32)t_jOQxzLIw>!`~g8)~^j-0}^aPlE$sS>x($xme%9~|vMV1q zt*q3r(Zip>MFS|xNk1Xh`3@ajCJKn?J0T&zsqcy%xe<5X3`C6j>kl!h2$s5}t`bA$i zkteY0=QGnH(|vBLIg-b!NGw_WZovmy=Z`le;J+j93DtD7)JH^3X(9~EA_`SXIBk5o z;y;*c75{@MonMB_D0)5WI--ve$ca1RExPCGBcKk^gKV7(lu7sn#q$XP^q>&9ux%FN z!Zb!@dP9VDY(ebTTMQ_89_w2)k zW15WdT-FJA^6be*bJ;@hnV|FSAR}}dyjV+dm0yes<*7lAe4o3wbT*uw$qZM-DE@1} z!L`-^#UmVgjRI71Ws5MkitT?7#0~vvU=>#*FH7Kc2D1F&3j6WZmp`L;GrE+7#ElP0 z!x<41RgNPZDNIo;WB`eUi{5I>Efm5ykiNj%__Q=R79$t_&iko~Z z#I(UTZj5u`vBXvr=cp6e;EOIpz#lW9IOt_!bRL4gU#C%E>Yv}iV+B2<7=IA|W|6%A zv?Wys96LKblKkqIa6ZU*I`Sp9Slu57vK`lSDK zMUT+B|BkK=B=kI9NtrEU{qX$O{avICcp7eph5S<&k^2;+aVn+Fs)BdEi`-x7^cSN= zS6p(Iz;K=ke^KB$5u_bp9cqz${hp~J*C=Znk$p{*-#|G=7iFhhIam_+WTdpxi$S;J}$Zf!uI4GnI z^8KT1JSSs9o$F{0x9c2g)7n{bIYQzx$E7f}y}}962~IP&*+L4a5%fNlYy6B*&rr-< z*?HeGnp}1#`nit#<-sW(ndMA}z57dGGs@RBcrEx?GLFZpL@kA0xV5H!!hG~*Yfrf$ zcw>Ed4yY4l;=-?Kj1dzD>doELGj={nO!5U|6H+vVSOrw;NC*W3&f)kIiqfT6;2#mD zA{~kb^Z0O-xwrb_@80curn6==$EX!*tjT)0B>#`b+utxE^) zY;mL5t=pG;VoKd(q&yu9LC}_dsa63(zsEP7x}Tuoje@vw7?iE~hJN+uTO=};J05wDx6esH#Pv#rE4 zF4TKlk&tdf zMnr>2Bs{+bG3#|C@ft3B@zL)Zf1kE8r<2YYKacuzmWxYC>3FjZ15TYK4}!-tiO7MT zPJ;{m$Fo0~1D)A8<@-T~Spt9fvL-vpblPteo0p5XY|0V3?n+zMMAr2WX)$(MZp4hr zDiW%5`yE6KABldsZRpgLZb^zP4D{N2e~k5r#L8OmiR>OjEvW<6EY57j;_7X(!0Bx| zAhh%i;kSiY%ZKxkB#dx-A3dMHX<%lzVzl%v^dGDs>urY9;OlMP0-^!k+6jBqIUVne zkH-=Q?qeZNH<5Lt2Rva*@VwYMZGytekq{^3tr7e-rat_(4}A_sIrYoPV}el?OQ**u zB)uH&j~v0!2idxnG>GEK?N>tL`jti0i}0nO`_|f<;X0O^5QtNMphP_!9qLe0<9kpv zT%ZK|o41@5uzQ!ohi!9jV$>sCI&RcS)DI0V!M76B$;~0LRLvHJ&6OJmX=JtlD!Cr0 zL6ux4-)O65L5OIY)&jSKKI0mhbwHMuJ`A4Ydl!y+paZ!v+N%HmGVQ+IQMka@@15{^ zn@G@ZGcAlu-S`GYqzxa*j~5T}WRH=$lNKyT9&O`nsmPQ@-L2I92CPrC%a$XdJv zPvDoY_rJ_n((~{HK9i{ZbUDi$FpTN5bmqsg?Jw4rR~f103aQ zh-51~B*-A|J01>CG#elDn66iyDoLKWwn=$lxPDkMJh3reGHM+$U1h`gVK#pBE`~Jw z8GoMe$Z*-I)5i(jBHz^V-+l@slYGF|hEObx7ALO=+Tjuw`ACQf0XJc+W#`bla0}ft zoS-09{FVFOcWsOZ?6O0_#n%RznODTVG3QyH(wd}SK2C%C)s~Os8mPUc3uwGkR_QA{ zW2d6l>5e>pgB^Zi1s7c-5&zx%3o7tb1hQWV*ABlE$e5lFa4#4N0yfKHM)Vlco3d4f zmzX?n^|PZW{_LX`&SP_tb7vU(oC7`Fv1gzkt?{Jz_F;Te;Km!%)kWGhGO0H#Z)VrE zV0QTMQ*mgigZ8I}j*s=aw`%0PA4w*qFh7~NR#gXwlj>HWzZ?9DK0w+Q$%E7U=dx$A zgE+NfugJeb2l>0xMeZgiov7paVTh67@1u%`eUqV_2qK6-D4Cv?u1fr}isgw%$foP~ zhtRJ({-o&QfGIEUfXX&Lx5=fC15XK)``OdMBX`>xlFIK@^7QRgH*^?PGffbF;9_Fw{eXRF!jZ>r$- z-v}D-x61SC>!n)=55PY@rW#nKp^;hRlXpoe%A=>?5rv*u7CprEV_)2h z8v)3B3m3f9{%a?4!lkaEd82avH^h~i_S*V_i?(&()#4B_99%g4KlI+m zXgX&LImm~q3WwA0njZctB&w9)JqQ$ZSTeePpVcS>%h2|nMERg~O2kii#psq*sl7c7 z!cnVuIqvPrW9=d!BO`3u+lT6rfoW6baszm7!z7Qpt!|Ei4s$-hQ;~yMOfgm5)hnB! zW>4>c3qWivJ>^ccxPJ2W&Ipe8b*aMd7IW1ZiBH%QWQ(NOe2oR;rpv<=53LjN=0{-2 zL;hd%_X+~eRuQQ~iwy1N&MHmDPPRVsLaen#1>2kbi%q}e9Db*Il+ZYvcuZ0K`Dx_0c_wM7fU~;8%`=coSO|fN}3^%QY@lHdt{zMq%bOYwplxkE-CV-lT3URbqBs%Mh z$B1(zgck4!zg6K5LQcCg!`+r}1>nRP^_#|gSNdM}N6_`#d!&o<2s~n2VpCjON|o{7 zL|R>9D;A=se{nJkZAVXoV)(iWo&A)U2j@_VH*eHH%7eRq!xCHBL+TNe^r#bROs-`# zBL?E)S=;B9g5TgWF%mGWWs~IBa!wsj5=9s_h(u8&r7A-uPQpGt%xx_hzzsGZI#pIpM=-UTP(`XSxi>layRIwRttg z_fhoCYn1h=i1)GK)PB_zsOxO>G@fO`0xPNk_iN~I`?V8Zp=oyj7 z*?ks^TOq!Xl8zJP$}e;F=yRv*Jb%j3wbt2L+$iIairM+4qJ#@;H2>~5*p+fRfMeiE zp$WItza?A<-N5VhQIBxfR-}N;{Wy>@g=(P+Sf~!ApyykOU)w8=6w&6uCYh#ONanS( zt(-lq5?u7Rkl$*=8EjW2@?$zP3gk}u^t@f6U4!7BrKeb0cuKCum(Hl1Tgr#^5&3vRtlS_x+s882gSsoW zDdYkWc9v7Xkl}xpBfIOP__9Ew9GL~k_>~=r|6)<2Gn{-biX3;D{bFe>>?5k~72$>I z_%kH|zS#1$I)B)W=U;TneTn2Q916%V!nHOZj##)gWBv{rZ8+;lxRGFjc|9Y2P_^fNtN>kh}x)5{K- zhco!t=;^Eliq?*yMIL!4YOTwVY2dYs{Zzxioa~nev^Q(bvvZ(%@Q|8m$5G>^ThB?2 zhcrXyOfyu!F&kFDF8XFdHFd0B>zEsp?Gw8};@^9-yT#s!@7>eue;>DA$+!&a0l^4> F{{yRmx`qG% literal 0 HcmV?d00001 diff --git a/released/assets/fleet-crd/fleet-crd-0.3.100.tgz b/released/assets/fleet-crd/fleet-crd-0.3.100.tgz new file mode 100644 index 0000000000000000000000000000000000000000..e0869233d85f761dc35584b372f50216f81183d6 GIT binary patch literal 9676 zcma)i1y3AYu=e6!+}+*X-QBHaaVb!w6xXHD7I$|o?(VWs+}+*X7rVUQcYna0WHLFE z$s}{m%#$aRLmrNZ1Ncwg83D{@3R)Z%3aWf6UV^;l+s zzFB(dXgY~1SUETXPW_C(uLw<>X1y{S+|)mt4hkxcI}{$5twm(UvvapJZ}0k|8$Sc$ zV}5eVIs-JKZ0z5k@f3$zV^)rNp$izAslu+LI)#Bi^)3m9Myk5tTuXHSJ3M>P(C<)ouX~Q?h6%55* zAFj9Wz-4t2!#dSkyyCB#UCF+baH(3cpLMmao;;YmXtlgm>B~*W`X>yG#6`7B6D~|T zRZfB_*puoiN+`9oXo35_!+Rs4DJU%|S!Y;Hi&T5p*Qb-@_<)m}s>AltKY7JPRnnQAkJ!|&TgNYA(pr|bR0EDdj%hMZuTad7oTs`golh1B2tpU+Ov zH0wNuLUd$wuc<6*M~8Moa%g?hNlxi<3fizj%|D!kP@*eFtIo1j1c0Q1#BnvT_2@B;)jl;7HR-`~3GXbfXA ztkC$K-v22ZwRb(;9-OSW$sH8Daw;nIjHFdm4cHDC`X}MKiE2yB(H9KQVe760sK(_D ze|Jru@lf=`K7Dbq$>o!?ivKgG;I}&$bM2)F+d;{c`QueoF(vP2T>KE>o7v94TM@Gy zKeUdMno#Tfh`{2dS?aB$RRPMFxolU~RkvVk_IlHGOlC_+S1|oNw5hi;wC#;L%9myN9@L!%YHC@aG4L;Nh+TQ=*XTQHT?o1 z3tD8pNQzs4_Y?GwljgS->EDkw5QmO`x_2UE=uLD2Z-If*^JVx4e$*bd0V{uqTQf5` zIf?E%JhIZOb>ft!MRRiksLvE4>W<8 zEd-a$Mu{p!D;SgBTjaAwQJ^|)w-pMi;$Bz=>3N#7GjD&kMEJ{ct3qQJEQAXrf}##m?V46kvo=kf4aja_xqN>TM&M5vqSHGU2fl zUd$xuKeraA6IJ|9(Yni=4^R@8_2qwEWSB?SH{Z$=0VF@Efq*~PBaQ+`*io|sO+2Ak zkL5lgwQsUik%fnknOzq#TdBm0T|(D&w0D<58`+h$e4QV=1Sr(Yu}wp}V(wBA2Y%i~ z8k;hhGcG}w6}6oHR}iaMwQ0yy|>;`6M6C=HhR!G2pa zomT`frTp^KRWX9i-rvjLRFeU_&cNPOzT0J}#J2P%ei~wxkf-)LSi5MU3Fji!d|xh- zpmnEnlo9IG11JwDphj%`Af*%pikEdzd8%ox?SxqHSIkN0?|oxW0giPGWuX8Qy1A@W zeTz)KQ*eF^c8Nct)<5e}au$-463$l^?mSxsmXZ1+jXo45%MIPbAg}W?==+(*+s|;{ z;hlRWlKa5Wc-3Z-0ggRQ(C5uq~Y$aRD|JgyVeF>Q?#s* zLrNUpE7&wA`1jU~7ln$KMl%|)mdN_~((&P>rLPL zA%09nZ+7^qr=*VzT)lLL3J&S$0HBKy9X}DFo~pa}+M(}7LN5s8uRI>=Kq&^w?1g%0 zv8m~%WOx@WI1_|Edrujld`@F4|yf*iPjoNL@AG#cMF0 zJVwm-whFH}?O<`E0G1v5z5*N{pO~1CdKmgQ@5kKkF={*b4I*D2W8(By|9$g^^q5x< z4!*I4-x36kV-d>Ov3w<%Ct&$oYt0oJ)wiyiysMc8T>%?*{R685!dYXlQO3YN=ypil zdqjR34WGeswqzXWPl!fCZ!1^k)mJ`doHv&=-9H=xP)a`o`X~FvE_fx)82!u&O>DV< z229;{zLZ0Nk;8dojVc7FOAyDgi(L&s`~KG44%oWx%vYs6TW3Ht#x_}Wn2IYZ;hjY; z^y810KS!X}^(Zs6@*ubH(rt++p7wkOyEIl-^pCme9Mw)@UvC~ej~<(%ju`}NG=li8 z(8!Hsc>YJ96s%2D^HBL2-$~`d2X(Dj#<9wdGO@Gf4GpMe7@fd!mptfMsK0<*XiH^S zCW*g*rvhwTiUr1eXt%)BTMQ%eXY9UfB{zOi2g)(_}hwSd8;^g34!A;f> z08!45rhkZ>e}pHvF_cXayJ`|-RMt~@-cfN3X3AbQ1un;?BQ#1gKg2|nnYN7foF4j3 zw`oE=YfIYx%z#%{x-1{T`4<{ozP_0qnm+lDHJu>(Nx$I7{oiS7l+|w(p-;B+FcR#e z&9`o!ui9Y=$R|ejF9rilqJUBc?(p_({_jup#$eO*p#}qe@l1ZDbHl+wuBc^Xiu7Q% zfEwcOyAcTq3_^R`cKq2*(N2hZ`ov$zoBB&C*l`_`!cOfti$$G<{L$?g`2WiMYV^wx zf1O%o87F7cRu0?Ixkn4T$*q`*}z$L%v0Z zl-?U2V6(2My8#rGtju_v7+=v~!_g@|tj%lOHsTf>QMjdqTi~gb?hA)0tq@E$#@LI% zVG|$?r_%xZ^^lX~2}$c1cbog#f9TrZY69T9vq6N@d#ZN%X$bi71-{*!v$KXne1$q3 z{K$e`&oV!c8Jr4L0Tq7b2*BGRwhRKB`>GvpF$&YdJW-2!eQFwb8Lq3qOn+~Sq#tS@ zwG-_g@N623K2Yz19-!7X`Wv31@I%?IhI8JAYVK*q>FPT_2xPW)h*;;yKPWDXcssdl+?~?VAvKK!zkTjbKb(*a_=a*gaV8h?w)(a; zncen2$|&?}GCTZj^^-(EB@{R0`&4$Duo&cfQ?_gX8vy^m^T|v$^I?MGoKYQaS8<3q zLX`uFC2+`h1a0ZX^X>LT1GxKu1__wG<&QoUpnsqztZ33I=}60DYpe|-6N8jlngg+% zSx|54(V@pqAJKOb7(a;G&S@e~$KSzaf$tmo?{Hw;(E}C7cHf4#9zK9Y)6j;$=itCb zl!&aaUE=z-SXmVjYh4R=!J_^F>Bt118D5jggwWq|pZ5?GEZ%S)@F?GA{;t<}*ikX$ zko|Wub6y)x+ld0oyp@h~2Zvio&DwyDjEY@AcnW1O#AUgdn3qnf2S7i*q^a4UNNL?MBfy&_wwB zzpSP^E|CIXl5IOkW|zw6lBHRp8F|{jZvj3{+o*6kJ}aaqkAN8xVJ`cu1on)?J^NvM z++mP5wolpWHX*Z5KG8gtqh0hie$i?{x|%}SWq;PlHc#njNQX)XHr1LL>3H^SkQJN# zOsfS`a2O7VtdIUfx7&|nhf(S!9al}Ycf(bzgn#*!irtnwuX=h?lRuEL#K1LRY;cCD z4dZ+7wA!^IanrWG2e+I}kJNX-l!5;d-$0U49{1myfo`U*Iv4~E$<8Pj(B{sRP4Q%T z6oP7hJ6@5l0GSoMw(@*n3GLcnj)sB&0TtGzfPI{uS4?trgCI(Hv&8xHx&sc6)($=w!Zk+dYP)(2(y(FFSD1DYyC<(Z`bv>1egOcvoE$6}va zN@?36Rze?@IE7T=`lAhZytC(Pd`q=A5^<=wS4=bBdOdwWJjPB9uW^785~IxNWDJhc$Zm zyx0eU+zBDzVCg&Q`QwxE2k}SQ%O82s6`pOBs3YwJ-9*?>Bk~2egasYa_&0 zeS=F(?nWGsj|NTxp5NY1<^s|X4wbdv?)OHD$tM@yTacw!3AQda-rS#eUZb;{1|;>$ zd}5K6^vq_oV!c`zf2#81PDL=Z?$`Q|=Nhj=gu7M}YmS`=DvB0qP8uoK*`QKqUNO8f z_nL*h41MHn&%<~N3eeioIBF?ny#?U)6w>rS>+5ybg9j_(C8pSsnPn3{jgUJ{3D4^L z(9s;$)dlZ4zj{EfE@Q21V&8Lj?upFpJL|tMV)b!Sl$fJ5jlW`Juf?N~gCw zO};1v15x*Pxvlk#9t{G?@C?)n1KML8lwztlV@?*`d%d%%x})KGZF}MVW!8^m+!DAz zWdkpS?B3g_k=p1iMD~b@B=IGp*cp*471*Qwy+^se^Y(Au5Hpo?wxCOVP3g~a_% z6N$ds&Zl7P$OT=gP#XwLPkJn!VYvi8sT)YT-d|+7zcK?jE`psLL}#)ZjfhA+EYy8| z^u6Y)q|@+QPGwW^r^SO*?CufrTizs~`4~iaP{`KtYw!CCQg5TzH{Ur+9&dChhyYVc zWnTb@i6~8|6_$RRq`BVVND)Egk3H?Kj@r#72TBw%7}{M7PtuZL520KTp6DMMW&ue& zkK~)%H{%Z21!W`#4Bl$Ma00&4r3m`KS5r%gytZIGQs{oqU;XHa>Y}V{P1jZcwF2Nd zwVl}0XxQ@=2T^B*y5#_S%gMca6v{W8!->qqdpSBl@3J-OVZ$xcK_phkeP+MNf>*I=SU5B-6S>Xt@ z=Ko4OZpK%C3d4nlNHJ3lZAm2G%|mkNo8usKf?7J6%c0l{^BXzs2h(8})4r}s1KmQ> z)co};ljkl1?&XcW*P>?o8A5x>Wf4(4Xr`+~qn-C7ld?pS%d$#ekQzPmnQdJT@{8>d zcm2`wvfF~a-pEic?FJo0egjm54o^b-;Ny@|kcDbiCC#?c{|c@4a(UO2;kRg&A;XRG z5H3jQE=b>*)ZItr`AWc+{DW(^S1okrLQU}Rod)^hFD>^zGb>|u`-{spQlM{G7m>6q zaXsHS(8{et|0?dl7xIX{qU^{~m{b-#UbU&ShOutYzqBT}P<1QiL49St-$n zzdL!dvNaOrtn^oH8HkKJar?Uot}rX7|E14yU2|wjn(_ze8F04OXUQ6pbHZf^UQW5a ztaqaw>h!|ZCTodhV=JI#Y6B6CSVY)BKbR>0MonHDK6HDbxGyMVVaDD5TD-tGNMyl3 zW7q@#RPBnnCcnKB&WvzPZ2Ri+iD)(Gr)W60i-D5YQrHYa4&L&S=Yy!SWHX~9;q!PS zV;KIuWib`No&@|-#1|(G(h>~d)2bZAq+_ut#yFs)OMGcEtl`a)gZ1i6#Lfq+x zAUKI2wZ*Dtx8wWq-nFMy4;vEH^s%AaoV$8r=x?PWU0Z_6P+D37TCRM#M;6O#F0L4u z?!`5`T5C*Hfs$;W(pR&DCxNefe>-A!<@C%gG&W!($Y#1MXiLWvn8e*Z4o*Wg9|j|o zQKsQzlA8neyy4#C<3=~5R(?(O#eT-=r-}NTWkLPy32mWdAAkHPU%oqua_7u5>?Y?J zy@2`iw6wl`??`kVV~EiScoJ#$B*l1GvAujAZ!eKc5Ms`%h7(3@L(hN%0|+ta$kAAp zwYb%SLk8P-6PqJ!Z*-c4n1}!R-k1ZIcrAC?CQaPD<$A+l-ri6iu|)mnbv_FtNgwo< zg2ZGag22|~cwd<~D>{5$yOVFRH!q;HFfY8JTPl_%Kts<6v86hd8%?4HSoyXAdXr$J~ErDckE+4V!BgjqYh}k74eP=qkIxX+_m_QS9_}IG?W)f`dN| z<}gKdOG+vZOy*1?*=j6yhrq+JW<*toz=yC(1cTJ2rg8$|;dmHwBzy1`hZsrME%+G9 zU1uf7pdA`D$M;dqnH1pX4~XS4e{`F-FvGs;%hFaF05;kR>}XTG+qXmVx&Wv&e`{5) zGsIUB8%+f>r_s4+1%vR=$*RjQEr$~lcBA%2^HLTFJg|l|@|%)+xuGH#)tu)VvzmT~ z1Ies5?@6{`lR?EmPu-u`jI3SRIW*6DyU`nh`T^A$!}28z)un5QC$y#89WM-?xNL1b zdd#*8kl}D|@U~HLb{zBxdt|jroWHf~-HEYw21U^dQ!&a{O=dF@TqS1((CeccZxiJBm=?T~iRk zK@&vC4n&L*yEl<6fg({FXYLC;Zz(u$4@eSL~(l`rE|SXVbEe#lpSv2(Yh;44h9 z`hmZ}XNYyTrH|A&AWr`2rW-8ET(p2%&6itgyr~p8C2gIJdtG|OpOel^Li%xKnvb!FAx8rc5rKh{ZO>ULp&x)D-xDl=eH7+e66HE$%)r00mN${fRDG=z*lmt3z|}M^(uPjm*K^k z5ybHW`kpM4MuD2*1vA_JEEDGco!WWgzSbOczE(IGWH5XN1CIQ-ng#{PqlmhD_W%nUfPTgV{KlQw?XUajD2a zgfsd7XX}xQQLwPjXA~apqyFPr!*k>hJNgh6`K@NE0!d9Pe^9PT(Nh?aua#H)!|B-Y zai8Il-^Mn(L<+<$#BHIqb9axrZqK zuPK8~C4q-EkF-Lm0nyuA1f4JKjkfyXShh}Xg$VqfKVqu;KZ405Fmv!vrZW1q z@u3|2o-_%vYv3x$F!>1AiZF~f;i*tOiV=`&;La&tKGMN0LgT|Oo{ezpJ)3&bYvQ)~ zi3aWH4}1g4Ig5!Sxj)x}|EzU>lBRZlHiBBm5XN}FZ&)XoFZ8d5VxP2 zNpS)`8swu}zVOJg>*i>*!?#nqQ@ouK>oGKX5*TmZL+jZscZcYv)jJE}vQ#V0;F%`U zW&bo!q${8Pshb8e?O{?K^!JQzQNnKQ2IDpNSd#+P=o-7vU>t&0(EpFH`%%9}@wlu0 zhc)f=a0m)#byjtbBNA=wR_$GptcI(6a&ZW*H#~}+-HPfgoxU-ZMNKJuzJd= zhJI828Japz;AE$!UFalbL7r`O^(Anl-*rD!eGp$~lwpd=znK3-OGC)1-P+n^{z8oz zZU=NkYoHuKmuMGq%|x#i>d0D}H~)lQ z4YvHC#fj-(^0TITgVlR}=MwuuqkOGho_9VO!FryHz|pV|grN=GfkVGQuE*l*`TU7S z;-`=Ep7s7Tn30vT7X(m~tsCD7_s^-6X-x8L8Oz zErtP6g!+R;f(Fv4zlPxn(OkMMRY!}2#hZFbm$}1uY!{RLi?bm}HMFOB@WEFOO$0sF zDkGv)9G75o;&*%~eK=9N5`*f5PIYZIJHE_=dJ77f@tT zL+2)W%Ed(l=z9JTq!b|F$f*sn6?zVR7xQapg`-`rMGGxt#Y=p{3 zdUV7iJWs$V$a;{O^aOjk&Gp9+fUf7?u!VSq;m*N!_hA)D5s0l#|86rTv- z&4Bu11N1>A++G2j9Vu~c17Sz_S+aGM+;kUPPvtw4H#g742LJwq`>b-?HXeCe$wSY; z?5Q=bZldE!;8pLyo251sl;p_e9~1Rnqzvp5p-bWk(-rPHY;PD@*;Q`BX_KV6*%!{r zRbETX$#^o^I-E|OIrn)QaE)($V}Pj9V_M-a?}6mgzz9{b*w}rRvhbA8gm(TG9Izt( zlla|(7q&mv6F%07uTlW32T)dTgqlKP8K#>_b85eofcN@&mf&NVSMGRGuGaQssP8B^ zd?Fl6n}&kj_+j+Q5M68N)0iflaX%II0G$=CNIw7Em+{?GJlQ-BDox9zuEdCY6ULr% zCh4#hqDgs&E9U|7Fa)aF2Y$ee$Z)&~*^hX7`iOnPl#_-{7W@{yBWl{`cw{@xICGAY zKR%~pu9}X>{3LOo?T5G}6$5^WjPL?^Ax}F5dTVysEH>9l*wv-A9n1df~Q? z>9V-khW%#LeZK<&r|{QN(9uziZf>4fqtW7rj;h3opL=ufOzI(b&`n1jAa`;%IRpwu zq;Fmg+eRWC;+_CGIho)hrT(p?^caBtvBt?S zaCp;{NpHywCa>B#^l%M*M+*i?89RTnbnM~d@I_mBX20Jc35`F5pRFiyR^+cp; zWW;Zk@#g8-buTG4DQP&uX?@Dt%)EJ&45>cTc^rxnk z#;Tpi7_o$RhQMAN^dZSf$92wQz&Q~lU^Rvss3m;wT_oC04YLo;3FMj7CA^D=AdsVZzkv{YJ{r8p+(NX?C==7||DldEJ~F;t_T0>W2pp@psPcaUf! z_~|Q)T79!{y}V%MB@7?^jP381;^@2hnwa1(I4T;hWQzSv@ZujmMo9T6m?b<0a!!rQ z@P~x*55cSa$wQ|h8mhqgJXNm;TNT+cGgyGKl;H94hKmUaPrvetP!@H@AbpH%{}Kjf z&z%&fRb@QdeG|guv_Dnp25lp4H??#JzUABC8xw1LSvx$$3asc@utAfgOY*eh5nuf% zs5h%PYZyY$Od?2j4>Yg(FLVF;qD+Qrm?fd=6im48mw&EuaA1{YQO{|9*CerlxY|Z( zJzsh#vPF_HN`M$*(E`f}0ms+(a-B|8T2FCJotGYDI-50X05w?1urV3&$)G?rHW}O* zIL~i-V5)_w>&O`@<{o?PC7mzoDi)k?Ei@VPmp=^i#34tpv zsV@HScF}Fkksq5>kCms8)zC8Z{$D_z3Y@V@5m!Y21suE~v1w3ajj;w_Q{0Pi{^9EH zk~C~5b)~_iDc zVQyr3R8em|NM&qo0PKBRbKAJmV4nReSm$Z?A&x!C%xtCVtKA$slP~Aw;);{`9=7%Y zCLsyO6u|?4ay(o6-?vCg){O)jAV5KK_e&}=iEe<6Mx(EjoKp2N71^t+84>FIk<9ZK zp5fx+;^MbAZ<>EEE-rTez4-O_*Do$#|Ni^0zh3_O`uEEh7niRue!F~;T=*uW3o5CI zcyTcp*Y4zw1V~YEMHJ(Oe0!E8DN!Wn)AN)lmD6*^U!_ziHeob-n+Q^*Gb%bCo3SjT z#oOd>N>uc3osSe`PGw0_`Zj5~PCiOS=bg`T`8LT}QT^=vtDre0lD@1*Tn(0r?2MG` zPbwti#oJ`@%NZ%lr~h7@zdrxvETb|NtW?cUf7I_KpGiTcR3ulGRDAx8N?wVSUegIH zShFl=EUllODOJk1uU@6~Hj(GcwWz5fQc@*f<$TKJtA?0!xtN~q61UhQ<>KP((4W46 z_5N3MUgktm`6?Be^eG6m`~R2Ai(h`(-T!ZXfAa?S{}`~jWk|{BPeqIRfAakPf5@7< z7ngTbk;}7tR%CB`cgfkDDv}XJY9Z2c{#{jMIhE(_j(FOQZ-X`Z#5mm|ajL9-5kLQAt?C~nEq@qHeCCLik-y3|_w9NVA zoEA#H{8m5NJfR*-`ZkeDuwvRXe9DWK9{Ioj=YRWO=k*)^@gIL{hWOim|3Bw*DkYiH z4ScuFdtJj%1+U8G*58+Wu>j6jh#+yPUpF>XTsSk2?#sF)Eu(tVZf1uZEP*OCsnEQR%Gf?@7WG zop=60KX3~hTc+m;1MO?*U5_<1j4}eAhN(xw)5$m?kky}Zt=x2jh8J2ebHoan{_o(4 zwE&pjlD=Aw9R%}&4J*A+Zk#;o3HS`>P`U5ZJg`!2LPyoqXgNUa^ z$}?6>Lyh0B=L{WNvta<=dH;YAJkRUBuLMza`sj`GNu~G=5vsZE+;;3K&|+wpVorYk zD9D1ac8tK|KTT$cpzFa@YR4XQk4W1)?1$#IID#^~iSL%?G*!G)1X|&RDaZ5rD)#Cb zTagxx5%&NVF-gUOrSx5z@@oI?>2{4)L`O-IU@CVk)mW_x&nR|T}vR&&*?o8bYF zYK>B)1(YHvMK%DX$P=2Qv8uOPAF6sNq)|wtkY2&F5YnjXp%n2)B1(}xcotH`6aWk+ z#xSX_kYMoG0PnjoNVo-W0tyl~+(H;hp${YuiCJ%z4vpCmY#b6jB>cDqpn$e zTL|w2gM=uLMGGisc^qQE4!om3Kn=J60neM`^hLXN2S0-+0ys4K!lA)95*Uy421sv? z&=)k^f+1MiH^qJ7)4uT-1FAPi(yx#?xO#J}ex^$Rdbls;OdERbfXdy?+Z&P%roz16 zdV;h^oo6`Hrcpl`jzI4>_l4z=%=3U;z!y~H6u_c{9FOzD|%&W0Z8}{N+$ca?n1u0}R=64oO^wgMslo?SpB$j2`bg1D4C9>}* z^dLO9Fxm>)fAH!4vDrjjS*7Ulhu4q zM30jKpbAsT1kIX)6vM76RET$FnX`Qsu^VU3v$inMpiv55G;{jam!!A`Z>HF`#>Q=* z5ZNLxh+$BBECxru{BF0J<82K=ER%3scnjgJf*H-JnHx5T*4q{~0b+S?A^be&Ov>Ku z+U~L86NMQ1mrsVzyMUVh$0DdCDviVleptKnK^;QN(*|YV2E-(vP=shet3vLA9ako; zVhBt0Yr*z(NZ^Xk8Z2`8T5$LZEm(ewLD-;zat*yV-T-u2t$}*7R)N)u#EE$<4y_t0 z7Ku!IK2F~HcvT)QsJv2NC%2D9I&7Gd7X5`}po56v(|I6FdAM*JzGOAb_Tk%RxT-ny z&;77WC&Q3QYZ`8!>DPi{E;>Iorz2TCdjNcsC*E} zh~+Qt!l=1xFmTwBbV#n8Z0lD z9YHq!+(zEgY=e2E;-Z$h?Js99U%osG-FzimH$(B>hNT_5X-cv}dcFD6&W6_wHRlCW zTx^Z?dFwa8Uf|xTnjC#*f##+s3W78ZSHdpx(-3&MO@jHQ1L? zY8=(1vB7dl4Vn~8Erebxtjir5k7o0Q!aq*)RU!;dz$L;zVraIg_d>IuctIHTxU^V+d7yf=v@ZvAxR}>ve_AY!h6}WLpXQ4mAm`H$ zow{sKKNvuHp5_&S<#?LCuloE>iz#dNmm#y$$GU21&}MWF-aVRJ&fqiCp6LTqQH&Xu z!^ZE+tsMM4Oj(r%HN&H6KIoy+`zNW$lxEl7uRiU#U-1I82Y3Op#)%i84!{c#UVvy!6Az|k;nnHFu>c%)e;y3lWvau+gVMH|R%BJ7CMU9^GMvB{Bw7oU4FRQf-WJ`y_8 zZGy>JVX6ul;)@}nrN&s|<1Ef-j0g6o{{tg_0e5}<1-mzu{V@sXBSaq|`Uv+(*i>HpJM&Je zrNhbza^)m{cHV|cp`dq){t|r6Gg7$VbS#=s754>y zaER&*QEdT>@vQ-i@pYrZVtoC>VKKh_XHK!Q7Z&658}N$7_{PHgY_}{HTekUS+Cb`Bj-#&r#0kmPNPhGjPjpxIaEH^^KN%Z&mttNSsdH zUKumcqx+<79=*4??|61olY|@dpg$MzCi-*HpW6cZbGuQYKevB4^yltBbBfL(^yi{K zw*%0hYru^DT=eJej*tG_?Pt-S3&4f`T=eJq^ydmXWm2`)Y{l#;WW+_%+#L2(81Ia3=iU#)+z4ZzrK^0yz}vGKPfPZ3{QrMINd z>Z?X8Z0-ap_OJ7fZnn`UCC_tKOh49gXhFQ3SKW2tT}N85E(?e2>7}dE?KY+&VoLk_)eITbPXs}_ zQSc&^>v|JMS79S7TxRP9q-I46-i&S9Di$q-G5MJ5T7<-Is&vr;(1K%W)v&N>I85GT zu^HD$ZK#jY0=!Cw6?MRswwkME-3$*bMF~m~lp-ETL@BZd&q9iXD`)LDmTsVJr@i5O zx~5^^Dh94Tqrla^x;0({S9`sydY77p**t{0?%C`7;~6(Jb;{H~_+5A4g_|(scdZfG z#ki!c5rvVh7};uixtGsZEb_jVDv=r>MPE2-q)k;c@h_&Zhftj)l7tm0pO-mRy69UI zc|kiPh1G_Rx*JVN#ZvlfKA!fn3o$1w?Ia(yK{S5vZpKhCSey_bG|VsE#z0p~bcXA^ zG0MyD?7-1nkgsE$Ab5N9*(o%uinw%jm}9j-PjaI>ONUjua4oDK5*w zcXC{omb~61m;HeKPk+KR86K_a@3Tf7Rs3#2c~hx0qi$+BZ^UeC}(+jSsmy z|Oi7%dRJ!W!f^^=G%IOwnSRT0*)@xmJ4&WlgP5Qe>${#&93R$Grezg zX-G?|>czVuN>Ne7LC_9&9G0f#R@wb@Z{g$Z;P2dfuEQO_d`o$uXrX+xyuWIP+E!?m z!>_mex^D4+4ZR#T;?MR1VLWJ<^JOZsSBlQdoG2<^O_}-^zmxT^^8As^^MN=nE-o&9 zd-JCG_u}GW``fB*g0UoU@s{rlyMi_72MT>kbVx$rbcEmTqw@#11I zuHDHU2?SODYA!l&{~eqRK4oezA^iQ#SJ=h0e!0yO-gy1*-`;(>`cLx!eHrCnKY#xC z9s2seRzaE@BmCp*-*3Oa`~KtBILK;s&r?CkDyUp4GA}n()am9mJtK;)&!D}J(5;RB zgWv6Hp!GM5_8#42Lbn0%F5#-v{R9G?UA;TcTzi6QPSQ2><(zvM*^qxe90MqwJTV%W zOTiZ`qn%!gp<&GRct}8DamqH&|8}F zA{!D%-)9-VBk4V#Og^!WJRc9kFT+gx(jNzoJ|{&*a$PDX5JB&bA%f&N&6(V@`FS8; z4k6s+n}lYc8oY)u7pO7s)WQP=^gqEePW|JB5)t#_wGR9rLaUJ1(NB+A=Jkfye0~F|H4cdZNDY(N zyIhQix(Qxny!aqUN^huOJkux^jx_WgcDqCzVEz+UkevP1ku|po0O5Ub#?}k%X?shf z<1+TN_ing9l!-}lLydt`ltyz>kSWdnU^LfnNC1Pv1J~fek0C2#Oqxl5?@f&ulZrnt z1JMA8HXJw39gqKP#|hx;iV}rl;C+DOw_>0fW*EBEy)CkfDefu5WIU@Qf}qT z0PIM=(nr#K@`)Aq<6$&>Tc5~`Uvk&ivk4#@0n{ArI6KpYfJ_=EsMg8|MhQJS3ZBt- z0K`_vZ3t+etxrrrv+Js6fZKFNv#KenJ1zLr&+mWIw1OQfR*51uly1^npYYH(T(Bfo z^%c9oViATC+5(_9V;4B2>TH8$;?6ce>pFJ9VJU~zgzN$*&S+uqlm|}Q+oHqru)5v^ z-Ey~K0L^aHHj=|^XxRr88W2FCVFf5OjzDNQ(D^{wbk-SEp+jNPga;56G$&Wke^<<_ znrcn1t)Q*-`&IDBcPilf*K)I?dfN|pQsGH8CIzQ|QlWZl1{4~WfI{Q6g@yy2P88bF zWw_ix zu){csW)|)Tb2993PJAtaheh!EFo$VI!V5hvPJ*MN4_i1lN%t9m4~1+=T$0@_s% zKmpoSHGp>2fG?q4bsHDjRS#uX1wBS8#pk>#b{d9!=l9fSaSc;7my{QZuwr;=J&UqF zVhY%E;H~NSy@3qqRKf+qODUhv38aS3sV@XA79JPDI+YMqM`-!1d*HlQ(ssJIW9YqDOe8uYVkas%Rbs^Zj?&)G+AreNrwb<^iajlLn zJ8B?>c00*>7nOoe*w47`)a{vt-1*$OGY)~x=45)%dfE*EH&veB@SLRpEh!u+Ih)Y* zG41X+Ifw|m-B@y|ZWR&0AQuNFx0ep|XMZ_rFC@87#a%Q;uT`K@yaqfWb|8NC4XYGeJe;!yEvS??g5Mq5zzx@%M^WRgb!E&RN$gpB zLRel2`h6y-obepE+_u@fR$BKc++`<6$I7j7)UK^L-&LzVo;V~YE&6C8>_*E(v(uKx z+a`7@#&~quYQ>Qz?XiL>M)GT#lSe?4;$1xOgQ28?@hm6`S*0nJGVlp!d2e{uXIz|{ z*EUdy%_*-`K-RS&=+N!=>o4jviPRyyv`tyKv0yFx5;XOO`gjvp;9^Zv*jdMylUWL` zc*?;+hhtC`N8q5KBx7h$=mazuZUkGfoKER`nUb79iw6%_R(LXHN=kCaa%NG?Ym76AWO$>u*1|IZjo40b z)wZ6uh>KrtWgvTwu!Bp%)6cvr!l{&&-%n7IeJ%3GZ=9Z4cdsOL zoCF5D;VB|iRiZC+56~C7feU@1S~wj$G5SKc0DYl82}NHh`a;nc8UzdaLXUm(9bqNSFsM?pZOtW`MN`b=(410*oFq`>c>xO}_!%w80pm z0<~#)O2qOHGk?NU z+z_C(&kAY25LpUG!-Q#3kF{)b`-v6z+J(2oZBi&`IiqtbNPdNlZhejpR|>Gv?Gmuj z?KWVeTWoYYn8sv?Tk&`tpr_vD4jbL-z?p5Z(X9?fXCG{I8Kx83zdY}*+-44Q!jc!+fjc!4JJ-s|*wGWARQdP01 z*AqB?W$fu?1n2#eU{5bwoY>RrFf?LMuNB}4u>7xckKw_re}*nkt2;>g7b zD#ZXmr5FsT6nD`Wy;gxr@fz@i*n#-jH>^@@@h~>J?FFpGw1Eq2F=^p+>QrDYrY*o) zOg;(4T1;4r32QM0!Gg7zj(zhUb1f!pbc>B{gUvd=oJ?$V+XvX_wja=-uz?E=3R*ZF zWeW`oTYv@ypM;`80SyXhP(Xu%FOrf|+PueXP{2mFp>~}mS74*tV7_;3bc>B{O>mMo zdTex?gtvoWqg(Ui*yz^wR)CFevC*v=9K8BaJK2!WhoKR>eXRgbh#iQZ zeXSY8y3`N0zy$*;#RiogD#c(xrMQd6=(P$|ir0WA#16#IzG0POi-)lV zZZBY!rVU(JrAZ5?Q^5kOG;IM^Y4S-ZR%ya2O<1KV2o|i;bnKh=n5#5l3tVi08*J9` zt_#_k!3TRM3g8~{9e36u#(&jy8g95g| z4YlhmxdL0@2J^jR3tVi0Yl4%!(PInTB)lC2Ti}`>#}>G@w*qW|i!E@?;2=h^1unM0 zjc1!+3tYdHVhddKg>C`*LN{=sFH{SsV<$#m=oX+a)F+|n3q@Zj`a*+XL0{;xZ{B0} zg&t80TjMhc^skI*mKrQ7WSOQp0g05u;*+SJlCGH1<$C-&~1s(Fw+|2 zEzN1F^i62&CL(nl+GKknOU9n%W0)xTrj-`Yl+cx zWm=)U%88WY?yIMCwhu&&*g(3zbv7LP9prsJCD|!x<1`zatwmMTcm4ygm`rCht8%kz z)H7Om@F^HEl))#kpe8G}hFf2j*so@!fLa3_C;@CQcz9Q!m9Posav%Ys+=D~60xf}E zpq3R8HWy)VSeEtW!Rq1w4Z;db1vKO;EEUiItB_QHuW_;}%bd<>p-A3H6eG_8?Kw6^ zZHFytzD3GMnX25^bnJ{%a4SprP-P33cW7d4>cWIz3A?DlU^3e+Mlh_^sT}hTi??|*nZ_*oOb(iru(fdUG zPI<$P_(71A-asQ8Jexuk5rx#!gwK_?TM`p-_Z*s!2B$>Gq~3q=fu)zCDoKRh@l z!HF1{rUz6;PRTB%c*%1JR2F*4duk1)*dZ5zDRvP@l0_XyE z(jcs`mNXUAXjEN8c#dgIuJI6L!7(W?ZRA%T=rs|Z3L2Yu zblco88J3K*xf_bU(Md$vg?72%k!JD1YvjZvFj@K^IfolQff#GwuOn2Q&m7bT`hKwh@) znd7q_q>>$4q6)T%MJJ3+%PM$AZ>qbT$=NNcL}65-$Si*=9qpY`g56by6t^{?kJ#ej zj6W0)L}c%70H%4=C%ruCrcX{7%`>pnYr$DBa;?%wO7n+(~08Cx)E7j$?yVpq&?4AeS^irDV8 z7WB}0sUAZVaCZnK`@*5`y=e981#Z)O1?@iQj1E9j65R4?CAD~Z zfA9c|j3^@Gia}hG^y9}7di1AF%C=-u(LzNK%^ueo5ID1<%wl5Wkn-DxBboX}OMYlE z!$gx#9NHme@pVcrSzHt?7~I+(lg!I2si-)3@HH*6lAAK+ooPv2#NG3Vb++J@8JEBs z>_J&2rZ1zSIiM}RBa?@Zu}Np7d{?R2HIpe{P^cugy(z8G+_ohs!XSxDPiq@DDQ@9@ z8iA;PM{+bSx&LEPA9{w0RAW*FHZEK1)m$h7E$i_7ER|@g2|!XZLXceRqqu3fJC03k zF#*^Y2v@bEIJmwalM)wN0*Gk*3KlF{K3T$A@61(B7{I3w97uo=zwQub-lT8Ya&!guIOzj3tQNB6)NTqerqj6mE2U z$(_a)ER#IfFeoUr1?NE47Hk8<*WitI+hFlE*oKX-;m`~36vW?xhd^SRa-mD4M-xnL zmwM`zTANOxo9|h&fmO2B8c=@sf=g1>8a&97VdN)+Qm)qEVIs-!6Db*zkhO+bCNn_N zCwM*|PB9vi^tFa4WW%78ur!-$;y7~DlZ5^(nPuNF?_|43L>F0zRRDHy zc+cqkcg61>)uA1hQ%K8nCpwbY{FQ=EnN;y4LnvAheVfxUsfnk)^UAXv2Q?NuTHGDl zqa0WG0h^O)G{oG~$NI@w$iXfOCMY?NBw`hVp97GTj1c@B&zWXHxJ*e-KYqoNWCNx| z(FYQZ=2i->Xj)$cuZ_La$D|9zly{Pn5yX^~`TL@#3)oc6`ok$M$dty^?r%xbO+;tB ze3XhtQx31a0>u-=Z*zbF{YTF(wl=2n%-HTDaki<(Tm(2agJ^UuHsb3@X(L+OW0M~` zEita!0jj;;NlHdgdt*~^HYt*2G(`_AR&^oE85I;W;r8I^zLB%^F_x6I9kSxv3Gl$? zXf^@xK`^~$UB`e?`)8%{WhlYBiK5~URxmm1HUk(b*6FgnM99Y?ZHl}s_7$|g0Xqki zil}N!F!YIwl+Qb=ylbb|%PRHKvCf*iJr^jw49kgB-vudTGv;^Jw;uuAW8m%@(~mME ziiX58r&9L1;D!$`D3N_>9K%Q7=O~|}tKP$D=-8SK4`A|rNkbQOKT5!DyUaMh|F|bz z+{XGBzq{@HLTnpTQtR~{tDc zVQyr3R8em|NM&qo0PKBRbK5%7V4nReSo5^|V8=PhoNT4)tKE#9lP@#5xZ>n|4_o^H zlaPclMQ{L6j%REC`xZ&bx{*Kw1Sm-Een~|p(G9TCX!LcGQ>xBWk-fZ{5uq*~$vl7I z87?m`FMogYrup~s@^bgz%fG&T{o>W@w{PFRe)IPAtKVN-zIuK6`(Ixqm%a(5%N)*ZY^dcon<@AE_mnjvBO&HDIC4v;`jEc_3W-QBS z@h2s#i|N@eaf>ZdE-%jx{plN6 z?|((-Wlj{8FH@08pMpTU|9^XR`P*;1`~S_`zh2`09|JbG3@I7?rD#$APhQ;r4_R~f z;?*5hkUz}cgclRL{;)4W3tT2#>H0QAWViF!e}yIvFPfviei5m78wR@Inh_j#wen{~bKB z768**(pSr|gJ52eywZHfaH!kI_}xEgs{F7K5rRB+K4ZXT#L_>0@5mD_QhNJXq#tRq zWZ>OZZr`oX&1s{NuVF^>xj#`_Yr9=v7&z^oFWF46YuNU!JI-@TioL%t_5QCtqG}jT zf|lI>sEXXvZx00(a>hF4gMP+}%_*(z_% zzR^3`zwOiw9cO1uj7EL$ndhb~m86n%PbuhUq#ccM4LwJn{=iFlp=i-56hJc9AmV9} z@{ASJP~-ROIYYUK6>MPQYn5zglcX(w;g*5v>4i@n3G>W z3$h@r9V77gPm>uU=z1`f+OY@SBhvN``?0w#j-U*0;=83eO%?AHfmV27%JICuihcN1 z3M!>u8&4n_IUI2d_jGUfbb*zon%F4H$`ShpHY5X%x~Zq*w4PgfyypC`J5{h*D$^o`n=K1ptGI zF-)o}Bp5t4!250t5^lkpfP#b#w-82B=mUvEV%A%wLt{1s8;3*>2|sQDD4=cJhme5e z7Q#EhAR)?Q(EO>tlNv~N7dfa=YW^ebczuHGE0pXm~S9_~vy(}rF!=MZw;7twqR z4;#jNY)R+O%cR;f^J=WqhP`+caw63aK?>Q7`GbWMJvFAEWkwVYiDj8K9cp+%iR?QH zJqXV|F7P>e^XDLA`xYI`%==wpb)3AFq~A5mVObgVm+_uf(z|SP^6M*o*hSZ`73$;u zpzrl(we*ir(1-l-N>HNu^255`;&-*0Kr@$Y)BgMz$Ke*U`BIl=7!Co^|pmgfLPvJ2tUs`ld?Cv zwtH;&L?MR$<&)v_E}*9Wu?Q-ON+U6XAJ*=CP>0a+v_aXo0WrxZ6d@YWs*t;2$CXK| z7{U_$TChDG61d{C28&$27974p3zpwv5H_fwTtn}THvnB$YoMO2RbaIuabg~eL#u|0 zMIzIlkCV4PUX_OnDzDVH$?ap24jZPVMSmd~=pbVFbRGy(9xmL5FIf$@*d(sQ=n+@*h4XX4Vo2{LO9Djx(g zV)=`^FlufdQ2`B9Cli_pGd{spro)AL0?kYCsXW`*QINSP1nQAB#<9u{0}VeXBU3Qk zdvx?b^NfvQ25geCyH8t~VV+AdB?}Wv*g99%1{Ir64>m>s%qPcw_?Y58-9ydvh7kS5 zL2LZbzp62K=wIwLa_C<(7&de-_pZIhjL|<{H6&`LgOr`0o;vp|UXi?A8Z76_ zjvyOYz*^spSC->Y{B*s$ZQN?B@v?Id>a9HHywYJ&gMAsL z#!*cg8!VU9ph>~hLg=-^y4<1hXf|Ic{NprVCBonYTq67eG(<4KF}@fEOTZoOl810K5R<1;~~N zya3?^$S0k60dk!(UVsiTGrR!p!}GoXb^Z*mdqP^jum9^47F5wn;a>4@ueq2rT-J@BcUVR zCYYQRrmB!3z8Df(YK$d5&f<*5cwm3}KQQ7KaM#yguzO>AW0Py0@u>aNUmATpxo@<_ zH^7+BD#G+hzRgKlvSQjFXKEW%`Q!%s(vI9bupL^thkWz^%ViE`M?;-nM(LBurj|KQ z2Xk*zoZ$zLzU|HM@pbk_?TO;Y`U;*v_X*-#B5K;tz?#k&=A&5;0KG8d($jXu{Ssh& z+%KEIAOC(iehp#SZmv1_{pX)-RTyq2*J54$blzNY&pJMqanx1;*&KBFi`|$bXQZS= z(J2>C+0j=)oEVo5zT5#HHl9>T(_T$0VSS5PgK`BitilQ+e_4%sZ); z4l5_fm6QD0c^fK)g5D|mOYk+5vy4O^QgBVNZ-LhDW&oV*FVr?BU zm<7-puo&M4U@^Wy7FaCC=X5W*IVV#21k zG!=Bu_USfiNh)a*iY}Jb5#QJRWZ!*upzo>SVjI)fisAhmzXPUcuI^g({{Fh&3EL2B z&-QKdJ1GPlrbjw;;XLnNWvXHMRhd@LQO@X=MYrrTaLaDEKRz<`otAuWRr+^GoKD?d z88gtM`=o6iy|=jUcy?2hgd6jqKNs*O`g75r+XDJ?yHTM(w|_YF=k7mqiq0YQ=b}Hi z1JIvqz>NM}^ylu5kN({4XVISvz=i%?^ym8Y=L$MyQnl7>#qVk1&%rAj2iaFL-*Q7X zKb}ARI@A~WeS`iVHT}&aJI=}dNk;3fRBEqgr;Dv@pofqCDw){V1RM*)Jn=!GnH~RT zoH8Y7$$jj-lBO5+SQ~rp`|7`-xPtkdsg0Mf)<4(=VC**e+Yj&9_}h`Eh%c?uTheFs zRihO)cY+lA*LlbCv!wl`ooD%ixL)>cW> zEYf^8+vt;$=Q%5;pK3X@AYRU^?z-@nx@ZAt!LhVzSlBciCU3IX zjBBJe)W>K6UM0hdI^arM%~i8*h6k3S1f>W{5f3Dy6xoAkAw|NKv-TTHH_*1z-tawL z(=c!q16Q9>;A&sp8n1z?z1~&5OHIRU9ztFB>~;R}j2oIdW$N$zt~>C;O&IdK)`;w4 zT+-Hv!pK&PY&E^y%jYW=`A|!hNDYvpFB~<}rYf5F7gN|ns7?||!itp7%bY4*^sR}! zpq-JzYC}ieji#hxDg8AcPkY&gm=l(El26(o8ozfpW2hJ`P6!Yh=9g|`psOW1!*$*m z<>hyF;Ak$$*D+2IygmBt6q?oXa1$}Fg=rOz=Q4wNE^EL%mu^&;=h8nM=DF-YbBaOp znCF6dE*${oAIx(Z9X;l`V4jPH3e0nf>+mr-V=>QVbYpSH&pSUIVQ76v3W&cHm*wC) zIW9{}UT>1ie!%{6oHh(&W2B8A9HQ2H6J?seYI0=ajac_v%oJ1H_g_ch|ihuj_V zNE#?Qw4w4BqCXX+Q1D>%lN4FYyb(d`^+`QRtc*@bm8;vWaP|#RbKU;^yyF3#_#%1E zA85Ay)}{!1-#&2O^@OubTV~sQU$4-XNb6X@(Iwh)VXk%(S+@31hjy>oH9dQ#_l+(M zX-QSRcsE2TDvCG=+To7F(zM(vyPxhIe7qg}oqNx9xZ{^^DK8W)l#iD8SM5;S3e9r( z^_E}PEgrC;m%~Q<*EEFE6+Mee?V4-!FfA@#^*4w{Ks+dHed+?=LQ2{r={+-(Dn_p5~~9N-82=Tn@&y zJGmo)pz2@EMHlVAgOkChOzkCvf4KPuyO`E5w^_m)umA1)`>$93X&#_2qx{>KFQ0xu zU;pPSNONO^zkmDN?T`0Ae%=}fS*`9xDkxb6l}knD<)(@{-Mpq}MA7vbwD%FZwb8%x zyIl>m{)W-sqnk|VHUQowTy?siK%ld$cjuXFPf*QCx`w`-a}OgM^3R830Hu>BMgwyx z_=07$(@QZl?0Y{U+sCNg$=Sn4mYw|=hK}27rmp4E&Spyt+km8sE$B5RSvsz2}q3XV#JD<6-z^m}y`7~1Xu<`^EVauk z^%#!=pI`4fY5%;s6Lw9;xXU+g1YH2xzN9F)BE2&D=`qW^-VmG5Zy>eCAu#}{VG?_n zi}6r5!HbL+9|cM24Hb-M8pXnqhQ7mYmxu$*f5HlqvwwGF&20iecpsdx^+J2v-qPr} zj6LnW8}1KfVv^iYW8f5}(VP@yO0z#0&Gj1+z@YHJHF)r2$jTU#X3{@;QzOQt;?Gxs zXaK}=t+)UXNEmJzTFv^v9HDwkEsTL5_`$qNZBsC==Q=5n09?N)`9nd)cRHbh7CmV; zD>y+BcbD_@{#(5S*Gmm35H+yy(v%lU@H`JDYG7nQV&8+7WCBFMhr|yE-aRcTxAJ8G zcBEhFBWXVQ%!>Q*FdDwCPh`d~x$EoM1dxpYYL0fCo#{eACXEwRYh?tZgdQCQ&**yq zVk_h}1hmiAC#Im;byYLKZ91b_)s)no7X0bw55H(y!44IxL=hWGH|ecUc<380SQ4xH zid|r_2tx^N0Z^N<3mj5)w!t!SXB(h(9lPMLl*4L5c7YRTv@m$e11Ifm(P4R5U2lSJ zx!W*+W;bdZ$ze9M>;no72%ylg0u&lYAT%84e4uPP>kO*Up)hH}1BeQmlPl=ID&|#9 zwIDtP1v74ZFQx!F;@?FT%m@T3}(g3~{#P`xz+3Jps@p>f(m!+}mG3hijK zpbGqG$uqR++S+v2YgX&Yp*7zo`bXcOrw;~f8~1Z;n5Lc#5wAlI-^Bd@PW;IA!IFL0 zVVp!W3-^OL8Fn})zLvnlB6$56E{An8s4-I?*oRVf!(nw>FKh4c-5p zu8MY5U$iD@S4F!j+Evl6nxI`3?Wz{!qFvR96YZ*NK)Y(h`Z3y7Jrddi+Er}%MOhy) z1?)NS)^z;dKn8Rw;R4~Ml+Wh`QbXs|7lIZGkBeZPN(ibWw0zb*aNa`PHJWFHB>f@w z`{#Kj%jI^I@?yfKUr6~6`uLqrMmfq|Z*dMcxC1GB7JK5bl=8Awrw>3av=8*|dzOlD zQ`$0i&bBGk=ZVy02-`G^+BAu~2k7Hn;CmqyO_t-17$q)|8*n&xWyVhZd zT`|KkQ0v6)ZC4mn0rmh@fRNOVq5@dHV)b~)J00x05bR#}bTP0H38URwYNC#+e~XnIdY~ST zMw!m2?e;o?kX@CQw>-Va6Cycf_O)gV%NI&PZxz>epIief#i$f(aiUTjxi~?k7yzgg zg8`M|E*hiPDo`n21D+5&5I_5dRf;Vh&e?(%RLUE{?+$I?hU?9vsPWdiGG>n?_N+Z2 zEUyIpF%wkIcn(}{+w5H{t$P&ivXi4@<<>ZA*Vdfxs#PCP9Fmh3eKZkvqh+GmY0Kkn z6FU`SJi2VP;z*PBSiuw{`8CbSBcMs~E*|*7P*TBo78Hf7(v(UW_=K~(H$3YzF3!zs z8z{u)lvgSs>skJVPqrYzi8u$FxZntDThx```rv8E~PtmDhcECp9Q z<=~*hF{p|oa8OW^F*GQ20vZ%HaG^m#3#X%Op+R8_(4gRxP&6o@K>-a4Xi)G)QgTY0 z_m~X|s~mMuvj7`5%GsPjOa;ln`h4SDL>;hLa)qG(s;I;j3*dW~G_3?vk5{}<^cO&Y z1idViJm(KLf-P81r}TqNNlu`}g9j`tJee{jCAnicvnb{@#+gJiywO{0;hBI&Y$v#C zThCj>#V@xqkUdA(!KL8o7hV@8>?9}-TS-+*q~V2n_K z+B7_+VgWEN0fl)u707C2D8q4>8woghyK@XKki$ncSXjqG6JwJ?8iFMxB_f@fKjA5E z2+-PRg*0D?EQOr0DODs0J?EzE)da)kOPCRuL zz}90Qg~b~i-RcoxE75HVvC(ZHvXDDHP>79g2jRy?w=2L#w;;ftUY@bqhr~Ons@T)( z2^_yN_VhA>^ZrS&r3h;#3f%w_inlY>k`e375FrZRwz==w6X|*Rw=f47#rR80@h;Mz=gG#v~W6gDzFyQ7GNzV zpM+v9CalGTwU~ln!CFkmzIl(i785qQ#YVTmW*uKnCN{e518j8L4`@)>z=Z|{Eu4V58emyUvm;u+eQW-#a$C#YVR#ILRA5 zHo8s1+d;6=t@&|mbZdJnz(%*&=++DlViX(QVx!x5wh1=6^-C!>x0s2CH5{kZ1^o61?Gzb>-g&zCnJ!W6%5jDCcVoKGOUH$fOQQ_Ek7yIsF z-(BG2hmIV_zPo0!uoNC3T z;cBS^y!WTZZl7+hbd!cj+j^j{RMp$o&tNy7uKf&TI`1sk)9@jmYT@5DJtD^2#D~r5 zJp}Kvf+=i)>veRvpu`rqOTZSm+kh=_u?6m68j~Ro$K!F0o_hZ~Y=Nr-XSTr>xH=e} zeXs>?SYojSZV#Xe(2MnGcH*h40JgsTD2&h80#}a+n~ZK#h%Imfk%ippfkJG7I|x6v zz+C~hzy$$z`|^y{K3LvKRmE;!PvH2KvD=psocB+H-M(ybVz;lu(1_i>R)8nO4#dyC z){J3Y>IYlkf&rCc15Q+mBNr#A6axU2Vlbdm+(l#bS_LY_Yrqp?2jXYnuu8GT!`K41 z7qCjx1}?19q=nO|V1ZSdwg9U%`6LvpG+~t{tkM(&3sz}5_RV|DRhqB`F1El8HtYCu zGO-12A7BgIen5l51}-!xXyJ5}Ei@=>0U8v15{d=|G$^1!0SyYiNJ>s=^B%K70bAgP z+I5y(fh}-@`QEVwF1Elm!Aaieu?21t-VTB-aLtcn3tZb<0k*)!7Pw|`5Tn=v7hB-Q zvrVuCu3t*A1uptRw*Y;i8@SLHs)f_B6QeJ53(yzplTh@9qAwJEp+T^qFZ9?q?=kyA zkEjJM_MF9@v+*^Cj4gmXj!~_)RQlZuoS3LB)&`?Zxl(W?c$O=Z)9Qtj_x7v{EoGm|lam#Av!Q ztx#U&M9OjZ)l)j#N1{e-AYI=&8;<<}@;;xE>=d+dnvKoYqAKb;{{dJ`rZbvVx!E=9 z87(~c6pR?k;1gI-lNDRTtuIULS2I#TtpN^{0JaxAyerU3*aUMqkN{Ec!J%7$mcTAh z%Zdn_i!eAW%lh(Qb#Z_OVTGjv8gdnu3TS{;NGibBI9ZitPUo~xByS{&k>`N+92=vy z!xlB)BITn@Rqks#cE%~Vl_h+rvW3e#G%+@HVM4HkUDRMOne7%M7*=SxM+62wSZw3} zB9N+}$0QXCmeTiWYRYTyt-f#K9r@}oBZA%tp3?TNBuk=qBwC_3>5a0w%lMq=eWHG+ zyx~UtC`d|gppgxpO(BZsR1l-w^J0SWuhfaOmrWA_l{1Xd2cZ9vqY4 zL<~&R11ck@WS3IBC<%_i)kU@$iFK=ubI3* zFfXPgov~v2g=f()WX9w@JfC$OdVYTY6bm_VNsoI5%{Cpc>_}jGpwh`!8vMZm=mK`q zAgr*KG!@inR9!=Oj%iG;@epLeF)1x)6aUsKOLGM;nBvf+TdPZL1=envOHF$4l`Kj;hK?RT_y-jo*; zHvK{XW%q*a!i-Kxm8%i%yl^v#g>v+~-92;gSMx%hO+%%`p$++%ix;04C8kI~UbgO; zVN{~XEPpE6-T*y7=g zKNJr{WbbbPrg_vSy*%osPfi%kGqBWa!C5bItq zxz?Izf|~vgd6sLwYV`BRG3>pkHotadj0aMi4B37eTQF%Cba*&oSIlq>)H;ZY*zUC! z^w4>!9zzszv2^6oj8&l%YFDFT58X9vHOd=kr@08zGa^Uw=0Cg+t$a(dyR=+@|*m+I`R&9e|`HxaHMKYVq{` z-~kvJQAEZSgSaH==g%Yb=uexJZONpfg^D1WJ+3n#aArlB#l*%T<+lw-GWDI7{Lo^C zi6)&mv_s0`>y%uwxF}jMxV1ednU_~mQE~9#Yg%L_H)YB@(~`J|yXO(>Y{4rtE`c@J zgR)9YUq(f9KwErACJ!HDlg>!_zEZPmCR4tkP)TlkQ(B?9ZA(yuK@yjq);4ZZ+`|1d z0#W~pj9Glo; z0p%>mMh`$97fy6fDLYGL7CYanV z_0%i1Hl0E@-?L-`t7NS;p#1Iym!zsSc#tK-$WI2PT&=;wM3UhrQZghVYYnkXW`Lwm z@O(a;Vl*V_YYkDzhCwM|Ylvk>IVX&*A)cwYrjxB9mbnZPbjPI+J5k&E;!tB-0^Yc- z0Z(+iafc=pZ`>WQ-O26;zo%BWtnuq_R2ieiapb5c3H?uXgIyF%P;wqg#3}|q2OudKA^16-GtGif z44#S9A0|`iYJKQ<^TiwkDgs@ZA|5vvE4`FY*UT72yko$(db%i#MhD1MzpraCO>pq zVqCWaRC~RXl#HPE#-`$IQY6c0iXK?3>Oz(?Dkx^c?ZMN1BWLMjEGcU{WW~1=;DOE2 zYy#keV0z8Ejsc_g&r0RXP=fapMa3ViU~<-N1~5{r(`9>!kdH;$6nRLbpJhfA z4T)t=rR;UV4If@mBKy)fhL66_Q9egky@%7#u{9eWz~uXqhA!xSlz`iInQ?yqX-~Si zjrC7{ciZ`e+=i<+#D`xrtrX3!JW2?D*Ay1XKGK4=v0G3vx6=GOqv+g-shS;cPf7<% z?fkS@rc@=1SL^>ZpXR*1EVO@EmRZR*$X==-%U{l3ARr(h90dM<00030|6i?MbO43} E0E%7c`v3p{ literal 0 HcmV?d00001 diff --git a/released/assets/fleet-crd/fleet-crd-0.3.400.tgz b/released/assets/fleet-crd/fleet-crd-0.3.400.tgz new file mode 100755 index 0000000000000000000000000000000000000000..c1974f4e29026b9394c8142d799668f2b9d9248e GIT binary patch literal 9990 zcma)i1ydb7ur^-c;O-Q6E$;4C+`SZccXuo9?i4tLye7hr zy5DeUb?}h=dVbo9y4#vE$o-{S5|~`^d}8vhf18Y9DkJWwB|Uf~Shk-mb>hWi1Z|aa z5MBIl{ztLQ^TS|Ng8=2NcPkbPHepHrXtM@F56C?I~z1}XCPLZx|7U9c0Cs5!s za%wz_n%1C*G*JLI;Nh*?^ZE6vX7fDjbGiHT0dM*f2k2ocHG14xApS1s;rlB1tFs-O z$*zo)Y1&rnPv-?c#c!tyDG7}7bgA|`y9(0ray~o7fxR96L<;${QmGX7nuIqQpvX^$ z(L2k{y8NS2!J2Nrc2dg+4(`;*GMSv;aw*&%T-Zsb$f+I_n3%Wp(&|qio7-NB<5_|e z7Ww;k#Qzc}(NFV>?9j`h=t}teOFPU@{(K(!y*GdQ=y%@`f8I2kg?GO{etHR%Dksov z^tf$wEVI9Cb)9zWMmSLb)b>^={6m5jz(G}qu0Ltqn9=vv(nvC z?_jI+tF#@sjiQ&dJG$q1_WS&#m&PLht<}G~CU~2GbyY3!`Ml=BQ|L7Jkw#v;{cG|} z!-Q>*zIzeAEvKBM5MBA;^iRb_H>LE?1Mb$*leMBQBG-?WdQbeqy3qm4B7s{=spk&z zKz-EYskVf_X_D&27DpPTkaPsjJRFVYExJs& z7A{QQ4w*74W+Z3)$HR;L-ZuYG=@#9;<&J79#UMx6zpMN_&sv zQli641UNlzo87ul(|0fDbix?fm$kA-*^0D-HQ`Dzj_w-{B|=g8dXe0%pK9^YMi)2% z!+u#4C=$y-~`BrxaBdgOas*2jROC5s4EMurv}QDr|zSN zvmr~a_c2^xaJcr$jLBOEpYQ*Sn`L;`Ou7d^w}ZW)#gglwU35_M40^vx2QeB;Ln3%N zv3AAdXW%b+%(uaAJR7k|oUt?irQ6P@I1{N}1RrU11#eB^MI32-b6}{)uol;5gV~1E zoF~Twq|CWlj8*z<%*)59i^-M02%iZSXOnhi`dVY0h0)d8|0MDs_onJ)60r+)?>WE@ zRTN_C@LzH#3xm?PPtk}Q96V(9m``Rc;RSOKSkc%2b}wMLGDtKO+l~OMp6oJoWR8VulJx8!=af7K zWZDW7TXu0Pd^%Dd0`IWiCOeo=HaLk)%wG>qy~;Z8|eCpm?Z%}9QK>bn&>^yty+!B*Yh-`Q8DZ^WN&{+54+&;4!h ztSkIb$DNCLv(TBxPoL5@H(kRdyXJC`GZDSq7hZY9Y$BJQ;H;eGo%Tn8xfK1l_q$R* zK*n@S?Kr^W@&Y2akkb!|waIR&mi`$i``4DrPA%*>;{f=U@-ptOICG-c^o2NyE7#e7 zvLP?9GRI!;&%*Cy825~REf`5<;>RxL+^wbeW0Z^@1&WO058A~`>ZX#xip4k90!D_dgQG9cp zD1X`II6i`|BSZ*b#;N*$1BLWpO;Ar*aUUhK^pHWj)<`3VUoD@ z+GexTQGidro34`*Y9T7Y6?7-UoE(!5#SN0f-?>2bQ zGgjfzV!4_xt}n6nY*&?Y?b}2o*F3jLpNQ* zQw@hR9k|7IGfG#&uO~?8={l< zp(vfZdF;N&28%d+_e>9X-1jxO2>5NOUd#F>L&wB5cxdeN!edj4aSVl6Ow#&OBjf+< z5L1rE)!Fdd%W_9LsyUQix%B3{0B*x&|YN9#^R+xH08_&`Hmo5X$drMkD8 z2CZ)RAoM(~XGsM4!GHS0I4QyS>X`l|TcO1eS?>4=2*BOl=WxjDK;}~ii(0Tm>wk5g z27wpX{i`}!P@nAnDKIFzpLBWv;}d5;2I9qLMWy)G}LpstXO_c z;<6V_yl84LAg-#e^inA$lH+@uX}200#>TO@xPYE~q$`8E!)WvtzgM{5dq8!jd47^( zrq7*sx)s+FKJr$?dihrrk_D9U#0H_O4f_Z!I*_v}xriQdv}dqMroak?~WeG2xWVB$MnDqFq=c*a=Q~ z<`1E`_}vOJ!xHA5onfADGT(uow10;?f8M7`5G%$qRe>WjA11t;q=?QimqLoLaNSBiewzuc8^7j5TJ$@5~ zIv$!B48|Q z^R6JTooK6)l1pKCh3OCOaRPr5b}060$^Ixvcvv0{6x4%g3`Q=(Gk?`Vo8Bt|Qdv<9 zl-`#FtDcvHjWS@D>8HJ>f#YX7Gn}}l0os}DWq<88#$P6G9?!o_7U|?>wN0@&6A0#r zUrLa`uKn)-`lVE7Wn{$_1Kbg{lhN`P_CwAbn;6jBmJOfu;V*?VaE_sNTVL;wCptqu z*5VMJ=?K;3BrJRr9};DLzc&Vf$CH$(hUZ_yysLXSF-ugd-Vw-yyNVD^BBvBN@x2Qf zP;QDrei$7;Uh#r^=;2E`(tsx#${)hSzB5y#l!n&K(GjCj)&UFwTW?|1KC>y@6xpo> zkk=VvEdKF7jM%1!UN^%k8Rq5g$21Z8IgNX$G;3Gl_Ix9gup@zi@Or`!bRBSSR;Jdy zMbbO>ajuOEvlrmfD#Dm`o2C7pjmS@~Ev4LdX)t~|8#Ch)x-GU%Rk=T9m8COvg=_z& zeNzaqF$1PuH{;K`=2pwhh2)fxVH8HwAd` zrAV^uHv1emrYno4w~EG~BQ~~Zul|;1DwM}2RD;`ya^i-4ugW<;k=^KwvjY}L(LLGxcct%J=cOEOUtXhfOn(H%w(mPvzmpIgM(4UN(CiWx5 zJO5`A^pVT{K1s$qYw((Az3jzFV13nUzSp0$>U7$cwgAHeapE&N(ABf8xqao(4wbQT zlewZc@ zXKJb{Gel&FYsd6(I2Z4GOhuj?W$-dQh$iY1ioWXk=}Kw?8Slc+vP;f-cR5N(jb&b6 zxsY%d6rY6KewNcGZF!+fYKY6w>6*=dD=N?gY|^_7p$sZLkUA~a#)ITtMzp~){OILL zv0zZcMl&b)_q1CO7ss{zmznDekXq){om^r#d`u}u#N(sfzyDtXSK`Ng5a~f+d?S*kA2Q6 zi=4u;`*T(kNUlOf@x!jT1(a$ z#$^+S^w7<9TZwsOnMDD`oA2cuBV+L+p>3*og2%%-9^SUVBkC9 zc%2QEUQAKLDQYGd?Z>TvA6m;YH-wB-d)}$VF=@aK$Kk)8VQ#Yez6Adjp@k!@yFF{q z!trxG-A2exVlHMR77S26RpUi^`xg}x${EmQp{kat{te8t@{p)iS2sg!a;D9`K3q-n z63wu1B^3QdAc!y~L9W3c`c(vM-!8Gg5wAJkEE9#5D(X-`TezxxFDUAA}Ty zoE~{%-TvfVXp(Cn@YO)_^mZPFUAmx!A-FpzL-m{ZZD_vq>OotF{eSm)x%8K)t&tZE zk1wi&+q*@f_31_uWpx@)%H9u9XG>r-o(^!0Q*Jf2T?C+nk9?R>rNUhDUb zzw4u@Dx=<<8#7mLj1s~@VS1eEId6XOayfX8E$H9ghgDuNyHxqMPG)bozh4P%`n11= zdH8popIsSr`+mUryw|85?+(F!zI{BNZ)AD%HU^rbJGR%hy`Bm3Nql z&9dukyuxmvfdro?s~6P#`psR2DFs^)0d8=+S(jmpXMZO*R+hCNYFc5IW>OIZvg9K2$h*$q~?ts{1D;#F&* zeH5ir>I3!XldxCfk8cIMP7tN-o=tBTWb`L6_+pIy=o7s^rTuEM3hzJS?9em`CiY)o zj^IBq=39`LBHkOM5?1yUhu%w<0NNMjU)8Nq?1J6p0t5HYw+LHJGr)IZS zgJnr|uS?E(--ci|?-{Xq>*S6^8#pd6*Ta3s2VWq#;Nndb5u%JiSGD>DRT!*K2t9qw z3ua8W&jHmiy~J6PxAI!C3ATI^ZKkGT?y7w~oGZ9K-w>!rtA2vckz_lkvvobgsS6}m zSNqo9V~iS#whEDFY=q544zv#X#WT(!R7vRCYeW;KCUXu^nmyaMO@o}(&@3MIi^`=F zZqBjU2yD`Jfg`Km+I;1kDISVYi4pV&TdcnY*Nlhcit`e#YQCsZLhv^fOg0s@89%j& z$}~&)YKFq9gIBfd5k=bVqvcy*q5B%LyULC{J0*0fpGv;F6^tofioe`mLwYD=wgSfL zteG(8(`>?T^ZCZclj`NaDT$)8UGn#FT{iN>2wWVOk054ge%wC&Fx{?*SLm##owFeB zSKv5Tgc;T)wiD~Qqk=a>K$!UT3yUt}ndwMKHbUuEwxd#efdCM>_&l_KtVw@qbEloR z>j}q?Jv5TT+$O7g?AWtrmty+)eg}C?)`qz_r7~#96!M9a@>_BoA+-9iP1xbSuh2M( zcIZ&i_C13rWUwr8;K83r#+0qa!MDTjLfW}%M=ti-9+K7%?W@vC1Y+5PG6Q5`S}Ur6 z!I|nvS2cqMN^=eIcG^|7+3JiuJ#RW<&v?O0W_0l%pD zmIroGf%nzllR8t~76Z7b2&=0MBqB@Rb<)S=V^LY}cD%3rw*3JroarqMqO9Mvdk;9Av> z(!Po?EL1gbYuDbF2Mhd04G~=AihwR`hWj>IJT3$subiwv%jEjNQ@Y)MI?72qB~Rjh-P; zv_VMq4b{jEPnL19krV=Fe-}7<(F)ml#UyzVLe5!-h9C4oX?UOZK}h%0r9}0)yq)(q zXLOsOnXYy`hkwVwJKZwf6S53z5U(w<1hS;#Pn1Ni0?*i(^F6p|nkxBuE~QKp6d zS?YP*Mt*%sl)B2f+lyJ9tXh%rWFBiB#r*sSb4B?K^x z$X&Cu_VL)b*kqkOYCWARZ;kR7_ucrcqT|8{AU*^7q=Gil zRT?M)XK(fw9j0VP!!Uda&gj;B79Us!#?@|s0RjbP^l#yxBee46Ndb0TvYk89TMiCH z`fEZY9Hkw~;LX+0!eO@E27W(trHhbuifzXFk_VUSn1oe`%ceCPpc$9gLb6@Fxzmfc zBTESgoVj4s9H5ZkWmrRDLKK98`d}E@sLgkrgBjSUt-th@_exs-evjPRSxFX9SvBvdCj=O1T9R?wuHYw!kdKdaBm@qoO zF~{ePv5q?Vx>0}v51eHLN0RoTwE5h7>iQCCRFo6&Q+`Al>zk}glZ(b|YQs-Mu^IFB zs;zl$k}~>wBn7NF1*7Z2=lC9|p(+$Ly!i$uoO}HdeB0LbG38E1R{m+I){eR)t2)U0 zEPYL@>l#$0J`;Z*gZ(dZuu-9#9D2zB&nTVzy)W|g!%HRWd&wGYDZuh4oe>|VjJ;Ig z`;#+!jhK`M^ya0>+%FHwjat$@H`Xo_)@)fv8gmK2pp>s(Z2Zgt@Y_RqLuDH0?uov` zF&7*{$qo&vs#*b)Gx7{}TL8c(Uz>}Nm*qvI8O$eN08ZS1`bA_G8xIQbA`JF9cQLmECDmq)u7!c=^}B)g{Oun4+Iq6nU`tdxux&kw&o z6+V=_#%Xv9^>F(1LZiNhvSIC})-NmTT=ePea=>9UWX*D8l6MbCGz&BRY9VA)waS4sv~i8a%F4H+=fw{a36V(rWeE6CBN2hPz34gPR{8@(t%zA3Fbn4=%J z{ghl=nu?k=tr*DPY3*RFSkpff&flr-&pCiJ(EXpEy9g6oI|E=aA`$<8JbXx^xzoQf zjl&N%dfGjBV|#4Nz-1H8CQ_ z_7x0&;{g&6gTp>wSQt=BW}Po=1enR&PE`6ow=!3{7FTwZ342UKg#TLqLV5i<=2x9| zMToy)T&RPdRU{D?W1D#Giel|-Dc{{-SZRXD&$Zc5;>tSQCs~x2Pcx8*tx7gL*SaQwyTkO;$Z@DCveX8WH zT2kG%Q>Dt)qDA`@?CQPTrg>T;wN1Le#fE=|v*Og`>^HD-`sy9QwC#$1dH$M&*lNds zlb>{mcOY!?lz(9J7qkipV)^XYULu0QKGmPWz8PF++ZeFk%SI_m5Iekw$N%rc4FsX_ zZE6ihXZzIf{vwFMz8@`$!QKl@++Y8%q!XH=9u)B3fuxc55LSz)7|7H)Q^Yy|Km6;I zA)+3@Y6-eF0jy&h0(4Ofo0+CHFMjO747XXFPSpUB8@%gKP{32O zon}60*T_0x4WLG%SK21+c2VwF$Xn}216PdaWg(g(G=d8;s@0VS!13@jO{C75I5 zSyJ4Wt)6nfU&R)}5sR#<>Q`z7g*T5>cC!OH6zXf68_OcKj|6+L693DJZCztLB>>0* z&}5;u*KqV@qn0}TRZOzysXvs3s=$$wz+$oaI_PF(Ku}KH@nEQzz4{V{{^ZFiB|V1gChdrrJ*%r64kU0ofQD$x1ohNj|4M0CMFB6Tm@zf z$^s**2VEs5zq0~$wEDtmby_+^(M?paDF;%3QFsVL^&7@e{j3a+;XOUrQ8sS|P`a4+ zX+_4p$}f!a@*ap?gOBnZWR*xiNRN}ZX>435w9q=qX3;vOZIc$|hmORq(EsrsAad^h zclUvgvA(v3|H)Sxi1VDIVFHycXMQTkJGA9VA_`%y8{9cZ1)0h%#zU%H0cpA!WIq6tB}0 zU(a+rkCtQW+AKe~{(_u13kPdN&<6K|*{O3DLbgIBW869ud7nwBlxy#=xE1YcFtNj? za5JUSK4$~s2R^n_#i(JB2kWM+o8b-X5DhHd=8qm7=u4o($Udu~e5Us=0v?TJ=5Xms z3_P$VLnqQYLXPTVMW<_sb4^I77%v^h^Hxgsk_qADkdt^<9E0NM{pk&d5&KxJz9_;N ziADC{EtZ&3cA`LfS2>ySm4WWYu{qsdKnWMy$&yTYjP5}|MZ~r03AByi$c~XqoNEQjYJT6K%aXXGK6)1%VYA7+nPP?pkbo4en|!!yM*Qs z!Of1R)gU|Wu>TPeVt?PT!S8gfaVL^3FIqg1kNBJxg`JB{Q6eRz-*lP2S5H)wK$uYo z-xMxR87)6X>n>4Kk(o8R!X7DRBvvp&??;Dwk*yrKp&E+O%$^qq+TDrX!gLcey{ZN) z@kpZTJnDBw* zkz&Xn*cXA z1ns-K6NWg%#L<)Y+!&vo8BZqdch7*edwt<{WS&CE_#~+24s8d9oJ}G=Ffy{pkrrc= zRPy&1mtdlIi^MvHbkznWRI&PDmv2y0f2r%!njEA)Z0gCmYxLd1A8bq8nQu1Jf$Qik-Y}SifLS8MP3O+DL7hBff zbE977eyA4VCDH;NRb(iB_yB*?rReds@1peaSdRh`}+jgtMNt# zjlZ(MIplNuhY!^l){2iy%4(ivw@$!8J}vaa$FL)^M6my%Ham!>)6cu8%Y8V9ot$ml zcO4cd*qm+YqDt9030A&-p@A;xdkX&Z=B(D_Rkr+;0x3KR0N|zCX z0!4J}kxXrRIhef>H_e+7u?&K2Ku>r`o!1J&Zw&6RCCPi+Fr;+wH}$^~2S`T_%z`O;6rIFdB9aA_w!rzYms;T<0-p@LMS7O)Gq z+uYjY|4~SVt%I-PVP^gKhigsMgb{)uQ<$v{3;)KYsKKb}qHz>CI|V1z)!(@0zmW$v zL1J0*k*2uvvyf40dLxb!(1UU<{O${!jwu2I33W}P>fTh~L?D7m5->61RVSohck^ zclGSlDc0v%(sF8+44AtEW=Z{1i5KB8`7rf4LIrvuw6_o4S5AZ%kkn3;Cv`Hm?ELqT zZ-6&^J^SdEG(D?!b-?CqJsI%L`qoE56x&%)rstw%f~)(zV_0u}=!+}Wb@L@@-Z_Q5 z*~uwME?6m+MC!H6=p$XB(w^aP1&kf4C;0uw$i`<;bK1R-J^?B73Nob7sEzI(y!cI) rdTi1HE{Icpsn;RarIL=^rq=(4{gQ71pYUH_-ag~I`?SH5Ai@3z_N!<8 literal 0 HcmV?d00001 diff --git a/released/assets/fleet-crd/fleet-crd-0.3.500.tgz b/released/assets/fleet-crd/fleet-crd-0.3.500.tgz new file mode 100755 index 0000000000000000000000000000000000000000..f9a4dec9b9b05f4768c58f451b295f99b0b34797 GIT binary patch literal 10050 zcma)iWl&vBur2NcKX`C==im@LSa5ge;O-8=U4jL7cXvW?cXtWy9PIMl`|JICQ#I97 zvv*DP^mMQ4Sv@3C2-pz+wGTQ71|w-@RugG?ZaGgNmobMrtEmc?m9`3yTTxw|TV4ZX zZDeQasrtiSP}&S+3vuTA-FcmNHg^h)6Ae87$~b1H_!vgfy?p;S?z)i#Y3u?BI)fzt zp=Mc!@C72ZaC7;iTeM#Go;(l+p;oDAJZgXn^A|**c(-$+N_kERxwj*bLM&T2-t&E& zL-(`2g2Ar0mqSBC7d^QCALnTnECvRh-5$@U3u94RIeMM12fJw+Q;Eo1Augg+I2cpR zaC@uS>j@BaNYy`$JLByq6Dg@8_kFx_FpHeLCZD2`k%p+F&FwKoBV8mVj!ZaG%^E$D zUgaYq->YsDg2u}jWn{M~&#RNrlxIAT8g#p5oYYkxv;A>6OT=f7?tfPFDJNtnB)*A; zns$05G3sY0)cd?%4n4CR`3sMg%E2`<4v*rH>Qsad+Mm6!jn#NN>N z9Va^t_(Qc@T7ue_9qRnq|NeA=rKf8Z_)+8UeeW*tVbXh;Kt@&Y7zw!l*nd9%h`+zk z@9fNr>=fuQlXxh8OwO7pBgg+yXik1U*;5wDSaQ=Th!Ge5D3{7v^_yI4u~YVjp$|!7 zh-#|Bb1W=}=A-@n;Xbl-C39bwKA+w*hfV8ne@9m-QBe0VMOF201Eto^i&XF>F_ZH< zYe{J0RL_zkw_<5{Vz*2oW@Y*V%I}-}BB}SwkLRuTCC|4%{%=cL8D#GdTOU);S+X+4 zF3?-9xB5$0Dt#4Bo_9Rdo88OfEHbMHAS*jR+FRN9SI3o%ElP%BHHE>`r3T6bx*A7c zz3bV^_o{Y`F_wCwuI#zY{g3yaPd(zZ%uu83KmLB#?(72J4YMqrL{G}Rm?S0#rE%35 z#LPrDys9%CdliR8D@dnQNR>B#WKc?^9PLw=*e8O$mY??~Pi><|sj(^&z<(>q4sH_> zyd+fl{(-#{StX9L{io5^`~Lt>J^Mvo2)vd|Q2k}~b*~TS@01I(<8eeu6B$dSLP*gB zr#LN4LexN$*U}z*aS{lo_mX;J&Krj7c!zJ@V#OaFLxAtOYn6F5<{R*Rour;c&#^m7 zEpgYG!dB&CB%;vF6shmm-cmUZ3A6vg$={@-4&XNR4jwi#PUH!xOi?*9rrz|hn*z4( zLj&h7o)afvI>KzX+IIv>3YTAAverM6WQK;meRSx3R~}H72d@qshD}IKC%%xVCFp?9 zt8>LBHEHZ;YEq4zM;Tn@ZLF%3+)p$rfg9PEkR=Pw=Btjvwd>k95LuSc(D)A8Nv1O_ zb12W#T~V%U$GB%K{D{i#Ssc`o1>KMN?n(aNm1Wv#5bu8n5K|eV3ch^zA1mopYCPT# z5o)GlQqHL}CIGEHBDsGXUd(dob>9@W2s-kdXiO%JRCs*qyq%;;+0_s)m8|Hx;8n>T znr0sQRG;y0P_0{Z@1C%NIYRhFpQ`on*Fu8gs;XTR6C6BI=;c9odFKrJ%@L@otA5TP z&nms19v0XX<(eQ$bS{|K)=-^QI;!)a6px%`OZbrjsA8R)I@*&ob2rF4Dk7O?%2m%F zE`ZQ;8dTY2Dpc09iIFEcJ4-vwBl!kem!t3>u2oCDwbcRPsg)IqCUyD9lXM9(ZV>Dv zdLq;(3efB_{&KU7E;h<2jb%*nv*aK*lOe=_Ot2huq6#u?H6hbJ>Ev`3n*8h$IT26!5`27(iSn#Uh610GSBQ zJ$w>%aiM?>p$Ow(`%v^Hz>%_6a5ht}7AR&A?}H2;44QBRr*W{+;5TmDANpFscVFXS zVQ@>$)-(d?jGP(YtTQtUeDhOG^fz+rQd9e!eXMAH{st! zBTmP<&b*?w=8d5ybZ3`doTrGec)W+OlOiDznYd#xloyj0d=$W(>H)NJR9Kugkzka$ zfl_q)F?Nd=ok6=S;MD4_b+9Cz$ISSNw*k}@L8sQ)TBP`rubgRAC+VWfc@rMd^G%1I zO?3+w4BJ+}9yL=4PqsN{$>ByVuyNC&9ufUf9C_ymXrcUIUhN)-`kQu;u-=E=ClO;_ zm>nQW^}~uXCuo4+2EV2%p+=EC0f)bBFX44N+mfmK|!Azcxp=S zVf2Tl^{-2-hi0xPqEHGAp&>FmZm5W0{UEP8v2*Uuk*NpLpTW4;ua-G=Y~um)>~7%3 zQ2fI()h`XKb-c=uO}NVhsvsf3WjsjM-$XA5CXp{LXk2rIVt0|ji%)s}Y9?3HJ>;_pkw_DJ?|L&0{>2H>3KPLI(}h6H({MlN>3mK%Tf=QW)4dSz3ppTOlQ%`pTmU6 zsEniLo-9HC_g6+2=nBw=(x^8>h1*$i_#Dzn$HZ^9FP(O!K$i4fW1C7AogPRyenYfM z*RAS9#kGxE?rzZzR5!4(StiTyDw&PMZi#zG$!OIiDGPsG=_Z2dq{3H#>T+5dh-iUw zx{o~(H3%SQ9b!!kaOb%?46`5$rW_SP3Oa9;Pb|GM>IM_iYU%`+Lh-NZnq0e^BE5nmx;QXKE#W zBs}f+4rs5X2rNa83&wKY@fFeYpk!CVmDJO`H-1tBhSKJy&ubFOd8TwHi(Hgyxdht_PFms&h1^^9rdU^*>}E6VR1DL_0~1S z!rT^DFzq$?TOgIW50u6GaaNKEFNot%t=zAQ3^{2KdwZTMuWwINW7km_V}2zuF5AKl zwiRxk9BqJqrzJ-*)IN*XbRFMj89_tfRYr{N+HDfVuD?02; zi)pI~jocpq+l$Pzld=lIsP+noSy6W-JyP2qU4L*%8-KO1Zt>)gVJk*f+RfmbDO5e% zoi~u6W`p4^-VAD+sX&@u_0c;i>K$8t9ENYSHzjD4>peS=W8mzwXWJnq%?CQ7lnEe}b-sIwnPC zREKa?MpIld!2hduGE&ycb*PbJ8?*enWh)?aXr}NFlKW4GouAM96N8}udr>IgRD|kM zGJw#;ms(lS|CLGT@gy~>@!4#ce{~NpW|3yqC*pBv7Y(Xe?35}ezHdGw+E+2yAH9we*gH)uQGK->ng22ngLiZ4aVT) zfxte&7zgV;9bGHz_X1?7#VJkv1{>JZf7%Pna4|b}jkVQ6dw(-t6_6koBPp`m9dg`R zF0Gnh%b&xJI60%e2U=Tb&>x#I3~mz2E*tl~D`x%0cB3=?9k4-vJN!D~DMb>yeYoe?9GDY_;0v=@r1|P z^2P`^4(VXjO9VImjFOJ!GFoU|wGz2C+iw7)_iyP<_E5)Be;3WyP$ymAmy+WrFl)65Q z!DQv7AJ^o_*;Dh59C?{F^=sAR+379Vmh{Xn{PB%-EvARq6X$o)wO5o(Rrl!^MeTPY zCggUE!sQm&*6g?BMv~PzOZma!CJjHR)2MkCopDQ{M|pGxN_hs+8hfqhz1w>d)!GON z*TuwAtwNkHpaCP_7Il*3G2$Ze}|Zdh+7No|S`m z(YFxJLc)b9vFBMHM;EoW#(p#I5|Q%crtJx^1&TL{Sunc>J95N^>RKgiuFS~nxUrF` zV|wRE2xs-ex)MeetcM;a!)XA6Etkd;!lIP=EQ#Jlj1Jjnns*Q=ZmQ~iMTw`@+9=X< z9Sn`CR@K&@gx#=^@Fb^?mkc)yy#IeRY#vz?kZa;VIrU6D(Y&>4>SVtLpW`mLGk%{sBC)l^&^UC*2XF{KIu~Z+8`G&? zKTtrLT7>+kgw8o!ex!8YJws*6R93F>7)dK3fdMbdzjjp1$uu>4QQ{3vVh`_swBtg2 z@q}+UiY$S=Fm=zkU*J}1`^yseT1|BKbexD$*#Sb~JskT%@t!_~o+IeJcvf^&_E(>l zkHtB^)Q8RNRMC&(pTWU1^sggm$Nz^WdFZL}e>+%;(wNfk?)LD#zFDY9!|f65@Ob{m z()0en*mlJ!#iXi?aeZdYTD>tsj0l5sbgJjF`OeRq<~usCFZA+KVb7}8=+`E1vFY(f zvbE*c^;+T?&>iw*Z_w=nhV*@#Qqw&AgYW@=5$DY)Q#}w0yCFyLlJ*kYqkSxw@D-OFjD86 zfm3IA0&2v~09%05JXV2B8@5j$`|3#=9>HFV#B zFyzOAY~t|(CBUTYm^rvamT+{t8%eQSc~rlCOMb{cC%L!1P}8&^pPE43lV+^N7fnb% zL3BwhW)bExJ?gSy1nj3*uO*q6qZEZ@F8n>Zt!adI2qzzz9}W^;o_BjDslPhOzWm;r zwleXBq$v!OIithf%d_jp!DkUdN}Oe&$D85|3Z+2xP1|6`fKUGj!J)M9cikVcg$nQ_ z@iF=L>!ERB_PCYMd$oe_0?lldvMsN?m(HmG_(><3%cD)@5n_KWheLBm(Lye;s-pM5 zqy82xGep7yJp=J`Q~MlB(QmYTKzBMzeq-E=r%A+MY0O|)cGOfI49?aCOVI`a-9ObH@B?h&~xVQ9c zfWyYzt`ma++_pIQKq&DrX{xf77_DGu4J>Z{n%L2uBM-5Hkb7u3yz&bhirp$JSDS$X zkLvD})@aN9vHjdkiJAf2m)F(oLO z;3PVB$)AqpMlSD-OBMK*SzRUX-eumDMWlUWo9}O z*&akQAQ@i?*ZU*G+2GKVo@A8fylaCfz!$E8csAvlA)7WRCAjzIo0Pu|CcMi%lEvIAT<)Ad0$%q)xTNPwLcm zNZv%p7or*WkmP98>oyi7<6?2YiH&ZZ47l^*AJDrm>=JRdLL+(uEOu*?Z|ZSM&_tLT zZ*MQWQ-d5-R@oo2ZBui?N+1PF>?kWw}k{DerY(G>iuToPP{+;`V5HPjnK6bw%EDwIql&15;k#Y>NV}PiVCTrmSb?8RRlpt zM??qAoW3JFzu*P_MCh2)bSkUH!RRH$4VSl@B0l!@2U@dGwk4!2 zpTUG0L*y!?9lhn2w56LFB5`0Fh~%+yD$tM@kI5fBy4BoVZr=0!j2k+VqDYi0pVc0g*fqF_&+K78) zN95>Kl9vjJ({N;z%iQB_SgMq^hVG4e z77zW26aIEX(s0jO+Na9A-r|IQX`!vZP=EIj7VO;R_u_#2#a0O9xBNmM^BFTdAvy`MOw^E2CNvH1=|*kGNu!&bxK37S4=k+Ed@ zLAP54vx(tb&s`-)!uGbpm>%wklU5|;5ylRzOZSefZJ0QO5eb#|_45HT@G`My(RIX> z$!C8(W994yLR9&xOE-v_ju4?@6-x*%)=!*UsIOb&Zeq5`crR!VINLD4<~*7p#dseJ+PoJHv!fTaso``9OB9 zkWc?`=LIud6D`;kz3t=0^JdUz}GWgAEIGSaX#?z5gE( z&dS|>4qG|Y7>I1cX0_vTs%pqo%+#wbCxkepEvFfUXu}5E7u1v<`*!u!nTZaWCCV2NHsQvn89ZVUKMnnz zj=NpL;24n0;sT8e7He|gb2GjRwSxqU`C>+PE8T_Wvv48+?n1x5>lvp0C%D1?ilxMO#i7 z+OsC|NBao|+a{S1Nd1!Rftew_AJD2V70w|G3haRS?5N97xH{WkirMgY9R$8E9hW`! z3;`6d@gsGaKz%^)Es5@i9j3kd!@_;H9VWd5d=H3O0e(HiXY-8kg z5!0QEI}x(xUg8iEo$YD}o$Vlq4qwkd)+CIVl;y@PHBt_*qs!-G2$M%NeRc-Tymf0! zMwWwi1`NG~#_+pa-HU_+?el2Oy|B(|Ga_6A&*5Bxx|D<@_(IWo+j@YS;F8Gw1N#q4UX$bHccKv zzy3hhJp)DwTI|`N;Ojtm66LKfJ1@!s97!*wh_~;a|C-_ z6ISJS@|I_N4UFB$SDBiV>sKdFL6P`W+C!Ij=6Xo7M=?v|jFaFEt0F^P)-D*Eh?zq6 zDkc3x@lnUA1rxqCseDNgsh&;tMC=>njnHq*OYBC+jF_$}3AK5?56I?pxzDWFsljHR zL)+tu4v){7{)}w$2BEo{^ z0Sqpigd5Rf`bREe{ypsVQA{D#mHq?bPb6$-C2J1Rn>S?5IR{YSrCPN~!N7HEg7!Yh zx65;fDRGcfXIreSM{TZ{y6ty~wOrFNL~CFattuEs5|4=^Qjg`G3M%c`g=oBfmu}J7 zw_*tYclWV04YpAExeLS@{QKBRKyhp;rt+~80e}b0Qv->>UU@(JY6&vJ?!)1SDS0uV zlkNig|I)1#VgGO1yHu1**|8t08pIm>Z~h-}d<1oZO!6HNB$+f7Axl_-n}V6sZiF*( ziaBJxqUgJh?#N3B#15UPYeph)vn*pLMOk7)aNj0h6`$80e&PFPtyG?o1a31Y*6i=| z51PtaH`tox?{Q0BP`iCG8p`RwXYvCi(o)k@ie48ozj6y$cmB&>A9(~OL>7Jg_4M+t zYUOpATo&(tjr$Tp`2gQTDaPhOo9b%bp$3s;`=s2FDby8Z!p6i)^jv{?N1W6GzZpd* zWAVu-?PzflvYXrha;Esc2nzT3M}}s#whl7|n`g#qxKXkSDqWb4p$gSP)CUmrAdFQ~ z$-{CHs4b!U4Rca2c_7p;v(YhGV0|poe|LuctT#*->M#^>JEg#vQ}?TgnwZ4dg%kc6 zNOb(-{%yvcFM_sXni*GMmQlzfCMz9}nt>f*MN#^eFqmxnI=CA`$WN-`_Wx*4DB2F( zJ8bj+2#}cE+x`hkK>y5~+v9kj!344^H);xIIQPB@v%ZghaymJr=SsUp?37o$tea&l z{W3Y=7b`bi#WsFdxt$ZW#S$%MC`JT%!)ujkV~Z@Jn+m@2`eJ~Paa1^mpT;^yLRS}5 z`r(h9yPMKX0pKT#+N)awYti<%NtT3eg+x_4DiJ$aMtINm_{w3hntOmv>0d9s@th6Qao(-6UApgJled+pFr7V61ba%;SlAI&QXa=s;0!kn2#`7$(L&g1K! z_^8qtnIi!xcD8X5M+cwJDu@K0G5}g5^1p5-8!4I3F02Ombk0)n(|QTcL|bI#3?wC- zMRk0nsL@DFk|w2}o0S{f<%)eo^Rm{}RkZWk?7l07h+?K?Eppo_ulK)kLjCxN*tgcb zcvqD0J;A3}j*-DxZUr%EIOicWRu0THsOFbZL&%IEh&olp?Ut`>I1(90A@+8Qw3ZVO z^&PyWhqO);iHPrM)Gp^A6i`*(PwF0qK>C~-h5pG1OCQXT#%^%>gTpfIwxa0m7IJv3 z?bNYH{^inAcMEIm%0-OM;|&{jp4HQdY~Oa=kWq9WFj8QHCz!a9=TNZs{erXE@YjA@ zn5bwT6EA#yvmqf~H=KRr8eCLOA2-McHC*4Lg!COC0E4-fjI2j4m|^JDF|SfHzv_at z;WOn#s7Ym01^MjG(n_gT)d$UjFX_ildti#X!an z+1MULK1nT6A6dRre6Ola7qaLPGT&hwMNF!odkgfiakV!Ac2{)Np(fR zYw}m8HweS*%%-Imstp>^YQgW7u2V=orxFvwwo=(Qt7FN%M_mS{tBR}XMCZln75Z%c zIMCzo+N@G$A^um{wpJi=;;E@n2qu#z%VhJf?Y>1=77W|aGXZOvi_gSs9;%M&xV)YP+9hGz*us*>9x~a v&*7YaeM;y9+88^-3f#(f4AbYa6%H5}n2_M!546wcav#vS2h0!|&=CIvF!Q*1 literal 0 HcmV?d00001 diff --git a/released/assets/fleet/fleet-0.3.000.tgz b/released/assets/fleet/fleet-0.3.000.tgz new file mode 100644 index 0000000000000000000000000000000000000000..0b9167db0339b1507f1807352af4d805f1bdceee GIT binary patch literal 2798 zcmVnb79~fa&Ef_w(SNGs7W=9Q{ZQ$3CU9@#>`1Y&QGdF6h6# zp8nfxb?VjVjg6?U}G879*A~eP0LBJ^S$V`;-A=`MoMNiU? z^zRQsW9|Rpltj{AkePpqHgG(8oz6!8J58sx@_$$PzuRqhUqSN}#uVu%_df{&E{SA3 z5CaRqC6f4jV&h-wQ=9Pyi6yVI0K4z|1JKi@?nd4}W<J@e}*xG4AP$?Q{ z3>OX4Gcli7S##&P=9^9HrDtMAFF_{$n;CQ}81VG>e-{O+_y0M__#b0s=o3j#GX)Ot zf3MlE{C^HI{+|;+rs7lpa0mWtIsKmUf4kR1+}CfR|9dzED*Sg2Vl#vo3i(Ae z+EDp~2^nel3UW#zj7KO1|GN1Ie5^};i$^pHD26t;yuJcKBLqG$LwOice3XC|QPlhX zJHZ%8SE!1b0^8-Y0Z!kxf^fH59MvNlt?jmk&VU9k_oxSYg)NO5UOw5pt1wA_8o`^4$Vbh9 zIG6Z>TGohjsj5OX9bdy29QAa&fGQDF-!mK-9B#GMaU<*pju;6%?I52c;7-k3avBTK zGaj%2)voP7w3u%1Qje4FsplyKpX{YT;@&6IzDGl!FBIQevo;#7+^t4RXr(-$igS$X zWC3XhP1|pAc3cR+9m1GRmhM#DQH|;<52pYMP%=xmKUymbv|@Cxw3DT)X9nOz#Bq_y z!$_~=0nCUJ#e$H?sW5YB;`0%@+-!z$6Quq_alIRRN5>@gW#X!Z5_sw8S5XoFnQ5qY z<;OzTQHTG(D8Dy$u>RU@3j@{6>^4gSg* zl*L=MHH`%p)Lu)(6wk32l8`yOD{dcE80fI_#cgkd+dGSj`-hhJKe(muitU{ zRs25(W#hm0J%ZpVkJz6YH`;f<2y+;oycCvjoBMR1w?Y*A6k~54<2Cy=;&G@0aUCX1 z{=rA9gK~{F1&rl)Xdf2bM_YYUQT>=ybl33bGTI&q*p8|*@ZUT3m z|MhzP;`v{vSFQiEQ0bZ->PhekSKuB?e_3s2&H(*?>7%a_4oN1DkF~e!t*;KSYWYL1jBv?G*Gg07>z~n(D#+B7N(?WJz^K=ufeUML z!^<_33*XQR4VG|ZHSG8@R@3-tdBnG!_wg~+nucX1pPnDq^v9pPeJQ7{D>J4czjEOw zc2$?>HXG(m{H8W9VZKhGM7fBm&WohLa#K6O3S*{ntAV+vqbcWiH`Jx9Y<{fQXPq@+ zavG1Y@H(Pn_B}6Js9c`B9ueslZ7_mT(q4rnNs2!vL0})LhYAbta;1&OW>GAy0 zD3||fj%AOY1Nij(zh1lBuJZrRL1q3w_HB?|@!wg;|LyAg&v|I;y#&YZf%`tP8o(%KzWSg5xbeBeEvK-p*Cr8B#G%UkREeM} zrBop~lj(!pZy}<%lfaFRP7BPGlfXj-0iBqP#J`1lOM_A49ydAgm%rQad*Cm024ZMT z0^EqG>r>RW?02`{ZgJnQQelUDHbVtphqvIdNLXr@)X=}ie9IpF88!6pvS2!CsGsGd zmE{xDWAnMDFlc&eZ=L^;mEIixOW+#CR;=>fL*6H;lOYtYO*A zqoiTjvBjv@gKhbyVd>Qvrw7;k9`|tSNw0adu#E(TgCsg zka78@n;HptTV2vn*v*pkP9l`sAY*Flv1Go;Nj9IH9$vx3lhgM2f1GUa9qZp|^^5zz zcBeZ3I}aV0|D6Per)7QDj8yHgZ10S8KFhl-3pov3iq_M>RmM${iv6TdQjj^AR|$+8 zbFq_plZ;(UTP+OVs@O#+iU2vAR9;`_szbe=gja2SuIjLk7k3%Z2gyJvXT|U09KC?m)zz40KN>blQJCs36<9?#{A197yDm&wEq8S`})tMjz1#? z?8JYa;`v{@=T!Iq&O%4cj!vROk_oM1LM|6N!6_pJ4-J&aWks9n3-vw0TwhDmqmvq) zGhME8v$~Lb8`SxTh%Q!-7=$uU_sYma+Doo@oU_SQ(tmlY=1%*?o@T_Mm*?JLSMe^- zMmrNuQCll%;Np^TQc?ppur`G2i`)2Y_~IjGA2`?+cF{aRORNw#3LZ`TI zYNk;=nK8$_W4b(kO7D}Z9m0kir6p(Wxf`UgeuWgO_)$?s75zN)KMfnC8~|bf07<{7 A_y7O^ literal 0 HcmV?d00001 diff --git a/released/assets/fleet/fleet-0.3.100.tgz b/released/assets/fleet/fleet-0.3.100.tgz new file mode 100644 index 0000000000000000000000000000000000000000..9938532587235c07df479057d4e4490deea83396 GIT binary patch literal 2800 zcmV)kiwFSJ;oM&U1MOSgZ`(K$-)H?5JQs)D6_qUcvoLTEIk#N|+jfJb*Ly4| ziMF|sMM0#TdULtI{f49@OS1eC$9B-G=D~@`;c&rQ9oy-w?C(hX_xoM2zkLd2s`QiFABQ0mSWp)7 zk%5qh1rFHMg1;gl7G-Um2xig{njZusq=t*>#r{9$Sa`GA5*~>KolxSBP>e%wM&epF z@;xFkos$qUMyMs?gtTfIXVmvexRoWubHXF+kxWCr-}z_xI35Y4btDm!pbnD@O7}S$oGa({AYPUT(d%2Z%wlW&$MDR8! z!+2Y_j4!4}QQbwUdfPT$dL%aV5~TgV9zmyq0Z(85`>-Z7>;E}O+aG*o6ktJ4GXxH> z|G?=s_CE({`!8^i5Pm8ExC8%noZ&#)zu)QhdrrRx_8-`Gga6J#bPfm&%SSwKBtznXkz;yNZAu$*B)W+<+9iZvDAQ-!}mA6T4$ zHV{6gT*L~#A~7QGYTd<4U{Ds-EUxYTyO+CgbAHy=9JBmm8vWsh5!^Gc%E;6lvElj!C+otrBhdp3?iBt%%uxE@2(fVp6Dy%~Z{ko*sdtKHZ;GQmk8Qd2EuftU7v4OQ`< z9)@yPempd=>-@**b;|31#~$>1&H8^1DxOQ=DB|sfV}SGaN9bKX5{x+!&@lp!QdgIs z1F=xVEC|30NFO~?o+2O~Ecbfit3#sHAFBi;E2$|CFd!X*X~9B`l7f&x-`JO}9&`$G(?e<2Z}2_=DlLnh_aH2oSp;V4($ z%9n+lSHmrI@$is07`3!}{N`)__$^)jmMvtV$4B6_zG`@`3R^2g1-YZOY=Bdcev#L> z!CobWig>HFCb7Z-(pzb930J5`E1(@T%=hPF}F|Hm%&j=c}u;s3i`r(fCs z4SV*m@&D(bqW@R62M|1CG5u5FM(ge^*N5ThqL9ID7La{bg*XWa_+AtIHT^YaNu(UH ziKbNi!Q9nBxk8(qC9y|Rj*HjQg~9H`EhMbTsT|rLDn`NDO3B=JbM=|JI;>qCKTxQ~ z(ORMg=yM$HBW$B-*6T z?l?$r2mZ4G_f_`)PG8>tH2ClIREkT;yh>$u?&0{?eAnT!3UmIYJLe~$>io|E#1S`v zyUzaxgJJdjuh(zp|5>PZ&W_a}_yjX>kEx$!>ya};|51lS59tw6Yjqvi(uYfXpL=De zP%8+>Espe#(ycw(~wd=2COFEX(KThb?vaQ`Rr%v{Yt6HQ<*f z+{7;P%G`Rxyoq1umP_c{DJW52L}!d#t=H*r$b5GnEV|O>iBeZUOtmhYv zHKk&fxR7`qlL`G^E?UXVPF|0QbgTaV+l&N}jE5A_(T)Ij;lFOjuKItc)13dEg&rPE z1P+*n+x)Q!dn?IEC%N;|7roihTkQpJUMz}fC?=@&SKe+NBmf){$v;{veMsn6|9|QJ z{L!cs|EZ5#*Nr+&?aO7f6e8fU|vxCS&hKZ%G4fL2QJ~xn3U%J^1rBpZnEx>?ty)igS9lPd# zzuT+M|Gv{{=Kne96}kolM&gjmfI@9_bUz~@auXWJ3k3ulpF7xca?5z70}*)=$;eL` z2r5HLC6d#TKEVA3#RPT|u+dRrfrWG&`XC@AQyr1`w@7Viz-!#YCI|iH?-u$!43;Va zG14j_*oesIQ^Yc?cemeeVc#!9VaIGf2LWHlx5%e4H{>p3K?8PaZTJ7ji3Z;>|DDdT zy8r9;n)AQ&(1G#asbhFr)OSmlY8@8sT_|0S@~(?Q&K;Me^)PT5ag&B(Kj}&e6%OWQ z0OQ73>@;5oW4H2JE8VwB_5g|kKrRNAo9kRAGR@SzD(y>Ihc!ft+uV>ef4w24IC`zY z=2&`38{+9DZHlSS^ESrSzx4F^;c2`7Pp8&1q2NyZ*RSHg4r~J&|9=kJ7PGV4@2g_~ zJ!`Y+FQ3nvZ|!s@ONJ3zea1{Mj|C(2Wqh5cLHAFIxLz@q7n73jf9c-(|D)~mzYse9 z3?Hx)|MjZpf8BxIy#G539W^>S^$uwywDbw3Sm+d|xDp;}C{c=v*4Y>GK0!ZU%fqA7 z92GNNFLSfFi1{1D1%QYyR-fR63Sak9$wTT(pLm?J%2m*ReXaUU`^BDWB#~d{-l13Z zEzd?hQ%>GmOKHR85=oj-(Z2P%@%ksEz3|^NqrrFKKYLh>|L%4A&Hn!^bXd%G>gZou z`G%fN+voprq5*f!|MmF4&S2;?^Zy*w#Q*)=wD literal 0 HcmV?d00001 diff --git a/released/assets/fleet/fleet-0.3.200.tgz b/released/assets/fleet/fleet-0.3.200.tgz new file mode 100644 index 0000000000000000000000000000000000000000..35946b921bf1c0533f4d10126f5bd2fda2d91e69 GIT binary patch literal 2878 zcmV-E3&HdsiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH+}Z`(SO{ac@6&cUH~MJ-EqZ1;p-vDvimZLxiAko0wTu~-ze zG?v&p18>PXRX~XNE(O^Mk{&#|%+-&J!ZFJ0&T5@&Mp@ zo;Nr>HUE2_*Zkl2{O%LKHyrl+e!n;Lo_Kz@I~+a%?;(U~LasECPrUCQt2wzJ1PJFs z6HNtIfddc{O_+$?kZ8@&rJ_S}E!vbTO&ANnY?pQ@qyJBd4wJPMAxcfh6r%tn;bDSu zEgF8!P|_5+CM8Ioiz`$BjPm^J+TKix35`&- zyRv~9zD0`cAW@S zC~2lm(@zBr{6aX1Q9>JjrusvsfM~c12}6g51y-VUrh-lU1SO=o(lA0$s3Ad# z&I!EvO45ws!m6Tea6^#>gVWPqVZyHr`LCDn0%*0iOM@vO4@HC#7!8{Xb$<5E;=LUM z!?6ZTGd%^Wfhr(M6RMh=KEAsuP!x?hMlhNJfg5BDuDQ73aDL`4rgMHapUoLW zc`3irlJXeFLP8>LK#VnVFiWODB_d~$Sz4)qK!QZ-5fW|J{yf3(n)0_?qnsGu?)Ou} z|1SyZ1SL#G4mX5r&;kf!;--3sc_w({MG87uOe-Nu zjDT_nU?u)AWM;fG^PbF1qp0xUWh@1nruFe7%$S%Kcq_xY@Ud87^QM$xDmWIHsgKL@IxDhLH1(|Ep|#dL~6O;;ptxY80yS_L?UE9Hi~s`EKP zmK71N&h{1xZ1MkIuj@7Z|LI`ZJNo}a!0l}tA{Y=re2YJ-|`?25Wj|NTsw{9aP*&YuA z+wwny!LXtK{jPt^{~QFC@)EvtO?ec+x!DB2kjzO@lZa>%ltE6F0TNtG!5B(s-feeI z0RJ>D|JHm0v=+yKRsgNrTbS>)JM4`Mv)S$K+)^w!xQo-oY!u1&YW({J&EmBXM79|*P5UoLB;5Bsz!v-8 z>-qiW`QPs!&;JL3y8Sn6Pja0INq;jzpnLs7+3U{v$)F4r1;hJz1(`Ecfzt+((VwNr zGh>L`5L5j{j22g>Cfle)E<-Fao<1u~*aYRM*092-aV@(m8xHPL{lqp>)SSfm~VMKXEd2HJk7>%xmFiyMOc6Q$&0`^}hRlaVps99euA7t=nLC zZK_>meE0=?sFnN9oqLZNx2r?q#$~c5=w5c|Kzdde`r$OLHpK7?H}{M2Z6Qu--dSH!|<=zuHAXnbpEkl&hG%M{@V(|jt$HA zUJblW|NWug%>Q|(gQNZ*0`9C!^i_#a@ARnuhXA|en<_O+-CY!E8r5|)UTeWO z5!v2$t|?PXq~15zhdIuPsmJ`g`UhlEe4UmRlFo^JwAGqHr}HvbC<}Y@>JKk7qSTF$ z(W~HPF4?Q#WhSJ4Rj>+0ni5c$5owD27*!g?7$T7p$`uF+Gy@Vv5|u(#tIp#>L$1)4 zbrvH#TwGWQ{O-{8ihrFK&wX$4=dkPg1M}c_pZot;JiV}wgXgZAgwNf1d7mv7e4O=P zr~mt|2HU3ptMy;Q(_a6m|A&BM{nzgs?$-ZW>i9dtfi3#)`(8u;yI!w%JpUgA_L?0n z!-X;v3ed=f+8g)Qi0Ck}SIA3QQQQ5rI8NB>>nc53_L!XMdY+rvWg^IS4$&eUsfr?Q+NL^Ny)>FpK-7!U}D;QEJf48>$;5SiM4m-(UQA zxBl;^8gyIyHyHMs@t=SE{?B1x$NJB?B7RfVXBkqocB}TRQ7>0{uB$?-xg!GYNetpHfb(mni3w>i%Q$8SZ!#x%j}wweyMA>iCA`< zCsOvWPGqT$7Pi#V!sdEfxTB^Pw${})vJy5&IGe2%>`xy*UVOf|{P5Smt&_~Ug!}Tj z+6SZeAMVMe%r!zS)v>Q?hr8{6saoH86|gP->kd})f2ZA}{XYcUb!Wfb?q@>k(x}ci zb)t3Fe&LmSx;KsA>puyj5!_Inz<>R(3m-U}nqQ#FtVocd1V%Z!j{ExR^OY9n zr;yG?nhFk|&aWV%QaQz8t7AT`_>MdJO?J%ZydjA@#mD?nO?YR)Xhg#6JcBW1sGMi6 zy2+ep?ucAF&s?1re+x-t=h?rU6Zk|V6}f`9uiq%A2=2dNs2!I^NIDi>iZ6~kQK5*i c^Vn;9gd-f`2zSB10{{U3|GF}(Dc zVQyr3R8em|NM&qo0PH+}Z`(SO{ac@6&cUH~MJ@k~-4lAnX5GHG#rCy9(%0R^Vo}i2 zSYktw0!cab%X&ZiLZmFqvK%LlA_784g9x4-UtkFht!NMMP?MMq>8t5un{} zw+H>c`M=$6SO4#{JKblU-f%eV^@qLA>9cmH+iUlpLHjX;sY0qWk9;-UJ9|Q>J zLK95|SDpjl6HS;1U7u*p(50e9QZ1U4D@_>lz-*VMFN6P&iT0yf3LmAW6N-Tcl5jsl zS&N3>6O=SYt_ky?p=FAVTEvJ30rFc>IEhgu#K(n%YNj;CwYWlgz$j0@*Y+k-Olg3s z8BV1KK1-EGsa(Uggf{IEmPDje%R?eVqOh4sl?&vMgnmJ(sNfz z6ZlEUg;@rPAyrx$_XRpaNYXK*KKy#|0mQ_#{5c(?+4*}=D5oePPL+l+f~#)+N*)j$;xrP3G!&=FNtPM<$qW+;k=90M57fWS2}23K5Ma~Peu%jt~H7PC2n zAkF1hT2dauL`aClHHe8u4ra*|s7RzNFiR^n5QvaSJw~GK+K(diuPA@dHOi^+?VZ!u z@c&DMIzkCEk-|0M8nghyn7A(9VVVeDd65ECfil7B z^w@)#WTXy2LUg3;9txQl6P8Dkni&%SV570OI3X$1`BKd?f~U5AN3i~1W1KLeQMJBC z$dWAL)ydvMfi3>O-Rrh1{=YvM4v+r-5O8zTga9X$BQ&g z1l%t+RJ4k|IP}yictMs(%Jl>q|E*e$ofsffSUfbA@*oeYe?Rs6{L!GQ|JH59B-!I( zU|arYFc?Zzp|omqnMppV>#HM-H+n#h$Hx-wu5Mw!Ew$hhIblGhg8 z`Mls-gqazA-U!ez!QZNU1*U5{OQHcZvL)Pvp7pI_+rV=ZzU^J5u+eG5gL)F%y-HF< z@0-Rc5K45*7juo{NQkQo^pV!>kM;iYVue&k>G;=+59bmm^!qAlrE@-S7_#~Pl66)4 zZ;v4{@;zP$Y_tEJel`Dp+VA#{_Wux2w*MqaRI6|TZ;PF97cY>V(LHlgWaw)l?ZMAn z66ELce8ZC@sUe5LE#!oy5i?*bJT`LySO}6q)e<@#g&NKd`Pk8m4Q?Y|rof8X~2TkL-? zv-y?tf9Ldg{yzwm?Y~)jlIloE`kM&?-K$s1UUx1|26><;7~aJz$dsY-oF0^%Z{6%KMrYOgyhBZEwYuR1dn6zevvasFCJm#j3SW~BV zWNHIe%dt3V--X%6rCA>%Pw7g*a?wi-W6A@{L)*T@sB~3?ahlDhv->{zqh)-j?IIZF zu5~g0TSjvL);Hzm03{uNLtmTSXvr>Dyw_&RmGu72jeB9Q_uY@nQ^8K}=%Gqfx4~}P zRJ+Rf_zU=0EBC;idxse}i$mhZWwIvdPIl=)dR7+t@ieY9%FZiT;&B%(d}?R<141?a zTlI7Mi3GRZ|8#rR_;1i19P_^if!h3UMLX|c_}6UL?z~Dm|I{z%cK}xZZ3SV=hUI&& z2HvLsonfb%|7)LikNSTIxV0{|<952Mg{h-LO>OClOgVfLV+CWPFaW``qaENBvon&_ zZ@a0=^`?gHQ&0Q|2I};G-_@Yo^nb8c|9{%+w2%6K2(U}OsZul7-DQ!cQC&yll@@#x zk?n1!nliOYdhhx$$2l?en15IQfJBP#v%EsmIkAtnTGMN_UZ)CWW^dm7;dMfkx)w5c zp%tNR9vh#o0(<}Qpcr&<3x z{oi*r*f#xNum2kM`<7jQR%pYGQiW#GP~0HF`V|uV{^G~m z^?yIrpxffV!LV12|2oI-{~QK(tp8jn;=QUq^N^ykTeWA2dbP^4t_rcF^mS#Rnc2uo zG4J)21Sl0|XMxqmTFkuP7GpL_rJ`##X(3`96CRX{N}KCgO=vdr?3$5&rE9l|SazEy zlJ~DqWTlQ4w$#$X=6YJVrKT3P*40+B5;jLTpVtcZr_Z0yzn))w`s?57B(pBzu6!={ z!RX_sJ95c$jZjK;?5o=0cKe^J)&s8sw#9$lK~4T|aJ2u2fZOiux7+H`n5|qFwN7r%RUVgpQ!u%A{ zNW`(=@MUxf0hP+h4qGkrX~lQk@o%zaJ{Jv9*vdW@k7~+WOGabjU!@65C`0AEaMg9< zyl}_l%6Z}HIQv^j8aglj<($A5BB@9fynp*nIazT34SnsnG(gg_=u&)h+^ODc zVQyr3R8em|NM&qo0PH+}Z`(Ms{ac@6o`Z+JSJblPI7y$-S6nXb?iJTdpE-`$42EOR^oOj^o^3Jq6r|oEZ*9&JPa99x+7SJ4=Yv?u4Z5$pe7r zdEW70VE*?!ul>L8`TZyU!0UV7vETQOpLl-1f8;*_?;(U~L#{NDPrQ4N)t=n%1PJFs z6HNtIfddc{O_+$?kZ8@&rJ_f2ExME|O&ANnY?p2*qyJBd4wI!6Axce06r%tn;bDSu zDH?vwP|_5+CM93#>%zOa;AOSZJ?u%a?5yO)1o>$3!et z&&saGu~Qdl+!)^ToX6gYdw2}6_J2%Rj_RQtz#9ACANYrD`+wvg?d|_AfTkqI!tzVZ zgrZu=NoBUJ+bxn&}Bp4O9V9Do-&2olw>0^zq$gfud;4F@oU)2wWp$aK*(nhqF_6KAp4E*=$ZB z%1il`mXyaZ5)u+|4PvB`gIO{KDiJx0%+g8?1QH}t50PlQ_Gbx(SCqfy8s*sdcK;|f z{Qr`mPEf)`Vy)B#s~|;f!?Y5j z#0V&N02bm8LuST1HSfvHG>QrjUdB?OX<8pY!i&5Q{Eu+i9S9Fd&qa;YYkfQtw(kzuHXERe6NZQP92 z94#2id7#>bE1U#S59`cOA}g?j450JoA30$i(`vLYfR5p1n{YJ3PzUf{T!sloIm5>` z#g78k|7%P$Ml`D4=LA_+M7%oNS}3r_|9gjhujT&-$Ai89-wE8@bRohK

    ?Crk^9L zr=LqRJn2ApI&}&}Is*5T4Hd1T&kj9H6}%$LB;|Spo&Q$7&PEK7DXbnkb9sy{w;@!L9J&g#o4JP7#7%@uEMvy zO$r;Gb^=&VV!N9pRrJ1UoC={vH-9nLI821Ny1)?Wvi-5xUtg@4>LefjeDUsF;)s52 zlD0ahQyaTZx0kGI+kbluNs({yI$)jsKl0k~-_hZTx3~YhfV%xBS*CiG6L?+igu8fw z;*1`clj8g=2VgD<%JX=+;YpS)A&1H>l!Ubr3t$Z%tGNKo1Sz2CB9x=7D2q68JZIA_ zr}O^wr#F}9r)O`fp7PB2gA{2{YXlfkWYGnVnyqE~Inl+zxDh|BPJ;`+mNBp?md0+3U{P$)F4r1;e{|1(`Ec zfzt(&(I2JAvod!VQ~gB@=U1jC+o(h?Lo6|#J}XSv80E0mu)wEvExRcjlh$leR<>K2 z$I{dhYwFa7Ol`nwIaVj_yD(e1G>c=DDP1X8DSEA8NO?qgY}@A;t*(|ZPPf~2Hs2?I zw2bexT?E6@wa(^$%V-Y3;-*|3pyb0Z7;3W{E!kzmd#$Eyr1x)b+zWfX@4la(3O0I2 z_f?{08|=1CwW*8`zkm<5a`)W1cbIXvIwY=KCToK3WS4fNXLX?;PUC8$Y`lUs9(U2g z$9AT_Luki;O+UAtNO0Z#PyetT{~h-a_xazQz|#D0OFQpi_!n%~=Dcb;|JX0*I{>Ty zwt}!{!}6_H1FzG6|HNRF|xwsb}29KML5f+0~Df#Ai_ z4seXc8OiFm-Bk5@Q^WSLC%y**%k+QS)u8M0|6YIL{N*;)wBW0VY;QN$l&L1^2K8YFrXKTe>hF+A@pV#GNID1h(N=2)z23`Qp)Bmpt3SNV zh*H-=Mz4aGxn!?`mzj|IRlzD0X-Yt0Mx-h7V^nDnBZx#wC|4jP&(|~aB*%W@cSpOSN!X}c*Bw~`oEKbx3~X0fqnho_YJq}f9>kv9^v4+_|I?GfAqaW zf1m%^32ZexUWSWhCcKDD8o6*=anTtP9VRyNXk^80_tWAyY0DR?^my50a^}l`g=NmjIsW7T?o0!c;yw}7H2TO)A?qm?R(ahgOr%6v(VC0n&`ajXbs(Y)_Lsx zyNCP1o$Y^lKfH+>SQq~d+VNlCKR(*$|8@coao=dSQMcSN+q`2e9nAbb(VTvl-zc_d zW)0O1A}n4Z!uJ3fCmz4n*W}_^{{id&^K&>#p2&`7t;+Flk7`Ia^6<)AOGZE92@Tgu?++D=# zLbqFHSB>S?~8VA$4gyW~MCBI_tjhO64sO0+>Hap+zWI03XlJXJ&}V81;FH zXi%HsM8o?(_WSxzgFET}J*xrN>A!cf5dWW??7#o96WFX~uQUUXE&Lwt4a@Z3O^~Jb zi{V=tW1apV9S#=ie-8Kgzn#DVoD;24as^s|U39okki#&iETTMyjD%MtM&&vO_J^oc zo*BmvDnZ5|W@2d1{FKMfK_VlXj?w%qRIQ!x$T|vvA?aCkDZV)FScM|O-ea%r9`>+@J=_NW3IG8A|Au{uLjYU=0CGp^tpET3 literal 0 HcmV?d00001 diff --git a/released/assets/fleet/fleet-0.3.500.tgz b/released/assets/fleet/fleet-0.3.500.tgz new file mode 100755 index 0000000000000000000000000000000000000000..b0d228060840f31e56c865b4c984ac4dde9e6e64 GIT binary patch literal 3005 zcmV;u3qtfCiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH+}Z`(Ms{ac@6o`Z+JSJblP*h!zzS6t5R?iJTdpE-`$42E%d#D(j^o^3Jq6r|oEZ*9&JPa99x+7S86-q%cS2J3So4gsL5n zWdI?|l}4#t!?lJs_6f@p;;-Z(ks(poE~F|2a!5u$p;T1x0LER1WLfp-xyNqbiBN@- zX4*9UP|(0ngp(L0wBbjpKV%AshRcvJbZA&$C0b`H=ybwDdzD+hY_n)ep;jFxVxc-# zb~TQjxaj&_qb{Q`~Jzn{_g{5N@6T5zr;)^ zs)d|XX4_g02SAfJfUz+YZ5j3*07G`3Gj=W*4JQG-9laO&T%tm*9f!oo_1lfC+Xio& z0gm7YA!p_pB*s)}Y1|m-1R=|ZjE3;@#XArq)AHwhh?1j51!w1PL7^O@gfv$gh6oBZ zBq-52f;V4DnlYSPSF{aoDAM4h*E=pu`K2NM`Qlvwt=48~Fa_kHh%f@9X)~b)XWuN| z+YvAvX}~no6QCNX0-{u&Vgx#&s>$i&yUPMa(U@Zd!wC?$M#kWZi)#*pGj~3n!P#s! zXAtG3{7Os8V;BhuiMR$a(#XLqn*x=HoJD4Nr3L~C5~+tsv|ax}g5eeAZ@ES}Ha_0( zr-uJu64VJwn1~#%3D=+n5XQuH^$zn)@WzW2pfU{UXi~f|DuIz9GUYln=0f7Y5?<6u z-Wh}dMuaJJoS_i9=*o&Mc?2I5geq(Roe&Mzl(FJ<7a>n5k!Xy7@W?C>6Cq)hcr#2Z zAxeyZatB~34l!hAyfgEj%uJ)G@Z@Do1)8Sy@gvNbm=t(R!@BUXSYh*~lwm437MP=) zu?bWYv|~R9s-G$d1s~CPww%Ruia||RB(AyA5=mMGI)*FdhOtV7c1!g&I|D#rC{dRW zL!-+9q@*Bq05YNzW%p3b#E`HuqSVZo0RS77y~YvAnJ$-VVhOm2@Ddq@TF3(Vs@lej zF`J_WLpcvv+i-=G0P5kL8A@aYmXHCo-uxpctYun__65)~ylfMWMi}Y<-iymH!6;|= z*d}?eVEwU>U+WktlRvz>(k8~nd_-1Qp%zjxB>AN>D5;O3?c5soNFXj%3A z99jMRT$0fZeX_8Zm~BmOs6+DGfOe&;LcAH z(`m30Lz8$qZ9QKeeSVfG`i(nB7?65ZfzN#sWC z+!$~LMxDckh`1HNoYw~2>9pcng_i|=*$B`wLEoZ$6{c%CYoYgk0!S~Kae#dwdczxRcv z{g*=$?)n~JgZ)1~_WRBAzu!Ha|MvoQ`)}5sgVk5c4WnX`+j{vw9+D^rtYR3eulmKaZ;6(($qa#(9v;?ua6-Ik3>XErD+ z+pWxFY3hhIb!tndHej_JtCRL!n5|u!hGzVaLQ?3tC^5GW@wb_l9>~g_-t*2Z_>)+hC7xsGJeLp`H zZ1s-rt3<0d*ln9?TNxjI0Uv7R?zwaCFynT0NL;&2)&$+jF6~Lr>Ow!9#??mIdIf7d z?xKZ{?M#1%(2V~U{oHOM!A^Q!6mW51m5 z0IdGo3c`*J%XeN4yh;E4Q@@%2^SX!p-(KL>x>Vow8-=NZN=hHK)o;70>h-3E?PE{;00vg+|E{Y+H|77m?$Z5lw|{!j|9ya6@^w|3rS8rP zG>z&y8n3kA>xgV`JJ*z{Mba(m!j4QG=HJxcA(P_kq^yi|j_jkY(hNGCm$^b&*qc{> zc$pEUu7!+V1ut{SUIi~RA@!?*RVdPwfWnMOQ{2a>(jZ0E*tL*=-s{uE~f6MiMr#->m=W zddL1D|Faj^X?DB}7t2g|5t%IH!fnMxYe;mM*vMlcD{i}=7RO0jzEGvd%N~<6U(Itp zyG%rD*cH*=)A?hJ^{4AX$Zf_eulRO2gZZ7#H#2SCv#uSa#8j=NmX6Xy=VeD@=+?8= zWAEPs+z;+-|I7Q~ZQQ`7_^;QD|GNH3|B(ON3p~VqquoaBa>wlQjekP;=^BmStX-&4tM2qxeG?`KirW^nRQ;|v$_2FP;7mG)o{E2FHP$`uL3v4 z|J{@2{IB0T`2T&tZ8bZa{eC8-E{(^`lqFhc?H69Dyahr4^G7MP2n7q^f@QTE!T<6IC z0F}x!35+W* + + + + + + diff --git a/released/assets/logos/cis-kube-bench.svg b/released/assets/logos/cis-kube-bench.svg new file mode 100644 index 000000000..6597051f1 --- /dev/null +++ b/released/assets/logos/cis-kube-bench.svg @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + + + diff --git a/released/assets/logos/fleet.svg b/released/assets/logos/fleet.svg new file mode 100644 index 000000000..07fc4af5b --- /dev/null +++ b/released/assets/logos/fleet.svg @@ -0,0 +1 @@ +sub-project-brand-logos-FINAL-with-wordmark \ No newline at end of file diff --git a/released/assets/logos/gatekeeper.svg b/released/assets/logos/gatekeeper.svg new file mode 100644 index 000000000..8fb3fec28 --- /dev/null +++ b/released/assets/logos/gatekeeper.svg @@ -0,0 +1,30 @@ + + + + + + + + + + + + + diff --git a/released/assets/logos/istio.svg b/released/assets/logos/istio.svg new file mode 100644 index 000000000..4c6c80aa2 --- /dev/null +++ b/released/assets/logos/istio.svg @@ -0,0 +1,11 @@ + + + + + + diff --git a/released/assets/logos/logging.svg b/released/assets/logos/logging.svg new file mode 100644 index 000000000..2d1ba6453 --- /dev/null +++ b/released/assets/logos/logging.svg @@ -0,0 +1,31 @@ + + + + + + + + + diff --git a/released/assets/logos/rio.svg b/released/assets/logos/rio.svg new file mode 100644 index 000000000..a37e395f7 --- /dev/null +++ b/released/assets/logos/rio.svg @@ -0,0 +1,21 @@ + + + + + + + diff --git a/released/assets/logos/vsphere-cpi.svg b/released/assets/logos/vsphere-cpi.svg new file mode 100644 index 000000000..7e22a5fc5 --- /dev/null +++ b/released/assets/logos/vsphere-cpi.svg @@ -0,0 +1,23 @@ + + + + + + + + diff --git a/released/assets/logos/vsphere-csi.svg b/released/assets/logos/vsphere-csi.svg new file mode 100644 index 000000000..7e22a5fc5 --- /dev/null +++ b/released/assets/logos/vsphere-csi.svg @@ -0,0 +1,23 @@ + + + + + + + + diff --git a/released/assets/longhorn/longhorn-1.0.200.tgz b/released/assets/longhorn/longhorn-1.0.200.tgz new file mode 100644 index 0000000000000000000000000000000000000000..6a695b018c3440e2fb901753e1d0d8c3b3a738a8 GIT binary patch literal 11516 zcmV3-`~mOtMNY?+i}{N+7o}}Z2&#?c6Mfte{XB2myiE` z55|A5x4-)*)?GO!HP0V>{OuqJQ#M7F~Xz{xa8`J}dZ6o+@7%M)vK z7w0wb%iY$1r}kEDt(g1VPPm1Q<+W;yW}fAQlPC;$kj^O@CQ!f&vJWjg^4{|}0SX?l zyDj(`89zJSPOk+hJFyp~^zMy>%DjZx%=MBq_6AwXT{iGT=awaD7~3Px1RdBgjM?|u zfX4w(dD3Z(L+r&kO{3&sb93aS<806Yq&M|M)@XYUwx^25_I*bb&k`QPrxZF#HJ!j2 zZo=fh598a-i4D!hNa`QClO{P>gtqB~ei-X_7QVCST_?F4wQl(oV7S0YR!%%i^$7kl zdJDg(zxbBlc@BQ|5-0Imx6oTn!I%H>6%cW2r_;6K?#tH1_JS1t51+9S4!?mZjko`4 za0QH;7;{Z>qhMY;8S`NDpHn-z<#8vBN4i=cKd`^q!KhW@og~a+hZ715jl^QbENBjJ zTeLLI$-v>(#14SG@uKyXES`CbmIVGxlh&OYI^z9qxAmzd-1F1)=wSr8WyPTXCcHCo zSKG!M{SVgO7V7`)-QHGjpX|TAy=VQup67*@j;&TvHTm9XoZfT%cY}cv_3VMqnH{(c z)ajI^Ap=FSv;t%2AhJN@M}9cv?gqk$6VR^#^ErqPtQesLNl-npyU@?TL|{_$LlaYt zZ^uB`0nP>Js8G4F)Qf-!vQ$ECKvQ9me+xnvyLkn*YcRkTb!|K5*vcf~{v9+J#$YG`H3|DH z@j&^Qgwvf(vM37U6j~4LC>e)ovcU$nbDKqp7@j*GFtFCb`-Dxy3`Z&f$ZkfMJ6Rkf zXkD4=$ohY7wZ8b`bb{dRApPQt19m~i6O#sDj)a5m0=#B7CClxGX{!$C;!isW@&`K( zpiu;F>Bz+jGn`G9CrrC>*ZEyMf#6#)M`IWFutbYP?c zVaopV)glUO6ZmzY3?Ayw=HL z&i>A`{9niOf?a@5141Uj=_SUW-Gk-J2ASv6WQ3`F3t|kMj~5`;KsV$92zbV4BbY{v zd_gEpssbkA9msJz9UJdK%m9FZk7$arS5eG|-UkqM_b^A~(m{|@Y1_&1%v-~S6m-`lYV8iJi3pFo4sJ8E@6C)t~#9K8BH$_zdK zwdh-Y8*}FWPH%U=H2-(^w!6>se;v;Yb}0fhxnd@T+G_m=djeAcfj*%zfL7NqMAHW= zy3!^V9H@&mk_bI4Wlq{G$R=Rlv2chsVVE4WT3d#lcS7L+W?9g7Y+8|< z(t?EUk346o*h0^Me<}kA?5&6hh?Xjis5k>i;vsjY4p@;Qgg~TySg2y#K*MNVzspTw z7}pIz!SORNtJzWil({h|m$>9tEEoFNF`9pOiY*`8$#@XjvAb|k1X<%E<}v>%^AZnG zputl-bl2-_{ROEFcIhqt-s)^^{{{PP;7pONzaTbm?OR}<3`Y3|>~sHSgWU|hz?}ps z{yBo7!2jC!w>M<1-wga)&%I$|a3TgA7*NhhP^KQ4{=y4E#zMw6nglwcx!Y;&78*q^ zwkZ7e7@+JM7?W?mKS3J+=mz|OF5A077Ni*isG|(Vl%4mPHz5bnL$2~t;%u6p1w3pY zC(Be!!gqnhhB$&qeHDURh`tU;3!4DK?5@XbgWdBSC-4z{o}vuEP8p>!0P2Ufn@I0V z^N4aoUtMU|^gX@WVC6SQzU@smSYNn)@GAlD?3mnLoGJrZ}wxdW8?kWy5@Y})D z3$e@i?gcxQ3G|U?(CP0}5qn-;^td$i;1U+;ITuiX8T9;h7_f+gv0xCdB z=+}j|kY5mDBRFOc!aLp(c!OAlzDyEfG9FzX!=yVMqLUlrFD;9t@xgP^j2~%g1zhR^`5?s{VsL6Wm#5BS`7*3?C)U9-!A5xzowCypx*NW_;W&R(fK`E*uU*Z zQ~oCu&d7qD>8h82o9+MYy}kW%{C9tAd;8h`U&n*7&QTb9Vl_)G)io^4YCgg8ciNu`ET9 z6Zn=+BWQIHhA4pGHz>IK>m(Z}^sc?(0UO$Wf_RKT2}aOfZu;srj4HGMUhR`!QIytW zhir8ZC^d!hMkiH4FRWUeqM+ILe#9MbIIY^jgd4lmjkKw<=r6|FgAu)u#F<;23eO+_ z1Iq)g0;0qMJx}dXvCDFSd+FX?*`o(_>q;W<$o>dtXsLme{?h_Im2TSuhjB*j754fO zgIGXr@i8n{TSaFwZ|3mTjvshz3v>_+-Up6bP0bZ`^AY2vky?DL%qpwsfUTdI6R zuQ3*+iphvV4!pzOaQlw4fo})56f4Zq&;|F)NjnSD0^uJj_=}A`Ryh{osocVtLy+p2 z_h5Q=m+LqHd72*29Qh@>N{jdC{x3fKMwK~)FiJiZ6I>Wgteg)_;?zm{ow=+~rNHXA zq1yFTFa*XCMbS$>!u%0?VaC9!mWTjbv8p_WKxY_zm#FCmpNd)P8(TTs)RC}`eR^}* zr-?eNW27dstb(Oto_IemE?;EvIi%6}QsJlKm{Kb%XB9=7DtmN0+jH5YmIkZii`vdF z!w_blBlu*eT=LhnBL&3tUF_%4gbPuKsgLa4<(q0?;_?kfyrWXtwh>EEa8zprBdFB( zJPxuT!U^%_EQ~Ypxe`l>@rx@5W6Xn;GTHF=r|QUsoh0{eLsud!5XNq$I~Vf9Q+27( zaDAt=nJx=lCjv^L3Wb=ek*%XFNy7>7G%X~k7?%Wq3kpLK+NLFs;&QZHx)^$KlCspB z@Q%p32?@4XYQWWWTCQTASdEhlUATCMD;)XKoz9jt0%`_!Dy~)~(45d32K4G8Yjpsd zVr-H$s<`HyK6hfCnsTGUJ4s%oNc^kfBA@_8xd`ogxl)I8jQ}$lrPvFUv$$`;=jmk_ zrpI1fsL&u|Wi1v%HOuwlhs)LPB_u?E0R~WG5%n?4cQc)oOOXn26lOtc;NS&mwVM+U zbN|Jk_6PX0NyDfd0|z0a#5G-z4*Pnlr_Q$QeWTA(0Qab#8%FhdJ8xLr3-{l&(pN(Q zor3M?m_99Km!^S=>Q{OQY-lGMcXKg(#tfW+Q&ku-Mj00|ZY`5CNE79_*d9|TFVeHh zC|7$_950m9tLtEyo7i>}KQ;B2$(}IPl_qH`QXjAEcvO_NUyGDT<3m-#^1zKkz&qE_ zj>8j?H!su4F=4aA&c5l>GIxKQGTvp17k4|Wk;Y4O@d(%kZ3x@1s+U5SSzeO$o74;{ zm70tgp_*V0B%$L`K0jqFLQ3G>)XZr@;+xrk^n(1CbwUatU+@p z2w9k-w8z&8;~!u;ci8C=e`EjMje^aErG(Km;Bub`ZP=iMCVnrInkeI$wuS^US5Meq zw(A0;zFdBkOo>%vEjA68{C#Yv_Jy5}>t;NDWBOxpG*lT%zm~gnP*~w?q^wA+iv(cf z5GiLUnf4}Nwds3n z?MPxz|0cG8DA7K;W%hme%y#q3GilzM0T z84U-CYCD)>Dcs5xX1h0XvlCa5IN2h@3sP zgAp2@XjCE)y=P*gMn_tl_)!@e!Xzyk%0PVZ4A42s+dMvJXXjV!=)1$SZ%^3Occ*>U zKe@VsZ|sNDtMAz1)z#tAcPGc}{rQ`BZ%_K2mcjbn4hZiDNS7gywB(W^sKq3UY5{ZI zJ;$7ub#g}IBZ?QMF*^fGYliH3nHUAJ+)Esbk%!x#VdyX3i|p!)_eZEZ?UcMvErdec zjGbG0rCfh8R|=SrtB2+c7-b=j9QnOAZI#CkZ7_K4rHDfmCW(i7Nt)lb*+&B;d>(j! zqOF;j{AdHMi}z%ahFK~wr(Fw$;HC*L9N?~_g6Mmh=Wh~qU#`gIWbG2*c}m9!30#D} ze+m*R23b^f!KnztGOSRjWIF}uWQTz(_u3oaf&5U{lXV#ePveQUPQg6@{?Oef6QB~b z&^Cd5*Fm!2*mUt9>1a|VYzz8VR5zf5A{e}7k5l)8#c#r17)Bb8c7X;BW<+00eOU~TUB&op7e^q6Nth5s3@@u`GJ}7 z@unzYu>#F4j&@6tqxAHVmJ#v?8AfW$TeYOHs|OtU4NugfQ$zw6<|IW&F2JP;;P!Gx>i$dM?b+qg}I0|DItayqb7fd>-8S}F2JYcFc)5VKp zrfTVaNUOPYa*Z(GVWt$^LqBQPm8penCN zgxaOlrFbPZXeZU^rUKHDm4KqOOA;+SVUSKmWi^pfSR##4H_2;Z?g;JX##|ThDA`Sb+gwSt zn=2&7bQ(ri+VyWwfgJlV!GZO@wtbA_ z#4x53c3p;)Lc0$hr>Ayx8}*^8k$$yUi>>CwtHynck_tGaB^LeQMPS|6L}A$ESp?Qa9DbNqhfj#)!u}-*jj+u}OV0Pg zY=_BwBogONFWTx2>cERIPW21yfWlwDte{o1kxH_I8c7_zc8Np3(puVJf9utF&=rx72VbuKCV=J7 z|KHo**?m6$e;rSLum{G9k|((UV9xn(`@37)BJ9Mm#eHd0v9*e!0BaVMIYp54@Ic8VLvNd8Z#hTl39v-AP(67wsQ6< z*1<0`lI+DtNw4yUR>`5pR?QS&QMoDUSCnYXi4{dkd6){V+N4DBac(MJq1f!)GEuCU z^;E#AO0JqLlR}NzOY$bgD$BFtV`*(sjh?Y2qKIQ|-jTzf$MPjY&Eez%nd@SyqCj(? zPn4;~T8M*6o7D~s#NWk!u_w5zuJ}f5X(K?uqVggT_RB{o@&Z>Dvm}$59BPFTSHaL* zlG{F1;7ZpPYkeU`%P=hx^(|!;IN-oJcd2r)~IZN_vnnVd1OwU&6HV|IkQ1rl^T!5NC!?vGiLiuDa>K!=q!54;;r77Z#~&Ta)}o$5B7#|)2aLmwfK*M5dSMYL=|SC zk&a!t@+}wDrF*ZAplZP@44WJ<5rAnKaB&C~a1W0@b;ZhuY~|`rU#$)n8x$Z8S>m}| zCMt>0s+X^LQQC{jZ4j&7!U5I^@nQiBWBJm(-`T;0w$x8F?$i!&0b(NZo)o?t#2FJD zR##eqc$lKv{y>e0%mKNCtS*M46x@I@gYJ8xWAg$ot5q5+T( zL|$8DdlV`a7z1`MX^jn|Y{<=)&qtxaS{&IZIoftzIn;$!@J(pmvK_qpM=HS=FGMkn zo7!v$$`&{=A;RmVAFqn(28;ADhyp;&hqc!@;52m;Z1P7Fyits*Q22N*1Fatu}}@bc|3sYA>GRj=`581`#>3b-{zCZaJeKCfL5(8u-C?-MY zs}&2bf8c&?WcC-AN173|J1fC zxvup1kkFj?&-U)tUNQdD>uvY;pW{F4cuKby-g*HTEn>2~wWF3=rNe1eoP1V^O=JOi zYUnS&u+F8pc(HS)r_#rdD)@~i^DmY<*ga1s?TD{!)?vRg@SV_eV>?(;VNu7O2kcji zyjtPKSgCXc5sUXCuGzFLRNz&rZ8_R+v=V8YEC{dcaVq#V+ZrujxSbSyNE%yc^jK9B z8a7bNipXni09o>I6%grsS$Lm;Wn)^3t$nWsXfs@61yy>zR%IWV6&a3i1N^z(b-AU9 zaIh`CJ7>w3W;^JrCF!DDj`GnPfEL~P@_;FtJHn-(KWJtMKmp5x05ZmDk*CuDtR`$w z#;la*Z7J$XlWsnyvqKNXiASD-g$dP`r^63(r(7jup@34*!b**(MFXr-ghRnlF^&Z~ zTL_2bGf4yu7Lg#u;E94j*Y74Oe$r6gh_mPs6pw8RkBr`G1n zKQ;E>+4WO%9ml zhOrNRkI5TZD%T9f_K$pDjk-rW(IG{;yhrCjf~Rht3!R8CVC}ZX0lI=7+Ed=oxHGQx z9&g-X=>EIrwT~FXQXv)dI0*`u{0`^lI-Z*OFBLqgyp`kw%$xuF-O~LJJ-h(odH%2C z5e{Eri>B!kN?z#Peo0|E@DOKvgw=4MHpK-ml|qAw_Jpd|)vRNhz$^SI3)9EBlIHTW zyiUwKex^m?9+Aj>@*%PVK?;iT80G=?zqAwmfVCIsL&+q>ptKAy{3nz&QSAgDLoZu zizyDkMCLRd5)cIgkOV4XBv)se;zbhl!>28|Ls3)#CuBga9`Lf%Z zH&nP5sXMGQx99X*INSoAnxgsY3Y0g|MH_{i?4qWo%(xv>em11 zQsRWCR${Ls{Z`Rh2(8W!SF0HA{YV3EQqzfAvR4J8qb%cK5htyP+d3u$x zmspTz8TD?t#t$LN%&%%;+?%NLW5kE{Do9zmSG1Xu`GuS^447kC-lp?3_|CqZu^I82 zdkZT)cv8e4$FoI5%Qi|4m(41I3Dbpuik`_Lxbg41a$B=_#GEd(EVw!@X2>UayFE8& zMCwHS(7EMl(V~p1u*E9(TSP9Y+OaObGXPAmlrTp(F=Da_pEoOYqBwM#D&hBPtvfr8 zvtUL&JOCWNZdN|WVPubFj>gxXOIMfB$r2U##!|zq779mgA^KDCQc zY*cOodu(f%6O<*LD0B^gs-3g*;}h!LYMKI#Nv9U*BSFo!j!(WheD~(+S{`6_eQ|j8 zUAft&VX8|jl=bB?VrAWI&MKS|gr%v^1Y;Ppt9EWRR5j<=j2YHYyENTqPN6v<>gLnJ zbHq`Jq$co%>i(;EyiA_^*iZ4y#?e$D6pK?s-_a+99l8U0_9P0 z|6?srga5DD;Atcbop4YRF8bY~awXQ87hB5*0jRY#`v3Awhb3KqeGy@{QZ^3D0#x8I##o?X8^JUjgM+>~_vDFO<-^hxv|{3g%rjL6)a=BI z()2J=43-fb55&59lm_AEC*1sAV*@CtRI1RQCYy#xTrp=f&qpeS0)Lp6j4m<5j4{rC zTgZZ`DPQb&%@HKO4g2Q#X?|+#KRFY@N8zi<0i2iru?Ig&>p#2u&*y)wfh^YkqFrc#{k`4(X8{_#!F}HC4c4YJ_vtU4)SJq%P~A(% zx4j8`neky$M9r`!ZTln;sAM+tpU^NEA|w1;o>CzG6o-QnPV)X$`XK@>6FW+%6QZBc zfiK|a++J$ES*i@`1YzR=7gaFmEL1`1wPS%U^pg)WU;Q?Af6PUbl98$n{1^^Ihe7Sr z-}B()o8KhI)Qqy+x<_f~Wg^@Y9y7^MOpvd_HWT2*xCu@$&e5jsB%U67_**2U&+nWQ zhOtZMZ|k{QMS-lK`k^g$jz$P`wD2zxwi2YqjmOo-jgLXO1Vxs%0b2a7n{xDr@jsXM#s-l^hGHZTZlo$|j%|Krh8D8N^? z17N=X@0Rs{Z)fjW|F7d&ss7LJ1hd_V7qoK|Kt#P~!na2waC7l+gftX&wf|=%yqhzO z6~qtwr)a>KUF;Kxpmj?j*=;2}(58V`poSS*SH8&ZM?W5gwcwl%BoNv{KexJW*s|D^?!4jp?L-;`}@me{Bnc6 zv>g2Re(d=igyCne@W@wYP1qK*5@v-WYX;-U%(`do&ws&q_O%1@_hXwit^ zinV*)E=beA;;FUV8HYqQPy~NviO+e&dVi&}Ltp-L<}zGel1t6V{dQ@-*cx3;c5P#R zZ7IW+a%_nnk~+nLGm=1mb7`POWPuk8U*<5JQFg}qYMmk=e^iTi$DLJtQ z)mhXkBD^StOc7ak_s0Ta>+l#@M>)&J^m3Xmaez&MHBh{^t==Q07{ko?n{!==%v@?C|BG8=pPj{z$ z{$sD#+j?IASsdO3(j^xjf{j`gzXjKh?mp=E8M_ zl%MjHAG0&~tnY}Qa?8KPVC8Dh_o?<6gL}g;cIF)Sqqhk>pZW8A=FcDHsXPB!44@pp z6&L{X?EhZ%{J-ALv;JSp)3mc#&hMt>->N(Oq`LZ3Q|n*vsXPBOiB@|J{5<;~=6(76 zXL$KM|JU)9tPFjpUD?$ac6;g6=Znzo%gC3oVwyw+u+`&@^qNDW=(P3=_5LJrY+oMm zA`9T`prx!=X7Z<0;ISM)q*b-4eJm29GUmgZiN?>{81=)ugUxx`L)6J@zMUl_x5)41z zEmKp_ILE}wPv)RsZg?Nu+p&9iaZ0~I7NpZ-FQy+NAVPmearh%$7u!Amy_C!2@{K|Lb^ONCRM$vR6J2;GZzO%_7!rl1OdV zHj>NRcx^zt{rWZQG7ILy3z9aU4PiRDcpHN2IjQjhuQQe(&CGCRT5O72q1r;18ui3g z3msEEcR*iB5tAka_6-y_irUs3PtEH_8cBg>{-9$1rXO8 z>@)tsOVR{;EMXQfdc}XzMW|~9Oq7kn+L!9Dqs!xj;g#wWFTp#WJLCHqqW@svkm{N-2b!t z?EkIh`Q?|*FW8+oIS|*(gAav^sb5WyEY28Ao-a1ZyxIJsMR#GjBzEZDdb-q|OTp5T ztk7zy6CdLZlVifSES8n)C{W3MTw+pf?ph@ zL)QL0u|7wG-ZWAr*rn)MkFi{AIlVAYR=q&9UsYXTi2YWj_a9-=bN*M|CH}HMQpJO8);628`w#bsWAvb3!ftl6VlFlfld%KU(=4X~ID_aa#|1RPDcj zp>o}3wFn3dW6L&pb!-Fp3nW&73!DF;x-Vh_{XWaA5l# zkVC1@JEG>Xy5L*XtC{1Q?FRwi%Am#{?dk-2Hv9f~PmTST`iV^aThR#+^Va`%tM`BG zJm3Ggo@f63kB0AEDkPa?`K&veI7o?AGo|= i9(z%LFx|RV7(VsbK0nXT^Yi>PJ^u&m*1h5Y1OWi=U#wXG literal 0 HcmV?d00001 diff --git a/released/assets/longhorn/longhorn-1.0.201.tgz b/released/assets/longhorn/longhorn-1.0.201.tgz new file mode 100644 index 0000000000000000000000000000000000000000..ac9aa44be039dc77b5253d91de58817101e0189b GIT binary patch literal 11524 zcmV+fE&I|RiwFSq3-`~mOtMNY?+i}{N+7o}}Z2&#?c6Mftf3LT-tH*zT zdk4mUueZPVC)Qm#CN<9=eEjVo2va-t!XP=YZ6$}tsW7Xz20TdT6b%z7 z;04)-mK}NTd7J>T57^xn{EUpBoo=Vs0+gNDi&A>02*SLC*$jx4#@--HxyuHA=-jd- z4P$%6nV!S+@8?siqS+!%dJA_hEdyIkBPH7)kvjchV#Wi_kWm&<|t%&cb&Vz3U`*qt-2- z0t^>;&dP~rsUE>!MsML4^%vjrJI}$-Ug9KP>lS*eDfsd~z5*g{?R2_U+!r?dYukrRj4X%K3EApUOFt44Ac`*9Vsh!;NxD&=BU9FEF*x&46)GF~#5@xZ( z35A75VzFWtGzYjXTAHSB;BaeV2SDC<(Rxc3&%8xT0)M7S>rM?F@qTx!^{Iv7AMnv* z1H#CPLH|v7XX385jXC-sti3JN|GT~I-JPx7J=FjE-K}T+zmDfcu6A2RedBwhaeB}3 z-wg(u(X$6WXLjH+(2-M?h77dB(prg~gB$`m9{J&vyBi22PC#h}%;z8vuwsN_AwiwP z?m|BUz0agNhbE>P-;RN>1Dp%cQA={y1Jw&f6&|R+;?VbbOt^5{8B4g-nPdv~NgM`Y zmiSZXXXI1;gr#Gy%Qe_b9v6V@} z{X1wdjKNR>Y7+KY;();sLHflP2ke3@A|?&M90>>A1$fPFO6J%N z)215G#h-Q%Mj?qQCyKfgxR z01_BHDy)epp(a4jiFaC^*eIe7JZlo@*dYtgs*Hs;L#o!;(#Y5wo-ZSOqK|8+bs*rf>2K@sK-H2dqdD7a-C; zEdH=olWIPD%*j+f% zfvj;6^O*mXd5H%o(BLT^y6bhe{({s7yYv=+Z*{h||APHCaHeq8Ul5zO_ARha2BUlf z_PKwv!ET0L;7)=R{~W3ymTdTNG1!3{dtBjLEm(pP&r@bOZiCm+jpk3(|}M)KLaw%Fg@Dn~;O( zAy;`RaW+lQ0v@)HlVvI<;k!U$LmWY*z6!xDL|+G_g-rlqcGqLJ!R~pE6ZnWePf-S7 zr;O4V)$~K#O{Djwc|^IPuP(G}`kr2Gu=1ND-}WXOtS?+Y_?3Wnc1-Rr&KLXw{@pP1 z`y758+Z-$q`je;5Yv?Pm%r_{I6eGPm-2f?i=YiEk9lSXb@nv=xMad0I?E!HFb&2N~ z+fgJ4cNK>j`0e27h1g|$_kx|u@-ER!R|1ei8s?1?6QIn3QO^Y{*2)Saf*!g9E+$x4 ztxGQ4dn)!S0TrMm^y@-f$S(-75gfAz;T`V?yg{r&UnYq#8ILZHVbYxr(aDYRmljp% zOA}NqV!GIljY?*~b^lR{+>e2_C{lpm5)?O}BB(a<3lJBl1ECoLKXE%?8K8b-XCg?S zqD6e~0Vmyi5oZO>nBZ80PknQ912*Kb7^5PhV(?(Hd$b1A!s*YfWPwfn?BDjIDgP4+XJo<7bk$41&G!HH-rjyW{<{x9pY8v3JQ(X7g|R1=sMPvf z!)mMM6D)rRZZU?14}?nZfF!dsKRv}CEym=}1J+LCjJN5HvA)@UhXG_!##rpc$_WLY^ntks_-0_CfsvS(Yu}j@Zn<|U`VyrzF z(F;kOxz(xg3<5B)JkTm2N-WUx)E*VPELW|U?%kC=dQi8nBm$4@k8p;T8c69sEzncx zwmondXVhL{uOBgp1>_bV!*aD%bSCp=4qxr~fycH$2f^Td;JDS)Tv0b4FHOyc5q9v!YmD4aKD_ivmh-H{-J`u*yv-G zV-cRpEsQw?sg8LMrgwL_jsuXV>G8~wU!tqDc#rP?;=^xLnL`Mps2tz2qazAF&r^46JI22(T5a%5w;GhS7J4nr`r^n5Dk4 zm9tG93G3LWHBe@#15Kuq7oejZJ@5QUif$lhJPsRkx4-(bW$DwS;; zu>=K2wN@~KN`24cAPXX#5O2=HI1`^Mv6L9UxNCj$GJDa_=^DCBgz> z>{hySAwN7-mkJHncS@V-vcPpBpcJZ5h^ZRcI?9qXoB&VLLV}8MNdUN@FchI}TJk6^ zN6V#)p%*79OT7v2h^(8CV2h;&TurCtD&~pRIJwY;i+8xfkuTlpY)K=aW?-k{YE=Tw z39Vs3uP(Ay2e2u|CP|};YtHF&C+4XsH!8f7V}`LIfCK05uj-AG3Tn(@D7$sQ^b| z7NiCaUXWJ1Iq@)|U;Jr*fIpiwjLI=^5HdH6+j}*p80r(^7V68mOp#rH8GGMyX~HaqO>n?5ab_qQqIU8Z<(x3d~)yhIm|fNju*u>Gof zDRi0TC0V~o&7e}L$%qlE3Fbf&Iv(ZoQ^rD08Ze=;o%N7F?2eEykGd>6cqyy7W;Ik>xM=Ty88Q|23P2(VIW4GJ)<$R62#SJ>MgT1d z5Y%FF`xVI=GoLZ3w`J3m!YTA7)fgkxEryX=WB@rSer#7h=pUGOI+oib!F?G)y4t zB!g+B_deMHPCVR>B(`Pg?Ex}dZ;VNo6w!N$`B{pP)+Us^7A}5tfB^}x=QWiii zM%A~#K@;0Qyt6$Y3pP_#mS(zmGgVIoGfl8oHet4|MKVj#0=UuP+!cz|cG3(QFenck zIisSKgZOHIxsNbBSs;0yN`rmi`69_mBx$4Ai#hH-i;5$#yP^S*Mof7$cIOO67GW+p zKN@pPrZp*l5>QXxi2}?lQJnFm5<(+5_=AKaYJxo7Q>K^$mA%jvDy+kPKox0m*7;E4m)t1Anr3*d z^Yn1`HEi%+iF>!_P#2hD~sbmxU>&V-jB2z6^2EWEpcm(#J0_k+g!Dv;)saY3OET#o%rb zVXLXEZLk4TVQ9j1^F5v@4O2qjz&htidx+69Qte{gpmKQ2_;84Um(~x5muIJE-yX0- zSq?XI$b!h(V>=k3;fY2i0?~UWCTet~#fcx4p&?AtqM;1L2hRYVqrA=Ib9Q!q#g4u^ zJp1;9U43`jXZ@3_EBMBKIKBFg9bR1>9({Lm%-)~BdH43D-)R}F-|c|#et>it0!d3Q zDS}!|vZxj?*WGi>X;~*{G(MtuVH&eDu(W2#o|lPH5X-&9u^4%{{TYV-;=RbOzIcCx zy3eNTYtvSF?9c{-*ItS^L}8M6sF$Sq zZJT{GK*HyN2PoQ_iOG*P(7Jd}7HOEJ0(086PzY|C@WKJ^Ix2|1mwEmsQTOGFTu#<5 z0iLIHjF7-Z==-N2p<<9lRTrF!Ff79gg-W(lfKGN8xN@((0UpQ?bv;>^VemAbXzLW* z1KHQe?@h(dV_U)uEC1ZGQ9$mK&Z@eWLUDx z6_#S9Vns!B73xD2q^QCJ1c)lS8~G6ibe;k2brVkchz9`L&-c=7pr8a0s>Ot8n{QM> z_IH8r5wS$Cekk`ro~CeU?y69`adMRfLyQ4nSFNi|z-k*#g%nrq>ctnZd)s#00m-rVx()>owKw+_z2zC8couMFPz;Kj)Y?qn&y0lt+T zy1C8In()FK6k|%jA@)#@v~_XEl(u1W95+w~%At|eAUM)Ss~eCBu`EILIbaA8hT zbmRg|3*77n?EheDKh^SCnc8R*^=<#ItWQg?pawtz1t9y-xc>kDFCP+Y4_7FmFgYccEO6L2y(%slbSIv z%gzI)N;6%&IA*Gr?uWFRODER|^BrbN!A+E)DTe%M=_E1yZ@_1fm?f55B4*jH#4OQ1 zxikWkVgsu3dPJyQN?nRqQiFCsM}#}x>u^VsX3njMC)>sj zVDgqJ{64fjUvuuwz3rtp47%-V$5rf8hO$z1sMDx&l<^3v5P>Dq7GlvF<3To|pCYd&5exXpU2O!}&VLdijNiJ0?Gl5kdQA*Exg91a zAJUx*u;C`?nG_e`C^3g&p$>;qEGibOkqCJp0?cUIL=4t9on<49QgRzHnyEpF$PR!P zMq}usk${UqVC4ZL_z9YD6Fm40Cp#!OupDfm&P>-w5Dr=+OaZiwOH0>Il7Rw)Mp5sf zi7L_^5W^emoc+(<&cI7I{-;p><`JevA?q<1p_$W>CO~U}Os$g-;H`6v8L3_W_7upm z4-*_%?`zw~I8F>>Dq+`UNGY`Y;Bk6tSGQ3gsv7B6i?!HlPP}T|w8svI;FhNCia>>@HBieZl2pEGy`ErGtOrHzhR!sVReD_Rh)X#clfjR##3 z`FQZ<>Td#A{`~*F?VbJS^Z(cJsHL&#!e!UR$1T+HdWcatDxumT8-@L zC4iPUh32$TnQIK7Ol=!4wsp$N4$>}O?5V+KS^GD~p} z!~y%?R?a@fI{0NqlD+sS=~e#FDmm2Hs+r;|DmNwliV}@Ev7$&R4^yF4o0KR%&P~ND z6q}t}CW;lao(ecs$yJkOQm8R|N#3MbWqDS7EUhi7(KD7r6miVWJ97B*SiVH4Ih0yw&^ittUH3F7cw}!QK#VI+cH+7XMKY z;(vvQsKP8X(y=R7zU892bnn#>R4sUgVUq(U0x&HDE)Jmr?%~m=u2}hytz5n7tJT3` zg95}MOFWm$L?sbg_3{-jN_$bc4Pv!hIKVm~UMyf?EML0!J3E-rmimdto!S8|Kukp5 zlfrj{IAemt>PjmR4^vdzAE*(LIUtvi)x}VhT!5?$Fhy%hWN6b9v(|hIz9bfu=Z}Iy!}lH$3l7jp>SD&8#>9R z0lqVF4csuT*iR}$m6z86!eVDBfWa-vDv1hu$Q0JX+NnrYKesg+scy&T=Vd@G2O*V zC!bYf6Ino>8v4sGtaB-DQ|z4Ssr2!q3Vx%>{EMXycF&VZJK}4bb=a>Ad?)nW*bY`y zSk!Un0sGY=uU2?5Rw`XV#Nxe(Yc_2Q6?m0uTaNY{twb6p3&JaVoCoNL6u&wRoO>oMTXF~qcDOU+uD4-Oyuu>yx(EzIy z;ZQJCjAMb$7Q!LUPZmPa^zg)N$A*vr?GaYPf!Y)oyi^JeCfXCKT354opSa-=5qP| z%A4>o!-d)HE`GypJz{61OwSvD6egKTzaKgNHS=G^Y*&^FG-v*A?QECyf3N#||M!|6 znmR+xv!(P@oGqp}027(hbVxuH3_ud7h>={KX^Iy~&<~%sdfad ztye548Un}6`&J;(9#UB<7!T6>91wyI5a|P;+7)1t5f~DWq|Jfxim8Rgv*MV8?83{$ z+`6J7`{c`RYu-@dTBPo<&fK2UZ{ctYbZUy`t1D36AhYr3r=FSXd1~Z;1Y}f!tsld| zlgIyiDD%tl|DEUizt{4Z(tUt;b#Llbfd2{y1$kbPv29$=>m=jNaTwmV4{&iXwIt_M z3s~aLMH#ed<31923C^J-mMO*FeT&|zO-ofRQflK#mmHML#T|Zk{1})6*J%6V*og!7 z@3dzDrC~T6zQKGHaZZq$N%BZogMyTJ*VrF?mdEx>E%hYEwAvtURh6cy5SsHFXX1!= zBB$yIYm3a>YpEu#^_km%#mA4Pc%64+8tS|G1cGt2GZL6(4m!!lKz(;En9s3 zgXq-X(^I$pPnQxWJhc*g9r2&Nz3zTF{E~~NMfs!t4WKgA4+SL*I zg&$H=Rp#kc#$IAUo@La#i49&W{lv+N&UCi!FYwj(q^x#Pme;m&i5iQ#&HC#5U2qsJy0xEhYi{Qq;@5*h>;t_MY%(CF> zxR@cI;O+L@oDr!L^+V^Dr$vi0s=^kl+;0)Nq-w{y{LTO{!BWB;-NcB=CVbwk)QRHI zX{v#%&ywG)lk)(V>4!0L+#RZ zn>mH%fT){K3(pZpC6b!J7pnWO;_)(h?qfg2GaE-!flw??4Sh$S6pj=7!@EG|Dju-* zR=4|kyM;RjYO{3J@gnOr&t>#~N%LH6K{cqaPVLZ|843tY5>SQE(R{n#k?#SbBwvbF z{w$2OTDEFbZb^HJWM84K&0;0~E2FEn&nn{O+i4s6Sg!P2SZt`x|5rIWR_3iD05C8A ze`}}g|M$AR=lqYgJPrQ8W`n1ZFm%E}Nx0~Di^`Q)XI^YA9|WM**69DsGaZ(6{q;!@ zEA{#_Z(-*N4^~>SuMc*~VIuZc=T6K#Z|ci#jW>ns+w~@PPRcjuXWxEzetCBN_VDcR z+mp+p@vDu)Hm#NCse?+@9iXyMKI3oFEQNemo1bv=dyNgCpi-$qf0}F>B5}o>(L5ii6bk%d zS~9xC3^T?!|7{@)rlx$c-!(^&{5I^H=coCpvH#>u1RsU3CI@g{{>L8tD6RkO?mwUZ zwU)Mau&fKTJ zbW(3B!$Ng09pCmQ@MXq_O%XN2nzZecK%kP@%zr||V2F(HZ+S|A_){DXN;t{;SLufc zv`p+Mp-zZ?LI=KppL2Vu^=7Fus1t;Z2V7LaptDc~rPq!Hy3kKP%zX9R*!?jVO-e?p zHt=IO5FG}!Pk+yYlW%^L98)vOa_b(Yp_hqpPk78ELoq?V3foM87vm;4!8k{ox|4W% z?BQ>bls><6P8h~6oxiQ;Y83^tg6fC1*f|;@%+bQXMA%A@8aEzS8#hwstBo47L;h)S zy;%4%|1>@-m(Kj#_^fUXX>XK5#S#=*+6HLxyKc(SAI1l@s-^Dis(Yu3KiR+_taZx& z8vTz)OQ8T?*$#mD`oCM&|GnMbv;JSlvr_$^-w9^B6EA4zCV+@~&xCJ}M&Rb+;RtCc z>T3VbNO(7A7%PY$_D|7(F}v6&5JBsfLbBURc%V%KugVJsD;!qtiW?3dFsfMfc~F0g zgL>!j`v(pxR(&4ShYYG|TWdp%tylNs)4cv8H%C6w4w$3=_jh;8{(o-qerwLD9& z|CCqn#d*nsXBN)deDs!#N3Hu*abDvhP_^;miV#LCjw-7{dGHsHUzm05IMx5nWrpS% zob2x}lkv+9_R@0j-}|xWa}b7~y}~13nKfZs%u1LQimVxoBQxuswLkv_6a7Nh~>yNXN{AOmu&CZ8g zG}W&;3GcBD*Qes;ZT3$t-=7|xTpu1CoxeM~T6N3S1T3RUX~oM)yiV~{`rytMpSJ#*4=U3Oqrv&hBWYlv%KmSQnS)?@#-u=VwnzuNi31B3Tvr z$5E~3VvJ_$)m3PuB8i#f%hUHj#mkd#Py1Jwhfhe)IUSls*V)~A9DU_w70onNg&OI2 zdD1`q@2BL%8dPUdtBCNT6f#9*-Q6Dxh^@<$i#Ml7hu1T-M@16XHd8uFV>!fUTuri= z6j>JiS&coa2Q~Mn%;&mgF|TW6F|2=+c~s)XlKI`D%8XRELZaKJ_Vw$Yn)pxY(9+KI zv5P=+;y>M;^7)TFe4gV!>v)!)hcmV!;OCk+(USA=fl(ombyv(MbaCfgEb=0LOu|4P zAl@l|DLd|jkIHn>NeR%x#^sFUL z%Q)ldeHh=W3sS|)(~G0xi;L6a90eT)Y>B8Kp6_spFAsw$C9u5lg6zYLufv3r>1Nf< zqR8iT35K8VmZ>RdoMU3;Cv(s*H@pw-?btoMIHlhp3)1Pa7t;?B5TQS#IQ)^Wi*2d% zn9;_4NOI!59Ynw_kK9GHm@1mJ*GTYttFpTYH|9u|ry{^4t-`*dEa65iYD;`5OoRtg z>}&W7&q$d=xPdJ8)U*rn(gN~*6!jW<0;PaOFlLFA6#7z_x@Na4Cut}qYQ#M`hTmtQ`Z06z25Ww&$T=+qyaEW*(;w1@J|@t zW)W*QNu)Mw8_DHuyf&cSe*KztnFVv<1xcIFhA^F6ybZzioYeS$*BQ%?W@flDEjGoi zP;H@0je6p$g^sD7JD{(m2u+NV(4DcJe9xz0*LDk_8I@+C24{^mM{w#z2ZOVBGk14Cdx)(?MwC7(dBW%@JjWGm*5@G9d%o> zoR)MumzIGrN5#d;Oq`>xN@0)a>Sg-ap|P6VGxNu%X3*#7NuL_|e?8_tZd~r9(OT~R z*@pj>{lC4vXa8?4&o94he!=d%$$_|L9(*WVO#NztWO2q|@_eyL=FR38ExHTKC9y;I z*3+f#Tnd(!EQk5PL%h{5m+e?s2p##EuA1o_Q9ZPxwD*Z6@p|7F?~MNy#c<%Ty>0r_ zoAk5c(EGsJRt`)FDS_aTypUeEG0c2_%6`hgpc#4~Qtc=r)H|&oxPVUOQ)~mfk$~`Y z>yCQ8qqh?TL zE=nX-6a3;J9kTZ4iS;=e^rn$2!7fG5dW_{_%jt!Ivg!q*{i^C>f^_c`AtX|a{xY(8G}>3O!6-F z*{huJ2SoUJb--7dTj;`0l6x0AJlNaef%97bRmw=9zk%;d{u~?e0Pisdwndi24QVd; z_Ut?EPozVLY-!HO;xH?>(4rVnRJtKcFC*p4hoz}bnGZp> zM!aq0hXdR1fE-GF-VrsA)dk<8Ud8mWQX$DC%Vz}|XHc)|G{V{(K;UGZ_6L7=9HogI9;aXu zlKE#US5fSiOU;58G@73=YWpvCSzz<|Z!(blNHH*X{%@D}e{XL+pZ~j_=iz5cEU*@V q?DOzB{=nr0^Vo~}gXz|_!tklb_W5~!o}cHZ>G?la480cs1OWh@ft<Dc zVQyr3R8em|NM&qo0PKD1b{jX6@cjMw6c~Eu*w(5k>SBAAbFya@NlCP0%RHhSpV@5I z0=q#HQ8&;5(2_Vw_F2AX`JU`MC|nwS;YAW7XR_*<6N}xr6bgm9p-@OUo6fjkJ4Z7t zRBw*6^bebU`u%?Y^}zxB+wb@5|L*Pg_x`ZE|K`oBSG%wF-|YUOzq{Yx-}?jVZyb`A zr;rMZKlC5mSAB5*BoAhcE37DIa?n92#tNr=+KaJLDd|zZgA2tY%A~?+IzWzGqF5wf zWLU+s)=DuEicTm=21sBQ&xmL(mQb0ecpfpFkpX&Z+ioqYi^v?uB!EHAr6O5taV`fa zrL4GZ{hAAYO%o!c>9r`^(_gN4$3)@X)>?w31WRI}O_xDi&?x3v&KY4UD2j9XEfJD( zHbB?A9h~RE&)#mY-${s!16zk%BqHWa5vHJK%;L!o z7V3tJtDOu>MTAD?4WLTN;)x zi%FDWhNncVTTjlgxO1gD7BA?!B^8lMcCOug!-DDeJD;0_{&PPb&DS_Bi2PL)faUUk zcXxkxw=Vzp-t?d3|6@GQ&@q|dB2~x`07wzf89UF=#f(ZLfc}2??rk*TBEw3{pb1Th zE^tiZ6bpi`v7mUI5{VQ?V}f!lB}ouvilaF%1X3i+Qw*YMn({GDt-_&FqW?lxj#+rl z$yAGg`2cmhoes_L6iPYJObx>Z&EE(Kl5O>dcngZ278iGFIH*;d1g%`Swi!>zv7pyPSW?Az=|k6! z5~v;tSHITVUeKE$lK$gPqp&q9ZT5Sw0_;eJb2;Nm-KpK6Rt@vJzU{n7(;-i3JRhLb z$r)EeK_p?S(~(4I6;Ai(7KNJUWPpy+LaURfLyz1c7ixf5k*1y6vRqz6^NU<-2~rVe zx=IXBIZCmV1EfSjYA?@8p3)c}@j@%?`yGvmIK?z`qc|ohQN+A2grIEtAABqw7t(xh zfF?MVhOPX-$8V`r1N7bZosOk(t*oX*opY{^sTiRD>6BDo?OuNgXt4RwPHpo;FgNv& z9Xs3+QHruDfIi0YRgqs{F(tNv@Xe7R31N!jbVOp|O5il*H|GHoKF(-LzU66=kz)eG zNleLD5Uhx0=f_lDy~P>>$r(?GG({{-$5`PZR-uvRdY9N7}AJO)FD&!a5ACH zf3&8<`)eYG4tJDIheX7LDJ?z1V(%!U8BPzcF-`U4)r%GRRN#ah%}9JjLJHG7Mt z`i9_C&E^*Uret6!!phVy~c`o^$3P!{{A3RH%9wHI+)#?A(rwcslF>$cSjIsucDuR=^*qBeI%%m z1y0ks=6pQM2ul#-N-KFXCo!GO9hoCv8)25{0x7}Q1SzdSVy!{OoXME-LPFE=jMJEa z!l`Du8zOo}-NdQnh%(JUB#|hdX^jQ`6-pveFvJ-m?3xPB^!!P5L)8qWRO^z^wg+V! z$s(TV?)8$_Jh+EWCt4vz2}d`WRYnq2E0`Ir0^lZGPbXzlXg#G&7s1I7g@o^!?tqb) zNQuRK8^$k4#$ogX#f3=cXe=<`W}=8d&r4K4@7YE(s(>v&LnzLR0ov{NGxIYe8HnWF zy}!Jpc7Q(?+8$oBe5XU%R1j&(KSLt|S6N~MP#`Z=8dBvc|-i}OfZdrL_D%HX)QmJ$R*ue)bSfshFrll(~AAmuI za!iHv5YKt>T zQlu$LsRYF5TuK_!MF8nG%E23oBr&ZZK_;!<#^bb#=wA!Ib8=nHI>v+{St&O0(grL;M-4A<*>{ z8_^3xX)9Mlw3Zt{5N-vQlWDxsdP2cW<~IxlL{(zCki@SooFs;`1O+wS*govclR0pr zkVNH-7iof|!a^CY8R_TCldn(D(9y~H#pze4M~4?D@D_1lS_;aXj}FoB{Pf$yixc#> zlfT24V5%6-d?%Vsq9Qll;BrmCEKUlcW<;POUrF4`x*!V12uVn?tw&1jYBX9VAj2+F zy$bbupc7q)N)T6Oay>!8dk{08$Q5^OX`C5*qlsf)C}2;HFU?4r8Np;)9{N>*&QA`H z-<|Zb1R%;Z)1b`wPYg?ah9XpT7Y957NDBCX{WAb#(CIuwN1RRQv=9Vglyl7p<3j6% zCb6yR-_h|ba6rdk1&a@hNO;a)@iEcr541*qyhK^`8N4KI;D{(@P+_$rB#im_B zewHMe6e*0^%%mF}&}T7@47Q#<13XhL(9On50HK{U4gY0ryXUgwi@moXfywu|9cllh zkN5w2@7&JW`-_uNPu;3b^|50Ax4-|YzW;mhYX8lX|MxMTaF3Dk8)SESN#azr*mzm~ z*y&i-c7v(XngY2&8D)jCK4T8t+&Aa9Kc!c|k4C2`A$iK@ptElyV=W^vpQKTmPpx|r zS+}EeCTjze;*|b_B)v}OTPmqST39ALE_7=~3&6@NAmOGiC>Ku*qV;K6|DR?g&54jb zm2YM%XvO;9f3y3#w*FroJgxu7d4Bq7XA51^Y+#f!ni4h7$rsuJ!tsm@(ALf`zjSn| z&dF^KcKysqYNG-Xqx|$bwp@e~GSREL>sO#I+(l9O8Jq<@6L55rCiE6{qp~q=0P4RDfJat+^L=P*W{!R=a0;N$?k=f!vq$T&V5>9Shw(aO=wWq8rh zRdMqt=w|T6`bcs$b3vJ!pzfb#^k>;cy>p{dnVP2AJK?h(V(WxI9R?t~QE0GVP!^{} z(mu%E%LcTXSr2x0{w$q|Hu%?9{eCxS^!`8_W1x#_UH0!H5mjM`&lO zQ(6yrOj7CmHbfe$NMV*>k)Ut1sbY#~vJ6*bb(&2XgJ7KJHKW>CEI<9^_j4Ody{CcG zhEY$>c7Q!V`H+}@`6Vjf*bpA{GdO3p{@?wVF6w@Q$!h{&s4$7fbJMJ&^^x@iwN`Tb zp4BQAmX`89%%lYK(1&ZG<&+0@$|t*qKe<^g36@Sg37Cy=7dh6t0p7C4ce?j#fTXhI z7~SRqs&UkEL~aP53X!%BW7!f}3jR731F(^2Fbk2~t4~g2R6AQ8H!{6Gym{I%L)#XK zE%eD3YQ;yxMD>MMm#EBAg;I@eylmF)F8^EfKdbQzo|4Uk1Fh2k_73_r{qObu{=t*} z_ZUwYk}AeH?rA~D1^owDRK2Ue7;d=RxuPubd+z5vC7p~YoM43qJ`B>kYBcS1kQFwX zheoKW8aOf2Lq8)%SwfgX2YU62A~g|{IHz9=UgY32g`ebB5hlSyY(O)+;V#Hhmx>Fi zc;;Thx~1UG?I3hb#Ml<=Zgnd?pzpff?<=jL@47ipWOo~N$+fmv^l6r$p(tQz})n8Jyd`DorJrWSmI{uEL5;iq!oMtpAl@j4jE8T`Gf9pepco!W#-Q9!KqxJagC4WOjo8@J@w(yrZ_hy8&%MsHwH3vp_L6Bf2@ zzq_WlQP+?a_Pgx{He~KD4~DvE)m>xV5ng*ucND z5Wt|9V9A;2zwpoCqm2%z{2hFjHh8AHZ9|{jW1E67#h_{PyKTM0AHfHwpIQ^E^_?$X z?;L{d!kU#A>!LK~TqKl*jK7Im&_-6bl@TRqEElg5%UBIQmT;ZVEgygH&vN~5Oj)9t z-NV$tRsR212XAWn-<#KOUO(x7kMZ1J|NGL=#xgZflg|UxK%SCwGSTfi-m(P74nj>8 zwOuil#TZU3X%*Adv95!|IOYXY&1zQfig2ZXJ&zWer7h+m7^I(jnioDT>)-2ek;EG@ z09UO4H~szk`hUIudiQDlKgJWTf34D&OZ^zgU_?}9h2L{6Lx_K#2TQ6v8c_ZTLZP#n-&4$mVm7oj9Nc;ANgP0$d`4Bkb_%4S`BuG7R{S_ zh)C^B1w!U%Ow}PlnYWh z((3-L8U&hb8I0m%(;QB+46~#x8!bjggrX$)VOUxC)gJzd0Nmh1_ulw34X%woTijr; zTLGj`l{a#mYd-!_4OkNPP9oZhk}nuxI9&yk9d4VDr?sCT5H>w-0w7S6?jaK z3Aqj$$aE=l^kZknrP@iz^-iNsE_l4GlK$STb&Z86*n)c3SnP;`?KD0Mp5v)KYVjpa zs35Wafzw9&K?ZA$ zj3?v_XU#DkpL})r;qAqz(aFWd>DkwxhKCp5)Vp0aO|@ADCEV7x{;axo5Uwh{Bml}# zxEjI;R#)rVT2eJ!V+&T;lG?T9wr~lpXrgUBt-VH!kNh3Z2Msp3qVAfzoi@7JD@9%< z8kLdXA;f`*ShvYw_ussb70dN(mDyV4307pJ1Xg4^HvkEqrj$)Tz$XV|hHpPG?2g9` zPFegcaiLfXuh4efp1}I6S9&>rx?I@*$DPT2K zlVcI^UP4DL(zhl^6&%4dk~=I`BgHzn?i8%UV|gle$r$UE0wVj|=IPV(D?e@ipBCx! zpgvake_p-rH~hc5{U`s=qdcw5{K!elWzOBEsJtT&zPEsI0JRb70R0>R6ElaZBV`Y_ z2kftQ5WW|ld3P+ZQag(MN%%EaORK9*Roc1X58%IZvXS8DVuk7ZsI!6e~JdGp~gw0F%uj zD#Ldo$VO%hHC*!+V`Z?9mLHH?Bg(DMeMtw)^Kyjt zLX_|u1{0OoHc46R z`Qyl)u1I_)td;C)d0LmxYG=3Fe=bVXCMbKT1-RV)+wC9h*WQ_~^Uma`t>1J&$7jUod#lcj!+q;zFb-%Fr%~B#OA%s9;5!qUZ*7|NPTTsr*yS z6Y@(J*+YYMA21vp+_~O;iT?Nn>hAUXUG)85QNj_4XB<#P+4QeSriA2Z@2`+)=lS;w z!!FwP6v8%2xJI zSMQ)M+-h9B*|_dL>hc}Vhj!e)&sp|4IywLL^yuW%;nC6i4`&yf?zy?U6;!Ehg~XEf zsyQ~RYr}#3w+~;Qygj-2bpHPR#i!%b^Crv{eQs5=jUBlFG|ZA3f$G*=($A2Xmy~KO zayO8p(dnndi;KgfZ%)oXoxVH#x@F=AcVBahKx|uYEr50(gqtAk>2mah1(#xIc>ey| z)6wbsvyCHZ0j!Jg)P(q9sA|bSyc}h16_%n77|QYa>9;56pUzLdJ{?`0A8s0nD@L&h znTyBrFr?bdy2}yi3N1z6`N`a7KP?cR4MEh}&Clq^f-ADVSPENQkY{>5 zetK8%7j^ca5ws-3UcD;s3VB;64}y9@rtb9?%w3^h)Y+;L{O-b^(6SJ8QLsa4QYQcJ zxm9Ml|F58%H~_RN|HJOa)DRo?fbK@zj=Rt z_UYZ>+2Pk(;T*PVo6Fok-QTh-jH0L(hFc5k`t=sD#|Zhc5nrkaXPy((JvTSWL_@)E z=UvxYHQ|;$b?$_=%hla!i2d4{mh#W5H-GYW&%2&tTa(T~FNbzs>Y0>{&hWm|O1-L^0+kLgW z-^l-Z@Ra}SQJxxCaC2{O`!Kl?OHop$-|{!*8o6WdvRJlLY@2?>9pWYvEn%o#^Uz?A z4iPH#AwYM!W1=ay%uj*Yl%PLdk@+_Ileytz@I|B7@JbM08ER=&4gNNDYZiRap;wDd zGBw!Vg8N!RMbCDpKe#4939>3ij@7K9k@=urm!P)WZ8Vk#!Mx^idQ?T}vhw6?p)_w4 zby{FO*~w+ZY%t7~IH$w~5mL{Ziyr272ydZEdlN;uH_7$dSA;@pp_fQeh>-ph7 zH_v-|%BM~K%Y3ufz^{`3uin(}|2TNvf6D*&C{K;2_#43LmYx?laQWMkBnra%hwlA}jB#pDN!bE|{8&&yl4HU1Bb=KMf9i~)vy+QY=Z7C%LnLVy z8U20q>G1g7>6yLr@{Fh(F0RT8pY_Yr;ZgO)@btI@!TY;`Uuv6dfX?;HLpBG;-&@Lx z+XY`I(j-4zP`AkQl)xoOX_+m%rC^XcBr20(z^{bgup2Cr!{I6XCRwiL$5g-%V;RAp zx!^y**(z^dX^Gaz3b95a$yFJ|bD2Ldi};;Auf|0(|GQJ!VVyqv^a zqGCK)$liMie{RJ6PM)^)AKWtX82P_w`D_r}h6B&;9d1g=F#>l0P-5bbx*~ zVMT_81<6_LMsPXM>IFCMWZ!c4ybBwwZ-O9HgQa%wp!6x1nweMp^-wW!c>_$+mD;v$ z5H~+S_Dp_o0gf48ncV;`YL%f2L|dV7_mp!jcNaiWDdx{Y7|(&VINw3Gl+!FD3B}5^ z9;DZB$Sblj5$`AGJ}Prjm*K!`q3|x~PAcrvXk5^Y@Innxci#u)O$5)rgd93>6})*l z#*&M8%rqdXgp z{}99mdE7brqva@wqr%@=lt(x&^r#^o^`3v%@g2>)%DT$2_VqyDuIu&G!6^Rr# zb$uLt5WgPYFpDZT0Hg1%ljE~q0{oe;0lw2kz~zOzsJo@{caJcHb%}u_RNa#nbk!$P z`2CQ=H6=IqBn4gdi4-1>6vBJBw~@WN9zEU2{rh@a^uKGI(nK#h=LU*J@*q`k)&5`q zpt1k|=FOA;=TV+#*1()9^dcn;y+}E~Dst3a#`L?W8!-GX>gxZ$e2Mxf`sJ6-GcXnZ zG~oqH(BKP{&{zc@BvI~T$gN#y@s7E^p=)AkgL>8n9fs%j4u_{!O39!kouC<(eDaMy_dG!|EYmeDWYXe(4Mw>7yYv5IX`WqKapE1mDD4)ZB`(9L4Nc_U}zOc zT#Pd6p1Z$}&W|O+f}o5_N!hfAhT!f(c3C1dBc;6^iv-0pEEF>5s9Y&MA~mDZeC)wo ztsGhS<8u?})AOr7p8xk|B+clQaX~iS$IAV`-B&gKzrS~||HS_v<9UXLSSccyM2aIb z|LA5$7=qg>H2cVLe5EzjUgsIQ(5yrjIV2)Maz@e=O;bKL8I~xUZX-cbtmrj?!{Whv z%#zMC#E7}^7QM&?nb2F3pc|@Y=#MXZ=sip4h%>0EK|(nZD5Z?_I=$o3r;*}u30zXtqHZ~PCj1OIg|X44)0ANNyUvz@XbbNddO(3Hr|R!`pK zovq#&Uv;*6D$6@t|I>MfzQuy_LZZ{-6WQt6V-TGlO$gpGM09 zmnEC;W0n7JZ?C@o_x7LkzsGr=A$O@2I?@_Kr}J-UYwI-A3mh}GwKZr{JA56Za!>|u zFH7$~+;nnTZrmZx(s|D`{t*jC*;F^}+etW)?74ER1r8)l1qS{z5j;Z}&FFMSgf>vM zzNfhrMk&83U-dejXV1_GY<+aZ6VmDU_Nhd>{r;a3&j~}u9e^aCs2eOu4-L(Fb{}G% z5M4v&g5U(ortRAlacHp#Mv%hy5|W?~oE&R3d0 z+6;Bh5sOZ4^OOrB(1+7)#PBtpVg*Q}(F1SM1|LC1w6 z2^yz7zH-6v_Ljh!fYnA`OzibRB-z$&2#I3MP)e=|RP+JW%5zcBFSJ+~&po`o0AO=H zv4%P!2}Efo9*$BG16T--XSQ7!jGVK0COG4TOy@3%ux?As1y{~!fLW0$ny1948iqbd zf;cO`fw=3Tiy3KyK={kr*!|8qJuchXOhWmhd^FXaXXJM6148Zvq-#vh- zHvE)p487q+z305HZ0FZNQp=Qo+UxK2clUN*KVb0dQ^Dc}HZfdq?mmPds@~x>5K?t! z-;)%UH?ncWEGB~f!F|WPJ_RhO{eV#}xNmgjtjCf@uHKSyAB|3tD`s8DWhXuKmf&lG z#wli3U|$xBCq$80_0~j)ZvW7=zux5QD(3RaKoMPmnC7hS_4azZQ99eb+u#+R{yL*x zNCkHoZu^z0Ymq`wbp=Ag&8lCCAcjE~8>fldMY0Vg;B~LR23a(*usOb^J?9- zNXk}Qfg%q#6#liSr`F5H$tJi`xJD}d-mA5QQ7axcMqmBI7QE6XIaeiRup`ExnpUQwX__=)?Kjri1kS zE#ec`pfB4Tc%G+ox8vqKs=jnLaDlpR9dH%pyoRpQeY@uPB#`)`0T$+S!v!q#m&DHB zj4)-=tSH_X_hSuYh^4$qmJB7=1-M8W!x`ESzt)f{9p7zGBbUZ|(V$E^AK1QYjLVb$ z4NX&6XBpOmO4B)-5=Mk>35Ss}wlxUug#!q>UD#_ZB*gD%WE5#?{rzUkZ_W$Rr1niu zySJ-tflv1AUZo1`9W=KrjtZ%GM*jgjw|=R)!+$M@FFfWZTtJ-(6;dHZGtx8R)EwG2 znB^>;Lr@W-CSb~jBcU0F&C)Wu%5Q@QJ0$^hZo{OBo)vp0He+0a=e0GsZ1Y5mfU9Cm zQlic|S01ZE* z!hv?1Wf0#E(C#uft&8M@#2K3XhsJgfeL44Jw{OS4)H<&;_n@&axW4}}h96jzYhxg^ zLN|v5s{=na0<22A_TZfgyt#n~`rKm=K2XipMnI^}Z3YRpSNFMRVrDMjuH6s}lZg@q zAF4yWm=Q!+l5@&bsVBrSktXQK#^NY0NDrc`wa^^xL%5I)mLZ89`C4qcg+T^vc-r>H3~!}vbh+y(K02>%B5=9 z8cUGESEP&-+p!3Q171|=)^&NUjA$ZEcuRnot<&qAajnA6unPOoiXGRs22SRn;<$)t zloY}oK81)r$`jLTQ1=GQ_E97~^wBi~W1VUFuQ z?@kw`Qq-ygE+Y^VduSU!rt<2oCIph4@r1~bGLE322SXP{oFQ8rmF24xVXGx!wJO%Q zIX7ooC>INKYm!NX*@AZrz&eT5Zs;C4vLXJ#;$JzbzStimxtZ zrf5uT6efg2Lf}8SvBCc^@ep{)?9m#d1mh$j$s*L`qk8w)Xd?79> z1*-V?NRY&HgzG0C;6Mls*A4Q-VT4El2e9T7d}Y5(lizQ7{;zm4j{{PR&7;@T3T2NiW>#q9RYg#-9;% znFLt9bjRZ=Dap0`!`GOm5LKPQGQoljIuY91a%*jC%bJL^ItpVkLXfc_D8qBa1^lB~ z@mL$;9HMFu|&mi?vGT}KLC_ac~@ZjA|qWtS~| zi>48us6(dc;Y3T$>hiZ5zS(qnORh-Yky=(VS{1cUlZX?Ny?@}B4WaniE#A@vx^()(kLvBYUP`1 zFux|E+`fhr_r8h-iZUY6jNhQFh-c-Y0?c5kr<&L`&+_N)E#1$sNX#k6=Mu#@$1zp& z3R3s_{rl+9&ddY5u3yFM9;C=!1FP>SqZv*Q9SdBJRa+YQ;>)pmYKSS*wTdj@v#?Md zE)cnm2}vwVidBKr5c7PpsG?PY^s6z6c}65En5B6rZ8TIk*JchvXpKh@lAt25&cLe; zO@KA5>$CA{#bnqEkdJ00zOvg>7V{_O0)!8y018V~SA4C6VcW6(0eX>E0!!7v9^^3g zfYDxi=%Y0YoMxb_xRQPbw)F>YbFh1NDb90(g%hw^MhD2%I_>6IhKpcdL#JxEM`}8i zW3FX^CR1>OsGK=BtnydWTIzRpv}!J`4w(CsZ{Qc&>o>he%dkByu)s_al9+(vqv3}T z+h6<7F5uV|sAAiQtc4+tkQW8)&$2(=lHY-C*j82^ADX7>+VwV z#zj`7Sho`6G%g^?Ifetyg6D$jpJt-W{!D2>3_8zSNeF!bvrD9+84M)Dw{`1hr{>0F zz`YWJw)EsY?}7R+hy-PRg7BDM6Az!}ZtifLo<{JwJU3!0!?z&PG#oy!Wp&M$N78Ll zu^zhMXi}u9mUwx}sj616s65?yuNgBO!)98=bx3t8#*SYAMzmF7xTd&*zFy~4Yv|9V zQAD(wZ7~+;@-;j$ep7av!ln;Zr9;ClF_^DyZSy$L(C*G(K!xNArvMnxJGegdY%$-e zDwt`sB6Ju>qF|tVdH+@Wf&O0SDkuaB}sm`zEtja;r2pOC{P+;sjC z{n6>h#(`3G>)6cjBq_T*evi)HU!bFJ4$rVl`l=ydfBa7!*1x)iDvt1T_=kI!4iq_{caUSh30ybdSXA#IXz7@IJVw3I*F zkY7{z9wp$`x1<}uNrC`;>BA$OeQVCqcMiit=Pn&UsX`@oC&dL`WIUmhxltxuzdkyn z*ZCOcbSc%25<;uZb@7ya;b|BE{y;Sux0-w5|L{n=4z&g;RdfcRF(cm) z4dd3cqHAa^p_RKw>59KBxh$C+Oft_JE7fIV*hbdOnMbp&IRRys(C{=5A6q3 zep$YCTde>*gDB_wZK|c#0?~9228dJcTNGF@XvahoAi1WX_ZLjt1mKn&3L<5p_1j0) zkM4zSt=WxmdR_Bx9Xf>%$>3wdndNtY9RqAv7;PJNqt&UHo?{zd6#~HK#<^`B;EX7U zIZLRFIb$RStM>o>->NU(`uM?nK#*2U%wCM`;Dvk%T&j@9UjuohEW^w^dvEdWf}iFd z6LEh(jYiusB)=N+URDIZ)T?R*4YAVn+D2_>Y>}=*6X9W*N+;lHa7m(+UU1Q zyEHDn>X`Gy=($u{D+5FX4l~cZFcTi66_Yltm?UZ&C6HE3+O%T5UhkzDOx;SPvXr?+ zFe2B!k$M3`wJyeOm(xy=G3N@bwxyAzSEY_d9X)k`I@CQ6L3OV_H+sv6Lj~ zp-bQ-m-UE+U^$J+3|~_Ydl~`T(Ztf|9DHTQh&LV(-FpvRQg{3KLq?+&q$;=6>Pt@G zmh%dYX}sNs#uo1C>jwRfJ|MyW@M(vE{ouWj!RX9|xPcZH3O;s2o<~XvSvSgXEa9 za%)M~L*G<&l@=CQ%7nVPU~->=%PCeVN_6v=jysl2&YtRmzkLF06Ray$Ju1p*19mcaJqW}wlUpnt)Q&zY9dc=)xi)8oDoGtHN+auzad?yM{d;t%B#g% zwA~V+I7z7ff>U!Bh;{A4<_l**Q)a*ZRvj4ED^C+5Alw&S>1CTrL>0>DbOydcMq(l* zHqMi91Hr67oI+Fng6L1NEHX49SQUbRqt~2_(GXrn@6mt1J{VKA{oj@Hmk)Aetznqi zC2>yRR+u((%$Xcvk-Fb7G+u2rM^VC5LnhNM7_u{-k}@4TH~=9eh$Xc!UWcq3uqn#Z zlhwrnh64JsP=0gW7{qLjXqMwxIWr_KgwQOu4w^B~&3=dmUz(#uR-ykat3kMF$y36p z1QquqrmAg^t(>5sFw&*(vfH+3a}DgcDjR~s8dzx!T|%m0AI~9(+eqdL~_E=mY^oD$DDZT8_o^|&n;SJIxhtp%XfAfT+`xjcmZ znX;h_&n>4l-d2Bal7Z$1&i>doVl3}PBFi=iU$5LC^lR8em_pcDHQKLS#HI)e%Pd*N z)M8K%)hRJSd{Q+aZ`+`a+WYSyw#9n+L}~Zy^+qiev4H~Ev57Lr@s-(@LN|gc?}%`7 zb8Os?))DR&CvA{sPW^P{dWu00NU@j_sapESpob+iv4{9=y8)YW0Gv*cAhp`sY*^xC zTz62$1yUbay+yaMo}1dyjNl}?y}j+xZ2H_F5+piol)6|-u;Mj)gYObfxAO{;Opwl6 zICxwRXr#0WFiVC!k&uvMSfpvw@EsY6ZVQ9?X%cg6f*xJLmI8?FKs0+Io}=A_*&< z8aTbdbJ^zOC?~jCb)~XzZ%nZ|nb!D^Ew{I!;k15`$>{vnG2tqj1@Ee&M%^U@U=!;X z(ugv{?MyI(_2N6Pll8rax<-9V&Uv17$6wH*Djc;!5HbcW*`P6QR2; z^i_$_M{wTRJGUyKU188nkn7{PTGsE@H-=UzP#K`Rbk-;RsE&8h*aV4FOf%0fYiBh~ zKj#F3ihZFrS0b`4q1-UD7q$`?c60S*cOwI`yer^bkp@BcU{*xeblk1Xlq;~#6xSmD zo0D6ObFIWdg_FH%ej7&z?tq+7lk}nYWkQA^?0(6_`&00;XVz`Uf=r53 zi-aEwuFOShl;wr$fiAI)zWb@ma7Ma=u8COeZlkWk@~ZM87Myhl-L0KHv}OLM-wH$Z zgWc^eAXat<=%=o;@VbNUUe^8Pm+zlfbg0ERM}F*gn9*g487g_@*i;bds4iJ2RnrOF zK?qlw*;sBoCjz}eZ#hoTmpIirm_U(hyDdeM8_9@>YZ}`awxGUsQaZX^tH%eBp2Nb7 z%UXzb_m<{8%DXL6HfROP4!sh3#uGC1=Vl{KpEz;w`|FC0ui|6KploGy1mjGqzY zM`Q+5Ax1MZ!_ja(jjYHKhK)d}xg1q9gncNy0h(26!KN3NFFffg~B_u%0wx#H)( b6X@xAdY+#D9nb#{00960@a)XA06GBxRK^cr literal 0 HcmV?d00001 diff --git a/released/assets/longhorn/longhorn-1.1.001.tgz b/released/assets/longhorn/longhorn-1.1.001.tgz new file mode 100755 index 0000000000000000000000000000000000000000..beb49a3fe33ef89ac8831cbd66f0664fb2f0fc93 GIT binary patch literal 14845 zcmVDc zVQyr3R8em|NM&qo0PMZ{b{jX6Fh2kO_!Jm==GfM%De7W-mUFVdRU{?RjxFV`rgUA-+#Tk*MI$o{_cLizyAl+-#8>K zPazc+f9OBBulnHrNgm7?S6ETb|; zN?CE+`ZX8)nkGa>(`!+-r@vh9j)}s%t+fP636{h{n=XU4pi#`ToHN2yP!#9%TOuUo zY=EwJJ2=mSpS|5)zmpId3z{o<=MaLZL>MJhDnZAEA_*F&JibCwae=1<89bl~7wB)r zmK-g8Kz8O%7}nY zNQP-TK*8I852&DnP?aLXf@N(vBW(Kbb1bij=y5Ui)kgXQ`a5RRPK{P1FGNfLgtg{n zy!08+&B!p<{vF{9E5puZo! zdmBx-$gt8fXhKt>3mlU;#e$$~EGQnQL?Xq}n4la>NfJbv;%LqbffUK|6oY7*rhJT3 zt8l24=)aJaV-}usGSy6fK0w`Wr$aM5g;EYQQ^PPm^EX0*||63E=Ur& zij+rnzG-SJJoRE&|F)d#-i#s&%^;bSsFY|G3|{Y}HER{obnpagyO&&bU(d z>maCJo1IUYu)DL|8mP$21-+kZd*ae{#-;}6x&ebs$1N1+g za*0&C*IxqiY<{$J-24#CP5ooX4tGS9qHGGFk8yleiESW!b0kPYn4&lxkyyAA zI8FJ@d4PnEGn$fbd0J%Tn80unQ!*9=D`Ex3F_l+uvBp4h#uFk<5ew5XR(OcjtnuKffvbu2X@Lc1ijd?4MAgyoL#2i@P)6E>k4FXqON%AaHDqMS)AW=n zBCc_2K5BzTUGS6$Z0t=#9h3{I=0PL4P<({bYd-}2!cgsyCm&~oRp;mfBeyw;6-iQy z!GubUijn?Wq?AqHvm-7N&diim=HNd$Bkl8W4ZR!!VP}M?a}x7wBIa%(=`z4o`3)QL z1R$iGg`a`M&Vch`%05yxdyA#|hTv4q<`(^?WOg-?C%5Wghy~7w(spAw6kGP3j0>73 zl>z8agi#4Fe#BH&vF;l%ganiA=)fpIMw%u=p2$exw%y-joL31&q;f*!smOiwyVMs`)hGR_6P#)^2w3x;I={vc8}M*BiKnBAKpmhvX4 zzAIOEM-XTGqMv^0AoL7!V#i`_oGR;6Fktm*NJqP|3N+MA(#2F&& znhMVJ{7G~})eNOnYpKw-2W1<{BA)5)^^(^-xQ9+BTGd4fM>m*NMiNvjm>I1C;3iy8 zCuLJ;J*7++!O0JWgzuT|fRUI;iN$;y#xF?5Ve|yWg-GXUEHL0^qKH7xOH@Da*+w&} zfGs~mD9(!k+U@r<^D`qE$mZR>zr3S%fIk-6wqCP*r$gCP5NXOkLn8v?){;>FYa|%5 zWniX7f~JN5DQ6ug&T#L9{n)fL01nuf6bd6JnxJZZydbxNz((|VgQ|-_+ zafl>M2qKdSi521#)7}kDQ*E!P88$PbnWm;it5Em?F=q_e8o~Z$!Ow~$F|8m$Car$Vvi}|1 zPNb#e?anymW9Obscr15<=6hKZz;-&(2yIMNS>8d|s}5FbHHAc$ROA44b;Yj1l;*dY z7RbQd#(E@5v*D_%{TZqu(Df7>(F;RqD_29bmK#72ZUvT;Y5d%JLcsv%Hw*F3LnuTRg=(aHJ6=~t&mhZiUC z7I9%(3d)?14$<)Z^xMOW6ZE%}zr&Ycsu<3ECz?&7A~)UOa!tT2P70xBM4%#HN!-dh zHwwlGNl3D-M@sE#G+HJg!!A<23iW!R6J3Z(5Lae$Jwd^H5Hp_06?biEoEdwgiDOPY#dYo%FH26B2;xf2Rs5u3iyEiGXP`I z={!S6oK5Jo5CmbAbIl0jLhFPm2Q5T%UJbqXj{ChCpdT&Hv>JI$Q!*uqZb5bogC35C zj%YPUx1v!iaYB#Wx3g`gPmL!=JDU8|7q#GR2XEBZpww^r$JX0;u&6Z67p`A1h z|7C3>>9XUCy|*BN$@jTkbieB3{lDHjw{!OX;$+lQw`x;;tl0nU@4wos`F{^y?e?Gi zzmM^RdyI_VAiL8`5~oPT#uxI(PRBB!8%&j!=i~-uloiVQj5+XJ-<;q6lwM6f8l9qq zNk(Thd(5)F+jg?mu z!cARJ0e;`h_})*;`u{W|X-`88 zn4=#HoI)@P!g&s$_c|YmX&uTd-G?5AL}L?GLFwix~x`CvP#ZN!^{oKYIAHfRU^3@%iyrFZ|Oi@Kj+ z@|pk`DompB+%)TGePsPLt(DxKX0?iirKP+NEGfY}^x;})Ipu*h@yV{?Pi|IAf~6Br z0%jxJMUJ&@fVZsio$kFFAgL@lMz^_uY8XXwL)y`JOjZCi(Z$vhX#kNIa3w`p1TJg~^Bz>XPB`UL2p;TkRE}ONx%l{Vr&uaXF zr(`qXK&$k>y@PuE@9X{kt0(>MF`h6aRg7`m(}Iu-`VX+EdRKoj+;F#ZMOor^#?N_5 zIvG(o!3qz2;G=h_Xxix@D{M3mjZjlHaAKy1enyP4gfN8;^y(EwYGNdDPQMns$icG- zKgq2kOoAWRfM)irU09_q6&F(R%)NwlOTp>dLFk%@u`Sl!>Q;I{-*vm+S6V~gb#tD` z?l$U@Yi+UWzx?*UGTV`@FJXUQcDEON*pUjW0%|gz*d_$Oo$r)Cc_MdGKGlC)&#U

    ;nZ(vXhacV;d7Pf7_yQa5M*N_$Vd*TK+l6pdlB{k7OYYfhA2KQEhVJY7h zZ$RTdw7jyhf4{{L48Z)*DAo7YeA-;eX$U;q2k(8e+~P?OIC z)Igq+b28EGI^MDb#tuSF6}4S4mBkoNENK`HUCV`MS8dG)1RvmU4J3sy8T~APOZ)k<`}E9F8-j>sCOkpS#&0khP;hYeQSF*9Law^v(uh4v!YC4REDW8?>8; z^I;39hRcSc(IELnMRG2b3>S&#CFbzTzrO1CgXLzpN`3tZf)i~L%c0<75-v{_=OZ3p zk;G}V?wTj1~OgB9MIUAajA9^a=p{2lM5a%tE9g-Yh7a@3bvr$ zH5NOfU^|V^g6DW@4@7)P6Dmlof8eyyevkoRQ4c8{mq(X3&{bsjJ0k0dShH(ayaa); z>*mx9-yeTEJA8LC8Xg{<1WiM@@K=Io)v1T=aI2s<-Wy1q3@x`iT06A|tsdH&@pJTY zo&*iLe$L(>pTOug(^XF59^(l)!&!4o$0uJMet3KFX>@XNaeDUkr{UqnH}!6pO;c@_ zK?%3@tv{=-9fYe&FA0D$6t0Fag4NZ!ww6>4*Vuv;wxo7#xh-5mE1GCqPiwCc<0F5E z^Ff0RuBf}_Zl{ew_DYdgiAH67b_j7GBGzp(*!?#zWW{nlTV=Kud4d%gDS;K4&J93< zrzvIA5AeysnBm(G47)>Y1JvE^_y64OL{U`FVp6f7AK6y0VI%jq70h|hU?MEaN+CVZ zi2+IysmENNNjpj@VG3AH)#O+NyqC~Xi}bAtQUwPkjpPoC)kv`pt~;yh@K~N*T{6ac zrGUsjw|V;X{K`+8|EERzJgAQq{-0N``wjnZ|J9TK=TV+kW`5)(%{xOZLnwz0yI z(b|?YSv#Tc8nL^sk>nEvd>}hcx0oRkwBoM_emB5llt62x?6XtLpo6G~NCoRlW&^r66Pp_~Z1-Nt! zuCX%lfpgfwIpigcwWLa@Lssg=kS-x|Q)Lfau7-4Rx`is=fOEW2&eJra{_y`wj?qZd z;2MQQ4Uq~mH7seXmes+v;lfhZ7;Gg4glAZV;*oS&AeQl@GFwEYZUPA-qMRqu&5W=* zpNoo0)`%4yteJhn6M)IN5S8IO5o9AYDJX#bEua47`77$I>mQtvd-AWg>=&+ii?K4; zN6Qb$fDz@^=f0$a<=Hbrdm&2r4TFhFYzmEa+FzJ?qbl-jz9LLnbVJoFO0iVY%p~A& zd}y`ITam)Ub(vjFWJGS&L6iq+JeD-x%=%F$AveduW&T)AHq~4qbz%`=x{&AwQ?(w? zSe0$03AhnjhRLrG7wt((yoiI?>&V67=RA?dogU>ynyy1Es}h}5X~q(MY?GZB!bxnp z6DMHlN^x_CyeSpV6`Ry4_LOksPFEy8U)4%>wLJOCXSK6i?LQZ#X%mY*)B;>?|Lyh< z_UrNAZw_{!?7v5OmhAs~GFWN_n$&ZKX700Ve{U<$x$s<=<^b*9ee=Hw{v!qfG&`>b z18C`g)CdSD-G?A77H)l2R7j88!-fUcVA9eW-=R-Sg-{&m*9G#qhdwO*8>G0_2 z{fD!QP50c~-3qGIwnAb_d(}*s)wSV3{@aHyPu`wfd^&&s{^HZ|>3I|8iaxih*~X4s z02*dVjX-s4E;VOJ%u7l&7P%Y9(dhKk;l;(_(KjdOpHAN$e%&(hgS)S}MIg4Vw-!LV z55i55oOC&Q!h%aNG(3O*?djPx+vJ8G>MJ-|7!wYmizw-x`_iotMWhWzOLv0d;RL*DgW1_Ja_j0Z7iq{ zt}&^(Sp2(tgz`Pe4+tGUqU+Dz;c~~LKmO*Ihr65#y0$N+pc_ByQ(?94<*EY=f9baz zV3;YD`6Xef`b*^RrLy4$lt1)(YpaRoh(V{^|afWnmOWwJ_XTSl6$&fIUXY zkB#_JO*r$MpzgW3_$3+&emn2F)~X4&?5T4nv|UE+PDAY1*2F|W=7?*(&`rq!W-TM81uMT#f@_#+bQ{xJ5?(Ll%CO2X!O3L(G{-#_bckGQ5 z%XW%w(~r1A++?C947JM`8tl;_LZv4--==QOf)6_MYOzVC2HRV3t4gTo+3xfQ*90g*R>jD%npHG1AJpp-)ONd# z#_}MT*E~*-swiDno}4X|=8d9G3#=zwY)q9(g8^IkqgCTJf!$|yZ7gWKRKNl>|Fa9W z7XF`esa$OF4}AQqpa0m~eSOe8|M7JH`=dM|cZZaFr32tU__)H)8!WTya{SIXzv>Q< zCY;DpPP0H60SpQG1_)ltB96_~D`PU@f<*Avh59w6NUe{@4mQHEqSxe@;3TDtj7ZFZ z=l?5Mrkc<3$>c4~s4`xNr^ZwK zJzaIn&q(c>)i>nH$U1oq&st{xM14%-&3SM$`=#SLLRpTjY64;1Z;?%$D6!Fi0H|mB}#RSHf@D z4Hn7a@DzTNELZbmD&U8)jNs2)@E_o8l{c@nL~CS)SR;|-stn?}%paIV{LaeZqO{|N z^qYysbDp>@4k$uNEyZ{tNl*(i_?r)vHE~bmt&x6Ht>Iz9PcN#UCVRKFvh0{-tISyPKwJi~DoW?0Qej`nQbJ^34sH0;|^l z-kaUV`hWct|MMu%vSeOP;w@1z9xP<;K?j_i6n< z#&iGtPa&CnhU8BTDjlGoO<0j(VL@^hyAfOtw0gmfJK49~J@3K>>zg15)nKXJJ1Bk1 zrDo<8e?3%8T;2eabfvbf8^p~IkUf(hT!3T7S7tYWi&|yq0?}3|+&$%7%iRS~REqht z5XN(0EzWn4E#)-JNJ6nPtq18f9P)~6OvL-ixsS?R)MYsES}42=x|0g~G#VE)BfL-p z)ZO<%c@x32FCm8xT-a`2jd=!C+3(cx{prq~s+nP;xZyz)7UqThJ1NXz;!7-aoV)6GPG ztP%h5sf7;}~G?zba>;%9H`M=+9od10F=Jiwj$D=$Oz5m zW!+K|8z02N_VIKo$P_CQDQ@ceIQk%dJ-lHSRc-)A-&-fgXT1dYGhYLIr;C8g3wKd> zOXKezVF>FI14*d5CoSlzPo(hsA%$y7Zth76y6O`tJRT{8_i%3`dv!f}x{>?$^|a`J z*Epq#UUbe46pQ3Rs^F^qzc>B*{@ku;-I#s%3BYw^#@{lDE;HU7W9w|nr!{~zOd zhK5)vBA7&qBQyW#W=0r-+bT45<~Y96nrg4}3|(kSl|>GTNRXV7G)2>tk4=Up%BI^$ zkQ6I=P2jM2@E)_I^9(U!ZoEY=azQ5amL%wgsu}v@%N}~q(mCP`YHE;BP6SFRBfU=V zc=TzcxFDTp=!j<-XXx9b5lX0#o!*qH9r&*SztbE4L+rqR-HX|DNB_tDl-F#hY{=Zc zgC;a3va{8bH+g5PH^x_;t)9yA&es2Qo}q8CpuCXi^!P+}diEGZr$-ZlcT73KfB0uq zjs5yRKRG;pchbv}&G)g&|F^eSU;lgi2T%KdkMcZ2?oumsqyon5~95c1G zHE0uUzK)S-l)>A}()$lLom`e1cZjoe-ZPDV#DY;a)lK_$5>6z0t{iKD14&bXf&WYd z&k#m4I-L=r4OFdDXl{j3%5Tb7y-w%ZGc*EQA06?8bUMC$D$#Dg|7XN=!jN$XAjv1{ z1`E87AME&yhzvwx6hpz~dg&^oM zE<}2{jV>pYB^gut6}{ukd|T|!#t%W--|lS{3CqcI`Ot!R?y1+14g_?(v}| zX>+snG{S>U^5p-X(CBA zaZ}}Xyk!**oa!|@H@x73+XObrBsv!y<$_%6g^*xqP4NX_ZKE4f0))&>Xlx223QFH_ zag}nMNK|M$ph@p9hAuo%8FO(P)!!VYm}c9Rh}G>N`=& zve)T+rTL@HQ0E-6=;Ss}xgY|4INe4JU(+d8FxtfY_x zB~&Uw$AuyZ8mBzIa>4NSmcW{T)ka=S?Dat;+170ciDJx9O0Ef1^a0h%b5YPQv{)F= zJ-odDU~@gOhB_e$L}?}-j#3c=SO|`1wp|#EoU?c)IOBy(=Prq`ZcEDrSI%gFS&=H5 zr^KfkhCWDwI4i$_xa*;d8EJz+_vmYDMM}*`CP{j&MWokONMglFh&Vsk()_k*-Q~8s zch*eLHDTsBfJAd%=$Wz?pOP|;y{rs%Z2doWI?I*+rsBVb(*LWf{NI7uqBW)hav*34 zvYzzW8K-=_lVL3{cVIlF5&ZIhiwyF}_))7_lr#D8^WODmIsbpX|9Y>U|84*EtEcl{ zkMd|i3!Fv__*%X4aPezQM=oR|rbv7ouh&(i&% z1&GZgSqdMsP40pO21u8(H_szzS^DhCW6o28SqC9G<2RpVF?Qg6qLVTm%hV*H=$5v$ z?<1&U;|c0xS`zIFJLZ0n!l>Y$zfj(OIb#(EqnyNaGH)8P03$m0otZOCX513CL*Ru) z(#q;kcmX1iyREjn9tISiR)?-_(q8}Wqr1SaB?o-Tt9#f4#}qRm|m;fg-vBG0j=u>+SV+qja`= zx4|ns{dGpYkP7ZF-1aL~*CK_W>I#H}n^nIOK@5W~Hck_@i)0&0!0TRr4YFurVRMwx z9R4PVWBFCFYY~ZV!rkL8Tq7$Gb;c9oK=d8|T7=Wy*~Up|!S%TfQrcUKl$K#=b40Za zHJc!>=GD4uk(8~r0!1EfDEwL0`5x@H|iFZpY1eRDJ1g-~x5sI^ZhGc@15q`*zLoNg(k>11!wv zh6`BeFNvMM8DYw#Sy8+(?#CL)5KDQJEE!6!3viJ%hBLGueyt%@I=L)1WB|egHx|bv=14TB~ehci3HFHnt{PqbHGyam_jg=RU#Z}?ES`%g8~So zIuG)Cew@*in8@8@0z5VeQE{ltBVPgi2OlG-f=nHBDp93g1uxG}Cq`Sc8U>;f*<6g< zXqggb$<#FMl=y7yd^-)*6DT5xK?3jScQFP#g1!R z11ED(aa=?+N(y1lHbO)n<%#JvsC$ED`zVqg`skX0vCg#oR~+47s!+icHOEj&V1M9a zG@*>j8Iir`cc+U|DQeXLml24GJ+zGvDiuJxQsyT-ec@7EUdNZ_3`kQ z$2g^Gz7Q9c0#$r`BuL^p!u696a3BPbk=n}Eq7lS~7wgwvGFvHN>vF>;q?QjrG1%~_ z9GD1=XSxX!AzRk!buL22DM6v2mLqz4tw02Hi33*VC>V^<%0ager{nWlcm{9fh$NA;?$| zl;Jtz0{+pgc&rU^kJkm5bd1)G{e@%OF9Cotkt!mS2^Y%4V9iu*fr=tl!Pzdwk+#GY zM^}X859+;F6LNY$Qt>>P=WP?&-N_t3?&6f6~eBm;0zAPr8J|; z&M4_kdjJ7pyqL}mvxBfmI7`N}94o4)4?ZY7m2f8KJ`9bpB7>g>%l^{pt|Nu6dl5`c zx5fm*vdfmfMbn5+)FD&!aH1t=b@^Kj-)y?PCD$ZHx;WD1qe_J;J22Xh4L8@zkTWL( zv{(XhqF>JlPStE)#==_$0Hk8qbI3b^wLh|?u)(nJuZi%cBxTbf5iw!PM7Vl{*~N`? zX%rSmwen3hm|qi7ZePQRdtXHZMH!K3#&1wo#Iy2H0cNn&Q%&reXZdsYmhNX*B<7Uk zbBSV{1*v=e{(W?4XXb%j*RNuB4^rf=fz@}E(F~`Djs-5qsx6It@#R=OHN=$Z zT16J{Sy-qJ7l_=(gd~opy69!$q*K zp;I;7BQ>4MG1sy{lPS1CRL-0mR{5)GE%iG)S~Zte2h9D+H}DJX^_$+KW!Rn;SYW0I zNlZZT(eOiv?XUf37jWzfRIzPD*1`}+$cqB@XW5@_$#Gs#!~&G`dwZ|U@h?agt>*`L zH)eBPO(HqtMVe^dEr=xIT2Guimu3KUsjQmemP4NS*$$7w!6cJgoaK6@^n1G~BbZ6V z8Hp5OY6jd)_ivRsV^xzhM;WGYjvAS8a3qyU;WT#!{ESYm-R2ah9y(RV=)`%Rf{JZK z&KlsC)QTsHm>m(PvMbK75SdI!ta_bOhPX&{iSp2P!N_e6_s=@&j|G;qZ8+wp1){db zV2_3CNrjVSTx3Oxbt^GW;{uYLV>sX}crK{^X(r0-&y*I#p!2+ygwPi-yF@CQ!9X&6 zTep68YHmyh+$$kyOHa=89;p9Y)pcCPkWRiI=CGs%iy`%F~_qnlZyMY^GIQhg7Fx?Dz#>L|YYxYlvc}GhW=a{MMSIF7Gr@fU&9mQH)XdeZ2C}DIyBr8gZbLlHje`h?e6>qR7kFH3V;E< zgX=@j7W1vDf|*7uLWglA3I@8D_g}Ri=iX@a*dobn(sU2#roIE>6$BMjuZv zzCni<7l%jRoE)QX-@pCv?qqZy_B=^BuKDpbPg_s)xgJK^hKd`PaMc818C49$D{=;% znSJOs;rLtz1$DXS8uL@C?Lx)T@LO}Jb@=U(G!9EFO7E0j=a`kINNt7<@2)@sermH4 zB-irdOAs#UP4Nm?!*7A`d7%vCkbEK( zTrkM9+hp+B9~bZ^&OBWb-u*ueVPE`x!%?rl(91agEdF{s9z0x(uomswwvj zNpmBInW~_9lu{1C(k2;) zu?Yi7OZl@6IUJSmQ37s#OS%D^BnZHlK0LzNx8@vu=P*2U?$QC2DpX>3Qe5Cg#uGZ3 z8)d@v>!UMzosVHoms0I0A+$PAc}U%-VbP`@cKStm7T<(iSvS;}Af6L*fIry&FgkXx z^Umc62z#`4yhfFlM%!lBW=3SS7;OHL91ExWNs`f+r@X5C4LV!s@`}uNzW^b*J2>Mb zd-ngY=!(qu250=_mc)f3m%8ZS(g?5sTlP;P5xFK}u4Z}|Zt$8zWx1N`wv1pl1Lgu< zov8MS%r_c1$z@l4}Zjf5Eg(0B*^l zAW{}uzkO8w=w8^?n%xMe*ERpvp;P#f3_doTS$+rDF~D|((Y9eXTAhmNIkxdtApmS{ zoZHp`&WM7TvxLf+Ge%;tYX9&5srurrj~~1T1Zl;@?8Vp)UdWfgr3z{MHIPTjGR(}g z_ZHtS_-XDj5%>4gXtW(e@~a_FKF$cMZs&jSW@b8Xoh`t&X`tMw9=aWFy*`?I{ixAu zW8;6VjeeW7OXJe3jyX?^o=c^*GC)M&F!Rg{GvPs6F=^9^Nust<0%^shO)J*x^tft?Iqd`)bFRR8Ym(hdOBgoUn%(o$3|NL^v6fM}DX1k& zn8gpXB-J*lfmy518e|aTMsLaBYWq%QU%R>UbWdFO(BFAc4P3}DD?+2rL$0_7F9fZ! zuer5##uXWCZK28zXTpgIzA(|>)&~;;YOSAyLotA*3a1}3)3V-<7toqLvgg#y!pLtN zy=O;UB%GNzii+`Qb?~w*de4w6jePMc7j?D#IIJ~Z%Z}vtEh`>V+q7{fd{)k7A^cCy z$U571y4)SM@4AicJ8cP_2YYmuuUT3%0Vg!r<%JHhY;N?qMtZhV!r61JN@-itn7(sU z*@-sg+=R^zKJy%yWqIgX$~lR-)|AZ^e&IA&Y?VckD~p1{HA1x;eih{j$7avNc>cfj ztXQfdzA_3h4pK&fECQ$F1k==0?&S@p>Jp_y>sEFO4X@>_7J(5mOo=4djd^w}%UTdQ zrZx2(OG%O*x&%&gS&vu1b+?Z{WHeeq zs&Y%MzT^b*^;c+2A6k8P-_==0nsBa@->@N1jx8#hRH=!> zeYJFG_TbKJaF%Xiqm&sWFx_dRQgDqsp_=d;)-z!+JYpQ|&#kRH5fohWS(4R)?wfQq zg50uBG+PU%0UV;>n%9#0x}rDu9LL&Lhw=O92k(UpMrSU>4YaT*=gHPqO%DmiLc)A!wkusGF0Rs4{>ZVM+1gJz)MwfHQYIM}}{0F|M|@)`iK1)7=xWjp<%%1!ZMd6M1s04u)9Zj3^?iA=YsI4e3HX za;pwdUM<$5?Uo3|Nka7(oSM5ptZNrGUpNbzGW+$n>cF^Od72Ob;lAifFWXcis!&F! zGw>BM5)&!0ah`-52xbN16q@oEM1P89k)a8}st^Pmz2;<$hVU|akN*4h!I-M;|E`q3 ze2^n+4a3YXiE{$C!nB!V&g2M-)cuB`@oK9%iV~(8GMRS4ke%_Alf^Gcn(3_MvAu+ z%eZ-KvUu!c*j-XH%uoVHIMaE!BdRS_R~EK*Q9{7ulz7f*vkwod$8EW|lJ>l9EdZ?s z0c91>ZdE$Qw(}Qip7*j)zUu(JuIP#J;ZO@4cL?e;B>Z>+*bc6zG0u2kyqeE7J1mn17$MkJwn^?b)MwA(DXM!257vFiEtnWS4HR@Y(&hxA*mnSj##A}_8zb|&A>lV3LD_`5x z9*H|my?8s!)^m%@*F=@7OAu>}nd-5k>eg3my9mg8>br5rRqYa}D{tVtVH@`pR}!zd zdn;m}2;FU=uS$eIg7ePaxm5}63WH{XTp!2PvVOO|F|oZM=hYb6dUoa|Ne+c-LK2jqmBqz}C>6EXy0_e&<;pMsY?vtApcwFgIP zN3)j=_zq*J9!{yFCOC56lI_M1(A^5KEd9;0%r=Wr@&g~grLu+7JwLCYBc*Z)5%|l5 z$J$^JWKyJBB>Y%#WiC>qEH6|Kbct>B-A`SHGtwP&O~hh%8+8?ySCtpB;H*37Ztd)$ zE%QJ9Rv4-u>~41fv9dcrKXsjj*Bx~CvhFXxeE+0lj-ffYxY3s0c6F@k@B)E6*s=-XlJS(jYe&Z^K084{6$X7ql zt9OFfE9;`6;J5SU^jR4ZoMm#Y0kqvE>>YTzy$SDh=#|hjo{*tGHydgC#EFC7zifcj zk_z9FgPTb`d)*p^e&MNdO&V&Yi3-fiC?h~LvsGF`)ap2Pts}UB$(;XsVFUQctrj&@ zrSokR&$uRRC^aVPh7gAK`~7}D+TVNg`pwIQz6vO0eribrrQv6Zw;G9j;b8jt=lYlC zbh#U1{EQ$!A~To@F`Ahfj)v=LWJQiJYy?Wp<*1rFJ*C3A%ecmXRZ4i00960ix6OW06GBxMdTMx literal 0 HcmV?d00001 diff --git a/released/assets/longhorn/longhorn-crd-1.0.200.tgz b/released/assets/longhorn/longhorn-crd-1.0.200.tgz new file mode 100644 index 0000000000000000000000000000000000000000..7a01c2d4b875cbea0e17d37b55f60eb06d7ce47e GIT binary patch literal 923 zcmV;M17!RkiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PL7eZ{s!)hJDtr7;G=?!TNBVxX^8p1ZdE14lb~lq6b=4-hC=8yE~Do*(JmGegAH` ztbTppAO8Bw!D4k6%>3Zy&JSkbU-T}HL_sX<%s<;}xVZmG2(1kZmPS+P z07Qa?GKm`rW`(XaUWAtAi^MntD|D2iJvc0taf~{I4{QtkaBzqg8B#7H456crcEp$+ z9BxseAe@)edNU#$J0h2#(ULSegl*u&NRgE}SM4WFER-VP6ybjTK=5L0H{Ep($nh@6 z5Ja9U8C8$M*|zF|>$?lzcdq@K{?`G0#m<^TIc zKb1r-@ef8_w#a?`k;*jO1{-7%IImL2A>0?lCR-z!!bbRjFH*}YV=`nB3l?P&QDTFt zDko58mHS$3&}w9)whZhOuo{%2%3MmlsQmu)lC#RbBQlxLBEfjR*@f^Es_e)xS(XDG z4IRe=xBG(9xpp^Fo7oT^bs{x70QD-cYLeTP7ik>IF)G)dSX1PC+wxL9t$8x_1MLI> zlqCMS*ZGSit}f)NutIfiRUf6s^7CE|U=Av+g-Gh8P{Ot|8~}<;S>vAD5*#}Ky%pE5 z7=Vh6ZQgC8ODwpc5dQqjna}6Wgv(dqvc~G0((z*J_Bp`pCHurQy(45=!xPNd0W-EU zn4q}|G`}LV)JX>o)$Mbj*-Q4JX?jP{w1y|3p#e118T=z?CMv#~iqA$B+5XG3t(xaB z(FyjEs5?hQG;Sw=*bac$w(3(6x#C9UDHF+Xw<62F^S3Om^myM=T{*IOsm)LAVC2Cq zjBMN{nyy0Avx)Z@X%nBtPb1a`r|cRLQ~8`gMGr{PweEz-RSX6 z#uj~s23JQo4R7QGSuz`-HJE!L%C7z2e>Ob-SwDV!`1I&z@nt=}bpE>tM(4l5;%++s zd5`$+?NR7QSl5TVP*oh@RB%oInDc zVQyr3R8em|NM&qo0PL90Z>vTS$9?9n7`>j2!Lj3t+fx#$QTuXmrFUP$1Xfvg(avDi zs`|fI{3c-gHL@G)NzBFCVRybPd}dgWGCEF-)$`Csi-$y5b`K&|vum2?dEWhMRsMRO zH~jThtIf>6+pL#&>y^L0pLzb>y|l%h4%Xq)3?vF@TmjIuK)ebh<@_ zf^c3e>#YcF3_3#`OlbUN-)wQv=Lpc5d0wjH|x!6kpJuTl>eV&{ZtZ} z#J?DIF(UWvS1QtQ@9&U>@4QJJ1@Mp)n{a3C1wM7(y`R&093oca!77lUZim-!?4(UY)zhZvc;upS^Z?H2igV%P?Grf zp7Re$TwcgjZiQ;qN*^W0@=F&DU=Av&0+G~lu7qt?H~6B{*^bdONOOF#zQ| zTff^nF0tU80{HtMXFi`h6D}XZWsBuErRBv|<4b_)LiUNNy(45A!86R*0W-E0n4q}{ zG=Czq)Nu<9RpU#b=|c9Qsl6j;8o@Kr&;S~01^yE>6BQq(;=56K+I@NUwDO@9BN}V&P=m9CZiaQ~46GWctaNjCNOG_hDPrL-2u|%Jt z!POB?!y7q6mP`j|4c1Dc zVQyr3R8em|NM&qo0PI^$Z`(K%&e^|$=zGY!2P;xOnuTxKq`(H-28C1PQuIJe6N?Q+ z3LMI5y4e4|AgOOzja9obf)y`@C~}_Rkn_xtw73+@SSm3MRdjS2Q>DEpn(%{N7T@>% zx2LD}*Z2MQuYY=aeh{3TpP!utXD8>ufghZ_4g3S*?^KJPlA)&Rz~36HJ-Am=s1Q<9 z&7{EDgpiPG%H`4vsn#4kCXYf;n%y&qW<*gD#-P?Vi&+$bn2|SHW$6ev;|7%E6PBq|Bs3P1M5&YQykI#;e z+x~xc=AVrI{}QF{N;GBgO@lB`=so<7#tm1&aJ@*c7UC;=L;$eIgn$T18OY3+&ViGFo5~AtiX-578 zp7b9}#4_Vl740X4U?>f_-4xs# zO$f=yYr9YL;jDrMXc{;%pjL+O4VAkJEfrlty(Wwyp$?xAnS!|Zczt(r+o&eQF{@mB zg;1B3sgkJ)Duw>86t=6%w`ny^(^P>~Ynq7%As@x`o&k@rrcy3OQ=Q>ff-qaCe3h4i zaZZwv+1p-y3oy80<~gdnO8N!)~6Uqm?;H9TQDH< z-i9!!RtX_rQHqaL$1~zNjl8^11yz9G$Y=<*kP#3aQ(Xfk42cwLpi>Av)8YE60ePJ} z+z00}1JDasCAqh4IC$0sG>g2cP(qhKGXc!>8#VzIQ~`d`f{v=iP?J)Srxz-)xyL7# z0BV|~lj(Fi8R>abdY*$#-%5T~?s*%6u0+-uIM*z*ca;Qv7~{!$4ZzjC1cO&xZKk%Cs+h4r_*Qc+0AkI(pe&yzI`*b+toY z*~e{stQ1&xF<05~upF(|!B#B?TNSd$e$UyY<|RjrP7u@^hZ)?6+!)B+F(K&rCS zhPbMUQVunYAPNt?HnKCVym%M^|lI*VwW%@`dSPTMRP!q5(A0 z^j>H>kJ4@oCI)Xq%w@>07}->HsMzB4aW@Cb!}YJsNd2fAHO6YcMs3qa0-~b z;WjM2?tH!??AF^3cefSkrE!+Dc)Znfr1ZT~`c}s=?Teb{w&UH)uuo6v5OmX~51jlz zPdBA1sPMNQde#N%P7WzLikJYG31MQzkW0FeVqf-xD5k2zuV^ZFK&~y}jr*e7tL~*y z9lw`TvCXOVZX=<-UP86=_$-@t4=J|duLh{S<$n|qkwt%kZW^dvv)8`=7W{x%006Y88I%A3 literal 0 HcmV?d00001 diff --git a/released/assets/longhorn/longhorn-crd-1.1.001.tgz b/released/assets/longhorn/longhorn-crd-1.1.001.tgz new file mode 100755 index 0000000000000000000000000000000000000000..3dfe234aa4c0a087c6d0013731c5492c8a51c264 GIT binary patch literal 1631 zcmV-l2B7&LiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI^&Z`(Q&&)J`X=pM3rup*~Uy6`QV6xiUkLE#j+6g|+=#9~8{ z0*7+yKD_V#KvMr@)mH7s2%dN`M3M6w4mrOWk`|X@8A&C^feO#ABdWBwrZGP`Wbu99 zzno6(ukZWKUw=A%cQTp!=e~bAIrlG5{K?yk%gG7x52{5+Nl{aE;_r>s9Na4@R0yf5 zW>Vm6L`Xn2<#Oo-RBH|%lV<@a%^n$qGoq*nB2XKfMJx}PN1(zHP1pk{WKzt?YBCA|1H}?;pKk?f$~h7p0lA*vAbFIk z=lyh! z@VKKHGfW_YCStqcs^pRawNS)?sTp}MmQ28i5H||2kLVT5!sG}O2+Y`*N~TE(YhJl- znPr?o3xR}ihWd|6PIJ)f%VbNyuk0eq_Kytf-WU(Nw3nmmo|RDqH1+ zpiC_J^DnoC!qBdL%0DS4G^lII(^wP};%s`asm^tCmO!nTSY}nVu=P0t5~NCj&=w4c ze6%49%2h(hHD-_e^uS@_l{rXKn36+CiHK4l=sT2)rc z%dvEZ+Lxwp7(VsD3>iN4!!$j9duZ5Z@)wB>JI?zM9F80u?m=rew{95dp7#k3rO0Y< z$ZA``AqVUX4%i3|ScpGvaOg?PyK(LVs;wv*GGFs?DnRKTItX?dFN9 zebaHQ>cBfA2e3xysPr1*$E%4S_w7?v!YZ49edF&81fWMos-qGF5F$-$yQ!NN%$xc7M6I|mxBcjUrb5wgH=!E*#U z0%ZxoW_JvUstEddCTk%(v)C)n<#U#1mwGtW7E*GcVrSh_1VuuIbipA!17UxQ!%r+g z?4L{W!E_Ki-Jn-vS75~dsws;Y6Hrm?7>e5nBE`@2YumV@QMaWBK7L6)ZXcez;p8w` z!+ltK)A@W!*p0U>?rtj5N#iVT@OY!=Km6M#|y0WNkxj56Dpro d9D5u?8Ol(GGL(Mh?*IS*|Nq`H@SOlU006}I8Uz3U literal 0 HcmV?d00001 diff --git a/released/assets/rancher-alerting-drivers/rancher-alerting-drivers-1.0.100.tgz b/released/assets/rancher-alerting-drivers/rancher-alerting-drivers-1.0.100.tgz new file mode 100755 index 0000000000000000000000000000000000000000..9ee9fb312573274b99b64b45f3f41a1228a356fa GIT binary patch literal 7269 zcmV-r9Gc@FiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKDHZ`-)?Z-3TbF-N^co8C%(t<|z4<2>)+I#Izx7%qSK5BOk+6SFS(Eei1 z4MHj;;*Z*2%&S_t?n55FGX(8!NTRLLw51 zCSHsp+=HWRG{I{#nrgE!(F022^iypt#}p%hGlKJmse=;o8|H$rxCi5|gOa3p?D(An zzwLxL!EuP=fMC&cJP24E5~))poJC!UQ6zjEqdvu<17H|VqZ|N^6DEjceA0sfp}5y- z`K>?+h-g^}OSA-qi?0gkm(r90rVo91$LR3F2}Bx41uI z>;^avux=Je1rCA4aL!qTkOFCgZ zZSuC?X}6uPJ*u~%X_%}3$B3p_JjevFME|!B4tJ~if4958)&H9akKr{Qpp;559jgFc1?38RxFg9%GH zNE{^;Ni2NF8B*3qG@F1V#p)NpV~`^Z91n?*d;+&4%rPKJfkbGC1>6!!HR+U6RRYc; zoli`J#8FnSi!6H&T-Q-F1(r&A3R7Vq163TjMX}WEMB4X^8qNw%Vj+=cpvtaEAg#s?{*F=@_)F0u)CH2O@w*|!k5W0n4i!l5`K)@lD#Bih|Dn z(Pi(wYTlvKG8V01i1-(#iA>(SoTZm57B1l=mIH8~2=9q-E3^#L=EJN0XKBz`y{RN5 zTj;8u)IFLF50i?bKBfzLRi~PEX|*bLE1TchP6m7ijuWbkP51x0;9k3{ix7(<7Ml`^ z`6V>*riddGBdSrw0p{TdaAlEl9$ zq|+y?RqQO>-PL6I41c9e;!2fgshC}l(CbeOp?uU_Vm>B8HNR=H%dGHA8?9PPueJzg z2c@o+jG+7VCD-Ox9N==fZE>m_wN*tfvU;K*V5wT?Fg1J^RY|8mGRe>8X`*s6KQPQI z)4{Wu3Qx70zcY_kY}e3||D39u{csx*m?PsODHG9awT48F(!L+CsHH}|`9p+Av1sk> z@9sa=zXKL2i`LsaJUl#nx%*Sc`Bk7{rBee$sTX4*ap=M`N`wR-+{<5oKK|wC;_CYB z==6;X?$w*q^Y=$rZ`>VK80-)I21JG&4N#2S;@7kxHJO>-ERo5Td&s2H?IaHIC-9+N zM2NI+)R-09fzKckO5}T02G^gG$*n^>b+?Gkwi0@;G{3Be@>q`IA-4EcGUfF0XTPQw z^Ol+x<5@@o3GT7cNZFGaxX&mOa>{RK2V7Gix8UJsg5{d>W>4TAqXhK{C6egWD$ahj zQyo=iSiQq$CqZ`{8)Pe;Q7<_F2s290jvej+|8oJB5-OAVR@ClAv^`1Qz3b*C$GaRO&C+Ad=;~OV(-=N(QVV zS~}w6eH8d8l_SQM#9$BrrSqGVBq855SXB;BNF?_ULO5pd*3FRVl zLV=T5;-NX;5q~_(7u!kUk)qv(SRh&~!75oiY!NF<>oKy(dzmYWm;1Qvz%$}wKQHZ$ zugc3rZfyt%P^_#CiTDspvsZ^=z@LcFwG44W*+i}A)f%l-6Ujg*>qGO`i?*0aG9ZCD ztBPEwldE}W$h+VB}LO4+T| z@;%3cQxb3{*g(RSva?=59|>~^_i<`{OLdsY2^ z*xCC3Y$OCo;vwTCx3ny0z`|RlmwDxQ(@4+w*f_-~F}ZW6pE<6Tkni8-E-dPmwi|o! zMyIOkJ)J^M65NA6V-%xUzZoiHum|ot9Al2CTVX!qd)a{T<>_TpW?#F{9x}|8{~7nz z^*zFu$^U-0JG1|@yOsZqgopC~9+5D_)7^}R^7pp9t4p5Vosy^buHW@LWq0W#_yyA_ zGq;pgajqz7oia6oN`^^8Q_7j~4=>Ir+kV&o-h7`|kpHzkf|u?89`1Ik@_%r6xRw7+ zgj)Y!Yx3T(%kLuB-8tT~wkt}nbl&7tU13ZHjuT1(bj;FN_Mqc9+MT#pxs#CzMk^wm zGmb;APzGM>iQ{BP-zuH4Ub5}JlXF!h#$^v)wqO2Kbu=C^A(hh7 z|H>&rEy7~$*3eU0(kmXllv6ue^x*DZJ4I_V>DsKBultjH{jE0)20Fzv*X$^M2G`Qn z`Z@P=&<_HSF(-0j9wd^fFhA2MLfpI_ka&o>_My?wJdOK|-CU=fx;qY3OViT@plnF- z7}Iju;MwapKmYm;KEuh`+Yj&=em}Z6J2_J?-dtRKxPZ@ad~tGha(wh&QO=3sm*^riHYMphD#izs!iaS#S(v#N=6f< zvaxVP7MDety5^@WT5tyx4V6&h%+{?Cvwh3e{H+P_G(Hl)3bp7r`xL4Aee&9PK1rq$ zn1dVR^ra1hB2y0z_V;)9rj+#lZB8oTMD?WUr7BHCsj6Loh0sp^aztW4@np&<_iIU5 znDcyRjPxnfL78L02?@ahf|UMJq-Sa{m?gzA3O~eja>1B40Z&&93-Okqj-%PN~;t>+i$2gw){QGb`!odv?DZuDq=uecq#UvgoHFJ~paUdyp z-t|-UwJC|9jot%Kg9YUVC?Y z|7RoN?ymJ5#w6?-$@*@TajO0GH&@O3=4l!HT|1?0=+{4YPJVM_Bm1WaI?qBGl?I@VLMo<-fw{OfM8TK(92C~767 zmukH%uX=$8102X6xM%D#D}Z`!4%U>t;J*1QMbxb}O>Hr9hvrg;3LK3wKW0&)R(kIL z>-e2LukAv~A=3YM+Q-?hjQ@_v+)rE4>0^m18h^SWRJi%7lnWEh?cx>huvkmnzu_87 zeGz}0i!611o{jFZcwcgv#j_p8y|u5icn$Bfcq?CMsV(3aUTImR{AP#X5mm~}T&tdT zx-rqrrVTUA5MpyU8>Lhd%etE$n+qT@1T5;47>8!G)ZCJ&$eAXR7kb(yv-V;||Ih6G z%ygy$WIa6p>c}^I4aeJhe{UwNW&aoca?K6{ zmhS&o@jtqIyL;RH|BZzF>J16i9H}pDxOzL(1^49a?FSd!Y&+BiS8s>9;O5(*r8zxj z5}u8asPhspHeL;@s<-$_Y)U}c5Og}XW+KbH)N800o6(y8zwu;YA_4Ak{@a~bl9CTn z$(zBV6QKC1gb^Amn{HYNH9v$<@POM9j%z6Z5o*;nTiMogux|1d(q<^BSDD8gixmkq z2^F67xeaXG-mJVKQ)VKQ#skiWVsgy8jxu(WCg6@cu5KZ7XUVlL@YT=dKJ3(|vG4iq zm>HpTf}6P}=bUC7lQZ9w1+#Eb0_~%_aMCXOGtY5luCWhlyqPOU<^XPP28U4De$gj9YO0-;hY=Gp_ia9Bd~Ujg@gm*Fig%9Tq6U%PN?$0N8HwZRxsu|S zzqag#{4u*Hc!MV|wAxVmX|Y@vnRPC>zt=o;-g-74%@Kii{>&=#R;{7twMF%aD<|`w z4NdO%=3uBkccBFHY**QYYVw}zel_7RiGo}VR|9QwGxe}^Tw1NE~wYEnk!)H<6s zKw)34HUCc+0gViRCG-FO{$bVsXK(*td;e=A!PdzrNyPNd$m^n$ms}ZHq-EF9 zk>DUZ#it}dq9jcAp}%31Z*v(P9w8Zw%oYCpCdvBC!g=`@uh*t0$yt%CRxkV&i_(30 z`PL~RK;Fvw_Y6)z^N~?AZ)iV^^OVv{9B?efw5Zh>%|^2Spoo^n!OJ;{9$?I98eyyT zylf*cEBJ|kpKm20?8*U@&{T9qxcn!Dw$*jb}oXZ5FUENTv%iI!+s z!|>d4U75);^=m2T)R!2_?UdJWBxO>Huo~pt_B63W!kJ_NqdmAfKDXjb@13eqHiz9z zH>wb+4Cl+-GOSEE9^2$|;z#G_*T)~u-k!X>etYu%O^Hjk7hgYb8xHmc$t>~niw~#W zt2aldm)GYXF0Psr*OpmR(!YGTT!A!68WTSLaCY|Q`0B&OO0AL^g-w~fyZG?y`SsEJ zHy2lz*FXQKIjgG0R?Been`Nt&V&cdmEj82W+5~1$QA*x81z_l4X<3_SIZ>t0N(tvuuBkd;s__ct&D5mwMqpwxgkG^f#)0B|7{}J z>p!#8)EamCSfYFxc+SGyUDQ~B>#hd9L?jQex~rQUmrryfCgd5Gw~XJEU!I&FmtUNp zyq><8sulw!kW$=(r>Ciq7nX8+s#lZml{PP>(`k<4iH=W`gkpX1mD*4SRgwlsK<|B7 zkOmqkq*G{~2z@gCsr#10>I0EmW?qyQQXV`lmP_9e=)pD=VJ-c?A`;Xx|KEd7b^mX7 zckBPRnXn>|Oala&WfQ4$ z_i_C9wOjK03|}JuO_u=6So*;9in>n$pJE<%ke3sn{zU-`i)pPn4`hNxa_eYpUWEeA!R~uu? zrzk%==&XJUun+t8Gca5KEKP6Pz`H-OC1`Y8P3#33V6eCP23@Pgy z{}~bwUjWBc10jNTR-3*@ap*jT7!Qr(>a&F70r`|)!~fTg4Hq zMBjZB&U0VfCeCxek8YgjzKjy*`TsbN;WxwyO9h;~ej^+|;Y?Zhj!#02S|%N5e>(nH z1T4g@@5mNeLH^60g)8t_BLBO)?W+HOw{x(?f89v9d*Xr6A0(C|9O3JLQN{(lf;&C) zJmpw0I>zBs=)u$O>*K@j>!&YFRKSTO0irtU<#FezbCgGE1Q%Qraf^6N;-QXt`}U`! z_Ro1t8sEh1Hr6r6Iy`j%?j7&Rz2lg|xc^^G-5eY~Ef*VR2%wN*Lpp6E-i8sp&AE34K|?)7=U)i!<}3HSGK_r#n{ z&nEjAiQ%U@LAsN7v`@AGMtj*$LJiEvqc5E7VcQEB+=)iqJSrSQgds&}> z)`AYr8Bsf3(MeD4;aP?Vk-gigtr`xDPeTtr-WBIfE(#FT!gJ;i*X}Y@+iEGN-x*BdSql&7duDs8kPsk{n%| z<%X&JfN{9N6Cm;2R4?Wf?d}fDU4%xZvx$DZ!CGaM3yR}VmFCI4)hbgrth$O=*HxC) zrkwO4t7K7bUavoF`fh~yO~`Izx4@_Zxc|f1Zv1>vSZ4njDBbn3UmvZt{%ap}w);OD z3Ew#Ws~LXfn}gjF_G{bk`nyZ8Uk%oMbKKWi0Q?N~HG42yO(@Y$LZ``#&2AwfL_Ye)@NZ{hEE=a1QRP@l?COl%ddg^ex1D z{gXry2`7TZUU7@s<2v^uq}L1)cHH*&{I=tmBK0yH$pPkA@7gv}I;}os{Z@p8#Jq(+ zp(vpR_<|Ni?GDMtB*YmGtFDvzK1zlOxhB}HRhV1{FR!yv#m?+yEme?&g-6z0qf47i zeM<}P@j5h9%fq|VZnvGPZ+T`9+TPqcT@z&7pI#mwIOf8F+2r4Cx7!^Xur~*|{T)Lp zQbg%QHM0I1Y^bl!OQvtdk-?-uw3*%-(HHU=P>jadU@>X*q=3aDAS@M{bTDEhzy(Zb zDlqqr>>(-`kT~FKa@3$qaey;$CZXX{SqwNH6V76T%A>baDN%Bjjk>HTFF>ThNU=X9 zF}X?m*oTvWl1>O2+@iQt6DwO9XWzapf3C(r>XKL`LE)dN(D9LC5aU1%AU@ICzQA$B z#u=DF%IO699O<^v-;{YeZR)3fMl{Dgeq2FFemo13tgAQ$R9>Fr?}AeOElWDc+Xi;sIAmqE`u*GBD%XXqwaWFtaJ6-X z`*FZ(vvyq#sP;>6YHbwQwNYyS!63CuP+YVAvJqT2io;q0W-(>SHS7DrNAcT-SS^~n zKuTEB;MGbth0ZPMEq@&(Tf4~HRl$RXmF@rOUZ@3gxcFdTiT&T%-LIbi?H}%M?|*D0 zC=H-D8V7`8z0;p0R88+|VvRl!)aa}YR)!g!nX?}ZVziF)9C*>$Ld?IxQkk^Aaad6$ z&IPXM3^-0!m*VIlcT=~|B5E;m4i>79)1fA|sa$K`n5x(#hyz ze6bpYu>~!+s17gdFg-Vj-1acoZJPyHdk~1VhXtH#LjD1vRcqKS!-1WrA?C?Q#VKGu z)?5uvEl~@<9wLzK0+ya%6B!3+2*Uam}4)d^IDH-D!3vtd_AD8(lKJT!sVpC=x z;`Lf8Yc)=@uN07D6p}T0sJxRVOcr6-+Ca5f2D#N$A!{SudWM{pVn&drJ}3`~c3LAj zRTSRLOGzaFiJe&!6f>JXn> zu|;Ei34-^mKr{yOUNk+KkPWL-7UCYX4-XIjF)PWH*MBQwe?Dr0|Jk1P|Ji>3X*1!$ z@jq*YX#w_U(-qzp_j8N;xeX5hgW!eOAL-^1lN1=c6Y0pWT`7f3^3v{@)u3e;fYiS62fMjQKggK5OHB)~`D^ z+y5)e|BBe3kDA>7IGn}*-QVK>Y$SX+{^!>`{`=ak_x*=;<^LhS|I%((@jrLF?d|-( zk?;lhpWni{{{}!mtz(>}pr0^3MJ~Lu-Lvd!vAdv<0QME+n)2n5a}F>??TLK@AAqeI z{jozs{l7N$>!T+7Kf6`^-)VQZ-+$gn*y6t~#eek~C&Pa#3~WRB&#_;P6{srufcw9l z8T_yAetYZxzmf1zs5BB&Jme_SL*siG_}j1z+prBkc=+D{00960_AcH|0N4NkOKyn+ literal 0 HcmV?d00001 diff --git a/released/assets/rancher-backup-crd/rancher-backup-crd-1.0.400.tgz b/released/assets/rancher-backup-crd/rancher-backup-crd-1.0.400.tgz new file mode 100755 index 0000000000000000000000000000000000000000..3ba8d42ca14deaa419abd7a7f9c23fa19b9e489e GIT binary patch literal 1686 zcmV;H25I>piwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI>{Z`(Ey&$B-Tkv()9U{!XUWH3;ynbQp&x~{OZz6=9OQ)inC zMRFu%#2EJ72a2*SOVl4bX_BqJKBOXfKmNHp-W|^hbFu){onmsE$SzUQ%h3WW6RdE| zP9BEBFbppSgY<70hQ+_(dH?LBHwXt|uix*5mnUIwaM3$ELE!_STDC`3b)>56yQf<_VWAv!fGfm81gj$_ag z6Br`b*j1oKq6p}&UTFidmrVf!tf6b!H*3i0YX?jE5tOEa57DyU!BTEMdqEfsIuU51 zs5EKQTdoaeOe3=ZG#X!PG!v=-8+0lsGb;&0gr#JZq{r4-?o1Yjou?M*UgWWV1F>Y- zfPR^s#(l4X2K&D_yXY6}|1#_kj`sf;ls6tMDcl+0_Dcu1-)U=p%ia_W?saY{kA`TJ zXd~irX1CWcqnxHz5QD)HHrQSw&Ul>i=wM^yTbu4^3B-=XQIxV{_CZl@K#c@TVs{mF z(a)1#-+#bnF+_nj*d#j8MkqXocOtVrgx0g|G&v*HMo~VmKys_QSxLx&Y(856%qRoP zm0yE38q@tDg>J@?KsJXn0rP$rY`pDhgjyedKoq2>a6@Cz2FEf7cs0-OEy4yWc18qu zQqjME|Mly@j(_#)bPPCJoqqF25QEluo?q%D<@2p_u0$e-$fp91Ih8a*PPuXiCt0E} z+bB^7Ax(sZ9_o`Rq9qog3suD0z^4E?v6uf#{<~`NX$|PLiqLh2E0i9h7q4R)aXMd^7o~v{ zgL#Bigov`To2E*mhbTlL`qutydt`+xt+*tfFovfLhR6n1h0ZF)OmWZ3Z4Gcukd~$i zx%Deo<4)H^6hu}_FsnA0dx5zi^H4lV{Lff%n%l)4oBl~4sye!_0?YU?z>WWJ!qExwHe ziaV^_+15iAS*U^7V>$I!#jrLv3Uf`@zT1D+4JU13ev{U*9}JQC_Jep8U|ppp4XkBh zwPrOQxwT-d(aPE@GE4uI!mFL0bu`#og{-h9980|r=BBjuN;VF68@8*`6;;V5rW(`| zqMv|+^7@$?7hLb4svTPr$5@rFor>`uffSlHdG@lm{mL>07l$rgT;aBw6JNH2tmUaQ zuIELy`Tr)qhI_pSHst?<%ij5J{@=I%JLdn7L7y-G&nZv+Bfx%1VlgjXXNvjh9yeXI z$(s_4ff~aM6mYWZ<~=b%bv%%hM}^b!dNiN!X=JE~lWVvXr0<>{S6%Htwpr;OQ&srq zO5g1B%iD;N0ZB8uM;3}zSkF;a#E14JnR{|@SCRM^qqg%X1`X26&HKk)ssYJ(`QYo(U z_<$OeeM?Fc@1w`DsI(977hP1kPt_)K-y;!A2B`+LFESk~H(w5U^1tz$tLtCh1ab6G zb2R<_yVt)g{{Fi+I6vlpk3nCdvD1Jo??I#Sb*FQ+X(bD+3^EIBYy?pF<#eJULemxc gw5vs*f}^P(=}1R9(sQSO0{{U3|Ktc6*Z?*F04zu*6aWAK literal 0 HcmV?d00001 diff --git a/released/assets/rancher-backup/rancher-backup-1.0.200.tgz b/released/assets/rancher-backup/rancher-backup-1.0.200.tgz new file mode 100644 index 0000000000000000000000000000000000000000..9e997cd665c00442dfc60c899bd6b70ef0c690e1 GIT binary patch literal 4658 zcmV-263y)&iwFR?)-ZQC}BTwmWw@PumS=Z#@k~~RW z&CWUy1xZ{}BtwvPJaPW}b>l&TFUgJ_=XOu1#Nq?!7l1~0qrsR4?vlm!l)9H`)c)aH zluoB}^z0cCzk`AJ?eq@iuPUV5KN=i$2ff~5hjhBn4m;f+$g^)kO{t_jp)rs$3xmL8 zbVgUawjNZQ&)2|Fd}P1>A|)>N|M8N>iE~3&{v+Z5c?=E@8~eZ88yp(_e+2!1)IaR} zKst{|Lu2`W-v2ZR!h|MX81P|>5SJ#@4;K#nCO&h#uuan>w7me>_x&L$4j0>vXMbMN z#9h`lby=KvbC1okcD2<4x?(({E*ld0(2f}o)7WL)<~KZHtJ-E!9A0@dsI$0=0fBCk z*Ko3DENNeLYk|bfXOuG=X()47+km@a1T|MQpbNHQK~h^Q^=vm>MPUFH?gTdEL*jcu z`l&@D?;VRdbjXkZ(KL#TTc_jnTEMd#dr=~uohd00I`w=nxgkkN5D!TsLW3E~B?)6j zk|iT!Ne2O#zUPWgCvghHK3D)za6^L|@^d<6aljG)>H07^pwm1TF)foM;=^{^MHRsv z#grH#93;%!z){HCYGf$94!>HoF4@g>7|&pU*(Podw_Y%hDNo|mP12aPYP;b|^Do%% zbXwng&ip%-lKvl`j9$DxaaOa(#IZsD5Bh^1>i_;T_&0#-PIqwB+3No%DLa`~crIsK z>wM|K)W=CqqQ_A#&8o#|wZ?1?t$s}a>u-Bn$1J>LnNA(hp=~ulOM1lyEgVz0+6N+{ zkb7`>L*`*jyjA22#Vkpfv4na)2ShfOR%>TxhrDD78ACI28qCAihYufGOXjZxBtmDi zOaVzLG%7x$RT|A`!UQN2(WzWFi7=~jL~1#$Sxt+m+cg#JplOvPHdJ6hhMldb>(H%5 zwFXUv$>T7Xdy6y{0*B$lpdWlcyvCkS=+tMhvhjqAQR3>l_&B055DLS9lW;Cxmxz$^ z$B_mvy%;)kPE$W2SJY1#EGMm7a;9MrLT-sDFY@(KKDfnavgK{-*3OD?S-6KvFpOY* zcZ{(GK!8ygOaY7KTT*ztVVsg2XhIi~)G|DLA>Led99Zk@*zJmDyzj68B{qY%TH1_E z`UH&(5IYJ}%LdURFh7)&&>_cZ9K(DdY8@p!jiL}nG6F!^zV?FCx00ec^*PfxVKB|0 zok#r%gX`oC2pX!1AJt#-1@L4K$@GU5NE~Y8oU4ya(=^3r|bXQgIv0xU3UVwm4 z^d(ZKc+rDTEgZ3EUTu9mQY3)m#{xH;0oU*h{e`vA3UuXQLBBBr=ys|7AI=9n?bC^^$r67nweQxGwgx~zG|or2PWVHd$1 zV<22y70E=_I`+X@Ca9osm`i<)NZuVE!00D47y)kL-(>9((b+pSCFIbr5(HCd6{bM~ z#M6X)XkXE|?R!(Di}(kkx;IlsQ8;T912+jpA)5DUYGNnNZh#ArsSnhO9zx|JCSM(m z2jqI`xl0&qunRYO;-Yj8s;?uFvz+SJnsE2AmN+?MGd5gCu;6g z;qQ&4RfCH58gvn0LmWy31@?`h8Nk4vfP?7@{h!$pmzf!a&eJS(c^lM-=x%T?mu!}T zC%CZLmFMDcLifsB1UB@UjS$;A_?PE!KYtO}5>S|68Tx z|AUkwAC@Hkm^%UYkN+R_kB+wS|EDOW{+FKBBX0m~i2wAC2Axv;2cGn{@t>zC!t=z) zf9}iGpV}9@P3jT3pyWV5!LXeZ9Q~tj6{t1sAKG z8Oez)ZEoI10H<@)d`5pmb;?2RQwYo6bZCTQDIJqD3Rh*fq-B5{l4?iGt^m~FXn6tR zGF=lXtp7G2{UvK5Iw~ZVZPhihEbWcVJdP-NttFp9O9Mp#*)#mUee~B9q9FBsbl5A% z2#=Tx@{+KK9G~to47v7{v=^CSX0b!a-XiLu9SXw}IRMj`f@u>58qUj~PY%S`{R4R$ zv0##bNcSBgUrX!wP6oOpx31fFT;##-3Xt%} z!l*5Il>m^?X?O*5O~S=sjRp!DdI5r_7%@ydH}z=@1MENt1`1PL)s<`@tlW1L(?vpm z8-Uk}@dk_=nI0|%yD^G{v2E{nr1b0^|F5+oo%-RT-RpFJYIly>-CkR_w5w9Jh2LoB z?b|3>a6N~l_tI;%S_?m%QeW-Ff(?sTP(zrnO2=XVi6^M0ksH&;9D=*lY8igu5d5}Q zOS@Czby@#6+J7?^`QZ%)(jROMY*_yfJ763Z)_<@92iyIhCn=vl+qiDxY;)d8qm8AvM*m+*mzDopICnn{vI5QT!Jjb56gN8TA#}x^Vz$)=!~VIz?z1a=H@qzB97bk zmtFu%!i#J;wpJ{GZb~T54Y^_b`7^A6uAhP`uq5QM+J2scV#YcaaS*<2pq621<&5S2 zzmvyzMJ=CBna}0q6B4S2E~_EzTLKCW*L!k^5K!x5YaOMLkVK}$D+Bae;JWRr8YBZr zrk}_6C-$Nkqrj`abu~B?+j+f zS?GH%tP3Omn%?m2Jqxb#?$zWU|7|orzj!lxeKI*49iL?HiQJ7_JDmz6a9*cqjA|O; zi<7^OetC6%G3j4CA07Yv%h|=`{Ox%3^5o*x+vCys>DxE8G&FTvKR3e*9j5708mN)j z1{K&u_1VdIaymIbd2@Vnaq?#L{ME^eD!G;c)K);PteUhLUgI$1W`ATBH2^5v)Ruun z5)@t8%GPR`V0pEND>bp?HjE5~gOTK|hDHS#^7v@ew1Ek^LG(mDEm$;J&7#Sbr%UBf zgtwu4s}OoO5Msq7{2$N^O**bJ7Aml_@N}*hwT1N%Jf_`Nw>k)ZMa_NJs+d{zBpW?YSgEvVR6dJ%rbC&?zWKb+&fgO-8~`oGifbxZoc-|sxz>i?%G4IZ8um8t1=$VH~3U zS|zY?|F>fQ9rm6Lw)6ifiaGyl&QRwYuw(UdQXBdyj}{w-ODoQr$UwZ9)p!IrM`>Mk z<(35^;bXR7pCWkrk4#taT}v5M5*BKUyqZe%z5Pc7|6TYmQkme#uC_8ZWv|uNEdtTfg0dO>@bAFuQj{D#ITu8ddO_9i}kKUC|ogG3YM`&xwVx_q#lWbNLgO z1GpA#9QrV}ZpH5uUU|Xdu^GNMP3ll=4M`hDf3+bzl&M5?w(Tozkbe^**Ppw$ zie&Rq_duQK7v>LiT(X zz@IS0-KF&lJ+Y3ZTF2877M^#tto?n`5pm)j;kWP3!HArZ;h)LOa}(nQrp&9C4a&bQ zKSg4x1IqVmYOE1o+aBW!)wVEE7K}K@G?E`f@u21C>{KadZqx*6E-8L-K;zm=!im^; zCeFU9_a7y43RRLgH8Eq5wCPS#wR>?ucG)NKl?@QMf?1#lgUGsyV68w&zHOO(g+QEu zr7i;JxILqYerZqXowy_1I_PnHbsdZ=V0hO$o zNYtJa>qp+Uz6t=-su*vqoF1(n%xk!5|EcvJ%=qv+`_7a+oQ9uv(n%EJI|m~FLgZD7 ztW$nKT3Bbw@Bol}Zl+BpA-N9YOFyJDfUM6Ls*fCi%EXgO%aAh@Wb03DMWB{)QywQ0 zuj4)DhXK)g*ZIPttvCZXpM&QnqCXRbA0HcGp_7j(hPVo%k+M0~XY{lz@Q}m}!TREB zjd=1xcnePJJ;TK)a7F!u4EjQYb70%0ctDbeD`tMyOB}=!ha=_M;d?7D(UJlEzo!m- zzIZdiy5b;M#N2(SDyF7$9J;^FT>4u{CDMnN-fEK0=iVo=Yg*iCEJ#2uRf1;R|JL6} zqFjERMA0g1iOAhXGDTghX5iaD;$DS8vbt901AadWd^p?$vHla5#|!KJJcX+j0FwJ6 zo9NWLCrBs;2_3$apEp~#wWFAGREo}>kCGV5Loz+ezG*4X{6tPMyF2^fV}4}9Xi~qi zT!kWoBQtw?Q`~P-n_IO)%u>ehCdM+ab}b?IJfl+*BP?89w;8IE^u6! z3+0p2Di%ysFj#$IXR|=6yMOlD;ZkD0L|-GGLO$sorkln4)?-XEDJ(qPEQBRL1EfA8 zt3HV+kGql}T}|-=hZ`i8Wxv!hfytSL?#}MU8cm7Hd$0eE_Fpxo{M9)CoA&<){a)Gs z?;iEH_TN(!xw&U}^Uq~x7qY$9#R4979P`0xT}oREVmAh}&LZz+9H!A4(QbX-ZP}J>`Nrjc0VnsAkN{)=0Bv>UoB#j- literal 0 HcmV?d00001 diff --git a/released/assets/rancher-backup/rancher-backup-1.0.201.tgz b/released/assets/rancher-backup/rancher-backup-1.0.201.tgz new file mode 100644 index 0000000000000000000000000000000000000000..16af46f919625070a9252628b7804025b8a45df0 GIT binary patch literal 5321 zcmV;)6gKN0iwFSV1WC+rZCeDA~?gl`DFUgJ_XLnDinXyO${Q}VFZZt5l6S!AAw#JTookpFX zzDMbHyZgJljQ;NJ(cf-=NB&iX^#=QU`@OyXpx0;J-tJDf_Y>RwF4UAtDiS9KQYK*# zc-)ydb5UCls!gX$;3z(_zyBm9F82T7l@llS!kPO|hy&!Yx3kmO|GmM^Uf%!x0rda= zV6gKO>pme3jphG&|2shtCQjmofjDR}<~oVvhcg@gCO)^lu;ZjjXn6s!@B0U=I9x0@ zp8R?4B<@vhQ2=_Yv%JA22I&P}ftNX&ii2(G9t%A>Y{aKi{{&Yi%S z@i`BY+FGe+x#2tt1E_E>u%S3$z89pQTTbM?=dpk;JYYby6Gg_O-L?BI;MtA6D4}Fw^J{@>r(U+e$pC>te(+iIO(c`%W2$}%1}W51{=TqnYL$K-esESxqf3R9U( z<8Y1@Mb^@01|ru9*qF0a@ChQBd$ZU{a;VfARAY^*!Rij1c+)A5L3P&Duv@LagfW{V z8K6AEcrM9Dt@OihhWfugh)=?qRg}xu&f+}U1<_CobD(+)ZBU-S2fH=Z9Ct~I$SLv8&(C8c5 zY=NG(K-8S+H|z>J2747-Aa>OIzHdq{TL!5Q56_N}U?<7?!vz(QsIPKe6Il;4KXe^G z6Fxgh*vx_Vu~7Y=10OHgr!J0JnX3)VCH3k`q3Lq27I410>u++#j+5%2Fru7s6@S_2( z-T(yV3k%2p$K6EM5=^A-6?1^44n1?# z7KRz)4$v=om5^^ekTS@`_vT(A1(FJ+)>$S9DO(r~5eNl)R*`fY@c4|=?8P2My#e5} zF5YHW_yLBQ7bNhnk_rzd@Y=&c#FJaj1BFZIE(FH2KGb#}=rcE7NEwJUiozJg3e>CD zs0U&uBJPsWY7SIB#SVu7rH1NUk0~{faLmzA2N04k0d|RrPY)m|Sei{hqE>iP(Xx-m z3^>l);>?3-olpPktQy(RsD%L)f0L0uvCm@}PbDfR*ZG4M%qMi?iJaA;+A^<}IO3`l0LFo8fwzl#0 zBtz)H?F96)%b?!`D4R*@OA%$?J^TkayK#Jh?3}432Kmv;jlq!mT;<5ihIO_Ege#5T zB((pvjLDMycXm8HdUO1QwjY)i_TS!MuV1qN_V)JsYy0mx%2N9;dKy=;*--@Rh;%>u zm;lyqvTuNhC=?$2T!2LtGjAUGORKf9vB6$()TmL&PQV^)U0zvYmY}IHd1x+et@DCqo6x%E!;&NlHW(Tg)f z1yp~^(N?}=ry2%h?2b`6%A+0f#T~wrE$>=)R#uFkg=eS)!w4)P+ZbB_1QM!{LdsW+JNL1ENJ9)Sq2TU*g zU@dWfVzbe;2TL!0rx&=ehw(%@Ubq~e4BxP`5RLg1Z~;Kg(0Pt|4r)ZBH;3JA$gcSU zY?MpKg`q2c;fqUR_EJzodM1|J?PdJZEK*F%-}mIa3_RvDl>Hs(9r~fc4A{%my#`2| zXZ%y@p@V^1Y&6(rK}aLrlW(Y(w#s0~)VQW+6x336kPr&^4wSv1X^Ky1>`+B+)HRxWFuMY(07DjsGtkZ>*@Q$Z8Ui&Faq4fUu5kO(dm0NCFIbr5(HCd9;N|0 zV_@Q5c5a-w<9lNrin!F?O70PblSVNJlTZ|*`K+cUcG6@4T!2h{pq6?Fm5X-eD>QB^ zi(5O7i(4naR*%I#!)ChHVN4Y!z$Kp4hi^B?EJg-gznO?m5_8^}JJL)4?4aEWL@A|g zEG&XPVW7>Max|p0ibNta!xn|}Ycz|U3AQO2oGE=M+gB^>$z@INX&(|%fmg7C4XT0$ z%XB484GmW@M3nt#kLw?+l>C2?QsiT7_bD?$9-jZPKiJ=2=YKp$DfPefte!XlWJUa^ zzrWWl@Bi)Yuk$~irI6=|nIE|`d$7uvh1%e%X4wUxNSU(B52U>cF92VyZ|Y59Nl&(!xC&G7C&w}{6)g2vaaYE4SS9%Lq6fOo zV08R3LFk6VifI`&WE_C`*YHW@tk8Gq5UPjVjZ-hA6`&rp+f;fy9I6+!{*M+H_6}Go zG8?1bUc-G4YnFnG)yemwEVUQaK>#OH(|ksMLv_k_?o*IuZ#pz``-mKqQwM&P-IA68 z@_WYm_tN&v{5ad-oBO~R!uBn1>S^b7>;V8k%-+|+ks7+~8vFi@D{ zs;*=MVdcIfO&1CMT>xGy#v3qhWO}%An>oD2*tYjOQhNGc{O3}Uj{R`f>34fSce?wX zUcaMTT2-l9)H!oNjS=eV{6V62Y0h^Zpie%FJE8{bo~@mL0dvryT0}m6f@RoGaKQ{ z25K3GR`!|9=Ct$pF4gj#G53X>d?cZI=&~BZzGI-^aJ^?c2m!S|w$@P^35hagUmKv8 z0@rO{*C5%GWa`zjo?g6MAqX9m;aqkZwDldhsJBWVs_{MYj&~?#NdAnjn zRcmKsi^$b`I+=v5e305Qy`BsMgGFhBV+GxztSwdkg|ZGVVx{yYE(E1!W@Vr1>(_(I zXWUpS<2!|!aT@xb3+uv=QiQVaJh;ibSCfDEKf|;0i?_o!$D`BX;c@nz$=$f6)2T25 zr*(?PsHPDf9sgzc>+AE2(ct3c@bH&kPcKI2@6Lv=jxS!nI~<;$yn9Z-EH~-p7%mx}qb&S0S8QD78^Ws!<>KLpB=Pu;n2^ zXc_DLkM;-LVV1ECik_}aHra+cGE+oz(wxge88hQ7sbbQuC)wzM!b+t@qw-nkoepIp z`{w&XLo>u#;C5Id-AHNiL|zZQN9|f_3FO&NItQban$eKw4?G)K3Vf;US9+&|u*g^T zo|PHPqq9rd$}(rZBU2fU0!v2LjU?X;AR}*;3bj36pJhW;8UoM=yQx(z8ub9})&|Ej zmB#g7d(cmSW7YZZezzR|>veb6`+v_;YT|!&o^GQta9ZadKFBsGdxp;&p_A#MZ!n`u z0>c9(&g4VvCHx&ofR;CvMxxxZirHXpjVZS&mWgGVC#RIPWJzV8eM-ZG>i{Tf*utJj z{(h5xqV18w_brL3ZgWcpR57)$p$gGZ%o3Hk50e|`S@SxSS4XU4c6=IJ$u$Dc>B|7d~!laI`i`YDeV3x-Q8&YH+TJk4sn z&?QINzUj#=3q&H$_>6y!;O*ZsT_Ikyl|dz8p|;4YsYKtqzeVt`3;$9o6a2BNt&9!1 zHr-LszBe^85UNSZXj?)DA$U=thqP8f99U>y`1ms(j2FedRSQos0RlQDZ|?2rtSk8T zHcUR3^UMztvOEV%m&G^xu93?ut6Lwxfpl$yn|K&d7K-WycrI8nB8 zRW8wSP(lBrjgWQuVWrXjr`-!wvFfN5o~`;u2ViCVcc;AnyVGBv|9GCVp+bAJgl+mf zfd7Oc?k+7~=vn(vs&zaa(Z=(x?e^9d>r$L}gZ%avQ!pYY?BLIA;<<_O0aNDH#|Gu! zkynwl)dA%PH8s|VZ*7n9g=$-vC^OFNLno4#p?J`8czU9gvoLCcG_M@IaX{nROu`Xu zJTrSs)%&*+IfW`ooSK+1NZRxysd{m-&0g@&bjt<^T)`|*gh6Cog;*<4l5bmPw-C?? zSSRLe?g>mdLbY`W&rI17;-(Rdr{FA;r<<1K99zZ~klOQ--lf)^wFgwPW|XKs zW$izRPWzhxaIK2*p`FvC)r0vP9y)(&eE>5)yv=V3rNe1>wUbVwpnDD||AO)=DeF{h zvliAFb36bf-(W86h`U>M zRZLCiICOuTx%79EN~8~edh<~_oqC^X*R;6PSdf5Rs)%OX|JL^-IqF_UMXRhuk-L>- zQr&jVz_bEi<@ct<9;cyeA{U5MAUbG+1Q#hXkAh|EHicYMn|p>g z|5A2#A=_(NEZ}j+F&~}AmC9?M@qZLio4fGcGZt`yobf5LP?2SZT}>v7c4IK>Eb?B( bVHzzF?b_#Emvvc}?_B;4Q!@c)0B!&P4mnv% literal 0 HcmV?d00001 diff --git a/released/assets/rancher-backup/rancher-backup-1.0.300.tgz b/released/assets/rancher-backup/rancher-backup-1.0.300.tgz new file mode 100644 index 0000000000000000000000000000000000000000..1123aeda6040db849330ac95d01f4e135ce90875 GIT binary patch literal 5308 zcmV;t6hrGDiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH<$Z`(SS_v`vs94MXLWHyqWI86uModw)9b2qqs1a@zWMd!Aq zrDK~DnN&&2sc+o>zTiVLCCg6IWYU>Ihysx%^1Mi%7atXb#ZwgFh{P9p);^gMp`rzu zr9a(Y>2x}sA};YXQVWk(5uOm?)KEM0uO!iiea*Mbfkf)!`DxBKh--sCe4g zG)AH5m|{}4Ypj+~nWbbAGBU#+3~Wt!ZZOEk7P_X)NQ^zOFGGQn=ORWK%7s)oYi!14 z4^qnVuZ>?b!RItV8BXS+2PME&ji`Kwsy#nw1R^j+BGK_ul~!W|8S@N#Fe8jiaE44Z z*2-xZ^I66jGPMSlWb_>hNjdAm{Gdg$%=;O2qHZfe84H>z^X}a731mc5surL)Xh@J} zKv<$VS6m>dDVCiggDKmLeZkJ#xzwblf8C3 z)=EW2j%+iiq(mj#DW7oJc4NumjpTgNy1>OH7m4h(LLawmg+SR@5UE5St6X5KQPA^( zf5U#K)B4e~>>sz(^#7csIm&xB0N3dM!)M2xy8iDTbsqKqLlinA6V#etV8$g?TrA4z zRGXP0&rlG>wH8-oQfimh&JMi5G09T}vJ0a;zCZIJ3AUcf=p484lx#}UXvLD9fL%*4|2-$G=Y)TVOm1~ zADd@e8Dh>9p<0VU|NYPdCL;^}Er(npob_M9fTy?*31|PIG;~l?Dq&19O|+(NAfpFC zu;G)lS?0UIiBVDJhn1Pvdd$-Vh5Lal$vD-Tzw+~>?_N+QG0p|PeK{OnP_6yxcu|N; z_m04^)yBPc`=Zp=#`f}9wsVOhoa8jYcBVC_RLE2~=V?Ae+13Eg#!!BV5vVLWWgm*p zf=imFu493~`MVRiq-qK?o-=h$)D+rtBHAe(xnU(+9>^Z7ceL$_voRz%rcC3~!-Gul zBqdT>Vg0xN>VL`>rlU9nVbIhl2=?J}O5-UcRBDtGk_96(8iR2HwC%7K&O*zXqX2gG zAWH05-vd3uEh3hu={_*Nh74qeF;Hn?fgPXmlyj*Ep9gJ)8ASxJJIM~UeeJ&=Y7PiX zh)9650?yCBobH>k`|t23LpD?-zSxVvejeZ$MQME-Iy~kq#!Sh!Be$vBcVf*$cwj)b zpu$;COLo;i3!cLzVMY>8qKyL8(_Nxc`q2mHx(djM&vD-|prM} z5pe!)ADqipnc}XlWkbWVPvzXQ(BH6h0op$$l)=!WMf*i*$}hDWM1R+mp1+g-wN<2} zluz1+or6EMJI~q&hwY+exGvQ&*Zm%@+PAf2>F?Ns!=GuZ)taPyL{jI8tJG*_0PE8_ z9Xr4Yl}f8=%?;xT4l%`8anXaTZ>^T%sh*L>qlXW_wOV96ri`kE`CQlkHT$n{mZd}! z_GyZ#W*}18U0s1|?0@&!!LyqEKYrSIwEquMuC79-Um>u=?32?-pM)D|0fgVawRA-~ zhUlI35bZ!MLX^eVw|Vx0(5;7t?P)(sMM(S9zltm#iqW3<1Xk}PQnOdq8%j3XXwX& zMiCq5NCFXB5HqR@$xsQq&f$CUdZ_CfLy%#-7p;rQDx`r63N?uu_^R(Co2oKKc4?{9 z^yx=B8|LFN{c4PgH$2MG;Ur+G8b z?4Dhu4omHSrzA!Q{xg8!Q*e8p_-w|RrL$qwRq3>~ETL0OXOW!RD7^<)S3p^u=E)}J zB8z@gE$NKWONSx?PkC6T`(=hgeq&E~}o!79D5SyadEV0$tj+!|!**D`P`+S&T^zB=#Ayd^}>49o! zRpGcY7wVCcbW$R5tQ~kggL8@33&gbQ+eWXw34254YxHfz(_IBsH=1sN><0HS$*iz+ zaASmJ+&OSbKbJkT?k=!=HbQZ&#>nRJW+sxL*4^c=L4l@5<*n`iM*q)QPQgRc@*3!0A~V0iQP@6kR&szV|bF$p9RmeEuwv(ob|@}pJ0~q z#SGcqmjkbv|3{stPiyhtv%`bq$NB#d#d&7hbQO`A>_#pVSHAKxb>%l_dB%jM5d4+> zm7SQiM2I;X(@8E6MqEunb`9|Jca@B=O99rctgm!PmPxH&?5uiG4#&GGoSRJPdr(Um z#=3RkAX-RfrSzo-dMogCM|y?i*pgYyRtMgbi!Nye(|6Vc2H-o*g(252EubhR6s`uT?~!^e+BFzmq3F;pxfqR0gK{&|w2fAaH}LISZ|$=p zlQn$jd77T{l*Wr5^wUeSkmYw|^Huj2;9|L;d%e$wESKsC$>zd$_N}c zDH^X@f$+uYU;4kkeEVtG{q($l^2@L1pN4PW4EjHxetP-lr2qEp&Fe-QHg#JiVu;r1 zavEqOu^Uw2CaTX*2g9@B+tb%4r=Lz=_n*H!eX&k%-~kOC(4eelbH=aqFq3|Nlq)Jd z2{Kz<=)Fi|G%)H_kiQN{eOp@y8r+5`0#Q4=Rrz?|KDWk!kTkl`sL?M z_Tg48dfhTStcOnG7^Qs0lfoi~FhG*L7gXUJ7Ngmz;S#J)Ew8Coe`|zOn*zV&C|7pd z8CJ`Zq`zZ5jjcV6%9{A<{Vskn3CYU$J&UPnbHi%MY(o`8gO95@rCxi~6t33NEo^^n zT|@Q0-w5WTUHQ>vqy8^Gc$;3o*B)G(|EcT$!-LMj(WCx$_vPYl*c3uZcL3$RTQL@v~8ioAb7Gyk1KONPRa?YxEl*Ib>kpdMVx9()LEr)Gg<-k+DCgmmf31|Aw*B70gO($eLi@f*q1k{Hl6K&yOb%tZ5 zKc6fe$^NUg^Bqr?cp?3t4Vw5#1NBW9+w<;5!fVafNV`Sb^)o8h^gm`?Hu2DGbQ(c< zCa4KgMTQ$-G_m3q8X8fqR>5vE(5x=2jJKQVvzRj_c$%Ux8%=d2(PS(uloo{aAn>SM z;ncFVR=Gw;Zw>vAc0wM@4=Wq}|LO|Oop4-t{^#(hp8q*MK6?7-|35_8yd<+RA2`I2KxDnZ%gg`;{ckt4enXCaivQ%0sn^T8j@#)dYq{YcQ& zl}Q;o!>z`WM2co@xy2{~gLLntlI$rJ;Ysslsi)M*6BEP`Ro%=AztMP)LB!GNR}x#UjZCL{<*fxI<^f zSM5=1mo)$%ONB3c@XEd`4q<7&%J)!bY;`(oD_cdizb8{AjtWbw^J0#C{{WfhZLLCM zk2jt&vsE@6K+~|BTY1UB25e=5@G(F5cQ2dmeNNB9Q4-!@JaYOQ_ zZSQ^w>^bn;HT7~t-`ig6m-V)Sun9tRLNa@A3Pl<9&(ECllwM6bhAEN1;G)2_tN73a z9uV!hdjD1DwWg%cQ7jy?c$fRiearn$;xdV6i+9E z7xoO_j7mw_B!Y8$%Ejpez11S zADs4IygH3$$$jFuM*kmok89_D4!TF($Nm2gQg&(=Znau(%ZXa#2=01S)aHw#qE^e^ ztnfjrhu?OK3l=6+P4iI{^I7|vyJ+^ji)&0cO=nqZmP9NG2`WNU8MRuWF0Izi&JO&H z3I>>QIAdep`uzE`IRtAUnM2~mq_9%hc#W0UD$lg9WI*|d&YZ3^`@UC*3KiO*J}ao( z4HZJR>CQ6FOAkWmw}|l?3lyUMP2yZ%*47f;8xU7~6oSTBuP?HLEPR^4SWm+)MBa_-k9Ra46RR=Y)4t>G&(j7vBz9yN82mtyca z!y!!b_0}hSN5b(DAd7jT{ms6)k7p~i3SBF(n{teHgbjx;_0Xr|!YVDjVcxXY)y{M` z$%wbZ73>z*dOmi2#+@m%uQXE*3TUQqlFrRfd*Lqim!6))JMif!;rucc{2!|NC_l>O+4 z>mRGs;(wCqfl87Y-eV5nn)ttablk1q|N8XcasB5(%GUVbdPJ4*KPH(nXZxLbbtbbZ z`u8&gW5H*-qAXjw(7+;!2`ilf#bHJ#LiY{($!>I4!xHrwV@bB^IJT)@oc zBP&{d$}bDoK{GK%qIuhQnq6_=xquJarmYlw5&mlpZ>(LR=I4je*EX`k>C(TSw)din zKnn|E(Usv!dAGNYX+!w1!D4(@e#Gn|eCs=ZQ^FG6tGb28o@eHQUQcqR;xv7@vV}!| zShv-FwR=!y*~7*SPD|lyUwA^a4=i2(uYivh@FhpFD4a%*g8uoLIhT)OA2JeO7!+mJ zxrE@m(29tWt}&*my^2YaIZB|a@P5mSDUwZFD57;?xsmC$RrZ$G)fAu%hTYH$#kskY z#@3P`^LVO5hW`6uCF0&UkCb^wtc$bR5xlVbK~@_(_suP5}=I zUQMb{+x4Q0_hD+z)y=eD>Kvj3Gh_*}nCd}<>JpJTT(amwD!pi@NMj<4#lp(KB|-Kz z_3pLS1H#-4VXr~-2C7}nkYw(L>Z}-3-mTVVsOQr0C3URg;fwtwnVn5kmI}`*TKM42 zfYVi5J@Zhi)%0)hxfPKYvTb(zQ*+gjn}BUcLzoanv^ol%qK6Rr1^IfE=xGkSpY6xb zdzM6dXPLAykGY8Vq8#@+qSHgHoDZHn%;mirfF}W`Xjd_ORQw+g#U#_v8IS~~JT{jr z`!{Qr->LqmP|VGB-66OYJHt<5ZajwE=XH)~IjlWPK literal 0 HcmV?d00001 diff --git a/released/assets/rancher-backup/rancher-backup-1.0.301.tgz b/released/assets/rancher-backup/rancher-backup-1.0.301.tgz new file mode 100755 index 0000000000000000000000000000000000000000..258047bb894433002ac92aba343e36a0ea0ba9d3 GIT binary patch literal 5321 zcmV;)6gKN0iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH<$bK5$0_iObl&d}M`-kOwbInIvS?Tq4hZ#_2;kCmHDCwr4X zmJRBP|=di z)1U6I^m@JC;lY9V+w1k3fA{(ahd=Ed^!9tb!@d39;ZME2gWl7*gKjt0 zN<~JFY%{2&L?yc^pK{rCW69x-yHIo% zT+lRi9Sa0b-yOjPRWq3LoT*cyX3$*_(M{>t4J+C4Kn`HNqit85Od!DtWg3?r9%PC~ zDUs3&>p%Th|5dgy9mOFCgSJLNunQM68qXl1QlpfREE$>87>pC3ZHKjR7Fy061+c9L zQDVpX4(JhX5wSc?cY*OWWFRw)fl3Pt?D&jloJ&3UJZKeW6cNDoG~3tqb@+ayIUp<{ zA_2|{I6wb#ylckpzrvdg*+`N2d?y0?`3xs0O6%Lw;W1}1W=eJ)xozFP6>A>CJp-}> zHO>ZFvQ_^qc@7tZ8A&*awhB~FcZo{rM<1N)Dj;LNz+K0Lc0~%HiijyHAdnHEXq=}+ z!0EePa4uVIio3d&4Gqgam2=BNf5XxxX#bQ@1|yFa?H8pfztC={m}R9a1IZWvE+gek^~ive7I>vR-P^^7zgJ$(4B(;<@yWmGNA=cfK|*nfrdEG3$- zPcuw41Ch$^>Iz(A|NGDOo;B?M;la~K`~M*2@-lS#6#_fVJ~@r_Nw|R)K=|!jM^~g1 zh~8Nb(GJuiL}?wMWwT6BrX~>lL3V@h0)VN+@<&k7gDhEl?p$7W|JZp?S;8;MfW#Un zk|d?N)f3-3DJCKWJ&)urbab6DY6W25d$UPvq6;q0Q%({Iap7agc!o)yVq!Gaj7#)E zcK+CP1Qt>@A4B~y^nhEYLO4e~vHh4;TX^G^4_sU01573uYlq-9A36N`bzzJL5FCHW zNgC8eV`Xzx*yutQlRQnApzE7xT}NC-rAD3i2ukEEHuV)8_Cd#T62=%4?I1}$M?d~E zir6?u5{S@(m{V0qhDz9W4&RH{BVE@Rf(+xGXkAQJA)UFPP?M;ESA8GZRFyHZD@&!O zPe0Q6D4$H|S7TJX;ZcqbCjk?eTAH=BaZw`>shz*lIkmM?GRE{;GELo}W#ET@kU@=P z_v|8dSZV(|B{4$q?*Rm#g4^@N=X1_1oh_rTPN%J937ug&kL1io=>xdD1j^zxPc|_Z zS@fG~NoR~+IusFj%EK}}EHf1P8_BY$Zcxkc{qnM<$qK&YTwy~9>riY;B?-q%3+T+I zW}*>_1&y2Stq==KdP6Zbc@0|$u_=np6062`)Xs^?z8NRk=fe!6Z{IpCnW}E32kN0! zjpN!}XhurXNr}X>Qq{Xb_p1y6BISwh+L zyR$;q_H{MQRl5QG&QezZPYJM@eC)Lg*920*xh6bNiwH8h9?>QS@1l&LbMN*v)(xW6UcD$)(Iu^6`fgl*vbc0pr|BtAX}lc3Fufp4S$;>hsJgcx|LDJmXKz2f9=~18-bHH zMdMW~5WYD6%kbBiZ$FLtpPmnoe);wE)9CG+v*FLjpI*K>8ooVw^SYIWP2E;@IMiR#niv(d@u?eXiQ<4?!0htFRgzgQM=7E6fmZ<_)~~LcHf5Z%QS{*6)-u{< z&3Z)a@8l?;nAN7Dw|pQzLS0eu{~_~qla5;(3u~~8e7dI>iwyf+@c4QAHtVn{Z&-uB znQA|g`Mm=9(ay?ax%aZs|1T`)J>a-*|KEPE>Hj}{`s{K2=Rrz~|KDcm!iIBR`sJr> z_Tg48debsItcOnG7^Qs0lfoi~aE2s#FQ~#dEJm|a!zEaqT3%DF{?-VmHU)mkQC4=_ z8CJ`Zq`zY`jjcV6+M0OvejC4-gkXirxuIGz+fc>O;NxmfsW%=qh1FWRh3&7c zYpCA$8^L_ED?hqy)c?f?Z`14d+JkHJKTZ9=-+Oj=@TmVEqSVs7Eh|Z-qCayVN7$Bu zX^xgqqAFLW3P;>%!w`Iw!D7#bEESp>Dhg6c+OD9(Ab7Gyk1% zDfR>K3x>jv?YxEl*Ib>jpc!1s0elE%n9hUWZo#HWZMY@BJF|N;q&8hRC)pZ4zr!3x zn-ysRe$@&^D_X%*luuS4z4fj8X86`LtuMLVaP+S?3|AlR1{<^D5IQoaVjNyKHSk=P z8*uNLsawuvBV&I~uRdmi{|#fME0~qokhQ_Q1v@08_*Ee@^RD7#jEc0f6J5bUb%vwT zpHEhfWdGIL`Hm+mJeU5@7ES!5h59y(-9>*R;f>~Nq}`(J`WcmL`X4hc+jwXD49r3E1a2s|n) zoLaWlDmUmDtfBwWPRL{VVP&KLUtgiQ6OQZ7|Lh+$^FN1&dru$z|A#1>mt;1keC$HX zt#UlAt1l0e=uyiI2k<5%Uvlh7B`BM|a8$1)a%A7)EQHc}%E;7cKlr2B*w6;9J`!|! zX;Ma1U;@GW88Uaa!JM9IIkq(F`=^$6foQLvRyn+ls9>H;1!FAEP9#A)$zBiCRw@e7 z*yBs~U2&92v+uvJHS~`-)wmrtNUtgal~uh77vO~Y<)my==DswPe7ZoPg{0fA;tHn)$!pUjNblKSbGJ z;cI&+Z)NH4wwvRSV9$ZyuBn$J`rh_hzpS?vgiR5mBa+#BQz*)4czWWLr}S#l3CxK61(yY`ZN*0> z@PKH?)%%wQIkhTEO(Qt9r(B#quxI1A5GXTla?ZMmJ1sZH2^VEmd(@pu`!NcNBb-;V=l%H6 zbL5}7H1z-3@$ki~<7l4TCys0M|KY)2^Zu{?!K40vn6lNlaI4dKTh7!XM{w7xqBdU? z6?HoHW`z%0Km4{`T(B^uYL<_qn9sY{+(onFU0h?rX*$nRvm|0kNKg@)%Ba%`b?J1r zwzlABRB(nFhZ8p8ozI^?n?tY$k~t(^ObRQ7jn`Ott@2F!N(PjV=)~ztv+uh?RH)GP z+tli)yDb$$w&~6@2*YAktZ=EXLU$#qE6}VldE^opM&O;dGlU6GQ+{F8zPSt}HD<>e z3|Cjb&WIp$R48O|>a;)_$)#D_GlCzXHvu-P>=!Lhb7{;}j~OicBr3O?di)`LgImdr>bG@t$esC1qEo zw6T#aDrD143q^303!%fK;(WWzvy2NRH2^K!SCpN+u@qUS$Kh#t6O$1b zZ9*jw2HbQBN$mvz5sc1h=3S=*lmQnB3U}7HynP9@7pegk485%|n{1{-?+?2R4(GU( zyYSg=@cRXqpAEC0?V^VHZCDP1tN68nsb$(e-;VQ`Fc_oJe&wW$nuuM_bOmSjp+M1x z=k_kG?K3}NIO^{LKre{z;s4MnC9!PkA{wf!vjDT^F;fiLvvTpmC$N*RbV&eAMNNHjb7?$ zK_`X9T6t5TZ6B=F0&W5lZ}%(M?XS&T?fPsyQD)C+rX(O$#$whkAhHL`6|Y^TwF_K8 zLIuVuU6$=NqSJS7y4Y#4P7sy$zz8Nl6nt(T82JpYdrL)?@noYI8oNg8gu7|0JIUSt zMACFwzX3|M(OBHZWiDwMqrH8j<+Nbcu|7?;J*O=K@W{FmJhwX+&g>RmOw0vM#oSqk zzdf`bk5c-^DH?iM3~x0@GW#h{F+S#v0-}M8O_ayrtfu)uX$C|8~TohC`M}@vPTu$ z;I&>$(}srEF=QzF(b3q$mqz?gGCdecGRJ$&0bCRR_YV&H&HG>VtH=2N0m_x}zx8@* z;eSjrWzP0H6Y9)jTlDW|2quEhbwydWEF5Hm$hpbJ@GA~;Iu+XYDWICxoMB4_L02b` z(23bLr`mH2f8he=HX&Kl*Z%I5Xg^oF{;z_( z*J=t-2BUuHh2q@YNn>kCka;}QVZreIs1|YWnn%jKBi6;)>7#GsmliT)64p<$l)XC07Z; z%JxJ-CeZY(Bk6+qn_f+-P}}aJi+5pW&ehGe@9CVL1T$m_vY6^Ygz5s3Ib5>nLMpw8 zrbuHVi^bB)z$HO;HTCYb)&s)a3}LT9^aiS3&X8o`hU&Z+Q{JuCW~k@V@g;RU;^B+^ zB$=H}RF(?QDq8s9&4A;ot)6)(RW7y?<|uxt}z$!o|ofZM{RnDmGi-qhq=601Mno^6m1o!N5%i~ zP)srnodHQ;#$$82vVXH?`JL*23dO=)*Bydeu`~P>=Eh^leO~8?mczQV0sPvGw&KzM bLnraEJeJ4uPg(vq00960`|_H)0BQgLit2gE literal 0 HcmV?d00001 diff --git a/released/assets/rancher-backup/rancher-backup-1.0.400.tgz b/released/assets/rancher-backup/rancher-backup-1.0.400.tgz new file mode 100755 index 0000000000000000000000000000000000000000..446148c4a1dcad134a754c51b13842ff361a6b5a GIT binary patch literal 5741 zcmV-z7Lw^7iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH<$Z`(SS_v`vs94MXLWHyqWI7tWIodw)9b2qrXZ4h@_EIPL> zEgjpO$f8P8PJQG4_XQu4sfX>n>dp*86sRnb=fTH$@sQyp2`9+?AqlUtw0$}uTn2M8 zjemN)(&=}&wJo@vL$Z*ow zG(;}xh+>fPGDQTIYCWffKq=ZW8#B?iQ_12D#BAKU!ud7hk?6I27q@8nK$8(CLh>w>8OK&* zKhH|+cRH;fy~zH7OGW9Z6$kxWT(Nya^x>GkFFu-j_w?7&MLkt~)Vx-iVbE0i!|98^=9jDf^47iNpwob1iFD;Sya%9VTQLD@8IQvA`C<&W-{QVInDs2N-gcugMgFjzFN?2Qgt; z9Kp~CG9@N}jr6mr3?WM-p-PlN|NX!LCISQgErU!TocDi)OBUlkL@fCasi1?LPyr)~ zaipYm0~tN=ycM6U-qPPWjv5_U#Lr2n;ihZ(j`t zS5#>LI-2L*rACM2$cW@#yM0xNY^{G;DB77o?vFDXVLMggQ%FptKVxw=MbTCO&PPyu z2@$Bs2W21f!GdcV$97cEj@1f5K*B}3W(+jnbHunA)pk9 zQF8`bmRJg4S52bG%=JA`Gu$9bvN+y{gw>FNNHGK|3@kA7Gn_Cc)Z}xZEioex0Cvae zp;EH__XEWNNg~1{U`Y<==U>kD_1yh;c#~o>kR-g?3&4E7#1ZmB1vdKGK=z_CD1!Tx(xNn(I_DBv? z5jM)0iltK20!I#0N5cs41{P|977sJg?~glcOj9Z#(7Y#<#K+JTt{US!wi% z+ezku|Lt2#Riq;b-WdzgOw!y%X`Gxzvy{_Bj==kaXnXepfU&^hhqt5$lc@IGy18lp zvGtxN5xXut5~G+%6cwUYEqY_1Xpa!o8WQ`^Qgw!?7QcD#tRy9ct{K0I8HoghxqTtR z2}W6rk(N>uCeQ`h`eWM?nD?^&=&O&u1Kcp>!xgGU?fR@ryKA$&XWMH1KN?}EjDgo| zVDYQhxgzd?clISCu~+UI(>JHNe$M-1l*REJRDJEOE0;@))1dVpLGmmKb$tmZT~N-P zfFXuN8ApOm(RBc|5Y~o~0K!#AOsUL!h6>oV#@@@<165ZmffU2Npx#YJAYEFoP?4yB zFULMGp(?Fl7lukjpL(RzK{guEuUerv)1#Ojwg zWa_$J!^HRhAiNUE_St&suu%4QOhN?jKRxh1d3WcDO{Xj|bT-VoGM%QDA#{TAG!PTx zruX3H251t-S+t6|z@T4MOIStp%AyFs5gvx=ei5Ni-$9FMO&0JaV-hQ! zP={hdDv>{&8$g#PG!qPv&uCa}Z#ps8qPOhEDzAPcAtpw#y2qAtJ80%aN8hx8?DC-QId#AqTG}_iaM}z)_6EtNi?^M3uUr^geDOt5{?uE zkq!Tjq12IL!^)r}f^I=mlgzTzIr|J%$*W&$@ylYo#F1j5)|Ul#yO?|uO{wzVNlJg_ zEKApP?UsVpE7yO7Y0TzROdh@+xMBStb&jk1f6ot2PM+5PHj1^(l%HRbNsH4DMTXcP)EjTS)ygiLkOvvH!iO8l) zj1Ks87Tz9yIt$lA&Id?8*A&1#)rBV4Y%3ryddOc+Qr9ANSTuVuszN@XYhp19mjY#1 zrfwT7H*etEw_feDB;y*si!6>WSWLrt5Bl*nnTz5(CbQ-6=H#FLZ~yY`r`P>o&juI$ z)3f4x5u8}FoJuor)Ffz}YB|D}XMgGc_0`)?gYKsn{nKCmdhu!S_RVGg=d(|*-kkQ| zp1*nBNW-dOD|rk-oh~bZRua2H1g@g`;_Py8K6rcf`t-R?9dblP(&0EFt* zre#z3IV-y!?AuZ_yQo?Ah}}$%9E#p)%16ru;v!TPCHp@zjaSLI+FYo?&SUA0T+E~E z55eQc?3=X1s<>eZ{%We-K<0frYGhonJA|3%mTHNk81lM6YUw?ONz03{i+*S(Ix;A1;wZ?>UwDCJ9kzY1ja(70Wfz z>ZV0lvB~jEhGMC=tztDS3Hm!$!`RBwDD8(Y-|ylV9gr-2-!qt+5*wCVW-F>_8eCk> zA@$0mqHwv7ZeY9n>I$m!{Z=ra^vaJeE9HOw!AW|(uRhom|2;lAuEl?!cc0|{HcBbX z+pv>V2>MI=aez$`nCfit1dQHqhf)!D#^Wz*|Njty^PI zc^235U7k{BbHR=4>=hehxgQ{UTIO()j1iutL{9eM*(d1z8G^si7)9`N%!c6U?8LTp zyxr;VD}EF;?LV5>g4T*gA3V!JpfsQzeREjLQTWk=?v$15zZ{`?5ROgxzlXK+A15aV z$4~2j8)bD!W~Iqz0x5U0@fxEq+cEUyJjEWoNy(QCTS9W0j9*%+YlfWYLb0M%r!;05 z>l)2Tzlx0&ZD4&m@Xd`j87apIy!R7KY+j?zoNh>29(3J|<$WM9BQagt@GDWlG!qhr znCDGKUNgzg2$UifdDocKW%DjiV^-|D?@JBc^yU(`{R-*Jia^D(-iYyHYa#CeHcg47 z!x(cT7l8=!?xg7-mQC?+egC67^q;J(T>n~o5sCTPUq9s0J*B|L`0r8W z{NLe0r}LEmv6Zr8)%#e&Zj1@+#*8WJ!dsW~<$>p9IeFlze|vk-(N4pT@rXw(OCsf6 zM>Leq2ccYK^U-ULIJC{#Z_k_oyIWHyOmW}#O1{+Fny^7|N>X!hnxY8$7w1-Z3a2I= z!GwrkaGvAZm299L4+!>by??8aQ>r3)=3>sH22H%N$0dR0x`k1Gq3*u2vqH+<3-0ij?V;LDj@&%MWqHcv00HbECq1 z47~gZ$6EHBA3u7H{41A={J%Wwzx?$qm`0C@V}txZIqIHN;y>M^gQxw!t(2Y0g&VEb z+hV2WF@lHQ6|wrJh@jOnrz$@v`S9CrezTAx3E9uhIp2VpcceNZf47^Wvy-euvm%2H)7 zDR3oZ=T=_o+^;gST$I*tRVkxyH&pPGRd=6&@0%moeqnL1L$?;y8ZD&b zj30}$F`~JE*K6-oCZ9vC{=ynui=k7hahAGAc)laNKqChhC< z`fH(;=vsnZ6^AslZ!mbJmIWQa! zQftoAB?RVxnPjEwH1>gUh$zQU#`B`RLUi%YE*G;b>I6|?5=SutBH?p2ar86T;VlGJ z%A%FsP{|%C6K4OZ!n1me7)=T%jykVZCmoYemCNOlj(Vw0HLXOU3^ushWf&n&KnI05dF7#LRsto8*8WJ{)Z%$`fQ(7omL$-dH-&NV8q!}RTM?b+%VRNta+>zzGN_^ zW3FtT9I9^35^RVdsOkhFI?@SdvN^`^7sg>~0+J;OK4I6nS)iC0AyK^TTd6G>u#Ce8 zrLUI4J9qt+^wydz7vZzR;At^d^Oi>h+>4bi5nN4uk740QTDB{ z6Bu-T#|3BlOuDHhKxE-WxdZ+8gOaDcuODgR9I?vJ zW(Dxl z6U(cCoSWy)zM|f~R&s#rlcDAsBxjO?cB)SE zIpy4Fsi%4-EMG$TAr8LK4UU=BL`5O+jG%=N&I&kNwpA++g!i#ftUd z^oPEe;(v_Jm-r{K~I20Fkzv-Skb*%tN2dUKZ$&%uj=%{?$~L5a&_Y{ zWIxwAqQ$f>bO75J(UvUu*D?w#_TMd%pYiIh_XBUr|9O5~-Tyy4K6u*y-%6?E;;X@R z_rpDVt%PIJo|C#5Uq|#B;{J53E=^OD_SS<}WD1Mcg=)Lx3 zBEk?QX{ND^toTym?^zAa+N6g%f6g6An;2Zl+5J)4Yng73xoQ0GzWzrs-tkbtru_fs zM-~6?u-oZA`F~p}mD$)h=ZYPR`czw1($m6UACn=6KPwc;5IU~PQ#eWzq8?EBHxU4 zwWK%Hd^f#Wne5LN2H!eeT3sKr0}`i`6=*AMtI!|a61kI;nzm4*pN;E!Hx|A6J*^8XGt;Kuk*b^rgc+dX;8|KCb^wD^zBqgi}R zm5bspKI*?Hw)mK>@lf+g*RAWq2{j9>^b|X=b7&5vIdk+a8-F9fc zW7Oy#EPmGrQbA9>nZNjG{xFi>$@MLPV?OjBmB>3SWZhftf?j+~Ir}??Iv8P3nuxjr ze=J*J`L}W10F))ceO3Frxz832r#$O~HX&%wy0@`=YgF8_UHwn|t{pN=SwjamA7O0( f;~a{8_GAS;m8bGlZ2A8H00960S9TZD0Du4hipWi> literal 0 HcmV?d00001 diff --git a/released/assets/rancher-backup/rancher-backup-crd-1.0.200.tgz b/released/assets/rancher-backup/rancher-backup-crd-1.0.200.tgz new file mode 100644 index 0000000000000000000000000000000000000000..71debc5df5c03ac04ce461f60125e18280cfc7d1 GIT binary patch literal 1719 zcmV;o21xlIiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI>{Z`-yO&$B-Tk^9j00+!{(PA&u#x0%xo9lEZtv%VC4ps8b- z3q@)qWyBcv-3N-YElboNCu!2HK6wZ%@%%`hKRoB~NMcTwAp3JnZquYsWH^{CvDDrg z$L!>B$oGB!Vl>MB`@UcP?~ncA$?*L0e0+I6zPLC$@rR>}(eMQMk2HTHrAlLY;y-w< z^5*^_ggF-)Ybv-3dI%A$F%ywTu+|JbDh33krV9#TfO1=L4qMVN1RkJMEmJsk4&gWk zm0$t^vJd+blt?83)mLk!A$GD!V1O0$4f}Qt1$*t`gnk04sNexw4SOLdB59(t-|x86 zm@$R)63}FNt}-V7Q8F zFixZUKV;DDI0=xgaAu%C?1N2rZ(5-?!uN=TObRzN2BmSF6acTH;@(26p=M`9aH|#d z`TsB9cxL?T*QZm!;rjH|7cT~-a8z9CEaP*nGLj-q0^~9Q%baN%A!}R(!6ht}m~D-y zhmaz|Ku=hzbQXhDI^W`26ubTa{rOi9p%rE{%!FZIiUj!8$9JF3XJiR6whs|Xq)1GJ z+hAlkxpi*HHO3HdBG*}R@>Opz8SRgi_s`A#RD=GVZjKvJ&D)5nz4IE@1|bmEx}*0tSu>6kwG{fMvh`Xv4tHC&tI82o%O>Uurs*F85n_ALQ#zG@-CI%`Hrl6C$M&DiA;HAbcef0*Twy@r*!NoRp{7Ls^oQ! z7|?)nXiI74y!1FWl@8(kuA52^>DuJsdm`e5L1qEnn@q>f&G$o&`fvL7>iU^7xj`Vft?*IS* N|NjL{T{-|Z0041bO%(tD literal 0 HcmV?d00001 diff --git a/released/assets/rancher-backup/rancher-backup-crd-1.0.201.tgz b/released/assets/rancher-backup/rancher-backup-crd-1.0.201.tgz new file mode 100644 index 0000000000000000000000000000000000000000..cb12b3f3ea1cd40d43cde6bf6d48e1e1e4d72f3c GIT binary patch literal 1675 zcmV;626Xu!iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI>{Z`-yO&$B-Tk^9hlFJM(lYA>a4?$!L`Q_kF+o-yi$IS#bGkd~rD*1>?z?AB-lKmuJX-r1={uRT|4P|G{&W zH}?-A%(>85Q^8d@K!{+CnOJ!QYt6u;;w1s8>5@VeqTE)T!`3v4fQRT@%M{L?LpY8> zC73{n?8Bi1B~nR14b@g@h@ET_7+?iM!@gfb!CnVAp`So1DtL%C!5{)fBu#Yo`yE#r zGp3MU1DejR6}deUqhTQtUDzM|pcEKlt=OB|ywb97P#BW*;Tx8st>4G`2_45dAp+ z`NK!7*CFzh#yVA=(n8`DycfAQBD9r6uL78YH{An{5IGkp0gN087fia23~J zoJJ47%b?qF5+Hlw%t3!R2Adt;v_kEK?-2=^6mDn?O5->w0A8(%dyBA!nw=5Btya{p z-~RWFXU4yNeLe#mZO{Mrn-_ypcvW2LJmYh%awSEYgvezAmO0ZjLe{tnf=gH`G20u_ z03k($fu6Ed=`04Rbg{>^D0clJ`tz>=LL1CzlnKMW6bbOFkMBNR&dC~LY#$<&NRgNb zx5LPAa_iiYYm6b_L~gS{GZlPES92iJ>hX9SLPs&l3_xO;g(S;@h~OGiPWdW(dH^ngI+kyc(3PZ`4t1|c$uRq17&VP?3O)n_emZIFf*DYFul4r#8R*b2lkQwh)2==FTw^Ru0STxElLfEPe-~ojy@{CE<^hN{EUR4$DW|pamw61szWDLnct( zVeQTi5wgreHN+0jY4$3HmA;XfE4qu_ZdtcT+Q9shn81E-h&;C6i&p|xbym{CT2)qO zR_)MR2gU}gY&;_Kf>27lJ$kdt20NROQP!N}M6HFsscgNLjlzHwUQtz?Q}_mX%|tX1qforAM1WjlchuR|+-{-PpXsZndDkde&lg&&M2ef|Fw^!e)lg7Gw80-RPPmh0kOrC6NqY0E`Z zyh*_r$Qdj_0w>2|-jNg3=K}?O)C4VOM03TSR)(59xq(YUb`$Cd)%Ee?P?erARZV=Z zjm@sOe8?CXkgTG6Vx<^^b%?4aM{LPhS}M1?#3WzE3|4TLoV0p|7r>md>$ITelsCqj ztl!=x5|nb~(Uxi@)jmPKcc?9UP?tgq*^@wGEo!T=&OjT?(x%0>?DvG3I@I~ccrLp+ z9^p)tJI~cTOJ)r3jk(oqzIaXCru0?;bzW}GmYYh4-JyC9ciZzm|B10XI8B{>kDV0R zpL;W>#u4}3!{PjI3^`@yVKoGOaivXL{;!3Ehc*CP^8fM0cvSBHT};M({{Iy8S@VBm zJdfJ|v}QWb@G=LmbJ@<(u<*RK^JbC0uXgcrEc2!n>0i=#n^{$r>#0nAUuNs=SbLrC zq#|HouSZ3y=U@b02}Lo!%ez#5=R30Qoxs|qB{Joe(H-t0T^IL#PpR)IRjBVNRq{GV z3}`?(wWTz7UV8LRrBisn>ZZ~|x;ASnY5m{rYkzQkM5`faD)Tx39Ew+`Dc zVQyr3R8em|NM&qo0PI>{Z`(Ey&$B-Tkv()9U{y-uco0ymnbQp&x~{OZz6^Vysk6<6 zA~ljSVhsE414Y@ECF+lpH0f4d9s*0eAIbZ}yW>e>PF5g?b4+g2WJqN6ar1TX7Cs(I^5QqEjtXICT!;I0ltq z0wJ;whZ2-XB>^>58>Jz3vPoco6$}mgZVd%{9pHq11gWUtAzBB62o#Yt(b?~}Txrah zLV5*gGQC!4A!G@}8`MJUO#&gpNx~?}gfv)hX9_&uJNNy;b1U$Hw zLyv+M|GzxHJS+MC*dJZ={{IwIbRL{gxYNMRFXi2Sr;PipgE?p%3~nipLNrO07V$Lq z+iO@*PBXuVLE{K(Yz`6YPS$vow{!BnPY+ZA#EisIl(A#>K~k^!r1w>HbYC)K>T&k&sE@hQ^>Yj*|l5)v~y^2y3X>84=uSMg9K$ z*RMS@{?)6~Dd1>x`pq9+3`*f;ajCP6&$Y^>6loG7mkC(rOw$Ni<0=R)VX4GyXG8;p z6cGk`!cwKP7^Kqq4%edC^@r&1e+CGxF{4o?4Es_fz^^{M{dhhjD~Pduh)^O$Vj|oY zBg4t9b4#u>o%^| zooVqBR_`zm0<%fxeG!32iJ(>MJsMzgb#I7;U=hfBvs12&1HjF@+3c1kA3@T^ zrWtK61Ov>SV_baayY#zF{d4=6-L4ElS@+Z$-aeZFY zSpV7#! zf-#U&Sbzjh4#T`7C#cT{3i_xCTF!{(iao6iHF;;f_(2#TlSzXg%q+Ufy7$WR%4xk)|jPDi*4EO5i@nD^AGV{c5^tw znJRalt9h2p7~UCktJ!?R?wo3{L43keTx0Jh}+qqEUPx&L=I4*LB6Dd>~t|HgP8 zw*hF)be7>|4q)f9ougsld28p*BK=tH;^kQ8O)Jv>r13Vjsw&r0nfgA@*4v@>I^Rh} zz`$OQid4_Q2)q)CVtki(sr=4&WZgS~wM$E6$}6Kg+(o)B?)#on-&3kk-&3mOb&eR& zfO2e0Y3982=$lH%@P5%vrH6EF^6)(oal#<8fbLDEzH{^CkfZ*azPY;o<&76dk2Ocz z_us);x&FHd#(n?iN$4xrXU|t?Y9Au9!crr>!rCMNrBA6-1reHWDxXt7_nvy{si&TL TYNvk#00960hRUdt05$*sMl3C- literal 0 HcmV?d00001 diff --git a/released/assets/rancher-backup/rancher-backup-crd-1.0.301.tgz b/released/assets/rancher-backup/rancher-backup-crd-1.0.301.tgz new file mode 100755 index 0000000000000000000000000000000000000000..8ad1c1afafa4f5774f443d97ab2cfa6c38ffdbf4 GIT binary patch literal 1673 zcmV;426p)$iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI>{Z`-yO&$B-Tk^9hlFJM)2oOBRSteMjd9lEZtv%U;_ps8b< z3q@)qWyBcv-3N-YElboN$7#~7I(Y~z@%%`hKRoB~NMcS_Acu2I?$TsPWb|^f!cu!1 z9J8~>A>a4?tMNGd@B4oFzklfmXTjJX`TkWf@~_VPV0`7jIz#>=&EH6=(paAPC(l*h z+&_dc=R#vm1y|t!A%Zn#V(AgAH3N@|mjtAy3kp$)a$9i@ThS;29-?zCQ#f}H;W!4B zU;-hs4~G(zNF@O^R2!uscCtxefE5f4`)&;ddmZ3}egdhe;2~NEg9sFnG|}1bcU)=A zm_m95XfnM~Xdz??#2eH?>rDb7!b!p?$%HgmZ)XZT-@EXG!E-C{L~{7QhB#qZgL;|E z=hUO1#s9A^u0|#Qf8~$Hz5hQ26`cns6z(-}^GkVm-zejL>tGHV2ZKAxqYzC}rA0i= z{q_bHl+(;FV$e9k8kr{D43yGKTUgX}0&~~q}QE@7#}Y-dCR zgcK15dcsnrvlyh(`3~2j*!73#&%Xu;tudofCJg&hB*3pfzWa1BBP)opeTYyZMPee{ z79+#St#eDRF@}H>xyb^}MDPV&&VWd($HQ?59mFIv0EtBwk}L}%f@@4U<;(2p9@xBD z&}9j(B;`Go%&GG-3dV*eQ=|n-6=b1uzSl{o`89AWkd*84^fBc$PU8>-PCRn}EHl;a zNs$#qDQn)zL<+teX#+fvRGQTl4Cp{}_c%_fs0iKUxI(HBy?7JTh|}dtzo-nHY0M)m zBSfUp-8?fI6(S$`=>O)gtH?@6T6sx4Wem?5gvcaTrI&Svnc-ekpS8fXK^mH;pdD^a{XY4g!``PS{CZ9mk z#iki;E(8P2ons^{9hTW~HTJcb{|-bueWLP8!XGJ>5EUmJmXEeU3rrphI-KJBOrX5O z+MVqqWSNC(h#j8O>{SdaeJe3nbQ`tfYmts;the z+M%}&j15-Vctqv}p_F)Y@MfD0b~YiStQp6NS_yqy*?KJ-hx;Adb>)bvWfOA+at+ZB zz(G3WOhX864p8-hEsbL=E5}aFc!xqtkJg16fA=e|6l@;4wt0o!YC(PZ4)Q0@U2%O` z)L8%T@@qKhKCq?!AHNDN59|MtAB;wQ{r?p7`Rf0I@iboo99JZk>*8&tSe))@%SBVX zNx>M%DJ(z&Cx>C)krUMC0|kB51TAMobH$!khMGLNflESm6Y2=n_3>k0l^!uwO?Y{^(!D!01CBwxi8mT;dOwR(orp31G_lTJ~)cJ>aF1tA# z;Y^h~&(%CjW(@C*xz%jGcum}<^i~0NUT)2nn@Wf6q51%K+wngCiLpI6O`ZLKofO%h zdo#zz5%=B0{`_wYIc4TyH3WTerA=G@uZ4tD8-OkO|K;d%T<-sk#zCL|KLvf({NEVQ z<2C@Tna(o2%mM6NwsSNrJa6s1S)}i)UA!F2ylF-Hmo(m{R#oMCDpTK=*?K$FUgtZh z2pHJwQIYBy7=c$pQH<~NE|uT;j;wnpuy$#QOnGH=hr3AE#eLsX>U&BR>U&C+yv`8= z8c>dHDb1Xh9(_~k7~ZeCsdP%$CJ)~e5hn~X3+Uct>N_`I4>{_;>D%j@pWb?L^jLGW zeg7Sd%Jttk82A03C!zniK6}1KQ~MB+6_y(571kyJD1AzuDu~d0Q~8|wx%bplPd)Y2 TQ#<_~00960SOYI=05$*s!E+@d literal 0 HcmV?d00001 diff --git a/released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.100.tgz b/released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.100.tgz new file mode 100644 index 0000000000000000000000000000000000000000..3f245c1fea6a06d2d5decd61afb93de49ba813f6 GIT binary patch literal 3416 zcmV-e4X5%SiwFQ*<=kHY1MMAaZ{s$yUr)b+P8WlU8Z2U4B8QLRJW0+5)U#$RFf2zHV+P+BG?=$O zJ1DfEG#Q>E8kRciV$u|1;7) zMB`QP52ru%JT9qpxF^muLM$q&%cmxMN|%`qZ_!Y4!|`DFu6ssGmy2Nq_E!rktyw7s ziv`k|ILuC~mlpHrf(f5m?2I6G?z4bO9vEUJBwLhL@dLheY$lB9GElYF?@Y@D%CbOM z)Dx{`r?h^+Tt)>mu<0#hE3FqghQ${?_n0U5smH|`aUC!GL!-X)BXka?{ft28sPAWf znr*YA!LY2r@uhn9ZpLzxLYPO#E)ygOVbyw5a&dJ_(zc0URv0*PMbzjC_Xs8PaLfXa zNhYvs(d1~3h1h3O`r@qBvXJYA8IMO1UkD~e3r4|33p;>VqCuKsIo0NDbcY9 z^Lx+b)MmD+X(!|=(nLyQY1(hU{ie;ByCAWGDwjIMY!L&L6oclBRLu~>D^)az^Vn3W z56bx;=D~+KX5t{8z~1(M7vx2+vH$CUa{4c+8!~Yy2cXLSA9V)>`QK^x8~eW&I3cgu zgodsp5zWa2gna3uFhTmhn>m8OKT6)8zxmF9vS9X0W|N5n7OsZKESClhkOfYpC?rQI z?xQ7XgP4Y&D;@?Ul`tUHodumT<$X9Jk;eFwD1{&#__<0A%2rlpt3r}aQ>&SzD(DvU z$95!1DFYQ%220!QMp(GV$01)mf*~$pBwun^IzzLkX#o>3R*Qkz|L_6cpOBvz2}KB+ zY6VC^^DP*tLh!(FnuO0RXR;!8Opvs;(w9&GoRuX5<%k488i4UGEQg0ep|)n+0j-Ag zlQV1vO!$ak)D;}29u=TKEj&YIt3FZLf+j~r&Ag=(a1S~J&+Z*L15XA07KJottpi<@aDeDD2=8VG(No7nl*>FR%fR zK}A7>)u|ePz!qGM9xR41fcYB-RL#uh;e!^0uuidkgTRo!33%wo-N8q>@KDTCiOg6RT1SmiZV+W}{eYv+D}7h`F!pWK zt0fD@C?xdAC(%!d9{P6t%?7Cwee*G-rl0ClCh_Ne^pof=ND2K{?YN|4wj&Fa+m%jP zIwP8faCH)H>9G3)5Dw9Nf`lt4$+4yI@t{io+st?Q3JtfX8vqshzX$$)QU8xRoksuH z0a-ajeP66a&g+!&If=8D02wE2KOvG8S~(ffO1-~)1L#kjDc>$OxK&lP_y%Mu~QMvK9n?njDkC=vYBzY&9#pKCC?r$3hoA!d6DnQ+t792a@VoI zM>%)z=}M&U!Mj{fXfmeT%ZndwuHL=ByS+HSzPoyJ{>^1thD7m*!g|_oY}rsiesH^V zKTqq>*S^HnD$y{r%TJeEYY=!LCC~a2JNPp~Vp%9t?2(--C`w zv8)3ae-aO53VQ#Y?iy3hhfYzg_Y3k{rt4-@bRuaai)4*D+nY@5uks}@_>y~&!<_i< z>msQ~|MXU}QG!ev#{ zfC5-JLO4riu68vCtM-3;y`ud$9QGUguNEl!qIqMd=zpS;dmF8W5~EP9k9e)D*9p8X z95Ny$Zk?HLcpN&e%!Gy#(<)t}Yv&mn#l_n(2iZoCJ+Ge%RPlf2kXJOxPjCaP_`loj z75KkD=yx0buLJhy|MZN=7Pk=ANXo7;pTCXH=>_q|#=`NwO^v*?WxZo|24-7tShr5t zo&TpGXmOMEIrzW7!T;T1!~b=_VfjB^Bis2O3N!-XV}jlJzueH;MI2P}f4`{zM}zjL z;r}||u>8Np7~d)mf<_!18LIeSZ7Tl7bAXlS{|2K1|APV0@P93^>pt`tczvJEXzKfB zK9c+RC7ZGu>QJ|bn@ZV>I;DG1>Wosd9bMRrHpq*YxKoh}TPF{rjp6jcK3nr!rsQjQ zfG68NrkNSXeZucIY=Rw0rs$C|;u*9Jf^VOF5sv@MEU5?()w|7Yg5|1iY=7;ug@{zz zI`2E5tayA^Gr9A|g8c@zeS>eWqfBc;Jwk%$S$bA#2a;~^|I_Th84YaaF?%=7P;LKp ziuPZ7)Wm;lf#`0udWZS22V;JNmHQtq#B_a|xc z*i-sRK_&m^teB^Hf>r!K=x@e<2TlC97APblC^c`3oc@&K!rRQ^qWn30ACBOA6~=gM z8b1cR+y87XYTW;6_J8Yv!`lDx8rg30Gj+DVG5J3lsN(-6bsfCml7vGr*U!Eppep{` z8y5M0Fz7e=KWc#!b^3HdrjmT&G7tW6J`a7OKNdREiJpl^!7u#x<(H&Q3{bfz>Nx4= z6VQD&Is1y(jwLfM1e3{2y(n#389Aeq33UZ~Ld{e{Jsm~t=3soWH$_g`mik1ftBS_?E4b_P&t(RtA`K#r!fZ_pd^iaz)U0%HYHEz1x08 zz54v_lzh(qaD)^{w-{%xM_;ht(;{kUxt`!1YA0YYH8;t(i<{SiU`7D77wAn*@>Us5 zX~q`3(7iRQSae4n{Jsef(keJSbqQX*G}ZE}9A@^%v3c%ef_>sY=?TC+4ZzCyPrF;R z|3-tx{;LHJ8UIOl{^JtQ8~RDk8XkKFKW(VY|G>S8GhI;s`SL%s`y2Z|y+OOl|4<9W z?5(K$hWf==%qEk^_tK2=o7ww>W)i&X6hxa+Mi8F`Y2LUv-)BJN%17}M%%L5<{MrE? zGzM=I-lJ0*zsHADRcX4egb(9UovEH?g_wS90zETS@&Db7xiG21l>U>C09E;a-A+;e z_d277|7(GVht^AS>4^~R>vd{GFs{+7K-*lvL&BCUSlz=qVdP~CSQo8nU>V2TWNkwQ zU9o_96U9f(>lE*wX>u#QB=urcIcurs8rpg>HmL>vNpcS|%C?l)6{T60(rP|9Omaf> ze~Xs>Bm^vR@$iSfIf}xFS}(PqKZ+_b)v(Bz zx%@tUoW1TTIl1S-9CKv?Vjj9!lnCH%J9L>!AO_An^fZG}+o0yQ`={7+W5aWYU2O3z#;iR<5N8||Ht>tjy-vQ z1E}JEk4dyD?|hZl=Z<3DR{Xn9IH)rIJ1Fk|4Trtv{7)@VicE%_1JU$F+vsp zt5lY$&;7L1fR+3I8|QyU{f7VRfg=Bpk=|>b{|_IRaJpI)hM;9yUdR8B!xXdDjPtn; zWx0^a;gQqmSLjazYO~GaMwCL;h?p5FtA`@AEXHhRpT--(hI*`0u;Tv$lE{sGR=>ZV zj1Oc6EDf1tw7bS2SY@6*H7OCq+4=M*Wp|6?PjQOx?Wy?+<)Tb&`u4nhn^g-%vWea> zWjn=X@UtE_kjZWfW68~0lmb@`3%?pZ{(bmG$NxZVfd%p>I^Xd*^L_yut78No^k36f uX)sl(S`7~{RA~*YHm25`PbS}C#`iPQY21sm?PSu9 z1Cfx#iXs?-w5oIaF83_=WVZ`|pQ233v8ANPoz@~jU;!+47rXe_gw(fZEHrIbm}3Ud z3mVSbU)?KoI-Qf@kjUTBNd9(u1NEzcbo(cxlkTWD9E?b(I~oo9Uy;Y97L`SUkYBqF6Xx_fl%=w7mhAy2uu$047wzkAW%-bKj0&ckSV@b@a&L&hXyEw&D^Xb@Qf`l<} zxj&WUP3tCt*>UJbDyt#EESF0Q_)zDucsOlm zESc$}_L0?U{S(kGc*uzBLk$Z#gQ4P@@g<2kG=#~9O&E>hkR6kdO`tLGg~uUz?{GU; zZ=%3JN4N1ylF+{HS--cLFEyE-7<$%F)}Nz}o*ad$kb53qA{A1N584jY-TS;g&g!1J z(JUUzs*_st8IOp$uFPlDcW^j78bb-F>%afOs^4eIwh}-67}JEf?JVyRP=$NYcpBmK zAVBwv*o_#DEe<45Jd$$)*5PxQXYk7k>G)kbCJ6^v$_rhtXL%9gDLaz ziD6|(C(nhxGZ>_R13_g|00A%warn~rICYp~0TC}HT9cf~3W$s4&o7>nCm+sL{g~my zk;33Gs2{3W&X|uQABFC8su?|<=hld zgTOhmo&cyOD^A)i>9$xf#|4UdD;)C}hXLB9_&XafBx$Ol$WKZCkhp8z-azKGcom_G zMp1$Y8UkXWRa+)DghI!d=ix6FzNVh*l*THcA=ox(RqA2;6#8aOU!$;fceAK^{=ax} z_Wae0`zbNA>-q>2_*Q8ERr>wmFv0%$z~ zQ$h-gl&@Cn!-o&88S@s2{8W1p#A*}MR65&C-9}>im5w9gJoKpS531!K=m5Sr+FJKf z$Ik12z0PRZZPx$x0oCIVlUWSY$~`Rr)~)}Y^oC{suhSnj`hOqrh&V;L4B#Y8qap>yT;~(CY4j zPMKVNbVZ_#@s-F4LAda`N*9ONj=ZY>Ug@|=8OyF3;WwLRmm%~JmWjOb9CnA8&-NRJbsVAA6BZKf?xIg{f= z&HQUO6OX&^5L`{~|FZ3i=3@mxs+o*l>~Tiw$CgIAa3i^< z{Rqaz4&qbN?Q|CUeF4~TG`qcLuUy^5k1_fs+m&dcBYep`W+SiS=(Zy6u~4t1llQ;2 zTA(k0M$t-ro_c&tJ-x;bbXAI?-T=svSXyO=L^ z^FOAC(6djO4C?fMcQ`2N|NfxgtpDu=Ow%lEE`(!hTQrVlJaqppx!IaO6S%g2-EGZX z-#I1PC%pi!Xn}VNB#S6AsanTJhM~^F^;=;KY=a+60yTUa@;DHRnK7xb`=VJq5#cOT zwkeY>7*>7Niz}7iDigJZGnR0rbj{FAQlrzF}d+|3nsclaT)J^F(gIMHGG=n`lW}a3~1?|;Nt^Z;LXiuI> z+g=-7vZy?9@O=)~me@$zK#eEYI|Q$Qa%-f7B+Zo1EW8GD{LHp_>_@NHh-T^xRAoro z&;5vkH5}$tcO}6UD94FBF3?<=lvmn|xC*sVsi+S*t)G;0FAG~am&?j*Ovrh9YgRBf zATjSKmPFUA^NDj&$|8xN>>tDjor2z9x0him_)saTY`wU61SYFSdZ$Sxc_bO?d~0&G zKP%=y=ev+lz?}GRS(enJyL&BpFEN(~ymK#h7+Olu*DLJQRW7Sh#J{=CxiWVn#-Zn< z2KEbe_Fv8?FvB@BVFFmVLb%t=T5W3%*6siG`(^uYH0n3@-(H~XwHA$?vZtEc=dUmd zC4XpM$@m05mkybd3Ww7wRy>YfFLI$hMij=(NG-sWMKd=WDn;h)TEl#$hoxL^6#JhEB-Aw#18J}1~-{;LhG zZPY=n{13|W|H-h^?Emcr?pOXd7~>n&LD;B+14Ets%U#S*JO@^L{%csi{{sdoj4PP5ccc`34g3WYgzFnXzsYK3}j2HY6d@Eq%l@NNWSWnff9g|HkY{4uC3m zS=atkk=b44Ob!_tn-!47O4b&||pwjelo2`a)P5$p@ z|IKLVFrPWw%?$PSU$<=kbw{{<`NZk}MB{0|4~>%YTh{dX@=3M^A;-j*eO`;&h4 zW^q~n+{4Ys%c*<9>#|EJmi-4EQa{jYgsv&qlot%Jto|7@U6{$*GT zyf?3xLon9ct}38z{kK0V%l~lLZ{k1f1s=)MrxP-b$Pp$rUz#R?1+V!7KuWbLF3>y1yFL0mhKk3fD&hfBIKgn6cLsRg}hT8l8GN9Rl1`l`t zzcX0d|LG4-dX4<=1GIR{QGP{(@>lE)FX>cQ>BJ`droVU~q6>Yp2o0J0oB)JEvqU|Jh zMP-zov{(QRQ#2vQ-$mQF69SgFc=%$h_oCFJ_S4qSpmq5&3y8RMF_5U^q~yU{;E{~w zBrk-jxVy(K%ra&kU+U!ibCB@gEqD-pxc#vW!R0;JoCJrz(DoOx(z4r6O=G&kKp z#kQMd&M-JpK0rMxPknz_m6dvTGGR6<)7Sh`*N@5B)p_H^$C!FXtMSSX4LkUMFpuu+ z`bnr=|34|m{~HXN_#gX$`}F^EhSmf7etMtb(8T)-zz*^cCiC9pzdvf$|Mvp-DgQa2 z>Vf57-!nTj@%{o(C;vW+(5k!&WL%#sig7#f?=H(hwd=oY@gGN{eslh3FHn|$J>Ixe zQ;t^nT76Oxo^Dwgl01TccU%uj#693nA+jnV(3+45eN98AuyTUp&$p`}x!&M)mvjV0@r6fHk5dqTOp;1gnkHCyAm!N9Qx{6x~g)Kj{$9n?v)J@~KE|#^$(u z>qSdh@`2tkWH&`NcyH(ma&d5>F9oWpV7ane_-F?B_vRM^{{hJbW+Gd#?+qk$>e*C_Dc zVQyr3R8em|NM&qo0PJ0TZ`(MN-+#}aVxT^Uwu@MPOX9+~=YVXQTjaLs7D;y>Ecz@` zS{mDYERiZn#p}!FyWD5FPj(I3c{6TIaX#b1mxD$#E3|Q+yl&D~nnt$Uji<)Tw?^gq|AquH%7-!l8}xs- zebg)J|D*n4t^cc_XYd+FBn}kVK8Fz(_ge|osmn~+twaQd(#Djp(C>tB@ z0cAP~@&6S|^FGuCF!WGLBIXCC{Q^U7T94qxBACNa5F?wBLIKYgqJHisOhc-SPxA}_ zyeJ+(r`-;d?;(b!H#^-|7c^<&rx@k7IU0=nc!dFadaUZ+Z73e-L1{cG`0#t9K}I9W zsG8f?xAY?NtZQ>nRQle74_$(f^4Gegu}H+ zwB;ff9fA9+^<1sCO($8US~klT3Ch$6oPU=sXDPW$KyaJ1?f%Dj{`Ig zgqm=Pd5(>h-ZU?-^~>uVbK9mSOi>%B{DfK?CF3~`lDzr>jz;LI0XT2@RZ_lwocVU( zoPCN(;4Dezsgdy4q)qzYcny?|MI7M1^T7@JzkS&6EbISnyWj8D`o9V)=uPV+x`~Hq zQQvGXEkA{vX`hp_vFmYxT)G|)TQ{A?lrnz+@3?v{bGQ>dI2e7<`*IKBb!W1&%{)P2+&zK)^ z%B-8*gvdC*9+inRoaw7?M_p~ge{PYN%4Wws+CvF!!hg40SpVsEy8V8Q|0<}6?q$ei zs6Mrh%9TghVpV<>-^m!s5SsWm@9fIDNG7o%Wj|%B%UQ`z$L$=sZRcA-*4IJ1;{UiB z{P)`J8vj+$W8nXIZ~PzE_^+6@$3ISW-?kqG|A)2xe|JUyHYy4M2Mf{5)@mvzC2^aK#%;A4``bw7Rf=eFYnj=8O z4=HPiIKbo}Es5xlg2z#IGPk*`Xp-w}=@q_3qQ$lQY;el5w~^o@8er+W(uV>gE|h(B zgJLKL@WJr}5{1qIIC11BpL`6^eu{|lCeDE~My0>b>{oCCDwXs5+IAN2`xn{@9~=@z z(lA&&H&#o1RlTK;0= zU_Jk*)?qd6PaExjIusty{=~aD%1D+;aJzq881rE4-?T1?B!RpMw-5Svi{$Me;=cO z&qHLN5e{qv{(Jqy761RRKL1w@g%I_vp0Zd>jK-7c^P2y&P7wz{JC&=>yF z3MPDVtxq2kGQ*)t7?0~X_>}IuutFzNzF3;cpc71hv^7i`t;^fD( zTv5r*_0N!BKHSi<0Jo{i_4|__ORIBFAy)LO+<$)i^AErL{M%!+F^O=rseMZ|*tTgY z?={UjJ-@m>d2@F8{_6VT?EU5W>DBeSpD*99a(=#PoIJme_tn|2XS#3ht#QIOjh3^a zx@T`set2{CdK-@Eb?aPs3=^8ifj{9>%oUav_2!qW_h*;aZ%;1DySqG;MJ}dLp6kji zP}A*g6BPfAgh9q^5tQmrV3hgD6m+@^PD^o-GFFRVg2gb5X)z|^R9Z-$$%1vhHo4MY zEvHDXXRqO$#$;L~$)YsvUrIjmQ!Wi#*Um|V7zghIo9ED}4bz2>< z0so!e%KfjyPL2O+sEGfe?(YTW|CkZuM=Q<4TiA$~M~Gr=Hq<)k&?eCiA!;!>sY zqYv!2I2sG$<7)Dz-E3)EFgpV<4`u9mh(7uUFvJlT*ffvLW)0;m(;LgPy3e1C3DiSF zr8Anh+U?soPcuTXl+4bYy*%&4X-mR6uAiC}(pfLsSwAmZ&00v3cM3fohC~m84^C1* zZXXPsWvSWCGSe*mu^H+AZ~y6#Sn*INxLWFk_k4=%pH32l@-ErRFdms0o85*ca}G9I z4V`UByeS`z-q4V$0d#6TzXNU3|7L^lGvh#S(*OOVelh-Iw^QH$sf4!O%pIa4n|5^b z3uh#X+~rx{{bBLTau}<@wC|V?tzWtZY0jvmd&q^|PP=nmnBt}nvpw$J_qW%G58Nxx~Gi|fYlCPFMSyg|An419boeq#KIc~F6m#*M{lm5@`?=2$0?Pv`)&i~upV*H1r zc76Y=659RzXRPbCv)zzv6-)_+0=b%34YzQ zJN|c%0JjJJkB{o}AC=I< z694%FRp}T>&RspGA}9+w^VDMfYG@z)=P!S4qX9PJzqhjg*KgPB|CP{V;eX}iWmOs= zckAq_W&1VI?)cv|`pY)>Zx``@SpWV{HB^E9Kdub@xu7#oE!VGw_QC&d(O>ql|A*~5 z{!2AfiT$rq1Jw3^C)yGJWf5RLJN{Fzcf4}`r;h(t4LvaaS1(It7WvUtKuP48rr>Z4jvi*$?wcO zweY?H+KB(XZu~6MCj1|*#DD1YI`#fvB~*y_QhL0#i1h6vJ#0P}Thu=fUxz0+dtGSb zQ}^+Gv!32dSdH+zmzuMztcM|;=kK#*Y>{>dY1eE{8+(@02#apIG@H5 zIQJc$cfiS=M|Z%{|6aa?w)w&MXXfhp-$p!UJ`Da2KJ`@Yg+!IUbc)_aE9Yl8_GZ`~ zIkO10`?E-#oc$SGnuvj``2}HP1oxCgWJm+5C`$L_-Fc$_WG*Eg!Gy@4aGsX;Lh&ml zC>w+OGD-Jug(@v2(N0v3A2NUKH(RT}T_3>T@DD1L)cuz5T&mFv{FEgzOXxjVY)>$(SA~adS zGc{MU4bP|UmFlP*|0If<0*N2uL+F4F_&1xq%lJR)AJzD;gx26+YUrmXHUs?1f0qN&&jiHZdtfWQ$7{f5T^KKR_rm78F| z^?2CQZ_)>?o38su3z-RmZ#0^Ia%9TSNhi@g(iX^rfX}oPv|i&3nUaG>qX{4Kx@J-K zn5s!UG)1SS<`cezCamb-31PnOj)26>n@~3XzyH-mf6yYbATH%kKE)&zZflYDB`D4V zt8+!nBoL4>RjB(`ccen?>~UtA$GDGDznN<}{ZNn13N_WEl8EW zE^I~ruT}p|xH4>;aAFDos`H;-zJ?bcbFTNtmzIN%Bg#<1Y=TVpyb^RgP6m2rpYo%3 zNF@5{Lz~-&bg2?f((37sH@3tFVj8QHr}Z(dL1n9(1+mpNP8hAJbdt1KcT+tRoHw>1 zzzm-B)3g-_Fq=?sqS@-l3!`_FPAL*NXroKm+yq9UBkCm`t2oFhjes&+a>l@gvN29z zgtIJ6U0Dmji>2b>;<~+!X2xte5&E{^wBAN;VTe8@3WK@s^H_I-;>q}4^p_Ut!b4e1 znc!r#*=xj{WiJ!-vM-Y|Qe49#QEdy@0Ff}mAkcqxX0uRI=&Ohb5~4yOlWzMQ`7Wxy zB4I6W&LQ>D7 zY}`VNtUT1+hK+@DZWIK}2vb^q)_$b96gR-efZm{RjD1H*`+9TCW6EYJ$_ z!=iB)oKeNiyjNE-6~zu3KFl~YNs>F!^-Hp%5+aeUg=q!AeAD|MF405X9%&w3@>t<6 z7G`bvO9QI)%)ATuRCCLWlD zgO64rAlP6*@Y~778;#gtX&TN2*kDeDIr(46fv%~hnriw=>Hh-&0RR84XZ(BstN;KI C`LPuM literal 0 HcmV?d00001 diff --git a/released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.301.tgz b/released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.301.tgz new file mode 100755 index 0000000000000000000000000000000000000000..f1dd6d76f61b3bc00e9ca4850c56f63d3b2c5a3d GIT binary patch literal 4835 zcmV<95*+OxiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PJ0TZ`(MN-+#}aVxaD!?IM<6;y8tIdq6hLEppp*izK@biav{! zmc}+8OQcFt_WH820ku^`MFp{RRQ*89l3 zQAotNaXKPGxib<5-#q{|o6Tmo(=mUW&1Ug$tKDsW*XlIe&1SdNZg#(GwvG;)N8ds7 zAqw9_u~bBS*Zl0VijDh9h%m+#QIs>;s{wdKk$?|fk0=$OOL>FDiq|QViUdIqRt}fC zC;T5nqP)>c4ju|c2NeA*`^scKl~F)ubw)z$!Rh%G{FD~3GQCbGBjRBXbZvNqf+#NP zawZjqE3;W>ZjdO<7|3h5Ch8vFO&G!S#qrpb`kYKe>2QA8-*8rO<}~4Nxa| zjb1uJ*L!vecj z*FCJ&1WFzY4`mN-?`ip+^TZ@ROd&asy$$P7olO zASm4#M0bYAne-@+rD5%jIQ7tUq#EgBP`I||NFX^-<_T@5BzPmjJo{HDV;i*UM>e5? zvk;k*Fr{h)0oA6;@Xo4o05bMQy7&vqs8;hXoDX#0g3n<}*g{Kk*EKFEHe$^$1=pf*JG$F|rvb6!3g5>gR64G^ENn zH_rgTi{c)%n$0lz9%5*^wbg!gL6ataicxNxqsF+8R~VqD2d(bin&N>ToyMht4}a8Z zWH6wNs+oN~40xXeiL<2wv_s5#EeRGcaY&`og*c9Ro7msC#!{MRTH>Ax){oC5!2&{B zuiS2}MgkPJdDbiNdoUn@L<61)3RBZ55zKZ=h)PgTzT-mm;8pWgv$Db85UsZVnRag6 zj4+5$NLNLBy8;{Mf30@G{vUUbtNC9kbbH(Q0nV6=1wuBX(k5P_)zFfJ2wE-7rXv&x zKQ!*{YPYv_ZJj7XaP&ke%jrP@Y@ zlW@2ZiISY>q62V$x1Ot2vgssirE<-(MS?Ol0O#Lj!`X`g1`@L`&T=aXEo%Hw`v+w{ zpUPCP!;}UA5Z}+lqX=cnm~b;+1#M;IK}{#=W5B1$gst3+newCE3 zA7{QDIA@}UTZ{U?-8}BJEB#*v74)X{ z4c){sw5YGw7nYww&a|sZ+0ga4KrUU6hmA?AHm1z)!8`6>*c7!874eB8+SOcMXkoABRm9~SW6YIlw+{FgyR zbT2|CL-nb3RIWV2=Bx6{_)f-1hS0>nd1qJFMKX5{Df=Z`UCv5&T5jveZ93lyvc3-5 z7609m@PE{-@LvW!2L8Ky4nCu3wi{)c0%@c$*z_V^cLOxFPFBO-ic=x?VCHsZfiT>m>f zITkQ#K#(#1C-)Xlx75>Yh$HV`8j8q!n z%cXtr-z~%bSM&c;=&|tMeE|Dktp+|m?T7yo?0KuQb48(@ywr@3#Q3 zJN^&5-Rk^LDfHm@Umhd(!oPhl{$Ex2e`MMd|2sJVoAG~CwEu_AYX83!dPMwh=>Sw3 z;3;Vn{`GUggU`AQx&i;~RjL*eo4f3w>>F53Tgt5wHH)wYdiKzRzv@Ow{fAvHv}=$_jdD{Eb1gxq z`_CUYChS_)?H)Lb6Pl&O=Cb2h_Q1ihOyBE=LtQgxI4?mzOhnhSmtV~qY5MZX`hOGt zeT)J=3z27jtmoIbZMhqCyTBeG$X(Lg>Wbb& zU-(NanDEK9PE)YJa%-jlX*JDf6cg&7?PU#!WyI0)YHfO@kYoCH%c zli7RYKF>v(YgKx+5;Dq!U_*}N>XF<|%|#@!1IiMz$#Mx-XQ#hio?pMexjH?0dvktq z^7C1)sO0AQXUH!fZfH?}+f?P|`sC-8)w!n-EBa;bzrOwTr{8{k{}^pd0vl~=-$D(x zZCc8EO|wqVuWnA>oLydD-CUeqU!I>{-Mstt@_L!`^G)OA`F*^v&VE1BeRFS(6SirP zoDJ1IdwcTJo3q#3a7?dT=fY!{h&&Gb1)pNBaAi?%e!IFpyS#aOa6zohrv6nFJv;Uj?KZa_` z#rP&Ndi{n30iWvscku={&HoOMivHi>VW;x{N}=L{Uee!`4VM=3-r85z!rwD9G-E{n zzh_v7i2Dlx)c`0P3Y5v}pm~DD2X=g3&!Th@@!aMypU>>arR9Y<_18O>Ym_HCS}8KGE8W@pY`o_FH3B~cvLPt6MHtQYO9pO-CXEhNc1g&q$>qKCl; zCn+Ge4+hSn)a+)NX_o$2kM#ey|8z*Kc&HOxE%d@QA0zvxlf<69OSUqMM<#}5x1r9Q zgN;^0XX_Jh%m;%vG^DBrRgCCeXp{ao8+@M`2YQqKKR!Ax#(!*etNTBt(6*boeN<%A zj&6S8j6{*UIP1GVEdHt-#%eI_JLW^{uUvyPXH?QX+MN$#n)5aRWa)+;%zKr|-LQk0vu=y4>{zBFzi@VEALHE*H zxo>?u;r>+Gpz`!&$+_}?}9%QpCLF75wUzyDJXm0^0?cQ}e>yzuF5$n5|5gq?F#eY>OJx@M(N(~T$TLqZ z-7lZ^#{UkB02}e&DX#x_j#^dxhf?U#@t?EDC2D}m3)qr&z(0=V&RhS6HsQa0T#WzJ zYPG8P@1@W~;y-r>`jN4o{Lai%3-24C9q>OKZ@J!Iqd zQi8G}xG$4*|5m8dLK5vn<@h1<*M76L`u^qszQ;eQR8sd_!gHZUFYr^A#58T8CIUaj zRG<&eW%}v#^0fpa5X^E68@lk$C{0N838)c*$Av%{adUw~X8~_Sgi5Y^rb+cXHKNkK zbj`5a*u31Ar-s@WNvrk$<=M&Wi!(QTm~(WS{J&1Su>aHQbUW4juM~O)mv#ie>G>68 zniEbn#%i@|jn16=1~ycU1Q9c4zhV!4FXw20}4*UZZvQZRb^s2?S(J73#j#9jQ<|dz_i(G47+(Z)RGKzbvVC7fuGc*RB2^P)6nG zzz&go3sU8;3tQ6vYt?@pt_<5coR|WD>ipVWeDN{odVhRrIruoB3?)oQ$aK#uL5IU+ zpl9|eKYIH_qMtsrxqV2ND&Zupp6+;KOMD=vu{wELAJZCCwz^pmTV3OX(V9vpNsD#2 z-Z2}{VQfQy89eEyX)6w3I-=f4v(=C1MsJc%DH1qnqf6M#1V*6)>LnekILI-LfHGTh z#=wPDW1PSMr&*Y~RV@H7mWqe->-IL98MEa?=-YzRdKUqwWa5ETlU zbld01cV6`+32VWe1SpiQ;$%Yt`Dq9~xAtz>{oYB-x#k_-%HKpO{6dL#7X z01wO%l6p2};}%+E<)QA@Y%H8}qaa{Pn9}mI_9M-uxB)f>bb@+{Xt)##PGKYu3?qhi zL?Dx~Kr6@(^Tu6pMin>nUR}jh6gz16Fyl}sN$y0~FUX2Yh(xv)rWFA5P49oWL=Sa) zq3E45-F4^D-oi47JZ@-n}%_>olE}lj$TLt3>2!x19Js)qF@0%oYVJ zQNc%>xMvm)K3auDc zVQyr3R8em|NM&qo0PJ0TZ`(MN-+#}aVxT^Uwu?x9iQ^Q;JqKjd+#XfwvN7o z)?-w@juNSe_^$QYb(K5!l@MW!E21c8vflvki6S8%c|K7pM33?&NfdV}lZu34AC^uR z*B8OxBclBAQVu=}MTZoFy!g^=0hMt`rY<89_TlvW3Vz5cSejqwlQHqJ54trxMnM!8 zuAEAR(b6JZ_93J!`D1BnEch)AP`aaAVR+8cJU>jNLLq&^Wb?MYw7kF&iNv%6OC`0m zTtZ!+M=@u})T(kMroW<)l(RnEwi_gl3tzpK*KGtSeL-Vop1mLAoKOH68H6Z7B#cou zGUCm-gG4_OR87J34>$t?H^~46LxoZ|+IGJ|ea(HWR4n_=rmwYx^wJia$s#2x*$nxJ z%cgFC=3=|y$=gxm2B#A)0@-i4d8Lhqs z46o4-i9om|f?AEEI1CVCtr-HKOmUdu+i8QSJF{eJ70aasN4GPbWAPFT0%6y^il>~oGm~a0I zWo(2t0myEt;4DI>BuuCpLrAsBGQ9Jq9Dq#xv9A7tGOE?R2j@dQ#t?9r5H{D7La~I| z-YV0$ArC`7p=@Nhhm`3oB=}b%O?sp&VCbWiL`)A%{{=?e^d7-aL^y?kAVxMrg#w<> zME%@LnMPC@C+8Ue_;J#QcB>Vo-y@97u(ms|E@;}tPYKFROEee{@Crlp_2ku~+fY2z zv(&g&@ZtAHgA9k1Q8l&6qmU0sm^xi5L_5W-_mX1r5=T@jU5VqE)YJ~YH5Su6(-QYp zxO#r38Rn4EX?dMSgM=t-_pEmi^kGOsi3UKoC`?NyL@+xn5h_7_`HlaJ5b_n3Ht`azW|kyE z(CT118KXe>zIlJ&xVv+;RiX^R(F>)#qyz4~Hf%bBcWD-k zLH&8IBAe+tr z56)YDmDaBx=e`{{XP*)hI&+eFY9#zMX`TKzP6A~kk%YMGdT@>YZ*`B`^ZH+}2s^d@ zuYyW?)B1#7>JVDgyYAffQ^c8eF)15)J{QQP=kus}+iu)Y7WCmA4=!wuMudt4L=o*` zE^hL~JaAK9X?nVwcXyYs4i~J82lw|4y_)D7FEw?yjdN=@Am5MyhSENO`8~YmO#PIW zkTDM~taE$Df|yfgy;bD#cD(G?XpU#oh_#fS1jsGu+HpjoX!E6t}9TO2C!(cOIuonN_ z^8Vl9(Q&WFe--q&_+K_hRx1NhD}yJe-S8iyh^UnGcB3W~_u>bY@UzO1Q@c$V0zt#ZzrmgVb z*=+-0d;A~vdiDE1mC&Q(e{qgH2>;H5_HAE6(dXa|2^hd#yIKP?W&MTVq_Ih?>f0k($b|;^la#?CD_>hLUG;Qfa zfiV}#Cf%YK$Ub~Cs-w*)Uy!&QXl_wqrx6O= zpGZ(1$-=qon@B9v9j($h1X;C5X9} zsPp~j-`8gBS=OB*Z@myH?{6-Y%_~^Q-CLd;Z)6`FypdV5R>>pXD`zxooqm{#y>A0& z6c~Qy>S!JQ1B^pHjgWmtIM6ltKRoU(`2XGd{r_sHh1_3`N*$u+X^@6w}CxC zSh%FW(G~s2zVM$lFy&L|ou+V(<;F|_vSymkC~m2bC%(@Urrs_H%}p~9n;~mIXNpjU zqTq}z6}TlEI1irB$$Vv)94-C3yFAo`DeM(O?s>EDVQ_!ne=w^eBe=hRKHrjeNf^H4 zA@!$yI0+|YD)V&XKF>s2=v5Y40dmTPU_*@++L1=5C`2N&6Uq{@+r=8L&Q5>1Jb(Y& z_0{Rg+w1d-lON9tRi%+@K0|)RP=oUV+@vYj?@xYQ+MEX}v7%q({`1?PfB5C+-}ceR zG@#+S{>`;u)2?N_S9I(2{ObDT&DrJqtLuxi_m}6VSJ&@;zI?yP`T4qe^86v*S7*PT z>9KjR#VOk?INqA(p1nQ!;mz6WO*m%ZRtn*gvbe2z3c%L>j}2*z2KJSgMtwG;zA7V=Q$he_~2OszTotJ_=*^0kvN z95dtx~UFWga7v7!u{`VyT*StRL1{6kM|7o|IG(WkZvZ0D@g;O^!pJ2&KSeU zljG)?^BboRF_$X){fGnmEr~~h1h|;pwTCUP1+&u!^H3(fj~HNZ00SIyfv$OM4r?f9 zx!#yx)qVbAOrV|`DqGRK)o$O~b(#^1rF3=X?Bsc;PFotidG*q)l+Sw6&gym9V$o8T zqEqPeC?a|qd~nhV3g=+p%uCH4mYHtpk8Z60zx$^{62&8(;c9La-t!w||8&xr)A#97 zhVjV6$ecE~%sE(VHFU87@o)HW_=ZMQ^`Tws`7LOj{x=7FpZPlw>-7Ke(Q!HcbGujH z|E+{JJ{?lvn0JxVL(zVYh`5ASMcJ`0NNI=0%U*rtbtfqGyF?6dTBn~jEa0srgtf8l&@ z76EokYp{0x-|Cd(KXs4l``?w&_V0hDC$p=gzh)Ni!C*Wx=$^^ubZ~V|Mn4JcffzIQ@{UR2|YgkdzIq9SL6S)XdCNME!MAwcENw~^4BIBU@iU+7ta5B zNA>=HCA2U6FT8nKl?EuhU-{Is{TgU{{BIlmZ4>;r7S8|c-~X$IDzN{(%Fti9bN%0&*Qh@ z3GQB%`uNmi{1C0f|1Ak=Kon-zp~xOm{l7}+nTb?0gpq<5 zAu@Ooa(A7&H<-zAI$+r|9kloTHxN_H=dc$Gk+WMgay$5I|S5Mg#?KzOLWTK zMzi2&IQC}v4khyl^}Dl3ot)hnT$+f%i{%AjBLwf1#AHB2swhhD1*9WzkMlfgiG9< zSyr8<##Guw&rG|u-79=~YN&mYv|RsRo}IkDIP;>%d5?ab|JUu5&VSn7UbkNVRYK3; z(#`-lJ->onbHb^{SflY?qqE??felqBK_rYBu%2Jd)@P6fDg+Zr9XJD0i2atw@g*#P z5i-qEgFlKxsy!-5!>ofE69qnDFhB_SgoT_07YsNtYmz6wI6Pm^FeCkoDj+Wz}#IY-o1Q9-l4p@W#Zo7Q{t9^9bsqtS4 zt-!z3(9cY54*EHG8~F2~HQ*_*6K&$*gJ$*O6q$ZB1dVSyfwkR;3>Q#Sg)|J7B0&?2%R zUdo?*N=PQ$<}B|^P@IQW=Zb_$ARrT}P>-!1NQK(jMdj~{fkUg}e1IV^2;UsIG9(ZF*0wAWdI(yb0(;HN_xp@$K-Qtwd zibkhd%Wb#bF&olRVncu$Jn5%dFAiWbrv6y7)sJUJ?>1Xfq;Swim$0b`j7EplPX|_U zkT*02%52R!0}qzXaRNh}JaY%jJ$Pks(a5lXpIT*}@ zHV&Nh#~36b9+)X4^=it-Ew;!iLfvcFSa|0~LBNDCrR8VsM^;L418fZGE$Str;ZmwN zgONNij2PM(flMX>tsp8 Q2LJ&7|6);LH~_o=0Hz!MtN;K2 literal 0 HcmV?d00001 diff --git a/released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.402.tgz b/released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.402.tgz new file mode 100755 index 0000000000000000000000000000000000000000..a776fadf849f43ad9435c785bc08e0633c8bc5b2 GIT binary patch literal 4945 zcmV-X6RzwZiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PJ0TZ`(MN-+#}aVxT^Uwu?x9iQ^Q;JqKjd+#XfwvN7o z)?-w@juNSe_^$QYb(K5!l@MW!E21c8vflvki6S8%c|K7pM33?&NfdV}lZu34AC^uR z*B8OxBclBAQVu=}MTZoFy!g^=0hMt`rY<89_TlvW3Vz5cSejqwlQHqJ54trxMnM!8 zuAEAR(b6JZ_93J!`D1BnEch)AP`aaAVR+8cJU>jNLLq&^Wb?MYw7kF&iNv%6OC`0m zTtZ!+M=@u})T(kMroW<)l(RnEwi_gl3tzpK*KGtSeL-Vop1mLAoKOH68H6Z7B#cou zGUCm-gG4_OR87J34>$t?H^~46LxoZ|+IGJ|ea(HWR4n_=rmwYx^wJia$s#2x*$nxJ z%cgFC=3=|y$=gxm2B#A)0@-i4d8Lhqs z46o4-i9om|f?AEEI1CVCtr-HKOmUdOGJg>0s}Y8 zntzyM+3tCVjfOzU6XB!m!`*!Y;2Hb_A(06Q!zl>#c@!ZFfN`beCS&yJa0)>>LV0N* zEYKN3B)14k4+_zP;&Uc_$`ff=`(sXhGy|%}x*8Oo9YGRG4wU&q+baqFm@wb|70TEM zZ32+pQo&h-Oi7qfHHMIClVy14O*sIW_+wrD1!YvLdk@ZsdW<39Fd=NNCxv1Ov%OWO zaYG)4d_vjCa1SZdSxE4&M4I$SSHRFmDT$aKnEnflxamEDpNMb@13`>zh6)8dpNaap zmokm0GEUAj0Py3a5A9YfO20=KnPF{rUR}_%i=Psdo0e!W9^e&*=DA&jRqMGDWhs?lSd&RkT7++RETzpS??vqPPuUfS&{sw5d z{m->?^LmV7j6!-U-q{scyZ&o;O7{P_cU-UkDxtf(=J#;MWFipq6_qye60K&IBtp>Y zU^*G2K={6Sf8V&fbG22X48hS0rM#pA?!7i_I)is<7ewCMobR8xEpwKv*=%85R2xD4 zd9EUx={n_bEmGw;D@BLk{c1f|t6Z~1)>5UK7mEdDY6#B1%cipv0}LhRU!28WlzPK!VSc zP-g|{k1H2#7bbBRTcjfK%PiPt*uy1?A_$%Px#wy3zE);7p^j{UT(et^Rv`l=7k zTYi<+uOH{W9XMy75)wLdl6h(*{55Hv{x?nnWh0Sq~RiUdRv?P4x& z^29uFQ(kF$x|?@*m#+>NtcwTt_YJ+8=o>FJb+?UkYc?R?kO79$K7jc>yyi^(l$MY& z4=${8d&Yv8Q)azl7h>b<`c$UAZ?3Pt9d)%1|AkFnD&4ksw1W~@hyPCJu!R41r{4dm zhRW!khfI#@Q|qW)`Gn1OL*X*>t_L0|ez7=GB z9kea}dlljTs8!>?3fc$$dpqO5SL458+8qCQqsO+j7yNf?`~O7rxcE=!$ZGuKjjSDj zFNrqC|L6uQ#Q))8jsGg>aq*wdk=6Jg-C&LXFNrqCzqr9{55OH05g@~0Gi9(A|K0Nb z-{H}5uf~5B^tkw6Hb+(~15qo3C#T);AESt{BP(0 z)EeL^X(#+|xdE_~{jbmeDxtmMf5Q!c2hrbYc}F$+_ewkBfB*KsUE{wB+9UoS!~WMA zV9&G;|N6P$;b#SdScCsgyH$Swr`7J({(mJ@#=jU4-y?|{b3y;dT>kTJUdd&;;F5>9 z;uT;LM3gl|5@LFhhQ#zo!IL<@nd8nYn)LR1c4L2*X%==TpPX`8YApDWhPX6s=|h1r z7s@8xq8P|Nd~ke$M4@v4P7(*{rvO8=pJJl?v2);zQ0cD|`xTs!O6B~%vY+L6Kc&9H z2ZzM5Gz@0X&6Qc5wiKUf=Dgk8wJ41xuuR;X4e2N%aZxUL>htfPFI)zDl<9Iyaq<<; zmcQ6MSk3>bby!Wi(^~tVO@;m0|JHGTJ`&Xl~Agq%_v`xxEyG1QDLVM3f$%D zben6u8Q)n5s=_McUCI+;6nU70G(w*MHI1&rA$UZoDBeP_!l1I8%&S=&;{V)}K-v-Vo zF#OEb(K`GG7>9fsA^VJQplk4dc-&p^|GV}3|J6_t@7n*E`E9TBkze7q6>iXP1ABn5 za7lloEBcRp;Xi9&%BRpfP2n8NjhO;u%`~4;+)^J;e4i&wyQDP{5>Cie=IO?Lo{6;3t1PqvjQ@ci?-}O*n-7*C-AoEsk_JHO_agwDF@}*R z$IUV4H%=d7E>-sX5eN2L5|0E4a51}U4_jOdW~UG4p-g-qF~Hye1~}vbUGvx+)=FUhc$@5N~wlsS4>ZMsJpY@`h)$6jwqNOZF zr_kq7MD#TH;G`84&cVQ$mzq5+Gu_f3-B|yB_fLl;ibp!b)!Zn&=Qqgy>7+5I@6)3U zHp)S<8u7xcCWtw zTM2D?m^(m4)}81UH_k{Ld-JQlhkq7lSqWn`nD!luKdrNL57NA&lAR%!PCM<%b!my4 zJL7VD0+9)hWk+>K@hizbm2b-~UWcW>-gl%}yqltqvAXjlKCA2MG-oWqojzNYKfh z`+RN|TWStuT3<-TKpd_od5NX z>iz#pXkYkWc=NI<4N!Q$@~LI}HPH6>-!}T&CirhHod4Iq|5puFVE=oSp}%nF{Hf*o zwa_m3-!A&wF806Ms^h;^LzUS7Dm6fD|F@zo@xLqr+-JvsJUr|z;J=RlS`9ri{uggY zdV>PrV{P&*F{@1$zThPw<-?#m*&;Kf+z2pBW?0>xrurY0cf4q@fzxror9sWDV z<@k^7cDs)MQVBgK{tIzT_KfxPcV?ejc;5hRf&bCXhUfid+6Diu`u86yp~u93A!N~> z@t^+A>{AQx8=$rL-|5EhJgvk3(L(&EcBhX2UJaGvy)C`oQbzjbk)GCHiz(}$$8WNM&rFkXTf~~8>&u%NEkC-OIQFS zWSXT0e-wvQdsL8ySqC*H3Vgy~fDrHr3poie@EVP0aBg*hjr`L1`0-<7jA4{(lcm!c zye7CdUW|3tjDrX+D|x0SG>hT+)T2@zEyq8JV^<&vB76)Tum=C#cKQBS`{=k+L&FaM|GW}@C1)S?o3>93Z3|`K3hW!1-SgBa{ zo6X5&;`ubI#N%Q#`}wKnOpP>OdX2_^aRHHa4u)JrMjvQ>Gv*Ue91@A9VM8P;5qJOs zhbVLkPXv4jxL>F@#enDYsHs!32hH1#_eT?%`4JqW(e#reQ-47^sqT@sLLP>EqNSkq z8fVCq>^B-Nd?@OgS=}S5#>v1`oz+^*_!3-L(7|KE0zDidNti#TZ1jKstE>K?MPxy| zlt1~DkW9GES>BhRI1jDP6$z6-Kqge79$P(-3bnJxndu(m0ZN@R)pGo4LA85uGSs7P z_5YAED#r(QiWGa0DSutrg8pBr{$02-Y+X1p6#&)cwY&J@W5M zkynC_M(IS)?Nf2~4v54cduU4skZo1MN!C0)@Wz$|Kul+K_N+aoH>hlL^C0%R#VMl| zjZU+c+ityMHl(A(h5$8q(oeHq9Kd8u{jp}NAJ2^5ZMLLH;h>E!VN(+rjSi`w4y@uJ zZ)gmZ*_v|(9xR*V1co@t!_+S80r-hjJeq~uvC&MKttZC7R-Col$SsO6phRIf)nlIM zVNg7s-?Q=3BAt0Cvn3OpEOvW^nDgSx1U>J|WQ-Kout-(g3^qU{OfU@fUtQR2l$6FQ zCW1t$P{?%HK1aT@rY}fX3+5z5p>z{3bGf^jZhtOI-W`eKkovZfAu6fiY`!jy4SF=@Xn2bfC*tr%g@@6td!yg*cj4V)JsIerBrbS zBY9vLF|;!RnM?#)L4KHZ?t(L_xLNn=CT618Lc>Qn2bZL!Q(ZqND=Hxt`Cgb-04y-0 z|KSpS)cuj>(Irn5Zew9q);~9)n$JvPL>L)qpUtGbG|THOpOuptB%Y{LDc zVQyr3R8em|NM&qo0PI>#lj1fLo-@BfweRK40b}zuDQ>f~o75)R%@i})ODcy(Za^7Z zQb}!UsZ{=Z${&C+HsHlDlPrCqq?R6iJ>9JqHX!*NO`8kbo}lFO5X^I%8^3cu2Sd&h z!r$=5XchK$Lc)i=+pnuyR4Er~(H}u@$4RcQ&_!x;Sfw^%{9;>*x ze~EyUihzWYcGO~w13{o>4hNzD9iciL4T-5hf5bAbls20S-$yxOZ^%UWrnHHK5UmD| zBNnqwX*58}wC&OohNWE$1_&10ao6?uyIgI77N5~rq2!1yyq1ra8=)yFe~^|S2rQ#H zvitEn%cjbdV>zuu1JP3Bh=JCD;K{DF7OQbR$8|i{ZN2n~){|=cCk%A}gto(j$PyaM zL4K7#IAH&SL4UAq|6Q-|_OAAS3CUXyXn|h{Wn8k(^Y=D3!G$+L0!Vt{T zAw>}65TDlN8Xy|1&0##OiZvjnAoA1rVO6XFVV{N0K|HRCH6Wy-yVTcBg8V*zQp5_1 zBT%#BdlDg9f-pb1U&>Sk$eB@*PGU!nN-03X7{)S=Zb*>S>L4-@Y!kA@nB_`uC=*vi z6O$1;!%OEqVt@VJVr&6{@Drb(DwRfg_weC!?~%_jgtU?|ZQ{U2Vug|5WPD#qS(~KY zHnF#rjL9en;{6`6ILH>1h0WToR+B%G(`G*Dx{jC;S28tGTbzs_40kH4fl`SX@MJ*R z1T#MEvQ`IHx_7<#k$%%Y5T0|C5UqvT+29R=UD2(1^j#J-iJqv>f?Z1KBcQXpn=!E5 z()hya0G73^Z6D3i7-hQ4s)tUSaY7?@4L0o>UvOqgpxHE~i|VvfF8TZ%Gu4r3}a&mnCIlV@_*c`jWp#YUY2N zRJleXcp(4l_PSmn|Lb-8*Zl7ya*_OR&6?8_L5Dc zVQyr3R8em|NM&qo0PI>{bK*7-&oiGwbA85V8%R35<;b;jZId!2z4t|4K#eVFB$+v; z)9>DqZNL~C@L@?No#67p;QzX^~)Qx*~U&YD&PXss@ z1`HEi4?BcVFc6BlL&2C39VR|fREEtM21Al@rS!7}3j*Xr^1-MWKa_sLAwn&I;*eOj z35g1fP+h&!2BXp@3PS{qUE6fi|2|hcAlX+`nh8E6ORp24riw|El)rFoAPhAz3nZh- zgC;Yf%CVfzv5w42;*fxpA*0Evb(ZUXJ;!x?*X_LZj@FZE`!^WL5De;%G>o-Dr77_5 z@&`xke=z6|cJ1G{rPlthA$iLI$?%&&ZcEyE{aITRTzXS9;B{UZ4~AqEYa^lwY7r}n z4>)6-C1wzzfdC9xCz2Xbjy2k$OmEG)qa{-NAp}9v8p5$++@KnXFpg4B)FrZl zh%cLR4G;-h=P<_WVhxBHu>3H7Sr=lj zy|4(ifha$?Kgv`E$hi`+OkzilN-03X7(z0RZb^{T$}m*?h^9hrDPt?*smh3* z;icmql7If~5VC}j1&Pm3l|mxFAAkAUd!`GFAgv@sDjV1gTVo_R8Q<4Z_D%BLF0pr& zgzz{F?RpQ14YCDgVX=0r#q@8aW;>pAUMGx*3Z9y%E)IqnjP@$4fl{#ycu~N0f@ycV z?5iU)JviTdPk+e(3|_LA2(^a!#o!f!Uem34^nDgIiJqu0f?Z1K6QHxRn^Lga(F9D( z5LUIU?GVjTDWS@yo(^CtM2MMd%F6*R9bK`5>t*-(0bJ6| zllrZa<5}Hi6=W-^E>taZIpwC5oletpOQIkoWk7Dbv=Pc0b6WG(hx`LlGymJB$~6+f zBl(}-^Swg;*YkUA{&y9*O8&QD&H0I-MCxS7V$gF)Q|J%_VOiV0X#Q5*=6ctB< zI$Mk!=3|xmI52!W2wbH;KkxapUht{}XuBitGZQLoaWj#cCgk0$%}DSWn?HhV?u2ou zhv($#vypDfh}95s3E3}{hW>c5_B~3?_%G8ldA)1kBk|ws-`y7CzkfGq!>t{M(pGL@{!P$Krd;jJ2i|@Y%{a*Y2>nifofyYkwWRmI#U4Syg qEWi-9_na!$7?A0z>PgjG&#;wNT4|+~GWjn60RR63p4JQiE&u=yXK~&D literal 0 HcmV?d00001 diff --git a/released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.300.tgz b/released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.300.tgz new file mode 100644 index 0000000000000000000000000000000000000000..234a1ee3e838d108e66b8f0d8c2134b6799d48d3 GIT binary patch literal 1448 zcmV;Z1y}kXiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI@La@#f#_E}GXNzY=aUw3qKl(dt!aXhk{o>$~rLQMh~V5vsa z>AQEpABmz!(UfQuLY(bP1ZAHH5*{ ziQ>AhJ01?>U)ObuzwW5tzv>OHuScWaXmH)Xa(m;RJGf%*sfM2;ks;7m?#Z@_FZW6W zgpdTpr7)8YV;&F$a^ZMD6rjW9TMsqyM~?o4rCcc;w&cE#V#3~#j_^(C5CI_?1s+bA zWt&u}fu!!5wIK{kr)Ufi40i3*js1PDc0lnjs1285!dAVGkH*tnQQZD03_%bWMoVPV z*?Yqtr7p*EI(3Fm6+-)&5TyssIShTQ7(Vp*9|f zqvAo0|6h;$!(IRH_lB-}@&9v3-g7{4{7NWn%Q#Oz8|#9r-W&;fohL5*37bZSWH>`3 zBkkdPeB^@1ZV)1Y4+J)dBuNOuW{R=3-F+ZK5y)y>>_v z1UbZqO}hbz0%LL*cUiLm#3S(hWBige8$g&Ru5u9fS+fDeKcGbp;;*dP076K*Ny6nk z$ZyrHBvw#712tv90}s&-dmEw^v98XJepZ4d;RqQT+ zFSLwQoZE6#PbSBVW-RrgElJ~E6+{|>U5Du~W<063l(rqwT&Iqg;w6hRVgLTuVQd8f z_v4(DD5XMibNBJfz&>*bNhf1U+r&#e!-#QGf6Sz8OgwJa@phGri6{u{W=@zr1Qe8o z#ma;3?LZ^os)x0b-^qP#4e-IIwxW?x*ae@;NKhGmGTnx@MZAT(VwdwKKuxn_AMen+ zTLFvySxjZ90;EzK+sB+s8DPrE3LqPXB7HPYqL=f((W6p&l&Fj+HQK<##U3wEL}9V7 z%Qn$B-?@pWTRDcVrH`4q;WHfQ7Qd3E`OO|%j`N-Sj6qy1EQ#9lN>7R;H}5fv6NV*p zJ4{6zw;wbJ6Jy#KUCyCe#@D!HV(Cxi1K~?r3DFo>ycoPjFj*XLAAO&%ZKB8O7r{Od zKAu5x&>Ge|8lM{#z`C_;gIY^nod&An;sGw5mY?iCzW^+4{J10}*S&7#9+sc&+X-gH zQ)4@*a&Azs(Ek+$>fFJrIJGSOr>EoAsAtn#^8?7v*}VC5n`np$C4S%X4QP5q}o z9*qk1pFw}rztn%uA!n)oY*=%8A;{j@Q{+1>SKLqCcc=cdqp2+cgk1a{%~1;^H0fgG zFh5nP>w)3xLEtKNEwC5w!n-c(tYi~>c6~&Dr)Qk}Ur8nTCVRW@GusrGtEHm-6ITyt=(*Lwnu^1L zdczTwomU-@&nyk&zeXh+e-%_0|Hu77G5(MHqf7ihhnyw;C#-2F{I~uO@cHw}EMAVP zbdoOCkCaVbraqf2q}}cx{*+%W)$xD!;pY9P4^HTxY@_b`&)%^3{pV;nxP1S47WwJG z$Bs8_mgtzb1Wk;VK#cEwP8k{W*?e8~N#(bG!;4(xA{V(xnfxCB0RR8dSBBmIG5`QZ CD$%k4 literal 0 HcmV?d00001 diff --git a/released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.301.tgz b/released/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.301.tgz new file mode 100755 index 0000000000000000000000000000000000000000..ca0b7e3854cec14839ff0aa0138852f9e586b2c8 GIT binary patch literal 1448 zcmV;Z1y}kXiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI@La@#f#_E}GXNzY=aUw3qKl(dt!aXhk{o>$~rLQMh~V5vsa z>AQEpABmz!(UfQuLY(bP1ZAHH5*{ ziQ>AhJ01?>U)ObuzwW5tzv>O$zUz*AeRq82_QvjLaK+qH4L?UBL!htRlWi4W?v)4# zAqj{}VJ02MJRk_9%|x`9Q_GPxl%f8$$cNiguNjh;hWMS0zxzjJe)Ag zHmOhpN!>MTLl~A$(HI~Y?Aoat`}%AmdK{F z_l7-6U5@2+>I~6Z;e>%w0r%on>#Q=nJ;!whZm;vLceI&Q`#)i*0w6SRy&y7#+IS$2 ziU&3Re?9IGcm2QL8;snG|DQwho&$>GS3+T1#(DbLSQlLN=19=%JaOSq*fcUE!x*_!;iCSKwhMvRmCVs@0NF4U>7#KHy`2Az9+lFgL}fgw(FPta_IQCJ3X6SR zwu!#^&P_bs$}w~;eazGipW#5a_?0ZpZ}!-7obTLc4B}#8Nz|TKdQv30d5>9~Ff5_l zVJh0V{h&dZ7}Lh+at_rpzQ!dJOMfaK2w&1lh{nL;#o#r9$>MnX==*$a6FpYH2=;;S z@eGoK*0A2u_}r)f)~#h5)LQE5G*A^64{+(U{ABm}1z>68$0Z@T?sY5ou>5S_PB1H; z8rwmYbAx(?{;w!d=MG-Qsb%RuJsr13J)7Q|A3%1_=FO+uM0>=k=ZWuaK>e)vUeOcMQ zXjG{G4Ep{4rT%jcIZOR#!GGv4-8)q0#~VPfxUPa-es$rT$(?DDpbR2hn-|7F6BSd+IH;eHIt2ns^ZC(ZQo}V zr9j`7?rR5D|K%+tf9tejrp#$tLN0OSHjrQS!JuLOSIN=5+224l`M)>39vAX||9Wuw z|K}`nmi(Wxrk(7+Vd;KGeOIPBJ>%s6N-D`W+1q`e*`~N$EfwvbxOzZC&#eyDR2&Y} z8;+>#yy}2_W@#AzH7eQotDw60Kkg5T@qctZy2Sr;$XVil!kTu%f9wAMpFf|>;^nAH zC+TASNZI6N>a)p0+U@?~Px;kS9sg$^Zr*?T;Dr9kHtN3r>Dc zVQyr3R8em|NM&qo0PI>(bK*7-&NIJ4bA85V2qYcea@@6ZZ7-K0>GgTBH=stAG}4+L z)9HWj$Tnb%jbm`Q%N+Z{NGpA7OW*EFiw($Nj;0%M+nu5e<`I~uZeYT<<2e}emJo@H zBgOZ9|7tKuetq9B{`$jy|DreW2Y#>L@A=mke(%a3US2T&Si{ee*bc5!nt1^b3G}#n8=xWn$T1wTj4P$X<~$5hj@TPAF}^7sA|XPnA;1xH zY*QKykTPAnw1iRV6oUf6V%JSw+u!AC2Q>eJ#&RV`Y|-n4XamDFCGC&W5(r@#&5?~K z?=5>&rX0)b)ET0s#t{Rp1rL%{>nv7wd!FwNe82OpceI&Q`#)i%1rXY|fru@ku>r_~ z;z5o7UtjeH+y3A0T@L-T|DQtgo&%cWS3>Dp)_eNdIu~5@rby81JaHM0*f_SNq6u0R zn*iVABbPjJg9r&iAaFq>b)p<=tQT;*aqEuN7`TBDhRJLYcZN$sGgcyw(n!>0zukYn zy#tz$m}dznww?e>lUUvdAn%NNe-2g;`wK(7&`*j)gh z85Qd!x8D@!#c_D$_C1y3p`xz@B(EV75lnu z9ewki>v+16L+D!in3)?s!+~z`D><6q?6Bo9-??8gh|8HHQF~q)D4FKw9cFRDsDy6& zsp#VNg8^w1Oc$feIaJH|8kbBh{i#DBd`T-2S_`umgEt6v70260-{otY=!yD8u=j+I zXOJ9>f#sGatZ$liTMPfTgt`mxScH*R9;c^0R$A!K`>{ zYzI|MEt&;}zoJBwJ9rhRmZksfble*CTzYGM0NFa5H=phj?E$BrC%&@*^|O+DS@UV` z0@HL>1w~7`3tfv`32NQSF0<(sB2h4w@+P;*mXvWJAniHj{l8)TXHzO`Pzb82|Mahh z!$SS%vfuBY>p!QElhl9KtU10Af1aFx0iI7oKk-D*|SOY42J)*u7&OfPIz5^<`x~ex|Mv#hSB3oFzrH;G z|8o*KN&e4R(@yqZvvfD3zAIB5pKQ6eENJcNtUB3 zon(vkBW079sn4bh>9+faKjl|Tb^M=vxOxBSgBOKI+o=2gvo|Py|2Z7^=kGsHB0uf< z*ztxDc zVQyr3R8em|NM&qo0PI>(bK*7-&NIJ4bA85V2qYcea@@6ZZ7-K0>GgTBH=stAG}4+L z)9HWj$Tnb%jbm`Q%N+Z{NGpA7OW*EFiw($Nj;0%M+nu5e<`I~uZeYT<<2e}emJo@H zBgOZ9|7tKuetq9B{`$jy|DreW2Y#>L@A=mke(%a3US2T&Si{ee*bc5!nt1^b3G}#n8=xWn$T1wTj4P$X<~$5hj@TPAF}^7sA|XPnA;1xH zY*QKykTPAnw1iRV6oUf6V%JSw+u!AC2Q>eJ#&RV`Y|-n4XamDFCGC&W5(r@#&5?~K z?=5>&rX0)b)ET0s#t{Rp1rL%{>nv7wd!FwN{C?+K?`Sir_J6`i3m~*_0})$7V*`)} z#e*9EzrN}Zw*9}~yBzvw|38J~JqI+$uY}UItoQV@buPH*O_8A2dEzo0v2kokMH93t zHUYlJM=p8d1`!g3K;VK%>O?u#STEpqnJR43pU)?hKcNW~@XUrID!1e!KsC zdj~WhG0zfEY&`*%Cb7H^K;9Yk$OYa)gdN6KHpi*W+<-)xdaWhH<*WkQ#!&=j>5(E3 zImCx`y8(y>YjYTPt7Zd;N8tI#_+`~>0AZiF&OzL-nhhZS0V8t|f32DgAf%$3G+a(a zeyeU3v4Y|ms2Kwuc!ZW9%D>+qWvac98UxP;a|~mFq2tV0$wxl(0;A-8)}JR=vAY01 zGb+|eZp%?Uot!Y5vCM}yBu#p?hz*Eshv_h81En{Vb{+B5WR92NrHe9R|NhruYypCY zNlr?YN~65F`}pP3J#z$UCu7>U#7lgIk>F(hxRSCl$+&ID+g36rV7l zQ_;ok2LsY3m@Y<_bEuZ_H7=Q2`csEM_>xv4v=(MB25%7TDvr00zRTA((G&HHVDAYZ z&mcJ%1IsN<$gLKzY%SZMG0Ie@fvUK;hfBxhC%4Zp0848>E(ytXuUol?9{rOx%Afj0J3#9Z$8~6+5=8KPkd(s>SrbQvgXs= z1*Yk&3W}C=7rGX?64bhtU1rlOM516U1 zhlTpjWxwA)*MCkSC#nCeS#x|L$lcj9c(U(MTk;*<$1{ zKUJygf#K_3;3{=3aFFc6yVa_um*!8P3)QgNVMiHCO8L*Uwi$bT&17w%s(7+t+xJ;T zDbTm2``Vt>e|Zb(-#V?BDRY{ZkV_o74dhpSFld!_BT*X{_hR0uL}9Ue|>rW z|K}uflKh{srk(7+X6bH5eOIPBKI7#7N-D`WtGD|;vrTciS}NK{F6N6IEIQ=d&2(rxz-f6A|x>i9qTaP$7t2QLbbwo&)}XKzsa{&P6+&)_KIJ_CG+q#V{MwT`Ua)m`kUBqynq zD`i38ki-fE5CD{{wS9Ge6*Yq?3)3s(a(CLSW z2CnJowy)pO>zU`>wEwiB(&==L1_Q$W9uC>xonD{+Eeh!#9u1GW!`@N%kaT+Re()zU z*c1R|Wf4YZ0HBOL*R`oRHs@h(J*YOBl=LI;i2wddN>DQYCo?mMjC*tLtTzVGW7zK( z&VRQD599go;rw@xhMhl=&Sp?7FMsg)H(l3@%*giKaHJ7pnUU#uQv?2v9BSBJ+oC~a zPi#6K5wTWstBvi@cg%a;HRp6hPQ_{>XXoS>zM67dVeQa2Eoj0Y#_JH4VR#=#be`KT zpbj-dDn=_=!?~>&wr+WI-*c%OHE->OBjVWZ;)7=T_Rlm3fp#Nu+l8Ng^0Q-fjlMRf zp%vJE#GZYE?p{&f@$N}9qa1a7@5O68~;)yW@^lJr|+32rSBaZHC0HBrBt8r=vaeu6aDAjQ{_> zpdsT7Ys!EM{@*$5^%(!}1LGeY9s&RF9UUI-`Ts6TJjWxV9T3xTygNFU?ECEe#2yDB z?AKc}u+3`+Hh4i5LLBp&0;71z-^XkQMSvx$q}bsljbvx3$|q;9E<#{Oz8L@;9FyyN zViI5wa}#=q?tOqEi~`%8!p~{oE&LHV@!W|$T?9;yJv2qXu2Q!DBUl>Y2CRVQ`hT}O zJlgC3yC`Mz4+@Qbar*Mr>r-PsUSo_Z{U26Gmj8G5`u}dq0m;#~w6`-mBo>-~1lfbcmY)OLYhLAm;np`Ep3`v0K2#Q)*%J^$ZDIUwg|gi{|P!{d_;%!Rt-dSN?bWN^M| z-I!Av8ekwW!4NKd-wTil!vb;0)bXwfFb)ei&lFjQ15D(WLc3_DJO}0s9k_JLSPXdr ztbAgB0LFwoi~P$|gZzjL(Q{c#1c~^-1RdL@hGx9Fe18cHi$WJCU<*J8Kc8HZu??); znA%aB{mH@CjO%{}ZT6>pFq^jV5BW2^b=yft*MQ%`CllMDq4vxO?|k_4+Pr~3qdENh zzoF{SVE=fFket0bg#rD*`vHatnM*!UgTZ#@!fZGWGAGnf7^nau@Gt&?J(a)$b7ATbcNsIU zCAlhD_E#fK)2^f+xRlX1KDnq#D4!#Y}+EuG{RaGn72vHNqU9gv6jaugS3wP|$Oi!Q4*@R$4 zeQvs-83nMZBRb_9360pX9pXM2KW97x_Ac0A)R~YF6c9kzG7Ss1hK;I6NQZsG4X@pz z20vbN=nd*JXs=lBr|btqkK~{S2DSPooOugpjE1u5fJ7MIOa6vdbHrE!@^DKS;gzUG z!6HlTHIWl%M;y5n?BWdy9I)~m4%)bEXx>5!k~ew-Tr<^IgC)5Dd2NnaWq52xCV9da z9~Qw@*erz{Fmwt+Wf7i!$RZj~-FaLIv`MUGkiRl>g}mdx!EDh*k2+{ndeUoh zI&lqDGH$>IW!^1jtF;3<0S(QyXj{TFi{{QjRi{sJ2k=TvAl_x>U?bCRE}|JA{^34n zdB>E&O2o%ns7dZ-jc*vc<>j3$Y6ZPrt!rG=ofn;}%8Hq0`N%D61G&iUO8z&O{n-wx z(3HwSC7N6v2)BUbI;ubsYN~QjhT7KE0Yq(TG3KT4GWKshxHc`Ffs=>)Mpmez4Q!_% zezzTCV07|uC~umNAgpvAd}uiK+>XG^@fTNeupCTfeFF6eYqD_!yPeK_Yv|4CTQDFZ+2U`fR#04$Q5%)rT>fV^2Jgp*V=U@98wwKV!M2?6w0-DW(kK> zM!486Uo3@kL$kNUA(aubv$sPG*W;NY{L2uc;XKdQUpDeZt6dmG>lpbGIbk1HASe7z zJH!oT6*@*n=Ef}RxgG7SJD2jJV zqu-t=Kb|&=LMy-j0R+cW$2ISOG{67R>+}xy_dj+~%I05LRcnn=5&wHQ81}RAzrF50 z{&y$k;GpEjUVfaLQ0#UrAgCWu$!2w+6s{RU4GUwC{&Jnx=2L8o$jdHz7G4b%m) zXIk1pte845di)dJ%A zVo__N1H?RDPfR68d_f-^5j2oAWkF}p1LaYnr<`PBL#h3U14IYW_`EvdI z1MLX&7LaFy;~q5UV_1=9V9lVj*rXVx_k2Le9^XU=9y5m6=J67f{RrHQsgu%xQkHCRt^Tg2NyF|I}g9~~TQ&<@s? zyBJB;7)M&i9@P|+m#yXuP2)jrNR`|GH6{)oTIQ>zp8hY$J@;JP&rLPL z%KN{)Zbttb9QF72KXy_+e$;WtAwPLy{LB^pOhnbwp8N6DH7~~Vw8>6?P zPXGwUrO-5IJ&1TRrWSqvtS3(dpwJk^l!F#}>)%_X^}faX;K^*Dy4(Y~Fib%1VNHYr zdKWm0<|3~V4tc@vo-i=DI{*ejKM7YSxJn~fuFmewjff0Jk|LI|7$$d^IwwR3=hAq` z?gvgbQQh?YYVZ@#HCzS&2>kP*7v#R|wAADO$tABaexo?_3LgmKKY#B6GYOdw{Mjz2Svv}z0*6Bq%Ys@ZeemWtX}%l&+u*;M&Oz`+cnG&7gSq)4F)$uweb#-$*2Gb=x?ilQUBV|pg;o>Smv6F=l z76>)x$EZbs@!IVju@1U<9i&5Zp{sVPFUOlkUKovO5FE#DHTm-PxZ8;za6dwtD%>=B zFP6^xKp01yBBj7&12I2;E(boo^q>-hJv>)j8m$_ABrXu>sulOe5+SIQ6)!bz6xNs< z$$_L_F0J^nK>{!GEYBH{wUzI|WG+D?uAc087^ryB!1l)RD`nL<_AT8hDCjnXE%tT> zWSV)-I0elTq=y}ajc~nrEiSN;-IBjIjsb%|=AJ(etNeJ=RK$Q{c_tcf3p6n_N zs32(o!jrQ9>-m4){P_0t(uh7pEBP3z^1t<#@_!!o_xay;Q{H+Q4S}(OEO;*`kI&2u z3DPLS-~_PxM;fd?bO>0HqlUO07kNR*lty@D782bdEz|dp>w7Vti?mHkoimm5p^5hh zN~80?6+^))_J6N)n2rDHANITZ{lANni8n}{&OMG}xrVOV*ig}n?F~Px?&sWbkVr4< z^RV84BUYO|X^-#W_3UR&9^sORtz9v1n_42OHCMPslxUg8 zYh>B1+|DA|9|iwWNtHSs^Wi!{bBa}w>Q|w|Lmk}>>Ml`0K_j#Lp?9B z|H&h{Z(gwDL-hzWeWMy#5*IguA6>wLdn6)<9r5Y7gS24b@ULJ2=6}O4*a%^Q)B;e^ zXivzcWx`=~5_vb&__CB(BH*?J!)>#&MsrRPg`7u#^4%SHIWY z$N%i4WK4pp9I=eeb2sTX_*&d%fn7vK#~5?r*b!+Nt?CYCc8sJ$0K*GF)|{BWd2K^S zHZ*y8ekQhPX#Cv_NlU#%gDmE@+X4Z_qq4naNHpbqZB=Zpfdy^`rA`G(-C-S^7(AOmj71Xlc7s{B4rUyn)lici z2{|V^+uXc4QFH7HVA9fuz6Y3>n|)o0vGyoVQv;~USgv}joF9`2A)ajWM@@9x4>9Z6fB4bB5NRob54n+F z*Bq?&|7Fkrj}8y_=YKmXsrw(fvmCPw&h7c0{yF|gr??uM{+Lj**PGgxY-cWAO~^7D z+eJ^6ZkalM3!-=jw%1VlQlUUHH^5sPI*-h`KO!zPU6qR@-#CrK@2nI7#Z%@svK$*Y zA1823&{V);6;Phl-Qa%Rqf_w7&0>EJ(LpOb&Az^60P~JPMAK@5?P)M$+Wn$9B z&;ziPEHMmq=))QFFRru9I{dSx?9=E^#CO(Ty}87?XiTFS__Q8{5}qXy`-TlTI<8MH z*%GxxD%z)GXJrjPu-#}vT7M4pKO?hFRpJe6(H`9g%YC+*bRnj1X)4Lzcw#w<8P;q| z=4PrxODThxJEU1$6mUd45;yT;stBow??qH{>a}!QDq1sNjK6>Y^zM?6AhPf0VkS8` zqbxxYOXI{YKd?(2;d7#49YDdm6VKJl3$Wboyx;~?#X-+9Cte6!cD!)pa`Zx~cDcL) zi!NIr`E|?=J0dNfxfHD~FGO9JWrZAxw)lWfCSZ)glQ-U_7#|;Vy%(>cv`%s3wX&0& z3r2D`1#6}6oqM2nu&Tv972cIpHig_YW#1pnS%2widzUOP?aTpG|So}H$L}|DM!~vOf1(Xm@lZR+(kdp+1 z^(TU^n4>4x_}Z$qv&k$NTZ;;NT&pRG0~DNelS^v#n8b%)hx?fGhbZOpKaBEZ|9gDV zKmn+d|NSNV|ESa1%m1B}Z~@lqh`hzqUcpfavJ@h?Zm7jtAU})9RRpz&=Zpnu0xVVJ z=nh~3yogg3vlD})fxLdr zt(Ib;1l=}--hwyYyeaT_inb*LSl1~e@RX9D4t$tIUxQO*>9SfMV1?PM5i9tHB4t3+FvPCI3s%UCy*Dp}c@ zhx9`)+I`trspkJl?&no_KbCU--#r`-v-iISy`#aN|L>xx{6ER~oMHW$^xtLHUeX8G zCJS>eVh%{=d(6+bXybQz(CZ|R+LQ|j*)^N`f>6vW3qM}feco%;P$cox){tZ{*smmw z@Vm}$1}3q5*ZnQ6W|n1{gn?_(OlsiBzn`a4y74bRDaU{%617UUNNL!Vz-!YD$H?gB zW#g?j2+Pp{|40ucevxeE#&7vYYj`P5Gnq}*Q5QO8(y~y+ednCFCJ-+jyYfc)n!)zZo%Pf(fL z)eo9Bx-!$B0ouhPU707X1YUO+8@0Qujk+pZuFyNb_$^Vu!#AeN=E1Ps3BD_>%(`V8 z>LFC*O>E^HZ5ewVsYvaFNvtX>zGx<~9b2S1_gT#r*{uJ+`urz1D?p>8psMr#qki`L z&qsrO{)gQZ_5A0hoN02QOm+Gws5lcy*{M)L&#OoC)Jj!R9}*?w1QWm*!w_de09jp` zwqj+uoQjVY%m-yP=NeVx)>c+!?7X3*)<{t_VNw;THW0>kiS$e7O@k>2-z=OAG%~vd z3M4hVMVx)2$<)R3BqvUp%X(9%MwjH#Jx-btt0~pdKt`E2)30!o7Ia6*k>Ed#XYFmWoOq zgJ}eRHZ*HBR^1@Hw-9=~xGz9gZc?S(F)CAEALs^hIyXbyx>%{5lJAa57e7`>79mEo zTS|I9jii3cPh{A)nM6IgKt3`Wb&T$C!$gwVA0LuZ5{501tGi)x#VI8pl3p(p081dM$)IoLjUv{?V`Wq;(uDW%sCm-rl<7VkWtwvzheqM4 zYX$dy)QAPGOrCFdNuB15X5;#Q?fX9>_um%o|8#o8to=9a_V)LGc2e^0|A>1l`S*X+ z9FS!$zf5Nh44;ASpnTO=%KeC4U}zU<3Z%Krmc<}P&r@&Ew;He9#> literal 0 HcmV?d00001 diff --git a/released/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.600.tgz b/released/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.600.tgz new file mode 100644 index 0000000000000000000000000000000000000000..3194e2d06c2b5f6663f2ee88723e11776b2356cf GIT binary patch literal 7541 zcmV-*9g5-~iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKDJa@#nP`25YM=%2j%yCfG2ywxj@17q~CS!+*cjBucVMTW`YRHV(vQt0TCo(BQGFAMCei04losT zNHO%m@JeH~kn$uVH*QQO=);-eCU|`gf7jg9_?4{96B3{g`eDI`G;#S27dUDBj&UC% z8fPCH-=-KL;b>r4z~PNwXVeYYBw;beV)54`p+95FDT{rWb{&!=<;}Xbp`k?(3?@|25fKPi&p5pN`ONKgdL8%K@$r!}W)h#V5DE9&?GY8@ zY~TfK(l$W0E#l=cUg6C(OGEBEE(B9_Tqr9!F67l*;22~n6*ta=&{z-}W2!#F389gs zLl*tJ=|}eI0OaJop3pe#ILoQcS(XN$;-4(zR z`G0tPa#WZ9rzeMd`M-;DZ~!l&h+Sh?2nH#%0~)5>A^J@&&0n9tl#hLAwVZ9aVT`HLBQRuXAy)#cj?yofiZ>)CBTVH_fCD&-$sj`Y1}6Fy&{*I|H|ME-iZ^`B zvM7WB0*O*2;SJE33lc>b0uf5EO2HXK85c@b0ifz2^g*Nqil#=<$s?FzsN6&(7ejSoXYBMd*J z_*;ftd=JQe$BW5G9@%poy$2$CgI5ukTe)Opguj9U;5QKk#|;L(RtQUKZ}7@@8%D7 z{<=EgvNR3)RW?939gx6PXqcM$s2_W}?-UDDL05>V9OV2Lzyv3%*~88oT09Jr%!h8L zGb#F4EYR>-ulcis19;0qgoq3<;);d|3xRMs+b0s;g9Et0VQGU&bkZ0Fa%BUvfVVS_ zsXNMOi0zn#=yHrOkfYRg4h|go=u$mlsSlrSRf~Uq@zRkrk$~20N-1W~e^L|vjRIbi zLOn3}DL5M@Q-z2&0cVJ36Rt|M8G@Bn&8(62411p2)4)KXpUFoDB|Do>Uj%A$N}=Sz ze@On#IEFxnd4pcTw4UKtcy1VWwh13X9Fi1|*VH(aV=t8mJ2#Q7$AY zTdgn3dR=7y37jO6)ZFd2KfXJ=^u$N8Q6Ed}zfSM;xN86PI=$ZB{@Y1;$D}nxhjL9y zM1vfGG2tL-B&2bYX0h)$08;P;A_CVftc>TMK7n_km)_pn{3+bt!U%<&G926pS|mwi z&78NOHQS{p+iZacx3^EtT7IT+xV`)1#Q~fgsz2%EG8+!*M`*ca zV;G0(Zw=~8Y04vzqK{z~MK|zUMk3|Q1d=2Q3D5aE>ef|#A^VUBaTs7gGLFF61Z^up zp+2M-g&atV+Oon>nHSO|e>BkUy;pB9WnH;=;RyzhSEG=Gvr45us1E(-tCK7Lk`5t8 z^L(43{uCTpXMhpAHqR}?RI=MOORpkELJmRh6XC%a!z{|#k#V$}oaI3E z(pBpet8qOnE?l9sS8cC*%K=bcLEn5UAK-9^f$*XAmR*|u^l zlueXqZ(Mq`m&yE6-%7b(afw=T917pyJ32uw$RzP0&Z4N;1zWS9X+gfch8t7}XrAhA zyNF^eG=U3(#!SGYRjK+|BVl``CB+)QHZ^LROnz*6d}P@KaqCmF?K^Mea?c_WV;|av zUg#Pa9DpIAQI=xil^n$^#SO>9n+Ju*r-1{IW|4NIxj+*7*OX<6VN6%M_ievj@n+gp ze-u9C;>F90vls8q%#WYWU*$h)ZcjI-IKRjFznc6vrc25q++aI!x%{uifAo5t-qBwE z@1huSA{TarILY0wh4h$tGvkdOZ4bU#aD9PYyI+4Gu#D> z&{8H~%zrh%X&gjZxY+df;4{!T#8|*lAp_;|NedopC3So2mQQkUK0}I0Bt=2%Ut7@n z(9&&eB=XgMhbw20W5h{Kn7C?>24f*5aY-(xCKp@~>+NW`VG_ z{2$Obr15ASHL%S8*Xwm^^8fJgXfOYFQto9Q|5@|MH!__K^Se?YI&unJ;LvQ$PL59Z`hORt;{Qt$-k#hBuKR?AKBQSJ=mgt&pw3q;##fYUJV6!JCHtiT;T6AI{!llU zZ+w`*D*GN)+#bBO_qL+-<|jTferg~cn2Ya%+uoq}Sv6W)zegV=wf%cys4Qnp8=<)NUD>4PTkp9=Nk06S5Zp; z=j+MtTJI_{VNvUAD3-b8s6ARkPR<$fx|q~^wM(VsYKp$HojPCJKdzE(ce1{LqEi-S z6MQ2V=M}>04(y%mvhj(meXjRZ#UyE8J>zbbo^7?~7?0GKHe6CW{1`_!)-ftrriAWW z<;<|aeTn(IDx{qOT0382S>cT_R?_~CXASV0h_V~i-kSPAS86nw^fUZhIb<;h&Pqs{ z4eH4}NbLx@MnLTf1)L`f;A}c*vXO4r)3unXi{`05tY`C+QQ~h{h&~+kY)-IG_RS0G zu+9eF-d3aLSM&c+&NECmJqf(T|8soO>DAAFoSy9cKRYSw#%H;Tp;chAd~IT~e#R91 z=W@**Q2{NlwY))d2G?qk4uPfc$a_f=GN2I^6uI}}{B<5zW}g`q<5Z$*CIs2XKi((0Bw& zw2S;OJP=--pj?g1wVE`WQROuMM)v8dig_JpZy0m+Tt{+jHxhBH?RjQr+lyF0A_qXL zd9xRp?=!wu57mQ>2ubtr*SAz$*WK%ey>8g+hOb&T7yWV~o1< zp>lfZfe$gSw*E7#;0+gm%i{k!hexyLfA{Bqc2a8hjZ{K^zKton=3Fft)$V+Mb5eKr z=JTV$bv^6P6(k*@Snl?&Mg(lI{eP374=ocX_WHb4KaAC|O;Hcx`!-pk*zG8f6K#b> zY;XQt9{wLZCzOEUtME`e=X5#;QNBjF9cT*M#`#kjb zn~?b{%J_#Kk6o9w=KqAnRIs)8ftH>B?DV?z`G4Hqpa0oO*(?sSere_G@lV4lG#+^Y zOObJP$8%l6ywSD34GH5KoY%A_^D9k@Q{U#ydo?sfo0IC^$@>Tv-Wz?t)3QkZdt;0y zR9&oar#_b1f5+Y9nft%@_do8Y9Kbmda_H5SQhKn}Ey*y*XcW?T1PKYQ$OyUT9Ozqz zd6uXpFz_)(5sV@>&@za|qo%!Zj6R_wRlpGitt#^Lp= zGww+B_bUd%@o0#ot?Q-i*RRodTr~eL&R)EFbLLILJNB`7{`Y#FUavm?J4eU+`M-;D z&~$aQx^`NcN%^Jlj-w{Nva9s{bwPQ zU~Xg%7w16n6l|~cmH$#Wi7{$W9p@d(a{-k1QflEMf0`@%^!<(f1#I8<9jD*#4+tMS ze*mch)lKH=#=iVB-FAKpxcbGtJUa?ymGAUb^7*42!UX_SducDKXqt&ETAS6km^dYS*fPI4KI zT0>5m1=uRQ7G0v+FYr3gq6k73TuGcJav1`{lueqmD{L|_3#h;Gkk!w}H8t|No>amh zDZhe5AFI2!B2lyRxGYDrhL_3q((u_ryfh!(6H;3kvhwicIzy)OB$eN837LB5{nq@{ zNehv-5ENvzpypx(1sOqZ4k>TJ_7ODB*)o&ja=dEJ>c;woTC1m#+A<2wP(okjtl5Yy z?G68V4Sb%-6P4$u*#h)Sp@jakqoc#SAy?Z?=vUe|LsurvGMThI_={SuzLOHi|&|->1Ofe2H_qcmwF^LYAHTqc2fIO$ycsAYFR)&4% z1Zuy5GG$gUb%*>;czny)&9ZmN)E0WX;%mv&ooAgbAvbFcG$OYv{lC8MUl+~XI9Q6N zHV62IdH@Z$XSj{QrJ%gyd)x6q}9X4 z{mR9KP;P1TW+bH5Lw)pih~eF2X2Z#VnRaFu`FYyv9W03MvdC{Z8nXa7<9FI2ZW6gW z;$~eAGuzDPEv7x*1h6X{VX$HghzifosB8DtmpOg9dj!>@# zCG@}Fh%=qb1Oqy}0VKh=+^vU<=MfWq*X1bS3U8jP{rLA!i$8zq14&1jvcm*}z8$sD z_Z;U%q`~#cuHpw=BjUsI&MJk_A47t{z7ogD7t ze|J)v^NsuNKme1DF*^& zZbTJ&kW16+F_p?J#VJbjB2SH{qXD#LOGzBEi5+ajJ#b8zp~`L<>$H~4=pSzMWMu3Y z9h#H}EeR$Slrqi;uY@oSZt_oMxBa>I%Jxfz=fOK`lSqY7vN*cYot4;VERl+_+I@}x z_rL!~sLb3}_fLVPaIKR2+Ni2*)F#wY1w4{?goQd*aaQtig$!QvIM^X4s@Xg^Q(+X?B%^U)ap$FIGhWpNwN*s!>BgQGOXfMrKm5i5n3M_J-n6MT(94fNKhgUk{1^TMp zH?v_eeHEN2Y1`Ku7AmGiKkdJK0eS2f5uh8%Dbfdyfr8m_q-8Q;sWe=46c=UjQ_#uN z6qJ9Hc7+zAI#@EFSl*YRXcx(UwbWL3+iZC8qbbYe|H3cG#)tsBb_X%8p>=#yDaF@ zDehJ+?lrCexwUY}l0c@(d19$Ra==)GBrdUR*+Qu0fb8!21J4He7=EBbUporq%ksIo zt6~mS%Gf@2cCa8vLr9;gVA1C%j#X`;gY#6A9vHc5$buhLIJr?zBuUC3!lyb;f3=`Q z1%)A|CAsyz8CCv(LUR?vJD)pDv~M$#b^vdo96Wd}tU)iQmEgVi`M>!5 zHy3kqzkiVLR#gkj`ynGXJzktjdGtWQCg+im$Z+9b+w#Z>jHLt-UEQubfW zM3E~U=y0hTf#%PqT6tfmuP)&v|DX30&3m^1B_9gumQf(O>^8@ytmG!AY z(K3CL)iBe5nxIp>aEUH11XSaXf`Ngxd+m|wUjiD>XDIYj%ELR)4LS@dO zdyzEXjL$0LlDD~RV3w1j!uJM(X0kR8@{;+#T>e|Rf7g=wWmzKsd)?Fe{eQjQKL7h} ziY@2J_pQGaJW* zzhZ&f>ELCexGWYv=mZNz{=8ZAo8;39I7?}*#0me;wVFALuyCbYD z_}s&j4oD!CcM%2i1(IV8b7Ouk<7u;*(LkCYUCAQL5itS9U!8f@oo}sFxN`LYT|kJh(PrC_3cptq?xBV71D56bzr5gQ z!{z@H{og%2IjQG=>+SD<+EKCff0^;Wru9n}SgP&IHncRE8yf*69jTi~oAd2bF2%(L z4%I@)G&k%+tNXOqT0xNT1OqQ8gQtF#Y2@E`e(^{;;_th^RK?7qEW_QWy_IN|OW=g1 z;%OzNr@l|g%3--cbuSajxzb&iz;~uwu~}Ej=0*K&)`_~H@O`H?I;EGpnz{G;qoc#( z-NH1(^{e_bHFWPxizppDA?9!amA^|nEuk3y^tn$zFKonZ+*C=R4fLp zakv%?R?|?`)A>40beFy6l;2Oz-^t{(0q(8{aD_d;CVA5Q-sbyNB#sdIy$Yqg(nqv zSTx_6zviv7zYd1^(sV=Y|wd;do#YOn46=;2=}=u=nSAm~~#`i3#pYeaF{ zs5GhYwcxMsX>S&)zsC0dT1MW2iE(bx{+ zx`#^_LDCTl%b&b1ZH%LMi==7x$9|Cnlc23YFcOD#$D?&;);tcgUFkZOa<1EbYy0L8 z!Ey3oXuJro;}Ab;*T;5%obmI{?j9`%^Vu9Qo6p>=J@^e%Xv<^2*3QQl$tXF%UpS-8 z0rU5KMB`q|%Jv`8*H&+01}?GxI=z#+|G#%~db+p&c2OGaKQK3xH`{@R50;vPwZ`sn zy059@hbG%MQ&yh;6Bbj!HrfYVGXJ}slluAZ-f3??|94WF=KmW#)XnqX@WDzOg0%)$ zJZM}`2f5)n<9ai9-#=`kzzU*orw3Dc zVQyr3R8em|NM&qo0PKDLa@#nP@chlE=uh7LF3yD%CEId_b=kVC35xtFPHg;< z<0L|%O=9~7kEWDfch9CM;m$3Zh2Pz)xUTCCj*sR4UDvJtztLOG?R^LC{kmPPq>Q8FJNMpwRgwEj3W_4i5hpZao(13|jzT(de8hQ(9YVW4PBJ_c!lGT-U6RusA&;6g&E;wf;fij=M2t%KDYaB-?g8goE%$ID)59|a3Vj#Gekl` zhcx_m-H+(g0?5dFGb2&pTJ6+kG);UgTU`%{c}7-ARkvq7_N@7KN|XGbqcFwn{tBQ) z{vVy3o>b-k>Cy3C{_mn39Kg#kq&GOo1%nXUJ_!rJ z73PS94A6+CijZW6CRpgC5r#MwBz7$MObnfPa6v=j-+J(R{Fd^I1T!3Q{pw0~$UJ!e ziv^J2m@>j?a+_<2Iyn!((Ii)%2bwoXG=UlB3Go@=D2OSExOI@(6@X`iGZ^YNK8z6w zaquC*zonS*4?ayJKFq(rnc@h~1^GE7_*d+6LAhj3d<=eq)o{=R(l`)0n8uo^E!}{? zJm;q|3Yj2oOcU%qj zzFR)n+3WIvi&8h}Gm<1U!GV39jwiynwFNUjY9UNHV(Up8c6AwP!$rk_o^2`!65r9^V zOCfJBev&i)jRaniLO#&=NjPg}Rf&iu0T+m860S_N1%ee-_4E<-G@o9W^Fc$Qo{2{X z1z+n=U;1*E3hCs)e+WiS84iGqvj&}VaiC)m z3Fcy^Ft9`Dpg0yaGv0#EVwa9+vjYy?-96K5`Gv;e?(U12KVN%UZT^3l;xNVub9lVL zQm|$I_Xlou{`cI$e*W*IeEQUV3Ue~^fME_}5@LQE;}TDZ{|%44cM*M14$f7%)HyRt6Ogq*WnI@+TwZ-h1`-O4JpL7Zzjxa5V}EILlP} zgY3|Iu{yc3FUc4ptiLbI&a6h9kcf|=^G9a?k##DS)Q2n4K4f)mcGhV^58uL2!e5nR z0gDwj@iUWr6C=|RDtiW&s58PLz0uDNdsML74Na~?iUJ0H<`ZH5 z6bEUTu_I;JY;utUWItuTve|S}>Si6Db(V%c{cbzqBP~Yk$y`{g7yDyJJp@Y|1L=O=p`KxI=B zN}f{z42gclKDT{jj}tnRqP=$M(QT9Yg}xPXzvL1%3rZ ze&#v(vKqEuBA|Y%w(UZKBd!RX6Evb6o~%mMLxqItl@=7M{aV+kXfpA!;ph=%6U2>A z^|tS_k;^=bh)+G}YIcsR?TaM;|p0FpFR-ZL9eO#YhC zG}er1EBC(XuFK!dd-9Lmhn&ASyF7pS?p*))>Ec!PqvGwfGm5hZod2uIe{H%XG{hTh z2e!-qL3RCidU~{%|GOw!oQQ>8E>1G9Yc4$&-YocI52Z;$6#C&h3_G`iFz|LO7v zP1CNfU8eK|^W7{E)|USx5(OlhtfL0n{D1wvTao`qN4>rL-${9pdHiR^Bj3n$*354U zfoO>-aEZryhgJ&N2EthYi$X2~L$;@du9Od|>Q!k+b3>r5)r{<|Y5%*shtmq*7B>}k zfR?1&WU0+#mwbFcSdH8!PtLgthhAq!Z7X5#EIykDX{|3FmUjOf+l>C2j z%)0Z;#rG;7^OEFU@Xayo`*apNSpd0%!gz|Dvgjmu-CLcq_#H=?{uJ+7-6$9v0*^vkEDqlcg9)0F+FOA+f=><#1p-B#h(8MnRBZ#$LFN z{LeFZDg#u8ni>QZjifQ-2}ZLQQ_f?r+wJvFWdpss1`14dQ{7TqA)Ro_cz~1SMIKh2 zy_~=3x%mSXM_Q)J(p@@1kw#!-YfceadUw|hysFR9#3Y7%cwvOJc2;Pk2!WNMM_F5f zI;FwNSxv-3Wq@6NkTdGY3RYbvy1$>;l2^nrT;*)umO#{dNJpEt_eqi zQ9vTh*hNA|*faX)etbp!Ys}4uS;X*iut`KXLE$SLqT4I%(bUh8QunNH&!MTbV8ObE6VA@-jc9R{3t7Inp>Id^($< zC@|+lw+Qf8Wl_RqLnj9Eh0&D}SZjh;*;cGSs8SVxx>m{7l?PqS4%?er81n^iDvG2$ z*_YH^3~{bNpLrF9^nbCQ?5^}KBNLihUqi7hB}e7a8gg>UkXOZ|+N*7qlB+5D(st@{ zZGTuM+wNq24MpcPOlSCwSe%y#t2!`uvWv!NqV|Q_Q{}U`d;Of*WqNkyo?|qTUz%_U z?eJq1-WtcKpiK!qw8~jvfrk?F_f<$c1GI9i#IV9^W2}Vz9W5H*6%l1Ns=PJTfiBgk zGwB!jw{*5*37n;nG!xXpGDyt`xmrNY3OSsE1~}`^mu#fl)pX5gYSTPbhxJT;(n|ad z4X_8teUlT+lYPsAI*hY{cX#Ee`PKYCgs~JSo1O%2@&B9*+t~#R_d=|>L&BlsblMx#XK;-M$rxw?Pn$@`x8{tzk=4vUaj zhJCduHZsa?D=4`wDD?)b;H0Adwt$%QB=vWLS#K506hNDymNk?IN6N;wH*O(cAG;+m zS!JXD0Io3SB$|K}?L0dS4~XRlCs*Tgr6%=eR58uJk$t+dVqVAD8$?V#SCJgsjYQmP zdyd}Oc0%f-&;n3uUhhR_`;4#UL-}AMLXzzJ^(__Kw)eVWuN(Hd;j7jST7Y~TY9W_q z>u3aq!||28F-BhXP&&Qz$cLC$TmR`*@P-S(w)j8y=y>t`@BaMHPDOX+uh#fh=2{Y|8HaLK}W}ly}syF4`bDAQ&fZa zzD<_McRPyXL|b7I)0@APM~q8y*5;ALZH0$nl6@@R@1?Az|B>>7uWJUh=zsTkA^yLA ze6+v+V<)9a*k_@?--OIxQN};^cb=Ko-S{%0p;vpC4= zrIm}vKQ*h6XyW)Z!Ia56o~sh(jjHu+NEln=yrwmoU1^%1`qpRO%b_94oRrs1K18ta z-sth?6;%a?E&+qQE+U2v5`{%TMA2 zkI6?IzzyM3_pHtH8IM(La-}{5N|ropi-N*-ti)xPaSp>TTh)4y0)G=d=^_z z|I0dnpHV_+%HZ{@b7l$k_bc|f<&XfQuBw;NU%y7VD_w1v2{`dQC zzh9mIZf}48|4zz5-Hp-mwrOD|WtYNRmYn#~u2T2c`Na*3*)cJoV;C;BHk1>bL~u*f z#JovS`;L>tamia1yI~esf3I8sjuu)_csn3 z*na3))^Io+AvU%C073=Io6O~nec5NK?dIwQvqu?(4FHsT={D6g zuHRjnKnLtG7@0f-Zfbx_7fxC4rWnRF4C##|tGq=%B#bjf%&f9_9HRuyFvkhY?f|X1 zHdv8JUl>Y~{2YP?#j>o=aFI0x4dpYuDzfM_ReXpdI#+P7^O5x#?A9V%Z?E=HWuwj| zYQy>?62l7Nt}q8wlUn5L^{Yz;3=1yeIDpYDAa!VDi=#H|bcXAGBv7lp3vF0!eXV>U zQ=H&cl7{RSwZ+iRp=|vjv$3?J#*?&4?Rz4pBN!BNCD^mr22LSmc+F1NE?XM6B0g$Z zZhf2SW&Zy<$z>F3H92J(u$6c zs^{bC8u?t!C83cNUqP&n)je1dsF`_O+R?1wrL(=%eAbAU;-d#bY70YF9G+Zf$W)%B z;@d4DQ|)}%S)Mwn5orTKjwTH?n-Sz_0+~4^y#?DxP&;RfOp5JzRh-qe^>ejWO(V5s z6zZXbp-fe?5nGxY{>vKpypSgf=0 zT&}=-^_xVKJg#F*6T4{jmnYduZA9s{yv#y6w^Yz#g2y<)k&iQvyEEmp@Sv^HLooxg zoL zzV2Ta&CEDxMN^pr?7`67E^4N6(1hB9n*##1i7$nhA9!V~(B>a>*QR(RuiAqnD$Xjo(V6w`B|kdi{+@&%6m>xxw0;U2_XaG(ZW% zPj?%kR=KNm$x7pLgnW2;@p{MpCCKDvZ?kc0kdQ|Emk%o!8=<_{tZR^vMh}+{D;FD~ zyqC;ukdQ_Xmk%o!8=>6N=q*S{qlfC~?GVHJ$;_IQ0SoOcF7mUq)jL=a-Did*WtX4zt+I=PhPC-UPRf-gw=NHI4gnmVW>FURjpc#%Te=_rGj}S`$MS ztuIOVd{3xXgA#_{Z^W6_Rg8Tyz6Ff@X|Y=mDa#@zhPKTxhiiQMLhi@Ef0qCG%Meg9 zNu?deDGbf1g`s0vFGJ~j=46h;+h>5_A1~khAcLn=24N=qCRoJ{sNH^PcKx~Dk&u_NI{S+ zisHTTQQ_X45I#*uGSYhaRzY_Z(ouJY7{`gCPSs zC@eAIQ@Q&Z{qKMO50{y_jqaZTP2ff*_cc+K*{F4>r3`pP(FEt}SjJh2$0ag2_2XcM zoXBRg;7p0dZKk^?IyG|uB!WKNpj+lyPfKwqo{AVJtfajZXO%Ku-Yc-kdaA=(#Bj*S z77t#jh!+^jcHb<9#SCR|qM+?iZCJ>d7WH&^_7bw#FT_DLl2K#`4Eqvh%MzB!j3&Zx zQBhokM$bScPm@soP1qGmh^k=8Y+^ZIhN5kf|8l7<@3z_S;zwQDdlMZOPs>y;s%5ZY6o=_YY zL4?m#oc?M-i4qD;Oha<3do#-X0lDVNhj%%5=xE=1B+UTcTsb)Knj3?juVt&Dy(Yx@ z$1B16;Pb!v{5RuEa=(8N?^aa{ZSw#0xO)EkxWCW;zMH~Q!m$VMFyrtt8)>*ShT6)n z0gx$cYjea)--TosQHO9Zn-vL;0-P*s82~Yc^UHMbZz&416U^!qbg|u*U89Y{6t9@7 zesxHUWJuEfizv@?r2`qasu6gRi5Gp$$TRNCtWGgwp#|k+=z@asbT{`v9b|9mHq|T3na%H=Em||#`AhJqlPqo$~c{Usgwbzgg1Gh%%}&V znrQm5W#7K6ssDAx>UGV4HvNC>o>cSypY-?oeddp=a%-i;m8%bE10lXfn{7iX{9aAC#}>km zSlab}aly}q%l{Vr-#Z!%s`=mg`}?1ER80L}Wc;sa{elHrwSCcsk|s-IBLF26dGly} zzFoqExY)pp@3_iVDR7RPP!vb{+F8d^`y7+}6*(jwvr;U);;|3`BM!OENOADNEMT zX~iu(3BSjp`QH4sY?b|WFwB>xBkG{58vo0nd%hgH@-6?Hu$>lcUpm(nZ&WIS=V~VI znQ`aLxLgF@pBc9-12+t++KHoatDI>IIMls8J7Us}Wzt6A^>#5)d%K#bn~LQYyYq{m z5=&(G)=b$t7#155?;0!1X61x>3=?@9Q@O@k7Oi?FQace6o9c=$T1Y(1T4a6cv)Ni? zyZ-<7{U4R_degn1@7m)(P6j8Z)%?%BlYRWhPKvqzqY|}O_I}jxuN3sDs%{W;Eg5~o znCdm6I89XQRQOu(SNF6x3)Np^dw(hP4D$^1V)MIfj+;UK_Xm27UH9r~f_XJ`V-u`O z7v0NiWL(G9XTW_FqY()SCs^nv^JkVKndpFq+>u`kTQ`^D2%75|H$;pf!Hd+{%t$-${@|-awN37XR+mQJf!5xuZma+-+2~MD4Y0J1=WT$ zQEhzFGHG+l^d65g>r0;yb9Ns2$!*Nn5pz{8yRrbxF7RxN{44t|@+&+`>kz|F*s%4!Qb74iKD}Cp%!)o2 z>7y|n#8nTMDjX#f%ng6?y0p=b;w_S<-XHr#5=?-$0>MxeR2`4TomtB`%ygxzSjwet z_pR-lKL*E%hk^DYyp96=QMo?01LT6AcX9Wq9n9xTz^p%Wv-aTEOrb50{aQO8UnHYs z0Ds|(vINZE^AU{)Ei2o9NL^dKi5b{p|GE7^)&Jig91r&P-!4jx{RjGn@_IW^^FgaQ zSZVAYr~B$Uer&RRGiBxZKcf-hbfbO1migav2i5c6{lV#e{_mvJ&Hp!QsO#sy=7W_s z1S<`$c+j|-4syeD#?@x-zkgUqffYpGP7ls5V!h_J;}YpxLi(|pc3<{oU-o5R?p^*b P00960pIb+z0Pp|+vBm8X literal 0 HcmV?d00001 diff --git a/released/assets/rancher-gatekeeper/rancher-gatekeeper-3.1.100.tgz b/released/assets/rancher-gatekeeper/rancher-gatekeeper-3.1.100.tgz new file mode 100644 index 0000000000000000000000000000000000000000..32dddd9b365135c0eddea9a89dd86df8edd9c541 GIT binary patch literal 6114 zcmV<87aiyyiwFP+=GecgDwdb24obkDa7* zCX=x!5t4Y#R|!(K>-hfmy9vcXs&S*5;P@D+_6Nc6WB$JDUj5g13C}t|kk(RKpHseb{;!dPu^o)47mkd5&m%#Y*nN+Z0e{NKFb;i^j44SYmc-Qd z$-Coy@=DDX1dJ1M;X>U$CAQ;Gha@3XaiOy7QNvhUBcG1#!MQ!66krz|-t582p=@GA0~*^&7!x-jy+|Omu591y8NB+N&~b+@ z$M7L?pob0#Y@ad!rP!t3z)lj6YE#{0S1h4^PpdHm{Qst&Pda1}`jMTueb;l7D}z8W zp^XUu4Pu80jPQ>haom^=pko=(3H3P`zBb(eW{&6e$T$qo8L{UWJh2`VPGi!*R6j9=g5~d$L6g6_Ex8p z$^Q=g#P#3a-CV8z`zUsRD<0%#PfC1Qgpu*6ca+^}hQ~Zc-Wk@Z7&+z?OHT3^{CA#UxanksI3&TF7ezTy)^8|l@hQ^CT;i`o%JsHyNjWAdue-p(mz9Xk$;B+Th&*_ByM@ zJHsqVBtDlIqX}yQbwbwEi9Z<`=k)3#1WDKh>4%NTUK8F3JY#f_#wduVlAeWW3?dH^ z+_K{qz!{T_6PyvPmN9?v{0&Nt{I|xS|J+d!#&kJt%(MTt+uLRPZ>zPk|L&!%kz=Uj50D6Ofh!g?^ zjHj{o9BdOn5YQ3VHe@}D>Cn9diF5&rl>FnlMcxJ86$t}g6T3uEq=De1mSG*9o}Ge; zMFGV@==*@+evJ6~6xvn|8koh1_qbzeEoN{*RxXJ4PCf&sL>RI)EOu>z&f2K45 zYmw`ci?KTxi@F5VRh&M7+4zO@!1wJf2NzHdEOBrTY&S?gx}k9T+3&9JsyQtv=i8UA zpZa8tghNTOiGl}Jj(Q$cG^}S^L%Eb*E~^0LHkU-We9rwEhyH;Lnz6RQ_x3sE(Wy9O zC=h{mF_rEIno)v~Ds+Ysv%wT(4_Sb6L)&Atw+vhv@*V(@Xy zz;8l1Tw!%o6Aj*qa%JW5IH)EDvRuk};plguNUcF48+_viT(1Hs@n*t4>H?H|{r1;) zy`|s+%DF!7*+i-5$zW!+L9|LZ7(uWs3i#v-Qf~M*OpZaN!P@D46)r_NG{~5XTTL|$ zzUEY$0rE5oP!40Yg7M`@ZSR)2G|KV7eSL%ZoXfxxdxVBuT3_Rl7BH{UI0k~LVW^mP zPi!yr7RLpY%dN4g4Im_<(L$c{1bhvDSpnO76rOX-FP=ubNT6!}?MEtyvZ{v1MwfYy#tq+-$l zw^oVmK_{Fmi+q5WrpeCT$mB^+Jidzi!wMPTxC&EpVM8@wDuRlnEgS|q(m**(=jbhk z3w&SV08<#;e#%2fB7Kb+2H%?G1D5$tj9~7HOdG@0t}Gs>O*)3tazKDr?hq8ch11o@ zGtCC5W;}NSCQuqU0N)$*)k?|7%J0DYc z$C(c^=YpgW`tVTC=w;AnK!OnvQcGjw$g_;T2&fh&RIS)Jgn7~vxgC1y8@>zZB}@XC z>%=a~NHK8W$RJIur?^e}w=FgMzbZX(S()Is&i~$QZSHhd`QP_ZYWUA}2U}tS=)C;T z&CX^e|EJSl?f>6L$?VrI=@^CGR(Q~A8B@0ryJWLv6t~K{ghyG8X`30@`{FiHm$Zy5 zpxPxEZ8U0P`dQsl&^mj}0}GhHnn%A>ieR%8O)6$$cP0Dmu- z0jzjo?X0YXdnq&Zzm{4pr=1zYjPAPuCI*^v*H(K}uQcY#f6xF$`QPcZR{3A|Q}m4V zxNi?E@R`P8ocSf^FSyW|w2gD%aF-kimY)F2|0P&%_%s2kB{mm2cAt7uj@VJuCC{#} z)o~Zn&@!%Z^RPiIa&z-cNF8)2ZUJ9N-ERsB1S02(vIc(-bJ|T%DR7k5iEu%zQ_yYh zfGRZ7H7P;8g~lX^$Tpw75DfhH2_53Nfu678FpXwV6QyFAnDbgPSlY*wQ=Z)}YRjSQ zgU$d=P=^3Fvjh1;o|&i&Q*7YkSRZ;OuF6A{Mdd#?+DsAQ#L&cT+=Dste|xvJQ?mbe zwzpa<`F|fpm;WHKSuW}i6|Wyi#LJUPCO`(XoBi~1$ylQZz}6S`c2^{%JglzBy0Dl4 zW)U4oA4a-l=#pgHgM#AxIK}T83vSDV+q0p<2q6k`c1WlN7%`s}3o~N@c4VWIl+)%g zC!6Mn5###WBuV%mkZHvFDB>Tby^Sv>*~!tzxFQ;*6-~g(H(^Vd*tg z7FP*44|$k*Hk--aX}$XN1nUw$(P!LzFnJPirPq0`ac#{3MoLUfnXS~!b8SmCF-#(> zi_|^6YB}+*R98)qz2f{RzQc`^l$EKRge-BuBh==o55n5fx!BaDHx?R9^!GxF9=|(0 zd%OSU==6C1;7GkCVq*&_*3}*oGIXiuNE2Kyr31Icm%P%kos7FmI#^0nPwmm&J2S04 z1t!8+B`F|Q;+YKdoW(M}BBX)F)=Gxh%}uxR8uOa;Rmz_pYf-Ofl`2}co?a7o#RAIM zaUAxkK2kh;`-&#T!AE@5%`vsTWc*k0Rfv-BW$R^2Jr)En&l7&;P@gGEW*l=AFQ90c zB@zl^d%(2kQ5+`WAoRNA{lW2cY=sVG*sA@n$A-J7?yafA_gv=^Cy(->+A3?UJZI|* zk&3F_(wBG^T*OUOdRgd*?RnwFaqLc9kB;aO8`z%I6e7x+Lk{f7=J#T_lof~K#9>r? zVj^DcNt_1zO!~+#U%o8Ac^d{NVF-i9P2=**4-6xp7|E1xigDQ*dK5CT6iGDQt>U#c zl~saKT}3^%TT@rhv#G1j3hw*cX}&veiN^4Q<9Zc?XgUTh96F~IW~>9VVCQR&s^2C4 zrw9HP@dM}hf1Rz}Rw@36H$biYzxyb6kN*|C!Yte4y$k9yv3*$ELCTl?cNP*f;?xs& zP-KxnK6aBl`}vun3vcb=gvNdOU_=xC7Y|19e_ZgJRVvuvCkSsEFrG4`;)*5oBFQLw z=;TR8#YRQO5&x$H!OHT~mIkE}OMW!l#8rP69$ThcFJ z^BSyh{~HWlYM|HVtJ+lPjvu!4OyW8zjU5I zwBBA;nQ8xVhk!cVr~Hb1pgH#6W@opY|I^u7?f>3S(e1w}!UC+nKA3vS1XPmZy@W4V zg2Fn2Wv)*i726)fG8UxA{(?*dh$5Q#?FHKx7*03_@h)5C&|L+;MowW0`?gBF??vk3 zlAZ{jf6Ah&u%U=xtuJEY|)!h*d<>Set9`lh2RQ6#V|izH+(i~bP4?b<}h6K78l{O9(}_zjtdQ?ITgWXd57B-)`>fSwfS%zMe^~p|C=4CK&s2mYLzeSH#HXM> z`ESA@_t2(@6NZW9>v<{^4?S&gEYJ0}FiG7GuGUqX&$X8@Fzf=0fXK;ky^#;=e}0<$ zLdG^;zX@I9lSm!-gMQ-c4I=3$7|v7Tf0{Hl$fvwlI8ir9rI+=C{G4~~=3B4>ZTW*0 zOYY2)hnBpLqs-L*m>B5B)Db@Xoh^X*@t;mf|8KRowpRN8KFYV#|Ha93Hw)lI;t)ID z4`%~F@0iRm)=NpL=cT+Mtb^a$Xb?ib@^V^VB?;+O-QyX37RAnNt`WUl2*J0oWJ*&< zfdJ++$%^%yzZ)dm9D5GB3pLJlNj+(LKvu7+s0>G)(!NW(677tp=UD|Cq~XBAayEAAv~|C zuW>w-hc9_>m^vE-@7L!>83^~}swyZ{V+Ab#*c0jgSwWOBJ>yNT*H+mOG7%_+aTofvlP@8$y-xn*HQiULmehYq23Hs-+37PyDeXH z{%h{RFIncw|E<#f-yLxOSMvW}${pnY>fo0;__eUizuN(^)yc3``Nm~Y`Je5=%e2Mp z??PU{Jo&%5S^oaZ?(Xht|My->DM7vQ)!|(cK~b5d zE*=(-bv^2XbdoIh$eV{=6yH&)754M8uguxWR%N9yFaM{q|F;D`!S)lE|5e5MZTkO} z1rI*DLmpDiPA*LS7{Sd=;RA-V68uVgh80`~g=D@}KxxsmNBNW+`vcFVK_VzAukNw` zmEsp*yX0WBwe042rJm0>p zYzwMpPif`Q^U)<pJsqR#hh zKU!Y%6LVi zIqQFCcYCKC|KIGazW;kKKvw+$#$x~aU$GO`S|FP4$@*u zu{$~^mNcNmpE`}j4N zKG91|cQln`-qU2bnBE2O{2rt-RaX}tEzq6Ho`6JvHUWp70w`cQ^$&FaKj}yIsov*lw@R z|KCqplN*4egsgisfd9dqNh8vjl?>P*4ecT*_=W#He@K5a*9WSTXzzi{lOw z?FFMr_OelTF%RJ9-@Rxz#db$S$jvDj>TaaTHXob$QN?3ei5zk^wmByto7J-UQ#{0aF5&*G)X@S63T_P_?siQ3 zC3^Ma*#`NM;*J_aeoLH%9<9?q6$l?%p(pB4SR*^|DZWpK2fpPIE{hz?kBDg>v8xI% zlu+{fZ+$uh|1N{avGFhC@s}2#vvbF&|9I$y`i;uM_rIg2%XSWJp$->S1@rfR%JP4= zv$cx<-bt{dd}}a{lk;_Rj8V{ohBq zzHa_(99>58d!l^Oi?7I1sVa@1o1p$s6^b*$HH+5F0r;oLtOH(?FEZug!H;*~h{SkG z8-wI&Fd#b}881Ig!HK&h4KqiUDPDtj@j!eP*H&!|Q_s61f2QD~@QZFh81c?q#vfE* z=kN)(fdgS+5DaYm+%*fKTfeDLrx-F1RSAoOU-h1S@DwbD_5Kwn$Kl&kghfjNqtVYT z8)I3-RRKQZ$sFq(_lM7y_{YSaE*n1UK_anVeK z_C&sN{>sTBphUjYOdfN<#?%q%1Q-97>RMdrgkK6KjemkUd)BzistSD{P|15XW_45E zI>GD0QY(FwQ0P!ll5Q~YQfHcCH}IRusLiD_WHR{K$u zk*gNhBr|;wRi(-o5HDe((8{#0Di#s9bjiwFQ6=GEu=Y&Fo;4}Svg|~6o+_{H$);wKxa>@} zwo)mJq9BQ9isTTaY>(sn?bnSLL5h0VQT*5ll~@u1G#cGNqr1@n6F2mRG_eP6N-rpl zX;S-P*{NQy@3mTlf9~$`&-(U`_>_q>ntQu@jooH_yH4tj-R+&$52UqpOe#{wQa1rq zdQlkq)a|(=R#^^;_4_m6$bRV0XOfah{vZDH;N9!v-`~G>M!lu90rc42*_qCN;5_ob zwcTv(G+KKE#z1{Mo`6v%6>pCYki%3I&r-VcRUyNh*HOM(=?#QP`BANOX;X%)aV2Jf6`z?n#7Anv77o` zKk(CQi$JoWjWHDRk{%Nf;Y)|~{DgXdm@0HiN4ywj+kOZmCkQ%Z7)2M1xFPh5j^Y4X zlhj2Zq6e~~Wq_DK*4BLzeJ3s>r(zNl;8`yKu(}B2{Sow&h(M2`(9-;`n*Ugw17Fe@ zn=}6#t;UWa|64f!K?1Di|3f4<#2Jrcg0*4z!W3~q6gXn4IDS-fvounJxJ@R9iw(nf zf8?g#u(G;Gla$X&UAMAW&u1_tuKD0@mqbiu1$qTJ{)mQ<(I#tYlF_xwf_g5r$+Y=j zSuakavEQT29*h&H8ijp-;N(>uHgv?p+PL8c@z8Blf=OsVT}EZcCdpS>DPnCB_+fTs zxv?)rW}A!~@H5VTHl2pkumD9b@#B;~lOm9j_c0C0Nfh|rH8}vunZ97T1Rs>8cRF-a zqB;y1#k`{31;l&U^)!hBAxVNLL#dkjV@hZ^_LC??9x!VdVgH6{8nbq-Ht^G7)&&BM zY7t;!OMot7QZqX5dx*8F#gSo-BoZHdjM0?UfI1PYnZzFttP6U58G-0*gSf;-B-VsC z0?!!rvIHgfRMN93OF%{qZ+tW)G@*f774dbLYqDxW$=g9wN zv(+f;f4hz5O8!4YTGz@$N$6T1P=k}I10zBfMEySeFY1GziWNU^+;J||01T~-T#&?x z6ahx=ra-~5tY1O?jG}~sA_Jmm#MdkW|Ax^e>S7tA9Irlg(=4G|B%yui739DyC!cze z$8yw^h(X*iM?I*Gx1FmR4FO?SP6@S7e4Fl<{OQA%p^ zp^%~hOtrUe2sB8@L>VBntE3nW2YyJo&=rCin~-^e7XwfblMwJ0rGCr0@ROoe=>-`Q zlR1PVty|79cd?~UV>j?Y>qW>g+kM70bEEhr?V{3}lkGyc!Pjg~IHWQKBx)5CYe)e8%~qG3H$x`;o90^zcyj78o9|1_B)5s3?V+ z9Pb#6IGCZ(WJ*3rgX8Yq^fVA#TP>p3>ZcgBXr^s+@+MV_olVh$9__<$7E^}7OdGkJ zwWo9t5m?=UctAGYJD9X+OU7~FD{C?*X!qKfGoaSY8oD?Gaw(=qKM09SM9Iy9lvH6& zJZK9{GtImbMZboSl79IELBUdsRb+z(kWBfAx*Yo65bCm+dZ71tCQ!{EHjJ{M$Ek^w zRYC!BadJqC0}7(89@5vv{H`BL8QZU-5!k&OzC#^A!WCm$gWBZ0HR=@0=3R^wR(b6- z+MF-zh2jlTp4a5&I%lyV^mWGR@xjsCW9L~aXAh7n^gm|^bn^!x(0@5?%=7=X8m+Sa zw^LvF{~jc*lM^sIVO8f2Ex~n|reIEWGd~bohj6ul3|trDlx1-oftm)Qg~Bp42%;|G z9snqfQ!o(rVeF-ElZU;*WFOW>n63xD@Vz8=$pawGT3A7vx5&h0NwvD}P= zr5x9J^!tR|CeX&kQ%XR&?IjT|A9KGZ(df{Hm9etH5AKC9J(7r*Ii z9&ZY;$4o%Ez8f$wcb5Q5QSNYJrQ0~pUU*C6@0t+bTk1%E@&VoShO;0w6S_v;ku$XcSKD&gJ z>%WWA6Ijw%p%JDdi>IU;M zr;4TSKy4~Mp9JbvmLxzh-3=Y0&=JuhoyB1R<#KIoYJ*5Q?a!C{akT*L457lMasv{q z2Hbz-G=72!WID&WO&a9zvn=_^%;N zF))ien&g5mH}hpE1BP8N2csz51OvaB2tM%{8M{G7w}eA~-2A(U7g4ojTs_!xSULi* zZh|5eV?epKO56Yg0IwbL2V~kdyYOS12fcIuD((+!U;yJf%E+aQF$WRBq9SM?yMcx@ zP!6MWJ4@jL-UXAaJ*7z=Y|GEQpA^>nf$%seadig*{R#++!V~fOs zhZGHEST%6~__isJ5GbpoN}mG>20%#T7y}2cB8+07T9oEtI7tNKq$A?=%%cyO7t$*j z1TfZ#Ta=Na;~0sPrK?bkr<5x8e|4bOvQ7ft`TXBDWH(pm{~jV$@Sm?8Y>5Ye=AHl9 zZf;M+|1?{x{r`tZN`GyWrd8N&g$MPzHFX=YO}6V+ajUFNxR=$Mwwa;wi`ztPQn!>t zwN235XjS<1Ro#-)T0Q2D1w6l$d%yIFk6Ou_R6KkGi=RG9LrCtK1XK+7on;#IZE{1V z*u3P{QbsA1y0r{rt4%(Awu<^PB78%Zq*g-H+Fyf!r9*=sN%Z23dob!F{&Pe}oIu>k z!HFil9EHNgvfS-qVW<}j4RL5G4XCIgPEpC22~b9T7&1_04G&}?@?IKqp+1$e$- z2C(9#v%As~9wg0N|BaJ!a@g4kjOeZ(Vql;xcWsSF)r-bF`41~VQT{iZ^;P`W!zA;7 zVbXOy2TyK9iLy&BUUH!`Zdez<;WjxGEI$R7|3k3c8qpM}mbzT%xLq1ZIpW4~o4mNW z$s^I%j01GIdALR#a(nwiNF6jN?ohsP60;^G5Qv;>%GP*3jA=i`MS+8KPK62LoWa`W zdsKswrb(&PJ7`Q65r+q7PXr6UpVB_|8|e8uiL!VGHBl;-i8-$&i)CF5Ipv2HMQz!Y z16VU)C8z>`o7thvkVjxAx+ykrv9FIk5?ARl(xUR8D{Z#$aH4DCF6O};`QO^B@0Rrc z-PX>|O8!4YGUY!=Y?h1qBhBka67ljlmklLD+BQyiDalx|5P+^P^zF6?NO|0~LZPsj z0LD{X(uR>H8JZ+&dr(lEAE)@;V8LCPaCbILFhYoeoE@^%0*si?iiMf606SFgB;|}T z%*kfhVZ^$*u}K>J8)O=BJ_`RwX>a2TNfUnrA0f;R^pU@WW+bejz>vGMwLSR;F?qv9t#kp)p2BAgp^P7i*^U#ze!hnJ=X1$@`=8 zcL#5e&rS{wk995)8(T=Rw(*dVzE6XmRKd+ux<93u$t#_>>9DP(gQG?DRE+MA%(V7& zG2zB4NdYkv&!wB^JdyqtAq@<+PDF^^-nJ*QF|Ns+rTpoM;q`hkQN@VXGi&0mSV$Q= zNun+_dx|HcU(>YM`Iz^*Hl%Kl4*x11V?prpIN@gw&5@#I#t8@U5|RN~ z0-+$bJ!U+QlPHb6C}@)phbPma6%bO;Ch@O^hP$W!ovFk3T;~!e_wwPgRbI97n5{2F zE>w-WImMN85jRokRRIwfud+Bv{IMU<0X=4(8_1PHcv^qVP0|pwqZ%T+aN1q307lnKGy7m#v^jArecI#8|tvzqX>X z4lt^!X!>?5>Y8yjRn=L+e1A91cIPe8WF!yczfM3jo$w1M&M1u79*lzB`d8TQ_woOk zj=x3hz{|F2*bs%Vc7J}jT9JA%0#W_;RzXD&f2$pUeu znDPYjzT4!*&o3-fcpDGLH0jC*1Df(rJQ&5lT=JXsCZNGj5Z*LoJY-1w6-(enkdb=W z%Y%%Hjf#jP{#9I=Q;kY2FZr|O6+5%=tGX|*0zY2riD6UIs%-^dCR(j(OWk@hufYlK ze}k@zjnB!pG1^XQ0_qB)A}$%L=$s(UQ|Omoq!!?+-z^By|I@>5>wj70AsW zjbDYy*G&X{lulYKr7aNEKKFr1*ttl}uL!ec7_F@?{Sg<~PIMrzAuANhFP-O)y>2fn z&D8(6K|p)lru>R{pgH>Ac5|;B|I^%E?f*VZGWEYH!UD9vE~t811)R7Fte^=B?Fgp1 zIe4^h+e@S`$n^b%N(6``n)&S|I}i{~IRufXW;vj%%de9&aig3Hyzj*N;*ySVy6CbP z3v_Vu=3`S-F)dZF zItd;7^wNp=uCs&Oa&i~#r}NK7Z3f^OUh#~zKMkU&NBEhFh$vt=KZJh@>XZK_yyQOW z6iLc3uzVvAh2pNKEe>VVYzu?b-SB!tx4CI#LdOsV76Xyf{>EC~t^fIH{0kZ4t(PI7 z#0QZ+@CSHe_7;)!6Ab4e@js2%w#cU(D;%g>WCF|TPJYf&yZsjIKwbWD#gcooAb#Q>pKlFNiVp=);F7re>bh6C|Y16)K6z({fL?R9p8} z;rPz*H1(}ac%YW4P~odhyi`zqI*ltTAlb?OKF)n3cb)ViJ_~s45T4gG=Qtk9!%TVm z^A_Hl?sKIKgnN2DDJXPf1t@>p7vcUYA;^TD^CmYct857xZO&mZm;9&=B1?aPu26xm z&^E6P4G{&FWIGUGOC5o&Yc|Go12-*#KOtMgwElJ2ebCyTQNP^fl+d<{tc#X|DX= zDc%3wZ0zi;!$ z%JF|tU?u+_B9#K<3j*YOlklZ6zOZ~$o@^bUZp*msot-8}ML0!el)89WJl6H357J4p zJRol#ds2KysZ!X_i@vgF2V0dFg?aHm6Z?NV^+u!d%;o>&!uoCS|H_01AN@Xesj8C; zQ(s1Kds}!P^{fED(w^Z2tiwVu-^!u1XxO8C%9VXD@M)L|O3JHy+<#E*H~Ow0WC_(5DT%kPsmAl|+lg&K-Rv2iIP`pc zg_lz@b#D?bvbe`-Y%~_R=BrjQiPa2`2pvU~y^GT0E8*Od&NvxTpF7d=FlO@%;Y5~R zC3Vi>>G8pbWBKEclOy$`;Eu~dFuzBS`+aV|k#|vu2;;3zQI_iSJ*_9pYd#|<8U8E$ z)a(W!=v~-?8#b>n8HzlE336BI+weeloh{4?l$SK@p)7oC(Y=&(ANvn}dNfIG;ZvS( z0?t|g>#h1;+5X#UuI#@DNmJ}UWbF5B{>dT!pYI}DbpB5ojf-CfG-v+r?zMKy{{QXf z>ixeDlKyk=|9N<~MTJbMMEbth0U1{_=+_SL^W;zOj-V;bT993vq;$_531^C0yPCNeM_lJ;qm(B4sok!)xB9Vfypm5-0FsFxK(isdO;1@i+v98dkdlpn zhVTc*Ocs;1S;2s7WX-q;3Vz|g%}r7#Hq4xLf-ryV!;Il)SbDyf8X1hHDs!#sVjh6c z-+R%hiS3RxAvdQ$sJf9xZ9dlWqlzam6M4zm(B_?Va5N+|jMw=V62eW%J} z-}syHc&5Y0?A$(@KOTFcextPT{qMNashvYtEQgCO1@rfR%JP4&xwG>BK1iAs|EB_o zzq5Uy?dd$zE6}7 zdhr%nDwj&@=Nc@3xD<*r!WEO&&I|BYkvWIFCZA;5#DgF2!4OIClr}oav(O{EP3bQ` z%fN`cB5QUIOf9??NAXa+71z~m^s^wiCVysNqVS7uKp1i49qV6IKf!^p%$9mJ(?>6N?r1L{6 z8RD6r>Q|{ko(5PKlGXpP2mm0F=CEV-}k7)(Ku0rdsKxgklYa zMbZzwAnQ$A*e!f#GOp%Q7no8(lEfjEZE=M@^hA5*1zk@PL92r}R^+OLHCCz*f|{uE z1;k5~YOpfwYZ8j^+xG14brGjr6)BTGC-GEgcg2hsZ(nr8s~4Thw=PzUquScN02Jog d+U&XV*o)XItDc zVQyr3R8em|NM&qo0PKDJZyUF=Xn%eCSIm`9k+?TnNtQoSy_*C0+HP;qCNZ3}2NyvQ z(Yqsw$GhYnk}F%a{r>g`e(a}Kmh31_aw4K=q*^ix4XZ)YyRzayY+v2dk4KAdi{fgy}jOE|DgXvx3_z+*ZTpwYij?_ zluAX!58Y30tKPY9BoW5AB8qY*2OdB`6p8rQ4~S9``jmG_s(70+sYnzJV1Br?0};N6 zi3%o-)dLiYjwptC-Ns@el}SWqZAM}oz?;)U_%&~#u>xKtC}@mKk!S!dB~olP7Ss@B zLINCs{aD6b&ZNS)u^yKLh$u_18gmoDr!+*_9#6#p0?tNs>=%H2Iq~hs&a_9OWI}q4 zU<5`;B)V?T6SuKaO4|XC6V8yS0h9`pg#L*_QqBf2?Rg|gia-1Qj^Fb_l!2g$GT&bD zP;*AYn*5QqGr00IX;|@=dwH-jBG3k`LM+1#@R?8qG zeMd7hQl&&CI}smq*(vj4I`%GbcF9F32VNU=BMxgYjd*R47^H%#nYWM=lBXg-1K^&B z`(vuSX~qe|h;GmO(i7jM2KhfFQHpYn3&1k@zq`LvlmB}=-TjUHe~ctBiD*FN0Qw$D zL#kdfg<`6OYQNj{0?woogfjIf<&j+{ey1^21K8=>3cm;*ACX{!0~nD=q8Cz0&LjMj zL^LFdvhhFge8TxfmTzhuO;UF8mi~nU=z0+!|Bh3P2JrIrFK;}IsX7c}D)o#xnQD=d z)iqhVe)Thr$r$zeB{1QVDlTUEBsO!?PE9j2tKwCWaV{MJk~E5}ARNHU(QB?w1xhU; z7!UC+Mi?kA25=1*={X993T0)jfLo7@MwC%C8^HCgr+9?It*-F?gO~8|u)5%08<9yU z(}D^EE!h1`82M)9@T+abgpo0d0f>|-8e=EK5lJHjx1JNe5sFu?kfBH}xc~qn%{=!T zAV|^y^t#<{>^{U88`|ylc3x5QP2j&$l=D^UHFoy)Us223$8UBV@pBS61x7_^YuVNP z*wW_=$5bj^rKJ@GP1Ha|1J~I6sBr~Mz8xezzxUkV|5^n1no@)OR~RP|Q7AhfCm1Ct zq_2`sSqhfO|9-E#SCjt-{r#zV7_wom?e^g`g$~TK@q)GQW+A<$FJMZg0Ko z>o$Zqq70!`Qf+kc7PN~3MilwhgnX@G`F~n1af+ zpw%vbAq&lK&!BiDkSGL_w=qhiXa@gENo33mAW347_q~6hg>K3#-G=UngmVl?DiI`) z5q`^ss_pWKViZas097(kOy+gj8$DL;^9$J8bWwt}a%kFdgLt%`$VMW@Q!@Sc&S9EFk^O^kDE}b;g$P z%!y&4_-B?Oax_W1g#%s`$yTTL9^}NXQ(auT^WKU-s(x?6no8A!(TU8 zY^jKxV{|uiZ-PA~qv{f|Tuzr@g}$DiO2Sfc;!^bczG|4w&zWB)%+ zD*Fs`##cR=ooVkJ73p~wl!XI0%3T8QTzM}>MM9#8wx;Y-aPeH02al%}CS#t7(Aj40 zgHFapoBaV`oB8dzJhTwb3cjMGuCy~BhE5~D&PhgPx6%kl)- z;pxji`?g8}1RxPSL7`|FmE1V2egaUl1P4HbAhTKyRT$3|&nieIC>tBMgBW9G-L~DI z10b2#!@qc5Ap?xFBPkBY0k5n)z+sU$5KLbZU%Wz`}{5WkrgZBkidZ0doIV_ty`Jq7V_H(d~1I?|o%e`%*oOD5J%c$hgStw(hwtzen|zrR;s|9AHf_BQMPW2Ex>Z&_Mf?oWC6 z*0J1r#w)9RZTlEtB_Fn%)~AAxXoRoL@()jbdg6gIMJ+6nBm;PIeVr>N3(U$VrnIvu zS1w=GajY>kfYuCU%j8c`P({XQK{gn5Pn_@Ae6N*q=IE1LA*xTMTq82HI2CkCBOK$2 z42WGHvaJn(k^EKgG;ywK!p4~E4KcYI!2aG|e=l>3Q#OE}Ety6*fLEzhXDK_Bp7p6y zf#I>>$q`A&IgMzh@3i6Y_uq9HUG@)Y_YUTOyyonTbLDA1|4vzYRW4;p95SsC$uvnK zw7c^LdHLzsPkEHa8M1bB{S`^fUy0y)UBuA*B{2}F%+HWtvP&Yu!_$`=dEc1sC;z1# z{3Hl?%2tjMS|b0ud);1L{`Y$Qjr@O%RErt0GT+I#L(Arh!2fRKvolL=wDSB&aXZ2(R%&EHXZ6BG$Xh#i*2%UB3Mf}!7#UZGXK@}09=8J$ zOmGhCJb*fRGMRj~s^Q0mwm31mB zE>(y^l*VWr6Bd@a*eOeIosdn-`BsXazB&H*`ta4s+tb6NlafQx1gC0>RbA}H%YTNW zy5qg3-c~bBrBk9NgIqfJxu{-<(Zi8h)Lvf9hB4Npz``A3Ee%R+HI@A$lnrig2Xonq zj4QL$d_65iJwBPMQp7}7YDRR545d63{2a?YohX(3imKZA#Pqr|K@zFSU)3zGCEw58 zpS$^IOYr(Q(FH5=AeR}Z2E_B{&!3n5(iR9RK?7Oc=TSW1(E#2Zoi2t}K`4VZkAE{X zfh45&rjD*PTS}ZFvQjTw^;OHvSwAlWH{h15Ubj5aGxyvPX9}+>=qz_gWhtonkct!v zo>afIHQdq{<7cvdE%^E8pX)i!(KG-hQmkhh_mqhr%{CA#(YXy&DHkY6Qd+_DsNE)# zy1d4Uat>Kzg}dDnwC(+lo?pR3KHNc3Tk|_oP}}#``rhbqO00}^V;|7 z#^4hB??C^q+JAco`#T%^?=jN9ul;vvPaS+&3$PLChnj<>r8)a(CCS%kBQ9XpitO6h ziJ#F#bU9}02m%9dN`M%6*L^75Eve(g0k`3V1i*9Q8s=#W<39Va)m)! z4J$GmOFYbAzC#h$6?((Zx0T6PPG%yWTqOccOix2pP#Z3AHdsXWx#A{%Nf4vuyll$0 zNB8F2(Jj?^Xp`azkN9}@o5rKMOFQ9GRm>BeE|HEW%4lErvfQ;I`{McTZhxuCSlF*w zFw`O&wt7VDlZ<}6!Z=awTr$6CIwV{aFYMqtRW}Cj3hiwS-t`!~<>{0GaRbt9)s|qb zZ1--gXzSdoo}~QVEb1)W;*~Z_D`PO$U+kPVmpjNg_Uf7ISG7{stFhLFEeaS7&_&JQ{c#Q{)|V}sQ*Bqsql`*C>4p5 z0kG7Fr|%$Oq&zn~kw*5G5R%X$^sVi}8!N}+vyW30=kCMU1+GO@+8>wZW}P``B%yev zkQuweacLfWkV?hl?4vnyMvY{vHforMHee1TbU)`%N!%qrZAgZ>w=2~rP%k2x!AK+NV{m;;K8`E2A`!&gfC>xfo8iw_FZ;Ca#q_TkomVjSF z?-!hCYUI7+T3+R=My@lWj70P=6g4~>kXt@xKM9jhn=ZML@65dNva@v5PV*~fa^1#G z;xu=l)H+bqa1|=$*Us}Vy}BN9&Z2tw`KYFb~>bCB6#|@+y2Nz@g3CkvMUbC&Xi@Vi%iYYZ?kYT9@6>V z53+31gVLwS|D}T8rKR$Jw|@R-f2X(6{~skiK>yze{#@{{tn)u?f!M4JoAjB}J-lh{ zyPao?mw+Yme`oigUzPv;-Tl39egE&Sg>^lcuO+!F1{qiR4)~(`yY1zNrEuXpT(`AL zMCM=}Rot{2htjGJZTHm(`yisol%=GlN zZC$WsUD(aE*Ug38gx12N1ZK;;8D#S+MrQqn*PLmD6^)UnDvuNCf3>_eGjg8czYrSb><%UvT(m7W+V(!&xlN`!n9yo{ zMjqr{mn*ZPbP?>A7Ts$}tJ;4Ju|sX^Q(nFiv}FD7?se!0GyfkY-F5%d_bdRcessT+dU?El+eMsb z@%i?8-%8Ma^~m1lAZ3L&UwTq}N9j)apIsPf=l+9lfL|j2`*Z%Eo$f(zcO(BFBYnR6 z->ZY?VK=~^IT-ddb9P+f@$Z0-QA+p1TshS)buUu=pl`YOy)TWomwwM>F2dE35NA!F z@4(q6lHIvK#;cV8e2$y!YeOe5GDh{$vEpgL-)E4W72Jjw=Em{zW$KJ8DBT0@s+S75 zE6Ot%dCu*pwd=s%(e$!g;h#Y(L`7&MTLZXm8G5quNB0uX0NjV$+U@b~X;yRf`?V=- z&N0p3BA*}0v=HB$e?Ht+j&4~#R6yB(2Mrg=J2)Rd_!l@U!*Q7EN;$}Oj%fM(8&8>f z>WXi}-=SMQ@bs~MpZtuc5T`PKkT#on?w)uD=|jVn^ktsbd-5!6>%mv}n}f28uJ5lC z{sL#^3-$3TF_#(NP2+|Nn(Xl6g`WGR+${*XnFYp;3UpMN<3Od!wC@px&wva4i7>!8 zQL}kLkvCR>@*giUPhBzV1b#G4K5eY>%+hFk34@K~hyVIoEii8fj(Ez93=3(XN*NMWmf31L zn3cbn-m%*qEqh9O0feTrMw!CeDOA-{9= zn%@p)1*50^8Yc?7Mv2LP%sIK zgXKD0PLRQQN~2Iu8)ukF-`j$BdJ4%jF|JOK6O1AlNBrC>mz0g4fk3StPtj}^m%bAg zdRxG7Y!(xEng|@xD-7Y1stNqZwhwPuGy~2|O^p&HC?KK?ea}CB`|+*f0=+G8kCy&< z^cF%Yr00*R>X`q#J%9iFFVQjo&pu4X9sR%TPdR0s0?;`L^olp45lZhTUtT8OPyRW% z@P6`DoOnO|KW_{EB!co(!pq|m>G|%x5znU~l8!AW_&>iz8PPERkN)TI^{*$tzxmaV z!?m=rZ2lkY*Y@2!TVF^+{vES?RGyv8+N)o-FElqcCYJgZEeA! zuI#npglQD)d*nxF$F7MnG8@DLl)=ymC1Z^YJyZP^56x5HUK{=}=hVVt|3;%UwC~=w z=dSh|mTHW+fd9cLhCT#5PKcsL-I_V~)+;{65CRcO3sHn}sHKqE%gG9zVQh-&?96l; zf{EKQPe$ijrlqb1Vte2!dLkw?{zox|1r{5c`loQZ=S(6v-ULie|X+a@fR#eH*kzH z5HvCC`!}3)N9=p|Yk=k5z@UA1g5^cNjkL~=7|K;&b!cSOy9vTb8<5C?nbjpPCp4JY zx{p#`VEFR&FK^Z&>NMr%E?Ay# zP-`Xj9e7>L-Cwtk_8&KC%8g!gbt+IIQ=de^f^wzHuIC$knZKUDpvbq8ZeYk0WR~${ zj7*i{(C{QDcL}n9GVOGS-S*+Fau+O*e3q3V}@J-I!*feZy(r-|>4Zkxvt? zP{bCtrHPgmGdp-FRmVJ&C-W%0{5Eh$-mfs-fW>(LJvci3;~DJrc3#nES&yW-7CSaM zJA3=D=$){2@NB4QvL!qOnLkqTxq7{hbOXccgArT~Afhb2y1%qD z=0kRC_u>X~%H?IhRmxr8uF+&I-&ww(K~1@Gv2T)YhH~#etdVm0J4%ZiG-ED}&#j$b z@|Nax6$kqkS}yl4zdqCK28OGN|5adlH&A=_sHs6sxzh7V#xoMS-61SfGU4H34t()+ z1H*hB^CboWj}t$;7TGsej$ajo?pVzLM9LJ6vE$-|ht@S`Zsk66OXqQME4Od&V}u*{ z#{|^`?O4jzayj8?6z1_SM`y>G zC7Ku;6C-UERUnahK*NVWBtp9_FKE&>`(4JhI?+%wU~~jCp28(zN;6d#wflAM3I|O& zCDOInU2tQzB#t;!f}W?wYh-sWrRSNb1k+)+)g^(Xin|>{3=3CWY0ybMECYxMqa&2c z*TdB-HW>rG%tUmG5>ghTfMF1a9TODMF#$58+0ch~9Aa{T5SzWnpcv?y6<)T{_Y4xt zL)13%@WKp$EUM1!;;|5hTB48uV>FkC^Py{5O^EXHO-8$gI6-C{+e6#D>x3No@V`72 z`Sz`0zMSw&NE2lajukGY+-(=I>3P3!0kMtf9B~ob6^1j=!p&*38ZYN>)CSxLjb)|f;royWvOvv^ zdV`zJ$v$+ZJN{J%S%)XYO$m+Rwy(*7)j$eqo8wW$FU=kXj}y+&JeTCP>tQlS#i3jG zq!i4R(aTom@Ip4G%<1RmXp4!&vw4;mV?IT}2y_0|-*OEk+f9*XNh=-qEifm#rT4{c zLnXg=skqZ(3$j(U97{M&Wn=+%ND!cuZIY@9GyngqQ@r3;K$V@XqTRfJYie6F)Hn{@ zhLB#4%ya(%CQ5?VIto-X6WuJ3?lS9V?v85U!rf^Nq;ONv3UuFV!+YZbzxSZsGVbne zXu}~S=2<5iI2X8^AM;yUWK1*zOfKp%9AF69vl>1evKg2NY0ZxuW79S3Rmals$d+h< z0T&^Lnxlp9-E^!7FNZ9?{Qli6_I%rU)ROIWe)8OmTCMgy9nMFz54UX(?C~NyWu!f+ zsabo5V-67?)4=RMXT4M0#F8aRL<{XBBk1|8G-sa3JBO|hWhs`Aei-3p_I?&LVeNGE zf_XKHehMKS{Yty(hJv*go5;o!tZp^CKnHV_R;!<7pgDh>-Jq$dDVqs}I5CsMQJl)` z1em5T(fQ}@=`!791C8Vmo>CuuxYUSh1anZ^R+}yARLd4!Dc zVQyr3R8em|NM&qo0PKDHZyPtWXn(!?SIm*WB5{wklKe`ld-4H3w%Zdl55rFT;UEYi zdUqu8^Den1xw6&R_iw-8W1m`CvaL7{DxzqtB{>|cfYsY-T$H6+kMg7{sFoxYX8=h zN=3vE-3PZ-@7#Bi2xD9kMLCmw4?r*0SZNj6vMo3W3iCRBqGx`BQf^j{mB9RnzztcK^K$>39t|LV;Lnml?vm=dR+D) zqAa~?%uNKJ&=6&NG!cCWI2+QDUjX*y*tZ`$lOBnZG3hme5f~wn=z23tv&Kp(Z3jF~ zI76oTP%2Ck`UeV0IqSou=aD2Se(v}?e%A|827)Hae0$47O>hbC6J&70BN|NMV1!IP zlaMA-2_$g|J_LHcgBlYBS^qtN#8hmb6N#awgc3Z0Ar}xtJPm;nMJEWzCRA`1BU92F zbKTvsQi<$$IwPva>A4^9xWf}dobZ>^kv=##HrTyK5`_B6xgAf-&}CNFs?|NF_Os@DCEvkSNMV|HAVz=NDQ2 zq@MAC#>i83h5=`x!33FxaD)*me4n6j3zP$3nmrt+?Bb06g?;FH5g)z52}XT*{qC3d z9>!E1gfW$RZXQpxaLVeMEM33)nZ{&S^=c6wFhvh4A2mcAq7WD!rGm22Sun;h zjVK$v9xrHH(+42GBMT9kdT9;v!3@h@4||h7ksei)t2tQAUoh5`l*QvYxM@ zU*NR7#`5&KExQC zsj%1EeoM_afq$kbXRFj}Z13&ArFN>`e{AWY`h9hH6!CKsIaOLkXlvQ79@$BGiX$qO zuF`6GU~msq)OU@|iXT_N|A$p4b;Wn!=wciOlvANRk-jeeYjrp_}qbx1l>C;T!{!N(9Mcgx_+BVY@t} z7=;puKr10I1jRv(sf6d}Q$voUcW1gRWh0OY2AjV3dI)Z-XMwm?Te>Zk`9>97(kOy+ zgj8>(hy-Ggci7%WU0tk7VLHqSnq}rh&C1LzuoTrJSwQ-S=|TV1@{BFvnG?f8@lP$K zY~>u+%GWz1mk%TSy5cV!5cc&jIk+W~668veS$VoMo4<#ryM zf~~ndDihrP?Kb~#trv@k1PHDFY(eXD>pruJ$1!IXO?fMtwups8lBA}8+U@n1FF;uk zrD2nd@Zsjh8)Fn}UCVTOZUsjYQ)9L*V~b*eZLiAl(j>98I>>D$&9L(Ay9PB= zxyr$6(ltV{+IQGKpH^`?LouO2rM@G5L1L>Je0CG;vv9gWqTsx?wxMc|40<^OAL)t`T%>-BKyzIi|wlZx82>@+gs~@kCDp8<(%6p7I7h};LAj4i*| zJ=GSlQ>nHjib|t{_g}%s5$B=RO*mx03V!$oyN{ng!T$wQ@)hX$ zr{pD7-aLtl?v*cS#-lvgn zUH?l*s#-F!cEZEV4sGq=OKAm*&i{Az>g)fmF1}v>A0d_3f6LO^a(}|ZGskj!o>5ut zYwiO8OC49ZX?-I2kVg2^oQ_N&4{Y%a>d+nX|2YW=gv~<kTov>cjrt-p*cTjHav)JzFx3un%ujsZLXNAU$izrUJtw!IMLh zkaHT*Oy6n4!J9X_j4u1TM0cuE1M-fuQ_hvA`TT~m^r~FSlsI5oA(Cm5L>MDeBr?d$ zhhsnCQ5t8+S}%;ZBr(4d!S%X`q4{M`yv&~=zhsw0ga;?D*YdtG-A(>WJNQWu@RTj> zBep>PclWxzy8Q3%ul>IsCDojZtju>Z?!dCSBJlq<^4V=mt&7=AUGv=l_|^=3U|M?q zry*7C5R-^cwOqf8IcUNB-=Ee0cDC2{pT|k%`A?EWc5)$bl=J!<2>|D#(oQ16un%?w z7LF?oLLztJaHYSo9C0WtCr2`UuyDxg88xfy<6=Bp-jo<{R~Foz3CpozDMl=2#nQ}J zf*o1!9OX(Q*pRL44`t3W6#rimNBL1n)hWxJr@=Ka%0grcUc$|dgB4X6a(9;8hbhal zWl6>?!goR};W4d0pKNll@F4N~?bbn;#wU-yO&Z;$WG4~)@i;WUnO=Z9EGlQF({!F$aqsnwP zUr$Odt*IwFQDo&_Gs?gA@;V)Q1m;C-b3I5Xzv<;@=ESAPMQ6 zsiSL67ZRs%d(`V&eR(r;*3ZkpHMn)H*DX)<%!+r&nZm0II*aXASqf^VrXq!cC)F=) z4Y%|~_w_xCrl*{%UucBc!cQ&jXQ_XsllLdYucQRHzY1K5;XL^9D%8{B?zDkZN8iw&59n-lEM0SKs=I z)LgyfWRnfQvNrH;-bUR}3q?$sp~SC(1bBji8q2l4Qn3I1-OPEMwCw)B&@9_d;4W_r zSg`+pvA0vZ|FgaKVt2j&f0Xq7?Ehy+;O!QG^0kX^W&>zM`o0E%k`&E8T3Pw@tORqI zwIsXNmV&QnDVWQerJ3{1tp&APW^=Ef!9%W~Exd%b;2PS~x`@_%4ehQM(dt*xVD+{e zy_I?Oa(8!Uq0ykQU}Ro%^Q;)vtDp}u``{JEiE8H}{8iJl14Z$|5>hAs+T^iBdux-& zYD^yG>68I+1Ja!7mtZYz`B>Xgta-P3k9uuWX|$@~|su91Ua2I*gSkjayRQ z@(}y5yIqz{w(tyYRcYEb@W1umewnna{UBm0~bNoe8v+IH^EmB%Quj}sKQNuj64zuRTon}-L_sClt(j?3(%)zhe>9hv?OsOY^O(#FIZs5yI zt4(dW1OM3zT#LB>6}ld$&M@^9kg*pGN^QR*xkq=yI$y)Ee))uAjY+9&;D_brQ|SGi z>y?cI(G8)z%9BQ}Go*|}^e+@OJR6W(Jb@mB$;0MuZb)*bgz_4=aMTvhn&rx%l_+U$ z&8u~wsNpJ9%CDT~jqCrt^uJ{lKbIEW|LVSYQTPAd>2}xp-(#dZ>VIp+Z?59E?77}N z1<^bPR+A9co;_C(B+atC36kBmK8{RTr|&1-NB*Bv7V2fLWCn1bniqwI^1oNV|M6mP zegETe(*5`U|7}_Rce@?dFcCccw>#C!MDZ=u^s*;T%EpvMtBXv{(+_6hXuPENcfZKC zPWMU=k^c(?ze@|{|8Cv?Z@;&{*8d+R-9!Ih3;ta2FRk<6Z-H2^4D0lj(;W<0?c42D z^Ot}H@_+k9-T!-McYphPfB)yUg>^NUuOvAq0LE2*dOt6IgMIw8ZAFcD9EuKuQa*bxKLd9+N zh@*VR)$x@zZaHI|J5nt_Rg|3xl|3bAvUn*riOV`XJwEtw?0)=ya+Lk3dD}EcILTaL z+HiFI=D1W7S?IEA;S4fdBn|O+I5dg?yyHywT-D;Llst46#9+~QJkwOZ)#hc^5TP_ z1?zuzf4gq~+w1MF<3Bx0n)CjXc|mR7Lw}9eU}oYB&EACBwc_n>u#Pu*13t~&)_vwb z4KVw6CGUT3Z|~Lp|Mq%o`~Rb)+uncsyIFWi*x|{dN4$$4Or={zG-}+%E#ese@r} zvu9U29zO;|j8eJ)q2*Ky>QJQmMelO)I|q%hkN(eO&coG_5T{L_Z^79nlEvH@;nh+A zzD6XA+R(|1j8J`ctax7VcMGyBpquc@L>wpwQ(#;{DGq?EUMk>16l5^+oSTQW>%iX9 z^rEN`ThIzo5gN%>AHK885hk&hnuG%KqDL2qfX)eE#HL;Is_KVX7bWbv3IBv{^-|X7dOV3K zPa#fa9=SZ5c`iB(Bt@C0^`2~HZQVPBhq?beFMLOx@E15O2h_l;#5`txJB=GE zXtKkrS9JTD$rqNjsuk@)5aqUw}1=%i7>!8QPWvLkvCR>@*l4oI3DZ&G@clKz!?^ zdnM^s{m-qm*fufuqNp8+@E%&=qW%BwZe9QD?eDGQzdlOZaOV;u1P&hjW=OANPaazK z^7|YJP1k!eg|$p-*n~vPYuyZ5hc=c%UO`ere7ATe|+A8f8Z6BN@{*Pm=%nku@*M;-mY?5CWtP66ng1bW3A(g>yZlP@n5?_G|b5db|6*_56R7v;l`>y@*GAnn)#(#PI&) z0DjF!i(7HC5cebuOOf;Sl=8fd4fuHCj5}Fq?QZuIv|+ou-EDV&Zuh$0#>NI5=*nIj zj*V|jXqqh+^${}b!~>MUzzHR@8yR?}`dc2-AvF+wH}}-S;`~OVG_Y~6+cPh=4N5hJ zT)_We6vGY#JWhzBM%|h^^VVBF!4LuwN()hha-gMFjLlGyvnbWkSa1 zTBfD024Z{QDtaXlGsqTC&)L2Mk#K4!F^mZdBfUY+T}(`WEd3lJ){iXbf5ZGgJw7;k zd%UX2zi|F<_qsdX`uyMCUC;kVNgL(4YzDpwgKuW-NpAn}yzAl@%um;Fgfb8`F-!b+ zoODNwX?GQ{yld#U7baM$)OV0p*%3p$YS5N>4Er!f80wuQvS4bJ%F8hg#-kH!JJoOng>p*d}u z0w8q>t*k^;D!uD;m&;3p)VY?D&y9f)hDcN@aB~IdK0IB+U{wRp5O3}+j7pnFwv-uG zg>!J`va=#|zJ6Nu$Xnzm4Y|y7&epl#Km!pe16iu~%G0VxUekNyvuz&h<@dLj(mn8^hgh)zEA3j1$jhLW7vrZP0ly0IN+IW( z+q@I;>RQaxARK%J;^i;a-`eI|%8ZT|@exFeia*_S4TIP3etEwVv8RbQ^PqcUn|i@8 zB|(>T&l#=)g~v^rc*A#God}f3)Psmv5U=#Ueq)=j4dHGt^&O;Z81Mv{AMX zcO+$*c=mL2UYo_p%StLT(p!skZl$M~uHi5h0-4IYG0B`y2a_Ft$6rQ;uFlu&ZS$ta z&Jqmha0-N3uS>l#tG}H7HM+UtbPa=#pH{f3Ew)s*wW)_(R??i%qf{Le-&W?@avsFN z4bCT+uEFBmhaMcB{JsTyz3sPjE9;RoVG3fCv%RyRJkUnBS%*o-Uc+^T_6^ zrd+~9ka--UuhQ!krE3^eV*+v6hlsND>h8nQSOl^l3AeVH6E83Ry%O)s%?hV&IVQyX zHqEBCRPwtd-RfoDG9f9h;lzD|Kz}rQ344N;*Un<^tOm2Ml&)dm4hx+XtsMxeXh5QS zPTM&#TdQr(Bc9!Zl}Pxs)2fM=hibgFO(XNt_}p5LOJ{O9zA;?*)#ca;qdtg~ zDH>zPT}T-i;>}*kZ)$UC;>jniFt2*GwXri!odSGR#Ln>TtI4*_e~nR%(N4!~OC!fT zjl$ef_3-pa`f!RPBEkrz)brbT$G8g$=Fokz^Pkp-rtIEod|;_A%_SOVSaX@l?%IJw zCV-g_ze|L6TVBwlZ5&g~(dSr0&4AG%OnC~IgelEeUDP_(xVM%x@svncVv2%m<2!Ju z#XUVwjb+%n7)j4F?t`Yo&L>5h@R8272gBlwtUT`Y$PDztONS_xuScv`cmoAmQ;g^Y zC8R7w0fQh8JH~slV?0@h(}52kIK<=vAvR7zK{3`fE4<7jXA2U`L)1&w;KGc7%>CWD z+prJ@S}2nMV>D4d_`tQS#zc9!H<0!986z_X&jZ`M>x3Nm@V`72xu2C`z8v#QNE4t; z*YgHh>CaM;5oM#2tC0bod0i!f$6R4PX$9vB28P5H_avRi@Jg9e40{~awm4)g6?glKf^1dg z(-KZo8CifG5(Fq^o1|*Y%>V!D6oHuwsIs$Bw3`=jO>Jt18pERV{?Mx&WeP=riISj| znF7_!glE=W7tCVI#i)Sd5SkQbOj?2Ndu{k=&KvJMXgAEJb`#og0Er1bNdvdhb@OA^ ze}#;QW`M~>J%$4eA&X??!vULuxgn+bkz;JSX3sCNG(57EUtqvRh@s|aamr~rR$MQG z?0(tZyIHt-wR5j!+w1)088d3NHu-!od!uczX?tL=7uzW#?Mn@swWm1Z5b+TWjLTWp zJH?GJd6Go5P--%Qo=;12=9#>8==xBWV)^KYAzo%NKA{O~r~Mbqt5NhJgmm;PInWsj z)>>>L8&9z6TIT#4%~Kj$t1Sb~`Qx@DnwpxjnNWxmGdUc^smyMGYx)wMf9}Go>Lwd# zBnR-E`sl-@MpPr1gW9x8a#5#Rw&)_yuqtXRzPVV|XK$ifiC^p|NDc zVQyr3R8em|NM&qo0PKDHZyPtWXn(!?SIm*WB5{wklKe`ld-4H3w%Zdl55rFT;UEYi zdUqu8^Den1xw6&R_iw-8W1m`CvLibVDxzqtB{>|s75B8+iG6y;3zJ%E5H67i8A5TzpYDesU}@it{rktpiJ>~LuZB77AS z6^t9J2PhOBQVjFDjm1JLlZZ^)jKtW7_a_JNYu-X*1zk`kB)~q{k7bnPR4R-c>v7qK zh_dvmF*gx>LPM18(M0qi;A}`oegW8*W8Z%4OnM|r#-!H>Mqq?QqU+5p%^EAEv>os` z;S8DTL#Z%H=pQH~<*W~ro=1|T__^cn_+2kV83>vv^X)AUHNhpkPmsY0k7zK3gAp?I zOhTGSC6L4=_z>v%4r)vkWc~L55>v5#P9%n!5=!t0hFm}p@iYWR6rCU-n^3`7j7&*y z%yoCiN+q)2>5Qlvr{{ja;|@=dwH-jBG3k`LM+1#@R?8qGeMd7h0Hs7FI}smo*(vj4 zGV(5PddWp7`(7J#BMxgYjd*R47^H%#sW+DslBXg-1K^H``y;BnNyZ7oh;GmO*7NzU zsX_ivNR*;n;R3Kg{%`NU*saO`z25%LTK+#q5|~6ZAhHiT9!W#0UNePaLZUwGbh}=_ znN)&Mrv9Kjvg^bf8dKGW?XIoxi{SAg3C7rmA&DeoL^-5 zlX}Jn8Y55D83vq%1`}i&!VyNO@O^^9El>`CY4&iOvWqkN7xtm+MSS!ICm8kN^}Ao* zdl*x75XMyMxp_R%!YQk3vUL6GXBv|c>IG0>!X;H)OmlJ3iK!4=VA$5;z)Axn45|`c zkx?#?0g^O|tnBT>>)|`DP6SFVlx)@+1_E{SA3u2s4-cxV@E0R+31wQ$VW5`?I%5@Wm z5s~tpk(hQRZ3j^*m09blq5+9K05Tj>M%7eT)T>2!z!W{GeAEzeh(cg^lnTm5XTcc5 zG@@+udc=7C`S=Qh)GS`E8bI4XbkIJah>I+pB65z=8Acc=E~;4oMj1K2N(37I%X+?s zeu2~S8tcokmi2a=%@hZ)d0h12byK#Ln6vHJwl3``ujDG8@Q9D5ziB+Gyc~0>^m0`y ze~EN7R(i5;*QN+(laS{=Qvh#V2QG!DHD)|~!V8Qyo z)9dcl*8dkf-Tn3Y{}}1Zm(EY#@l`@t2x^R=B@ghS`P=B?zV}n-=EnQ-r41ntDMM(L zK3#-G=UngmVl?DiI`)5q`@hhVAl@ zViZas0mj(Uo(1AoZRxgD<{MRTNuvnP z5mLRCA`*x}-eG$ib#<{Sh3POSXqK51H7hf>z*1C?WC7_PrU(63%QLowXHE9><(nH07;m+9DPXNs^lWX}8y3z5r!G zl!i?*!iSq1Z;Vl_buH8BxfL8qOpV#Lj4g@L9n3G{efb?;6xhm23Dj z7mHLkK1&OU@@YzkU&%)^jjWgcr7MaPYQKx7aN1fKa z0958#>-M?wtrxL%x_7!&|07YvFEKPq=~vi;7TJGxUTjzOzwPeM-ridOdyG^zF6WG| zn!G!c-Z?7L^DZb0`*4_>gg&_PUW|%_L=nA*u}i_lOIaQ~o>rL5rbvWtN8~=}WNi7x z?%6i;+e>+1A)Fcr`A*x|j>@)z4LA$N7!zZi)@$z|A%euHP{@H*?7Y%Oo*kUL{$s~h zDR0>mp?CR;);IE|1NFVVnkLu>A_SS%a;U<%!4zOCNF^v68Do(cVYa7iyPtg^nbFF> zcv<6umtiyFeYnoyCnUHaBb*_4USN{h?LK~K#d6f@Lo7!(pWsUg#oXGYbv??GRQUoY z6fb>#{%;JFues&trR2xYpGvhQQB)coy#ES5jyMmkZo(l0R`A0&*nRx`3H~pblCMC| zKP4}z8b2?rUdA4`WuR=9+hSY+VbkY%o13M~SdKIb(yo2aTSd42>&MAIVXRee29%jW z1f~g#r_SC2M?cGOvlIAn(%OQL1y*{XZov$e&7J&Ipmy^R?4XRQ!!=9p&5~~|d7nnQ zb^R|LscOl@+6fOcJG8ZfFQpYMI{)9v%l!!t&m7C`c}8Wm zuelEZEOlJrruB*7LmJ^bv;4!epPqTnvhQG#BNs{Y z)Q8p-Wy|D`QBXxjXhAk?>Yh1^t@&On<+h{Ga)qcqm2!>9(BeeU35{@s$1)&xeaKFx z0EY5c!PCSUhzT2Et~bQwst@~ndpmoXF`BYI^lZsA!alrBr8-U7f%L2;n+gn%1Wyi0 zLe6PKGkvEG2XEf!GP>;V65Xjv4ahsrPB~Ye=JOlM(yMYQQ{sSWg-E7J5@C!?k;ot~ zzaIMukJ30p)_P&QC5ic!2(H&f49zcl;${8}`6as~B0M;Gy_WZl>2C60+QCnPfTwI} zAF&1Uzq{A%)#ZP8f9?PED5>ULWM#gSaR-*o6@mY^kYDEcz_(`LSEi-s ze;QKN4l#-NRLk|dn1dF~|NUA0Z)baL|9PBLp8q6CWG5E_M>(&*kpOT$D(xg94Etb5 zVBxsZAS7}Z4p;gc%Mpjda&jco2MdR+o>8;PJ}${(b)Jl` zGzyNb6&J^Xg|=G6N9_nFSgDb@7S;DBe?m4X=UZ`m^8V=ayMwpKXD0`T$0fU?@yOE@t6JjCVZbR4>-PDY z7F^9Vl}?Bn_j57g=Q4dRM)yZ%UVC{l>#SN67jqAiwb&@J)l~KiKQp+w>Ca>H{cgIs2u7!WUCzI<6WUt1uk1Px^MI7sn;M}7EkcrqVa1)&VuEdI^V1d@>6 znL4`GbRlsHw@1Cc)t5IjXZ^ekT!UNJdfoCw&#ZWdoGHAjptIO+m8GC&YARAFcvAh+ z)^JN-bYI`IXnM-I`h`ZAEli~)!4yl`fwPjq&p-cM&v9m}=4!^+Wqd%h0IKK zixu=M=>>&{^gIw*iN@+>uh+Q{N`)GMI4@5SzV|NkiI``Q1`j=Qki1d980wpP$eYCRj=~)Tp zFl$M6tt|x)XepS>nx&cZ&8-EsTV`{wpTXB$L0fnUZNW9Pr*#pn`5M|?FQV12qQUBI zH+n1c>gDe4&O)O>VZq3}=H^*3s#ih3%It$z7$>Toi||)X&khvD3rk3y{A-iP678)` z9;-2Vl&4b$#0^MureA`!wB=)MN3rJJ>OJbUO{LMMlDY4^)k{NVsG6n2PJQ!OjGP$- z`fCIFm6jLUY-SntRrZ@%a9?A~nT7TZ>^ieZ+}p;pB&dhA_mqcSN#kf3Q`TXuJZapL z@|K6#hu!V6WU_^4aH~qwwt@ex_x8)AW$izi(MRwIvn%`h?`8Zz7Ty1TvA0wA|9a6~ z+kYM4p5KCslRI)4L) zvGUyTL>k%Wq)0*w*VndlZ>~H>k$s$?ICmdL&T%!O(*AL2URIldMiPow3YpngIxfwE z4^pXkoP9J`PN`W_s*M`vp>>!wPwq6MlDJ3S+K?t;R$&f)O;4va;AcubF>E^dnRNqS zW?F4(%N_X7Uf^29{RilJoI1nQQ$WUEFetVCj^rNQ4eNXj!}{eDiZv#svVk9#n@^$l zbFNo54n#ME@+wanxz3O>64Ad<)bMOTZt(>ADonm^?&gLhXG$oqfeS}%@vK>{3|fhj z=GMGg2Z|c5LZ$r5dEU7G-%I~nR`GLb(fzOPix+kO-<@uEt^Yknx}*NLR{Z8Fe#@Tg z%~KG~V_-E2VeQ#-1wqm*%bOtCZR_L6ly&-k(tYIrIc1?<=1OJ&_o;bNSSbH{_4^+$ z_SW}59w*&@|Nq~X<$t%^VGR?((|@~DtxOc(LQOAw;-qX$S+u&y)I9xQ7LLYCdVlwe zZ0mHd^fmH-q2PCEq5R*i`~U6t_SgFVqojN2|7*dY3;v~b{`)Nu>y=@h9yr~>fYrX; zUNwISSRntmU)24-cXs!;zxVflZd+JagZWC5a{^#o<)`=a;y2jGPfPCNw^&PSj|k1c zI;>bm*9N6!ZOHDc5%xhukts__OO=59cgn&D`*1jV^~x)`RAkN#GcA_=7HIC^R$INIjjEuL_kG4SWjp3OS6&-l?g-`V2H#46Wl)+$uo zW{)_^cU&D`S>u*7#50GnNZnNawdzHVw1S6!_(t~56AAu?Yne&t=455l&RQ`Iu^f7$(CgMU-o+LRX` z1T9$qyZhU9``=z~cOC!fQPQ0EpUewt^B($ZyaqE9XK3~&%&rx0e}i?r$s6!#?zZkT z|7n2PzbkqFb9;NQ?*F&fTigF1CEfP^+uzN?GpnlH?WSga4WsQY5@gpd?DO80yBO6g zo9m0T72bU7N%1#Ix61$Q!B{)@?;QbRf&AaueNp%S?(VPSe?CrnxcCp%!E?U|5T_1? zz0ICo>3IAY5HU*W0)&=REvQ40>KDDs#qS(6!an*xlQ|DpM?#!7eZB=}n@AROV}w^r z0eFZ=7PX<17a5`Y>{#)<;O`b>S3o!6m5De|4yM4kf>Im+SG`ogg(%2igY)^5e}U679EYi{l!I*Nh?WYP1FPq*_$K@ly46crpX>1? zraXl>m3idyZ05N*5f0L)hL99xp4NM^m9=&65FY0K^StmKb;4iZv>Z?auM+c^`Rz1r zsG!LXuU_f7U&`HpkegXx%&0(zl{pSnnoJvyEZhPv^e4gq<3vqo1x4Oi1Z#Cn)k^%9p zm+qCMTlGJ;(qh}h+>4@iAi{fSfs6M4ySsJ$ueZOqj{o{7X~UgMj1)YNkiqka^NTcr z)@{xpEohZ|*ILlh|7~tU*F*!{FeeuO81j@E85Yt&l`gF{?A_nV2EHjy-v3 z*~{;9AT(X?$rRR3p{kzn@XVCF9ohm7xHGH!t^~Ub*ezI^$Qj_5!*=*uiFM}_rIK_A zV;4<|Ozt`kKz$SM~CWx|a!j;`XuuAbwNi@d1LGl6_< zJmXdt&GOdnm41BdDf*zPLH_$=jADCswwg8;o&W6h>hZt#dfV&xACHnY;DjiJf=N&u zEZ5<3j110G8ku?JHfGZIHsFJvM>0)}sT1TFqXnseLIcfvw% z0~n6XVgk<-fkS$QAzV^5hX2^~;XR9{z?rG3QGx^oM3kZL`A27;&lDHvZGa0}{Kw%L zgj7h+A5qmY|95Bp{`p^`WB#9g7>_#of7wqtVVwfdISKTNH>43t?QI8Km9*%1O6a_@>Ig>qhsm$F5Zym(-29=mJ|Hn-=jv@F#iw#=iuG1$8X;M>c`nY`V8yoQP#2I(8(AwSZCuqZVce~r}{@m_$y^W0xIM9{7 zHXIw@n9wv^Eb1d<)`T{BG{4g~j=eMrmNOb>^+Ne1ahaB9s=Q2<1RaA#;|K6*|S(6w}$+)@cC7Z_9*? z&$UcTT@A$cz*Y20AZCy)o}ROP2O{CrPGT4n7Djr5oV%Eq{#g1sM64fK&i{t_e|mgy z^!9jFlYim--|lsHy7l?Ly}O?OkCHaZbJ+}h69(VR+LPS=;d$4^FPNXM;Rt0QXkwQ5 z?>Om>7}M@5V0qWjZ!b)+RH^SEt+FGAc-5dS^BDGFj4;$YNo2v)DwUUG8jNjqpb|v- z9gN9q80>VrgB1buu3>%znsTF>dNH}8aT>!0@S&qx5!%MYU>16bS{1uQM!h~ z_9}^2i@Yw=gPg9@$c6 zSQXB}naj?K(0TZ@>XEm|Pa1NW=bWu`zkvoKQU-VytrH&AFOTYtwGhn&_oT zX`d4*xyi2xzm=y|kG!V$#%J3+*30j2FQt3nMGvuJ16JC#8j+VlD=)@RLjpbs@k$}* zn%le+@#u+uIEoDZ>i}(nlMa7?Px`x5)cfY(}iP+P`n|aW^u}!^T zn3AANy5|g6fx_b^O}ybdu1*9>Wa_JkSP-xDzJ6nyuMOdDFZCUyYZ&kZndLnhAycJm z5_cqJnRxbeb6%Up$jeG9GSXX%bZ(`mn6BY46#|*cyD`a}PY077f5%@&g|5!m>}~U= z#?BH9=x_>zS+7gIF{{6v{t(??n4g_Pk!Hmz25d)x|Q`vnlJ^i$=Tl9e@kzL%q(S!7QMd=y_)tEqB_93Dyy}J8wG!}s@NW!gc=ETd3f3L**avZE56~ zr%{+Ysve#mNgqyeL_`>&lzM&}?-+MM!5q3zcK*})(3IU3ZHEEB#q2GNNo$ay2r*Gq0;e@R%#iC#~RI!N8EX;+~}Q7+xuJ>H(y>%sBUI2|=p- z@6nZUo$iqu{J%(&w6$o7aYa60i|&8#?DgvY-#gpu`#+D8Hge~|s$Zv*)w!5HClW*8 z!=YWiO8%f9s}(;zA1jr}ey1~{YMh??0gpR8LDse=({|lv+ED_r6BDg!cdX1R}-LF`>b=cnEe>?Ko+REQEzb5IoXHKWZS>$ zAnWjixGAAA-1Id$uw;Nqxfm5t972=Aj7cldeXk84&3WUU2knO0)NVo>4j?h1Cu!g|x^8~V z`mc}?(F`!TsK;=CA!L!Pd^liJFgK($KXQys*X;QvmWD^R@(T>O2r<+gElxR2$BOG^ zklio4dp8R=uXgUWY@bc{PfD4Iv%Dc zVQyr3R8em|NM&qo0PGxVZzH$yKKoY;oDbIm)=Kg-&^O0E1V)oP!@dhp6a_*pM_Sfg za>IvxYSI5*47qx(_95NbzBJK%u|y7s!`YePJk~Nyr5T#ulsSArEYS2)!~0hmGcK92 zT)z2w7z_r3^V8GtcQ6=K{|?U1FWwAKE>6ylhsPJ^$8QG1v$NsJ8yGyp-kspBW9H4^ ztM{rN?*9asQra;mw6dcEfRs5V^)yMDa}pDw`zabHCIa~gN?oZ%!_Ng8k)v`-*1$4OiBwbL%6!TwlLAAhEQ_Qx`mq+I09A_Qlvq&2aod|Pm*CW91IS=^b;TZS){lN+1cx)U zZ*qywnZ*P7%xlc39SsVmd z^JR@vn(u@P|~xCe~;l}{Hr*toNv zfXjphgM~p$7X}faVWvQj|Anbb;2sSvB$;{1iOWYc4h*Jxs>Ht+)GRn1wh7M4flv;O zVv+>q@d%jWkh2*WB)Z_$3Wb1T6Zlyh1feE+1etS%9rgQD;pY0E>OA*KxLH4Fu^4-& zjqP)MMA^4u+G8fogu~Q%gMC(rUSL)Q^-psC-P~u|w=1HHSA=y&sOe%js8^$WNzdpZ zvT|AEekph(i>&Llp z^yGf?XdTHufvaHcFh=kNXAXG+Hwvy;j`E6Gd~xxTByEpG*Dc^xC$)|kCA1ixdxqL4 z5$)-|z;sQ~Ia*;zF&%SA>b&A7nk_4^#ax=L57lnzO*9p<-9?N9_&JrHOsqmcILvL8 zYBLiN0x^z!;dE-T8i}{aeiMNi!)7(}h0!Tm`}$kgszUoRgN%~~Y%tXE_!jHH8J0eT zpt>T1#-~IIX5T3`mdNYm5P2PIEs<4~qVb4!rqUhHKugH!JbXX*Fm{(y%vAb8$ywbA z)`Rj1D6M*!7jAY0TFDt8c?z_kRrFeP4a1X=lH8EN7j_cmN;bPI&k_qp|l`@BVc*4V$4RtNlW$1Lua54V@_BwQ9o z%j4Xmqr?4rDdn&9A*{kjG&7e8HBDYlU)MM$qmC>sWgcQago&0?KatP)ku0bT7b&o5 zB;74c=r+hL57~Xt9SC(A=+?A443&U%_$waIBI;Xce4zOI@h$a1nq$t}t}rbitp#d& zY$^C{i_~iNs|+oZ)*+Kc#)iwWz*4VFKv$*#;=Utr#$z0C+OR2>Bi|zb-=_X!onb<` zLh~r{U5h~-^`Eoh;H*;rxwtq!+t+_y1OE8+pQ`qvP2z|4YEUgseKn}u;a2nLZ8l3o zRgAhi(I%gpg`q0W^HzzfTsD`CHhJ9_koEBxai z92y`kxVpQBCq_q>NHf~Is6JltfN~VA(fDGan@`N8S#8W%6OE#pXo^p&M{X{VpfTEP zWEu^*-kRjz(aIGAAuAJVDlyW8l=*4q;3*RlfpJa;S`$@6rJ_CmNj1m%xW6MrmpZLY z)VErkqqP*Z?!J}`UzobGRWF>SX1Lt!If`|nK@)12otxf|sL<3(YNAcf+=x{4{Ir%V zDettBMbX1tjf_^9t5>oXan>Jmr_?2ec1@YfeD-&lxa{FsV2Au~KDP6_03G??`SHnl zHUB$19_;hK*MOJE|6U?}TPS3*{M4GiHKDbpa39M>4Y}EZX7qt|{rnPhB{RE{-nwuN zSU+CG@}ts?hA*rMyO zRiB{hkLsbdeZIqPU0rz!1yA;MR6N3TLSdUbcbWt)`yplAg%GgT=}UG=*WJNQUTEW(awE9&3J!DjfQRG_4NhYsgn`Sl)1PZDCbQ@x$j*htx3!%7 zp}MfJ=s$G5a`EZrIyzS(6m!!|OK#^$?9Fv~UmSr@sr2E^flr@qu5AMF1E$PdgeL^9 z)msN2-v9J>ppk%a6lG526)-8{trd?ER>!vx!pNllIpx)qEVdH3xsXo t8N`0htV7c;So*-GX#1Pw{+jHKcMp5m!ycXw{uclM|NmOhP4NIq005R9+-(2= literal 0 HcmV?d00001 diff --git a/released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.1.101.tgz b/released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.1.101.tgz new file mode 100644 index 0000000000000000000000000000000000000000..9ac972e5e8e442fc982058dd4154d9cacce4b3bd GIT binary patch literal 2439 zcmV;233&D&iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PGxHbK5pD&;AuV?n7QIT8b>Yqc_*ibUfE49y{sGy%i!>BF-Sd z0-zn;&HeYA1*k8IUrKDJ*K%Jh;bV8P++FMkEyGltpcyQf!w19+%^)`X^eSP-MN5{- zH{TA!;c$3gk=7d&udIS(N$E03FF>_90B=l*F#)-K=K7~S8DwpAx42?)pIVPuY>`acw zl?xNWIjY7bilt~X7ULAc;I?+!rFEEA?lUNnSsc**HMb?rK4O{p4UH9AP2q8L#L>n^ zWX^xTQPwdjEw}{X>h9XYT$>6+(NQA_x6E(~EX$;by=adfR}{z5C>jk%N8kIguc5~N z9j2LN4((~I)m$tFac-SX4O*R>7&*>`5_GgKKBC3`FV072yY~NXGMv2Y?f*4k+ZNW*8Hyh0%GoT3cEZ5ET>)8TfU6Knm;ru{HRMu+C3pGB@N13;KS{ zCfc|U8*GDOHcSe&$R#t=&7h4n`H>GRZ^(}T9+?!}%O>E^8LG?Mo8QLwae^reg8(~T zEwBb6xV5m*J2v`SFbJ2oH^tt}=!|^+icNwoEm@D1sJtaM!W!`I0Rz3_=^_UkDC;@6 zL|8DG8MJg^5CR%z3iRw>7`q7W(a=VcSuQzo`H04W!B{Vp`1cx{1*bh3@2ngM<ajNzdpZ zvSM4{eD^;O+n?c4&1NIndd3@`A;0%i& zd{AAILG4o_1+(uJn@QwVatOT6w3f)qN>O`6yHxRkXP_x`yFNNJ(zUV2Hbs(`}&PI>92(^e_PG5I8CZi54ZDj6aK7_fJQa_Q;_?axI2p1`^ zsYTr`OlUXAj)!bN=mCgY4YV_^7DFW<9sY*LvyS@K8t*awd3;NCkmi`nZCjY;7wrUU zdS)s3ZHm+?=#_>xN$ZHoEMcR~m}hBFB%oW<0Dkdqe`3wCI__@?(WQ;6i^@<`$0r z6ZChc-s(Mz__{Y*DpUGKgk8`EsL#Ixbh4!8T>Jn;jd^)zJoPzxfSOEw zHCdOhZ_{t^2+fMWpTP&%xrrI%O8k){2u}CVT%cLkt~1TSCCtH-(GJ%=^}PJ%$~H5# z(rPaf1ZXN1Y!j*~7_-5+P<*x^6(Y;|G|CWw*K$YUX1PUpLf~4x zb@1`SFaHD@@heV(%n7{$CPlcl!ZG~r@D_rn9J7o(o%I4!&R<{&%8Weq1A@&>!5ty? zvpxg@u7TX}0-gU~Lg_tmw+Gy}s=q(f`Xte$Q!)Sa~{{4sHxc~i! zSAieue#GDs?!pAb2{SI(zS#SLgxn&B*|PFS62AA@dg!5t9(t&U{{;X5|NrbrcR>J3 F00631!+!t( literal 0 HcmV?d00001 diff --git a/released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.2.101.tgz b/released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.2.101.tgz new file mode 100644 index 0000000000000000000000000000000000000000..46e06d282f6da1f2746ed708100a131b0a54d3fa GIT binary patch literal 3693 zcmV-z4wCU7iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI}rbK^FWpU?U$x-_}c-Ihg3mLDlq-3P~>P5CY}7sJ~bS@n|%=8~y8sBnkIJl*1*_c#9aL9QraC zorgqfZ$%>Z=C{*$JRYAM9ofI*@wobTe0*~HW->iJJwBcsPfw?B#*^dY!|59sKf&6a zlqgN)oAGa6tGc=02@%ePCYlPaW<3C(Xu`zO^NH3BJt{^%N=+9OgBhf{Qritb$0%up zToX2fzLp90YdeNC2#~jS;Uq#86CY>b8jISgR!U=3J5C})qHt)&=iF8_yGLUB6G}w| zpTXUv7ohSbjkW#%k}FLZQ=mhH^Xm%*3n6PJ@_MaH=v9m}AaTs7Z$;a?%T}Cvhu&m7 z>Am)A&#A%w?+8m!J&^`iw|~J0dBWGgP1j%n@Ru6b3-K7O)bD1dUP5h(_i0 zdP^qegr)vRGc=z7oTaDiUE`7}Emt$>_j^4Wk)`b=F&2tyVIHJhk8YDW`kM6sG+7!W z_a@(ZCtr`reO1(8|M}Y){SqRJQ7TWzk97r|_CG!<+yCKsGTxv6FG6qOIz82UU%m_> zzy;+9eP?^W1kU(=k*W3dVfgT1JJJPsKejl)aY4U zu#GD5eZ&BRo{G^oi)J?97${1@P^UBu75Cb@Uw~{?`x)gO_3_O2MZ)!mhLs}1$#q^ zRQ?RWg=2=rOlB=7hzAc3W;3btw`09^90v~%vyI1^EHgP3R=i3WyRt8F2A7KuLSIQ# z$aSHgFQSO>U{+`v!e~x;Axd07FpzCkY8fudBT@S!U+@K8j(i!IS3no2T&ASZ^G>iN z!uRIwsp8s2L9R!aI+&Q21RptDRbG~($jo^~bT}(A)5}I0XQnfmeB^&6lqE8o!*P`} z)XIvR_dSV=>^JFrK6*GD_MX6_I0JoYk0Nos@Qb>P!m7Vhmq9tz=PhnSVkGWxxS*Uc z`YX!4^Z5FlN1NME)&CFb_DlBndwg}T?)P6iirv#=sT2Q|RQ+*lbk=`P$JPAL;mLT9 z|6YPBz?Yc!o>P9 zWQ(G96T!cMQyw7KaFiWbCKS$QOA}RJW6rA6{^gwb&zt|5jt{H#-_z;IzW(zfRJ4El zs!5_lA?dFcDtWixDvydaf;(r4(kQP5!)<*-3OKq!THaYE%tR|Dq^93Xk;HbG{TDxL zQN+i<9w3nYKEuyT^CbX%AeLa9XlyfzMp9e0FF*tz161Djg8>DJJxL|Pb z_tNt4^T0vB!QV>@+V&vBQML<3Wjm!y8TxsUC@hV%4$-mOEQTtW-tF~#M|nW`@)_Tf zV0euS(>D`T3y(d3O%3YiNG0=sqOYwsxbZh7pu5$kwmFrm!p=onS#LLSK2`prQ74>M zj_xLN)Ffm1N(48lN;*jJ+FWOeidfP+%5aIn3>JhbqXC35aetLPc&B{Ah`WuE^$3O1 zA5h;5d0TG0ygDy8TwPwQ8`hZ$%c5~AGZ?&2l)f&cHwHZbg+EZ9d@l8~ea`sGK2PG9 zp}X6%_D7pj4qU4VFbZHRqI?FE98E>!^9)XokEh2yfQ52)^F-5S2-0lKhA0+{uSHS< zf-sjl+eU#~PI4@;L0yVUkc zqhYsVF*{}(7*+cJ3ynX}G?gB+L=u*-@5*(dkop5D1Ym_EzM_1YFd}E`M&*kbXOM^8 zfr;PDX9`7^S9I zDnjO3QYZ_QRv8#JT%Yt7nOiS?yBL6SD~ko_kSdTEySk0tj%g+wgoS&aMO`SBky*k5 z!{r@H4HA8^Z=77>DIbrTL>j4lRKtxs`(aZ}8FU*kMafbIoB2c~% zGYGYg)oe6cQl06)FQO>nRIf%>i|IVkLaI@KcgRMHE{8<=A=T*XMB<3VbZD97R{gyw zc$;Sn1_jZ%E8e)d^nOsp~i)flPjtj$a~vXccE_25d0Y@%r*{pe6Bd^D7wz88p5nqhRVCCv%2Dog5smb0HX# zs!}v=QLVVY;~vZq<8*Gn%{+|SWfv>%+iG{s4$5E3SpXM&h*7Lp2Ov0G0UA$%3Iumv z%N)aSPZ=|ANTU1RP4;brk5^|kOSEWFyM-89u9G%()TxAv#F0vW@pe?_I$Oh{(DapBN%Lp}IT=n(peLfN;0Lf@VueTWie4>WTM z*ss1lwf+Q2)S^Bm_Rp9Sw!b}N^0VdR)tReNn$~nXH>l0#{&B|GKgI&0rr&6FM=E?-WZIN2ddX=U%Xq^xihh(yD zOAC7rfEFIROPUxI?sq9Iq`gCDTV4bIZ<+s5S`x~2ECMI>osvP_-~Tu+=YOW->13b( zeG&TO=YOiIi^_8!+Ot8med@D8=?YgOaNcG!HB{|UmnYifb2Bki?enx*qAHioDWgqZ z_X(tZ0%@N>+95Wn8r!ykO0BbLHoVmRrlUSxUbI598!cp}2J2Dq>GHze(@>CDg9*?G z6aq;X`T$hohd>nEhsc2x2Zlt!9FZHlvp22+APbEWj24_Gk^nM53MgBs{QP z4xBa0B+hm7o@hU;jTvjAQRE9@f|Kf&n-e4`rH~s)qXFxcB=^pYEEtHfGRl_>-JIZ) zWEpC>4=F<+L0~pi5>-Q{q8oa#sCHVTyvquTGB2|j85NkTSF#py)^Bqs z=;A`VCghSm{VIXWo}Pqu!++Ve@ZIhLbl|^}$>~uQ|4sJa|9=^J4*d5V@NNBbLF-Sg z_^qj1D}?(o9n^r$@;TSIE4|KaZ;8%JH_`JT5WYNYkIDAnX%C+M^x&ydeQ(4yawDK? ztvFVu-DV6x$zSX~7`CV>Y*huQ-X5x_*5ddMt98}rVVk-{b3Jg&DLP~Pnn#+*C04(E z{m9!8jLu)-{)5D&coZ&kTYtpRow3xGIgcjk&R17r!y+DcU!@kXw@$dtw2qq5wWF;p zsU2zWFi|V&-g=&91n#H-hi4C)(0FnE7LU-b_?!6LQRyTmkZ}611c3(T99mG6d1g8m zfxD-EFNMauVxCm*r4*TIlvZ~Nz)@Qwptw+7I-o;nP2x&(Y1`(to*n=1T<&yVNP2DT zv!}=6|J~}qUG?ATN#*w+ribI>!#)0g3HsC2e>YV3+3LVq5}~^uywS6zE?mRE^QkrU z;f=n}QYYTvzO!Cjvxj}%c%S;%r#@OR)V9XAWBs_^Ni`cH{HE&YxeZv)uP?SNlLm=Z zw3tZq^Zq?%*Dc zVQyr3R8em|NM&qo0PI}rZ`-)C?`QuN19vZc??Eifd39mne#j<0i`?5skhBXNEDm~T zX>9R?BDExy)Z5Mfen3)^C0VlUG>>-I^Cb?&$8a<=oZk#>Nq7*U9L|ZxYs3WQFp%Ns zG$K-a3lg&zUr)a8`^Sfe_OI{z^}qhn`1r;6(BJp{^FAdBu15x04LxY%SxvfN@LtOP9j61aA?LCOw<&%M-uuAN<{^qz|FW9q6#EUwEh2_ zD@_k2yU-#@I{|Gw`Z?eFaWDd;6!W~X}Z%augnwYcJ1;<~$falQR zI}#(@-3^OBc7>ezqCz?s@=>Opz&f#FHdxn6U>?gCzj{2wCi@XcP%? z-Jd`rlpazS*zdXj(qt}4h}nNqFg7K@_3G$hhzvCj6TxV(=uf~lsx$}?LkxQ=!N4q< z+kj)BED1xM(lAus>)QPSb-vtF(# zQ+}e}34SSro`8X8)khx{$_b1Od~vOT;F?g5vc&i>+ppW5aS^I`2H?Um!(uM8H7AG% zcXwtpne(?}y=5E+cXyMO$C}J@Ih9ttNEy4ZFL46rvv)#YNL0vmsb3)CnDB5?Y8t|5 zN_iXQ*7Jq}209ur$WE=IyES+GRm5M^`$S zn3ja^Ia}0TmZR9rc|mkEDKpc{M;d3QbD6y7eYm;2KX(+nqx(`P{;R0^{nqHL|Ge_+`Jes$S3CUo6jZC5xH#=JcLEzl zYb77DNxYU%x8g@9@Q3v|U%m|Chai;_xxNZSf-w1C@NA}M`B;X^H2=5vcgj$CKQl1} z=$Gdl{q1jd+W!AkhDyTc2tOo5M|<$YCo@SlUAfmS)lrR!DHv|*8#2Jr4bqCvGG!)OF(EbmS&B5V!|cEKStB>xs*E*T15zTD0cO2| zRA~|CjW(f8E$r(7+@PGQ3H&;6d5pmx4CbiKpTrr!s-T+f?bxQhH<115o&e^7M11pY3zP7xsCYBn)HZny{rmTAgy>T1|ja z0$VZV6Brk0Dkh&NaC~%haMS~sDQ7niG+mA$&BknqV!`-QBo!bygh2uJ26>CZK%yRe zGvUdO9+_I=zsuJrXK!D7arh8xbm718!D0RWk3Zhk|DS|jw%v9+$u9;#V0=30h-jcI zH|bJ^AxsyIx9OgHZ#(Ly7W=ONX?IKv+XCxObl744ua3v{`#(pA{=v@vpMuK4WD~xs zg_fsQ2QD)mI4g9Z5@D{C+5*9~6pR@?L+)LtQ=F!hg(&R`Ma=Dc2cBqZpCtT%r-Ep^#7L{ z-_R_Tp0HFBR;=&Jb&-(z9VrE1r6j(he4a8QC(A|^hy*84gx#Tu;0U9ki;wLvksv?0 zIRE9~Du^&HDvg!v&yF>q&TG4l_L`^pH)9Y^F3z*Di4+M+O|ephEVQIl7O1Q;Fl@L! z*)1}+UiNk|1m#v1Gtd!LATe=u8@nCTOgIP&_dJWbP%0y{l!b=N8^R5lQIKGRv*{dvW-($QBGrqH}l2m6isg z=Z#jqTIFl>%w4^8!yNxhF`6bLiObhlABseS6Sb4-va4DO*a(O68A{i4CPi##K^`W8 za_y9aQREs_I*q9|Z|=7gl{T{X;M7_>OcBx~BpO2x&N-Zt7}=>ojgKu}BS|$hqU#oL zy&%8r=pnCP*L;{6_rLYHPL9)`LtZ3YqKne;dBs9Y6ZWBB~$54#n^6v z(E&dPEHx%pn}BMJRejcWCLGzxLJSM1)7YzZ@-?zw?Led?i-zZk6agyr^h-CY!unwb zaT^U-VW{Kv72`ll5?mKoGDqGR7`4qV7Cf-k?uH#yzr8a9F8C1RL@)M0aJB$6o&psJ?!1;chT)bnX55fO_XVB& z+XnA1P8yb2qebg2#L#@1v}vMFC0up&TTgJadK_;##~N*iwT99N1Gi8h zV>r#PsIr;~$&5EH9a?Uv2R{iNK|fU}`!-PM+f$?uajNWrW=;Y7)whS%pD>Nrs85Cc z6Q+diZ_k+GY8>4nCEoE+F zK7^TIOxzluVbh*jxM%{K)~UON3Ec*{;U>E`y2V7D2D9p%>O7Y3FSHwp_BSn$)N7Rh&`j8=KwC6IOrq+J4Oi`b-Y zY?}rujn1as@G|$Cjrw?gwicRQX(4kpSdM~^=V$JohJw@@Oo&FH5K21Jd!W)F0;1qH zLJp)nFd_=3h}_tny>S%+nQ4?@wBYpe3~q_auHT0sQti|y<)Q7e=d4ktNuis!LU4JL$jfZ zs9G`=>+w$@LTrxvJ3@3Of<~ae(cl=B%6@-g%dy7rsccGH4eeeUnzO|oB3VaUG@*gn z-1L4%jcnOJFlTA^D@hkQHi-`C0irT=51~TU0i6_hFtQe-z0F^ z(Sy)-_%FW}zTI7b4*YjKesx&KfBx?K|4&1Yf&U%@zAb+)X!&U^erxNt7Q%hV2DMA-&=8wTnXsbRvc^7ZZZa-;xD!z z3>(xGHmU;DZx1!o+T!>Yt98}rVUxNAaS!AXY5xRTow^C>P#?4;Ta5x%NAdTImK)626B%cNmy6)hpsJl%sp#0h2g zBkExFChM+B`j}PHsyjH36CpL>dIFazhki`1v2VPg#JPh?Xt~TP{jmt?Y~g%_v2)6B z(8$T3stUXODbTJf7az~hoO3l3IrJI{7OEWPo}Xps#U4-|u+-ih`1tYsOnCr5VL(!a zaElNMKG5*~-J5@aX|X-_oXpMi90;TC)NfuW0Da9M AdH?_b literal 0 HcmV?d00001 diff --git a/released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.3.001.tgz b/released/assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.3.001.tgz new file mode 100755 index 0000000000000000000000000000000000000000..91bf8e91823978aee7d6509e10efdda6e1129388 GIT binary patch literal 3682 zcmV-o4xRBIiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI}rZ{s+U@6Y}#3hp`hZV}6Jo(lu_A(QkDa@UU_=^kJ)SoG3T z+2V#GwIr3ar#Jumf}|u%vSiumJi2FHU*b@F6iZdb`c=`Ega;AI;hbo^K}=8%0~wCa zA|kc7ATfLO?d1Eue|&go|N6dP|LY%(k6(=s{X>7ezd!a*Uissr!{ftO;6K9Jos=p~ zCVKk}w)riS=&t6%V`v&-cf@mwubuQ;YrI5|*NR zBnQxC{|86=b^AZr_jmUH9P}E_aYj<6!M*Yp(=bZm^kW*-P_?z$e3u2 zAScp`D#yDX_qw;#aITKUDGXJ9)noj`E zC1mVf;hZWh7Zd3Bdp#PHx$Pw}5sGSI9%NjPZqg|Rn)LuQnHz85?fc&T4``duK`r)Q zyq(eK2w8$sc{+KhE9kU;|FCNR`@Vm)zq9}6px1Dfo$9@>UxyIljBa_oVi0QY+ z0Uh>#H1_N9|H;A8@y`CAgUWI9l;|KD-Hv-Vl!p`eKQZmas7XjPF=wp{j=z2d&!NNj zBu2Qu9|jVM#;ijY;G14oE^fE|Y%|>7_W&4~B2(^&CrQ#UV-KJPO91*2ve;A6C=%kP zKY>IjJ)|zM-*f+^$y|~Uv;U-EY)XQg)zQNc8EPCRg3(~npMY&tX%HZW81__xfmt-S z0mndD5{5dZVW_;czixNNMX2H#fD6YAi@D6!oFE?D z-3&fkvpmT?^1-%nN^YckK}R9f*eW$emm$QqNn#(iq>Fx2MW$mj$^TUFl$A zS`vQXY*Bkzj$$+CCDGBO%uFvIX`GqPW%7alg;18td=AG|!O&V(+`R8dQf9wR=Zn$9 z;js4z9>p2xb9)qt%Y~oSWt3L^L0tyrRG+PJ8xmu2i^Cb^gwfwo?wrT>=RDTA{Y?G; zpl-ine?Q`@dvU-2(oyV=9!j0~ucGP?Tcfl7bK=+YKl}S9JN)+?RI8h~IPENV0vknZ zB_Fa$yp~V5;zuX&FY9x@ejUP3K`JG3eI1AdVe-G=*-X#!u?&@I{%`Lul%eu|VPXo< zFV8vp)1U0L{r{;9m4wd`eoBar_TZ<_W|C~Wa<4n8qZ$*-$B-|I+D!!i0#12|T*G00 zV3|-jpDjyNeUCY-PWzWr5u&)Pji*l+a@Y}%UF$Q}un4>m-5`$FD2Nw(u{#IEYej7OGH~3p+LE9eY zILdaRsBEWfDMP;vQiYX~)*(7}+r>}^)7!nCpD7P1pFiPS5)7|!X8PuWTEk-xU{!;< zIa2BL9~fw>4Q~8(1?XmNJ}UIDr{q%4h&#Ox#`O58kMNFygLl5V}TK;c`;(=U~Nw$CYF*ym}IFpQCF!j}GMb;^NjH33Em zY{isMU|gW7n0%SQ@zK%2Q4e6IoZURqbUA`F8?zyb1>;MRRDj?R1_js~rhDnV?Wmht?7sq}-7zt23#>cQVTb*n9FObwe~u3QgPr|92bF`#CVW*3 zEzhhDTxB|NUg$t2!dxk}1%hiS7&Cf?+`CDqI87-FQQ8%XnA`UbJm02<&<_7dV^o^N z$pm=HSS{!*xf&IX@>r+8K-Dk8T&KFqbAP?ckRmLdJM7ZfCyR#NiskH>ZD3UC|1UMZ zrCBOHVW}jnSl^ZFA|dsAQVPIINqj~5JY_^qmW?V92~MC0yF(Mf5k^B7AKPIfL4JC9 z@$12L5Mf+Y8Y|bI9cw_H*LEH4HBa+z#vq(tUSwkvDH4>LVxNa zTV!s%?CoL*%B?JBpd+e4V&dvHb~~n-a1a*mc@}k{R7Peg3k{dIC^bk7#GKRLi`ne; zQnQRrR+$4zqvV9S+pK#)cnC3BfJ8Gdq`WjkcE=gs35h`YOiUosI#H9+Xijym|AC0( zlvBMJSuLj1R12v_A>JYzDLNk#8AMcLpi_w>lF*@LmRt4r;_!8mEf|zU=kAg#Ee%A^ z8?Ab^%Gc97KDBs_B-PM}u3NzM zg8Z_hlTguIuB^A%({+MDMbSf4R2s$9M59sXvvP^9&9WSZ(?K+;75o~OOrxUV{ zZ8Ttop^n#Ai~}u6a8q2#D9NDpEg1z6sSOO=e5i+40n_<Ehg$T(2eKnFjPZnk>+lq&eu~!eTBx` z8NVOj(j25|qEposrrA!FKut`Q34Yf_Y7OhvnwFq-Ojr_;@v^T5hdh9M~VpzK0 zrL>Ut4xMdz3H-ld{zqv^DA$Pyoz%BV26cb`(7clqCEp+A29r>?rFJojOJ zHmI>rb2cbj;ZlUo+pMOB>OGqBM5}zRCWh*L9yd!==dwLzw94x)fwW5??Gi{^#3prP z+cZ#VbT;jVm$~0;)TfK{wb1NZ3z@6Iauj^JICu9n6r|Q*LNo$}P|}&+1C<655CwM; zavj{XPVdYNtLa4{et{XN@vV3f;UTI*1x$ z#)fDV`AnGLq`u|$1PMwhwz0i(HY}6JkmtYvHtDr2i}HYbov7KA0*Dj zgK(MK`U8e;jiolsd9+D)y0{c87V)tADvf}B?Sz|5>!=-FJKD&S)+6mLCR&TSH=d^* zfjer!;rYWhG+thRjYn9o_^bHbQRO5ikaGIZ6oH239GX#-MP@n?p}VJkCxynMVxHFT zrIeXzl~#8Oz|p!yKzX62bU=sD+QgOR(l*U&Jvsj0y4>l$ko3~nXGagk|J&7pyXwCO z$F<*oIN101$2Rm7olkA353lrnk~;AU_nr0P zhCS@+#=F$VF7>enLv3n&Th@=8om9Ia!Z%e%&uqYYc6GjCnKVqTq9sI{r+W~HIHAmb zL>;W&WZhLspR!6?bq5!5BBUlsbFOA0hh8JWLY2eZi}UQf*aOM~mfD*GpFUljD-Ymj3`nXF z?hr!32O2)SfBRQ3Ew;y=lew9m17XyiT5cP5w7Z31R}M&GJe{%vKg== z%8WZRv3+VoAP5B*H#|peze~uhC*JG@?@HA>+R=`7^m6p?00030|2XvnivVr_0Dvzv AJOBUy literal 0 HcmV?d00001 diff --git a/released/assets/rancher-grafana/rancher-grafana-6.6.401.tgz b/released/assets/rancher-grafana/rancher-grafana-6.6.401.tgz new file mode 100755 index 0000000000000000000000000000000000000000..b2024b4ac32a3dd8d438ae09356d4bc36162b385 GIT binary patch literal 27607 zcmV)8K*qlxiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POvHd)qelAdb)9dKDNsJF&YaCHa<&=9Br2YdfibO&qW7v^!6> zYeOU?p(Y6q0LpRV>}&r%xDvcdvRpUq$DC(Ui^S#N;Nalga6n-aOcC`a6pmp6dk0fU zxql1e=r0fU^!xq(-p-EvZ@=F!|97yvwf&dDPJgFA*xDNOU;L#%*xBm${{s3C2SW3c zF%Icp`YZQU9^4<~fk{F*HC>6%0iqm_F$#x3zpXEqz!G#-zl-0Al}`DrrgTxTO> z2l;;o{!72_^*b@d35PgAlnpx`KrzJ85PXKolwmae*F^jlU3UObm^7dA!ZgZ)YmELC zU>1->L7pjN?W9n4El&}cS{3#4SPcfR+fb_pPp4?L6 z_JX5-aY7kK$qkG+qJD^M@xq5rJ$*2e(Ev%5*!hw(Qa249ew(5pfN2`xKrWlk%piKt z-}86+gU;{0q?dZi{C@_c46%pZ0NVNg?)LW9R+<0r>});p|HpVH5gEZqvwj{S@fQG! z+a97Z%p!hVv`xr(Hb?68NvN4Jv7YmSPVl}R< zfe#D;m;m$%GcH)?L6ixGc19x96aRqq5Tz)QjF%)pH00YIAym!xL~|RWJ&-YUq?;18 zhjPJtWb82#BX2!Wt#42giT+cT9vMJ2NGVJAoxKly`KsVNPf>u!w;&}Ua5hKv@eGY~ z-YvK+O%O*+Y(gOkST7(+fKtwSDT#1!+e=C4F%)DJ^IK29TZ3r|X-wz?Hpx&BkT`wF z7H?U=BiW$Dx9-6=1$`K$Q|K3)hfzdsPY@6oy z^TnIjHJs*$pxnG_&Y(DNZ-n?_(AI*tP@Roc^=lcH<0ZU8`^IE8|g&$37W^6?kh zvj<>`-%ygJ`8xn8GP_p(ZieW{{FaS5D{S>P8KN^Bp#2~qS;A|UxZGUze=iW@!_FE2 z1?f^W2+%e2VGKW$1l};Y!-^&9L7EJK_y^vwA%^jAIM~|W+1-2b^6&kAe<;fIFpND} zST6M`qNvlMNN&Vz2nL;wSiJ~=D={qrj{y3VMi3`rDTkQROp17;ESwm9LirGE z_xt@$C&DwdLVW;mf;ooKA&TJbISNP;vLVVwfgAxAOi`Fch;9PpPkhj2oY3p8zc}TOf{;*4=HLLi1oCfiVaBm_7Ce2Q}3sOv3;TxS`Q&=WK*6`h_KiYFoRQi^AgBadov zrk8JSX%6jBb3PBmw_5P|5#6efVg@=Lju?MUVT{BYDu_Uu6ROz&-O2=vAZPNQuEBkG zHt+|2ziVopHentBv-2DX9r2T15j0Eo*$GL`2;sJW{rUq#RM4|nS2dMut2z~TUTm2c za;q?J#_rFK#q@c#hc90{9kmh3$%$e5PV61-KBP3V08!4oz?9N65R1a6YRMxWSWS$v zsHcmtY@`Zk6GH$6WdxLiHLy-JnQrL9s{MB`ZR${PulGrGtFfVhKZ;X+dx&WR>?tKP zEc8E|OuU3hLkDGZhTvA}<&`>}HL#zi(XHCQK?FxAVt^A6kT@oZe&H*?-pU_xcM(iz zpD{d100gHL6FCzRWK58(Xdopa19%J=;+-{+mWvEKosirlVn;ZHY&s&4hU|DDt`cN4 zlC;a@pE*}~vF-O4WGmIa)w-H#u^c6{*ObI+73$U;aYbX`l!U+$>BTrnSeEfkL4`e4 z#>Hex!c#)IVz!1;ib{ue8!V^=YXup{^lj7A}^K z`+8^aasVzQ)-r)HF;)P@!uzBb%7I}*9Z;DKpcjq)k=nV{5Oxfx@06`^sCJ#>v19_9 z0D|+vcW`ia2r#p|mXN+AFfrm&lrcb3L?JiYU5!O4AQTbS%d2>WDpj4@3O?GpsF;gm zEzQlOKxolYK9Fo9(==$y0zMV6Pa)-E5K6Q|A>d@Aj47OOL}xG>fv_K5|u6DWTN<{W~g#)h`H6=G-syQ=r)K5yzWTuX~;wniummk zh4Z#VUY#{SW{6T8A|@8M5|^ih@%;!xhL{mF%)-p&+vlo|oSevi{3=nniXf7{>b zY6dS#O5_@`K?n}r_*V8OW?Kkn$%G=tYK$eK%4fu;yO-LYvd7OBB ziagUNOtFU(FK@sTkoMLzd}99-#RJi`N5&pZOjQX)8L}ZrCOG*dzx^bQjv#=ESmhkW zX(Sd`?Q$07i-XWD`?BY}*=j)^F%Je(iZ;%SB6Cp7tfOQ?$fp;AJz@q(65Yy`e*Kbx ze~KCUyDokqsqd7cG5#d#iFs#AHuKav^Ux<4rxEfa5bO{uhei9gW{ z(OcOHFe0rSy$>$L%Ee5q>2Vf;n<+|wkU+(%S1i$@3XGs&l!hVu#vmXh5tpL%c)!!M zJA%PAO2V9!bpx7TvdE(-#1sX*TtcnMj3F-vLhA~&inp4sE2wOTD1TuL{k70(7UKN2 z#SQaUtSq;9ctXzBqW-WrfgX>HT$fL?Zn%D~J4G2~4S)#8m>W|_kY-XokJZl@#Ztl= zY`uJk#Vd;blOeWPaj{jOkPsP}Q6ODfFr`!|*7G8Ys-X z?nZ(I6OKLeMgV619_EVAae}!OPI7RSDOxDa#@KAtD6u&eWg3<*{TRVSN@&t@31Ap1 zpCo`8pQ40oo0JxfL^-?3r6lZ>+8u(sPC<|PbSo)KtFQmb;H|*W1jZv0{r&GfvpIXR z=umKI#$^piCz?n-;7Q#kMD&#sdCcn|!YJV$4quhtsP$&ws#+eQlUM)s{_M@=$^N^e zf0~cd=jVkahB$fkoo$GaYmCYbiTUcdol@?(8zWm=%h?J&WmNHHejJ=FTrrcob zg)BK3N}1FMBW5KQk>=f?QO7VCJCV8UDyRG>5@j)BfKMSe`<#?!aUyM2c|~3321gM{ zh%%K3HBw4xjKduNPQSAi6fr-(AlI7$LBU_q~^<_*_a0S6JpFNQmryeuiN9GsPUePXf^Z!=I60$#1Z75>#ZBF-~BFKTC(Z zYN9x(bQXy9!WEO%ju6FR-@1ayT5jp+D$&!p(Io1I9jmms=*CPEkRJD@lKmy?kWz=7 zSRp#9%5uvx7y&r()CMC;YN=2(J|;AVYV=Z7!O1(d56SUWP%K-%m?99vPdLtEkTKCZ zN%ZywVie*m2FAz&ZluUNvUP=I8{EH90GD9 zTAbpvu#hQYhy%z0;c@cVet{F;IoNAi^%@QN&0Z2!fQ%G+G7pW?a%77(X zF97RqG=k0BX*8yuImVs{k3^^5C}X!HqNHqP$Q=0F1Aov}-eYU>nQKcfLTBV9EBeS8 zRP$BxZO&y70g2O0ntQbjX6?O2sZ7dnMlRC=T`p?r7e!%9zRabw#VSeTo^}C9Z65>_ zg<{u+5mVy4pc2I+T}QcM#bBKwLHrT9+2}}Df-=*}KRavczo(F~8$!b&V4RXXvWaMV zP3gB%B((FYn3%F)asm#-y!;G#Fclla{?F&&=*RP+s5|hrolW2g!x&H!A;Gw%-Lm^L z8UZYq5WnrJR*m!t2o3`uT{HhXu$~Z(3};ne1=R}ymdaV)@&O95vW#{wXvVlSUCEt% zic{8=T~3kgepATZ0D?%6Gfu4C_MB6kOpgAOiRBzbFk?pG5nJrq8elL+5-fnOSq=)6 zyEGD;-k4AX)@3=UwgS6aMQ;*T7%{Rbm~;dK1cY>ae!72fBpGFmNzp6d+%^3|<;iz! zgQ5xXOHUl=S{!D~Ly&QAP;%Ylu=l^`JVTa^x19v>c^TpVBg`|{%bk4Gn$uaDmz4MA@Pso+CB&G~xOkc{Fi^*Fgki38rz zo8$Kw4`SB`St1x8QgWqO#)2VBoz&>HYAZ3$G`XLNx_jlijy20^!XaQ2i2~q= z%;dOZcr8RdDt#_g~lO_Mhe@02U3y{2c)QrKEH!dlNf51OMKC_x7Ixg+JLE)_kO$6H*vA zB8i!2@jf4;!>DeiIGCDIC^(q$s~H?i?wQX{$H>{a?mf;_a5u~ZXA~sPHUZ*+uguY6 z&$pInzf*NVs!*MTVKL_mY?Lla5_DrmOGZKrSpq%*ikeIVjPU@6AyzK$g40oY4`o+U z<6|8oj4^3J(lyjKMf{pE`1gs~s9EGCkGVE22tldIPp$zlUVg_eVPaTn8Y#K&OA!J} zZH*BesK$8s0C3Zn5Qxou1Py=VgK+NY1lS7#zG|p5Q5pWmZSGEbna_ zTS|!_9pu=@wfW*53DFSjZ1r=)xe0R5ZQ)*tlU@jri^g&QU>0I&OaY9SAT5e0oz zgK?w0Rq+`xY)2nbJQLbgp?N=G*uQ=$n6fEXJ1^Saw$C}mql_1@t{Obm!ry`NSasp` z%tmLiG%(&pkdP3aW}^tRsajG}{jGo2fB;0QrC4wosZlBc)QEg3#Yuoux!OZi@u3(9 z1T;c7We?FwJ7ZFqYGq7?BAUM_yI})=ktK|6vbqA}g!c*`Yv-_NUo#feK>Si6Btq+v zDn*n{aKfbQc>@zJ8HJKGA(LtXlYtZ+UC;qH#1o2xsW-|-qX;PnQVJ6k>F;Jff`|my z`itoMz-V;23mbB%S9sZqDx?SBoIfITVpT-#Jwd&o+e z*4>i2keQ)VE9)E6v$oS#-e)wjBXKl@iiOOSS4ySp%>V#krqy^o!v$D!b->#2H8lCo zkbkLdAAk&p_2q?HsX}{|Mbv)yl@V<{TyvSN@q#+0A-6!7AIK1h&IRxyS>zFAD-i>X z5al|iO?j5QU<#8&#!antY%hj1>O? z6Af7iv9U7qPERSK7XO~{2q>5)} z`#)d)|Igo_m;l_2aT3?n6>~XsAnuim`l9t*?6u6FLpKa#k{~WIv^$YNytCkYxxb{x5#uhTK*_n1c59pWMv$Sso#lJ+MteK$JpnM<+tKHV zjXy~FPm~=&1{-~nmgh**@;jIoNX3^H>N--9My$M&`64xOX*Sr;t2uONxR5cQD=rR3 zw>6M3Kx8n4a~^e5I!JH=MuboOd<_Z^q|;3!Y-m@2++USAr$Ts&1SKON6tXO-7S=!x zjpci0yU+%JH`e^0QXE5iTMXOE*T1$>-~_}lwKjo(Br`;{ZyzTZNdGFIy9sC^vv>q4 zkC8D&aUxY38EB@wdlDygJdQ*8Jt7lkzLQBWKPm!%6<{m1^_Pz2^LjsOiF%izeK5M^ zIM9#n5-^Kk6_V2vVx$f@?yaeTnXnq1jE&IKwi8J;AUSz7$W0+NcU${3nlA|qFQ%dER+NfY8kYZJsV&AE*yq2mT1mjCAj~wKqMd2l(6PV!7HaCWH z^2(qkA#4_3*if1^@b+;3^r5KCvX3{`jT1%k)S3*`=Q564`KFZJRXVmpnEIT=5x|1s z%wU8=6`&&KTYNPePWj~0T6MCWFN)7xs?EBvvTctgo+wdKVTc#Tswz0Y0Nt2b#qzkE zq9_&OBu}G)^rT>QBew;H?4Du;Cv!l+jMdkJT!p8uiPk*P+H$Rk8ojk50u26Z!jZ0u z{`M;|e=v6^$cVnG2VdL4wWm?eehKHs#%72}#<_@X{7Mw|#Kc|sP450RaHU$4;K&mu zN~!>4tQwFre^oSgOM{uU4;yo_4n8xaWP30_?>y(+F=6O3B9n<2*sDCE1px5zqhh`6 zmtUMXeDDf%<6AjP+A3h|X!2moE3mh{r(a|YT{0G#X0>1|R?{Vq7^^mm+Ts+ zmor51__p+Qgp=?xOho4y4qyEbwn?&Ag1fNIFnAT;5;_rosG|Ud#c}@bqGoZF=zVh` zVrMab7&;dXb;Lizha*VQTsuKF(w+@9>59L)Q?_gzV`OrNp{qAV1;j}PMjTOAqx@~U_B7d)qwz5{^5GJZT-W#pPbdz( z>zB;a_49D9fj{W`FG|5&^G>K%qTP$(?&SdXJU&WB)hSbKA>v)t*sWC9?du>cu`Dkl z_LEwe@^BlGOIq%Z*Ej`YIm>lxc4B!NAsZnfA;^#bR&B}ddTL31Nbr9$^cqJ<9rdy6 zKP((qtPOuWKQJ@s9M4_TWGCsgjy@fo2~q@NNU!x$S3iK^jaY!R3}AH3y!Y1RFerS@G1n^s@+PZgAxQA5OIU z+wBiCK(i!KM}gD^EclCQ>zF@h%F2`yru@}nedx0X`)}W>Q=bxCAsa+d-l4+0`goEb zIb0kK5h2&gkDW(!X!%!|FYBGm5U{_9cNTEDp)13-B;g#dl~lKUrKrhc$c@wmh{`BE*?hM0LcXKv;>+ zO%u6lX<{VYAhu1j@WgCO7Nv`8�ON!+tusVSIw6Z^{uO@;JthHNq-;x~Y{f{ha!o z)ssV_?4EUPI)+@+stn^R4XaZz@|x1Fl~>6gVjEV=U3KfpgL)%0g)>Yt(^R3J%bcZ7 zB#+WalY>}3)<#j}Uhx5_ld# zhO8jo7Bi&?vYNWV@r&J;W^EITP^|SbE=yIW;-8GB*4Ds#eMDX{@;n~VHXuE`=7%Y5 z&E6*}mX(Zw5cW>i|W9+(ZM${qh4A+SRQ-MWa(J?aMG~hGev_(5qs?ky0{D ztQ>VfGl5Ym+0mIUp!C$E+%}|g{nXS4f3v54Ye>$`BUVtN*2*m&YXFUIHDA>#pZKvq50DM(xs#Jt`}#_!wRk?t*L zu8(OL`n@yi{;{5N{%0e;vEIr1i=%U&f8s0mF(?23?(X14DgX2Ci^1S2|MO!!10TFW zT%C7${^bksRW2Ui9x(-9zdo0Scq{S?=C9>edGZ{XT%{AljcVd~x$OJpOYY(8TCcqM z+yy@P`nA5$IEx}tP?zzDj4~42#H;QXU+5x!@u=z7F1Q0Ks76Q_C?FvM{{SeMl1^vK zmul3TVhFO{aFC&QIbXj2`qgX}x%c+)*sWu0s0%NKyh7GRSS$vB+9%FIc}V;P7r!b#4#IRP*Gn;?}pC@4D!a)MQy@Edh< z4Qcn0+_bK)t~#J0HKm(NvhTdn*(3Ffj;_nzkGUZs%?O0gOQ6tbx=NBz1X2jHeX?}jM&aQ1ecZ3uOD*!l9s6Kci;RVG{} zCeqUlj0;duvUn$|p(Ip)0u(W%OTN)*0nO6*a3*z2A--^DwTm*$p5bN%`vaRIK@^G% zwZ(yf?gaguSwYyyEoy2|5IBea|3*1k4s0&BvT zq4J7=sMP~JRVOGzN&VD*RsF~P%L9pzm_WX;P@yNlZS=?gs zar*W7MqzP3%RwGCZCReP;tOP8(>Cz8FCWHs{Wa}5XhI=Z@+%+Hm&VveSjNhl0!~&SS0q?_ z=ts8*0QhZD_)2#owk$9{1(XRgu`u*KON&nm1-Fxw*|2@XD2F~=I zY=VkaWWLGPVGc)Knw0rny_0yZuAy!aGS|V?-W+7Br4%Q847&e=^}6?JKrFNJ-<>t^ zv$P&FaGs^|*iGllm)>_B^VX!qmdpl*p$#FCNhVdyEKagdN_yMuh$1pGg?{a%oHW5) z^6m@}7_YZUprh@Rf}c4pcE0Nw#%vHQzsj_dPJTI zk5RyfLdrhZ0EpKnf65SaWjdN}5nByln8b61Ic6xHA$maK6jB7b|26OjJ6^vF`~#T6 z5som&i1|O}*UkBFFxP*|c51H4$!`mkUq2nmVhRV)^C zFhxTku`UVW=u>JoP}dGDkKFnlT`tE;QQ+|Muaandbw#F>Eer{ZlGdem2RO}=0PJnc zKXH7XjmP*C=z87yQFIPW)RK*D%A)8Nh{;o7iZE5DZ2Zp8NVP7@bJ2$w1p^}#$dp5j z#K=u3t*jClMLNn$T3!vEVg}ZA47Rpl$S}?n1si_ncntK#imDMSHLCRC@*U;{&!sx@ zEYCnFXd6+R3&AxU#eB3FHDwwLEQE4HY2wE-3I6ca;!>U9j6_4(LUqg?DQ6D&)08;9d!Tm5ag#+^;w)BT@a z(7o*5e?67gdnxr*Gw@YMVJ)2&i}^Zc%-A%(e6hr}t|N+TmB5Xr_7bJN6ltT>vbheZ zqQloVQcnPjjQ;{Lz9J4J3Cu%9*W;q6R-6b}9t1Cih8h>gzKrEkq2D<>)YmCUBZt0k zAVey>SmxPtRL9&esuH(?q`s@sOi>j3Y}%7ZklJj8Ff`}V%y+*lgJ3Gz9d zhzeCxg1ykyQL*zXcjYa^>EI6hCnFq{bo^=$D)ck-Mz^XHgLQq?2&gVI=f)q64o?0J zl6~coan&gU&|LF;^ zm26b}kU_?x6Y_8*RgR-tox;u#Zgz%->KrC5sDHk*Yyt~-K3jo>3+=S7Q~WkFrq zKRwoknEwN0rm8;vs;>J`X{LI!K^M3Z)V#9IqGWqbp{5PmrN-aeQ1SHqCQpm~FD2pX zw!gp3wg2sG?+kV-@gH0LC;Q)HJars9C1Jg+@1}_se5rglsq23#mF>D4Qe7Zst%Idb z5%X)rqf!Kd>Z25tP?ed=weA2;LX>c@RU<+618MP zlEBBVq?PU_=z3@3--5Tj(2Z|fDUH9joQ!}HDA)wua&DdOFZz6eJ>^wpFhxw*qB*nK zGuW89c{BBZZ6;N9^NS7BaB^l=p{npJXD#ZKyEb&d&BE*QtNJSSZt_xh4sR-~XmgLO zS2|Exu3mrD?SrlCruG|`MN@^w72ZCA-(ZzL@Q{{X?M=;9SG==cdn26m*i^3}c}p4i z2)bS%R$6==VhX%;k%WKXZ+`>2v0~yI16F`+IhcZa2X* zb@X!hs;yO&%<{EpR*Ikk(T1H10CEST_@-Je$!&AjkzY9O=fJM=#2XlxO=jH5qcg0| z&(l^c6}u=0HqK*nDps?e%PlaoRhCv?@SA6@X8jezNGsXftCS;pF;0b=;fT-nr&}gZ zvn-03UoI$f*?yb+S=a~WgpYYF@Z3ztHCu$~>S0B`Vylh3vskQg6R3mnH(>oM0KGJu zFEnym;q432!^1M5`F;2`G;BF`aqYZ2y7=M!VVU2)JwCrE6@0t@{n6VxzT5_uIx?Lz z^aZe$pS!OvbP2=dPy25_9F-yY@?B+$!+aEF=Wky|i-Qo%*7{<#s;T)g%5YsWGO{jT=(UtPtb%I5T3gdr%I+-oHcNBO?5 zy5;65eA|O${Y&UMw!wwfoMMd!)pA;!URKFzAFj^4C#b|z zhs0V6R}xl&uV2ma-yE#}W_z=1n0sJ-siomR%{C{|kG>%1Dk0_xn?qJD|w8{4=8iA(ywfs@3^O<&^~DO{IQ z$7tN^8LAvbUbiq81bYEN4FLJI6fKOe#sP9*l1)Ce52WC#F@Bjmp10dw++orpW_)|j zrdId8Az1$@$Z>Opu=x(J*v)`;H`oD1+oLjdFXkEWXx2(PV9bkm= z{V1Knx!CgWi6y_z58Xssd5+-fveCSz@{eEDgeJGfM&1=c)=?ZZH7+v^o?;;ezP zSYVN*YA>RAFtp}D7WH>Y)*`pI&x?_gAZrN7yrK8KYVw5a{1x>=&XwD`f^3Pf*aNW?EU&bqT5nz2dIu#W=-;o z_f9#)HRqtRgCFt8j2)H6_5D>Y$*O#n@;a*)QC?$C=$GsB(RaFke*W|Ov%`&L3SUZN zT#d}uT;-31dgr3BD*ElcVe_ZJt_^+9e;vAxPtGs)-@d&(ef#0f@yU5RngSy`w_<8u z+PEqP+)G#&u<^+ouwZYYlRP~{5!fu4Q1yxaoxT(fDigL zBFREPRblDsFi8o}v!*C=Q9|eaQ0;E$vNh6}>ui7E7|zAwHLF0V`CSc+c`FMgvpQfR zJVOa$?39ubs&jM{3e-3`g#3$JTPT*OZKB1|(&S*NcqxrVwG=fWrUyK04vk1ih)lwP zVkUsvoMpaa?cS=jwdBo#+Q5xMiPngX!tmgDj1$bIo?-qj;H$YUC-Gb32n)&K<_*%# zQ&&4iw?HFUO6`>@N{xlbiZ6!T7Z+KUv9>oUT+QA4_EW{#(Q1A!a^@zBXN{e6j*atv zh!X74YiO~~r8H-NMZ>P%lAcjQxa9CPJCkFAH!0HQH@l#5yagp069ldZs&b?6|1*lwJG_)$H??!ur^E2}M~9a`kCJVM4HN8>DF zh^vvVfrRiWP9~k=4422>;#I@RJ9%AAS$;>__GB;=qY!8D5UA1%waD;iB(E8A$j-cK z#B+V^vfs!hW(z6!(w=4T9S7BFfXXmTFdzRMSRb(#N`TLJk^&F@I43pp>!EWuAH`Bhy|-3o;*HUw_i zMP9ouz{2zqFg!<+VYt|?sL>pDweG3WlT!R}zYl>h0)&Woq~?~n4-2!b+EoKECg za45(R)?OBF)O^htI?^2Dj6_JvOxHLGhd^I7BHniLGsrkXuDFB+8hor+eugnW>%BsV?ee936NwperWC5cPL|8i`fWf4*t zmZJ+dKUt|KA$)x1aL=J<78Z|F2{2-z!?VACJEmPu0}< z&214Z8wo{0TT&IG&dYaFw~o0n{h_I+uXSI%IV$EBg*BUGo*2@swc@iHk8VAPIq+)Ru!i=@#d3&s}ZCzVb^i`IC(8+N) zFHqT5CUk&lGr5we9A{1|`|NI0ac_Pvzbai9h#B3ik(8b9NMmX%|HJoS>@d|wX z3SM>U0vie?Oen{?i9poNsj$DMpu3t|kt+c$g;RYsF)Z`L7%L|ObM&dHC_-L}o!r@Q zBU74u-g8d)%?Gklp$uXJbjyL&bf|9;BsSIjZ2@IKRjg08EBX|~wD#9t#;8oxjFK79 zS$G-Zz(d)%F37X(c;o%CQK>I$T1m;4vMH#AyrLyCKP{bss*U8YUqPLwNUlW=Q@0QK zS+%f5X5F#sNrL!sSaYyCqmgs2I>=}QJa#<>|3@i4Lib#cS_n*BNF_q_XZDH{S3_h5?4=h0OIYW7rYzB<|{zPg>7_oD5*o_(ujZ{7L8S>rabcGr2S zPC4jCaz-uolsmvs2%h&m5BT2!&+GjauwFMW(;fQXZ5CfR3CxR)bvJvH=N6U40Xbyj z$!jQKB|GQgd``=)1@Ff2~ z#?u-bEeLlkba}aLNUa{Ml(FNXwT+r^=~C435{k&PB^8lpWkp09m@2k%b#TXp%5a_{ zZgQ0)|L~e*Nhr`Muc!f!mh+?zidTTs%w#mshkDd;Bqy>;GB~R^)%9x-b?0?*HZ8u? z93&~mP1b>1^y05;a`oRJD-VblV8anX=cY=@dz4~D2@Q%nH&ygJucF9&)6r!u{NG+% zys80c4*%cY-FZ>A|7>sVKJov@c$DZRxrA%-uL+gkSmZRoMw!dQG-W-@>JKeV{b4Li z?kSO$`pOkfhm}x;F@KzHpLeX37TWI{)HZ<|2(emWMn)lT z%&lc{-?Z@8D*sIp3?sytXVM_tTMC?~|M#~_{=cpM_LKhqI8ROdXYDb`M&ZysA2d%y zEF7n7G6(1o$$Q3y8mj#h_#h3}(IJ$_r$cZ;5>ye%mKI&Ku|kE>9GKSs5bWyddElp+ z{}*%qcq^C#+WG&Wzti8T*ngkSe?88#V1lXNPNgs9mile@c5z&b>ic!I>b3vcl8f5{ ziq(H>%RsTWCG7;|$`5NbC?^VA)`n25{|#Cc79U`}eW6(Yk78|@KaABhv-+eiC0qwn z6lReP5;e&M+}FihO4{o$dYejZ?mOp1j{{2OTPr+uEp=Pc&r};<{>;(x!>zs6qUK@? z8|ToY@E2 zoKoTTJ9}zj@0JE!WEbDckSb8R(+w86^{0m5iuc^jo$<;|KcIX&&|(x{+fMo3pvIw= zi64}6iC4+JZQrQPFJ4+jl`P|}d0b1a)a4up#r)t!h<~`aIK4c5e|Ax7sCvs_3m7%I zQ5T8iEbBe9>Lkt0!CHpa#=bT{R3YVtJyA~zOyLMem}69$aR5R}(joZx97fUeUkcyk zL8DWOXE;I=bi@J}>F`AvP*NysGUlHV!eywBT@V zR^V|uc9T}Oh>3a1(E{4))08@CZ`*d^71E5pTyXDfNj+MUZ5v>mr!G1fNcF6@=OJzD zYo(l|i(;fXPw8SnIvGk0<;|rn(3EWIzqz$@Vf$Z#_zj`gUMe@wrEGxn&VTLf?Uw9+ z+x@|l{qIp8$N#h5Y6aYA`mPB>2~~cCW6Y0}2}MjL9r8S{U_I2uaWZjofGAVqiQCeH zSQ9<0Ai0-Sv0^0=0vt;C5GXrWu`8gv0-Or|8-Ot-u{rQ%4RR?7&mY4wwg49{7>^8# zoTujIl^Q$D52GknadDd>d#?T1&WA>q`A`yN)r)%xpLK%gxNzx%mlH#AGR#vmDMcY> zK?<@Um1li{j+XZ74R)&1Xo&!7r@VRU>n6LY7i-!spW%C0&T{mvFc$P^d<7NR3MWrY zrNmT@%v>OcrK~CC2ZRZeDngVAjJI=}-R)XF^5O7w(V~XstN{+AYe16d)}67|-kWb8 znZw;UdE#x4%G-W#q3r>mh2{ShqQK_Gf9>s*^FIxC_MY-TJj!zq|NjF;YW-3C{)X@u z_y3n_+&2!uH1mM*0OgRc#k`fijX+cVI{|5PnY8`TW=3-r(u{*P}e;^{*%0uzr)F3QN)!*8R$e64x)I!I4QZ>Iw@zps9lVW-G}g(4q>fEAM=@ zH4=2Qe|juSA2{9@fB*DY?}g0&0W#37(>#0H($RHqGcZkhr5&|ab^YRAC$T&LBgCNt z#R5Ib8igdSZVmK_qeP{GC=^v(N(ltUx>G9<7veBAF-EbP%QAwlHOY4H>IzJIaZpvDCEklD8TOP5e%+TG5%qG$2JVDT& zRo()SWbw#kT5$KBdUd`M>Eb|kvH%=T4~ur$c!`}0j8{)Wc~jmW6YWdU+wVU|Wu&&O zvxOI9g#f&7;HYRRnGsgyZvtOdd_boE3SclrYMrQm{S=4)P|@gUh7!)e7sClONIJcpl;j5etsT|JS5-%F ze_O*KLidMwpnHmOtj<%if9RqSnOu$ujUflp?v4}i{Npo@V{{pj07gJ)V;u5~{Q{m* z6cdgvVHi^JUjNJ(qTDoe(aM?#Ob9R5!fnylBA-3bM%S#(nt_U zA@d-dK^9P)^1|y+p7TLg4Hzqyh$HpEDJTtHyux>HIl0s${5Wju5y&NP)mrf?-C zv0hKEA1U!~_xsLNer;-$o;Qly0*gw_3PL3`vzdt@XygWZT`|0@L$a#IX z|Ffy`@AJ!pAI{#tztAt<{dn@;w737^@c82L=djP%{x zO-08{-J06;z3K3$0`_U|{nI`z`~NI>fY`6UETI3rsKkHmzIgKgJkIl|`5$G9@TO?u z(>nh8hY%%dj%d4MccXWf3gE4A9XEC|#tDq@XGBdO`HO|SFtUmAQ@kS~szfT)jxR5s zM>5Eq7Hxq@&ar*DCn=MkRT3E|RHh$sl~JcthCi2bE0mRAx3Frg6pvJX+uT=e^)H3% zds-)_sNBv~lWV7IuQFX<9^#twX8un}v_j5b_nD{v4R*K7@xT2SPxpU6%2UJtr9u-> zB=}{4@7G<>zflQhEwEd4Nx%K7nXO{@qWT|#zgO1w1DweCVl&P+sov|AIk963<%JzK zqPqFc_WEM>B1~JZ(2Wd96q9q7MTl*vbn-fsa=y9112Dx}8&RzMiF$G?fd^o5NEPt_}^UpZ@ZlTdGKOq>uLXgl&6lN>%D)a zjs1H?Isa|fT&{(Qdn(GgNLYjMztUi6y0l<-o^qedpds$R1hSp+ab>+}yT_0uh zbvF7H1wu{pK;aOu&KKJbPD^gtW#{`rl%J=kh5whX+gYKHIsCuBySrQF|67A6|KFoL zU*_K3)Nu4)e7@(&f0WD~nZv7d@9$IipA0z{t(H&Uxo7WcZ?P(!x|4P8z-Vs=C4p;= z`qoZ)G(Yp!|3g@S=E;A1<@m3`-p+RaY5hOO^X1QX^WB3ptlytmS?l(LU z+@`)Ax`h}u8H6zPIEkbD$go>Q8Fb_+<~cC@M%zdm|6lRiKl{w#|J(f+dzJhj{ipm- zkMcZxVyE9Xj%$%@P4~{v^xzqpzBrfkJDzi!XGnU@ZMvrJ23VJIO|=EhwXbt?JS~;g zX-*y|H%Uq30NxT9eh(v<1c-KBAZz;J_DFcs#5#=`Xo~M@+pVkCmd2y5-nlfyp9!Ub zRXcXS4%?`%sl_JGyjQW@%*9@FOt>kDK5;}77#*MLp*Szvpm*!FWZr1c?zKcduaz@+ z)#vQe*WOEUs*!F_NGS6KbhUKUu=o;PY{R{H*}N36G*u|%`KnN$bjTciN(qyNSzf3v zDN4EY#=K~fhqy!ZTU2PDo~53-@*h;j+Ev8B`S!m`{QqG0DgN(Kp8D-UTj-4^Xifr9 zWBYf-#Rv4plwf)Q;p?%T6yK)lPd;=%*C1i;^%USl`Gc;O2_7N|Q=(daH{ zmI3?$cIe;sY1#idLsFG>)_RG5@!J01DCa^oH0su>80YhJrI+Is(=y2r|eE?LBCDt8HT=;mR zZFK3wfwGIrty=RB398KDd8hMZ2b$$SF2*eXE%B12WsG_D-xn_`_djiIJ=uRA)s`oC5n(~}_B&+_rdi^%sm&PtF98bZUWk8xKrrIduFVyg(dboI zXJuSqR5A_dRJCC;8wMmqub!>nOb`d2r_#oH6tR>f42d_X*d2lAnMAmQzW6~gVqgHC zeaUF_6>RazfGgGXF215^X%=m>c)*pZMYT*a39rgSxy1YP0)Ya~epD z{BnQBy72m6;VAe#`LDmbSJwY_pW=TW=lQ+X|4Qe>e-}2e!h!CkhxX9Ntc70tXO3ce zdhYuy#Q#?e1)V4V?UeI>ZEbD6csl>{D9_UT{~L%9ePVtO_bjshf8+cQTf2LMO8$qv zC;9JDo|WwXrzBiWfLnzJR6O?GDT-pBO?y*9uDe5^wysP%3h%MtkjqTIi+j+A}=3F=);{@|tO-cIKDlKvnA?n8aI4_oHHy{azIFVU<%jhe`R+=>= z9*KS(f>}!$vcT7`!^Q#}PISDcZBI8^##LrxsEk- z7b6vxU}+SI4TT%TouC<_->?)>-v52UMDZjc6g^lU^W^{C?Q;H?ot^$u{=Y|g*1##` z9MOaUPJo(ta5F^-7-cvLaWVlZ46fk>F~740E~c1CACo+h%BCoaz$79g6`O*S$)*fA z=Xi!>NWSwPCShj{Bxs^;mRwIM8skqWRDATW8$J-r6p%#L6d-{VQ4rw-`5pi8{PLU= ziaKlHfW$FLz)uI~AjFh){0Zhg`L6=M2nN?#3dT4> ztn;1EZqm+o{s>-ozVmsUcE0<6oi*?iq?lw393LLBjz41o2~o$_zOIgsLj-%OJSD$& z}db+-H{)M57sZx9D(C?()H z8Iw-u>gp;W2_q5eh>ZqN@d<{ZxmH}>e#)GdCYVpNk&j7Fl=lJwA9LzvX$UzI?RGks z=Lmt1_M3uAG-ecokOWNrkpEnYLcI+zCe#QkAS6L1o#)b)dnt#YQ6a`HkfBj@K>$`C zRNiLsR!frkT8y!G^(t8s6F(_>kZxU^4Tm7orGpBtJV% zhA555tr%Mk2)asMT=jS%6H+V8P!y9HV!#ae$83aXf;eKLNJF|)^pTI z?8c)E1gg%DGMgRgwg^n@QRHIf&|@w82(Bqm?=H9)7jTAR0sOC_$4%x^$1@h zFdO(={x`i5LmwcoZQpq6l6KD0F)XLK46jCK-$X zRF}9*@Ylcv0Xw33u)d#!VA~&T`GXCCKg=v#`tB~K7TP~wfh|$2pSQ3pTIh8CO)@Zr zGd1im1fDl0G>|`UNk)O3uuLK>pB<=>st*m4v4eQomKsEucebZGYlm>#A7}t|s9&Zu znoj2qoI;@jaQD{ZhUX3(B6T^q=w$wLXRk3^_POiad5b^Gl)X=Rr)K94T$vLaSM$ez zlEouL#WW@|zLXh7H3}T$%IEz7k7ibx-1V{IQtQoGt z)uUHUaKTR!t}LmAY(=&^;rP%YTsj zTNiw7gIB^8;TcL0W2cmiP-|)MRu=`bEMSOpdDycJF0q%sLA*NzUqDxg_5w&Z)^!tf zg;vlVg6)34559sfPB6zXIz$n?Jx2jaLe?FEz5XWX>NwZ@?Y4M3hB(S7x|mYLrX&ix zLmAP21@rP0^`eK+9 z+O&Q|KgXgd$cxTt9bAHk~^f0~eb@uudd1gi!^W0$f|8-M#VNpuZP}!S;*2(P(Ec{QHZYt?hoeyWM}W zyE7W^?ZUmCemEWlyIVWEgTD{L7hB=>Xy@-}9PC}WAg0y~ICn}#Q5`HiXGmAa;}gP9 zDPkyTSzOhcMYyzGx_JpWaOsOx=D_u(l_$5uaZUFIGbE5Kz^&9&gGhQ3U#dbn0${WTdh>)X0Bp#z|BePVO# z53?SX0@W&89Au1>*r-}_TYnh1f_ZEDP9=R2^rg$%**re2hwCBcv6xn~rnx)OJq$yN z3gQGOGIu5z>AGMYkBwa!g&X$)uMsXc$)=;sM3`~GCyr0S!SUf4Q%5{dsE?mY5Jxp| zef(twzUrjUY@&NJZKkM$z#3KX9ss#;mD5JH@QM8}#7d&DASy4wm{6eaK6Ct+_XbSD zH6@JiM;J0RM_;}ZxMA}6ikvdV^~2{3^bikvq8(N&zY@N1G7%GDA|u*leH9?fz_F?_ zuXS)GkN@0PMAUFCz*h}CE?-@rN!Kob6j?`SxB*t@Uk0vkjjtNGgq}A?&awCk0+ezT zD!*0>T)h>HF)myeZL(nwmlOucxE(A3*Qs>4Ee%`&F1eoCjSCfgi8?a4rU9;xU1_NF z&?gwDk>K3{jJgl8NCk5{g?!osaSp63Dp4r8NJ>$Pl2H7KW{BR(G3ej`Z3Fee2ZqL3 zq@1PZ6HX@JW1uKmn~0SmeE;Wju>baZ+o4eVDTyLPb2r7cmBc)TC(QAEz#HblXyoaU zd4a9nn`AgdJ^i7VFY4Z!?tjC7D5l3-S8xHJ7jMst=xQjx5?uDo&3wK1;PgZ99f}FP zwWn-sUWZV;xfm_z1HwUg&@FkhTaf11Qm1>$dRm>gX$M|lvKw_Mm0?vnmYaUFhpYw`b z)&|;x!liEUuZ8Xo=#R<=7r+FJkc#a>A;3wEIC)PR%i(%EPXehCLIiC|&n!&v7_o{) zXjSDdn4&O?5N)++RE!$eFBz~^!8+knLkPs0XNoy`p9E-OMplKZO~G^E;y>ldxEf7pEAlTF zt}#wvgg@7BM@?|$mCEI>K7wv84hs=DodsS>2}e?@?Sgs~R_QAnoi^%tcR)rM0|;0) z0wJc>Zd@TZ1J^^*7fzHoTFYSXz;TgvVJ2@I(`7e>&Y`$IQM;xJ{t$YT$xH@t;>Akf zcrYb5$sy#h zZ3B~NmN?i1AxWNdp&KC0?Z}M~JEk}VkOLXgou%MT29ZAqTrEz}J0OaBfhg-qV5}UZ zBJ)cQ(K~Q8%Gm9QEUnx(!d2@8oevj>lS28cfxkWQmyb?qgsavGIv=j0L-Y<@b-Sym z!&SIyJ)iU8DtbXz^>r5DYEh1>a0%(Zq8Ed|0j(L|d!JZV%-xTq&6^`fz?C7C4dqwj z6DXN2R`(7ZN%Ig&W|$JCW6mJO%D$UI#*oyfOpL^;YE&|lCv9F+QjyfkaMeOIrX&V1 zN2Q_zADkl<6}o?V3_=nxKoaorNc5(CBz2}JvG>ZjS&GJp3TEG%pafCKQRrH%V2XRQ zfj@ZBTSLig2C3@Sn+?2xP^7|a<>tddh&aR%^DU~(xW$l_qkb`U2o}AU^4iVySjS_i zNX_ULs58n^v6PNrQQ4mM+c1k#h`rhj&WWfG!w^|L*_nGE94Lj=TFQauC}tS$#nG+W zIZBueHeHCaU=k{|N``yt(Jn-5xfZNoQs=6gU5SpX$Jhr{&O+0x6grqKzq$+RC+ED^ zec;kk+JnP&U^1V!fYt_=Jx^AGa8+x@kxseRhOsudOv<(g0ZWU6Q8vNzEQ<=RQ&m*2 zvxq>k&|pN8i87X(BMGMbO7kc-xP|P*cQ(j5H;Xxy!Ma(GQ%bVQ6!0|KxF4_AR$`9F zxYd5w44183TYjbO#~$=J)k(XXy(e|}(v^Wp`OO|2u6YQ%1BbS#R(=}8Y#tOYn+~^$ zPvixF-A%O#RP8}5N8k!lmx9Zjpux!;1Ja#YZ_gP>DUKn%ZS~!(2$!2keXe*TW4GTP z?w{$7-f`M@OI#qJwIglQ_DPhYU9XpJE22 zn4%7POcA(7x2mALEd0tZh!oCM;fqhD#M&Gm+=`me+-QTmA1Cs8fq<@6No)aIe-*9; zA`ezIm=%)pw?;#pl5oMuw}*ji5%-9JYrznW2Z8H!UcjgB$90h8KCL|Z)41L&TuTOs z7vR$FsWuyq>Bl(W>g+ak8m1Kh^r%sb#x3qoE-nJ4@dG+mXrN=N9VN)@Io7U0j^wlY7j8; zs62T-QU}W3;1B_ZAPuI{O5w<0@@!=ovYt9;%zDld))?T#@|rTNO>mtb7_s`Q7A|S4 z5PLNlTQ9f~r3>@OX?7peeG^>vhMvS_ws$~HvXyoU?6m?G$lIB~2@4#_r zz#()36U-#mHif)@GsS^AdF)Iio02RFbFTcTI0fQ9@w}x}}8bxp2uS z>kn9+Yh)5I@kSlwm+3}CNrp*M1VkD&1;ihY?<48Yg{u%ya0d+iww<+cS_fA`vi~jC zqaq~snvz(sT6WH97VwO^z$y$Hs|hFO$~f*U0l-W}g-V(3M5b}@7aHC@U4>2KyMa8I zzC(OU!h**{y%J-{)XD!4aTM@eb=F7OnGb%(da=_UPyoV6Mu^LjW*}9MxQ?XD9(ILMWBn!Cqe|b|eXz)XHS5SH*#`Yn)z0>?cI= zxHgPUZiv#BOfwZ9bB$BLBYF59kBwF&CR-T`q6=h++ySPjl^BGKm}cCaQ$+|A$=ogou1t4IIJGwyTWRBX zEHBQ(V~oPh>IBuvw0fpIIaN4eYL+m|Jz_q1FMz+nOwC_@W4e`Q+@3H4G)ttl%MfD5 z1Qj0h=M2Dz5s(t5{9JU@~V(U=C+1rhuvN2s)l*ar@I#1w?B1oDcQSTaXwITxjA#LFCl4ceMQS?5w4`s z^W@~G&;ZFbpzIc#>QJZ*vay_)DFc8BMl;p$xDgvl)dMI}mXIs0zFdhxUNypdfmqE_ zZG~4wWh2HP0dTpKsN7_`iM4Gjp{Lx6ks{r*9V$74krkZ{@Uul0<-f{V#po+NZ< z`Aun7_tSQ2qkQW0JhqDZ?c9mQY>>PWrDSH$BtWhuE(bMZ=twgW(MkiG*7hd|C{Yd@ zGxwGOi4VY&mZ{YKR{n@&0z5FvIAB~^*A#M(ZQO)K>~ z;LrJKA8n*kw=yCXd|YCLD{{Y@+Z~#4C(C+cQ~0V92u zNu8_X4qVL!{=i>8*H#n0>LUpn;c|ir{9^f4VhCDqhM5CbYi`O_!zIa05)l|4y1x3l zgBVSx8`KibW84SIvQhZ~OE?%`obtNbbOy;Hof~I=I@xrew~~7u)w`D@|}!f~V@> zY73iMF=VOhU4KBXiU0zk$9NfCwO!^+XlCAgBZb<=^%4pS@a0YAb!#|K4FqYo^gh#jFG)I%R3A2Dg8@zD`t_JPL>6U@3Id9k< zIE8#F?Wu0}&8>s0UW_=!!IDx@EnF;^qI#3X9XOZYT$NwJ*mqoM;h_sT5YpwNDTuNluh29K?NbGjOba-z^lvAB0H_!?I`sc!L(6^O-U4t4 zI$JDFzHnFiza7BEJ80OyEA)^#WXJxYOWW-r*>{rJ0cwxiwY=R;X8+M|2buc}+xLK{tRNGR=l{*#|7;{4W7eYHbbzR@}DA z4AX?1mgS7*S45wa_w?rN2YtwQ?nBF;qtmmyz2=6W0}c#5WDd!3A4ugyw+@lUz?~=~ z#$7SCKA6mX@?8&^6{~NAyu#ft0azRZb^F!}a+LfSCIbX{0KMYXOf*$NYDwpFp5w7z zR9Y%tGN&L6pg7e*YW&0Kd~V1*fKJiWZ9;3YkIXwtoI{>%cvtD*hztf%&(^*!#KDW_ zLHiH{$9s-2)Wo13qrI7CjadPXrmny%@NEq9e=1RB z2iE&=o!`k37G3kYgjjZ$y4_A=JUR&zHN4PC=qxWLr(d46Kbpvtql`@4>yH?y9e{eb z+iF5ob494ze<@PyEG%1&fd!WU)V&G6W8_Tt$&{^2$%4FTmxx4n4J7tD+gR1q$FRRo zUa@($73DS;tH4FhEKTs)xhP9<1C~MglC5Y)zOwUdBO1AYLU628 zn!Y!|(__6Cd`xE;h+L)b@xPcCA5$nleXsw(Z`18hOsuhX5fEVBr6rBR>sL+P!}OuK ze&y2MvI3eK^vQ<2czyY^o|Iauq&c1?9-Mw-Mn9}Y_o!oy6XIyq?~z5IU_(WFdlnB9^dj$Fr8d8skGFJ zj^GtTX)U4%QKC200_=N$jNM+52^i(#Yz{KiOQBi7Q>6Fs8_DaMRT1th=qCnZAfQ0E zY=#o@41HBC^L2_cf)^{G06dDJ2X+)f5J=;t%?jglQ6y1xP9)34YQ?Go?@YL|QiG_1 zn#h_3qkN*fgc8Y$CbwSStEQ~EmgQRhYr3zZc1e278Y%I%O)oQRDb`Gu8?xe3LOZaH^Ivd_&&c&8y5d!lc~{(M#cHZ|IK6kF$cR@6PLT7AL<}m8+2*!< zQZq7|j3Qgu)nnD!wKMV|jtF^^B*|}XFKcs(a~B$Bl^z!~$14>euil+gO0H_;6C0xP zNXTGXo#;8+ES6>mH4}stef$&cpF>0n5(G;ISn0gj+m{dza1Yt2uR)7lS{I|SE)tY`%{8oEyd?(#-M zv?xf3SV(9=ApjGo8{U}n2x7cuDS*0KWmY2OA_cbs4uPtCWSfD;#%>o zr0XTG*-(K&Z`GT1wlw8TtC5pI0lBZJKDDNx&`r>%2 zQY2Ki<}luwM_ zBQ;PcWJVRw0Z7m!gcs*cz3i#cCw6??&GovU)*z?tg>KHDwtJ_SVpxp>XDPB|v|v)1 zZ2I#v|8=Xh6_r<(7ldB$zE= zU^r?N@oF*t3C9wx)94A)Rbzz$jPpSq5?^}Uh5yHdm#*XSCly_g7z6&2 zFKJb=a!`f=Vl7qH)Yxj~@mL?dU9xgzjq={&A(vt=c|YXNQ0jUB3#azw{}}=kEt#x$ zG_xZ>MMi)kUVsAE*8hkU703a`*L*;D+S1&K-0PvyU}RXBf?kQkUWsk5gp!mStx##+ zmn+6K1cen<()^~cr85cN4^Q9@KXWD^yXGq5EnbWG~e682$j6D4H*Iyr6(NA2lDkBfyiFY&m zu349Y7GMn1+HqP+RTu!c(uwfgKE3Tg_6%G&R)Zzj!L)n6%{XzJ!gqMV0BR+7Uu~97 zP?@hGP%JsJbNV=nE-E5qfj&t68BHFRERqw{Vr6L>+$Y(>o*bW`vsX)FSPQZdjaAOU zNg?r!FmRO>TwmaLwj)>A(4}B#k&#ig;MF_ag5lr9CTM4qOt1DV#<2bwNxzuv&C@6r zOSWL|GBVP{jUso0<`##)A0_{P+`WLidaT^VTfwfQp*uu>LAWKTe>onHZAIihF2@+Q z7WWXBa(g0ZiKpBInB;bc3G_L<;!y-Ux}jAs%*ssz`0)m`%MSVd&Z}k18aTZV+EiQW zu~`DZ+a}QEf*VjzjElBq@w}u9a&%yPi{o~DEx#>Zw7Ml&u{$I8Mjrwa2$#b1snEZE z^K+Q|%}(MRM8qlAufCX0b$j1K_;OQas&h_T<)kjpM_+)U{?>(HijO!kp0@!UPV}MG z`F{Ht4O++uS{}!7zcvp?qeqpe35X3jF_05ujS=o+FW2<k2!}5ia688xh02iR_U=GO)xMYBe5Zan*hy3YL-a*_k%LWhl4q9} zq>vn9izJJLNLEYEuKhf+RlPa?S0fqufo;eyut8a*&0w{_xYv5IfW)@BF&r)9T=5vI za*IMtb-Lq&hpk;8uS#CAEi(k!RJP`*r&IN-TyZN!AVr;`lU(scukTzqVPmThVuG-o z*R|xcruI58J9TUqJu|!5YU5gNkCT-s*iX%@eXjHWicJ1d!O{dYeZ>pRMLIc4R@(yJRXl9ot?qo@p#<*J06cu?@i9eXXDA~>16!Z zd*jpbU&fE_k@273-0i2)2lad7KU`P0asMUH`;VWRg3r(A=kxRV`TTr}=idPU0RR8Z Kf4(CCQUU-g&50ub literal 0 HcmV?d00001 diff --git a/released/assets/rancher-istio-1.8/rancher-istio-1.8.301.tgz b/released/assets/rancher-istio-1.8/rancher-istio-1.8.301.tgz new file mode 100755 index 0000000000000000000000000000000000000000..b65aac380a750ccfff50f9c4b44c2de89567e26d GIT binary patch literal 19350 zcmV*pKt{hGiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ{cjGqFC^)~a{t8@mzLRd>7A5(a=x*+=$L&e{O+WnEPG;xJ z$tn<8k`R*w1AwwMo!-BF4<01Jmqb0Rc4vf>leS2(P$&R}szRZP;n1A|>kuvo?OseV z6V4n5{$I9Odc9un^!Ql)+w1j;|Mrj04*$|W?j85~hll;%*; ztm888yS{Vyt<&%IDq*<51Q`?XQUI0JJi;R%&pROwV1TaVjI69D-}4B&FhFYBcKDnN z2rBDRK0rPR-VaAkX8#Iplm)she!S6ccijzOgb(NA{s&{3~^dG zB0mA+goXn&>$h+er9b=5H_lPZ1MV^s3H9h4jW8#!ras~z;s}W;7RXEijvk1ZA~6LG z-W9%sZeR=y35updM10WgCgkh-SO6E@7D8jnkOu-2pF1t$%C?f)uH-u0F%(mij&l&a z>(dG41{j}BTK6!2pv>cgR>vBwRtJ%A%rF-$c16sfRW$;$T&H{e*5_V%&!gn|{|x&v z@NI7ZOZfkB@3_eSkNc-5d;Y(RLTA8yJpUW1LZ;7-B4SBqTDBxIHw`aeJFksnV;c-0V`Mn3_nzs+Fw zoI_Ki@AO-(5$2FXUJg;K<%XoPOAQ(}bnCbw$x*I_kWVLXVFvy{a$UKz!K3TP9=uO> zWkttMacl0N`*;M&?-ooLaQ;0O@POyllo#^|2IxKY;F>ZahrIq9)!~XyBo5vU1XMsp z8?A`=R8#?KKqB>Ro;WQ5J_I1xyb9**P>*|IlqNnMVc!T}!Z(vc)9DS2aqNp5m=G?Z z$`y)G#OUL^@f=dMXNUHL)B~wr3`t1D=CC}C=r#4;5YA#HO#C(WCLpT%j1U`PSHFpP zbXgdc7f4JAM=lQ02n>_)5D8J=IYXEuA`sz8ldS;w^n!+CGRcU3&1e8(3Ne2NYyt_X zU!cEBxfStvq+|{>W;CdjX7^gVAv($B1G3wtmCPrg$EsF@H$>Y*cz@xavVmd%=tEc*} z1`AqOG;MSwuP0%LhG4Jl!=BUI%gKN0l9&Gl1d&qNy2B~>5istEXk%4iiTvL?IXNoG z|EEWXd-;DS<>SZh0lEx%%mAf!6}i1~5K6G;H~<7QVDpD5FhB?0PoG*JKX&B)OF}?x zt)8dfwo&KPrxrr8igTk)B2FqBqCb*-+k9xap8iUH1EHt>&b6T{4b7)RX5^vlD>6pT zPg;4^@>F6Jsg$GA&mu-bF-GnG;NA9G0Kn&v{%DtbVgLQPhq|)Vt$*wVBwg!e)9K_agiM`$`IoW_JNMskhtTe<-?}HEH$WF!aJr#B zv;q*=!$QebJ|2N@oYDE1_&GXGjP9O3Fxm@* zf)VRuPCRh2^9*Y%Tw8#5y2%O`|AlOyUA*TyyiV6p~; zg1GuDB^w=Wy{~#*f#>eme;xlHVGbR=Tsi@cHrfQ1$$y8ZMgD(wdf40Z|6P>A>5$>@ zYTV!9D97Jz=A7D9J946|%%wF*Suyg_OXqLI2kw0D(-CUxImf#P?N`n@*O(v&{eeg* zS2;RF&sCKAB1_%+H`bA@2!Ko0|IyLWNpbxj9v$u1|1QdwWWP$@kO*Th%$d+cZNII; zR;+i|Y;&|Xuz?g1q45wO{S__mKpiO~P2|Y~!y+HTh@cJ?I z0>b4qGP=1veaa04vA}|alLr`0DZSSt7PC}1>Yy3+iMO!MvVP)-z@varBE@Sl(dO~w zp|Up+)q+#={en*#Ar@G%lq3@dX6f8X1u>qGBm1KZkKpQGa!23-LNTL$9DwU%67Yn3uyj6U+F1Gn zyDp8xMno-*k+KrnhsXBmeR&`gMrP?_R+BM@y_mSXG?4$y)LdT-T&DjWpY-zb-(m0M zw7-}Cc2P=V-Cy-+H#Z6{7Xx`b`VCy6-1c;Px0+d;Yi3dV;mXE8>cb6;B_?HYwZ4&r zFD>ZkpO%%>t$*-{*pm6bf&KruX#YPs+53O*qRM}dWyvt&Q74^QD>Hn_`6Mjt`}EMz2Qrlf$C^e|WS%|J_Nk zSIkJthuP}*Pdcho?p@(;pr#{KxOIw9dkTKw@M(8S>3v)7FkB=pyjDNrXu_}u<=UMG zAd{(R4^X>v(yn;#fe!*Ydi}KrXar-*prhU?`!S*6YxRrAt_$FSmu@v9?B3Jy_$>*f zqS9}nv~%VTfT<^oOGAN42rT9MiN&>sYDv*ojPjJL^>~yN{P;25uv2(W=IxC>eHv6& z5qP5MpA-mZ1M6pk?ak%e%k$gI;rsJW;tb$fU9LBY7aKEJ2~ zw0yD@;r{Kz&Bf*L>izBA`P;X3=$XFTcgJksQ{_kBMt>-ks(`;sg8<6~@N>I6B4L+L z+ppUlS1C+M!EB;5t8UC$*QYM_yEuxv`XVjwvN&}3H1~zx^4}@rcoof!uZ^yj>s27X z(VqUQ5zU%MlK7G*=j!r!q-)k!DoA|R1;A=@n+i=ZOR5@0yB@p66|X%)b$$y*K0G8?h{eJ2E=kR1N|LvsgR{!7hfF}{R zqD1+(uEgb(di&wk^+o={_0=2eGIU<=*Q)y0?_w^LzW$zuHuZ=A zb>Iqfl+`hkc?YMp8-g*OdK<$D$Rn`zKc^8eEGX+p>Z#}sjlcEQZ`B;|bx0_wPuIsk ziI1|z_euDO?U{`?nAB^SjP2IeF&7v6y`fCEPPdnz=Ohxzn6eS^JP2>++!cP#O}Tj3 zlM{rLC}hh%sX%1QM_QyxB`QVH-($kSd&6jSfg?O3J`p4#u(mtZoEQ~F$5u{lu5EEu zA#Q`ysI5>acZ9Xz+$v&JE^_dSXI&nB2p=%>&abZuPNzR9&=)=?!Cu0A;<8x&i^FZ4 z04c?u+Df117mTUxovu~E9Mq+N4i{MP zWL~YIIoQ`sGK^9?6r+y>cq-y^@Rf^3qb%MM${Xo z+RiYdOblhG5(yf++7fpU5T#3DWCWLx142Ly8kUf?eBl@?|-k^>F016ydLSNTmO0fe{*^M=G~Yb`WKr&czrpsayMV zG>VDusbR`@fok7Jg@Q`5gng&gx*Ds_o78RzQUYDvywQmAtnaFl>~{{Zp&p(i2$cdM z@tFb|Q{Sf#vN|wE*>Qb;l?RTlQ;0@-}5yi}FOOhtJ?An$IM;l6&ScLs( ziu>(ftWLt6$$5KjCDZJExYF0x+ljln!^%@a9@jR+h1WvI|EXX0h zoDz-Gd#$OKfU;(fN;5dd#COnD4rb)z5YZ6DJVo`j%5(B-&g}i2@;dw#Jxn3A`=*x5Hn8= zd9RhTM#9h1Z{=_%qp7KrJ=jx9*>Fp z8kuBfY6(pkj;09{Gt!y~k*a5$p6VGYvg;K2Bp^a#BYQ8Xa{nP?;#yVB>{x>!Qlt4* z;fFmB(GU#r@7(#>+k zl1P1+0b|4i^y!nG=dMsop>9=GN!~tww9@rC1}!I|Oi1lkHYw4Um}xe^CGXN)LEmE6 zD5|0V)yC!5*ZOy^)n8w$>GEq$lfR-7$l)*)s2i!=t(CmDe6b&9*i)HiwXwnX|Q zt6oF8C)IaF^s4r@N%1?K#&0pjO|CypafMbwsw9u1l~wT9!kFYm$GQ;Raw;&D5Pe6-dXqi(EjBq%flMIH!X z0SO_&$wpJ{G%95@80-}3GZfVeUQ#Iagp>+rwd&@ej*k1HQ}ye8t`p`H7XSL|ub*2r z-$}{ae{d9a7+^1eZQ6jA*ndvWPW#3D???Ol|GOy#`%kO&A!g`j^>?<=6PsxFRjQvb z^uTabZT&H>-CB54Ci1yu0D6r`==!mzl#Vd*@IzzbgVBm4XHYEC7y=$m%7x@40bL1% zeNGJ^;DgoyIym@QX-65>sfzyU;9wxRnPwtNU{;(`i_>Taj7NY;6Uq{)@x-oz|68ERGAR6Ju2}6GIn&9#COIB&$;-lc0K#riMk)0gD5BC zB1meoLO#Hy8| zb%ob(F8hA0+<7XmMstBh%scXZ?mBIh+(bF-=bjhtspQ@!FeTeMtbq1SuNKrdy~4|o zdZ1q&^^bDz>{fV1E62x2_01Gt=9>Aosu|%%6^$JAk9+mKDZjPb$-hh6@vA!1KUvhB z?5z&hbOQku3zv{xuQ<)rg^WcXs|xwArtv6OMH@HXXsz9zq;%CBX4PT(3t=neTGwkdRfq>&B@4)(Z{FWtZ4xWR79G?m<*A!*>DrGcB-~niQ3h^7sFu1fazkqn zyelxaitbsT73M<)^DVIKO{TGiUfWImx`3QD{sMdmK(P6u?IW#Jo=&sF#WOVfbaq($ zxo}x9fDZPk1-^!lj`;Z!ka-cB@5qK0rVJ(z4ii65x{rQl&|+fB&MQ zf)dPC%c&M*yqs3SEBnU6EHTY(0k_XRew&v3`sX-^d@K4BJgNszod5CksCfVL?09eg z+fCWr{#P{AEi-MIpbeHr>W?~kMbx?n8gn^0^TD#yJ9Rn3R_U&ueyHx;@q9QqH;M=7 zu-6OLvWf{e>bOK;5B$!AMQ*3sI`d8MbdgExw8oy)@xm%-Cr2koMQqQDF*Hr@d>VVs zgwlx*>Qum|*z1h2k3$z&N9*`16h?^srK6(`QR>IX#X|Vd$@$Lh2WMM@^YrV#aQ#a<=cqS8S#L3CNpM-QA#hsac9xRyh@lx(J8^SLNi&uCEb|~B{^^< zw7ZlMR(!*BsNIfcDpdr{hh02u;V80Vv^a;~I=z+$Its3Om|nEQA)*n4Ca_f!dtIHc z=dKjek^HHn+Rx4LvXp`;vfUgLQkol;0u!HSo{5>89p;F~qmI5@sGJiLe@!J@n?rsQ zCO&Rob1h0Zttm|pYX;r!gotT8Qe07UAgxpoSN1VG?tXA|MJXDn!}U-UzmaqfFc-kO zVhRByERD;l?siEq(GP|`ozS7IIR)%FQ8;Pc!~B6VPbot>+EvG>Lv~~Y`7#_c%ms^G z5i@87m}DWNI|u?ye4_((B&PiT)=Yn*0uM-p(*PEKH@Z{I{H&izKU%g%mTsb*Wkg$6 zp%XW#lLY5lRC5Y`pogBfQngG?(*75(9Q_-V1^d6{!n0W$OZNZcqvKNkr<3FT{=buA zJFyK=TaA3XHI9A1`c3Oax&h=IxZ85y;ZrgeZ51K~alx>F$=qqZK>ti`C<}`2L;8TQ zWVg!ymIQzvrdVhvt{WN)KtJBRO`VfX_=DC9#K>eSP^f(M!Maa?TpWHakaFAw?TAfd zfv`X<4i)^DM4$&6`(Eos8aCkp6TL4=V0!=5jq8vKsmm@7b^ks@5Z=n}wO%N{SRq>` z0>#lQEK|pb2)izD<;JXl$^E7E0HYzJR19f4v`Xb`y=c8axBA8w z*RTQ-5Z9v5#f|YM#|)5)f9WN@e`!c)Ioj{3Fxb%0pCd7)JoWTbmmfxR_0bQKA{Rzz z(4##C22SfmtEB__TjEu_jb5aV0)(RnSv3=UQemXklCw{Rj*cKC-T;04WPYgGX?`cO zQqfwl^PQ1BI>^wBZ97VtaqGMp1 zFA&Ut&BavR#Fs6m4uMjjVboW{s+&y)paj~*p>92K7t|P}1{!2002%p^k~I7EAL>A{$_S;KwXML33uHhTqYOMF zUMEIsb53Aoukt-f1n|_*H7wdrd^(vVNuhi?8EOwt zsQ|&FXs3^TeNxvZ;h5^Dl35MM1bi?1=CId0?ezMc-r-&UWY9Yv^iKY}cQ)wtO#hXA zmJQ`>9-ww#MNy+34AW4oX8xPiK1`6-S9c|dG=!V3sRuJt3bUsszMFZ#2xUafhpvyg zj>el=<9*^{u9HV)h99%=6h)KzW>ZOxCKW9wZ?t7ZwIHYuEUBbM#>^CrqCG}40uMvE zl81qsz1pVVD!D%o7R=k+@V1Btp^$4rqxZrECWh+NLH>#unPCCLdzhPtEuT(EI280A zLKTpjOhOV)hAIfIWIkHwQ(0}5G3l_^QyC%5jgr#zN}lW5-|A@430qILi3=J8RI&%d z&=uds0SzZwsgVks7WSN0=Ew5_-KuS6o^CTHfXJ2FtP`rGF4fvySbbQbA83&>H6|0z zW8mH6{_*Jx^|wm{$#Of#-yWSDAN7t7wZ1I;Bp*+eyO@~*D8o!vW+QA;_hd;clfnMn z64vuB3*`SS80h;CcbB)0cogfkvF!Z!`1rUO|G(GY-~Zi7`G=M_rCg%KhyRg@BF5r_ zXqerEgbD+Ny1tl6Kfut>A3q{Tn~%>^+ZFos=@%sqjUbDwq(#W=a@)_vWK{a`r%%7A zTfd2%$N+nD#Hk9o^im3v11(8@XEkkdS^e@F8GzrFpzGHLLHk<^=U0Df4$^4-52xTq zz_=r#bxZ+^*MI-$?5vdk@2tP~|JX_S__2F{W+WJ>8)8yqk%HEDfh3DNg#kL~e)`mE z$!e|3$4IKf$#vA^{;Ub>s49N^*wIl6!3cN8q^*2^+bYz)siG7)d!<%htNTMrJ)w(E zkJO(exQ)kS@`&1-rvf)Dq>6o?klHtHAcqhuYs6!8z%Cdenv9p zre!sbutMHoyO_F(y(Xiu<@8uI=4dBCS*f;06SDi9$1!pa$&1aQQ81B9-nbcSUFR#h|VW;k~w+PTi=H;_M)Tp_6aKijB1Y_B|} zuav?uCMMKssyb#D!KtshIHDYsnuF3+3J+F&mxi2pz`$G9+r(Y8ayn(k5+~PaQnhJ4 zHGvjas4XO1gtd>QFVv%6HZnCaNcaqw^v~3u@}M=;-mR zsgr2vZw)4@c53pl9C-7D%=BFA=1f`G`a=Z^H%Z(gCkvCRjz)LViVkk-bw=}ij?u)9 zRryhbnds1QW*aDtauU&@**F)e+^K9;n|0`a)4P!NIdgkI&9iqem-jBRyGBam2X8;n5KaFH6>o2n7W z-fnXQs@mMm2#_&)DR8LN7xq znnFvvT?g&eE4vqpGN=s+AIN%S(bTHgF7>%A|JhX+$!Bj;u4jj6R3=iSOr(i@6y3wT zftZq5RvpW%TFKdJ>Xv2U1r^KPW;pcD{b-8c#{ue}uGjkq7$HXKQWeVllbCudyIH7% z%Ka3(Y3a8mPsZaAix{~hMp zUA_dPwpG0}GG&-gITpG*vZ=1{x#LR7wtjTBIxgmrL@x2C9-iWPOtVoce^ozN#kxBj zGsWwkX3X>CO&Halg7v+o{EoX z5YPD~kP5Gzmz@p=feO&Sa~$WDgZ@E;iL~mK!&T0S*56Muflp3X%=x~KAA1u+I!&@>(+!&Fy80YQBca3 z#cq2o06DW-yIpHFGg)sNo&UI4XK-257j)_U-{V63ufu+?f4V>a*+touaTW7NW?3Q= zm%xft*0qMV>>R^EpFVYxc~?peS-rpKQ&6g&Rkq@%7S}9_!m$Q`i?_CtKz}0;I8Oi) z{syi{aZE3`IF4g;jn6&6OG>l#uf{UK(RvJE+5NARs7$1KjrBtnAyV!q?#*79jE$i_#fyQhV^JVp1D%Epxnoqv>N=j{Ks#y)pf&#Y; zVz!&0w(AoJ#gKTzh{2dV*0y0Sum#{N?M-!*sIX);gI%_gENi0t#iEuhODt;V?7KDX z)Y^j=wPIF5J2R`+KrfkJ^H5FHCOHcW>`4j)pPS9smPY%3b~e;iiJeyz1D5Xp#rVI6 zhbR61e*fP^NeoDJY_fc8tfzfZZdjZf)yNbT305nl3pK@ZQo$NBK@y!r5FusrO9>Ob z)2{Qa7YKQTyL1NZgT!66IMg7AaU@8fE~*m&fw?ZDT|;t#G1}ME<0z}GucP3Q574ps zsa^Ho>*_U)$RhiHr|&l~{Lrp#@!a>Rs}eB>5KuNxzK=s92Bp=^K(`+cZj6-dt_UWuE4dgR{Fhj0tj@(CAGz#Dogy!8oY z;q=4Z-Srw2OVODM5!pDg-&dg7m!;n?E35AR6S}$$VA=kEcG@fI|7WNB``vRCH- zRPWPI*st#?qp=`ivp!7da8mkU=Qt~o$w*&>hRB`*_Na85_9=jX3oN)6>GX(v?g{t( zMXq1VM#UX^CJS4-V$_}Y&)0$X@F>vt7waw;dssqv6tauESt?7!l~wnD&D*!D|M&aF z`(KC0$4C49e;4H$?*B=YhHZ)f+7sf+#8tG!fh8OL`SletTb)YPYPeE?4HzEPgb`>f zKaR*S16yKt6-;4DxS$h;gJ!Hj9V687g`4DMb)Wwhhg#8lik?sCaBSc|Ed`QR>WJ{S z!h4IYV)q_T>bYw6x`uw3_%SQ(3;n}pR2iGk7i`%L_lKt^!JkVP{&y^^?*9RCRai`5 zoxam^PCLKNf=)!Kzd$Bfvj6wbP73kA4^PgH_WS=%$}`;mYp2+@WP;QL@Si`u%S43# z{OKLKrqmV=a@K+0X2Eb2kH^3?XCAsZ!Y&b(&b#!$fci*-Fa~^e9eG_-xrLBXz9qEH z)e7R(D-_hP-}mh9CA8T>-|C3{S-WQ|qZ{Xxh*!-P3(36#s`LZcjC^l5h6>5&hFa#>A_F64^ z>g!e8d`qzh9#SCyoAW+Xedw#N>)Nbs^xbxL&aG~lm;tV1#OKz#CXD-5IixM?zDolY zer5|K(4fSZNrwPGZh-^=etedle|r6Tqy4|%WcOdX{~z@ZkBa;MX>Wi3V<+Xg@BjU0 zwfhgP?RAM1u-~Tk+tk0yHuc1!@UZahE=A&X+rHDEAujL=!NhAsS5qN9&5D3Y(Hx zuC8e;5l?G`Wc;`_eB{WikBN%Txh+(b(zYCz&nkXxwEsUkjjjSNJO4jDEBgN*pX~kr zcT=AG{{QG~`zqkZ`~Sq1OfT|5z>vFm2I0g$%3UH3{FBDv1bu&j>`OL%} z&Ly~^xkj%X=u(VSI;nbpx`li&#j2rP!@Zr$tj}hr7h8 z{6C}~{I+6J(53oczjXim^k~ojcT%1q|JPG&>o))Q)B{JsH5-9>P-pwsXqd~Y!zm6u z-*(Df<~Xje&6>}eNRCU|TZJo`#%pfKHfTNha=qp+XIkH-5%Te*5zk(P6G(6p+R(?7 z%^3A`h3o0n{@Mm7eI-4@E~ty?Mit)JHqVp81OsA~lZI4vY1+X`CBLSB+c|&QqlY;4;s?70r}02tCR+GE{DCkTN*fp;TgyCrg>!0(3$ecD9F7NW+!TGSfg# zxq_kKx$x94sjSNXc_f$bh*Hty=8rB*_;I&8wAcT3Ql9tv*HdgaEZ|PHwTugBjK2JJpOjVCznD@M3QU$u z{aIPI{?AJB|BsGN&-Uwo7v&kQ|8$CNecj(#kdsxPJgPeeGR6wy;}%da_Dh%jYfKV- zr(bVLF?S~|fXmF*wU|^{N}BSgmDhjMP2Va@*8fqj(Zf1L~9h(kG82N6x&t7v_0m#qQ2WagxdNebPH_egIK)-Tz|N`9{gEUnSEKKtSbM_ zfQiSB&R5h_3S1)p9iE+*?*I3Cd--oCECX<4EApvhAAo}N_&w2@2mQLYn`JxFX4>01?y@zJ0Sjvbz z@QaO68Py8cdthzov!}=lu7mcTzt8-TVLVraW8uPh+qv3Gi0IX>k6l8(i`H z*FfL?`LDs|&vE{nQfcewzbTovdj9KDuXaPcWQ;Oo*ZAyo-T2(Ndg@n;B26$^``p+d zveCJ*L1nAw#s;qq&y91KZSmaL#%}X-<9+#alxFfDL_VDdE4cjS%3}Gie=OhS<-h*% z(cb>IlTwu9a1`POMT?rfDf31^FDd3 zYh{AoW}+TMK5;SEZT*D(7`S82;N-n-l!FhhpiDO#VBt>RT6iqNB>D7h1xBX^x^l#y z%r!7ZeV>GrA0rP7NZ<$f@it}?7@&Uk8l!ASX+BP} z__^M%IuhSxfXt`ksxgSDH`JdO>kIl%9QaGVShE(Lmw-Q#SGkVwLL(poD z4K`8-KvRgh)M>cOu-YgEi!JdlUn!zY)7{i^&6XWF&s`{Re+t0 zaX3q`%{_2wC@=|uS;~@XXMoxtKc>72wfUS22!1b46H^aF5iQ& zA0Z?)^#vns{&|4WkWni1PAC`&ZsYNoJfe2DjnJo0-6>#SO#hV!t@>6m94S5POmdP_ z5;1pNU}88XJ|reN8wPi$AW8hg-QD$V33_phDSlD@AWuewNJs?1{u}V|{8k&B2I$19 z5CJ39OJ5!J(sw?Y!F~un>kvRVE3=04i@U3zE{E^W-(B8bpI=;BkY;lE{f*HeKQ?0m zzIOxT{8RJ%S`AzxkvgdgP-^$>hwq1PFMqmxTWnD88a1*foxFt^_?pSKD}ny)!_B+% zyK1Nv+kj6e6AgJdrYyjs7VzEGyUXFejLC%DLmB+#>tu*(it#DJg8#f>3+ni4;Fqr9_a}H;Y&T9K_ey^;?qjFm<4}IenA;(Rs8UiNPhp*+e#VzPM?b6s@ z;0TY1PXqz(oL^rVy`MWjV2;|1#sVA~LCB|MEc6jhdn4-OQ5<@?sZm7_Q>(pb;Om8B zmY%8SwtDk$&`>SOpkxY3f3ZNJ*HPY7&}acIUOsvrzQd8tSQoFi^Z+UwsC$@KEWcz& z&AljfY&(l=K|fZLo;O;7dMVf_Y-=$juvbz*6>{Y@TrCsW@RfzuY0e~+irm3kM=rKh z6ebKwLMk>9dT1oaANvC&SPYBW+>qy$$FwjK73*8qC@A!`SZ`;JY|Jh<3bF~78fIfuSFm>p>YMyw)~0Sfw71-PTx}?oR>l=D zl2c}wnEbO3|C>g5t%E;Pmfin3J1U<4^?Ln%{;!>s z`Ux)wok!qSd3#mwu<{EWk>N~NlOO71#2+Xl|DvJ5{x$W^V?nu#ePCbCnWDn?4zme} z)ZS5bYKqjUO5x;m6QK6|??jW$FF@v(oxMJKV4T zofKQ}UrX3ka@~T1D?N4WV}K$v2|+wicCS1~zu_9}2n0@?5Uwh)(s%>#+^n)t{Y5cQnHp3_4y2dRq13_2t1-b3hd$G~~X!JPTPYcmym2i_z$I zx`gu>c=zbIfBHiG?b1MYv2%R%&EfIcx5wYST8^VZ42K?)%#0}%4Q`!?Q9)hmJN96$ zr2wl|liBWMT~cTEd4lA82Nr!-#BzYz>M)^QIZ~@(V7U*hfr5oWCOum}lYMi&>5tm- z`*xF^uzIpr?Ttl(vDgRWvMuLiBD+UeOs(VV)sLSn1;`LDZ>CUYnRQ$itj`yo)MkCn zGzjZwK|W}-|5F@`>G~SLQu)7EjQ`v_I^Ey@*h$&c&Q;j?)yx^H>cg1%RolIuOa)kG ztN(Bwi>VHrwf=VBS+K+JL=Ir!5eBaK@#cyTS{-|#R?ug{a4577{{Z1w&=&T6`fwi3 zZ(SOJu}Usp#p{p$Yr6YBqmC&$J7Z@u2h-v4(erLcZ=^kj#Pu zegjt+2|@$A&ABC7dcSt5EHc7|RNM{uv^3O7iDx>d9pYNqajN=CzgrE9+?xs? zh`DNm0B<2FwU11Nm_vzT8k>T8c&&U~6eR8Ew-bUT60YLa*Nn`F4->fLF80+>4v>$MsA#BA)Wr%z5nv_;G+vPfm_($DV+MnYXwcxdD0? zb8!=g=PIu){2mhq-Wx_Edt28HpTB*p??ayRA33Bp>jIefG`!K-kyOn*mZcWUxOehM zqI^dZnkODsTv)Q;k3R&m&o$QEB{emD8^EZU)Ny?~BKcIf4 zXOJD_(TDH>Gw=NRN>`LKlnV&OPYU#fk4a!{(x02l*Ox~7zhtf*mxh8-Kk{)1Th0H{ zJLwhee}|`M`}p5GDZAg4?0HmTwsqIg1);;VW~vr%DyNq>J@j+C{Y!bbGA{D@9m*$M zJo)+DQn2Q1ualV0eSDHCJLqzICSt5Zgqid+-{!lQst=Yx8U+Bk}MRTG(gmD|1JV19Ff z1&m{#msn!6Zeeo*Ou|W3^V9USIHDd-Pm9-TY9t?4P6kH9-{?qp$o#PybUjb9vn%bN zr*z8>N^~3hX@&v%xqYCJTAg%J#B;W@#p9=^{92SVvhUKyOudRW3INMC#42#A)^cDK z(PpZkW!16}Mhl2hXoLu0-#CI&zjB$tV+4#O%cLPp$yy;4hFKWiS_NIudk7gwHpwg3 z_;w_Z#{2&U2EZlz|55LxU$p-n_WJw%e;4I*?f?6Y-!R`uG2cJ22(YAsU!pLus7qTG z3#`%fzz6f^%0zw&v0+J@djVo?0b)yo{>(&;eR+nZvHUmEhk5ImftUJ!9G(>8e;)4h zfA6NOY5(2)X!jYJfwypUoZidK`jnjz*PahQg%|6Jyn5C3{{;5me(&V0WdA+h`+x1E zY^MKh%mzN&>a~^FMc2NhP&A~WKOY9^1;jNC-Fg4hb#8`9rySAePnbGNZgv$>) zvNar$&J6p+Q#>3!Od&)h{?faZz{gVVl%_#jxG~z|MrlET6sz7 zN$(SVF_%I_GGGE&Ktkim#{fc?%_Hs7NkV;_=F*$MT~;lLF?eH~za=y}ux^B!Jz9fT zS4o#&?tkvje|A%foHJ#U$#ne!7-ik9%Z-A!By)ZQ z0_Q8KH{rw%Lrf`uijms;yKgBiEYm@e?a$OxGngJI%GE~LFQJt%b-@BN# zR()uX$8xs60H{RY@L|=Fx;Q??+Bx#2flt@J&6z~)5pGo4A?(6MW&)cXi|9kZc z^-xDyc_hrQ#xxE+H24mA#1+;H4kCHEFlk`7B3ocv->S2qnFI%QlD<_lGdY;nUkZ9F zBzP(K>3aW10l{1q!D72*DO}Y3(pY^pe2u<>N5Tb{bTBY;7`=qw(<-WKIZTq9e5ies z{B?2jh9k@X1%z`+H*~GIX<`;bVhYHmOs53&B-(!;AFVY*{oc zMycM30GOblBU=y99}3U|2|fDY{NwVk!TOy-*v& z29ZB>S+@SqdIkG$|MYaf{&!Ofwo?}i?9)lI3JC2^RqO&QW?8ukY3icyKKbxXVbS4|vYe z?=f-jk(>$w{U?SAFm$J3CDM{UfsDD9ngB^Ph=d&)0`efBP79$sDNGTrf+ulnzx8yEvaf~NM|hldB}H`Sg&UG@!)DMKCzOnmONj4jgi0o@8B^=y{wM}K4H zv2gv*G-uqD0W8!1O7VaCXZ_yke*N#FM2yae2W)`!G;Fyv6!4fN=xDcc0j|-JLW7Q0*jEquj%m-joez628e7r5VE;o%id;WRFuHpd=gE zO?Io|qZBSmx!|tG@2R+Ez;%e;QW8ChBtn?EQxont@J^2h=ujhY^lk4k`4L6#>9G&` zr)mCuk!nc!q-juDV5KBVOiL4gpwpL{M0Y7$>js1|%E0U7SVbpeK`n#?o}|nTp%*GE z^sS%_PvCAIfzB9&TpXeipmqQOW%ITQi`gDwZvw2X*p9{46iHgB2x)+H{o*|Wlw@vC z!?Upp)-OEB$F@T~tGjT^BfiN9AO>0qp&Q5drV8 z3L&FAs4)rf<51E}PKFb?I9vZB(LD*}+uvhgbA1s1?Qy@~GVUE#=Qg0W8G62HHP8{pR!;8zvX>|4aiMreXg@wB`KIy_0hM$Nt{`Ye(hd$L>Lz zki*16RR_(vFt8qVdDo?(3z6X6eELbuIhll=h zIPYQp8htgxJ{o*iRHP+vRF!0CBG60q%^!$_;uY%UYpK9;5^`07g3TSU$5HfwqVMp2k0vf z^RfZ%pa&q6sdh}rYGj?zixNWDN({QYiM?R%<)&BzLKkFU+f~+@U5iBNx=JN++IYQG zB=afQ_7=8g`nfR|E;Q1B5m!VJUr42D0&Ih!7aCf|)9cqs-I!IwJx zI_h78`#;6_KmEhwef;m86q_Mwv)a(e!$W2aYuYQII#9Sd1gJE~rJqHNgkp@^|G~TM zwE#fk^C5qI>P1 z>;*?7aIs3aLjyp6PsLx|UzJ>3JBs)uAVOcTQr;dfM{`AsH}7v{T@p?ZkHCH9w64a; z9II#`E)4}Hp>Yt=&xk+|#P`t%P|PKs9ASmL!M2vPnO9)NY$_Um(>k>k8j;+dHeV_9 zZ7p!ws9JcYl+aLeN52`axu+{5n5~k|fADqznr?TMc~Zd`=?0<)) z`#)++*z^A#l&UO-r3{9Poqx+Kd~Ls997VZH3(4tJA`?x45upwSY=Fj9In!a)<8q_+ zZIt{)2PN9RwGdf`O0qJ{=N5fZ5!w;wph#!SmTVeWPLtI$)*NqUvbj3m8lbks!i?qu5lBvHYXl9V*fpj&L zu3T-6K>hvlp9=xq!@RxB3XlN5`0)0v0z3TgtLwjCy&wK?cXvI!{%~_w*~GWU{eBgW z?=Ig-%-)^&MHRe-8h8etS8*KEL~+3c6(9 z*#fnW{L!aR_KYmQF*o5*x0;=)Dn$ zN+x5yVSqidZSWheE1h8E9gRa#uu&v~Bqwm8{XkaNeivqT7I|IL;q=tKn$xBg7Bbna zR?1)dhsc&pE5FVkn%pb|Vq;!R`d@pLrd>M?uv3&z&0b@wt@)-}XRSzXrCUg%b6)6K zpA8(dQsS6=Y`Iq|kq+wjjGZREJZvscm9st8icF|%=2>$ZS~+e?^R8xtuJX}vph%@U zXAWzIy7GbUwf5xGEp(!p+xl2YTPjPEbVs>aJcX5OU+PLj{cocTfJ^khqmz@0_&eA#^54vTy8Q2_rSsq3(b@j|cPC{{RnV~O%K2W96w4gEq!VtN zU#CX?(!GJQRjpV@x0GEiFwJ!;KFumsY>VaV5b33cj~^S6+thzrMY!Sm-zWm$lJ$Rh zR*wIDxX=H-o3di;zvLQX(-m78ns1R;aWc^=Bhw|W(}OxU=$zH@^GJ84&~-_VvUqiA zh`P)yS5ZIA9qCoZbCcEV>qfRCbul1ZKIo{vmQ*|jT|^}*zrRTC#*)AYTU@!4{I|MJ zh0d?99CSyOEGDtx4>*cQI6*WPs-BrWXoTH+2))z5HH9hK>sE_tp z(KoHq+De}mS79yO35(o3+>>4vT=TRDxB0M^`2WKF-dhZV&bd#Q4x0U@dUWjdZ9xc82-)?pMvkBiBCt`gNB5Y z*K+Y;L1v&%S*_5Ybit*XXyL(Z5(%{Xcmyopj~@lAnAQb~8Y7 zH;N-PCO+`ifx{o7)`2s^_pJj*1oCgn$fR}f|FvGApD-gd=IH9pC2u(i_+IG5$+`umA6+BqCj_b&hWITu6e& zVGbUmp_1H;+-F4x&=FH|!BMCRr{ZWPp@Ar0VP)_{a~dljWG4509C}G^MdT4K7#YO^ zJQNU@(IkeF(`x;1ba3#V3K$$5pt~tZq=;*ykqD$V9uHIEPLn_^nM?JUGAk^LgMQ?o z`u1}^;L9&B7X@c|g*@uU%Fd|T5)^r$vjsrXu#JoCwIYH_av@Qe)7ZvCz2N)UrTelk V`?B-${|5j7|Nl9<{MrCE0stOxzlQ(- literal 0 HcmV?d00001 diff --git a/released/assets/rancher-istio-1.8/rancher-istio-1.8.400.tgz b/released/assets/rancher-istio-1.8/rancher-istio-1.8.400.tgz new file mode 100755 index 0000000000000000000000000000000000000000..aab05dc76a1260c1e6a7e8cc65545bedc785e182 GIT binary patch literal 19480 zcmV)~KzhF)iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYccjGqlC^-MFJ_W9vIo<8sq8@&AbT@a`<8~6y^us^f$!vZ( zSv5pL5@Hfy1E6fB92^Z}Q1O?{A>9NhGRD#06x3 z>#W^YzH?tmfrL;21*U}e8vwXaK%b5s7YgAc2h%o;1Z`o$1@!$sh^NafhCXg_#HNU~ zT;_e(bq;z?x6>(w;UXsR2qP~6P+HByJoMqLMPPvX;6l#G(t7ee521_tKuy~gpK*bL z(z=xQfsaXaU-~v=bc#L1TjMF~1A@dIWw)4&9R=6H)R|%?BIwJWVi&ci-60aNTMCRJ zA3=@``k94QQU7yd`3}LXKTceZY~3LLeqk05b(RxWi%s!~|*Z zuJ9djg+_=0LBT|bkoVi|n0##?3dBXb0lcP$$2k(b z?b9*k1{j}?8@Fh7N14a_jg~c7jTXRU#2^oi%?Crfp zAww<{$ODiAI+9gh0|Et}BEX|Cq)Y&_QFvfD1Bk$(FUj)BBivEHkoTRW%BP0riIgEv z@2BQ%j5Yu`fMX=zlw%!W#^l#610()dePB9p?DQG{gnl%}2ZX*67dOX*PqYcqx|m*C7OHURMH_#K)e zzb|(Hxyzz^*N;5(A(jvnimkku&;qy75XHY6Xv`4jKR|)*;H-Su#4JR8@PT^hk}@Hu zU-dVt!zG_c9K0(OP=U$_7h<1^GC(y*q`u7(ry-D!0wmb14Cb__CrxgY#y%ZF-w1-j zH#1Aq=`9+;$QM^=jJbp=xdo65<9=3q0;<~6o;{oOK&lr5Ot4rVmZuTDq~2T1S)>G; ze?;CGiLyQez=qJ(Z$ciP=SF1@{7Z_ufJZ|mrhpNnL8%zrP(R9u4I?ozloSjKG@kVV zB$Uho8gYei=+jvsWj0mIOs+v;7A~NR#zy@=rOH%E<{h;*1Y!jG10&3G(`iNnBqk^_ zzX5O~E@&{2lLxze5HY_Gno?Nnx7%^g14<+sn2cK~03(UoFZJAU_|)xx+xfQBG)-(C zreM&;WE}SalY!Y#viO^7j?EDir0((Yo8$KH5RDPj5XTITAc2b@mSAtboR9jO+Qg_0 zu3-_OFnL@`1iBZOP)z!uY4ue9Rb$=hil&X0WXYJcC_(lT>~)--X#EwHto$!f5Gs|e zJ(wUrM2tHkTw4`bApducjt+A2|M5ZZXea+~qkQ?&-UsJ|M+||)t^zQZs=pHKISdd$ zQ^aO>6T}eMZ$CUVzIMO$!8(MM2tZ5@4Vey2>|jrN`5qp zy|Dj&>Y*+zRqG#m0VXX*eYCzcV3GazxO<#m|0ms@{=b#dYPB*JLMaS8QedSF|Do){ z&g~oSVA`H`8@HHveQ>6wpeyR5Mt}tLpin}R4~NJ%LS!`OM$p}`_QR{CIwe_%8U6S=k}WuOsGt-D6#;WT22 zIIO<(U?>pd=>s7c9!3HMkl+#GB7HT1#PjXCQjUWm<{@&2n0T0sOW&mrm3~WHls@?! zQ2|QjK%WCg1yQ^bb64}NWqk!ZdK%{wUEiTuOITr_{HB2$SWyoyvF;sO&j z!dXNRnbO$^`x!cpjlP^bFscY5f??}pjy>c;>%*)WK7B6H^eOag0J_sjl^6Rjs`|;1 z8!;?qizkFVlSArb*TyzPh{+m=2<+;!lyr2o^}g(N37*?u|5f~d2svu$<s*)wsWhVTQlk%sH{Ew&X-vnoDbtvSR3im(KUtN8I_r zr$f-xbB?$7o3ETxt}y`)_!D3vS2^f`=PF8lm8EL^8&k(d1i%IB|KQ*tfBtjQJ2=>_ z|80~F$$q80Ar{8=%$d+wZNH7&R;+i|baS*fZt@Xj^yuP}v)>YQd@ae$FSgkP3DGQqV=5Jct5HI1;*QdOT40 z-5y~Aef)=(v0L%U0n)!13VrOt1P~Wcpi$(T2MckH1m!ODF&P(eR6K$b0sWAAaZQcJ zBDksj+HomElshgBiY*vf-_*_l9wVX0f*~kSu?;1o&x$}p>Uqhb&`=!;)j_$EGnP!K zbmO$Nx6E@hI+?$$x{Hue=Wh8{)#?afJiCY&QXEehG)?ACB8c&r9O)lzbdOy9OYR6< zAR?yJj{@ZS5C=Tw9xRzpsWz7UfUZj;Qj4gCF;Z4S`@q&dy)O=A%*ZT#%xW^?XeTBv zE;ZyoGc{Ki0~hIkhew^P{MYLo9d~!~-!@7?tow%^?fOQ+#bO|jhQA|MD7QV`-nC{H zr&pkNW5ejU*;TakaXUm@m!g=wFtVRIPvHVX-0ee+~QpVc!0KbhPvT-b#5| z`@fuJIrD%0)t+6@64cK6zq9`Dtp7`uD*kUAMhR|(d_C*`V*Y>9%k%$}gX7~J|KCO_ zcb-t}JN1T?+}7SCwC0vvhSA%?CH1b&in`RAT~RU&dDu#3*3t}Lay|(Q`aZq8WO#~w zG)Cv#g+A1`SB%5uh--PytS-r#`rs-er~H&ig>yo=_@KF5>IEua|HNZQxRS3pdWT7L zU;RD`Lmvf*2 zH^HAurOM&&(jb6x0sPu*4>4);N%M8Hva6x2aGE zv$(2Jw5ze3UoqXu8aC}pmQ@we5;>}$X@9N<%QDniNSmb)Fi;wm{pT6!=R<`VvjqKW zaXtpDrHV6sHzY+im4-pL)6G6MGG6+;fG?9eFB4h~=z|Yvir8P)g8Frrdh*|THh@L? zf45sW|LGm=FXaTxuR6O$m{>6UaZrt`hWNMxVyXm zx0SLI|6kkWn9QyxF*l~IuV8A_!6M92R?A4{Etu4<3C4Kptqmu@_lT|jISmnmg0hyR zo{FeY`&)1IR?Pul3lm9wx;p-GK$8`|H>Q9MnvK_()GL^b?bcQ?7w7xErcAd=w-=x1 z#1hGfvLW_7M6PGt6@JD|Ie*xb5rmW|WXnE@KxE5DTBJ%ODn-%H5oXAH%V>B8Lpa1f z7C0ubwmVgv80AIBMn-L}Y;jp3ZjIBZjZi3agf-{fDr8hHa^&UDx;%PE?jZ9{FE4UV zr#~yuXFkNiPQrZTGGG3S$R&+h&8c;ovw>5Vg#H87*dUIEv^#iN`QYV0{M=>LW0%dGqvVcFK9cVt z_9OPF_gJd-|LjCrF9g7X{l9aNkN?!`92_6+_Wx~^`Ri`&=m6;wTO~jMDC1Z9d-@9u z{8F^Dkpir<$)_guvn*BXKenjE*Du#G122;Q4?8FM_1`_&#edpL$*q4CJT#7JoaX?g z7k5*A!I;|K>slquL0t-HaRCL7=hX_DgMG~;#VD~uF?x>?Pego!5K?cDXghyiX~|1YD?TLLSZ7NjM04`ym0ngx)&dwu>49= z>trHCXoboxSuxK(HsdzRg8kndsH}Ggyh#4<7V`g`ob2p>+bN|Ie(uoB=0(+>Jj?Q- zr|$W#{B6$qpJH^kwfoot^%_mGZRrzvV33(EV=-YIpy8cmI3EPCtjs;MGV! z-uln-|Eu%Ux9`uLz}sjW3;6%Z;XywB|3U9$=l{KxvInm83@{o0E@Fv}HyWqOI~``t z13Cqc$_E%i_ZE&3&!hqbLrfr>S=qb56hi>P1o?sf+G#ZQ;#SlO09V@AMg_D3jmF*{ zP-#fPTNEPVA)*#ot1|VZ1}mZd6rTr{!M&jX=`;tKDG!oEL=Ifa7;=R_dktnZ0zt$@ z`a1VnlBF!EfXUd<$FmRzFF8UWgBP>$8c|mA)hh?wOfUzSgCTNZ#1W7vSg{5HLCBNs z4-tSF`nbfWQ85l;`_tY?DyFj(?qe4Mta)Z9pXk3g`=S^z27%2hH zuHI@ydD?eXN%lJf*iaA703u3(koZgx7*XG+cd|NSjIw^e(fD+({z{3cDdf^1^pTu! zD%oULfAEsOk~LLFWye*wQe#b~KiUDnuFjB4#{~a@K(pBgglh8y($%G41Dfv>Yr$K{ zCqoLE*OVlUbJ;a56OJ~NDzOOq;RJS@pX3xg^*qVblqZ$pJK1#W`aYYzGfs|EL zM!WzLIF9q+B?re|yfK0R@d*$UMx*frKmritYH`U4;l()06}7jw2dWlKinW<(lmRN_ zvc62rjF}nQXsF3&#@?N!xj)q;GOlrQMri6;3qbYO0oRzg$Yjovb2ySxlFA&X22`^e zOn{K>D5PEktS6pFRf@m~)QJT-$}Xo^PtJ*`v}7jv)3OaFKx-`j7xhK*SSN zU#mPPpE73e@08c!CvZ1G#O|AJN_H3m1G-9DK5JZ>4`;hsbrbJ^Vx7BF9sTVRr%o1ZBs3--R z4QH`Gu3>z-YkI-Bkmwa77#xkT`x=e6Eo7936ZL2oSy0_DzfVo_&C5q zVqyoFU~JlnM_%%ROX?**)ta<30VUafwZ&JD$Q>j?kxUJylRzi3w`zZa z{}yTZdFwo+rE6Ua_>0?Ek`BX ze0WezO7taWnhkKtyEIqOx7am`YUn@NxO{r8e`i|#^jb}qPZdpm0z)K+!%(1Vw34l( zWCWdf0DjQ<>gH45B(>WR>Ejf6HR&E#-xkr!+S??>Z*)$+`4l&a`!vNBS~02Oq=;6E zz)!g`$%>9uBNPLwISg@~m@F~QmwGtt0WU#u#Q`fFpm~_g8z_TTI!f__%n*Tps?3Rv zhWgYP z_eH1b*ZW+HWRnDc`t<3kRr9Tsto;XuVT&Q?1!$8tpau4yqm$!qKL7i{?*9LFO3wb% zXnc$q_*MO#F7((Y+J2SjCk)&%7?xXqjBB?R-js=aW*LB9158{$@|4m+Vh=ws!ag!u zk>m`DMH)lEy-B$cpCo__0ie&R0fczJu@Cn5e^uI1iglu*zuMpLOKzr_h!U6;r_|y! z7|E85l1(F>^-?O{8mMM|3z(j2;S_w1uzL#>zk6*n;S5`gVnpJt!shmx`vj@^N9nC8 z$4j{NYY=KBkfD*b_h_V6;IRRmX%;KrAZY9fS!+ULe?Oilmd?1)lCZz8^-SxvvKl~U z*%8W22+l5)(#+lx1!1%5^NK3m zli3!MAv4hV-N z6M`aQ=yfXO$)5fyRqRwCH62&p#7g-#58Bh7bKgcpOYid6QTvsXcO}T`e{u57+$F{} zb&Li2-*M-pnE(HHm;Z4q#rFNmXFN>KHjU$#lB7QxhwU_ahv!jpmN<=TPZ>KpOYA#i zgy&3rR=b{k?L^%V&OnrtaULW!Sy48?rAzR02GH=?Vo@%w0luz5Fy&7c%C3tSV%`nnc4)6>Z#jtF_82 z69d7H%Is117BL6YrUno)I>NpctV#B8oPn7HL11W#H5;?u#t(Is0P%@de{@F-RQr)? z^M3X|U10x^CLnGLEo9Q@Kde zWm1Iv`S!#0#X3<|Y@tJqQkJ^emM;BhjLF8@3sZ1&g1l6Hkr`Tp;7yJtmUPehEH@uY z*mjQDuQQD`^vZ7P*E!^@@fXNP0TOIBZ{tZS6{pj*H-CnvpH6%EuXA)NkrgfJavd5; z$dwe5FEe9~?$wb;!Y;YJMdhL*D4g^4!JmMb010nWus$8XLsR4zar^v zC|UjAc1_-d=C8}5`=3XhT>SU$(c$j?*LI5ST-$HN`i3$R>X@NgrZzdpV=mQK$F==- z+i7c`@OJ!#ONl;jFhF9asYQ3*2fzN-u$XZi;1dT@rAe-T|E8jXV#rm?i56tMoR+~W z{l>y9HqC7Sx2GPzbxU^ra~Ooa75xd_s|Syq|MB=BfB*C3aF_pgJ7s^pTx~+2S%$v^fJd@UOg*~a|kuqpU2S*2aY)|tsG)?b(8hOr`(y@=!sen(R*BU|} z5*M+S*3?xf3jELLinha@txZZ&ZY+E@z;Ou{KwkN+v*nH7S4Zq-GigT z`A=t;|6wa77l+q{0{V39=w+?$>qjDq^U<%og!!GiO;-wFq5`*DR?uP<%KN~_B)Tts z8!|e@9^$R>l-XgFk_&L$nRhX-6sA#h3NWqEOqOp+dul_84_q;AFJy!z-!L6&x22g% z89}pQ7kdpDhE|Lg=b-0w8XnS7aMi=)q8%iFhKQKJR&nfgb-tdtQb>pLr;chrGsnwP z3Z}qzbBsx8Zd3}0eV%$IrfznS10D@q`f{OiPKfLt)@x(I{(pFISjhi$bhz99w^D2;wmxX8k#9Cek?)tk zY3wB%K*oW)Dfb;d!6VUBAyNPr3<@-!IgLH=OMF9FP;g7=9e|SED*sy?AaFNlcQo?7 z#$FOO;SOTGFG^r~|J04^kP3;*E+o2tA45d0W%n9;$}d*Pmaza)_)0mEa~dE@km?>! z{J3HlI?Qc^1#RpBkE-Xd0R)#<8a>(Y9r9foAg7`CCnj+ksEwhih;PKaXBCp8t7 z!`v)Whk*dPF5=3KSpk##OXCg=2aHlNpvllGm9Mea*aO%4#unGG0vur1qR-it@g|21 z0Tut!i+%r+kkE3pKTu(?p~Rm7F`+#1^i!7~hBNiikCGy1MrhEZJwXgPjlD)g2lThZ zt7a4IC5{4^gF9I@6?_t5q|uPGPlb*S5y4&`e0eZG)a*3B+pW8Lp65 zKIvS~P;)Usq6&pTL8v{h5qb@VQT#gg<~FhOzyxv-A{JmB1Jir~&=j$mn5dihvc<$9 zPzp4R`f6Bpv+)2FK)aCW)?;@;jX`3d0cHZ=p^s8hn($c7{r#qP-ZI|du_x%j#Mo9z zIz}qqh&g^ERL+(!=7^Ab_TK|Y1U3(}@Ha@sbN#tFiQ;|m>x&n^8BgvRFr zhIo)#d8HDpZq~K}$1acoW{fiA8Sy$cQmf;-K^Xb|AT+`D zo2ULAobhJ%txi`ITYZ)9Ni2XThOR;0cH-0VI8F-X)A2xicuEBb-HT@O*w^Q6O-x2q zKb6dCFv7_9(rx7>2I+E(|CcYo$giY+BfJ z8mTwV9=KN9$}HJtOaPG!wOPkhOI)h8yRiDOL_g3XWnxUmoJWYa54(rQd+KkO29o8r z4!=D(Iy~qc^t8S#{5T&^nY);o0wBdqR%SzJQum}uE91d_Y6r60t= zuV20ZN1KmN6WbMdc=%0;Lqn9tRnj74db#b_d@?Hi_~GF%`^Z(dN`SPW`52iTis~cicWRZf_cY!2}J3)Q0-+p*#G-S2L`F$wW;rKdge1F!2 zbyO9v@nW%e`W6B<6;Di(O&~G={8K{JN*o&%uUN`96*J1{GUzG95k1n(ickM7-17?HBlYYi{R8( zT^v%5l$ryQRf_Jc`Yt6Ldx#-#QEy|X&(i6X8cUo^qjA-`_0$BK^O07gofQ9;MV(gZ z;A^Ev>#2*ns4D3W#;HTqAS(}8W0)wP1dh&&6waxs*P^4xv!YI{p}#YjsM?9i!*avT z5;E0ut(!ANVe3y7EZih<3!OAfsyZ6oN-H|Jsn;6LvN=X$J67pOA!MRON2zU~Fv@X6 zhkE0jr*f;bRc(%_Gn~b5lWXFoiBt>dt2i{7uq=3#UfxcO58$Qlj*^d^8zYJ-u&)50 z#OC7IPQ7SFW1fVxHR^Hc+AdxTFBnC#Uhs4YyhJeiJmE{igls|B{cIuX1-( zlFe^Ho4UbOTOnTQ#fZX>Z;WkqLn9DdYHN%@+Hjs4>6@|^UtfoDk4Dj-~*3?Fain+EFJ!1am*C2dz>-TheTF*)H-MH zi-pk4p?)a?%hf3%e6d22+@&VuCAy#SV2LC0WN6S-J490%$5R`T6aj2cm}TayY}1L` zETv7RMv3f!K37z=P%@H5Cf{%BWs(&XMiBd;`3sGJhdmV^(IB4jOTZ;wJ1<);js(a- z|ITroR}T0$7ADT74l(^&8!=)ObHvvXfT>W)o*ZzFRZu4#&I+nr7CQQshespC5XpZ( z#ZbZ57-i@p@i8Gso#JB2PP+o_A7_o@5tuVPS>g0686I>W`q;(7p8-rftnIBt$L7ky zN&*=!H)f@xy1fdkS)^ISwfSVabSrOnm#kY82*G%tmq$SQl>lVSYRzV))y!nQ zt#$t6LY={7MPJZ`_kRy_@t=F$PWO0s{f#x8*+sjMpvZRt6N10Eh) z@w_XfhAiLTvneQ5&q`bI6N_sa3*k@$fcaZnaiG5;5->{uOnyhMNN`LpxHyhubB(7S z;02}L`d4Eaz;HDNu;~8R(cwvc{r7g~zuPH~xqi2`Y-8k1epl_l`ey>Iy${|~E&xq- zWR=?l2cbX9dM|^P6h?3e;xO>HXl9(DAwxPsxJsZl%6+FK`@{_C2B7~PpaD(###$8yGRVUGq zm9w1~$UaE%>l-()%*DDVaV)Ni@l24ura|KRT_Bny=@=0t1v^jU9T*>fA*EEUV!P0P z4MvOx2`#JfG~vQ*74v2JTq@LaGMZ1e_ex4_rm9&5%$x$Z2x7XMfTrtXM8p7lgOH&S zzOQVcvB~1G zv7YvMxnX{8R3lTABv>txF4PoTL3UU{a)@J?2rQ%oe=b`F@3n({0{{YY4d$JL0Ls|kb102{dX0}XH4u}shrR6suo zn6d^c?DIgu%8{Ohyc9Qqs*!t3@5lzIK7S7QWNcK;vK`M?dM0Y@$+9?x>>622@89FG|qX9G>OfVl|S45_EI z+-Bk^)QUc@6Is>45qkhDG{XiLw1Sa+RFs6fX z;e)N?tYju5eql<0Jq7GhY1i#jfC4U{;992BBl6S}?uWBXzZQ*(JMc`dwq(VqoAFQA zfe+|jfFI6QT`u;p5OgnO7q_!iz8ZODS2kOgmH+hKzFGTE_xK=h|2aI|o&Rp7JVW^} zj?%Gx5m5WfT$t#amN>XT&^x`n07leN34P73l-mZ(9#v-}&}Ts~#Df%UVY4gQ6egGp zI%Y7aw>7B4rmB76Dt=ks=kFt;HT}ov`Irty2L9txAa13K2;b-4TiYshZ{fIlS5046 z&<|oiVgE+{p9G&!b@jtdwp5gvqImNas6C@^}fByVF6%qdV^Lubfsb6(U^!qdz45QHq zG0m9=E)1cIg=O{!MdpA-`~OKVum2yO9G&d;|8117WdDCITmPJ0 zUrZQ+9v}GT*m}V>f1^(HWo2N#th+1Z8!F!wD$d6t3RLd>m0I-F*UPr~jzSN4Km`h| zzxSEy17Cez)n;X*?>8ekZB%4}48f|6_|$q=XXCzBZmWyB@6td8soDSuG$`?P(jkEN z8z4ad@1JGo*Ad^=+W)(CcK;gwA1C?yUx&xto&U#H%5&fUyI6hWhMD9WORgm zB)8`}t{{u-KgTDXy!>}?xU>Ikr94;p&zfRS;tKL!B5|paDDw-p-{^p9xpHc| zU*szsF%`VVpJyy7^_Wntsru?$HgGj4V>vMiS{9rkR9rtH8$d^&%tT~;bo6eSJyw~w zSC)>$3JnJEeziuWB(_e&TDVxPZ6lbh)cjd2M1u)};i@93!lodWt9x1t#M25P8QyOU zA2~9sW1?dCZVDBpv@OQvk;JdH_WygQ)>YsI`+xT&pZ~vicyzM!|JX`-?)(3}^E6k1 z*WUlfu4H|26`%}*4g9(;pJJhNOt+rt*6T-&mRWfqx&?&)gX*$iDLL1p7mgWD1dg%8hlL9Z) z|BmwUpL)kT{ck(v8S;NU#h%FK|ABhQQLUSez&xn3{cB{+ZS}zf63@4tvKL(((D&xe zXLTgU1??@vl}zImSLAE79)G!7^XF5o@6r(Xa9oRL&%+5xa1z?UhvW4a^<;_o6y^T< z1}7bpLQYi`nZl^TYun~|e3)QBEOXM3s4jIoSgPb#^lvlgPwRB=bPBOA8P%ip5ymZS zr=yQ;bzgS>{~SSf8!aaQEYklDJ9+=VgU;bD{^M54Gu;2p6nhf2@4s~0Wg6dqC1@@3 z>|4@IIYq>yY%N3O+6F0ugB?pL;&8l>$<0BBP}15QN`#W7&@$6NPRyJ+VRw>gmu2}s z59RV5QYz}){L*Cs|L+`k3irPbI=lFPTPe?w|Cda$CsGEl6(-;xl#01Gz^n}+$9KxE zu{|pWwBGu!Ck8HB|3}C9{LhC6hdckzt(0fK{-4{@Ut!fhs|BAcYpj1k0~d-KEMVdK zKgzHFqt3y>ZvAhgJn!|dr`U610XGVxMO;AR{hZf*T$Ww`VnP`a5HFVc)3V6^)9L2d z|G~l0&i=EN@(kC1GR2-~-QQU4$E!YmRCNqwj1|VmEudcH7lJ)hm?XMRx7w0o?oL_& z7n!XqF)6c@Jb(VQE00^2=KpntKC3L?{|B9d|99{BaA*J7N_md_|0#vOo4D~Rc`w8E zHL3%SxJs5ca2bLEd9}~~ug!_0*EonYKceLuBh+U523jF2wfvK^^sV<16+T&y&mjD#lK`(R{onJChl80 zUtL`(aH0HnkdOaxaB{NK|F=?}q5Nl0u_uxOe@09=_o)=9e}glHQ?(6%iF=(k$mDa( zl9kVOMQA>uK8q^QVqoNSH3?k7FeL?F~oV5 z{E<+=s<)^|AtD|oV-O(D;dq(7Ea{m6@!UF=rasw(w4U}hfxB5@{SinIOD=FtsU_*V z5n12@apg(7d&jU4D4*tLtseh73v!E{-U)vH!DTi1ueR&2DvSO93iiK)?k@k^R?4%L z|DMkEH!u1v>-F1x?moYES#AB-y7rTlMfzW_Q&|6p$Gi2vmGW%Y{}W#OsnGo{DfJg9 zeiG?HlJa|j#`lxdg*K2f(P~;>j@+DWU&5?&xLxv@n1z*}-I#at=u$gzdKu-x%DIxC zqQn0cp$KJS71ZqSXZhj4{_yMRv{Y;XCP4LJBa>fK!$UrteeFx&3UL}S7x7GF_?mRU zvQfVggV&mVBN@y#=r>|xxAPnM>z8`+9}0as3zl&C&6N4_U-$6%Fz^4-Jv`XO z|K3W;%W*Iad3)M50^8eU;7jDRFJCI;tWo6qN__;57S5Ix;nox4Q0QY9a^2R?(2o#z ztQj1?*Nt-IBUezSn+>3FC+{pg=3x?l`mO|{V*_1Xu^G=aFh+eJlkrcX2L+1Z2k`zn zVq???-So*%BndMaKNpJeUfCd|d}`LHLEjpqbg!sCPO|u!-Y+{6Z&ES$+zA})0r?lP#hK*1tQ zu*+5oDHECbmup472Y-Uk5f!M=1D~TB&5xkZ7qs7OR+9#RL`yST5ATC9eXX9>96^h` z%MGLbVZE`87q|Kwu_<=ZsjFoF4=c>^Io)EIGAw2$O^y6A{VaZYCf_CP)`U_R?ZS{$ zV}%1aMuRZ&eW|xGBrJNXcbAdxU+XtE-(rxA(Xs$rDcf)sV4Hd1QX(KGh*?UIYNrpH zU%n)q3N-nQ3lt1IG=h;Y1`Lfc7i^|SsFG(>js;~i@bJ(tuOr|XJUpaRJ|WB{^|3pv z8Y_zwp{fY}1O_$GJoWG3j5qCxxe8AOD#IltUdn}9pxLIOFrt?Ff75>1aw!?%apsw> zX5N@%qqhE~_-4d4Sdc>n}6=maKI=PdLI-F z2iMVPgzrJK-2~v_p*=y+7n47-pjF>Wh9jY8l|fE&N-SoMiUO_8seY_k;T_aCp`pWc*1E!hTqIv#7tgAru`6qSH) zF5aIHzP~ts_jbiLR3;fkC95e=+Sc{y`^$IdSA(n5o5F}JYKFrg^bs3K4J6Z*7j#0v~$%EIC^_Cngr2}<~W+lrn-cd6z3LV?bBAe5X<)r7eR-j%A zHVT_s3^DAb6i|g+aSfNt1U7tSpLOap38f;ppw^M|E#-v?LlQ#8IzkT(<@iIt4+M+Q zyf)Y5dBri!jYP@%)-`epeI?eLnImhn%k`H~9%hx%fim#2glcd!l7i;UA=E>!z{`qi zA@yEWy%<0u@GEPo#4syGkE-@FS~&I4X(^y;7M}%Ho6Xn4FQi$MA@x?qPJ-Gva%vRv z7!rZk!BWGljp`EiEjFB5V>XEUgdkN`~rq} zFxA!Mhx!=tN6PRYlnCfwQtvbpl)KPJ?CUvGRQTRNHbx?`c$A%*0(GvEJ2_o?({3zc zBFWIC==NfEv7{?Tt@V$|m?6Go*4MNwSpU6~lfwEx>Fw74R*Eh9uO#j&$!^Zkm7Y5G zK|r3F5G3v>yH%c}Z@30KL;}W62p1Z}^XC>N2hN5t6UhICW@Yq=tpkIYP;!kqaaTdp zf|zI)^O?hZh)((0>!A(X)Cb6d%UOqc4;8H z*g8CT(>px*_VCTC#W)(oAn|}?W=x@IaBGE(3hGkdu?K4<6rOmVMAv#|h2Sky;J|%Y9%46f6u<`Pupz@0+Vlf6$cQH|y+#<&(W^Z_E>nMLsgl z*m6$B(t8NS#5%xU{s78Sfei7oh6-hvS;c9=`h4zLZQ9pVhp>L;a+<|G&<`@y`EmD`j0vS8nH5GiRWx4f3#5&JMp7 zIe;M#Gvtb&t}b}L(Xtn634O*45~02G`v69QHlXj*yHhf|c4>%=U2^^^UcJ;>{~-?_ zQUC899Ud3-|D#?0hpm*{`qgpK9X5on6Y}spmD=qktX|7yEcJRNOQw>$S;<$_NB_Vo zX4e`kIpkr@Ma!sM+dfRPk>44EiOl{58g*yTt(zmWh_UZBg~NZmeJ7O z)^)?D@80Q~j;H)5juNYN4$KEiu5{izRWplap~WKZtt^rt+Yyf5VG`YE0V-gpL{2sy zg`tn6fDiq2Hg1kW*2#Sz%WmG2?QNNN?$QJPE9l3+dJH5Qn73B=& z0uk}E0)6H~99Wz5Q*-(1QfvR0%(dlGA{g~U9}=|D{7;>uLjLdG@yW?<|KCR0{-$Kl zqXM(7x`r+=9V9gqwRl}Qy}0RtUz^R}io2C@lF#l?KIUQzCv=Zn>aYJPMtAjNKGj?*6@qxUoQ)7&YPzq)sn%%an-`Wl{vm z!qv&(Ohqp80MWfbL}z+?4Vo|vd07)4L;)on8PcTYR&IATdCvtDXcYOpz#;4P5}E^H zOvYu{Op?Rnka{pVJYK1(p?p|6Hy95^Yj5UIWYuVDaO zu>Y6jf0h63_Wx~^r`rE_8^7VUq2jjxIU>M<{(g1AOEv=xby$qN?FnVyZ+JcGcp5j z@#r|y>+}q{@&x%Y{9H5ad)f8>2=?D@=P1AayGMsR|F5l-_4L2B*}#*nUR#NsckxR~ zK?6$s*&s-+Ag*ZW&ibFOaw8=6u6+i4V^{tfr6&KEs@7xq|8`G~^XGq^!|sm%Z>4P5 z|9Ae)pFMEO0Ud#lAtKij5IA&>UIT)V2Lx3&Gg>VVbNN9_wgyAonnE9Yiid-{2_gU! zE})8n38ol=ACVsvUF*v5O~ltotY^5~(q*E}-yYIXOD`!s>V2ZG=2D1=2TULqU}8M^ z7(&ElvrxNqVxn);oO@$*lU9qP3|<-MZwZa|ts9|ckJjMTRno=RIMxyqYPpQp;{V2! z{Ydve4-Ptc`M-10+2#M(O38E1giXfN^($bMRktqJ3f~gX`5_W8TS>hkV>^^jYxxL8 zc2Jw#MY<$1uiX9=*G#TW+OLXrb&P0+xUk6pi3eV)3%<&^HP3DC&~PyN?2%Wm7S&P_ z3Sk<{#lWwuZ}YJPPjoL3BhYU}%r9epX+z-Qq2F$o*N_P7Xt7DG)@E5fMyaT}+WI&s z^~>KHT73EPaxucMN;c1mpXH*LnY(2Hn&v?@?jzILYD zNo3pAFYCr(nS>h_1OPiYZN6z0WZT?=y*bk{I;#SGXK!NGjE`Fx8Ml7Bnc%oZ>Sd$d zuNK<=u(V%xj3Cd$I;Pej9!w>`)sWn(KDEWRQaR_Tx6!Y*EF=G!XmU%7fs4+64hsIi zz24F8{AVj=k^C2%6ra5qxZ?sVm0IiHm|#%L*j`#L^EQ|NzuP%E$mjpwo&RpB?3sOh zEWk@25%AKd^fn4XbKXHv6Ev;!lcp49o6T3RKnJvxl~2O_W<(?6f&O>E!>+Jia3tcF zbCX84OR_~a^{q+^nn`g{rRiBUQmeNPnFOAhV zgV*32bdR~bcoy>tG3 z{*S@c$B#GPy=dRQ;cZv%Ufee2n9vt46v9W2sc|7S%r*>hd)jTMuHx;gZp5k*Z>ykE z3iH0onWLS?_0oFrzn)FT%+mEQ7<4fix6jnZutww;T^6nXlTPmb0h0@C^hfvjc(?wy zQ*yR*7YgXpal8sJZBJC}3M*z^u?ppV;A0ZqTW`(0lCNFF1Ri1J^?`X>UeDqZYBsiX zqOkJHOfNoTc#mhXnYek51;a4;*;VlX8y?~=!=XOlI|ZL3?A`)76$JPvL}SFjjfNFV zOZo&l;#z7#K&nBQv?xKqLjiRf0NhAn3Ud`qGi20@RMKJaIfB0GzXPt&2r(dNV$Z+3 zyK{b5?HSZ%-@u46;2{CA&z*)bR+^qoGyUkU%{=C=|EcDT>oR~v`d=abQ}?91yZ^nN z5;8i)9%6lVuRklRwbpyY%9x$u*iUQn)B&1H2f0pyHAtu0u2z(kMzK z0f5Y%m~hX5cYN3fJ&nM@x1Ia=M;N-thd$CjP4ge}R0GNQDdkUdny7(xkB{FRKV!q>T>hVG zfP*CQg9taA|GRTkjQ`o)`TuRHeEHJePg1g&Sh&j3AQJ}Iqb_f|l(;Aqyq!%z3OUDP z(h8~9l6yrP?6-}#k%vZ@AkegvwHW`3V*ZvSYFWfE8DF~-Z~TQw%7~C{G?P0|jY8bF zTn?&QgpX;XX;+>+yx{9sIo;+=+2n+M$zfhJz%6ix@OYv<7t$JOC-kC3#I;hxZf|1G znR}TjR)f$v8Q6A}wr1BnQM#&9L7X;jF(v7oa<;v>t(ktV&4qJ~)L_KrUQNpqU=s{I z*U%!KUcKgO&WeQ$-&%s0cu&DYI2AZ$8GMx_|B0#LHEOl$8eB@YD+sZYnVe`Tm+ zJ)J)>=FNsh{CJh=P*^MJl(16N$yzD>E9T0)*-~S^EHPth%$c%Tv%90 z`ndKC0?B6C?R4hMsrBUly87P)`BH~pMg6OB|ErtV|9XeJ_)l9YHbc^8wSkd`2h14O zv{yiRpm=i#P->7%J_{KpVg#Ch=k4Z708s4nA%8Sed}6Nz`|pO-XdCDEAtatM)T@-Q zbfg_4)PYu`prOXbckQ;;O5bXIL7#(tkbn}!z%o^WKY?Hoal!F{`V$A&(P)J4L9TZ8Oi@^`VtkO)~e9zI@4F1u3ukC$N(w=Va=5K!MJeF4;6<8BJEtSaZCY z%I4~Ls}GtI3p1K?L?B1sHp?NJ9@gbE{N4>ek<0T%DiYe7yQ)@bl@rpUQ!>HI%koZM8uC>-?9wfNs&OxyT9-13&xt z?wtZV`0tC$e_ebS{CIP7Ik^0IbyM2Jw};(s8IJGI-%HHipZ-6Co2%2a^Xt;Di<3zo zX*%g?W^QW5@c-+l^Q&J5|2VxqA6%Z^{8$EEvhQ?(T1Woi;lZAf#W&`v9B7xbGgT!| zKOavKL7ZPQIz(BOeIi8o0}|PXz@%Ml=b!2mRmo(mHw-}!ZyNlX>q;k>c~2uEayE*1 zkmLl;wI9gp+V8^5&OEP+JDi-lmvh>r!dxbs)=Kzmw+C#=wDjxjp~=-;AU5VOW160G zl%`!f4Y1=Bz&ulJ#W&?TYe{l5-9j9W^-RzDbl{kk63OJ_%e+#Flt8y*>@>;cadUa9 znC-JtWCBGq&x+H~%5hYfcNH6SnU98p@>HsF=CEd{D<9}yYfnDiLMxoQjr=WaS>mKi z%FW_2tX#WNRch*gYh{33p#L2l9hJm?+Ub8=DYaST`jecIUraDJ!aihFzD=_nf3yNl>c+RqcN%gI+m3EUHfK5(_jf}R&%t>ymSstn7p@hpnSZ=tN zB){3vUFz#bp1B%Uyt$W*RI8##EfW^fJ}Y|DD6FmIX?_(}!X2~F&B8tEl)*Jm^Kk1A zYk~jI-T$2l@&l~g=hxX|7Rmod2S@q)-<{q5zn!uNE}@V+2nT`!J=QwT{xHJ6iXRn1 z_ZE&3cN%*-#DU@O9PkP9eK7XvPIXN*N# z{a>TsaE5=dw)%hkU@~sY|HVJ~l(bVoayN=XFv33KjeUpTg^hh@2yYwvjtJ!6l;Lq> z|Nm?3fuAA6G~(dm?Ky8aCRJg>!5)HbU7gY28_txw)I;sB;m~UC`oB6qef$303B2{% zSg8MZyZQJp-JSlwof3<5jm9as(sLmW76&=<03}LtGjg959Y9A+$plBCDx8X=nS=(S ze1(<46U=C&e2|&k_aX7(WSYRkTrfP01oA+DT}I;=N=~Ekzrp_g2P#m1e;?dTkVFc* zHX5-&YU6P?!R{mu#FDyHk0`UkvN+%;j#S@%%?5n=?d81SEU$n^-ALIPRa=4r59w?X vC~nxsMfO?|K_xknD9mVNDc zVQyr3R8em|NM&qo0PMYccjGqlC^-MFJ_W9vIo<8sq8@&AbT@a`<8~6y^us^f$!vZ( zSv5pL5@Hfy1E6fB92^Z}Q1O?{A>9NhGRD#06x3 z>#W^YzH?tmfrL;21*U}e8vwXaK%b5s7YgAc2h%o;1Z`o$1@!$sh^NafhCXg_#HNU~ zT;_e(bq;z?x6>(w;UXsR2qP~6P+HByJoMqLMPPvX;6l#G(t7ee521_tKuy~gpK*bL z(z=xQfsaXaU-~v=bc#L1TjMF~1A@dIWw)4&9R=6H)R|%?BIwJWVi&ci-60aNTMCRJ zA3=@``k94QQU7yd`3}LXKTceZY~3LLeqk05b(RxWi%s!~|*Z zuJ9djg+_=0LBT|bkoVi|n0##?3dBXb0lcP$$2k(b z?b9*k1{j}?8@Fh7N14a_jg~c7jTXRU#2^oi%?Crfp zAww<{$ODiAI+9gh0|Et}BEX|Cq)Y&_QFvfD1Bk$(FUj)BBivEHkoTRW%BP0riIgEv z@2BQ%j5Yu`fMX=zlw%!W#^l#610()dePB9p?DQG{gnl%}2ZX*67dOX*PqYcqx|m*C7OHURMH_#K)e zzb|(Hxyzz^*N;5(A(jvnimkku&;qy75XHY6Xv`4jKR|)*;H-Su#4JR8@PT^hk}@Hu zU-dVt!zG_c9K0(OP=U$_7h<1^GC(y*q`u7(ry-D!0wmb14Cb__CrxgY#y%ZF-w1-j zH#1Aq=`9+;$QM^=jJbp=xdo65<9=3q0;<~6o;{oOK&lr5Ot4rVmZuTDq~2T1S)>G; ze?;CGiLyQez=qJ(Z$ciP=SF1@{7Z_ufJZ|mrhpNnL8%zrP(R9u4I?ozloSjKG@kVV zB$Uho8gYei=+jvsWj0mIOs+v;7A~NR#zy@=rOH%E<{h;*1Y!jG10&3G(`iNnBqk^_ zzX5O~E@&{2lLxze5HY_Gno?Nnx7%^g14<+sn2cK~03(UoFZJAU_|)xx+xfQBG)-(C zreM&;WE}SalY!Y#viO^7j?EDir0((Yo8$KH5RDPj5XTITAc2b@mSAtboR9jO+Qg_0 zu3-_OFnL@`1iBZOP)z!uY4ue9Rb$=hil&X0WXYJcC_(lT>~)--X#EwHto$!f5Gs|e zJ(wUrM2tHkTw4`bApducjt+A2|M5ZZXea+~qkQ?&-UsJ|M+||)t^zQZs=pHKISdd$ zQ^aO>6T}eMZ$CUVzIMO$!8(MM2tZ5@4Vey2>|jrN`5qp zy|Dj&>Y*+zRqG#m0VXX*eYCzcV3GazxO<#m|0ms@{=b#dYPB*JLMaS8QedSF|Do){ z&g~oSVA`H`8@HHveQ>6wpeyR5Mt}tLpin}R4~NJ%LS!`OM$p}`_QR{CIwe_%8U6S=k}WuOsGt-D6#;WT22 zIIO<(U?>pd=>s7c9!3HMkl+#GB7HT1#PjXCQjUWm<{@&2n0T0sOW&mrm3~WHls@?! zQ2|QjK%WCg1yQ^bb64}NWqk!ZdK%{wUEiTuOITr_{HB2$SWyoyvF;sO&j z!dXNRnbO$^`x!cpjlP^bFscY5f??}pjy>c;>%*)WK7B6H^eOag0J_sjl^6Rjs`|;1 z8!;?qizkFVlSArb*TyzPh{+m=2<+;!lyr2o^}g(N37*?u|5f~d2svu$<s*)wsWhVTQlk%sH{Ew&X-vnoDbtvSR3im(KUtN8I_r zr$f-xbB?$7o3ETxt}y`)_!D3vS2^f`=PF8lm8EL^8&k(d1i%IB|KQ*tfBtjQJ2=>_ z|80~F$$q80Ar{8=%$d+wZNH7&R;+i|baS*fZt@Xj^yuP}v)>YQd@ae$FSgkP3DGQqV=5Jct5HI1;*QdOT40 z-5y~Aef)=(v0L%U0n)!13VrOt1P~Wcpi$(T2MckH1m!ODF&P(eR6K$b0sWAAaZQcJ zBDksj+HomElshgBiY*vf-_*_l9wVX0f*~kSu?;1o&x$}p>Uqhb&`=!;)j_$EGnP!K zbmO$Nx6E@hI+?$$x{Hue=Wh8{)#?afJiCY&QXEehG)?ACB8c&r9O)lzbdOy9OYR6< zAR?yJj{@ZS5C=Tw9xRzpsWz7UfUZj;Qj4gCF;Z4S`@q&dy)O=A%*ZT#%xW^?XeTBv zE;ZyoGc{Ki0~hIkhew^P{MYLo9d~!~-!@7?tow%^?fOQ+#bO|jhQA|MD7QV`-nC{H zr&pkNW5ejU*;TakaXUm@m!g=wFtVRIPvHVX-0ee+~QpVc!0KbhPvT-b#5| z`@fuJIrD%0)t+6@64cK6zq9`Dtp7`uD*kUAMhR|(d_C*`V*Y>9%k%$}gX7~J|KCO_ zcb-t}JN1T?+}7SCwC0vvhSA%?CH1b&in`RAT~RU&dDu#3*3t}Lay|(Q`aZq8WO#~w zG)Cv#g+A1`SB%5uh--PytS-r#`rs-er~H&ig>yo=_@KF5>IEua|HNZQxRS3pdWT7L zU;RD`Lmvf*2 zH^HAurOM&&(jb6x0sPu*4>4);N%M8Hva6x2aGE zv$(2Jw5ze3UoqXu8aC}pmQ@we5;>}$X@9N<%QDniNSmb)Fi;wm{pT6!=R<`VvjqKW zaXtpDrHV6sHzY+im4-pL)6G6MGG6+;fG?9eFB4h~=z|Yvir8P)g8Frrdh*|THh@L? zf45sW|LGm=FXaTxuR6O$m{>6UaZrt`hWNMxVyXm zx0SLI|6kkWn9QyxF*l~IuV8A_!6M92R?A4{Etu4<3C4Kptqmu@_lT|jISmnmg0hyR zo{FeY`&)1IR?Pul3lm9wx;p-GK$8`|H>Q9MnvK_()GL^b?bcQ?7w7xErcAd=w-=x1 z#1hGfvLW_7M6PGt6@JD|Ie*xb5rmW|WXnE@KxE5DTBJ%ODn-%H5oXAH%V>B8Lpa1f z7C0ubwmVgv80AIBMn-L}Y;jp3ZjIBZjZi3agf-{fDr8hHa^&UDx;%PE?jZ9{FE4UV zr#~yuXFkNiPQrZTGGG3S$R&+h&8c;ovw>5Vg#H87*dUIEv^#iN`QYV0{M=>LW0%dGqvVcFK9cVt z_9OPF_gJd-|LjCrF9g7X{l9aNkN?!`92_6+_Wx~^`Ri`&=m6;wTO~jMDC1Z9d-@9u z{8F^Dkpir<$)_guvn*BXKenjE*Du#G122;Q4?8FM_1`_&#edpL$*q4CJT#7JoaX?g z7k5*A!I;|K>slquL0t-HaRCL7=hX_DgMG~;#VD~uF?x>?Pego!5K?cDXghyiX~|1YD?TLLSZ7NjM04`ym0ngx)&dwu>49= z>trHCXoboxSuxK(HsdzRg8kndsH}Ggyh#4<7V`g`ob2p>+bN|Ie(uoB=0(+>Jj?Q- zr|$W#{B6$qpJH^kwfoot^%_mGZRrzvV33(EV=-YIpy8cmI3EPCtjs;MGV! z-uln-|Eu%Ux9`uLz}sjW3;6%Z;XywB|3U9$=l{KxvInm83@{o0E@Fv}HyWqOI~``t z13Cqc$_E%i_ZE&3&!hqbLrfr>S=qb56hi>P1o?sf+G#ZQ;#SlO09V@AMg_D3jmF*{ zP-#fPTNEPVA)*#ot1|VZ1}mZd6rTr{!M&jX=`;tKDG!oEL=Ifa7;=R_dktnZ0zt$@ z`a1VnlBF!EfXUd<$FmRzFF8UWgBP>$8c|mA)hh?wOfUzSgCTNZ#1W7vSg{5HLCBNs z4-tSF`nbfWQ85l;`_tY?DyFj(?qe4Mta)Z9pXk3g`=S^z27%2hH zuHI@ydD?eXN%lJf*iaA703u3(koZgx7*XG+cd|NSjIw^e(fD+({z{3cDdf^1^pTu! zD%oULfAEsOk~LLFWye*wQe#b~KiUDnuFjB4#{~a@K(pBgglh8y($%G41Dfv>Yr$K{ zCqoLE*OVlUbJ;a56OJ~NDzOOq;RJS@pX3xg^*qVblqZ$pJK1#W`aYYzGfs|EL zM!WzLIF9q+B?re|yfK0R@d*$UMx*frKmritYH`U4;l()06}7jw2dWlKinW<(lmRN_ zvc62rjF}nQXsF3&#@?N!xj)q;GOlrQMri6;3qbYO0oRzg$Yjovb2ySxlFA&X22`^e zOn{K>D5PEktS6pFRf@m~)QJT-$}Xo^PtJ*`v}7jv)3OaFKx-`j7xhK*SSN zU#mPPpE73e@08c!CvZ1G#O|AJN_H3m1G-9DK5JZ>4`;hsbrbJ^Vx7BF9sTVRr%o1ZBs3--R z4QH`Gu3>z-YkI-Bkmwa77#xkT`x=e6Eo7936ZL2oSy0_DzfVo_&C5q zVqyoFU~JlnM_%%ROX?**)ta<30VUafwZ&JD$Q>j?kxUJylRzi3w`zZa z{}yTZdFwo+rE6Ua_>0?Ek`BX ze0WezO7taWnhkKtyEIqOx7am`YUn@NxO{r8e`i|#^jb}qPZdpm0z)K+!%(1Vw34l( zWCWdf0DjQ<>gH45B(>WR>Ejf6HR&E#-xkr!+S??>Z*)$+`4l&a`!vNBS~02Oq=;6E zz)!g`$%>9uBNPLwISg@~m@F~QmwGtt0WU#u#Q`fFpm~_g8z_TTI!f__%n*Tps?3Rv zhWgYP z_eH1b*ZW+HWRnDc`t<3kRr9Tsto;XuVT&Q?1!$8tpau4yqm$!qKL7i{?*9LFO3wb% zXnc$q_*MO#F7((Y+J2SjCk)&%7?xXqjBB?R-js=aW*LB9158{$@|4m+Vh=ws!ag!u zk>m`DMH)lEy-B$cpCo__0ie&R0fczJu@Cn5e^uI1iglu*zuMpLOKzr_h!U6;r_|y! z7|E85l1(F>^-?O{8mMM|3z(j2;S_w1uzL#>zk6*n;S5`gVnpJt!shmx`vj@^N9nC8 z$4j{NYY=KBkfD*b_h_V6;IRRmX%;KrAZY9fS!+ULe?Oilmd?1)lCZz8^-SxvvKl~U z*%8W22+l5)(#+lx1!1%5^NK3m zli3!MAv4hV-N z6M`aQ=yfXO$)5fyRqRwCH62&p#7g-#58Bh7bKgcpOYid6QTvsXcO}T`e{u57+$F{} zb&Li2-*M-pnE(HHm;Z4q#rFNmXFN>KHjU$#lB7QxhwU_ahv!jpmN<=TPZ>KpOYA#i zgy&3rR=b{k?L^%V&OnrtaULW!Sy48?rAzR02GH=?Vo@%w0luz5Fy&7c%C3tSV%`nnc4)6>Z#jtF_82 z69d7H%Is117BL6YrUno)I>NpctV#B8oPn7HL11W#H5;?u#t(Is0P%@de{@F-RQr)? z^M3X|U10x^CLnGLEo9Q@Kde zWm1Iv`S!#0#X3<|Y@tJqQkJ^emM;BhjLF8@3sZ1&g1l6Hkr`Tp;7yJtmUPehEH@uY z*mjQDuQQD`^vZ7P*E!^@@fXNP0TOIBZ{tZS6{pj*H-CnvpH6%EuXA)NkrgfJavd5; z$dwe5FEe9~?$wb;!Y;YJMdhL*D4g^4!JmMb010nWus$8XLsR4zar^v zC|UjAc1_-d=C8}5`=3XhT>SU$(c$j?*LI5ST-$HN`i3$R>X@NgrZzdpV=mQK$F==- z+i7c`@OJ!#ONl;jFhF9asYQ3*2fzN-u$XZi;1dT@rAe-T|E8jXV#rm?i56tMoR+~W z{l>y9HqC7Sx2GPzbxU^ra~Ooa75xd_s|Syq|MB=BfB*C3aF_pgJ7s^pTx~+2S%$v^fJd@UOg*~a|kuqpU2S*2aY)|tsG)?b(8hOr`(y@=!sen(R*BU|} z5*M+S*3?xf3jELLinha@txZZ&ZY+E@z;Ou{KwkN+v*nH7S4Zq-GigT z`A=t;|6wa77l+q{0{V39=w+?$>qjDq^U<%og!!GiO;-wFq5`*DR?uP<%KN~_B)Tts z8!|e@9^$R>l-XgFk_&L$nRhX-6sA#h3NWqEOqOp+dul_84_q;AFJy!z-!L6&x22g% z89}pQ7kdpDhE|Lg=b-0w8XnS7aMi=)q8%iFhKQKJR&nfgb-tdtQb>pLr;chrGsnwP z3Z}qzbBsx8Zd3}0eV%$IrfznS10D@q`f{OiPKfLt)@x(I{(pFISjhi$bhz99w^D2;wmxX8k#9Cek?)tk zY3wB%K*oW)Dfb;d!6VUBAyNPr3<@-!IgLH=OMF9FP;g7=9e|SED*sy?AaFNlcQo?7 z#$FOO;SOTGFG^r~|J04^kP3;*E+o2tA45d0W%n9;$}d*Pmaza)_)0mEa~dE@km?>! z{J3HlI?Qc^1#RpBkE-Xd0R)#<8a>(Y9r9foAg7`CCnj+ksEwhih;PKaXBCp8t7 z!`v)Whk*dPF5=3KSpk##OXCg=2aHlNpvllGm9Mea*aO%4#unGG0vur1qR-it@g|21 z0Tut!i+%r+kkE3pKTu(?p~Rm7F`+#1^i!7~hBNiikCGy1MrhEZJwXgPjlD)g2lThZ zt7a4IC5{4^gF9I@6?_t5q|uPGPlb*S5y4&`e0eZG)a*3B+pW8Lp65 zKIvS~P;)Usq6&pTL8v{h5qb@VQT#gg<~FhOzyxv-A{JmB1Jir~&=j$mn5dihvc<$9 zPzp4R`f6Bpv+)2FK)aCW)?;@;jX`3d0cHZ=p^s8hn($c7{r#qP-ZI|du_x%j#Mo9z zIz}qqh&g^ERL+(!=7^Ab_TK|Y1U3(}@Ha@sbN#tFiQ;|m>x&n^8BgvRFr zhIo)#d8HDpZq~K}$1acoW{fiA8Sy$cQmf;-K^Xb|AT+`D zo2ULAobhJ%txi`ITYZ)9Ni2XThOR;0cH-0VI8F-X)A2xicuEBb-HT@O*w^Q6O-x2q zKb6dCFv7_9(rx7>2I+E(|CcYo$giY+BfJ z8mTwV9=KN9$}HJtOaPG!wOPkhOI)h8yRiDOL_g3XWnxUmoJWYa54(rQd+KkO29o8r z4!=D(Iy~qc^t8S#{5T&^nY);o0wBdqR%SzJQum}uE91d_Y6r60t= zuV20ZN1KmN6WbMdc=%0;Lqn9tRnj74db#b_d@?Hi_~GF%`^Z(dN`SPW`52iTis~cicWRZf_cY!2}J3)Q0-+p*#G-S2L`F$wW;rKdge1F!2 zbyO9v@nW%e`W6B<6;Di(O&~G={8K{JN*o&%uUN`96*J1{GUzG95k1n(ickM7-17?HBlYYi{R8( zT^v%5l$ryQRf_Jc`Yt6Ldx#-#QEy|X&(i6X8cUo^qjA-`_0$BK^O07gofQ9;MV(gZ z;A^Ev>#2*ns4D3W#;HTqAS(}8W0)wP1dh&&6waxs*P^4xv!YI{p}#YjsM?9i!*avT z5;E0ut(!ANVe3y7EZih<3!OAfsyZ6oN-H|Jsn;6LvN=X$J67pOA!MRON2zU~Fv@X6 zhkE0jr*f;bRc(%_Gn~b5lWXFoiBt>dt2i{7uq=3#UfxcO58$Qlj*^d^8zYJ-u&)50 z#OC7IPQ7SFW1fVxHR^Hc+AdxTFBnC#Uhs4YyhJeiJmE{igls|B{cIuX1-( zlFe^Ho4UbOTOnTQ#fZX>Z;WkqLn9DdYHN%@+Hjs4>6@|^UtfoDk4Dj-~*3?Fain+EFJ!1am*C2dz>-TheTF*)H-MH zi-pk4p?)a?%hf3%e6d22+@&VuCAy#SV2LC0WN6S-J490%$5R`T6aj2cm}TayY}1L` zETv7RMv3f!K37z=P%@H5Cf{%BWs(&XMiBd;`3sGJhdmV^(IB4jOTZ;wJ1<);js(a- z|ITroR}T0$7ADT74l(^&8!=)ObHvvXfT>W)o*ZzFRZu4#&I+nr7CQQshespC5XpZ( z#ZbZ57-i@p@i8Gso#JB2PP+o_A7_o@5tuVPS>g0686I>W`q;(7p8-rftnIBt$L7ky zN&*=!H)f@xy1fdkS)^ISwfSVabSrOnm#kY82*G%tmq$SQl>lVSYRzV))y!nQ zt#$t6LY={7MPJZ`_kRy_@t=F$PWO0s{f#x8*+sjMpvZRt6N10Eh) z@w_XfhAiLTvneQ5&q`bI6N_sa3*k@$fcaZnaiG5;5->{uOnyhMNN`LpxHyhubB(7S z;02}L`d4Eaz;HDNu;~8R(cwvc{r7g~zuPH~xqi2`Y-8k1epl_l`ey>Iy${|~E&xq- zWR=?l2cbX9dM|^P6h?3e;xO>HXl9(DAwxPsxJsZl%6+FK`@{_C2B7~PpaD(###$8yGRVUGq zm9w1~$UaE%>l-()%*DDVaV)Ni@l24ura|KRT_Bny=@=0t1v^jU9T*>fA*EEUV!P0P z4MvOx2`#JfG~vQ*74v2JTq@LaGMZ1e_ex4_rm9&5%$x$Z2x7XMfTrtXM8p7lgOH&S zzOQVcvB~1G zv7YvMxnX{8R3lTABv>txF4PoTL3UU{a)@J?2rQ%oe=b`F@3n({0{{YY4d$JL0Ls|kb102{dX0}XH4u}shrR6suo zn6d^c?DIgu%8{Ohyc9Qqs*!t3@5lzIK7S7QWNcK;vK`M?dM0Y@$+9?x>>622@89FG|qX9G>OfVl|S45_EI z+-Bk^)QUc@6Is>45qkhDG{XiLw1Sa+RFs6fX z;e)N?tYju5eql<0Jq7GhY1i#jfC4U{;992BBl6S}?uWBXzZQ*(JMc`dwq(VqoAFQA zfe+|jfFI6QT`u;p5OgnO7q_!iz8ZODS2kOgmH+hKzFGTE_xK=h|2aI|o&Rp7JVW^} zj?%Gx5m5WfT$t#amN>XT&^x`n07leN34P73l-mZ(9#v-}&}Ts~#Df%UVY4gQ6egGp zI%Y7aw>7B4rmB76Dt=ks=kFt;HT}ov`Irty2L9txAa13K2;b-4TiYshZ{fIlS5046 z&<|oiVgE+{p9G&!b@jtdwp5gvqImNas6C@^}fByVF6%qdV^Lubfsb6(U^!qdz45QHq zG0m9=E)1cIg=O{!MdpA-`~OKVum2yO9G&d;|8117WdDCITmPJ0 zUrZQ+9v}GT*m}V>f1^(HWo2N#th+1Z8!F!wD$d6t3RLd>m0I-F*UPr~jzSN4Km`h| zzxSEy17Cez)n;X*?>8ekZB%4}48f|6_|$q=XXCzBZmWyB@6td8soDSuG$`?P(jkEN z8z4ad@1JGo*Ad^=+W)(CcK;gwA1C?yUx&xto&U#H%5&fUyI6hWhMD9WORgm zB)8`}t{{u-KgTDXy!>}?xU>Ikr94;p&zfRS;tKL!B5|paDDw-p-{^p9xpHc| zU*szsF%`VVpJyy7^_Wntsru?$HgGj4V>vMiS{9rkR9rtH8$d^&%tT~;bo6eSJyw~w zSC)>$3JnJEeziuWB(_e&TDVxPZ6lbh)cjd2M1u)};i@93!lodWt9x1t#M25P8QyOU zA2~9sW1?dCZVDBpv@OQvk;JdH_WygQ)>YsI`+xT&pZ~vicyzM!|JX`-?)(3}^E6k1 z*WUlfu4H|26`%}*4g9(;pJJhNOt+rt*6T-&mRWfqx&?&)gX*$iDLL1p7mgWD1dg%8hlL9Z) z|BmwUpL)kT{ck(v8S;NU#h%FK|ABhQQLUSez&xn3{cB{+ZS}zf63@4tvKL(((D&xe zXLTgU1??@vl}zImSLAE79)G!7^XF5o@6r(Xa9oRL&%+5xa1z?UhvW4a^<;_o6y^T< z1}7bpLQYi`nZl^TYun~|e3)QBEOXM3s4jIoSgPb#^lvlgPwRB=bPBOA8P%ip5ymZS zr=yQ;bzgS>{~SSf8!aaQEYklDJ9+=VgU;bD{^M54Gu;2p6nhf2@4s~0Wg6dqC1@@3 z>|4@IIYq>yY%N3O+6F0ugB?pL;&8l>$<0BBP}15QN`#W7&@$6NPRyJ+VRw>gmu2}s z59RV5QYz}){L*Cs|L+`k3irPbI=lFPTPe?w|Cda$CsGEl6(-;xl#01Gz^n}+$9KxE zu{|pWwBGu!Ck8HB|3}C9{LhC6hdckzt(0fK{-4{@Ut!fhs|BAcYpj1k0~d-KEMVdK zKgzHFqt3y>ZvAhgJn!|dr`U610XGVxMO;AR{hZf*T$Ww`VnP`a5HFVc)3V6^)9L2d z|G~l0&i=EN@(kC1GR2-~-QQU4$E!YmRCNqwj1|VmEudcH7lJ)hm?XMRx7w0o?oL_& z7n!XqF)6c@Jb(VQE00^2=KpntKC3L?{|B9d|99{BaA*J7N_md_|0#vOo4D~Rc`w8E zHL3%SxJs5ca2bLEd9}~~ug!_0*EonYKceLuBh+U523jF2wfvK^^sV<16+T&y&mjD#lK`(R{onJChl80 zUtL`(aH0HnkdOaxaB{NK|F=?}q5Nl0u_uxOe@09=_o)=9e}glHQ?(6%iF=(k$mDa( zl9kVOMQA>uK8q^QVqoNSH3?k7FeL?F~oV5 z{E<+=s<)^|AtD|oV-O(D;dq(7Ea{m6@!UF=rasw(w4U}hfxB5@{SinIOD=FtsU_*V z5n12@apg(7d&jU4D4*tLtseh73v!E{-U)vH!DTi1ueR&2DvSO93iiK)?k@k^R?4%L z|DMkEH!u1v>-F1x?moYES#AB-y7rTlMfzW_Q&|6p$Gi2vmGW%Y{}W#OsnGo{DfJg9 zeiG?HlJa|j#`lxdg*K2f(P~;>j@+DWU&5?&xLxv@n1z*}-I#at=u$gzdKu-x%DIxC zqQn0cp$KJS71ZqSXZhj4{_yMRv{Y;XCP4LJBa>fK!$UrteeFx&3UL}S7x7GF_?mRU zvQfVggV&mVBN@y#=r>|xxAPnM>z8`+9}0as3zl&C&6N4_U-$6%Fz^4-Jv`XO z|K3W;%W*Iad3)M50^8eU;7jDRFJCI;tWo6qN__;57S5Ix;nox4Q0QY9a^2R?(2o#z ztQj1?*Nt-IBUezSn+>3FC+{pg=3x?l`mO|{V*_1Xu^G=aFh+eJlkrcX2L+1Z2k`zn zVq???-So*%BndMaKNpJeUfCd|d}`LHLEjpqbg!sCPO|u!-Y+{6Z&ES$+zA})0r?lP#hK*1tQ zu*+5oDHECbmup472Y-Uk5f!M=1D~TB&5xkZ7qs7OR+9#RL`yST5ATC9eXX9>96^h` z%MGLbVZE`87q|Kwu_<=ZsjFoF4=c>^Io)EIGAw2$O^y6A{VaZYCf_CP)`U_R?ZS{$ zV}%1aMuRZ&eW|xGBrJNXcbAdxU+XtE-(rxA(Xs$rDcf)sV4Hd1QX(KGh*?UIYNrpH zU%n)q3N-nQ3lt1IG=h;Y1`Lfc7i^|SsFG(>js;~i@bJ(tuOr|XJUpaRJ|WB{^|3pv z8Y_zwp{fY}1O_$GJoWG3j5qCxxe8AOD#IltUdn}9pxLIOFrt?Ff75>1aw!?%apsw> zX5N@%qqhE~_-4d4Sdc>n}6=maKI=PdLI-F z2iMVPgzrJK-2~v_p*=y+7n47-pjF>Wh9jY8l|fE&N-SoMiUO_8seY_k;T_aCp`pWc*1E!hTqIv#7tgAru`6qSH) zF5aIHzP~ts_jbiLR3;fkC95e=+Sc{y`^$IdSA(n5o5F}JYKFrg^bs3K4J6Z*7j#0v~$%EIC^_Cngr2}<~W+lrn-cd6z3LV?bBAe5X<)r7eR-j%A zHVT_s3^DAb6i|g+aSfNt1U7tSpLOap38f;ppw^M|E#-v?LlQ#8IzkT(<@iIt4+M+Q zyf)Y5dBri!jYP@%)-`epeI?eLnImhn%k`H~9%hx%fim#2glcd!l7i;UA=E>!z{`qi zA@yEWy%<0u@GEPo#4syGkE-@FS~&I4X(^y;7M}%Ho6Xn4FQi$MA@x?qPJ-Gva%vRv z7!rZk!BWGljp`EiEjFB5V>XEUgdkN`~rq} zFxA!Mhx!=tN6PRYlnCfwQtvbpl)KPJ?CUvGRQTRNHbx?`c$A%*0(GvEJ2_o?({3zc zBFWIC==NfEv7{?Tt@V$|m?6Go*4MNwSpU6~lfwEx>Fw74R*Eh9uO#j&$!^Zkm7Y5G zK|r3F5G3v>yH%c}Z@30KL;}W62p1Z}^XC>N2hN5t6UhICW@Yq=tpkIYP;!kqaaTdp zf|zI)^O?hZh)((0>!A(X)Cb6d%UOqc4;8H z*g8CT(>px*_VCTC#W)(oAn|}?W=x@IaBGE(3hGkdu?K4<6rOmVMAv#|h2Sky;J|%Y9%46f6u<`Pupz@0+Vlf6$cQH|y+#<&(W^Z_E>nMLsgl z*m6$B(t8NS#5%xU{s78Sfei7oh6-hvS;c9=`h4zLZQ9pVhp>L;a+<|G&<`@y`EmD`j0vS8nH5GiRWx4f3#5&JMp7 zIe;M#Gvtb&t}b}L(Xtn634O*45~02G`v69QHlXj*yHhf|c4>%=U2^^^UcJ;>{~-?_ zQUC899Ud3-|D#?0hpm*{`qgpK9X5on6Y}spmD=qktX|7yEcJRNOQw>$S;<$_NB_Vo zX4e`kIpkr@Ma!sM+dfRPk>44EiOl{58g*yTt(zmWh_UZBg~NZmeJ7O z)^)?D@80Q~j;H)5juNYN4$KEiu5{izRWplap~WKZtt^rt+Yyf5VG`YE0V-gpL{2sy zg`tn6fDiq2Hg1kW*2#Sz%WmG2?QNNN?$QJPE9l3+dJH5Qn73B=& z0uk}E0)6H~99Wz5Q*-(1QfvR0%(dlGA{g~U9}=|D{7;>uLjLdG@yW?<|KCR0{-$Kl zqXM(7x`r+=9V9gqwRl}Qy}0RtUz^R}io2C@lF#l?KIUQzCv=Zn>aYJPMtAjNKGj?*6@qxUoQ)7&YPzq)sn%%an-`Wl{vm z!qv&(Ohqp80MWfbL}z+?4Vo|vd07)4L;)on8PcTYR&IATdCvtDXcYOpz#;4P5}E^H zOvYu{Op?Rnka{pVJYK1(p?p|6Hy95^Yj5UIWYuVDaO zu>Y6jf0h63_Wx~^r`rE_8^7VUq2jjxIU>M<{(g1AOEv=xby$qN?FnVyZ+JcGcp5j z@#r|y>+}q{@&x%Y{9H5ad)f8>2=?D@=P1AayGMsR|F5l-_4L2B*}#*nUR#NsckxR~ zK?6$s*&s-+Ag*ZW&ibFOaw8=6u6+i4V^{tfr6&KEs@7xq|8`G~^XGq^!|sm%Z>4P5 z|9Ae)pFMEO0Ud#lAtKij5IA&>UIT)V2Lx3&Gg>VVbNN9_wgyAonnE9Yiid-{2_gU! zE})8n38ol=ACVsvUF*v5O~ltotY^5~(q*E}-yYIXOD`!s>V2ZG=2D1=2TULqU}8M^ z7(&ElvrxNqVxn);oO@$*lU9qP3|<-MZwZa|ts9|ckJjMTRno=RIMxyqYPpQp;{V2! z{Ydve4-Ptc`M-10+2#M(O38E1giXfN^($bMRktqJ3f~gX`5_W8TS>hkV>^^jYxxL8 zc2Jw#MY<$1uiX9=*G#TW+OLXrb&P0+xUk6pi3eV)3%<&^HP3DC&~PyN?2%Wm7S&P_ z3Sk<{#lWwuZ}YJPPjoL3BhYU}%r9epX+z-Qq2F$o*N_P7Xt7DG)@E5fMyaT}+WI&s z^~>KHT73EPaxucMN;c1mpXH*LnY(2Hn&v?@?jzILYD zNo3pAFYCr(nS>h_1OPiYZN6z0WZT?=y*bk{I;#SGXK!NGjE`Fx8Ml7Bnc%oZ>Sd$d zuNK<=u(V%xj3Cd$I;Pej9!w>`)sWn(KDEWRQaR_Tx6!Y*EF=G!XmU%7fs4+64hsIi zz24F8{AVj=k^C2%6ra5qxZ?sVm0IiHm|#%L*j`#L^EQ|NzuP%E$mjpwo&RpB?3sOh zEWk@25%AKd^fn4XbKXHv6Ev;!lcp49o6T3RKnJvxl~2O_W<(?6f&O>E!>+Jia3tcF zbCX84OR_~a^{q+^nn`g{rRiBUQmeNPnFOAhV zgV*32bdR~bcoy>tG3 z{*S@c$B#GPy=dRQ;cZv%Ufee2n9vt46v9W2sc|7S%r*>hd)jTMuHx;gZp5k*Z>ykE z3iH0onWLS?_0oFrzn)FT%+mEQ7<4fix6jnZutww;T^6nXlTPmb0h0@C^hfvjc(?wy zQ*yR*7YgXpal8sJZBJC}3M*z^u?ppV;A0ZqTW`(0lCNFF1Ri1J^?`X>UeDqZYBsiX zqOkJHOfNoTc#mhXnYek51;a4;*;VlX8y?~=!=XOlI|ZL3?A`)76$JPvL}SFjjfNFV zOZo&l;#z7#K&nBQv?xKqLjiRf0NhAn3Ud`qGi20@RMKJaIfB0GzXPt&2r(dNV$Z+3 zyK{b5?HSZ%-@u46;2{CA&z*)bR+^qoGyUkU%{=C=|EcDT>oR~v`d=abQ}?91yZ^nN z5;8i)9%6lVuRklRwbpyY%9x$u*iUQn)B&1H2f0pyHAtu0u2z(kMzK z0f5Y%m~hX5cYN3fJ&nM@x1Ia=M;N-thd$CjP4ge}R0GNQDdkUdny7(xkB{FRKV!q>T>hVG zfP*CQg9taA|GRTkjQ`o)`TuRHeEHJePg1g&Sh&j3AQJ}Iqb_f|l(;Aqyq!%z3OUDP z(h8~9l6yrP?6-}#k%vZ@AkegvwHW`3V*ZvSYFWfE8DF~-Z~TQw%7~C{G?P0|jY8bF zTn?&QgpX;XX;+>+yx{9sIo;+=+2n+M$zfhJz%6ix@OYv<7t$JOC-kC3#I;hxZf|1G znR}TjR)f$v8Q6A}wr1BnQM#&9L7X;jF(v7oa<;v>t(ktV&4qJ~)L_KrUQNpqU=s{I z*U%!KUcKgO&WeQ$-&%s0cu&DYI2AZ$8GMx_|B0#LHEOl$8eB@YD+sZYnVe`Tm+ zJ)J)>=FNsh{CJh=P*^MJl(16N$yzD>E9T0)*-~S^EHPth%$c%Tv%90 z`ndKC0?B6C?R4hMsrBUly87P)`BH~pMg6OB|ErtV|9XeJ_)l9YHbc^8wSkd`2h14O zv{yiRpm=i#P->7%J_{KpVg#Ch=k4Z708s4nA%8Sed}6Nz`|pO-XdCDEAtatM)T@-Q zbfg_4)PYu`prOXbckQ;;O5bXIL7#(tkbn}!z%o^WKY?Hoal!F{`V$A&(P)J4L9TZ8Oi@^`VtkO)~e9zI@4F1u3ukC$N(w=Va=5K!MJeF4;6<8BJEtSaZCY z%I4~Ls}GtI3p1K?L?B1sHp?NJ9@gbE{N4>ek<0T%DiYe7yQ)@bl@rpUQ!>HI%koZM8uC>-?9wfNs&OxyT9-13&xt z?wtZV`0tC$e_ebS{CIP7Ik^0IbyM2Jw};(s8IJGI-%HHipZ-6Co2%2a^Xt;Di<3zo zX*%g?W^QW5@c-+l^Q&J5|2VxqA6%Z^{8$EEvhQ?(T1Woi;lZAf#W&`v9B7xbGgT!| zKOavKL7ZPQIz(BOeIi8o0}|PXz@%Ml=b!2mRmo(mHw-}!ZyNlX>q;k>c~2uEayE*1 zkmLl;wI9gp+V8^5&OEP+JDi-lmvh>r!dxbs)=Kzmw+C#=wDjxjp~=-;AU5VOW160G zl%`!f4Y1=Bz&ulJ#W&?TYe{l5-9j9W^-RzDbl{kk63OJ_%e+#Flt8y*>@>;cadUa9 znC-JtWCBGq&x+H~%5hYfcNH6SnU98p@>HsF=CEd{D<9}yYfnDiLMxoQjr=WaS>mKi z%FW_2tX#WNRch*gYh{33p#L2l9hJm?+Ub8=DYaST`jecIUraDJ!aihFzD=_nf3yNl>c+RqcN%gI+m3EUHfK5(_jf}R&%t>ymSstn7p@hpnSZ=tN zB){3vUFz#bp1B%Uyt$W*RI8##EfW^fJ}Y|DD6FmIX?_(}!X2~F&B8tEl)*Jm^Kk1A zYk~jI-T$2l@&l~g=hxX|7Rmod2S@q)-<{q5zn!uNE}@V+2nT`!J=QwT{xHJ6iXRn1 z_ZE&3cN%*-#DU@O9PkP9eK7XvPIXN*N# z{a>TsaE5=dw)%hkU@~sY|HVJ~l(bVoayN=XFv33KjeUpTg^hh@2yYwvjtJ!6l;Lq> z|Nm?3fuAA6G~(dm?Ky8aCRJg>!5)HbU7gY28_txw)I;sB;m~UC`oB6qef$303B2{% zSg8MZyZQJp-JSlwof3<5jm9as(sLmW76&=<03}LtGjg959Y9A+$plBCDx8X=nS=(S ze1(<46U=C&e2|&k_aX7(WSYRkTrfP01oA+DT}I;=N=~Ekzrp_g2P#m1e;?dTkVFc* zHX5-&YU6P?!R{mu#FDyHk0`UkvN+%;j#S@%%?5n=?d81SEU$n^-ALIPRa=4r59w?X vC~nxsMfO?|K_xknD9mVNDc zVQyr3R8em|NM&qo0PMYccjGqlC^-MFJ_W9vIo<8sq8@&AbT@a`<8~6y^us^f$!vZ( zSv5pL5@Hfy1E6fB92^Z}Q1O?{A>9NhGRD#06x3 z>#W^YzH?tmfrL;21*U}e8vwXaK%b5s7YgAc2h%o;1Z`o$1@!$sh^NafhCXg_#HNU~ zT;_e(bq;z?x6>(w;UXsR2qP~6P+HByJoMqLMPPvX;6l#G(t7ee521_tKuy~gpK*bL z(z=xQfsaXaU-~v=bc#L1TjMF~1A@dIWw)4&9R=6H)R|%?BIwJWVi&ci-60aNTMCRJ zA3=@``k94QQU7yd`3}LXKTceZY~3LLeqk05b(RxWi%s!~|*Z zuJ9djg+_=0LBT|bkoVi|n0##?3dBXb0lcP$$2k(b z?b9*k1{j}?8@Fh7N14a_jg~c7jTXRU#2^oi%?Crfp zAww<{$ODiAIs#qi&1*oQz*7Wx6o!-uU^WU53}*llIP@i1K6!*Y>KF39lT`WC&^(bc ziOK>SYYG7@~u;mh*8N~(wJ{`Y9 zQ{?yM4j^|~bnp6+hd#s-fftW51W{Us1H6+4_#6w zL46N!U&g#s#28R0_gQ&9$}28qiMV@=<^Uo0Y+w_VlF5jndesL+Bep zQ21tMX*#_{BN+MO3XL(BP$jnja$(%hYEM8_d)l*SvmQwGVt@%2>%;OiqL`Q_ZnCf`ZgNK7MoD{vDz*VjAL@!4V{I5yTSg&6o30e^Z+n zwZSzkA`~W%ONl`D;u4BUA2h9=>c48NJ6+MV(UL3~lNKe&UV^=jvlFeqqLP*W1qwo? zvb6^j~4Y>0{iWUhsKvLExFBNfv=nqjebfk$fF2Y|Nb=zj`9_GW1_Q@qhQ?5!mY^*)%le=x z1!XCUXv3Xm4CK}0ZYeax|kTxflmHN&URC7M2ko(({EI;rwv|3y_l zIdUV0#cc6}uxD~eeeBxUh6piP0}+8;eU_4rj<(*Hy)MCX`|H1o{|_NYExlY?0SwpL z1QyAEz2iLpKRNDocKm-EC3iYxIJ_G7_b|-xcbhpUcGZ@gC`)r`4N_JNeelxx9{Y$p zKlpSAntIOh_I~q~bILU)zyW^(OynvDJ@8ybsjsqBt$$0fWr%Xer9rU;BkP;mIlyBi^jI(i1uC|oWb|1PXh=OTITRYIL!mk-S8~RZ z36*Y~miCr;Zbm2bmsNKWGV0td->O<20gPuC@j{B@34^A|+(`s69+M;eqmAy7tAEKI zfeS>$l=@MCTp!|q$J~P@^C{KFk{{4@X+&xfwJ=7?N@yS0+Nbx$fs7fMrH@%nMjY+L z#KonC{AZ@->SEv`{qOLola>E^oulLKPX60QDTsCd(4$@7D7aV*m|HvUl`U7?Z0q$sXdHxl!uIUW7WvXZLxk31|kWd5&V|3A#z|BsG#{@+_E zPiy~|vn*%+ufN)}3tEEOS^sy||DE-JsZz!Njl(Fxt&p#0{a?)gPkMR&e{yhqyyO4d zDCN!*ihZZvkdoWln}pWflFKl9Tezg&wOLV@TC*!kh9M7I$;?`s;Y-dZVL{)gcb5!L zv5&^+oV(D6`u2)(xEygU&zaRFSyLZeMdXy95~*-bC>I|zmrK1s@8--;KG&fUSowF+m`D$Jt&sU zT}O_NCG(6(p2Z+l7nG-Vxx$d${N-mW(q;1m(K5(V=8k-es~9_CSEGlAW!C?E{vW&E z|4xT%>;a3;f4WD#y#C)i*q#4wrPwQGDCNU+b^MbKtCV|J_-m-?0OW3+0??cwKXCY@ zJ)!irDR&qy;uc=3A5l1F&_l)AtviIr6VdF0X6vX~^4>!}5~!uuU$YN}Xha!msdvhL zj464oe(}h45%Q3iY&ApZ-qO+N9S)?T(rtjGbH<_H)RV=fL_kasOZa|lajl?QT=bow zEafUa9wi08d`UL!1fG++Zi9!1erXi}$D00eL1fyue#Y2doxeLjy*?j&IDLO^y#_$t z4^)_DTsyNsV<;EbHy0ljjO)wOvnoJ~Crcjg_aCp$&IcDCu5V7?y{kgc^xeKYX8WEh zr}!rLQ>j!r{9PIZP%eO9o9!VcZ9ZwfZnj*dFvSJ3vC^#C5oc|my3lXKFl_6Kw7ktC z;_yl43%%vPSH|%&nj2pmT`kkAKz^g$_EjUAH4i26B~Q-O<WRM z>R=XEHHvmMcJnKyJ6Xe~UCFYlB3dFx^)v0y^m9ky^f87I~SlkL@<=?vBmQm{MhZmP;*$0;wZ>M!0$ zTqu4010`3KiWhnP-_(nB`WJKb|2)VS`Y9x1+sLRK;ZsfJEmMOm8_YPB(vSNz>8!vdl5g;CW{v<>YTgse9C5L$t=_6R;A>$bsZUqOKMrWJ!uQ4$utBr&8k2ejld;{}D(2#Rzt@!MR_XTQ z^PE^B8BsRGo`=ZwjJv|mxGCokdoqHM5`}EpClQEj`ACaYiA1F+`Z>Z3d2bmF&tM3L z*vA6L1lD$^iW8%}=-9}p&6O=KE5xmF8nqD$Wsb1soLhyA%0-U6{8^Vr@5miw-s$B< z>}L1^Uc~IM_*;k6h-m)Sg`+h4)XDzdYyyg!`=SBjWU1TtsNa8U1F;Q2modLN`Fs( zfq`F&b~aLgbvF6bq<)sAYW>F+mH7JQI%eQS^8aDyB)|TA`T|wq-WYN z_)gOd{5lxOVHw;;L&OLYhz~;Q4H9i<5K<-vvQx1H4P9-CyG1BW#FR0*?}Hc4eoOaA zVjCX~#`P5<9;3OBn&k+n+Jl$Q|9sV~i+4i#Jf;kVK6GQDP?OFKK=REp#3`f3oHpW5 z3I^77S5F+m+oX4Rv=x-JkS?Nh3dh+jtS(E+!7%)7mBnT+tqby6E0PkR3TXXX%@vkk zNot);gb1xrxg{&+*~ezwMp>}`n*){g4uKcR|J_3VpOcfF{ck&^RKm|4n%TUl+LLEl zKJ?T*-<7}3S^rav?zVRS`>+uI^|-Us|F=?}_Wrk=WgEKxEkW(>fA8*puh{A5a2dQB z>Bn3DS^j@@e){(Pxf6IBZDRrdKRG)0&7*Kp44C^)Su$>z%sZu6d;}EAT#Aba)`)*OBqA1@Mo{Vj7A`c zxJX~;K1;HcB^59k8~S(_;@~Am2xRbLHeMsjO1^sKfSU>C0CO-zE{r$=5(O*PARq{N zvi%_fa0;;xhrVnFQ0D1ej3JY{wLb&H2>YHIrfe6e_I*?+s7!9qcN&e0k?Ooj?G_^? zz}eMXjVMq1t}4lXX8;@O!5KhADG(B$2?8VP`}9s$M~qR{?>8Es&edNj5jBNe8iYQQ z6HXjB^>Zt6v>Q-v3$@E7%0NB+Ta_N}hKM-g(`+!hwo~6l_5AePS(m z3;AS7A@iD&q;W30re(s>hEgRKK|h?pZu66zf~TG*dAgj$DsNPyq0>hx7dNg5BPfuv zipq!=Kmx~c9=zn>*o!wt5FkDQV!~)No&ZPyf?O>wIU&3lN4cW*_Vz&4f=RJ9GmSDp zg`OMh6vo!aonncDmPR8{^QcM@IDtB`AV=Bd6l?e zrhtZe8AHyaK+OQ%<)nX#*6|QvGfxe9FO{=K%+Hc<<#5KMsi_m^RMc0VB};G-Qo;P> z7$cC*cmTst(t?9eR_?9z&+8Dmj<$z?$Xn!iN-^wCK!Bj^nD1NBCiS2U5#TO^q0Xad z&A#C*_Qy4hPj^i(7#9+~Vg!Su5q4h#lbK8{p)rHuBxYhpS~DS1^^DU~Jw-)!odO>R zSZHiy?*&!vKX`;)tE!nDD-c9wgH-rI&jXYoKu0+ymJhnvL@1J}!E_SnMD|wg zPtdf|8p}^0 zVt$GG+f$xmR2YJo?8zOz2BCjUhsTobnIRQy+)0iuv z=yL>pm78BtC}h-&)FGz>e&RZ{^REVmnPk7cjPthN-Q78voRBJsKXrM#>-4(qvCbad zQci8iYrg^>bt82nL7^ci@Q^?(zy!rO*=VYrMx~5K20KOi6h-xd7Zgf8A*I4uuDUs( zrQ^QnRQ-CNYmsb{;7^}EJ+*4Sm6Empz%Xnv1ib)l(gw7^{&RG4+|B2IKiJ*>-%iQd ze;SRC5d*)fzte>t+eF*168(gMI|jpY>yL5m*20@IkqnkaI!Nr{2S(UO zMk|t>L9s|<2)H*X7vhrya3KKnIW>R~?>F|r{{F8@J4&%mRPFXp3aeW=Wph241TcRLrR()Pk zg?lpFLNa7VTVH0p;!lyPh-m3u{yJ*Ea`LVOS^Y0gzL~qk zxTcP=K>s`LoD}o_AMf%%Zl&11U-^uO$=RlH{8EziN8_-aM(^-EO3o6eaqTH%M`wwB zXN>TiiO*`+v#*_~`@tEAax%_?q$VrM2Do$yp7)7MaQ+J&-RB46s1$pwmwlYAnTInc zW{~kjuia3t>im|nVTDYE+c(w~Uc}H8DZLua1r!l)$@iJ-v|)S`rPs|o&)rkW zyp3T>w$&?v_NG$_>P;v2l28xnR|nmL%saakUee0p;X!pX`InhyzAbA;xM4{n2i?O? zb#IDq?RK*7l6L&E&UBCFbtiqR!!=!@fQq?G$gY>4X6i!5ypL6d>{pX$n5m+T8*jB% zd1YcC*io51>fR#eVA|9GLPkf}w}Lgv9*#3GlOPBTO|fQU*4y}@t`ZBH{h{&FSFnhwH)F>E+E&SLc?0E64}SHTPZAt8s=GfHKyR zuF?72MNNfSh~_aY`94LyjC+)~R?1;Yn#;2-yFDFcF4NHuOS=9hLzQB=PT&m__fA2q zj=hnol?lJ09t|+TV)OVYu=SAARWq2C2lz7xTvG3Ck`DDBDjjNZVprEq`&z~kR%j|0 zNxDpmkU!skxV~5?%8D&?s8PyNH`~&sAB{2DSbJd#ZcdPwsxLA_YY@E2vBZ+@S)b+R zLkZi?G5d9K2){ zOwa~Puk?qltU77k1C6+xoY`R6$(_24VXJUgPd`+5?szsFoEt`c(Cc)9m8@dI4O=c2 z&_jM}%tE(SZk>74Ii6?IIAdl^7K8B|0olhgr8B;p;kvbLdDfC)H z=tJTn*3z1~3WY(Szi@QaAxic5xKIcmwKBeQyTRGi;5`2N&z=8Rn|WK^!rQ|6Pp^A$ zR5<_X?D9WsrR3u9x==u$jvc+M)qVX)Bym3am6tHTQ@80#0ZdfjcFPJ{tU`Go_?SfZ zrEfz6WA(_y{^vJGgk`fQ2x|W?PunA zSxUha*lvz7Db0;a0kO|h&&1Tt4syVwVM|{wRL%*pzowF{%^^P~v5(seu0;u_F`>y} zO~2h9V=;+_iYsakq?HQn%08yY-FJ?zC`AKxxK2d=8%gH?a)DS|Oi+Mgmd52&ciT7^ z>jwj$j_E+woFM2qAsIJr(d>>gPbot>+EvS_Lv~~Y`I3wn2EZIa`i-@+ULMy6KCl1avujT~# zfgXC^NYpYlNxNUYa`Yci=IsBL3(tCOEZF}K4-O0YpNn?08zgB$huDeTu5FBpd5FRcEqNU08juH5e5Gx7T}IX zzSr1G!Y157toKC;Oz)q%aUD`2aoL4L_wQqf$hGWVV^8_T3fVFiAPQe8Cvr{$L_UgRjj*7NJ>XIG{562!@=Bv88@@xnO9SLI^!~&oP6M?uG!^m9dQDxUY3!t? zqH>s8diV<>{|3WyE5M7 zkRhPrUwX0cUlI~pj`jyC3^tVbGax3EC!T)l^22bZKKfBoSdbB5qA*Zp|Xy}0c zmUz`{g1y910CR9BtEPfaB8)T|a`vgv(IFz(>w_;3=7*Y{=65_hHCgp&2Z*RcFEhgx z^2#Tj>ltb;CP-AF5GV+>$2CH)!7z$n$KKo~b{?2O4no8NtYcuBF94b%HWL$d6JNHN zI0Q<8hEZP)t8O+PfC6Y265V?2E~qg`3^c$@06g?jN=g$RtGU15)XrPRJ3RIT9hex~ zDoMvk#TzllZ-mO(^2HnxQqTT-0ExinffoJ-sd%nGHz!fN4}N{|;x}U|N+0d3XOqzQ zT)+?yQY)`iLbwZkOvdeLZ-@l!X@3f3gwoC0R^ZqLGQf;chCCx)$3|*(TsH_K-yeh~ z*nacWzk@U0%)Zs>iejs;@;!+K@WjwH$lFeQIv&SKp?o?XXb(@R0HJ%)Odk9Cyse4J zi0Y@3Sq(-Q`Cj@>uhThhb-Jxi@1}dy?;Q3!NB`Y9>32G&|H?kg268s{L9?r(s8J6M zl2EK>{+rc4h>_M;cO{4ee6Q6lSie7 zAG7cjMdSKrQ%Q^_B`wEqv}HuKAgGU6TuF_LnJF4YdyJ+S-3{bQ9t3LkYMXwe;Qrj7 zGjB7)+rSS)k0TaUMiGa3X`vIoP^72kycC1b7BNQF%c zdrl+u#@PecYFn8l+l&bya-lZsm}-ejwRRU)AC~9`TBJ;j$(Zv9@%CZ&@OV%C?b1N9 z+}7c@2SsB?Yk5=3B}#nwAE_u}EIxpe^d=-KF;J-Mi>dU3 z82I(e7vN~~@o8ea0uK+rDRF3s(zr@mgiJ5D{hCikr5`^${HAXG#&RM<(3=5HRmi26 zQjqLxN%A|ZX_L$9x7WY`{H_39zcvWk-o`b%?=TI+u>L4JrBcSN{~DPaEk?;f0- z6!QO_ba(zATPa_@wD-Xj2Yq!zOo}X0(E2WrWN{~`5BA#+4~>Sb);PZpr8*p6M~&~# zny`+l;+HQi9iavo~_5F3F z8fs&LQt)3Iwf60YYgt!Cj0utZ%4uATfHC@OAST_0iF~J@;gq>)S&ajzkT=-Qr*3So zNhxf(F6NCn+LcdMs;p6m>^`?3eWNE0=vqo=SVUk|HKlHfb4#L~>1=ib`7_QH0-FD`37UiE(o_0EDI6ngLaipMV|o#s z`l^dV%8^oYK(b2FomJnZgkujeKyyCQYP6H$-?FIF zDjj^S^k_YGQ5RJu-N86@s2XJD0c#8s<&(hCd6B|7HT7C_^mta(i8b_h1`|~~F?m>S zxLHD`daiYIrYLOvse*-@ByORThDlXNqg!c32RHRv!&x@RXl%zS{V0S?wCE_c4HQN> zj_6Qtobyy}mA0zQ5p{;M_-%4cyfl$&0euyRCKHwgkJ8KAiSYrv)ZJ0?v2$ZYF$MM& z;FH)~9NVcEt!T`XkhVrWE?wKjYvBc>NY)Ep@qR-zrZ#|PGkv2nje~CnufaE5zAKq) zMfkB%Fz1N>4KLhju^P5+VdYTz&SKVo{=a|c-!$#FFTde7i{5X7rnBF)AN^nQQS(*q zj!LrmEof6WxN0lJE4>&|`0cGY?E+1rHc*&!O0i4-UkX>1<_w`f*FOo=V4j%8LY^}vpPDwD#QdKbjtS)dLbLQnUW`%Gs$LkGBFx7e z3*8;rR9pDmaiwHiJvtj57jsA=m-u53PyRfn-Y6BnsvfL--7Sup;&qQRX8MrG3XfXn z?0vBinmN=jWnj5FC4?_lD3ZI>guF!eGaf8)M4k){nreq=D&u%+Ba$M3?FqBYoRw`l zahs*I$qjAD-XIsz~iD%q0*&an#Wq{CT3mCHg$zw+>Cgcu_E z@240l_!^@OT_ipx#sC)G|2jH6$*=$3?)-N<9D z_St6>H1j8}P1Dy@8p{YbZJkWa@*&r92)9(UkrIWqFS3eBj)gv(wh_eyxX`!@YqIJj z8nSY>69d@?DSmz929~*4_au(RRWY6k($_RdT)zuMlO!D@f}~*QX}kmD<1eI?s#RR1h0oxY^B5oq$)O9 zJT}(TJ})=S&y8wiijoAYCDMhOVk^iFD@YD;3=@Hcl;F>0%iz6sux|k1VeZl?VjpD( z6^Ix5E)}8Icyn{P0>u(^CPIWZ zPVDm%H2Z3d0L$+GW4gQzV8Q->(COv(|L)0gcenpy{b!dy0d-HY4);;Hxj7%WVKm^#rNrY|PF=#6Wr5={L*s0qsTMF7A)6uf zl$P5}9Hl(WLm$pQB;rXmGrhXL2Jh?25OX`l5LZfIyjf=elyB6J*smWbqmjU*ULVGE zFfM$sb)1#VWW+B_39zStJu2;J$<>yu7eh%lrI&M6{;=7(E};!N|aWTnfakR1x9(+k9fo>_@C17j%2|s4_C2&k@;b$_I~6f}L>je9N-?e}G*T78S8p*XcONt>33XE2Pw) zBNHsz|2w^W{EwrP-Y)*fR?0Kn|0}21c4dOZ1oY3J-=`wNKYxA?E-Ce^PKkb>27_TV z8X=}R^T356bg{5(9t%&5s1GyE-qR!;_bM zv+IiqL(t;`-yB;n*yeB4iN351%$Id{g?vNhyF$hJI7ETUy}we6p89&(Hs4X`ArGiP zq4oDZQ+?p8udCXuZ1nwRB&UsvOpqa1wGp3M@9J#a*UD{mQTJUMs327vAb|!YzD_y> z@O}d%2;lv*?EE_7+gkg7x6bZg!~f$XfB)<7xV!WJ*h+cs`+xT<-2DgE_PRg{*lkn0 zZR$T|n|fqXc#!*cn zu#e>ST*nn;k^SfRq?4Eb4i0zrpRJVVD*sti>`7cf-b*AdH4(ela-o3i-l+~K`>lZBvsfH#By~{Yk_!LAtb~5 zjo~9lW_3(d4Bt(mqLjA9xIB{hwbuTB@6@^qykP(Dp5*iY_YRLvcK#n*DbIcXzjvPI zD)8F-|JapGFZ7W>1Mb2pB4hg~e}Opg3ysJa{BQ>B8^CkDDGw_7%-9{wB)EYIwxJv- z6O2^SxoUsPxqL9evTTQ16`|EOOl3mY7`;kHZXG%$*ey+`c~fX3yTr2mpHL6|zGPD1 zh5Fx7KK@hhc&Gnur#wUcucz1(+5A6H4>_uJvk{mFRknYPthuc|m_XwBwo~?^iv#-J zy!ot-zD8 zMV@_2nklD{Z@ z*)_Ij#emjZ|MkScMeG0QIG_Ld@ZfOg|GAa&?AQNuTly=k`e(J^b7hV7FKFOGQG*36 zT>nS;^?%ekIM}WKZItJ|{`C}lPAuR?VYG+~XuO~Ex{u4U>t9SLBLd>ZQh!<&*?&6S z{Q5sQINI5Nwo;zq`cJ0V6RrCjtNnP@$B(LxfsC=j__zhsi~K^chYFKK*XdSUQq0{+ z3*aKNbtNWcmXhbspLXSO%hLS6uFz+d1^oY@Q}F-p9Ut!OKU*o!k^euX(03CzUM25k z*uF+}z!6u;@&+zLP#~}N`Tw=~5SS0^*u@vNxs0XW_yEMfR%zcj0~oLKWf4dyz|il= zU6BOwxASRGiNil;0&&1mF<1{4b>k5mlys)ffrPcOkjnFd_kJ+%=5>rA7vX8~cIB#_ zi{WjtgVhnE6-odxMp-TKDBBhF-TEOES0ABk#HKzH%Xfh554YEYov8SiEX&G&Q^dr5 zOXsVrD+Ml;{|@r;9}Z4VcKZKT$}^Pz>?!s{QsB>s3FkhQ0`+fjrf{mZ0Wfi|(*~J* zj=6kDi>?4_=nV0Y5{~M-vRBvv^4P?HZ{~ZlFBw5Ogkn;)b6i^Q(k}ueCbTkG!29Iw z0xBurQ|)C_mJNf3E0akfWMyxwwjm-0`!u zQ5jYW`gNT`i+HI|ugf)`%u=d>S(T)|CU#dju;m!;1ib&mvYPy-ob88o-GCR$f4yG8 z|Kn)q|FMJi-X?H2E37{P31Z0wt|_%7 zeK#TtTp+GIX?O1!76Rqd+^p5(e`i5%vC})j??1S#CjZrT{Z(bL|6jrWchKGCf7?oV zw({T8x&G!wzh%9CyU*R{*DkBA|6136lCntu>van2|L}OX{w`vJxEf1FVOgYlDg0aQYKnW>&uawv+YZmbq=>nJ`=OB^0OQBZXR7~Cr&S;JXkqb z@>6v9zakW&Oss;M{rxOI9M~UzJ)M?{Ex-h*K5S(2YifANhqJGJ30xsgBjzHWi40$p z4w(GJpYeqFI^?4Nl(L%qXSUQ0`G0hKh5R3#-p>DHE9KeBe;R}5B>`S5I5qq~bc0L! ze;DYS_x~{1{5AYP5-M%n|05yOM*Tlr>Q!!t=ZsMX>>5u_*R}md%BOz0C{hQLmHkEx zB5V1L7*sauH)8Nw({Ch$*#`YaZ0vS^BY*u;PyR!pPiMgrF29*FU;gVJ9v|lYKe~qp zyZGN*DS0^#h9PfHyGCGpn+$x3oc85Qg`72td|#=Lz|q3lvLf7iLL3Tx>_V>F`WgBW z;*K?gDM(g2yFs857)0!h_ zk$1Uav_Gsjmhs|NeZ zl4`7Q0LN$$M!qlgHim>nZ}sjn^8IW5#^zfLk}+BqU@K)C&H`*R4_rzF!~`)*2~zF! zLG#O(gj0bgpK*bLfrmyg^2LCmG3J8J^axe*Y|62qYz7`4`sH;59D|34bjl}$xuiaJ zXH{cmks?$T!JojO2AZe-9h~u|Juz3|sX%48gv3j^PzyBMG!#bEQvYw-FIz4pBRtML z)78uyb8OVszm!~NaRbT(w;R(~!w|RRtK@|>YL^u(%do1LBt0py&0+G3*=dZ7R5w~d zVoIrvP>zSjh<)4nwljA#0Ln=X6U6x?qeIlU8kM;GfQ0=B0I7k`8ENy+9U2Z8r9$t6 zg5lsg8jbKhXttXGJUp}~2>N33M;5f|Tgh-F^sF+-NluBy%yAJDgAw*oY>=~IaCd?v ziGRGgxx6kw&u=jKFNz;z$p`=@SYYVCMLwKeYeP~W99b1Y#4z=eR|lQsosXwzHv~^Q z1c*$Ftl{+R=Hln`!H3iL=hv5~XXh5Asa$^FGa6*aW`vRNU7=C-sd;{>1}>IIokRgB zwEOPk4}*8-KcBzLH>h`w3dxg>-=Qh;HIr?Y0{#Bu)%(+%a;PQSfKSI`4S6u4EP$dC z@Xf{h^TGEQ=kMOG*oMj^qo`yx1xnkxK7D`r?)++Sb$U}6kwwjL7=%7z1F3;zIy0qy z6rlG~c&ZkQ<25y)Q^XkdP#FtP_9ISxWZ}o7p`HMUOm#AixCF9Q{m$C{41{*Bddb9Z zEw}$>_sViSO1IVG(ARDeWw=RMLx_ph;cIzqeha!zvoN-2FoZ+wV}TKOPA@Nv*3X?E zAqP!HBY_+mBElzlB=iAJb1mw_VMM&l)F`8esWn$ysTPh|a#o(%>dnJ`O|>M2k}4$K z`2vMrM_EHbtpzlH`RIB09)>n!oxk3agQaw!Zqck{`NcbG=0%}nn^|OY`mvn!yw(cT zOTk8AQ;Q*ny_5o~kSng?a+$z}uk5oL)wPNA>FdNXrmZFaf-63WA@GCEKOUY1Y|jz&_@oH>Mg=oNTb zQ7xq2tEv|RNCbXmO_dmCrRY)BentzY9y%=rRL$bEz-qJkTKI)DYcizX%GgOz8%Iu! zLLNgR@H$v(n6*(|!rmpQZ}LJ~o4WPT-g2vPwV{++8JECFPMJY$@J~OGkFPT)2#b)) z0$PNY<2a9epjzwvZxX_l4*pD8bpPk%AfNxE)9D`V&i}Sis;9ghbRHtN%-gGckCk7* z5D%uhn*2~7BmPJk{(}+${Y&bdMuKt|`iOl!XNn5n8_32;Bo>ddQ&XVMRdOe%OK;kZ zMNA|aniSn$%r2I6#i+IZF&Q(&m(2Q_mIdp-cXCo#|0liO`rk^iMgNt=T_xGgIl9tQ z$36(iGZTWu9c8!5bMy_@V24P+*a_i6gLwYjqU6BY5M~1TztF6VKCyLR5EDwSF(>XS zXj%{x&0;=tm=Dn@KYKm2VcVMM9{8RzU_iCV7?XQo_&W#G_YebO0tx6iy^hlX5l2!P zix_GRp?iyn#~lObB}eAehxgmO1yet)v30R^!?3q+L>H_E~~t zdASvpe7VPLrrtbl@rK`K96KjVFKwdoI<^803;ov?hem+g&tg0aX) z#u;1A$yj<1p_o_)*vlV4St^hrUe-{d3^S`ZEm)t=J*!Ron(7eN&zyWvYyYP(5|h<6 zfQ9mZC-48)IXK?=|81qLYw61E{A%V5RP{l`{Icy{Po^9!v(?>AcZLM@@sm_Z`6cYYthNYDoKeR_9FX4ftak+Dn8U&X7JTI)aL z;Unt*y`#h9g8qNB%m1*Il3TwzF1o{p&~-u{o~Kf~y@b_kxs0V=uVl$oayKjaiu&ju zSjFsGVBnS=cI^&pV>HXTN zGS3KWQgJ)v)6!5YA)e`&c8P1G2de5T{cbrdGAFVUu&0DlEM}?=jCcb`seNcFL>v_; zrm@MXhnLFBMM2V@ep?|}Ea56%eaY|?`)G{LxeI+YlzpHi>;?cM%7)nU5V@XlSNNuT zFZN%^cU;d@BjPE4&5Yk(0Pp+Y_~_`scI^o;NxjA8$o0Ydh>NR;oT`lF=yQY_^4>BU z+S|Hr`1IX7ebe!j|HM&Zwa$V0K*^QPd#7q5K9>K6(^F?)-do}`TG#3Jffathf39=#)Xka?$<7rLUH zpUlYVM0UtMbL|B|`3TuKC^e&|DjHk$vbb5zLx-8()x+3o+^DBItZ z?0HmRwpG{A1*U_fW}+6aE2kGXJ@9L@`CDaCY~h6NaZCO6KgH;-e#{5E zEVTa@@_%-ZI=lE^TPZ87|1&@00IQLF``V0 zAX&IN8JwxeMIIo!7l`OgZ?8cUh9NI&!hCWpr>H8qqEOXmio?u{V1!7glewtzc zer@h6q?RXL81jrMt#mk(@zX0{CCV95cwu9vUP&7{fJKvH88}sIF|d;0GiA`yYH38H zImE~{f(2r496_mHx@ypUh!~ESNlloN(;^}a?=Y;k47#AVh%h9%CNEv`D+(gD_y08v zfD88jlKijozuo@7jq+6c|8CsJ!#D)g_sYQ)ld4{F7{5RBxd8?R#7y5r3pXB3z_6~RcpIa#_+JDzS+I>c5 z;4K~BGivej!VvGXo| zNhxSRi9Z_z$rZ#E4c%G)(^YPS#NM^ffN$)|U!&CI|5DX@EdSr`$#MStuXEVl@&B!q z4g3GjzxlHVPC1|>@G(T>S^@%x&e3Z?5b}Va>Sji(RywMqL`v9690%@7wh86fe%OLf6lIk)Dy%^eyJMxQeZrJ zDncPlW4RdkmGx~tmf(r*1!4sHt%&($%r9*SJUsN@bTSJR4UtTUo_*Kc~S@E-6^fGg|EI{-8owMvid$}#%)#m_}v(s#|YMxdFYRcEn zbUTS`yZU9_I4qNJ!-4={2dB+9t%7WuTd+50I!0$zpzrKW%$o6WDJ{jKma_6mnBRx?E^8CMdafMXmrW_Oc!i7Tk$T2l8q=wmsA#P8*?bKDgUDb_PRpMJDnOE|)i9$>>m++{e_2YjdCbA;VnAg6)=|Ac6a7`V}} zVrfaAKu26lO$bOe2$L2i2zV% z#8#us!-n3J4QCR*$rz>?!&`lja%J)dntYdD{4}{n^F<05g=~NqqYqSEGQ@R==0X}p zi6j7!xf2uaIq;4T`=F;0IQX`6AO8qL_xR99`lo6BL!N3t`6OykX<)55N>D=+zpvBR znpB4gTWbfHG0KqF%CL%7%7PjI2slod8vuJM-}kkk435#wEJQkI6mTH{Lj;-u3MiX3 z)!ATk2)!|4O~rOBwx&qZ0C`A#pzG%^j(|8Pe-fU@4WmBjb|eQc4Up5*tP@^$=ReGwQqKD9czwE-t0~X-*S0(C+c^o8xC}n4HW1 zQw?yCBz_R#hVy@Sj*9U=yF35CEtM}{+WSdL7846sIT~cb0DIKsZI==kg@U)U2}mL5 zcuZO$^;&YTXoLN>@iy|%2onUFcCr@ZUs258l0+?w7$)OucY?gg$7FmlCNz0`evjNp z$!tX}(FS={0n7@h8!{=2ZK}b`DrlxfOWms^O*PV``9|cvYR6lH!kwJohYWF^O?YjR zfhk9p?6At+Et3ifF{n1I3p-bymIC{k%r3^jd5dPR!8cRrgZ_7UMOp#}Wof3y0=!h; z{0T4-uRteTO9d8`kjoNeSEj%zdGw7^XBUGsS8UIwu3$uF}@*nkPzERVs+n#x15Kom0-XH@7v@&$YR5u8|syxZJC0SpsZ= zq30S}#M7(ST+Larkl|ZP5EBpGzXso6fdYFK))~~6Hm&9pRn=Hpay7^nojEKksS`gc zW%{~`UUAt9#Z{=7_Z0f-)QpEd7NGgMIR}JIC&{Q3BUS)Pc9v=FeWm1~pdt0?c=oRh zb*!iJC&s+lu!tY8G93zQC7lvhiaJ>86@T;hQHST|P^ZH-!a2Nk+E5&9=+N?G(^6-Ee z!-{Q!$gcg^Y6UfTnPY*eLm!mW{OYjm0`RXtuN?vun!VYq8M1FO7JHTEFvyAK2U$+;5r(O@I7d@ zinwb0&Qv570FyRGk?+saqXGcKP+{&g{*5$rRbR+9WG^@vA{VN3OEf^>Uy1mu`>WE+ zYex|u2UzF}cFNo1<#48G@%F>Dtc%GQ@DRDLoW{inm}3p!up%%&QY4eRj-_`;bjjDxbLJ18ebM%|ynt8f3 zg6S%0{hc>+&~&@Y%(JS$bL+n*|F?X!mp=_!WdG|O<>UXUEn&z1w@}KmSQau^&UgMT zuJD!peqk79ZZ*WGQ?X1mK@1CZFkk~TuF9zns~#5{wXdsWZ$c>1_ML^uB2?m)VLrF$ zlZeokaJr~lwY#>kd#1hog*aI__K*u%5^JuF$?wP&*<5fy-!=)5n4n0fj&m6dQ6^_y zv68-y((E4gj=yc@nY%u;(yB@3KGK&j`Kuu1RsRHblH{CB9SKSW} zH&fYM9dGqPQ(|F8bB+k)=-XyFMAO5%+|4iZUcfPUcxdKZwa+1o9!R+=S)BrrX&w#*gX^1*SEoOm z4{mmaDB6sDGXRG8fP-nl%?$0b<~1 zAK$%GUP>pA3QwRGqU)`T$Kaua(1Sw z{wEt!^nojo+UnhV6n9A-?@ zbB@xqYo`HroC26UO~5Xq&6FJEer+thztMY!hrUn>ISg7x1!DaL>A?ehO`rz{!!F}{Xacg2>5W}N3$ z98a{;&~>rvbic|CI%9Qw8tJYO+b-@=8qh9@VV9caO6rr$kzQ%QH(AZTZe%-B=Oe~t zgU;$}N%>>Yc~p|}`(AuE76(Sy;>wleztwdraC&*+fE%i0F^LVogJFot7|=+ldS>>3 zA#`sM@m_;Fo z{b4Qe|GE3WGeLfUmHYfUd(0yF|LEW-fB(C)+yA#y_P`|+atGl+P@uhJ{@Wg8cfEo<>G?^PmwxhwVp%bHTD2OV;xE1WysJ7 z-y;v)VKD*!W8V>h{F^d7 zZtVYmjXm%)WSB-AT)aK!4acM^Y&h6Mu&t{z`g_Bfa+i9j{WTm~&0YUj=cjMqpF4rK zUKhJG^n+cLg zVb?|@7D#P8?k3os#DQ2+m+BE^R#+AX{KS#!+ppPxFTcH<7o6o4@TeOpJELk#P~ah* xEds?2+qlSHDDc zVQyr3R8em|NM&qo0PMYccjGqlC^-MFJ_W9vIo<8sq8@&AbT@a`<8~6y^us^f$!vZ( zSv5pL5@Hfy1E6fB92^Z}Q1O?{A>9NhGRD#06x3 z>#W^YzH?tmfrL;21*U}e8vwXaK%b5s7YgAc2h%o;1Z`o$1@!$sh^NafhCXg_#HNU~ zT;_e(bq;z?x6>(w;UXsR2qP~6P+HByJoMqLMPPvX;6l#G(t7ee521_tKuy~gpK*bL z(z=xQfsaXaU-~v=bc#L1TjMF~1A@dIWw)4&9R=6H)R|%?BIwJWVi&ci-60aNTMCRJ zA3=@``k94QQU7ynsaEHYNhzZi* zUEw?63XKp0f`W+u&8--30^Wp4!?4v$tHX8ztW4^Grca4O=WGvUNi!S0l zK(GjbJM8;_p@2@2Vg~L6xwmSOtC7210lmyF%$Emk!^h>nQ^0GULq!UErvqMu~6L6OlZwDT1mAA0BP4+rc$@j*xP%H zLWW!@kOv?KbOgH2o7aFqfu{)YC=4kRz-$yA7|sA9aOg|2eDVl))Gy?HC#mwOp?M-@ z$kY3&c^jh*01n_7$v5R#2beMWb<4nr|5YED4jenZ1^}TSjWM~X2~JZZ2CBbJVRoFJ zsnK;5O+I9MuXs1%0D6)Hm`D;e%6r%tLXI-eC1Dy3m*7%*)WF(|Vap{rGl~rWd^&!I zrpWKh9YF4~=-%}s4}FLw1chQNFDA6WZ8Svj?*O*NhtM~I zpzzJi(sX)@MlkZl6&hnMp-OH6CsE#Ar||1~=4?GGfC>ObjIjg943b zeEoH?KDjj zn};bFbTJvneZXX3Hk2&>rkZ1O1O=&keEjCP{X0Zs#5BY)gCj`bB8Vl}n=j|1{-!oD zYJ+Q7L?}!imlA>Q#U&JzK4@A!)qmAkceJMI|f$3lxM( zWor*6$PW?YjtJLQ1s2Hvoui|Jocw=$&^y}6|Jx{EzO?tjIpGmQAhD|e%%$qD1bYqx z1ke<*+1&&&1oqnx4~;KhT5_Ak1c9bj&y#PPp!M+306d6$bA@74S$|VhFDym4~>% zM2&D35k#hRHo|^}j$@-QCl8D&f{0+)`j}%6xzPGBYlcssOEi57JsW`TbW-KT{)?)9 za^yw~i`n7{VbA1{`q;Ix4H06p1|kBx`Ya_K9c{fYdtHL(_Sb(E{~tn*T6(#(0vN8f z2`rNTddGSGe{$UG?D+pSO73*XaCkND?_rqX?>2Kz?5Zs}QI_V?8loKH1(Y0?fvE}=ag$qfCK&nn8;NQdf>T=QeS1MTK~q>u@M1q!TLWqILM#>ob(P3 zcI$r|Wka%GDQ}2{u|0DpG*;VhBexan-8J1D?aer|6~|k7vTy1K1#m?nZzV9M8*9TU z7p7JMr3PqSAZ0>N9YA~F_6@HdLodKwP9vk6+ta7mKoAKiFd5&W;e^s#Jz^0{grgRi zLLYl`>n!Rg3^BSFh)AS(B_`U|9Y0j|2CQ0eD!!ldNiC#8-M`u9_YX z6n?iym_Q%@p=In=d~$&FFNQ)NyD$O71r%r$`R2hwTq8lb3w=z+MI056phQ4Fq+VQ8 zqp=8XYQJ_|$`Iv_OM_wyM%FjAbAZQ4=&@i33RG-E$>_5p(2#mwaws%ZheCBwuH=j* z6Dr*}E$uDy+>B1DQ7L^|^ZTzD?x^XIaktUw^e{7qkSmv;Oa_|2ymdQl*Oj8;4PXTOnW1`oEa}pY-zl|K#BKc*p;@ zQOcbs6#GuSAtkr9Hwmq|C6{6Jws1+kYqO#*wPsh83_~8al9{zM!-!h*g}?=Bgh zVjqpsId`EC_3ahoa5>^yo-?aUvZg+`ipVKHB~sy>P%b`bE|+?N%GW>f*b%PeD~{e_ z65Ut7kHXML0U`qWSzc49s@3Y$Aje{JMso0?m}n4+*;~wv!G$Z|y~YYVwk_9hdQdEx zyN(i8!eRw?(c@Yhh&0m$7t1)w=We&Fy) zdqU}LQ|>Ta#4Ws5KcaBVpofaJTXzVLC!*O0&DK$~}ChoewTPT;H6&dsl^?>AQV*%=SH1 zPVr6fr&6hM_`5U+pj-gIHrqo?+I-S{-E6r^VTuc6W2ITOBhK1Bb)nyeVc6CeX?dGP z#Nm_77kbNouZ-hmG&jCBx>}}Jf&50h?W;yKYaUACOP-vm%cG&LSzRe7@mUuD%gJpj z)WIySY835i?B-WYcd~{}yOL#9MYKeY>Sx-Y>%p=Nbr#ZQDFh6ZMrHqbM*8_sVa6;$ zzgnD+0c)w^Oy3Pjkxivx(Cu`ykBy9%J}=q*RwY3nPP8g;M;bClIGl6eazwQGVgo_cG;3Gh8)tA9>I#Gs(8 zC8?((D%AegTfJ3tz}Lb=QlGAle;m+ch3}0iV1s7kH74~6CS$v`Rm{ctey=IhtBUp1}|f zv5y6g39Ri-6(>e{(Xo+Hn=4yfR)|~UG-@Lh${b`rrPo#t%dlqI46Ks7dqqap1MURFMM`42yLS@qauGv_F|W0Q~M zdx-srJ?cG{s{KDZQPv9quwei19OUCa^*RT~hr9iM8)g2wTRS>Hy2Mrq5CF>fmHwXo z0t3Gk?QEm~>umC=N&PHK)%uSuD)IHpbO2wo-EIUj+}1V;bi< zK`;u}W5g2?pCezH7)^bt;hf)x z45_>7$r0C=TQsvEn9!pwJSLQ(*C4i%_Q6|<_y;P^?=cq-HuBe*b|9H0j>W&z;X8?P zrvEBHr@5nRjCNX@Q*YZT4ho!rY>dPuWugzdN1bmw>M14yu_^TBGhL4%MI21VNzb%l z@SUa^_;oOl!!o#yhKLa)5Fdop8zkD!Af!wTWT#>Y8oJsNcZ*P%h$&-q-v=+8{g&>L z#5O(}jO!~zJVtXLHOmoDwFfVq|M{v}7w?4fc}y7!edxwQp(dRffaIHHh*L(5Ic>zB z6b!8EuAVrAw@L5tXe%gbAzei26ppi5SY4KsgJJmFDvQltS{LNCRwN}r70~*(nky{7 zlGHkx2oYMLa!XdsvyaWVjj~|>HwP-~9Re?s|GS0!KPM+U``>m-sf3?9G_!e8wI|QA zeCVlrzAJy5v;Lv3nN|8J!{?fq{#%QkfXTY}o%|K8pIUa`~9;WBtN z(vP?Pv;6<+{PgYnb0_dN+QtI@e{y(`kN8*kD?I~D#=nbLqT`LmY4T2o zS@VESfur&PhS0r*W5hG50KpIw$YxgdE-=LqKrlgmpuct+jlH-PwF1DE_O(#~?Leck zw+B=jQt%dqh? zagn~xeU@Y?ODbS8HuUi<#KB9B5Xj)gY`jL4m3;Ne0XGxO0p?(cTo`c#BnnonK|m1l zWcxz|;1psX4t?1Upv=>`7(*s?YkvlY5%xVbOxZ3_?fa-uP?_AI?=%`0Bh`76+AT&( zfU~Q&8d0A1T~(6(&Hy&lgEN4LQXnKg69h)o_vxLiju@k?-)}TNovXi6B5De`Gzfhp zC!9()+0`GsVJb`p|DcFGK`@~xC z7V^oELgqCkN#k60P0NI%4W&vff_^xG-R37b1y4Os@^m?gRo-AfCN46Wv*a9(q?DvG$Eg9; ztOgSxWIGC}*8uB@=TVg+Z~}E=L5{M^Db_f>*P3cEC~NkpG=n3EeFt1*V1_;YoUW}X`IUMgpen4cxz%HfPhQ&T6-si?0!OP1gwq=Na$ zF-9Pr@c@RQqy-0`tlV4apVuLB9c>T)khjS3lw#POfB-?+G2geMP3l1zBEVe+L!C#_ zntj7r?2l_0pYEDoFfJr|#RvvRBkaBgCNr5@LSqKQNzBBIv}Qu2>KUh}dWwqdIt4xs zu+Z4Z-V3VSfA9#qR#h`QRv?JV2C49ao(CvFfR1uZFdNWTVqlG@?6XUWz$8Km$5_;V zHRMUx6KXi1(dasoH31l#cH)tjyx@|0$xpQ=?My&PwqI@W)gy8TiBKd{gXtvDiR`V~ zpP+xO-kJFAf@M2r0~?#iJQYDHcW%74$83jiMU*Pc|-}UhChPRzJN~)8$h|lb^s4$>A^*s2Z(g z>nIsPCmw(wbiTUz)Hg}(HbnY3MP5z1$JMt*^s@FgN%0$Da{`jurZHDS z(dP*IDmTBPP{^nksY6Z&{KR!?=U)vBGs%8?8Ru=kySsBTIU!XNf9mpf*XecJW1T&^ zrJUN3*M0>&>PG5Df@!Jj^TdTP~tD4#pCjzv0>$rM+e|pa)}k1Zc&o6vz2-haYW`7r zYs&EwZv7gBS_x!mr0qQ#sTFu^0B4%T$~OoadqUQl(AeLP=ZU2=F0>@Xxnvie_~d^2~6 zaZMd#f&O>gIVtAfRLJ+U;cDCGGfSo#`IU>rVPshike*0TpwXkX$iFjGYvH{NQk z^2)?Ou%j}2)V)Q_!L+FXgp7``Zv|_TJsf9XCP5Gwnqtkythez)T_r$#qSYVW5d+nJ zq}sfnz0Y{O7jCB)n3XO%M8f;?o72JD57&dU)61KmuFft0R*(;tYwo+KSK|yX0A;Kr zU8D24i<%0v5Y1y)@_mYY8TTk}t(3!*G?!;vc6&O?T&ANRmUR71hAPE!oxmF=?wx{I z9eX2FD-(W0JsMzw#pdx*VCx~Jt7b4O5AbIYxTN0OBpvEMR65k+#ICNJ_O*;7tk6_0 zl609AA%DL8aDA~(loea(P@|NkZnmXMKN@4QvG&3g+?*gURbOO=)*yJ3V~Hi*vp&ns zhZ44(WA^JzV-3BsoBDMQIcxj{@=<^Uo6XyJl1jztH0{lwq3Ng7UjFMGol0ayOS)W# zMiO!*h2+c3n4^1jO}H=+6KvgrQjQ70Gwy?b=HyZ^PFVmsIN8?nBjjD$L7sFtZs&heN__0@50 zzuk7)+9$jnf8kQ1&l?Pom}zR!o%g}7zcnmo90&NsfmCUd>)*ersGt~f)pDW*884@0 z@Jhe2FpEud8^Ggp>IWhLig&yBjRekThgA|P~rnuOxp_?VaYd4huUpv zrcy@GY}mzK1BRg$qs2MsIh}@wbQE0mFu7<437{b&Ca_f;dtIHcXRZ{|q5P?%+Rx1K zvXp`;u-zPEQkol;0%D)1o{6cO9pr#V!T)yYC!bQHloYaGi+!HGQ%w5yg;hwR7*@+BED$OVgB5i!&VAWlO@w*U$t z_KgnIl9=-UTQmK!3OpbYP6Al`%jixK^V5FD{b<-4S+a??77=Yxg;rFfP8^(TUd;*e z13mP-k*H;Al6Jp(<>)`4%-R1f7oPRnSg`*e9vl|(KOG(J_W!LE+lj3Ynrh^mjZx(L z5$$p(;d;BLx&hfnZGG*yTczy*T>jb~0{5Bw6}P!<&25_$)qWVg!y76%C2O`yf*QE^$sa;SU;nfZ_2(0HS>Lk#(N{xRAUMKsoLr?TAey0iXaZA`1RXEWjO& ze6O*WgiW}ESnrDxnBG5i<2s~5;<5{g?%&4{k!#t##-8$v6|!Y4Koq`GPUM^hh!Ui_ z#}hxU*o6*r8(~2kd%&aW`D*~d<&{QHHhhPCmj=jb=>3UFoCa!RXe#2H^_sdy)7VK( zMddIz%hX{YfUb+Ua${D&^1hlwZ5^%HLL&!*tO_$c4fTD zAwxjLzw~0?za%8I9PJNO7;GrOr_^v}m9E6AkSjWILUjQ^kY$hh^CcbPj zaR`(G4WqsqR^4no00q!4B)aw3T~K3?7-)c*0C?!5l$0hsR&#&9shziscX;dxIxsP| zRg#X8iZ^18-w2hn<%>BYq@Mlv01|=C11} zu>Iz#e+Os0nSHC%6~$Ix<$Dqf;EADYkhh)qbUcoeLiuz&&>o&r0YdkpnLPIOd0P{c z5!Fv6vl@&r^1bw%UZ->1>U3M3-c9$Y-#P4ej{duI((iOk|CN1~4diU@gJxGnQKKFj zB%xT%{5Pw85F@Rx?n)3z2sd3*4`!+qrcX_LH}imD%CMLXTpw~BjW@N%``CqCCyz=E zKW5=6ipKTLrji&IdK~NvDxRM$fGgCB*_83hux*N!qJP6e6)i(V`!Tq^E zXWnLpw}CxGgj^FEy*(E(F;J%t@>j_46bdxBMKklT;nOiD13_;QQ30v(m|!vv`Cp4lQHKJ;_buk;qjjO+ogeI zxvj%*4~`BGItM+iFAG1;$5ZAmW~Km0F_V?q5Sr9IY0}Dgu%BAOdfsJ@{GSE`{qXVT z{Mr%sVzo9Fo&O#l9_Hi!ce=a#zgsE)*7By5OO*KVKT=V|SbP8_=}kyfVxUmh7gOm6 zG4Sh`FTl~}}Ys*p=B zr6AeYlH_+*(F)eLwo<-)Y43w64*Kebm=sy0p!HoK$>L5>AMCdu9vTfI>O|>_{4LQEK$yUuk$j)nz4}>-+0U zHPprgrQp9bYVF$(*RrmP7!xA*mD9Kw0b}&nKuo#~6ZuX*!zpvqvKj|aA#bpqPu@@JeY1T_C=6Ep|SrKj|TQaDD~gj!8h$MhmN z^;H*#lq03)fMk`TJFC7+3CA8{$XnFg*y*!$I;F-EC(~$LwQfB%f#!Uq)o3ThzhzOU zRXX@u>Ct-XqAsdRx`T1*P<P1J)QO$|r%N^CE?FYU;J<=<%$m6Km-23?`~}V)C%u zaI=I=^<3-bOi|eSQw0k*N!&sw4U?*lMz_+64sPnThO=yr(b$ev`cVj(Xwgw>8z_u& z9MPfPIOnO{Ds5GpBkBxi@!RB@cxfWl0{SWrO(rZ09;KJJ6XOGTsk@`(W9P<*VhZdl zz$dY}IJQ$STG5y%A#II%T)MW4*TM@%k*pWI;{AqbOl<(oX8J~D8VBDDUW0GAd{;8p zituBjV9pW$8(z56Vl`~t!pfoaoyDyG{D1$>ziHZUUw*@F7QNpDO=rJpKl;DqqvosJ z9hGGBThOL%aMf0bS9&p`@Z%d}TiwtI#Fp9`Bak+nr$+jwYy{G`n;e0%Hn%eZcm!U` zUH7FFoUhOr-M@#zov2l;?=}+JG7+ck3HS=U97?$`x58h6mxPMC(2{OfL3{Pe?uDWZ zXrh=8q&>1|YE^6&`dpO%?5gwRv$qM?vqLm06Dd$8(%3!c%6^q?wka(wlIDsFc0CbO6>-`-X0!HaV70Ub*n|e#TnX3be{ma+L%AoBE`Cc}0 z21D&Jgb{a6FE5M`z?~l<2TgTS=_KcD+5@X;PbUMse6BUM(V=3lEk)1RLJwTTv`XuM z8+BZ$;;E(eMt~A<`-cB7ebz@wddj923a@g=XoEycnaVRlP7WMVOB{ z7P>pKskZRB<4Vc4dUQ5AF6NL#F7d}6p8R=Cy-_NDRXtewx?3DG#p@nt%=96V6&|(D z+52K4G;^q5%D{4UN(f)9P$YM$33-X`XFOQqh&&k@G}R8#RL1etMkGZ5+Y@G)IV;K7{wg%bp&84RI(=roMRQ#Nr$t7DwlNp8<9Gz-3{O@#{Yr)h-G@GQvG8XA6Ax>9E77sJ zvapgshRcmvsiPntc5@{F8M9imS!p#h zS#N8d|F}?Ra9Pn8bm9Hq!(9C5UboXd-ktw!qpZug^7$jvERnHGU`Z_xEfHO4YN{R{X@`n#Mvn)Bs@q)>a(oZ-@lU5&)Cmkt-4$lM616sSOzd$jR7pW|8;bDl3)M5-TCi!%44qIZ7tgvIg{U2JFxzlKx^-V_mm4j zlO0**Ho-yY&$8ajpe2P79D+Cu{4JUpXK2Wfju5UAsEu;pDak%DL%IRze+OuQ6G09% z?X%A&Xy#8`o2IX+G?o!=+B%t-o9?nxYrt71G8q_1g^xPBLiCP_L*1WCcp(|8BQ$6rV(Rjb%8 z^k0J!qd`K;YCKK2Fk8iZSw5Ev^_-06lkL5dQk$u2Rsl1oz%7E9?k1q=`WO*0z}_Ha zXoT-8+prec9Pp*~rYcI5ShDKDE?P+zHBtOxUQ3oG7Bn;V-HLW9?ZNX}F{_}NnpG>H z7tF6&s3!K3oP{~|Bn5(}X7iP$*8ZQK4YgHb=Ox8}#ruCQ{ztEO)Z4}X*h+~FNL6gI zcxDZ!u1mce`NVBY}1!`!7)#6HRn zDzpX~;vfnI4%BUSEKp$X)M)>aO!SQACG|K+YwJ5Jknlb@G(WXJ{|8;Yq7hjnk#6)Q z2nO$(l`Wq7K6O>L<^Tnh&EoGPf<+%Rhckir(x_-q0~o`uMoPiKqz^ik82*T02sr)& zZ4$K!g5kghx)N$XgK-yae9r1ha7Z@#f}o1&Sr;OoRw+ zoY?0jX!g|@0hZnW$8>ocz=Hk%pwr9m|J{@0?r#6zMtO$&|Cm0>=Klk=c7AhpTt3aq z0b@FduWT;Z`_C?a0_vV(9qyxYb8|j$!)U;fONqy`oVtWB%L2z^hQ`@IQ!QXFLN-I{ zDJ{2|I7)e#hd!KrNW_zBW_opf4c^z4A?9|9A+D6bc(cv`DBq|bv0pz>Mk9eqy*`ZT zU|jfM>o_Z!$%tQ=5@1gOdsNzW`xKyn3n;jj>GX&^^@RK3EYq(=qv8%cldCORG3sXg z({3)#i(ES0ZDUfGq+mSyEXy|-`H{?k1^$lHGo4|nIkTPe>_ z{)?k@Y+nS_{xTOP`lclgE)euiFE4-*byPxMvn%Dc0kcQd*$DJm5Df7k1zXtcN;ZWF z=7NqH4C-wS>aeM5U$}~2miPJlh-gj!F?v3xgOP#%xD<$6sUpJnx%bw#3f)^cuHIGC z*A?`G*pFC2F6j2^QDtO4pChu>ln)-C1Uup4`Icq({{XuxEGlBHuG4XjTfa|(R!FHo zM%4Fs=79@C=we~nJQki9Q6Fd!<^)GwT3_|7#6rjzUnI2k)k^GDE0ol)-uLY8#kAQ# z->QiHq}{WP5o`3V+NiOi&g?em|JbsL{eO`;VA1}6(#z}rhbKoTyZwI~m>zB#sDu+8776Mb13m@n(@3i*c0cZG`cafkwydw-=CJ@xgnZN8(>Lmp6p zLhJ8+rux8FUsttR+35StNKP9SnIJ>3Y9l_i-qqQ-ua(>CqVBsiP(i9TKmrX)e4TU% z;QaT9l? z+U^(m3P(%@ukq&@OG-T^RBNif`j!n`4a!(fOoEmLX9yM7Psj$)(I+zzSsxv}TV{_{ z=IxcG7c8O*AKcOD_eaWQ2 z3-!OFeEg^0@lOBSPI-p>Ur(_oviX0Y9&%LcW+N~Us%-xnS#w)`FoDGLZKv!-7YFpc zdGlEv$#Fq@%Wx&rc*Pa@8m-4)uGakdRO`Dm1U?+s;@R_XLK2*WHt^wiJw`oQB0fdA zzrMjq$E1)`RYj&Ss_@#jc^)4o7!b>xG$g7^-42#2`4#=!%=yzg-8-E^>`O-VXnlln z3)|`FV_V&q-TyyFkljYh2>^@qzr#-6|L>r4xQqX|mGTVte>26NMD6=8-FBJA_g@KG zi#+?5G*eCy@hDr%P`S22%HUwfQi?bnFJy9a&>@txHir_SWGS@FG>{WBXHM9iWZGp} z{?9|Xe20{ZIyb*`S-}50$DP9cuY=Am{@+&0GvxmzQ|yV9!E1#H_y?t8?hP<&L&))+ zvTJP5iUF;+{_BZ>i`M_qaX$a^;lbg~|8pzl*{}cSw)9t6_0MX-=gJ!EU(mpXq6Q0C zxc-mw>;I^8aIjnd+bGX_{p%_AoLIn(!e|i}(0D)Rbsv{y*T0xhMg+u*rT(-mvj23t z`SpKraI~}kY^6NI^`A_!CtCM6R{Qa)j~`VX0~uq5@o@{N7x{%?4;3bfuG6iyq?o&t z7QjVj>q<<@EG5sMKkdrnmZkZBU7^n^3;6#*r{MqHJ3idmf3{MdBmaL&q3;j^Z#q}Auu1-v5PNka~Vs$@d1c|tc%5BDCta{0|{$mA(iI^@BLuj&FdILF2d8|?aEa< z7sK0P2dg7SE0h3YjIvtdQMN1UyY)jTu0BH7h)sPYmhS-9A8xM)J5lj3S(cUmrih9A zmd;mKR|;Gx{~hGxKOCH#?DYSwlxHaa*;DL^q`;pM6V81q1?u16OyN{*17PA_rwuas z9CP`Q7F_|<&>7+(B^=dvWv{RUJA|b}p&}X%bTnndgxqMLvlRGrz)V)RZa&Z+Ax#MSR zqcW@%^y@l>7V%P_UYBb=nWa<%vnok_P3*36V9PPw33&gBWi|OvIol8Gx&beg|9ZWG z|HskJ|6?oV*~)+M6nkD0;JLwSz6==SZtmx>I?|uM4kJO^AJyadrR|mPkBbEs=y?or zUL}7d6tLQRV@hshWOh;ukzW-m*6Wl|*Ed?sdL zHI zcJaTrQu1;f3`5?Yc8$RHHW~O5Iql1r3OQ>O`My#gfun`9WktC4gg6xX*o9oT^)vJ% z#2sq}$M1Ec9QnuW`Bwex~=!j>MZ3koj~}HU=T} z2Kw`SeL;VLfxqCJIqjKU$Vg^{P>~hP3Rs!W=>3onkXCbSu%SBInV^VEorb#%sx45k z$P(7^V!1nMqS4zf3=iU!KW#NxL6A|hb4h*d z&Z@@BB1NbwfvJ2>M_dt$D_Q-R8G35l0-p%!SiX()`SrT*WvU$$IIMtGcg zrmLAZ=GdsMe<``l;s%rnZa1c}h9PdrSIG-&)GjMnmSI&fNqSOZo5SQ6v(p$Escy7_ z#FSDSp&Sp55&O3DZD;Og0F;v&CW!M(Mu(_xH7arW0SWsN08#^=Gt%atJ2V_HN`>AB z1;fF0G#cT1&}=sWcz9?}5cI|5k1S}_x02yV=vifulbjNZnd2fR1|#gF*dS-a;O+!T z690H}b9r5Wp5I{dUlc#ck`Vw*u)xrNi+nh{)`p}$II=2)h+*m_uMRrNJ0DNcZU~-q z2oRYTS;Ohs&Bf2>gAb?g&#x~}&(1AKQ@Q-UXEex;%?KmkyF#PvQ}g^%4O}dbI*9^M zX!qU69|rHve?EVgZ&2?V6_O_%ze7{xYbM()1^WHRtM{ijP z;G2v0=Y#Jr&fmRVu?>|;Mp4OX3Y4~Wefs|L-TBqv>hz{CB8!^gFbI9b22umbbY@EZ zC_wL}@Kh}p$7^apr-(7^p)wYp>_?pX$ik0DLp=cynd)R3aS3Fr`kl4?83^rM^^%F- zT5kW%?v>?uly0lVp|9N{%5amih7c30!`JfK{1$YbW?^j4U_E^iK|cRSr_(*!o&Rm4R8M(1=sZMjnYUN@9xK0q zAs$S1HTj`FM*NX7{0Aih`j^x@jRfT`^bz}d&J-2CH;|2yNGu*@r=~!itK?2jm)^7+ zi65o9qM-A)^G9wFX7IP4zpslQzs z$S$@H58m_+Prf~T^J+1U1~EuHAek9cC>q>aA)|u2)OYN`T1f>~t;Vz6NxP)Z?6U;P z_zukbE{|m&G}UoJvvj1E!@zPMSOEnKgH(RDe#ZOeYSSMy<@e1xJ7M``FWVdQ1Y?np zj5D^Jld<$3LNT!pu$Mo8vQ!{LysV)@8D>^-TChH!dsdtFHPs=kpE>!U*8WdnBqpnC z01M^+PTv2ob8x)#|JzDg*V2{S`PIxBsOp1=`DNR^o=iDdW~={r8i|PxiMRT8-C@BBW1k)RFe`}FRV%&uJ;B4d}Fzlv8cwbp;g z!$;Krdq;=I1^xeMm;YfaCAWTcTy%#Gq3eV^JWr)|dkL%8av4j#UdfWFLa6?!w~<#XcW%Dvk|N5SNb4rd8~Le{2jT%NDvy>b;dE#()+bj zWu6h%q~dnSr=_7*LOjzk?Go2W4^-7x`rUF^WKLuyU{499SjQv1+Uh&U=x zOkn0N(e(@zK$N?b;Jyl6s5Fk?Vu^5f@hxIaL|U(dP&=3MIJ=d-D{dcB0^ zKp2y888(yT@HnI%Ob(A%YHBDSmd*`E$?tTiJ7oS?4!WK;=~0$;*i))z3&g69{WQe@ z{My`CNG(sgFyt9iTIp~mR}@5Q@BeEU z02l24CHY_Ff4lvE8|A6?|J}xKxNWGo?SGC4u%N$RqcAY9OB)sotikn=kIbJ-6ZtX3 zh6Qcz1c;Rdhz$+;Q;QnA@(fFD`ERHX^HwnfFZBO7KFP=b>>cj>Ketj=wEwPuwEK+A zz*{^z&h$DxL#{kQehfd?4EtVo{Xc^Jx7#_&umA4R;m-eSD`h?XZ*4a4WUJR!V&`4_ zl2Xus5`Q)bk}HTS8oIOor>oouiM?x|0pHk_zecIa|D~$+SpL7=ljHpPU+1v9#cdj6Qqh)vHCd zRD?p9#&R+6E9={QEWs1q3&aTYTM_fim|xluczEcy+vPPR!a7=P605aYR*z9Cs;;&^ z4ody2?y?cJ<4;aabndh6Mq@4o;hIS_RoQw_tD1bd1ibK;PM$m^I_$Rz}9H-)<&2ZjpM~ zX!omywm&TGmmMR>^RSMoHHZgO32-$ex2jKVv8`0jdFpNSt1ZjOe-?lCMcHQa)ho~eEoJ4CFuxhmh7ETvTa#R?XDpWLkeI=(UjGrDUk<{U135GgSnO?3ShUQT0n> z_08Zl_y*l$F1VzFftkVRCHkCHQC-Vm65r$m&8zsYv#YlpK!!koIhS+;mx`OlW>Fv} z2)LB#WRIRi{p{+kP9X<|Xha#ZEvRCGxqj)WVO-cf>&H`1-Cfy0sm1^A(6A*H(^le1 zyOa#LNd7zStBO*tm?g$sr7kz;CHNDZ?ML)@Nr+o`K~yQ&+ps>ItW zsFcFIuX5&Sr*XZsUi`0TlQFY&{R;+NOvddqwK1#_`9+sS>;I&ayZ_NWKHjbW?UbDD z+=T-AbOD45d-NQy0!-Tz6}!TUSy!w=c^~+gMEBNPGq2=p7cqfH7s?{ z#nO^KfsVMAnh=m`5GE~35b#hyody6mQkcSA1=9=}^&*vY7<`VPulnzRD>On32%6aQ z@9yrL-&K1Cb=fyCq6~OQKF(}- zZ>NNePO*nrALwb=a48Y!K2FinY-B>5gD($_T;zCVB2Fv(`dhxj4PrsDlAP5ajf|n% ziLFMNhYh_c8_pzrlQB#)hPV14<;vs_H2E&Q_-S&D=8F_A3fTZJMjxoSWQgk!&4o0I z5=j6cb0;R;bKo5x_CZf0aPV#CKK>Dg?(w0I^iR|LhdkAQ@=4U7(!g4Al%R$teqX1r zHK`60w$=_XW0WDUm0=aFlm#^a5OAC@HvsljzVB;6862aVS%`GbDBwZ@h6pqR6i_y6 zs`vJ@1Y7Iq&uiF3E=%e(o9Zmjs`XViDeQI@fWTwF@|)0`%1pxxu+H^b2xv(FXf%<89=j5he&U?PM*+zoMAGC5c)VF-*qS?gV*}kIDFAOlb1>{2sZH zlG%z{q7Cw@0+RnSa}mbzC-nrfs=^Nq-T)sD9Yg*!RF4;kV-oABBs z15=JH*@3sT`%1|}K||`(@$6q2 z>R3P4YY}TwWZ)(q+1#_oj z_LM%ZJ%d29S#~>}Idf_~`M<9IH$lGC;a5@rYTWr`+UeB%@m*5E5ZJ|AvM~@`F#k9rwsKf z_u)L@}^TmEcbxSVUZKe4zfs!F4nm;d{_* z6>-)0ovBDF048mWBHy2-M+E?ep~Bp0{2OWLs=knI$X;+TL@re6mS}*$zY_6R_gAHt z*N!4S4zSP{?3B01%i&DX;_ZiPSr?Nr;30BfIgN`EFvltyh)aopm>35U{R|6mhkYLm z5s0|NlLM%bH`rE^HuVZDnN4})Z&IhSLM@Wp)8-q6zO4l=8dVF=gc2G`=IA%YHS=_7 z1k+X0`a5stpy_s(nP*jh=hlBs{%`qcFMk@e$o|(m%E$jxTf&b2Z=sZBu`Fb;obUWw zT;VJG{lYNJ+-itVr(&6Cf*2O+V88}wT$NKDRy{5@YF}5$-h@!1?K=yRMX1Cp!+dVh zClR47;dD{AYIkj6_e^{F3vse=>>(GjB-UITli!gmvbo@ZzHJg9F+q_|9p^F_qD;=Z zVkLbYrP)2~9e>-*Gk1MxrB##6eWWj6@>fC1tNsb>B*{6MIv!A<^QB8RjaWvL)ic%{ zZ>F-jI^ODoro_UG<{S~o(YMWVh^B{ixtm|+y?|rz@X*Y+YM(r@2 zKE8XWzz+WV;__b?9|k|(+*}SWKVIFGHu3FYw_Aqe`}6k_v-hX}&*0|j^z8h)^y}he z(np$3dYYM=S~2|p`sw`Ym%%?yug?dUr#C;AL6_`1U7*&HKX`bsXJqk>xhe*5Y4r|#vPHmNX|$)>du{@U#UTQV*EI(ukxH5Z7DIn0=* z=NzSJ*G>cMI0Z1zR9o>)xz1XW+)TF+hhsg{vpyX-W~D?j`S>!gR3atN?HD^va(Ucb zo+@VhtQ46*(af{rG_-OY73N*V23_W(;h;Q~s+>8j8S2Uhy4Tv1Pq)wtr*0#E3tN^r z>5_7@cnmAou2hwp`rld^AQ$L=2S-OG@t=13-&RU(7P)o|=mhW=GjhGvq4T4_PQ!Ze_D<-e)>c=`X2 z3+KO`gOlC)?^eo+s-R)lrSm-}DHb_+K_}cazfO$&g?j@3)?PbjIrVG}2umwq4w#G@xA)!!9+;mDDGhBfZjqZ?c+w-N<&N&PR;P z2A$Q{lJdu(^Qa`{_r3UTEDnsY#g!|`f2-?M;Pmps0XJ01ViFsE2g4APF`$u9^~~%6 zL+IWj;=KlU%8LZRc*ZGecm|%cY+zD-t81m*BnM!V6JjHytub?w+iI3aYI!K(@(-39 z?j^}@HguQzx{+tDh81t_B_q|U=uyjrg|yF#-ZTnpD|wnoIgqP~{R&yuBV=3(8Pq51i2;palGUb`3ntc*7ZE z(N_Q0=r^36p-AFq7aO*k9cF>;dfzU-xF z+}QvB8hhYp$S{pKxOjWc8;(g;*l@6iU|Uyb^!J7{LW$*+u8Yv%SCii_vyf~RA@Gut)4)ZgC+Hxne0 z!mf=*ERfoG+)c1Mi372uF4ZH-tgtK&_=zLcw_mdXUw(TzFF4C9;88bHc1G2fpuj^q xTLg+5wsDcYRzy%qP9zF58rgWL7kn4HbXRs|SGHdM{{R30|NrTh*FFG30sx@~XU_lt literal 0 HcmV?d00001 diff --git a/released/assets/rancher-istio/rancher-istio-1.7.100.tgz b/released/assets/rancher-istio/rancher-istio-1.7.100.tgz new file mode 100644 index 0000000000000000000000000000000000000000..703de7f90f2e41bcb2f55f3f53234fe2db81d55f GIT binary patch literal 13476 zcmV;VG+WCbiwFQ0?%ZDh1MPilliN13=zcx=6*zLXV*6Mey=Bj-)VY(fll9s7u``oR z?M>w>6bWgVp-6?K=CR)V_uGvJ36h{lNgU1COH?Wz5kRBS02+-(qdPD?>yic?CyX5b z=uh{Oy4~(%G$QQZ@tFPF?GO3CB9Y!;GM@CtgWhmRy1h| z^Bij0<}%clgJSdf1~{T0@xPx*3R2@A(BIciK$p~uLgUU{y0x?c^cW9^#pB-}^>F+L zBlvGT9*}OoJL&fSM7p)KUXuRJ$KR$a>eDoN9F3lhcTMtdBFEpjs|0&YCzJ)JR$@=dNx}${uk0!wXC;i@}S^tMfrsw&Q ziK`cuKdfalGF^XRz`v184VV(A>C$4+<`Ms%qyy9)ek$EIOtaUC2Jk486saOHRlgVlr*#9g7}a z_hvLQ_4ozUrDjMwY0k$W6_jV&q-cEUd&tbNamx>=AHqLN0}x!&=#s8OXj%(p?R22v z%J*Qm6+PCL^MTvCj<>#TnJee-lAi)lbG7<=!d@pvuLT6L0%ygU@d=rkp<|J^2$_U5 zTCYfSX+}hhW=L+F=n_6r-nbRH205d18j#2*mr=9|fip{b9=T>j!{`W5ocjT>ftZdP z8ZF1dwq$9}tPMdzHh)5BIXr?c`Jn(7UN2f#^bSVMhDp~^Mh|{C-aIhFC|Fz3I-o7x zkX)xa-R(Ae!|o}~|M~FMeGJ%M{vVGJ_W%C4pOOD@ z{723He~9#iobeeTwu!fVZvYP4YMsP+RzQLK+l284zKOs-ePu3anA$(c%<;_N4)+hS z$&hQuBqq6}?vmFwTCFFt6()DUmXjPh3FJN@ObjKjm7@u43`L>`2dflF_G5uBY*&7S z-B5BI1p{pJ3Hd8K&|E-oeig@<+lU69=}v_R5h{E7uVfv#&~4mS0Tv^|wdt-YKQa@@qkpzmge6N(u_x`RhP8 z1ck)+08Wb`{4U7>kp=;VsaBIe&sWqkoP`Hs)_aNWIS6kSR1d$IqqO%cxw&+#OR}V< z7ZRL-amP^Lf!{MqKuR)KFrR043PJIgAe2EaE@5z~7lI5DV&6b6^I$I18xjS;2psDL zv=9Z36*3|%0Ny1hEK~qeU~4c4u73y30C_kK5>&A3K8SToC*s&(?_t@5&_fWFEv4uS zM&exv0#X#v1MxF$8|DHf{+!K+x$nCE4O=0;H+L56fFA)61K#Pl&rl!&;ge!krT(*t z5O+PMh5<{vXOI&>#3bi@9?6l%N%GORYotrDsx(i}3}ITuw5+)Xqu_(&=z6+DW?A@zMt! zgmGa0pWgpNbGdS9-2&ha^5108$bSb(8Tp?rl*cgsy+;3kkdz*OU_vW)&aZU_Y(M^! z{&>`k{~=O({1p+l#x_dMe}myb~qSFI%v}R^VQ>dbN-D+8$ zqwPQ`aXL^lMV?lRE|MvY!?Q9R3Ib{|MFI%aSnBo#KazQV#Exa_6`m|* z{!8PQv{tP8mK0uM%NcYcI2PfNbp6!8V02!0KmU@%a|Q z(cChFx885;l=l;zUHbl2(y90y7=C;AnjdEqH2fLXk|#tRe0IgVj(iSZ8Ty;RiRj5{ z^_Po_j~@enMkPWE*PofLxIKzovE2BPMj&uT7tmGgIj|UlXYSj(vQ^0nUH9{JVHr~g z&Tcz{5XXEtbG~-MV9hQ}zFpgJ*3**w37kD)PT+AEMm~Ura~;nMV#4t-;!}nJZ2|c& z`H3?bl#lU={T+oPWdfLKonSJ}xTG|H>(qD(H zuXq$k?HVs77{;{X6y-=HxBZNc*YRzBPD#caNi-DvH_Q##X#M3>C=I6T0QQu&(2(U1 z+j&nh*O&n>1Bd)0l_ZHp%AhY19=AXD}sL$Zh7yX#0B?0;O}x~ip(68Wz?7MwwCbH?2pFB0~q*MW^X?3+P#;S-Lv|0yHCe- zG=A0Xy)-R*P6t+hIC?dMQnSfqJ{b1w(V*Myje7mb=v8Y$J&K$U7G}E-lc&?`cDntG z{@{2xIvx#;m*bcH$*ak5{D0eD#G0)$6`lXZxuC-}LY<|#+Wk~my8cIl%=#aUM~(f@ zLDHvB9pcR6t0(0+h*wG(gOe-AgEhuwn|J04B%KHd7MZv|a>kK4{dEL9kuQvUK7Ar` zqLDT?35j#t#K49n)bupucWbP^{}1?6i}t@j!U2XBkv;;#{sDu-KOdUZk1`dle?08g zviSd0!TuLMX4ZeNH)z)XA=2I}94E?-%Nq->T=LYwbsHMr!#R?)r5l)xMlmwEn5>M4iBQX${KYlJ(yk_cHq5e!n|x?0*iDI-O2xmk(y9WuQs{PR0LZ zH`~V5%McAY6Yk&w&1i52lOx3+TysWUao#TmV=fi}UEn=<z99@#E zOVhJmwJd5MplLMYm;tpMZ=uagK1$1jv8-mUcd6~#VkA~Kerb& zYQG@u8#A&l@edbB(Eg=}Od4bAB2w8v498>Rn?{6s*Zv(G5mR(r2px6&LFkNttp|=$ zS!g(u4{1~GBi2qxBk=L>Vl->XJM*S@RAN3pg?;xor-mjGnB|Cn?GsuE1 zz*c54^7WN04|O@F7NcCu@yg*Ja^Ui8ekU-Z8+*giv(ueGu>sl_h>q=50rZ5xWGEg( zd+CHYjRJnvqfVcE1IsnOIr0`a{PHSogvd%T4N zgWnqGfdaC2eB(D`H-1%6F64}w36*S|iu{)PE=DKymr}M28Fq!5ZI!K#r735ZXRmxm zP8fO}&z;1ARgxq5hfhS~G~U^Hm%{|=H=`EQ2j!$j8mUw>94<5`iLGV$8> z;GTJPOh_9|=Z*042)Fw7G4P`>k}bSoKh~>704KeC>CO#x7MBrJYIjC$O}uspVZ02(jYuW)U_Y1F263lG_d8Swope?I>K-)S5ZG#!zh6DAj;9434z zVLBdAQ+`RjDQKxC6E}5BQ;wS>OodI!R7h2KoPx?*p%|W#T+Tv?V{MVhTyXl!1jqDa z<)_5SubNdLk<)iSj z{i5Bmn8HLRGgvUq%F#Luj$9vPpCb_Mj`-{A@F-Y&F#S?B_)hwcZH_vci@O$HEY+(e z*7;~gm&b%P!dWxw-5F0#l?~T3Ub48*<{Q5}V)6>E0%n@qIz4uq3o3VZD(y7Os)%To zyudh4wZHKOV;ky}(q=0Jl1tKp{tMaagv(a%wP$T!GC*xp5OJH!WAdJ&;l?KZzj^;( zdv!}H`(XF~!>s*JzdLE{ z{|=HK_WmDdSxxu<2&%dNZ|?th?DS(W1}H}Q{?>mH|4*y)_uB-@>_2;x?EU|s*PQ(LZ@9~+#4(X@Y=$0}LevPL8u9K1<_RUwkHo7AX8536-5n;IVUd(tfkRew@T%)0 zUP~%I@$Xa{h58d&OF267=g883s`eRjTx}INUNk4|KZi%{odAHqOXDByd@t0$A9|>@ zse=8V5JT_p{nv1meg8S^j+*`dASrjG`<9P(^+RE~8DO|(UI*CwQmuedEL3bKQs8Vo zqjSV0e^f1QL>>n=bo6m9-WpPg{4Za~@8uJy?EYui&EEeEhLa}#!$DGJ^GpSB$i4v8 z8txrsPYuF}qlPaqr9cO*5JNeyc2N4LYNiAuxvtUW2Oh}fWlorKb+W{B^_$xj8c8Ns zPaX2_$z#04nW9jpN8-K=*=yZ{X<1Q?NY_`?qdHOzxlHt5am?= zTO_g36PAfwo6mBO5*!#f?uHVb_Z*YnsQZeC(SW)@anr?bp-@*a;-Jn*_KfQRa#li z>b|Q-`l=EU1MY1F#VsU@D4D`CN`ca4q@1~0{j$qqQxwsb4Ctujagpihmc)ih1<1`5{u#{*U(jUQHK3rT0I*-2G3#*X;iXNe_Gf!)96L0!Z>9mbd*8 zpt%8RZh)E>pp}!}|8vHOWzRNB`2VCk$lm|-#-oP+A0(-~Kl|blSib45E=|e!S%i=e zLST!9L(>M*oyJ0=a59*2?}{n*o~K%~Ddp5-C$kSrL6qKCiy*Pdnt}i@xNFv;Dv+J6 zk$1q#d0D=4x?~nk#y0^gE0~{MEkwe_slspl`CQ57TDK7d)X}n^|G7E^n@$hV>0LsQh91Cp{AALa8TS# zHZ#@CD_t{@wbC>)=ncEYy~*dQ?WFVKc3fR&dZSIu7Z(%i7B3m!ztGB3XT*$cYr2$;7XQ`6J;E0HgjMP%H4JTG4p$tP8O%kBl@J~0NtXC#=EO#T`HU{+ zcbK2BARY73x29!Kn&z@xPi-%8I2^bAeoGYyo1BRkVg_dqyKQl0$RHM*Zl_A6thci+ zjqAjRfvtuVFPg$kf4N%hKRLfWmHApOTHZS}m3cU$6GHIk>-Xnx_c78}WfnF{Y3in1 z`l$G!uc1A~t^I~K0!1}aLn{!x$S^id_mpa4KKMZq2QTN&zz@;k`LTY6={JPzRwTUsg8(tXIJHcy~ct;FCGe(otc0N zu3Jh9xq*=m`^&59hE=-guTZ<6t(~E=<}jihU-qFeLN25)X6mW?&?nO-9U|%DzsdJC z^p<_tQwdb6{~zS^|C7f5<6+YN`k$<#rcAXFM;VC^2JWnrJ`X4=|8+^>?+hV-O|xvflG_WM+DMP zZ8@94scmrXfBkFYziY!e?A}Iq+xUO|{s`m0HSz!MKUE)p7L2Zq5Q?B6hBA1#1O$F`|@$)7K>3jAxw zreSAs9jJyEto?!(-w)-ugBjcB2nJSIQeL5krS^F9_@-4U@`PaxhSH7lE1HJb;S9+KTX{|I&04mmwff!EabEe9#fo@c-~lpF2<$E-(2E z`Kt)7#^RUBe#(BdHq4?}rs|Z@u&h95U7?J$)!S4O-LP~-ShoA_T_eC*C;ZL9^V)Hp(_0@81XL-Z^#;gTeZQ zx%ZpM_Knma*0^_kZGf)p5de*9Qgpm_SyFr#3UcjIC|Ld4Rv8N zr3R1pIt>sf5iFGvUo1`Ltjw7^7ITG!Lj=&E%OH?p`|LKCm=*{JAtO5LAb@Gz&=~;r zqp2Sctq4U6z|U!f9@j$-Yw0WjenOv9K=abEE{O?rX73+Z3|uS_2aLkee(y&D8{c#9 z;4eRzF^p4>mi+?<7<%k~JM7SIlsRyo-)sLq0=!V+>W0*m|{yfm@vn4f$y?m<;}_g$brUi#H@87sxnNm zf|iI0;LKc_kWxAkfBqcLVy0~~-}OlV->HbP$DH)dnQwb>w}xg)A_Em)w)*$fgrz1v zh)BQ5;Y}F5+*QpL-TgbfjXAvJS}dg8#<)MNLC8hbs|T3z6^AKo(+zK&xX|kkcg_&Gw+(iUYLr zXILtk(5ccC7lJ4*0>nFLZ;kVUxBJARK{RCsQ}_$|dku?g3MVP?u?5F0$D2m}74_Jo zJZIqnF{kVy5H3J2VjQ=mLbZ?ALM=vL7A-nEO!7M~{ffVcldMg$%2R&{$9{BVz?mB3 zJtllwhUL--G0cGrGS+$*vs&>K{w>?EWV~w`8d^LlU==loA}&_N7b?I7fD0ZC zd&BV)_BVP##K&C2SA)@T&>i$!)uX7B1heCv&sMw0{|URSCJk=W{M%D$CRJ8#5zyo6(sj8kr_v5f%8&r7824E zF(HQtK;B0tOjR*+P^PTR=Z$KfEdHS2u?Z7d^#=_`V*y=?84MWg>-aYJM1d&!p{J@eXhTx5FkJ7?-=Du`CrgKgST)Ar+p$xZcs+mU#g0LppzjiDt*F9K4A z&8r?i6BRA;&(I1?wzo-LvaS%{6jbxybSs#z^ZXwBb1840yN}=4z6ZojgZ5G#i}jS^ zlmhd0;lGelj+R==B+f`0*=}UQBX6jv9l9LCs%vDOSJdsM*oJQ9MJ3fpmS>(~Ufga) zD7o=2v*%Ob<%LSc@)`3!Le{wuHx+2GjV|c606WR5HA=8eeaL&P?ntY#_D*JFX_l$C z9#hJ2BeG;o#DtMfarM=5;=F2>FXVc4V(!Ay5@*x#2RHy7`Kw4(Z@1M<;UGEnO&mm0 zfyj;&N6Kjc*QuZS&a1L`ig+3G2015Sqs~6YiHH4T0oN1UPSTV~*4dT56-QQ|*mOj> zZ4k<^VTl+D@f$c0rU1k2SHrER}IP;5t&Dg!l@$uk*5Z}j{$1S^EDiM zZ(+RK1X@43q^28P{!?T2p&5>to=^3S%9E23ADN)tXKDZ6z+x@Dv^pk#xw!avo`as< zqp~&f71CtH(=QzQP4_i*%{$;*z6WP?GExexD6mjF&Ke}V+IxQ6w4zM-t2P!C6t9(baeIu@>D}Ld5dJ=<;pYi zw4m6^x1SYduRt1smprg9(Fs)DNuMXM{@0;AOBVp0J=r=8oCA(aMHhL&L% z#n(f--2ZIr6|T(wXVB03e;*I~js4F-QjPxKwiV0vyzdd7-c-k4bg|K0f6?Opyx8p#5=NM62!U-}}v<@vezKcI}cfBUHC zMpeYS+-aCpESDxK^-c6>qoJpmsrVE?ab{OLPK-L0F~QQp|J=P02v$-`%-+1Lw3uw$ zrg(o*+N>z2X)R09++jfnj+H70rg>7MgQk0qvw|J~482ene2cw^lx4VK7%-El7?{|$P*Q4|01AgPMNQ5z#HHu=@afLRse zLF|7d3S2FDO#a0H-9Qol#`x*Yx6`u^A1=Q6`Uu2X8Qms4%KMuV@9`3&zd!ys0s?^e zo4f_&^>p2kaWldrybn80tuDTtj@b?D5wp<#`oCMsIqgBlf0yzab0fNqDz;I! z{)fY1_WalHH|zf(=_mf)0PWJ5`S^b(rs(3uC-FU=^#ZNUH4hY97qRX6Ih!ivXIviq zz4%G|b`_@hFU%Z%MyaQ~9(6n=@Yv5q3+oqyyiMK-pe4W^34M@sTdk+~kl>iVB=|;Y zTEsH{_U@d%R#mOvvQ0BX z;K;Xp_n2IqawDK3V`OIi7Gq!00I$&Wu6nyE>$^Pl(&q5H*}f08{Zj9L^pDPxY8$SO z3aTcp_eri>jZ&aE?Rx*y!KYy`5vs@lW%obb{Qf`bjhp@d5b2@rf5iORfBXMjuYn%N z<RWA%!^De)~*&`A-*yYP`EMT=o?`U+19<}f|-C|DMPQ1Hw%U?Y7{DSTPhIN4|9t;yy&~;R z7r|}PRxW|t=$yITe)f!XNr!3q5aw5NkQ;1r{0*@kD^fB-8p%xE9Y`G2<>+0U`C1-0 z+S~)J0!{c>D`Hqg zg-8bhGlkJp`g>f2buEQS>|woqCjUA;dmS9ic zzE@GCG7se}(_o`n+DrAvLr>u*?U8np|EfLviBk#x?~n5Se}{uX!~YMF?o)m{l-MSb zQ+zSX=RXMT=s9`khY?;p2{jx>3V&UfkP14SuVP^Ss??( zz!j-_&ySSrj<2jGvU`8&L~(;{HJS#n*ld7}w&-i38f>dKDA0wAbkGZ%&e0X3@^k{D zRIEcDi(qAjAx5W&{0yRwN6=7+edT0jw{NU)x)W3E1KSF%rEW(s~X<_^ails=imP{@jnleK79f4 zcaF*rU@SBcH(X)Ir>7#U(d+l;SQd{}Xmaq(XuX{i5fYRG5iXL&iHm=8lE;laP6;%^ zkQdl)rf#w=ND3==vRPRpF%&2)QHAWW(FEhEtP^}cj+UIjLxMSLh0SD+8}00*wNxqauQRCXK+W-hojOYGQ@j_@;}IMSg~ zri^zKo&+`GQ9;?fl(eB>zT2=i>=V4lc)wnf-gvj(!&#HyS+lIWxudD3o0&2s-@j~$ zTqp)@NB4bak1z!A{37I;JUmO;x~V|VSa*TC4tChVaQ3*kL4NoAq}&{xo?N{Q|C>hv zg&(oWdg->M(WfZGk+FK#YHD&LlZSbqW03?HIEviRuuwWI9-UgpMJR}HiQo6|)Fw*WJ&U@z9xx+BrGQZ-~lUF6(8~u^I-JDWf5LzCfPbdX;tc?x$i~ z$B$N28noFC(PnOw672!*=xU7YZRTu7v87b%11N|GrFrFFYCnvh(S1))$L!%cARH7$O6Q6;^ zw(&KuLEb=R42(@95qvseV`Bn}^EpgQFIyj94Nm9)%JAv zFb{Q=UGNEW1S&vvyoKZ4%6pWM_^u6mH0?-!EK3I$W7k7l#d*tDFMlzvjK#gZ|3?3BGnCl9 zMIHX%dfidZ{$tYke?Lsx&;Q%Ed=@-t7$87HM6s2gk2dt8CA~4IPV6@Mszf(+Q`9ob zAl+L(Vu~HzrPT$n)f3nJ!(6)CheB?eE$y_(QSub!%~^8i;je) z=f6?L|No#r?l$)S2T3KOuf_(0i@w=?W8+hQ*M47s*)srw?CwqAL=pAs z?D0=&kO%B^g{SDX?EiuX7o7!5_Wwb5lzso*?+=^v-$Bx&-TyfThuZx`;G&ItKWdAn zyum4OZ4ZuMOgmdH0SM@@C|6K{*0Q6h*hs+jZYih&E8;aDmAs_Jl6f&Js`D<+Euqry za0ZVEJIWHg+s%;5U+qjL2Kf{LPa{7vU9HfOG`N{QmT%KSUK|8|K-3ZsPFEAA>ot3P zqR!mysi*;vm)WXdazkgKZ(Y%7M?`MI)4fsQn|=uVV!s_<#fw!vS3njm!3vlK)S^JE zJteRlc4rx|dJI1=Pc}{3CG9EyEgdWH;Y@?KVx6AR)5?Hl`k!&XpOybc<3|5;kn{-U zzwDfcqA%@VK(?xvQ6I7Nul6pX4^y@O$> z3m+Vr-7#TL9qU2`-x^oIPw6O%J%L%sRUb}?uOZF7AXwQWTw8)->p4< zroNA!FZ}6Tz`tJ#$X1Go@LeWf)z4U0=Aw{#ACv3?`k9Wq4szQ?uV0NSb5VVRhN|MV z*!`2B(GYy@sgCpi5?{!{Nv&&)JHK5oJ1gIJRhgj7{%h`kwpUI%xtp7u#N4WmkoT^#>^9EtY>-tGXv|}yG3-a|!n&*^? zb9P9Q(q-FzK_mK|zd#%1x;}bIu!Z=zs|1olMaYh(guPiDSvo+lZXt$$q2`K&&Ofs@ zJA0wVROl+uolyI66-EIympdB5aKtSBYzW4W1Djg6Qx0$In+AyvlW(Qf(>|yKzo%73 zg7m>kFD`FV0lxNcyc(#5(c{s<`_zu%?M^TSCwz&z1I1!=m_3YwQ}Fv1H2dtf_>F1L z{r~s18C(@U{1K^4{{!NFHvUt8+}QsfBt63YU(BhRC4j$is5*;}zr_uf?D*T7DO>}O z@PoY!752W67C5L|=^CHv>~TNt`Cg|!lmOaRXl2e}(opEuxckz0^C8kb=>Kz@L8<-U zD9ir`{cfZGKS+9n{9iYx?qBu4LF>=?cL?(1b(M4B1rzA8FcCGYYK5~6Z6zLai?SVC z%*0AGhf%m_rDvS1fHFr zlXq2B$QwHq(2)7Zlbm#KF1lC0zW34a5d&jZ=>v@SB3I$yI5U;G(7t2zATCGjf#~s2;HDPIYhBfg!_MPPSt++*IIvEu(rx);n zzja5w?E3GIMveW~LDJ)1|M#K!D>VJu!RqVt=L5C)e=1)3ES2y7S^rPH(V)@)A0$1( z^&iiv+LwOT`O~(mzV~IUc{T01{?WrS2D8>!eJ81G{ZEG3{l7Qvj+^y=i1Y~8e>|sZ zU;h^hWGVH_Pem7i!dOB0xLEo&h7V|OWEYC>lG3{~1z?#Dp%4?D{-7$4s%8JzKl_MN z$@(Ak2D$xz((5(r{}AaBuK#3C-MauFyg%Zjj}phvh|V-t`IlS|{D_uJH9VPDn&!q) z_4#&0n45Hm@0GkvwFp`)s&*mrHqoW>#fgscyX#6HqQie%(=|=m!&mI@?^v;d&HH2Q zGHFr9-;iF&Z$Fb08d$Kn^l19)i_6M%lIz>dj0WV1U6qr{Fj(Ywa0&n$y96nmj|NH z-f>*?Q&=xxRKaBDI4%N_z2dkCRBDamBJkQXj!O!&8soUA*zF(3W#9Y%LZe?LmFs`9 z@jrUqQM3OaBt63Y|DKF~FC^F^d*9TS&yj%5G{pXeQwvUFsC$UFjna^Bydn`5tDFE! z+uVjRo^a+Yf$h>h=kGG=$hHW?6bL9rE8mR-vhHRY6yor0;kMvJRo|lsloqZ(Gu>$z z^WGXHh$=TRn>tpstL)l23GaX%EbQU;3?)J_kY1%NGTjwcZ+{o+yN?itadT<3eFs8b z@o+t8)Ia~mX;1mj^KJTDiTkf||1Z6)|4)$rn)lxaNsmze<8!KZ`R_e|H5gnW0E!Pq z5+FxI3PG2qXS?d2SQa>ji(jHz715`pJw5;5*m!}5#0ss;n!7d6W2(Epzk(rLR8n+p z!ihywM`%-kwn4qM`96l-L|ty-o>U*NMc~9;lH%i52z3*}{^ZnrMEX^cI^ zRqdcw2r1}aJ@?Q1bnoQabX;UX_tr;Kws4q^J`S;~&iJplhTau;$^PFPPqO}B2HnR0 z%VE+Z-2bz4sxC>OuK2GD3vE$Wa7F{hVVSTyE!0pRC4#{}pxlCde_H(#XrSX^5|cXw zH(j7xW8p6&#wgl+8?p#+O{Yy$NQc4W*e;sX Sq$Yhq>Hh-|ED5#%x&Z*k!~}f+ literal 0 HcmV?d00001 diff --git a/released/assets/rancher-istio/rancher-istio-1.7.300.tgz b/released/assets/rancher-istio/rancher-istio-1.7.300.tgz new file mode 100644 index 0000000000000000000000000000000000000000..e45b7d003f9a285e17bf338755edd2e313db11a1 GIT binary patch literal 14077 zcmV_{CyX4w z{ik~=olfU;I3(=f(TM%q=?(b5qL6O?badJs^#}b9>2!y^(eO`Xct7Z*%PNe_08p`g z&vU40n~P9e52{V48{mk3#Q%OKB}k2bKz~~~0bNip3XQe7a1YW3&|@?h6pw#z*v0W5 z_WHv?cLd|#>x@RDKatKsS}!U8=HqYECG~9TSq=@)8Vy2P#4{K4jL3=c(J@`871H2_ z2Jo5?_-Te`ggs{uEZ?&om_43&Xi(3bxYTAZ;j56n>KeU)(P7U5y7WUQ@`LpmnK~{# zYqt#p|I@YEw&rFKg^h;D32eYk}$O3C`~_6Da4|33x(f7-B$(VtSq* znYemk`NLW^Bh&R~2K*bj)PN~rt|GtXc+h><)pLcG71-bK<=yFOVOTVXoT)?Y7=X5# z?SxC$T(>v_dV@1kTMyrdOVff%Y}&TMbr{iww(c_UZycM3t=Ua*Mm!qb`oTxXn;Gm& zsA1eVL9{Ym?2BX3_Dy#}BU9gxfV$KSX)DbkokB!cPRsHaOWy-|Dsa`-^MRkbj<>pN zm`msHl4IU<;pg)22?ISf`VHuc6*x=IZqLcY3>}M;ii9*;ElD&tBO=BtB)3j9hewn* zZbhy^F6op8B=X5Tik2bpUP+0zYeqDT+JNHJ4~Pw9aNN*nI2N`gYjbvNh|aSa5<<&i z8@l9&0$6x6YkZ_@ptTLts-@5!emLGVFvBQVS4IMFWQl0K}YVLnuCC&f&;2wG# zu)Y328V;9)I9BtpJFypvJ;JSQ{nszd!5@()xe*bkytA^8Xm+3AyAmK*-z1 z`&B@GVt@bqG$$dRNy!5BZv%4~req75IG!1-VMDN3n4TR%Wnz*!{JAD`>MjUlFVEqz z<*sZH2E_D;54;|PKHCTop9wY;PSA#bi;$Ksy(1QklD}|%XNrnJ-bC;|^aUW?xSWua zlb`;IN=bq>-;5yECnsm*$B^1guFU}NIW`^zFrpwmr`S?75B$|^?yn-&B~UQtjmDEF zPsl4}gVbo8oJexL^*!9eARq!z{Rkg^2>bni%Ov&0`5!)xA!vURds0IP}1}cf+O<@Jf zf$Nef2>C21(86F~JhBR7OrE29L4HYX@V=R%+Vl$!*JQl}H2_Els47MTgVXRr9X>q~ zC5bfT1*U|Jhvb)K+&d%r^J+;g!oGN;!(D@%10E*1;`+B7cwAE- zd^`RLuOG@Iqr#9ha8n1o^*gv0-n?OS0YIppRB#7`UF$OrA4 zo^jWv9v6uCYuJ8feAb(jwElPb`ux?~*N4>ou$1Y4qi)9j3;O?{TkC(vC>i}vvMbns zHyY>hI}0`i5pZs%z;P1;EYpwXjOsPODAqJUKA5Nk#_Auc1Zk#tsT?{GR2T>|L#8#a zR-x&MgKe-68EfS_N73gBhv&U1Q{GT7aYDg0skKgwE7vqr_Ffr9&pXhkc?_J5eol{Tk8*d6bY?5$gffSmq+*H#r z(*Ff&`8z+NXD27*x>&~$dOxTQVYpgwJ%e>Q(P5F+atItDt^|2MFr%ERqr|GP98FFg z*erw~IYHT*qM!hYVo{3w5QFQU)x~Sb2$h$z4<`N)eT{4vs_S88JkSqEP*9*qeTtWr zMx_$;u66u>2OXb$VM=~ldhrF1(oG7yltx7i(rR((*-E?KxcWeKjqm=ac12bB(Q^14HfbGZsv^VP4Pp)Vbp_T;dokibB9}v_oxke3} zcAsxdVcSZrk9_~j^d517PyQDG8yR;@S!Cbf*3$$HZT&mtTA9?F0V%IC%A;ejjGkTWuTa(R* zPg~+&R!=lEGJ5cH>8@su_hvH`j;w^mKS@A!j2>T~t*+5+G$ydyO`(bd(r8$oqwPQ` zaa!6s z$Mqu}pyDpEPcof(^47US^N#O2XuVTXNIg8CL=y^U0ROwF?w1H>XdFzkfOyjp*>@ zpl9`a6ANaGefrY2U%r?&X4Ip|abQ6-doX!g-EOPfx$bn%I^DBj*LeA|*L^YSbh`hy z`B|UU-bX3g|BHP=i(7quCR3d5Br(*-yaS7_4+?X`ShuUXN~d*O4$zL(Ne}8 z{iEZ-8sj>}TXP8-Mg#z~?A)Czo; z9>5q}vi`fHZpQxG>vj6I|JPAUtJO+L`CwvN25#kHH!9riKfVaji$38F+)#T7lOx3+ zTysKQvCl3BW6ogPKg09z$Zz2+1En1;2+ggTNSY%ds7A1I`Od#Zpi|!m{%RR-{9D53 zA-?%1Obxv8-mUcd70^&~taKQ(7GYCb2;TQjoe_=gK5X#QM8Ce0Rn?{6sH~t#7h$%YGgl#x}AZ#_j)&ocRSXdU52k9%C$#X>0^-Ws^z&jmR z`TFGRqJDBi2sYz zn1e`wvh%<0u$Sfk!%nUL9i<$I_iJ@S$&R0hGr<{KfQ`&z$@`ap&f{d8 zbOA4D#H%I;C%NBkXd4LiJD0L8d8R`7uK+5-qKW~*e2(aJ<%$QTxUM2Uv`qB&&f~~< zgzv!$S^BoD$ZkKm(bYuMDhx2a1b+TtPss`2YTE%uJd54>Z` zezAK@AkpmxZn6GTJ@uW?2&Dv<1)aCH#%u;7ge)A4|s@<|d+O-nUdxQkhu za@-AIEPOe}LaSPH3MzMoVt7V!I14q-v{fQ=#_2B$Y}3z_pAy^4*FU^Izj{4>cmDRZ z@|y5_L=02olE*?a(9I_eR6==kb^Yc&gK_oY{Gtd@`DDq${qFtc#q05#cURZvKm1UH zp6I*kJ4pT&--l{4$B8C9L6b@be-XX{4JU07%k6O9eBNwX%wQsm8O)evrM(J+w(EoL zgRxWEJT_C<4ptsaztk68lD=iaQAcxe*21f$dbPlBKA6$`jIc&HYeu^}G<>OmkYN$8K{)<;+f{on~1T5zUeZ7-y;WH=bZ@L!DCEY=uB_NLtW; zp^wtNdo{8%_a8%M1FyE-&2;SDIiNN%_~Xs14!AJ{$tkISh`Nuf_G=Z`)@9H4T1{nmzyTckBJ%af;Ue^D3qIq?mlsQNMgsoqa!a&+CGv zX#J02KaIzLMzq{J6hPVfALj0V!2bvJ`aeeb^r?M9Uh~jTNq`~|;0!PJhiDN%GvfLd z<_RSyZE>rDIX>uCcZ=y}SS4jv;E)v?yczsQO4&N{YrrzQg7*4v z{Mj;ayl6_Ae-7KtodAHsOXDBSd@t0$A9|>@rGo#TP($zU{?}lbz5hAr3~Kp*l#<)h zealC?`lhhl4KQ4>+y3l+saC-#Rw}krDR8!4(kWt+->McjBDVt@I{G*l?*U4Q{x5H) z?-diM?EGiY$)5l82g5r5+fhnJc&0+XW^aIM9rxPVU4sbbsNoCDD9}PL#8A$w9gIGz znJK|Yu4@dnfg5spm=mT#j4W_p{rYZ+PLj#dQ;U51NY@Gk5uKsM18hDg{u1w(0}%4c zr{Oz4dVL3V|4@-nhcYp}bsQJtSAX&YqMYh~gCstB!ZVRu^V!>Wf&&A`!%&L^A2`j(Ph$*xVU9npCN%IUEcEfxx5x2m*BC>| zjImSl1jV!>p4pGmWo+!8(YrJ9wQKI;wdMc7=ZYjZHS|z#)dZJCylISb>Gz^V?>F3V)wR!;uexcluTin!%XQi zQqEj1f8J%WsY~mP_gus&27oM%)6W%GSav0`b%MrLC9aBQ#XNf5{1~N3{-Zy?cc25H z((|8g?);~FTFd{Vl!rb4VY4iA03`Vkd$;`-pgsYrPk`zhpp}b0{&U8OWzRNB`2T6A zpFRKSj`}tKKT1(~fA+>Buzb^9&P~bqS;~+1LSc)QL(>M*UBpVG2=12&tBNI#TBmxm zDfQHCC-V>25I`>A(oE1{;9!JuEq~9HMihGlPtG1JV z7q{c;I@29)>Q3@D8)p|w;bIi^vePV%#ar|-tC0ID4w_r|8LN@~E)^rU=+n58annr$ zn6DZye4)mACRCuab_$S{RE} z`9Ar=&{pPf#dev&oTXR^(Q%$+iEn03Yy?=W=3;(_?-LfJV?O%UvyKa?&{4xPWr0O!bT}g-E>PIl=$xlXio_zzu}HR(HE(q6$oBu z7@MYh%4cFe_(2f|FXzs{4>8dAnSO@p1wvMo?6*8b8-?@}?{f_cIMTu5Jhsi*Ek?@a4*jH1u~ChynKJN95tBT%XRzn`=JpVsjok5l%y z|6~m{Wu}cdyGOh+a3`(wen2t#uR@%hsZB#GHm{}(8#%Krf5^ zs|alRTb2`kSmW~cfU|KvrB7ueK%UKW3!3O94*MG+T&r&w%(>d(k zMrYgnf4$ytG^+Fe9ivnqf0mSeCrzNt|F1h7$nihzoOaRwci8LI^8Xkm6NdrVx#{{d z>HLo8^{XiMmenVQX<32&4RiL<0+>6tP1QsGe3fP3-#9i6TeF)$b(FHra6a+Pzzz+? zdy4xgs_KajrbuO!gQ+-QDfzU~yCH!hdWm34MV;oGfZuv(ZOo;U$Jh_gi0gQ(yL8%( z9{gM?ceF$f9m=C1u!lT(mxC#}(V@x{j%{dGM8|8EmQjc$W{W2N1b>diqH2hqi=cXDzd>>?O!QJ| z!|+0v#Y;TUa;&zqnDGZ=7y*BbHRrJOjionhe5C7JA7&gnt8;HRbXrF|RKEy(=}iOp zFj!d;-t=FXP7*Q%6e{=)>xBfbb;#0r4WuxzFtG*Rye=gu^0 zGHI{L^2Nxrv#gee%)sZ;6TGmiSW=ISWc|=VrunL0|f-h>{;Kf8Z%@Clvm( zOc0*{B*2hg1i!{>sVHX%*ElTG`xeM)0A#T882qOWs3rc&wE>Dp0bxMn z)^xaDguuA|#2bfq&@7L!jk=A;`}ZEYcZJ=T3DSAaACiaV@CtQP#bX z%n?f;UfO7>XE-ScM?L_tefIo0G0BHZjvh9AOI;AA)Zlqm#{uFbl9V#yi>1kel{r(# zVxf?5hyWUN85A;XpPl9s(*ornWJG5j1Tc+TIsu@5H1^}66)9i=xXAY%a##yz0q_(0 zTmYJL$C?up=*;dvu-vm)Ax;>Dqy5g01UA0suHi2~q*4ilp@eR(*++jtid+b#k&ias zFa{7JHS}0fzMD<*B=*+;a`MZ_vEmymqm72lLyHsA!Q+@e#1A$*#qT6VEs`~znpVtk zhP;b`Uqe1ad1DM!(Ahy6MrvQsz1&&u%4WAazW(}WVJc1@ zov>%+nSa?y*mwyHYAlX~N%P!AOLH^*RzxZX*grRN>4I~~hlSk}`#6rTv52`NR?1j@ z#3;lMvZebwugM9KY^cRkOlS{O99ym#@{3DnGKf15(9a_aCpJelg17s` zqCqrf4paCG`g;S5YYaOn@vs5gEXNy1{zvMuOL@-B17eQZMIc;&T*WwRNP}t*kA)hH zzAQ^~c9`UIUi&4#5hq!jWR(~G0=E4a$bd67#(PY7G!ywqWVY+jP;!R@7i6q;9kW_- z75)tqSTfJFOvx;+6tE99n8QT{f1HxN|APrilB+(i;*r)|Nc{9kGH}72 z#7r@y_Lz#(mU!oBqJreEB{Js-EpT3|$x=dkA}8bk0m$>ngsCcS4$733?|Gw|D~mrU zcx=K%e)@w3qmh6v)eHs<{4L9&iv<6%h6IxnZy}QBioHkdgKis zYKJa|uo@a!7Zr88DYl_oc~wbulI1Ti@Lk+)MJT!PF7xM8;N_J{#q$~8eSlY2LfurL zff$|9Z2`8DRcn-Bn|hFsSlyCdW6ho1#?mZP?>(l};Z9`9nurM_gW~Ex%c=9KTfWfi z)rq+aOG|=H#}8lw)b^K=YTjT}84+1Tjl!uS{*k)|F2?}1#nlS7y>~F)O#-dA=hSqg`R^LH56y7I^n9vs zRPLONc*_LsK1;{{1{Q1Kq174r%k}k#s~q&KjLLqI{~%39-2K9)-*jJ5*IWbN@;%t2 zlc7>!Nr8ph@vDB~4&ypEv>t*79fDMtf4LgZFRtJG{k1keKQq032P#T>Y^Dx%Z4oUi z_nb$Im-=LKfhMl2kE)+xCOKoHj*rA#HRMscVtUG$_0V7ASCz%6(eD!`E+Dis)iu;_ zZ6`(29AA%zRyZ_wZ;_^^w5}nju{(UOb!={d*JU$z!$4{vF$A_Z*oqHo0aPXN}^VGH%qlliiPS6 zX!G*X=0VuJ-W<>hGcJ|PK9^g5lC7s+(}HSC-+or~f*mhCQ>IG#WJ;xWN&Bh2 zB>XIY!tE>!lQk#uWVJhcg zjVidRP_(wPEig(QE+!w~<8*MlGNjUg%Fr?lqxg7em-C-(qr#Q>|MYv=`0t}Zr}qCj zN;zQsw{6w3J7goF{U8Y1{x zDjm8eQ$0ppYluLv%u~KaSTwe52k?N|WBLKcX~W|d4eWC7sw>*a*AwfRNEBGKdBwS!1sRjC%kLok6pW@%m_8?TT#$E z9{Vi`-IjjGR!i!ME~K2|*zr^Ir1^6idzONlicuB$E_WIx70ZQ*Mtu__+Gyx0W-49< zP=eVV94AJd%9vnn5r6Jp2m~uBrDktlR$5H9ZByL8C~a2M)3lbQXl}Eh1IKEW1Jhio z(LvK)$Js!ZOd}3RiWi_o`L33a(L1zrNXI+J=zq6#(n70LD;BJqwZRho zuQTdq^uK<$JE-$N9;H+l`aUU;n`upRLHV^>R-{dYJ|4!EpnKvVB<9XOwYIX7DbjD6# z+ss4z>;G&h`?Loc|6SJqyZ6_xuZ-v}s@O)^`X3Ai+5KOyTd)74lz;I12I!a0+{gcC z;)*VAd=lT|ub!i~x#ogm<2v>|zhYB`{DjMc-xoiR@2M2}n z`@==`JSt;Dj$K31yM?)4=9n(N%Gc#S!kCP{vDp%>xkI8xfGf5<>poP+LlZ|%`i_=k zlf-z% zu6NbjO?lttsh4(#-_7@ZpzW7>{-eKimVCD1=&0b+r1c)jb*nZC6qjAke_D7o3?@Pq z9iZ&|r<0fer=2?f&r!-lo&SjWv%mQNT#tbs$KlTxbL8_G9Q0Hs{s9kis)3PpO4m9XYeSP5vTvY4CT1EOEe=&{E-T)0Z*IdVvILbHg0}1x zY2x?IDn>| z$B0_Eoo=uoZs*?m%JP>oK3k>5yhGV3{!hFSsTK;fvvvH>(de{}|9+IR$N8_g7gjC^ z%J_f3o6-OKox!M%|8$g6cK$2EygYt=xi(VlRCZba@;YEu6|ijm!>Z4o|MYrw{->jq zef7UW{;|nFbccJV59LZy>;~d^Xf%#-jDwP8G_{8w;F7Y-`WF@%D${~s0+3C-pv?Z) z?d1Hw2ZQ?j_bBCwU;wj-JawrD|MUHit0ie}ItXr(rg8|}#Nf=$=Cfy{Lt4zrhcLgI zg5F@0vu}v)SdsD~q>+57I|GTcy0qWMFJH+GN0UdORiKF&Yeno!shOCZMC(r@|0+W8 z==j6y{f`WSsVca<6?nM5i+*vez8XI#U(q{QS|QRwz)WHEl>Qc1VO>jM5=U5XUdq2N zE?3`L({luk&|M!OZ_`iehY0dwSQSMWJJC@oekyBzZ%IiM}t$jk?`eB3zPr?j`83RHG zrt>yueyOXwZ-0_vQKz8phoG5OvsbWqolbgT(k)J`-@d!E!v8SA@ z?DUOQPIqFAePE){S}2DryeF*1X5o0oNMGUA5|R2LM>HhqjCvSegW4SLg~;)NGKz2) zUCVTzlWE{DVp9K7apbSj+!oluw_4 zP2V_+GqxabQR2OdZx%=vm;+~=+cvOTfubQ zl~iFtf7P3M@`y|oi!2=M%CpF*pNS0HYG#hXIEoi6YydIi7LZ}C$!{w_W$Ix5kL8jf zZ#4cvIc!!x!WOV2q0BhNGCGmJt|m0_Xe1;p501(=U@SEdcU)oHr>7#V(W`e?SQocd z=yLGPXuO#ckrI>x5h0Srj*CBYlFN-ePYE=_kQdl)rfwn@B!!hT*{rUSI0_Wjs6zJG zX@c=o)(PC~R~^~-QxFPXG$qYHgKGDch}B+o(2K@jAuP_=8*!V{Oedh?wU}C2MqpMo zp>Be63(-z>HhqEgU(7ojHKXQ#fRZ zP5A*6HmVi456k-Lk+Fz8A8AtfYu{tB@Y#UD^LKE|t)8IF$9%EI)_8MRxJ zb$Ux9vvcW&P)2vFHi%ggwzPPZ?8KC@%74o&Kb~$=rbYk9kh3|Paf1%M5oiwO-khbHdo{_nNy9ChPAj(dmHkoMyam6uTQUxoM_B zE<2eavyi2(t$mfc5Qz_xCjU@_>?zN`QTW2Y{@3gBEwU2$~GS8cRXa zq;hp?H3LzpRC2$HnG1?$i5=V05xxf$TRJq#l<|(jouEcNDyW;+k~UP#cN^A*eU9fC z?^X-a9qrb8*lQBpYnF94w>8ytGgF7;`?z7{WW1iWmYUqi+WaFcKDMu{694Je@_Q>{QsjAMYKHKNk%;*dA7Fs z7I4<(Bnf%~@X*gzx}dz_-#&f^l;RL{2fMm^oQt}O6nw%0feKJ9Z{~P+@*E{3zH5Vw z208ALj?wEF9j0pWd$FyFX@TstLqouMnhF~_13h3hF)V-4PK?s+R6A`a454rBK5&C4 z>~GB93fQ&={TIE#>C3^3XXQ8w#8Cf5w#BtUfm=%kOf%HM+Q~zLwJN81#?GE0NGfmj zrth*?!iOvmWm7v++hL%juHFHKW|3C)`P}gq0i#$XBaG23^k&Ryr=(8aK67cTffG5) z(#gfx@z7Rz-twQ9-xycM;@<9mWBj)XYV6+Z5b@u-ong-Z6bHIXv!Oi#JA|tVi&uqr%e9v^ z??+8~)P8Jr*{$q({~umNcP)AYOJ%Yu+7g!T|Av|P|NY)@RQvxQrIe_?8XpX<`ex*|Y-X+^ZfXw; zlI)sA$!-Sbt$b?EKpCE;^INt!{h*?0+o&ohDYBu1u%y@T6g&}4rCwQ&mXs*~fO;63 zGrCL91c=AhvB0+|yJ1Ig+DOnVn7~jEwpBiCr*`RW4EGwqjx&Ii&d-4(`?J7YJQxWk zYdpBZR2!Mzvllz`oqczyzVj)K!-)Sgb(OJB#MfS z1bkSLf+nycUh_eDmwd5cQOt_Ic^khiq0(=#2agEb$`U-=&5+7p?o1{I`2qotBR?`- ztVReTpHZ)uv;Pcg`_ECzBh>%0bLvn!pwRfs|ezi zh_h&pd*U(EPbw&X7ps6dAG*G2Q=3?>8HUxEH*1a6XWxS8<)FqK)R?_W@YqKD{pcM4 z9i~E!SKj{UTr-lA)VBhaK_M#HaoC~3g?YDIqwwKg4cjKgOPxEl&A;8PdAv-D)(D%- zskyA6RTN{h04##_*pd*(2yvW(Q5CDVFbs#n2S;XiOxRV&L!p9qjVs{tpla5h@}IN% z5+{H%`QOdQ{~gu-f5$10Q2w*e4=nV#zxx|6qJd|+ir6m^-sd0Qs7C?zDqz-t-HkWg zvmPj?oCJ&|*u&Xwn6GA$!QfK9)c5(jmB;tg_tEp2Kb{Ks_e%lUN)Zvh%e+_ZGuB6Q zR!F@M$?F38nU1>(a^j-ft45Wn_+js|G)qKHc=7a2l)W46deKq7URhZ zuM&!luVn(8bfR^l-Ipj63_1rv_!fbMBiePVp&+DgI7;?C z=vxu7AGCYw-g}R}mF(g7?@XzH-jn}_cq?%>@%>24`FSbf|D9n!%m4esZk_+(DCH6I zf6bgaIOo4&ZIExFk&O~S;pn1C>}rvK`V1A~J=Z_=Zv6GW_Mc&=o3;O(b_ezPKSp_k z>z~c31KWRIBg}YRKgp-h2TQ%WyvYRk%D?pvKrPH3j{)Atb_{QK zf+;xRP1GGI7Nf)bVHBK#-?pIHXD8w}mObVFZ!0tSSa|VAlrsAdsQcOcPrYI7|9h13 z2<5++QwP=n{>Gu|JU;#wH&`O^w{=sv0UqH8dpRoXeIPAxP(|qquj=e^KJNKm>u@Lm zw5`y}?8Bs^(4DdV(s=VR%01ZsbHbq1|8JP(|NZW$w*MccJVO4jn^X61`rlyn=lnYa z{qd&CzVMnU^jMjQFRNOGvkh&f9&?Yf9b4o+W!tv-!zLfX!Zt;9;l)_gW?`dm4|8&I z&?6HQs90o(KUdyWG2CCV2&iS<=WcfgAwlB7_ZiY*Vcs2p1n4yQ7(0Le`plm4f96++ z08}RbPeJBq?7!X9PA&hBQ68cEpZN#g`hD-~c75ObSy?~x$BsAkD~R}u4?hy-uvW$R zB;4G_)^a7?+YWI1aOvAD)^+ju?}jUZmseNhZB-NU#!dw^WbyGNC*7Ni?$xjFeRO=p z#F$n30OLK&eQkPZu_1}X(>h*t&^0?RkeOUeqUB7nl z`uhC&z(L|a6)$~O%H@AH{!@3@t?mCuDUWdd$8+l7OFtX@Y1>ub{W8|PTJ~K37-1Qc zS!=w$lTx<+PX}4~-yNRz>h*t&@(9;|Jf{x6{;w6tQtOwGiVgsUvx10mvG8q7AJE*$ zE|l0MrDtafz%m;`AtpNeK~)}g5c#ja_7Rto_22LIbMk+5I;_|KG0G!c|H+)XcLhL1 zf5b~4C4rw2opEgPFF79g5j~j>aAjU;nmb1wF191W++;g^r@YI27D0H?0=T)V6Ma+^S|^?NBR6O-P-Mx}8BS|Bq50q5Qumr{8M{w#eT% zCGt5EAWTE-UpTg4Cx*6%SZtK0eB&Py@nMx6U}>A%FvfGvoF%Yb+UNXTW*ylUftUgT z#cbufkwAXCnFfV8d|N0MoT%!36oJyr^(Uq~4rAVX01cwbNzA5>6-kv{J15~Cv4e#@ z{GOpiC??XYBqGyYVc+c^LVfoU!ZdC!jkfPV$Ui(@4{Gzzzj4`9|MPsC{#p|Lt33Wo zHyi&G^uPN4_fg6t)c^RLI=KG#4!{}=u22BQgCY%(qal@`x#`)iDig~R$8hyad{#yE zDQQp7|2H;X5FxQb>+;Lpn&&yyUEg2A5Y8$Yx;Ej&vZ*7qF+kg3-r9T~!%m{+TZAXo z=W7u-@sOl=`o)~IM3DNu&*nmTn5dK1B`1w>q`0ab)G8qb{X5M0^FG}>zcC#bSTW3cN)AcSon$_%FTFI{wRX$|IEj**SG6P2f=ZUuPEjqAX#L z28_cpK|0OUR30UY!9StijC_Al{Sc_H<6#n$HG&(@Fs!kNml0zWZ9Wa!C@y0xb+Jx& vMQFE#sZ4Mmj9!|N+lNjuc3abF(-hKS@HoUpUFuSoFR1)~8FImj0LB3TP*X0f literal 0 HcmV?d00001 diff --git a/released/assets/rancher-istio/rancher-istio-1.7.301.tgz b/released/assets/rancher-istio/rancher-istio-1.7.301.tgz new file mode 100644 index 0000000000000000000000000000000000000000..4c7881e73790632ec5a2e7fec5c0b42cfebfd939 GIT binary patch literal 17401 zcmY(KRaD(v+qH40xD;q{cX#*V?(XjH?(Xic#oeV?ad#;04jVT6<9+_4KL^PeIY=^+ zm3z%K=XDdtz+r;@Zv#<-(Hco9Gnq)qamadcvm3LjGnuNeTWPCsb10~*bI57fS{vD$ zdZ{Wo@JpH5+JRm6`gv?}+%t87^!*X|oL|`PFq9b6uf%4rTpCvI+ScvRLALEa?-yrk z#Li?z<#5)cXaj~!VCFC(gMs^VIbb&E3~+XO@=O@l z1PUSjmrSjjSI=4v6`ywPo1+1|+dFRtJd`IV6%~1lDGxga8+j=Y&5Qko&kRYGznF0{ zfn~jJI-`I6h~XoMu{2Tf?)yR#BcQ*Xu01uPf_H?rInr6CgzD}QotBt(ZD9~3QowRR zt~_RfN*v| z1QqPqaBh~qcHy4c%G(uh9#zE1`(Q8f11=T=?|HuVaF6O&fcuuq%g9}jPpp`TUzd>R zbX0|O7*`~hh;cA9%i-ueBpL=8Md6?iiQ_zSY#_1lyjW!9i%wl>Lme36UhxqTTQSlb z5fgmJ1*$?@TIw@d%wGLjel~G#$X;DwJT>RQtL^31@JA3!!AoAbxK>4!6qj)(BDN2S z`Ce+0P5Omv_o45#*?ona*QemHFp}>oL}57SrHgVK0(9fneFX{Hl`Lj81kVTMLCs0V zg_GWL8L>-Bwi7|Yk0<}|yroD24;~HtDTPV|qrw9@YS07k`4a6=nH4&XAOWI0@36Qg z9V%+L2vsE_I57Nl5OTq54%HxLjO+vpCy}T;P@ou|XctJHUUQPAV4`lt6-&hsUgt9- z%SK~gH2x-{wVGY7xa!1aP>SSB4@NvPEQCO_{Y}I)dYs5*GKX0$=h#5)FPrPJ`;X9K zqMs?ZGtN|a>rmN13yz4oZOBJ4Ze~JQdRD|8o2_-$tk@TRCv9WP!Bf=!5b>`Z6g?Al46>- zZ_>;iG0{&+G&8GDnHMzfr0Tw7Avv=tXjdpGCg{OqGk)GK8Rz-hX6Aah86NMy40~M& zZDG{x7ubepR#Q(0jvN;)qbNozSzO=`De+I0(<6w9BJMQQ z9Pr$cu#77A^+qnv5KVWJ3EbCGt4;FaP4Zq4crUgGBU@mg^tK>Q1_9x%)Vqt2h^))zFFdJqvRhZoFW z({0!8r}*}gd=Kakv?_HEsvCp~hQsv`Z+TKLlmIytPWiSH=_mMxe-16H38V7I}PFZNpgmf1DDL#dL6P zkR6nZ5CD_@V5!VE;^@h&1kGs#oNUa6!IYl|et*kZCL#UzS;^U;?N8~RuH2cY9)k-% z3djCAsS_6mCNw|{oY%Yz1HPR6JYP_4{roLRZj>?)*47TQv>q_aV=?*^;J?9L3-T*9 zZ_Z-nX(E2stqM_+_^i7ex(3QzqiLBm`Lb@ZlP#fS3}3fc7jGYYn@}s3wk# z6(X}iDxuk}{uHo|cRQho%Aykjhaa5z-8i}?!McyIBt^PMl`;9%G*9B?)lUvcki1G@ zHY*_MlNQfUmmPlIT2OE4k2C+W9%7}j`01=U%_xHkqUcuFna~pYSeIfhw4oKL*U)Q&`*Y^UiqI)5)92&oM=e`JJVZJvF8{d| ze|}?TnY0p$?ES!3nW?2G3`wY;(4pwm`cYABhZKZqy+M`OThRcS>e^7%()WxY{gH`r zrZQsKq8M}Ro3PzFGlI7CiOzl#=JVoL! z6R`P$D*~jW2B1TYB|rocrm!DGK)DRk?#gLjJtC&Efi5TE+^<0OV+yGKpdXqY*68rCYu=RBCb zAsMrlszwdI^y@`({HIl?#xel5Ao52RNTU(-68#KncE4%-d`S{$02=&l3VsWCTFy6^ zLth#M1T=mU)`D!xXg&*GP=RsZ+7lt!Kl*)kF0h{ZuipkiK8zE`K+y?876A|nPp$Gb zADV4ZIk9SoTd1N5#Ng6V%1Y?My9A+lYD{Su&bcH(-1ldr->whfe>_R>{FW^9Iey*y z!3hbeUSK%(npE@dkwWl)P2{O5z1^B#|K|6x#z;?ctGOsBjrtd` zG7GhtQ*+b6VBY|9!?2^TwGLPHPK>aaYoqYf65?p)YCGozVeIN@)C{W-Frgg!{_?_^ zp%KD)V}HZY2kJxMU-Wpt4!rUy?ZLu7MIl#4eD!hV8FdE#*s?^HUOPw`i;-AVfnb%+ zj7u}M8_jKnINvV}E2%8IF~7r(5zSC=W^W-ss$+>yo!`oBJvZ*umov+=p`-9C#hb77 zqKabla;~RKi0CqPD+=yTbptQW-6|iT$s`w#D^`o!z7LLCRE>_e?=sa=Lz|KL#`NC# zoRM!>FPf*lQ5zN*bfEfNaMCt)L(}$K%7zhwwTSUc@$qJY>r`vdWq_PI5RnVzKMV46 z8P@{jzdaZ9md+dn@Nfzw!3+#YUH^#uKsf6wqnlMBl7_YFOJ>^*N|iekRE$GT&Ov}3 z?Ebw6M9JvpMen{D?l(anLCWu2@A&n3LOJQq5a@OyNICjWxb5EH;+_b4mzrALUfBs+ zN8cO~Moqh;)hqZ6tq`W(@KO+#$@ttV^-r#{2IB8z=u&UdP>AJy?%FV(g0@qJfeF2( zLjVmN6Frxz=0D)Set0wigSnUdYGl%wVBM(Z{y`w-PuC#3e|u(D30E5O{+jFIZ&gQ6 zI=lB(I)^*GV{xer*dfcJ1h$5^f(`4JIVQMDk@Si1z=zS{yyb%WOAgMH9Pj2O1Oi}x zL_9o-JUF<%_KI<@2DrJbyq@CDlGV*rZK;QcKu|K_hjf(7J}RBG0ITczk`=*n_J#Zp zk1s{gB0>*aEC5W0K60#&4~9e$W{!j?L19FJC?w}73)_E*ie-^ZE6|bge0Y}T_=Qqw zcuhPnOB%Kh%deA0o^2NOmGy}aShXvcs3e8be)741P9DapJu6ZfjVFl^8Z)TEvR%!= z7I-dDD`N3vHl(V#MpKsUG!)QDN5ouHDk5g+uX_Z8!^yq0#JbFxt0UcaM=HRS)VWh^=CYK0sH^aZ6<*-pxkaj zJg)(EYiAXENa}Hq6*?fV&j1&+FF%r&&b{}Xan97jSF-I$}j*rWLSAY2JNl#1S_TW(1yRx89D z^2bjMm~#<)=iCy~(xJqXRaD_q(MoL1W|qemm!oIXa4RH!0|dG7dl$%v3Z0Y|oq z-y^cW5U>(lqec1TixbPo-TjBs=P+NPqToyJJcAu0!CaPGGa>Jp3y`SI`z~ka(W-|y zHiPgEl)@_$*=CGS$y=2FIp%gpeOsd%^m?F6Zzf|~Y`LF5nz5-Lt~<9~4?M4pv6ns# ziW-sR!W&Z-t9tdP!E5Qpj0QU~u@553Ofi6`UkgBE{_V#`|h~RmO*RmDKLcGkdUMgl_TrNFw z)L|WM^}-WZOtR6y!O-6~*Y8sI2@s(lGoa1>z(N*|FDwcyww*Zmm67&DuT+QByKBzP z6-_3TZ^QonzyUG4Jhtm0{(v!SPIX6NiJ&Q8O4L}delE@gHNyY38k={tZ+PD4BTkK3 z(q2`OexO8&$QFhVmn1#t6`~j^C0WSaw=9OwsirsOiaY1{7_^JbczaU^*1fx$3s9LOJq6i`mBjcbmuP% zk0Gcy{3RXeXgn?@p)a3ob6z1h6FfPzQ#OC!>ZOwK2l87ONfw?gXV}llo$8oft`0RX z3eBj(v}U%fr0;y}Zpp_|nwiqSItl|S6SLw=K=e|qgJj3Qa6;d*>B)Abb&9pu;*s5>=bAv{;VA$R=4oMlf* z1v^)mQYD25i7Bf*Qdk|x2Bj_WoXh!$#=z*!U-Dh$ zz_fks;y<}^1CSt#^a9kqj1p|k9VYDED!P|u+ps)7<&VlUg1oE39R)M)L(*JTf;LJ>G#dJl#{YIdo&`Q@lNVn=LMV6LDa_8 zzdoD~RhLe9S!(Mp@;UuBTH#(>92U`sXAQzUS9xbIciNuPH2s^>t}J8o`Ya8z88}87 ztAC}7HX1MH%&Yd41sQD^scz*iUA4Sg_IE*SEw;?r&ZAc80>$cTT3DKuX?^bMT5@Sr zD^vXT>T2xt|NioLfu(q6(rSH%M__#$sMzWCo^B}u7mJNwiiw;c)jYN$>3;h6Odj%m z{$p`cPT-v6jk1M?aK7o>f_-aY2(R8LLyc*iTRnJ^OQCHfgO!pU;ykI>+Mn`)61$Tr`;w$RtdGH;rjU3k^K$!Zr~=l0K%oU z)LAk2^d#YGmA|9C65levyhdver)4!NSCK4ylAu9Sr*S~mAwYaT0Jg6Il*t$|5b#_)ls+xnnr>*bAPa>xMzTs(zp~Y0|_FkDBG-np~ zIM^cB?vCI$WNh|s;>RI2Vq5ZWE}Rn&Ay zviC!0fM4O&+j^bu?V8;}N69mht$yp_L+H-rerD$O)~N!IIeR)C?lq1K>5>73b6W#` zSwS;DF&WtMO;clUPImA?l%+kuah}0Fd!gRW}x+!&U3{cwD$xv!Pl%~J4z5*zYs{R{jK||ZS%)CrO94#!Yh=A z!YrVnEAQ|3>u(C)6}`>Roe2ttOJ48|`cJ-Gf}`8}Z&iYP{14ure|)${N;HNaSUtV& zCmq^nBYw=fjG;mdi#R_^v~ORrZRVN3f7JVJ+&lyF;(b;w@>(|YuGa%N`-I|KO@TK9 z_cbb400*3_{)*n6ec+e;{Q!8dq^Lk63ckCL8dk4hJ zKN7I3u<`j(;i;(N(PG4KRWi+liGo;%Zo8f|rZws%vWPNOn3tcMkNLZoYD|%> z7t!*v+vL|ccxB2*pm9I<2>3VtiJsIdwJ;GlCq-VKNsS6`-$&Z@ncSBPBS&|3t^$7` z&R^l;}h^Tx`1Lnm~r+vY7@aAN73G0jL= zfR|%skKfbV%-B*zrC=7-X-jA-N1Q3v%#d5VGf+vc4l0?Bp3ZrhKY;O zLMa;2qH%%9d_}rj&KY=Tik~B*=%~z`3`XBXf=M=KxQWZEZ$bvh_OdLTkIiGa5AGVP zZa8Ta`bP|Os@BJ5<3pnoE>?AG(Cb-?&W!x}m+>%|qavbdtIMB2KMp1Y%o(gv>KUli zAQQqNM3ibt&-g}l!EB=7WrK2L87jI~Nfv*9GQpi@elwkbH{6XI`t5@906XbxhBQAP zpKab?vKyO`wI6B3pm`aU8N@nDhWLF;jA@jN3BR~}Bo(xqeRcuMHj@(J{q1AXw#*pY z6etVWr^}+OlC@izZ>$$$)i07oud&jafQMQvU&q0E@h`|({jp%It@o)T&}!4BL<&;) z%RBl4;;Gmc{TS~h+Z60fz_T8~|4a2P_@3Z|3Ja_gkpP+6<25u^Of>9|&^fXp?yTMk z957Wk85?su;t||v!afbep9SHaX;{=d?_fy>26TMz^X4{!`x(#8B^jA?CswGqy$pUK zfOhZr+A1{ZMEEF*XJ_9UQ3;YK3hC{6xS&i{GA93G^g-!wU{{I+_I}=)L3N1Bxx+- zb#B|hAc%ZYz2K2dk|AL=SHcetQ}6PRi>I)=OrIU^lMhrD?Oh0SwuQ>~?Whlu{R^uBj^c8oN-8Xc4@sox>Q9yH#Vw7YZ8 z@QA!9#@EH|WvbttH7U2kn6QHb9ifF|;*VB}8R@}(6(sEE~&whWEUr}ihnIt}%Dq=9qK(a_QDyyOBq!E)^ z$vT&nX@n&YQjJ{s_n?R%UAXd&F4beMkqE^(XHBP zc&hLx%(v+;Pn=l@zf76i`D`AguEIi)B0G-lR{k(xipx}MGf2H5zw z+wa{qIvRY@Seuo+pbPpQ&?>(m??}Lg3?O5Lvs734;4r|n_|N4l8gg?^qhgb=+NuWY z87va;V;|DFwfB~!Rj)9CFhJ?R5l+jJuujA@13!R4K%zu2;Nvx>>nZOP9;s1KGPk-? zaJH0Wel>f9Q+@H6KF2_x2=X=u`jlsr$a1yS(f_kzr`^8k6BYxG#Bd91{+G_+(M7+@ z!Zr3Gs314*$Ih1u2iz99#hROLXn5F_b);_$bE-&VJ3#okZhaZpPNvK!=gi5QMgMr5 zodY&P-Bh3jeJy{{=Y<-wVYB+ABKnJlZE%REk~lOhE#Nl?NJSBPpI(XqrOVszEX95* zm8?_sTo)BH?6`eG{^jr^NNqm0>-%51DEIniFYtTGdv!4Dk69RNB)kg+tGcoC(=K+) za}m7Rf5LoWUC!O?n|1f~oq*N^OKEBTVcj@0@hsDu$KFA)GZ zVg#e!)##ExGy2wwumV0-;;?a#Im2F`M?Iz<`W&IssL{(XzomxEsegLwbWCc}ugH<` zrS=2c1N#v2QewzNCA4nCT?-QO&#tM`{`Rt-2SdCQ+({en|B|(FlZn4wh5tv}3!GZn z)hJ(-y~~y8a>V^M9@vN1BV^!|rNV-YU5jCF9QH>O{rd#KOVF=oVv8N&;++%Q;Pns$ zqy<$Qod~=~Z*J{%1mRsf4SzlcOen;ia4Wo~PBGXiaJFe7PUuBDw^e7emFMIs@-jm% zEArZ~?7m<6d~a>u(o^cL?NyMmV-cAxo%5z}YsAMLKGdP>iPF{sv{_5#oOk@_;2+E{ zu@J2?##G;Nd88{fRi3vB-J)1P_l?(yr0X2|$O`wBkfG zn==MQlizPh*BJYnVPtSE^g%&&_&5Q_;FPcZBe<T;~>gUT6R=?Gs46&xJ zou)Ax-q}pbZ$*=EpJpqT8XfzbYwV7 zj`<2C_52mjIb;XV6z@3ETNEwjDg<=5&FicBypk=;3du(7}7slbP9nLT8E~g=|~FtHb9YZ z*q!27 ze2|@ON9FL4{-3@WzA_&{j}WOu1vP!m9oyZft>{qmeP@f}-g z@>SvKQg~}m@E}E`NWnOLHB zo;J8MMr1WdDR5@@o>~~sk>kuX9PuS8{_J>34W?V-Sj!)^1S7i!lktQRiJTv6 zpi_9)Y>(xUhWZZi^FTi9AJl6TSSE&Wp_^7S&|rY8xaf)S&i{iTWvj26RZ`c!!X_cO z7dX!<*pLI}G3d`n$~J*KHmnNvBP7gXaD;{UpHMF_%Ts4k08Ub3gzVui;J$XMY?a{h zh8m=0dx?z+8)>-yuv{X!ANcN38&HmHjY0OI8z^WvNVk|q3W-_wLx{q?)v98bwRp^j zPJ)rhjX^J5bGIu$rZ9g9Lw{S)#MLPr@+YLygkETl%s8MZ#OqvrB;EpVg%}D`y@l~d zaBvCM;_~zG@aP2}Rd%Hi5#x}*d||hIHoLmHSV+GQkkx1eUzz|tG#>zWcf4*;K~9Wk z@RK0s?ccYc^zvjv@{Hgkjfz5;*t5V;(yrjs{+>_pDjT;NCc>v%))Pp^XjlS1JOJNp zrOaBB?EmuTzY(a`BrcK-Xi5fG2KZKv#09rh0}mcm?#eSV4)zZ7n`&y2WqHN}%U|fv zGB?BX^EnuOByIi{GVzr5WzRdRY46rY&z;C_ECNQaQ7RTF#l zA>K8vS?eA@w64!K)0jg^Au>mFE?U%!qajuCi~6IlB;f0f{?Yk71d6hfc@rehk4}cG zU3c2N)_Q1PZ~3l-x5gtJ_i>Y3fPElX&@#&l`}UPbKph1f2_@@t927x%iDq==WrKob8OR1_GN7@V#L1qf1D7?^9@++M z3w~Y3N5E5^;_vo>w{xFsr!fv#xn9qirw6F_R&6U;SVKQj?tu_D2fKi~>sC%65C0wB z+pl1oF%%Twz0x0g5d#l-`5QMf1*<*DeC(kjfAh!QQc67Lz<|z-U~mE+P;Om z5Crls-z?Y6gYh4UhS7utrYC~HPw$NTeia(v#i3w(H>LPnfVU^eNbsy`3iLN6`4dv6 zXT=g6me~ze1w?Ipj!`odBC_pQJ(APrS5ZUEaEo`C+frw<+^#3MfuMYJ8zopIxk+4? z;$8$2kByfCQ`XMtf>_!J=-Mv+^jP5E0&U88R|5*zE8H&;ZqgPB!(q=PIb(q~bf)^ceYZtDY!g|SB?J(P+jqV=}|C?0|FZPVlX&!?7F zS)4VDDQRVgjlv-+A01jH${3sFMs>QjD{V@$9M+#KO2zX~jxANcsvETwrNeOzxOR@SHb)I9yGuG zq&84@1X@dxWke7f2=wuU*aa8}pqa$W*wXHi65^ zNbrXrp85;@5$J~5{KY8_La`mh%S{ac<+XN4ynvpQ^9w&XU9879`#=kdQ|`W?G!D&^ z_4e{CXP6>|b@lMcI%H)SSl-lM({~-|6ZFEArA96uRAFqoi1e(;|59mj5%LiffXNH# z9|e-m>?qV&Wt;)7)%&2U#gwpj!R-*xs{aDUKM=W#^-0d4&N2)Dzs&dynMj5R^HqKw zx{NUq{K^%mQ5n>F(XSE<^6_8z0(^Q)Df>TP+8;SJpA7bb8B4e80)#7mVw=$wx&zy1 zWA6L61up;hF7h4c#pSt>+m3Ucj$^z#+ao5;r(*R*qH z1iT^TAABnKTb0-F&Wq^Wbe^K1HZC-#Y2>?AzLXFWHuZ@`5f#5#)mEC>oq|2U)9gl0 zVV0h(_O{q|(XV`}Q)Lb;Xu*1BT2^$;nz+rT?zpne-#`q*oEC>~A#tmBU2vtChPU{h_{l_7-MKJnTpxA} zfu!GJ26-Yi*?*P^OZT^MCN{cbE4ygjj(JcxXpQ4~3Yo{WUvOOMLO3M+sEx<1Rumb) zHKUCh_tjACy%Mdo6A)=1Fb9u(;vH}s1wQS~Hl=ZwA}^!^c9AkYZO>0)Xj%vGfDJzW z>OG(UcYpV}|GxUC#cWlcO^_f2#fJgp=Ko8GAVqMazBD>n2-!_^-(qMIWtHanXwT zF;nG4M)Ey9C@~P<9b*p_FrD~)7H9{`djqf2Z?xNBHb)>Uhy9Osj}B08#-r&`087Pl z8MtoNbNU4sy!x16K^+OOmA41VPD9&nG^0)9FX06=_Ol;MuEs<`DujAx*H3X&02x6E zwPXDF#cflI1-K)d{3q1d*JchfycrNbXf9Mq+6kS7>1n~~?< z^f|TNx2Wpzxyh}i3F=*Z{%;VjKY^sT`eHY^E@2aBtC6Q5-9oweqI4$1>0g=4wfJwcP1=6_gBvutbqMyQ^uRUp%y&!Z;fW zj4O`DV3JU)1TIbQZLD8W_uex4pzH$|Gra~}l7ci!A>jk|6g)*fvL1^;sVx}5*+2Wp zvjGYl6^M7cD4!soUkd7=Mchjn$R0IEbuQ2{a=q85P2tVw$ExAO2^UDNs^#HfH&vFG zAM{jdK#kgfTY|JsF2JkTF2Ko90641tLz8LiYj2CXe!jI<*tFk9!(>$eKX?fXm@elL!dZ4EiIBk1LqZZlM5#T6yFq&AG<`Bn3i9zDS~safd`qsd7vY%a?)xZQi~D~9ZWK| zmM@rhLeiiRm2w3mMr7xfqGN&)c^Om;{Wh%uRk7?pnEtuw>962q*Mw%k{#R62;4s2W zg5!YA2FfAPpO9}ZKV&$i&25I>EoBWV8`PGXD4fKALE?MHoKQe`g%CBG^l#e`LlYay z0gyRpC=7gMh5eg`(e!87q^W4koDT4Rvb9>t9+Z#EuIk~;jCydwOYvw~Monm2Eg3p>`h*tQKia)rBrb2O`6tQh9J@69V3qC+&h(^TgPSo^*vvLGz&xiA>= z+!}=*3L)Xf!sFQ1OI9YEDKmInyFA{R^!LOLn0y`ED3phE7Xv*Xs(&|0p;ZN+qL?a* z#>MP`&w35#XXZ4rmF5!<7ZuzUQCPQFl4(~reFhBwwe@BrNOHQ)VK8@|UYC~vDSIpa z9H4t??s@os&S9Crzeq|gxc1-6+hb@}leKKac+VFI^%fm^B8&A)9nrLY^zpewq?}kY zR@O{f--{sd{g?HJf=rDA{m>y!R%5>vIk3|>y3)D|l8pVsjx;GVz3>8Bq=m`g#b!hFZOpvdGKw}aCvR#zs9YdSKL=eB$ zih}LiCb8@4?)1LhS>IkCTrGd`Vn=DvRumb#yWjJU$IZX2F$cp`kaeFyO_0o^G^g6$ zViPOgh>9nzTA=k4!}m4tJaChd2o`~4XEk}qM#ud-MHBFS+3_p+1=Y6d2RaISq85Zv znaW*Vh3J3W{@g#yhKhcB#U$n|m?48>yT%~gQK)m0`$IGvu9OMK^-tr}|zYEZw^^rp*6;XF185I^DxNv>MX zJ5rWwDEY8=DT8kDeLMAf#g=?N*YDd|V2!mcyf)Hr`ao~XpVB;Cv&UXf_OGpgv~PuY zQf^dQTQ-(5Y-o*B{zG5C?>uNatRW%b;YLx!;VoC|;XRrjjXsk|R%(ntAw$aj$#qKF zIcl(SoX+RqB#TI@)YRt|HPqIEez85BRJVTgEK>>BY<(g7-CJFRoexji&f+?JDdOZ* zOZ;~vV77(@h70pwC%YPYW?HqR+Iwd&+0%Y8rXqXHETm4>Ohc%F*h4wvxkGFoRIAIs zB`Qp2B1GuDtz%+EOD?`Nn{AeIr4! zj{VckdZXRd9UL%^#Z-uWm>HgMetH^K43ZER9fP2_ZPTvX4$~zOL3O&2dt`?{RKNo{ z*McCnGx4iGf*CEv^VHjQVU2FYuDOscm z6T*Y%iNMOIzAMoOOa~&%9h#VV+ZG2p0>>e-cSkTCiu~WqxSbjq{3(oB@iBfC7EY7EYPglwQyi`voMR)2X(r75>hSt~}Fmuu;bH zd)l;a4nzUf&G)AD7L{I|PI4{nMYra4EO9={&kTh-dhP!*SEbENYK;YnBzZ(@#qV5d z)ju^S!m3y-wSHf2Y@-`v;t@lv$!I9zr8=W~#s(&Zrl=0;S_|=&GV<6}gX(?*YnDOs zU8C;>lzGh|Ko7<7SfCaq1b6_W&*sd5Gas%Fc1Hd{~m|`{b2srW!i+Iby$Rsqx`nq z+c~p6@h)bM4!Z-Ol+C#ds0zEh{AgD>0J%B4?}2=zc?Cdv*Kcm23|z&ej{?EB>JTFQ zFOSd&;J##)&U02AenVzq<+jL@rQE~dcUUNrC>U^P@SOwa*nHV&v3((iU5;bA(G6$@ zoGdpox73@x7+K-k=QYpL+mn5`yF^JynP42`Md#{-%z<+z4^jp{iHh8-yY9ywGq7ap zxpy;%1K{JV4Y|M94VrMkDBa97r)A$xd<0CF`# zFuGh*4kVd>)51`-{%TLrY#b`hK4*ZXo#G4B@+iB(*J$!c_OZDR9n1Glq|xq+Bccz* z`zzXNLkBbOGX&$>=^(O;uMNE^$h~A(rA4a zzmgc_^GVREq@v|THr*h>_RVhz1oJk6p$-F^WXgbyw?h+!y(4rENQRyn(X3f`tV_~ z;iIUcK1yI1n68?|0sv8PZ=xav!mR*3pq=BxCvcn7p#7^kBE6yv$3YAKpOa7omm@!& z7+5{^orFD+4i`zCRz+GTLR)oL(q){d%r?DR=8M|&sQSq1p)S5--=~2BMLl5Qi4pf% zipyS)W}-2C+(BTu4)h>@_i6E7y7<+*;a3`bwKNO?>zZ2&A)@oeeV}SDaOYI7Y#0d-inBTec@cr7uI`5j-wJ4fRlx|<~iceJ$hffw*4ca zt_@ z2DE|-0;sV&AUX8t$Sj_GN=z!<(QA~hOG?6;_GL+!&@9+ZJnKkdcQe6Osv&+I!0(z0 ztP++w|3-}m%$)wfT1Dcbil_?X+Ci5NWqP3KlH+@t_4Zp@hRf}-7Nig?{=<6#T^Nvk zyo*(JY0%vYFohYd>{G)}!Law^6D;!I05Y|@bbgW;r|DSgo|u6MQ?Obp zJp-I#Q9v1bW?kIi#+H5G)y2;hK<~6rpf2XY9=`Sv_|UHUHyD55vmY1j7CXWPmUw&c zUuXDuP-zyykxJ)zZa~UuekjY!3+|e3L1X{98&AB_G$8Cj^2!Ul`UUPGXg~8{J2l;1#9T3Lqk^`-d4$=A*WF`HP@T~P;myv+4<&TPaOgSk6 zx4GOHn13n>?RN-k zKUmS@9eUwkorH$&a-5_VXEhS`Mt@o8Y>{seInV@ZIk}Ngxc$~+_tb-)X|c3>p^;XJ zbG51zqSmMj6hA-9t{IO6KY8QSkR>oU`jbegPQC4{BpYNz-ng@7RNwlXfpTq$l>5RI z5Y(5w5BAhgZC^@$y8!q5tJ+lY1Q4M|pH${CmK~Hy{V{WBQI%+*dwWciqc@A>P(a2+ zrAJ%0N+O6fFA8EI`G-Ff)~jBU_*jQ3;7&e7*)rck8_;h)xLV`fMW5Al1`fy`*5w?K zdjvD(n~#Urf;Z*ABXJ6zYtF}B+a1wod2v>;g%-haHQZEN$<~`vJ*yT$Ja4)4rj8oX zZoHzmn|XAxVbHZSg_h7om$j!(n}lyf4A-};jIYpW=)|%Rryp)lCxZ9$^bP7Gfhd2b z(KS zM>$c6NvaO^i)_l)tW)`3X)Y4Rl@DYQ&$F_6gkiF7TX{I1BO4Lcnk)xT+tossHs5bt zPnSbaJDtI9K8@f~Zo6X3zyHF6FM+O$} z?L)u%W)<&L3RtH{kQ?^H+Sqs1-e!hQ;|AyPZIu_EY8zLx{MVDE8o?LjP`jGb~aU29%#STsL@+Nb^QR zeKF;IhGkoP`N${H*#8j@WCS%QKMK14=Af~R)8IvVP0o0RpE`&Y!lFZ2!ciTgEBwbf z=tyr&(>9uNV8!)YWlciRCT-<&7*Ic6=^1WUYI~Na&M7)e_J6PMY_K8CtV=#N@G1ej zs&O>SB)2h+YX6)45wKlRp!Q{{_CD+c0~=Ot2wy=03*UD9^>z30-+>2IlX}`x@)hWL zmJqRUZvKXlZ1t1tKh^#8ZI}Aul;5u(oK@5NyLEj>a#~r>lN6Y)k$A>%}1b&=KMSo2MImDQxH}cQ0V(Ya(1(t z#B;K4`__y*As45i9A8+WZ&MH6jHbs_gq~>`8cEhhJ+#NH z?&@zN)z|lTd;7S#+yM{NZJe@ATOAr0caZIGc6N1reb_tR&j8geUBZQ3Ppc00^$cI9 zKiFRH4&DhTgId^9({=4=g8(PX3Nql^!#zqC&{Ba0eV|VtX!qM)hkDT4@%G-=^8I4) z={=`=fkOX@Cy#|-SHCwcv$yv(0LFt8CqtvXtQChcMc~b~S#)-2>DL};6-9$n5c$*H z>Fe%&9q;u>U8cM15Uuea^WzE6vAWaDocoG3xp`G2;sCY2?>cwZw)X>uHLq%fJ-;YS zj#T>*dZ1tFSJmDwDxZla;B_r`{a2Q9M>6CkFC6=F7mt57*P1pxo1{$~>gbu;l$W(W zL{MoXY67$zY`fSs`7i#%n6| zefscWC32hcJ2m$%q&3(7x}iT*s#*Wt^M&|--Sh5Y{qH5M8T%t~KVEgkmWJk7=2ehP zu+qpBiR(na$_*l?b$lMf!b0eZq(@o2iZnz8vS0Ttme0R3TpG_o7PGw)ZAXe?K!|+M zA?>|bG=nUoQnT4~juPK^GK~UIQCpQM`M;IdCAzqNe8K8+h)zfoZh!=SI?`0AQCBVke`mF>_O=R_jE%Jd{*zdW?0P#bHbWUvldR zd-r$@+;xuh6(_^rIpPxt0yGZjP+QPRIDR1)9~NW=%F1GW$D!{Wp%BLUCe^cu!H7J9 zj~i@}y$+#u|m;B_ju$2Ll(kPD5hy=i$W0yZf&apeh_s+2^rt)vf$k;jl z|C}TABW8rg9KCsc#U0m#ZFgMa18(W!jQ-}hGwx9zT3^ELfR)z&&DF*0w^#1e->i+= z{eP#h|L>fi9rpkGNr_75I2Y(f4|@_N0(0;Y4VC6*^ginnk-jmRyBtZ?bxKz=2@OQ~ z3aIxi(VWK02Z2esk3&CsSOEEi3r2>q03S_>$7phg+I5`&jgF7sQ33tqV{|tGi4^f{ zG!li>#^Yf^yh(BqGjpjJQD$AsbkPqSRNsEiU-RR0co9E;^(`I;6d)|33f#|NnhtdddL$0RU@Dc zVQyr3R8em|NM&qo0PMYKcjLCUD0sfMeg&SKyHZuJL`jy1ie9I?eOylBn;Lv=C#Q3> z(kh6AB*Y}a0HAE8QvKWC!bF0TNDWrGa)gzYvPf`aW7-oo_NFj&XNYz%(O8dij6*gVV!*^pARnz1~Uxuy^tg@nmrL5765t5>+K;9MXUE zHf}55xi6%^FeDsuOhPtn0pLOoeKK`i$hnUkOu8`Uq=Q4oq3;iYSuS@N`nbaoog>3Rha559Z2>SL6nKb3>@%l@UD1}Q?Fy>H96e%k(J_WN z>-uC$mHi%1 zF=E?h05$agsMkBn(f_0V$zV_acTvb3Q6Db8!#)~I!iUKl6k{Gx%{xJ+YS7mpzoYG4*-Uq`X(eCz!3V2KM`1vm>R+Y zTt8+UQ4mo~Br(x1TG`eof*7}2`X!=*Yf%&thPkAUdO<6y(MhVc07$#m(UtnGmLg(= zB2O_u6vDAD7?o-V035(65^u_z2{5JN>yCzD{*@o-7EheR766eSPjPtJ5S&8a09D_n zFni9SuF-e;t=1SaltErhQLE*KxU@?R8rI|1aYLLLxfTFEnZ7}DAdG$B4!zG^x9K353 z5ROXPXhqm3ybMr-A(G!_2dBl6j{?N$q73HzP|bU8mZm-#LthJD+}Ddkjniv1fw9l8 z(G)WQRqRjzB1#?>jn|N@JwLP;q?$W;sG3jzH zQmOzGN`g|UwIzR)%@d6IOiu!*kfZ5h2w+IUML=RE`x^OV5eN}W*3#>8R9L_@L#nWm z|4#>Wt^{ehtvI3~^ha9uWU93&>A3n0fEzPTf{|Ev*kz-b`a{qbvemHLH9ZeVDA2&+ zw37nRf}{OXEjx$J-QhRAZ+dOr#P(rw3SAsdO&@SL()2%zzpm!k#6&{spPalp>HZGU z6j23nO5p^CunuAg_WH}^sK07F7>&WTtU)L&9+!k1J@6~YXG74odaC|vuw_+6-9|@H za~yU^i0s{a*mL%h@V|4(%Ksb%kyP2bqZ#reM47{*ja7jf`M-C3JjluaCxgS|z5Kt6 z^6_K$1-J-VOc6-zDuVek#HC=*V1NLcBf7YsA&S6@?x#xW2$S0uvAFSJ63jp#NN`AD9y|DlO+*4gzs`fwh0vvWI@zLhifI9o{N&h6j z|4;j;`~AO*(&=hj?j`C2Ni1_P&4il&gG4ksPC%7&mVBySX<513U77-NA$zp>2%s5W9?w&l*x(y0B#n#6R zd&q^>hgmax`dpyt6X@9hRHu_FU%&Xes-FzGF~xjQzaZ?D91$P8HntH$RMbEr$F4d{ zNoPk{@5^47;JN$#Uq%1NkfDy+E}Z~I8!>@8`S0)~PybI(4tsn0zl)MP9nutD&ih*! zW$3$2oD;ihM=X?;sk8zqDn>qd=6r{J#GLPaG6rq6=2-Vd`?+(*6ehp{e*qkdT@DVx zQx&DY$Wpccwe4gp0$|PlAM}s&=l`dNgZ=*BN!gO@S4taXb5dUi5@S#|4>k!OJUR^{#ppjlm^ z7ZGe044NlvClSP$8IJUiE_y(&`Xx95<0#~F;>Q7UeTV~Qs0U5fQ>u+6KcMT9I4m2~ z&&}!frK~iN|Mb#aUkt3%|BjA(S^4jFD2Tf8PJ^;K;RzqkIcRI2EI)(!M`GTwj>)X@LK)1#xj{C7Aw z+0*}B6r1*s1${{A{C|>hm2l^Be*-ZMfZVMk0NOL;2M(KcXN26fhae)1n-*TmA8|CL z&_l)AoqL3*Gu|G8cIUWV^4>!};;5rc0_`CfqY0s?Bi~8;0Vd%~`HRJ_i;#!BmLReM zvoUn<$Yk;c2ZB-cTOjG2_7K(eL~%*TAr28uwzbi?D@M%}(V%M*evsfvZTC~#*wly z*JrJ&TBcWl_(u7G%0?7v9*e;jG&xh3#bZ^ox>C+v%DMnjKHR!O6U8%{?Zf7RYs?FY*s=*Lupm^pJmkLcNJiGZh;55(wPkMX%&rZtv{6AS6k0b$5q&fE%Sbha}-;kGQN5GUl zH*dtvx4>nS@gK>?M&^3Op7E~Dc>m4$?v~i@`|vx6{g|SsZ#J&t|JjAInG0au`OhGK z|KqSXI62z$|6P>j`)*_Jz;uhP;~)si=#~1O`~m~N6z#01pe0Lx?xB8?rE33c+GlPr zZWI%uPX0gY73BZ^>Hhx5PD*b7%iG9~zKoiu0HuyQslK2Ob>FI5CB#7<3UnBUoSAjC zhUQ=&Go=_A(i2hgfDubXe1?4Fa-#3c213KRc!(&HzG@mu2YkFk3k!n2%iO`!kWlmz zkO)yIfPmKov3G=DJYdE@*~s5y+JWIBxlaB&8NU%IXZkO1{AwQ^?U|&cIr+Am;vm6s zNT-Nj5z2?4f86_~C!gYwBRYq^c*gYEg&Z6lPLrOg!;Cj-%)qask(idzT|7oKL>#eE zM7&X=?TjKq`ABriNYKz#ae?j-iV|UGiXMjGYv)Br^+;g*wQkSUmxy?jA@S-)>5&gr9TIvT0GZ7uBkC=yUgcU;eRV|IabH-6y~|F193UcbF?0&lBr z)X@Laqd`9Y&*1QMfB$nQ>e z=xGI3K>f*_2bRITB><@~N0}uLl0!rWTtX>wxxaV`79<8i%y{}b_gNC9G^v2YsU9EC zLL59}2!RY<)W&Ng0fc%g z7IQ>}ZtX9?IL5vwrzzV7qHbkK6l4fS=sT^}ry=^&~Ra!C;RNGv!RY`U*Lc*dTKnzEy! z)5Fp6p<`N6SGdPMJb#QP1sy0lDwO(n20>Z_%PJ?J>R%ojw7oVPc zcag^amWxO&Ur($EHG0+tkiB)l4GvwTLve~V91AH)2KbZ{sz?nEbrev6)JuTX!t;m> z5j=w`urNc}?PN4g@1+_w1Ik)GGR*JE<*A$pO|9=(iIP26p685;DZ&+ zGyU@>Law9i;qUSmIhKwXc4r_!P;|`qt=pz*QpN}{m%<2nV7#zb-*{nMGd1B;T~iyz zg`wIpoWjWjyDxzbbt<>el)`9ch?thv^c88f;?z=4Q4w7yz{dgR3LDXTPNe$}o?zFi zs#nJv10pn<4-!A6L9SJar_OC3yYDVs1$mNj9$#fFvq3EsTPtd=S?{xeYP84z_ zB+2MMDLlD!OmjHQt)zt7UFi6@rb|q{IIz~0T;pbQ=fmk*bNKM=O}GqtS9ALb=dxMUw)3ftex$ zOwcYx6_gjVLQzir2OF0UFV*i%s~=v<c z05zNjQ^yR8!TCx}hdtpXD6TnSr4zIalVua7(Mo5@JjhHD_)i&%xz$qt=A=RK2~y&q zrotX(+T!Ga0K1eVbC?$}FcTz~gkrXoSR=Zg#(LH*=L96lrZJO3(H}ANWo{lhLJ=ii zEDt#y@Do$19e&j?^dkH1naSI7e}C^}f=tUKKE!3+zH`{`PF41Zj&zMfUiUfhh#L#F zN1?$9@DN8dz#%d?*=R~mBU45ojh!6&6h--h6%yLKrR>GS!kuNL*&`W?r*N;7^bcDvk4@|I+v{oc2gCvpK5b&Tw zE}4@AaLEDm8PR|c8@6767cYL5+EI#iqM|>4@nR^bnIa-mV3w3piPK;rTGC23iB;5V zp?E8xiulzKJ=ww;_#?*d9gy_yrA>r0WGyy`7*=6ZdqsVM)chm$)|BEU)cPfeloCiy z?k$DX8ZoM? z^T~>nl~ws4d#0uohLgO?-DH-gcJEf0qAl7WlF89J*D8~9Yipp*C#PT?h$9bjr2*C$ z3Ti9_jy_LlFtKas=BsPupWkB9`i=-G#@UJ8=$|_NVj2Xb`C)MHnUaFzIGz- z2WKFf9G6v)9T1w^3RQxzwGY=;hn@rZ#?oZkiy>Uais>@r_ zmF=bgxO-(?;nkGOz8@<%PwCZY#vzYcN4(Emr;W@_l*4}JdG4M{=B{g_X2&bTp`LCjTJE@{Uv z>rDT6S$ER6`7Eel*=E%B^2;pAlv?$%tdRX`7LPMk%2R1sQF%P#-pK^uZ3Q5rWFiw2 zn@pfOZ=ua)O%Mc%=2($2>#cdHs$}zsR%Q~lzE8h!N-Hb4`qqksInC^7P(}dKowl4t z$O)ARZL7(Sc%M>&G8$0cS}C0cwMpCWR&?M6Ad}4&Y#2U6XKs@at0QP+ zYGs0GU3D?&flnSShyX zAZIB%y4jYltnAxcXwORKy(Cmi)fbtm)d=3^2wO?_tj}`mp@jJ6NcJYnSV6Dsrh1)2 z&YJ&BQtYZ_mQ*S(CzCh3{?qwk{_EU0l}LP+jJU}d3CNWrBwl9byfkIH!8aG%K;oRQ z5B>t74s-A-1)HX3&oypdl+4iQRzUXUvzDy>Z@VUML-SXq?*8X-FBkv6e|)sR|FxT9 zJJ$|dM&B?=>F35YpmUC-*~X<@-t9VFJXD7I6FA^S5cq?tcb@$hV?Dp$GY3LsC$C|8r2t z|9G^w|Lvx1ZvV?0>gr5eI%tEXk^19KRuQ%CfyPWM&WyI&N$%8T3|ob}dg`IPbH}pb z;M^!4g2P@fSj#HL-KgVY4n5>|rZjRp<<^;3y_01ot&<9SQpXF+pdAm62YGDI@-Z}Z z?|c$_&Xka;kL0OswkIItX$@tFgCudue^Z5He zcm9)Mnq7Gh@6q$W_f8A)-^s~fAOCA7B^QU+g&g{1>Zolkc)$#M9a^$3>GF1U^b1toZ~L_Ce$|=ImAA5T3Ok5p6kb^^S^ZeTZj0Y zv{5Jj9ryG5|Fm~{yx;%3C=n%d>>)bT{-Z6+T|p{1A@S1CTj1lTRz$qBkmIw7yoB=1nTIL4Zi6;m>*H(o*el|{nX9B%a2-1 z4ev0gt{PvB08>gR@;Vt}&`F7mIr`Gu9)JVDA{gFqLg5tME+XwrBi$6o2($wf5V~kf z7n=4MdQ(K(>hh}Pmn=Hn0(nS7pz7z-j20y}DXaCRsFvmo{aFTOKKCIGhQK;#vs7vT zm}+haj=#sP9l3agj^4s>Ay4x}2TiEChmpKS!-n8k zY`@l@IJ(23c>70;=t2p0-yHS(ElZlTnV(uF>FIGte%CT*Vmj!}z*733hJzYGy_+2#t;`E*=>PF)FBkvquz%Fw-~ZT2`S`K>0+`9wF^c5ni6pK< za;eKDp^GBUx*0d=E@TW(!%jrJj^Gtt@S>~ZF3WHg2(-mx!wvMwzWpdAEtn$jbxd(M zy>VyAi+vnUFQq@XethwO+*rzN>FJKT1Cnj!x&oMW@El2>x@|RhRRvAAXdSpz4ox-E zsjH90Rs>(Q;u4id+f?slz|Aq@(8*4#;BJ;~YRBTV9^38>W)LV0rwDv?hZZlvS99ot z;kWq{V*xyy*gzk~O*wcbzxhijy3au`pZ?(EM+vz+J5wP!PUWMo?9mbk8b6crqivgI zr@o-}!%nV&vO&l;nn_(CXTkI>)2D_5Z^lNAU14mjVQ8}4mMmEbbd71Qo8S&miCczN zH*m;p2MmD|3TOI$RRn!uEYYXDgLk};(SD2%~-i1vjwWC5a zW&|R=8gGE$wN*e;*;s($IR$hPnR!@Wvii%9VGrj3k`oA^{>|cSGfOw z*grhlpa1Tp*aWH4*R7LEFFEN?9|DwncAL*4ibFmD?f+oi_F4dt&rtHCo#JDn_uGHB zght!Cc!*%=B{yfyRbL%}vY??Fc_ZL<$78pembEow$q@c_CT(lv2kp_ljBtYQDGz_Bb?*t>? zQ}^uUwQ3bBQr=R3HeSfFc>V51)RmEKBIG`IT9*@`k5v>9ofbq#=u^)yPwtJ&Kn9Qj zD3RCLRt~MP@0PBnyzw`wQ(2+WklV}VD~Z0X1=h`~g=aDn3Q9IzVuEYt>BQiwXPvpFW#IqUPZ!s}jQ)9cb1}L)yZxaI zx**@yt(Z)Ng3R5K!W${FeEI~s<>ai8Lst|Z&rygNyP{-_vMT$G^XPl~3Ysc98D9RW zI&T$3CgVj2J-lu38}6&BoYUzfi3OZ%-%jeR58z9eqje@}+cM#HV^ zZ`IseC=K_&iFdRX4XD}who{H+{LlTv{r#Walx6uJOSW!$ovzuAEoh>3UIk{M!K|vN zJ~gfr!zwq3jMVXY3=4%28m32S=nU)fN+-3a9m+PgDe}RPN&m4NWzH+k*^aN@fiaDEuAgF+0~^3ZV6y<8b;?Y(B{G97!vS^&Ey?>i~pks%}y}izu4l2b1IN ze>``<`_Ny=z|4_CNvO-f$02fB&g+|z(ArV!0GyK`AR+kq{04ZKvX(Q&yet2&&~G{8 zKWSI~-#nO2yW)T5C!2@e6p-LXaU>%Lu+|HQ-AAn#&KTacUN}4ue-nzQtr!1)>j3-= zDJC%km#;5aOKhy)k;_{S_7Lo<>XiK6a^}n>9_oGxmjagV|1G5ht=0egh4`QSz5c(O zlIEtdvVF?qewB$(2kK1|*Oc(W|a-_=Mpu;#TAktSr<#O0Uwi_gn!tUqHZ}VtL zY(CTcm+pTVxn*0ozw7n?eu4j=40`+fpF1hF_rGDxNk=c~VPz8DZzZ4K<^}Tft(IR| zXF8`tD~5iO0F^n*60?@V)PC*-n2t**BFu3~VC5F*&il1j*2@E7G`_iR4`^2LI?P;O zpZA@^Z}RuolSHdf5MdMoWrqY>K#^o8lTwz9#ZNfKKIRJ@URp#e5czWmF7BfmBc_?2107 z;m+?JRWW9W$^*)f=f4r-96+Jib@>bh$dEK9mb%-;!BjmM`D98)qUH=i&xyim>kcjM z3H4+!EIFC2jt+-qXT}#V!wH3q)7a%PMXdnh)cK$TPyn&7V_}il;LULYb=# zS^4CE3&XEDkT;T%a&aax2ap3AhZ6oX%)vd0ePw@8uF&@oE50azDgLP%S1I+AlubfW z5!K#DD7+EfYaPhENHS6k<{*xq%Oqlq1W4#3qI)dK<6%;$U}huCN$UW3${qV9fZ*y{ zp(h%?N4`q}!5W2ZdArjreFm)z^*ku=hs@nffRwrhptNIB`T;G>2F~qW?SfM3IYlJ z1>iHnl1wksXIwj={~$)>JXI6NVpb_~S_iF`Bu67lylS_>LE^fN8Mqf!Q^6+@Mp`Yg z`h+Me79{p`T!&fdH{s$osNn};&8hFswidFedQ)C$#!>7+)>ISL|`aSNfBU>uv* z#u9zzx+D%cm_Y_2p&qI`Q~C>l=7=u%OlD#iEhY(Jgg`@yFQ-*CYbKxo+J&KN-K2|A z7$gDu%qcb=`zResZQyRdc+pnLJ9Kt1lL=@fllrPr%KGetG7QH@ecO_F_TM8Ia;zUH z;ct|R=Q`T{gHF~6e*OCE-{hktelgCbEP}>}jYnyePoab`7y2?N(cu_zc-T(8 zKUK3!!>TBG#sn#q9+smh_We<$-7wo{{ykijl&61PX)0W$(tMLH-ag4di_rC@V0+E>>Ukz$N$|s9rk*< z|1v%&9f{RE1a0YWDCTLz?BFvXp%Np5v`XC!Z0BWFQ%z<*E{b@nk7@J+iV4MhF>-y# z*eFb6wonxL*oABe`Wc@Hz47FTn);flBti2^S~hRgagA(&6CY7iNzRO3DGEh6 zbahuJAmLOgH9}!i!k%NrSULbVlC3NfHsk8!G0CjWs3qsPDiDbLutYylB4z4s&RC3C z_o#n#av=Y9NgzmW=jfZk@zJ0+I9wsh6G$-|?$wM9$`biM_5OMH{`TU=;SYShHtOvE zM@L6_|G(Zo{?Bg8zm&WwFIHP|DX2v@&9*HWc;r=4u&#As1R9% zp!IDahQ*zsp^E0U)}?COr2QB-s|%qu{;lp+XGV9m%hgE`qqS~V=Wd9YSX-;!u1-Ep z?>)C0TytI)XeXV2YhcBS)#`y5RNDZdYDt};Zh&RgcI91dyR%sa@|V7FjBsjiRzdp0w=!g;+QZb)f|xQQgmwhbZ#udTY`Jl`bdiDtM;R z{FVK>dYQ}bB_Am@+DY-Ry49XezEXOWo?6#MSxI$phWx-`GsXR~cbm%=fxO*pob1YL zTGyZ}>lh9FjmAXQPD~z_|6X<=Q$5$poLCgLEXQaVMY-^3yJ;nWA)F$wGhS3WYZgC> zAmtr0No@m#Sx!P3HJa!AD0fO*EnaG`n$F_4Nt*CdZ_@($KQYBKQm+v_Nt1Uc#s~0B zbw|p_&aD>3B-rPG&5XI&*s1GwG-j_2|!MZCl;a3>ZsogBeI0&W}d=rfde%x7(b7 zvNm@!19$?S39kE02+r4NiXPrV?#|>cR=I6M(vdzgh}jG9Ie0b}a$#m$Qo0tV!P1iqWou9T_&HsPN<%cPfT~Di4;f^sj-iOJG5vZ zrWnhrW0_S;DO*L|qAa|mVzJv4hTfSU&EUH@0R5BodVi0`fD%%xLg{~uskgM7xjLZO zzkH3X4BD-b??n^mFj5{v7%}JU>QV~<%=rN_(3U5aPIAtsJg_pM3pMcawboWfhl;hf z(s&vRJ#Z0KDy;)<<#C~O2~F!w013g}EB3$CSsw}0Q{GyBs@rf9^M7VKW{~}e7HKY5 zgHhY6UYMC8%*UJy)g94Pm;20dg=AYjJ6oL>eMlm<_+w8`{ye7HEET`1o~(S`9nP7g zb&oS=>X0b4%XXTaz1It&nM3_j0+y>&GVsL;#o;c$Y1X{^84nie$-#1C(3TvcEsf); zjYuZjusmT_S+k-|$Fx~GHkleFvWFGyB3so$NlO-{Ue3!TD=17L_Cfm>5(5u=(wSZ( zp7Be-C0;wvIvs{M$U*~TB+OQt6)oPHtGgB~Iu zyO{e6fI|-}duu4u3g%$RyAm+uE6!P|sBZ7VY7(h8abr69H;a|p^!&$#<2dxz&I4O} z|MRF2|F_rQ$A8>O*_3cq-V;w;0&Aj2R-9uv;M1p$S$AvQB>!l~iz>DKI#w3_BTyc% z!raf7NhUG_pu#66I3^cd9LIUYcrDv5&Gx^X%K%1?6aVG-s2KlcfBw6h@|gQ~SKHPg zrw}f#(5{@hcc!q<>Uu3Uo#7HJlKwNakG8e0!X#K5fJ`<#GNRYUG7Y0oX=@f-X z2zH*rJJ3G6&0bf4Qqof0bgowsv3zBOI9=3MJq{N6U8r5W8RhT1BLLm6uWWKUA;{WN{P#1-BvRF|JsOA5?y!?N7 z-0$!C|1OF#AXSmc;<2$>_IbIXz3d8hTgw!0lR63566r!Nv5Zu(hD?w|dBR-C<`)7c zc&l9JTL%Dmn7L$*=zD>?Y;mMOj^c>pKwebG90mHijB*Xp#ut5g;fi<+q_x#`6d1B0 zIMP3rtG>=>ThWLpqW>!KZkxjUc4doazE4~z<7BApzWQ|>Vm<`z@q#0^GAatx2pZVc zNJ%(29D-gYhCd(}0fzrX+eB@KU^KFUu7%o95#toW06 zDAvG6?!!pITXilIbU5MAPlAPRfC~L%Bw^)-o<^(`H;$^2drj`cEsT~ggPI~b@)CIK z5157154X2hYm8We&W!WO#)NbEn{(pMXE9QUM$A8&Ld4l|Z zO18}Wzb6Uj2j)_^c-qQ|0aG$EmoaNt|M}HVK;A%XLVO}hT*TPOjp7kQE(txBCDbKk zSrj;(QXMVN3P!K5IJP6=N&Pj=0O4U4`EcGjPGc-vHjSlTIym{ji!ug(A{ z=hKhaukQ&ZF~?!EK1|7ITKHh+I7^X9OJA6Tz+M9OtaO|9DL?_^kTWIHsTuj)3-0^# zOuy=8#T|J%y?nA`z0qnZ!`W#xwv z9;ILl#IA%W%rN6*N@389G{|FwD!OoOUY7UyyEs&e-edH9N=6e6|8Ymav{E$)-{sz0 zWL3pGuB58z>x%J%*pF#}FZ2(ajmkuSzJz5rRRm)N#sg2V*ypFh7%MTGzS`7O92 z#1;-R)`8#W!Dt*$CWtD^JaSl83hY%Y z6vVIQdv^EC*leM1RfGLmyJst-8}zMOsohd%Y8mu4=zpC$Sf~G;9Ow1FqtlZ;{ohIX zLg@eFll~=CpU)_Q9vk`k)T)Ne-^v3$Q5onjn^J{*L*-PV;&=?AKqhNgt3^+Ky=t3p z2=tH#WC+0Kv`<$b`SRnh0%zD>^aNkIWw7TxQB#_}}wlD+= z6#p{EA%G8C7=i#kJju>KzJ9$C|L-^9{$ZKXJ_C%y73SHrt-h*nyMDGMq{`{ze?yP9eOaZf zCI3Z~Ot6mxdv4+iP;37=Jj}~~gQNZZznzq)D*staY|E|yZw2@(1-{HL(0-qn2gi`1 zp`yyE?Y7QWFs3prg}=;LQhH)8Ta)$Ww{+wxP}*{$Q!mumkSn~;!!4krEc0==IXa44 zX3gr$cxCB4tkGZqAJ%JBNMf5btb~j8+SY=}TFsvuAsWmOjMf!NB{l`ITwc?t5l<_G zWcaW(e8kMGkBN-Vxh+(r(pHblXBEFT;{Oj$qpN^*=l>_CdH?^Twec#MxlP6?!EWVoTDF9C$R$>#{~__v?<*z+ zt=0eX`Tq|OPX>GXzmxI=>AzZHTetbYBOY=jT+ImdgDTs;a=qp+=1Sis5%A%(5zStP6B6JAw2=>|n-S{S3fI%i z{k1ht>PmV9T_i82YgKq-+dMOe2^z#ICk=_}(zJu6N`6KEwsZcpN%zj?5c`4zJz5{3 zX<;`VeHvExRr&uPF{F3#Y63u={x=xp{r?8N<9+_Wos=iY|Me2vvfB4w3Tm0g_g_ha zb)J1InknZf^a$O^P`R-|O5|!C=4tcT%4G{@>l!Ut`yQfg3(oHrW511TN$aNI>oW z@8$RZac{8K|8`QI_WoB(Y&Rs}R<>0~1r$bK{=PS5)&0+BgoYgAdZ|Axb^HIc5dVKL zI62+#|6Pq<<@EG13p)5`n5Dbu$~&Hf+s3jV)`CxiX|-${9j`~Pv6{;dI9#qTrQULi4Jh{-fa zBbOq`k=OYA_eOsR^oLFCqP1%$>+R*gos=gi|Jh4y>r&v)h;rv4l>*goa4uV`)&VJhP+22%rmkE%jJhje z3OYqBA|XS~U70KNz&thv@a=L><`pBTMv%{{ILDRsF8v}vd`2oSi@#0Y){K($Jyc#6 zWzo<{wDvGb$mas^HUgr5p7B{PAxrHNE|)KwU~-SfjJS8GSt^zyBKPckV^qeKf__t{ zz#?Aq)0=Y5C$p6rU{)omZ;0J>4s1Dw%LKgj_`h_?9XE9YtmXg5M}_m>ll}egos=ib z|IHHHl>~61+gmOJ7_78^K5fGNl{>ruZGY5k$CtKOP9N(T7W6!d7^~tx$p~2W>UtER z(8J*r1c)&>U4@n{4m;hzva=rlZ|wRdOTGU`UjH8q`uq65J1I|=|38N7SDy8+>h;zC zd-#0WWxf61$n85Rb?3kRL1F(NogVJ@|1Qdt-T#l`_FWt?{QIhhpM&kcT z$iiDlnPfGsF2`)owkKdVIovAwj4z_f&u;a*W#iH~ac0@bgSB(zeU1+QSBzqmxvSc+ zzki4i8|1uxik%jU4ZtCgeb~z4SEJz}A1=Q1EpUw(iK&ZNCNgltalqkE>&iU`4cU(OG-TVLVraW2sPhqet3Ghb3X>k6l8eH-GS3}?a`LD+2?{WT{ zjMCQ6f0JR_>iMrryh?_6K`EiYuJPH&b>nm6@}*xciZsDw?Q>&|$VTVJ8kMb{8*98a zJU7l@w#9Q}8@tWVjrZm6QJTqrDDuf7Si$8lQOHE_x8^A2D9z_d6hG7ZRcGQ=3P^uC zDVu|ccq8?BzCI_vz`(EhW=VURS84ez3<=MQZw0J$XB5|DBc#+E8*C&GfMzIWLZ@La zg_2Qn8e8IDwo*hW&#b>(E8;!)3;YoijtV{S8EVk{1p2I|{V?|Z>cIgZ(bKec#D-u> zUdpEp=g=D9)h5#Zu-R;y?JfUCbdFtg=1Lvm-5RTWNw+8_6!V2nXCS^zKQk}S#k-{4 zhENLgU6_(;tZ)FQXcWc1FZ4T#xHaDL-Bs-SH|mW|xhM>$XjOonlyEpT*k&HMB;*i> zh+4{$Y-b4CA3r9v3bfgRaTJU^G=Z_tM-)vl<8+~BsFG?EhB=`N@afaAybgy`@aa>! zCz64=B0hE(RdZzxMI{=aR% z?6@SH;A!TWs;1xQU5yQ&~snpl}3ITSM65;9*; zPz^FdE$IY_$)zzuIVx%p`=<9zZz($f(wPZ|h_Ne5#%O3YDscH8ar+SfLQ`Kd)B2x# zG#*hxxZ;GI;@~EpOz;C}ciRAb`qZ5v==0g1S{KM_-)lC6sah~Ldul}Hh*IpKG7_HfBSw5=;m6{!S^y}VtDx(q1fo^-&SHNW zLN`~vWZ`#K>b9)XWIL1Ea7%}JU z>Qd|d%=rN_(558j$RQC5*$hv(I>KphH2QEHhhAoBl#Pe3)m}F7)xt4N&eSukUOyZ* zR7+AQsY23UE>Ng_lr(XOk`I z$7<5^Mmtb#1sjEJZ3Y8-B?VL>SKPzpGJy?WT4&VGj$YU6Cya|>HW@A)Wuy=9d>-=FBQ@0-4EVmk08%n8_aRrRTk{KD3fBJ!V ze3Lmts6#3Xs17a1aUS*HwbA+CEP`tt{OMA6|L1g&KmY6X`uqG}J1Nx*UQ9ZRkXz>M zRnB3>7cj!3xvC~URL6)v5Q_gKA&34I@y=pSmQ^XT{N7<<h`>`J+A z$-$LcI`%O@o|uG)-xGQ#Jx5hHdMi2jDwGfd+)iAK!2i8Er!XTBNt)GT(uDAR_TYTSc!U@Y4dl_%c z4;YPoq+Pbfnl!R|1o_N5zFz(K$x?vy;APDe(k!!%%Yya!(v#Y>uc-!M{mjV+jrc!- zF`uok0o2O>y?p%V-r!_^|6?a*Q#)6V^UIYplGR5s^~>13T1+`un$^EQi}_3i&RU<{ zcb0JYoyY+cd6*)X|8#xHhOLghQA@^WN@2*A5C0Irn3ERteR6*mE^b^BA#IghzKho{ zjrKn!KI*t6`+vVMm`Xuoe(<KTE8|5%FMREncgsv3OXz7$^yUCu7wi{l{w1)jCOS zSL%Eo6T>iKiuuBRnqmNcZNHF6tv+;7#4@t;^7&Iseyx#uw*cDjbM)GD~A)}mu?gE5Fv`qHfab`kX96OO)NBR zErZU<9SSKDWRjKc@$E<+jrsou2Y@yFf6zPb=k@=?UVqR3cTqkU|KBryO?)FseE-HG zKurg~L}6fAm$obxShMLNAL&0=9^}Um8*19z3lM7y5L=q`Cnjp_%M&b(<-akOVcOR* z1J|Da93JQ6e;w}gf9|HNY5)DFS`B{>GcfUy_Ubb9bICZgjEC2?x`C0qmyz~~#be3W zgovuXxXD~we0UV`~MN_zy02EKL23Z(tn|OJ(mAZ|MVm;|Miagd-}hVvSt6D z<(|I>;EVw>0q-Le-UvY8$T@xqLWDfPiS*3ubUe(&2OZHGjBsZTee6jZ4(?|t1UO_I z$|zW1jv@E~`9Ze%uC?=*fJTPajS$VF6?l1-q~48lBQc?o%UC1&uT9yH zb^l{<+$-Gw*q{IGrsOGSLMF{}{Q?MO)vb$-E^nJPKSms8E6F$E)V|2ySv@|1eWg9; zNT0;z6YNh?&E(pI{i;}3#fYSc@z(Ooth#e$@%xsO*0K-n`KTxROMnXWH64~6sk+CX zubmmbB=Fh#w>iwMeeOmD4q?YG%Qr2fFzRa(x92K^Q&l9$tgC**@M)ES)0(%NiJev) zy=*wt^9}kcA`+q0p zK(py72hV&If@eM7MFgo~6SY{D-z?Gz? z#w-T-3;~x=l@dtiWavE#9XZ`rxOLt$kP#V$ydo=D) zLU*AlI>-X<(zx}#<_lk90#l2Y9Qjn)U8AIQ3A?H4Fbd5`)Kz3n-yYqfGbrtSb xb;GDitSf^GNX&;aV!Cn~R$J@q|FzGnv@iRzFQ2{q?*IS*|NpkypPT>+0sy{!?*sq< literal 0 HcmV?d00001 diff --git a/released/assets/rancher-kiali-server/rancher-kiali-server-1.23.001.tgz b/released/assets/rancher-kiali-server/rancher-kiali-server-1.23.001.tgz new file mode 100644 index 0000000000000000000000000000000000000000..07acfd8f5583eed111be0363da5c714b3cd253e4 GIT binary patch literal 9104 zcmV;BBX8UviwFR6?%ZDh1MNNibKAC(@7L2`fn)NfPA;M)>%*?hF{A{P4 zH=Uk_qF{+NMJgm^TmAUoZxWdt2>W+9WdC-K`uty!NVj)9Jnq7Oy(7};4hOyA-^ie0JTlYL4-5}b znYfN)QDb7v{mgPu?E1O@j_61D?`M*{tnoja8D5~TjJe%N8$gd?zn?q)N8Q0N8vg-| z|52xZ-2EHrG}3xW`iqah;W%z!1eWXgCoMuuBQR`ts>8p5O?AsXG?szewjAibZJ&^= z>C!g6$;-JBn6pd(Gix%T&I!>1Z%MVxA`8#GwI(NJ@wT;zoyN11(8Qn~n9{semyfjSRbUo_&@XuU_cIPyh(WMWt6eyyX2*xqy)L$4T zJs})++wy^0ZGYtlbe>(uqc$~s+Qz!sB+JCu^-qXxIm`Q&v9Nxmo)3d^LT-=X=OX&q z)sK35rv=n9J!=uLkN-r_#PW&Z5O+Zx;=4=Fqy+l+D>Vah?Ro?ow%{9dXGYvH{xrsx zZ3U|r#G}^?r@$q%AXxY(hlh7}cOju!{Rs^W%l370HG_umKRzeugcv^Ym*cjHT!Y+M z!Hk%&s@%Et8=U~uTf<&bEKe>tDZcW_TO^|1nz=|J+2$0gF2^`BhpcJ-|CVK9A7vrW zxYK#TCG-KZ0_p_GI!MmB0VCuc!tg?uMW&Ba-8{7BQ~qHDBjAp(Dtb#ZSbDTIH!KGz?qX?}&lomblj>u;!H9&5VGoK$ejU zcNtLf@!|(iBW#axHBxS7a=gNKk>#P51O6Oh3&3Tw{dv?K0x;_v3mdmir}OP z2!L2Fp6TT6HE3LO>N=El&nGj)(uK^45eS?Vgaa3VOkDQ;1u@9^1xF7XzN0n>Q>wSP ze&QicBc>Q=jQC=`5`RHW>)JAjD~1T5L6<=x!}dY(yI&E*1m(bIL}wiYFs(Z}2B2;* za>JoTy&OOT@Jkv5pxpQz*4&x{{D?khfac6HXT$(HgM2W7JfPHJfiu?u`oA+4INI;s zKw#rK_6q)TeJYhe7)t2oidFg^DRL&1Mn2lmGwAx0R*Pv~BSrbvGy*iE*T&KgaPr+@ z(Ma(PmC;rUXCH25a6(#>6Y~3?;s=|Z;5H>`S3$pPHr%(+{RSj0W}QmXE5CFKQ49)L+5)!+wOd_#I5KIc!V_ zDzu(!vti}U$^l4$hI!9h2cjy&^g(KAL`(o{Y}1I8Y@636+VkhQ7c(Xk3-=I)JrWy) z5psP&CE$1#?3-3t1(a16XA8?9WZ_QKzeffvHSvKf|D$O0#;enN(_X^1<%InF)mOi; zPnHvXdd|Libm98AQ(J{9uTVa3gpzE{jVT>1fI*EGu5Fn(gs1kMvGTQeu1`&m1_&Dg z2gWqoJYmaI*cKH(siC6@@k5JQwU6bp{xg%D}NLFGLVjY0pBS?(E5G6Swq7Ak9 z>RGV!3|1r4HlQ}w=QWM@7J6Vn!7lqH^?5NzSqEf!!GDR|$YnGnbAr`Ewh*{B&IVqH z5du0hh6OpAv(eOg8vll~b7UK1YO7?rwdmal7lJ5$ZP>tzTR;pLZkQLm-6tmXg3+~Q zQ?`7dzqhcsMzE6-A6u}^vYb)i-cSdN_}0_`Vqyut0J+|A!bs@B8a?XZZh_I)v&{4` z$?v@MH=S<~S;^WYt2}e(uid}D{3R=!iwTT|N|8#Z74myETpLRJfN z6nBzunZTm=@Fy%6z{D^CEG}4JeXL@}rieAf|F5$@eBgqI{ceBwg#8U=knObl-}DCk zUZ;1&Edv23B~Xf)8D4R|cR{BB$y48Mxq1V*2P(d(?xPG*~s+d zch1x=R1nDD#Y#Sd>sKwSe6xN*Ws`TNC`F{!9d|DO|-~AebY0T zY?HR+tU_EUD1)D91@i&rPfOHOm8K9k=n$>YJd=aP?K?o+IA|x z{WoyyDit$_E`_jMTkLPHWe6?weT^wr(5ZSq>Wb2f!3$PunTD=6@*azG=Nb|FV#M*)B3a})jAR1RG zMq)2D@`O^sM<|zN3auQ9oMe{)1sgJ>H4zf#TxjXp)l%v_jFjBwNxfd3m~~hh5@$Y# zoqWWHU;}jME&|oOt*M!9uGYoAiH!))S#quVkpE)JQ5?W+>}Pi8Rb4zrJY*rhiY@Op z21%Ohi41DHZBcF=gc596B8EzQ0SCh5fqDjzegE8Z z$Mi&L6mfY&1N9RS(FkS*Q$_qEcMV*Q0c!KhC2V`|VZ1d0tsl;)VF$C{;-FdIGKM3h z=RtO(a_6LnTPA4tnc7KAzKMrcC*=F9tMkhg^rVbR)<{=~lM#2nu<1AKSJXCEz_(ln z_UL4w6j)GTp_4GH*9r4%>z3|^;8BNwI=5-oaC&z2_Q%(w_owe(U!I?yy;dMG)7y8T zqQuAM+M@R4f?mhJitp!a;G{mOhYEaH_SUtRbNUWdfPD2XWo*piBOzDyU7ISn!0w!5 z0sYl~Rawj&TjhBQ6BiH;6U8&A-(F9O#5sO89+|>HtKTAxP3f$LphSK6TF{MFXUERg&%>u2^SBtj^v(KfLpJeN? zj8w;(S!4zMSWgGsXa(}6prX*!Vvw-c+D0+t(rY+dFsbml9kM!;U>m)*!FPJemXZ=p zkOa1tn@C=F!H*+CQ*UmY8}hvLm?lOdV|^rFKdCvArbxKFtJ_&*J02Dzo`Y_(4ZwwkLN| z8#@HmIC5+hk{H6LO|axJE2FxG)kZn`ii)e}VXZ2-s!%d*Wouv*J6wz^;OEPj8M+Lq zIG{4LbY0Is9x6Hi@u2$~`vH~t|MZS}iSwVM-eB+lvz3%Q|MA9#siO;p>si0Cd9UAm z?Q^Ll4u#J6spAEzkDHtdZFt_}Ep6`l3h2LKPPHfGXHDZ?1d8I`77}o7EPVD8mc_!g zVBgx3(v>?#@Sm`>_+P-BqCXC8cglW<(<3B|aMb|*z{?4J34fqrPc%MdI!Bw>pnP#~ z!c)FY?$}?64&VW^!}J5~1<~+0E~`rsGw@Zkd@6pUqca7Hiw_&%gZ}@%Y2c|-79wn( zpvlh$GRd->B1Mg6HZ{hNnFHv#&adv6cTN0Jw@b>5(B-*2ANkO^JN_LP1M01O(BpY* zwZy)FinzqH2lcDs*zvRWT>B-CJ*brYEDuN3rsB^U!=z$4H_)hWK>Jzr6f+gC0x+Yy zm7KKA;KZm?851nc$K^qg!IczKvx}EiCMN5)DehmCHY>_yw3ei3YO|09j+H70mT{#f z3tHB7oC2~W8nHl9d<|NZYiIH?dXIKa$;UPy^g>-{pVFyB|GT5(HX5MXp$x5|4VLJC zonber{|&m`-d_LPMyg_Pj9o_ywLocB$j||kCdRG!|40Gijx ziw_^JUVe25>g=I#obwMAI}djOl=tx>r@ue{JOl!O`WxK^Vk*kZ} z8D#x9VJEPM%tQODf3%c++M|qr$@+i);p+9J9^40;v{APH`;eK~|8ldB8jqVAcC%}sME@--~)&X85IN>)5UMfw$=VsbpUJwEBWePga76__! z6`Y@a(F#S$`WNhMGZRqR{r}z|dH<`|8T9w-e;X-j{|V*0xNWlge!m%>rcIo@$eBNe z{>KZk9A~PY!nM~wTvX4a5;o+}H59#DnCoSV>0(y8EcX$HEmqJfwnS&#A(4$2Tb{Ej zs^g(T5j~Q=qvhBj`Wyi7NZuh_vUH4mq3c|IFCcm37MKeOJv>%bz2A~eGe_XSHC_9J zT%Bi}ivKb^Gv9}bT8@_!rYvCemCmWN&D|$ zZ~xs++SF81aBDIiVgn05A*VhDQ3!+SkiI^65ys@fI414(#PYEMMw@fcsBsGubHaon z27L)F#~6Fz)-qTWnN~`R&B9lxuPn^Z=U~n4KUp6NJ{CKn_@dA$uHyhu8Edbxd!y z;8r!5f2jJ=*OMu|ii*i=t`~G-d7w=oH1|Z<=v0F$18;aBVGFNp3i_=(Hxp(Lv;k`@Mbqr>&&2^Is9>W%u>vy^*3;Dp~*X z=HEstVA=W~^t;LPpYHzshwY?I^}k&HQRE+5FRhI`5Sp5r2G4uhG9(F{H8x zA-A3I7LfpNjw68y@fZ|2EP?>Tlap+az*IEJk_# z2caE4C+}Q8z=J1YhQk*Fd<*9ID*k!_^PTam1$#gOb8hHLJcfWQ7em`Dkb&aE6|s8H z50&GNr{)~ly*syput80IO#@hL@_`La^ffXKYU&9Jbm1!g=*5IyV<<%B>IA-0vGn;{ z1PjCW@pX#8O(1GH1RaIgS58)T`o;>!J2ApOFi~jEmBSU@6V{@ZJDwrZmw2^AJpGU& z8j^HM9SpBQCmip&c;f?Q6yYwqreVJz*Pc5MX_=2F(Gu@QXu0mc$#PK~qIB=sdnTHU z<(vzX*|nomWe}s?1kp@p@*Y`}(ZYj)z0Yk!Szra=rE@a?j=Y;|1!XFNos9Ee-bA`a zQA^6B0YLre$$;E;lnQ#Rd{HZ66=+cq${gtFV3jeb;y4m#;pb$TDv|#qU^xqr4SKM6 zsQW+NUgsz!|2u=hUjA<*{r)?!>04`l!WINBO1xL`a*kwyiE+ZYZ3~OFUf(b9IV9xb zECib1=zQPMVg+#}aM6@lJ)CK^qarNmuXsm3&=26K~h*blTGRxk)uFvi7I3dohBGhWu3sye$|l;tAbE)f@`Av9aOugB366VLC+h1 zg|IkdZ^dm+BmMvtFU8c#G6J)r5p^S++lY3ov+)b0e=zTC)Qq(M0wr&xtv{vtGd5iN zEkRSN$cQH@i@HBMWT+SD?4oNrzv;gyD5+@n1tFc27lWYmt=wJYhCz>>A5ubsr>_tz zQTzc_{U%(U%y6`oR_2CdOzEUOUd6XG@^!APA(YYGstsb2gzZc`N_Jw(Sf%SS%a4<_ zDa%CvqtDsggmSkiirmEz?|hNaMSvXe?yxJ}`jyZj7}#gTpUD^Q_Q}dh?@LU4YH?vf2r_=KmPCU z{!>lOJ$UM?+~7HI1O2(Ce)@0xq{Xz#cs$qK_IP9UT98-&ve_zYQas((2({%ia3$1^ znvC~8`kqDYD7PtUXSMgR)JCf?3ataw!7k{O-oL}k4QzGsXE7YN%^oVEzB<94fd+yq zMq=f`XBLvT8nm#xdC+7K)=&x(jmp)TsTqhurIPzq$Xrk~OYGQ|j_^I8*wUd7Hxp$@x_`+Msizn+ zJG$vTdxRl?rxzj5tLH5e9j&hH|Xz<8tkYf=&FmM>yzHXv+m_Is=j*Bo5;Szu7;Yr(~s*F;) zR{mfm%WiSZ7_WPnG2>5XMrP+|Ghgs3Z@I3QFvn&vutb>*!lw(Q$(?PouHOCF+t%Tw z6_o}WlMosUn-p0OP@=1EWUn)46Ncps+Qdr4<`!2a=%<{b3Q9sz$njKu7E@!c4a+7P zKI=WPCd^(h5RbiBY-POXeb8>Bp(z3VrLODGbn=rG%=pm@9?;O>1p^h?$>YRlAhB({ z&8w5wP#GV_rh#~T+GAs50E*YwFfE;AeY`z{@Hs{?x*$FxsK1_GEb(cVqW#0Haq+Z5 zfg^dOwSFeUL+|n4x)lHmx15Q^Epbo-%f(@>peuImWt29xSz5L^I4==#FhDE zv~+Xd*UMP9@tA{|kNsxYoIqQu1At1;86gAON+*(kKekzVpSF}r&VOK!Lw$e43t(mb z9~t+5kGuQ$|656lXgR1Qqn?p8TPwZ=oOC&ff}Q|8^s|*NC~tY)-FHCA4?)-1)!pq} z)K#S56BY7jO<@VMC{& z2Q0_B>CO)$qx4~{okPp_p>K!1es}nU{f+Op0=Dgb@9U%f@i+aipOxb%5JUYJc^TIR z1#WE_FilqntCoiZYgJD3gq=M>kl4G`MfH+cLPhotrItBT>tUcgU0nkOEl;cZeC~LQ zfKe=x5yog1dNaOhr#zj!{>!DI22SKGi$5;Lj)&HI=Pg~m{KmL47ERp$#`tezRL-60 zgT;UAb_OZ`kK=v(_wA(3;=g^%r^cf`0|aP@S8QeEqk>+vWHbgfh+R>vN(@ssLMx+u zq*}VV$quD|jNBO1ZKgEhtj}0CnFtrnFAa1c+VhnCF_5-LNA#Z6xR=OkgMn+bS2f zQ+0Y9!o32pqXZzO^E1m2+^J{GAB_a#6&_sSQyYoivy2*jXZ0==cstnLJI@LN>NMHo zpW-05*y##a(btv#g59pQ7c7zgz0M$c|9g1U+3)|hl6F@9a}2g6{l&vYg|Z*5MI+we z2)MQbTQFvwE!O}9bXb%Ns6ZQ$C@MA*aI+!>O<;Mv=3L2(YRp*_v%EU*!rT%neS$rB zK-gB6;Ms11RPLfSnHc0V1Uw4dz_2rwj;O(6`k3y7=JI0Cb3LM#cyziNFkNri@|C?K;=fd^{55U@8y<1%eEVKU%kCO3UhlB3k{|gZf`` zqBW%h3XSg_fHK4xnhI`fn<&=|vkp$bE?S}bk<{1nwWM+1szgs$dPyG-* zpSq)K0smnsAX~{J!gq;$)jnh17}H$pok!U@^fN4b>7~R)_oy0Gu0{0%3suEqv4V(hlTw?w*S0FnBls9l2Gkfi}HYcxsdKTrRv_Kqy-MDC|%-Joej>%9oK0$hY~#Hw~H*X_tX8*4y3`+g~21)*Z z-0kh{|655r$p5n@+QXav3#|T}fBT?6-d5QcUNMCp3lmYZs#Q4I&|2y-_b98`BKIj< zx6L1ld3L0xajzZ4`Wv81B~}HRblHmGn2WnzT@jd88==TQ4g#32}S~# zRp4`zJ|B_Co^Wr@V*M%`6*J`!T3|idN(bK4`+&STtGis(VQ~Nyc5ypPr9_3O<^K`5 zbC|4^)qzs~k4`fF-|;^F!HTrV+A8z?;23>5md3jNUk%28>kPWd z^*-ts0>+AF91M9|rT65{MR4)IM@t+3$;okngm9&HFKb&Zd zFa2cjr*&6-_sdxGYO22eF_<#GTV2)bJ4$8i|G1x&|ARsQXutlqk#=zXhZC*w^?#*6 zmRi63ly?9qoE1cji@7_&=L57tcA>;BDLp$=0G8PhaxuxWA5`U0>&pK%u6=~5Wc~NL zy_EbP_6Pg*zm2qm>pz-k53T@+=#O~mqa^S%qB9Cj{w2o)AJLPkfh+S$)7&|#x!8^f zv&eS%Udc;T3!ufkYF8q!h%S{6PO>Op-&Xn<9sbvnE@{jkzG8nrVZ{nQ@4MJ(j6w=4 zm9RcEGWj_*CKNFE+?T)w_1&dsQa|RvQjrdp^U>eo3GpTEi~cI9rvGPm9Yau={?|E5 z#s5Cu-~ZiC+Clv9tU+@LqXxyiD(z^CP)3)$g#3tW=VLD$z|LYF-_W!M< z9n}BSiMA~Z;2CSJ*aXOKjdQfteE&s2Z~pxkfz6lk{!2)u#@~Ml$<*lkFONi@jo)#} zp2FD*MioqIzvChh+2|b?fl8zAxCp#9e8(k*S%dGmsMu}(j>{V7|LZyZDyiK5lYIYU z(CO~w|5nlt%Kry)`n{51^Zb2dBA+7x!qmt9`6Cl{VrY8^#YX9qZ@eNA6|3w3OWRzB zF`jbfEP>T&pYwP5>d3kXgcR^7zE)n31hQ^14RUe#HdicILDl;x0;Q?#jtzU{hrG7| z4Wi0POi{=3q)Oe+NqAfAU~UiJFq8E##?7X|`W^6j#qITA zZ~plUr|SBj<4)+Wb;5s@$A9T2<9~wwx4-|rm9&HUAD?KA>woV7tj^#H1yFp*(*QXd zQVE(F&cs$_V%ftnT>TQ&s;E9C?Pc@-!p3tVBvxo$)~we&e^cFd-31Kcw34B#2q*TM zIzk%(v;y;1@p%k8iJGkuo;3Tt7J(BFNs6am%t=cGso(f)&XoquZDpFOmP<;c+tl%kX#~|7AOA z2jzcqqBW%nH1+=L)I?vD1?XjsM~PzaZzwkOGjs1b1Wf${4v#=oDhNHl2#5P!8r?|!rm$L6Pm|BVb=#v?Z^gV68+ z70Yv7n;Moe4|2;vvFqy+IHDiXzn@9+^Tz*dX857LGUiSzZ2&z+M@NO@f7l<6qVYfM z4M^{>cQhLPjr3Y+y(0a^$KP;WFEm2ibAyu(A*K-;jyKie-_W7D?Hw4)(CgYRbl-7K zNZxemn!fd7ZiMD67r@N6Eb5*RE%cXE%Pq3-y&K!2L3euNpOCrd+M(y$?$k1Z*~Bw^ zE70SQI%^xN-SiD-F*EwPFn#)IY5Q52y6O4U3*eu*4(-lqIHSt|U@1^UFA>Aen6%k=F<$UgoPK@&S5hD*E!bxGhYeUlRC->=jR$+hPbY}kfx(486aCiv5s z*p3~po)e#5Gn_(?%))RHoE#k7-rh!pX7w!^8nzSYD;eUKiP>UD=36_(tiClx+ z+To0tu&TVd{TsCa>W$$nDV8S}oD^RL&PTes z^pRe|oZMj4n|z5%PKtmKS3 zb3PM-&W)V3e9rdzormUj`;<<(@*gl)@$Km>Bv>1SH9%(y61xX5pa@Qy zkN}9~;;ByFT!Y3nr=Ck$_X09QEIr7yj8NdDARKxC#PZnp=foiA7aToo_?9{#OsU@C z`iYM?jhSMgG2)B$N`eJ7?Q7d4o){v423-b)4BH3A?`}m56O@C15uJ4qz;tfu1b}+s z*o%f1^>P3Wz%OYSf^rjZSaW+0@MHR%0h%-0oDl=)4D!JQ@_OJO;Ap?| zLV=CvIxG0g3#e2AVJM-SD^}@yq{x|28u@5L&!Fp%Ivu8YjTPlv(+JRvUK>j%#L0Jy zMPtP`Qbs!+oPD^J!3k+wC*=1(#Sb<+#cw$~Ia&E=&q0yIieiQ{!*_T4iJ~d4brXNgu7!B&r?EqDwK-3@?9g4fCG24n$Rk>Alp_h?oHO#Gx@M**33Bv}ez7FJ@Slje7{g8H)|V z7`eWn5^y{l_Dw6S0?Mj~vxQ|4vhXbR@38?(O?=?W|2W>f@#^%>be6DfIUzrP_0=!z zlkLWzp0RH}U3dZR)K-zoE0oWVLP@sg#*~g1z@Wwp&#_G$!c*tgSOr=#H=w3ZLxhch zLt`3mp0MR9>}Ergzfvw;_4 zgn-UWU_p-OY&5lj#=qh096QE@Ix3lNYMw8xHW|4iE!|8|DRX_mN5caC~h$ zlr10V?+q-jG3=zo#|~_>YCqyEw85&Ij;AlvC4eFM7B zpf@<=mVuCy5-7#Y3@&`X6Y1N5?7sZ!qfZ z?SETI-EKEwZZZ}NW(@miyRh6|M#JBUSY2ec`2Bauzy)^_(?^%uqegV{=bxgykmFEE zzu@*U{hj>GOEK;vgvIZ_cME{?QV9AF0!#!s5jjEts1cncm@2mQBj3s>^H}EdMk8L& z`8irKe^Br!!$em7AqS(8fG*Vx1`Oo711#eM(+Va0xp8;7^rw`|0P*F6Yup&NgG^6; z=S=-V1%dostkje^5|Gv%CrnPF_v?2QyM2q}0Fnxo` zHfc-FE5wC@GWe-hFdtCOGfQ zPA;{SNu1I&(%lHXe*?F!Q!#hwG6>7H#s216hR{OaHJD;0-O8#;aW$EFhIvuDHKAn2 zJ2NE3SY?&UxE9MhhpbDXZYt0~wod7~0K4(3)hn<~e87!^G(Ss7tR0xH0826oqH&dC zEcQ}kUnmuPgbG=v(8{66Nq!knupu*E6A@v~g_fRQEu+rENXc!U)a%uW*@UGbaprT_ z$;W&MHb4j7B2>-Wnwr_=YF*-+*og3)CD*DC_%Eg$B>~(de&%;x)x{IULlzRK*z#_J zpzdN;l%Wj!c>&iG+)mPzY1ZkLz7|K8$e^~{73J1JD8+^)VyMKIa3D-RsAm8<2+n

    b$*$Fo|aMR8rcd-GUDzRHvNY4k~+o;_?G9w z9-R!80t*T()QYkOy(rJIZ|Hsq9&`w(dy{1ir)O7hetb24cl!3#<@xE^D+LlWy?qBN zN^)$jZR%JT^g8)fd_QLcC-q4^QsASqH=eVc)3>Ms6sva`V`Cm4iMVRuIaI*~cIO-m z=&$~(%3|i&D$i4xxPWkwDxO3A?s`%r$?@~?$Q2G+^A>4hO6N5MC7Q$MT1R;cyo{C^ z+cRUq9S3X};nVXsV(S>_-@~3tV+LzIGPiO!4Q(Up8Zqb(gO<8??eeE#4)}K9^a3lC38) zG97DYk(KmgJsohP708!@ib7k9LBd{Z8^w^zuHk&aq{8QR$ofozZS=YZ-|3}WN=r0B z64+X9B6+<9KaPk@y@hRV$n¥i`3m^{rUsYhc~Z9NCy%ZoY)lFpIX%o==|SP)(j9 z>3F#ElsqXYw(zW{MH%dP>8UbRk|$FtwJX|B>?Ps%X)d5*7M}!Go6Xn44?3E#J$Y7R z>=0Dz$gxpKV+fx%!IHzQjp`a!8|COLF0P)3b?V@%Ldmt2t$|VEa51icpDz<;=qjX= zfU3~ab-nm_sN(#`hwg9e2UO+%GdLWi&VTT){rS%}Qu_SIpBSc&E)fOBIJu%ECj7M>0J z){c~}+%baxgr&v*0_GI|ao~7U_CuT=Az_582Ji=7PUuVc0}Xqk@hQ_ey2JtHi-QxM z@?CPv{z`QK513u1A85~shR1PvU5c4OprRE}@f#hTDNtN|*Z?2&{|`(9Po44*VerY%wwx1 z@dZ@GC7wN~UlqrWpS5S&FG=h{rQ~OMII0d6e>NB<70bDSMtuX?&!eZ9sdyED8Qtyl zq-_T$MxEN2U}-)s_ks+rq=cGXzN~UFS+`Ab|Dv*4Q7)&oG(|I;g*Zr0 z@~-2QkR{cK4U*z((4ssimygjqv~x;6w)vo!>N@+BO%?jzEuD1H0M(6TXajAqLjUWH z`f2@d*zfoE`rkHE9fM=yI$ER!O0zGH4}{}faG=&FQ@fjwXz+F$*nqwLcjWc(}E|GW2BuP*iQF5IMzs`Y;anW_CB{Ig&G+ekn0`v&Nj z&fLfUGj>H6H$I8y@~r3RZJu*Mv2zvqo?o*0Lw?5P!7q`YMt4_XivPmg;U|>3%I#6x zjrjwwnYXZh(aD?mo&b6RtVrO2rrYT}!HWbZ{3gK*rRjIvO#91oA^^U~KdZ;q#F8z(Pv=1-vi z$wDm0ovNpB-SrO_)$^#74LNcRMei2odYNImn3XNdeS~3)6?V!k(K&ZWWaH(Q=e&yQ zc&JcBkEHKtH8zMo2f#a0bO@I&ogiQ2I@jC_NFKR`=0ZY`j#X9fw{+9Y5jgZr&p9Di zXWR*>$QhY=zeU*BbigZgy{q4D!uu{uy`(#QGvD{4+oL%79R7SUM?Rmy zK~HVsw|J0Kug#VYYHD`yJ`Q5`$1m+3za(Jp^`|d4RqB5@<2Q5ws?h)X$D?7|{yW^; zf47r1HI8}>t zss{59RX_U5n$oMdn7rnCK`q+{Z33ZrC&EUj8dMp0!v_gldSz44Z{4|>GJ7aL^G_Np z_`iqh=solQ-f{0R!~X|+{=b#fGXGCSEyEIN-pr>|K5u@13VCOay-~oCZV6M~3hVX- z3;1yHhFK<*6`n(%DJ;S8Ee&TFQ46=z9Tvpx)LmVg-a^J_tF@RLq^kHo(Vk<2P@uiF z<9{BGhWq&MTS@iKf5jEBhJv7q{}1|U{r~9ba3B9^E2--ISA==leSLXvq-c~X*1x>@ zw~-21wf#z{`_|<>5*Un(~vxIs0;t|ypPKT(aH{jHKHkp zz#0Z;*0iTjNsn}yl@DP)z6QO)A}241Wt*Xr5ztU(=AD5=ueuz(jWS=#U5Lgb&??YG zjI|>6rId_KPNMZEp?4V~cy#>X<^CguV4?^vZv`H%@1kEEtHwqun{#CM-rNqO1~v6H4Pde92R1a(*Vr_usV6AVg{$PF7Z$z7P>9Oa34Enu8Su9V z7Df=@>lC4vLezE%ItsC`oUH8hjTKIIVvK!YqR^Zxhbz1%tVOMGJR_tp@oI^9`XNI! zB!Ua&a7@Z1357CYp@p zTnLldwc}D%5aZnh(M)FY9^2M<;lse*6}F))uoCdnxfuY*-p!4IGL^wj$N8^rB3q-Z zCFRiopnm*hKw&#d1wB!|tQD~ev^WT50rYIJ$^=w#9Er2=bFxfT$p100oCU}RJzU(^ z{h$7zcbJj?z2RUl|F@BT{~g%$jXghM3j!A<-m7>qN3y`gIN{v3gT*?p?iTnQ5^`}C z0!?sqzHjKTg18d6XiBXf&a}F55f=1Uy{RXU$W*b&!oeJ03M*%_X=TSS(ZHwA@?cFc6(JG8W>j~;$7j#PR-s0s3wz~MU7_Qf44;9fsonTKv13?ud zwesLI3&~p#TGZVlXfgCh-s#XAaj zf;s9@LD{U9R8lb8ZCD%DDV}4zTh2*;)U5Zg*Ce>ttm*k%Wxv&Y2^`n&7J<*qU4$;YpQfACj8;YZ}M zUMaS6>?z7{q`aPUEj5{u$-=zPv4|fSI0&6UH&Ht*9-UUlMHq;1iQo6|WNlG(Mk!mX zc(BrCw>V~u*WJ&U@uxFmvva(eFL{->TGvaNV{;f-s!R^yvjwu`&No@t?|$NK>*&&o zN&}5a2#tkJimeAI(bYGy*O{{^!*UL75+xFIi>ng!Q$bM$C7~!3cq%_ls4>@u?GO#0 z^|ow_+3N-3i5H9QocFw+bh~J1N-tlj{A7nSe)NI|G&Fq9K*e_QB=H$YY#VR$ z>f{wv#)q+KC?22o+1MC>;`KF5OE+B~Zx11Sj!}Xxh>r;BuV)uaa@u8Re?MznJgrdT zNFHmgpULphJG{4Uhrq&Z*Rr`K4r*YzB&-#5<<@`^TyM-W@mU!6Q&wRyixi8vHlK`_ zZsGfSIqNnVb1?U@-yEA0XiH51Q0X}%WI$KxMEdWCHcRi*mQuy}5A1Ph5Nvn>tjhl* z=l<_;e;@yUD@hS8Pa4UnrzFeP%5MRuT~6YlCjbxqY^4jz8(w$!9Z-rx(6x4TcRLq# z6)E_L1p*bIy6)6=@8mg3Ks?6+84YsWB|ZJHr}vnu#qY&-Cx!{K(+YF}=Sd=L=oIvT zf(MjC z{SLl>PVYp&$t%$wc^k!5w(P(}J@Y;Gk6|^ISdC%pV`0!sREVROle^rdOzM5SI~s#b z5VTr}X>|(&_KRdBe)8DNTtzHv4-=B?ibcuReB)MrHKw2pPm}Lkb~*i^pkZ04D#uS` zLkD4*xg&-4nyj;+2fy* zAh+1*8duTRmH&d>uC*7ekpJlHpO*iJz5V`gD`{utKgVEO(qBAWR4V(?S~TVjj)7~t zumxk**=h|yK!-)SfC{t~iK1d70k4+OFr;q7bw2&A3zULFQ#Dmk-fa!X}E}y6~cYP}6 z0LbcWbuhW5lfW}S(y$>Sx53%QsBobl0KeEw;;VSEs+S7Lq9s@ZGoP9iXtkjRmci~K z1vVeU&nuG6J~c`8^}o4o`W|dw@Bpma*ZcK#z$*LC=rA4sbu{en?LS*dJE;GqCt6!N zpwRf;v}5mo_NgklN!q3+0tjuhmL1h)FP&11VKIK&01sS zSzQpl9MqVD8ndhzk9EY~2e$=umJtorhwbM+=p09Eq8pN;=J+WY@)C+(p8XVqI4`rP0BjT=(mH5^6k zR|xOZ^Ec{IfVK3QHK4iihI`fn<&=|vu>{+m?S}bk78wjKWM+P!zgxO|PkkRfpL*kK z0snp}AX_OS!gr~B)jnf>G^T~rJCCyq=x5l@($9#C{$V|;T#M=@7OI-ZV)sviy@lX& zPiyY~=XehbF`TrdcM@jiV==FPh`M;I4gYv&{qP3+HL|gs; z{qb$ABES!F4y_a&0s$7|$r7&;ijA*n0GqVKRjl1tC=(1i2SNB2frTS#y46q+Qa2nG z`<`mCVHch>U_{}?0DWL1~{{Sx_PA8rh*5~{@ zRq+4baFF8vhsQ_5{reAFNju2@b0%8rod1%wLB54XN+p28(M6Nk)gl4)87jo}*FSY{ zyw$zfe}=vE`!7eM(cymmZzJvC`ezfZW&6)7gc+^tM=8~gwI~nBmka5hQ>o5b0f|dj ziT#2`@+E(PHOg^3jFMmp^|7f2l0Zf1j)sI?u8z!YAXu*u!|$oFAc6f`+Gl4Y)R+lf z1=FsStZ8>adHaeuJ4 z|8FJjApg&sX!mdWFR}V_{vCk+cvELzc*PWYEKEerx>n(ILu;wW+@q{vi`=Jd-8O$H z^C2v3Qxq3oj74o0Hu|=mlap4DObno6ksK zdSlzY_G*auv-1yxIjq$&J_$FsvAI}E_qG;pA1*wL#kwv&|1G%^cyW12-qtlCmv+jh z0gI0(IqAk+bfbQ~_R#SWAI7ZH2N>^Zroz^7W+roCeaF{_a&Ejbq8`-k6O05ft1#du zeLf-&J>g!TCHhr0DrUwZw8VO{l@7e4cOiLw)^xe3!{P!c?BaHoN`(s1$p0hs<}g`n zs{@t(AH8(^zvF%Uhb^TYl>eED*81i@*Zbp&wN>T&!7=)BER9Y5zgmp{)*JTI>wg3+ zVZZ*jk#>9i--qR|(Dkc<*VpII2iA@MwC2)hsapQ0<3A0LMtl4JR?-fx|7fDMzVy?< zpVnRV{V!w9tEv9_$6(6%ZgpL+?>JSh|Kp>y{2vaFdi(XijkJU7KbmN*um39rvef$J zr=kNu;jAEHT+BTSpAXPV*@Y6jr1I=c0a#^2D8wYseo&W3ttIz9 zbTrtn|81llT>tSzyLSaZM1RCf9~FV05uI^l@~=1^_<){FEnJybn&!???ZtLPm}R!Z zcS>HWS_mx`Rl5>-Wpt^1aFR#)=C;y@=_lr_4{YlFIab^&D|EoUo8sP0@vq{hSgZ=R;tD-Z)!n8`bknx^RiS{O z%SZijmTmJ|)ooXgHiJ|+eBl>(qj8_sN$cAGOvlD&5!-zKnhMTjLz9HQ#>`(A$6iMPTz~y#EqWsrC0?A~Lo5{>uZ=XXAHV@~3dV zf>8&P#_zZYL^gWIMWE8^J1zpR4c~D|VAkS0E-H4LzvHsT`Tu%Oze=jM|D@ml820*m z`M;I4gYy5LoPMt)*dl-5gvjSefG`cPf5F&wW(BB|1}a}wSbJ6PDm*9;{>@gcohA~M+(R&VnV>di+8pK)_&xPAu$UU7Rp*qeX; z!l}Og=Xw_XwMqD|>i94Hbo|dD)Y$8P+eka8|M7{|y8ibL!0HUHPyoe;A`OtEA(fz+ z;aZL=6RRGM;p&&DR!8-zXfL1tmo{DyA+bj5vSzd9`J3vF=Ph6er?m`SWjL|d)DhYk zpp}@n%FkoiNz`nO@TB?gwFsPeNK!ogVoq8jNd3lVbAdce%#+p?Cyi00xVjz8RYD5- z*UtI#Cfz%|F>D7}(7pB1kS%Pdqr0JYHGKc|PG2Jwc!m7$kB-yvUq;9K_%GW@J1GCt z6Rj;xpsn{`rzZNMEMSiYjKefQI!)E5JSr4}e?z$`d3{#@5NMFc!z3mv1UH^ySYr_{ zBf=;wKMg7sml2kEu}+&J)a=1jCb(OpSI)?7LZ=A3wdqtgh4L`i4RNtg`?ODAQ2Kvo K61R{5FaZGU&n^N0 literal 0 HcmV?d00001 diff --git a/released/assets/rancher-kiali-server/rancher-kiali-server-1.24.003.tgz b/released/assets/rancher-kiali-server/rancher-kiali-server-1.24.003.tgz new file mode 100644 index 0000000000000000000000000000000000000000..3944887a4b98953a2a13498eba60b21ce9ddb20a GIT binary patch literal 9246 zcmV+(B;ng1iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYcliN13D8B#x^eOP8eJXaYMMMr-@K-@=0wNs%J;7P)Sm(G-Vz*=t^hs< z-n*P(F5Lx=!awb!^!xq(`RS?tx8LuV|2-L;o&RYtytp_!8=MUk=v?4#N?unl4?R z2QMQm{aGb|83_WQBjiY)fKyq8i4h73P3|k-#+=Pb0HQmc^AU;|C6aMMrvVnTF~d9% z?((6lDO1hn102RPJg9`p;X^|BDoodB9GGx@7P&EJ5y%-NqBqY&u{=;EJkC{v5a`r*6L!fbcnqrGEHV z)ff?hFhwi|iUdoz4=CpBckm^eFpd;x;sc66%n%!^pLk3{A{Q?ZhY9cwLXx4Gl(87~ zdUtns87p=B03;@%aM8_-2!+ee2?!7tNF?K~ue1ibBXWlPL`W8qe?!ngXpX}KRDE=1 zI{S@4Zxox{&WtG@q&TNU&XTd>eNUq{|L+iA^)ao)@ttcbCIYz6s01p@Z4{p)EF|!r zoIwP_z7%Sz`#lm(%>yrFQ|76fGr)lx(`n}x7I%yXV$|s(J(!&?GIVqi1$oE#EumBO zl1?}lk|(}QICLURsKkT<*G(b9BpjKRT}7$*KU2o0Axt?-Vm-k+2$?ychp&TB!oy`h z(|&Z;%o8)r8eansn<{jZ7Ijz*981R6)to^XnVBFu^K{ahIolt0zO=SGmU5}I|3+f> z<^VL<|KY`;U$+0J=jTWJe~6;A%g=M*oCGjJj-CciXOe_r^_$L<%m7#$8ff$2D7zzO zWFj4e6FEadax7uGa63=XZ!AGGJO^c9ZYjG%SgBjYCP7)<3vE`3F2frlSs9eGeAnuAY*ZSOuvz6LZ%4^Bo%QikqAq~6RP1qBNE-Q zBn&!F5CsSn8F!c%yQqK}`)QC%rqBiuhisv28#Vp=IR<*Iy4QK4s;EgL5s@f~pS$SI z1PK-aqoBJd&`eRuP!b1NTAFeMOV)XU0;Zq8Kp4HhGUO@5cM$q40=HxA6IV2O+Auhp z`Bq+$h`}cl;v;5<2ua079EJ*i%-Q_{Vc!QKG}Cnl6CQT%VC-?mq{p(MReo8g^Q7|x zU4xW_PKALLk%;&?{#;(6yBYCk2y;MjhnTO6y=e#fMxhS6|=bie0Qqq((%chkxoa= zKIO`)2}yzx`uN%Y(6iJ2PG_fKs~PPGs8kK@4A;bmBqCCn8ETMeQn8c}#Zu1%fEQ?- zq_3~7oAt`~Swbb6VS!@c5fRE13fls~9QZ=cl*g$t{)KTAF%C#MG@ONcSPj~A09HWz zm>TSffZQLcz%e5@Qgp_IHtED@v#`8 zf&P{Hb9RpE4y5(1{za)HUx6rnBNuUsL9$TI22)8hVh()F1bC4iO=swsXKHqOAs$1R zXVaX(ou>rBR-fQdK&L|jpi<2XgZGIKTzV4{f)<~clR1{)-NM2??1XGes3+MiP*p{c zDJ68OY8U}De#c0&kjoJ|>G%7JB@swY{MBJfpPSm>_rF)frm8Jfm6t4vm=Y1I)U@uw z5u;P%*sGw$c&ct^8nQ7Cjr3n@)w;-3tsf>Tl6a#H7TinV6o*K1>=Qaw0y`m7-LS$b z)`-miUHykhK=e)rr{_=f-#&|!+UcHtKRi1f_J=1XW|W4N2$?|g2c!3{U`mAK3p=)G zN!e&?&$`n8Q_3yG5=8Ia&o{5HU3o8e@i7|wzy9gzY03XPzc}W94paVN{0(K7wE6h| zm!`-@{D@KW>V>j46#;7JCbK=)dj6n)e*B1BlSF)#5b-VDMRxNv2>eJHqI{s+VU$wf*2FV0WSj`Dwq^6_KuTQn!pNZCoG%(e0! zUPg*7{tQOw+urBTosO#3d3_(Na7ekDN@8{VHUksXxE)>b5?v>g3Asm3*FhE*&;Vs5UUEk@dx!ZX&K{n}YfG8gy6Dn*tsGpIgax;F4Kv)xRsa?_$Q84m zCVhlHeoVuy>aMv8BaY)WHO&lj4V5)@(%9*5mJ(e%O9U$eYbV1p=5`C=2l`Z=Lpc}X z6Z()a36@m%Hj_@h;Bycx5vF(wL3g|`h*EbVjn1ov@Y*t^-5{1(*sY|)goSO!YPGF) zzNiny9$1HHmHc0XQF8%E;E^JjOc1tlKFZ>J^vrZeyL9f2^&vFa=Sa-b3|E?3YZ5sk zen=s|HsRk={+`-SbFFinOmH}+Q$SC>7wD-_Zz`t2N_N6cvk*&_L?){JXOrDXA1qPY z7gqBvpTErMg-`$Yzr<4~|MuBak=F*_I>>Rqb@Gq?w|e9}&m&%H*|qo#vh6UKkuLlw z{rS|UZuY|MG!4|i?Ip@$@0ZW3xV?P4FK$=idsuFh33{fC)-&aUUBMLY-(u;{v~+2O zeT=A}t}Hpxv3ex`X#40x-H<|7kQ^ z7KfW9MGM0*!{V>7$atPnQJ7oCm4FX5RdXa+MPQq3&kg%wLuv7Y~|+Z7;D3HnRdb)UQFA4JYrB27L;fPA4rWh9oE zuR$u@cZ}b<=rxggVH~7geCB#=Fbc?I0vu?${hVM8-%wQGi=qcHy}Qm`6_(<(TjBk~ z$T*pxHN#W%TECLvf%`ZlK9S)95gHJaiK9%{E5cf^1l?gOHypFls9EiolfrrxX@$78 zo?MEqS+eu2M)0^@w5ya`v+S7eORZe&tH?R^oUH)pKBhmMB|WMW<-fmlTKZTHR2tTQ zd^}EQ5W-G-0h`u;&rS#B^`DE=!EycP5M@{M)a`bQ+tml1TS9};a!Xhz+a!~1c&^P_ zF4r+!^!al)oqe{U-3nH>MBG6(zdBkP%}Oj`mYe>BD51(HN>xX=(lUq(2y59OeHIBr!5xuFgZ)&9In*c4lMDWxDXa zY^US5ENARTX!H`Xh-B_Ma`J1R4syyXu8!^N(&sL?u)S~5O>xt+@is*+5TEFP$LvLo zu@Hzzvo@V4lu+bjyIs_QEcXGZiji?Xf1D@;=? zodN~rz6XZx$nNo$Di$$`6d#8#(1f!n<7GXa$XQ7wJgc5dEA`w$d|T|jjzyeh0A2&L z6s9*pTv`+4_#pu*JrZ~^hY7i_#gP-RHQ+0=iglc*$XB+5y_ySaLb2Ln9j08q9XW+8 zehr@5tp7SJRtlVD^1KH6N|L<@RkGi36zW-6Qcubu_|j^=wlvuP<-%PL=$tLKaswLe zf4}7apA1fir$_sLh?1rW>(u1x8oZhIWxv5$cLdk5KE>OtP6oEZyU-J@;1z7)6Nngm z)l?FxeDl`|CVFeOjdz|P6cFLFIq;tq?HZ$JKzd0mNu&=d6A6($E@3v&*c6-Hk^i0r z0xfInXd%W_jL@n5X|}1qGu3O5sG|CRV>az`eCO0+d=-YwSJo0m5HY?;+b5LB5pu>0 z31VYX3@8t$uS@4@edpD?CXl}n@W58KV{qI0GjOo#d*IR z|6dIHNBe(>@(At!lS?Fs227bp=!CT}{g>~5LHbx-8|4#o=7SKP zA19swpV2@R6?KJLRs~O|9H#kXq$0~()%7)c+t!6x z+bIr0hj*#1E&!;u(+}9M9~ozfB(z;0rp%kJG&nfT+GVod7hx3Tr$ByGdTsj@K_n!W z!nky1M85Qd`|+~SuclG)y&y5iRx^pwXP&=Y2j0QGL_c0`D=ztAp>Qu%7Y`#U4em;N z`){=RL&X1s!C5)}A0F@jI81qj_CG!8zfTvy?00!X?cwdEJJ4Y0U%h{Wtf?b(ic+mq zQUg{;wNV5n%a3E?Ey1oRy9%W+BSNw%$5A`gpqCNq^uks8vbxWINvH|*9-`+{=1na8 zhvh(urH%=IDZS6BRqWs5X}wlmzOLaPCSk%??84xr9ako{`5Kem(mp&q3;tNK@PA@y zZ~r6W>kAQqcL#3YJ@5WLkGe5qVWUsbVE+df<@-NRPS4Md_WvN|5!(OSiMB7FAWH%K z&#!NnF2eu(`WC%sEbkl?vID=*BX68cCcuqm_Iw;;pU7Oy+qhuBLS#VL1in6wyltvH zN01G^6|~*M3KG-@6fCT_d-?9AyxBwF>X`jSyO$3}cj#MvP`jtjG#cpL^nbf>uqpmK zKP$(7!;Ah={~x4$CHnv2RsR~TFJ~NZAiU77S~aNo8@-^XDkIyntyU-_s@4iM%VQWK zMz_Tn=+>L!{2Rjo1W4a&*IxJ8>RzZ@*Ws*1`gT8-bFU^7bHH_q_*L#*8^wLCH>5Rn z-)E7&er69WFrehu$%hEv?|}sozJHXRfB5)%OZz`)Z~dF^f9{_Q%l7|lcs&1ckn-5= z|KL$se=lcV8@zy{nL3)O{}eOzz^<@YYI{hRcw5{zrWq0vZ!pd&Zquq6ck^g#NVUT! z|A0H%j%Aawq5l_iHX$J>!`yx=Kx6*r$cqU4JeyAvELJD$RXG4KBs#i z$7JRcx;r_>S{Bpl>uhD^IBbD1!uQ)DRi4-`h>dfx9d7HGY=!aJ;Qcs;OCV z%k?ph2KThaNyhhkqeqR*_LS(WPWMHM4%(V&`J(REmiGVN-QXx-)B6AUMS1`K@a(w% z|1jmT+y8ra-$wy=w*OOKDZMxZ37+ur9OyK^l-uAA{KgVGML%Am`~kqVyXl6tdS>c- z3kA-z$LRG2x{M-)V9kEIwR$k4vdThjOVD-(Q>PI2#;=Nz+l5aVbsO_(-4r^Ym1wX3 zDGT8Dtv(9b82=4c&VQesANBu1$|KbOW}@vq=l_lc;A*(m5ZDKGxqm~3J*?`@Fb%@| zrrf5Dvp0?Z${p-1jcUg==JZ+`3*UV7d*3ch1d=bTPq#*kq+43tifFurkQ6>EC|VpLXfqt2rj2 zQb7;aN1S3fOh+F_*1f&`|BzsQn{49%G{t|z;mY~1i;Ls;{|-_fq5ZcLZO>uf-wo8N zi0|(i!ls>l8>T7eKm*2iN>uKgkg_!7uTn__o;E7EHRMo6yZa-FGP)62b{eQDS4tE- z7M=PvmG=5y#7c0-jLG&Ve@to6|NXP!%K4v@0i<7(0ZhN7=u?$gp<{^g8uDluv6^)E}4{9mlx z|9>(ZoE+u<5akide>TzfF84P%$f?w)kLs3zY_h`caf?`xge!;rYf=&ecTk^6v1cc9 z0Gra*wUkt4O4{nD4dj0_qn|4c@;~ga?Ef8{ogd}@AmuU2|HByln-pxFy)THpA;J?N z^k{FtX|eZWZU~FElK7}d!B-|w<|T*UEcW4zFXHZ4nC0i>gl>|JD0*cUN`?*RRUX0;W`IzQ~R$s>A?*pV%+5P#vjrBL%;T7n7qjnNsiLY8eHXAG)1RR8@vp*RJ za`l>e6ax(iouUYYz|&21S=KWP;<0sXdG-B1ytQR-Gr0S8)*gTbspY~uTCJ?_)@0!Z zbM-~Ld&h~CQ2xxpPCfod5##|o-6FHIsr}z@>z6Lg`#)CV|C8bI{@;U?M{EBdV(VAg z^l!TBYw*X|^OY}~%Krx2zO&M_{yP}1$p7i!>?r?-D34bDA7tBijqm@Sv9Q7MSLArv zCm$O;{$G?YyoXOFKjQgDBh#+>#H3{vsan zg!m)*MgJ*fQ~%GJ+%YhS|A#4$*8ejU9LfW{)^J*^{~ClFuK!x-`(OXH z)ci5le={!aef>9M(_YtqeHPRj#MhiNj`B6WIA3>OH?E%g)vibzO154%wuJ1oZfr@} z>$aJB**PN!s*p6%?IY=z1gmbYXyT7KVgQ ze~AMuA%!2|`|E^HVT1^B^RZ5mb%-3q~}Z0Wy&&xsGOeC?pW+hU5X=@uu96S=V85>PFd&C-{b>RpDnC6tx% zUKx^lsz`*V;KfN8s^E%)%<)^ld!K~iwRw|Q8ywRqYznZulv=le+QI{$QHco!o{Lm8 zo)L0Be#{gFa>PPNh`azMI0>c4VM>JL3o}BsDw7Enxi8S?&!g%(5>L_R&r6xe81tTm z#9!2nRgM+0u82M%OB!-sg?D%%oczSxMx`PB88S?Rr5@@cr^jO1(~Zslo&3wL&*+3q z3(rh7`^K*A^vo~q92Eh~3qPwnKL;9zL7>wiBUmCH_8$wtqCfr;gqoN```E1XdqQM;DAsN;yq_$80C;ET7CqX ze}s^Vv)4=&`_CPWJt9-9N_B!DVCl4(`JLdek~lChxz z=-k}fot8*pHScmt+(PJ;s#kEoyO|X!YW!+CDvg7)Jw_-@=_*9P<@WH6*RdXhspG7S z?In)!n1nslj_pUt*7RdDA8;oLG@_6vVPC?K!rmy1(!{OGaJ6B|!zV%#=C)T7I?(H46X}&P zl`WcO31xB@%gbUl{x}>V72>bMxueco9n;cCRLHlfQ3^|Isou{V*;!rgE<$CPb)hrk z=vf8V@MNOAorOzT0MF60nrbl%p4YwbFqPzaZmOg(Yh8~z{DoMO1@Nj8P`!#T0&A`2 zThSM@V(N)V74Z8gRG5Yq5T9^&Zy@e=1p!rt$8Swxv~u? zQd7oDv&PE?>hX0U4c$ak5l|CZuIp}n{}-WC5L6C*gB$CQYPH-=QYCOI9U4*Jn}hHW>q_VD-!rPmc(ZfancR z2j@@p-#&{}7rUp!?@mrHzCZo$c{7ccFiZoabQ#wqTH3lXXOj6Wbn}C?mD{SZrqkSA zc1f=n6&X@kw_4Y(OyvkUIuGSkj?`up3w9nF99{lEQ_vi%?SkNbZQQg#heOO{_xBTrZN5*}8Wdo!g9)u>7MJvZ?-IH<2m+_>4-*hL``=8rop{aKmp zWhmslKn{*$QPq*98zl0?2(Z6}#1bY+Xdi4$g;GMo$04E9D)f44Fe-5vvmmW&dcQHM zv3giJSe(({+1PZ*{;?VK+?cy2@lBW+Tab5*-x6ASu4cXR^v$pq-)XTZJkg%DiVAX1 zmwiD0biUQy+J^agDk4mT-@%uS$ZWj|9A!SOxItCmbggD!6$hrOpe?H{&*H6NMhOX#z`t`PV_~Hxf%_OZ zNi|6w%(V%`WBIB}3;%D|@UPMT8=efy@!#O&nEyRU`BMJhf3D*fYg6@jT)+l;zD8$o zU6&r6TWG%WVMjFt`{x$Jv`4pbKQ!&ht=toX9>VQxzh zp!LD>e}n$n%K6XJ^JD)1AZ0iI@6Tpxd{H-$giO%9OTZ6x zEPo!Uw4XA&8bp~ttu?dVv-wx6b%_Hd|i6PEd)5o$>q--(AKoQYj z5p>aetxeOk7?LwURYI*K*W5RZ#xP+V@`*G#Bf`9N^=LNsGXLXCPvK+Pp)~0KI~aF4 zW3rp=q1wU+Z1VrkSM>kj{HXsAQ`%fOROugHrq_y8xQ68`h7RHYrX-kaiALy?26RVg z!0z0Cy#BLy_4Cg+FTd&CekXdqv0kE=3y`NF8{^RRv6LaWw#FM3K=yDDc zVQyr3R8em|NM&qo0PKDHliN1Z;Qo60D{yqaik-74X`YF`O5M#)oW$SyG2hH2Te+=0 z7DTorWJrJpK+R|!|L<3L@F9v6smI9UtWc?VL;~H72GB1wK#r+D1>U_QI3!&GdKJP>aF z(AAWwX0rhf<0&3g!sPHFA$%F8>oX2axIT;An6n7v6cW*!6`@!jC@>U9AY$yp5ENXrgzyi9eZ8bwXI3~XW7lhFvnjLj;9Opj=?$LK{zY~D)IfydoL_#9xFA;|^@D4(fp{bOy81{Pi z_xBkqb^8D$CZTZA?UV?G%gzZ15Ee)zqpq){2D&G5iu^=K7Lk8J&_QU1!vs`)bZt8O zwLq^Go7~QnDITOaCqzz@k>Y(%qc;EV5MT8%t;F%YYbquJxX-8rD$8vYpCc?J@SdDP z1j4=)YO4D^5>3nlFJu$ushU&3fg96F=MLugj0a-a=^{Otoh~wTbP)x4&-fjo6ZMjg zITn&9zDziDB21{ngaX%1A;KganwDKfsrWw=#wH<5I7?zZ!8!<;IiQEHgHXc5yq{@5 zIxFUh8D@>Ifrm{Mx=D*VEC!Ax{%Y0aGN_dB0k+8s){RO)}TVs~Z$ zH0b}6usSr*>cLTZM@-3B zItV9niiG4?!es7to}u4Zf~I%|O2OPwc8{NMh$R$%~1BgR5SGtXw{=JWZ-l*<%o~bHo(nv%kO5ztTdOb#h zMZhTN?g=ziR5Fyr0hX4g0>P4Xo}qy0=PwaPSJ#F-h4>yqpGDwyjDF&ZCQmB{M>F59 zS0rNa$(ZvXi{^$O;de?I3Nu3uGEFL$5~5h@nE>z-jgs{B zjWx3_e4iy$qA33yoDk(~f!6hh8QZRU58^UXKP7RNzAlnseP&l-rHlKPfQcswSQ$hm5Q5M^q% z=objZEGYi%VJeAzV2nR6H_uITc<{p{05L@W`1PLj;kG|2*rZG0PaZJ3-esGi% zB77VYI_b@hMj-K#qpPW9V9|1jnNVi@JhPU15#gM12&{U$vxXLl@C3X#2}3VtA@S8T zxCrm@TsVtw1^67KqE8Vg@gz6E74;JiLU=&&D1^W+B!ogXnE*H42-(CNGag~793Xg* zPWCv28K`AV=$M(ON?3Vg0%4H1QA)AfA9VXiw}aDR|76%d{lES5VZU$tkE1vQ?y1>4 zM9x4xRpaCd2*H<(r}N*gb}uDbkFo|4fy4op*w!?InLCB~(-4m!%pP#UIFWPD53vxQ zF;X4Jj6+C#EQV;Hf2BsMU3i+KX??3yQ0kpjU{2r2d7NU9EL2n6RMI13XNn=QI7Tx9 z_nunGUZiL57>5En9e9wy3zOdXzBTi9VR$I5d*)Myr*1re^#wQC`$*t*le7A<3~% z=tK#tF`4Lw6%K($Wd85!KSTnecQQCRd#3;PS)@d6_vE|d)05-=@saVDrC}vP#)8P63otHavJ0Ta-%sUn#c`OAx(x?{8n-xbi`6gQLOz@1LBM?f7Oooo!f~Va4<)LG3s_Y&y^uLG?wJ|1=Om!YWWgb zfZs1cH?J*$#kK{SU;L@%OT+s2rVz%!g)8IDLjkMT|KRxi{IsU31K&Z~!5xx>oUP%BpZ?^7^Nt=rKRKYr{g zFO5*J#+{u~u4>?*ZeB$@a>bSE{%WF5#kd3dLs>o4M`y?SPZHfE<1u+aPS-&e7SI4? zBwlh*9yiV~jFT{&qYnuV$(Se`D2_GpZs+e{VC(u)VNe|rX~aQ$^yqKN2si}^!gN_% z=R$kH+BG!61nuBIw{GnZ?`~9GWgjW;e3)-85d4bC`@XhL(dlidzV&O0_lGussw7NMGqr48LzbvRTuZ6Dr5Z`48b(FzpAu zZu|?3RWsJQ2a2i10EDTfeTF6m>#8|-bDFz~?1j!QDv&?4KcsY+^S>PAc+T2W`n7gA z#sq{WI&&S(PK$cPLfyp?6QJE3l&w;@FVy!L6(j%-K~rx-HhH6(R8FTnSmG`qO{=!8 zrzg;gM#hbHbNagl?sO{$-#9(SPi^X=u4Fnmg)nl(w5JDoh(3Ny0~6Jgz*QJ=9IvQp z)}m|1v!+h!p}(<|=-OGxLzyC#jLiL9^hbHM6^yMv(1(Ocu%xj32;^^fIRaHU_cH=yjGim4`&=2$*D!&Hw^;g9y^6K$ zbSUfU92pSB3HSm%A1S-Aw8CGY=ak8|(6VmVL3{C{*bB`Wd=%ZmyoH&PMpoTIShZ5J)zn?Kg;!Ku?l#9XxCrAZ zewRdOaJE_R?_q>EV~sA9{U;6eR(7*g2QBxnTw~D&?bX=#3dJRkO~w!b;a*(5wnl(( zf5rkidZ*IO_SsAZmQ$Qg7I^hsb4)y`X0ENp&on}heBj2VbA2WU61Bu1dw9zGG3`caxmEpOmFwjDG zt-HKf7N^}3?;mH4lQCK`Jd4KZ7cxBX5QoGkGMpnq17hN>l<9hlu;wg5_n68x$E?y+ zFRsFR5os53YdM)OU9&muS&86ryFFdGZp{XJntfimtz8jW>^U0&SO}{*PHogo{oTC( zrsqwyo~^8I{$Tga=y6!kNShd{_lRuW3JzQE!&hh zGg)1e!1_l9t@jOj%Y;NM)5ywz7bJ?q`C|4m>MCP|#K_n`+C#O;(3pcZb7IV8y78U2 z)0TY}hV&ye{2sB0WQH7aihG|9a>_fdj_qr1jV%~Ay>FC@T+AUic8DmrXk%>(n_T1= z3xS9B5GsIwM|JUhIUY`k>6Oul%SGE;c=}{#)I6W<=kxC`Nrsm$!Z6CIZD!mV!6dCOod1+au(vd zHF#>{!K<*?Rp8`d)f(ta;nzi|lKqCGP|w1Wcv1$z=N9v|r9uDayFxvnGdADI3~1E< z{gVBEq<$Ur|2|3@K&lgy%iG3g+L!GHXVnpG$J!KcvpN~r3hP2ov<0hR1Dik}4Cx>w ziBz`vD+Lq1HL3HRX9xvE_-qFJy`o)X^bANZi6x2jL3JV_vd3jiYKRTK*ux7~ED$KK zZH}X0Du(F9{xqrj?@aX?B&w+X-%JzyUaSNm!;P?H|T9!6Jlkj zI0)_DrMh|nK((HJ#D4w6I7=jzur*)587-0M*V->KRPb!|C95>`H#Jnr>_48 zPfGiH1@+os1sv4WK~4R;sHsObg}qYSeVW9Z;=VP_kdSzdaZYiYR?WDZM_WUx9X|Od z%xF85b;_FdU(DHP(`krVsrg@zb%P4+q60XZfz zpU~~eG1_u5tiDQDR*u642qXNk8B%45ZG+et7n|X>hRH_gFH<8LO##Q7nxvYVC9_-~ z(`YbHYm8+4urqqp$ZSrDzMXSdq-dwDnU>FLer>4#AKW#L0ygdcpPiTU|Bp`&`TzSV zPhI~%xVt_IxV8SD_)6%-AxQ9qk7qz9#jV^1bKp0Y&ZsyD?n2#ZO% zO^M^?*sN{V#&T@Hw~kb@$ZJl>w!ogY+zkDznelg7j6ytVC9_x21PYvj=7o5&ouHns zaXh^`U)$1Tj-=0&=hU_q?2(~!9?Z97=$P zD9N3w14>_@0NQl@uVV%_uKz*#{@>%Hqr>{&OL_9^e}7AVgH`_pF8ET}X#GnT`B=6V z0gdawzqJ0(j}HFdUdq#6|7N1?M+DqzTuoBIQ1s=m`?R!Q|8mMWm6)`(`t#DX{?C{0 z|35l9>mSztKFSkZ|Jg*_`MSR?Ku%YE`lxOj$ObEHj$6cnBwRY|UlWoTxP$sgiak47 z0N50^uBD_ZQqopFt+D>sQ~HI{u>OzxOZmTp)8oVX-%ELl>;G|-{%s1jPTwyqdqadL zKf?xR_bxFE4tnGSEy}1LN~x?A;|SRAWXyk_2AFq${flDrM>+(11=xB=1WEE zS%D4q-_iM5`TYOUdH-Pl?WH_H`>#0Bc5Vg!3S7DmxfN)Bqf3pg-UsCJ!F)BseyOYU zIgF+wURAVfsb(-U<@Gfr=ft<41!{TqVw+&p< zxrZjpqUttu7H`ZZ4f#?5-o=IJpNBu2eUPPb3Rl|~Z78{ikzoEEwEGmxG9mZka%)mX zwT6D%q`+mmbkmz^&u3vNwVk`;%3Rf9;>*{}eB{ zsMpk^7-&G~1VtbOo~$FwvYuHGPpxD5)%Uxw*7DwFaCd90Jpv0-&4strT3O$%%EArm z>a%wDo)amd{F#HTdi?iAkbCTOi^$Hp`hU&TFI}4RKbHLeqyFLk-@TM4tN$M(^{cG< z*UkDG{5f*Iie=sPzed`3R+{#I2ggh6|M=|qu>SW^p6vR6l(g>}+y9EOu)*+G1KR!Cd|MpVK zb{vjl(VGpd!S+Ko{1tZE$B#AE*f z2XRPzEDWw+ahQN`3-dUAZ;%QI!Iz91v=Ns6^i6?|Rg|Pn-&9a^W})ju{K?z^<17pb zo%|99SV9Uv!VfnIpTH0e@+ZI0>@u?SxzytMx(Gs9v38|e@(W{>Yn1lmq)NEZ`*la+ z+Z>Q>I<6Xnm<66`Ual|MZ#W7Y+N{85b(OW>C}ncdd|RT*cE)H;;el~;ieO{C0W^g~ zD4$079BV}>c~UU{7AwV!%Z2$@!lK@zKhTGSNm%MZD4+%UF%Croewu_~J#!Gs{50zw zi6NS>m-=bTF)T26y@4z?Y&V+e^45O?pAjD}eC;E=+hCTj=oTl86FIk^Gf*w_X6egI z^)AEP63WteFAYgORV2a_@Zuy4m4C-U7Wl2-T_s_7W8M@c7sqr0>jLcNg2Qc~cHx1~ zsKkTL>l zPx+e27<0u!;?L{Gs=$g^S44jxOB!-6!h1XyPH|#xB2|(85*nsKE{D3v>9JV$bYt^> zr}(n#Gdd=dg=eOkePg$mdghn5&kFK@aVd((4AnR$UG*w^Q5dzW8lh!{RmzehWwWgi z^UVS^B}Ta=-6#vWv?iz|MN`7Q>wni@sSc1%W+D`XxZ-RC!va!8%TFMSj}TIx`ihaZ z|J=jKsN1n*bs;Q;(+E-0Trsmb#w9d>dmWb@A~3)X+)aP2pq*B za8LOl3!RydI<5D%I-p(6`123(}+t5pcOVd}FVz#$f6=OJjS9V>}`ukpzT$ zarN5z{lfhj3*>N?NN`yUR7}ZOnk^h>EAHb_LW6~=QN<5i%ULz>^~N#J_S6?ty?r=r z>6YYBa))HF+MqD&XfagKY5}cYK4u=i#c@%vu3m5122?&!cQCJ5eyK)Xc(K&6-7K;d z{aDX>-f9J!rBEbcSBoKqy_N&2iCbR7)iyy9J`s{Ix4n?iE^-$eAGwUFY)n{|P$suA zdRVN+ABRIEc>=3&ZYlGY$FwvO73u*0593acQ#V~~q%WRUeP-wn#r#A0v?m-lOmh6KD z{m*bBr`vh}jrM>4sI32wP7mil_ENTubCoo|o<^Ro?j<~|Quk&`m0(#_|NbJ8Q*&|F z=IXw?Lc{OH4&V?F4!->5`n4E#y2XWB!Ji4oRGJ+AA;O7d9UO-2{({bLd=`U^O0HhT zo0o?5&shjvpHazK7>Ag`Bi#SqKkb+Ee+Q@MhxYQ6{Y5;-`IMHPzNzY@jX z39!F~#1h6yD3(NGyKZ3{0VZ@(g?^evi(?kxELyw~s*!qFIT<*kzq66)ko{vl=w_be zu`9DbPgtrj5>Dj2_%x>g{loc26SY3;;#e%$&a21IO!JH3O?SZC(W}ua;kAu!0#SBt!!L)|HHfmCFPkV&EiQCM{tq(F#;rVPR!!6?Dn& zfO1e`QdF+--B=zi^#9fyfDQWpxPLk*`~Us(ql5n6NBLa(|DgD-@QtZ=19S!;uGc^w736>W2--zf7+BXjaH}3x& zotD4X#UzEwbigF=h)~_FA>shk=kwSc z!T#iX`EY`39VAb8sxtXVn6QrkK@yR zS^l3M_J8(M%91k^lj(H*0t98KYV1QIV+(r@Ubc#yxl{`~~SBkiR``s`jl zrT( zcJbNfr#aG7`_hk>G(_?4vNCFY3!^^D1 z{|AGU!}-s>lqUV3hLoPX8E{zS8)PFBtpg!vAD35~q)tDtTK*R4*KzvzvAwZ@t zSAI08SMjwV2kCRG1!(qy<2p;fP%{rXSnSUwyO9dKGW<-v|4|}vp^D^55wkKb>V6rj zzVcq8ui$|QDHI`!-uSj?%Dz+96lt3Lx7y?^sme79|Xc2P(<`s#9efyrD+-# zLvjkpXWV=eNPnCC^7;q!p%FBKG2>8-pvfr_=B2BLv9WuFAD?^b9?A|%gZ#gTQI|6& zyIBt91~y=m{dczX{qMoqA^&4PrOlm{mGDc zVQyr3R8em|NM&qo0PKBxliN17=lr|+6j(a9VrMP3)Xzk>QoB8EC-EKI>D%4ORCa2X z1(8P*(j-6wV0UXAfA=js_!KEpkCxjRp;B>+1P%@kfOCH5;6aY5KLg&sB{(E~0sId5 z!Nm-7>CSN!{$(3!Fc=I@kB{}ggTbKs@8R&|^e@BX!SP^tcsLxK{bevbIUEfCf(Bcu zy(J|=V*Z!G#&uO2_k|=(DU(YBad20pVr8JnP#l4Xu@56; zX!nVbg!RQ-NQmmoa0mel=&Q2z0`1|L{0dwUMn~xGu!rL~|2cFIzjFt@0EEv;EcL^` zsltc|gehV%P$XEweLyj1zk@H)gmI)u6CY3nVusjQ{lsGu5;=c~I81=|5Rwedq>RPr z;NbrLJ`<%bAArOp6fU}%5uxg`V*&z%1ro`)?<=i=?uncsKM|5eKBE$-td>!7jm$QQA5oC^jNcME zRWIp;Vp1G@Wq2qiqs z+nKhbw`81{Zr1g+$gnL#Kk1N%#lW#-d|A#JgpnBuqIZ`LT0LfmgF)|eYrB1_rds=N zX6)7gK#To9J~}?E+W+ID)4l!QMN-=3=R4q>1TaF59tKWtl7wOXo8Gg`09YFuX!GDG zyCY^~A{~SiIYUBnEMYo#d(Y5sEI~7T2g<^k_#!%D z3yH6W!FhO(=fWw!72tD_ia*7i#M2yrEAFQpgz$jkaR`B(NC<^&It6Z;5wfW_VLZZ8 zIY96ro$PT4cc7*?!oR8Lhuc>+T4CFAM%x3k?#nby6mNkkxVfF-s$O=sp#Vg5A4V+gYcoG?!0 z-19>$gl9miWDeH z!xFq(nA?ZFkWC5oB)bKwvIsJzgicisqkIhJ8fhVOIYNhn!9Yna0?CQLIK0y5Cii!P z?^HWewVs-Z3l>F8sRygjwcf=Mqf_J5D2L6UbhkGR*%*gL^IdDRGSAG6A12C+dZUeX zDm5fI_6eOTWi=sFU9iR>&=r~gyZR52fH*iF9-ltbfBP&_Dz|_9-Ov<(#R^e2jflC>HVSRA8pFKR3d9+Nl=*E8`Yo3F6@W&o{5H zUHKq4siOt|4~~zIEBOEPY#;yIP5QgRn+lg``0zh-C}JZ%h*9(Er9vAu0gB#DhCQzJ z_(A{p_z}4#hN>~wIlpZ~i^A3q*^gYHN)Qdj{g$fAJO_mL8dKZ6na=HSz(UQcD~y?%(5 zJFHv{HDk5^J_F;_x;>row=+&HUYl7!(LeMoRfCPZPNIM&R&y}yH@t@BG& zgKCIKBM#c5M}JGkz$r)&rpX$e3+(}G*U$tLw1fZLy0x#~U#q+dA1UwTh1+{GK{n`b zh$tTq6Dn*tKtCh7ax+*>Agr0U+%A`H8n4MEOeUE?tHB&4Ere92#vEP59*P2`uXH0u z-*@lXtZ2*$l@sLrhj1*J?w#J${{_LS5o_H8CDdX7!sOCELz{qg)?B(d&wa&qsj+1P z@`v_^lnrzKmxCP7S$Rmm(GJIifY3~5uA^CLQIA-tn>c0yw3~ynSqk@s{63?C1i&F^ zYi-D;Z&i`n;gknU+)|}!)~@;V09sPWxY2ITf4?A|er@L)r^ooIZB5jfOao^SMy{A0 z=uRG?j~~;(MExLeRgE}~m*g~a(KY?qkSF!f-&#&|?kwb?ph&GCb3YgTQJrlCu=NM} zkT40BRrfa2V|r=T=v-{j}0vJ^0k#)w|=flxnEnW z2}gA4&c(7C$x^~iZq zt~@t>Ep?g-*R6#HMImHA7k+$YW2;;0fizOvp$GDctJ28d)b&9AcAGs=SLbeefK1SH zWp$q`;CuyBczB1UKhv{V>rRKVzTP7PqBsCwpyy+S3oA4H1$s`I>`Ej*|&m(miEx`h|24Jj5aKi45n6(14hD zD`h%gnbw>o=pIwKVxQGQ_2MjSR*`lRch-~n)HRFKp4A8*x69MD^VTe|r@PNDoCO#2dHq;g z$mfOiy<_vWU_h(=A5`%F;qZ8HxVQhiNNE76Nlh*;8=GNY#SPA~BiN3`6z{S; z8QB_ip$A$C6|8{?^udrGLXt>@&0i~;=$+X*-+P8oK!nfkfd8y`*EM>Eq?g2!MEamQ zkr3JAGG=Rt4ZhgJ3zsYqD9>$jEBVr5ngDG#T#o0-yd2pyq8BZof$j*%e$f^D)k0~~urqHD4C zODrS@93kvWa;JCUQSh~^S7Ge5nK66nz)LJK&wua?y;b`%V@EQHLw%SMgxrJ`{=w6< zDx&AHsO3#UGjp%lJ>7z|LL#IBcwUgvTVG%Wo_@Nyxm-hH89Os6<04P|!wNF{vi$qD z)ZPA1*}5@+Hv4~eI;i^prziXK-#bZ9(Ed-^mW}_9EVKM5Jru5<_9`%7%DnV2W{c^+ zxcmj_6Np`uPt2JQLU?|hcmjMz15sAgHELNUJe_iw7K4$B9ec#liCLiiS0~#76%Y}J zc>X>^C(XL_>iQbJ>k1*3Hj0DL?pr>3lej}H=8l~%=_nSz)iSpx^csbbxWmlsVW<*FfAmm-J~+H z#g~}uj`rd4MeyhHh5sE>cl#d^Utfp`ygzgY?rHz`yQm*C7Pex77W+RutKR>5czk-e zxBojyPtg814zz7yf-D5^U%$S~A;N$C`VL((Rs;v7=)muHkvC2z6W~TOdp?e_Ph`R8 zZCx;6Au=Rv0AC+RUN=-;V8}Y(irVIG1qqrR3Klloy<+oH*=(V0O~U@H%_};i8?>$2 zsohdzS`GAO`oEhy*yjJ8o>cw6qtlbU{@+RZLiGRRtNtZgU(Pt-KzN~DwQ5oGH+n%& zWk$ASSFKR3s9q~HERSJ`7+trveS%0r!URzMW-c0Sy)W3_FdSocc zZ%En5iT(6KOANVT_c`4HJ0>!p(9PK~*0LN{UuG+7`(cd=BmA&lr3#5{Qn3LS>(y<6 z$y(K4q#zp20LSY>Qq9c*EZ4_0THt8|NX8Fa<45((`kd(7Ik&}%cG}u``K<73P5b}g zu5c8vZTXe>dr=+y4i5+eZO6w*OOKDZMxZ37+ur9nfiUDYpd<{KgVG zML%Ak;sL;=yXlS^^~}`w=8BwWkJ0N5bQwqbb5hOw>6YrjjLSL;wJt;J8B85Q*qXd* zdTtXrW!$YSr)5KEhgPDy{--Q}-`DymXsiD>TsZ%Ia=6$3J4sJa|C@of^_c&A7J#ei zT0>wTG{yc68}_iOH^Vdti<@%WHjbNPv$j|lFi}Zfg-1o%N?pnsChnLq+5O~?NiF(+aB{S8{%5$~|FxU+ z1oeN-K-;=Ac&+O|e`QQAJpoiO2o=3kcR=Y2R6y&_|5adM>--;9@BckIJlxO!ounr} z|93a_*O>KR;DoQFwdTKMk&k6(70^2W2MhE6>~Qb@?Ib>UD zd7q~4^Iy&wrxKH{s6S6_^Z#t&{{O?n)4_iJ?;<_H`JWB6tXYD1PJ{ZB+uu7B?O() zsoyRJ+g-=2GLT7t!|&j)DT1`@av3!8@YlHnfdnjG)+J}5dRei+SXCvufV1I zkfT8J8(rwyntebnAIw)H?3cPKpTlT70%oXl5HX_yx^HD}@B^#dq=avl?_^%_2GtnL zS(D|sEWFE0L?CCZ@v!*2>}`vb^xi|W%cAZ!bQZ5ICQbQ55#Gjy=$}VE>wS==bqLqv zi!Pkp!&or?7P@_kWs#A4aj`Kg<3^z0byMIXU%KdZz2{S!N*y?BLh2iGcU2)<&*3tF zx2pZun{mghZ3Aqz|0l-_>%S-a^WQs3PuBjY18r9b;I*x9IR;3%vitLS7wd1f!zKsR`PKK^Kx=tx zGrHRaYmXp;)NPqZa?YOmc^f?hx5o)&8%z^-HJr z{T~bd|KVVN|L;!HlePbkvGuEJ`d8icHT-kz`6{MW=l=@ZzO&S}{yRKcnEywoNBjA| zi}YmY|D$aCZovMRjD;=0U$Nt5pL}dV{J$tHyoFCD6{xSx!YX-JsO-WuK(`$|L-O}S^Q@> z*cAf2)^s|o|C$O{T>rJyx4-^tx%qRf|7KF!`ucAsrme33`YdQPh_5+k92IkXcDZi6 zZd^a~>!C;&PS##Gwv24FZfsfE>bkMzYr}Qp5@%anH!gCw`MU8w{W($_{)0GV^JwKQ zf2Fh>{|%4TyE6V893AfCe>+K49Eamr9NY~pV0)Eye+^Fi_^|*Q>lOue95?}Hp0@My)E#u zjFYtJ+Zv8eEp@#Se>ykBI158Ur@zDjmXOkq@WXY&r!Ydp{K+pgyNoP-F132TDw0qr z*3MMRexZ+Yi_*QHR0>P2U$rN`%?a6}le#{LS>T!C)%=qEhNG~h%#!-7t+M!yQYOpr zZGkJ>7-Kbs2gc1Ql8yBO&Y|%tPQ2)Ndf+qGsTR{()g>?qTZuF(1(OcSZF~g zphNW&9Ez6uX%dFb!a*qW)2w$SMrg`j>Zcw1upr>oITW_Y*TmKFGj`(oyYaikL z8l!wkvp8X#$hrNTfhw67OJ827cUiq1sVwyOLYFjiMIt-}FHXWx`F9*-LEie^WfF$h z=1oy^aZIPMD#3oPINTO)OAmZTB_2dZ>?_0~X5zUD*8JDZcFcj84e3^vqmMznFs|T zE;$>+s8Ffm|bTl zx@|Sxk;$_uB&Rebk#pAvF1-l}Aq~kDX$XG?O2j|i++1ESP_LSpYKg@HWicW|D3Jt* zuOP(pYZGu9p_4*}7&u`;_UdSmy$i`5?7QHzb^*}4Mb&VAar5Ta*WUZ{cdxH6&o5pV zDBY>)_XB59xo;)}!r%%f<)`-frS7;Ck-C`+uu$*YpMUh;zW(*~+iHczYBXR^Hhl|s z5E>=x)Dr#S=c{+;H}zC&%s|MdQ$yLCFdkvqNciT>yVu?iZ(hHBwPqdqivwCpg{n|( zUDxODF5kYs@~+Nr7J8(u8iAuY1nwyxq|}%@7A6tAQ{br?7^ic}V|Tzg37}4eXZA?2 z5DNT>WNZci&^vSKdYU3tt9e&2f0n{QC40@l@2_Tm%eJzfk6N?3*!7)jgpxL?s|dJU zpT5Cs%WE)soQ1xWo{eI#8gavXqOC-1~1}bJ`BFz$xvyt@iIH5sl zXw=EW=5m&Gd^0%a*_wLE)Z2%nj&4a#C3i@M%K?R%N99mKrwO!t`j~O}4#!2sx_rK6 z3s8AS-NL+P`lS}N^kSi5+nHob+OZmX-e?AzsZeBLTazKBy^;f}nOmI0^_ZYYp9o2q z+g(X$7rBp(k6f*(3MQ;bD3hCj9u}+q$KeP`p1`s?H`IBHeOl>>n)z*VR2=$7uD3Hr zHddFLPoXN!rl14k=y{FQ@MNNZ=G>($fEVa_L$;U&FPdI>m`d`ZFjP{SjnJd1{*o8Y z0ywWF)U4vm#5$|_PW;8J95iIX+T1BpTW3!9LX|@*$tGMHnw?o)A>JifXuls;FzSVe zMU&giYmrKAlyL=))R6Jgkbho4J-#ljA+#}7Ce+53>$;D+@Y=HeH;eHG3x77Xo&PyI zs;vJFPtOMX?|7-o;Ux>s6Ul^+ zL*QS|nxf|S2Jr@X z)O!B^tUCYCPKW#Xzmrr1{%e6yT$uq>Tn4Br6AJR4@msxf^jl%bjzQvd6T%xq z;^}LPngwSom>Cv-gL$2N(%68P3QEm1H*G3%3KTQHV!3iyPSLGjc|9)DF8ZO*&<~6w zOR7(&ggzjv-vwe}0368~rfA?E4%`7s1SnT5;m{vr{}yN-eOVx-y#ve2Rk<7?M=vHgwLP^O2ZikeYp_t@ zAV<%IpQ+tkZ}=lem3O*W!ur8pXB(>m<4Fj1%eESmDRz&soE4U@S6_ZAI6zi-!+6aAB*_W{r|(0PW=myN5q6Z~Zp3HMP(Kr%ZJ5~**UOhvbt&_1 zH7-i)v5Ih@K`D`QT?YZtLkhKzZH7d^g2W6r75DH`?{U$T%s#)J2rNaoT326kaz{d# z!fWBoMU#oY*j8qHp^lr`4uDu99jL_-H$x(4* zPef?GTU_$yh`Y~{;n;2NC=1E6=!kLtec9@-@Y~HAXxyHJ3hVa$e2Go}f+&{r zSA?5E%9;86fc}-OLH1F=?&&?|!TIGIlTnROA%V(YHR+2Glc->%Kev`|PA&Fdsnx#E zsN^h+LrmcjzW*{f8C1{z3{TGX_kZss?cOLAN7I6`Z90Z73G=d?nOnRmPG2;7=pT;r z&qZrxx5$?*R7iw;^!2&NPF?2z9fA8*?|dkxHvE5jR{j3-;CQgV|92;8jro5OCPD(= zPz{(twaZCt41I)SVJtljVn(PmzcS@wf3m>-rGRSo$3e)Z`Hz^hhq?Y~&lDr=X%crWQzO9islY$I_p5X@#koaXDdJL69o*xy2836mrg3o5Z&v#?zOCUja?{VZE8j#+@S)#A0P8mou3gMl;pI~$t@ z**{jJZpKNzc4hYGY2UJsQs1WdH0J>Q!}&%twYuoySd?OC%lpp^`L!fxv2SZ-HeXF0 z6@rT~#5!_1S39wq+h*#h<=OI!jFt$aQVEg3zjY;JVeK@5hZs0Xr%6YeO0@!&R#{lx zT1Q>7Tc8}2niREjd^^aagZxY3` z_kSFoRKNc;+<*UjH)+lI@8(OpPbdt$g{9-{TxQ;;e1*7iefTkUv974AyU+hei~kM> zCua-s-=qEhubrgL{J)LWz-ODiMJIOIu`dORJVwL07i9+!*9>%*_n)qFA|%~i`$cG$ zefknotNvF$*W>R09iE+@RO5d~gT4OWN!s%M-{mKNo}qJr*aZC?1HD#+(6M{+5>bEv zNv2O`^!ou3sz6`WhGWvd!yyT@4oCMhpomZ*vAzWp-4Tp_f-qX#T35$!2454oS>SR< zhl#d-ddN_%J*4!g=ZU_ULm@KlFbO;&)b8Zt0MzI6*lg(})SRYy9ZcaS&z9aXcx5+# zD{5?1I1y@Xv>~sLlC~e?*a#+c+A`jv|7{TaanFAqoeZk_|75@Zvzt`aoSB+ThwB%h zD4R}QZghD|I`YRLaXFKIL#M@yeEO^3PgK0prgD%jyO&p)Kdm*hW0S>Ki+Rl*(Hw*< ziJ|T;9NoCO`+JwG*1Cel{%BYGONc7=tsd45X}ZU!n!6;v?Bdh)PjjZX_DDZoun@(& zORH7uTbS)J$(svvg=5oA(B-3g9j{Mqyg0Rcy`{TT7o}Ie4t>45&yQ={RlGtb2#C3I z$xAy^Tlfy9y{Tx?uGbpE&#h;lYU*bH?JZ(!!hp8;|Ix4-{~r#I_xC^SB(>T9G^F(8 zVZeTpua#QnzjeN$Z@uom&x37$|9v<(TloIp@Mu5(caol2Gd-2)c?c9e4;i~nV&p7a z2yl>7h@U&iQUASofd;6rqdbb{R}+@d0FAy!0r6$wg#ekpT>8<#gPN}eI_6Yeftvlm zK@-w1ot9 ze8{rsrjD*fx?>Xks41B!?cN^a;qc6-4hzHd-w0J|LR@+{PWHCUmx6lD-L{P zy~IJmLAF;P_*lviT$|&Kav%?IOb+gb2l-avgQjMr4wE?0mkMdlNBWB?X49|<;C%g` b`|m35(?0FfXHWk>00960#n`TA06+l%Ha`~4 literal 0 HcmV?d00001 diff --git a/released/assets/rancher-kiali-server/rancher-kiali-server-1.32.100.tgz b/released/assets/rancher-kiali-server/rancher-kiali-server-1.32.100.tgz new file mode 100755 index 0000000000000000000000000000000000000000..5495756ca0cb68c21b1fe0853d0688cf97d223f9 GIT binary patch literal 10200 zcmV;}Cnwk+iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBxm)kb7=lr|+6j(a<#Lilj)X$9W$=U5`JBjc3(YL#kIkR(S zc_6YRAtnJD0M)H={N4B9!G|bPq#mtqPlP}076}vz1)%DOLILEM`cvTDj|7LLD}c{{ z_b#WHOLvZ=@K3u){eHiHc5m63IBBlK_k9h+!TG zH-G4A&Q!740Eh7u4=QPL_>>U7Ow;ul2PRyfMQ+Sl1ab7?@!=68$-V%X^--I<*(GJJFq1$oE#M?xp+ zB^`4tBu{*qaOgysP>Bfzu8Ts1NjNkmyNXlsernz&QzEh#Wl(oX$82!|FGkXPE)8HZ;)Y!BKWc zOvzX}2q$uigydMlWbSsJp}(^PP4Ntrf%!<;9l}c8A~r^nM1bz5SfV*gIJ#zu1oX@G zTXaXl5RCwhz{iPz&NIZxWGay=EvJB#o05JC%GH!$I0=MF|5XH0r5>sp1&I-O^o zXXpl`By=JSt%yX#FUaTe8r@BaKSh`WibL!}pp3f8aLMSHOy1#G_4a!vEjNsYb0nus zKnem90RbA#b)lb?L@q68Fugqm4sPdJr=u;eSAbWJgPx%P#yAP38hm#uYYu!eFw*I$ z(WjuS8jvIyqR(IK4?Q~V?{st;v6|kFfJ#-+j&RLqFCyY0Pqrx zlJxbBg;^KA&k`!p6blpskBCsFP}mX(X29oist~8H@kho{#5f=YXgCXXx0-6x4p<`X zV`^$o1QfdILu#dw9ROq$LM}=T^Sj9T?mLCWaS#xNA#vzgfaoc$Z>5CCV?v3Xt0D+d zrbdf?fl$nX;@=*olGq0Z{CPP%H^t%J50e1I5dGuZZ~v(u5t={xPCuK**yP4B@iP42 zs6~kIaY*Q-H#-`E#7Bhg7NbVE%hS8IpYvm^Y+mKEfV1gcySVjUd%$` zt6^{v-r>1$7T*f+IY`ByVou^o4!{-n6AnUnK=CMqz)mEDLN=KIH_Zsy#2YgnVW}2C za4((gaR@U|)0)sRGf$PW^2P+hATM*&@1J%1gKq!mc5piEpA7q_|F?fW?DuW^aTJHZ zJvEw#$Qh`os-HXoA^4K- z?4uchJ5SAIFVdrTj6(sP4%|!Ng+XuDzBS`^p?fDDO`VWzS=$#Bs&YtPNeHJN|+dcX7@#)EN|M6{mtM_g-bMi_@6lxu^u19sCo5Lp^XX$Mdvod9yfaY zpnrV+j9lYHzQ}x6=*yRXYB)3kpat&{p(q0f7xm&g+QVTrnVZ5b?vGZGCIRzM1}D4_L2q{QM+VTiu#efiSqsBE3r_pw?I ztEGmTv3mVJ1+%DiJ38a%&t0`jBNQySvqQ>N1sv4Pv*?9fai+Sz8n08)?|^<+sE7LK z>{$OvqMKwqCilqcI>^!j8la5DOAczqjk6lYNf^%2rv!&&OcVx+W6iwV`5PG8I=@sk zsD_BtE=c3DCi5Knr3aAPY<9Kh0HSA&H3*Zq|>eJe6#2=>(r(u>P)7AQwSqh zOnbVMhv@U?)G<*#2wYVoj^h?z2)d)WsVD_rsUNGdP>i|kvT^PkSnA~)E4Oz2T$XaT zvR31cXw#j`Wi^teJ}frUqRVCWe-XxJ1R#M&ieWNF*g79j=6pcUO>;Cpc5f{p(_~*D zF-_gYsh_%OMicQWrEHhSm2-Q^FXApaMO^ETDCmAGG_DPRUgr=THY2$8X(U?1d<@`|%pODz3RP}aZyzyA>5IK{WmzY#?h{hfmx_dBQf=zpt6 z&Wpv$bK}=gr>St$T4+!dLiTg%$2Zoux}zRQJ+&=*Ag{PAjr>hj59Dum*#lK|?xzRH z7(G{3_qhVj*D!(mcUbyUJ&U#ObSUfU7#R@70r&zvA1Pc|n&B_dbIN2}YFV@EsJ(bm zY=xE#av;?Md5a1%Eo5|-+PsYaidk3TvsancQ}`rpj&_kE?IKP6qv#{dTfmgmv+5Sy zs+F3pChsy9UXgLR*&Ng0B8;c_eG;L;*=DW3gAwA4H7=p-f2pgtvYDkkXt{mm9E%vV zSA*|W6_+?R5kmxodvW!~f&k(Ej0JM^PNkdevzZ7ir#PG}@#?YW7=KdDSX)b;sfQl< zz|E4@MYnppkO)Lso^Om8MIXNx|7rI67|nNi8||sB!_D0P3*9lr;;%5zWS(*46tXY% z%reb~>247ZT8-qLFmG!ex(8{<*5+-a)xDbSGthbX#PS3i;meOQi9d36L+16C-7@Bz#R$)qThKM;E;&Qis2Qv>_&3_YFn? z8IOSjEtj7Wtmzw$7UZJ%K}^Tcy33Pgao8=%{$b`g8KV{5vj|SVlJ0@~I3zxi;T#bf z5aVy9Oy^sqHD?LB!&I)>XO&RBI1B4lq@BdA^<+ME&E~XcHG;?O_H^aEH5=?{^m*mB zc7=%a?9C`fNcP3Rt&A+(FhQILy^)Wi4Umas3@p zLKTujCx$@jI7}9Ph%MF9}{8~8HgF+1Smx^7WxJaz{+q^9|=dojZCHVUBW{MYHp z`QrRP>JJY4zxzoKIe+&xZBypVV0BFZ>+c!0-goF76B4n^A}atdNECiRQd`i4bW==YM)lt?E)K>@qK@EzG0f2mNaSz`M*e2K=KMVTz?`9#jr67zZW zSX#>GF06bOTdz^7lP}F`XqFamO%!u$f*e02K&3|lFXk{N_qBBtCfEw{mHwtWNmO{U z+Rf zt>$Y}gZPdHq$K%hLgIkSSP7@`yV)5P|x^(gpyJy>Gwte!D@G{H+OG0(sE483*xGGj+Fi9>zj5`^4_75>T7 zv`V7qv8d!tLOpY@*d5)0v_c}JLV;e8(c4^L1)hGsy}jB%Vi`MADdQqf{L>mT`)Zs3 z?d|`BZR!JPu>Z&Xqq6<)pPe2Z?EgN}6SV&m_9({xCswfh_UO2JTE+nr=A}nA8*KmO z)h|e&Q*5JsV$OUJ!t>+A6W}u%h(%3Zp_f&{lL?1O(PgRFu?HcYm<4*3>tuma0TFSC z=kGIkQm;&}Z*I`Lwise%qc{k?2uzLj0)c8n{ebQIiE)-lLff@r!o0~+fxYvrF_VQ~ zgi%x+0>xhGwQW-bk&svlgXv62jf6O}*lKL1NAUXER2hjDNfayoY;DWI6H1RTT zsJ-SOhl343@8aqWvQUT62}-R}$qZN<)y5E*y&xPDFDJWX>?(}HlnBWt97pX;gWhba zvkTYh%j!1&m{7CQe~6Y(m^ZfcA65csEpZ_|A_edLR8@0f!lY_y1&h$Zp>KNhzXkPfB&d-|HskE z+2C;h$6nGCwEwjOZNHcxa{>L=ukUh*@L#{aLsyK2b-P5r%_47W1q-^ z&!ch2h=s_Iusb;V(E6r(B?X48^F>kHepyL^`UNEm>+N2#d8ur6(6%~ZKWg)e&WJ7A zR`1lUVfE#d0}g~2+HLCw zGk>dh^i^hLOSZKN<%+7ULe2g-hKSKkYYcShb?bb~Z~y_)7lpRBeKxxn>e6*})>is% zH^^zHkO_0Zb%yw&@UD&FzR_W;P0jaNq%W!3fd~vK`E|-6!uLB6L4@z0WaGDiZyVbG zL3``pBL3riP`3Z4{X_i6UeZ&y|AVj4`g;ZQ+JFKMX6j(3{wQYZfuXQhD!WfeylLIH zrWg_uuhGwG-KJD?-OatNDb;qL{JKI~4{43GCjN^#8p=;Cm zby@EDhLrW3*blTc>><<~KcPEd$L!1`bbEG;wOrg*S!F9L`(c9$BYeMEr3#5{Q?UUT zo7HWB$wt**rXU(k0mqv{Qq9d0EZ66>8sKRSNXGX&<45((=A7s|e0Rl)UbHpy@<8xw zL;HX4u5lE&!Tt}3CyN`1ecx(GV@s-kxLy+JJAJ2eJid*>& zaNzGOp%e7eB`Tf(UKve!T&rg$zBgCoJbT%O4xr39(jT3xkEdLz2Qx0KEYzk9ZDugF z3t?ySs_40Gpzti&lPlMCL`foq!3F?0{&>qR> z|DFZl>e{U#un+2d|Atw6THTvs8id85?52YQ=G?q3)&@B?)VGdSvX$2yk#A9ZT5_}M zU(d{Xm&GW=lU6!=6;GhZDQaGbC)+9N=^FP_RLAREp3I#TYN+a)DeO{sYu~&`Hxn$0 zb#@xErAyleRxa{u+P9nir)`>dF~cNOit54Ih|?PO)6j?Zy0^FgpAyVJCYu0&ruE-R zf9d?+`SIcY$GxN{X#ed%dz5A0f1A3iR($`RvDFmWx2BtN1~g!ND@Wzl4k^n+@h+uA z;7OyBTfq)xw7WZ&D5Gn!Wru+pm?d|@VJEYg+UtK2tBE^eOtwGyWm1Fw@1OOT&VLQg z5BLA=B|Sm?Uop@gX)$=CIYED6Os+fuRxk)9y;F6J?MW%1P3QkQFtBObAL(h&e>2dYk_x!h z95rbH!}n93_i1WB|K*f%Dlut``t#J}|LG6P^Z)4R+s%!+Bd9v0)+lpp67GG5`xzI|2MWEvIX1t z#T)Bf$5U@(08(O`)Ng|UY}EO>3}h1E@EiCWiXbh!S_ZW|{ADgdAOXvl^$^+iK4Qy~ z`BJB+XzlDu|a?{48^!C`m`WvG)O9(h;ycIlJY>F3 zv`0dLzXF%;eU1XnZ*-}7s`mkKd2c=&WWVQF`W{l#5kNzogNPXw&_0yC#t%^DCMA5k zI+A_O80+UF8o#o>YWvs>Sa1+<5TXu$WD+RkYidypG$3?>A`k*k*0E(-%Pfhf z*0B83C%ZuFd22Jey9MhHAc7RR;4M*0)^-b7a06U<)aKrCA|;eRbF)>8|F%eSkBvS6 zzdvwV7yqpp`m0lO{NIxQ@2G$H{@Y&Clf{3J7y4UQ{vV$n=Ko&Olb!#Mcg2`t=I(6YUsR6(y;@at)`TG%2& zk#56I2EUO;03n`#?Ni_y1WULNV&P`^mU1BU7x9D##Mgm~{wQf({AZ2nPUAlYM@#tc zd~k^W*h_k{_|I_gv=HEprqd$+!&JCt{D-B!`}hyb&A&(dM<%76$A4sE+G+fU&w^Tm z_?mOZQ8CA(%XRCxk?Nse4Mo~;vT@vqWn`<3=oBTgHtnaJIv^ks^18xRHPV z)P(;a4%s|fJLGpEt;Tq5BgKpey&@v$&<{fff`gj*QL>3dVDfDnAixT!Y6(x1L9@Ue=MwCLLk zj?OG~eZ*!mH^ev#LqaFN!~vF&(vR@{O~NNIM1%avFEqPmGJP(!;=L}CQ25l&RLg#$ zk8)elzMoVI7h1n=Pkf&fvPH*LeGs$2GsVmKCHp&$!iF*{>a$kJA~Q;vTm)uIT-nAL zdni0G%bX(FSa0o2ArWd#BYcjv36wl30K3IZG2?P!{FQ1^@6qq*Q^F)HwICGGqWUoo zMMM3LQ!g5XvQ?U0^@t&wu$TI2%N{Ib7Hrp->Ezab1D_EeE_{vs-)}I+S2T+g z#)+KU&(x@rd9n26rFxgu+mgysZ!dL8Jy#^c6Y%0B4Ar`ggDl8fzq?Ap@W#9;>Mf4x z1lA?k&DDn6!0o~VpHYbk1zuPL>3W99`TRN4RLBu?AtCYt7~>?A9)}4LlFv;K)#_{} zh-7?@zI+*0=aG1VzI@4td?uJH77~A6*H;Bm#5yDT9a+|pa}nO*xp0aDa}%A4^cOBM z4RS5iMNW^!vZo81f1TpXuFvS0OctJ*Z1#=aHtLyQ8l4ri0pn5>D>Gcv>_ws1 zu4+`4RaL1-juc{Bq2!y@Y08XRZgiu}mC~A_k`7H7`*Z)#{guW5=^!;iL5M5PMldW? zs(AScWbqL~Y6ZTcr|o}tF!DHK(%3=CNpzEp$K)P4JqMvLUwTu(p`89}k+g1GMR#QK ztaHdIO-bb3^?^%oOhQNZ{EH3eth%#?W+yz&|i|#QYuu1D(kwrcz5;o z^|g0>al6zbP1Oh-#UXG{tw0tUGh<;A!8-+>>S1v@r#vz;U*cJ{~1BSQr{r^02v9 zu2$;7G0*nO7fii~Vdl}IqoCCUT0MQtIDCiWqGDY=-?ELRyrVwC zykh#L7IoppQp0vL$yT&uJ@mZQ3^Y@r$il8BLrQzC1*m3jc@9@&f+Bq)Bw=oQC83wd zU2N9K<(kT1!it14xee%HvFd*u4w2*utg3TMowwYlrJksm-zGT>%j zRHj+ybYL7kuaFuZj}_3IyOag+0zI$E7PH_*-3t#>NnR9&N=ma9deqgwunK1ZTvQUO zSMiI)TC4e1{Kah1Wype!xl^Qe&YbRrGKW->ZMZZvTeG@`ze}>veiyP})C&)bCbyo~ zB9%%n;~E^PA>*YE|Ga>De6z5F(8Satp(eIm*L~m()rS4QX^gkn__L|${LlGu>H8mp zv-AGhVgGL*seZ_-t`{-*RncD6Hdd9uG4W<5n<{9w5r1Z!{EJbE!z&hCB$5dqhrqv{ zJw?s$E#?!Dna87Q*A(e}mD0}X+D5z6q(ri=$=N+h)y0~j7!C8E&K*f!KvNE9{?->86BS*g%hU^F=PJ_yi`zXrnzZTkyD_Utt?h6ht(9_>b=*KBJJWz^cnh*ab!t# z>4eaGWc9m1EDV4nImHz9-J`zSM~MKn7)v;GN7(-eG!U+(^IU-4^%28fZ$jiW8M!`- zdLNS!a0&%=W9sP}2~K5Ct;azjd|(3>3LND4 zx$rZ!o0|=P20pZ}wU#{PXVW(T1s1@>=a7?9%&L1M2 zNY=q&$nGxa{KjW7Sij`zS-g2_nE$beAAJ3Pbb4~OwEjOieE(rDsWgAhz346`t7)v(^%_g&$lcE5YZk&^h`zIHi?2#5|+sC{HJBm$NsX1FOW53h8Ti>72E{q`cT6ya)JeZ|R)gfM~E z!pEWR$|2GSyMxe}@ev6Epf_{j%g{FO+wZ;ZnJvT(}5+Sb>dZE8q4xbXjA$Y}ETr}&Z;)}O$%}K`#@r!`WYh5Dqp3!Ub-8-Fg zk;|nTmwE3lGKm%&BH%5d$^9ZhP3(fI!6uS84nYBY9Ok2OcM>Y>+;{U$HvJ2tSk7M& zZU!l5=EEZTSGEh;MFG2`cbEqkS8q&4HA001Du30aFGEbCf{}h~EnlA+?7vd0U7u0O zSr~_y!UKH&seiik{qMo)dH-Pl_mTE*l!~KiN!ivNLzjekS&HhSnEj`PoD zYh{Dv7cEpsgxtdp-NU9f^M6L*ZrwW{imB26zx4gj{_*+Y{;$2H4d(x4m?2SPN^6SBDZe2QX<`4jb^tcm|K;z$4$k}M2mjw*(qq~GgWcAO=X=PtJID_a=enT2+t2?8^ZyR| zr{($IKRG_cf9)l0xBlB&4LsWHEiPhL9sE)#$YV5|dr@`-aYIMiL-@*CWY1#jG+&}35y`&w-|E@my^9)@G#K!1D4D?13LMQI&OGE(z zB$+;$(d`CAr~+M88;(hLhC>o)9ggm%KoOxrVtorHnh}hChA>(Vt*hcUgRhC)&T+Y? z!$iA3J!Gg>9#VSH^F&|Gp%9sNm;@dXY9skL0QLDiHX)san$t9|g9+T`+0t7EuWj(R zqQ-`W6QR~d8}j-nY4b6Ttzbf{knslnZ=Ki=dj9kHxPM;O|EK4N?|rd;}lLY&{_V(HiBFY2+3Pq>%BDGs{{537`4 zUJ?58W!URg=THor+hVi3TAiwVoH1E25>Eq zTV2s2Y^%gMk8MW3+SCsJ*?Z(Rgn>=_KgUb)zk|WaVgF|@sR{q3F2yGg0}onYqtr0} zt@8!C*6Y&sd9ds6{}1}-$K~%o9`=9tl%82TK9T5o2oyaJ8T**T$XT@!o_l7pg!tqFQ20M&6p)LK*JwUKzvzvAwZ@tSAI0ISMjw-$DFDxP_v)7s9Wh3a^@~4 zTl;g#ZlofwkfF)^VQO-4Y7>sJC{4k#i*D7m34txZ$6D3Vh^KI7(NkAY(S^7@tegd7^dm~kk2Q00^e z^U~Gb*x0Q? zX2+(Np<(%+^1T4Slm&CQ`4IiC3EdGIusio}um9p*fB10w!?(SU-;17atd}Uda_rR? zK9({B*XDSmR+v2;liqC5%R|L`bFJ>OnAsy1A Sr~e-S0RR7LasO2SOaTC>rEARq literal 0 HcmV?d00001 diff --git a/released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.23.001.tgz b/released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.23.001.tgz new file mode 100644 index 0000000000000000000000000000000000000000..a3fa2a7d7c095e7617336c10ccbf24b4ecec76e7 GIT binary patch literal 607 zcmV-l0-*gLiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI#lZ`(W!&Dp;~=y&;cuq-=mGWb?BJq%lS$YGaZ2S#RXA+jWh zbg=&WK~B1EZGsL6kYPpMMG!@iw7~c12u^nx^R)qMa>BU5nCsXSHyuQl5767mu~15> z+2!T9Dy5#Us+vzH<#ay1s>*6Un@&`DHJ{BVLLHs?4=@lzoT#I7J^#3W1mK)!VB;Ot znGhNntZ$_TW{cAJqBBi{t`-*@2fWB2m@gQ~cvp)}l{H8@n!w}!gChoONpOeaX1O47 z@1xk)VKQ^jW4-q*bzjC00c!yvSfj`4vdv@GQdU!`RGIzlr+X7P$bZH@SYV_=$A*p) zg4g&zt1h4Me?Gf9^Zz8s^ZYkXLooQA(WM>9^?OPhuqju_P-bi6np)fp#J*o5`5|gt z;JtBXq-c)}4KO4j+48&h&ajWhwGB|W@{n5T$tcIJlg4KhP^W8c^h5ad-jmBV=BQFa zY%96@>9%+bKb~4c{PB>-Cqq1X1v^Br`->bM$hdZ}5cj%dLXh@Jr9P*!0%%OOolK2o z=DSzelwd;#Z?6}3x3X`J&++Q~pS_s>(@LHB ze+v9}cm`jK<@QME^e-s50~Y4Rj2{Rav3d|+_XYa)f5#lCE{fK0H>{-geX(;a8r10Dbn007;lA7B6g literal 0 HcmV?d00001 diff --git a/released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.24.001.tgz b/released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.24.001.tgz new file mode 100644 index 0000000000000000000000000000000000000000..0577a3315f69d90296fc0f62523558fe12704590 GIT binary patch literal 561 zcmV-10?z#(iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI%5Zrd;n&DmcebZ4tl;v|D_MbpEub%z{wXC*ckB1?iq2g~0N zveR|T5_CX-6dU|5hA4`p1inW{aH_#rZVgydCX73brHcCYzJW-553QYC3L%78R8{{K zLL7g^bUB;I*>XOe%`3T(6Cvlz#eBlV#hL#CT_T7RadEEW%l#t&=R5%!?^0bbrhvfu z4Oc*9ksE*87_HIO?1o~8Hw6Uq4P!Fi)oeE{G$s{Ipnmi>-0GX7^np->xzFE-GB%vvH=U zXp00I2(pk2{BFH7#%($a@uW+^SW-T#)Yn{A0EO9hkg2}R^6&~f z2{tq!hoG5ax@K8U2Lt&C8$4Jz=T{ZBv;1E_+^rrTc&jhZ@fQDOC64F+Op1~J*T9GK zGx(0Jhb^Y^zaXOqh?zfTe3wwOr~R2Z|K9f-F=E7s5vTDZ00960)x}Z?01yBG0K5o( literal 0 HcmV?d00001 diff --git a/released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.24.003.tgz b/released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.24.003.tgz new file mode 100644 index 0000000000000000000000000000000000000000..3a2cb529dc3b54e0120c9a59f18d5baeddab4ec3 GIT binary patch literal 562 zcmV-20?qv&iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI%5Zrd;n&DmcebZ4uwRF3xp)xqk#;ts@}qY-}>dBoG+4 z;Sz`pa_w$gtrXgZ-B9T9CIhd(VTjt z+981gf+Qp(zdL6&xuESvL2REKq*i)0@}cXvc3Jc&)3Hr(z5n&xtIHU3P$|a7N*;f@ ztzN0A(+4o8iyR!HwwvBSIO&ox7Ntun^);2{L1MBUWNIigKfJ=O z0OMOI#-NE}s$oe^M+3P48$4Jz=T{ZBv;1E_+^rrTc&9GU@fQD!N*vGsd09^UzXm>> zpTT!*J#I0X{skGeKurHJDc zVQyr3R8em|NM&qo0PI%5Zrd;n&DmcebZ0BF>n59TMbg8tb%z{wXCyWjB1?iq2g~0N zveR|T5_CX-6f68LhA4`p1inWHu(H9BZ#5X5M+`d*xeRK$Xdn>ZLu)3NLI@#dRn>om z5XWCp&Tl70B}yS?MJZ+zQQXa|y9pB)XZ{CtkswUO#kr0z_n!c)bp)iHjdjMD1OnqW zTmq3nuHCfJN};XU4TTPGGVuC4hNzvb*{;kKMj5oHe*M`-0%Ibh2H9e@jO@t;cB;d8 zW}(IUq4u~|Dvt@L8#eb;gAvglE!W1HYQ|NFTYmmy}aQj86iJpOW9 zK8NpjjgIu?oX1xksrT}x3t&zc**ipSH=TiS(j{XoN|#jXTPn+g#AG|jR9|L(c!ga7 z#y3z5K@-JP&61oB266#5c(8EJuPSV3`M-L&Up_wYR$ZRsHU1ZsIG+FIT#Wp`20omh z!S`%6Y%!Vs1sOF!O#e0GyNHUd_h;t(TiDc zVQyr3R8em|NM&qo0PI%5Zrd;n&DmcebZ4uQ>m{3SMbpEub%z{wXC*ckB1?iq2g~0N zveR|T5_CX-6dU|5hA4`p1inW{aH_>vZVXscCX8E*rHcCcu7yZ^2c4ar3n7G<*Y)rf zLL7cYwYZtdTGT>Tm6T#8Rx{fwhTIi|lT-Ozg==cC5pA z;h@9j=w9x=f_4EL1|e9ZhU$v#b5_Z#k6a2-y!F%l7dXj(!Y)`KOxG&vbe0gj#{YR$ zAMk%MuO|Lq1Z7$N#%Tx!zZ1H=N__JnWewQMMyefqaBD?k$}2iwfIG{;%$Dmk;;6)92@SjsLP1hx5OhR}=p)fp@28 z@GV=7TTJDDK}IbQGk?tZKA~ohyAyN%t?xHs!h{JEj^jrF00960VG~>H01yBGOs5OX literal 0 HcmV?d00001 diff --git a/released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.32.100.tgz b/released/assets/rancher-kiali-server/rancher-kiali-server-crd-1.32.100.tgz new file mode 100755 index 0000000000000000000000000000000000000000..b77c3d3a786a3c006d9515c720eff32b45a8aa12 GIT binary patch literal 612 zcmV-q0-OCGiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI#zZ`(c$&Do!V=!ri4i=K_5Z#bb{5TElO>eEbjudvC` z_!_g}(vDqK37wJ-26h2g^wOegYH%nNzivKB?U`N zG4+A^aA|AT*8Q~Uy(Uw|T__>MPCk$Fe{p>|zr7Ysb$XAz#s6$3_ve3pk&pa;5Bzt0 y24BKr*aFr43j){3pnse3ZKMj8+aq)Sqw5Dc zVQyr3R8em|NM&qo0PMYcbKEwvD87I5Q}h}6{A{IWsE1`ct8;SdD7Lbz-^Q{^QZ{!h zl}a!qW(F&gU;t3^Y}WU)-|7ZHf*j66kCk_`Vya>d2WT`J{RSGNSdq-Q8eLUmKGKF6 zKFYaKBGEf6nMhM! z9Kyh;iVu35NPP&ID5{Uaw~nvy>x3&KCW5Dj;NJGPD_G8T$r64D7WOEYg)mZyVmi`u zZFt__QSpp3%|{5J9;1h&BUXw(bESnW4&iz)Vr5x>+>3u7e;K7*CrXrtUY!)$uq=Z` zKwuJ%W=yFMcXp=2%&Kvm$b1I@tAZP@ zcY4Gxy5jR2sZxCyjT|ieqb5l-f>Ozxn;EZkG=c_NlrvEnCJL^oGtZgG4#6-beu>3c zv6;yKH?K0T<-{N+5rCx~HQD>}_q$E6oD~(%{#R9e8uO}dnd6ISEycC0RKf|1+Y{j0 zFV23v_cGqw-HSfAwEXs-75e|0Wfj*CU;tL@|Gk&HuikX^|Eq&1{r@P>G?QbNIn{46 zj(-7IZTpT-Se2P`J{8)i`5_DjQM3i_HCXYP- z)TqnmwFcSAg;G-Sw1*x0v_5`ff@XR$0nH6+dqjN*W+pV;h%AGYmzkXRnFgkT!3DmW zRM`bLWFO3oL&^+`wruw?2UZ!GGb0j~WpmIorc#~)OO(_a{yYA&6+XqwOe9SI50o<1 zP-#(23EH?4nHh;9+9F7)(22a}Y7P_5Or`E%aJC#qJRK1>XkxbD5~nOQumX)7S0d+y zVVNJs&kp}m9102Au(8O5nZvYViWP=)9Y+Y;L&e4C1siAR5lmR7c@+719>N|H{#&69 z$O*7C6=;lE21zD>scD7dlL1a-F%eV5p@%cJh%Na?mX{engwelbl3x^p*ZUs5FQ3uaDk>;?6ff)kEJp1wkDztk^M7GUF(t z_zC;+k3t(10{j9-psz$()}ILwej35JGN28~s>C;rm@G+TRamLSE@M%oBvTTE88*YA z+~YdOgifXTu^aeYB16q(rA8i?5%!Awgq_A9TEGa-s{(F>naRo^`3+Yr%|!vF64x3E z&Qa_~@Zt2^zW`EEgP1_=3X|w%S`yS3V$#I~zo!9FObKy;S^_nR_Nz_pqyqZaNWdwB zk=qeq%b<~807t4LODemP7bQ>7iPvy5L#?h*%eC5pp2;dpQB3T5rbAHtmr5uO$PpHJ zXR#6V<&0a@<%A@!1J*8l?8#e5Lo>z&bX+C0<1$v0z_mRVNfd6_Z8y)#Ro z&-sKaUL-^!SrEl?sgM)MVi4uHrR~j(7i4S@G?@-fFchCOdZAGU7^9HD8>X-HPOZ2` zrA$YObgudiSs!PJl(< z>DG9=#v}x42)_uzM^at@Gg(OGTRGjdn3Hrf|WNN}U(i?+6+Ql=gW=f5o4$VJNG9E16k zG7X#fuO9-(EmoFH+vM~IkX)%>kzp5&Z^ruflkgQB7@3gWVH!;C?m}?p5WYeBK&+oAEmOYV`~eJCKFMh@M><*D&BS6 zn!CJuCMnvnKuA;L@H-K6Zz(2v68%e znn+*;)A0@>_)ch5QSR;QDxGrUu!N&)CNkt&NMvSLe`(YSU(dk_26^(#_l>r~-WaPm zNrguMuY1;7(zW~W$;SL;;(Ytyhs_(WubY{&Bl!6?APyj zk(N?~Z)Q@7zoAc%l`^HUDPb8`O#{M6Yu>zR4V;Nw7{!Wd&>*i2xy3hpJd^UO#b!;b z+JFYHtY=TkRfO+l8hk3b(n1?vm}}BLNybFJ{OjNwnWpukk7?0cUp60nd>A%x@31dA zQ3{t)gj=ea90!l&(g_qrWj@MVkj#eLNE%%ql*g@(D~F2e!!=h*q}*mw zYC&pRq8C+v@U3n48VBbzZNc~G$5)hiQ9O}(&Wn@+3nRg~ur;oAZ=33nka2d+ZNNpj zo0i;$H8Y;$00mFD)=bTZHe}|xytb>5R4SXpSlK0<7_Q)XL+azDiQ1+m1LlGn%)46eS^;Pwh|-YK7mf&(iBxhJ(% zZhP21I;OBVMu6Xh86za>B~w#w+!j&8Q+x5=LHv7UxD}18X(Zvr5Hg$i?I38Wh;{&0 zq&}E~_cjdbPq!MLaRfK-0CQO?>98mw9Qb_`Q1u9X4eF0ln?u-*>A&_@XFmD#v;p&* zdsgiK_%w;$IsI^Xd=ZPq*A~^_BtQP~)pCKFaVE?J^?!$IHvJ+F^$s-_(6;iGw~5_KKsE zf|A6Pc^ks7zt&kt81%#~J~ugl7(RW9*EO#_9oJr8C$ZZIh%=e6?C{rL!S5ltHH;B2 z`1ENfoba4xN=ugl7dEl0q0BJ$OAPkvDN$(kG+ALI-#rm4IuGpr|4%Lk z`pIuY3}E!>6Ezf*TD{m41pYW!@5zC>Td720CNTI@hrxei=rh_KK>U`K zcAH;t9it=Q0-*R0!pA}crzff1oE9XsXqWWUr)XuPzE#I1hHH@@(stlPWZcY4{#A|w zoy_qhjz5ow}6N=v2ElpOBfu6w}a2@FkC9txjNyO3j+(M`J2FJh&X&Cc_RhomA zdCN(osZRvYQtRJPZ0=cBXm~N66ItG!USM0=G%tCw9Y-eU;jf56@^OhhJ^JzyY2$Q7n}B+)~VTu5oR> zy)}Z3{v7?M9(17Dac{$ND`m^GVpnQ9+r@5wexvnmA1pXsw$klpvD@Xxh5&%Bv|pYV zqDZnTUF%YBF9S{U>Jqv$$iV$E*a*l{Y93{1P>_J3D1|9hm$pf{%?jmJX2hsz6l@=W zD9|q+3-qyV0&!z4=E4R$(GKAk5~u+^Mr&L35V6DXb|OLR9%_AVhv?tz*~tHQ4peYn z>Q<+M*X4f>-gN3e_FwKDyn6EgALDTv0Ntbd%;}gVUg@^pwNHzYw1yQG)P_}tb}-4I zjjz5WZ|-_8x)Mct7@kP`+A>mYnG;#nT+ z*$!z*>K)qjPoGB38}GNeo{I?NtYA}~j>dBf$g4J=vtQa#6xy&N;q7h?gSw>Rb~&O5 zrSY6kkXnALW5pUo01HddwYz?iTL%o=2(D{d+km^z%Nv7FpCVn^{NN$RM1+0&tlM3O zXdM>2Wv=ZvW~?^S|BdT$r)rQj^&hVe-t2bt|K7p=Q~k%IJfQ+-WvNkDcho|7c0cy} z{1~xYiEK(8TGDU7eOGf%DA%FRe|!Oc3_CN}%+L(h8jL}Y#aPxWv`>S61GTJcU1}E~ zepHu7QpXNggrxvhErOAMVR_cy;_o1elotjLx;nn(R4m~0Pj*#uW|G;r!7@G2LN#?J zp)qqWVKEe4#{2cTq0_suuRZYdHe({c^lFxl^97WF8m6O3AT{`8E%H1VC*O@DABa1? z>~Kd1Z2K5vgK?{hd2y^xx22;|>6_z6dw@JBZV4DBc;Dc#nA})T`o4rnun-G*k=AkE zHa}Vv7S8+Hr#`9M+7@g>b8SL42+skp=-D(|=xh%Ruj`Ag7P{7llGpWi4clZ3R;5a_3XpDpH7e7AJ<>F&4O=~ z%nyT?VAH=YYFK!G#?0)nRx_j*mJW4scJ%fiFrGcjw?I&!Dm)VHkXUuS9E44=Hywao z({4no(d~)jI*rx(J5+An!xMd7&oRvGfEX23!k(o4bJE)2G9QuML~lxl4SI zv@PP)0ry#WPl|mqam@>^^_h}m9>$?FW6D2p(+*8bOU4;znVJ2q{na9D08t1dSoV%* zY<_`Dlj=iw6*Mp+=dvch4|&>yxMT|hrUWR6cqdJF3I}90ENhZ z?tQz5dN$hsZAjp5N4woN@VfIqyZZ;7{ono9FJC_G|31dE-Z$wU^QjN>Sj~Iy&D>E- zh@bX#@3^mPFL?V|3A*NsQ=s7#rxE2|ohPMZ`(lR4>Zo`S^8{po(u5zimU)ymh;+@lb9%p=c za`v|U;_T#I^P)MoM)Oit#t-57`%0Vh;I!FuGJ@ZVqWaisM{SOZIelN1WybA=>GmqB zevtM~PqT z0X~)g)s7Jg*=3^us0BTNwX-f9R-F9!J^*o*gG#k-^3K_4b` zsY!hw<01U;+`5m?e{7Wub=vTch8NghKkw8<1UGsjsCIB7IJT!dSI7F04Ac+LE6wSp z?`iM%j@%*OJC-MYZrOc^=PvsHwl&~u^M9|p^?xtlynM?4J<9W$_5V{9_(Pb1`&WYB zWAvs-8@1_@GVMD@{|{2C{TtEM|A=QJ{eKsyKX}&EfA8(@F6{s8y?MI-<58YK|G(hB zz_UITZ&by%;YA_M%KIO-A-v3q|FZJ(5c~63uDQ!Yzzbbw!q8FGXA1{ew|kBc`BeXC zG}_z<-4a2o(dzp$+V$<-+cbI#+#k-IJzH+ho-Nw5XLmGc&+cf^o;|?DCePsZ4Aiv{ zUCmzyNeJ}W?P~ZIf|5bl*zwfh$5u!}W^hG?UmcnJFvx^9gCPuVm`P@XAN`TyQGJ%V z7u}}zZxOv-T$(b#dynl41Q$mhJ2;EO`+~vy4j$AJE)L%WiwKvMrS8KeC^Wn`HbDvE zozV&E6Yq;pQ@OYqS2RV8_Z@j@dE+7?{##K@`*2!X^mtzsn{vo?OXUjaFuYwZ-A&=- zeG$8@Fg=JMg~gYfF-us7dEe1jS7`R|OqvUg>*Hz&LUX=|D{W7#Eaki}{y~xFX2c8X zJ?}ksrxJ7#fsOdLTP1pLw5Wb`Luybd>3v6BQe?Ur3QOuu9~!5-qVoWl^p&eFB4d-V z{W8>B!TJDrZA=uI-haHX0QRmnI;@U;Abh%Yvzt+5NeS)!acULUZi-8*&i1}I=%xZ_ zgTZ|ne8dJ#JXb+hgyRFk-8;_x?DvihdWda1B=4*-kz1eQ{b>Df|$w z!Mc*-d(UB^`uA?6T`UZ~H)j21&?|lP)hPB?NpFhh(>cw5if7~e?_Dl_cF(%~zt;!d z{O{hYmv5f(zmM^B^1r=Xd@ldHNkVSBmhMe6y0=Q*Ho4e;?8f20Nv5?ob$Z9$#PC9C z+A4UqdavMq`Qe^BrdN*FJ=OZ~7fbgNbkp6+XWb2rN3)L`>3{zVa(CPUTzCHe)$8v4 z|GRIV&i_5mv!t?@*88b|>$g|H)u|JJzWY)AuPR>9PceGRHSci__GcQ~mBl?hpVuQS zzmU~ymxYQ3+p;swzShlc6$h|*C#x@EuocpSo?phqZ`^v-SIhV-CI&NO%7LeVk%`O> z;qvX7eIr%(g4)(^Z7%-Aj&D%Nl%Lg&>;)oc%b>Lzcc^LTsAcQoo8=cFwJsd0r|4wm z7PIWR7l{!3dwt~e%iS;cmY}$2QS844#LqdCEd82gC|&C0%;|&HyZ*IY=r?Gyf4g$= zfwanP4|{!Xt=~MivH$KDzi#aYtc(Bl7vjJD{Z~)tKOg1U_@~!aISSruemceZxqgsl z`4Zl?PH;u{rB1~r7j|{vF2BF)sgCEml3Z2MnuI8iL7lW*=|2yc`|Lwnd`BeY$C{IuQU+-1m4^;ZMQ1flIZ;QcxYo5VB zW1Q-WBEq8|ln@*Y)*Qv7H&bpFyRwoB4DMfHz1hj98WDRwS=&G8sL7KF+5EYi{=eN} zkahb1;Glc|$HD$n{oms}pF#ik9o={`1E0qX+~cgrLoC`;?fB<@R_Om28CXmUsrdcI zSfl@UU+s1Be|xWAJ)Qq}oM#Kpm@!-x8jJ+H+Hf=D1&k|^(JgQ#ORm_I>p0qi%bC!0 zuboszgP!p$gJ~wmHq|1E=@1mpm=V{Uey}8X&x$nKf`U&;rNE0)@rn4zQ@9ak2LG`g z!-pc9gDj{gq68&ZkcooFQT*=Wrwbz$kG9~g%yU`5pWj|UDwK}msW3bAe~W$;kN>82 z=>Pu3Y`TO0^B?tfvC{w=v*fBOVInfFqc388Q$}CJV|EpN5u3b>zWBe<7W|nhAuA0h z?~Zj8mrA1Aieiy+wqx5V`PY9%MX^Huzdd<-e0p(w|1nm}|NiT}y*C~CfA#XsQ~v)^ zp4P9V^gc%=OJ*Ft6$vjiU)A1wG5hiE5dMEwR7}lbe|Ps_X{VVn<>AiG&CN~BXqZ^4 z=}u;c(mN4$ygWXCe*s6Q@8Io+(|0GACm&8P;F}NU@ZH7n5YCU!&Of~S?k&C^Qmc0- z7nkQJUw?;h2*6$p?>PO8kC26qBZtkv&1e96#lcp=2LT^>CX zB|@5riJ7DEOAz#nSG)hYO~avSwuJY9DudoVS!s;exb_gmHjH_}Cn6CnYeNt4Y?k~l zvKqh(spu~?*bY~n6-1M3kyZ#xLC7Bt0RPBUA~d-RT)C<&$7fauXjv9m?Sk?=0~D{k z%W3E!aHV)^znu`puW*Q5ruK3T9K*No&HP_DW=NZM8S~fmU{No(e|C zCWC2zFV)q8Qn-=oiZCWUgq+rhfGGSlY5}mMbJNOM%7I-ok+E^+>VUa1CRKaX(qhQ2biZQVzqzK11Lc8%yOsN#&P0lqLrZtsK|9FhqR@H#3=$P=Hio zDhihMtofoo_Ihg468|A|$>*qt-0Xjx?uOnIVHD4qsO6KFOcAFbU1%CPS3H|zq;N%q z8;gSY1Vj35zv!YcTutcO200l9HnJw_0#ZmFE+@^ZzeQEB9}`*VQY4kEbT)^asVh`{s_~Az%SAV6k?t1-tq~EnmlIK0 z4Nj#22BECRgGCYU_}BHcy#%gxc|roBe#|?A!i;Gcb6$Yr2`5cHp0~zngi!NeDqffj zhfSm^r8U>+@CM>%714eSe?YeihkaX5-+NYYVNtb@27e?$c=cHTg0=*0t=!~J#{SBx#8G(Ys7O7 zwMA}+&DMl3(PYCW6e5B&td(mBu&<<9D0XQOH6{=AuA8vC*RrhS&B2 zxq9w^q5G7G!7ZHj$Vo7=;)aQ0=>6s(gs14Bm@iB&7`Ps=VTd70SYsWBj=P7b7E_LX z(=c!*h(%2!Zf*883_>oIP>LzB|!2(b8>H zTJ`$7zz>&taQfl${=o6t1?(@)`Ex)QT70~u!;!>KS!@47V7T4s!XIm4mJ zJdO>m8w$0!O0UG>zd~i+VzN-K+X*NTlSa>=$(%M8a1p*#!$m4H@9PCwE*Bg0P-)VU z6mlT0xw4C8WtAI8!lP&TJIsE@kSFIaqIU9&9LGC;3j$W+%YT+I%l0jLNz_CY-Z}uC#8=>6ppN0YBI8=qqVbPqCK7?+FF_18 zNb3B?yz4~<$*drawKR3rc=|YEH<4pqy>Xa*zD;Q6+$=&fU>FO+x~{3;eYE{grNK`1 z?hVU;a zNuc6M@zw-Ud}F2){iFW_|ym)-%lVR%lnNXV+s2-0J;uW(>*T^z#eb=U+dV>qt|c91v`b1wMNG{J8&N>Yb)v-B zEkzx4h^bi2&w6R{>*lOMj|s4pdK1Gtp(%9Y3R`{86w+m03qg(Qcy0q&io7wzYSaL& zA_Xr^7Hrron3H|op!x!F?w`sm{1!V~xVlgmGT z`0f(EKRQ1@I=wtOzJL$s;kNvTZ{Xo?L!=JcQE^r=ye8Z_ZCn|8V^N`1EoJ?~l*l{_*Ja^62Z6 zZ%;1&LM-&n$>r(sg*`rS-+`OQaDtW>_%-q_;$dMF5;975ni-dB9;90QPL`3% zgeil9Pct#)MZ&j-^=|jDmCCI%KWq8@g>@7(q&yR2a_9)TsghdP`xbsk11vF`cE|hW z!)ni#`H%|6e#tUH1G|g>EiKF0w4KAp-u_5Hb2vbkJP}QjO%#bp>6c!Ij#FJuSFp?j z^%^>vF(eUJz?9uHM=M_2YF%Zf8|V@>t6IlY_KhgqVg`CO%ow~_xhL+i!f9vHGVD~! z^hRW1?(hn$SP&65z8i3(Kt6`1ba?`Br?yDc|&^Gfw|ru5+Bkp z3w9E54o00!XX&+|P11=wzM-{nMDT|j9C#}MzmMT4L7RY7@R}D#K57hgAQa!v&~IMSjZ;svY!v?N*DuVcf@8LbtYicnp7(Hy8=oP_iZ%(K7(t%#TjA6j`tv zQv2L)TZEFh?lmgXMvW4_)O$$)aJgZJ zp*u#=&L()bT8fM-d$`_4bHgT*p9r3%8hDXpQd^}zRxG*VM#JET9|uj4lCi{FySZm3 z(yA`%3nJ+lUc8gV^ZL9%Afq1me{2Iq>lCKynXIxDUHlpk7aas)iH05tk4dr$3$btL8$~K zu2BaM&{ni}KHcFLM3XZu>iu{}Ilu2(r)QcZ2UE#RTzgH~Y$hVr{>ZZ&j_g?m`@Q3e zGzgN~{4xwrfWixGP#?0~{x1aK0}zyaYp-0s-23gKaB(N;!kUF@pC$o?{#NP-6`kMe!NRvHgU<9IUDYfSrn!vTlDhi3EgV2%;mnPzwJG3BHIP$EfhRg zlOHn?31qC8R&2^)DzCXJx<~n3dZcmC_2RtZf5j8<|K87v^Zy^dKRrIbcz`k1)&K0i zdA)G{fB&ie=TRQAe%D-4F}Pt${Id7u?{}jS~%L`KoiKmUxus?2yaLnIV_#nQA7 zOFv>z@azT`vS+{mU{$8*?f?Aq&r$RfIz~U#-!&8Q<=d%DG<~4|{e+Enw#j`$&!4>d za8on>iRR_V=BXIWYs-@NW%P_H#ObUKw*2Az_}k;7i{qb8kKP~u*fZgtIl&K;j7{~A zk%zk9g*qBh@NqBT0i9YE5kJ1zYJJ|e$K;U$0aYC)YYFSxZ9v=a3b8SDtD>L20mZg# z%amu_a2SosN=>^IvoxSh4#jhM%{86MK$-Yc&3+WR$bwF`bhEb=OcAKQr5I{k*o|8zpnl21B$y$&cs= z4=d{Vh+;&^hQlb@i{XbUH&!u-Vj_Qhu{Gspgr7(Fd7GNlNN-i1h;(++Y}-@?cRx1a zm(#}lHvf;ST<{yW{s@>><83HAQA7lKOB++-Z@wF?6MW4lQgN?SL@`}LJ5d-VcWBU` zh>lxH18-zz+@d@h6TFeA;cdroDM54Y&KfzyFyfV^4fcqOQ*Id57r7LPK3r7UdM0n+ znr;i(j8QCu)Op2BOZd49>1Uf45!w>*xrQH7Uh*R4MIyNV@x@m7(Q-_3MqoX`cTV00960fT@8M0Qvv`3k~ux literal 0 HcmV?d00001 diff --git a/released/assets/rancher-logging/rancher-logging-3.6.000.tgz b/released/assets/rancher-logging/rancher-logging-3.6.000.tgz new file mode 100644 index 0000000000000000000000000000000000000000..6d6ad9545e86f76376e73449dfaa8bddfc9f0bd4 GIT binary patch literal 7694 zcmV+p9`WHHiwFSp@7!Mi1MNL)bK^FW`*ry%aB}uC_F2@!mYmX6u4-aW_NI0oF5Agg z$~9$EBxEzDNG?Ijc4p>&`*q_%f)puHvaHGM5J`HOsxQn%YZ8Vm^kI~?-A-TtBYD--D*91V|p!=s~vKI!%bgQLM;$ly7UDW-(QRs^Ux zf$zK2a;zyU%?H^glLc^OJJP>jNs0>ne|&32vH56Cz0K7D^cWr~ZWX=KGg zWE!rGb=}5s$VQ!xjkBMbk^sE>8KW`lK*a(7ms6R|Zj3wncppR#jGA`Z{5F{ez6)^0 z1EY2lx$&b>PS#nj@!hWRrRT!8n2P)#24y<}HaMl`)Y(uS%lQAGcZB@^U;zIQhlixw z@AeLc4gcRpIure`IKw^(Q|3Y9TS_i}3ON5La*hu#6wlCEF0jOo6WFW+e6dX*sp1&z zKo;xl?h_Cs!9B7unExaWQWi!Da#W8#D1JghH>AKiDI@o8d`m1cq4$Kjn2AJ`1xaL6 zW*Qd=gELFPASY2Uh0Mq%A!90C_GOi}4S2^RyYk66aXmhDfOpI4hI!-09saLC-!R92L>>OGdU1Qx!GF{voB5p#&=}g6gs5Uu zX6%{lK7@bA)*bvCPvQ6fLDpZb$PE%kUZ1>z3c>dH9hjkEf&pT6L_T^M4x&#gt>N` zjJe3vMChEv+$C=n}c5_|vcL?gqvzP=t??AG{>pwt4+69&X`KzGe>Y6A!~jTPp1$rv~bjVWtOW4E9K zR*3;=eH{VBWQGy<*mUx~|H z0BC^0pVdfu<`4fRIQvhaE|Hg~uNi2INGnIuh0{{iD~H@gkP;c+3QBP(_$a+JT%#w~ z)5o@aaXmj26qGi1>5we%DxJ5(9V*5zQ0iJ}vByBKV0tD^j~^$N2ek_Xk#J;ofKt?& z1uiJg(IanNpfq3vmZ{Fys7+pzN#Hrq1AOH3PZX>h3n>V?IOb!Bf9!%ij>CuBNK?!$ zx|@-`z2Y?8+rt5XWwriLU7ZpWEE6m7;>>}BBh(~V#bxf@hZj4!=Uw#ca1rjg3=M@_ z6xb1<8FPaUjR>>=#x%3+0Nn(gLaJXxWqcs~;=5HtAyJjV>ZLPvwCz#EB! zj%n1(`S3JS1{40dI6O53;IkX0T{*LWcY>N`d?KakRDmx4Tv3XUlguqyqu`0eM$Z5k zwO3DMtx|Oga*VFsDey8A89hU%<>Pe~0raLq*Txp;q!Ho8NmhJG!Rtlr`&!2+wr*;m zQi%~1uUGJzJ6MF$Q1^&Z@wyy5i<1mGa5yp zeAmE609FNr?0|`7g<-9N*Ndy*7)_v&D`KT#gr)1FRS%=o=T#r20*!d-4PtbUcHlb& zcsV*8aGD>bD2D)SH1$=!PxaNalQl4k!0t1pN>U3SKC*=<$Fd*>qnQi1S+*S{zF^2v zfULcw;B_1&3!0r_6tZvytUi&qAlFgWCQQkwLd&pXlf0hrANx`nVdOut1S4lZy*$o* zsf6ouD6d_iLFCki%hSLi=W!2EvQ8x&Qy6mC@8~KKzHiKCBwTeMls9|p%c}{Nz&*dD_OhX z_2q}982JGFoT6tNWpGWvC(5bs0z*Rdgc=94L%R3vTk0e*pb2W!I!1NIQMMpo6QK+v ztt@AhbDCp_D6WbT6jGBO1v`Bxk<4=#>8wJQ(s_4kteE8TExH_Ce-f<3Nm4Fi3+TW` zo--k-T2bP^WbXq13~cw-NHSFM7L3FQUiG@&F1(tszehn5!izq<_$;+MwjvctUYFW7 zIeC-$V%=%v&Rmb)&{xd1gz*MV<7^t+Pb~*sw@8(r(TU1~HY9yi+so|dB?L&Ntq5yK zWhjT21sa%A4!;#|s)c6??-UGe3NtognMja8Bv?}uL!S)eB?e#k+^g+9?h}jr_VVo; z?l2bSE(@uRaV~-n2s4a#Pr){pX0Z%i!38%2QLulxb!U>Fp*Vf8aIJF{_eOi7%s`Cc zs_*UiAF{W1;f8yABl262a7;lz$axAbHNYQUXb-zZkIv7UKkw(vpEq-@G*pD!#9>5d z+^sGwS|_0B&j22_x0g2YT9&xZ0lhovgcawUlC1!^2ySQ4J4oJ-@D;9IJ5K;>dPtl#vDN zk8G#@D9UK$tTu``jb=Tw*E9QV%L}1g`=C%;2}-q=E~-&lvUE{cvXE74HI-mgYoVYF zqgo3Es|}=C;3ZQq3!T?X`!B;NUubDBLUnw#w$hkigwdkztBp~y6S3D4_Bak6Do|R4 z(W36Ffl+xUuGVWp;XR{XU^z5e*mb#aR4lZp>u|Dl&A!>M)oW!KRdn5I7-?Mx)&1^H zr>^tJ0>2{)Pc00^M*!C~FskUfx){xM-D1ytAX z{oS3XO&yG6^`$Eqi!l-fZ7f)VQLELeMhGy<$A1;$|I+xA4ekV8egEgt;OL;)|GAA+ z?0?Ozx3M~w#D5REM~8Fq-@|7A&sNe->Wk6b)HKa(wkbww^R0;#Gn^nt ziqQQXxx$MT2i)6@TL^JM86F>j2WKH}reS~x1d(GM;{y7K^bCVbM%;;-3CDEjpzeNc z&$+P)N_e%Cl8{Uuj)*SEWEH3IS@{lfAuqKxXXv<6(1a9ch$#EU8dGmkF^^{u&Bv$~ zL{9n##PT9GnS}!9^n;u`J3DhrrniCTFkA(1dvr#S^_bB( zhQTHl9r%=xbBtr}L*6KWIfzq64E@A)_+l^zcLNW&5N!T+4~+cNx%KqF3XFGf3{6HQ zD-`LnZEUeS)=A@P+t`#8%lSoI|bvU5cbNJZ<6-T>!D(5O13bh*;GKa^_Y0>X%|9JDd2(9ClK z>}Pllij?HUTzvzWIObZSk0%otwaBc`WkAw$ur#)vrQlvY00)TaSG3EmNmZ%Z{x5{p zJi#JdcK$=RHz=I{aBw(0Z0x^nq>mqoJ0a$;!tAe(s!~hZpFii0vC#_HK|}+_!(?VX zQPNmu5qFl3qTc9Qo0 z*RHq8MFz%eSDa2?c@T9iQ18UrDbS~2F4rJNju7Qg)HxRdzcaa!obOBHrPQ31h-san z`A7}5!n+wP*TItzWaHfZsi>^)NXjUXKXX(hEE)&D;id)bM_+d24?1WiBDhaQcCPrM ziLm+2eQCvIuECGX3u?ltw2{RHrL4larKXjdtJSGF_B0^vY&M$W;NEBGK?q)SSS0F5NYFf;f%n){4_HJ?AXigli93vhE~vemgfw%H<#_A*bcbpEQf zt&DoTejXY>r790ekt{W`vXoNzl$&81&Y0Qc3oQU%D^(bI1;=|=7qk(m0^%u_o_V~md`@9Sf=qAwS2bjtedMt^U-G2 z6dbo}*QE8JzJpuuJMK++DfXMcTSE}%>gDpkTK{|Z{^HfS89&5N)-jgZe=`0@xBuY3 zM*rJJTI&DZfD2%$|94Qd|NFgObN<^_QsGSUoZI$m*Zb##7*d9w7wu}Orx6YU2`%6O zl>zZG$G9~GLwRqj)CMUltmuZur+GgwDyBgk*nu}97ssbcPU?C}-ZrUH@mJFESJm&o z^hj;ebEF0SUoramBJtB?z%u{O@L*V6|LZpA|86HOQ9QYyR+kYxgO$X$U@HG1wo2ap zz_~{%JtV_DgMpKiAl$bM1uk6R_OUe$N5lt-q05%cLR}_YqQs;8?g>DS2PerTv{uU~ zSdnd#hNm$8DE5%z?-`B8Di3#j^Pl2WKmHSVHUEpTc4CE2-gVMe8^ZA?Kbfi?Ds+a? zk)>7FDxXS9(GtS%Sw6ZRqoyMlN3Fa^JqI3 zp4-8w!X^eNFkIL+I$2@_J^KK3!#PrhVCqVJeuQ#(zzCu7eGuK@0=<~0^Vq>Rc*C~P zeFfaacB7JE2xCn;AVPV_*t4Tnet}R4FUgMmXZj0yZ32IleUwneLzd;w(G-PT2PaHY z!A9mPo~y1j1Z2Lp`~f@9PlZZBRoSPg>5N@|T?8w>7cb^=s81Vh%2wAxtMxyOW#;XB zvIk(9{eLhl`hWU^ZlnKgC2dHz6B=BqwOP*8^-;ml7pJPhTQ?wqZeY~4<3N;6BTuEC zCq%6_!G+1)D(7`#En;phA>+*ADPzdm43>cRTANgT3*?!(^nN4MS)m}-xlTFixbfC| zqeRl?UM}c4!D+>B$!*1hV6Ioc8!JUrO!f++@6D_58+aBlxcuRm<`|E(mk{{uIvma>4{ zOYLa-;yw_0imL2@;jLAej50>* zGz##b0}*sVzIOuqjz;R^_w~W?U9!~Cz_HOhxGZvU;fC2z?Y7mnfG*pHt8efXiaF@? zBYus*nYJI;$aejf~w`zc>d*sSQU6{g}BK4&F+7x=KnLxbI~)UE`P_n-q#Zd%lQAG zSJeLw4~I?s_g2!5Q~+;c^1`D&{1XIt8)j>fx1&W`nx_Mv@c-Ri(&bx4c6f}$cN0(y z9o!${xOS|4V7LuLe5`O7q<8FUclNdf`+5=_aq;kzAUzosc?7_dU{tk3?9VZewL=ul zm#43#kY-v==!AdM2-zs`>vF7(%!pY{ud9#{V509nSgxd;Nz0ZzX;F*x4g9 z7j#OT>Zp@q)ZC9#Bnu3T5!vf-bF;H&ym|=bdGhIXW!ZfdhRoMiSKe3I+3hSFKchvwD4-3=jBEcY2;oChh}iwKHI94hlrmqg_-T=xul;|4Klk;b%_con}~v zY5bE4=sbUnbzpNC@CMt$Di&a&?^-Kcg$XAFd9KGrx)=jpp1b9%+{5smxG|_DTqG zsn6SiLcebJYIvq35m55pk`&k6+m#UnlgW=Kr1dw}{u_pl=AemsR~c|szr{d26&Jm* zbk4}j?6j+GMQ=+PB<@|yZsWx(*kgE;!;-_;H-cy%X{PRy!CPsjmM;#5Q-|H-`CwVK z{79F&6IGhdC8KEW3_O`>X@*=+l(dN~qGxVqYf}a}(o85gI9=39dl`wjd$3Ncr7y2) zpy=aR{FZtZ3=-T+hz)4{7pM(at#w$IIB-n(GHW2KLZ92*5A!sq=eiEhRh^w`90}^Z z3`0f0Qdl$PTFN%JX+=H(HxJ^XEA&aORM{CB(JME}l}rk8?vp7FeKJeWdny@Ooz_|a zaty7tm?B={HaF&-yM8`{%_*Hwv+1c z{~(CB&HoRE4gcRtswe-y0RJB}{lAS=v;UQ14!>9T0xYrrp|=b7zw`(FL394YR#L(K zuR5#V#E!3s{aU}-BQ!)%&e&6x#NyHCSNj(>@+Zkve@-y2pX>=`=-L%(ttL8f<^Ac zrPA~9RntmNUeb=U(vDpkX2&08hj-*I6L`i>bXM;|NAJLri~BZ>XyMX_RS+%~)ezUO z!q5t4ubY!!zj#_v{%5BUuAmAmlmES=V*KCHVZYh`v6b|vmH*mMtEmb!vRsqpTrLMU zos5c|J;=6}c+Z2W6zvQ1Hln@}_4z|XzclA-5~jNTKgHzN2?1Cl|9iuOV*KafQMZZz z+)8?0LEaeg8xs7Dto+7g<+kR3&GkPu7vVR~M?bPxkOa%@zk^=!{Kw&8bN5cqvs%{;#d1RpdVmge|TCLv4-heqPxPB(9R(&{&4>vhNX|7{=R>O5jG+ zHlnskUv;Xx|4$15@3(&kfdJy6t_xsk{CBr#{~z@ahK>B+Mp_~MtH0dC65`HPbsI2I zOAcsQw;AoS+GP)mBhK@HmkilfBbmRQR9F6|cj#_j{&$b&*8f5NH}QX4Nt=-W+4Xnn zl?wH({HJ>FRV^8N=7!0LeBwOs^7XsZUoJkR{Et_iOEMfG%>gELJ_C_xigYfrU;XTQ zF^%xe)%kDd7q8x)T>bLy^~H~zQ1b39L!j{fmy0Dh;JM4`XOsl_&!sYeR|F4F#-MM5@XisTZcY-c9-+pilB5`0P2!mrrqcy*s#8&JEJ{xxkv8~twRxsgj>`~JVdR7t#hU>%dJ#S13 z>|)rF^Zm?HjQF;>QX0dSXs?+S?F1hhHuU2n7kFBD{Ep67Fsq`6Ax2F*dvSS ztg=xU1#{P-%($6HVrxA6?pVC3{-E=vSIr-%6y-m#nh}8*oKbV;Y^jeW z^8cuRbcpi*czAexG#Cv@e+YX*EB|*=_Q;vwfK={wE^b{$`1&UBVFJ?5A;EMC|C9KZ zk|bm?aL9~YN`X-n6(64|A)(7ykbylXuvrfTp+O(15)noqoAvfZrzW|8UPS*64ZYwI z1e+2ZMAhc94yD+0a)0aEw*B$=XD0C9EkFmzFg!j9Q)zPCr-D`X5l)>LA5F0yg)G1ZLWxtszU zcq9fy`K;h%0opA6&Zouq0T?hB$36}d*uh}*DVfA0fz?a#uo+H1fvwiXE<~#WN~(hl zwdyW`xnOI$lwFe_q58V44QdioYDG^|HLl{vkTT$WgS^P$g)7fO6v(q{i2(M0y$@ux za9vCV1LGGya*gXa5s*ppRFLaR?_>s_$%M*f1~UPCiVYb|W;Ub5V*F`w37R@}K5)`) zlRjcHDk&s>s-Tg;qDUpVb|k~$$5a#u)ev}t1vo~~l7M?~M~D?Uu^Li1Pd+zu?$Q7ZpSrudDW1=9k;Hj0L$Uy$(*i+zW#S`&u0E;dgCQ3YjNPJ2i><6j{ zDiIb^8+3I$U5YRiYJp_Sh5-UeJi@;C>~C#NlomsA5vuim{jTV?x?T#EX? zc?(nT-uS>mTkB(q{@*_yj`I5d;N)a*((3=aD0}48ieVq|xeyf-4}z6~j7eON?-3wF z@2nfpg*$tMpAA?Nh5?-Z2?J*F$c-0F2sZ+8eK?{XNS!%IB@49c>^Ue}0Klg=LMA;6 zLE^X%Ad0yb{vZ1$`QUqxAgg#wM2UoG$N&LpcFb4jSLYydDS&tx%w_=K=a=WiaU<3- zZ``=Y{}t$W%*n4&kN>M4+}`x?AN7^Z{ayxW0^>_UG@MY@IWXCM2>(v3JNP%A!RP;j zsy|zi8zhXpdG#7P1bO=l$mxy=Lf7hvdhn=Y&Y2xJwD%Q>%;Nf&LVs&#e=LjF|8RH$ zYre4lK_;~8e-{OK`)%=P&3yo!&Smk3OihBdcAHGNhNNjsB?W1pyt8}|9dN<|Z6&fi z_gCtqs!eJY1!XURKaQ|p^3TQu^)<9QbG6t{4>9~`7JL8gMB`59`ucievD?l!1a~cv zJYhgA#~~U{27o|=r^5U$nSf-WF=d7{VHQ-r9IzyG;KZmNNh^2-_|nJ`HIC{V7`~(KX8%Y)tpf?Q>uAL1@*%>&mVar7upSkmr*z_R1XH69+W;Y{T@R9LgbPjnW- z{s|O><3W0qjNKU;hs1GlHpAM=G9`%2B4dusb9^D=!`SMPrh5n3W@ru z=fLE};>@DYyTS9`T8b)*$%#qZg7B$8Y!j0waA_t0`RjNrBgY#Kz5?_>NBY+*vC%64M#k!etktSXLypn4I|Er}qM&E!ih8`RBY-|snA+F^oirl6ImwzY zX?VRzd|&Gr#nw#&RBADT=FJ*jb9Y*8R~klP;(4cm=h~~%2pf`+w`_#bo9X)?hJ6LC z8|AJzMkvrf%xM&X^4$O%0a!H~V%KfHLExw{D0=c3Gzol_ewPXmXXOIJPN^1!8bEgLtyzWlfpBOidDQ*<2Q9^4S{E8#H_j$cGisBy45glCi4x70~IbesET z4x=V~lwHVbh){-+)|Ly(lI9p9imPG-jntyYjh#MJ?93&MbWtH&>9Sk%fnB~+?uwNp zNh(Eb0UgB1Qx+suH%j~$?0w*$!P&h#mI75gg+pQlj|TmIA0AEF-=iQ2;lU6d{3f+K zwjvctUYFW6Ir)(Jy@u1sox2{rp|6>3iNhNVjf-g?1dz6Qks!a&`AxhWO-9d zYGn&tFODef%`EIzUXLu*QD$~^)#)p-W~LW0l~wae?HfjFAYNkUXlb`T?OGdAGaFIt zu@w)A0Qj|NKrY^%b6aELySDIpPH22jsjr(D^@g~?ErP5tk`5El2qGFcJN|I^=W?TR z(1r_5`B7h8VYG#&0c#2bGL1CUJ`2C^y$dWK%xQEFngVE>3GC%CEL+|q5tsdK++lC1 zPnAWvfHcVGuM2GkD~US)pbbxUfGux8?&xDW-9A4gJd@LAq?FjtHM~UBBo5U1Sc1%L zO{!^guKcXFX5F{eY$#3mF~i7jYTnUjG;N;q4QMu~d_(RIu~_D;%vUU6)YzW-S*j0+ zhrNnD6}lUk$L3LO2bCB#usJWnXrawH?XH(icdnO8j2c*Yt1)U|;caHum5XB)X8#W zjT{A47&USftj0+5z)NOuEOg#1oxcpDe50ka2;FgSZS7%x5k`xquQ5i&NyJ%8*yAL4 zs6lBFMvJDe0Y=r6xZ11;nd~$sMu)H)Zt?5n?rNhXx6GQs+qdgFw&+D zy8FeQ&0Ob^1%6L7o>>@*g#fM_U{o`8O))A>-DTg(Kodi?*%s6S}q z|94S}^RJopw${gz``^b$Cx-=jAEb0=jlwZ&*=>!MXDz4^@pSk;yJj;b&ooU}JLmv7_JL7?W5u#7Cyy0D^?Q4rD$j^?t{{Enw#DHRvPb@jw(A7WJm{cB;}V8@ zLH9^);fHukjeVJ4pBn-(eASwx-5ci-rxNymW}^k3gSKx2SB81vppkG!b6OxKX;?RpK+@ezcAprnA(8DPEmPISc37gjJ$Jw7mcv|aso!q zI(W&$&y7TDmiS_{;#y>CGUd>DIPY^}Iltg-2yW+x4t$ErgcUtLC)sU3VO32cpx-32 zIBlkA?))|*^|z)3ir(%q|4fJ-CfvO@liz3DNe+*O-@S9?5QSpVtVKt6J!6x+lP=2z z(b2r-SkFMqlFEM}s&;T^R|^4H^7X%gLAv}YU)Au4!xE3^bPAo0$@}13I;w$#oLk#w93zj=pML#y*itNB3C zl|JcoCPCI&p*3+qK)Ezsuuc>}&zId7Z{K!5@>#9FF~rAPd??r_b4?4t((7zh`kl{n z&TA4(cwkYwM&$DX+woC!9GBsDI8Uf2mgDfHXL)j`IhPU*_tQIC$-MX|H3o_r1QmcQ z&bJ^r@G3!9J_iwYHAz5zL|0ro!q3O=e&`DD!y5Q^hpe{el%uYw4+x{A5>w?MPEEhG>|%i^@1dc6SS0d9FcJG6_=TJ~li>FR? z1nUwL`z4vLZ%M;^iH58TS zLg05M1Ic+@8gHf6q(n@c49#-cQ6ApyV7U&SgrFGbMoC3wJt8TiKtAWRDA+U({)Isc zIFG)Z$nSK}YK!2fayhx;7i|kG2lu5NR~hU+EpMo8PL+c!I+U^wORlDshO70dS;{mZ zMz$JFk+?lS-V}u~=|UaFN6N-_B`wQWku+)u4$w$ayk-W!j!Qq|#hTxK>lXVw)f{l8 zHko%Wk8S3J(H`chm9Agq+sddn80MkzELC|(ie%{_D=R65Px&!S!x<}^-2DOIwN?er zE10YExRh<#pNc~&wyz&p1xM;Dpk#;7S~ozWqWNM5tzH$ne=F<1==EA_HI&7S3Zczp zjB;pgtq;wfnRQbza<1KzHhX&Xwmxs%lJY{tn!jIT6VCOU?*H}r-}?_2ug}f+A>LTW zSa$xC_kZ;B-{7Rp|F@H})c(5#6TnjY?{V?`KOFSi{BJucg*Q#)%(h><-e102kP7wu z)~;ARy>}px(5@k%G9Vu2gtw+(DC=#V+93A}E4rcaY2MC@ifIrBcHoW4#miH*Q|fw3 z{%lgG;;*FRud3gFX-;j+Q^A^P|3URxb#SO4=HfZfN^p=2)8Xmg9{g=eQeFbG4Wx?(D#_FX6#W!wko3L><6lJ#DSn>QXrk(H!#DpZvik9lAglRbya6XXbn;zS zh6)JBk32I~GgRmtZ%0;k-Kc%KQ;MPRxY9hd63Q!Jmj)ZeBGkb4EO*AFYtm8F<9nq{ zdX;sGqhv zl%4uQ>-9gpVa&(3u?1k+`TuZKwEql`My>w0ld>hHSuy zvqD4cbDeh7;n%!(I~x@{ZSLWMnG=#$e3sHyd=bL+ORu-zTd9}-sd}(+AN^J1e}{vk z!LW`0-9=ey|Ca~7C%pgNKj|0k|A$9y{O@kc68lea4=lO}q(8FSQ_$R+vkh0lBE$G9 zc5(U66OqDkNmE{D1Dkqv8}X7A$Cy0kTd5e!ZQhrxU;mhhd^>3Xmg)aTrTCA*@Tk@Q zcTzY){ufB8jt1>RX9I+_2p@h|oAe{Oj$TBZz{ zm(j2zXT1$!nfyN<6!pKOqoYwP|94ULqyl&olV=|F;h!MDw_$b{Sv$IAdP5uane)KVLmFHYacO`2&nVZv`M_7D1~x_lM~=P`dno4GIR{k4Eqt_n||nZZNx zS@%sw4P8Aa-_Qr1*BW?2!pvdxjQ%^V!iSc_Bz-eY_e_1_xpgq*(9C7{21ApaisbJ4 zI|K^?4yBlS10$V^S0!la_toneP0rLy2dIDf(kpqrQZN6n;2?w!VKWY&_Ws}D$x+Gv zKj^pee<$VBr``dXyP#9zQb(N>Z_Rx_L$Uy4jLAWdA2)jko!1Yc%qO3|t}J_BMMu^% z@-ObZ6(ubm~5ku8{##YfvDXCR|Z{pta$V zU{WNJa~j`ihJBcwe^LRR*N?Fe91a87U|aZ#2o}t8uhHZK2N<4w)ep~tLV0d2E$GWb@S zndOVba4Ok7X6?$lwARuHd3l4m??DX@%TORE&u%qGxVpYfAHhUI5}$Pe;1{}{NEjZ zf%$Lmf9<9;k^eyu?^^!DX`r3|U6f|~{}+(|hwc3DqBNX;rI^F#)vW+a&i{vl!Ju&d zhmY<3ubq^_`M)lMyonQEbN6epw^|wmB)DoTK=HVYY*xDJRc$cdQmP1c*gZbjYLi^fu0{G@rC7j3dIX-+yxS=lwGGh&v3Ul zx1yfsPI@ZiyOIgHsu6!*!!IoG`6K!eN7m2sg@B14YuC2at8D54XF06z!z6$Nu^TQPZ7k;rL3ds>;eem~3k!PACRbRel*kqD|L4b-S2 zk4U5BSyidCR_G)5>VPNYS!Z>Qb##8Mcu(QB5iPtlVikmoO*O>z_i< zXQ+tNAnNAzzETUNhIN~~l|jg}g=(hOb!Sl7c(Mb+w*pSLb9Z^;STcWqIh&GKt zFCe~AMK3IAG)Nxu;w7(`_bJaF3jUJw$C{~VD-umVX(HcNd;Fc1hWcNcLhT9kzroR{ z82@<;HCz2}7iA0jUzYtOji_72%D0jIPIZ#)k^F={CZD;uxjcV;_Vb&UuRo>&3Wjy{ zmcNlT6IsnhpJ^`X+cEW|?7}j}t}skf?MnO!M@ZyIzkKul^rwpqnF~;X@RYFD;pOQySj?Q?eL7qdfK_ zdj(Bk>HUvkG5&XSIBMVjx052ze|iF-TJ0SsKRp9tuzsTk=^^5Z`ZqkTO7Ks2|LL!h zK>w`<^0e1TfW(#8NZ?$Cvk!m8&&}_N1k3J)D3F3q?KO~ARcckG_8LfA)+%f0e`1xb zkPB=L{qK0xzW;qE=|3>Bf zFGnYB{+FGURrEh#gdN6!L2s?@_O!Yikho5FgTXR{R}B2>W=dVFYPG6Xt7?7as#eqd zKUx6z(D(&51lS&$nt+zsfBJ)>{pVyjX!rk}lojrO4tE;>p0Qa&HQ>*?k0Z5;8##uG z6z?#?UnZ_gu3(g@1ypOLY0#pz+qB9=t4#dSl!>-{b)~8Pw@Co_^84STV*Jmbf7I%K zyC~bx|27W*&vd;n7z$pAL}#<0@Y;c?rcV+cUN@3e1I3;6`PUdGUaN-Y+9*=OFN;IF zR}RB&sw;?68NSi5PFHw3uC&MPvUk%y5Su4r_zd= z?*E$v05949`zM3a{@-uozjjl$vHx!p06g5(d$TM8xDaw%4hWUkkuk(x7?_OQ~^#0Ao_nc7j-RWBkO0ANDyd#W!-AG=oW&h1Ihepz1nf{MC zUkmo%<58>s@1*>m?Z3GUFs%i6RSU3k2mt{7xu%N% literal 0 HcmV?d00001 diff --git a/released/assets/rancher-logging/rancher-logging-3.8.201.tgz b/released/assets/rancher-logging/rancher-logging-3.8.201.tgz new file mode 100644 index 0000000000000000000000000000000000000000..485d790b959c6533c22eab9c3abaf1e210ac95a5 GIT binary patch literal 8769 zcmV-HBEH=piwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKDHbKADk==t^Vuh=X1yC?P+Q4c@T(VgCz)Jf0HoIE^s+B2O@ z$A-w2gc>AR0F>Lk|;lvrbn1eERw)tu~_Ubb{C`|aWFyAW_&!R@wjt3 zAwu~x60yHMTIqJX-IJpu^S9gWR{!?;C&z#59lm&ReB3)ed~y7@ZtqCng6`v?u)L&F z5%IU~gZruu?kg!Ij=3U=@>mW$fPg5%_}CAKQVe~{J0w-SO=GDDV*{wLOFIzZcM(y+ zq_%BQe@Nor2@M!eL!WX#V5w9nMvUKdroAC5(yIj~kRg%iMp7YGZHtt) z10E$j##rUudnBPhp^%iv1DN(ak|g=%q5rMl_d=9`poucKPB~*3C~~ zC5^{0q2mdgLBQh?9jAf}8N%uLE9t`-zd?Z^3}^7Y8L$U%s>hs70(?kN5XFV>(Li@K zQ7VyxPAAY}Li%omhEJqKB|D6dx%uCaQBKF+HO_9h2<5ghI}8+*6sed$H>7b;cxKP418I_g#B|8f6tC;zum_TUwcNXiu0nTHV< z*)nbOeD&|a#|f1{B@p=e<-51-5f>3r3XQ-)UEvi5j0l7&5md_<35vrIA<>c{1R5(2 zGoA`i7$uA-l)mQ)Oc)KwDNnWd>vQ2D1UY8NKJ~OrXSAxh~F9#x5`rsN?`X{bD4~hbam{LmWV><&9Ft7H;PHXYQ_7 zR-*97XV2Tyhyl9ik6!Mw&AqH*(hzMusp@f8oZH7~1xrqZrDM5#+a*I;)G>`Q{RD{MTK%!DK9!o77 z?Ba8)*l$!l8bZI@?fQQ|nD+cL9#-)ByTy1HT0*>(?|FRAxpL&p?*1rIm}Sz{ zw?^`xf~U#A48oK3(1>38XM#>C!!f>=0b#^i!fte0dyw!$%x1d7A1Fh+J;-Nr4+4^q zA!Sri%ol7Zcrt)bt(R}#wtg|Qnh9!11my-3Mx=aCA~fTz-n8sfn6?)1sS)r%;7src z)dW*n0CwxKkX%zzxhJVQAJKVNTUtIFY6m>NVDa(YHn{ z#aIogvNb?k0GEbw2hgJNh_~GR2&2nkIvSz4G~#gpt>bs!w=DSn68P7La%s;wOI>0- zrm+@PcCJDVlw2=siA$f1myFZueY?vwTzx5!aT21VZk@sLD~%!=&Lof9woOEmwrysG zm$o>jUB7QkjtUj)0NN^T_h(2|0jB4l_(x?Zmmv<*@%>@7P5T^TxExa1u5y)2!|VCI zo`2jXETJ*Bd!AQdSg)G2W@`)1(4Utpdaea$2_sIXXUa)4?^4~g7A&eDTnp~?Ee5GV z&l@v7B+U6b6mz^{dCr-_=QyTPX#%xcfAzg)b^n(e=biT-KEA&2)vbDPA8Yo1=J)*m z@A$=WZ@2&3Mp-`pmlI?O3hArlfv$ix^MCl_s5<{ACnw$A{BNWD@ki$XrZgI8!_(~L zwL$(}q{$LYZ~zCL&!0VA%X@vBm~G?)LGOcskL+H`L<~GvuWfe#2(1Mtf^O7;c2Ujj zQGFY6(B>2PKUwcndEX6p+O~-UI5{*wX>^f}M)Ve1?E;wI1MA-w(cIw5`p|p%8R$)s z@kRql5;Fwf`!`zXroPgB=;25hVn9-fAbEuFuUy^OfsZI^*~$E-pcO#-kT9P@2~~p3?H|Nw)d!l8_F0A(Yg%G9$h2vuw75%%xh7QhK_Qw zR$Ur-ouw5T(Vocy(l=%tgYTM8Zwb$wBo>N)Zs}zk=eW+@-59|{&{&P2^xF25tgUFFktC^D z#5Rob#~(oBfTiJbVeD&~Pmo2voYrab;gBb16n z$pGS%F%KY@R~h%Mv}}y<5h+6xQYHyCE<@*lXc=Er?#eg!a@UPCm(qrPJkW|`nAI_w z#rzDBq5C;TW&ScM?T^IeIqhN!-D-yt^AIc07Es;*JH6dA zzJ4|3ER8T=ghsZfgohdRjN~Liz*9Sv{NB@(lq6;jD`sHJixiuDOVH8Q2h2$JO+JXJ~R7_oThpxTR~%F|N&K11o~#go>JsQhH1YBs*| zy@hr)LTX_+3xg9Z*MHr$R0iF zP)g?V--%55_pNW!V0S806A{kBYlgV)@k?uh8QAwCC_pKnb}i+cN61>= zoZ&f+G*X#hT)`V2z~au}UO0OIh5Y)`OXn|9R>*%5K2jd&y7*te->=4hdPlqb|E-jY z{I5$!%za9N#AAeS5~3#0;hW)1p@hMA;F|;+|DTKxp{2Q|b71(UWxZ?gO;!PwZJa5V zk||QLN_J&iW%>FqHmwhp0&D$$Coii0zoXtR|9dN?Y}}C~k%b%YRX+dqrrUCBVZqS2 zubENUd@Gw}!4MzrfW{%l3XY8Jlwjae$r%lZv_@8D>6S9jZC|pKj0<2+HN7pFoR4F4 z-p6#z)}%wMG#RDLRd@ARSl-XX)neQvrDjwvW#g78Fn{LE7Tr|wpGm~bJjQM!zb%8# zRD{Xca+7PHlvLP4R%X$0UBc!c>l>DoQ|%zD2MUS~7mgZiG~803r9{aRkan>e%kjz5 zBsvrZ(3-Qemxi`92b4%+8v8}cAbkEjSa__+7(Rb)Rr@?E9l%&(4_=xKI^H8ObI}C36o-6h7l_KbZBUEBhw>-R?okXq7mxlCC_D%VI9` zAJrjM+b@%V!188-o zMCgUyA-|^r&6yyEs%_&pKI7w-bH9C~xFW2a{11cgGzkNu;8~5l+%N9do*me?xaK0a zrUN&avb}Z!4v#{>QEAf86Q+ zr`G?tT>nQXrG{5L7v_+z9>dNI*qH%4GvKdd1~kzB<7<3k{ogxT-2d;+|81o-)&Jvb z+@k&;U*k^yKdt^BU*j_UuXq0KMDW|$Zr8t4_d9j}7gF~NrGfsxKFlxL*N0LI)mQ`@ zm;&qaKYIPD|NpRexXb_8N^$z1#Nm1y;QFxe0X)Osnl-4t;0Icke_H!bZ$?}n?%W7Z zY(`ukE_Ea5*?0B>0NyG=eln-Z-kF1A8JIR?uRJVT7P$l=N=0M$cCWlb@jQFaSN>+N zKar*4kbF{mW%E9ER?F9FwKSURN3dNs?`N02`_-0v*njT*e9aBOd)R-6hr9g$t&}fd z|7GuY+!=s>aRaaj7wzo7o&C47|91A@uKd|b1N%>0V<&%w&V3?)YwW+?QT6*z{oe7( z?)|S@DNW;lVtM?pc=3~Al6NF&Xq^cY<$I9bm330Q1lx$_0o)lG_37gE`A=_7U;mOD z3~%}P@~wFze^yE|dgbT~qbPqlI+PA&*d!Tw`2%HW?0L?w=|;ao^-6fOn#o6YEr??7=Luw$=+HnY+gd=Ku?Gx@P{8i&QW-g zhMGv5^pXk2zo?RHDF5?UY(0VeKkRoG@;{GX?BxGe$|K1C%CTX?DHm9GYPhvT3$)32 zEO4wPeQSQdzR)7uKDY8M_u6B-D-}?w>$N9sHyQ*$(}CE!)nmLHU|l{8yZWGLE_=N~ z;ywI;=u$7k!dcNp*FyQ&=(NT?kl`QcyVk+5R1tXdqTCLd#vv6O0L$fl9Wb7%X3#<& zT%+g|b5Rekc)kK=VcT?21xo>q=-4aMv1aBpN_hnP?+M~IVweB>)NvcJB>%TYHP2PGM}cxbLi4yz4dB&r zo|O%DfuBwL*ad!efuCLAXIJJ+GyAXqpa9Ss`>*?A@%-1x(a!$cO4-2v>pw*RsQ=Uv zpi0PPF(Ba5kyZy~`uXDvTmA9}%9M?*TweTq@$vP$SC>D&fAjG>L#XV_(vKCCKo!(k zWqlL*c#sfoy8a&$09dpB`$vb1>;L#2j$&SkrE**>w$ z_Fnow+g&vD1+0tzc6$rw|6ZKz-v79j@@Lln8Jq32|2?$-(v8!m`hO{)rB*;FXF>#%=KS)>1ZN4?|f_n*7{o&MiS(F%9|^-pu(pPRd>Ibw+mC^6r1 zte6UC#fJp#w;tz=2J@+D%HxkTLa9iU3?NP!%gqVhTh#=3(6?k4K07Kg2zZp_-(B1J=p^?s2aw|4)v0?|n||K=OEc=OJV{wA|KIUg?;anb2G+{| zh4UZXet-A<->npD|7Q{_vXf2Yv0s_~C3b(QLBIua=?6UOR27K>^0n)e73t-h!gUS@ zjKhRe7kJGyNUj%L3T%W*&|oeH?qU%WyOnUNXd~+U$N4;Vr6_CVKe1n&e?s}+ebKGP zf4cp{{!adHqg3*L=A1vDKYQ(VyZ)%3lk6`ochpPv!iT*L(f(M5@dR1q%Sk7g5NFRX zZ))m1z^JZo6OovVF>DWK^Q|1sA5~^AU;n8@AvnWkIsU84I{WYNq>}&Fd(q#;f45W0 zi`y)IlBx+8^mpSl^sm2_HUylV@U>gwbI$6#1Nj0WVMOCrWpOSCpB+-ew&J$!09s0< z*z!cm&{;<$p=HmZzSXJ^S=&4_fi{V)RDZnVz18Sp`CLH0c!d8QO^ z9)&s^G}L|GryYh=ZGAS3f7a4+zLLASV&=xE^52Zg;^IbI$vX?TQkKjADPc6!Okh+P zW9>j}@XeQUSttLGdkgtL{r>LzzgsDL&Hx-Mc*Zb>XN>dfG=bJCY1e{QNz%2TrT^{k zLl@egKYM#NUuDG8IE2A>5Yj-E9!ON#!zBVE3nO-1CqFQL)3V{K2f_JZq{f3FJs1_2 zKJ_3N%f?~iX5gQagbXR8ilX#ip1pAjOqOcW5lo2u7tXRSpDBK!1dYew@4I?`uV6J- zMXQ4nJZ*|DyRuk)bNL*;!CNYo$y;(T=P-JPzvWfT(B?1^_*+T^hR{0Cex07bl0XDP zM5Wa9f-_?%gOgaGCI}S)r==JevmJ&w;v%oC2c{-e+K0Yj>a_zbUwrA6e7{na|GwV- z&~eNKK3X5^_W#HIivPEFbhLZ__jbx2oDro^#1a$-JMnNc!5D@qWuaab2??%Eeweoh zAN2~6X<`CjAScKej2RzVA0&;(&p{v~icZnEFH84H9C~{YYr~TA7@j2pNAwm$8<6{7 z`#yY#*$jAWT56OaK>>`$=zIRFi^~he1$ujM%A<(K@YCr9gj7h+A5+ya|6BAufB3uT znE$gIlW|A?mtD$f+$jJJNuV{}h%%JkfiG_o@4z3DYwy5UQQ{r^e{TSI@*m{Eh>iJU{@DMv+ku0dL|MS-`U%h+nN8uy(v3mXY54%7MyAg=y{*24}N(zQ7VyxPG?NjBpsSqPsv8YG>z9;Sho zd7k$%H!xtxxspndL;``F)F19o>JSsgXOX5Sk2TDHIt0Tc9GnlJDgz^eToP{VX=bJ~_{u_ug z^`ypM(FlFbKB!ksq-)#hmT+)TU8V;IngMj%(tKo7ofFgL8oD&N)aGORpu6}qckh>H zdvn+OAknb1aj!@NEFpqKs8Hxjq97nK3^9j|A%v;fI=FeUof$^>F{aB{Ah*FIkhny&%1-#a+ZOvf4rm>z$=u2 zpoy9D^$lM+Y|0h9J7{lS;9jkoG&C4pnPU&70}@xu2v8pCY4&Opd(NbEZevZutMMcd zdKa!|c%i*6%Ovs)SLJGG8zr=#s=6Vf1G7o~tu~ z5@WU4mBC00_777Of`-_TOm~nqusVc~fFwzyhF7b*Fc@V)%?+?BVWe9(N2?h|d9<`S zN);N}6LXJ;(M_JKq5(IWw>v0~?kR5l_%PxkGh9F9cI)}8dtg)!c{k>xQ>)T-TX2aI z;4&qQU^ao%x`tOuq$`G9U{pG6(TI=UrBZ2~o61aARYs;e_TkOQ{CMt+5()oXw~%oD z{mauLMpJm(sI?^K%!f~BJcR6I2N-!kGb2-0t;|ly1KA099AKhk#~l<&c-YR)NwnR) z{mel09jTmowTe`Upj^W^WkgENCXE<8W0-~3YZ_kt@p%<|gAo~xXiQZT0a*Zk&qIWl zuH_~Tn_!gB>PE`s?8nYKjI>(I+8d@osbt4|t+9r^n_^Tt0N4~KN28CW(}YbMUVZvy zEk@G=TO%kJ zEXYKoxG6?SahyvlcD$|8%nKNmMTKismfiWL#fMMttT%qdH?S6LFo!pR$6drf&7K2+pI^RvYaGXR+ba_c=!iNwV7FstdMbNlw>?e-pVCmP>xl+Y*$3M=6#T#i z;4O&~hMTxK+M{ecI3v*pF020w2L~T%a&Rz!pLuF9O(o8G3_g_r|MIMKv0wG<{7~}i z{ZRPzrj%qN$?lC4fm7pNw>#UAqlANln5%<>e27=B#Z{q?6n74QWgV6LhA{71iXgFc z$_BUKfyMEPo|l%?$0_yZNMkj&|-SUgPiB(eD1V z+xd!``HB>i8*UQe4qm%N>W^aZfMdgRzS`$a)FZzbFR7B z_Q$}#aEdB)N21ME|GBed-OGDHF$n>R5^8rg{(D0i13pD@Bd9_ksp1h)G_XE!-Gq+x zKoQ0mW9C_|AU&k&>q1*jh`{h)*l=fe2N$LRT;nXC?$~S+p1Emj=akr=Yxqf{=5WC9 zmj%ei*Ob2{s4-XGWvaOxV{0~)Cj3}n6gPG6lxH+=J{Kb>`Jm<-ny?6wMbL7-Vg;kd z{?t2XK4?6GP5h~MaMklq{G-+GiYi78e9x;eTIqYvyDNRU;%Y5M4LrQ{7&Y+lHuLLd zuT9!O+EzI`Y|zFvY|hzXb1o`q6mG^vhDOt#-|P9uZNd^7W4m{?7NtfZjO8e;31KV= zT{sl3R$|sDU{HryqkzF?43&L1CVaDY9t(`-8?BwqJGe5@+ohZORT!N;`C-V-j zhN+wl`Rx*vR$;Vi`Wj$VKZ%>oTFoodmQCFpA5|NznmWDcx_*Co3~Vh%OQvo!j7n2? z2Uow+D5Bv^^0@f;V%xr(?WzGrOQx>Ros=wFV*}{l4v1A!U!KP2XsyT z_fhxgsG9$M@?!V?r>&GdIJX>-zu32&q(~(UiNp~2Xq35{(nKnOB!W-h8*31j=Pp(p zX*S}(V{GGW(LvV9oS`NM&3S@dl3VUCF7|sQwg*76?Y{|7NJyngLgPj5nenkOyv;!* zG(kpVls1}8V1zdysjdWp2}~4$aD$9M6V6jN92icK8LyjzHrGAOcxwA*3G2~xvNJ=R4VW}2ppl%Pk1We zlO}LMez&#@(q|uKnD+hK4#xS%8K!;zxU+A)(0Q&!+l;m3s4vE4#P-ky8!zl)g6%~2bLItI)g95esF3(??q}ETa zZ}@@noBQ&1AVQg+-zuGKy;QRVWoIAS@Ny0@z4VC5XnA&3ItF*OZzD~i3G_<1(HCau zCAQ0ROy|kq7FM~F$R&-~bylQ%81G8qQ6aMIWG;e?W$M^NX^%-CI~%nWvX5$LWU;7H z$t@noar$R23v38ZNRV8Qab_Z3S|zBAoVuE(@I3h(1`i~l1Dc zVQyr3R8em|NM&qo0PKDHbKADk==t^IU$Iy2cboW&sD~Z9M|XN>QYZbs%*n%Jr#*8f z)3G6PC7~t>769d_N$%f%2M<0)N|awodWh*X76~jCi^c9@cL8z|c?;zIfX(MLnh#DE zgiCit!r*UrR))jj@aXVR|2rHGtN)J1M^FDYIvkFN!=ur7c=Wg7=x}^6{u>PM4u$5D z2ub+ghPUpkI=FA7kSJo3NXjBHaR59bNxmiqPM$yk2)>iYWhy$|fMg0g4=%aKFkIQx0v{@ooqJ_?W1Sn5Y7EC|q(0!ZY;j0O_9 zf+QdjG@8SL&KJQ7JQmI9JmF*-Ae@{%7cQK#Yvky|bOk@@0XqOEYRu^*z}px(k&L?z z^;B02DPu7i3_K+!glk8r`9uhmVi2%7)Bo3G6wA4Dg{y1EeKB$R+4%YpvWQB?%@2WI z!l_(2^>ka7#y%W6UwYB}g-TWaFG-M~xLXCVMgAWj9voEV|KagLC;uO!?7?%KktC2{ zW*%mYr^~d@vemx_?-o=56+qx$&tAXk&lnGhl&A#`stV813kXM85>Azj5g-{%5n?47 ze4vqJuwn@ZiD4WNiNbXpj&VRea>5cN{zi^NLo!FDi8#hgC=s#B1i~PsoHLGozaXCb zRb(9iN#?1b1c;L$IAsC#RugzRd&A@@M}d*FeVryjaE=~FDJJm#H!XtRE|GKU;{OB}G3mbj1zBW>5k>)xK@aU>E?5+PZ5hJqzr>A4vR z1S&$A2L>*{9{dv_5eW%`6>#)e7-Hl@#H1p-h|#0775H{;v({QgNCp9tC4y9QO4OWs zED|1NiO`_E1*0BnR*(zT4RY5o00{&G8Yxr-3h)*r^317 zasdHV`cA{nPQX@BGLBOt!dfiic zUR5Ff?}^awL)Afq9tuJD>WLmd$B^mKBX|i9Rxss6(`KeL=l40OzjrOrkV5c z!c}SrnW_!|K)Mhn(0lPmLV})ts+ac!dK#8_gtHlXasqGIxwk++3D9xKY(^t0SB8C+ zx;LXxe?dTn#0X->B}7R$)%KkFHGv<7KMZxnbL30KJU(hbltr44{z#Co3>0B%IFSA| z(b&jUj1xF9me$Kt{me^$DI_D*&-UP1zRDDf)Pe@6u0_-K6`5kNsac>a*wqW~7AO#U zd`i3?2$YgWa{=1oHA^EFk|PPzl_p&HnQ>rIu(H-yEMlOMuFRIm1G3T*Q#^s|1@#ur zo?1>p;v0TU7i=mZPR;}vx!^wmfu>S#9fRQ%tRF~=6#Yj?)&YoGK zPtqz=CKqN{28vo1C9sdQYzWCpb2H@#vxLh9a=qr~M!M@2q~Jbw9R*8Gr0Kw)faHmy zXe?qgzu5~b(e@Ot7`yL;MG`+qSg^ns5Hr6Y;1Yw(E(9Var_)4Q0jAbJifHNkwATt6fp}ty?Lk(_DeHagiL-#-Smm~L-`4znW!(hCpR`x8n zfy?XEXPy{HBCfgc?Umb|Xo-@w8z-Ue*r5((a`wA$zYHEp%Z{`i-G^UpE zFzCf`!7*UOM>|OyjlJJ#7*c;FSkyO-LlXB*d!sm%wYMC)huYk$kaHtsQ#bu*N@Wgj zPVM%e#*L2=o-R={UtDd;j1 z$H7WTNn9#@m@A$qRxznxON@NRi(1LqOXpZ=w_X$T_gpwp`a-pm8YQBQ4zbo9SRWJm zu2Y~(+3qb(Zq+2Nm`9m`r0lCcX92opiLKb5vmg$LwJdTYNv-H~+0|G{Er6r+{8m6; zd_XUe=r~6ES|^+g>_RdN((cjDa889(4AScvDXDd_F$#Rm|XRM&Pry* zb6p4gv;r)MunOH*wr&lKtS_xrm1$vF2Yjkzk$@RzVc8fe7#7o&F@`j=r1nt8eAY_Q z@awFjl5JFL6J0M*?L`{8<&Ll&b$H+nf*HynXlL+?5~X zt^3&G|IvS!{Xb8SM@OCi=OIe-{9i0Eh>;6d#SY} zJ}hZCQ9@bEUbPSZF;ryn7C3?Z!ROD8s^z@+5Nq$z0wE$H0-NOcSCQ}jq85CjVm{*h^RGw>NjwNE7+jcW*f zvl*rW9!*!8D9_)VtGY_lh#0-cuJdvRHacX0SmWFJ&df6^;hF{kOwo7>wQEixZ?WA@ zkRY+q$e8^4jNG)-tAX;j8i!+7E_ z{zTEthA;gmKp-TM@dqnY>Y7t2F)DPc?a;OhRX3^SqBYmIt+cg5X(npM1e@qtTG@pq zqa>1z531#oI@og(>wSBhQS0ixMn);}vH9DEWZ{$Ax&>+gz5nV#@1l1Tk!3tu#`)L+ zSyRzKBXL~We3&rm$B&u$+$4-$Me_v)p(_?9rn{w?C6aEp-mhlk$TNMHmsWv~4E3I6 zG3|O-S{`; zUwrMRt%kD(y&C~23AEm3p|nl^H`{;K_pbN0w+jbvvHuQ7!{dtmcl`8V*x7#%Q7U|_ zH_oYJM=gkczhBBm(G^G{7mU+CwX?;&`oS#Nk#j{OKMUcUu>hSACGm+Q+O464H)YW~ z8lsRSj3*E!LEr#n@+#%Njh2lTK0FCfr<9PGYVWrViD_p=?ite0GOwY~KZS|*I-nHC zG_9jGi~iHc0PUZ1l=|O*3iC&7bDjE-#D3b~T0d-s3Pyg+Xe13LnWnTqnU58;))3gC zFSU8o0Xw;5K@y@D5E`1EV&JZl11mQ-K+!aD4Jo*r!yk`80 zM)StGqS2hA5D&mR72IN-;8C*%n4iYObQOA+s3l?}iuJjKHR35xE)>NFERk_y88Lrp zp_(6gmHVakO@=a1izlfYQSr@M)pUHtXKU?hB;?v~)&`M>7+sHXWWx1WxIP9e{%r00 zr){G~Z6vQU$)+^&Gd3tZw{omnBYkzJLn&C^U)qf6$_+~^``@zCO}7Et{Qt+tM`ine zJQ{ZSpAS>E*#EaP|9>)kQ`!aGz}C-_vYd^+iPR_J!Y81SkCB8!)m$VxKP1hW(@5I= z|1)Fv>fqmv5CbS2N!aReu}(F!fnfoj;Y=ZwDufN>bpX~kS2x1h0m$X{#`VwrJIVv! zw*JTCaW(!k8g=J?9;8&(e_al8=2PN2+2FgF$i)-*Zn}~vVDcllI#rK z^KAa>^>?$XTho#^)seSV{4sj=D2ev!m=Hi}=@d?$n7%|I2Omt1x6Kc=Nn5uKv@}84 z95#VWxlht0)od~f3G4RPU150>JdI_c^Q%)T7n1M`6eyoLHAOX*>|Z1d^gKp(B7Z1? zPE~|XjI)z#-V{{WT7q%jab525$L$RZ%Bgmc)pJC7hifN{b{cM>&qA_p0Z2bzjm7w6 zVG=D06X=zU#KzE;;(!84bYnNqOoh*%Cu^@InZxJLy=tGQg>zSHZSq4|Wo%0hkGvGA zm95|ONK;O|(YOpPW?WVvr6gNO8JAuZD16Fn95n4qRd)5M7h^yd(JF9WCG)0-k2U4}R}VYgXf>>h8GCA}AY;;VOn25t zA-y>7W-aIVhCOZAf~WIV+_1j6ff6qDo9X{%`!93ElB@hc_l+#UZT8>M@UZIt84o-E z&x4c-^EKu1yW~m~nX+g$)&~c&dlHN_ncnJ9Yf4sai9Wd!Yi478!q6R=i1sYNn^rwm zj+kUemZ5TrboS11@t5}ktI`2?2NrH=_jGp|cX4NAS9@U8O$NAF&)r#*k*jfwJbYO>BQ~^z* z|0su6LVK&iEUC*|K`$~?YB||XiU(=h_fR^#bdPJm-+cx6MgBM0A7}Qw*~|Mtv~s3x z7lf-#3y2qw7#14lj~fh#FTWz&Sx-AGobB*$yLh(ukaOcrmrtpWuf*fo!v4d1xBo^5 z>-OJqXa7A!X>0%CgW7-C*?;$K|6#NJ7ordfUjClz`v%k)Iy0~{13NRYGXpy_@ULM8 zwy^)^S9rhn-_zr9)&3hDclO_dl(zQY{0bk?{+nN6XaC)={WrhDCj0LynPNZY?8B<_ z`gP`BXYO_8UT5z8Ma;dm(!&0`I>>(XuMUJ#suA~gFa@{Re}|({<^GrP!D!g!|2;^t zQiMeQb{p{OAol@2!av$Is9rJ%J;Oh}$M4#PJY$r zkYDSg#wnOSq&HpXE%RJ5ABCimy{I&+kiSo_EUoCIuSzd|MV6`^#l70AchE;Gt9AE& zI@`6gUGL0xZN+|fV8Px|KP~Lo-Fy1#tl6&YT5e$f+dHD$Zvbv!{~rvy^M4OgzJUFo z-Z9>70RG||fMU8pXa9Hhe`o)9_J3#pclLi*zMj&;{^wUX$gWVlNe0Lk`+sy;{r>NG z^mN?a|NkJRZT<&u&i}}7{?SbGn#3)wbFQ;IZe@3;o#Y?e(fVlupR}xcfBxd^*OwjQogF=ULaq$ma<*#QnKt=5ePDKd63l?RspZ`?p9R{k0zCShp=10!; zAux3PY1Z~Nh8I62vx`?Wr1FMztbWj{OisC|;HHg#Ivu1RN8%{`nI?4HznkpD-=2ghsj|LLfc{|`}aDF5}IHkS`-Gh4XUJby9h z!K3t35WQ?|na@nEU4CBk^{K~IWmCDMMziHP)?HE4Yfw3TGM{stE49)qJBQXY*e!Rncnr{(jQs^x| zNiWMS_q;YmJ9S+<`)#|fo!3p>Z)TUa-L7-PjfR}snKvDJnR&c)<59+8vj|OvLEX(N zJBZ!;^zH(*^6=j98k(9*rdqkDZhDDNslV#QvYAS++{}87LwH9qn{m za4U#af|)t2#5GT=j_rrCXt#YA+}1$=-BZ1AmQnXDsJv!qhQws;b{ z6qYW9rAuMyQdqhamcMjqXaA3Hl>oBE{vRHX*1rFAH0<&}9;EDG|Bvq@0c3pN86cIE zi}i#6n~uIYDPx?yJ~!1bex`vmxfK`Z|2lv7;`Q^3U*5cY_oF71^(o(3QUXe^&QKof z%!gZvu(s>}HVFV**8kJddj8kZ_-VKPAEMmF`oDcle%$|^B|IX5{{^G-wMg7DPTx2% zxX*}v(@1uW-TU8kMI^LQ40Tb-e|JyI*IC-`{|W)%ap7PvFpB|>%#s2Sp zVzNaxYZ;&Yw+^t5n~vcZqVfCu3ioe#DOWM5zcG~BRQFqnqIQAKF3{NpI=evUzeS+) zM)qI2-D(*N*p~mN{;u5rbbQd||2;_gn(e=o%{uGv2G(DrKXh07uMtqA71*LhXA5?= zU}p<@A_;* zE6ca}ynM;rZLYRv<960%XI*yIWoKRf#jVRPZPIjQhth2St95sy&%LgdE%yKD>A3R! z*U{7Cqt5<+kfLnh^7a2Z(JU3XrH2(sd?z_w3TD;zUNhvIt@Ny(QE3hUi6SP8(paG9 zu`qU1rQwnwUJ&;xnIex+qE6(q8uFC084b{6v%>er!c1R2;YlQEi0SX|+k>}>V+HVH z(gysU>{Pa7k;Q4on_o$E+n5Shn|t;;5mG0Py%XpRN*JEYMBMwt;E zk`EI&diwO>>DH9BTfp6zC|62QE~L4Y)8RgTwEFK$ujt)Mv;4OS-glq_w#onD(@{nK zA03Um?>|0B*_6Lt?{;YxM6)CaRJBYN-&~5{iQqH$$(;m=kjP)27Wb5yVp~WVr^oeN zFRf~j$bOoAOU>RfW?UBX%egG=a5QZ7w77fXbCjpLrh1)jU^tV^W5ER8ot)ZdhTyhR z`D7D`2I+63k^KRkqOsh;h?HWERb(ipRBn}n#okipV7dI?vWbz$zdfL z*Ww`St|PD>8jSpy(I`FP6PGoRJwq3we zQO_w~ThRKr1;hW#ZvNirUT>Jjh=(zj-(}R>fYXHtAJPI&^M*(A3NesPB(yj-+ zf~4y~PyP4!F$|&q`LnZUa+_u>iF}y+2tM^>;e|k%zHAT}X&7-}JNY?a*F6(?x)q$a zT58-1(ydXk8I8As(KHSn@&fmS#AHeXDk%#0+38EGz(k=Yoxy^Lf8Z+Z@{wfcQf;Tf zeQfLfM+K`=6{QXe@RSMN^vhuN-Nh654nI&Kb&i{bS;FWM{*hJDLn~pz@sEUZ^r3f_ z{&jNpTmaz+Ar(T=3r@Aq8mzVN4^v5W>epegZ`#XF+`3TNLH*RiwjPRW(C@5(TC_Wz%=2fq?dSt8)&^B2N# zW6pj@PdYC3kqk^d&VF~?rSO=KgKtP+RM-F6i)YVYzi>nU4*S@={>S6v<7)or!PDb$ zxBefZID6?KD@dK?aH4Er$9Z3U@!O+?l(Co$26HMG$yCRB3wxA7)$RTmUXzH-(FYGB z$w@%}L_alz^N}JnFa_c=6T9XUz_@(w8`>VSOS*B$^uRwrQ3>i@M|MisA*JRMv^l> z@s!MSoOjt41E!2gAvuW!5XeaV_U5GaF%H-&RPD=A z{r_MP=AElyyJGP;)d3Ld`Lxq;%28Wmf=U#Q(}%oA7`Z?Emyzs0p(OC^^rZkBSF&^| z?7J{!xp%C*chi*8P}EOuQj)Yc6)wY7-#)lpXN43>zppFjb$6M(J-x$peh~IK4A#UPU~xfp z@xJuzw?})W-;Y6{W@qhQ6&hGfI0;cAS3ijak3=xV3^w}UC)#yj=f!lU8R3_RHnBpI zz8d%#phQEr!n_xFew_tuo4mT2)*=l#hHR-w9Rwv>rGiNS5rTP?$ka^9xzfx*pc@pJ z(+ujQNHEjqj0FL^)`L_`CkoWd$g2cZfs|~fUsu_)fPh>e<=Ip&%`VDuK0$3cO+nYc zZfFJY9EHbetmk}t!{-*8Vg=_D^mi|CqgHJiYK$)R(Y3-Mx63916o-0}?ic)_!%NAN4a3ecDjc?I#Ye9bA(hTeM5?PQBU2r_@N%aAcw&tb z0smXI5ODU>vy(hVn|s-)u_Q|7!~0X_Lwd3cPVHUlxz$)XTE#qlk%Wh_6a#xuEM|T` zJu%g{&mN}+qH9TI&8tnMiaBKp#z{bgP;AnQ!Bd7=YrUo6<;TyP;A@P?Y(^t0+X%=U z@EhhMJhLr#Y1js%Y*u$tCa1p)USp`#TH0PS1qvw!0S&3FVehsW6;4dI#mUm>UE%n3 z+lH6#f7^;t@o;r(A@Ce$G(xyuP;a5pGv?eW^G#SvcnkEC0DVxFbrGXBe3YMKY)>PL zQK79Clxr4btWew)qrxeBrP%R9jb>iMs3BayucjE2ME6X@B~kG%~;I-Edo3x2(ybHCn_l2jy_y>ZNOsom>lXX`T*u)iNMxxb$c@zS=q%=M9E)&bDeQNeEr zW!F*&v7u8sxHS)4x}h!7&kW-9o z;N)CiNziWlqv4-hMdjPu4D?q2iM3>HW(3GUfQP(*+9wnLy{16`Y>E7uQ;9$l$wDHj zXMEtQ37x5dBFr(u)U#YcdP?QDg|=7_j{ZNe<<9OCoa+W~g{y43BfUv@WT&m4QQ~o_ z;d_Oe#R2`_)*x$NQ+63zYp(p1s^(&ht=&-C@MDfq)YiRIoYAa#DMnE6L6sZoum}-( z(6U^yf>CRK>L+VHC_KDf{HdSda^xPlqb+XKDoQP!&zn%%=zPw)D}1{0aw|qHT)g!d zwQ%vabL^&qvgmQjohbw62vsZ{@*XRVbm&w z(TvfS5Jp4j!lH0li&3jUK^;b|0tLJAQTn}D|K--{%P}f9+B%7!;8I6z8#nWtFxoVI ztud-j;wQMACSo;Z9~w~FgwdwyYk^VyBA>O z$IHza3HoQFp7;cp$} zXwF@$I8uzqnMK&g)w+XZkUGP34wCf*+9apUUzpqbBr*qp((RviPzy+ePC{aN?vdVO z2lyca5z`n08lf=JOae2!20>LN@U&w(4}@xDIO=eYyk-#K5(DjZvCvB0!-^%Q?;t== z>b#~d1NESn7+@yLD5Hy+xg*dzGI6pHEVd}Z(q1gnn2o~&GK~CM3GbA$M_yjo4 zkgGQ=;qYD&I48ed+d1jekMbQk4ulKVGK{~ z6xgIUeSA0dKZ)$Oo|Y&=Poi(I*9UqPZ89>MM>e6#JZy(k1Q_qK2NIbhc}>wHH|MA6BZ2bqf0F^3ZGl0IfOYAIx1 z)zHXbQKgbyJeK3spP4K$As8+|Fg3=Nj(8}QAX9RxYKp>T@>vXSNk9XVMN5pRR_$zN zlW|GSSoN5YN+qpHc_NwpS7VQnpYeoTFoA_(Dv`$$2@#@i(^CzV(%_YstwkCE5^qr$ z#*A_ENcE*>|IXIL+G40Kg59}4$6Gg|nudjm(gV0dwq57fsD@E*#i4qvHhQS6aWljD y{BBnuxmr~1jOSCS+JYv@Uf8oB-_U86u5_g0RR8P^PeaHE&%|!<04%E literal 0 HcmV?d00001 diff --git a/released/assets/rancher-logging/rancher-logging-3.9.001.tgz b/released/assets/rancher-logging/rancher-logging-3.9.001.tgz new file mode 100755 index 0000000000000000000000000000000000000000..1c5b7ebf7bb215b991b6627aeec8ec3d41afd622 GIT binary patch literal 9470 zcmVDc zVQyr3R8em|NM&qo0PKDHbKADkXn+0qSL~Jh-NybR>fuLvbfN$ zOc+m>X_sZIe+NFyr~oQ}z^~8WzUfXF4~dkh1rDkTFVG7JN0<{%m5dP}8H^EPB^i96 zkz}x72?vQ`91w}ZbsUayKs|EI5+(iyjzdE-MWu;2#!M&?vB(5MFQl9^j()cwp1W0K z9RNwDsh|XilOQ-@0reImcs+T??pFTUzj-pE(u!WYmkO(7fm&NPOj^lA85|0xhS$K+qC0yyb2?+!$ zLYW5!F2D}_8zB)134#T1^jH{Trc5buQT17|(0g^d_RC7wyoO&!0 z9%YHppuHKR9%@#QGt~`p*DwGH1Opl=R0Rs~W+d{=zg!C7NdzncjOLWHD8xt#xT10f z0af}=!_H873L^1ls{6MzqL;}SU3fiFECN1*D-xAPQfQV$X0%cxH(^1*u8ex!QF>lg zA^z`)(CCq#22@e)9=0wwGqBQ4sIjO&MEzpokZ656afEOnt z81(z0{T*VcnRGDx{w=jb{3AipwuKWhAJ0%}aK=>=MG79FS|BCs#gQyf?2_7QUAV+W zY6zLC4gf&95Ju2>`A0&6j()0__Xs)~mU)De33_q_@7S3)Lq7@7amZvsBPth$eU-X5 zqfmcAK!wBzV#XyzNjTQ_occ9_@B82Pb;UE}bHzM9YCx1lnvecSkS`1rVQM&#{x#Cr z$VH4JI5w8n>l6LVOMfXOBh=4!;Ca5v6pPe?2B@w@)AkJ+W3Z}Opexwb3m;}E5ITHJ zybcJIl15Vj+Tt}!BNmb)3DcD(TzJJeuqaqq>nj#9&`4KibL0V8Xo)GF!qtp=GiOIF zry%hSKc)*d6%fa#0*qYnpMpSBsWT1Om;`Pt;tVMlJ}|&Y8+WS9bnRj!DMx3=EYYWF zl`)euGb{r|EsGM^Ct5ayWTCm4a)e33<3*=g) z^wpz@_$OycJko=3L_IX3#N-L5a~j|jUkZ-|#B3kz=#NS?^?0if%~H$v0|xN1W_loS z!dZxNhKa}lTN(4#v;j8$9X*-L6Z^cD?X+a@eJz+s@FrjEparw!)H_8j0~9}Li$J~M zm1mAmg@SuB_bh#!0#vhj&#V?v#>^!)VlxR6jO3U~Qv;Osb*}k;1RWYpSjRpOF+3k9 zlL_*3t&v91IehzL$ABL;z`xuVjXh_ad5+PPMoK%FDfbmna@o`p8{bSD#%W9~<6+Q? zv!XRvLT1(=ep|La?Z78iyqAn)XImqvV=3q|634+p zNlBb5eV8krr&ckkUvrFn#*13X*-7VEX}3-j^LJc0R{BDWgBu9!!efu!uKE@uI{Wr?lWpR*tih_x(oBT233blKHdNiBe*^!!#pUtXh^ zNOT;deXSEt26iEt1!?zar#PiTDhBCvjFi;6*cb&q^DdDq+5LiYZA>mYKqn=$;)SjQ zep&%$L|BFHD_ge)M%I^BtID*ntOGt(vPi&$v#@Lo6%32@7{lSdFIM%dFMXX z_2fotY}|Jgxx{*R6Z&$jdb80FKa-X6?p zI8s7c%U-n){~=Ul@n$%Jz24`~j;iInypFZ^Xoe7x5P?nd4WR4TdR?>eN9Zg$5mloO zbn|LjCAsFrQSAi4{l$2ni|#hKQPMc_;Amg}NyD>bGNISd>E^&N^7Y>a(QNOK_AyC< zU;%$5B+#c(%I48SaGignfv)RI)rT66fH8U`5eR~X2tQ?--3)v}QSDO+N8=ho-)x4d zfG6XHCd!LQfj z=A@yMjI32pW>%-MLMz$_B8T*?9>?g1_S0LyGb4$C;+`6MnZ_BerKcMs7;_rQ33UEj zbpKm)D$q>7n=o9{--Z!S?AcB06PEEfzEm7HX_S-w2bqy1+u21 zfkxuEviUH_sGmM%=5v!Ub`{NM7=*5vnKRur%`B00yXAg08%Lh$yS%gtd}OHiJUi2_ zhm{@rDo{&JZs3oE$r8)dLJ3JkrfUDZDC3lRsh1}sC%V~som)wE&h6%_c2QW@srALz zZrW-%tJk>|fRaG#tQJb^^nbJcXMOK_Z+o}n;5GK&!Jz-FV*fom91gek-(!>tAM1^C z>ex{WqTB73qEU1OlE@k3^iS<{?105W-%a^FhJMhhRF1gJwwNKCc&+a8H&XGQKA($6xlq0m2tIqh{oDUNYk zM{5@Sr;h>JKc^`5zX28IkJ!dKbs>rUw852r*a{Vl{Fu>58cZ@xX@4>wD`+htut8sH z^QI5%44Gq;5pTH%nF1@fDvfwX2bkOT$?jM1I8RdW<6zuE)aVF<9|uYd<_~ z8#QVpd6h{vrjehqLE*WTW7Qhzt9ut{h(&Pv}z>JxF{2597CB;i0c7m1D!Nn_?Tl6L?9 z+}OSP@b6ZL0Tfaa);e6QQ_XB(Sb(QEQAni7{d51G;=tFf z|KV_0J^vZ>xA{MhQY!1eE(SUCDRCWa@NG=w>?wRZUPu%$`T<-WE9U+)U}NYguIcS* zzUdh68ho2pKxrDMf~8L+dtg;{~o0jl{<-Jk?Zjn z+5Fe*?`BoEq$O{wBk!vCWAtn)iT3K4BY@P>DP*3QzCf5Ug7O(#=<6@qDr{ zi57(sbV^2IgdXh0mWyORpuF!spMOYM&>CysM=)c~Vvx+mgd0FGXr) z>o-kl%BeRPmZ8Or%L=5FWHTw_(u)FxPnbOiP5V-nU7ht}4Co?S1k z9a6P@^T292vbX}4QVR0cEzqcGzM4VnS4A~yQuuq1*nqZT&xw zQYy^X6vyw9OHpLXqS;t~IFQ|wV64gXR)<7xd884^;k(U z$x@b~lEra*l`Gt=kFxen#SWP+E7f8nqmvDKQJlyRga#>!A5`NGxfH3&J|S{8f=+Kv zxLW8v@@K+Pr?&+tyXMfv4cN3(C$93O!K%5qQElU+k5>&?>N+wBgUX;InX zXeG4QD$J6)yc6^yL#39J?WCAU)4qpN^3nsY0e|xq;1~JdM1P#xe6!aNfoLVCZ4-p6 zO$&$@Qw$3Y^T!Pa#Ft-@?X0H_7S4M3cU?T|d&s%*w#%o~$5-O<_l~-(!@v_8&f~{fAro@1gBKY_|VG6hgtv-*bK6fEvTr4BVQ5TQhKL25!y3zlRyv z!v33H;=|g1htGz~{=cpL_b8>U{WrbDN3{Q@m$~bFO*V^xVM2RxW@iFP&QxL{@d?A+s6MrO0iOe zME-gk@Nz%*0Y1S$+BK+NG6)^RKb_r&HzP0iw{FA-HX|?h8{LR%_A~ntuO%nH=se`N zI@LG@(}nb=>%3(iOXj1HG_n_!W)<@H>6N7wo%B`d#jnUxwWD}Yd-WdrXl1o--p|%{ z-P*4AX1lgxzk9G?@2Q^_cI@UoeRbCCwrpB%VgK7ZqT6o(ZejlqpKbI19;JK%`#-&7 ze7gbon{NP$;R0Lxe{275?fH&o8l;U7>iJ2#_`Q|KORNK`M^t7;l+=Y{-LM(==x*xZ=Q6n)4A07E9*LXCwBDYY5=-LuKYu9Ec$tb5 z#;*wX^MUBE`4!7v_U>Oy$a3pCMoyJ$(_YUNb1xqk;}wv@gW*9xdw+_OFA7uzc%{Fg z^)Sk|rTowCNqqqMf3#n{|9Ln#+~4|t9;Mt;{_8z$E*;cnws5U^{-W1`C+VjkI@$U) zQfTS&^O~YXtgU|qa~35l+0^vitrfUIcqEHr9UY7yn7E=$U*Q*#% zO^8kCwDL+MV*{}sf+2GacT`C=W5S?Tf*)@%3FZUBndo@WkJB4&%RSf9cUAYRr>$+b zwX=d@EEg{*&pts~L9|S7FEy~sSgsZoDbv^8AhLmYc}OoNKr2t?Ew5XtxlE~*8|Jo` z)s*_HUZ9$(uF4Ih53IjhIoxh>+3V6r9yY+;e!{_AeP6f|yL6v>?x4~GO5e9;+=_dv z=|=d%&DiP9?zf~y^PRWth;qAYVN3VHw(4l3TX9=KtP;%3Vdebpr0T$ZEX!@(_pfaY z^#5fwLHY#&B4;NYC-k~W5#(o3DWr0%)!J+0*6B{Ip>_H(aPv9|a0I7G^jtiT%;ynS ze&Rd-xOjbYfp2J(TsOT<;yAz%BT0hda$c%fFbcZ4QZwImunMv8r562Xs-L%)#@=sf zxBnmB$pO61|GOOjF*w}b|Nb~-gZ=;TAsoQNhxPzhT&~ORKpT#-+9^BCUZ0uj=dWlW zjc@h*?ANmoFWSi^LuMw2cFUhxFJsjbu~bt^b$y+*UlC>s^{{LV*5?J}C2G z6aU{zwrzCj-jBa>xa>)|yVLBB0_H1mpEZo)AslHdIN&efQfngA13K3ly1W-RTLbI| zceve?T3+vZ+d8ejRB3Dfr~7fu6}jcmYB#XP{@;IgRJH#PhTHq!AE(@h{r>=oI~6u- znZ)y-n}uWSCiA44hEs^f+2fbEcgv*wVo*TGj$wz)dnT%B#M&R3MH z)5iW|Oy21N(6#yB!=?M*_n$r6+JBExzE~jd{Tq$jOz(TLF~2&AUyo1?m!*iUjk#@M z`8G#=mW+X&pez#>^{NLfQa{vF} z@Y&(k{(qFBY~b?sPo?kAmL66l@x2^9DVSB;`%YhsU;4PXK+j`goPAx{B|$tRl~0>n z4SB-Zga&91$Kg9;VWuyi@+6Wp#Ps)f?ZMm7@&b4>Z0#Z}lg8SuOL7L{lu7-yw}gFvyJPkX(=8=*Rm`a8Qx|M@NHg{NJOLRbe*uZkG){IevR7 zelLR0WM&=*iIB)&pA`3$nPStQ_D@;eORE|rvY%$(QnPoA8JC4H7%odY91UANE$*K9 z6y=Gosa~fW7|tZ~STKSQ$0upvmnOKaRE}&Uaa>U_EoP_kG5BQ|G!l|Tb)KxPRsXjw zYvuo27E#4McTfZCdjC^@aJ04mAEg-kKb2UanQR(O-OBVg*!_hD9^=S_>#?v` zRU{V3UsazhxlNkMREVF^z>4mX8u!UTMK9(KH*jc~f|CUyiG0WcV@`ymkKvwf$%8bhbP#rC{2PnDXoJn5~un z#6+n+p#1M2465IM+{*vQDixo5$@z1q>nlp<5MQ-u|MH9Q3zp{fp9tif1=udecU4(u z|Lq@D^1lbqhW-9_{Xa(8Fdf5grknCs(sf7tkVYM+oVL~sK20vbu4Ja|2s)A{xGJ|r zXRp*pk<{j?sQQzDU5V@$OJtnLrCb#acyBqq;{M1pr+9TQ)Y+h+>hm`3(5LdzXG6PI z4K2%+?86l^H$|EK9Z-?~xKifYf2fpiF3s|PP6FyHCeVJNAn1C0gKxeR%i8n5<@-Me zNBdj({}^S*8h}#?PXdhKNx;};5<_Q|wCg~pAn7{LQUC4kLLa)HKRY`nwrRqW$cNDn z;8RZ)UI>)w%Lajw9wYW_C$9o_)iEbecY^a?ON~20x-%*^qVY~Jn#Q4zyudvsF&Wc< zN{YgLe)8HXFj1&UCom)8CtRdmK9TH9s_itmySCncRj?{mQR<)oPnpn7zYJF2oG>g$&84zWHO=G&?&@;w~GZYHEta~zEhS1D^Lv+At7Q?FHh|_6uP$& zeAoL&%#VmpaDR*?|vAM~WoY2j3uO7zCi!p>c-OX!=xp+a;Z& zK2#_?Cz0>$K%_R7ltu6)))!o&U7!DJ*M;{{umBe6mI@_^kwZWubRGA_+4-4d9Gx9F zW?{%8_~rNve9DF6PO0qa{~Pojcl;;s>Hnt>X49VfU;0zbqh1bZOgv@rPH2F_*>lBJ z?CiN?a_Q{3GK`(Q|L5$$FN9N;2zdSCrEuJsv)|E^j!S(cJyVaf-yL@@JmzEXFC;Lk z>;LrS^A~Slx}krMeXL&p!{M`M)%ef-!=vr@A0DMRJ86;?q|S0URyMHXe5}6s?a55a zSd4nTDV4Kitj~H2dz4<)?Y;|dNkpdTgNKpiB%ptypJsl6$HJIJ7|ApRLx-W}w>Ci< zkOC}99Y3z)?CgLH{*TW`j&pHwF(zW>d<#lz=`;u+z7GYQxK zERTgHU`ebj;Pg?ttyl)XG;)QSM)h?hIr9@w$vnsTkZmzw%$O9ClUM+OjMVRMPii0I zfGt8rPZlYdKV?HT&`P6sDcenn3W+fLAB2zp!XV5$SHpJ2Y&X>b5bF7~({RF3TVsMs z6pqt{yhj+g-~W%1>_4I;@ciVp0DG=v=~CEtVajqJSb6WJDW##PpWK8bX>TfAgp00y zaIwq^DU@zkSI+BhGI=|Chw1z*5H38OC~}+#$--0X%KSm^QZEdGif}OBS6YViH(fP+fd1J^Ss+PU-h92-NJX-K#HUC#+boIAN)kS4(z;`&NL(Z9ML9LNYYn59|M$V=vJ8b0?#kAfNhgkH`7|AA;*x- z6{&-uM5|OV2_Ql+j}n=hDLGe~IS6!v0&|){9Ty2^`kb&JU{`vOis?jwdKr0@pem4( zP4w$3dlnFoGo(D5%DLG^InE8#mXj28{p*HS054E@oW^?2*Ef7&u_;z?ZlJq)fm^j| z(@*R zWab-)@ZJ$-QtjEW&It@+60jp{Sh^kPl0ky2VP>%fV+h8L12D~6q8R7kdJ z#Yb-wA(hTeM5?PQBU2r_@Oq;EcxsIj0smXI5ODhA^W*%CHuthoV@Z_EhmR-BhcvSb zPVAMBxz$)ntzw?ONW#Ndik?jri<#d|Gp4%s*=}kex|USdyjn%7m{X=;90x=Q#U`y7 zJY|@r)@vGGeEPf!zQ%}5CN!e5jeyJnzhgeabK7#0hHWs)W_2TFa`JQUErv?1rR_CS zppc@cztvg8-fb}|WK6fk$SHqX@3Cmnm;K6(uSGHt6i&~C0nHN3SM z3pLhb3h#uo5akRLk*fp?#DaATYUsvso(B?nq`lk0;wcdL_4(U3+Hq{Qy&^`BPN>*r?N-3+vAwCIrWvgo+%KOeXu!+hF6ROUXw5ma1%F2cam-g7bM)kW%YkyZ|?(* z_x48cD@!z{iNKP_;9~*sZ%+z8cB`J9R|UV`tK6?Qrz90gW^WvGoNM>G+1dIG1?=rb zOz!PvL%gspE^>V&nRNg(byV;hLfN$xLTu=i4sOWqWdS0n?m;U*Do;H6EZ`0(aT`y7*q zdgk1&NqbrNsjVw{M@m|ZuZv~F zU0aNnrf#!Yv;UsVJ*C-QqVL*#tE`@-hB-ztazTZ}$V1ChU>ZWG?WLuL7avcN`2SXB z-22GGs(W`8Mwv6*O}*K!kc^WlUaZDQ&_5gX#0^{w2mhpNj&&L^vfbC7V64W-H1t%% z8jL!f&MMh!V-&0Le{k;Gi1+d$hm3|Lal84xAbe$nIJ%2B}d2 zV? zB9j1=ZvV7{T0kOn5E9E{kMtfp!0QY|Ok)gagu2&yW9rybMzL8wNCqdv}& zR}2E2W1zh*7Fwx$Sg^$O9R%n}9aj{vsQ?-Q$<9z2H=$kx1dXOa;hf!doL7uPn0oGc zXf{DCf*HF~kW+W%1c^*IJ_U{w zrwA~TlxL^b6_nBra@6X(Jbj^q8b8{;;Z?w{Zp+&q_eGY!SIBHWmx~xhZx_1oyo8uq zdPGMwJh>>OL0;^dlLlWO^a;39KlIQGY?s9tmdRijRd#CTm?Ic2Krl7Ng+B36DnX{?RMixP z%jB~d+>w9=B#Y)4QLWn9#0KM%nz8CJA(cv6lk!9|`>)0xBR}H_Ib#9~!&D-VB@!Y; z--f3eDy4^4UbYr#1W3GDVHgv}%_G&9p8b1U6HAMsx(GJs{v2=Jh-w-ZCQ1+B9@%!8 zU!xjEy%UG(vD(u^WsRE|&gXZ%0?E~)YG*v3O4SxLN%q3#g8YTDS+-?cwq;wkrEU5D Q0RRC1|A5L!%K#Vw0GY|I^#A|> literal 0 HcmV?d00001 diff --git a/released/assets/rancher-logging/rancher-logging-3.9.002.tgz b/released/assets/rancher-logging/rancher-logging-3.9.002.tgz new file mode 100755 index 0000000000000000000000000000000000000000..ffe9599f3c003202036f7440d2f0e8d9eb8cd6ff GIT binary patch literal 9717 zcmVDc zVQyr3R8em|NM&qo0PKDFbK5x5=>GcgujnVw_a^pdQHPJr>ealejGgSJHiyg3%+^+F z%7)06gfU5Q08ox5&imV6;ovD!qI@N@E7a7)B7sJu(dY{ekdw%pA@2rkI;GLHcQPYf zx(gBpe|fOd@Av!1hll##e!pM+cQ8CY`pe+3f7l-khl4@?Fa5#caCrC^=sz3^%_R|% z@W1r$-B)#Rf09C?h)E(Ti^RwQ@Q5S5_k_>8raSV_Mv?HkytF}c# zyB-T;7GWf_?i~`-UyuvRq7lpo4vFLJ=YjiIx9|8UJWgY&ADyruKu-!Fkq;9ZNaPBV zfJD$}3Nt#L1q<+4G@;XklW~A>a(*gYIAb@+(TDK@e$oSW08Z4H(@B8$F>)dqcOB}f zu4YokV$|z-N=yjXj!^T75GX}2U{j|5ugNIpQ|B5NH;nsY0Nx zB!dM@I7kfRfJhXs<8X`v>X8$cDDgLN92$}-Dow;OWA?2KL^t%P|+^r(( z07x=T1tmb71i={#sJ9rw>&ZJN&o~NOtiEM9kZ9FHTBc#;Uo!gCZX;Y!a{kjxRJnp2|Y)MJtG zC`*I}?adhVP_u%Zscw+Fh5<+*7|=+eDo}toBavtRDc81D6h{T(z?%&dgUMFL8;q^qZ2>1+cNK_h0p;;1{(MpZngarY+G3s?k>3LO! z_`fAWzYkRh5qc;D;fsAeevTp2qet)(9xPzYiKfj&Y0mF+Qh)DSpdppoJlX*OFHS}< z==VeWJH${k>0tQ7TWW{+dxD~E3nyYeUZB$8jH@P!6g)z;KuXq&BUzx>CAHPMaE*)9 z5HeLA0DyEMjG*)K_k;u;{ZudS5p*;x^9Uys^yCQMu?ug8eiESLkjaEbR4xqrDs^v0 zq5gt^3W*WKj7x};aIEb)^=kw_^nd8_<$OE#_5>xEM&5U|8XGblk zAn^@9rVBO|5GUsXj9l>dL7=JBnFef30yh?MhLj5*7+|E0JJn^nb}^EaqqAd{=zdyd z%;d}r%Ro`fq6GGtmJK0UXl|w)VUln;L$25S)JS)|f)w0c*HN(4M4Ar#5lEgWipC-~ z^P9b}5^YEEin04nSS0b2gc%Eb0WtHt0nRbV>_Q+?aym|=6<})pvq%XoNoa&Tn;9iX zji5^BL!lY52smR>3o;{+66&iJ+1KEv)Q4fe-*^9OZ$5C(m|wx`zYNAZYGqGy8@Rkq zeddXtB;s21QcD}VYA6|&y>vMG5q^?ACH3Q_?lkZ1fRd&!#5)$9GbSxL)2BZR)gsE6xyD9pCP9Lc98+m(fU>?WHUE#GL!$}n*ykaJm*ZqI zL4K(<(g-?7Z-43-@WTf9*9W4p=ZrHiF`CjyX$Ldqz5+_Fn_6Pyn`y&1jj3fK40>@~ zats*p(N5AzWA8T_hSXmO7IjVIki=cn-Y5=b?alk{p*Hs_ohTc$AuH6FH|e3Q6k#t5KG;GjWMC`It98^ z?cRXSF+w5EI2)&igBM>g?;5iOWGs^5;qb7ppJ+RT1g98~#RYmS^2G=a%)1yl)e_h| z9UM6&2C8;nF~Kq;OxbW<&H{AHT0t!_&Vo1~)_TbeF(oz9rCno*wE&LN^IHLZ`3b#5 zqT?71Zv%ZYumm)V-ui*(IHf`=ChT;KB-Z-g7#_Z&GgtcIlyYsbE;>LbCDY|p*8xAR z05c-2(cmk4x&}tpmsZ`%e6j2aK2`Egz=X4~Y;YBfm+`_FT$&+Mn=4~*YYA!ibrx93 z{;IXRZf2@)SALTB z?qf~-NB>=p{~SFZ^tbV!rzp+ye>uY-MlM_#-!l}rX8sSJA6Do8_;~PqJO58nK7a1* z!JLL8B`~#IRDSr6p(2Yn!x8NDzI<_1E$8K@SVxa$2oVVp*d%uVUB}kz8pj`@vlK*B zjXKcHt7&!NnjJ^w34r^Hi9Q#@ZE&k3W#qx}f&P<*7s+HoKS8IP1H;JIe;Y(I-y!W| zk_5p5eosiCccYZeqle%+|3m{_*O#gfH5>tB^hhEQ1Pc-Vk!f8s@CilbrxK1PG=#o! zhN*yOAMS6S7`weqqpliuP0!4hYS#FeB0QWc}6AN&>(;@nnXh-Y?hFY_>DoR~geLZlo%W6B6lp-ISzwMSR+$z^CPy^`vPX{`eox6xE6VWok#}>$% ziUt~q}TVeBfJ&oBsGF*AF*YnoXi>2}NgYBr8M(|37k75KEB4>>qv3FC|2;*i@UeDk z)4+~e5Z!LKl#QY*kVMWHr+?@`h%jVbV8KGCz9xpgA(49MIUI0 zLXt2ZL6ii61CYt9l>1g%Hd^@bBtV@~LSm|;-*!t(2NLqAjeeFz4Tb(G%xnKYa|){y9ad{|%@xf5bM|sS8Q$rwwlO!&azZ6Z8}2sTSy{tk_6%@_{Cz_1^gs2Qp>FlVVzA7t|ZArAymSn3lYj2#;<8K zZJa9_O*snj1iVwhE!GJhHEV$R>3*25LLU;fM65)yK9{gYJmtxSqWFL%GEOWb<}WQ& z^CPeFxYWMOP=xw;e14nQuqSFV5VKTsa{ zy7fOC4y*e=gZ}pX&y$qO`mf7D&SFYjCjxvI6FJ+5@5T#>0!BZAt8>NNzXfaz9mO@h zJ@s&#R`p-Sh`$~be`@hFa@xOzkZT#;^N>RC!I2O4c zKh5U9UVk^Mx+N`nR~>m@#UG<*kCN!9j@bf8EuF&26VsO{>?g@kqc>!Gl`3!cWZ(D~IVl?zGu1qzhUoSLGVO7<@j26`SNJCQ#W zL8mH0C#~7ZHE#+kY$?Gw@3=1a`1AUP1?5yb$m%(wyu+mvMjH*c&}Si8w*aJ@ug2p3 zWML953M1&0jKs#REyV!^lIX^6o|y_?zKoV$OEQHoUpm!3&kErO zQY%}(>5-5+5k_4AU89n+@&8kNvJgX7myZO@s)r#*k*jfwJbYO>BQ~^z* z|2T(MLVK;kEUC+TK`$~?YB||Xiicd<_fR^#^oVP~-+Tr5MgBM0ALsVG+3UwZv~s3x z6NIZx3y2qw7#14lj~fh#ufHPOSx*}*ob~YUyLi_3kaOc*mrwgXN~he?+U28foAk9J zy4u42!^gM(o-f&dgM+R8_Y|eA{fAF#|KZmDdu;m;o9(|4g;4PF_gvpMpvJH@1Gi@2 z)(qU5fm<{1-@^=SVgF69@saJn!=?PM!SikY$CH${_TTgxpV0oBUgOsOdtCc(dW}u? z-*qy^Zp_)I#Ww1;huPm+Tq;Ed`+qD(@J%9!KK>f6^V;{JuuVKw@%ckWH_P@O&y1fH%2mAk^ zf4sH-pQ3yP`#-&7eCq)Gn>zr-bb+n?zqS9j_W#!Y-`f9M`+sZye>XF`@+*D-Rc@|t`-SIoV9T#Q#h=3gpO z_~>Z3B>xY#@t-Ftca;Cyr_H5DO09It!J(xV>H6(t z@tw7I#H`eIg|63L>$1@x0NM`3)UDnbvjNt{n^#ufN|K3rCl_`1zm23Zq_uQ0$#NX4 zct^>+CKi?AAF8J&n$@UtoU#lzL#B~Wc{8xjpG%9TpzMl3@)|49vTC{(fF=rMQRQ_R zKyEShPg<(MA{dwt`qCn3==M7UNkp#{5*q<+@LF+ZyQq z-D-mLBL_sz&Nxo!rzS;^Z%$&SXRD^n2yzbrRqR&XeeccoCT|IIR2% zdH((L`sStYsV=`w;yAz%BT0hda$c%fFbcZ4QZt{PunMv8F&X`5s-OQ<_u97e|A+Sq z0I!SxDxbgV|8MVqf10v^|37?;0Pyg!BfyoA>vA~IrlYJ5$_}&F7pD5TfMya z*TsjIZ%;3Oe)syrkD5@{klltPx8)lzZRP)c0>EqJ|Ixv4P?i73gTYq*KSg;6`G5bI z?6CVAOL#;A|0_mkYmvBToVIab@R$+XrjcwKyY;`x$n7^CPJ|7D%atH(+o)?92u~vI ztJyiP1ycX6CVTQxFFyXNVXkzt+lLreF5bqd@xz2fhn*$B%X7FgAYEmPhY$1JQ)+)B z0l$V(JVxkm1w;J_f`Cngdc<&GLzfQ{7;J$3=pn)fvUS!63%6mmZCP8|`hRIWMl*13 zIkxf!*PZ`5T8jT24v)9@zdlKM2>WW@;|)Ou)XQwfqaZ7 zw#v6Ad1e+aBT}=JQe@U1ENJ20HRp|&JiF#2n`TWnKR7(Xevtu{PLWz27+$xVV&L%WKlNJKs8{;c|xzCeG z(h$?%-?s;E&utXIi%}c!58|n;+3AhbJ!HRf&Sd50a_#=`+eApcx%-Yqs<--0=&Y7` zMxrSeEYpxiBN$}%Wk^1a;P~k1;Ari(@;%_L+{`Xz`V_XJ%Ujl;KU;DAwO90JrCI*l zOsNOZ0qf*{|EQAxJ2*ZbZ14YhlCmlztUm10EQlsa5U6UIEWW!Ge-OcE9Pg7L5fb_9 zv!c6|DYluEae7?C_0p;aiR`B_>1*7om~mOi*y6He{A<|iY0R`}FND|dWvi{5g?rm9F*2@34EK<(#ebm4@ z`G4H6-v8Dg9B=LaCn?7MPbF4pCYwf6w=(?=c7LIP$2c}xJ)CV`32W^|3qwbzY z(`?x0P2t5uMOvDX;mcU?*8LyW_MfrS#qzY2^1e4>%5P)yc&+>=CZYNf<$wQhP`&?c zEB~LWRKn4v;LpA8hAD;UziH9_^%vn+EY0gb5y&|Uuw9P#sp-<(L&xQ`I8d{bs*@r7;Zi+Jd zJD?)}aih$&|4=F4T$<(ooCMTYOrYaJLD2R12H$)tmbLqT{pU;H|KFbfd783g4Zx{{ zX8}g=EMV+9iJ`Mf+I65)kaQjBsQ-3%p%2|JUz{D2_A_Bg6o3Td%=0HrN+G=-5V8~(ReQyP20cIR38QED zdsamct%M23-xJEwht7HW*U9;*0KySMDukjJoavY~ScwI4hTt*IQN&E2c2-Tmn-MNy zj1$JQs_LDbQDI)Xnx)qcukhn*FXKCx_VWMkZopdq|8Ob(dpOwM|MnzhXQQ;!ojf)8 z*^G#bWHOd!yu&7h;e+dKGv=Oqv3JI|35rD*!urZQg+~sNQpcWAQ_m6hnpEj zFivQob!JSwYn}e;?7#=5BSjMHjc*V$3<6N=&;-M2G~L(Hc1h=`Hx&xcN#r{_5Glu! zvIw5V`u13~>+^r@y6`><7QiCiQlSJfatLUIuH&9wTwX}V(b<6$7KSW>UrsK-r(8Jh zl**p|zd_$|$A9pi{(t&lHtnhZr9Z_y>g9mO#8VdUga#;_Jy+bs&Yn9a*Up|R!`RvT zf6fm4LO5lKfY+xlh2zGY{f3@&TB7sp||K~4XoW6bOhW-Qg zv3mUv4~EaH`9B9o+x*X`Db7xM$O_V6Ih-gP*l|8qU;O%PCS@!}z220{Su)mpy#*ho zR}H)G!dnuNDf-}HBsmG_ALyqizrbT*%p#0rdOAU;q2^bjL7I>PEJ_1EuH)?NfDHbR z&qt1Pb#*l+V&;4YN^9v80ziBp3OIFzB;x=f#XL`W>1tD7l$Y&eh2$g_Kp-Ra`@56c$2ee%P|=e`3g$nup&DqV z(YuuGrbLBA82<<1Hj5LASN`GL}+WX`A$k}ve=7?`%kU7c_i>cL!j z+!t3cVS$g_aK3((`d>h#t|t`!l7{Fi_EG+97^>Q4x&`d*RhQ}Bo?-yiwlE**RAs4ZtH==#?UtpH9@c%15kjV&6UT5O6HoLlH_Uf@ox+BDP{UFlO@h4WumO#~8AsSz`|bdh-zW(V$H-F{iR@XpGXN zh7GVPV5C~NN2?u1S++!blqxhbhu9wuqnj*gN&#*)Z?}-2rkBj@;Yz z$1c2{=s)(YQ6k`fs}=&ze|m9}@6qN_Hfk)1lKJrQjQNnB?1D3UJ85n;R*qINPhTYA zVJt<@9u$k2-%U?Ub?vj=)IfACsjPXmic~SDOdrP&h!BcRS}}OaFiWl1G`#x!Wfgpl z5t&SAL}eQRnFD^ue1sRaQ;Z4+(CzIPYZ1GJqNuQ~in2R%T3q<}*6hbk*hZ2h zlOmph-rH?St-BRPstzxlaqNt&K<#8lB0D1(^!xpN=-AVboe>QC{r(qg-H8pUSh1y^ znw)ybO(#M-_DHB2f9*L_OP_S?b$;|30%Y1&InZvdLp8j$Cl+d~#}wWfXCcZNCL&h} z7KjDw7SxdLuKs$Ml>@ki7rtM)9!A+Q>6B&Sc|X;Y2^kG0Gdns2C|NHq_Z+ zDk?!gD$A}pYt5CnscJ565w;sj8-C0&irPk}iZhxuFKuxYLTKfN zdRK>te9yI9v4T)xEi>}?qE$6xQbGX*!e1yR>sb=?h0SYx>}1- ziwJc+MlB-L?c&nuC14wf+bV1OE!x~FU0aNnrf#!Yv;UsWJ*C-Q zqHocBtE`@-hB-ztazTZ}$V1ChU>ZWG?WLuLS0B%j`2SR9-22GGYIJ%PMp>}PO@r~S zkc^WlUaiJR&_5dW#4TJ62Y;h$cBL9HvfbBiz^ul|H1t%%8jL!f&MMjaCrYvWrb{*d zlf-JZ5)ZuuDQcRB69#N^`G?yg@8op zBs7-ip6MV(fS)oDF^w^x5el=LO<;mIAgHPYp5BxDOmB$kiK`aQLVQoRiue(GVAPJ#M;)Y~;-+$`6ktH)Z1bm!yJ zV`><~zMTS_^r(+-rvW^X{npbGMd(TN4fgs#x1vo(CiBQ9)R~9vaEbsUNqLsFP(dl} zAV;mf%kxv6)cVo(4X*-rb64K>xG%Evn}w6@mvRxK=I!e#PV4DLxl1Cm8^ zjHtGa*u*AdlbW&WF(H*oT9fibGW)N_9wR^F2{~f|3&T_*k0lZ!MBk<-8!Dx{e_pm0 zX#_~TSz#Cx#?2$um!ACxTN6u*p}Gh*=l&dT-H2)$7A8s$-~rionO~zCM!gq@>ap7G zSLM!_8P4Z-y#mSAqH1SC$4b=}G)eZto(0;P+S{@%+p;bHhUNbU00960%WCTd03HDV DzvMGx literal 0 HcmV?d00001 diff --git a/released/assets/rancher-logging/rancher-logging-3.9.400.tgz b/released/assets/rancher-logging/rancher-logging-3.9.400.tgz new file mode 100755 index 0000000000000000000000000000000000000000..3c7aeafe9d7a5f733de0953352a2ded1ad2011ce GIT binary patch literal 10163 zcmV;kCrsEMiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKDHbK5x5;QqS&EBfU5Zeo8CCHa;4bTwDyagyEC=Haq4v$d6( zvLUi1VN4Pn0F7Wq>YaJ(5V)rIC;%2!>E$m#)YCA44L& zX>D5%xuj!?e%7$InomU>ka;&EAr9fS0bN^D)etf9a0upMhKQI8iD7M{n6nx6QFJFW zJ_Osq9g*lyLcM?`zDt?w1&NTz#{s+P%?2ZsWKau?V}L}U#kE3?+7=1zdMu1tgptg; zcSuZsK`tnZhA(GV83hQZ=g)-;XY2+!`Y@WqPkO)(z^NK@N@jQ$BPWt^*P)*3YAR(chP|Gr z1c7kv2sI}Nfl~AWHeveznv7yLajtQG!?-VoPB$B07eW?M$+-C;&`UU#bElqev(ni6 zedkLri~pEXmH#smBq%nk0G7-DL4Rn$NDSkE zNEEK)aEt@$kyDl^;W%&{8j=YrO~f%~LJ5$0CN6p*<(zT!y9MFhts?6HNHR&qC_tP9 z!5IsvHy^^Q@mnU(I0}rUyTPJJ9gr{j#1 zAXs>qsio3WXJ-e_m=9heBnu%RBMgMIv*X0ff31HE;nQcwDXL)oU`G)%4%l1^aY%#_ z;ENJ_XUFk45{aj}i*pn#;YvAdYz2Wg;!(6SKu?a zAyH{0g=R@)Mk_UPV-^JL#%Syv2xz3L5dZf?==Y)OAVLp?AbkE*kDp`6^ym@1ga>mN zaiVE6R?7JMoYddD7HCMNwyAaiz>AY14Ep`h{thwJoITk8;SIGz{3AipwuKWhA1_cD z1&pgEiWEFTwW=uVF)>u5NlS6pRF1#uFNq~++#$y^$IXCR9EC@3S^%n$GNQ@w6TtbwDBW(n#Uqkqz z|3hC_yg)uv%;Td5L|LTy=#K>X+&~egh6CweLye7`$2f#jW4ygO)6cy0mqIc^{cHzL z@>Ql-q!u(lbuF5k|X?P4S;M`y<@(WhyZ5tCChECWR?ixSu;S~i4auDO|VgmJ>< z6uDmW6QdIJ3Q}-)T}Q!E6KOi|hah>PC>o2{%y0I>O0*rtE5?*OWs$^>5~eKh1;otn z1~|hYGc|!o$>}JOR)DGX&mtwXB%u-VY-W@kHG(Rg4~1sLBH)ZkEy#>ON~o_^WM6}u zP#^aD{l5Fxz1hG$V}1p%zZ#5p)XE;`W_5X;`pgqONyN42rN%pU)lf1ld+BiWBm5|P zR)bW!)4aC>N}8UCw=6nmOj>fLPk$E3wMgl!M`Q6f&XRbj2jPf%Xhez0GfrnTzzMz( z9tnuqk=W5GJx%;~Q7~5>zEnJ_H)7dL?tn*PGNJ*M6f@!Ga~2QbL+9l6>&|a_R#T-0 zF{eyp5)dKYk`VQHs}Idm%eNQ?@Tq2cAaKT6h;oXF$N^g!^TxCRHu@bsnadOVyq4{> zWbl10m`G62-Jk`t7}DMp;SM*og5sNHCHkDoqVgX5FP;BSYxWXv{kHd5GcVC>f8D zUuvy2gwD~MpE?HoegpjL1JT%X#=VyqO=zSvh#jZ`O0Jt)V&j`h!#IuAW?UC~0bOzo z81d0gasP2-TnUDMtu7iC7y`tG5tv{Z$hOCg)O=|3YXb9e*y*d3JM zUHUjmCYylT)sQmSehZjIOWL+7jD6q^2JTUp1Tl@UJJ@#sl;J@p7|F{P1X)6WOiyMC zlEiT^SE3hZO3CKh?5Wju>emb-pYf8avn-($W~XVbbkq*zR4F0VO6rb@wq(RYcVN9; z=)2m?I#Hw5EGC0`{w$EYYH|m3h7k&J#@Q&fS-kjydDob&OJfY}AMPLa^%HFZk>EK7 zWPX7ji+nMJ1M@CMPPOniPX|X%X&S2CSFFFx{!`=Xau%RlR!C~)au&n^v4&G_11f=) zN{kvKumy0Gp5F@Si;w6f5*^1F7uGQ;14}?7OYFY&94Ayr#dIA5=!QlBlp6fc`rxjpIgtcgVW$f3$u-I6;LfKZ9&B3Qi&mYBSc@f4Vf%UhEzla)&^jjb>H8 zz}ITKP`gsTw7X+lDy8cG%bYX4x9{G+xNzl1dG9_}od4**%l^NkXM_IM|MwWBdHye_ z7{thhE8}~*f>+G{!L!5a{2w0=o^9vti#Np~?Dal> zc2q6r#m87X0;dQO2@%*h-^;s>t=Ba^9E8q-6InItKsT?Zm8)w`oYkfd++WP;L(#zs zw@R->9vmO&KWTW8jK}mNbh!s4FVXUar$a6t3uvlyPC$Sdpai#9cN^%`mVD&jTKtaJ`g#i z@ANo^KenIV0-hO33>5d=(91N=a4kJu8^M^*3~)hg-Gv4b%WS|J{MkW#=v;%Qz?P8PRHFO+^EZ#BpV#We(XteabchO~Tk! zG@oJ+x?*Zh{8u!yMAGdR`_*h5d8Y63(kk$gq25Ur@lX#d3kgu57Mk3`9|@BsmZ^mj zl88*u?~dkWoYDh_#mUHtZnl}1R+3$EyV0y&6xIuFk5y_ns5P9`>)Z)INuYI>3#C>1 zzuEq?$0&Lqf4^{m753lZpkF=ze|EHu|9YHK;bZLrNF8cwL3F#_Qmm4$KoU7+oc^gD zOYZd#X2A}eYa034Y1}yr&N%e*3p_p|LJ3Z_Rk4Q{ck{p`6ITm zZe2)XKW%WMAGSgTBR^&|k_MAZQ`(=*#|l~t2&~bU+PvwrS2<%r5~3Fn8k(MB=BKpK za*%i)OH!=tvqvIO7jTA=6qb!@NTy#mBGZ;aB-Ybk0qzqFStQU7-G-xNzl9_c$4MX_ zgI_F$UBHhLBemS>5Y~Yq;Zl-p3ZW7nU5HTLFn&#=N#k76Xu?s5N8p_bZm|yVsaXTe zPmeZr6}m~(60sD;`bg6n@sx+2isA#7$T+c#n7_18&5yjw!&3V$L+Po-lhlo<_-3JM zI=HYhx|a;#b- zeYMe{6fEyAZN_ZN9ZM_w-?GwOw*jmC|IeNsm+k-kLI3z@YyUq+Sz-U*&;0+%@J(qK za0gpIi?4H*`X*AJhzqwsBOfCPhpM?qbf`}n{-}|(`~MST_v(|%J0S*8NJ&}gaIsD` zvw>j&p5s^{l`4cKAiprhDvB>rK^KAa>^>?$XThNks)sgpA z{4shql}LMa%n?9p=@c@LOkbjqP5~xd--i0yP_p|Tv@}6kery7nav!Gg#@S>Pau4jU zO<{Q#JXKMGTnEdibk35Uim*Z3EbLz-4D_r;cG`X@1F{;S7H%O^qd?noHggVXSzqdX zv8$AA%$tI8T!=!?JFW{*|FpW{szFwB(((=$veniaZlTXYv~~eVH(%$)lh4u=np8dL zl+4e@Lo>x&1(N8-ZXPoXpFa;5UQ058&!0PmK8eoO`}E1$B5Cz3ldp`S8ixX^Etult zPoK&pC{Z*`7F<9l&m=6jEO}{)o#Ydd37s^hE}xjeei>TKxU4`*XJaa5TzXNMyfbDG zZ_~b1Wmjii8LPjDR)MK2nIC0b7SlpLRfkk<-#oAyW-l(Tg_M@Obqh3VnlI=5`UO`^ ztIPYZCfnUAMuUuhoQ#`-A4f9KsS1cl$RrzL)abl!@)?6-HY97_FuXlX(zBU{`0tB_5bbnxADJ^QY!1XDSyT#*P^(-i`$0!!=daJ6|pvhF1Z#9+lKmpu?=kzY~IV;Ry|e{pRy|ppppf3cf&}ySs!H^DV5-4vS^?KD7)s+%?;S3Qz!ZJ{NJklPqlWQ z=9H;uV?~*0zASG72jvDwL-1wzz(yhO`EjnaSpA7_Db8MWO>{RdXb@0Bh+?MOd4z7Ln+7b0oQ=P z{tEDm{BNRv&TU%gtA{|el6txh!quh)#EaR&g@*a#23zdQugG?W=o$-WHT?T7p4C0% z+<4dJ)4q>V)@WM0oJzV*UrTK07WN-Ly#4oV!TuW@Z0*0tC~fUOd{p}nxAxyd+ke<> z|Ai=of|tMN`sxrhhOHU6H3PS1;MNS>nt}fwW?&2ZZ*q+fZ2uiD#QzPRZR39)rL?vG zCfE3g_TS_hxAxz|+JBR4Y_k8ZlM!}f&OXk!Ucarmw>9^+=HAxa`!_N77D@~I@A@G7 z(Y-zpN~uQNTf-Dw8UJ})iT~U`*v5Z9Qn6BmME+_U@cJP40Y1S$+BK-&1qvO*Kb_r& zHzThPwr<1+HY2YO8r_I$_A~oYN9g^c^U&YuRPz)}7t%}X^OkwUpN~S)$lf`eRmk6` zw+~lz(pRMyzamT3j^aV>)eZE~%4%J|pRMh>wOu!6yS8G#4Op-n>ZgSryWyU`gf+V@ z>y|s%|Mn{P_8WjZ*#8IpdFUr%Xa|MP3?Wmjn4B?4rH{XaN9KB~rlZ0~=4q|!G2gEz;25JbogYh++T)x)d2~0~tQ7s*PZj@x-QOk8@ z8YC+&U(x`rt};(FLMGk#!>hMvKflkBc~2%#E`}tgXfl`Io;`IY-Io1*!tP)Spgz7zNl;{%7~(K7jl`K04Z8kpBl;|Iee8 zJIa5(r_H5<+RPTNwa;JlI`Aa@6i6pqzeWlzTz+5k9kt!6vZ>rrq}lQU>#iv3G^m^| znM^oNlv?SOokI&P()HWP{5vb}2wJM`3SFXbr53_v0+TJ0=tJ zPA=;1e`idiOKai!m_*+SIAs}bhD;-$@@8P4K9v?tLD?07 zo08JFiqRQ(sfZSs0q4atc1F8wJF`ZOiiDYCTHbbc2?c2`;F5VgfH8;ML zI<+m|#g!{eOfjDX=ht`{un9-vBfpdtY)Y5^7*42R;OcBnnK0BV^%$?gCkD4ny1nD4 z=_SnNo@-fPS@+91t8KTnjDuk;=g%q6K6qR~w9FD-x(6s@xm=p1>$2{?m^CEeLpoXk zS~*+qc)3muSGMvL-SujsQh(JuelzV_xg__2RctGt;2rKGUic2l8o1l9jF_)86mD%V zeR3f8q3Hpo?^`o&#RJ#$(SpL|?dit{?nsU1Ynj^-s)zMlPH@AXVC77AR z$`RvP)yMo;#^tK7?b{mY|J`bW^dlEUPR}@w>BlBTkROw!kjkx=Yp=Cir<=)!)?;Cq z#=K4f9Kv}Lorsgje8I!iSNi~caj>=yGsitwHGdY_2i~jAOJ5&ee4E5^fFVYb1jXgN zP_bYXbaSO z8h`EO#lJ4zzj*Wf^5?g&-v6i&=qlqFxod6Yt+#VqHc{Hj|NA(ASIGaPX9t6-{68LS z{lAY=HX;A-?~~o{TCwPVLGNrW68H4eHVzCP(qr2+l68Hz{#WU_{mR{mu!eKF;)HGM zb*(y;?`eJ%d$aE=?`py<>j$Jp5fX1oBkWSYwui>owVkvH%la0bZsx%{4$q~cq|t}H z83*ltX94gcqpa{x-;+tZ%h+eBXTHLdn|F8KQ+s_Sj?acsJcJ8$2`hgC&d?@8J)m2( zq05apNE={3xT|zSHs5Ne>DJx2q_o}trT!Q_ak=H#YB#tl|LbT_z5oAk|9E@<>!XxS z?EfAhajU{+Et9zZbF;9DHd-|es}PN~$FFhkj+ZhNgSs*^t3E%gzHW1_7URpTpLQF) za;8X4lETV~MeK`(KCsZT{DzlrI*@zxhqWSA5e$y>9V{lmWUoH1gSvD61JIZ%-ze+2pDF z^M*!UqMoP9hqEya%nJpj;Gx#dUzT?_S|g?hbVa+dcravDZRyx+Sxsm-OiD|4BZo(7 zNP6U#?T?Y_+AJO@rKNcE)h*^N$e=VTJ5eQjBA+i;2Kij(-fiuTYOpohX5G{>LO0JD zyaO|gb;!v-vhO?>$EluPz9*B*G|;c3zXy$xMB$#gGs4|~j$ErkG_nDkxH)MTHmi_t zPfv%x{yHQ4*IxrV`t?@}57lWO=`_HbuogmIL~#P)#WW3&b_uP=&M*k zrOjGpNA<1va~|0PvUPtf(Z@ArONz|OB(4^&wB{V0l3;4CwjhnRE}gAQXY110x^%WK zosGG4zVv?lu}ic6M=g^(eeP+Ytjhm5>R0an92`A6dbaidJVyESse1jV4q2&Mp88=$ zaBd_zM8T~3UKSiV&0d`y zn;<6m-WY^EtL>ihB$715^!NAe!P^!E@I!#_Yv66fHMJt7B~F87{7Pcs(kPnRK$tg) zkUEOxEsIod_0cw2E%S^-6D*j=A&rJG$c)^Od>q2@(b2)t%J`Xkz+D=(QwpXm#N3o) zb3T3gchDKl^54d$Za@dDlK=gqO8&>-_;|4O|36Au771JLc5jwT<0J@FwM-V@U5al+ z4jN~`X^;qs{MA`;3z#Xksg!Y=Q|EeVRf9zK(`++pwt6w+vJk1tWobjAVXLRb%?_WS zJkvGR>)dfGna6@5ygxlly|$X*wo*B>g~V}1!L*p2(#+JspplRysyoT})`i@*G?ta} z{|$@OhW$QjV3qto?pN>s><^B&_Wz?4WB;cTD>Rc$qlsIY{sz0h(7AI|A$Ez{rmojnZ6!xU7L}rc8*EQ%}@8 zT$%@Mo1LTXo<@^w*yc^)#iqPJ&B*XYEO_hw4{Q6+*y&<%T1xpYYcb{5;dELl|A|Q? zc|iH!KO9u=|J=&|$0`*UdCB>6ue-rY#|B@uX#ety@C%ma^`8jjoCVk}$7fktW&a%< zSK|K$&-VNM?fQR=vS!Al-Ap&7mZs~D_#urtPWjq`X7FkLA9f`(ZHLg2Ji%q@r#iv3 zK8mn5l~mOq2YFOf7g!?WL@uP0YQTGo8IYSJ&y3>DMyRt!L)GV9+M!S7qtAx+v>IBL zE7^xjW^RHq`#Yc_|8b+twf|5l-&~sI|BM9GS4^P&LP5~=_!{5*E0)#gf6uD%--B)b z=i`(eYXD9pJP9y@Cjn#ENerE3(yjxYf~4y}NBy_E3w`K*{_O0SP^2+SA|Hl7f=@kJ zcp*@xFB=3#dW_h!oxBX#O~;1+-3QJ)Ej8{1>E5W=0N;DTXc~t;0R#7x#AHMRDk%#0 z1BN9(q8`GeH*ZH|9`mP|2-TWZRP)C zl%2IgVR!OyeuPdTPpDlkP^oe2^r4-y99V*CmHBepu?i7QNP9nx}V|}bz|3~}BmHq$W;lXzQ|0rb#&WM!A zBLR|unRvLFVg#dv23lvv#JkoZxy}x}S2|K8u|D_)F~uMNwGNFloJNzU+S@Ma4E3Qx z;W>$XX9ps+v7{`5C$UZ{Lc2cy*RBiiqF@dz(k&HA5F>|xM(8^3^NY(1$v8SYaLU4v zMexh%1^AQ;$DL5w)BiW`-;vLffg|p|1o7mZN zN95Ysb7dGid;ibbfnNxxED`YP`3vE=F=xM{CmomiNP4CoXTLk{OnA)4-ZvyLs_Xy! z#mVzGFWk`IU?0oZ|NgLk`!2j85t*P59!8Rrfc}Yon)wSJ3u6{xB-4xu9fq1Gk3kxc0xU`$ zKd$5K?0^jZkI#pWb9Hq!B4X-%2TE({tOX#x4+WgMLXuH{kYb*PymYmxFG`y%kA)>* zNvtg3^ijI4SOmW?a)p{k^;IM}^Ak_WJjZ#TZ82cPm=uzeSO9^H)bH+2Y9Hf(%|k^` z7Acr{Qm27d8of)|Zc0>0gxUWfeE2&CVcxkKwkxK)sSbcp&!?S+GmhFC6I7yboG#=& z!odCEzl~)72_=D(vsWU``m=N??7J{!x%aHRchi*8P}EOuLXxyM6|Ta0*FLyfWQ7z; zx2r4Xb=R4^9lgVJeijHnoBN@k4uAo*O6j)7@w zwyR^#LOqx(kNe^Z#w_rW8_w6S()||@sp|=azoa3$ihb06HVjp5Gu;CA_NvQtZ%;9R zYFn6(bgDCArdgFHpfxf1CN8KhK9rvQ_GG8@dlv+1cGm7yp@GGOlMp3x^^-{ONCYFy zV51LyqFo1eUQB125q^$n6DuU?tDcVmN;GsU%zJ_77g@lz$*Y@bEz*!<$YzSvK~SPq zDwqTiA(%&rOwE*>E6p4Px0NNXf?fb(K8} z2*@c?o=xSv*!tB8PANR1a zs{%%G5(FldV@+DAhBis06-KYdZ<##fC@_+XU1^MzV1GA5&Z&w=Is{p+f*bo=Xfw? zJT+Y3Wp?ZN^E+Tv40&nIM<&fvpP{Cgc!Q0U(t=qBPSiELk~~>5>>Q&)vQ;ZSdXosL zbZ#P2T~!&G>ez)>WBtcdYm^B1->QXx^Pf&m^E2Aq%SMeQQ8FJsoG~BL%q}>yw=(Be zVAdHNzD4`V5MHc>2QemBjS>e^?!se$NPQd#qA8L47UnZ6<*AVMfMX~p0v!z{F3 z(eUci=VkCUMr1su5tVHOWDfW(^AS#L%XJ#I!6=*6wUo)(&%HMoDz%oj*Gz#zik|*f zdkuTH#i)?r+!iNGqxXeu>9!58KK!;4qhc;}Ya#F)$23B?nNn}6(KF`U8S~Atl<=nL zCjt7PEbAghEoc-o--P_GGiw$jPj6Ffc!?I33pQk|kX#R=LS|+AS+f`w+P1)F4H{jP z?+96m*ew)=mu*$lCfPR1g%5Ac3E`NnCEGH&<{9X{-Imn4TT!Iy@In%1XJ|!yC(GIF z3}Mjk_n$(?re}7Bu;1_ZKU;fKtVzX+b@$lh)I)AcS?$=IRW<(FL|99obnJCI`xOMp z^uOBDySY}^@K)wf)Y!8ryfe;1lv7MZuB0pw3)U?tM%`WgB|1w7a0@5CU%5m_Syt(k zWeVeIY6lp>_Q8IKE>P{@{OnDwm#T1`R#v%ZcgJG4guZhUNaT?|E(qpNfxy2`-n`bH zc;iP9F?w`NZU1I}tGTPdH83+7G!Z^Tn{6^hzy1$;2 za19^e|AoE1_cY$y8^XU>qA^VbmRv9&3V?rmQuwi3b(Os=I7(mUj?x(=sYEr-hM40_ zpH~=HfzMFD-d@Dy-d;AuE8F5KSMZWqk4jTV1xGBDeRUzkhED0=7F?Psd#&x->`9K; z3yJEsXPmYRb<*>TT|3L)h?_V?J98I5sN<-cdEQqzkhZkDJMFg4w|36A!X1C@t;rWQ zGv)p33+=>BBI=prl2|H8U(;*$Zt562qcj#B$9gOP(d}JV>M8O2}YQ@>MKZ(sQk9j z7E{8}{|C0*D&N9|ZUEOf&!#)lyRIj8+PWDfc1sOEDAX(t=>N6=Sv&8t%ivmb zHhnEHs-ML5X07JF&!(v>@lmzWvZ+&xt?%x;`>kfJ4x@&tTMwhc)ZN0>?=%dlKNl?O znZ_ZByXIoi>RPMAsA1~bVze-I>&=?|_iW}V)$S5~+2|W(_AE5aF^Z83DkMf8TAl*a z5JGJ*Ei}CPaE`?Pr?TVTMIKfi=F2e3yhUz$KHv(;IGNzpa*PE1vr$pp!qxuZZ*;{$ zSp!D4``R<1cCVRi3sL#Aq<3CBPmIm=d+*}Okiumut{$Vx#^YHj! zd;i;`lpQ!X9FTo$r5L101&oM5AJ}-DdPb61NRA|g4?k(!1)5_QD}Ep2-)9kaalYu! z>7~9q9fM{amo~^Pb8qI`6B3yOuynVoj{^iGLIab7YGVR}x&L$haN5lq>Qf}DC+$4F$t@hNZ|BUf)&!r_A=a8Ca8!yFmu zQ`h`#-~HIbD4hcJ`>3~ToTgcHLbsw#Mke#f2Gp5{?Qn_!BT0D{wNODR?I1_3zRUCHI;i!7?HgVO?B=e#?QvgZ z`J08z_DeaBQS^493nwMS)Y2n5qUFg|Ar1Cw*Bp%a`dC%KjryU7USPW{#jS*)GAe5&?MOl hn+xukyPgK z>?j%I?kZ*RW%{=9=koeGOaAb5baZ@uI(nFlB%jv(yt#Wopx5>N`luvlo7Ua#bo(f3 zO)vH2Yg&_gI52V0ElqqA^n)RUW08XSII5tKu%Jk-EG1W-SQq6}u)WR@<8(e?lJ2jwOq)aJQwK+KI_GbgP#+s7okWgLM)}_z& z`MN(kIyzJI?KNj;`GQ-3D}}gk+=QVmdlpk4HP+-YPDtupgjh%z*Tn55e}DU0M5xvE z_3ix9?ezJ4g?Rch{I&S-@Gy&B02jywTJR>zxA_im?XY|E0uJHrS!0mzqTFg(8+qk1 zTdhF$2_Qw8xQfPttuD*QCFjtm0mw_}CmrA{JirXhOLzDI#@)cj9_zOI*kpCNy%%pm zz*}Cft01h+HajVW$6u7?@7Eu~poXCzB-rF!x@wcGGTDOntMT@2(iVP6P_?{$c`To0 ztW8B4s0DSu>9%$@_c)YHZp-Apk2TfHVsBB6#X?%+n~|x|mY$u=D$6s&FqhH3D_RA0 zqV+KBB>O1RP%hgkqqZmE8omz46sxEL>Wj0KT}EHy#~}t{uRmXh#}N*(EY`kO^i!mV z=Uq`QcKm=Id(Z&W?@jVjRgZk@tD!oaBtiQahkLRVlb^?%kZZjwJDh4vHvHM|YN!+Z z-j9XYk_g49q%4NAg0!JaA>k@58FplT6l%TN`yT7{yu)<|)jB9-uw}G|gi4#9)SfW0 zy%2eXaLOU_GOTv^eJybbplFOML%bGuTErm-*1A787&>kUDmc);fc0Gw(>UZ{B)`kR zM7+g8Z_jY0;pWgD(n|Fe<>yCWm6zxu^11tjED~r6v1{|&UAr+hV~r$G zT8FLTb0oURhT08H{utxO&kK++acqVWBZWiCgHxI};mOMg)Cl;&DwmOaEnxa+)-d$+I7LcMNUb2KiP%g0Q?klHsH)0zeSXln2PSO z#JU}nP^<-bkD|Du#L7fNStURJUHj%u7@-mhWo%cHmoA^Jig1%)Fv5uw>9mwP*fvy5 zO@I|#are9Wjb_m86Ob#ZEj0qJ$Ybh~C4$cPBSfN6BR&`lSPFaK4Vce)rbDhXSG&zg zy1i=ss$RCjmS4M--O)2bVn)}%J)Oa|C*#ut(t%lqtaxYww6ohx34%nogK~f{JOc{- z64|49svF_kXpk3}9Eu=TIcQUKWw1GkHxUzw@&nyC&vM|xw zrq^c|T@hPw2_Jx2tINP5Fs?*}64LwDr$5dka!HOD`Bo#JC#&tbDx@u;+>vFfUgnX= zWlBU~1|Vw2qwcr3;X;oHLTkzaXQIcoS68qZ=9tEOQc>Y+rwAu~9SGx6toDaF8`?<3 zJLdk;V&-|ocC3P92aZl@fvb4XjRQX;bm0N_A?y$+v=MKh2WvXQpIMiWP(Ms3b|Es+ zn=SUTs!ehc(9cW6=coPl&3ohiIwN4Er4{TbmTADu5mDEu=}9_kEj_52<#3}2r+N%P zUUnqN96L=TW@T@LE}++y!!~G->3JXulL)=eB+n@R zD~mj1;QGTYp2TCszEqj0T@64AY@c9-(o-M~BiU!SZ(RIbFG58(JG2z!NV9~QMKd%w z&8zJt$#M*ydO;*|;pI%G3?!p$o^W||n_$ayX0%A=Z9lh=>GZBnC1b)iY9Vt6DX!#v zccVMjn^<&bq#vv7ITx>MwNQU1%XB1$Mv=TgzcVgHaOO6yn=pYK$q)jYz%YbpmC@`d zWAyvG0dW{(3asgGzcrxEY;1}tzC--%fRK6Q#~Nn1FLQw;0SrZ`O6f)-#`+igwD-`< z1F;E_QLG89HR#=|Z##HfVMDtMX6}=QHydke$X5(;aFORz5oDQHOl)=C27iUVZ z2zfR*%n_kWGq#PhR<5I9x#%+Ti9xTwZQgg%JN36QJHiuuCqlJQuO}Uk^`KZ*LP9LA z>XZp-Ln4zdVLmrU`#)mb+PCxF1*C zyv+E%Bb8YmgfW~ERUqgJBhBktP#v$bNm2f224FP6hic#9SL#S3UdBqy#fu+?Zp|ii zvyDXLDnib$s_VB`aG9WOn(a9!_Y(Lfl1m1Y|8Qwf?( zr3ggkx-|b@A^JE!(zLo&OYSps)Ad^ayJpuwV^U2{2r|pHzI((}cvVS>mT1gK4{@hE zlRdaH1xntC09p>CTNTcG^8)YsFGIL}N0#}E@mB9U78u;rU-?-|$B?6UIB_)O@y0`p zMEJWvr%w^w2tE;SS-p7EWZbWftP42n&7wM7FQ@r-8*+s4=M>wFJI z%*DsGdRB#5G}s>QsDKnwW{3)3Zacs3=XKZZRbLn7&5NF5)DMMIw!xlH??uDlv)E0& zc6>hP<{rm1g|B+@2|I8x+mB&YdR?!t{`2|Q*jinl;n&z$U|p||VO%7i2AH@mFI!)} zO5jyKM`eGUkgdkNdCoY8P;_bmyljelm9L3%)~W^m#WtAz#0&IG2M(KLsL{Z~b~Nk; zD-Lp#YW~{d^=w>JA`hb_8-9?-_PRNbFsa5^nROXArG^%hV=FKf(9npahAW64s7K?X z!%fXqk0@F*4)dIf75ySn-OrdT!nK-;qnf2Z3DK3yV$|(?crrBFsilMqPM{K0jAp5< zkFb{f8k4HItbRykinfx)O4+=fwFadO?bE^RnU`_wW6ef?%?p0(ciAUUAyn!_P{~hi)Ae!@oJW?IG~y&*ePlLe6S(+?aJo}qFpr(b*Zuc8I5#Wp`&R|sS`Sx@W?RRV{fan^I1 zu)@fd=!lpt`I)ULAxOG+1{jddDRTE0a``cJxFEwS;;r6qprAFg*Q%T0@QkJ|QBZW{ zT!)wGB|I!VhajoUDA3Y+dOyOFc`!_obZ^KBH>l`hsJ@q5c?ijI@3od4ue=H{E(Q`2 zPZsEW1H%E-VaK070Xtlg;g5$Oei_{YFPeSboH80~Sb`KobsspZ_M-F~S!Q(c^{%+YM4oh7ccA z98mEzZdTx@*x$mhF&G#8=ywoFgKB=WUeLQk4Wpvi`N6{x51EV1w2l`y6TeCX=cCDt z=>@>{CMteSqi>KxAZQ~R7sh(uGiP{~sC4MZ>?-S*AJVzFLVeY{S5`&>{@I<;xm(M* zfpeMolRUV@-z+=xr9G~?zQp|ao3Dkbb@F)tc9%0R4bQYimxWoIJ+H1}mkaNLRMoTG z;R(pWK#=rYi>e71Z^T!nL)%=)S#xPp5xzj(angNnK_0#)c*j6jq6jbY&thFG8zgSE zqd8NJQ1Rh3CmfE9TCP*}`H-W%$t{tVc8vT&up{%61ov85+K8Cr|zL>lh*Ro4QTtYPM92 z3&aA_>=XmMn9#7d_SBSJB^M(+4;wuHt03MXP*MJVH{Ez))T2t~&07T|SpLO1L4r)F z18VWU&4; z=A##sr6JZFg?lQNs}~~UW!v(!EYhY!A`2SYG!)`dL(ztFYHN=!ooZ1JPPJl+Ru

    cHCaD!^)e*JK&ik>=H-hBq~an>5a+=ejHJsFso}JdD&CZ3$ag_u-9Ht7 z>b8~kS28LQhnfK3st;D9FLjP>`)6!-ftol9xBGzq?a&EZe-U5i*TPx+=ufkI*-U1v zkJ*#he_XLVE?6I)<^_sn99D!~HsZ?h%?o7X6DrC@JqfHmhjvev?a+A@cd*r)M!%)! z+XlHg(K)k_)I&z}C|U}uzvxHa%*$P})_cfWbQ`3GwZUdKN1Pr30DJn_H zGfHPNQ zC4i;W-*EEhhB^J_zQ9fZhx_Dgju#wnxbJrmOf&XxKk$G=62alJ0f=)2v4nV8{tmVn zS#f<%k;8_Z7i;xu)&?@mJhU>WRG;lEZ!m*A8+MlOvlw+nv}^|>D3UFC?=n_wtnkJ0 z5pq)r=fBawq0WyDxeG&ZHEe!cmLNqxB7%b(I=^7bh{uL;yEsVSxrz zmFv9ivF@#*z`-dmjNCU3Rk@|s$cvaoGe&>F6U@eXYnyiW z1dvh?eUV_H7G`-*w86;oG|nS4Q9Ifs^7S7ZfRqe_|-`xDOf<2Iw3)oK>EUuV3jTQ#BZjF%$(Ov-XKaHAJ9 z^@3j2I3+S&bZQHMjaUBGa`C7zTE672P`k7tGJ7bY+QNg9xMnL*ZyYkl*fe?m)7q-; zN4b%>4cerf>LW$_GDs!gHCnYc*JAi!*Ax@5Kdy($TXr&7VFQj|1MFBo{J+u9;O-_z z(l|T%Z3(5ykqhV4WYi9=lfQrCTaESGpWR89UN))pgBWTO&AD3)yMp$2_X0(@mb@xi z{j^`+iMPNS*@V6=B@<`_p*Ye6fhgP*YwSqs?q|PDOy+Z7mC1(r9L6UyFag0=_dIez zxfqoZzvis*=j>gg&`dQ7wqf#KRV7%0cf z;FGs&dq|g0ou_9Eos0G+ym1uvkqo0Mr5#|FNJ}{kkPQD|PCH0r7X7y!kHPyyB1+>E zJ9v#iIQ@lQNYXm7^2B0lAoPw~y5x9TH)x?JS#ERcE*7NvgNjYq-==5=(FL__ibcs$ zZc=~+auG+#agHq70=|Ny>?kke$Ky)&rGZd&gK@KjS%DEXRlz}kaVzsqjXsQ6Xlc>m z+CI7ioW8VjGM_(-oH088hp7V%{IctvPa)x~fL~j(#k^AP6Q$wM9gSRTdfs&K;CC zl1DR8FE1E6(qAvgGawB6fEa*z&XIb>Z2YP3l1$Ls;LO&2ZFSpY zfb>up+cIuSqIz}L;l-BG8&R>RuU7AsU~YzV9@157tZLn3mVy2ab$-im9XuwFSov)KXc7vZsBh0xUB z7|FwXENE_t8n+c^$^m44(pnpNM?+>sLc~6=)|YWA=RSbJj~Pr-X)-bMA_N$M?ybMt zXeH#mwt!t8*{d0A)ZUSe{tbrCbtJ7xEMA_+Wrl9u<`27WQ$9`CMN1UGx~@N?ZA^i}+lWxj5;!Up|BowZ)0r zo49zfPB%tx5lDP5Qa}@5(cEBI%{R6-sj!wTIdbk=hqQ!Eio|tuV&!3@i!MU-YJa1R z-{z5GsSO51ZGKJbc{19M;29)@wOeTM-%8r&GVd0^Fo?rNuapIcEY3<0}^zU zz&Dh;*YUmAvjI}^h|f7e%%mqgDiT!4AX|ogo5Um~C(8k&nDUhv$zlG?Va#d2B`6Bv z(u*MD_~XU@B%-&>m~Ml*n`Y$3F}xf0%Sr%D?~jvnQC+^**V*M*U_VBM<{Yf};{!hgt)&p4uQK!1jRjbUuIKSLLDZ&BUn@vQQbi(GF)%SIeO zgBWT|2vvUr%DAgql$F{m_fE}$HTVanAhF$c!6tFN(1?&fBM;`hBNR2mK!r7zEJ^C< zXjiU~ksKdTgHi)tQ@Jb~ri#F(7-%;p@3MqTUsRVLXNTNOFZ%eN<9zFZ{J9kD6{=;^ zLP0VdZS#LJ5t`->LSzjarsu|z43su-K+_}YHy7GuI<#tWxWf#X64CI5x7((pjuDB2 zI%2;LP>w3lxR98)cFa(o9r-}9+UsUughoe)ark+mFj9w3Bz_A(%<+E`;9GdX-fu>fGw&^kE_0+p&+VgZvp&HL)l?F6<4_WA!6Q9R6qjlZ_Q9uIe zV22_Dk6o<+s1EFiy&Fd`3*?$-bd*u^and8^p#Cjne&HdPj1RCxIw9;E|LF>n_Wr=& z+V8~2jU!kQ#Ba-@-!v85dV*-RvvrGmt0s~XF?{#;pEA;x8Omd2QNi9(6wx2Z|LwwH z_arhA8z668LqF6It-pzzc9bM-8Rc>jHiem?BSQ9Ry-)QmPCRumwIAgCDq}Y8e@r4- z^yx)?V!xA%lxZx^K1uqH!{fzX#X)7f2R{mh^?VQtA;9GMWb3@T}eDs zK6qfgL{(tae<>x32q!bSb)^4&+GpE2sqT)NOoccF=eVv_%UkM2sjRmUA{L9=;-;+k z&rXWPZQ;*X7KQVg(<=_Ym`6?$A; z_nfqNf<0Iu-~cGc7{``-dlE#;1~WrxrYL|6jk$baUm#K9tZ4S{Q=Yi-MSbH?k6MFr zrJvOrI0Y~S^R5%{{*~3&nyLh=(aoA^$_QJ8N4swp%#I6cak?RZ_d$srg@41J{u2t4 z=I{~%b|BUbJdq?o;` zIibe&#Yz61F5~v)OJWLCc@QH7v~2qz$-aI0E?YQzI8$LrnV9wNQ82`;j0PygtkZRR z17sprFM3tZAAH43;iwrF{<6}Z%B@8w?j*T{ocILfFj@k z7dGT}CqB&OJSEs8#RQyunqKAR|JEuTi_uyNplutWeuQ_E^^Cf70?9$7FlPU!>*+f| z@J`QhcoF_=--DT*Pq$niwwW3f; zI{c9jhqmdX(m*_3jz{j9E=Qrq$6moxBFEr`O16Zkp`3U>dK2shoIYrnncm<`lz@_z zPxQTLiNf7AS9w*sXM%_GK{6p5tXMbUADxb)Lyo(|y6415@GQbdoXIw9*|LH&*lI8O zMe%+dS2Asf`T@DtgjzuQ&m0pttpd#PkEvj*y9&bTiVseB+}}itCORg*Q-Ua{);h*n zS>)QX%w)KZkEA>m0qa5)R(8c#Bt}Tc48IuFIqR&&Lo}EH2DvmsVe31E@&v2}kS3`J z2qc`hji6gF#&p*jyDJ%u3<=5LYzL2e2+PSB))HrPq8^Q!$P0Nm{tOOT5l^OnT-=W< z#XcOMLkuoNT4r{1bk$ zNH|z!v;5vrmK5SDBC5*_^oRMD<_8cW00CINft|)1YRq3@%uc;PL);-0&N&QyRPZm# z@l}yD^Ytk#8u|HFXo%H3-BK9et$?tO0nwi&ESQ55mi5zE&of&#pU_au>Qw3|D*@By z`x!xTeGys00{!OD&g8w1AEdFS8kcn<;>6>yzV`z}It|Lk?JFB>}kT#KTGCJ7adc_r$^*TdRx7M_6TBJJDst?;b*czT7Aa#4HQ)M#=xdAY= zFJ_~nlAqtvn+^&|eJ{Y94swZJ#%N#g%=>y~I#R%dDJyX%i()Z|&?*JY$N(M}6Mntc zv^^8WpD!*SFf_DA!sM5OG?Z*x1!x@33$s}fB@E1^G5<+ROC8$A;Fzv5WEdXReLlq{ ze#=6UUrTF~veYF|EpH_sFJP~=L-Dp)=QLMUlb(9Nj#@vFl~?72uI#}Ewyet>m;Lhf zZk19s#Ld3UpUrK~FX1upC$7zoxoV$*OHwVozV2Iyy!;K0`TD*~zCP|e4Tg~8LZkWb z5j%@pNhtgIZfYpuTtm$M@mjXmEU)-q%fGV}hZF;D1#3cg|j4U;oJRvACP_A-&n( z?~_Y2drnHFc-P}SWovA!74Gm}Y2Q(3((95uoYTUDg5yFmAgfJB-uClqR0(oy*1%~r zhN$IQLO;4Y++X)jD{Vk2>Lz`+GgmLcFH{3@6z+xDW%5-wA+FoCDOXu-VTLt%DmI^A z15N1VwXZd_71z&g8bA9Et3OhISbw&BovO036T5V*#MB-`N>ypdD1WUhyHW%gV|}4w z6WR{ace$wkQNM8^XNxb~5{yycX!F|}`baC`6Wlu#UxrVCj>F{jwDOl4*6zeA)>v>RU8#$!N5UWz6`NDa3uiLl|h`rP4(6LYE3`Y{|7g>H?3y+g<9{yC3%R1jlL7qLZiQkwtN0UXHCp z|C^%qWdtd_FJ)Oep_JP7L|z#ZF*F5QOY{q^wPnS!P(n)dXJ!%0kNR2%wm|V>q5W9! zh#%T-u;1)62e7Tvn6rqjNGv*p4Zy9{q~YQklwpGGODD1m;30W>v!mr6NC-*b7I6ua z!YkO?-Xus#2>)o*o|1ZTY(q794>WP^r(xp>4qQ|2L#;m>US|Q~G_&L)8|fBsN^)#R zTZvun5zO3%ku9b^jy8k9s(SGSON@Z4@m(OEftuwRSrRt(0bELmA-fRRCTQ$eM9+(W z0h?NW?DPoQYIGr4`JhF2CJI*}gkBSR{6{o1aN@e$t?kH)a~K zkiP_yRB*aK(;x1LE4Vk*4Oj4-j?lB7sXdT?cPxTQk~qV-F(yNF?mVOyHwgz|3PFft z8bYy7u5pkzyuj8Y4PZ)!G`jO!`&~`Jp&sYn#oADSwz?LZKg)hI=;YUdQOPs`7#RHC zXLvzaAB|6oPGCu6X+r7S#9;7=RYEAAt(7;z5>OSI9TAo5d5d&ATK7de8G*wrMx7c~ z5z1{3y|+6q5+KR4XiSMsi`O3p{BSbb@zy6v{CEzwVNW%g0wxg(5~QVWF?x|lILx53 zRW9o9eJ%t-Wmf8ig|^c5HTczE&&3klm(v{E8%eMCnVA>}PkmeFb)YZaSsNTs8j`P@ zb7r$V0c7eeeNFj~Nd5X&SzPhE4aGXT=}bg?Sh5EvW|;mFF4dyag;BJIg^Z7fC>F(z zOXz3;UQvxaN8)QuY3eLPKO?o;Tmwa}p%i|01`SDJF{u%nFp?c?nXP4Z$ebigPAFYY^PYpii>=FcSE#Yo1M;*&yGMh`=kV#sQpfjl?h|1ZMa3Mn zoGGe}J?W9~$_>GEAOO6?YgDfx>052_<99+lOU&F-9ttOPkWdE&Bz%%!$7c|6!a(|Q zQN1J{@3G%z1+Ap8kL-q*{fW8V&37SCz#|o3?C&_5Aaj~uw}S|^x!YMwzFrS|FP2qb z&zLudOMlA9cK1{L-kZM`Kkwwg9iAVm5D#qfcz$mz2OM~k*dG#X->G0%Zk)K}hYaFF za5C)feSLg&-zmf=Il6OI4a5LF&`T`wIds>iy1N{-FYfqLJV_U#<-(*i9UfuO*~+dz zlPHOnkN43-h>UhlHKf{OMnv7E0y@1JT6oov%<(A_#`Mvl1(3sy86%%r(x?Xss-;ZO z_gWp&q00h|e?$f$g4nUU#5QN*PM&=yyjfNYK2Wk6#lj#;5YcQ93NnB0dE zZ=mPQWdZ~XJd~iPi1Yz_lJ@A0H6l{#Q$!y6L}QNVxfDM+3bah)e>D+}xsc_5OTMOY zc=mZ^#N9=Yr8`ddV^LcAfu#&K=_%obJ{yFmefGoSfRdCiFmcr@9lO-oFj1fj1ryzKftT;BI#SA4Jp?j5&;Xk1o&>Z&J;9jg22^MMTCB8)T zNlcz(BK-@CZZ^Y@My{e+Y|U#n*)pL;+#$G#kThVx%(m8o< z$>D^)zC|H~B1^%B9MoGRx;QIXqPj6@Ueu(z_@ajCjMmsI?;u06&6~vcYXRP>Qt}Z| z*O#(1FfxX>8(tCO@kB%FRFhB~AR`y27{)soo<@N-NE}TZD_ms{mVG9ijlJ9HvqfPL zO+GIM0+-T4OQ$a+j#z~9(>sJIbp=%A;Hgkr{tB6^)oJugiIm>{Iki)PKwwppsgFFT zjZ!ACb{{>+?eMy9D%PAzFNP_u5W?g|d#=f^imqXyw-X?#3jO|MIYBFPGC|EP2X{FW-Lagdtmi`d6JMR;HHpDnIMk<55a0)uz930**a{s6p zeecn}1U$wnCE6&c1b4Wh1R{CtE(oN!*Me*wjXjcLMr#{6ue>scL4cQsr`GBo z5g`*5yo#t z8>{dGA{V56b;CL>2c+Bt3{}=PF~s1)G4fJ^D2hTYg4z$%PS%nQhxj7EV6t`$p3wlz zs{{ka>>EV|>hG-n7|L-RzW3Fu#pv&CKb0Kc(-b9G`Cw_a3<>L<968Uzkf#8BCE*l* z&QER6k`kr>cMFA*T*HO%3R*kh_}8$>o^5x@ILY_N13+}~6pNHx2(h1y=iPvI9=IgkT)e$rA5PW{Hs zmaIRZg=%Cs#pE3lN^RNOJ)!%?NJB{dJUh<|A^HVRBS2Z^W6>e*O|dN3oE5&Pt15Wq z`}qPtwgl!B4+TxG1AI1&)-qk9PwP@VG1 z5)$2$fWV)_rc`<&NJR7qL%y+xUTAE$`dqmnEnKafG_-9v-*#@~aVt*wvwpeoFITzU zO_%uf8+jUmtH_OIaEcVICgKfD-J>Bfemu*W*f!7mivif27oXqOC&?lzy3N)5`W~AW zQ?%+UdYPNY5$hrMqV&jZ z9`XIFkvLa6M%DhC+C3tWlMiwDoUZH>1GQQ18vr)Msd4oo!tlOC)2v6*Xe*M`%D0|D zrh);etQ8&yZ}tS+xqExB9iQUISasthVL}jV{CGbqyb3p9G2Zu5ocDB5J%!uEvQ$O* zS6S@_np3@4JfRD7bkDSD7cs!;c^|{VYNH%RS>rXZ^WzWx?2jAog;mjza8A!U;Ij+R zyr~#YPpUl-XP1RldDADLvkStevPNGS&W*VK|oaQL+0jJ9OamOVD>hcP;#5)cd$Ei6J>Vnc>94 z23ObpmlRXZaBGyJ;+@Yoju<10j4R(qmFxFhM=2}6kmQlbcTtNMZ37??OkAn9DZA6k zT0Xb~bb0LX&LKLD(+n_DQb^4{T-AdQ%f-y81X3cBi>NG4LJ4Tm!q0H5SH2V)qT59n z#Q8VsW};`mi_y!$Q|)%Ml2zu_CCH74H_w-?cbIrU5k z^x0G3g~brY*K}j)*Yeku>Z~A@npk4kETLfgoYwxs@AmWlLC4P7*abtcaVm{QqYb~; zTbKLFknWdluE!MXMFZ#JQS_u*#68qX6~5-4=5KN!6VEt;Ki+3;@uM@2ebvvgUVia% zp3;Qvm$uYgk8byB`*Viv+4{cNeN<{yr>XILtok1NBGvwW^%_IYNmF5V0^R8WYtwyXt#Y1u$2?WH-!S z<7uStnt65D44SL~bLhQtb!EEEd@cu-90+v>)=>B)9F}ATh|Y@l3i#|+PnjkMhA~_U zUlbON*mh=+5K8GcvAoo}hD+bE#SAr_m7seB3NQW9W!oG-+w1F3ebrg%3crrZYWJ} ztgYBnNZYrTWu%gsRM%7#^%KTN*Y!=g-8L%%I^c@ycQ9{lwE5?9t8-15)=u;N@=~lu zyA944TocU33%8||LslhouL7>Uu>|ta3RHKV=tDcc23YVkav-ndj3jY#YE@b5m-T6E z0aW7GZDy~mgKO8S=5b9r!?J?*Q}h<9h&#Gks^tyJIyWP?f-wfGLBMyB7ujE@ACMHq zcByQcp%3?i$N0t6n`<}8qI=~fR=iFYlcmQMy0dugG`H9)fmV~mh=r~cIn+Qx%>5-W zkBJ~Y-a)J=KUcOPzhCa%aLoNF{ioi&R$!355TeT2+T}1_=L>t(r}t`q^5#9Z8_o+- z+7%djW;XnJOxjeX(bD(*@EqW!=6*A8ZXP}VYj1FEhyiwui4TcK1m?2-D}!4b$h^7rOsivBzBDnKEQM7dT|w6R7{1@!baj(}%A= z?oXpOtx(739_H+jCr_svbYVOe_~8yuj$X72=i$zfzw3Q|3h3cZ=ubn?P_XMAM~*&M zf21r`vpij&`Ti6e6OM-oJ}QJ4I4b0k;3a^FgAvQ)0xl|K$jt1IH@#>$0;vG2rV_`cnl4)HRXyQvotM3exHMqmm#N>QZ|#0-sMj z_bYC%D+x)9&PeL#%IE25dyX#%mXC2k*IV_i$RP&w9YrWDyW{s5NDN|530LI|BO}6} zipUMDH`&N>gB-kTCA)Hg3`v?)xfOZ?$O<%+gQE+tI;lgpQ38i2IJ|s^Cn@0)TW8-n zhAWots{>$!$$$AmvA;$n0eD4uYGs{=TluI1muADaRKYze{WAC`LANOv>-WD3uqyDY ziRQwgCGN`A9=sGF54Ef&G$_;Xf3XeanT>3-eVx(=z^3=VUkv0=fNlB*(6zof zMIdLOV&bEL^>phff-C#jGv%H+bY<$_nWo?*b%^~cYTvEX50;X9J2Ij9nD8Stv zdS+r1aX1ozvep8*Tn+!u{hPcarpH2axc|O=F-x zM*E<#ihGKuyx$34=fM8fV2r}C)jhsp6CgiUVL zy~lFN*tVqXpqtvt*087>N?-G}<@Ino#VOsZCE;GoWWADUXK74JjVB%#RrDus*F23WjKLm(9C%Puo_KzXn|AnnByCd1v1ZC^Q1Kv6NfO8|F z+Bu8%=Lv*PwWrY)iMZifkq!rvT&;6e;w@H~aLhTDreiF>1*RcGu}=KMHMOQ3v<&fz`pfLqdyp#v;@ItaS-~gloHE@oB9K0P&u*lF@)!SebbE2# z&VB=2FuPI`{rC8mRQJD*ZxFeUvBszSNs1fU@YRGTVp$n5)%i+#UgNl0CS4^kRI>6z zKp~Mv0PInLHX$PJVNbWzUI*ynW3?~>DO*-a;WxV$i70FP9uZ({`-@#vM`m#5iJiJa z*n)k9C0;^cYRM?tEgN?Y{jC~Hj&}SH*h7_y=>An6(!D+o3p&+5^##|v6WjY*p_&$B z4}4hwTU@W+#;ScVwxRi&$cAN#r%he(qcS*_%UL@uFb}!WL!OhATu+KUZj|op^JiFM zzTEdF@M137<`rIDzx-)@p9bQSYQ9j}H&BcU(Bsv(V&?a|I))~id`7udmdj(q-{Fz} zgJvWZ^I$4?TkEU)pqBq?$d-0BOb(?>LqRphQg-f7ua#QiVe(JaY+f#053jb|ZG1z* zc#FpvN&KG^#KPRI`3%u}`#&J)?~h8=$Lq<-$=mHe6i27W?cV6`RK8BHkN)xHZQrl6 z(aA{F=|AwK!UlKWd+z^QGV0I&2d3<^x&E)3(QSH;Y^QZ|{KH$X_y@|$8&w*rDhsBD zybx_F2V5O4I|rn57s##CJe}Swla7A_&&Btx$$1P}F86XJz09vEil&N?S+ComqpuJnCrB(-zVQV?$Td`anU$$T>wz`}u0Agbtz+(s<#1SU@1 zV3y442xs~0yMEg3>=9DUC~=~uoFttsG_ChlIzf&&G{u*Bez1OrJz^yy)%Km5ma^;) zr^mN91}cWLoL}0+09(nXHxas2BLQdL><6<{h2ACW!RQ+>jsME1aI*gJ_kIjRMN6&< zl*G@;Y9Yg~xH4rY^N3PhJ@Fef9FG;Ym)v{+HH@Nuft36ShBvQcZ|nU=@;CUD6C-{d*m~+6g2N`Eo(jU|DE1A!6;z~CSmkDn8u6VCiRIIo9XyWssHy{GAFl!3<|04Vv7 zcfKZXLuN zO$dDrG=aWBuBi84EQUf&`u6eZKp4+UV#LamUr^K}lKI(sR__MQ`aV4A%&>ceiO26C zf(FI>CbIMo)>1tNXLw%#FZ$iH9wFVIcrsvCRT%)b;eZY!``ddFtEq(gW^_GKaGt-l z7SK&+WLagt_R^QD(O!1jz9V9rjUYMQs8NfhVUsnztkgl*+treej}umlH;?LIQ1GXS zZeS+)yzse)DwW#0Ob3O{_yq~f^N}PVMk>O`3hm+!Ll)~rEUQHXIg=d>A*Jnpb>+$s zk)2m{yE`{E+6k7n5@Wg!9+;M`>33j(#)9*B{IKE0ET%n;NUjd!us(CciXp=zR8&XD zs_*@zeU3YzX6FnHKwFd#`pjuQ^7b61-=+{1r%6~$_!A5AA2tLpT(gZC`5MOHzfmiO zbM|XRjHm1_4rxwN;=}QUFYSpjKdjB@wl1uVBD3OeJG8jrw3)6S$^o;t?;CR%KJ{F( zwL>E84N)x@@wCUOmP(5vz_`j~An1#l(rGgx5y)bN2MNv&EAjMe6roiYrfs+;u1p+j z-{nMwx%&T>vvF|sS6>aV-*2!3{b3N2{ucJp#4@dETK8R7;voh#)CP)iW{=rx7x{Mm zH)sXjy52ldHGhQtxQ@RLp~@9|J*Q=1`PfH32LLE zyndCrP8~<9cg2d6QFpN4;=eAXU^4iLFl%(`F+ABQnwM7yS0+|!6ex2{g`2Qd9nTjV z_^6I@DvY}lz>vY5H)1dWPz3vK8EQOSv@vH1Gz^+3NnTaLQluH9PsN2>o62xupCWTj z&R%HOM#dH~?!4h?dM1+%%UpSgKJtHvtw_85|AnpC{)4Ub{GVVeiT@W{`M=o8|HW4R zx3HC$wENvjf~r3>+^FzR$y)DucT&rJP2uUGY3^@N^e?I$Qcx?5fKz^df$B@S}oH+ z=5{H~+a8}Sw1m_Yl@De0;FQwA<-XE!BKse*JGae7coFq%ir4P1$aqFK8-UFyOxIy` z_q)wM6Id-Fu*d473&i~*kBk;a{Vt?=y388=R6uX*#@Dw$ffAAFH($JHY z3_OEA=LW>#kSiP_1jw6vM3kXjNs?>;@PlN zt#ag0C@%@8iQDKZte?H`amxQ4KS^L!Qu;4loM$v#U%19a8NEbIB>eRthA4wDT9oJ| z7^8O*M2TLbMGs?y(Mz-tqBBaAs8J$DFHyrFdZLryj&O6=y63~Y)_Kob=fhchpY!aq zpWj1@riB|IG@!eIQkb!NN?&PHe_W+J!k=5iwwbLlcivKiX~inctSv(- zKSy4y0O9-a&+mA!W{y0oWEdJ{8GYR?)@F~Ck zitcQs!ty3P?^9c;3X9k;69vf)gy}?N*#CFwp7(t@5H>u1pShU@ea#ds8>mexJ$5dr z3>6;9`A_LM{sJeyM3z@>mGUVyCw})wx25porVj$fY|)J%v}f=m;elKFn<*lW@O$rG zZD$+QECav}jX9pNWdekhmpIDb!sj@g5<)8uxx`hPdWK#uL%f^ibJ!RnG?(Yo<$iBA zA+=@3s-@M>-DkvJ6_Dx34Iu@tT=xCQ8@W11XOfN(cE`&6TS@L>p~5rd!zGH6znC)V z>%9`oj$%ughLERyc;SC@U#zw`*%N(FOz{&)9s?AKhR@?vXxTpU&S1bS-&|#XZ8!B< zsCee7ITgZn7!oRzeXLP{c$brc(oN&O*HM__0Vh9)7Y!1>ee}~lRPrjcY<)`+G)kG! z*yvHCbWGKxaF1!dnfU%DcSAmYYhmaoMZhOTQn0-2f*5iFs%p&nS&6&vB)17l45td6`JasdKjp6ln2}NKrHk{FXm7 zfoKW1Yz1ysHqMn*4)_uV@HtVz*xbOd-=t(mw1S%IvAm*cb#{4Jtko`}0$>Q)O|pYk znl}5xBGBrda7F_?A$)dZsJmznqlKvhPok>dm-Ao zOY>N3J6RN!lug>WMBtx?gwd91jYqH;p*CA~!oNJ|l(kmLstbiuK4DM{?_IrMA$PL3 zH}X1U8I_#6{aL<<-MEyPoBFr=^zwp2!~3t<1Ec{tkpIttxI~||=`y*O!{GqX1qeZq zn>Y=`)5wY_ubMHJVmK7HK1<&r3vIh9DK*Mg%w&Le^UH#LIRV=Dhw&5IPv0u)%}&b@ zsD5*m!);^M5~V99`=Y@!Zy``+v9=e~7+(k6w<3bK`bT>rIw@Ev2|n+etD#v+TB$zN zZb`f`=HNUEpm-y5hSQ_n>pNH=HEXU<;K4?IY~?c*y&V?c0BCr_k$OucPZ3aBD)ouCZjploI*8 zF~R$lsQcJ6+K6Ck>q=9zcy4g*%@W$bJ)7&!GnPNBu)q}>VT!@^Rd_Wg?RFIw(9@+XkGoD2oSF(v(!?_zW999fi}`!<;#%Sq;a9HS6|FRE z-oU;;{D$@&SFWp(CBTcyE-+4T%Fc#=m2@xYK1F?Ydt63ShQp|4(|w7f{4Gz?gbJ#= zH7G7|6-g}M<|QW1@x*F(pG8eA5mtp?T6oGvC`9YhL|zY_kZ%JulNn5?g-kJRJ1Dyw zeJog+e-OfrP?CuqEpgvcG199ZL9L}CrfCC$_MVf?_7uA|6hAh!Lxn%pVs}&kQol$y zC158sGy=bNcF-_!owR0Cx(6kovSuF5m6#88a$Az%vnC-s`WF0*})uTnA+KM#YM_aBP zL#Hie!PB9XU|$l|cPc}BQ+KIGZ6aM@)N~?G{oo+jPuZxZUm=eSRs{cYBx8<$=3_2B* z5|{p7cxWu#xq%f(pGg0w`Gw3Z=o$E7xoYR$q0PI|&8g>XK&thq7SArUaDva+16cdq z9~)Rj=S}ZEqs#`W0W*jYBujE@>S79A6qQN>N?NJ@o|&eJBDY}|PSra9N2COOeub57 zl{j#M%U0W@Rm5wZ2a&cLU80RYU#O1OYE4UpqV{3to(tBpAzM)XA@&kh$hRn{ect83G)?O3%)7hGW1gUJS`>#nOk5-OpNEw>}#3yspFsU`C zj+~RtNCk$wroo&0wV6+oMsDQEjm%}MiShd&wemrv_8s;Se-6pl8nx+z$U*R#>_STe zITiZ(TdL$8GWry%By{LQ9rxb`y|Fxnz8RZOWpjeg7TzDG$hQ5|O3|0Ig{cp7cF-;o zSl>oCKIR%BSo}jSNtJ&R>(evMKv3rS>d0fw+kK zl)bl!#k9O=ou(>EWaY^apBInCtMXCRrnFLgVeA|ucvpQ}8IQ}z(R!9x_$50~aAT-L zgi(D!eYcQE$)tHermD!lWlY+B?g5+8Tms-FOHA3JLa_!21YuZBXdCyjQ>5$31p;?$ z8Ni*p6u|%#fxOU%pi4eCfql~SexM!twCr;nJS;`137CEno}bqGk4T9*#9#-9gS#ds9ZkrHvUhLj?*It|f^LSOv79sx+wdR(-krTWxuZVq zL?1*kdh%7gRchUaN&a_U_e9T(fkW=RpTsq(39x zpi~z$;mkmm7=);JFxEfV7WZ-74^AvD`|NvHu&WM*aZU7=G#d-_bF|$eCTe|c2Fa6E z4IlwsVkt}yPHglC;}J=JDrpDf17Bmf>o9)##22zVhSb>PDp#QdDbq-u5qZ70-iHK0|7^_b$whh`bUX3SBA&Ex{Xa0p?_v+} z=_;t(!W&5+%ZjH^zTJ8PSNwT zz!JFKe!2}>x4&e%Yeah-9qyF{t7xv(KM>5r$r{t4*FZ-f$s_Xg@Mna(h{e65=1JUY>D=-?0OSAoO=VUctQDHPvWHr}N+Uux8)T#wz38~>y$`b=cs2abNqnOm|P!HNM5a2b5g9V=vtm{8Ywz?L73j` zK`IghqY?0f_lr-*$^7IKjYGzUtxJesU1u=ICc}fpN7%|Qqgu|ZZqxdirly@*@$zw= zL34YTv-CDfXXohXc-udo`fxcpIeEO5smeZ`%j0?7qB^bH;qiPH`bX9#r?cJt;Z4Gx zMfTChtSSFwbaKB-hVn5O2>m;bMH<@6y|R4Lf*if7tds>@Xz33h-2i5*(L4`rxJKre z)eL3yu;oEl(Wa}7BiewaJY0>w(}GWXS*I5r+%hp->TLm5E!XHrQjVe}+SOWqL34`1 zQ-jyD3J`6YC9Ky^{$REwN9{CLG~2DuvdChkQnehNw)o6f2p!Bua}L^b8f|M=?@qUu z{`t&IQ`OuTSed}OciTK04%WQxt)DXi5wS_hTFr}!6cVGF)&k$!Iu?<=`no@LKh75` z31c2VZ&jytI{Mx}vFx0^y}cWQ&HA^e{Ej~6W!Zg~H|W>-H2w0YtJ!`i)kL=ZWUKc< z)M%~eQQ0a+=CtHE9aJL}-1jP~xrOVVfmy>kveN&AwPeC^PA$E|X>6_+I%{Ssi&X)Sp zD=aG@oH;pTtOFy^M`9~jYEC)iKJ_W$_j`7=?aILCQpMERTtQOx57)S%c=m!5(8U6)XMe z(&s|b-s4%!ADy5~*Le!z?tp2^jM!8w{gmdAfL8@rt(QP6ILpX63_**ZkE??Y1*SNH zul707D^seyxR>l_$R-YU$Scq~UF}Id#4sLBXl{>YCVB!bW-_Wv?4uz+GF&Fy<7vtc zFv9X_=cv@`e_^Z59UM7zAb%^%dC>PXVky{F zuvsnPMhY;(C5lm~uoyEbQ8q@$8QTKymc6TuV9dws+TTO*=*O9ZSEv#%MUD3vQ+#p> z3qm(iWJJ%22k#ca@>b&Jd0liv=uR*U1_bZ;k9EKZr^%i?@&d~HH&SXc6kRywpd;cC z6q6StzMmknXj@cqHQV9LEEhFLP|0)kXj^YwyR8r z?%z>D9D|~Tty9IT^584Wffbr1{TacUiSU}&4HtYs>RK;xz+V=cQh67Om72!gQ-Ukl z+Z-uC0#wKpPV1PfAi53n#nl8))roHBkW}`$j3nLTM3S^^NSr&21@@yt} zkL{;e3?rLOeH?8DfmQY53znEfF2;9&cn7MNXJpCPIR@~lA%^Ti;2NQEUywY{0tRdb z@YchVayLZ!=sC_vZ$N)Hb{HP*#sf`yYHs6RPU>cOHKMFd*V3*SCX1Pow^nIMBLow_UHh1QAr6fvgPenUl1 z1eD3npLp2MV+?vxnLE#5V9Nvt{~^NkZ$ zrbPTK#^aHok;QmWYof$|9u&o|{2()oQSw)icn9g404s=Tc_SaCtAjEeA%Zr9>n%~| z{v*tmOUxF4WjJcbhFAtav(e_i`={xONpli-MX-7&_|v zTP9|}DygcsDnA?Pq6_GPxNG5PnTk0&uM#K9;J~nKE3$drFWvT2IggZGFG+!eP!rz! zgkY{eI}sw@uHspHDExhDq;{_Wn~V9XYestd^*ei(6w4o=1mf@cDd?K@Z)Kql(&)hQ zV`G(Q1H!;mW@Q1`D8IWt2K+(|T`gdOc`XS8F?D<1*eN0LRd(f{NBR@obYa0|;f1<+ z7B{NXfu|bNCEe_+MyY6=N@w;RDOYjK7o!s_VpY&cAN=!R5rmr}IURm7Js%^xXZfvR zGncxg^>JM*y)2g`Si3~jSV_-k_$BZsnb%#I{YkRTCYRcxn6M~ zDOx58yRQ!#I+HboES1PJrKWKo>rwydqdx`0-94RZ4+dQ0DJm;wF`> zXCOkeedmKC$*|}~(C)SrF%Evvz2^N$kW#lO#UpimVooK0OOR4}lr>^uG3LA<_Qu_p zNr|c|7t9PCfv2>C9XLGJt1ETh0ME0;$fwFO*%h@$sarT>4~;h_;p`JfHw`@MfTC`K zM|y*d5a&}fa=TsHI*omHZPi!EZz(icr|r4ll$c8ZGYrpq^1!byye!nz8d|zxw1`o$ z94v2LgKtTSuHAbz-cMzw{@pO|<=h|iZg8vXb?T#`^2FrxTk%nmYg0Cf9B3;_>S|o$^dmT0+ z;MJS6P#aY8mgml=5MYpbnJw9gfIYR<%z1@NR>VrJDS2qrH5(k+Kq~!(L?qQ+1F>Ol z4+;%eHB?@q>CM{Av#A&LNkw(NqHqe9f0pn6oL@tVq){5Cw@SELEX*315a_lY=)SV^g{`7*eTO z<7J0}dCfU&SkSOgO=w5*wG^wc0zW{JKI*I=59^sSU1ED^q2!p;wHx ztOoo5Dh(!b1}jlUGa4w0uAKo^I3Q`-{zR4tt|l8)cu}0q$1N!6r_A}%Dg+|)pNH^p zhO%FKr>5k*O}u-c=zt`ciSBKmfw7#(hA@VwL?jz@OtIuBCALmtDgt}01xKs*ytEU+ z_;?ff8gP&p64hw~L7Xh;;}(&?Ue&TCYj|M^grN3BgE&dlXwtdT%j=yYpD@uLx|c!=(A zIB;DB(R}d=-V>PWC6IAi@x~#+QnUFh5OQ>CG!u ze4Chu(Y3_y^8$@ilU~{*OKS6tx53?w4b5ZDz0sRogef_uO**WN>m0c?%57TaLiekRl5?>{za1rC^yFt^e+FppZc306hOf;ru(d!D z&^aDA)NKqC*?CoWdGj;i9%E^!Fy!dtgJ{^8{ecu|O53A*aC<{jU7ys@p?|=N;syEB z%48dJJ3;FJu1ZN|K@5-Ivn(OBIcy3yo@@}b4nqy!w#Y#QkNUIu~tMg;dDF8Q6VrTqB+Sed3$iGGuZ!N)v~@8XD>MfelE|Al)&Xd4#$Gq|Kwi|dQu@hz5i~&V!5K-S zRFN}6|8*JHy3Q<8M3ZjSU=|~j&Af52;2Xx@5WeSG9EKG2m7UXto3_!6hzL_KC`WaLi*~8?ErwLuIo+5gYAO0D z+@p6i5z(^;;tV?N%U1UXC^V-=VD#f8E3ED-marmM%l+xSJnto8E_ujiq9_V@s(LKP zSv0|+Rs9tv>Xtj4p6j0dIp|7r_~R7Av@x0CQ*yXJ$`L*u{Jq%0$^TI_&Uvu15~fc_cK!xn);ew_E&qgYX2z)Pt# zPV|S_o!H;dFadY;M<-yGdI7IFPN$`)Vno9t(b%MtW=>ZkbIYOim30G5PT4(V$)^6f zA@~SDR5aYwjHORwXcQfkxhRUkd>Sgb-NBymR4X85kXB; zQkGUCjq{bbe#kS43_6|F%|rIEzxIR@!wqy(c625$xZfkU^UP`o(@)zA;BZ}>8qiNC zuposbG1{~X5Cq=^^H|`;g~YtJ17iC|>g)w>zGEExGY$m)BJm+HnFaB(#L>jLIR8$z z;nE^T{6Yuy>9^)86>&jv3vThvxV5j!fj7J!_7` z_zSn?V@YV)ifmW^o*?#z*!<-aQ`y;tfhQxzR&*a1z6qFUFOI5;o+Izq^y|MuTUlb> zxyY*MwKq-jW)mP~J3JXFWlK8HqGPb)gQ8K(f3yE*0b(jj)t^|fR{^UcWB3Z$W>vFn z>GqTI1vp8H zS27oM6F2yRKDPJIvnfyYvPF@AcWqEkDSP~t%bBbnmNBZgOA9mO+S4xuTx zRLb~cyKD3b=;u@%zoz0LOq@^*MO-g50h)DISQU@69!rC{YzR%_9$}lYiF8!Kch?sJ zs=nz+Wf8sOX2fF-Ga^`LC++Oa4p)5T?pYisq4C?A3AhE)T)y9!$`J%C)l7oJnN@1a zMf1bqHmN#_6}KKGCD$+VwfjC(WsIXt;OG>bA?B!wcub?$aPSnI6qCq*`}X_6)4Zd| zkz0n>uR?}r&!OQ32QUikUMXDX) z7x9!FbFEfBuWw1-i=E~dYJ%T-#b|3t~4T8W6DYSY7}hi|n^1DV^Q zHg9`q4b~D;Q&c{X)q__`2bcRy$BXR0&+gbV6L&(=vngJ^%lXDT+Ry-OMrFDN*K*ip z{*l0D*$nGRijI{jki-{}pvl7%vn|;SGZ`roxn%oFvSrp`6!A=-gy))$~}OlHK}K$fhb<69@edm6YVyd zoNOP~Qz|@+w>45>k9!8Beh*C)P0-UKRfx=BE+o=)F(dYnZLYHMJN4)1Y_AfS( zX;rI9aLx|l6g4PVy0mJ2X#OA^Sg5(8P2&su+Kcac@l%;kn{@yY(ZkaN_U$U5!1@BL z5#~qfrWB|qlU${CdDgFTr3CIZuy$KSm(Ks$TswIiEYQ{v?#--}k4%2z0o#qV#ht`C zMuYy{dt;~DF21gPl9<9J;ar%&pxBqTe z#m#OLHvQ`>!`HV~-dJHiDem$355~C9FNrJA93f@y65Q<{wlu%bz0@A(0o z)|Ur=U=v9?Z|Op(D)M4Vap_Bx3aRyP5KVe4pnlG_`FpA+dtHvaAWKsp@aUEG&P3pF zE%_)Yl&4;bFqR7#*#!}uBbGZc6`b}-)1wxAqg;TVuEZ-bVjtUgSruPo!uGTkSFt3* ze)L);nJcbJ6Q?ISZytU~8E?o9EpEd(HP~OPj^=C#c0X^7nYf!tfj$rzhQgB%$Eiz@ zk_7USeDXB9@@ynhBm?WBB$kHuh)qt22=aSOvwMUJr+#VDV-{UF5g|7qf+vAL>_8ba z6QVcc#r}qd34WcP z%vxf2VQyH^JEydMydR#M3crC^dR`-C+q<@DsS2in_OxktH$5{o;f(AlOT3V zbov0FleBSIuz?He6~OvWBasP!=+h&D``b+XHZ&#r!63~@UG?eiwAhKSR9p0ooeT*M zCActutoCf+1|NeIH-!(emDXKTkUwMwYQ4qmQTz<)Mo#Ys;?Nyl9}HZb#o83=sIh~? z_MWjXdaKZcO$ri5%pLx#L5dNiln!TP6l0KNMH7iu8)AkMcY zGh-pC^M5L6XC|q0o3NmiOt_D#@6q# zeKR5sbA=U2*IdM?rByj@Bj%r#jcL%5!@T8P`>=B9%`>KKgosNa!1CTpm1jzJ1P@ql z|LIRP>W{Y`l-Ms?sUm;6eNp&!1G>6B zHV}m`@5Bb<1|ni;91Zb|rZm>iTT*&1Fx*yGFEO5!_~P9_$tlUuFZ{@|p0%Uy zrnMtboof=8`+&`B5OXAR#@l3-0~j5hh053o!&y5O0HB1pYBx?dSEsqeoO{ufYV|md z^=*$sq|ae)*+YVwMMgi4h||v$dl+}xwE-vDOQU#M42wYl77I_9NImt+-uzrUl&Z+9S`Z`H_-(-7lfrCt@tA5hidV%yy#P4 zNUqzF{C&Vu?!SORuSs=!jS!0RBU5gw50-KOg@n=AWu>)B6==M<*}#I{Ay}&9`S!PI z-S8=}4xly!Mm_&d-S2R}pT&EAg81kVePh{1R>x1Eu5bUhq7Mk~#}TibT2~V>+u)!T zG%Mu=OUFf_U~c*M?b(CYlw0J~kXvu}i=>ALuZ2U%m0eF>XW~FSU@{w{xPQOjVelsb z2YL!LK6nx1zQTWES{1AbNib!=^=9LftpW$Rc4gV@p&X$s1_KnLRs@B8VbW2*2f`*< z=&aG zmWiu&Y&djzKmtGWzKZl;>p&|p%SLR;@L|wx;Tovg)=;Um3U%^ry<4vs3qK7g3~$?o zd2D@EBqwuzvMB)P=Nwt8zG<MO&HpVnA54PE-Tz zXS1+1ZqvDtnv^cM38V}KfXc8bO|&;*gWRx(P6;t@7_X52-;_L9K(7@{E+qP`=}b6I z3$%bK$7}9dCc9yVA>oIBu?GdM&Nd(Y>>l`qxx5tpO++W?<~)HRceWoTm?ZW;!wg&F zC-%Y>Ivv;*Cq@jfog|j8i}~Juv@Ft1|Kj|0qu`@`cUtf_WEk5ixZS9~p;Sz?Dwm7C zIxC??)z)H9m9W03wj^!IbqqQdZ8Lld@L;+_&K{tmxkEwAH-^UZShHiUFIFOtyVxgL zU4I1;VFJ9P&8YLaSVtH1-N8sx2g@^Wn9da*8U2EmhW<9s0CthN26SEZ0B!#~RqGF} z|NO&DNTek<`E10YVt7=C0uAOjVvI#BH5wdYa5!s_$|9LJvlp?BfXVf5lM<`!uzfJo zGI5A{o`Q)QQV28URg_W&bG!DGy#zdGI5wh(K+#=w;x*Iu9-H-Wo*pHU%0oatux zf%fh&j6(4w**Q?TA}KddL!>FkWf>2Mt6vmd%9iU_RbXl$;Pu*@-Crm3jqqDoti&VB zT>Ya7-*~veTz|l8-h&q8296uUYrZAYK6-^KcU1DJR2 zlNillEmQjAzqZ?zxGYMjR(@hpmCB^(r71G4>YAm|NOhg9X8Bkh44L4c-pR#nKT&vn4FzQzcYLs_Mu5ZHJ z8*1OEr=qF^d{xm{lj{NJeMmEXK&*A9={HMD36ESKhqX=#n#w=K%^dxC=gsq+G*`NW z^z(~qVy2#Ecc#{5=CNwqBbKFwzv!Jn4;GJJe=*)0yjlT=@OeIsJ~(W!^ahsVkE>{w z>0pY&=NuDHc|0BHhc(jWGs(S+K4$EOgr7KHZ@50>{#AK*wq(2;zOF2sueUxOSqF4g zeJ>#9-=B=QsA$Gm%Pi?tX(?2eiz~X=zb-*=X0{N!`LyM(9DtEtc;-Fia z`1*bO5>sQ=r@lX7L=J@^ zhG#|8n2viK7Syg0;Mr(|Rcnk=&9g#$^>)3zd!A3-fRNM6{H$YdScCmt1HoBz6mFOG zy`~+0)A^S|y|oTzOpAxouj_lrNu7fBe`N6G4U_luam`l-)73Z2&v^zbJJB7qU?~-RvRjwZn@rcw zx7)!`2l#uwd-ET3JWuVWUN`$>wJdO*fD{|nsjSSsH;B}UcBA#Erx3h~pSm~Sim8T! zv#`?J3gsy@RxJ9`feQ4%U1bb?lNxbNi(>1L5OnrJXe{OKB_Eg+Zjsq^5w!2LNJI9m zbz9aMe_at(aAJG{=YNA@gp|~$?k{v6^co4WJ;I+rh*hTOaks9P-fxzOwi`gMa`{_@Xt4x1HD)Le^i9)J* zT*-tDPu2hbgzRB!y!b*qi0?U?nz7TP8GcrxN?K#mrwHzmLl{ts;lC%YpTVK~X?CkZ znY6y!z8GNq_!6(L;Nm&|KjL*2I_`z!X8WFE!K>71Qz#Uy2jXnWr9RpMmfdoDt{?Xh z+NRJ5QJ1GBmgUuC**CkV3R}`UB$O4;9tPVT+Ls#^`+1^2Y0+Yn$L5hmapGQ%twRP> z`X#c5^E6k&*U=!)Fga8#dmn!#?lWp(KDRuzCo6;`po9>b^9XVTU+S`S;vZ_46M1FG zq|j98&C$=_tSu{+g%VPtKQfD0S?X#W*aIbsh4x~>BUrRw;b84E2XL*^09m9~WEQ`K z4Zy9{q~YW0m0^PHODD1m5FmMbv!mti$%x6|7x9Uc!oO7NS4na*;wA!GPbs}P_Mz&$ zd%8IH-um^>hn(B{}xP&BRXk2msIjok|T>t(6_aef+D0 z$i{Su+Q7BvGx-bmlHc6z>gb@Mw^AdRZEo-W00z?xRnKI12B6>pTszc2z-w zABRM9xb7@jFu8u~b-luy8Yz0JnW1GLCx#`Q494EBX)b+NamH6=4vb2siHL#0?H=PZ;@W6@T66+y8fznJ-v%b5PplGR`D~56 z5ssj$(CmnqT=#3F+u@oo`q2nHRx#Stu!>M_d+43rpCUoBEQ^Me*tB^4VG$N5qit_} zvc&hNU>lB9lPO>_p`h>IXq%0m`g@-WfzSX-y>QT0y1oWI{dL@|!F@SR zvAvNDdLNmIfe5tMWnTOG5*;3=i2sQP9R!~*UA8(y zjjircrWM*f>PNO;Ptto!M zCMK}N$}Q!ka>4)!bx=SiBnx(Y0+ApNWEdCIOXBq&yEQ9lC5L<9Fg)*1%Q9^19y13uR_|l z$>Y6UUk=#!B(pyt+PYD}tz18H$qyMMgy3S_+5LR~?7C5iPjYnUt{R8|x}TO@vgO!X z9_Qh9*s!<~NO~=qjgSSGT6MT(No^^$_Cl#BTrl3j1T8euF|E3?d32s817l!LEJ)R^XmglViGmWn$xi032R97V}p)*D9 zWJEsTjFe4U!;`OW5ZBW{Hs(&82_AFB;Pm2uPm8gO6idDR(St*CiXBZ8aL7x}7isoA zmi``__a-SJcT}9gkGTTO3}h*fy(7#RFIP573(r)N9$7;;mzHU*SDn5wY!iO7K7UXo zf^h)dEAoQd8;n=jGz`t0teH?=5=L5u@S40g;;3FvM8Uk4#8?Wyi$JD~ssMHXU7VWu zX^h&~q?%wb-{enZD%FgAx&?XN0-BIm9U9=462aWu?F4;f+{>?Y6Pc)(V@Hbf-e3d) zv6JC(CQ{&#wpT;gccnw2N+e*AwTsLW`7<6>vVlSmKGjTG0E22#gUq_?XpB{2jjZjv z0?NaB1Z7>2GMNgO1eS+YZ=_MuHF{z~9A%2Mg!<0Fn1n>X4E10F^WhPUB(#G1TsZ~< zrjb&lgnD=u4HGm=^v|-S+NtvT%cOQmb4$*Bpq@_OO74Ef6_HRD!Icj0x!a!YNphJn7D-to5wkQ;^ zn%1C9e-t`Q>psP}m&}vbU?yo4Cse{7-@A)Hq8!yUn;}dgF05J)k9%atHkJZ?* z;Gl4nH-SFzAShBQjfX@E7V{V))-HUK0ADBF6fQdXTaoEm3kc{ty zQZA)6j9OZ2Ac>NmPf$-zscn~puamdh%03*a7)h*mV_?8hu-s>}VuyrWRRPpZr0h zB9ds5Jbm1<4~!13qD`ClT*2-by%-|10k}7LTI7*8nsS8ul>Ts%aSY*y)#J%f)VgK` zr_Tg6c_v{9Ms;1BT01AcvoQ1@68(AMBnSFkc4tY6KP2uav&Gqa@{rW@R{^oEA!EFl zAB7~f`&~I3;L;3>rH<(@w{N_^=e(}Ei&yO=Dz^stPup2HNHyCp&NCuz`^ao?bR67Y zRU*hWJGF({p5u=Z7FRe?0=FN(Q4LPr;%7_M?SF%6;4sDF8xl%w-rYH(hh?H8rghsh zCk!m~g-ppqQ{r#lDB?@9EYp}8ILW0Ye&qjjf;6@SX%`O)LahP1--B5*ov+3CrLf0; zz8EZSsSxmsZ&*J!ttRbYtR5YYRFY?MCcep#><6E{H)RyvWayHR28oFzjmhK1MWHa8 z_#IZs)bd44z5|s_)CzZB^tG`~6xe=CkIE@j>T4d6^W0J7pLkFx*ugr&gO}|f_>SMQ zRNt!+=w&A&E<^aW3BrxpvZ?O%%LYCn%dTvGjaWZXr4T)eT%3ZSNztz&+e9%q8j=yk zvK|eu^Ln@#KumjeKeOFQl2+ENE?qNr+OYmfp|h%;yl@;m4|fVlqwGTC%pwcb#5~6P zHDapnp5>_!dW_dGvbQ^!B!6gkOA=U!8LrhivU4Va;L1?H)N@g-TM&5YF@l)Qjc2l} zI>mEQfD85KfNn2NcxRMF<~2c-En$4|z1sj=-T+MIjG&DVZsa7nO_yG{fJ7LOQRB-34k9BgU zUIx3c^61C)ik&y*^Tc;@M%pi&&HEe3`2kqYR4khp-QJ&z`{b;w!SgGGq_MEVPno^( zn)Y=Da@Lv0m2H<#CyNoJTRlKofFw=cYhIl(&wnkE{W6K#wRva=oljrG_}t+SIlv!? zw#bkQ0184f?v2P^bT}gYCLVx4k~;7i{E=VanxQsgC*0kJ@LpJzCOX%VQO^Y%Vy~pA z#u-2q?Gmet*#;i%3+eQ89^ygqbuvQ826oTR1x~4@?h#aJhDO?*ZEn*<=IWI{_AAt` zf9)qNc8e$tNN|Xl-~Za~4P40{bB$o2sIcab-Bv}+8g2)+#V+|BTx<-j@kvuz%Y#lW zO+KPfm!Kp9|Bh5tOd_9M2>+@p*(|>dMFAa#i_y-+1$qoVCP==%JS2?nMP1;a*qBw5 z_Xocr1#uohhH z3ycM_NcnqeG1E;XK zYQVDFd&k9#-8G)=9qB#RR(-@09X5O3=6a0J;tcy|lcDX3$~P6&3@gEB7-E?^i+jaa z)n7p5JyFxdfPQwLSF;74PyL^k`=GB!MGZtTglp|xl-&WpK%9{VyFWg5UNGA+$j&7@M zrZBw~c&i`gqJ-qR1>(kcTm^cp!5*tRSEbhMmR}}RA2#BfV|UaekG^w>XN5VZFC{1K zEwrd0DJzS@K_Mf+RsX$`BxC7KaOKDq@#lmcpi8^OfaTl|kMUjdl7gV|Gi@fxYs7U1 zeK59u-AVC^ii?_KWV&PVxyk_vxgGgg0B zHGQPy^>F{s%wlw1n2#ed6joLNZ;cJhI9dA{jx1NtR= zqN6Sr-J{#pv_s!$%|8(%;5t&i*6(G-r$g7e0+l`4(+xvp!)=nNbc@KUC1md zN;R+fB63f3Oh*l1od5;*(TIrGt<(>y2*zi^ZtOQQ*X7Jk=Zg$z$8U?yTSw0NNv8hJ zZ4mr*lc@cq$}ak(6lwZNpHNwwzJ3ZYuI>%)YO=asAM)*UKjC%V$#N{l4uwjWygaI3 z(9iS7QM&b6N0xX%m^?yv+dvqFS*$Ab_^G#-#mrdjBj3H_X6X@fNu>i<>rs4?1KbS= z6|V0Prm5FH1RD`Ocjh}UZ#hG`A;^nh5SfQcv48P0Uvyd&4NHz3dy*l>f-Qepzy(9a;bt94vTzSHE4_|qHN@4lr zzDOtb$uhltz%jmUf@1l^?mT+-T)kq4M16Gz@$PR5Rpl5if$wkd^K^XR%2FTwJUCAd z%2EkIPY!ZjAig>vCkL1~s3!-1{5+oFghV^nB`4tu^JTYs%#Pyi^#FI!dVogAQB1Va z@YxwdTRi|kRLBr;H%i8<5{0z*^b_42Oi;)n_X6@bUc%Je^3m1Qj@l7jilMsy{{!Y^L~N>-ui?+A3gV? z#~4ud-~=|!EAF20VeBj0UG$&9SGxygwl9laW*`|~06sallylzYR-i_{b% z63g#9>7%!>0>@@Ky?n-Izo8~~EV4MnDE~ax1V;~(@%u!wyF;gr^osG&$vug&_f>)T zS%}(M19PVW%<7*3*`-)vIQ*H1Q^Br+d^`X~{;X8x!B-yWKySN6-E54fa+OF=jhGZ3 z#hWFyIs?8(Cp+kHxdi**%u_{#bKF0NB z?+h+7yByV!g$^0{x$UV~1YPs;U@!Qx3xX)Xhs3~pYigF21e0~MCQ942E=|(j(#atY z=usHUZ8+#s;~^p2x>Sqx<+{C08iT$0ose>^#|Y29E1 zagy>A;?L|nY-N3;H3GNgIXASsyX-+(_~SZn%TJHAW2V?~$li{vbDN2r`T(zU`^o}( zv9}lMhYQL+wA{^v68DICADT)wbnVUMSGz{K8S-h@2cdIDiMDj~hw0$IYL!s*v=1Qk zP3w3~l)(gXfs4p>b|9)0twz#yEZxH)@u_vF{Aj5>UT&s9(+{KNYgOx0w=|uW3`Z%9 z2M8eD@X>O7w3S_{_{4$DQryvllg+*T491)% zUI%ZE1lzegd#`Pu;)hsu<0N5X5NpDCKN^AxH(+tTw^F>fbTPgCeN-J8&Z9zVR&$qY zUFu`KTwW~x2gcmNx)9}+Znx^D9p#PV> z_EgQ*9XNwed?leEE=5-IdB@&q{M)9Bo01rd`qs#`d0;1|<3iVU`D^bc>uVbKT_jou zc12ppT1qvSl9?ViB%l_5PYg5@98k*%1aE~g(-Q*02B^*M`%|V@;C~J`({l(6sLl7c zMl{pQ)E_a^qs7Xo6;%o5W?$M%!{%HI0Q%`0L~h+y_b}~bxQYO~dF1f~v3bPBjLK@G>EHxExJs)?QkD?>VkWDv!sVcD+WnG(ri;^A(hR30>*zz z#-1Ph-PC|Za!GG#=EU!|E3AGTk-hef2K+WnP~p0xiT<7XZC8*Iigy1v;>pXyV0a}+ zX-9CVRovk5o_wL9Um-qMM#9qQUWUp1^8PlRqQkqDZKv_eCN~q2f8zQAQQ1Ac=em~hHr`d03X_<>Q_KW zLjuHt1iQ!+skZCyL`s0xUG{;zXY06Eh-Y7F?tZ&bM**ibh?|Hbef@A(fqKjToAnGM z{>gfZD0iLo_?RygQTR=rb*co)YyGtSgxijt%x~MmmqNyyG8c2aJNrt_jMMrN`x3XVF&H%2|B-yP`EPHvEP5xm?wN$;xB3q5nc}JO% zXLTaFXsiU=j_9lqxex!OH|h(S&?O`%G8yUMB{>?#t^)-61|3E4HISy|$n^M>=7o6822;0&fmY@}cHd-9o=;jxR4PX9ft4iQR8`h*^7T%iK7> zWbz>l+ZLXmjJC^7cpI@kAr7>QLpx_VDE2#etf`ggsFja)hnM!%{ohy*Uf4}%H6eAc z=uSC$qpurJ3(i=_ydPElIW2^wJpp)_{sc-6?uhLNe+VKtrh_hDx%m1=rYZTY1&?K< zzBNx{=p8kL=AJ=$oKEk|fAj>O^tiJbQNwrh(7}C^GJ{ick$!#t?X|o6>+*~r-WL6! zzZ*Z%@I77b?eSCVUM>H{kv;8Vm=a2t?jOPE)Sp4?3;o;_*s!w@@a2DdaS|L98Ef^Z$l~_AK7t-=kaq&gBjf!i8{!2-?{EOH#_FzxfQCdhlI0f2pdM zkd*hadY6@Y3R;VLW+L!ST8Drhm+gJLg?pHRdFfw%BI9o0V-K~aZtSwT{O9|{3jdRz zWKFw@#7B;qKU%Ez8XVIQgc;TpVtv#PTIi9i;7$D(p4`IEecO1j^45KpN1Ur8i z7LHJOhRuvxnWEVAdOxP~X8ionJt#V&$+Z5iOGmwokGfoZ78Cq_ygYiRIi~Kc*PjF* z#(w$n{3jCe0LP-8J8vkaGw{;O1t&Xep%k4$RF~^*^F#4jINv3E^iJh-pq#C0K|t9Z zgZB`X?RD;$lf>WbUm_C z&oQr3QIa!znt9#AYl2l#?sh;5Zc90HRXl@x<#Nz}p(^c!kroaF!m%X}WDa5lM^FhW zMzb{5hd4`qEPaf7h5w;c@=~-mQ8ZrGSp<0!QRF`6zr*&s>=CIDD|H>zwN~WxINxDB z=qu?h@cRD}jo3^vdyLki9}PJ1;yRtBFAn&*7J<71-Dqav!JdslAm?ml0`hu>Oie?h z4w=fw!)Yzer?fF`_u~$$w0;&iayW%Bd^e^26mkel^#(D;2AZd&^Y=s1qJYL8U@f%! z8ez7v7%R>ziR3d8%bY5AZy{FzOQ!)dtRmj(?FveTsmULtNR#YvolpLN%NArvS2)5W*5=hz?D07Gy7@_6$bBgFd`Ikh|DSv&*9B8@t-}n^RKC7sLHcC+& zfjDx<;Y^axJD@rG8`+{>h8&2%8i8^N>frnzek2EcLz<}ISvbw$b2K4zjgVxzM)~4_ zTNqy$i+pXy?)l|tIL}j3+{%MrP|O5|`PEuM?>6n~5i0fKuvfgX2hb?GI>kSvOs}d& zGVaik2!0Ing8?Bks8|MgVNFE@ROULraWpIhVoo?iR167>l_x^WK z#YH>7)0%~!14);+gnEBKcytZsi%ne?yY^M4S6!9sq_7#gA%%K4lK{g{M|=NG^ZS4y z2XGV5VI57zX8(VNRmx6NNMnb87c%XtMe%hS#PpjP)eY;NA!E6^Hhdms?(y74X!R~a zM`(x(L0&n}#XVkQ_d6705x0Do6tel(@5YPL;$Tj;i9Ya`P#OBS*=v+AoU{LOg8ju< z{yM=Z@l97}v^rMSMld)@_gvfDaN3PFPZc8z_MY2{8Qu(Bb9ADk?ToOkS4cId7?#T_ zqCvPSsU!dycBwIn&XglKMr z+aI-kx#cl$sQ$H-s}mSEwyXwisqzv*8S6sEJ8>oNwTpjx6#mPo{DZB0*Zb4fE&E2V15qWDaYO+!1U)ZojoHh4FQVeZ|GSso`?)G7N-zT{wK7ud7r)c z#jF@y0*JEf_jfz|H)Z9G25blmM(6HhGEHLz1jTUW;$=o5vZs`}$T~GieF-4X8z|<& zxoW}n0prL%2gH(R}M_W+WUAeCT#lopB$rV*h}5|zN}jbzACs^YYh zC_PqY$@D>D-Mp3BbUVm~sv4GwB1}f$XpA;wUUf`uh2(Gb0h>9Bb_aw018<~lf&4#| z%Ir}tn>pa6aF+0I=*v9^czK)?E|qiq{oP|Dp@PJ+TskHFXN9=$mX*)=j?c0as(|tV zw#Ki~!^{%LNOvbXCl1njxcFWxN|rfws;-2}2l>K69=fR22R!iXGhuyP~)A34rcBwt^JtC-hIDuccobGW>7Q}%0K*W$;j)PkM=#!OKnPbBY=> z=Dl63*RVE{UJ{^{JEni{;(Ub~_`3l!7cl5aXxfa#Q>J{~GiCp_vBHxiMbFP7U;aZ2 zgS0d~>?R7&-Adb=kUK1RG+bL0g-R_xkJCS3(OqWrM~YfM3k}qalNAC?U9t0F(0ZVW z@*g(-*gRVOnqIpwY6iy;=M`U|NYhO{8Qs5EmI8)nQ2$!v7Vw>dH?Sv z2iOx8rY#j0hVm8#)+LYR(sJ+FgQPiepXwBNA zlo~Z^Q6I3b5o6V(sAkIG4W6zB_j9ToZH z-g9T`bq}~P1R8BoP{@!CfjLTgqRxW8o&l!UDAlGA64$4A6TT`D$max0BEbWOHQ4I8 z=wao!6^}=P8k;>>;!pdQVN~DIjf$!vSRZ;71z@~Y1hk#l$c@n~+08L5sSVHSjW4zJ z zA1T~i0?(W=E|>+^d|#Y@@V*BMIxOMQS$4TU^etu{;^rGvdsBbv0HDR>(F%Q%{5zVL zS9f%q`DIR>@Qy-0ldY_7`WHdp6Yd3qPf+Ju0EyEee1IE7qo5ym!2?DZA8sL#D7}`EIAs3!5^v z^FNyc(}vm(BBK#Cds3>cMU3&FEE#bPD-ur!{bi;Lh=MJoT!<8Gn-(inE~yH(!Kx}- zzO6Psfvx^zPG`rz)+fU*=s157_em1?kD^g(;Tni)p~U`9fLm2z&CgZo{6@KeG57k_4> z(sFJ#a+m}s`V}!!++4%A79roh^e43%T$D6NaVv=nAYD;=e-`#4Y5bf)f+H7ek)K?4 z1qHw~0j5gU)V#%WukNCkYLdVY)CG`!SeEAg`A4h9fEDPoPVIJK3tGOdZ`fC?iv!8_b zWBK=ASFv5gO8Yff_PE=rGIPF-C^a=PB0DiC&D}!y#b~h;`tL+FRmVc~VIAHfV8`%k z6`h^BR|GHLc*@zCfV3a&p}`AIAuptq7{jU6qZIPo5_K65`81sJXrWa}uRAX`;w;XVsa+<})ZqH`3$hL#Vjp zABe#p7Tt$g;QjdP6rv1z>hfKaYD$p(okkLF`Vfi;>YRTZ@!0!@2A?tJa-V(${G4%* zZ;M-pCrzt@3ZdMl0=wNv0O!Jv%JYfZIC@%)R_e^b_$q&aias zBOA`AoR6EjHX4|w?o*x`PP3!oOJ?YUn+%%*78%LR29AmL!*Faq7@~Xu_=H-#JB&7I z^f=^~VTvU-R+dK!+N^@<*JWnB`Aue|S3$C3?A&xp+B^KqE?&?~vXTc?#l+>y*K>Juq(KRdFc1a^qH{wZRx_8U~fHNPt`Svvg-%u$c2@E8q*ORrh4Fh~=? zg9D|arXx<|5?)=qh?o=Qcj7+6@ks$m@wgPiTge15K3a2ii^DYZfHue1Q~7>EP^_T3 z=@c$-fPG9~vy2`_C1Nt%SCE0k|7x&~?fg%wVE>#b0#(1k`V~az zC!6Icf?!NY)oE%oF>4!I#&_j%;9KdUX7W7&Zm_;(kz*x$x7wPRCa>emp=~$ieydhl zb@LzdE&pTusN9(S3>ELX)-tl+aHg$}ty=90T8nj}?-PN3l+`-G^beg}k$RRUj`=#- zxxf-zt3nnWb+ss*0Ynd=Vq4QiM^d`)@@7@#>y+6PIu}~0AbH0Sf)A8(W+U@Of55bF z1+(B!vvj|>T4nC9<3}K6goEmAezY5RRw8hmyLQqYe zPp!d4h&AciuU@yqf{h6dBmRVR30EMb60QQ8wJb~6&>Z3gw!)58=vP|!Yqp3GieTl0 ziQxZDfr&m+R;8AEMn)F&!E;49a^EI=IYb|MUCsvWZZ)Pf^lqSkH7+3U7CyuFQo{jB!wa@%(KLkCZ|x29*pGI?sge;IJmLRo71PL6(X)=25!3@%Tat2q+ld&djugrf;x>BJ@{rm90 z1q5DAHt#oPzMaB+Y>oCOrPubO`^I1gabxz^?R<$}eMOuHHD;@(Cu1%4vV{ot=@OLU zvz9CGu^04HFQ7R^>{)kfT2Zq0E#Lep#&OXx1YeSk^s`n=KY5NhvDB?1d108gIL<8z zzSJSG9!UZfk(7WexkxrX1+zQJe^FQxyZrb;9rGAU`sa{ilR$s!kYRM>L3&+QTV^aNl40d4wSUi*RPP4_%NxZn_vmJgI`mXyA*=0PSiSZx)==QdaFQQ7=2f zFHMRm;?krrl)DEJ-4+uvaat#OH!cO+iGO5UnmKLO>*~G6`pRQ%(`~szvI(ImsKMrwqo2(-2X)-W~7)1QY z^T!1?H?uW-AF{mBuT(fuIRb~Uf2Z}{2u-))-bFu02Q>ceM;pJry%kpjb@EPWMp>bx zJSQv9E7LV;@6jXfe6wtm6wO3}`jn8u*{6dzjB@Eyu(8b)ALmp2%DX7(3-zc6N5fva z%>PIzu*idtx{J%Bq2<9{BnDbK&fv!|oKJCGFBd0C5i9nc!SOrMwem54u!a@l0^0`Eg*2w-bmxZA6-b{|BR(Ajh3_QoDkcgUT2d zUDf^j6TJa)_$RIE8$yA8^Vx#sK?CUI9JL^UcJl5!tW#g(N@$}~<|ybf>{W0~{Yi0; z{V{BFu+S)Kos;*U-*@aC&~FogKZWd0U_7)M&-Tb;+~pe#HAlc^v<_d>vy3)%z7QG} zzIPLSPKw0NF>)o#yD`KX)sx+Iw8$fD!)G)**g+~e<-?*HO;nvnyuX>|iC2;DXv1@O zbpsFJNRGi^BOH;6K%k&~JpLuSLlGiTFh0oaAk-}67t6)TaiLb)`1tDR6YeKvjZe>p z()JC)IY8t>)^2=a=R}I4zE>FK(x+fA4o_j6PgyMQ;`bD;0ya2H@^k6xxndYeVtH7p z?406~HT)pH42pV{r}g!Dzmygv|}egcJXk*O6DO5U#5WatBix zJh?3{2q81UyG@)PXw-@a&&ebw7F-fiDBKO8(SF(eG1Sb!EGeR@c#sTWUgTr7v29-0 zZA>t5UjVr$Ued~|trzA!+7f)=va2SOfziMuw*b9VL1UZ&blQuYWK6103M5IZ{|LBC z4I_g^m6&ubjh+8 z2;UdB2z9W*{DN$IG@;KACI=>IseS01QSiWoQ#ynd=Fx>u=`YLRV!Qhn>rc7P=`hdi zF^7+7&jM$wIN6nSe_3&RH&7Sq0Oan0hfFPrDeP_jn)C1X*Q`A=w&u7EwHB~Ytlb8d zbQfkvEFnY!GbLVK#Zrm*UM>5mmt)R;<^4OmY8uIJ+tp?R=T`16Y_4+F2m)PMQ& zC0SlaHNyk81^%xME}k*~I7Ua(>sy^4O8?E1QCBaOHE_CUztr(-?f*MTpFKTVQ&U?* z=1JRQU$5Q%4xKgDVy^|y-SxjzYH5u}Q$@=HhK*haZM!_;{f13$f7@bzTI8KI4j|=6 zVn1NKQ&l&~eb2KQGJT4~J5J8Vvh+30$tv^m`jHFzH!T1iQ-=?KXN^3i4?EGMQ)@1N b5a8qEv&Hr0oDF->=DAhayE(ixV!ZzYn+GPK literal 0 HcmV?d00001 diff --git a/released/assets/rancher-logging/rancher-logging-crd-3.8.201.tgz b/released/assets/rancher-logging/rancher-logging-crd-3.8.201.tgz new file mode 100644 index 0000000000000000000000000000000000000000..03fa848720a38e8fd53c7a6679a80bfad78f18da GIT binary patch literal 24252 zcmd?PQ%_8N_&TPP_LT9ANY_6fm&LXR#!Xm9|Wub3l z^obJ1esm!;MlD%KdS93O>jL}gIWLau6NlvyPtHgM zrHIcD*l%HDb@}TPgkQy3JB(7jQu8oUKwD@xS!^FWBEkXYG<|F#B7DKQw9Iz1qLe}Q z%6uYw9EkP%*y?c8|LSOIVgGnKJeX*b&Eo$0d`qFt?(q8j7$aq!(%JNS+ZDHGlzs9s z`;&V*GO^z&L;92kfFgilk&67fpe&y>FGr&)D`^28S}f(G7{FjPlH;Ka-N5j=lCF#r zraGV-WwAq>pAD`NXk!LZ9q}3KnK$>e%E!Gb1_)NR(`wm{+k^i{XC~wWLV}T82W8Dv z73El=c5wOYi>e_v?CfQ(i|6C< zaAjd=v&Wpy?#90^VXV<(l!)BD9HxXgrHLaz_Ic`S40UUZi%mBt{YTw~}5LZ|!d#T+U&t(@NP zuO5r(kj05|frboS6k%Vj*f6^cxoRiiLToAJ6$FJ(6?%QXj`;SnEZ7NIiG|uwS znwzwbvRa#~T@FPPTe7|{!6!aAFt#WMLz+gu(^3^0G7B@Zs=_m5(>aaTaJ2}xD)0S% zs;|nm1zN6WrIITX*G(HB3eLWks1`Zh`sW{YofMx(zSR*1lI-PFANRbYp#5h}yk9Tx z-Yp^NkG|&|$@i=7p*2Y0ZWEtme0?KldA0ozkn6_70jA_ACuuhbDsi``4Kd+A z?F_jy;z*%Ft^FcXv6m;FI@TwuMDB65D{>!0bvdDQIFp;^54MoQtS!BV0r$>)k$y*@ zEH_3CFQ{4|Ut{FTSW_@Ia{@`^Sd&0!Ph-|{QpGX(GosAAeHJ#zOOivRA;)8N@Nw8g zXrOStLE07n#|R4_R-w{DQlD1|XYeDbhnjGz94zmxJw%5-%n2yDN`WH0IPU?u7pG7! zWF2`bc6qOSzRm#F(edW4oXqTS?%-iCT4bo~@nA&0S-HX<`@JAnNDC8iq(x3fGK+pO zAcJWwFIILU$3Zqex7w5|$TI;ViOXy9YTX$0@_o;}FkZh=B-oc4v1|^NOzp0l+ z-BOrv?;&mrL*UfS6i4w>R8BW)b8p}O9mS#kM_f09>45~>H#s74MY=9Mu^m6WOa|vu zlHDyqDU0g7)Vlm3>)wFtf?lOF)$&Fd{Hn}o1EWK7U8vSAfQ(x&<$R(z-DHJ!JdGHur#Q2H znTeqBcI7YHgW(^O!!>((=o}2!KGV`uZ~Uwol8i?H3HSoJ$taq2? z{X&3bW+egWh|8Vdn_Z}-s|93mhb3+xs&4l?D=8SZ%C7v&a9@HOFBFI@j9?en!bVjZ z;ABIZgqwZE2pNS_@$|kU=_-c#LUe*ftO_#Wqkj$*tk9oGc85y(mlFi{48JvWhGLi0 zUXB~3*QKHaYnO;>E9tp(zXWdgFl*`-E&5P4EJYoEN3v)oqh$DAFsHeJP<&j!Bn7n5 zA0?eC-BfHT4MrJhZ|L$>g)EGDYbkZ<2&RPP?6u@13+<;y^a+ei+C<|xo@UF#1G+gyGyBThW=&AAzMh3z-qgoTSJ)9MA zTF#CBgV^j}8=Za3X)-Qh9!Kv{P)~A(cCc2_8Ob7cexWtwB|rfoxs(L09|u+fHiJe* zSQrNy;)czJmc4uR#uH+;RYWWqgiI>F{IP^yFk~c@47DO+v2_Y{_*zu~!|%nFqAY)i z86lvOA)b+Rl83}vz^`AQF6lVqYksVXZ(!Tn0l zJz_GvqNs?gt*joh$sNgIkD`ftoi3ZNHv3ZM1*I4>YAu-e%vfnW=yyd`xRXr z6=}TjATt5(4$#R|1XpZb%-W=0tSJ)C$DJJO!#3j*`-S9YjIN7e-FTJV#evFoNyz1M z_oQ)byfWL%oFMaV?)A;5tl-FYC*)OM^@dIvwNf=?{_5sfPPCE}NS`jw&$MJ>CeX4i z95gLm!zWtb+OHLqsXt%Tg~#OlT@;^ZUDX~Havv?2QcpwT581`@Uzf3B%|OjfpHGoj zIy_x3pADZ+V@F&1A6G+uQ=OkrG2pmOKyF)Ss_MY)OBLr^Q)PZnT`i}6aGDE_Lvs?_ z4xv9S{ZS$Qbe~jy#w%K@mHL-CZp@N8(5@ahtZN}7&W|}$vKXy6$c$_F>qxrt8OpVu z#j6LxLbzG=Ed~i1rF+}00`}!6{DI*b7SWR?l#5qb+|Ub|9e+7aZR~vT34qeD(J+j#G~;toVecV14k*A~$%a*&eoXE9R_jfagpJ$+NUI2cT+QR8hMMNvtq4wlB-%>jc0 zB&6&Oy(%1MPl<&?@21~dD6hHD=1Xu{QD9@z-_B4aaEKCqEvo?|j8vVVeTY+NF4=%@ zS5g*&Fh1m#-R1)#Xos24zXW4skTy21MtBUdq0z>&35lMhx8bs?Iy>oJ$u$;Ec|neX z&NuW8;YpNclAv?n&?r?Kjz0c=M9g^ZEb%66?{?FGQfzQOHY$Q4>YWOn@n?(2PpH{# zDX}gZ3}_#LKQ@+l5)OFtnLnf3XMx3vhbiMhc|9?tc7L_X*4%(%63pELAW|_%7xYYJ zfhMLNQd8mJ*f2Q&2T-L^wxYZgqsFl_w{2mSAId3wwPYg>s(?$_k_^%sB;*lEvz16`w!dJCL z%UtkbRZ(>y7H`>6LdR5o8m=-xdvr&f5I1~n*Oz7CG$&d0)ynFL9vo|Jq3P<#m=IfV z>~w&!LXd9^Ci6X~aD1|v2t={`{RC%+<#^gvve1fi(-v$KR|fV~bU9HW&OSCg80;r!cFw-a z%YL@|bvA$#DEB1bxR98)R;pNrRZZ*Ot8yIppt|ZnF^wpot|%>W6Y--!WAgy(IoQ81-oi0U4Z1Q2i0pf>qihtk1CB|RDqq0o#-H04TuFNMUz>R zz8Gi29#VSl)UMNO*J*!J{DhPt->j90IdIT=*}>>sECZUp0(NQ2;b*#BcX9qv zB~}(*RQOHBsHq(PDLwz5+&5QqLgH68%GltNIKe7?^z-gm?buG#2%R7>cR8j}0I`yt z-8-Ab_&8eW1gePNS{+o|DRAPHu6kK~isXE4YQ?1_kTBIWL<2L?y!*9y@I(Z?H55#QB;zeXAlu#zFHtpFFb(!y>&?q`MA6SJe%M? z(*^lIPX#qKC2(Z(2&9m3l@Zyb)Xvl60Rpt z6DweNpr;{5FJ2DsRHXoVpSadj)8GW2N+X!|A7gXl)3qxM!y2grlWoEyp8VPcV#w z7SZOGy#eBFc8rx(et>F1l=_{Y;CatSEfvIPyv!B_N@Ewo8fuPFmuL=niLMBfwM`R| zP&5-t!4KW3*{jt7XTT=9T60OmM%aKVyFRAJJTpS#Jdo8H2)-6Y2N1VO+E^i>F}vG4 z3L;Nelw^E3%5DG|Eh=Ze8_nbJe{x_oW_LHb@Y_BaffQ-3t*@N`&X9-7iY$~8H7V%J z&(ZV6BQ79<{kJ6P{}7c|x%6S!q3GYR-VdH|+@guy*=JC^yu7qYR0iYx)fRjm+ zwgxJ6Vh%yDwnM-ty|a5$lOz9^QA6+s@=n;T5-Nuk*PIl{pH4tL6EE9O%rsoIeX+w4Tb4uzY4NDG|S z+9QlIhDQ&FWcq158JYUx1D1VZE5of&F@_btdUh|J{~L)Rutp}nZ)4Fo3SKCdG+rPQ z7uhNsg1Y-@w~5JI7PKWxIkyioH3wc(rPTe@ z0LVnFzJ_q|nACl@5YR-d#KW+^bGF-_;;j9!fvei*5B&X?ErX;VDd=yVhf-EyU3>E$ zG}w)5FjnLX)ZB34*A^lNA!O6h$QZpb1WO$u7O-XPC5Jibffh2~t8jv!8EgSd$#Kxf z#k6f%uG~t!5;2`@B_e{XMGu_@rr9zTXm*F(yydYuSW8e%QTaet4@M~sMD8mSE3)s8 z>?St`BKD6|%~F;QQ%Tv|b1MLh(G`}y$`;%7u7Zj5i{4E!kU=*&AEM> z9W#RBxE}d4u=F6RjA&_#z_VsQcdJuG2zeZgjj;%>$!F-7SnDjfKsotTyn)2>!LA=> z&H6=G<>aZkI5FyRGK==Nc=i|EU_JPB{x9d7x>e4^1OE6zR8+!uErzh+MXFJ9Pc zC2oqCQR}2v{!p5v82F^Vuydw{NTF0wkZGs|J*k*a$EHd7`Z)(i|3LW;Q3OZu9f!T` zh6=}9D^a5j_HG#MGpZK&_|W8{4KO?o(?){S>nF*v%+`43OGP)&fVfzPJ^#7BvAgY5 z1;#+5AUB34N~=1hC;*lNO##Qg*1s)s&ygmnQ3UV=#y$C8JRzGh=oKLdV2mcNNQ3<) z>IE1iFIHzU2%X8RWRwAqbv7A|xqDYNXctX&S;oZ)@;T2Yt5<8d*}$BT1lbyCGLwus zTyqh!%HBGN#Wmj3_it$b#tc}UZ_EILbG#-Hy$e3te)t(2&puEqW(@n0z`QV zi20>>&mW1&I0qx5D9WA>gX8kdpa>eiu=OfCXsk3Vk~p)bU=F`x$0p8%`!xLPbiKQy zT%yy}=p(Es$pMG%zZxXAB`>1RL{Gm>V zPH6Fvhe#g>8V~Bo17X~NpZJZpWDMf}@g{Kgb2;Wk!T1cW>pHVCf`~5f>+8%?Y^Trt zL$Nf5_s8*>=wH)!j9gk{UR1y8z8ZkZvoMk=viMTj{nQ678=29JIAO7ND$J$4fM4XJ z6y0Q~q*yF>wFNGqHwPGGDgdod&Qj=so!@XlIC~W51+N37&y}l7aAk+PnS)R^yQnl~ z4&&w}GiL52#ep*r3%X{XYdCz_YhqVJo?Gw8HYk7)p=1XzKW?rbBZ)NNj&q z8fk_s$TfWafrkC_md}Cn5=wm$;ya9VlMdC%bz*=JF&U}A{&(~8#w|+xcB;2_rocG^i|0Kjr=7DRbbl2qP4VeaCuQq!UJBPoO z)02W5yvOQ=gs!z%n?xEhc5t{VhDV==^P~Dz0cL%=2NR+!$2#jr8#47LA(PG!H)oOt z*~zZI?s=Vw#(kaxDUfpjgZht|v7qF|KWwF!ys!xiO8yP~Sy6f@WW$e8$vqIDEmXf5k-dE8{2>Obf~Jy4#@W`^R_ z!Y<#kz~h{{QJ|QOh>mL_*cWzz=~vZ2SfR#2F>3m^vV)f^i^pAYE4&|{cyJCV>Ox_V za?*Tkk*66E??KZoHx~Jl_W59SdPns0mCH+fjCo11S$se;{@Lab6H^h2l;fdv;D&`Iaij@alLVp|2!+wz7&M{Al(TV#MPSVMms9FCBL^E*%5w+z_}t1Z>^_nZujY-6g6VKogXbb1s;Yt)9d&zwfaL_d3ijd5DuU%IL@8vHO{#4`EI{)d8enhLE5zmF9?p zNK@RnO&26^nE%f!GX?aw73DqL$Z!t8z)C`%9zXAbTqw|ULPrMx#GeeL|Im;9kZ2&G zQUkc=#qDA}{+Cd*>B_Eo^?MhCsrUv~ilAv6xE5 z3+r}#vupRy$J^L=SP~DV0PK$h-Q@S6WO2F!{l^yo|E8VV*TKaaHkHuat>)u=+`)wk zg~u=F(BP+cQ=D-ec_i=FH4zn<*VlN!F8{vDpnEd=$2!IKk#jxc-FDmpei}hJ=0B%W zla&BAUr={4M9^TJlz?9~KM_6*2?`&#{?ENUoY<=lyohEeUOKp9l^-L#=98mqm{&Yc z1wh$>#MX!L{sqJX3mjfM3NLO0o*i(>7;}mT}(-ouGBAxP~gocqVGmzTaw(BX_f_f!*7=9g%e&Yaq~EO zXZSjpIdHxGG5s?2m8o3H&oMCP!Q3o`P+qfBQAkYd3K|4r`k7M;5Dj8RCH9*M18Q2$ z@2@H9<6JJj3<#PXjvUqUfOU;5jp|PqTZ7I^WhdO^ZTPR2$zb4mnQ(Jg8Yc*D7@-UWp(_j}TL{y1OYpe(&SLVY?mdn$S&&E0% zjX7}|IU6TVoxPdJ+*nXz5&7Jd9B^vM?di2&iSg8h6#h<4I5UTvs74X`7sY-tkF_as zC@4j$Arj73j>Q1&a34!KbZ=megxT_y7|8y} z-(K>Rmt^>4d0L(w5pjM=@RBm4X~+vYu0DE-kQhxI9|`qP93?DTmT_p?t(s>QtX{H> z{$Q<4d1Tgvu=rlqP!gup37`s%tHZ5{;m;BjCX4y5u3Q+l0b)cz3aYe@aaI=Dnyl05 zu4BW=PX&Ow_XXu0@nuM55;8+8RyEE#gNdMZX2JuU8m?R=KZSDmt@#lqDDdzkoVScd z22dq3SL-{=>5U9$s9|ge4sGLrfk}|)`5ytuCn14+;Zz~^k?!~AF z!y0G{Ndf0$QDQwMBn7#VBFw*%n)mtkWyLgyvj+kH!;Kr#Nj|jV7C3k0@4H;`4+Uqr zAQM#w0Y{+J|EFez6`7DDfhUr%NcDBq>K2)lE+}VE$Hd_Oo}&cRB9xx z2i2LQu|yPvtg=r8i6J9d!YSQyMeEKrH#*8HfuU|vfGJgRMWd-)6glBt-wvR-#w4lc zYnG0_Ix0Sr&RjCTE#oS*FQbF`(IcU(YSPY4g|7Jm#v2@+rI7Z&PYZOYzs` z-2Fz+L?x9e!AsW={x$1jN3KaX?`A1gL+ohv(@W+QQw1~=rlT0h3oG)H>B$fmmWKLF zeSS{N)s;aWKF&4r1lqMp7W|w#a}V9pAIh=U^NHz{@chAP)OB9CXbrI?>dF=LR}xoPZA&j-T2*at0n(fS|n}uSq$J&$1@rd@f`P zR|Ou*+RR_y+{w(?-w*V`%+v)8b6%q_m1kg(7Rq=3c16tH%E@p)*G@uNa>f7kMM4Bp z7P8xVoP50k;=ukFsS5NzDMz1fHciPhpZbWgCbw|{RZIKAU;Rq{YjaCW%gf~e)Z5j> z#KcG!tuEKsc%o$5!@h^a z?jgRJVTr^Pzjier*G2=BT0@j-juo7zjpN<@S}|>_VRbjlmmw~(R#@^~`Az_}2LV>` zba_nWiagf7fCkbk=E$1IP|xSx$5mIyh0xBf`PA>M$BM0(CLnE!Mb%nrpT%JHzzfG_ zoWD8`xPxz<$DF1?MIxb%&*qY?bq9d*@IlrEuG7QgwQO;QZ=umzI|Y{IZ2t0v$Q8=^ zmiK?Mj;fm&{IC9l$`4x8)pzf&V%=ps)GM|>8_`)ujI|c*${$-*tz%H<1OKDvm=E1W zmK=3%GHFfPpgLEco<=OYw7n33*=LTjZRU*ldfB3+6sSAh-hf&0bNhHa;?3@&U6Q*R zi;CU20xR%wQO?pDaRC&-jsC@gi^`k6r_oEZV>r@`9)9OKjOg>yn3RXbNSpJ_*BQxta+kZ-pdRws6w~;%{cZ{Gp zkRMYqsEXzORB5w=*#VAWQ@$P?L5w(AevfMW#Puy2AO#5_;M0S}AVcFGe9T~fewbS2 zF!63WYa~)avzXjwL?}zDb|RgHhel^e?#LVA<`lUa+1nN|#KKNMbD7m#O!e!|Rk715 zfc#kpqIVMh1_+k)T+HZ7Q}LAiITW!&J!1V`t!aljZRZSXWb9bgNUQ@o_}fb7+Gng6 zi2o63T;3m;S^3MAg!N(RQj+Ma31>vpg-9Mte_bLYQO=tC3f?avcVZLhgRCG+1)Cc6 zbcFp;?$aL8bcI%O@-^>xgx4p%!e8y?jtam49!1Y(0(6b)X$y^8@qAjKTii~O7u~*A z+~PmRC#rk$OGfi85Q-4pV?%!w=hLik-c4GpJe<0lN19p%W0);mg&75g#L3` z98%?Xu&{x_-5%Ww?b=9uYIFi~Dsux;?*?i&cYg}T2ZnGFf)g_rz&-fs(|1OpcgX3B zay$%-R){<~q#~%fA?VTUIE#m9^G7{WX#D?>VbCf3x_=I|VM{TY1SAp+5}>ARGV^bhOpB0G3f65!^s@nyZI-!Cz4k0^LJt(Eagp!*S@}ZdvG0X+9csytc@FA7T%hib0}# zsq+BkpPwjZg;Ebu>(_`<5#nfyyzk4Zk-y&sSG;cZWgANRd7k<5em%bZPT9(y|MI!H zXqu||d@}4l(){w24f03aMkR~*ko;18O9^dV?$e!;FuVd?y=(Dyw(1l`RK-;xFul z4yZ0Z3}SCiO79_kG6o7C)Ek6=MzKYpQ;G zlwKq`Fv?(52+Zu}BZNZuJc>|Ky{Hn1%mC`b1UI0~;fP%bv_y(XRET1R%3inoFhT-m zu7$zKpj9q;<)O$Rl<;aEo$*!-`d`D5$HCzxVme+04m1cTqme&~P~=OwAhb&i+~fP6 z=BiJ^#JZ0m4 znI~vPw1`)N`6I@z5Skt8C>D8~-VCB30p4jRk(O32YG1PQvP*1{pk2hLNyR)cEl&k9 z(LR9xodb0Mxu?NhFLDAEAd`C0H0eOE>=Zt|=y)Iudnq499%oLJ^XL+(Y3-Fyqu%_^ zkc;L4v}A)J094Q6@Q!zS&Wn5?#!lSNixXdVjBFo3REbwxr`A8NW$sLnA4Cn8639{` zr!fvjiWDY+;VgXB8cofQ6d@5a7H`sM*NT(JqctXWfZQVg6aN?NpQyFRDD4 z)-_-sftF`0?9~H(jjBsvhx(3X8$QG%m?n7+h>L%lFD-wG$k}{PDOxI_vwKbZ5}^=Kmtqto+wQ2C z0jfLLCwnux6`YAXr__yQj3){+e%n@H4ydkeR2t|WnOuc<_>frnQ|6dPl6ic!2Ks@n zD_fHDXW~NtxsHO;K)VbLPbBg$`tr~pf9Q`&w5H)=tKqZs2UWp&A5_7Sbos^5tzRv{ z&6f>zgok_BmJ)~PVeh*oA%q1uWSXOVWE#AfT101!uR(%$5lLc)myjcz0!5#dgN+JO z^zQ7dsgPI5QAU6z+QSWXw8e1xKxh)4OR~Eqp@qjSzaNp%1ES#25gxg@VY0Tdo~5~B zVNv0pwfKO0OTXull`pvT!*)`zBgTZZbjSBSA!2Y|P6Y`z-9AwsfP@gRx6ync@=~)M z40VIa3{dH_m_c>J$aWQPcXcAj5QTP1Pze>_McT3C@v1-2+F1^R!wJMABRtIsJmL^2 zk3F69!gxgGt7XSItiB|XZwO`G;|V-~AZQhdwxxV>34mSCB~j2z40S4o`7l2mgh4OE zP^lbhL^_S){W%VWBY!l|(`pjsMEdLy;2yOXvpoz%LX_<3bc$Vdf7S8hbVgF$5?@bn zPDi0KFw_inCVhYElT5Uo2n1@2ROKoX!~MCP)>0@x3O>(3XN4?} zxO9akA~oJqcQXvvaTE#*P7n&UOu{Ri5Zk#w5=*$(JjN|8Kdks536&#azf`nq9wC-P z%-$c)3)1ZPA*Q$57A$#vslJWpqwv*kLeQFolq4(yd7LnF{L<1bhJRGD*9-{%^6^3O5X9m;bVGVXflI-SAB$4EwVe^6- z%#leRKR24%q{FS^&|H3T=z4O5+@877nOuRx4Ia7EA;xV1X;u>M{saRlO%%!Y#bo!Z zk;7^uUjk#b+V1laKyYxjb2m`&Vtqfk6{D&@5h{J^>yz;HgUoImCJZ+aC&GIYzQhDT zmZVulz=@i=(<8!*jgA1P-FSG3MsL6SI9!`1jjrf4(;Vu%Z(YdHtgE3(+He`j40j4i zCGA9J&maobL_NW38#YyU&+t?TJ;7=p-rF5Wl0US&BM8h#4cF=z-Z>YBb)~Ia?9Qsv z&0~b~7@p!~!!p^WG1YOMfeE?`ZnGE5yWU4Hz9@)~-gj{RdQuZfLL0>L6sdv}y;V-< ziJ@Jmo&TgSk4hjD%DEs!lp7F4p#>O8`AUl9y@Ql0!$WzFX0 zy<4FvCG*xs3*qqmc?#tG$elCk16op#>l4fIHcTgP3dh2i=?yTyB5x`ytd%nv!@+ra zj>DJ99rV-rQC8ga>GM5qhpkorrU3Jo_%2$1o;D4C2de^m);rwB&sN)4C;l;*l=5Qc z`A@9s?V>BX*Ke?Njb#jBPV?LFB)?+*{Hcxs8QUC5aQsf!AO6l`bfp_SB71ui|Heyw%4$@Jo+vo<$fpOZ7n- zDr(8;S5@`kgHkbb3jXAXUj-Bv$8UJlDB-7A*2}(RD_;KB4aO*9-H)*6MU56-h;-J1@#rug=BH@pDN$Mo45j?h+Gv%?iYzrPL@%EM|vob2_=m$~x8Cj4! zA1z4|ovaP(?WVXQp;!((&zUU7<^C{zE6_(cBaT5 zj>{)1QCp2TEI&KJDW*dpPF?5DH$f;qzihKUeZQ)81EI~s@P$c51|Uiu9HW<}BC6p~ zr*4FKXJ>Hp$$T?%Y0z17bhctHEzG8TFPd!|XQGphMZ>Z%w0B?%n13&R3i@c0brDOM z2?|3bg4zcSn{qkms3hN=6Deg2Wqa7H5P(`J5uEC_*?yU=q>Yz6_UO8 zwMEVOk!pVmJM(GTrQa2%UgXUS(;4t|%|ks_4-j|-sT-%IT+X*TK1qT>n2QD%{>|Y0-_3q45W~y^k=)zYY(ZYtP)BO(M25vhH zxYNVIuCXh&Z733a&G5d+HHpcl2KAeLG|D5&?wD)zDSWpF z%C<0%sF7L=HXjs7bN^{SJOa$FVWV0}b*gpk2sZ;u!knhaY>0fPy%e4U7x+p@c%RCB z5C9Deu?Fmm5q^|2emphqtR>&+yf{^Pbw{C?LT8jNJ2VVlH6k-pAK4O{8uRd~Op8rK z6%Tr(J{cjEyF#RzY21Ms=UXv1C zW(A1_qyhnZ8F9uI(#IgWHU~1r<(Bk0S|9@SiojA#^tDYvvW?UglwBP%Ol_t_D$MC* ze+ehICYdnhyVoQEi;Wq!XIv0>T4By2!tDwy1nOvPYFd?vBj0jf<&66hECy%9Tr@8+ z5cbjU^(GGyP9Wcf){b}WG?mB;-0Dp(ZjT)OI6c}E;&o^Q0o3>c_*Q=zLTMGRO}VOV zQnU<1ZMHdzHui(76joTC!gYsT3y`#Ek`UL?kndFn@Gfq+|GGTNFibFfH?Rk@G)(_O zb1g@Xhr;skCA2tcwSR{(0~u{Ys6Q<051uA+qa(ywmFPvoT)~cNXt@mi$-h&-PcnfB zy&`r%Oi6L+tNY5+9E10@M;oZ=;M%c**;SoJx1^x`6s?0I;{H=D#qt_SGwFy1ZH-*n zrH7LwRX^zqAY-#DQ~}a;Wz1bo_KR#J->Fa&bMaY>YawakO{VhYS?d9cLokKdr_Um; z(*1|QeWaGd1C*7%62}uw^^yK(PPAp22pxG~zi2LFEjqC!ou!#`!`Y0fz(P)AMUZZx zUY1^~5|?+_7_!ez4pLBG>ug`kVI<2b+wV9EuHjU&B@#4dO6U5{q~Q44+8X7G`Efe3pV z68JexzR$(XvE40zW@M&o5D37Y$h@jpIIh!Ovu&<&n<!c1-uY6!r2ReYqU3q(BUoQ27Qmo{AzrgP{6rY&% z`60hgfsMO90UWj&cD~`zZFz^_e@}GiMLXV)k>XrvPY<|rbYeW%PY;It zJYI$}0Z$J?zbCegz6IMo8sU|K!sV0Z~x9Ek#dg&|6 zsHr9)<|f}(2Ju)FLLp`!OX2h&p3p#iBX75J1b5#>xyI2OE@!hH%&`HhJ5~j>=HE`& zDI8`-QPL)1oNa=kwu?#?-MZRkVa8l#DAl;0IE_!U% z=w>$ENB1u9R0a>KG8XQ72Ey`Zu|2b*sP;!C1QtOb$pO_f7(qrA7AG``Q?kkmg-2yZ z5**Gm_wFcyEPIz2=7F{A_^p4-A_+UHt!6cQW>=#na1swnFd503 zN15l%W)W zh?LLB*oQnv$i&Dg5j{H|HaCu??onZ4(O@FcZsO2y;xKM<>UDAQ91i$&b0hfOkq6rw z<3)oQw)L-ELjULECq-V|Kcb*of%9$ULL9S#El>CWr0`lL zh$V_3j`v$fZLtNAqiQh|b)(~%3XJ#Tg0;@T{x~0m-h4^azSC`}+|&2iu$ZJ)Ul!Qt ztSeXKB&!=pAqY*}w>u-qG(>%&qKtKvJ*CSGM0M9{Ph}Xzve7ZJyC;Y*M`h3WM$Jp% zMGPX7xyQI{MNhWz3aR7$Gn!WaoNw8r2(ra7et2)9X+~qB2us4)LdVbuvp(02>He!7 zk#6D1-gEDVzy)soC|S6`k5wK5KxHna8=yF^7ul9)#_I0j5mK)VhZ)~{QGErP$CX6v z{|^{b>SOARcd|S)(xv6cLnrN@*WyY8jzx&hd3)Grg&}$$uhKrC&iNgHf6xB3&Oy_= zlGxb-g&tm|d(hW~uyEUw*x&EOxh{-B4~e36MlM8_Z1kuPakzU`q(i&ka|hF!g`A&a z);30mR$IEZ9((cB-0K%V1AIhrg$N>UaXX+lDc-=!GiQHVa)6By^7mF!F7rYTsbX03 zNXaosr(tWyR@MKo(AGWLLv48lY|!sjr<>vI#2LA=4i$A4C5~jmM#etxNX_4mof<_r z*RF?a5$qDn%+7TiTeCi)=n8fjaO7*-rT1x|)ZlB&1D>uj1H6bZQx$64CHIQ(U|vO; z0=S64;cFvUMS1db8TkGcE&~SNvQy=SsXX%uOv|~kx?f5t{~7@fNh8|QVM7AqMayE70o#Lc8OMjSLfUn6UAaa(T4kR#aQal@0@>LVN!g|H1 zZbuqeOWonx@H3hCFU1^1#(*KHwc23$0&9TKxO){pV)1miS{xxTa@~6B&yD=W67OXF zTi#EGW@6W+-!6a>et_N+K`qIrt+w}Nbffj%ty+CXD4e~9G|Dc{TK_wifMw~Whdwan zq`(|VtN=s6$Qc)OYfaOW5+oWuLFQDI}#TaAZ9Sj7uQLcDVBPhcr~EZ3*9h)mAg$#^4o2$PAgN zZr@vG=0!y7mt~UR--7gyl^U;sfIytm}hop^|QykFSkD8uUzQSw8+GbMf{$Blkb1 zjb4pYJ*SO09zoKjW{e_8<`Ts{Zmk8B_NL0k855=9lp&5rxE{maDQOGs3n)B27l{wB zPfX5L3Cnd$b12IjWZ>SnD+&M=?MReg^Lz+NUVO|xMIeD)6H|8;z!X6Yqkr0aSs!0d zq(`7UKb3?TkN)2PpuZBaPEph9YkHeGVx03I0eoz_apMRFyiaL&mi|S6(}by%7z5r6 zD0R%`;vYux6yJjEB*?3|q*wLj3xtE^9NnU$8Mw4u)`K~$ zmF=7*TESLs=xtYDa!7*tj{TKNn4;hlNo+JnB`sQ&scId8jI?!**fyo)OI_@`1CG<> zrs_lDCQ-k1QH^a&mR)^OQuA5nu|h{%VaNGPpImb^eS8S^-ZMKtoUQtXvt>UUC}rfV zvZ=eLP2qg&2#=#9Lc1Ov{BTi5*nOq ziW%h(t+W(;s_jvCF{Hoa3tVJ`hTgiiWuB@V9_ruvz>I^pMi&fP1Oz_{h%C_`A(nN!RSJyxj%Snfn4==dc=9Ff2?BN!zms`Pi(*{ zua2qAn@B&{w?ugNYv11G4rX}QdndB21>nsRb6MqTId6L*-PdIonj~fbaFy6CtaE1c z>Q~!)3pY>MNS6uv=AR1N+?hh}7U%Bs2c|W@4|2+zLVbCO0cw-o8n4w%-H%y_GoIdl@=9(Ss%DH_21e+zLv)9bvx99`cZ z;{5LH78VnRhHm2PYMd?ks`#`_LXh``Z|91mk@dSlmJ_wxfl@BWcOg}e$4%SH_*duV zPW34rTFbSoA5#?+%oKq8aWe@ zQTBigp0Dco?*uHiJZCEgwrHp;1F_8lZXyOt_9dUm1J|o;Ht>R8$<~{dDqc z(9#-Eu=PH~IuGOm+G90*q4vr{1xk!kbQMva7l zA2B!o%F~kjgk%t7v1H``B(T225f_sbX+`L<262{um22u3kiDUBDnOs}9G;xUSi%+- zzu81A&|S%v49w;Spb7dbB`9Hm(-6dY8Cbj&^q1q{ee7-?ss=xhy13Ir*B8?8}vBq=U@BkE4RDel%#3A zd)A?3p*#>47T-h+Z||s-J=|wZVX`gJBjh%{e1zh4_F^bnCj7kx@s8sgdElkw$3}62 z3<*@ca;NH&^$I3?5hqb1ns(9Hh1Hb!)0r@^Y_M!ZLrJWF`= zk5Lw%UwG%MiE_G)UzW;E5V1n^})jY$$hZd z-24+P^GRqH8TvCHsu;(=LFklKMRBik*$W>Sa)82_3%*pbG7sg}X%+XqhSjL=&12!R z9sd`|@}1RzwU`U(wF`wJJH3|$Q#-ce7KII`Uxn~L?Ve2y0ZA_w_E9_)m8qL;&i!vB zw%TX2W}B~FpH=;ffQJyT>0qx1a(i~(z=s6^(S*Wn3hq%#|A1(&9O}$?0B>fw^Z$v& zR!?d2wrBs0>|RZur)QmV+0QKHbKw|+Bx^r=Me+HS&CH3LpCuy$UI|gEoJ3pzn=oU# zunfuPSk7FzN|3Wy$(}k-W)L3R%BB3m`_(Mmsy>A%opfT(`grpyRL{&#cAA2Y2oraAO_r24wg7DwcKR{OStZriC$6LZokzqsZO_#T2;gCWuO|!-_>g$Y> zOP0`e{RvqF)g*I^UD^!$^bwY|Z#84Tq6auc(ZDqnw!ts7oE)zNY@uUhrQ;+rfwQ$Z zEgNVVFhjkXge=+V(9F7B1#}6vQJe-Y+6li?`OLZENlLjms{`PUqPp=X@r%bR9kenT zA$8;N@3OQJ?g;F?g`I#40=SL+i)5p(cTNxwh6N4`F^~_lG41VXTm*cASmmA7bBCPn zAw}v?-3m?+6-{IYYpetne8~Xs*U@l3o1+bRY+J0@J+6>2P=srYB8wGeN#lXyf3md< z3^M&CI+L$DS<2xpP9}hQq@=y^{fs(1p}Tw`?ei<7mJm@hrZgWlu3g}#mp09CNdK+YnhT{{v9`lQ(Xl9i2xV&Mv2 ze_mY2D=#-U9GI3hnM%Ar&I!e+U@xlqjX=H7JyZt4z-c5wkP}(5yUhChG%cIe(b8H7eU7Fg&+qlD7SsVqIq&6Q34g#Jm)ACe{1gv;7*CXE2< zqioSYqr^Hqo+?B}`a*n#bUA1ALT~O!GW3*sYG+H1vS6I3P{j+>(a#74&oT+d%WyXB z2X=mZZr?komrZi2i8305fY?MmKjkMQ?Yfk!G*vav8RchgXbSjzDqLwJ?C}!jHKsGM zE{yo7I?Wv)vo14CYHjaJ98!@W7Ub;n@q~sKgLz{qp_xIq#&NA zSrr7paoy0|byFjVggPQXIq32D{+h0c!5%NxBp2>I zZTaevU5A1UnjX~yB!JV?PmQ}|WuTJ)mt+v^xuQZXWSeJ6+QoDwOpbFppjIH*5b0dD z53QaTd}AY<#w3KxlP-it=dMuyj=J{fyZ`XlB7V{`nP}gYw_GAcas1_*4huNj*{VqBlE+{(W<*vqk505t=v!N23QNrWR zukhH94{!ixl<;`--FpXkyqW(PpK07!>K6y8gZ$vSuBGn_V!@7rH0rp9aY4IbQR zI(Z}4RZf~jmM6rmWP#yjuX7IkN4~-dtYw1uy?j*|h7+000HfvXTGIw;i#!u1#=MmP z(+kp{m4;Z7p~VHOv&-f00EV)vNrL{I3Z{>RuH77&ai;`4&MgK6@D1z=XHWKM`3D#7 zpJ3qVFLzkp#B*6UMuKPik-p@zR+^oxmnDkVq%RHLVGd7qs3bBG6VZ@k zT%=|dEe_q7PNy{LcB#eh57{H9#zQ|i!6)pS0Mnx?ngV5vP8j z^x%u_!fzj9bV>=f8Gb&rpd&(FS=DcbN6h1C?MXEZpXe5P6# zDFcr@RALCMi&$C{#V*F0KWMZgW?GvU)UPKry3;oma9{ix@I{bPqe{s=4&?|V3@~13 zeh2nmggvQ@>(xy%FaDejT*qW~{hHAz9HjPr5W`OEZV|*13&0pa@3={4J6Fq5U8c zF;C_En$MPp#NM@orOGw0{y- ziTXOIvip>6Uhu0BCy(b(wuPc7_8YiQX!}&E{-`_#H7%3_#azB%Vm*rPR9Mvx*g3iQPV- zCpbY}_m@<-l>V2(!j%?I&}JbfZSbjJOl3<`AlBW+j1nN6=KxY6P0rNl=rJTN2UzIy8j3ZltxKItEo80er&QSZr3)5^C(`$+nc{k)5wdVssvmYy@-sgP0CjuE z6xy4wBZDk_GI&(U1Bc=WrNlg0_oj=vpAQ4|Tm{twEfib9Upwj_;JaiU%wTIaSO7Kg5#{biIAeV^eQM+pRGvbL)6r$1-M}~(+fuU--|A5zgGtKtu`Q?uk{uv+fu7 zCgVrM7r^VOGoa6BCcQ6}dSiTg&j8c_v-jg=I$c8%o~QmE%)pWGkUmfloL_BE3{8S; zi?49R_$X>ae94O?HRP_eUNV^WG2jrqKtEt!c3-~Kd;HU}XRILL9>CI2;-#x7(MA2s zVT}b_t^OFZE7BQMyL_R0QXK&awWK;kYC4w`3nc%05`lrp#)r^w7miL9SiOc<>Lfw|Kd{)65VaF`8-KU8u z!pG7+Fdxen*L;t|V_5qeKE{Z)@N}lE*Fg2+VrFX}HPU*?>kd4VKnNovEqDNw!^`M$ z!BrBGNdH-cJghLFlr-vh1kL(YGo73x`Pbh^w6z#RUl~#BKS88Dq8Y{`yd;na3G)_? zOda43K_|Rqi-UiOk|)j{uu7}lv8{bxGNJ7@#h0>hS}2W_mq0xpcM;C#L4vl;Ype@z zWa?RP=yXRxyA|sdMRjXNtfiGow-oD;YGjXybl z&K84AM+i);(UQqG7~G3zH+WozK4u)PNb>MGE0R>6qlt*KH0+4R>LBN_XL*kw%4OD# zjV8zlnR?PP!CET(=?4wB_&njH-e;&PvS|$gJOD3>1?Bqhw8a9(Au>{{mRqbkLQ{1AvA9D+xd<25c8GqJ9gxf{aDWEr|@a zM}gy3D*M`CeYy){Kh!2=t$7Dgp;31I)^9x7Prl`Rp=UfHAc8+ICiiT0J3xjVa!oY$P2h~6EU)_ns=yGe$g%KaJbz=Q8&ejOgZqE|cY!m9#V9Sk?sXkSD`B!;7|xVIY!x8XU$Mqy~GT3;NUNDYSSv?NUTe!GN&W zBcQs@)bXng!#q(Mt&mH4alxE8X=2pL-uC*V$-4gLdI1_3UWFw$_kMIB2ts=OkzQj} zXWUa(wHRBDZ#Y3^jzS{sXVK|+hZ&QwEd0+}coQNvE(BF0({$r_qz^x|@jTg!mROd> z4-*yI+A_tBm)&*RM$*q0Lz4QV%DNHLZ{=TtEw@K5=E zRMkzFFg$|3e&#_H@$h`eSdl;l^NZwo`l|lIp0v58j#bHo`&P`Y@#p?)&-yZr&PVph zM4Y_{p@*SQeBCju>7~?avMUYsI3p_ysDS71`)KcjK?yC-0?b>HeJuj~LWmbaNAOEanF!^u~}9!7Y>r50FVr>%$L z4=2Wy^7$7Bm76HW*{kbMS7Cjan>X#Hh9e{0o#cW{? z=9`;Fw=m}uJ2IV{p+!;Ql6}dd&7^+zg;&@Y4WuTO5oAa*H&_<-0Z22nsqww`&)%wj zCta&yaB06Ab-kjkr4}kIM@0^p5%YvS2zGirZ?BqMaa7XGYBhlE*|2JUEvws7Vb!o% zKqn*XilntM2Hn2j1Wi^?MIo6IhP4#>03~nY9ik4u8L4bU4cIF?dcD7Fw4-t$4^Vbe~+J> znzh(#T3A(2hg+ZO-yUqo$ZuN}3E0739bSjsH(pLoPFMTGb@rWJM?072KRUfHcUF)0 z^#z(e&Xz9SxaGq$(yq=$$^okKcC_a%yv?I1H`zu(NR@gd`&XTh;jBtIm6OwF*k#1U sa8jYo<2;a63!qx_Nl@&NhzA`B38|Y7@0J^0RDU~^`7{_o2_50T0B?BiQvd(} literal 0 HcmV?d00001 diff --git a/released/assets/rancher-logging/rancher-logging-crd-3.9.000.tgz b/released/assets/rancher-logging/rancher-logging-crd-3.9.000.tgz new file mode 100755 index 0000000000000000000000000000000000000000..cea0bf7ab2883cb11bd7fad22d79654215a76c17 GIT binary patch literal 26805 zcmb??b8uzd*Jf;VY$qMtPRBNGY<0T!u~Bm6O$gS(U*^iPc;~iIYuERh3Of z?WcvlwUMi`f(@^@@lPwDvvVIb(Jk`6K*t`^}BTYci_=5ezDS8XJgId^?o$vV8ZTGvN9xRFG8x_Rl)v{wC&r=BpD|8 z0!YbXzc_Vlq?L$@kDK<}a5DM_%X82U>rz1CRSV{a3nAC59^PCmJyui~t(G%AfvBx? zxmp`ir(d;T>0rpEB?l9683m!WCTB6r{-fzA9Rkhx`MJOFL+rOp6*VH47X`FC} zZlP?yf1W#UZg{x2eCmGepH_BezklMMpS--h7{OkPcC~}fzfX27z0W(fUOk+maeUm* z%NCtDUKiBME?#z>EW}-bmiZ&UZxnT3hj4G$#gK>PQ%IJlO)L5~Z~S(vwp6RK@GtAS zb8V^mR*Kus?68La^S#P6LrruXkfLp!)162rpKf)&e;8$GY^+&6NRgjax zrtasdzR_a8cl+mkV&j^XE(U$sZbd!4%W)s=T`%80IVkz@3r&FOhuG&7L(V0^Cic^S zq$RYLE0=kgjzrNp&N`Lz#v;8{JBZSeW3~5HQEB6#H#XPlLH%*_?Z8oktG3I6(eEX1 z)C;}b@TJdBx6cLE%fuFn0XaUJhe*ZEd++$3mQMcneN+8FSC$%9tqiZ64@l~{g7~$x zHwP8eaA4R2^p9dE$<1N{@S%|ox&^HjYhJ73R;-U2eu0t;oAZ${RE`Kwz`|nx=lf-8 zPSd`kGVePa{|Ut0qmB2=d+Ospx&_}`^(laT9k_AuXl2@( zMJi2JfS-aKSSbTWfJakc&a?1AyA|!}CFme`HFsT=Js8E4ZDrqh&HG zOp*`$8hb|}@9D3Vg_?TJ1)CX7Iz#zLVg7k1Ab86rJ71{=zd+2DU9a#Q8PB=BX5s); zk521+l=mLLk_5n;Sl5NJgOor?22&gApVuhpO$Lr6-U-@7+A+bJDcjz3wp;l$U>#-! zANwBOv5ZU<)}sZ+VYP4T+&}UbKr~?u@qPu~Ixk!t17WQ3#KPTGtH>Y!tWX6mtuurv z^Rw6}6DuMsBI7cI%zs_=gdUHcy07aer*B@V^FUdt&hY!LPZx=3XZYk7iF57V;AZ

    kA^G>T24k3 zWhdlWJ-BcxkqERfo+VN6I}kB=&}3_~oFQAtbhDz>Ka>w`Idm9NbguxUGlds zhb6?NXm7tkNo5h@%qc_K7Np<08A<&HPjq9o^;(Y zVmLwpdAQkKk!LeY2xk(6EY4d|pILBFplH~G1PL~;g)UvV0cJT{mkY^~%jp{uW(?H@ z$0 z3OqY+p|#<-ulZ!NeR()g_L1$s-cd1y2?7rqF0%k45z?D0+}sJ zrdtbK6#X3?&7YOIb_|P=W@yu6T-8j^N`EFN&TS3MJaKvB0yt3U;#DUxd_+a?N4}2JgNb2Kqt(7 z(d|QB81I*2o16Yp3+_iE&@Yc zT`2_(JI8=%h!5sO6mV))cI0$5tnYdd=TdN7=DJ7^9mfUeGw@4&=hUFgX9Z=~_GvfP zkoOU0?l^GAkQo7X+Dh`Dl@@z*McKC52r7F(PQT6?sW>V})zhJ@Kq!jQ2>86B!01}C zNHDyZ2^0v=G_=&8_s7qT!n^Xmwu3vkf>xSD|U8i zn}8_n(t1lU!J>Z?f{+Np^p&Y~qJwToBSQZX24K=UgQ%OVuIhy7S(oz{GtG)_`_rqE z;_uy(oGQV(0*G4SOCIMn)Y4yd!n*B@#{PTVY`<8aJ8k zRk>mhY2Ey;<|AS)5U1FLs~PTjlAYhmO%6}It=#+P(E}jtS1TQ7WNF z-2o}FPu)as;!3dy-n~q@st7}myCxcqeMmh=Gf~|EAN*hGj z6k2NXf$Q(GFzckbR0@DgBfQ?P+7?6#2pSHPCO_i>m%;E8idK+ef`cCr#ow=T%DGSqAIy%&oTznB;r9t@6*(bafseA;}Z7jOdskjG)-ciU;pfh^~RUd#p69# zEfkusIqtQVOjusTZ(W1Qi2IR>ztnujSPdihaR-pMF4J~?QsO^5t&UpRtz2(pX_RlL zOEVADggC9+#=-o&X&P#y$+nY!zZu#JU^4f9QTojEe6RiJ%vS{^TlxY9AN*>dRLY%~ zkhAaCz4M=`N}qO1y4NsK-7k@q9q$+P-mcGeAG^989oa9Dlhb_9FOlxV9vd)GLY2Bk z@IyanPd~j>!R?>M)gbNPltC>$HJ}wQ^^4JsqUB*@HkUgktkWrIZGTlH1?=6cwCc#M zrWh!CHCxR`lxtEZuVPneo<9bJg#>^CY~T%|PdAz$a~mx0=~!KqYF zT5!eyDf9%gOCJVaNn0U_tqZBq!1tdKTw$@&SL2 zpkma1&SRe@U@ruz%LW$}$`h^dbf@q#d2+{18m|-WJ+g)D{9$4i)BSLUr43t^@m=Z5 z5*(d1Q~~wTyhBGI!nQr|>GsS;E8^?7Z?w5{8yBSX%8kX>TU_ZX=f`I3u!BfS*_3JSp!4*wN9Q^ZObrB&2nM#J!@*MkktGoi;=br?3(~E%{Tvs3Ggc7V zk_3L`v!tyO$P;O%jEF23lz#v7~FOvuU zJL5Pvfbm~!#Zc&+wWRT+Wf<%Yfiq2aEtk_RmjRI*DPSH6VkikZZ%c2O3_P6P1ipa% zgT}#3xT8-n7^0H~JB-gjkNL2{n@01^rBHax$xQgD@8^G=N%thq4@jb~9upw3CrglE zc^aP8yNh1fYhi@Q-qjiS;oxoXr|3~dg%R92I|kvpQp2y_14X)!b(9re`E-43(cfCz zCgp+eivCn)+*w=P)TW(3!DrK=)!e1|_M>Cp>GXXXrasy*W(+neR$fSubdbFx68WP< z(WY$I2}gVc86xN*4H;Df^(}Iti%;izSc(Ywk{R+LTU9K$YsPfeITHBFqhi}rK`r50 zv}*M>DHSY9-_ ztnuhXn2aqaJNLnLM*ixMIbc6jnb=w+PIS$p1qnX=;a+-e#Gd^$$nXqMFB~Q57 zQC(%|HML}%Krk|e0tlI8mN2w=Y=JQJ(y&4fm}J~<-0{P73ZhxP%iVFGL=XGJ``J;r z$;-n=&}&FU^^G?>pD)XJHFD1-t6k0Zb>-b1?&JgHecmw^CXOC%xyMzVYs&YBm zqoiur7y8!!nKAEeLgn!k%zAO>BVx8+>h^@@eFmq4>V>kTBb^OlE&nBGg%CRO;7my- z9cuulYJVtDP20E{wFz%OxLh+O9rG$K*=)uYp_Fy7tO7#J0WP??r2<9SLeoUzwF)-$Q%K^7-^>ubn zz=64_rG3$%FEjee?DxW1FzE&2GPQ+m(V5&ZX}POw90M8Tek6`9rS_tOc(X&6)X+ zPCKU8ch~Ioap{1U{C*VbQs)R`A8Y3hX*#A0uCQAk4=VM(A$PWoBMBHA91W{;CvkuSXh5!Qiv>E zhjA!+BDt0*!CQCVIm7IN;irTlPOZQ_*E$+k0C5hOf#A@0=jMcC6eSi${50`girpR9 zUyEFWZZw{-HRkq2go`~KF8M~W{-BQs87`bHTT$v9i>M|xPu~WydUf+g4GVeSR~Y%w zAHH1}W+^!Z4MDAnc6w)Lvg$Y$cS1Wk$I|VND%qULOa)^v?UO?|$YG@zMFP&5(Jdck zID<<$6zz*kj{mgehfDd)OV-J6?fPhgN!D#T;8m0_&y9Y;!I~)*7%<nb#m8NQGoUv$Q ziGgUP@IXAo8ha1WsjZ}rHRz&X2hq>w;v4cRaO*V~mnZ1~gQpIqE1Ym21empSw$^Qv z(TSGjWndPqkkv5D@!ryBsg1M(iUN*4frys|xbB!wn zOpVO*ThR_SjeTnB8?4J3L&gvFE&zSD;Z;-R)D#20kWlC|Jl-Sz9loR+!%?_X7^?Po zk?G1*kZA4iPAzN^p1sf!4hSg9>7?CM0IQXsCyDBN9#S}dJ$<4m65?0otB3JW7;|$- zQGB{Zsx0tiVA+|M!=64;c(pf2y`I7g8h1+2!_)CS-4JAcRx)zvojgQ1eYcsZ=@wnm zY%5!$C~8v=>CLR`J=ri)v=JUAtF2%cH}zjQtM+(oMCB9D*1Z;^@Q5-yirMyar`vC^ zYPSeWddTdyYgqsR-S1)%1z;wben&wcXCt@M`@AsBaNB9`5Pc1BsVw{l2{@{6a5Iz+ z1g$a>$Yi3mEMrH4;@Z*WaP4T#{)-6?54A|GWY}`pchocfO`9UF3G(ga#4f#nos{Dw zSJFL!Aduk^EM}*Vq-eW^6CD3m)A+!huIn#ld zT;qXW&Ig6bI0{>`Anb1z@0Z5PlDuVz`!hP6Aw`)^kw0s<+Vf5^4lx&dHQnq7shjY& zH57m}F0s!;Jh$c2kC*A@ttxLGbxD+@+{cVbBp#?uJQ0C4@goBqDER%@ut~;_>$Sk+2Bo#952IIvAR50{AfCUq@ z-mORgF6T#1cbb?1l2somXgE|{66y37xtw3LSkH3!gW|znr29om3Dm4M|N8xZjQ2|3 zaYg3E%fF`3>)~+K@!hx`l0OK(#KJ)~??j&ZT0Y4~(@9Z^alJrB&D}ST$u2%=;k5n&LMNn)I*_a}Zn(#Yyxbc+qo{%MQ<4^D#!Rpg7j6%}@y3z{Y~L=zS& zJSWj}h#T@7I4G}EgrbObO=f@VSbi-H zqTb_i@@VIVRSZ&znV=`Mx}y_2|1O4U|A*+WNve~GC4uAYiTcM#zn?k&!ODZqR`LGi zX+G&jp!%m~quW9J&}UiWh{gkSh}pFu9pC+Q}09;i+eP1Nw+0-2bb0W$O^?dcLT7zQp0y4K8>>JSlK+jAa zB$L~i5WWfo#O5cI{WL00xBhxuPwg?qRs!PPeL6pWO>45*M!lqZAEWM${F?l2*3#@X zd$KdqXbAp{dizUt30$X~=?g-HQ}cg+7}kq_U8IoLh`8|M_p)oVap2vNfdsBi4pKex z;O)O?j&AfiLaTd}79%dlxdbU6sqyAtcSg9TYX|%_RSxrx%HQ!CdQ2I>!J_rSQ|TGj&sDK>@$TkzdEV!)>ux_yYBnO?8$DJ!M#P7&Xh^+v~=G>N|%?WakzNa7BI`h4Y3FY zjAj>{YNf^guJ63?>W?Yl&Kzs~Da#FaGPG@)1Eo9#Xxs|5GxgM~x~%S%Y@oN-oBjm) zIx^idWhHZ|lKJ_nmcr;NHztZi&>hT0S!d#wQUO7)CS-Is9G|tFm)w$o=WzK{XsHNi zfTGQZ__K0ecPxY)HjnvLUU#8P3X99kmV_TUyw{0oqzN)r1*S^fodb}o&&u?Mrj_&} z_<<7+tg<}o3w=4Z=bma?SB1`RDfXC09&59&+Bdh`Kqvr98y0-JWl|C8-eKWl zx#f!NJyxufn^E``M}}`u+Ex7z#gRKDOfqrkZ-9a0#Kck>!h6{$34duSBSoTE82mtK zs^Zx1u`tQXLwSPVR#$>m6Th!6Ju#%Bblc|CgS z0?_JTn*IATOo1nGFLPy>_0rKzlDh5?7XHzP>qy~UF2y=BHF2DOjiz?uEgSf#9Q(?h zgYAEiBsT{iOKgH5@a>=wSaxxbQr7eU;lat@f2itFDz|aRa=XcehP=m37zy7#to@bc za^$rEdUBlt)hVQI^d8QJ$f)-hu?fO0y~g@-gWmAiIGNz$R&x<6894qYfDU47x-@NqO>eCZdhR~ zW-mjIwHIo7)MRiLZ3-JdMY;BUzgM()_*p&+fr%&_@bq?=vfOqOfisWs=TfDr4+*RW zKU3Q?jo<#KJMF>Vg$F)^WO?)tEY~nTE(!)j*hA7Y6?tJ*~=q7Knu%J}jRcdC+j{ zvEkF6zb`6j(Z6y-V64b^Ass5lQow=kn;h4Au`~KZDk+M5GXC&Lxs|1!s8o`sSfvI0 zrR6g`lUD}^>?1Hf|4QHWG^guU@#H_6X*!`vtS$hvx_CCFdErV@(C{ zGaYC+{o0nl*L|ziLydgm%N<)TjEI}3MVrp|mcs*~A%X~j0ow0mkVa~O6^l!yS+Bxy2?g}`7I&G4|O+h6+& z79x~gTEP4qY0Zx=UwJ1d%_sS;#Fkt$94AxolgaoiIZ7`Zjr{BS0yG%kFYj`2)kE7- z6ubE3B2jNFh_PFW)RcykUL9&JR*>ibK{%q)6fyVtm&1f5$0HWX@Ln zvFM%%&3_Ht&>1~RJ=xlY^3Rjbio1e={RsE)Lj6yEVEY%HNVRxOzP?o`k#WYZ=ue_& z0{lkWI2!6@xkm#Xwy+DCLT3h76|o)QYA0mGg1==G1@Q(mr$Hy5{3+)v3zLss@Mg`v zp1l{;ik8yEl>?htb*Ze2L2&;rIAz;9KX9*yFcn^QS2lt7@aWupV+Nwp#L;GM@{jsT zdB~EbI(tSC*uzpq+%m35^sYR&Gb8Mx+}b98aK^?iD>Rh~LdSb8T@ec2OVxW`c1x2h z%46blmVG50FYerhFZSz)3EYZLEJ_k7)rK1uz9tAUrACEdcNMG=i#{%hk`P~0#hW^5 zA7Z&t4y%|#GFOd^?x;fJ8QkI77#`ZMsp1hYE$ED}OZKA;lYD-KJxeT6MyN^-gt5Qs zakUJI@1_PFuJj>@Km|5?K&B?<&G`%3U0oCsuhX~Mx()E#L>VRbEb-zA}ogyA!k1+<&8{9xN(-3C*+4F zM4cLnA%`X&Q1@;dYR7Ghey04;xG2|JMmYt02iJ2WvqJCLXjD>W_QB2_eWozc_Ige1 z^csBV4N;Oa69bs8%+y1aC={o$Hhg1@fi1l}%(qlYD2Fa;=Cc_3<#s+h8K8TA+)z+o z5t~85vb;JZD5k3OpW36k@q2KkxiJOO^k#CwZZRXuCz6B9>iOXeh|%D4n~8|jm6EgC*Rc0UlGY}<_o7bqJ!6+Wh3=Ct#V~+ ztO-Zv;GcwDUHncUdMPtp<<2WVsuq-zFTu>Q+`BjSGB(}dr_+l*!IY6M#^>v&R(LR7 z>E@%~@yFA=*fN~jKKfYwTbv~YRBtDYih%@wo8|X=Yg?4udS`EnTqwUfNJH1Ya%ltVd==*6W zo|Y}_yre5@hEBi0pIKD5`Rgz*R571`cF&XW1gmya#LxSWMcoZ2dy{K}r6+obj+Mwp z5KU~xydYYynlEY4=HZb0=Rbm&xGzDB+lX%=7pH#wq38R|0yTrb4uQ*wf|^a_=UrU6 zb(nSPqQ9vOM9}*pX2lu;$V(!=yld=ZTE*I9Gps# z40SWshtqsI+|;ji?|-oM$zbm&LueL35K6+2n`Xoj}!r1vde5ndjr?IXaue9q2PM9MkRy zCskJf3l-T_O9lheMt%SPDQgBVq3d~y2x`3KxL4dWgA@`{hxZ4 zj-mP%LZ9rF%CpUPRc$HGY4mwBb z{?ydKK(_u_;un9TdBEthmcz*srv1x|@$|s%@&}ITj2}{SaaX0uoEINU&NR)|zXVNu z+nQ6!$;$70H@j^kUla1rVoQ7K^_7K6I~=5u<@UXgRd^#&^lXV07AB)a9@9pnV>>E_~La-=4j08}x&s)8YU2P~-dq5uA(cH!T!d{YL%AU4&VkcoBuc8a=21) z!=Y>|b7vuKuWUBydc}z8>O@j~&}Gyy6+NSA8=rXYt&X^Ieo@r*|5uF)EtbviylVd!w*Czx~!SVM17T`!^sR1yL%`Im=jTneP90G!j&L!?hddDy`} zCwOOKBH^6lT}e&uhD$Eh`|o5eKS{b@#gzc;ud=T?J=7I`(5n`98-ql>Al9*9%$DEb z55dB-8(@*q%1~IHyZ%|!nb5`Gp>$XSgMajFD9K6`>5+ebreey5s63WeuOgk|JL-b= zMs6+)x<)%o?_I8OAaxuz=ASSgaIuYp@69GfzYF%^R&obLn+tb`Ql@f+!OpZpvUZMz0} z1A1raogJC_p{?}0chQeIN{F)f#)qD1B@m*}>3cRrj94xq(J1uY)@!1iU8z*(8TyFLlG)EGegTB&Hz>j@=&{{<-$;#;)AxM8125G z^va1mn66?fnVNN6`seRL^@ zV9y6OlrujX{yO01#Wvn#dy}^4*kFpX$di~hK%&xD2!^1cmX{GH*V0zg%+!cR-3RWQ zZpkBch%}M|E4sKh#J&4`0=Mnxc_$2wJ!no`&;F9dnGz!H`Z}liH|WBZ90>;uqa_ZT zfCxBWL}_I!F3&8SiTvbWU`BWHMUG?(#G9vI%nC{wkQ+}@6~=F$02}}z;JnPg?^J4kx87@hrn}WTJ!`hvGW1sgBze*MXGWscg2HupRe>?QOUL2;$nn3nXq(7 zjNt}DZGZQg;uR`}%rS6Lj3F%Yc89WHTCh+6nUaP(OfCwQ>8ZvGLX>l=kk46jfL6aw zjH)(>w)SaHPFdm_)=K@JV36NXN&w=Nzr*eMgkHDPL-F%^esNRrebCfA)B1f76iHN4 zKqrf0XR=rKwUcK-1ozWT72A$~%0~jfgk%I1szP7~XIW#h_MX0pi#SnnGn~4bT;Mf# z`u8vU&S)QEE7H45K&IpamqL8-6%Kwx9f|L4Vb~h zSHdXyNr|qaTJQ7HQij3(^5BdZv&Pe9=Gp7z1gz?qPO}vqcLxBuFH$8|3!qdZY00 z+%hk+1A$;w3TdZw*(xQiqV-&Q)Jka;$Fhz}>Y^$f z0&V+;-ClH12+7f$)LcGrV*8;85_N`jG#GaIi>6jjKn$Tcx%DfYFVdVLy3 z`&&{W$N>c?r-j}^yHpB#)VxRnS5l+dF_pd!|FXq)*hP(UZy91jHvYlmuj9~uBUZ-N zL{t^V%Gl6JViDu96QUnhW6M++ZGm!YsOAf6M$OdVm{M%RLjYg7#-F+%4z46TF-b~8 zF4vlGc^1QzxiXb0X#o+%8EJl)7zpUMLlG*Y{ro9%3TGy5dc$CQrwW7}8<|L0zr+s1Ov0kt4}|$f z&)@njNr}plAAvTbmZRFhnTsXI-Z{D|6$z~kmWQ@b`Gzj0FrwlpJTO90YtJVN1iSP` z`_KLPP)wlP!(w&2a^{9Hb{O$x7QHdlr&MbCT-%GvyYgcBsn?0rd;7Azqs~yjT(4#E z<%Zc8FU_t=;mi-U`XilD4z8=RQ7?=`4trZWr2glR=6TLuC`SB_3u5q0fBp=RhbjdX8)3SK`XBn3eTt8&5P`xhLi_LCd6%Mu9#|XG2HO=OKM4< ztKA17Z81_;u4C73($X(c`-pRDZNhPV8dPS{FGY9m%MfNcU7`p3LpgKDwhu%g#ORTm-J*M!Lvb&3jLLs>wt9(*;lt7Le{8uV z1?zI&HVJjwHZ`>W!A;`Xt)oA7$j#s2dBYnGLS9d*cHet(A=S-0-o5L3mp&&59ia#o z1Y72d3RmV)ye6i7zRLV{Ws2`Js@5;fdBpFqv6$zF#|v?09>6<>!JQ}n(qixH@IZ6) zWrRr5-^-#Wyxw?@&ro_v(|KP&j?WB9($gItl(&2xoMx6KOc7aTmJO@&YQ3eo+^-G? zp$3N$1IV?NNrO$ll{&RU+-{inPWlPL^qK1is_B-wG{?H#<^*uz?xMXPx%b(_?oTx6 zkN{y9ZBO8wheA{%j-*29S0i4vCY(EPSe!B6C3|>(+vr94b+jlC{b^6~or{I~<9DW^ zf)`ZY(f9M*JRt%MV`$j6NZg~RDV`|I&{HWI>qDA(O%2Mh==+7%amG-VzWzXyAhb@Y zVUc%O;&Qzn%8^pt_%Qsj5BZKl7tG3rUY;CXUVHpi2;XL!YS__HV%cuxF3CO6w)~!)!Y6i$Z7}dA`RRuI3E6wh!;RZ``y*$vwrg6U%N5unl{Q7UeT( zs6tLVg>gb~LylakJKV`G&TzT5vQgVP+KjBK2Bv+t!UUo})Q6Tu?k2a+#YQOq_dwj% z9%$W_xG$0z|HiN_aHcD71y?J?LVWo8(Ft7C2lO>JDg(w?f7(l&@Mdy=3)Exg+c($G z4Xlq>ai;PVz6Q`Y2Cp1ty>xjVkIh7){@*(8P*MQL&^i#GiX zFV8lY4Dx_z*^i(V!Pzv|_1N7<=U83Vhw;zp>g%7Uc=V$Y-#~{ub_k*t4K`lA_c~$s zrM`c$=1Z{V8I`1Af8SY*0kdD0AK?d0)~h?ObpCi_-mzHXx>T{FLwh)p)hzN&hDFq}y;!~gUy&H2D@(l)Yj=>8kEAF*Z4 zQ3(n#qsXun*|7`c&my^X3pUXWpZHEyst)pm%UNLZIbC6zf&LjZKQKr#_D02=pSA7y zkjt}XEr8=#6b|VNAHIJNqScM(N02Po8O2o-<|6kMSc@F_`(N}<%Z;<>4A*|4?E-vK_s-+m~Yi|I|_;Er}}14FuJ5e=17$z zqN#-HcK27OTz6fpzHf4wVO}w>r|aEMp0shT3kPm4$Bx_5dOlXo{tVUG))zUlIV(n{ z6DX1#-TR1y&%N#x^*4u;S^@WP^D-Iv)T<94(UW~j+RJU1b18_ED*U;;4(dD3IS}hD zri24kL;39dy|mJjhu!<|%1@CiO$QcWwSo$Qs4d@88CxJ4{TFg7@rAxC!yc%{T_KhW zcTv-$nO?;w_tN7#`Zjq3T6CA}t)=ixl~(#7gRcdbQ9ihj;>ogmjLXsE@m;Y(r}#1; zCB4cV=SR@DbDZm#J3Reyfxq{37}icBXNj!j4ZOs$QV5^?2GfFt7jqjZ$a>fi1YnFJ z;wO)cLum1@fUD{Mkm;Hl2#fg5_T6gCbR!Ai`h;vUuF*Jx(})G8x^+>PT=!$3NvJs9 zcjg^EV}S|e5Fu+@ac$xXlSAN5S;A%G$EV+Br{7KXox6m#7A#i<*46gdX87X)RnW@O z$vL2a7qjIXaP>Q!di@AfveMR@Yp(5;XKvRsiU&+uB&gyR5BP-Amd6tjOq$$#0W_?l z{6Cj;JqzS^xx%FJv%sY3>J6cCc*~DT(DS?gxx2}Z*6FaxOUz`O84VP5<2>H~d(3|Z zCr;0AotLOB;9W}i=nU!tK`@O2;cw6O) zivDB(wZ4qN>sYq0_px;<1{rmcF75EXaJ}>V$eHIZM@nNh$-12Wz!HzHeFLL;qfvGz z5RYuM0br@U7^qG{1|o^oZ$9#1(KyA&gDr@5D1l&JFoBOKE{<#FF8Y+^i;N`BeC_1o zHN<7sXA7-hz8EM0O>OV6njPW;3K`7^9aDk1-qr=ULgqp)Lu$5E0f(cm+&)}W);SBR zyiCvyC9~J>+rTMjapj+S?%6kptMC0fGQRA7gxnP~{=*a913`2U4t!zK=jJ%L?)}B{ zKepd21v`n3HWxW@N<>S2p*n0kYSN!uHVu1Bie(_wZ*gtg)I=g-5!14uDt9G&pj@z+ zceCbZp8D52ve2#}|&alqz4)w;g;+Ch)I z_?nod&-&rSjRb&XFp_9tIM`|ZT7T5?xDdvdN1E*iT1% z-6rMhHn@+JY!|zM|-;n z@4o+R4ktlog`*Abi8W1oAWOHdn@bJsB3lf*-g+FmzZUNhpB+5*c}-s7M~_!P_J^wR zB*ZCp$=eapxY_1E+?wP8iH?gm+!E1OM0n`;!>bB>HV8zO)K!y>n#cgxj+*c? z%d5>~omq~|Bv1D=NXn}f(Gm(@*|TIi|6f%-My=#dE!g#&hw6Q#sy!edO~aFlkgyo-mo_ zmGUEMzs`XC^$O)m;=#ftQ#qo3$%?97YyIsX-v{*=Fb8fCzCc1!rbWjv6K2pwe`9&v zq7t^}ZxJ?3oA7i$$Y^vWT)4}7 z0_IzYCI=_oZb1R$aqRjAwjQ8El~#d~l_H{?e9K@Zmb1kFO7;u)EY zuA{4~Gl^cIXCa5-XCZ}8Mrvm`%V@k`$DSmu#LH;I6;E}ZVQ#F;Xp`8>XrNzyBQ+kD z8frQQqZ(>-ORI~fVlPFR(~Uc}b{b6y6~;mKGR7+O$K`-f6@iJ64lQfVdc$^Z(qOe#GawJGSQ7AKm0FqPdDQzduIY5)}S zW_qxz4bh!l=N;j`&k?|RBEOw&`&-d}`F|HC^R%2B{aP7EN6jK|RLzfX$bCW+^)!O7 z+4aP9>2EKz=Nr4|y(zN~hIcxUOK->e|5YVKl~H3tk@|7cw%#|G>`08ZNWVfI9M%-4 zNpdU1Kny#rXF=3XB%FWqtCdlA@3B69vC+l2Akqly#x$mlegWopFNC51gdc0^pW>}r zcr&BxXskB^`fy~SdwpO!YRRW|?!QXt^w(D7kG-Q1oN2W%j%cpx`(!LY_=Yk|n=g^AZXOzC$v|uYfA{~? za}%8k`p|K-;{XQjxd+MNXLrzD;uCKkt(Pg*)@a7U1s61}LYBzEh=8MjTpwwUC{xBy z10QB@mApVIr8(lhc9u2CYL(otz9-Ef6q~$w+qKHZ5#K#BK`o+aaXZt8VZeru$got}nH_bAK3 zw%GQx-Kp0_?+1J^(2oL~eFq(a&_^X3K4w6aerVDAsu4)^IHiJszD>9|Ksy}uEqOJ? zc#k}NQ+929IREy_vCecsV1cQAY228Qbn%j`fhqpuq&ZywX(=9R&PE&Jj3xEE0Y-o3 z02*Y}(}DN+`ZBj69N}6$dMG}l<3!_Y1>b?oTr$!%A^4n$0qzHJOza-`+NLueZ7jKqW99r9hVz*LqPxG5uy;5ux4qDOnj%hw)|3o@X!iHk?&UKc6& zIEbH(Sdq~a!3f2d{n5wlF0sAYseSN^=~Y0ewA+@&%}22Uu>yoi>W#ekltnpJZMVU%kFe!$0Z82dCx7RhkE;*o06MWCO0>_pFnJo(v5Z1*S ze?!-wEkXZiIS5bTRlrOzFm7I@f@pAi5}K2qvCdXyUggKN5~eP_{$>rZx6#S0^i#@+ zjgWJ?^_-dGa3| z5cA$su)}ZAIpxzwKH+%X2hAx*dhQABFG@J(iV5M`w8sU8Vy9{}i(U^3D;mnNF;kwb zU~}qNx%-4MYU)|Od9Jtr+w0GBSoW-HMy9kX|KUy)f{4&8t0bJ`M*jgWoc!<|uBbH@ zIjuUC#ffiHB}=YW^WYxKpMHOc!A%6BGvcH=vc*|?vIv8t^aKn6x1wkTC!;simtDI? zdV*`ej{iS@BFY^DEA9Wf)6a?K({zLN(7eCO0mbdf&;9Nmg}|_$ryC3BSTsPHH$g!Y z>t})jdA!3$mWxWhtKRbP{mmJ)8zJs-~dbWz#FZ+q945vqWOscvJBMz$j z0P-?``&~-wnxv9@?e7{3dBEKdV3ev)d|Vu@0&S`88Y7!u$$4@Yc^VW#C`kah7-CP+ zXWkS@&0nYy#6Wr+MwfRByXteg@77O>dkgTS%?Q6u&_A|8sRFA~4N5+YGBC?{VB#y? zRc9TC-K!h$-ijyz4?K!Iy7C7xgw_074@5O(o^%?v8DkSpoJOg)7a3Eyog^D^K~tjA zuC8*pV!froaHsdEhZ3Rk71!5)-ZVMLEW^(3?5JPmwMBW z&@J>Gi9R;q=n@6djn8E_SmDa_*zs%wA@wDBD|b_hkB-P)D}K$8Ww+FRFQvG(tERXw`_(Dkvmu}T~F-IH|nKHn<9QV z;K^eDmYu@bUVeJmmgyM=*jsF>4t$e>a*FZD-zM`MR!QmxNQEn640f=od3TI-EdjE` z{BFqqU!DGtL-peI|E1G!Us!*5*~oD2cUuyp!(|==L!@0w zz8=eNSnZlL^K6*G;k{tVjxhfq*F^|Uu5ysCLASqQFt55vxa(3$bS+)%qduWgti@Zw zheWbcF1$R>_wJeP<<0}zEl^xp zl{d__&x^EtfoV+I1$t+C;E{sQBGT_J69l8?6LheebgR10tB78vV)Uv}h+Y7Rll}+J z>!a!{vjFQm=>9G~M#R4Zkx%K!m-BF{9gNRc#m|CKR!AwEKGK!J;?-3VFHb(-pjAq| zS5b;Un`${mY+6a0%(I)(&5W|wrZCQAE$=|P=T%Jq1%M%?*LaQc3^_fk+XaTt+=K6ZrZonBs&UnUJOC~7U$wP$b#>2ykDaR) z?PzwVLf3&$2DfS;kv+jv*STuZmHL_e2Li;mmnhXA%2x5!28_7~gI4TaqxfY0Hz4fc z6$tzC>kkkXazWgoHaYFKuX+?_mkz8tQqMR`^}3!$T``-V`2u~Rd+PJF&EUE?`y;}S zqkXOLebc+clI~>SmHUYfmf(D^wf<29cJ>3&li_!}P9M)x8m7#HBJhlAUZbs3`I5VB zSN%1-Oy2B|=bnOZD}*om`|I;L9aRWpWr(OCCf2=B7;o zBlxg6*4z5tg~vO|?;5_roPrC~rE~47%pdYxyg=hs?2SQ82WtH@5ZUl&AkvY0_mu(r z${FowwDDH~6BsEdiHXIL#onfM0inzkx z4~K&{#8rlRW*aUzi}wNW4DvCmNRT$;n%seA-Dxn;w^5%&ht|AT_pZ}}Cg^}v{N3Lg z{4{;YKYDH=GIMn0$Rorkcoo*S(3v!sIT2_-+-+Iu&L{mh;eqAyhw$LS{~@cjWIG+! zMQ;I{>R5eRH}e+3t%bCmRwCD3n#DixF?^GF!M>%hR4{o90C_m4RGbtCx$SjxD>e4Reu&!9S{E~tE&$o)@ zA;Zn`>>t@vFJb@X!R&qb@Xm*Y$N&^NuW$x>RegY|({Jg(RFhn^9`s3a+{Z0*<}mY> zp71dE#P=s}6g@NUOmoqW(O+IKJ-{a34AQi)D z@_Y8kpgA3FKm+k{F|Ja5Rw2MZxzXf*S7zp^lq^E;(MP~uh?+s#UoQkm1UJQ=vnhmm z%Zi*23Q#IoQB(bau@p36KG0=>G;<-#oHRr~%dSxA%BG9e>fB+z0P60l;9{6?Cdul! zepZL}E-~I&xB`;RqO3+OKqv3`bh2%t#hN$sZ?*ydo%B4DLq8F`+i3Jc*k9knh z04y}m5|(;IgLhknsA0FCGak6h3drgA>-O6QAlw9I&pJ!!M!5T7~q z-6hWV3vpVsCQ>Ofo7a4U2c?a13&EplsIDw~KF5aIzl_`+=3lfUk=hTPLLon}UQ#(9 z@@VU?m>AY3y@0Gi;ccJ zB@I#!+EvC0#uVJvQBH&b>=1@O&-m(>m(rz^4y*Gf@+VwKSD{5pP^QSK%O0vX;cu$k z09J_g-43aO_n+V>;YYYyB`|=MY6Q^?}F`lD;xlDL?m0wIS;2fFo5=S|8#D4x)ZlTF3FUxsN63I@?;ro z%bKrIxh>l#$cV^iqpMrd*l|ImkjQ6nVy{5(kLDo{d@0T80KN#P?_pTLHN|FYl$OnX z(o8WnDW~O3wEpGeSfP+*^R}dnPt=lY-gDB)rZX=(DB4sknS}Kq{McR1+@#V-UfQe} zv16Rls|Os@i4(?J)~f@IjtsC@hjrd~HWD0|A?&2(HU2Wjt$sFk1l4nP(b{bWZbE#3K=75`2rU5Du<(p4iJmy1B- z=l6yazLoC{JH94&YUsw4;1!~in5|oh3B|9(`CerjXLCaFY{SW@!3g!lzgezpMEYDX#9b~wBWM^NEDvUCA_TToq-jz5ZRF%~7G4}z@-yI3T z>=%5fHHk_l#o#3Hnoc-C1vPd;Ihu-@(Scx%Pt(a&pl)TTcS_enM2B4L0LUxHPv#E9 ztvD*nE0%zbv5#)-LPqz&h*g|_;&k`h0>0z5YFu2S5Mvj^JStxgKM=D;9UPUp!1z8o zb9?(hFD~$Q@K+->+gLlw7fa+8;|t)FDNCNz=Y1_wjuMknlK$uUlv3cB*GJ@|A>GAS z2kIg|?0alJAyxD+KQWo~z%u?I;(?MzO4OjC)~0F=V99&mA49@Xg{|8bX+^R*vPs?R zZ)yagQ6mRuE*pHs1-v<3>v7?>R^G<9N}x_lg9gf@bj>Plc`f2jdd)74O?=@!uXB62 z%g`8>LnMOSk7UYQ)M*|3%%N#RB5KqiRngX=B4uNpJ!M&W)UoGKSpMvlXVT#VmKoVp zqR*Gxy%&pIT}+Y~=d;#v4u;?4f1$5^82J=;vci_7&bLR;2Jw(*+R@b%AFGyJ97ivD zQT>|qV{yOhF0B34|9z3I!tqO_Q=JhXg3i{DrH%V15Licq?g2=r;|d`rk{-GN@k={H z`KC*uoAe%dgY4g;$o9jSSqDGPx3a4F;v2I2MWw7Mj`t%>jVMcS)(IR9*>5_WNSp*N zvYIy6W_7{@4_z9m!Y0~)s-pvd`3h9C(``e=Ut{zj^;K)+BuyH%VU9Ca(j{fzw=d=L z-SHIU4}Qm>4(E%Uq!cGq+FHj!6epzo8Apmjb78mP7sG!M%Q~S9eArBOr3qF<_iWq_ z(SUC-T#r^xsBkhf10PrMdY=@dPDKtAu<7Ad()ZcgdhX)>2jxI60gstDYsLKeFo1v8g z>YsyoyoA9=N4OS5t(;$u4`JW&m0Aj+I07csnVYf|_}6o9ehV)d_F-i>^A+WqO3VpE zzCndI@BWqF-RxNCiwS4LQ`!vmOWf4VY&AVkf62Mlx8@t~z?wZwHu#lW@CU~oo)iAP ziG(Y?-{MEuG_C21t~GgRQ6_JEz`m&4AQr7XBC1k8xFJzvu>cJMRy_O%86_pGjV`wU zpOmLw@39x2?UL!pg7nP#%5%UOk%F7;3Gnd|cw+0Az6a0_IolCra#1|E7o5|=^5{9A zS#MR1cJqOWjuW2N_F(Od>bSa>KtS>> z@@N^$hKmgPWU+-!WB(?EL}o-uH23VQcXZE#C8?PZwHM`<{Et=0rcgNzgI!@xZZ-iF zy$i#-kMT94aKPd9kxAhG&ND-V$MvwQEvqj}e^SJ^2(|vZ+1Iefbfw)nJqfxszyv&! zKUjU-zjEmWRyi;NB>pX64-A_RTvGf|J7Np&M-9)QBSa(sgn6{>Tm!dtn@V7gt@|wl zD5dxSHjVWo5`}XA>-`xNAu1HQV;|ISf2}V}luMl0Z?<0dPBeLUAbGd9)Dytu>}6;4 zJ#=SFjS%f`YE`~NkgkM%@D^2ub^|98_3L-WBmtn4_T7+iaMO0=*0Our_sA1q+GDo! zf|E=U(@xwqXLaO8hL_2%l9~vGsq@XEAfZtVCHSm9`9Q)q{ttXsj74~I->Bf!v261a=d&3|xqOxw`7w8D`icu~ ziMU@Z^tW+(1FO%Y7vhIv=G(P`Epw3-sn;6OI6#~xXTY6|l;5InFTMsI?1bH*F$1Kw zgtuH4uxcv6An#s@mlJ)&R{0Px5IFiTK1*GP%cd82=?a-R)IN&my?XSd+K1^t$lJM+ z1x3?GE4hmm%juC);PO9Jj#x68g|9YJb|fY&p-CSx_H#3y%GQ+hPPAf3 zN%|9K?UWqX9~O<#q;wf2?%W}zCx@XaejglCUJ$C)TUDB$I7^>auxUYeiT@ZtG^WvV zTS1P@J8tHR8gl(A0`%+0xJ^+{EW#WTcOSJc)rxvJ)sRPXjfZN4ZMy%pvQoC)B)+X} zCnHFW^G=6OglfLNJ=R~zw;Jq*IgWE)_KMbsyH7vXnw%r3jU6<7n0wxFt3x2ng>INH0`2-_bo2o}~>oJX}-<4y_Y%xH!^)zZEBn}=@mkKY{atz$0mqJ6a! z7=2=X5+p<+Q59KpO@`Ci{i5Xr!RvPBDFH|hE1am|`It`n4c$!78*XhX|bKlzePTs zJ*du*O5%^&5e+s434Y1-OoCChC6nM`Ty6gb$5S$i)CjHisJYTZ1HFXo;EFFl{dw_E z41QW^J`{aeVc1k9oD9z@`Mkf7bX=9*p_buye|Op&!(3IgM)?VxJuaM3D(4`Lpmk>} zjfGsrQBiRD+CU-N=T(P}<(~O6zj{kRQSk^K=^ zjs$4I>pBTGI83!jS`80?Z@bX3*=Z$b(cxRiwkRmt65OYhPf-F6bUJ!!Odh;Cs7UBY zCIS=bT0L~I9rvP;^tdaL!M`|URM0OjCl6;htcxEaC3*R4fo}Nn!eVlF3&b?W4>XbJ zUm;=XH?KxUR6oReQ2p^ZFj-4uC81(ODU+ro6aIsC3{Q=9;=d%yOf3%1OzCteo6OE10$rQJh}* zwv`_g6K%pU(S}9lE5D7nXZUXy<5_zExc`-m1o%YhlG1s;_nRdCzg5<0ew!JhI{teC z)YnUAnmQ2q@5ciJJdmZg`_C@tc@+4Z1W(^wyU7Nw=F!(a12aOf|CMGW&__>_Jy~zu zv$=TLkfYTJ;%I7GU%x<5my)0LDtRt#=nW1j#o>lM7&`ivLYc!_WdA;-+1k;Tg_&ng zmjYE|UP%F@M5mL$E1r3n15#+7@zCZlVUO46ZN&X?u(ZUZ&xj13jB)#)RU+LWS2qFS z+WpD8CF4U$@B8QuEE$HR?>IEEOvplho|2bfpQA5MkysZa?(Kb%9d&HX+k5KR)3kT@ zjS45V+imN|ZvaonCvGXNyqz*bLe5HJfREHI%69tHRczbN0ydh>L}Mww-KYX3fn{p~ zv%-y=9BEZx%sw)aV}@1pICTo|QPt>@W;hT}`)jQP7r7*bKs zXUCsbI?iCt7oqo-R(%8Z?dO=WZvwxFcsO~op8(Y_b%Mn^hb#(V_28^~DV*x!M@5Ge zoG!8cxBmm?_?W@|$LbLJ^A=b@Qj9CZRJQI&H^ExBmR#U8UmUP57Y%afOBMOd{B70% z_noDEPNa}xi64+_XUlp0^@AEc>{YWRHko2Ql!F}NAO>KCQe~Y?@gjg^yFPl8sMYCY>F;=Cw)VfYlR zC6vjR&2v);b%c=3a#_pI6 zwzt}>>>*$XYBVG0Y<(DMSfMnD4e-=y?7O$si&Mp_11%K>t$Ug^Qnw<1wtw4-KWev+H4OOH`efxK zk?d$&{_s%GV*0XIg8Y$1!UH4T47;lAbE{c ze%fVB(L`$!+I%%UYU3M6w@uGng?KGE2n*15WsO@hBU^I0IO_in`A#erqT<_g{JYw6 z(b?9xCgY|^gQsp>Sa2VoTy) zUU0N)<5)#WBO&=0+du2R>FuhL;9*)|+8Dz_PUd8x4hSZ};6MB?~IqtATIE0V1j> zK|RR1jW%RfO|cemK+I7V+63s8{k9Mv-#4;4iS%$sB)~ExZ7~YE6bE#uhFnCcHYJ;< zYr?VW#*2n{U~Qm7fZx-yae?|veT%9zSt?-qtI?AzN8AD}EZqS^N$1utX0nUeDtGzj z3X6lwjRGmoLJSAxt9+>iao>U&Yz^Q6e>INha7nEB`~U_kgY5t%D?^;QyD@ZHa>qBc zwB*71E6=rMHU_eJu}2^gJDiHlMPibq=9svfqDUda=j$r#1Ny-6i(cO@tZtunOBEWA zDCV!55BOU2siu&7+!%W*!g2Z&-!a-3$0~FBZndMAab?tIRlO zFz_bQ-S=AM`@pc-#BmPx`YnDw^9#11n75-l2&(jcdI-V~cINdkkPqZ6(=Sr&ZWG_m zt@+`PMpKbDdF!o4VX0!2h8G^pK2dHdh^K~BX{}li^)tJgorgN~H_0#_YGj_HE?HhX zTK@uvCWGF<7j-;~^g3o(s1R+2)2hziGlFkPS_or|26~n(7t0}y7$}6Dpx;5iPlI+D zweSJ;kE1u29M}LK-mPGMOVRtS3a_&%!n=Sc7IPo}w(O+kxTXvloPY(0mjFVwjJEs@ zl=))$lN=59@bDAeHb^H9=?4-JD93zuB>u%2JCdJU7>6?alNEvm<(7%EN(PSd6qH3__J~RSV|ZDrv&=0gqITb1qF^F z7*K0_Gm)70FdrK8Q!;;(1Y2X_u#t(h?BZ`N*sL@LqtzTD=NYrL`G@O?K2uM6MFj;x%^LqNbn{6Dog$6^2g literal 0 HcmV?d00001 diff --git a/released/assets/rancher-logging/rancher-logging-crd-3.9.001.tgz b/released/assets/rancher-logging/rancher-logging-crd-3.9.001.tgz new file mode 100755 index 0000000000000000000000000000000000000000..9aa007ba0b2e3f53a298478b897aad573355f5da GIT binary patch literal 26805 zcmd?QV~}NA(7)N`F59l^vTfV8ZQHhO+qS!mF59;4`q#aE--tJ6=EKbA*%2q>M6P`z z_Sun{>$h?}3pe5?(vN?xFR~vLdZO~Q2BK2Tl5T8F`V7jnh6+q(>I!VkGRn%#QYx0_ zde(++igGqwqDGchKh8fi684+xXu{9hctHAZeBMN2JcJEaOthU%qbj=^DJ2jY>Yw_f zz2HdcD-gBmUP_`vkLRb+da2DFxt*$B z<4X7mJ_J# zQ&h3$rL)!j?4!ND-r4!OtYfR4vHAsbDr^t-81sg#Zuh`}S~PFK>sdDt=c@pURgW1~Iy=@aej63IDNEyg0ij$Ki=5gW z(vQ;Zc5^y-7LAH_tn(!`uZvxi!4hO%)JYz$*O3jk!ZBx;5NyveIV<6!dbwWvx(7ov;$5f;bk;qqBVz+|J7nagDpZG+hcVk#X9?k(mw zwq+yy+n3JOR{P99WM?2A$^y%%)t&W)HbK5I1fPQs;scBVdd2XNRo zkxO7t7kY9XLwK&roVJQVmztVlVI~rIP=ah_b3SHb=o{rL;ycQ8^lhSTIP%mt)QN)t zjdg*ZqOQ!QUNf7UEH9EDGVYVd(dG$fWSX#f`!TFDx8pCi@q-^*bqY)saGBhyL-9ej zYBWv+d#-cKiBP`aYdMfN5Ms+qplCpLxD9`^K*1QtIE))XHpEgguG^OU;Y2d=U6NGH z&9sGWI64x9Zg-NrMHYOLhAV68UHq*&yuS0E)#Sn63&Jw>3&_h7S&==XLaCShA{Fo~ zH=X4S-W=RKY;u|Jg>TW(tL6S!sla(CB#9LZdd3V zcBxpe1X?&sBp~cl0*TTa0N8&=1=BLb|1jt!f=ks z*Wp97*g$*5 zRq=}x>H$%{^nH_WR#IdQeN0(Ao2DkZU|eUT1wcuO>S`3V@4`K^{|#wO2t{@1M927g z>-FZ}{m#G6IL3yuC->8w&qv}{5Z(=~B76ZD6cOe9D1S7*V}778pJ$MCVo+UAE=>=d zM|d18HmTQ}Axz>=(f%lqsW8MZd0EKez*FpV5uqryKfS4~9tO*So=H70u#{$Ck+1(cO z_KJPT)WMgAel-NN#F;p+xmq(l5%H?AARH^%v<{U8903G|^0N(bdKWm&p05dMn%>1& zPQO16-M<%<%Vu&A|8YbFA_07jUXD(TcM?(R+5?v+J~t$iqY7cCHe4LgHr_HoXXaNB zkzT8-8aR(~;jTY(GjXPYs)21iT1bvp`*X7SWCZn!P~`H&{hXN%&KlgbKkCCPSfi09-gwp4a%t-#2HKX54B zs%T#K)3E+h(v8D}D?*|kRyN3SH$AzW6ble#U7+3J!VS>d>qKX#|H(ZqMf1$dk}1J( z^mF7mPxef_QmA`LpzR>okK74a5rS6x2PlTMt{;}6j<;^_UL6NZU_OsUP5`P-?|aKH zFl?1wwU?2-cwpQJHkl}a9?pdgs~{k<$_xot*2R4&m1YIg+crd-tjmR{_%&bUK=?P_ znhSLzQ9l@n$Ti2`e_x%M`?hC2M_ret?Q&Rtq! zf$BtAcB^Fq>cAM=yTK4T9N#2$Hfp3){Eah$R10kgvh{xdSPiQUf7=+l*>OGQc6Ee5 zKdq9r`jx|o7G+PR<^e-|(d%6r=)hh&Ww%LG$IqKfawQ6vJOSHU0F^kiBcOoRFXD@A zQM3k#?2^$_89I^7`*A3cDR2CqN@Fyg>il+_HJ>fF4E_`+a828?^=$vLiYYVW8n_04 z&~ebX*bN7dq5zZlffxd1(+X&Lz48($8~`#J{ZcoLY}2lQeXN@IHpDHKuN?gSSRtBO zzNYoP3H5rbA4B7Wpf<5Pd&ryw5xt;Om&xT|MJ`LpgAgq?f};Dz^|vP=TVy-K0V3K^ zi94<%>oWH%#$clMv7;oxxKRk7AzK6`Lp1yc6xc|u%6(f3)1`y32WQ6he$Mc$ib%}M zOuE&lOKF|DgfEu4=aG!yvzNXxT}E6o@x~#>qSdJMz79wh+3o*QCitlBn56?%e87s ztfc73de)oGhZn07C#;~Cs~$ZBgoXM6DqBG7Mx1Qck?f#Q$n)TFld3&xf-HSEs{xTI zoHn41DgUIvl34oC@krVZj%%I$89`)`f<72-HE>>Q7vFNrQmU1$6E~iDfu?PGBq0^x zcLW}#Xf}^>l7O}tpezxbS15(E%GUjZlh%zrc2s`}ck6*EWXGSDRzUOB5ri^yLCj~R zFPnF8QdjQROXUt30td}{*Sp<41EH9s-?ql$-esJJ)H5RnTWevpy@(ryw#5o0`RD3r z?l+;LPL;!DIC?d?mPiUWHydQuWB;Fiz~KR3)|9AdQh*ZpUjx`rI@$v@YOPjroNqD)hsNoKZ9WCCVHavMeb=!*QzTT|*LeD|f- z0WG5NP}ms>boBEC19VWKg>mU>(;U`#lBv8q6$p$u7zrHpoBtcBo8*p@7nn#rL8R_#KdjG8uIeZI&IH5JuMrg3~n>(?!Q5*KVNvMt#V?NWa zO13bgxohD(bL_U-*Z3+rOjsv%<46={laUZwTpsSS=|%&BKmg1n9Tm{(IkCdl|uY-9md zO23_Sxt5v-+|tJ(u5D43fcaWV3vzP)|gfG}4>fH^iD~Bmg zdfrb%cCsE6N<&I(21#ycHSatvQO7+>my^ED@wd79aQgvTN&V6dD0sg{Ka1p*46U4M z_o$TqOZ3~e*H$q-7qoYjCoZkBF#)m|GzIHaoTu1u;^ED=3}T4}1&$EX|YW zU^|XVdvb_Re(wbXG=+OV=V6v6P;uTn|VY!VHED4OfhrX)~RDn-AcK z$WO!jCxO@*9_WzB&$0yK0v_~_(PJ6mudxa5A#u!qj;EbY?SoNijO2!9=9F??-g`Veew=iMGM}+k;?PW3+2w z<#;Tiy5e}u;cvv$QB3{2s-U%M$HNi27vePk>o>y@$~Ksb8i`O%Ecqw29-t`0nLJmK zq&&k-BcJCT2{G6&&g?zKDVFHSa~>!y$IYwenAQMmdJA<KfvgI*{2pPR~ zBq9`x(E(DlIpi)UuUU=Q06lRxOxyNnNyA!9+`61-kJ(n)RiE?#l{!M!l-6_74hWk8 zo%4d76rj`_Mh!$a z8O-ns8)!NEIrbHyS1dAKJTtV!zF|V*#AxcnOUV<~q^tiDmqKpXL ztT7@V9{M@HHc$uZ^~8Pe1G=)0_JhW_?UGlKW>UfTEW(dh+kMWgRtg7LmIJ@S7EHO?oiH!GSC*?SB@Y%Kv=0EFjK4G_my^f6<;g^M!%?(ZMm5t$oX*v5#|Q& z^HIA!`%96_z%_c4*7~e&u;9@NQiR<3TJNkIYb zyK^FMyF=FsLrg@+zyZh=;ZCot4HxXD;t$Ct=IPs95Jl@#=*S>!#k_K{2ARxcBXRy% zQ@W%hbY{^=`=Wf&h_Ifge9?*T+3{PrEuC*Hk@4FM20ZifrPz=zndwtS0{!N?7FL(f zZ4!dA4CF2ozE+L(a6P2ASr&zdvFQTlFlB6ohlNt<^H}l@qJQw2OioRF8YQmGlc*|` z#^?()l;{dn2=>0)2AF!jPOL;UEq)gGTX4ye&rw6XU?7*$ z85_0@MkX8Q=RYv02d##h4tEybiL9FSuO5fUZM}ZTz4Edn2`b}n;SF{C7VX0STI&KG zj7CnsCsQTWAkDr$5ub+Q0jaoyWP8zNZhbL<5PhFzgz*@iyi<7-5L+Ov`* zxSJx{&$9JmpE@CdaS%O7Mwy3_Ht1V-&j;jkNdp;U8$<v+to64ostxTDwb6r<4HARcb%Nu+Tj`o0chb7`dyBFpV z4zD(zXRtCAEKuwH?p+Yz+zJ_C0R<+SPTWXUrZ@L>!&i9!PXi+~GQBVL>S7FcJ%$-D=8&j`q3Lt7$xC}Dqi^3iatL|&WHDROB|N9n zR<=Y^+@u`bky+JqvY{_y$={DxTf!`C;J0{G?S9jMz%87vc_u{S7G-oCz3$^mv0rP} zW)hZso7!g8vhee>*To>DgqmPT0FN-vNMNn?d7_iyy3y7t@Dk`;n)^oyv{PPTrz#l? zT%^VnPeE*0Mhyc*v!cpjf7hpfHNl+&b$l~1<_zWyrOdx&GoMqUbQ2N2Q;*W_kK+U< zf<2y~pW#6yI)~512x~vvA}%J&>yeg}o)qO}G3Oe{&UCA)B=YJkS*U&j`_{5H4-jo=qy$H^n_WEp;H*pn9rTIdC& zdP^zk1y7?Fg(gxM`dh{Ii=kwT+|a~-9~e#*B}ymGp0rx+cqbYIor*mlulEJeNO;>C z_JFEMzZI4A)Lso@Dq{5KCT&njUTM!3>USfpX%?fS!Z!H1c6*MW{=!2 zCx;F48UVv6=7K8Qi`n_g*!hUC_Y{Dn5%k?~fin)CU{eqwgTq{*xwr%l1bS0qMEa?7 zDdK_7;LYex64r$>>&N>E1B*+>n_f4R^ob>tzW!%;tY#gT zWL!S}H3~d$cNguS^_u~>1E5Mw>?HC|rAe-&6TMU%WksphbHx>m?cyBP8rw-E)@dq9 zX!9K|@Uy8*KaMbz1J+J?%XMKLpW0M?E)u%o9f8b+^9>8G93XD)(A7-e6e^bRVBT}* z7w%cW*YSn~L#K_>o9KPsy`WG^XrHzV_RaV=#sAZ30YYRs!)}BGT;>DE@pTaSd2^58 zwCv*heEZI;sCAX!A%9%zWltHgUok2iC_FLtH~L5$Fc@?L?_7WrM>{7ly|>Oklm?LP zaX7j+vp~oO$im}2io_TNymfz#zZKG~WN zx?srv%-IpF0lBo_J>C%*%B=#{jnI3yUN5pWh+w(_;q97yF5i2BkpR3LoZAyNYfRfp zm9*nytUo)jzK3|;`I=Yo798k7-JfA-=@ zY)lBA1u947C6t-#=cQS`|86(6aoGlJ+>L!oUk+7E{D}tb#42yS?w0(@>~;ErtaTfL zbG&E(?v#4lQ{^uhju}%IxR3|Ne}6cn7vnllI=cpThSz)Exn3{e?pXILnq?+bJ#5eI zUp1F<;3`tReUJ<(KEtsPIvc9-*F7~<#km#iiadjUQ~oz!h1?e2>y2+9Ri;i`P?kRr zU8|ri7QUPF$Q?qD(7zJZ(+SFulm&9&aVP^#*phnvSf9GKDME* z84#e@(>2x>dn1#3qse#nYiG)tI(xQpI^S=xSGPBvCN$~euCSL)$;LcY(!IG_N1yU9 z0M3thkXJe23vIb4K4?F9aA5J3__tk>!L^S(G#!6%xL$jTuqTHV&DL@Ly9Q}bMVYT7 zh15n4c14;&y(#_s{6TJsM$%Wlm)*q}a%gsBe`}7urum>&o6!buUpx2XG$sz_BF2=T zC%z^;7KBNOt@D3ICY>>;!GJ_$=NxG=8tYFA_M~**91^G3x^eIrhL(Sm!xf=OYJ_HI z)N#cww|zwD&N0%Edq&#IVj6m zdP+RWXSc-yNT9PBU1zuFh@~(%&8`dk5q1 zmApoZad6cOyJE@k2}(b&;*lA>l0_mE0{^7kyB{A{LWy-J87br^My4-|6$6P8AWoVW zOArf^BsY}DPZ*n@>c;v?l$>81S;4sZ$##witu?KelbTQhuLtjN`!_y^GaJ<-q%3?d zR*})ZTdN74AamWmJ83GyES8RL6O}akP_T|)oCgZ8a*5Vq$nazQD^=CwZW;auC74$3 z?5zJONo*|K3^9p3-t!Y|z#T^7VCed8g-w>z zk>?8F!Br}7E041NQ#d08?LWna4|@I~)|Um~md(P!028f>9Yr2b9PY^`XEqReZ@JMNk(ucQD1+^ad^d$tv@Qvy)7nb6iS zKKH-*HtzO5Qda6dU`Pl-NPS=?C{W_16)n*u-7x#ZrB~UiEd!wF_Y3@Jr37||g| zRC)h#Nq(Hm#g!u~SaqcvqwZLVtumXf4O>+R1i5jh@~hESFX>|dS=i-7^2(L^39}sT zJMH{^Q4?psRc!E#=jqR+fk&C}*il1CvM%R2Am6Ow!Am7$3=bBYnP>}$CaMZlnu4F2 z-a*lMbTWfHz=Z8iZjJ@?7}dk+b+}KK0x~?Y+resety=K%qOkZNQc%}n=f3uC;N+iV z!k6M>Ixi^^JB4_y4PvaG+m!qMdT-^q*ld zn{}*_cxwOGDDZ$~^|}$ZmzfV%?%`83mLO(QxLqHllC)hJt*9SOS)+NYEJ>ZQkAjS4 zS(P|&g2IE^$R0weI70`2_r|~jwAj!stE9jyIUZ7-VDU*5>@9p&kMq6C5z2SQpvPpt zw}RO}x{Z8~_kW|;&})N=hk@!`WsNs%%3Pm3wPQ`#o}iAgSGRvyI*KGa*i^i}Hqx1V z9hbt0(uueu#haqll&iIyb`H4^n{lM9EDc>aTzG?kglOhgU#4NnUV@QF?fFnYFpyyEkIL%LM4o2;lrKIJ<7eR$$TB2X49AESnA7UNi(|1Rz0tp}Z$Sf@;NmV9T`8n3MW(A$ zECS)i1P`q>Us1L{K>~*0L$FHl$@q5;!Saa*OuS2f3l)L)f{#hJ{x?t4MdYr>90_j; zQ2r-zh0JJ)XiL=27JY7XRNNKz?1#IC=4!ukez1Af3|ELl;qGb$<{zSMk9@_x!^W(k zh$knVmw3?8U--~Si!9(p zN;LNLKvDZd^I655_bHs&Ze|CV1zFS#zoCr}U6!iI<^~UUnmEDcJ{KtUK5iBymy}1v zXDs^)*|_8lg3jqT7W7hi6}I$IxT!&Mxqy29iu>ha z_&ysdRG4B106di_%>F4Vs2ArC2zT|7P#lg>HT5h17fA>4^EkF7Nj*d9tiSJmB9r`q znB`}uhf{D}&CwBVk@;Sv?N{Htl06uvmHma5TZ;Q$hgzC@^yZ(2W-NP=_+5h3ShB+~kZxU8siOA}H<6GD!) zc_2d*4~Sc%wH0GlMdm+vR8Pv)=V4C%pMbPo@yw8VS8HVDX}nQ02cAd`)ID!=I-e7d z{ox8SrXs2)tFuj@<#J`2OwDj~@sJf)M@1G&$yMN`ZQSM~4(=CoQ^7h9C(Xr8)d|_8 zj4Nv+{36QQf5iyD@}}?bYFkS>n91$bqTNzv!Wix>Cw?&ARjme0#`iMR9;P!{gT>V>!i%!F6Ls}U!zoctm5XL9F!olc)B9m^BNMI=lS)#sDQ$` zFbZD5d3Bc3tnEj3|Jth%)9&u_UQ%M|WZ<~gNyceG&wJi8WP9Mus#^VIqjl#U^|XE| zQg-$FC9b!z1>^Io774bI4gIKNpj*msr9S%Sx~1aM&^P<+Q{W=8TY(40oBChuCG8t~ ziO8N}?hGt{)99clbc@=;ffpcE(gLRc=WZ%kxEF z?(KSN1|_21wN|4g-lXd+-YISg1q(8W+;;Ov5eJRQrqCDddpc8QpP}I_H4hu~0X~m7 zr35H*ANxs4oeGI`GwUnX?SH%p zPSAw1td4f}`-W=Rb!TG^fV$Oev(RMGPt&lNs>3JChwVf97#L#!97c>u)ZH4hVNJMs-YOeE zwr;&Bzot|uAE5$h$`gA>2=j3zaGy5`=Ac{QTJ6XWU{ObqbzgJ>=&mx)87|OS09a^~ zpOLFA3ccaL97g2Uehq3c&{mdM7(?D^AdyW*I03^{=>q-BOd%)@);Lc%jdsLbXmJ@3 z@8-f6M*@Txe*iz-&5&+nN5`#7%B!JOYfw?8iCO*hTh@QtVE<8^p8oKJ_!nCdjb6x` z=@ZQGHg%-sG7~Hixi~A5o9IKDK;mH3ZxkF5AQXNpgpa~$s!0*1i)^N$Tm9*L4ne<> zJsyh$)ggSYc<)KW&QxwykC*x z01ewi41qaTs!tO{807;+wGHS}V&&C9aOR`vfxS^ej04&QM$&iC$bg0_Uh`_WJ@eXs z<)=V|n-)}5x93*(KiCONlzsG|>wNqTs3-*AE)_hUZ(d*!x7r9@pmgFiX=u%KSUv3{ z>iq$#z6{-M9#D}@&V(NVfLUu@wx%Wa(y~x8i*298_dj2TO1is>Y^H{x~y2 zXAI;2Gn_)(U_ASO2UFe;@U!`crKWASOe!GU)qX)O+|KHwK6oZ$ntHphVT}}m*n1{Kh*-=Y1mUl ztHufOR~dw_r}P5^Cp#kt9e@rmi_*dMqtojmGT+m&JM-0I(t&Zr-8OWHE`tnv;qmbH zJfgm~o@_CJuzGT_0FtH zPj%acGe*VI2a!7*0PX>RX4>ipVjt`E;s+2je7O!6{#oe-qwNWBw-t}&s2OH*Ko}!| z;7NJN$prIptLV~#3{zNZO}(?Ds-Odz_rIVN8B`xu92wPfpam5jh70pB$26q(`$$gd zz74=Q1&_j3Y0i|-s)|nJ>RrYfjip9w>j_KCP^+q<&7U!>k)yE`M2XUv&7qJxgzKI+ zdXZqdMat2TAjYCk?LQCGQ}`jCYVr1!HCpi24KnZTQ=_Vr1sV7=jFxJZ^uw5-RA`0! z@xnT&d}yYHMBXcwgMSw1OI=(Q3R03msR`Qz-6v6X!%tvjnj_+>gn6{ z8hPSkP?uggk&q z$Ul4nPtD2cup1FDC81UxR&yqR*N1xo6Z+UGapT0)%iyWWySRD*_CGVyWb0#4IYRu3 z`(5Av3?+siKyzlIn+W7}>d<1ejv(w&NFT9GA0hK8n1s|bo2>L@_s-A^Y*_obccxPF zb$`2%@ETL2^BH!^!!7aVdB%eiN-Ga|3n&EdgY&uibx=pW`@GaJ8~Wx4BY7)}Er-Kv z3xcpUw%DFszgRxZUU`ZiFju)rkLUraVPRzLUECQ3}H} zPE+R>c8}<2vRa|%#&B>AOZ*C-`bHeV4y}jfGjJ9NyO@ce)A58W8a@MxSw&Q3mI7Rq zPCiin%>-Cn5=#UyI!PO#3A<}6f(g5JErAIFRx!N^U&xUm;gG-Es{sQFJ7*4KzMbG( zrzw_)D?xbx%D_1ZrWNqS9Igi;T!YVS=n(wHUA`S|e|6?Z%xoLn7a-csOL(V$2= zZF&63Fa}n0y&3;fDntpH?X!4^5FlZ%BIn>9ezQsLtC`>7?J;>Nh_~O(f@}gG&5yA1 z=yYEUDI{54m&1|-?w>6W2^A$M5!PTfL<@jEN66)+>Y9bzAk`>1?N|5kP#3cZ+Vajb zmE6=s-a8e=$YsAVoDHC%RXA$!#KW3sGUZVYPf1~#SamuDFXG3M?EB;qgQIJa8m~#B z*$ijORN!bJnb;qsG33Hqyr@fXg3phq-#lTtfK^M`t^7Xg-IUBDfcp`<)ve<6L4{PR zq&N1 zDTaYEoDK@q(Deh0jY^}4Dh`q@r3anI2g97mv?AyuazG82TCeSSFx4g<))U(hyH>cyHxhcALt>zO#&Z0uMz6dhPs2ptgwG7#CPq}@Xz8NDPhk`!6+(K7;#B85#^FH} zkV};OARw1S9kAd5tr=9zr;cwV)f6(n$AhOpE0@;FeS$9+f5`8LQK=k?;ViOeat8!Q zu0*6wpinc>HK0&8;WZ%FFzL;w&@|B{B-c91C7{s$$EQQmt52>=(wj%2cVs}_5urd~ zFy%X>G$MV4rwPCYdqoi83EpW0mM$m80fem~#{q=VleAY4QT^L_2+uC5nZXwxxrISC zAgSf<+8?=fCiW*jghEsYuY`OAHd1OF7=`2BaHf3Oo1N)R=3p3d$6OwKQb$DKMr7%> z*0vd2QM^kWr<0?Q4X0z`E&*&H(zI&Q6+xwqNHXVqLr?TY(d#|+oGy|ZtQVQUv(D;y z;o(BfX-T`a){}zH>D5JY#T`GjH-@%^*OPKZ({kqqf7=`1GR$eDoBj{)E)atOx7nXp z@|8xAV^x#r!l5_UPCEGZ_9=sC$+O6wxURSXbeupIw4mjw@8MtZpf8^(SO>TkLr+V9;*FYyv9!K8XP+_6y= zPCOop+#p;UCVU~6!Yu*2L^c0XRTLIOA{cq}vnMtpKUgDPr*i+OTh z*iZuaJ)STr&F+yKH;EHKl=Y!7yAr^|Bg`u8P0M+bPawt_pxSiClnN`2>5YRVk0%Yu z(fO)BIG#11fyy+$gI04avPGDzLF&@{fB`Vg3+=LLs>2xSCA-P^Gs4T)$9zRPq+p0! zAZPRmY=?`JF2ox;>6(T`KVP6>*X5ZF2$*rP1TQbJzoq@Q@pGjtRoo z1;V2`E4pzyx2Wl?=Tk&;W5yS6Mq>SYpLWbHmQQxI;3D5S57GAy*!cAi?2Z zPcbx~Utc}7YG@b2TxjQ+ETjv!l3j8m8$CH6HfwpVqe(L)|Z1 z9L(8PU3*3=@cMWwD(^tI>JuJcPwy^yo`Zq)(G>{B(7V8-hJj%MR!vU$3zX4#r(^XR zw0Yl0Xk^yV?8dQacNUEIfZD9a&?_+35rAfRZuhZPzqmaGWOb8Ic--IU@36H=BXL*T zy>)%SeDE_!2ev+McV11pR(>|Q-7Mk9oD!&By+Sm-$o_zSQ}eK39spQHu5HLpIQ_tLqSwAm1z0mRG6@B}>PrJd>Ew>| z4u#DnFaBWo9ktJrEd$XLhJn^{UZS@^L!fIJNiu%P=?~{rOvwAS+o3$h7x7T-Ie-(~ zKu(?5gl@%tospTYJm&JfF_VLfY1)WP9b3sY=}{lX)C$bcRP`1WA=ZrXCSS1s;=ESA z!TI7K_{!0fLpJ<59I3Jr;t3m@|IC-tVGRKwp$-B1HsgYo8!HU%ncd6Qx>K)X#3b<} zhj4iQoM-i6Vs7`UZuQwUFipp(7>TiS(i>^0UF{Ct&wF%#+jI$sMzGloNskBefCp)hU=+(P*k<`nwhOTlRcrk=(M9%U zJcK(2vk0jrw|5m+_m9TOtK`bb;~m!+M}dl)w(pZSDte@@(rNplo(#-@lksfVpUTi> zCe(VS>$T>!npGWC3`8SDl!%UIr|OrSxhDn?dq0C9PFabis68G(6U81Nhb9JKoWlrfT&S0?qqq=OLGxIKp1RWfx0kb-+f^ zjCs|Zde9(I>{wrmydBZ0Wu*B{jh|=wFEfM+Z7aTKA|2c0l%?QktEn^a(?f+(FB6!E z6tFtKE7i`F-S(IRdLh=cm=l;s&|FBH0L1e=62>RWXZ87TcLHv6QE3PRL>-P;I!hUy^ExeMUXAs8~;zrCark-sOhCFyksL*=BF)#HfsXzcpn8n`*1Lj8F( zNHzA#9I!Q>i;wg_&TN|OZFwyAYOLl*LZOX&FE;A>TQsVf;U=k-bkSqX7M`ZKV!Eev z8r^G{{2hj%?zvWZ0Lko=b9{qxg3PagPHrBdDfYy5CQe_rX?IH>-?B*p2CM7idsjzX z#DDZ_74xc{w!4|!v&S|yioVFV@7MR3L>drJ7|%EjZKyiwHY~MRVXT1h+O0UmwTa_% zze7@7>E7eL=}Mq7=f?4SY;to2JxZ5~Z>@l^-4!>#SNTCGmNw=opU{Z z>b@67#*)Y{;|+8&^=?F})?Bu}!CL3NcB|lU%uJfHp)OF9klB+xY;X`-2L(dEFC=RU zhb!p@<;1gi5*3Ed(5;%~hHEEz3Yq{E6sWx7S~!y8ES`(uwT`sXY@umA9w;7G{3z&= zB#Hha{k05s_G1S(1Yts~Ni^d}8A_XOp?VPb6yOHT?`BxNON3_3>@MQvlG{I6Ig2PHOA#F#^F82 z^~1*XQ^u#BZyPrSKhSsghNGB4ts-fB{zrd?J<(3$$$x^e0e!onbiTii+z zC1VBi=-~9xXY5rP_V|TeG4Ch;ssmmLeM5MPVnmRjUi}{#yQgdCeBXe`;C?vOo&NQ| z1gFeAws;47O8|j}Cz(B~7)%TGESq!ORQ)aMQzgtCn`_+gU<6yi#Ll4*s0a;0n|oaU zN(9!WwqX^YKI6sot$}$=NE$MDmgjn&j%+9Bnyp}da2}DI>uuy*ci~)A^7o0%*8Oxk zoOhfyZk$mSvsYFw+aB4s;e2}Wd^o;lSVKbO7{yLe3GVkJtoJk#Jo{U4*b=OJ+%8hd zvA%BCTA)W-o%2}!le01K*_DP|$k`RxZ>`xN%>H(BSJ)r}mEibz3|ZI^6XobUyQ1Lt zJuYTKlEpPGY7)~IKlw>^a^9EY*4p`br+A_HuhJAKU+{TUlPqD+6URP^B6rH%RVa$? zmMemhDG zqMu7sUM|HQxR){E5+ET9KCXhWDOFLc*JM3%chj)>{$mmRKq?gtYwO3Y#oA7)b%kME zaY%ka7pg?zJGdHKewW6L$K^Cl{E>;|=Iv$kebE*{$F3V;$1WN73i6w-cvo=vAj^nrLt*t}S zMPVvu!2&~t25-vm5Ex{Q6t$dNA1*NKzY3$iO(5UA1^-(4k>ermv5nju3m4Uo%m z&k!mELQ=HoqutbpLf&B;ih?4s*!DT4ZP5$}1X1F$hF!dtHBtsvyAbRTY(J1!gtEp@ z&fyMSNI=|ES_n(cgGFl@d6fNPqc-uzcw}RK%eM`tz+C+*^}onW(*2z*Hg76iJ7^o( zdH~ZtHGpAl)xfkqxz%MdA`$7__JH_@Sv~rD{%`L0eA z-Rg-vSjA?PwdwFg>2vHq!)u-q}Hz zNcZfS(TS3K&hTAcf&!B28_+k^sC5+|=RMOU@?ECMY36q~eRO=;hn=+UYSl3H*2LuX zO^mu!9q=`Pdj2`kmb~dlBlk@nH%~Hs&C!JFqqv@t={T~7j?6mkJ

    ?Z=j|HyvHf zRVZ{srozW=MQ~@H?<_ezPtr?&mdFV6jD9>+Yx&7-_i95PR5!KZXuB)0BC6_YSnD;1 zN43%|5p!@<%l-zZ_W3c2OF)#Gtj7h7HiJ6e<*CwqK@*V^R?=SolKZVh8|)TnOkuT> zpG7S87~l+4_h&P5yg;M^#x=g7h)gV3MW>&n6f@otZPcFl5L%&s{yo2HLHK_vyQ`?S z+HPOqr7cq2-6cSAcXui7?i7kkai@53cXy{)ad#;a+_gw>DZ10r_dRESWAAas$;BEY z$whLp)_P{1Isd;r^+HZ%E@6FnXi+1z6H5u(>WHDLX5S2uL++rJ=^)nzAr`&VCHCTR zey3|9RkZKw-S~gTB-PN;{-3G@L{p=h5+&g~lsjFsfZ%#kpD9f0<%~NdQ~U;SK&u0X zAo2ZOe)ct#)sfeQ#038jEWhLbwJLGbx!T#n;Q*HvEW&sjg#IA*E`HDM!`6c(C|8O> zle^1z%qema0kVbixGAz7@Qz3+vPGH1anvcYLne17v3{;;*t3CKmQ$l97rLsO_RJG} zxu?UQj(Ky2yE3hZOeMbKtd;$kU2EP<)3eApxg`-BA}d^%EroY`BnA93^n9#PLj;*K z_0@k3f;IYz$=S~S`S$b3EL8VeaVN9sbm>W!2ccJ1$HyzZPrW6mb;>s%pR18s!)SRR z-~`}iSDzQ(+VY0I{iS~gDjbInMwzYGp~o-qv7@eLKhHqzRCw?IrFO>oVtl_Irt00D z%+J^ner-W~7DM*%N)~!h>zlN;cI)ZEr_uG=JyJ&uv(^+W8aN{-(ckNTgLiDL4|x4I zeg4n&Kl-kAB0UPNW^iwE#H?o3|oa9tASkXN>I zV~WEay6cMO`mJ`K?{WDkr6KAXj?Tp?C3x`qLGn19e9B47|IFh6s<-HtKHv&>xU(jl zc+?>5P4E5LTM6vxN5ikA>WuR}M2?pdthf8siZ=+;N=GEY2s;Lu?%Om7u`9}AWy?#} z6_g7K$x*8obr(&Oqi0*^k?v$yVIxFeoY30bB^hKL3e+fW?7nf}KQ+=~YWQz)^7sa^Ejyvga5ln=YjX>gb)ALrJSk52e@~FRghMLTGCCuIsMzYK z``zddS!E3t_zPFC+)xQ~y*E}!htOmBAu|gyynYbxfCco7_rT->Uu(k|>t@N0aO+77 z5x4#!E9AGW%CgT>BsO&_UaMIQple_$yaoL2UXor1kMcIZd0hICE5z} zuv_}cM#~AS4WzEs%?6~6@Ny?Zx+)+5p@s>_&*#1w({C1O9BK>ZW6ByxCFLnAXje+# zF6q}&$8-2wlXBEdh~?6(L%}<`Lx+8#(+VM!A?)fbL2{=2@$}JYvOB{eg(n&I2@2_i zWWPN*Ogo?atz6S26)JNu<(osZ(_9&dD9R}!Tz(1$dIE;?Rh&oSO;p0>R6f)nR6q8+ z!6A#{?VSc?)j23DVw=}wFFJ+jHV_X9w^Tmfe`{Hm;*RQ=gg{pLEBmAU{|8H97W4EL zUJAn{{YzUiGT*yC?yy<}29nt7`(^+D{gcyGDEuxH`oAW{`J8rNmxfytCUv8ZsPn)n zpbe4?h%~ymzb*Vf_4+|K?*!@e1dy-8oYTxPMqQ$yw2`GP+dieqrKe$;f6AT#Z0Dk_ z@DXvC>w9WnLrQ%YDn(GPh_^~Ur;wT#WQT;VTN3?8qc}^|9{lJlFS2OS~VhNL;_&R(~={KO{|@Yru#XR)}ujHZ&iZoNzo;Ko$vGT4O)% z3%>l{2ZjG^^n-^; zdR|iOXUfaZ}Oi~hti}{ld-TC$_EJ23C0z*@I48S2y zDlB?tcX$F0p`M)NM^X`j9@fMF+}6SZg^}ghOCe~v8RW9B;s5mdy$o#sH-EyIuusfv zxd(C7cBq2WNDT8`eI&JmJ|Z->)}ktUA|AdmS)U-h`JnHI`N@I(dB`rCUi>4`;Rz6_ zAr}6P--q6{ipMYfHg_%`AQ1JD#s!~r2e7RXPsPOVC)a1j$!CCK7v$)n`RT4j1ghKB zqTy{#Qqfd)24@o)zL=DQ@o=RDzKP8&;i!0#qsVXB_uU-n5o;v)m6Bz_k&!T|*AAH< z{nzeYW8U(aEL$YN1gol``o@{yJ%jw3zt?TIBF zk%}LAIs;T+$*Eez9`Cviao})k)=TN9vt9uR1Z4V#jsTitQcuL8rE-K%1@x}5Dw(uS z<%@BM-ZhHGvsor4`LOZQ2Utxbvc#6HI}B20U9XJ>iQl1!R9gVYDY_C_dPzf2WP-w1 ze6P7Mujd4t?n_Sh`%zPa%UI!_ZG;kj&=g{qLOR01$LT=^qw`ytdl>O2&X2c6$H#on zELp9hViucJ&91zg#8m#><%iqO=OJK`{?#x-fv6k%-`f0!-5&fU0}E6pV6kDB-Rt+%gtJ1DsJn@}f) zB?yzqZ#72UEb;GlNzVzI^8`rfZq{3;kbzm*F&c&n|NN8epIq+1kI!r3w4?N zk^J={^KE-r5N1gFB3YmFX7i=3?oI_7QIXrq_d;h!V>4qBt50-S;;y}hvOzjr@nz=W zP00M+V^~D}uCLTAcbXIof}E~QL1NVzXK1p6?r(+BV#xpsKnI6% zDWC}ToFOQ$+$0!@TlHHN;^XZAKkj+rSZ-|{PG8q{=?uBMME;M>e%oAwjTLs^v9SaG zZ0zdwqocz?zDE=MEKU0RHgp?DMpwB(awj~V+C?*#bnLc`3ZT^h>z(EpqN3HHkl71Az|+IFyzzBD zN8j-X2ItfHnfxOR)cxsMl?WGI@hbXw1cqb9bdasV!^l?mX>DM?&}`LD#;gp5*|be0 zpZ(|QL7*MiQ{#-K#@qYC+qLICOTjPyj6>GFj6=FFqs$eQJnd)Okh>T>b3R@5g_W%} zQx({hVF}j>u{1Ccy3(O|ErTDPH+Rm@Cu3t{KRc>A?k~y&o`3!4Fl3vz+r=?Q-x$m2 za~hD_roB03Wo~-N3vhgJcXt=Yv6*#W(T@jlgQy}u|L-VdFapoE^{0%=wH{)|=U1O{ z?#Aq$bv|z??i0Ao4fc>HA0iZEwS0ywQyYYpUF$I{TWfW_+H`K*gTJhL{!E25<-w-= zHA$~86Q;=GayYX7UDSfQKEei=1#2@We!kk6(_gi3^ipoc*64xLJAQS$slfE|ACe&8nayt~8(H%}ea@?NcRIOFD8M!TvL-Cg&Hi1*-N1rIgeq|mO73`l|q`D zL*4VCst?DkvCNc zt4%2lw;XSN=OIa`SATf*EuAPXcf`8vv(<|9&@#|>#j=A^TBQlU(_JcEO!nBG=@gqb zzMYrf_vY7KJP{vm;&IbFGU@eh#CP@sk3o4&q2c!x+-FH*2oR2l*Iqy^0|*B7K=mCMR$FTE=xBX= zd{G|yB+e^yWbw&YkfoO2lKFX!x-l7KsvA0NPqlrRDus$89yEyZ;$`=!{p6BDbOy{g zOU zc8AcyAG-tR%YU;w-u4DVH$1wuLXMS;`kDvB)Jk!YhM#yeS>Ul&fDb7nNvNr8l#dC~t5l_Z^_7i29mb zH`iF|-YqU#JY^sS`^i~vtNe>JCiQWp@#(-z|v$9a} zZ{iPsla$yUx&O)?Z>8g-*)62weKYX?fF6TCJQqSynGvq}SMgnkC|&df+D1Ak@D8gMK{+TiPtPd`F+DM8HRuA*Cv z!N<{$zvu@6f_L}}Z(qJrQk~)If}CZZwxK-P9Vy}8*hQiQ7oKbg+I0X9gwZ?FT;dE^ z)1tDTpt-bvwT_`nu=v2-7W*^d_e&Xf3uJVOS_u_Q*~7l--))V9P?w>g#bR*KQ|y<) z8yV$Hcl>Oun^eVQ3T&LRC@T(ibm|GCA%@Z5?dn6GHvJL~tKtwKwG96_-p@yBQE}HH zCfUSFmpk`s7&H%295R1-9NRKR;dw2CFM8 zpaq-t5ma3Qex5g?IN5Gkm^c>x7CgW-MfgKSmO;#qtcWLX80Nd84Y1$gJY{l8`J#7# z!-I4C0+MJM!gL#$Q_3`|7)zFiwWC(5eL=NjzicBhN~b@(QcW=bcnnChO&uTOn5mgO zix^}U71yodJ9$4=o^WLG?l?Y&V=nDhRv<_t@S#X5sAI5|Gs_q6+ z5QG?sl!qtjD*x7lrn!+DPuFeA8AI3YZ&>#8j;1uka1CnV2dv(_koFLXmwX=mSl*zc z)pry(l<=4EVWyv0O^|$AZm2xUSCp*337<%Liydz9ox02~)|wU0-_5kwF_JH79ygrN zco?Cb$(lz_+kM$=3ydi_Y8F&I-fPHEWw1xcbWKyfE$!GtV@_0{EdQYt*j<=c<*r0vv<7T607bx9n-b+5>BfQMe3|e1 zcrhOAs1^|A2D)0>1U?{&as-qvd3=y~zfUq!>CAPd9uqjnfEtK^h=6NySj~Q~%%-0q;Cwk#%W$fHf)w%XH`d&y5?c zuvS}bbS5F?YN5`JNzy|VV{z^k z32j)ql}@uA3^V07wp}64LBmY#X>+zqm*eB*Qxq*Mydt_>f=*FlYCa3^r&c@)(ZZoK zOrZn?F3WFj)KJfd&sk$lB?-Yu(C^GO0Ewtc1-Rhq>Jj8@6BT2V7-8NO-kPk<+u_r( z(cew1VJ@ZoCd5z4gkU0sY!)k~h^O?KQ2%Ps zM1oLB+(+CcSmBuvfp%O~^YyMz~TH)=_DnvYDW{_M-+Nygw24KQLh zBku0gF?tT#G(*@%Ai(C<8(`ZSqo(-KlO*{aPP@qo*e8p;Z~T^RW`_&63q&iW#GfJL z4)KV%HL8moK)*bK;RzvrB}{@auZfQBQi)zo+C@i+(b(C%507xH&B7YdB8SNcbl$_} z1$Ba-;Y~~$jq?t)LF>B562gBEAs`b|XE~r}XU+XVyAF=Qc9$|(y+P!>a4Tp|K{_v)r;pSaM@2Lk-3d;+x_K%6_7G<}M5n-Dk6s%g|t zOGiO6f7n2nfH0Gns7O-8&m~9dM(abcxbf{7K61Jq6PpUUkg2=7lb0o>`eOsv!o!^l zQQQF9$raloN3RFppPc^4`Kq5LoA`31l+m5a*ci|ie?7zzWfo=c<#xy?ut#d~sTQRT zW#VsOd$=y}fDfe$uOD?zcEE}FjPw~Lx?GgrcrVHV)tqzS&Uj1wxwVYCJhX2m-n@kv z9~aAx_Ifm}5gcz8beSw)bb!WbSef_8tfc-8a{N&_sGu0Er_cj}Gw}P?72ydTSoK}u zR}B>RB?rhY7CCg;$6LD!m8j@hH*utMAYHs&KJM*tWYEle zf6>IMuBk9lm6n#kj7wqr>8#?W}bNWD!(|~!fs<$UviU!3OTL_s9(R@KBuuRpA zp(5;_B7K=tlH7Vu(%L%0nuN!V2j*Jph`(r1{Cs#lC4S;CW8)A=B7yz)AeF}YFW50U zGodGuER>3@b#*flS4Mc0?f-jmMlnZ57w`Fsw&1tpfnJ0c!;jR&V5;547&H&_p!y9u z+8f3Vd3#!fpKrkWP2`p3(i1@GV0(R4zKi7}_A6~X-KfQx0lbLfY@2TZ(MVag6g-B7 z41yUMRQn&pP0yO$bk4VrW#9UQuxVNj4T~o(zVHBjwDtES;Nd9d+qxY!W-quPO*~1= zBklLvxO#QC!*uH1a;O%kTbeXCnF+myl(@%;o7I1DJkBGOC|ogja7W>7az>K&XUQn~ z#NIOit|E;+?@KbY7XM@rqjlLqh}yjfR}t5q=H=yuri8sEkjhsy>j` zd*eX!5%_v(4Zo`1uws$gtH`Kvu-z|Ei3YW$phEcQ^9yE1@)=L^f{*i4)}z;{M6>X9 zH5zPrHBmZ*x46HMgyRdVIIl>Nj?b5o1h+)PyXJg`NQFAeiB&fInA85NFb0F9J+B00cZqr#n7^yjw* z*0eu2rfFAMH*ypyxUm2G{TZWbM}HDbuFR?YUphjBOhpq-V>up`#@qm*dyjFC))rSZ zLm-X6$ZwEC?(ab=uF&o?82U-i=w67)`&HYsK<%39Ulg@8s-T%CQ~ep_wGHDK6W)lz z}gT_Xq+fw_eT6bf~!btS2dyBF=i@w}j zD&1D1qGeexZlXwG3&4n7=Lvuvj{MeO64GR=wn-XwA#i`+o)?&~22-C>z3m!IakYCB zFE92F%OQ{JxtRa2*8!FUKLT<#!xY72k zQm($FZ}@?-iaezS!lvkINQE`2T4tTOY?Z4Yobo=%LkGW zS0pBaJm+&HUc(&LZSdr1zZch1r2$WCMVKI(_JCpX$5vv1~R$n3s9MKaok$B z5-MRBm?;jX8~<)&=tQut98R^-|2+V}i|9XKhs(iUHX3;K;!v$fcIGwta_!{rNP*Oj ze?flJMyq}Juz=8Wa`4?km$F%~x$f90a)7vd9bq_qW4N-5Q7@6$u$qQ4prW4I&$)=O z4n(qTB5iXlkEi=hUR9V)r&$Q+eZ7Nt(OM%sa)u7)mTLcqAoY*+!!}1Z;Qc%PN4=x~ z9QsFL%>mWMtgoO!2avU@eir-g5fQ;G1of_DlrSp7mMWVJ*4H_Ws6ifxmhtq8Jd93} z2f118J`O^xjVq<0?3w=k`{43?hwG(fVd|D(v)~-=pu7{eZ!%nN0#MJmbe=P@y#j_4vlFM9iO*Zg_ zLG_)T&2kX@?7XkVao%v0s8~*<@rL9?YVH1+$V0tusR<#_>slFRsjgA!zznOIjvd0? zLUDUiMiH5ns|HdzS5OJ+{2G#a;S5PiJ^qVXK#C0V5R1qVnfvWoT1?C^Kvh=Znbkv; zr(#p;jb=R?7CZ0_gG!5~V8Egu>Gy5HY_o%Uso`+S_Zi%>UXEEzL@fm<)@_dnQ1xWu zRCqa7fwd^Z;#3~=ESI*F>6zUulrx3)ur#RP1X2pK+IJ z6Be6|jZ7x>Nv}PqktU$Rz9dKJly&@>M(FnDifYgFM(n|jBDepQ-JpQz(?*SzZ%n?K zfErT;UeGM71Ker_w=9yK<-lbp1GY#}J3t0$3Lsh%5T03VGz6K?G5Q&Pe}kXEmfPZ6 zJrwXgv6e*fK@Q{mYgV9j;4!9BMQ3p=m$>Ovr-#?gX%u7jP>9LYr zZZ=B1kg57`Mn~5c&YW7i;*?~ff(>JBM~f8(UM9PXrNvw2qSW~EjuL>9Hl(3x9Ryqa zGLD%j=z{I!U6SgUm!7A}P(!S6<%p1qR11vV46aC-WE(VlfIJQcGhJ}9aN*9?yl5c> zGabVy@wCGv8|gG^N@6Bbt4E%jzP$QB`vBSPN!McOt0aHYZ9%NUl&ln`<^#Q5~wpotu zbz>=6CqGBlGlQ))z9MK%NH+pkLna~2rNH{&>bq2id!*C!WNkxi{uUwvkWWxaD)WBv z!)wx{GDj{_UOkX(hHmySHbTx$15$xI5ppnga zIL>SA8&Cp=3xC#{20KvbCx5uKHRz|C64#t}7%jmn%y z%lT@VVu5k$t;l6*RbwCu`)U8OVoh~O3qx}^D3|2x<-y`azpBV5?O99XI!f9Ph_Iwi zA?HwUf1gsKRJMUNpTV)S`7=UbQ0g@~yl|JH`bbN76{BY`9))^$T{!l!}?~rPfyWaciT@EqGiSV&-F5b>UH@c}I*_gtW zbEa*2jD0@d-gnox_tSe}Yl9M*d%qqXem?EGc|UP5fI#Mb%=){1E4qr?b*&mtN}egE zzrH?56wC&dYVt46{px!pK3Coi_5Ia&)XbAwgP;mv!L$4xv@5(nYDIki^iW)<_GUt@ eY7fA_WgP17?|%;3S^NDDMc@bf!>d;?ul@_Tz$r2S literal 0 HcmV?d00001 diff --git a/released/assets/rancher-logging/rancher-logging-crd-3.9.002.tgz b/released/assets/rancher-logging/rancher-logging-crd-3.9.002.tgz new file mode 100755 index 0000000000000000000000000000000000000000..f2e02b6a3affa8ef4aeba4c0810cdc8b7cd15425 GIT binary patch literal 26805 zcmd?QV~}NA(7)N`F59l^vTfV8ZQHhO+qS!mF59;4`q#aE--tJ6=EKbA*%2q>M6P`z z_Sun{>$h?}3pe5?(vN?xFR~vLdZO~Q2BK2Tl5T8F`V7jnh6+q(>I!VkGRn%#QYx0_ zde(++igGqwqDGchKh8fi684+xXu{9hctHAZeBMN2JcJEaOthU%qbj=^DJ2jY>Yw_f zz2HdcD-gBmUP_`vkLRb+da2DFxt*$B z<4X7mJ_J# zQ&h3$rL)!j?4!ND-r4@TtYfR4vHAsbDr^t-81sg#Zuh`}S~PFK>sdDt=c@pURgW1~Iy=@aej63IDNEyg0ij$Ki=5gW z(vQ;Zc5^y-7LAH_tn(!`uZvxi!4hO%)JYz$*O3jk!ZBx;5NyveIV<6!dbwWvx(7ov;$5f;bk;qqBVz+|J7nagDpZG+hcVk#X9?k(mw zwq+yy+n3JOR{P99WM?2A$^y%%)t&W)HbK5I1fPQs;scBVdd2XNRo zkxO7t7kY9XLwK&roVJQVmztVlVI~rIP=ah_b3SHb=o{rL;ycQ8^lhSTIP%mt)QN)t zjdg*ZqOQ!QUNf7UEH9EDGVYVd(dG$fWSX#f`!TFDx8pCi@q-^*bqY)saGBhyL-9ej zYBWv+d#-cKiBP`aYdMfN5Ms+qplCpLxD9`^K*1QtIE))XHpEgguG^OU;Y2d=U6NGH z&9sGWI64x9Zg-NrMHYOLhAV68UHq*&yuS0E)#Sn63&Jw>3&_h7S&==XLaCShA{Fo~ zH=X4S-W=RKY;u|Jg>TW(tL6S!sla(CB#9LZdd3V zcBxpe1X?&sBp~cl0*TTa0N8&=1=BLb|1jt!f=ks z*Wp97*g$*5 zRq=}x>H$%{^nH_WR#IdQeN0(Ao2DkZU|eUT1wcuO>S`3V@4`K^{|#wO2t{@1M927g z>-FZ}{m#G6IL3yuC->8w&qv}{5Z(=~B76ZD6cOe9D1S7*V}778pJ$MCVo+UAE=>=d zM|d18HmTQ}Axz>=(f%lqsW8MZd0EKez*FpV5uqryKfS4~9tO*So=H70u#{$Ck+1(cO z_KJPT)WMgAel-NN#F;p+xmq(l5%H?AARH^%v<{U8903G|^0N(bdKWm&p05dMn%>1& zPQO16-M<%<%Vu&A|8YbFA_07jUXD(TcM?(R+5?v+J~t$iqY7cCHe4LgHr_HoXXaNB zkzT8-8aR(~;jTY(GjXPYs)21iT1bvp`*X7SWCZn!P~`H&{hXN%&KlgbKkCCPSfi09-gwp4a%t-#2HKX54B zs%T#K)3E+h(v8D}D?*|kRyN3SH$AzW6ble#U7+3J!VS>d>qKX#|H(ZqMf1$dk}1J( z^mF7mPxef_QmA`LpzR>okK74a5rS6x2PlTMt{;}6j<;^_UL6NZU_OsUP5`P-?|aKH zFl?1wwU?2-cwpQJHkl}a9?pdgs~{k<$_xot*2R4&m1YIg+crd-tjmR{_%&bUK=?P_ znhSLzQ9l@n$Ti2`e_x%M`?hC2M_ret?Q&Rtq! zf$BtAcB^Fq>cAM=yTK4T9N#2$Hfp3){Eah$R10kgvh{xdSPiQUf7=+l*>OGQc6Ee5 zKdq9r`jx|o7G+PR<^e-|(d%6r=)hh&Ww%LG$IqKfawQ6vJOSHU0F^kiBcOoRFXD@A zQM3k#?2^$_89I^7`*A3cDR2CqN@Fyg>il+_HJ>fF4E_`+a828?^=$vLiYYVW8n_04 z&~ebX*bN7dq5zZlffxd1(+X&Lz48($8~`#J{ZcoLY}2lQeXN@IHpDHKuN?gSSRtBO zzNYoP3H5rbA4B7Wpf<5Pd&ryw5xt;Om&xT|MJ`LpgAgq?f};Dz^|vP=TVy-K0V3K^ zi94<%>oWH%#$clMv7;oxxKRk7AzK6`Lp1yc6xc|u%6(f3)1`y32WQ6he$Mc$ib%}M zOuE&lOKF|DgfEu4=aG!yvzNXxT}E6o@x~#>qSdJMz79wh+3o*QCitlBn56?%e87s ztfc73de)oGhZn07C#;~Cs~$ZBgoXM6DqBG7Mx1Qck?f#Q$n)TFld3&xf-HSEs{xTI zoHn41DgUIvl34oC@krVZj%%I$89`)`f<72-HE>>Q7vFNrQmU1$6E~iDfu?PGBq0^x zcLW}#Xf}^>l7O}tpezxbS15(E%GUjZlh%zrc2s`}ck6*EWXGSDRzUOB5ri^yLCj~R zFPnF8QdjQROXUt30td}{*Sp<41EH9s-?ql$-esJJ)H5RnTWevpy@(ryw#5o0`RD3r z?l+;LPL;!DIC?d?mPiUWHydQuWB;Fiz~KR3)|9AdQh*ZpUjx`rI@$v@YOPjroNqD)hsNoKZ9WCCVHavMeb=!*QzTT|*LeD|f- z0WG5NP}ms>boBEC19VWKg>mU>(;U`#lBv8q6$p$u7zrHpoBtcBo8*p@7nn#rL8R_#KdjG8uIeZI&IH5JuMrg3~n>(?!Q5*KVNvMt#V?NWa zO13bgxohD(bL_U-*Z3+rOjsv%<46={laUZwTpsSS=|%&BKmg1n9Tm{(IkCdl|uY-9md zO23_Sxt5v-+|tJ(u5D43fcaWV3vzP)|gfG}4>fH^iD~Bmg zdfrb%cCsE6N<&I(21#ycHSatvQO7+>my^ED@wd79aQgvTN&V6dD0sg{Ka1p*46U4M z_o$TqOZ3~e*H$q-7qoYjCoZkBF#)m|GzIHaoTu1u;^ED=3}T4}1&$EX|YW zU^|XVdvb_Re(wbXG=+OV=V6v6P;uTn|VY!VHED4OfhrX)~RDn-AcK z$WO!jCxO@*9_WzB&$0yK0v_~_(PJ6mudxa5A#u!qj;EbY?SoNijO2!9=9F??-g`Veew=iMGM}+k;?PW3+2w z<#;Tiy5e}u;cvv$QB3{2s-U%M$HNi27vePk>o>y@$~Ksb8i`O%Ecqw29-t`0nLJmK zq&&k-BcJCT2{G6&&g?zKDVFHSa~>!y$IYwenAQMmdJA<KfvgI*{2pPR~ zBq9`x(E(DlIpi)UuUU=Q06lRxOxyNnNyA!9+`61-kJ(n)RiE?#l{!M!l-6_74hWk8 zo%4d76rj`_Mh!$a z8O-ns8)!NEIrbHyS1dAKJTtV!zF|V*#AxcnOUV<~q^tiDmqKpXL ztT7@V9{M@HHc$uZ^~8Pe1G=)0_JhW_?UGlKW>UfTEW(dh+kMWgRtg7LmIJ@S7EHO?oiH!GSC*?SB@Y%Kv=0EFjK4G_my^f6<;g^M!%?(ZMm5t$oX*v5#|Q& z^HIA!`%96_z%_c4*7~e&u;9@NQiR<3TJNkIYb zyK^FMyF=FsLrg@+zyZh=;ZCot4HxXD;t$Ct=IPs95Jl@#=*S>!#k_K{2ARxcBXRy% zQ@W%hbY{^=`=Wf&h_Ifge9?*T+3{PrEuC*Hk@4FM20ZifrPz=zndwtS0{!N?7FL(f zZ4!dA4CF2ozE+L(a6P2ASr&zdvFQTlFlB6ohlNt<^H}l@qJQw2OioRF8YQmGlc*|` z#^?()l;{dn2=>0)2AF!jPOL;UEq)gGTX4ye&rw6XU?7*$ z85_0@MkX8Q=RYv02d##h4tEybiL9FSuO5fUZM}ZTz4Edn2`b}n;SF{C7VX0STI&KG zj7CnsCsQTWAkDr$5ub+Q0jaoyWP8zNZhbL<5PhFzgz*@iyi<7-5L+Ov`* zxSJx{&$9JmpE@CdaS%O7Mwy3_Ht1V-&j;jkNdp;U8$<v+to64ostxTDwb6r<4HARcb%Nu+Tj`o0chb7`dyBFpV z4zD(zXRtCAEKuwH?p+Yz+zJ_C0R<+SPTWXUrZ@L>!&i9!PXi+~GQBVL>S7FcJ%$-D=8&j`q3Lt7$xC}Dqi^3iatL|&WHDROB|N9n zR<=Y^+@u`bky+JqvY{_y$={DxTf!`C;J0{G?S9jMz%87vc_u{S7G-oCz3$^mv0rP} zW)hZso7!g8vhee>*To>DgqmPT0FN-vNMNn?d7_iyy3y7t@Dk`;n)^oyv{PPTrz#l? zT%^VnPeE*0Mhyc*v!cpjf7hpfHNl+&b$l~1<_zWyrOdx&GoMqUbQ2N2Q;*W_kK+U< zf<2y~pW#6yI)~512x~vvA}%J&>yeg}o)qO}G3Oe{&UCA)B=YJkS*U&j`_{5H4-jo=qy$H^n_WEp;H*pn9rTIdC& zdP^zk1y7?Fg(gxM`dh{Ii=kwT+|a~-9~e#*B}ymGp0rx+cqbYIor*mlulEJeNO;>C z_JFEMzZI4A)Lso@Dq{5KCT&njUTM!3>USfpX%?fS!Z!H1c6*MW{=!2 zCx;F48UVv6=7K8Qi`n_g*!hUC_Y{Dn5%k?~fin)CU{eqwgTq{*xwr%l1bS0qMEa?7 zDdK_7;LYex64r$>>&N>E1B*+>n_f4R^ob>tzW!%;tY#gT zWL!S}H3~d$cNguS^_u~>1E5Mw>?HC|rAe-&6TMU%WksphbHx>m?cyBP8rw-E)@dq9 zX!9K|@Uy8*KaMbz1J+J?%XMKLpW0M?E)u%o9f8b+^9>8G93XD)(A7-e6e^bRVBT}* z7w%cW*YSn~L#K_>o9KPsy`WG^XrHzV_RaV=#sAZ30YYRs!)}BGT;>DE@pTaSd2^58 zwCv*heEZI;sCAX!A%9%zWltHgUok2iC_FLtH~L5$Fc@?L?_7WrM>{7ly|>Oklm?LP zaX7j+vp~oO$im}2io_TNymfz#zZKG~WN zx?srv%-IpF0lBo_J>C%*%B=#{jnI3yUN5pWh+w(_;q97yF5i2BkpR3LoZAyNYfRfp zm9*nytUo)jzK3|;`I=Yo798k7-JfA-=@ zY)lBA1u947C6t-#=cQS`|86(6aoGlJ+>L!oUk+7E{D}tb#42yS?w0(@>~;ErtaTfL zbG&E(?v#4lQ{^uhju}%IxR3|Ne}6cn7vnllI=cpThSz)Exn3{e?pXILnq?+bJ#5eI zUp1F<;3`tReUJ<(KEtsPIvc9-*F7~<#km#iiadjUQ~oz!h1?e2>y2+9Ri;i`P?kRr zU8|ri7QUPF$Q?qD(7zJZ(+SFulm&9&aVP^#*phnvSf9GKDME* z84#e@(>2x>dn1#3qse#nYiG)tI(xQpI^S=xSGPBvCN$~euCSL)$;LcY(!IG_N1yU9 z0M3thkXJe23vIb4K4?F9aA5J3__tk>!L^S(G#!6%xL$jTuqTHV&DL@Ly9Q}bMVYT7 zh15n4c14;&y(#_s{6TJsM$%Wlm)*q}a%gsBe`}7urum>&o6!buUpx2XG$sz_BF2=T zC%z^;7KBNOt@D3ICY>>;!GJ_$=NxG=8tYFA_M~**91^G3x^eIrhL(Sm!xf=OYJ_HI z)N#cww|zwD&N0%Edq&#IVj6m zdP+RWXSc-yNT9PBU1zuFh@~(%&8`dk5q1 zmApoZad6cOyJE@k2}(b&;*lA>l0_mE0{^7kyB{A{LWy-J87br^My4-|6$6P8AWoVW zOArf^BsY}DPZ*n@>c;v?l$>81S;4sZ$##witu?KelbTQhuLtjN`!_y^GaJ<-q%3?d zR*})ZTdN74AamWmJ83GyES8RL6O}akP_T|)oCgZ8a*5Vq$nazQD^=CwZW;auC74$3 z?5zJONo*|K3^9p3-t!Y|z#T^7VCed8g-w>z zk>?8F!Br}7E041NQ#d08?LWna4|@I~)|Um~md(P!028f>9Yr2b9PY^`XEqReZ@JMNk(ucQD1+^ad^d$tv@Qvy)7nb6iS zKKH-*HtzO5Qda6dU`Pl-NPS=?C{W_16)n*u-7x#ZrB~UiEd!wF_Y3@Jr37||g| zRC)h#Nq(Hm#g!u~SaqcvqwZLVtumXf4O>+R1i5jh@~hESFX>|dS=i-7^2(L^39}sT zJMH{^Q4?psRc!E#=jqR+fk&C}*il1CvM%R2Am6Ow!Am7$3=bBYnP>}$CaMZlnu4F2 z-a*lMbTWfHz=Z8iZjJ@?7}dk+b+}KK0x~?Y+resety=K%qOkZNQc%}n=f3uC;N+iV z!k6M>Ixi^^JB4_y4PvaG+m!qMdT-^q*ld zn{}*_cxwOGDDZ$~^|}$ZmzfV%?%`83mLO(QxLqHllC)hJt*9SOS)+NYEJ>ZQkAjS4 zS(P|&g2IE^$R0weI70`2_r|~jwAj!stE9jyIUZ7-VDU*5>@9p&kMq6C5z2SQpvPpt zw}RO}x{Z8~_kW|;&})N=hk@!`WsNs%%3Pm3wPQ`#o}iAgSGRvyI*KGa*i^i}Hqx1V z9hbt0(uueu#haqll&iIyb`H4^n{lM9EDc>aTzG?kglOhgU#4NnUV@QF?fFnYFpyyEkIL%LM4o2;lrKIJ<7eR$$TB2X49AESnA7UNi(|1Rz0tp}Z$Sf@;NmV9T`8n3MW(A$ zECS)i1P`q>Us1L{K>~*0L$FHl$@q5;!Saa*OuS2f3l)L)f{#hJ{x?t4MdYr>90_j; zQ2r-zh0JJ)XiL=27JY7XRNNKz?1#IC=4!ukez1Af3|ELl;qGb$<{zSMk9@_x!^W(k zh$knVmw3?8U--~Si!9(p zN;LNLKvDZd^I655_bHs&Ze|CV1zFS#zoCr}U6!iI<^~UUnmEDcJ{KtUK5iBymy}1v zXDs^)*|_8lg3jqT7W7hi6}I$IxT!&Mxqy29iu>ha z_&ysdRG4B106di_%>F4Vs2ArC2zT|7P#lg>HT5h17fA>4^EkF7Nj*d9tiSJmB9r`q znB`}uhf{D}&CwBVk@;Sv?N{Htl06uvmHma5TZ;Q$hgzC@^yZ(2W-NP=_+5h3ShB+~kZxU8siOA}H<6GD!) zc_2d*4~Sc%wH0GlMdm+vR8Pv)=V4C%pMbPo@yw8VS8HVDX}nQ02cAd`)ID!=I-e7d z{ox8SrXs2)tFuj@<#J`2OwDj~@sJf)M@1G&$yMN`ZQSM~4(=CoQ^7h9C(Xr8)d|_8 zj4Nv+{36QQf5iyD@}}?bYFkS>n91$bqTNzv!Wix>Cw?&ARjme0#`iMR9;P!{gT>V>!i%!F6Ls}U!zoctm5XL9F!olc)B9m^BNMI=lS)#sDQ$` zFbZD5d3Bc3tnEj3|Jth%)9&u_UQ%M|WZ<~gNyceG&wJi8WP9Mus#^VIqjl#U^|XE| zQg-$FC9b!z1>^Io774bI4gIKNpj*msr9S%Sx~1aM&^P<+Q{W=8TY(40oBChuCG8t~ ziO8N}?hGt{)99clbc@=;ffpcE(gLRc=WZ%kxEF z?(KSN1|_21wN|4g-lXd+-YISg1q(8W+;;Ov5eJRQrqCDddpc8QpP}I_H4hu~0X~m7 zr35H*ANxs4oeGI`GwUnX?SH%p zPSAw1td4f}`-W=Rb!TG^fV$Oev(RMGPt&lNs>3JChwVf97#L#!97c>u)ZH4hVNJMs-YOeE zwr;&Bzot|uAE5$h$`gA>2=j3zaGy5`=Ac{QTJ6XWU{ObqbzgJ>=&mx)87|OS09a^~ zpOLFA3ccaL97g2Uehq3c&{mdM7(?D^AdyW*I03^{=>q-BOd%)@);Lc%jdsLbXmJ@3 z@8-f6M*@Txe*iz-&5&+nN5`#7%B!JOYfw?8iCO*hTh@QtVE<8^p8oKJ_!nCdjb6x` z=@ZQGHg%-sG7~Hixi~A5o9IKDK;mH3ZxkF5AQXNpgpa~$s!0*1i)^N$Tm9*L4ne<> zJsyh$)ggSYc<)KW&QxwykC*x z01ewi41qaTs!tO{807;+wGHS}V&&C9aOR`vfxS^ej04&QM$&iC$bg0_Uh`_WJ@eXs z<)=V|n-)}5x93*(KiCONlzsG|>wNqTs3-*AE)_hUZ(d*!x7r9@pmgFiX=u%KSUv3{ z>iq$#z6{-M9#D}@&V(NVfLUu@wx%Wa(y~x8i*298_dj2TO1is>Y^H{x~y2 zXAI;2Gn_)(U_ASO2UFe;@U!`crKWASOe!GU)qX)O+|KHwK6oZ$ntHphVT}}m*n1{Kh*-=Y1mUl ztHufOR~dw_r}P5^Cp#kt9e@rmi_*dMqtojmGT+m&JM-0I(t&Zr-8OWHE`tnv;qmbH zJfgm~o@_CJuzGT_0FtH zPj%acGe*VI2a!7*0PX>RX4>ipVjt`E;s+2je7O!6{#oe-qwNWBw-t}&s2OH*Ko}!| z;7NJN$prIptLV~#3{zNZO}(?Ds-Odz_rIVN8B`xu92wPfpam5jh70pB$26q(`$$gd zz74=Q1&_j3Y0i|-s)|nJ>RrYfjip9w>j_KCP^+q<&7U!>k)yE`M2XUv&7qJxgzKI+ zdXZqdMat2TAjYCk?LQCGQ}`jCYVr1!HCpi24KnZTQ=_Vr1sV7=jFxJZ^uw5-RA`0! z@xnT&d}yYHMBXcwgMSw1OI=(Q3R03msR`Qz-6v6X!%tvjnj_+>gn6{ z8hPSkP?uggk&q z$Ul4nPtD2cup1FDC81UxR&yqR*N1xo6Z+UGapT0)%iyWWySRD*_CGVyWb0#4IYRu3 z`(5Av3?+siKyzlIn+W7}>d<1ejv(w&NFT9GA0hK8n1s|bo2>L@_s-A^Y*_obccxPF zb$`2%@ETL2^BH!^!!7aVdB%eiN-Ga|3n&EdgY&uibx=pW`@GaJ8~Wx4BY7)}Er-Kv z3xcpUw%DFszgRxZUU`ZiFju)rkLUraVPRzLUECQ3}H} zPE+R>c8}<2vRa|%#&B>AOZ*C-`bHeV4y}jfGjJ9NyO@ce)A58W8a@MxSw&Q3mI7Rq zPCiin%>-Cn5=#UyI!PO#3A<}6f(g5JErAIFRx!N^U&xUm;gG-Es{sQFJ7*4KzMbG( zrzw_)D?xbx%D_1ZrWNqS9Igi;T!YVS=n(wHUA`S|e|6?Z%xoLn7a-csOL(V$2= zZF&63Fa}n0y&3;fDntpH?X!4^5FlZ%BIn>9ezQsLtC`>7?J;>Nh_~O(f@}gG&5yA1 z=yYEUDI{54m&1|-?w>6W2^A$M5!PTfL<@jEN66)+>Y9bzAk`>1?N|5kP#3cZ+Vajb zmE6=s-a8e=$YsAVoDHC%RXA$!#KW3sGUZVYPf1~#SamuDFXG3M?EB;qgQIJa8m~#B z*$ijORN!bJnb;qsG33Hqyr@fXg3phq-#lTtfK^M`t^7Xg-IUBDfcp`<)ve<6L4{PR zq&N1 zDTaYEoDK@q(Deh0jY^}4Dh`q@r3anI2g97mv?AyuazG82TCeSSFx4g<))U(hyH>cyHxhcALt>zO#&Z0uMz6dhPs2ptgwG7#CPq}@Xz8NDPhk`!6+(K7;#B85#^FH} zkV};OARw1S9kAd5tr=9zr;cwV)f6(n$AhOpE0@;FeS$9+f5`8LQK=k?;ViOeat8!Q zu0*6wpinc>HK0&8;WZ%FFzL;w&@|B{B-c91C7{s$$EQQmt52>=(wj%2cVs}_5urd~ zFy%X>G$MV4rwPCYdqoi83EpW0mM$m80fem~#{q=VleAY4QT^L_2+uC5nZXwxxrISC zAgSf<+8?=fCiW*jghEsYuY`OAHd1OF7=`2BaHf3Oo1N)R=3p3d$6OwKQb$DKMr7%> z*0vd2QM^kWr<0?Q4X0z`E&*&H(zI&Q6+xwqNHXVqLr?TY(d#|+oGy|ZtQVQUv(D;y z;o(BfX-T`a){}zH>D5JY#T`GjH-@%^*OPKZ({kqqf7=`1GR$eDoBj{)E)atOx7nXp z@|8xAV^x#r!l5_UPCEGZ_9=sC$+O6wxURSXbeupIw4mjw@8MtZpf8^(SO>TkLr+V9;*FYyv9!K8XP+_6y= zPCOop+#p;UCVU~6!Yu*2L^c0XRTLIOA{cq}vnMtpKUgDPr*i+OTh z*iZuaJ)STr&F+yKH;EHKl=Y!7yAr^|Bg`u8P0M+bPawt_pxSiClnN`2>5YRVk0%Yu z(fO)BIG#11fyy+$gI04avPGDzLF&@{fB`Vg3+=LLs>2xSCA-P^Gs4T)$9zRPq+p0! zAZPRmY=?`JF2ox;>6(T`KVP6>*X5ZF2$*rP1TQbJzoq@Q@pGjtRoo z1;V2`E4pzyx2Wl?=Tk&;W5yS6Mq>SYpLWbHmQQxI;3D5S57GAy*!cAi?2Z zPcbx~Utc}7YG@b2TxjQ+ETjv!l3j8m8$CH6HfwpVqe(L)|Z1 z9L(8PU3*3=@cMWwD(^tI>JuJcPwy^yo`Zq)(G>{B(7V8-hJj%MR!vU$3zX4#r(^XR zw0Yl0Xk^yV?8dQacNUEIfZD9a&?_+35rAfRZuhZPzqmaGWOb8Ic--IU@36H=BXL*T zy>)%SeDE_!2ev+McV11pR(>|Q-7Mk9oD!&By+Sm-$o_zSQ}eK39spQHu5HLpIQ_tLqSwAm1z0mRG6@B}>PrJd>Ew>| z4u#DnFaBWo9ktJrEd$XLhJn^{UZS@^L!fIJNiu%P=?~{rOvwAS+o3$h7x7T-Ie-(~ zKu(?5gl@%tospTYJm&JfF_VLfY1)WP9b3sY=}{lX)C$bcRP`1WA=ZrXCSS1s;=ESA z!TI7K_{!0fLpJ<59I3Jr;t3m@|IC-tVGRKwp$-B1HsgYo8!HU%ncd6Qx>K)X#3b<} zhj4iQoM-i6Vs7`UZuQwUFipp(7>TiS(i>^0UF{Ct&wF%#+jI$sMzGloNskBefCp)hU=+(P*k<`nwhOTlRcrk=(M9%U zJcK(2vk0jrw|5m+_m9TOtK`bb;~m!+M}dl)w(pZSDte@@(rNplo(#-@lksfVpUTi> zCe(VS>$T>!npGWC3`8SDl!%UIr|OrSxhDn?dq0C9PFabis68G(6U81Nhb9JKoWlrfT&S0?qqq=OLGxIKp1RWfx0kb-+f^ zjCs|Zde9(I>{wrmydBZ0Wu*B{jh|=wFEfM+Z7aTKA|2c0l%?QktEn^a(?f+(FB6!E z6tFtKE7i`F-S(IRdLh=cm=l;s&|FBH0L1e=62>RWXZ87TcLHv6QE3PRL>-P;I!hUy^ExeMUXAs8~;zrCark-sOhCFyksL*=BF)#HfsXzcpn8n`*1Lj8F( zNHzA#9I!Q>i;wg_&TN|OZFwyAYOLl*LZOX&FE;A>TQsVf;U=k-bkSqX7M`ZKV!Eev z8r^G{{2hj%?zvWZ0Lko=b9{qxg3PagPHrBdDfYy5CQe_rX?IH>-?B*p2CM7idsjzX z#DDZ_74xc{w!4|!v&S|yioVFV@7MR3L>drJ7|%EjZKyiwHY~MRVXT1h+O0UmwTa_% zze7@7>E7eL=}Mq7=f?4SY;to2JxZ5~Z>@l^-4!>#SNTCGmNw=opU{Z z>b@67#*)Y{;|+8&^=?F})?Bu}!CL3NcB|lU%uJfHp)OF9klB+xY;X`-2L(dEFC=RU zhb!p@<;1gi5*3Ed(5;%~hHEEz3Yq{E6sWx7S~!y8ES`(uwT`sXY@umA9w;7G{3z&= zB#Hha{k05s_G1S(1Yts~Ni^d}8A_XOp?VPb6yOHT?`BxNON3_3>@MQvlG{I6Ig2PHOA#F#^F82 z^~1*XQ^u#BZyPrSKhSsghNGB4ts-fB{zrd?J<(3$$$x^e0e!onbiTii+z zC1VBi=-~9xXY5rP_V|TeG4Ch;ssmmLeM5MPVnmRjUi}{#yQgdCeBXe`;C?vOo&NQ| z1gFeAws;47O8|j}Cz(B~7)%TGESq!ORQ)aMQzgtCn`_+gU<6yi#Ll4*s0a;0n|oaU zN(9!WwqX^YKI6sot$}$=NE$MDmgjn&j%+9Bnyp}da2}DI>uuy*ci~)A^7o0%*8Oxk zoOhfyZk$mSvsYFw+aB4s;e2}Wd^o;lSVKbO7{yLe3GVkJtoJk#Jo{U4*b=OJ+%8hd zvA%BCTA)W-o%2}!le01K*_DP|$k`RxZ>`xN%>H(BSJ)r}mEibz3|ZI^6XobUyQ1Lt zJuYTKlEpPGY7)~IKlw>^a^9EY*4p`br+A_HuhJAKU+{TUlPqD+6URP^B6rH%RVa$? zmMemhDG zqMu7sUM|HQxR){E5+ET9KCXhWDOFLc*JM3%chj)>{$mmRKq?gtYwO3Y#oA7)b%kME zaY%ka7pg?zJGdHKewW6L$K^Cl{E>;|=Iv$kebE*{$F3V;$1WN73i6w-cvo=vAj^nrLt*t}S zMPVvu!2&~t25-vm5Ex{Q6t$dNA1*NKzY3$iO(5UA1^-(4k>ermv5nju3m4Uo%m z&k!mELQ=HoqutbpLf&B;ih?4s*!DT4ZP5$}1X1F$hF!dtHBtsvyAbRTY(J1!gtEp@ z&fyMSNI=|ES_n(cgGFl@d6fNPqc-uzcw}RK%eM`tz+C+*^}onW(*2z*Hg76iJ7^o( zdH~ZtHGpAl)xfkqxz%MdA`$7__JH_@Sv~rD{%`L0eA z-Rg-vSjA?PwdwFg>2vHq!)u-q}Hz zNcZfS(TS3K&hTAcf&!B28_+k^sC5+|=RMOU@?ECMY36q~eRO=;hn=+UYSl3H*2LuX zO^mu!9q=`Pdj2`kmb~dlBlk@nH%~Hs&C!JFqqv@t={T~7j?6mkJ
    ?Z=j|HyvHf zRVZ{srozW=MQ~@H?<_ezPtr?&mdFV6jD9>+Yx&7-_i95PR5!KZXuB)0BC6_YSnD;1 zN43%|5p!@<%l-zZ_W3c2OF)#Gtj7h7HiJ6e<*CwqK@*V^R?=SolKZVh8|)TnOkuT> zpG7S87~l+4_h&P5yg;M^#x=g7h)gV3MW>&n6f@otZPcFl5L%&s{yo2HLHK_vyQ`?S z+HPOqrNxRvan}IF-QA^VarZ)TcXudW+@ZKrthl=r3GP}XxZ6%k-}jvTjlIViCl_ms zBp1oWTI-p4=KTNi)B`n{xri0?(5y;oE0z+z*&a((#l8_Bhtf_f(@w4hLMnWzOYFqs z{Z3XzDrw)=x$*ysO{%7){XbO+h^AU4C0fFFFn6kY9?|uoD)%L#W-rsxe|pH>?l zQR2tj{Ol`e%R{eoiE;j)Sbj(UYgOW=eYw4f!vQWUScLJ`3H?Fro&26%2QB-H(5@5% z#&;KQnN#E<17r*2aZ_a55gd?HWD7HiSuOoJv)Z(grfZ&Yd_y8ONLH{WTY}*BND8<$@O&&+MFN>I z_11j}hBN$v$=Sy4eB(Sk1KqV+)WK{rRdSr=LFkp${^?Tpb5Ai^t@8D!=PDG|a9SP+ zcmepCmFERW8{TlpTfI9_!5B;k>P($BJ^nWzTk0zIvkbHjh4=nJHPcS#V|#V5m2dB4 ze#H&*YYF1B7_diFu+W2A-lVm*SxpT*jjYw|k~(0RwxnRuz#BS>{$BsCx}12X-fhO>5_fBC|eHt%sqr!!p?*x}woyP*G>|fSv-hirS7b4&=VG zXpV{14NHZ4CCvY=0P5aNwVD^7yrI3Diwmv{L}%g_FMKM>g%~Gd+79{ovj_h_Yk()6 zhIKsgbT~%S)?YoRL_v`E`UJ!^+BuL8N_3L|!4ffg>|)Gy7y*tMf6=D?tKx9`ywdG! z6CCca9oKiR-)r{x9+wVN>Z7mV>0BIBLI$oLB#$D_B&^Fq9)g0!UD*X3Y|a# zIbUJ&xq%i_-G7sl$2XX5$q`M4vjIU|i(9C)^E902Npal&$5*)vc;pgI!&4%N^36WF z-;Msz71j`eziedn1K(2wj$+GBY59s|WFRI6(JUH*7xewHCaQPL}L2x30t> zamydFLVnA#H2W+?Vne(9wW@hPx;mE98>U*qoW$(Jy-0!tP~|m6;Pl|l7KK_`qKz;Q zyM>=@jGVA)f9h)OOhDQ&FLyGOs{$erdWeAhZ1%em{YIhsftFxCrmVhHQl7GcR)zG< zqFxPk0*Aj9DM$6VST4;PG=hUWOn4BTW+Ucr%#R(T^aT%JjrlR(8$Lm zdu_?#TKVLVa*Y#IXv`s$Zw^dPa%CW*DJO|=`6(Fa2^h{+a2|;_&=Pt{ z6oyNBP-`*@-`ig9@ESx0lDMk-CIA5av*TqL!VVMqzb3`mtX6NQx?3YAb%VC3Q~wE| z6^aaqJhHI2CHz12`a#!k1?hAJP_DwA(#$YMT%w`1P^2wdKc~s1r(v0W&YlKr<-S|y zBjPaA^VGV6lKLT3f~Z`cV3~YIAvGt+4h2)YDEf~^ahj?%@X1$RWWl`AK_BJUOk8ym zrc}kXk&c{er)6MHZwq~}xL%u$-b9jKXqq@zzacN25Z#_lSUw6l;aHe}EHbvV`d)kx zzQ~^F+b{k%a2ZtaMm|D%-XvG(WJKHwcUOb>RH!k*csArDq|gPJAO${qh5u~ygNI0b z1+4HV(Sf7hMcN#zG!+4F7cJ~o`boN9TgQK#pd^eC^Cum=^X*eugbITLhNbf8gF~ED zSoF;92m~BL-8spRq#^{}tcd}*Ed}2chL_?lgka>RQA)o={L}0A(zp5F{0Sq%UNO_9 zZln>L!E#PRG0eAhQPlQ&NHEx%3o7V|c=$$Sy@Cj41HK>TCi?g0pgOI4@DD|Y#zCY8 zSoqg|A9_~HAA|U71%tWA%RPXooy$%BjHl7?K405 zuim@HLh>0enSX^1QTd4G8*hyF5DuWGecRnTEPYc=ijfqZVoa|Q**(s$<0-?oE0%Of zDt_qc1WvKHI|bKXBii_o z1Yr{Sjrxe21^(T3G02(*U(#S%yQ{kz@H>Jh96z4ndf-@ToxuCC4~^^!Q6nkETuml_ zIDf6sY|9P~gc+K?K-TND(R5*>vt9mnP!H$&?`W0@}`L@XL!q#<8@Lha;QVb#UdlpixWZyNM5w$21 z)kTUq6yfn-n^Lt6OM~>^Ng`(k)Qwns!2J+)AEk`(pi$`EY#LzfSmy?sb4Ji_#BmNI zjNs_P)fs??=k8jpWIWgS_Q}+AEVCQwu=p3R)oXtlBeQCcF*Mr3^tHfhvSa`SU_!#U z6i|h_PZ5=uufH0KTlQHN;NxurKka(rSZr<{OkLG|X#Q=qQLT7}aVbnG?_3ZRt$tL>&(qQaHn(3x{Tz|+H)ywO!Y zNAJ-v2Ite+sr(}>^!>?cr3e>Y(F*!lB!)xzRIrWy!|-O;Nljp%&`jko#;gp5nY0aL zpS|a)0iZ3{Q^T}{I^=!9&Fb^6g<#M>a3VhPs@vD7mVy3(O~ErB1N*LP0O$D^a8zuGI?@6SsGo^Sti7_!yd?fi(Nca&x1 zISt5d-PV+{JUcb$1vuKjySoeL*vPss@56(*M*1i}_wOiV2qMpx)#r?g)ox5V6A4v&zI}7dMkDfUdk=l>fP|V+;%)wQE-;#qFKA3 z4}V4>`*b7Li=TfAup{i=_g`n8broCV=Bc4s+^aSWWn5p$XjOKgyXzbh@$T<0pJrte zW^H*W%IIw`LD#YU7okclzrxV5J4qKHvTP{lvE&+X)E!ruiKQ`ibxJ#vr$sXA;onX@@ zwDI!4*SY2ppMTXV3;$Q~h)DRYcu+I{Ry;D=HypI-u%+8=`w#1#zP6p~q8sKIsu<^< z?!m^XS-ne3qRrT#QCt5yC6+%Uk59&mD39`G?esW2n+Wn@S z@~=M(T1Qn+f$-Qbu>hx7lTzrH>Z}L+7MBV**J03M&<=#_FQE-aP_!ADF3u;>!XBD1 zXaNsg*^RHxCy_|*VJK4wtfcCOsV}Yv(e&UhH1i*ssQS zaaXXMOmJ)TQw~8>*t_J>>;p(!*SDyr-PDA>bL|v@}fo zyZFQ3Bqerx?!R&eq;x_IySa3NZwCG!&|~1I=X@9%GvXEh3cl+grHigW>&VH2w>J-p z&q>VS=<~D?UYl@*W>#alJYTBEu~7yDfANDTy%#uN1CFIg>wo$A`Dd68C5U;lnNMix14LalgL)ektQ_o{TP0^J_U%_K>gI4;!Okv?XX5u~;1R6uTwx zMn)Oa9X}iE22~N60vo3+>au+;o!ZxtP=grocJ%>It6njOWl<=QT84iN@7E)>sJQDO zlWbyz%boibEP~^A2#f=8d0c^p1BFw;cD8GG;SCh!R)nz@;u^+fv}AJgDMH6xZPy}>o3w>D82B~u?>seCp2bOcDVNgW&In692U zjT~SW71yceJAOY}_Vv*G?NLGw$3i|sGL!=i^Ik5VrD}-VZ89|b&)LlJdJzJvPF|L2 zV3X_{V7sMt77&_KtfcevcZuJr?i0EJI@ht^&L-t%%V&sxv<_t@S#X5sAI5|Gvi2HD z5QG$koQEgrDi7&F)6~F?r{gy1grVd1H!SPCtsxCDRE<{f0jno3v@KNPC7(w>nm6EJ z`2*DrHR2_FnCT~09W0-g8zztX1vTq$!Y4}Je4AT*yEZe(N~7HAhpE;YM)C#CUkB9_v$iK8SIfVol}&MCGETKn8`v2mXapo_163uBdd0V znakCuxGAT1s){Uql9akwsm1jvT#(Qg?VAyAt=3k|FmbILr+yiH(RiX?mI0qUV{DHu zufAHZW2hv;1kX`f`4a3Adrb=i%YG^ab`|7Rx+@VFt^ynML6NXlCPX=hI`QB*U*_9h zUW^A@s(B>2{?6uBfe%Qc904VZ9v>tgaNb5khtjUbtk3jyXf9Ef3>+3nRd> z>xLusc+zkfOih5(5fUozzU6mWvXNE*ZQ?) zc#Dme(U0TQdkuFRN^eYgA|GX$`LOi>;*3)Y$3+<|u2R!sI^)nX)i9@qBC^ow3H5ND_jPpx>Em05VbIN8r4xt4FYtb#$zCVx(DTL`$+3Z@W+X zdS4f@x|x*nn@~R`V}kKevKg${LhhM0Oj(~oM!B_|!JAj*qcH+nYCCW-Mv;K3Q#9W9 z3$A|dZubir`Ewc>HZ_^+craHReq+iOaTrP$m*2`>Rg!0aQsTk>nM*buvg`~i`0UfzJ5f$n@Rr7aRMLOI@( zVhKVearYrfpQSVUUPfvE@%je^nH*=@B|D3_uSkgHnC1@svez=b0P}v&xMv6 z4)WY5VJ35kl^$=PnRM60!e8C4g4n2>%O>*WJB80{d%p{4lHlO*{aOu5Mk*d>d+Z}^^VYKsfM1AJFPi9b!q z9qJKzV^|y2kA86o%M(icN|*$3P6Hj=r2@T*w3Ch!qoJc|4*~H=i-k3^Sq_sC=(LN? z3+ezr!yBJ49OLb8h0$@3BSiQSN=Qc9@(Bw^a27*ad?F%y*UE-Tuei|m2Lk-3d;-;LK)gGdG<}Lws}MKMib?c# zbNjbs{_y^A0bwRDQIVv`UyBaZ4ORzWapU_lLex|pCN>pJ0aI632QN!X)u(!{`G-3f zqWJ!I$Cqpi96cU0YWnsO`31-d2 z__$cMv{xf(4d8gQpvy$rf;|jQ{qmegW(D>~k*GIVi{@lf*LP+$T?2`jQlMtyoheZpjz z5;s8u-BR?Vr6Av1q6{z$@T~$l$`bo$`oj>JFk+P2(rNLv8Pr$kTS9*+G2Q@Ff5*9R zll`F;@B&REC-v#EEj$bk$v>B=;#X_s(xL`0dU2p5^Fu|Gw2_`ywgNYhgzolt|0C3juE6DyN*wo&>O zaJCwK%O~wzC)fl<#UxKeiv=(#l!n0d5aW{Lj<}Iy{uGyGo(L5TlLD8cSFG4>DVEkS}pKn}ubG@*n- znzCAO{3@fEeT~8wwtS z0tUg14640P5hkZiZrW#CN3xJUp==r!gG1tp3okrCFKyjD33xb)`KESTmDvkESOZTI z^HA%(7OrkB?hu_?mmHe;$)*O)b>`O|14`T@q>ZY-I3DLAYBa8xJGi3&nVgZNz*VHN<9$hn*5DrxV6-gR3sJil;ws|W(Y(Ao-}rTR5v7upn@smb-}^yTnW_h* z^mNjcL+Z+JzEL3NGybet*X3nvq`w6U(z7|1TXOQl`9-rlAavN`1DU(7oHJTXT~u zh9Qu~U*tE)A@}zn6<=WM42FKvGrHzu^KNUp=c!#&{R^WPM-(*jWU8D&UR$sZu@McZ zJWe_YmXlL4PL&$AA>BG< zN~BwhKWbXki5n|Y*Z?r%)_4NohN8aL8;3U9sBVx(p9|dIx8((XU4^YnsoHW4p}5?+ zPLLP-hvksR^<2pR*XsaFf}a368{vv#GV(AnSVaU!tuuX&I{MZP)q+qedCvpMbBsAk`T%mF}+9Q0$y3>A6GzEuA3wwLJgEtV5K4vkQ7fJwOqc^ET z2j1%8k$;mF2vYP1I{ZxHD)kqz7~+nb*UCOibR%a=`98Fs>xAO>9hbdK`o zZ)w)!+bTfa$U;1RZfe%oiCRj=Orgs065H43rw0G#H(U84X1SbCC8SaLEh!lf6~NT+ za*@^!+m$E0%d}qEy=M0S_tK*ycg8zA*RGda~h%SM{}j@i%);GN`j&2&xzcb8qy4Bu-|ytq4*j;#G7c zs53=kBB(Py2jW%CA)R_pjut+_!uDl?Vy3vJ_!51PvIGvyAza{Gj^w;XaT=`t>PJ8k}zmIhW zhuqn6EbyqMLCl*;e@%`*Oow?qzzE`n>F_Vk;(M=DXIN6MHg!naLMOEdu)1%waw=ks zhEb-1@4M8LHPWX8#iLTeu}$ptrMJ-ke>HMgr zb~#MKATU!LOgH}B#?X#rT|Ss>rT=>XfEUq!zz&!F-RyVZ)r&)=JlToYIOxjJ-+=F>okJpm83^hf$!K9T#7z}88LTg}>d^x{5Y1!h<#`w# zA`fyiTD=^ESnHQcgW1!4d-ow_`Sw?fOUjGh!!?_ghYe-W{b0aztht-Rh$YwbuwkSF zup3jaWzDT)yJDUBZ2`nJ6#039_(-c-aj6b^jt)DmP7+i7_x!aSAP&zea8WLE*)>_; z7Z%NTW+uyC(AjBEljE%ZFj29LNc|1TvDE7QGm(c{?P4Qhpx2c$>|$+$(!MEH6CFE* zySd`lgp48zD_1p?a;~5f^w|{@_53Nalv+ZNX+Vk$${>r#AesBkXWxMn8x}k84a3J~3&DT|Khhstg4w3~by7nSl9KzOcwwA0gu| z)jB*b8ykg8>a%WJa05+1xm|IN&^+_~i_FzODh95zXWL-`~k;##g zTy8dMf{=;YP)2*_CeEyCo8qKoqJlMJO?$H?23{t+i-kF)a$#yhS$i=+Nejxrq!xlL zVF|}n6m-sZ{5DBt)Jxa%<6wQ9aK*6DN2z95+i6^pQpr{r_5gVt3}(8JWZ{DC%Q?{k z3T8Tn5#lNP2{zIxw3Nh5 z_qw5ktb?B;>zTpE3SSYlDx?#Mt1k03+~u3q{^bv;4EHFuBu!vr;nkvh)hA8cpH|XwL0oT>4MXRR3vqgqPZ4@hvN zj-hAJkiSnUQ7W6jYG-ilZ0?j07@T@Vjv(A=pf=nbQOW2Tf=8j&RU3glry1#aokQ2# z8gk6+(F;C>yJea`r z3E@Ow&!Db}?(HWm-}gyJsVTF zV%DTpm$BE!+xzb7=6-57e04w~bNBYq{@2rvoA(n30|;c+%dEH4yR4(QRokNeq~w`m za{J{$;@eDci3b0|>}~HO@tN{YnD1@FVG~bkHKGcD1<&F~@Q(1_h$Zp;(?e0M>YH)Z g%3T2ercs!`zyBF%d-eA}6g__re-HWU73{130^fiqYybcN literal 0 HcmV?d00001 diff --git a/released/assets/rancher-logging/rancher-logging-crd-3.9.400.tgz b/released/assets/rancher-logging/rancher-logging-crd-3.9.400.tgz new file mode 100755 index 0000000000000000000000000000000000000000..c5ff15c433d94c0fd8819c36f8788c7024543f2f GIT binary patch literal 36671 zcmbTdbC9G_6R+9UwC(Qcp0;hUfI?4Hp4LEAidoW)jY*$DnbuH&$xK~=jaf!nnORE3(p=Bl z&`nX!hD+4Q(hA_BOTz(+ZJu;x<`V@4>8<%^%p3j3)YAlH%x3m!jg5LmM^6Zn2}N%C zudo<=S>RmKGMUV;ZaJl2Lg7lhd;IeC3_94TKf*K!;?hPVjO*2XyAjQ~kL|scPXE+g zqe`wX!&wq_j{@0jb-LYOvTQ$mb-Udko%Yy#J{?uibiW@>vDkFKpHq)R{CFu@5XTCGr$e^n>WUR0Z#TRExWS#dzpI; zVSa*}4kW!-tNOf_gDIG8t$cp*h#I897uWtE-SYCZ2~V4ssq6G+irV02ywU1Q7rrUi zDN;GN($VSp^wIXYKboqLxYost%<}nBAx!(@sAe6d-RMqcm?CfO50i=!k-7ojOkg_$ z1otlY*Y@W~i%mBd=a?;p=XM1})J1c+XuB{E9^A|%+iVw>snWm51k7Tb` z^D(0jt=noQ->Q#XNUQFPx?yFn(=QPWc)ZG-?SQC~O+707(Ob-Lx2PD8Gr++AeZ9YZ5=4kU8}+jF70%B8Y?trgVIsf;hx*ux4sr;)mUoWX0ndeo2Fcb2GgNQ zn=|?;CzFoWzjUlLwCcReBJ>*$2lRd5&#J#Fc7{J+9#V2zF^=X!l^N_>g+AbdC)_Af zxnE9|$`Z*u52!=wq$pVF9zzpRo<_^ z?#oGkOWw4XD3%xPI{531{PqTTQJ_r4p+-$7Lt@yQ&f=PfcEx>%vzZ&Ne!1!||sNLU$@>~t%0b7RLF%jtt71Osli9M~TSrbY7fiY3|K zAOfH1RteGgx*Mdiy?u}|jsi2B~K%)_;JAW?q ziGIF74{&>GHo)8ou4gx6cv~u%^!bLOexu+ZFnoa*kYItw&FegA@Ekb|k%eoUo0B(K zaACTd@>5O`dTcADi#D^-K&3zz+wx#5C6*FTLLcS2#w;RbYWzw(YxFEOa*iv^ox_rbG8NzNqMerX)5ha!Z~Q|QBNtce zG%*ei;QGkYK>3O0(?PcDiGY!A9Wt$wn^Lc5w2i8ePAeev`g7HEBAapRSbObp|& zdGfMm2D3d61kl9cW{&u8@y$}1Y3=r3T%eRUk~N=TpRk0g8p}bdKCYsy_lNu+V@~pe z?1%YWA9-TPDl@!FypC_e&u3e$npm$5QuF{_M9twnhb|XCL7|TUG{V@aMJshFb?AN= zEt$j2C)a|V-r$k~NzU4Co6^b@Fyx1@E4VYEe8C5q-=w2z9=Q>n2EbD4_`RvsLa6p_ zv2{*Li0~^(KI~623}+QoV&RDE^KGNIax}5X_LbMc9r`lNM0zv=-%q$9v$S$X1gej~ zx6uRxL&HBI2OWaFwZ`e=2Qvuf!m!T1t$&hmZm*g@#JvF`ip*;Gc?sKlL^2u+ zUalE>*O}%P1|wn&0fhC?nHVB)krabW3>f*Ce7HFq6daL~bYmbyPHk#n(aROg1O^^q_p%xiVUu^nc^#iM7>ZLf9SGH%M=n*n ziB0ngRsgGP)sIFZ*#$X*SF|VSj8u69Vk4Scjui5x2*=4sE`#h`xrP+|Zdfo}&eN9~ zM=ncRma{{};9Gi|+=HJ68UZf=#)nP^f@OR;8Ah4&6O}Jgm45OGXzf^ag&TNxt7M~K zVHQHU?}}`yw?`v3={amHq)DbwNq@d#hqjGo-B4yyxB_Jbv=I_R!kUjYlxFb_MW`5} zUEOb~lRe~**SfMq?d!A-444~$oVXr$^V#|tVE<-T02qR8gyzed0>?|z|hJCEpA3wmDWovT?A)n>! z0JNOm_mqSHYvsL4&jUNL%$(QE5@rD&uBAxu#|_EAz=po6t*f zNTy??Jz8RcYIs?-q6tdsz?hTyp%5ufUNtf^jFj9E#~L-;Y1JXn7B~z!>cl#XIj&)` zRhfua%JN2^p zU<BA@qs}Y=ne;Be-oUKe?wq$ML#t?J< zIhH!D=$a{>K9y~mH5iB`e^vqo&FQ!<8i;VtmE_1__@!rE&nmn&>K%q~dQ)%iX!QtBwCw^gi-hQtyT&lB}X>ymQI+i?oq+C8sLbs&g+vm>Th#0sJXX z*(0pC-(qP-rmh8#_i%z93{GsUISdY(9v1B0RI1c%p9>Hj#L)Amr$r z=UNyd0nC#^=jxoP_*JL-pH#Zrx7%~yuK}&(meU&NwHu0q@<*}FtKoQggKe+KrC#AA zyqSWTEV4Gn#HVN&Y4v2<9sd539bu@eWE)5m1_zR!iUO%-+h$4~3vv6+tRG$6=1a^$U(>&ZXuc z!WyPP@rZ+-!Mwd+vA|=BlV0>=615lyb9Cc)5>#--um~}lC@d~gfr}O)Mw3>RvY4=D zV^&x_a}5ZjQyW;8x|Xrcx0RBzMqXZYy3RaxbZjYE{g(8TjsP*WLJQlt#ftJ!s!SGVLM8jdRz(1$iJ}K9YomoB{h|MTH9I*Wh=8LfgMC?K;3Un4N_!xpe1i1eV z@^q27;}uqTH-w0EfWHAY-J3ri9F>tDCW8=#kc0Uz=tfEs8*vKK>$BUe)T-*tm8gA} zatCrALXO^LNU16@`z!;WK_^uyEZuGpv9y{>g42A*$+hVF)LsI4pRPSM1rKTi-k{v? z95~_I=_b+9isFqH)F%!-TS^a~sEYjUpP{nLUbY=D=$8E0vyDxu&kBJW&I zF@;)xtFAx10nl&sPn?s&L35{w3$zsk+{ii9kz*0HQdq97I}$AYY;IBy=w8@xN-Tje zI!_-of_WxNITQrt!A>>>FZtNn+{z&a6JiNy=kSmcc}IYZ0YjGS{wc5^JP^4J&T<8e zF7-NgEfn>g{?+)mp9A~s;(9!j_{J_7DawX{TF;uk&8fck5dBUCCMgVh`1$D z?(=DRqEtFN`5LOW7K#7#N@M-3231`Ev9+s&t0Srh6?hgrr5XXCI!&uJ!) z_sVfsYp2qbxQ@vnARn^@Yc^HC4w9Gve@(=4asvM6Sd_%wvMVd?uv=#DV{aKkuugt3 z>APo)q{`lIvH32#Ab!iuFZv1!3>8$H3?{Lo#F20;>B6-8D6B~CmaQ%o_G9%dm@ibQo*l#8ZEPGCo6+| zcG515d$)U9`Wf`MKgPagWUa?k|G3rt-3^Gfi-KgI)*Wi6=J4udyqq)>&!U`JWSn+E z7H`92AcwMt<`d$J_FgN*7lE?pC{)?9e0eo+^b2<8PZy!eVq-a&NgCsW8Gw!A|>v6MM% z8C&5|Y&yf!yP01T2R&TVCz1!hm-l)ug9);Ojm9xpO? zEbI@0irGbcW}BdFcY%c}518@|71RC_-CT2~7CF9G$p`vG#XG$s_5IP|bG#8+R62)Z zU}{>=QOeZdF7$1i9dY=QO?!1R6#=(FcxrM+P-lR$@= z^eAA>Jj5kPVe4q1e!VDMepy0(x7a`UltEkpg7&Cvw|If^QEl;Pv-#vg>$LgbMnAgw zfps~9!ERn*E}yR+aH0Opo<=ptjCG`I&olyt3Kzipe77`SOv%X&@cbmghBdbb%TLiQ z{Zt>3@G&<7W>SO^@GvF}z0OzUCfyy=<2~L&RTkLLeO>>T&o=>cXyQREo)I-4QPbyg zI18}6xt&$7eUOT=Ed#rTCT`jS-RULjJR~?YwI<|C*=kZrqb_0Q0Ebs_OGI<736xn1{GVooh*crtn^pBU$nVDE%FAS@vq|2r+GXWB&9FhTQK_SF8Z z7jr{R=^`PJ46b`&T97(INCEx{C8ju?Ds>!#fq|51P-3vp{OMLRY#T*+)yd8ddNs=$ zVsJaysb-<1W_CiIzTT|PA856_Y@Kfr-dBLm`Cs!RgK=m_k3@vd6*(XTdx``%fJGIV zeLfAoe8a?Hft#JWXkHeMayIdcOKvAn5~DCUp3DIIKN=>D4A`&;FF4+oZqOR=rH4uKE7XZ&sgbdKT6uK|;l!m%5%V41%zhl^t}P|9L&H%l{dBc-DL zoSmxB(ofSMvL(kUd*x+M+AU2F!SR=+EYu1S|GDZvN<-p{KP+MbDNBwA1glAMI4>v2 z1L=12_;c!-dt+ngV}0cfS;^KIRY3yd!G6L(5)Q55MEJtXO9GJfgN1!gVr@l!t8i0> zIs7@@Ns?}Cgu!1pyddI|@uoLJ3%SQgF5R{kFrf3^z+tH)sSNZ?(!8jK>4c4t9wR?4=2h8@*HkDoE%7 zv-V$gYwuDhYJVJ(cGLN_uUFT*6hiSplmn*8x(imk+0M*rTSi_r^fbA{=#RjWE5%%g z4Uo)`@V9O(L?YboUpHXVien$XCwjIZ!(8??7^wZyi2_2vq^p3$$7H`aFPt<_P?*j_n8}kIKCI7hp4j3R z>g1m`7&D$IsMT=+YB%bPx>2q$id>V5ragcV_^r-_8vpTj ze^SoDQK~nrt|t-000AX3(0DjkmfoydY3};Mxzmkk1v7x|Ntl}7O%?AAVMjVz65{Fp zqzBu4vDADiQ7GGYYM&ioGE3`gU%X^qAf;tZ+Zn7>K-uc~QmkB$WDGsZ&i#0_g%Gjl zV5WJO>+~!56yBnKF+M4ZvT6T68*_}ZY5iw%rMmEq$v`CO5~ibBB;oVOqI{ZogHoHn zdEYOV0>QHlPJ_YU4e_iO5VNQFupIw#TI9ghZE2LK4Q?bTctgfPGET7wn#7(fA@8C% zw#`4`Pc^dc09u0@sW2BohyS-o`1j2y4XF#5Tk?E{J*9s)A?Bv!o~Qd2a6Wj}0ycg* zaVvRRpCnOsRd|i!W{zLI7(QryS_dL3gj=k%y&Qj#nM#n!h<=sq3A*0(WD2%6 zR0>L8rl)LDA1Ek|XDWaSYk(=sE%c9v5+^4u%l(c@lte{Yc|I}FZ$V5x7q=YZ1w@nL zK#S_ARcJ_p)=4;4}b zVXY0?p|p**1U3G82Hc-TjYK|QQO=d#A=Jg*fC@~|*ey8doyn9=0Cj%soK67!d)ge3 zR7In7W|kiN*pCD(8}?gRWW+B6?M5!O!xc#tvt^EA4pwu!NWp|!;sj524OsXw$*bkOV3;SPw8>5bvU@+?=N?h2jmtIr^SOj#W z4Q-SDPjN*;3D7Qot{sfK$!M*Y)Gwd*`@+>3^;ZN$d+JTPZA%^j@B(j02>J~OJPgj0 z69E|KYeFCg%wB7yxM4bozLQ|_;MwqhLKUePi%GWm&uB;8O;yGYiYSBGDbbN|pxC6< zzns>Ay$nUScgpKh=%23gUj8f}CBQ96l5w z^?$c;v_z9~QWBVPUZ+*XVJq)pc5Th(;J5-l9_XFiKcll!NEQpn!3K3uz{`DL%6-e* z4XQX{`f6>;l?!XLsddfow472c9-D=X5dDkYjx6aTw;u1U*7t4dV-FsE0}UmGX=8+a z)VY(mzRaALxUiD0nDMb5*4yN6>FidbB4G3B3vMo_NC=GG9 z5{8uc27nkpMpb!-{l9Zmoo^)QUsvDC3=+A#m&UlW6UQ|5#z=gl)qL}_UY@2C7KyFB z8SlDwgc;-Hix(|eIKLA>S8BrY(7(q*UlUR04$NJUob5y)S_wF(F2Z^0T9VK}s{@|q zTYe*|Z2a$_Dlwq4NDMz_ef<~F^ODJXmTFT`y4xAHwkHVC0p>T z11|aws=2#xjviv(1R%J0erii795|VXPb(i5Z#XJ?++AjZwEq+xPyP4Yj@R8x+OcB# zAxL~rB3u{$-B&xhnfr2)i`IV)OgdxN`FscUUvsrGBTZua`^LIlJb9Qt1;srdDU+hD zp>8I@v%JnUDr?&M#JWOR%7SAIw7ke{#DSBY4tguMXh||1<0M`Q1p@tIyl>Q4Tt(Ko zMceEmU}7wBV=V`Wt1(82e@SwU52HM>Q9Y=q1)7w-jW*A0j9i3F&g6cpjkDa#SLUm5 zg3n)qCuNv^HOr)myg;^sPv%Eg!J6J3+k64-ZLy(KR$;^+i%O3JoDeON!xK`- zn;jp8tjfLfn26K|`LNtY;flAA(n9;A^A(MCPc7jQowS+>6jf!03H>!#4`pJ(sni+? znEOH{0(7QTr zO)~)rL_rSAKQ*A^562%X&&{aXjSd<@>H$-p4-`Er97z-S1t%*6{-IC_h?8*Jhs%37-pf!=eacFg=|2?`W#r>*t8_O*(FRmA6k`l`7(u@*@ z6|YO!30@mNMoOjiP=Z4>Xd#rt8?QzKR?c*uBIdu zi1q8pMWw2`f9NPrEi=Gun^9cV#}e~&jeIXds(>TWzt?PceGSiz zj-p6cL0ip~e9Gm~bCSWX)%8advB4A=xa*C5v{qEdsKX9`_$pCmQ_)n=x6U7!?&_hT zxa(nR;#66$k_O@zacoJFdWO>fRVl{ODCW3WAX`jQv`>%k?*vL%Nc|t+3Mxb2WJGk6 z%MjO@)ta!;*{TJW36+IPIksnr|N51ryd0N}eh(q^+JbX?*j}W{+r)!;WdWVUW&pyO zC{#h{(TZGL78MA}>gwpUuyZpZrJ)HS$NCDmp@~QM!9sHb5vwBe6h76na`j1=lfO3@ zV^@4~px*iV*twu!l(G^#Dpy7K$NKhH!3OMv3|BRhUZpj~x_K#!xY7KI=AbBbr2@}! zwUS!XTHcYgoIvJ+MUMCHO-J#TrK-BD2f@6t1YT73`n&(;sroy1&fn2pOT;&kpR20I z>%jD>1kutO+IUvG4^S-Xo8fUPgJC5?BU>_DWY!+8EXG=??KHy5yQh2FD8+tfODE6k zp1DJRCNydZ(ls zYP3F^?~jjE2|o1NkW0U7+Q?1#H`D&|O0r(xu+q^~%eLpj*W1xl2FaKA8=j8W+Z39P z_x(`@i;nl>Qi@LZ>)w=#&e!F)LAH_RexvDr$!AJFrP=!R{OD*;1EQ^^rPZYm^JU;s zuQsr|Wvxk}P4i{_7h1aX!-YNQ*z(yUgsy?P)*CkRLDjiDb~KhJpSUOp7$yep`ah#R zBWhd!L3=h4mcP*+t78PsQRPsTjEP3{P}@v?9Vg04ydmuk0~>0O62Xo&`--p5*TeA(2f(aNm5>$=ik|=vTp)Df;;Oh_Z}LV4XB9>+}Bvc`jAo zwN;kieB8$m{}+a*gRT?c>Z+~6s)FKo&293l_g{Rc<{RH>eOr+6bhx%|v+uzI_BpoS zf+`N_={ln(KcVs4K9n!#c-6D*Ap1-1Oi32Ct36ou=%FlbZm(%{{j8aKVSX08?fIIi z(AGS7)Q*DrU%8!2`S6&{LytmlM=I_%?>EpJFUI6yPt8SB*n2P;NK6Lmi%^-bz>S?` zBMPDlyL$v-s4G~?lqz#6verQP0qiRhycpR#imN$r1G_E3H%7^4F!z$m=(qs5+BW-z zg8wU$^M=X8COe)@kL`|ZObGlm%a%%oTS6ZGkH}$q6%QEDXR1{idt(Ru%j9IRM9SA{ z++^dB6#wRB+h0?4X`SNcem*^gH|FHTm8uI?7jkIA99LhJ_phUlLSs0GDaT&i%c=_+ z_x9N~6IGzDN&O#0PUXNe3R_BlUL$vZ_-0BA9CMPJqbdDOZWIm=k`GMBQKl$UF!HjeZ$b=sU!0HVfz(6{RKa#2Hitrgr6}&f94g3Z}7c}-gwA&!}6jb;rszS(RcqJ zc+HW%J#jUTFFF;%Ex@2@&i{aM^cuZ}7J^gWvdQ*ssRiO0?(jB|Qo2N3zC_titK7E2 z?9`acy@>nAddGQfysK#xc0Q{Q~*cm^AW|V)=w=HOf9oVl?G4yN}gcR zl@W$xwMOPC-4vVy67S`k`7QmOWW@S0^T|@hMn*e5{E|4n%k4|YQS$cxkD$#Vv=6U5 z1fou~D=0LP;TnC40mLS0wH&-o9u^V9m5k{zLmdg;>uk{cKtr1>rzmFel%hMrmvmqF zdi=yzpLaoNl5$dR({|UKRi|q0CxTXEwkD9Mf-1|K^xO0<%5t9Fy1Cuf2=xHaRV*u# z7Z}X{m9CLisc;Qnv+)mp<9174m>|$CT{vYRkb}`)s3te!6Mf4Co+xox;~F~A`F|#B zqWj5Y;{KRy6yT)lOc%8F9jg6WWDg$oqQlnptt}y?WLX)BLI$SG{0U^$>$f!$tp$I< z7ukm+`Z}itlIj1!9g8(v^AX0(;;AD5-;o23MB71cI7IkA(VC^WiVJj-=tSV{#;)-1 zK|>uJ3m_sWY?@C8aP2E3{ed4jT0W>zK7DNOr`ipAe@S)Kti6?(z-JlTH`_}Wbrc+*9mBR^UgyWQR6;>!B{?cVd%bKH4X=Y36oGE zc*11phA!VHHq_=B-qvTb=M!d>Ru>sFu+L3@>>4Q?|Nl2^&Dx>`Pr&~@T4OYInh~eB z--*FaZ|hAfFL-tnV9i=$JdOJc3oapFc%`V8@D^)`t=sw%U_WzX?+a++JPCzAx^q_$Nz z+aTd?m~z|7Ck7d3fXCG<3oOPr)VTuyW zv3aD)L>%(0(_Wg;Zg~1H0#WMSef;ko7gMA$#H5(QEQc(eejy2>yxIzX?v;CTY8%bq ztI4~#aRumc&V-QU2>-|e5-W^#L8pmDCU~i52QI+=R^c5~`^mHGgi2n6%3hv#B;*$_ zY5a;GBU3qbMEF{dcs=iDHea`g88$hKKJP~pJzf%zcr$=BEuZ_*5L`s~GP20GCA&2r zI=JTq)}QW*n06eqeqvYUgyA@dntp>W`Ap3w=Q(yxg2aLC>y?Aa08`*q$~HkOO0k^n zW+gNiFmj*tM#<@&c^0X4$}4dEn_O1=h>axW9H`c2s6_2D%I<@Dqy*&Ls4vfomSUAa zW=Ev{eVD3w(Mp`{Wm8pn6+4o?z--iGTbMz9V%fl3Bc^-7|gD}`sgt}s{2EyGdR ztZ#*H16S;TKH1cGtcM6+7W&-{DWDFrj0QQP6KFU=$?yD(aPufkzyVRgArGQy9OEl9 ztCpMKh^iVg9U6l`Z-CIeHoC?JI`=}xj*l7h4zK3c01<2FPhlHO=%TU*J#t(*iV+B_ zkk*hp;eZ@kr`z4lXplE?4+$SdxMMWO`gA9#2u>Bc8Uus_GP#_>4KaA}ojF;7v{9oB z(zv?$&Fp>};OFa`@zww)NksgRLRT7lkPjG8W`;SzRM=$%!RekiL+FK|MUlCEfgf3r z`)K5KaC1ai1nTL1F)!^CmGMPX!eIiaV3FhX<4T($@q)iP0auZss>cl(6E6q-oSIOQ zYho4ig3_eobll!0MBiCN)RuLgE9I6Z^4_f|M#<~PeA0#St;kY=FM8QQDoLEw#2Lz~ zzaLUqq-K-)iAKq!cLE{7m)5d!94pkK&DS{z>UfR=AUFQ2Gf@Lhz}fM%YeNFgZ&E3% znfKaKGii;W_a?ALStBr&Z%)Yqxc1Ki5h(t>VjYz~EM9x5%q$%wH7-gZS2Mcg=z_2) zLaJ|`frTGP!5~@!6hE%29I;^#aD+H03`e23)M)D5P!UjJeXa%!4VobGJfvD!DiAv$ z!w_l)l1r8-9BUz>9LS&0I|aHQDC+*?#WADwigQ{*iTU9xxjXiX zbzUIXKBnNGCf9?wH$`Ro?5w9Jw?yRxwFMK3L3lwBK5&Wt*!&MaV?zDp5pc<(If3f- zAlM%em{|HduRBTghZ4x*dApQ+A{16+fj~}s4e;_NL7(7h%!6)IX%Q$)p-9S2@TxaJ zo#81Pf~s6=gF9652V-dJ-reWL|LlHFwl!>G@qv$sClkW>-@XW|{BkAD_ zz=XRx0?h#Bv;@ln>>^OB5r-dmi3DiC%0cp2%X4So#UW*a9OPdiKDTBw#VD zT$c`LFH+CO=+Hm<`IuuYb%YKH@b8m*HmoCCIMX-c98aqnH8cAU{3_cu1F<;Ymr?@a zvi+y_%jwYOexmdNLv@CIgZC-jqBq(++2K>5#pVuvWgD8By>t*tV{N@A^+QUI)IgjD zwn@M)yXQI^qPNsNJ#y zF%{oA0jNuYUH~|rh_BqT-e>R4j;}zL+M(1BaM-HwMi02e3vq*XcLGP17UKBfXvlE@ zF@2K08KGzfU54`Qkz0x23oC9!_nuXD;)Kko`C&yN{uI_`pBMO0tOj?Ydn9_iThzE4^ zE>^1FZ`mH34zW$eAEg?7hwmY6iXA*YK5$Cs5_B=NNV`>|1Fi2d8+xh{Rza`VF3c(i z37Wn$29e7Ky7M8VKDpg{MESpzgQMLkM0yW^ms#`-^`b?A1C1IW#!TkCIyR9F19)31 zW?!F53>3_gV1=KePjovc0}y=QVP8D`ZZtMXMY9j>1 zzrNE|_T+eXbOV{NWS2Vw1ABY7$^9sSar-4k$p>Vov)7G_Uw2T5GuP*u22KdT_M4)= z$5Ca3rTBT;CBw!mhq3&#&;Ri9!pKlWqTI0UJ%N7#nxAG@=GBijO$YltAJ0flK88thKtT}oUif~B zobtDv@Sd+Fn(uKcx}W8#KhZvl?z_RXE>7rlZ5S?$vM=NLPtWJ==T{44(Fz-`eI1_& z@w2?XJmyzLg2mW7S^!Tku<*089G_$dK~FCV8xp3k0OnV{OvOxmq}e;}k4GRz=3oXA zsLA6E_2FACEy4Z_lTSql@Iwt+=>-?pd>2v3=AZ7M6fTh|E(&bxdXbgqV+PS`g+Hmcm;@?cv>=C7dhq9= zz&7$LKb4@ahd6P@pONu~E38=HuB$z+3>JJDQiz=O)V?QRJQZs+GCzyT0Mwu;#Fi%O zv1q7J{LZi~UU-_!<(g6hKn96YNI`!=oI={0gCTbv)<1a%iu!~l-!nmX5?W06Y9o5| znJIOA0NvZ0_$0pb|yM3RI8rw-SMjfpP7aI~5-TSBnI?6#Cf! z-H6gY{1E2L!Ev;k1pB!_>TlOr zz&jGFlrge=YPzU2BoUkEUs;RSnp!G*gnAhQLeRr9Y_3}n3?TF7QL&1L6>oO<(sa2K z@`+UhX3%DM^_*?xm$&!zc7Fc#_GMp@&#kmjLZ|0Qlp~#L(P^FS-PGfXqytTe^MT+L zILvlmNix#nQqXa>exJj^jBC|pptOXLPq>=m1H2ku()7j9O{J)lq=`9U2r3r9%6mZH z{~||~SVz4y8RJ)Du29X_VV~yF@{Mv#Q6_rIXFS3gZYn}noN*!o&+*(Hps)Fyd;cV* zop^}Z>eiIj(k8{eUSB%Pd&emLvFa-K{_>nrk+bMIefa+PEP%U2*;@Su)pT15kbXzP zq}I?EliL+^x4C`?oHLyeBD_~WyBGUDe012vP(g?oqwYURTei*fnHa1Knw%5`mZz$v zT&d2hCevf@YS;bL4-jFlUe z^)ZU4gUsy^s(#3_=fHJg*#Xy6FFi!s623+aCG^{Pf)X(t!VQ$?2==C)hf#Kzf%K`w zMFV&ZoGXX&MPzBZ#c)BJC`~3dVOX)JGP5yN!7qQ0l(X?HOcQs1$5n35c;tsIwSj0d zSA9g?%6=}S8{JC7+S;1Cyp5HbRuecf* zxi|_Wo7fiCy7jOoUmCGj;UHD%HO4vFRpb4lA}VGiwv{4Ges;F=y|<}O?0yyh4^ezT zftE*cnmMADb5z2?ehlq`F6zf+)iNag;fS+#E*q@Sj)&QG|-d8hps zv|7wY2f})=t{qQ1plp5wln#GdeXYSRY7UiwS$O1ZqEWI46{CX2gvwOU7pJ2?J5YR| zAv*3Y2cPC`4Bk3+W;Kc3n3!HFs+X#|3RJyPmZd2iH3_Bjb7}Xj2gwY#xF8;_e&S=N z?`dwTGqRfplv-)c&oP`xGEGVj3uR0x$K^S*80=KH8r?ukYYgxO8VBn6i7CvV(>Wu4rrhOD|D2=)*qTmR&VU+8s2x* zkW`4b=qYyzUsSz>wZ#%mKfyv+h+d0aJ<*vJ_{y#p_}@c!dvRrwGks45Q>{=KOn_40 z3mib~sgATWp0ss$H)NCP6iee{tx_cVe_1yV5?S$lw?GG}NF zp)$A0jtW!oJo(*U0SZ%W{2uNE@Vh(#<|o8xNV?wPMQM62phao6!RIGr7>Va6V!jtZ z3lMj8rlhk4rEz`u_fHBB^XVDO`1Vg?i)zb;LI>Z7 zl>2j4o*q|j4_=@72O>rAnF}Vl*L5FPqHzg6Kw#c`^<6H7BkMrQ!zc=L6(a!yp#|n^ z&z$IK*JKnBYUisZ0EVq2$fe{>=G9HZrPb7l5aME2y;qMj@{mxOzif;-oaSGhndYdm629z%Y$UpSIs} zPNV*e@Qh@?=6HG1_f!@h1tznE*WWVJW&ZiQqT}kb4|>tY+dxXOdMxQP#EeqndZDg6 z$D)G$gt{HwfdFQxkJQRaR%%G`GE(wmqvs3Kc>Z%(CrweZZ0*>C+Jlzj&Zbv`F6P;b zklW#kU=5$El zYsNnfssPiFo*!)I_u!!$(#}8pVg&XFA^6Q0%-uw|oh;bHRM;8$tO#Sb1cR;KR%c4q zW(wYCN;hUoH)rav;@k%Y-`(4P;{^|Z9WL>q1&ZDNMkC?Fo@uA?Wx##MNJG5{-8%KS z@L-YdEbiJ6C13|+QbcMejd>_m|8JEhEY)YB{;eoK-SFgfq_iM8n%jNi|@UUYvA@}=o{$FWK zeET~(j=$Ho=M&J`ZY= zBkXzNI3v7C?69{AMbWsW@*^O!|9J;jI=jg$633bOslcUl#tKxvxC>Ce$d|+(%I%3kq|9lh8&?o&_)$a_4t zw%g#v17nD(`p=EF%r3&YSu`ajcHAJN`_blUqS7|K7NF`8CDj&nmV?(9v8nBVI!$R} zNylg#-aCu+-MLMNzrsSLR(HTc^CAmbPM6&cEpg(R6voi0n; zwdVlR-AmW;VnzO0TrUz~=gl*RIf-vV7YOo*_9h(Y!<6)C%Fw9f>-Vk1ixF9+RWVWq zQKNEGux~T=U;ZA!r{rvfRgjd#FFBFuw=>V$#9hjLSTtnbnyn~UJ_+eDB@8=#%7Lz{ zsrfl;5X%*;;!gyN+%q-IS}Cm38l(pq6MsD5>P^$Fd7h7C1eFkTz{c$0U)I*Ky-3K} zt~$IxZ@dU%Wq7GzRaKTJHk`pi&0#k3EkR1S>DYcwzKxd0%mOsXeia_^i2iV&5luEK}>!9^3}d6&jb6Cqag%$W_Bl}XT-`b=w3Rof*Y{37s-I?<%uVwZ>dyl@R# z>Y-VsJZbe?c*WU2aiy>ljbT`*Vz(s-tU*@aeuu5R7j3Bje`D>PgEQ;C2jAG}*iJgO zZQHhO+qP|+9iwC0wv&#XO!|GlGxfVuGc{B9-hcLa&OTMoALs17*4hi7wRV&{A3$c} zkA`#@2?xHb-fn~a1*GCh<6fcY2{TTK%lMR8ocj*nb8j>HvDnZB zO5GRGwl}9k?#;~fT2r@H-&>-=*ANlyMz6}j!AX<4;qY@SP!B!_QOaFS7C7T+&_Q-P z+5ByIkMTxHlbLm_cq=!$(nrAbq-mh1o+Za0eUmUXi3Ij(tHM9?LX&Uwi9SmWJTqn9na|5ziY zOc)SfME7Hesdsncu~oOm`m6uL7TN1U)J%5w1xcggz{$++Kj>IeOcK-07O8_$fkSde z)&YhUY=;ceyM$d?c{++T%{__i{omUnZ_2tfrW;mD-qme$8$4{A)>+ELaskq%cwrsk)1`*H@e|3@rACcjjS^zqu<#aJ_bq-;7@gKoe6poG z#*TE|O00&<8JkX*7!(j~hJ9EleK00kZBbUA#^430P8dSP6iK8m(;6hOW*%K9HQD73 zAe#^!fP^t*nO4tBN*fyR@ZDYtVxalLbU$X?{h2deiP6`xjoSa+Br4zm6H zb6c&heXX--afSWfX-l?BV!%TY7L!NNV&;6)p#N3-WGH=n%H_(A)r(Ob%OG8f6$S;< zs5`?LbeUD>QIVY2aU`|2>r4ebjAXD7l z%{r|EDt@7Hbogz(qgpA%7)VI@7`=!GcPC}A@HhJ=2sa z<&E)EZ((SbT|7OZv@VE$9e^g@rA%s*E?N4+#K~x>45M_=+TvMJ+?~uA?eJ654ar~O z$MuA0JL2*VCTjo_HtPZW&wvewEBA12wEscako+YKJ!?3~#b$TbUy*3WYj)UV7s_=6 zR}z4?yGz8ji6(f1N&x8(jLQ_^H?i9nrp)Lz8;t)%I)?|4n}C)YgZ6S2_4(rlB35e> z7ipGk*31M`*h{J2Vz#`35q1cH)ju8*PA=K9r0sYSD|SISmkcDfIb7miXHBp@ZO9Mq zgJ)*&9wbcUY3Ht3eqxZxPUE-)v5TsrQddqn?`TiB+T<7q3S` z&LX86i^`YiqqrfuW{0Gs%wMWC@#%EsMwoDt#C&wK@WAc7rw>S z@ZYTpnn$@h&~W7tF@X<~>IA-PJ)|g0#yOKeSDVc90G17&gDdzbyM!JurC;MlQxQ?* zFEm(l*wau?sR$M~jSCNZdeCGxPWw{51rTrIA9f~H|2U*OR7|J~F@th3`E_#zs&eJ` zCeienp*dpacT8}}G@&sQc5l(w>KI9^x?X>Tq(cX;50JY&2+(xL?IpmO8=mRGF3N%% zoQHa^Lr4x14u3pwT>}1p7vLu)f<&OFqqK2dBm)0mF*Ni!tg+{imnMD6v{JABpAr6r z8B*Lk;Q+!>kI-r%95iATx|G_q;0B9kF!N1ektg{#>6to8lU(DnOuA^VGO$|nKI0tK z1fG-LTa;&u{XNw>S2)_cIeEO5^;pJfbk~>$8z-`GP;bMXtA#B-(8?j6q)e^|b(81r*nn#D2A0ES16SSb8f&wrs&B~|igIyCD3pGJ7J?eAQ_EfUUf1Wui7NEAOoEAX=F;52P4g ziNWxTpK6nkTXB5Kq;Oy5xNZSTIb;`V&7{~bqaxADz5(<^%6W1MynUJ`0P_3PzWfZ( zs01M}->wP>mWj1=By}D^ssQwQqqIxVrs?`RZ?NB8vTdTj$n)DgB^du)qZ%E08{F!D z`wZm%3pisKalIZs;kV*4&5Go`Zh&THX(2G|BRn6ye#4fm%s~Y`meYNavU;E6 zqx`It_9{HLt;AE)UQ>#h`MEh~SEw5SJ3}RixG~J?lSQY<8E#ht8kHW-g$6YYDd_dK zBkfvek1V3?Qcyk|M6ro>sRRxdk)yRprE@*?4@TK;ypxqnEY;G{=?}2=+T{61UIN%d zMk6SKZLbWG(7QzKPB;2U@Ny~=8bc%}1e=zqS&S<7eV2kFNzletB2KaPb1!x*6;t8T zj>UI1`jqZ5%*Ym3&AkLOFoUk+5$b82bAiMEOJv3s$CAEV1C4!bQMBlurI8(l#@;Ru0qrdGlcIIo_wG{&~bV1eu)`vSM z$5B3Xv!CQZ{MQNUMI1YSVDTMBS!W+Hq;ykKhj9(@kctVr%)W)e`y~iH5!2GXM{&E61wh=i4aPs_{0TGjinOQrHb)M`h5zm#;+P- zt<#D9g9PK_{@xl9Hr(k2QSUt1;eMd8W2v!C8fWXB*&NCYN?dlqtoEf5^irY{aD!4} zaRlJ+qrW~kN-!cDFY3T5NlcQjH3d_^XK~_E*DdfiT`|OQMu3w74za=Ask#Y}J>nTy zG)L%W9+B@B`AhGS07SNpEM+6PfLajzxv5$nX9r${zB9{#UFE0qg<|aZ5D^G=p}`;2 z^HVT!h~1$1@u8Di!)!lXf&hvDwCa@$<}_Jb6MtA3m}`wv!d#Tb#l5#|B7xoj(3|7d zK3G4OBHy60YAQM9AV${}UR5v}v4J)CAKYUzZw}DR5+M&e9F|Ijd<$j^ml=Dzh7vEl?|ztWSTKye3H;;Hk8Wg3 zti8YU@y%J2{I1-7kom6nfDax{9MWY}BX|Esg;mk+QSU?yE9*@jcEl3B44IE0pC^58 z3`M`s)DnWLv9!HIRQY^+CB;)^w^8lD&7sqPn?YeMw?_TH_Hg=r_%KCfS#dj`v3_a~ zg?I5As7AG7k)4Tb-qRD>D2eVCSO=+Lk;|%86leMTD>mtyZiXHoxKF#9Q z^!B#kV*B}t41ZA{nX%0J}di61596;K$Ksnaub1PE9)0O6U0J zXmVw!J66>KeSvYt;S<%!%L(D|!vO$^5%m0s1I(FexFGO{0s#%U=FMm-B8p%L zd=zVAil@ZfxeU(YVX>6w&jzf+O>W6e{gLokYO^C~~uW*P^BbEx5hRXjS}Mlr=u z>vOlLvH6Y!LE>J102}dSi6riB5^8Hr(^iWe5BPyuSw|&6v}zEmW~G)u*7{3t5U~NV7*r;U}CikU`SM=KYO5& z#317Kk1My9Z*g>MASg^C<85J>?TXmEFI-<3W}rZqD5b{sGf@9%Vv*q!eX@3!}Q~r9|7_i*Q9- zhf@efwp|fyceX-hN7HH4*EH4E-{+O@Ct%rIobsidzJzNgPnLFdd(ZMjD-GRLa(GT( z)$M_5GfbHZv_2{2GsX!be9RgC6q)XJ%@J$pHd@&g?%9k`)4lw$3@9&sk`cR)^o}4; zKe(<jaqP(Xe-iK?Gr@&ByyK7wg1jeNL5Q)=mUI`WD z-gm26s0*o-`UrTW&}TExcTIUVNS4A%y^*{R z0kv+eoV-(W7B!B;R@5u0_ zHp5^=MEK_iuMf;1bZPE@2N%3_)F6Ji%~fmFVs;yTX=W{qXK6l|IXe=ow3kn)(HJ|f zgha@_6HR9qA1zx%y(+W;Zc(Xgs+tEcW~Q{ci7P=vt2YYA0@NalKu8#{P`i-)L*hP}00D-{=+(?%9 zvHWoOs`_F$X{{abrDwqPSgz2&GwUf%^+>_}pi|(8t=%+UTaUbaE4jYD&KyD8jkK@d zbbkp-U&)@6q&dEJ|8pc{BRLTQLTkDp5JIa@J=xLSO5(#{kKLKs4cG<8ax1#Yc;jG% zj8Ks#dRG=+td(2ODvJ0N;S(u#!khs)c-akDQYm~A!{yr^qc)_GAvZ{CAn})Ehc%NO z_KB1_?&lm8FPNv^3&n(V-6Bo{!~wH)yh1c}|E?wAb-N1Fb4a93q%#G=U!xlYAwnI>(f<%pA_e*BwG*(&P?oOR;;;_b89SaPyLMfZQ8ia$g10b4Ds5N%Nu1U zYGGA|t5-{m=u$CAb=gxS@P7Uhfh2tfcw%+v{%Evn#K%}+&A)q)B{@c%qf#8p-#Y^( zkSAN_)KxGuM|uh8Rs}gM#kf+ULoj-JCK|t?y9ghhdarE&i3gM{yt=>d|B<Pyo2{z zm57SmH`p#{6{OvO9BspV4+D2BwoDrMEOq1Ni_^L zH>KG}QFF>*K*g0*G(27ssxJTNE&s44GD1Rila?#iE-D|s~;wd5B#XbkF}K}>Sdt=rf+ zq>1f-Mru=kRQ8|kz>rwxBYnp>e?ZrDX7#av0jf01%u?%7(2?oX~JJ zjHxTZ6#t}47Dr2xa%DeAh}o0$Y70#8L<3427^Au=M=LTUc&))~g?q{PpfEjG2rnja zeDlpi^7O3t-oF3%@J4#U^rok2;iS!_L+ViU7(IOFhTqB>u?}C2+c}KV82LkTp|tla zfD!3;Y@oU?)%>-{a`k!}O=*xLreqh_N+PvGoGEb`Ud{F{DT*V#Q}#Ph3+GGe^~r1K zQ|UGFg-R^Gzqa;hW;eu{BiE(rM1W&Se=mt|6FAo}iK)jYjFtyR`xEl)`;c0PeB#gxa0DG2D$`4(_ zpMkN%QGsQ-fZ2^9Uw~^unxQRm;bX7H;jCFkIMQ$w>yyU`O)ao2pMRvxY9!npID({% zRPUHsDL7n+&i^N)&jTj`u5Qp^542!(e`mXt} z$5?rZo-j&ZT();2{n62q5aJZb<#KO)6bmLliUg#;%`RMglr!=;C}l5|0Q7RXA^})F zQdjJGNA5P-mk}+(j*=bAJfJeSy!(tK9Y&is@~)r7%M-ka61C!|%=?(WYv!wDT_*T) z9+P`}{iXLA|E|+h=Fp*BQ;$i;pVR1Y>*HeRzo4T#V~*g<58}q=f3Z7%Ljq?=d)@ma zUF#>1qE%FsDHx>o3?TRa|FC~Rr`Zk{pu6{WOBUeNwC@OzhMftQ#kp8V$rF0Lx+#Bb zF7Pc{*x+rEoA2_Z*_X~xAqi}1TXr7-9sTJlPYa_7O-O+*F@Wtj3>d!hI`f`9n_hxZ zMQ)CXM5p5MUnLdMw26^HzA4I16RE7IeL~)LzONjR<2fl*cmzh%!;K0qyI3)&%+q{X zdRMGuiEw)&&a~}e?{Jul{Xiq>VD6k5`>?^Ms6IDFo9dO-YI*8;Y#XO>P=-(wbed{1 z@+nnzQ>n4aeuAJ`bjK2}#o&-_Cx%f<)?i-Nm~`9NB2lcWNITj7+8>tdw0jj--0GN` zmS+7Y{G$~&KdBnhH7^&~log)&lcz_J;Sd|1ghbGT18qwu4-I=z*hzW3$r|f+rnk?u z8aqC8NYb14+xDUU7B@)v@UXWt&-XfyBZ5RfMg$96pZ|;s?*A*$1r5Koh=&=v=G~6! z(KBmocZaUA+hOZ74fP31>WAg)v>r^Rpw#8ii6P6}hr48$8rG`ngh6exnd%?hC9dD6 z$Aq&{&b&*{4msiPPXc{TMN;Y`F zObb9~N`Xyf1CIz;lQ5zW^{6k~PGHNbYAeQx?-1cW41K*R)12VzJ0g8FAgQF1UL4lNo zJ&o0@Nh=$WbU02JX&d$p5TsEYr3ij7;`|=al;@%-6T`oU?P3k{={)H*Uvk3^#n&aT zXW#8F#5K({4Lww;{$>>v7>+h`wXktMrPNF7Y89#h3_=5(r%u4na&^#U`y5+)Ri}wV zt7L#lp!DU{32VAcew2$I6z|qlJDy+BHvDQcm3#)Fv79)kz|I(L^b!-{T1AYjJk=IS za(AJbBEXf~I_=WwzK=vR_Z2#R?_ZU(;!T4Auu|5 z3^AmZ`0q83QwGW0laiDO*k;_U$AU|cr1l(OuB$IuWBylxrkEUy$6-{ z+2658NL);L(WcdRzJ|&z-VRZCFU@?Uhuce#DWq$C6O-zB@>5|WC2r28?#{5wo7=eFib4Ex0L27Qk$+aDW=vgO3N z>Nsl;I%(jtBzm5luu;)EzzAuQP6g$hB~QSTKN4y5p{aw=j}>X8Gwb?+P*8BJC|yfF z8b)J!6)xN1je15Lkx&Q*Csc=#d>&6|`v!m#cljBMs{%8$KT zfd1*RcV^vO?S$^MPBLZK<;&_F6MI1*Eh*;e@$Vx^v&!8%3)#jC0uQKYCtlgIw|$Y3#Vk{!WDX*#)F1GE1YJbB2f5T9x>NI9YbAV2xX%O}r@g z93Wf9Yr{2w#w%OlU(*wICuLg)e6NOkamr*Wc@fn^|xjD zQTz3J$Owhg-mz~l46M87wBHu&_r~jiD*NeEdZsdHgo(4GXop$|kPd;r&4V`)RFQHV zON`ZIm^j(omh@(LnY>UHGrR_LE7Z3s2fzLt5XoIpFiai(fR=q z%|V&F-~Q`_^g^78o@wk4v~$-{y-x=kB(%3yWn+ASSv08kRuLNhxkzyFns<dsO46R%S}$EL^Z*o zOyr{PFTqxft^R3VKj`pXEr;=R<=LEf^RBPA4TXV_cHg+o2W+J@BE=`#Is9!hYxNDy zb4ez|L;@Nh8go{h9P1iS3h(bcoUgCdx0av3tWEfNr)%}RJ8U%_hQfQYYHu43*+z4+ zHndt2z1f^mLF1_*bNT%604z*8o4>px@tG4u29g(|Xg6tTV#9`lCq=g3bjug&Pg+H9 z)Asw_sSpT5;~I1W+_bpQBj;RRZM1XcZdzdY-RUoG>Um<0wwB(O351X24=-&5n)F3_ z_v}<+MR2gpi=J=a0T)S?%xW|*3TFeAjzlU*A$XqmDufLB`T>|ETny(@Uk6dc)8mL9 zii`~!BsHhn!VGed1JoOS98E~2lhYb61%;V6YrxUTE~Wra$oCuq%u}>+X)RKT@~R$< zV7n6`Nf=}6wRpw5Hwc%Q!cX5flrFS*wWeu79wUzzxiaM&Z2vFp3%uufH1r8m56 z0iMWNXI13>1w7ID`{fq&xct$@4`cpAu3|)eQHqI0cd`|D;+rd9Mda$Y>i*4!JA|Wq zdp#;=b@hwQSd^|2arMJs-}DlAKmO@AU6-~+5+h&&Zx$8?jEsQ@2#eq&WEO_5J|U_X zHk0R46{KoRuBpE@PAw%TX-Z+Ur2;b`Di7F7w$q{?;ZpmKlcaEP=z+HrR_pWT5b_~? zTsH51N=3>oT74+4WqbRJ34xy{GiwI?*HbNb3h=#dwboYga((u1<)yY@eqMRf&H(25 zBgoq|7zhg7j1FTh&)Ilfi$-@GFk z4a2hBLO)YsWJeF0j(DNk58Np}2GEvNH6~#_vYo8@H*9kR;AULcdiS3YGgLYs#BG}W zBTF=;9;@)Zi@aH5UGPlYKe|`=?qnOW$X%9lhhbu}9~5^-tu|$s4}7K-b9XYvdq6$Z zg?KDNp3qXCL(cfYklYy3Z`>?4xqJ{ZFBI2LO@N`g)1;O>g(DhouV&{Z@Fu>3f-7y0NM%j_hc`u3WX$i7X z7VjTr`CXIj+Ycaf2~b>piM7TerHl>YpUO9BS}qZj0DwLEg4D&DPvpH+(HDmh%m~eg zRIR1f6z(YsaHHJH4BCl;b+6$6kPbypmm?DG`ZKG3u9_A4c~qI*v~pRILycC;-`D1g zE1p+NV>Jm5_&B4O^@Bv0Q*X%`@`ZoH`R^9*zHYXG;YH^atFZBC8;1{FwG3G4f6ebb zk919gDzYMW(`x&I#42=Y4;3Pqj^lvHp8) zSdXs9MRNdOV^stYVAq=gV%}E51epvHTBh>p^bqpa$E9V3(NzVO;Cp?4*XRJ0j%+A@h<^J!XR?0KJh~d+AADscloYRt5b(ehgi`ceoMJrXED$Zi%Lc3d`Kdft&e`wf*18s`sn<5Tu1<1P|sH!ybo$wt%dxIAc%6mf^ zsy^pT30hpM!vAGWA!~Whnm!@pF3- zo*dcnv24@N3U}YS=5E2*zKZ%S7#s0Eki^n>>CX4sfv2vNrrZ=xKgGwcQ|7j$(OBi9`_TcoEILJSn?8Ft*sJhm|!jZ76Ly zAFMLvg3ou3_v$vjj77$cGG!=)Mzh@W8;+|8x&9F|%HYswHDywKX}7goO-KQhC+b;m zNDa@h&d|ES;AJ7$W+uDb;^?jvpgqc`;NfIcP0KtS+r+>JZZfGAk0 zK2kPZ*tQfTp;3H}v zFd&un=U-ZnI48b7NR(Bgml!s%Wc)AFwnv>|jBwl`wU=mEXwNzJP}eBh)oQDu%hMeF zU}UUVmgq0qDt~^Kb)t=~hLJY_So#z&M~X{HtPrI(z2-PjjIEB|qd#zZa`qG(;PeCL zWSC%;d(k(Hj!UK3XC6f-h@{+#oai~Myglzxv|p+5+Tn&} z;*-wfQcvTOkLd(c1SMjoe=Cg7ldns697x&vq#jYvoLwm^lh1I3_!p^tFxin6HZ{ab zCY`I)FemOUS`30P-fe}$+YPVeMH~zb=Aw}K~?-iF5`*b;_E%8mYPqHeSH#n-X-?x zIHF(C_LSA*4Rx%80lAp#36apOG=33lu;`49v{d5_rRN*rThyW|+ngm4E5~|t6)IQf z#8q3JZ(uEyUX|1l>g^X+S3q19zu`#KOrWpo`hGKz+%L|SmELBY#f2`v`E%E=zmLzY zI|d{0c>ThJabvLMRwDU@ta6`{kJv)oJlIlUAqaWV+egq5LX)@$P9r7n!L}hH zxgzmh__W<4p|-3bq+8OAEwzS!Cgh{GsRkUw;v*&eTMJ+y6)iH4+2xchz^bo&i11)) zYY~elb1+dv5eGT_-pzhb$a6SaLw$_nM;Q%Ofw{)KKmOG?0C*!(NZ2S5NzTf<#ZtlA zPmHbRfH1jXp@IR**r;Qye~v7ma4>KH>6-NG^stKoI?be(fxD$3v{OLVyqF&CiI)0B zv&YW9Z1-FOI`Kv8MGemZPrryQm)L`{BmYds%72~e9!=w;Gady2-kePHu=!}1{z63M z8ceCSn9dHXu4F(Lm=cE^u@n@nByBpBq;pHIo|b~G5`nLIZ*l&5u4d1bd`kku8Y)uJ zg!+iLkfT(~#uL-WxS$L6r^7XYwA}6|Ro0#G@H)DY)n;c_-GC&1%yqmYyQ;DJSi5`S z0fm}!k(lptL(zr?s^JY9-sHM?J%w|asW+wdydBoPRNJA8qX)EN|L^&Y(i?%??)lnb2srIG&<^ZT5{iL2qhE>$l z+9R)w@zsT=-@i!-406S~yUd<7`0Mg)s_qxGKerWO7bz{-u7xZ~Ua}ZZ#>Fm^9Nq6k z>T&k#Lhzi$-Ies`nED!uV6_>h_PSGqRE1H@>z>QBkR?Po;CXVCN&jq`$jTwq{tS-6 zB$3oCan)(I`2*(ywI~}UXcbv&vPns~UZqaJ{7jt_ zA+SgM69%vEIGgUBSQo&0MVCJL%2SLZ4+U6f&?QphH#XK~a?m|cXPzkL<|4Jc!)bpl z&BNoGT%f;ER-?lZgpv2$UXSEu8#qx4Ug8^@Zn0KvIyVD1LCK_h06BHVs2MTN39Pc* zq@ouCRR`^(DSdF1i_!30m-te+!~0ars*#ANlNZ^vAu);^}Joy<47*vyZN?E$x4@6 zKt3&;Zv*9tHt%rHV*{6xsQIX1(d?hp{=S)ppdmiv>89=2E`rFOkIB!{-Rc6bXIpY% zUx;tc9Pih8#W2*O?%SY~uUE*Q@PLAX4L^-P-Ha0jN{gysXCaEfua&#C)2T{cc~u7u z)j5pfMwS^%C&#W$M+lBuy1Kf)Z@0xCPp_}9_uDq+L)b5(s=_kIOZ~LyE@@UhZkIz{t zA(tMH>i#q+jY}=p5xLI#EOZkZ_p%?dZ)!bRs-gDq*Marsm?Wv#79Scdzq6(vJvC|h zQ5=*n@VGM0CU0_a$HFYn!N{>o8OYH4vGT!|6gIcbBR|SOn~yttP(JHCTYPt8Bz!;U>TTGS-+FYMRq0nW&t&USZbjY~%)MSa420XRrewYuJ(C~W+oSsJ z+B_rJ7&HxgU!OgcSdo1dM70%Ge4QS5ce>l1l&o^wnfyaWe)h^PN>=V=d@(#sCLS1Q z^0?@#+CWfUv%C%!u$0Vl&RfePq+7JskrDJSbVbNXEviEmhgoUSKwa@0p9 z3s1Cw5-$AcGM6T?&1(0ds*sbv+xhfhY9__xMidr}Ya$$1F=t$E0L#(=c1vTCwUgFK z-|*M4cNcs&HVt(1DqrjC`?AOn-gVr^Um{TI-mh=1$mw;yC%xz|v#KR+wJtjG7JuxB zuSEGK1@V^elz28#mg^lq{tn^I!j+b`{chX@s61@)vu+wUzMvq%`Oisz=6uTlys|5! z783VRxs_Az-p#v6LF)|@BBZ8GS%;jn8(n2z;vpJmP7|h>WfslGAI>eJ3>ReJ1o*j4 zYtkqo%(3Iv2htxQ%ip+u3u3GuE`i@Fy3l@3p$9Fw!)f-_>kp(PUHQuOF*#ddZ_pcE z!Ftl&$j9c|!)O%&UrNE_T;hERVSR3y(7iw;q$S8-+w`M!7Iw)DX&(vFU5wP|UMniX{II43cFntgX#_4g!Sc9!DwttHxYpJR6KEPr z&rgAWmKR52qJgq{9KYA!zpI=(3yxRcJ;5&4Y)L?8qW|`Pwos5EApI$^rNRfJ-Juil zRqfEW6mkY@ub6_zZ)YN_axqeJ5~|Y2lYZBSj~70_BxZ0|wxgFWxgDL&1LnW){IIXC zZ7zT%;&KH9f?)Q#Uk{j=|7(Ac5!;kc9gaROZvf4aa%iiep4DpL64M)UXrp3w#K3lb zC6nn06?QYvQ7cksl-iAhKOENl1cFBv^Y+tgs7@o))4eL1Sra%Z=)Hit&;;nmFN|KR3ig~CMmMUgeDoVfrBQ|%MTh^^x6tWWPp97 z*}A|uNZ>?+&&G(^p6&wP1;3_jYs+n44yh%SokX>1JXCf3;8`QfD;$&UJ#{REL|T)R z2g0bBieg7vG1w~GL zzn-Uxt7GZ(_+iFM4ONk1idGgY-J2jX#wp3LS%Xv8{O&5H+{`SPQjubVe&?#e5Ao}z zk?rBx=c;I@0=Nr4bZJaEBle>L@_?x3{svP8n^R`L{oaE)$VzkA(-^~*F`eOa5*W|y z;`uk=EcsTgOsv7f_Ny*VXH!@3kVOY@qZ0T(Fq$kMIQkh9W55)kCG+w{_)>8ZCO_su z>5Qz)5-DM|kt*I4Wk`34VB9~y`MzzX{gw1eM5!jiu+;|~qc7`p_nK?~)>9|H>;V3L zUUb_J05r^x*^_G#e~~XHF0*^tO{Ty1u_C@qudyE&Os`LKLZxz!EBqej#TA5D<+~vO1bL6_XQ)}b7)Aa@gTScVL+YF`U&juw}@$mL+QeYnodA(lb5 z{5JiLYfM?mDN%PDKxJtK1`!eD6eVS8CDxcIib_)Q^umKq7pA4~ezw=Zcp-E@zF2p& ztBa) zn|2lq1+;p?nl>Zhq%0klvY?c3#qkkxQ)aIrd}_RS`xwj@J1roRKDgldc>NI!GDY~( zmM}=?Z-OMAx)PB4Md*Cv<@ER?A!pIFHbgdDvomtS(NeOO6A`YbV8%g9=<_R20EC;r z$1AEJU|POU)@`MM_sWbqi6Rb1l9_OD&Pg0mIMl9rHpqA0V>AM*p+D*6`>6E;*f^dC z^+)0CIApe(Zdf| zCqX5sMoOePPXA9GRL>5EnjdnJqJTy+!3S*mhi285Pb16X$SlSALofy*73!6Ww-gDP=BY%F<|CE} z8rAlO{q!^@AMl832BjE%tF2CJ!@z8D5=nIb4^2wh3Bd=yjXY(xw})M}V_UEYT(vMoj=3dfGbIc8qP=+zj-R z`rLO*X#UZLn&U9a#pHNWjzvB2u~*~}*bQb3+Pp=KTT{z1EkK8nSr7)czQBTLr1<30 z7%LN&%TYOFhj${@39B%9r4yNLVBu%?`U(iD&0|3hILr|N9B$QPQJ$aPZj2C>5l#{e zvzKF*+fI*C7MQh;z~?*1RZxuZigNl#`e`imcRv{6r)Ttz^yhH@`7Mh3yut`yPspuO z#2dm@suq>7(?Gqwm=#WaBb%jRRNRkRjVkUeIK7YDnIYds0_8*$98&i*18$c+akj^qLd10sikPyrru{T-M>26(Hu=Doy{g8!ywBSSIZH za6vp&)a04Cu2?8Z!9uJhLLe~h49E!gnuXkfTE6&pKuCk~gpu)>qKz>b!Jsy^<|TPN zmX2r-YWMBZ3AMp<+?E{Z6m}*Vay6K+8CJr`hUZN%43*3i`{%$1u0mTe7`^|znH;BR z1uml;=LtSG{odFlhfX4ELq8rqqJMAd+>ee(!k<}`pz85IQW7J6g+b4r5^%JXgr?bL zQw`MTa}JO619EW>1l`>KfI4E&*~FSlyw775xObmLh$Ke&a_9MS}{Nm zl#7Vt=uK2PG_40eQh^6BcY@&6#)Nqj$D*VpIgJ&~9xJ1G+rx9P_>6P!*ZB&FAC23W zDp`mCzX_me`xA2MlSoYsdh$fpfAN7=vH0Yr9-~IwmZ%Apc5(@b!t_+{i}KRWnFun~ zQbj?gsUGaK$}5$dCiM%|@s$pb@*U#np5XgLS!z37JW*1e8f~zD!)TvXv&hGXE*EWp z>2Z`k8l>JhT7G0Yj2kgbbnOi2!#d)Lu z&c{QrH|~G?^1-=k=XisDF0je!)f;X%F()KJwMUw)rf81TU4{&?mkeQZP4xBuJ9IWl z8^Y;a9MOTpe?t;f@6wNV9#Dg0oUjFwzt*vbOpl9`pek}eEpBB+ml2qZ^DrYyqW%@= z1|={*irdfMnhuki1`}k|=1$RB>^Q|5aUTYJoo#lfl-svD8hnHm&nV&1E$EsGLSmwG zla$U5JrSfReqdk|h`k9?Xh)gJw~iVMG#v)*ZMrA-CtawdbID+pbNn>SbT^6yOPKYV zS8<^+9u#s=HvPrj@=Gh{!<{XovYvcsqN#Tp1Q73~a2E+S*X&uSpA?g4o+Ua&mdUH& z@01~L2Xb9j$zIzBVR3x1lxrVW&TPW0ope!0JXdSx zxFO;=krn(xJm?Zu(QF+h3&uJ8IlU>Od`yH9Vs1Z>2q{GKKZ&J%y+ofL`JUvC_ru(- z(u-CzVNoJROoW997||o;zNfC>ic&{`(AhWFkrv+ z{ti(e7cfDm#gIRPzgwQ?w7UjCsWcsifCTUt*fA+#q-a-|#}1B!6kh||NN%aj)DkoS zp*>v2uaF$%_om@SowA28qZ=%?bde^EA2_h%2^z`u05m8x;5L<)YQj|J*%Sfl!sMP4 zbLxu(mfcEzCo&tTd)Z*7a$#hL_hlPIr)V@a~RfIoN6Y2Dj@k+sp# z?*vgV6vGN6Ry}fq{qKHf-;yVDYs-hp)QJLAz;vJl$A`_HdNA7QucB|H#zp&n4xKv<>rp%}6G*W7}x*OcAQ;!%6M zxc256Q$B#v{K?1oF-4YVN_+y#wA^0pPd4h0{g5)DU#MJJ=4|&Q@ACp^ZD+}0G6gvv z3ui@aYV1Q6%?)31TWCfN#4Y6Z(wz95r%NeOu_% zy;{$bTg*uEZ_{9^f#0xuzWXYa)qhLD+?%qil88?$ot-fD9FlkO8oNQ4VqS! zPrh9#SH0r{m`#Af6zZG~(ECHCPox_i908!dIQ!q^aFRgyy_?nTr{hfgwAysFShm-! z@jZtR0^tPFQ_Nz^q#F5lky8%qc{1%nr|3CmiDg4x&LYcPE3Bse@taox;RUoy7>}s* z_Ap4FC}AaHkhsy(39h_okP7E~6vN-BeaCOKyw(kUPzAkd-5sNKC{=DVN+= zu9dskoH_cvf4raf^ZfOGKF|9+&-;De_wzhA7QJ0XfK<@8Lp>cyVTV=?QwdsGeF;5u zUYjdjIS0piHY@$u8Crn!BW&X#Kr3D?N6XU~{<>uqN+*cQoy%TQCl=<-DVH_oA;CT@ z14%W#jIlX#4&#cg&++d?ok{HnEV(!p=Bw75%`;{Hc)jqAV7^kTIDdA;trRNyVqSEcfNQh-cP6VeM_!N_3EQA3Q@*Qk zgm^p0SZ&4gr1Gz+1S>DKjr#L`LR40lOar;kI5m)eR{v`Ag7s$kfHiK&=<(Qk36!re z{UkFLEu+;zQ~tOyy&p(N&nm^eioMK53~T`2ztd0WemB>#r-2YsNG$g@;#hOJ;g#vm zkwGF#ZF)K+A?))uHG|xA6lBmjnX*gE(6#9^1drsOAQ-?dfp0)RNn zHSi>c>ztaSPKN~f(2JI1k)XCLj69|pNd+l_ z0ISOduK7ZmwiEp$ndzyO#i!$fpDQs~?_|)4o=f7qic4O(4${)4t_0|*&?c0V z$sr70$AHCpGMA|T1-00+yu!$J=n$3SjDKjIzBmfgnR%huL>B@v#Z zcD_Awekcq3gz2_&(kIt4GID7?dN+zrDeQ}sc0P?|y&OmiLTe`bLN9KFTNPh-mSXmU zi^x!@dyvYCda>rrr2_+>-IDTFNgf!zZ+v)8Bz(|dKdy%OD8GXpd9YI|({%(^m;q*3f-{Ig_%AqYNFs+#ARE23gn z2(=~2{dLexT#5;ksS4W?k1$Qc18-y&Wv^|!7o$Kzy~Q?tSb6Oim9ssqVVd|Zry?lh zwunVDvW3r9MDCNJd$5x%+38mXDBG#Q{fk;0&O%*wN5eEWt%@kc zWJfx=Ld2*g-SxOx!*xQ9TV}+=H!Qce!-zDKP+<6C6XdiX>%^u}d;St_z>ut~^)O}5 z*T0b4kSUk7Vt2SbnKcS8$kh~(9{$w-ju1-I)xdaLa2qo5W4t3D%&gMtVBDY2WDf+* zrD~BFa)%>|p{D5zx0}$?;Zl+yC~2Uk9KO9YzV{;#-9pt~-)a`ZI$tHbTm%6#(?76O ztwcRT*v7c(?pnAKXb3D8ezBUiON}kJeGaeG&t1Fslx}Y(qKF7TAh&qx%e)8ms~FI4 zc??rO3s|JNpw`saXR~9U&ICWXRWy^95+dH(L+czZqTynx0UAN-mo1Me+Z<+*66PDH0%Pm; ze8MV#%AAp>czth3tn2QVSfp6JMn%g;(i~??bh3^Q3~u19p9pHYiE0AE*WZsQUt@nC zN$FegEj6sFuC8v0-ez(lqodj1#}{O{uVsrJZx^_Ao|-v7JCYW>ht7J$tWJ&RNe}7v zev5ZepyVMhn@)e;h}G;CgO_S6`2PGkpR>^BpC88F_zn3?o`MSB el<2rUb5w{slrQY=@$m5M?WKB{MDd_Rc>V>FeVwuZ literal 0 HcmV?d00001 diff --git a/released/assets/rancher-monitoring/rancher-monitoring-14.5.100.tgz b/released/assets/rancher-monitoring/rancher-monitoring-14.5.100.tgz new file mode 100755 index 0000000000000000000000000000000000000000..ca0a2ab2cd0d19e22504b597d0d20d1834f34673 GIT binary patch literal 278414 zcmV)wK$O29iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ%dK|a0D4M_FQ{W7V$=o89?Dge% z(U@+`49xCE8$gp9OZ>j|8vE~gwDlzCL*d@tbKym{l1M*n4jL#FZiT8sT{y0?IpImk zDk>SL)oge)$6TfhTo%8%pMRs#X!P{p0RBH3joSbJVsvouo85!a!Dx4HZ+Ca^H>2Hy zFP=XA4I153|11ABLSp`#(VhEh5AGl2AFe7Uv81dL<1K_Rmvo9VId3K@Wy6A27h;S) zY$1eDf+}2+F@pVpPFce<0v`}+criwEDQhtv4rdgaXRI97oRvh*Nh6Ysm1R>=xfsq# zQ6`xJA|kkNYauzoB|72kN0Q0SVY8ZWEEykOG!v5e58VOTnqxGOydi@vgfc8~!DeZO zr7Vc5gd52cS_z4ZVvM>cB*}RGRf%Ob?`@tD)h8vnYuj5br=l+KBGH3?<)HUgR+U7J zGcrcHFhoZzgd}BeyPC60niG-CF8LVwHfhEgQ{Cx!VhclY(GD465A;S<>jI zh6pK=tZv5W;K^vzkD{wrl9KVo7#)m8qgS-IZbQ{Rs#!%U84hO)*YvN13(Bf7y4>5s zb?ttR(u1ezXe%c*sd7?fl!)mz$5UM4lvH?9kbDc74Qa}^5aOg}LiM#6 zqbV)OcsNXldJ7M2tqA1BzBncPlJE{t_hk)OUoQsSOvtIklDs04(@b>Xt0N#(jil67 z)^*fv(CP6oFOOIyIV%dnU*QVR`bM^-;s*WqHtWOUh0OA09jkAf^#wKiz@KpTZm|qL zeB7)9UA3==(`-)irdU3GuEJ(L`RY+`0dd4Ru4PYu-70H(>}e47S+ShFcvmyNrZ-hD zA*SNyea6kAp7{mYTfaYhYpv*jLp`fcPW;x#D)vezYZ&x;RdU)WD#Zso8ZFUo>#QW*;V(x zFy${cJCE(!IT0DBweIjpElVZ^66BI_Tp&&gEJ=?3Oo|d|2s`Lc`o2Ut7V`bf(VqcazZPTqbn-sC}&wyl1g){&_wqwkYva(I*4GgP`@>!M-ZvP%W zl?1eTD?x2claS3)A01=$;Onn;)7_`(C>cH2Dlx4jrWN4;UGJ?+QBc-Y6q8F=Hld=# zJiFLR5GgS&#%M-y#hVFb|2|U%YTTX$v){t%F!xY?CtM=*8ltx|F+R{GQ~|HkzRH*WxRa{DCsb}NVm4p*_;YQ z1;Xe*4qv@Yri_}ic zt*veJM(@Hv3xbYVHKntLYofHZy&abTo;?!D_BP^VdMjnrP;x?s>LObq@oaBzbxX%v z2pPU=j3jT!77B11gCc7i9nEnyBS^v=PSrFho=6uFQh|qi3UMBQ*$7YwR;luq0-1YLeglR}Iq+4eMa_=cooG;^JqqGEJ zm9v7R7mnuy-JtHYE^tKx9V9}M6@+^|EJ6t)(<#a17!6*t7w<^cNK+M|K#Td}9Tidx zx=pN5u%gXYC_8L6k-I$;DFR7l$^7m8)6O4Ab{oyz!Ly#ZtBw4)WZw2y&D*avWF;Z5 zAMxJ)7kvXJS_oe<-UIlpX@^0gO;>>$5iXxoK1M?#v!UN1Lm`Tw%C|~*_1z|q(;C#| z>fZ%fbUr5+WD!)!@KFpT!|v-%_N)T_>+jX=ZFI3OesP-Z)Y!K>Bl{u|R$KlLb4Iqe zLDO*f{M9c%-Ak0|n^E^KKIS#K_Ea~5sI5XXa+qbTspJtSIjJPYg@`KBN|3DKON5Yg9$}${Z_C@t5UE4f+kxCZ6PEy=M%2Wvu9=(O3Y_O zdTMZBG=3sllWl|$uInyz1KQjert&sARZ~L{tt8=>xJc3Q6je+jLF7*RSu!_DToJcH zRH!|Zrv~Ph=Fap-xG-&Jztvk5o@^(iKp7}oL4Awsx_~!Tfy=re0!_%2an;F;2(@n_ z=o-!&4Te@TF-Cv?-i$v%I5XBTgw$?QIGK@mWAs36r1OV4CMBx`ksoqW7i>|IN`9zW z{=u!!2etP;fXULdDFl&^(%(OD(DbeOQgyHTK0jCO&dV3`(v z(37$U%0?1cXEg)UrYQ70sy)GpdB#>fs86j0(tz~=iH;pEinwvc%92&~D80Yl+D0NP z=UB|g2v4%zz5T6iR4&Xx!1&^#%=OIz4;79cYC95zZD8o35I6Q8sxMRbjjF1MZ}iq- zOi?sZ#s%Th@WsLPtFKh|b4Dt{6?t_f7hi_*F-TT5)q1UE<%gG;7I;DnDi_P@yx^QI z1#nuhcBciAtrAZK{?tV}`u>{b2*s8OJly{|ydR>yzi~TjhaOZOB^@dBylei`xo*1`mCGh2J>_$jkGzbWdq;`MznY z31b(i;RUKWnbLQ#Wur|DI}xhAU1AXL#~r@rho$r#t?Vl&*bNzoX_;>uOi12jL>

    Xn_kQo({FPv^^dmH^tn?S}M8}Q{`l|07MGBlL7v_fob-C%&6TObGvgwb>0uuq9} zFiAnx4PLH4{k0Xr6&=iEVZMhp zu6B7$4P8Ov*%)2!rhB7QD``;O6vYWEXtq#n;%g>PI8m3GBFqzOBF2IDf5rhjAN*A%Ig^~LC8|Ju>uop`)RTXrkj~-O@E1-LjOv`;ZlO03Xqc>v5 zF#oS`ZOm~`Nydrs(CY9+28qMjjFZ`FJb*CR&x)T7zZy{3!Z~C1;K6W%IjBYbqVptC zi~6v2ML66}Ym(9F0@W-J?-5_&O?X;k9Y)SFG0a$%ky?sj4U0akS)RbN29=A%lx^d> z#=K_7Zh*+WAxzhgPTDy z8zF!)Mh|k9T@Y@+d5Cs$J;(`>8$skvrI;)a(sDOb!hy0$hFAqAR;7~jh2HGuQfq|b z2j--LGq0{ZS}NMS)ur-1OChnifCT|rnj~r|GG>gUhYDf>;F6ltODsvk%_TFmiYWMe z(iDX`gGR})?XJUt0ia-M)CWr}B$q&PZL%7RB*~iT1bGZHEPRtnM z_d~Rt`i zMOc$vn3lr;u!! zO`3eBwsL!zHyIvpsw6N84~LsihTB4uR$9#xtR}$st~`Mn$2#PjXJPA4FB$M>Am!7OTk`b8UcJxzA z4FC`R^~1X&6UkT+z~rn^|4$T8nvh&^L~g5YZ=)Alr-V)moL!hbr@!dl$F@rahm1V} zz^$K87Gw1H2S2jOgYVm)t}vBjv_BH<4_-U{r1al7sR@?B$NhQuF(VXoDG!7~G^v=R zQ?q%+1BaujCLErYo~~?$5PUs1>f&IK2@<5r&lQtbTn3DZT?8b_J2^%V-oJO|&S(I@ zQp0nms>T4N==%CW*bvwB9Bg|3s4=@DlR0A-NyCd|PB{76R(598!I;1(E~4KW_2J`G zmURJ7Pj>MT@=}nVN*K$zx;Xvg^J|%n6AZ!(*^Cw-Ip?gI&B0gh zfw0|b>2iA;k!nUO0&hTTV4B-Vv@SV2j2#V6&dK6IQJ{)AvRZRi6J9J35gD#Yjs(-! zwW#7|uzaqEkZ5 zCQIEuLU_V14YgCe8{Ek|2|B38{VWJXQ|=RjFv`|3`6VB&GHGD?=kw2IMVd~eWDhZR!i=OY;E3(-R+16vVy33jboow}t695Uc(N0lxcj-R4_13Xa zlb&fX3*heOXfFPK`0~Y@GnBySduj%o4KON1U;B2g{`D~6!9$(OMFi*66x!AA*8SlI zU04tEum_|28b3ziSbJ)&03T?)Qqhzp=B-iaGP9Z1)ZVb4k_drk@vOhnWj+1$)ZVb4 zAe=zd*YhCEK)1gotv2k_yn!ixJL=Ou%DsK_a{L(mvE6Ch?88{pl;h&OVv?NKI3It# z4iC_9m@Ux%?F}i_wf9i7Gp7a32pYJ9F+c;mGY4p3_R!!_&u|?@ZPU--C2chk{e=nV zW<`3E!Z*atXVDym0UDUiIzWS98x7DPSl?SuYN(w4N1EAy<{MkJUag3JwLsr89!A#q z`YW`X?tTddGh)t~B1cAH1d>bF{tjJItc^)1DRNuksK7$J_SQ{`2klo}O$s&}?v3_F z!_mQTv^S(>&DkYbL5V~%5HM`7xTXoMlHgHX;Toy5RP{`Cp0H_xE8End(Z+79%?h`c zsp_IfZ~H{_XC|c3)?{-lynTgGW@@$&M_~=BlByIWs18p^`LbC8iZbp0J&r zU^y2?$q8CPGX(RFn}8y`#&T{~3#4jTkP!4~O|ldO@Ds352+>llV^g@H>;7iDLqR%Q z)C4`ui6p$F6%lC8uH3{xSGMJZXk75)dcVeuV5?R<0+3n|kw)UQph3w|*eUFHSrTg}parJ9#smiHd;*PRI!?bfSAt);d zu1JoW8bMef)Kn&R^{p|g9tp+kL}34&hMp9(l1QO(${(TZXXbj zSOq#++g(!~ir1`q!b4o9lbY?forPyxo-XQc(#tazz(G zR#nRnD_aK(O5L4qA-sRzU7}P0(N`;hEwe?L2|=0^dCF3 zN+~+RmD_%j%?RkAK{iz53H%&GCP{bQrl7qK!%K+5D%@Hm!4id@e$#p-NpQ{WHE2&_ zxHN-J*)f0dv>l$-kVeg#fCl3DBtE!|_n2H*n+(ZN0mg<1-hKQbwn2#Y9hV$f=74Dk z0{=in-bs#+tN{izj8-!6%nHE)TIw2pS2IDth*7Ok#d6Cn2mBA6+Q~@OsZuP^gV!u4 z3dn=7x5^Zb(f;V!$aVIT3aNI*@d?6tt`?pMqzL1j8bK>C#xs_drb7s}W$gs)cbf+`$ChKL(TBl+SYqeAv zu=YfRRAPhEaogk3ITv?47y-e$$q_kl{k~*4pO}qc9O=|~0WF!hVb6n?!LIsP`|NlM z0>h5E#1L+|adyq`;vMv>czbGDsF>Q$0|VRbZ6vZeQCIDs&(2QFkC5fEuDbD!3ft`m zSqOdbe$YqC*bULCiK44SK!(b*m!}#z+f{H=I1u9=m54zDj53|euwg@MMk|>DbGNo% zwTY%?MSCpAbXJ7kz^RjhO|09@^Dq+e5Z5#<^KDs(%o<3ca5VPpPYC9OpRo&4>7Y`d z-EaRz-ER%Kk?K|w2!pRZTu?3bNsn2>n()52+PPu3!gjlbI_P*>C2^Hwo+CE-k!13} z|Lgw>wefI{B~H;Ry>wHy#!GGJ{Zv8}L9;+7jbz+d4GjgIC75S(DoG|AP88xv#;QwF znHR@=+xBm9d}V%He>7a>k-r%j$=00Jc!s4HYoklKX1Pe?n>V*`qdWZ=G;VC#wz&0F zc%7E3q?|KOa&W0ma2t$Od5zM&-E?G%#2iON#9T>g99p0PZwxDbb0TV1X$$JW(G6Qc zrDJg&lVG>@OjBXolc|Mj%)O{jXO$WZdZ_JnfLMoyF^^z5RBKidEB-k=yt*Kq!j392 z)?-;I)5NDO4A1QfO&?0K4LlorEcEoA-Z9*{m}8Aj$(l+Aj&6>34%?on4Fft@+b`y= zrd|6i<9slTcA5xG|7};^MJFC(SbpEb>=~cqIp-wodV`Vbty1E;HQ3BS=^3w49#G+Q z1llhxP~_Muw;a5)nCv{mINoGVTlSQoeXlZ-+W5(Ekv)i>P#(Y(35WkivlC5>HHABk z-bUh0cjWKU2{9o@jOL&48G)1L4EWkysvL2aOJ`@pRq zSx-PY*SZ6vrO?O?^atzPQ7zOe4-7+>*gA~2%aT2#bXpJkuH>&Ao zll|(T#aq@DuiCZU0o-`|Mws5uE^fUhud0#kZQW$P*G{zC!dl64`4q*WFp|L&weUv=={`U_{@j-kjKg=JYhb1iv zDoDnvTp;`Zl2(m`ho6RvM=e2AY5`=76asz)bVw4r2w*Hrwe7$Z9*~5o5WS2|7F|BY zav7fK`gp>i*BXnVK`<>N4qVt!E0&(3OI9=`IVvzM&kTR>PnYl_BMO=aZ?7{GgeN$U zSw@6-#d1*14c-u(|BX{gzN<1a_&&USTu_*Z9@%7)Z93*qe=_n0q$FhLwheUKCt2@#6IQikdhgOg`l-Fm6@ zFK9`P1G9E1h{etu;FhtnZotFdbTo{~cSJ&v>Dc=d+Jv-EOg>uu57OE0j&wTPF3kxW z?)EkeOfw-ig`^3d!WFU5aZdtUG#5iwpZU7Lnc5-2TY$Yx?Jm>OFUv_Jr{`gkA2bkb zDhH?}xDw9AFX+pdG(1+Pgz(2|Ljv_N6_C7Q?vbii8;MzMf$JR(X2sB~!5mkTz-?$P zT_e;CN^{Kf6(~`G9vk2A{8k9{^*PYwJEsCDcimYI>j7D@)(34nYl*+-(%Ra>!%EUa z)2OYhiy?Z8UqwgsA(gCV1)DAYLKfjeOw=$K7ZtF7yoWrJY$tq=*+ElGi-wcL*a`Q< z)A*THWW^xPJW68}x3pGJUP~baomDoNRBP_c`ry86bVY{LT#&`U4Wk=q*nWYD7^4CF-xv3WI9@+^z5S7>Il-V<6OyZ8++s4W7{4eO z&c#sCEQr}-;U^k?62NawjIMVI)sB3vXqrm=?(~9O*=QBpK|?sd_Qz5ZfDkDA-&O)k zDyCFNxp>ZAGim3{RRjUPD|jyzy-hIW=&8d=P_ex(nzJGoY6%i8En9nDgr$BfBEsl7 z%hJ2R13#!A*djX*f{1X!Oy#Bopn^k~uz-|g&FP{CL|!P&)* zyF95xIU`ztnNTGY%&?;LmJdb8CvJIOGifvA39SIM2BT50Z;y8Xocb_hLeM%09@Ks> zF8nCk%(1hK5jt3!K(zYNKE`^ZD7Qj^tfn}XAkLj}aK{zGjhvH88cdA%qv}m$4-f5^HacI?OYTTBt+= zI^mQ7l>vKlq}dApRIH?uh*L7v0|iIG@cD^9A^p<>@*|su^Av6vo#vWYB4wgPAdKd8 zHZK-|2Ev8l4Edh8`*@s;gOP2>V?xi!rf!cJLT*iRugJs?&=^P^=9h#^D#)QWbqrLI z1zU9IzMLqL z{nADb_vy!TW7TApsK$KHNWMm>arE)6ASlBEq$!flQY31u+qKDy?Ez<;3DJ}KT=aLP zmV)5SsG6s}V|6pK1t_WR^HvsFC9U?TDQ7zQdz5z7s3d*bRa+@YL=5p-b#Y&^)xH?( z*6P{hn}49hPYV9;ZMy~+{oNo>EAY|@q&u}C^uebUHPKmG#yR65-0-Qv5;mG~(Tanp zIW8A=ovltQs&8}%*J&?z+(>q=>CQRhvvd9C_E$=-jMh|LHny@6W6ujVqt&@WGBQVP z2-$hmGUI+KV~6s_caX zZX{+2QH^I7Nz?3n&PsCb+Md@~&c|pd%X;XMaV})0QKA~9KML~}U>Pfq^BW`kfgx-; zA$c$|wL5IOVsj)Q!N4UYSLnGL1gqTF7w_tVac9T_g#R4C24T{-P>`A6RB|lI%wVLg z72gnTXc~uJ?985tg|p>m$e|=&bV4$Q+yJXPakzccK5&+o57kRi{uP}nqSFq@4%Jg1 zq+Bs65%RE41^#by?XaPCjkdIvy&Xaz;Xjk2bjnr#%_w$prDGdIx|!B<=J8bT_Su99giT3zv6n545#gdhLfBNDY37bFyp%wzG*jNkAzB*Q0_=C7O`AVy{_c5o$ZB zn(P)PhX?c-Z)||=dfjoBWD7TH8;KD*nfG=A3KIPy&>cCj1D4jT^k&6*Nvjhq#1(}0 z2D>UL5%pS{`kW!1&+Zr1xC{P9QIe0g-CE# z`s~I|7;|YeCPZ;Oo)PUqYe~=nSX#$SyxJrHLCYSg;{t9kupsgPiXs&_E)z?gjLEc! zoWu;>UgH!$>s^PB<_~YW+sqZ-&O^%!UeKIm*yuyL_haAvTWIrQ1JGY?=Ce*~^?DWM zv|DTWPWHF0x5;y@>_yePwIM*5VIkwYU*gt#O5fldWwo_Cw~`}Onr)uaisU;!PH+&K z&Ho9$=Gq(L*g8Wnj;M6H9tXICz-iQMjCP-FHi5SN4Q9}Twc*=66z7R_!g3`A22VVJ zH2wz<0%&z3h(L3K^Fke3>ooR5=jET|KbR-L(B&|=ReJJ4`Fd@m14XB%KjLprO%)9% z$njv_q@D+RB667QY;jvpO_B9k(vun}8p06R8R1eSZtAy;m5-`?qG<_{nUf@hD2Aqr zvo&1?gA<&8R~3sWbhQt+97yN0&R!7cVT}binwoH)vMwHNASu9QM};)f0Z?Q?nUd^= z+X4J2p^2K_Q#-w_`3W;~0YTcbz6cqJv^KkM+r+;VM#Mf=wRb9};NQn$bI{g5AcdA$v&+@)&&p zWbIkDe26`>aJBGR5C}OOV1kmF`%`;!AvT@P-Qv3Z

    <{&iGfJUMnw=I-svnB#KA8v)Po5QF~g@Gqy2bOKpi*-1sz_*U96nP-?*xRvhS>Fk^> zZ$#AHLZNnJc`eiFx!E1dE7~EStLr$d-a4qkjx+@D4<5=NfH^lqiFWAuxtYrI^R1pO z8mPn!RK>=R4-Ozu#jj1Qe`FIg441>*67eVnd&lra-#2qF9M zZWeG;&^2ch`^dZ!u&%f%SbOoU2JFN>^WK_=p+qMn!-`e&f}>4bi6K1#Cpcdi;Tjsc zy&JI+8jtvu=v#}Fxj%N(-7j~#$PX`fA@SZW;=lud9-~t$>gOcp{kouBSie^h1p?Z! z5&7v`>{lzP&=L}{qeaurSR}Uy=MVpmlb_GO|NWysY|IknoYm{FxiK0hne@5L>hnh6 z89A3s;^KoXZ}PYt%mvSZjDE=K=Dc7yKgXAZt17!A@#tp5xzAdC=aIO)VrRxHR_qU|tLMIemvY+yPEY(kJ$~PVK~_w(t^G`p1)?g0t~? zPQp2{m&)f^31?+BEB={&{5M_zJ91xa8m+B9!=6B;vjm{k z>iF>X0&>mgJ1#8r@rgjxDcq;50dp&#^H}RlLIuw5DBV5SO%Kw&y-vw~r{ut6s@G!wV&H0 z@a*Z6vb$LP+H&`j0faKRZEDO!g~^<$?FrCBjcPGXw7Y@Gj0l6=6L30fy3X{21+gUY5VIjUYVYLER`Y`0CgoP^bC%72RGG9%qsmGG&q+7c2; zWR_bR_(Ep+S|Lw0_=F@ng|jo3jO9D^>7$Btd;4EJ>o7~MaE(9*6W=z1*207_CU%kj z)DW%P>0|*p7p!BmiO;L!PFr%0D?JY6(|7sE4zc$K7}rMOx^|rVs?S-J0}e@6P*TZ6 zNhx-oR41ML2eQ7~Oa#tUVSA-c8~5wU?Wnb8OT}CNb{a00fnb-&{&X{L3f$y?)ZI(CW(?ehG~T{Y2Z)6FcsvWWXnIR4;Ctd5d6ucqSsA%uSap#3l?tHcM%aV6AVcyylr ze&gdEnR|aGb4$qFvO^aUyJeMDkvw;3-9bFebz+ML5sU{W?U7_*8kp7v?koz0O}lBr z9D|XhA|BqtaMq6R6EU-%bVOKKH}OLkQy@V}lCeTF3F(v;L_15RCb44z+cwdX&sYCB ze3+BV4>f1m2eA+zE-@b#bTZ6Yc0u?s{k>AEu2UnJhlc zn;DVCWGX&T!Ja*RI{Hxl)R2aJsKiu!P|`+$7kWtQKU49c7LsxDf!Eo2O=~h0AM9HN z{8`Ydd8hvRslj5d{#YnTlH-g_1#IX(JC-k=J?%(zrf~hex7WSJp4{}>bGM#0E)*dt zhMcK!Mo_~ui}+;NkU`6CJ`XdoRng@r-G7$qAln7jr>+Lw;@QhnRAEUkNwIL@45d9x zJz^??pb}x~Clk{}AJA4bQdZz<22pqFi`g*ai&{e1wc&PsG1C#(ab?VOWg%YC>aR9J zjQQj2<>{`qGz!BXUXjV1u?wvsr2+S?4A1lr@y>F zHP_)`U3gYVpL5A*ZX=3JDJNHu3rn5%)L+CV1;5svj?A1N<|aV0L(9&uB7H%yCLkU@ z7mE%pN2|V&P-v9ykE|-hrmKKQJ)N?IRwl8L4%}U0DUD9p&?s1m5?>hGUdquGUi3W- zqMAW+EePahz*~c0?_3AqY-DE>GZ4o7H$7ytWlYu!!(^gwF)fyBJPy&xi&uzL8B_Cc zbciNRmAe#nQOYjKto~9nc4nfD%b-z77KVs5 z5$GY~h)%UhB#bVbFyl^IE9^HovlqL4ysf(rdeq$Jrq0U^lD8@!*+NaY~tY|XprlhjA6 zvFV!a@46`pyCsjOubDjIL|9+)ko*U6C4rQhyv=nSp1d*nj94|}8kby7O%;!akTWvM$Les!GX(Ct>Y2Z?o(P=5tR{ir|cu!0Nz%KQzP`XIhG z4$VM+8w4LNXqAuAzy_Ey-?!X*h0k0nGFI!e4TM&+mG(KKk3hNvX721h)KQ@dD&!-5 zoB6;|jmfS^-YKe2FHQ2XoKy>sM`}~WyEB0+9izwO4~w%H`JCKggzJ!56+!YFuH&Kw z;Ut4=)rXoJJC?uYIv>v%ZOs6y?W7Ef=z z*=+`*Fconp!TqtxJ=E$F1pt>;k#k%zxJZ|QvFq-x_va8U)u;ko62UO4tBr>bA^&xB z=DrM`W=s8z$~l8vcvSe*HMU&@3woR5ORI>8a#ovYcC?yBN$8VN8vV3UCCAT3&kkJr zQw{Ku$LNan$|{;v=!p< zR@q;Cxe*i+)9bMHs(z@8dv$7#>J3^(TVCo74xl?Btza~fq|z4$Hi$2beCCAXlc3|( zkpyoPN3bV~;OI+}rp6YYDRlNnCPYk>a6^ZbQ@F62bmkx&`sTTtOe>KXuSHtTY}s%d zV&o>OSG$zLk0Qv#0g>)Jd3eciKEZ_|9~>Q@#Iw{lNdwj58`EOoyC{NUvnK6g9XIq1 zBvlDeXhmd%j68aNcYHj?9TfKKyX^_vh-?}mMY@hpe5MYBrQxVscS4ZJlj?BcF0qM) z_h$19kaqfq+cpJiLhDE;V#|+DqNQ-bwsGz#vO6t0Y9j#fnjZ6n(ux_p5rj6cWx(k4 zdD!Klahw|P#Vi+kPk_bW^6WE9GFWe%zk0hre>H$r#79F>68A(g&7f2yidWVqLl%Nb zRSjR-f%>AUf&0LQ?yGXh00F6=T^zqS5T4N~iJk*|$Nb21QuH@`^WyONs~0*uGOVG& z;dJ#Y{_+4sJ|Z-3hn2PYub7X@{7FPC^nDo>{Y|>+)#`WE`DjIC#Lw@P|5^%sL-|dF zCX*xh-<+D$hta#0()7lUh0p?Mn@bjB^G8GaAf3SDq9^OpL(yb&gatbM+bMeSm(xdD z<})(N(d%PhBf|yF*rOfjCk!pcS&`HQu88YtvH*A)Fl#|FJR?!6+v0(`fRB!!ztNh- zwtCQKp*H-CozgiI^0nr2VsomSrk1{IVrebK_9T^tFxXDr5GV46S6oOm+IK_TJy)q# zPIr_Yoh+r>OLCNM_hl&EUXh=4!^FCEm&?D?_qcorcGJCdKRqxdI@bq@YE)vkN4T|lM}mswBF!t2Y8a_#rc?UPd^X9RBCy)VHfK@< zBe6Sk&+bZFk>r&aZ7m6B?XrnJeez^qk0lIa-74*7DGfql>$;s+B*!g+=GN}TK#jXn zh1+ihHMlxA`*GGXK1pZ1}rE5NO#NF35N zgB!|srH|Pg1M2vG_CpK7)!V|#(Xvg2%_!V31_WOxt#`drnuH&S)Kmwy*0sh$z&wXF4AdJ z6bjAjM5B~ARMOwQcS6r~cu#4)>JMtZUF9wPfUXCn@kcDQg){bbs@lU7c&I>}l%$-P zgn&AYJz`HDGkg%c1O=f zUC*b1sx{~+R9~|yNCS6+oGBZqVS9C}&vcrJU%0z#mmk=6dqmsmO10B!m`9oH(@VVFqpj>oE`d6%vtunAJds z6z&C+y}5NdP6#)-*fu6(o1BcAaF;In7dj;opj&P@KN~mNdb|Bw&uF5KPZU2Hq^94n z=QVrs9yVVTv7u(Ux_5b_UtlLqJ|nW1mD-RA;!Ty{8paf*w=5>R*~QFt%qs?*V>X;h!e# z{lSy{XI}>IGtV9J-vIJU4^v62Lra2n`Z|P4{O)aqeW_*aY^GJciG^eCEFaWJ^=D`b z;8>I6F!gP34qJ$n5#)UT`YVVR59U!OYq0fi)Mgq0Fo=7IE-8jjQ;-8p1^2jQdO0Oz z$xfLRY&P5*?Tv<`gW+gzNXweDOP#VHkqnF-> z?%3@Pb~eNAro4eYr2%jD%iV2ZZ+~V&3YW-sWnSL+dB&&P)!HXWxT0C}8J6STiPW0Jh?=XK(aV9))qAt8rXZcE$$6L)Nq9*sBG8;&xe-EFL2Bz#%bSlp z1^k$MZbGCaJW)s_rLmq%)NQ4Uzz*HafgQ;h9hY?h-M}`}$pdNT@4en+#zyY>g>o6k zn_+b-wR(udcsVd;#ATX~o{Ya}`0 z#HpJ+6V~ZX*NFn&9+d<##2Ru>O$5-Tq)f z;kqVOVBJfq+!12kO=wwT5c0sS+`Ix62hLfv4n8w_zbutL^`Qu@lalpWY6n$nk?&>e zd0SF03vn6{?LnwN)|w^zfYX2I%o?TWD99}=*^EGJVr{TOxOCzD3~$Ru~$_ zux5E;;U=bRc?bn?IU)HGuJMExRMJ3+WWFh$^CUX#mnJ#1;R=6k1HVK%pU=)t z%#Xel$?@ieJ^O>p5Br1OTbdV9+_esVM}?#em1i$ctxcltDmXws#cU5(7KS#9l9<>y zQBe%j<^67Nqwl6hsdrD-tj}52IMOx5HBHNWTNWb7$sG*MUf2_YIpJsQf>aO?^RxBk zzpnMAaYGXbgK3)Dx3TDV|0dYIo7OiHw$sQ6M4{s7l`}H0u@FckUHrN}2~iQgrY zf@K#;Zcgx5dvg>yBd5+=&t~t;l_cy=u2$oOt8Ep_D8<_UIu4;6_ZhV zZ~(shEsLjYI!kA4`{nMJqvYl8m;2!eHKNCTVQUOOz^3ZrW>pTzUty}*4}E}C5htQ% zRc?EW-tuc!(tr#O{3#6^zvroL%f7 z!L)QiCCZuc+?>!VM|g&5C8V|FMaL%*N`>#U9TiVoogC&Rt#s0K^)rem0ltgsI~9^c zfCqhttLplNn^sxTzzWiBVQ|G9ZLM} z^nzU3N5<`-;a}7w+8=3*<<8{*YyI_tc~;Zo zRl>ZfK>rMwqBCbN?G>zI?Ffx?w(ijCpslGDcw`Wxh_-0Bm{AqEa_eEbi^F&7vgj3B zUq7#K-CEDE{1;r(pxd>ps*iPvYcY(5nK>BINWl*Ov?iI7QQ&PvA@h^A&Szx_Ve!;q zn-+LxZbuvGtVf9W_C;Qow396qoe=+Qi3+oyXF)@kLYk zn@KaMScg+{`lmX4GB*IZKt{h-tj1{4JSo8uwnGqTf(1}?;{j<;;G7gC@+#LIM*w`F zJX{DC7>dNJAH*DtNr;;xJCN73cq@qbGbzfyYA4Lrz0}@TJ$u9Gae6o0`)jw~6qRT} zTZWZqk`>RP75awQEQJ-tpz`EW^G4yjlP)(Cu9#*vMFaC}kie_$K<$dSDA}`|d4#9q z)>nDT8sWR8Qn2#eQn%QpPO%|gtG^~DvH0!hGMYrr3Nk<@Mt5t<*3V8?m{st`t?}IX zn8uH5pX`B+W0CZp)BcgHJ+W=(_HHM(1#LZk>&~v|Ah_(D+Knbysb6{QCR@_+y6qPD zLLvuq!`pS;{ns-g{nyZqW` z9q&*NX*Evk_gje6jdxd1had9<29p0L%YFJO`A9ry&DrGBWkLbF{sR-@-E&qVBa{;j z=FXhvq-B2>;;_Nl&{*93SVY}?)Dxk4`h*XILT~jsaA{584H!bv+3ZlEWI!NZIjhEK zca*!vukbrsHYF1DXHd|tYI#b3CVlzPGFDoa-RgL+IF%&P(XR_OGqwn)6|U>}w!gx~ zk#F94m0Y2~tvQ42&Pw<=X~&wdPasBd70swR>Ul>&?H<{UUR$WYwMXk5bE6Z6FcA=u zBsL?n$2(mC4uWph1vNP|6i`qisi8?Gae*q=2o#ov0<?%z_etSL4U^;1bc)W-K+W_6ih@X4cHdgCo)N^#u9kv3+WZ+pv-gV zcoiHo3b9$iCV-Q=MOpzPaFyF4Rhg$cpb`s{gkKVdn-m86La7MJ15rR{(t=rR(+ zsjLf}#hT`TaEBUrmXk_>CN>q2ykhQw z6e8X-tG0K&1F5MPnl+f?N)m9pwSIFEY6c~BELWgJ1$t~_)!hoAzCH(WjQ+Z_9M&GI zVyzF_{mwpF`h%U?9dlSo+72&aFZURfcN|oVp}lLI(MS{#ENmECSefiE#=#y*wiB9C z@7QE3HZI+SNW9btWxH<>XQ3TS+|qgqd3%zZMM88zr_g3klbgpv^mZJd;~}nzhZr6Y zeNCT(!Ih{>0J*Kd&GY>Wzo4n?TMD+b8Cv z(rsi{~naHX=nUGTSzu2VR5F~SOF9ttx#!J_0m|VwbMA>voGa8R54-dX`jk%E> ze9QsGzqa*^o$JyR9k%8WtY;j~W|p+lNf99g7O|pcm7ox}lIe(*qET`lWC?&YdugEb z&CvwvLQwF2T-dH9LlaK$g-=%(8|0&7=nUtV)QQ2Dlw8G9kd8xH zF{xQhQURWpd#6>#${I@=MB(dB2AVOdHHsRcFzF`PfWh2oEaNC2nxp93qRy*uLJD@J zMTRMb3>qNGLoCf5A5sL&0^PO(r{(lb3FXF7sBXSX)VxL1?uj=c|61^VxRlZZp4cG$R_8S2tnLWg@G4>z4M&N&4z68$NE9vM{sHx zNqd1>7Q#RX0c7}m3TDt~sbQbOD9H*+DhZhZO#u#}5H1az8$yAC0MZ3nScGl^DY+nv zKqi4@@6MZd#DoeZt^*8==V8}<5nLBF#E0qc9|h3##e80P*GH#T3$O6DAEN&f`85Wu zyJ$W9`+tuA@cr)}jUWEMd4NOP`SJbk^;m7~l}PpuF!s$v{VuBx9dpF)ubVY<6YX<9 zDe2>tQ{lep_lols8^b~j@TKhBO6nhsI^bNZ1I{O{p;30u$&9k zxIdSRdXs*CW)*qVGodijD1rL%G~^U|*#pf0SPxNeXN@pYH&x+78qflgnZ}7ug|>Kh zqTh>mwSGdg7GOLy+ttKc(O`FYx6zSK{Siml?5C!yD6KY04s(t!%ee_8*!{X73-25r zGWa_I4cmOl-pf!K1#u&*Ao-qYKD3jW>#hxlzP`|;n zu6H(#y^DTi6ZZ@bu`@z$&~~{gQ+SWe;2%RQ4aNA{?d)*m?K9+g+52Lry`HeIV-fXp zUks`3b3I>rpA4z(brZgH`CQzVEyb&LcEr48tP)Mp%bX>~VR>vSr8&7w)qWd)`D8Q- zD0Qz-8v?aSMk=Ww}Oi^;CU0;0~fv_X{?Ma-YUO$}qEB%D!E$g=>NleX5gOx|j6&dc<34A?VgPe)V3O*Ra#lq)MrQ$I4sWOLYQibZaG@<`@WQ&(sbN8A zw@MZZSaa4$#f);I4NcUEgd`0W7*v^a+KF8e_F=N0uIXcfvx_UtVW+~u*2H8D>7a;{B8aSD^9IiY`@KMCJsdMaX z#~|XkPTB~Svuf+r^Xh{J+I#=p5Xy6HU&I#!l%nhF_wP}vt!&ekX2tIoDF9FXCPCNN z;~O`Zc!sX82M%LM5FSpBo8cfw3v&OWHx|o-8c3W;ma$@t&W=u8dGu5fbOR2hCs@wM zW;)kCvn*+RiTNK)>!pr5^oU>*&KYisdEdu_%U^f|GZqDf4=f1Xip)*B@GHs!2y8z{q zn<%5)0ELr2eb$OGHs>|eg`~68#QH#zU64vc(__WUN6~(Z|4thUl0UPGabp{&^OVD_ z&l_TG2?^{J%_apFi*wb`s6!#VWCTe7BwDrHkldgn9}Lssj%LMuw_z8M+D?r?kCb)M zUpc}vS`r~~S%>N@XRk`CDdQQ@9ooQEraIM+BJtx;4-&qIj`{YIunq0`hNmF9dHf3R zSOh#s>;>2o6n3Bryd^<5afAvNP$!5?K{?7A&PgRh&+agCT(BIQMy7b7CpvdEVd?Dr z3wL`5Ap^AV$EJvJI-`{jHml_#;J$Q>OC2dqn4Q`(#6Fu_P}=IvW+amMfxuX+a%W3_#VI5*a&Ac=QflS3 zwfD&lYpCeClo)br>I*DIhXq(#OL|F)g;q(pJ`5N$jTi};D|x_u7fm*I-3m0!$>q@0 zkqn$h^oYQcnwKtqtqhEKgNs5n5RwyI`a2s|*qigy%Ienr9TaLX(AQs~y>$0!I?_>a zO9nA%B&LPfL4uG@{9u*|^l*h<$XG9dlR#3i*-*dd{1hzhGD2|*Z{;s(Nu`Uxp~<#3 z3scvpcfrs^I(Ok-qsZ*)8m`sJ)e{rkZq)(>{a6&#lGUW+uFLpPZ4ZBaS&ffljqKab zWTC?-8V!#=&}#0&K}iNLkbn*@oPH-5lOD^^MB-|y+^BSNA|RnX%tN@z=``vAcKj7I z!ZM_OitJ&FKD5gimzq8Igk>G*E61WW6^6(L|Cp?_Zqo;3f8wgXau@I!36q;H1kxleltC7?Y~a`sQCY{ zgO}op8K6|O15H{U9zga5LElzAcCT|kdy?ZyOs$hf=ZVxME(OzmP$$IT1Ji(5;MuSX zaCuk(zh?Q_vM%hkAGl-Mrx$G^1+b`S&(QP4{hK-R0T+#nJYk<#wvpfeua zM6GU(Tis^8)^UGPKIO1iVDo~c9Fe3O+^wz9{o0+gyFC42F@1L~-m?opXr2>;geQin z=mYMvA?%Mt02aa}Ll!Qzb+qIN1_OaxaSK$fHAJ>X3)b@V34O4lhgT2j7I_f*p!@Kn zTY=8Wq_445=jagF^Qc1j17*0q94#o??kvKk`catX}S3tC5zE(zCvQj-q17b1n& z-<+uCe^o8o#G@bO3$j>)>IGRW!&Ew59HOt+JxiQz!bKlzQJGg7ZSfv}^vnTO2?|24bXWHl< z1A|{Rcg|N*lht$$?+~(UJ$ zAB{%s|Bs&RKmE<_!RTPLySKNyyZ4*X?$d*(U;GA*?rV^%{xw2k{+rRA`)UvFALQTr z_vm-&k-7&{xU#RW(HsjjAx3+Hi-P1SI+~O00#PZ{ohloFCJXD_q3D{D5HnezB=Php zdi@1Qjer;kiL;B;Ro1V-NOS$UKuLiHM!)hEVED!;TMUkat*yUOLFJ}osMWnmfhZ(z zGHuqzDo9P}*c0?`{zWQES^)Z{o~Y%**?f_}`t;Xc-Sz)gp8xYXDQdz+D(m77eXKtJ zyH5@dp0v*Y7yD12d_Mob#J_FyM(=>F_wN(KTCFhFNUpD;BAq&m3#~LyGc096Qr*%# z=DjiPT(g?fN>0(>e~97WRscwqcmCdb|9<#*tA`TINn!p&g=mNv9z5B9vJHP{tW<1A za`43$UwrZ9{uY z=37|wsD;|rHiG=FxKKs7IDO*CEUx!1ZV zt4bI9BGJk)-De?)E>|3;&+6_HBi~`m-7|77!qshe#XaMr-z+!5MO80|Yz0kE?StqE zmUEBP?^JEAM>3hI)YWAT8X}UP{-v1^Qz`uub@juo89}m!U&v2D#Uy%2eu~40MgZ;Hsrd!duM$#umNn)C4Zi+rH{BbhqhvJbn;q3(2cdYq zmgBp0{kGBHXqB@ofliwm-e@$NW=k{u`faSG^4zTuBo71ut)Nx&&O|NPQdM+Z16>@X z5Cny$&9{d#|GHvx5rNW?2@*oo99Fc=;41|53i1{Ty|Zj;Lc^p|He`@Zz-AzXwyK~v z^RzYCbg^~>xNbMWr@mJR{JL%Tnhz1VzVN`0S1ey>XaT^S%11&tv>6DVf z=&nI=ZjT5R=%H~8eE#}W)dd^unq-gCt>dY8E>l3vQ>xHQV;(2Gh8+IzZU zC)vXbmmv&4y8qT})&Nhp!Wv4fgLAk>r8h>>s0SvLE0GUl$bU5SqhJOb4j^o^ zdI(|7`xt~F$^o@AmWOb!V&N<^-F2nkLeou$25mT*`q3CKS2Xzj01eIu_VC)f{6pvT z1c$qK41Y5I-)Mpb&Fow4hWP2)pfv(i$D3&Q{h&bgV{Q;=`nxvi_^DwMSnE0AR9bDE zuVzj5f|@Ogs-1Q9^ReclCHoIt7QGdER8f5k9&#eRV{}$hILlb04RzJkdsAv+z#M8Q zOC>E2;Jf~oskum1TZE9BLreYFoq`_9mOi>c&y{|iiOGBmhk^NHa9g-b$$QU&)v?p> z?N=!voHt&l`&*x0^4+^a_q{UrwjvSHzuTHbcfp3MvZBo$)@8}96s*jues8xn8$(?B zVgknYI#F!E*qfBWVD(`<8FHeXqabHR@WSi!asV%%v2sEylIz<~Y|0}CkHC81ttE5c zBOX=HPqMaF&!o1PRy~%Wc6Y*l?MJ$g_;2O=Z@9;zAL#;@o4*LJdH;R-WViMHySG2u z-~0Uj`%C;=MIWsy_xgG(%=7QJN}4fF7_e2t%iXODTIJ)&T4Kv4%@}W4PxK9##(;vN z>+3k^67oc9BUmjHlPwgb(|~jt8$#*BCVc2!%{8a!1H6S+5*;W!bnNR@vmgF|00t1c zK###hSh!Vyg$+7c9$sOS#yYsd7P7(-;CU+mH=mwV%&~4O=J>`PyT<);L6{zDW5_OR zir#z>G5saWaB%||K`S%34!5(>HeSmyr9DE`YShA9K!93MU_yY@#Vuf^VC5CQYAA8L z7Y?mvoCwi*JnXGBXF`fTOigM7gYZLR2eBU1=+Vs%Sdj6kGemeyVjMkGl=N7j0j(gk z*fLw0h8K@Eu54ahj`K&4maNp$PSExB@Zw7`G$6!qX=T@mYJzJzyxbl7OnhOxF2iJs=7~go|ER>~db|aj$v8@iDs}T!JZZJP>KzBpv6|O~yj{1G` zsS04-&uoPSM`pnO2qLun`^}MG(U%{LKKPz`u0R02zt3@ZquDI!zbCKw-DjfP`%R{# zKkMvm=f*#l8rtHb1>AI;9@72n)|lhjY9)Of+>LX(1wO67XO0fW(a>%|4*dVS28fFyS^nlyy`oOx3eK(^~0gxM0 z7~6K;L<9zBH=78P{L<(`+u0+HtKe-i6C#v^xg>AGs4dO@Xwg*vK#$UPr9?Jmc_-VU z{g5_%WO5S@QYjSJd*JHXVskl7N=+q$!HiPy}n2_93_oz`aRd zHgu~Mc5G18+Xy=r*8LzCM`<-v7DsNqF_JBq_rw>qgO?lbs2kJ#{rfvWytVM;19lKM zk*&g82t_TZ_cN6?fUkZ=uqiHYikpRUpE#K;l>uTls`KrzGw@bvzFd6a8(g6#dhv}3 zfmYuh<`7X&kVBnT%}|B@k2g`yEC+wvRe_L#I`yy#sP~HH=H&H%y8*t-f%jj^zxHG9 zE&gr({+|^DS52*No*Nketcm~d#puZw?f3uPr%yk>|Nj#I%wfY-jvlTu0(gWTR!nYq zZW=*eyrV)Y;R3eHqb0yiQa7`;zN_9=Cg#MWw$Z^vvGm@^;D516k8ME+JGnXIT{9t* zoD>AYQ{9)H!R>7X?!!U>g=zJ)95k4dqD;knIA`o)Fh=pPTi?xxq-F)p7K1T@LeXRy zA&@2seorwiOl+XIwU!tMV>Ea&*s}S)Wt0j$TtPr%_hRaz3&+Y3kJM0aL^OUKn%Y(6BvW? zO$=Y6CeB(V!b}NiCvaw#^BWPE+BJxwWvnc5m4_;f1Pv#&8j5*T79?j;KfjJt7If-j z^vsB~X+)FiHc@)+xHZG(=xZI9ylRR9?S1`kyMI7(PO6r+#bU0v!Y6}#gyod}!D&w+ z--uoO@2YQgCR$70ZvQ&34i7S5?xg*JQ>W?=5v)2ZOCvi0{O{&2RaT-VbI(KG;DIG(r!)zvCi) zL#v!tv(IaJ%e7<$c|)cO3%i;tR$vRE?kV~R^DP=kE&`iOcX%4{7oQ@x+}_4+v$jzG z2VwdD**3ao*nVws_4B`b{@QC4 zNFpWKPIQ|7PU`G#b9Z-}ZnFD5J666A4Y_Fs1wO@zegZKbG$+9HM;5qF& z)L;MtgTZ_TgTeGf*9-oiu|6@B|7ROd#{W}$2BcNwb&_?!hkWtr))$!vY73@>UsosH zR(a`ST>MjVKQIYhL?y#Ln}JnDk-y}ZP^0oh9e@X%2CEA z>Y^q6ee^Z*qd~bbkD{6HwIg=k?ybHf zE>N>&cE1x(>7gEvg5xy=ReQcxu}Hq3Hy z%wd+hRWeR-okNo@$rKHtX86xY7=0(^@O0&e66YUQ5kH|Cn&s>CMSjpoLFL?6gZTcD zgtedL8$I!tu2zl0@5%c}K~zzdoQlzN3C$~%cb|ck%k`&fy(6KHZk5SUe~6D?N=U45S{hA25^o!J6%|6&`w8G$jY6xqWZL8*}7Fnm1n2@JsMijB7wR zc9M}1x;61rCdeSWh}{dz0AXdf!81{nxn;Tm*CZv`+g%6u8w%Mg04L%87m=+ zK|ltFG_~?M-9CLb-E4Kg-tYu$KPw)&t^V@;1$MFTN-HrrLwuj#tT(-KlBt<`)7Bjmy33*gOfpTmxC| zxTrWL`a=#4iQ$z5`DI_-TO#-A#7GDI&-?-P9MnAkpi%$pMsfe&Fx2^vtvp@ze|!*C zM7hNYb7epI%>Q<^5JcKu1iZBlR#fXi#X1nf1$YtYBp&XAA^aj6(V}P&R!2{VZTeyi7_)cV8dHAn#B# z`2C*l`u{Qt8t$+RH0l3I$^M^APp3-%Z{yjD{_hx}ULTsSmVsy)STFcI7j=Hmu3SZ$ zul8_CvF07>l5MAz)6;_cY=aappxyQK+xgQ;|F04I`=nX_kIzc+zlL$D_W!r?Y+e6X zIf6dM=3I1c?jiL41IAt!KK*USh|-$k4;YB)Q~U)xXpXEIu%W}kb>V-&&vEiMz&+qo z^d&5YmmxSIrk#nlg`TBZT%RRxkn8i?cbKLxeCmY@BC^sq(XLARPs_U| z*N|FoKfGTR3TFo6i11%Ujpq);ZuslMWBjLRBX`xG;mh|Q&hsxmynnZPK?CxZ{lZY} z7?5Zz#5km#&j4iL8ad8TFbMJH3_SZeWc!xfJ`--VA211S zk_yBKNAns$#zf8?ap#X`q3D{)fMGHRZ+-tQbv+6w$j25`J0n>i{XWbLO#83VDZ%j}0 zV*Hn4Ygcv zbZXV}OaNr0CNc`6;*_mOuCe*kwG<8FggzU<-OcA=bJacYdDw=GDuvLpc4<>~a)@YM zGcrl{T-_DiccM(^pp*e!EF)>GRBd2>WOqFm^Z9p^s_d*`>cg5K5H}Z zxfVfu)|ShT*#wr$XSs%aO}i5MzHLs!8TeRQ} zR5G+piu|_o3T+EV-7^_lwEytzB}meu2}Snox5~Ja4F{2IaE$jgkK5xA!~MzQmigqZ z<#F2}>f2o&w+Df)hbHL7;aPhxR*lvcMyqb0wt3@qGrNby4X>X(^0Vjh(k9@BH}2xy zF=Inpa`o)$H`~e^!O5QPL4*-?+5e038*DuP-{f>$jQDjfR3Hakvcb)=#U>Hx?xx-{yXpGU)LdC@5zj&XX}h_g#v3`l9cecR|-8Dlgida zi(;ELC0EgZ0NLA%-hXHuzI@4!J(1iS|NcYV6PXvSdm_u^UgP3;(E2NMATd`Rk$>0R z8)Y8%Xv9Z>p??;ubGbR$UkeG*Ol;A{)I0SxC5QV3tK!+f(v@2=#wY9Fyp^7Zth&uJ zX*R$05zv0}ERh-^&0Is`7tKSIP)bfbMjzA6!p|gS;Nl!lyQ){TX?@h=p6NL=@agd_8*KOd>1pY z>HN>wD8_$HCTAzg{@cd0iTrP|S0{-FZ!j0DeLx#LBC=2RozNfSPj|n%Z|0mOvY3cmuM4kWN%CiamFT=ZqMPMafL(`+kV?)z(N5!Qf zE_~^EkXbLkIX!Q-z zzuJ4Qa)sA##3h0h(NEqLBHv*rWmtIKx>*(M)^8toST;ggBnXUNGzJb=a#}@}oK`e2 z$`cvlLQb*!F|ciX1GJI0)&(LX7jcSB))bYVYi(5KXC(9tCiB!oQu?7?^7KabsTw=MB@iz#EbMoMPkzs< znZ7b@dcI`SHcS1c4gk`Poz8WXw{t2#A@?HP+)0?ME+1PDALP0U{a*Z%irt-freybc z3I+4KI@x+k8NdAs7JjLCVQ;6{*3xcH5o>~)B$@ZxKq*hzgel{YBRg;y;v!8QC5R&t z3+sEe!nPXv6V_=Fc7G?^iV*<+^)7`+YzC6I_c@1}F=#~5C`2%I$7R;ppFDz& za*Ir|z$`fT2QgSbDyZ#Z_se$Wi#zL5eO|?=sMzyLy+R0*!U?f_W4@BQe3&;mtR4UJ z>J=M^VHSOwj9mWMb-%P}|DHAVf2Uob2K_%arp5ek(-Rf{xt*t*{@?yK&Pu0ebg-6D z!rJE6jr;G*tX7@muLs(!$u4#6_h~w8#uU3)x}{QD(&`tI;wDGkCP_ol3eS3JV`20K z(h&_voV|*T@&FIT-)j{H09MdvwpUqq|RSME21 zTogj$$cO95jtPe*<*6GtY{O5*;|%#0rWFrY=brk%)plT$ z{y#k%7xllP;{UhvY*_!NCz!Xmf4Gx1U}d~+ZxPu1eq$Hy++p{zo^5_FQi8bZm#uup z=h}_T`gYWBYql)gxXEdHuI~{FBu})*{@3vzr(QNG^?ab*R_9WN+O5u+!9s*mr zZ6CtXxZYsMU4$*Yj`!kU74+Px0-3wC#^bscKglt-YOi%;4IA>iuTf8j-RxF1tml^R z#P)D^y1Uqa4;BA=a#G6wVyO79?L3kRx9#}fO!Vg_EUt0{aQb?mAbHpz7qZ{$pm{c| zHYUFxD3>uTpZSnBmtEbi0?ry+8&Pkru`$0+Vaz2Sjd=eNhB2?H|2G-`I~kuA@&EK> zqVE6S%F|8%?+Ca*bO7)M7Kq(I^Zg0|&Mj&6%D6KM-;Y?}ik8IR{o`gJRhJ4nVySA@ zl2*3>QSJEETxBU0ql~HXn51Y!hh?sf;ED-$~~PJW)B^& zC2Ce7T94xCtpC?=05|FX>2y-m|Kk%C|FxB8E&acq$%`?>OQ2Cf1VO_>@ysxgSpDHcLonKVX}}4;;poxfH6ZMR68xO~h+y9iq5e zc2~!srM4{E1XRg*MX_hAVo5Aoi)IvyRyCoS5u&`%iug^tc9e>*+Zk8rHqR)2(W)7x z!YivM`ge<%I{6f-3ZtucAIo@c$lKkHbw_u%jOlv*?j}wWUj)8hRPlM|KyX*fhtQy_G<@Kqf zA2?rMvm>~IzGH~)YTT7Kcy0aP!2#T$|HmgMMg4zbOqBhv|hEUb7ER%5ps?UL&iW zd-2wPx~%`9^jU$^Htk>fH2VKe%KN`6{%1Q+#rpp-8EUBwko|QBe!x@?H?&4)`4zFk z>bE`d30Cy|w)}#t>XmQs5T5n)e>Wdslm0)MoD}u{#8CNPxANRm|L@EX_^@k0!5{dr zi@-zp1m$XaUAJJF+lp9jealy=j^4p?wap&FnlhbJ_2p&aFnxvh(*G@efKBnAld}Ks zYPrn17_#%KKKGRv5f4-ADGvK`|T5~6wcOu!PXqM=o_qT(|%<5tLd_P zW%gT(Z!y}jOM5%U#CGD7Z&$6KwUY0K!X`WL?-)B-$$35BYb$m=_P_4>>16+L$Wfwx zM}_fN|NfWpbW+OyKUL>{w)4nla5&6Ss+oOD1eKG(eX;6tZQ7(|2Yr8-UzNkU>ujS+ z>mfU&Ynw$Km=r9dg-1LZo1%cz07+Ml8vdJF_BvJ3b>*vJzUJcBl4DJRr5Z@k@e>kG z|M-F^#TKgZ!F1tLya+GjAc|+DWDX<_nu0oz7r=yZNJQGWGF(|MwMT6*bXfl##Mesy z*s%T^6GJcMf1IAE_^+)z5+&duzF*6}gLrAJFE%*+bz=*ASgYur4PFOZ(c9IKKD)TH zoTe*7{dUY-FZV6V-aY)ar7|CZFd#PSaA{?qNIGOgW=Si~9jy@w&-ILu21Z?CvLvj` zx7HWTq8*)X;_gGfn1N9OM@<+p+K;Kwt^v%X&_|!Ji@boZe0Z6cZJHwG(rAG9cfxiP ztPLe)?Nr14r)t7`y|k%x-ftg(Bt!G%-`V&y}Kosiuk#kT0}VB%qp6Tc1(MNIcw}s;*%Z=3>NqWAjSJ zu+7X`1?rS%P1A1hu0>qoh+X4|oP_K(XjoTzl&O0^Q};frwnVxPYKc}0-4++R@|u_Y zBNLDu9ZzW=Ts3InE^Q1P%N>eIJfl(c%C0@w>bcL;a{q^T78)e~?79oo6#p?kn-=4L zPseKiXDd%ZLx$u0Z9L5Tvk8=wzTJm?wh>&W%Ju(NbHBZ^|^I*ngltgjZA| zjWMYKTevWkEiOGstq#{eHJ<-GE#?25OwQE#pRGKS^FQ&Zmrnj9?=57*z~S#w zQTTRcCxq;t+Sox1%-(?Eci~^d?;YFVZ zj@&qYEjl0nGz8u+BPQn_;fQci|B9<NX@MMKEk&(&*5l#3p2`F-mRF$X*Qy$4;nb+DH$LxjnBQ z;Xyv*Q;U)Ib7k8P`qTWNClzPfJn(!(AxGBiwfczj1ha+fUtFGyz0ozgWSFCo z3mHdr6qAfB&txMrpfvo4=MUxqwooEl0y!PM^8oQUFc(5SVlohr{7>LL0Uosw1>8%1 zcY_inpa0JMk2qDurETgPa+*sY>I>?Mrs_KLmysZ2XlcHq0DQ|PMFTtecI}3UoT&-idu-76#HRWZ59nSV9@m)1ip_N57IsY z*O)Id#+a7jgDlKLDc2%{H1o@xApYLcW`G2alX<_umT+NG&k0*CteVWvp?YJY-I=>Cl+A@LzWPPs+Z zEnBq^nu}zwt<-C>@A2qgp?Ni@UO=qs&&rn&)1fVK^=G7Xbbbks$J3LS;A9&8PanR1 zF6kIasma+(V2oeC1XDdM_NryM6a6JH&c-i6SgSsKefC_dEcIK>C$8{KIG|56|Eww0 zC?hLMNq3aDj>SB@*H<7Z1cisFwf|M`9 z+3Gn~v}xb9)Q^x}At8Mkj9Y$|HGPG{88LoUM-k(q=Bb9+Pw2XNz-5Z7MC3x>$7KHL z))(W`jjx1h(ln#AP>=-akDevI#qlnsl-+6?8 z#D9o}oao=wmJptZM!tfo16whaKSF;a0vtj$p(X>zX(JXq>Qe2e(c4z!UdsFdZvnJ)kF&Ac+_KROj7Okur!({Ft#$nwO5-lBBg*MjfHJT`}DUIfZ-KxEL0A-de zi4UgFLnQxm)B7-scS$GbTDM+3HZ3H(+Zc6wy-Ss#>~e;+tyhRkc%?aC(PnB8l23KvJ#3LcKYh?bJ9fFW-3xdEJTr5fNjUC)yxc0j9B6xZtRfQzN%}c z@VB*SWw_k=$oe6&#G0rd$Tp#nqvJXC&18XR98!*~3nAPk8|9@S4cERmpS6HMdiz;h z{`PVh36G6pUQ2brOufZcZ@nZy49AzHorPi?DHn`yizJxWIM` zPeW>Lx0sw7_dJJVzlCd({fwCB1o5szyLBH@WHm0Y5v@mg3rD6{^Dh#hfQf~_U@L$% zc5*E^jrq(e^cQu#bOUd2d7Gw0=Ef^}I9N@{I(C`Wk0r>MPc1qzwTLnsN5!YEKW^d8 zW*n9)73BG?RFBw7Ytmj>2=Sgc8!TjE7m814SoL<|mY7rFn5gX@K~d+qP%a7O zl8}{BE{R_3v5VL__ls#>SeFr4xnTGYbb-mm_vRG3 z7rzIPaO|LCefawIOOOV43It+dc6D(LoeP`Y67#|es5s4k!I0?@i(Om><`v>)FcJlF zg3DWQoY?U%frHw`cCLw19tL&%@7o`M`1m!>KDFz;-fwYsk)=y$ULj&#n4armz9oTr za9nyX0cqDIYOit~AdA@*_;^c9@GkCEg=s6eDNLI${}B6?J%nls&(;wuJX z>nKzlufnuD!L(}Atb+OhK&?+b6ESu{5yKWD{K7@9M{n=5WA?Dn;pe!a;78HWZV00G zYt_Ej8gQX;6#5MjR7hi+ z>MYax*pm~It4$n&__ar`E=&i9kV71;qR2$}3$h~QQE|{L z+QHd9gswGiQJGz&lnS?Gi4<-rl0O#Q!ot6Lh*|y-v|2!0fRJ>*(w!id_&D!;m)Jz z&@$kB7nN5wH~?be|Fg-&~higf*;wPRP^GUmYTInh)%n=79x@r$QAyHp)F;h6jDZHpW_SRB6%tA`}q9bB{u_2|8w2m1%yW1s4 zRnq)h3e{*C1%0%ToUooMCIW=yE-oKdb;&vtVSk{k#C8+(p)nBPsQ+F`QnNUMgzPT$ zf{zt?yFkSDA*j*}ZD;obkCip)>2vr6ZE(PbI_{%Io|KxmnM#0E3r1t9Iw9)Mv_}j} z4-+JS8P-a@A-ycNRq*3}jlEi$FZU(Sos0;+&KAq3B$ZI(O!l@hMw)6aiJ%At4*nvP z1lUyQG0CX$iK^ZmD`JMq)RMCo6!WSIVlYg@)OWDsL8LOiIA($pXb>htENCJ1^@OYj_lj=r; zg4^64HLlElwNaT0XF_M@;Xrj&Vh#`2Hqi`Csmp}DyRp&7pjN_X0er5~boQp=VT`ZI zUQa8+Db+HPkj3C!euMjtT(#OJ5uRcb`L%Y0+O#p}=is$F6EBYiPr0$FFoFvGv<6~MMv$RLey@x0q1o$rOL%%1m+5#S zyftjk>;GkCR3ySi=xOSHZfdjy%f(}OGBcxO8wOsECyc@l$-p!nGB_Lrx*B?=xCLI? z-66n2qDqEDU?g(E#mfap$co-=xCL0p`v6}+U6urqZE0T<>F9!6p5p5ojI!lGs(0UE z548;%!eL8R8HzZO7q)!3-$EJ??7OfN&t5VlmJSnO zOS@kJk5%1DCAf#l`;m1b5bk@I!a6uT9rDDx_<6!jJMX=oo~dYIPY4+i(e((w{N~Hs zpi3#{BMXTpO-xRVfj8sj09$Ksf4ZMT%#!OH(M^nIzn*FHWb_Bf3DyGvWGLju+IT&2 zyzj`U=)_*(P~ZISV6i;=m~63E^LP`Ycci#8MMH-Mh;uBR9bF)r?`aP?tRhb(#V%2G39BsAg*Ah2M~wOJhx*NXA5zTn4qElE?TowU+Q;4G_FcRjD??!c0X|3g7Ew zOFH55zE^#pkc|0`|AuDawI5y1LK+GaLwidOu*Uc5Y}lUb*S?a zYpugZzSZR&&C~1VLKT+gNCnN8%)7Qe^bZV|5P2IwHg4668og+ytY@63UoSi`^>@@v z(W;}+i|{l-u{l%2Zf!`;iMt|v&b;~d&0&Oi-%JadI)`w*_3FAd%+W6m3`3qL>N}Zt2O1T?lWTI-TWJpqg?}8U9Bs=e(_ky)0TEn8QZx8xFOi11? zVIGW#&9RmlWmvm4DhWbrK)gSts>Jb|*4B3LtnM!WLs7UO_uR40?HbVqK6uo*d2-0A~s}D*> zr*uQoA#=py)^~F|)3bL%)64{2sG+AWq2g1HlAtNywy%>*1T`NY%Y~j8P*iL^gvhF& z6o>;=AAcv`O0rk!rp#6BE{|)C=`O!fMjMoji_vZ5i1zWBk}L533h8rKMT`~L67z~e zc^CfCNUei*H5|DMu(X3rA2N4(}LuGNaK* zT=Kzue3uXCIEH^^zA6W}xK6}R0jd$W7V@rW(ia+BzDjoP|nL3$?aWX1hb$dL#`W5iH)cswpN#nq*aVnIS6!qq) zj8rV2kaw0Vd2L_9_necM`b$O4dj(1retTV6 zdWHg&Maw!mph-fYWppTA)%i-dO8tw|OzJP^OWHJwXde{Ud?AF%1E<25pS#ovz`nG{#{#b zWkhw;b6I~jeGv3b-8?aiz2RG&VfwU``MLw$!NM|;FU$jZHcaVp5|{-nZdgpS@St@j)1HIs@JV2;c$%v;&nCNISkRvek$c$T%E`9nL^UH08GCu(%XPAHrygVV#eRt~QWiJxHpQ-AfsLKO?18I{M6Rew$2i6$y$4bxj$iRUr*bSK`_A?&G&SYD_Q0 zPZG>O7!?#%8wZ-gJ|SR@pl(sl7tip%Gn#qsD~dDO6n}w|V6KlgF`M^86$BE<&LbIC zIe0m4RrgC-M*RQ-MRw@T2`u^xZ-i%x7Ms!Eip^lQO`T zd}_V96?|KA?wh`wqYG>3!cD>?d{Dn8K8G#0e~SoxT8#cPbgf*wX{2(5&~gVu zdr*~vPDs_s(~%>^TltCmTUW5Rv%B+kf9kQqIz|kv!HXcCj7;$pa*oS;#<@&4TY=1t z$D-0pa~4ef*#9Z*Ck6{igw1XgpSg zxA#9CVBMO?gCBFTrwNxkL#j~Y8y{en>1^3Bvi`Dx>E`k2XD&T5W=V@Q!xZWufOlGJ zVDW3a=>^Ww1*fITNwhO+S7??_yk3=LB6JE~pDIa;gL|w?^ zTw6&tYvS_Z4ZRp|Mc6q8g)xKtz^%P{5jn(b3GJKS$ixAP zN3fh<6Whzryay2zByRJJO6>(WkW-oZc%)1v`taPsOuc+z4H&2 z4LC3>Woo_xv1-6lRzCMC!ce|ZA@AYX-cW)xP}PQ=n#-c^DxLpj-e1 z@z;p}<$~*j1!9&yLk0rQSL5>?ay)F?iYKRL&7-;>;B zDF+I0_&mkl@*=72iy&E$veyaPX~GTRa18bq6krJ#E#N)H7pRB)OM;D6dI}$Qfst1& z(&n!nC>@(MK6|*_XScPzQ>CCi`AdC%dzq?31y(6>t}Kyv>a2>F%~e~@*B3`Et0VwC z*d=%7PG2YzAG46!!b|glDu?FfPe1WCY?BX7En1Iijy*X>!N0~S1GN(htLYgKMp8-N zxrUqIHnD#-Ad@f^@$sdMZwz}q^yr$P1F_4x2Vu04mj<1X9oY`vt8vzp9{rd2f)1wt zApLf!LIs8z9Cqj7dsrzuA(a{5@~Mj-%M@iot^}lk0&T=R^Dzf0w}6up9EW4F`U-!+ zQJ-|?vecvz37T(747-(s6X~&~4P*&i;HuD)t#~>Z6z)?~EY#7ozop#~pLuOA78~}E zFA!DA(>e|>oPcf%c8CuW3|09`aM%$jn)?Y;Gnjnt!j5~{3eC!FH)Y&8xbi)^)y!eU zuqwx7KxM=s2`4SS=N(c%b?FM!O8>{us6A*V)Z;nRocA=QPJ0UC^lu8;fraU6L-kC@ z-OzcyxiWIddt-I!gLZzwMmf)b^X`oNvnqNjm^3rhLBA|0LHe98j0@ZR+)Dp^f1^Tj z)9CwCFF!Q2a|+HQDbtP?d?aDk_kU9A#6OhUo0z?3UfS?`i1Fd5E3NKpZ6%dzK9R|yWh4%`q8t%gtv;@XJ>(H7xVvq`Ls-^BOi(E2Av|};u5g* z#T`&e;Mb=?z-h+qS<6oy7onf!vqbr7lb-~b+HxNNM-j4s#Oi;tb%oI?ZiUlYyq!Bz zd{J4veesE!o4Z;*LN+LqaWddyiM&Gg^0epRb_2eF_0-u#rh_{|e%)|F<*6c-A(PBU z7uh88C)*na&Xoq6D(HKmda~{>d3rpo#K) zbRs%c;e@+ic7)}7e-;d#2ME=#c7(1goR@1D&N#h(pKNjeA8y2la-?Fz`;YxjdRV;r zeg?s7w4qrZRq*7%D>@q(0s?r)AX*7bKitCJrUs`|l@rkIaQ{iNx&MP?TmF*la{;J~ z<-d{a%9UYMMa-dG9JXjWfu6Y^yb02S6snxfc=VQfRSdZ;{VP zR4D<8HL9I3NXxOblJ7>js$MvP6IzvJX*88~KN{)aVuResMv3o>0fvMG zSMkioRI#HBWk3VyUv`8+$^eofcOvDu933C?u~tfD(=#~ar&eeL3ZyTRzOsurrDS;} zEEGaQD5ar%t+6d>`!tmQ{p)~8*Kkoh1dN@|pZkAv1cWEL59ga}8^cSCsfSzGqT!xzH@_(K}5kR&erC3Yn5Fr~vK zk8K}6BU&@65DLvP7R?iTGPvz|3(bLbGaQ+xVv+KL=pC8oylBOx98qJh2(>CmPz-N) z3<)%zk}QR1!KK`R+yj}>0vaCs(f~A$5{kRw;UNS83^W$GrQ$7_Wn#YaQc0SoUcSBp z3QK%KMNm``G#22QmIXC{XD*Q$B}K)<$Vmm7YVNt;-0g_$d5a)&gd6~?`M_FY$vNA( zjUkrzaL{v6Fg&41_YC$zlifm*y^;y52rZE(Dn61W0uDe{nx>gs062j7uLHy%ODY7# zqln9sk$aobg`aPl3AC}Y>^aYP1(qfl<2|NvQ!7&gAIcrD@xl2m$~RBr55>dD z?N7x=5Hm@6k4(M<{_Q!j`4k`B-M+RM-{i{egWCW}tya(gdtF)vi4;n($QbDb})6I6l2ypo>D3-`-0ZQ@`sdo(9%fmv7rl#*rBI<@q2e$ z72nf%LW(briv2tn3VLp|pE=rsMEF7hhP0aQ@_sTyITT=iy%1|-d#&Yibl&?huzK=T zV%^=UUAQQEE6mHCAroVloI!fx2qO!{SXX_ab9|tytc9$SDl@{0E7+_QBqO3SV`WCu z5{QoX%ZL1M$`Ds6A44Mt~f@j@Sleu1|5GwtAZ4VGpbLDdmU<@!jT~%xV3P zFHPhxa#YnwFXGqQP;V};$S-Fn&upGrX3yq;2VU=Ak)O0opRn_ibvq0~!i3)FZ!dePv|n_Dh>r@D@f@0sf?t`h?CW^q%Ow8{ z9W|PEgA&E!H?u-Q!PL5Gs<>ZF4*1$*Dm|LjNh*4$;|eO4zc5koM2*V)WFyHQm6?-0 zrJow8K)#BT9tz+bUg<+&j`Oe`Sj z%Iy~+PFj8;=y0sQy+&)W6T+Q`;!e^%(4G2ud-ssWF{L6>Ir;PKkV{94PQ9Y&p zB{3$?W3|daegtQvkg6eWS_)Q^ykA1W%XF@G`Sgj{_LLaN}Exq0UWk#n@ zw%vF*T=+ijlP;xqK zt;&`z-sx(s`tfdoQH=b06Gp#K+)9s&HTV$rUiFnOZ4*Q?arBMC0kxF;1cAZ_vy`>#x|lld7cjDLO7@t3 zC=ouv%Do5+dGIYC%zn+U#W%4Yu^2K+GjxQ^TkfIRZ`hDdo%iSQ;Q-{vv#8COcA)Y=&*HS=z!X^4neNjEQwK!wzxY zV(Z0(kjVzA)VDX?qTFJ_Ct=GB<@sxL&kt<@9_p&uHl${GW*uj1qbuj6p@$|dev7iZ zpFc3btY0bh!jeRJ$aOEfNtZla2)oxlb9CI-*wid&MxW{p%1g)5wk}lh)^zPFVC~w! z5cE1j_i-j9c;H$qR#aqR=SBxD{QDx`{8o}#+|fKHyabE}lp33T9eSq1N(Mg7m4y)d zoicsbC%jPK#y>nRHyy)At2*g?R8UIQJYUOtv7D=PI znj~BW6-r*ixi4EP@J9ZAefLK^vve^98@Po!(&-g-v^+Ofd{Sx(a1^Nmg&NA+pD4KU zYll0XN}#96kexc-i^ZqPBgb9`s-&hHCj*tIow{<%#hU?t_48pF5{*gP4e7Q$)_7vF zdqEhGds2XKAxE-Ga)N7;aa~-y3V*dd^cZCVbjK*GvcLvq?S-E5w$>gNOpp$7swMtK z($+m)<>lRN$0*IRC_v*?J_VhWjcXGWeC~|*6mTQvgnqF#jFOho{$%PNUUb;c)fT9L zb8J#PH#c&EY?!STO&T<8yIFt!RgB?P;bqI?d-@3Rt20ugj)F{KQsSk888JLpBhBtYHq#-Pha_?hmwZ4V{2o!Z6qV_guqw3 zKk=RMlFgHfexHIbC!BZlo39zFpSDOP;j{~qpLQcf3FOV2a1Lu$R@OX13Bt`Q9G^;Y z@mOF8ivLE)++5-3C&bw*X)B#5U5mNXa>m&tBV5+3C(F=(i3_%d-B~VOM{5 zfDYs2S^w5yfq5q-aUdGDx5wQfWvmf%;L~@|hbkXrUD9wKwAY_S>sN_>NN=y`Zx>0I z5|rf#Z!wG0DtW&cZsz?fl9!ngg-zrrR{r&1NjrVxi{eJAND8ZQLfpzMuT>Iukx&|l z7#woMG)HefT-iM-&$#w+B#oG^y?xo|I?V%ohE6i88?yM$8zrof0>u%7mhpfByX7J- z`68;LGYN@u*c|ReG&^azk+JXlg$r3DxT7#_!JSAcl@SuJNRinQ07rRp%|pU#%&6tYQ$258O|W7Vt<(cq*g3{rdI3Lng!Yb zdDr_b?-lT`@(%i)3LI59@(+0rum;GxJq&D-dF3DS9<1A{{cq)6 zy$!YNPwOmeU1smcIh-!m$AOf(?F@b_BsRk(ev$$Kn7V;Nh|+;z>n&UC0Q4HoV?egW z{?TvW9{Wv@1HOwjJrnTGz>ECi+sxkOpT;K8BE_ z$%T&#Mk`gD_u-T{R6`zYl!YEdKfe`NE9i*{^U#MRsyahF?BHykRIk+d`xR9bM~y$3 z?xDgw=;L)ok)39a-lxMaxAHvwBqTaS^{_HsYo`hBTFIZjMWly)O$}>dr3`RQYaFOS z2=PZX7RiGB0|CIK{(%6Z-EzMXV8JH$q6(_74*vrrtzsfJhY5wOBPHySMCghPDmP%;F2T6Xh^*DEKYTT z?|wf*xVSl>Cn9=|LlA}F{6E6p6X04#eldk@k<3M1&#O<3bHlG85YY!u-O({(+$zR>Ype;@f!u0sF^NN zZ7~s$Go<^omtHZJSUQ1Lcq7b%16?(n371a~&*5w@bf%qFn&B9TdsG08Xh?{;&~m!X zWyy-bt5hDV9(j}qw!nRkq%^?1(JXX+kje}4Q|IA|;daUKSTkOaJ$q<5%yYiphdg-L zi2XMFxQJ{2UnnpKK!N!rptz$+%td3EIY>3Ol@*HCz(#gH%^j)eYt(A#c|+Oa4|#u} zz|l`bGvNA-71SLHjICcNz*0W?+M?3JgLP3}B86WX?{n^SE#sskly(^#?{l}^86KsL zt>%>=)XVik0M|$nqVM%E#Ca7k-hv^dy+3wycpl-|w*ZR)@0D+$u=70tx1!%QqN~%K5RqGTU}p%c)~WQN(&$gjYwfU()`PsN(TvM-P8!T% z58?;z_FetwCv7d;ncrN1t~syNg7j)Qq%`71?8dXVamoTA6(Y2dEJLRa z+Oq}%;(21q2Ba7JT#>I_>QDkL(+0yNud0nXNYA7E9tjQZ+=g=zqE1Pl8{*Z8p_J^- zD5^Ss^HI13EwWRTg$|>DX{T?v#b$Z)-C+G%0wyr(Qs<`M*)f$1;Nu2feYQ>ZK)%0l zip3v;d?=R%nob21+vh-8?@rFZ8i+X*1h56Km zmI88HH;_V8l8AuBzt54tt>K&*hDG;$cqCU<&tbmLvAXceK|$HS?KYL3VWP0lRi3lv z^CN8(S`I*GzkbFU&1P31P{%2#U&i6m91hW^zmWuoUd|*3Y3~P{{!;UMI@W&aeQg|! zDuRooz499bCndCf9ivcF0GyrP(+TuTH*|_4{W=LPDq@7kWr@IRcLccqP4n-zDa0S{ zbsoA@dTA>w_#b$*1$4r^iQTFN-)+Qi3X@9PRUt^PC}@?vi~u*JcJgku*HSCO+7*4n@ph$^KcEbXoSj#E1c6vdaX@YH}W~1LA=|@YE~9mIw@H|ywk$b z(_sYKi`&a*Hl~S%@exWC%GQ^x=eb@j(TABWmkh!T`B@h~UF9z!_-A~^Xo6VJY`^ye zx0gCD5w7Myw=2I-l#Q2`|DBn1m%SBn?f~Rgvmc$TWR)sv-oj6lM$(>S1vuh1m*1@+ zHDRPIml@Z8k&7p>JAELhH+04u9-#v@u2CuzN!>cPN3jx>2{1HSG>9O%crp%=1WCNE zMt?YM=N$!6T7=9Q7A(VEo+Jy|E4?$#T+8?WQDb@k`x;9y%7@Zvb31M&D|9Qftt3$w zkn-mUXHWtn2f%v2Rf4{@17=6+~b8SP?B@^l`pG7ofNzgA9lntwZze~?;;TwL(;%ha#a}3Sy#T;gg6y~r z!QZBxC{CuGw0JV52Yj5grrsAZP7)GE{xxlLF5&@tV&TBo#hxX7>NuhB)|APzwT}K( zkAcjKC4vcrL3Jg;J1_xU2XE4g1uKfI9e0vm2Q&ppVEzVDBoJO|3a8Rj9%KsslZPWp zI$gj5JW)6{=qJoW0fRk$f2)313i|-Xz2DYBL(6}&4*J1=W_No4bD0xBH>bP|qo)F4 zaY8PoGQg4fqt$Q&b~K|;1A#~=UzWROo=E}ZiSAWc2;(*)Fni4a;2<|4l19XAK}e8$ z$-A@ziNmt_tNBYsMEtf^1>Mbt$7!gEBw}r`IBFWX#Lh(9mmYhW;MdN&CdA#$U$4 zbS_z=3Ac0H`(}y}bSTiL|41Vmn6Gd4L<<9Ua)NJuF)BTBV>ZDe43iH7;DtdN>vvNJ z|7ODGoTPXud$R|)kZscnf3HVU?3FkZN$h0y7YOutl%*kxDgNfpzm(@Q0| za<~L`HFU~$OTmAX5NzRwAS~kZG`JS{0Xbiw`yg=ba@SEp z{zCt9VPf@|Cg_*1hsE!-)8Bu$-p3Td%*jfTOqt>aljsNC>}L~e?m`Z!e~ zPZs&|(5cL|`$}sn4z8Mwz=adKfZpThsD*_nA%NN4dwe{YN0solraBMKSXhW_Hu=rl zkoEM!NoZBd8biFjwY=n)EwS0x7Vb=Xb37aV2Yi&2{Du#W@IT?B(DWC4$j$$T4;7RJ zrL^$3kQD)C^4Hzuhvc+a7UIjkIA(K>OWDwXd+w8WZ$HNxdxEZ!=7e{d2L&Y4*uYPr zDdlVdN{N0CJ@*xVCMq~TbZ*lcG{aug-H!)9K=C*kbQ3kx^9C8-Qhq-1y?!`53j)s- zY!nB@gYG<Mow^Q4cXxIs8T6tC#}(w-IRNsFkv-JvkCQFVc`*zy7*j+0>VZ+79xQy@8Z z7c`lOJbeT{4xQA-nK2tLrY|LsHF3Oqj*K2H1|UQMBZt>yaqUdG*#3PiZtEP8WzFbU z0_va51fHG&(c+l|1d7d?cb1=0V5m1mFiLIRa2k8}+gholjHcMQOg93@i=oq00Erxf z$}%J1n-n;%bQcLYHHK5BVHvajF*lHc)zQnhbbi8tF-=rA6d}R@EZpl1VP|rtxIfl) zf_1C@tW!8sQeH>)PLUuC;#O_g6_Uo}oOi3l5G8!AJ<=gwB&Sj+UX&YeR$_=rktR&d zlO(x|NIEBbrP>xX#E~PQ{3?@WZRh0!-{Eme{e;QbJKPJ&^HX*ZR@bFquXD zHNB(%9WcG4_&EGSG4Ene!iSSk(KLsWsBdn=g->XCxm-@i4 z&fGMr*oA2dp18)CzJyM{VG~5qX2957p*S#E!<0_R0_^u34?XDIEyqtjz#NZ@@<)ze zb3A-yNBz=y+jA@2`+wrWt)TM%2OiY@FL+Qd@o(@T@a{JrU!uUDvc+~Oi{aS}C$tyYsFS0(L7~O3c=isbC$n*c&7u^K+yPTtcO%~;GWus0k zf%jE~(1y>?j>{8$q$zqWp*(ZAyYt_*bCRVcup~Ay!5VKgYH4dDXzJ>3ys48}&lES9 z+#-e)9xc)czfTs}kh))$Q-bZo%j|hf+fTOjXFlA|>p%!^tvS5<5?wkVUBe4+`HT&Q zp@k~aVKPYrYg9?2ZJoH6RimZdX zmo{E`SWgd7)8A%*fOccQ%v@-xT>PRsA_QTp;cL=$*AMD>qao6;-7i}* z`f!o=;;aQy_w#Z%FjpO26SugnukW)IkpA_qPy4hE_Takuma zR{qE%#8R?GwuXN+dc)1v6+0D1^Z-(q0bz#a|7=o7a3$j(by~&QUv*kGaKwvH-(@Ua z0xWPih(3qIK8aJ^Xhf{wQAQF>?-+%remy|cPyh$~FHyr?(BDQ4Zw7)}g#i__&ktCe zg&g~dF&BGa@}}1M>W|$zbyV;)bJG3lq$Z< z)&Meuc);QMgl!r%CkUbgRQx~YgopuqgG8Kh|5G>T{NeYUkUl|g57Q1sq!$Zvgf11x z{{)5!)L+2R%AuxO_QZ0o@?XFZ`zJ8$6}a^PfMMVa01Qu~$-|B|6L)$rCjf&18jsw% z&HNWI46%&fv~qZ-@s$C${{al2aTADD$Ie3m|HVDvzkq>7L+N{e$7uSJYc8MFF?SM+ zUG*GE84T<%U|^}8LdPt5##s#s7pYxTQo1>!321=dfr0J*fZ~IMS4hLok;d}rHA5UUgYOM`N;$sD|4Jk1SV-0ge1&q&qQcfVG-)AyI& z0qam5;#b#^+MMvL_W^C9_bgWwPo|rzPkr-J6%`Stl zJP`kK4%PbOM4l!~BCNB4!D(NLG)`V+WAAIjW2jb~qB)2g%Q2BM=U_Rm?AumH=ZR2| z*@aT-9Z=Y-_9oig@msuXlT^$d)l3`GsC}CEnoOSKRbRN*x7CRGQ=aDKu0@rOhGtK} zu)UtJJrY`UIha`j8d39eyyG>SMz3P&$}){0iqeHj{^Q7Uj@^~tj!mW=HL?@;ZtFo3 zKS1vzPqZ`btRy9w0eT;zdH)<+E-tAA(0hR@FKNlbDn**-kBY!$2d#jcNf*#^Y(*sg zpeduNiRIs2}uJwFCF5-3%{&|3q6Li%+ZcfS$V+u z8BuvGIWD6b?GhJT;N75HzR(jd%QW>$N-6`8n|*bi{DM+xoqTD9A_e6_7H77ia+!d7 z3g8wluezWkUel{*X>5Zy zN8bEf+saw8skqdQK*pih6mwz0H9}#X%Tdw%^-tchnDm1!+v1i{DkZ6Op8SG%2_^aR zJ$Y`9_LbH8dp7*nsEfiMqb^F8eC|o5vcG0skkn1*x=B>Jgj(?SHN!XFC z{05$6bGg*VM+_IHF=M*Sv+%@qC-i0Y`hU;5gkR*B2EUXM{0NIUcerg-Nxx_MTep@8tedVCAt-> z2a^^HM?H*|f?I%w)#}%07b)ItU%I&tv_}Wnm)Gurw6?ph%qlfiS~vHbbl>)-qG@Au zR#{U-6Vs)5L7U&gs}N`JXtvU0yugHW%vUldSaKIDYVh|f|+IjvM8lkfLt zGW#%EnrONq?S+(VZj3WETLMD)d$3n3mUhYrT_lg*2~Hjq0ey;dw-^S{a!lWCJdt!BTddz68rST5_at&zQ0Nwl+RX zz@B=i9bOKrEZ-s0yI#p_)^1AYhT=ulnuw;1v&GI>R+oz=SkBMS)^E%Skm6+%@L~MD zOY>h(T_8I{^LS(Hh}G)gO*rgI1JHpXx*uOBfi8iwa6H+J?*cEAe=t&bN-sAj@XI1O z%eS>M))#Zunqf5A)c#qQ zX{ul!+2^&pGN7{GHBPogHHqTk;^c2>d$UE-T9{w$moc_qOS9C_1H$q3d>eo40lc1|9 z9y(647U|;=v<9^>pY*=Uiyq#<+7CmDRPmlMVs8;RmF9f59GY{ZnD-WOc>K6cvzLgY z95`Ed2&s3F^BU`_5;$}MbO8Fv$IGCRy56cuQa~!~nBS&}$rilv_Ej5pnME2staT6jA@0bAY7)b2hkhzZDBq5~BMYP$;{ayR` zJqDw0a%3VyPsFB9NZ5w#-iW{ijl-ckGJ7p3u<0?CTIwIM)4bVnTZr{DSGg|q+SNUh3_J1BaCHUM zu6SA#FMRz(5&&ex_gOqPU$g?wa1CwW=!dLa(KI6FU8CQvFm}4@Cfa2Yy|Ew}#>HOA z@-psMV1{Jf$8i(?=c=8(`n`uvdFyb6&2T&pfpCXG;`?fJ*t6%%-PADCmonSf-7jdOT6jN@=1=Qv&>(hW(y7OSlVUbft})UIJn~Ht^_?L*{Iko?WL{vL!^!e`)P0( z)OOh>_HnQ1Mh!BD0hJ!jzBfkr%~J`8;1h$PGDzv?3B1n7&r)q@El{3WozjH;@v)7k z7czs6%j?E5wnqMIHx&i9Xz^&y@n%6P=%gHr#3EB=5{Zg?{Ik91#Y2ZkCvLZ4>3G_r z8cR?0xzb`ylO!99_~~69E~wm&zFeDOn?kvc6la1VQKeB@pKYeK?D0Z67tb4utbJTh zhgM|~;1{sbt_$)Ew(HPBUDlf}B_Z7^5w#`0Do+iK>QFp=2rX_A#3IU4wihEqkP&jj z&$@;PCB@G&o;_(PRy?<82slJtDaMAWL!v_en(E{Jb0jBPg6Z&iQ)HvM+WEtb5v%J8 zU&DAuW|UevY52*W7v>?z_Tl&sTX+*Ogq+OdWx57R+(8&!!=w-J>P-(^jZslbSBQ^m z*&%GX*)Jy~8dyq%M~b5nxksi-i_ZMbLz8*uNt!S0F|ARqkc-r5P^Z?PIr`S4`V&5l z#;(g#Qj(S!*9l#&mk=HWeivow+ngwiUj-N2_|OC7KV{Ou1bV>(26?`X)$qQ=){eDn z>-Ig-C|v^2_=Z=o>g1S93H7sxGXlYf{RzIu<&f-|DgV}+n0^va#V@3gC7QQfa1@(J zYo=*ZBqe8G^dQwytooPD4Lta1N<>~tdJ3p$%N{USQw+{UDtbWE3x=iDOh0S#Fu{Jo z-FYSY`9Y0z9b}%9gV(stM}BCGbfh(e6k_=J4qkRDa<1c?RT3TDVP4{marISY;b*IL zWjmg*6(-w$%b0X=kcD4Y-hJT-czAQM5?)d?5rd@sw&{^&s4Pc~OBedun8`Bt558C>9eD z;>vtkmbzM<{_D(3>$silL%=@6u{F*gX@Ff;O(K{4O?TmU712j}n3zY=A969|)=P%9^L}R+)+Fq&2T#xD+SN3LRx5%w_vOM%K4HkMlj!U3$54*nPkx7=Z9OV z%AN5m3+qt(QWOn#u79&6?y8+H>M+m+3U3)n-F4q{-N| z3G0+Uvs}@yx@WcN>eueJnnRUaVr|%Gbf9mh89JkdiF*4QlkI}fpzM^@`>(%kaRKj$ zeZdpTO+Fb(;MwT`u}}!cfozuXFiZ7(PR0|dsX}bzeEr;^Jr-3Qg(E9_UbG;y)ix(X zB#pVwakmElS+v?n4ZTA#gb1HkmCLwZ7Tf%o(h0=E zO|z$TEn|Ybo*+zp1{&7Yrzc@il#JW|%DaaoNW-@$PXiJsq4BBZMjgVGz#fWkFJ2ms zFonYC0RFLCSwqY8EGNq7|I~>49$bSaf=TIfCou%I%n|xKg!-J zx{Y?*+LRe$W@g5inHghdh8SXI$0SqC%*<@Z%rP@FGcz-{^X=Vz_W9509-}X$Qk67x zQ7TFAT+f_qO`iclAYnlK!QqrB9((WG`OvvV2^^4D+-hJD6gGLF28q>YDJmzu{r1IY z$#ec_+9FL0+LyY-Do*-1cw!v^Mq~C3xf3!N*sS#3(H#u1Baygz=e1?irWgRFO)N zL+gYc`-VAXLhpdmYkO{z;1`hfDuJLjJkBy3F580Bz=5Dcs%TI^t0W7bUzJn|zk-r( zFCQd<$y*6m4wj0@GuLc=`*<^HdPmUHPg5ae7_mTT^O0nQeTz4bcR3&xypU!BuDhQj z?N^~@<1Vwh6HOa7US-S!p**1;5iWHppdaOl8xtPo?M8*8U;%D`OX=7L2sg|U>A7?p zFsw=?xUYJdJO;d-ZmqM0BSwD$8#k5c>&E|lZBog?-JQp>12m&b0ap_o0L`?fjRXz? zZE4Q1zN6O@s`}!}<33-v19*#0%*|isUx z*M%Z4qi%2cpb$`OSl)#Sgs$WpA?zmwcEkA&gjrhXh>LV%Ba>OV-~M72(aa^%+cXkd zax;v^VSo=*TAQQMyZo@^{3V+sV7EbPBuugvz%z5;_sDD##3Ys8g}(0uHcSNtSAV#A z>8~NiR#jnSfZZVxupup~zd&{6hcvM?S3JIHBJ0HN@;fdNQ42|h)l96&cwuZ2AV-R! zYFzTJok%jo{d$ftg={%e8hFMuKssv2laEl%WXrQOiLj!#3!A!(XU@%bagJm!;#W9h z^GfMBSyyTkzhtu;-RKNy^V?KhOI~%&RM+x)c($6NEa)V+{FcaY^I>Pm1nF@cSQFy| zobE2Oy7v1_FpJ-5mAW?cI_ga~eheOKmz*!1HmR`mmK@j0ODIi$M;BIDFEk%csD&%`qV9>5#x7dp7zF0wh+|2VI&W0T?wyF-{TNYh<5Oy{pRGic ztFIgWuyRVUr8iqIeym?jywaeK>S3y-3~1!dQrvPJ?$1CYh^dN8jm}6pT7=nFgNHEO9(E;- z3Q!Cl$oC54Ypj8rVIAAi`}Y1L_50CAUQb+J52o70X^L9o56v~q?+=fYr)`4!6gWh% z5c`ayP)VxqP5AEHOjA#m7x;z&#zJ^#j8KO%&VR)RH!=zIHy-@R$`xZ8im9)#FpXXq zBaMHx$5-7??Gf&^9x`_Hzi5x)dWVF6X%CkF(jG^nx#j3hixfV>8%(>7L3U)XrxHv# z#5jsc*~oi2g6RfO5uOWomDISTNi`!gZKpqC8L8Db?)eyvR90OmdhfLE!5xuZz$x>0 z42QXo!lno6O#&><{LV(&D!Gf<Q z8Ha>l?rt;-O?5l^?1M@aG7iBr^a=ZD*oiTi$#f;xKK4k1_hX6CrI2#CsB%RWbxlot zmOqJ~COMZpQB8&wt6ASL`a|!U6J}k%6T(5pL&Q*N-ic+}ecjxB2)=e;)%(;REI7>7 zzP_S(G_yP^;Y_5$U6&MFF__J*IRFPTS-zW;&32mKWH2jKdxg*)RNjYh;bTj-s~viE zriNMbEGtFzzpS<3w~JzRwcx?cZWX|`$PTMRvfdx`$A#v+y$PNAH|46n7 zm5D18c=;rTbHb1!>MAo`kydBf$3iiG-$9R+2P6dx87aXD`-*W^*#oUy@UO~SrjBiR@d~5_J-G1p4x%}S ztdUll4XxCdpsm~yeLIz)(kpun!=Pbovv z83c4eYwtn7MCYA=Z)Efx{zT8CpL*8CwVV^}t@8^3f;6)o=rH1$!X4=Ja4jsYz-K!0 zr70^imy{y3ool}tc7*B2EqtHA;g%Snbep9_Akfl%ah|9PlS<^j{dshg>6(Jvd-`rc~HhkwsFI>TG9I z;azHkhuINvsIH9>eOs0DtK%i%tna~kD;A3F=Q`oJYVCC8$DZ+VZPVA!=^&{^L6x&? z48@+kU-ASOTHxjuY}32WQcZD%tv4em((Lwm9z=2+PR3{q*WWbU`8Yv=8z9iJ&2Yj*6oSVbT+R{gq>!#-sl6 zC2QT2ng7-8eJFWeOnA7`Yjv=x)&w-NYw&L;RF;fHe#oJuj}-YvM^YP2v1z^va{u%= z6S2h3zyK1R5~j?(_x-q-L*pf3Mk+~7R~I2MZ)uzeP8#y&Ebm$C5HGqnyAlZ@p1P3X z_96F*8F9KT0ReoAMf$^+^#HRt>Cw-P(%>3g#JL2A*GxCL*uqtf?XTF|jr*xePpMO?|I)1 zqEWKo0*bJgr#%y$A0^<)jlCzqN=zpx|L&2`_y*KXT@-e7;>Aqiueu zXaYXesbOCArM{az3S@=(iU@lM7=yAP*u;RDi0Zt&I&_A}9jfBIH`5T<`98~F|H1Fv z5_l7UK+5zQXt;5CICSk|`oc$(y)(nisJ3u5aXTDKh%zU<;p`3mY^sNJh&czgrC#5y zE!QFF5Bdgr`(={R-1#;PA^q=;Og-KtV?vE!2c2}KulLpEnCD{xx2RF=LE5RChNug} z@G%MLypKSin%_;B#)!gv`ro<*-498@lN&$ayecBN%q*-en^q7cL|waOU3-x^dJ|e9 z9eh%Eyy%t^RukHO3`1ayL3m9J;zEasupJkK&POgD$?yv0re2aC5?sdI`pLHX+UcL! zY?#v8rAIsJYo`z0Kk0q025?cO;ao(~KE8QN8{zMKOjb*U*FL0dU z^%c$c=35l_P502h`G(hRu9rzS6m^{fg4$x7gI_9NbUhuyJ>(Z^hJLiJoZ!Pt@cDgy z+uIMJ3HEAF-@Z+M;|^Vo4(?wNw7Br8p_}35qFeiLa&rKE5U}1YY5FLc9J7N*(*c86 z5JZOrUxmC|Y!pJr%&~4lEA{mS=eREC5Y!-W_Y&gUmVhU5vf8+NT3Bqya}+Rw2Q`mH z!w#8}Y~p9_d30>tX!M|YxJcJF#Oagwf5Oc&=0({_6QQ=x#7s8RQSFxf1IRIm`|FtardT4BO&Hv5~Q3nsWNKW14o; zMR!hz^7EQgl@Wa_U)-ZzoKwHdd~cGGkYxNDUcn4(qjKkNydcs<%SPI4Yf3>+WlGMNryiyK!3kecV9 z`jRy8P78ly^WkyHWRLdCA7sGGTj@MS+-IT}c&+(oN&>Q{H{2t1dq*=DWJ}?aGJ*X2>BB4sH zH>C`$1{fa&fEbss6t@imzN$G3cWSHzSFd})1IpwH02qLB2Q@KZeNLEM(rBiBC3Agf|`$QPTb|0k9DOvCDipck#`U}K&_Nhz^mIr!Z zagzA#0a<=J=V4J@5s21=0H6ZdO-aTGFbgQ=!z;!IQvk~@{0S%q`MX8+S{IC{5z9{8 zsEE_J@}ErwTP>8lC9~81wGb^JY+;sn%F7P4b3_#61V{Q!28o0~wAw?w3M0q~v@3-o z!uz}Bo;rZvQfY5M>wfBqzNFoT>mRbOnl%G%qlILGhrTeKS=};RSP9zRAZBxbA6Ae- z9>Pzq^h~Y%5VQrZt9%~(yLHM1t`8s5x6YXx$%TaP0Jmc&`OL3e|1g`YBjfgeL*;ZO%Y&={1t`jdZVO*I~+90NU zTyf7%d#Bu3+iv1CRE11+AJ+W5Y^bg>B{t}Z$l8~ta!3&@kS%sY(5SR3U7>WA0fdO| zRQMDjNYay<-2kqD5n92Bn3Ervcd2`1NiuY8r_VJ|b%m@VX=6IqHYJc7xUeYTy-)l? z0?yOg_4u%KFZrY8)e2ZhX_3W=H-nBARwn|~*# z*2p{)QBPNei)c~kUASGG1}gVqZZi2-N;7RxsNlVHaW-Z8@D7&taO~PuagZS7d9{5Z zsZbKwh^)&Be!isD$GJSPYVSb4vR@I;Y7AHJ4#42EeJ#ZVyQ593WFrjhdGAC z<`PK}sVqh{gg2fKaE-?-JZ^u2+?ee1(828e72}nXeESTU)U6k~z3pA<$e*v*2ieR% zFwMn3Z%&fhn%MAqn0k+~QQp79lg9J+|5AUWu_&o=Aa#oNoysOIl*{eBSXN~7YMYmY zo?twf$Z#Z&BOZGgWrnAp8u!QfCWBAn&sQ{aRrs6CW>5ZI%(w;aLg{TwYh^PM+ne8d zthnJzygCJmCLFIst)qX8+KQ{R!Z%2}ZFiXcTEwYW$@Q3iV5NtLFm#hH40S`%L(`M^DDJX;{aesTefVz$jiNsZ9l6D~g>Q|{Tj&PmQCL$t~RspSN}!)m7ed%-QyFk`?9X*!h^)?uTSD*yZ><;;YQWB8D`$4pbVBz9MEO?$T;P;i+iqc< zrRk=EXEI0HjHc->8$>(ub9CYM`8D0}BP#9uDjf~Hb1S5K+A?p?lPWT0hn#t3ove3*1jMPjAkOOUweuNPEg~zDzyX#WT3^md{?M5{Z!vjP%7v6duQ6G&Gn|q zg%$)4Kd<#?SPwqVQrmX)9s=iBJPPN|wA3B~m(EgjZy=aCrT~gmUwsVuo64^T&IVBt z560C!EWUDm;?(RM#v6inW_PClS<#??Mzvmf;AYV(-h;B&{eCYp(8F|l?v^}- z3?ug2phBl>d?=Wi=D@8)+v9-Ws9o@0)Ta0UUo}G{Hi~Lt_5Zz^;aYEEqWNFdjPFB# zs~K>JGD}KM&yZXu0i^2L_t*%R(Jd+pC=EMLJm{7kdCi{v@btU!V&ge=blk$pT;>8~ z>*!l%?U)Ag(N_x`S8mp6^fL-72XlU}`p;+HtsBQ>1tYTPhHi%_W?Np*AzU2z-pVN9 zH{Q6DQA2pKrYsrfTfoACj9l6u7qQF-XcFK8T01|Ge3)4#9JSJe2p+~>XIS+q{DdK;K$_6(u2sE!+l(;0ZH&R@k6nA z+fFhCTw=dWcOfVmfUo*^;5AaU5c#F>Gxs7h7PRyXHc_d+zVWllvu}W>@Q=>tZ**&T z@i)fOj9aC20c(g*$cdDkSm7YkUkMcT?u#%?VKZ{B#96D3f<*$k9agbeNYEH^d%L`1 zc+S5x$%0<6WWk)5xrk9RT@>&fd6c|iURdSm(uH4AaYgCdd-zfXYZnvWrzuZjQAQI zFlcset!=74fsBbB$sQEIUL(by89wEzoK)fvFyb|^2 z3-tK3f=S0!Ei0apG9$5}(@LR?^6Yeui+8V+9{R+BEHZ!c~`q1sTmNlYUB+L zTawY%+$f?&>ULz3&cd81;E~|e(p@n`=o68;)(8@Q=2@P3LI|EvB^LIfm0z7vZI13I zoz8zlf3jl}gN2G^rmt)7mme9t1S`t zhV~=xC&LH}^UX>}RZZ4^qq~VT4x*?_k#}O-6mG2QvBy+$@EXt!m?i#@MocuXdVrE2 z0M0NGY&nI4gB&7Itfhdl(#?qK=e#9o^cN@4K^9t^cT#9JH;~J$Bw~+hH!I$!H8r=( z)A`<|9XOAGpJvPr^6#|Oj-9UQcxwI@`1Ux<5yYPi`YUo0wufQO9h-BAc?92cF>L9g z4iT3JLgM~m!|M;H+rt=yTcz@p*zE0H}cdCX_=X+U1vo_ZV)`od)vH} zhX#$PU#*-kr8M7z4VbB(((Cv2oJ(E&>G;&MpO0-v&l}s;Qw4WotC6)lQ~JecM>V4e zaFE6ItXNJ5#Cytivp^_A_8eLO{g4j(0(%k=7u6w1!{{!e9 z1PhL#kUs#G@Z%Cn4-RJ89!!&uHTXa}BV1ekV<{SIg(~3yiU(syc1#B(Es0;Hh%^a{ zKAM*}Gn-`f&qMStvY+PoDIzL@jXil0CIy+iN8QAql$}yz51J$((-c0HtcRS) zc*_$M>a48-f=(*f2Mk4z1%@7oxj>*7Q8`?C1nkxQ?#z>qx3a*^|I&RF@T;59@pP{w zQxc6ndp36$OyStQlo_ae00B}|nklz|)E4&DGEBE|GPCO7k1)!8`hl}A-+^}9flg-B zC+G2byxQqIKorpTe80TkKDEu7=y-Zh3$rzV`bqN)=bHWC3|a-&#!P%F7=(W)M!o2( zch!k-`}bPnnJj>)>DgUMR5TfD$o`N?^{Rrxzt8R=a0=XnZ5x6InV(sU`CS3enOH!^ znb=jW6T3<=;E?dukN&8NTvtA;+s`iOF>|>U@E`@G(SYxAx$!l-mg@fFrp)OZ5vx} z?ULfI2rQ2H{lixQyP>2E9E7TjV6hNkW%fs(YpEs(gY5$Q-Qw4nm08-$oAC?HM%Hb(gLB1Y1CMJCpW({S zz}=a(hIhOW{|fL^ZXP@U&rg7XEg5XE*EvXUdt0!sYuw&A(f!x!doB!{-ux(5yuSxZ_w&3O2^j;u==!+Z=3aGPKRIJ{Y1035!ph0}j_$75xsj!p#77B+5tIN%;tW9v4%}$80XW9LfZC|=rMZBAGs1U2S1=14 zM8-j@+HvfTmRmA(uU85ycp-~!me~P5!&?zD@+Er&; z{rT#O`^je=yp^J|Kxt-xo3?b%DP9>YRZWv+jmK;VAu&faCk~f2 zpF+NTi{4x%x;dYbX==@&jWuF!VQbC$D!zTU0BoCq;^qE7XD0sKRvt05=9W!)N3(xg zMS9_3QsrB(vPOkwN?R1ax5kL9x3CTJEYzG9#+J5>w9M`%lo-pYAufn%9tjz}o~o}t zrsQSOd{YR}hDLm5H7&)Nn|_&3#Zr1`8=Jh>x9jyJ zQT12rugjT@@L@VIOMPjV%6R)_FaPjP#U1_~$@*v9#1c=hVsC5r(ng8l#>D5loRUN} zWPrH()4apJT$uidwG)SsGbolip9)vXEW+?UB+B&sZM+ z(Kz`(K<&@ysyG~rj1>F%nolER+;}uSSK42TsO894xf$N`yWNgLi}8;Ywy3C9O2+cc zC6)@Cg_;(|Q5#0@z|lMJpVy)}ov(pUn>E9Pjileo%`z(Q*O4(u-M6#dO2zcY?=F*u zMnaH;+?J2*Jl6=6nL>UkN;aLb2ql}Zv@fLi79>155a*mlFc(AfF` z6^z1QXGQn6-Tib<#vW+Rzw0!oM%1~gWFY;0`3E3b{)ao%=+hl)QT-q8&}>^`^5<|W zM`+aIq+J^Nl}~plqJ``K;tq}6{l^`eN{_C3mfS%6|F}cF|LqQSGV;EAq7R=tbfhiW zx01q#qxwRk$Q&Gowj!7dIy{mYkSm)bLNML~PkJ1Bk=#F@735xl@iVCo$FjaO{M-a^ zthkzgp3myP%pZr$AB%>Mc-8I>Y)Nzmwn#`o4VLx_VAptPPp*Cl+3I$SksGt;wJJp@ zSLwo!vTZBmyt){V1}jXCh18ysxPoGIR$Jx%l|`+gZoXvih4E=5;^VusD$<}xMEd4Fze?!Ax$xczpj$upvP7~IqTq5l?s#|L~xd7*1>VIb$!xA%HJjT0pzdY)6gycDXOc!-{fi9qu-Rav7>$t7YWiu8hS=~d=;7XALY0?>s zFEy!WXK>T~(;g5tZIU)N{VYc5ie~+dNW%WFEzA7lg3|c;A_-f><2g2N(lyV`bRzO( zbg#b1i2;AT5o^8(KBWTsV1#yoD6n@4wh4W_(nH zCHPEw>s*d;SR^VH&ugRmx=v^FjpKnb?&loI2CwWlHvEOay}5uLHrSq#o{KtI9YVK- zP5uI-{ETB)l{)fxlrSdA((f}ts}>a5OVRII9<4e(L{;Cr^dtP*k6oW<#og#Tln*R8 z2DU#3Bo^P!$8 z9)G4td$tuyr_(Ek)Uv5=d!|UISC*h`&?$%5&Z~sjCYAIy{wVEjHKn<-kxO`7Vg9_8 z(#B|KL|8J#c>~4V2@@p(r6fMt#--rKt8l_|7u`e~m=GGfEBQzsX#TUZYy(IoDPFDs z^uwHF69Ih?`vY5=%`VOdhaY~5OoFUYw))xqt*#s+7YzE0TkA}Z;$ww}z=&#Wy&N6v zimO-Vy<$X!soClUA7Zs#6%h;E%Lrq~>-5i$c4zO%_xncW2_E=*iUJXDA571Pv>U;qU2=$1Q_bl_~S3pFfsn=aw$d*#STlKfC$-D|H7}$xs-|S^MCIcjUal zwhvk@GzT&5;Pq)P(wp6E?;k216p(K;s?lQWRSsVmX-W;k2^T7XKierMK%DH}xQqK7 zzezxC=pjcAfKzl;C=1dj`V7ND$8F9ZW+x82b8{zi>DH7WdUb}ZfXsd)Zs59`iFJ$0 z^X|f#tNeQ93whkjUgWC<`EX=m;0`K!u!;z(5j1C%rYu4q^l>|@z=Z5a@%JSmS`yJ27m`9&36Nyr1;l+nO+IQ?ba-zeh#jAwR0ejl;cyGV6cTMmdF{$w`$27ty?np<{@5Q;+qm|qxE4#)?_NE7py@{#2CKnr zl!?@vobI?#!A*JG6(=rxu1ay><_dv&Wy|2Ylq52&#yX=tJ2msqq1dgk$z}xP0DoIA z)@v#K82Lqed*A7 zMvuDhQT~{-ZT{zUX;L+x&DdzfhGZ^c&|_Uxi##BjUz|5-Dg!$Di$y$jQjB!Ho3P;h z?0Wc5B_3URFD6U>AA{$PjF$dZX&H21DfK+M1sU4TdDPQ%@>_n>s;6a0{yoSn#Nbu= zqEnyb%GNwy?^|hx`p|srD!pqoqW`k|Xr$akq?R-_joEA2YHwx}yawaPQh9f5lVt6{ zv_*rUGsyB|H)XKkZr}5scdpF5_HnL%V0o-Y>TZBy7pCECd=3ZTH%Y2%^kuC1^{rk;*-H>dCB%x&LV@;HVSbaX z3bGRi@B>gTL<3juD}LKt4H<oZ-7Fp9B9Kx(B8<#MBf)Y>*yy}}0DB$l(H z?WLoqXB)hh>5*x9dhhi+%s2XsrrIOW>IbK{4743b`N0NrF_KEMzPiQ~`kS1a>z z{FP34$u?<4~90xV#UR!52){YgKs~nB0KPkaj5@9;j#505qASd}8nX9$% z`2x-rSIJ{!0Bg$8kS$P$1lbAp_lvtknbpclhbt zPxbw8^`ESt1*C`=hDT(9&{b)2Ub;$a>id_!@_CL2NN z;L(^Yae{tJn(C9{wu&W~I71eijL8nIUZao*pj`bpZJ{EQ&5jP=BSWkkN++76C^eg@ zld9pA2%p#O4bS9V*C+P^9ZTgC%mYN!P}L#hh$$;)D~3-0v!84(p0`ReVW#qk=k>Y= z)oa#p?$s2}gdS&3l@bqpAwWh&3B-q)AC%j46mkptWhmMmY3hRbLHE(%#n_Oe&398j z=jG+*2_7It0~Zh?e#?bSv9TK5)wdKB)kp`CM{6W^KGp+pRHBC;mFiFLrIm*8P|`35 z@}!`GpNrlBTtQc*Djwz8PHI+%x>we?d3JHfz1pAiMDEclkSiCin6ZnhMvYSJAqy;u zlNstLdwV{}cx9IhvC0htw%MOhpl(KtGC`w0KcpRI9F+e6e-Kxom|uqbzp%7#O)F5D z)erMvt@-rdl)n#C;K6k4?|)W;4PIh)84=15*khE2nyBip(-*^GrY1f8RtKN924^b5 z)sGhXjEywlxKCqF*-n03{mLDMx;RKsoDz!`^+)^ za!y3EN9|k**Boj&uTp|=nELZ!wDeMbJN9F}lfok3u{dVEqI`LTwW*+%|bUxv|}Q>O}O!6ncYhv}yZR9i+Bv$KIHHZU-H<88o zF{=DoRczn!NvQ&*sC0rG3I!&$A~sCeA!b(C`^qm`c*;O%anetrU^uFtX!dB@GRdEu zVovX7sHE|EsHDazIRPVpou8JT?H!-FJEp9l#8GV6Bq6;(b^Tkl znS8=eh)ShaErG+%lE0|G2o5G;u6zel{@-OCzFuw-pd?_3w0rjE{H)i^tI0!_Wv!ER6dx*SS_Y z#AZ?ZGG6Xz`+aw^PLfn%>4+TEFh2Sf@}^Sz%dZyViuOm2JmwMLa?-TA#xUnuyHJC9 zF+ALkq|`&PTo3H4xdsiGf;9%tzs3D}#hPk+efksi<${B@QWTt1|GWd6n);cBE}L^i zt2FN5Vd?8)f5`P&j^_KZwAfQm(zxBoC!oMExQw`7Bg0=qcAQ^Qv|?3nON zCh@$T9#Sips9*QNn{hc_hn#IwF;6WU99P6gm~lFL@w(eiX@A|=(?jkTeT4*(DSX6# z5+Fa{<2?VB0EXuXWhRB5p1#cbj=Nz3{6UvPJ_wrtb-leWQ(N_yMe4qNCFKX3oa4KG znTMx&>VFFT^Qmh0ThNp=bKrkVf;#`cnOo=Sh92lQvlVTQgiQKG z9)3&7M8jIXVb<4_xA-FbuFw+Q6W(a3IJwBqFgS_?u)Q!YlY_3hAKV0;45mp%9?O?m ziDw>qy~RyuvcV_yr!e~@r_l0}13mH1)0hPpmP3~j{}ucUKl%q(c1ybd{KS<7g#wmY zTL8oo83=Mio=j(@oO__E)t|QP zdfC{Kc#tC5@aQYC#b**$Safw7p??(rk59$VOjgF433rPPL%@WKPdF@4^1y@>aR|?> zC9cH!eH3&00R2DUC4eelGz-}j!4UK=R;K_SFLRiU^6Y=Y%R(8Q*A7l-la=o>@~Xy# z@F9gWYFaw01Z;fKp62OR?J&%J3gt$hfly&D8*=B2in)IRp{zDdUBI{v(%}(gFtHTj zN^@Q__)*Mlg&0Ucl0m}XK| zNvbqZ*YEPUUl`-Ucoe~SslX3-2)Bw-)+N*NjJSsIrV>~AoO{~WewQ*R>>WAESVzri z5nCCrMWVfw@Cme2JG;Uy!d7Vzhtoax*B^6csB$?Aj<-h_vL!U>+VleSTciR!$4bBE z{-)(P9lAoPj0~CwsVQH88vMByr7m&ee0Ge5`wCBa)1=mS9lQN+0~`eULaK+{#o@hx@mM@lhXM~6xJ zJ5K+Q&S_hF5zG3`fkA!O8RF#3EIP6hyNeW+UE8;M&Xo4~Z-q+Us&OTRjloyn;cv{( zY4jFUXudoWvtj%(nmo{1KgKh_z17Ke!mS%eXggp(d|5dP;y&>hYmH2!`z2$|BM-Wn zW|9W(%oY>S*2QMDv~G~0C4e+Qukp;LMr|dndse8@Cfh*r&;!vG(K1ME1jLH=!|!Kysi9VX;`%Lss!B;Ksv-SGQ59H6cyvWA8@h zHcI1ZQhPv1z%Yjm``kidfu3(!GEWDtA?&wR^+xkq?z;^^$(q6=lS`;@ST1FgRNZi6 z^0!C#Q^503hu+ioDfcaFrv%W+O0*@a$%PDBFhN2fKj5uq*Ae_#D`^P<%qs}o2o#GD zq+bHJ@A05|9i%f06C7CilO67|=hKwL11;HjM@D6?0DJ&kfUM_9_&#v6f?X19@^!w{ zkafPqj{fd^fq@Sc*k8nbB`~BYmbo8u>F@!fH3^7)C>mkG2^+nP!a%{)xxw*o0-A9J zbZ{hnzq?z7qCFCP={_ypVL_S%U0w#Ek3MKe&@#Y8KE?2O%i;4y11M!nqe%L~PR&Jw z4wO+sq$XoO7((FqzOl`KM#vUdY(t!Pc)$kxN)MSy!m&0xS)RE2;=Mbfg!-QK&y@4J z1_l_NDZWEBTnxIdx$q2ptRUXBa&XW>Tp%{2HbxI;@aGw)dX;;Q$N8qH!pniO)HC9Qp_G28#u$urtRMOBk=loWyBv&`Mw1Z zTV1P%&TQKLGR1@JO6*p|_4RFYzP<12 zo*hL2(5Fy;g_;q1iz{MHumdp;z(MFs37S@O)ZALvS|+oBs9DJJvs(8+R1iu~c@;@e z`E<-B^mNX9DC4Y`m|#`h^dKPg1^R2+41`$E5IPiK^x+Hk<9}W3f^++3^$v`ePTCu=BqgMiC@3dbn?xM1iDyAB}h3Z!L zsuP%yl*T9%DB`LZDeM^h=0XZn>F8?_x(`_vh!!~2#b`2j8#TN#x$^lUL1h=8lYIC`JnXTo9`W$@Pp@M%A)8X{BeBsN_!n;g#Nu_=ga&55sR2 zbzmoGLe93w?}}3I)V)ArkE&=F^~YF7GSewPJuAE|U#r+g#oN-~oroyYSNKu?ix5$E zei9<=o||oGFO7&fRUS2UIo%zbZ*R+rZG8XXcZ;oH@^0r$W8n-nRw|3@4@gU*Lx#==Z5U`QRbR%s8Y zewTGKTaPV#g+?gwdC_(&W`19%8oa)hiiAC9{9uMFA;L!t^1GC$nYQ=jIn7Tr7(mq8 z3Fao7skpbznYbVK>h<(Jh52smNA&}Op)f`S?Qvjzl%wea^=Hc@*CM`b^mF6 z!)E!H@r{Sca`_9FsizP7-V}28sL%`X)o*Bln>K)>UwB7*h=l2X<@ly;A6DMf^yxF^ zC{BpFFDJ>zyI*cm9kcPg<6y^WS}PmaJ3@-0Shd0G_2r5@II}Gv3@6SXa=3BG6m(Q4%C!dQ$Q5WyDVKqtlvJl z1sA;1xReV!Y&B*Rc$*AO)HS>Cf{N@U6uKYBrzh^3li@G?u~S9qFD#7jp5t^Zz|c&` zKBr09g8b|&Lcj2G_O~>T0ir1AXHc zhtaoSHoIyvYG&cQ7&|_9+siAY3s(;bsKer~=(w;al6XzGGVzd4sJq}q{ z69S@>d=KEZ(wNJ~u4?^(#DQe1db&(SEH3lr9vM z<#oOY6Ci*N_hZ6z<$j^2mi*ltl6d7DD-jkUC#Ax1nPoy(Ux4n_Bti3;x3Jp$SKdM| zE+EKuytb_z^bia*@xnr_$ zGheD*$uh*sRK0zm%kobrHf?cK#PA-A#3*7$V?^&8?+x3bB96IJG3M51)Pi4yr7x=Z zWEh~#rME41HOVcQc=rs@tbDmDHE;W^D{K6tV`~&|p;SXpNryu(_$8sQ|?&{-HWK2S#??!f=%zS8k zA~NJ$gva5B{J_HMN^Plw48PvlKCS9#2HJe1oIAiVmky>YgHK9q9ktO9t z!74rv&<2WQLK{_aq?-6S0VzHvkC5z6@ElJE4&AqW>EBk*~FwmcH+lB?1zgjTGlT* z0^D1N?79w(Kk@Jrsgc^VRM_l~mzm#VO89}@shg+61K+f!03=>UEUv28nyMh1ofK3-xMRYrfBUplKP6k~8I4XYK;H zvdKzCePfFyA>w=G9~Vte(_Kwhz|4|?2||(|L}0`F4Ei*pAnckAlo5zZqUQYIZ81l6 z^D|SEPYaUbUG#x(1YrV;7QyNp)2$I_r-NZScs&}OF501IsT(+TKPI;oH1_`9V7;`<_8N0l*yTyU)9x+HW`pv$w}Mmwo?ox50ZyeMOxmfBD|JAt2~(S0qaG zw~NNYB7S(c_IJc|DlQ0Sfh9UFITz$`GT(G_x3GH_o_9cVzNXaypW^UOg@KNB@2K5@ z4dV;t+W8fC%md~Y*4}$^!|~30zNk=m>e*%cBY(7f%{XA?HNRluXM2qu`r0Y?d8)!BXLSS!fsZR-F{|9J62r=U~Q!e}yKAWA#BP}kPJ0QeY zf;Ve}zt^}y@9^)BRC}VB3#7K-|TlU$0@w0`Ade+d#|!6MEd79JI9b;yy4K;)uc>oBJ|r^*6PWDG}SM%^A2O+&@>-&Uua=D{X)wWV;-OlCq{Oeuz zgTgy=m*)$u!aG|WSM%S&rZkp8c;%6Qg-C*$#lk!ts2xH+%=mbD^?#IxG#0vQzAGyPTWlcp!<4`h zn*iN)nmJ%XZKgh~cmHn882TT|fRg-=GKe#1_QL>#K&rz!B`4#x|x=B(jJF zj)9;t+qL5Qk?9s*(w?Rg6!50)kmTNju3NF6PJzcF-`*+e60&wD+y66TAH}?lKqY)7 zqm=+(Axz*%VdW>O#>_&W#C*A@dw2vMDqD`*zF=l>iJEKS-+sLf@@WjF+<19KXO*nH zekS3vX>$zf_!$B!uMuLVoI}Ri0n`bnzh)?(dj5WSxdw>p9yjCZn7?Ui4L)6T<9^@u zV`dQesX-{p0XT%+A{p*im0{EwRWl;Z*C-#x>J&+0AWF@BGOAy8_&A&o$a z>NeNj!}w>KMkxzZcK1DdtKZ zv{d;`o%$S1#AXfT;ar<4RtkwmIG%y0U$H(I5kX&GR@u}ayG~mRPMcCOTd{PyUnTw! z`A-~W%38&4Ce-@7xF@3JfipQJc+Q~cZFoHOZ${?H zS#}IGbO=Pu+Z3wR2c@x6INF9aD!Y6Cb!gvM(LLh4$wRhJCLYmYv*6n;_ed2^eYhqP zAw?_ISF=X`KeP4?of1`txFtBth);9sOGkJ(kQ85Qy^m%c1&@Wz5$pL=TSgF*-G*X` zzZzi;-Z>-Gay+R{PcAcOuN5fzq;aWUiHS{SK zDWlu37hX<2b=|4VcT?HYZN{aw-{6(YEP*SZ^W83XyPJqbo|Av-BYl>#@WrsOUs0we zKhcU&nrV|qK!O4>!-)8@g;uy?nyh^9L7jt5t02r1RdI4n3re4DGW0c}0?o)tB}BZY zGC?T`(G}uOhRRWY!$wtYrLU7ki-%FU;_L48i_;S=c%vq~&F&#@96{EM{JmEd-;GfB zuN_9W3Y7SeWR*?h-nWj2EAvEIHv4_|RJA;%VUml&2i;HXg4}-gS8C#1Qm%C20&ayo z>V-TUg=>mMaK&YaIT>G4DsCdq0wSX7H`q?{g=|vS+4NHw8*aN#s55HY1ho60H!S5= zW7;_t);3$X4bbG_Ln*CAh^X?TVlv()LakJ5@aH-&BYf zpUs?g)J2U6MTJglMLa1iFAKjDQ32EJ=wR#d8B%2A4KpEs#vr~={I>X=5ghQ==O60x zJMy#vA$`)ZzTRSrOPY`(r=7ZlA1`0{AdFO@zpXPlHA^A(bg#OqV zQjahA{gR4BJ!x+3CQL-gV@=i4z-_TIX;K}f>02~c*|!`#adf#<%zfhpA@Q#P%rO_^ zrb=`jMlQl&i^8B;qxuBkOdl}Tk{^B8IaZ$ER@iIrv24EgpTf56Y*)IxEnR%uO4C+H zEYxXM85x<064(0ulfQk8KgYWw2o?bh+vLhBf;snVzK&ljtY|A#7z3!N`y0Y$mKy2w zA{JUG<1gu~>H6Y^Dg=VkNO{X97Ch~vHkx%VhKu%$p?;l*H{<;vSNNsdpNptfCUtSq zj70rB40$P?sQ1s<6DHtCw?DIodF@6RtoncNvNovTYMQsvpm8u<;AGZC+reSdY1XZ4 z$krMD2%_)SZH2H&wP>i23QLC4uB-hKByRXaz!lEzwvxl9kLNdwx^400+4Fd2EgqBh zwEy??{596}22k}_H1%Laj+yTm!D7xF7HV)`IMKO2P!P&juu+u^76DQ_?W7=wiU3Fe zye$MaHS01bZ9p9?lhPc75Lf^tM;PSAPSckfzAaJnbxE7ir!r61R>CehOX_##;jNt~ zXjWmphA%B|zrc!`+eBZXq^~7qZS!b@UxXy+dtOY%6qpoiI>}$`$d+7a0<^1fp1!T( z6=1oNWv|bUAX!Na3Rwmysjo&!c5X*ioQgSXe%N>T?Adb(C8AX!pQTzU2Y9^{f+#!D zT>w^8^W350h#aSbLJGi*2CR2CJ`mbxO5yFL9dr*MW{{7|XXZ3Cyc#`d;0AstX+i{JM# zU`P0>E;$iUQi=6o_=8odQnZ<=m$JNH{xCl#c@{Gl3|M{9G(TQ?1pwv9u{Sd6x`hJ4 zp%y9k;i3rAF;_Yh)!Q#dj&|NdKhxjAxUT(|R%dICFZwCrO&0WIJ))PMMRwEH+P=fY z3QJ_Ym4Yk-AOZ756#xgo4!VIoLiJWNVZ;}@l}o`lkef+LlWtNfF10M)PcTz+2X6_n zqUU285VE=BQ~3+c^>e?lqY|nSz@zNgTYOk1zi%cui%x#saxK+_)xg*)wmdv&;dY%C z;7@?%O>TiG7J1Mp^iq$b3MdDtMhn_+AUzp=T?=)lHWvga_+oNBl4R#DrPd;r3Owp5 zKDAu1zwx4{{d)Z>I}K51Z|5zjd{ANir3nE6k(dLbzAh9-$adZfG$N-M68Vi!xN2_s zwWHwK|)4)Cv>EOptGTXqsUx1(cl)l7-2%?K;_n#Tk zT zkb9Zy%p(58O}C5Y^-)fUu8gj{ib zJe!3NqKrsnp;g(}upTDP%zG-_x#IMHK2qgK0QP2prD&m>z2zs0&@KhZ5yf85#f-mj z%*tpdwnQoj>?AK2q?MyMXfCPqrSSj_^hyuzb6WvAf2;Ry9%UZrq$BEI*r5lcqb?wL zNB$O{o?SRPRaR+2JzZ0Kf3)HkmV^T9?fh6sjj+<1Hd-FIxj%OIFVdxw5Qi2I z1t;=8+(hBVcNT3&H)K1Gu4+P|oo8G+o{S6sed2qrI4vaSuOh+WAG@X}CRZVU#VFEi z`!T6T571j|Ibk7o|Cr%pEOPT~@!tF|wN_d8AB5VH;a&e;Yu9E&@ZW3gj0ewsnxEpB zP(?|h2EmAY%P)2rlZmKAz;~@mfnf@7xj}MV36fo4YQw0&?oHpqoVDqlcxw4LXWUXs zyOD^8Fs||9A5-AA)w-)w_ht+!9nJ1nWJhqOicENDVp^XZ>g9ijbeoJEBklr=h2o7x zMA-@$gvrK41G#=6;=a_J8>n(f{FSI!4JRj3u4(_jg({>`Oa5ttXHlBGnbEnCSfwrK zOO$?5vSu&%&jIicLIml*yR_XJ(weZG#-6GF$3{C!!p{GJsMWKZme)dd^JTw=KAlqK z9D0EW`<7mtkdKcJ z`HH_TH6bw^ey4cm8zVvH6&#b6m=cF`AIeul#<$toDcbh|;eFMo0i3|)IJ#W5U1#{$ zECmXB?id95<BUosDgj$>?(;%ESlb{ zj3JWiVZROcJTE`S#0+fKL?>&4=QbRiuUDq% z-UMT?l;6Rm4X_c4gchykHxaMEcT7^Kv~P@&vZB&DMh?IwF-#xG!R82&WE7gJrjvi# zFoAPQy=s7vu70x>?wHGIq1HOo*GZ^4;KU+lziNe8m2uyAFI3&6)yNT{bKW@h(qcA9 z$unRd#oF+_g$ogVfZFX=uy}~;Y;b6fR-jll#kbycr_f4ez1FWTz8|HJVo4<`p;l@3 zw-8o1pZ_GS;rTok?^iWm#WI{0sts)ri*}5eTxt!a>?fkTw{qtb{{6*NX_z7}1}vp! z66mTj&I<|xJ9~QY;rIBQ+;%huBORl>*w!KPr7|2u3ugHOl*k0LNR@vSmSN;>$sQm1 zSPn&c-gw<|WEOZd>&TO69ZKpTPiDj;2^Qu-xLQ$P(%OmB`q;t+wNF>iHq~sX*Ap)d z&~Sd7lw8o|{iy&F32bhRT?=m|F1bIYhqm$Yfon(==z$nLvN@Qb(&Tq6_{i&WzqVhO zcpbiPHGmi^(JAdYv3@COTs^s@Oi^|R9?3Ry`{N8gm=JmN!J*LL*BvzP!1asPIcoGb|UceLJ3Sobzf#yx1W(puVp;w~Y}4b)1D9-8dB zu@xR5st+l}uKktf1@>pbp%SrWT-?l@D3>Spm_|%8we5wm=>aD$5U$ zj|n5wVo;u@_7xU z>_J_D+G7_)VT?W?*}M#dDm58QA&Urhhn#)1&_QMP2;Bj7hrCzX5#(zMhuSKfBG?(g zScdkJ$Qaa}Pe>u)D}X!o^J)tc?1)uu;yes-DZb2~ds!e7RM$R>yYuzR2V|Q|SvaCS zAA(qeE`XPn*NwIK&cp&QFQu@}UmW&OzSbt~Z+|dA4?7~>i1a;O<&fg+PK@ghj`1@- z8dSXdldeRyeE0lJbmC8b_*}%a`l70e>=sV~vCFrM2C$xmCg0(M=*<*u{}s?^=>+0n z&%X1u2kJ{2<#9(XL<2qGD=J}$bf!hVg+Hu_JR>%^0Ab=PUy!e$gK1nZAF-EjJmUP4 z1_CuvAQIM>-e1f8{XLY)E)#dP{xtTK<8~JoWA?PRRt3BrJeO+y^O8|RxTxr1w#^pA zuD1;J+#eDcCnwH0(R`#rvww57Q@}fRZx_YgoB)hf|!LIsCE9;bI5m4yiWT zHkWp){5y%+;*0NdvhB5F?q$?VhNe-Q0=};g<+nfW_U}-CJ*aLwzIJ2UKhzpjT5U{v68d&E(=jlw~&8NPpnPYs&KC2q1Nyo6<8EL;Q-v8(& zZ{a`rjE?Tfit*}otKcTiuJ=hy#bxCaiV!B(a>#j%h}V~5WK%uVH-CnndOdh!9ieUv zV{Z+!f+JI`yd1>Z^(D{auNihh@!?d%U4;s*k~~!AwbAj%rkt17Iz`V2QuPgupQBu> zQmm>8QjF}BjZ#d%eVNmgu|0g<9Uyjcpf#N6F5r7eQI!@ded z`^K}nREq`$r&VBB)?5@h*T@2AR7d^laDhFZmyXq{^s9uM+m7lUcq zXrD?~6`Kidb08FW&*I8Cv5jg|8q5&&YO3MLj&s41WcNSFW)hC^c-R7Wt95Eh}M$HX>V zLlgqUqsu^|YY3txtce23Iuf%$XIb#Ixx@ek>j+{byMG=ZL|KX}#SR=5ak00!gCkSc z8s`H56W#!Uig=l~BGQ+iWc@}rsMUX%3(F#QvBZ6>WICbS*e0}=uX4wqn1NeDuvRu8 zq#pqaJi-~_`@C@Y{Xpn09~F3*g-c1aHX;M|5-tOL<&B9yl$6sG{GsoVgn#D`a@ZKR zff-Fwgujcniw3=mMq?0vARiC`Z|NXY){8dkTwjRX4#++uuIXx7yrIFf;y_cufk37z~_4yN|m}!*g9vJVHPj9T&Q_ zJMtMKC|R)Kc0$gJIFz0fXGjULP&@EVF60XDvk^B4 zWm=Zvqi9+dW|VNALIQm>mxc~~6l7QviiyqKBm9vy z@`bfSoMl+erGn%4+p6Vn|Gd~y!91h`yX4@5@4wt5z}K!k>PQukZ-3)!3M*T22KSAn z1Y!MP+X>B->BJFHufPnz`JC#;Iwq&VteN-=(!;o9&R!zk>JzjftXgq347)cz?doel z{y^bwE{>} zmMB{OBAHMncS?XdNVPfax5cJ%+zxjTUHP$^zC{@rL_qCPJmQV@8qbbeZ)Jc6NbOWI zKz|ck{}M!hG9UaqtOvU)pteMw!UJPFZpVea9NfXR(Bbisei!(c0ql2F-QaPC5*C~U z2Xk;sL*A*X0DPqZ+*<_PH$V&UnH$=y@${+(R0DKCT7b{ob`#r{A7Uj-6s8Wt(53`n3p~k8#JRUx zdewD9`|`J1K+Q`b*hy9k;ta;OPeK|2HTUEIJx)lyX+X!35~vHrNfr%2Z@%Qr=NBsR zO3?*RP>!JIV%rY_L)+gcfT5CVuowtzI3`TP3qF|MmDnFE&H?p61~CB{GKcM5X)4#= z#)jkKpy`Y=!Jw)Km@S3?%+w&h*}^ajt*TfDG&}}2Kt(;V`#8(tzvJ!tJz%bywuLcX z6$;Sv&F7QcSSs^kbN*llRxa#u;=hKnh^`hA$61&NuUZO|;c+~Ms+^aJlYzCtA~z5l z6b)#aMu2rXjMJrBr>Rd0pJB!@r^<@N4b31AnC3Id7}f21k*s5!e0)WSx|I}q_FV}d z)(ekdhPhj4_%X_~0e@Ht8k~#*gAtIpEY=`qp>G+ebj$5rg17$j%Pl;H&wz|v{vg8Q z%C`z>vfb=(D6#M|n(dh{aa@GPVc7!B5s{wreZQaA1~=}q6%65U_hH#Gn}`UJ>wSYL zlkJ}k%=4wUR;XDodr50AQBP|7tDLYYCduIm;@w;~=!SVCIK;yznn!vcf&vxg(zWXS zFJ#fJoJl9AIDETD>{@{Pq2I5|3#@YISL>CVvy!GJGY0QN* z6si6O;jrfmQ%l#Xmeo@?ho_?DbGkgWIha56xR>^r&3Ga5;c_@A7 zcMRk7p@;CaV9_66xHD!+ZpFv!V^cO6MiW?QT`Lc&gJrRpHHe*KRwIbVaC2kj?=W6@ zMHyOwBN_63=q6`{B+W3mDpzm=FfB7P&2~?54JZvXou@?PjHq1$?<4Zdj-V2QzBY2U zrABegSbnk&BHD;0RTzR9-nC(D-K|3_-?^WG|Fx5)u=tTiYl>j_!-C2_Ubcy)A{NC4oVsKZ%D!v%(R)4zyG7Ep+@@kGoW(?wWKfw4)BY zHxB$=dpvo6I6>F(Hu*6Y>=ehL8y@2Y>WKaXn<9eKeG57fxSANV|8P2Fn#`SgN1luZn7WUJ}KrWS_LxazO@9eWp z!DtbRJCX0PU7#&@Tx}(GTa-No`jb&2ujpge&qTx=vB`j6{a!R zD6qkwO=Wsy;-Ohe;3HKSbt&6yJ}JQyHEc zU7G|RtB2An+!8E!P@?#eDvG*msJMqtYS)ElTRz2)XInY_ZZ$8hUvSyk!v3s!b4ye1P)K6GL=kJZaP56um`%S;@s`O6o>r}#H zqTPvRC4pOvj`QR3q%g4=1s9BNh+DwtH6+UW1j4xzdzhAuW%09EpNjwlaKsl}A4Zkj z5iM;?=Ei0;6I&U+F$>;kTI>bkZ}d5R8`DQ3NdpEX?+1b2{E&falpVHs1%(YZS+71^ax4Z_%)O}Lr=af+l{o(moMUg2Nt{A zN{zhOgd`phu>!%0obW-iC<%}N8&1Ho4tF`q(JRtde~>fK1&FfBCZJSQ64LXI?eGfd z0Lo%lkh3v#Aw4Tqow$xYXU1OLd$VCCtgp@>d!Pdl5tUVcDNC}N(9-o(2wKJgdOdKz zKk9MZ^K-&{Tii|yTd5<82%xTG(-1=iml0I}qv{BStgHF+Sr#>3(kCYCA}B1L$_kvb zvbwuvK^O1iVJse3750M2Fyp~*jbJ#c(Q?79?CXlIVPPxZJj0fR%~_TF26+oZS7V5k z2ixCw-!ICbw~Jj38Jx%W9exs);%;Z4JwEdDJm^+RWDfB!uO;E{E2?YKKxM29@v)pz zNbr^SS7;+9wmtQQn@m(s4~-X91AjH9MmAacb&!SIs7G(ivMh2f;ZSrSzvQ0Txf3y#NXJ()78Ou2PK>eMx0FFx$X=s%-A( zu$MALbLYksOM4!$(sFDv?vYQK(S|>`nTAlR9^*( zy#sHMm)sHf19h4+Cw(X4E*Y4YTq${k`AS>U;z0OM#XxbxoM2R3CR+>xAn5+M5k3zf z5VJ@ZKMsG5oRYxI*0f|8<3pN*6tZ>Gvh@S6S9VJy;~=`KgHlOW?50w=N0W+eU>ymB z;=Un<(l3!83Dj`c3dQ$m7p;)Rp0X}*aHEEj>vG;6w7tV#3RvAfdT_^^2UnZhnsgw# zSvAhd8F7T-F_)a*uxpG{z9n=3-j#aLphKVT_)+cyfwm$zXJcC>oW~N{h+R~a`K{nxKPI9~)lDY6 z&#ddIrh?hwwfy(1r(Ky6zg8me@O}8ca`Vk8xF>`Q+AwN3(L5oDoA^x31r(m7 zT(0nj+W|Y|HgSMekkxWW>^DkN3%^<6^bLf38fYb;eFCjSP`K7=atne(OR*3&s1!q{oTBm zOc(8CTe5XM-OKg2`xN&_-Za!5$Gfo8&F?q3n~ROTwthZ+55_WL z-wA66>Pb4y3fusK1)!evQ_|qpOeBG7Gp?DlA9}O;1Y-#2T3j6o>w_=ym!2F2>PcqV zFRFnfBoX+u)X3ayq6mqihX=^qAuT*k)cQEYmQtHi^1)$I62ygJur$QjmYuLs;Mo-sBL?A{btgEtOAr{Duby&6!A!cO1ZL2H8VYe5UUAQ z1bi+8m14K6NK?=UsJUZRsE;`TG}--K0@UW0Kq^7iA*x_CU309#Ka;QL{JDH(%Lht~rL7sqmtMfmK5Hx0!9^3nyhe1E*@W78Alq<R=b&q z2!WE(Yd_jxYG5qHkb8D#7=gXugb|0q%o{ks;Qo{t9nYeOF?l71OPSsJxS0X$gIniWSnVIr>GWS4FmuQcTY3 zJi|1GfY@ssxhs=ue)5vMv%MgR;HX8de+1iz>8WNmQ*!KI#9#3KU*eDQ6T2x}oSF`N z;k>$lfQsN1S4HXYSSi8deql?Nwiz!|2k^i~z3W}zgT7o8QcKx;En-oWR~bp3e-Ai3 zrD;aaqL8W>zjps6XPo-OvAB5Y*~67N7z_30E*_oqKg6G64W1pX7mpAWPc-jxO~$r9-a1$8joR+_rVn9$_l@NkLm;$D!&D!Un( zCVhBu<7E!qW`*i8hY{ORt(DcM9L=*3~xr}qXgw^!KO`7=6 zK}&d>Vd|!JmeGWSuV>rZ(PtT7nHjMLEYD%y3^+^0rdP@y`VIKT!gKZfw4upXBG`nF zZ%?I-Xzn8Aljx*PcGx7#QWOK+K;83vXHI+qV+7xXgEXQc%)%tuC-nDJ!Z>|jqC+y# zV8*MZlwD9*${VO-5IviV-FjD{ZHVod{VUXHv=}3^pwqnT*8pY5ZCtc{}pbb`+11noHOMhV9R*dgAkk-x*S9@~KytmEvC%puqn_0k#4apvy4Lu8S4bWQxEARRx2M7qC2BY>3luA8%VI{I*4) z!IAzS3NZ4I0<5P-`JWZw@*f4LQ}CY(a2P+KJo2|#iWYEBv}o;AZ?_)Cqt0f(-Le;r@18e{BU$BxOk+-vnN^Oo`p5c#$wbLKW3$u)VxH}K{8R@_1okemesjn z%D$2`NG#J#Wv#p6ZFK2uln2GDPWpU>h3*}M(f!&xNW-wRm%@?i>Il2sFWiBZbE1cT+Ek8wH&pXqZ{qRLAkS3RMog`FOPLCaJAfg zy7T=r*>Ulj*LuL43JQB0WA&zQxzw~Mz5=ji3P&t7<(Fs5I+8NnBpg8521$8*s~J}! zRliVn)nD3|w)T;ByR<+vIFZKf?csF3bZEUbc3k#hUeR~>^i8{MwqFE!s^THr_Goya z0eTz?+>)lV?4j|*u%sysr$)9u#me4z!j$IIYDuASi~PFI*n{Rkk-~v>0mKOzd`-Tt z>fH(Sd2DRuvfORC<7l}Z*?5sNvp%Kiu8#f}>M zNE?5%Q=(#O8o`b{iRl8DblPl1dM?wxnd=3x@eLgi(x>lYJ<|R_x|Y7d^xfQvMVq!@ zywjWBILWJLqC>jwxI6Xh>c2|oNNnA0I6d1p)M9$y$FoKdqZv=vpLlECsdAW}kA?l6 zY0+}Fan5L#1$v?#$QXKL7qp881o@bT%cR!5H8#UFKq9|U1LDrE4UShR-p_mLR-!Hu z!w2A+Ouhzm%oK-8UhhfLp-cW=?rZQ>N2`mkNgHSkq2 zg(NMC?)aLH51qt7vW-?=Zj|sKp^h7o%m9SK$Uv^s0)|vdfXnmmeyD0yH{={W%p9UK zDjqy7TjTt8>U%yZJV5=bS^W#jfW)d++=@?IKcSSo0Fdh^6^Yr$rihafq+m=NXinf+ zRzDk)kC?LZ7V*4|Fiwj5h41}1&zYq(kARf}BzJ>J+o_j8Rgkx4?(*+6G)*a(Hh>H^ zq>tKilxu$e3dNVUq$LfRjc|wkWVHV3K{>-?v+75gFq_^B8E+0&-57jn0R|-TUWoW3 z;MTWX;C}bsQZ{Ld2v(EU=(zgpQs&SIj0IscH}aujf-H@zfqTUW+xTcu9};auT{5NV zzmzv533M{HO?lYB3F&EJ$iOFn6WZ@#qCGQmF$OJ?!uZoeK@GD(#vHb1aK(4Z=zeOzQnq6>`T%GZa+?%==T4s6X+hRLj z#PUFwKd&A2aE73qtx6RT)vWw}s)<96d--I7N{KZD@5B6n<5c-x;^->F zhAX#Q*qB$PUwmJ)xt58??r@*%aX+rm%d5&~O<7RDy0To2<}jw_&T2Sok)~(bU-m3P zSbZ#)!}xJVVL?7FWW-&+{?q)cdb)^XSjcNRjbrl!b^Sl zB5Rell_nulF8ptNq40t<(+V{)kAwNb#ZcIHm=deaTt(*hX{)`Zgm+1zboI2^e(GJq zDd3EgZ`pdwWO(YbaMQk3(To4(OXp_puhw<$E7!GYo-ViA%~LntoU2B+r{}VHzyHoK zuxkIpF!ex&nE)~j(*Mpd5QV@u*t!dlVJ!c_FpU3T7#3|Zv%eXJpYH!xhGCU!{!bU% z0_b9sa$c?Q1i#iQ*`^Ck!d>jzSgQ(0Zo^~P$}PMnmOQ|u=vvZ@HiYhVpCB8V=ZofX zwT6V_;{F*1?}9ySS+#FM7Rc~@lF^^Wjuo}M^Rzx3a>*%?=E7ue}Ix#E>)oG|Hd$of(>r}WSEq{7={=b z@|AUCiuJ#`*wcR)X8d0nhT-2BM#rOv5o^$6?7uUNP2FD%(=?it_(Z>d9q~_wq5LPq zJR3V=ytWcG%;&{gmd$sG9XVra(z5@Q8Yq~RUgS$*m56~3b>tfJy$#K4Oobpo}E`6ZL@U&>bBnusA^ra*fk+*qRI9smioog8YbLP3jv5E*e+P7 zz29{1@$%0MD+(qKz~2rWmgvk7e+6PYYd~jfg2g+WQ680-Y89J<={rw+{@`=-^Jo52 zDN>zuYd;9QTH1c86t}~9?kodC_%T8`!YZc#!CtSoOZP3PSU+zqwH#AYJNtEDxNGwQ z({exMT_CJCOg^kqnyJ-ken_pTD2nwg(3i~L#c*3n#{hWCJNt)QfD^q8lVgfXaHI(t zWt@mFl3U#C8u!=)z9b%tbHMSME}Fw5J2nq0ZriK&tdws}_Yyarg3YDX&u6_Jo&4@6 z{o1FXP$l)9xpUwp8YLZ9->Zw;F)&*S4hTwyJ45FM3>E{BHJyL1(TU}|uFF7gbf@O8 z@5O36?kQk_gfpPhxI?AE4z)k5?wQuzEm6IX@?Ph-E zr!(JQdkv(Bfdp;`#zUzUNe}|%PC8_DXU4@{U7IKwM)h<0+iz{IUU1m#t#eDdgfDH? ze)N4GySa6`)@@W(5>pS&uJ4eFucX#DMcWZnzsMM2va10K4?2fp23d69G=u>959^oW zNT;BfFi#X8HWdPF^($*h$?9CE8&4tiOyTViEEDQYA@sUD{>OKCV-jF_5kDTgJPKl^ zS?M8NZz3ji^^hW&V9#tVx@RAhD2|FsofY|$;;vlXR{67Sq?kH+;GBJqxehYakb_n= z)s}2I(qwAl)D@WUu#|&WJuc1nQPq&r_FuK*#^Hy>mw1@)zqIaR&(+eQioB-!SWES& zD5Y82FNrBw4f4mbtv*^-y_y?FCM;$RLL}9tBwa@iEHJ^0OHe=-9Q=6!%!!d?mDBH& zz{)jcfQQ!B8Bu0rpAbw=eMH3hqdr(HwISpE94YsC2M=q51(!8j~bc}Dn9R^yC$8_3p zY37jCoc2I8Xg^)rX@4)i?eD9Agm3s&ez(;5rWHh}<7Y_9bP79nP@N{--ow@+X3!;q zVlu@aRJ3Rr#@iH^-4etLWXtrl9{lIRHia=F?PFS5DJgSMDV6>!*emibWtQ$vv-gl8bu|4RDzCu$X8c>_y{Dpm&2p# zJ-$Ulqj}e;6>h}m+So}i4HFD@Uz1Uaeqm}PEpDR%V5p-K`pZAt&Y zu*V5#ZVUlft3e3a!7vA`0pp#`0BhibEYyH6GK-BHltG6sK_kPV%V^pO`YW$dnE5v}bPv+oP1`v#Go^5@HU}3@ zSa!aTnxO*=sR3-wkW~7~1ROmwt$@Xpi^=+L`rQ1Wc+E(frnY=sywA-ZWp!sv=lnc`27bb1$#v}dXNFRGniNhn zfkl6Bk-h0gY#cL6VM}Im;agjDY{b7NUPG6^RxPwW=@xT5_9V8(@gcnSzdwWHiz<0s zHvQfXnryiwlSfjew&g+>JhO7F5mk6zXvx~2u0r2;a{{> z%a%{rc)OM+Gq^%Z}w+qYVLToOLTDJbT;dR^*w z&R@FmY+77ijn0mavM%TkLqYolzBK+!e#`Q2&q`4O)!rs}m%`rFM1~9f1p2DZ-@h%< z6Bl~(?pHZ@tLH2>$km4E(8%b#lDkVbgXP4BdHaUL2p1eaDv&K3|NKa!ND=AadHjczCnr)!}+2dQyw3-Kxrw} z&IsHwLqv4BWs`SIVx;7v#6RJ?)C1~08K>Sb3^vA7HFJGV826CwGyM-3EAEU2^>@Ro zF5EllcJ`s8$sg|Y3mIbCN1jq{6i7iP>y&3bBK2xW{~F&2{YQKwECU$dFmd_!_(t(R z;v3)pr})MfOwxZb??nC|=3U4i^A3wGD4q&8A~bo**tX6a@01CV zhXSMKRmB7*$tkagFM_63f_SqYrEdWfob+|iHWxM#;)U4`$4JsKC}bjz-KaV62E|lc zI0w`}4noJl-R(kKW5+6~y(5@IWt}@Mf;-)#@e~|BRb}cJfq*>22GtTj!wy0CK+Kmk zbO+^WJx8=-;uP_cS+&V-LcOUE?)yUPA^U9KCM*0H|-iVIlYiyH-w&W9XX=A zq-eU-GbGjr`biGBBpfmR^oW)&U&VCow4ZE#@}#3aR$XJsEB0q`-%J_X83ioY=GQd+ zQEa*AZ?&P%AL%!x1CeBoy9r380{E&(h%dlbr#2S}lCu6XDk+=j6Q`<4XNX&u4gQEV zFzlW9?_qDr%$FbWcCEiwiq< z@DcF;4{dK56nB?(eK+o!-~@M<;BLX)-QC?S1b26L4esvl7Tnz>IJ}+fnwe+jzUQfW zzdS{CQKy^J)ii&)&f5F8*5>J((O9%p19uJm#eyLqhnd4rwPBr5 zJ|@`+SWgtpJBd#=3Y-42)BLLQ-Qb^x=Mwm7U77UPlLb>^Fa9swL^Jq+O+vyEsb9*~ z?`@aqC#3XBh z_6AJc**GJdQdtdD>AeJ%wYkS&p3u{BeUmt7^-6Uu0uFIXV3kh_AwJ#;SWEP1|ErdG z6aU$ngPtQMui%H5Y(Y^F@LW(k%byhYr|gJ1te`MYYDDQzLmE>^GDl`aS=v@1m=w20 z=&!nJVKjk4z(v5tf>^)u z<7}Ls^C+&3@GAt!C{Qnelo_rqxX|zt2>k&bg!ug6DO2X|}%znnAA5o^l}S}TX2VWbeHcvVeFd-QP>w!8Pc_fI$}lP%Rh z9=O1n>~UU6QS07XUl0rk3DF%^1s@2|YeTRN2$%5Suz-L!WGN8v){iMyVH;li7A^&hPj({1OSpRu6UoxrWfpRSdY8 z%#Ce+`E2KkNV;Xyy`Bo%%w-Lmp$g&#cBS*>swzPdD#jJqEq5=j1iOLULm0-1dEka2 zxRfTmWai%hQsM0&?xwH=m-VHe-FH_}GJx9_%^>}nc&~iCCE4*%oMMOPKl=yc-cB|= zn}f3W?E%mEBgzm2?m(pZ28cB80Y-p_?zo@eaoJ!bQ@P+`h%wxXfVg65a{&i-cqpkT zK>SbGcvA-^Fq&*qaJ4Ebz?ftRNK&!_7!8yfuPA7>7io2S45%H)mP7ZxJ&0BoD}=fk zND3H(uCbfjy(JBZ|6w#DvfBzLfgS&rUpI*VR6GE56BCpkS@iEUIRx<0&svEf$hZWL zoCIzSaMvJ#z&&!nJvny#+kU+ufxtbmo0zb`aaey=V6f3}Ial?R&9g||?0)w3ybQd) zcu{o3`k=zRlF%Vq%7EBpWH2IN*FqRE#48FM`N;zL35DPW==0k18)k+;c3=6t#)lY# zOW?jXSTs2Vl2{G{yus$&pc?S+7tZ^Qo(7B}eZI7OJV;@GWb1u9qUG#3i{9Zqnd@c# zf(;st-Vgvp_SuQQKOzMCnr6$L!F+Ch4?VUT%X)!abHw0QuKa4@ih>o?> zO}F+YS(sL+>=@GuVJNj97n9HU6`WC>B0@pfwpnM`1>%{{G{6AZZt}tZy=}ilXdv~S zyTQti37$>psjPd;NLUa;Z;vIGW+oLwgFwk^GUIr#@lBIk2m-$bRng2|h=sMpB2)bF zU>jtH&|;MBE}b|kIAyy?me#;vqrRH2(}l6=wdm9G_rVe{X|i)53vQJStfAw)C###q zv9XRyaa9jnw)KbQ{x`~-(&Qhaf?j3#@cNzYXJ>c5nTD_QU^+EJs7d7=R=By0A;`N>xZj#@chZ<$;p^ft)^*YZ;)n9bP@lovDFVy0#I4>dA7lj4@&o6#ig? zh4VJZLa6!L_M1&S9*gbX_5NRkz@e^1c%^-X;N!RAN-wVhpEY|W+2}-Bu9G2AYnFyl zCtD}rVzHw0+525nAsD_E^tB$PJlG`9UWI)l&!sv-VdFE<9Zj|C)efb|kgF@m}#p=Oa`kW_Hrf$x1J>v->Yg~y~{?dn7 z8!_!+xn}NvQsN!)b94U=3A~heuN`v>ojZH^bz`LPS@N~~d`d1ChcV8*U+;7}n2NrVUaog>Qv) ziS5pI$3zFPMp2A7D8lM}bv5Fhg1)B1`{>(Z%_GqUQr=$+SOtVey@5V+bnMo~^9^}c zK~`h7w}3s7yyO)8mSawt?viHP$k6kzeXq!>mqYK*WI)yOQP3OvHX!Z)xhI0rE zZt4U&tXZ+G1R1c?qaS^E0PE{nY?BM~wmaveA-s_Qgau++pIE$EHsQezv zBkOZwBtG)ecl{c4+#M$o-nzq0La_W6 z=+7fEx(>`&GVBkL%jo^~POMt0D+O60@#?Y7)T6DrZC-LyGLGjgv%Ropv$}P$z5|Jd zTWEPeq0JBQncX7qu=SaB?-!eD5_w-91 z=RiR~SDy~QaNze>pB|))zA1RZ0}UgFhIP*>7O`Ed=ec3X|4=d~KY>aHUb@8N9eseF z<_A4N0jwTBb)?=fmqkjn;^TOpSYW&U0;L-vmOE;XAGX;$`ICYs>h_fpX{JL*sP#B; zaTIu`c!zeXq`?8Ep^Z1I4w-ewvlU6W``q34sX>xUF$)v7bmOogDym%$!i5c+*gkt~40wRkLSq)Dwh1jg%cEWp>;AHha z!e~>x{ok5>aI#F@*g7v2gvOT|6K7<7g2|RQUH=3gto{q|usrdG zrP-#8q3=a4(Twp66-LETVH|AMwv^09DDj-JeC3nxi&1)R5Q;C-dos6wLCnYt|A3gy zQ`!4QfeiCbT6Uaivyw+(&QD!S`?4ZJ0!mKDG&?@HjMFuO$y98Re5}vaboMihj0FuY zaw_#wx-W#(w)`pynG?gKFJ(|?1a#PY&Yv-8ePNK3#k8i`2pImj^ca%wKc!&Gjqxo} zvht}qzJkQg5d6#^_R{5xRsX>L1Or#W00I0lI$)jnk7JdBNX3!*ys7)hqsm50CylmT z8QnVL6VeM`Qwm!VP~9+@YWc$WN^obOevm!coosz|wvFQ}_=WbD>al*3{Aq#n)X7w!qtX8>9+oTnu1F*5OR+snY&M+^1!uH+A)rv z-8kRaQQ_iepiK5ybS?wX;mShFtFW0CgApz_^GQ7j#ZoDE97ByW-|V6$X{Ww|nMo#S z_UG6%Czn6M@q+dmM~bigv_D%ty7GnniyC8pnH6`$}WP1Tc!=2#0CT_a7lAe+#9O zgMSJoOIp$&kCw{*kEcMP)J0bq^mrQCuM6ZZkbSi`A5UkU3jPQszm9c~<(Md^SmfDQ zbRZlJJGRd;!p}MTHyoW+Oe|t%!RQ#Wd*f+dk_WUg{9!S|MQBhk);c&prl5|b<=0 ztN2Aj$L8W(zw=$aJp_Av$C52Pxx}M7Vrhv<#{~1zU!ObJ;RRtgCKdS7nBorh0FjN?g1@k6mT}ou`A~mwhd&n$ zb4*@+$(Z|yKTRPiaLK|luFx8r2#K1Q^rv&dpEsLFM<`E8LKP@n$ZVVp?-^6_c~MYI z2{u&X7RO(>@D>6!Q7~`ziSr(KpFVrcuY(a>oe%Cp##6qabwcSm8^&9eVk!vdj$En2 z90GoUGqG9)J!8Fn&OPeD1{>mI2>~8I55I^)wB1TVb8|Wt652|6Cl~90P(sc&plP;_ z4J{MFT@vo|a@03djKF@f^ycbSV4DD^-(Copt>1nKVyAg7i6Bbzm*%rN-T!dS@^ZTG zwOx#!9R&sU)=v~NV0g%rK$}+Lt@MNI@Z@dkFhF4W zmEhX!=}lzsEfRgLOL=mW`u^?xa#wIs_pG7rK_#dZqqZhQpX-Y8>N*K3-?G$@o{0y9 z7>wA~nxHjH5K;zGX5)9ru>{qxFc~nvT>soAR-4u|3&<$Qs35sbs@%>{&ola1vGb)b zW5~B~j9shfd9aLKK$&~n_B&8!yge@if#$_NlTm&+7DW zctOlHyK%{`L*n&8M&Q0V6Jk1Xhxr{dNN zd^b?y`Pl+CQ$e@5tf?S2A6>u?f!pp^K+h_pJ9IZuqeQ{ANeoyZwh1pu)U}_@SNQ!7 zfO2gD=s^7=*KUDw?Eo+Vlxt}}!PBzAz5?Z%8R9fhuBH8vYmV#~P*%LF=z6zkdbd(Q zOydx^cS;#z3%IxY&)!486mW0WPw*@Z1pqIU7vdu~o!``45kWEyzzJ|fjfnlzCz{&t z3J6+5%W6U)BNE{9v-@4SqXM>Zz_uZFp#NSM0H9^lzk4zOfI>|76Rhgm7y`dn60%=& z8337{5RyPg0)Zdb?-3UUaJ>MyCgKMGSL}f6W&kp9o8>DY8VpZ%b$Pgyy)|MFhX09% z5ZD9)k<$@`&uLG<=I8Lc;XnoKmxJt!0!AGvK!Bf?Q=b9*=8AS`961jB`*WzWqfzEy{;~gXBfu@)qb63#}POhH@bU#7MA6mLCu}!wsg4k`js5G;8439T+dXVaq@Kr2U(a9i zn87g@Y5mgV76i*ng!n_V-8z;8Yz~3s6n9@br64RJX~z7}rzlM7=+_0XYjJw5FQF5P zR*oGi7*rfFSVm*8AW%QRUJ(>Ym6J1q3-1xj){NSd_m5Uk1v4k=5qM(`(4DJ5mFj7H z(_-vc4Q{-(DR)WS#J9#=w+DyO7i#wu>(Twe@}$=COs-x+H6id9@6;gj>0i7Pah=t= zsyK$Zc@ElXrrIAX@RvN3ujT)(KczToYULylFaEL(g0f0(#&jI?VT_)(7iq0%L4(=gUViOKVt^BMvHh8#qK&L#wGpuxZtV{O4xeRI(en=kTv3m21XPmhmp-Bb zBC$|K&sy6z(+vqTu>$1xe^69-_!BI+vbrAcIjqT8LsV-qVB``1i=lE+{JW2|F!s+r zQp5k~BSAXsDm~qm@O&(`MBL!3X0>7A|D-dqA`RU>z%O+NZ!23oJeT3lU!r5-4d6?;F&dg`IX z+i9NHWAV7b^IWEB_1G!9p-r@7cO_OcP1o?gIBy*2y|*uw z=tHg(C}_J|oL4Yx+GNn5r01M96eX4V?t7E8=voRG-*Wf2?2N7d;Q`i(Oz5CfgbSko zf67ip|JM8$|4owpN7}jbw@&Gr70cQ42PP2N>n1LYl?F{*u%%ZAi(pHJRNZP5_rCm|!RUAE3^ z1SiZ(FXB&+y?3m^{?=m?R37g{c{QO7)7fHIeyK-$V(-bE_}{lF4s8gITVpSf08#rA(NxGP`)sJ>(oLtfOM;xDX2hiKwd0YDvpkbigm%P z=4^(&Rhd_1LeZ0bfDR%&2 zU}KoUGlmJz{zRPP^-jPl8J`;V9SkXw2NLKFPW3@S!y^9nW5&PQj(8?=aNgFz;Pw2uZhJj7TEYlp&7tqTn@}H3ba0C_4s?elIv9#P>L_JDIj|(SckVLOSA! zEMW3Uk&g(Us6?qjWmC!~@a~Tf)WK;>x+| z9Er9yO}M@l{kZ7Mjfk2g2Zy>EKO2VE>#xzSzRHdwCM40sbNZ92Ri9AKL(#%7=1)Rs9+E+xLvTxo zxGIBr)OH9DV22D>4&22b=Q>@_8C!W*{zBlzMSNG)m|f3S^*ddBIPtZYKc)xQbDcSN zfJW-m!Bgeok%&)@*HYwzBheeM8A13%#nz=h zn>Oi{^C|Myi|K zI3)nlQK#a4>x%U(10Hw$D&&e{;DW%TS#pq96k5%rGV^;Xi`tSMj zAH)}9^aiKOYstFMNfu7BJ|jelv({Iw77MjV$hLI=|(hA4mk*9_%p(30XyS`;QbtuwUQxGrgVwE zeDX)@FIgln8l&+=7Ko76fYTvLpZ~>-E(Hmf5Y2`~@)|lhHGoM9k9ZKEF35lnj3AhR zY7lPI^m0Mi`~(lJ$3L784kn0r90v~_SdH}O4ghfC!#*B1vddh2x1+HjAsu=p7=&t2 z#UQ(!DVN_Nx-pd4>Kx>Y?1m=BGI!(du)<gDlMN0QI=mWu&_| zq{fkIIZyh4$_6^6-C*vzKC)Lii%AqcuM!)t=7=Xmc;vbtdVX?fR}_>a8y2@j4MGM%!y% z1&&=)d>X1n`(1EsCU|v&I-nZh?!u5)G3gRG;Ffd+f#H+ot{dVq)AY?NWEo2!=v%c| z$=ISA$re1m7Ew1Ts9tqmLf;l%x1L`QAOHjs3|@y~%)e(f<_e{o-fxrKUw0TaRTLUo zO&I_RJmrJa{q^g^`eS7E_IMqfj-&SVaI2AgMi531C5iw?52ayIBO%hL7V{G^NJS6z z78fYBH`3j^?&_yrD#xU=z()lvhC6H0(-G>Esxh7Dj{vqhgt;KSq^b={D0;#`R3f-% zN!1y{WLPXs2LM7s!f-*53}0#HrmHopki;QD9Q)V1aoAI~K*g@>+8UZ29$*9POG~(LG z#Xd}JOcbrhyVlJbC?E>j{AG4P&7`c}2w4JJr9mVW7_E+00KBRdPyV{96;IBqvDEt6 zIPMKp;(ys#bCMi%n12$sf%#-6tTr5BBj37pUeA-^e-2`W6i(}RPMC~pg;Yo4T*E_i zFxE6;)*UMSX2C{LG1@L?C<&SZ3o8~+^Tg--K^(S>Fj<54Lk~|5jeUrYaKi!l;K zXd~P4%&|Mpj}$`_K$9v7qvnuQK&MvQTWEz9lgiJ~oM@ek3YhR3Ee1>&F#)V5Q9+lL z(AdN2fLBuq41OKew3ZvJ=}hWRW=VL{8NU}a1hKVE+7nPazAc~bx7!5Ike3Himh{DA zCcsAlD&XVK6Zyi~7^tFxUa6u1-UIsquW+SoZ;T+1MO0+It9IUXq4dk*9|?L9898TtB=Bav`^c2!TH1 zE>RsaIWs>%q;Y{*=yy%+7+jV#cAIo{noP0fvaX$9^dN)k({aVH#ri0xT#YKso%Sp% zAR$}*1^9olj0iZPn{fc(e>#JtlBmYg5*_L-f&`(5J{UP*%eJ>UpG`*5%ArJ|c!9H5gU?vJvj|emc zngRG^41b=C!F~_%8=Wf{N-Zny7f=E(aDrDxV*>skKi$Tli8z?XO}dZS@(?49Bw-(UTYVTl=NSUN#z3IA`wTCRTuYw?xtlLsuq zc6R}Twba!A3f3~DS+GrN414Rr6wRSEZJCc*G!kc&KM+afe|&z0x3>}k1?9BBRDw5MPJnR8nnL;E7CFV_}mQA4Jpj3 z^hS|N^JHS|=RnOIh?14zyH&B|{Da~=)WM>g@F&~X!oGC8ZPo%ht(*Qht&Jaq>Hq1p z77zQE)7pYd>Rg0YwrMg%^qp5z6iO8(0(`nkp2>;`cxpo(Y}08Mr{s3~_RJbI@>L0I z&l>B7_137>GSlcmNa<#FO~wop>+|3JRfc6`o7eQ%)dJB89CL(>KOUyLNm&*=paZ)N z^uIf>G5>a8yNq4Gyf#IUm{XO=;?#JUk)Pz2imsiP;%k-_|GR@}mfOOsy*1_64tdTV z{&5vv!!#ceX&fp1-bj@FJO?Mv&g6BCv)2X(FAoR4j%Gh67hj*riO2^NFdJjYgR^Pi5T z%m2{aO>gv5$yzO-!=vI-De$HQXh2ld+w}B4{>@^1W z2EL%pZ&O2pZa!TLJC9Wyc?P&zP`ukkW5C#M^Hv$lFch2_oxc4_JN%iH_h|>a<|(s( zNN&@}gsHz`x6ms7pT=%+8(T!yxI12H!?BRX#(ChyX^-UREt`G+<5;5mcgIqq@jo0( zazMuthndj7_fvuCzkL}5yS6_CYpfe_tc4geFyQWdd4TQIDV#%#6Zd5a%+AKphAVEL zfqCJ5U;IxpWKhfb_MYBOs~pX_<0tuW$q2_sw7(H?iR_yDF7XKxYV&?f{NKP$00EQW zKOIZ;K*v(vxu*&q{GBN@c1oyB)ShqYEg>f2F^19Ch!Vr`6zaSVmyfM&5SWKgE>>Tr zv;W<7-R22&EcLhz{ujqm)nAUK+L7zZcHFc3**?*1aNCEp`^C;i)qE zCv(g3sNt~tZ8$*r-n)pG`B|rsJO>NM|5X@+?$cTWn#|`|#aS&&*r8aO)4jbqHEqzy zio=E1=ov0_yA5pttElV3?i`0~o5?y6{mIZTZJ+s!I_G<%SDhL1lX4;yU5pL{|2Pgd z^Nq77+G&i*tfEHHoI`Lvdl4}w+_NpWW7)ImiD;2heuC2_lz;cHxpsbdT{|n)QGTaE zlX*D0BRz4N(#_L(A+=zensiK@TvGWN9DS9yB4;m&2A8M*ryE%*)N{46!8iyFl`mo_ z{ahE&MUq`VHyKY8T>FC}nuM2twwAvrikeT9x}5A@bKDksN*bdq&X)GgQ76auhDjpn zBs*&Haqvgfpde3>7zgFeQh|^3Q?1e#f60#M-^yRCAMKf4^18%JY$S~)vWHMO4k{hH zI5m6|g=aLJ6AKU>lll&5JpnQES)xx?+j0%XFHoo!%zci@?sA$*p95?@UqHhVqMb2Slylo-|@Gq};4>eLmgYVh{#*Hv+^?l|r?FGYZ zeA2xJ;Ry|1ylo-J| zZeAd>bt-%M7H!~#Ap1TLq?F%eZumY!G+a@Grd~P82T`>DrrD0q1 zP}0E06Ga^gD&`gGW8OjMvLub;**mKiQ^WNdxw#yB=y`!{yjnNtpFb%%f1J@FoLP5k z_j7||Y`q*Qz(Mx&s957$$&<|s=}89uK5NGMi^X;7S9Gmrm#u1UJW9uN`jp4BdtId< z@ASW8#Q)9uA|F(p7ysx4l0f%*tov8qDml*VyQ7TP5@K(q&^4`YV&=103}2LwuA%P)t|1#gK1FVb&Q+}m7Rj8UGEhMm zq)k{Mwk?C-nFxclmp4Yn zpvLYuP886pGDF@}#p-_mE|HWWuls7Dwp&Ef56wRa*FSxhCnYxUao{janc2>4)ClGK z74_RJdr$_V_?w7MRUD16@vjl8)folJsFT12@loX8GrrKSiL387B>F+N4ow6RDi`9w zRPngVy%}MUEO&Jrtv028^n?(wgOACS~hxY;3Rg|Ikr$DsUhWJJYLc4YX+(P}z*$YYk(ZUGUj7^phw3w-odL?PXZD(DxfZUB z$Eszb*7OV&ANt;S%n6Ikok{hVy?K(u4&pUS!&#n-FAp*@(G!zTc5YUUOi$Xob2_8n z5T+X5hxYTkG=FmXhQ^0?a9X_h{)tQD*~!eh9L48e^0@b6U=SZEgjGbOula5p)Dm97 z4JVsu+H@Z&#lQ4$H0?;cF65p%m+R-`fvekltXxInc4qGdl1Lv?%qzwpJ!^sETDH6$ zN>d+WWkB@F|1Qt_(|Ey!6goBzD^(mrB3f}Ra)WJvoCZpYKh{F#j3A&Ltrtd7!(IX| z)@UT*?mF>QXd!>fY(ujEa#)*dZ|byy$W;xK#(I`T?8O7kb<0*~aF(Y2sWuB>MI zDb%MAXxH#k30o%Gt{$a_gV~$Y>94j_3oW_zG(SWKz|p*3l^m|j@ViKbEtA@MkJl76 zeE7_dI|?+af{e?5EWYJ)^zf(A`JcGuK7OC!zWkQyDe^EV7Vz|oz-G*JU?%l$!R&+~&HmC%yJ#T!k_rQ&IpY~~Bk z*ya7aTKDM1wN`t#+`V|%bznf5 z#nH+JlcfeUWw6kDUL*J&RfxD&s8y(76H@>2 z#Pnm~BKX??rd?10CR|a0u~s~4QU?naSSV%eHwVrU715`b$*>~DTJ`PM1iz648GI#~ z@&x~}1O+&wqInNJ$DsDlPDS&DTaFUykb;U5(hO;{$yG;+60~+{ah87b2`a=WcvRb+ z23MRyDgc8zCwDzoN|DZufh|_ja&U(^jY0xjV5*%*ali4FYm$QKl!f0myfq<(%yE6U zy+YVQ2`-JPxa46iCb#MESAHi6ZOEedyjZ3>y!XCipey#Q-T|QqwL5XqmKeCGkUV#dqOql zOR*6rt6zdzA9~De(h9hO#9O9tY9s+=c;oki&)zErs{#sNzaA(-xCd@=ROUeC74LEC zaTYFuEGQaeI&F(V8IkWFbEI!Onn?Jo=*AsG5qQvzxCq@T`IB# zvff4LSXH_wUOX(W6|cLI-mSPMR65eKSL27HO2bph3*<1bqB%K1TaxWyJcDNx2rP(+ zZUN*t-W;e2)Hq^_wm^sZCOqIAu)=nf57MkH4&AJ+3}^xtsch)~DpG~5Vq`6jsqT7C zYIl06MuH72G3=B#^0HgUZc04Urg6%~qb|L`^Lg#=sF#E!mkd~UKW~n@F!e?3!H`FNG?8pHLYgv< zmkYoE4d{6_fec{%O#%@`-79yJ?9zCR*?^7{0L93xx_?bc`RFO!-+(Ii{Y6+N^miwC z{jj1jA;)*A;p8w$QU^LZuW8s^6L!gXEDye7W+lcDks>n|U+W2zUq3e22spoKFEmth zp}0k0T?EaOBBE(584aa{KK{sQqv#~+G7W{5f=kuz1kf*M`N#WQ&O!~8< zwf#F*GL|`)vA3#sX(_egP+Hl=WO&(JzOcwj_`op5)5*hMxLC$ANDGMZqSU zK$n~*Z6PqJR1j-fo!St~;NEp9K4|5YvP76jXLcp-hF_JcnB2@7t7}ZlWB;Vwlc!1B z6_plRnJ+C_&Wf5JYEnxU%h&|`0W3~XrSR>@7`M>2ywq&+^wvHF^kMPar*Lyy!&~!> zTgb)IZ`{Gy*Xt{->n7djRGvEqUFYT^UA9dPxEk9%vA%LEp}jV8Nx8p6FCbHqz*v8* zuOg4CJ>|0g;MCE$beR?`K}>@y?s*PWG(ROsR0&xmO+?=qk6f+G!%Cp4(q{6D`b1yQ z^O)FDn~5pGI?#nxs0=yZB6kffiB{~$Gs-L71s_3N*`h(;Em4o#w-`#>g#Z;Mp9|C7!*fv*{M znt|7wTeJGibTZs`Z_sOAh>w&YwO0H!8vZq}<6#XU9CBe4jqAQ9_tEF^JT(4b*SoN&O<%F5f%nCa+va zq7^9v?3PbqycRO$I3g$WW1xeX#Z%5W*DfdCgvpS0JX($@6^~zov!aE>g{OuhqQog2 zO_&``Jmb^3g$6V;*>D-@Vwnf51d)wRw)BI&0(^`@;F6(9+<)h1%pymYicY75$q@-u zhYzmZJ}T41a*xslWu6JeMXO!3^m+3cDCs;D_1{XHh6TcVDj?6^G8%W>4a~ZxQXN#X z4NQt0iXf%d3A6G?v#@%u}krx+VjvO$PnD>@+d>&V?S5QQM z2%c>`!qh*=>xg+w7S6Ee>;6u#`}5~c!)k-n*tCjJ239(`z1OTBZ$=PL9vb znFY;MSkR+;m{^-Z2Ti&DzZJG(HExoNYq+AgW%VKMyt?%4>F8j=yd%*(4{~;e?p05G zLk10jSanfseH7NNf(Yu5zR3xMxL1rbPw95wz_=soym3;gJOPFB?}FQM)_%wJe716h zR7vy5$(G7wkVW4%^jbFuKl%l7g4k9$M+cd|NPbOEHFvyro0s}Cu&ZW(P;EOhaQ&!> z!KD1B$?ST|1p~G`x^OK~r~X&ey@!yn{poTdX?=qWyf`~NdD-`2s+>up4OZzpRxBQ) zG-E$v^_csIV`W9TU}onMkyKgoL$@hTe(zOY{Zqi4FztM_{5aNl{F6A^i50IxevKq8_} zG)KI;+)(L#Wz}6Kf=UzO^o-eBAtd#e#;Qq%R)iv`KO@#qw2)3t{e6$1bz+zK&#!#R zmz5h5W=Kxl)dh(zl*i-J)e^DsjoaG`!`l=OjokE4)_Ldd3HP#@_B@JucLvpXb$xR8-b(Q^i zw9l38Eob)&Le)%55UwT*=t^2krX`}^CIacxOBEY$ng4uw?C*(A4fHBe1lB44hbMXE72 z`22Wxd}CgiY(P5{$mVeO5YVsS$zfxICPSvb{qQaLwN|*AR1`kUT~AUBj}D>2yY)u% zm@?jQ0*MsMv95UXi&7$7aUP#LX=01LL)i*02V8AY*n+-lEIHwm%Axe=NZOw4XeiFU{Aj7=E#-c~y?dg=EaX$7 z!^$YP@*ngUXUKh zS~;9${tF8*^OR3u;{?V=dXON@!x_)H_FO3fc=PbJH!e+8U^?Qd1(BF5N6y_`zD-VD zB66{VG`Asi$ywwZ&o9xrdppnXEyr}OQHh(FkjYUj>d?XT>Ga^|42|v16(=^4tV>bK z^49kqhRRNsZEh6{+WHf9LQP`Jm735^GRu{_7s|WIeOSaYBhnmp`j{3bEu%ClD~wY# z%EqOmO{bj>#!0FcVYdPQpI{+PTpiP0x_yDx3l;A-fjb>c=wE~=t zA@JG80rSdUiw^5IbfyOER@+|}%9vJT!*bu30U5#+KcN@4H#17i>4JK`AQCMHH^9oA z#zRZ*)Y&+G&V{*`$rdpa?5gR5ZsMfR3EuuSx7W?@-T6x8rc|R++wl2Sxz7i;ZL|I_^*6ScIl^Z+Xehszba*5mDD&KRu&Jz zu_N3v?};NaD; zPbx#R{M(Rvq99xyzJ z=Ba<3(2hXCX;wvxK+%hkL&79R#w6~>%ynnQmj+veuKwo7Vqh)Lq8Brb`dvWq!A~GB z2ooNaWgdwq!x{mV+SZl2^#F>nSy;Tr zpNaMN*iQ5f=MySMc(_3(s;o+3B#Nc>cNB5Kxnf-k=6YI*9Von{1ZfqL_U#!ti$XPV zzbV`SRkc!*r#zJ$$wBrTs+nNaS&Vtwiy`bZ5&&B`Kam_D>;OUDrp ze#gx2E7XZMBrz+y6KjT~wC_HU7_stBo+3+Pe0?NoM_L*$mGsJluC7hu_d72DIErsw zTXsEj{?40Bi|0#uY}NHVvl=02vlNu24Sk7q)#PMEA|w@&R%LU%GgWj|8wKSs=k;Z@rZf-CZFHZ)!Mw(~#Z4*#$d?hbqHhtGwMs~3kqA=VKUO_%_Gw)ax zfXn4HqsxFi#gHki3{cV_)JRs+aASS|L08e+snWgv6dA9F5CB9qjJX&StipVmCCcGT z9CJZulc;14Jrcare6TP@fx#O(eu-urL6x5rJ+_UPpO=D@vNSwD0c~=NE*PpnqnM$% zH&YoZ%(+L!L;>eJ3Ofrau=dxBbFJesK&~9a?Nw z+hcN_Ba2n4o1BPDeU9Xux_E>h&!9vpn!-xdl4CtCtkOXJtx&9Ddoj**Ud407c!A2y zf|5e?ISMPVz%$ZYb~VUYeeqf^=e?fB@>+JaF&YUe`xls{-mkY#>xXRhH^Z0a4|sLg zw`MZg&k{6Q>aI4HPrELAq3Wd%dACUnMAam8VSzNyGF*L|qxiY15hn()`6~EHl;(PE$onAbp%rL?jPg?(u7U%tAIQ51VwBeimPugNHA zCBlOnJ48g-3f-orA3mj?>q<&(!yP!n=%b z-{I%PG=?JVOAQiw^$!mq#oyt6caYgb{JZ`YMB0`+$Dowu{x|(Q=pU@9=h+`6sp#@!u)y9E#KuEE_sxCaT)NRZ&rSa5fj z;1(Q$ySqbxAi=*T`_Xgusd~R3R8iG5baUUm=2&B1V=jBO#nXH>Fh*xcu~lx8HTsd4$|Ve-eeR5-@HQ zALu7J=h4!Z(9l?!1f20u$54JXEu@ zLPT}rCw(?3OqbibAtvgEb}t;qITPI^xI?1#Nn9&0vSnW>Ip8(Y>xVlkf5?{QSNf~s z{)%IR+i1t1ruyw8ni}v+yCA=0Xz%2S_UgmfBAWY6>05HL^mg6l=T0B1s`v_S(|Viv z5u~;6IXO}wJzoH0djGKlzf|2UMtMl@VTxv11^i`?0H;FPC^rNviZNkV{SHJ*l15^8 zy`k5dL%A%;B7BdSVb0PF&r`<1k~A8x<>{QMz4hvp?~q=y&}6YlX88FFzlN+B#<7^2@PU1Ng1*S zCRooCuxY7rh*A0e)7#4A)!1*Jo0)B)%8|6cG0*uHX(P8q6a)hu-O)Dmy1rTL#E`59 zess=QDBF=zgI++Y#xt(!fm&cJlZ$D8`=o5ji%28%tVoGLC7I#4ERewUC@cSOqQz}VwSqm{&OJy_R34euEHi~At7 zytnMAk&O_l0+dE)uFG_nOaIj`TiG6ryDiT+`9<@civb(PLCwXaW#qFqyRv=3PMk{w z#ZNTtji12bo`wTjiU=k5`di;oue;1-MO6GqT!e1pe4n#LquO*c3n?lEi$QEqkp#x0DZ<9105d76#@T*kt@Di!BD&QU*!BePt=76h7ZZh% zrZXc%-B8u$K7Kfs9=gZqDp5c)ViG|+QjV_M^a`6< z%DAEU9_Mi5c#t}oQ@rLa3X2pdM)lL7(_V;sYK#2X;Cjv4st|KbEor~q5c)**S%BJA)Fx3nY)S5#q(Hgj8>c0)oPM5D>Wz9#xvmeuX+*S*`ts5} zo>RHh^{`g9uDMDG5eMLk9Gzpt%HFdgzyS=auDGEAxB(8Ym%r)tVo6&vTz1EmRPEG2 z?x+C5P2r|6PYe@6fqst}((Ls})JVu5hfp}|{0Q(1-RgsfzmS0BwCgqx>WWrMI zHWX^5I}9%>kyAa#%9#GxQ^Hef2i}oB!1&<~uj|F%cB8S)s!$!hGqx&{D=|;wcBIU! zM*1%>A5R{h9lpDF?NYnjktF+v6`=5F$Rj|c9g}qJ0e_4PLZtl!ywfu66cqSrEwl)q zL4R>EE)hHwx)Ag#2|vvBAqD&h=}n-~dnhfJv zY;>9=3b-nlFhReWrj8aRjDpw-j-zhDj&p5=` z^nM2SwVu z;?qv^cfT7H>7MBH52uR#L)P@qSp2pKW8L@TyTL zWN|PwXWLE5TW}!w{E@1>_(+PawrEKc3tTtt!|#|zYNO$xu8S;mBK(&ceO)|%kCJFZ zjhx-ux4w)Xp+%SfjT@e_>dnIEh!DYrvz4ozp8FHm@^|abuKF<9n;UOPBX?SLrMzEs zR6Uytm^7`Zw?4mCdv`?jN%7hv4$@QpD1&6lf7szP9IiAz;{6~MY71;f_cf>9CW$fZ zIs{QrYCtIQCCYsq`CEO8*qy}~7ddgxLK0Ck2C;DH?ze=l5Zvco}$t=40`Rj{-Cg#pNGLAU}f*@lx&o&<4+x ze6;i`x6D5dTZI{U<_${d>m+mQnfatrnyp!=o~bdcR?w=+27e!ydH(QVo@VD4;fS+j-W+3mM-{8d%`YzzcXL%+4{}f<{g!~OMGYmI`i63QdE)UM=LCsG zG+r|_!4mITH08J&AE9?gOyuW8)9k7mzp*!NpNgO5p3o*e6*|ejbH;13ndvhqpri70 zbIV*BRsXEG63Tz;TzxPm>G(|<(^nGI94yNzW20eX!K3aYGmJD&q+arcnyYtLH<5ti z`@2in1ZMdsEVux|IXhB%q5(JLNjuBJAAQ>@9KVM``}=T1$@ar>#5d7>xe^@4zOD9v z$2-Ts+CVs$MCyEmNhZLO%7>kz#x03y&Zz)mVY~5cDhtGtT>`7)ASu_e-6gH_uo+xbg_yHN`%eZDtsiKT9e6uR0`s zw}Iifh+KUV8Ya%bZ~ztr%`i!qgqMc5!e2Ex44)W9W3)dHN+N1(pE(g$UBf%$(*ys19?6B9NuqU}9xrW;ak8 zS+?5?E=)Z_=Cu&ptA`UNwz0L&x9LRpLkAI7jc{q!C)xY0b)Ixwdk{Z%AT&glMdKj$ z@t6lvw^Qx0aIM2O0+*K{wOtA>WvG~vchrgFSirX=NKuN!zq~)dEl#jnc4Mrp)?3%2 zMKx=p&9VoC2*TFHN}V$xxbSaW@47ZupdyEfXdr6Q*(80%k<-@bc;xk-PANLgJqHBvrHf z(B(qZAmeMVFPfy)g7pJMc{?<#(1k6WZTKoeasj#DQ;CE$jlUXjrG0v-VEGCITmobl zetY_UccCf<$ZLTci}{`!hIlC*BXb=ErK?LfgU#FyU9T>NV2v=Lx(QJa(wcq4Y(P(m z?+o!yV;;J?M9|I#^pQwejh-O85Ul4EVN6978)jO=zG|+WC6Tfu-fxUdYhB7r9v)6h z6veJ0ZyW~osI?xUR%dh%hq?wH*&UVHxn|-i;Z!*tz zE#pZnw-s|vU1;bc(1=_?W6=q&yTx6V4_P`tJp|zoNzDa`7hYBlY$$*eBjb4?6Qrgk zfUyBpG2mnioG~YuzHk9f@&ob`cN}B#`Myf3yW z2eu1}96=E8+owLfIowJ5yE0FF&w9V~?Izy%&fSa2tjkc}=;JZiD;T)1JoH&1Juo_! zC~?m9^|5C5cc;&L>`sgt3d^s{wludHFG3T}{wSf;9N~RXgddDkOkrX3_ASLW`@9t< zRCl?ns~JU)K4+Ss?d5+v0lFyvsPdT+-w$~QdQe_Vy>|^6QtSM}En$O+PLjI-ez7p~ zi0p%3lN&lZX!N7j? zU`&KS1J1q7fhxK*vY6Tk6WWK^9m*u1GpF^K%?Ec!Ie~SzLhZq7S{QOcQnfjGBPQSE zlE~3^dXKk!EZ&3Z)Qsm|3O6b`U(^NzUd#QLynkB(|55IT8dt#8o})hR@2h>q|4X$u zeT>B%vm|~qQQtw{QqPYEY8H3vUrbS2+sxj^3OD=VvLH&QISb-84s&ogB0Ai=a^{zH z)?h~m4Y9Fzp!{$YhdM3zLd#x1y+ACTSyV4^^@)_;mzi^79>1I&j+nHxQ}sohlVqA@ zkToiwYZN~jku3CIU2w*B)DrnOOf9Y-mY6{jMi>@vO)yd7brVquP!qM^7u|UUF=*7} zhcxMzv5T88fbD?Vh+_XOGUe~7_9zzH$?DkHj^Ta3H5Ve z#lfIU0Z}UBk3XQ)+I!ump4M-o^Eknqtvx{r-Kje};D8qt8`p%xi5^_NM;4s2Q_=NS zu^dLjHv|5tWB((*V4u5&-+Vs=8c9a={HFAi_axq84nBe?t=b(qTW~q|mN4$-i);`c zVUqzFq!};dc8!GL%)(FC7G_})$i7NIawHUWt+!oOFj ztAvPVu4N>zzP|{N?rP>5-QEhp|(0`4-gBp$3OJh3AM*pr;C-jJ~I#!QFN-%QZl zyT_;yFknhq?a?#G4LGYawY4ehya~mUun**cCSatle5bfmF*kn`YM$Qy5-jw&#;rUz zgf0@3J*;QY)*n*^KZ@=fA2d`yr`N{sTi6k_==Npn9-f5dc|MYY<_1%i8Z=$p4+8@`T@rxkqw-dl~1SJ~bX*eMs7 z8wU;Bt^-kQtYXUT${-M7uP`!S=p&F*Nddz>2@{=n8VMXCeDUf|UrbNl>1x%Yz`HHR zvN@GO8o(MOLz`uHAhN`pj8%_FyeQL!qzbZncn#d7IR5DsdUVBd&sN%e-uhV(|UsY*am+mbAIAak7;q zIwKWX+IQPSS9YFS>Z2ule_%a_wy;XjL92Na8J%MyI&v;p=%D1v$q0HqtP-N+vS#06 zMi+qsVrFOsY{;UC&zvs=J>G)hgYq7lCT$9N$my^qKNCVzm+0H*awzkxE3}D?1Axxz zbON8SwQ9M)rwj1p`4ECo+qpTp2xX-2#~YORm-4eizh?ESC2B`2cKv9z3X04P>)Nl+ zW}im~jA}pBRJ3ILC}N_lq_lS~kS}z5JR-)$lL&SnDYhZij=88GR#NA= zQK_pxv&R4BjIR9dE`<(71GfosSNEoiX)|`IHf~3zz{Z9Qx=vm3Cgc`W9z-FVJJAvJ zgkrrS^n3{`|0q;Psae^rQC9@+tVNdxJD1K3P&sO%{DKhxndv5)l*rt0kD2c!@YQxy zFp>cJa*#GbjE?_Blel={c@cE;0Hbz_c{ z7d0a}uF&n)4Q1AB%>fOjsh(ygCXtcSO_CjH6${(-7V6qCAl{;7PW_XQ-tDv14MmbV zzbV{WZ9;Uv{4pRyH&K6XX(f&jL2Q_Y1cAEpeXM0; zM!`TikmtQ~B6>S+v{>-I#s8UMZ1pUwGvwms?e>eW%F9Pzj%VTM z^{V`q#hV%S<5mh8=DE|z79G<#^-MtWOyUA`a(+-}285`5WV}I^ZxN+W7X#yG!dkhO zno2Ii!?XVM3gmd%N{iFOGm8u?ai9VM0rcQbgE$bmWtUp(*2fyXAB$a6Fjd@!))*5y z;q`-t0REs!B^Xa92rA*~o)?jp|Ab3w_y9=#h;G&K;L$F?`}piQP(*}?PYQjg@Lid(EBk9F5bBz(+hf z4J7DcEOXvdiwu7e1JIAqIU>;u7usnhOu;Ez5D;V!gB5imkl~}5$a3y*;X8$vn4~WX5-Fd`1nHjXsuH4`we_(HIjAz3!i!8Z;(rH(Qd=b8G~0P{f^--2j7VU3 zv`pR%VnVj#t$2?`h9{47R|!E~qU7A5E)$dI0Kl?FvMlRS^^{VqbD#>TIL z)|lZiY;Yk&V(60vE7$i7yBj!hbLRPflxqYf!Q4NUD>G|E+VUr;bQ~C#Yppt-F)Zy% z#%aU3g1X0qzE#uaVIUvg@Y@=7XFgwE&soOA{y3#`{Kf)b-(vp?n6m!3n~Dm5U+cpX z_k*4T+x4ZhT=j=n-O6dG@BTk@t8)H-=~l1{iTB7rWh!bmh{603k5dmUR0Wx?UFMpb z*)UAre*KZTIzq|nS}2hsWToyRx|p9_%1U*j2u)%Z;^R=5_PKDi0j{0w%!3XgA$cX@ z6Q&e-X6zZ)ji3Qhl7-GdP{93kZFzxkOmzA7_J0Z1-@iT2k#%m_04j7fo|dc46}vIZ zakP8i)*{CAdQ3C2n&^^J4)~v5^(tQ?JA7z+W|!6~LgMs+0AjckPsHJ?JLTFw0(Pg^ z{_ReoQey~`a`4gQj5hxmZ9YXIP?JiOP-&a>`i`-U$*Y!F`IVjHyjr|NRG7W@vpjUX zz=Mj?hp_$`N^1p4I*l{p|3j_fC(gIiUwoQQH6{O^i5-0PNkNCjx8};Akp2AT-<_+& z*Uptifg%JPVTagTg6+YCVxJJGPfCIe^a!mlVPmp?5t|ORX&<$0hV549>?5KvEZ;66 zh5O6)65K*D!LvW#GZ?lRjMO75e!S5-cyU=0Jk9)CiX|oDaPVgS8A;Y`Qnc&CBt15vn>0iEIuGxAv*5D-rA3d(3)k|C@v?X|BUBSpui<} z|6y1$R|g07o^adie{!3gF<@>}^vG$Uxmh&+CD7M#mqY9b6E5ORf6W7ldQwXwRX#-` zC||Q6Cq%r#HUHOhn`mOGwyL;(rA8__yB(z?>tgYYurqq`#gBI}wGfJMSU)T+m-Gcl zxawj*S?k+5!?W+vEynmEnf2e>&^%@QY{|p05T#;Nezc|<{E2}x5;6$pH!T^m{h&?* zn$(Y0yI+yZnrf<~&6wuyRv-Y|kRR+*Rkm_dIGeM~7GAu=6?ThOPr}xs)O6Q$6AT+# zFNOb7F|4MtDbi{WEeVw@hAA=$baK%6Ad-$BmWIx-?F7}cikjJUt-*oLuOfE`ZAMG- zgKPMo_PI|g*SSbW`nt4FP3ATRuiRB4_?|_UMn$a_-*xwnUAxG|CkM}`6?p%0zsMsJ z-p$5L+Ib$1J%b<(kuaFYiSIn7&Kl(zU{I&?9!z;kc(pfpJ`G(mjZ z2_SNk7qa{2*mZr8tYIc^V=K$jzv@S1>L9iPaU9Ezc_UP3fUn^`eXc|$yISk&V1Gu? zfww%B5h?6ccR|DbzG=}j98>k3n5PWEp?BA1HX@|BCwy?|OsuHqAOm@DXnDNg<0=s| z@ge6k+Z#!8=kD+hT^STxL{~7>lmS=r{EDFg#Tv|Yi1uDq*%QhI=ZSwQvfh_tL_dM%b<(~LB0z^ zP6iDr_C+21(4~lo%uuM{9x#^qTO&wX)9$k@5(Pt2mZFrp-NHLp+HHhjbrG39)L?Zt z&ODcSw?ZVv0d_4`3R&y>*8zi#eQ@#~U-uq9fDSqH?9CtpIE%`l-&6cJ1fwF`G+wFd zl~d{(qIIe6u0dgVn4D?X+nuGoGSrF>-!&{9=L zJYO&@VZ_rE8A)gGudaZg-*>1pP${E8!j#U!Nt=~(~MPuI~5U`HLkYn2%} z4bm1yMUTr!UwN+^gsr=+>X$0>s1VRrtg3)dYa?hYODL0>>}It8JmyV)9?4gEeNfoS zXN8QoOF_b-o5Q;gq@7eO6#>3yB*a-87xc~-&8r^`QJIRgcQ#!UzSrIDd)%!z+m?z0 z3h3AIGKU|3diYNW3+N2L_<2r+KK{JD1nv5dTjHyBh!5Y=W?TyD!N=}Cb=S4+w~oD| z@-Wgok&Auyk`TP3EbCH_Fka=HTsH5G{g4!pX1=M>|HC4-BQTIJojJr&8?M-K8Lrsh z%?)^>nx1NMF%MJu#B#MnDVD@Xwzn1pTIL)Jg0*ob*LvPcwwEq_jHet-x_gmEjtz}G9^kPywPp+;5Pa1r@@~O-9k=DeU&l%L3d{=^&4lV%q z)wQ)CT}vCxq*Z}8tt$8)2EQ9Fik=TkI3|2c@0%?=8!l)+vUY`fYS&kXw3@l5_6NJm0yIP(V z5i%4CI?xIb?vJ*s%eJcAAGL`bSDD6IDA;rD_1zT(+#mAD?Y9eUw+hl=09;=pqVZ-! zsm?V9>`!|Nj=$$4DTT#zu@&~ZzO;rQQU|WO5~e#{IB8?92OgoOP|=lkJ9q8aCD`x2 z_o{&B5?te4m(0SOSo;Okk}NF?WRuex&<~17id0eTHEP*7a|#PA!hgJh6HAJoPMXZI z3maTWXk)%cGJkX5HB5h=j`DRd|{f%FXlYF#mo-W*dqU1@(*i z;86&iI3eur90~M?M$r(Q2g4`X82*fNYp2?64_dy`_bvy&%b$0oPQ#T&}>qkO6!?!DN7(|0`uK&Wg}xoSjn-F2V};3cj6&Su)5CyG$y;-%J*r zH1FrOm-LHLlSrA?-XRh8mloKtT$}PWdd9XiOpc zeo^9*%_0bM6|$5TOodxf=)Ie^b`YzTF{tP_0)o}g}$UiAn$o9a%qHpNvCaU zgw2gl^r-+JjR1RkbT1FLt7gnv&3CB(a+gr!i@Zyj6i(lxr!CGbsAUIEIClPev+{)$ zqwOn0z=6gO>g={Jxtm;Xu1lDS3|l96TB7*6a?Apce7JDWrY9#I0jz80EDCTaTsSJ}TckIy~R* z?fF~P0b7s8Uow6WZUGTXJq@p0Fk6T^{|N)Y zsTUWacC`kmLgdHed|D~xB}?3L{g|)nG?Hi+AX%l4F!Y^w_ntZ3g{46bTmN|NUibEk zO!2bev7uD3%UKDMMR`vouS$?eYjDLdOJHexP}vdYq23zD`p)xL-QrZWcY*1=?i>fr zB8Et!u1C6bd`0C!`MkRh>*oFsdQuL~iN3R99mmv8iOSrxt*iE?KUh3MkuJ*^Yp7=!u@Bn z19R=Q*`Zoam12(S%V@{Hr~!MZs2x?wF=)MO?<_cpE~`vqBnoL#_nkeIlj|=Jrb8SW$VZC$r8dXHmG`h; zd*hV#fAW2wZp_EIPApzhE^O3dgvAE?)n>Q}^7S|ZU~@Xkri z-aPK^XFQ83_#|Ol$wQZtMex%UBw<@%({zXs5^f(d%}4t~y@*v017Wj*Z#Td4y3;#h z-D%8W4pwD=jG}_)9OOz}h>jHqbml4Azgo-MVjAtvFFGV_v|JYlvFg!yvzlmjSL-p4 zMt?mtmQK@bZ&U}4u1YKJghc~p38`MQm5hz4X#D??t(2E#94-0bv(`1U7PhZU*`cTR zZ5g@AVE2vA$v44@gWJ=_G;u}&o=Y@2ew783VRm=n$yGAf!Jd$6A0jaVM&X$d2EOZ@=gBPNuI$x_GAU*RCMTB}UlnGE%0HSiaA73e{iDEa}mKyGD(zP4QqjME)p2 zB~iwD-pqGC`r2UnwyDaXM9Ro#d?NhjG^gQlwjlBnPOIChzbM8E$zgaD>mg=^BOKf` zg62_sCn|X52hmIv_vMaDsrqS(Psn-ja04BUN#R~PD6jisD9$V^dO%vKX3*k{U$H06 zG9!(M!+p;!v%79l+IUYPoYi-%cqgz{mc^Ylp*p!`%i9$%{lmvoQOC1;PMC{ks=dVQ zc(>O~<Mv`|FYM% z;@@~FH}RFh(Ca>3;D7Ja6M}~-zduogo|9FkMr2;1{qR4y;{k#DBclf?!R%Jt99G}B zo3A<5|FuOQrGZwlgeCD9tk|iMJ9Srbn4f@rI5nfv3iVZnYj2j4|qqAIUp0 zT^JIgx(nOQJ$1u`bpP+(@#o%x(?oSjcH>1IsN`q!bmJ>68yfn z*6-s`AkS*>^)r_1TASx%98dNK;gEx=GkxVf)JXy>Gd{1-py>Bh(QzZyL3@=nI9AHb z&40&_7$VxKe%rsi`Zy4`PtO#X`4i7f5;rLU%$QCD@E-hDeoDM2&AmwR6Ak%5b!yh% zq#mHPS?%f?MD+smV3=SWE+%`0qq2udGf7sW5m4b&e6tKP$>c6p#gVrO8);y`5;p>G z(O1{DUzGu2$_aWWJ)(m;h!>%fXB(pMaL86yfS*#`7}2E)ip<#^?D?BZLRDp zxd&FbCx)Nzz?^tzBG#vih~e)(PE=L7xpUH&(Pc7ISYGbpmmAWT;9YF41G}7Cf(l)8 z7Z&^1sUc9X3suQ`vG6BjiA6dpR4a!R>9>#TVh519OrVs49Hd2IAtH{e)KvJs(@6w1 zSYUg7gZ3t$NZk3&q{KNLK0QQTa^kAA&#vI3AjM=`7P(2^*ji)JdYjnXvsL3u^XO13 zYtk`4p0?{SQqC9GfWwa#R#2gf4=1g)q{=tqCg)m+l0B`vL8K;#_5@XR)BFpW?d=!`H3gn;1#_Zoi24_Gb!DZu=I1)gABwGMW$2~gu9{< zH$eNs=*SOxZEfJV(bUhKxyjIW zd4$L32+;cxHx-vO9LQ-&C4@pGRs$v#A<=2cJoPp`$5v%rpv}I2*i#qfW>{^3I?O40 zrXMhc=tgarP+ONq!1})9~6_2@kMIFN?BhK;!0p2 zTtJ_d9+S{7#*ES)ny$Cd9y#$vpACw8R9X9SeHY+Tpu4D)MZYoxSq&+L3ek~39dwGo zPZ-?-uBxbE4>~E$mT>QnmthB+m92@$trDM6W3eE1R&WOqj4w^P%{4fu^19h6pis5Sdqnht;ML%+Si&GVncouXADw8!EA&F7%K_NkEqjv>n=RhO%Pz<5! zqMILN##B~wBM$Y_DnzS_LYwNm7mxuJN$7xzGYAnqd1Ro6 zbU!xWR1KnDqlF)!3k}2tRD@sxPAP^cA?gEVM1K-ZT1G+U!^pHQT08Yw0Y5YZ13$Q< z887LYcGZLbJn%ynVqpazIeZE(L?MhqSq`*9tIVYgE3-+bG}UnRsR1iR^xQUk00`>|@vW_}ZZ_8}9@Na?BUs?apEs`KY+#eMK0%X>EK@HD_leCz{HrlwKLqNMLKQa7k9T=%NL4Kj)L4Mq$b%yw5jvg<84B7s{)t z8uRC+rP8B0;=lMKcFV*Vk%a3*FnlyC!)o-MfMjt6QInX2not*mD)X;q&fS}xed8#+bf3-3D+cCpuX!LLv4WVa%)KE+LbHt@?-L_NK&^VTe`lvvFiB0S`za z&U2_`X!)C@nbuI+%*Nkr2TlX>4VM;uFun06c?n=vhc;dipfBr_+5>>N5ueMp3Ge+zoCD%oq>1^~}U8X$M z(|fs}m{L2o`zG}#JEak9lspiBZ?3K%_ou1EsFpHu^oNFOZTUvK^euGmQY)E#m{gy) zH`2Acs^{}+hZ8xNXHiDOsY}EyVR2Q9DKH%4Ai( z&UQrm8-0pY|8ITzjreNyQ%I-$n!^8#KbcBqur9hc85tucz&Ts!UztX&rN2!4axVA! zhd|wD<=C(0Hdi3f$ko2k+((g)l;2TcOGB4PCGcDzU(Y5b*y^E%l+ApiE8>(eJHp^B zqyWjFpX9RL3iwGbLVJM>kogxwsYq*9TtgrHdW+l66vOw^#;}nHZt}_U_sxdA4gibw+i0?Pdf5dH-Rp}c!Od@o*e1CBReDb9YUyxBoP$6>MyZR^;ZZg zgaO<|3S?DY!X>60)vw3He2EX^ID^whH-Eg=Xftk2`atmY?4)YqWw+jENs#OP^~?x< zGV7-^jE}p%_u-B%H5cM?JZbJuBGdPOr%JD%OyF{~V>II^5Y6V_P5n6B_K4pqH7BD> zFf;!|^mRQ1c1eB{@K5AP-Sg^`e|L3sNB_qE(xi%}U`^_m@vr_-Rk(fjf3nP_emv@W zHhlB{n`I`}|HCp*+a=Hu^|}H6#WG+1gJm`g>*@HVhtDyg#c{Z;4?`bm_8F--z*It? zVLGfwvez1%dm_xz$5c6ILj%zn6McR^&XW-6^L2sQz)p9vjB7xz{~|Ecz87)%OTTxk zLg#Dz$s*vGRHqv+Lk=O_Z~l#AT5p#oIwxwtYL4gJ-XsIMQ_CBtFHT|4WP!p-UDI&L zbQNuVHXIlQ3_B*w5UO&Sr4h8pP(#WL-Gc(ZFO!Y@?)pC6j(z$C`}Five4R8T3Q`z~ zi5jC^u{9ONUd|x7`YY?m(ftzg2tf?PPsJg5o{LOSWp&7=q*7zlZ0|&lP128Jy^)!w z-W)&EVO#7dc^#-5L$deTUAH6-M(kSQk=%jaBrag{0^46|v5$6BW5F745b2}@+u*8b zK1#dZB;DbLGj*D}(NUQKHsjYu+k-A`Rv>I#F+A?DnGxN(@RgWJoWJ3bl_A{)E7I=3 z(RtQqv1)aaUDc9sfF9iqD0%p0WZWbX6fbI!$j{xQ#H``XcO zd!M29jN8u;$A12%snJEAi!Pp%oQPm~8q$_$arJV?9qLFqUPQ;8o5{2G?&czSc5zMG z2fXk&lBUw3uaKMYfH$KqAd;+)Jg(v?m$mG7AnsZ&&h*P=*{}-X6eIY?2eO(Qn+30& z0atb-W88j$_2BJa6-7ztV;9FHJOf7Z#5-o}VPiE7G;D{`VN&F#53SB>vpbLu zOI|DL-x2g6(h$Sw-K5{55c|nOJF7j`pWNytFaLy?m>6&aK-}9Q-wWXQlXPVg2MY3+ z6+>OVhK_dXz~WxO%~ADKB$)$Q-?cS@?U-y2KxPSc9K{u!epFzd!S|Nydhl<5Wpo~~ z2s?|eyLu(Xx_VpS^aEyl0b#Z!A2HB_7@aaIyBK!yot8YdIh|lCF@-478=)$@PRuui z7@`W)2_1MSjNXXpZ$*opz>yGm%@naW&)oXkz05xmJHc9J0ps6`9ASmr8MG~9F?d;V z?P_wQE0q($khoV<9no3S)sUXdaqg1>FVTRqhF{G|hA>ED#=Lr0oW2z%OJiQJ$+e(j zm1SusD)`avYg~UKD!Pu-tyM*u!&hU$bh5w4B*(9GLxXmm!3;VrO(L|@LMfGsS@h7r zd5_e{SZxq+%HZ4Ok*J|TXo}vlpGV)F>dWwElPs+0yP~o((a)C~Ginq*v0vK29b3RV zdrkn^?%OMJ6YefWq+np08`?%8ScLtd#?!#mxF-5zXE-)U-*gq_03G@z4C4raYz9+K zq!_4-g!ZO>taKQ?lq9{B%^qHg6c1JM0+78&46U$)oA4}1vVrCfh3r%hLf)`8%)k#J_`$A3K7@7g41r0Oq%O zy#5#oi;S*UtDaCRT6~1|XXu!W#`pn5srL|(;4C6O46CjuAktDJu@8j#E+;b5FD9&s zr1^to)-qKhAH3jEtX3AvFg^yQOSoVd7tG)icI`8xrO1^dQ&|-{Os}pOY#3J+F*+mJ z+(3kOcf~g)Dh*i(WyEZ3k&-J2xB;*|!ss0pmh8k);lPF{}wQ5#8~#f=_mD zINQEh&a>Z?20$#-Pma>m?US>f;rj@58|q+tD-8__43BPzZ%RBBBJ&7CUrB$k?Eukz2NS@fTznadSY9x#VN zq>9QYULf2&lCnw_NfWa{W*PP)ky`0Z5T@6pF@a@kuu6m-SeGhjkw3~`p^G2pMC4fi zQKjygE~3V-s`Qc@tV(b8|1oXAyrpLUDSb@2kL;c4msroA7l^0UHpn;ZFSg@TJPLFRwgd=f$tu!pFgc`j)Se_KY^o{GFv8(U=)U zVO3+4N6nPO{f_|fGCCrlaJ;dn-pAZ6TBELhLh#IZ?0Q%`xMNk86DB{al~LKWF8>Ze z68rOx*%Zvv8KV5zEo1F$j#Ppq-gRabn8kLFTBMu*+j zDr}ETMH!l2kDOwFI?|`h+fwa2yxRSydf1)koIlNt{CCQ*9R4q5C^`IBs-B^;qV-yP zy#Z`_UJ0I|T~)b%vn2RWWteIfCBuibLH?cXrz>xO_dzF1cvJpPsSE*qr-Cy%K{BtZ zY~-icw0t!jVy$&erVVmW5xBafeksYQjrDyam4+W z@WC+ezcX>6K^^Xo|Cxy+U81EOk8QZ9^1nIJ`LDdZSLeS4<7fVRr61rSal(bFu$$HM zSiej8b6f~Bq{%T*t>Rw=<2qxP2TAX>(`0MdSUB%X&i=MC=HxH7JTuJU^ybm@=CxQh z3-uwszn>E)JLdZLW8!cuuy#~D*iOtz<3IJfj1!+dVB}r?AE~(Kf`6srFr6<2XyhGy z-ZN8L|3)l$2l2ORk$aM(g^|nR?K@DTx70)Jnes@X~l-H<~5 z2gWOZ-qTEv_dnDG-RIKW=34&4*p!bXRqgSzx>c3byz6L+l_+-nR23|zTNTjqP^SY2 z$9dZQuL*K$+*}>sMF(gx2W+mZgOtll7{)izS65~}mZeP(2+IFAi}ZQShPLB1KuZ#JqNaB{+ev?qBd6YAsM`6l+2#Yn#IMHgS^WjfaCn>`tfgy56DtpV=K5 zBkK-1RQF%#ToDqiV`oa$51fiU8r;gW{%vw{NQBt$pwOfh-_xSb;84&lD-8Fu5cB_Y zk{q)4Uz6kpJ;@idz#vlNoej-u8YAEjh?ETal^fvv*DN`Ud6~FERty}?L0E58aB9xW zZ}!ygRc0nQZk64qv~C~*RZIr|41nwJ&I&GJnk__dpz}L;qsCma5VE0Frh9m*)HU1C%yn*W8G|+du(3}EKQuBp`IcYEwKPv2a)wDnBzNlzyqiKwpj%MGp z>fg*W+~84%Km}65yXPHL*x%^M{EB5O6W@^XhM$y}G>;kSXnDStZ;j!wlll+At~MUE z^$S@LI1_)Ev{x7Z`f&A<8kV0_ux8>cDxtl9Tjo-$1ns{5iywNMK28}UB~IFTrYfC3 zMD~sco-XZ^LOGF!RxKXg{Fd?9sQ&OHc3I-E&_dVu6ax5DxvAC%yE@b_63h1M-G1(H zj=V-jYsTU0R+Hw55l&q2W1ErGd*D&jq*!M5|A3z@mKo!pqBv6Tcw@>P8Rg-p@(m?t zb9K2Ae>zoX!iSGi;b{=og9jTvKdJq6r*z5G>VOcE%llnwuKWjn?)Ktp?Md;@L{!#1 zrd}gPJB2b|WQ3ifg(3+mAxt>IS6Gb|_|2Q5 zou~c*#?32L8p|vnVjE00h9mll6e1Q2Ic3Ct>Ul+7();Ybh#%t1vOk9Tiep@l1|%15yjd ziwyaj%BHwRDZSsteqywc?n;UX1~R*k`&woATq;{f4PwI9F<0t)wHgp$4F@W@#$|;@ z=lTCCqbb31qbljb?)&a+Z9p)?O(c%Q+6me*H1SJ>MO!njN51MNDyN1j?v(pInC+L4 zAEt+P&9!DMwS$9)$5xvKfARoQ>>@`--Mk@tE((sDc;KZBu+kQXKQOojS~Z1umR;~8 z(|U$vA)A*^L3eW?XPN*bMnC|(*EjVx$tz^i-gyUBu$N)k|K-P3u&xhQ(ve8(Mv;j_sKtD;lDNP*T3g`OMGC^Z- z6N<5V9+8AKm5_Jz&8DEcsmZp*Vc6T=&wN8^Z2T;?Y;Eg<(D<&p;jj##r$@hwRo|ci zHaTk=W(U@+(RaKl9fr|&sWF`Gf4)3?ALu(z`yC2)lN{%_9JivaYPjiq2oTV=oWF`s z-U@_d(IbBrdDB(U8X*4>Q(TlxiQrls%@Taj-6bxh^B?9vfXDdFgnD))RM9avYFAEr zMGbOS&Kp+ba?P0~R%5NTaG0ckR{k^<8zRpKs1(>ecVYMGEZ+W}rD_QFxD;^hGK;_hVN1qN9b~jGuHy=tl=2#GUG=fVM3kQ-FR9K#_7R%v3`bt4m6TOwM&;yOd~(~-U$MuQ3^XVIp=0_R z{Y%HhIbX2;a>L7+;r!bhZ~NBXBL3Bo|9r?RDgpF;E2#0Y?uZ1tSvsiuv*YPFv|05v z&`EICQGDg-o9laVx|waUMW{8QuRBiZ>tI^P^iS%sf?&i+8hRG^Lu@?m&w7cp^r*c7 z{u3giw!zaJ!XA81@Uu>Po+FBpBP7B<^3X%1DQ(myWhwugVcCIeEbfHI|25KqO$zPt z2UrZ#03U~Pp~(E@YM@@_L3^CI=sy%|`ybZ%A%Tm}ogGDB8ec6`^2XJgD==+QfR_u0 zR|MdLAoyPpcFExC=MkMDli+vyh$qr}UH-4gCx-tg!e*THeB~Usw;m6bhyFK&?VHT( z`xnB7oB!Vt_WvDq{Qrkx&F=mW!;(Dxlk8x#MMW$+piUVq{2$Kwx^>y`c6&>?Em@U< zODWm3BakB7S*HHUpI#(44B?!6zx^PEhV}J_&YG;#lJiccKjA*~ljHR#FHQL>~gupdBPwI;anu~Hcbp8jYQMt?C4X?ls0<;Y%~ z;Kq6UEV_%Whrk0fWYysmfiOEI>$CJv0940+4M0{ru64cb*c-jWFcO@3LTB-NMf%D< z&V&2^WIqjlWj`gp{%;M`zUYX=B|Pw_8+~NQe`Y}SV|-;mwVkB?M+UN47{b~po(#L| zgFHTjl|(~SkqyH9jYvaU8v7CzDXvf6zQ~?Yq)6<|fOpL+-Jg}CiZo}(>ij=qiI8zR z{oj7#O-PUzU?$R#ezwS{nN#Cs2`Br|C##K7(rY699cJ41o;c6ob#`#&+ch5 zSA#P4DBqUnyk8QnK`01)HEKzxw!9~o2If-yN;%i1{#T+JQENJsWQa6uz?TDPU@bj@sg z>mzYlgXT6PBWly@cVRzI8SjjF|Mmc7z3;XDuwIMra` zofrCLqRRk7;L2U`w%UEpQ?e1Rn2y{HyBTkJ3Fsg$Wh@>&o*vMhdF z_KSMRRI*;#+`7Q7sc-u2ps#9?MbSl@Laq_ZTCn@<=yEDpvWcAN>E_evaipLKA~J^* zt6a)h@kWAnCL;7VA5=M+Dojc99YcCDyElZ30o6SnNhqU@hih5Aj(q+!(Mv-#l-r?X zwZ*Pz^dq2ci75MUDu;WcN!+tMD2S6-O7v!}(`=RjAA;c$t^r6PzGZZM3V5Ax<=|Ru ziB|@#X#@v@1sX)!N&OTV+*i;H+WzwxFKpL}_@yctZ;V0b3tyA8h!y<^Z{2VTs&_xD zqrD1r8FBg6APdZA4o*2e0j=Cp58XwKDJp3XC#S;$x{RLPOB!))fJ(CNq)T_14@zQL zT2EQ5YB9rkS5dP=%oeiCKAcRRZ>FjO{o(pgDc89DS!#PT?iInt%ulFTwI0wb82K}& z!KDFPi6}+&;+a@W!~*kCH)m*hvPES}`u`zFEU>Z`%0w#-1X+ayZ{2dy#&3E1dPsaHAJy zt%RdT+sC0#ml8p$ZK`8gO+mF&@F2cd)ZE1`m)P`s2lf9zpaNMTMousZ6l+z<`wNR!Q!{vscn=o>PlWZZMwh6Y63)QLc5!ieLnF8auN~y*THprTHH0)~`yMKQ}neN3gKm=Fz=70$bf`pd4%V zh&R2DkE;-NKf7=TKcWNO?-X-dn8To-tWc1-k#^Nj;XlM#e{LUya%>lvea9Qo1hXK> zHI0edvjORzr&n0ZVvoM7xM?TQs>yh0Pb#R@YmpkQ`Fr+wPU60i9_S!-J~9QprGlHd zjldLsH!zbUciYE#J3t?n>bsTiNVa21CU?th)ZOJ+-9`24FLlSlF0!@Si*KC*0Nupt zSV&jIYm~AzcWshP+5CE4;C9=~&N$KzBZWeV)i*!Y0duZ6!?Q)gvz;3KZiM)Lg zUW@>U)~!o^!`$mUL%aa)8E~z$&hs|IGacB*Hw%?!h;GF18;@nbZJb}0jPUtehV$5v zCKNUHYSHF!Lp@^OjPT15cL#-?2Pij?yNmBeJi(XK!?r;)!bXUGgQBJw4QqvS30jjU z^8uu6AiC$@TAM|xe4a5^LYp=W5k(CUMXiaG1+~DLke&1q2D!2(sS4s^E4yCSKLBVD z$jfN&Ob7VZaEG8(R2q-#&YV}mx1)TGI+xcWc^Aqb%iEhuqpE>kEmEFCJC|UP*FC6v z?NtRncLl8rK_0PLxJg`K(haB_l?#ph9y0-8Fp|IW(GF{sFNqYHLz(aWs1#j=H;18rzhnL8#{i6 zp>+H)UIiojMp>>zTX;&|RAA+?!^kSGB*m#piDt)&+X$gCmxVci=mYH8LoGiMO`zhA z(pLvc&HIhOeM%qrmFc~&F^ZwQfGt_uQr(ehJwDV$le*`-Bv~)Nw2wD;mp8W|Y*sQ# zq?+)~d)tiIKlLRWXwrD&Lb5!SldZ%EW{5T(Fa=S?Dbj#ERE7zJ_Uz@z$5A>;#&Hw{@sYR4m>4FSl#X&`*trS}PtLk-mkR1L zK(hkpS_*ELyat?(nePU1Qo0E|Jo=ur>llhO?WQLmDCsFKYBL+1B1Ya0YP#xMmwkcY zFydYXabE5Qr!v!;<&Ox96BSi6IbI;B$U14hzm0R^LxpzfQO+O}4TNxh+zC~#lJKXp za0Wskb&3`obSe5a3T%VHu||4FivrQ0ev1$c>^Qi$_SAgx;3M4u38F%v-{gC6E|8x> z3vS$5aeZ0vudWC#eZWIFW^PSL4X)Eop2+2$8UCW)&|APO@?=9S(k&Kl8Uh#V{zkMy;#@8&;`mmX4<0(y)V5h~|H zT+2Pboskvn-4fIG;^H?1$3IsvnNiJhOgGWJOyn%QzR&|zAh47!j|Frfh4huKc+tH_ zGgC?T%I=ym^wm-!2sTV+5hIGUh7*X5PI z6n68MbMUiRFcKdw;y2wAd2*h%5Y@8DJ4Op1$j5YO__g^Gb8~le`8(~50ebjQxs`9z zs~ui!@2JDTw-r9*!+a*AUn~oF{rI#)Sh?9=wg#(BCrJL_g>DJHAUJKvs?V;J(hKGu z=lp81+~|gB5D&uPKWul#j%R+-ysJ%@#GUL3y+UPVU1Yf?lPjm|S~KWupUq`GYyiQC zz?7C_p)R3Y8w%PMXInj3P|T~Vq^(lD|BVMfoXA53zWp;>QJ8pM%Ek?B0ZQxB^q z*N-SZHfdF|72j}ANjR29Ax)e_{Z#br0WX!IP-pTwczE*EZPs|1h!S<|$3)*XLlZf6 zL>z~Ri(tj@9RUJIgJuTj&8bL=(z8j={>Qc{jYB$V50se|Iy8o`>*?8Xc1V$7h>!k| zZ@J|6l+mtPdhDp|i-6gNBd2hDK5HFPQ`H}6QO3OMkOfCxQAKMuzX2iQ5>eNwuZn`{ z%a`0&3`vJPgAhyyPwL{BQe8kL&8N8Mlm>V(GHlluvLK_IUHxg|Pdjb@qlVcTqZ(t< z(uC3J71rG}CiPc4qZ00(rg7}CQr672zWzvW)kNU8J!1V2ck5Wqz{;?3)=_3{S~=;G zDJB-K4PB-I*Itl6A$uRd7IRsq51VC-j^=eI0PcjAX;qz*g>@9Db(D`TKqHILq^j;T z0D#*O30Qv0+aR(IYB@}08;K~jdK`g4J4(!wg9r?Q*0AWXxyvxAxD5C23BWDKaYE%6 z;gDs?tFGk$y`fbOYWFyf+{Mo`u5a+Tu(er*%L<>M)`}xDA#|te zVa6f6*Gz<#)>=nI)>_~lOxhp~A?a)j0FDKusys8qruq?FD}X{nh!(-|l5MGBy-n#@ z&-d(A>jaIA23Kv#JZQrf@<-fU78GQ5iTWW;bowU^bR-S*Y7jG7PV4?E`+mNrADL`B z>(MgyEM;ieavR)E+g?rnKw*mEYL)|ED>*kXq zs9(#+ea&Xt2gXy)PVbKr`Tu5LaOiuc{gLp8_WUNM;L6~nefL;~O;Tp8Q{j2;CMDr~ zS4#Cd&AK`8QyWy++wXydfTdKxY&(wjg+~@-adM*B37iiv1;dNvOBCC|&*?)tk_H~# zHNmrr3T>fsuZlH6W?ua;`Pcp>HMgUd?z^u;^aI^1fBN=Iz-0ufW`P2N) zIuf{ZUOQ0&>l(`$22F27KsY+-At~v0XA}`#V(LL>r2By43?q|5h61xF@8AMv>GWht z)2Z-)a8kb|0dw21ZPca;oE=YEDgBDotRB4rHtAJWb47aY)q)U>HOnz~!ZaAKD1G*h zmc3L&Q4?le^IrKBdk(>Mx^NQsB{RfXmN`|lb8Ame-Hsi4>IBL?{Y7pHh8Cgo@!~-zJp~G7$tzgW#B?-2ALg^46k=c7YyKech#MBajMS6 zw%ZTO{Y7|;_v_rTG$hqw|}^@ma+E=_m8{uiP6X@ z>KuU(tmfg89Gf3QDd!xQZfUg#-fGc8x)yp}I?bt7mM}5}dz*QNPB~sfQi^#soW7!A zy5rpS@MjgLqt(hau~eK=&bGj*Xlqpy0*WgY@y-u}izggUy20=`hAM=(0NQ3pAL;OeT4hP$tE zp?d7WHibHegAXdR)fSe$Nwvn{p~t2>nn$A<&nP*+?#BizGHlWzw}mKECuT(}(YqQysD zinBkH22nE()lp5uHk6yd_5a1ZH?_%cR+)j!Q5!gj()w3PJ%o^^_Q+CO(c}78h!c4e znXc2V_ZOoR8Q?vbZ)ngKM$_y6m3b$4SElFZTD%5~Drj&HLhes4d{)KO%furbtT7X%p>&Iq5g{D$%i?# z&=cgZuRh|yiBEWWRRKf_9eDQ@haR|bf1a}NZ56U7`USopg4lA za11n^QL|rW^Tz*#mT%t0w%rG%D(TyMhYF$HgmHz$GuO+0%f_JjDU%BfNwl<2*J%~B1>dob*6yYl@MK-Yu0_k$!E z?(-tMA?;yuCq)oo(!DX@C;JfIU?v&&z!)L;7z?`PXPDB!i4x`ustQTkQGbr>;zFSI z?K;&8{{H(5D;Aa?1tCuegb8Pm0q)|oY`MG-ti42A9xB(Zs08>O)-@lj(8!mB(-YK4 z9_N^707b4Y22!k(0a6)Z0f<_19Ufx>tBl42wcCD;Ah_#q8y&zh7;T9n9O8Gk0ncUm zHn91Zip1O;_Va4y?d$QHnaGPI#1q|K5Z|18YYi`ROYVsVt*LG{2s8E;-?nLVi3oRt zh^9*0dEvpfBiGuQ{Wj{%bHHR(S(wv5;pzMpd1sOuhU4(r@8!FLv>d%?cj2pxJN!v| z>r+G#D9+P6HUkCi4I1$CzoTwN@E7VXX#Q?|cws@g_chpVxpBoI@5Ay74-Er(!>yPr zdWqB0*}eI_09Hg@%rxqhHI5HzzF&xW+9dN4WLWyjrb%1Q&3q~9;IbH5k?=A5_pLpz zUZWcxt(dY>py$_^guZ9`w2e@<3?uA!MTJt?mRFPhzeK2JLmMLK!`N{TK3DTFZ@Y+P zb(pu0rZv#N7dD_gyQqtF<@;8<<_6)a{CnxiU-lfogfqe@*S_a%1FS#P7bSz)-j=nO zK;+JQRP-dh+sPq<2A%NGj^OrCURtTO%Sl)?a%~yUz<08ZXO2pz#h)XIFk%za)@LYh zU$D$+k>Eldt)jDqgLH>4bW>nwjChnK4d1#8Cv}uR9PF4@-g&6JD>&<;VPu-Y*K~hl zcOjlUlRMeY8U4MXJ9Kb9?>=KQe%;onc=(RfR0KVzr_4fcuP$SFk39?DeC#HjSL2_dKc)Aocp%-`l0-X6~dC61*r;UfvFN7T=|zqu8sND?MCh?Wx!Xynp-?8Owq=M zLw?DIWcDyRFPlHq1%1%RNxn;S~5vd2>(5XB4I^5Kr@N z&jTct2O&4$3En^~Yq?`!HfM#S;7<>~7_?iK{ZzO~;Yo|*k`xG9;89w`BzgF8pGoXG z7+WvRJ=c+;MRO{BJMf-c8hgC&s~U8Bk7gr%>h`JXW!7!Ydh3MYbV1T1e1CH^1AKeA z1M2De$9f8WJoKomKTzz<4T!QS#EW1ar35s>%Uef?)6>mk_^y*)x@%s%QQ8`EgKtSg zK@+icq2-*roGQM1GQ425!|Gq9cWzQ0wW>^AB&4$qlfTH$yfSnfssB^2 zrnfU+rR9-C#FOq}DwV-@SD9u$)rrxc?y>Ek<`E#&4^CT|Wq#2KaZ0l0LBZ6MLNwh} zoDEf9tfzHtxW*1xV99xqr&5KSt%Jlc&}j)LlmTgWoLS)W#B)!EAZf_@Fl}21@=e zWd+vB8V#LE^({{y&iHezep1~_y%4B(pXK#�GZwzehiG2Vzuu;f?~rk!<@%xkU-k z#G0{(y%JQI?{s?`+BWjLVV8b#LuE*3F8)BAXs3_DP^4KBgVVj*mB;7r zwf8rtD0FrxL%1l>#j)-b)SDU6-F%}8p zL5tnmFzcpVOkbw8b9XFOz7@dj%XJ9g`U4((7j(z$K8SuaKKSnURsp~JR00QH1&mTd z4}i6GcmU9Nl6s_A7XspkIue|3XW(TZ4g4ryKJMJF`w3h4W3?arX}h}gS3u**cfU1& zufM6FlV`__JLH>_6A{W)hbKn%%GA<(BMhiJo`y?cZ}wK!^$ z>QpWA$#yTJ#@>!5Ag&kUd;-2JNbq@i!uY*cIY(6CE%=?Q+r>MDE+Y#rJ_fqS}=c^C}!-~^GrLcAnzh|n=>46(V zw18T7`Vz?QuUUaFXaVk1BTwAu-_!gZh9(P*vZXKKtGM$IX^=r|Zi8(}QwD27&ri6> zPOcY+v^yykywCu=K_Jxf{8GxD`e6%`WNVlOg?w5n$YU-XF-(YI;j2K*MI5^?210a? zP=5sOp%yv6 z#>Ab1(}^COAs@1b#hFK#VbxKeCt>AL9>gnv7um8gz=cm^DbR(la@&)!9!=v)gev!e zKamgc_7}va3mNfm%SM)N7qawM`G<33we$Oz2h^qMx=e}zu%2ekW_@z$u-gigqoF0_ zseJmhX|sa2@j-8>7T{&tr4H~?1@kfAHRBZ{Ujc-hW@!Mz7l*=C|Kxzy+{@HwSK{YB zm?ZH55*9&h_%#3hAwJCm7j1FT>c1imqK%OSnj`3rh#aL_@<9)xr6ZoCeh;D=@}gtE zJ{(yAn1;Hj0L;2HcigimO322|u=)|t@3?+d9QmNH%^eLD97ZP>9}yKEQ`n{%$Q3Kp zCx~st6D|tL*oafyDBo-){9N+*<($f(urG#Njv zfyJ@PULEV-V|~rT$CWaxmX1|bypDmXlO~VFMvT?SEtR6j;Z?=tANq?g8MmvFC(*iW z@fXcN(oOA$zypwnFfUz>H7$Ss*~JCw$N!zo3HKwZf+zPrh;JdIr;r?6*xui9h;zPw zEs}lFkabjNL&DF*2|Z6Z4oGBMC&SOm@^xqD{AdhEpj6K8@<~1ORSPc`oCZw9+=O&q zrrDem?cvUe*DKkyVN8mnF$Or=|=p z5$Y1@0n(%d7Pc20ZCW#3G8w5S#IaQCt3z3dB4zx~{&)G5L0c*3ssnXZS^c*6a>H33 zx*jdqs2ihmGWO0!%hd3n4szWhfBb zCpY|PZ-Tse`bH|8_AaS!5<>Gg3AIVNY#quMRQ7ehRw9lBX}Z_2S9H0(Ra%xZOS~FO z^Sqi|EbT|#kOMZPNdGM6o@&L`s07OGYM%!<0KWxMt94gF=7p!Qci=mtl)qgB&wm~U zE1O=ZQPY9iN>Lwdn)o9RBP=jUNoVY_5ab=Acy4NI$>Eb{>~oZ${ZqGK251Z7$2^c( zYQ3;JAW4bfj6-S!C-40kA5>|(b`m?Nc?voBTcoZRCA}5h`7ZNXwVc8!n7|$PH)_{u z4rxM?ro>%`TRF?|8+i-imF1Uyn42anCuHju=$eQm3n!kn4WD~YmYwpuViO-T0sB7m4JnbUhR@tBb zDnJe#)FlSMQ}zWg%Nz!BhCts4;a@OH5Ri5H!h-i$|EEkJ2_)e6X@B~!^-5z;&l4iH zo_xZc{2-*s7Q#|>#d53H?P%FQ0=7NXFyxmqJ$w7c>3yn-`+Ca_wf;keRpjY=w4S~J zJ!4vre2dn>dMHV>@nUrEip3cQ`V~weu{J20!fC0vw&2BV`EusrsnTJRDoC!g{O>}t znQ{$&U#PljJm_yGJ8FC`f`v8Kj)FwqpsDU*Fts&jpIZon$ghupJ@@LxP{{Af5aahNLg6^|wu#b8d&)O@8OK!-VO|r8brN{9 zxjEnePISdbu=e7MJ_C0ra2Vpo#Nn_%v)dDyz-e6GEsc}kc{OJcD|aE!C3nzM z&K~Klzv7>ZTwU$S6vYI^W~iMvCai*y9gyi~xQr|9AG`Py5;=~hVyT$IG(8an&g}+} zE33FPlmF{270LO^)JGAiCNv#0L^klR0*u!k#&R#W4&pP> z{ho6&blSxUm{c}D@oC5_f__-becd*)1hnZ!`aye(dKFpQ@VM3aiHtn_^TW5(&0-0d z;l8hf!@Kf|iaMApNSJC!^w39Bo~YyoI))D_{eD7(tx1@L92Q`H_)_g@IDk= z2$Te&_k3qWod4BextUatBY@#dH(Z3KP2QiI$R)HM-$*BIZeYBay zzxT2gkAQ7Nl@2#_m*aVjU_|s)kq(&>;2Zs^zm;DvX%iN^leVPmMLEsOwyIL;$0fmW zqPmk3YU>cx+fQLjg{M@IufaQnCJHCteuhEKyyYCG0P@!vNJTgZ;ba!XBU`Gtt-Mt- z(2y8u(e!kD)l)wD5t36ZNx7B`Ln!6yv%xBIaC|9mMxEMF5rL^w>f@o6zIY-MB3z-$ za^v0m4!Gih$)V&32`v(>*~Tezp`VSqU;g|u3$Ejy#5poGZ`esFwWfnYbC5n((E0s?ojFPw9;L zIdM4X}F&wm$K#v{=9+F&kSo=0c+O+{CgY3Gl#`&Hp`fdD-4NmoTEKKu4 zV#l|hf1+AVzN_+6ADGx}(CsdvcoYtGk!Jyh3?>iTel4}iet4(8FZL?n9p$Rg{!(}Q z(NP1;(SZ_Kn7*BtFZke~9tNHh@i#qgMe$~|0G-|)2a<`@U9``x(yMxOIP4d|SQ(FO zd*YvyrYBnq)DW#d(&V*Yh;p*b7sNB7f%tp`gx~fAo{&S;KDP$vWj|+pxPyP^$mXrN z;RJYorh@7D1jK15gaB2T%Y0vDg7J#;ff@~S;-~6^&NZ|^4yt`XthHm|n6F;~t#M%ytO;6yaPzhL*G1W!No49(R zOmzY8IY#-yL0SypvbVmSz6uM#(1N%mAji#m^*d0nVGdjusx*c_KW)yz_(g4AKs$V9 zM2C=L4v#neGkTpYmf!7ux2WP4$Hv8p4ClS?m&InuqJ7nYGWBq(uaDNt6rb&ZZ|ADs z$ji*fM_1AFRiFqS(C7Qi_-9TK30kcCI6qvTMy5_kn@?)I5!EslN{%x`bOLGkLBuLJ zm!}~<)oBx#s!3RXmQJTNDiC^H6f*0uE}ymW9kn1%kO(_{2VPUIJdJK0)r_hk!#$FJ zR}A`~{0fJ#+!*_m^4A}C;Fqc8#%l6SKu9lN26PykUX%sVP;Bcm1%TRp0d~WUe~h5CDe*aP}o-SQBM~yc0Eog z+bmW8m79jSJinq@mU?(fu<^8A>QJS>>->08S|`|3OF z#r}CFmYwwAo5#5`Wu+$AeSNVCmY$5OOe|kXHEFj@uW{K_Gr>LD;){rvhpUJuomW61 zrw+&v@t@u~$ZCPV^_idJrlfPOu?_N$1Ti_PDj0?+MuNYia`Ji>Zx> zj6*CoX(>T3n{5qUO(CO(?0)El{|0%Y8W$=4g~=w3@iS&2eCCd7rui0s>f{EE_=umY88urqEurv6po z5D1x&D3Owt{vC%VCQ|41dMb0;A}-H9yqj&t(xf0WgQRF!j7tJ@I#W+cZ!CVLl)GTv zxsqx%0PJod%<#0be{~L^=_7T{`XJdR2__gEKHu(q61%TgI4qk#SbQj!hxWqnl2mwC zppWz%0fmy#>6xZppk$9kT&I>>b#%ok=7lI$cYgFr&=3(-pPIOSn53`qIPg+pi zd*L{_!fcDLH)??w;NQ!AEa#t#tHc~?|DGV0G8N3sx`WmP zX*Ee+txP_VthLeDef9Wv>9Mg1IEtST`K%+iL|j|^k#jTmIpYp2ivqUCl`PEtJu2Gl zs~uctR0EqrCn>;6VKV1^E=^-&C(yEGDfFT1XlCGffbl*ln~ohPFiMD3R44HIn~xs00JYK^d;8WB-NhqDUiTQ>G9R9j^b^m0P(ctfU2w+u*5{pNH*AdPtJ4Et`ymm}Y-kaJ zZNw7;OkV$9gw1I=C<-9vkrpV}*>X}q5UK$o&CAB@CHfcD6>WX&L!zF-ZA(~udx6xaPT8R_ z-XDD+gP@rOeODyuBfir&w4XF&cVM>WvASw(O9MLPUbiiGm-87*+e?a9*Dbye1O+o_ z-_Q~u0|$KtUoe?{O@${=jYc@4j@)1Nc3IHNYT~X^cLY!X+KMC7K~^( zP8lsR5bA>hcxn&KDcE|!O1Wd`3B6;8U+S5>IhU3=)UTE9X+?cw2HwF7WJ~~oFXS*! zJ%3-`;j?mlxWwlTj%MX{PPv>>jglwlo;|XU(kII$KHDRfqSpYC-N_|YpF~Pmn1{4V zPlrB49>2)6GC*aIfJjIYPres1Vy?g=vFyb=-$cfsoe9PZI3GOKQ=u4TJi3&vcc$J@ zgFhJgrdmip{l=ty-u#HX>?b)?@-EZLiA;+DrxM$S@=;U=X))Hh2 z*p<8Xu&i&lb!X`2gg!@zH)cTCN57a)ClR>!G2lZ3wBOa#{KR_+E5*{EQOUY2OZ{ZZ zVXr}4RjofN!ai-WyfUHhl(lQIV`d{P-8x1ndy*@ebI;P&ilG5u!yB$@%pq0qZfDW_ z`n}8I4SreFGVp2@`BkHWSYUOTR1kunx*2;14-zRznKi-|k9SSsx^NN3M19MdW&Ye? z(aO|{>g5fxE>$57-ALv|-4Wm`XWZp*Cc%2;!iyS;6`y5&-C9RvlP~ahcjuq*cWjFB zD;+y0<_m)xYCAI2W`C?wddTDrJMYpbrMOz?(@_!KR;A~5)6LocD1bIofv+ho`3(36 zhOeHvM!=%!QU=AmqTab_fsf#@Z@KgEU>YlH!nU^KX7WoXINu79J7|T|f{E~Q;vp*W zQL5AXyxrj#A$Y}~KuK0FeI>lQEWAW4Ql+?_om%CxZ)OEl$DUyaepf3h+S1ju5&yJm z@6S{y-fjGqUEJR%~V~SPRA|siE5$F?k_J5%-ucY##n;f zy`^41qjSmIigzs#v3CQtUxljAM4M|2l~FfxZld~vfCH-w#~X3;R_ z3LgL>SnaB3g)#lDY~0Ne5>Tr4_kN=7vFDK~f>EDe*!A8V(~+L{a*G4SNyY{3jTIDa z zCzxcja>{-#$@h$#z34fzYp(B-X5^Xht;b=|SNJyy(QCE6$WIA45&i&P{-i}S){28J!ln+=mcAGj4BPc+C>l}BGG7z*Naa}aq_lqAbLuj zs-q#!M#f$*+WDEAH{{VGNF_H$7H4(!XA<7japSVgo$5%)L2cE5-j95#>2dUSq2h58 zy$b6Jjk5bSxU7vR|8Z;GCjZyYd2tA37mk+=)fBm#%9>#d6QGF(aRT*&5oSGW@x#gP zXcYFhl&|)sGl^2tjQ5J>!-V0w;MNcpND8CPNlEmFW<*zr?!=i+n)dgeLfHzAqC!Z_ zw~>o$TIn`4(zE<v1fzwkAB6F)(EW06LI`oQ+qh6uV_5_Dka$+hu9e>xmTvbXxi~8ykvT&luj%Me_3j z!M~Q`d{j$=1jjL$xRNG&9MxO?8A+ilK-rqLbZNkGH~gCbDI;W0ia>uz63Z)#~vXtigj#?__`f&uwqg~ileosVhEe8)&-Fv&fkZlBCQtFeWp z@PWe#*kmHtVN4yIG5yng-?oOUtSi0tZE$Uvdizjh|1C!b+VaL0$59mqaMhn)F+9~# z_>1UaedQf-59F9i!z=LNhjv*96Vdx}_0*Y~C1E_5EgkfkV|M<;L)&&yOsac{F#?Ty z9)yW8K4>7W9pfGm#~6CK5K){K-|1>5^omJF+VJ|qBmTNplp7T)3i@EZZQQe)6}q$V ztp#|#MD@i8Wc%$^``86oH)5(1g7QK7D22I>=Z0DZl}O7Rb19njh;{aB#~xV8M9r3v zqj2)qu2LvsoMWZyvRe@C~hA=flp<^Ej>{V6RYVrC*-x4 z557gfTguzl*>N0oZb9E2V@iie5Uam!Qj2j-)TGrA)p2Mo`5f#kv0xv->OJA28HwO{ zvQU?9haA>2Y>v-)q{{;OC9D%4W+b2Mh}KW*ys7ZY>fYw<(bDAVSbnKEo}XW5H2*&{ zMq6(Se6nh_bN05jJyL@Q;9hIyhCRb24=?tFkGlile_l)HNv@0E_1^||U#_}t{HK5} z-)D~GUi6Jh2s4CRu9(TNy6WXgkoC=x$~jAF&9Y+_#M|!n%R&AO1~9*uI5n6pVc9&x zcrfhm5O6^eZh7Uhl4>d)T}#M~5OzsiHIC`OUdLEO80CJ(a0bf{8^9(wx>9H&bHXk3 z0f>VTK#zDBPh*f?|8bEN?4Mdm7j3-6%}SIn_V5G7)(L^hJPFEvW7V=A@7hc#Jg~QF zrJZEX!iGZ<{S_jm%D)R^AOxa0l^7D@rCzvKBkmpr)(3Ss?kg#QC8_SIjgt^tWWcB7 zTisJdJNgK23BD^zHLRnw& z>M+xa>SJa4#-6oH|30xK3W#3r6F|fbkA4%r{=*3|u!G`vL=M!;SG}n}3FP$VZhpzJ z+ix>`(NBVVR<4Bpt+2(B!)=w&-%Tq=YWX-3EtzQ*vDDfRkR``w_73r372iZn70Q`V z-52N`;S@xIffFvid<6;X_!|R@hQTQHQy-LOYdRES<_u#})V;nJ-v9~wmULH$wD-&8 zDM)!DDY{)_l_5(yPRVSwt}0O+2XX|{8tWH3%VIfc0BV*fi4KeUWtQ(1$e_V7R#T$s{cF%Ip*pqNLY1OzwukNs6Sn zo#S}rHF%vbINHZ&zWP!_G)cHiLpj}bj#_EtFn*O(Z=!2!)*o7I2RPm6 zZBeHpR(QW04mf@eg>ux?W6_c_yfEMo?brZ8`H8<7^!aP#+AQhSDT}g7Q@Toc_<@i1 zaov7=s_jw=fW-(%H8PAH7-Logza<=#mI*SYf1?9&s$M0h`M!`aiVcQ3VuGX>vLpRX z0SX%fUa}ty?fRstUsYEfBZMCg1@&)?tPc9U?qD$3(m?qm)|^5Y5JW(MeJC3)lK9up zM5{9$($kWiFwh_3#F3&1+e4_FyqwEC%U}k>O?vJHNz4#kIpMx9aY{Gfk8#rqNq-!% zkW}yRJPvhObtYbrWi#@tVr%M&w1S^0#@1FAV}`zt@Qgg$hAqdcGhgiwd9F&RHfK9e z>FQvmsFrwu=muL<3@rX?|;ee*{f=hF)7fmb>E0y--N?ri4dU>vY(DL zX!9)xQ4{J3Q1j3NaJePXRCp;VX#$@orR|rA5Wys_5gZMfbs6?*tJGCY^_{S+zJ8M4 zu?UtA{3eQET1iU6b3tsy|Fnh)k1;bAIGsv59{;1)Cp8Kx>yxb%38A3U(nG`VL;p9K zUgZt<-!gsd2Kes=B)zh6d#tWb2C6iIIfJhCS92_X-p4J+sV{2)v8n#%f&c9Jx3Zl zK#eazP9(Rl>gaew$7mD(Em>Da4|-V*axCd09oSOuU<|eGQ9kr&q^3!DsmCU#@UVH^5=uxr@ZAmD;gSn51C#5ZGL1d0q8+s=5YhvT6D2-y`T5a`QfXf zk@xF6Pgb`BzpvgmN_F*VyYV4hvIMBF)gsdKr*EORD%qtU=<|!u%^HOW2S?crl|owvlVfg-hnV`zsKs^C75{!&}3u6;S!1nW>Wynbc-If1 zA&6uK*WzSLhL42yZDyEZ=e7?`MxtxqID2oRbv0B+CY98#|2w8KcjPa)3#dkfamSTl5R78|#dY~P*UqkPxK~1f!WpPL?xm>jX$4wvM&940xxWfI+KzZw?C<+5qmjHd@eR9 zF03tSx8_?;KcCL91^LV-*tK`3Bn*vtK%OHK`vu3jDP93-V_>)8P}Bs=ooOyLBL@_` z`kgT*zz^Q}@6MIq9?#M(Py8BjsH0IpRneIUhcr-ktcdW?O-CfxaA_@6@Qun0Y%}&M z6=jSt&^5P26+l0V41q4rDDTbS-QZqrb@qm68?xvfoR6zDw|gVVBSf=AsJpvb*tu4; zKvFt~Z|XXierXMVvqn{uJaOO$3Gt*Z`{e z{F*pw^8W2$&!;2pZRhkrk&~?tZ9XILn{%2|<8LwoEut={JX4zbG-9{rqn-i%ab};v ztvEz@FaIjxV~)U9mEl*98$DV_ikCl4?2-x%vy*{dv>?_QP!Q)tk{g4>wP7^&ll6V83mVOmZL(3-r72m`EI1}pQ39*=sRMQA$W%?YM zVN@CI+fH_W?toIAQmd#zBdgHka}%+d`JA(JHdC|V2oS-O4ABjq!mp@LqQJ;9DcKHk zV_Q=RDNEsb3@9K_)8daASTBm4i zQ}@0?Gb%Pt9( zle7RNC4>V?Q8*My7_!nLEOi~q0CgH1hr*kWRq8Pkn;f}oE7a7^J2eK#e{VF*v)h%} zVP%B{7G)AA>?oPtwurAHKkPDym!9RQZqomJNpR zeMf9?eYw5R+rzKjGqaU(syg-O$*3V&PtqA%+|TZI3{r|!#aozEkN9khxQ{xAFt}-| zjarzJLL6nPE_L$xPy zjINBs%$JQ)RMsISL6`2_{eoeT));!X2N$fnGNMzjtxMbIE>0TB=?oOa>}1 zxYB0Cg!*;f(RqR2PZm^7eb9ReH%XdW&i&LU@8dI zp@2&)_odC*-esph`9&Y4UANh0$Xst``qYg15F=}ERqJ*H_p6uuPJxoCZx`bHWB5F! zJ`b^LS(1V@k477GuzZ4)M0hk$Y&cWqm{|gSQvr<2rh(faHSpQJb9DNwAlgMDB|BQd&#~1d$5Y)_)bOqAn z7MeuacbsAx5v;FdzfyEfkO3$Ugt0Q#3*M;XjLtt5q<~lxYFuMNthGg~`38VrfZ+ll zI*UGkSKz);eFn+GthNSL(3eEgOJjTE?I>jYiqL>h;*D?tpKx}cG*x9IuXsGl^NN*) zX&a57_nBpuNJ{&G!RysOK!fvfQRq;Lb4(Bk9o_F{#wL4j35(PX_wMSUnI}c*LJ%;N zkT3*&PAfB&61Xt!-mun+9o@xl+jaeicrE!4u}$l-dXHb+6v9haZSW`lppP!6WQoFY z{MmKw{kYt4Xz#MW|KvMP?tqtorUQRY*u{0cm_IZsYnv*l9dZ!$7x@ncLc|rUS8>q+ zFSXT3bjbqm2)A<{7zd%lk2=3NIz`R@p1mcdb}lIuy8K~kIib|z)R-j5&J!5wtPaE> z-{ihUL~|kS_An^I-FmLqh;63)B6X89!qCAedl^kss-iN5;?_WbfOk_vPbEkNS9jy| ziEjW$OML_OZHAYM(7iE_?%kgW@nJ3AMytDhpAIpB&KiNn88T!LqwL=uzpU1F+j=X= zm#!ujYb1ZOcObU}xQsn}-{ih=nE?a!Hf2yC+NOld46V#OOCfR-)|q zW{%E+KOF{#mHW_($D>iV550vahSi-#qdN;VMlf zhh!TZ`)eLqYy~nNp{LX(<=gGVh=LH{1ktq4vI>n()fvoC#05f37u2AkXR2o3oY&h5 znV}YL3kA24_C3h)}72B=Aa8{7PWqh=9}kVJKainwPByMfB$ z7#xy`PdHS!JZQU4=!U5?3F7H7ygpd$2kv~nIWdpOu$Y{jHjO3uH&yI4|6_Nt1@3C7 zcgwXBtx_S6_$@b^zQN*Ly2+bQ$KJ9|Fsa3>T;-l3GAa^J{PQw{+Kx9<=W#?o)uK&pxq1GEdfOZ>1$Tg$T$*GfNF^rBA{n-<2XL?9_R}5*yq@L< zfsJ96U0@8k!SzGya1$mIlu@itmm(YHm*g-Enk_xcXk2rIXQCd+##)B@ICEBqk(pcDIR|^jKM~z<%)^LgJL!M7=fE1aI9|HSXIrf$ zt#@-~gwls5l2YM|H#WrUMH%*e3a#y|_(@azPg1r#*#Z4SDVjIJ5zawSIlY97f}6yY zO;+lcDrBT}?h)kkSuV{4=KmG|pF5&3P-X>&_n$3&q5tV2MKI2ir5|B!Ckr^r;d$ME zs93v&ZQDm;6b|3R*&9PpnhNw1zYH^(BhtiFtH$a3dCYnF{CxU{Z?HmxyYuIoQyxsH z9lUD!-+zamU&A`a#-2T5-7S|>5nPM|i)Ncg(CuX9Ue$7KnXv^V43LG?1`rsol@ON0 zL3Jg+boPGFV>PpNsd`}&6Xm2KMvgi?$WsfK>*>gK+r1fKwyR;syY!cCXqRIB8V^EE zMP;KuKU|iYj#U}-o5ka{#_PLu;FLxJ{kGX6pE0}hr69VA!#K%X3V$lcUw?#AJSF8q zTwmlFTcqsmu&i+|79pOGI~-&?y;~%=jGAMN{z;X#$^&_GF<#w^rO4c0esCX3IgRB( zM(g$39?#SC?<(wA5uoGgx8tpTsptg0hS=JJmu&)s#7K{!1Miz1kZpiBxkBXoCQE~q z(AmW$j60|=uDC73Yu(5G!ZxKE-Y5;i@yCqb#we1QH{71}@-R~0$(n)_A1HT&HOS{W zWfm>bZAr^-+R}Y-e5tR5IbgA)lOeD_!S}%d>jI6GYNq((kDdjO(Dd(mp`_#X$+C6mD!rCP z)gmJ+jme2xTS<>aWRXttRHkU9%->jYxM}hWT=m=|ES0oW zbNJv-4-%&L;Z=>-UYB`o`DXe38fw>S#Uq0U61@u%2z$rB>zPIOWFh0ldoWpr%}H9O zPGC&jB~6tr4{6cJxH|$)CI1SleRs*?3n0yWv1TIGKsAqMVam}Ce~i8ZA(8v}!=U4tQL3h3_OAzsr(kl(t zuvgV$J8fQ7ZhOA@ek2l5NLrqDd?>xPlmCU*ST;RVa>vUJ~X5* z7J>3zJS75946CFB}ZFQ|Ixaw1oypYPYDqgVmgoDKqcfjF)CltTs>mw0QN z;v#iO_8G5{f`{JTMUpYcn?`;@Y1zk!!rjjhpZiYI#%!3xjih;R{BzOIw9Ul*J)fgW zu-?pQ$3O>PC?!Wgvz9*P-{}V@wE%KAsi$zAf$sTee9r zBx^}U!y+kuyHpHJq6RW}j@UEy-0ZyvF)A%|+6!EzM&e>b^XzH{yK1Gco8%LY{|~(4p;o z@Mo5S+Bwo}LrGG@e>`zyD*f|>$Y|f@J3DT8N3_o9)`S%eWXxTuQ)lDIo0Pr_Mp@LV zea}{MeN^ggmbDb33m=fj=a9iKtddP&Pba>nS*CS;qF$mKz%h{!ar&7E|Do3;Qq265 zj(O(mdEpZ0!j7t}Cn7bFr8JtFc1?)DH5dhsK-1Pv{zent!sR#57;Ud-Z88GΜF^ z;@`>CjBk*ley8SeG7&a$=D%z^EIHrO;NHJR7I|yZCiuab3G1CKCnNO?(!Fh`1<(kQpKqRTXXW3Mj^kmQ8%Kz7 zk^V7-Ipo*A{aqKjRw%^IC;`(&%;udKP>{{sMB>g%1Q>e8;_gF#)h_4AXyj z8rX00#jV1FPV@@!jX7!N>xWqdd>2%wM4+dAlb#YZL8{xFt9CtytKCI88s)tN;(fA6 zc#fhKdL9E=1v%Xi5~+V$pbeXq#^swN2rK}C8xj1$&JBPz9$(VGF+Jsny6 zZmsiF;%A4iQ3hP)5+D{_|H||Xgu*_2Y<~63cn7Y9buPQ^KkUa}0h!x*$SDYn zDS|fdt1EZZoxG}b{wETxr0?+0oAa>{caf?yv59CmT&r&*5CLS^TQ6v^!-@DCbqHAy zIkbk*zvtTd|21*AEBDsW$+8W+L676E7XJLZoGtwj`TMdL|8+siI3KZ0k$6|S=@?!H zeYeUp(5RFRCuDkH$BEqao$zem<<{F*GjDiKNW2pWc@rjoK+wNYSK0L*j)$cIM{22) zM+s8QaBn-=nzU8OxO@7WtIU2af?0O!k>-yVjeE64c^UMRaCg(x&j>}CsB_ShDwRi$ zqEw%Y1Pi0m!{;J{I*a$b3bb?nsX5JvykMX+zw?_6_f@4mrI8FbRhJ)k5i$AwgMQtD z#~lMbpoEIa%-0lv9*AUumZFpv?4EUpqZR4xNRLXr>dC5r>h@=kF)DOt_Ze zlo)&WZUFYCfHv=O&c&|!baPi=iV}xrx%<6(_j-G-!}w#f_;nF* zCRacNV(~3bKWZ;>CR#w4-`7p2qRFQD>^dQaqVbQlyC%F(^5l<|iJ5hN&5KcnE0X84 z=T6eFqpVY|+;VwrX)GFKys922({WJnn#+f)_my$4sl?&LoM4!1r21~dVUzmi^>=)G zZs2&S^*BjNI2F%2NXc)w(QFAdXYWrchJcQP`|P3WCGy#R#3qR?u=2>FeG%Yg>=cDHrIV95)nRA7LcECNCnlYO!88JsVBO8iJfU#}ylBn~al5%0$&FjeYuC z+}LB5Meyj6kez@GCs38pYR10<-6%xKJdL*Q+&AKnM~% zqK3kMW~#T?2;ysFi!(9Qh$gZ)rRHK+Z!MbsXskG20(_x-qE%x|_OGmsy2lbrvPsPf zbuD97*U$8JSf9TeMOLBs=Dd9oS(q%iQ@%Fo$vDc#y)J-02%N-2Qoh=e*lQaJ#hI)D z-dgI%3M^;q>Fh--&*6|O!)g*_@5M-5AT#>1_j%+VxmP+ zukQ?v>G#ff{hEnA%eOhR**xnk=zmoT3S!`wQ;_8$yR>xDxd#h=vxd-%X0SJ}pY| z=MGn$m*sp)qGdY=gjenkJZqp7DvQRq7Q7FFPi5RHa@pzVh2Z7Pp$j@_gYe#{FCcb( z2T)Cb3+(4LEoNi}>;(bO8X<-apv&E23bZk<@&zzQX+VCj&jVS9d<ixw5$uifbUnVjO6`&PEbjNq=%N{tq5T%Y0WaQ*SZBA<>_yo^WQefv8T#iBz$~llyM>>*A2y*(#9o}gJh+_z4Z^oZ!Y~w3A5I1tV zh?;~VTbe}D{<-7n7uIXnC)8QpXRi=TIfd|$(=AfoAap!u2%MisM?QldB)Nc3UDNd; zhrq)6O>5Ww$F4%%Ojg4ih0)@f_pn(G!M5!0%jM#W<6;$;4+Qw+tb*jKVp(v%h{*t) z)HWE?N>qIeB37u493QYW$kYV9Y$+tq?xHACji=N)ZOS|Bq+;%UAALT2?pNLw6B9c zG!MbINm7(8i4pkY2E+R=U3y!=^UiJod{|i@%NIf`j&5wDQL09C(U0hPtCgu6F&N6s z3SI&F=dMbGH1n_ zGJ4L+%SEj89qg1#Pw^b^lL!COLG5bJZjdK=I4BQ3d%Ev@Y!DrZWwFX8@!f(45y`Pz zD?XU2_kMDbD}W?-#gA>y7-82g_Y;4vfgP%(BwCbOzo@@*I4^Ow8kJ0EK*SSfVb|&!S2lZ8IS{-3aB_Zr?F~E|GejeZ z%L2Zwiv(4a;avgx4C=N?24z(XQ0?Wu9kYc7rmM`%1P4ESwNB<2TAOzrHfsmVDLbpS z|NVe2QeVsed1~r_{Dbp{MTd#LIk~LH$Bp($vVT=HeqP5D3aN9QdB&O+$q#=S9@N9M zq#I*>XGjoq(JxDivhSCwY`RtCPrOLfX=cVYWaU;ZJ{$ZkZhd9r2c~n#9J%5{R;mPr z$SRy8PPdpy_@>{f`KWgB^_bH`)NH)0*`0ntn+2VIkECU`{h8S~-S?)Ng2p4vXro9d zaJRFG!i%T~R2wYMp91%YsX*okh-tn{e_AC#V!^DTtjQ2n-XY7Utf|1hjma;=d!Q>3ULzqATI;38KiU#geqCY&RM`~1*tM(?Rix2wGPE0KLV zdkNmo!ryj<;qTVw(MCsR9oY97Sa>xOS^{u_7}{16P#rf}N{juAHbyR)4#L(_OmKd+ zztp>I2@8{xiAIEbY$Iis`vlHpebTP|6sG?YMwU$MZ%TlE)_*OHYdaZ@aAP2hf@&v1 zudSc#>8!yQ4`4C~u|)qA+d}VLA_4mF3#%`1%MKqufh&hD58!sg!DJV(+bInL=0!?b8mEKHEL&J^IlWS zSMH8~93Vf5^gOLZYMDf8c*5&wcwXw^!zoWzC)fQmGw!moDGE^XiHJ``2OykK%7ps% znV&T$WlL^TNecFX^mfa~k&ir)90jkjw%rP=Z-eK`UO=fT!uK!0(baKJi3f0)w*c55 zSk43Iv?S$k_L|QM3pZyARP!Haw@U?2|H$PG!WRu(<1A%v`PHchgg%?l3I@;y#kZbe zZAhV3?odafo)VXiUU#}!Y8s23>`%9%%N^URq}I;Hcafe2JKr@|{{njlXO@ zz;n)2MRv-Qp9vJA(7zqzq#fpSLa`X&D@Ri{B-=C6kn@p4Gx_6cOtypZ%W{XD4JR@g zPZpn|ZOZ{J+rJ~PK@Pvn*$7ULfk~t4Dv!0gPDzNA?AO5e=i0@FiCUY<_I>cp?%lb0bTMJe(h_tMBkzq{ zjP&lLPu8FQxK6B^@})d~f=k+^spm~19(4738}u+}(^EU>rbI*&TipV51KCDp8^h&s zQ|4y`ZiVZI`}@|4%)?0ST|4eBQTK^zD*6-zJ6`nvf$Od^BlBuHN8SFVN%AY6OTx(2 zOwf`^l0&HX*M})&mVbf3Rsw_nU=Nyg`^6?s7Qz!3R8kEWqWf8MX!`IE?P?Du{J}gB z5EU4tG0lU8hEmCCEv^;5V-cEg#Gzsmi#s$)+S=gYa(|-8v({tf)Mq$+B8_q|Ty2!B2rhYr_9*MYG{!ar&NHox9W zy+Y1KSYp9UqXFI?JWLk=@!7w(OYU3MGk`hvno}GMDh{##>;Sm8|5!RZV7C1by8O@e zZS!cOYefEdqy5V}L4*CaX_r2(6xEZqg$KublBX-OKZG!`Px zVNf*c%bHA@BCTcjydi5QL@Snp0NN6adcTaV$J})ZkCNfTYvFuSEub-;judQj*&}L< zk+TvC6hrXm9p^v0?_4#P8U@p z;Kn=B)lgO+nXl|Qox{sYj_1yu%xO?3kM}Ls8NnrCdV$CLE4LM_O?fQFryXk#kE8)# zTW;NN6~;E2<*)Z=pXJhdWIOfi*2cxJv^i1OEem_M^5azK?zB%5#Z8H)oDUKqRVoR| zK}F!lAt^}s3+I7!huEjuxS@4+U{Xq;S9<;F>L~!`ORQKcjPxJ81oSihH?aUat-KvU z{hcfN5I(s%T!y_tiONiA$d;B8rbYtF#^U|FD$Od$iB(J9$Jjn3WvKA2O$ZZ-1MyIgSvzW zrfaxkYeH4izjZKXdn8o!0BA^lyfrXc>5jh(8x<$K87bk(98Sm;RvX>Nhd&7uvwKL+ z@=wA9fA;?&OkB?yECyb~zqR{(xw>@8SaFq_t&lI5;cP#znAe&_8-K8^mpizw>;OLN z%=y_jaqA@&SzngfXT8r)`7^t(sXXtfLx)*2Ff9egJ!~lLcrE&h|r3XZw&m|xLd)5`RlQrzq zZGnh!XqPcQP`l)pK>SH^e1v^EG*_br=qH1h4c;)%=9@VV?4u;}BCdz)s{MG>I}6AY zZ!AUxVe#~ht9&CEJl?@-EAdjP6>j$#PVOOV6Aoyd7u)P~@cWQz_w0b|1c)gY-9=K$ zIV2+H3|cMC(Cgo_$k)TPnlCPiWL3-mFH)lZ|3^yBb-@*GN33t0gX~i}aMBR@%vsVt zOHs0#*rw3;!zp*`G^9k&j3^)cmSSnut4`UMGjXW8u_VZ!`yE)Y7ZAjF;aY0yNkLUN z4=C*UT#GS{I#R?Pf0_KETtQ0}-%A6>#+^l-U;W&J3E8taMjpSC^;1Pj_Wy

    3bW1 z+xNj^-_9U#%~8KXjS5K;10+-J(FPmMU?D~;Vvrps6N(b%blT_(r|F^Nc*sOsfw%GJi|VmBqP&mDJ&aM1Iz!W5cLxXSI@kPF zl5|u{hACfTG_-eitd?w!5I*G*m!TT zC9uT&)};?%X;K;tOlsHdX_)yesx0lAxYcb^T-PRMy)IDPNkU>wa`a-m(_5NG{)>MM>G{p z)LGvEK4)M_2cGlh0Z-NOQCK%+=KhS8z|{#)7I0tlS{4py52&C4$(p+dCmI;=O%4=k ze+pgOgp*0GsD`b@g4)r`b#c#&;NCe~ZVx$nUA64Zd5$@>S-bzyu!$|C%`M{38*3wi4=mSwrq@GVfAbj|@yoG0hST!WL-`<%wo6 z?k?CjMsje8MxoV?bb!Jn+@;(Nz@Tum7^jlk_J=p=GjUsNW4&2GA(~Lu_mA&(?`95$ zxRcnY-}!0sxZxF@`-<{%HafJ1*K7keP{G{qVi4-HO4~{59!Vg7Fho7a z#~jI!3v9lzXxxX+zM#HJt-mLIfE+y9H;;gF4}?3wB3dKwH4j1XN4n|mfJNl+8Zxqzft2NM7v(+RRIE1$ zQ*;M}k1Qe>qQ&q0qV}puSxk9d{jL2=x#d_~+?rDyYZvFMqjjS95v;nwIiqPs6+Naf zEmQctK|G_?QD^CuI?go;Hb2MwoK*Xta*qH-)=Sobhl(UoEE zCp>G?zsqVC%f4)yzi4>xRG6;Og0*96v$_nw^x(4HseO3AI6*%p zi?KJ19Ce^~A&Xrqp^e{djpaYhpmQy}G3)?1h)9qX7aPKGX zzY&Q{FSrSxB1ps5d*u%5puJJRo|su2ZHrI@frrkv@Z9=v4pd%9&uIv6G$Q$33A>%} zKHOsb8cGKDweFNn*!yQA#1`eU5EOHd2sgCkebp?9gosGLM4MASzaciER;{4rGsS>P zgVn3?!pBkc&(?I}<&CEv!(`<&b`r#k+%>wf%w z8)x=@Bvq63u5p`_SWCb57}oH2QcBH-vz_y=vheS`E>d9t!EE|*p>97x1SHeQ%Pwv} zePpvRGBgWhkm7-OLUBprG+ueV7)zY5d%nKK5h`5Eap-)as#3R3-3;|fz^gaBgU)yj zBNZGZgSR>%s&VeV);84aaqslL+0_IQLPTf(;@sCu|D0~O%NplpXl7Ht1G}XNNB>Tp z+Twzdifj|@viJN7RibMtYGL|k5+M!yyScQmMxhJ=KiS+6+*8WIpAu0+Sr-Wn9@AOl zN2P^=A!LKQo?+Ly{}guzm3}H5;A{$NX5c>#vGXbS^JFvPt`lf;JijUz{uQ#Lah#*M z7FII0x0IcS;OZh*bM)Y%BpMe9AF>t>w?66AUIkQ0v9@f0sh$}>=3T&Z;hWW)P`L-) zGbn=|6b*Uwg+Tc9{LRwt!B=V{XVm=>J0dJq3(C43d9HjvP+P6Us^vKW8gCw?ac*Rm z1bU~m7o`uTb$+EpoI-cUM)1#e#Iz4e6NpymR&y~oDg{prVsK=qY8qPl{XV1+`_4`h zL_PVzi{YjEFx6d8bta?_{Th2}3S4W~10Qog0fyl%%X-j8Fj3-r{Z$3*>t%J|`{U>H z_j@xS=wff=8iX>wWr^s&hWG6c)G)ZkH*sNv8rTHza3w1=2-x-B@$yqr=tT#`WI@aBih}Y@SK3#@)`k3|qd4Uhze_ud2C5>SE7RtY+ z)ZY7P%omWy;;MuK%=3nONp$zB;Qt&P3G0;s3`p;IAEw=!Z+BzcW^}(bAdVKdmei|E zxx>CewL&LyIb`|cK-A%2Eoykm7vSx0kt1KqV53_5|4HYlgPL@rwP=*q!4_j6z;yxk z8}{SlMOO_tY~Pu_Pyxv~SSOR82<*S#x3Ts@?SPx(^EU9BV}D4z(FJlQiYNWs=OZWD z8SOimXMci-Q~MJovD_N@i`wdbAilkS}N%;s4A(YyUA`nL22;X?#-VCo+5 z59GT1eI4*~o#(f>09Eg#y8>;WX^-QVH80vf+7;T?Ev3>lVrIkmMI%B^-SJ`js zK5y*NZ%ULiEs-5wG`pzp)2p|2Yv85yfn{a~ZpaUwp!oWs!*oFNpJBT$S5~Pl)BuQS zs|Zj%HCmjxCV-H@S*Pq02y|ao3UnqE?|kGm4@TopmwdcBz7vp8#na{(dEfzR-2=i4D`JJ?S|O2Ubc+X9B$gJKJuVXmxID%G2S|;VnJ3r*VJEGmZ-tR0T3hJSe?mI0JU$3Lc;wBeD{1x=arN zsiC3j*^jQEg7-n7Il}x8Fr~kH(9q@h!gzRxF@GojWlo#untHh7degQ6nAAV1c$_T5 zu~0d;PrK%J$1i6=|LmTpo1!ftR$c%sno-X9r zKUTEg2u8pssGZiqa9Er<4Uv^*Zx0Nd=PK@rra>;m9}f>jdU(HL{tF^W(A4lY5>K%5 zo`XFCT(ZB1e)Iz3{v9WhF<)u0u@ZFO$=}hQ$O|TKCEnRZiAUcRUjz3|oUG*~2Iu~6 zCJBbSC(G|BSEn}8+!4F*u!GJSla3p+8lhf zSSW3kwVY@boEiMOQrHOIdQ(iSvy#a-omDlBJu_GH@*2(l9DksJSXfZd_FO`HI*|I@ zDYN89G9HufRtva=4+R5}EhaX5vHHDXEpO?lAmRz2trjGr*aJaR3V?hZ+H)2G146Dx zA&r~yX`qtRj=_HrqT~=$y7Ed3jRo@BnTa1{&tV+!+eeKVE?-hkq#;H!Xn-qvrKZO$ zsBw~AA&x1`Tb}eQASvztu4HQe2<_OjRJ~--rN6lubcmqB3J&)Ce*gZi|K~@peo|N9 z`S_HmqSzTZKIbQ=2p-WdIsD5%N)Ye|-(y zkuZRhIe>GlgK;_tFD}~OF8NM-sA|{$@4Ln7Y&=0-XEqD{t;P_8*Ju5)RITMnN#5wS zK9VD9D|iu@x-~pnskt)Y16#^$_Hv|uAb{Yf@I)DS;W9AKAA*F0b_4zZ4kdW~&zLy} zqD35{v77uu+UDcuQP9RrA6mWwPa{K`>QNbT--x`D5)6Ki?I@HJr#UJ%p!2IaH3 zqs@`C=LXHTbzjgQxILdQJvD#+w|$7f)IP(bTgJO{MH(0sbd%4)-?XTovR-c*aRsd5 zX_#&O#bAl>ir;HT(`j>b|Ki>T#acT5eb_B|BgPkpzxM@`pbwmw{3~XUjab;Xy+Dx? z!7>%?JxE!B=Z6F^e9@K#G`p${@$|W0?i*|DDK71BPLuM>om>}G}Jx&Ok(fmbJv z9D(}7Z)mapD-inFOBxz67fC~!5HK3(i`v$pz%nDv{es9D_KWh)S%+mlFZXaXybQk; zdHh7p1@VrK&kOt@MRnHM!?Z}d^_yS8AB~+(1?Aul>Nn+t{m?j}o2CjAE2goyI3c8= z5?0^d1z`$NQSc$vAjg9Pz5s*qEcKcnGmMMoidv6qC@Q?9MWR1AFBe*1A<Tiwx(qMLPTh>B)>Fr%D>E1y}nc$>N}uup4Q( zDY?)DrCtiM_*Y(?liX?$UwXALn91juXCGz@D%?nn<{_Q*42c|z4!mHib5F^DV!bi% zXPln1u8dP!!Frr-xcPQrba-$FxQ9KT6tJMP;y`cXwuElDBdp~^+OtrRRyvwT`nP<~ zrFGpQoEr2`g{G_R+t0DQ93)(kYEBnM{wAG6Hk`6pUoX|MOD(q;A90=SkSH-+Dff@r z*jVn@gDzSsIGYdHKC&`JavQ{Q@H z&(9C#&;;E>`c5fb8xVnsRN6LYi(B$EChJFX@F16-M)>(J)mtEu^$~$jwE+7j9VzoJ zld%jV(Ydy~3i4>?S5^Ntlqs$JxODdMkRH=138ZbgwZtHU3qkPOemJ*S$E$*t&@(LF z8(C~1QIOL;Y0{5^E%YD5l_X~GyXI_Q4#Qudm%AjQcH{YwjDMngF*yi8mGa#u)R(0W zhjLjdLuEty2-=p1G$yVmVrO*0IBfez8Zb{{lXp9UnSX9e`gT3DLq7=45L=EmrvS-( zr2^(zORa)_#N%(t*zzG3aVJy4Y2l-(I+okC1odKfZDLKdg#S>S*%GmC8~Bc#vA-E% z2Hz!c$AHoK7ccR>z@6jSSt`Y7ou=m*#V`Gmrd=?gbTXl_2eL(gTE8VMGwk^=J1{cb zSRHChE~iH}?SMl8WpSKSA!Yt|8}K~k^a#)zQxr}*-EYRA#>6T=0AkmO%mLN(KIxBe-#}`H6hTzUs#QL+!(&wz)g%_3aQR2dWEx+rQj;z_1P{RL+367MQ*ohnNpAXeyE)kzjAVeg_Ek`nC6}NB%1BM;h5cRtA#K3E_vZBH=r>)FWjW)Y#tw?OY zHl1zMV>G1Pn`i$z01_RFzWN=Wem6Qu^7?-Swsq3%GC$ z0S$)Y$E8$cOziCFZhQX0y5pjq8M4;s6J^zsCpyfJyS4dj2W(}!c%-Z#*~%Xgf;;vg zs-Ud5jN|nUyQFl*5K0dV*b?-U+rYfCQu8gv;)>o7-V36S>2pD&Ia57LAE0JVZKMRB z4&*`yY(LdN#8<}#B<0@J&xGa2PX|mfZA@CG=RAW+RtJ45W6%0+cq1%MnO?ox#WWW!)sgab!5betYrh+q2(s&VMzB^?q?OC22Ql6gK;QDQ~rtkNcISTLK$| zZSAQd?+}x3;%P7%qZ&?bAQu|^z&L-$*hf<=(BZbrp`V57p91 z8al}%K_qf*(nRBaAY}XUV*2u;@vQ+PNGj2}k=D{RF`{X%fv)81!^E&L@)`Pb(@rtB zQVncV&v>U<=f_e;cU5^<(m4IL)Hqa&Jqb3;DL_Hl^FfSr3^LA*|{782U z2p!#ft^ZeWuLFeI1}8*>ozWDpNk~G-A9@RzXD18L-)_TNH!Q*P8;7uu&MMw#gj2XP z*aI&QqDb1F9*laNOmdVm*qO&|B}~0M$byH?%15 z+ng|4`wm11Xt*HTG<|e|9DMHRJ{xumj?REJrGn|ZLA7JS9k(p-i2MFiH1li6hxg3s zeZ*AMo2P>AUG~*?sP$tqTKsWOe8=0ESy6-G^3w4dL#)jRMB;hP>mUAG81j|r%g5qS z{+epP;(s`iRi87MqFg7dYiACVTRE*J99f^2xhv>ohDckkepS^HGrUUFR4`{iYF`b5 zW|yEU)1ke_ODA!VI*OLc9qWdY?*RjkAS&GZ<4-j{P9N%0Az50W7U>1CcgNdLwM-dn zXE%MAFJ%v{YLUud>{W7 zrH=?7u$EKI*RrKG4DSpT(aB2$zdjij7azKJ@ryd3)ovOavavEK+WsoWw9_Uw@6s#m zqSpV4>%i~S&pfX}{&Wn3Xoncy6ZZWW+OeGY{a9m6b628Fb4>Kmyl$GEp^?*A`(f7glSb~%{TIto|>s2bM|j5?OdyB!Pg;J5BM-* zb7zFGwy#SrZkVWNCF_lsd8AAJ4(MxeHKY2UU9mto`7>0RS!S%TNHW(TE-@$Gx9;dYeTeg6^i#=T$x7UPFuUQcv6-(%|GWf z){Nf$SrOWOomdoiX!|)(CNlydG7N>y4dXt)ib@Sei0Y`zBKECi;qR%-iT)P=^FR#0 z-K&CQDrb`-?4Q8?=1`!A_=Sf?uR|4dI#<#&L4QVM3W@z29wKMzcnG|?6@zQ<22s9l z2!8yLk3pcMKK2lB^`L@g3u#bC!2;q}q3e1#i@-x817v;@vue|ii}`XwWH~iiJQ{hJ z@g&ho8Z}|WC*~@!fTORP_YFKIJoqFVe*D$^aoXy3e*Cd@4}LlYy(b%>kxR40z2cDa zPr+}HBj1_MMY#5=G0{yJWQfyK{ff0)Pue7|23bdl z#85<;#O({42hj{+CgRrPtLlZf&|@(hr>*qRPD=U7QF9C|l6M4(styT$0>>L<>w1XS zaa|)t$y1suQm4{*r!0b8?#3FOuCo%KOxhqq4uf!0beUC#QtePtxoO^~Z zHsM-QLuyZj)SmR+AdM&$*uEU8sXjJ=)KvWKoTSFG(_e3Ff>g_F zpqI!;chH;j4&ttnb)(#j99@!fvr{giTrEU5 zmP%6q#IYA2bo5i_CMI3%pqZB>J;dh@?=`FSNCCYb;;RYat>9GI#8BPZ(}azFH({gE zn%jY+ixGE5A&eT%tro_t_K3=1gqlab9j{V<5MnP53jfQ06tTNL`z9oX>$BGVZY%DpwcC2$Yo)%~zWt-y{_)S39rd4` z&db)0Oai$GT5Zl)0^qbb(R@XMk1#`N1z(=TVOv&LV+-P$|M$0X!n+X=$t&C=BGlg!mqpzc&T zK^R?3vGUm_fJ#)3%-(dR$RX4{0Y;rWQ5R0aiRk=mGq_Z#Mqys+)!Qn%%|hDM%Rl z0iv=q8Pqfj{h2vT(1g%w{~el~<(1Z~GOtuWAH_OV>0|c9bcd%l-mj8koSYp z1b&vhnme{l9Qng$`pF}Tcvu&+n?5Eo^?nsfb79j;-4?_Uw6_L|3dNoZ20@C?~_8f=9tMH!lN-q?%GZ%4PXiDvTzbh9o1=( z$ng=sBlMU*UAS#b(|Ho<%a(@G8Xu=6rF zbSVi|vRHDU6|L2SPbxW5-mD(V$Fa2iUvl>Qze?@@gKqaQ9shTD*wlYr%~QqxZ!G`D z^8Y?8|HkJ39&G-?qu%$#MZaJVsT1KVv2MR$&%^%cQ&9OVE$#piKYN!*=?d}TRw6T5 z(FvN2+Dleei-^9nKWwE>mF?ncs!*GUhFl5;B^kw>Kp1qghhG->n1O&I7du?v`w4v@ z)F(33oeF(QUt99g7Y_ChlchMzE%;$HT3qxJ&4${#DbU3#!8bJ zYn$o}Z~SzQ@V;+01Vb3-U#f{0pA;+hj#k8qYs-o26GS|N70b7lkueBOC z^3VQ|BD4Tc$Uh(4tf>xSW7RYqScL%?1PrFC%@bTKAh8{ z$$4{Kd8#pH8v35wnt4L>-54?z3H-eZo48b=AaCd#H=VMVnX+_>eU9i5Iysr((u6O_ z4f!(m6H&W@MNHYMqK zr?X%2X#75$3=lmhzRxLiZr=EuV#Gc%&qEF; z^vaXai_im22-ol=Rvp2I^d1Z zLW;oqj~Ak`L;N8gg<>Oc2&Ks3-c$@FW8TIj*WsezVK?XwxOyJdbzzPt=u4jrhfL;g zRhh4)6fUyITtxBhcHzr9%WIx)3P8jURU!EsXfF%O--^}b?i0EOolm^)3BQ{9&X^J( zvy!52ixRL;xTM}_kQqc#?tP8dTrl~^xL;1?;& zVmdzsz2nWHh|9CLuV14Ph3*`>g?I@-O5rp|vrQ?hFRBv__JONGktOsHa6_p=5FY_k z@z}-eMx~w(DPkQ<4`DJ+)us3rG1VOlhePbhBn_N^A^rj|V<7@C4A<2!g3z5k<4^(xnYO7njoyvp4F*+1$w z_kULL%)0-h*LW4zf2^0{gfh*QpAES3qg{#XcQ)?E78ZE1+EP+W2qw&5Fc1cD(R7Y{Q-~lX2`%om{D@QK>v`%lO!ZuDB~Sy2D0lJ+fnO7y?O{Y?J1gIC?- zM*myIGeiGdUD~%M@%P57fopp6yGix7@fu*|3~!tSH()T`juvkh1jO9|+r3@uL}>!Q z$XvRj>s^p(Yqivio=9fh4@jKET2--YOBZ3=)UDeU9n0{oUC;`M+u8*(lXdiAyYq6V zWhIzNXP9}Rv^oQr81W=A^vR1N48%FP9WN9zdRJm_M`kg$W}QiX=P!`i?xj$3Gsu=} z*!R$o%dvLSgUp&&F;2v*m9ylraI$2UHv1G4Q3O!a{&#@EJLrJs1nJsqYMJ{8$|L8)V!TECyUG z(FYQ*DSk`FUFVUo7*EANhD-%OBDb}>AO#=kt6!TDik&6iOG6)XZXEO9`-+y|kBjhFwmQmS3h)JiWuvwL2KiX zO{YbEiJ&{JOoJAw8C=eaUP;S&|ksdQ+m!OD|kUHq$v>KmqYGK8q*}UodM9(Fy z%cRbIM@=I*^UOs^h>n{`vbk@@-CfH~yrz z!U6Bk&^?z~H5SpPOOJ&1(k%kwCK8gxS%N6?2y_AFaheYaM)4JT3y{Pcx~sxmAJ4$= zx`1QCB-=H>sBA={)6jE)mQF+HF$8=xf*ju>whI_SR*z;=xVyXSP%;P^4-j>bL|F%u zJ&AYhkJ`jx8Pgy>Z$6j4{;U!pHShV^j< zX2Qf1umK^xb6CI{3Kl_>$%rlb5{9pp*t9#T!X~yEx29}jM@Oe}V_Q69V~O=8n))8{ zM|`{#!|a0NE_ewJx^blPPj;+-kr|u^jspYeU_M=rgX4(lO*^NRKIALpyVxH|W@I19 z6`3IUw{j;ebnq2t!R+Pb5JtA^nyKLxa7@`WwJ|>@z@AH{H)#E6Udqe0XaST?{TZi* z>qRq5&508LfzUAofhGW|l=3a@xKC1gzNdaEI^U~2I72?Kb?6=IE=sQ(CkOip^u7n? zJM*VDdDPE(6YS$jI9V+VLVud1`q>;7aTl}mF3w`EbpJ(MHNn0qIKFMOeooc#@1EZd z=H<7iptGJ6-X7deRI)d34NXE30#Lv8k3@l0R&wW_=ekN4$jGB~7@$ zfsH%D{&@BJ=SyknvR|MK9C#e3g-L!Jca;vBvJUU0SHonU1Y&99{OJed+1w%qlgTHU z?nvw*1CKa2ddG7yyGe2j_66Cq1if+Q4z!Cv#ia^RmKDhd zJrz20B9LpKHPcx{Y!yi?2BIkZxgj#MtH1R}hzS&5!AUSrNu9cPb8G+sOhHm<1223l zKWM_9dmRRz&=Jr_JVA`ZN$@x{;!+}$nB~{{hO}hp2~<(o=NJW158t7 zKkBC+^-~LNZep}~$Uh7}P#4iBPMa~s07xmmmBH+)ih>Lcm`##mbe1GW67n_~wsl;= zQuIhd-Y3Jp?5ZKed_ufL6T;CIClrp5P9FXUlxUSY5%5;^YmuSU&I|!@k_{Q8a)L5j zjd|}R(<-0$**CKr_;vfI)0f)kFaU0|{^bwW+yf!0cTs z4Wb%)LtJjQJScR(rI>MyM`OgerS@UpBp|DaBin%Z+n>o`7ns@;CPNv;qcL9qXmwU> zKvypI2>yD3-?4?p{-%^2$rT%~5yKR@S7S)sN6;e@tm!IP0F%G~2YOEEsql_F=&M5{ z8v4Z-f%S`mPgFd}@{(m2+>Nm_7Gfhl~%VtC|)pEbLc%vV`QQPTC zuEo9yyX`y781_e^hc_{zABV~&n6WvEZ42U1msl(knU~ZiYW^8gGga%DNAB{6sz{7V zuf#mMov&v3SOmH5vQAx4`3+An{}uB`I_IM#2DMKK|}K^`l4J6 z@@GpK(cZ>HapmF@K?7QPOhzV1DtKR=)h~8ocRlM<;e9G#793H(&-T&+z9UnCJKUeXjSi-v7i+nf`x?JiWTy*2@ zN>N1qRkyOsV%FU@aDU%U+cnmOL7Rvqz*{#%-|!Wymf zR$O-EnRnxgn^(Odm(#<%_vA{tD7h_H4v$VP|Mo&b6MZaMvgCVnVE}#Mi2Bfbd!aF4 zeNhnub{9*mg-4+KGxVVE#0W@!SB8ab4+{fuCDTD%$^v6qQ0!j?hl;+byu$t5!7c?S zr;Cpx)I^~)$d2SUxjXL`00E&qaq}`CJMo`a0dhLxt@m((%xD@f=wGuy=FP$`;17v&Xdb;-Eqof%Upl#;Ob)w~SGlPXv4neZt=QBZ^pJ*ND+OqJi_^ zC`-bz1mcn%X{avd!eU7m^GVuB!xSApakCL#ju!|g6 zQuQN#O7#EzgM)1S=l#P*|6j#pWe}NR0~Ct5E2GJ*&{$9-x6Or%>EoLW8HgT2)lVY4 zqQam1(gLbxvY#cC|Kg5H6J{u(J!`|gN=oi3c0lsQloe4?PfYfaRujurjjM$;wbYbT z`dW#um4mNEHLj~Fs_Ke0j7{CG>wo6l|DhwV%g*NpEZP5i``t|a-`;+&+5cDZEWH0~ zf;iIzp(7hg_J7@aF*TrY@b_`%sYh1@5`yT#{Cx)N%X{JSdMezB@dS?0Md*1~$f1bm z4l(k`0D7Ht(_-`Uu{q%Te&&?_x>>FA|KKo3{x|g>SMw|@|MSi~=F6OTmFQ@bkCPVP z5R3_wRHG-5JLBIHr{2q-cL6|=hagkvdfvHIpE}Z{u}-th8M}Qt*5WioEgR=oS%76d z0|Re6nHO{39GwYxknaWr`^I9MWp`Ec?3YtL_Bo=r&@(TZ&lL{})32wT)RnsHEN}w^DWV_A4f21%UNqO#*A?+q z&{_I;0rIi(FWcE!_gWQbk&=+33yQ=W_xF3IEPT06XdqN?Tp}q;us@1U$1*=C^)2wg zcI5@ib{+|;;~kUywff

    6T`prD-^;f=F|LD-6W>&h^j5^uMZ^-_=v*|L+~9^S>V) z95(j^v( z-t{d#UOVR&3dMGvChpB)?+10r4rGgOdV4^!n@ z9I5@donefnT}~Ml={ep7&t)}}(C64Qn9Wg!^3$E#74D!7E|*ON43 zBuOxP-~!UOj^gce#;ZjG7AR8ru%v<&#FGqnC~u$9Ve&^Ri@Tj2<7@g&#re)XMmD~; za0-bpq9_j2Nksh5=XVVz(1iY#o<%_n9Oa*{$ znrd57|BH*cL08^{C4T!34aS7ru)WV@&<-GX#(P@CP~zD)#mf9YhrQ#Z{&&!Ob=<^% zuH>1i|CtJ|ooLa2*K0mQGo0~~B$CXlI%0qhpku;Fwtd3q>)Jt-ztb7{^#GX?ZgK<| z@-daoXh_ZHXHuvAdsH4xZQ9Wg6pb+B)LuV*V4y3}#_!xh54(_Kf23tqqTCpZ z+D$@U(&`q`fz|N{@#ya`a3M$Ovksf60~WkV*+#3a51B3v33{F0QBi3~%dXIC0RDKP z$mzwOYX9>X%58ZR^~9~|r-KK1+GwJKKiOf~Om_Wz>&|7XPx zjT*3OHGp{N5)B0qW^BbqoZS@t&n4F6QR{ zdhI{)mttWR_N(@i68V38c$l{T_K$nb`Tt6uN0k2$Bjg8?5F>&94>G7(f@=b=A+mJQ zjbQD>y+O$mQs20{jTx0NfzB@8>h)!vUm*i6v&hg3#;~W|tk1xi_y~pw@{l6HuJxy7Qqz7M3|cA9%L-(%+LH(5C*!;7#T!6#ODzEh~}J1M8YL? z)UW_Z@(NCejbZXoKz^NCSTC?HHI7E>T|6ffQrha+%* z|NpWv+&?;As;3M_l0J=%z*E^7Qgl7*LhcxgQoR~7i26wm0_n)2a7E=A`W9cd+hfA` zX$4th)XocJ7l;jyrx zp?}7-?_j@c)lZQ>yeIx8A^Zez8lvP+pBSS0mG8nYT)+J<|I#a5(f&V3`+xV3d&iCa zzlx`^|L3;d0Lrc^c!tG5$Bm_)n9!GIq5d zS*Nx8BusMEuf$1Pm!Hx5_vyR~qF>KjhsN-44FAUPZw&u}r(XL%U_nm!SlRu*gQN8M ze|NvR|F@cFJ>$PhqG%t+bD;L#z1!XZacKMp7sS2NvPSJ~wIrz8_;9eCXxrl8=!_j( zlErYw>oZatFPnQSp!gPhXoTDoRlrla94^tnLRnyx6R}XY;x)t^=xKmB0hAC~L+crU zo=5I3Oh0d;W_E`k$5_^zqsR??7y4Z7u0HYGq9gEE;9@2_iXpN_+?AaSLJsZ_aG(zY zN^Y@>0OqD90A%0}d7i41MneysfESmd+cSUqLS}9IO{i050J*}769HsQU`>^RBd+L- zA`r?-gJ(f-Mkj;<3i()oFor(3dL#QP9xDt24^5EIp=V#A&`sZkjLYT7MqRfv{qND@{~zY!-(v-euCv(ajxiQu}-|tiJ{-0kZsMP-JrT72+!-J;&!%Cj-Y5%WYji}k^*LkCF$`IA}nAA6# zki55E*jVeC;Ou8v`JWQ8v$8bBR@S>2L|3;oUL=Gv zXEP}f%%bH)x74%5zOVw?4r~u8nVcjG-0b}qlgD^%@nQ=ks_V!-ptJyvHPM}PJs#0% z+ko?Upd_Mo)?vdi3}u&cjbEmrhol%po!nvqTVSb3Tth%+krJ_bC*bYKCpt_n9g3Q2 zSxZo0IxClPohnyn#(k>K-U`v8R@Lx->b2I(RvcrMcE747$yJE6fhwt(?ehHc&DqB{ ziLX9gyf$As9!5Ubg@=-nhjBN{Dra#ol{(0|cKY1zNR6d*l2)S z1JrwTqXRZNVC~P`YKpzzRn!hk^uNQy<8=M+!~MhN{AVRkUCL2A&NjZ3aKMa(h+d+h z?C}{mR|i5+R+?sb?mfhXr-N-VY7P&*8-)Vf8`Y>UgSr%YD{EJUgm|IYhS zUA$G_$Kayu7wJy;82UuIoN~TMH`WS@o{sLExXI6y3^L;yFJE-wrVU=ae33;I3<8$L zi&Z7EN+ZgXl{)i&RDvq$>F1)3lW%mE7 z1;fhXzxNMP`Cs;rjt}>n{eKnDdhGwjSFWDA8t|CKtRnd1n@NTDlIB0n%BFOSOtj{5 z(vx}Smj5maJTjf2_qF)AnEQ;Hk%dKaodPqm4KaoSa(mA+6H*51Vy& zKzsyLVJk@o4g~>=w}#gdk=4B=EPM9<_*;tcrBW1l*n#W>^tRH4`zJ#0{VkEuc^P0$ z0EY|@lD#}n1PdjjkY*>(UM|ga4M_Z<8l48jRR~OFrmXTtVe-mK!_Jk~yK+x66Kckp zwktqbV?OP|zUIoBJs0&@kwfKkot;IyRabiG`O`qppBCGmN-Kqg!u;23GQ$kKr5UYT zRXR_kuC~X>=B_R$6+w3%;##pz293r~8?@WHWm_xICCQ#s{l;7M{r%qjJE86^Gq(&z zt4!G=qhAP}K%O^CkBr(w`D@7p3wv1xuHVot@`}Ln#E<1r<@T{KP%iSPQD80015LDu zbC$Cb08{;a1D^@@L2I`)2gEX);qw`T_=Nxq9l&QoU+h5F#bS?vxyTY&(VD}1i*_^Z zL~o};8xXLH56}Hs&2wgyNck?&_uO9qF^WnY=*gONz5Q36Zl~Mn&AHt1SFe@0{24Oz zR*0Rv@hrC0(zQK+47H`4Dj|gGBP~q3_VGfM>DcY(pU^y`Ej*?8D-|q!i97;bMBnD` z_?cx=rwDDTUpuX9qnr)bJR9ijp5{><=EhaNPO+gltSVDdvu!&;Si%TSV$Aa(tkUfS zO$aTkAd&3(oqT0EvGCSs9QqELy~QO21J`QdXv-7f1?D$sia;Km{r6^Jms|lY}oSipG&q|f|pfJ|92$xv$$256EvknVG6Mm z@zRC5*`}l9^B_)C;z^VcC>=$8kpxR?i|>ewPQc-Qa<%IUK2DKGl>$hvuNBA`ztLA^ zWt--5AE!tP6cUEp? z-z#})i~lMq*>!)P6ZKs=V64s{fOf!wwK&MvA>z{cE#CYH=?HP7ZJ(SPZ6;L=`@h2h z(v3QQ$5DHO|4dIGZV{!}Mb6^%7f(oJ`tk}{&=Bs zhQ9c7%httHZO|8ve0kU2v@;t>tVzqRT%%;jUNI8wO;oSkZ2ou=G94qoGQkU`y_boV3*41@@2=Ak$o6Ggj&vC3=aZ<5d=> zC`2o=z!%RelwVltv3JhRcxLK5dS9%klGnN&9?KXOILA0o}Po~OwzU6zV^FdHFp z2JLi8=yv}&L5qkZ!x-if)p*leqti~@ri9wp*oZC9*{Oe zTqAiF(Z#Gx|9b%?U#9tYT3TbygOm9^AMx+`83UrDqCg!Gw&Ky)YKL23G@F*}@$Bzw zp5T&0p4cSiK+kLYh;ih$z_uWE&;hLxg+u7WR`gd4!cHnXk!ese#gz=0;o#Y%ztnZD z`1b`nuvg1;u^g7NTwPF_L)M{KZ@l%~HG9d%tR)dY^gse;2axfI#Zb zp#qfc|GoW;|NpSp`2Sb()VTkr4F@aQAnm@qcKf1&&?g{jGSFU zibi3Car{xcN(fTyMSQ*kS_vX=fp37*(09P`f&3FsuEOCEe*vv_tJ;-+<6Ffpav<%* zTs7nVTr&7nuh#PlUCP(u(7n0dIRUL+EAIl$d|_tK!To((4>w2b>+=)}6is~n3bs4) z#&hTI9vOhvQ2d<~M0+n=JDoF=b+tku{CD~+A^-KSdr>y>n0k_CVVV5j?;WS*fA^@l z|Fe>(PNDw@a@|m@h~qVVYLNdK-b;H0%jJJJCI7p}`%V4# zl{}j(|Hov48sYz_!e1;wBl*|*sX_kV{J@HJ|Nm7*{-^W5A9TB~n*2{Ic{W%6-~7ND z@&Bme|K#89b=`sN)4D`JG_UkZ z8sq6CnwmJW%iUZ|sP@z>|8vtqm&pJ9gYH3E|3Bnw0;NR2#S_c3*rCPkjr@%-tK ztM)dtK2o!(FaOND|BoSck&iMlzO$Z^{r`Bso38(Gu>Y#L|F@Dy@X_-~OfztD3S8`P z(CT+vAh9_pIo^&XLoGhTZM(`=vGXrv=*<_*IQB;oEISb}&-(&yhInEst$wdHmtV1M z$(43W=^2P!FIIB?K?eDnP3L?JDObDc{e3$SueBM>DlJ*m7Ah*meJ1>x;+57Id6Nzs z?~Mt$X`O(8Fy6*KFYV`6UY-2O$@^yI_EZgrc_m zTIPJf#E(=OBQ;LUh85u^QOu!uF5>YL`c4%L0AK(Bx;#a)5>SOfnXWl~PJE8OST!hQ zk=*yhza)fPMHr%=Wc^&w>vp@5W+j9PSH-JOzMo$jr6Ss0LVf_ zDOFWfr|oP0>r*tsjMJ&|MJK%AD#wV>tQ_ujC<+J@yU$eTCoF2n;V1*cMd*2EHDvzXvt}dKa$Fx_(so7{Min~zhD1v3x=FbM1y3-E2&fd-tSO_@sE zJU-lJ_lyd=yUD8YQ3-nc%eiXHr^})14K-6DzUH#-x^{Z6rh@IWyPI8#9e`U|+dp#f zzfkT2l|H9z*G*HFuT}*6ql~Q4i&aQl=9C-jRR5QGYh(`l%>LY@$I$K-Mo`F9ulq3OKp99_QpP&u)yZhaC_f@<1s>V~dV}6@$Grv@AsdTdKoo{3JC21HxcPwrhfD(EBcC(5w_qP!{`VUb zbjxx@V8*${in4BOvUlITQvcYN3=rPR#1XM|XgPoMBf@F%HU*;PEkri_?9}lML}pkEsZ+8D+i8yaR+jW-t+fXU|1a`v4(d7+u7X9a=hv>B%Mml47q2vUma0 zb=QS-P8F&)GCEc5_c{Xi+VT&x>sVou9ZF7xjNy?FsI1V-NvulAm|W;^g_Jx+<@{11 zSSVc37pr8#&IVH5@d>!*G(^`s9q?8#FP{e3fgZU0`RrWu83wyx zNuM1==0k4fnQ6>4;@OFl5BdH?0~n!GR#HAlI6!=2o)&07KE)= zVOP)DCIQ7y(W_#Si4my*a-_e&&`#pLh^q%v@ZV9ebuO{mwE|N#Yt_QL&QPvZ?#&|L z1t?dTK2nquAVvav(L%~#aXoU(zt?8pk(;`fa28tY z0*y?tXA44(jlpTlyuo*zVtb6N#T!Knfj7rf|vOH3jtdiw`9)_|?Xvx|w zS3yJ)1q%J58?#kH1_GhPlA(P-@fZY`i;pa&Y5i)?kep3uLWMG#h3NVpS0CO-N??E} z!;I%C3B*sx*@)f@RT$M0czA-jGH|YQHa|gxmSo@6a^145^x($$YcmcxG8b&bw=zo9 zm{QjfB(c^N1#Mny@1Tj=WF0;UJc)aIRE3pG)mBM*G8~HU4GCi(5bCOL#>fjIb3keP zcW|m|#jC?GihLJQjXFsRniUlxca*q%t)_peLus$&#CC;QBm<|g*oxJ@8*(y%TyUB<6-*yc<@ORN z7Bb})(W#1WJ^z-X}8 z2iMw@rKI~w!BoSY$ZAgFLr<0ySqdEaf}$lET>sGhp?eLs zwY_sKz7%%RwKR6rB*&Zw*V1}K&{Y$QN&Z@g&0g>9g1a$x#*t-lH%6MR4E}XfMGHQ; z1M(6c;AA&8b%uoA3F|^wOTyknj5D*NnttMWso4lZB}s!&P41xE?OrcVH(TIZc$6mLq0Q>RPkH<55fD`oL7Ey{_R5%gM zh3eExFolmC#2BPgkd*fQ)oc08wA$(6F2cG#_R zy(1tQK(Ql};m|O$a*D})S}?8jgHH6+cN25hfJ*QtA>)eG2PkSj6KM&M6y^%4@cYHz zxzS`@z{mt8U6)#qk6fa9&o(~_?m_xcLK+`M?$xcf+^x*_mXHz6heU`EAyLxKdg;Jb zi&DWen6iS1&#@oc9^&X=QwE4Ebc_UsyFR-rcPO0zr4Bb|$XO0|S@C_V3-m_ZB0)!&jS1il54oAetEJ@k_y z!1vhu#1Q)xc@wqr63EDmj1KZT;7n+46tU3byWkE1kB}R6QtWxsd8+g;f2wcW0DaP6 zv8F{C6!NjMlYMoTE}$pA;9ocz#rA4+DiP)A$lI%m&>#&smayP*H|@wIHtJktyH7Bs zLT+eDNhls+A9|)|xpF2vp@Xd!_PH6nN0FPdlZLG+@CehR%ZEj825sY=_Wf zTAsys_fNmxUnhKId1j{)p|(?tWTpDRl%^4Upt*GI$y%hx!VDsi$c8B>X(p%|2cd2TQti;0=1kd$v_Ag#-4xWExj8PVT~fjqPMh6`X@$rh)Qp_QXUmc zL!bE52??2bE#5NYgJYJBPBE|vgHtGr%A5x<+7IMZ1vuDrZ9Db=ia>S01*YUCqp!yU ztwm_N-gFXq!NI4uS_H-b$1_I0pkC9b@`pf*1b)V18I^}e?`tJ*Z4U*#t#Vy(&m`tJeX) z5PGA&i&J&%0vFvPj|5Umam2Vff>j^%Gg$%WFW>cmqSlIU9j zjXbcGSS)CReHkV!R0h@L;!^og0;n}GPe%HHZKdIfPuDxmZSWO8Ir2Xu|GLJQE&q=X zd+Ge&y~Bh3CjaY7o@XFecy4XIRfd{k)wF~KO2Xz{#K^mWka~M(S00;to{_FYE3`|P z@OX$AXS?7Jt>dVH#5mf95(DidWVeu)_FWMvnqmMgI|7qEmpF;jL1`TFy@XucqsSrD z#r~)-``X(PB6fg%YfssjZdOFQ z9KxDV(NuOUugD)c@gkMiDCfJK&eqnI-V@Ulu<+XJ-Bs=tF5(b-48Q>ixwV7sW|me( zhjjjb_TId?Z5-#&Dt~bvux6|oPO_KIwySv|+Bv*k*NWz#R*aRut z?Re^bjr;ZPC%J`<1UK!HX&b7V>6iqu9V|Z_obx-CO7{~9&`EUL;0NFaaxMD^`OY0z zzva8ZNVQju-(&hnB;=}XUuaL*=RWE?+%{9%#AAIDd`mTjUt@DqBR(5y>gG@!!1D}O zF%=pg;-a{h#>eOA zT|6oju^^vn+&PQ=Uza6nZVR9w=+%<*NOp!?d<0%hH0~Aegvwumt|9}UFMj;+zvk##Pt8V^(yiAHs~RT+_3s-ZI8?8D?e!J zws^!xqY~OSX5T`m7CEv7A`v}dW9W0tPu$EJgXPZQiC-jK>!giNHq|yOIadbS!^Fkz zwACceK^u~)GT2pBDaxK#NZAq%^gSh2q)Icf6q#tdQn?~ZGaCC5Vnl&0JYjUl4{^Hq zJPMrvdk#`0-1O_#EA_0do~f~x7;3Sj;?&U=C!JxyMS9<L5#fL)s_rfK9{=X3KH=mPArB@YJt{-)<6 zT?fS-7TKRdA^`G(5N(M1zw^lmw09e~tgh|7#%-mdJm%Ybs>3MA0l7jc)oSeRi;r84 zy@SSWLyV$Gmz^{RR-={SQ@Osg-r?ho-!O>|k;!U+60Sh!zGpeE-|--m{6u`LVRw+f z7(&l;?m)dCK~f*yNCX;Ez9wHx0%?ZqBVpAMIFxh0aPyDBkkBA>UF0MTs9eD+clF^i8eq~;Br`w; zFjmu#TaDf0MoS-c$8ylM5`(Ta)1ccuiUwULchI%6gN`%5nsKI$v(5@YS#oWXVma1D zdaO*%_!=a7OCNyI(ePU=txJAuE|-QMZv*7J(1|ShLSf2RkX)FGrhFkB6euev-F!}3 zK61Ys!6n51zD9Rx8#-+y<#OqezBXQE*_apE4~0FKbR!oYY2*AUqde7OJsejF@bqcx zIiZE1v(!$Xc85YlM@&R-g$75p;l$ga@>Z5`C*%^k}*&xd^bX|JG?RB%#mZ z12IGnwIKo{ry>^<Zf=r!^4w3mXpNYL6T0QL(iC_Zz@VNv!`;IdV`?isl|8ZTm?d zWN$fYk}XhlZ&Yl;UK!Nued1dvY2E9ix@HouGyc5qM<&;7Kj22^&;`i%iE^yBtk73# zCvovB^iF!UEpD8v+fpYNdF*m~pA)_!MZuO&zAN z3sc*#;y?FQ=y{D~KujKq^rV{Yyy`;@@Z5g9^?XD*yZ6cGujvvcQ8sJTmW!S3hZE@& z&-!RI3OTu>7>=szL|<{wTgOMxz7qsV$mQOh$VYZ9vML{98W8{PTcl2u4m^s_!A1e{ zN7zO3PFD?HmirCyucg13GPd`Lja(>{vF*p$BqJr1tAtCKU`=JUp{j+-v#)oTliTa~_BQf3 z;nhB=RKA0A=)(~keBe8Hi-cVXTjtnbLb3n7@*ULK56J)4lYj99Dc{%cY<=ctDNq29 zlr6m6a1&nRntL!e6m;Q;E7rNUw_?M~r!WQIzg4s5Wz}y{%~B4g-$CTRS?Hzs9ek@6 zIiXg+iAGOmt@#el#M-N_NVtuAf^#ZM?^?)7c6LE)8b6FMR#6m1-z725q-sT!SXV^R zc?f!-@8C3I%POua=h0HHua9W*ZL$Jc4qO$kla==S5D6c(_~h_8`^BobcQq$_W&AX? zvKq<_eTVlD_sr#9YH*Buf<5t%~hTcdC_Coq~5kIt_~&LQ2Dtn1Fo7ME(Q1 zSI%UTU+H@r8!hpRqHl#B%x|Xn`{y}Gzsd9U`wo;_b@r|9PF++U_oJRgBp&yC_%2vA zg!X5GG; z0{PccG7(@m+h5xt#blppLji~VT1RY}ufCvCYaO{W)?qCpc*e3R@r#AqxW;%eN~U)Kf8Vj^Sx2*)Rs z?V9%7wE+Yk#D0Wf)DZL-*5j%M7yNvhgf*Om%@LXv!l9XFCF>&5UWT(IXyP?j7RQO$ zB?T78febwnzyN&|Vu^$+nLvM(Hqx=s`2jmhJ~(-;rp{%M#R>!#kY8}m zb;;Zyo$_-|phAb-$3D8@8Wn!ap<#z8>)5Y9-3T_m@rd0Jsy#NzeFW`XkR^R@p>3!8 zN`b3viEL~~OTlOM-X^-sgXNIWZVb4zQjQOG1Mx>ZL-ey}bhX3pjH9*_c_|r5`v*INdQl0=Ep zikJYK$W5si@_9TWY!b4avBp;>r(dUdz!_iSF9oj}2?s-=)Z$dy8mpRe)xg z&4+80pSX7BNXE76T-~aRM_$mOM49TENyL4vMU$L82xz0ykxaAkydwI%!ifbxB0InO zaGBB_t05Fup?4?{7kT}VZS-;q)fsY& z%x8qo#dUKdgnG%9<1ED;(c2NRQ?nAN}isrTcvgdI!t-5{m|)!C_}CoE@>VP9*Q zL?9hD)3QMpq!Xf8Vsc_Iq^y5rRz4Dxj1XAFyAvzG=NWC1B|u z*uB{d6Vl)215NS^U>AHI3jPIXU2jW9ndG4)GBOmw;3O#v1ElI)*~dN&z-I=k73FJ! z^D*hqJ)f6w*eZwG)8Q38Ty8~JSo-p>H2ys{HRg)_u^PEUkp@hkK zDaaW4V~lQ^JcplFrCPO0?4% z`KJ9OQ+vR~5%4YbIUC%CC!8>VTr8bD@x>^F$i4%hpx5?l+ zN>eKhf@8L{V2FLY?m<7e;|AuEMUgftr>>yNxq*CLu!#z`Q;SZC46pcPgrkKbvbQL% zSG?NPfI6e30EOOAb|#pVTfRh81-Z#Q%Uy6d_c7bPu{&sRo(KXci8Vr8HCt@S5c5}0 zV6ILDd`{<)q{N=gfSu6ne&nt^tRY-zSt}lrh=$F-`4{q88*f}TmMWD?&hnWi%n{~% zoC98*;?n1EzIqmy7g6{?>2Aao6|(nL;p)0TD){Y2<>#2q7y;tg!kSHz2S$-&dk9=3 zFNn#Op|nhJ(T)5<%q(%4EoK}$5~`yiUkwCvhs1BHO557egXku1!U!*U8IfZ)sZ2)m zL@()ayP9DXPnR>w29^cZA5CD5p4Kin+7%i3Dh8=S1qZbPI5Kb0Qz z;#<9L`*(Hrs$REIFC56hc7db?6;BrR^;Xn((y|wUot>Nt?d<3#1$pC%Wx2DH+ao(W zYCvU0E958?Ui^|v4Y-p^<-hq+TFBe;5e-Mm|6lU+P~Boj4+^M-#G8kX1do zuX?FO7l;=n?0TvvRZ)TJ!^3M;s3={G)RUbZa76&RMOG+{?qQFNkuv+1mi!d?;>JTd zy~G^vOwP!cr}zdqSAE|{KKQJuu`hl&J&OTH(iENp`6vcmQ(TDDVHgZu{{MeA{T{TM z+m%YEp^@@T8u@Ckk6Ck)ZcXW~J!5?)Ztcg&$Nf8S{u}7A$%_;_hTX^&TZ;cDZ!{!U zmxQck)x5E#Nn4FJUMD5yb^OS0 zbE^6>ZLY(b%#bxei#d{Pf!Y9KHg#EH)}j1TERq}d@Y~8jtn(P_)&L5u#qO z`joB*cOC-&ro;tx@6GGa_f_ImPe4_4M70L09t?);Nt0E&sVZH4`1-nNaBN_P2V@PC z{InnNfFOvse850|c@6tx4l3iC-^!$jwS`DSse=(u)mC8W_Xx$~o;A;xb zf2&E_YTc4U3}inhUs5V;eq25MmpY{~U`|{VU9oYy8R*NP4zYpg>Ayr69kFcHbU!N@ zkPu=AXwiY=b(OfN28KKYEXO!;pw;u=8cKPbJUsw}Ir3s4Ur0gC6X_bL;yxy(L=Et; z0691O=|h@J?8p?Ifi`VS>aW;HkxKZwP1xqv=%E0nyzTxZE;?c7=%9XsXi#rMF_yH@ ziDJP~keM=EPT5YVjwQL=g>r_oj#51>M~QH_tcy@hVr+Om8e^pqF1@MOPsjX?jGRnWMa{X%A}&Bd%KHc?xBi z3^{0dRf5pw3v8tSNg9%=*lAERRk%|3GA;oWbEOFfaXg5KcDUtnLzVebvE@k*`F z&8cq#PD(_!qN zqaDD-!bU=IxDT*(jRKnRQf8p&GZWBKxYj+YfjOHrq5uH2Vb zh;?5W;XvK@Qy2zF%L#EQY9kBENadJDrg_|qf-5MMFC(9a@tvVum)MRrf*wt|;-t+? zc{Gfy30rc^eNL+Vl?fZK_{{e>QZ=2q$BEhdx8>mYhdi9f^F;Cbm;&TNM2MfxTL+Q|H z1Y9E|>cu6imI#SsVqF3dFiP0}=36hwoh^b8@(aaXasJzxyjK2=#+rF$G!oxwS;S>6 zRe`n=>!uhpF|18lZt4`4r+>1}w=tEW2!SNt7JIS<9VbP89_=LG1Qv_@aAMzG<**{^ ztlUmYrAGRtATI=w+0ze%k;3`YN z+WZ#NYk`(6$RRNM-~@akt~i6TF8MS^>FS$bFW#SkCJlR$>kV!8_uHL)`>0dz9CSMM zJ!`*JKe9Xf_1*qq5ALF4Xzlfys{elSN$Alg<-*fSQ}62omY^wbCVkrch%KK`(hnME zWaNbbYO;FJ=Ir(E)2llVoq%dp9KX3-gf)pRj~meb#dYpZ0N3hQ0N>gz9NZ<&GAE$@ z6RrR-QMYyi-g5OvCGQ9nSFHl%%n)*UhaDt!ARK_sHKh2dCNZuA)E1S8o|h^ZXn*Rj za{DkIrE$7x-EQ~lbEIy`BKRtIqU$VX9`dR4V*0q4lHX!-Q7`71HHvnIEqel&@u+*` z#zj6IVo$BK=f8=Q{7~53tN5QVTB(#dW@agt8svx)2ut%~wOz%kO}_BTd;d|S%$Do~ z@p798hN>;M(%Zrzp$($R$&d(kpdWixHhS^M{C6i_+FQ5 zP@I%y$8&4Ql-Ec6EIw{S#~Z@7wnj(eCP^g161)P9MnnE9E434l8ZkU&Ub=)d6FKu< z$!UvtFDe*GX7cK*^`Kf!Gmqrzr)$GmZ$EalBlAoDa^inM&#SLA2H2GNk9+&APCEW$ z>#$?ue{JHI%XGwc?^8*{P^sv_mM~3HqeSr!3t}*?Caz0v-rH(Fk2M|Qa86fmt0{D9 z0Tows&>>NTu2tDzZr2jEKAk|fGk^c(G4McvR+KlNR4g`gBe5|kFc2Z^<*visnxxA| z#FC^mox)=z>u5=9fa|X`2jOg#;+mwx=%FH5^0eyNxE_sElEpG&Ct9S-{q0e z=PDS@G*B*rym!SFo@A34cN(`%v+DyJYd`vrX3a3% zb_{iEYDC6ZS=tW<&>turEq8^fkgLqA;3kbt@E9*ZDyUvyKO~ zl;?qPJP`4vh4E7y@>vTIm=hH+#jQHU{(A~9ms)v1q;6F+I*xHJk8VvdarIc@`YsUF zR8DN!apL3^x0_dZdfczs>BN#jzCcqBfayWbrWBDA(u`$37ZHt~yN$+mzFZX2(8%Q5 zVp`MaqDL*MW9VZN(xQM`mQN_vE=hA@O9poy5)znkn^}O>O{_`s&+K55XH{uV9MPyM zbw~V!hqjm8%h8~cV@*wznU<=Ew?XRawSI}C#}{lStYUoBbJtxL@egU6F<}B z;Qu~$5N%?2z|NF)cYxj7CjbA&zbSDSC}Sf2Z?{_qhpG7Qoz~(0p27c{_}y0ksCK*9 z^}>KwPrzq>&cBzc#;PFj1=Y8g-SdlIKK^+1^N+t?R%_}t*A1}u@nno&+A*OOOA^0e zOA&iw!vKn@AHVaQaDd(SHhb^oWGdc&lGW0Rx z)d@ePUq}uG_HMt?X|!b}YWcVng_IpBYZvoO`u#WIzMs4Cw* z)Uu6DHtVnViOKXZOUux$$E#1n(Uvs&*y2laS1!}tnEa|MKw{T{H0b)sA<*v9kSmY- zq0{BgJ^>tgU5YH?+Voy+l7D&gr5d`|F1c~PRBL*M4y5$Wf4)@zntu4DT8p%OJVEr= zm+Hgk-4^}2%{^DQ(jO)|UCNE$R!tNf7ufNE_+L_R4jy4P*4nLBjyQ#86I}4#NC=V+ z$qgTe`e!si+%R>wl@vN0`~%&w@m)=~CzXsZI$!l?IB?KA4lOeEL3ZBA;<>0n#sB-Y zB8OKM**HiIl6VVGXo9$2G9mVo8p2((Jctpnce>0hU{?Y5{?%+y{{&wE; z)aCuP=&Gs_I65xjj119(ob%aN5P{i@4J zX|Wr8Bz);(>xs)x%+*AiD^_x<^E^U>KE6#tD*5moaf3_zC(m-f^*8N3_jXHt!=Dv? z!khmQdK0?6?~@Vxj@2*OL4l}v^;7dS^@2nnOz1o6LI2vpZfY*|vEw9ngxz)xwA)8D z&^|h5le&GBnD>2FPG&b{8SB}ITsmxdINse(?+!)th_AqB#0f`fcq{Z(#oeZMbG|@s zu{|C8FhIpSy0QSc*PeOAPHoAn*|a;OuiM+KD_gC^4x3o?7>MXnv|xO)?ZM6|roRByALRqm;>nczawaS4MGEv*k-Hnfl%WHukQ@8$tx zKHc?+a->fb{&w<25q>UjW}G8xb(uO%ctUj+g5yE{Il%1J@xXP7i(bffeK6a0ebh1A zwb`!Cc0GN&W*ape54vQGe142B-mt|BN!HetqXiRpbvw9TSkY!)<5w7OzEq(V;BmaW zFR-iA0A}}0P@WzCEbd~n-J9)Rjc5<~7IK5o#lh0M{?WR&ePyK$Raty{TetvX8&vKPX-s4 z;`RhwzyN_Qm$>!4@B6p6z(>?0E=AgHhQS;!6m!_f!XwDH{MO6TJM5HOvfK^JeYPvATRhgs$O{b+~%-j2OPAXkxC)YP~drQ>j4R%V>WiPu}|LEJM9@a z_Fc2Fn~mLU?9(@PPJFVUA>TY(eeo6!-n;>=WiAAgJ^Q$u_XkK-%rEc`Vn?4$&w2wd zJeNZULwcq*+xvLz_Mo5HL%1>P2jmVo2WPvLc#iUt&%J}jcg;B_jN-ZP^HGy5ip~4P zuD~|2WQz*7wZqi5me7yq*|qIvX8I7}!H^5A(`tFQ)zp4>5dTd-p__D*95g^29%&VW z4j#Ct^eW%nm&r5pQ1Tb$?EFJ)qaR0Ja98l|U&trf{6_FLC;bS!IZu7o{>xnRYHfwo zpJE&Rj%_}Yb`!9N5})^^YEJ6aTSTpFb^@Vh>m`T`ixz0M%+riCu#0YF%{r3+$t+v6 zykCNYEX3te0)1%Xkmb9de4d?5K5}j3Bfc&49ipv3KJpOEfB^CIEhh|=cKO5j8?k09 zCihgs_}ZU0&$(N5re!;JIC zOmKtS=f`!wg||4hef2`lPMPWs)+D(ku^!V`PA;O(T-Ry^K) z^oN%k>B=W8Sqb)n41RzVWd^I*h%(8=PLz3^MdZZ?xwxJ`JWeh3tNpwga+j4kM+P~= zlt2G~#!;;+dZtr=Ut-q>b%1Gri6HD@z4PkmxYciUs~fcTm#Ra^j!{lNHy8Sg@-p0oK8cA{2<|X~}Sc7I<|6yiBfKa|rK;GGO6PqKe>s^A{dnm4^O$HN36G zQ11)T@II2})aZBT!NCdWWc0gh*6&UO;AsQ+901PCI^48+*TC%fp@G@Uz-%}k%x{Q^NF~3Y#e`ds&@IC}Okg8h5&w#;~i20KB+#KYyxMNsqvzVR1Dt0((w{(xA zLNIic0z;j>6dKB03m;^`5VpCquiEM|b4MVf{Yjg)2M0)2{ZQLm7w}=Q*tU`e4@{~* zBWUw|I{8K{7+SYj#7PGjh&4-@#?#==nKbJ-hS!XBl7m@a#WO=O$K6?Uz%-Xod^DJ&>bOVWg8=zlemJjhJRecy zkK?kkDisP{9EeeqeOaKK0Qzc910TDCWVzgmCt7=^E>@9%rFVgmaGr#@&pLRO_Ug?C zI{aO6^_1}3aMVM7zVL`g=MdeG?2u^$H$iYeOcLC>#dE&j0v}+2T9YE<46=Iv=_QM3+P?K}Q-I@#xpp)o zvK*0JCG{dR&Zr@_ZRD;7!vFH?m642kQ9!MfmYSSsKdp8xOirgts-3gzyoZ|0d~+A7Vz6;1$=A-{Fnl^5e=}bI@KRz3l$6d$JvEFJJm~U z!Cz)6PW6#ptpKyoat(9$-HOGT_Q-f<^4#pg`qN^Uw<(9>b73BV9Rx01tJcQUQ~%#qvj-qQ*PR*aqwLc*<;MLLZgsuC1eZ4f70- z+O5uB%J}GL{wuaMUYF$usG0e`EPEQ9^I$XiWEn?SM{^tyudY569}ue+O7odMyCY(u zN-THcO;WeC(ycf+Zg*na#B8N!IX1p99n1_$m1bk7x!R+7TB)-5;e4Vy0HsbB-FnzZ zU1{hg;?7@(J>Zoyr63#KM;K)VzK8#fC7WFiMSxO|DPd0z6X-xsKs?bAset}}gvjT{+M0iy_B!s6 zcH-#(-KJJ7eFIbVOYgM_<0MD1##b9VdOoowaW0-ZP48$CmilYA3ln6+Is%vtMCErq zb}c8g(P=IPw-U=IHKp~;Mxhhn91|=hEjRC@X_Deac7@&DRMPDsq{AA>J8Nt&DCZn+ z;{Xo0FzNrOI#!c!GmT--@)OHZBwDMz2r0S}8Rf#b=RCCZ_@M0YIL`=6A3WDO(C&*Z zrxRn4*Cb&^Z3f`e7=Viny+;~!v#Mf}gVQ6n8Jd$S_yh)Q*0go%Xw6!Du4t%642esR zQ!QQQfbkG3=a(G3opKCb{@7crE0n-d48ODkKZJsU|-2uyxJ#M)G6X zC0%to($9qo_Va)1o;uZC{g2Kl{`bE2@3#KOZcBfoS%i1Af46NhN4}~yu(O;t@TQic zXMCV%te4W+)Bn)i&JJz8zN#*X?)#H)=bUQKCpT2CS)PwzkdAJ7ERK`puHS3|A` z)SQ;8u)jHVQ5-0pU<>xBtb&;1;Sh+01Ol#|Dl)35f{bHV|3 zg*GJrpe<6UKsZ|Q$@Q?Nn#l$-_EAAYHQ%s4bfI35n2$LxROkGZeHBmH>Ote6k#*P3 zDcXZBa&imSyw#G$CSPcU&Qe}}$KwfI?q)kXzxZ~erL{RB2-Rflj+!1D*Z-8b}8MQC)Ky zHxK+TaOxmG?M)JQKOOc6^z9ryY(YKN2^rdXZ_OSNZ5C zAKF+P8}v5j-8g3N9CN}7WbYkQF&dL631Mn^DOBIt9_3@=Sg&&q+d;%=kTq~93@A{< zYf!{&P~<&ZOh}-6)~4t_^ycL75~P?3^wwvH2vYG5wG+>MdSUty&6nJo6!RBk7z{e; zH+iBfWHFe+V=#fqpoq(0GMhoc^-*$3pKKlW#RZ_%*srnw(r_fLskZrZ0Jt@Z_$L4h zTaKv=KxC2e=08BcQBnzbv}5tdHv7-^7dLb7S7^PHb7|Dr&)gd3*wiHk%lv(JJVWO_ z!LB{kiq$vU_0JBhm$&<#8e0EV?abZ3`K)tj;{jv4dM~h?W-RW3* z5>M}juy%3aTLZ*j3=oeIiwA?@iWH0%3Ekxo%RGQ(ZZLg+4_IT<-V)^pHj)+)jENJD z5R=+D42A~StQXk$=nv0;8v||*_it~b*-il*5qAKfNQvxpu&=$ZTlu+vPUVZ;-V}~Irj-j@~3 z`Ef{X@Y!bYnOv1PZ%?TZk3nkB3#k=p!h#{_D=u@J+^u&A_!gtv&`VAYcPw! zEb?^;44yV>=TwVRM4Bc|(NrtEvje?5j;(6)yUiI!f%|(^*C&UIQfeY&EEToO7)u#w zl+NBjBkfUvK4%GRbbM@}k%2~WSC$zXMZk#PtjuApq~h&>Ij~R!cDBE`+dxwzH9?{t z^Hzgnvc)SB)gueFilQlP))RCFb=BM+q3jRd>GQ-_%2=dDyr{CPb)M8&#i6cTr3+=D z5YlT=Zbv!j$zj*iG4kO+qa9#fZLsTRu&a%%-d%tUd^PYj@#aav*Q{o5x3f5UJ(!MO z4J(L9U;yZ90qAt#ryePTfUW}r2kRu!!XJ-k{RP9YOvty0#LOh(6*YX$5kar9_p9$*-nmvjAkGAQnHKV;I3Q3# z*p~@`UkXFN6fwsqLcpYhz~~`S5^-RX-=|{1Oo;}Qj0cm72$PBllZ*O2gzcRrRou5k}+eFQDgMDF?j;Ziyo5~KSq&K{H$1U z&*Q)>>LVFTX78tWz3X4-zoIQck0`?i&tu0TF~80K3giFC7fs6vX@Gq7cU}HncZrSY z)X+ctH#z>#-a+edKNbIHZ+HLD#Q)jEkFDpq(O4!#+0Bi^GGi2$q8KdsR||8+Uzs)f zN^$I!bnvvC;3{!w6?J4t2Ug+mN+|F;TxXaHnUW5e678rd#c5pM`+K2Ou+YN;tM{wj z!{bAHKNH<2SHD`MT`kb9CdH^9i>iH$9Q%w1kWALkMtvAMLFNEtg*4z$C7lW!-3$(4py4H!B)xuN_G2d@0_ zmuhW9Z1mdPX!T z0_}b9%LPM0T{d$$sM%5|hu+Zujk+?xBJsO_geXK^hu4@gem z*oyE0w_Fh_hZs-X+h~j}^q2p9srrNjefs@p=-W1?*S~RYipJl+R3CH@;gA6b5G;wF zkD#((`D~?g`2P8{{;#hmjlXYysXj~qFj@tL7w7U7)bd%df-m8I@GYj-1`7d$g$x!l zSZI@2D1Fnm2o^dpSjb?Z*>2hdg#?2d931!v+5#L1jcUIK=7kH13wca;>F&Jx280&`=$D6t4nov)JuAVWv z%3O0T0S<&zT3pQMt)=Gd*6Ys zi=4*JcMCe0{io+Qc4ji;W|$ z-q`u={1gB0IYpsO_&2nVH@JtPczBy`I;d#+?p%{6__RyBQWpLmZgo@nmam|D=ckzFncsrmEP zCv2~oO+s&1HiOC_qG$${R7BAvnoCAMu1rQH*@Y-_gEHcgl$a*S-+dkd&Oj*RNVs6G}|eMGoMy9ikws>$5IJXZ*_G9}06 z#qf;v8D#*I<_^u=p*?pXS&`Xh*-Q__;|!N+l1VX-v^1iwikX}e9EeE<#9_p(r_&$C zpQWe|ClVj(w1)}O!vy7FwXKmZ>I94lHb$N5P-h_2X$~Wj!(>Ypd7$jCC^Va(a05+n zCP>`C)+b^kD%L|q6PQc%Ru^V?8fD;a#SjKQgWsb3f3q?FiQg3dzrFo~!xaDDZfAer z@c(V%XZZih%Kv9{BZk(`s7A`J8rdkV-xTEoA0RUxmrLiNV;KAr6*dk!FXH%HdjSwY z`*4lKe1?h7KotX3NwD<56mvqmt6nJ!sjgI``E zelak`@X8sO0!j%}9*b9Q878@>O&zxsSzO7TTMRp#@oX^&M~TxQ98iRC47ZzsIGchv zTaQ8R_R9qz?$$OKBP$^OR%?43{2gpP3d38rDyyM+TONi@k<8jCb(Rs%YQ3RXFPj{N z*&Lin*cUzv%ZOXJ+4_nwWb7u9FVXL1vk~VC4F1Kkjr!?YO zBct0ICeLK~%)#R}O+IDXb=E+IvIfyi+Hwqs+sjf=7!Eh1pm+`n3d6u=6cmPmZDp`y ztr)|QtgY;FZ9W}B833KRZ8En_&mGJe9<@j0QJcu0R&M6Bsr+9wQNi28nlMxDrDAe`=4X4D1z8vy4@!a=0om{d9Hm;vY+a<@X8NhIWl9d?2 zTP2-#tCc+3s~4@QNHBul9~kz@oQL%kAEAGZe40csGfap5IdvvEDieeUL*6m%qn3AD zO-_^8WK}z|B!)VspHRB(sr5#7spnyLa3!WzJMZ}fWUQzLIk*M^0Rg&A0nD)y*i@XV zGV`H3n37p%0+<}Z+qW=)=Stb3jg+j;#UieYtU$Xh;c2c|$*CUo2o3u9Hn}9phwq3R zT;e}@miw*0Y43fM{f0j){De3EBlIRQ7bw7~YmE4tKvcZ?sd<`uL81>P^d0q}f9(hr zjW(qF*m08dle_I2Xt$4QpnY`A7OeJBVomFZPM-3N<*er;vgxoT^msRsfv%Oy%niPt zoe?J-xv33eWHECIEV&NTgmyX)yMmhKHmA;$>W`{>Q~?7 z5A|055;1kG^Ms$|nxk~d22vy;g+UJ`L=S1FmwC~{oPGlL!sdRPoS&~TIk8w%M@ zzRyH;qIn)q%3Gs8`96*JgnJG@PcSl(^~B(j=ZFBMKw7^?jEdu_fRv2i%DgD$(4Z8R znL#NArOb^|xQb(I6~ro&402aTxRNb{L81Hx%t^yCcLNroXUS{8_C_Js2n9a2vc@YL zfMOHqTMQ7J4#aX^86>twB<2zqtpkP?qOA4du=LIAw2Rl{NiZw}!rE`A zd~J)!!(zJzi4%Iq=r`iZ-IXZ~HjV|Mw?@A9j(`B7#gqyy12j}-r2`tqF62o74KP`sphJnLqf(H&z0oQFv)!BRUXH~QZ1-t9&^fpJ zU9;V*%*=Lgw)?ra`_&RT+I30t$&$)JJB`q9o$TH@m1w-v+K=n_NL=G-XWg|^jpuCtn_?f|Pd?8|@ot5=`$*(7OX$q8lu<(w?2G_wMh3sswm= zDCoqp@P-R_47LQs?+k1B%&g&agxpV)&6krRd~>zTjQX`jdokc`L*OlKT)HTD>lpB6 zz}rILt;cT<%T=mrVMn^eP?uL%m)j_Vn>!7+mJ=69$()ZCom-=${HrTQ14j)2C_6(ZEX=Du58pg&W%*MuU zYZ9jXBSijP($vI9mVnfW+$n;-HOxE>pf6UJG(H<-Ry4J6K|1Ua=-V`Fz`{;rJR)Gp zrCuoDqiOQZxM$`FSe=(*98SDs*hJ9=;s!!c)mN{;X^(^fP(edKMu9fJxL@4tQ-CRe z;AiBFfHj1E0Bkn(h=**pp{n%35C$xzM{bZWUVVEsaHAfJ;P5B@`SG1kgOly8rN`v+B4|hNgwi-{Uy47>Y z9R)x6un%1bphMgN#Wn&EP!s^tk6zi)yZ~0{!yqm*-3c@Icj~)s;Q8d=$O?Fc-w_{- zh>rkv#Xf?G%ldyvZgPeZuyMbSdr4q?KfeYy7uZMpFinqFB*=vxaBw7OuH@$Zis)~wH!8> zy93{|x<0ZH9wS>Q+=a3C{l7`?&6g@afUyr3u=dvdrlwu^u*!fdANKp$0`Fb0r7uC- z%ijb|?*z*JRgw<)B@AZkfwI^b{d94D29k|1R}t&Giugwl2Q**BpZRJbC4btPZ{;@; ztEpz$?jlMEs5Yn@*FMxU;X(}9aW0iRh>%RRcgGz-Yw5SK_M-ZMK>PFl=xb_SOnmW> z%%JM|#6y07QOc+)9uxw6gH6M~w2l5E@NbFL3cE^tghV? zI7gUTU{_$D72%n;KY&a8Cz>C|Jtl~el{Ua-IUDID$qaa`UEiP+gH9e@&6Ba0USy-+ zGaJ3x=x5vLr6$84Bfm=n=m*G_+KlK8w$Pg|RfY&eI3 zomv4NBQ;(O3S3fsl>|zqgIxw58hH5V@GyM~c(?#M+&AdZpu>4@0VRs?eBu!b9on_X zXoQ0ZzpU@3>s%HI&QytOzU#|06?&e7H`vfqQQrJuXt`$gA$B&{%6GiD*&2B^UnBF| z=ONd|?qJpJI2YN@){wU)fvy*@9{|+^16>VtEk!*IbbZFqHGPA*2y{I#(A7ZKIiTwl zb(>Ufg)a2()@rSFaef9aV6edT=B$uzimET!QlZ+jh>ia8=1cXLf2_Uj4C@J3rdj)- zEIK|VIRlZFgh;Idh(x^dUj5EyTW7$N%Eo}F_`#a5g%?3jhXy?v^fVnk4KWSKz=xym zA0c!D?4YeyDz2yjCqv9R$Bpgj2f)i; zIkK9k7kbdTMy@S&qL0)SZ-1DlC(44aI1|w&tM*&jYX)g8iL^QeIAv5`p!Jf#)YIcJ zC?{t@E*n6K20*c5Gyz+z!PX~YBf6bS3=lhx8+w3p{pR-npUd-K{HFN-@9pm%ru_fg z`@6fw|9=xdXTSFZrR|IOiMZ z{A@L!|IxhmSZJpdKKI7=-C!j7>P2IuIeg!j^maGy?az1XH}35V*3<0oPfv?syw=SY z{XD$Z*X*ah63_IqyP~hz`FwTm<|S9d82@s;!p2Fb9Q8E#?CIe%<2G*K*^_Y_U!9}) z<9mj$$`}06oxfM)?!5{B?p1ko8y9Ya4oic&3_47sLjwYh1GWKypxhvEc?axeU9L;+ zW4$V`>XNInj2pFaqn=^~WdMu;Fp~j{ae_7o#yCMwaDslpUe6`RKgP{@z;_=DGZTua9WmA|sEu$PMVsk-(?;|F+tPY5(87gVurZ|J}sT z`2Vic|5yC`>Bj$l?uTCEAZ*UOo7UPx4@)(-kNyY|4Q3>TuK|nLi!+7Z-?Psj9-dST z$kX%p;F5P1xDcIX6y57obeH7hWKMX771V^XHtxLYu|YItMKm|Wzy2dcA?n)53x@ZR zc0e(HSi}u{;yB2!kDv<&$p2EU0k-44`BJr!=a9P*a)V6VLy=~2&2^MBc*`ob7H;_E z8b2mZI6`#QE&okqJ5RIcG<03A**@|dY(a`vF7peK^Cg-~=5t!dF4uVJm$mAaUy5w! zY4+PkXg0Jg60Ux(%hsQY+~?_pA2-g5JL*p-H)^j%h=SNuU8Pbkku4T<0?Rcu*2ZkC<)ZHX*X6Pbj1tLCzgESB8%VD-E&94w-{v7R`Q~hrt>}+Az@)4wHfmTbGR@HWBS;z}e5hwnNI^0S# z>)cXuZY@&DL8>=^%#P5g}i z#~S@VI$Q;^g7_~ZVeM@gPmGg@d}`EDPe>gF$Ac}*y+rQ2UA9VfyKnyUrOGzbuH}VM zP){zs?>E@B$qnUi7@QN2zf@~L8A8ALQvIv?cfrw_o287F^D!Ac1s{{M^IyTQ0e0}8 zCi3Sx@2BL%4qd#O6KS+oh2=Eo-I;x_=%^q!7h3bvEn=C?Q3{Pxn# zZx=Ry-b=fv`5P2}dwKb{iwD42N#HB1CpaA=pRG9tyDorTO9%T5Jbe-H)YwLgHwO1T zQ{2}Ebs)C>5gHNyuKN*dSc}k&+!VO-tl55I7@*XhCGO#4zFv_xLg+}6R?(c0h#wNCaG5j`|pML)t`nHYfwczn+{5^5iHUVBZWWb>X`&KVNkc+Sa zw$fRD|9o2i*VmKA-?t|fB5vgR_9a zSq5hroE4R~@jJmqaMpprSq5j#L3_(#3C9aQg0{d5(#NOpW+!W|#6SqoE*FU`lXC)j zEaS`vw&G=LMZuv`9eCs8AVBVV`jBOg9<>vHXEm6m7k?-dihJMu#h|w}p|>AA`uKRr z;5LKX%66%@2yiQ-MqT9l3LeBtC5L<;qhQ$B`EC>I8u^W# z?|lclE^-<>-!151_Me{L*qNjOnuaPEdWq_$5R8k0t_S)4rmASOIuf7WyV&~6e_l6s zFogm18av+`JHMTO;{QFTD6|RxXArV_Vt3HkdA)e$7RQae&frI0<+UQnv?Nuxm0Xyj zdQVA~{HAwa7`u=t10T9{go85AN)iS=61q=nR$j?|onu~(Ui~=ZQAl2SmKml}Q6hKA+w5S3oLO}Wr z(faXE=FaLx!JU;UdrBmo5=B zpG2fWIq$wyAL2zfL8vCVE_DRNpAOJ%YFW)&Ndh?FeMtXD)w`N}Tkt|IE26d9i;$u# zA<_hJ&zZKs z5PT*oY<%fngubKp04Z)|uuBC>32A;kMcv=o$Ktu3p zaNinrSJCeOSR9`@6)-fPhUW9}VTVzf8BAg@iQ(@A29g;5&UxuBp95#-vqnjVqBB`x zgOOe$Mlw*yP;43~1WE~oo({$4;*M9)UbSmn*_kvK?JLfnS#p0gLzrot(F}@G;xs4< z6rm_XcxhnNreM@osTePRxd6o7+6H4}1;pQKZEu6WgROEAUuNsLtY^I-+FKs#O_Am1 z*}Ikz=Y|LpRxiy->b*Ja&I*M2Sge-|h;rlPm#dRyiUV^78@lDD=7xz9mzkFvg8*|46Lhjf=b*lvCebIcdv1~wY7N4iv~?Qt%a^6hG31v< zne!Z!IflH_D02*XwW1QkQTb@{nOEOZ2GD43|IF>*a|euuiqcR~8Y;@gs3^tD zJO)ZbJ^3iVsr-)~v19s2kJxpKxBOb45(EyilSGp7wExSSFV*v3-hQdp*b2yN&-D_~Utg*+H34iTmaA1pMoD&@^0-@7k1fz)x$*pxwG1g7ps149$aj%5A~xD^O&1mI zCGX@JWx7Z_+)2IlBt-fcm0Zegb4Fn<5)e1tPso2-vSc-WLX-1Xiu@U+`L-llWJC3v zsPNL78Du7}v}xZ^lzz3^62E*$wfpu{-Ee zBrOWv>d#%ztQnOcY}X*j5f?imt@3`IvotfM9@(0Wyyd zWLCl*YusuLl37e&J=q=e@iaM)R#uNiW-~@OTwmm2d8h z@-z;fFH1RL96XI?!e}N|#vpH8M2%u%HHrz{74h-$&xULDgq0HIlG~=M^=Jx-GGJBX zS8Du94Nes=3{KS^7_3XCCT-XG%zkO6k@7HFI7{x5kjC#81t6={cO2 zUJ`lAI`E_6NO`sp#c-q;h+-g$p+zwmMZGMCPIrU!BW2-1S&5I)lP5YU4YSE=JcphO zbxGN{N>)Tp^0diFR>MB>#MwqxL@)Ae=tN4#AF?XK5JM1RPUeOn#2m|C^s(G&-QM@ql(NJ}$rv^SgZTPr;s*a_& zIi4mL$1>y_CC5XCY{P(|7XgM0*@hw8Fk~BsY{QUkXk;6O{2Gr>sxg)S;fDCv4uKj8 zgnGhSKxd(Yn9TpMw|lVHPVqnN9UL0|hmHIU|HD(~f4IN*h;4{q4Gl!*0A{pHPeHr1 zwEz!9q1L6Ct18mX7H8$H}#5r z!d@wG@TK~&5;6&}CD*qV@XHqUbS|&Nf?d1}U&OPPs$iX%D$Y5~iHpRUNA<8NX}*Bz z8HJIUD91VMj*I1(VXD}a7$XLXXD!KJDe|WZ(lA=YB|Rrax?!{^y)M0GPJrdHFEGRw z<^;IT6W|QY7R6v>UY?5LoSqtnndf-;nDE6AUaTC!7{UvKU<`s0e;eKl17RK=!mNh) zVkuS5TFQJHNGKDacb#hUMcFG>BHYy$`ZT1QjpDmbHTse)7;BlrD=GVF2s=gXv2JDi zVk{resiOsP#$3AaRVr=wF8B~yEP4ziNDwx>-lVCyOTiOGA`CCqT2yeuV+;XW}M znisF3F%&39K~o|H%}josD?Qt-pv0$vhaOisvpK=8vdE_)*(DS+Wx%<{C)xNU8;mPn z7>sLpS`5a0UKn>yqL$}?NH_z`x-sT_WH8U6TQ3ltuEs12yfb_=2HU*|Y-jjprt!`2 ze{_9BLnqiOSYB1QyLcTQ_$2hYJ{}B%tteS$)y=H6+rT2B8!W(&60@La8^at_D9y%> zPO-A}`Tzb>{kpULrP?e9NlLAR1BZ!l;W3lpu}O`M=P{0^X*|oeVX;B&+xQ#9}D84<%ykUUL{{pAE(%zmgjVudn+=$PMa3>zc6^x;DdVcB`!{$^b)k_)Bt#R}>j{XMOiWdgi8WJaiY@Z*peZoXe z3xg5Pmf|EaxyX!xHt@zbcEPAULcFn|sjG%Oed4r*Z16pB4|pz}ji%}qk+32?9*-fC~< zxMHs@)BJSN@_qtD-rAt73zClf4}IhyNKu_-5S3B)LOS$(a$A8Omgk5Q zFm6|%=S6?E8tq1_Vk2t#*bDfhOB7HLdH@0&c@DW7AvXY|4}u{A=OG=Q`{Wj|eD45s zZ2-Yrh(^S{L_C#B!7A!ty`+@`#RTqf&{B$0ImEK%z114nU6t zLq6-`$;SQ?(+b=`3I@nUKIC=q$%w!06UQMp?DMyT;SyH4$}2Do0*{_Fn*$sS!(PK8 zqo(JR5ekMVq;-poMxl#?yQZ4H&7MPgO@yG`Lx%?k2Yc;<?a@kWI8;fWQq7h5!eExWFTR0PgQWLtxH^ zTC@1`hld7u-)AxdLpVl&ddR}i0Y0LEk1f7u)GDvQ7H*)1swf?j(6Iq=ojc%%E-M5D zmMt5~gvei6VpRd216`y(;-x^#LX?jkE_+rHB043?XPcGEs&#`M2e=5?EICDiHb5w7 z%GR?lE|G(*fcRn*5l8azQC1r9ZR`%5J0>%6YZr>QmCC>&J?O}NF>ufc2a{qelH>LQ z4KNM-I|e5!e44O9Jo1RkdV|XcQ_w?f2*@=S*|N)6gSIPC>Jw0n{vGATJ3yNitc4@Q z`d{}HkR;xRB}a(I8vK5usp8?8pG(H7at&-t7d%af|1%tLm*K8pA{!g`|u zKuFOC)_tsm_=uXCh+J%9UEtG5j)O6V;ODEW^UDg53p}5mufSWv*VL$mtTNa~A`z>R zT4Umh{a^gkXr#tx<>_4~PWu3=;l$UJkiQLv0NUt}kiGYiKf;uXRmZh?o)GjMIFRMY zRZeCd5Y{*RNjl$vTq9TQBR1&WF~J7}jNml_Fbsyo$A2PQE(eh)crhVGa{8Z&+|GPt zBR9a%q4PD{#*}pyxV-!TD6&Ey2Y0|4BI{a|gkAm=U0!2`w{ib2ng3ht^CkI?HJlGH zG0I)UWCQ&>aP{F5u(Jd2u4}~iG1(?H1T5&X>D4EpYx8_r`nTAZ-*nne_%+ANhNJD0$_E+CW)FXWB;I*PC2(UY#QIV{WsLX40m-yR)XL=GozAuol z9RUs=VJ;hAKB3$UgeUsN6Ppy@+}H-jrkH{ZL@pUhDB3Z^t$@U?Ck;!qeUIO)Re%6p zV%qq~Bb2S?chM0lUJykYJY4_>Ct%DEPIZ~C9lvKd1G@GJ_*_kWT;&B?#Jgj?LEld< zd4zqR?UZ!~_k8Hz)q5em>+y4ytU|l7+itWg6~5j~*=B;FPr|`aZa1l|M(!3mLQ>#^ zWgYD`N3Ek)1%R2vCzIs}kPC)AVBiP>wxBs`S=SGotCyi_O@Rp2>pThach#?teO58Q z)&CYa|3~MyW_O4j5Banac#~8CQ_lZ;2c3h|`G0@k=>InJdj+K0yHdHouQSYyT?DF< z6IVj$t}jnHRZxF;;0bX*+B(H4N$CS~Pe;*bo{!z252}Bo&FVrKAlJ_PyYdSBE^c$c zW$3Zhnl+}mQ&CSN9L*MbXxs780Ae@bz<}#7#ok)0up~Xi(5!f@pBMuIqL2u{QUIS? zLu7}JIEn>B!Z3N9V`Znws;PG{e_Lm7>ss!jf9niFu+yNXVP#N)YiLg7x9kDx_mRcU zji1P+tN?pVJeD8ZGpaxS!R>q!y;V>RDtDTMj42w8k$*-;9y_X3|9895-mAB&pm7F0 z*uxGEFrtlrggqp6s*Rs;Apgnp>7f8N*iz!VC_pr+F6Py8DB>w6Cd!xkPh0`yB%2f| ztzz2>o*sbIxQ*T`>qnVPB%GEiQTOPh3!#c`d{STOsq-3 zsoLrNnBRxRZQ?ytye4Z4?m`{DIsCU2{!bn8Y2EKZD|<0G4ga_HQt_X5Tf2L^2LEs3 zm%ldxvA5)Gno`RG_?(IF)w$r6?vZ2J#`O^ga^rU88oTxhI1?cJf;gx$LIJd408c6a zi0kp07kdE2yyc(dY_6#tr2)PJ7rQoFM)vrm4IM;JDs=!o{F6^YkDh?fuRY>m>+bc} zq$YE34KB< zDga~$?A&#xVej9_3gj>l873vf4-Iqog!n|7$)xuk0UmQi76~R*g{6ctOGTCyUAiG+ zo;JsAcCJ*7Iw$s}oTTUcefir(J!GBmi#j~U4jSl}PD4Ti>De7Av)Qxv=V!@8=kMRf z5B$(QrN2_-OI2{_pcC-=f;~NT?_O5`py&fTP#3=sJfkj+mXCth%dWBNQb^9jI(UsnUU2so`>)jlE)^II*#mwZitL}|Be@cIFc_ZusE=>? z(1}s+CxmRx_(8NGz8k~R80PZwgSZqEH(BzU@aLi7+N{v{wYb#Z`*kML6u!bKNE%-nbtXe0t)VhuR7H-y&YL==xN07;T zWi8L#>wrvt1w$iYXeTuvf%cT0(@|fMwm2P@QD487k0~(i9 z2laaY58Hk7*R7v_xxDJWKi^Kg%m4Xj_t%RL$t3a+U5B>qvsAxa zTqP55AXsOM$(tt^4#}Adx*49{S*-dY zMRiBLoYb=gc_*Rutm(7nW9fRS6m@!yz51A^S-5)B^e1}3-2Sf4fc%^082U{=berOc zAwW}ni798ZG~8?Q4;QXt3dTpZam1@PO%zy7N*#{M#K6`5+3>jcO!B*HbT{R*`Zdb` z)Pge}*I$mhGf}P)t3KxPGU2H2((oMcd zEE3lOP$(3t>Sw(~2tqI^l~3ipIE@VuPjQ-YPado*HHlSRu4aJhIGQq*ua=;>MYWhk zcQtUu>e&Tq{i6`X$#rUX3C{fQSR@X@rN9lgLICx;-EMi3t?3jD-GZ~~TQSFZbA);WG>&pOX-*GxAIMpU`M*+3Lb(7|%chqP%02?WLS{ ztx73^NCWif)BeHn>Df<*Zw}7h?Y%wtTulg8Hjh62bxSxnFffwLlNRa=Q}5Em@P6_W9U-~hQ1>TO!}nD*YLno=j1 z*JAheR{g2aXn9@MpDE!fa{nj{pRE2f`p^GVBk~ib%G3%PWb|PzNODb6)T=GBM7jAT zUXa;J1y+f)pq03`ot5df&*GU_0w%Te!+2D#Nfd0oJl#9~`QX%^y?$JisgeWT+*Et$ zPo^wD+uPd<)6Z?XCZB3~iR{pD^RB+#x)(RkH#dGd$Aql_|dBU(AZnXOsVwWUYu5gjmsz1J=>=I zGwPaFW?rkeZhvo`)H5C@ z1FN+Y^^2QVRa(3b>#7{*} zUcE`wT`jEU6n7sBtFm17-G#*aOFe6p|K>&nTPFW)KkJt5e|o#yjr{iz&wAv)lKGE` zW3a~EVh!d$OSTR)$NEP)c-`IjXMVM7u>F}|c+vC+IZG5L3+@u@ZxYvRMWiOcQX8V0 zbPsJoB%83*eyEykNkea8{8KBuu4MaDyjs1_6{2jz62l)m(e2HCV&f}!Kck=80lfWX zaXH@#SH;T?3*QxoG{QAY^w~?zuGpGaGF;AlQzy#}ykP019BFHkY37`;l=&)VIF2~UN&J8@ykE!l`yusIGXPe}yPC092zUU{Fk8?e$w zy^Jh>=AHV>Ja^dty$K1YbR4mStX9X8{lB}@-zmp`?>G9Nhk4rQ2&XAYWMnfrs_1G$ zA~eis7|>{pV(eewG2tc(JeNV%IN}o$hG-nJp=8lC8b3t|32{m<30N3d?{O43Z4{BQ zjOn`(gBL6bq+!8-Y&iU|Z}Bc9{EJ~=x{SwbL^^>oT2^w0eh6wrh_ z-k7Ex_*XXH@rHjS9r#zjn2bB(AN`YGMxDH%A@(n_SXwhUPdt7VJ5RhJzHpv+=~Vp9 z5;}IC{IAnS|HKJp8Ape&54a8M`RWTuZS%fh9hjF&i5gt9qIgEIU!;qs7<&G_EteW&`LP%#k zabv;oI-2u!%0+F0yd(pESK20nM&rl|Gfoq@R(#A+q#*l6C#7Z$;!>uQ3LQMOhdvw` zlnV4-MRlz0hCF83pcXm^-foV?RA z#IlK->^aV_68IuQRE$aF6PZcW1M>>D5}HC7aUGdI2k_uNi3Ga^dyRjyEC+fhdcHxE zunzQ$4FpBRQgE4*apOfDI<&rOI#{)B5O3_|#+v6O^@DR$HWkxsf|GzmB+!#=b8&lM zYC_r28k`Vlia0HCE51J)<+1cDtq{CdYSc_ymei{04*~HNa1uBTi;=1?t42!=MEqDM`3)YMFJZwWr{8XkudFDp)7c04uU;Tl_j! z=SSxT9q9_t4SJp9W}zE&aE+&NNYIUQgIw_-^}k#E1qsg0R60jDD}tunsC5BLRFq*I zA9X1pB1HF#mw^eUgCqD5Q%XFr^y8$~D? z@EwN>38fK_RwGos#_b%+5!)z7cpck>L_C^e!QeWtnV*4`ifC~M$JCn!?V^siZd+Nn zi&*SY502s@Wk8f13Ptjgd`m%lV%G{xzf}`tF;e{o@E!mi6Y$(*nOw)jPl1JlW&@m+ zAeUsza%L1Kl+;DYd6y;`Iad?67zm>{5Cx&7AP~s zrZ!RP8x*T$V5943*q8#SPBsiFufQO<3YNv!BL(13vRYV&S(s9>zH<>w!6a}&%!maA zkPvQf!vO3gW<^N-6poZ|e7r&DKlFEhDEC9@K}BD5%w;(~np2rzyb6ay(DJ;B;ZqX` z*+TO{9;&lHt3~#yzgTLW=M(HaZ?%E95&dhmO1-l^?L`j(ZcyUD09F=E5jk2G97M`c zLgWsv))QA7x?E%DidCJ%4UNl=7)0W(?SA-#T3uoNpK_tGt1fe zTp_dgET)7@G%0|&Ggv^<)dW1J1cQ&zf$|U0#b#VWAz2H^GjdCgI|s?=Xzof7M-r0O zuH2$yn-MrfSJhw^UFbB(kaAp}L)|aZNaf)+uZ_l&?khGicX69bN&J;*Y3w`{pEkB3 z3iU^w;Wb#AI>4&6XDo3<(Vsq-inh&{Wa)qoBv(Nh;K|-pux^ zF#53WKYUb06zuwJX(or8lg!=PnSikrwHHO1B;O|sg1J5e4`;V5T?%#V%EAD&01rz* zbvNkzdG~p@(3HE4rEFmRP*&~G<_%%WU%!y;sl$9%zyOxq@ z0fWj+0_VvojR!DFVzG&JC>KR_rM(bK?dF2aZshuXB^R&{Iv#mjcSXa%$4LO^OzexJ z=o1e)&Iuv8N-oznuR$r77q$r_N8~{iPQVi&i_ti#5fDtl``VhmZ94#8P2o^zBJ zi*&IQHdP?9B|auGF8}*2j(S_2i|4$qO&4T##gYKD+>;nPt})?ot-2i7)HcO5H}Z86 znPM6a&=jXB#oQYc!vFpoNqLI>3+ZmB3`1lB@!iqJB0MFRBy#zLkjX4BYce89grk7` z@%Jg=jK@Oa7acN%O<=?OZEK{!?Q8m_&1glps+7s&q$ze&pKKKZ8npZ^ueas(zK2WK zZ|J!d|GzczzkHV5|8}>ZmGS?##Fo(T{|9(#@&D^rn&;gf5FL+3;-o*5ptc68bRp!c zRBT;O#iDoTEczV8RB&yC;w%hxgw?~*JC+_Lgaa5>$i{ETB?$*;+tJAA$0VdYJ&aP4 zT;gzmdQ-=dmTuBSZFhUS?>H6sRVPj;1Lv6#b1wZeB;P*5Rdc;x*z8wWxgDA!WlxJ8LL^&G61(-N2<$BLi7KZZXKnV{TUwNodJwbUE2B3skhnQWG-PJUEONVSb;(~TD|yc1~et5=_1yzs!%`7IQg@K>)s zZ=&H0iA3Pz{p0M_t4$z|jAMkbnsIM&tTf*Var5~L6a%&{RzdMf1&UFWe5y$J6p`yx z2!NqdiYP@1iBi!-2T46YjmBX2uF`&Ugx3xG5~SD7RclpFT2;T%7Fm^uf!Ht~&ipt# z%QzmBGfsRK1^g^!DGuxE|InX)+^lOv+xTFvqn@XT1}`6X9xtn}GEN9|@-UzBSI8Lr z*zatziFR9`@{`}Z^g4m{J!ZkYZd{OK+vq48hSW#rnv>CS1SWC>?HwIzcM&8pn)93qy%eIv1(|6% zq>x%EL44q8<@)L~Ic>BT%>;){Fv7_gOft9wzxVV{;JczI6`0$NWkcKxGIK>IWQguG zv-in9$Y+I0I1f!2X^d+yLJX5Kp^Kb0`qzXM z36ppGDbx@rY>0>9EVpSRsccfp=7Ns2S3xEbBmJ84B!iQ}k6AD#l_MM-p`&UlYj{;# zAsh6?G=55>y-Q3(X%&^ADZc(S!sd-C0!RdRS|b{fz^f7o6-p8fES3Z(WU*|NAH$%o z2zjmbS{>d7XuJQs+np%>oxgtmY_~i4Q)n7*rT@!4zu&z-Jvi~w>vWYmmid3}Zk6?a z{hi%L|MwtI!CiHZ-cRd2TF67_^Jg@{91RJH%muUO97YJE5xEj;FiVNFuFY4!W~pGb ztnctG#fmX*R-ryN_~yVV#vg)XthvXR?xGjjkoakc1gmk~1Ye;Jjw#nBUU}3+8Pcxc z|2!|RJOq1li>S8A9G4fCt5eM{`Kts>yW{#ln~*Rj3HQ=?`BlJ@^}pS#-2ZNGH}M}H z=4osHh5}~(+z>!+H5!t<6VTVewRZs~Tb$4+9ii6Wc&Bxz0yM&Z0qwty{skvQj!vX! zs^fh6)Oq6Qw@NK44U2FP7(-$qh|8N@xW1MKJ5L>vWJp4GrC!^%Hz`9x{0bQkIP#6~ z>Q6|Jg<3#noY*BgPdcKRHi74bo^k=J8;+JO`+~jY)`hchpi&D<}@RZ)Mbq^C(}!k?6YZ%6M|YVdR}ka?Y5A&k7GQfAx$aa-aoP- zQ5Wgn&ootkLOFuBc|}mH+*$yd6>L8>54O~IL*DBiUsXY$N&M= zVImw{$I9QOa8Uq^&T~|{oGNp+LAeFGd19DDo-~SiC(6|`TBOu^R&*l{Vv&z_`|u~7 zo`C8dwcJ*Hr<{Fl*R1Oh8}JN?v6P18IF6wsp7SpvONaESs6%v0Y|lOxXAaJ$1tVkV zKA>PpUklK^>uF0l+EAu>uiu@BwBUyq6Mxfl4o67YS;#_+PmMH>koP9acu$#FNxNUs zc-7ifDV+-(HT*_@Gz8XZ<|bHa1oS)Z{J+!hK5OLvhj_{%#&Z3b z2{7iW@L6rNpF3QIBXuuw$azMRr-(*~C4uzMF^*XYW2uHlQrc=EZaZzbRT0v~6&X$# zyO8Ww`K)WbcEMf~ZYuPYv!M`V1D3__T0yn(`Lhs$N3QIcOJ%uM*x%6!d;wLrB*@R| zmK|Zy%YCbtuqUPr`dR3daV}6jU#*i?(d+4{7#X-kusY}`q%P|0Z3{#wFp5&!3)7lf zMK!BboJe{b(AIU1p^P=lB4x7WV^0y^s}|RSrtI&j`;+3tkJN0FH-njW9L7U-Ni370 z(u_};?3{F%d-z!mLsOd0zKSoswo#Xa`iVw33};UbF|<)vacP@HfMcq}3k@XomDa-= zm%>U5;EPRvd$0j`ejXsrs(rajHg5sE$6Ct+<48;T{My^;clX>?{!^BQ2@8okln6vF z&eDk+kdTaVAqwy^|DRsj{=46Mw$p3mzlV5A@*lu9S*OtT!cv7Ms4PM_j#uMvr6Bh( zJ6Fr8)Cwl6(qC1t~t$*Ryi`-+p&ztHJ+$kmrl>|Az6`G5#w4Fla5>4X_VwEWoBN;uaYkG(9HeOyeF-v=GT9`Y#qIS-Fj*U=s#YzT2EsZ zi2px7&fyCw;XlzZC5d*CDS4xzsy7;{b1y?n+{;kWy{tZY%mODbd0-(OE1yxTyBpq< z&7zm&BajhY{=SfGhBEgg)K{cSf!C~= zJpc1$_<>sf4@0tro9aEN^2K((`P3 zo~p0dWLsSI67Qva5SLVEvYG03*Jglu*Yh8c-qjwlxfw^@d2q@3Z>zt%Q`Z0Vq@8ng zWL?zelXPr59d}eQI<{@w=-75T=-9Sx+v?c1ZPw(SPcz?qvu4fAUv<}Ar|voTRIPjW zInT3yy9xKL8_NCC<8=D2eH*&Y)u|*ZZ2b+walVgHrAvt1TcI2thwG<_O+|-gR5)KI zca>%=#_ioH>|u0`s+0j!Azuxfv?A-=@z34js^|@cz9PH#`uEJwAxEQ9)s3A;7tBra z^}D*<`6WxK-oe{;zEUgekTfOTO4||>R#U%-gnXy2e7Ecrz{ z*K}bY;>zed!-?t0gG^=b-zaSpi2@Fd0sx#qS-aOmVK8)Y{3S5Y+O%f31%Ii}VmXhC zVhPA@SXypH(3j2GP}zDaaK!QS;_k5}z0uxBJm1B7;8NN*X+uDvzsVDj>*MxgYVog) zBk+zWS{);k0 z_YH6f(Cps$g&N;VZ(2ZnwezAO`*upVsz(g$ZFul9S3=+?l%h5-+P zSq;>!?p~vP^L@->eI`V@MQ5dEoLVx8n*CVPNpfXUn11!+W@$eFFVY*^b(+SIkd+_n zu08g2g{3D?Xa(3M*lfYqxb+E=Ue5jTM0k|^*0q~6E_Th!K8GzVM{rk{A!)U%f(_#o zNK)wKt1D~igxak1u57NNz$AH#0t_%yGI1bhrIzGs2Ib_rAK_AQcIPvcjk4nusEi9! zwL)v_qj0k_OE#M`5v~>TtqNxHP$`kBjBD_=rP5h4r|PRPPZcqtQ#3GgE>I*8>~i6j z3QluNb%&)1Dr%gzLM^MCv~}Dw+XzlOF%sjcEuki6kuT@3YTaoAx36FmFr|mu;?L$o zqRv+07R}~s4rl$Y@r;{@&+#0xp_uWf(&9W%HfkeRueE9(r;Sl+Hd(cm16#~pbVDIk zy`%yC`5BcWlPrRBOb&-Pm2%|3YvFp#v3^{A+_5MTfTD>qy>CL1IYe;4lkJPR!fwKi zARgDza9HwgUKtI5fq0l@Z-@922Lz zfk?^&y@FZNU*Ev4#3KDGn(P?exKKNvgc^fhVKK5djgZqxLJWLQLAw;$PfDKvRdhHk zq$dhtWjKcEMJ(Kzgxzaan45E9Tx59pZmWxR_M9!_@v-DP$gv_KS7msBrI|<;M>b67 zWn8KJiao-6L?-ocP%YEy+EqB3TtDwsJtg@PMBO*LV+BEa3-O_Szc+See>f*$ z5nKE1fS|$MUt#?<4>PZMq_Kp|ko?_a5*QflID!(G7dNf|)X`JE&oK!wSN4sp7blC~ zMtUtB7d;muf(vxlg107C9ber!QkgP(5yKzsxbZ6CRN-TA zFM0>TeRbIL%^RXE{4P{*Eg}f{%e2O{^H+uMvk;4Dt{B(sy4rME^tZju> z*nWjoHR1U)sN=6T(!<3DdPxvo%mUHX)ODfdd07Hnz>J~M0HJFHu3f5K`r-nCzulA4 z2H8Ss`qEF%-iZFciS3uUkxMg(eNZjdeu^GWoDT?`f8Z~uY9`K-Zrm% zuYRak7RxoeB`y0-#KPgewb2{t9VI32sj;+_vzV9!a+zaBDB`yKh(mq{0VZ(LlFpH~7|aiY19r%Q{`E8KjL z5rp|6@!DOG;BGoIxm|COf;7>pMDCzyIAiqscvy4@YGYL#K9#toO`#;P^}mE*dR?TbC-&K%43vAkuAu259ufb#~QR)xe!xLU1ft zjV=49U=-gHL+fA4)|_%e`%=)ji*ax?-oJS~U09R&CV)m3P<17Ztu0gTV3u2gsG(K1 zK8*IiUrMyrT6nqa%>&5A<@vpOIu4J`*JGT!mdl1PzuD*mTwiSmGEe+^{xuXqSjlIj@kVKG!tZ7oJyMx> zKFdN+c&DP{+PF8>MG}~eKQ~vm4jsi_rofwYBR-~7n`?nDl2d)`&XF&2MxS?TEWnpD z^$(UIUf&xtoj2dim6#;(q*Wj{%@)w+;SJ%lKajh*4an+mj`x;LZw$P9nDnu+zL>*b z?m9Y>x&~^k0-dr|u6^65Ubosmj$CiO5I(mUd?KbcAyFsv{X_sni+TiEyZ1KG`mQ=a zjP)yyWnbWyNU zOq!4^VKVX>;v(Xo4AIna%i0$J2}Mp+X-zTHgxvna!fv8^=eh~5YGA85--21{`_fwF zcDKzH%h6X%aaeJE`=N1ST7iooA_x8D1R^-Ao+P)y;#>?0cT_oN9-miL;%v(6AB2%g zo$3SS+~5oNNhLc(#zPG*OOv*?=?tC(kp$tQKBs#lKxRSKVSCa_2pm?t)~iDR!~?$~ zTHuCFAn=hvPU4g1`|+U#*ce_gFXyL;NZ(sVVE5(Alj_-4dW@aqFpAWO^{IN(r>h6~ z`*3At<%Z~|XH0QqlwDdJ*)FAtcoc10S`0J-GcH(&(w`4F?jP%ptI&3NZkU070nb4} z#JInIQD(ZDv-nV}ewRHV_xGz>^u&jd#S<}xpCw)mMPtfa!ZkYOW8=B!g*6KmiBV#K z86*=Rjto6=tCssKtC)mb9QnBNf1yKSN1BVb+zsrh)!q%@?ZO>}CCeHejRHBX@8vS& zlkA-^>yYNi-Wz+Z>jr6G7&2wGUdvU7X@#*=oDeM06)Z`iYF&xNk z?PNTJb5RO?@z-EL2|onC5G{aLS;=eNk9ja>4rk6O4uL0IhO62_@cq7fYqz9%p>&J# z=S(QM{Bf6XoHvba@AT$OZt+%WI%5!80Fx}3FzG!~zOFz&&g*qV7(+mmy5FO85K2~a zMM*47$`lvXAy!AcacqQ<-wtv{2{XO6gqc!}@H3iD?LLVy`?h(gNPJz2i1|<*cx}0O zBle&Mb{t3~Dw_y96H24>@7*AsSrE5Xh}z>zi6+=H#Ft-X@22Pv4+!n^r%Q^uzs5aQ zieQK{sSXW0Z_$y2W~q{DN~t9&*cW7W4~tM3dxIJ^a`qYq!HHpBc=9ufg1Dks(Rr$y zKlEY_&EoQmP??>uBUAP=va{a+y8yB%b3Dlb3ViU9G*sSnS!U?Oa!=)_8KsQ^c#o4Y zUClyMdp{)-OQ(!_G{I@8JKEwzw}YFo373Nm$zdF@SMe} z-@t@J1dmpau@p46+=Fsd%M^XsdEFdqTpjElZLThQhgWr%uGPenn^owhoP)95mkeoF z#revl(-eKz&9QuJ^N3+q5|0~2Bo;yn2b51#bB?M}bW-y)l;xBnRIO8)h=@_lFn<1x zvrkoxgRGfAWim+)B2_3-*I)F)w2Bs~xo0?afFiI>cR1@ z6#EZZgfOJ6yg{vn;f=rs!zw<}51(-3+U7$tQ-T|q_BLx`2CCJIfY2PI5hw+anyM(r zu>rcwxqT`UlquAg!;VlP2gLHDjvzV*M6J#uS%bk^;SqF~Z}SRT8Ogbz-#PJDwy4DR zIZbOM#0={p?4T*F`&zJTKX}Lx4iUa8FvKval=mI*Gqg^(5}ax|=LTTdT}o(D!N3rh z?XvHjLx5uRNA}x2&hL`&rlYb>GVGFx{4y4F50pSQ#OXlS2sy_^U`}ymW*KCTVF^-C zUXTobru|<)ZK_4c$QAT6P=zRtECnq5Ti47#HVaOs$BiW8{NP~()W{hB-cF$OY zjy`G|B|ezuURgw_P2ty!%{OQ7(SaEJ%U~=-JJe&TW==OpluW!A6o$4NO0JY)L;X61 zfzViS!u|y^!UtqK$Fbiz7B8|iAIukvKW)&5S7$ue{9VBIc|I^l(%HEt$s_~d$t_Zr zw5ir+Hu=z|5Jjw8U>30;(#myG+C^Mf1~?U?DLSI^^G4|phJF7Ll;amAN=B?;xvxmv zR;_YsL-P>8Whl|xY3E2J*5c-5mk|h!B-9!#U&Y=6p7mIZT{qiOAPsOoR`#GZO4e|x4 z(`|>Kyt-QVKvrgGiSL0T2&sUaq{MzO`s7@?NkWB!kGih3>E>74&2F&k7d!XibS?tx z`+&1MoXC&&h4QKN08|o`Wv&l)&j(B9EnCFG!g3jiwaXp!hy-rT+zu3YJp3GbP{pXIiYG0 z!+s+aBJeaq%;v5zej>VC6H?V^>RU#b6H?#nbGUJ*cLYAQXk{3Uup+f(rBffz!^yFB z0Rs{qY#D_?)olS*Q0KCPd@4o{$v8zcxDe--ey>WSP}$t>PoMYt*ZVM>#8egP0686^ zh9tFWQ?(3Yn376#Sn{H#uU&&^9=XIJ+3XaKEL4^;61^-&b568%lMhZIqzn52X5TzS zxZM~O=D(%vEX6K&#pWZkF!-`gZwajC7(D~kp5U8s#XiI9tlkGLM9SU;>+ydZ{aUsmosHj~hhFDY1(wv#;-J%6aM z1~?u?fMSeiG6arj?pM1W$pw1-MFB0!l- z+b0+cjeYWB(hFA(nGbq7!k^wTdGB=rbWD0Pd-5^*6MZ#vIi35Kw6U8OV3JIQJoUaH)MWT749t2fK0+>f^q?$A2Vw4VUo#(mr_qUmAbXhNaBaY+ z_?+p%h?m>Gx&A4k@h{x9ea%kP#6CDE;;@qs-c>juKTbk}(29~iFI6x(4Og-R=ay`J zh1S*J%=dEfO3dns5_BlG0A{viWa^H(p@)Vh?Lx-cnAL!({s`h;7zx=Gh%lc#5B*tr zQl*HvhTcNTbWtN-enQ@|KH+k?lY|-oL5^FyAD zi#?z{Hb#FsG{S^PHDHS5QYp!vay6Ub6wOg8);^9B4vGC_W<)Ni1q_lfRxV)&>UV@7 zCNZkcY>>z-7`Tm=AaxRWf_2)ha@G)on5~5{eI2oXL=Dcke9tsS6f93|ok?ulWYAEg zI(8imZe;F#j3@~VqR+S+HIidWe&}2Mac zlVl;YkXC8_v}!Y#N_S$`w+p8&#fAPY<~}JLj|F(|*j_5!%`t9@X$wjAwzN>zI3jH( zWl^ubItGvhZguvE{;v0NfOzi-GyvH

    EVd7kZTUdzAjA9m(Xkgq4O?*q%E4v6&QM zGSG4`_eN-=9BvVKAt#5zs!7cK`AQJVh{3~o{*E*CUgT=mcI@vh&sFeUHvU!PPEiUT z840H|-@AD1GK@oehYJymP+1Z z4|okhXDfx{3X@@l;GEicBfL=IPQ*mpqBOQGSKCfAx8JyVr+;DM?l%~8O0kBrZT3;6 zL5nKHgsb495+xO8K$?0`(T*zN)aKG|&Iltj5^LKqzNDwBe{V zFQW}9p^uu+%Cgoq7%A1%a0sTrgn>?(P!R+v&7=6bpbjY(Z-jt>E@$^YG^-qcKXSq+ z2JE$jZQ@8f)wY7;tV8?#kVZF_Ul>%jq~Y1m^4GMb8C<`@krBVW1#ekA?$@x@?`Nd6QqI>1Yky_l7Dl;R^gR& zFVn69XobU85s_qQ4vJrDWH~At_W8F(U~TXR@7Nn+o@0oFu)T)q_5(V;0C+bsI=R_E z`<$ahwi6U9eyFq2*p-f5&22Z~^@P^_xK|50=blOJfJED2%gP2a#NqXgE+1FLx)7>F zRyn))LC9EIpN2y0Z{d<6wpb7U=0|{$-By(L4s)B@OYSNTLuRn=cpPEP8X{H*D`KV( zZK1gH;KqwQZk$^@6eyx(XA=XJYQ;6hz6Z6mZiJN(N4~MKcV1RP1EcEGj>Fv>{gpD! zj})&??qXT57(zB!=#Mr@K*WvU(tJcd+Q=FOaYJuQGiok8;MZ+r87c9?n0*Ablu+D} zpi0-lApw`UXpi^w#gB8_^DC6-X^g7$gq%ZAF`34;@1E806bv>&piZ39VI^EN!3e(WIm zc?CrHq(KD^r0;Htu?9zcAphkDO=+$%eysaib~s1TJqgyT*I+H;uQ}~u4Joa4iMvY3 zm0~GfSl&zi<%xZRE{+HF$OS6v5f#1~f2wYw1_VASu*bu{i)P_eXv0L*-Y+AQ62#)o zR4Fx8Lv0_5QNO|Il;ISk5XjkAq(Y!eg2_2C14~{_+f4I5jyBTgplo0SR6%bacGtUz z1n@f5n&lY4UOugLu)_|DeUIniC~i$B)tYL!(;K; zqEsUNxJ9?61QrT?>y z7ZONlA4-}{79om44E_W0m;pj*A6*YQXeLxUmnyPOxin@ls4hbIx0vS8QX0opQ|I%~ z@g7aoJoK?Wz`ariVP)9!auG}SeXOT*v4U4d^zLZy4Ik2z6(nkS_Y=crp>uGp@4Ez& zyZOvq{){?&E4DYTua7p)bB9(SM6b~4QGkMdbxlU}W;bMY9O?~!iC#Ymv;y4l&G>@j z_#e52%$X%#s2gY1t)Unh&M6Gn?MaO>o0{E?8W{iD(p=o|XACy^)< zk|GLua(Y0F6-?LwtKGn;tl?`(@+7WRp0Pg*c|fdEAo4`+%Fc zX6KBp`WAI}qI49Nzh#M#($EA4=2%O*oY`;%5*)hTmd!~5<0e?Pl$0i1@wkq)ywnUW zSzD?TicR4X_BTGtyhuj>nR+QvrLCY^k*Dd`H@uz))i&}kk=`6ZnnrCYbg31#$obkc zq+c~w(=jbKPzYlvCH{n5;&Fv#2u7e1>uYI!;i5&(p5tpQlviQVk!?}-8RUR@nmuty zsz@iT{PWZ>bcQ?=aeGw+Utw_b-hmpkfsgnbxbhce!H%GRQs+bv3On73ps z3*R)B0%2F*b;eP%fF&&$FX4yAe*OmUyF@WXj+`)Uv&t5&nck+kzS8d)BvbJ}Khzb& zA|cy$Ie;W}PU6|&oWjlQxTqFJQ!5SId$8cx{(te-FSk8p<+R6UhU7JKzn-Nev#_~R z(6i}Tj_k8tRdvXu^y17^?t_VADn*lLJ08j`x{WT*nn$P#2vakJ2w~1?tuU&%-*~VF zqs6APd&d`kuUHlnM*<2d{ZpDSH#gh-Iq02%LsG}GWt(f#9fN1*X3n-@At_3FdLR|N zX-t8F-)Nu$H3hO9&+TNKXVNO%+%3b{F8N^VyMIzgZnnY)R z8nsxJ2IiGM=mc^Xjk8elHf@fz^klKc#M$QcFkf!{v(c)~kkb zDga%Rzh%meYS2^!3u@+VVKLuzp4&+nD>$rMF<8L@VC4KDY5n-_NZ`OR zeE92Awe>IQxI=p!#m}?9o=}eTICptx#Sz*+hfW3}&<>-Yr7SLf_{>x6G21BK;Lwv% zN2-o0S1qHKj|A1uC&0M4903aN?A+<@R2js{QmGW6!izi$d3D_^}=kNV2X3vBrctwrmI?FY&fY# zRmeCNu9E7{tx3+(siHtG-svUiAwkmjqR^8{&&^kd9PO%TCy;+RO;r_TzQS z9Ez-JYjVH}oLwEe(_0N&g<&aWsK~ zmA?GM5p{p`p`9a>9z6}sQ&;PJhw`U|&n3it_l8yairU1E4VUt`)bs70Q+jDz#*d_( zLs|<)zN6&a-f$zpg|ID8&BIDXR>k~pu124mvsVsoF$ZS7vnVU)c}=G5BU_QJeo2kU z`~}zsmBg-hRlDli0?;#W#+#WPt43p~f}dSXFB~h+eacXa1zDaB2_^~aP!-HR7YH?K zyk=@a?tA{ROR-!g>>{b&jm*})go5654~t$^7CO1@O?v$uo0wG_R$RaOcQr6U9<1w? z09IMrysW>^;_OTTuW<27FnPfZ4~DCK?=G_og|!@U%YA7X5aXv!0dt+fMJmhVd7Jw$ zPGt^vmL4rFa}n;lAMB^p8{~8BnVm%vwe3o%)4w?7bMG#f`aM#&ZQ=%~d6+&)2kB_X z-I{00!=YVcs8vrACsfZBFOMCbqP#C?LJwcUr#dfze}3M2Ujo}U%vhg%r*MJMQ0`-R zHQyCjkZxt5e2%tu8*?1Ht$Kfrgbi)5d}2HvBJlPSfYmygUl8B-A#(H*x- ztJeNdPbfssqn^@=(rK)?Y=uw(KgQ5BF*MfjfT8)7lnPazSR206PwiNT95>FSN-26u zodRE>IYii|M=2hgngg)qNBW{qj|ZbG;(NFi8!&znP$i(LcBnv zFZ%cX#0$zY=p_~Z;d*e%tgy~J^A*qM9|<&Jt1--88R z19ZNzm0Q|6P)t;lz(Sm_baM`9mDKId_P+WZ+kvIAP|b#q0LeGH0nL7kve>$=yQ8jm z-$aJ(@q0cllh5wPk8_QDpnHs2=DXgYn98+w_#R;`Ki<2f)Hz=^op`zaZjkP5%%6+x zHEX8|!{o7=quTsed-xY`q0EzxVpl#>k$&UJQD-fs9=P)pJlsyX6GR!2Ht$9TE zdXzcZ2015j6}Z`g#QgvfHE_X8N_abAC5(O-VG>#7NO}HUColwNP<1rSD>b8!HuI}V zyk{j&%2xpK*aYaVi=%>g?|H9C^d#+t(TC`ka5|QK-vFIB*qx}ZTUs_~dw7){>Nx?y zVd{X_K2=x(N{>(I$-LLX(&MfOD|MBZt6M`hT8DX6zRwY-7nY0#3%{lu-{2CH<*h7n z43n32K53kEDVWQYk$N~zjEDoe0r+H%eIyQr5qa3%CP!Wo19@ux)w$Kkwla5*CG*0e0oFdtMh0UVrcurs3Tg4bYYM~%$0f;-l;m5`&JvvHH=MtoujJLA}Jm>%tu`? zN=nqIy7_T`Jh=rkrhzSg>PAtrV;F?@Vh{>@Q6h)rdP7MIlfm(S zR6Mc6X0U~aI-IZncRh|Q#v>ZIe2?5>SPShC{v$Vq-&l5+WAiM&K0bkbz#`w9Ewc{# z!x0D$!Lk$ev&aJKGjYT`kq$6nO47;ryXfr8#V^dkZwin_lYHe79Z6!vof z>n|F8=Fs1Gp!4c+HhV5$@A&!w)Rnt1$$=Xec|G<7^>OWKWb(4+Ka{vKXMhIqBeU}M z#n-C17U+}m73Dja8`(>P3o}Ar?yBp-f6j)In+L>i!%{HW?7X3Uvlj%3fEUE#b$5N< zIu0O1fq7AKN}OgPN6ABZO&xvs{(Hsk&+lB()+rRRmLv8aQ{&@)Vk0U!Gyb(EfN89WO4zl&m(vuT74M@53{NHi=S+u?tsfEnm!P{*~cKmz}4gKghI{`U)zI##9C>Z5ZZnR>EpUHkb=@ zOL^*AMeyR{1HF@x^~TyoDFvVafv|_sSW2Y{cbcf0sUpS*qA0S%j2CoyS_A7Nd#PMC zd93C@RS$@~R8xBLbct5j9gs^|z~W1g5Mb0Swr`k5E*t5s`@1krL+KwmuR_ZalK7;tfe@!R5KR3fwqWw(hLC^+`_y%4j# zP+MLMp;+TsfwbCMP{;MuG=YXzerc~jBk!MChKs1#HRbIX%u%M{z`=2g zI|3GNPj|6+PnhBg&;w$ocNq~#Edp&^&Dxzl&s@^)w)(lP3vyKNO@D&r$Lyjqr4dpi z8UQyv--ZZkjl-3QZ$S@BNyl!4>?u12U@%YvLf-!{V*M7xEtC!*OMN4?XJJ|h1k=D9 zgl04wNuW%nXM>5SO~PpFV@qlCmuGc*JZ8P47blrvn}jKQbTYR-^>}d!A;xoo?(L1? zUfbB%xV-qh7P3A2P1w}d#n*?u=Yz$!b>o^HIdZ2W5Z%d$pYWB&iZ;%a0sD`N}<1UJlaWge4b+FFesQ3(O%f;M+w9m?~Zn0ijYtWSvZxM(mZt<>t=GEjJVtjBpz4dlzo7z(GWVq7p%Sntbr1S(9pK*WmQfpW>Hfe2FDS z#M_Sz!kmGAlra+7*<#cINC&(G3XVh{9v`C^n1c!VPHc1ipOcsCa@iC7UZ3ZJhF5bG zwb8@)Z~J#L>dsnPwt#d1uU=GfY2jWeUddqOfAME0J?B@AK^-3g9Duy|zr0IAjx zQnnryv^eDQ9YcuQ;?P30IBf-4dGUeST&nOo25>257oIm(7z0)6*Pd5>*z2vsf&f+A z3`8+zkTom}bpKKezkJZ{_`$OCnxe+h(qFmMLMU5VB0XZ@toT7pvYXJiVYt8Wmih#P z4C1{&lVa1LlF{?^WaXk|@e8m!m;$^e6WRnGh@j{g@bWgWW1l6|`kBD&-;043y|XYgZwxX@c*S_;;1R zQQv2(Z^1+bC&3ckZ>pha%eal4@j#bwsO%n0%2%(U8P5WWF z83;j%0FwdG$Lu9XLZxAYNG+(l>&3rOX7uotLG3ew)PiaVk7p^INlB+JbZsrW3z&fI z_U^EyP!Qdj#gOl_y~)$sDV}1Qd0SQwm9nCk?xT$Lr%K9&8srQSmL=cK))x;haUJT$5X>847J&P1XFsWw zMg}rXIBO6PpUO4y{0sVsdLbxl>B^mF7}TfUI9-AQW_$>(aU-D#w^3^uH4c+kc*eBa zebal>8ClcfS-CC^G{}Dja|;_L1kuhg{x143_HT&QQ zsMX)8nnivDyx2JXxKiB%0vY6@fU6)qY#=pT7$Cp2auq`c>2L}cp8Vw1EI5v>xd{RB zo0QRD&7rm$tV+$w&`nIkCB!zT4(s=3aBw?>@m86U8)X}J z$~^{Aa<{cj2d@;Mj0fW4_N}R>%kb~;=%fmv!`P@_+_GvlCl5^ty333cEC8GHY1vKT z1D3Z`Uu>(Er=OQMQoh&CIVM8Vm=-4oC23JJEUxWk0{(I(nQlj#yvBNj-SFcwqb5Mjgk*|pTi13wa(uOB6;h}QLaM$$hEn0$=RmbK4lGG=3e z)Yd>r)ndf^ch!04zpd)1ixk#C?QfMXX7#;3EE}(WF1uC0blQuDR&&pH_uElI+Cmg9;>FJkn$1LvEznHg#95gd zx397c1m=FMO8Md2YEd}y=?*YXJFB(tPNdW+K6jd0L62I?%bYU^62F8a6{=-1_-2BN zfq5tUSg9hzJJmsLEe9t#h@D$KaEmF9Ir!~B+3AloaVetrh*7eH?oz#U{CSX)#5=3% zQZR-z8cL=;q$p61q56`jUhf+B}~qBnl0v=r;c@H>RKQ|SQ3>LAlDAol)ADF3=8Crs&3WP ztpr5ss11k0ri70!Frl2Pol>(pt;>>E)h1bX=N1mPJvrv^@1#}{Uo8#f80$z_kffi6jcw!SblOw-*|0*(=uj1iZX+u;lKaPzOj-k62^ZGJ##v(GP6G}I0(m|GPx ze`i%NY15_>LmC{EP5@hA*f!)mv`|c=|05Tv zfa2-MQn04Z{r-dy3aFbRUB^jjU#(b_$O&}0{ao7n`0|agiL$`X&xf$N#=wE%h>3?# zoBzKfk>Z`$ zCu{=bfsM&x23i?+&v*13;p?PMBFU)pHk(i+`fx9!!h|Cx#;0>5;& zB9!i{GNG2N6O2x4+%2f_ z>Dj%dNk8@5fexVj&qo|8E8$3AnVK!Cvl?7E$Kb|rUl}0TTdeo`Ghk}tpnHKdfHof3 zl%041d~5$o<=P75K8poP9`gN&>cw@9U`+u6Rye2e&j?Spon7~`Ulyu*AI*GrMCJ(h z0SXy_7O9GE3GI4}*fbC+>rl&Co(726Uww*ixt4Y02%W(+sS z@V@85%|GA5BCFRw{`gozT|Xud9(d7cW6*N}ywvb#p_g!r|4#hFM1pLwi7JghfYhyV zQjBU~9c6K>>gk*8O`N#GpkI zIPoLTX)k&`U~|Y@Ik(h1U-Rn}^)r3v#*feOK<*1_-SGNiBSA}O-U$gmbz@!MX<{eG z4k|be0kN!wFm!3qpFPyoa6Qz|m^IWtjOlwGSImv6G28bj830kd30zGzwU)ERUw+w} zfk=q{GxNVoR9KBLw{h_AIu_~hxRInZ6YMhEnm3GMu^qlavXYay1BKEQ7@ThANZvI> z*jwc#QH>ih!vMT_K`8%q!0_7^A0&2k3^T0(1Y~hfs9#e=Dgp;cNGyYz1?+A|t=8S)8 znO|NQ0Flgr^Yc5=xU#wTf>Vv<8qwzRcqHqT#3|HK(J$(v6>tjBF!3CUmBZb~p06@x zxvcEO)946M7OZ^(v(*i|BzUN$3e46TiseOo-~(zgq}#M$GQ|GN)M43ukP&|y1-4&c z3o3`-1G`TCKUqONX^0Lyh0afr$)=g*=~Xx}OCg)1*odqKybT|MP{+ri(U6dd)tV%HX@jC5^)LHr+U7g*Wtw#gKL81v@CTcGzp%awhY7rOf$Z8+q z&k+7i0a+9F*6$emJe@a++~<(;=tzgG(8oFP#aVvHjL?Vu;SXmh3ZV20vh&1))Tdyi5j-unD+t=#L*NAF zcE1U=5=tUbzvdayjo-{mRw7 zBXmR_>y@jVW?op(dqCR-qC!E|)ai$h%+zfYDTbhuxY{*lwX9Ab;Bu)|oZ|anw+brT zA+l)|s-m-ukSqw0xh94$g@dlt##AHR|9QmO^`H&ok$3`IzUq6$;@F4~-9U0LCbOhu zOOV1&68c-BJ90B^Q96V{?4A^OV;+i9zS)`IKe%5OYobat3zm^JxImSSpfH?8&PZJq zhtwI_yC(sGV(vqk%u7qguP%MFo(V1{$WWh=IfcO#F=Z&(A{-Bv!W9TXrX$niD9P{) zO+X1m*7;TBcT@?nkJCy%oEd2B#NtXGN(v)krDiizI|+@SS8mA=LFa^PEY3kUm3xV0 zQE+RQz9hOQ@r03{(%v#zNcK6_z~b^fTn=vyIrugI?=>z!hCqK|l{tw$?^rHdN@VR& zs?LcYDy}>S{@U2K%;Bjz!3+mSz`h1z61D}y9ot*|>C4+k0_)=4#1h{>DRF3XA>E@M zz8aAy9d{KE(W{;9|GQo*i7uGa#l!$a)9*KVP8*)nXUAKImigGmkRn@+4`sQF`5hz^ zy|}|z9HknyeQ@r2PJRZf&EY_;`Pdl7sE(9GgP(xO5C6OUgrRTP3qr~ z%X1V+vkFcZ22}VB+}v8R`6ns=Yw-X1(qA3M{}<=}i$Q#~1UgM^T>9?!X=8x+gng(X ze7?yxuWj@3jLiM7H~gk|)%yFr*+IC*&@=-s|_!FId#uM?!3&-Ooz|DP-GuMV}3 z`Zj;_(<1>c>~!<3S)X?k?*FGoX;ZLoz|OB<rq=*ILHgd3LkS~@t0~t0QuhJ0N`@|KFgsEaOL5|cIGyW_e5kzL6fgklR zBkwP4&#y8&6aU81A~zHXg3}1g`($uE_qZFA3^K!Flz{SWe~*_FV4@|Y?3K@N+2PEX z$Q6yW?a*O%Vg-+;jSF2*dlpDa^0`sqiThM%)tYlr%Hd)!9f^{3Kj`Z>F*MoH{VSsz zEoEzX{rh5WdsNd;2y)*iswWL%>$ovF_f;y>u%D8YFh%UIo`L}|vTz#00SbmDIWT*~ zUH3oOpN#}ZO=RLfxeE6*`pz}YpPv%QxyffR5C==L_e$;S z1+8|UU3jc*_3PMf)Mo&<@IHNE{xLH(k3D8@=r*_hqgE~=AF)f}JlTuq+k-l*v_bw5 zf_Je{WQ{kfZJMdh2zBH-4h27JSoi&6FgBpXr1;U)$EfxCE}ujD1G-4V*TBse{=|P% zNf_brgSe`T9bZXk!Fw&Ei`^V#j7E~Yu3?ORs_2vpNi}bd>>*&b4`+edA2wndb9ZH2 zH0tr%ywTW?XFnh~kjAU;S&+n1>$KWq9~w;{w*thWZJEuvWs?7G$qtbxn$}v_J_-7c zxF>`NlFzQfqy>6|F|Edr%WjnB#C$$1bzm(SeKK z_qw>qW?OiBnyyAQ#fH_G5kKmjrq7rdO)LufdW~X97eXC#6>b1~&xNpktAJ%%S@V{x zaW7M*v0Kwx29$%5gObI|4RBfsX`#bf?^k+fy0uTACzF>-zD@KghH2t3fxrn z^)!20xg%`bxa2Q5k>_?MW&}KZxnuXpz}bv>`FUD6Fp8yH$nWQnW6#(JSWu-na=1tN z2k=aLQwqLEhxsD*ZJ<|-tx{^#{ZgEuccU03S&9SWJggdz3^W)H)3{z$ejrtbs3?q_ zP7w7>P6-J>2s>=*J$hY&UZX#HB<_ayEAr%)v6CFCUwh~Ucz-jX)-8mA6N}iDF$XpS>>j!aGCUUk2C}EDyjR-(6sqoN5uLIuz*A#{$lPpM19UET0 z8qO%kg(e1%G~*DYdQ=HKd4M*nZa?p!lGo9Wp%CS`LA#MlBVKH)s=4s3KC19vQAEKg(gn4Wo>ea(34E@dE7!)P$!7<8RQO%1Ij2&<6yJ!n4?5{KJJrsK984B!D5=6X z?rJY;twd1l-GqKVTA8;+lc_WJjikTMEYY`)_^wCn7fA#znQ0S^8kK+6rkd{IFlI%% za8~#Tgihiu5wdx?qSiz8?TXk{{g-aN#e2tshsXV zhAr|t*%8egfU0yPv#j3$i3f0UY!lD@UXW3Z!yE)+(E0g6OxR(_j)>+7RPl$%en%Oc z*67Lc@c0z^YO%{Gx<Oc~%zeOHQAyJiy5j>-Mm9BS^1Pi-`HiIy7<`dD`4MFRKJ!a%E6HL4^GQw?oOtUNjvgV@H`Z2ZJT;WDub2 zWVi(>(~PA!t3qc^By{7T5qq7W#vVO<}Z>7IjAxkmZQ~YRka*j)k4Q9 z8dweFu5&n2*Xg)w=kywEoYbx*q%UZUw!hK_RkEC0*Xr zPSGGAn7E9EJ+)+gYc7aVwppeWjZ%_a;&6a^Q?ZPdKcVQ57`Kp1uC7wco48XcV~L^U zutcFm8jU62R16i?#t}HK0XNN==>?hjA;T9Aa8Er=#6)SAoXD)VrRn9g!Aw9}4aF>w z;_`&?bT6cs6Rrgfy)bk6_AzAOj+NNr_cR`$R?pk=`rdX+F?f+O(*BKY6_=njok4wK zw1sdMjT6Fojj}{!`H3aA5y-2TsOR;bgK?rVpwcpyXtOHI&4qSjAqUU~I)P#AP=`2B z)Jssqkc~TA-K}n?yWQz-b?8)VO%S1qyD4+i32}9uIHoR*+`Ir+w6xP!?GyW-NbZZO zT{d!Yq_aXJ$}Jn9XiTGP_$IBZ^zEE>pA2f3vq)d;geuvCn)70-3Dc0f*as)v_5~x`9k|i2aDeGm;kUgyskT8V# zj8^@9qUP=p`xivU<7nIQNEE;1p{s4s$|>ZU%s6rLMyRtwQl(o>)fG}MZc+Y1EBb3& zr&x&f+a%Y_U$U}XmZ5@oHZmgZ6jM7HR*g&a5{5S*od@6rV z$rL24-q!QCRJ_vW2&*I)TlG5@5G^wbqJst#q(TVAw8B}++Rd%#J(NWqr|p#D{YXLQ zv}9p&`#OzEqA=e(Vna_|90gWr9*`^w(R{?FB4ppuNF4lU>urK81P+v<@0~VQ)j+dw zlu}o}5e?IS5AuW0VG+?oH&?2n#i3a%n{yKr8kJ-ko-h3=QReE>+ye)J@~^>JIw4W2 zbW*tu2sWEs%mSxW?f~65g>%gH3}%)(zW$!!nV`@ZPlqi0;fIdioTUZr03w265|b+T!izNN`UQxS!{P8L`t15i+P$5JOz+1mChK@4nQW=!iZjpMWVS^WazX} zDF9P0yTXwFQwB`TeZ#agOC!)(S&^G$8Zd%VE=<~t(wKz7DFj57;+U#hV4}72W=a!D zSDX|Sm1KM6-?~!;&L{sCA^=owmj;o!AEBXV`9l9N_rNO2b{3pvLFv$aZGUVuY{)L zeFVYPIsJnOmi#l7mjo4AWke$!(mzZ%F1I9*#FxHUFR5g*>LNsP*f+Ld(#|yc*%Yynu2Wh3u@N|mSPKul{RF3!Whfbv>q_8+ zD)w5iU7oP3=(UO$B54nueu@H|V#KaQi4z(Z7IH#3NfAyFPjQlF>b~yO9v5lCr%#4( z6i<}SAju*v=^>m9X`0{!3|y-RN2$Pq(hH5XHyXj_%`j?J&k|)%NQa_QcbM_nkX@_T z9%DEd^?P1V0-@w8pQXCwV(W}irm@5nBPhqKbho*bLHKMMXQ1v?GMLf#7Ns(f;j~<) z1iD<*QZI_a7QD=*v(++za!*|Wz-b@(7Q`Tk^J11{+Go~WluK5OHaHQJKV(;%4qPQj zH7)$HPhK8KoU0HGz)a{ znbVsuxNKFGg3Iz)cF_dbzx{i3^{{Nqj{-tE`QUTXp=>>_uB5B0`;2KgjpT3McTxW? zn^mT+P#+ePBbtZ%sw|unyzw$W;2YU>Pp&`JmGQ;seFYuh2??=^`6pL2{*1j890c^1 zK;s+DwCKeO+%3kwFy$5~x?F%71c!@D;cpRg$|CbHqO}~)H+I8cUE&2a^+5y!*Ip9- zf<485upS8$%6UE3gNFO-5^C@`A`EroG<4Xki(JM}2@;CKTf(}^&;jV7CnVq}qK<9I zIjk<5b;Tcj*~k~IW0Dd~enrLMg2WUUX|!--BAkRW24#$4;)O3*kvHK@uZa6Cu!MSE z1rgJpyZd}zesU9U#t(+QpU%+X4`(A@cj#yzpAZpuj$$f2=Rj`R{Rxi|fi0BWbfwde zwHWj*Y& zq&F<6?up<3uZCyD(s6gBf{Kpv8Bs?X{!tC=-37?LoJP$_3^*(Af7w>AUs@VlcA$0MXyg&f3=gVK-_KHQ)-|MAMia&YR+cEp9n%Gj8(i*K8e`!uDduZw3>vcs)8xisr=wI+yqm7h zIoq|;M^377%sKD^rF4DYeu-;A-gTS(DR|~5*f)yx+=%oSLudH9zk8n2Y%_A1TzlCnM96U*^{2Y{{p$+fe63#QQtz&0^0j{nE2y}l(Qg=LdGpndNqY(pq|<6bQGVR-MuHN zFz$9!a4@>UA=^MW@f;zJ=4ZZ^L_3|b3R0Nrgd(&^i-XccNrZAEStQbF_)qR5pK(_Czk*y zEx#d`P&O=Pmd8jdOs!$e!I#w?|6)4NsLxd)x1b~+g_5yWSk~B ztcwOuB=ff~G*(^rYN4&OSmY_~BKYZ@h;R*JOTqQm{;Y`bc{Ty0F>VMY37IM{E|sP>10h71yvEBJ&cTvh2eb@d zLX({g*%xd32&Kfgm*>|?VcIJsqWZ%xj7sU@ib-sh7Ss?8nFajJA%i12W5DyvBC{xa z)M9W094FGIO=y;S-pma{u$x-x=w8&)&@aq|k(J8hU8r)@*ZewwZ+Z!E+`^lodbNTu zNoF|K$fNP}f)_JN(AfMa`h3sX#Sih+$ySESa$znFq~gjjV|Jt_iEjiqya0GE`)9G@E-vgYfHqeLjPY12Ef+W zV*ksp>cBF{fc&BXZ=eRcTwxuoYQKnVx{l1LoY27MNAc=vevwE)o7fj3#>oLkJ9L`c zZP_L?=UAABno}HQELsJMly<0THigcF#=zDee>guJp>tu4l{E$@2FwfamqK)(N$XG< z_oaKHS{9sbEX};pQ-ouU{|x{`OP@k1Y`VfXPHx6C;keo%ile4;+|$J})`nBG5xO(D zidUz5KVAIqvk%A005@d`o!jd2xf~e~_lrdx-g?INYT}=`rWwXG#0g(JoBBI zW#>}vBod!N3uXgRpF|w-#)j`_`jUQvSz@vK&y?igd@$PngPY8{7 zx1~R^(gz9siI5|JvC(IcJO^?uzjveDQgJ{+ZCffJ#L6nEFK`nFvB6$e%~*$u3Muiq zpyCj6Y4Lv)lert;zcnC-) zGw*_w*~qA(B!nvs7@7&~9^k}A;}RFX2XxBRcRKB7t|AC&2DVgNe(7jBFVCYIt9LN% zbAy|NcoH%QNp&%y@kI*WL`?JJ0iDV;5OA&aXvlBlR1QM9?PEIKudHY)y_dI@ zk@6OmOhb#wGZ}!KIjVI%9IYKt)pOQUW!w>@ugnJsicrzGrC zfLI4hlNEuYwW|qS`GpiJC=MiF)s2W_R2N!H(GPa#7X(}mve9Dyg2q!flre4fM`5(Y zna%tQZA!C(-W}|nJk=`G!b0EK^xInrfb-wwga z+)SMyBi|J@_)-q8f-~~=3piIYHnoVr&V?W2m%MO~Pu!(brS4xrm!dTQM+O{DWbF1! zJ@c1&VK);YdzDX$6c6NHZ|$;zq&;;ldk$Dl`+J}o~sNfJsLnLwk$;UoO6`|Upho9 zm`lUC3oDjMFAEtKUqqcuW_XT>igp`gUKG-%4W@i8&-(Gr$iSLB*ZW8(L&-mspmpP6$Fo#DWF zT`=Zq@=z^VyXVc_iw5kOeH2*L2~lj$;$76(DOK1RNFyx1Ezbicf}slMHW3CDPRA<} zA-Q=syb;nd<{Sc;1h8^T`qUF!>SIX$lj3hlfQ74%-v55iUD0a(c($)*&~VRP zk;^WNeqC6f#+}KHF`B#amE7urNf&wB6#J`7%f; zE217zKbLP|Mgw2=6UaD&Mh|Og7+}WGrMy9X3vC^{bF5-;u6ImvPd}MQrcfheu~igk z2@Ri<4Ma*Ifzz=pkcRwU2+}OxTnb~EG%?{5gNnhVC&8}3WeL_CI*uk8ArWzRI7_84`2QgGtcFLxknM-a*g8p}8g{2R;%?^|#p{VJJ?+P`Cn#0~kUaDnOG} zneZc`G8G2jAJX?=@7+7$^$Fl|-XI9F4h81L$K%Z9uss?AO0R?-JG1DJ{I49hkxNBR znVO$z>_#&%rmCr2J(D=Yod{fMK;!^{>6MHkPrY=2*^fuE zCe-^#J}Oy-tyRSWNOL3zPhijjy{bg>z-*`}hZ({w3)eh>3>{m=5!B+eF&K+B$Bin! z^m&u-r}@BHhQg}0|6C;2^r3hjLn+;%)fkE6dF(Q*8Sy%sDX}2Sp&Jan*hAN>ZlcYK z)mp}7SCy*xCtFi1D>|`;%&Vd85p@Hg;Z;9WX)X3X7PhQ(f;iK6Du^4TvH)7gmm69ybsJmB1vauoVp59I>NdWoEI~4&gbWf;j4x4LSq1As5Z|DKEYW)ePh~jATUyli zSu_^gTnA5+P0W%cT5VBRW!e~1Fcp>F1fg%hY{X@IGk7yBrGS<%SI|+2JeSG)+J#CR zB4i^#UorNrCsu(>@QeJ|^{z6d&{@G@(&V5Eqcd}c3GcsL5Fi=xWJMY9s}N^d1Cn@% z43`N-R~Sc~O!-`*en@43lsio#UAcv$WAm%X!aXPaxF6Fr^idMKlL_(o2c0QJNmvbk zZ*c@b)gu{##1ug^^+wa=q1_$I-ZJ9)oPwd>JEHC%>uHYvtQb1hKmKrjc;+OZlO_9T zi2uK{Gkjf$|2*8<*?o!s{2b5FLEqs-_`9qcna;F}DZ0O31wp)K`8n~Id@FdKBNeN3 ziW7A;>Gd++_x3i^@O8CTUVZK&2i@P>3r*4>;00xw9tA5SeoVaW-a7m);^bXT@4M&@ z38Na$VPKE?82uArZ$>+vO_9&*ySxdqyyNJAYzrcD$r{Lzr<_XsrVfitdwXzvCQcYL z8XMqLGAja6Ee7ed!B#m*UFY@|k%}LQ|TtBnQSD89h?Inqw3+=n>xdj%nx3v4y=VwcSv81=UmF#tETzZ;Ix$J2LfY@J_sN1fZ- z9=~QxacROuT1_$CNT~oJ+2Q>?RKuY!{zN!nSeE=wh6PkxU`+hWVlp%TVWA?H*GfqC<5{dkJKJJq0QL414SN!@=Rj$%oVPx3AVrsu|W)n;q1mq9%`DF7-`K0Ov(lHfT&$`Ut8IWd;T$NZiAao<(& zcr&VI`jv!g^h#q=Pjzly%;1vsb0ZYeM+us{HzGX(VT>7g0oy%xp0+7CyHrT z!L1!B)I?f@52o^B0l_FaV{NRp)!eDF@E(BF>o&8xnw!PESmN-@u?I%Z;5bbsHi++TB?xWGp6w)KuuLtA=8po5su_}Yzq z^hzO11UAhPU;Sri%R%qxl!Td0m}awpmtYBw&`?LR;f$Ej?^N(=9cZ0Qz*bhLt<9nW znJmG|Q$MmrgwRiWr^iRf-;J_pPa+_Z6#Dpo{p(+W5J(jv!-87^GhT2iL#WWAe$0a^ zqP~zh$8!>b&>7V{W{XcbYGXcsZ+3p^XPNt-X`8o9ANBXY;b5>+$p5yvxw*Cda{qgd zX9ba7Zi4aCOveQiPlK_-RGED6)kf_vNO@FEbILcTV0 zZ%Sh>$en>arS(<;bfkQe(=(&R&R2a!m=%KID}ozmN9>1k5gnm@i z3yM-urbv|~w=lVuA8usBb`OV$>$%{rfAv>@{lD3T{6z?@@w zJLenPo8b`xtiwV${2ZwR)RY4Qp>sO2T!xiA!_mvW!lH3RLQLQ-)Dq?;wMy*{C2<;h zXm<<#B=fU$G9jN)x7W3gqO-58mb7hC8U#0pPo6MSbR*$q<8*$)qID>r@ILq`7#d>_ zLJl!H&t(-CQVD_sY2^iySG7(FLu=9oTS_p%j5EUCy3;wDAemTEG@`ji5k4H=ktCTx=xzI1HQ>~k5Uu3dO$}@A?a}~d zl(P3X)-ALq`dwz7)$Ss-{)~x*M3-_OyG-kR^sW&q_L>QXQr*honAjG7E2?p)L-%z5 zM;CQ3x)0w^#r<9geN_#7Sy58(}joVwjxYks1WZNZhy{f%X++Ol)qtLQS z2UNPlTN|-2fHvbl$1Hgy4qyp1p`zPMcu%!B;jlajUUCgpZjL>jTiYauGMxelIb^;8 z9}Dwhh_h#09W%YCjJ`AN+z>4%w~ zrg}i)yBN(32Xlwb#AO3+v!#V0Nr)6(mcQpi<#sa}Cz&7`E4s3$^ZjPR(z!duPU22^ zg|a9?Cw4Wi*jbgk;*nu=aEJbr(gYXo_~jmi>8IZt--u2W)@7;@RNiJr#vh4}g#O!| z2h{~i(uQohR228d2`gf_XB~}}N0eqLlh|0QDTz%U1;-Y8wbUZZnFl@flFK*#r(b}z z%SPA_DP**rkf&QxMLVj;udq{`q_NOxxKR|-C?>#W>u46jU3cty7RCo&XGQaeW$wDP zcXA{PG3R@isjAZbRiyh6VW#?vVHcSkR8!e%R_2vQUgUqz@z^MKM14E2Z-$BHbg7t|)YLx}%682I$!3UYRj}AD zVvdD9Dp(+hJ_<$&WuB>6>kg67$6E#qQHU zxV1{Thc)0#YV<qOci>H7wUPuR8Pl0Da=E@9l?XKnXA;ID${Fj?N-Xp`NB0hI!oJ`9XYzcA2k#f z{Nw*(Gk0@mx2dpzx~m6iSbuyG!!RHV{TyJX$8kebnf1DA!ETyVNPcVjZk4Q-lt~i$ z)P=Ru-9X*mDgQU8ZO?V%=vE5jx0VA7D2{>+)Gfx=>HaMJ3$&M4nZV>Rp^Ik3W>;Zj zVaCmr1J;pLMdlZ6reVa)EJIbISH@nHA$PUufEk6?q*wMTb~SmSJA*dmcC^YP+bcL! z7OUG+-9FjQu4=z>TU1r3+~M^j_ziaX6Ax+W-CosPdB+?3wLd0dpUvbRf-Gg|6YBOn zzSHJcK8aB;Y7_7e{r&GqHkJ>3qrl31@EPO?X|Zd|BdXoH;A4~7{k^)vHyh}caJ?M8 zt!ovBi)=5dox)cEZ$r-oLYab*e-kYi__oG<T%`#b-WnM)6 zGC^r1`*r+h?i^?^AL}u%XGS`<91*Ikr)Bx_tya>`e6h+yzy{-QK>8m6^wMNL*T_kU zwzpajPfLKB`*194SX1o$-g$p`{{4r8BE5Zgbaq}S_-^l;!*@2iTnCnLna&7$3v6Y6 z_vMWaFkJk&_wM6i5t7?mDQ8}`?E;Fj&c6Nd?%?pWG~&wmk$t15ZlSHy!?O<`Pxnhu zcgHlDH6X_t@uv*#$K#{_^YIW8>OcykHd9sAbhipOE#|M_;9Uk(CsH(H{b#F~zp@!U=V9;)B6lmtVO+i+dfhT(6uulm zf2JeI%1P=K18#oraWbP8wttCxj&88^H78%=NpCr|O)q=NsUNP4yvJ8bPdJIy6fOm< zMECc~{Wk;azuDPr3g({pzEsojALev!gSTSD%c`|~v3Gp@;e7A>2$H@mzsz$z{BGAf zm7S%Un`pIV%f@)6Q`s8X zG@n<+XO)1fWGglEbyhZDK{oX@uU}a5m2KRi&|Lbzfs(|CO>fbRIst(NfGjOV4dJsWK=xIz$*0zV zE2E65-mI!wP=~%M7bFw3Mq{)#bJ-90MwRXU!f4oCFTI|S0C(5d%gD_d?%m#I5Lc{( z62494a-n`dQ^`VhD$9cImWovC%`DdcmD6Bk-O8bL?F!$p`to;((Ky))qM6%>E$4w) za%_6&s->017%oB6maJ6?Yx~9Ir#5wPp-2s^Sq$5!fmFBG&u8MaK$$PlW~=H%6iWeVCmRebqU9(;k(}a377@_n1lj^RGu(vh6LNuf5mJPAtZ8;JV4j0aM-(H*@?teTz zI{){@-og8$~KC4HQr+DXDOf`j#D`UV+!rDT{2N~n? z6JT8l@6S)3cH7nVY@bo6V%bZDT~q}7$(QXzL9bYg?N(t)8mL`qE4i5OzP-p|=ARv& z{&;wL@$s~zXUU?2Hm$aTt8J?owI$h|;R2kCrrQ_I){S9*@7=p^_V#~x+$fd?y9j9I zi1IP#bF*jVIjXF;ak%(Vtx+rU0hfQ{Zedy3nM_=^uLa=4frTY$1ymW9t~8SbfL>Ku zk@FHV?uTf1U6!?QW2UnGiETLB*=v@85cB&uFq(E24i`3H0SGmfARh_98netXq}`iVSxeR& zvKnsWO4M3xTlt6z1xMfFN)+Cj*NGd~n#%Pu5S8#TsX362Y zwoXwqT56>wgI{6@A#`ze)W}$oI*+$;21O+uSXoTknOcIs6np6#`ZdLwf&Ye>;;eU!lm z*b-I=;Y)okCsS{hr$78)>&fhZhSPB?T~%v$wrWv%?My81OHd{LuI;9UP+LKh(ZKps zK2NKQ^tadw$}%;-r@ky?yeN_cCyMDWB0+U66uQ_5nPwMRZJU9G>ceBCfs1>z1!6!-tY$oYDXT z&vZpXe}rVJ5&pK5g~=PCy0CN|m7jwXClPfpGsi2jfq@Rgn32(K`=wo*nM(3xyr{Um zZ_pl+8V53-&!nZ!B9Xz%0*O?kn5V#rV3EX8wo19inA&meZk0>@)0GQ|o11}+8s zkASeG`*T6_pPT7wj1&%!Y^DdO>?$LfUx7gMso16X>-XNu4|*O*|Hpi0!)d!?po#u( zZ4V0ce|!7&OZ>lQc^*aoZN&W>u`(V;;~zv*(=tsvgSnk<)bjc@xl$xut!6`eXG{mhT>#vko80(xqXzjsB#`#ci&!9ao_;YH^l#b zbOZ2+Q~_O0TQ@%2M+|jIxNrmFce5IXwFrNO?(fmtj?J(kS3;R`tSJjb*_<%@t1`N? zWJN9+wB)?{EH*67W{f4zzzlt2D)NvQY$vzZP0N%jop*zWUo()U3Plhrpj!^CDyP0S zNUW;)+XBjvsAvzi%lqVuY2~l|l*JIJ8HWobqwq4EpdL;qHY3kE_r`}~qf{SiYEDU) z(jllhzalv@Co1?rSuOePJE&7-$<@Z0x_-#7%7ryDZEn@m5GO~z#j!e#1H-S{OXC3b z*wqC6Uvcr_x33U;NiQLDOw$DI4)mwF`x#zm?{c>liRJO`wnxK+uQu69?|anU^E@0S zBjiR=Ks-1K`rtvWTheXGb`pAp!(0=lsA+`6cO5EQmoK(xOcifsU%=KohdWFWoPRZngP1hKv#Zp;z3@E(6&!Tq28+ef=g6htaBx0k!4%y(*dEbpl(H~tjAZAb4 z<_p(G{?+VMz2|Lb_4HfGd&|y;#va#!wY$bk;pHG3$p|$+Q|=JMK3eVfddT?-^?Lok zBG&I_Wx6BhtBw2%BY=6nvF=8Hx~fr`ACR$ZdeH6IWq5ZR^?Z|B$qD)TNgVr4%2!$~ z&t;*o4F7MKck*%c+TI5m_5VAY1^$0$cXRiJ|9_6B);5|i+zG$S!?6Lkdi1D>9Z!AR zu$W61td5tsh`d_zBJ!$u5di^HNir@RcTA`h<;mkFyK-b7zNKmCb96$A8uV;2Pi#=U zMM<2hhz8QBN4O&ymQ_ID^u@{6uR_#aual8!{>9=*lDC_*ft%OjugT@=e1|nZz+a$s zg9U92m6G)cY()VLf;v}K?Dcx3i_8~oUA7ec*NKdm696^P|E-(`qv^#3^? z!FmCeFh%|rQ~C8a-T>=GD(^-S>uXYfpjXfzMzUmjiPYp@mftD`O23JLL4>^#m{Gwk zBCjb>FGb^uGyk5jgvK{zj{sW%QB^tF2?WmF#GAb{Fj|4ra&BacZF3GG8Fe{JVmHB4 z8M}kYUqz%OF}Q_PYW&pFkZ>EzjXyzd2oD&<8|xq<>RYpPXMnyb0SbyFbMh5T-VA$J zES*cid(KHvxz#%7a+uCHF2mq{+${*|yX(-u2qhONE68i+J&k$`X|sqDykz*D34A? z=$MAM#F8z|x=3M#Fr(R5t^Xm&)ywn5&ocBs9|fq_S{zVM|A&L^K{5aT&hCr<*Yi9r z15EvPSNcM1so#cf=f~CdzHh5#zx`WFwwDFutN+%LfqZXE$_a{3Dk3?X0t z3zR6dAD~^nkgxwokv23B<8e1Ldr+4GuDu!d(?A=Es^9|V>wK1y`uc6NsaRv*86G_b zD5Y<;@Yq`F)`XuaH@>{j(elH!rnRsnw$OGCwUo8kUf!$!ArQ_eOZEcdGSd#*c-a;* zvz^C76~%9Y1LS?by}S@Tk-`g&yh?;S>tj=j^e<-YpC`PcFWcA(fysryI4&`eRve z`8;=xGhWK{gNoUK+O2qNJH@;~l|wBqepHMlUS95X=Y}=DcwrZnqKwzZaV@lBi#d++ z@xk*De}8^{a&hwE^t{keIm=)T7?#+mZ7ey9_nt+0k{V;M7NOO)uN4rLmU6|JC?~~@ z+%XAALU3Wm5%OaijnJo6HwadL&V2(%qm!5{NPwsKka=z(%@@I-Bv)2N%s-_x0aG8? z=_9cEFbdl8MkyQ_q44|3JSu=GFjx>GB=cxu2Cc4P6SI(`Ikefslp0}g>rUZEgc*I) z^6ab$JzC&xD`0H8E*cR?<*e7oA+77{Q87u|Vx&4wX*(c|2&HP}HLfjG6>RFixwP{U z^1l!#*EGKBMR1(f$N-!CzqWUGivHi*yD##;XL$_$&swb%aJ}lgTn2)vaso0Z$x%3s zF%vON@7lb zJv52wTseGcfm}rWv*(bEwV=W|;gKSdP1oG4Qe}skGm0P#=Qk17e(gtkJ|w!-hXN}r zUOb5Tv@xEOT+)YLwixo0p&rYmob?tREv?lXZkM^y!UC{PdG*xWCcCN^ zE!r;n@I5VMIs8%x3w}1bg7ai0p)W+GKvWLZTwsHwtcc4G@5Af+kS7R?FpYp@c*r?z?$s8cDIZ1 zpLT|uFYzCq<#~Yq|A{QM{wR8XwanY={|hx9Y6qa2c|v=DqRCe~ZKb0v&_w@+L0Th! zUZ{F|t7O>5A@~TH^@DB+)-zNm&TP?KG0SEPd%X6n*7mcWHA~Tdab;UF`cI4aKZBD0 z*XHhv|JSoT#r-d*Sdo4eq2m=N-p4W_P+bC+tcKhyuuBY8OKwZ*!m?kmC^7Xi5*!GM zVJpn<0aX>?o2~>wpm`N$D{p+&H9~y7cX9-!_YLifvv+bN&qC&W?=sZ2-8}nJ($O`u z8K@?Eg%j0!b-gvyNh}Y*7$>d)MT;JxMlMLJSp$Dga414S3CyN$gBu zdiEuhHP!oLqJ63L_WRFK5veu%to3FrEr8w^;vcvS{~u0C_*pvSE^`TJ)c?LN#{bzG zzJBrldzNSEh&*yx^u%I_V*2@}r}M);CsU`v;($Q*R~=xRv$i~|aKPRUN1Nyh->{2cX^7v>Z{Yu<;b1UFBy_!mEb!Z*kLK>@3r2p$ zZ-;}aMh8DraGXst3c%kr>-xhtKkIthD7!leme1fGSekb^I(vJeZKyr}>-G$4%m_$kL_2-`P0jhe8L@6V17(WhZ=_vioXbPb%TC6rvuuK5 z9bZgHklXAF%ois|5={06~%#`;%{Jzi-KTbfTM-L;>K`NuJ_+9!kZAMHsjNolW=e0k^s0H zfZu$R&(q$bdUYTsYi;-Q$IvZwpL^E~K&gqGgyT1i7x#M$Oa6qFm{G<8f zWPk5O{yIK9zxd|p_~7E~@bt%{{X^sR>E2JO%D>Mp_P;;<@Zns(c>lxk2i4x*$AhEu zi=R%9&JVL5z7;*>JivNr)l&k?RrN;sdg&KYOn<>%f_?qQV?_TgVhie@KD`dF-Pqqd zIm#MP;mndBp?8RQ#=r7QnzS&_W{ST&I@!;^I5|2n<}wZU*hhxtK^dp~=v_VKZ}-BR zRX9oCkud#S{XLDM0MBulxPi>QT~&0#MAp=*?^Vv90@#B@iucsVB}*mi__E@eB?H8?s53+|-1gy25+Xl+Nn{C)A^eDW88td(#vg73WCq8{~_pmX>UJ) zN5-v=IA3-3UMtOs9+M9VJG4c0b543wp?n zh`fymQvPW*vmJ)`G#Tkv1&Wd-foE$D48;xYlG8cUgA@WW%ILT0-gZLEfBn3 z!px^`_h+<%x?R3NhzEJVlNm-HjWOCgIYLujFpsQHT^(wXbvIB~Tv}Pzz|^Pi6es-K zH9t`J9|2)Ww>0wHa<y)JWBP5V!=8=`&Hywlwo=DC~ z3*JkksvTPMmenPvOIsgB@pU@>1$+FO)PsA9-Nxkvdhl*lU#mYo~7u2ApuY8 zJ{su%U}vWo|7&x1_eKBrEYEFY?xqUYfByM_p8q&pJTrwCe(xV5_dh8%60H`!?@Zr2 zYZj}5*B#WkL*w0T9D1fS>Pz$TsD75;|I15&n)tunlKt1_;PuYS{(p|=_Rp93?#T(( z?@z3>bo}qL^Jm|oulnRT{D$_n=(6e&0>_xz;~lwLgzu|GHg~60v+&TZh+x8I!2bG|4XI) z(@z8a-x|Cw=KtH=+?YP=RYkF{erYDccbZaE(H#Fxu&JbwLb-1SP zI$8s}CTl^J_O&s_(^65L8sa#aK}sqI@Q%9vH*VmD9*(;vkd}TD?Gj!!u|{JGn*2L! zyS8d|VLWX0&Oi`<$}bJ9+_Cv}RJZD?TCCE{_ezqRM(kDFgsYPHbAsd04USIaP>dIK z(3|yYB5%}3_gW&J*P|nN*<*IewD-VHRj%7(>O;JMuH=p?HeV=0?D8E9>GhVfY$84p3{UP)V9mAx_RJEr#z%Ij%k&pK2{ej;Uw!08fbauam30Z9t|9sm1-zernIpSucZO06|eju{(JVCnrzo?0nr^>8mocjPiTlxMlgJAk4nSf#)h;y zRaHd&LMVgQn?cc?%3T>z-%2bNnct=wjl7T)H@_g`(yy-6sp)@M<&$S|I()Q8A3`O! zM4M}3YxhLm=+e%C&_yY$Re9etG|7Kozb@u~+TMNr zBL8`or*NO-llyJ#&ha&kuNo6T)x`;J!z}RLey6CxaT+>orXvRbFAfUop7Vdd$8M0! zx;j>18V7H?GAd(>Q9&5cnP@{rHuR{E-@aPAp5g@cdLnFWFUBmQA;bJl#7{@m>#0Dv z!vX&h6U@*My}C`~;2v#${r4fdL+dI=&M8GNL2FZxw3^e&{$$q9P;k zf5FMVh}*un=YjNpsZbD&{NH9-|M!yr?RlO@)BmEEXr+&1Cfs{?;D_Ji1dx#rY;g_5 zVfVYnGyshJ{BXkhi2dK%6}*Z68|)PAzjroY?0=r;`Mvi4qx{2v7c%e&hwi0^_SA0H z{9gNKwqkmD9{N0x{x4+;+Qk2Dm*Rizyxw~8|9O^YY5M;KSctw5zo&a1w*Q|r{=??Z zZc+ZX`Fit(|9h6_QS$#2>OYQwdkhUIY3#c*9Lyay>(3~?>W+{&s8UcAK49l7$zPeE zJdEyz zdGD_r3@zf@hSb-#eUf?`Zypml*PTpANRk`5lH{+)w3yHU$ELlH@nVT~JsKu12_b54 z5q$;QO0|dh1L&6~nAVj61@7-hl?4)aD(y9OdwkM`xW2LFtZ3GTN9S{wQ;ARAK8=$8 z*iBe}OhWjhyMekr2vjIf6`_yo{wymC>GONOkqo_i56$_T6R`Ca6%C!dz*OKMmLO>{<_Aim5O<6hIR1jUi01R(;bfIeLmJ};_R+-u?`#$0 zzwmc2=l^p&E9k^c5*&vNB@~HiM%ObOqH#(BpM+Bsx!#pK#mwofpz|4Fpko4$R5rsw zfTjT*3)>VDPB*~dJRu7VCi%vDH}pFzD8y5dS#m9k@q~QFzM!LjU3U=Qrig}6lY@jJ z9HW4Q*y%V2XBTG)jd5oM?bG?3hUmxrGvt$)b(|?l`tYv+zvGO5jr;JgdNG^!`9JC> zTZH|rp|R^-r4gEt0JF|l4!e#zUpZsfWLyyDca`EqqV)zM_bNt(;2RF{1K+%lDWH>*l1tB zMVq|XAZuZVx6tYQo2F>yF2t~XAN6_@8hh~bhNdxs2}=QC+3dIisnThXP7K6DTVfD? z*4eJ;tRBKGXD9)brhcio(R4a@=)~n$fW*vtT=CqY11yq*^G=$dJDtXC+2^iv*K7YQ zQ}!X{jhdZ1bg4WxE}O@HoX*EM=F=F0fpb&&%VA@qRro@eO*uv{vwlvfkFpHFXih>h zPv*hx&sxVAKUCyOE|ix^H4aQ3W&i=U<6 z;iNl4x2Vfmdk&;&>$-uu{8rE%p{>DSfbLP3gd`zuaDW5%<_vo@^jUX=b_W}%EA3pf zw_E(}#3ex*0Penhkw;T<|vMO%&Vp#!|X1h@)Pw`#!h3!)&a ztAMMk?ew}MwEcQ>1Bo}FfYz@j=5M}K#14uHg)WqvLltOu2xLlhf=*-=1a;sDVvI~f z6j7gy|qJMQlGz@Lo0oz3l?;Xj7{>rH=ay!{V6@pdmw5F;%H zY@AYFR2mC64C(S{a!iwx7&9E!Y_4+6JX}&PUA+YixMX6L2Dol(X>vVWW}va!R_;tj zTh@a3Z`E+=(0|K;mxGHFy7q8EaJFmUq!oySAq>&Td=1x|!Q=6z!amfjFGb2Y2MmDG z5dKz>70au(mjy0Ak2<u<8aH&vpHTbfuFICG9*JDV( zC4#2Ctvh8pfO6>*t6P7X{U|O_wYE?OfKC0EA&`a{60gv$)FXt0QpDrz9maus|4Kqg$pu#q)%V$b)9;3zbR zLJKgVF_O8@4E^PU0Ry;ZlqGusaT#v7FW+(8FmPXiDHBxRUuCF|6R*$PVfpfp!WRjr zd?J)(L>;d$3}hKP5>=X7N0;FK^H3I1!qtMVDtJt~y0!q-E^=e66`lS%dOZD7aD8cX zRl&vYc@2Dy#+T>eD8ataYt_Kje}pi`gzLPHH_YGyW{^(m!Qyb8fWmEQ;Bs)meySHP zl<>vtfN@O)T%WoisO;g-?mP-O?e^TD`xKj$6SosLnN>lY0SiR|g+N837)Lnt`JZ@! z;~N-*G!Bq5PzQZvc#;M}S*kvfaEd;8VkJuvu@Hps{d9)*-hHDxa9?xlfqrGf&T!(%@<|KDYJd(JWR!R-T<(T?fYR}Kni29O60wGbU z{G;G9Op==B@mv>e1KlI%QQ2R$kc{ss!!0e*Yk=!9_yVGE6q00Lb2Zh6DoG6HN9k@P zL!y+M9L}eLs|hC2&sm8ts{`#x;SyQ=te`BCWLJU2vRENr{5k4R`?Cm*=RGPvF~ zaUd2Zgs&~o%(@|&U{;a{J@#_v&9I*aIIfjwl!O{rZy3^5(Hc!=IOd29kuUUS54t`X za9IMtRjvDv3?p4Uk+yYwZLx&L82N7E=E^^c$t?zyt6`4L6;qT|L2H-M!n;H?Mwdn) zy32Kd3qCFXl;C3I*E+b)$gg?0G|s%hCG%4G%i-WV@+9+U#_20IDCW^ry`TKJ4}6el z!7`7J((KhlV!F)3Rhq{pd_5IhMtrGqdw1x>SXWYBFt1kCa@uu@UH_+;B=|$<;nsw# z3|HL+&wwlWF$>03DMEWB{W9U2kkAdtulD1p3a+eDvHayH)Xmso&H_gZuNTEM!NApa zksXEQ^_7lKD(`rA2rP_|iFK8dy5xU}39Tu-&WNGRA*D}lX3M|sjk7-SohWjFYp zLr{GxPEBF_!S78fG8rOaZ!Q?#gd#GJV!D8FO=vuKd7BR>#&yHt^zR+#r!URnoT;~P zq;g<0@bX|k0h&33xId%U;engDbq5%r8E~+Hd>XDM{BD3HwWHUZ?U<1Wxd{T3?leMo zU_|~TaMdV5?+`EA^LW`F0HgUJVVPf0h~A;gamsGSbm_}|C0te|Xfs@iJI$5996DP= zXL;+CO1P{_&}O*u3eh`s+3h~&I$Va!s`+e&E3XB8tgbT$SIyWAAOZQ^*cO-Ad z4?ZWBWpnoeka;KAU~s{NvZDN>=mZWI?dsm4Ll6()a6w`!?wAWVCPKa&xr|}BPbnLT z$6lkt1$f$g8`Bb}R)ot6(IlpG%c*0SXhPbog5*bdJNGJeLCd5Ngatz6vfY8 zu$ztX1jn4%_oq0-v72DulvueD=`V)P@O6I$hl_<9i*9?1Vb7y67G}0^_$0{3iAw_J zXjG|j^C1gGeY@+Bo7Y}K+Re4Ow8s#Zn!ybcKFV;h1Vu2ftiAo#)u!ZZuM~qPl-GBC zAM1OvG4~GI7Z+A7DMyl`s9~6iqib*HIAmaK+G=IFp)amgVD2eL+iI<4w_pL2@T;m; zB^s(8B_9wm3stYcbTD21@hYev4S%nPz$Lk~Cx>fa#W}43tqv~jPga2NvC@n~8FH-- zV|8$;kZn%_mShKmbV`~eivq3_QB>};fVzC6xd9EQLRhX`5>)v|%_BeHTFHs;w2^Zr z7BecNHMJjSF-@m4ltjV$!)U#f5+`IrYUOv;aOuj{@{c-xw4=v~4BB0-J+a|SRz@o1 zH+yopnhzRW`rSNQ-q_(45KT2BML&Y@JlDhQW&Yi+fOB6tw9I( z$eU23wL#X8Vfoy`pzEDd7^Q_s5X@C&k~A0K;YaG7lF{giE4r9ixxONB`&J zAtYrv-g|#|X1xHnI?!`)Wz16rgOOR~fq$ell)WZCMhv^LHv=h!!GnQsrSG%8@H1w8 z!-aK@NT_K|5!NcW&h`~seQAXYWEK3ZrW36NSFChy9+NnIi0HlwE}fw#G>PpU5|gaC zog8^BfrYZRZKHe?Tr{2%J)L*x$XDRdc)au zBU}?2WW&5e@930xZh*vVzCr{z3Tab_AY5ScA3(zz;qnRNE9wB&>m|BFdtO2oZX*1O z7nJw{Mf|&5Z{nha{Q`7LG1ZN5ftB?~BK#T|0LI@4M}7!5!b>tj!#p4$)Z`F_@SX*tapAb5hIBk~sB}G&X@17*tY|gsPNriLnI` zQxyd&A>0Xsad27B`O=^b<*D z=%>B&{qKcXS5nJs5(LPn$d%ueI%7k~md@TC9-bhQh;rZr;0A$lHRsne93mEA9Kmt0 zJKz^P8u|=wWzgzneqij1MCSqf5yxa=HDiMV5oF16D(qvfNQ9CAobSm*-D-JvS1Bh_ z5kVfr-&j`3QH5||+ARz!F#cKyF(FelcOz-ETBe^WFo8)&C270RrJL>e>R<%jMpBC1(b7uuA*MJn9!jX7!`WZl;%VROd6(`>MRj0!pu7$r5D%4ReuDL>D-Y zIaei)7?zMwEpR{-=z=%_dZeXVJCy0c$ZrY?&eUvZQXnJQf-Q(FkcMyq%y8{u;5=fK zCgz-qg%D$i?SkD$uRFn<>deKO+c=s);yf}T*xx8mkd3F6Gu4BsA|VsAL|CQ~bI=D4 z{54@>{<4henwv3uA`Hc82+}UK5L3oi;Zd^6kQ*?HBFcoGixWP8_Xh2~dj~%Sh$I9m zth;KxFbWvc(t7&^pe_HO3H{q&0BZUF3@$4jZX&}OJgw-kD&9&jSPA4~2yrWbA2q+$ zEwS8=$bkG)?TH-9w4$g=r+HkuMMAplUuXsQ~SRANJ1 z^$-q(B;-dNng|Sp%H+;NYHqv$tQP z@p$AK0J!w=SL@?1;9`*F37|X8@}lXxpOjOp%cl&_qpOJDMouiIjpP+81(7{N51W#> z4Ahk2LrFwy|A2ZRnTqspp^pfssE5XBf>}*oDu=`g2fM`rtPZnT8vAG&9i>nE&0v;3!@E0JIO6yP!zxDC8UxXcamc(`PQ)G8bu;0Xz{II7|Xfj?s}<+C@w z(R(m6-8cL}9wxpL&e*n0EA|ucr_9?&3aLa6Ml6hv3xx2I)X$RLp$d0Uwl`6QFH1%a zPNBR=0pZq1kZ1*0t!+aET!}lisXFe^V3a*j^oDHrzv#CdtJH4YmNYzvI@$ez9oYMB6 znQ*ND7suDyrI~(72m)&&tD?e%^1Vo}QFG1Z|0R> z_A4OeCr}=)S&~GL6r?D)l0bS#Sk_lLR@6A4-j%)uM>Jx5%A?f+C@X7}1)@_jita`U47`3r)lng@JvxUX zF{Q~x8V4iP{o7g;(}a37SZAYt|8Hxe`npccD)MYY2N!%nU9fa~5kYEf$aF2?=Y7j- zh)#hGQM^@x@va>n-n?k7oAoI3P-aM?6I6=d($UE1l|Pzkw`If-fWu7ey>R1xK*l-) ztyxaS^BYNt0kam$1-l&SpFMTgfY^}&;W|4wEMlE#^GL*u$YkM=3^T?MA>Tz4e2wPd zsbWT$@N;1&KVL!jRBSY?W8!jP-a zUsph@Ei7}6fj)^LQ1^}bU1ZMGpJdy-m61`mUj)M8sDZ+n%(ll8H_Ktaf==;dRLXMe z(YfKQ(chG%ry)*`{1H;W)nS>v$&8psh8zk$LR`f%f`GcH{$uxAMww3;jy=xYhY3K# zfA_OXet+(=1jiB=NREwJmrNc16k1!>6k=d>FZN0VqL~KN#hXx z@3Rlbaw38o*fNG$4N=ATY=7f2yt|EX=usd0V#?RBGj-5+IF3oO-r0jBvXM?)I&&Es zV;tsnZJZn9o6mC@-?4~H&<#zsv8;>6yW0{|(g+^^Cv^j+y}N{5PBn$YB)-YO^RY*T zbr1u=7~!0&kcTl93j{zNv>B2LU$!8}t2Q@fkYJXL# zUrDUAtPo8NaB_p*e>^+qi;{Ddt|#sif7|?4&c4|T$Ee;K8%V>---|5*4NEBU^W&3v z*!M}inQfhpS|ws35mt*b-tpfyzlF5b8eei_3RLkf{=TE`V3O89~5gMANxQSBA!fKjek%|?Y}M)?-VAmV5Ebxe{3haGXQ2tP4k z10f1@&SuC#`@&aMZN5TNlJUYmG$5{G!UMZwh9HQgmp1mL&xP-FI(sO_9-Yr|=nI_* zVTx;@q0tkHurbRU93?J_v7dU%>wBIC3E{k4&VP;Ls*`Vt&siGBLfgj4Occ`y$H5Jn zlQ@QPWbPkMr=xhpqU)K#%D55vQ5^9jv>0}-Na&9;SKQ7VCoVtX_}L{`MxjE`j9j*n zkc>(rkGYah>Iij*-HvMP>J2NL+9Pz=>mc;Wah#v^S(e`^+FhuAt5{sn^j--e^6JBP zN16CDfjBI-N5E5(7Knu4-;hq4E=?9@u~} z_FTTTOrJ4zz{uG_Q4HY~V2vS2KCiq9#9^cC^&t>z1_z|+=cln7@%Lhy3LS5#w5Miu~vQ^wCXoIw+uD_T1f zEG~`FH!;0tnXmZAqxDj!qN$N+CF_%L&WFZRM0`g^Iglph3FYsPd^F_z3h;-@FHKg5 z&)F?XkKk+0eH3p7qkbPQ4>QV=(VM}WLAe&k+nDbRwW>FG&neR#s`sVoH0tvGQLM+` z)zy(c+qpXGqfu{6Y4Ej_d-P=}6f|}j@gR_(EC?_5(qv}oF)OV1ak17%JFG@cg@t0x zlQMR!5Cb(foTbnVyFQMYtj0g@XJ1RL&E5D)5^-23=9YQyeg;kO3Q6M_R@=Ic?8As!7E7y`y5R7eGk5XB^fSKy6o$RQ5o2`nGAvotyA4xM2)`U`UHE^OKurRsy6QTP z)6IPd2o96lk3Zm>{I^Ap0GhMrig-9oCTqezNpc5|5eY{D&CBowQxs#F42C{3Fi$1P9rZFfv@jT{ zXQluvJrgTEg%y*N(z9g>&26=Mf`$lYg$1s61;10`kMxv_A}a`!WQOC8WC|{b7B8+K zn!Of%z2|)Ghj=Q;3}F{a*ql*YhC}}%#&Z(-I5yr(!%XjHgofg{m1o)opN(LFFXosr zcdAL20O1T{ba|%oEu%A;em{(Ob2MJzx6KoSx{h zBhIl8k^7$%cLXP|cyT@I5&9QQ{@2CPXCGiRN1+#_K2|JbyA?7jsj$r&CK0b3L=VBirqtT7!nE4HG!~Qscj_XYwiTVp zOl(JCg5!znVYIe?cC@aywT%k6X#ea8`7wdqBF@x7F-~HF7uh;eU47d7HH|U)0pFk> z;eb++HVtYa@?LXd0fp6YdvLYvd5rW#SDGmFTwZRy^|a+1Bw;{8Trxw5(@^!?u^^Sd z@)%KEgn+2fwBs@2aQaTDW;RNVAen?^FG*rDPLoUqrk0LE(Y`#z<~Mre>N*)xAD^V- zfUubu^eLWX&B(=iwdi><_L*Vkz-L-nyFNmV822(Gpgzodc0@PX zJ2dw(7z_rx+uQK}!C+AQ|6nlK{L65Auss-VZVrc=e;I6U4|lfyf(FllfRta<|1x-V zU&X=wL7vN~Bi2xTJ_kTCshe3k2pfA(+;k_>-@b_qgHg3vRM?<&&6wr8%6r(z!^G&j*poa6Y#zoiNqCYgj~~kK&l*1 zQZ_q@>1V0m1L-e1aPgdmXBbMU68cucoQ?oXZzp-Z0lO?AyXh=Uc($IEBWSb#4WZ0~ z`e@kyyMvw5{@;52`epw=$FqW@!cWOkCNwT>A*W-S)&6_${kxvXKPS(A+O&HNoz?lcsRC==sB@o|M=-OpS=b_EG>`bC~09OVMTxSJY zZYG9>u1DwdG$hGQUu|D;F~QjN$N2T`?(X(*_aFZlZvNvRn*-0AxUTDN4cs?7-tOxO zelzT6eXYD3_TCM5_`r^7f=5DAEw0#JK+`NQ;)Ybn_?YEV0OknIjT$bfdW2$7Ra;~0 zxr%FSy|YrNEl`(GB!>toAwYaXz{dy7)^Bf-^P||}ie|z4`+El+3FB9|{eVq@8=x4o zBqkt^XB(Xrv_>54C_rWC1-KH$X~;XliRa6K@=1hG9Ojq?C<@#V=VJIuI|^wrXF4P4 zcGh{X94xq*g;*${AxxoOAPn{8=y{DZ9DpUaSVc6zu`;>$JR18XoCY_1&h|}FP^U8u z=-3V9xtIjfz(5>Da^0TdDPc)`GeX^N2et_W6N_kwL2T$IeAA3EUjmuEpFkNO(0WIg z9-*%OTek%WC`1EQVH==zHTmTOOunGhzUHU~U5;UgU);r2* zOh;nqcCMXR- zO$~DIqIC>t%TM3wSPo)k$Wdrnx*~VI+gm*m_xC+0?A+e+b39_Mhwtwlw(uOOUUWdP zKDxaXyQM6X%KXfDE1Njh`I_tEK5MLk)xy>R}&gvyRnbl@FvUuuGavl5sprH_2K4gXW$H+ zp=efC&m4i>~k-=CkKoOO^S@KW`4 zKy@^87@;)M5`{p2FKJ8$*#8uMLu#d(D#<3)WqBhC0ak@(%*X#p`S)B1%Fu^4U63{_ z?Q3W@trFnO%8_qDF{#cGFgp+y{B!pTgM69B9h&nni~5aehtnp{0hcOq9;f z-f8b}g+4^$kb=XFA7COdyI>ipBpGT_jB7~P zLAg^8T14i#H$tC&=6wLuB{hrM*GFHWGJ+`j5Jm>>bc7agaq7u(!|c0^qd7vKx`oPJ z=+L9l4abIv8dlx2vMBEbWE{KkO>dmCn=#z0BnU%iYv>F+9iTT2$BfF@EsmSQQ6ohqS*GXN@$3Y&Ctdm}LTCVj%EL3a(F_^-yHpyl_7K9A?&})+zk|*?ZUSwry{Y;v8+3xgoND|1WF+BzTcX zU7}=?jTdc9fw&Qujg5`{Ge1{-LHMox_H*x5Fswf`+5e{-w%vCl7DOx-P7*Dk3aHut z9~|u+754vohx@qy-$>XZ*IFmn`t#3@wtysUwZ}2`UhiVP%W0F&$Bz)vAEZmC+9er% zVCC*8eJzUpFd2~ccVf4_R01sYO8;(ck>C8#^pTLbEc z2?z$Dzf^1MPD@7V!>w)g*xoTFoILXQKHxNWoz)#NZxWb$mR!o@S&FUayRw*e1H-Q! z`D@2YUA1pViV$))XlYobC;=Lp6aB7yzy<^6%6;Q2exnN@9~&=`C!~Gx$Akv$d~3}p zhR`cb?i&j>eqiw#A4hVl(*8@&=^b>sZQ`8Ki1z)!Pkbhvzfbzcg4_AYPxL<_ojyxw z!B8qw7elcE!64?`NY!8cCr|(d`6{JKt5lz?YD7q(-S!urU94Q$)0aw4Lhaa9 zl_-`R^fr!Mgn6hO5USE^9rp=nYwTRe$B(uO!B*y^YKRZyj|op8s!>0kScY;|XG?x;NH_}?FNQ*R9uB)xoR(Y-Aj48Lm zt8lsTz7ri7V!2st6U|rY`&E^%x(#R730i3OoNP_FOEviBG!0+<>pZ|IcaGAvfE}iOb zU`*ldFVxBma~Eg{LM$_x;<}@R$BIv8S>xx5u+m3qQjk?YU9lo+obEpKIm( z^6Moc=AOVoo&VqmY-k@kjkrj(m2%Ew-{sX=KGN0YdG;Wlgr_3AkuImX6Y}(0K0OVm zPvIWXOSz$*{re<}0ybu0LIXWB+EIU*hyHHSia9CpZ4;3S^=@l*2v zz6wo7@&O!&GVf>oNY4ZjO-5I6R}Q*PCiT8z%(ILiR2{OjF<%?Q+}ylWhhpj^OCJ;d ze0zIUv1_d?ci{$tHPL7P%>MPcOwr9u8}je)0z+dI~@n}V}2mTwDodiuHjoJ z-ZRRYJ3(n$T>DUGZfWg^HHEDb-QaRyD3oNH?kaxtW0CykC!?R$E2;OHA`W7~-2us* zdRWqw_P1PN&H<)6%AY|lpP2`M4$KXuMk*p?$j6T-GovMRn3Xp(IY=MKb_Id3^uFP= zT5s!Zwqq;Z?1Wf8I*o_c{mKsMbOwKT;fp8Fetvy(`|k2;JNFytPdk%1c=6=f)%END z`TgCm*Dv!?^d`DPJujBAUSHqlBY+^-k(0@bvczX9XdB3Zy{@s=%bVDe*vz_t$V_|`9sV+A$u2IT)Kz_F+MF#pniIxE{2N$gf!K0t$#WZ8<*a@ zXVaS3I`^#lRhKr%wByo_jFwAbM!gGLc=3~pJ7t+NY#v{P36lenAxJ7%)GN2IAV3|1PkaLyGpR^$U0*e%(smA!20D9j^7q2dgJA zcf?8ihSAs^`QgyA)rG|{nt}$zAe5EurRsL=QYtR^;d}Du*~RtkyB{xKUc7sC`pd<~ zazwDQdGhDqFMgjJO-*%>;%O;OD|YtV&Ff#U&n{j(c{cDvPj_u7^DgNm(}Ge++w|4J!ql%YGZ;%fk$~AOHWA2fIgM+#8XBOQwpDuZ!*`eU+ zv+8meUn$0~EA{N?v)h}NTD~x*2m);nuEM%cq zlnc4gR-o`vmP@l@pHObmC6lh&L^KwPvnxkrVM(>47P)x>YcWEld#Clu!nu>J<^?y$ zQg$;b&xD`n2&zGYn4>j)?}g+Aa6GA6S6K4=M~%!z)?c;uU;Dj-{i6L>_W=FBY$Q}{ zV%23d*ezOHY_)W3*!-(xzFKz_lDClkGL64VmD;d@)!G~NlbctSO1uv1s)}a#OvY6e zC0U0JQq5=k)TULRr&f&(tL%r%SXQO>OIp<2kcCyR+9YaO3#%E)tzuzSl*>M|gG&r^ z!z%J$Q;%SE^54O6(fTM(%t)Y=b~qtz620pp)a;kA+N zPyT3il_Nw|h8n{kJJRB2KT&#DZZ)Hy$`82sVR7-j21mtpn}vU?88Q{Fd0Zg*M^?X5 z?s8_EI$77ibCyo}B5g%9GdagR;VutO$nBXj*-(6zE0f`@S4HJC)wtSUv$kan^2OzrJ<&i@2#U zb0yAoxtfKzfz5H?3(dS-z|gqyI&BxA(L!CVC)Y=9;m|L>^(*-Y3XS2RgjtUQ~kk4zp%EF}GjA9#K^BoTG*>5z%k3w(-%5+fD_WEk+i znxZulJ)nvIz!Xa|drm{IwM9ZUR6c#5DPkn^lwrYtY&+z27)%wDS``V{)PWx|r{$dA zyt_$w%)pcNc+5lckFy)%`LSp@LqFMt|El7*oc_P!UHGqgFdFX4|Cm3;L%5qI)Ti$K zBvRH4t>=z-j9Sl~KD}=}capLEH;?^c>-qn+w#Ywd?DL5rm**FvC0Fc!GB;^CzQ^dU ziXQWSwwwpya*yr)J7~U}jQ{J4)AL_0oUylL9yRwr_x6tq@_+C6;28bCY$R-zc`2<^ z;}cRN;QCZBkMJ;k{KmM@tz^C#&$A|y#uSJYta6?MtI!3oDyhp}9ui9ao?f;w9v*?s z3EXQz-V`e~x3Id?CoyBY!%-)a6W*?w`F4v*0U1;~{w|eGIgO^F>) z_7yW5IRJ*SjJhL(#K|hHTr8)4lbu#ek+&-5O~+1Y3)&FHiEj78^`)NI}h;7U-pKts%U$`H!kb7gL?V*opDKY zS5sX%V)!JntQD2{wlHW7*c_9)@-@P{?N;m7Mlgh)nRj9frEjJ@nofEHIc#;;c{7(D zQ#nHCz5#SqDN8tjzuk%8#{ck+KhguApW-H{Isp(!8q zxPT!l)3COWCKa0(lZ`=rERrKWD1Z!A+g#ndR3E+5jy(UOuN(gL(HC~7XrmK1U-S1m8Cw=RN8MycNb?*Zr-Ph=*`?0v-C1g3D% zY`|qDcuP&os%PXol+s10ewV}(cBeaT-VsLrL*#^(oID^a2J5CvBN(ZCkj?k0^3ZM_ zZK*_jXj8jUstXk9VPMmB3^pbQ)lrn-qTJHaSQgiODS$tzY+)Qug2b2OI}^b)CPB!? z47rzsga~^X2C$Rt6@l*pT3l@(Kajg0_K$uj)@l?7cyeJu+I zk#G_-wSw#MB=mx=#@L;ns_x*ARIZR2+=0zjp%gg{vW#^Rs#T?QYbAy3XqiF}Muna+ zcZP%+OL9#zwSeh&ZvOKw-OEC)M&2oi8hRSaBn<09&Y)VzamZ~U$A(CrdKiyEj9B@e zUR};_t_oSEK_kuK^vusr-`S9PoLUm2o>j6>Z!>rtr62;$k1y1n7UmHuyLfh;goaWu zvo1T|X)=q;BcBOHlLE|L$^ueXP2lE~oZv%pq3?&7WG6zQkgNgZq;gBfor7rpVCG1W zTN0L3j@34A3v*yK1=gQ7gr{vwCkhkG{tpvLcC)c|%u$D>Z`9{s>` zY3#v1le%&%`rIL{)(vBsN-onjuR$r7CAJM;j;W0(?0`qmEUCsxe*rluIGK?5=c2A zIlmhCG^`wIVKWNiPQV^mkeXtQ_*gS$3)5WYEUap}xr}s`=cYOx5H~NHhro z<7f49@QNo_F%y8qf?TgAL2#oSH3B?!E47+y!|xsWen;J9gqoIhD;ZlHwq_Me1L!(# zE8DAb&9m$CyQd?^5wsrO?iF zaQ%rNBpp9&Z9z(&FI@h>;wc$0noQy)7Mv|zBIb3VG;)d220y;sAAu4*_SNlGlZ~mJ z{1+T_5|Jn_;FJs}G^Sy~m~dJ$ZIfya)~jxmwoE-wNKZEWOHd>Z2=zQ)ov6soA))aQ z&Lu?NT(P2OY}q@36VmCZ3_HVr`B8_3F89DDsnZGgup@UpJA@^!BU>{F)JBTyQ)3zr z^GYrvtGmR4ZlADt+!ecS;CIq0Ib*NI-X}3Vjfa};Yxwj<1aUS5Wiu$5+^6n6 zfZSa^j%ebmPay}&RF1$i6Is)Rl|`mZGvL(w8x3ga%AYm6+7=FhO6^WW!pEs4?#EWE z;!brd?o%*Mg#n~Sj#kzFCumTw|8{zoU9^!?5B#bp2!+m9!;X@eD}1+cGXpwiISAwr zq(j8LA4TckkdXYVL;911hy=ze2Xlg)FIKhR=KQG5?!_)# z3QBe-g2ls$@3CEV_BA!vgE~4%7$D9l83$F9N+u}CFQEldC5IH23Hc~n60B*c;JQPD z_eVVBv5BSUrmd}1rRIa}8TW|sa6y#pFhimtMC@wk8uEji zLzs?!*4o-?MMXCo6>DU<xHwUx#RdFpZZUat7+H@K8JQIXXPtKgfAONgoaJapZt_ z#XY94w!kogJ}HDh48a{hgRd+nla88AtQ+J$4|iLI8|NP($J4>U59Q$1#sJIaoAxf( zHon?biNH)9f=xHo`K1N8EgZ6}Eo*?2cWCHYx6^l9x!dgWBX5z@Y|tA{fae($xs+r* zIl-J3=Uv%&P)<1w#y*Fh5>O#tX?Y8_8~_1NT3b?J$wx8!!Mf_HRWF`|9U6g@4;8Ui zL9f3n3wZ8}cmle&zfHU$OLQs8=>zoxIKy^%puYahT_^e5G&K{Ek~}rE9r#SP%5xJ(rhAcua?~X1SJspn>l-Xxazasoe4>&HGcLNkZL` z-9cJg$}$I>Do^@MC9mzcsIo05osRXB*-x6mpNf~QEK;R#u?04-M+XFU$IMfsOQ$NA zpS0~xWU(@vDK+Dm+o*8NtOgY9%FHgWG%~Z^rVMY@J90d36+}5XQKj&GWe1iTMx`;O z6jeg?tJiIp4j-YWqW@V{5_T~Qm zBsY%-Du|R1Gts53>)uYUpUKzpr%~0<5`3VRO2#s-PcqMZVf2BBh33U8@y`t7h|z)! zrTSdh{5MSKu~BegEpP%7k8(`xbz%reD2~KUfncKBGog>=OEGd^dRQ`5b+GoUCGsqi zH>?kdFWb;fp6@{%GU$SPm_J>lxQP)(hJ!!VP^WaY$6Od)A|WCL_l+0jr*U(SmX|W* z*g+I`+ZS=HU)PnJzKS6}>1&{(=yv z(*JP1LoI<$6Yoa`Hwe5i*JsnaKJ<8d{C<1&@<^#3kZ1o=seD? zz)ZB-Iwv*$=3;Nql7uMFuBt9T44A8QhDcXZ$NsvFE8hQ1l)q9yuk2G!5aIv_qI*>4E110CjJuMEobO# zL~pUT&h9-Slgqrh4%(NRa^=9RYx7u@YHmjv#c>=5sC4>CLzRpsSF|t97T&qhTph*m z;FD0z_n`8l=Lm@kBXM*MRIE{fghlI| zwK>B8om|VmV3M6sNt3wFZoZF1qX)4IJzIO>x}6sOi)E-8Q?s=^Ha)AS#7B#2v0Qdl z5mM)Z*XXJTK~uL2k48Cg;$nbmaT5*sp>pJsap2V}B5X)2;bA&39qNY+06s^f(KbgK zOPWtb_ub1y-t9TYh;!w>=2UgvOrg%tW>6NRd%*)Es;#!?H!t2L5^%1d6t$VOjYD~p zLrlP2I-a%#W)n3NI2Tz5@x(SJsLzBC+l)ZAZXDZK9-t#I8&D#`Rw7jAoi$8mj zzvr6tTBY53j79Zm`D!B$|0z#pu|JB26ZfnZqiO3T>-@wcHyd{IqMSYp+O7J)J6-i;8D^_LD$JwoJiG1Qkwq+e2 zZs}tZc*$ehxiJL4%(c5m6^f;-Cb^ZHx5g?n))2$Yp+T#=o^@DAe~wja#4g>k6*Sm% zZ=q|g>C@lH;c#B;nQ89aUC8U;KqHz;s^ae^=^dwg+lgXX8PyGa3+;nMRJqJ?4>?*k z_qGU`KL2ps9c^ZcSf+D7L?e!aa)mU{QaQvxKGe?|d}O zXJ7j&h$~CLd7}j?V$;Y)8A!Lh*F{1|$+$8mY!J-RI$R)i|A^ysfT#ID$5II1#(C1T z;D@j(*{6$Xjscn)_54o{*9Chlkl;^-?)PJsl-$$1i96VC^k2SOkadvGcgguMhI$=) zNGamq2GS?STBF(WGCdX&lfZ;@Mcq%aDh_cPvWklW{eZG;@-u-8tTcpex^Lqz!REXl z1ksA01PYjXMk(J@w0>!|>*JS*3_|>P-q(wb&z>BZB1AGWwTTVUFm{XO)loK9cW=x` z9$i?ji3!*ebrE4VKfrgqPBPfJd~q>?{I*mijl(x}S~l1mez1AfbUeL2+XDUhr4^n@ zbM*t*CiB9!^FFdvDqtF#0m&ZXK`5yNc8`9+jms#oFDlq-ZVHl}I zOkBjDpiO;z;KvIwA&Igam^+}R^JRqCo$=$Mucdrey79skd8mXo9!p!WM;0q5e^@D3 znzj;FaO|-%r^NFnj7zRpo?;`*)Wk@Dm$+GZnl0xzmSCz3MWpuyTn^eJ z>2q&?{3_6K*}*MiMwk<#9aOgr3e}SUrupW2EkGyjeDVKA2Zwio5GjaoWe(4Y9<$_{UepGK7&u=lTkFK@hO_JHgOOOs6iqskYD2fP0w6u ztcG--f6_a7KB|qGbNjPi1B=@@nrCE{i}+n6#Zew)D&e_{qSjXbnyCxW-(5&2<&0{# z*)#;-Za?hxRhG-c!N6{Eu(;80^PqAlLpokGGLI(MY1D3WOkM3+JVTh1z=z2*V-DQp z%b)|y^#ZPurX_WTFW^b^02PxYx7`nuB&O5E`~0yjZz(w{E5%%#KiE(D(sL(FF-IH> z#1C-?d!ai_E^IIVDB59Jn!!E0+u?b9Wv|OX`$}%Gxxd~5Tr8D3gg?@7TyMYRpZsm} z5$j%Sw^jx%F3M3jyA^7kWP?Q*3qvA1ZAZvm&OXCI<6-d>1k68CJ7ONChT8Wo%D z2_$Pl@s@LE-7B$Ds$Qt>B_aH+UnXm_lH;%rSzEu9`9f=#PAk!zwqdIs5yQ?2OKuwkBYD32e8oH{5#t1cs; zy=vrc<1JD+b;%P~V)Y{@7xvY9MEsXpMDZyAs#3`)hW=Lwu&OW$0PXy9fHlQn-7Jb8 zE~A~77j7N$^<(i^kg||U)5GVP=Jf~lMV~rYw`_6Ln!v0>1~o#eEb%cmta%Ck7OLID zO)9Smlm z>=Axa-%~Os-v6<8vS{Kg5~VoNC*NfFbjV6foGU=c9Q#sT<69iIcjPx8BE{(O|*A@owm)#r->Acqe!mHiptb<;eiMmj9^TTOi? zzdUrhYi&M*9=oC+3UFZJXHIV+A&Xjw(hiTnXC*?AaGNPPw=WX~MX&;N{2k5ijypUS zlAjh10k_4ITR?L&q;u>Z;cdDm z2QeEiQ5~5#W_M$1m441{r1w!TN&{(90wKR!$JB_JCu~7)k9EIw>`MUeaFSHBDc{7B zPUVLE{E=v5N0D*EQ8JBod&x^RsEnVnT;tp z21j_766F&84O=^TmYe$Yy}-zeEE}i*C)F*$$^ZQhl#G;S04-%+Y%^Ior-P%NaW7iW zTwOdJA;3uj2xhY(2E9f#;)HDHpzAWV3E=SZ2h@ngAXs~p%-{o+ct_xE&Bli=!LhWP zhpr!k^E~7Nq&bV}?Rn1NZ>rZnkbHSj{`z&N&vk4;H+ldMndw8Bdqjjb%zZA@<|!Pc z*=IS=&**|?+dw0{XFHUnXGHU8ZUhKQ9YU^3IDx`+6u-BAHMKTE!h3kh0M16@RHEQG zmWyau%a_J`U>BfW@&}R-GgnLQ!@)|tevKM}UVBS&B+Msp6q+Lhr!T5gdA!`0-H*uD z^DgfJ*n@~zufW0)1Lr8C_8AES=7pO#gqe*rx`P1tm{Wm{6{@G3s?*d^ug)3{UI!iL zP4h5>0J_%?E`gUwT#}L|oS}IYH2c=S$C!$bLBVa>0d!j|i<+IhxNkh+30~vOeie7=6a8OF>77 z67fZckY=&wH5_4dpuW9(u;G!6HrTai$5$xawME>pRp4V^DDqk#U82~nl6|LktavzC zW`f*j(lfYKxTxN~iS;An!Hz6-2Eusct+V&|cby7?H%7gN9Y!4;U2-{H;+7F<=}_gS z$dLDfp6@<0p<=DCD%E~cdBC3au-+$2%0I!c!dKp1G!G>|LD7#e{oS|d)xIygk8Y*& ziY~jW2?UKq$F!^}e(+SVpY4)es7q@nBsocPXJ}HrCWuWJ^4?&IAx-MSz?C*GPV%-p z51r$VWmgu7FoV{(#|l)qij|NJ$`})G90@}`#2CIXe0@T(zN&4E1|iO05uBc!6rqpNwg61=J`Y2W5AQ?8cPw zrjsWW=@KN_9UjI%BxyOY;c1MH;iKKG1eFyW4l88?}X{npSSqbQwZV zTaxjhz(oPaM+bbtI(j~JZH8X7Qr9eOPgW{p8s<=U+~(|ELxcHbke|?nCFXh)ybWF+ zp!>d{G|Xm9u?0t45PM%QAR*q1{zTBaLY_N8QC)YR5=dx-Jy@EJOc;spZ9#{5mH{VQcBj6@y2v|mP_1Vo;?l=gS z<0<^b2$zKd4G5$7=wCkaeqRuY_F&SnLDOiDNsuUy=!dud_f|H>!`@kC=eO~DCBoxw z?SnSNavKaY(zf_^TYXKNRgb23lu;7L_Q+C4Bg(EFU%^Yayy(7fpJwb&$W`bP90AGQ z(yfHgYtW`t&Vb|%ORS!aGF&}K6mxpHGq)e3{4&A!IzNJl(Jy_ckJtD(9IQU1!c2Rk zZBNG==ILTAgD?p9Fbsjr6rJC*pJ0B*ETGKi%FPP8Rt_G#dOsG}rxJ#QL-FG_hBwUh z!6)C78KPTaRGJnyH-7f>iPs$WF5=~2$Njz~s};xalUMi@rbc_Y>(L^tpHoTZ;R~2d znNV`})}DD9U=igrkH9}uKGj>LAmtxb+HM4_r~;% zqb^0}WYZ``Q*nn|;Eu0PU`GOam5VpYsjYI_(;UWYQd*ofY*yo7$?Z=*ic`+v>ankSg8#FU-PpW|C169|aisLXELW$mew6yYy<@3%*3g?9_fwg6f4L!7K)s09H?Ms- z9R;pkZ+N|JJdfiFsz|t}j)I!PXYd#nLRB&(Dr)=tp}TzZ#H6=vZ~Ix`eZ5$To@S-= z1nR#l%LMkrNeLD;L5KB_T)exQ zW;(4v_+UzAdnlq_`U(Es8*apMSnDI~GuZU75)sN$F7v)kC`U~=KK#x*LGtoM^Aui* zxVm$)(7K~KBAzj2cum0@xpInY!~S(Er~wxIDtMvZ=U zh0~z_&f8CY7Ht|&gD020#i@{XG81kBi!9ncTVQ;X(7chRpc)K1r{Gk_Qf~KOvM}4N zo9#(VvPe8;LXcp?VPu4<}5fau9k!Y*B-3DrGVG*|=B@119rOI3hIOOdQ&)$>b3|RDUDU&kD zR`>_MM`}?Y^~`jew;z*iZC$$QlUww@yuCU*$dJLj;{SLR*D1SAEMh}TceoW&cKyr8$(&Pi2;vC>W`YBjWu>`4(m z3dFTaHF3JFQK3^*-`)=Y=+4Rs(az9rhuYjRulW+Ivxf$d<++Rdi#zfs4$sOlvrPnGdmm$8B@HMe z?p_C!&5lw&v?xuI_}D?*`uQQ&BYu1jBKVg5fkVcu_XH7Hx1r_=K~*starl-wdo<6eOrdCs}gC_aJJ#k&M~79AzyR^>ZD319nMo`erW1<@6a6^^DpUp&;Uk_I2xF)!cBLvRM<2{JG zCWNKYUgBEO2N+?@PnqnidJMLtV|uN>KI!{Bjc6h1$<*`0anO%^^b5hdP2`S%o3ta5 zYNSjq8~IXSm8^R*ex(3K3qM~JO2dkNe;z-zHciIqbIJ99E~Ac6NDK7&ZcZoBtqG(E zPiCueck-Jdl03cBL4*VBW0ry4%u}|kafi$@i0?Efpvua(m5^f1^N6LG94 z@ATadf{XG-j5Y9_#JcGV2 z)NaZ$@Gmp!c)QOY);BkKxs?m)HhWLjdtR=X|ZKlpq}*f*187jX1K7cb>$ z$hG)dA_o_pmzchY5i8SWC}`wl%Aj`YSd0_>n%c%OosDw$6^nx0y*xc zFj=wB0#Vy(hIo4^lW3-)(}M()P{gs<`7K34uP=HYk+fko{;2*NB$ibKoOWcXXYt`Z z73Xt@>CC2v9*DQZ5%4HMoL@x?q;r=(p$BBaS+@}TmA-6$!LhS3`Q)aZIJZO_%a}GH zQEkgJiGE`0+l@7u$o0J)Jt598pACy*9?zP#`MY=Hi9A+_Uun~g+w}QoVeBvBLh<>M z!jh;3X06m0JnU!?GJ^2kU2FY*SyzD{np6>5&YM-FclWTNyEZ<1G(7STbl%L0x7+6 zPv(57kaOld+u0YRTi+=Vj#rWi_F8x1I#=O|=qBrTSsWqKseZq-;HZs0+(6_<;eDsR zgP@%!(MqIrol5RowcKQFmK@{LU|OA=H2k=-VChnW$2wWbIb2K(5F&jC?S-11^yKi-I4t824*x+b6>wA*mzPyw1bJs=t ztpzrf5o1X-{6$yKLkBf$G?}M$b6i_`MH0yEOQ~#MO1w-u{9LY$Azg~VWxCQx_HETpFd*b9Y%`@Z zgE~z$-1t!g)${<^rOF4W=@h&Irg3w(TeUfjY|D8qj(~$>qPPR#+G7W>CN&6-X{}7U zTQxN-bixbrL-?raxTGwcV^4H-m6&4M-FI~KLryfBpA)X%hD6md$2xa%ZjMBt+)umm zOZ0$Un^tjSBM)`anNPK7#k2DJKzCggYMHPpf3dIiBecv_m?^@k+K0zSN1DYh_J*F( z&^VPY?d6L)+7{h8V{tfcTxR7Ye7W_VJ0`4sYkI?(h_E8XF^VlVYFD15eKz;HFM~@CjaDt(j^GfA%L{yG z^Ja;E9={@s6gcW_ttFP!+$jz;7cToMSu?5XZ*F$JnO1O}QAmILoYQC$ZIQ`Q1H@vOH4BnDlG$6bDeY1zc-QsObGY{(Lg?cbQY z&xb7_B7d(c{>YFJ$G6i>C`Glv_(O~AgJNn$_ZNXE#1ot!MVWbMQG3`MC3__a zV_)ZR!GdgSO7E6j=?v3*1gFi`4lC*J>|wO;MDH~(PHKcRrkr{sGcqnE z*-2-g$G+NP>BdNs|6mhVMw)6*WeQtfRk7@>!q&kg;~sTw=7MknA%RR6RS@_tW7`m4 zWH(JGciT}bPIb#~p-ebJLO4%kn{Cd&Fc8)ed1u_9IUqCqk=nB}rnxkX7zN)aGbdj1Zy|T!ZRe>a|W%t6{}TE zZ~PQT&|6-|+Y-6;QWdULdyadP-kCIj! z=h0n3@l1P{v!|n@qwkJ)0*Kr_1n$eGofaQv#~iurUI!eFp89w#&kvo=xzFx59T4;f zHLoG@5VvqW&gnwE>0%K(J`KY}sW)2=&C#T^?q_0~gdb3(*^g_vlD68`^`xlL((;p#-jm4i5Gbe`<|EF>^^$)OY-^}kY)w-okiSZ`xDo}S1 zVAIkZx`|6;UnA-BmM9$3`YdtQ2^~d`SljfG7HnU^^kJNs|16x*I0ic+S;=GlgT;|v zb`axZ;t@9pn&|x{oQUVyEcjfmK1|HF;b2`%jJGbVaK%NoO$R^a9-JFQiGr|{ThlA! zz7;d~?e3E{QS5p4-b=|DeZqy^YrdS!cWAe%QmS@bkGjK53US|XIo|vEVR1SIyl?&9 z9%#SwWNW-%wUXF#@l5R(S&$2Uf!}e=0%`*>I_AiYmRn3j10z?&MCR0cof( z@!#!>k(Q{l-w@f$kOd1{Zlu8%?1UHd1wzLDBmH4gd= zO4k>uS{o^rlR+iv`~wP+D}Kr&Od9P_0av!e{G8V^NwPehnfcvGpEL5@;@l6y1Mi#d z;vShRGC$do-_A7S`dVc|r6$d>dQCSN!gr?xUcI!Yz4I+jLK~BNI4k{l;7*MvI5D?K zxyx|!%CqjBh>eXdX8VG~0j1JfSVG}3%MCHF3CDFyOf96HH4Vx&GkW4mLyJZreQEEo zXd!8%xAd&u#b>L*tSoGoJCR{!OdhTDVcPq39Xwzm+^IDle7}Pzt?{&9H|xl!7o!kW zEtr<*0z-__XlhzrgQ1O=R*GCb>Sk3wOQT1M36t>QsAKL$1{L!1x9X6NQG z5(Wz4Si~-=ofALaw(t3w>z5VF)p2M$XW;nxi1dNXd@IxsTmswWL_PM|2aml4a!#wp z)4rG!U8yuY;WKO9zR;vku(gQ8TXzzp=kU)KEybzvGxkHDDM_prt*plP;wLCxgX;+R zm|Pq!Ka8h%@n*cCc~u+WV69F(MH(7W(R=1?*$P?kz<#=qE^`GW&M*H5qXITK%_AV- zFG2-GLb=#!<}p=|6c6Xl+b)zp*iM&$fm!4`k<2L#?)uf<9_58xCLvakjBLsTX!sp~~g&Z=LW6@{y+qCO# zJ-clkA8r^C_FZfwjkeqv34U^JsWyGy`Ax}wS-tEOE_meTg*IaqFy`Qn_|+zv(~MP7 zHHaT;co}x4%Bf&j&fBo4&6wLO?uW0`nzT+zREo)9ePluFt=zW<$Y&~&v8r)m%d*%( zED*>gT(D97_MUoEQiFPZMK0qkTHGo$GYT39duPkjWM#3!5dr*$e={sCHz_Ofc?R?;2 z%a>U9_FDM1tMe*fw-Qt0X!exeu48}hOpNL4>WNdXl2-IUV zT|xO|hA)#a?4ziP$RH|7?iXw;YYZnsmeL-M_YCB(Y_qDBBXP`&wAHloi;>^f?oo4; z;--wcE(fALEnlFk3EZNM8Mf)!V^7hce4jq+P{Fp!Fu9T(4d6rrC?4*k4^`hTw(Ebr zU#34zL%T+Ir-Gf)P%aG>E~dv0-g=5}40q9!h}mKG>>Iw^6?FletMg`eby)_d2&X4J z_)C);{%M;_uH5n#8`oLASxoY?ZnH-u)Cd?0jIQU7B)8atU_OZC9cC^ZS3cXVLA z?Oi7%D{4VP{NhO%3Y%=sHGaOcncR`_=#9G4dI=icbyU5Xsx)UzzS|g3kUjXxiV#nk zJZKw8GM**qT6AM9#G4jOvQ$ z-UsziC>H~_k2dZnCy0vafLXkn8CYB`etY(lD`skt9{l)@64%hzh}`M3U2{$^WUGmI zdm+BNYl-LZD^$J+cr)~&w*$gt&mj5klAXj-?Y~LTbwKN(ku-{7>xM(8Fp4u&O+$Vg@+Tz%HTfm=OR>I-h48c_#1obG%u(no zoH1?!`(g+=V$q}65pv)5jTMh+zw-{hP1*r# zO}XphN6Bgsmb>ZgIJq~Tb7e{Q%YzhlE%(dw%g2YXw`D$kf{?}lu+PAg0pnDdi8t}7 zBBc(*B{NAQT{ragG*~CZMU9*uM5mkvr%2|Oq3Uq`H*0uA`5`igj!~+WePxc-EgX}~ zB8W)Lpc1QW4YybFlD4ALy?Apfl?#Q2Invk1C^LLsnaljAsR~mINRs1ga{=5AQkG&x z)K;-O2!zyv>15-MYNwe*!5bU`c#tApCS0h)8Mv_91(D220#9o!2H#y}>y>^19L{5~ zrzznB?l&AU_()@R%y5s-PS^Ve-y;#2ZVpMKjUiU(yn9X8Y-{sTXh|8l_dd2`^A{7A4#(e!jJ_{r-h z&Kt&O8FZ(K$a4tx`lXgdY%CsS{4C5S{^ZYP+N85}V)fJC(R}x{{%pn(M+X%ylhyZ5 znXX_N8xEe5S&tv;3EE_4;$B+{=SF{Kw!1dDD|Zmm4lN;t2je!Pvo3{Fu9nOhep$RH z&LJF{v$OphB|`ZCriXX~|KawJZLQg{ikUY|6RDAgWTEhNN zJDX++&}07xyH1UZhLl?43@-}cJtp;xiEuZ=O}E6rhCS!jwrxh>pxam2zxWaMY!3hb z_z^yeW!Sx+-Rm%XA!B_!Hg~1y)aXo&Ju6PR(U)e1J6(J1-Q<~XQw*XLdrX^534%h_ zuIoo9lo6>@TlcaW5z9njdbG2?w?W@c{XguX7pM44E2 zd2)4en;Wdvc-^4TEtSpD8-Tuv-;l|4-P_*YzHq}5Y?CAx-}K`^{^UZ#sXn;$`TBIM zyYt2Dp^Oy0?rlTCkesDf^SxoWRyFd* zkKLEt+e9XU*ii~LG#0vbMM}l$>|O$y1@F823f*>xWv6G|cS9rl1##R(>LXCB;gN|< z>RD;8kT!92n0E_ggpJZU8|{U0;*@zTB9kf0a7dq{sqNXTE8`4*wPIte$n&04tP6#iA2I)zWrC&PG>-=9IgrkS1xB1y4;S#+ZOzoGtB8 zDOuGkRg;aqsDg;WNF#QR(Okhn2uHQqB0A56zQ~lUHppK^fk7zEL(g7a1Zug5Q6vlH z;bfQth%Umef!flZvY9%i=q$J>Yu=JLu2nu)qy+|-GP_D;IK1ljX)*VNHR1+ zHFV8*Si|sAVlAooiz8xQHF3e0T5}W<6+g|pbo;6#Uk3eqCF&;j3P>MOaf!WOUcbE2 zjggqNR`C~8itPl-h0S)PdOjtJmq?)jboI=5!|p1|vPz+a5H`z~@iD-Ka`tio#$(Hk z)@I1349K;@^@GD!4oqYgBWQ)g?9(PYJonF>2~HF}n@sEawe?ylw}UEY2rT+TA_sDB zu!ies`5h!#b3L|_(4{55w>PIYRY`r{+R_VFR~BW>S$CWTQ7&La%YYF`TCHPozJt#A zzZ6p@HYz5}Hftp)Rg0sn z0(bm-Aa<;pUThgm9NH1nJ<{kN3=|2_8e$uAP@YGrYr`B$)7CgLi74HZ-Zv{=Y$9;* zOr{?nt&6haX^fcfRM&|2K9`8&4PL=1S|x?_)ClPYw8xx0TZ$1O!8oxN+Nw%9Pj=xz z3deJ;APjdChkkGt;uXN5H`}3XJke9Rj~fTnnos~XbkR;7FwuFg>k}7PV{4*0O}IZP z{c-^#Tw%X{JombITb4Nv*eVyW;saV?WiVo>7eB_v*}Y)ZMi4}9i-NxA`o*Hks1bA| z?)gt7pr9y?}De^bm<{wY#^po$mG^Q;M8ZzJs;RYM?T zTLVkN2w50em22dq%FZM8*a;Ixbflrk=_*F&V6~eZ_40cE$*=r@c=H5d+>t3K&O?K> zTGAFTH^?_{8kN~MS(84;C4Uh3Y}B3W>$i80L6gsFxf0Ke7dr>rTizH_k<5QxTCLX8 zZ;@vmhg$tc_H}JA6gpD!a2?}G>bn5c+}GF-4{1%=?H@cfdYC(Oo_Y`(yg6Z8F>V1V zXv0kxd|*-MhHy$!7IX8~df@c{b(>HfUCcQBjOG0>CEgA(=p5GF56v`7BB2sYZHwjF z5=n>0JiGXgCv41q@$ z1+-#M)5zkgGnkig5Q-lr8`-P1h`QD;S}e{z`TT?BJZu5nmT*-;9i9`t^xy|ju-}v@ z6`ubp-C=o#LNm^;px39i{zD{HUD!gR`LjBaeK`6DQtEWl3c*V8BI(Ll(edj5Cvskb zyXs;TNM|2nv=0Xh-U#%Kg^WbdYuw{qPUIKhAGdG0nV&%bSt#QdyLjhpp0jjf*3D0Z zxNn3_@TaauvkcD-E12@aMeMr};Um&5k_$cJ_cC4PBDeJ}oH|=m@4NeVOEqv~$>-(; zpsQh?KTxw@wT$cA2;r?MRDLd)s#|==ZI6fTS7MYX-<8P}i?wi6KQyzD9eEtmT-?-O zYoU?Y7^FU)3FdUip?;*m{5&X0s)F1~cN1Mk3?(bNMeas$2OdKDn zU$MTl(?D8M9Ix2J1EXa-ViYWspZYECh9$fBMFP*b(#a{&dxP2=cE`j&up!QRrqQ4u zPL0M%b_K9kzszoU8%c=3uG6D$WH0|!Lf}LM>C+F1cP9( zt)*Bze(bOa`XuxZ;;|47^4Z*5{d})@r?SSP3F;-$snSJ;iQyJ=M$0F4@47!eRK;<` zxU8moCEOt~IDuT!6a53F0pG~Qy`bTffMUI%sU0G_mcQZ#YcKPZNS zrHhby7P3M0D9fmPco#X|G{_+|keRd8O_O+@M3F>Ea!A;Up#nD{t3kM(X#^IIJ z1PMS@FMM!L${rNly*+9<_Ff*sHmSGGM^=YW4>-TC$l7Msc_j9+P-#*o^<@@n~_(zToe2YmAi;+-arBDE5O`@ zPMX&{h^bOW=vRpov09_sXrr!o6*X?ClJ#^<-CkxEq{uug7_3qSAI9|F$|4VMPc?bt z8I(W)X$4I<96(Tr+xXO;>ZakmH50N<0+<7?M3*r3w_eclE1;P*rRBl%d*5{s^>fdm zo6?omV}e7M5BIhtuK@z^aW6;=%5%0H354CdY_yX8cBwVAYz6vj5VX}7@V4^|xdTEU z|NWl7hBZgtw?05_fdRt#ayUBrC~z$L=&z@O(o-CNj%$v2_3N4epMmum@G7|tA0WcM zzs}4Qx&X=}eg1s{kpSWE^ZDz){yyvLQidXLXePog?{m*kh#EWqaXr3yF#=-8i1;^| z?rL#ii@%}EC#sY{EcjULt|x#Bu>M00*cMp7Np`1JVy&$MEfi~??gg1Z@4Q`(pZu&& zet+V!sk$9R4;fys5~_Bxe2u06R3`osf$;>POn-UEe{W}CuLE|<*1~a06GYz$ z65thtj+_3MXZ<-2xauf4)5H2n9Hs}Gp`E8|2#hxD*KNA#?C*YaaM0%5ckGQ;cbGJ6 zKksdEadh;#TK=2p*S0LIIzarR)_wV3w)Nnf0IVo}MT^XLKyk%|z~Ts`da~Sjr}J|S z@DG0bAF=dz69e3x+7Q6~q z<3Akv-{N&y^nD$m2M@G71-y=5{NL=T4F-LA)LuUPO~#G0&L$~8GpIM-SOWr>8=(JzvNHt zx%?H9954R7bPPK%8vnNe|E9}-pZuR#b2p7=x({sX-c7vJBP*%Jhc-V1ntMTega_%6 zk)KG%(FLmgJdW!JvgL%Tb+j_VB9V}Q7}j3?A0i)W?Pq!i#GV`v!2HSM=RWq^-@Ntr zu-NVcq+m|5(n>_=bP8j;`L7`O2Y6Khw+8+z0NX#{9)kXkU4Kex^c&>;cY1(M`e%=T zCT6UBL3*Eomezp#>;Kdr^w58Dqt%qKeQ%=`7V_iHF*`CwO8}mM69fXJZuY7s^zr)nB9q6w?zw+e_ zUl#=Un|QzHttDxwt*mcpG%#>~y`K5U&g5U&1%k2(YmdWj&))cT?dd+!el%b<|9I*K z$b&fm!SQkCeQV%90MGw6VXnfM9>=)IZt(9)VfH$OVw|P@VX)t8fS>u292h$PSH46H z*a2++aOhI`EUYvYGDw4je54cX?J_yd#(K*mY?6XYzzLXg;PtXY zx+w%!VY+zy6}*<;|Ik}Kpt03@9d?cO0~q*kqv9V;`$vA*e_DA7*q3_kg|4nRu_1W= ztcaFAoZcV98pxoZzS}|!ZRAU7d5z%NdD@Bz*J64PGn5C+{EdHhnf9Y6UWawrml=hu6^tyUr@^e}novhZJ!ea#pX{Y!@UD50OWVk)96q60X} zkcv(Lg?5m@0l~rlU*OV#V3n>J7Q&yE?#W4Az_!4D)>gk~Q&{=hK8kVnOGmH-|IgXf ztPNJ^V&A*eqrU^&{>@upar=4ymvSy)s{ojrK+RZw`KIj~sG4EhpJi@?2jBlIFbfq! zmwimuHt|k=9)-N?z5_LX5}E*PVdaKb<^8oIrx)?l8~E?Q7|cGWdfgy_qgC*KkE?%r z5M=%d$^j5>+BSUv(B2#)E($IDdg4FhNc9=u`}Bqz{BxP(ci%JgUyGc7sBJYj0Q_Go z7Zn(CfBMC;{SQUM|FX2TfR(mBQ%ozC2dy+Wuoa2eKQ0zv!HRmOSNvzN3h;7rzx|h$ z{sD+B&h%Jd4sx#sbGRh|;r|R(9Q9wCDFR>;kp5NLqW1h!@m(6M{L-!cwXOF%4E%$P z|8PmqETI?xDW9aEc=fmPLYuGdkLw(PQWv|BZCHNYUu)f8IupTIaY|$simfNRDRGdO z@g3=pPz%9th)LSo6zx;&j5#Az5~v(He8!&RZ72BtekCAvT~32D>lBnsQ}3CQlr9fh zPetg%{cb`a*1`ikuK?fZ;RCvsz%&m(!|C!h`p>29;ASf>&uQ*PTWQ#mZiwBYj{$1Z z%|%yc7CyDyqvGP?*_HjLnqK#v3VgLnwGf{1D+2oK_Z~DNCkNbo{y{R`T^OYCYJTpz zgMRYN5#0&3PD>2vZ&j-cqgjk6JV)uzu%d?$lV<&HA07xMrP@6&933O%G+FES2(>@? zHoqs09n`btS0xm8U{{_gFcEfp!(+ob`=ML5Eucl}lS?Y&kqair99|_;crH(V)lx(i z57uOoO=rxh=2Ctz_#m-f2V+XIrk6Ig4C`!L&*$UyH1o1-?T}dZvPx!zZ*HDEk*<9< zaM5OM{1GBK_G;t*1kDRF^mc$-TvrpZ?&*+}?G_^%cTboY7d%p44uIdCuuf+_i9LIZU&L!$_!Yp3-aldE$G*l(JUqkYg6 z2-0URm6N65|Joz~@m=xvHhBt4W? zstI`JYwefTQ7FZ^EW9pl?w}mZQ*7miuC?d+>J&PgYtyq%ee6#H9uApEQhNu;T_ke+ z3zdzDksXx|<$7RVpq{6cX6$_uQ?h?->3epF;HFjO(xXoT`-~jzclHlo>>W9Zh->$_ z!gP~k2ioYsqD)!@3C=?SR^?$4Vs%vLF%`}!<`ZEXXIhVMtZs@LIDtKb)}PXG4u;{4s&>z6Mt&Td~{-{i_)pH?A%t2a~@F9l2S{ zY3VMQD)yg$l4lOMFmiqhc%QU&xptqox1Cd=YMMD_*!$KT7A-UWJ+N{Utm$b`&GV4-R_AIQ};g=J3BhJ^pKsp!?aTjRoEOG)Z@9H$P1hUy$(CNSd!qe~u%aCZg_) zG;4j{%A(8OZ;-C%a~eQr>l0n8Z^j6211@ z^zHQ8cfP`-B#CTa@}_03YA%AWQ7kVYe42C<*i<+rXF7$MX?e6uo!6cUe?jy8gg^SB z=tO>0>{B@>-v9f*&i~3d|EpKnck-=w`4>tZH4~aDQnY%;ypH~F)y3mUsJr%zofD0R zqJ(d&+M$_dax*#9VB3*X*$EyqDWxujX@inf+g#zyD&W+5a8v_lov^`}=7Bvzf4- z{oi{1|9^?w!fJAWtTGD|ZFr~aTm}ii^`MwN`0O!95P0)c9j85gTa|FJEz9X@H~8uj z^g`)>0^|XC^R(etl*QQu^5Bc?N1q6mFsH5=EMX=pVYSBlq?m*+@gvUIs}!xDWYh|a zsG0kN()(Gqdxc%Xr-3(oiEX_xphFJS@aaJg-SvVTW+b;P$U*;UBxLzOv&VndkBp;B znvAZ%lhn`C5IztVqIYw`Csd78*c$>En4e-ojC|4{G& zT(vc*d1og1ddBu)QD>}Q^g31a$Z969MLe^vUm@SvCu{lTYNxCV2}?Lvf2m=G`M<{N zdlu^Me;pnd?Y|EXyU2gsNcbY=|K7Uh9H!+|Dkak@Z{EF=WqbF|9G1jv$ljljr;lU*-81L;_S5uv6i^qoWb#*i>+DI- z{GMdRJ|QO2g|akhj)nLmc$dU96x0RdhIjJ+5A0pS6B^7d&&+q1D5l!F?U2y_f9#!G zZ`-yPz~A*L4qW3O8?gMh)2^2k9#AChnhk4>I71(j!eJ!3B_>lENjWvreD{He7hQZy zg3arL_>i;;DW1d2Au00w7}X@zqp@MkPCV$T2{tj#E@EfnT6_FY3FW}TdZk4B~_1H>WYkh**u+ULozK+kWaHTp6V6v zlw~_&`I8k>-NL6lpI`gkp^B`IeEP%Ag6=>5KN|o382D-J2r= zAeb;7QD1;@N~M7lm@%WYjf05ZURi!a>6Ji0uUujnvy4LLYVC%>6>`r!aa6ZRmuHE+ zo+SD~aYEP>5jHvW`1Sl&ou=>ECb1rbu9qeHE%EF!-B9ILYMGAE#e>aMl!3l|L-NL5 zzA8UKYu|&5O~{X3xvfpq?X9AiJuvkK{f_M|Plk}~3#Eij#%M;79*`vEUl3hSK;)bw zVLr{4<_-tlC|HyyM1Vcxrk`K@gZ4mIPjSaUSp(h3E27#6)eg=iAPBYA1UwhtYh7(e z>-&@;8S3cseh{3xyAaSWAZ0~&Rc5ZDFxXt*$_ukmU z986T29RxvJ*YsE~ zW;w^4;1{YwohGzVf?NE0f|m}n|3M*8lrSWDFdh55 zHUtYQ)H{*R!(U~}TlOQ7$^~B$sZ-9XKSAT@{@9oKwP9g&hTU#}WQ0$IDNrm)3XAH- zIcw%=jCNf?LWxwcFz`LhrYM;ey>GsD3bhNSfIbPPX!u@_OzqAAiji_N zQq6N|F1+y)+z#$~hRY3$+u>awj&;|?>C6|xwBRrtfTU5%W7+Tb4UVg3Bau;D-LCp>Y)o1ks(dd16FN6>op z;??t35U?3^+LSMjN~8~GjH)T>v5eg`d`M{haWX!7_TuF$I6odAy&Sw8wCu=YZzCCL zi=h8@JGe7lxOjOt2;69cHs3I=!_eJiQhrg>w;vWB-v6!3-UIU3wf}!OsPjJ#pFMBB z|LrC0od5YLn{jXoy~~rGvf+(m(DBDlFZ>l`o!<$M2|Cn`pp7R^dw>T5^b~E(GMX^1 zvuZ1m)9z=uFq5v&?XmOH>IV2r8=-S5Rfy9*^AjUEOXMPjJXIT_ntz`!GYa0(uv<>A z!xM-SN_cUt5$<8kSVAk&&geW{(C}2zIfQ34%7vs5zDq?!t67!`7f#LI%6IsftMEgf zB>t6mLCKF)&sKxd(+~8F%WD1k>>)g%QZa7!!%%tyVN0{6by^JSoz5n2MMsx< zmV8N7bh(Opt5i0GIxn4KUF4MqxTb^fM5^t%tWT)rKg&5z>4VkfTX<~TWkE~hW{}O0 Z-GnAIp$Y#%_&Wdq|NkeaEYbjQH~@egQ(FK4 literal 0 HcmV?d00001 diff --git a/released/assets/rancher-monitoring/rancher-monitoring-9.4.200.tgz b/released/assets/rancher-monitoring/rancher-monitoring-9.4.200.tgz new file mode 100644 index 0000000000000000000000000000000000000000..7cc909dbace4c85512a2f2c2bf95bd37bb9ed2c6 GIT binary patch literal 220129 zcmV(yKgQj4{|Cu5nGBLi zKTV3=l^_U%Njy$=gR@yL31QA<5{{EHPx}SD41)6{FVbwX8+4-QQTr)9%adtVAo5)9 z2B&2?Ep}Ti{5+o|Wm1Iw(>Mo2Dxg6;Orl|y4M#~lO^c|Xja$@1Kbs8FlKRCDk8s#G zJZh9o;@&73IG|1Q3_v0#mb+%P}GVE&_ z>jv=NJNCI_I7DuF2=5jDwEt_b9FVxZ!T8hd_MGu<2>1Q(dS#p&!g;@Y?~HLn`0kSi zIYZolI(9zgHCP|)CJ=v$i?DN>o3L}=S7GO-cVXwAFT;+Dg>(4-2KjIQ?|W~*e)Y|_ zUq|D4UtRBKvHaKB+5ws0m;W}~+s_{4zfbYA7VMwKlVLK-hAVrc5lA;BqD#=Hr$ulA z%zXgNeK4CAWuC<2;J~o^!MD>Sj{$1}Lc!o7g${a25Dx~)ASg5VE-eUoqm`Alwc!0h z+&=?46MWC;9&B#@2xp}O`yFmR3)?TC(OR&FU$2DxFMMN%+hghC$Hzu+Vu1;T5|o(a zB(wm|q&1EUXxl1iIEpZUD7%EI_AYtBXbf0@!(^PDCqdVNJrg)ueUQf{vuW7R z2dty%2JvJtr>$*c0BV|>nK(}}odhTGIXur!f}dbsFj=4u^!5JX%V3b^Ngv4*PM;d1!vD; z0kiQmo1pp%P!g7O5*+^HRnQ;J5F?6a(3%)?1jS{96&z(hZw?Ria1}grSVw}X!lpUT zyk&EEkz0Vuom>HKBRe5m*{SYrr@FbF+kuEZxbVHA!|0uc$o_gXP5MzfoMd_O7H;Wc z8uycM|oI_7Xi6Em6x|1q=aDvlhG|-91lgpqFN4A8nj-czbpSiFlbQ#3CLlo1=UxM@m2sM)0V3H&QqPM3pP)5Ll>a<(#tm{L| zx)m_zJRaH6i{NoF>!0G4fKb^F2r2|N#=D(OX?cL4!pvb$E~u3#-to&Zj>TJhOw2{$!&iGR-@F2T&=U5pDk5<&`*9u(;^MTI#dz5iNu2jj z&FSjW(Q!^yml5AC9UmXKXuAElEJsObJL@8%x`+ZN`8*{8#A^!}SH`#zaR2NR_PvRx zg&wUW7{$G0WWYT(J@bvJJPU)Yw{Q}C&CP?C29Q7|N;HYrsi?wM0BuQOQDFfKUQj)r z@hF2cW6wJyINDgE0QoLm2?L%x7sB>lk^rd#My*dBI=qGUG_-Xm`(+A})?`Ri?!oW4 z+|bBOGY*bsy`O;4+BMN*jn~O+iWC~xGU!$)Zx>E?*P*=pw^^RU8Lc#K3x953b+OOx z9$d8LSZ-jV{Bb|e3Z`swOTy$&u3EWxILwnFEFS&&RhHutbrG>;7dB+hE(-8@GN0lm zXG&551IzT>5*6<|bE;u$|6wcDj%Byn7ZJE+%Cnxw^Q5Y60%Ln}AG#O2eIKbTgMGV|Mc32QkoulR@2aqyE z5#W)LLCKLHayU_!4K)BS5}@(~KuRWt57uuGX<0J`2O{|p!((DO0h2~?|4cwNS`O&a zeu|nRbQ3@(OL5KRXPfmM(>y)L&*3fvY{^r=-19WXJ2B4&vp$Xk(}wfSLLH%k97RUt zh{@$kp8g?sbJ?YdZJ=0$qm5F$iuvB1mDw2N4>)O~OFZ---I00=ml$aZh&`7sq z(iJaSG_YLRvc|+~PiHx4+6<8~Fr`En#_<_RRM4nMg_IHv6(AoK!FR9W(>$9EQ3Bza z5vH8dHW#zrG=@n%PNHF?$o{C{hU-RZ_SZuu3uBF7i-1oDj3zYbKHq%42_#hHoi08^ zxu{FR4o?!bnO%||lX$=rvnby!m^kN$4b{OBaX$j@cq$mr$QMDgCFP;q|YUT@sJh`pS&CTx3@x~#0H$WYWD^|C2_h@5b z{M}*BMbcY@H5IkgZ4k%lYH8egvH1dV2Q~h0@cL!Z^gD;@GeyVyn}yvbPD=t zL+%NQ(kzlzQ6DZK8qXN$ur(S!RA<%QCxS@$13)Q!{_^_QE6K2kmg&E|#!*7DeT||`KR_m8v0%iH! zv4dZK4INc!r4=zxPSdD3?*k7Ako01_Lx2TP)MGUc-7JV^q`4c*)Hl4j3!ntv7>x^r zoN!}}EiTMoG!G|CS+l2EpN<6t`^d+92MAYcSF3(d4!Z`1o z=Z;1do1bLJa3c+1Ggqf+Om0BmCO1?3TgApM+0sKmDrg!G zCPjBwd2GfheIHNLkX8EFLe{{%r7!x%C=#kpW=?1LY?PGv+QA@sYB32g2r0_Tv|xG8 zUuL_2g=3@$9#@1wz$;NU57y0WJptpYNtgxqyl?e`gzPyBn-s<tHs8GXe*fj1ULk(?wdA zG3kn-8yR#ix%zA2A^yjyQS5!pVfKGh1bmy0zAKXA@5yM)J5N9w!N-`MKsrKR1H?#p z4wpL!l38{}hnW=MhobpL(-3LCNhrft&e3!*1J>u1CA$e*c@g?-g6B6L4y}Y`^yoPN z40Ovnx43uJyk#Jfqwr*o#!K4>ams)gX>*+BInoWGl+YeHpm?M`)6S^@y9P!tIgQU# zHf3AR!fF8U*?g@L32n&lC8656PjSs1zRQ}%fx3(VEZj%nfKHPBWuLi8?wZ;ZqKtY+ zpiPpK)GAHlDIk2z3>zDtU^sQg5O&LlZh-b7lAuSZT@}rP@Ny{e1w&|+@dY$s4igRu zI!q{Xcf}HAfrCaMK@L#?rxpz7Gg*c%sgY5Q?+y@D+Kg-kd67A#3hq5a=pA0CZkzqU?y<%tgm(_eW*(=^=lfx`4S9gO| zRKTrn1pFKbMvf1G-P~OLwQFqE=2j<#-n5uP!@cQrFCS<57h=J7H8oAb50gb#wL)`- z-vEVRh8E4r(`*I|iS)0ykqo>AF{;M-H?xr(nDmtd6po3i6WFypflV!vNy&N>qnx2r zBDTPuqf`Qfpi}r5k8ih}j*#iHM>f_gQ%uW*G-QJa{(bMwH{#zix}3YOjB#F{(!5zQ&=A(#ct| z8+;UwoV}U}KY}ANW6+BrnB^lUoXvV=HbvRhg4?v;?;OWVwCpV3w{dk;i9ue}C!{U) zDuots@Z(W7RFyk4LISR=UK5{-UYB2t6AU!_fgVBCpvZ00$Ay)pzE9wXQSadWM$=nyZb0&k;h;!ov17` z$oexB_n1Tz&qQMvE(-u_LyoPCFDN(ijvHFw#gw-b9F0z+-;w^T|(^p%_9qta;x^)v}RyaO;R!uZkYg|j+vNHA8mBqTd zwR$OI`}iYV{7rC1l$?Smjq@A0etGvbF=Nsshjz3{xblGwRw8Ac`b;{{)pzy1=TLCV zQ{?r<4x8`mUV=9nq~6Oqtz|VVxv_6)T`=8?G80H|Co)H$1DO6GtZ|O=sUwv5CuUOvrGG%50Rd?vKwssshl1 zRK>*da!O9^@9!_H^+ySRD=NXL8`kyIJYg%pV69qME8aQ|q*s%fU=+_L8b)&$$7^Nf z-_c7L4U=w+X>+v5OAI#7y-3vtDr4f=|hbrZ-DR=zgKFjekM$_{7H!VR@k|*c3TuQ@nM5nm%cJ8Xz|RD_ z*w4m*t-<&EM`)xgR#1=CqW?4aD^c&~yhZ=l2dBdp{!jlb&L=I~Q4i(^cM9eyC{~_C z#l;l<-;2-S|K%8d|9_$B_i>)0b?f!ZS1{mI6x0zge{qZ3!6Rtr(Cd|Ne|Y=q@Mz@} zx^J!Y)7DBw{Sv}=!=FF1&ZXh}->K|}Ka0=*c6<9-CI1J=|6A>c^ZzM+)~cFXy?nruugo z4$}P3V^{`R-}4$L7mTvy8E;#80(=P)z+>tQ#=BEH!ZKEbrFbvP>@3Z2HSJLo_XRA_ zkuWP&47l;$3)@5N@gM>27*H(kp$m!Stv700%i<}(bNn_dlik2kP+Y{sYmbv0ZVyzk zH>W`nmT!an+w+7Ql8}(Ij}m?kSJH@Lb|qIr>K=k_WhxZjKp|*!8a7nfzz+9KEGkC+ z>m6ri8y!<}oP#_emxLn4xL1%79Q>_MUXwL6SX^k4j#W&Cp3Ea zSA6^w4iNI1y#$?SPnbm}*N`~RW|P5>kJqqqc!GO?SjnDVAu`hI>jc!-Nf{g_(=2!m z3@q`(a7GFca+oE?9987u&}5>xNvc)9S7xPekf79d!%<|+jUOW}zc=qJ2IHfsIAyXx zH#q+97#qR)A~_D=CIy3g=4IoAP_kLvTcb7JjIEVF1)c=){_xc|ul9~!9lzas^XkXO z#j740rOMJ}r`lymhTL29?5vPS1_4RDztSRbM)JiC0#>be#Jf z)uf(IK$eshfg2{FQz@3>T|7(g=PEDmPz7>@7Un97*=XC-;nT@{?GBEu0d&I!`ZR6R z+`S)(2gm6G@5it|DMnR_a{(;wnm!BlnIe#fKQ;^3l_+GJ zE`deHb##f-X*@tHr^q>U%-;jFBcMWX=BBfJSUq%nlIVWQDS=lJsMexcFBlg^)=$a7 z!T4IcD$NmnP@bA)^_R|oedWrTmRBttX;Ref*UL&q{(I~_hg0*sZixdjZkW*XjG|Dj z`|qx|{OV#Ti-{@}i{T(_HafN}{)+gtl@AKB5EU@i|0ZMc(L!|m~EROEJ7pI~=Z6tL=68|7@6=q`hcLmh(4^WX!64sYE3&eZcT<_;A1n_ zuD#xlD9IN4{}-=BbKBKaeKQJhnAe=c1uF4yBT}f7%PwaKx^x}*iKk$%a{Bu$xzscb zxNq3f4%VCj3;=Qj79KmLAx~!PoGi&NIF9x_2^x6!K;vsIU8Hz7YF~8)XTnu11D(4? z&v=WT;}*T-*fPW`)3+KM3keXSSQd$jV>dJSLlF&nf$rRBlMMNkwM=2DY;6&JjV;#BmZ>mbGsBgQiaF=7)=I?;Lz z20J$byCjGNEN+sodBH^ZZ(oqm1~kVRWt&IYnKO!GB$lWy*wH#4x*_IOUS2b-7pVek z2lMY&VnFgFbb_JW>}0P`Ot1~!{1k44q!{C|Bne2rKg*SRvND3nrwewUJdNEb8lN9X zC+G1f9qbYviV88R?Sgnk&p9v^{YRs3Z~@fn_RAYoFw>)AcN|aObF|2h{Le3|@pKwl z!BPEgS9e$Ii?{mgMnJv2`hbxp1^Gn3|FJsap)HT|c#@9Rf8CY*9k@n-wT}HqmyXwp zvILA^kq4KY%ng`Wki$!iR@pG|M9?0ys&>t-D50C0du9Oh$j9j<5j}$D~8_hlZi3?*(8Rg^YkTK)m|H`+8lm> z5}~w6ZE;Mz!CK$;7eaq5rG#vy3$2w7lPP2*b5L}g0)}@pXI7LTNY*c5v=ZlTDR%2R z3}9I=H0t@foDbP1DW?rwM)^#a)9F%TXOz@DDuVZ}Fa-jV`zNzQ&ZQ-@5kgV-)TwUD zJI_Cc)h7r|p)=H&Zs6PNy*;v$w23t&uwmIg1_yBtCkNG(A3-`d{@U~xO8_6CRfs=< z{2TgzQG-g>gOBP&gM1va8-3eDWvoK`vb*j=rgJXX5~ zvPx=!kAaEYuh26akPTn1&hy}3?ee4-XW04}>@)3ES&G86y!?3el+$zbC+;7@Jz#TL zu>w`oseP0rUW>po>HFSgntF&+nSBiQOlH6Npi<61eT{Kl-di7lx&wpetH;rPIK_9l zn_>EW{foQG2ks;iQ-%DMz&gC`EFaMdQBDSmU#2ry%aG#WP=j|`&@xrOT)nt3@S zu$b1v3*?q?_l9_G=ZM2BkUhlXlBYwA!H<=MR@Oq=}W#SFWj7UCw_?b z#0IQeO>#pF`7Hy-mskW!R}f8SqtQV&O8b|D29%Etp8=BML*fEp@{fTb(AX!U|MR8} z7q`td03*LXd7G6794&n%Ft*SL0&{5oawYxS0Hcmkde-5KC7>!}A{6i9;a$OTj^*#3 zX*NmJhBHa`j(C({#3Bv>MT08;j5%ow5H-}Ss5(ZjLfDw^x>2<)wzU8}ExuJO+3 zN^*SPy$rGPLi0w*%tV6d+k8N(z0r*Om&WDo?)bb#h4vhlC$?$-U6VpB^MA9$rtw;= z6nUtg#inX{Hw41?kzQl$1GhrZ4aemG`sK%Ti~n4INOX5ycCbZ7?e1l#-SQa?z})Lj zUorN*?DWDhuc$G1KO0af3Ni<%``w7;V7Q+RS#IpRJ%S4dWevfbss)zsx&lRIX7VfA zBve`$vu%TrP^gNVyAZL+Ngqa~1eF9i{L8>5$ z{WnaH>DuPhsZIj%ON>-w5IVGIjsqWZqBzV&(xW6`2FJ9d32sVdc_r031~J$*1q^l+ zeIC?a#zWp^ZwD*zD<}Yb#5zel>?~Ng$1oosOYx_z#J~6Wfva&ZK`zHF5k1jV%HXuE+ zWIBa;7hXzxOHfRT1$nLhzc3O46}wsr%j2;Lje4 z#OGN$P~j2|a1{JqvzAG&BE)A-FethD0(3u2;q$+5zN~kVtzLg{sbv{)fVJYrEa;(bobxFzXI0u}#i=rZ^paTp~WfjR(A5?UQ9EwDK4Hje5oHPt6PL-&s zlYo79Wu+Y{kHCnB`EMM91^%f%BCzkU7vagZvVSae_cb|TFeyt*GUPWk#CWGxqc6&_ z@8yCyq<#lLyZ$`C7m!_7sox#U?5OoS0lVrZ_B#RFa~v};li9Kp1wX`TsV?DKc}A`P z%@{8?53%i(j4=*Qk_%L>Wx%DbY(>HQ*Xnt=Cd8A~T1^SnSO|ZwSYnHwT#lsSq0~xrM=H zB$;aQhNFuD&2mFxca1k^mpmBAH9~kbPjKnF9OwzmmiTt7iXO)!if!95jlx8zfeYPC`twiS~W_CFk+R z8Vzhpqhdo&-3MjY&0HuqI!A$Ic+NfmyU;&HS%D`_%mK$%koN-jS|-!NW1RR5r32uC zh+*OU4u+ARxp6r{ zAu{?VxhXkD3L(QZw!!|MI4ME%Xyqy45}YO;{N=RaruFWPt0zL7@0a8PZxy=9R|}mK zk-|5E;&Rf5wUClRh_t->>vXgvcoit$`%@0?h5w^R+Gs!pLme?%E0`r*fm*WDqpYlA zG7G=&QOQ(F)sE6l+wTY9T`z>R)f;6!HKLMQX<&BKb<`sQ9Kt$;qJMSj0!HJ(x@KUS z(835h+m&EM`D&KaBEGgtG%v452$)<81_souxC)3@A}STpv122cvWllj5{gf|>&RWd z&xLW&x|tO8jIJP9_o_ubEXvMwooKQ(-2mH|<4b*T*hQaB7EMfox!%+P-X<>&**QwR zSuSx4G}G3Gn-9h>$I&Hm1W+DJF-}LwAOV@fRQQ_N>m<&V+BR%x6nsS~@0%2?GumEH zc67I$-LrhOk%DJSZgRKsIpXhb@LmlCYKvGtRJ-Y!d)8jM!?lnn42LsZrIzrmCMJ>2 zmm9XZ;rU$2F4c?9i&h_Z!?3IyR!K>&?{1tNu}!KjE#skctr`Jh0ExxR;L7 z5`%!X3=eR*HZT-%EItQzj+8y>I+$FjDkz=63Cn_Y8O-ddr_n@_h(6zpML zJMSu*rnC~C%Q&_N%*89@A}vm>udHJ?1GXOvKh0P!E7Sg2QWjps5QgNu#|^p_VI|8$ z(b|5|k@S3Xdvsly$*{5WY-f92)jYr(ha=>F0=>I&&ilOc)Mm|;Aa+CQ-?_IB$Ie3Ht}7pJMDxxBkcw;9czRZel)oeuuPQPKxzYz#PX*H z!1f1F2xmfL+2R|Tu#_%rkpjY;Ra3DWhr!~q=o4738G!U56^@adip)mJ1)}U~%c65= z*?yr*$Qz8YaJ26hYlVIF?rus6SHZdW{@b8Ll^b&sI@2iLvRJIfbPr6``MTgvrU zk^%LnAU^u_eEa)zQF=) znPr$5&XgpVDm79k6^rtiUUR>7E4FTHQC62$ zhMB{<$jDKtHF1_s2D{D{@D8lNNHMPRuF26qJ@1E2Ah-`VS1>k_%A}A7#vAmCz(2#_ zFo_30&+s^Ek zVgRY62pl=!5O@hC*UxUy{yK#R)5?|}CjC*Ij@hezH+V@=04wIR{ZU*LvepJPc+Dq+ z_vI^00LXP$$V_%El-kG9J-p<?QU_>B_)?^QZf&aSbh&+ICkh`=A$IqxGf?Aq8pN z+7!#8JkFbo0__G9U{kRCN@6No@D_9Y%&t`Ssch-Zwn|@I=OAI&@2psARtu0&gWZvy zG8;-}((D53nw+LnCE*9(a~17V_L@`onAng&y=!YUJ|LX7IS5j*G3q^NNGwzIg1z`C z<)()1$OR>I+^fLp&~fpXL@%zuoO)!ufS1pWi;<mp`LrsOPS7p9dJ&QX=x3g@09BJS=vemEtrNNUpK zKV9C%9&sBcP}Ac%T6Vd*flXmueJ7RfyWVZwoM$JT1Wq48GC&4+>}<jA;r9%n*_p*;-C02;)3rxJR-Fx?)&AVcKmX8N|L@zk?+#yo`Q5wMZ@<2iEU;JP ze{Od=o7Mc!+dB{WUq8tY<#mwgHY}Qn`dm!8OsWHRBH@DT)Fd&PAw=KSCdzXrHainL zh-vu9B*QiqbO<3=WiBm=Uwt_nPaVySo0%mc1wJcUsO_r>iEjsoL7A2#7WY`oiy5SY zZZ$V4r)c=Gi{Fx0{Mb#`RItVg&2wl|a1xEy6SEhZq1I^i$y8)jy{3|dnL8?1(2bKs zdJ-im0W@61DT3J*gBnf3Nf;|;d~HVS=4ep74DpV)kyy+r3x;XTJ_oFp9`N;u_qMUE z`lbxxOB_EScB$v3itJQQGV>InIs9^OpI32C8@$>MUs5&~ZUWm!F7VS>>KuqeNG|+!jl=`kpfL*)(S7&ppv-wc}>r?zR>_0~h-(dmZh4+7_^Q=>^ z|FGS8sQ>Uue%4G>w*-qL4R5?pP5B2@k5i5GkTuw-G{oWw*x)6qVc@PlkMk6j&w3dl z(O0E7T`-2opcuJCW}|8XDhXq&X8*u;z!fwWRK0de80c)J{uEh%aVy%TY#S?{E=R-& zHo!=b2}_ZEedPFKn(RWD|H8?eGAA~2#Vd$>s{|^ngUa%9H^4+D@Fyi+P)&_;a;9Es zi;a&T#_^=x2|=t2>q`^HYAUJMDI}z*uY|4w>z)eqKUP^+Z-QbsBX}2-p z+=R(GwdodYa8q@ut8y*i9yetw@OD`>k|JXs(5it@x!oa=*i=NG6FH5IMk(hXv#Z_) z$%o}(V9dVB`tj&AD@ub>fmd8gRc4g=8G27DN$q4%iq>;#TL*4Ms$HqJolw*jw0fJp z`jGU2t6!Dgo$A=H$cJ~e{)xtPFZgD~&9<=ILbe+g(nNjFU%$?O+4UpM$Wm)ZnvLq( zsq$gYx@|35x6d_YjF!K8#+|KaO%ujo`T6r@n#3eSfT)si{6SCKmnp#2g6^Cc)>cuB zoF=G!c7_d~L{m~klWr@yti2B5q0^)v@B5wfWApYpIE$Tseq055jOi&p5vguUHS#G* z^>y}#=kxh@$jylI38?Y!bcz1e2(DOe_FlgEWM_9yrkdq&^4Wc|T36l-@SS*~?Dfg< zV?R#@9Q06l4bw>h+m$CrXX*6&Bu`H+Z^)6DqwzV9MJ0{Tay!*@JZ{U&J#5gT4fi#KoX_Fb`obH$_1?@Xlr zEiU0_Bb1*@rtbV6Xyny`?3Ei1687#DnAnIM|D44mq>#-O#cL|)13y=NI+36;$G^$b znUj{fi*6!aaU8*3-hTV;6>33!t#B$y`kicHT)nUw(bSxK94W7>L5A5iB)X?rT$$4T z-huRV-vH^{^!b%l$87TIDu8~@GmPL+3x1G}DJqby>c$(2cII8250g^dlI zsBki;(P|Y6u2X>VF}(uAdrF&D3uE$m9T6vt|09louPPhF9dq##nh#}?;iM7%$9*bQ zEoDwnMZN~p9G}9}cZ0asZ+Euf$@r2Qz?1mwY&>A2iCfV#Xvb{pU<=TbC^uvK#iOyu#N6t$jwbt^uYJJ@t*H-ToHu~&1>@t%dE_M zc{IwZgN~B2^2Absuj@d2?=cK!Px68q)ge$F>Jni)gBDYPirqe3G{Nm7f)i%97 zQWw>xcXX&KuPj?pdG6%7bO}4>cC3(k=TFzKx#8irhWc6=A{}c7@HgkW>|wG6pcv}p z!{ve9$nT#CorU{Jfd8Vd&CZ4&uy^VLab}}VP60vHkR-;AHB(8UJk<=rU zOxz(Hew&lBl2d6nc>g2N7`TYp$8mf~0rnwUe(^b+bBZe1ertVxl#)kzJWgXbCR7 zuS(!x87{mc-_k!GVN_;_%bY0NQm4T8R@y~ItWawK;?{Lrq^milVca#C7SmTX1r0ph zt01p|?MMm_Vh$h&!)=2@S3vbyJIY`H5@J7@Vss=KnBkv6NJ<{KD?)j;2FEnc$60>I z-NFOpn(w;T%c5V7OsD!wAfrY4K}25F6?T`9DH#CT;MpYFv>QBn^5}ZK2qHMWKqoMR zGb(66?`)5{xVFn)QZChFjzM(e#CEB4mufF?#2qG$*09M!>KHLCqi_atU_=)J%AAEx z32h$JqE62DdH0Q+Ll zSLgV$xV%(NE7Op+Luq@<{jfzO+~vw-JzsK3Aa4+vgRf1Mi)fnGqA+aaNftSAaIl3iMsJvaR~2Ny-endRsI_*sWz4AjLA_p%luLl6+$F`346szpRwsk-TRlHx781g)Ex; ztAxfs-QIffTz3P2e`$dKl7QzesVO!BbfVtVGz7pn@U!^CcazvYT~+qXLok04*yD+^ zdeygN(UJ7JX{~vGGQ&ju(NA-K7fG+ovXRp#uuvtHMFe&=#OR$YH>e7Iy^^FPM-aq;&>pl9h`syN1fuY^nEUGVvOF2gwX?twn<;fHf z#d*1P>b~qJDM@*c3IsHS1H&2n@X$OmFiNw+z^U|f;b(AW@$Ipc!*V7WVlv9XF*13h zbB8g}O$f^515EPKFTdDeyH)Be5+zE6Emngl`1RLE?uS6gj>#eKuMC;wi3{Obh#4LJ zrj3omqcbORGx6v*gWh@)mC$-6a5fKC-Eh0Slr)!Pyggw{WfPqJowvEoJ3Dt<8~3!` zIW@1$j$+WKvIGQ$qr9V-ME#T24QI`J`UAcjWJB||u}=>t9E7kfycJ$%d3hraG#+6o zN&qc$O3jEF4;~ddD4J5JH_mo%(qk^@(`29UuQ;8=2KR>%osXOhCq2@#febym43eUc z5gtL21zK^JYqMd36WS~go;hbDcZM)GkTS0*tIef$EQX&oich6_tmSkRY9Z_^Y1l%V z_-|YLxCh5vr}y8sUR|?0j{>xA@$s?f38@p9ACpeKP8#kATM;}J=}mH}Quo)rD(+_< zbSo&J6f7-%y-duGh1)LZ9GKuo{Q2dV5M@BDFWg7~!(V@O+B($IZFa25e3)Q*odX@F zP8vs?(}_FillNaAe*4`49PgJ@-M9GhiFx;}BPhfpkVqtN1#mM&+axb47Z^ldCU93U z@?lC(f?*jv9)WNXQNjdPPZ}2f?pFH7^=w$;$|IOe^y&kpDIH;bQWx}Z(#aX3 zF=4ryYoFlm&ilj}#Cs<5q>hSUDNNy$@9UvFZ zzM-XqYy=U|h=%X0t(x~kx-T%^5ffp#{T#_d-Tivo?lp$cj9KmoqTGQ2+_^TiT+qFv z(us=Mc#Ij%yjk!wL8dEOFFDQ_Gp7yxRe!_J8pdg8z2rCpr}UvamQxb3VZ1qCEjgyB zpOK;T##DVc977oMuhl{Q&pz%J(=?Aq$Iu`-p2maSzg-0fiSU8~&F>DAaR#LGF<;k5 zBNWqD&B0iOyFxG%eia;AU2mAKp{P~*xo2x3EheI$m~bxlh!@FK-!H$4aui_U1Xp5Snl2YQ5+GQ@YZaNGSzC_~_&tzgTAPHpy>!fGZZ#Eyet4XXL~*Hb*sjRjH*N$1YO2Xn8U>dXe6% z(F2_xQIDj<%_e)r+iY@}Wu<42qZi*530pNc=Mt|*9H(Q*H5LrHviTs!@f3F@!SsLL z!ou89Nvv9J?!8ieo8BBG`JuE`5+I~dkCG5D+iy3J(161L+0NDawEz^;9e=D!?H^^)~qgj!CF$XV(ewR%ba|^ zY)DLaec}V? zSn>Km6X>B0wREa%IW8gW-DdOG7B&U9_IH&_g3aXL(wYgawM0}uVLJ85fj)nIV2J`| zN&Ye(VU9lC&+22&40%Yofh;kxHeXyQZzCvM=)U5}64#+kRjhrQqlEb$latv9S+u5G zv4X-kxY?FNU-w8afyy_<Fi#?$PGOGKyvjm$$-$RsH@ss~!-hQj{_=gw(29q6q^ zPL3QF#nZtZpDY03kL>VIiPf>5gBVFYw_{ESTxen66c>>-7#RM*P}l_GQBYZsW0^V z<752p`1nT^QvP`BDduw~R~s1 z*%d!->^%hPeWxjwazk8$%+WIQnyy!X_1(CnxZqUR~A@@ zT?uO7*aK67^oKtESr2Q(Q&oA*!Wji`G=csVe!ng8Qz|b#5KTJ6EEjuct4N1oocB-D z5=NWl2?8EE`Ok3@I=;gAM*db0UzAr}6(BkHps_X{YK6#}m`nxdeeyrhe!Yw3HA&sT z6jVHgEGf83(#4GnF^tmQsE)`lF1dp9sBCeU!6!jvtn#c(T4l6dfD_7GZ_(~5I zMQL6B*q@{O{H~|jFh9fZU{MM?^b#|*1vvc4_DwGh^A#yGEsQWpdO5cmuQs{i zY5@xg4I1%iysvDC=ly|EWNaHj@Spnhe<$2D!2!cd;v9I_%&u;F2{>9-cj0 zYfTtl4|3@18~k>cE&zK*)1MRFN?>nc6Hwg8haz741W3!Vykj~e0me)sNLR}W2U8l! z=}AY_TD@vAO)!?wD05s8B4H|sk;U}Yma|U*qXvo>zI1)cL12hLl5jT54N?#f-tKIk zKH8AN%|+>04uH3qVdi!Wok*wy*I?u{;# z=)e`60>^`ee>~=>fd%zOTNLT=b1cz*2QC@dQjIG;OJ4TchGXWO_{2!i*kUJZiPADxDk zf(q({=oeP7p)&^b?M?v(EV(7hSYMY+atN|<~<>#pB#DvRvmX%DVU%oveVjTUE&8dHMbpO7p0t3YSd6FSb zL(3`}0d(=lIGn$~dv_3=!r>a>Uv&5sVn7;@OEwT*uHE4J$&lG1FqIDSL)_lbuvAiQ36w{55qbSz!_3^P`R8dO;}xySe#MqLFHC1f*bSWScgz)YH{%wjzmg_`q0 zLMl>Kf*g5A%!kQFnwkB={U2d9W)23BI(HsVbPd@0T%yNR^C?=$#fAGRAmbS&Z&=T)X5h^2T%TvB#&*G6j6RPdQcnYL2e zQZG}*GG@(SRuh%{X{Ez-w2?lF;|&_-g#cY}YUqGP00hf3AkL1!dP#y^Li0*rrb29MX1$}5gIt1?1iz@4?{ zJnwiH8U;R6sv}o04Q{nmlKtkfSfDF1hX0+buW!iK~93HCl!LubOGpbD8KH zS_pVd|JuimSyUWFhwI1yT>A*93StzCYwGBL1qQhuNTG!)#x|mX7!uYz`p0zO2(%Mu zPrRI{l7RVu%ZqLp>T(Ewbl{KZk5A6q5nLG+*gS6Uma%{){I<`1dz-Pyxq}?KcL`4S z@iIOi{Pe`@!pO&D7ow~>B!M>Q8HDjO79Iv3*_qAsFTMksiF zV7BLNR%)(tyhT9rRks3f)bCzzPHPqH; z(d>{TEZ|jH+K_o{&Au@447HP`KqCA%wwu&6u2mJ04C1MX4)Qc3RPUqU7BF$ON?hd4 zy!%3$J7S)5?O8v}gQR)V#6_b};CO7hI&)I2CVEmN<^)S=ro&U%Eh~qaTn-L!u|K>& z&nzd03HPR@k)=3eUb)+Ib+5QcdN4tZRQ`@cph2aK05Wb361xH1KrP49mIcOm z`N>BieiWhZ5>dojA&*K_Qw)V4V$<+p!Zu((kiG_V5$T4?tC!}@t7?FKJQ$}F3_HA_ zq$gyUF%=$GDvr*sHCmTJ{r(JsvR{;^`)KfwUaM!Asr2YkjplqE6(&t!jfhO{1{nSL zVNTO>RD^MVZ1d}z`_3f5LY30M@ri2yYmPrR5dd?ay;;V$yP^=UxgYDvbey{JrF8-~ zG!(tJaW&-&&z(&W@(PFSVdFmBn=iHux11Zcu0zEGTS}(y&N=u^gk{8LZRyaST6tY0 zXo5A#ly)VnPiQ;W(60rUY{`f<3Yo8zsy3iDs@N--xeuKO4K?poz3t(Cu+9pDu%z=Yvtt{@ZlF0(@fooLd&q&9gbMCc z=ZcGorg?8!7#hU=Ox|Ep3r^0VJC0BBmVPO430eJa}nL%L-zTm?d}tJ$Zng# zuHnr$)s(+WxX6ssUJmj>=yEaS9@CE6FQQHukESW<33Jir4U5_f=DEZJy$Kg&e48o!Lm3{Nz8aerkecd;|w&+9tKNU`v zH@vdJs-HiF^6+V{fn!ac#j)Ndez1tx*hF1Kc31GM&1nQ%0&g|>FCwTjHM0d36eVnG zI!n|?o|RcY1FGt~PD|L|y zIJtc%#T9?aERS7oIRf>%EpCn;&QzWUdk3#Elx~{AnbGhWbtK7=C80a}aZFmiy?-37 zbAodqiL$7uIA<-Z%t?F!E8$Lc+^J!X;aJ0>%S5uUQ7)}2@5{*dx)wf;5qtx0}xU(Lm@_-%Wzj4kP+UDpiv9Fa_)p6Nr`+26Uh$#{yAKk*iQBr2U=`0bRU7MImXz*;~35>Hfe7b>(`skU2Y>I|HCGJrcJz+JYjC>f-I2i_{*+ToFxT4 z^Jmkd1Qv8GzF_1zLk91r!|Y;!(IYeoCT37wc>M90H@DI6PsVZ1#>1MpYoeFR!>YKe zvY1(Zpr8NM>1Y0M8ss!wp{a4g-fY?dWOL>C~QV)t)@HkaDO_;{+o!5PLte->;bM zti_8$M*;;4InEIA7`*f|Mc3{);l_gJqqf+l2a9s&lKRx90TuAV=f95nBn#9H`gmZv{U3iZ>Zf99Qjk$AnNb*M3{rK5t0r33DTqRw?jGWEKy z5%bJzk8dSb*a^WB_ettY`-b(Y3`^g;N=~QOe+`Av?XQaeBC7j2o|0BchH)-WdVx9>>K$m0L6gj<=u66aOOD=f&COz}6?WUv1C%YWv}^Jsh^* z?qPFI!eSNVe~ImqnJ%p+_^s~R91=-|+l2((@U!8U ze*6IWk9tWRHq@iDu=#lh1Vh*#r2u+}GKsDV4pO^q)(D+Jz(Og-xCN{QiySfZD@VQ= zVfY`Kef4EO#ynl(Wo_qca#dA~%G6sv-aGR<^ZyQ@p{;Dg-|Nb|0`FPijna>@o2-~$w z$39&~MQ9iPH$a8vDF*HC{)Y5{_n;7b&lxHi+m zr*#J0KD}CB!YlKcso+8~$b0acB7qNt<@SW-vrcXyQ--~%_1Z9I_>eU_i_8WO3di3$ zR{nmjyS1iz9?Uo5s)mBVCWclq*?*0g+MN9bKyb9q$eMXyw72k!6`NgzQVC)pZI0?9x~vUCO57;5p~H>8ypp!{gUu`fT1rZj z0nkaWoKD<;Z^~+^<3_MZj7G`@*fuHWn((P zUon~T{^3i?5De&>mopB3{8qCY)(3ae3;Y!;qHMjOiYN^GKIS$uAeE!yz$TWcCknbU z)kN{nS)3=cX*fjd$ZRr6M$($=v9zP@s3T9b91H(7w-zZ6Wzy!D8lrmxK;VKDTS@N} z>xdV#=~UB)ILUYDEZg+doQVq#c|(ey09I#HwFR2N*Qs=yP9)bmFE*ElU~rgZP{`Ie zJ`RR6%6lcc7=S1>hy1Pj8MZANX%ygkAvN8Fmyu(D&O^NhsY2x{DEmLzn9q@|LI1>XvTUzw9 zDYN**A2So83hAcvYf27iOmpypHMkCX>2WDyfDS&t!O4qOD>f^g4<)XCG zyuKSYCD%saj%$Z)$lS&A`aRXcRBuG-h6^Xe zCik|vPl;*40vCkG`4JkE17|(Kc5zro_ zTp7KorkwH?sVd1}+F2_9WinE6c^FsOKT67?f&AREMiyr0Zftb;YVYNnS6m^Bc2i(D za*2MO9h{%a!=^MflN>u~x7_uqTri*0+d;+>72$P;YSb#$)rs`+1`h<;Vg`41Tm*YR90jj1^%hAH zQYmNu?Q7ejAA>ZPt#8mcy`+ytzBIrzgmsxDW+b@$u)jXBnod0mkx}s8c!cc3{_B^A zT%4_{53!ZVgd5W(Mb*q(=F$A?^19{4mf#K-78hf=sG+bJ<#9FQpR8+>QipJq6(cV!@_DP-7!Ze)ufNY;IYh20Uc&;MsqEcz4csF zQLY+lt_sSPq{s0zg!>2tAO^)Py28&n1k_0j&kVdiIiyCf7f<7-bUaQ6m&n!jE5rKp zkb2)vwQqkB`D^(!$?Gsng>EFOcmnMl46koG;{`aBuCACteIqKMEZz?lN6RWX5O~dm zu!KR_kMm&v;5)uB{S{Ym_uU$X*X)|_%|*SxQOAL8xmbCCIQS|}MuR}lKUMunM`$Fx zz;jO}^C()uGRF8PeP!TEuJW5t}uM&RW+saM#zt-Aw%^ zBV8jYKB6hH4Am-~jmS>NL!;G5`bo@Sruv8@;WZR$t(=a7B$rYj6^(&YuBxd7$`vPL zN(G#`AnGSNC0<82L^!(|*FwE^GwO+)2q!fs6uIWeSK#CwAfFd4iPdKZX_3#S9LqQx z43o0)ep&Kn0NxOt!$;~K?c5ZDUTe*UQ-(3#9d>LUT4XA!D(f8tw1k0ZNfk;06cmj1 z71mN?N3 zm!YDi1OdE|x&~`pPks3 zmNY$jf-ODG(p9y-JR9IAD){BkcyYb2g{za^Zj;^Zyg|t}e`_0RwmIc{mMYsee~+QF zY?9FSYGv@T@$Im~VC9zx#8#|gm7Js>ZigDqopw)%QAZ6&%Bq%wt09P0Jva+psS9@n z3o$XfO0`IcaAL7dyf&$dS&et_t*mZ=rs^eTmPfEfNu_M;4Y-au==)WQreUhVD&7KG z2HY}4E;EuEMAjaD`K1n3gq<)N1;73pLX$s92XAL%xC`K6H21rggznJ9J0U2~Q-5kq zX@bgb#A$q<1l`adwyRyiwVF(v>Ws-`V2&0KzQCaXq-Ru1GmaBq4zv51*-3|HMU+{|RFfZvQ$a*U#2-zn!)X2XOMBC%#2W@9o4 z`UHW8uAYd-GcgC_7r|D+cg6UIaii%%d^exVFH=P`O9rZPi&tqcn_7K^TH=u9G^sSE zq_evbziHIP+(!#F5vG*5JX@I?YeL>u$zVU8#=Ud|@LFGr&u!qGZ+O&n6MujA?m+%< zPo!F=eVimz?3zk1T}BzcH1L+^VEYtJcflAAq1r@wDCb<*VlfTZryFkVB|FvFRWC!z z{BcoIIuWtuj;!e~v;GXtd}2(`W}IyM z?znsn=&S1S#|2cX-Al@gB%w-u1z8EtCB)pyPeL>C+3ThVxrKctXy9Y6*Xz$dZ|w6M z(yx7kDW1@kUya~3MX=Gs1*0sR_Tv881{^@<4AT;JRXlQgDO%@;G1?{6o*ukD@IV^b zF{?4{9D9$^4ihc{hJSkDDCF?$6wHOG(@loWrO5H5KboOA|714lGY^4Wg1RM;E{84_ z^o@t4R9BwDNkxT4G>fwJ&smbAx(acrwT5RWq$z}mIo@V@ z)2}WLS={{c&^{AzRlo{WsrM@B(!E7CxK7l5UW-;S%d(t*!u43Lf`LA#y7{L>iPdEZ zDGMD9wP*$GDA{Q3`lhayaI+949ylr;Vzfe5CPq-RJc;s4^!$}OMom8TyjM+Z#6>oF zRPvPXeE5ApoxDoYmY;2d&AT?VJxBLF`CCHMxE2QazB~NJ+GU-Ql+2hCm{Ai>eV13b z2J%p{ku$~@p-_gD0`KIm*05nTh#dKm#KOSW7SVoHG<;T2=o+P4gG;qf8Fbjk&Nk(U zx~hf+|GFesJVTE#w$QurXl}Ks)l%hL*Vk{Ui)^8{p8>JSg#P5uO9{kk_KX z<6##hu5o7^l(iuzTpp`q%V!f(=n zC&`7`4;jwq(D|8XhuGJO*p>ZspMSzFb%woiSFNjB%bTVt^6k&`|3Y3CWklqQ;ZQOB z#NpB{h-*8-!*()?hjKe=P;Ud{djEV9fhMA^nH)W=-McmxlbAWd%BBcwC1sb9Lk=hD zXhS~3kX*aV(G|T{2yMOdqa?Z4HL~HFdO0wc&wiKoYKOVkh^;T~>ZK6lY9N>N%de8L z#*f#Js^&N7+T2XcpvD~UY$SijQ_oZl6@$F!=;;XS6pEl17evv;_f=0I2F3(d*|lK^ z03A3Q8!nH`F%|l|?}XR;B*d(dPULMm`mRWdzr%pvv-@r3UaF#118%Sisu|&a`PJYX zQi;mNI}a+$BqPtks#GC1wlBNbxt~(NBbUq@xr%&#E(?xKGZ4X5QP_sm)hc3z|0wJz zXYRpixb;Oo(jxy=q+0c4p6d`j*B#o0Yw_Dqib36cExkp|LB3rLBs)}P$*x`YFuwvj^6XLTfyy%`>_3#8#Qxdpohs@LhFwiyDCQ&Z#0=0gvdlBH5gQ zuR=G+`8Y6rE_u8DUhY4CY3}JJoEmZJH+#GQ#6?G|K7*?-LPv(Y-H~#7S`5?GN67{1 z+Q+D2!23Kxj_CfIJwA3x79Smx2@vK9k`{WPNTNtz&qO(eP=nXr9GH*a#2?b}Y#bEn z&!kye^yLw>X-fTz8LouaQ03G`o|Z|-d37*goXuB9lXyD4^u(r%c(iXnuc`1CXr3^i z7&=@a*W?IyzV22eZf{wUFbry%HFm%7tOcr@LnBCm(QFNRy8?YnwG)iKA7SWw)sd!G z$w29LWW(jt$w}t*#S!|~?5rNWFT683ov30iPlhQ~W+6vDkpDAIsz;@CtZIy3o09=l z>0~xiiu@r>#FHvdXv0wz=L`Rio8YeNlBCJ?SbG28|M|ZP#Jrf&LIrQwxP6i}O1h4Z zu&9yCOYh84%xv15At7oFaA{jbIt=5ye+n@6OIS8Mi5Nn2&WK&$snqe!$&kM_Q3NG+ zbK-%>X&Y8y8gq{7dMM`9(KDD6ExkIb_fdtiQJ(Jx2HoTUciuS{0svU1p@|PgHKL{_ zBOcEbCLsMKn%aF8gT?mDRlQ_`#M70in+@O1K*&$ZRoJ_DBBV2`>MUT)J*c z-iN+9S2Em**FJo-;d(D^XhOMAoQ->c(2=k1{W+UdFEV!$?<`2wP+fH?wT8s&1wWhc zKKcCa!k?`H?;!;G>JVsiJaP~!%j6h+S*Y&9LI?0qr{rX?5GteT4Eqj^6};*V-#5c}n`?b?U%XxyNo z1RjTczex8_i-87o^yDc6m(938B(MgzqNR>#V_&IbL3CXK&a=@BjjnMzewP5z$3S6w z+6(LO#;YK`I9aKN9Q)=r;@W_3(3S{jw~FVC_WWBQz^gyHEi1cdD2%@;mhkBKnAzp) z)Pb`}R{*tK|Hye!Ezxo|5FIv&-odlx$w`w31X^;7mA>zHU#s>TsiGNjtXsJ+X1 znHZzse`LMthh(aw5C;4TL^UmQ`YT5Aio3FPdTsb4@9OW=3vzL4i*1Ddm)+LQ_%j7Rd{-SS)Lj1C9_H z_~ue0R9PVdHz&EEU+U1PBLKR7W^>T`j$^@V8Y~_Fg;NRYJWVcq2AbS`kfCJmB$*JL z%J^Z1;PDjJ#fb{9FGeuTQWoYJAZGx!8`Ih_lzwa&Uq)3FO-l^Q6^#uQ&SY-$B&B?7 zBm`1rg$)~sMy><~ttfINdNMA`=*foh!FE+^5(JDzL^s9G-RX^~|MAE=s!RF>x7I^*F=u|`d7(RB*TH)H{y%pA^5dV^cOU=HfdfO; zRsEOtue(lt+-4vfC+K_92h9Nn1{^tJcQ?!xYvbX$U6km_!lkfkSyB}qFF*|K(SbM3 zj#bF}D3atcOOnUE%G97KYN@ix$A&jq(exB`JWbD4EUrr8^lPnyKj`O3Q9cZbtDrv2*OlYW_lj)GU~j&(|7qm>9X*HDSoaqcrx@t>Sc@ zYhUl3NWgJ>EIzDJ(r)N)uouD9MoOZO+-rRqiFbsv7}$&nLsn$b5$k zk+jDJctk7ksIq>G<~WBjCEsZ-ERk2(QxqdO(y}68qUV_Fkqp)rC?h#@`HPyECtzAW}`;tER?{SU1<~zlJf}hZTC6I@(!hL^n(vb;_fFH(X$J5;M}_rhsREc z+oO#~Zg1jnTUD`%mCQ}o=3@4|Q!R0a^My`#QSpOHz@rs7_ZGaJb57ERNV_PSdI#KtDq3w12ynZL?xHY{J2xQ z>BlzPmbO?NWm;$9j{JO`!D%)cknt{LTdoP5k4v^IO8GA-3}!3xXoP@oPZ5Jz!KS7O z$e3Bl*h75SEFF;Ukt>S9A07C^^l*>bVNVg*l(N*%P>Nu=kLxK)y(Fb=+x*1qLTC2J z1HS?d+g$9Gj!xPxh;x(Q%SuzuCZ8)3`l=6!^NXPyL{cP1Wl?jvm+(zu&ZW;}a-Qbd z1eed>SYgb`>;^n}p3(}BHt^)*krp?6oEGKRm|$fn+;dEZ4$NqtaK0`)k(4xWLcR=g zPHQoi?ii9Q|B5ksasTW>O4!lCW@0jDoO`!MaFV5}YdJr)yztc47+b2M(kSiaaef(2 zhUw&kX-Pqv?Wp}C>cGtmEW5QOnCy1u0!}ACNrbs0%9&&B1ZAU5S*wv|7u1^b`}p;# zC6^wy^RlUA)?95vx~ENf_q3v$O}i(Vy{U1(o}bS`yBmC5Q8r~#&2~iJn?;IE2|{V^ zEnyghL+1}pe1MnrU)&~r=Z_Y3!2gf%)R}j@kHIP?L=lTZu*!jc$3h>E*&`*tTn(b& z*I%J!#J+Ei!(Yw!52qs~>@04;*SpvL94p}c`m0l4i;B%SlQS#qqzVnp53e-MJT$DQ z^pt01*3U+}!Mptf^PFugZ>S)tI}F91VBViyS5YaLiS@gB6GSCShI0r zUd_1$@W-R|VLHd|*N+hk@WTMyR@w%VX@MuThG0xQ`#u!llt0y z?_kNb7f_JPjYfJ6t(K&Jsn>Ka4IB_3i0+paU%TKjTntimpx6ioDe#1OlC0x2G{8zx zL-LuJxTlKqlMhNQ->sI*QQww1;r>%;3S`KhQ{o^Tb(ilAuIc^#z}t%ZHI^tMr`{DA z$_wPKOM*_YG8UrV})oqsa}5E>gdHM;BiBNj?Z<&pB5W0XCNbNpKZZpd_rm(Q2*P z4()g+6ZGmyEu&D7t@tbZy-jMaz^Z0NUtaV$N8Zj)yJkKoOqg7H-W94-1|bUgRt?0o z5tsBEBP$MA?~vS)Xg=P_GzkuD@-*?kcD9BBHEHdt^Gs^_5o+g9n>@0+ZTKNxk2y6Q zEmvhG5lT)4#R6xrJeU~Y;L5P#XTRL2Q-3@+qp~+DCSP##^l@GWSgo^U;?}ONr2V4q ziu(36Cw8#InJhUbgkF?e>bu!flk%XcbDK$RYqM~=r6e6^-%M63lbHIQ`n(kR*?fbJhbH157~xPz zAbBL>p!QA?;%bundD&ypZEjlDma(v->;{`xa1~RNw&TAlN1@o#z)sw6Zoq6Hx0QEW zxQOzG-}~vF{_ybg8Gl4`7z(OjqB-%^#|2EISn zq-mY#dDMQo(xjWhTu5mB%h_YPX-KEJ33-czpkdTZG8zjk?wIYU-HtkD%pp7M&ly7A zUft_1n_7&e+oBTwWrah8B5PCMkSzLt}+riI<{I-g#T6Bw(1kvjM@*KKXm@k z`9tRqomV;^q?lQJ7t^VAws&@)w|C-ay`5(}n=hWV=e?ay?`iwl^LTsk{6+gk zzxM*(Z$I1V5BhPZ1KbQSH!nIbdhKMexz%1V-bEny!Q0KSy%}zH-gUNipKkAN??lfw zH{07g+yBq%r(lg6_&+sD7Ol76zI$~Pl^@F6jd2D4x4FHwQ{(@hZ9edSpW+9LZbbWt z`4K69e*HB#jnN2|OgMmegjJV<{nMm>7GSg?a)p?8;ZlQEP(ntAreBVNFtn1bXWk}; z(&3Mwm;PB~8nc-@VEr+OuOa5NVwa3B2*N}0&kz__S604H;Z!dx&{l?*@-ao3&-(1H zhmO73g;jI~|IJ39`vtqu*~IZ7w*4GV#O^s{|`6X|E=w4;QY5c+YkHy zDSj62KgDaH5?CaGu%8d2%XmDx-WXTNf9;*krxp2c8#sUm`R`Nwto`y!i2m2ZGI%@! zneXu^%g$y~5WjkHKSEb-K#HHq&=;LOr%0po_G+*y6}=BB@$f4Cx4s^12H~&2u3)Lh zF!<9+HUm*<_lsbV_DkmldIZSJRf}~Xy5&j6TJQ6A%N4m+*`9jcF06_CrX4t`I&awl zX6U|QC%#wR4LjlJ4TPeh2PzXEL~bR@Xz$>))VL{}mVhUxae>*>WW>j1c2rUpXRb9DdsoacWb{XafUMwqE7 zDyP>Z`QFcB`rmGEKW$g&e`ja=*#rIm6hCXhA!EP_VkA51EQm%ybd__bAtl36){93` zKQ7Br67iQ(JM2)tGoMWX!OD|h_1}ut>WwhDZHFg1<{}R?>!Ao9)g-cY$nA=)Yls!(l^&~h?$GgN-pal=p)_j3c^%&5#8$4-I zN6-pRKWgVqmM-y(<7?T(>=d(;lk|gTe(_QjY#66+OqW~CdSxC1@7msC4?@fm-(g+yDyqI*tNXq;$h2gIsbGLd_DP38M9>GT;c5eN zw4SW&v-u)6L!8Xe{T}OBN*09alvXEN`61!XsXfgKR|;)ETrPm(m>geFT2ts_Bp#IH zzNsQ-k(p&2XFbc=KQ=DqB z^^AZ3M1gyU3)}LlqDQ?A8`#+jx3<6N>_jU|VhqmR#~SC-)t3fQw9VWGib9Q z0SRz4eU#spMOFt+v%}nrZ@)9JdQYznpk*e)e*+QC?~TV@s?P?N!ecLpwtOY)Ss@>) z7GIVOX#0lUb*7`OR)fbjF$o9_*LFTvB26L7y- zJcZcPKHPp1LX;h9hvY-tOpwwM#S`+$t;i!kT6SvmO`e?C*+}M(VD--+j~=h;;T54C zPDAzdIETA&4quDc3RZ$i`x-H@Bz)X@6?-F4cbD-Fu#-aPfEBqx=+i${Nyk5Dm{SH? zfh3cb6kqQ()2L3TWrd=00uv5mpto?Z{d+tfH8u$R6`Hro_J-;%zKYV<@E`#Y}K%+6{eNv;TsL zI4Vf{CiE_SXN?d(U8tp)Nix)zGm?>vV+C7D!U7d@gaLj|+J}RRjc$2?afndxG$X#^ zm7GWgxhjCPjbaBaS{BjHdB=&tG`!NBUnBvhzRaxt9(EEPMe`5aGJbYdc%mpN-xwl> zNwL^xJaCe<&u5C`oa%YN4_+|}0HW_Vr@C~GECmJ&2g0iHa36(0P^(r2K*RvyHKU*) zM)D+Gq@B-(!xq5Ns=&oUzVP~qNHB%wE2Xg*Y&3cciSQ>W9S^jpqZlnpNg|;&9ss75 ze?;UE(i$w5EGo4*P>ByGM9Z<9qm4#E1SK06jOu8Ya?F@sq!7$r5?U_~XHgJ6EpX`? zo4ekD@Aj!C|M{f^z&!iE&3 zu~S64L?)t@Fc~itQYJn^(iHlS=zS&O@ln*qT#?Yq%4m-&3z3f^_V;}RO|)^wgC-fO z+B@+%y)|j)ixT1~0-4mVc&llUgT^BxMIA-4k`PJp?!7?TzCuu6T( z!nxFvpWOgLDTiK+T2lft$}K9zGr=md-<9P5OUq+1=1c4Vx#$1mevJPgcl(Y1??#?g z&;RF^_nr|1FU;)+s9yf$w208lvuz_i2ayQ^>x9-%X(|B-RyQ)XAgzX>@EvcAAMYg= z#>y&(#1{F;Mk8n(K1`@R=QFF>40YRH_I_7++^8I|H?vU|Pzlt(PqKxflHk6adrK6R zUdo(0qiR}*DI2LCmJxNqcy%7NAzo4CO>X(b9;WYU?waGD%sKkGdl$s4>OF~WEuk)@ zgggR9%p-g35nKMUeK2hiZ6JFH%8NwwdO`e;%BzNyX+qBfbrfiuXtdtCV+(`Xw$xe< zd#ytb|Ca1W84Dkeu8C!$x*S$FSzgMgppjveMVQbL8q%wk_=srFXCd5uE7(`_wUf;A z@c>&jvM$6KRo3W`iNPiwu;QSo{1;1Av``Y4<;a40=l{cA%>Sd`?GFwc`EL_XW%)10 zCo>b|*SeD=%*Nm4OgSrSXvU#5;evSHWc@gyuKMOvt>6ZPgu*+FW%%8I7A z`kfX>cr+}drW}Dyx_I!e-9J> z-$#Rn|8M3g$N!nD9`OxlCU3e=KrAmJWdLRMlEb*N7i9UF*S#?STw8LX?}c-Vo$()G zO&UU-TW2dy7qVM6dgHJ{`+v1XdD$sTX-OEgMVpy#Ev}InE|%!S)A|u3;|}&ad!3dJ z5~xQs3?!))#_N8(bm#Wy_VKTg$zigL^(n9%;yljF@f}FG<ibwROo5RsHc$&)g%bb;-DKrQ$|=eK zLxc=T_NXjek-rU+q}f01p7b!OkU#v*b*$6HE&15VRYS( zv2W<^JEUo+d$CW1ROoNa&Upar0h9VH$qfw2O7d^>+Vn@By$qDspZ25=r0NLsEz2cf z`H~M(L6R2r;NMGY%Kn@Jd!TuM5$_oO|DrE8BvHQLT@SXcKAK{W^GfzR zUHD&aF-(;+SfrJ@x?N(bYlALJ`ffx6LdaEMP4jsW&;Rb7lTGK04D%64odGP&1#5(I zg}gRM-8~k8!e}kSE1-auTq^-Lh1Z}w?d0Hq@F7IY$g++BWnHJsRUIPoxA zB_uTq7RunHQm!+y)P%zF=jh#IATQ(m+2zl}^Y<@azWQI|)M&N-@>u&G$m+2I6^2XV z3=vzlh_%Zf#{QFk?(h7+lYjf4VKsdI_j39fY5g-$`DdW-&-Tdu408JC>2II?>nZ;4 zx6g~^;b(U`h5ucDzOk+ryN`AiLNw6l-uCz^WzSQUYNE>u{?`|_cigpH^tC)i<$w49 zxGZP)$Dcg=kN$By{?nk-#DCw+Q(6Dd2_kOw!LHEWvfvRhH}g`y^sVS~E8af2w#+mL zq4%M}lti|xhI%9uTUl#t+7gOlX~rmgR%n^eLXD$zFZ-6JMcv!~+4PN;V+AN@qK6qtT8;v-+-grsXC<2EC@#+PYM ze0sQtP(Dv{o!Mq?@zfdR7AH(MndM=@n?&Jf98R%e0m1kj~VGOUr1f)gPv$Cb5#QL{KX`;v!U5LRw2!Y-F}O zdrHcG>+t_N>?QI)9(NBL{oh8OHTZv}AJ8`9ES9esl)zARgbd6~ceBJ$5@Oprz0DHK za1~|OBgNaSkh7U8f8y@KJ%(1&WKyZFh&GdUscgbIA~UZcwzS3@uDUmzvO*+5mzNU0 zZ`y(d+}_f%KZYd+Q(qJ?R&Mm`)@gw2nk|%`6kp#-Ne;Y^hH4K9gyVnvKAJS5IO8k4OS4Z32)j z|M!j#yNUb%qi&=B-N=)EzL!``iD-_IYg!Y@al1^5xm-h>>;Qdi9we7LKTD4s_pxKG zyb#fR^3dQm}ekTGm*p z&m!Fw3!t0XMD{G?Cid2}Tw5D=9Dl|VCtyh~IPM9COxk}~mf(4#kmLYI# zXFr05O5%z>=XN zFRFk=TUs419)k&e;o(>;wr%-k>Frx-v4*(|=gAW%n?>EHlJlu;J%eWTeO9JcXe~LW z>O;|tAmu`(SUX7`r~xvC`IWzCtIjnQfGY3SP}!VX_%~Y#^hL=PAhohO^&^X9m#GoY zlzczR@o3)C>TvxhwD>gx`Li4>w04e89jLg_sGh;u?%8Bw!$xvj|6h-F!0vQ^v1%XGWIo+NB$Gqo;7|R;w}EgXl9K=OqcbF==Ip^7oUKK zlS96^T@Bo&J9nqIf46Q6=hagHxQrT*uMWvoxynfBqhTi!Q;GUg&E~}G73~dVepw9} zzB>u>kg+83s48IN#i3C(JIAc@ zkxhp5q8zi6TPn(USx8lKMS2cHypZ)O@wYl~(i&Ku^GhkZh-Os^^esnpRz6Y^s3D9i zRpyEq-v)*{JCWl^O9glY={iSAr%^RPDK_R+yOfiYeJs3^v)lY=-L6grDM8=mdC?T9 zjUuFo?@4M%jVfNpm{}^!tTC%a>Krpmb(uGIrQAw`$M|ff?O0xH%?Ju*ktB@YL(zT&8alMf>78(O7ccK1U;hWX8hO2;i?aspm zKisn)L-ol|gS(H5?=)3I%v9osfL zwr$(CZ6}?iW7|fD9ox3|%{f<9x9-ELnh)z?t*WWTD6DXYhsea!*{zJAf zq_Tan3^dL+V)oc{H>A(Wz6UzRqPqpNCFhI5ONvtC7maS|o$GbU^F4JY(3AewKi>QH z#XfjOX&=~{Sl$H8Pw9*=!_?!|;Sd;^ru1Y;-T!;41$ z;~>9JU%gXPVNEh>%|w`|;bhE)>@@FHY8K#))Wsdo#n~4f#6rYT5Bl?9aoh)V(cQB# z!KRQIWPD>{s)&!XFh#581!wm2*P-ONmH(JA2cZrsF7k~4rU)d`1 zklxXBeHpxIpOVoTFKBdoV(Ka|dct4T*?%vY6zCey{hvSHFQ)if7teEgBb57^&G5*` zoMFj?ZgSgo#5Llrt59-MmTg#R(%PoV<1zt$yZIB+RY)J;=DjERfPTq*MeAuC#N)D- zzZ@xy98NvOmLAgEoUsK(@(QJZV!?sTMgXFJTK`-OB5aK>JXmD;Qwvg#N+rZg_?a9W zT!}w5KwBi7oZ2&=uO9Fk92yzHgVkB=04OefZKzfdmDnL9I(zn^g-U;KjrOFYwD|pK zJ+V`2sbQ2wewXdY@ixDgMREt*7#0;76lR#EWm_ED7y=|u2FoQk6M%u2NKA}iD(^?Q z=WmX3J!zZqRs#;cuawY@(qVW19r&|e$ow6iLCamcK6i#gmc9%22w;`m`42Dz0txZm z<9TwwKwf}`f7~DRM-1Ti<#_eEfDDen`;Dh=he+$MatAmv9SwxBbs%K$%jfK^Ve9yJ zP*;BU86QWatRl{8>OvRx>DlllqDHQoPVsUnJ+j#jfqr7+YrE#0WSbNt=9lcXN56=& z-BzSezQZiw>oA37GSR7AXQ}n8@E(?nYG@|$oJp|zytLLg>JBKI-I9|_6b~dMcvAV= zz8(OwefXm)xPIyXrDHxs0LUp?AH8!=jxDhV!Hg6h&qG?dd{%c1bZJpy+nqJrT8~%O z_RKnhQkisn8L4D5;XC@V*Tx~xo2Q_l?bWKEc;zQO_fo{lD9VFpi~_xLv4Ge3{eZe% zV73R%y+50xSQI;>pXQXby75b8u8a~hLD*Qn_h+BE@1wScu1qD51U(++pPY@l&ilN+fHW%LI=q@V-a@`llLx6 z9pKZ8?@yhLbkM9bT&7`3wO-p6QqQnPPX^g)%RWwvL&DNE3Xx@;oTJUXvZuUxaG)0z1d}+`q9ujd1H4U7wei0lZv=k# zlrugS;QV4c?v3T8UH3oX2h?{_xud)ElZfXgU$5I@6h+VXh3l$KrYrFc61gn>E-5wF zUw5{SLQbHhxG=l9QW){Zz=SXusv}#`n7)%Z$^n4=;ah=!k}`DWcekJMn(PNA5X>Hxb@%qXFgBYd0*1Ry-2-3eeHTabd8+c&|W=sknQ7m7Fv-4Ic1 zbI1}>c=K;l!WT@BM&7>gvA<8X`^wfX=&j4YM7j&oCyr%>R`EN24bMbyA=b;l_^v9) zm`@(E*aJB4WnV6k-JSRMz%6OJ|2VYgXb;U<5MbX$6xjzjC-1rN^BMk<74kmyQh&;@ zNCtp_Ma86EEWKAR66i(cVJU&+hQ6K-apJ(e{qXp%PW+R7iI#EplFQQTi}CLx4GiZfgPjMpFr`vw`(9Opr762o-i72dE@QR@v?sAk(T`jTjF|^ z-s5kV7ghZ`b6)fh|5}jniYB^hgo$pTK+L;8;d5u~mpSR|<{R)sRLZjRkuP;Kz#!nd z271?F3Z2~8uVNX`I>_&ST%tzeS+;xDJ`<k8wm4Wx*0!5V%keuKsSsgl7HDw^OrhmI9N zZDZnjgZ$~x%h8G3fJ^_0`+YMw^mG+<648WaBbw?W`}pUrC*gDiAnx)4FdbKIAFCd> z>t*aUJ-iWeoQ3@pLk{VDfu}ik`3VwJ{bgW=nhBTuoF=t`+fa zyM80Eoe%(c1}Rc-jH^qYo@S!g3rv}=RO?TVwasg{|4MZbIh&%dgmd>i-JFo&v4J>Y zBVb^MxME~2XqJtPk~1vgMvm>oOKQ^Al%=VdX^K16--j2xfjQM8Pf12T2P9L#LXe*{*_{wNCSm#oeTdNDbtqyYpjT3#< z(eSE3u7=U;8F7fV72rxvk6VDZzEGXfEWXg9!=LhpfQa7)lg~^mDYqNKfzUVa3@<VczFu9UaJ5qI=ubIq7M~Pv(!)PKejcQOXt4OB-v~;D7K?%hy$xhT6PQ4W8}q01h|VBq$T69v6;{tsjM#!rh=b zhnQ#hnPVb|aBapKq!R#?Y27tgF1v1cS32v)F0qs{Uqh+GR32lqv7;pUZG+r)ex3e2 zGZiBdD!j-{@n)LO`C!Uz_zQ>|{5^*%{ax2=k|-VykX3W74Nz&a#yfBUCxUEt36Xe` zZ!IigQ&a}s`4gD(mb%1#%7Y_Gh;SR+;bNMDMo9xdouZlrT@`p4mV?73D=A*)Y<)ts zU}svYB^g0Nb9F%1^yOglPKtT7grlA=<;Qqt29b_A>t95Y5nn{gpb2Ilzb}IlMvi0% z5s7ZiL-fQm{|4FbgooZCu7m@2q#2PFxLu^IQbNjXaH820=q&kAKy}m48$$3alz(Q3 zR=U3BI=F2{OH@9HH(03GLLpO(V%O$1@3D!PfIIQqNW zqP-fVUvX2#depvBN?Wry@4Xsep0yHN#FYt5f>DV~d!JtXRv@pN-AKSbhWq&=yP*s#Q0Rd=&ns zaG)|P^(p>wyz3N~-Ky&QnW7w)u+%8H8zhH$A-h<*f%PLFtlxNwm>Coo2caNCVPk*v z$po}01Qjc!{Oy%jX0Ofzt7VMXX z)d9OBf7$|V;RUsmT*?oH+eDMA9K{jb%H-4{ntTpuRxYLEG2#@9qaM-zvJ$w*>ksEW zaL}NpQO^ubnG0U75#7I!6A$}tS7qE*ZM=6lxaw7wj`fkb&qTqCI|IF=%{(8Q|Mix4 z_a%^L+~3NVNX-BQNiYVka9vS;2*kg~e)J|%4gx9TPL4q4@Ib5_UJ6ZyQB5gGz-)sR z@ykEN8~h5Ani2k07O~Y%HQpn(?IiH53K2)fy;`9*|E8@XDGzNC?a}O zM@2>Jql@x9$sKGHVf@2zbN4SkqL{-xG2vVSq6Jj!{xF;@Wm6q(7E8>JX3Jfdy%5-H zG={I@7w_=4#PY?}^CEmPHE2yZd=<3kM2szs=rs#NLwcQSH<>X&pe8QYTq43ByI>Nu z{^&s+{XOE4<=^5MYjNyCRN00&dtJxd;O0ba#{q^RY{_|;<7QwyiUybT8Z;N|kxf2p zpwL!u0v@Fc7%t0i4KU%19q+;3tsN^ttphS`2wn5LhlTRJDVFw8ttD%UHIkq9cstPw zq?0)2>%*`mJ*nul?cA80ZgT-EMRf^cLQi=CbaFL%9-#uozp2DeqH|UghVGI1x(~L_jgflAeB)TRH_C)pPIl^gwYc_ zN0w^pi~a0zecCQ9mKQuVA$V!fXdhmR=W$iYH=RZh(f5EaiiU6k-9`L;T+hJKaEaTG z+1&p~s_SFP=s?P_6LH|m3D9Z|sOwObL=>muq64K8eJ2=FQM4}XYv@zT`ZfSr%@9M% zQ^`;=0C!W+m+N(8^pZd40=gs4llxh&ur3-w)LK_mSh&;}c7cg>hm?2{V;2tVebCOo z1sbgAh#tqU6-Wnre@6e)(m)4`1C9)Udk~|$817ng%`HJq0tSgFss@%I-YByOr%3*{^L&)8dQ2InUhj-KJO` zbAGwD5T2p1KkfV3q$B=pvROx=Vc}|KApS(N?f)Lqf~O_0hi~fUub%tTto!#D78|^@ z;(aRo@pf^+ngu$!uv$C_WP99Q_9D&4o|P+orYLQD+`Uhf+wHq>>3Z3kO%c>^n zVU71D!j3eYFXa6jkBjv~h!COb7QjSzN9jMgra`oCZP^5kfq~ zGHjbXrcVpLW{#B|6nw_gr(%{cCqB-5zp00e@2|Sht+O?kyFF7o7iu?1v%QVKAw;p! z5xCNi5tXKbkSAI(==};VAtd9KqT6^V68#6q1SC9|Q9AQWZQ*y(8ZfT-BA2Uc?vNpeE%Loc7)Wu6R9^RxD< zTLDyVPpf1OWG_wXvUplf1r!=qGOQ$$qO7qg=PoF_epB%+Ru}G$4suG@!e2C~9YoK= zSft!lRLgwU9s!tB*Q6~PyrdjL!GNB+s>D2%UYyIli{4ww`WKR%-KikogsVqwp!AgS{ zN+7<8bEox~SYQ}}5VOnx0)}sS$vC!Lp)jWz^b?YQZz7>;GD1-l}o z1fe=_=zttj93Q%Tz+>)5OD`S^1i5>vKU^oEquQf^xEA$CAGTB0)f}$CIZ8J-E;6S; z5zbX+y~~|PT#Vk zbFfSf%7~q_lMFkwyZGY3;ziYj5()iWMm3>WPqwy2eVgT7dCm47zRN}%;Q6f#Urt)_ zVXvjxb_jkXF?2jYelisN60?ERi8aVtv6PwjbVXfUx;p5cn5#Qg8)snx9-c9vRIQC7 z>gsx67&MZUm7($gAecE}1vJ1I{$V~EbEzP(!dYyO6JzzT7A68=ii%g)@`WN*S`iCX zL-*toODH={qL7N7V{u+8qutOlQ4;o(u5?ud{8Fuk-_FWWb_|&#agT_7)F?=81U3ZC zw-wB%KO77Jxv%itjGy#_2aAhGzN}FdqCPQ6I!fj-)&4c=-fe%&W@hP-vztm0t?(fd zcx{v2mKO2!$|VXcMGl02M<&j{G(9b2+K?K>YxTEbO-R?z|Aq%!#559AIAV}I70WJr{5Q0;!XD9NWKckxlBb^+4<%T;1blUQIjV;Y~#~(x5mafN| zoP)%m_vj&p(^xJ5IeUBv>-c3MM~IV%mL$)gs*;|GCWE<*R#B;YJ7LO`7$|1z!bX); zYma!G1sfkvN-UoJM##C7Re>#SnvkO4x-l z+T5$exO833IcP17(RHqQ8R}!jRW0?=PX&~^DCcjBipsQV@H}XgcwP@*=kNE8&vbsP z6qU!bi`8N*tBK*lU(*Nf1$#g)&yEL5B9N(TW!68XH;ZN1+EX}LU%#-I9 z*(K)_c}5BZufKlk%=*0vbfjV@UT0b?V)UNO{U!a8`onCg$G@8T(^$j|KGQTw^WTa0 z>3V^z3Z{daKBS>sVSGdYXe-fY0p|?bv}MWZij3|nG64#wxVvhsh;7n?1|0wBP+g2N zRznfk9E7H!I&#Z%XK=#?MJ_@`g0DCmBdgF=$5uT;f@(|7Qsr4-89@Ki4kKq}Yr%V172#ADQnk;Oy*!?rymw;0g;BQi z1+}B`3Mmj`3|t}4^!aVe82MD^ToI8fYr%@(LhrRa*6_!<5@Pa_4ccf_+t zW(J&>Og_)oe4bIq_xOFk=el~}>QJ%~u#l)D@@ru=wAuo5;ADK2Sq3q53O6|(((10z zAakmF<|!D(%ds(jsu6@Hhgsnif(QFdOO9py_35?~uzKOw~ zAWGYk&xj?CYjm&sBVA$`@w`8DbLnTZ3JlxuZ+;uA9ZVRNGUiOPR3pB_^_`E$k`BgX zf%TP95P-lf7?k7L6M_h0B8j3h;#g0pQi+E9*m||#qV%eH4>V0Wy~DzCP^{}Sa@Y`B zE~!KnM@Ncq{A7~exT3mwACcjd)ykJ`@*3HlsA`f3?2iwms-C@FADJTrPKwQVX;g#Ehz4rKi< zE(HGBUWzA3)mpGB8{sKtiKM3Y$EnU4-$+NDk8$S60&WlqvJ)S8w8E+iIdg+eshXCR z52iI{6qL@Pw<5`c_)y>wj+a9y&NpM-li2W-*aKN?r8P}&ba~Nq6;8<|Z+Dw8Z|<8+ z=6Z=k931=Tmj)-G5y4qnsC3{9a{A_5;g8Q1_~RrSOcXG2P| zgySuCCNpyOlzdBdZfLxNf_NlOa5A_NW05@W(~caJkam%DW5^6qQ2lT(OUS2mzK)aD znvF3FLYrfMmt-X{tkBKWP1!rbAas>r_S1<_%}f~Cdsq%&%qcpaF&TiUV^~CR=+cQg zGG&KYyLAvIUTTz9(dMG2bu>Or>ZLVcqkjxB_H|_*Q8&@G0@k@#QZal}P4hQ6v8usF zs5~s2Pw6AC=y7@f?KML5B&#Er?t!9aPY1IYOkfG`(mUq{&s}}I={1A~Gz6b%`5qY( zF+52ob?WUP8?@#8EN>|;6;pKz4y~@a2ov(UEb%T)i+|-faF*K2XCGA9$jIl zn^>I9W@iM6jY*~D+`*=>O{6|w|R!~1;mLm)qP&bxd!&9TT@m8m5*jAk2a!uAG3k1UB&#U>CF4I zaj11#s|8tULg{$Grld9ieBmCTu|zx)BOQ8xPA6LF9kkAZ>R z-bZ*Y?M5DNhXvKnH5wa&m`{Vph-5IKS6EGt5Af2j9hb%OiTnRBZ4J4AY5A8 zPZ}So8~zn`Xe5P37mBZR{tCv(DLDwI+=tBfaW#6lAzaYq$@h~nVc1|dm&={T|o zU2)*|7N1oca|KkC3Hf3eqJ}%RVqwmgK36(s+>ZoQptZw>z<0*xJ$MA@PpT00B@lUX z1X|DzqHzl=mwSNb!oE}F; zrL(|E#i?dqqQ_^9!2k035}seazc~i(1ul8$u%-0}g{!?|LN6bN0a}9Ux0g7($in&) zhHUQLwa^fzz}T&uQ$4Yy^VQ~t7hY`OMBz4`u52I9|6FhTauW9V-QGEwbC_X=vK zB5+w3SC-c!NhbNR-8SP>-^;7UjZB5txvUe73zKDcRbXhL*E5N#iJ72BIiQWSmRtE1 zO+*@-;1oD^Zfl=(>P9SDC~Z6)ni0G+y$vSAz>d|xZ|Ra*KmNs!hT1$c6cJI$hyksO z=#x^)Q}4Q~qS^jq?51&;dZ+zeoXq}-!IWj0>4Xh|5$%$kt8tAi#KQ!b2 zxo`KKLHm{gzi1KXrz7jQke3ZmFmjC*`M&ZNR$FqzqN*c~d>#a6CBzc)d6~p+O&W}x z4e@I2HHm83fxBB7ZbZyR`_RG}4~?<;+I#oUBqPY;Ig%qnLR1YOEXH3z`hr$ z2vFk-{oA%j0;OD};99|Yqz?`gJ1nZ{TTm~biAL}^UW^I1h#i;y>z%KVO|ID74~$|3x?&9z66d!?XkcO(kCgg^)L)-ec?Zvw@@F#Fe%wH|SaRL$8o@ zGqf4<-Ismfk)wZG?QRHO#%zf%kM~Qyu(BeQdkcggCK~WaT@tu9QF8AGN+Xr=WQ&=d zMHI+FD*I~@-XSCSETL3Bi2de8352{y<|IBJR!0I$d8DFA%ITRYYuIbN*Mf$PPF3a` zt+Fg4aeL}N!H-I)y?Te3TT0BL2-dM+5Go-w2+IucuveNWi{igJiIAppJ6-UpPDyc) z#&9n2HS=LzUHk(%~}41n_}#3@bfq4l8T($SHf7B5`5V|a*1*7 zT;9JG5<3sYy;yIgvpQNL%Cd1=MJx^q!>n@L+PF@~Y7VCz_Oi!M8~B(K3^=uzl1J9C zKl6Gx40;^`@;iG%M`60MbJjBi@Y%zDM$A7NLI)t|U_Rxqo3buj7>CV@K+s3(3O@z4 zp?}0fq0%+Xd@ZawfJ7g#5p82{8h!Kf?D&7zgpo&O4+`@a#2ra~nde)oK0M#dHKhnM z++x3=LCHH+UA#GfQ=&tB(Pg2Eg_9+5p9qd?KXvK77BI2 z{COGc;j^9IwEP{53iz&IYP|=_>-BcDeSE~5r<)5b_>W)TKVN@61Nrm2z2Bd{{jIM^ zr74>;AXy)76;Jo;=zLEuU9ke^F54M>C7S|y*IT9Ih#)p%b!JAX$!No!--kqTH=T>B|+7qHJrphKBwgk+T%ikItTXMtiC zi`MdBiOFFV+Q;5@S%f(liN=!jm>f$mnU&EXMOFe%`Ip`ZuH9qmJ++VRBmz?mn)U`w zASOU{Wk*R>vBh17LR$$kDj5PQq2LE9-qn&@z;Q2QFjj&vK z>E}Gd^V>eQiy22akmcj;87EBat{yUD(CsmI`GL_% zE{pi1Yg7l}kB?P(6zYxTi97{A1y8|UBL6*p`^Y&J%%I*a>9Pn$BEiG2exO3cq8Mr4 z!7I=;;Bn-_Ki(@m_MT-@F35YSdP-2kz78We138yM0!>04^{r7FjB6G9KA=pvCUlPUx5Hh-KE4T~# zQzVlANaXwEjksG|Qt}1#?)6x8zdaZOj{3%aN*q@teuG9Or$DYE+}&Q}FZI~>+wNZ5 zpkAVD@iYGd<=#GrtTnv~%S7M)J@NCurjo{ghlAp&30iFj^#l{`6}0JbP_mbY^=@-* z7Jga~6F||CRBp_OZ8U)0C@qCHJ9KNSWs9HCf;)j*B?+z8(@dZ&5X-eOn*~Fd79wnS(O#h-hw2+(MHKQ}H8V87hk&() zg^GZ3w7?HX>q9>v=(fTWY-$C@R5$K!WP$NaVqffnw1cF9ClFuzQvy+XlblbGUp|hX z7ZY<|vL^l|Hz*1obw1dn6b(r`$489%{?2@{pm8$O%`;{5h-IFMQ9!ZVzy+b;6HFB9 zK~zfXLlPrX9RP=ru^7d%x#fikv905UXlh8B7OZTMLFzzNO;v28C8e>lNDm@V9mf`e zo5LVbU{V!SA|gi{ef?=4rAJ+sqv=^_=+GI`?E>e}*&0ptB0!lD`Z?|fCGHWsL|uTA zl%HMqg%2Nh?Q;fY5O8ao%a!Dh9GVX7QADerl!g`0_^)M>HSj4v3FWKzR?u z=lBx9^@JJnFO9H66N)9N=mDuqDdSv>x1d;Ub;9B6RyJry3-y6nT&_$*p)H?h;#0x@ z1-exEJlR$|n}wO+limu599St~q^1=c zbdIr@MsG9vK8sf}W$>i{2;LoS85yia;^B`k9uZHbCGv*CK_e%~3ZjC1T8VgBpM{>^ zz+RKg%J1o-3myN22OURt^hrVtv4J@^c2IGFAimPH9>0iTH!X5BnVb?mP!aFLu8`y} z=lhmbxetXhh0mS2B9P*(Z(_861_zdy(%5>JrkU9$9&evI^vI>kH*_G7NM9e^N}*k&^(w z^Fk)=h9P(?;oYL5nb4p7;RR+}K*yVbSVJGc_suJ%MxgzH)IT5_r=8oU*~*`;a|zVP zIOO2E&z;3vj%S!-vr^ye)+Ll03Ctkr^;h`G?7OS9Ny=E!J3(?3cvLwyCN2fK`jr;_ zk?cGSHaoL1{=&$}bNU2JBNm9uyqH0^7)gB6pD?d{h7VFb4e{wHU=%Qs99CrO_*eDF z&Fg8o91-D)ta2j!a)Vrgd@%(C@?*mV7mOk5UCj5dcctiTasoVOoA&Ncw2=dyQPk29dsYM3EUkmo z;PC5Bupzpal4Z`OoH;cHHqg!e`h-0$R+8uFxvsHR_M6ZB;L=@XyIi>H%1+7aIj3${ ze`tg`gTAE6K8W<7R#X8o=SiPG+Ots+$gV%OFGnr~I&!xh|2vVWzBu~7NA@$oY^V=k zKvPTVv8^i?tN9hA*U|D0_d-oDCG#gW-k|U+^+Oc4nNAh-e4wpvy-!)-IZiYZf~@FU z;L56NUW!Q-s@bMn58Z&lscz`^=1;W!;z+ zHBZ;thHDwo^fc?9_7uZV-F%w z`g_9ci2h(>77#KXGNlG&j34OUx#`CXRBzq3+!L@l7=H#LaoVAQ#DW%tts-7?@!9SZ z3&`J3Qv(6{cl%>Ayhr)D{(X;OQ~d}q(52t74T@ungP7_;{ajkVH=73)U&>63v-?G| z7%z$KAlwwRK1G;6#FjvqUT)q|vFXW(L@By1DNXrIo9O`P*OwTAnMXmBj25Z7z*O!E zm>OS@YpmW{5qkSq{N6Rb(X~cXWcN?K&a^6$=xJ33(L}ecgp-u!L_~PEc5*b)KuuWW z;b1SdGSc?KvyzgghLxp3<(AwINjQxO|8PM$+#Mw)ure>~d4HrYqY%-fbPfAS#L|QWBLEqZ;XF z!jqzOFMKh!6p}o6QUB56s$3YK>)5U_B}P6rttizW*+R0N2x0E>Fsnr602fB61Zj@G zG6wTJTri8$`$oQ8bdv1RLntC7J|g;^83UfMUr`SU!x7zj_9Nu{(6m3(`Y8E+&wlND zS-`(|vW{r7Mr#p(kJ2OVtBrsz#8Z4Fuo=ZNX~kYffjkzG#Y!_!LL=q3g)8vF`6v0B zf)u!EcjObs;umxD@iykhDXleUDVi4}^{6YTzB7a_9D)I6>VY^e5Rosviaql{yS?!S zpt8e;g+K14z2iLtirN?aJ_0y>-vRe}1#X;_d#u^Zu2q<-iuqZnX%+pcL+V8&B<-Wk zBsTG=QM=SMNEUN-yQ`cB>-=$`53f33<5R56f&UHA`MsE}mrb04@9JL#1exr^1hWJE zo&xXO+xKi@|FgkJL|SC!IN1Hx$`)iySj~a>6>uaNA|ZHmkE7sW@&X5e7f10{Oy+kT zQLTG`B~F8=X?v!NE(3)wkl5c3-^Xp6Xy?&Tt0Lqbny0a#v@U>R9MeGJ>XoCIc{TB7 zStIMg!4zKmF7Ii=OPfI8I~V}f2ASjh^}Tfu@B6de z3b210-U3zdI4Jv$z}k{NXTi%Up?6ZCGK)^qAVXsRBp#`}6ext!G$bDj)3AZU!faHU z{|x&^{3$`qnil@~zct~HyZ#3Z`2mRk0u?5R6QNOxj%iTeJt;;XOCtC~qYQ5?5_(xi z{%@Zs7b_l_$}f;aIAVU?81O1(sHl)MSj$VR%yHxcW6hgE-{NHl1JF5!)BQ)*->;@1 zjT5tUWQdzStNSPKQkQqV-mS&zbYp1(+h%tHd*gOues-L_I)|C1u_v`SKc7d7%e1Uy zYT`9&uqWD_4amUhf1vvXRL}b=cVE05dKAdj^PfBMXTLpo_a~0ST~a81)4VkU9g88gA2o z?1-rlH~2v}63E1e(Si!m%#GTICC+K+Y&uX<5rk7tVzxaCv3IOHk0Aq)CV}B+ienrY zAj*?ya5|6`N44MF;j__c#Vvt+Kx=QHgS3B=TeZvO+u*jBqEU?2urs!R+ORe(4h7Ug zwlc~q;Iz#=WMMH!@6Mx!B;B|f`UNp(ie+?yBt<3(x{zlD_-TA8rFlHuLmn6JZ*fM& z15jem$qGnqOgLL9`VkgEiiYJZF;^GwjK2&zY(ERu!#32KSjX14i|x1bTE33-D&^_t zw>z7apZ|-6VD>3zwn3|Wjyz#n%qvE06hp*RS_C3ll!`INWuaOdUVs9HBa;P}%7n@D zs3kl|2GEfbQkGGu+I%cb4EAYC1SB+D@xJ-6^lx4=asq5npUs9*Cfks59$Ya^wK0Qi>Kz4L7`=g;!!D*vAGX`OX8n= zqjeq}gN>wup1q!|ShI4qbEGk5W4KlEVCW>Wy5L>gR3aX_NEd&dGr>UlYTkG}3qmHD z2*%El)KXqKQ;&;L0b1*C#G?Y7Kpl-Gj0Bb5HJCfiA3e>NGLk_}cQ{FFl5- zM3GncU}8jT)e)2_r1z!`Z7^yehR*ZfvdVBf4K4;i-X_y_lCZe(p0Am~tR0N2iX;`! z-7ALdJf0oAgduY?di5d^xm;KWh#dAPl<0G@G$BMXx4>hphM)fnQ;s{)-@SU-Xu_xs z2Bpxu4(S&|isQ%FW4X?GwSB$8YzvL0-yYF9CF?`!LS+9l z&Xr)_s+2gMPCud-Gw!o?*efh@+DtkWlK*3K=Xq_ErWVro(%&c9-aLPZtd}A)BDjv_Gd;=0WSmBG>Yo+)V1r_VJsI_7&P z)E>SsfYaPZ7)I?#YfQOXX65q;-F)>-}S8apc&ebF0rN;tF)O%Vt!P#coW9m`7J z>_S7BeTYXm0nK0huHP|)arn@rN8@YkM^oGWJD$7JD-If9Cg@^>TRsXN$0uUhY8I6M zwWlHx))oqgU~^Z`vg* z%xT99iW46oXA|c;^fDVU;H#mg{b3zc{FL3g^Lf+K(qoUcPdXDR`8YT^SS3I_SeThX}!ppg!A0tJFZ* z6=A$b#TE=a)xd2EvE0NoaAevbwGh~#G)U~;Aavj&>|(f~kuB`KoSTp}JP%aO79+@BO4kc@jTUW{MJ4_bnwX|1y8JFOtC_*` zXQctq6uj8cZ%+Mmyajkh;ErH?tM4t5JGlS9si?iSlF0u_Md{m3K5pQLVr_(-{6pM0 z++uAS#i0I6h_bG2$Fz#&w#hU2GxijNL@kJgynPndglIi`1rl;z!;X)0l3p4wLWlXV zqptepHa4`D@xN5m3Z7vqFG=_OUr#Y;hHwld4%<9V_P9bsF09{YHtn=Ic&P4mtb4`v zKWwi@F6l}TcaxxY{hOZh6Zqbx&S5*EblR^r5~`ulM1DBkPpn%Ey8P7DkiHcpQx+(a zeg7M3M21BB#O_kPGxErfkdEOsRum1^VG^20E@7Bz_+F}j0#4OVb33nVJF?O6rpi)j z^#7%!_TlaR4;|$OMc~R-;tciQp;4!ucf@Pb!hl%Gemw4+x13kl(&@IexcB5n;FG+>^oDugIB`# zuW-UcD$Yl+e0c*$Nw1U9UJ5~fu(ce)3x?)lYC7wqg(;quRV|JXW-!2iUg;66|1zbPrDMLQqwHLqv) z#O$MTV6k>4GI=?2?AjhCzLxyR(Li7I+H-tZ)@-{~MMT&X4)Y{gqmYzYS`Yk$s4H?N z)Uve3uM<*|f+kSpc9n%vOM!i8A*7bTSa$m%NIWO{c?Uh_ zO&F*D08`-q^6+iY6iEM;hE&oIqKJF9;K7}QJJbeMZET;$Jya)}>K{v%gOas#i6O4;H1>IQB0|+D#iZP- zYxvRetV28{`4-IOlF$9H@(1scEXxv2zWBfQ(+yC(n$TtwW- z(9N%3wIjq{7uE}nn+YLL&6Ki(^sT*h4#7>I;FBYV`$bHtdsq&eg}4=1@*gS#%F8kuy!QeFW`& zjjB1^d|G#>g*``69E_-}DsJHJeb>m)i>Pvwxoof6srwtH5F^ENY{HH@xKv2T^VrgF5;ueSE~f6qFrGoVh6(q%T=Zip{j zhO@3uWoDe<#8B=<5qaL;_)hyQVd(a=r6yo7F+57K#Q66}@F-y}LrG=%9n(f_eyK`+ z-_>LifKREwh}lTG7^%j?2@X2sq%CQQP#{9hoR`8c)-E`)zA>LY(ow?4#alufSj6#W zWC|z%uP+$00zA01Zl)y?J)gBra?=j$KQv2NM3xMQREqo)cMP$LMYonbY13W=_8Ve? za5)7EP0zFs;>@z$4X3hx8*(pOT#1UP6PXz*fe8t9&#${a>_AyIP%k}OK;+i>xGGNK zI&2KU1E3A^Ke#&Q;7X#d-N&|V+nLzTL=)S|#I|kQ*2K1L+qSK9^S<}i{i?pd`c$7? zt9IAv?z7k0zvo#=#Fl+MPK>*Sl^CO)!K$i>a^OqZ=E@3ek3@L4iX6{>U(kNMRUVtF z_|$3d)lsU_=SK!rntg)z`Hi?lAB+uBNT^fOur#b>fr9_;B1Ass10}WV9-#{|=>LI^ zcA*aCR8OBofN_=MEjz#De!qaO04tU`yoN9bq&xmIAG9d-(kFN((YA5{Pn)iic3J~t z2-`?C@5mL~xO-j*^DyAy&3^q+Qn=tc$j5p1(6wPAr3tdR(j^i5&C}Yya+{D8i0uKL zjgHQwBuTU1DHOXT^B%Du6`~(N(cXClCJ((3S~#4C$GN)SeU`o)#_b)P(Na=Ay-!Cn z%_X^r_PL!qD`w$S1tW7#R~q;8O;D&_PCk48%4`UU3)G$3nv)p5nLAV_SKX7R%ICQq zQM+_HzQ9YR-D?&2V2@XQuQfE3M;{W6mf&N*fz6NrImA(z!bNRm2-|~#ik|z%*u!d0 zQacTbAnhdLw0CVuUd2NiD2+o~=Towjnnts~oTOWfp4}I5Yy)#QcLq}w*AkLX2rM`u z9vj6{Ppx%)1s3$?q{8vMb|`OU_&bG05(v!E2YD&%ZY58FQPRjJDYVlHGw13DkHF!} z->KaQE2)lH>AkJIs6;>?*AYgHiiRZwC&nW(Cr4kTsD|)t&afTa*D=P^S>JwAgiJii z#5dDDT%u6xNckwvkV#VOs#gqN)_EfLyz0CyeF*d$erqg_t*O}Qc3ZR6-x;};AS{}3 zEvLm@I86Cv5ToeSKSP7n{_~7(kB>z#0W52UM+yz5tIeD}Q5Q*0&yV^^ri0mwJ3bkW z2To}jZ0G$=wV|4{21oSdT0f%naLixSxJeI{$#PEW2!H;}@DozJ=W{G$jpXea0+XcB zC}U;j8Ma!qkyga*$w$06Ri9%fCQ!1&hsey^ovS40!^jf2a3fB=O!&Aq_>bIgSi>1R z{3R9NR9y^2zEj>ZAhs^zy}Un58Gb#wyC!BuHZ@MF?&JVR zfCX?*13hC>V^hyE>U~ASvOl_89jV*ll@m3D1ju379Kzv;lv5 z13W`Qe*g}2OX~nT|G|oDc3bU%&9#9d+JNlp4f?hkv_aJsjV2~9(fe)bt_aJDy8=vD zULxxFlC|zh+3HP0CfeA=jDUIg{xzZnGsE=$YH^9CEV~M){VBtft=db{5N$(#7nJ&v zVAZWuH3OeMU&ae)XY^hE@O(ZcrC)o2T+9RqcCEoUGhZU_$R-g{w`5$3;Kz3czYp-I z_IHJ*_VxK1URA~(OmZXcdrs69^k;g&nQiJ$L{N>WcF*KNx$b>?e4Q%C0bkpSr8}cP zJ`^m605m+#QvYK%g*9R>Sh&Z3KA2o;DH!=7li0l^Nn>JR%Lm7%Z(HEkx^`>sJ8Bgiws z^gKa~qU^*kknHgWx*eDa1<`Ou&0l1|@-2@h(F$i5Mj9Lm`upWXfP7_L?Y9rTxA&ca zLS1dZ#)Zp&?Jy%gG51=LUvTVe(pp2=9s+Fbz}b4$eKr<*kheJNH$aoONYF~DeH4qE zYw-&daT&JmW?d+*ZxG;9rdg@#t>CQZbxGX6exPF(l{93tox~Aoy#x)#T?PT+1s)~s zA@bqhKY)bF1opf@bJ?JNkqLT-Za_i48S*eTZVZ`opRuN=w#o{|ffX)2)m8w2_q@4) zkmp0*MJqw*x8bQUmn6^t!P1yyu0PdV8Fxo-rFy?2_xT))a;S8vD>e*Ysj;x%&U5ST zR)p-d;>uq#3ZClws2>)&`jM-zg0j)4RZvh~U+`~(-y!CW%YQYKufv+W9UNC&_se@r z^rPnM%oWr+Dj9K^AJn31gaZGHZMrC*mIHXtXuX2s$ z7zX?c^>8X90!(zz1WyBV-2)U$J<%2bE-{|b->yG&-)HWiy(5D8G;s1#Hw%}&8{rt^ zMHo1B%gbz`5XFj_qpo}2NitbQ;t56xT?%OZ>~35Qp8k0E6{#LW5tok_SA*ftcIN>l zC+zJTEcqs;yxdDoki0aDsJGALhi|<8$z&7O!wdD^fS7YElXrLAVfelfhFOWg2OkUO zH)UnBZ}WO3&+~(f45%d@%XJP3uNt}AbkbQrLpbH|d@@|~iyrL2^{5;!$G?=}BF}ll zATsIZ#sRbK4rsT<+w)Haa(rh|ZQl$q{Zag{Clk$i?S5b;=ZxS!m#n&z46B=KoSmEs zhMeT97n6#jJMq7-nZkWOA1ZI@z(~# zx_yU!8{E9Mash1j$7%uN1NMc;=4>Fe*a2gEQ^U)iaylC>%MA4x84E9q;mra%SOditoGg`x93}hP~5HxQ*ceZFvH$n{8{ow&>}MXR%nE$XS`pXkZaVjwN0nlWi77r_HRFxv2-Mz+EJ)5p)WD2i?9-ZL`H zwR6;{6Ef)Ue~G*xGda;2fss5rIUohGL(zvu$#PTG5;$%anVdXhCms92Tc$FyDiG1T zT%;EVmq{#tW1n{k%i12sY59r;F4<%&Lu~K~`dJT)KnJ+-X`fP-Jui63@QQce)$TJE zDt+LzA49}g?ofNcjZKZ`>VMwR^^X8%JWdI}V<-h)xW$HIZ=vu~eWo(Ato7zQCnP=C zDd0U|LZtmsxrLk3pOw`Y{WsX`yn6b$CGk#JcdJt(+`7o1odp(&bj$kf4Em^Qjowd9 z@B1QB2C26FK+n}RS@$_fk4ArN=P0irKggla;)7Hla0>y(#R+!ysB}mR2z-g{2-`7*NJ3h$>oUW2MT98^Mv0hMUcN8{Zg{3>IIb% zKxwqwov>+L%Un<}U+NyAkr54BV8XBEs)c8SB-;!uMz9{!w;0}#C6MjwcwUsX6HRo7xK*n9S3E&N6w_;oG}5i|?`OFE=g`p>7C6g$7) zWkByw6+rJBRUlZK0@(lk+U@NE!YOq^0D8uS4$w#O3=rzt0O)tP0t!D$K_mmBX83f! z+kv-^?&bR%@FxJ~s5E|s9x6Z*T4f-=d?5?@{#VUZahIi*A7@cS5K6&yC{^4+WiEUE zE5s%f=9$A#o`o3*;>}5zGW)O*;bvW=<8D0PSPm{ zbf5KtQ3a;_ol7i)HJ%wPe~p8=7L*je5-}!%6rJSqE^mC?hRhx|7M3@&=egce;->{h zz2bbwY`Iy@ZghKm>|Nf@w>D-@Zg#$I0N(tbFVFOyNCf{lU6>pP1RYq0WQmW`EXPe< zA%R8$PtXKc`&qJ4;Ph2kwhxPn?k2Oy&TtRV5uJo@EchW29r;ni7c4VoYWje`X?uw^_lzglwAX&KL9JqP;AXWIJp4G^M{%~_CCSp z2?6++p&||x1l1`i><>B8AqxlQ6j`luWA>5TCl)^sj7*|<*q=bv?SQp^q zD~fK#SOX4bT|)i4Y9kcRS4qnAzRkH-U@ZY1Guum8-%oeBmY*l6Z?2uI1HQk#a^WB2 zINTCoWT9_u={&hX^Q}6Dkwap${J3ujxm_71o%^ z^kLo{pl#i0U@2ZFCtW*pRqS4)rsAw>-ecBelme&fBuiqW`oNKH;7RnEU&J8*2>yt_ z@}xieFZldLZ)oZH5d; zwzsHmV~+zYGQaS&zDFBUMI~%R;q&xUDRFU3 zl_e|RoXg6Qw!R)8@w=|PW!}BeHT$u9%JXblySF zLHtj446WgUsNYm&qLFT#qwm~`s+U3e)!%Q>i%6&%bA}ZtVClDU-IUnu)a){0KI(R5 zyxHSxytzZe!q6WxruU-vSZ9y$^*e`oRF5{25AIqM5&LjvZ?K^fMpXV=`{SRx?B9hgX@oq}y+@ z%^o!}FFgdbNs1#r_B8K3lM^mAbI$Z>Ua5%qav26|(q{V5*M9X{p7XGlL^9pL^!IwI zK?qcoW1=N2CKe+D9%4MOi*ffDC__`GN~4JfHsvg~Ct&Q62BbPFS9;kK4v04C+2+8P zVxNdFw&yXHOjguPn^K07VWJ-6;o+A!lGg0UW2t}_?Q9CeT1;XX1B`CDir2NA>Ftn6 z+D2eIyisBZc6ZbG)_`D>$7^Zq|?COd; zYj;N&7(}(lkPfn@E-y|dW~W=lOm%IUh8mEe*Pby{QY}5W!DYk~2;#J5oT+0%+8@jb z84ZxAhRjp|sxQ7!5UEJl`uD9LbZ~3%Xyp8e!hNPt7u5%go(eI?c(s63B)0 ztrj3g%Zhl2_WC=P$CIQzZX4&<2;idC7wZ9V{u1-UlYiY%@pcH>m6_S) z4PrzoE`o7^k`l6t^k$;Yre2Ox_X@j@^-qUErjwTciGAT2UhRCcM9H+Xpo&9@QuRtx zCW{b;o5v9;A7`pa#J~Q4mA(q{ZktB%+E^N~zjP|ZYFDU$XN`l))q;cbj*>v8e}OzG zbA0utq&K#S3G1pdo)7dE?6S0mGBFW;`#!A&%05kgo+{}k38d%j2uU^qA!ReeSE%kP{t#l$VhrM-Q5}*oB~E&&=FW|ib0W`M@Z+_ z$`nqS9a~ro5_+qVcrz<&UXTo9r2<0xklZc49BV~v`UK4wi(r5As>ElE|r?^c6Iajza(act6K&O$;p}h$*r^y=! zOa8}_uGoG)m(nI8#)aU)uMC2cv>`z)*oQ=n#N#Jr?(vg?#2Qy0@>gZ9EyQvBYjS%i zuG9almuKcSU9Trn4?~nffYjXs8tSeB75=6Z2poycHzFgQ5kyAWG1ypcVmLuD*Ldx= z@@yVyn_iTesyu0dA1gC0rM0fTrl0VsJPPc5h!uQ`%Qt_QZrr?hG6QZ34=BEGOmo=2 z5J&6_ul_djEj97&d}x*K?ged?ITBQGhyLV@oya77e840J0ZqS2n-D~j(wyQs?5|H$ z{S>X~i4y;(#zPP_dDnE+frT)uD@ba-zQiGVar^MOP566J<9Cw&qFh)d{pIVd>N3$^MRE4ByiAh?B55?!zTj8Pd1x{ksSfIUG4GjKzS$ z7)5?kChZmu0=#g>$bAtWz_ZoNwlUvl8OWN&ArNf#<3-mdJ1M!hhMR6zX@1PeMHy^1 z+rykX1x8UqR+mgEt=Qd8!@6jtg#LU@CaJOa`WA!lj4Xo{N0qm>Y0Nt$Q*!+_N2-7Y zA3)i$-&W|wU%84`sEniTX{DN+1rGNSgwY^r&k263ZC*Y$Wyi(pec^h~Xetb5fSd+6 zdC3o?;am!n2f4ugs&N8K%_)NPcSh5^opnj2+A$4^d>iZMAgq+T7c~H1kT4&Xmou70 zR}3gaO}vxJV0?k_lM~b4AleCagAuUq3T?iOcL(Nukl|U@pC}~s?pM%?ZGUB~lAW%; zwKM~a*~nxYN`ot^Xn-=JiYzKL5*IH<#41BQg>*v@l34RfX&ILkWN@Kkls;lfl{YN! zhy5sqr4phpy4@p19?7|xhk;r=JNyzIaG(*z;PXOIlj-DmBO80TGO9#VW`6IM#e~ps zGW8T$5=BDtc459+qfFlz2Y4^PRs7l9d{6SUr~{aQxU73COn=F{#x(-2;Bh{7qIrX_ ze6eFPKk|>ref4F^Ua%-QCGFc9CK&INcDfj+*1J<>rHN(DiTm;Cw-9AFWH?KEd|Ak$S zE*9sevRY2G_!9~B>h}lS>eV6#`>KWsL4N|OkOCU@NB;#av;@iZg;5LE5spZ*fOXu$ zVQUf-!^BKs+DnlSX6_zF6GnuOO<1LM-a})*>Ak@hmtosfH8zL?URu?14UUVTPwf;I zU(4qVg}d#avOZXCyF!K7Pgo`MLV3Z(Kxz58aD~mc%?k^|t2Gb2D&=IV1$(vl#bs%|DQP{oJSBw^Rl&@4S;XebvUp zU>Z14afG~Tgo5QqQ?eMx2%dd>)yoM)Wdye04<)Wx7){_u*vc?Wqb^=3H|7?(?#r1& z#4-O#>(Qosp9k|p@0J>Al3WX{i!Yftp_!H*L}f;HM(}L8II&Q0qLr^_AHJzf*N!s^ zp)AB5X2GegnuM$`zN)JJnO6srhis~sIUH{WWz(W*L)P^6>@-a(8r@CGZYfvv_sSxA zrm76>s$JA4m^W2pbVNT$D`O?nA+PI{#Kz65|3~iH#n|ISPKzi^SSKq*ON_F7_O_Y9 zk63OClCgj(PHOgNR9JUF%F>A^!1{WK9Y*%@6;c?IWQy&ld#CAeLOn6Bc(g`n*t@c_ zgRN^y7fmSd`H`+n8al!uT?RV!Jg6%SmjQc-y2+`A;|5|#XNBb7Oec!BY=HfGK+_u< zzJi=lzPjpAB~LfhuJW6~8%|mvYdd|EE_PGdG}Nvify7=`b9m;giy;yg8F;o(hG5}x z-^tm6i}5VE0_-RL5XXd!zN-DfSO=D>RrBC=0KaHmm2?BOz4{=$>l}l>0iH@qlF>=! zDbj1qU%h8+Ak4)~;)OY&h-3#gL6lAr3D8sinYp~)OJ9?3NZNDXe3(3e5o99D?}53w zy&t931{c92&VT-;LEiNu4#e*^sC+IIK9wx?1qBK|`n2{;pcV>O9_UjG;^h6;O|O{o zO$s@_VHStcmeSw%9my04-46h*4|a-lEy)gUkuCaB#}rvvBUI@WMUTZ)UcX@y>m4fP zNHuN6@O-Y^cK3vFXyHb+3Y{hW@BmD50PKWoUN_OdeO-<+wp#^} z{3aiKTUbvCTn~O)SIPaT3`R+_@!k?LJdOvQCPlw(zH{Px9p!+(BPBzraz_ToE~0{5 zyp0%8L#s~@QEvuA6R$=epTV==KKPmT=VXs_oA9;>`sS>U86xnO9ptdEYfE!EmF0S8 z@5%%di*Qyp_P>=1ro-pXn?*w}TSb2PmXjWmmNk#G)7mF_p=E-|A!lvb5d^BQ0a{`k z2aD2nusf`z9@e;#YxY2OPkJ-;1~c{6^!f|hz;QhVWr^gX!nt1P?+jol+trNRu7K=C zZTTFzI-IuL^%?iHB)n=-#T0vjZa?q;xizuj<2Ar3g3)`8)cp}iP&Ycf7;HW^YWGSq zn6Gfk_#DK14#=8Q5Tg%ci+Qn0BzV;1u z(uIE8O>RljfGI@iqwj2%VHm)YCwW~nUR*X?ULW_lpGtHH=fyv)S(;Knn8%bcM>dpleXtvQga^5w>7Iq@lt20|v%ZzLSN5aO46a0( zF6KLu1v6_Etpd;~l&|hx7(Ur62h+6$?DW~|m+YfbRfji%@){;F7`!xRnd#>p&GxtX zTjhHXq2Iq4&gO4Qyk!{rz>?#u;D!a|@3BM{-q8jzGWz(9)HI6H)>|cNDDQD@%A-rG zjfloiYLjMk(v$?G(&@8w@9&~{D87uAkqh?B$;S=0k?_S+stNrb6OCIg2V_>D87_Au z9|EUyjZAoD^in%#Dy2(cf`&lK20Ey$Kn>*OECeB!Jv?t^ALh`}VW+vEvbQCaA<0s) zEOe*i4p5az<*!}+on3oEeY<@lWZOQx16&KiGU}h}Fx&XnwGmsQOTR=#q88#plvZf= zHq6`#oY`=x=48>*?06}SoKY0!I&-d9f8K7Zzw%!G;Siew*T@5)v-EAgSYeW+K`1GZ zQS8mwpaWBwIOXco21PWtEU&H$9$zQl!YpgtZ>X~oWXeR z7UZlP+GZVGzWa#$fugeeK+J5_7>D(n!`p&Az@B&vQ10j7_`97X!wqFdh7_CS7Sy64 z#Ij_PH93mrwT2-ilmpi#&1t30qlun-!RuZ-RKV**o>WM~*aOr_!|tSCbdW?o)JOvA z!dPu9hZUOU+At31&>+bTL; zHb*U^JC{c-5#@DJg|Rft7vexg2${x%m@??THUz%c?zK77UUPjpy6#q=1(ayBziz(Q z-s?Z)L)mDceUyyMT{KGSbPfbJbA;#J!_3=f?i|&Q@NRSTi)=G%0l(7G3>HDnYW`t@)gkVa(!jJG2U$l zcrNYTmv+t0QgEH9%S~>|9h6(hS!(=y;KIj8>)rJiIbl_@NLtB$bMd302lSRi7YHed zTq6PU_dyz-Un`vHF((#~xyNc;I^50MM{4~Lz~mi-1EO0Cwbw$oHjVIuGIb%I?~N(ju=hGvRflFfbl@h>ZEzOmO; z%+>OBl8x7`JI-Tpfpejv2;{5?63OpLV#UyG;Yk= zY#7PF>KH5XhnJiD#-sfu6O}*XUea0bmH*DViafug=!zB-JzoLiDPgkaRGF!gMq13E zQ&yg=PJ@sNe>Fd_(rv<1c>s$Ms`-W4#q1noWbInigvZnTd&_k$2WQUBjx=w9d%T5o zokOR({K=jyJ`}nod?$bmSB&Jn!WSsi! zE}=wbTCz^u5RWBuQbNC2-0ZLcB?k9uSWz*5029k-N&`J+{AREaR-~VS>lnu1*By*7 z!@9+jNX$;;yOW?vViw^p!zT^uKC6W*7NjEY+$*VJxxKu0@qBF4h7jXm!w@ zn99`z;OXrzQHi^3(156$;b{f)_6tJbOkGxmxS_tZtrFUlIRBH>M|l!FM%0ZFd+U=z zqnWBKZ^c?EBTb(Jp>D(6O8FSUbg@)w$N&!3zl0N#%j{yfT*C$d+77?tq&X*eBFN65L;D1S?u85@&&Vt44Tm?hZ!R+e=Lub7d7C=W)+;XJ%R$;gcv(30n;qQ{e z8A?pJ%@up_WoQm8c}J!=e%f@UH0=B7Hm2W_m(M3IK1@~nkz9r&J zMlI-qVHSL#qb9(wFY;?4`cf`cn>!Xxb#+lbhzD0ad+7#9?%I))X8S|^!@h!xQC|u( zlRgXtY>Nfe^9L!}$FUY9Mdu~SmKDuzi=#aVDo)yHH}ZkaiFq?TTKEMvpXMaY>stI3 z9b@I<&eKO|C(TEn@D~C`|Me&I&bURzjjquGkoE^qGMG>F2#E|u<;|RzB7gI+Pl_JdCQ?i)^#3M!yJ5>{v0F6V@nN zt8AhdG%=FqM$*g1-Y+<_zP}Az4*hqZ70kCKQyS7{ z9?aRNYX=Z-DZU3VK~=wbG5Mv(yfA|Jn@SD^tN``tVz43<}QK$c=x`lc>oweMiH{0oa{eJrQvlq0Lwq8lP#wt+J z%B7>siv!hthTpyzj&&)(Z1DNpVCsP^HeB9Jw^zC={v~(FjQFB|78JrDzzTuv=$nr7 zL;yPe3Z4Z$!m`hDaJy*fef6)Gg;L8~+DeJJ0mbsk;=RD?b`ve9XRvPUycnH@vV!$% zDmu285qDm`d&gqXIyThnK-#gnl*)nEqP=uHE@*v#1nPBwXOs;+qO}&%BMzRb>_e) z7hvUFu%mI_#BDu)P2d{4D-URu(9Axt>3ISFTh(z#H-+uuSFxIN!42eE`Io2&w0=)P zQEm|<;d?WFkfMl{3}bQ(VuuHtO&s-RJcI3%)^ZlhuN+5d?;qD_NUk4zK+x&)b8iM$ zoj4D9)@Vkkk$#py8}!`kEuHx<-3OzO-N1wOQnKf}dL@KjvU;olZg8nSFUeBlKIak> zd3;P=yHar=niJMEirxr)D;(j>3S>o`BB5^*1~0f-u(LWE5c9~4N}EJ>oHr-1srK7x z(v4JsSZSh&;bQEm*~s%LQHC-R(r+iSZ-h@SG*=IOl+%WlZpd1{rp?L5_P*)6XAo0@ zKHS+{Jgs5l<)HUHw5SW@M^4}RQxHv`Sv>A)cKdJHFvqnAMj>;(A;LEc(Se!*U*<%T z?~^8Ugke2;9Y;akYRuZ>5$7>}s%6ySK=<~8f&&+Km+zOx>`r-bwlxYq|BTGz^>pT>yH`$5GiKGkuFV=DT>*f{K0LPKoHtCO^g>wS* zD}Y=}@H2p7zH1$@^iFNsGWczF(35;8VL8#t_pnlu7`aEkcfmVI* zopANt)JNfTQm_*g0_mcq(gIx-qjSUY+Y|J6Y&2!@ckEhKx~ur#gKsjGbHG8tx4`*} zBEXg`{Lxp)H#JCp5Z=BQ@sk^S7{Fj*n7`mmjInbBg90T9-#H{_eMo$QXOnJ^uLil% zsF6=?;d4P4 zAJark2#*$M@dNs`%%*iKQtri=rBQADYe9G++ciW97pYk++5r2(XK)>D9jzX1`5twV zs`0me3+VHp=RWDglyCVfZdN0^b1h)>_nxhrN7#45MPI`I{3~aZAa|Kl2lq^!Z69ayZzivCM?U7!kii0=k^AhydK(>-+FYz%lL6Vsepy_?o7nc zX-dO1aguPgK;nlIg$i}Tzeyvk6vc6)le05Ja#zeOgj1)>?G$T;N3!)2;3}e{hO!z) z_oNP<6B-m8rH0F;29ttJlG}jb6^CRO#`UV4PsGU~3QBKy1!6!45RlA8&lkfu;CGS9 ztsb`tW~Jaz^=dtk9{KnLlM(dokhJu_d$Bq-#3m{$lfD+Zl_%kA@+kP@NzmdpZADcA zp5s9iRj+?yw*{y5aNCW&M^}HO8UMuKFygt zu@N*C9Q*`>CaVntmf?(AAp(D+4nXrpQcHDJo6aO>Ycu#`AJmkZ?4&%LU2fY^`> zj8uUQla~a@R&8-rjsV=aa8m&|aO3FA|)am@a9dHg|gZcxZMMn#4YOjreOY-MncayXlvp!J{i`z*%k>>&+-t8=e zyLL%L$mot8lkLY8EAV*)Nep}nJ#|NcdXs^l(l3|K&8NP@%rM3L>3mxxHEG=CAFp%k zC~34cyo{$bvY5`^P@VN74qcq?@nfT~=yXwf7o|;>mPSyXqB1M#M+D^#<}}-OGJW&Y z0K8>Qt%y%pVF#S^GRy%Eihu#>l!oU#j7TP#4~EB`k;bF<-2)wrHkHOE!;)r^id}Sn zHg-}u1h21Y-(OR-@-#f$OKN{P*5vdDTSP1y8cG-(M`cXNjATz86#6fWtOY7DFnYg_ zY~GazP_SYh9ZV!VxFR^jVw%;P$Wf2$?&jJCp!Eo*{^kyX%xhM4Q5E9+~-T zLYvo3**?n69a5#B>A{`bn$J2>T>RiM4ykmEXx)MJ=l;5bFwJYvN1DaJtQPqu0)Otv zt0=au@m|=4LK%-x#EKHgrAd0mFVrciBSA7daYLKH0|<^_$k^{fr)iU= zcrR#pc!=(S*oU=}iiznnEx0DdR(Sr0nCy*}Gbvq|X@A+BI-^g`VzuIi`vuf5Fh=PS zM`&|FkdA;qU~e6dN%=QjNbh<{I$pyVHRW-k2M485^L)b)Jo}QdEtII17?LxB({WJp z`B8t#5~aTP#Lh6%&M>EwJRIl#8XvX0eapn9lI~=7MBp4bexmG%REp8ric7z|OplG_ ztzg0##6<1PZk-V{@HENiBK`4mHqW$CG4p_jwF zrWtb}Il{fk@SE}!*(VKM3-^&7U_wp9)Agqdw^E@{ulA+{!#-#&+5n+;K#i+=icg@G z)^Q^g4OM|~yuLLPABCS`2OGdquH__*2571Hc6lPQVv8?(DR=94iE=dYlXouINEuHA ztlFdQ)68G0oTC?=jqNDfS#4?C3Ti3}aGk1VND)CV)YqeUmV=B_o?}2`VAiWa0r@L2 zQY;;&1;9h5oslFo6#pq0N?HODniA{me0{w=m9&GnZjDllC7DUv%->c`plRBs^P&RQs}AyCcwmcEYm_`4D3gi4$z*IC?P|Pbzg4tK zm7*I78U!$fSL>9|!dy0!`q-l7GRls*ZsZ+o%kRI#m@pHf%p@zMQcV z*?xElVNdVm%t?49l5o4F`abb2^a2mv4fNm)fnrIihK|om)h^i|BIYJc*h2avJ24f% ziB5X1C>J*wIVl+@f)zP(n0t6wG-pu`o_IMQhhpFnK8oMU`O}}s`~kW)wzv_tjb$QY z)$BaQ?p-BZJ@zT=&I^8?eQwSYwe}NqXM_T*1Nyfl4K^h>FWu%`OV$^4$3%@_N$Z-t zAa%EDwP>pb69-`wG|%8NrJ5ry88c6@uW;xko%0Q-7F{h+(UkYB0wrY?qm*hw!W`aZ zaNN9LbmRU7KzXYHr#DY&Il=N>+G%O!Ik{o9`i@qSrsj!OQKsgN_Ro0r7pM~~-F6Vw_=cIBXD3L5LN2*7UVmM5!K%!8ow5m=~p)!uCH)3SK zSoqp6DQ)t&8)~NxJO7m`L9dq4axt}k@37s`;r0GH2T?0Bnuly9sp_9^C83`Qqy0H# z7x$z8m6}(NSN+Sb9iM_;OG-OGdE86>H;1E{>Dk_D`N}?D?5-sjLqX3XTvXYyf*muVFu2gjH%b!k^ibFPEG(KBgJeJwk)e&9qDwjWu{t0E~ zzkS6onr;i{?(3)JATUb^UMe9Yyjun0hHJiU;xzemV!Kf~|B<=aiNodS1(g2w!vsLm z)uBL!Mc+SsD6iMgH{acvEBclYC;;W>8p~o+GBXn1Vb{mCmSIA!AuO5^;e8O+2az;x zxVO3_dYmpRy?g!5zZ2Kxt<};YWgZgXE_~Npm(xlzGd#jeJFwgk$DLx1HkbZiG=!tE z{N5gwM{nvK2M1XAgr~1anEo+{)JGg#{LN4{Hr`&|0i38&?wpfj_56UHmtn<1Vu`#W zDbRCmVAndWg`hCk#4t|bdf*MA z>E&B_IiSJe$xo3FK{*=ZJc2V1X(mWs$I!@L z5%VE^lnhYS7|w>i`zf~2@OSO5&B(_esl(8OOQ(Z4W#N%uxboPX>I!9rG1bijw+0aFpYlvy;jmrZLv*c zpBn>M+EwK0VXY1{s#vXlOK}>}GQ^i4qq2Zs*1yX@uJvM2uA%ira>v10+XY4|wg{h6 zGhD4g-L%4W=1_%aQ3G<~SdKW{g`1&#ZM-)>BRDK6iJS&J2VWpR42!<;?-;L9Fp){# z(aAT-V>$+D$6PD4kU?!%80<~cZguui6gsoDhBshPA?j>J!&fouZ2eK{Y;%m&YHuuF zqHa7kX@%$Lj&$;siNCj93NExka zxBae=icg@CizDYl6x&-e^Sd_Mm7})8Wd?Z=U_7Bkwx?iN$l%k%Op(?y4^XU+3D_Pk8saydkO%*EA}J6n9PWvH#1G81 z;o>G-hF)oUiaW)`@RQ{a(7%LVhvMYSP$RbofQ?G&*NN4*vo%Lvb!=)X%?P#2ns(P>Cl=L5rx0_D82fBtwC3QDfU!vb>QK5Q|ZorWY)~E0)qv>H(-r+-g_r=13&;Jh#v3I1DaF zpoI6MfP=jb*(?UbN>jXWw&pn-XhPSa*o{AP3#5As&9C+?&*|xy|zQ$ z#?uv-Y@J%sLn;@M|0t^MODTP7sV&>BHq@-EtP$h!n z=BDH3Cr+n8A}n(w?ic?}ViWpS9VF1KfKk<*1pkx9hM#OKQs$?2!i~rYhJ0$Oj35f{ z50oY3bEdnkT>7XqL%4Xvv5{Gb)*atoB>*Yz}NTfG7FR54Oxxs)g{eQ11Tyw~_u z`yEQF2VdRCh`103xaqU+^@9xeLt7b!Q6EB>0T1P1qW6=9X*Hd0^E-z3SMi(`T;Jv~ z2dn!dmU+ZOKanqU;nx2yG(DP3fKMM?H}0ZAK>vDD+cnP)F?JAMn-yaklVqex)>`SK zUQxUo6_}?=FpHGdf3r9O{=LpIk0?$P53rar?X*OlBEFbtB_z(o_KkUx7y=T7H(9&a ziK~^+!2Tj&s(zn{s%TfZO21Zi+hMCjwcyFW{V~r6dk*U*#i=^cF1k?0rW@TOX7V}p zMD0sxHXq}^P|)_v34ovU$}?%OZ$kwcP72nmwRMWoY>+4EKtP02r)ZW`38dnX6w1TL zX%w;Ne~%2_APg(S*>ncmN1`S2RodA|^}|!li;hYok2Vo!uzUqkJPewT0KsNj8)W(V zx{$j$Je8%C=k0SY;7$M3GY_$tK1rW%tC7jwlgTDZ(PoQJ_`J64Im?sHD*xjt+0F01 zY`qs}yx=e=Xvs}oFRZ`q`3r{!aUPu7BfURLrk0oyy9m5U;%nhi&r1YlM=N0`#R*1C zo8|VCi$373dOV>{{C>e$X({lDj)nP=wJ zhbvWetwNGot7`wwee8W|NSeGH_DtY2wI?2@On`-vM&Ztpw+2AY@I^s9Q_UG=tdCr& zsQoHS>E3RrD^h+kD<`RW$cNC>Q>b%DPg8VUC%7GFW&DiB!JG)jyrGuFywQ{Z+@Psg z!N2sRm?idZy11#``&~zIELBj;5t)Mf8cDzT=6G7kf5)lQxu#Zmf>bEfCLM;bNru~b zQdt=$hUd1UB!3>}(YC0MsSVP4BRGrmNX8hlUs86oF-DW(Q|k0P;!ay)J&dJhsTLK*4^zF! zzy%nnhb3NcNN75`FJG>;hXJS8&Z&np^x=) zaG*TodF60jnNc`AI@wCf0wr025jpQeRy;Y0M{kC0Yr73XQN_u1Q?RMKg(C!b5ma9= zW8Qbe+IA)ignY}g6y+k7Fq1}Ib~|36IfaJpz{Qm=Vb@P`IxOo{=w;XWG3w^f z**$nl{GM*#8PDJ_AU;Mg8a%glSg(Uh{-xh;R}( zOLX9SfOMK#7n{zd$S=}~Pj;i?gEw9y2p4z#uF^?U7Px6-Dv!{d%ovKPx1(ah`z0nq zi&)O==Hw)w3AU6i6Rr$O?aSIM$(Mc#Y>mP@><8kweK?x%)P)L-BUNztv$s{3_PLsp zQ3NI~a}MaMAiP$A5O5!WUWPdIN{jRnQ=(j zS3j%~8o6=hioJPG`A&rYlelbnUk%M7*&8J7aRkh&)IX z!208U-e2aZZotXr_~dfxU2QFPV3?rFWineama^L%93UF6bq`yRyr%;$yIM`zt^S@` z_6}+ieP-fjKs<)YO&dYUO{1U!o0*^~t>I*_yJ{UhpX;aV@{!+yVUr^ivwqX?u)-jr zhE_P1?#5Lk{^H38y;dcUlYE86GJZoGTCdJ&0*N5o(@a)-a=+j7{5^-LI_!U7HzP3^ z7$WA5#4?lQ7`BWuuWCQyU$aH%XPwU1ye!!o$QNj36?)!a@Hnf9)~9m?_{giFE*maV zsp@IfY7+A`YjfVm_dsX4O!!&HbL-w&Dd>N3g8wqUpz=l?xEg7+Z6l|W_v_+*y(b5M z#()m>a>4aghy82L;3?gBwoyvx=&|Si)Sr{U;y@*)mS^l)^-B#b`HStL_Vak|(1f_u z*9*7bz`aRGj6=|-?EqCp#x|^emiR3c+%d(F()C9S)vDtw+=_rGUDHa zlImu(jID<+ALeao`K^kC@yDE;M;fbQP31fr()nMsGR zEhQ8`Z3u7G{;Y;6>IuZ}vCLZ6Mv8h=Nfh(-s%-VzOClq86lcuPbKLnD3h0AtC=}_M zjN2<SIV8KUzrM-F$eSX^)H_pSkNWFGY zdslD2Ho=9?YaNQ~qGM_qy)ktTmRon#U42(QmpW>lmi^haq^{l4+itms?dG{RLcD8$ z``_ja1{+L1J>#o!UBWNFlIP4HV;O8YQ$muykqjRuGh0W+nM}u3MWSCP8d;C8&0=v7 zBWkL3CM~gVJ-$x|;RtbcoSW9EaTO$ljCPceIO)o;bQ(7pTB)Q9WN+p?MOU?f9<{=a69Hq8s$F0T#pYqck+ z&-*y9;w6qtJUl-E&8!n3`K(k#l?I*_mvR%W1%7cz<6i}ZxLfJpB>XPL4N)6kg1hT& zER!k@r~4hdf%~jG4kG^<6|M&yWb`9|ZQ?0p47Wt@o{^bF>7U2V&u>V|W+cx45XUfE znd)$$QaGE>>JO0r%g7QnM*Ja3M)qf%^fMK}W`xK5@|WF(Pf|^li@2FNjwZmNYcheV zylWT!ic5lcH_HvLNLm}T-p;4*f?c5JiOX`&osLuk7i49dHn1fH=O?MoK=nIL_O>SQ zw%2|`E3V~o7PYJX-Jcx#joD95K(>?|=j3^&Bo1Kq#Us4ga0aUUpZN7mUlY;P9rCf(7WmG#{nJygtqlLN+@fHe zG_WUJdS)e~aWg=*e;MbuqUwBT267KWRfF|=3Ni5G&W>B9mHn zb3V&3E>x{jmcBLPiGhzhI0;1~Qfu0P+Xoe~!H|@A`=i<`3jg2&685 zjtbYPk;)lbYVC@^b zyp8R)xXZ=M9#Bgo3Md{%kg~r^;cU+2_w`Hc93GO%NTl|k#c676MDX+^Lh=y8xwk!x zGut>$Ua5MinX@OG*b0&c%(Cd~n^zzy?u43e97tyz?TIC|O9+E=z6io0jM9*M=Lnz; zhm^VS8%iKS0sNl=ARfGC1YpT^oV{KXnvvr83Ga9b-IiC%IVmH#JMe-pf`XKCtvKUt zSIFaahwGX0y03DA{g%l24<-Wpo169fLJe|TA)EM-Fe;2C z1y^wD!;n{weN)+p>&O1c`BbN_EoeRnCr;|e<8F9mLO5x?(4KhT&`w;`mr}=L-0@oN zacDg8Qis$cbDSi-UFzC8i?R&UMi4%*6B|g@`P@&SD~_T2d+JZ16XI>t{D63fIu!r9 z1xOtf!dN~x)uAL{Y`;*PgJ~)45&1J&y0BQ8Iv|(zaeuGPyC2~7-uafnZ8Ec>B_u>W zUIaDUxlNu4y|JpnthJeMk6&m#Nb2E%s@ZeWVz&=HneQYX!f$js^60o^ath=>&T==) zuO!BCeQzI;#XKQkY0_QKS~_(81>tV9P*BK6GQ6IOUy}>*=9OX`ZRlUI%19LN5zl{A zkiFcbbg`j{l=PWe5s&PTnW6bpp3k1UP5&`azdNEh#^#0KI|&fBmvXX`sCXGO>&vD> zg^vCLctQLU*@d3^7|bWsDaAA%E1u?E1j^BEM@C7_ufqI}4zPr=z6h6;*Z|F5OiA%! zsvfNMNBl8xq7eTq_hG)H#h<%L;LdRHBhK_$%+fU9O~~>X0Q$|kb#!?^X)MPgK6W;# z@$DeZI2c>bcze+>(qERCJwI_t0d<^PyEH$?)Q{Kl|7mk~JNdM9@YCYlc+YVruoPQ}bRsHPk zjCY?G&7mU7guEwyO$WO<&ZU*kS+AzHf9}Ib?qmG!3%}CE+9l$ISiSU|Lqz9zzsxbhZ20f0Hr8S%&u893FCD+b_&clPkYZFD_re$bZV6uVCYqRdbbf?vjq_Lr* zIr>}(GusO^ zCXT?@`s00yg2D{KM>}2SefOgOc!nG}TGG}IvA1t95mC`a+Q;dv1A*V05izTwL_CNb z=x4#9rp(b=?=9^%!XyAlvO?fyyYCqbJ`8#yIb*Y}J{5k9QLS3KdVqTK*tojOtC79; zs#?0dkKHiDYvNDPqr6CsY4ou}`&DViHhekJa)MyhRaO^^A68vH%Iy zd(&$989QHqPvLY^$k76V^zxT)IuDEsUYJZ?m_D5ajx|n!o#aqbzt0e2{ zMg^*Ff2`3_d+}%n(7TDg(M7#c*chUGSzGfYvA7pUaRW`P0|ry<4$%3lTR+YPx4Yfh z7h$-Ca9*2^zUTM$mL0TCc+3yAbR13_X|?JAb;#%0l$?4!{qLz0ak%te)cYkzGuWDa~8) zkkt$~p)Li=D|c`H(a@1PXEKmDY^?ahv77O&)-;U>4E%63Gj4pf^&gfgXUmpqV+^@r zpL|fIxZ$b8kdVWollVc0G|%$L)93}LHOa->f;<8=DlH}EUcC~C9z~fZ5W2oDmjgsX zQJT6oGY|rJ;ga|^zdQ{~ar`W!_=s3ncTafVSHv{PF|XJY&0}~FnQF@|lT_qsr8=J= zWB7rFGFCyHrv1R(hchhWi#1|HUUtA!fviItBO$0g@WoUYDR8Ldddg(17Xt5P`Xx!N z*l=MD?nl1pe^5;QlRD6#Wwv}LBzUdj-j~~KDhY_Njtq3(@ZMk$omxae{(mVZVr}YX zkf`*1fk5wG#*0;(AV+Jypr5%pfa|`h6?hr_bySlYHI3U*yeq&w8@#8gzLZr~sVLhU zuEAF`Wwz*1sv$sR5<%OIM6{=tz-=27q3p0-D+Z07Txtu^E_+(@(nIVRIfy0$A+1e#V-s$ZiO6b3h!T zWwJWS09Q#(^t~+AgUbu?t=4ohZOZ;YQt_FlOSXHWGcMEV;8XI=qDAOg-!gZHET*eu z4Qgx;;c|O7IazJwtnB=zPTp$KOL6=k!yoFN)R8H5j0t;B+o3-?zgI_IQ(S4*+h?FO zwCWCm=yV#;AwOH}00$_Bc-do`>`7oosZJ`+otg;|cw8Msv^hMW^moJ?v+Q(-?cnx% zbbx^!D~^XjO{YjHaluX7aKes+PXIP3p}g{+n8DH_qMSh`rov%ABWNhajd& z&s5riBp*Q_gBn9loS;NbOj9HyRU<+QKKOeAg9>n%yMiaG>Fqc5oiQ2aiLK%9eAjp3 z>X9>k!2G1jm>q#SI6MUgdb#ok-wZg%jH1L5^uWRrd}+RS;eXK)&e7`bjQxn<#}DX^ zMhWnyQUUSk-`%3>PvqAfaaD&HvjVAH4gbnq8=<{&;dFXj^MzZn@5o zJW@)v_{8nm6*bYMSr|>zkC}L81Lf#sqvYtEoKws5@|&$R`PjRvK-NMb?TiPh<)UEn zr#@UDUeVt+(4G$|eSf0p`Zhd3tqWri;HnQ6#hVUhgI~)3J=TDTf?_xQ9n*=1c!HaV zSW00a{2SSgtDUsRb&dvx9Du)|mHLOjn7HlR=^3{ik)Z-(Dwi=^Csc&^C;*9ANqyi_>Zx(1RnYgJJj}(5HI1U zz(D*X`jm_-cylBmYcnOp>$hZCp0A_ZGxA~qGW9e(;s!3vZg)vALtAhQYu}z-+Q2?e zx$r*CWLCK9j@300?)IVG)zvbE0sr%yVV7}M;`;q$sB@%MbV}saLkU;#)tivtV4Lu! zcg}dKb}Kcv?)<@Sv==npTwZU?8IaQHgaZ@E!~>{g+zmey-MiA{8ibJ7FF0G3H21?V zpbWVNT}>nhT|E+Y`dvw`91mW$xQ(l0qMQdB@i`;Ca=t?iv~v>;uqy~+s!4QTz`FeX zMcmbi4jXUkPwg^vnF9OMWoz`x350EIo*Ef`WtAJY9{P=X!&w(7XvEqt47pi|gF2mg zgTx~FG8HfU2J2kLOEG4{JQSczmfL$t5-@@p#GjY**8J^kK1Ctk_-;KOonS?$#_SJi!VfNl2)*KKYJCegxL5G{e2vv{ql!#7%hEHLCc2fj#TyW zRXt4Y`Fo>Es$N#7&N*^&jj)Njd>~gP00A{Lp@l1qzEi$7n&+fqpb)H6Eo=C@zPdnq zX7KOzRoUe3SFQ5V_3CRE_Bgb`OGZJ4&_6m^7ll*stHi!$;!)Wg`bKa6f->ZbSD$~x z3KNf-w*|*_?TuVioSY_HTWGzvucIhM$%oJVqp@EewHg?(UZ-XI{?EnI)|1nQYl}7& z>y~7N&-?beq34%9S~EH0IM`TesCiPeidjNC;(~-J=3{)L{dOU(W*29XFtM5>RL>vQ z53;qIVnSZCf3oGf(xz^iSe!KfLw*<3%Gfr2y&GC3A`UoA8kZh(790mnEk;jKVE+In zL@dzCbTwpw_y@`mI0a+el%@~HVOw@Cd>5@+I(zaA{@}iRdYMtBc*Xk!ls2r36>suf z;`ir$I>a@1(z)M*Ti6tW=9B%uERJ&j_IA9^?1YPv&tjC2=^c*&WCwmZU`_`vm@c%{ z;*e0_&eZYiJxgB&(k)`TFB}c*F!x~5%-m&Zb1>-sDEkK3@~VA0KIbBrF(c#qZw@@p zzG!KGhb>O_r|>@^#*D2S$lx)yAYKS3+oNstH{LjaJO&xVuLjik0_KA2G=kv4Fk~{J z^xZ9%dR7Dam;Yaq8^!iNB=_*b$6v+myNL<>S8=y~NbFB$YN$IDVtYtrjNbK-lsPscB2`j#<3$6BO zn)H2Hg)o#``iIOd=NXG(=Jy4j%rHwd_F7J(F?;^ZyHU`~Z7dy)u$r>s1>0YGVq$U< zT9Jh)#?QpRI=)17{SDA1`@cXsMsO*BF0n-kT5{x9U5&s@bNigWy?ijtKSaZ|AL*ds zgane!PzLAAXXidmtp8c3&5cQ-?2TS4-{C%Dxe!<7jgfuBQ<+r85+=pYWH%R|?;ck#7{@Ho{H!A- z7aye7u-xyfz0;F9J&ND zt&A63?18QS5Ljkft+3ZE zXC8!Q4^2ma+qm$K+iMjZ;MX^}_!CU&&)OZIKOIm0v>0{{43gKW64J1-wV{ zvy~h{!0v_2k+cxS$bHHEILWJ}7;XwlOr?>)1hS~b;Sa&+#sU!-YS!RvmS9p(t7#Pj z(E)B10}^=8{_kivL9_S)gTp%GybOo^ZDkzIK8lB+{7Vv+$uB_c05bo)5qR$pXNZm3+go{N0U)C1dO`;Tr0JD$=%|fFsfvXNU*& zYTB4hHQrOsNj~83p}Egg$(RWdq2xLSf5ixY3X=T!KhP6NoVij^Gwcg6h0V%gTv0&s zF_F%2DB6j@7^tDgO3k8Fur$wSn4l4!Biq^(*zjH_XIgKJ3501B2hib=@?dr|BibqF zE~3b5(yZv7Y?;D16?@($`nb?At2P#R>Ft@aZmm=(tsW0N@W7nE7Lb(c&)x2euME=s zvD=S9P+=EC3DaL=#81Y)Z3ZDs)Xu_Pem`}Nh)7;V8F4~lS7VL`3`lCUay%+|9$toh zm|7YCjNTDKP)@Lk1x=y<{juLy2t<0^J3@>f4=-YzWh7Lh2d4AMXW%TE_O4~wPT+L@akM#p*k8aiW)ngv~>&S9_28S*K zf{W8eLPl*<2J;NU=lY%4_S($)7kXazefK)d=bxfOhS6NU&Tib<$fin+_nMXyH$J#p zN58aO7^9g-uXS|99o2Zzu)2z%CL_TQ=6orpC@VynYPu;`;!Ni-2)R=f-LD-D0x|ZR zR6MQ{wg=x41d7~XRy^(!oLk=#)9*K?$kP3DQWgtyN}e~Z!pFPU=oSmRN}YYJR=2+s z;()}MN@TBiVB)1?OT*uDya6>Zx_*bdaKT zt#npGFRr{5S>(i5I6N>)4!B`QBR+PvT~zL)M7Y&nPF?;O6E$wIkwJseHf5KtYVX4K z<4pUqB{B(oexP~dnW|+CS8l#n_c(pf#WL?#D`nv$dK~AOqKCDBWNR23x1~(|s~h+7 z{DWo1utmxUA*qFxZIE&vV!Y{Us~4=ACumP6?fG=Lqm3K?^5Zzs2}Z&O;z=E8C!kg= zw46YJuh3WcgNdoo7yML6=mRI3UBW87o-Ymm+xg1Ie8i}pXy_DhJHbZu$fZRP|YA!WtE{aeV6x1a6~5^VFKQld1}D znC)n;YnYwTrU@jP{oYt2n2(;$TT+7uR5Q1)qRuCwg}TiBi+w{Sl*P#Hay8Ucc+D^~ zh4>8Y*FTQcm^lnvh2SYJ42!t?-;99*VE{IK*lUig&I~n~!a(WZVsz}`|?KQVL876+g<3=~<&C$_Wm!#C#S{&z1Yd^PT zm(B2>F{4~*7HtVnV|ejTKDy7Lqc{m|k#GrZ>6i&^f%gGKS6&^695pn8SAZuvp@T~2 zzo#P=zNeE6@1+Sx_ED4Hc5@?s6}|7t?_hrIorzjO@*#OuO;{4zuJp7r&w%3V$yT>z z`JrVjdA{HmR};?;+`;Z88TIwE1i| z2+vZqKpK_-ozot8z$wKxEJ&Y1fJH~E#f%xM8IWibba1U3Pr+ljY(aZ|MQ^()2T*`4 zoNTx(9Pn>d4yJa*U*MNUm$2r7?jB6(I>XG5czEF7kHIWZ9JUCK3aIrC7VWk3-P|V1 z5*D#^u&rDz4wOatyFEtnwUVHr`P2LLNa)+=ekPCze}z)oto=l$+UWSBtg}49e96M7 zSCR+X#UgQX#qTE;dNlosAR;rjolqj`2PxnuMzt`o?I2W&e?l=sapn7w`wR=}id8l; z3O#a1b9tK{&@c0gDF;#}wgqS;08jFx6cvmSZOXN3;e+doO`iGJ>Um3U3)f8N2g$wl z;NZz``FLK^nc*tA>;3bKE*v(|^p;H=>{?`JhtZ0;p@eq!^wjuvj_>23Ik+5x&W_Wd_~1K1VhQ3AA3AqOV$|Z0WtGmWhYvZH?Q;;An&Lta^-? z3l$Hr4?*R2jR`3E%XWpStAGrH7Pbrey~G&v*MWjW~$ z@FRGEe5C}#b=Ld9L3LskycNEu<$6kzHbOVYlZ3O0n2UX-xh|R~hgj>iE#lk(TEcg6o3w?li|R^YO6Zf z4R2MZ7^IMiP#}jd-KCNWt)w*aOJ>Fr6zPaA{8`cdMLxIJ;oW26-PUNia(dl59yz&! zBYybstv6u@azBpa!ETSp+w+GHb&aqn#Kfh}9iYA)-Fh?<>K`)-n((*45Lg7A=WhpL z!h#NCIA7^XhBssC39AQ~2^Ae@7*gUNG(}keN2(Is&LKj)&%7LowHV2`+FK8%ATmw0 z3c(U;DYw`DtVWkz;%BU4g>bV&g|gM>y0dw|_bdtsv<;nvyuqo(i0=W=FwK8SrSbpO^`ced z+O=TmCh^}au-Le`xL(2<8E2qL=!vj@+FlkLYyRE#f?y{dRm|r`+Ay~M&on;iA!#%4 z1M7vFZ9q>1F$oEByVF+K0O5MtZ2hGFno5{EeJeWU_(kT3=?8NGl2Q~j(eo~+5Oy$C zQU+C0&O!m`TaZQj@T)VC~gwX_^!d^Rh{jvXNjQ1aunYIc!!GA^j;c}oue!dfu z@5rW{p{zUqH`6Of;xfJbW=-N0CxK&=G9`HsC;nM$I$oVH z^uG!Kk}I|SmuSgyo~pp=GI>%g`VGo|p{ZcC z{{c<$zlQu9nu-G5xn^_pObhK~0^85f8atRXGTksCj~4hete^j1u?Uq3@YJI!^nR*n z{QB#&aH__vAmN(Mx7B}s;WCQ8w zG~Eu1b%Fd`Cuw2VXY7X07bHR!=6fd)gid89S$*s2`vZd_hf zXf0#-e-jgpj20rpIxr*MBaBi@1+NmxCMrr-Jd@v{QMeBq5`uoeJK_i4VA;dFk57I* z-roT*j=QG>jwCSJpMYpNDMPnc^7~s)0lHaxC)8NvDr;^9Ceh1XVT5Ks2RB#r9At^# zkF;ZhFwxwekBk$STNH;lO-^FX`0_RTpny2f&TpUuPh5g>I;u6cA$G4^zY978d5nDM zY1TvR?Cp-J1ri+7umXv}M4%$~g7YcqB;g{-b4}V94BoN0IS+Rayu!k_G^0pB(21N^gp&Y>q17CV8l zFpeCPpW+0%5K)89z-CAQuhS_GC9qI9h~z9;mg}daotd;h>l0LF=l+JASqqve>Jv5L z0wpE_y<6^&y=%_$vh_OZ}BGk~K|w`6v$1zdSZxfNC3o2qUNnu+iM`1r+9LYKJ=fpKvxD9%P z3C3WcKk02~Ofj6fA?K~=)&(-Sl)orkPv-AL3yI~A@+#h~xNKYmO#7cSLb|Tbl@K&+ z94^U-2T8p~;F0dM7fnR8)olg1CvG;$?Myc*@>Gva!62GzqwWSz=en?a^_Cg9l4axe z8b^zu#H2X$zIwp~pIjlAz`uFvPTy5{StO(HyAzXCYp}D<4Y!AboE2p%9 z#~$K2un-jQgpXH#cLm1!k@yND@NO6`-BlfjHyoY39|O zCS4<@393@q`q@td?(XxxWkatP1oUIgk{ZYlN$B{FFqHf%UAga2Y;dkHm|c@UhP^Wr z*Wt%+U)(7XKOf4R&s2-X|H^=hccuAYZ3*YK(0vIV1?gYJz$j8`k*D)DLElGnQAgqD{90X}Q%+m#g52NG3GHgkwPS{O)3j_i3+L5tSGza`pS zYl3eN4_ATxVT2yRVgdv|yPZLjjSFP+{z0^zXwLZmZ6Ta}ue<$bdBaN6fHw^SuE7(H z1P3?U@|%8b&7W$|Ewp(w1GKe8kDeXBcLK~KGDdb^oU|?4RqDB&#&;t(G8g|pd21*i zOuXF%SAqJ!xOM1i)7>9imTzh`47Hi+`>!Kg_3`yi+jOKCgX(_fi~Kzha0dT2hMFwRD3iV^lvc)Us(jlz5Yh;t; zd4caTLA7n^&%@8Z>ZK3&NA3SJXua_BU*XQuB36UWIBykPK)Cbxe}+3z9wG6|ng12; zH1N#Yibg+unL@myv7`ss393M6h=2VA2!nAm({Z!E@lL+)HGTg_ymOKimHmGcJn4Mc zpSMBr&y3~9Co<$)EcR>$H0))N5<-QdXjTY6WiyVCN;yiCDxksN{x=uiCHTKs5w^!<~iyGu-+8Kf|4)25>y# zM7UGKNPUUApi}N3+u-Js`Dvl_G-(E%b6E$fISyRhk=>qB^9WINus}~ z7f|4`mM{iwB81qFOVU%Wj6fNvRQqc`z^_<=bmm)1-|f=)uWzN%_dx)7&#%Rld8;X6 zE8fLqBPM<-ns4N_sPL;Ow9)#7p3*_AFwz$hQ|`k=lto9KH%;Gp=BQx6%gN((f$u0* z@1EJr;=7Tf8^+AiMn>>PJ_dDo} zNu;%EHD<85Yy^voD&mE;s2_gO&sS$I+R=W2J|u}#*Syq_`H?0#YJZLvdQczAX;t}J zI2Y$5B-o!t>JHX&y=W^AhDSU*z&xS?B}JJ>!X7xJ8diu;2~#+IF$+n0hwvMj{US%D5b|ylQ5*3dA7U5_pEW ztQh_q_hMvnpd|72GJ)`Ac|-nasbT>)=Onh6LyU^cu34d1zBTzf8Qpw@hP0-0_3y$G zOg$3yF70}8hM8_cT+T+8$%BU#plOt%m-2^_`1!I*$7ih=!}euQP;)D+%`AGdfem>G z>fxxzZ8p8~eXNCn%Y1C~x%u;)F9VbzUMZJF<3u+E=XL$cw!D758QJujEno7Mr3|4O z%LIbnTsl7LUQo(>pZSz;)o?i|H&|}p`rM9`)P_k^`Zps3J#+p$h%$j#E?24q&oqb|56&K8%y-=V>*u+O319kKg*Q=esBD#Jn z+y?!?KY5~*FWfd#0D0v(fd0TAKrGxQQA2v=nZ3GUe8&%|%AUJHp1VxiC+VmZH)JZj z3aXxa>OX!|ZBQA<~j2~~U_4@0>{J>mnRI7>$kc9Ixpt$XMpUAT>D}v{U zj~OW+aG#__rVU{=z@HCcd7&Y_o5Hz!&-T8XI(7EMrj*%;*3xs4Unb>DEI&J-5p9La zWu5jx0vUX)O@X|vm*#s*qE>P@4LCgM;>`J(XcT4WAF%byE5QGjWD^UYB3t%h zBosg>Ec@4oK~2dW`Pdz7v&1;|b<})-esDAV(dA*?lGpM&0_r*cN3$nYgiEZaNcZd6 ze3lmrAr9i58}*;A5BHK~2eEVckgv!0xwgl7+ zI{`s$`7)4l5mIf2-mNS#Y=Gtil5iUhwim(za>+lDTe; zqQq@p9HpOS+{^i7i3i_R#e<^2Tzt_DNp+h?-Q##iu|c^I^Wlw4p+bp7_Dub{aBp6S z)t=-@#2z_syDT!Xt{X$)idWcoV7uy+wp)Q3RQB;py*(wd@>X%^Yyu5F&t}3K!=^xS zPGu|8xL%3-3ok5($~I}XJ+i^lEh-$^a&Ryrz59}NUd7h9I`+pxM|i_4$nba+Mho#v zrLzCBNOYpl_e^BBy_z34B2kSy0y%H!Pm4~aUFe4hT+)fK&;_d4ZGb8wrBbsv)pq+8 zyI;ew)#xJ*s@hoX?bPyQ0ZVDsC);q88+|GcsQN?j{+euGryI{|J_~uFwUwQ}>%4O^ z%B2?Bo+}=yO7B8LSSw01mO~spF~%%(2-SMDx^E$RUn%{5b`{Y&BIz0HZSK#Jxd06_ zgJBZGfMG_hKrtfeZ!q+=*SY8lV?ISNCa!V>V?r?{M!(r8kqnNOb_qpK3Z@J9n5^`Z zl0LP;Emt(ak#qXVJ4(qWRu+n>tV%27H6yX8N{vx7X~imrY<>@Zs8v47I8di2t1t{n zuCJuZ76-poB#yaTV6SsN9C4@^4!?_ST%hUGmn=hs!O*DeGmxwRM^UomsZS@V1B;<@ zA#>N3R}C0VRz#I9y-%_96sQ2FS8{}p&zQH&UK&n}d|TXM7AplR(BQDcn26lodFHw z^6f>5!H_^G!GcueUD~`MEih)%e>2AB|747(9O#Py#YOJ|xR4WN(Zh?fXmJXs4ouxx zMy5*~tclTo*|%TdD45(oaFupnKC+$rl^WwQ392Q?6^+wyi?y>Yym`wcW@NuKpL1*T>Ohc^uFS|M|ep?@0)lG#`~ z9CiP)--1JoU-4oeP3PHe*_dL2e3WLq&_}zG zM%wXki3{!>&Vt^?nyHSdGFRV{+xgb~HtnsV_?Stwaqp`4D2Udyvkm!=yY1h zRe?M}zT0OLBlah4O(tzkEB`V19}YZ;s~R?nC(oC3r+x6=<~(s$S}(+yl1Ri{c#ly4 zCLGyVI%L~qUzb&JU_VC=IUxiPO|^{YlRdrnn{$deTSk^@HB>9)Takk0h|MrE+$D>< zpUe*gUwl4Gw0jOTo>;6kNaP>ksd}TpegY#;+=B_FklId4Dhdjr6}J2 zD`2VXe+^g)W?ugrur#BLeOE5ndfGlIurqa&W;1apZ3KVYYS$N^YR6DDi*O&Y_M| z{e_T>1<^b&BXwr6z}|PU0{A?#bbZIBXae7dWPJV~Oa4s%^(BYV461}_u=k{=-)q)V zj)F1?5r2rm;Yzf~F%BckaS7{wiZq(!zjkRuX+{GrImL00Rs;6+F5vg52iukG-(A|q zABxNfiXxiLUSG*%NR%ylprZypSqkA8FCwICoz3qR>P9{OZONnljLw^ch}AKa8~#w- zfIYz4=W}8cGcbi+ZZ34oie#IlIvCFE# zg}`*1_VBWE9bIBD15$)LQcl^^$!R<0xk47?jT}TO{uFwb1GLt)xLR86q3iccmvuJ#N_Yi)W(`chak`1&y+dTe?CZjz`+UJ6 zq@xRFMfU{p9#47rGLA;WF~Pgb`V z0r7<$0`!=OhP*V3!u^Q$YH*x;9@1}OUOL7*+y~eY-Q2R*@Ip9KwIgcmc_8ll{FE}+E!nU2Mk3@X#E+`>15cL(YeE9p4weim2i4z{V<>av zjr7P)@2OA=W<-)^PZTAizQy97EkGaNyM0~5J-rbO6$jMggoeUx0sMf;l(>E{+2?*o(L|_1`{zRY z?t?lo7@|SI8?3((IWyQ0@H1!^tb1@8X^t8H$#;eKrG;D_X8%zM6t5_Nv6o^)un;$g3D$kRYFUn4k`D3&f!A zOw~D6j`0pN>Hf{{kv*WYyPGgw$GcPBI`A8fRVKL;IaJRB9HvsP2_23I?);hA-f(TP zA^o%eu~7qdMA0HwU1mPfJZ*L@d11TWA=_iQ?7oDI4kQkP zJV3rVhYB%c9g`hI$iR##w-3Rs0`e`$1NAggkSL(XZ9vTx-`8yBI}yz!arE}VIA_~f z4?nsO2@k-DiZKi+ago>01O?xg5Wl#3**aCt!hJJOG>ssk5~kP{wU|^UmD8VzKk*L4 z&?Bdy6j3JBIg`MAL>)J0;_d5@I&xdDD&*xK?j~Q)=8;i+kt$Yd+S~&27etY&qM)!n zQ%I32_;A$06%(0?0JqmJR9*&^bv&0zUhyw=q$PlhuvLd}w7LV5u^fYucrz^+d{mz4 z4GmhScS>_kK#YdY83e0a|9f=0>Vcf;!Wh^3dO;( z^n+qx@DDha@x&%y5$g(*Q0fXRiCpNa=vnME%&zF(xJGKQ=ISGoW$fGb!3uB;_> z{!E+G3?fG5C2`SVba_|1!9~UT`+kUx#5IL3G$f){>nM!1zVHG+8QRN-=(AslcSzQ8 zOXfMlxo9Eobe@LxB{=GJRMb=vypo*T(y12CmVmY%29re(TEcV$;|qDy(TQ zK18Ylj<*UFU@E4S0_3X#^K(+fm1>*RnU{D=nTAkQwE$1o@%}P0&1VqLkaWB?Fc=Ku z@jry@w}nVnkWp!huF0h8l(4@w#9yJi*Ev=_%n-`)T+8>d>U2z z#Ui3)P>g{V#|z)*Alouw*}qton>2V9lnLjKgMchk4?*R*%@x@TY}Vmjy7QZy9;Higo`n&C--~; z9)n{Uf|rl+Tu$-yK`XOH$lbl4BmMHZ*jWeYFXsn`z^dMn@hswwo3);I!OhdHG*WMO+?b zJeoGNe9mQnt)-(4mGS74?Kk)e@BK%gx)9>Ad$PpFT%%{{Nc~QMw>wetMds0u4|NU9 z2Fr&l!X>-e1U4Yl6Bxet8hm ztFz*`X4s5f{adc~%)EJjb}XUh?!_+Xb?lH|UTHpKd_K;2{9Lkm{(V^^@f{r;L^|$R zNF8CtL8cr#<5K#}&zf!AGE_h&aQw}qn=-i`iXGm;M}+hE-so-wieh=OV$r?O6X?Of zGIG+D`c3U8M+HnAX08YV0N4REGb^Dps9CHZz5^lw;{(TmP!n^V8_=mXnEkHT{Jj}%$J zwvh%?LVP>Hw|&)0;ci6O{D$>Kgbmy{`OCuCVq=8SqF=yi=D0Q<5TxbIiJl-@S?TqB zL12|(jAfa%wFJ8NI6p*}Zpx0&5(x{fE?f$}Z1-ZY=`xXwE9-lo(;jlMO@@Zn&6Wy zplC!q7>tp-3Ri0by+VFb`YQJ)5l!~assK{0MhRadbVJHZq^|xhcHL=wgi}kT9*PZ5 zrnESu#rQyx34UKlvuTJp%#F-g^KHxg{V|p1jh7Q0%{Zf>PO0B1KLk4{-Yqgs4x5)P z?!q)Y`{fr`FOmN@t^f#B7`~N+LB27g_5@GSAAm*^q6WmuM%mZednL-Gp_4jKCpqnf z8J0riSZQyG8%sT8z>Nix(Anx74rD+I^8M)lDNZv#SZe z0);nDtYsP^cingjA|T1r(+Nt9F|Iy-*=e0 z?hXSN9`AeVM>$*X+z#0XFZ-~YZ|SECt3S*a@t6}#j}&~7+D3>VdMBDEM-4J(ZzMqJUiXq9sO>@f9r;U{qjzP< zg{B6CCUUxNgHd6T({8bX_HN4+e1qVn$o@bD-ayx>e3O&qn6lVVp@c~CW=>6okIs}y zSx4IZmlBmJc{CQk);QdxlbYiyhpip?g0aF@qv)zMwICyt8|)EIVkCcudWu??S(JP- zEi$HJ?Ce`PZESdVoLAASZi6TBk`*$`UgQmE&liKPjjBy15)|%8$?Zb;3Uy{WZES}_N zHX2t-_&v&Vw=B9+mU(_XzimY-^YC<>Ii;dO7gyiUrXg&Y)^*0UNewZ-V z%aA+52wy;;FDPQS8w=ifBhyyO^EcwQ1;@@-ZQ+hJb|h2wM7}BiQqVc$?Vec1yF=EJ>8ApEsfQb`EMQ zx~(yM(R_%5MOgzI2bLf<8 zE$O>CW++9Nl|PpCLDatu3|T|n-Ush@<%=`Pzo6Cd9VmjGA&W;P0ZUCrB(<;J_yvQ7 z>VKk03bykOe|@LQA8_*)a6^KyJwYsp(7l0$7fUXQeuWM-Vl0^uy?COLkT6PJ?Uwh7 z44tr|K9DF0QNLc>y1Pdf4E!E2v-4${RGl`5x#OW7lCu8)zG(kW<$@wjnG z9(hsn<&q`h%urH4nP17csMsXBGx5^I;xrUCC*uc;CmmAN@=wK#OG}1Fak*?XXS;Gv z7WVVeOcuhyA1e;g8xkZx*xo-E!qSUxD`scpQn?p#hs0?jtc;Qf#4!!xP^flg*fLmi zCS-kwy0KvuoD-TWb8uOr5Iw=SCvXs-D=?00$*@<>-!+LR4BK5~9YO?F{U>Yi2NL2RvciOk}+#N^=$ zaR%5zY)z2Cw6{RE&!9S)E0COu&1O@y~3%_0WG{sz{;?=yuabqRj-Ksj3mgCk;Qp$%QQ*pW;7Ss40B~iP7kwCCDi|@huw&4np^yXt zXK={`35B>!H-XHj-?Jjg%k&j~z;&xL#12e1su$^t9)-|N7yC^%Y0STlW8i>~QhPx{ z71#lGzKiWF=~=~s@O8Mt^d2mu`jLW&gT#P%r9*(eEQ7capa=qw@Ic)(Q2a(@_bT2{ zLP?Q!rWv@}&>Vvdyy8*%S}TdL7>UG~^dzDU@cLfRU;}O+{cafoZV{v)4q%4SA^Y4m zF}l_9=C}%OFE1lViBi!?h*G~m96}DljKY_p#;ridjpU-uRQ$)kC^veJF$VHF$ct#V z60b%bG`c9Hl^y!0i+e9|2n?7=Ut=kFTJ_~|A0&xE+3!OuRgr#;hOnOOdj%&E*#XqiQ+ZA*utRPk9+ zcT6<43@AYRnNFoEde0O>`m7DC8uHS^U`2Eqz9Aic;KPX=a}8@2vpUL4xZRt7Kb)F1 zn<_`6p@K^Bp#&+H8)wZQUHIq1RO)9&uk~%YxJj=10ZwW z*DBx2r0}5dptSTP`an{$5kh9y)ICIwe7YGNMiNPqS>DV@GC|q$xu3BLtFa2xs=p2^ zsHqoB$EcJ3I}oj&1h17^eo*4&`pZa{>c+&hDY^Z?bWvsv<2dQ=oG=$ZRUv;eGd#?5C)T7zPioVO6gOXpD&hA~T z_bfC=u^b5DMJ!)EH#R6%Y;dfB5XIquL$zDh4ZO;1qrqeu9z5vJgZS^d!-(4ES z1J%~^2X5jDL;lAD?4!zt^JMR%jQJ*lcln}S48P4!Zmq;%)UDPG^B1eXBM&U|aHDyr zn#Z^P3x~^n{Qd4)LHg})>}bml_kZ^_XRaREKwr}p%K%qdmjSKItTVz~W@gdMSOi`_ zM^%FV$wZI#r&`j`XwA##A%n;I-XABZO7#$zV_+w&hf;{?5qhe)WQ$|ij46GqSNN<> z0f7mC+y4EBi-K(GAKP^tR;>*6>TeC2VMxkDvaaPZLXoq;Ap4%*)jyn$&_)o$zRhJZ zlNT3)ZJa%Pzv~jwnaLx7-8`KzFnTjF(ZcX?^AY4rqh@iWpXh>2A*VyKw8wZ;x1GS-r7^C$a_G@Ul-q@w)d0 zsrDU#2zqg|bMpT-HLOf!I|e+Q!0bp413LHE-Hp)GEouA#(02M$TeKShl1jSY7S+*oQ{;S&AxZ;9pzjW` z`7rsyg+GllzsJY{*|-wRp4@1$WAlR2h}QID5Z51{&(KU9y;D7Y<8%wp09gxMF-VB; z2S5cL#S3_Mc?kIDPe5X4hK2u9g$nfYXEWN40^R<5AxHMzT$EZ=d8rzfG;sGQ*>AnY43xq3J@UqBpu07|;jr zZX$Q)&c{@1@$+Pl8cBqmJIUCFLvG*-BfZKy#;k3NCW4_smXd^lL{=;nBW@VgUjXJ( zt!^22>bFD}l^<_|k{%Q0h+}qVYKi!CkdY$m2ce}yP`ZjkQJA%cOm9*LW==-u!97|M zZ8%M&SHPzJh_&36z*H`p9`jv(^AAZv!jdn}v*^Y4k4P?eye~xLp#4se5qmZmEV;Cb zXA-`>$Vf}@di;Y{y71;Mpp2_8BMrjOX- zpo_Tt@#5gqr#AHDzGpOE`H_&3{z&64;Lw4j9md!m%t`YlB@MT+^UVo9#iq|%5AzQB z#(`_@Js;8nSnc$2wZr6mi6n^Q>`VyqW8nnD-DG_nHIsktk-;Sz*!f}=;Cx}$ zsneV;NMaKyouEvsCX06Bob-wp)k*`bk7<*PYZd&?{H_Hje&JPbc~z!sYA`r}FqLtV zm{MDF*N$x(fcfb7t1NGlV=p|<*sfe0o^PWEc0X#y6!$17F=Q={Rs8-+Bjcp(W1~T7 zc*13YXs4@-j83E`<1vw&>ldrvGJ@Za6W;>v5LL_1A$EL>!4>;k-%nN6n3oc>dc@Qb z=HdQQRih~N3gf5|+~KxzyQ#8@ z{YfDYVW4NL=-{#N(t>%KNZ$Ix7>A=bVZg4HS!M9I@b*1!DodDJ zba=Vn(Kb}yT}0Y1Xt?4Diu8&>M9yKIPR0$BY8t-|zcwqxR{eAT*Rn|&q6@KA{+b@B zRb6bdl=Yr!d;nmz%X>Auorc$!#+^h(E$Vu+CS3+__^k1>+7#wCh6@*=JhNG1fllMG zc|QfqbCWrqmv3Lt+)2_TzCfC!5VM`ks%~W3_~b&q{TrJtga-E8ajugE&p>8}-`g2g zFUy3B8v+0}fA=sPb8UNSc}aCrV@PtiWPcBlCrx+%nMh*a0kx@6`8 zo45Kd@$j&}l&D#o4tLl^XN*`UaqEoO-lhf05)m5YpxYeKBIW0h#~3B#*B8!##B_Ia zp$8rnps5SqotEaa8}MO-{3p#)&Oqy-b*Z(Li`c=QQk*E{%olGP>;>!970DnzoeRhN zRCyP2fG}c(_Ge!h%;BLOZ}`Ovy3w3tT{bd+`j-&?AD>t7J>)-rnc8oyX*!(- zwypNDL|hP}u&u-Lmt&*}hlq|sAf9Om!AuOj#yrz-9lylT7_CPwqbx8i>yP-DBIe`l zukitc@F$X+)6zWR#r+*R!z{-*nCNXYOciQC7v=cXOS%Oh4i-!(mk@2NI<~irT_%^| z@wbEV$?e?4D~Q83ONP8_pnHS+HA^`Gy>Y{$R8QQ3xqV>*%jR zD})+B7>ou1 zvc{b`G%7qvin}*}E==Q`wKz;eDXAjHaH2?XFd!_L$S6K8Rh*8OaG*Jj6&?FhS*nZX zH(g{p3onS_c0YKf*#h|wDwIw>kj|vsuKxr67}vK>4KT9|_EMD<6V*O(bI25$D6AHgn@<@93& zBhbMbb_js!Qk{qR+UXJu{N_cLU6nhHRtsgOSKB|kgKW2wa~9mds?|6_n_N)37Q{fq zq0n~{QQ@G>dJ*k z;KnD>j^047w#54m^P8^a7vw!UcC-yg+9ezTezz19dE%Uml^saFrkZ5|lJZN^^2H@+ z>k~rBbDHjN`OQzPk6!us8(W8|I*586)yTf-Xhh(&i`lJ3`R;`1=;) zQSq#D)MT|hAA&SJj-OH>VR#zYvorAx=*xGo*+)F5tw>rVH34>oHv>`0c@XmA<*L*{ z6%o8g@TSxIRqxD&+u0;BC^NoZW+_ZRh_rqDjAR5(xT5#JP|rPL<_?^V zVpmJafE32T%k7_?1SL~+mp9~xDa$}tS_XDE!YLeXCV$o1(R^+&H=y~__~lklNLdvt z*42(``3aJZdG38S<{PmeVf}1B%?k_L3`-v5f^yc}dv1Z8Ig6WCVNo}uEm;y8GXNXF znyVL?IhG9;S<&Y;)GB|jl{j;pkb)1(tLLz(-Q;b>=nNurej`oZFjZFOdkErDW=c6Q zA6aaV<@5Nx-o%Frj?>6E8x9apQUAHOpAZE^ptS-V&fiXh!F}) z?P2mi%!hL7c>04?OVj&eIxsMI;sa+KQG@C;ASWG{Nk*NlC(Yryq`*~-fBouoxYU=q zfb(lfd-3D?df9UKnRENFX#IG}>d&)A`PZZ0g^cehe+(F}3gk+bOK} z{7gX^`Lciy3c9 z_D}+-Rb0n$esmoJyIiU#`fN7QRR=c{%;Jm4Mo7xWNF4>F=v?uZB-7gB>I@E>elRM{;B59PpJ|fAb4Q8p$eAElw<9zebAwKF65xRIXHDsEX`*UFf>`&#KtMWW^ofj z;F<4zB94}}Dc?%NeO7_wL7o(`f#~aidqo!LM37G7qVzbq4 zKQAjnZ#H~mK?YrOlb9Wg1yU@Qw{Cdf<7sIa?5_1rhOiGzI#dc~g&YgqpAGl&XzhihO4#K4Ja{d1B%6Mxt) zpBv^z-(@gVQCk-A3^YHN<$XaK!0F!LYaP=mB^HC44Xsx}?fBhP;o&WY0-4b*HJ-?%3Kb1rYPo!;( z@P7Dt!`>79FjfV2PIhDNMcJs{b64spxj;*~hQZX3fxVLp#Hp6HV|?j1n&VO9F&Ndf zwS@W&f)u>EvBl6rnepU{=HH2grL4!9k(Zq|)?$(?&HjW}g(o>M))*)k4$UI4;_p}2 zx+l}RTBWJdMY=XF{ubX}6Fsg7?5qW>8(-@6<<1ATZe8>?`#hRQ+5$buc|~+`@8~D? z`C0TpRWP%!mH&W=df$t6wUg|4bJkw^>(gZZD2Fr{s*vAY@^ za6FsNQu5^G(M}YGrERMz5TDRMst_X&H9dGzV_^@ss8jNX&&wRAUQW{?3izkJV2wtt zPCyqiXm2NtKQc_?dm|MZO0k-V+kR+Q1cr-Qh^)q1B5kc-05yzQ&pUn-8A7nUrcL6jhgsCjIa?1C1FZCYOogYtI#;lqAJ#xAfTc zk=dU(NHREkVd6289arL4l^k#+O$7yEmNE3nMQc7g+swrGURrl7;V*I?ag_G>+*Fg9 zgYtesOP4`_kX_hUjO*fQ*WwUP)&-UjV9m#!XWZ9UHK+GlKiOT>hyG3Bi7(21w|+H+ zMp1N=gzCr|nYNM$*371i@^U%ji#*#-^Ak7!2GiK2y5oCPsWqVzPz;%%lJ&(wE553@ z;tz~a&y?TiDJw)2zZ>Ed{3O}jm&~o>Aif5t*O*d7>c|!U+XHaxMi?29mM1nGt1Qe+ z|5U8RB~J)0KoS>*Hevx~tW<)rw{36pCB zk4s6!;FBXT*CQL)_C-L^x8WQz^LlIXlvOrPoi_znXf&ZY{jX6N3=Wz-e{z<+alp?!Kw4RBh$GO^|}l}n-Hl)YwLrn zG<|=S6C5maUvwTUyUQfC)+)v5EAC%_yVo-bX|-%|P~JWyu`TDfrP&S2_LGGjJj4|l zcyRt2l9-*xaHS3$f4%jz0fy6#1dWnEvz|ATe{n*5QHFX^R+S$!N*UV@ymM~S<8@Nc zcP8RhhHp7Ok7SM{GD9XdgF3nrk=e|UMqh?7Iu6&hX+CCYJ|Y1;k5+NdlYO!470IF9 zDlp6RRy4jv{ooM@w>m!RW;ZI+4C+40zm}dw%o`u|?4FS7Mjpx4nGyy^WOhhEVXmv( zRWta;47M+P&I4w&38!+gU#$rs}7W@nO%sg8u z5JyD6p#&3OtJnr=|54|UWvX}Ioy(lk0}OxhaOPRsVCU zHt(9oiiUNtm(w-`yYKn_QxEb8fng6sL!}{E1oQ!Z zm6pNekM~g%E+iN@_1IGxf(wqjqA**k%Dmy@?mmlxN7=I_BJ5dg^7JbP*gM(nQQ00; zp^;^iN{r_L;(~~%6;a4UWsd^Lyjj49c@5&opg@G?*9GTI=Rkl@ArpziXo(>TCz4p# zj{Eyw_&c6!jabpqTrYk`U(jN82{L5}g&Sb>SriaqMQ4mhPzRrcb|d@&7L;u*f+&CU z9V(Qe@38Fc*BDIjF5=b;qD8Tbj%s1ne-2{Bb%I|32HOS0!c^5z>M+qrjp%A(dk!4#oL1w-bmEUG{h3GxlWvti%3i%AuhGx|=lQ8Lj(rD#RN`^k~(iz>IE zd%pG(S!?|oqmWtH4exXm4w9=6pu9UqC$*&kzNoE~Zq21QcWHa_Zb#<4P2`_aqSJ4%NlD<}!QV8q zf+WP(C&!z9v`x#*s|hWS4<6zOh>#|sG+N**z|~dk%VBFDl|Ca#i|nNo*P~dcI3vf# zq^Ty-pZ~3<_a;|T6nx>j6{Hp(vp17zG1C+XWldrYD@yAx!CVSNTb7>u#z?Q({apsL zVLEXSb{xH41PON_@?=S45CpHA~`LDt`MVg3CIu%g4HrJIZ`2bO$V@2ul zVOV`6PtheiKlRcrtrV3c&y0pD z*ZCify5k#6PD4<-_Fv_25G!_(MbVGr)djJPLiV-p_2>%skeYvHaUHbP1ias|Ppjjv zG*_9|p=C;Gv zZ5wm|FOX+5m+2E!@E3P}1Lkm`QsyT9U%-!XI_*Ee&#qm+%Po}nTwqwJ#uc|$qq+T` zj^iM$W;jI8*$H52oW}-O8t_ou72oyWYPIZG@gKFi`M;^v!Yz$n z-ieg~@y>{)krrZNCpBOV+!Oq+%==-^DGIdh&`#g0P&U>8z-}giEa=X`(tqRL3bRTPN>HYImelEL(yI40p6(PAi?>W5kkA z5|6$G;KovpFWkGi2zoPHp#r8@lTiz@5j6{GcegM74vK3Y`v}5()=l)v~;*E1% z_BgHIc)^d0CwPpP@aCFpaO-G|$mdui=(hi(^m_m3-R~5urs0 zW)a`dtaagvDu1FDic4$yr%y{EZ46&lnRxsyF~UGoL!LrHG3Eo2m%7Bq@%i$VsM|8f zqrQF#gl7&$ZnOM5=ou|Ig;6s3TB@BiVqZ_q2w7Y&g^)G?GyFl1ZwPJ~7Kxqy)NqF^+{KXr@UlDhYZrS}ER$fT{(z{H)HSuEwNlCjCF z8p%Y18e|lmc|>PU{88}Q%oZLP0{zbAtmCAQ9Qu{A#VdiSz{a9WSI1t}FK@PNX1_B7 zw;x}VhMFnKY|p;u4YHk9@`NJV?ATMFD}EflG@qgAE>Nb2>O_ot201a)wu`MMSM=}* z(+^g=FNW!I#^@$m5$;uV#%J`ekUXpdahQkpjngmag$qHygY=l0dDbMn(F);H7F347 zqoKE+EzaJK#o$ev3?2F&PX7`vX*k8=cB)29zVxB*f+kR`KkseZ=(y9!bOn8gl#~a^ z&Z;We(kOK$e2CBj-RIp~lG;H=Z#$l^r7!CXPcIry-y3`i8j^=7Fft|zMgvXh=<Zu2aq$q3Uof0ftKBhvW(tV9Qb*%=*c zU~$4s%@&PjrAktZ8+T0GAU&E*+a@V)*rH1TZeje3>$n@EIrb=%ev*LMV#h&8wL#CU zfv~w|rsJfUaj{bKH;@SCk1S)bVOr<^9TJFz345U!c!1h~BMK4H*Mfw-F~ypMD&~OC z2v1{z;P`bQxV@8KYks`Vv4Gu1N!IC(sh|aE7ZPHt<~{3>wFa!ReVVbj|3suk1g}ut zbfOY4nq&zx`__f28^@SVW$+r|jt`b%GdglNlm)SY!cca81Xcgi-!0VO$)Il*S2GjNMn>?yAQ;H_yfxCyWmMhlI&hF7RrV zyLz9_AMP>I&iPO0zyFfaTnR z_s*?vCH#d|t`8>3^2{$NSKa?z@R*iFlyHM!{bih4?KOXDvkw0FPyZjk*!jRJXRqRK zEY7>zRmI$NSxtzv+<{yJ{TaVjm0HgV>BX~V&x~&i&;E~!C7ax4Ui|s19B27G{XdoB zFHKMCKbyiq{kp&Zt1$O7Bme&?%t@O4Q>_(mgQq@qWuupW_3Hb#S6-LO)uN^5;f`0-y@5w>L~V7jbk(b@`Kh^lh*1^CSb}e z!PD-)PRAh=DTv+xKZcXiV&JUH7iz|yksSB~J;>|}83V)565}luU-n)>Zw<`GMw{rK zF*UMkXOH_7ABgseQ#_FfZ7}EDSF#i))bb6HJ+R%9giB;gu=O-N7?KGYm;M6*96blc zhhtsMvWq}5N}MJU{kOuLjB+R-dc{m;2W41=bVt9MI zaqE9mIs-b-V&@(&Vd`~IuN-7S(^kr?)^>v5nqt3Y#4!66jbW!BaIQbVh^ZJW7=T1d zbf!ax%%(2NdbxT0g_`;QZ>SmLzd_9q2>l1i89=Ie7nJjEEYVz$G!ZfQeTXQaFwrOV zkLCKcd13r(I#oHzRW)~S*XF<}vO$5Lwl8Qk!#z`Y#w-T{It(@^yi3qWPqz(x{pX#f4dT}=#Z&`}2-48^UQoI6I| z<-%Ydl{eH$8ngRvYrpWN&OE$X+b!jkWzS<8E&CdSyy5Z(jeREnv(r2Z$DMl;XkHpx zEcKAF)NR^)ZRJzi{8X+|dk91Uha&9gC$k7L$xTETmgAmHlD(TdHjC?# zZw`X7`Lf;2^2d6VEI^gK-pesu9p&+7R+HScb{i_kcVEkcP!NzPMwi+9^9#i&2@c2e5)l+7BFJ)ZO3!&!k6yNt<7UNi%^2 zRVHQzD;BnbkRi`FjwUkb|5`_CFkTtsXW2$%5RqB#c7gmie2v%=j3F2}&$2eifVz-K zLn}|LRz)Vpz_N`NCgqR}8BF?R`Q~;NyKaPVEGxz?_qiQ0#ghW0V$|LNO zutXF}VmUbY{hzI6OFhLs&=a^`3+k#(%E|ddiZND7Ibi%cX z>8my?VXM(Cj1cA}mx(xn8K~kD!E)=PGx+$IPNT<()IZRFuC5Qh-OJz9B&iPJ2EM*) z^!?;M<*dB}hr`y!$C5ZQmnHp{{B^Jdelbiwatt*$p=y7j;A?q6j<^Ah-Ou9QMwrwb zQiiF#O>dnD+=lRl?*Q*YH z8{~JTR)=!PS`r>$jW_)keSxV|xwhfO;x{z`<`Y^k%htkL0tTFhL%Rx(~p z^oI7>B$f)N%`MUt3uYC$pX=DAi5R_J4p81^p&8X_unzwmPllEzVcygZ?K-vAa*WX+ zCFJ`oNCk4-Ik{FPA9BAgbU4M#6&Om3o7e|Vot?AKZQ37fdsg}XMRDu5>65A5{u%0y z*kp-U4$+VL-t(8{olah4PI8(vF7D20GefK; z4SsGse$%QBG0GI_MmO@*HZ4doQRfxF-D-@Ae1crkR^i2el=s|nDG}fB?pm3XOEux_ zUaFS3rA;zAn=+ziI4FwxewmMv>i9ErDcGUONJr6;kb*XqigrGeepD){J#aq(2(|A! z2Je$}rK{+SDr2O{+<~K}*#QOk*h89ZL^O<(So|27080F;`9JboChdzKtqccHk5Bx1 z3!mUnOCuz`hLe(^c$IUzvO2S`p=y`=Vzx=YwsoNt+MgkrV^Cst;QnJH>kvBUEJ}S! zGJWSbq_vtm`76ek$7M94DKvLi$`u#xly;dJwAVKBQfVk@0j*rXLTLvpCD-z|=o4kO zsAjv>MI_7mfdODd_s;&iO)(iX?FF6*h^ruT^_wk&+BYccLHuQL4#xQrzOqruQY-wZHOz zT6<(1u-Y;X{HpUTj6*@^GlfLwgAZr!Yly=^=WB`IO>d(y$e>g{e3ZGT$+pT1 zVj$y5aRfjk#cv^(RZoqPH%k^y+`49@KnB}X9W1o=`hV~}9VwoCpi z9A(ac>*Db|Pls>sEZkA+_^r?=Z?N;zJ_K>rNk8yx*sPf|grl74bf0oSz2pF1mYX@Y zTX7WakD5D%+rhl9srgD9C1Nv6AXlAooKnwrAMnJan^<Jf6rXovnd+JfVb_8lp0tzAWe087#?Z zcJS9`?7Y*w(?zZths1(=B(B)jLW?=(QEl1Qas~T(pqsR}O55Yw3fKjFm-DL+tXDqJ z8L=6izAF%^=1Ub)#>o5ov&iG2_;xkCAIPEtbT%w118k$R<0uqAl2b5bj{8ljRS;#4 z$1RZ)+mMLTCroOBWdI>OYzFCkBJ#aBs4djnB)+SjWf9!9`xI;_wTk zey5YEY0(o2(5bGco79Ky#bnFF{vXobIw-C--`d7KxVuAehv4pR!QFzpyLN)RySuwP z1c%`6F2N;`x5+cloH;Y+ocgN1Kj>o9wY!?`-Egmat#$prk(&FW<7>LNF&9A?N-N6u zCgea`%EHo64kr)`yMCge*1=)Iklc`zQwf06C&^0x;*Z1Mp1B=#iL3y;d_xroHb}Z| z(#amnewLikwp7MRHh%8G++@}xEBRi>X9*}rE;&#lQxwZ-6Act};S+2O7XFo>2ZEq^Z1I^F^cE(1o@OK_W`6ftsXgw=w}fKhd|W+*i;7&TUElrmCP zIrQK%2Ne`mQ^t%wJ~h#@L7NJU(k=*4C?639GRh2*g^)!!gq?m}bmF^!?KZ6i&PYp5kt?6=~aA^&VrAe@jjtpivJ* z`?A{-pwN=4i&g+MlBJMqZ9mjzkr++nhz@)Muqz?g4#|-i=~e{;8cQN0i5D!Z6~(60 z)_EW*9Zq4iP#Q=r#HQP119M!ga_;bjte_|Y)gdas2IjEamKE8l318tR`aoBYtyWTO zbVtE(w7UTefEo8*(m*kYa2VHA2$Zu0#*_D^06Z z;~N|isu~BCZA1XF&x3?F;Mt$cZ@I%PfSmSV8lma$XI8u7${XgR2?HFvdbPmDzxlS zb>sJqJ8SejR;z-IutMEoE|>Ug?-+5~)2)`XP?t3WgU`+WPyW&@IsO-!Zyw}Z5j!o- zmR`#XP_ih0m1TRI?q@%Q&0&EXw9b@fd{0RDJNeOcc2at4sqNdk8mBTg9rjo3d}Z%F zb`Hb;Q9Jsyw!_NDV{wn~;&v|?*jD=#uXo;*l+7Kl^yb`JF7agV(`w)#dN9>(L>Bay z_5=yrRLV7cYD`#BHd{lg=t=Y4Ai}Z9FKp(qshqpK^W=QB)jy4r*T!1$cu#_mqUweI ztK=*c2j)O(9R8A=d^J4jxv*aT>Jmrvt#V(72xExZbz-wp+4<_)z~n2$K9K2m&uFw`4oAMeT|F6M2j;Eczbd z!tZ}pn>?rKXpauJ9a2BMauKqb>Z~ptk$#flbP$s`lK!jOwEA0ZhN=P8W`m(npI0hb zUcd$4ed&iyrp9WI1nS@Jy#^b;$Bj z_2yQ}`gKql;#0oiAIieYMB$qCxC?w>Ph`fnL)A~Y+R-0wM}uXAgC05SP?%~Y zf5|sW_A6x{-LStFIxKO36{XJdN^fc>!n{U_-LuZ)B|Q*X?5Svl3SZ7lT;iYAv>&0} zYN$P&%s^e`&J*9W{V1l>VVLu)(#awB;aLoia^q2)=fZhPUb5ZELD;hr4G3-1N4E*3 z@niMmt1LIQquRGw<)ee6a2?@6XxUSYYFy@utWYrlrW6$#C+Y@v<6D_;N_lvSwLJ4mE{BDH(GEZ+x0O~J?Ot+u;I zmsO;ct4vPmuXi1w@#@K1r|Jh5WcD7c599cKS!qvlsK!@M2+sE0t^#iEp5VxT+n`6p z(*_@7llmh7Gv!ekW{p)L;BEd-MO8%pscL(rh@)??RwfOvPAi^i+TiLvsOOGla1+<1 z5J9f&Uc<3-C_^O(+M@igMCpt&vF#4KR$KW@Ff^P{aDt-}GQk`e6>xM*vBPeT9){({ z%^$*zU+{f1^lRp8ee_zmS?0P5Sj;=6Hx$;Yz)$U8^0eLamA#rqPR624I_P{ZrjE5A1+-8Yi-8&^5i!dQ~Fwm|#`c z=G=~;ekoNXJ;#RLxEJ3aYizaAV|0FAI4Y-R9nz}Echi`j)S)QpRR~27trnar7yg10 z2ptN{jG)!9(B1$er50867y#t#eXxg^7lR0akyb|*A_)|RNR;rrf}shP6tO$t%1H=Q zS;Rgu_yidZrA{^A+_T^+iZ~H}B*KUMIe{MSu1&gbe3GQr&B%6Cdr@O}+Yc~mqv zY&l?3K}^X*EW0p9CMcVviNcIyR7Z|sR2LDLLbuy{j}$*K#U^Odls!V{E634SKNxt0 zu)R!*)5jWY9vx=xLB&hLJ5~h%{!lXxZd+4a$UW(&!Cjbn_R_@h^a8#OLP|uoKNC9E z>z!deT3>}d+<6t5tc{{b-Z2H(dSY!_|< zvx(frN7!|T(naDOj}dJ5e!L$`>b;8S9X_2dNuNYJ7DrEeo;JoDul=;pZwT z&JO2*UG%V>IbajHdlc^d2(WoAiA31_bCFk!ByNY-(N_@IcF8)eWahdSD89FwLN5GS z$DBZkxJkZQ*D4l4Neh^9{cXdnc_=-Zi82FQ455{X;C)ia%n}zv(zyrw+uIrQtJ}|% zaS>nkla-kT55iEI7c;dnd>+Qv)2o&x)M|dOk#-Fkw)UvcwVr2%-Is$ey3)?MzfL!o zK!<)KZpLcubUGq=&YTA2{sP~)NgFOdb)T|g04tk$(S=vfO0f;U447C|j@AR$W+UhM zNw@^*y%o?)tv8R#aN@gRrB9m^>>bmyiHNru-!1JFMQe#bB6&NwQ-4m~w={~?|E9p^ z7~Dzf`oW;cLaNWL=U{q=#{e3EVd0vfW?oOTZDz4&2T-T{L{O9HriUUfEu{`l#)vFV z8X?>4&%_dsYPd%_%HJ#5wb~%WhNH_z621gKL!KuUN;!y#WAvSk#7J6GNLEvDe4-01 z=^z1yx|uaYZN}t;<^qLE+&mWh0f28xJdqpguLGD6l8V^c1cx4)B=Kc zwoSzP!M{^1T01g498DSO0k0mp?D;)3MFh82BZt)kTWgUCt}=rZ1KgY@BHmGObU=}n z9N0QS(;yek_OGyBqEeKBY42|z=gK<55Udu&r0|4PE?lCG3E!Wl_16Qvg`-m<%=v5} z@bGIn9Xa2xQ!JsYq*6_8A@BXo@- z(c&IbDcuaPeKJVbQEkN+cmGTm9M#=0I{iKlQgO>klq02*3#AsgC&W&;@Zcl07>tP5 z5sHm3*E4>=l z-h70a31UW`U9+BbR|LJDEy#f;@}VZafhK?r$|`A-m~}c$d2ds@JqszRmS{t?aD#h> z5hlrwmZp%7wqQg{lfUO`zb3|FQPmEnrxEbNcYuGLUPJKcfnG_H(EWc%tXC*BDwF=f* zu0W>Niq!6Rt!owREg_87En&`sLE=WxE1WW*?)nb+Z>>l~+sR*{Ec3bg&LhGG{tEB?I8+)m3-(E()&S;Vk zz3#2sL-^-bdmXTuu=~*mi z62OI%yEsr6D1<}5a@>}fKF@Cu)i7iWMXrMbemhC#v+npk-m{~eh4M_I3J?6M3*?!E z9N>w3cHnXtZav_c#DYOaAuiGu^iPrc3gQr3zyMO)=QV^n!rZ6!m{+SxAsW4$5G@ov zV?rFLLoN#Ok+#JuL#AWy5e2%Q##2^zPSsW}ll%rNX^I3>w1IExHAwHT z+zdl?OCszUZ&lbCZ;pNA>5c$9gk)6Gv}6p?o7Mrqfm3NSUkc#BGy!mcGEpqUoHjLR zfFyEbIvyI<^Q27eGvVHqAl0DapM^%2Cn4IsG#x1|QmH3Kj-p`y1SZLSsIC zs&1!I!Ffx^wQ|m4pvLEc+4Jz`FtP8a1YSQ6d-A&0glY4RP8WAc>)E^|gBQl(^>xm{ zb%VN-hn52a@B_I2ba776wX7rzu$9;BZAb>&$#iwzvCk`4k^fpH@9a_}Q(MkD6%Y_0 z0|A~qJ<%%q)pn91t*zx#ICwJolDAEO%sgUeux9rs64t3QFXXvjYTvFzOT(}HvCmaO zpWz83$uh6bWSn6}#wNKSkh`m<3H*b;PJ-Z2aDz|d#4rp_`d^%6f?_{3$h?6>cnOF3 z7vz3N4A|g*1TV@eSJ{Lvm=Z-I?v}GzY{%PJgZ!bdZKUjz%R_pNKReCu)vpN?`#?%U zYNxr(bbVl18RcI~{*wcQE2@;*9n-WkKtGEwtOtnix)RxH7X8{|2YiEjqA%~nj})?j z9f9@vV8cV(Gtytiruy5P`>RMM2dt(+F!lk+C^;3@o|i6t?ggP1rsfa&4uU8z^8_#Z zsjYxlE(#-o0biK}z$>QIN#N_yh5ec51)V`fWV$!tn$Z7RZx|t%$u1VzFsp)ioR)m! zE|MQ#MTuz(=;}}VuRf|6siNy=D{8-_dUm-lxH3MO+Ea0xz1y@CJ?gl{cQDOHykSs3 zKHJ=|+6Ui8fi@OnB2==vwN1#I+3d!1;;*wCw2rNXTCMnjX z0a}>)!Ri9G{2!TuU_U>NbCYQ&1B^JyU_TyAo}>C_ZsB1LW!8a242x-vry+qht3qjPlgr|rmm z^UYchzixu_&~9OAWYU%L2&f@jgdr;iKO~F*t6`M+ic4dq#})ED9_jF>uM*{RA*|HLO{^ zcp2;ZP~ipl``Mgt_T*lxa^o-CR!rq4hc@(-i*g=e;=a&XkOOzWp`WNoY-f}Gqby?j zRJ5K-m?q{AVrv4@O?04+4zx#wQ1P3#_FSjq6|LgAKMn)8XH4H{U41As5{9m zaeXMXIV!TbysQ2j@SR?|_*g5=3;G%!Loc78{3D?O5xNI_{uS1i-?~o1^x7ezd`G5R zN^qGRnP%>W$E~Vei$DHp+cpAiTiu%v`O_}K@4hYDfAei$fk4(jzU_hXyOLfP|4T_H z{ZZ07ZTG4-)JktZ14kY53!BiT+_DOfe*4b&|Na60$>m47{Q~X}!}ilZ#%*o>_uv0v z+!7~Ov9b)?H5{WvlngQTgCs?#K==N5ife;iEnZ-+W?t0%kZqa8|HNE2WJ{&B{Xtgf z7?LcH_inzpt1qf;NN?5`(Pc4e<7pT6ih`js1v?;`efNctDb+M};|P92dH6%3Xs0kS|Q*LdaxnLu5@JT8X4hrCAk$34Qxl7%=tGPKK-hR$Dm9I$*p-uQK>91 zkGR+L1sPRbd-habCw3qeiT{+}=ag_0ApZC;(P0H6Nt&kcR*==s7$8;WpHF9`E^S@z zs7sb1+`}(QG4tusltaU%C|_g0`?Y?qovV{hg-V@l5P#xWWKfY(I;j%x2BXmArFN2< zgdl05RDQ z8<5xKk*}v4d)bAzbl<}mvR@EULfHY@-^SiiqaN{bz0j zO^=W|($3|;ijMNO-l!erzz*OIjUL#b7~sEvS!zIF7AX54U{7B|zlHAIgj6*6E?#A;tA{I>U)uP>cW(XT#FbGT3+wim zaPdm1?;KA)7H7jI|CnU>t3WoJLguAar{tN#E91Qy`ZoF?=g;sPkYW#awBMwbcZ2cU zip5ETjMq8ESA8`qN=EFKP*;SaDlk!1xt5A0NRPOY8DjL2W6&{HIR<02_ivk&gl32zGdO~xpI%r`%P~7`I>MX5j7+jymIzc?uAtMZWEU_#M@P$)hxmAz^P$|j zDuHlLCB7Wbk_tlUbH0lmVXE2FnCRH(PejQp$OEQTZ@`C171{UyPLhi+ZR2Moey2d^ z^s2~G_IIvuX;DiO@U&PL__P=@km9E+8TquRJ=#5~g~9YY?c=rQfj$IWymWPyOVA_!9qJ-t2)U7ino>a~! zcJD!k6b@>ypW9jM?ESf}iVW<$k#_wFtN>(h|e5%v_&^dIKRl1-x= zh?lA_{b@3r5l9ukGg_dT2>f1EGq)wdnQZ{$K~d+5D~Ov&o(3NU4-<aOd5*|Do((RAp-pPag{I&3?;fNegRUbBoPQz)7)fuOVE*M z27{!rzVm;&zsgb8fselqgibWuL_ngc98h*wJT^+c%9$N3UYc?eaDC2EmhJD2w;3`1 z)bVzh5L)pY*>%`B?LIu!?YTr*by1tU6dePC2Eg~J0$meFvla0$aYw5;aaa2NZS6sm zp*_&v%`Hs*;coGz7R}4NuHGtLHez|%<3~znXXTkSZ!?=j!1)(fS3PNKlY!dRrt^+= zLqg622V+7v4W?)wTiBbHLbvd+ePxSJ*HI@weu<9KPA~_L8%4+iFW%w0dCt<8d1ogN zY& zqr!9|u6K;G*oc&iF$E^-l$bJ*5la?gSoA6b*F_dWzzk)x2zt(&7wOK`q9@qn2sSJL z@RRUbF}%Z3^a9duQ-@8f4=-9kfH^cxyMbbkaG}(&_KJffCmhNpN#r% zM8Dd*qdg}Cdb*X>N$pOdQ6y9sM0qR<^e9@rsuew#CYR=lTBjmfwADEx+BKmpKM0ZL zUGQ3pt^?YVC6QgKAziXbP9}3ie?*q>C?UHH%NgEM_t^%op9Zcc%7+TCWv=rKtUH_n z+ELudF2vV5WdmEhv|C>A9o(QOc5DaMzXrDO*wPHG6F;`BM%J{~&_P zmv`M#s$7Ea){l}zMyF3jr;x!IH3B>{7I-EL@JtinnIrhIz%xm28i{X!&7cFA36!)j z$Xt&#^emL{CH&f_XVii6?ih@pZmyTee#4byZ{oiqAMt)Zu)ywIR&HP7JBa={c2fo3 zE4TeZj|`-H=?j1)cWC1=KLWAB_L@QndV&$y9Wg*us?ik%>cG}%@0N!K2=K^$V9QVl z0SFhXJ`|yjQuH=f^!8xP(1BGF=IxRMxa+7RM`IzA5i%Bt^G3OQe}(w@=y~Oi^%Dp* z+i@5G0?picZQ=Bpqx|tfKP_VuC!a-_x~sPt5I|7Ae}zL1elhYXk1v$9c-Q789OS=;sK{{lL$K^QpCDn=vy- zW~`TRUwX9~dWgU2yaebfC+KQpBdcCQ6N!;B^o37fP|IRjk;{JoBAR_A9@mV1BeWHt)heLEV%N>m&set6J7 zSNh2&k*%oEs4JLNWzM~8c7*>=0ZK={Gc?cJ|9LgiwffWD+LYUSFG~7<t|5NBY2)X~?&081VrfLLn4H38VgSE)Q zHkE~_Q}$(}>d9`46lXh~fWBDTU4fDMH#{=|3h$E{%?YF#+J??dH-~qOm7f(cQwX-V|jOaV}BdY0H72tu&Z6A+UJTf z>kh>ZbaU?w{^{lxyF~xx<~rptpL&7Na5v%gZav1GBq8kIKSU^$ z?mtAR48ZinE!$yAzwBtkJH%Xx)S1SBb*ax^B@y$0(rW)HjiWdfQW%jRfL~aJfbiyr#BLV`hFiUE z>W*H#O^e~oi)Gj^ZVd90)h@zXkvHLV$b5DiM|TZXNd&)Qu}p4iV3yop)(k`a5cf6G zBj-lg#LTR+^M&l1zvby$&wT}iOUAcvLKZj-%pwU>s8!sF-+<6aFc+mJUI&T|8K88y z5TQs+s0r(x83!+hQyj*kRB_PZ8Z_v_|CZR8F@XJ^2=QGsiut12Xo13w^k9m#8v7IK zYHL9>65m(uBiQ_APiUSe0`DzvpDwUbKRigVLpVcjUmX8nk-I?7@*1thzI^Q-Z3tTpQ6P2K}247u2sfCz5sRlB)r%6_ie1SGr4W%cgdWxP%E*x2J z`N@8zgzcY+=l4NzKcAwn3|<{F$)eXurlkYu->!xZ*7_g{OfoK=Eb%ky5Tt7AE2q}$ zQCw2lE(W-?_{`9ED3wZnKdSphiBw-4%%lQ-AXvATzbo)392WjbGS z=S*!Olqcxz_xHKE{7AMw`CX6}AB7#`f<+Jwd2I8CAko%}fu>?e%#+XWdUSd2-Igmy zGvJ}@58|>Jcf_|a?2p)88Mpje9c}3fY1*eZK->^6q=vRTKe&}vex&;YyV>so^+?1u zef6O0zU^Eh(zi(>cKZCvGd@gc$eh9HecvVchnXYxAFczU?DzQ{&KxQA2uczXYKMHX|| zh;4F=E@RkMz(`f_hBr(N?aW!5gDy@@lS<7+Z@WFoO%+1YM{uo!_@A$9DDt zHE>u?EBGodlt$#SgExFd@DaNdeCv-_5_FXhx%{bQTbq-%=O-G0d#vs$8!r1w%DHz^ zCqK7ZCEJm2gG>9x@$rJCXB$TGq1t+J@#pg6W3`N|u{MRNFO@}y4Li3w1Vs|D1TJ!V zU9VXkXb6EQRH(wYgx}%BGtiL*wg#)Po#SLWl29s7Boa392tLCnavZd9OAKRhSMAB= z0MP)~AOxR1zU6TMdw)x4ut(*n4snoRhC|rrtG_+`Ix`f=syW2y!%ha#NPw9pTdEkj&ZVO z9HwXwa=`xF2eqN=^R>^YBq@w5vlJv5ey{X-PadmbQ3v`e5H}FLyn#`PLgKv5@CMYLb?!SK{}b6;kov#Me-pZbuW;?> zh0`atTeiG|x!jY!{jFfVx1=P2Uw~Fj%0XIL6t;a>e}#jrSg+uzr*W&!DPAqU5M7uC zgWOjQTc8i45p~%u?k^AYVa^xEAy(GvpOI&3>#6}4*XPhIH>q!eip_$69C>w)P7!WH zUS$!Gy88A4t{j-d6U4)7;UnZp2kBrZn8PG$l*#u`#bo6A_R`&&W{(D5^G;q9B0)=M zlm}SsD$pF_)D+rNm+UxQb>J$>GbkuexXz8O0%jCTsQ>0s{j50GyB^z;cOIYai2j-$ z@Wd*Aieg*oj`*RZdgZ`;3+DK*vYeKA#_YO5*h_$_!00{|Xpf_yr=WmSEz6N)x@Kz= z!{=_P6&hbKQ&M}4AxBMNt$YfxkD@!@cudDr>y=G3=)M!No~(Z)MISHf4W6t+fH(7G zKBd;y2N_IZq0cp8M{zLzkE&d}tkRdavNn-#lxzQ}`s>GaJ|-I?;HAurH?II;8x?1F zwTPEjic2)KUWq?md2yJm7-@QAahM8H$VAdP!t;gd9Wa4`L_&`EMlu48F9@3N<3LJL zz_WzdZjKv|0@otzT5u;nkG~W!aC{o0`?4Ji!uoA@qwL%i4L?WxF*9y???>>bKY>Kf z2*JWNOf`8^T&e%D4woZ(ELq(YDdzI9dac32l$9|2XLd(dht)Nqo9Fdd=-J8ND5{9- z;;~Np?_sB7kT;|r_tiDjlJT9&XHLqv2{>+Ow6C^duFu6#HZBa$hkTujZ9t-Bdi`5u z)txw2C$Rcfn>+WfZi>L~Q(8KYL2v@T+$_uXD4Z6;k|#5ZA4=V@X?{TX?Hs^bQ{RSj zrIV7CEizTCb12hHJLEt7lS=jWxeJ%Jf_1*rtiJ9y&FBVh^Q%pue-d!`+Y)Ll;eTh} z2G0H!L?idi$1FM8ET(A6Z6FrvX zGu|h97)AKM+KKdem`96vrL~XuegjwQvwh@Or!!oI`@$Qf1swF@#Y~*NB0(fKj2$Dh z_>V^1fsirg8^{8v*{2&_=o*c#g0>;ozBj-7jjnbZ?PaWs%{O#vx4P54;JA{{+E(V9 ziA!Hr8q+V%hK@D)nthzVpu{Z!3Z#{#)_xq;3%HYfl!g#gOsc>_O8;yA5>v`1a0XLD z|B7(lJgIe9|7i3V<`qdj_;LerQ6paAq1_R0e4JKSc#j+oQcHok^_hGs{FwSh=4pL& zwnvd4Hnjq}m+Rhajsj%;Y>#L**;k)bs`L4eDf$+>k>3_Q0(7L5IgfE!D3sC{zc;*; zOf3u-oDzLe9sTwb*P>P0bcDthXBqs7bew;s9_Mt{*(dhSaMrINC6zboUP5a42CHx| zsh!v~d@%0LOSJWfF`m;QR~`XC!;?Nt%SCK=j$KnhZQEk`V`6R(O2iO#MzOSJcW5Wl z)>yWIIw13#_HuRIdJuks=~2>nG8aNoAfH&5M7MIf0TKJ}Jov|^ya^R6H6_rEVS}?= zxs;u6B~`sT##rW(x*~e0dU#>IYl};++Z4)VVVDlBLYt4;H^01>FjL`^NBVv?`m9*r zWs#J7ydgB=O)2IBcMA`2EPqXWX+BS)-@H&d&#F8Oid+8f^Nkoi!PtwRL3j-;)!a{> zXWcU4+|8pZ8#OtWvdA`bqRE=}8k!-ACdtz{48m#iW6-kMnyacF&&Mmq>`!jDBUdAR zLg+2DwvtM%zI)W1b?ix6+bJ#)mTBX^Dr#xtR1Lg2*NGQ-v1ASzo5I$C zS^gL+p-~+RjiYW%UtX1~^s^)?ir`<@d#ZgC4(A=A*#sk^Kot7E=LON^o#M!u9j6x1 z#?5jm&!K;GvQ#&+W04t4WPa%E(l9CgS)y#i3eIVz?AOiXZkh=})1-DG()Vh1tFLxN zJaLCpeBBXZ&CWaf-btI-Be$3Ok*nY^3d^i^ly{GXm*NvD30#?9DCi$XO>L>y|zL@h(zHbIbk^+bP#+uDCPNnc=E zAlYRz$$+AI#P|+<1W|nwALI}?buDe)wh6-dm2y}BmOwhRcP*O2GM}y6nLpn-b#YW# zF&WxSlfq)ir7n4u+3iXuNsxkQnE)JQs!&qJbNrqm3m`NPUc1D}e9`LIDBjhirvU{~2Bl`;Zgq-6%x?)U43jeRnCk4Y@KxS_ zdxWTuNC@)}9MLBvw)S?!d;=fA@)*@sab{>0I-n)>VQ0I2ApyQh42lXigY+z=J`O(rXW%sja}rHDYk~q%F+<~LBIlxtxaeZfB^I&NU-LnEWD|+tPuK^Bn$3g;PIpZ?rpZ2v}WFR1IpuJ~) zy7(7Z^J&nK)1m(%$kf+z5MHW62;OE{M{4&doBpC4Tds8T_A0Bv*=rkhL6=)@byc^Y z_k3v*ssNB0ZBhsWsy2|NMAXYW+mFuFV3KZIG4fAQ{>Ru92HZW)v5lUE;6W> z3ns`zRV*p7oj z_cR*5F8ydni7r85=P4fC5H5#scgkAple@`Ov9wR}*G*m<4DA5sZ4KEv9n0|rXDMds znHH3BY9|_XxUWM-znF)&BYR)_c<~jkbc!?-=ff=}96f}nhf<_rMbyQLY_Xakh-`)YQzEE@-=Rbv{)Vk=Qx7Rc)4Kg%Q{0J#@4~FXiDB?4;Q@$ySIZQ5%JIqzc^TW`_A+ z+ZT1)UDmr?Gh*j$@2j+3i;Y*+$Ld1Y<@Lx|_|2r{g4R3uo~{Q)m)xdp-lnPvXE9J~ zd3tk?A-nLPNtF6dzVe6Wa|^AJtu~*^mxYQKsnxICX>O&+<}KP<+i5*Vi09APG^4z( zpSmtzipTrevQ-q#*QSkF-f0nBSFc*-i`OqUwCU##@pb(E>{NFhT<}qT>xH3-U^P70 zIoO&_`A5HAQ9#`$w4+i}wE&+-qz{~3P0$gpf7ht^Bc87@>TrFDes$P=@yb#p)s0mh zT!@KH^j9M_JSaV%T)wp4hy{#bm!?_9t`aX-(LI5u{dTgnb3RihR^u8OUPo9m<=PSV z(>)eJU*!Dlf&1Z!qpE}sX>x2ruas(xaZGzdqdy7QpYQFvSWy-6i!EE z3r5MLT?eiEVKanZ52-;>OI!`7&aB*|^)MyaX)aOoR;)Pls~r*x)Jr}#RuspL5s;+A zRL{Y9?WKqJq%V_*4+&(?J!x5`d=Qz=pn`n%%UB%oJ7`Vewvl78WIvmWWGl88@EAns z5U)lRp4IR=puD@AkvQE8I_2?kMtLN2`!$r68AI4unzl{_mR43h{!8JSs*fI2E6nz8-^L{JM-7BDjkKac9IN5=j5^LdYlg*KpTVxtblsU<2 zBE_r;$Ed&8a({UQIWuQe3TX)X8_gCi$L|9MDvvFlx0|tSf_T7Fq#dD-X*%hr;K??C zWX}6y@Lc)Aw+6Tv4Ck8Sj$^t!A51*-p;PbPyDZt_we+-+c9n~qf^!;@E0Q{73}6m< z$OUOV^eVgB_g%IeWTie-8I6=ZqRNs0&O`yYdSt-h_H$aXX*b0h z3p-tG)KaqX?Zg?$`L|>`;rlED7Zg7H2VGE8WPd|h8wNaWs8NEuF z)b|#!BbqaUk-Y=vkx{HcD<|1T$*Mv(C~jRXVjPse6n$HE0g=irPWu$}4t?pGUr1#**21Cf)Lt@KGd zj}Tq=#D}7V44Ufv-KCf=c`D-*FP~CHYD2h?SQC@$lm1+G?7S>GT?gp1{j>O0HEy0Pz~x~tNG!>^J$`!jxRVQnthh;P z*y(_(7&IR@5zJzJ@WzQwXuYO^;`i$+9W!Dn^;n~<#zgeS_k-(03PMJzeL=ZV%lDcewYD?B~*M!)|L7TwG`nF0L1A4F#hLD*; z{h3WdP$Njn+5MSCeFK<99|f60>C_LZB{I4k;Wtq0|NqMu@{94N~-|LAJ%>-sgJyqKvEKEPe3C7gDe9H>+Ayv9#kYmIdWU1uGzkXFu08Ye6sVyHU9400oNE=)hM<2cn*6EDBg{rt)> zs@gE3Sb#dh+oIj{d_qNzD!d;DAxiNztN|7Am>iczfvKR@IgtXL#!MN-RYR=TKW8rR0MRB97GCmL3R^579P|=+T4O3hz!=x(pD-pq- z+eSSrPE7I;-sOgt;b>Bfq$SP@Jc1!2E2*hIfuQVbl;zq-Sr0=4j;tqQvvR4o^=cg# zrY8sl^LFRGIT13|@`~j$qSCz${M!?bssJxbh&>P^ojJfSXV5*Uk<8*xU?Z95 z^56$hmlu77;rRL7ps%(ep|k%7;D+| zO13oi30#Qnkx}`gG8s|fdi!R06qr!;6R7MdHmF)mtNzPS;~Zco1YXiyhJtwT3wSjf zYx%I3p!I&2vRQ*St7D3^GrbiYl#`!|EL z^5d%Gk5S1wp?4o@KtNbzy2kNA1F$yCGPnIe{{ub?msHk8v4H~q3dGYtdO zXUch0O$y2ar-2AtfcV)LW}~bwR91ENW2GcFA5N6m3{7aAFEf!3zM(8NfMGK8t!wy;D6H}qBy_eHBs+|Jtb;w#E}xv)f7Eo7&cFg=y>_JZa%^`pgL~ zQyWlP=LM6F?gOfzmK~02i1F6~iH-Ml>0wMe8kYBS0u^me;fwDNLgH_ai4);O)8nLN z+%QAm))4l*93hSEU1y!HM(OCNj(aCOP9H53S(9^;Ycw2K7J_c)2j+T?VB{W*Kq+S& z5oE}V2KvTo2AZ`$FgG%N^-^(PbWAdzwJZ0LB0y3l&D9DYlso;FPHF3)!le>fbR`;< zb!A&#`@Enm{={kkj4A=8MWJq#Gufg3@(@&6KG7#}*H`AJD_7V8Jf{N!i(Bi{ikb5d zKRwz_oAEeoT~{()n-_7k4)c}FQy8zAS3S2kP@1XqyHa3Y5ZgLmPl&6h@59jW)AY95 z9gyRq%BZ~fxypc>ohC1?nQcXS(5^?K?<&JZz`jOm;X6Q9iZ!AyR|*1{xx6pxGiSq% zv~7<(y3}hP^W{wY<&%Qa*3xGSY2Z9f?a{zHZ|ig8MK7x<_#q!!`)(y*b!q z>=hdm6%#4`&2wptP4WIkkl}mxT`^U4twOU-ZBPlZ#3qcyBi`FSd6cKBna{P2GHw!VQ%|N$jHjHl)U$|3G|Mx9 z??E%;%3J$I#Ga-H%Y{8!-F8L?PWO_03%VV1-x0UilV^TH5od-Q9m!K-%7n@;q06aC zc#Xdmdz7hY%J9BD*n8reTs!KTj#uIefLmx*zXyE#5PAP|XLUBPr{2Wqro|%xW2urra%(!22#WBn$pc zYP4$qZ&E{L%HogI7?Ta`&>|_wxIejx0R9yjwCR}WAte)5rh*hF^^G)!krKFSbw(XfT2;z8aCnht0p4Fs zh|ZTIT5RgU@_FpW^PP$sElB~_p zAABHrY%@d===vFqW!caJPT|~|+rM|fI8kTjer5sPVM>9+&lJ1Z#_*B9zRZ_@BH`J! z3M?%b@DZ<{OYy<{;u*tb99ctP3hy2h9w^8&WGVwny9)R?^RU16I|s?sY_T2E2R-l8 z(FYTWBL!TP0%~_jLtGw&?xQkEMDpjI+s{O?V)1N?R5a+iAEEn~y_urF3ggzQ)hOf! z?E5_NwfMf#es-|Wt9!Lvdpi-JU)Y-B(~=QL8w=-qny=2cuuwR^N(k{+t=NVw-SQ3M zkk+}(REecJ6E9Ew|Ucemp1 z?o!;nxE6PJcXxM};x5JAwNRYm@}|A#o|$K!Ip;lpB_U+xw-#Y#U;Fy({VgmEb3WcZ z^SJfyUCD?#_^#R7%GpNi`O%+~tr&o-%Lt|CQFdh@pO4f?dC!#}z{9ehvRR2XmnWHd zTc&ASgi-i;nM!U=f=i&s!gns--**llPEIRWe6Gi(5(LW|GG4tk6V2R&GQ#aWvsw#z zo32Oebi2ych3Duh^ElBShj=}BguOfw7VvGq3hW_i0pXIS2>d}+$}9A;!tTBn=s_ed zg_Y^$mpVNGtVHP*&p`$@B-(j>TLJb7{s4Od%7I_C7=i2+IB}=D>)}lx%Mi6%=s&v+ zXd#~?0Cu7n0BsOfz&grx0aR=4w^qqZGESrzWWWRHCB!yO8^E(jHLQ0@JjOE|s-e#8 zeM;!-yj(6I2|!&1l60*VVEc0`0I7>CAJR)2i{AgN7hOm|KL0d(Mj5&-4}{|k%#M1U zw=zqx8?@&zw>92qu!LFx@PKytL%6?$+0fmhvOs2$Q6@ecTWhHwA2%MGVIP~O>%9B> z5q2tmnQ~PSgLCN$k)le8er3S0G2L_Mq@I*6f)!Y~t%j=MT94)7&S?gwIM_>CvANyr zl|D9ZMIB+5iHFUn)|*Dv7!McnH8AW475B5p5rVR|V{zQ0mW7!g(qnEb=_v>Z>XB;D zy@sUi=PQP{*Nk*x3vjslpQwp85ewoTcJwFJsSB+q70T}PCjnm|)mc7bsI&B>$HkvD zu?FBXzA-Y=VX|BgMTW4P>yIxt(UDx-3&kWsDMO|*qb+TwG9%1CLdal|&4-weQLgjS zzNhS)quBW(e|D%OFThWYBu&(3b`K>dVbm(^Hc_qGUGfXyZ>NfMUO(>dfro_Y!G-Kb zO*%MD9vI!K+w6}{75{&*dZ zDiT^1ID_*|4@B|B1~jch2+&nY5tMov-m(9*g0EBc00^-A+MtX%=dBrrpvJB-6A`k{ zK#ai0W<z@_Q!{S?j^y_hdpAFo&y%9eIeN2SSrACxh}F1%i#meSW$Erokr3RP&|J?f z5twvY$?1nZ|DR-bq~Sr=q7(0&xut+RrniaWpa2aAqlNgM0kdqi3G!X+$guIiZz8nj z6U|PNj8ZclKo8ZHinL4Qnei=k?=o0YH{W~vtN#%*UEJkSs3q6+qa4sgopJ!0sO^|X zx}^fGJf|O7ZrG+j(VwQGyI|SFhnIfOk@@0WMZqO|okdjTa2VgjORJXI`AE1BH5idS zgY2ATz#7=1wY!!~(Y}Vf+4Pt2ka%WF2iltrJoMkH?#Kqw+_F2g{wX{f=(^8B&+h_V zwW1bUl9|VHK!m6NIGU0vQk(Y|x_RuzY!C?L1ra|ow__OPIn2~P6$DLtL?3)g-_UhD z=7?&jX0=3|_UO0qaB}h9n80{UmDE8nw2|-jWI`5{I=;KBaITI8G{7LpG7yfbA)$b1 z%NsLApNMGTuXJ|_=*3wqRJvqIk(#zJ*4WBm4+zQss@hoIRC)L>_NH!$FrRvrZiVoh zvxoJ(xdvXvFLX;Fu7=LQOzk3(z6;)cVYpV;B_Sa`B1R(0`_lxQ^4W_J!zAZvE@5f8 zBpt>D2|ec+X9wD+|6At3746B=Y2IrYo6FwlOS0)DSk+olNUp|g3eMv7LIztFCHf3_eXP(r}DVit2|>6$%b0iY(#e7u>{yR z3CWfrqmWHIh>wti?tJRQe>^0qw6KlNpw|3+ITtC<|D z3H$Esl*%Ay;dzus*A!)6RY(H+%k+9-H{X+amM0+$qLb$3oa%cUKJ2!fI0NjLAI#+AW8)Q10mQyU8UaYdqGtB}vX z*VC?bu?V5q>>0x!B$zP+A7a{o_NLtRr#8PfZkx93j=2X9y*v#D+oLpc_el@Lv|^d1 z!y6?F3MnFB1tr;R)|vn8QSjcE=f*2IR=S9nW2bB)>EuenetHH6+!xnd!| zR_H?QNT@_S7RsRkZPyqcwGtP>>z!VotD6WY}s0fmD<58FSx(X z!4Xk>g>mGjJtFvw6rsyAl7~?e2ah?YeEb&6_bt6B@s$$b zX8Qe^lC}Ph02zWOb?S%I>so@|Ye{JF#F%-`BxuMwUP!MeTk5W&XS(Iv^eq1}{&fNb z52mqRY`s@F>oGyVHmZdU{{WonNX8vp(clmEruVTe19^A3;~%ys#eUVc3X8cYIZ?B`!W-q65$?b|^u^1A&6{YxLyIvcaeLfhZF~7sWe+$d6ze9zn?}er_ z$;3#H9)BVG=#5f-5LUy@%qy}*C)8+|*e00R%5UDrYkZC%g+TA>q`o>sr^RwG1+@Z7 zUr1^57~U>>wwoIp*Uq`k%D(Z7ZLNuIWxNYrstc`r7>B^s70m=qzhV9J+Mwwy1C2jR zTsg!xTo0CSLnLUAhLi*Cw$%X-gMir}0)$g?jgj7rMmi5Sq%S0Zt^=Qz7{oXE+d0Db zVB@kI((dS8VvU*ktp_PQuzEW-(?A^T#oL{UL9kcZHXdX6kh^Ht2zr zo;7VZ_6e~LSs*Uhd1|Izrbwl3-`E) zTt?+K`PG;i{t7hVO^E(x66fX`#p_;Y>*gs=N!aP~`>(IDk<@yVObBz0VW)Za zm`RxdoV^rerX@j}A&LCPc@mLUrl_5mPh45w;wUe`cV)GQd&lk?9+qgG9EF+rj2it} z(k*RSXb^t3h~CZ3OtX*rzpZ!ZevqVAD5jOz*}lV4u_Hwd1otQ|TGzO8&*VW4>M z1yeP?ANG?9_<3c&T@DbrH9y3v>^H1`HWDt9e0x|{AcXcq{rxLpV_s={I|J{F%K$Dp z7aI9IPYN5yldi*+U!_Yp2y_)|&glio3zj-D=~)fH5X2H5f`(As_hF{!i2?rUU&9(g z0q>}Rdly+pi(3g+D$`oP37_EXyY|BX9q#Tj#>80^XIEWJTEKciuYPEdT&_mH<4a8g zSu4)lXN_T4*Pv(%B(Rnc-QtIHlMWWsEUfy;>SHs{`kBy#mcK2_aZr9)!b~=%B!pQ z((|0_m@pF*$1DBDd__TC(<1nGTXpt1v*q1!Ul*zdvb!VB)W0eSnGWs;)ZTg(u`rO) zUp+eIpu}&OJU33kZUM_v!9%((Mh&va91W+ZPE;mGnB_*G(ft^(qNow2#R|7$BZD2J zl)aHMECVr*Zlz2V9$~*6S!*P!?=>n#S^m0iqm4^BbRI2ju}3M_?M{i*elKP2dSQTd zsN!Li-YHB6;65@nyC5fLN zX%kX1L>*E`swW$5vot)^hcG~HC$w0T!A+=kbo(u;ux-?GZq;Y9l;Ccs#v;|vg?UaC zJqgioLE|uq(}}sBga=IRORy?GM00#}e)3SHT3P}{*WF>Kx^sPcWlwjOReO#2ppdH? zKWTG4GFl`$ar_1*ja1mVWfce57YKEl9!-$N@IcH;^bfNkrd5C=R>se0rM=pUpFW$L ziUA^mBH?I1>es0&Twogp3>ubvi~#zeT+&Uk9OB0z4GRq_h;RCvrVyX;{OS%uu6ar<(Y%bs` zMamhssDRHB^|ZU!P4d<#_O3I!tZ<$Lh-4)hJu|YMxh@~f401|_$TZkaUb)&}cy#V= zwu>8`?W~lA;*T}Lh9$!m5r#kIWrC0=Q;;q37fQ}3bJ9e_0;2VmCZst0spRXn%=Y=d zCKmFLwxGzMWUGH*gwdbf{o*SLNVtOl#?HC7NnP+h$Vs)dgHVDfNWtQ>GXruHzp*)} zoe`NKo2xFTqft{n$BE^x$KY$<6p6IEfv>t=PPAwiX-YrhoRX}G#<6a_WV6 zf7yKe!udS{+0p&S*Y7D5xSxrB@NAgk9;-IgW6w@W`C+_9cOEAhm5E())_2+Ghgf9} z?~CezJefKBA$D~mzH*hc`<-@1TG1`J1ql)tRQ=?rnb|W54!>Q+aecsgu(h4V!*9Ro z0e$F|AuL|80)Nl?31052Qj1Ef9FRqr2f+=p4AUb=n7f&l1wc>$2n+gQ!$Ew>{083) ziiNfOp?<|2NesD>Ky?=&H=e$t_+J#~U z!leYou$DXNk9WSBH82g?(5sZ!#fo$MSh_xFQyV1A)N2E90dw)&@J#~k09l4tt3G=! z_1yu$K~b?{B9L}d>vJQa_@46w&3BvwuQ%Yg4X@z_wBbXEfHu4d+5ejj zKLFgaK61ebQA*(iP^%LuLfad=pPTjZ^-&BhXUL8!0LQmL3QFqmASIbywuYX=4*^P% z{0&&g+i|=()Jzblvu>-@Y;=%^2g+hbmL;$;ik7U*{#Yias)iJjz5It9od%#`lsp{S z+if!R2VbQQ)6r0p;=|E?(=UVnpkLCX9RGq}8jtLAgQX&k8Q~5ioi*!0j8wGYs%6T_ z>ZN2PjzY0EkfN673_0=^=mgYIgPyp@XZqdp4VaIJ`;6m2J*v}eZxk}@nJula`y&8cgd zC+jALGQ9vPQk5@ttrj}=a|3iXAI!>U(14Qw>ZUcT+Lq=Rr4QtU_3&38=ekCpcpKzb znl)xY=UWnXi1xQsZwU})uGfqCDpI|{%r<%KrKKg=j-|8Z4b$(?KnUw+Q<>ii_6o}OX13jDT1KyJ?y@$}2x+^0Nh<16zw@(M|b zs&f&f&p`mx>qK# zYFm_M+})a)d%h1sP$85EvkZG-IC*j0gZtu`gOsEsVPd^b*q-^szV3;4^0OE_40Wpx z*E1OjM_cn0Ur*8scViow5tzuMTwdKBj1IbF4&BxNLHu+c_-`YVbr>Q9j(Rf!hvHE= z%5t4$mgm*1_!P36(6Oq((!15k<1gABrRbJY8w`rqw61|x#IABAKjUoaL2XS#FtOe} z<&G??4A|fV9kbDn-|clt-qVf@Pa0WAOBZV8@dmQ`UiZ-%Si-KTiAbZG%xskO2)r8Q zLhW3hj)^bD&mW?Axrul!l~udt!7WW^NiBO*`h-i_Z@(jafo)TXsKrB|fED!d$e8b= zPDSqh7!!NN!Au|y$t8>SW-M*z{OJox{w50^9%=kZ%Z)f3&>O#M%#ivWk-w1AbNgllK7? zAn_p7n_K>k`)s6DBh|l2KSlqI`#AlD`xw*qe$3h;8RPXy>vW6w^;O_@V1-BRs~H?5 z(VNkEa7DC{Tl%^H8v5)+o{+F!Z!}H>31uXcq9V91(|W=MwWGpBuM?!+C{I|wKK13x zVJ`tq6O89E89lwwd-4lTIcnR;)ZMt518@Tk{itvYhgqqBvRufOMNP2WsFuR0rZi-V ztBZ*&@6eNtDw<^EpyC#eKt_55^yBlCVbelI_Y~-i z7&9lKkjbHkC2#uQ@U{8hlPvtnsW1b<$G%UxoIuN;cT6Rob#?H$eeoIb*O>jLp*}^} zVE8Jwr*RSrEe_c%KU$ETD~gL?4c9PVAP-&$euK#ruG|>q5|_OG*$#e9g>tP-i#jf7 zkCI$hP2yv;FqhS&1TNWCo!F9gr&r9TxC&Q!Db4VAbGlfmkl08#e{;5Cb6i~{c)iZD zC{y`-exOCq9S`}Gs1qA*6cMVr;5$jUNWwjUj`T$cHWVG{w2Nf1o_>YX*hD?n#!!p- zg#yI$K0`c@lrS4z6T&7rM?Ymq?>dbz`hgIXS&N@B|6RN5)Aheg$uD#j$C9 zjrbM>T4{|ltyV_mG%MY3 z3&w7`(OtPCXIQlQCDC@sNwt)FFg3+GJ~QmJ`r>olO5spetx3Mb0$%-;SROij=czqG zrbI}RnS~IsK&iC?ZB{a1QuxHoH^=3@JyVv>**&Xd`|}bEp`hNPP!o#Hh*uRW+<^(3 zO!>4Lie;rC?KGyQbvBo|_W+m%fGmbdS&o;TgRB)1#};CgbtL6aiqdt}Q?5tzG z1yYrnRr2s{Z9cX%GvG^hiKw*BRi*Nu7{J&4atH2%(Qfz`jtz^GPxv&_NZa{} z3;R!x?6B2XR)`~IJd}dwdXB$Fz1)*b5Dyo!$Gp{xv6ly z$g9D5ZX6sMI>k5`NHOMEa|H32rWwofBnxxxdl!1;3CqkgKGI6ZG=+a@lwVrdv0)hc zxfM2>wrvym36xLnx;9?%u1%+ggy7M@B>P(LOELc8fX}UdB=kp79vI^fsWo*ow-4_^ zIYRF7WqL~*hqm!qiPl=A4pB~EB1!vFlWW1eyMDpXbl0;SHX?{E^$8pAzjm#0UuF)V zh93xcwV!Lg^?eC>i9C*pxg9pUo4b;Enk&AC<+QrvHJji{rJcm;f2NSd={G(0Za=QP z6eSk%Wep^2?!}gjxhNU`{=v1im+;3aci;(#&!tfMOI&3Jjo){m~Mqet3vKzwT1^L{k*;h;e7zU`{hS zlRT_d42`=K)LGM}vVNDlKdES{Uvhu6zW0=-CqiUga{6?iN&$h~bo>OF<*Vl75&<()>uM1l(OzDSWY`LK~RMFU8QDpFmi2vwGvRO=8iP1+Z9X7p?%F@!9}FL66?fo>?l@1;Y`i2r37j*(wCX zVV|~dXHSgf#1ACXeDm{>0HRn2?E+WS1|9J#+`hn8HDC0GRS+8Do^Ys{Jk>hG9eS&) zaCeF&8nM4o9G}k>S?|oz^7G}&Emu;#B~Sn^kq0&6KdOs5+~w8lJh-CQWeQnDj`q~1|E!} z`*EHkH8e^T=pv|v9P$Jxht!k!8TQ)OVbP%>HmITTYRbckta@~O zII_4OL^b+2@un^hMFMEb$Pcp7RIFlL)dQfk@pc3#A%G26ZQRb#c32RGFOD4m0cM2+ zBOaJaN;94&2Pp{jy~1PuA2gDjt%S2q?%}^>d>U@2)<0x?s4U}n#F`;U=OnD|5>4@E zZR2D(zO==1`YiI`iJFfUs#Dte+#!SE2|MH8E7Z$AaS`_#sl)G_B|kJHRbk`p==`OJ zBfbaCplvo~nv~tGS?VcqWal`${!0%x54MOh&K|>DG-FrT(wQXkgPE2wZR+XJTEJpu z!e^3IEvB**)HBtu9l3NY9dkuxZ-BqGQ>`iUDO7xqe1M5z!+Ja?G1xM6^Ww zkMdO(3BVIs0=t#90V>~?|5UzTlsMo*o$mKm881&@RcGN$8=DC$eNy#|9RFzFdhA%e zZtgzC%(~RHx@9u_wm|f6cvC8LgR$yCSCZ(>`|l+bv%vsNpkDOUqg z!0;jwe;=i3o5y#`RJj28z&hlOPycVgySdIk<*&ohZ~2>i1TLKS=D5EdCwt4G(ot)6 z*ThZ65K*xD4cbCT#pBHMmbE%}{sU`~i^pFmN@&}EpeR`XM-*kwn(Hs>z3%^ydY{^$ zxXviAw{rBO#L)YIn1`eLn?Na4{!ap>bMRjT$|NpU-%RBU?u<;DSWI@Ub(oVF<}rh1 z_GL)vnxRkoX2+xXzPDJg#iiLQ-;RbUQRtKLSLm2Gp|2W8=niC(8-tpV$hPYUD=#0BkZwaYP$zuv$6=#3Fh+5Pg z&`V&Ed;`4VE6P2M??-8uf;w#(v&En%hxQT<_)KirEu^NGjKYWXY3JpE7z{@ZdaMpD z57+fb4OFdtPFvs$F~mG1btFdso5@4-WcMy&>rJ+J6U8v6iBT!dD=n=&Hv;qs;-lQO z96mnQ($&w?#Z`GwPHbhmtl6w^b3zQ2takf5@JIWWIi-*L<$x3{X9lt8qe1MzrF!vz znPLWx@iKBi2hUvW2{KxA>`*n@d2&i1TEv_2}pftVN!D}6vaQ${S=mv?6ebH4Sy^Ydnb z#ZA|`Rn+b9k@Cvb+_aTHAHM%lD(5`IHGKdCQaFZ89#^NB=*#zy-#!vDcw1w-T_t=1@ubrObgRDtx*d!G-2l%GJkPRue1P7yKcM>#*|RIN z_xv*zZ!Uv?UWF=^%ePOv53cPH!Edlsnsj4IpRXQk!CG3+;i1S4UI5@J3;_S#Cn8JE zCGPQowHxUy{q&ZwW>)}^mNfaL68jj5=&J3_{Y`I;E{N#OJVHkY-6;7;Aq7%&eg-M}j? zLwN>ONWcKkg%qHZhY*l;08vQjT=oNFU19)beY)ovyIdulIRv!8e87XSk-ozIAV!I0 zm1yb&2HoNW5@_@bEO0yyBoGYR)fIXP3>pea4*1hQx1vwAM49F_bbfZdtbY6ibu5@S zJPjgwP-qmCPH2?pTci2~ODpvl3E#$GR6NvktThR~4 z*63YDW=zL@Z0K+mA5H+xSEu-MGnc)P%j8{v=CIR{*n!`Y;9^e^>u$cOAOfwcI*hIQ zOaY7x>sBI-pq4*+1tg!kDPGC2i+ZWIl70?MMctSM@KYP2Vwp>ko_Q4Td(oKm(1~du z7h@zlHrQLrHUAQ8MknRc*MMLmVPvs&rL5c(ow~$_orQ0FyH(wvD!Vt~oJ=CvfV@(6 zddgs=(i59sO zAZ<^}aKnnS@HmNA&x*t^s;(B~D(5gTEj5z_G!z)pGxO z2oKkut6=|KQeGANM?@F41>QGH%+n+o-BD4_3i>_Y@vdFp$BDez4;%st=1E}j-Q}NF zYnpBLw3Mxj@E+*494KcJsSY~AxMvm0Vc%Y~YDtnodI=+0*+Q{OaSEGpmt5Cls##jl zA=&U)$hccne@*3_P1{^?tbnfk@_g{CxW!gqlvcpSE2-}aH%3(|Q1d#@+A)Fvc4D?P zwcicBb*91Z2K^+g`Dl68S>GSp)Ei({EOX^Q zGXx1hCAd2$xZhFv=sW*bR&vqtC7Cl*K3H3q!JKzWrm`f>!=jvhpR#|ikz}S{WjKT$ z2KGxGmk2P7?{_IL7nV?_b28D@3`*r)LveZPkLIprYj~{i7G zoTk%w*2lIn z#HQcS$n9CT+9}Qetsmj>50EczvQ(48bH9nTXc|l7e(7^r`}8xpf|*euvSaY@AKGm71by|*&R=*A){`AUXo+A6l?5vLWbZo= z+R<@UI+gn)&T?izNFqWBda$(KN|r(6-|DOkTj(Fa zj1LOx^Or3pTG_bY&MYBx%?NeQ+TEFN1S~h$uhhqi8K_sKc4wZoed-Z$~yfQ zu=9V3BX(8r5%J4qFUGlz7p?rxBYHNXB#`|kcIpro=zpepoym=k@0N-kSp6-{J}dyG z+4&brw`6W1HstIQipdy;e?v*2V(<6A88sThRk$E!0XSG_23& z)25X^bF3nZd6H)FhNjmXs{~{PJ$i{Bwa)z$#Yx9!FOUyvzR7HE2CXs?re9d$*YpH; z_WCeFUlBO6Yi}$~%j)Cr1}jb z_`d#VH+AkZkU$;@Dgu=eFhsb|gJMOB$Yh!IH@Ts6dR`*(2C{gVj&BisJJk8Wp>Y7A z6{T;Yc}8CX?S-fp<;6*Dw5_sTd?GoMs3RW|zNGn7k@_vpU2oQvamfSu8EBuBd2Xh# z6TP1=S*Q#{SS(oF@+w+<=N>#LXY>Q14ZV|P2CNr`YtOp@7IZDVDG?FeFsTXiI7c17i z!LoEUM=8D0wXi96R;IajxMj*>d(YuHAC+UKBbRV`PoT3Lc`zDnDjjo#Z2NcsL9|4? zuQ{PCSS>mV(e{yy!DYGaV;YS8dsSds+$G>A{{)=+`vQNUu9uX_o7Y-JG*Q$67Bb>d zxmDP`6;FGD^AU%mh9!Me?BunAkZnp>Z`qz7r*k7Z`1U-A9NzYPoeYc|-Z&}L?!2Pc z^IDOfSOBNSg8pfTy2SB&&$AUj9^ss^qvnwc5b;p!YKCp-Iw2U&5f=9m zK?KebSe4iS?SgW;LRY#g%^bixPN6u3Z?9o(qvVkFe}GF+W$9*+_g}IhuR-NZt9? zOav8zQCXCy!M2>boc`A0cTmT&xs)v{e&!NsL#-AJnT-1gt=IT(1^zds(qhUe_ZFUN zsr)v~cpN@3kqon*JCE7ao^5&^al2TJ06dI!${^i%^fV|z8+YMr4J?)g`m8|7iU~iis~MT? zE?~@1mUHEOn^8g8KEy*cqcx=~oR~nZ>Z?jwNxdnWv*qNtyR@K7SV7)X8g||?8PPJa zjg)Y;Nkcj5qUJ#s?O$-(u*i&5E}nyRA|&b;2%{7zgA_=;Q*fOWAett)2t?Bm%jI4L zf;O_m6vsDZX*}EK!IXBu;)5g;uoww#`FNrZH_N2qAxqHSP*o!PK@^)x#pIlR5V`P^ zyX8Sz@p)=sUc9>wy1)An6a}xpk>vYA&2j3K`FIGug26oSPX0xx6~)ms^rFS=&Z)fn zB)|0%-)GY@?h!uwC!RG3tBn4WP}2hvYP4XOKQnHH-(c?q+6e@G<}lTqyaMDbgctHE zlkl)gAHpXEY$W2&N{*lqMeOFDByK@*{eo=g?-c_CDp z&eD=!@c|o{JRNI3rkENKT60QE+3(|4YGS(*6)z4v7S9h)j;J4*iw{+jHZzOLJWf7f_x=jIwe>y_$J^M+Lus_(#4_Zvy^C(P?^#t2K5MhQOGz&Bl(Su)9t zMW)ub7c1}|#)|V7X2u?(x*nh_;&f~;qLzDvt;xX9q+k*)8u;$c=n>Y5W@9#ARO=zA z0r`zZiWf6G&X(@15uZnom?7u~)-M|e&6Kb(4=Ky4;72TtU+YV&D_KO+&E@%H8udy2 z>V{$?GiO}#E~ci0`Iv0JOD)XCyd7)WL#kDX8lswNp^=)_Q4%#qvc50=BRIrjzt~eT zR8{1L3mS%KWO1-okc)*D)3p~8h(0SR%;%@hP|K42XkxcWSYQjR>`^p(R9%AD7^S+W zuwYiF79s7ZQ%OYGSWuY(Q-(;T?ok0L29i87e@LEkKn!%PDv$@M$~Ui2@X)5U1aS-s zgquLuul~*Q=moSHmK=ryVTy1o`IJyRv1S6#bZ|dj;gdo~@`v58*QCbUf!)u1#AA7s z$~*W+lCe;8Jh5MK$x<*7b>kh{azRx0>{aN?RY4t8R6OwF3i8*~CFF`IvCqJJ$jrtV zR_aA$x?RwsLfb0vmLT#zNeZ4RU>oFA#Ds6PNMPI9uPg~*&oV+6NJ^mK(b%(6%`6jH zK^{ahgc~*d3NS_ERdwNE3ml*{B?}zbr@G@d=nW8;IEjQnCycL60FZ!)jd{Ui!Z6Nu z>ys{PLB%?85K?XIK_-GzQUUX|wEzXBH}}ghuypi0QaVNQiq{cbg>zm+ghwUfjd_qs zVk_AiB_B^!l11l{r7H`~VG_NNr(B(D=i`>cgm1}fotX3`DbZV=k^^!ukyCTlL)N;S zMAW@ME72aNE=F8+Ig>3PvPsr(mfW)F6lTTI7y;d%@6Nm*rcQU>DzPs!m+mv=c@O7W zy>FAJVeL}&h}VnzJNvNXX4G6#mX5EOX++)6qEKJpI-A*lfFo|W=`%g+lOWAmv6;Wi ziGlWxT3|t7!X%gVO2mHmj{`)4>ysiWTueyBJ_3A`0F~g8*p=Y(Qn3-GP{Mw(NN^DO zuy7D$1NxMde!v)5u48@=BPK}+?` zHH#sIm4#q~$r(TSFaS>)5SiebBr%Xpf=S93Tc{dS-x3PXP$#Z>Gni#CHKu2?@Mt zNE8NiMqFr^UOU3}9y62z^d^MkNuZ){xUX=S|E*e^((*dJUH z(&|w!EEW(nh7@}A*mAXI?~(nX_fgKtzx{mM-Q}GS&n$3!w4x}%rixhefd7`Pg+~9A ztWDJbI0ms&4dtxBIbDuq%P0Bz!~6iY+5~(QzP_d^U}~BR8m45$!s?A=ZlF#}_^$z5 zsSjanlA_^66~qU-|FHLEzj3~D;^nRSjAmO*?+HXDV2>)LZYyZ0AbiR!- z@v&UOq?jp%huLQXg-_y0Yw`R{w#C}{7?RxLwl}K_vE;($#X!=BtXA-jw4S#15$l!0 z>r0uo1V*gX|4!GU4keG1La>}S{f^jnB=F(XAFR_`vEjtYmDjD;ewAADlAry7&y8ES zM2##_GiLc}g}wgu#AxIu-Al~-7)91Ht6PUjo*=!`C}BI-cw-~P5F=iJ?VJz>Q3=K6 zme9m(O~OIGXw2}7qIh#C^s#C)OhAbzi|%v;5ng+8A_ViS)eB`+qKZNNqHWudOYp~O zx)!Y=SDY^{NeC?}I11xuV(zy5RgP=0`2bjqcGGRd}24S`>*oKxnX>_tXI^!DIlD|VS zzowMJ0xju2vRBdAq_+;r?#QsF_p$W<`+VI-fc<;EZuXzsIQKE>_*NS2y}yQC%}-A7 z)?wcL>2TuL+A-^NwRqR2ow>$F^&DkR{y;H`j0HGaU1lHk3@>Mmi;{y49zE#`aq+t zk82H6*HiKSXDGDg^|-4zM>vZM3yVv~1YA7wURA<4;88F#7)h2K-iDeDDmM+>g;IT~zk)GC3n7|$#q;vGf8}C?4*$-@xP-=CO&>YkEn=JYBYirO z^m`*XV!h6Bqc4`zN{G~ifBqCdNVP7nd&QhU^goJ!0wwfH{zociVc}WC-IPaS@%4A> zPi@ri)}Q$D|7`s^`MdQ;pd?HzrZ=QI0aDKL{GXMLH^9n9 zhMSY{C*xA+Z*M{mnn%um79a&9D#E}8h%lC7P8HMW1OIGkJo+B%cZZ}gg$Xm@pe>F4 zXV4CqQx#b(khJ}K(C+_x(3UiYodXWqwZK7pdk{41bUvRitLFDY*b1Cyyd+XcFYq7=;_%h7#h zj8(`oWn9n=q+fjtx?|vyx#9#V>XndH#Q9KKM1UrAw8S!7idM(9ju6|bL!M(0pYOfBi-5-0& zC@2j$u{n)>Hy?v6@6{$Dm;F+w=uT#Ayapo`0UezckI|CEj6^&qvcxN148&_x3lh;e zPxPssbr1`LS;G?eRKH~0`p>gL1r4z|+%e@c2^dKV3K;ng-GN8R>P$n>-u2XBnt=)! z5?cxw=EKISQ!x?NDFN?et2Rgh!t6<#r_EN2NBy@G8)VT+_xRz400kxFQB8L>Ji-@@5RugU9l8rK)-whIsg$0i}YCo_=4|Q zB-MQzuVY~hu=e90{Vr7B-m4MkAl$@~Sy z!SaY!Betz4pIFlJn5@5obUEU(Jdsg;Gnp)9Ovgo0#T~bup4O!HOiA*qOVmBx`5EHQ zxKE!|I_LPY#R^=rzqlb!_@f)Eu@k=v0N-7lZc{_w1edX~#AQU*y$m^Kw6;81I5D$; zvrgE(+f);yErH&OwNL0?|8}kCYfS@bzdj3d_c`9C!fDNt7VdFJM(F)DK=mW8U`jNU zDPgdq5<13ma7t+}o3VzSO)zyhJEI(P9_G18P}~}yfp+C1}$lL3C=S$*Xt^2 zIjzwFuP6jLlPht~jLK@^X|V|!#bpCiUCQ-nQUQ%O1H=h?kZGlcvDKdw=VBQ6d4e)!|}2gb$o$HEjG@Yd>~ zk`ov^=FA<2Sav)yntU2Tv>(&P-%MU_QTG1j~zDi{bmMXGRW=C zZA#_c^-1-lG_KvEHUpMFDkuf=*7;e4sEYl{`(uso4x zSmM{}+*36tRrn9Z=#0a{riqvB0m+OBd8j!`2Y#l`3ONHVy79qRONFhDlC3+$2){h` zMwzG%%%`k~fM?DcX!Y;knK#ceZrdCkoG`x%kAp+hLt!c?9?QX%n#_X?-@ktc1cdB9 z;IDd%wCRK_u{fzoLEBvC!>;d3hxN*KCt|PfyY7-RXrcGWW`DTucS>NG%$-$6^38ei zejXKuOd=*SR#2SdFRaALSW^ptqwc^TZz@~{o64%xnwFt>AlVz06wS~VqzcOl=Ad?=!JRML8n#wlJ zW3AiYh|DL$Y`y7KZ^rm#ANXNe^n_{*LJFWemxBrZ-4%RtFRN_HFpbg$p@Md105LnQJQzMV$h zgqp*Ob;@|(akVD|m|SQRo7bITk47N{94C!a3DMGO?Q#TB4BrY1roGy+97(l_RmjNo zC1iZ!SQ(L|MH`)it>H8xn+mq!wCX&PM|Z`tJjRVVRKyszDo^{zp&~exHnu?ekW{QHq48&csd-w2e_bU5* z^j^(z^sYxNILmv#mF=s1gdc)CwoEA3=(ruQAT*5SsZNeyikk;QLi+*F%t^mY03b(+ z#xp*QmJk6dgd!#e9HjJAjP0EI%FWJ?JTL~N-4h|L8PW@1C$%e5$MOj?M|+C z=UJ74K{S(E5WZWgap$TERQRfaR8_|VG&is`t$|M{fNDZCrgs3UOjSWN={|xsQrGP1 zez$Dm=>n)9RDt!RFCh4$184whfXWI|fVwNB`Wir;ED@j%QhP`bsMJt}%BX|&J-q^3 zVnrAQ+ybvHcd61vpayuNeHW-Z@Y-(MS#Hby;r@CoOD|BPp&F8*i@AMz)xY#Bx)cnY z#ukro8TgV~Uwx2Xd<_3dzJtxB&|uV`EBt$myS8y#ha|9P@IJ*x47|X?s=a(CM!ty} zdkHiW+_dcHG`Qx=us`&i1(2SL3u6P)b7dsi*qoU~fFWS%foWub_?>6@d}5lyvh3fLD9A?tFWqgsG_uYVi5;nq;$vR%LFrl!B~pIKQWV-ostMh?Qpo*JyaHR>Cy zG31R4$Sd{TwaVaB^}t8Kx>MBwRYb~`@@u^M*sa2a^}pHXMAK8#aE-zJKQ*fYU{w}=olvkNYRjFv5uea)MGlEb-p&GLRSc(O#a z%E59i`GW0Y(Ka+hSsMfkkCCnq&hsCf6S@ktU0{tAfsv`R$7RnKS5r$C0smjlZgG3y zk{=F-{0-#uYSe}F!jvf!)`m0o%vPs$$}elC=Od9H=1o{QF#ibLF@K-f{1dq2OIH5> zsG3Y}{I$VQgmjMIR+DQ3{o@VpL;pV~X8VI3w}MPF{%kO`EC3AMN&E_hi9t=f5*|`mY9&np!z8OwhvnCHuo}r569cAs|Z@#%qFL%+GwX$@X*g+L-u9!zE z)VO3VqO&KVQYoj<<`f!l(n@5AZ0Cuk7vm|I@`%N6UiL{M7Ll6V4G+WTNhT}{@e!mx37E51dO>Zp^P!P8p;P93^Sci8ffhFn{1k6 z-2Z3Vj&zMjPs=zm^2IO_viw~@RsBf#57~@3R!ahqO;7~+Z0i1z>3@(-1gBnxI*41R zY_A3r#>K{y7lN~~0z7egMz=2)G4a6Lv=R~2F8rgo15PK8q4ogd$>oZ#NY~=)x09U2=$r zhx3%0@FDi41i8%DIm|OAD$8`^`^;&K#XNuaynEP6IfsdJOW;(bPGQI2Dmw@cNMBH% zvh;a<*UOyyJgI1|T(GpsrhrrN2;ZVmTGE?&y17xRXpbx4{~7%*nO~cYnop$lBUS~F z#2fawj%_~ID%aCK9B4!Q6)~c)+N*NlPC>~hgr?ooqBCsNmSR= zNphB_bI@AKz-xyC@oLYuV_xPw@J+l8xt1- zUMr@3##GNEx|cc7LZplC7(0bPZ8H|x^S04Z>D!Z+m{IE}94*llJ=R(!pn{Y;VEJ8@ zr_)h{#7NiYQcF@xE=6KGYCee2C;Q6>^1Fe|V~XEN;XcH`J+0qK5Iiyiw>zvQEio@y zQ#Tt|ldPll!wpZ`2gH&C|0d-yeE1D5e9X<2&Za{$gjqE{FIka~ldDuWvRU?J3&@t_ z2z4&CazZ-W(jxsP-UU@ja z!v1PQU`>ogseQUSAbi_2yEsYEi6W)!5?9)YPtC6pL0pQ_PrndKvH>FoW7+O4n5#pG zSuU!|HFBE2muail9IrP(<7>wloF~qB>xCnXybA_y?fx8LwBC4H_Tan1KZe^3&oS6bzyZ&Y#OkACQ~`U9eqMfM3(uFrB%qJthN|b^4K( zkaj1>wP3cZFnYn!k>z*rP2k!BU2A(uTLRYmqHunDsSCN=d8G`<`$91muSmzkjLJol zA1M0b^77DeVCl`i7x==Gg0KBEwZ4kr{k0qd@F&(2z>YzJRNJl%rh=XFe>2p;yD&q;ODT? zdk8EdG2qizh*Sc7(rx-vc5L(HX!Fh*Q6EIS5+Y6 z-5=v0SgATsbWnE+TiCi@jS z3KIzwHK;r9TIB?<3xbp0Nw(Xo9T4nvbqpcNKo;%#rVvn-$*!0!55Pv%tEnhsm2tbn z`4Hpy5b-mo?~Ua+`;{Q_&9vfWmk9~YNGnlY-qB?65m$o2>jl%97%~<*=J1%-k~2F! z_G>2Wl^Z$ShOHO&zvrUpacCc z6Jgu9Gv6~{9?VD#2b?P}W{g6yl{hzPr4vJX`lId-~gf5-DSZOHQCE?hfVVr<-_a1zK`B!nShR&hfXJun`sYmEhv7 z*>hwp4Qq!*wA3&<aH(&NL0oG_|sdydvn6uN1M z&G1;>*CP$e$kbSNv7RPks%~uT?H<8aN7Jb^c$=S7bj6e%Bh53nqSN z=p333i?=q^sjSsi)|u=g(yeZ+;;!lbsqr6(jLHTEO>FC6l8HJwBD&VQMb5~E58C?mL(TBpn{lu_8&lZypYf|-|Ht^1 zNcEfr{{L)kRt7Jad;QtkG=yssoJAqM_CjBaz7Q7R5MaR~Kh>k1o&$Hkf~DxP<$Oh($?Ik4 zi$l@6G2r%1m?+JTL>m?z4d?$V`_@Sx{MW9pV8oxUFCka7DW42L=f{30DW4$4HBPi0#Dc{UQ2l)|XS)A8>CEcCqJ16VMuVwMdhA722MDv%3N|Cy*G z_WD<%F6?)rjve^#x^KPg@4D~tH@!b?U+aYmk^iat@(-`s-!`z1)Bw7^tT!2et}hNP zBjzoj>s$Hnt}jnZ*Bq%uIW2juUOdRl+h}F0M*Y?#&ldNjW1*4D` zgG8W`4*^x>9bs#Hf%UAgVOcIqbrL~T$&~V$;qgCCGlk0N0Zucu+V}i9&9v(HEB2?+ zY|P)MnMQ!F|31wWv)gtLIL&kl*uHYg-QRChsI|$>tpz}@*TwQz?!nX&Gyh7$tWqyT zp;XWTSkk$Y2>|j!3JFIlIBeEOd3}?uV~@I6%h3zGXejqI9`r!`Yasj)JR-%sa+mT! zKp<#NI&0>4M7YlVe;e)3fwfYh8h%emHrxhe=ixguX1UxIX` zDJk`*n|-TWA6%==k;d(Z6?2G46Vx4&mVhKva0DLxlvs+->z)Y3X^kz!X9Wg~kI%>F z>l+V)Ag7#!0z4xW1IoJ19{D=6{`#@v@p{>0Wn|Of^Qw@ueuB&?`!z0}YDk^)b$$Nw za&lGrJBiuU#p=m|pRk-hQ9OnCfSp42ls5#Bxct{ALXA3Mx8?b!lHONcy6#?Gy4|Cw z2QZkMwSnO=JVaP4MA$-?O+z0S@BWEqSb{#n1&5)U<25(xk$Q_&&c0lRQi^)+Lw zHdJ*CyDcjpd6TrVm=a`p(!9xI{`oY+B+<+w9M5rF7wnbSPwY3tYsq>?>@^6w?(2bq z4W;hR;8wdNnz#6;>tOR?>9*K`f=2F`eFTAmkRf>xJ96<#z+cp}Jl1%b0!6nj!C@Cp zP5K1}8U?8m_oG$Ggd}}v(Y%g71ttP(?I>F2pK+Qi(ei;gylHs z@RM5iSRuf33vwy)g}FlB$er?YB^nkE3YPwA?hFuY`DpTDO5_1@x%9|rM1(YgM1(BG z{Um_e4;e^NnhqIgZ!^>YRc1YZKY7r3RsVxNX6o#5h4kIqa zXNokk-jPf56kc(|4=Nl^>!jihlVJS1PuWSLnlA8eRzbXsW(0E%`nb9j0pyZ?h*J~}{Rax!W)3?r8{JBT8d#z%hIB-aki6R@ zNMc`jhkkU$@ae-j83lJd^yCf&AJ)j)QAZH==j`|r65)2%^zBu#T52rFSU-Qbfb88- z^g16Z>ZMcUtTK)>Q{$1(RQT$j&O0mo-N^?^(TPhCHqKFIQT9dlOFjkUt1E=`$yf!iW$ z0xRv!ajuxfU=md6x-8Yfjy}Dpy{*jk-k4jMrzrPbRO(`8us>+F)Un4_cmKXoHF#PE zH?O3y)Uu}1tt|fSLg=}v*hE8Xn9Rq$4>vsvQj+TSO6Y_X=k~7sYM4@vlpC3+LmO3n zRp5Ne)QjU%L!?=he2&^eS6i+e{sRtNL}kgNGr}=m7K$crvGXi|R!2Rsm87-n-CPtm zyUjQEEqSli`S{t_f&;N%kKbfhA)>9}$KxOk*J(Q7KSx@QmvH6^meFw=&+#MFhZh4z z=$5;R_o2?uwm~R*chXLSCswu-sxs%_Zac0-2lwP=+yz z5mA=luie`z&(>j*tkePE1k;~~$rZys2|ce=|bPxp1)wLeaFL6pIK0LzL_ zKOUAHI3!UPZx6Y!r>?GpS{mQ-_UbY7fh|s~^7rJHnp6=;U>7AY&NI|l=m=Ak{Kq~| za;sJfGGu*o=?lGR@?{=6x44}p&az?14%B`#VrvBLbK%(z!3*pUnfaQ`n(mg;vlwX8 z3kScuIGk))4v&Xpebjy`wK8tTKgcuBaE}=vv1U!`9%rU0d5+*zbiKDN9@0>CAmr0O zvKe8OH7vj%JQX%V1>FXqpfl{9H73)lXbr7j!b4ZL)}XvJPN6O|Wo~FN!$#|<1^BDJ zfRFpxOmdmXc!@OlaIvliZ!T)I6_rfNN55b3ZPJp&lq17wq_^JdgL5T#;WgfHA!2U{ z2g+%1H0Qqs?XV6eDriK3S9imCVc~1{-CT^enh*J)Uq)B0KFWIm1_@q=D~@u>kDGc|UG{cyQ7 z?__uEY7-2fj9x#(w^4W6)8orE+@`w3hb&b%&qRoS`_)L^WZnq%9Q@KXq z9E3q($caZ9RFQR#>4-FE3_Hmph(;)~PUwKH^?1*0%f_PbRD&R&oQ^#hgU&+kbw>A# zY(2!M8j0t%XC{RM>VLU0iZ-Pd7;<88udrN;_Q>i7*n9e25I#v6DOsmSa zzk6z1s%obNy1jTS>`BY?IGNy*S2$mR31d^D5$2Bs22-b6+I#nLpf*r_yX6B%zV+t% z`McUmYhFR)<5{r_2^bv&(JTPYW7I{T;hGW(V9#o!csSl1J$$AUrUF^dl^f>gMxv|( zqFFbrlQ-g;#OaECOI?^&fQ>)MB&iwJSTP${q#v1h+FQdph)KIx9>ysQt6RSTy{enA z8(i_S6WQ5iDB2?*qorgtHt5tvW@9mBhGN*k1IG0{|^JU zZX9Od@qBjI0B~O2Iqv$0Txtw8A_>Q-;B9VZ;H=JP%nKh1frgLLEY7A6W|q~Ss@0Dg zL8#S_>30>Ou!rt-1+$N{6oi~#@E1Mlwr^SZ zQi4*lJ`jOkQ&+MH0V{SZzz#*-!~RP^U)~=+r2Vd2aN4b#+k0C=W`vE|uI1CNSXr-? zSX#N6yE>99gteW$h3>{E2)^qm!nf%tAzd{*gK;M2JcCWp3MZO+k8md)rZCusAEGmL z12)^A3uDnHXx&b!Q+0H^s@rr*wZ2}mbcz4iAlz*sOTUXOsT(~fXY-kAjqKkL-{gDD z9KZ=P^-4mRX*=aN36t2(6ggYY{WS9uJmY=~McYpn7wt+Q66^?1)30jrb`2ge?+~E- zas!5Trl~GJ@8Se{l=4Y^J*DSaIvY2=-G~rssXeZoq>N$h5QV(Mny?B*1}B3fJ%hsr znl@X_Vs<>DzV+@TzNzxpRhiv|`ld_-;BvKGC%YmN0cVJN3X6^*m#>{WkGcgVc@}ZU!dndP_xCGiDOs?lTjy8?50>i} zk1@0rJozVIrCZQWdb!RvKkjeTro-U_AgC`LIPOZ+yonS~e#wfUzvEVHe#|qrk!p2( zoX}+Xzh=+>h-4MmiIQ_AQgkFrbPwOgk>Ag{3Z+oZ4Y!UebJ)jp41UzJ~F+g`ax+t6?^Z(qFO zzjwjoHk%B0$--p@1vi{M{`fGE@4UoqM5(&7iDMKHlW4C+)^(MKWQ((ZQ8T?vc7Nxox$e*|_sIJUi> zfpB^B@-c|fDY@dv>SDm&zKkh+1*0^3NP^-P}v8eSR1h%-Do~g zp>o%8K;)j5K-LYSyLwSU7z9DhGHk;;sQBlp(%DERSk#MM^#F>LzIG4&$otS1wnWIKHFud?*tmn{f=Jme!*%=Mq2N*NjGLEB-D^6sgu z*$E*5^Q2GU`DV99!w?-Ud4{k@UG&Y2Rgr! zT}1$%d^(yicxz92j6aZHO^Iao!bg&pye5E7Wk-P?^-QNm9z2RS;MJkWb-zz zdH4Ofa`UwB|KL=X4f_(Xc|u<=L(|q7$@#X<_;H5(Q$rH@_AZhA`Qy4;Uo>EOg0DmK z1(T{1wjcdXcQJp)bX-Dkm$*@OqI;Jylak!o;&kJ}J%F()mTN#P^C4l<%i$ZsZ2&nS zpn{#2H$x1gRmX;ID|&?`ZpjL1Hj&dP?+@o{vrwu=L1vKY^~+sGy%}wCg+O$02;h{+H8?uNq_W;4Oj`&w=Hq}}S8D>k_#!y)>$Zjq)By6a>RNJY36g@q3 zDLsiuBeA{7!Z`dVXz*3ylkn6MX&29;A-O?=n6`H_IrH0-(82) zsgD#Yq`yl%Iue%3lV^$_%@PuHauF51;pgKmf~}v!(8gBA5V_x;N{&QNBgIDIvSPi^ z<__VgmZ>u8gjbs4QK|tfkFk_-=ktDrs_T4e!cAGOQr6~72m4V^{6G$0*vz{s-G_u_ zk+Ku?(t1muA{DByejiT?ng57;rny|S+)O4|fQ(7KP98tSNq?g%sC%xZtlJ2Rzb&=1 z>Z6eII4@W@o2fdGtki?PvfU<`9zZ;16h2^wkt3wM4QH<-EMKe77drkn!2X2+IM6Ef=T#mWxNv6;?&76u^-(!q|{q zTuBCvTcxG?%Q{%N;BBlbI<(b^?UHw?Hg?n~f=xgf8>q6i(ldoMpq5s&U^3dUQ`;zQ zl9lu36JvunGR*qo54|UT(rAdVY$u?(&$y`TB|CV$$@gOo8~$d8o8j^rI*kUXd`qxe z&uzutR%~U>L!-^XFHW*53grU2W?BatL`2EnV-LhJC@EQm&E>Ui=Acds^URkI3)M>g zs+{s&7bh#q=ztRnS)ntr0D6eL-HnWmeGq|a(&r-HyYN2u%p3b4*PQ7 zKkLz{aCV=_&56V4&ee6CT{8#6LMJmT&O?mG-wNU4b$uWiLAUgEX-Q|NzHq4c(slGN zl4v(|En`Sy^e>Va0IcOY&l>O+$E% z8O{@&AKks;*~c4uy*aO_GtG;q^PuI#KXWOHj@nrANt{54abne!#d-4RImEqL_jepB z?)JAm4sR#GjFGxdV~0Fb@y5D~_1NHpGoxi`*N{0gXlQgt?pi~@Ok*!UF~8!>IRj%IU|JX-X3LsM{>J7yOHgS+o{Vc(_qh8c(2(#qL*yX(n;|-z z*5^!snF`InZ^|66ed{$lvJV%0k1e5EBSb0K*6aE56fCKG%9!_SuXTpyzG-uoS=cGs z{@w@T)|=iL^U?iH1;f@qzB!k04HzW4CeisJG~dXflnch8TR{ z%r$wif3wC4`YIz??U`rbNZ^B1UDwz)4aoU4+E#V2X&r;p=9Ks{9J9TBe8>={Y~8a|+8UzI-%+sY;Z*00<)!jCx*N_tRw>CrLoo)131rHPzU=R6{Ze zOg>Fbb1G0T!VCEFvkF3n(`l9jl$&66j})O-T6qshuUti(e8@iuBW3Gv!bq(4H(?z4 zZ-gr?R-BK>jRc5R>P#oTkM5CQ<3D1b*6}<)E&o>k4CXY53q3Q0Wu)PHJ-`v zVPY5>JW=0f*EsbDQ11(AI=sQ!4^TVeVtq#(Kl|@Ue|fEQ6gd!d2Jy9B!9WmQ={PLi zlw@=SBc1HT|8!8^pOHfHN=j8%yEI#?jfO9r{sTmVNQb{sq)DHQe`q7}$iR|Za~{SD zLE}Nk(n|H=jlu*DH9J3C1Ky^n^ zrACv`{DROUtEngTm)bk|y)nX=C4WR#1tx4%M04&!q33UudsA zK_P-wHu19Ok4^Xc3g1zWsXy4Ay*bMYJJzq9^li2>;+m&7e>PYgN+h!(JUZA?CF`} zJaL~UAU{aqM5Gn!(!U(r#!;ZZ(2ic;-;W*~HhYPPQkdeAFAgG&6s~9*Z`zOBex2#S z6E#G1C*YqXulq3~(u6H6J?RF#sMeI<1Ls7$D%qN|^evMGW=EM5UhY6=PvgdE z0kzQ6fY(&2bplZS_!2rWI0&p#nFdfK16TVJP`8g>PM{Zf!5EoT0Qr^(Rep(bk44#u#HZd?v&uAOT;ZIZpipB zza%$%mt*frR1oLT_JdQMnSZf7P+~(aAWS7A5@k)0v<(H678{`)4@IOVuR|0KNY{g$ zQv0s9UPY-PT%UKhFLy8q;!V>aj*EDHraQwYrDvS&I^Y;;)jMorNlf2#iPFdEA#L;N*B-c>;9$6_MXVNBts<1c_eQ8hzQ9pnduf+3DEa1){lQB9mE2vM<*O25`5 zeZ$x1?-xL*B^y2?O3r-L)8J-Aro3<%d~+Jz4PlOYZkyco{0)u9*OjsOXX>E2bJL11&{%Kb&E*>UFB^@Y7B}tR3 zn&y|6D@WBvV0P)@KA#>P1NebI%? z?Vc;V;FHK=P)GIJk&*!h^JN#!^ycw(l9U)GLCw=ci${8bNuEA-dVHF56?28j1hz6q z_SE?X_B^^=W%;VXci5iiL-3p#@Vw@EXz}$lS6OX&Yg1fx>6pj;izH?!)JUW;hElo?u+hkh@_ju>@y6HN1X;Nc_XA(uv0*csghfk5zls%Kox$lm}< zwZ`ATI8tCKDzAE*+5sjmQtz_QPD0NaFi+^7aAn++ks}MS59i5IYyrMgv4H$&q-@UQ z-F8DpkR`y?DAf()YOd4hBc%8kQ(|vpQ( zOc9IZ8wyJ(af_B5xA^ZA*00dc*d{tIsY?NM%0bJ-@1O@-z`eB%22;q?YE2hO14xS> zVMXrGBKT0?Qyy!(!|eTaRv^Y7ce> z#*(NZG)abrO+h`OMeBPhjcQlU#@whigOj0lwsYqyYOt9$FxR|q=e}dg+*in(b&N8& zd3o6$OF`4C60e%`@pdwak=2@R`rC5Kfp8*B3I)UAvqy6>8!G6%@5}GPbmZZIQKxh1 zmq2PDY+dilo2+Po)mno1#k12b3l4gtaWy*CW(^BI7zWI-DSn0V4kz;>bcHFR^AUdR zG6OsfbSkJMHRWW5@G%dS=*VZRM*JK)c>MKwBR1qt^Jt{^aolKKw&$znmxQ5FJ#VV+ zjNlzE3}+6WPD|Ny+qM?pfnGche5s8Z?uU%YZ><(?4q4SlE<7|esus_}LnbxL;1z|< zQPF~0Yx?}DwwjbXEe^&jJ!zVBP&AxukD+HlLf_kddrvBVdrwnvEdNO`en|cy7_IOK ztQ7Endrwop_|fFvl}tvBWndT{a+3k%LU9#9E+VA%)cYz{)B0ipNO5Mv4B?)t(ZGZ>N38VY-ee<=`Qy7j5j1|%x`42gnfCh^Bg z6W<9sG`XAOC#Et?0GVj%+WAlSX|@#RoRa1fTrl0Yo~mvTjU_WF3gUgZjedjfpGH*z z<#56J(qX|L@=;X63~8XU&B|D+udvkQbn1Oiq8!-~mr+Y`dGC=gNb!w%yRJTpu>O{0 zvQ4XC^bsXX#ap10T0V`2PAM?SMzH7Nimg__C}>;+S^wU!w-O=1h*c5!vX|Gqs~Vl=I~NE5jA2( zR*YGT4K>ydW1QE|?>f0RX}i^Ipe}N=QbSob#yT*u>QAg=(fnFzxkI&d6K7nz#H>S7G%h?-E}tP{ znHeAWJtXo_S=(Q=mttJW_X5QQKI?XRd2}t{E`EQO_s6!pFK!x@3}dbNsLVW;%|0ni zpID2cemgX|b%3<}y1ahza|F$qn%_IyV;LBz9~1wZI)#q8wV@8xAl|`vMJ;b9XZz+r zUOaCLX_tUkz^^svNwmZkg04om8+++!UYARQNHJ2vR>WCyCw$?805OQTXitQbuWE%; z;`RZ1rk80%T}k}86kN;Ii6+-Wcrac31VGcv0gpO~fa4>MkW&!>g}HoEmwh{7!Piar zP`iY)bei`pyTQlzwLg}C`$gT%`$fwjZsdvSck?9xkD2Sx((rlWpGv5LDR+tbMMGoq z0AGz)((+`g=Z6<@ERebHnVy07M@PUWV4-kFz^;@dVksjLwM?vp)+b^fiK>yutCa^P z)+g#0DTSy7ymD1CIv*>{^vj{^`@%7*!}|%Nv&fKwv3Gk7)gi>~VFFSGa&Nw+2qCVx zk^U!%0)D=eBn++l8o@-xCwvL@T#-aY>1Z-?4OAg<^LXss0)_Ei3CC-l$@NRZW6>rFYm5H%+&#XwM4kHF-shQb zMtLD2$9*p%>>(l6&9mRf zyW|>ERwor) z|M{;jpGrURQ~1xn0+*hybQ2ySW|lFUk#SUl6i*>!{Qg1M2DqoWc6j{eCanF#Jyclp z+@Rb>IiI{5gDH@FhxH}TA1JvhRjSpGj`npvus9~^N`kPDm;zB}w2IeNqq0|vM%KeG z1~krO#hW{B#?`5@?ug01>oPN^*mZ;}9Us1t?<{}qj*5&N8Ehh|2HfVInf!WP)ml7W zn(}yUdc;Fz*?&)?<(;tHVJv$m<^3?wSbPz^;^r(B1EKY6e`UErW}Dq85o@05weu!5 z3NE=-gqEJ+ZHe@>Ir;4BZeIP(=Sij3j+mt~G)4UMC`KfoK7B%D@cTIpjn^MX;lN@Q zX}9=uLjT;b78`m{b4OJH!lepSY)iQtpz!u#cPO9XNxYAp;hA#g=wb{$YeKphWSxao zY+1qRZV4Ct%ALPvGN`+LHM=(sD;2())cQm{DQu)SqFG@;FZJzWN3+6cKG~rbyhm&} zDZy^y*@ZEhS1?)yt*P(kh8@H3Mc`J1{uldy7#3U1F&A@3JeTp$g|xH`-UM#>7$4bx z`4w@m91^ekzhCq?Ves-A`!K@%bNDf6AAX~u{qU3Hl3wY?cR!c*^X){+ud=lY#lH$1 zwlYuxyDnr{Cd7lblG}u=H*s9fsn@TkYkAkIYzLz*W;N`}3(@P<{dcUR&5XHi&*rI| z8tTEFq|w(jB$F0;_t8tLS##(o6zaaHe>rt6vABp_|0&1X7v&w3nzLx!>qXaVOoKR} zm;6I>jO(55&>dv}_?a@{Souw9>~p7ue!-=d2HUWGti_6^d?>!lMrgY^ChLvumMo0! zQiy%aRIznWYv<=`(%>iw0WRng_iHj;VtQP#ih{v>-$y%?8e1hmaZ59n^^Q;1sO9?{ z5(pP!%Ni*Ny{2@QZMMuO76Q!)qy~{*sb73i-?HPC*nTm4M)aD}VMr609a{5PTN8w& z;KW2eGe;Xm)~Q^h8q6_4#)bn;O83h`ij9>Z#%{9XC+XwOlyD>j=gm;isjCYM<+n$P z(DVHM{?lZG#o{LZH)g|^9*PE@Sdp@VbUYIQsh$|wMT9GYSrKMLyP%oT9xkzsegx(P zZr9OixcT#n@vPxj*cgR}+RwOx=!pP->5g7bS}jiPeMprV72rPn0v{}EMK6unG5=#* zU{n=Vh{37^?3mMOO2>ozSV-It`TZCU7fY+C*OuAn=kiqU=87%zMw;>C-i)O?Lp8D$IA#gMg!ZS5Ub`x(`d50BOMW^0*NO=q48@{UCXULu^G1-V zd3xc?1t@Mh zXGG+zl;02@g#SV2)?Q#wJ>iN$E>yj5zldBCHjOcx|EM(~!*bEs8G+&;#yz}XGCL^) z9d^Zp-eI$6ccPD6BXQ-VFmNKa{8>B`iZ`P#{6I9y43qYY`oRp}M7jeBl^Q%W3KpE} za5s`hrBY^JBU=?0Dh&7^STCVhXIPAt2=I4JdUNJh&QnZdB{=M;7k#zqEa-#qH6w5q zxi2yAWc|K<9!0~4P3TNj$}o}wq|Ok;f2YpwhyPdVOnq{P&QGt&!i@;su{y5i6drhD zR=vQOZdT%41+AM#W5eJ}K%q!p#i+*Y&HT>~cbK9-Si@_})F~IDlg4s#DRmy_ ztKmd{KBzt~%5`6!n42rLAXb)pS{U|^+N^Z#+quu)ojEfrt61e!eQz7w=z3|Ch&3l2 zZRX})I~5Rlo2uLY)L1L0g#Gym_q$Fsp3S^`#r3z=mQO(i) ztes&tb(y|;qy_H;zEB%_A@@p_xh0>8FNoUxH_!*%xiCQoWXp1t2r_H_whc}V%q}QT$CbyXop4$LueV48{GKXZ4otLI+q|@RNkpy+Twp)INxkwO z-Mu^+f0NjTEMnOV=E-TSlaNAl4rC1LXahWCW2{3g)6 zpR*jr&eWlMMKjJjuZP2GzGCu_l8C8H(}=%DPM!pD2MpHbOcXl(%Q#3k2N(yS9Df-H zhL?Ygg9wlRZXEo9_YWeBk38mkZiEV55sNTn_b{e(OIxDKxu=9Ti=;?jJ7ZkfkPc!7U0vvv#MBGfbe~QD4k`aAxZVml z8i|AFH?mi%7bfzta|rrRo4`UqOV>z`5Gt6?yr-=jBx1=-^*6HD0#}H+H>v``{UliX zB2sZ(B9cs)HttufK?!#Z8JvtlhVF3_H+hs-zW1}R#3tW6$gr}6Z4(a_ln{F~q0*Uu zoMz!{@e25;4d4@;N)nSSbP_+LV5ws=TABGzeXnYOD$$27Pl@blzK4`i6Z>==6o&Y+ zDTRnCg8GZZ>YKWMXXIt|^QMuu)?lhKC+b`oL!Z5w=GRCwB}SFVnlGgNsmkz_eYX&- zvtLAbkSQ8n6J}eRob=>JgHpR?c|519vPUUAfvV`)2|TTax9qg`i+?;M~&jQ&&OnchY=lM=gDaB4R9Oeg{F_B|YIqoLjF zb_|Kt1N?3M7jO~PE_gFM9g9Fq9kH%lzIqG$&X(a}jQf+Y!bkVw#S?N5XAa|gSI-$< zy<&7r-3*irj8-epm3`S8;S7r}F3KJIQdyb~^I8tU+Eu*{?aYE#N2Bz&St=N$rigBg zi-o8@G=^SAdKiIj)X9DLMVo&3s z7vQMH+Fo9rt#28|exze2VA+}fECz#&3b8jwC92=UT+-r<4>QpmE4hh0>&&pDR!6;# zq(tAJ;M!BiOf6Fp@D0&)d5xt6FB(O@oFiBwfhZc?Fej-*8*qt2CEE1&nEGzqwtZj# zR903;2c+ahhNo2=Kwp9q7&@gig|p{CaFGs4ikO`uPsGz*ojykgyYS9`PZ79DOTZV{ zwFZgvL+$|Zj^-L*lsS@M1XH9NhQLSZVw8nAbCeae;)}P0NOkibfuv)HNnn9prk>Da zC=t8mKXv)_mRu%X(F=$}x#hFr?a3#hrXBdeiYxJNl5N`Pij{f9ykhB zhWD2!VkAN5f4gY8fdYJ-YYUVwUDWm3e-N;blu%M7j+AJOF8~ga#YRtp_G)Op%@V3o_ z&ef7V_k~CjHK8g?zHj?m&^(4_*{X3nV~7g2$08DZb+Y{4&cZ84hx?DGZzIKu`Hi|< zMxTELJ^NXP&&c|WOv&H;ujIng2_U)9wur=$_$RqwIzzC9H~P=yLafn9+VcNOE`VqJ zJGnqwqgs1iLQlGU*`yu8338>rBmYt$hwb})hs!{*~>RvSRpAvp@ zEaZI2&Etdt&zv;w779?D4YQ~PzZXc`8;K|Xw4;7ra~XG->I02pH{Af_mwG->vD;(a zXR02k8b0cPmLsIRkLqA3tlVrO8dhHz?!YF+mj?*E4TB9>e0|Uk@l7$34tEx3?QM)B z)MP@y2L;0h=N(9*HT+OjuUa7GQgT|H8IQ+N{Ywu7`xzguKr10f(6*HA9wx7goKVeB z4=3B5v{KCEr&(-?&xXuOj|{k}p0tb-BDtP6mqBF~HLZCC$f$#InB}7X1tx$&U!NoM zcd!SN37OgEqm^C)jE_f`xPMywkniMH?qZ&=_GtUAj=C%HM=B)0(`ce~YiYSxY}blf zP{J-LFRHR@uJ*2sFJBG2wUV7`YKxVBzZZfHz86v@O!Of|@O2zcI~qqPAhIzqF?4<8 zNJihMdoYBX%@foJRi(!Aa@N;6J}k8x9puO#THJ2gVr=s=h8_Gx!!1MloS1`dM%%&j zbXzE#Y7u{SR(&c6US_;f`9Sq^T~z<-)-JZ%68iDbqVH={2%G?B!K^lGH**5f={93zk&;N zkiWo%hIy*^6P7q`c`zWiZv7v*^{%_;&!{E!f53%p>%oLuQ`Xjw`?o*BA)^TB;_RBp zP;Ql#ol1D>jylwjOvW+r!Tqt&?YjS+O<1;k`)}EV{J*3_Hzu^p7@mJ%i@S^ef-Q7q z|BWq1SN~v(hA1g5eY@w}X^_y^3)IT#P{C?o!KTEu^8hp1Hm?eMd@P+py7gdD;} z2(ZI8cGsX>HsS@|R8&)L^Uvfe@-m0S{1499$B2==Q=uP=#xz?NbPiYfELo)b`|Y6! z=8{LwiCeLr44-*ctJnjDXBy8(C^>k2X$rq2z`}o1LHB$ANvt9UG=Znk-HD=n;VbXM zrBzk5v?NbM7{D&pK25mF%72#5M-+l+A4k%*ZreoNV-I2!D=NyDpNfz59HBwFL63Rg zpWSq4t*7>2lGn(j#^&Vb5hTon(Z>he{0^fdq{0csLJHQbC+iOai;Z2OmL80q)7Y8XPM@>@030H}smDOmDl zqLPsn%qTp@tM&=h78#2qIS1tDs|-2kw_l~9C1G6Q&hdU@i!CYCA!;jD?cHJ6ifPX) zhUzc_+rdoeNmVx=0kc5f$VpX3l@4A4na~+b3t^KliE&K(FQ2;T=^__J+-eOVM~(3p zyK|Qdlr(6U9Q)daEI?dgY&^ky*_bzr_qvQ6JrWr<>c9`d8egurbafq_I+xlJj#JR< z6`xPf=Xp(eslAuxrX-a;$g0#`9r)ME)wM{q@5`s}9?&k0hUisYw4?1b#6 za%olnxyyH5=c8lH9Aq8d60K$6bv}X&ahaC)xiz@!K(D%B|bsXoNEjNMXQ)qcmC$Lan z^b(jcT$mD=@yE<+B7x#QzbIl@QcP6w|MWQ@|F>Y`cTO1DoziRCxmuqH3RPF!FG3D< zLh3G+Xai`JR=R>tA(zbJP1LQN&L@cHpQz32R16eez7jX7ElXp3?6*Iw%%K3Hf4w! zaa$FYGpw$tyob~_|3K8O;#*e)t!_%-NjxRV?c*`aX0usu1^^z7x?1<593R`0bL2hJcaU+LijpVWp8O?j9`)F~~Y| zE*}Y764ok&PBNId>|dNrGLiMYkYBvH27g?ARM0|`Sjzrw9o@~uU%pRZPrN*fR>JSK zT1bbr!^B@w%WSls%Ah$UBb6Cv1fWa=5DD1I7l1*iszH#W!SK*&t05Q(D)*My7xS|6 z2|A)7u%(T81br;ZMOo1KbO=?0CJWPDx2UZSF9RYaUD%8yJhA?elG@lJplqU2=>Ia} zB!-fPA%{@SL(IKR3Hs`daCtt$F(Y^cQ)mvpSJkSONIDfCm*yl9u~&M+NX@z`L*1D) zH{(+)j-Axb)bAIj6!Xs64A3`wo@eH)6<&cE-IyQIxNn(4Y-&p%uI_A^l2}niw`x!@0;!I-PzW| z@B3GMf|@LnpvyYjP=NqvG@Advd2YuZf3k?CC#nGmslBI6aeMr}V9?UB543a)u(bV~ zMIfT5^Zr2?pa0Wyo44O-+`#$<=~Dbp7~u&0Ty+H^7#B|WAa+FE3xkiE%Et;t(s)Fm z_2T8DBaA{NqBlM{|AcTz$8?)e3+G7`X(T0%=%eM1$I1T>fD!L<06S2Q#VmrephoUp zWj*y^=LxHQzdl~m&W%~u6I#_}7DXZ@n_H#)}A?JqbK#(`Brr>_~AfHvgO)Sk^EgYCY};#3H-BcL^igSUHOwmbcb$d zli-^GEJ<$7i@w*|viAMJCL|vL?HXDCXV-X#G4+16YV^ZJ)$%Ago9!3ta|eWTM6|N73pRahcJARfs4Cqaw0G7vF{PdSHg6607jAx-7P?fm8 zbq|8MzQdWR67X#eWdzCrGI-tXi$U#f?VJ|l z^%4&J%EU6~3}cZODIL|U)XzlYfYghdLg5t8^F3{BRm5R)4Tk2(p zM$;Q;3&CaJ-4!2!)Yh1;l;NjCn?=XBh%in|YJ^fnG$Y~fQdrO4Z5eQw}%Zux2@oQH~ z;BgTqeusR2;nL51TnYC1eWL1SMH=F>x*Hmdi+)-TPhFXUYw(E&BF|zZ%P5H zGGzQ(Sx%()*ztBSj?<;v8cS%0;8%ipXhvNUEbyjz)`lGXAc3Nc`+T&v8qv^mY$OEx z2Qe6nz-A^czmoXhuq~!h)YgtvHe^|hbd+(md^~eG;yxEDs6mh_RLkE03nil2KL%UB zcoRTsjv1N5XrPG}(tXA>;9_mH#9ZI|nTi=jGI{Z={_BAB$1$P&7ebOren?(tcPWqi zeM4u-t_&xybnnm7O~*|*a_t0-Uj%f_7aL2W7%G1~)x3?((_u+2xh5X0XZuTG+qykc zk&<&%$E)&t4u7>K^i=7cla>7gv0f?xL_=fFWv4+b>+SuKNSwL`@yWdeuKL5*=_8J{ znwjJyC%OUmC+@F~a+C`r^TR1yvrPGZ%vm8K?_Zt55x%iw$BUltr(&TfMwM6n_+Em| zJ*X>kr?5jfM{x|$^N?Z+8&>ch^L(MtML7wdlRb%_9M8IGI+IuztII;*&j;O@8m?cP zq&IsEDKyv#i^*3Dv!ZA5IvZJWGT}gJp+d_M-i76Nhi&4Er4FGQ8}v;l7Fhg9KOV&$ z=x%50Bb#KXqbv{Jlhq^O=D9=fM@`yhFr4!pWa1wV^Mu;HO~TCjq}sD@#tN;i-9l}2 zh52v>a-7$kr9)Q5=r_P|1mpea8?bS&xW{wbGIgXkKT2yupxyYB zvRIof()k44BPiX;(deh5vI}J*!ZqZ!CqeBf5c`AGdSO7Mlgd-{=_H~}O$-axW^Tj= z-aADYfw0uHm`v>znqZq+Y>o%6w@Jw^;jeg0*u2!mr`sX2sjg+KQ)=iO! zj^gmf)(eck+VW6taMUn#40r#SFhUiHH|dh4hZer#m`MAAwbg#FGlpg*`fh)h*{W1K zp+Abp!qBW|A$ti@B++<_%1A^!BD|pM`w>1_HAV;>@zuKz^n5Wh6=E_>?JZw$xj7mK z|Ed>Yd;{Lfx}(S2Lx;-?YwX*qIdr}p?_31;E7RvUEEU@z&o9`mI)ZV`7aJ|87dfs& z!kk=wk|g>RLbjpYj5GG3)YvbXF~7C>?4o%|k{D6hhQ4wf63R|i8n6%bI@n$jJlT^t z+_qHZZiG?2A(kGsMiM-g*rNBKI8!lo2X1IJTj;;=PUM-FCm%M&W(iCX-Kq_9 z$4x#cV`K_W5J?23i}~3dHpvOQ+D_!*>%7k@&H6Qdtxk^<0+U2m6LghYsoy3Ki> zwKU1ISfSnIm?VwEtfh{yNp!fh?qwAO&m2={`i!-)=>90{n7kTsBV&+D?aq#n^r8h# zVFEk{6%O~0+zUywtUcDs%>Zw zx2M5?X8%faX4D8(bP9=}5(!D95(#%S=`APRa$~r0--n6st!9NKY1bu7|1et6tCw*~ z$BrL>Jm&RN->XsC^6MfX{-Q?p!-81`@B*5Y@Kv&50eDssGTGqW!PNrU2{K!Stc$TSiXa~us&{_>00lBFuGO$QH4n1Av4nqpU1_4 z<*zpT3EV%n>O`8)ACi;#%m(?#kM@tHTsPmH+{;S2G~#7(Tsq=01=mHx$vK|_CtD&B zvK*t?n^_}?JuOaUpE3*hYp&Fbz#|^RaoZ_!_}vtRLmsJrxf?zreq8^A$u8g-07k>_ zEbIBerBf7q$Q*bDH}rXjsEMGTAn@w@Y{7|6>#FLijQHI+Ih{oj7vrFMb|>C$d@M{8 z{LyC{^yzbs-Sv(XdztXj?Fn&Bp_nm1ue&$Sv^^uUrDWxb#{=ua^Cu*E2n5P0+N=Q= z&XQrVCH2Fya$Eu1V31X83&%M2%kp?ES+-Jg&*#CA^yubFu-c-p1j zznv>|OnF2|@|AVVu2dHUkdd6ayb&l^4$+BSrSoEmQ?mr0h5sBU6dFORPPAfB!Nw~A zs9;0khMyWt$aVsAseF%S^?)@}U~e#69c@Ao{)CoDRw^R8MJLedqlN$bit6;SBJ)TS=R2vIAN}8LXji(*-9os$Y2E)7 zVAdIy+Jg=ww(?&dsa6u)%5x33&rC|omwD8g?892z?@Z(HV(sjj_ueDvwTWfUvs9|FRc7IyQ*I5zaSHpYV6{~kPyQU4q~9>*kluMHS3 zkQ-Aj&-%7_SHCYso84{Y^yorp{G(9em|#4I^5&U0ptKD#mJ_{7v&%kOU*__wEXbH~ zZtGq6&2dy)L~hyY(1&ijVg)zb2tB2R7q%zE)o2j>oVhT1zqMb>)sr_})Cpog$nB{B3l3F`|-C)v~ps*y(W;abP5h$V3 za+u3>|0>e}bvuiE+j3YmM?=yiD_IuSsJW(8xl!>TUumVsfg8T}VT~TZm`)=Ef4&*r zRHa}6ZKdzt&)3eKxy~dE_5+aNwz+Xh#rp28Id)B2*3P{Z<>fLKh)`=fE>^c1KfeAN zx-MEW;m{g4+&ZX0(Ik%1;$IQXhTf|bST!8@MYo9I^EY^;ZrpwuuCQLE4L}H3Nig;Y zH1JY01!K>;UIj#34j{R=;x+QfSvR?ddP$b!3s4g&E6$A>p-dy_i=bWIGj22T6G5|R z6kao*oxQ7_eEtG%Gw2x}nxIe3HQ26p6zBeO^1CEYkso@OKgvUMtO^o*ry(m+cx(9z zPvP~$IO$+~Qp2tVs=I9tdMlj`!10)IoF>10_7ow3f#g4a0%o%QT2mZ-s8fv3?->sE zb`RD@8O{lQyX^}z>G&m+fUN?ws;~>U1`8>4Kp(pK>4|S61~&<=ls<7vCw>uK-}^un z;MdNHXaT+@3&o)cHL25cJB?V7xpr0KML+Hb_7+%}W7re;oC?LU8`6h+I#cP|xdK1dUo*=aeLSvYJ+6R1z7Kc#BcIHYy}G~SREVff~V z)+zW?8k_asD!xqMPie*cwE4l;7zd4)I*5a(7L0(0$=A5T--zOC1+yiG#P{>hnfmqW^C`SUm|{H0BQO4ZGfPkmA0W6wO4JnAh1=))qMHGN zprUnUqV+xss>9LzF6B@S%Rpx8LQM!FH z8*twBNp2cm5wonLwhp5!EKR~~sU54_%|1#zXD(z97$K+iWj3TWUX7GER%+SjFw984 z_g1Vr<=N-(kCImg|B*b3-r#34KT4rKOA#OAD`DbtMP<-%D4yj%AEUNyQS|)`D$bG1 za32ZzO-}k^)|zzoR6ohuFiLB@zg|CKnIl@w5xJk6x*1b8D2ma) z=vOyDRM&!a#@>R0##SZ;@*Xsni%D4&*Gf@T`3`BAZd%f&=@TZ&5)r0VyDVm9Vv3py z9yBSkJ}d5VNuAJ3OWBVzi^BSA#MgpV{=&&v*1eV@^Es(vTf}EoS_B1co(Uw=(?>Wd zmf$dkdeh|$Gh1FUN(1}T@a^u|YGy!w#@Q=pIcs%D-(!y4(FnWRXZA0_J3Df9PoK}o z=LhS!;w3JvVM(qJ8h+THp}w^yVQu7{dgedX)ywozb=EbDMZ3mW8cS8hq)CbSh>Vry zjpY(sr)4I;HoeLCxF@@dLb5FnE;K}uWK6RNLW2|$Bf9|hgHVs>kxNm9(Oilw`npIE zQ6^x-(LTb5R*U(hZM8T3zziVP4 zYlv@gL#@GRI=a-Wo;N*M?tJq|f8%|Z&13r4YY$GKt2mCGRo{k^fgmL=9ql358j|y| z@eMww{AS0N(${W8l$K}^R@ZO2mKN^R316!<8Nd_AvJ^s|5a`QLD||=u*9uVtSs{F= z%4_KWfxKTb=0$rWk)Emek znD+FevMi&($wcx39qoE=t91!|OF)vWj$)$(2CS9FR_pR@>vC_bsI?;lv3$^$d0%({ ziUkUa#oie5M&7<3q%N-}37U`&>NAnNl9B zseifKnrsI%=G=+TsN`A+4lcm3|CW_{yS#I1$h)y z*?SI@=%hJ{bd0id8u%1JcIxGTR+?Fb0|)BuU(=z zdKh>$4p#qZFjEwaC_nM>$oLm$<`nMg^X~brEoPnW^+)P$&^p7%=S_-i^!>&zXk4g& z+;j-C3rJBm+?vv8H$7e9Kb+Y?(0Gi`U`S$;ubAMq66a{dUc(G+Ds+#;KtaM;5S9cw zI&QAJ$Hb?}hJo}M z&o9Fddz%0EaFrU$_TR&m&Gp~msz6HbCqd6auO1qdePHdxVXDR=gApbCvKpm;z}dx_ zZ#z}OnFDpfVoYqwgv=KN2rYf+JBEJGlx zlUkldO*?})7v8%J84KAL?zMX1mT|h1FX!QPq($u4Ucg33p`OXmM7F9j^GTgA2GzVD zq@yQexy*3WT0SEK!c$yk78al5$8VWn66#~W_u8P>AZ9IgmGU;~hTpPqJ%@YT`o$s* zM`&Q2<9JxXc2qLl2aB=xHFe5oqW)U&3(pnBGxO;(LU?}umg&_x zShEQ?v1*?~gdSqRm~a)kj93tj)3kwIVRT|pmzPn7S32Y*1-ypehudHj9WYLW%!K@IFc&DKkCPNe zN;MFNupt}a-|mo8*2|S_eCNthm5S*>JcPH!&C(Pu-fZ!aE-+B_dp`&yLFY~bUb~Kvd&P9 z)~RqjVmZ9`d<)V*g0efj^VC3U*}0SQ@0vQv`ibYlnYqB94A+JYhkffp3VI@K*bZGr zGN;N`j?Bcjq=OtQx1@{J7<&p1h<0R)`=VadP#B^JovD+$UwaTOB(C{@B z8eMc=_Yz@tdgBqMAVND@zu*{$_NL-@W7JP!+!OQmBFCgz3$z9;feIguWy=`3YNlO0 zQEUwHnGU?KbaD+sXE8h4dW6Tsl0&wr^@?yR4kBB0+wt6>g4u^l-kQU>QV8HPU=d{Nxs&C+jw{Hf-FIe|`K9nejx zbvch9q!a!LFXPJq0+dh#-;b3qO^x^g)=lzUirL2xCq6fOBf!p%lat2bZHU(rdj+0d zD4(~g+2+=0f7?KsrxnggF}Pc{%lQ0dg?^eNSTxwVK1W20+sdx`C)UEnD^)Ab$GkBlW)v0>LK*Y zh<0TrCoYTfKk+ODfXLUej+ZYcobrTVQGM}X=Za1$6&iKp6GI*EOm?Z-Qt%w(#xN(@ zEfP&t^xSpgF-) z!Pm_=abetDX+7{reV&b>7X^4aL7xukw@W63;!3k?c{lzv*L!^>YpAF5(E)v2Fzew; z6t11MS#I|tdS|1W8_jLvTT**utMtFRv8oA-L}c_{)(l^2_N&};Z9^g)hhDiC!^5uI zeOskN0qY$79j?wa%Gi1CAVe|oy=9;7&0Y9~MMF6=$@g8`)~!yQE^8gKr-9wT(CT$m z>+Qoy&Cb;j)Y*v~H^wb=+l;P3nwp&}2J}^v;rm}5hj{mZ%=Q|%rP;R*QFYY-~BXc$X{P8XZg7UHzXT6Ys`JL%0dE#$6Z`yEYTcA<|2kI zdVQEN;cE+Qd#2zd!fCwRWV{T+0}RYXW+1LehI1MH3NoB&mJshYZWKbs_}H?3_DR~i zC4yJZP_{KaV5W>nH94!1rfD;ssG#@c>nmOuxwm6~x~5Zf?Q+rC2PAi@mo;|;_ZofJ zqtCk=Et?xE{*CG=>I~XAon9SdoeT5=S)0q=n|$Y}K^A>&b(ErqvhOqC#GU+CWDi9@ ztSl;ePGAd52?dbs=6tXZ<9ZLhG(^I%4Mc(N2d6q(3%2^C;|dg( zq$CIm9)fCvEhtFfnb!_K&=eGIp@h`FvWF`9{BHV)Jt0hxPK6uBn4su=mOH}D+Is3F zuv)CpPvQz?c{OO~16J}mM7&oKMhRrIRIamXiHErNmLC899;{q~Yue!phIeAYufV~S zMzTsW7+jD)lf-y1Yu9I!EcVEwuKB~hHQNiifQYMEH-DgJ=1(=&%g6MzcE$Dq2zw&X zZ*Cl1>I!=Cz$-|5DCZof4lk0z3&GzCIrCmHf*;UpNiHy2ztfQZow%2Lm#4fSc(>OV@85>RvSdAOU_0--;wtC8*- zOFkoa=#QJt?S8XqS=FP$ur6(r+@+XJ+Ar{HzRs7KF1Fh}r@5m_Brv0J8Th~UXHErs z(PM>>@DIgg^P+;qqHu1E>yi8SsGp{gq+;4#EsE+s)cUOAkCWkdtg?2@E;B6gdcaa2 zVJ_{BFXhd1L8N!xSJ0L!(J}d>mN0LgkCL7BW0UvGF6+-aiN3T;7;n&4D_xV#8Bu}d zE&a7&#Q)kbUcCQp!(2*S^YQIut~p|CUd8JI>SYJcriuJVKZH^4rU)u`m5!a_%E95> zy$YuhQ?tHeRZr+Fw|YUP_{r9ju7t&GgSZm|VteA(LOcpIY^Hs^RuiMRgH|TXan?#b zI#MZ}T5hz_4rJF!P&UlOQcjC12KCp73D&CC_`i)9(v@IM`hT35795ZhgO8Yu28R0A ziTVAfiP=;9FL&~9P7Ga&oHb%V5bETAHFPn3cZFxcCATHc_3>!^YL zB{n|#B(@0BaGTg*dpIQzIc3`_h}||hhN$dI@}Cop*)BcRZT3ZNH{}7dmKJx0HKSY3 zqD=0`faNMtz~ui`x24ncUv*phf9tlq64Oooqi)Ma{@-I_80KhD-Ink51tfSRBFL|P z!q?k1KXrq>&=|P(#%#YD#ie4Z^$Yx!%gLTU;8X5#ZDyuIa+yjm`pG2uZQW_KUr6QE zI0JbTU)*m2TC=?t##Y?M{SB4t;puS}%Iv5CbE1wvf*slc|8T&29ND3^l@)qAeFK)K zeNh)}s-dEgp@f`&;f}XM^6?_3i|2K|<+|pv#&MeH-_)7gbnENC>Wo%Y?*Gn=>;3+e zGG7K6srq)SnT_lf7`|OmyM8ORT@wrI6Z5WXt$79SB{^|VlF zFD=5>vmq}I6tv<8w{Js;bfRxj z2-B9v;OC;?z5y~l)^>QyzE+c|SnoDsC_u63)33=-~PMZjDB*7nYhuWLS2s#>cPF4>bpZ#NHfXK>Qc&=qn1=qs(E6z;SF`*a`pEds43*$Z;@83}R)Op`s6j9&*ci0R3>{X?dI;_WMoooFA|z za-=rJ?&wKF#KpI(gy*hv^d?y9Tw)hY)8z9w3hd`+>Rv?KCeMv=_Epmjk4-#c-M1#2 zD6?ZfF}%$qpPcu*NGiwJvxz5lvArrZ&+XQzj97!aOQjEN6D12(Z%1z#aV==%Bkh3KOo4-l?Y7r6>rM?QQs03@je(?_6qef zyeZ!+1wxt*A^N#RM{+YsoAY%*)(Sb+xlES&fyGG?+_S2ck*1Bcj=; zeFanAJK16|c|RO4Uw6U2oemvpin1oC!0xg_YrSflP$Z{f_pjvXLHC+aG&MF88Q=S9 zFN?wg&w`Lsj^ESm z+5kSFZJVogV;GP40OF%VU$bimMNgHPjYX=7#Y?$?qRAo= zVf9MuH~5UxW$}mjKK&Wfk++L$e_P7uPBd9|3Yq;_DhSRop8TB~6K=XhZ zz!2e5JrT1vJ<5klUX2Ek4)vqE--ZT@Ef!g`)n@2Ir21_U>t@= zusHl|nv-cA>o>Jt(otl*X1p~ zImRib{ZN%l))|8fD1aSiK7-Ew*g!=igRJMj9rpby-^{A)R6%go;r>_J@g+gNfa_UO zXv$gin>&k(v?Hy~Gx$uWn|*?yirz-W<)+~HRg?Py$W7}~2wdx{p?l4cMiSd{ zTSu-gG8gWg>do@V@+N{`M>4gaVRUXivo^E5&D^Yct&9uzSL!P_C(RYS-3!;wGgrn5zjk0vX zaJcKyxe1Xj9pSHxNr*BCUP==5X<$7#^qZZYe)jZJjD3ZD@6^_&kNdOY3_Jd@bGdHt zim%!>Bq|CtDTQK+&nycULsK(z;3U7}Nr=23ZRuEcxEG3`G~Yv1Y=AT=8i|TtxL*YYLaI6z} zTg-^h@Z#qpUFB(giM8&twUkp}neNM;WZXLdT+`sR zo`XMt2Yz)wK?OGnR5g&D9oN;!3YIfF{GZN{dZc(5-pX3%UhHbDv1+=Hj z=zJ`e!X&K*9+~y+0Ucaj^MIo8jzg@!UF~$ zJj@>rfO{YQM+GWw0$ zRt59pvdlASle5)%8AgzELX|abs)?Q2%JP3BuZs=*kbqEhQBPM3%OaTzIFi9BNva6@ z?O@3?L3@C5PcL(!uYNufZJya3q7hhSaED`O$1)l;pmi@b?P!Y#cZ)UMDK!3O6@d@DQSWy!VjF)ate|;b~#4F3~h`Viw ze#efz9Z1+0y?^N+*4gW@tH|Vg14^g?A;3G&2@Ze}xuYY%gG~X}1XuHLY%$;lEuTFNg8-CF3j5aRAJYeptWGQLy zfg4#JS`)sUoJg9K33gf^zO4Azj1s&B236NP&` z=Y~B;Se=Jum?oX)L(zLV0~Tg%7YO}-v^U!(+tjN>e^>IaPZOrA<- zpofCE=`7jFp-@su54~=KDu@H@mp)TK=(tFg=hgBr=)%vRL)*6M&%{ zxMtpf^YV5aw-W3CYmWP)( zn(MEX6p)>Q=?*x3QEIzpeRQB)mAI<|9+^6xF??I!{!$a`RS_B}-?UM^cmr^;I>dju zDC>O!6x6f?1M6e2Y0o;)uztHp#Mf1CC-($XOc3FYw2QH0z~j#_v_bI6OS0wYEeuy7 zqErRl_&i};!DI7hQ@bKo%h(f{=#!j~CzVqWXe){imoG&-=;v#w4 zH&U#DG>@jJKxeW&?Q38om=u@A?eO{wo*3K%=BSH2c|zYb=r1>+ZUH4VX_vsIqta~v zRUXIhXP}l(5a6bu`>U}l>X94h$2e+yEO4*n^S&8sw;R#UnyGSVH8(e$+0+xDVJ&3RTZ(RvyyUH`OCVaJrmr?*Is$dGX#Pdx6VG zb_(|!Vq_Z#Zyk!=9WwCT0{vCn-)<7ro-aI-A9;O)5@4G?6L>O#b#$Jf8oo{H*OaL~-OdNUcp? zXxJ7~<`{Arz%;5+U`sOag+_iKC+--x_)}FggG2dnxzF)UM?=t6hT;tXm>2yD&Ga&( zJ$J@E@_uo8TDlLw$lHD08QZdX0-C%h$dI1`vwn;*zA=me_eI||MT_`=BwoNH2Y({k zo>$9@@@oKPUTi9W(b{M*Lq4Gs;kBc!Z5b#=#xT}FdxLJiKL%VsIyEP`?x;8i#LMb@ z^!Pb3pp#q!ewUlSWz;8rt9hjYU)5ZzumN7KyU!R=JC(G-bCu!oK%`K$&8ozJXKHoJ zzjrYHsW^LmGY=KQzkP^@fXic*&h(HC52veOtl?ErHh{-^;4SDPY%dR{e$9~YK@#^` zLBgoai`df(dR(eGc4%V>M-2>jKU?8LTqXKXl!r7Hn>XX!?YTrGF@iWa^8IuLWD2fw zTG*dql~u7ok8LQHk~D-RmC^e8?@n!>7f>EVQ7;jrzd>88jpShD;wO5q4U<}F=QY1- zMm+(u5`mT^kHG!=d2-;0jHp@74oAi|BRA%LMZ)^R!Rtrr5WSb{is@E&gHm{BAlA#m zY=kdDX8#3cP~6s}c#}$_f8uGwiSl+2ZZL5eCI(+cyE0_pbeZln|AIX@i_-zXZotT= zeL`hHViGQYCtjF=f0pK33lH+t?x2H>h2Uc4^ui{sugd+m#zwkBJkB8htTguWgHdnA z3FCY3!PiYf%L#$1VjdlaCpazJCpV1WB_X(ZJnl5t1Ea4U2s`L`p1_8N6}p#+@pS{& zK45}O@ip*gfhI?YCT55bO!5%5ucIn*VAu6mS#$|Hl7g4hI&PsGfmOcYmhcEEZzTFI z+?z&al#)a|skgz4r%UY%M9IFI!0xV8G@ofyTahxI?XM&=p*XrBWP-KL7~ij+ML+AQ zb8|hjofbSkT{$mi$|I*ZrtBR(b~d0WI%B4$7AJ&R`lc#U&mDEBe9dF!`SNDj@UVRg zFm=oWs*8$L0VS_J-G(E_al-Y(0><&CNeA6&1C3ei_N)hw9w1l{?moa3c&(a-^sA&d zaJ(-G^{y-y^=q*=g&KaGM=|8uNECimj|;xXnTrDeNV9=wWn*m;sqYtCZ@}R94S>j( zHLY}<_`v#EY)dlJWC!yjnML@B12 z`)$xF8u@NX*K=L(r&2oUZ>cTAGN<8ZRzJN~;lOZGKx&Bxo zt03&6vM3mITC6#b+qS22{pt5Sw>V|OLS@A=WZc;C7Q5DiFCd8Ms_jbtNh?Vmb>c?8 zFLu+E=4uXO+cX2O6!kh238AJuJuZ{(jr_`#~=3D3Jziw5~GjT+RkHag1)^bWs2NEth!Hh#`*v%Lh`kFRVVo!>Kl*;)M#-R0-vUM{g#uy-Xa{xR#CjqzDf=ceS?_Y%llYyZl`#hljD1S*wkEDZ>`^;dKM} zYw!YbQlw!E3^kNRo}!XQlGwXyAaKCI)srs#0-er>m7^zS4b3&+pq6ZwzH>Uh;Y&MuzdeA%ZRS8#;a;+M`3QdtP*%CML0qghTgquj!@zt$Ri} z^4xsy2k0V``lKmJ<{fg|v6ANWeo!`c7WXzGBO2`KP?-OOnz09+4=q96<64I}e0)mSqZvF|}5pveFk8oBfEseNS84P2_JyeRipKsXN280xc(pJ^@M7C(EJwrn1=M z{dJJxR#rMnZL!A;ZckK8F?dfvIrKH5;v*>=@S+~&0l1Pj_XHr*$9}qazwIol9_Adf zCQIJ(6LlSt|6(}Z^VA(+;6sH#lw6-`pnz?-BV8&$Jyl;#&#KEQKT8e}tY;v3qsfCQ zHv_iJc@0oJcZ5b~0mt?~>^0m^-*%1cqt*L6k&SwfcO z^mq;>*i}5u+b7m&Hd)ixNe)eOvrMIn;fG@>Zn$}&k4hzstYIe*1^S+X?I{VwM=Bj9 z1yV7-4~&mn(7z9e0&8Mr#NS&wer)(bf>r5dFQ%RI!++3$6~hR&WhnJ8DPIj-Rm0VK5Y8#CJCRW9>-uLvfcEd=NdU|7ouM??*EFEl;lKniZSL*DMszrx z)!*1d3l2=pxh~+#osX2WnF~0b2a=$4q+prx-k3{0#mr;6dGi_oRi~FmR4I*G^ceMb zvlybHApCwc?y!<#LDx1qdUI0iAgPy7t1%i}pXVxWur^+LY!AVd+kDsK;rg;?uaAro z;rD@_?AXRMkqvxh=DR0yFGeN!X{}fYb!oq-k9N#hLSJ%!<@F}Yzn5f#fj)tjXGG&b z_LdcjCrgaH>{mws92j0U&P=-f~9eR0aS8c=M8mZ30J^ zJ939bllqPaDQt$g;oA6P>@i{n z<395THKWXkUEz_Nd-oO7gUa-{pnDbt@;*TDW|10S*&?iw1299vl|>ua*3i%lI+TmR zPx{Y{ii=|><0aOCgFv0de&eWQ?ao4D3f!s-4k*)jDGTwVQn-0?9vy@tIgc)m$B^I{ z)uNE%EE`+TiEmU5guR#$CG?7LWFfzUX{z4h*E@gkx6v)>6Vsr!yA@UB`Ua@lJasVG z`4q|&R?NyA0_)NyfoJBRsV+fAW*o3zN;2*_Kav~MoA>x~G6GMWt*I$fS(&6M)EE)6 zz32&xCVyQ14PK%>7rzrGa%iDMoq(SNMG0?;s08?>-MvgJbd*)4;YuVf0>QXnrFTDq z;hQGgRdPcHokB(fgy@irJXkN%eXQR1CQ7T_sioWN>6hN)GM6D5_*diI^pDi_&)0$m zd=&$JNgR;qxPkHznq8_iNLKbAN-1l9OSb>QyOY}oqOicM4o#l0<_UW8y;PJrr~zB* z7L>1m`mutSKv@_^)Lf}it@V?HjXi2JLe)y(nNeZp>INi$?$GAFgUWPk+ zTvA23JtEC@SxZTK^NV|q)<2#jhbS3Yh8NBsRj<4tIh$KD@o|x&>L_%83o}Z)^Al9t z)#NS(t9T6?PrX(b?rB zZX0hu{BXP9o;9+r4NXCsmF*crYL1Zu_u z&ID(HBUmKb5at~Wlt#B0#~R*QCK-~Chu%4U_#Ve8P0PfOyW zQJI6{HLDZ3{Q_m95(`VJ(h_5UlIfXY+R5eEvz*{c72xGuW=@=G==Q6qa;bsXtp3%{ zelT*XsDf1+rC(OCUb@$KM_&mRwTXcWK$smz)d;I5O1<#LOoZ#wQMFK7?L5GWUl5U45twSc@4gAYgPZ4&^!$KdYmrAuR|qi$o%B z`au;gl1gf4z=s^1yyzC=&;o&0Yu7IVsE8NCvg8Y^#ZqlG{sY$Nbv`Mom`E5_4xP`EO=s6>c%$mCqA&X+rPQDmF`z9 zB;IKtrmBh#PGg_)l}NKPs_8jPfh4wMnzLI0rH3U36yMdOc#P6BpDG6&qTrTi@;^#vr47Gkg@fcUy91v$k z&*}F)Tnx_e)Kvo*dsuxG<4_kfl-K@nI+B8^_)&h?jMnoZ@CsES78d+TRa7(_`!p)< zfo3!aWE+FJR4FQv?7{}I>N#mqHmrSHEmtoj;d z4Eqc&z0T@phxK?5bW>Si4#Krv%9O-BR6BpL>B zJ9H*a*Bb&!22cm5C*sZ}Z2sbetUh+58$bAn7cU>5(*@{ty9-CDc0GPYlUWlPgw$4= z4Nz}6rmn1-!cCfA?40ngNx##v=KM>{6>^4qnmlqZhc#h+kzsjJ8c2@naj~~X#oxyJ zD{-cbHOOJ$^BNro(;>IuD1*PDpEry>@M+<0F`D8*27mJ5o(u&9!%T>D?D~L%8*Sh2 zb3)c7d<$BKl7=v+m7pgkTwb~`E--%agNd=$GZueJ?S##RHnT885~Ti8_X{*2-@_*t zt*>Y(&sf9qdp$~Q5WDN|Ff>GE`ET*|zuTRiMEr;C%~k$~rIdTJ|IOQmOEVXqK{^yD z78n{QK4i&;#)+-CI78!7cE+|mhy-66iq0j$a@nek6wAA`_+o)HD_bZgvoeI9&k)+$ zDTcTzYbmqm)QTl6p0m2DWOJR}w4%+m5`Lv1rNq)$ANX7y64iQWrdK@jM~*kPZY-Z=rT?7^ph@lo{;5?8F_O`XL`4nbmlhWAsGJYvuol?_&b+Z z9L5^Vbn_=+%%zD<1CohNvE94`7xQnkec{TttT+5OVIKV%moqm7fkhh zECyry3}(a?PXC4!@4S1bb=K6r)eLi zx}+>vApf;@_V(iX-`!RG$K{l{^uK9KB134L_;AR)Rq8k{K%OSsf9t~J{MWE~EH`aJ zM&9_~+VO@sE&O}TC)rfJ94w2;R7TDD^nUEbkh7juL@x!Ng-3tvz{MSq_6iouaXKTQ z*UmH=z+(HIPJ8-tN3eyru*!bot8B#%ve*G`#kcMyq5;GE*TA1nat601BLU&qE@~*l zY4@K%PDPYGOD81!kZFuc_mw7=Cmot4$oXu`9t!>a+NC`G?+smNJe_cr{vz`~@9u7I zCh|Y8@;@!781#QFj{&T+wXt8;Qg#};$Dh0~LWd<G{*5ixQX$R=hd@rzMjTdG(DSs%E=Q8OI02EPBX zjz=@|vt#eYiv~ZxL2Y^%PJ2Dq?YsRA{`(R{ZnvM(ntP!^v-(b5onYj*?B|$aEOaWd zi0LSCb!|?^IB6uXpbG`VwjeG3#{$1UUq?$DFx5j^-0)WNlFoo<8(Sn4lcpb-9Av3@ z73+@!Hm;DpMTNf+D5nIy$%&(3G*R(wEX>e(?v(aSp5D{|Gf@p}Xgz-f^(~W(25Z3~ ztQ8KdXN{iq^GC}>0p=gqO)nZUI4FyYd)64wK-%VAnr3tMBWv~D>(&^mu+ESF-u_Pp zEypp#5Q#Zo3J(T(3(HIIKc%IRixNd7C;!d(XCRK#z^yeJjjAUhk+qJ5_IqY`i@h;@ zAWUbgUK55}4RuNq$CWxpCpUs-;4=}Mp=aahaeVGA6#HAmQ7j~s3LqwgymlCz2w+0!U8J|R;KyULZXRuR_fTV zTq@oF&0zbBrGWl-_BP}C-|g+)RsN5ql%?PQWf_8;36&8)H{Zv--#xnU$3Fd_A~DWs zevkhAlfb(MVe|?ks$M$75M|mY?5&6e2RLHzv1@GRhCOE}5Q4{n??+9l>I9v*w`O85D@zh*7rgJq%ksj+#n#`DKv9g&l#gd;k5@} z?M3X;4=|>NJH|+CWB79t4G1w6&@S*NrbpsF0fUqN!ONHQ=K=MLVa!E@AhH$=5r~Xi zB+NjcsQ{kO#dcrjd>Sy1-8Q(ZT|KRjQH^QBP5uu~MQ;&y3 z#~a~W^bC5w;S z1jfP+CX<6;1alTR@ETAUz;vD+6RhmMrjyCg9l`K8L#@A2RbK)9rs{k=11rtQ6ZW$o zbiF>s$pQorDf-qc1k|iaUFpb!6|2MKjhs*WY;Bg`&B#2GC*cXd?3FK{ zYJWmB^(jN8^7;?4SA9 zZg2x44sbUyIPxmvk0G)z1sZ-g>(*#g!fKt>>$b395R8nIIbE(TUfCD84RN8rfHQfq zdd}+Zp4D>&H>$Doc)4rSuM&%DRxwgWf6g9?Xfiw`p-If2`3~8La!1e25X$AQb?U#n zyX}s9wlkgSn4Hl?A@pp}>X!#jmKvUWv#Jg+Z8P9;4-H%6j%78J(MtuBFgcAt)jk;Ot9rUin=2P6}6Hw%Y+?^_is>DRBHa!Q}yNKB_O>4sV~5Lc70~8jHSEc&=w>y~sV>SQx zUrNz`7?sIPl%JOw_CKBfR`Y-VrPBN#;+ut^|2OyGWjy}(D*nrIN=)4e$6Eb!v$@;c zto7Zn7kCqH)_uT!afc&DON7j?;lR%HN?~H9)CNAD*fEtwxZi4BdC_3nZT9?8>&Oe- zUi9CuoN>F;g2s*HGOK-bZ*TmdPpad=#DRas0R;Zi)$!yg8esMWb%72iGx$B+$MAlU z=Y-8G*A4&jPdDPnI?{l1g@UMn?`!h9J&e%gy%7#vcW|p=4K6VtGn~SI{|lTU{cr+% z#>Ed(zy=gp@SmN_8vmX0UFv$Jkv1}T-U`Mp>fQJbOs`gE0I%f~cADETgL(5`Y5zA- zH|tU2@hWSqX#elDcjEhhXBGc%IpqmEgsZV;;`X@rKk{dIJ#J}0nDk~kVV7vHSNowE-b~=%uJaN8jYjbI|3THiJAvl|eLFci zh7N_FN3H4gU8lwC!K25h3#zpL-yRDdI1T}U@W$+KiaE0G zE&K2b-WZ_K+z?#{*}*jO(P0eOp2ke`Q@l~=`@OIgIpN2!6->tswA1l=M2T7h1*|dg z`wd3|Ypo+mq(2!tVPSRw=-xq;rV}6>x4_Ste=`;sGc;U-cbD+lK!YtGxq`B3wMk`HcD{ za!*cC+z*80Cw4KqZHNaK`?cD|#YN8_hj?T3lnjg%phko0>*`E=Wr`dGPyh)UTW&ju zE`me+rFTUWpu7S zy5|SDgH4JcOmp$FW8#C5-DD@1=6e`g)C<#=7~|6Z<=wl}GlGVWiO)iIc))&wSFndh zu)XoSWdqn;wo4-S61;$Y6FA%#G8CU+JbHx|7~usB&q2TM;Yh)V-EJ5Q4CWfvCViCy z9}qGBQq3n_o-uz)53xzt|3uEE@HZ@b=ax1xQk=;5;rCeW1P%vcb=6`u zY5N9~AJwx-zT7)vaz6ZWdcba+;m2qY_|vPw0*QOW0NZ*ZAH(`<_~XV1mWl^dSYCWJ zU=cPrs`3$z2~vY3Z=~%_q!zvbh%pGMmvDN-`&&uNk=-qnQ#}zPc>^X)BR%oL^?f8G zPh#x0R-?;#PFi4n`gFR7^#@D8=irpZ<^?9Q>++B4GoWA>Ed<`;wVIM!*hyM1noODi z0Lzvekd78&-HT@zxJ9C13fl#DqNI)l+xwk27h8ttgSBZmuc)c?ocyu0U<^Dr{C`t7 zxZP*ZKA)c>=Quxq@qhLI4Pn;KIo{`F)Ah72Y&9~z1kKCx7j{2e= zopkVax-Lzz9sDu6J?A)y?&{L%1BXoD7EVWN0Q`*b{qe`o@HeF;cts!sc=Tl*M*%C* zRryc1KmNGR*&EL8v6M7Q&u>CD$(UhTFMEy;`E0)IOhv&Xs!(EXyDF!}G|8&q!MbAGSun zt*0#p-WlGlFQOliHTo}}wVoCAm)I|i9Fx)1$4YBUvgo+yn$L_eBfO1Q+O{gIzN}!p zhe^+>4zJ>~K_9%Ye~WF2t2J-t^kDM3=OU*#jA(S;y@gd;cK4=E*i7Iz#9Vzh({$sF z`~J;7+Zu5i_`?sc-@H5C|KSIA=0>zz9d?bDXe5EgcdjH=p)U?_;`|sRXdqR|1Ivau z*~-&Xh-b#j>A1%a3|@qhO77uo-DC%-AMFi<?0C68r8WKN| zcT$}EWGMWU1E74>5)qM!LK+8X(G8vwQqR(&nQkFZ%C0&n2e6p0F?x$QyBnu|)KK_i zQcyTy==VGzS>`E{4q^PTJ){Q4VV{57p?PBF{a*UWi0E4>cauIntK&63HjdKbjF2XP zD-7Vd7bw~DnwvV-YIp2Z!eQymUnOD1bAWE?L(f63@AeH<_14z01)ckBc!FvH_@ejJ5fz161!`KJ*c$Q$Vg z@`f|&?`~h1xJJ%Z`X@?U(baY_1^VO{z3CmsYik^}n{KS7#E~>9A}rM0IG$X-_M=lE z`9OCHFpc3Tf==3vEF6WW+uS%-U6(`u>ZN<_4l`Qav6uc88)A+5P%|K2Y-e0U{#X-M|$#-9%Rj5lWRTd+B;>&wG&cYAxQB$|Yy;K6TQ?C)d@TM8(> z1^{y{p5Za+X5ayL#^`5mgEVc#ez}$qnVn7_D8&lW=NoK>aBPoCVkmG#IqXbiA53W} z=%mQSjWQ4($$-6jS7T)3W&1KAR$hynS=g{(f5{?M3B%T~c*-v_-J5*1#glbA1{P0@Rg>yn{=uw2ria1u?*DsNL5SsddRvH%5_vs z6!tpnIBG3P5~6(f7HeLRIRh+5Sbeii`V4zUP+l{%oe3b1Uzg=93&Syu$q+>0{?8^P z>-ypbyCPyXj^#yM8%GRJoQmT+c!8@?jvC(6a%w&^jv_+D$!RgBCXRMG2;DY|&zxC_ zMJnQ0l|IIB9LJHlt7{ zR>sSQI1`S>q{W-7aaXf`Hjx~(l>|Me@IlY0_wHpNPqR~Lg2&?f0 zY12P!s6T&0!?G(fO+utEOsl<%CI&@^@psU;aif}j-~XU-0Cg)BW-r?Ku)yx`U`SFJ znxdoKlEeOS@am;WjObfEaX-QD29*7i)Ag^d+Xi8kq6qEH00G6WXz1c$o=+&u-HGe`j~Ay|VvbMtP#H zB@GIgeoxhG*5p0jKKuNo##4ZCOB#7|w$CbGd|^Oj=SsO7GBz;+#+uhYwVI^=`)s>b zOV#@Cv-Sw;sY{D}hL;JonyG&0$S0JvWC&J!LW)m3i1vDJX!J;&Z6AgGLFkX055(2jHqwDl|UYaw-k!}VEE{Ln(!U0{Ypmii2OVIX$|FusC zf?CZ!-eiGw)G1LOx(XrlJTF=;V;;~Y5N__vGXpL57$vz4XrTamM22H z3tJvhBr{R20JKa-AKJhttVS0&^xEJG7QI}wqW>jXEAq~kXRXNlOU#pH1}7hxW^nph z!VFHoGR)vI>MJui{hrL=(yOBxTx>QHW^e{=$(gyuSu3Va*ut$9zsYGbtQ93k-H$~= z<=lt!ca$&~C5}^3bx%%fwTQWm>|T0OH?ew@!SFrP?(=NhXVvGN7SmBDCQ+nYL1o>nC6bJYB#y8BF(v?15~t4Wi1O-UPRBFq zf26QuIh%RTb!pw~TzyJHh9k%G*u+;b!t zBlhkUPb!f0$rN{2#*pG`fn+_TYwp=cZ}RTt87w02lBWPlNAJrQB8Tu^ga$^chrcW& zPKDa$l{fZA(-BcZ-M@UxAInc@JpM4f_f}@4|F$!!Cb3r3^Fqk8I+jqqjjC>OD9h9A$Eko)~N!eEapn4D3t&AV)37W{BJ+@_^+9a^?p8M z))LqM7_@&rBA=Gj@jIpU`#c--zP)P}nYS^$gVHG&%Y05UNw*r=D*CAv>v>qEjIckL zI0l1mV=Qem?O@$VhdlZ%&7mt=v`;c=u=dtj{^F?x!Z~7f7#pI-FoEo|B;lc zs%)SPY~X~f>$+nRX3Xt3YbRsouuJ!bjlA&`V}79tgf{h%1{UNpExn=*dtVj&ON1X= z!@#xnO`+}V%qgx63VG#5tkDRZ8~-SyAKRVBF8@7}BIG|mh%IWBMA&*NLLIEkLbA<5Qt8LHY!s6I!4KRdWF=;b zG9&$$e0UM}f17)8{V$OJtrh)WN~v`ISJKz&{%`Jsf8n)X%KaW%Fw-CCCt>`B!HCI> z+_?IaH-730F#YQ9p6tIG!Y7bOLDBx-*-7gER_DLvl-T`GY6zdic8?p1Nd?e%yRS1Z zM;^Rh>pu8@{5qge|GyWv|JeZou-gC2C|`sBuk`(TQ7IR+x3BJPEK zc2}EK$4W@?<6)|so@_6w=7z%1j{nUc>Kp3UzrCoRzB#IIC@KsO>Kky*#Q%y6YfQlX z*+UOo=?cw9tXz_!`^!3HCUi4`a~Pky*8E}J4oC4+)pyM7Z^=*{6x|{}UPodizkJxi zfEKEY^!!fCnkw-S)=u~u9f>X2>7(*!=5#fe=3G9?IV?SURVOYhuUcZR>)@4<{>XTW#+J{k(qO#zT&u8v}VD>^S}2)55)Fg&XDCY)j3Ax-Z)?O=$NOpRJlb< zI7vTJtA_1B8i$+Phi#Oh!-l<;@>F`qs#$*51$HTV5(~Oh%~W^0d0%=D^8cds|2p%a zJ__ca|Js|K&Aqt(Z+mtATTZd#Xr$}f$P zn|}+FY1y9h!=k`7Vw{3BC0k?x0_lDEH%ho19iX-;4`A+oJ{0Y7rLxZt; zzVfZUPG1%doX*ZJKrb32Gve1m21;%c`a7Zbom*cldo)c6p??*@ zYU#sC`Gv7k_)BAzPJ^L2Ja#HQKF7wu#Io4MW;yxx^Jl=^S}3s`bMdc|bReKe*bPsF z!ZuM%jg=jTb8XGJ2(_IULLxRVC_JGQ3k`Lrs;lCh$fjz0oyNnSq%SY!Od>*@@G|tS z-LV^nr-9$Kv=&(HuWn>(CPZAwf$I#T!SD7fD}IVDAy8%P_Lq0>PS1=t81~$AhDYwu zxjo}&s(rS#X)rUV?>$J&;^!3=P26I|i8H6o0uqfiFKBP(a!q6ciSUN9IB55ekxXH0 zU%AKVB}A-9M@yBZ=S-ZgH-t~Mkz}kN_#nc3r~|C}Z^j!L7864#V!Th`Bg?Fvoe^o# zdZ{BWw$-a^Gd5_}P$!~@+5;6I++_74zMG_R@d%=Fizc=e-?J&h6&nK^B#_MnB=cEG zo?wDZqvwe}_;5Ee>SUmv6yVGx0I8CWz}u{tKKd#VLLL~E^*j|sN&*6l=EvUZhGu-% zyzY&9=@`UjE0Ho=*Hlu6cw_e)IO8j~3>aIa$|W0#2O=Kvemd@ElwxK=$=PHn`)k)~ zYW3ep-#97~eq66^pAGFR)jO3AbWIBUWlo^$No>r`2Lfnxd*lToHg(Du88*AJ{YAOU4GK2@AIj|ixc}$w~7xAWNV|Gvxpzq0PP_rI}0W;N-zZ28eVVT`j8+k|j-#jGXxLiDyW-(Qt7Wl{cL zbLD^OB<%n9wpa0=mr`=AnZB&zd}PM?_Jg&$dE9O$E%t-&w2kvkJ)6k42#i_sx z=znK-Ycn4IZEt6#|65A={JHf5yY^sjVX9^{vA}E|FGe^lurT)74=s}1T0hi|KTS|g z7{#(c({gFnM7;)HZFu7%n%>Zrxi-K2>ZZ~!XS4&2lM!09%1&kY1a+L zE(W)w&j%PoOeh$*JfXDAmFR_Rt$RyDbM*QQ>*AFU@`v?i?c`FjA`V1YMTC45MN;gD z-FU+x#?6Dy0Z+`hjK~XY%Z{|>DJf>l@}(MJStqkXsTn|GE`L0wui1Z5ev%D5)xdBl zHqTbLT2Ct@NH%tttp3Na@yD^neP5mukmE|8_U`R{1}dQdapNmLBBe zD+c#S+%2xugx`6Yk^Xc0pNxDD@ltsIyP1gpy}Q|2(f?(XYzwiRpl>+$-!Ea0>FRh| z%#Z4Hhzt>iQ3V4Lt__)*H#dmjJW6Lz?!U!-8M5lbt3?vY*)D$bOhA&Cz?J2{?ao$b z?~(8SRsOG){FiA4^3?>uI3_Fk?>jHq^50e9TsmW?#dSsHB)#-fDF4Od|8}<8J1hBb zDJ3T10aaE%_nPhIPOa~Ty}+ArudH_imkr6&?TSUdKV+AF02|j0Zt)2zG`$cN?7veD zZ{&(FC-hEUB-RGL^6cAh$%WPg>8a-Rup9X%aBiAcUNo3?rvL^|&=^;u=a1Cll>Z$$ zNEus`X?N)LTHffYHT19i^9YtV(3b$3oo{b$erisDBcZ6KKJtIt&F9U{#%68gc-sFL z2oU@p?z7*W@gVfv!C$WMH+HQkqI{(*2g7Oaqv!sm=Y>7rsvAW7m99H-e2^qzX!;{( z{FlJ(51hzqf)y@<8vh|av!)CL8+!C;e9{J`rtWEXn!C;IbXr=x|Ce&Eiy z#)|g;&Q|>Vx3#tN*zJEGNqNFfod{#zgs7Y6)68xL?wEC_-jFsr@aK;p6v4iI0tCPd zSvZ}LdoK%NX$;xb(C_jH7f^cxr7VzMu3hqRHJ$?n003jmO^TNeYm>me^gg+L9+BYR z)|(7{_?SPYmWUFYxB(l&mTcCVM`!0}us&S?ap;d=wX(k-p0U0cgf%1)E&7+EUu$-M z4_frEd@#6b;Xm?ccs*`uKp=O0oKEQOGpzm43~wgzZ`b(<|Dt=<5B~>M|Lz2yKMmQ* z(J^#*4g0$fa6kq^>8aNA`mWRB_2E(N&9ASI-<~}R;iY*0zdb%UdUf0!^=IxQfB*08 zb~a=7|DDdx=3}@2eI(@x`zxPk_6v}CM#5gL_5(W^!v_zCA>HELxLwwF!a>(}0wM|A zmzsSLZGT%sZe*}>Ke%eG*J@9IV7&a#qqnu%#l;1%?+{Ne$WG8+2*I;B%Yu5;Omr_3 z#0j+C`KqD5B_;BKKdp=Pi_vXEJh<4;?!VEX+PZQkM(@X77EV+7s)f0i#Vx1-Qpdzf z!9+CC)p?I7X^CWb@L?nW8f7T)-G(IsRG9$9L}zg)4E>(xM3SQF5keTeo6sDnCjYJp zd}*JHZ%lcpiUS(*1P5sL4bbs_f~Y4XidyYJJm4M3TWt7+p1^BE@1qOSWV6%UVvQf! zb*H)6++4>HXQbysESv~Y0bb*wY*_Qg_$9y@Q1jS@!|6xL2FT%!U6&Aq!2sEkIX&`e zCiG!}`D`1(v$X^G%&lg-(`>Kf_yJ&vSK$6@>cP>MukjyWuntz+)DU(MLap`>f64~V zHUI2BoIo2O-}dO|El6IBCTvOrrf0|DgUWRqmQf6c#Xq9YN1Mk?o^k`qTI~+FZvYDr zxE(7hckD=u;)S(&eSR5TwcOS28s$rsy0g?bTEci;$S_+M#ozyWI)aUYQ$ksC3hQ6A z3xQ^h7rU7F{Ua|7rZhc2P5W1F)Es%^gKH4?QJ=0r!<_rDA5~pUnTgho%#l?Sc#XZ` zESP2E<$QWSc4C+%@p3*9Uej?ZW^>}DiQ*aB6T4Tp8KCZrNOUX|b@QOJi_ff%TKW1u ztH1S$V!xmCpxn+()^7} zh3}wvD2^=DfZ_<#Cuy3@s131`Foe?wdGVQu&9j5z@xw9!-LVs_%8XEB`Ow)#ObRNC zqk&iCTotvFcwvmQwTo9EiKERUuxDb&7wai_?ZKO^ve=~J6%Go&M&bok*_uzp&>1GM zvG8i|^}7Ad=iNW;w0AE1&hzJg>N$Vf`IGyn{$9s*cQ3cLI(xn6m+j}<+s@Y3)^7i@ z|EHZ!du#i0>$%&xbT3R4bp*FeOeKm~6&4jmd&~c%i<8UOesl^X0k%!i2$(HxyhKcw zEC3c>p@{#IkJsm1nw*c9bU8w5p9|&A6q=<`BDTuLOWd}coK{26!V3vqdAuk9+zm;^ z5=9VV-A}MRT`P!?W!l*}MyD9sXLAQ6}ro$>k-c2(r;d2|AhPfoK(4c6CK zL})gKi15p(e}P=4DpGO0P=3t8Dr0@gR_S=nL;59NMqJT!Sa5Hj(isA9)NsByz*ulzf9(C>R(qEIMu zWjbD^gYmxyB0) z5jYVtT5mR>J9bP}LZJK9qzF2@AjiV$s9AWGpsNxeldi5^lNAm51W9X&{<^?x9{MHm zdT4Z2;)UnDTqwqP0a=)!l9H~6a`0-+gqDpLt=l{}DR^NUGFQpK>qDKCdky!K12c>? zvgZuzi`WcEL@+957RDM`s!AhByLAF5JG7XAKiz8=j(7MCA~uZBH8vR>elMp(ezzxI zp;q;SNVXx=s$6+|@aq{nc=?m+@K9N=b6r2)JZqE31~8*g+|;8zm~#_0oME>izRa+F zZ(U7+#I?kWmfk$AC!+uL=Awv8l)F=`@qG94%pR_c`g7r>tnQ0Iz$QL@-+JYa@T9I% zgrE}Jh2`8LZ^O{4Ki4KUqn+kLfkOdQm81pv6|e{)ijXoUQGYJHjQFMbKskl_n7xbut2Ac?c+E3jL=;Y-yF(>Cqyxis??r}?A@4f`;}=RF!gEo072(AD zIZMbtd8jQEFA)<}E-*XiMF_kInI!C1)IK6?d{w<9@Cv=(^YA)@*A`xC z%z8t|8zt&rv^W3i&45^P9>s<4A$Ai7$mh|#7C!y^A;}vYLdrbObyH=I7pxQK%1u|f zr_5u~cr6MqeyDwg*NI7ZckI+ySK|CT%D#F;8i7|VzXo39zJWHS2}TmHyaS7YSHvk9 zO?ReBXimCn;sxvvtwGbteimN3QM~@e2UfQ|ZD50dDvwnoFQey`qsQ0eJ@#|pCq#%iUa1&e2B?0}L&?`clbyNTl3RWYl#! zsloq`fSmSS*abttNDh_!Zv13^BbxW&T26QDYa(pO)<)vuo13={ZyEQ$qmu>QxM5@E zK(#J6CCXz$-w1OF?ctc@s)Ld-_f2-lPb^9$$pl4_pYhfm_uZiAL+~zX9Fm1zsg;Gs zaU}1Pjhy(}Qfo~g&p1vz9Zps&OQ$Xmh}=}k`;={u6I+XFC zb5P5}OQkc3VK~Qemfwwt+$4D;mWP+jZL$!wgg7{yUU@~TC63oAuPXK#UW(zG9{R8Y zNn0vSsAc`R<`EfODMjI(vL@Af5u-6%llyTH_|vNaizdVM*=W5`6QZAbt^y|;FV#4; z{#@)w8K$2G{J1Bcs= zmoqV13|=ow4H?I)a}5J+t?(PyXNgDiaooHyA57be*6# zAT5O}ftJb9lA^RVkEn>A zVJ5Til6_Ec8wK}{@kzE~&?@qpK#OVEXv4BYV8h~X1P z8;rsuU`=#0wGknuCSv^lWEM%k5HIVd`;N)=o9EPEKnH}p;Uf1Vh#f4_{WA#_A9DVem!`1_zPEi3Ti^J(EI3z%->0M{|48+oV`3gK25`r1jAik1y_+g+te!5V_pl#Dfny%+aZZpkCM?7GfHUVaU^1q>U0W4AQmY{TdoJ zKno1rhd#$VoF6Vy><)F#80L%h$e+IIB|z4IlTe!g0~;Ejt3x`B0mJNYe5{i6MS44% zbVh9bb5*+#*(@9_T4Uh&vm!Q9)Fpf+PVkoVJ2V;W#WwibbUeg+^|bzkp$iAkrEm;a z;zsLD9=U{UPGxX?VZcL+05hAnVj7#QuS)5K$y2tnz{d{#=f@xuIQ_EgD(j=TIHBUPUC60Axunzulrdo=xi8bC5V7tW zwC(^slvYTCpzbi5>_>b9>hlc56(odL)5t{5IdWQZ6AznCy{AL2T zBH??>4qm>bpBzPi?1&T!Jgef2Bc}AL=^|TMiA}3%%ZqHe5}U>=l`<3&28~ZC${?#3 zjb0{_sq3xUa?>b(Qwz=-GNm`q(mkv}-s{~>iFT7;C@q>OIZZqK}0du_MuL9h-n!7*p#$_h5>O2zQnI_V} ztHeZRj~BO_lH*l0ou;>=Oc|4XdvO{E~(j z7i-f#<2lyd%gS$wP#et&4AwTU&%N*IvyUZL7 ze(>N4f}rJvI2oV<;o>3_-*<4bP2!x3FYzeg;L#EgCr-khnRKA={OM9_03{DZ_w7#y zhdJusIoAN;rPyDtXDP=kqzuc19sVJL*Q;ZdP}<3Joe_eYn(*I7ymRj1W2zk~HXL4@ z8)_hp>Li>T7dydr5 zB09N%wGpskSzcL>rSU>q^)p7j0|xjp-`@S#fy>>PBn2Zv*PsxyZa+>%<|G|9UUYGm z4ocK*T*}H9iR;p4tbW&t!WRBh8o3mdaxX|TP=Yqi^!jN0+MFRWO4eAV-$!O5W?V@& z?fNs`M5d#b6ICn)wcKc8^V(hcH)Av%JTfo+(k!~O%%u4a)ke0YHIz^rrt(tn*nFI` z@JheO#dvUXzX4k;>U#0xb&_trfH4mOydvm*v>Z+{p#y1z22>Gq+ytemST0_P-I<10 zp5ekBhBw>WoMBJq;*~I8NW&}7aA8iPg)F=hE+}buF zl7`nfu2M7b(rH~tBNju^3uX9a?&GkS)2PIY;x}D8sY=OT{2Le`ygwXA!&|&FmBS%8^y%&nI1rD{f>@UJ8o1+utB-jE8YTjs zaOFC#vs#Vr(xm{u+uY)M|E_;c;l(kTPtCBm#za)y(SqmZ>id`tWuNJ!08JU~hNmcD zaJuxPb0F9Itp3L}binm{{%{>#vHrNmo3E=B0(ELZ9h@V5IuEDabHsC>uFq=%f9zXO zJMn^1ARCb|tikH(_#k)=t*(0%VcYc}fy9#V+^MO-Xe3`^uMLrmMfi#k9&~MdO8vD! zIBN~PuF92Q))Owq`{LFhOs!=3-|wrR4N?x)ERDn(M00PO})S?Hi# z2eu&ZXJ3!1?gj@_=ur41+gAP#Ty7JkpXmGAeS=@nONyYC93Y}D#i^k1 zcS|1%WGW~F$=FxRo%7Sd+41hSwQ~$doSwA56E2Lfl9V?ZU2FDz*cq@Q;aj6=FlPUC z_U5&i2q5;jWegpnC#&IX{{%uIbnK2Xi%g$S`I_5=gZf`l&WzS;2b6PRqH+Ta9ON19 z*!J;6X&EL7{J}Px@{i(VcbTECW7%A>4%0TpShM}@s;`~#Bf@;C7Mz8MzdZY>s ziGg{j72hhF1Ve2#htKs#(v;iAMW2&msiJ>4HWKa1Hnd%+P^TVsPMT=6;IA_Q1qVb2e&;&u!E z>FBLfldFU;B&eP@WY{sFg_!b7?NDhfZW}q*_(F4y{gG=? z%`Y@IaQnvNG~qjbp40BuGV#mA?+dFjU7f5PMJAS>bhS;`0$8RPVvr-WA3&LvOn}EO zm)2?ycTPcu+9!Q1p^10@76yg(Xr+dOG|Yw&og$<0an!n_2to*ckpMI|$clVI_7C$_CBQRBi~HNg@u%sf^X0JSEQDp{s+v022P$VNKSJ-`MyGd|py4Cd>Y07MJ8 zCV+Dmk~+HZAKb}imy(}}UeQMv?f7X)GfE95Ej2iAleQ2P@k8T5Nwn}wK`wyp8(?ZH zwJKEb7nq(A3?ZskaSE-?EK!mcXgp7GpX>1+)_c*6pH%Mn?g9d!(C7iC-SKVQMA=FVZJA zm<~K$?ta;fjy()q^K*OC#KVAi}Wbo4xi<<5vKiC8~M^`*Y*A3k3y~05Uceh5Fjejg9G@T(xa}d=w`gt`*d85mU0y0El-o9lZr7hTf^{=4JdznD4OBxL;W@Z zZR7+W1&^k6Vs4pN&L^Jqm6qj|XzGPWrn-n=0So#OXp}qb3xXq!oPd16qK^34k(540 z>>*g+_=pIlp=OdqQ53ne6uGOno9()O9}PpAAE}tMAEUbU@Zb<|uqqgHL0I`+Jf2Cy zWq*S^?gh6K5}A2px{G%ID}gF>DZ8qJ3|O~bzyW$3<-YuzduzYD)&xE_YYumG3q=@S zx9>$3#Wh^qB+^(17mUhS%;n%xDNxA!!yz z0fP@-oXM0m=Jn&tUgWLS5Z+lCW3ybTdxQkEUbcLHVJToQL!*xm$*^ges` z-~avJ&!p_dI%+3FC1*~#T0(w7f7TwR6*1P>7*+Wo+F;E$u+$W90S;B(C0RR=?z62RH$!oEhP+vabGBb z{kXotjV~>Yu*~(#m9KPAYU+)Ub5&_vPx1M*V^Yej6g>=S4IFrU<&8ga9!!5WWd*xg z;3Bnm8$2`GK5IQ~7q$U9)d<`x_Y-u3$kl7=hEx%U|8K4N!+QLJ_2ctUU99%q>ssC& zvAzIKNa~nzO?CwHPvn?qB;h8gfsR5Iz43Q{N$#D8SR>5J~BLlw6Lt5t@Jb7OJ|>b z_^pPLU;`D(lww;yW7>D3X zaf3`GxR~9Np)%dZq~C3!p5sV$^%Hfq&pv-a#NkMEAhq6zETJXoJbaGU05P zN$s(k$V1PCRU!Q9EcE=Tk9sncR%^APckRy6o{<{EbB0Im(78S1;f40uF20GlwW@l! zg%2-b=wa^O4Pd2Wz#Eu?O_~Fda>q$#7T929BUDGd=Er)o{K}CU03h>15n(JId8yt| z{e&$54U5Feg8)YfagNg!;aovh`Zz|~0BfHKo+3Gjyv)L(aIW^*UbEfY!PCUR0jOlX zsayf}nQ79G=N9z)D}^zvzTrwE4;pr*TCDA8&hNV z`Td4cU$yX48iY|pXp!(JhU%Bw7QrWCWMop`7u2c2Mz?Qy&A+*~{3Q;2t!6nirJX$a zB(S<1cl0xB;6HUa?aOgAC4fL2UA7J(3E=p;f z+SF*cz1NWsh>FW6m*&q}EiJme!2`G&qUVC((oot!F|ww?E+(^;f=w6>TcV1#)ddJ# zlL0f{3nF-{-C{(c{ZLv5-{pDU2JL*OTHH}!H2ts&3<1WTD`sMV1+9Pkv;4m%Az zpC&~n(^454Fe$Se!B(Hds{n(`@Y~7S?AoQO(c@QnVzZ-1Q_0<)?2<3{YvN=USBKyD zkr>|B2vLlmV#O@BDsp!QUWfn9UmIb2_tm`tHcAfy4FH^!9(ej^%k^7^JrJR7qf=PJ3_g0D;nsi>$$w zCe4d%u98jwQ4QYUd0Yid&N0Lf&7&1IHOVXK2A8X{PEF>CtK59N-G1I??|c~pN2~Vm zHrvkI7}LD*g)-E$%e&@tD=@4{RE1B+J}3Nm7X|wj4F%7v_w4ZP5!sXp#({E=ljdZ_ z;V8vC&xeZ|N6aYWhb_a_+G=9bbSXj$kwZB8a5|t^mFb$n*qY$X%C63iHbnY2ZYOTu zlSTe|e59oB6p(XtI{X@A8SO(^(J)F+i7k!x9ft~sszxIHFMvS zTk4NHoTTc3<;*={f9Hm~y;$0v)TN5`b2Y`J=}oN|4a0`hBiW3rdE*P8FQK@WHzj>F zU%1CJWR;da3{xY!G|DNS%#EVI7_AOq-AS6!lt(*Cd2P&zK>G(V`fxz~2x#cZ5CFuM z4u>FMaqE_N4Zf;S8?KS4(N(xU6*j~jBZp=UO#>=QkZJ&V2N|PSvl$fBf@gTrdH%}7M>4W$nd(TV^RqFRIUg9L9J4?-LP`UTr_0)tnwb|`aXFo7 zdDcGFNzhtJEu`iVOjN(2^F9+>G15SDf`hV+%&WXm6gUtP=<(ZIPh_TNLdzLPUPC@X z#N^+6Y*Ml>D|AI(5FiI<;{0NmE{tOgE!3N8%`}{hYS^&)!i?qQSG9vK{ z&hO;o9$A|-y#9;W6TaWnQ{JlK2Ujot{O0Xn&oRFGkMgBEf@5-n`xCzSK>_mpkDeO` zg!A2iAwt^uLP#$ldgA}>qdXz&O($@~a-C5Fq*Ph2-Pxm>ZMwUvNk%1iqCIGh8@DT- zGd+=7aG@zr%NR|fj2AavF>RU9-o!{PP2rN22uf@$HEA_1v?m%(o+PV*Vxkx&jxYaP zew0P|_}{Si8q~Q7jRHzFfW$U9T;5z}Ii6N{UtUhvq_HEV_LZE{O3sS{k@q|5$~OP%5ws*T*O_b8m1<75 zT8@%Dde*u8VS9w4q+w*q)RL-918b*#H5U=j4XZ=;@TNpsh@5a&DAWB-h0pNTjBvyXNCFmBi@$8|pq0$+pA0&rf7yD|66tPr~D=~O-R^d&oj+2Gz zBO9q?+E6?TaX!uKzb(BcK^B}$Ny8)9zEbhnf&hsPQWOv}gy!zzfz99Pp%w_rH9|T0 zK%4uZO`Bn|NwOI(4!$i@!ac5qE*eb1;#jYd(vYiY=ubTL;(wLJD6Ff%A73fU(%O?m zx^Mwj#t+~@5^?;R96X87R+vgLry@qA=(-`6oe`l?zA<`#QV`L~2ws&I+=>J$*F~E$ zGU`SAFRn@9Nnv`l#g?)ew8V_AGydK2fMHJibmZ#}{VNdV$sbR&Xn=&{qj(WE2ykm% zU`^&RurKSd>zd)99< zvT`%kTGMY13A$a2ujR(t74WOYGU=+pESa9RCMj4*lD=pmGMy4Hmgcat+-)S%=_WML zLIfnE;0(R9KtO8E4f#>t^`roasl#I$cQIilQ{|?QkyS-}sujv3{;5<$inGa29gU-w z^)mGnVzE1f(9I)ukjfdU7Rgv5eJncX-{6T(hd&}GS2TBSk}%6F8tC>h7gcWn!cZ3$ zF4s9soUuC;?{%CI;0)po_MMvl3vayiDeO=;+?7?L=t zc=i`F*brYQ3G3yoMV?6KJMUswQ3p_pdBQGu94|?D6A^$6Yso)L9B8zD zR3o}K%c%n`1Ksa z%*c!Al*mH7Zt3_xPgr^cAP&Zi>cgMdaeer+%*a0YIwiKx6Ps*@G3$IIln*K#O-y6J z8eNK1QypfbySr_|Wk#eNg8{tNIj?;b8Sn^YWEQiQL6eSJY0H4e30IBe8n{-o562{pehEiXIN^u#JskG6nG<75lFJPdXY!gH%MQ9XbcVN)*Atk*S-SV}9KQct zr14RLDImhDp#L|;o(ugUzEJseq)nT(S>zy$T^dhGfe-9^25|-wnm>LfvAt)+%=tRH z3JfdW>6)%1JoXthqu{R7?$GN2gXv*=j4*_B9BC>pUhbp5!ByvY=#qDRA}Ae-4I#fX z)*dPNyR>&4e4)6h$0Is^n7oqk#@cf237z&t1hRe6VO+t?Sv3yDIbI~4qxF*cD(v|a zoGNlHC)79aV6jhL&%7~oa&AwIHX?wj^~NoqFvfrU!24Z-rekQimL&e3Qv=!S#LH~T zRd2ix*BOCS819>2>h{lhLet-s>l4>h(q#_{k@f?11@VL@d|%KCQ=~&XgTdNDBTKSw ziOBeY`xd_5HCNP(PU^zMI2Yt8Uja1yXZ=RNLtm%Z}*!faZ^!Y{CL11IjHnWeLS zf*BVO8lfYCXwj_~21{2ne_<=1bdUmSA=EeG(oQZV)r0&=fm@_ayC1seu*0wL!(Qmy z7I2udK7qSL>!FIQH#RJ&==V3UMV1>YnyXhQroxU*U zgrObySPb%VnrB&!hkfJY zC8M{6jzzSHFy&CUkw~s-oa994h5h1NNSOw{VWffASCN~|cC)?H zj@?8SnN}yPgKYDlxWSLU+}qsb210QQA>Lvq(O_p&+#p(cjAu<*oP?yf9p6ek=lajE z2DsUr+V^(+-xN~Ln9eV6*p)vK%S}a#h_B07&_N6@Bepmf%(3-;GPIrmez}PB!`Zop zsTZkbi6s`UY3X;4RKXSU0`r4R9M^p|hGi;{xt|oj0{B8wU`j;iNrcJws+|qg8U}R; zw@5Hw8biEnk%uA`xWm*w>GNFQJm#2j!nDRn2TGgL))CdkH4GmNxh)hZU`ZZb7#K`V zUk;0ERLKnGqu06~?qnKpBd|*nrlByDP|1co_F3Ykp-hyuO>H9Qg~%58`sUp>{PFM> zuoyVk9*{`U(rRZC4IWs7f)nBK7uSnAFWcMI2vH<)ErnQ>pi2hp zDMOfy=zdkVVk}I|H?tS55GAusgOTpIcoNi=N!2Nk4Zp1kKq0L#-wj??1lx>NOMUR8BCE?2Hm^`;m=$@9F}r}iY-1-_o2a!@uf5Y=(f?(XIQ>seK8TC1(P&uo-^j(qy<6$J$Ov$50!j&VUV;?Y z1nbB|PfO5>#%n5Fu8qYcW@lQeMJBGoPtT|;*;a1-jD7^lDDLw+lK#Z^RMIl-$D2J4 zvQ9bdEmvUKB<3HS-B)UBYvl1}V(bUfD_>~>xw~)@a#K2W%jQX1oJ_x1?o$m1XW78? zc`iA9CY1a+WbB`Q_a#4**6{<(w4qP|HOrxN!{k@{n1$x0nG67f&E|+EYCDOKLGam~ zsU32b?De(ui{@fV9D>?d#`k?~3b!hGr3(K?p9m4)MI`PnCju1l|LxtaIRD?{4IXyeiyH6$fPGnfj>EPCQjEIdXXm? zlype}+Gg-^w3n$L~&# z#E-w7ynHGCgvWnX&*8^=^T+Ao!KwK5`uN@XPbaUB&d-kD{{7_e*m(T*;8)q?A7|%> zzr20(=AC%(>Tj>#NO%YDk51m5|N8di-LdZBXWoNwh?dHOXDUL~Gx({d6)Jx~QCXh9U@LR#h2LEbG1W@xef4c$XdC!k3OD zvfrveQ-%KD$EI%jks4>iV{gh;4nH`VR+A zXJ;3{>0XU4v?{rQE*p)iU8c9MghJR$xg4yFNa0Om8ZKhDqEVDZ%gDj6Y1>V%+g050 zb@Q)3gK&2E9t5m^oF5#$I(dD5dT@63>zlVn=jT74ygaVdWIcUwq+fW+Vc_+1KiD8I z2BnI5qURvf;1LumA%tzpA{F0Q2R7L&y}Kl>%iQJwJA*)di(=ctN)`Dp@Q3a!c>oIU ze>UU#pPkLEy_Nj8jFP5R5XPsCm?%f@q~j3}|A+~L;OuYfgD^(_qY>{GEt84y1bI43 zrM89)%6h3YD3Bmt!WJXFS|Xpf-Hn};VV%qB0VPw2^N$oYpp|EV%7_drV^IOUUEMSmJ4DfnlWIojEzp*E*UdIK( zl>^tqO8=7k@`@-awB|qgQ7eBfk8v+i7&U7bIPn| z^4v|^uz>y=hOS;B7?UJvgRo+(kGxdj|LAgc){H(y75gaQ|2sSFy%_)B-rZU8|D}|6 zll>JA2$b^BH2G5D|Io6F{L7R}8G54%%jA7Z$SyO+0Ev>WZHT!IL}V zRsM_mXQIbVI}G5LI#4to6#`HIvW*dv|C71BfnTe2c+OhsZzjS^36EnHod4Q$xF2MO z(E%djk7G{BN3YMgtA`nxpT<;#$m0W5;v<`7MynZKgOtW0i_p_tk0%k9A;b;)9q9h# zl6>pY6H_^}L_T}IxxprMhtJ(9TqFL15mACzYTyd5NRqcOeIv_A8Di%6*fgGqtRCXg zrT&c%R7gX*ZvaLZ^_)pv{CWm|WB7t|awQdW^5Q?-$un7_H4TGS2(MM@88ONK{_nC1 z21XQ>Wt>F)Ax9vzdc%-AZsO2nMiI#K4W&TDxKzkg|4pFA`i6XMoZ*dgi^&8);%L%W z|D2HzVngL^0BqjBeYqB{qeBCi)_`zdxrqsS*sSsg=^V`SudVlR=>xFIohKhfTL{pRTS z{PfM+cQ2l(-@)%I-DC_4_XkW z7>{R)#8|}2!e`>gm%79Uh?|`0rvj_}r)nhs|MtGUt&QZ^`~0m>(GesVACH8%dP$rU z)@FBk;tQ`~lat5siw9|dSxXx2jD*b^-p~GaRo^djlZ3FdnseesGkvMPRaaM6{YnnC zF)n(bk>asoe%420G6-+TIQ$4sTNlwM2r4!K;Z}gV8lg*$js@(a2r(uC#1rx_%7TFD zq9n^E5VjKh$+Wq)X6!20-6=ZtQ}#T(N=M%ZW)|0J;1=kc2t2+(eI4h9pdKR$iZ3`Zl&jsQ|UE3ssI z;$}mJOnd8@&!{bTeF-fEmMvG5Xj<(Sp(`U@5O8l!Rz+vAAUFQAQ)8<|SI%WTR8S{U z%tBd$4$p{mWV{{`g5J35(Pg!UH~^R2=0Vbxc|W{F+J*l-c>DV3^^f}s{Jo37t=v+- z_lH0H0T}^$w)G)y5=u*mOocerfTL}cC?9>J0^e zs$l=NXyQLNSQXb1z&3voVh<;Yk~w6-A2QORi-6T}$MV3AE^~;E;PnBD6su_v57_3M z{aIXtCzodo3lDxltQ4~LZWZkA&hT(ZPdlqju6R#Y(`b;4BZOLo_xvXw@K-s!2zj&$ zq?|GQnsj}Qw}~*!T+xU#9@vzV*xC5AkqYdotR#@?sg*3FoYPIVVoOS!etq5msQ77lO7&LA(<`3>uD#>m(^9&cLDLb;%rIr916;21Zx z=h)0u5iW`s!uV)e8JIVC&MG8LhH=@{bJd(5?cxc7i|}eZ=ubN{=nOlVod1k-qPb?h zXf@Z$rj(jdt#)o=nvU`bDsDmY{igWaXc`zJihT$X6j81E|48fczgv&~XaAS%mNKE+ zUq+X=z+!GGbGfB#jnx7|s4d->aKc6|x|`|Wlx+P+OLFX{iTZ$CxngZ0&QV>aWd z7O}|m=R0%i-8JmL?)aAd(30DHo;vcsP%_pv0V%Wp-RNxC_8&XjyG!|h5s!88Z(ke) zTwSpWS}Rni>_2m5bX}z-b7(<0Aya{3iYDguqM4bNSdfDvolLBvhWgTKUjt&b8bpqr>keF-#@eg zwCLg@Lue~afo*S2;l)Ncq7Cf&W0gwoPsl2R^!3aIr!2gKgIx3{>%UQ7#he+(qrK@ZZIL&-(RMEZo;NAWicRJ3=1Syhh>!Hieh#yDavdX zd)I&%bv_KYg|6sjJp7O5+466M?EBjq}pD1omceYj~uaru*)Nr6-?Klh&~` z7im=NIy(i*jzwvoyMd;Bq%jj^b8WwnCzZ^GQkKad=5n{f&8Fl_h3W zH`TdD6MMggW;ERsmj_V4q$m{#T)K^UO%q+)L}7Rcw)jveSl9<|;a|h1#we^MOR-w% zO^0@l&`?^Y9TW;J{dJcB@3~QLuS}{~%C2bhwI2DjAr3AaT$~OH3&qYJE$XRDmBW>^ z702VZ>PHP3(pBe5{w#iD7^^ys0~zZUkSV}EDzMPk?d&|+3z_O@uIo3i{M^Z(mmzl@ z7q{RZ*7BU2RC`V573Z#NZN0X^-Z#7AYbZ=1Cfhr@db_aF1|NHIN`g_9D3s(+er8VJf++13R;}Bj!ljFWzRT5Ho>FN}wHC!nX)0w`Q!Z01jelb$Thdt>50Ta$ z9u`ue+gyI(Px#eyE-|@H)teJ%+Z`6DWoYS!wC2EP`BP7$qEJH;@ynyF%;%{^BAmfw zODr%0^z&DNpgsIoR5f3z$t*ROF`3D7IjoPyd*G`x5M7&x8igD?j1xJGIUQdep8mvP zrZoQW^62E$O8D~N`@@$$K2kKhSf~cYfJ9+Gym|S8!)xiK3(!B0ivoayNeVdSpapI;ySpPvsA2m)++PpWi7UeP*5hOWHAVzq)cxP&5g#|NIy zC>bcX`_yim*7PStLk}`+KQbRunNf__&cw^r!S*{uYMu`Cpo_~b=s#%- z@=B6&#-L;8t7v?c^jw}(;|w7SthrYe7j_Q;S$=0bpRT2u^J%1@;N{*Y4cgd&qMz1rTnuK1M$0E3uN>qmpZ{d%ozZPF(%VEU%i|>T9m^wpHLcdPpm^ zh}PlJ7Rn!U)ctC~*gXng?W=zgLu`5ryhI}czLt}KWsH+S-$Q`>R>V|1dfn#&r)%D- zT|)yc)XldtMs%}TT@UPO&DX0#FTC>8E<#l7#H#Pdvqhx zHo?)Vx$e9MpA?RBZFa5(o(oqiGMu!3COG}AUr1T`+v*ypg;cqn-gJ`WUk6x!dJKIO zDbf?z>eff#GFhDdmSjmfK7g1PrM=afvX@%Ky1OcxS}HWNLrqn-mZ#Ly|7OUz?hx5Y z3TRdFi|0eBEKmKFN2Qsd%2E}9%IDXu>S9*>DdS`2cdj>OrJFGSQP<#`_a$|e5OnhV z*x@2xnyeV?Q*^anTxo9`P~5JPVTx- z{3_+8YRx$00d(fs5UXayC$j}^!>r67`Vbze(>u-!m^cp8%V=ynna~+JPP$2dpPW8F z&aZlu^p4AGMVzDjk~Q@bUx(#*`aho>zI8j>pUynP1E`+vrNe+JsU-I{x-h+W{CG-M zzyNJ>Ju32lG=Tr%p@Nd9aKPIDsZyJ=49OBcXp=Wj+u;N`C<{k0MYw|s-7d0xOIEFfOB%^i}_EZH7b*l$BfmQWq zgYn270PjqAb$UGCWmj0Ue?&2hXDwN)$R>O4({@_YbLL|CEG)MXq-*>iqE+7Q3XhAH z$E(#BN`J}Ax12pK!YUEv(lWi3qJ3pIyau|>{^u{%zRHHx8dJ5rM*W=f{Hik_5x&qX zb;&4Mo?p|Sd z&{MnMg4HMo5LrbaV@RO?&WY(zT4s200p|E9LW;kqEo+?gqg1)5Yd~f?lgql?>K45YH&=P3(5Ackfn+aEWRp$RzAwr|s-TIAyH@d4Jy$e5F zr$e0v-nE#mmdq|Yf94hfI#)!C&!RDF=?a`NuP9XwbA)~E7cp{a3k$X5RgGlww1!SS z^^}0+3c%@kK1cG@J*z4y*DJdfk8_I`>?XHCuyM&w!}Tbrw;yuP$kYC z|7~yA!GGJ?SmHk{;_>1?pRj@cW`g(`NDyp}7D1F*X{yI;78&OjyID6s&;%PJ1cMf& z0YY#C^YkVZHVN?eK9QMR;agxlQ3^t+>>AR+oQ77^S zRx3&sSjLhFx>-h@c>$JP9S~ppvyz8rxadG9lwo(^d74E;-)jNjb%wKpicoDxo$yt0N zoY1;%6(n8)EqNIj9eFd5$yJ|6Nrs6tl?YDXk9-o4mU`V`KGu9UBf@)mZc*fPEb@0R zJ$?I69r=&%0ky+Gm&kve?HwEcizeS$%72S^Jc=bf2DEW)Y{k( zds~~!_ zhy5KswdDWnZtc52c*^+y&ZZszb$fSjbIJb~@hp`8qXAML-#_+QD0~x#2$tSp|9ac? zt)SLk;JKm7t>hvehW+?Au#{z~)r-nihz*CuDFrJOC*YE|eJZ)Q|KL~yMe&q0D`EJ? zL;lG_0yoUccPFP!Gt0LRKYC(Tm;sG1tH^=VFU{^;&+)$>dPUcJrm+7ASu}>~TR{o` z-`H{V|9hRzQvP4a;6wD@oP$f zCF_5Cv$JF0|7~n9*Z)Eu@4A-$0^fxA#po;Y%H%(gmS2*1NSaTYzLW-w&_Igz$!&pi z8_@Du6sPC~=p!Ndyi+c2?`;nbdQcxcVgI2;AV!UFc#|F=@R9x|&*U#i>WWp`pC$Mw z9>0=u_dN$g<%*pR_O6WLKIE z(nd7EYR|(g+TA8WPiG{2K>j)xbTXYOIcsj|jPaE`wc>wXMSakV)QtgJCjakl+voqC zo$Y1(&xJf+zO)~c>v*t_dpv*}f~xk}0J?=vjD7OBjcc_1xN-P-1ZrY1_Cj~Awr_q4f%Bv_CX-*!FGg{w;KP9Sm~I440YhnM9!mbIH6oUODI`?pPWZ2 z-72WCi|wUl^y$_erV;7KgLq6!94E93;*2~xzrntE@%jYP(p5x2nY!L;99@u<%IlQd zvO+jyQpUQCy^F`>Q{3;<+Q|gAgOFB&#B*wMyH*{$JnnPiqwG{L=;&mdiCe zUBjT_;PRQmQsJ4lV1O}IGq*Wz(Vz2v-B= z6Yo=``5bz^Dn}(XRCOfJDNlHw8gs)cxyk=%Rw^X#&{f|4(Cd+roeYkB)=OxN(iiFsXV=BF)c>DmO7t*Bm*jiaYa~ugM=Oo zGE#wTKo9RsWJC3qGch;|X$h~Vazha{J;92c@s)$oNU#>sB|6}FgKn*@k8;061An1a z)GpOjmRozv&?<0o>HRefDEXIBFF5DGTB6tat%N-%Stm;)Xpv?ZOv)i%n|LL<_|BHA$_FuF4|9#J9#&m9gQ@P#ox%l=t<4*##s`1w=H|2Ma7`EP4) zssCNbW66Iy?++~DuZWB5zJU5J@GaPn+z0R1m~9mXDOhq{UaajgxjW2aP2H9({@Z$L zo&S~l);#(D*4BnC|I_5l^Z!Dgug3o`9F4NJ(l79oC*P1C`F;8S!A(xw4KqWPDqh~J z&ovR3J(XdQb^l9|mJ_9oB0PPAz9}et>h1SY(tGK1;#b}L)aqtdy)it3CdwJRAG67T zTRt0#UVam^+B)UUY<(YQ5r+3^T9(pH2FArAmeS&M(==IyhQ$q5G(p`e{rPK=;6)U! zO^B@6Q&=u7nhlyl`a)9j03hk?IxrV@G#Kdr7&F)_SG7S67~=lgE{7W z9%PKTL@NWtSS=*L26< z-Y6=jD40pfWaQI8MEY=JkuX82y!LzD?CS9UVi7aHjxzqgvt!{uY;`(I{GY`<`QAcI zxLpO4VCM4jLoAUMr*)8-x3{4u{E`*Ls0QO+t;x7oT^tBP+%pfe6ws*>t{G?R``{0|QbKx0;`?SO`Ha$_9FXNM}r6y`rOTgNE{B zfiIqba3-vsk6iNz_J~i{){l|&Wr7!EUDL9-W#@*sL6<128yI)a%NPWKdw5>g(>(^syHsO|}#VVMbwH3ScKKl2Rr&kRg(cekILfZ1_3_3~iQ zj}h#*v}Bc3mC;QGgAlmHyJkBXjoarT-8{gr9R2`+?*Q?>`L2>qhIHvR-}B7ZT3|Ch zdg1`y9Al(JmQm9lvYxWvLb%#D!#-^Th%Zu~YQ#%bd1eTm$A=@0U_%*;j(Z(lN9k8A z228jAS3dgTQ)d6Yx7V@pzdL)K<^I2jXQussMw}S2WEKw=LzgM?n|(NjKp}qvQb-eh znSP4G{`jg%zHk;WN&C+bU|_%9uFxvP9k^m;G$b$VMbB0reF8Z30O6DAlB1krM0bY> z-i+{U7)Z#5&IbHQV|w83kkv1gggdhN*FSY=bHYy_$y)pW67tjO>2doDKZ$MLt*!IQ z-jU`iRM;fXo{{F}#zvDcw(3(QO}YMSLBW-+|LvVETmQ4Uy^R02kjG>H;pYKg5kg!| zn>IrV{||(4o9UTy{ns)DF4O;R*!O>18#_z<$HhFg*FPGujxJ zCX;G0`~?_ypTe|vaD0TnF)Z$jIK>~MG=Z%v>ftYDGPc}8zS?I7`M>fdV5$DkiT|N-P-$x5$#ldG)1I1$}lAlcq*TFYm+Q8%0Sql zeTEucsYl*V&tS{fzlQwTrHdsQD1#fc+bFN2Z2i+;_WIx6S^EDj07?BAzzSQ99HPfIM0(@eBx@n#Ut|5Zz`iQJ942X0ua2_y zzq4iIzwK=9?k?B=BAyj;OqWcQ4l{t^WTQ(yT}4B3K8gFFq9=60ehe?E=-*f&r+{`0 zI);Q!5t7jv(I=Pvxf_!2KAn<7FxhCy2Qy2E}GFr{F$C0(2nX4 z>n#FiIwTolP9TYlq7>F})M~U|oSdD|`5Dn7I8Nq2o}Z9joMw&IWjt=-@L0 zjsJ=lSC?)0NBqpLhiz35J+OSF3mz?p8;@JrrxE@4Jp4%i9S`7dx-2dmkN+Rd@sBW# zlSxL7UL4YTxvHblihEJmX36QRM(a9*`}g*@pzEly{@)%Rym)ok8uaScQM~>;n_GKM z{Lk&q&T{=P;#qMwrp5tz%ieL6YKRrlqYG2MekZoM_m5=Y4Z4UY=NNZ`7uXhw*6H3E zjsahuZ>%qjjWw*Xt%^+*hzWIoc8*EbYBY`jTD9NL$UD1Xg~aknKTe~leR&m(fZ??T z=X2J=IxtIa`ry!pt?hhKj?;pF*SLV0-D&k~^o=`oV&Tc+ooqzu}g zN=4y_0f5s|)3}?F3t9n*!tRws|CfzUlgZ^3zGLJ!8b4>Seb9~&aJMW|EWqz^D~ZRT zM?%PF$a|51q8$PByU`HXE$UwWl}u>Y8DtqGg#>maKGCj{Nxz5A8|M)pgc#~bCgTjC zn>pz)BIHrjx@@r`q0$f0xZC?6%Z_21QCg`43{cZ-lC2lhgHsdBMrt5j0FV-W9woSp z6cL@xz19Z(zm7u%palomjgppHYV9$eCo*^kT3*9Q|UWFSh`G8jrbbJ0# zp=o}x6V8O)mCelech%*ei1N9BUkC8wEfZre5yy_1n z&4m>Mc5-5g(bX8T=01vBQHwCGCHX*S9_ZkrlaDb-{qe;OExB>3Oe8KVdmqET(vH6y<}7_!WkCH zHH!@%g`l_{Lx3z!s?ECi+T)QtC}R>p+}BLM3k0l?AL)co!#@64A#d3@_ZqiUTI3aw zTgu1fxrzQd{2UHOl!RNFDu9RZ{|4qSOz=TYr4RH2j)!<5nbCO!&E-bMynZ_590EZ%$6nj*kDj{}-*M zzp5z;6j9;jJ6bvKs5jUdwBL$4>ILucY8{ms+*_#QKVUhqjY6!DIcyW{b1KER2O%)H z_KT!D!7D_J+(mg375Y{dcJ5}&4|s{%Qpf@9T0Plr zf%J~WjFK1`Qv!Fj1hnsLUxn};HEpih`VB>TIA@0SBvWq;xWMbRw5Wizllf&oe7>fPmH0|w&APrn(?WA z+#TbQ5|59R`0uuMzq8u`L;Z8whqj1l3v7G@rxGbZq{QNAUy4O5*j%7FtSHuUcgJ?s z7P=$3VH)o4=-IH_64GQp>4tsXXNG0Q&b_;9eozzagQA-EBbzwQrq#Mh7QKX0VT7TD zsBQ|$ML)cRp=DEqjh3c=qCHJl6Yk)AJ!O1DX8~?Hk;QB517}qq@Q0Kupn?x*RbWwp ztU;f`>^3h`Q&KEfSb(}r!51U=GWW>o%M&hS@U;Ycl4u38-@^K7UzlcX&uJs+_n77Y zqUijCpj0r;=yZSL%;c^J_+-l(I4qW^!P$_KFyyL(>Eji0TIAHK5n@AmV&Ks7KSo2< zFG8{rauI#Ss~4z8gs&Z~-h<<#;_mXuG8HRa_km?29;sIu106 zk#iL_^l;KS2LWX=?6sJJ2sJy>xdsnXN6#znz z0tYme52ol7q?Q2l7<2U&JxAp9?!6HCF}f+D5xn*vn#6ASysRg~2kuLGrO)}ayq{;` z-!guN=L=dKVENjUj+{{RmpiLy-H(-(4uA7iFhuyZu@H2OO_lBbPI;QMDHexY(2eec ziu8$6XwG-uqjC7;xB7ehud zrrKlYR4MY)`k!t*-7rX*ZY&vr{-I>$RvAcD5aX1VC})*eVJIH~G=*S|>#B3KK27Y3 z*sjGTS|ChKg2v<1c(jkB1d9#UAzKvgO8W~ewOh(RZrS?%D_g)_)bTKb8ajHtZkV#b zTwxcEqK{jo(Kv}BrIJ(H<~bL@= zV9h!}@4vHCWdE}v@BcTpcHsW6)7kznvU4vjww~X){=dffa|Ka-1CWyY-`$PvEeHQ` z>HoEuXGN-`*zh6;wTE8b{KCZn`Pad#mjO*SfLq!g?irBaMbzzsmg721V|JKiyAVL{ zfeZ%ff*ZQ$N|Q#^HOlG{M?&niaMCEwGlqu>F(}bL{B?yRoBYPPVlm` z0}XqfjH7)JJ=wuIq?9L_G^a_Q(1|dNL?*07Y4pdIK3A5r4z;5C79>S^LlBvQlefg*#m zNE4;t0H1=DL;t4Ha1`%g*%0=*UDUYGk<6K)5}&tkQBF+(BBj~DWl}|z%`YivgVq}| zH7!E^Ez80V&{l=6!N$@>^OZQ<(A1dwWOHxpJH2UTfIBA)A^`ljGjPg6zm^4hK z^gf~e!cP#~AEv=aVc+>e$cnC^1UcC-tuj=VAkND#O7;hL8*Ch?53xi#PbWh<1D-Hx zk7+(QXW>)n=eI8{!JfBbpSZe1IS`u05R}HFjGjt!w1n!=gBIs2T#$5eu` zd20&%lFbbztMmIomTbb#KvI#*2!|DzJt34qM(L+GqlcIXmJVIh!%4r7&PYrfiL;XT zPob8Gb_{s*(DiYn9fOQx)zL9zm%2q(EYFT>nz1KAp{eK6XOUEp(js(qsB(a^79tKC zzsL2dCc%da89Xjex}_xi*u`5Yt|>7Q9+%|ByeRB{Fsq!Yf{-d*SFD8$d$e-+uB#(~ z3qhGo@5}4qT#gq_tE;GNq=)HvTtVfC)fA~*>ovPTuZShM+Dfzh7pT5YQoNAH3C3o* z()mes8gv)vtlY~aUH8cFo0uwy&wHo`PN-;iinEC65rsM_9y&Xpp-~e1Ys#Qnkk0~D z{N5pxRYE1QPOg2Ezm=+sZ4yA$TT}gDI*@$1V~N;pBGXkDqK+ZoS)=tOIBMoxV84IF-JzJKT=%JR9#XDa=V zwY0MUo&Ita110DGZTf$<|NrLp(*AQHkA?pxc;nrj|3e-mTm`RBJ=|=G^XEt$V0pDI zBNhX9<<#T-xH)RMbLM$+R&wIZ^WQ}O_sY%k_~CkQta82<$#sZJO?Q={*uLmVC_`9I zE=D!A7QJg;MzB{~nAX#ebw!|`dmZxWpnFQ=BNx#;eembvp0ItNTRtNeXUMAHvDGG} z3L&!&o!yZ6z>7S5y9BIADQXCpYRf@Gym%gK0?=d44;*5CFN6+Rdqr0RCSPN30smQI z^9E!PgX3C5c(o70&--L|XJ>224`?z=aRSo!ZIa-ziYeqoSIo#s#nDfTy(Y1k*96kZ zns~wRP2^8uB?B)|9TN3^;;%R-fZNq$^n7BWXoSH+^EK%4l=4$q%doStFf@bXwzP}L zgqi@XQg1d^-F&$n#D-Z z8B{mW0t%X@9?FS5;mz%d&uhliv2#0t6Hry9>$~!6*7I6D>IC@pNmcOlhMBhK14fq){anEx}fxao}xalj<>JZQR&~M1}&I0o3x1cXR7WHgS*`_>PHNAVYW78#4 z1Q|^dTw|K4$tzQB=oRDDSO7Biv-WkELR1kRwKi*il&1EesxSfU+n8}`5-kZ^QqyOj zp0%TKx1D8u6r9+^)&6Xa5cb5(_c6LD$rjKg-mJ`Ux-54$3?P|NLQcD_SJCiVU!{zJ z@g=G)eY7X~Ax#E)glBpdjH7;!Yh#@EEV2s~wZ;?Lw|M4tYJyd4SF=xi9F1GCxFrZ~ z;TDs_(8Yba!Oh(OOj=RgA!E=( z08jDgfp*-9G{s7hYE?b0etnj^%d4DfkMC?0PSSaIq~WdNY~FCGiG8Tz4$WiVHt$Ny zH*hO`*-jpi>`LbyUG2xMHWQ-mRYIC4QJ5l-i*}8Uo8jn2cx9li0=pk&)2`{10-dx^ zR=+$ye0z#HdEBufk-E)nSPTPMKP2_3h-%&u^a}QeohN&Llpy zk>)lD0FjAY5JZ_GO_xeK|1w}H0f@O*^sGpelFqtTkEFLwHC7|bYth?Ut36I1mDi>H zi6L@=-;Cj7)!&gn{fUpr4`JMAQVUJbtzVp*uyF*uF{^blEW(}nJdsMfY>@= z%dZgluj8hxd|AOovQ!-mT63RdWU!*@#HmR&BW>Jt%14^bysA_8{9vBFCylwhL|U`L zC9>90z#5e4%JiHQ+#a2>Xx|~CvQVt70kOhbl4`&f%j@lNHzvT9FmeI8fUHJ|Zzi(K)n2=wRbG)Hs{+%)|Virn1OdBKI1eO+aVB`y+9bsG{--pUpv4qi@W`w=&1ne|8o%MJ5l zY?cckMqY{8hMuUt(FV&syUB)kNa|np+4(A5^vzG8`wCc3t~fUuY4fT~o>LC!rZ~qK zm>etlgZd0ALdK-wh3~TyKPrTL;Lu ztQN@c0&kcnV+qSrAu0XL%H+BYX{mjUuqi*5TXZsf$vG$_I4C{lVV(S+4Avj2=cQoGWr*f9C4j6^YDmH76NB(?NgvH}6>BY!Ih%O-i` zXe^k_#g1zA5ww zE-5{&Bj#kX7RPgDQ=B)$bbXe+PNj7F$1IRtuLjzkU~wj;lcqcW)+JK=WE^NnYk`QB(G_H~X2Ug3)U2H>+GdZmqAETR3N!mkj z2D7k0tB3xO?+0P5)H3uv{Y}rXmvJ~uC+BhUw@Y{dwMrF${MHaB?CY!_CzD|uM%O%2 zXWqnb2n7bsTdQH$sz*DW*5+3g7I2F7Upo$H>H6>3@jvOmOa1>so@M;c()gd%1AjjB zU{3K&vHokv0WH)2>}=ZlpWThUrTx!B9z5)bE&Mfr)E$cLuAzMqgO8g&1VsD<(4}y9 z@a9CB(W>wck6$1CFZl>sg?{#gd`janm=VN7@?*lI^YkZ|mk1!qa+7Y-XS!s7g+5h~ z{pU$C&c%VXvpl9uk#W3LCzU zE#6>=)J{tZ*y7bnos4?)hygV=8fO@UL4I?HZ}*aJhClG1Gf32CK^4SRQBMyI*E++- z@sO(o4+ci#R+zlF)mSB1Ys^!=dwclu@Zf}5a=-VsI+y=6M5&v0sR8qJnW=ECpSn5* z?fXY7#_x4PPiV;}=mD))IVGhX%hOfp+n{TOi5Sm2cBl=~!u z_&33PuubIq=mNwwzW$78Dh3TPfUUQYb)6wSD_vDyK+9unBRI$ML_;Bl%vGsp+9xUbmg*@K)FL^_MZ*gEGn6($mno?u&SOI3;;gJYNlYU>I z_#9olPR7S6-A3TfOT>6+2&X0v@`Jz5h6nxr(U2B! z5uz;~gbEiBGJ**YEMzd;{qoRv zB94bL4`WeWc+?9F_<<2dK{Duqng)yRUL_DUL4^F6(3!x)lZFsQIvzsc1_=F3`Q5M^ z@$+UTqt*RmE9?;TY&FyTwig^oJ)CeO($IY+>85$-w7Rz(O!+d0*PQ=^)(1M>8 zaepXtU_mq>h6DS{g7e379S>-4mBD-*SsQ83!`#8p8sOH?B6H9YXCW*?R!*!(j#B6O z3(7-STyV~p#HB%lTXP=M1Sbqkh=K5XY-t73DPomwH@NMr@11RGs~Op{bPYf##;(MM zu_o{){R#a#-+q7aT+Jy=>FL0{+{a0e2-sZ0n5R{kR6Ll_NqD57YpolNKulnWyrZNS zi2expJK(U{=+F!dw1O*AX<&F5BaHoIsA=4gIEe_JgB<(`vSb$WDo%k(QtDwnLl}{U z^2frVT0u>b6;Or8dq5Z3A%li%xG-_RDi5+Oz64FtC5$8xLWO}Cl{4UI)tdnGLuA{G zCU1z3$mUkK8T5g8iEoI!xqgA?yc1c>5h|(q>%-5qPx0=J=Q2&IPoorkzQiX4&IN`0 z4*;fQd|)3DRz(=b;+3_PgwS&xtPC*eJQ_M5nT%kU%gSc^X8;|DdKl>R1GOy*n6w@b zkc|N`WnghoVBqNP!_8}}6{78u#^4!d=5&K&O=ZE^u5QlLxF_Zo45AZ; z0~!sm(=Bs304~lx2?xF1?YtxjC8iJ9%Z-L^nT~e8(ZvO=VxPQD_!MA!z8Z!@h^n5M zEjdo(1UXNi3RP%XKsy7PFZS&fu&OYV@CaqJ6e&(

    65lp&A0`Zvk)?RFq zXPhqL%Rx92D}YB#OA5EC=wH0ZDp)&yO#<^-D#4}I42Ju~TlO8oxCQ*!?A>~^+n z|G&=8(*9>5kL$oAj;(`5`uOK59E4C_?wONULPbxVyzIK~is>v^-gEZ3U6}njzE7nY zeRXp`sB*VN?mgu(Wi0A51M0HS=G+25@WUTe=`TZ1p(?l37p6N>#WD)L2<o_T=ye{;>ROT$F%~#Fb9`|;~FWCrn zpaUCV$SXQqS2iRc3yK}inc#nlOSvL zXb_CO*ORe=-@JCbv#xZ+!_RijseI>4yykU(`KDdxv385(Wv>G`%Fp z?j`BZ@Ai}_9E(S;7svHpbep=Sv>Wd8<7ZDlzK(`;-W;dNd1R6UD*hj%vE3&Og0gMD z%_GW2+Go0tc;R(Q4-I#E>);Z`^j7)(5Tx)(I0kzWn_3|MLe~{Rb|e5*w7v2@CA&#- zFiqj{Eq+@UYR@2r6S8{tgsdU~;M!ZOkU+_ZtOOK|+{vmnPbHNv-Sn!hD!F*)YY1(; zQK-_u=Fy_-Xl;`6b9)#5G_Q3Y>F6cv4pn&x_dibFIXQKoXgctkeUYE@e)^!inf~F< z*_h>5pRn!esIsBYXLH}eq^h>~o$mLmT-Z0`&R5%MwD)FW47@6%XKGz9Z-vzXMQ?eZJ}i6?yNpoY$+iaY5n_WVSYVn z-EDH_EwaiADWYEG6R9ddbQPm^6))@Am_n82O4x9txr3+|PX_zs6Wr~p z`yz(Cuk~k(_67_&jD9@2TXP0pHLFZT=*|UcBVS=TAHR8lo^n>_p)uMV7D1mhDPMY4 z_YUR>zkPY;xqNBnE-k|{Qd>;Tf1ooP@7m7h9;zcd``{)Zf~=rRgT_KZyDT~c$OBJ_ zPhr}dL#M2YK4*RkGl>W@?f;`}6mW~llpYGEjQ_E**Ky*1>~1ah|Ajo3psZh!x#v&( zs!X~e1-mQe4C5{MW$Maw%n(k-S9E6m#yngyGDI8RpZJSIcv`7e)hafcK$o zK%0HANnE2xx@ZXP$=1N1Mss3$w+3vE-@KvGdmOPu*HL;-6TtIsjj{(Lr;LbU$HS=D z+IgCf%(VW+rZA)Z-}aU*|93iDOZ?Y`JTpOPFV65I=MFKn4GRpT0^cpUo6lqc#u0q3 z#wN^h&Ud3HMJnyOFsOF%#rx$E+BrOme)Siw9naRuBXE&=ggO@|wKycLuak9C!I*m= zDL&?^{Boegi|#Xh_n7vrscE}2y`fH_na)G6&ijAn!T&>UJd?K#l=1(K-5p#0+u7J% z^8ZCV1@fNg^=glxm(9g)_1dTr^elVqzZ;YWj|=n1rs;cr5Lr zWE$SXn9Olf&EEjU0NPp9)@4}!*f_cmJ!zNE+@4v_|5ac>%Jly`n>PR7*xcJ$^8ZCV zv!4HTzR%shuRGuZEB1inq$j-0nfc^bbgG!Mgg;8->$o3X>gXLS-Y|7FyKma zA?FjCEkcz$4+KHtF?Y?sh=!mM9)c6-_zDS=&gyA0dLE9#^SB?6<4C|m1mxi5OZ@Wy z>jjT65u_SUAQ=>5-2De+OLC2g033E2I;I1DT_ML& z3Md>5#z6XB!wi@V*(l-&%3(ublTT5<&+bYiS$grYC(xSt%xG zeT_Hk($Zsv{E(#QaSy?4IN}Dj6%iH0Rgl%0R(A?;jfGY!tc(Dx;|K8mMMHEkJ-#AO zuIZkc_Wz1;pi1`t?Tu~M|95kF{#(fNmW!JD$ z%!9F{)e5julfc5@Gpyb^6R#k;7hPvRa@Z+y9%gY@VA@n4O(B5Zc>~i_&{QZb!j~@| z9fBUY#tkhtt%k$(2V_o`USntZHUFZ^SlrsG0p`R*ZNQ3|a42$xMvUE8XZ7$_H; zx~=C`AdDf6C2CdGtdmnVUj+5oo?SGxA=iE323(J8MpMS>Lq&^Y{Mb^M5d255V&v3i$3+Kk_SkO69+8 zJO0DY=I+w|b0JS*{MYYVduIGs5$VgF8*pwGsOqSRVZq=8pmNZUuA{ybb8@4@D%@n> z{4+wtvX}6OoVs?PSS_%oWdp<@H}X@+*6a*Z&rLw$}gl?#2@T zc_Gh=Z!gDCcsy+4W3lNoLy~u%S(NdX93jO>Dz_|~$3w}`BefON zuBg_G)r+Zq8E0d-GF4`F0yC6k+}M3Os^7gYrq!YvE`sB3SV*lZ{q0LUxhmYhU*4gCQuBtO7kkey0?lzuR{!GZ|r_(<4I zlPuGF1w3e5j#TR&a%H*LYD8Z;VaOzB$}A5hqDRBKL&xw&tPLMrLj0rjc=a#xLJPBn`l%xpEvGT!o7gIW|PKuSQ4%?W;@N1Oru z0Rl+OoodbEw=~}^`6mxtm!u*l;e>|}(_@BJtY4?P=Db!)jS~!SP?Xc5nyp?`jPOtj zbqN+!v*lfxYV9teG}mpV5O<59+H3ZblRuAYvy2Cz8sy^K+_!q1#6LMv5^;))n*bRU zu@coa9v{_(8~iN~D0#yrD3nLUPL7tCb*k6Pt-GUJR2Q=Cs{Fd{RH@JTMz$YL!M2_^ zuN_|=wKQ9V%5o8l<%k*}+C*5q%siHd_aq5uc;XAr8zcdA?y(8q(wJio)%o46W(dut zBLRSk))+VYo`lk`Ae}<#2q91?_T3V82dpUT^1uVLJ=1VLlWOiHl0!9qBS$YJM%jgQ>6ndbjM-X=Y%kR+ zOsrdmhw8bAs&k?m{F^*Q+!FXOccQ1D+KE(Akd>amxT&oOu}Lr+imWX9W);EINA)o7 zSE89yt)upq<)c(XAXF}0V+42LfJiS2)Kfn7IiG+uu9AuFjWURCG#+D|ta;F0pK1-! zxHKOJ$A=j->r7jAPfz|Pl%Yw4s8`Uy)Y1ZmS={UXsY{Cd;Dxya+LOzJn`HqgP zIybe7huW%4bIshls>X)^pJIWN-U=v4F6Gt)dH)iRi0rM_0F zAGWVGPYiznCe@nX#*AdoM76XW&dY94t?Z0vo+2|*ji!$v#Pul?M-6c|q+6kWmeHur zOFcy+W}=z{<>s?)gKC-jf&03Ue>haniGR#YHSTB32j5?SLA93pL098o0)o--@>6tv zl_Vd#`aLkV!=Sn_b-i}XM71=WAgmTxTx8Qr$vKs?F51kUksL0H0Bm)ubB1 zHs-P%XQEmGp)i$F7l2UoW*AiaQ%}{5xl--)dm+^`^!sd7C%v9LpPb|Q#MWQyRC`iS zN%*W(*VtuH^YInzGUD<$S5!5q)>1#{F2m`75eH3J3SZLP)#y*X_|+)Rt-nr^vDb*f zqFPTqQ+Llqbyj8}Vo)t^k>)V9XQZ0NCCSZgQO%>6Jn*>@^&A(Ie(rKKsn$}@NcoIZ zCuw*In_SM(z@l1D{c!X8I_$^2B3ad-x+Ha-X3R!4Xp_3Rr$(!<{izqv`ItNrjsXYB zt6wmwwo@-s4pH_YEpEr1e|g8PwZM+wFxlc4z1+v}6)Ohy+sCqWl8iv}o%n8WX0d9K zRI6)J%dqH{9LP`7iU{tS0l-keBxQ+BzCcl;!d4d`Js2X4)}Sf$*DlraY-Jb3Zj%_s z#-}SD zC!I!vi?{m?fnWr#5QqydW*M9`M081@VN3>TN2{K-i3`N<{;}AiadNj%O>R{SUO<*w1t-4xgx1N2)of>Obt%&VB8(}e6RUjq%(h?f<_tUBS+;uE*W4=n%} zSLlC2IL&WZ6ZQi#WFXAmS~Q!^oH@aZM{Q|H=9Z9hMqQ4rSZ4e_XTuVF<9AFnno-pe^~Xw3f7<_zn!p8>Z5VNehLc|s2VenO58 zUJ*bAV(igE;Pf;Fh;N0T=>G=cZ^;msa70^z!qd1-`y{=bP@%t_G27pO7a8y(0}Q8m zH6HYRb6T-t7zw^}Gej|Kb;2wAOpRs02MzqE$%D+OBcWUxD=W(I{(?@J>0Eo0UyP>GJB?C?ew;PQBeT>DDfB_d)rvZOQ%V{_k)*ja6_8hcPYma3nE#iU6;tB@(y7{^%-fnN@Im^W!uD8)_EQlB_*m zt5XJtbJfb&hnNoCk92kOZ=yWWp{hWLGE$|ylrAW``KbaM`l8_W_{ba@mVvV|sW|&Z zo9EZb5aI!tFF8;cS|=O9ALOeGGYu?=V#D1kO9q%pz_XowAlkcQ0 zoEDG8Z)YYGNRux4#;91cLXz(aZG2=ZWmBVGnFcHBJ(z^ZUw%`I+|Swzr2;NGa)_6-|XH|z0j`ow3qsgnS5PxC8g4NFM-s~?p(JBQG7*HxwECs zr!6i3K660|)jZd%C7_u~q3;^Y0~3G6l9_-blxm$pTyYfHEV~v;8l{sJ@=p+$CwQ<- zBf5VM08x?q9&=ey(yH8I@hF#&eiU9u?5K-pS=zT*7hsF9=baAo$Sx%Mw%u4`Cv;_tJK$AtELwX3~XmQ@_ z1wicUY`4CH30IJaPCQNjGo}95yvHih2$tdh?ru5w-8g$FXp!{V`32^6gx=l8l-!1cWSB>MT((c;gXKkKZ{0Do|6BAtjRYm zrbsB-0!sM*W@m5Hj{m)}#Q$5&;|6E)qeR?Ktk)`h|NdEbHO^gu1^YR0DaZG5q0({D z@hz|pUD@dmtW{8g$+JED+85i_4(KXkvzF6tYu|Dd{>N;a$ZGD`=}7 zXOye{oY<=m885Zd5T-l}jF*~IY2|pS56$_O4?I)u|4PwO!5XB*{$p!zW6zHNzP+); z|6jGD;nJBsO4Sni>PV^fHMNC zdU4it5}aFT_Q?BVtr0o+XZkeIZ>I}#s$@=Pc8y(@7XiQQtn#Y7EH_V>8#m9RjWKVqg5YKfMrg&K8L$kXE^MMhSzFXMXAScUYxx?cy%a05N4G5Lz)cswU>n9 zUGflR&imtVe6=sx4DyBCs!om%p5H@#?BdJmP`bj?OSZHPE>i`ji0H)xBnVWlXZg9X zDxiULue@p%a!^q*WQczW4#)_3|H}M5E zsZ>>qwNOQh$~Kc$tpEW)ii(8<6${J3F#dd`3wP$gr*7}BkDP{Rvxa7bw?rg^yBMjNF}M`G&zs-GY4G3 z{}_$UW5@{4AML9s?2oU0Ge5aygFR?Gj>G(M3fFNo7~Y7fVFrs8GF9Luqe08daC$YvZZV$z4@lBrM1^MUk*6_f#WO zS1n$*l2=t2w)389j9gW#(rnRHO}c@)ry@O1Zaq`$|EIP88)wpS5uKIJSu}U=ZBUv0 z-?kn9d24HPr?b5OS;WI9C|J-I?qZT_sGvS1uxvu`8_kVpZJe>Kk55tUEX@MJr1g6? zRXn#q#;p2JyAt{utxRC$ahC(MG)=JQPd?2OB6{s+9~U*vtf z_omjFMpAa&)Y&VYTo1hje%H^G{Qvcv)5DY2`180*9cBD~Ypdh(|E2%WLLLun19$|I zECz2g33Y*3i+xn}XTnYT?~-efgX1Gi3MeOZQ427Uj7V&q^JFqs0I&kNBw^xTs{xQE z(dSVDU?Cz8hjzT6VqlK|P|bd$E;3I0yq}y?h6(O;%(wdO;lYbnhpjx5Q0=!!zJi3WCQyD!P zjp^8gJzB9UuZP$0%%T1qIv(F-|CxjeXgv={4BRcIB*Dhb6SaPf zWqL8XxxV9?LOY8F^yPEl&6M9a{|c_>JFSgiqv@lB<_nb9`#yQM#?Fvy?+uf2D-GR# zsI&okZ;?)1erdP~P?YJ4NL#oDIA4@LK>2{@-P$CJ@TJJf;EGV|RI|_j!}LP)(*Muk z|Jm8v-mv-qUT3NQU&!+S`v0Zk|KT?szH{gt7nvaf0czLA%=^8UNq&lNK)L5+1@ED` za9D=`!wAPA1pW($FZ|;ZD7gO9c=UZfv*Eu~y8|fm|KGCx|2Fq_cb53i3wd<@ZG*Qg z75M*oetMRZ6%d#UX2O8JMbBvtOgP0<76q?`2j$?5ashBD^L*R?fr8!ND^voW+il{@*G=6o`5nC7%h>&i0^%|^f3XUhG*vhEL_694~= z?X4Z#|9@w9dH!3-W1EpqdA!q20ha1LpL%av)n0u^Nk@~`)D!bDYwFrCzTp+PQA%~% zyC$5qnomd*k6O+5!YVy*tl|Csl`eH&Qk1LZtW^siOt<25UW{A2@X4I9Zp~ZMtzD@% zp;$OQ`$*ATIcFtC^YNUT8qEQ8Msk#AXtf!koJ41=IM;jBr9*tBE5S!nu21QV6e?%a zvT@?>iJ+*FaH+CcC4wg?+*vK> z>KREY^SYjgEKug2J!=yjN9yT1*7dQTl`y|Ud7(I7OrhW3yegT}F#Y$SRh;eqkB6(9 zG5*8mwj2LpYh$VZTg2nPEa1*}d741`qEPtiEwz0QaZg%2gmrPk3$o{4Dpv9Sx5~{2 z1F+qLeh*yu;hrh^{~2A2a3XAtN3+|1>}|UCAItln#XMiWv>%h}c(9K#f+1=qT!ue` z(5+Oyqul6m8<%7IapUmwNJPX279@OlaJsY_JY67yT;=ogKqchH$%={Va68iM_!eTN z47+4^3;&D!Vz$Ipfw(ec`U<>W8h?r;|9cYYOD0J+FJs5cMum~HSwZvU z0`ok~QFnPPoaZwi|KH+0pw$0s$M*l)-0Lj$e+zjY*#CFALCnJqcz&D26tyog+?LPs TSw73>TYUaME0C6T0Ng78SOUV! literal 0 HcmV?d00001 diff --git a/released/assets/rancher-monitoring/rancher-monitoring-9.4.201.tgz b/released/assets/rancher-monitoring/rancher-monitoring-9.4.201.tgz new file mode 100644 index 0000000000000000000000000000000000000000..c32b52596777aca51cf88f22baeef5f88297a7ac GIT binary patch literal 221201 zcmV(-K-|9{iwFSL@Z4Vj1MI!)dfP^pDB6EpPk|%#Y+G&t6e-IWb*Il(WGC(E*wK-k z-S zwEqz7-Z>-el2i9)8(|+3N{2|!BiwR!!^H0A2gJhOW2g$Ub zCdJ-b5QM=ro+Nw0*}Rv8Fy}G}CrO#7{Q_PF!FiGwX*S&pI?=PJ{g|HR$t)`nc`o;Y z)3Tfud#x6Jo==l9DZ>6~oC6{i&>$Wq(J0GC<0PJ?MbytGE$X44O$TX7{o;qmIP7a4 zHA<#&Z=4Jq&}MlCAe|=jBAjM}Buw7Vvb;=kAHa6hZbzMk06Luj7?U|*|7A2v%hP!; zO0(8!GM)(JRS0p+moj7nbfY{T#?#mbW;c2gEnY17WVPY7v5wrlFo4Ii+LCml$IHw|g^=lgI2Jjxk%fWp7N#QhO+yK5qcy##*VWa+U0N2a1Klp@TVfWXC>TIVtPV)0l zx0PmqYeNP{a(^)SY-eN9csGRmlb@05I5&jzlb#iKj2puDDbI{E#0^e!=W~+n`d~MK z_;V2M&TS}n=TnpJ&P{1|=Mxj}j*ErAHe>ux^3x#y9sGU&&DSr#`S$B*ayPrMT>k4k ze%gLqk^i>aJ3IIC-{<(*2o6r;=_nazqqY6<7^IsLk6+NIr$sOX<~{)CKA6vnGEd@3 zaA?^5;M-Y}$AC2f9qHgAg${a25Dx~)ASg5VE-i={L~Cms8^OE7xPJz8JNTZ-N3gy9 zBha1>?02~RG;BYIMjOFCe!Uj*zwnJ6Zl9%#A0HaQi3KJUN>E}F%F+Tjlh!0Iplz$5 z>A2#a$S9jZTm*4oPm1}$LK0GnXFL}Ip!H%Nx@d|bL+ zrc(fI+Q)aZadrt)?OpPM(HO7*N692RPlB!kdnRzS`XG-@=d-Y%4_HUj4dUrwL0j9# z0Ms-$GjX0|It_;LIXusX!A~$Rm@H5S`ugDLMKDP7q>tntr%#iC&6k%&WcII^&rnnj zhR{*BN%rb)(Q|WS%HMQH!S6IHVeGrXA>1MOCQzBbppGr^3eKLv0%nt0HbwOnpd>8m zG&uUl%b-7=BSsXBpv6JgaOn-hz{KKGhbfSu4+?7Qj`gsM%v9q9Nvq+^kYT}N@*Vdt5*oDR=-^Cgu|t^l`@ZIdnTRQJ47-Sp1wK*Szg_+HW>^-f7- ze?6Wh{U{wxvpjhN+)y!#`^j-KCL}Mq0g$Wncsx(|C=rN70;hziL3bFBi=>N3SdMxW zyv4IjpV0Bh=Y4=|0WlC{GNb?};1B~kVgwm=(4AJ{gOi;mTzrcqE|g#bRwlXF^2|NDX_ZhH_K2YlQx9nEtk5bo6ac|1!@ zix{~*oR91t@Qp<_&--xIWb?8}2RubHLk15XT?TRP5X*G>mmnR&xkVBjOp|0lboev| ziV0Xyop#Heb$w`Aw*uyz$74G>9O`1;KgFv8p|T$kR0z<#;Hysid{w{%k#@#rpM^Nm z%s01qF2!j!hy8-vHei02cRQQW@&KWQnZur3P%BZ$I+>PR`?L$=C$TlEA2d*%{mo1HvYln2W+kFZW-(ehGY{CHP%cP~u+p<2)L~ z#c3~#@e(SMIPagD)77P;NkEiKBtzZkdq%9$IP1mZDDTDn2nQjM zB3}P)@K7M$3%Wp}lkR2|yu!mdMtL%V#iKvJ%5q$yE+V$< z!j{b0MFBof=2P6{Oi3zWV40pLp4td}n0Qp#Yi-JakGBmdlr|jEiw6gC%9cEpDOU`Zi zIgp5!fR`V;(W?^He}+sfT;rCd{Z$aIaXspoCj3=PQO-p)WTBL^z^?!G_}e#z37nx` z10>}JCLx=8bk^XTVuiAnz?4nWk_DV@!{vua=uq}8q3e!hC4;N*=Ns|ysb@6r8b~bH z1t)Pf#uey_cJM^r6j2FpXzkrmc~y?MEmQhzIK=0Q!mwCbKHw*($#`bO0p|8EV&Lwv z!-9C~95pgIfRrJM0FR6eN{;-H!-=|Vr~!DH0F@^IQZhAsuzrI`%Ni><5Xt)(9uvz6 zm^6<2X9B9xen6M@Q`8`#`v5Xoifb-E+pGtf<>@(o4tF77OP&Jeo~JS1iFr1d_i-GU zHk@x3>IfC&C^8~POfFyW^pCik%Pvi93&kQFZJgp&%=hlR%qAdzz)2fl;-LrWj?`Yb z#7I*>?70lm3F_tumxbBoliGkG-RUTuzVG7g{QgqULrs9yV{mawx-nkIv|zbeR?D2N zZlD}2yy}W3Pnh$Tu6WU+f#u4UH6~trHqS`|XNZh}DJ8lviO)!)f<{Fuq?Bl=0QsN@ zzIz3q=GlCN5(v+XFy)lCxtRB6F-+=V5{)87_6G$w+%!_NzaBDK7;6k$1bjMRG@(KF z+4i$-AfY1fbnzj|MO_khc#^2)?2`1D!~>p~Mfq;Q++i0a%8Sz!t~r$~E>06UR=WPu zlyPASgl?9lL|C`1r~^oLfzky^ODJz9MOo;Ls{Pn`@oW%LGhZO&$?a@!Z+CBwHxAjm z0qR&>vAUhRM;i;{?+$Y=lHM|`si>uHgE&rCE91`d?dRKz=qB<<@ZG_yy zKq>~w6xzz=iqy-erT?1sctcRS6A{@kVIrxd5z2r3;N$VcPQVF*qBuZO(q0Z)YMId zUFY&7DAO#GR#6|Wa~jW>m9aINmsA7TJ)rA_P9p%N@cGEF#4EQD3;%i7??5?Opj7~zueuaI-l#<7&eoTBdJ-{8knpicy$a*J zb)Gv!2AdBvBp*mos>*s&;PR%dpc$-4K|rz7>D<*28^b2t7So%VQLLJ1k32v^Kq_b& z4yHwSPbC({DSaQ$(vS@#*h1F8yrnPt#>5n=hHF7*_-ve%_}alBd1^5UFbFBii?m?r z*k5M5fQ4i72_9BNYQQT|-48a+Y&~)9s!5my_k5i7gM_SOOPdtN#J0R0u^$a>>|LRg zRA#Vi7vZ>sTOt|pZPh(WR6&3eF`JRR6(cUt$)t1mJ+UQa8I$H6 zx{*N_lB>TK9^!wP88zvL9A^JFMZh=d_`4!0{+^5{yz>O45hINu4`fZ`+(0OY=fEm~ zSe|8PY$--_!jae!(9lM91ZG9Xp6STJ3|OC2mXoJ!OGoIlDW2bWG_vxlu}b6sFwiaQ zlI7l2i4aIw|_0jSFaz`}h5esY-fFZ;}!bJx_S5Y^sW0&SWM zQ>%iCXMpfAv%hT0gW=TWMOZE$x&d0-NFOmqUA3~B%o(Hn9E_k<#uw0l`E@uX=$4|$ z-4(l@1r8d4JU&8orrLv?&tw_8q?AXcm}|AOeXx3v975oGG$5b>Scjf!FI#G8?8eR> zMB+&D?esg-@-MLP7dWLYUM#dqDIIih+Bw~XxM)g1wF&l)`{Y}E87Kpe@Cz~pXBC~x zwP^_#;y%d3{du02m*{Pfyf3?=LCb(b8i~-ecqn#ue_7Ax)BWO2Ha*I+a(ypYM|I}< zR>04JVC47^*v;+rkIeGsK+fQdJJwFpkwO9hKnzL`PlVz zWKCixlTcTwl{HE~EY}S(m@b-^Re%CKMh^)TMHE1XA1C^Cczjqy!FQyw!>cSFU&NO< zScW1pTByia$dtwXmTk(8vKH5#n7-pfaTFR~`g-6*c_20Lcspw}(2H3NBTzC8FKNYa zK~SRx=m%Q_lZQx$y5($)+@qyEvEKdSaX{ElkO%*^ z|N0v<%Y_K)C{cVz2vp9g=AX5t7pECYqrg9#uY@LjpC-W4k+z$eM?TW=G@D*dvU#DO z*(=i;j*Gf?io%8hCo+pH&chV-KA@>0IH`8+D)w=u=#oJe0wx~_7a?-Jc4D;Ps3&0( zXaTk}PSEaa`ec0wYJ*{YPH`Jq!z1?^I{fS(z6#i5Yb)r@OCphowk_RWQQy;vF_%-y zv=oqmh!U~i?xYBZP$5l-VvdpeU^vj={;^Jn)I8lcAgUh1QR}KoVeGZ7F3qFXfz)=E(AHgx1tLQ}#%=57m&S<@Io1!dh!HwGQcaGyNTJToy z+qk-_EF&-K6VjG?$wLb`$?-TFsc8ioAw^auw21>puiGyss7h@7ysr6bYz90P5TVPE zC;!^?-q_fP6??%V9ZchQaz_>6=p5#3zll)j&M2PKxma80?Z#e28VUUU8HbG=pumitmFl|(u+l|A zmpNnER>Nh;8tg+CRZvnSH_~1@Rgr9v_2($HGJz(iPa3;$830%t@`7gMLiv9X0tUf9 z(5rP?F&vuXxLUP$SP`ee_8YAst-tYMNc*^8`f(m#NWd{(!N^Ua&zaws^Q#k_ES~ki zvVh>?G&zAS&BA_fcemHu?e9E(63t+@&yq`EF9twe!azZTUmdu@pbBZ|qRRxhJmK`P z55~dsVw`3`PU7U;JnN;!B+mP1@F0PY;OLIhc$&|9Y4$%y_yA`IJ0fw~`p#`mQyiTE z(wwGeMblUM&VE(&v$Fi3`IFwI*ODHC{M@^=O+mcQigA1%oyLQoPt)YQVTAv?Oh=b_ zwzlxBi3=*O#Z4&gRbMSc9~1NSJbD~;w%cpJ_SJR&a|b^S{GZs~?{19i=YM(nWPA5M z|I6q2Y1n_bazkTzxQj8a;Qt@*Zg;Bje>=O|_x%6o_}MUGrR6}0&)F9}-rAZm?O{-u zv8S;RYGTITRjvzkJL{h{hU#5)MQQwAI#p8C*!QM7623LsJXVnvUeKU2Pgj9r?!AU* z?AeHJc^KU0`s}|G&a$z0^e z^|Yu(a<)a(RIuc14e$<*g~$;Cfct06dFPrj7d54&H0wng__F0%A6lCx3|96XFw&|e zC3FnvGnq&bdNQ%Qm}Qn0b!}B5wDOs+d}i&HLluxqOFeGxI)vxb#=+^Enpy( zgDnfk>RLN*0@!otxn(G~*ViUM`L6Eqe3K#Sy-?@XOcsq@E9r21A0+1?k&77zz!!^> zVr=rUE)u23N>b0`JVkYRBkHSJYmg4f#kp)!I+T~Qgm>W6MbtA*l0WOn)EFecWnJIR z6ZVUNKJaEzq^fueu0*O#kiFPXoOQ9*g9Vof0!CPmACfkSnc_+u!|z-SZs7kT+~V(n2>T+HDAz4#3NUryln{}-BmFZB1-iK}6Kg-YmZhL3DlK-duboc4w`}6-f zem1JgcNVVK)?T@?OqHI=rZQ`68YhM|>s9BVSVbF~L>M#o9ghygd=d*z}~nj0i#oC1o) zy=-1O4DD8JYgrKh@SMEK%4E+~NnOMw8cvcNZV$AYG^arlx5q7tV*w_a8j{i?XYV=u z9Im7>#pX*+6i=YOcZKLr(sJYN7wpCa1qpSZ0qccI<`$5vJI=&sb!Yin;ab^8t6B=Nz3(>%FZjkW@$Gw&v_ zKPg5}i@yjg?uI@K^_e1&hd(w8-<2q2o34OG#;JLQ(`kH@E2qdgbj;rav}2$`aOP(7 zd{jMje3IyX$|-?g5ol(-1M7}E#ksaaNk=?vIcuAFIk)xwdH zLmkq+tc2u{$?lLiHP0WMI3VL!3q8*%+T1#(?|I9wKBKaj{oK7pK-g^bRa*WP@oB4n zDC%#`>UWJ1v%&R0a`oQV_zXivGMd@KuL$7~*~v$q0%R8=JGy_H%R_^1?&Q{Rd%PMI zx!u(#*qs%nXGjZj=sx13z!^U5{;hE7|4q!763zX*n^{SM(TL(53|qVpN#WC+*cbF!v7V< z%sh+UBdE`#_iJmK{Pejx!k-#XHA6A*v6*YvUT?=_5#h*`;-zRvO`O4;0}U25=RlT9 zq~;h6D{R1Xo%a$Ne@H^^WuHDz^G@XzWC}(BCz;tIt^&3WBbE(O_ ziVNOFaVmP>br9nTBgRt)F=7+wJk@$E20OO`yCjGNEN)WpK*2=#Z(oqm1~kVRWtT^J zvS1V^WLM%1VMptH=$1HT@ba2ry%;K3JD5L4A-g!0C!rIj=Vl>%H8f#hc=J;r9Fk&; z6qIB?{XUQ$p`NUaVDjmL-6v0TH@?f~2h!piY zcg?LRLB*P5Y5?=dC+Rd1J%b`I_Kvc>#IS1sAO;kpg4<-0koI1q8fIwjZlr*)-^5-V zxRjF>L+=jAl$ZW&5<}B@`Z5`!Qbhz~+>K^_fRc2yNNsUKyun7__7_5bETx1!>Q6oL z;TMGY$XI6feKCRJ(7>_#O% zPp(-nlZ}(Ige+C?8}Wyffkrd*Hm6k&K6KaXCXe;5fvl4B;zM9^N>u2XO%(uNt}hD8 zSnu+rmuJ%Z5F9Y=RauHG=3XAmddm5Qc~TFK;2y9!>sW!RX%jz4vc6?tnKYemGfgqZ zDGNUY`zC|uVo)i!r@qEOJ@2g#K;4T#>wn;AKb$7ybmnB3e^>wFuDlnV#6PN#zYS|Q37LXq`!25Xs+92}AnDLbXf!20&Il0-yvL3u7WaZ$`Cd;sahn3zU4Qh0gc z0m%nq73n1JbQfk-`QnNkL`_LszG%un081(MoQBvcXGIr{N4Z^A*^(JWV}9UFUl~VC zFWwDW$GUS2UBDEO?WVW-AepMFV62`A z9+x~FVRnc(_zBZ?WvoF$Z&1Q}H-UuYh4T_2uA-lmXQyQ$W2$V=8 zn$5>!P4ES1KzSGO86YV>BrX6Z{}31g4QC_zzi8@kaoa2yF!HP6o2)$K@b@c$v4xuu zm?QI-E9u_`7{@*lbd7gLSBhZNU7#;CqlwH+B#6GvRAurrNM(&n zb!NLmK5to}O^4-)ZFvvZq)@By(VQX4^(A+Uyj0I(Q#H*S0%1}rU1RJ+x8m9j$K{L& ztB>gxQ@j3V_?Jz-|IzFw%@^{VUC=5R&n z%TI!_)fzerfcm7EyCMvq1cO%``))CL>7XoVzpffG`N}9z;$&XAqLe||-&j8zcOCHSPG&ekqqTmd9JyJDH zgTL?lYz-xb9kXU7Bi78ZRidRs`7B|Y2y!(Pd-c>77>Y|Nht*KzTeFi_%WI2(Q7L`h zbrZIcit2|fKMVKCxkZ9qrrE_bcm=W&?jh+==2Oi*t7*8uc8i0p{eT*UugRgLlBHbE zGKpDdQQ+y_A-`%ia!F z;8#!p_=r_|c*s#*yDZKO{gf(erOZ`*M8s`F3f|#+KMt)w&gKL0W+D#Kad}EGwR0kd z)a)WGF}Vk=PpIg(0l=InFzmIsxwf`HCNm+rWREYmOqL`)vSfjTc^6&<2un~*@(CzmSYLW`Bwl2mRcdVVvFRS~ zazv;p2iEL00o~z>P#7i9zu_F|f>ltmx}0D}$M=c&kjmOsijKL(z~qd@AgEvp6k_?= z_(XCm^(g1*-7LcdA1NJ@_W=@VPcdIrozeeLCT;Du+nr6Hx-eBDI_qo@D`Tye-qF=k z_CikbCtjDRPbugC!&6yBvUmp-72FWbo9qf>F*eOfP)~8HL`|J~1$%32?MQh9Mm$U- z*@;?Dl4;*j{@iH;T(Zix0XV zqP(wHexP?g@W+d)@~PVcEcW)Fw}fNPn@bG?sSr~nc~`+@B&mq;hNFuDty?2vca2kI zmmC4e!$5d7PjKnF9H@l-yBgg|Jf<*#fwF12Nki=vtaeH?F*_sdBU`pjvUheb`a3Vl zeqbS^n+lx(=nu=@x{71tmqBh`X6~6_3|r~R)WD`6n^*PiH^-ED!DU5CQ#nuqYbF1j zc(Q?TmWf1(I0U!rBts4w#o8?rE5^eRlaHdA+y7)ip=L= ziVV-$dteu^)q(}~Nuq*I?kZ@VLK57q8H6Vi2P_fEf@vcd{G1W(e*dcN0At>Pi#=vx>bd5b%nR~8MPg*OrdK#ckwaAQ;C^~TC zEFOphorNVr`t-ez+^?4+x4)Y{FSljRGVpK65aaeuKqk^sH*647u9m~c`LKGVRoOj9 zA0z%o^rTED$rjeM!ojI1k1J`SpA1@>F43Zj5;$|?a)d%;^i9%N@-GxZhUtBSgMIP! zf#%WLW5OjkO+GT=?(x~i=4!zcBb74+ME;;nYwFgex!!Wy@N}XmYZB?z#&&~?m#vm6Hh>{`>dA}qFEZWA(TPaO3YYIV1I)J`*a>( zCjD52OLHoXu@&`q?8*uoI>u?SvlhD%tSHUYy%XP11a-mS<5-ahdYpA?b8w}RqwimBhF0v94J@BStoEr|gI z%J=S+V`M2;)i4_msJ^ZvMr)C(gbTJy`2m!bRZM2#_Z=#kN-4`yx^)@+IJRphx#^9w zp4uWwtu!#Z>H5170S;juLealERi>iJfS0Jm+Z`81(Alm8Bg$9voEGtwRib%WH$uSV zT1+h^-SI5$;@pQyMf8u@3TCY0DU#$`nUz-Ee!tJ9;l#R`6g!L_6_`7uwRu&Jp6di< zZRiHr#vG>UgTtQgY_e!#5^ALZY!2vv8 zfMgEq7id+zmG) zwn^2cWjxZFT}@^s4MGc!@g1;Qh3MtuOGCDdQ;~2W75KL3g40r~YD1F%4Y+|~Na zLM$0^Ny-6}{4Lm@a$r5C=?4rQWT}*9-7+Eo-ki`$YEV`^;i_w8aD6LKrn7RLxf4Pr zZ?)A{KuE2DJ#uBAVTu<9DjCRb2Gh>0PM(Zoi+#!bL$|!9k!KfsouVj>K+wW2&MU|F zGLsHt&y-YD#0(SrWAY#nTW7c#(RH(_M7m8()by7M}w`Ye6sOxI3ihzBop%*YGg=AH^BUU&=HeA{krt=c<Jm1+M>Q}~rm_}M$$pj#1EvOE;6-RB)iOt`Q|*CUt=8&94-+1*q%5Aep}82O(- z?{1v)0q;Du*)SEm-N^K}W>qM>gIeq?ck+*rRl#B*q24W9q`C^pBp!-Qd`}a>Ig!Fh zyFpCHlDdT-lx+ko6Kpn+Qrcs&{OJL({jHh2e>9dYN}`!w>B1H%Ak0}c6}#aKEG~;a zf#sS3NFP!V9LcH3Y@}Qu%C5F7I)|3+7rKPJ!3689``)Ei*jFd%#_XRy&b{-mb+yHk>xFNg>BUn8RNZ|xj-~y*3Z@!EoiFThHC1rSzB=*9B?|? zfhPOh9Y+sirk zLZ;njO#@dTw1K$tg@%S6et#hH>h}#6V9PAS#BiosWy_=HjLE_ZZPi>P+>qz}pK9*jlL$8%s1wK>sD;t)}pMQp$s!eN0E`EQibCzoeuV#E#MtkgOOrfEn36fc4v3+tP^&gbUNYV{_b}8Y|z;acZN@U z@lNtQ?mzCebp5{0v-zxO6|{NIX!;%mW@w-_Sn{IvI>kht*|3ZbfC|sc1dG6&!F9AU z+{5DS4qY3iIf3MH(`bT??fSaC8r^INX(i2VS}| zaNzvuzG_@Ui>0>RRm(o;h1Y1kEkj7D9=B@8swj{1=Gsbo!4%jOEKHM_njgHy9EP$d z1(GUTdb6$47uPvR7(F{LR+`lkB-EI3q^Hb=l9@ESz=|)Y=}bxZ;rCp0{*=Au)IBCP zBv9|#8jTMKr)?;IDmF&F2Mvj3iZ1mGDRZSpzsLn8blfYk>dax!r-9Q)kPMIko;cgGl;|l@b7rv@dh4CUI&S8!z!q# zh{lx5r1N0!myErbu}NYwLx`fVO(gS7jEyFC5YzCHEs2do=*dDp)?8W?zxr}MnK>#Y zH#18@mIu}lQQMbOk~7 zniEWj9UAQ`<_NNJSsk^he`Ds3S|Rj5C0zu`z?1+QIEWO%?209jCgCKE75@WmM(gIN ze!QIXj+>O2`Y8*BY0S+p9cDG%B9~`3Ak(5f9q`T zw4dJBfBPIi4g1eg!*^H!dg=Y&={#v~@0k0){q!l_|Lyzx|FisTn5b?E7B|7R)%(7}c3E#MwEWh(G? zSyibb93RrEfi%3^Az9uOxn29Dv!fFfIZdgbYuD*EvI{$6gk5oD^yCnFh=<=o-flRCK&=mm4xFDx(L5W0j?Hw=LFxjiel_ELAALvZ1^aekp`WVa>-@w zbqEigCjI!p@1!4_x7Wd0?EKfqRiMY1SK~90YLjZ@W=F$h8TmaO4KWVvzj*!GR(U}( zl+|eY(@%LRUU`P$J8^c{=ln4Tc`{(X`oe3NP7BzsJUKo~XWu7zI=sB$-N7qrY_h)! zj#M+nthQ54g!Hzz?)?TW+n|58Yu(AiT;Bis3%2|vHZCH&P0<*z0Ebbb#s@@kRe$_)ouXzvP4Y($R# zn8#zJkd65S>dL}HKdX2;mAE9wg~rovl0LDEo(Ns>O~78>eEaq#>Z^SHT`K9+orF|e zXRaDF)0`z5DX**RgV{BtB&S(inSA_{1L|bD3=&XVYmiPT z@Qm%B#^Hu`=53shl2SZj?7;1){Umy#!pVY0>s2T?qdbOS^a_k1DQ)H^4EyGFM4T`# zb~pmQs%#K<%w;BMK9sD4^Ah+U_o=9`6r@09<_1i2atc%53*uhC-PwUBlS^swDDrHfdmsk*E(aYm;RvmPll$9rz3VdA$+Ix?Y7W0p=G+#&NUh?Xh}6Hoc=mRe5FEipp~*m7+`7IelP-)H{E=uComf zzctj?$`I*9JAl7AonjB;`GI1nI|dhab&!}ak(zy{mWvAi>ZG}I?2zu$^nE(@_*&^P znhZ7sl7u6vXEP_xfY2V!A6z7B<@_EJ;wLsV|JSACqF-O?Ocbf-#|OaQJQ7!%Etoz2M!CKx5z{W;eRYCB<-uXrsgD zaL&nbeUJZe8=lY`eQqd-`8yP-sV)C%Uk2zlniIznJaQT!uv}<@XcS!_;s;Dvt~Dl- z5$4&x6bVcmE`_UTGDt}aZou{?xFw#!EkRF~Se&rlg&67#-DQUs6B&V<>Z>U@)`QD$ z$hY*5M|73Z;$j!d64j~uCoAwFBUWw#0pixxJEW@x1w!04m=&{^HRTUH+^-xA1KY8b zpTiV3&groYj$Gl_XB#O1AEeKIGQ;3L+I0A55Rw83?x9egZ2$>~^GTN9akuaQIr6*i z^|CPdt=NXPWf?8f46C$=1I94tu}1wBQq6|xBzfbL8ylW^O8kVT?1DSVuh@z* z#t9Dp{85Sg;2HDWLN0*p=-ki0*niygmqmyz`hvt^#vXcE}vG@ z_%vjl(0ilhe%PYx!R7d5JzsEP7;g}ngRiNTOKz6df(UHjL>5SmtiH+8=9O~@4mFg{ zDX?(f-U`k;I;iIz-;q&;>IRbjot97Xcb-4f z-2mWU7~sDo;CV}GN|OLxY4)8r!Gq%KCW-<}U*Ky--rB`j#v^l3q70 zzl=IFW7Hr0H1~Ir^vWz7JADFsR#I_1V1+{rKFM-}s?gU<$*FNXMwJHR9KYew_jE|? zC)u+A5Z`yw16JwXgP*eAgCDD}F5(oJ<(=)K`hvKWbCkb!C-xoiYk(-u%bipAWj{$t zf_zXQpdlO>PB@2$=7E7xniU34rKd|jgENb7PoyZ4GszHhDGpAM$s3wuOlhzGq&3pO-z8hpC^R}^14<{Uiur0h5US)ZCBM#LoeI-f&Epy5&hynW# z3LO;9G}Id>Yd6^)m-K0pC-_&KPGXDu!+^vGPJ)geY4AWkA72JZ(MLc3pvVHPyLxHr zw9{sRV9qHAxif^hfs}crIc+Mi6EP}nPHJP%P!Ngx9f7M^}vxadRTCX_Hz$t*|j^z}_YZ!0AS1XPws%>N_y)jkS4#yD2{A+bk z|FaK!#VpO^@d-3YPG<37?{8PZK_a}MK=Zq!WRd~te8|`J@fgMQb#pM*;jR$OgkJ@R z);AlbYba`!e(u{+KFf*dXC|DhJ>o@jO#`d1q8tTSI6+qU%|Rph%h}%>FRH73{XMO$ zL-S$DC@Vpe*iX+I^e>+MhW@75W-R4PhVfpa={g3ulCO9OC-JdlQD7A;`cJ5ij~>HC z;c31G876N<)rJ}DFfLCEx00z$L+m{vX*Veip=98&*+<;2DGek^RflA3bHT!|Em#Ot z%M6dn-}^OXqsP$7r1c9{Wt!!IR&%aq=4W=djtCAU<=BUVRi3Qsb!QWby*Y#rq_M89 z`LnXL!rtoIHtJBlY4O;~4D(-mvM#|fuXRmC<34o_P=kf}&M>LhtXlQ=|CFvYGEOqt z6FxfWvTs*fSjND-POR+qpiP~0d6f6hU9cMV!1pgD-wn_23#&2{gI29jvvF-el9G zEGs>G9KHCiNZ4Y!y^we{;y4{cE)ihJmCXt;iD$Sg31+YJ78d4?N@CS&bMKWR%=G3k z$&aM1k^muvdX$8K*@g=hvDG;(pvPZPMst*+HRBVK0^+zSD+Eqv=FA~AR9bt0+o%Rr zgq<+4gi9raCV!F+-pnUG;&G#e-@PD0u9uNeH?rg#PX}_QYJkda21%RU&>yy|UB$DR z$sk*DIT&-v@G!=(fCd}}$ab#QuO*darOTt$Mo%ousW2eU>^a(Z%D`HmTaU z76N?JD+sQVW9PbY=6WnCI0ssaqYa|=mSu00;QdL|lA#R8mP z23rN=73Ukqjb=+R-h8fvO%cuAn)OvLSW8OQjJ<4cm6Okx4T%Y_4t=~t@4(tnY8k|Y zvXtO0&_q{)qZ-Y;WB4A&KFoCxIdvM)=R7_z2}kimZzst&=&;rufrW&X)1zfm-XnCY z(kAvsOHJzhsJxs}8tMn=W`>mKP9Q2C~~ zTtnhpVzEPAu7l5y&A8tHBJ>0iBo8zqcg`ucuQ&4g*y-$3;Tc+Qa`d1!sV4ml{B@5F zAA_Ws@iaT;3I}RHBl8f|;YiA@>Va0dq42-KxpUS?2YPFflOu;U-E?rrCksIMBL@>u zUT`c&AVyNprJ3{D7Fw4!#YJSzxHBgAbHv?XEf$YAh{-mzN4c1dD3>Rr1TL8eNPA8m z4q~k50aO2A{n|gwvcU&)pMO9^`rw?}&FIe$OmB=p>Sz7#hj+B(@<4NEfY*svLZsQ)vZ-`TH_?1rRb>ZRkhV&*Mb^2_P~@N{b9U7*25C# zR1{s4NJhbH&HsLdPjO59l*&sFM3dAm%f;T=D$-FH=l#>Pgwf`Cf`Erk`fi+rj;}Dj zmcP||80A%01xU_4XsnG#THvrICR4q1pZpKBU+-dhMN&5~1r<*rOA4-%baCUtxcart z*V1WA!WO{S)7WFmgdB3MC!7O0kE$2~49X1VtGUx>CI&+|+M0uyuktWkp0OvNjwG!( z`>VaC-C-yR~KkorZ(jq}Q z%+K&USX03cy~0dw{Rn@uebYUayIZehosT9i_Pp*8iJY=qf8C$R`e!FL5}E=R*j89WpQ zWfM*9KNaZFW|DzHlM%bZAXhfxF81V0haDURTydqz!?R~gg$cv!K@NR=gWvAa1z^u; z`g5XN3G6Lw0*d?iP{eDW0BJRmw@hawc$rBA>1tWwU@H4KJ?V&AYF16A3C1ZJWsVC% zBuoV{vY36@a`q`;)IjmVm#$Aazzh*c(vD`iK?>r*+nw#x2U}8ixF{XV0q_=cOgxTZ z841;K))C)rhtGff^TSE;q4+TQaJm^hoWPt@DN3!ysnLZJ9k_y1;CQfZjmI37d?}(E z*!HR20S;=?O(45`s@423hpOa$_tjUDO1<$2Sc>rJ7!&gV{2{*i?7**0zx{oviYmqLI2N2g(>9)LO_`gH+pSdIaGcbf_X zC^sr0zrJ(9OX|^7&PF`fB^>SkisZRZ^B-#dm_Q8112s_bKP?WdhgU*)8n3_ z0Dd)8yBD!-RKTpy?60KsCs?=+9k<>66DxBVm?eZ z(#-4^?*ABz33D)jlxg#LqHDm`=L$2X7){ag$+t&B0vXu)=1xF5N4a5ld;4{2p7v*R zwpLl6V80fL{jlBmp<@xJIIl7dK`g~9;*xSyyEamj0)x*y%CwcrjCz?WmN9DvEAKIp z12@5Gu#WY2)~SSSVH{?ivBduV2v13pKcZq!NPVP1P+nw4dxvrxjO~?($8zR)FsDHA z<{<9_OUBim#lgS>O+Y#Y8FvXt@bx1tNPQ!Kn#Npb@~x%*X0`25e`1)3|AJi>l=xdN ztt!Fp!&m$AQB{!idvq#H7ZlcoB?Gfr23+3dKaxw=K;?bt%qz9UtT@^PKJw~}ZfS+= zP~0;bV$*)sl2Xl+cxyr03;ZwDRB7h85B%0>s#A8Mz0N|xz zM=PvK$jLz}DMva<82=o43NZe$*+E`SE3Y`>tjY+50e9A3@Vw()XcRP+CS0K%Q33t@ zZMu_{Y4U=NLXN(qvf8#&Z@1jkDz5sG)@U96ziy^c&y%8WXd&P+{c9gLW@vE~9j+q- zaP8v(R;M3GflPID!1{Px6{65`1rr<5Knw|M9{poFa0J>Zv?pFpR7t>mz~x0Z40Snz zKRWP7^v6f%?Fg=n3Tz&?cgt8n6Moz0zP-&@=G;LJ-FpP5`*;smNsM_TeB}r zJV)(hDUb;NjqRp2jcZj!B!hS=qQgAR2-W*2xCKmHtr8b`Gw;5T=8l->Tzl3J^Dt?i zG;z@=6gVE6uFjkktBIZzi8;Yakm=|YcFW3PCQpO|TX=JG_m{;!h zT-_@!k{(PDBbC1+5ol0JCXbBUidFALIl>Yq0>m68CTPRWtVVRWEZQQ^adDFHugKIwsZBCUx8$|%c6Ew|chdL1g(wgZ?X|IRbSJ>6q|*}w(lc2@%P0oAdpXJG zMa@6Op;Ze9ih6O8_LsP}*qS;f0Y>mT8(?+^o0p0L$ZbY^MI4(W3K;Q=sdDz@_M`=h zXMmA9S^n(g6l8)E^X&mCx1a4?3dT--uY7u+aolOw(3Ww}b<34;cUu+p} zH8*Tshl&TbRQ%psaPXT5%b3mD(xE-I^14XS1ZxsC?McR<&~~n&UrR9Ak`ZeZGG8fG zZ9r{Qu~#%BO;a$ZTU*yo_m%MJm)8K$cB|QhY%j*k33)nTAsj8qv3O7%C*@yk7etBY z=u>u@#Dg)O3H2W9)|BVTpetH5*Y{BIuXov$l+m`U>g|yX41bEhJeDThkCVkp)H*Mm z&G0-YYZ#>MaEa6(iWl`YrEaQaWI-R!A~Z|C##l}kv_n3sXg^a9q$tKMX<}@Ni~6ty zn4L^2Hv5Oe+Kp#lzm$UKa3LFOAC76_kxe8N(9>aq-oc`BbHt>b1G+bXF zH$5hucbOgADE0!)uZquz9oR<>#3WR3pE_4uOf=1V%fiqg?q~7_lUi_c4&8BlinsI& zDIIFEHH?df)Zio!=c88x&iO&!G<1b~Rgm%V+|5S!%P+_mPRn7i{x5E68!VNxjxk$Q zW7xz#Ny!`%u{DED+eszBmzVBvG4FBVKFJ_PM@CMYB)kK{4$^>f51tpTWw+^G4H0CQ zarX$zYCf{hw#`L!dk@)X+qS#U;32zf2D^qg-%Qg9uizpxPJ21X2cgTwkb6u!YCn%U zVLYCtq$lLld)iP&afv!TP@BMu5{d|8-KVQ0uDi&Seo~uULj$@Q1lWa##xm81MlNr}B;u23Q zDd-t@HR6k_7tc~rPMdN73ZvFl{twoU?tqCjypBXF&t|c z)KSQl*%!BxK~Drb7B|!>pWt=qHm@912P1_5{l)h37vhO!DjtTOoXAq1oUApVsH5nS zUXgp=d;FMUPkwD;`BT=DX_(>(N<_Wd2V|qPdnc%G>n+5Zr`+WmP`{LW*!s^ziI-D@ zal(R+{2roe33!hF{s4s3%ut9i=W<-A)7Qc%#83X(2&IDw^WQk<3~h6Cme|)ytm+f3 z(atkvMNE+x`REo7j*>F-dFP1>ICtpt2UWORQe*^pQr;Cd-N;lPxOC6j%wz*s?HVBN zsZD5U$J}t$ZuR0@p<`|8=<+s#ukaQ>E z%EWcQ_Gkp1?v)5c({{XGN+%W^;w={5R%2p}sBrS|T^#;=^5dU3-8RdamO-A)u7c*; zU`VNhld?ZMnPc{xlQJvg@dtfAANbG76X1jh-3Q=mPB3=xB!=^fP1@VV=Jlp?m)pq5 zf4_;p(k9+Yo-ns`K^91M{AE`v&XR(j`SV#(0t-43Uoi5VA%l0*VRkXV=n0vgX4g&GXqCr`!;i_2L+fn;*J9->- zI<+S|wI`1)q#UZ#IKjva#NLnW_bX;QYw@Dc5eXk|w$|AaslKJmKHaFO9oV#dWjWQ~ zsMNavTvr0tPmlOK7m~l6jp)Hc26a3P*};+nxG~;`gXVpcSPTEm^7Lm(p?;e5&%Dzw z60euE4mF0gbW||0biln()Va<`re4=IVxD>J@r}d^J0V!&K1qFP->^QFVd;BU$?5d^ z&!I57{Z;YbM0LM_JojPBFQ!FA5!XpdxyMLPlrfcscU)_dnl-7-8fen<_U=xNB$e z#J|Y(d2x0*u(glvSGx}NV9DeW{lGYGr<00tFZusgB#kJ1P)8{qT$UMA4SfgcTh^?P5iw@#1Yx2S1gfvr3 z?~+m$YT%co7~<4fO1$H#RL!#`{A~E8A3s3;qh3;nE%oRuY<}JW!4USxDS#fLOrooT zgVb)D4MJxSuuw`dZUGy?GDi&k%8_rz82*Q5Uwzq+F;ACxS=;%VTvb&dM%FC)qP>G(tl8`$lu8f-X>(K; z(PeEAQsPFb4IOU$<)yT(A8cj`&{9&G41i90<#g%>d{b6S9XEnSVl+}Nz{XMNZ@-mm z_wU(7FwTJf&EZ}gqvDHuk{t-j6oVhLdATAO_$__|Uo-;2-M{4)zXl1rmFL*M)A6U6 zR6I(>$#htpJf!rSA2^}_6Hk07^LSbyE^MAee_r``dv4M9WNrbOTXg6=Vz;Q#GLmNw ztvQJM15Pgd!0Y1yr_zw5JC)1?8u)5F?+Pu)A({TjnGlJG^~4)h^RIYJs3jd96l)T2 zylB9J4ixqiN#%!-&^BagqAVtH7q{#(&=zgo=noB|DjJ6`Pa;6qQP%_?16|Wi5OJ z*VHl17nmtP;uuIY^of&TY3Md)*_aLRS4^gSaP)#Q1Oxi!<($JGzt!x9^}(I=0)NGd zC_B%oA_~KPfVqtfNaeUVw239^iGr?7HBtP>JkFE(EF7VAWImlHV`r}c;r;_WP7n{pNFgQ#yC}e9ApNUIq3i}veHd(;{&#B%3<-L;b)sNMt+o0}f zn^|QS>zse!DGL@$B4AycQNb9yx*6D(I#Z1Nf;S{{cIeIm~jny#bZ-z2zsUP!#5 zQ=x~nMA?O@4Z-S%7_&l=E)$DWq@+xO0Sdni2hDR?qAc$OG@pT=62OZ7X-G`HEEieZ z0DkkK9*0h3b6ofb;))|tJrw+mQhaKmqM4uUb1L~T-Cd;lBHqDGX1dT5*_ixO-eDr? zrbK$RH1YhnmZ`a(4tULIoQVOTEiL-lj9Gl*kC_Qkg>=*TH6;f$ra5@X*=R6#&?YA{ zv)WL; zw$Ft}2xU~0XH=f=^W#RTSTnJ#FD?Lk*l+>gbsg9%lSy4Gl~h9_DNG6EJ$#Gc>}*TA z0xw}Nrx!w4V7|3A@TzIAoDN)ztcDVwgSpz|S!-hg5@;IYsJfMforROhm$DvNWb;aF zzB=?*scDgFbu>+VrR&#n_3>Sja#31oUf(U7l4~n)$F;*YWbWd5{hn&!@~lOPL(HcN zRt?0&5D-3v2UIWM$d6MOY%DRU79EH_P(irNXWaYpG>mot{AfO_j^NsiYzo$RV6v~8 z6V6%3s4pvDIt-?h>T;zXsyCu^!-W%KlY86Tr^K{ifeXT8^5R*XaeJe=irEcnm~AxI zFrxu*>A62l1K2~}hLjp0jAuE!2xt#du8iJPQ%-q{RFz~f?JSl5G8w73JdCUCA17te zKz?pnBMY;0H#RzYx&PwzORkVbyD2anyF|av4lYjRVN;r#Nlu)!TkiT)E|_1_+d;+> z72$P;YSb#$)rs`+1`h<;Vh(q9Tm<_+90xBk^%hAHQYq))%`4lYAA>ZPZEn#xy`+ytzBIrzgmsxF zW+b@$u)jXBnod0mkx}s8c!2D~!K)WXT%4_{53!ZVgd5W(Mb*q3=F$A?^19{4R^Seo z78hf=sG+bJ<#9FQp*aKu)Ti8bO%*y-hK1Eo zx?_$`s!1P(!DE@50y@mxjOJP>d*_*`qFgo9LKT!NNl)Tg2=@^PKn#jobcLUD2&j`5 zo*8(3azu?@EuY3u>12`)E|IJ4SBCZHA@#nUYTy1M^4IcdlGkCD3f)Ll@dVmA7+&9W z#tU#HU0pGQ`bJbhS-u}Cj+Rw&An=+AVF`n9w2d=6J6qch`=7 zZ)%tow20T#BQ|RiowcrO;I6NOyP5h;M!H5)d_+@X8LCw}8EDH#kYoQR}bVbsZqP9chlHDB}Tzi$zl|yf&tU4 z&|**MLWjSy@orqq*@uT4y>iQzt#G0nE<;622?BU7bqzMS##dnqVJ)re<*V;(xvqeI zD77`g8=^b?MSSTN_%bIsE>8=W)s>Q7ENOc51Y3HVrK@Uvc{ae$RPf86@$!0KOIIho z-6p%+d4rN|{?<0sY;(%@tW>sb@g75G*)*Z;)ym)#a?;lyH_cx_S@vl{Q8TxKLSh^#&Q@=G162s>dk3O;@ep~;`5 zgE#XD+y(G3TKL@yLU(B5oe-4gsXsNQG(lxI;xs-_f^O&!+tse%T1}=-b;e{mFh`4r zacv|5knLP~tR zq1r@wDCb<*VlfTZryFkVB|FvFRWC!z;&D+@8j9F*N7nQgS$~dZJ~1cE(r7Z+fXO)3 zt(>XpHPcJtJjvf?XUUWjaNJve|9P#y;#gUr%}Gke`z&Y!#rhOTYdC*{h}qxutz2Xy9Y6*Xz$dZ|w6M(yx7kDW1@kUya~3MX=Gs1>-E6_2T~7792q4 z4AT;JRXlQgDO%@8G1?{6o*uk9^gtThF{?4{9D9$^4pS}yhJSkDDCF?$6wHOG(@loW zrO5HLKc1sGe>k7^nTJ3wLEREamqQl|`o_cbQb&SSY!xgd&jhW8)re{isw+?7q@uzi znnl_Ak9m@#x(acrwSi|Rq$z}mIo@V@)2}WLS={{c&^{AzRlo{WsrM@B(!E7CxK7l5 zR*P0K%d(n(!u43L)jSj|!&~!GAZlB2R1oR5$yY&M)!Y^2`67=6raF$khpsS2wRlY7 z7AhKPAxFGCN*`&Qn(C+tSEELsm3u2U1~GN)4)iPdEZDGMD9wP*$GDA{Q3`lhayaI+949ylr;Vzfe5 zCPq-RJc;s4^!%keMom8TyjM+Z#6>oJQ1X=TeE0)EoxDoYR-bKy&AT?VJx8B<^0$Ph zaV-q;eRuSYwaYpqDVZ@PFry}%`Yx|<4dkI@BWH{+LZJ*P1>VVBtzpAx5IOcEiG_i$ zEu#IZX!xw4&^1c82A67|GU%|6oo&hybyW=u{&h*Nc!nNfY@v7K(cEfNtEI}huCL!p z7uiy8KLcWu$DgBcV&0foB0LA?A+JS&$HOj2T;t9-C~He*2G=%Y2nATndR0HcNjv;b zV#dUU@IG9WSTi!8uq6ydnv&|Jrx@cYieiq!itEs-r>3*cxI9+Jmd~f8&?89EvdhCb z8mr>U8H!sz52#8#HRF-9QzDu@1;Ye&PLm6>A2OWJq4P7(4soCru`B!OKL3nc>I{43 zu3A^MmN!jP6+ zGdX%#yLW9YCNXn@l}!=WO3E%Hha67R@s@msA-Q&!qbqu^5ZZd@$4T-@*T{xz>gB*( zKKotTs~zTEBeuS{tCvEItASk7FCQgijUTTcRn2eEwYiy?L5(@y*+~A5r=F=ADh7Gc z(bEyuDHK63E{LLw@2j3b42%h^vTMr_06K6qHe4Q=V=DA_-wChxNr+h^oyePX{9Tb0 ze}@6TXZPF6y;Mc32Hap3R5QZ;^3mWMQi;mNy9g@FBqPtks#GC1wlBNbxt~(NBbUq@ zxr%&#E(?xKGZ4XbQP_sm)jDE@|0wJzXYRpixbh-^Yx&zy zib36cExkp|LB3rNBs)}P$*x`YFuwvj^6XLTfyy%`>_3#8#Qx zPj+IP;k)YW7Bv7Dol`}$0v^$8MY070UxjXt^KoGMT=91Oz1)BP(tM(uaAw4*-|X=M z5SJaT`V6kV2pt*nc1OzTX*o<+A0-#4YagSA0YBvtazyvv?D4Tnvi#_nOn@*?khIVP zMG{5&dM3&#gc`i|_P~7nI)0x{=98dEeVhAO8n^0Z7s&Z~m~ z<7~b(gkezAtg-urXDv|O z92!9ijAm=l+ZE_rs-0l;{TM^vtBy3iN(M@|BO5NCPKTM-7f0w{v$J~izVOcEbfSv6 zJQ<}_nS~trK>p7-sUDTmv8pkCZB7PIrQv+66#0Fch$mH^(1xQb&KLe2H^DvEB}tR( zvGo35|M|ZQ#Jrf&LItncxIN4oC0)lySk%bnrFZ5iW;X53kr1^8xU{Vz9ffh;KLr^3 zB`h1BL=2%hXT&b>ROKN4QAjzatHT@**>uaY}cQslLXH9>7k*FTrRY=P<>D zT=vyv)&osIIt9d90up@vNW)Wa1W?nM>wcoAS#3Mi_&d!iFIdJ=U9~;fkz&j~G_S_2 zC~@?=vOdFj&$6be%w`!-g3Es-m#*8A_n~jjl?->{wGSU{x!y}#nouqjXX73qbmXgh zf6k`Wi_D$GTMJS(R99U}ts(Jx!OteVPd>l9@MmklyAOfBIt1Drj~s-`GC4tC7OK0j z)B*hSDLEM|gvw|-`Oy(P@+`7*G!G#t00}o~xA42BS@IqDo0}$qRhj1x`0UDw&gR8w zh1qMp5EA!wE%_}IWkgB5SbV8XhGo7m7=jE0B%}(@3)5AVJ6oCx#9_(2bRgA)AWlLL zn*#)YH1CH={83E|V!wR4Tl)|mO&TKA5M5V*^K3jvqidW_-X=iwF;Li^_QE>6@hV6!PFAWB$G*9ZxHjNxv?T)Ct>ZbP zJ^vO6@cNH#%gQbq3gd5zB|JJlW_I~Hb>M80m28$fb}c>-FH3SwF5Jq4jz_iY-o?(v zeuC3T{gnO3IwqQws&NFB45>CTYVUGUCdMfE*Q{6lkW6(H!hm0)ykJJv*`(G|n8790 zPyHDUT%0kEjMwtl@-I*SuMJ+Y6Mh=Oh3>B*S=c6xWP_1J1P&Rtg@Ce}!U&Eeg^&?L!}?qqyurl!j%ExR$f8O0aG&aoe>`3nV7 zvtUj>Uu(!=V&rPqgdr1;(%4V8iqmzn?eWYbPkk{bO{ES>ZZ*90c;}p_u=H>#O@Wo5 zBtxpVIcFzVxtHv!ZUy8$pNuXe^Bpoo(jFJ!0j0fv&b)etEH8Uk?6g%eH4R*N zo5WEC=xV9-4k-{VYn5klX+hJve;Q)2fC^Zl z>XQ(I)u@2C3JTFDpa%YlsN`~49CvCr{lsS5(iY33OzSM%v7fIqIL*cbGTw!3%Qb=X zamjW?DgPyf!E8kyjS%qdDPk}y*wi!y88a&xdx#I4rvuVGaz!!tqXU1K9zLOV*i!^H zr7ZO`lp+YydydJ_ff>yc&ew$}l9C2a$(KRSX)VUm9Yb>EUol26?w?&q2|GI2OiUJx^U19d zoMfr$TFy@`FFdm~##XARG){YYoL`31Q96BZT2hc^J8D0VI&d=s%WiE6CcB-vfYa$u z5@GI$a^_e&LD^_i)@r2L1-0h4@!OBe>>$oYd4AK+#E7q>~@`J+W0@c$z`b>iO|Or_DIPu*Mlhd_z_x0?EB_8{MCH_a5_@L&f*4qy?5=;u>#)5 zk4}9pDmLRx&aAMLDl{-ZywWuD(6FA;Q=XMsKO64_Zx0U5bGEU(rh=sIFcf=&d4Kj~ zIctMB+gaT(_hYOJ*^l9fEa*mH%_fO?wcr-OACI!Pt1pDU;~TkeooYfnQ{z}E0V6%Yr2qp4Tyz9&&i6LT<{QRx)cm3wt_(l>|CBC zn>Y=PjnZ9}R3s*3sp7ZfgHlUXtCeolEoDKZ{!E$z1+hnrE`LW;E6< z%ck^78&2_CXCdwCQJv+X`l8j;c_!&Ic`(r(=y&g^u?s&x2Z8MQ)v63{(-4sGRY3*H zpX%G2HkwVyj$<)FuTIc13dP5YtFhnPwC2UD8d7w_MQ3qj%lwRK=5xY?>80lwq3U3e ze}LuG7)l!~Nxw0&;(+xI$&-lYCo51Eh6W3{HYbeH&)~-6wq?X#Cb`G`41H0RX zmErYRP=3)eL}n79q(e|Fa0bhRsd4MA3@a}3tBpGI$8(b*d!u6B1UJPVr&NH|I!mT* z+38BgF6yqRZ%=bh20NTdaATt1MK7gpmp!!x51Kl+Nzit-3#VJk4?{^nsa_;mG)VL8 zxQ17{nlaCzEh>F2&YITLm#4wAJ>4MvSyS&e_l5Q?{U6GNv4ewsvc-4}+&_YTT-}aJ zFKj^db1N?I5n3+j^Y|>Cc|C!I%D<-Bba9U59s0y^&URzIwTrF`le9X+`}>urv{%6ek1 zeWf?tx8ybL-?eU{jFs09}6*H4@m<^vAw;lJ@`XXo*5(B65v+u7ND+}Yj^wma>o?ZsvF@gSZQ zjqRY>aJZx&o=af<{hj;_60+b;`5N&x$&k(6YF$s<|FO64I?+MCw*O%CgZo z!SsYgrQrK>O_$b*o<;4)YfV}y%z}h=znp!gn}&3nn_#y{=pn|-B;$#|;*Qyl+U=-g z#vHM${(>Ro?bW^RMo*%~i2xqW7Ej@ZtM)kBHe>0z#drkN$W=xn7spmBitxW`+g5!d z+Yv0#edqU`-*)&8$XYCx1aAk-|hF}Hb@`s-8kt# z8$KDfciX#9lfmF=Jb2PhhRN`8C)s)0Zg-OY&hzBy^LS^?c;|rd)!FWBhwXOQ-hR8i zy|>-o+kGBAefIp>E_Cz!|5?B1P#6C+@PBHKELv~Aef#n_D&Lp48{-Q8Z+my=iQ)g+ zPoEP1_oQ>r|9y@hEVmII;F*m`cl7aNa2lfxE17cW@EGeY1qY`||17{bL*xoEx;+Y{ZuCJ|q zp8`EvRUWPkFNI@@GN1R^Q4d{uvkR*y3;u_VJNHX2{~H1Lwc<^hx^WdGYw+fVNI z|8x8--T#J{HyPsw=fB-~e82yn<7esqQ=|qefkhGs`}rWcj3?vkjd6wi*M747xT62x zg@5klzt8cr@yjnEdR~vp;Nci#zK7#1JDbly{OZO12%WeADSjq9VRZJ4VvNq)>%qFz z@;;)J!|V9p=4P-RgdabyVUfo$_|q_(gQ&FkMKDPFrSk$E3gqRw#X1n(@+4!e_j$YJ zid^e#j=gRd*1~?%4xA*Nx9k9ObKkHN-zo2gop9U+LebCz6^IWaw+3ajfA~tO+Z0Yq zz?0Lsz`SWP;=?jKE-8v6+LU&GtN`UT!N3@&zXaYd`ir6Z)5%uwr{sN#WxoNHq)!i` zhsl4KCNwn<5=}W4tRLxb2S+cYr~&%(Vx7uE4g(V^#}y=MbPDC6bpQA@&;L^Te{!0PF-KEW&aO%Fy`SauAFleHc18c!d9r&?|3AymMsUO!u!b1P zK0Zt0P!L_^+-We$Xq@%panz5?a-2l`rBn?&lJCrCGeEF%7_9$G(OSPz2YO`O-{ELs z>@lOO1R!Q zC7jVh=rM30&&EK{DX|Y)cVvaG!2QYp;ejMFMsraU8k!7 z@B;1IQ_hB;P0^o_^IRyetj0DcP|sGjAPz?p_sH9XQPnb1%N#)xhdKy*7ZB2@L-QL~Fk{9(Sca8(2Y)EhO6V zm8@rle5g5NRWhLM8+O;3j<#A49!d%6tC2(m=PE&11h`|wUJ-OB*n27PGe_O=$-wtg za;-Q4_nYNYh&`>*?I$5b*`anwKE$yJDIHNfA)nle0x_ahr$*o8$Im6 z5~L^@*d0eC8{O4a)z#J2b+BA5M(ewl(Hge+;$_AdSPk*jBQ0+29RAMyq_B36J>r2P z1>vKuTi6=`^`wYbM>HvP>iCB3Amr6YanbSb5VHV5D>#AL0m+Da%Qp=b`r734< z>`$#`c4x}@w%5@oW+twx)|J*H9Tn`b1=1u<|-iajfqO+wCC z(W9|NYcwnX09*3vi>ka4T^@w%m5nK?nA>lOQx$XkqZ5yjO#H6ss1!eYxvexvjVY~k zE>i0x!tUBIyP>C`|IbP;AQk+-2HnR0Ya>rl`m6O&%Q*q$-2e9vJH6Qb|IuOpsJZ{y z#KQzHo@+E3K-|ikR1Vm^G<=*-ctAS{QgdnlH;?~FyOsXtqwS1OVp(Ut;Wg*bt(=CV z6gYB7`!9?x{mwce^1e_{F_(0BU#>+*YRwhwB?$|>n4?ti^VU8bcx(*I42(mBf)|+a zm7w-S5ztiuq;|N^TqHNqx>=YadTdm&ZDKkVA*8YYdl*_ArRD8s{$ZW$nZC# zoH9o8L|&wy&xXSmz|pF}#WDu*_Y;YP3gIiIvlwhN`47qMC>bvgw5O~XFG}S>p*NmC zsFi=z|6+{qg^U7WA>FoFndX8y*QjjLG-l1 zrCWaPdI!GSr<(rfmr?-p{6CM668hg!zw!Us$WvMWOHDHwSO0{f_uBS@Z*1T$vY>_E zVacvZb)_QOB?=L(hRI~1&@%B6nx?R$MBi6Z9v?-0%oPo-td91mvJ&|y5`W)E&_o+& zJm;37n$HtIr}rl9d{HSxMIn>=72j$)4yTG2pJsx2f^{Pz^qAfbk82pegr5{$_g z^{`4~%F4Oalb_uILMdnNjCxb@dCEO1%`?F&vfq`I|4Ykb)dfoI0J-P?<96KY9B^c|y8SYB_K`2Vrh+RGIVsvgZG)&c zN6HRT+f`PC;_7!=oZ!*46#vb=ktADkZV^iH;%DRP=+JUTai7A6B-M*QMdkm}U+ysl z5-Y;jYX3b<#Qz@+8u`DOr=0v}p_(K&0CSzw{RGVNA~FV0Q7L5d`J2LhU~e_Ykgr$dD^F4RPm7GvJ-KWOm>l_k*z0%V z`CpC)P5$?dJX*E3D;*hoI{0-3CA zDK!2YEn8w;6Tk02xY34z1YkNAOQhO`l}*QBRb((jt9XOcgNL?50NTMEN9NqX>j9FB_BZ2^XDvXJAA;iV;rHw#sVMyjGr(X} z=*}YqW$0NG%d@=Q$A9DXT?hm7NepoWL>7IzoxdrqK<639nqaH%W6iLFO0wBNZFCh* z02B~^ECUP)G9<;vvS>yAHb{AH|FnD3!-<02m z3)>maEoTa|>wb*=hGD})T5!A<`-!j${fu>44?sL%O{gWgfgwe0{$*a9{>ZbJf%5gI zJ?RJX>If@s%PnB}k{_goq#*9Wzn0dN{W%5kK>u1g(->?(ncKAKj%}YrpTpC7bMfkh z@oRVQ=(qpdZ%H`gEEEi9z->T^pRrKbBP@(EA}|AWxvyf|K&ErN=t)9TC1zuB^Eh1=(42Wv9t{GE3l?H9>nuMd*@`+IV012 z1X^bR3v>B+JRu&eP7p-{jJ7 zet0#U*mF4XFkU4rH47HXi3r=OA6KLeM42LAqRkKE6o zr+=RQ{@K5t;{SgCyjUK7cBfPL-}UDk>uRz4XjfrG17r7XkFQepJXN_Sx~$-TePMgY zUF$_(%TrYUhaZ5J<^2Bmljr}@Kkml$|IT6K|FMy$vi+YkMBM9xU7@{YNho6B>ZM}x zThY(0c>mGd<6`+od&W*w-b_GYWZYzGJlG+jvCEQFSzYy7Il$IM?AJU6x z$sJnQtp>NS3m^7z=`suVMsic z!epA(30I5AyFv~#)_!7Zlp*A6m~u961>74pm=_fsL4v(g!@C;=lRhQ&KblDR!X8^A zvv3q}p8nSx#Or?^54uhK??#@=`d>ge;nf{!fpqi?B~S%V7EK%02vtCG^}-w#t-M~Q zj=zF-mflej9j)X=9UW|M3UAz)w_C4~skkYqmuX+BLpxJDF0G@bzWy*ZHA$3wC5l?v z85iNQ653kw#YShlv!|r~w~qL)!=6V{fD(wQ0t^fCq4!eo_|G`mX|J}%we!iDPOo?ocQD|C|$#J_}i@9Dyg6x2N z3=dMsou6e#j>p)sUS5c7K6&QO+zvF!+Hm(t%jBKd0{2#C5c*W*RT;X-A{fs?smwwC zkeY5FMw9FgV%HM_4A2AVw=~kdN@pzvqF7o2Swy7vFWM*s7QOtc1Pc{s#idPsmgN+b zu`f$T+Qxc})|9%W3WG>og(+ZHrf^8~cGu0G{=)Y&aA4&$4by5A_! zNWfH8Pxs3!94DCxhebM{O8d>!0o`0wy5Lz1870zwEh@4zI=G|JzU6WB^$ z8GZ>%tduw|njV}qRwO}DT#361dH`{!uQ8nI#3=SQZ!g|{Ndn?ZyiQ+W?~^#L*BG=? z5PIniwra?Ve>Ps&&a?AZ1$$9nD#aT9$TOGLD#E&2Pq%Vr1N9rO@rn2Br6EWjN_Msdf@*YyTurMqm z9?H(Zi9VNuNa`nJX(TI>6*43wcYmd(S-D(PYC3#%W7YpwmNwe{<5(%7d+U3AYtKLU zmjAOgU$6`L>^YzXK~oW>STz&nN;zc&fo-A12w&`j`$SL%VEpJ3RtwK)#2hfm@pO|j>TfzmcJ~$eJefIfV*&>JaIBC>V7JT zPi^lRJgXnGGPgo+$vIV@ie?5W7b?a2Ny_<5n&3jrMu78IXzh)qRmV<@9onuo6E-o~yXK=QAHksJ4 zk=z!!;o(i`WfA*S=KfRapw!h8e=iUF*1s!EyfrhuvGAyj{Tk^b{|;@>8b1&57XM;2 zv&JEo%X&rZdhF{LpFoC_L%z6O4cw(Wcc-`iux<<2)l&etj5?674#`!yDoE&~5hs#R ziN;dh=ET=4`WwjdvKldbcM{|gV@dK+RiMU=Wlv|piP7zJq|4^9z_sNqWTdT&cp2o& zAYe8L>n39L`^3PVV|Dt-Cqw$8oUoI7Dk^wcN>y@2dJa>(knJk*Z*}0Lb+EeRmr8UI zY@Jh(CegO7OI@~YcGF=b+JWE9^NpZ}Lq@Bd{Z@tlMO{%GC&MMjSY-VcL40iXDEvY}FpEjje z8hR$Org@^Y^GZ29m4c{y*DmP6(qFaN#c@yS!Oz$K=s4kKWp~oH=#2C+w$fa;RM$5p zaLG4T$9BltSl++SA&n%FB;~A<#F7V+Upondnzt(2dZ#99g*;ECR>Nk7p2Su(G+=)Y zp6@%*JJqGGI=`l@-SO#O_i}wHN0GY2mo~~CjyAk@SYKXKZ^X(t9}J`EW_@q)(88FZD?n&BEk~azok!I|7m?I zgQ27+`sQVS)?Rkk0IKAGOle!H-8BS9A3bzBNSgTLtiH$yJqQSBM(jD2GmY9XqN!KoPib~_Y>Qx%#J{Z}0tlqYC+*^{OZ_%CGy za7Q$n1yP#ZF{DE8(|e=}l2=`fB_DoPhNt4B zpd1xsO>)qT2d^GFSLqa4p){-Rm}!CWuY#sswJ2eX1c-%>X=+5c?B`q!@E)+`rS+vw zm?5n?xTcc}<@hV}C<4LDNgiD5cLj1>w9*;ldJRm?$gke=Z}paE3O>$v{g-l-pEu^X zW`EmZyH9QcSe*NhEDcUM<&I0`w@}A#Bpd{q#wJA@CH0gpzl%jq5q%&)dH@UrWr=rg z*V7Iu5_%7NF+)Ya+XdaD?7xk4W^8sew6+II6-hM4P*kV_`hjj^FzYcJj|a4G_nsM> zv%QX&(dJx0XeADd{GA*aT7oq_L}e@*=h@#Mpeg<984?{JjNMV`3|gD@QlBE%AU{D# zzjEz=?KuJ57~_}0Y+L-KGrB{<$Wk?l^D!HFcUlKclvKV^ale{9M=g?p{57V?Q-7!Xdx_?m?DEzvGkM5%942+~W{w{axk&OQWNK zFt!1J2!8#Vbp*6m0D2P3?!V&Wh?Hc+noV42!oNK4zrt;#Dr;qLH&SA{oZ+Y#*522f zPm0$`Gon9b&m-FueHqRj^4&#cFE}nWC<5-T|z_nD^6Ac^D&}vmaY+96YUgauVu(t@^1~UeZf1`Lwjc z3|Kk^z&j`X^9JuJJ|5?-H?pkpQyoRMSOfGRZMfQ%H878>J(=vlu>7-Q6#@66YG>fw zOKOYLDv~ow|8nyQ`n5Cf{@uUWrCU79Ah3pT7T}Ip2iUrSjr)lG+!^`<+ay=w;up<+ z+*l4;pFPJ>#7#%-aRpNXJn`lBDg7^$u{VUKfhtJY~Oi%BF+xm2T8qoq>Oo9 zwt3vV!_Acr{JKW(`($0nk{5aH@|=+`35}7+ViNE7^&jV&4XL~ruh%MYiWenZl?c<; zW$Dh_ulU~T!;fhBT!6j111>iJ&n@d=$1FGHi{FJGxT*Umm&&D|Ni65jPTK~pNLo># zd{=b}{lOD#_?&88QfjWR?Q9K|nLuuOeOAA_KjU^&HvjyR$iX`}d06{22K zOyb#Y$y5tmQ!A)32=v8TrUv}6x#RAvDFaDB)Qhs76!W> zx|Y=DmCvQf&|jszg;C;{6XS0<2RVn2&F3Kup!MErMT6L3c9zhJR}MG(Y@9_Ler|uX zo{%aKW*P{9tQb#L*7J{c&*a3u!dogt{_}qME#rOot?FbRL+_O5fxoXmSLhq#0M|EU z_cB&bkoY`zj?smZ77`Ea-god3_}{}D-x-iEpIpr7O~Z!y%$2cI&hxt4fV>aTd8Ek7 zPip(0U47h`_6Nk?;<<3zVUJcFz6W#x=Gl-uUSvBvoo+(kl6W+_H0Njz>}e8l{P{;X z3A=^t{Y4bMVbtcdT6fdOEEYysGNooAaRU`_~49Sv1qwz)$o5_+v)>30~r`KW4>p zyJ7)vk&O#(8{WUef&0OBv{8unG$^IO{r>K;`E&AAqT9Ugp{f0u=P`PZG}|3m|SYz?-5Bha(l`=iW;T>&=gc`t!IrqL7oB${M>V&yqM z^s~t=PIeAbHYKMKb3`e{zX_f@|FdloI)C=rSn$Qk?l`-D8?KD}?BDuAv4U`WZQh>f=d0^Iq?I20U-0x4@}TZ=`VFhfOlZ zn<6a7zJ?s$-G7NsHFpz?I`%Sk9c%Hx+e)&R9lrn`egfATF_F>gm>#msZ8`B2J0@ZS zH~pic5t3Z+W-C4o5P04|n!B3lKvvukmoPO`TA=4Hse65Uyi`Z44 zc9)ZBzdry0rPcG_JGS$=H=U8W+q%I)VQIyQz%Vb*csp7NUeD2F+Y>E*JXhE5-2c?%A|_+>#~8xgt)^!7C*kn3mnL9i2E-^H<*)~CXAt&$ti z4&CZQU@eO^ORJI|@D~sQ0Nf9Ih$KQh?C* z*>YSuisjA2Q75DZR@*1-TZrP&7>8@U%E0mB>zxX7>_IuWg9mX80>D!2FL+@tbbMO4 zJoge@DseVHRyXiMhY`BaE-v9@U4#9(d*Y5p zT@~H|*%M`A*h+Aor=#mrv9R)`~#>E>d-x}@-NWyjY)C%Uz^AzA|KTY z-hQi%_dQ*S8MlzSlUXnw(rPN z3L?K=xCg{#bnI< z4C9FE-bbckRY~*Q1R-uK+%RGriT~s)Jq1N8+KP@%0IxGAf@Q$aEH>TYvDCUsQ`HgL#NC*B)P=lAu5c6vsn5?m-?DObh81 z1oHni$}HtSbg1c+@Mi9mKzn~SbDd-V9o<>Of-f4XZT%DbiUuhgoyn+#LE-?0Le|K- zZG;TCzkJHLXppHG7PW^ve1by}wsN#UOl1dZXfdCe17UYB8-WLE%@S^SztOG5da>Y8OMj#%DOzI5yVC>^l}{rm;M@UDmuKD z-@aMa!vpfmAN-DWO0V}wYXIBB;WhwDh+REk8qL5~J>UjYIwG2DhQw6| z?EWwQJF7vptTW8(u03!lC9MO}SlXI5%+Nh#F%hdjx|54CO$q)5kg55;MIiAG=)6>H z<7LDiDrYIC{hRtn#t9_f5mES{6l2E(ad8MrJNCObk%Hu#Lhke! zXbu<13i7qUW*EkloC(Y}SPAdsQ>@7^KeHunt)h~(cB<(Cp?z0@YfX?SHg4DorKyTq zPgD}dH`1#K{FqjBPdvM6W~)J7?JnXG4l^C)Or}ukwM4_D0b-^b#Mc(n%ellu&jvV2 zjG&t{KLlM(2=|f*T5NJIb~ef?I`73q`#x@WgQ%b2FSkzTL4gDv*C7h_JrrDlb9Xwh zix5IrA@?AMLKnIqgBt3WXJAjJ2AB@DQ=ucoLF=GIq#kM@>zf%YDm4#d{!O3xmw{jhTQFNS)yrd)7Snl#hr<;6rC&>TyBd2>v@gS!hCOefwWRR`p?i_ zqjE~KQ#ltp579^22xXG!gl`%&3@G%oB#v2V8IZDm$BXDG#4ujh2)*7xJn?n#MrWdE<4#9xb_PndJYQz&Bx+&1WQ`~>RWZhSoa#SP2g2<*G zt6G+4VKNhc$5OS>O|u;^6}6@GxTzWOC9W)5n;=uDV!|7RJ%~mA5dJ+=o&vtKe1c*fHYyhx6_hMiAV`Nv6Mv$Q3se>$+@*ojq zp0>{EVd_)G_S^z*z#I(8t;19>fih7#l;w6{esi4GwhHyILC9Ogva=8aZb z{$AjgP-6LjlIp50oUsz^E_wrrT~5p7jzjwnla$QH9ijh;K@G@-aGco9!35yfB?CZ@r$*z zm#LJ$(Q{9A3&%@2jgmC!4CfV=LoVccE`RY98@;})?UE*KUY6^ZXS6Piqav%?0E7)$ z@@e*&g2#2-EYD(IkK2~1938x4lTU3|BW;eN7sXeq2FrTM(S~C*?4uprN6%p_TdX_; ztxG^j?O?vzEPDDNBodoCBKdHuMfcpCHQ{5p4Y3qY^hy;Ww8h&Wk>(*&M8*Ct()uH) zX<~MXkg5}kn7J}#BbmDuxb49e*Dk>@f!-48NvApLz7V+8e}mHxD}-xA_~6c~8TaQ` zw}AA(61|B5QeMlI|=_{mFgB^-vht`wL?ms%_Uw7^PP zS85(mqgDule}sgbo}>!JkNN2tApAxUAvF@|gg)^fV!k>k!1x7*1;k8yIzpHfUWpI! z-l3tD)prc%mZC&N9WFlJnOr=pELH?<^*0hoe7^RHJOqBKbTzTGoXSX)3=}x^gbC@# zQjP<^Z2q2#A2E8c6Lt_&zU7y2BK8s7r?C&X7|9nKFTBH-7q5Kg|BRvoaE6MrK>R=FWhK` zojQK8gnCTEX$ezh>r|dRuzygaoqrib4rsoG6|{Jxqe1Vl$4|sUHfZKK4(s>Qh>43F zgv&pScDP{2$I+ zJ#A)ItV4M2d*~yS>)CB5QcBUrr4Q<)fB5?Pj%uvckK~wF0Q2dj??qVNpS_ zZR88mQ)v*uJ0a(0f6*4~OCNA4XJ3L(JTj89GLH623SDs;jM{ZN`KEs%Os@KTEM@#_b;Y&!>rMm>Kwqc+u$y$?-(Yj@2|obJ_%J z{h^wh=QV9j_VS=_Y=RjhGBJS**BDT))=m;}cilG(oJmSeSGfnqo1x4M&0?na zlvc)KFMI-xOuU7;9Fb$4S3q57g!cV}pTdg8(Z63u1_qM>n>|#em&lsqTgS1fa#=`G zG8bUZz=kh}9Gqc{Cj2x{5jZIm^Vl`>WZ>^=vdf$5Vc&>!k$>;atpQN~I`ZbEO7o$n zk5s5=a#(yNglM+KappQ)45=!LC=VjouB0(CkqBsT;bvI-V=sJh>1dm!^J9gS@ukDA zR{0{W6wYz?Q3SES&=!l{Rb`Dho~cJiOL!ZB#l*f`6}D5ukZcsv-!To6L}#z|ceW@uti+AVg@1(tq?Ck3 z?<%d%tMY&S0q-Fb%XCMH%4aSds}7x2k~MRwlnK8duSvTSQC%io1v?;Ao5fe@fG8ab+VX{3l3AbsytvM==$k7d{c^K*z!cuLC*L{TG zJxkI#DGO85YO-3d;5e8odfC~@%j+?JJ762<^)IobRod?qkyp0o9KgBHxKy2pyUyQ3 z<~SVAY>HWI>!svG{bxJYZY0TV+`^S7Qraq*8Mnzu9_saifF$v<2w13@iXc7{DQkTd zDND`8s>Efeiu*E_J>thXNX#m?PbXQbk&kkO43fq~FK*}YvRbaud zq}5?~8B5%8W29*c$u4Pi_bZ3h%><|1Amg}eq!x74GT13-JNWE zwSL`3#iGuBN4&P3JuW-A!)S>?bSeUUWfBb{v9#r(itGbL>A z4R&dmC7*$U5ioF;5g!p^;WqOQgC{#BG>;$;EGGu)>SQmB39Rw)ZbhznmO12-))=W% zD;rMChH!^kp~`Kp(Dm80w38#3eYEDychpUldq~k>1&}&vrX#ft1MDlq69q-;j0Fqa zQ?JMBL{t3}i!u<>4(?(2wYjD~uPy|z8pYV;Gj$DrnrK^4@o_$d(-~yGzNX$F9nx}g zIl{mEP$!m54Qf5LlG_hYyhoq>7E6=e7W?+khs%I#+|e)oIPcLPYS9=)J_-;nbV~jq ze}K_gs1JESVLZvhi^^uN!-ro!87^cRQ; zLTGn4?%K?-FOGISVERb*du_|B``N!gf3rb*N*!=V2E{S*q5aPH38qCGWjc8$eBL4} zoG_0MoF_?*IwtLH8K}^Ddj(a^g9`%r6zc*I;40fn;)4ZD|NJz!3W~`QQo^2oog81VqqSwgW13Eul_! z)=e0B)k;3yRrA{4aBsxq0|q_pili=6${Ci?@pOdDEOG?esW*U?mq8>v5p{>RHFm*}+{k!SV_7)fGsv+qm+$v>D2{3ytZH-2&dDNB`|Jhox1Is{-5@RMC0WM*6@x;N^_{9reXVM;* zJqQIY;CH(jW3oBVq=Gk01)o|_uO*$qZp^AbtSx^lN1Aw{}=^%HT(I8vx1$Rv`>JWvsSj!7av71A>XaDq{V|yc0w%G(N8KF(u)Z)qs(& z`O(j)T?ocO+fmnYUS0EfJT|yr${;2wO-s?Mah9Wgxz?uzKHn8#t zDztsZMRthW$!dI34OnuH%IbL&B&cVDc;@C4NIcNskqc)F9xZ)kCJv3s)ubI}ac>T6 z-O>ajU_=MrmL1tx7`Jlw+4JUbJxn#@-EI=7L{NLuVRcyHqqO~UJ--gRGn);EfQdgHa zZHS6ht}5DmPpr#3$O}pY5?#tj3rreUmb&(gpfpyZ))PzRy?sc%b4|;OI zgf2-YXS2PdSJ}*J31F{|+RA8$lS%b=8^|S@aR7mPBf`AH5(eTux+(!fF;tPZ;hz;` z*$sU-{7Ktq&8~faAntN(-P>%NF(u|(NC7E3vbmT1mg5gG5-1Ih?|LQ&y`OVwod~=R z>#!8Lrnc;Xh(h`CE^mITwX)O7yA^tXtYYckhv4ad04?sDc;(;zUvlnquK?RaDg{6m zVy7dh%_fj~3~-dkIhG+6{3FQ>Q91*zLQ~QO{!JB`SG-<%5#aR10!%rIuG|>5qt_yt z(z$cN-|wVxa__peLyH_t_Q3H?fR_#>nf%o}E{!q&2#qj1qSwc8o&RUv9_$4jZaYq& z$Wvgv0fApH6My52G}(knYs2Iu$hV?;DV4j$0g|n`VTmo3+Mc3<95IPet&FFNLnuqU zColnG}O!_>{*XuDD0$IUZ2-~ zs1l1rw{IFM7L-9$bbg^m$g};hSO=%meWp=|2`Zd)qI|b&n#sYh!pc9?0}Gwwq|&TE zE^KhD^`_8l9fq9u67<_tp@{HiQZ&saLj&9^Vqp^ezN2#DAxzHH?fD)2%x6sWNT{>x zJ7j1Euf${FX4XR-nIb5H4vvR^Q?SuS>OU8B3$V;b$)xdX5AZ!(40QxeSxyEblIL8+ zEn-ql6NLk;M%IRq2(^QX9iKc4Eq^85s^8?YZ04$jh&19^51KbmaAHmT1Ee^6?(qO| zzV(8SejT)b_3qeT0&qN)E&-B4>=;1PzxtvufS8nR$6j~Rk1sN;|G@1DZXEw9PK|wt z@}t0+o7FKllGo=XeD&QxXqV-epY6&vlydS(dDFX#vD{=FKGCOK@yh-F%;Ramo~;`B zt#P|#1t1;o++^s}V|eMx3{N{`z)Z@v{g#U!2u$fSt7#1iFL+#pZuQ8_iw%s3+}Q4k z<@@^j>OwdfT&363yS^OZ37*5CG}+nj z_y?mWR8Q0fK2aS>GxWz<JS8V*C09eZ&sKh;<#c&9@_K)Gr2bo8FJ? zWc|k-qe834W%TEyX`(L%r{lq7Z;O;Pkbg6JWbPehZi&ad9TLkqcpM4-q}VY_{z^;c2xk zD>g0L*u?N}I_e@=<3HDYv2DNx|11`(6o zE_m|s^K^ZC=t4*vf$xr;CpPwjMEkKUQpi--Ar+L0sgO%K{;cXNXvn6ll4oI~TpTE3 z^n4BqjN0?ycHKmI50hxqL#Fj)P~_RPl)IX^BXEIRMFKeba7b(d9y34krg`4(2$JVw z8+Rx_T88~~5L4I1;Pm(2#B%)m&bx)qmNwvZ5S!hzg&;x~X&X4{b+jml` zNpzGICw@NlhXn6m?~q;%Oyx@g4y>NnOpNVNFsIm3z7jb;uAqgwH2HRbzP|n4e4?2A z(dHku8#+s~R`67^71e3gGJX~NK0WhPm(x?$%ll9LyQvFM+#($fyDYld)BzXayXRS} zUJXkKPmi-J2LAflP|KGh8r)KyzZ4&!P9AgD3$iyr ztu==`O060m!iU&mtm~)fIHgvw4iiUsgGvd$hUW-8j~B3$%$%OlbKJdtmsrmKTaVyw z3zA;-HRftNxo+q1oWJN6VAR)^xO?mY9t{Qk+~y ztOsn;6?KT=Fn{ux%q4A-nb1dc)dM0J`iUm~F+?{em8(WmJy7l~?URUD^8 z@ZLGEP?0jCe9ctncLs%5m7sctW(ms#9FwF?SH-D0Dj06fk>pTuk|>XTh>6$Rn{gM^ z_afYrs=sjKgRCD2ER7FRZNTGt~W*ERvYIRN+j_vPWE6a8G>+%Fjb zS>6wm{gDUw@_D|#+Q2YR>x!q$TiVB;yB!riiXUwJEO=QpgcWK#8Tcf+1D~*46cYGv@t`=pCywc{O5 zk^o!MI%VHoWZo;py)lv$a+P$SeT-LR`FJtWln3ehiAnug0qG{?nPF4RbHQQf>+r9j zZBjfo;!HgxE7f2OQVW~wFS?P)O*e+9P6nYJ>;unv*u9|$bkWbG9D?EOj0yqNQt-l$ zrE~A@9mbJk+ng@EUrIsqQSyH{DPf!#apE5*7`()FJT4+5-GH1vl9vqJxju62v`K5p z;*OkMvSS^k8}{l3=EbRFGu(bgm_;*tFF7-VM)BK3w-9AN831enrM_@(~ z3}yfJ@Q9Zrgi{X~)a&tJy7@&9A{T^1Z5tDXtMff6i-P%Jcm9ctABHdYE3Wequf5}n z>aSP-jCe{=Er$3~i2$JdcAbZ1@VxWKL+oJ$>=enh%>&r(Oojo&kXz+JvA;FM(3Vb` zryUXf$YqGMOBv7AM2dL$6pj?dFN^UdU1@7rFU}U-QaN>WUd%TtV{j5=?Jy;hf+jKyKxz@kQ1&H3*^bxFedjf8j~J>d@ON(2A7R%5pvZs8 z{t+O{WBKeacPjQ~pA1la@bkH`&)TP7>zaQjC|{wc%r=Mk>)aK#fS`#&4m2`UoLy3kwxSW^aWfi_({Tgcoju%iYonjHzzg+sp*xp2WJ` z1L^=uB}*XM0SJDRIg*_)5Rbjh-dGZHN3y0!6PP9j>~^uRNjVykZIbLc?pPrb6c9sP zFr_XZvQF?Y`z2W%Yy&ZzK}Esde;~R-$ta3Qk?9yThPYJ^qSqA(41re}3+Ss=Vo}yz zAqQQH)Jc(Ura+;&HcJb}>y2j!!p@=N%QvV9C=!w(j~>z8MCnnLW@~yD89H=@^tiw} zbhSlOzVVxQbj8h)bA3=h8sZo>9VI5vh*8)M@jJ zIKNV*=f}zfY;!EB8l13k7KK|F$s}^TdSfo$aW#{d=HBgp*wShQ3oed7C?=?qg=ja! znA5V}z(F`HwTE!&7Cy4re_EB;ct#^ubONc_Vnm#BI#?2tck9b0qa#I0tY9_bXTvr0 z#ePGhV6<dk`a^&tr@i{3FO*E#(#Ob?Ny>Q#tcQK{bnpq1^Cps7MZbWk7=XNV2AE zg>@0GVOOTA)G(xZP6pYmJ|q3(+Q4ofy)^_dd1rx#=Y?jds)ZVWFmcE_WN)|59X`w^ zRX|7vQ-D48*oon5om&MnlYFqlG%pCp3Y@HGf27s0h_#91hAn-B>v0rGK;=uD4Z+#< z%(z&ceM#>w;6@}6Tt@Pz=e4$p4R`e$#uMv{xk`&s6{bVjHUMIm;i zl-4<{F@Oi&79QaW%k}j63!N5iYGUk@A<4eL&=Jowc7N9*X+>#LtU71=T9P`%&unB? zjeB_r-91lJ*>~91Un&Ria;uR*1JZ<{8n$&H8e-Zcp!Xd=c;NAQVhCuz1FVfHH-ATm zjab)1(#XUpTE+lhu!EaqU!#l!lzrU#d&^I5fDm&OGPAf>lkDa}m3j>xg2SK;H$9>g zTrQ@HI4=R9@U-UYzE}O)*=)bgf8%vgdsI;l7&kJO zatZhBGwYv?Z1qeA$PN#O|+B`mv^bmin;oj7VpzJliLCLsTD@ zDDh6mr=wden%P+VAtcxML2^u0MT$-O)a3_E+l<0`4$5fTw)U6~ma>C2X@w8+vj+1Mc)%(Ym-aEga|JQAk; zh-e`{dCV_T{ePp{P~a%BL+n=M8+iB)NKYH7!9Qa-g^*Gr@kIxC1q71va1p+ z+k*lyg^ih?XFcQw8B#SRjd#sQx0St(Dlkr^8O?9=a+4h92@gh_(nWdzO&u`q%?+}X z>^9bmU#;GYtrOlXqo~ zu+V$uQ#9wPb`_Yy;I&SpCmGOHR&*lV^oVCredFFIPJ>&n!seYSNIlzAM`GzmsK0^Q zqV8c<%kUAY!jIge(0=uIqKtiw&Tek&*Q!mu-Xqr4GJC_!V@cb4Y@+&JaYDOIed-+PKSj#eX5sBoO)Qd2NgF6DP z5*gU8F38v5OAgvfp&CPP{!1d%@5lD*gNzcA`k5#%wl~bYCk^|><8PB*f0AeOZgj=?`SkK$8(CG8xU{-7aEL* zsw6dQF-(SRvlpeVI3lDEPO!XN@uQdON| zI|lf}P252CZDZUxTL9>r??G&t&@3cbKCu#1{S>F+=Iqk7#VdX4Alo;y9Rw9e5q zZEL-VqPic#Ov3bC;T!2*&YL&B;pAdTQ}g8^4x@jR=*#sln{l z17f0>7?!CczGH7Oj7fv^;qg4_Nw$d0PEpd9TEQo3?oPmmcZ?`GL0> zZva9dGefTDOc91>p%eruhD-}JY;{PmKwx#&W*CwPcA#Q_eJMA+WwNFmj?3p}^popf^o*fYb?^EFKp~w&Bq3UA+l@F%kpNJcep2F47*pwM3$7Pdm{=*EpSyo;K zNGG~*N(MOpm>J{<5(91&>mmW`V}FhSC3Ec!-)t*8``7xUHJ>=-c+g$}<2N=%wj8Bf ztf_n9)>vwiIhGiy9jzvPs!pW2)k{sZ<{`+@%jB$}rxW$ZE3Aq0L%9&|cRI0C>+E!j z-~E8utN4}A70isscJm^v1ju>n$-b5df;)i=ZE%8r-A;o6QxTcNa4+ZjE0A%%_1iqJ zpq-#-_`n&n);xQOXUv!mT$z{gN$))*m2Qc~n4X?v+okiW4M7TbC|J0gK-G)rSYa3! zQmW1Bn31k{PhTXCBa~H2WhYQ6Z?!hrD-$v9C@`m;H`(IHO&}NZ`PH$vdWi);Gu>mE z7lXWs6MheC*d5Pb=fEegfIa}(r+??y2*8{~{`gJ4#L*eVMlOK*4WQ%Tmjom?ozSFA-6k>8i&b!_x{^CLY#6ywhMDwE$x)T7|S*5XyTJ*6-> z+~X+5ZYihqMvLRq5|krfvS=A%%4hoM{Sg=0X<_lfKSthR_8+U$5RYT_=%YJxQ}JZ{ zAvOAaAd5YcEiVWS)-=pJs#id@963mxg(}&8Vj-O+$||!pE9$js{m4f@f2C3IViUN% z{EoXh`NY|N@KiCn{-u#;>d^N0=W=(Yc9uzkx`~g#4*#?6Nt5;)VJ6RWh5(Rg4!FQ` z<-Yp_v-5ab+YJn@;W zyA1R9rq$Z67$<5I{mr}!+`>QGD-aoSiz9NtFBiJqQ!lqkn=r`{zzy&&XpXUc;2JTY z#s)Mt6tGrsqxXXoqr!h zw%Og{v(;|E-Ghoj>uRP3=i-suw9Vk#<+K%}R*UkyFtS2kx75!MfUOE^rYRAV z~JIxK66F|>4V{B6={`&GOVwyECCGS=oV((CKJ{x1I_1!ooYy`LN`!0lM00pTw zARw6~O`!ism{}M{o#;yfFV{dcacSt5_d5NlCKd7)5)K9}@tv^ZRCMO^8cmXv1z(J} zh7zAl?ERU=)uYyUna?iA<{keVWZ*+JqnWMtkViDXkL$TFu&}%bg-+n2Z;U3szY8k^ z4|rm9`k>##)+?02kWF}7(U+#2!SMX|?tvKE{zZ^MTJ9t%;;H5G&NwKUPTZYyvPtzr%M&eI+g7*_Rdd*bh3g(n?PRwJ>2VaZb`NEK;C#V>E&3Cu~g# z1B_sZq^gp7XsQz4TCA%ox=e>-Y~lf+o|w4HXE|={F$40Tu$okNYr4{FqwJ8+z~8V(ZfPO3v!8=*@fO}I>&n_)E@J$(K=nH zXp5bQ8jU%7qz*$g5gKxmEa({ciD@zDh{&!O}ZL64TR* z#Hw8GW@@A78zREx%JEX{EG-ZGABFL#(-xT!5($df}c_O%4QC_dYfnB5kt?FgRXdi?%X3g^VJU@o@Ih z!3kG*bS!Hvy8#4aOaAh+BU0b@Y| z&MF80l-cJohUs}{#*jQX0qlN$2I>Z^lb@#fR?MjW9X5mC$ki^ZskM95J?MfxM4Z>-x6|tdAq0HyH$rl$BqZgj zi>3#ZT*VupgxY&x1#KC9HrD3LqVLPoar>trPAD>riwrhc@9`AugDoBC96V*yAxfiIZ zH$j0>>(yD7KZn-5F@dJvj0H*QjX3JP(CGs!M7I;Ec?L&s;@M8SOo_E!X=#S3X{;0C z*QC})II2OmK}-AEmJ7 zkFn}umX{Zrp>A;XV? zFNeHxOcS$tmo6sJVg%;BGs4(BJxM4A>_W zzA3rc@A5xrl*ae!Hqz(ztH15O8K>gV!?KADeiPv46h`f!+?fL&2l>Q5ttRE?64i+WZ=eYM}RROkPnkn#x5`d>mS z2Tw?R3rDHz=C%g3s7)K^_fBV>Aw_HVQ%$x>ITC$5QoIZEF<3GtK9qH%Gh8#yf|yo! zC6Q`X{*k#im$$Ug<+dzk(2PaED%Wi?cDHQVgz=>oe!WmH`#CO*m^Y)!MfA>c%NpH3pcLYEZ!bT;xBTn@&QWgf!Vh;|&lkD5q#ef~`AZu%FCfESl9EtIXbi3*KxS{mJ9Ms1&BW{C`NPLf35|iLHw~Wy?ePSscjeD z0)GE9Ujkw#PS(fZW+-tajTdFfBfX;2)%{NDIu1*IK+U$s)40p+!8IC>#ceg{w9U_*~Y;%M08ql>k!rvNd2FFLVw2m%x11%0#9w=!;nqs+Q*+3+e1{`pbWE3Y%>0Y5A4Raje5@Izh-LrwkujnG_o^e}0UJ~O zNsJ{t+BVPMl?-T`v5S!MYs*DF?loXqYtXI^890zua)-W2IQzIou~=#6)rcclKwWA^ zMq3xzWws2(8C=lQs^`>reFhT&f(OQZh;@Mw`d_|k(@Md^aF}|si9G#i9sc!+)!NCl zK~195{FU$09jK1NJuZm*92qDp(*u%GCOD_L+ZPB3rI3V^@oOnL%P|7)WBt*FowUOD z3aZIr@{68klhD?`ztZuo-9n~>lU&FB6#VxOUq$ynd=-S&4_}3q?bzvbQ*%;3{g)9B z05bGuv62Klq?vc%k{8}z6Qqzrpa~yrmzn1^^dGt^cGmOfvw!iwx8`Gb$bHWi4So~W z0$%Dtm>%eF^xj1VM0taCm1;Nti}4Gqkck=aUA%Hf z=Z7{22IgumE$kGPa3-B5=G?ao$C|Tb9%#-xO|cZuUJFwzGg-oD!7n+wK8B zC+xY--qZ}IpakJg6!CL!uS0Hp#<1e;xm1imfpI5#V@T&bM2CbSov~!;r(v_0u3r_D zU%s^3Q9^&xAd+*U3S-i3x$+H5M5MRUQQ^NrE41Fz5)CgykuWl!`N;7{J$3vW`@%zV zZHx&@052bb!c)V6(okj^L`%;a+oUWwEjC5^!ov)fL8Zkf`kh4)F14Ml=TbSYgH3#h z$6?cxSysl9KO|@x&Mjve%vR#pwsC}}h`tnz@}qoomGPGc&Ioj>5%BYB3rLJ!Pp#63 z-Ckf0zzf&{pbc3I{-t{XKgwo-%v)$>HR()H-HFBoMN<#L0Uvc^pAJuf^QlH(+uDP* zBF`n!n<@R6xXRYAP~2xMhghC0tWqS^5)(6v%?Y3|4cuXoKNNsc*Q>k&$OUXFqtPMd z^ad-l*+JpKNd#4$Lq~r-L6e|#iQL@)?>}>H6^mHyoDagoUWALyt^m`yRhcfE!3A^s z5^wjjcst&I8dEQ9hnExIkyqYs!|n-o@0Vrw0tyqT=8lCr1aNvK316p9M64(rARQa| z*_u+RE*`4ZuCk}RrhN2b9N|m6-e6_*{fC-@dLrUoUOfNlJvn6fc>2nzNxi=FA|RUb zj%XM!y)K%w1Ep}{M$Aes+_P+E#ldXfhqF2B2qoy%+#P*n@*Z7IRc00Ogc7*}e|*JG zXTC0Qxe|^0v)>YBr4K6>_Ebqs%y=|X^S+RIBtWi#)Vwo6>w*-HfY3PYZxM}QOL>Js zs5rw5auauVTZzp9F??}kKU&s{E+&?T*#LgX;O5PZNcl*jgDVqr;3gEaJws}N%c*yLdI=hMq2 zyMTm^!20K1MLp&50=bJAGDU$g#8C7z6#dk~8gw((%lI?k$ zXN1UfPkcd&9;lf&6Q`ff6W${eBt^jadnbuTp*I)3X7UTd=?gHWap^FIPZ3$ku)`o_ zUGS}+Z#C;W@~TO6?hdASNuC@?L{!_jn zyY#Yn=)vGY1)%8-2?w2;)&%_Z0xt(6b$g|&(wA7Z&n@5ftntOn^u~9viz+K)Okpv6 z0*nC@7=?4@TWLDfc8fQO(MpVkuCo`BP3a}%>I=J#Ht*34S8Zfm#vL4!Cc$PNmp1>* z*Z>H0Sa<#p&XT9-QPZxcaKeP*GGuP8Fp_gck0GfR{{w9s1%| zEae!%86s;E4L?=~1UYXz?{(4f=k8Q_)f30U6@$E{Q6xG^MS?mQ8FGG%!6NriKcVJD z@-iP0r{n|Mzs^|V*0OmMF_ z+f%(IKSLwyX1JVNQ*;)v)2m8LSs0@PjB{((c!JiRxS?lmO@bYVlmg;o;3s4-1WVgvG&w z!s1{(Sp2H=`La(%{oiveXt3wsf*QBj^P!6|H1PDNfgJt6f7p-Jf9m%JgHEIWZ{o?& z|5Iq(oCccHK;?j7?CFAYk_2!{r6|#Ki_1l2ES2W`@PN+`DKwW)6V;eoF-QMHZdf=) zk@6OG%(Z=Vpfo)$;w4)zb*M797yE5w83x|Ha@~)^(3=y^N?F;Y(FYHcd=aqs5KDVF zM}d}c1Ul7cS-lljp{OM@VhWa^-CM!Av_wz0^mUFf`s=e@es#KH1^o}T^5Vwd|H!xh z9v=1L_TTQ&QKSED;z`l}A{sa9UZd_6Q}>W(UU1P}zygfzx6S+;@qMGaJy6{(B5|7G z7fosl+aVUU;nE!sZD->C;m~C1yn-UD#?U7HC5qQSK2ct#1~U@ud-7NrOL8j;+~r5; zdPmBuxWv5aJKeVGIYY+B9+e!7w5{UTOGq^IEFw5#(-DR{PKlCCOG$ld)EVyKUw)zf#WFQ1vHnOA!k=J67C)@mLUs?lkt_jXWv(f0D+{IiNWQR5ts{ z?8M=HB!5{)E=ak*hn@{Gxjvio$^$*GBuSk-w=iR|oREbkhkWILQ1)#f<#Hj*@#D*x z70b%V0zbK1fX}~B(tYvbbpK4mq$E?+=jXitCrNhBLW{9}pOQXYyzUX9&li%6D4t|- zX8N-~B6s2cgVpwbtu`Buef-kWz#4~)ho^|hRSBLm1zk8KiNsjClEe1?YvI@(`Dw#u z)zY|hPg;zTM9Y?T`Yd`k0gswqogb>CqmIbyPm2Hyd7!_(O-sTh8~{_%EF8Auf<4z| zdw19P_EZh=tn9xpb0y6;O4HvI;{Nv{V~pI*<9MD@DeOWUgjs~;B@chqU0#RZyj-EB zFz5WfiX=hglIjCk;uc1k8!kv2kCpNj(uWD0)F3StjkNKQ^|1ot zq-6#yixvd2Q2ze@-G}qx>lZICccO!5WYUNh)S5ust-5|5>e;q=@}G+SU$X8->@U=o zg8FdMB9I&Z5wHKyKkN+-oAduBo(%u5JQ_C^fyN@Rk|UU$-fV2W=iIezXYC?up*ej& z(9?Gj;%D6>64(5c>!}63X|u<3tJUTo+#AylFpr=p$1MEuW7ih^`xD;%2@aOHSyG{J ztl-A=KJqfo^oE1NQ+h~kUuA#@K>P5q zo?uC|Uwqfz!7Wq&1QpK{X$VWw@= z@D*-v)cFUj&MTBoy-SnU;~U#wU^U`Gw(Lt$t2Z^-Ta;lL79R$wj*M$M60vUoL%>MV zn!ApLIm=jKs~Tf7*q94-cG9KMPGr2E+LFjfx)oAzhgYFJkK7Bt{gZO$*zrH(vWEY* zzO-9WSFJYjEL6YQx&F1Y_w=_X`}9A%`%hZCw61j7P!H{O1tRxsZUah5RhrCnPD(fp zqsX)KSESlCx$?wrq>41f>U)cfcf84Cyaxod1K5@`QqnUgvge;;QaC37s3LZvby}oS zGb?ijotY&gD4AVX95FmhDoI}frucV=dpSF1j6gF#{j)XL-xud6HRv2rCA(Ng$#M(y zp4y?DgR-;VsmwTE!$G2|{U5e(x(o_<0A}m|{iDv|aZLa3c8|M_{=bPQ%l;puadQM{ zjsV5eKs{U97nFGlCWCs$xosOy2l2Jg91tGx0U=K8H2Z!^tpPRO;x7O#&6TNqE%X~P z7T0c)NqdMIP8~x;>sA~7xdPql^{b1^&wqb$2?|zs{M+uXGRmIvNd+wVxg1n9l~68N zZGQyfAHD%a&J96({oHELtQ+KG)U=WWY`*-Z=jGyV&RT&8QVESvH|T z%7iuu6ElfZi1hI2D=(-}{>4y~{~VyDV5=+;mBWAvm#$pK$^)u{#MOOleL~cO*sVfh zxRa~Ua}bj5c)OSX?EWqP1jzW@=jE@N(48*-1Uy@^{AZh3{@$M;g?m64g=2&mG1+2F=IadVzwXohjl6rZUARA-7I3Rbydh4^Y z7eRj=thbFe_q4g^8sIm^dkIMHg89~H-z`LeI@oV3t-YzU-xh^04#=Hw-^LZbd_!YN z-n&N%U!K`%}ZA zJncWuvd!&>yT+YZg%O4!hv6h;@Dt7YsdEzbih#;f$|{Xa<~q09M*dW*8avs1F)Fl^ zGU=2m$654ci5SJ3`S4b&e7tTnW%9@hIMZ@a{YZ;d!YGOpX#0mBUU6)Gd)k`2Q;L&s z8SDH)@In41pDAX}-o1YP;_UL(ySJau-@p5x|NVUS?(JLnLPV_I*ul&V11ZQ9D}|I3 zt|^<{9RM6po>PEe3(Is$2!K`Dc#}v;lbJb1(l;h69wpQ7GUkpe(@^?!~A@%+Et&S9^K|KG%uQU5bW<0kyS3IG4P3W3HJKoj%-Kx6(j zv?dhD4*93av6$9I(!r`VDPzCWOtG3;j3vufDpd_*YF{idZhooBE+)pho+`88No{3N zy^K_{8fa-3EWPZPU%Q~+7K9nQ4?*{|eL_xRd+HW4N0ZmFKuR|oe+SY#srbt7B6|u1 zhT#%RduUVh#?ZfFsZZ^^V*Okqor?64Ju%i{j6AW~MVxZIz{0Y_<#b{Gi>y`c*fMkI zhfVaOV~S|lvF(2x+U_v07giBY9b2Rn)SoTqdSUH<_u0D|!@oZMbB+IeBL9vTd-$)3 z-)93oq#d550#gF~8_S-~Kq=dq?e+0NHAt=LfOofpU9*mIW~Ar={EL$q4^q|}jgvs$Yart0~hfuEQ9n>;z^ z|9Puf92HQjEA=Jc+X&K&h-!ZT+fJ{JkYa*&{%rv zEp77(a~@BCZZGFRB%V4tFF7=O8Ng$2OEq12&S$D6MCDwm)Iz~z2akONge#tLLQMY+ zaumx-Dtboc3Zqg1Sqe4F?oDK-uc|!ZQmf%G1?SJ!H831GH1t5pF@7|9tV@zsxz}V> zzMs#^_df*`z-;}mcX$-f|J*x1?l$*78+nS{|1=6gr&PUTGH@FmC; zS}W!P=>{J`mP|h^vy{WJ<&QjjNo?ds)B!4XdAgxt2FW&wnjxf0y6enuqqc(S_j{98 zyynbb4U=Cc7*ubZTa$oD4JtNqPN0X@R9*(LI}y_+1F|u~rEHd4nBJ{|AOL3RSz~*I zTM-C%7{EZYojYM*qaDw7NCkMu`V<(TN6g&N^Hb}a z&*lr)58j2ry9rr#4`8*eWm%a7Pp~@Ni7(+vzp!u`@WF?bV>-s*uNvUCd+nqxovqz6 z8a7@#8~5)Y8~3-0jf;q5^4I-WeQd;`zsWNO`DBT z2k`-%F205(w!Y)VTG!b^kQP?4QzRyhKrM~KA_`x77`Zqu7&B`#voT2 z+IH~1)KBrB#xYrCbLL{x?bIdI8044C+4vrE1oxBPJWKGAtMfz*_99Fn+``w%6+he4 z+1qe&g+2g|14E8JzJUMOmjA)G##I=E6791w3(>XXckA5pMwSzpQ;CwG|Bv`^zzJkL z104`T7_?6M&0u;CnVuMr4Hrh!lSxV1s_-FPQ!5~}9L-(d!jlYPJR7K^Qj$?{G8C^5 z`SjSvqx)@0dLnsw_KyeEiFpYpDBNbx-1(g3%D)(S<`RX!$flo9O6>EnLrHT2`my?;9^1KZI}IUY=uP zV8n?%4N(M-Tn{#(0CY>&p^j8Dw^sYX2wQKy|L)hUWW@`JIrDkwjsD~g@szPEa|eCq}mz%nz> zb!@+=+jB|QL^nQP9wdVu*U5wchp(Ayf)SJOD$EGl#?ZxdI!G~@cKFVaI&)LPNg94> za&5p>x`O{NdYO5kr@&`=+}RV^h4kLQIq_e|{li%NSHE}E={Ekqn|M|X~#ufO1x&mj={2QuxBprisjh@YI80ZW>+Y@^PB!a_;O_S;s z(x9Hfff9Q#Mo|~!42*Kj41sP=K)+;1P5~C`OBN1BBFG%coO-<9F~;VtUz6H|sG&eg zFk10xQk5u5F-YGSO0Nu~ce2xce?hICh%eXKf!}uZc^o_4D2FbzY6Aw6>2r&Lq0jLs zvgQ6@9CZ%A@1&*7%~7$pl}&oE52$yo4Wq2gDBm9)7T^=T(f-+V>RD4%z@DAIdLftI z%V7@3FvY6|ysHlt&4?0BMv@W>Ewx}mpUh-wT;e6YFpx1L?99BjgaH#3Ea16-n`W12 znw_96oZDs%G&mZ>Mu-O7F=N}A8BoTh7gneT-Qpnl9ikb{$1G%(R2d*avNbVoggv0C zQu9zw-oArv+tL2MyCbZ&yaU%8hK{&$8!`?7&?*12B(G7}Y)MI?FvxTFrl9Ot7kgY; zBurVpjZD~nwO5gNXpRi`gT*??IF8W646~SMYhixUQqsJhN=Nxza`N@guLPeer~5&< z!@Z;qp#*)lv@hs6n#az4`I6jF$}j+HPiQu_eNZYb)8nVSNSihSqTOSY5#r*u#%)1I z5cA3hiMzu?&SkNVW>(d{RRE_#sK(UICeA$Xsbc^6-Y=5%H+r(|Kiz)6-;2e6A00RO ze>d}_*?%~V8*5Kv?Wu0<`QG0;0}p5H#+>s|%{iRHN#l)B>FEg&1sAMsnyGadqQ<1l zw28Q%TLEUZwSY}V{%~mqv(wfA`*<)i$Je&+Vmd&30iB?0SKAQ1!^iV?&qbXFJc>r@ zCsSs4j=+fJa)HA4tU@h)%^-EV?+4Kgqd@?A>x zA$kmwySH87r{%}2$*ME#w)trw6*sio9h~0~z8Koh#Qg)mBz}A8Ngk=22k(r$DkfV4 zO`{%IHePfV!gP^%VJrnlRiaCj2$-V3DAp4Vce-r}+tR^ngBVW3Phre@euK*dMhatZ zWWuqc!Cw+5g)!*gn9Bx%36vzZ@U2cZUndw`9 zkbkifA}EU>{6D`B9W=SAPJ9wr-{?Q36Sy>z9t71C)KAG3Ge|?1!DMWo|)~hFb!bK2%|2E5cOdR2}RWhJ^dD_ z1iOh3D$^M7TU)d;Cr6l=6LVmbNCLb(L=!}iPK=M%EsbB5B<{ZL9!TA{+SX)Zje^tG zTla!Z2dES}#7WqmIz$ZbKu>Mr*SBkw2jS1wrTdfh9G8j3pIA zc#Ime0g?2nq~y`=ta?=rd(o zq;#kMNVro>?pH{3;s z1c7l>SyPUkv!X-bJ7#^^X8>H#Xok!{187z%&;VKR4g(Ef_`E=a0@(k`;ty7||H3Ok z{+vL7ocs?*M~6o-`)}vCcih;2H}Mp(|56$^hTq2UTZiG7auWyo5#0~oiYP-skKWF= zT#80M1!|kE$8?sB+4w6k8>e+KbPTMSYZw|LxAhMX}me%Hb{EgE5+$aB?1_W}48_ zm!k1CX-wM6xjKz#y%h=gwd0A03t6l%A#aV^U3^mU9P|lm6<5G%b8?dRhfzeY)<0BC z{`Ail0GW_ZU%q6hj*=bdAR7u{6;w3B{lWTiRqY$`rZ6{#sbed2ly`{ z8=`z36DO}TlG^o+xlA0oqLWX25FbvqBh%X#eCF@_Ac#jZS$@`XbbACxx0$;ra#+hb zVPwFbe%??e0VBtw0$q~VxZM`_mlE%s7_Dwg49Jc5RbCw~BpoQOY?lg`h z)*1PAVq5buT|UY*>8lh?e&QGSZ3JS?UEnXO;uZJnc9{{0Lj6rjL%@MOK6jHNwPx^D zKkh3I-}Me-Uw)EN$G*G8?^4Gk=v875TY()Avb9?3*SAaZ?Ts}b;X?jK)1iWN5{P*T z2Mjk1bZ8&BbJzO`SQbzI&N$8}Q5&-2;AgxIPX4NroqX?2ugsl6r)_kPd!XJ8+IZ1_ zyxVGPn)Uj}(609s+I6tq_fJ#WVK;+A`akGSam4?voyu*k$ReiV6U2tSFbUW8lpmy( zlbA8lr?i;b7A6M$Yhfb2TkKj?o%PfVr&bcch53n7x!Z|z@WOWZkMW=UnR}zb6SC{f zv*6eH_%)S>8l1_k-k5li>9fA7EzyByiGE*jg&w93IkW8Pj3Bi8eP{Wpm0Z3@>Q`7I z1rE%*C1?9@EgilzGL?M2pe`Jjbm@1~eoHRF1ecMm4CX*j@|Z)@`V_<#n!$d?p|V&p zwR4YNPvmvpQ#(&x$H0`&VJV-xfKornnJq*w`SFcACgWq(5n|zJCE8)#5FJI9t{;H* zlN7h?hnKDsT-d*p?gyQ}#@cw6{$28Y=Bor%pez<39o|J@9|(IAsR5l>>+Qia&5y2l zu^`St>GVFLIUu>j(DHJI5}%M7Wpcj@qPzP&{PX=&6w2N26S5mM(3G{0qsaZy?s~Xw zJnbhsVv>e*l)6@l+&;q-t)tmMiDjYy!ttDpuaks|=Jj;PCVm&h#{r{X)eJEU`10ODmZGrz$AASKbeajIlF z8DexS1;MvAy#uB!8yE@UL1yL|0=^)~f59e{CRe0ln)aS?Ks51@RqEWtXgPlO0kMMs z(Eeafd+)K>jG?zp%rNyM6yGx;k)Jxx%2S6?=uI7;w$gYmpEZIZN~BbyX~QzTjm6-I zdr-kbyP<^!hS)tf#LCZZYKZlVkH8QELktYDB-5@NVl@7hnPBmWGjH(xMQLg3`f*!C zc1rEEl;i>1W^Y)RaPthTGO)_PZ{b(Hi^_?9!jvIdBQ97;v^U=6|{Ly2D<_y1FVKnTr zNnwvsTUbuhN^ODdIKva{Ip3xqtQNwVcM$nyL)?Q*a_<9xSeeM(+~`N`gFpZV$e z9=;9RQ)yP-p7AM)tI!RrIMT5_g_dWhXcB_yxud2hVkgno8lXKeKp&O?N*#v#t1aD9 z8;_cbmE$q&*~}l=tfIL?qOZ&Cy^raD=@6Uu*%mXHLRGE9xSWEGg%DX z>Xy|J7*_Yeu&Onwx~rR1m8@V=?Sx6Cii*=)`_ziT(<onReT*y5UBEr)%Dxa8C?3@Q1N{V7GzYma7NYZSgai-PT=m zY(E?W0(KkNZD6OF! z8V_a!bgeq*`yPW@o>S)7YafwZa8exc$!6qL?h zT(}PBY8@-5qQ@(mE;%E`o``YCVz!(RE0v#-PfIv#by|b6LMLCKjJ2dy7*yYhN0$r< zz2ulFgz?NT2|2#i>c;}Vm-Xog%O*KHz+L!ND#RDq`GG6q>ifpJth4g|w5nj$+-^oD zj`O0qbd(%W>!5;F9IivCH2 z<5^<+xSr#FcAceNurEqBX-vy*JSbM|(!O*B%8Xy8917Y@rF|?TY1fo(+G8 zD(w}D`pUl4!I+gJt>}%PRo-G3R#a?F{>q=wE6s$A%oSj@ZK(znzRESc(cI74LP`j> zwiVLpcqL{nVyI4J)&hI?1OAK?*F~Nmzyyxp-3t>~6vV#{6S(L{1rr!d;B7L2EekzC znrFKf4)78Nv4drtb*WyDrq*zM--6{FzuT<-Z05VMnYY!_1bZ3mVU3?zn5xPu(`qJ-rkdWd1324pBDiV*k8*?=ODs* zMmvWi)-~d}64~H?^Z=o34x!W>SmNNS!l6Xyk2naZd@;m! zFq#VA5Oa@9QIRD$5z6#fY@ZM;dhQeTS%R2}$fQ`6T`GT1I84b%Wkf0EBjHAU1tTRW zvWP1DMHFk?Qe8$qF)0`m7=QmedU5VABlNTFjixw2Z+y=sW(Hx)kKRYG`V_e#ve9>V zHb*0(TO;I9k>L}tKnOM&RoYTeX ztM-(%&}1zP+oVL?p4+b1jvoliew^^}~;^ zTXTnYBz+d}iktJS;(Q?3rgze%E@!a+#DwuTg*7jdJVpUt_#rLzO5T4qn}xIsBcCt` z6=X|7Qti)bbN-VMIsPbDp|}>TM)XZutyV zR4!ssqk?+FU#vG+xNoL2;@?swWQ3%pb33bB_aJ)}UCmX!k&Y!ufKw{4XLVC+Obr@sXWfV9C5c?;LmXD%AU`3zF}F` zLBEga&%=WQ_S5R}ziH}Q-45#X4hP-dpx?DDWOWaF{mxg&+H~V-T2kyls^a*b=MuPM z&qE;{Asdes=&jrh}C{OtuxQrvLQM5NDN2R?xXwB=^5 z)h&9Cw;xjTh`b^ClVQu4%%0&OniJ!CLi(FM$+`enAGF7=XV2U}6XHVl;!7g5&*P7L zGr`d}{5NV+#J^tH(P;Y3$~7m*%kx9p{J1Xp2jzN_@t~gWxahcDzEk`=Z71tf0ZqP1 zPe{#8b7P!JcVzD%qta?C`4rgoUa~8NXgkQRwAwo+R_~mXRFfmufp=|?K)Th`*#2jZ zA9J1df7j{_%JzTP8i4(O8|hB%|9brtvs+^S)AuZ3h^eZCQDwR+rKakNDVR0rIhlen zjH))_wV&IIM5dFTiq@mywYx4hNTKH%_grin-N&8-TL2PIP4$1el-IxnsMG)5o>kWW z2M2x7|F@CWsQ*(UzUte;9*qKLf+YTmA5@6wg7L@>TGlmvDOEV{Y%#t~APQ_Fv%m1%`E)eBZMjz8)D%Mp*fSC)L z%?$0TEU$KIURE1^lxcgOA2DqcXEA8tSu32jr@l|OOwm(8O|~y*HhaqdS}sVJ zIJin~I;2Vw(F*>|9nnZm_Ap$IMi@KTd5X^Q*blJD9y4o?e0MKg;1T_HA}@G7@_j>- zM*q;1Z@pd*Ae2;q{m%X6FGeGO=|yk#K1#sxGH|1-V;XLH8D(D&mfnl-t?&Kp`%x*Z zoxS=%KF3aZO^&V%=&_PP^p17l5WU4j`^B$lEGvz(4ARz7PU8pAK013!_?OMPJR4sp z;bLaoeM!Ad(j-cMorMCsb9+*DO~f09;#qVS;0e*X!Igm?k({)Ml08pNf>A{5`ZNrX z&kCpoxK2 z?8nSXL;qnW+EermEB2e;ZrI+JbW@Ty*=V!LXMVeZ>3SO zKuom3!gt=2R?@AA@tz6tSuzjeDZrlK@&m5<*a_wQ>GwPj`~4OF^ z((*$mhH+d=5Q$x3oQYbLAl6lTiS3q;MiMh`vLPYKmHe&xlq_#fKhQsk!ki9~(Izbp z+)-%k>D7pnlfj^4O!rU8vWln=w|-E&fy{T{~a7!p#N_pt)Tx^>u}69 z$IdLFsG!Bp#Av;q`R9BiHK%VsY5gAho{kU>kvfN$)@4{jLkxr9TRY)OF# zm9iEdu zg(Kt9m+m#IF$3E9DyGmfspMYS3zk|lnQk<7)MIAcJbGNN{$JEB<&DrmkNxV--!I2w z_YxVVkx1h8tRa57yq2r9JJD{<_3R&L#fOO(Pwj>257DXWMb z3*s^_zSSZ)E4nI!Z(HE9b|j3FRgDRqA^OXVE0ysYzX&kbh+&g)NsXH1QO>Bzuf$}B zWWJdM#>6!Pj1+@s>aB_Gb!IX=AvJHsRE$P$d%qsf|8mf6m2XhHZ!nPBf6QJY_TRx_ z=a2>i6Z@}k^$7kSth=$I^uX;ut?|zm_ZqML&{SjpTg31$t^f27J6*8|9+K@YAp4&9`iu~~0F%F}Y!Lnr~f>~UT!3J(>?49_?^CNoFAw`F-XEJB~-_Z9S(MAqE z$kR_=MpHLL)ZV;tL4^3UFrb{3*c$xhil1hH;o z(bb7#>eyb`=kAO&mZ+V75z?5b_1aD86RlJ!DY;M~r<|z@-w*MeygByg3p*f~^`Fn_ zd~I2#WeBSCxI+JrqZawkJQ7pic!4P2oEHoCJ(nS?`wnluxUrU%86%x7M*Xr(V}D=T z0J*!b?BiQ)foA39nbP9Soq7s0)x_6gVn<=_jLNe!*IO*(t3lGo`GXSA&I0_$(habJ zCN~(>mB6_yr>+{E1)3~ z*b|&0&fcY`jK1|F(*L6D;xl$xO@%xhA3tjh%LmIE^oUbE-k#0uMJT-kB}XDWg+8W{ zOeXn@P*95m)Qt2QP`doCN;TQ`D%Kg9(3KVtF%Cy1#dijz;|h!4MY6 zg2}nP-|ZbfB@A)&6!opA$Z9=1s@|trF5c<)?VfE&seV(mp?J~UquigWOxf)sJtbK| zq%XdZIVgFw_J_`{zWKa9foMmW#lRh>USP)U${bxeC$L{*2K%#vXYe z^26%c&a5z`M#vS*H715NQNjLlGW~B={q^oW&t;g{%L$gsppQE`ywxpIXH zcGVSJal9_+BHO#H`q~$0-EcTwzZb|=w?%bd4!h_Rmr|3X5)MJ zPgaqE^|dkwTlcIjmr*q+mJKDrmuq3*^gR9Y6^#=5h7TcFJYGa=y^5p3grT z_H6dic#7hK+{uGS@vk3^>J@x~59-|*D9Bj3CQyQ23Yp3m2kLxCc0*)2tu{vrR}890 zIYBZnawCEE$yhu_|3pVeEz431CfTKd6~goq!5eUIjHyDR&1ZBsyV5RX$}BHppQ&5I z=+`A;ecB_&^9@MXL`QE-z_Jg#jZFx86S9z0GENG3Sh}NoHTzR`mv@OwakIC8Qhcp+ zh46O4*m5*Q^b(5zoi80CiRmp}Gd!kuDfx7lGO`IsTLwf!9UWO;qr4d z(u%MDR&~#M0E0?dORnjz(A8htUCko9#=AnPyw23ll>u)hHWl-N~UM7~`UM`~4 zkxI&&%`3DEY-?a6!F}kf^``3H^eQQxDbG|SvWwO$bjoYjOVk@MbLk!CPtg8atX*Vs z0Z&pLI$(9UTg#W}E3U4#%m`kQgB3UL2`FXv@Ks1-oBI{*u9sZ9Z{FmtQxn3Ayenin z7kd|zjzwR+^t(hTz5={Lrn(ZmLaewVyh1CzGQ2{mub8td#pTRN({C$vt@twXa?%iM zdNyoI-qe4eW=w7aukT|{F25mMKrO#BTtqCrMO;8EyH~uNZtm8Fflv}_4}@G3h>>pP zsX$}Y8CUW9?;{#^#$le4@Mr%*5LS^A(YBt(YDBh>TfIIUky3?g)s!;vl1xQwp{bw_ zva43(-YF8px-_gyOERr-UD|eXi_<@R|Nivp>sP0+A{~=Hz!hl~mWCB+c}7@~h85{N z6|6{0lE#X(N~^(&w5)&~S&^nT2P{dmbZbk}KT|uex-Jc?(ZvL-(Xbk=3&F(LN(!h5 z-k}!|_yjCD#Ach~Z0|~lsMq@Z3XO<4v?a^T2e8Zx%go{;V3}D;xlPN=GGdxE^c)lF zw2tj=tJQXO6xb*+eg8fljD)i)_L^7m+wSqPb$okO>^HAsuY1@(Il8?n z4w_f-mDT;W-`@}tY#8vM1dVaPLygS3^LU4FIj4reKD7iM^B-r)r7pt?!a8G;e@J)o z59V6%Y6k)zzI^!~^1thAW(^_sEBW7+p{}irfnXr-{SV(G6a5@ppb+~|B!t)pQM#4b zhfJyv>9x?3C-;5z{KmQ)`m~%HM?m44U`Uv5DrXq@FNT3_G;u#;FIDv00d-Y7L;>nDN`SfmbxV{0b&Djs z0(E0(c=pHAX0loUGMy#gQFazf`Qg+JBcB-B^EB5z31S84nWww~^gM}K2Eb>L5WuG> z-7@%u1;O>APUuhA@-3l+E#GNfV9WPbZ~10Nj^|eD-~IUh^sjdx$p2rQ9)I`O$*Uh; zoxXw%;4$d~+yH*0B7hCx(u}YH95#UGsbB-RB*6x7Ny8q<25@G9?6C7}%Uoo7JHY?V z%s$ux4qL!s3%G!AjZ4Iu0BgrKgeyM*tHq2GR*PY^xJ0>4tHm;6nqWsb>7G2~~jo%RIrJ@D22-Trh+C1FhTr(R`_S z$99N!l-LzKAqYGn;0dWxZj&cui}2^x$IY*4vvvYPZ+VaS{lUHvseeQK3%kTcgn)iU z33iFYF7aCOo$6M=z}vM;oEj!3ci?8_+u`vUeYQ3CcYlI#lhUGJXp zU5|SOD4M6d2^580<6=SpqoM@6#+Ag|z6=Zf3A@H6l=pYn_(Svt+#U*78P|Zq8Rd#7 zT#FQ7cp(7{-(DE5y2o*6V0gHk@6%=7{R=<%L|`|8Cbr{*e8Kn2?>+_BDKe)3+x1A> zyb)Vyew6$nMc)4z%zu0Qn5{M^v`-O*0z0%koK!qPhJKO(A6EDa8HedZ$PXala1@ z(W@42V2PJe!tPr@^(D#&i0W0bAUgx<7lBVNnWINOk^b|dvpJso!PVLMRfIzUP;Z9Q zcNd5Q=2no#cGw%nDuA<#gn+X}>6URe6JLN0*NU~FPkDkR+ua6uhXC*Z;E9U>fG4E{ zfLA2h6@bSUW)qY*S}fDGSlPzT6;@&a=FxOtVczk(4`>-up#n&+KnO@rlprj(mKefv zYpL(LLjmLMG{$=d7!NR>xCp>_QcA#hMUq{?coY9@;s^dRqO1*zcFM9II+}Z(G77-C zA|b#zQ35zuOT6t1chILiL7=RVa@9cD^sij67~yD&=k_l+2zgucC*}}C>55m(v4c;! zj}e<_Qk5gdr{y^gJRITBoV%BVBZOa!@O&||={+wM*-eb|FcQiq@%+i5G6iyv@Fkm8 z4j$XfnbH7e;x|v*#Cc#$IXIK3OO4r@s1&0Xo*O>9U`L@TBo>SD#}Wru29G40<7kSP zGQ)zJUer30%L_s=!Bk2ZvLX_0%r&S&DCkbfaND!lFYyQ|Ix)`_jmEF3k0cpziAhW> zA!4LE_{FRSEvKB3+^r$|-kh+cTT@oTLN!I*oPSuQ&$z*|FS&R!MJ%!-NI~I$80J*$t=no({mVDu~Nny>>HkcVRp(8l|b?Mogpo9 z;Sxw1R11!W?<{e;h_RY65NT|qV+kMk#E(03(bIwOX-E9HXNjprpxx*SpLU$0Iq+M# zFR8OCKMikIV{v@F1yEd#wyoQ^1b26L3-0dj5Zv9}-Q7L7Cb&BU4<6jz-Su_;z0bb) zo%7D43YuEAR&@hi)R<#@W3E34gKDUYt*e*H566mp)nGyd;#nv0bo=d&d(VK60W3wXm%*(jJRI z1UrNvsfM?Ct82saz>7AETz{>pgkT*LI-AdvMCII)f7Ufb5c;+xq}p9%Peb|!@6Q}t zD8^~i0`^+?)v@UKCdVSnU=KC(T&yNhz}|dh><+V0R=`5V#>R|s#W~x`^=80%co0nz z`?oCiIe7fH{sh%K=8YAe>%>C|3$~^%7>ecqDNUD<&#>;t1VTceAlZE4j1pqChadX+-OY>ZIBk?NF;JWII;ef4 zv+--BrAArMqI&k@66Hky_(dG<{jL+xUjh*y63CzPT&4E-RKpufrYBrBD- zLXFq{;_dQhxq>%7JA>P;UxS&rg0Ajq=O*mP+59s3luN|r%-h)gW=QWWk)Wx1)>whgZ%rzK}4LQum zMm36u<}LK$J7oJ-HfAUUi3qbR5h#F4XBnM#c8l-}?k>f~-~_BDE4C^ZiRl;HTaaH7 zPc23|Ne2P~v?h78q#76jZZXj`0{qH%PT-FJ{&U1ZCHM;pP{#!PLIKCE&GY~~rGnU) z42oD&aSH1tP-J&uOR>P1a+|`;j}O}xe>TpAQB(zoTq*^cPuAaxQ_plN+>fru&OQ~W zgUS&U%1N6(=N$McnLO^eh@&kMQ(hQwQv5X-@QvS-Nvy#Sa>I*eZi)Cv#HN%p9K~%$ zSYa(;W(WG1-eYYgjl5-|R+GYtBUoYcdWyvqH(g(#?k$r^j#+PlJzJAWKE(;TU#~?^ z?hneuOZRvh-KlGwlN~tpu(m@L#$4ls3C09t^f~BCZr*NYisGqssc*)#f<%(U5V|96 z_mU6wMZwClI#Jnc2)m76WZT6(gjr88&w zw{t1yA5NGEBhfhj@8~^3tp3nTbx`nHDYlD({{G*8m1fN#NX=r;h1_@Tzv+7Q3ll?u zsZb-d{%*T*o}<#wV8Gey;QXf7?}F?n%lU13k;$-l57DIG;@oNJ2Tbzg`uaiR^Y`Uu zhzyp$Cz{H;*^jMt$89G=u*C$u1J|6npM-h1>Nipjd_b(70n{lmm0 zQM||HX4R6{c$t;lPo+2JJ= ziM~vwVXX!hXWqT;^h&)Y4U}i_tYDw4^NZUOq>}PB>b!VwrBv9enHv4$TC>!Tua_y1 zW)Yb}8XOgF9LWjmP zw{}@vJbGN`+23vE90>Tn(`DoQwRK@&W*moxegm2?lNsp9L93c6cFVRCA!`g?Tz$6H zg^(@RH65|mqI@24?u*X4hn(u3r@fAy>v6`MekIb-!#_tVwx7_&w2L~lP`OI536JEH zU%PRw-4zVBM^4hpzTovM%X|o$O&}2TJC(6Qx{cC~5RT*oI%}%t(@o)VMwNuU1x{q) z^G5B7;KS_vXdMd>g7MszR2rH`^~J+dbf$ zW2H09lJqSD_}Ej6$z=Wa(1H(CgZL9OCnMqkY)-laYEC*OHTdK>ZCMRB2JVw(h1 z%h`jFr}Y{y2wvT}`M#}gOgWioGV3+0F3j6w079=$HgDw-qd~&C0NSP7dCpf!I^@Nm z&h~+#OZM?Np;mTCQGf3^&M#>MeM0ke3S;=%GLkxd_@wP#U~i7&Z{M5L>(Sqk^_IRE z#Os(L)`)>D-4p2c%~U#BacVbhSa*E&-g9@8;W$gwP#Pe3?pPs3EUTgcUy8d({K@z2 zUQi54$MLQsx9!BaHrKDCWp040TCM-JG1m`s(%wBkGsZ^uKy@Nz1rXIf^}xs?~lTwu!k ztP-=mI)NN^fuupud8^R9rs<#qjDLl$X<&InGpP&1FtN)4j6sIf=dujwbgZ&Ekhe5@ z>u~$(%9w*e5>k;t6VS;4^Fzp_b0x~irE$*UoTYuznTtX(Siv#sZETtkumqV)lLXA! zfzMS^1Li@?OJD@)16Hh7rb%j0pBn1}Y@4D$Y`kxOX}k1mApqvWkVH2rIkA$(iJnxREO=t0kKb_uuIv@04jNhp9zPxcw$qJCEpqsUqvKKj(TeNtxlrbWgKy=`c^eo3g1i_87#n=Z<>Tz0aR$`bF&A4~NmFAv06gB|Ue`9YLzB zX*RC&oLIc4TOS}7yM0GjYZp4rt{&3@NBHnpPgk9*|x+mhRv zCsi@2$!=XC-U8N_5&?Iz8JK0iAU#e5x9PQqv_Yp%l7QuhX)f`iigUS@&GBFNc z{t@?6yAtzQT&A=|b;F48`9({Mq5oF*c6&RuVxe-f^Iqqrcl36MjWp!sr(;wfX*}ZW z$hfb>dC45A+ROildlf&M|B+}>HbpLXhw^!0ma2FXa9oq+qW_c*ak0xuXiG#B#4%)C zd*Ttf`!^4i*uJrp+gXR{?ToiP|Avpkm6>HDI_zKJ!%No1QXj0&PN_rO96WPpn-uF8 zm);MnnIMH9n|SSN;fIf7A;6y07W`-8&5c5b%RV+zYT``$?uhyOs9Ag9N8yHveF%cr znTGp^9~VJK`Un&Jhn!hum7bEk9eH%X?i1VHkQcn8#Py_-ubrsyrBW` zS?3ab)32L1^uQ}nk4h?W09a(guHC(<(x*)r&Oo9Ss@>?-kXD#O-@>CY7L0XpM|)xw z+JXW8a#Jaw+ebN6QO+qMe$a}w!1S8SooV|{Xxmn6lUih7dXIX+Cx+3b2|u)vwaZ;u zq10|*Jb?K=PNp-O;WmPiEy`fI2+27al{r=j9&1$aWhfM$Tzl~LMQ3fbzZ7tH8MMC; zwZCk&y@+|_8nm?&aVcF^1n>*4aP}5~b4We#I$L+BwHqMgm|{_>fS4E^kRAt;UdC0!MKHh7RM4mWz+KE` zLzyOGz3`VOF-`!$KpF-B2MTD|2Mk@e^zHCJJK9>5AX=29d`H$!blprVN=+u5X~PB4 z1gTXfUt=Kk3-6VNN8Up3rM2#*ttU^FK~J-c&;WmY0oA4Mfocu90R0hz0R#n3d0^U% zHu>8->=EteFTA1VOYN|p2cdKF-|HH?Msl}(t6W{~(5Q(ek3J%&CV!IP z1yu1PP~K|)!S1-}OfU*f{5)eN~*U8^f2(LhgwBWe2~5~0-~ z2xr4Su=P3|ud(&k)+uZ4^8d>A^>%*@vpQ~mJqw9QKVE3Zhd(#bJk0IDb@QRRNOm`D z2`>~!pKwHLCC$3->%cQ$Jsf!85(Kx9ZvRFPkq`ES$KH0cK6pGGSYi*Z7ajxJiEz52 z>`AK^PQNw;s~4_zooaNLgQCBFTywEiy0l*h))QuOHvND|;31slDQv(<=OIj1yt+>a zP>}qNb`=spDS82;B(BeEy#*ckyA~Rc7#rdYM6%(4V}OFnZnIM3B@3%HXwI;&m%axI470{=i#_%9xN>d{ zUZg4f;CpDhy3g9$R$jYOx&QoxnXSEc`Zhi8R;*lj*2i8<3q7B<0Q|+JS`u>#)urFp}WHAc16trDr&4S<}?{` zT#DdM)Fg3@l zIF2a-Gm2HxQ?R*EfU4XzCnhC01FzcN?lG%aluB-*lzw zbcj<-dRKhL|4NSieF1fuqbY-AkQD(+wLXjE``Cb5R>m*x@OAaWf5Zy(#rYY*V^l6K8bw+=#nk>DuxkW0?35ex$G| zaBt2}jBPApq9|x@WTF(BMkqWFlSTAgk+Hh|xUK9p1=CjsHMV=h0ouh6V+RCv>bve? zjU%Bl6I}(`wUo@iQ4ly~6vLL*SRhHHEdM3s9L*WLxRLnJBM2Yqn46|qF8*5sF-%ul%2Oqn&|6hYA8(gxwu3 zU(BWtCv1!me?E5mFeCSsAH8^8(n_*Hh*ruw8ch05kt5}2gr6@d4;p3zdg{)XZBJJC zAJ2PXe#=+Q*~j}Z!oDrX9FSg8a$0;_zRf(tO*6&6dyV+u<>fRGsA2eAt><3v>pdxw zzjT;BhkwZ(5HY#u#<#vgueU1#OB1aFFQ$pR^kitp_a=ZnhFVbUngJwS~-8v4Hs!2=pF8o_RI{c#_hd+D_p|G$&edHq-gl{euZe6J{r%ZKeI=2iHpL#Z#jR+t zAV{?!i+`rdLg%LKIVIIg5hij)y>zNVlJ^s<#9V9g&Qc|r?vhXY#NH^*n-&ws+%vt; z>CtI!Qe;UiWI9SD*_gd?tq^`C?ZuUD0IrhUMhs+mVtUu2e5WL6K+*v+&joVi+WxlrHmoQ!&bVk!f2M z(8m<;kjk(_d6H33Dl&>2Y%3I_vlo|se7u;MDfcgM2xh7`aI(8}_YPN3D)asiCZ$Xd zeZ7_-X!}cxlC2+hf3^;9qfUJ&kce5oA2L2iwlklom1)#!IqW6I>El%MDl2KElYy6Ic zBraX2ek>?Y$5tMD$t*q~QPB2#a;XOW3La#S1i%IzMYqYYCP z{{uBCj7<2ai`r398a9+C3I9;JAo^k09ZD!ZxTE}ZaAUHGg8#hno~%}EHn$RFAsFj~ ztrl#wtcb$uP7jyU{w_&)Tr0NY?7ylm#&5Fcr~L%^6oGZ57Yj#1)>nod?@%!V%Vrb@ z0aO1h++_SyB*pj;`}uGg`A=M~dDBWF&RbT0&H~LR-$xt6%s_6D-g)>3Rl0{RTSGD zH@Q~)H9hAA6?r*KnEbJ3!C3T_Dz>fOgc7EBuCf_32+pqsaW(T4*O@=mrd#r*q9~kM z^i}Yr<5W_apK$}le-6k=7bEuNE$1YgQWJBz2Rj7QLcFRx?!&gKjk*^zva}tyu^qqp zcqA&DPg)N~A6j58E%ag)KHaFvZDiG6@>Xcb6d@o_%~*y+mCfVUV``1uh7$U`7)Pc* zO}OQdEj^c-?Wq(aGvxC6j;VvW^Y33s}oGO^OOPi!)XtYtmyy7o5JGw704vnRUEAIClZQVj*fz-Hl^v$!<3j54c;tJ@Y(PDeM?ng@R7o*# zSBAfC_7?aqVQF>tiRO=sXBR5la^R4xOEUu9yFEnJw+)HVg0c_h(#qF?h|uzKgaabl z`3{|377@cl|GFN3sSpjqaraB55zedw!&-z^FS3F7Jb($;w^3@|H-+Rk=QJcfzL?6L z%ETmqFFFLkCkE4Rmom88)pgM4Zl=UM0$UN4Sdox5Hv3kEop--^@u(L z>OMu5wHv-|ecsdderPQt;=lF`0p5`X{R2LD!qh=t!0x6{LGBnS13rK+8uC4U0rB1N z*gtz(fbJda4HNB->2ZY))IVe(VatpA9=bPww~bIYH&p_9939{oP1^kz=E%6rh4dR^2fZ;)33vlMr&57Dqf5C# zJlB=1gMY+gjJuG#%klW94wHd?6diZ(^z6D5PO}uxLJ}DSA`ul(_5Fct0{*~&FZi%q z_KSV_v${}M;ea=grz&O8Ct4u%^OXH$jw*1Kj%;eHc>tEtqI_mMCKPZR6%ueO3ge(h zf8ES@FO+`+PTV3qrY2$sG+eukLW-#KR(rOH_H57ZZW)Vc^_Yhd`1kq6V@jmd;;`mp zVE!A(LHg}fj;20a^W2auMPcVTIoKLjl5kswy#|lBIi0n{bYjpxuQ^hqFT-h`LMa`m z;j0q0IK3SQ&~KFwEltp*`^Rs^=B2WY`)jwteX;UVI+bK#g#HDtLTxw_CE3cnSOELI zfQNj*cFL@0khJ({kXMBbr>Ar>xg8`P{vC6ogGA$lJBFEZ;;6EwImHu&*4w#yfW~LY zHWmJd-8b`BG*fFWE`n4*vKK*YjV^XPs@8A@!yC0_cgiwq#ZtM3<&T%bUC+UALE%QY zYwDjtOYkc5@tFu+lQQP%%t}%W@m!tEyr2DNDX~tV{5$^=+%Z=L+77%v<}edzI%PwG zWJNJ?s>MlP*&{FiJ4aPrs}fx{jm-vK+MRgr8^fo90wEnVi+GUu7m7oA{d zUII-C2@j^`7m33KgR_{Ib<(rDTP^-Fw}f8=dY8V>MkHrkq6GVX?^fX|f`i9sPzP&| zYa@se*b8y=EO^Z@2L#D+HawBUI9a*sWt$W`JY=ZzCQer)_L^y~)0d<#w^v&M z?~Uzm_BYXgPF*0&=Xmg3yo3D?uaLC(s*LgdLaSGg0JA7OL~4#cQ_gkgOSg)W5+g&# zVqDeC7}EY1l7+f!e)W$y-e_9}P)f^j-PAEa^}YSy)wdyN;Wnv}UX%DoXYO)BX-~oa zvru-W+dt~N(cmwdaX0-MGCGkmDu1;^J|QVauv^oGO6chqBCfKUZD0hJ5yB_&WPjw1 z_#7x==DkPBSX6;qSjRK4mroRf!xtnaW$4cSa z#x5xcOnIEDH$!#he&sq?xkL6K%uZnxc(0z7kr;?UQfap_pHb#=;ekV{Fw}Ba8^$wd zcX6EP0gO~rW~I}n?AeyqwwcP56ptNL!#yCGu{ZO7$PDKCkLR4pY>#>ErJ^tP^821^gJ}I>KaGTywY;~7_Tm3aV5@q>uaDw-*GYKImkvE7 zjObbo*6)KF(fCyOgfJM!o)x5ymZ?Xa8?gCin-t~mmehh`i1vyZoA}^o>4!shv9dRd zh88X3pnl28oB?WVP_i56enEdF+zs6C!33{=a(ndShA+rjWP| zY4rc*jvd)2GfloAMuofgte99r2$v=NRrDcQB>7)Nsh9OO96lscwXmaV9#!m5};lR=f z%*mPY*Yj+y*rqpZjFM%%jzD%iN?`ixSTOfgrqn*l=+us2}OC$=sh z{>F;MD~3;fA>Dfrjd%Eg=_MpvCwZbUk^{m#4C4cWV@Be(Cb{HhEDR?S$Qs8;o>MAA z#??95PQ^|NF<#AU^IbK|z>;fUHYLqZ?IEc#@c>}9*XZo5$eKur?2*~Y*V02;rB?eRI=Yyu?m&3 zGFE%aGCK*P)rG%ylSCk};>Y8VtM;$s_~ReJ8LbMl?xq;45shZKe0JGH-*Y5p^+3Qp6}L26@vrS$uyG#*ig- zy7ozY6_U{I6SquAObR?5h(<{*FY(?Z7N{UWQ&uIV7hNw!pi>^nvXSml-LNRdJ}Jc9 zDMVjU?(zQ49#`^w5&XK2uZ9hQMfqsefF;Xokr~!LqWRDPg35hrT zKznw~FcdJx6^l&*S^y?UDTlaF4^@z?zyZZgTF8Bn1Q2vgW3xs%_p99KO9^df?f(jI zedCB>74Y#x710txdFQw4j%l)V=b9pUT(;_the#@?rE+94yxNW$@aT#ndAF@{q&Y69VQc|$y75^$eN98#7qcuEFRwO5IR$q!`vy)jte%gH#{_xhY zyb&4yFIRFIaZ=BD!lYajkwO=Z&MFT|0+z6=?;*{aYVv}l_>o|{ZD{f(n`o$a?)a@K zM;0l#v*MIfQ_COc)23J_evxcnMZ79RqCy>J?yT1j*F*sSi*GL75&hv|=s6eqSO^3) z(HbvUB|fJmOmA@Zp%A%XhXC)>4lBYL3?y-@D_lAF;bSI<5VRdUB8@NWV>nc@T8il1 zcXxJu3BUtt!aBh#b(fR-fL}Cxy}tYv2vp^WT|8JS!}9BJpeaa%JZQc+F90_Rco05S z{`qw{3{(g@r<|mNPhR!M#2TTzPgMiBi@9^2Dl%m|A;PJdyr^xty`&j8 z(vEnsx>;nkm9)4kiCVyXZ+eswW=)QRxbHuu3wroDT zn^WnKeNb*ayS(MTTTrh9LZC$NSXq2ujECEu#fmOwZKx#X#1?{D>$U^8$(}Mqhd>SD zYxlkqR}7Ey@7?BS_&L}gm$MSNul);-^@7?NX}AI<>e;(e?LRq0DI9ZG4r@)t*t)+e zOMIh=rnFpP_GA^i zGwsnKJubjINm2*Mdy^=K*!vXV9_$2a9(>?+ z(3|u`kQ=DIe5K8=st|krWg|T|E-gREtInP;5wKfNu>rOSn*Wa?XoGw7NW-;iGh_p8nBlwjw`)nscrra8e z-hfHn|FlrNQ=L>ICJXq2h1P(=U@)R$^C;&GU_%ouS_R0vhb;PmOalr)1i=D^FhJm2 z34SP!hzR41deI8P2jEBzz1r%4&5x8dt=%_|>r{EeH>*b*IkuSCyZS2L4a7F6L!2>_ ztpEPg1-x^IyH}H$jBm6?Y{LT4S~HV1em@RVCW@U*!u|T7&?4bn1!$3Hdk1u|df*>6 z%t2v$XF3;nFgqoxyXKtDG<9U7?_Z9)hlGDR)j)>`j*qCr2C5spq%=DM8pY!m4d2OZ zd5e|=+ZjqDJ2FcgvoxyZu%+G>r|YTf${>;i}QegRw@_$HOLRO_==k$haYRzXOZ zZac%*jJjtn~vEHas#?KZTv{NVwp+!vL2BykMY!zF?3GZhjpM=(aAuZ07;-1$&vau#4%wyxI9G zxEau`X7YQwrE&vDJ8ZWsoprS;+)S%baBkQA$UH}|@N;2CeLTRe``;k* z`3yAAkMqA0IhI;d3*0UOm?X`poMX9U;#p_13c&p)de*~2!9xd@;xi_ln4KjCE!bhc zAL>ukvi3PE>n^G5>o(v704O0z!70N6Y^rjwCc?LoFN!X{%!VADxioS{o1b~}!kA9N z%!}`I3NVnW@n6h4@Cjd@rzwzDu(q^}+uaG1>f% ztGms>*K$#>mv*fOcI*1WRiKj${(*4izGq=~cBwdz_J;3ib>&WU<*v$N`VmLV_894R z19tbZ*g`b|x1^RsfXb1@FqJuOECgqVCwI+a!&)uofLABtIPEr&04LUA?CR}r-h*mo zg_Z4ls#W${?al<45|@R`gNHa4xv}YNCliR<1m-A4AUFzP<-dVQsG zy?B6!hPGbQUYO=*%T+A60G2DRI8qXnEUBTZvf`I|h0^*?B_PdzFIFZPRHTKy&N5imiBbIvodl#PP`H&m zl*o9$LmAq&vr*4=TCn`#K2*j3yBh{hyM4eWmp;d;cY==|rLzZ`*) zSNi<;k6FO~g)W5#Eg!*Nf(fAUpKI-_%V6&-oXFqO=p%C{aBhKad;D&VLE2DCnGLl4`}<%gW_*S%hDE+)%-J}FZ-T=%3`sR5^5 zjQX-6d{E!?{UIzDl?}X$s1YVSU~(L!c^)>lYWZN!{$^r0{mvJwfvA56@~O0j-$ZcY z6iNkuxg{09f%@uTKf;;(a44v=vOoL&I_hO}P27C*$M^{CT|zz19ud_S+uMErZc8}# z|L<*yqdi-JW$#$N6W(74g;{XEDp=e0PXlCw#I=mtyc2<)Uyj(ljGj_R2xR?*#&3h! z@3FGl6eHT?LXn=gfen3e>f}u7}O0>=-G_q?K~Fs zf#N=_`BeY^r5{n#^`8W6{MX+EtR`a^LGy1vA{(J8?mX1@Vp7uBaj7tghr+7MP2~lH zqf93?Daiv2&3_!9G&^GZ9cgMb+t|Om7Az*lpTEqx*)%haxO{RK_FW)Odr#n2QZ{#< zf}jcG!Qw3AUkFty9uT2Q8PNNM%xpO1kH zf?+?`!^`yDI`2rhxh?%BzW!O8CK9})8B)48T0_@d@qZGp$LZ-8e#TVnhwTLFgA8&4 zOSIAYYZQxaanEv{K}ms;bHKyDrt$g6|4ieJ0#@Al94ThBZbD-?5b*cjl5NL~$r`K; zrcU1~G|Q)%CTe%Z`>~{rg=Lxhj8OHN1mt!BPLi>K9Q{{HTT|d5a)l~hI6qMKSBv;9 zzU@FUm1c+w&f2>`E$k?p%=SC((}pn9s(b8~>q7*(O*4Mk{^K}iE)S1y)qPhjHo8{9 zopRmYumIan(^qTMqL8$J2VaHPnVs9E7P(T4__sh|nbAnH%Mfb3VVF^JqWDfWR{x{I zoxm&;90ozlX3wIIS4VvC2`&>7Px-co_4B5~|Kp96!#pWqKYmChWsm%lfV{__t#Jo# z5tCR8b#;g(m6S}tL~b5-(r|ec%UAhD;)^GNo5dcm`zHA_StG)GeiqqBsL*Zz9-RN= zSR2}>a}(L?q#nnW_Svj98NZTt$$8qMl#;RX{OMIHU~8vuH&H`bkocr&q%AI3V6> zFd*Kl!X24V?XOm0A~|w>2tlX9Sr35w;tVm?Fx2fnBYmjLw9cy>xPg1(gb$!{&evn73BjyXU`~N%W}%2Qee$ zA&EU;XZP6c*daPVUX2qR8A_Ogn71|DRzZiGKP3^6Z2@8WOn?0@uxqjoj-rhlkEzN`B;c=RL(Sp(wGbF8oj4(ji-y$R#=tkDa{6Unbc11L#KSFIF6P@kfqKs0x`!YqO>xka~| z*N_p-98f`;(2Km|eNmo|l2KRwY$XBGLwIdtWk>+&;GpS)ZmncA3huO!q2(aZg2PUN^`Bw}j`J)z2eh(F2-xhoXv}nCXu-eJ^C( zx-ttq<%SpL74xms2y#5VM6ao-v#DmDT^$osht$J&T+b4~&v*f^^FLNdD6!3XunC_a zVGIW#aIqUI6@c;hfFdy%hsFRL2NyoBEsMr?&aB9f14Zt4+C>vmprBj(fPf;lmn_To z$NqLb#SP?r9)*m~<)oFV^eLGAF<56=H;PI8V4R>yzegb7`XkI!GkJtCE;l+b@t~`h zpl5*po{L%*)eT~H&3sFbfQVgAvw$eVu)zHYx=9mWl7U0ojVDL=k#R+i0UcNBLCp#V z;~!U1N1A^bVia^t$6+Ey_QLr;@&j>MA+Nrf9cb~T2>dK=g_Eb@`=bZ0HzW03Y)NeT zZ-dFc4)U67HPm#5qwV!}lL^%;=4%nl`V51;N8AI#_3(P9TdPYRsRsBo+gPMw0_3Ub z@&QqF^T(+FR6*^o5mNqL1yxTMOHHr%b=o=ThW#bQKNPM zdu^OZ_4U87oxep-d5V9Eo)eN2d5D+#-#J86pAoEzTF^rF%hM(nZDP)6`nD~6;&{S+ z%fg3)3HUDwAMkE^itNgGCV|}b3eQ@wL)YVebY$&e!RhHwBEC*EBv;m7fn1L;%J*PK z?ajut7~$tq2JyC2c5`B>&YK81(`Sv`@9b(h6I|AL`k7yVeS9F%^Y;Hi^t{_$)<$!8 z4G6Vx9JwPPCjM!7@jazASr><*iyVUgU+bPnclQ4Xn5g60;PMNR%@m0z+z%fdv1o@S zJE#XS>%W^kxs>|*Mkr4vqP0o=HzsB6=k%vZ-V5F>J>!7eYrO5kMc)$%^LT~~Q*JUd zZQ);-@XFyisK*$dVn7pg-Y#FNp;l90EuLJhA20k(B(|o+43|Wd}hkpc|Pi-J!?hr)ZTvih;HA&vGMnmY;17 zzM{bWMl?b(>@!zfQA$`=_^V%D*K!kwc53e#g>n8}_|!4^TlggT@~^_D$@Bk-75*uF zTK=zv&xhw22l;1Uu8^$i(HR9JWqKZpo6hl9$>i%!VHX;2;{J==xht0w`jtRck%Aui z^}ggLF`?1V1gb_>v`N?os_1x?4EG(6F%-R)h=l>TaqV>ajhk)S4~{Q^81MH&MgVgd z>U7aC9`jyVD3Als`|>|HaKly7nDI{X?SvR)!+Cuek<&)f^yCyduZRie`NI+xL1ctX zgm|crMDavAT*kly>y&T?S?pt|w$a{?M$9h@4UroOuBL0TWZBsMaSsx5pSM6r{1-#H zgG6DJA0oBFyXj4qS=tmfb35j^kB72qC0~uKqI_)g?qUYhbMi5*oZlKrqj->3D7@1JoLz-V0z;J==njfu| z_=Zo-vrR|u)cE432xFxB!8SS0q&2b>uSihmTp&d(6La>`V;Q*Bi;Ng%?2)d&6!-<% zReD}j6_)8vr7Fs(#(c~_tCf6}RFf4*hUI2CTygu>Jx=+*z}W&aW)TvvK6vTF#3y5hi5!j+)CfpNP5*R?0oV z?mnj^Nk!v9OWIqa=os@eY4kxwssMh?OUX=P5VynjJZe|OH}{*i;s|8a>)o6s1@MfV z8)}AxVb7>klCP+_6K_*!)OF~fv8jPp0<-fzl*Y<|0bp$Jur9yQr_UD0QCV6x$%*ay zBgH8Hczd2{el>_+5+fi$E}+ZWPkBlC*)8co>g+0gFu3%K^>7%6Mx3kOyy&F>!dSew znRiPReH?X{BUTZmn_#1Ewpj0YA)0xl@u+Bic39x-M4_}kc;2; zzGzEg8>n%e)rd38T6Ym!Sfj6JGms~>eTP$x!93q=)-T`1p6jAdcSZKR7XiGuHfiO@|3Z+}nlT1xP=5{rR6a_y0q1&$`rEGaer8|-6 zckDxOQX{CXe3icfSA&yziCV(%_PO5)KzkUU_w1&m^vflW%*&~ZeCxYQ@^?^STer-;b@=*An|&A1-+}yID1%9Ja%dKx1mA` z>5cq*ifGB<^@qa_PgC@*pOf}G%sqz@TbZwgd!80lIH}M4<+AVi(7KTSv;Zew47bGY zwZY&d>p#>;jE2=WdtpSiCwqYmpG)4$Hw_=Z<=Z^;k41AHriQPpHhpPbM45R4+&s93 z_b2{w1J-LR?gMKyj0*b|4$N+p>_`Q-w2caog6=}Ox%CA^ztd)|GulUC&Z-znXv^oz zDmX9=TCiUo;)i9AA6uiDWlEQWbVQgeux+_5r0x51<=L>BU~Rdrq(i#kReo>xf>}WTb6AfGc|IH#&|5r zBDZk%yXc0j!p z^T5g9EQ?C|*@dZe$uH{GzghK6(ymMcCjRhg(VCi6`JnvkWgIOw;Q!(4Eu-RG)-7Dz z-CY`YcL>(Fy99R$?vmgd+}+*X-JK91xI=Jv3%A$WYoD|4IrrQj^q}Y-@Kt}+jCaoY zyjAv-zO${$JGSE9%k8Ei;l(5D7Xt|nOW6#L$7A%}ba3`;!z&u`F~>`iy1Ep)u5K zgzB`(YN4a)+?YJ4Xir7VWXs{H)n0VDvQ=yXCX@6a%}SaGESu+wc0X}FF~-q}Smh|f zNG28`SZfB&Csm;f%6&aF;G0hI-a2d0CKZe)LF2H7ECT(2ANEm%GxqE32<;RltGT zs;+#l>IosT8=kO?MpZ7Q#!^MSUjk>aDRm%@>{X`456FJ}b`(6tayJnt$to95uEHwF zahZ;1_< zN#`rT$71Hc!mc3CPC{fcQ9x#8r=ai>IzBvjSgK{|gS6-?-@(Aw!A?F8K`b$_?&5s3 z0amH-kT%j7f^6;ZKMHT0LRa(txiA5_FmIgOrRa%v^|`+l6$NE&;Vv?GH#|J1>BHoL zW+f$IK4mt!Uak1gTD*2Pmd{GQ+4--B$gd%`H=9t{2e(rhkV}H6bxI?r36wxjA*T_t zw)(%+m{NebF5y7t`7p6z_;-c``*(r_ss}RL_65O7=fzA(TPG;#Godno26qD+lh#B| zmj0Ny4@EZ|0lK(Wz42IsQ`INV;)2Aa{YPL>+@r#w&L667rfi(!f0_SnHL`>h9_9<{ z-IQk(ZzjQq-|_Jg98}}4p!|d5l_STQQFW7d!>Dsialgp@O?%5a^fXl7NuS_t_uslO^w2;dfbdK^z`4S8jHQB=#tnwZPg zJrlgU8AXxNA`Kie=`7@JwlJM7- zBU@kI=`DmTFPV>IZ)6q1ZiU*6Qa{RV-1FYsY*y5OXez`mww!Fz)!7-J4ambEpYS|J zG<(-BKf}Uy2U!*diTh-MG6Xm08@I9l%n%}q`W__Jh|*lPTquOe3V+0OH}if`g7Ep` zvXl67TfpUkdHRqM#`MPpWSOC;EM5syDA7bVLaGF(LFyGRao)PZrDg zW9_P%U}k2~w*LY<0xNa0d$;>r-U4$X^jK5rer`97otc44{%v?db^~jw=P@*>C);xl z{67bXvF!F! zo0)8wms~~UsToE4dU1w+u!A&Le;NHR&~KuSZUGM?Ket0IV&$e-m5<=`?>3s9zuRay z)qqP&PJeH|6#wsFA>hGO1jFZiQtt-==2Jf_l=mHP?;q7PjlWuH-u_oB&1;L)Qx20w zs5tvj@T?!zt!ODIdmxB#qv+(xF1&%F_Vy zNg+6bo{=m><{&DyDp7)}WPQc!F>Y%sPH(_tG;_Pqk)<#zng`bEuW8d^uJfvNz2N}V z9>`y7EJjm83n!Glu*_>073mpXcnavjT1{JX6Dzk#M#Lxke)bTvOE8-`H#x zdgf~b0}L1rfFC5I>R40G4xCt<^``4+2w_cdA?OGcSTPy0qQ*J7-6Vo%RoZc}rL}6CaJ!xyok+QFmS2!i=AO z4YuscWug3$pQl|cC-Jzw{>lilL)ACg?ZXX_?`*K*sJjTFlAjd)rmlysrN_QQeI>yc zyYm`DcoCG1m^++{W82`!9rZDG$Qy(tCJ8j-Lx}}^2}40uj6jLCbM%~wU1eGQBh?Dm zA>k~G+$tR~Xgu+g?{whn&~x}LqO>^TrD~PyzR)4t&@G+V&}~DYXHOE|wXgU{6LU`L z7NL__#m`kovv`#l-UKy3%sLEF1e{YNTs`f8g(cW7+#PHn5GrC4Ho{?H77ook81w}V zZbHWfF%%j_2QfqqIm7`K4u^K2KqfL(4D?Tc_#ZyZphx0i{6ya4@F;3~-YSGfOZ4QU!Pl&p&@lE3h4nb^;Eab^-xn zSk(k75*dHKLxjzx*|@yWOP7R0>R>j(2I|_o1UzPm1+A9CAeAS;Qz+FL_4-ATXh}bC zNh$+j&jiXNdBHUA76RkECgTlaJEbZ6u>5UJCvb=^ap)#Yd zBrq}yBOU-4hL#0JS||LbkifN=tfQHm>xaWer)MUm@4=RryqW!;wIo`VCLXHIW=~uX z5UpCyW2*+?hFXMet#UP1c?8t<*8pc!nUvsl#CjZnN8lK7yiW>7yiZ0^z?jh0edb)X z4Mbp$_L=@jeu3yz3|^N%r?>FIYo!+Drx`6rG>B^~atJ3K9S*cs;?6I5p3(ZFQQ?C; zv4aPXlKZI@O`rC)?nq#P-$0j23g`u0>No2I7=SR$i~XWVrYZ}>S9Cbw6|TdwP0aah zl@~HF1iEO>NAH=M=egCguQwb8op=JVV36`2hYTMWmMImMUWvR`jIB$;V})K4MkyC~ z{5AL(ZXR?u4(t9%TrW~EJGzO!`YBdz<(#uRk1C() zO{|t$!G9Z6wxuIC@zm*8J_X&f>%VRpnZY-Qp_p>n)4>>t!!m&Teo{Cwx&X5>z+FD^ z49=aXGBn}`dj4Klbh6l}pR>F8J}nh+pOztTt2h1Yli@z4 zXQ#P(OgOl-x=*}JHaRO8-Afe;yl$pzUN9^>{0^%yk`@Tk?j6OIo1;V1eHR&wR%K?H z;LUoNk~2AG>KtiL-^etCov)QkAk+`4gt3=}f6mF$RcR8XPP+%3OtV2^X%}=0P`S~| zYzp<|7*k92fI$ogv)8NLWQ1GrUW?$1MKDj`8!dAB88awelg*I32M|){<$kB*O;%E< zfYvyVty4HKCr{Wb${iS0&WVz|Qb*+wDv)gXAU}DUvFS{k*q^Bb$2z*BdK5i~6~TUP zvM_4KG40k4r5LK`hyP7X0#C>Y59weLS{{q!b2eqHPZBH#=Y?`ck9%X%nMr5F-26vL zWz?lvLQ+EuA62um>sT2*qJNS+WK`_HA{|AG*zDG3NE^ zaRvYQ!Kakwy;j$jGQK(XhPwh;lnwDTDCBcy{Gc!*3Egw zsNVRVNn)kQotOsNo;5gI8JF@qxj~1-KRa+&58){~f4`pQdw_Q4M9YrRsN0i%Rdrh= z91IRC{`P7pLV(e1NXYi}vo_#dUQWdo0{+rGDgt5R;zudYoAa@D&526E+a5ILrhDt6 z2IYoVO8&>I1mPcB{ju`G&EUpgCESRTKRK2LrMe$=IG7X+THmS5uZ z_#c+jx>PnG@l=x2*TsMAP9+_XV;M>Kj;{xY+*?&F^OUtNHn2TwKpcf3M>W=c5;Z#v87sN@_yS4VEF1*a=CW%^3N^_|)S zJ3a$=Kc2hb;!b7a5)_{n!U7p7#wMq2yceJLXNv#Ls8NpFah#UB>}Sly&iX-hd*j^H zVUGZU);%k~3mkGZo@V%0FKaD>b=FQ2zvsO5#!O+Fn6G$-f`OlfF~4Sb&P)-fyAlye zB0i!={Mn6noc+xdyGxoEV0>2XVZQ?DnY0Ga<-^m9|4RNM;FawW_&)aOc~6jn$75ev zP~2reDZkeZASuDo*FuW;K3C2kwbX8fop50jb$qavJ3cFKpF*gwYu!C`^%FuDiN(&D z)(l?FMK+2_U+0T;ef88t4|FQd@w2>@b)*TM1CuCL4*<&mW+3&(LK$kuC!RTiOt3b8 z(f{h;xA=|!d-1ZNUTy<;4|A)U7qqgDYs|*Cke}YSC2npKJ+JmwI^w+;_O6Ryza%#lwUZbgRE6dkZsu%Z4pG&d3!f_}t{RfJEcUnCdq`my;$K9P3+`5j zxPu7NQm$cZUvBg1$3vY>y4>lrRm)W zp{Gs$hL;aVds=dfoJI{b-zHEK>7fC*EDFZ!d=O9sLu;i$fL@jAkV(UwscpQ;-{2d7 z^!{y9wtb1KWV5QQNx=K?Zof+kw$xQbsi~3B?T1FEWogj-pJ907+zp~fTntz}sSn{? z^;#~E*>3$mMd9zWIVzn_2=$Hgs48X$`VC)FpIcN#lc;Rg6Q=SZo^|O zQnnk6jdC-T;hL&X;%%+Gm9{8)QaO@2FuSrdJJZ*k^j8NQKCl`v6;V=UQL-1;=Xx*- z7Xjiik}=dWF*W<$BNC3OY2CYka0E!~kuJq5R{G~lw$bBKeA>LP<4!l~YnJNVmrfb0l?3-5Z+wBszEo=Wq?ZBS0dZK;Mb*Ys=Ak zfJ4SCIK0o?d>St6^nn^e61Xj~5Z<@+G0YGnlh~&vj*n5m5Duk=c`1hVD5>S{@RWW~FS%=)n{GIcE$h zM@iLnQewQHLRNO{5okl;2^^QyBoHhvO7c~rgi)fS>!8X}4J=LCrlX4BzD`OgnWWEA zO<1FfvRRuhYay1ET?^Th5d-&xo2U4EN&VU38J?=Fi^r1_z5-Dlw_pY(TQN{RTAt~I z^S~cN50b~79iARh9j5?=L{U{>3x1Ynym;hRX5u~lb0YELvKh%#41K}KS($>l)DAio zG{P6D#==NdRRBfIMvEo(2J&qgYb?TT*+8I|x|3X*6jk@y+q;$6WW0xZ;RubaL3sy0M1Jv~;I zAZVdyQI}}ji8vN;(TJ>wu2?%3EK-|UI?a)5gFa9A zFEkTz`t(Ko5z@t zYr&FFh_pzy7*sWG@I@vkH8c2g+;H98cg?ud%xkDEjV+HYr}M96D{ILapAO7NyhXnW z)ix#&)gjZ_n>m_Y$!DkaGdw>&3XHQMAib$bFMsRaKyD;vTXR}VxMf|d4<~3OUdlPg zt3gUTqID?BkBBM0G!bSZ>w6nMpD`TrsJDdop!0KD+Zv7$=*tAVc)GaX2sw6RH}F6x z*h5?kR$t z%`+3CKeD$3pf;RN;X2S=DUKw6bV~>3`KaZ+5{Y`CPzBmUZA1j-3E0!aY>+**%|@qn zw&4%0FS0$#{gBAxA2+8|bh(=5{mpds#h03(;F^=Xz)44x(?BfBsw;_Ljfrj2*MFwCYmjoKfMu!uj zKSRI+Zj#Av#1Mk_;l|Mu!l22$*0FM!zo!wgJ=?H8LvBh%Yzy>y!1e6?LieS3lDvxE z_KAn;e;n!a2;c?$Jryl5o5X9BnCOKH_XDP54Fd}eXh${&U zsBJ>XZ3z)D(8v*L+gKEggeRo-M4Tvw*O#MndtY`8JrFdrK+w!sK{GP~&8(j{5HvHW zy-M)CuTXn@NpK_RQ8WmF*KKsZwY&vRz`e{hY$*|D8lVU>1KgNgIC@;FDg~JX3R!F~ zRgTtw>6g+YMOM^Jx91$~;Cdb^=4hg6Ogj%FT^7*f>IOG{BYRY1P1F4KU|0vOV*V^38Z%NVjroh;ITS4&RXwtbo35wa9`u%}*&yzY%VW(}2r(JzhBL0kSnj+45d)#~! z=-UhgXV9F=#Hd>qu7gKU^k%)lWJbag!s?c9)<^FiJ8l74cQp=9{gC_~?hvYk;E#v`;IxyIaR&>@?ZUL=3}huqxagI&1zmt`$C^c##kn+pbzA|o453RPxL@6+|F9l#OzWk9q#A-%U7*4 z4GLmVVSK@uw@-}CpQZom@he5eLNHuh#itbV{>%FLBg+Ub?%kVM;Yox$2X7%R&s~#8 zO4SYB19;@u=Kqv9lMh%*&CPW8x+$iF0ekolMVK$@o7)&M%Mc zLDb3x&Ll<=WAkw#@bKT7CJE0Saapm@F!9oE*OUKVdK)MVqc%umI#_fSdk8xelnyW* z<;?zUq%*J^7YeJQB*Egf^!wW}j&HL?-@ZpS9al9D=Na@jnk(9nPlWC?U43T_ngs-? ziO2sXY%?FD=p}w&!dRc-$6$-RZ4fE$>WEX5>W-ieUpup^L8532Dj|gzi;#_TUzC>7ZQTqeP&;^dmsn1G1q1Jo9 zpoO8IqUh&?R2C!-d$W%(h$9#w_QxdCwnb9$^-XEeTbM95dKPF+w`);>ygvQBMLMty z#`A$d-zd9<$(3)1hmA(bj#llQwvGB+L4fjhqU(9{#s?J{P4K z)wP2dhVqYhj_>l1cOJ9-9c`XM{6#AG+dU+WLWRP)M;*W%YoXFL z9_{TZ$jb+yfxP~(e+8h1u`HbA631^|52NF|>NMX*-Yfcdc(@}iDn4z@_Ok_NpiPJebv`X>WXgFe@tfSav|7qqb18+@) z{uK1Xp3Amdr8{=vJ7}L^25e|kCq@swyPLbQbY*6n&<_fxSk^@P8l-sW@9=5PO9N_Z zuD%9=&U7l~@k(*8r)ksU@1?_P0}PU%77WOb_x73!P`p9M4Q%!A?V@~=2K^`14>0j0 z44J}}RpXigHs*jgl;>%rhlnsIjiC zt4^YRD@dZ=1LY&juuh}i!=NLL-L|*D!lGMtQ)&GojcEw?{U@OYf*d1~uEDns=*bo% zZWhF6*eBkMia%peO$yyCy#hSP$bTAO_mNqs$nz$m`(PfCm>O0Z-)n!ujIp&&CCetD z|3)FI74*ncejb|H$lVZYa6}ynYo0Iiub&9QO++|v`&>2W8DehD8HQYWV*)+FxcR7; z{ArKpiA}FwXQm*DQ>v_zCXJaY+Erl6H(o+F1L&>S1XOPZdhjeYVZkenGtRZ4Uq$`=)AB*psm&4TbyPzP`18ISQU30H{_e_6;{pCS;7l}PBAwFAVCQ+^MdVV1 zY=UaI6YQ!%G!U#Ttz}1>O&`@TtFGV|>v$dDcHZjEPv{~{4W5Ja%f~xBdW7`5U&$|@ zqZ#mllOsU4z8j-xBQKe$dr0Vc^Xw^&olsj-=FL zvz#SE@Ut3Z42E+<9uxrJY*X-TMlU&AI9U*#o@K=2Vo9DFaN|={PKYnoMKuGHZ4*lM zlT%K!JGzaEn#4mM3niBK2fjXrSJ6?zSa}F@gydQM?K0nKVoCHJA-JYw&ovD({=?C4 z=Dcs*2z3(;#3Ya^qO`nT0I2SS~a65}sIkOlPfhAEJfi2G7zw zglpCuwj(i>ZiTfHZt`sH8#XcO6=PkDIGZ?Aq#|#W3 zJEl}&tS>@W-YdnmcL*aMdO+5j9Zfv3A5dPGspU3+)|{(sZ;Qo`>}`iM?p59Hj-Yo~ zCoI)|`Ln{8uR}2bY=K;C3lmPqg?L4)aoYw5;{J?LEMBNC;xz**67rez1SYGl?;2-X z+-Mc#IZOaa!A@=Kponr@2`s$P?`bJtAm(>VbWrXQM5<5u2=3p}@p54V%I(cmCa*6@ z8ckbtkFJ={XuSpnbWugIJ~3VR2!Syt&4@LULxggc(6yog)VCg1ufe*a^CF2!=R5Ey zT{LhO(mcZsn66o^>b=G)#>B8e4=0jlA!Cu4n$S{1K zHpx<4HogTNA|!kf7ACNkw{fQl9$9)mC!Sxd_FoH#1KRFG>@q8Y{K?M1$*N|c$VtQn zxodkN1RoHT+{wd7S|Fl#Vw8be_^sRH%&M|OOfrBWrtkZ&fuDUJv>@3gKc?uJ@~}lF zcj3s4yabKta)^P9;o86N(d)@ftY^{yCgaM?0-@D$5a@^ioWO7iF$3cIFJF;9^IKB0 zujvpVd6r!*cX2w=e(kboIf%pwACfy}or;d*H8oR;#B(Cuea{qCi3 zjyKZi+xrV*{`0Q>YEI(6!M981V7H3D+>P4(kq*NTm^TfWXTE&i?uW3RfT1WYNk1nH z5K|y5>R6_B!EW?^aIUrX_fb%l4K|Sh1e<){hls@Hqa{EX9^j#D&)MVuApETyE5@V%?+qM8YUxpX4n#vfj6{1ko)^c1c z7Pl7!DAg>qw2z0j=y6bY+44`I^A4Y_!m0UfiH4j0{Bn=XSNM&NO2N`=C_N?z2!eAm z@6s4Z3}osa8kSlvSJdLuJ)ax*iOgWaQ#$YG?$#}Z#AR(3=gcoNne(3yk5fz7>J49( zb`mvpLNoTkZqk;nzaAiqyW$mx|1fTn?h!|!u&Y?bJSlaIlF`8HP#<8nbzjM#aH&r&0g=Yh(nkeg>+!HE@)hunwa!6rZd(s z%8D?h4 |j2J}aJZjMm!(lCyKdpZ<_&X7wfH70h10$mbhKEX4+LjI4a0gj_wNU zKNyNq{f>(!5O^VCju=Y9G*w*JZrRA@StiRy3a59)I)Q-0nyw!&Go86ykZR>c)!~n_ z85M(`T|N}`Eu}w()bGUwUc$k?jfo>pZcqLYoD9H`S8|fP^^4@sp4`@nPI>O`idU8$ zLOVd4_Vs46r}jW7(h7Qxbjn?5hRL0VW)i@0?=lf+t=^1i{sGQfK1iCp&iz+h0)8hp z=^j&ztFS{0;p5Dpz!!f^UA&ZRa52g9h(jvf#Mqtj^`*|7uX$=jGp1O}2XSJrbyzf1 zg@~%?C|)SV<6M1{%PTe(_GXgZtvu`BiHWEm|9Wlyx_`)S>D|=2zi|iPc`(XH82j8) zFt6KGfi%}3>UerMqNE}y$GhOc9%l6GJ3!|^?aNQ1N5!Xu|56)Df1Vd#B1>0|?7f&K z>!bUw`_N8;xzX@SEc;x{dvRXbri*QocN~^So+4%|JTcm`MVcu9?vlWV>mOgj(~Y!Rx3&kk%<5}dJmJyGSjv~^f!f`)`&eeRE7U3IF2d*792Qt zgI!~TK}VuP;*1Yj(Ed}~fBvmDL|GtXRgapCJq8dFXBT(BEzDs3;q%-iuU1aWWo@v% zKti5F0x1oC;!2~}xQF7C3Z77SRJr$uUVqMi#6}$yNNfOD9E*6P*i=M4h+Y-~4Vj52 zp|gNVeqBZoYZomYkwpTt?00^>R)c=khTPv+7 zRq%_ds9%fF^n_%#YBiEiD*bj^URx)~Z2uEOf&S zu8{}bBEM?rr^Z@0Y3?JN@cJuPV{gVpOO20xhc#dPDUNn6VeW7raV^qB|d5F+%7>2C1ws*J=0v5+CR0}q(~4Y%Lb-W zqBb7t_QTyuJ`wG!GMl$<lIOu9=?Sn}B6s|i4bC(VqFv%|c!=Ct9cpMS!ncGKP9j~|Fih_)(GgCE9 zt%dbmbV+rQuk^Z2QP_1h>ImB0_6~GviQzbvSZ!b(!oJBooOzc9cm~myXz>^ zn^RY-DxamhC3emxR@CE*K7Wcj5>o*s4sI%JHg$cUzE6C(*(=LBk9+9LeyinvePtw5 z@yA4vA$hJr94|c~s+$cA#7F@7{U!hQ`wfN%(M}wH1_=gKj)@v?QhtM=tg@G)WQU3! zEA`}Y>*3()NXIYv#C}#kIIr^ORn!Y2mo&*s;v3V8>b+o;*LK5lN`}*Xz#8lLl$P^TRMYaOBFV3QLjdVObku^I^54rHv1&P5hoYr< zNea({oInYQw*JIVrgmbRur_sBg+wjFv14j>x!1nfF|nyRssoWaQal{zh1xvyl$dr( zk*e4HG4S$qC$N-jN#S6nLubXw<}BEkzZ)Ae?xS4>%Y-F7{OD z;%w+X%csiEhgtHvmUd`Em(jw*Bn!s~F{;B>`G5gzNkr_N6#qFf?9ZTa89)+IBNAsd zqLFh~92|2K!6`G|&(fA6F;*JNTuP(|%<}ffmtA7~p5Nun#PvY_o2)ylUg{s%+8NWg zt4il-9zy)Bg$ZAWKfj84R#g)4_(a=>ROWQSrmSHab?!s5qg9Ml*Me2(M*Gr`?JfXL zsCU($r_s5K=_TsQ@0tb*aMQ`{SMAr;IorcC31Ty4d5sy2)F9ZNU!-|_rvrA(Xv)67 zYCy@lwZ3!vht>>&1CJWnj~ZECz2JNZpnM2y%P4N>3hV(l<9c?#P&PEIh{t9Y2CCbC zn@q8X^NEC~i?_d{VYdEm2u2P_lQ3CIt8UM-YloW?a<+|em7XTNiaXS8wOY0?T+sFf z_KqkOWO#)*L~C2&y<)gRma*UDTs9FDV6OPPA9=mJMz}QOmQJ2OMB7NUNszW z+h**+l3hb?Q?kf6a3D&~c)IRQrTG=9%p>a4%%p|a>jiZH-uOs3>V3 z^%GQv^4%ho5)x~*n;o@9ejYVK3G89G)0fZ}-Ac|1eXWVywVv|``Rhj^&|kGw)Y{2m zdcJXFsB+yXJyT%wTXBS8rxx>feyqhNQyzs+nSu|^lYP;(1``?6-|sf!8Bzf8UkVL@ zZRJULPHJ>+m`-ZHZ5ji&x8}fpc_@S7L9sZPX`!Fs0~Uy6fo0*!n9!Kjg(ZMsde~B5 zd4|Bbje-1NWU%s0(V-$YwquVk{#&WYtOIj;?7@W~6JH8`U@kkPur0b(KF&3Uj4ljA z6eF+*C>n>wr2&`Fbc}@O5G$I12L>g>04bAd4jDy8mx?5+y3QX+8AxVrDXI#(mWQ*= z!N_TO>Gk?V?uJUEJBWTOP!ga5RTvRy#A!p%Qi7F3`ojKVD%sr`Pm*(X8z){I<2&#F zowP5dwVcN!fD+F(GOn54>^*{w%nNosBAiPiJX}K)tv&^V!i1^V9$+$T*KH0c2RZwy zaK&h{A<+5i3+hnCB7(z+ocLE>lJtcYEPhk!0<7{dDIMpC{)*U!67x-%KF@uiH}ZI# zT7G^zqRUwt67osF?Mn5@H@z5*ZeP+-SQuoJ*MO2tNc0| zW7&A%rc4XI@+6nB@|ld}P9W0-tZFg9@*PT+-oF|Aol#M&=r3!1wO!AW+WM5t*4)N1 zI=2v=9!|Fjg|>KE!%1&M6Z%AG^rv!Lad}bT^v%W299yH!jRY|*brO7A!V<6vf`)`v zoECp3>sV9aHq|i{0j3^9?P;M%SGnIiV&$-yZqg%q+~k)RJAtV1sgt7qk_3Jwev8G7 z>r28b_f0N~g$(o+aI=~*4zjQ~!!fuZ6)NN&11CV}9I{SC zP|qhFb}TfL144yzU4{XLyc;Rudz%Cr%%-Fp;KTm(~7wtpRT=Ye#X7r{ed!m#2 z^7>ljo6ds)Xd3-6Cy@}dleKAI>_BHz3yH+zgP4r)&F^#n@#kn1k>Hf@$=kc zRLI2!nN)krf$FGyeFM>3S*X@c{}s}rhe{4 zuLr~IqRL5!vVKMKokzwXZ%db;@;MOe@eR2{6ewu;i1mwDfydh1+1_+BDSn~}z8dmV*pnNQ!@0 z4_*Z0;^b5gd!+NLJsoa)g*9D-{PY?a8xq(O|A70;8sGB&#~Sz4K56}cE+SWXZAPDO z4Pp8@(}ZQ$6n|wfl2(?thw{~?pCvWspn`;ILfC+{-_GN+zQoULOZ=B!!=|0yUm;oi zCkni_b~cqf)K@dR_gCn(CimBN(s0=t`V?Orq(9xGd?IN1M49?_{@p?S5lm9uJoFAN ziKkKF*`7>bo3KM0Ka2QnCcS>Y6M z?0;F|;;W=Li%eNBG}syYi$KIGgKGY|k%y$GP!qNTLygp4`e2}~)TU7=B>bZ8&iS%u z(v-iavL=%d6uO^uO5xVm5iP%Fpy8pWsEHt=ULJg=l4Ce4)Fj$&x&DzK)N z`QrpdWDxxcyaq}v;3+jdcoqPJVl81gaSKyK7XWJbZuv&waydcV9AQ*^alev$^KNs|>F1KYd~ozYrbcd>k|BG(|s4p}l-ci%R4lC3z7LOcK*+K0z`{^(Ex{t9UNL1o^ztwT zvPre`Vb(aZ#r@qTCIntaqwJ^(+x8PKBig#eoZ>g->6!QG5aj>j2Byq!p{RjyZ>Rjj zzhMX29i!>UwlL${ZF0t{{G!nZ0vY5%Bu4mT>ojJnLKUk6u@2GKP!e-<8uQ_5?$Qj9UWq#*z%%}xx;ma=>iEsV~35=PEB>UQ1mu>VUMSA&>((Op}cD5ndDQJNj#g-(* zx5zfd38YOXMT>=QstMTI%ibB_k}87yZ{$QwS?HXwHG5I1ixHMx2@DRH96fY9G{k{O zT6)JSNLu6AEq3%H`@DpQui&@(qFe^+oceL)6`>_4m*SQvbL$4SN7v(LpZQTg9 zqgNG4XcUv?&=iw$5o`^hkeXtW2SX>PmEOpVPi=oXijigd+XXI~k=3(%Sc>U`ONwKv z*rW&T>q!7+_+>$BA$LjmIeKVwct^WlpGHak1kmy*LTDcsZ`Jn8{%XY@-D;(dbWk$ z_W^LEk?a3W#84h%+z7>Iz);ILm=*U69;<>zcvFeY9mNaKA}Cwkeumbm#1fXN5{J2< zqy3^8x$}SMrAUwrA?GchH7s{Y*2ix$N`2Yfs$iB?_yhuPrafr6erE2-aMMzGCMfhz zUr}c2Mg`NX6m>4_<2@ILj9n^!@@!OUg2yj_!Q3vo?91n7n1^&jX_dJqan{kZq)}`T z9d1YsTlu0|KgNsd#aPprfcb@c%rqy~;&d=Q@2A1!0|)qQ50KlFl~8?EVEG&Om4gOu z`*y#c@;Gix#MUM;iEWBf^k_!10COufS66-dR2qQ+FuHsvQx@58d)(r>bx54y({fYF z3*x=+HEp-(jZ{kU*y>M^ueKYS=SibOmCxFDwt`jXILZErFoLLepBU1nojNK@Xq?sp zbmq87h421NytFYh=<<#%nYlsc1VeWto8$&6ZVdTG-p1KMKigUCJh zO$Kck=PBI3&98S0q7ZL>+WxX z2+yBSwUB}E#fEA0FON>J08oSWB0k}bd-R|@OK)$Tt{a^}hj++ur}Ou^!YN?6XPcA)biEYa}X2SE`l3-It?A(5^Qz2=PB4ys7tPqv@v(mOJTc z!`(zoYBeAG460$U6s{UYV)0)s8GRA@2tY2}ZoZ}e2 z&;pURyXMZ>@LRj(cukIU?ZbZRt3F@z86NL}ws&)BsoR9Zchhl2MS0nkJ#WU#)$%Ue z8xm5~{Z#XMr-}4Co8Hc+g?7+Uq=U0`D&Kk(FWzSIM|w>@=eUj)o3=OlCwS~U;C4Px zSRpz;{hE6(no+iRBcnKIThnO1t^dZ+)6Pe@e#f$K{q)wgBv1<3T}o^_PM>RXMZW&^ z5!SG$39i}A+3y28rJ6p+2GZ#6Zwg=#u)$BBQ~2+i=Zv+QQ0m^bchU9{COh`<8^bE! z{pX#8`5rYUHShlq7~nGdE+$syzhMBl&R^$#5*?>_U`L(*e~h!hzZhrXGR5UciJthG zE1um^YqYjMb@SH?YY#(kC5?pI!a^-v5Zq>;U8-h?B3g)2n@>H7E$W+o3%fEVbHS6g zuvwrBp*J?0SacScLZ&6qxz2os)j~<*1fMIZ5Xv8_``lMT@Sfr8fH^u}E(JmJ!j?wx z37?QU#7|I|jAV)tU!df89pXDC&Z?kbI0;a2$Yge>au~q>f0R41sVD!10!&=OQ(&^K z=i7!N8OHsf6J1TMsNBS(7G%6%lUEA^o-awtZ{dun3(Tv!4&nTZZ|->bi*FuK@BSCw zoVf9S;>|7_r|G9V6b8ct`)hG%{FNP&%bRh&C&a#-U%tZ0B?@s<|5NNJ8^L{-?n;LZ z{Q)xOd_BDt?pIxe79Yw_tmjD!ZO+^aus8h?Bbo6q56ZW^PZ;)Dp^ygllGCRj@V3Eu zZpITWMJN)HL*9nT0;}WaKYh&CZO)FE?s2H-Mz(d@Kt4L7777PPK-j-yw{=Vm{tY+F zlUbR8oVmI_(wh+OtoQ$@b&OE%{;GBK4-GYz4h9LU$-MUPW2n?^Lt0JuRM_EnMRl6* z(145p!z574oCm07ZX{V4yUadZzfvL`)E&2)z#BRIJbGId1r>hKh6D8% z+U!h}d$!zPMB$EdjKk|)<2d2Kq2aqf1_I43c%m_^0EMJH>qhO55K?Xz=SME+&} zmKIWkjfzAqax`g|t=L%Sg01*exY!jM9w_t^K=vAjBoyAq@L)2wutwWk2lpM9RD>aY z*BqbSs1}YLpvLgQ~$7AtDv+z9`ErcBV4~otweWdT$mS4A1Z^4|j1T zAFq^F9F43P9#4}=ofEHvk^!$nT{bFTu6RKKNk3tWs9&Yx=R}`M{CP+mEIF!JP952P zL}o=c*=$_gZ%;n_sK@dyAWC)`GT*IKg*AW1#71PX9hou!8B+GTe>XM896w+f2L?)B z#|BEiA#%r|k;+V2Eyu_eJtbEN zZMxrz2&hMS-&`lie+WX*B$L!fDo3P_h!h_Qap8r8@zRx&Daxu)DALnNWi>5h56L(u z!0r?Q_OP5Vb}5Hsj777sc$(jq7RXF8v{r?Of_FT_v(Wg+o$1RP>>wk@tZU=v=>Vl5 z141!83j;b{ZGE9(Yap!6+Q9n55p(2#+(v96xU9Txq6PVAL`CiQiFTV)jpxfYV21+CMg^63TTs03FL%km(aIU!(VlDjOhYt_s;Um# zzj0SUN9WJ4DcBlmQu46^VyUz6enGN{%|U|J9vhMNV67_9mUkc9evgk%xz9XLhE$c2 zJTSM<^`SD2OAbZ{uvqLZs~m9?vl)`U^eo{@Y75~?ljG>Q3DLXr4Y(D7IZ{USAfB?X z2`M#)f_XZB{hMASVZP3Q{y_2M2K)g_twH3$@I4*j_Ng;svKCmf#NqP!|1^4cB(;!@ zB$`gwdD!<#Lu=GJ%`C6y9@GRG%0I!f!Q=&ml40clbJ?FWyN{--d8Ml2bA|pCq`FI8 zX62UAl>R@Aon=s5UAL`qcXw%Af;$8VH16*1uEB%5dvJGm_uvjegFC^36N24N-tYbF zoO|p3fT~3owO8+!nsbe3j5)H==mHXQKD6gmd{g=OX?B^T;_i5$^TqgK@a?h4tNL;L z1yCRP#(b}`pBj+^My*$Y?oRQb--$BXUwAr`jD zy#hIQF$sD##-aJ0@-srQrdOk8WTgk)o;E-2Pzup^@lQs&HF(R(>tSQ#RO6Ai=5$&S z%I=D~&SMWi-5N#RBJQL}M9)ZwB$*x>h#Nal5uQ%cC|{2rFip$W4yyFn-faJr;P8zQ zjv-?-zZv-r0jJeLgd3B6y$=zfGi-zzJqqFrPO;^hFVSmMou_&yikdECm}h?%;(hFA zV-37?56d7X5xev{u%KX58lp%G@Z)~}8`H3|#&<1%P%8*eH~cPfnq*19X<-fH?O|X(Qdf*mD0`fmBFso*7)`FjlNcv zIqOtP3$&a5WKyXsnavc#`^aW`-q}{UAk|NE1o91O`_fDX3#6l(AMq;_U9eQR{4&5h zFJ#6`O1}y2-P3oGbaG3>v-Yc~v-CG6<6#QOl(Y7`V8Z9LS3;C{vWaa@a?H%%gfSt& zvCO!1-UwVh=YzoY15d7<=X_pEWYnTNA71JA0M_rzmykJ3!KH`?iA-JI37*=cJ9Z=F z85MGf_-3W?3?y6&WQ^meyY>KA5k_rbjHc_krfS(IsDf*80tDcMqoolpdbm9|+7M(I zh*yUKUiIahQh02mt-i*e3}@-ik3Pc+IMQle_T|4|>IgWN6@3$wahi8(FAa>w@01gC zk>p`t27&BnihqIZam3%s2DjVM{*>(=*NSuRaH(KXN$JVAFw3pBcSH%btS+DP|J3aQ zer3n09SzS)f}DE+{&I-rjgbX^($vO-`1S#lt|=kfyu+UmRReTL3!D; z!NKV|Lt~3|3~D#&A6$M^S+mY{zpNL20>>B@mqI3YVcbX_a|SIqS%$7tI(s~ZC7o;V zM_Z%8#9+lr`#ob$v9jI!JO}Y5qGIJYD+bg;0+S?qXac|XAxXGH24Yt8f{&w&%Llm- zbCdH&MWM7`6T!$S`Tzcy_-Ca3Y$J|B9shktM-?Hzk}cDTrcJ78DYK*_CbhG1vZPn$ zy_Y@w7G%m4)Q!W2jt|1w&90*bz-@r*B_2_x@@2=mcFzw%^RHW^$xmo)ahqNZ6>EGfd!-Kq|g$nIrhp+XoS zOCZJwtt{ykzcUOXvLmy6vFK#?xg_2NeanttS`F|Iw)(n28E}%M=s~xB#3*+|SlQ(t zCWKPcYLS3+!iHD`SVL97se+L8vKpAOd-SqHMS!AMUIs0k>Rw3(c3+4jCw*t6stvKO zzal3H`&I*C-xUB=v9d_Tj|ouuC&PIsVENW4R3d7@6%m1ooc8pA6=xwTZKaWt%^+(l zVDU3qU!KFL*ii#aY`NO7)hLjGZ1#Zx=6MP_~{Q? zF#=ZW$P!~RD*{cOzGCOw7R0;@XoxVuL7ystN1qx;C|JcX1~wKigqx#JF~yT*=pkpk z7vsnjjj+U-vn?RYh{?2G`R)g2QP@!Fcn|L2EHap}#Sg4-N=`uOESRkKLkBgsrh~IOvQ3O<-LV zWw;@Cs39|2Kj`iTia}-4h8u$J?k|95aGlcXM>vL6KQSx@8X(C17H$l})`wD+DI)Dq zB0;v>f5+A(bKDRS&$HV~Yf9|lLYF8jiId|R2~Pr?fd31)9<_;Dq%FZj0AHmB77O_+ zT_#$7f=12#X5P4~eC1A;2)CE+0zfHPhj)$_X))~FQ?5Zr`&1nS~+zTc_ z9h=eN4$ig?EJKY zL^8Gaw@qA+c211=fePbG|J8o7sPHD~pS$Dc@_kl%b#1GZczpcDX66Juoar^D2>R20 zvipDeQ8rumtSxRw$9@5;ZYU=tM11`->3f;+4XIKoyRJFf2lIE!`QNtMs$vqC$3UvpC8A1p?$0{06WY!K(^P-C zYBOL3ZB1lf$jociC-pU4ZNUiH4yHX%x5vp_FwuUqP|`@9(9z{{wPO!lP6F9pl#T_Y zLFGG1^+w7+M{Xc@`*joRO){q6v2Yr7lK%~a5cO!Yx4r3ENXu11BYV$I^c7<9*{x(> z4h*<7w>9>#hxno7xJ#bu(|)0eKFjD_7k!otWtI%j`Zq^yrqy|T*~_=^?`s2f))v~4 zT#S+)%qFs`v)y5W&D*#o_iAw%2c*ntO)Z_(HGuEajYuzB%-=2zPDSL2@2InyxtbRV zG4af={@@_fKivXY=1G(wFVQM&f*Kg*2W?&wu6g2~>og0p)b_V`546PhVQKr5O7%`y?#~IChqfMb z$j?)j6!h_`^d}Z}ptEewh{%~i3}+7FQg{7azPbPoL=Awm@&EYhB0Kh4wsK%#Dc8WA zT%IoK-hM&PmAC3{ zTK~8Kva$g@S}-b7IrML;4fJ(}5+qw=2O-t5FC>hy-7Y_mo&&36yKm+f6VmUoQ+Q9+ zu6=jiM(R)=n0^&=S2Vfn;H~!CO0>OAHcV)`im@87bJO^qx*x&R1RwHrg1L2BSiX*` z1<^gv!}o%c3JB3U)egk-AltfYx^zRbiXdttE%=zeHnL~kg6%_9wB zn@s?_YmyinKT4iur|DcT&1pFOBsFeG!(vTOCSb*92p_wLOG1u>LrXeP2g-(~F-nD` zF_w~1Pk7dCd@;RYM@CCOr)G;XNQ${+)I-Z57m!IJ7ZCNh_wZ169l#uDe2#>hLCc{k zN6R_D3bx=yUGnj`kJ!kHWn5IJ@gMsM4@coNXF$xw512$K6-GL?f^pwBkN{B)ryeD- z+wbUYARU+=1>y~UPC^DlTE4psw6jx;YwxS+7RgXpPmV4_Vqu+>oD4GYn4@hncmSII7VY`l+!!z46H(<6Pb()Gvx?x&uC0lmi*U|ZG2lUhGFJdsA_|DlF*yIHp$M zaE&|mO>jn?`&7$f*+O^eYyC3-vaX-tg;fQ7CG)m!t*4C#pyt>sh?rlYz&Wz?lF)~o z=?YGSp2Wq=g8c%9KOXi34tS-+#qCc9BE<>@aFG9kGBukL3=kJtdADgcd725aji7q=1j_-V zIkG5b3l+Bt9kH*8y|6(OrqtrGqhDw#H?4CaP|Wq>L=Nf2KT(R)$VDrWJ{@j<|B)DE zfiU`@Gl6_jk@V)b;4 zM9${24jMKB1g zqHkbMIVzB4=oh#^z+&oQvPrwj<=Fsq#`Q48p5kI$1Yd0QmH=iVZ7js#{D$B8Yn&6Y*p(l+m8Q)bR;D+Of zmPmM-fx6>Jd$32Pk`M~b1rN8+$Rh+e0AkP<5f06T4xOw-Dgy$|rptmcfQUjjgqdJM zRpd5J;Sui^PYwn!%0Uj0)auvU6WOgEj^j!DIA?N5e?jo)1?n93hB=Ij%0cfJ2=s)y ziAwf{JA61mYLtHJ3qLHB4nMr1BMmzI=ws5Bj5gO*MV7%#Db8Ua+5NpA$iZ9)Hbg@^tg@XJ-yJM!3M8|9b@&#DBR2%_x; zH9o~q%Rz7=YFTjJ-(|IV&y7Fyd@XJ+PRLK6p2)9>wM)%q)nP&R-e&rsvO8nqL*b#b zq6-uAgEf-^0q18L&ZBEx`n{o~`fM^S*KnazWNlQ8-d zC-D<@dVBZ_50$adpf4!b>Sdl%uHP5ag2PF`0*7U3SWXb=i7M<_YXT#Z_L&-(M#BJi zBOTHDsSp(uZ->;DqAbX<&Gnj!hy71GL{2leXdNcel_CVzEO7&#Z-;*#N+NUrW}!R*q4>EVDWB!71YJzL*Ns z7X$2N1r$RS*|K=QR%aYC?;v3#87I1zD~jmGy9*&| z&eK{k80ROJkjw~meWfs}yHr{Eoh1dzr2>6B9(ocg!cUJAb}COJ*nJh4hC&|F8hWEU zabSuP@2Fa0snb4?3tML%W(@laH*5b3<>`pS~ zs&vi&+C#I{{?$XLU#{(HB1mN*p8RJI{c&}X{rjS?`&GFMXdqiyCr3(dEwhTbCluu? zw$5&m=qpvSWTNA+yGgQdt)HN}Hx13NF|i-}XSc>ag(@%4ySj@VxF&zB6iDbD&$}=E zpPAo@*k!M8`GuGT4M8q~W|vMl+fq0RfT?Grnfx=E>V06UZ{_j@G9T&83(hfCkMC2p z&Y#ow=TUX3i)x3h@>Kk-!nN}p6qw*oIoUbaGZ*zgQT(!yVM-zYgH(H%nU?PbY_DM#QByF z@^U)|pswLHs)$nz+YCj!gKQNnv?{BA+baGjw}xMu{LMIjaXxNR$Cj$ZLCN2muyFdY zamgaQdH4zoq?xg~$$o8zcB8Sab@=~Er?UB%a%&AzZaWVN#q&>te@nMk!v8MazJ&fm zx;<0|Nw-ZK;sf6JCIx}1?{CYYdv*CzE4`9w-#q&F+cxYzVoSN_m>s|Q&V{~d<2s*| zaqm<$mruDZ-%WxzH4}-HxBrDxi~W~&n`Q(zAu$RiPJluLD5^eN}~oyIV%Lb=Ql#gr!TewT!NUz#o;++T#gNO zCt)mBeeJyvVH%!wKsigoP^92kBw!_x#81(l_0X)#B9Wx749kGUN;TN%z#NP%#j1@5rnBNAF0b2dmwhjU{^6! z5C+_i@|r=or4B+e-q+UbeQJk7IPAlNq5w&^4b9AmdXjvKM~3$OEf#`XRlLu2N!TUH zA^COQM7gedtE;0Pbpt`hRgqqO)z`&cs3jk+W~;3NSR3a>>ujSK-& z4gQ4!#_II8mCkw;St5OcMPdammzB14*0K`y<9<&^SKGV$4bs_~G083*rKs4VDYRNG z_LCaPk>?|Pg@G&K2=Jjb80Sd{BlMJh&(xmgTykI7tY;2{n5UogvSi>t#kBjxSj46s}kw5Sk-dLcSJlvb;u>MqEwixHhbyW#F@h=QdiPaZlEa z7zolnke(e4)}!vpNI33UR0(0uq_1|NhG;^Z2(r*>S>bBx0c{_*mj`kwS75)Z@61objz{H`ufF^pWceG$s z3yT2%+=0#TJ?)fpQT2U2H&H)#O{e#@W zu6dfty|`$Xj4gi~lzMuO8fPw5CuD+Qn~GLgXa-$a2!gucTavvF^5^0L4dxA6-g9X) zy)54PP&4w0)h7pq&JpVa+cJ_(5?G@*FNwy_A3|&S-@B7`?X2y8)Ukhkr@*CEGx653 zE`NY6Y&OSh`-ClhI+eM!i2ZocnQw;tBE2%D2C0dA&i4=#{aBuVx}blz7O-dJ3F?V) zxNer_D!r#gKU7+dSk76i8<#gK_q98D%cPV4b_o|)RIap^`0sG)o|B5HPBExd8?c9# zfwWB^eATaDV()Wh4*Pv+VJSG}YPSD=r-oT2qE!novr-%OEb%{%OfvV276=Bmnl;UtRuieH1N=B5W6B=B|Gqh zYe_jUweptHiP{DFq*grlPPeOhg z>BipKxp;#|b!p1t3Z(*86}5R$w77f3PWKq-MSRVA&3d#aO&HiV$(cLE@Xn=-NRgK^ zS+w|EVY2Ks!mQ?pjCk|kqUDpe3_R5_`El9L{^P+fM_N;_BG++mbmd~g2 zp!`5+s5JlX4fqugBCAxiIEr^ATcs3?pK&RJMiT73m`IC;?w@&-MGi^WqqJk)M~Kxz z-{U`W;BBl!Hxrxx6~MIu{RP5|xo5qx^N?rZe!MueG~r?wJmt!&NF*)eqcjzX=(KLfiF4Y$C2v6XO{hyX$o}1-Q5yyJ8E+I0l_MUBJaci>~&ZE4GoJ zV8o!Dp0yu%BS}(?!5(Z@f}AeMBVN%tq>fo|PvGRHDcalsj ztruNrT>QEw1B|tsgKe=vU=d?w!_auts<>`~AE8?iz2oEatVH0(Mvw>Tqj2(&H(eXZ zaPm!uP_+EC{BqL|n}K3sx}GROCA7l71%F{=*_X}4Ay~6AP`H_CS;W}3O)|MG1T)o^ z2L=y3(XP6{QiIXhwpx-3D|!~LEY!$HG|YZnMCw2jfX9azYU)7JhH!^3K~{oUVP0z- zh64iE!C!<2J>opd#HBv01uTUek$QUm z@bqN(T6julYHDt3E_+y=Hc1HG_exu2)w@{`t<{~j*l8zKmbRz^jM3`0nK?n$fRQ~; z;hvuj-Yg)wjNbeT0WtY?<3eDgU~EWW+MhQn$HuT-(cT5d*i&Odi&n!wIaHzNr6O4YM6Gl30~Rz7uh1;jrcJYJ|gDgJGE9- z;k!2?Ex-fP~SXz8=#CiqCR-C~~pE@m6M;`0%H_s(E6^5^f(_kuR>M*&JFiunoJ{MEzo zD}N{xX}@F?gU$;ejp{1iBOq=u$|rc%VzM{cE;`R+Farga75v3k;R8ebn8UjNkD z^~5&FRF-)O@#^u2+$4K6aiqB@uPi4FT;&Q6Ww+>1 z`}$0kl^^&))gnN}w#6|q;c$}Y^!A22S_Qrsq+GUtQB8u^``X@!_lZ+5dd#NYSnmzZ z#N!K>h#Ix#M@re~FJ3EUFbEw6{vT$p`7{8Up~$qdrOZMve2;qM^NKI7^l=J&;%XXjpq($q)36cf-QN1eI%T`bialVs$#|Lix- zpLZ&dn4hlzhMfqn7ii6>_SC(_p>UF-Ex92r| z)cM=YpYlHvk$<>(f1UlMOpsnNPd7HC29XI79`1_}8hpg$ogW2SYLUb>f8)aI zF^kT+OR;+&SB$qZ-e&7nTL%AOj+$JIOh2V}^ZWT99p`UWIQ9R*3RC{Y3d>;PxUl|< z73K_j+WJ_s(4;+E2iuJ#Af5j;bOWB5Q9vUq49d0Sa;E?$}x?o zL;aC2@dyUxHkCxynX2~;D^bKJJ2;y#6LXCT} zkSKEZaRS0@P|Vxq8texgd*1vq%)4KF-i|9E%M26i8(ur&Vt+=Yr8%)p6f41JlX)RR z_Nvvvc`?R!1L}%rtiLdk$55pDqS2R|S94duD)L6MPF1U7F|vV2ZCBrf^H|qlL>iM) zbm=qk#zi|e8_t0ho@@UUij0MkQDmZ0q;`&W^22UqYR9bi!0{X!O;}-|{N!^iweUd! zultVQLwCI&c6#}UA^y2liOew{&3x}Oxa5i|gJ&ZGNXixH_)E$aS5H6X{v+io)eZl* zlpDQz0Q3@*=l>(+@{awxlnZt?@YBYh9wgw%A>+Ewq3`2HyXVyhDS``(U|67#vrR8@3tv>r=IizeJvT)A5m(2xGj>A)LIhLJ z#;Dz|#?C;r{je+Zwxpde+IGr)_6JVfQqW!?@s{_c0junbIMA~mVgvsNXN~lyYrk}@fuc&`gtR4id#{{w+DylY+*~i zU!uDaJi*s;-84O-uMy@^+^II|C}#yq)(o|c=hA>$5oV$dS4}{3>gyt)IkNMQv(eth z=7gVLGXtDh<}Cmjq_zUWp&iU3!K9|zB;c&kF~q}$;s%=2yT9YaVDNHm>sls%u21_2 z4D$s;Hz&FeiH5ejKX!jv?`*rn-rwX+^KPA7=O>!}rR5&}(gOd4i~vUx{z88|6(-z^ zFjYhFs21R&1N}_Wl@!*-{29Z^03>|0IsBIQ)GIiDnUs7BFq;2j|FpYX#)X50bCMI- ze;od~?DS)-#|M8)I`0In*r%2(j0ZdPUS`D$ za$lhh=x3(Y))3zKm~#bw=wpfc_Q9nZ5EZjvy0((>r;=rj5GNx0sHr!~R*qqn*rB~O4Q zw9Q48HQ<+Fe3->xr2>gZK#+Ju*!@R56916{{@i!~>9c;kK^+}O*bR40g}ey!D7H!z z1OCXG3fqSp&G8isW+#lS0aNG8Ll6^o9jR4c_1QP4&W*gOjlG!$4I_&Rwa|mO7C&yG zfERH&!`?%vo^LPkL>$%-u$(lP&JQ$~MM{_+$}SMK_g@>wP+)18w|o^g;c*65@Zib4 zSk0hKOr*m}FX?rW;^-*#$HJHHEXIGtpfsr#H}lR;&jo~{aCl-K3r~Osb--#T6j(+> zRtrdrLm+-8Bus+EG?Le{ad*iy0##HS0K$f26+g@f({Is5NBVKO?IL;f0dK;b(Xu}aVu$IBXi--x^@ z{?t9NEI_{Q_uRq)5B_%Qfc|4bkp^P^EV)t#9u`vI9|Q2<-E`Ij5;0^)@E<46xi&IXEUtcCi5 z#I6I+7TLNyCSW}^h4YJD%|u2xMk`Mm;cp$}$e!yPL(>fUIXcig{JtSM{2nBueDL-` zNuTs7F+#g9hC{y}8}D$}Dvg#PfKzI5E5(Mz z0yp>yZlIJ$0wE|L;g1UbTjS{gy@|lK2Jz*HX40Xfo1OSk^Ysq;zNOiqtrf$guZ5 zfTGA9sq7$wrRkosu(MzJ0kYgTaY6y20K4y}zwe=O@z;7jcEoC<8sDU*j{@-Hs$|Vs z2MvKu;xduSk&D1!lJb1&9YS_6aM752M)P=)Pe zvKzn_oVYWYZh!Y?@#B1LttFv*=k;76z&WWp2~)aA-%c;HyLM3itA6MAl9;b9ckAbc znK8_2GFNI$x?5HzMI(EfL68!oKr6b|19Pw>ZRpOqr(_eSxOpVa zT1p<3cbzrxGRcaW;X71xQ7`^HeJROKpk?!}>(5{KXIM6s;yRR#NNX6I_K^;2J;(Ms z9?Lje_S(kQ=(el`1D!3Mv}k@h7cvOTQSA5j?{K)QDeN=ahGJ5GwlH+8VQ<=LPdNM@ zdnamM&$?-#$4E;yBrvRdB>Zu(NIb!ISawRhbhR%=er-s7ughhLpsDIK^nKffTMewd zjmIWE&SP4o2u`P`_cdtTyyG?oI>+0xhGThcxa4=%SXm*YF3RXpWkm&SA)@866Bbv9 z(hKun_O{u6+}?UOVb8%QN4Pp=-#KU7 zN{|{-CEhyM(krs`zUxhcy#bVnPiKz@MdGGA5*OkcY|Ep%@I`-EYbD zd`M|U%ymq7YoFp7xtCQw(Q3VNnc_&rZl7vzl~bz;P(Vis45~yH=@ryanR1jqMJVK3 zM4Nm>{kRn|=KMhr!a?%ujs=qWA(C4}7>N;(UJTzMTQ`&z4wD0qzaI{>d4RHtx6h#P z2PBp_Q>-F}xe&Dpv$&{3;8-rLydqE>6Zy*+DAo zq5YnE-^@w3aF>;;qWj+Y7s0ZjH3O#^jBm2w1R)>{uInq_)BfkE*<3#Kxy9GVtm)+p zGwskkUQpc1o0C4pTl$glNfqb!vPDPXhnw}3r|%4hw7kA47}JE_^y)NQ2Z2=8nPtfe zl5`d)#ns38ara}e%#Pm20Hn~(;~4h$7E&7L4F0&koiojUbabiMO@x72fuyP&r?iXkn0GQm0H+sW`ja|SV2g4 zd!dM-*J9O&e5X;4q%~qk;YVf=x~gHpXQr1?&Dnf}b%}+_&wjPnK zC5>6DcO*ILmCY0L2th2Dw(+Z0Loie%PJ-aX_O94O=oUcEhy}|W6B#s#Rv)m*#4Qet z!&qr(qk5&^GNSF%3-urKkt%QmtfcSrzsNMhyO~5WgVJ?nehD;NR#)^r;o%56!l~$@ zA8=+_o!x>mgvVqCYzk?!pb2!?yMX3!a{wmpUxa=(S-Gg%fTUdrEshR1dBUj+c2n-@ z-2Bu#B(3Jg8@4y)JqP>B0}kTH)OhPKyY~vI>p3KfNcnk0yp418qk7~w*)v+DYwD{x zX+NOxo$#%!QI=QZCt4ZariPSI6nf?f~Uk79j^1+{p>A>4=L z=;&b+Ar8b_X4qti8}pRplG4jK-Q?MxnyM+gpY&Ci`obCd7714rxj|>zzkH<3U)Ls) z#d+a1y4~Q);4b}z(Nk#iifexQet^G``@%yWnK~e;LHU$gm9W|)x8_yF_(5Gb#tUC9 z#ClZ`qu7o8sW<&a;T%5YtA!4W(1L+wLYU`)&UWEKwPZSNd|xUm<^>~&Y*Y-BI;0ps zMAReB*sXR z@SzM_Ki(nC zu{Wcc-DYAGke{RPJ>u+J^u%<(Lmwx(6s@5AIh6ex(lNy8Kk_1y?|sweP@!rynv49{ z*uUxTjoo-W7{C)ul55?jWq<;>XkjBP6=L}OJU z>=UrVsSx2L`yF;9d2dP1G0W0KNYe=4d9U=|r?;cknUPMG?(8wz=q}TD7-rq%?kcqpK<5SAvcp!U|z3{hON3Y71DCyxJBxg0OU|M5jEZ@OMJ6I zTMwMbu&y+eJ3O{YdGt*rvVn#eP)XZtRB2GSQYb@|n!W`&J=KcL!Ez`h42C13{L()h zkwVq*M69KtIrQg2U?p>6(%a`0VxL5K!eA_*6yKFe+CV2ap`tq+%6^MB|uQ zpKoC?<8p?jDQ>N-(YqnND)>>}6QacyKM*u)qijErR&xvbZ7SSc*u&O)Dh91o@q|D8 z*l$nzU`xC})oEMa)thKqsdQoi<;Tj5?d_=7v<#mg@(Q>dy@N3)%uxn-mut!{k4Z?km^X-0hp~B#5U;h`GWK^_!Qn7_e z4g^@9Soj=}$PeaC`efw#wYNvgu`2}F85T7CnOzHvKqI~+a+Ppc0IVGs9^5&q#yfOf zHjfyfyg<1LeH|)zfXm}f%CXB2I|v)DpbJeVNJmB1BbF%o!N- z!k0ND>?Pw`~ACLJX~)YS-*1UJls;Efa8FnhZ32Q}sj;;{qhd^{t1 zDkLpzd~O_l%Miuc?8F^6>ZIJS=*q6f33T)^25N;;tNx`3uZZSq3Cyp2(L0#tw+q@j z(*o(K-S3x-kS|>H%n;YKT5nz$S2xuHxT*Y$vba^w)rZ%B!>r~}ev|q-Eb%LoyxRE$ z{eWM)nuoZ@7lwIAyL=93jQUGUaBJr7TFbGnK;gSCnE-r&Y~T8%=?~5_}@fV{vv0PGosv#rI|<@WPaR1v&)+*fK2fQs(|nz}Bu9wLHGC)i#nE z?K((mr8*XQMPS)3Z8kb!PWTA<6+6=RV~NUA@v1cW>6fNANmlkx>rzUrxVXE_(oyf+ zJ`CgB3>`hBInNnTJM8*|oMR$8@X4eu>=p3l&CI8J%rz`FN~+*RcdjATSZq>03MyK@ zM)AyY%-L+3jB=RK^W^$jr*Sh)ESP!#BiVBy&HM26_)C}A7wYV;OE-K&ZRrTc^R}WO zmS2gx$q1AIVh=8sInJ42={B?uD|Z+>orDwxHSn?~>veu94w_iA?56-gKq74x92bB4 zO`oz|Ao3>QR1%`Q6<16DHeT~Jp|>#brcA4eeD#JykUUDJLymAE2EUG;6XUG?~R%C0%9q>-KrxUM|ZVjgcc zd(*BY+;{mcb9Hz$Jx0Bn;BltshWAu?Epdu*3y}?gFV&Ho-!OIXH2HQYQ$c-4Nb}2| z!m2}H?s+LuD6x!?+Rqe!QTiaRda;MKBvx*h%W-D`>m~kM#J-Ev&N0QV1gPVIiqyTL zV~QUUi)_XSF|}c1Pg1rWyeH@2B2|A%&|lQUYlHz3C4T45Be(ZA@Ad7Wba}EntfkD- zbXD$7I{Kk=*8%WS@`r`Oj56mf?%DMgz}QS%TcmU`KHiCV%Eh1;=XInGx_;+sBC_4Q z{_^2KE)l?mJOb16!A9q?c++dq zklpL*+y*YjN64|`) z2v04awmYqlXB(*STB#*itZP0+?$U+FUi<3Ej@H%p?nxR(2 z8ihT_L0I*`SJpj6y{dpznJj^K$^V^cGhbbZVi0teNG6gZnhf{dP*vopLj=w#v2DN@s35p+1t0cj-^ZLG z)QAUG;YjRTH;LjF&LfExkSkeG($4@@GXlyooEWBfD79bRk4FkDI*ryh(D4lx;G^j& zndlWXi$0fyKdSXymyX3G7rQjP^(&Q?&`-Ik<{U_JcPe=vLQUC<^Jzto`v--?FRVu5 zG+;%fbyZ~BC#4q5>k4SMM~}PUr5rNNk7=oPKv^EpCJM(l_$q>CYrrQ2gEu*&5+AD5 z@V_O^+Gg$_l2pX0-6%Rzf*$KE4&ugyQWY*X-zo;PB1`U-C{woK8@BrxC1vLtrH$$eC1#d4io`;# zi(AM5e0egq^8o0u7f3((8PkfV#tCHGX`esM&(14@CB_|uQT=zDPi)C88HCpz}s0)>{FRTThLfQm*6E20~={88^+THDOMs) zn}xg5TF88V*Cu%^&%<~f0Dhrd&(TJ zv2!J&%Gh<)y`|?~qpfF2v%@Ltw@sQ4T!oqBGHgLt{IQ}k5F_$Uvu@M>?vUg?^(>VI zKg$jyS|GfHYXE#{FrF+A)k5dRbOklhRU>!+GuAf)sG0*_CmJ{=p0#(SU~oN>$Y=t^ z&~PYdL}YFLUduU{{{7%VKL&#!4BJ3kZ99g*(-%Qv>H2G{p`fiYDnx210nfqN5M0#$mSPYRS5x!F25~Ubt1DEwvxQ4@4 zIb*{UL;lp=_vnAs-Jt-yYDtekiCrM=5al$HOLAr1lxg|hSJAYl`BRG~wMkJVoQcxt z;e~012YSvvEcxEV;=Tl|XOqxELhAVNfuJPToUwi7fKpQwcJw)Fv!i~N!00GM<|Yx^ zV|go>J}Ec*T%{-GRrYLr{spmg()jpW*q!Klc@-|h=*X!4VyR|f^$7UyM67#+1?W%O z(V9iIgVAboUdadDeKKN{7E6K}+OB)ux%otlQm83(=@j}bX_LCofm%4&@Od1Ei3*3c z8UwJaJ`-!*-QQcPQ8xN0WBw0gXBicTqNH2godChz9fG^NySoKfvaZeFs%+_bJ(R^ePzT~@_dl@b4SrfX|LDD+Tq#+SgF zSA#Wzvd%lbK){E9iyjoHg=AdOQ4XFPnZnwRql{EW>%Bd{(qR|Ri(4=YGgDMB+n3dv z+sy#__Sa~r7F##c_- z@!lwx^7UhzZLf2vU*CD7Uxf)LgUS*)2r^axLQIsH0~Z(O5_c_+HhH}4(tQwG40Lw8BcSeeb5#@EI^GjDLV!YLq;nKQTqAdBkiqp;#`RnOc5 z!w_SLQ9#$@C)8r(=d$(g$$cWHAR>S zlTok}+Q1aXKo)fu;Nf9()G591sP=cC(eaCD2br|p@Vn#D9qloX*wGManGUqO74M@^0;*w|PLO@`E3*|Bw8bCx88e zAM5U;>@A=W{%TOmE*2i`Q_zKVM+LxR#1jBKhDP4DLDUKAoyP98FCs5!$1S_O55<{` z$`E#csG9{jCg!%wThR_(Fgz6wyh7Aqd}7yyE!USU&}R}J+FkO(!9M&F41RRCaV@|2 z4GfGy29L)>&>5$9fN@$+`3wP~WX|~g_Qkb+d-^#NZf;A?6{K%v;(+ixPJyK21=hel zD}^$V#5uu+s2-`&trD(efTu~du;NNQUs5%4k$+r;O2{BTjxUxz>a?6WtM2?qGKPk4 zk+(#6+R?7LZz3GXU-Z}k9l1&!K#$u2^w{xW+$&c~4Q+PqOh8Dlw<@Io88o71{4+AV z$W~k5`dO6&eIJOV*Jojc()scy7kS#18{mbuz$4oT?O~{lf&1xQ z{{(&+vxIy|QUH0OD&!S@Xmq%*={pWfTnsDK%PDbs0gSZgjY`x&U6W~-+_RUtg=BrLikEUF&s-nsN&7`PORHDUFRaDDJdgKX~}dKr^xolfB1WS+E0Nl=!N@ zH@#L~d^J5+@vJu;_$OSA=>&a^sUHh5@v5aI1dslUfxae#>8B`6M6!z zD)%W#r7=?PneOe-gyHA!9Yk;X(_$b;BnTVrNkKlf8_&~J}+d%W^FczSV%s^jJB!RvH&BI^-HC9l0=iG%Y zZ`QQ445*#~1FZwKNl+{X+uY#F^4mlN`K<|K5U}yvFkR=1*-*P8T2eD7J=P>qR_&=H zUvm%`Lz5C1^N$2u)H(BXvTGdMGu6@cZEK71ARj4;qA>{ zZm?sNvZ>HSNqwN14PO@44rIJby-W!Ok6KQqg%+jsVC$p&MH^g@VvawA&y2IqFe){V zm>GE`T||oVhNCDW#=8kU2sNi+1Gs>OzS{>|i9|Qq_Bhc&%M>-tX&R>UO*@c?>Xv*? zSN9}LHsQ@wygbvx*g8g)T6VJ|`)FuKWXe3EZL)@T`>g1p=`7;BDcIHe>a2*g2;G8D z^iSb2{Hys_S3zpth@-1zZHoo2{oDYpO~XL5&dmD1mmRlO9o=o}u}*1w-tXsV9zv!{ zhk2ZBsS{9dq2WQyrXtMg4;?2fRSSns*r1Dzlbm-oEbJEuoR!09!QkcF^EeEE%C*1?q7(X@R)D29PFi7v8PmQLtX5Hwa~mVQtiMrx1@ z9FzXU}!qb$X`Qi^uLDI>NpCpW)~!$$Zsg)wB&l;;ruqoM%-62 ziuS^qX~LfqL_Gy~I%{ur$(VZcAK|=(N2^jXX;m`iFE}L8V3gbKiY8fl z_rgMUSGu7rB$YkSe%&@^V@8$(st!y-g(sR1zKQe?z9~7)@xNCcTiS9^&orBIdRI&- z1l5Xyv+96aqre1v%WGIN#Hgql>B|$g4&=E_8O`9*6Mq(t%9um}Cpo$& zei@#KNTwwhN$=}f!)?}{>X5kh&Y7;jXugp~?cDDSkya|Qym2pWKs7-U5!gmPnsgC3 za?GD;bo|OA1iwn=yK-hWl1xfHQac_20{M>HnW|63Ile70=6;e3dI}i1uSWrH6alyG z5A~L>9cuVlRYZguOMVQ!C3aSGKZf2j;T6Qo3A(n3+{6k?`lGAv=d1EIt6!8;qtjKf z;_C+^r(nE16Uxg5rGS#%@nM=U!+D&yic(>1()j5|pC;H0S!kGu;+?(;i+q-BaRJJh!H; za8=pemU4v7o?D(zsUP3CONw|69SLv@=8iB!MZ_1;UtjIfJ#>!>Gv9R$RGQ8Sw07Xm?HG(IN+eqni7GI3}L*ElX8QwXAgt64N&o$K87CB^SkdG%>WIRqxq zr@bGL6ZgIOszFL$;RrrsipA%HEO|Y|Tb@q6->dB^yq&4--o5jVMOJi*2?HaNGq)+e z-|a1KQRY$BJFJ+^O_REcDX?eUk-Md4nx?6 zb>I%nsdXmLZ#Kwzhn8hBT8|234m5pz(o2K_WIlLu4rI-r%&E6?LO~ag@#7_`dY+NM z(acB`5N!W}H>u4%y_q;JwBeWO#uX)>6;wYPnxge}KqN_2+o}{fMFq>gwNSL9Y&KL4 z@NBaR*40@u)>WG%v94_?@}`Q#fNO@0@cDevTxjM4!qXlnD;csm9*TKFt8AuLj7Z^y z)i=#mc+nhtsUPx00~OKN^ehw=MuhUhXO`PHZb-paH6+$WQg^OP_8PQISXH*;0p5LK zd8;}$FUXL=VVv)iE$^mv--*(*Y1E1c;7YvNar041SLwe|vRfP_qbQAaZ9zj+R`bNxKEPYCwQUvffWH(-9Ma#$x*@8oFp6dJ8`ap@$EQ z6e09RDCEpNVuxMJ5^gLx>Qq?qMfm;@Vq+uObrjXI7gaj5-XHXTZ5r|6e0n6)U`Tyj zge8=qPQ-*&WN-0?P|mQu#`1$~o(hz7bK&NG*ddP2M1~-20VsMw`@<7{1Yq~yAd`~Q zcDH-25J^$J4=ej!k^Nr5jPHkiBs11*mTcQZ?x>-7xA@VPU+r^d2|T@UT4;cfdD7is zPHIw5-_C91Zc86$;U{T`S;XKfWr6bt@ogrL(lux*ZVKn3pYh*@2~l& zX^z<~twK1@{;i#i#cX#huCbo;7l<{}&|hrb{NJ6Mz+C&^sZJiobaIWb271nNQ%D_) z)MBp-`o4-iCd%_AU4;|x|6He~9yh-{1^=G!lCyrDd1DV|cR)R9R7H}6g z^jx@D{1{kEBzDs06o|nio1;8C_sp9DUc|*-q_jSJCOy`+i3Hn6y*)Kx%AW1(G9yB4 zxmaqEvryR-?>JU9l-negCE}(aY&N_WP=Dy0O-n&Zc`$5~gC0Gv^Ikci?w07s0SoE8 z7&XWubu^rsJXZcO!X!Hajpk3!5k-Y4C0no+oB7Q_Qpg7><7?3811BjH`A1m5AUQ2X zeYZg|>g(_8R+`w9edp2AW_y$}-L8~O?e`L<&KG(|he~b+*uBC>eTU;l1bdb5M}>~x z%7=WKsV2(BT~ma#7iJ7O(rk3oI{e-&ibI^RtR(Q#Gi^eOhp0koN%Um=Z5D@z`Va=l z>;yNeGq?y;4{p1o3R*`k=T>}wl;YoQS8JsDyD-hUqa`8wFKFy1aX2~D5p#p8T7FaE z18<6t&PyJOR831DZ@=5`PVAWUvYnQp@aPd) znl!5Cct17DsKXqCeAu;kq<(K9?prI{Eg*l^ias>naDOVi=!yyZ=H~dm=9Ds*y=TV8 z6T6$Oti8cKci>=vufqK<;fyDk1e&9)?CA}X7;a-E#;?NJD8UD87fdovM5p&WPloJT zy;2TgfVAbm=Y-1M7KSk|yG?U?GtojaF50O_&gNe{?t{0M*oY8qEh(YML;ahba%N>a zl}wqThvd3o?#<=u1S8e~j-V#uCqfJ7gv6fhaEbox6S z1GN5ZR}aaOA!O!2l~Aw5vML)8DUhT_@2)5WP-6I^=wuns9u3G37_9_Ba1*{+sKn=) zK+CQ~akd!#6NK-NF7?Wml)gsZ#$5Du-)y@OehY9NoJ`yP;PRz~^k6icq{Bsgx(?c< zBGD;WjRfuds;Vlq;!b&)w;6}g=|Hmp)y3b$CVLwjb(7k0NX`G=L3f$Ec%Q3xpv-2M zl@eF^i?fJQ0z%?16UaSM#z)F5mh^BxJ7r=t@O8xit`m##> zU*`tkT;svduiz8-d2-=BJ_Pp?$R1#Ua$}62Ga9@UPq~)T!G`npKIvO(7C>kzNy0Xf z)v)+iO7M5G@lx8^;ihIXeP!SX^HQ27%_h=!)g%CGPdEf=SAu3-%91Q`UC&ZElie{3 zT-MK>-bjbP^-?}JWLxUXP1R=uY6oubvFVZYUk5sckXpR+R_?I_`W6_81qX?uhgO3N z1>NgH(AMK3F9_EZh;ppsYNoQKOa2!#?7Yb=_O0(=+vHi9|l*yNhZ9cBw~ zDZ^rQI=sl*i_94YWCbXDtEUaKKHffZvZZX< z5qYqDG-x?_%+rHHW~>T^Fk}S)|HVoZZsIQ(kB*l=|J681 zX>6iwKsG+Wcf!u89}Gpo&F;f~(WbggoM53Oq9R43{8kbEFC5Q0IXZO&MaemnMw*L7 z#TfrakjeNHaKSlJ!Je_@ODXyY6(eC5v8k8P7el=WxK___`Zx6;tPiIoFD z1p7F^%yI9x@Lgg&#}0Vl=)@pBnaLv`3t563S&f>a4D0swH(T2->vAzR2B}@dja%<8 z?yjhCl26ow@O9*I&i*pf55uRGg#m=2hlt6RAdrdycbgk}pj5tfaS|3W+ zDeSjST5zdd4^rMZ|NRq>DQIftjoE@2rre)~@fLI;sQ!#d9SOl!Ah!0p3O$HPcjeSU zUZAAuHdx8>rcdI@DOQqNI3r#X)^%SCDj0Lb^;vadLa1xe5^S5?(S(CB)hh3gzrC>q zdZVaO#*Ta9bN6+}Lcbw61H=%RY{mgji==3vZ@gx(IU_k$)9p~;-)Q_R*8hjbuVwvv zTilHMhsM82G>P0+dyRtuX#CozLvZ3JQqYmZ+ivFOctbSieO?P~Jw3Keo8mJkEE!0) zsneo`8qUBf&kcvuXciiP(S31kCl;@1hn5ZDYf!%?gSXWR-Wb( z7TI$=+m=L>zvtU7LHYJ~MuRc~r)BA9Zt)QB4TdTo1!j|I-=2ntW5zl>5A} zY&!lD(snT*9Gwu;gT2E(nl?U>cEZ#w@9>`}z6s}lLGfXKp?D%ckHr5QiuX|eCyEc) z`atmrK}S9eA1Gdy;-4s<^d@wy@*gO^{R73f>iv!4&olo6#V`DiC?0pzpFgV(f0oO=!iY0oSXn1@q%tiIrUQn)pReAbNXra_jems9FOcc1FRPdS^k!! zN09*@CWas`UqbDQxraZ>4?0urhw?)pwq_I|&AAfurObHH4ZcCUkm(Z;)+6X+`cN0= z9OcQRRdDQYy%pDj)HL4cJ28pk8;rt1^mYO>=%&LLJf-u;@x31z)x+L-)U%%;3{?n!;8K0LMFaG)>;ZkBkO4U53(D=})VIZm0$ zE##aA-w@b#i-ynAX8*}SH_TQVn6U!4D$(sc>BIbMhmc0bMULsVeOZ5n~doln;JIt8TnXxja(Xk#wN=#qQe z?BQW481ccou?SksC}I*`6*DX!LgzhWQZ&`^7~>aB*n(L?67oR6esoH#5Dejd4BM~y z%L#{wv}3Q)1^&Dy7zH~^M20FX`plufM-c462hwLj48aFHE#nLR7*_doo!v0t~Lqb;Gh0lb>3X0oMy18ogN;NI?Rr2vs7@N}9 zh;K%qk#axNs-cNfi?|znv;PFGnIklFRcIdPZolWi>-r>E@H49Ts|E=~abhRamGvg& zuaQYT2vj{uSTbIQE9?1z;*mvfby-R{-RC95{ERp3Q@t69g%6EZd*=AcQXl5{nYGVN zX`wR{K7>7-O=Ufp`LmJhkCk&Cy;DwB0ERI~r@l$rA9OX|UF$i-n~>MONdbIx57xloH5nUtn+OZ1Iy5fH4;zwwW=LCnzFrP&ErMlRHtg zAue(h!E489;7xwnyYj=@(nZM>>pTX9zZ#V?E_G=L9VahBj;hL6K#C=8{mGv@L*O?A zYg3Lx!jY@QJ|G?tTap=Q`Mp>~O6RIViFASue%JW0)PW0avGW;)Wvo=gpy79V#Cenjj4WerNW6cnlLW^|sKe+&ga)((ml9>?b=H_G?7^mSd z>$=)U!IaJ-8C9w0$QKT-;*;;*s%_e{aER%BnN4L6+;1%qI?GcTg@}?V>A%_7)Ukm7 z&IO>u%@~gn-z@SQ$M{^$T#+@{Tdr7~U^m(G6<#0lPjq{tN1A6M+we9gb~wwaMsuYR z8s;%eGi--lubqep_!ObFAJ=uSv*J^iK??-=P7{g3tP!QtIu%-1)N=>>=E@=SjD9IO zp}Ao@k{xTJMFDIlBFvL?DBQR1$GhV1f8BSt(55d6(c(BdfA_dz1&l$i0*wMeJ=&mU*f7Vu$_(C+H1||z0K&LWAZLe-hsQ*LAx$;MDXOP5`ks%vN0K z)#voJHQ8~H`AZ~a-$VMEX%#Y5+73BG*U~icIb+6cR?pMh(3*;IObEMM5?ET(%vov_ z)y0y%I8q`B0oZQ%A;_*IB_kMVlHx_1PUqGhX09uGSg(;aU{mnwy*d}D6oz^m z;1w52Nw&%*SMe~-;>32V^dKT%h`IT7#yp%?v3#w`Q+tu^zf_k>;rY?_&o%REWk zP5@dhGzMC|SpjY$_B(@|$yG6Ee^~ZI{qXf=l?yk(GDj$Y$w6eb^T0As4L;YbR^1fd%_i&dcxh${Lql~2LlhM%hc_E(OF%EdlXMoi*kQ9 z+I++mWAs&PSNZ4x;2pCLg|-cZ7qMu=iVd@%?}|}p-FwYN=ujJZWrOO(xOrgQWPu;+ zxjAh|1tS4sO=;02ca*GuNBCLqXGc471Lr8pG;&ZHk$ZsmE?uGyOEMPr$9uoUoU4<~ z)kIeb+7tAbkF25c)tz(>#?U1Ep4&|J8!+iJ6o0n#3m&*4{7XE;Ek{4)MmBsF=NSMy_( zXv&cZJNWf#@eY^a;&Vronq?iwP7aqgNk~5oy#_M~SbJ&cY;M3Wn<(6Pd|5hoxa*A{ zMjKL`k7yW;?Hkpr0OI>P#~<+>r!zcBGM^TO`H?8VB?s*IF0tsur< zL!!c!4?AVs&Hm?l<={?{^MDL$bIT0MCVH=UK6S@xL-MBP7=`b*2}PriDbX~#13Pvb ztY#&nk*JB$VZ&sW>f&*W>SC>C)Sdft+nfdbWLy75x%3!pdp*BT$dLkGJ>{~ z=QEmixtg%>QDN%xVi>IG6EIywfR56hwvUUt1zqY_ZN98lelsB~pE>)|_Qyfd7u6*rlCke6xUAXb^r0yrHtx^O!@FZb zALB#Z%bUx8yWL|!pvdc`%R2#nDq;XQC|bKDX+xbJJPy1IqPk4qbrM)8v4Vu#ASJAk zo_@DdSpX_utL8| zzhAUmo{X68426k}KZZi;=XhV>$P+G64XlLO;62EfBQ8_aZ8#o}r$%mU|A(QF=Hfqw zLal4=A48#E9E0*D_c*O?he$jK3v`*Kj%P9><2x;P^n&Rq3%Z^h-ci&PjY;WD?L3m% zzu@D92G%Shy|2eb4&}0-h6CN&eHH31>0j7go= z>@LG-^<6beLW>IK-?L91hxy*uy|8O|ZBT)^Y#zJPa^f+Z$_MAjk1~KmIIaAN5g#=$ zw(ds_T&VP?27Zr4%a7S@tbr*K?jRL1=8pa`TnUPKtjrm?<9cCp8 zu-?CZhx$(gWy%SpuYN)h>3-xA3GX%dvTl<4lVp6G#6j#)ux5v9k=-y)Q(d9a+rJqo z_aKok{$7M8dRa$_&R?4}M?4tM1QaKv@x`9=3r-#*W(^~BVi`s4fuDGaG66FoYz{T> z!>&=MWC|MOSD&EwRQH)W#zuhhju6}`CI}wvJs>r4CLNjG`Z85+=knZ9Wn^*@2fypC^&HPR0xeUIJTC~MS zr+c4L{k}fKjJ>jh6wO-DLHa;M8akp+`YC)0V%ERAf=dmP z18G83)>T8R=Hku{Bi%NDgHhp=Tn}yZQ{YhrUw$h{P?%t89d9qRvl7vh#~%F7+q}fk zUW&(4C$HUFj4lon26^6&QiB{%=B)25z#+}QzoEZPu{fMv%ZmwLc~v?FUAXo2bl~ff z6LT($_~}juD0llA=^_?gqU{xMtLv9Wti!ipLRvyCfuSIfq($J6q_u$q^~;DafdWQh zLBLkUpzfYXx2l;udi4Cdlgp`gsyS{Y<$CuH%TpI@#Y#?~%ZS_9-rre(-LEYBMHm0mlyU>1kAINVq+pF@*aBJn+e{ zWX`fb^a*7c&%gJu*r@b&)ne+vs$Db`?H;cHm5Y zc0k+b2-|HyfLvx6;MtGIQgM9NAk?$QLL|BlvdaTvmuKSdX2}${emh{n(IA7b}8$g|5bo{m-kEPezCDeI z_^itcAzNUtY9I6 zeBINYlQ!eTq++{}EmNh6+;lB*)t8MF^N~49m-ipNikQE3MdW~ywx%XHVF#7CFTZ`C z6^>ubgNHx2ike++4+K{G6p!#g&=9su57(A6eVmi-C}Lq7_N5ORcV7 z@_Cd>W3EQFCArGg4>z{G(drOj{S-4x1g1Gv*~<N9&LkT}LEyJYR{NX0ej1#yr&=u+XCq|!x)8F#!K-RV)aj#DZfTo2m9b3leH`KX zYuwLCYOYB2@^*H2c8{Y0QtV9*mgZ`6)gLl6=>we097oRgg%D3pkBU%E45eypr3ahg zkgCG~ktOSv!hH<0awldK-Zu4w#`xzK6te~@vD6_{aQ5EXBhPGTF{tcRJm+)pe6(dA zJ{YgZ#(|q+{a}^P$Mv{G7>HTR1zvOI;?(=h_VB0d_KzQ_LdWi8MavFk+4{M8QtDt~ zJ;t}x?Za=pMn2jdr+$}q~xp}`IIzNeVi=L zx`pzZVlF5g=6V&uv>BGk9I1Si!ZSrqbCfinR4Xr`;(CDp^N?3fy&)6N!HqbO9Q<2? zvjt^;Ays*#LD-fd&Zqa(&Tom1%*bk`uI2zyc}}9YUGZ;G*{ytU%PdM-S~Z)6&p6f% z^@fb1+zOJp*dcM)y4M`29^Q1d$ZVC2Ow<1W(Y=gv!V&f-Z|b*<)NcSpNm0X~)pBGC zuCa&LyA6hrw13TGd+E3DOQ99_FHTkD89s;4pj#~eU6EPqIW_+?h&VEB z`X$KK+EpR=-MW>&l%E zAuy8}!Mh%Zq^R>P9U9U_NpKxMkCCqYx48z$yPAdGEQ975Ty3^?(D5@?>*7`OM%r>6 znrp`4%YQAJ$OA|_TPw%^?h4a?UQl9&j6TU9!Q}K;a%Db|{j+Bxdlr~DLOj;1;O&^* zG$i>aphhF|_-3M!r3yPUWmDYGTM6+lTLsXPt%(1^ldAo7u?tp9l|yPHZ7~Q05xIYR zJE=5f|E$s8m?+-4Vq3ClpQ-#wBdg#I~tdX0Aok)U&c;U zv81o`kZ$C+4X^}0g-n7rv6w$_l88IH zvzThIHW%sFiIk)e`R*xy)P? zz0~;{`3l0)&tfs(8N|eU_ZX)2oQw!Q=g20!&fRSO_$GA0%p@Jiw*d|H%w)oI9v4S+ z`UGoWnbrKq4ED+Mfuz-?7J{*lq0KtFa!3hP+Nn_x?yDb}wTQ zolG|{O90Y{IA<~O3R{1N5sBkXj_y;h7Xe|!3+=N*)E};ZFrvQD%+}_G*h5Sj2JM9< zx&;hz{u0{sbWhC*sbPq%k#HhiuPXeedDj@*G^}`nN6E_*=mKXrXMf#5Z7!M$vOgzsxzmkdn3AUHv)TQ`F5>yLI<=PCsb z;ufdGR~`XHgi{+7HBmq&&8)l037yje6_zvjf%6&mEdqF(Do?anY~ZdHrEj9i-k1N= z3ve&Wi<9bTYek#bL~-mELbq9^h}{;o`k*G38(;d{GYu>vke zfl2Yqy>Owx#itBM*uo1wpgpJu{r9x3Rj6H-)EpWbW7_S`_sM>~`r2Qw!5hp$l~fQm z158YI#FLhr0oaTQJ|TzKntk(;4j8-x)4AsGkcLFY zg{^5nWhzI;XNDWJUf%cYrk2F%yL$#t4E*i$cIM7Pc z0ls&y?VoHMkq&*fC7p;0g4BOEFztD&?j^iER-(GOSk-lgv!Iy@bz@gEk?Jtpoyn@; z8crKmbhHSvN)AEsXcvc*#YLPb%`YSXDn_t71}csgk+eHjC*eRUjy_)9#Cv5tpBgEH z(Aq2y4thiEn7W$-Hk4_`dy{NG@M~OmzYC8+3`jzD+*J=u!EeHcykM}~LqZN94gpX> zvFP~v(`yv5GnX0xK7>O#yWQAne{9GW`_mZg5SaNu?2rzE7JENzu{fADb`p#hdvV>< znsxTOweLjtAxp6NXb%Dax^Wx0RCo1D_9wDk(9-@BNHmgEVr(FHaR|;{Y@k;#j6&4T-Ly?S<>* z(<-#ht^Hct*eu4?n3RN89K^N0uXk=X{BjJ7Xc<8xrRQs&s-D80#N@5lylVt#8d=*M zE?JiCjO>;gfrfFQa=KlrZx?a~w+1MjRiiJHh3?(;Qfcq2HjOJfo|NxwkFD^J-50y@ zd+)k91|!e#?%jkJ&9&^51e6=o#{t9x?ouW-wX>PZ4q7~nr&xjYzq6^I(+rr_5o z$DvPGu{8Awou76x&cybeB&<&E0xTkY?8o`8U6t+doJY;YcX*?wU~YzGsz5R5{jWsQ z={uH`sQJzpZ3^5Veh3VMvq|Qr7>n!+#AX0a&8rSc7y8fSy=!CLYmXi# z4{}8Ok=1I$B8RQheiug$tG(hDa?{zJP{C&WL`;$GFHqU%&w4N?yVQN0+bhaE^|kv{ zR@&0vStheKt}CJdSFXxkHm{_?9L`z4|Esf*pnc$q|5Z9l{xlxR3YpD>aIsE91;w)R zS{8j&g-P_H#VF65bQ+OK}s728`-}qZE z(f#)cMkBs=|HQLeA>~oNr)~1tHQgZ0u2{A+4FrZI`sI`z#8ZDKz5t)u&#F$|fwC4t z3%M0ZxLDM|RaNW^AJ@i5-fe7=Eiet=iQbipaYs5a(UcP}KJ&p!+`f#C?WhHtjP0nf z>?o_TG-gwH!2`mlCR%_+AcnctZ4*)s=eVVs84r2HN`kk<3L@ho8haKJ1Es137I+3_ z#v9j5v*2u(b>K?pW2G)O+VIV&&KaC#%7g?5bC182Iih|C;QkK4X$-&~55$rR#4Lv- z#dCG77^46(4bEua_V=SU7b{y0+akIchD<>j9s~EK;r1Z1q8jV=}{O{NZ{7% zxhKlM7$9f*|AS#|z?x;DWt%xDEvZEG^(>C)U9S+0qH9o|rZ#L>8d6{jTi`(k1IGZD+~Kt)blg^Cz#% zt6lhU>H>VNc|!J{2JTPzJ_B)-P8FC>w)i zm4avXjMd;1Xedk!YJROBHjfwlet1?oHNfUkHTG;0K4qwT-I^nTI>l5Z&tmRH98Mr7 zJRrJVzh_iH5J`i%XO|1$PTlt(*rjOo`n^R;nF5O?&w?lRD^HV@Kun}@5t)OkEh>0V zIXrJh7D(Hn=p}$wYGBV&Y$i0deZ^h}NiqR_9-$EVuJx(p!8@V=7$e0SzJL%ukRd&h zWT943EdeD8x6f3*_aTp+Rg2GDbVkW!*hok`(oj`UTsqFM8x@_~EvR5pT^^VSnhTl% zMZchL$}bLx_zYGwpwk&hA_O$Pj>m>y!Y{rqU>F`2h!m|FGMha|!9Z>n-K1_MW&-%v z#?4kNJ?X3r?zDPv<+93gO!e1+HiSn`UYQfOy%Tx-2B|KD*PmY3iw+qW{l89UuQKSv zmMHyaMB09|`~aK~CQZ#s0oi=SeVn8oR)pV#HTK-)tgZ)_d`R+1p%oa(~G3*`b^j z72yT}oQ$sfw3?X9un)S=^a()s`%t0K$OS3M>{HV~9fMgY0kI4?r>p5SnMA(;=p!O) zv_N#B>ubt<#>V>KVG0&Z%_Z@%H@?iqI#^)*o1{VDsf4kH{tfdRqo-x5_6T~cWR}FomcwwI zjhnx>95$d1C6AMUGoLp~&!PyoC-7p|{aTx}X2p(^EvsFtaT{ClmYY4o={1)S*ffbRfAGv+h&`A$D6)BDlk>*9%2uqOw8VPutcZmv87(v`tz= zuGp3?NeIm<*zyr)WChnQ)y-gWgkC@IvL&z;)ZvZY&+tohGp#-P1MJ*j10s`L8wnDx zW=&H9VFVis=`%GmFl1+o1C=!iR}z&qTbMWDX(#y4TWaczSodtGMUi}%)RIvHN6G$L z^#jk#VB208K398gR!#ODLR71zn-X0gg?6|`#88r^15V4U-6E_s*sSSKgKbat+O(E3 z&m~2QQr4)x))3udv4hSQ#Jpe*H3fI_Z@YdR`M!K?akK(AYhQmKbM;lgeeG#x>ChMM zdbuxqoK0n1w9Q{-Z^v_K5A?To<+L$cYRLF;Vvz6s^ElI)D^Q?zWY{Yq{W)&^yVs*3 z5l+kD-Cg->3laI}NPFWagDp}6VcqWUHm*ja%qmJC|W;T`fC<~PA)5)zVl6B%V5~~ zMO|EM#gcK;3jaThA8z&{eXY|LiO<7)(%|1FU#`oAP{js8yLI%c+Y-T$8wxx_mE z)PU;W{v>iIOD|vm8c^vX#6LBlk3??KKQtikKZ)G1{J#>pBmb!ZZTycK5V6LejgGqe zOnd)T13EhSuNqLBM~wJXCgf<_J7Dq87b~NWWK6+-CSyYXm5i|{n<+kr9naUmMtRMm z+&-K^6(s(S3s~ZKJn`Q&phsE$hZJ|`K^`XMAU$6~ugV+F;P?WYSq0;=T=eRs+{l*U zpQ%nS|F-#uVxJk%YLiC&X|;QosfbQy8rc5PY8(8c)h4M62DI7^OMq7U(#xOD>9~wH zt=+|<1bgXs{FhiuWEM=~JbkFOn--}nm2*lRpk+9(c!^lyZDAx|qVSc{Lp3!oeCK0| zWx_loY2um(=87Y;xI75x)SpmA%D6#lmlMB`<(#Y)7e)C3xKXDhBx8sV=lwL2I2{@Tlw>?v|rTJnZy&X>7XC5Iq zp2IF>c!DDo)xXh@Y0tzkww@Hd`SB=!f zYHmD;8AErwj^Q)?#9kAEDCp3At<;2bE-IQ1-S1$Lh^`(ULmlQ~7!2cYEx7{^R*tE2 zvYb{3_qy^`du4F-{?J=cUU9;S)oEfuAlNA9Ct`3M>r*-FAm$6Pgw64)SZ3S?%(FrU53xGjG3GGx8(9eO8~F|0 zfknx1ZvxJl_0)bg1K~F$`pR#Z2OFzS$w*ME2>2RHrCt&!%$}qv4%8Gl3>ZZU76ipp zUEC_#&+9Z~MuzV<9%(Ack=`ar67Y0=$58bsed6p5G}{&Z!d?F?`jslsmY^7L%SMgB zuhbK{rFW2d@Df;gHH$d!6M23eL@Z~CXiyU{zcwIe;A2U8ejRre&*-*UZ~7kX@x?d; zx}^h<0q{^*BsC4dFHC0i^cHuHw=3}$NIWxE>yD4 zw2j+SSq2VQQHBKKx9|#4Ue*g<(}t&>gghr@L~Bwvr2ohW{Y=2T*)px60;w!I)93r# zG{b4DcbGUj7)pjE2_6^?At=;v(7T%c`+!NvXyp>bS zJ2Kmmi6}Q&f0-tNf=BfJQrO{Rx`xi4Y*Wnw6zqE7j4kMH=VUxw;E$1qHdi;H%5Gg- z`WD%$$kx;YT5b{rf_-)3a3`%MlC%l5cazacJu(Kf|A z_cKu!Y<*8Qurtymw2y_ zczxp`Co*Hr&*bP2X%&{1b)f;oIAt=`v;u$P#gYh~MUtWV00(64K>M-u_#9Ij1O8ellaAh?4GNzu zlkSjF`ZMJtXc~j&2Iw=3LAU_xJ%{z1j=b zsQuYx`?={?KK!ha%#4F<4C&v##e62wSZNs$?Hu=Wsh$=!_~OA+_`jb)x#MuHTc@A; zCbEvNc6?-3o^^Kht0YHZBbBRpDlgI#c7pJJwOGh%j!z)UW;TqzI59*K-J|xmpMENu zs}o$ShWOp-`DFcG^ZB!f(D-~yMDAuQdrS6BxF0w??e2P)L^c<>ScpGcgS0$>rynp{ z@cDqBrYNqR*LxhqXYNnK_ao4TV`rQl-}CDg1?>_rbhgO!B;jnX3+K1Ux>4EOm&<@` zu9ai)i!!_{Ad;#AfL`|QSLN`SN-9tUA<$S}g~r-yTdi3}a_UZMwWY#&w&18Tf8GsAw!^+I z{Ro7AVh%n)I!o85P*n)beb|5>6sbjQGPEa!{7Oy7jF#= z>{7Q>kg%UOaYIlI^#2HZ=jb}vcH29)ZQE>YHn#0FYHZuKZ8o;i*mfG*Y4oi=&-3p6 z?)U6-zCV(zwZ=%=jHJEiynpkWSIH!^eC9HfO%P(DOr~pY7WD)U7vQ&weY>v;nIFz! zM+kv;)L*>})nNz!w@xsg+Z+YH6xNhW!S@&{$O*%vZs}DM{3XBHs|)+z9ob(4Xe_TV zS`nYEndLn*LZ=0%7rz3@qRSw)hwcfISx)@bvW?!s&IquRQ3c0nT6F=*v%7M| zaa6ei$v^_f)2D_+GMV$Y#=1Hme8B>-6n??NJZ!86%@4E3 z2^d4}4;&kxyc!I|LHBDQktKb(t7&JZOfGe_9YDBA8M0&wc%)|gXyGONI{{4SYQcU% z3j&97-(WnTJtN#P4EUTUjdL|4v3JA2&9T?;yd#ZgJQATjN*G4g5ajC^;V2mQVA

      a?}@x&EMw51@{edi{U6l8(Z?(uR!e5v3rw2`kD51RV}$(71x&SejQ z&qK$%FOszvIvV^~0&n^Ir>9T5ce(n}Cj-~fr#^{L1K-njj-T=oK`7qO6{4?Ajyr+B zgh#NwG$;^C@bZC4Ct&f-oeataf#fu(owDi!+DZC;iQ^iCx##c0oy}vw_af55AsuMma7E9oHNHVVSm3;jAk!VQ|?AAu;Q1q}iZr{$WdBT|Lc z(1}X`>Gyu**^uCJLArFj-sLB+QlMWu+68Q2H*KE|)k3_s1?u_N_10IbRmzv#6s4hx z7mn?`DGE>(4`>xV zP!*tPp$bR?787U*@CQwG9;L3)cGS0e3MZ0(op=d#DOQ z{QbNHGjF-GVnCJ=?)u?*_sm0L0XP8gDM;3OJVY9Tb$$l1uziQyFjrQCf5>jGJ=$Fh zmF-=8@MDO;yfX%YWKz{^g%cD1M2)>D8tGpi8?O0pk3DAz@Yp1%Hh=`3k_0b145u`3 z6zW_0B-S6oD_Ty?ny*!a?ikk!VSHXsE=0o2Mq$*ffK`0F3{{$Rfp)83kcahWdPXFd znH&d3ZrF_ib^JaIvI1^Q4ERrZERYGM_<^+3Zm=2@_$D>BtvSmJ7e28VrJ4~8y=~br zgepBY_O@iBZ2<-H@y;G*B1%%tfC0bZw^~4?4qCalfe*pt;=)nvFbO7>9~cqr18%^a z%DWZr**btjIa^gNXOwf;`X*M>vsfnQ>wwgz;9uJT2)E4twH=_6T!yL1U~3U<-2aoI zByEPxUb{}VcVT^SLA#YzT@tox68Rv4hV1|X?5}QFmUeO~{`bi^HLeG!jA%d+LntE$ zYq(*~EJiu_{|0oSu5kZumIdtEdLnO1K`&j~)S|Q1lGtFgkHn?Fv57YvIsP}h$y$YT zRU2`{5BQIw$DxT}aTbu;GKUryFfH{;^b{~50nP4)-)yDgjKW^`VV+u(>zJ==HwSfH zAz$Wl!CSZARC8qN1?`{$j*jKR+J)%;x1kg8Wq;jxRHQKMbRR6Yuaby0HKkBU|7wDo z*X{q)1m*Ss_421^cHw_pAW+>L{qII|(c*8T=|@-n|1g?Iw(lonR(J}^0Hdk9GQ&YT z@CN^Bm_;_OJtN!#Q^+XV_DUw^X7H7f(p|Ez%G|9==xk-rTm0PP-kn*h)*pt)^)641ur zA^iHkp8?|;y4!ry53D02IssS{D%|DHMl$KH@?X31(I z_D6%m%#)CZn!G&+klh6)EI5VIv5%9NE3<+8Cv5DJzT9)LAm?;u7C`3{Nfm(XT4rPZ zMRpkq%vGBKolk;*&L^Z&kIxGCx=@3QMEy+Uh& z+^``iqH+OVb4Q=(wvY^R=zHyW{5x~Bv^w*;Sv=C6CmTRRV{ z8)p4P{jHCqgm)qqJBQGUAr{C3?WUFQ-+!!~reD}?3sgC-^`%QqM%=IAnpXrqd;q)B zptH9sZ+7q`OHGML&g>d(v5dl&f{y~WGvCroq64`j65OVAS+P%ycWQ7H_%gdo@jO@P z$eV(PjrKcYJ;An3aM(?ZOW$w0@@-!YX(2hBl9}kjRq%2sACBal?Fk}49Xq?y(_CTT zPb8({%s5kLn`TH&5NZFET5$59UingMM>?>-=YQnLfkSUS&D`EkW11}LxOwW-s0kb%K=zlzo(e;^$8)P6TqW-N z_WMp8f3PrhCB5aPeULMCT^kCQNW}VI6dyniJz|EAJeE&Qc5hMMeXif}#XZ5?1{%GM z4;a6_raoo;5?Z4jMT|Jn$0wM-5?wRrsp)-Ex*gbg6-tiZU>xqzw?xchAZM&o?s{zO zwvvlL#gVK3BhHaJ$$Ll$y0HuoLwYnB3mYb6&Rz*N`9*rBhTzG`#H>HsG=jEys`?b6w!XTiM2fjgfLa_4 zq_qVl`hE|D+V2#SysRBC;&P?$sNgejnQ0ig2*7{TC z>;0E~k60G|@jHHvRshec=nMDz$tF*A%ZgFwqjlZw%LfMc=O=te%olVTKmLY@O(F$&`h>_NGALKXPZmx^EjeNb8U!nSlZ3e`&$X{8}xqV z_YjO2*r_2gaubIs{mwKRsT!V5#JFUXcuC5*6d}(pU(u@;^y*q2a;}cZ^{V>Q-|CLw zpm%f}PYa~#A|fB3tWj&nbY~4Rsq34uQdOOJ1ZgY*Qy`wCc;)MIjZ0h$jOb=JS$Vs> z+?JFH$M4@<1-x|Kh}aJE!mdV~)!yZNCav^hp`hb7xxX4+0w3dkHKXby;I(+i%&!Ic z=iMJeGzb7J!K-nbx3`_}3gVYN9N`s!CFt+2M0#XL6$D5qMw>xV=cm6UlzP4P5TPX- zdG)w+0b(#DN*|9FItoOSq$sf5_dmnOwMdZ~UPb}l1q2S#Qn>caa>^*U}A6JyqkOj3b6(ch)G6zZ`gld$$< zv14qHSxZc_h1oeOn8u1h^09WOVZ@m9Yyas39n0fM1WX_k0n&0PR&jdYo6-W1)r>+b z!r@sy;;HsT=Seh100YJ3hOb0 z5X1Hs34?wRogn)SYmou(>?d|3-3FIS?j*F5B)Tp3TU*@F0>6T6VcpXD6Sy$)}5 zs#ys70zWn*CfUWci)L|~$vZdEwwt|YH=D0(=({%?2Nwz!690@g=p}slBfBP7wX%Hv zXaAL0|G>Y?uJLHVV7OyuUyp-A%;_=7ed!Od!dxW@V2`Vd07+IeI^&F4%iPu0#XkBC z0;k&SlwTT~a+UMEcKe1;?X!PIe6fdI3i(*zE7HR_be^WVx$n7jx z-uC=aTdg0vbYG}_SPMCE(nOE{1nCNV{v$|dtJ%D0<4XVUg`4ypvw#Y$r&-`n0Z+T_ z&F1QJ*e5$*m?TQRraMs->M^CNrXSNb7nhecn~j!a=Qr4nM zKt$9LVEQJ~%~Xh)YZ&Zqgn)HiSa1gLCHyKw_d3gF3q^8yMW8I>G-DEM;*?`oA-rAz zt~mtW<2ttBrWCuC_%AFR6Z$_H%?w+i#Is}MYuA){vgjFid2;PS16E-8Oh9dzd&A*#l?pB1q>swG&DhG#Hvsp2CsqsouLEL^z6#KU5u0Kc+^= z&;170?`%GNCB~c_t1sOPO^Z&1s9YYB6>U z&YUhLWJ!ME*q)dAh=(&C@Fn#gS@BhyC*Mw5wkms^ItE&@pusv)A#Qa9*l`E9TSXxk z`QnN(syV;qA*F`8!ZD%n6F2TDa%}%pbYRJhVSA9(@v88P9vRC)W*E{pX-t=-?XXUc zn61?su7IY=rt=f&cFq8XVmzZL19quKBZWf#Lm2417u3@h^@Iw1rc-${fx$61dlt<2 zJ`hn|3*?K)ya%zo_oDTHXRy)VA5!Vr8nr5BxgS}E`T z7WA?yGP(x3_0vdE21$OZzMv^J^KmLtqqyx*B{(PJI^c6q;zms|As=6(>BLylLFHQ% zab~FD=&2QGAooah=|q=@&mU3u#Km1MSfnxL@Wai#G<(;gjtO z#cf7}(Ss}rHbC7VAq-*|5wvaBlnI}WN4RsCt*-`O`Aa_V>1<;UAfGdCLAJ+~!RK%TCDo+@GD{uS3#5MzEyh6@c& zqF&q!Mf!x_T$pb+W1&J^phD(&>>7G_1ojTKLy!#PPut8j?jH(L4puoX@OKrkol$oc zE^U5%*@U5wYQ1u4E&Cy}D6tS;hN@_OPjo8N@Uu{E9%0Kgwj=sNBp}P}z-FZG4nzZr ziO;s5cuj@RGw_Q&DuX+c^Cjr%plmCBe?ChW+%8f-agfMt;CHIA3Lu2)sV;m1oc=<) zC(w{@53EM{duzlPQVtSyNhIQQDqlB6>5@FxtMEA)9_>G6v&Z~FriekNK%~I3pg5Hg zL8izmd3T&NTbtj9@%a&9zVAJ*#~>de(#hC$#qV>xeX|@v5K(g@O_%`gGe^b_m?m>| zdKH~$v8dT7wE= z34#hzK?KQ%F#;1#UXTS7Zflub^9Ie2&9pm}K|r(4Azq=&6Rit3V12O0w8k+_jbuZz zxs8ksv?_~Z)q`MqK21yHu-hyR3JgE6-847ZO{X+D^&B5^o2o+U4t$df8?0kq#VQkj z%TfCnS#hDSHB%UGX`0y`AX$wi{Dl12+(#m7Inyoq&%2g6= zB0mWGHl|m&w*HbtkvsR41DS~Jcw9SyXo4E$^LzYS3&TQ5K$oaYZ@x1O>1pbf0akOy z;T(}^?k7s&_=SyY2I_d_`2G)B<>^SYHyWXF;#Z=QaaxTaO-|!+7FkJ{Ww^GC@P+g+ z&*R8o@#r?JT5K(Hrln5sqt1llJVEB!4;_|It+2xiIpE8tRumOFct4|`t#C6D4PokM zDuE6`5tnpWPTaYlIPgkeDQyRFW?;?eOOS$a>jz4PW72$K(ClWifbi1JE8W49>*N-}jabt4g%P7P;IM#R8Bf`5<(R7xjYsM1+@L4;%;NWr;b^ zggzRWT5C$@(-z*`C)(mI64dkbRt9=Xm58745aQ~~o?YWk2~W@r@k?Eqg|UR%L2VRm zZ7pT~@1H`i(r6RhYQO7)1&ZqvW{=XH_=N)x36%)Dr z6A(t}D#-{}u@c^FM+dkX?(UDZ4;@5+SfMc|4y5@3CwPzf|2)ABRj(-tM%6j2<#|hg z2piJd_5HYcL(mV?u4Lrq&t%1^OWFFujo@q(32xYLP#x6AkY)->>Yz#f=L8R2?wKiL@b=L03T7qan!a^baRX;H!TMphaNxpgIU75Z zhkkS=R0}W$9EC86rFV}&$)_QKZ&YIHTw4n?n?6SC%DMJ zPH?__zzM!ZPO7NcEJih&yzj?#J=u0dS2i8?_=G9GKC|v2y^OZVH8%SRKl(a!VDDUD zXvLbUH|1~M@Yfk`wEusc;Uq^nR;%-=PWE8BQf(DHAmQof9DO98%<7Urler2#T_|!F zeu};Y+hEW+u)@X2 za4sm>8_>o~5O_DmEe*<98;bXEvzYf;2DF`en<}JF zgHzY*ZJ+}Tj9felwGIO=!%iNgyHC6B0#{zB{t4H2XIs$y4gU>y=;J39x3`a}prFvhc zRD7Ehan{i{q?(B!_Au97?juLc$z>(}r7{qYHS+1<9GB2NL-l&fteJeuoYU1_R7MT% zgWKP3#TxdypgT*aVqT1FPg9Am1;q6?gmLG(X&#UFrZ@2oA~e8SMe^eUJ;>Bd zfOT5OOe%l6W$}0szc5$kmtv8P^T-;+=bDx>D-V&i?8nwVB?%lh8G3B9KsHc91oH+qwA?!&=CB1vacfQ^lk3+(NX!{SG`d7?s^bYbNm)u$$C84B^M^Q zQE`-$-5MORDQdUx?YupVKpuM3u4_V~`(iu7BL?PBy+2q@qPg1S`rQeezB{_<`Eh1X zTPhr5n}oaZ8Dp+sh(o@MHIi|x(4l^@+k;1wjE8KI}e8v3JU z_swSxj4AeThaTt6PZn`vEwtIdB${d#6gL2I0nF{=6tnTO9BTHX)Z=pXV|m2_^!3~4 z00Ozir^u^5GWpskAf5JJ3lLO~0*#;O^ZDq z-8bUHmX@KBt1AhdQp(7-tQuqRrI4!au&XI^uZ5#fPQoyaOe7I^grlN|5$)$BNO#ywy3r`+UtC5`oUzzCWq&(xyoG-lg64t$^l-u3UWo8O5H|?m}PrkIC}8 zitF3-Xo|@K&P>l-2Fvxe&l=oi+k=Zn&d~1&i!ku6N~@MQm#<@rHnclQ%NvFvy(H#neGtVXXxcHt^&aU9C8l$7olm|CzM3tk)g2|; z_V{{OK48mITJ|?d#vZQTf0VjT2da5t@mkpD&bLWS-s0v2^@vTi{Ia|rK7E6heKoKgq4ipE2BlU5i6)3mc!Y{zi5u>nfckQJf7_W z8PgJa@KyUuYsYmFIUA8L^EMA!?3(veQnf)aq-zp<%G8ZEhZ5#6KkCmPZi#a>!#CIy zHy&_Zil%r2$Oi(4f<_{^2a~Lt!7W+`T(J7Mx2`&vFDI?<_XpL(;qs%(du=0MDW;zf zfzp3(IWXt2((=ZnewdSeNVl@)Ani_)tYP`q*AKDDjrN3n%JpE9-!Q(|S!`*~Bo_|! zQQB?3KfOou`Q&$Jy8ZrX?borLe2H0AysIoc(W^8k@&G?vW(gj23{~YZgWQ^ch3`*W zZa16n9Ncz3?~t4!5PAq#mGk~^;5CKl7Hvd3;(%Or1y!YP_)xuJ6shs9nB^f>rI)0L zD%TV-kFGu26U6%q|E)wz9vxcHq#oVn6+UNaJheI!_IBDg2G1OAp+6cHr@#H!R>`(% zV%mD%;8OcM}PL18pS|Hkbrwen@mj&{JfA^bv8JzL99&*&Pb zpPg9$Lev72pU!UZzUEsxjoY67oBObTQ5^4(g;8zz+lYEoS~W#VY%Vt`Dr;Sb6NB{h z9tHKY-nCSGk9DpqJHsZ03HYO$7AA7p(40W}d+L zBZxCZjofUxkkrOnWpB=7L=W@Q2^>8aPi)ucVDpb<&(jt)iUUk)$6MdqS|f?Tl}W)) zofqt?PPjqLH-n|b8@GNbkv;Mz`N^I=)@&>4N2}A#D~~|d8o>7^nf*9FCE}=rbQ?&$ zepsZPUNB1ztJ}bd`CZ})=c_dbl;vbzlVSk9o84l$CJmKww)eY-oR%xb)GC+a5rR(N zGb-Yi-Ot@lu!EHcGWeYpt(5uDJ&mM2L{3U>Dh>r(lldYBvn}H`Melr$TPs6z0*aoc z2CRMV&@((K_#~Y0g)&oz5fKgndZ7*86cLWM{;yLP&Tf45?W!ny$oPwa5>7PXH(_$* z>;$v!airX0l^_JOy8)f)fYxwqo#avXZzf6-1|ki3+E5qaA;*NnMUqvNj*bb z+g*)0J8dOj@Vb5B#1ZujqcZbl?plf8q?rquoI)ay?AuQJaIa{?kyF)`NEv!ub@Yf& zkux|jGt`Oie4v3z?%u@@vG_>k-6Tix3eAgHE#>Z`GDfMtK1;?5vYn>sf`VE|dO1zY z#4@wdjNuMF!AIraDay288bvcR z!;~{qh&Pct*iCJ*J(fY`bWs-$|KLD$emqPuWKNJT7q{v&8OHlfdk4CTR+#&d(BXgA zDRbH*jSdyynt_ReqyFrb>d&x@0+Uh#C~iSG-X`9D7=0c3@{MXWd0OsM2s-NK3q_$XCtTng#g0-h`n%!SKI*o^^?u zGtBZvYrhH|I>6`gCs75Ad1QZ6h*6l$1`m`wy3;QdqB$9i)&TX$x0ZJwLJRm#>aub# zsx~129>Hm$1tc%?xY)VZsn~C!1!f-c(=jDaRP6xW(L_wm)m$QcrZ~cpR|=`_!nB87Hbe#pR7m)TG0DT9~T4jXS~C zs)qZI2B|%|Ab#(p}?$Aj!J_P8-loNoJ0^up%uZ>2PTHQ4R9&hqbT-&O47lkMOi z&T?u>)Pj5G+JCl)i_^X5Tu2j8Gw?}YsTn&jLY!8VTWwra>Q{o*e^KeaH~}o0V)?0` z6E+){14WCv(}RMGdlKh3tw|>$?h~_lzq{#sl#FUa-QQxdfOUT|Gw0dGdUhVgCy>eH z!QFO_xVlP?i!}i7h~Z)imwlUf-ft@;6YOJ?ljhIo$2a9X>C8R9+-mSWHds4R)1@_M z(tj@$FkD<42&NJ|Oy&*rhp%>*OnC*eIO!7JzXp90AVBQ3Y$fM9ZyrBDYyvZT49weJ zHQK?2ieBX)$i3zwdz)9w@zrT55mp#^)L5~8Q=(Lu15P(hJ|M*@OgwNEA>be3mXGZ= zW!Tm+09^GVyd)srrQTj?Vlf0LmhR72J}w}bk4tOZdR-a<r!`h?)nQ+Ts9p1A@<}Z zG*xZvOzrF0T}qr99@a0eT54aHrNC*~j25LXApeqOF<#Wf9S&|5!wOFXFW^ zqC(6;6AbX|_{Qmz0KGLwo<_}?Ll8ESZ@yNP_crA_jgDMH#J-X$DK^M3O4pnQ2wnr^ zOb^(zA0Pb|xE|VeCm99Ylw7}ifZco2cx&W%g(rS#Z<<|tFAPVDl6j#b*L?HDE8p$M zhq>oHj1>175R*u%7GI-`^J6$K10lWL;`A`@ID}flT5c$1JlTU9_H&S7;+EQ^2Roe@ z(WwSGu7!SBr~SH!fb~H6gK*EJ)8{{~ev2!r@IITtHKfXZAB;h>!DXdWXB1~ zzghCsrly$s5@|^%1}kE&Xv_E+fO&(Szu`hnaXZTw2X*GF8&Je|PpBIB8;~uHmJQ@C zj4F{Oa$P&&7W*e}%mDV+C(!ZF4GG_yb()|#>n}LRRiUGgycQNrn~JzMJTQcD3Db$` z#6^vkrc`Z8WlBC6+?3>Mk+Ntq-CT$@&eK3-f}!Dzj+7(m|HBMrWt*YHRB^!d}$*a~1r>vjZqBSXNWjJCzuP63q#X zKy6%m>G~UrIYbWx!k&-2Ej%SzI?0#J1(F&UjoG&oa=yz)`P}&V?l*nATy&vRnToAz zZ02_JX-WN~v7BWYSD1z2I@mEeG0TBOqwO*l^B>wnPE`l-=*3sC(>)bAdM~-HczH<* zawiTM5`fJZp*~>}t231wlX&aV;gyo}m!#-L;fy;^O6@jjr{oX7b0hIsu&Bu|+R!FT z-g@H5tKb!-8TfC#71^Un0kjeay+$DI8@QHE)R6?~1sf6j8rB1-kL)#0FyrPgabZFA zzvijPyE;hKbcFOz`!m(+wDtP5p`p`cFp04AhUyum%~kkKD1o3-Wr6IICarQ#qX8FG z-vQ%B!V29|6YhWoz`Z26p7hzLroc*#;BKG&r}gyS}xFtanDzWEO8dWVMp=7VoavY`p*R`tOkl~IRmjr=3c67IqD20 zI_tI6>F(8YzsC03y@>hGR54V>uj&>e-8m?a+or~Ar-0r#b7l>AAzLTkVtw6G&pK{Y z;nA?SGe-oDce?q)ogcm4U0wP+I_{J~i~A{=7e5-x_6G=h*SO66>ZJw{Ba2DtXWBj5 zL{Xue$!B?yZ4ZYKf;1bn+i2Y>V4jJ!>fNvH$u0YeY6vNPXlHkxL?%=Fc4%uY&r;}- zo!Msx;BoX}CCg*Ze|-3BQtmLI z-t#omnoYLdCk8GHYu-uecf#1meZq)cfnzxCNcagf~ z8{&rnOfMu@NtEi>d~VxIu}RQPo%E}y`TFEY%{KkJ{pyDuj+_~GtD|M+mxB}5)9=Q7 zmhsm9&UNz_u$>$#WT(PGcP~EsieM|)Zl<`;W~!5^O8B* zfV9%4RnGdoR(`eUsbxih>Ogj>ox2k8E7y8mjt&fi>L4U=IohfKktr78M}K*)InOv@ z4K9dsJ{50Ax(cr+c6OE=s(2zY3omDcLoMDUrIKQN5>EunAVVvkA)5{3bJ^uN>dciH zJ}d^K-S7Q~jJDy3$jG__srq3p;g5T&*O=-cR9nn#1AgrN_AGFHbtpc}mcw)d{1G2n z8-5+I4)w~H^qx11RNG#f8GS(^Z9XQV*sVTD8bvthayHFp%;T2LMA_?0K@ zI`TD#dGiafczP`(2pkwzg^DW>mZ{rg9+24Gv8WA9MRGV(OOQAC5 zDBJJp`JEFsyuEj>+_h!(hH*sE=>$Cw%I!0;-@CHQ$Gk9Qf0B(=q?fv*_shnQ?w-*d z-dKd8Ku=6YI}X=q?cu&-rPi8AMTA#dJj(4$<}om0Nlvn29wDQV)-6&R2FD~!nJdsY z%x(@tq25~DCikND2TyUkCgW!9<7-D1MH0K`H8`Q9W{jsUTW{c_K4CB?OP$gUkuU|{ z^|N05YXUG;Jhxoi2q6bMRk`T!YcTN4=i|l|UK7=ld?~;?XVL~?6Y?-5P17-}AQkIT z=&?nLm~mkro>@1R7On#%iAt|8hL4_RQU{9PXJjsSczF-FG0`dQyuN8Z26?GBlg1t7 ztTvagLqql30{4HxCK@yj8&NxP^&9CP9%TTVUD3;9-aw8x`L>S{bzV>;x{*L3ypcfe zOV>)i5U?CFHAq%~3e@)ugzw*MM>jw=*toAZGh%#NCJ9YBNWZt! ze&;^mBZQ-?lUp@7SYT^<7s^wZ=eAU~PV|f{^&t4Ar%d>ik(2~AG$#r*)Np_jk&I1+ z12a^Bn}E^Xat%^8v4X;Zmnu^4DI!r@@GaakHI=_(XlQ(~nm4SnZE;dZ&~ELLO&|u5 zDX7*&cQmuzTaP_Nai8E6st zRcg8{!BmFvhWY(?8=rFz%$6v9^$$4qF`xs-%Kfu7+z<;UEmGk?#gsQcIPpK%?{pdi z%#PyuXT!7V*C}nmlEX|-yPU;LJaJcIU1J=M268i{ptmsmx-;;B-EiEfk0!l@T0b@~I_v(j`O58YI_o>2gIj?#^zN;`q zptK83baO=?9SgkyS}c<_bXucX;7`mBrCk1CTINVJN3|I}N>o+}r z67`Z!$yWxNY0ZENm3Z|DPjpS2ezyV-g{oTcPR8v-p&-Wbn&_>f18!GHLAL9oGP`b%*LvwAq%sjD)I-n$%h)P;qt_C zpt6P8R4v0CSkGHIpktXSTmKSF#9dAZ&u{dyJgQ?9lQYS+o~O&=%|a~Zzt+9Z3bO$4 z319n+W*Y~4_r|k1F&}fJT+?X;r?T>kg1W5kzODYd7CA#x{;iGtbaQ)L;Kyx{u1E(M zJh?_9D=m1)c*H%XwBh>#g>L0^)a76!ggHhBFHg3@8pkm;JHzW{j(dvSEx)2=`*69N zx8wbdaU|0+8OMo$Ku60+DT9T!&-jfF&%M`7Aa}gfU;qLU7l1k$&l$L!C~m`XU*$m3 zr|}q(Lu*<8loCW&iUT+Wd3BE0L-2SM+4fJPb6CAQpQKPg>mZ3P^iy=1$NOE3M&kYLj_16!Tg6z(f5H)|kK;4MpWUIu7>`A&f; z6EGgbz`N%`9ACm<)IqqJnb%Zi~1d;il36kBv6C@juVYtZ>682Um(hZA8A4Jkr zpY5#1j-}w(uL|P;dqHCZuoq$__Vk8o7ZW=pv-1d+VveuSl%Ay4g~+YMe_IRHuz#$D z1s&|#C&*k_*?V>NOiQuR%+xP5++braBkiC7DlUXH(CsYGDG&qH|C_g9v$i?B&BkVZ z;{UcUMk3K24wc{RWGL|xJ?goCoPCi&>TubX!sq=JQ(~q#iMEzBE>#B~4uff% zrmKWuOLHbC3*e9Fm;n%^Skwl~+kVw&Y!ra`pAg%<`t9E=>iLThr1d4D1D{3WDJ1C= z{-x_w@KxR+DQH;qhHrmTBu~Rp13GV}g^0up45z?{=sisM3wy3)PDz3WN>X0~p zY3mwfv`LE?s+ITgi)l}ygEs}I@SDAxcS)7+DDsc+Gsw8S<=A! z>+$VN^CoU%sNQyW&!_fYv2kiD$f|kaq{BzRjNjXk*OlMXxZSe0uxA-1MS<)Si(SaD zbvtg6n8Bqqq7f#RDX%77;`;6{HJ5lOPiD(|_z+J47lsA*+QJ|c(h*1>2CPWRI?!4#NLZ@~hOa=?E1n8jCz&KaChV7qli-AM<@oaX zjAi*gM`h2CMWyRA(nr4dcfJ&XorzvkWyXg|D5YchqgWy-cu2OvpG;qbiqS7fTAFf>u}jD;$oqjKu+)UAFZZn?jVkHKH~HlEy&_dX8qoDhmI;6fSjZ8n zww8)lIIm`dMh!BFZC}jWvQm}>JL=u(tz;5T1K~m3R|=F%vHWM0-A{RO+45ry#jfU0 zl%yX*hd3b*V6O1cD||z7ewzI}y>mZtpF^NnVF7`0vlMuS{)w)TbaDJF%{~}UVAjOC zpCDGZ^3=W51?08-x2SsKKpMt;a6}Su#sm~~P=R`SiK<*3;>p^b{fy;~UZMK*i&7>K zfxm4*yTrFD&5t{V%UZGspO9?gek_uTRIIntA_{#=;0aI(AOiU10Y8<8bN$4-FuBEa zHneOt|M?>*xj%oAtUUsYoa?yW6BiDlp{`2p+0K7ZfXM$71w{OX0*3#f0NbI*z3hk5 zB5gf)vuX_4=L9s_x{Qo*GQA-hC&!PZ@74+1YU0BtsO#~|Y)i8iM<{N~8_I_Zm7Z>m zu!I<2j6BpCdcImK{wQ^)=y~2-n|B#G=M^X}4Xok!;%BZV<~5H}3d}I;;YhCw?_*g$ zCKnI+^pJmF`u6S}uNC>3=!=f4ZZsd^mR{s@W5SzL_u^%3J$kt}M|n%Azi9N5(H!(# zK0tQE=8!sNx=UYcMIH323PN^iwFPJz?aA~+qtu6f!Jyn;q}a?(_rHIcXEvk|p!4h?h5)+SG@CI*U_retbji~qjy)oj=(sTby zY?zVE4sHLl&^^lc^OoO1U&2yf2JlIr&F(UvNOSycB?K?sac}jRE*x2YmlSkO`mEPJ zsrXqA!3WeXr;WKT1R03|GcB7Z&0OWz>q@Dk7ajX@fZz=Q&m-hI`c!MZt_P)U)4hY9 zG}Fd3^JEpIZFWX+jLTA9&54nxIiNl`?G5B%5`wM7U0h8hQUo8-xjH-kmEcsob(Rnb zbzzOp4T@rAioAex!XeEneS~mCC$@l-$k!BQGrZ^9YW|aK)IygPETkra1AQhf4DvyZ zw!J$2J_W($t0naLZw-W}mj!svmgU`t!8*mSVG_Wqhy>tOWW$Ai$qR01*TgX(7&S0% zL~*dUW&}`GaO#d~!hVz>Pp_gxA(dmO1aslN6hW1m{!3J8<%DI5r>qSKr2?UL%vkUc zh16t|8$2r%77))^4MO31x!;m^>(me}kdbDoezO6R0Fs^)VF zY+B&r(v@KrPCc_!!=-?)kAgGw%yuHf#1Fsf8~ZIvKJdm8YPi%LEfH~lUWLqa!jaiV z)T?OzW(T3+3zKLx8{!u0ym3;76o5E*gBC9EQf(U_2cX=F+w((IP}8!Ee_~aZ1avBP zZue@iBa%EY>&TM37d{gVEGD6c?|x&_fe)$ts$|fbk?{7{<35qXN;a&Tk}85wt_4rr znnVB1V?>LvO#CPc9B<%kMO)hWb6?&J8~H=of=MD!)e^2SKUU7EWXnf^!wFC*7?a%S zRmi}fXo=#b>O#OMN~dkGnT8WPVmKc2x@II!u5BO) z7r!aW$1lA6NVp3CB+tyIXf-4%cPwD{{+uQ_>4cO6@Ch>f&>{h)E=Un zW21`ClZYy*)o*0?URH1x3p6^L$I25T}{D|Ekm4bNUj8&_2xy<)qHK5qV2S}4G z)OxmOXrbGR{-y5gZ#|nC-LrD;-`cgK7gce~DobkYTWWo(QHs_SUYbkIwRK0SeBJjH zs+voJ2P@>RXWAD+dQ@?TEWuoFB(`{-!u3{LJkT7YM)KKYrzL zwn7o=b&?5zTYWrczMi;*XR*mngDq()&HN=fXCYw3_`Vm?ItQ%oum3GpwB95>VJ+vWqJyvt0FSs{{}H|6e0 z=37&s%x2R2Vhc<0=i1|ium1>qUI!Aoui}hh&~xaG(sTT!upXAv`So-bj+XeyO+8Jh zznd3I*4nc6{1C`!#+#wQ(>?K+AiH<>a(+iy`1%?)!gp1-ILRtzC*r+t`*rHe5U5k) zG=Fhy>zbYDid}PyA5F3&5iX**%e@H=ZpaGfMb{Kljf0F`W{JuY=z=-h=DR6S`>_&UA zS*ZPo6c`Db{7nj0i#;}flkVs|m6KO?D;X(mY8&~M=O;7Ir%*gsok(Q{(3I49j6r$P z#_l8qi~8xMVdY;(kVM#_mRzoN(7=lao~wD0hix{@zI%>JG${q1#W^0#;`=1udG zV)J_#clNyyno~xjN2(#@;Q4FxDl>vJKua<44Cl+4&t-8g2r%lVUR@gUo+{mniyie5&7Ah5 zl++qiNh;wJjS%Ya(!e!UF<3|MGapz3&WW^c|NIofm=oql13+kDrQ1I~g^=Wt$lM3+ zi?+}f)v%pG-Y>xD9hPNtLZ_n4b}!U8BJst(Rdn11>{tt$g^NfHCMGs^AV0pAN3E+_ zc6R-dIjXokW$HUIPlpMpvBr0!gPI%DM1dhp`x^TV&6@;PcZW$u*8yygCgACdWjOCN z+L2LQJ;SU#v4csC)TOt!xQFCmL!`rK4VXZtTJ;nEK&I5^sua&E{w)J*PwXn}&BmuW z*;l_6A3IQW$C7gNw3NHY!8_P~*^~xwp^^>hl8tqRb*f0$=|}vm_gK%zE1TyBnvy7C zB2sArJn2gtL06r)M-!p`Hs3Nw-%OzoJ9C+DgXN34DMV}pl!k4#Q0rs=cf=I&mC#QC6k~6?)LX1P+^5A~jfPG=LmIs7@wc8jWjZdZQNFHoIDs z8|)>YRmMp`YAkSB#m{~qm4|#Ur)-4bJS8L&es#X5sOjKFJCZC>FFo<-=eK-YxdA4X zP{`RzB#)jTAmraZq)u=m$&|cgK{1A9bLj?H71jxS{A>Y+Wd!RdWf_M7WV^sD@4H#B z*0y9cmT0Z!B_jqZfAR;f5D0@3qNm0x z6@O#|pLj71ElQ!1p$biuRMXKgWt5b&o}BiHj}^#rtKD~t-*e` z}}w@&h?I=oMRN7s!Y3&ICP*ix{~qt@^6_JTX=dl=bF;Iom%42q3VRE*QfOR z(g39p{ohJ~`Y)v*G4zj8fC4B5Nei9QJ6(uVE$L&0jE2EDt~{|&FJCI!w5B%vAgSHL z9Kv#u6moMTkw+mJ00A@j@qIYO6!*JQr`hP@MA1}GZm-c$f8lUelsbI%?Q`WJJtt%e z9R#>k)ZJf5gI|&^!p3(I2q@ z>GDS`4E`k+$p2d`NM+HhX6-A2px7+m4l_{c8P`8?gLKkaDK$#B!`DQk?H2e0VNX?Rr^|jsjUv^GZ&)asORC z$zKe8Kw%2nm);tk-uh@(JXpf1vp1D>X!6x6=+Hx*o)mZHD{R+4L3ON^e}d|0<$d{p zpgQ6I7F4f5QrA*{SsIm0-~Qn}HZW8SXb|{TRkJ3j%kCWA;r(Ehtn>d-_7*U4?u*tp zuEo7TaVT!Z-K|KWxLYai?(XjHuEpKm-QC^Y=9_l!bMC(P-1mF)CWJ`{fjpVa%zD;Z zzxAIB7;fO@L|2?%?|<09#4A<%Och|rgvC#2=9 z%@3N(nK}?Uk!PC-V`iPg;i-cve9M?RW7cOlay&BT9D0Fh6L;Mjn;M9u?be80U3CkX z(06w`25Y=ik2qM)9>7QCLIJ*b|1PZyp=r9zvVm{05zv~`@?BEUM$Mm@9*;^5Pujar zUZDL$UVyLTK>f3oaO68P^Ow4i&i+5*XBseef8l4vy5w7?q)+lJK=bh8Kk>5*Id9ID z-}o71qWZdz(a95j1x1~bww)WR(H9-sHgh|?<7G_8{2-i)c!pJ=y3qOB9tK0l)qELr z;%~r|dme|fVjeu!KQZJ;cjXrQM0&eT-;<1wJd(luxCKpgrE3=qG^W=vBKy1Frv7Cf z21X(}wzr*+F0L92^z+U#-QxI4u2@jGL>p^JL7X1_Z62CCJ2Q7RZPfv`%_FWqd3*DpV!f?jpJoxUm$A9^1i$uR zbk<1!xwt&K=Zf%mGa(GvOb|3b>W;X^jeh8#;#y%5tNPshZ}U(;X6oDVG4W)_e~F9k zzv#2lx!Zm6VG)BW5MwMg;TPhc?kGQZ*#+sQg%fedfi(n~tPj__5I@n;gh?_R?Wg~v zhM<7esH`IFi}C^8>cp~h&VD&Y64qIWzRQfnJ-L*hv`f6~Wa^NwI67aP+;;PbRT6v| zNb^BTvIx56h58?^Ibl#9j~7uBsZvu#Jc#vS4+dNtoMri`iEc8BuQR%?fO%iw%=fZ;$mEdnsX;BERSe`;xgR(TP^EwD87&!EBLSX z@LuxrWtXOGw0UqXv`%%W6Kas&;w#?tTiV=}+_<9z76$s_xj+CEcy8%Q+j>5KM{832 zu(DC%`?nY4tCkE8)nCi{)^pvd;KMjEe6Blg@rVTSVpgZ?`bC&z&)SOeY*PS9O?JV8 zI^jAZ1yvn$zppUK$V?(gf(7iQEQ6%@B_QXz>y8 zgOO20@=<^&6xoGFlCf5{O6`QLY@*8%-t_CFyd$& zWMI-Apwg#TTr0ib1|8E0tOMzVf(Rw=R+)pIUA{@#ouxKMJ{E^H2R~9i)T^et%3toh zXK=;}`4<~5g6L9pfA=e%@?~Hdr$SPY=5lJNuY*R_HN(=MjfXb1HtPaoQ}Szov7CuZ z?OuV`Q3T>~jVwV$N_VFSC4J=rPlUB=&_6@feOG!l42KEy=z2ARnsT5SmD3bK_tny| zg$MnkOecsIOr%gy7C4EB>E?Wc;8B!Op1MdXR#$$QliMUmss{sMF^qXclzB`!;xZAH zR2Ss=e$_qQ@{#Vkbm8+;H84|@RAN?X1&a`APaRzs>L|R9EjB_f2W%#^HBDwe7zIV7 z<`yMn62bC33u3`Oo-T8r!ULELxX&ouL{5@CFd5rrvzwH4WI>Ctzh)wSDLf}_`d?fH zdsR^i1yxDh5t@|{iZ1>}>K1<^b>Te7&&nB*uC9>DcvRdxLQZP@!I$V;#>Y!^+$_WA z3C3`|7!BVik+!dc89QjX8Ur{vc0dx~aHjWjF|5p=`vC3!!do3JZSNPEbV3_&yzX8A zK($Z9GINfDsd=Bm?vF#Xr@7~rhV$oiJT4P+)$%Mv zS=d0`p%xwzpxgt$`=SMcCZfGo0YGk__R=ld)yYG-j@*j z4U@8`au~*X@nB;RA_hOn#cjkWHj_}zA>(I%Qa3uPcbTdTGzE10Dkpr3GpWS<`eQV^ zgNZMyoZbEo(yNhFEatIO2jyu3s(U4HQaUmAJ?}l*2BCYb@9hL`I+p zo#(hX+NYL`JP7$#U_D5=3ha;I2#H0n09q3S#mrMb>Q(UJc16RFeq(X@bpkh-X-|>~ zK49g-FSbLkrbH>FoRHXy+aKkA@q>g=?&$GT4-;#ZDHXap$B2C4T4L(0y_BXXwo zi#OxaioZr_Ow}*4HnPf_g+hTDWa;#57B*h{pAtxogg^TgmW*?zs8)l+2Z4zE@goXO zsJBh#{^3W={`})dxUg@A|E(Zg8Zsw-cNsru&%qTtl*Fi|WK(ND%vK_Z-Q9nGnwRT1 zKQb}FV4C_m;L0g!Wc4GR*CXa$omgg;Iap z5mbNM5%iTEMD)56H(wvEGSF0(<&)M~ICX?(fG4t#GK`IkY$ZD{v5d})jI>)IhOaZE z@4DxFl7R2|hj6%Oh?LcwTm`~zpheeilLeg7dVM~KS$e-=w+4axIfbP+)+xTi>n}BTz6P)i7v4bDxVeOk0&HnAp;B6!X>!%6d5zB zl%7D^?dCV_X8Sko*6I5%#Q@*!*P{j-sL3z_C9}INVYM{nFQ!5NZ`#f2KWVqdZ&)6W z0^)AiGJ4K8O^%Rm(vKFyho3FN%_Qodfo;Zp|C8~sv2;v>Qz2U5Fji6RnL`d%a(|uQ zuMTEk0x?;xJbMy~do-DQ(WFxn9bupwF+>Abf@*B5u#(Rc*xwztokQ_2z3}mOkrDUP zUuFb{&2KY;;~@?5|J-E!oi9ANu0asjcPKNB!t39tn;raD`roLVJ1cguBFV?|f1+;Ye^58^ zKd9RpP9>Vi8`j;wQ8&B4P&d>B#9o+m9ZCZ}SPNAxVMrz4x~33{lL;n&WlY?dP_>-E(l1Yy@sNO|*z zG{H5ny=dXYl^K_t8<`x#)lwy`&mpxYJRsL@_nfz)%s)`nF2fzXdCCLr^S!0 zTNY&6+2eNEAv^ip&-(cB;zzIAPB@vQ)OR{cns-6asdlP$&Vz|HHr#k2o9ChcVPl>V zGU z;H-5Nb~5A{+Lf~gvvgFVXG*5W?_9QRm>%JN%$&_ORlVrz1;Ye!LDTIFlOFD0q=|Z4R zi#10FlZdD2Phw?=Kl^1kft;DGg_sCxusq+HG_8wKI`$gRC!FK+MC4Ueds8L;J=D`}nPHPR|J)NrIb2@mV+|A?KX1TuiM7NKh_DAv z7#v!QdNFSIIOfNw7uUSk5oRvH_TNjfVH3x@xUHbQ_NpZYCEtL@ov|@FNkZPxwi4E! zR`cTmd#X+r*tmkScl449ATGtxm08P#>Wp#pM|xZ)8h8Y`tJpD<16Myi4&4+(SEZOX zKnX+={Fxd)5ngSK<+o+&ecOckrVEaF<4^C(1Fj^s!}03m(Z9g6a59{SdR4pBQ!uBuD~uyt#3=SR znwfgX7j+{Jv?H~d4iGX`rq*Cq*guVi{xpPt3Y=J!8F>U^y`xADYW*B+-&56TxAS0w z#8@+FeC5?;V_reQkxs*KK5kkOgiq(2y<`NEEY5|QjI#%8R*vn@v_XCzM4Y*Ybh7Oq z@(IxA_d%V8aqfs)tE0Y=$B5vEPDWL;i}H>@?KYK7<3QZ&gu5?xo0Jfh2$W$mWRG1_jKN7j$%_4|D`*!ZK#}|fgL4R-`;b&&vg!xdP_KjS70Hu5y~FLxue^;&+P6<- zN3Bt4Po=g5J!sCfEZspHIt}^wsR`!>F9H+!niVOBO>x=66J)mWZ!CH~DmbQahuz5k$g6PU`jGtc6Pnrt@cztT*gtaL z|BY?!x%T@^pc%Na_Dbf_xl%yeZCn#b0?~%OhcJDzz2I%kH=aW>1&P)REha>V&sxh< zR`Bvmu-LVPu#&Ze7}MF1#Ze9y6YcmR9KsMyo17VkKEJmeCW406SI`^;Bgj&~t%t#^ zYu4GT08|@B4PX^Z?T;G`a^jB{7L|Y(-~r$bKC%RxfR3`PQx8!xnATvnL4~@ki(<`o z)3!I0wBFPMq!nBQkT$&6i-%v0HU%5d7D7L$#q$j6!(~Ynllu^t`ma-NxHH7%QF6*f z?lwg@q4li0GNk#Oq9bBZ-HRtt6FjMCb@R=I6_T=q6;z1uQ@VldD0)KfdXrJqNH_Jw z!MFgBST$O4;0O*!$OKo)bVX=wS5hLNA1Ov^^Nhk1@kqc^bh$>!b|k_Pya29e*b+*E ztSuH^3&;lk*lCf6{B(sc;HE4Z_*fBzd8HZgync!Qp%s_iAqWHsR4d@R9^^v0R~}=^ z9C-&LhNxf4Ml4JWd55J)maWgJsi84HM{s^3!ZRL#N~I+_vIQ{Zk1Pwn~n!VC0>PQv8L1V|GKc z5Aql#5G@{~ocu!2R@`7J)5RN)w4Rxr*Ym8+OS8R7*E(_PRn?lmW1z@h78fT>U&m)^|nrlAup^^b1245|-GxyBi^b-z*gYM6aKiFU{lKWaN5X?qjaM7{EUW%oDSWw#ZY@N7;CBw zhjzS?<)CEgNk78F`z;mFB)B&r;hD--v$TOb8&vsUwm#5Ki~Xjrs=5_-F>2(1^wj~u zx1(RRDFn8l3|db6zzvcMoM1Tm>0E_0#aYMrG{ts-?!7pjc;Kx?yFblGsoL;n@87o; z+a60s|B5fVtQ1}&$G-*-95AlVU&NcFS?0@q z%jRXcBbs|zo2i)@>B{1B=B=f3bxhQ{o7&#~}><^uE^?^Z{kulHlQvi*?`S+f)3vh_UTCdD~26&#dZO{p`n}_lO|Q%6})Ja9wq+kP~A!TpB2r z?6Y;Wn0~OCb*Q{8Itd7`gZbr~)w%GIjauU5%)jgnfj!5`zk7~s z$rFw>Ie)xL3pIZN4`fu28nj=nPpd6p=j3j#)^_L(qV=Te?vIC;i(dcx&IYXK?0-R2 z>c1f>U6#l)T!UMmq|ux#(wKV=%}FU&#Bf7_RH=U#9SdfFMaP!im?D}LV)VRS>rTAK z{Z(7cStH?>7x-NBL-V$L(~#q|-9rG>?wj6qBj;3AUGhi+(&*|-QFt&Tz>I8?ol5|8gCC(b$5m0JJHp{$7k zWy}zsQ*-!q=d<}w32z%BOoAglB2E@9<`5UgV*&B`kdU3XZ&P>G+1yJmSiND=f=MLy{HWgBcI2LJgBZL5!I!oJ$0&;tmRD=@s3h+yivVJN|W}!oA z9KAh~FG-7U5qbaA9rtT5w84$m!bx65U&lBKsIXc|DLDYzn01Z>k-99?;U|2}MnXw!W8B1cGD?N9>ptQ zE+(+g?zgkYiLtAth4V_Ql@_#%1oJOcDx6H8kO!{4ERy*$XcBhF9Ib{{Rj3=l8>@MZ zh&Bl1E_+Q_^f9j zF7@v|AbuCMbMT&pE=EVi++@oepd)Znl2<)IiM}t0xLM5;Su^+*MKga8S(B)_nX8#< z#uQl-c!hR#k%z}8kmuTp(Uzm2kds+ z4`%WKC5wc!GG{}~F2WilwCEmd=!V^k*hUI&5==#F^bA(|BBs9gfi}>;od?zed`khc zRRwxdujh6c(I{)}s>YjX+#lpEs3_NHBQSA{XTsBNt(C!_2~coVUvQ(c+xd572^w)xs59#@l8U$?@$pXVfCe z5XtExx87y-vob{zWRK<(Y(&QqWcRaj473vRvx3?B4*cow$6;{-Ha~^4IuYdY7Kq22 zjO3l-FgSQPo*Z`IU*fms6ZMsDmxjWfT6y+8l-`Xzq!kG`M3`Dxn_96IwhUVTj+Ddp z`*BztrOj|k-OWf)b5RMZhZWKuW@XnlQov|ehs2E94Y|JfW`HEPcwLoZeSn(waJ8Vz zIZVqkn3b+r8=TDe^*He&nG2zhw#CqdtkB@Dx)tF^o&P7f0Fip|&hcTLcom8g5%Ld{ zvu{*Rx$O%g>AP>W*;ENycp6saFI8I&@8s`4T|>U zhG6}YOm6`{SJtH5T%=4x0h>O1yRANYKA9?rP)^a*yC%=F3{Q2T*EM=U_FSB^Ub-V! zv^2uBGfv#)BW*T9SLaOHG&_HHVWw45gA)j@6;ou@Nx_@DM_xf1Y0%iw-mq1%!#h%0 z-r6sqOgfCjc{?jg;@+-IqB-#G;{Ydf7uz+5OtlpIrd}nxP7^~@tstTt>97s|tTJx+ zJsTI>@|wK)9{wXzQ=nWnrS0$n^GZqf_XE6JM;+|4Zm$f2`Nb=YEDJnbBeR9tjg|eF z1eMX_Mf^UXlWzXb&$syGs$px8I5NalJe}y+Na#R}J}^*haznJNSQc&SPLsa5gDSH- zanW$RZ2GLr#nn!|1S)-FYMvjW?qzD9NcvEqJ(HzJ!Ihl=6`P_el`0{<%_+e0WD7hp z{N>9_9E@FUw50_JP+M7sAd)lhPaYyVj^n)DCT`W0B}ps@8k!KL@9zaoI=LnK)BNPP zhu(xS44%T@splFSI-kQ|UHVacAUj;9rso{l;HE`}6{~FV)o^fbwP0L$bzigf=X_F4 zaEoMqwB`-wmEk_*iHP@n&RdhgI}5%3w>iq+QN(QoTcRbR#R#uxVDI>j68}l6En@ABsIMN>lY;6nlWgj*;{fvN^A*N09dw z>wdU;{1W(R8fr_o^sujdD@MubxGi4iV?y2`^D35qf+>cFC!{4dy~V=DT~L(RtuB$vqpzp(28yfFb8cm`gezlbyU2W4wZb=dH}iYI?8`#m z$Ug?mXqBF{BXxYieD$}&7tJiVdL!hf2fi@4faR< z2GqyV(hJ3+u^5?Q6GL{T?if5NJJSEVyn-M)yK%MfYX7aShS?{tF}d|8E`s81?nDNR zY(>H6r&mM=vMbDg5q?#vh_Ct+1WVI#Lj1dC7R=01zXJ9nz3N{<@N1IHts#32xZaX2 z6yGZ$sas)^%DUURCTK3&c^3<3h&qXSOgXQcU4q>E|Gq=oJyi5xzV60vU)KpvB!HR8 zMd0g?Z*qa+FTf*rejB^hSz~>I!n5!5GKVWROBM$?VkS{aacEm;RAfWH6C`m(14xT{7E%$Kb5^BEBC`GbURI zlOM;;f%5JYLJ1^DR(a242D2#MYtt8`MymOc%kzh}i{W3X?FMxqgdks^aWC!D=kw$R z*C%D&URr?C3eJoHHHY^j;Ge#(0MqXYv+AJV6J~F?m82s0AMMHio-o6P{CmRe6QxQv zP+EBcrPXsq!VqJTF;H4fS8A%>1GSaGF}?A8$n`vhCC^L6=i=*3m(Q@%2n&|Y|-CN<|;PWRfPo!QO#iApuITbqA{uu{swd|rM7@Z?qS;r>1H zmJg(HLocs10%}!q{=5VHs8Y|&&@);aqLo%EpdwGi;7~GUw;fzro@hJe@Lr{B*5{h& zRs5IG5N(?HoFRdl8#l`GL0sSxjzebjJ7wglEo<3_M%xu9XC{35{aSiJ;I_;sQa3FK zyazrXE&R|fZ-_~1crAa>+YmH85S|ZNi3QytE|5r2lhi*|YQPU+LpL(8?@&|M+f{7* z<|=OH*HYh|hedAPQxg%1;x=uQ#*7S6PR^I+Z7K9eb^FoEnqqW?y9&}0G$=#~g2eX0 zr|60J31Du$Kj#P$1PQ9$dJoE9fS{PS518H1`(B|YP_AmrxS|e5EXgYSs5dtclApDN zj=b3#kR-*xR0gVB?d>?YM&So|AW;e4y2|l9oIc1|XDY{RXE`1<9Nv4q1#2Ne+8y3` zX(7Gr+{p!WO`T-36S?qYEeNH+wS9v7bnEgNcp+_{?z?`7UvXb9^9^`Jh{k-@K zXHUif(T;L)PtuzX5=ZhwXWFDb$d3=58gk@NIu+4#h{Re-jV^kxdr2@my$K(tNWwZ= zF$j#qdeexzaq8!A?x_TNQDf6>gE-WI zk~IV_=0&HL8zRVmLF{zX%r=dv$F>kT(^^qz!TkLu>}p4&HSD~&{V{90?J{oLT!u1X zj{j#ue&En?1{1mw)Cs$E*;fMlqI_smTFI^UX6OSD%Z^yLP+u=Y-xlC^Kd4>$eb+!6 z!b?!3XBREgeP@J@)QIwYx7}sW&BAojm_(izag4RmH}v?CN^a|j zKTCF$z?noTK{n1UR#R4h8p}zpDWTC_FX5q%^C?!^OzhcgR`3qhcLBKq_Gy@*QuDE@ z6=kNS#QsMR#d}|-5jQN{kU|*wz1E=TEZ2cD+Q@)xdUP<(q9$je|N4L_<>UV0pLr}m z@>|ocYyaS_|8BV6b7k~Vygy}fMjXC?R1ERT1>Z_0TjUu@y1HAd>^@-K!7T0p*hHot@7WCDBu4G+!FFFEOvN({+G@yI2 zqP9XQcCP&9LepYXJVRaZ>a-OuJQi@%tbq)R=)V}2D1x~~R*JP@^fnSCGUwX~qwXev zz*~Gqbc2SI)yK#FsE!?zLD_+`LJG^e*xnjrg+lVJFB&AlAAB`0?gKt|y$ukS)KF?o z^c;=H(2mKiCTdtsgeYv=!@Wm|Vsvq#P0({osGZH;2L-k#yqyyTv@ccr*}+_2xL;b* z3az#WS2R^2ZFX)LZkpoc$XT87TM<2k2s>`Ct6`GeQUZ)&(KdfQ#=ZOvvp{@TLd}70 zJ{CZ_mDIcCugnugx`n>tr&q(61WyODEG}8f85wk;nvryeFK0dxg@reMfxABIels)F zgeQOYv+^`CeX1Utee7WX9Bz?Dc_^37 zO$HSBwE*YKEEn7Dp40r%MN*j2kD0_``!jgLy;yOgk;I2m3i;6?QqcrA#tx|cd%RCm zNOH05o)*P*ptXUk#N(929jja&v&+m&LLRUchhR&4>r46byx0vU-CZ;r)a0+%v3 zf`U6)YmPXZR|)!_RSE-V(_{gopy4#TsUoUfWn*WA-{A=EUd7YN={R2TtC94UTYVr? z{h8}&R>EVqS%fNnklT~L77ol^@(HPEsc&gEJYfInsSc|vuB2lTc{@Up><-SU= zV0RJCNkIoKHn%d*gTX?8807B?=#sVGgJ0rHNWi^=l~qi)|59TBjfqSPelMyd(3ZD7 z8;bfp=zOeDOOI=@f46khY-GmL{GO7QjEzzOcD&bow6~6pnvAt?3)OM|3x$*#$(M!S zPVu0j+M&o_;7n(y2k*|$$NpdW;s}U!3i0n*|J&$RpUuplrpoZ|rphO9MxMFz|3134 zTk_A*Eg04qpik^~T?qjeg$OJ?^f4Li9xOhguD>CVz}vhIGyB%gP9_k4ioSo1%Rp>? zzI^Jf4Y*8WlteH|d0RK=CKpwEHNHUGB$oDP6C>cOhq0BmvAx0JMS6Oig)}>Az?-NO zisXWJAU+)M8HaPIZH0uM&e(wEZ(l^ioN55x)l^amE!+uo$Ua_d=@5FHXg;aFF5x-^ z|8-CER#Ac0R_GY`_E*0(l=MGM<7!&cr?sd+Sz(}my052BH*q#s1i(gcNo`sUP?to# z>Kh572V-r>>ClZKnDWP0r582mGcor#2*v88FTD9{Vk)RrYvd4SI9r1P&wCfyaWyKE zKw>m!I%P`osyJw9wx0hC0}jVn=m_>kR261Oi8?c$iGs=JR`3B%R4{C+FUNsyDTTjU z{2Q$#nbh_XFK97r3FpxbCj>m})}HTU+*JKzAf~FbD#=UUUkr=PJ#FIN! z!58+6mk3u@{8hE~<$kHG7ckYY=u_$Ldd-aX2L2VjH+jDu`$`KD%hm?ZrNcX|S%GMX z@PiB~{c1jfNBg};{d%g>lCl!3f`Xuq9#ebhXVt~*ErWaakiv`pIVR{L*j(>4UD;*6 z5n1yJ1^&Kw4VS3GB1xtet%DQNFHwz>v>7vCq@uv165x~21~6)zrNLFthk%6*7@i!1SZH+zLrDU-Bip06- zUbC=DoSh=w2957n<$zVg{tP*l_3$^;6KmL9Cq*OIA#{?1q=S!YU}xE5%-?L%(-**@F=Dlh+*D ze2Q>qt@EAiNXSoc^re9!uf@6)dHjePcAN)ugf0$10+MH(Me%~HA|rNSmozH}nES`6 z`(b&_mBKUzQNat<+wsZtF%Zd2MSRk~RJ%We+O9Kau8b5RtzEHQYgs;wFE=YS;G5RB zU>euq9d|dB2U|kX51Z0ZPIxm+^fa9p{V?N|+NTMta&Y-JuEdyQCh{{kCnecUIizn) z+UUlfYxwMZEZtS%2&UMC$ZaXcf(s*@dT{UF{yC$~=q871>?v`MMSjNXEW8}y6i}3rUS>n%$+LXGs>K@=AOCMw-Wc=PUY?)KmNPV&KvfEp32;FuY z%F!3TyvHv>eYP%Lb?91R?_0s@U(-wjPaE#&T(>P2abRWrw2)IqAGCMzmPot&#*O%| zyAKgpIA4v*re;-_ca(o`cq>d^al=7+6ly^k{wkK>Mk!YFh&%18SBkuLF|RI(JE$FU zX|~ob###nH>v0>o`KmbK0ty{36rnk1Hc0p-cEm26xyy&-ad@q8N%F+;d zd>LEfAKO>07oSpgb@`;HN}=w|ZkU@!QaKrZz~4#E3lGq(X~IdBP-KZSpbed=)6?e{ zfiyKJKQ(Eet12M4p&|u2i(d?Ks^FXW1Rt$KyObRzi+Wv1ULt*{>@|N_p^TJLhn|IM z(#z|2f{_pGl-&(CY^=Pxjk1B#B!dx_y79P)juEUq-A!abw|z0Pu`pO2EEQu&gRXSD z=&6$&i6EkxycF5&xfA`U9%IWPvo;Sgf!;7QJ5IVLe5nZB6Yo4XoneEj#f|?3WhP}s zd%zcQl9U-su{x02L@zq=@}_kzh0|=5|0BYtMw3v?;Z3jmwF=yGmyF7dsAG@sTD%AG zQNwtO?8_{|S#VOGV-&6g(i}43McWf_$+`*YM9p!J+?3RQ!Q|r7pzZnWEsUT_Ro zh`dzZk3eEtd0%J@ue!0+zG^v#=I&6Pm~mzSKSF_Q3b@s5`91g0*ehE>t50)1$= z7QLCajk+xr77jKUmIn8Q8funPRMaK&_7s@R(`D%gr9Q(M)6%z#>i}DtXK?sRZopaz zZ*ih&7*I;loQ&rm9P^p+!2nhejR0{H)#g%W5QgMnI=-zIu^uh+C&}ZZRgPmfm5hc}4i-y>y|&=2rIO6-q)89(h6nQtgtI6tdvDYsyT zNBgrs}+wP{aW8>+n*i?zEM!H~jLt@$U?1JES{?-%2(89Mo zukC(Wj#^@aS{)J|CLSRib!@tAo<+)nOCmP+d0$jD%Z731UUcpX?Zd$k<$%mv+0Our zhD=kxOLlm7BR3l=(LpCUTfeVzQb}B`T94y6;P?yR27INQlE&ijBzB?)ccud!F^RX% zmez%O1Vrz8+6b+>;%twh_Y_GGh*22^Qmp}q74fYl$Q$SHN|5+=jD};GKG~rrT=pFo zq0ovHLh}>f5Wb$NV^&1-u(PM63RBo;v+%npOY!s(U4eD9HXLE|)(NS?RLwSuK;hyLMgqeMR? zCX6!}bT|o&QwG%+WQL%n3XFuU0xWN7G>OIdg17^UzHlEhAOyXIQfq6PKXuQ_FQ7M4-(ki|0oIT1 zn@q2OBi(6$r{fu*A*R|4;At(J)`LMBFPd}jHsJY$ad(gu-^y)My&kEx}qpB#h zJl?jRe(+uyagHU01Mmc)M|<8lA6Emk#8h{`@Wmou;*v%|K3Cn4ePc%mFxsXIO7-E^ z_|>_6jFy>py+QM>0P_pI91`6zFLyk-j*$6NU6)o%$5<=!J~d)ifNS`eh9L>&)(!*A zHmf2X8`+AErKnc#rYDH)J`z5N7!<9?W&<+v3sOLV2aLGB!EK`m|1YK5^oPs?m}}S82Cv1rTzG6 zY`^IAa8$kzC-X+j>a6uPOti`IfXu${A?i66WmrXMz4gu(v&pb?bMj1uTZv^A8@?hP zUpbvRp}CnZNnlV%$vY@LZtmWyOn~#U^Eg)!_%Q=MyTC(J06GyIjsub^p?hhSSMaCp zCfs-pzi6675bp~!Q0!QzQup%La~jBMkt~t`?qQ8rwOrm$eNVkG!8YzEzjSxyj|a^e zIU(_cZrz(Ry^qWMCH#c zcJ@Me>M9h_uIB|pEVAL^@3owR2{VvEzmuq&%uax~^uE46{)xLetY~4*A;lu4jvb6S64&u5ZuX9>M3+~!SQ-$I;&#%17U{F;K1+E5e)PVs)&35B zL^cU{^IaEkbajQk<7?x|0=Sl9d(o%8)0+U){h>c|0UTYphHd~^4fOy`iKn>xj_X-K z_m~#}SSWvP_7Vg-j}5jzSq+@&kFA-6<-oT(=KFv+>_e>gAZYI-YscJC+pMpE6&~?L z&r^`64cFaUKKH71q<8oPlUwa_aK?jg7T98{-`JHYJ~tMhy@_oJ4rkrLJDbr79(71^ zc`D`IX_NhITNNpY&o<9uNY2(2;F>_q4N=v0sV;D8D=+wpx-K<ixp`wQB39IMuh0#N|r$5e|1LjJmO*~6eRc^2h^>H;YrBWcXFvJ!2@ z2+8M>C;$NCR$W-n<_qZE9^lO4LWdSmnKPSV#+h|&<*E4Ck@wos(cxOP4^aBXiw}4x z(IF~t>R@?j*nj_o{xFcZpYrfBI&AaQVOE(X{|3;K2h`MbwA>6%0L0`mc>q}K!EkhF z`&HzF)+B0C<|=WL>II(SMyVu@+{R+Lh!Nsw6P^uwPm^xk>)jnjGo_O_&FV9RA$Rbv zMC*CkwT(t1p}5MRqwTJ+1Nx!sQ(iel_-`RUe7#Q)*S5g7f@YgCt@q&*Bf^+h?BW?; zIUh@@F^FV1a>^#kUaK{pBR#JK4#*E*X+CEIURK)j-WGVdHD&;cakAn7v@h+l)Z$Y& z0Jvu<@&nqv#QWl+XW!g4T3^9&iSB%!rns-=DvDx-6!PSzfJ5OjN{S^MSuq(|2r+&k zv&SJiP^>6)RfwX-4~R}-QgsLz+t`|FV4m3cn({j08=;~<8`sTAg@?9R6-LyB;=B3x z%K*)k87itl6Mga~w6-EeMKPS&v&5XCh6O1pxshrTMd;SihVK(v(qAsN*H45S=>on} z%sY;us7f4O%ta_%pJ0CYptWk4&c0QAHwJF6(4PEsE6aYXe#2(Iz}LJobw_vySt1iZ zF*wsBp+k%Su2c$E!G9f>Z;^G=ibEglidgB56tP$GyadQ7H8;OAT>Cstw$U(1+3aL+ z5Qbk5BX}d`uEj(gD(W}RPr;VM{S*zGDuTS$d>@(#Mvxwh3c6Ewfn!;XIl-r^+Wso* z8BC`7?fruMu7eQ3cmJ{>Cf`o_l-aBu{0R6N*P!=x{@SyR<@PBA5Ly;UukxIjCz4Qi z*@5}aN3zA&)Y?=J&}qu5n7=IeqFKel(^)1k+%zIJ6p4VZHSKxGzQe2>P*9bQZ=QnfGlea(Ez(XZK;j@MaTp`!$l~6 zm&YvWQ4V&(fRftCo|K8wvB^k!Tzx=Duc%z2R_06nnG`^Y;iot0;p0^ zJ%7r?$7`N_Z%MrcEOQ-J?C@3QagW~c4S{@*#BHm8@EA<%=7Fx!N?bN*J1|W6)iDNZQz$`o-MQ96Q>`CdLV=Ljnji#LhdPj z1eiKG;NrnW;-#Z)UH<{_BDmebjSaYvoZ4N$+h|({cN-S3e}+%M@2{Us*!m?_sp;_= zd8;ZX2~fD|xOagzeYuE_n+SN{px)9h^(WZw`o+tLN$-EV@y3AAjg3Z+W`iOMVhZY! z&GvcXIa{j1;&sCO6F?syaPuye{^YpRRn=cxD)0I3*x>4V@}w;S3}}Ie@K!7sMm%X> z05IY?Z;*^^;c2;7tJZ`;Ou@ip%>&$0!S+dsMqt^$XzT{=TcC8E}M; zC-?qf|GqF6=jTl@egn@q=IrglG-G8KL;hUpRGzP*sa9$UyTAyaBDQ=;W0Cb(nFT;C zRk^||OO9e;e~!MkJ%CcY(z%@u0TtRX$co0}J5OS9NDqqKR6bjHRaOt=w|?9Da_Qzw z>0^$RJo$zeloOApYMO12Y904r zVWXE-mBfrU$I}K?WcW|~;Tx(Sse7_hZR)HL7?&*BZWaT-;mN8)a{Fny-!LG@t5Y-v zwx9S}Jd!(IJpc6d801`#S%fw65X(y@I>vgYixU3AQJtO!JZ!z}j)nb0^gfR$oy7+i zaoKHagM$cM_M1%>t7TsXRz7z3`hy&mM513vPak#QC!VO1=8XiXyr1PCBbz1wRL~ut z$qqa%8yfU80V~jJ>%eP}D0Y3PkbT}GxEkTgLGj@=NVIWK#|yIFEf&&b?@LSjR1JK0 z8AG#%r@Y|g6)d)m3I?w}{9>w)!3<%74DAcTdpdSi?1ZVno-|`4*Q`fWtQg4NH}qv^ zV9`txr`$qJw6z@$LUlnlq8;&t(xV+fZZbtBG1}t3d-T}ZprGuGmzGwNSU%yGwm^4x z)S-qRFYCqhym5k0dIT6>|1BGmsks6eU96h>+ zqS2UHRv!o3>dngXTlcOeSc%uk^FHn@QgS=(v%ACuP8jv0dVb3N z259UI(?RdMl~kkh+oL<-WI>7bn9|2Yub$966r)Az^yhOecLGnD?^h}c;2#?~u(VYPlEt{VF58}ioF(T~>rKHF_#TCmUjcaF#^N`;-)LL2n0{|* zX{%`msESC)Nv0hfc-&f@dsd|q?OijSd&czl!>`{D@_vezX!wL_t;QqnYSENplN3$N zTab6;o?@f?5=0hc9#6EOV{fA~kF`Pt@+@zb$9KSV@TA@I+_L&UF$(B8GPg-R_fpn8R_W2s(cy-;m(1?{W-&bEvldb?0DlmQufBv(H4^ zz<0;`WCn~qH;yH|$!8 zBnJXo_z0|G8CB^*f1E%h^mmlc6L5?0NC+@QdJy8KRA@M0(`@2ooY${%wPr~dCx9Bn zQiin>6c+F(uUtYt1y6_pPM&~^&7K!$q!*s9u5B!D+9E?&0GUkCJv$vkkIe^H$wjrH z7ar36OV|k1+onSxE2i*J{TuG4a(U#tp&`noD0P2{Uj4gHK&DCdRV&$Le z>d9#}873z2d|SV22;VC6U@FW3E#QEP3xJZm&27h%5&vCz8-4QCMk)gz4JV@krX!hA9q6;w0d#?F#@2&`<#UxWwU}pPJ>$RrO$Z(LPM4=T7BE zT$3_ljle3r|MNf(-qy3@GdU9Ig~FbVwUi+3f)n;PKA8A{0t)1v|BtS73XiM{qjb`- z*|BZgwr$(CZQJbFR>!vOq+^>k`Df;tnVYG*UAJdfoxRt)*7{x)P{BNxveb6E8+B7h zUThYxzSW|TdMONLJ1Hzz7|v=rbXaLKs)EXmbaTO?^>t3o?um+jVU7Rsq(}jA8srEJ z^-zL~S9$P+IPCGZ20=!kDonJ>fsIz$cO&zTK3ZQwuL5l}pp^_(gmaPoErvGt=7M3G zfR~DFtoNgF{3?+7-sO}S2Y7pbSby99E+zZfgU~?zMKrOZ!az{J`+}-Bt>8LjshToy zYz3)USJ9gI+d^BHwL8Xgb$jA)TeGg{c~eGpO4+{Z(BFflFu!h|l-_#1xBu6VumR9I z6CiY7&qRIm!9kF64xitQ#s;ioRS^FuA?^9`_o@XZF0Uo>*<8(P*gtB&LPsb!1eB#0 zFzaT|Zwm0O@BItVmK=wk3tOC$mBq^<%xL-b?^mWCTO@J0<*?bwv#>U zhF;+kK!#8%{R|SlP5({ariSh+e2fN^&#Yx98UY5brdo^2gqCTdkNiQ~6?h`dn}5l) zm=2B4&$g;FFi0DE(#z~N*sfMyH>GqAXvtmx;9ge$JT@h!BYx)%$@rMuUThN*DDQFmin*Bo4^i1pAdPu`szm^+E^IE1%3hAB#zh zOeYqLBjm~aOzoIIr49Tu20oGptoHmU;=c3n`nP3zxfQ>WKr(W)lu8W5sZ4>hZP=WmyO?p59o#3c$Od$-HuS%+b1LJRnQD+e$ zLlH4NF}e;k?yrQ3e7`eMN49K5r*jLs!>Xggb*Za_&^LGlEJVj7=!3d$+UL}0VxYtG z*kd3V{j8y~q_EA-n%^N>zN~4cKAiUudH=xveV^8`#54@gTEzYNrJfLI2$y$3Ej!;U znfba#-Ej5l2SmgK+g@0}j+b>JCAioPADgW2dCsmj`yE#8gbF#h96{l1Qf;J?`5DHcY1+jk zgIPk_UXxMkQdk zIndsM7~GhYz`it;*y@u$crX#1JapK+)Xw}|httqDv|nYXY@-Q2h?sJfG*x`(2QY`w zE@m$rnAHe~ALI;(I8LI4um*|MFG0bs45LJ4H7u}1mZ%2DA?vw8xp23Cb6*NzQf)K; z>Rl~H%1RyQ%V`AeHl8B43?myA8$y4pT2?R$%sfspTpjsbY6?1(V%a|a1m$VFg{4e-bw!Y(V5lbrg{qfSMjMpR-D9OATh>=6LrK7%zc+w zN=OaO5+#OY`OBT7Op-P@ZwVpD>HiLMGz%0gXR+hYv^>+6PhxgKN)#A948?OgpeUpT zqeQINf#TDj*83^ov!iHX`Z?gJfO~}zV-6J!yS<4~0cfe?o?|QV8JpB0aGUc*^C;Wi3?C zUY9vexsB-nc>|+)nL2v+mS|F*Kxrd;!*M5Fh5yQiZaQ8mp{ym#bWXus^5SzT7T&*> zjCCww1ai=M%{d+&7=)!_^d48Ig*gmh;V^dJt`MVS5^h(8%JYte`GQLBV%Xxx&! zD$YCDSgLG+Oj~N1^u33qgDpP+l+2Z+pX5uYzKz*U0S#?UJC&smpIiA{M98}$zS&KY&w}8 zw>Vpc0u4iR98ZMQY%FrN!^fCd>W$2;Z-OMR3koiT@M#Zfs_hy(rLJ^o4o!`rTqY}F zbJ3VW+T6ni>ZY`&&pDb6LBq~^>Mb_457{ft9coi`CMBraS*IZR)P#yP;cjljC;dZr zKH2_17%qA^nM2Da4~{kX?C>>>$xp*6gC8pf6r{adHfdfO_|RfTnYu$Ih=CKY@7@uY zjj_^`zA2sro(r$+AFreGd}q9ALeDF;;S_|DpUVo-^e<*v!|Y}*_Hx@AxyIPzhw8^( zhcKVv(pJE3a%^R74dW)CZ%H;O6z>!oK1NLJ^8kA&D>?o8(9IcjFhj0bd(-`7u8 z2h9KEJZexRxWn$7Bqo%lK~un~fwC<-eGmEDwv}GzDUDTJ2n#4bhpakzU+_4QA&`cJ z{ttRC4&;aCn?;EsO@PQoYTcMB!=S7~VBP|JuxA`FrlB`_EMB5HY01I;KTjwvyr58m zr0<~2y!c}SoBaNq_JQ@?gnizO7*!i@6f^Btn&sNj$35!&KzceYRo9=9NU-_diX7QQ zq2G3FAr-Y_Flo2`Jw3s}CExD;xBy31Q^GI%m83C4tTJH8%r+_9QOvPLmyg-pOr1}x z*3+@+tc1uDd|mDxjIvPw_&1XLO7&nwY(R|qsDgVs3 z{FfK^u8Pmui%=dRkKY&ZAZ)b>J*J_(NEGIvJ(Ll}hAfJAwlq_7p4TbQGKo7&K+LLeHWtAKzn*B5 zW6&-F5LY6_R+?7&-rs6Wi+~>DFU%0*F(D@o4)R()IVCoWq!(>w{+i|%dT-wqLT`Tm z?0>*`L1{h%Y+}Yk>8(LRTYdNAx3U&=$C%=f)4l(5FT?={%(ht7awRoXWVP#1^X`LV z+ZOgBgwyFI3-*9RRcQ$cVJ!OUvG%+)Q?7ls`z*qPr!_&DBKIwO+V@R9Gt`wc&5_FB%8k2HYQraz~TDGf8= z!Hxbmz!^}`mG&bJrR@Uc57SgaB;_osvJ7=Ib3Uz^K&3#0}scR&XX{B4Tp-#qq{Hp6)YJp1)Eu z1}1B_m>Y!I{Mb^hoOmB3{AHew#4j<5UcYyQ&(i>b_fG1o4)jWh04%AXYX#nYEU+hMjIG!ILq^RFL{4Avmk#gN?#N!z zc!T{8=n}km?)Jye8ou@(k2?GiXFiKhX>rbQ9{%H^Cg$Wo z9w~DAazf#|!BNE+a?R->)%^6E&Rj0#3_NlgR(8uP>jM0gUHS3~Q_W0*eepwl?Ij!= zfq+G#{ysqiw_q!&bKMyXpEG!(oD33f?rv_b2aBg8tuj|PD-%=?=6~H?SzEmD%0R2z zOmga(9hGz4>t99dD@M%%cAlU87QW5v+S<~7{(ID10oD@COz}sOE(7%5$CGu<{DfKW z{Hcz`G^vaE#1|yB=yDT7hi4p+JF|bPJ-4kJ$wr&(RwO};!L;&tu>i(g-e^{|v>NiZL|4h?hfD(%{l})xBQ-27xk~+OSyBGFDg{tqMi+uP}(Z<@trk%#006@B45$EWjv$g_QOy z{~zI}5aKQRN4^l$fqxc0{|caHiU8JVTea)B*19k)eDQEhMjB^p2e|AC zF#ETT!Z4_K_pY| zoU!$q_PE*CZQHtLYi8_uTHR*$@!c~6t%)jIW|tQWzf5>>X*Ze3LoF$sYe4>(wU*SY zsnXo#%@U;%Or@7-p#D8GNA1;Xj28fcktA#s!^KF23|qiJP`rZ6na%MfUS6J^&iLo0 z3jiMwKfaacXZSflZtl)b{@RXGFH4!v{v*HtcPw0B7!K_Vh!{ACSb-b<(}}b6DLA9RGk67c3xZ9+dq=}DcIcmT%6*SJ z=Xbx4M|7%*;W*SOBA{RY64q@NW617k&yTr^w_&ZEB7-mmqkezv3WUKHQC?!A^Gg6@ zD;o6s+v>Bu-o)G}ty0%iCklE}Kk6=Z-Qi~F)=U8DO;T>z-3-8@P5ak;?TT$zi${)L zR5vt!^{#G8U;Dor_x!vk*w!d7e`$Cet@od#ZO7>3Kbh}jz^;|m+vZTaL?Qn9wn&Oc zYQ(%uy2~isi631E+0dqOnRh(gD2-trabDvE>T|D?SPWlj$gm&6bwUsE-?U+F_An2W zr$r)Va}{O_v)#69&d<-y?|*jz9&%&|T%P!L^ce}$!(iR0=jM8(7w?_F2H?4!>c1Jd zEcg2#&7N-DSO{c1nz5OtThy(-cH(Z!?C<`4!26CRzkLA+F8gy7q67JIdw&1oLiNLo zZDs%I-mZg)$1A2QU-|a`Iyil+LcbcX*TWzFj~4M9_4UHaKe0^KE}%_ z>d23HkiRy3)Jlq{gTsb}j*cGO7k@i)O3lQe6re?0Sy#n;mx}3wC;&`iVbgI%&sNXTEw8!e9hRBP5JV)PlzmZsSGX+D@> z2-ijl)G#YL9d{8Z8!#E#@I4-6GpN+^M;85df>~nC zeeTsI>ebxf zDK=q8hI&|AXCS>~l%R>C@ECEfvU!D=O!~Jd811qcmp8neGl6>CpHaWN%J45#ydOhi6D#jw3gRiWpP1V$vknv>-O-!hB&*tI(e-plMMMDjIq|Ee1%f z9F_M-aZpOZkLwbf*%GuqAc)2WO7wzWLm%3blXvaf=aMai8uw^28Dd`NqS@gRVr`?!@30b`;ZG3K{(E~Vr2oLk8gK67v6u=B&~ZU`_FFdYo9mOC^_nwTfCGrN z?F5i%hdR+`=^Ubm_F-FLu0L@0KsE?yofL)Z}vd^Td+i zwnbUXsH?sB@hi?zNte|WIeZS2Uu_m_p3r@>kh}K1Um)LqnnCLzO(5g>><%alNIR(j z*Uy{w>~D8rO&>x|Sg9xM!`Vku_0{S8qoY2ZI=stg9Z3pGO{Drf)o)1}+lMid-IcQ$ zMsreTH10)uwHNKz3EMBEGc%pkDnQ&|%tp=0o16r<{ZSnr&UQ{d;qfSSQ41y67zLU=$LCVNLg?}*OkvMhW@lW@AOV?37aCMs)Ry5)10FQ?3MNKu^fkdI?+@zf! zIjYo~wB=9#dQ-Lm8y?e6M!&t|l%=jdQrt&Z7x(XZ5}aYo&yC@4IiEEpfiqU14C_1C z;gak`h%#m|erN3x%i_ayYpA>W#WN66ZNYb+!wf9Xq-d@Zj^NhW-VwgN+(BR zgb*T3oVuOV_)(ALzcLXmtHdtjO@wCb!B1oJ!Tru*QvT5qGn)Sf=ON=Wth`63_97<* zT<~y&=?hK~j57pWxazZa6OU-9rvsJH;!+t^I5yb9C?o6#8SNsmmrN(;q8%a-l4a7n z3CjbBomTsFuytW(s&RD@Y*3RpPU4HP`HfaiF8(m8m|A!S=1~d8sfZ#+e4+Q z?0}{4!3#F`W0&gSSjQK;7N-E;No>{Wd5f=ByG%x# zH`WavS0Gjs*--WyE-2F`1$UG3!-)!%_Sbeh)8K?2aK##1;k=#h&*v)D78?~cuX>Iu zT1ze<9(S#3JOoW)8gLGrXWK8FtT6}OXBA$_0EwQsE+?B>a+u*Vfhx8Gnker&1Kay+ zBQs)+UC~xYkOooA4_?9b_N-Eh!(N(mvSwq8BM=>(wBjlvi*wbL`re5QAqHADZ2`vIShdI*6Ab|OFXeEi(xI8t8k~!IO~lbO1$ctx3Y{V z?$p9C;|Z+78Q&n6GL*z9#1nzrQ<^Y>yqm(5LMw72A4)t`5>`6kaCE>0uxCFBVu?H; zuv8x*7oDOrf+tb9FDu)naf+ZDf1S-j7R!Ph=p4T8Oe@P0#ud891_w1@hH^Eq>9GxU zIIxh>uIt1eHY(&mj5a^X{yIpER~#!yg3X#CQ>pXfr^LC)3vHcO03TwBi%#WqhzV}M z{`cb}xGUYGP|)mCP()tLq}W(4J92fjF?ck)K?a||jA^djCU8KnK~oabh@F+l{o##E6f(Fh5SsbTXJS-0VON^v$+7xZ0AYT+*N;!B+7(x z3@tEe@>mGxGhyWtDO?9vYcM}4O8u^%*g|w;n-Mhr2Y36XBXbE1HUplq-NIeKk zSN4}Fc=2W&madB{tDn@2*c9A+E-ffiJFms)UkL5C)?HH$*`StUUU_(=MEU3A{t34e zMhx<3MR_NAS*+NUF_=?s%*-sC1N^#fbTtusrS&+2O`W%OE6swgA-h&Z$~Ao#l8?8P z^a8_gY7u9on3yzz5}hRD;XBE<(}YE&Ueevget^r^DR^>tSv>Lf0 zi(O)6V>JXjo=bsKIF&oNT$OyB`ITVCC8BeaiEr(kHmedA{nK&v=_aPVzm-q@iMx!n z28zIa*X2q@e1l5YKk{)C$0P`rC7BR5pE8CmhcMw)mT(J-XoMLQdyO_m&6ap%?E*tG zN*Raj9aAwx*x<#IvD>YhzJOoB3`aa9fgk1!C?g_7b!fdU>1cqtQQ9Q|-ge?gUb@7* z2Iom1c%%*~Lq!xt)L&Ac6gHuXUBh)&;|;b+Zuk>FW^J+B{`MUYe%X2hu`A|#HVl(&q)1qU3iX5vTc>BP9R6@bL4xMLf# z+H$4yK;*aHwx-pVxb)DGD$2yZ58_C|dFSGB-V`oM*jPu(TEYedAo9KmI&=On{~NOF>s0pfyP;<$9oK zmy~jf`O-&e{gW@7*Z`iZHmTNlkLLP%DpZ`9G|Mua#PQddBLk#>h_ADcl)OLkGX2X?X= zchfaajUFGWl}+iX!{cC~-Pu2Rvhg1xQXB&ikni$;T)dm{yx-Q>{a*a}jP{b}{;(Up z7>Tn|=dYm)@4|VpZ*x1WlT(`++k(faF{*szxh2}MHn?9)@28#`rO-|MSzMHEr7{1q zOJlx^r^}`RH}?2GevbgZTm5<;=x={t77Iq87c@P@K{l*GD@kdvNp2Ff-wIUt4k?k{c0Z~E|^UEAVv0DQ@cstNFkJ~6qW z_u7kS2IK4cZH~LlLAq^hw!2TvkxwBMNZWHlIGUf>xR)sQ^IxjhbV&YZRFKsT_R!WQ z=CXDsilbEQCN*joI}Jrx8SY#Qz0HA))=ZAfpY(u(G*N|LWlE8B4`8zSyW9ZaSfASr zSi9nL`@Ts;?FWDv8Yxzh46G<4og3JqCE26>bR_ec7bjdI`0bGqTC*vq{A>}P@N`GO zDzC)3zqpI(N$rD4J}3i&#Tk4PZzs+tn&VTJ6lRB7HvKbrsp8CK7ac4o_lh%y$Lm$xj-H;&O3tS80XZH1(la{4lobpJqU)5- z;j*z)K_E|1qr*k4(s+4*9(*r?R)AGl^{s-gfy(vO(Ih^uvee{}HcNQ&GjWU68hnXl zd#LZ47$%p^n)SH6se5(SZ+Bgz^djswp4;fmu=qS_j-I`i8x)wxqnyX&XiAhs6Yk?$Jbx=4yX7BM?uEw#&Xa7md_o77rT3RVQY96gWeFTvkkk}4`;6xW#< zb~UwIP+p(wJ>HyF+*-OlH->Km9_-G`pP07e)L*M!B;S_a;G2;-gKEucA8WgXbWvh+ zZ+rZL^w>nqJ8Mc1Qg*1X+=UOiYWg%@Eb)3I-fCKq;EGPO047WcYG<$C>1MZeRuh{k zzU(bro}eZx&3_}aoAY6=raBm6yN>k@5MxZVlpax~dqza^e;igrtFH8;fB zcDe(yB^OJGh;5dFr_clj&b6$v>L6$AkCk^W*P6w zO!adx_GT6o61vk7*P+K_*VjZ;evve&3TD^W-E{UM^C4Uq?@P{|v-{;%o@3^D!j((x z;1s480&-JHcTrKKwz#9zzvlP=6=Pqt$Ij3)GQ3|Ew_%MO7BBIMGKSXr9rSb35phJg zw5n-=%&zY{7<|iONezY=Krj!rQ1w~8SoS6wGO&dacYLAoG)-=9awVb{rE%?R%5}BV zYXzRdxlu$`2r5nvi_4QU+bprtVn057mX?~=ylITuA&fPGK$|}VnX^=RP-J5?UU}!i z2=3Hna`5Mt;4?D662{LUyQibpi|ddHQ3Dk;DwxG6t@&H2Y#8$hwm*fwOSpvd z_xlW{@5f)i=B!Y#!b|l`bS+`^(GI1iivOecmHet@7KEcA8dSo$Y1lq zba_0aR&jh;e4X4;9Do0X)T#I_eCBuZ@LhohDC2<5Dfk8E7%*`O@P-(F1wcS>$A5j_ zL~jACFZ{d#*w`j|$$pb*KXC$|oSzY1pzFVz()M8HH#dCzbt_X$-~4G)0H)lg0RK7d zQGY#2%4W0o_PB>c?32SusN1`CBJXO1bS+c4cYi*oQRR#{%Q}w zZT(+v5#QhCuh}ZzC9TYI3>jL+^x-;aI2hUp;YX)%j`qpLNHl`73d%?%&0Mq22ApDD zs5*9@zSyF6C(|k!)-&rl8ob}wQNN2SGe}WOFR`8N|8^bPuqvB1;^^i{CUI6Glr*#n zFy}JH1zY%q2^j2*>bN8p0sVLW6a zqOY&vT6mWkXV6ZgUj~}w>iA7H4TS9cc1Zo6HE6y}zTT${2ODmbzYeW_VQC9GK60JJ z3czXk#$iR7^XPR=)7{x!abo$0$)3zH;Sgt8J3O%85@BA+w;Oaa{=wyZ`?ed@5KJ$; zscJ%*1(-LPe)#v1TY}2BqOhjDvPP_>@ zVL9X7JdJbKA6h%XAHstA*W^*})lVbruAjSmF2I@8G#6laEXc=a=n%iOeV`@#8k){| z#@_}QAAd=pDShePR{6a7@s9jYS9%*FHROAkGvFBcIixnOY}lu+M3@KB5JQy#aepJB z%F}re<47@yw*!FoVmelZP?si2a?QQ1{?p^VX}woFG2} zM8>H3;IHp7egdc!I$5~;5kh{e9zHfoQv%Xs09`$cn|cra)Ra*02<46Mo^#hNFId9t zSRp$p-ljd69X2v~cIq_nL5y9nLTl}I9?|j=g=eBaCzo6+4;1wf&O-Nlq6S9j6!Tp} zak^$U2YERAfbB8%Lg&T5_XqRU{2&Yzg2p1g4iV=3fo$ryj{wGaT*E zGsYS_0{TK0Zhtqg{4C`6MTFF3eUAXo8@tUv$$sMlj|~7iB;qF?e&a5#KdR^TslECu zc9$Be;@^eT!8@DV9cKXBZIPhCGMw?Z)M_pVutO39%V6XofYv3Pn7lR1Aat_6-#=p3 zh61EN4UZQqzgp0;+o@ry^d=nQigAZ~nF2YqCo~ zTbug}e%IFxF(vjT1mEnXIKe|qMvvH`wcEiUMEoey_Q7_$FPlq|BEN$W5!6heJ=2$2~CH#=gy6<3ii5XZyOf zD;wh==20gi6or_|VZ~z%n~ev*7gP>>iRW36!&iPCh?8g66-p2Tc8@lbnIPXx2p>(O z&kc#k+Y2wo4(tps{m6nTZb4c@NVAm=j?BBMl#ZIE1DufeQ})Vn+;)2qOW zmu-uL&DM?aqOZt$Y9W~e8<(Z!6XkSRbA(q@+U7X)NO0f^!T4i@#7P;1Dnmh*cKyZ% zwb>YhV6PGJ)tN|pU_00Dg=A7|{WL4`?zd;8Q!6wsyD= z!-?To3OI)EB(lkvEro|9Q3CG-^n54{qHYR5R!6!5Znq%SOeCvn46ZH-2SHUwmfNV@ zszx^FRpaqbM61WP4>M_?&xpz!XmWlx&xfd%|8ror%i9Nw{^{bKK>q@pOZUo z_U126C)n;E3q1^qOGsNzjHwhxsv0V&S2eH6baHh5&$lIg@H&!Gy}GJiC&NR6s|x`%8h$1QmuX}S~UR7azK^=%`n(p=EeQuCi}?K_2g`ij2c5g>BIgg5v~Q&SzHB8?K7Z2B087egx|rS0(26G z`+&GBWJ4AD7pEKC)En#2A^M5*ymFm~b9%%Y^MM0CXWxBh?GA!-Y}@dKAStYNSguch zE#*m6`+2D=CnD2bQMnO)gu-Fitp1z(r3J?$hj^jF(S%F4 zRCISCw}TKd+SOJBk{-tAv&AK6qBarz?*5tx&nBX~v0!tUJQ1E4;=YL6SLg^#2xJZ< zW(_<39Im&ZDpA45QVA?q7s2Sjd%32EYC#n;esV2e4;eMqJyg;P@}O+sD$%3#!PDGn z0A z_T(C@ga`wb8Qut%W~CIdM3*ac60X)%U;cFq%mJ=na0DE&ORO#Uz|FDE)Xnn|^-|?u zlySBYtyJpxct1{Kar$0mTs-Ov*V>EGY;)WDwV*)?WcDWugnwHiwB}p(k@Uw0L8kudI2taTs0-4hN6Upb|( z`9w=;QRxv-*~*d2E$Cvcp~*{hJ=$`sx9#m+4!jTmfS{l??&Hp1+Sv%Sxtc( zk7k#g>pyn#dpHxM<%v7)d&g{(0N;DE)P>3e9A!Si!xI?eVYXE=55X>mI-HtRuQ4Aq z*z_g`qG4LCBBHs!_4gARZ^b#RGi#P1AV=fqx#SNvD_DCVT9$ zKb@=zC|cb)Yq`hHxmsz;dD+fLaqbo)Y{~J4tfNc>w^KIGtuEL9Q|#n%%S92 zjpd2iLxF##pZv1+Vwhk=nB-w<53p8xo~*a(ByWaB6bv4Ub+rEoQ=IlU%XGV@ILI3u7#H#y3!m9q8F%zq)VA6 z^*I1LrtQW?Y>|i(|9mrL+lbl>%FU6d>uFj^8n;SWNA--U7qy>-2T>0qsZAwYZu%Aa z4+)`NDr$h+RJQVoNX+aQP<~zF1&u zdkp!4)(=UsnksC1T)HQ~FXMRCRmY*slk8{fRl4Jj&1Q>HI)5pbRm=sB-`Zep6nRMQ z0&}cK1#XRhJ(CO&n4>_HL=hc-1$o4V&oqA)C7pFiJ>S30Q#K7cnXl?gTn*nLXJr;O zeZ+0CnX0fU=Mu|_2Nw#g1PaFmL)BNFqP7eNVpS>OV1+9f3G*#gJ%-$Y>4h!R-Fd5E`({-l}r`8)Q$H*J~G6$X+SZ2d(R*v|a5)lXA9-!4Dt z=D!?(@1x`B{5ZWHj!D!2YTQ#ay)4fOLx$!z6wXwr=ppQwRO}8p4vfUKfxZ4QLR*d) zE@mf>NUpG5d@o)qt>htAgt{iB7Zew!cNce6CANnH2O(8#k*%4fO*B{2jd5VnK zaIG3=^?B|Z)VfK7YW|0~9@yFd(P06+R}6JXadCL8;eGkWH|M!}rS32WlKP^&MXw$K z(>{VfTQ?@a4!9mX_Z&6m4Lj`xpuxt*>d_T+!_iZkyIxy?G(H_g%&(G`)2M^! zizbW9PGzF>4_#EBIm5UTv>-1-e~l1Jnh_*<<3v^|7lVY_-#4ps^}t#Nr+kl`|Mou} z5`XHioJSb+Z3Mm_UFm`E!E-V;P%+l#UUi_(7{Fnh2JafA7SYeHY!)yZo@Q0AluRBR znk`}j4_~6zB-GMxQ#tyz{dNk+_XryL^JhL8cdE>v$YFIkJZ3_T+mYFKY#zo)O`NHM zFJM6Mv_Lb~yOZbEj(kUO86t~q;&T$zFb!JUAs+?>!e`;nLe>>S=)yYgKh+(ksrBVb}>#=!tNSM{Oc}>a| ze`?ZlSdXRb@W_K`+V)sJeJH7Ak5GM}Qfb;^WkXxbs^vMaHJ)kJr2d&_UBxsTL4&W& z&YvvG9(pNOS@$Y-6HuUy4R} z!hrs7#6^#N(oI=J_-Kc07<#CTLsI|Ly^-au!N?Q!%(2b~iGY(V36MHyluUj-oM0*x zNmgysMaw-^L!y(x$vlZT^>vr5oj4{_neVG%T_P*{OtSAGuR~vV~uy zi$KSM`Ur-7*xNvkHx1fS^_d*ij zMX} zy+X4}aq1$NX;9ps!k~5PMyU!Lk{vUU{j##J_QX4!FSm@#aj4kv^fPd*31Y5Tvid39 z{ZWKGKNWLCJ8-L?O=Uw0noSL%yo0F533rgPY2v9{pMo>kBjW zwB=13fw5eE!FYm)?|T`3zV40DxgH^*#6apq3(as1m!xVWIIF)aif*z|D6+dyQu`~R zo8F4@^dX1idYeBnW?G=)A($16+-zySDt@^7jFYH%|Fezwn9vyyr5bHl^B>5Vuv>mo z@0jJk#Za`DuBqDZ=3Q<(JkQci=X1@;rrpcg8cAykLpGRF)4fK~4s*iQpLyv_ny3UYNnA8+B4J>8lg6ekY z&eJPt%qbDxF#UO{->dTwxc9$}Z8M9yBK2nLbDwX~&}0-{2qQ8je^qNY-rgruv4YU& zu7t7}L810Ygz5j|gP%+kBh^FgJ=+*pk^08i>I2&UD#VYsznf8kPgW2S3!YP4E%P|m zyPQ*ksQW~u!~n%OWQA~hd7E1o6)#yRkJLredut6BimW2d8sa%m9>W;RfAS(mOq~g! z>3-Gd-UpVWg>;wUF`Xf$>}sJ(jmHO{eh6nW!HZj!Yr9rBJ_zk5kAaTzf=X~%hikge zTHRxx%Nfp>Gwj$0RUX5Tq4C3<+s4fi;NgNX(pnEOLK)MZ~UUkf6#d1lf z!+iaEhF|@73ATo&j~n;F3hQAdD>{fn<6&QA=(C{+mmvqUn6zN$5rqOdV~Us!)WL83 zm!Dq*V#feEl6@NWbW+y+_D70vt^{qVpL3z?!D5A9oCo250GmK$zv=qCA@Ik(1+^0| z7zMHs3By{fnT-#E=g^wEM-jGN4-#-JDbJmT8jM!@CHC49$ykK12;o83#;4R@2bih7Tjb6zl9xF{OptNNJ%DwjeC{ovc`%9{4~q+f zP&w=pW4DtHhUr^iTqMIoVT0Xf-??bnf(G7y2LSFUFdNQnLx2=r`?l+xSI!J*E^? zAHk6cJ7#us6D>^8u@{diT=W@!x8hWqTV|!1hmn+0CpTM@2zeAVXMCm8`zV^^KFX$yj&`J*wQJ3;mQ24u} zg#wuh%0M#l)pF;2cXak*f7jYMh9k~E+TRHmMp#M88;!0thXL#iSds9p@htS&f1UmO zlb8q~_PAvX9ik_z;cR~gOd)ja`j|y#$fx|N+Xg}X2jny3&BhVsT$rld03!#_4A-}P zJds<*%{RbI4N-tf-P>TMZU!ApA1X$Qdx|n(eVlQm?3VcXDM3NC@K&QYbOAk5g+_FM zd8ifQ=T;=WKnQg->hhxZ?Z(L^=l3`ukB<)Ok~!0-J0}W8Z?ifPUq`TYhg2!noe^>8 zmZawpCq`>R}MnCIb&fbhBQIGsO4njcCP z^0CwBDRZLEAN;SDH~iQk_??4ERPs98tA3wwS^dpYtt3fCU!z{J<*ib>N?E zy>%LLmGFfG)r*Dg8z}-sDYy$DviZ$Bj*NRXs)q83N5Pn zg~k?c-(;L7e8=TE?QSg-zf6Onuo~0V$;we=Vi`zR+mtPUWr`sNIY#>d7+TI#xJk{jpBtv0df>}?FV6mc-8CY^|6zN5hYY2R!C(8Dv zpl#uhIM8%B8%TTK32+Y{@^Y3P9FA4PhJNLrzOoOHI%f};Afk(g`kKZ8V^dMglz9$(74mv z=^5ZVkQ$`@GUZzNx=_xCCP@U1v>nu`%O39 zO3t35B3sxq8cvG3@_A}HjkZXSlI`$WQ5#{}Z?%yxjduMY7=J6&S{>oz#GsBhpa=n? zB0V^Q-x)pX%8G6#TfNQ3)o3Y4A=&aYJvx~f(_w2E{;?6|kB>w%e0{9nrl3un@Vz*r zX`Pr`=9Tk-Cw--5c_o^9(Q{K>M6lop`W9%EJ01#xBaNJZe8HlQx$H}iJO`)9_SCavf{DQn7+5pHYflIP>i&tg1kBgLbt#Gi&y z{fanLXAHX{=Q9%=YeR6XOmnPcr~UBQ)|6%z1K-Je2DFii;$k+IMx|wrN=uH4$-}DI zGA~84TD3S4;oM3zb_Vb1_skm}swwXYe$4gIwu^oM-9Pt~`gj9=tH->rS13sQ9A0rc z<3;E4GC`Bu2o}V7=)%XselVVk3*P~dy&gYr#i4eNvoXGQ&tXO*m(K^!dq$;6q&Tx6+)1cDGzkaj?r+)Z343!iZ-ZF-{M+I7z*RQPy+jQbBh~a zS{h-Q>z6BENlyIJTWwRc-Q zGuk2ReAO#$19Yktx>xQ8=mwE%Hq;HNA`buG)ArY!$qUx^-$d$Sb?9C8te)T`B5g#JEVCvkzDf2YY*r{=2_V z|Ltz?^8bp$dOHXE2fc&t_Vy0zZtv{$_W#88minbRWrpk#pfU`6-vgn>nM9fOpxWhS z0UYri>c5Yql+VA68awy&&olqq-R<@KucDOCzi|-G*$0fr{_bwx{O=rW!%LX|z3rX7 z-E9~<-2VqK|J|j2X-@gl=fCd^@IdF1n__0PYmWKI2nKk_{y_5W_`-jNEop?`63;e3l5)_yXo(=<0dRuTWkS4-2Jx5x;y+CEpd1j| z&UiX<5}caIm3bNlD2kKWEb#f<0=gsk<|oy`i53R9LzWFr4ylIMcjIcaiHZ~GMLj$ckK#Gd!rej0Mpg4xGvbX`BM=9h%fDLD4tlysvK`dyami>Z6PgFf% z)39Vs$4>M<>cH5y$n1uTZXFqZ)oo3O{SNBRo~y3DqpoP*1L7cNAIX~(L>C`9AKv-X`sYdv#my8`Qo;=N%M>>5<4Zh>AwE%||MJHv}dFm^PKT> zckJAr@sL%AY#-mm+yYuX+`)&JF!V5YZ$_|EF^CdOL6_!0q;Yc6*($ae*_|~}SN^`) zuD)`lRtZ=Kq1-YSk2KV1seYmkfQCh4<<cf#?!mTvKvY~lxio(^8d(_=j5C0%wgxUR!!4y@79(pKfn$PX z$t*|FxFf1)`)`22wPP^jgD{4-+SN)_R(TilI@IRh^tl3gJFP+rcT?Bf(zh zPj|_e`?cU;jZ+lH`>ST@JvBpbf*tmBZ7QMh7HmRG}uWxSk3w>Eu*5 z=D`oOM-UG>DNO^(!$4_gz1TigvI!twt+aSJRs-j$YQy5;ao+u2bE71(J(>WXz}CZ3CgAk z+k5wR0Gs-KgD9C?2e=aOw>j&^)5Q9LEf)yC&Iore=R{F0eKhu*$c+*=$p+K0b&y>6dhdIaBt8P;Fr5*jG~qudlr$WkY=860!$&e&Zk6gtr;9Uu zSCJ14QjVF$TM?xeN9nS$(J*t3t5Z&A@1D0$B?($9se{x!hKU-sbS`l^R*cl*oZujD zBXe~x6$K827<&Bn&W6k$PG~uP?6u?*L`?q8$0j4Aw?bFsngMbk6>x?*jGs8rBE6|5 zE(Qle(-E@nafal6gR+mEu!f(DWMX0@-EJh{qO+dGZ+^I?l_kW7-)7D&j?k4e=?CM# z{G}racZ;eXauWq=0W@1I(iUsUDA&*Uc_$wa$bzZm4WA{R@cpKq@>Z=Nyn6Q6pI`rQ zjxqbcl`q{1h{-MPqx$S?1t50^g3r%@e7II=`yre;tX&;9+Oh&qL3c;;d zP&&pk6QR>W+t6t8#A_{N6U8WTeEHwf>Te7*t=&U6~xX~uJUJ;*+olc}l?rNKi(8qiX@Xn9gv z37?T6@_t8MS@#EzD^gR3xz2{HuIURhAaj(Y=-K4_hwWvIoQ9EkRdcE`wXmH|*jz+B z->?n?#hVgoA#%dq>r9tY;V?;THwfhN{D$q`_h8il2Y~aD;#j$mOVBN3lNo7cL!~py z79_`BANy*Fw8K=7D=~P&U*Vyy#K}_ik&RS36)nm_{G3i)F_f-J)bh_r!y}G;rQ)#} z0b&~@DlQ;>~bz@NJn9LiB0mq7fb}j?D%s z4Y`Vj{zR!4|EsK!VO@oRf2FLI8yl$<^a8AmNx=he;`p^Wcw(Qe(5GTfMch%*bxSNe zBkHGoWAwgJ5+%(Dh?W&FjTkD|MLR_@6i56ou1VoZp`WxBpt3`?*o?m8|L%BjV9tgl z^7Y5T6|nN;<0)FSfWrxpy@*-_xU(s+CX*}JmrdAp?P%0YSfO62ylcu)qP4LrJw^d+m5@VFt*B+VnC97!sc83kGZ z;V**48V}lBt|p&UDN?r^R%T}+AN(e(F#EAJ{pOIME5G+!`=0D$BR_pwT-uUTD`%PkQo^wC`7vp*H_k zHGvEwkkoP2IQ}`|b1t6!%?x10*GbAEK5vnyQbaGh*i|G8 z{wC!S#Go_ ze4P<5YQrYmQNrWH2oHq{M-$TouvVXhJHGaG4Q($v6OB>pbcKvJ5Cf8QJQr zWzZ&3D{C3>*z>B9d_&wZvGPZ{nX$$sg^_X~r_d<6rZI^a59e-}|89|_56}8RJZkIx zg(#5HNDR-RTHUB!;?jl+myif$BE<={46XI8u~9Tl9tDEOD@g^f_qLE60DFuOlj%7O zBpaFVi4&I+c)@MiR&)A(A>lVe*Iy#EB92KG{SwZ}AmK;yJqY{S%!x6@$rXkjG|!p> z%MQ9XbjG)_HxQVCEIoLC4&Q$+QbQ@m6cFK6Fs1;-GmL^UzEC-uq)nT(S>z!2E{&(8 zz(@8ygOGuQ=8wxHwnvtjxj;wkfnjZsO{{iD;_>vL83hcU^~c@-4wwP9$Ea0E$C0Mu z;^lDbG%48N9!f?RWt~uI8_v`fKcB;!QzlS>3L)5-n94Fvfp^ z(EDA2CNZ>HOJaY|se$Zu>g6`&syE(;>r8+vj1J8&b%*CXN$&5;osMfN>9PlzNc(}h zg4kd$pC6qrYlSJ&p&bliZK07RS+~Sw{J{O!xgG@9(s<}h+i)z7d6;8(;SITBALkn1 z%A+M|akr74XyXm1G3Wdcwsy7ZF+mS$C{o1mjnr}=)koB&+5@-7`N$pP~_zMvLD zeIqXIS$e$DpNZPaqk$Vn1{0cwpnZAvIx9{F@vK##>ZQ#j-;~84B&@2hjSX#c2 zHP|z@zq2nM!0tbfqOk-k7*^a(=a@hDnK35}O)<_fweC5k)xAx;#biC_LmxW_3G~^Y zqpe`}jN(;n4F}IAx3DJg4{ly#Z4RE1E}K(O>wT-zV&_@&maxtdPy_!tT;762aK#HU zckQYB5}p$;c~_z{(wXr+kLfrH>ltS-&t;EE@g5n;1M1d=F2sM|^< zY&9e~5zgbV{1)=PcY~_8VGD!$iDvpLvfJ*pdwadaO=OvAb;>%(HV;Y~{OHTQZkHPf zB`t(_i@j8Xy{@=Hv~pw5n+7`#Nu73lE4}qSKbOtGB?Ce<1oMBhK zA(oqpK$2XSi9nVZvPf)k&X{BC!*sYt0sL|qDXsJKS5q%i%aTY|-O$|c0_mq~C0hJjVhVpq4ZkU!<|koZv+cU z!!#6z5-Qn{Cq7HOG?a<5wy90zXCWR7e0}q7TY*2m1uRC+wFe|pw6xlpM1u!wp@3H? z{^EL3^0K{Mjj&guCAE9&y_Isard5e(f*HiB0$nnWo+^aNh!|OSD<(n@eKvd13VSo( zG#Dwg%O^oynbe&E+3@q40A$iib12buRWc_NaY3KjNB(mzb>e@hEn%q3m9DxVK16Z+ zhi-5GVBe1au+!V`_15tpR#E==qlHSWHg_*+=f}}!A3xR!f^Nntrarh>$C^?a<`tR@ zvts)gvkhp$E_Q;oiQ-C}%w*OdKQr%Zgsy(@H9Ff$4|afBZ~N?uCb z&Q@&9dBBe!lbl(_=7Jg2y>n)*VrydhRNtv9;)+mgW>A4kvSk&a+08UKbs5b>;djx+ zP}T6HmUTwuluQNfItX917pqzP34blV|Lf3yJO5kth(IOuf4jH4orwQ)(A(Z$)BjbJ zB>m4!K8cI2)oNMv-^j(rJyGdu#|Ut50?G(KDYVfAnR1a-g4WOO%lGm`F&-!wniRr z5&R&O9`s6U$6b5VklWG$TQ*PA;&l4WYM*L2Bg+P+e{#j?GocjEA!Gjv`Y*Zs*u)Po z)5byt)B;D+Ws+aRV-}*9W-M;|k`UC!GQRIq zQ@C|0Ds|3(^j{FcSVZFXYAit6`QJ^&|2x>^_=%q<&YVO>%MUn@ez0Z%1&wu{Mi`TDD zp1(i?zvCZ&{^chjbAAthzIZKvoV|E+@?8A*`^n3f;!k+|gL)1>-kLv7kB?5pub*DL zIsfkDr|0KqFJAxS=kajzG5`ByH0np7ISu<9p)fD0K)cHOE*ww*MGG!kvs>EIfgpCd zga09(I{Uwd+E@z>xMcs|-rlv(|9e|IOZ?x3Jaj*!yC8(WSqI~8v8ibg2to<4LDr*R zy$Mi>*Bsq+n;RRp#6S-wnbHa<@UyQ`Mo>q1R|=5F^_+eGb7-}NETLdywezod$qFw$ zKzchyCj4!8Kn=|kj0THKZ#A9zGB$S^u)QZr@ z4xzT7C}~2o`fM_23p-0#ah%3=Dh1NgR$Ia3Iar&J(wjyfEqt|t0h7VY&>62~+Bj~QNuuFR>xb{D ztormPDsTSh{P5X}LLWyk#=ppH!aCQ>m@P24#Fy z(GE}$uV9PePv*pPH>)uNC~PoUJ;lHWdD<{d4QRwfz~{{xc#RHWa%5|78-^`9Phe|| z zC&%Op5}KX$rm2h#n~zA7Bce35o_f=~ipKEm1BmYM2LOCDot7KZ*)!_7d+w%bSb%@^ zvq()5zz=b45SAP3SN_!5|G_=#v^D-Xu31OP{=d81*|+xpoxSbl{=bl?(;`360|JJ; z)J?u5R3BJ&p)Z(p{{qiZZbf_mUV%hJccCmwxS<7sva_hNk5`cnNWg-7!&Uy1<|pLG zEfccuzDYS6LvWxZP__+d#(yJG_d01bwph$!;Ty)GptyIi1k%5WL*}!XV{`z7Bty%A z_}R--=9ZzO=wqL9I6Kx+6&l&9(p#Ud6g@hl( z>leBaj=SNg$$zcUzX59C9Nj+om^}GwG+GlW+LJ78XY{iS6T=7jFMkn90K||d7MO;r zAl9>+xUY$BCf9Fjdg3{#7db`UCpKg#8cUEdc*hiKB(B{yrym!y_4E zfl~9+>*wp)1~?xuX^k@OtH>E}#1xmueeQ+IEeOr+TW;?(-48sRgIF50E@(YCzl^oj z&O?XuL6Z3Rh~1Z6M=&YaG~`aG8EFEXIG`9eowbBY<3LaveZ;l(^3}7W^OIMv&z`KV z>s+NaJF!>=Li;27@|(@Ktsy6hati?*Uu9`-xTGGRScF2++05j|GzU@&*f|qm#vIoQ z-tiyzO+gQ3ZepZYIaLR%vM1$G8{?t}1t}gI<`aE9CWG*njKlZfV09UNfB;|<5N-t! zs}W}8_(VW7if~{pset+qWkJAnQIcg72wMrhU)o$-Gj^4m?i8K+p~|SP8KcT?tKET} zih{bE+S(^E;(e_*#o~s+k4N`w8^+>ZRU{weZCQb~;*Dt_qhU0Oe-c>h^W@bt1XH&< z2Lu1qAD=#HhNF=cBoIXzKO88a_AY{~a!dW*pZ@eGWCZAi)`u8JC@mq16kDY0Pftt1NwX#ok+!3xZ>qV${+hlje1E&p&bPX319qclxYz_&5jL%SEC$1Vg8kc~iT~DMRop}XvHVGhJ)9&;=8y$y$Vi7S0#?U8 z%L6;Q%pp30*9VACtfoOcV4HLHH*pP~T%9xAI`{=~O~~4tRR|G!j)y~f+F50C#aptP zMuTJ=AuKAq=Rfg)zsjLN$oeXfa?Y@3(v3CVCc^M-MI+965K>NJXY+4HDljjzl0d4* zRV}DLely8AeYA zxA@-!Kun=SfS>}=lTHtU+nz(HjwhYXE7=|VXeI|4QI~P^;txb0`*n9imR#WRUF@?tG*L1egq4*K7s8-<=tfhiQfVdkNY*#~aPy;85!l(f7aOoP? z4-|(%d=!QEd8Kpj`1&Pl8M4U*0KHMEh7X=GSef2aMq-FSr7sHeGg)g+(th)x+3u~$ zzk6#XZSu5)Eg$jl74tWLvU3E$qwio}-`=GAe6K9!_GX9vuQXXWyd}GXyi^yrtiKr} zWAAuuXgv$%f@0>#=YN9}+|-_8Ggn1uCte8Sqh)1a-ry;#kTe+{WmC^pbAGgoCkQUW z>+zsJ?aZJv>~wPR6V8d|n)Ra9Tq~PWYDTr%xru2y$|tC}1<4PZ;%}pAV2mjCAw)Yw zwd(&Pt#AI@TK_)>zhrlm3EllNy1D}vb4QuW9c3$baW}c^PSU%p-|n)TEBN1UcZ1Q+ zU2=6r|95luA-WiBtZo>y8Beu{8>To( zXVbR-pnosr|3y63#lL-V5O8(HDrl`xopSKRmC<#Tmdv3A%!Et@iYc0y*NbLmT4F&C zigYruity=6t9=cWJwQu$muVfI9P?98*7`BbNOQ=1Il!CQv}tMD2FyK3`xj!PS41U)$7o4*2 z4i0kBpRE5zeUX2a68q~UQ3w(awT9hw4*6r@$2IQl{}##;X%+tAr`8X=xQxn~pp*Q`LE9SpO2CrK*QIqqgejm-rw1__5VA2 zJ4^hZg*>nYuy8PzD@EXne@3`X6oicUn+#ASCvDSkTw^=lVYdqb^5mxJ%Cc_4rZQzQ zAY2R!BvyxIl;nzHb}lK(Y!!RgfEabykHd`F(`r9`wdkp<)-X!r1Su0ir6G;;(zpcn zW^rp+*Gs19uJgV*q{VQphn(~_lF?f0fb3rOe!TBaS^34H)`X94etQtt_wR56=9(Hl2< z{L+Rv(r}1y7RFv49JJV_E>#Y{($*r6!m1xaWMEdEU-`56&19_VG~Q&aXn^nl%c;P^ zP`9)5WY1)(` z(AC?8l{R?ai&GMes>G5cfB6gHg_*IJ1X<^r`w+xhudr&}78NdC4A)(*`0|uWbE>r{ zR!UQ;!J2ZJVrl#vE7_9U%6N#h1M#qs3f<=N3xC2do^y%GZ7SuQXxZ+tKrKT{Yos*? zKFgna8Wl?#l89d(J!U>nEfVewCR<{g86X0H3g_(MzoM%7%2Q^kxs1t7mdjy%G=2uY zIs?(Qd8kpyiNiRN!Pz*>E_Wi5p z&o~a5URrJ_%eGdiUDoTP(^o&e=I~>BX%NCxB+i+h-atg|n*HhJ@&EVJ5kf?OweM+_ zZpbTIr^wKvS6Hl8=mnQhr0(R<(-|cL<(6ERPBUhdL)q!Sj!(|do}Zro`{?!Y_y4Iv zpIu@OMTJ|iC~Inw+2C{mOIp7B<WhYI?j z%_a?9OZ{3oFig$UfgU<>xdr{6wji%0DQ672e7=ar*GbRiIW^7@vcQ^qRdHdTAymsB zZ0FOpG;=%46hc#a;@N-g4ec(jG`#~gLPT1a(|!dLt1U&I*m-h?&Lh=8x< zBw!iiWYG5zAiotc6^~x`sX*|Ww`$kWKnr#Aos9I{Y*yC;ds_45>d*_X{IrV@6#;ow zOQTEVKinL8|!D?C3?)}I~|AVrGw5w^N@9h@nP)8COSNymr%(REnbTdgU3sYR^2 ztD>o;0xUb!RAp;`PF% zTSR>hr4wZTg6@!wQ7#ijs$GTuTazZgNO`GRGmdzqp?NmMsu_{XY=PS_EAt0Mgh%T1 zPVz!2j>GgS8r$wCbcT+TZqh#>XHQS^s~#o2lk!>-0V%&^O})g|VL8(NPp3z(-Ol!> zGtckFvvH$t*RsGpuJhBJCI}=`RH71rz@QOx35OV%o~$)5YP zotE^RxmZ36%WVYd8vnOwm3OdZ%kFDOf0GD=oC1ZVLP(~obWAvlPp$wlN-KpP1>%4d*{ z;=&Tl6y72V6ySM^Z|62f=-aHjR~R1j;V!sfHOc|3RuSSD66n8kqCJ$B8D3t3IX;Sz z;_qq88YlfIRnF_$&x$2#Q8GQ}Zn>$5X;ytBsiOnU6NB@sZ^=(qdt5_)%MU>3etCK* zkM^lV^E6#Yt-@N&Dbc55FKM8uZexXz)ig;MxQ2)OYl_h!2ks~@wxY_ipi2Nx0qbML z)orn>-*dAK1ls)rJR|33 z!c|_CdB##%gVPE@2Fk#xlLhX1}Bbhv{p;J#iC1AM%aC)B4F+O$As!GcB%5DYuy1lx+Ut%Pi zr>`rlrjiyeZ>uvImd%9JZ^aw<3VA^#5|&7N;py*6%C$V|>MU+^C08QEryk2ArRqqV z5+EbH$Og|zS}275p%78(;6Dh3;oR}x_V--;x7{WF!y+Cp{_`mt=&vS-pMeCy=4cT_ znU$t`%w~~sZn2wnBLhu*F+wnCK^hjJ@uY zbF|bO4)d|*yBQJQ%X5n&r(=E_#RL@40MV7*V);%@qhPrwzih?-y$B5 z`bdufZCnmpadeT}@qi(0W?GI18;#^BFq85eNYd?1kXRWtcC}*JA4CFkw z2**(Lmk{9CH`4h%V#)o}g*i4-KJ+^MTu&YTKT3MNI7=rZSW6d^9v!ht`#>50r|jP3 z|J$3Lz0D>6U&LdZtR%f>a)`gfA;zmrji+NE_gjf&&NhG(H{aK&Jt)!|lxYjRsNkOd zYz^Y!p$Ln~=-1!a)^(-X^Ur$T+~LQchM`rx@vfWzr-*`s#Q@m(b8UR4IBV=#bv*Q% z`8_>#_&-Fsp?hQ&)KmnQ@qa4sTk`+@_U1DF-$I_M*T=cxMD-h?jXIaG*0wSq<#QnB z=mYE{^FD>J4aHE*zD$PEoOCy?qIk(+|A0>|`TwR{`|b~(GXB52<-vd7U-JJ&JPYOj zXl9hh_fLFw2w%k^f~7auzutCzE2y;>cy6e2E4hq^VL$#2>|t4I^`deWV#8r^O2O8| z3Ap5KpGq$7KRBX5Q9LEh78t(qkbm-!z|F7noyKX?%<}ESkDiznWWWp`pCu?K9`BKICp`x#<&zdn^G<_K?ri8jA$j6c3F1jP zkxmAi#2o7Ck(CE>Ql%5~a(-Sy#lgTIQvvFP$+YsP_9RO&*af&`@?Z;DG$uhbxm2sO z8r;kDz2W4?oUM_aN`~dS^f`@Ls;y z+W`Ovm~G-f_akXii6|P44@fu~_2J^5c6A#Or9|m8%~O^wI78i{o$_xWTF|-lLlU->xNE^`rtGx)bXm5uEJ)M#80r|&VFvxVKm=-hK-h!r2q|whevVk_ zn0^d(;Lb!YqHZ{$Ts=!DS^t_`L@C`WsIZIerDgQ#)*Yr1>Bob3OiLUmvltY6$> zUp#wx3Tf#oBA`s&Xf=*6NlN8)%57O892hBM-NxR%yXPy#5vOL`_eyB4>Q% za5NIEMRbV{Yu=z+YwNw-FVVnXXce_fHI?Pg-ZHcbT=aQ=4FgL4Rn!YEIDD4qb$%;h z&q>zF67Z+2o9%uHyfjFisMD{SI@HZZx4khq0Gfoq^l+KaE&tWK{{ypq0GO(G0Z@Mb z=ji|G&!zmoh{xiF9*nY_n?LwGrHvj#C|l$e0W)=bH41;7MB06Ut*5g9>0GonT}R8c zFrZ7>+li=T<>6a_$-^FcuszR|{(l$X{4>0&#s|vmzdCyz`~H7_cX|J}kjG>HHJkt6 zcWh=%=LR^H+Z~^aU!MK$je%-9L5se{IIkpHlw6wPVYF+q+Bs??N6+{?mDXUYj3v!4_^ma`Xo zWjcImH5EI3-QSZhT&MaqJ@xN@>bn4!o&WcC9sJ+zrT%v@kGknycOr-RIPg^Q!s^5$ z+hBxv<3SkZc%n8iqv*L`SUvn@Rep502N@$S(aNxNZY;H*G7M!^wmY3A{?B5bd~YEp+^&L2FmrkNK9ln^+uP6+WXXzERD*G^ z)@0nPE)E1C?wN;K3g}b`*9^07lv#rM@O?6&3!ir9Wyl#?W%r^2$D;E1^*$<|fB~t9 zPR-9(EKr~pO9MSXq%)?kUeQr^K|}emz!y*0Hxt&*N3MAUTj$fY^+P0mncxN4(6lUW z*||Y%&?U<12F9K9G6q55IAMO#2bDVfAB;-bzjL+!qDOB>|GTy1|BHDn{ttuueM)&E z6_(!X7{GqWo}@RW`3BT8laTDu*foVU>~)g7Zype+BgiJG(wIVo7rGPolC1J=8ngG- z+^chYnjWnuX*|9~|H+SIp?o!7vT99G(&AFQI7NB!2AFZ~h>jDJU%3VdU!SPA;xJ<3 z0p(;iqdyol_~|JO(8;1Il!WN4gq);@>7+BMI8bM$60KmJgp`Nt^pz{)rh9^CSZ2av z4Z(xm&pbo@GXoRc-yh^AV0PS1y*wE769oG$Em|oxMpQE zBrohmPgd7I0GxV&@X2(^QBEL*IVJ=yxlUpllo z;fMERt^I!q`SI-Rr2UDX#J29&Hh5)kNOKh`Y?3EWNRuw8CSh#Vr%IY~{nvtmD_j3N zyW6(@XREV}|F@9GWB=jj0bdY8TuqxcLkj;LLb%QJOu7DRnF5#Te>d&>zwOPPCH~`L zp4#gljaWz7=!n0sVVDJMTa`&vxVtJz8ajJpqE+B-Zs#@`qg_gS3ck5QVy))n>e z7c&`KZXsXnGlTqJ`4X^H|L4U2*zfEtc_{h+>)8Q#U{xasD$}#AvCVGnZNrFm zDnFVcQXFNNk_SAM&zrSL78zwAY|sHijjq%qZ>MLl!GoY?10)UmR|GjP0|L^U0_BXd^ zg3Ybn&E4(g`d`FjS8>NW3Pxp5I z)}Kz>wpj(*vtbO-IjLCLAKHj3x6q09QL|Z|#K`M~~Nb1J`R@iFf5Iwdb z(i=BAS)Ik4lxnR17T8zCSHmQY>eW%U{&%-+{I}h$o#pyp$g@ID=#q)jVFoaqY;?(o z>u5+WCUGBB^n@ha^MH2_%tGl)@U0T8-AT)ALh0KOAAE{m(iH~)|3_;;Ab$s{Ak&yHxlT-DKN#l0wOv*h$uqji(P{d@as z&~?;U|F4e@pS?J04SIF!C|>`at?hj${wIC4T>p!BR@{xLaY$aXcO0b}Vny`m!j!My zh;8oex(vKQ7xCl*<8JT*+al2h-8;iE;LG!k^_j7;hBdZTv8e(vp$^c_G09qu#xX#v z_WK!mV>hgjSU%~;X%w}uu7eRUytd$c&RW<2X30$-9NMt8-Ehb~u0e8$Q`GXVWt9J+ zIv5+7Mpxk3oH7n*_d|;u(vD7(K|~9nJm=L2>`9Z<+l(&dYY8P-CJz#x0Tn*#!F)qp z9ll^IoIHI^C=U<&St67mJw`Hp%k;dHltJ55sVE#V0B~Ar8h0~tNh=^x*u9qM|FY3( zGP%0OcZ~c-G#li<09gN5JMfwWSjwXGbbHJgsexcs}?H~Dt#A?yS;a^>=>pQ zrIkv+05#1f*+wxvI5n|sqz1wT04dSOQG&}z5z*P&Z*9{5>o`;ZT5y2fC}}CFRrEg? zg`JWK_B@E?8InS?(5;g0Rk*>DcX;JMx94{ix>jFh$zVkHXF18iho2Tp40Rv5i9^~0 z7EC;EBAt|jIKz-TP~RYY9|!{4&-a;M!4$FaU6k>(UVVh`QP$|AW2!X-1pC#Q1ULj)SF3OXr(6_<~;p5@kRtk3! zjXjFN;ao)DMqmxHb2nRlz)RGYLJncq>dAHsq<1W4l*GuG61b}+pnYfiDrBe37w;r_ zJuIFD=3;D_%?xuwG3+5W??CtQj!#^EtoIItA+#9s05lBu&2Bitl}Zyxejg2coO-Qy z_{A|qhoOC{cZ#2&5nl#s9nfQ38fo3jqRfmY7nFBg+j2_)H{J1N+!Z6$BFC4!T3m+^ zj{(-V62UO~O++&2Oz_NkWDKRY4PS>hj8FCB?ii1hczmS9f4jZ+t=$e7>Yvg+v_(W) zVB;e=l}G_1B^F2fQY>1*<^s)OMX{Fqd$y~#&>hJQ({O)J&xYNWkS6;{H|*;^Gb}T9 z?)`o9otj|p6xF;R*~Do!t=3Jl=sA=MBMdD>byG+#`{5M~Et?{2v^4z_?P zDdQVDTVwAyt9pk&q+9_NyhE!3iwa~7`V?ljd6}A$V!6Ts)MX037{QmhN6wy~av_7S zCD@ZhE0Fyb)=&GwG;4cG8%e*%GzSnx=N|;6f@wyl`y*#2cSXP_Th_o~u|y5dhLnUM zR~<|ruaMIsXI7068_E*{hnD|78mfK~l8umy=qp~mKs_RS?P&ELo*WlR@1>#VOQrs7Z{RtEi!elg|-EFM1<&Tdd>3==;YfyYAvdLRrt6oGUXrngKvgCSy&!4Jt1w>c5Tir7lp0%}RQ z1*IJ<6_dr6xhnyVB+=Nra#gPY5P}pqps9Q?MV}zG1enK|tGDPmBBysh3z6@m+aeml zYyY81?1oRvdNO?AzLZz`oKMU9c^3XH<7arjpv3`}uRZC=2}OUpw~E&NSXt@tH(v!q zgkKvALC4rs+3xR@r#YKqakvHD>OQDQpD2aqeDjtU!L~GyG$X|>&fK+~2^ov2y)b1G zwNDy?xi|y!7--c?XF^@_K^=E7WE5knJ$6o&B0sJF@#f=AgOusUk`d@1N>*-_fm8)C zPHBm9R*4mcavh*41Z&(-oul<>Vpqg=EiTalVQLaIzB!9W2RKTw*kB#9Md7Zrzr#|y zqx|EJt>1sJ1>8j)4>PEtqu1+(DGSUMcHt=cO^Y-dr%|L-a!T7g2c?`UYy(FwVh2$? z0bgUcNR1O80bmNPht|A)8BY!UzcK`@SqJF-cXx~Ie>TL@n6$U*I)mp8v~aX|ia_~Lm$lMUdO zwugHLBzP8e`=I5x3DcMzCfP0o(0d?*fx6(9?zz&W5p|8Sdc=_sdo7$aFOso#ogfsJ zQb?d@iYru7j&%V*sY#zD-S<%n#L-IX>SLKUETYrlBBE1vZ>O{O?YEt+Z@=Bz>~=3h z`fP88k9WI!`lm>VcG2k&uR52dZQ7Y3lC7Lb?lp%1s1U)G#a8R)k z_7UMC1w{^(MIO;AnZ}(H%C$Zyd#95jY6HgI9&e}=%Yo)J=@U8;hLOmGwJ44L*wW|9 zayFn=RNsQ6C~pWNQDL|w&8@NoWsIvJb1#QqqL#C!h$iHP-*a6zA&^6dtx@f)Ur;suIL` z`9;b8;BJGB1N9-6NayKfNN2z!ChalJ2j?t&D*g2Oxh2^1RvZvlcPIx!(-?x%c$Cpo zX^xgq9eU8>e1)8{X-!9Fko1^JFg9;ZfnTz@p=5P_Kgg0z*cnJFav9;U0<%YiGRP?X z5NGrd6T#A31M3Q}5xt`1cWP}V}kVdM9>KGh`nP$7fI`cgde+j3&k}hCc@*AyqFh- z{U6LKXR08iO4k)@A;TW69KP%7NZ>+HCe!=!dN`NkMbqjkDjVrxIv!V0IbtAt39h!%EdLp*uagunq;Z0=S*~<`Qk@3f1v)GDGD+7xGW;f{3gYt~>VXp~+MVJo zVtPcOPKt-l&Sz+p#QvHxs21e2Ko!4t$YhmJiL8@r-{fzl>SCJ&Q1#kWKbQ_ApYB;A zcALnw*G#VfH(R!Ph!2W(^)$4R(x5~Wk&L`~+YsPx+yOA6+!na`t+Z8D43X7=>BiyJ z0l7iL*?_0(sP7u+mzBAR6?T)+E%ZiqTwHTMzDVgD2rees?FE|C@|ruXZLp1PAe$-K zU4%^p+hrU(9kzNk!AQs)P_*1)K$S#)R2ns&%rkCGix|Imrn z>D`z)_nWWN0jCB8K0^2Ki1OD0(APzRScAz|99yBS^oc9^jV(&7x7s5Z-O`8 z-}^u0LBdt=`qabCmNX>iQ)|(i=2ZlHwS{Rt{a9B7`uVIwJ{@#VX?)}& znx_x`T-+13?{mv%#NrHD6+E`uq*Nhf)}gZ-G9P%6hi{jF6)8mx;ZkimXowfjV@&{h ztoeaM%@DCwOKjeN3}SFxYY4CQLHO~2?CtJu@A?5vW+_fU`o2yQ zJXSG!Ib7<@0%;xyb)B z;lFmaJ3G5J{@3=_(*JWI&z$6cGkUMoMa^>~Hgn;%WG>9hl)EypM>)5_SScMt{GKM) zU}+&C^1|)bub4;qtQ0J_e(8@zvl!_)gX#uaKta>gLpiZ0ytzH`dCizQc5Wwd0;;NX zeOG?XdS0tXodCZ+sS2LnFcVn)T;TscPP6gPbi@6TW#I`+nUoG;YP>mLRx=TTBi^7x(D~H+KUxY31Q@{ADtPGpe!Q$d7nd zCmkv*+LLTf2UKiUP8=Q95rRKL#-N7)p5oC1?YI+Zij^YOs(M=e`Yd;sS2@)l-`Omj zr1S1b!&}AKyx~$4`%uLln#aCv-j$Yb;8yywojf4fwaz=b+K)SJCPdxqgfvg1Fhw92 z?HV07!_lqq%0OEMc0bCdUDGKAI_ZF{etLTJ`V8X^pT9hOadht{q`VE%{p;vIg~=GJ z!x9gjGPTs|+v%&HUOzpe!oVe+NqlM}&216@A``hJh%!Z*E|qltWx!Gb5Oc5TS&=3s zoeixXNpGEMtVWjCqPMkHdz?NhuS@$AL*xX%8Nw@9n!@=FxXOJxPRom4<&=%v${ZcpiK7r+Y4F$qniR_&UgVD07E;p-oc&h**a z9eFZ2Imq3e+rsYkAnB2vot?t;xui?qFGji5?MS$M=cn7wVy7>oIzM@Se}_(wJEP0` z{IImw-He`Gr9EFIhgVKASD;q_v30_hUm@^c$4yuHvVx0bsX7?6=03^DU`5r5Q5y z!sJ~8mDqo6ZSQQ^_Fwy3%lIz~d92gA>Db|31NqU2?AstUnOY2S2tBTBBNSdpl{+H5 z?Xl|qyjMk5Wu=B362gaH^P}xBXQAv~NxEcI*D=*m+amIp+{E8j zQuwI*%(nltLra-Qc**|1y|v}Uf7{$%#{XT&!WGtE0B{2Xlj&-uNTG+Bw*M38%UZi6?Jm3law} zr?UNso3qS%q=My!c`-K21rQ^z#B4)PRNrWW<(}PS!#gDPulnqK6)yVbC(wNXtS48T z8;!JiRVL3V2Xs@MV+_m>Vp&gMv$K}TYbDKIifa%4OeO!FUq}5BU3jhWs0tKNnf$kB z$A912-&w|gT+Fi~@XZ^z8tL9dce#SCDscBNz=hLe|x;bS5@T{wgC;3|J+;eI!XO z{g$jifcnVa3c|8U)}4F`Ioear#)fa^IvH6SZI-&XCNixUKQZ!JK8`2z=d4Bl--U|# zbC1%WyIXQWWWzUw*5Q)U(>h{KCTnp#Wj4imGfdZK+3QqFw|~w8+4X9m-3bfYTG0$gwgPg_Ly<>>lZWMf|+mRv{Vb7+nIPSxS_-~aRFzmWpSgY&u6h}4e* zS|a~#?(Xea^55QWXNmu~kf$IxW(Q%ujNq7uImI)@`mY@av`qiAyJhQt_BMBx_CE`G@USDc@RtBmcOGp#v6lJ7Dk}jhP+`S?m_%C6^2I^WVj1% zNGMhn1?dflLMnU#Y>KVydPA^F%K3)$KPijo_d_%$ucJ{yj)#{?qw((DyKXYf09gp~ zA%Y(Xdp%wDkf_vB*zkR9@diVrc3M)v7Oz(7WYnWa45+cuIL9Ci@|#0^yO(q`{DJ?R zL!vedsvxe4dU|NM);Ttghg>CiFfbao!sNy6#wx*DW1jNO>!asKho{Vv`>nUtx%{Ug zO5L(c4Vb6POoeOx)YUO)->$D1zc&ayp(P)n2ee-0l$3TXPgkLDe;US>dv`MQ_pjDt zD=cM?9!lxCGYCeL^vdor)(5x*(`b;~0B$!e(+XFm#R3hpEa}EFKo5h8l~E>HT?}oP zpNv~Zr%AF)yG^F7(s84!G(`C&zvDppC}+_GGdR=d&C?$bU!T2YUd>Rqvy^zoa_U*S z3bYIKW57*gfm5DR?vo7S-vsl)Hj(e5OAy!i`ZJ=b7&OEHw%$h8b&m9`bX9o)EswE{ z-~!7N4TXRzEpi4*SafeUBaJ2;SJ8u)XApHR06`u_9E0h2id;(>M2?xND3~4(y{lJ$rjY+? z$AQ_b9sgx-cW-|g|78)+6yskz4or#szqh;V=>PV2m-7EY9&h}YyrKVWabP5vwHL~o zQe*L00cPFdkqAbUeqW&Y9ACan#wRJ=M&Qm%#CU)#x1&gc{2;Id4ja`Eh>#x>Ium$! z(h#CZ$3qC*0HL2LzZ-TVe%{Pv)SBTBohl-~{PCo|w1T0&U@`z-U?ln~ZA|A$Y zW|T2=dWi}z&Re2on+&+U0c(=d{<}y+ z?3+tCrmm^3UTg6}0kZx8{{~m+$pN9fcEEoRXlbzKb~j(dyoD@kgpr}+X4r-d4HFxS ziCKf`n0sVwFgmDK$8(MQ^+c=yJ0 znI_d|Q3^g^;u8Yrg2MfK08=tPu#X6@{(3@ zKwc(%3a~w24Z{&cRnN?poTPDroTpEPDzq%1odL}k`}PW0RhUV5gfd!+6eqOMwsi1N z4T1AFf-XNyxd^dB7`B+y(6)MU_8vgGXye#q4SEr*sO-uAT~EWoT|Y@icbC1p_3OLr z?q;L+CJcUidpEopMF0J7@2^AnXS4zTu6hawR*JG@PecfMf;ev46|mI`^v}1#Rmo-m zh~vL?YysXRasT`Gfq--T2by)H~@c_fAeo9y1*S1-n3k4G78zv7Yy|< zx&yk-5(z4G_g&1|i%s&3(`9@$2uETC@W|>dXr}te+a{aFzPt!Ws(CqWfcm6aBlMxB zB9~Got_s@-vT#~uJRmPx`f0J7VT=ij&A8G4-rfyUPQ5lXR08Y8VbJSd4V37=f}P6U zD_DxQk>a4!+G%YgNo?F1<_D`pBTcJXn;#Ala$*KzVrHBM9Tvixpexp#VAJ8D&w9RR zCjC!|-@kZD&i|dg&bICU*V$g$|19Kj9eBjCb+AYu|2&0*5X#FvbMi{4=&6&JUH4rv zodwH#&OWybvp>i8sWhXnZte$F?v}{Cr#z;NMSW&KT^8D$Ti^$N_=76_W#}nX<(B%w zbVsUKMxhs>U52JZF}gr1R;rDnUW^<-+r3cx^Fh}CO#HuxIPX;6EZzZ%`G2Rgx9jl# zo$bz&|1aX12Z;Yy$GpD;o@ucmOZ|#TY~`!Vb*x+k+r(5}<~92DvB_(725X$^RWe6q z&T`s()y(a2Z+HBXjZgdj#aFfWl!E@}^^u#?GUs=`?EC(vR01}_9@^>PAw#Y-Z(zx zq<^+G)KaVCmqXQOId?i+-a&=O05>gyfp_?UpwfGxW>z9$C^s?Y_@+}VI^X%SxVZEA z$nzK#PmER9R3XgYvC!wi}$XW`nrB~;fpH5d>DA~C? zs}B}iN(e?;|NdE+Ur$j|vDyKdv-!6srbS>wxC%nryTLpDYhb;j7QeG)_7*ZQ+Xdjp0XMn4|iuQ>y+npLJEbmxM!k*~0vPhLGk zPdTge&=_qFi=a=MlrKH0dk6D~-@ZKYT)s4OmzH4}sV%1FztNeEcWq~DAJvha18@@% zK~~VEL1UqyT^1bzO;4 z_BNOM|3V&1P}Z-=-18@XRVLk#g54E!hVdHwGIeD-W(X(aYdW)jV;-*WAEQa^O~-Ss z4D)HqtL3@e3!?!y!28fPpv^wmB(BjTT{MLDWNYA0qdBp>Spzo5Z{E=8J&stSn<%}Y z3E+9NM%jarQ%1zF<6%^6?L5s#W?KJZQ<%~IZ)e+<|2v(|6907}&rA^7i!=PlxkC(X z!ve#oz;{dT<}+DRg=E;*hklK{iYUWA1&V_?WBm%YhOvy3h38W7@Z-rtQx3hB}32IuE@%KmRii{vUGV znY?YFjQ?-$?b`C+&ffNt|1aVxkpDb@$$o1o29%n=kMQJEZzs8?RP(eboRN*-qN$n} z6Z?2j(|26OBy^3&V` )9@a~WR8<+{st%p(9WW^F2nN2#?gJ~NxOXJ_RM6U;}jE#-IcPy1m!kYB~EIlOS4{n@+Ylc%b~O@j~qTR*4`Vmds+Hgynw zWB?Ak4IR?~zpjvzCyq{C)ae(O#6SuI8Y_~|IX%)>;JpCJpV1^`Shv%4Y`Twga*_caBl~G z{bT^$LMO%n`KFC?yZue$=;H{1mn=LUoGz^fPp8G#C_Xs_DmkJ%wOCjQJoM-hmn15| z9WdZwm+WohpYh;ya(NklB+a1d3-mz=e#+#SP}Ttw#4Y)C67~U@s0YVAY)Y%~bHqx= z^kb+4nw61@s2jrVUPjxZqn~02pkDyvs)(+{_ISjjTEDo(&UyCo6w(6o0V!dl)i}Ns z$30evyme)WsSKeAw)B1ya+VkoEdqq)0I`sl$|vvyR5HT|M^FM^7%g)uLt0H z5Cwd9svr54J*D#BjvfDDcWY;9|GAK-F#hYet$j28tBCaF&J8#>3siN~#IRs+0#G^V zM>kPliaEK_VHIw&Z~hq}V%bahLrz^gP^=c%-XALV7fRwk!<6#0anhm*CEvb`Cqsx^ zd7Y@lbe_b&w&II4yp9L|9DuEOayd4_%VLtw<8L=ru0c4QME!rJljy1yO=QXeyx;+6 z-IkVwnl0%i8E!~hqWOPa62KC+GHsCMbu@He5VRmf?2c`egGpmOT7SB54La2d(XuGx9XUpd zkyLJ3Hjjsrp+{;frd?638LJml{XEXbaAm5@>;z^g$+)rmbX322TTH7(HCzP8-LQ~a zRr<@xfO1TrTjZODO1Ip1ohtRS#6Wd887CRU`38M1j{uNY!W}t{@EZCZSV+EuzaTr6 z{3!ikaDxRA(D9M5nE>w#d={o*cbCesT2j?C`lpH5%Dfq8zE#J><%AvDJva zbi$BH&XidmO2*^O$D5UiHmTN}5_5Ck6@^sNtpn;){pr3M&75i$L73TUlx4i*u?Dp$ zPJonv9GesTNRK!J`U3=zm^;;)#cyf8JMuFRT$iLGCgFsK5YuCZRjgm9y5_uAN{v$t zZ%~xep_;8;RE+RY3UvtnQHAWp)}WBr4V@j+}wA1 zoW#F4Q4(>Ai<Tun02bx%dNYkTT~aa?W+8` z?o_GI`9`)MPQkXGH?JLE9-u>T>v%|!MMMRo0YZG;dg6#MQ7y8~8~b$Q@{*`8@QpGh@$63L+&zmel-5~J)= zx^&D&HO6eMM7Eb|6(-g#!$b94MAbP_4gO7@BJK!$m^;x^Q0+vjD9B1rVBFMJgxDmQ z4MkQKeY1*S>Z5uX_bbuNsn$_@%kojGArLB;t}%i;a6qIN1?nlE`kYTd8du3g_eL2+ zHyV#IPS!kVuTQmxXk40)o*Ok#$)oC*PCAlcl;^6vkewNXw&PzQ-BW9wS1LfwkZi8x>`hokpkbgK-&xwD`Of~Lj%m?3JfI+pE z`axIYU;={C@ajW!ah)XZyZSvaw!@&hFm=6l%tW;`#jV7zRqBW3*IZ{Vz*5~pOsdV) zvyeU;)c~JSl+~mf!8Ycy9A~0h0iiIJQWtr{JEPf7T!RM*&LQ1kHx>@wo=I9F6PsMbg5%nCG zlYZ`UG^y57&q(=Y=oo38NHE5H%xu-^} zul=bP&-s`<5sm=|$*W&5skT!uQVvn}AuVploqu`9t+l|8-!R$Y7rora@C7Rd_1h=1 zbdrof^PTu^aAvV;kyNW|Qp>RDjvUHQ(uxS~ngPI2z$9gfO};=;qQX`eAUzl&jMktj z^w%!c@@!=n#BP%q#>R(hTD@S}Jg3qMXV=N3-vd&`Re2#HbliX|!Bv$4C7~Ox&s;T+ z>g!~fq(1wtJMtrZ;tp1#w`YIq&kzUKq#)}Zk>Dq$rcdjkDXDHY-;woq4s6Q14L31R z4TErosP^2Iu7G-r>i3T`31P&o5*a?e@T03qb;ZPAqvOi*nafkl|3@J|)T#sges*{B z{r|vUrn9}jx8K>{+}hd(|G(|d_WzLG&(vn)`Gfoa)EfUA1_M#o0le7%t3zKp{-3*> zOZ@MJJS)<@hz%}EeD2V<8nz8G$3sSA%mc*96@EAegik8&L=$*?t{^PT6?mMZk2xXA z7v+HHZXpdfssVZPwy`3CbDH=)fcybF$2S}F^YJBGw}Np4nlYlhi_#zy418Dgh_ZRg z&!-?H3$#=4T%ctNVbbH=02rOjv*GU&D}}3_{=w8{40ahx1HamF5D#gIP?8W$Z^H3YB&0()j=<+v z_XL4)<_8M_fZP!6JRqG$gNwHZ4S`?;t`LX|E@l~=G(>bsoNM5Hi*XTYGe@*n83{68 zk_<)J(Blw6nR+zL;}bd)npXTL^69?O(A^Z+8w2!PG=fsWpv2u(&7WR#}6$47gy+iL^#emqRj}vaicB<@@*nQTE#Lqg_dZJu=IxUwr#ybjyIc0 z?1r8;Q>F2@*!Kl`0mrq!q?2dJAQQoB8;%S~s?=%B$_P(p=ui%86pF?bn_(Ggbg8Dh zn&aSr*GoX)2($NDTc|DQGEaJeG$U-|qUY;Bjc;H@2p_LDE#AvHaA?f_(&h~7w4VUC z0%1@Oe?BEg|2iedhc5`A0x|YzA#i${0>rn%5A=V7@V8`$OE{t}LE&lKrhSrLO{mb{ z&Y10Qz>5rckpYI&ydDqwzB#Q}F^mM?xf!CEwL0OIeWu1T;DZMK)8s*B)R9mwjg=K; zcz;PJ%t_KC!nm1mD{%jwK>$Qro83^<>yiPdgWHWpfIh}zNx*;$tJ8qLqvbRl3u_N+ za(fQisI|v36BnQ7LE}m|8ifF`Ki5L(3*eITE%P?(j{Cew9z}rH(-MhWVSjWTw#+KH zz4=L+fDJW^X-U?;S*ue9hjZ1+IDnWA-S>2L^KYU&(V?n9h%!>8yp%2|y7{RB8~UQ) z_V~yg8kT{xF{wEFMVsfB$q?cJm@hd{7+NPA!5`$SOEV2Dh+@OtDoX~KNx--XVs){= zc(iTphHgX5SO+byiqUPYrD|xE+pG}e)KGo9AxwfL0mb&SGgJ-R!Z@J&T%Zhk+YQaQ zmksht1zXsLXOGi*$X|X_ zi`>uJ7mwY5{!#tVZoTby)}6BUS--rMuQMS%$=~eWQN7Tv^t6}yjhTF1awVnGc`t#~ z&hA{d2vK}RQ@OLH&8ICc06ud;3e`N%L5aC#gdtTBa~{LL0oYZ*(|#j zN*bk;74kC(%o99VrV-sg2Y{%^eUG`UC}~x0v3QhANIwd1B6ifpvn=h~tP8M3SakO~ z0ijiR*nTw z{T$G;K##Gv^CIT$;~dRMZl&JdqN!m@obZ5Jp`p*G?dEXsGP=0f{w$|Te&!{BB-(-k zzo*Hfk0CvTakMz^^#UOFb#_|c!h|bGL?@o6|Cv(%Yu;m(XavjffA_W>{O_%uW&EFo zJa%x7+?!+@>{m^g7E|-#A=eK5$}eKeu);lpNoAC9Pu|iXuhy}l8bua%E}%=bvgYqiUC{M}%LDuA(7E>e?Z2=|xf2*^E>t=$I=%(gp({K6fwc-sFnP9zU;AR)+5uffY}RtxZS7mmW>X*ZX8p4!kf$>svDyXi-?#Uc`2P!e^gW&KQ5l@zEdK4of`kRk4|>XALWS;=U!Tc&qA&gBY4G7r zgVx~c_7VPF*ho<-CoJY%r;JXZnU=+kM|{eg!cv?4a=KY~qXNvI3Eqg8OokvL%H(~b zO@4U#M)%C|;5*I4n$zrf?1>FzN`!~D_=@zFim-=1nbochiW2jY9lJF_P@6E?dqsmA z9ksmceGyfy0B}ZNRWHt(PJ(j_%^rDwtTiGB|4g3-`t5WI{cH(eOqMt0?v4)wA=LhcAxg z2f~apzfY6Ff%cLxyh|RU%z1wjj;{|Sn?b&iTh-~w;nUAhAG`Q+I+U*P^olKQgUeKb zDI$6?0SN+?>q&kttO{u0+$*nIg&b5=jZ9UwSOM)*R47kl7wIoigWV}8Q>Cg%sE&(M zRIW-^v0w#VQ&6l-RI$)pWSN3G^72%yQo+I$)FBg9EVOKD_@+fpQ96`LL5W(jiUk*= zofK46n6YBz+D&{xO)6E@Vl7mWqO#4TRVzRMkfLHCLB+yya5)M}_ve_hx>_|=uEd9b zQB;p7ef6r!imqCejwDe~qL!>)!8X`Kc^y`c%GDVt4TaU{DJvE)!)xT1%ac?tkRu%w zmdMgnEmDUeC@NM%bfZP>MO}wl>ongeo?*N9964x9P5i}vJ)3b zRmv^cDo=iRqMaIy)bzbP*w&Hyp>)~_Pgd83{Jmj+(`r|#P)gs>suh`}i-Yi;(kQlr z{5biT4nQ4jnWp}no0pvnR|52 z4XGq`k|r0Ce&&EH_#dLNc?=oh`J;Uuh5hmMZ{{brY_JE7$8p$y7WKp1(}>amW|O;G z0je|hV8tk8Y5TLsx(`4Rg-R@?x{%6lUvW!`u}O||Hheg zTtsK33l`1YdmB_{|F>huf8O5S+S*&*|19F+6BI0H3wJTeHB?X^5?D4N_>Jbqvo_Ay z*89h(c9v#=VAA>>n<}1LAY)ej-mZkcL@N_mxm>L$jFJn6k)~3kIF~`oCKnJ$7yCUR zhUF+%rem|Fyd#`xO8h}A6{fZS>s?fbfhgnuTbq{s_txJ2_A>tWLLT>K&Iz+%v-v#J zKRe^{n*RZ>`4@Q~@4cyYrje9gw{-SOC)YzSfj{&!CI5f<>g?#WHU2oRQb!s8-`?)H z{D0~HvyjIF+W;PcB#Xh@OhR2C)?y!3{h4r+{+Hw$KUDN_hBqI`A=OUSm z6#%S2E=id9*J=QyN%V1)09c5~!=W87sTkNJ0913(sEdr#zUU_xlwpE99rLYzeRTNj z#Zha}TjAA7NFt;`(wj1RQWmukiT&~H>_qy8khVz5zp~B&t69j^Y8(&2>oG+jkw-N* zzE;h>u9e-;LmBfLZ1t0F*w+iwWS}ZAAvohP-J>p{BKkh$A!<`L z^?@TW=Fa7@v{-2cDZ`%BSZ*QspU&!+S`v0Zk|KT?szH{gt7nvaf0czLA%=^8U zNq&lNK)L5+1@ED`a9D=`!wAPA1pW($FZ|;JD7b!aJo83|B24DDiNjo(OFb+D$rs#oj(oOmY)IN* zjTKnd@}^p1TYE|~6I;E>0)%K*bU8Jec-ee`*%;cM%AI^ob3U0jOmkYMb>*3dW}{#2 zGv)qYS@#D|iU0rR&i1bD|G&GvJpV1^vCT-QJl^T10890rPrWy-YOlVdq@zh|>WTT7 zHFa$m-|!0DD5W~>O%u*q%}1n(N3G^tVU->@*6@D+N|!n>DazGy)~baMrd#m^FUGB1 z_+-vlx8|+s)~?i>P%NCDeWYlvoU;<6`FKuEjphJ4BRR@5wAzeNPNFkboa;U6(jmUm zmEa>O*Qazw3YD{I**J0cL{QY_FKgwNIwM_mm(e_yknY%8ZKCKtt}|9%?ELDPFTFvW z!QgP;8GVy||B$5?wJqWp%nw@wB_L?r=OGa%@lJ zYW&=Fm2$7=s%BlUD0>-t#FN|@iFyigo3rqJ(iUX@H~ znEpr5D$aKQ$HUdl82@2w$BqB6xx3W=E#mQC7I5dgJWZf|Q7C-%mfF6DxF;q zPF74@hue{6$9E7bW!NQq+xTZZIGtQx#ve&DXgVSrBlRiUw?bJ5@Y`GR>x2rAmoY@^ z9*wXOt;Ww0D;?91p$=$JMlPam2%(>|WMH^DVbc-!l6eWCx>3ZAj5D%+af{vZ?Byw> z1y2<)K-g$CjxVXGirWP%gd^baKx;e_^H_!%$H2)L#|?<*)K=+bwYLQB?jSzO&J}5L z6IAMbu;3OyR-f*zHexrGm;vUeQAh16OvmRY{Zo(X3QR zZf_n!TtF6=LR(6DxW|M|Dk@4~biDzsGghEl`VAHpIKaE?A_h-2w&_*oVqE?Td?r5f zyD`6oQBqkdPbXRvo;5^EJY@Mu literal 0 HcmV?d00001 diff --git a/released/assets/rancher-monitoring/rancher-monitoring-9.4.202.tgz b/released/assets/rancher-monitoring/rancher-monitoring-9.4.202.tgz new file mode 100644 index 0000000000000000000000000000000000000000..cbf9ea87261b6fd7ffb56cc7576cf4868056b259 GIT binary patch literal 217389 zcmV)rK$*WEiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POwib{o0TC=BQCqpQH8ob5y0q$pYP4D(FBt;n9lJGMukWaoMJ zN+uex8zeDmHhKWGY{u4F`!@F9_tKs#c^3+Y2KqoYB}$fO)IV&o8z>Y`g{ndwIL_i3 z;nAFBR5DJp>ELLFx$H0SJpJ8fo}HbYor7o3;QyVSo$CL4JJ0uiH{5&ve1Ctq|7_>^ z?{QiTUq#uH9C(b6?4Wvy4eBDa*uY3n9!Uo#0r`igBN^K}xf8 zF+!iW5JD(I8J?37g7tw;S;1oh9}p^dIzlrkb1@nWrWC5jY(B_2n-e)Bg@|G{pBEXG zi@}Vf^C(t8L;&}FE+i*-j*dC|nZ&X?Y?c#_CF6thVoaj)L%l<`-|!i8iJ&4k2hIzsgw62(0EZjNOXDDHDF(;YcAy7rPEs$i$3?Cv`EYxqkxCkOy5=j=3EZIWnZ^fAKj7SAK zErcZ8>#c62!~zvUy_GZKzx=^0+WyvzsUg1NW}vYeFk6}94}A@w5QN7plO&TBSl*we zteUzxR=pTtA&B&goTY5aqIkT&KOXPLd(RH~c{bfTCyNh^Ct|b}A&c5pggm?=RK+y% z7sMRXOk$c54lwj8yAUa5MMg2XaPP)c%rTG8w<1L5n5H8%r8wion6m#lRWDTUwvZ|9 zzWK$Wi_>$=<&2(-rdsw}SxdxB%Kym^#*3gNyykQ|UX(@Wlrxdyi~bBJ|DI8D(a^&G zBk6R(*;ear57j@doJ+!0IZh^5Vnzp&6EaZ8&A_~9guhjPt2k$p zss1J-r1;7$!=U&R{fZ#R;r(zyI9F^13W%egH6>9qDL~Zk#=#X1h;uwfvD z1<^i!yT97;Q_FtQY3!bT+c0)&X)oHxZExAQeW@tKnoV52>(<)6e z3=&n+4n&A>`GWEh8W0%|$`vvYBK3-VPgCMG8$IdgAgQb8oGfaeqjR$Gip2OR1QKKS zb)7YhnEuO87-bvQpa`dm<80{cGA9+uNXTIDGNu)<#)1m&~tt zC_cZ*LviIEE(B34gvR7Bj#-h(BTf>MNs3bu6r`CTaly&yInDo0IGrr6cy{O!9iiSA z+=XVw);x8a2(TyA6Cc>+Xx{(}co$ZQqUGmg_Z9`8-LGBp zanrVh4_ZEXt<$$+0$Ul`-LFjexr;;i#R%n>l74o-1{%3q$1ep= z6@_fNLu=409-C`C4C*#SGnA(|27OzjA{11QKjAzd{e)6HCaF+R-v03JLiafzm>-_5KGVi*zU+`2>US9_|LcO|rPag(OO{f4TBv095PBK~Q6>l8L zKzlhty*5>2uQKZA-w0$bmyl!#7m}41wTRBu;xyN;hu7}HphyCF} z|G)|-ErohjEMV>>L!uZ9No64k%(EJSNs*>{9MziO#N5EC7SyN81ZlvpVPQaj@;rs> zVVtI6<(SRqEYl@H$+?Y0JfC4P8zDT7hr4@Q+i1Rk0waX+`T0E2nsCs7qQq$K^~JTq z*1K6&h?@&%)s`uHqKc~R7bsE9-M8MBI3-+~L)qK=dOy3LQ<4#mQ}50BH$G1e++0qz z2;KJn@B-5mk7-KfqOHtJ&RHvf)09;kO^K|$DXG9;>PQFQ-?D@ps_xTly0p*_mQG{JcWy zy`SD~M$^k59Q7?_2s(EPf^avgnoo28!Td2iBRl)i`7rrZ~w~D ze@j2oEZ}Pm#Qr?lHkgp4h>6;mC3V!x9*LOc3V)pEZ|x_cNyrHG`cHbMGiG}?bs#PG zGZZ~6Evy>L`xaQLl24Z6LP$18+%7l7xJFd{t+&0tU(*EN-mrOlzppkwP7Oaem2$7FD z2aW?h@d_wprzsobbfm3@WNNOT^wDANDo@Ci3dt8n0#mae%hYfcO&3+Bgf5`(p@#k8 zH~jLa*-caHipCPG$%2gEKtr8fA^FHPJH1vWE&F} zi$Tn?nB-Cna+vf%&XNceNK`H&^KKjGIp%Z5Hw;#gSaIZ=hPn`LecRQB&^9uy^=*Yd zPV*VAu+p%YNOH`X+V?>BM(E*_hwDKx3&DdjLJt!bpA&Asl@RUVmLSJOc7n)@OdTyH zNK4Zvgp(`=9*$*jdp>8JDBRUzH*~TPBtai$B!fM#s3=@<3k`&?mx<_K%g08p?r>b(}@2cJ)?X?#2m z-6C(#je%cr0LO#R@tN^_0S8Lhi0MP9sWpdOPLZ5p>G1^U15Hyk;A-fN!9}bH3eYGY za338rA?P?I)(8bmNQO_*#jb5MFbmx^ts1I}uqL}OEQcOo)p8+7e-pD?z8AXH$h7L_ zRs?52gRKJaReF}SkXt+YHT}0O0f9@X-~|}FqH&Q-)l#l@bDi$-B8!wnqNakf%&A6cU3^wj37fjF zjWB~X;Vp==L@>f#hF4F-F%|-dSSLz=UV;mH|UJWNxR5l2*W&T_)j1tKEGIZ2RU`mk1I;jGP=)G|cQff$b$8koYl zft1ZiI`4~_CSnP>ASugfHa#hAP7+j4xNQOZV1zzLZts2i6e$^yW-SCTy1ewtdeqV{b~Z0kN%NFwf*AlOSpq;BTWkU1 zH~Qose>wT#{V|Hr3nDR1#g9+iw;wz~0jHSHl~AiS;y~Nb3||l=Ih{@kSG)}JN3b8_ zL?>t}(W8`PsQ(vLTPunBe+QoSG1~Ea_5?~8J<{ljN9YtN4x0G@$|>WLB*&O?;ln}b zzyHtwi=KS?g!)QALYJ4LC+H{j6PiVrmp@fttMP0Y;>s&JLH(B>CE*!P-=Dk=P=8Ic zbG3|NmD{V}Cu(-vs(6iTHS`kz3Djw&DALlpPOiLkEYzrB7|aB?11K1ae;mGkdGZcL z(EEmx-eLocQqfeuTB>Vp>tUV>@#q1fGVY{zkuRXs4lc$96oo#GtJgp1Weby_Q-X+cc_e z#ZU%qT3!45lh>ms=s&BChSffgL{2$Q&oU;-S&oy@pH|@kBD`4w&EHPQoLvy~NFUdy zsS?wBZe#RN&#ufK>X|jvd)&}nM^UTv^U&$ER}j%#CY;?~=|S?Z2D*=;*$O?>GmEu{ zdfqbXp`JItR~}Sf`}#GFtVi={HswT!MzOz5{}SBaSiS#WnUF$XjB9rKf+i$UBl$`< zfvB(z^nHc@OjR^GK6s6yQ1g|rIi?vnfZE26v78B`xdK&>>4v%Qi9oxVV>v@&#)>r2 zq7n!XKIqe&#C?#ej^VP+M@!W%(NahaT=VZoRI_-IRcMyRAeTU!2i#HvQBh@NDv0pdPL)eyGa4ha&kd35YSM{ z1lS$8d%tjYDvg*ne#p{=R(1#2Qc>O%;w%XVthRazLBQ-tksj#ZccseATxhAz7Wog^ z`^?2l@b;JLE73Y{jf`YSH?U$L9}1Mx35geRN^ZADp2u7BRid@O!Bgw1W^WXC`_KB{ zm^ZCAitycDdK|F~^hmb3B0CgsS$4vh4DRFL!+SyWjpjhApL_< zc8+s3D+I^0a9}wBC9&0NYv{q~nlHzMpO~_i1Q=52E`i}@IM+for1b9ak&DS3QDcDo(xQ#_Q`T$uWnD z`V?qhRc15w(Gkwv=t?#vaz?mj;8cG+184u((@j_RMB}b#S@X+qtE_mt<{R4W=Sx?- zt8NLKU1A`&Y*$QAin1{)|(c#cn>UuXTK>6D4VQ z#H76QRRa}F#3CmnYk~6WxWjRXgxTf}rrSzFVo4@Ns#vt9Q?asyuW+(;TfY95?y!`v zx|VB;_?oNOqb}>L=Vz|n*9<3Pvk;KBvr>y2%e~YCc2n!@)dcvpr{=^#j&Cwv zIdzMTa0QuS&eH5O=2)R`F3{k5C}UE|3{R^Y+R6rn9_^hO;XE{sG6z+i1k0r*MGO0QFV|7se^{D^k@dNi(?_Faf zu0SbBULEjdn1em?gQ0tGN8NmP_B2wFMu9N6WdN0|h)@l;RV(61HN6|BY;4VQU-%)` z1~{kvd9v*{D{Qk{sD@6tVIubKf}-bQ)nE&!{A^EI3h!M={Hk*sc}H$+m6Z;`qk=w${T+UiDRgVBC{) zmg6awC7&Oh3^_|gKP3N&g&Q0!uR!W%ld7dqNeWg;x@zJgT&-QkaoHW3KrRT084j2- zLk<=Cn)3$ZQ7eXUB65~#gD)?P9=059%|I+vdAKQO+LF(SGU=Im+g5|R$7-E``o*@3d8KOI+QHaL4uS25ak z&+$7m;y2x)r+TT(abD?c?4UIC*GQREIAId>a(;+MTjYwJcP1V+4Xnik?xsTxSSF<6 zWcoIe7o1-Y1MTTU7$V{D?=(8Wz*w`e(?Bf>(Zgs)&}%kD--A_yDg9m$l(Ok$F3}^y zpgcy5qn`!KytrX0n@+VUjN;0s8pO!d^w_~EN)_2{wD24gH(Z9{4KPpH^tGxxf&-x3 zqx9dzP9^!6lNiK(_0ovfAptVp6flmZ^RgxppsUpihdDmiw8(>GTjWIs$_{&FN`5JD z>XbP?3Vp*=03$0#XjpRgbWTuW*F`8@&$NS?T0jVnnF-@=Q2-A<+})Wy)II>9Dk*Oc zIGGkH=HQk=gz%{BKX#&TfBeIvx%ezT&p*!|qepX^rc{uaWr>m|_5X946>0;_Si!~P z3Ueg&p*TVcfpP}4QonOM=T2gaXv}cm6^>Zq&H^0)OG;gLklOwQ!H#pS)f& zFK!B*ssR;QqW6=&49SS<5$3>i>&qUgb{gj-mI}IPDoZD|+W;*k@e7im31@S}8Izh! zzj%8J#JK+-`a1PLJl%h&s(8=SQP@woNV9Hh6^+1DN#$IizrK5SjAl4XQuPZqpT)Qk zN-lY-@YNB1eLESrwlESp6^N4$oC5C+0JUMH?tz)Mr;caAv7$QxG%ApgYP3NfwVfCj z(r`9T`9p+T26{3OMhTsO8-)xy+*hRCy50f_E`%}TH;z>r`*7EnSC1o40sLxW@4bL+ zQzT2vA_6hPDk@ykg&F`o#+IiS&Qx*AfREG0jfAV?gd|T9`52R28YjDyNMb>U3^P`A zq{_0Hb4(w@Z`H=qVm3>3vo^>=f=bbErOCagCj&Qjy^$0ZsVYHEgDn=~RC=1Z`BL+r z(m6HG0NQ#f$q=0SQ5-;nFsDPUavt?C9F?18LNEICJUDMmt0y^f<4S6 zJv5c7f@BD>G_+83L~l~ba+b2`;%{W(Ur+@Vy?#*v>!=Rp{nRAXot+?>?R z2b&(d$#6`JD&ywJQ!wep_M!j_CB4#UHhrb#Zv9$^LQx!`$8Y##?;YXufEh6k052Uo zT47Zp9UP<*a%7i8_}@{W0Mkzy9pqJ3`J_G0s*F&CG_YaI``zF`1E(pfjv%;LWywR~ zhdb#^lUpWAar836kX66}4Q9&^t>UX6VT^j`WYKfosK-gMUtl0cs0aU-uNxz@c#00+ zkO9qDng}%jkrvmip##EFE6|8OyL99Wk~37$1Wp(L zIi(5O-Pzgc|HqSyVgHyV72E=D@0z}V&iyvlum=@=Nvm-O7<7*SPyclnn-BeV5`b{> zG29D5#2%198}tl@@pCswC}k`kqNimqs@$2ovl80#T_BqMY&F!S&7zwjPgqb# zr7T_MRcUPtg9|xRa;e6|@ZYLjR@1mvRYW!&g|8wy=9IxwkCottG;uAJxQaIm&I?oA z6Z5=due8HFCe57&E?Nl%p2eoGGY7>gu{*{1oFI&5bUI5Ho*d@lMEKM{Y(DHK<6to1 zpR~|2GM)gHvz=S>iVtMm+X7$a_aFi#mALbYachv+r#f{@5UAZq=VhRFTgXdY0HGxG z>!$GRO#zFn8H33d^H6bO6s*px`ezqP$skWNFr@MroeRQ^3ZG`wIQ&%ZPDTTuHGP9+ zpYiFySkZ;PxsKq&pxWXzqa&-1=8mhzg=A-X@trX~J>x7TBlLGlJ{SdpTK2ZE;pom% zHl^8_LNd6rF669_GnOsptXLYSv$diA7z-LNF>NUm^0)vP=nYHgWZ}i70tfOkQoda{ zWsE2>V;?fh*@M}WP56`JsYTLMJDagNIdgT-ax7;fG?4RrP$J{3{7j`tRqFpNSf-Xp zc?)?eIhJH<_#u5Yd_wdcaOg;1Lt6Chgqlw;+?SVC2YZ~%X?Bc-_y7S_;9|zb|F0T4 z`?t|{7_8l&TcFx5D$sp2*he=+uc<%`s77Z&&w$5 z?!0rswZ=pdtCGw%pw(i}4FtfQXK%XLc2^YQHS=S;Gd-hj6c~X!8j9r%M$^;?%-PI> zTw#zsZJdW2v&A;ebu+`Z<501{7BnF-HZ~6Rjo(CAQhlv$0G7Mfd=>=rc=ooI8?6Lx zUB8yB(SVrA4iFTBYJEGKI#$d*$>WbL8!puU07O|^(DG2v1~Zs@o4Du)}iW4%?0 zj2#CeL^?1<++AWD3{G(JLzXUrNGfIY50AB**4BbRk4#P->t8PO^l=9c1I`jEq~R)n z;3)x{X4Ap82Y<_F1J&@J+TpE?j~^Zr_WPDKF^Scgglv3O^$ys9L&br(fC~Ow?})=d z(}J&B7)o%=%ombSse^Oa8CP%BDXs7wZIyz%OhrRz@NLbyyh?P;k8O8^2N@){t2rn? zeNud3CMT%(dq3q(UtGjJ)IZVb5S{OnNu>iKwvAvj^g;>f!^_UFD8|6k+6ZE>Wz23f z0q@Y5r0heZ6>Z6G!?_wMlzqlMAS~T%WWU*Q2hsH{WWU)d!QFy|?EX%9E_Sx&%WXK} z4kj`w9dpbVkXmUx8D z39eyAS9`kKtqLa!pL*dq{0>Ganz}!=Z60Ei$sfzlvHNoX74^S;MgPnfJ+i15#!rD5 ze>T>@nGK$$eZ8Ikpy=z%CIHbdXGQI`mO>Iw(dDHLEUXr&*EKf$I%Dn_V$Z>WdTKjSTUw@C7;>eCBAMrM0oij5FI8QLen-n=blJ%1wQG)8 zSCC3F_b!}_MzppX5gh0V8KGx;-+1pdEAACv!`RngcW>v5?(KZxZWi$@U$ibypo)*Nw{K3;LLu6LCbgex6{WucskDP zpdxBaR&Ae*EnvmnslIkq(v z;yo})Mg}p~v!btVOjjQIbg#TKGZWYqbk5n>-U%%QtP6GpYY)B-fNfDvm$!|+x77@V zANGgeJgtKtTnr&V@(^)2r9r^2l?s~CtbVT@l=JI;6VM3Q-JJ+T({#L9N+()2@l!3l zbz@?jsBre^A2|B=*^hsC{Kw8rOTt;c3Y)djFsTmCWSpNB0#C`AWD=*J?fW7L--9K< z84$Y9abBFI3@2y!f^b!2xFa5~*PTsHqh9>?llX-u@mlhPJEaBOKx)HZZAzu1q{w)N zid;xe@Z8vff#nQbcsFfke+4)_LX%+P8npwDs^W!T=q~U>NTZrgB5h!) z9k>&c674h}UWpCVPsZuLO$hZFiO)rY#2W;yJ3Xg)EgaPaPHCc{fY-V0QLC;oE7H_L zd~1A#Jr^uvJ_)ca>}*n>Em+Z-@JPHIn3BHc_PWZ$yOi+|Z*0vT@x7`g6ZU?zf2928~<9>56 zkiUxQGCl3ACb+A!)685a5M{a!wXk2NIo=#htMO^Jb`3bS(|&{i!h!?1b2# zZhXxPH&pkG!Eci>SjL8zp(^ZYQ)a5~q%#acUEGnwCpd0ge>SWl95$*5hn-b~<-p$o zD%7SJENAx)=>u;-A$YG5yeG6bOlY+)has}Z)~97Pfpu}n?gDXbriIVy40!o=wZ24; z%pFmgG?GC*2X~4D-V>JV6P7R9xur~*f@W{89b=|mYR%5FYlC}*<5#{aznrW&t}NTDy|N&!g7pF9`85HqlD7YnNN>c^Oa2r1gSQ)jhG)v!?Wk(ZB1SHdW7> zwi?4dRb#7+E&`zh$wzfU60Q$xw;+w*D3pQCt^Rmv%GNiwW(nR49cx9$U-7~#)694H zhNzad-G0szy^JguQ2J5WzwXMh`&ae>r7WAGB9k;l*g`ThfFzw0fmk6sqM_=V#QKd$ zXz=fB>iyd%Vb`)8`xk6~@JUr$Nt|U9arOwpZ+_Mu1(aptv*b7vYArlI>;Iwi_72RV z@5x*XnQPm00kLZJaUU_wjM5ny2*jt`x8dW51VW~pZR`;cNE+k%#_n~2Y2noZ{NY)(b| zIfe}KpY=kXh|dWb7yAE;T*7~Ho=?Q*Ng+rq)6cVFN@O~oh|lw13Q~~IivLgXLL;mG znTXH1kc^YhJde+Env;q6Y<2wV&xM%4E{w@Uz`ATQ?Rfs}K}~!zFIOL5yY<6pf8Eo| z9bVd&PWTiRQlf;JKMcz%!Ub+a$21>cE&+*mL1JB>bPz1-x}7Dc$P@J^l>!}|ynqP7 zLSilp?f&?Kjc!wGN3{(gVgys_z6^sm-jq$r5)T;>oxOy(4VuA&cQJY(z}i6YN!_z*An z4(#PJJhhI*MYE<5KWL}Fw_~*hHiEC0>6T_D*1H~TogTu3vw>#7WowSljY%ry=mTCf z-GZTaG4G$2A?&d) znfr>or#d@M?s72L!459#MCn>=K_(Ce$ms-r$h1*2D)K4E2@&WKAm{r2A z%XqddP*$)5n)krZL`o9RB4FyxaKUZclw_`=-446`GR8%?Ay#aO>ZZ`|AjGFlRFsFo zJ~I;!)1O7?uUdCMv#|qVcVuJmPxFl>hmC>sYGLB_>sqAddN|-Mr*Q@b0H##LEY~bP z@W+}7u?p#?{p(T=Sf6I}NJpbdsgRF#FvBunO=0q(kdJX%2zp`C1tcU}lz8-Q!ZEkd zaHeB}n27&j-0?ESlOKrFXKjQRuA1vGOkQv}&yll?Y&CKWV#Q@R95D!DdxcSZq>m8>9%wvEo@8lid`8^c!-ptsTO+d~bM!$h11B+(RAe*NsxKjl|MxPXK$| zZ~$*Q5A4cdQfq~hY6v8?^NoqMY+t@p=Hro)n3!$$q7j6(D7MM>fSTzt6M?my0Jc4`yC!wFZS&dREG752X zQ=$&@TtikGd4Z=C&+C;!YFzL$R zOEu(FFi2HNW{xS)_c9`tP7mWN`%@yt=975NNZMTSLd7>+E2A zD33CvDXzvvv?1tO8CLX8*j$xu85Q9=O*Lv2>*_>wALHx(p2W}PYst3F6ZJowex?ja zbtP@j+Lskj18Ccc_0Y9B#2{|I&hh1iRWS^nK#xQb&kz>q@V`#c%fFpI)>4GYlymg< zRaqj&DUI3Vr_j!r#8`nheuhz=;*7YK#tVQK1FPxfqcAdxIyW9F_TlK&ixZukt*Q?x zGm#l?%ns>{3Hes@XyI|WZhEonCKuCkQA1)eh~w(S!!Vf}+#*4;nWhus`uS=Asd}!O zTBe%qmOM4vO<8KTm*lAFm|UqrNqDXPHzZcl$*b>^Dy>ec)EK_hrM)@W-`~^TRDRgf z%G-K69WV5$F1uwFI#q^6tD)?Sc{-^keN@aiVSWhci1`uCZKCYGZ;UF+S3|X`pnOSs zj`N5UB>-tu{G==Ty>B;(?3;sCH-ORil%xr=`yaCY&{PtRKB#>UDf7Tvp=6BJ zPpDO%6KXt4p%nY9sY^T;T*W}D)FvZ>YDRNhKtb`OfLmMO3d z)hwNjiygLy^;QGvhq%UE_7P9QYe>{u*&WA(n^Yeaje(c0swoA^ik*=|0%x5N^_F%? z0O*Pft{jcEmfo;==@~ik)v-EGr$nsT@`^RNfyEbiOXe&=2^GA^wJ&3lOo?nfUpk%) zyvQP)L!W}IYb45(@nE}jr;M;VJIc0o)855b=w(R-qVstH8A^~66rA=|u|J@?Gkm@# zhcEtYY-@Dx>cspqIcjw?4cfZ0U;dvayz8_5y>Gwq^r$Z!@_z>8TQ}33W`~vp>+C29 z&GEL?VMjL{hIUyRCxCBF zUIUZkOSnW>OY?e#>bo*smzGW-v^C%xO|c{&@WM~<<#sZbGvTwkCZ(5_Gy{5~N(P#x zRk^-`JHT5?_!ahedA_fuqeHJZ$^LX+A!S>#DrcLQzNb^#w)Qzj5n>sE>9v``=gzjH zZ00m4aonQ=r)5M0Yd&VJ$*LZql?~a3 z?o~IZOvS0U4SRkXZp~y{0l#@onQhcZM_xJ~$)*GXB5BP!;nGDA3<-j6y1FA8_e9Hz zUxr&{z1tPv&~86py53!N^G9x%SxE+}a!ZhDkL9Jl!rsIwmeYmO$U$d!C4SSXi#3cv z&XUNb5;yPKeNDjHiX=xk$77mONlRObFMYw;e(`9-P5kxUyJPdi-;wraI$V>m6n}D= zUVhR`MjsmLl-JJoR7lFu{N3wQdnc-!^7ciUET-Z3^xdt4V5io1HHeVX-ma3ACPr-8 z&~5q)78i4pNpqc$)BZf!mZ|WvTX|ix$IO^uPWU@^PBI9!+r9lYhLr+gxEfRI zHe^9JZvxV|Xv<2%HX3O86)N?#)j1XdMUjw!dFpGS$=!Qbu9P+UQPljfycdwc}v;&0Ff0r|?2irC1Un2fq}AFK9MZYiY2p_D%#{h}6mnCM)QE zb#UOuEldv`G6Aa`Rv=4#kVzN0JGkBc@SB>qiW`=0_6av(p-?isH7f<6wiQDKBi%OH zDwt0-a|QFh&0;}Q9Z%l_N0?q}I0bhLD;ha}g3u27qm`g1#KsZ?up$ zlx)21dRlFeH)@Hn_RaB=veuua=)j$Ll+X8F$T@`&3rbHSE`O>MR*qFZ?FDzWg z)>>+MqZt05&%$!-3O&->klr8!mIm~GK)Ko+4 zLsrgme+Bdkp{)ZyCFDlOsC3t~hlA$wwcTZTv=?ce*oNY+JruAS4aFsWx-=1MLVx{! z_4=(y%achns95_uJIO!yZgv0Y+vmToRM^nN@dqmM*v{M zLEAVL%)2TKXWw(L4@rm{BioU;G<`3K_$x{0f7j->m2;`OtQyvaRzWo{xKEdEy(ubD zIe6Q!Dw$-(b7)nnAvPtfagVhJ2CqrIuOL>r%$pgOk|9pOd)fv<4fIS9Q;20FG~7vCI0{eL^`fc%BJS}>NLZ7z6ivo4>&z4tJhTcOEgb8XOM10 zaZSfnuN14hH4=9)tcoxsHO-nfzX)y%tZq)Agb2zjjH~%JLcUS*6s6>Xq*X(jaU}w! z52$pPr`d!Bu(XH%n!xJb`^YnjvWhuQrW7)>fFYlF3bC3w1#c`*HKsqio$+3fNs(HL z{E-r4NyQ0FIC_8bIu!mrGr^H>l4OJHY3cpH|IhywYUN=F3x(e3%k2qklyp5CVWUQt zi(t=z&nz7miVzJFHM9dkrxE7yj7k#Af)lk9qnKqEdSMH-D{cF3XPDnMPy_^a^ZbFp zXglXD$2vxJ-4!$U^bBrC8>pV@J*`kSi1XdRpt~60-Z$?+Ksb{$a{i$)&Rl3R;PG5y z0?=RPDUL%GL%G_SuXIvN)eWeiOV%yA|OnCx4V*#I?z(hT!t2})F;C)PdnN(eQz*$V?b z<+bUsm%kaSe9$tE)m4`pyKh&_VJ2zSXT=i75L9V1tj<}jX_72wDVr|-Mi#!=Qcy9x z&NUJ4jMYAp?5S_P^wb8Fi;S`Hm`L0Y)xG~_S@j_EJMpeWsp_h0O-jp)#Pyt?oqHeZ zrjzdO{#;(*-Mc`qc7b-=gOfRvEO{jI*^HZ81m%UB7+6EJd8pJWQS?m#E?8R3$x({w{2iI+DVD^e z0-`i{)1zRZcu}dQ+V{;bq;mtlVF}p$_S8OuIsYMxN$*F$WMvi|g$XC6Bs{kL5!&DR z3-$19l9kFRciOc0$XHo|X|nJ$4|*2WzIm56E)D~n_N|?A_}aFKIjQ*(R3fC7fl55dTSZ=g#nQ4S7~mK} zgXVZ)Jyf+qMhFTf=nLDlWN6F@J}+a?hK6J46*PvE3+g1O3raqO3^bVgD27sVCnN(r zE#pTsB`IS`J+JWkV4x|ZTA0@e`LU(p-WbM4V;TB}>BFeHM5$z%vjK<1nVQ?2P>8n% zLLg*Tcv?E5fhmDoR^U0(e=--c|KzE&!S+>a#tC?L@Ai=heJ-gH!BhHa^ovR1kCxvXxqj;F&s$#4N}PYo#v%O6TQxD$vzzv!li+8#e|<0(m7dJgszeG)3UQL?e%dh&E}!N9OoVe#!kF$ zYz~Iz8sek=A0B(qH1$7AOG9-Ne!EO%CgT5Uzlimi+Mb2dT-^zGr7pSw5uf8#|;AtJq^-* zC?UM$6dKtB%>YZDMTm_qn8V9CFP`smmhPj$F{e|+&A^n#9Gl{ zw|TeGkq#6WMto?drpqX;He>Q5insXAX**W;O9`ZIz`S_AB;d%EZSKz&hwrqVVFW;J@~)tPfaF%mh=GJLLMQd_;vg*I|E=TbSUPZ3zplj)-G z>M4fElve}r5Juo(W&D=)v4t@O+i9Ixf>+p6B}QmZ%Zh->CZR?0&ur}OtH6QL=LT() zU75lSGK2r=V`(VHpWMp!dtTi`B`>=vcDhtCH8m`Pb~eS3+BR47rJH0(ZL3}Q()O{q zDqD(|t?Yn#i&-X$w2?WBjAPBn6zV7BqOaE5=$rkW9gk8s+QB1`xMPw@1tB39!HGCM z^IY5>K7HszGX}R+6`Q#w^TW0IE4yu18^6PLq0=8!RiWbWSPGnnOTM=36;IN+vIN?( z*}7EPB#v5yR!gNDq(CsNRi4GC1x@3AGsK{U3Y0?CjSz!wR3I1yi_r~GgK$SwV!5>Y zotBe+Rz}<_=~??yPyX-0hC1HE6}0Zg->jfc4>%DHXrIc3iY&TKYP_5n)k z_&#BNY7e**pATWEz724)o4dLakw2M z>{1Y#;=vF`D4Kddbl?MZSpU&45_>-e06_oSSG&%A)ANXWpFSaJZWK^YJNlg&`go=- zQuv~W`sniV(>uDfyCRxnV5qfuY?B44;mN$@))NclSPmZyijm&V?8u3$PRwm4^e1Z8O#_^1_ zfHAnTIdPv_P61SA-2{daGI*Y3Mn7rrCW ztBlHyq>BbcTgg`fESz9-QZbW5k8;9I!T|9UC6pt{33;r#VSS_QteQ|H&Sj}$w-lmM z3sq|~-B`1f7Ek@$6dj>nxy9h{_cT?ZA-9dpANtIm){?zydt4jVBk;kl3vr&Gvmi1I z?RDB{2i`~Tg78!>tE_=E;mqCGfm8;GaJ{bk3bO|HXB&f5ODkSd3M>Sfk5e7O_GdQM zdOPF>kVW%dXQ&%Vr|iC z>O2?p87!FK3=F}0YHSh4=Kz!gyIL#5mthD%_^K=gh@TqXH*GgxA$x|!fW0+>Hm!hv ztT8nXp=C8IUaKM9MsL7aT(M#VaQcI?>a7i-DF_M(3*d6aH*ZV|?MUJIg4eAtmSubOzQgv|SJ0_U_HCFgq{|WZlKQbx?%@T4} zf#~M9(vs>>e#>CpQ9kuY*(Vgs1?1ckVfL7)Xt#cOSn8#PAY%G?q4nsgB4j!(eSANi zTcEQ*`!7lpOyT}Y7DPSHL zcj+u(#>h99$nK)ZdLA!pd{eFgjo4C717iBeXYA`5J%F&z+2_#YFTm%T{fRGNXQc6G zSRQ8e{gIj_Y9nDXXdDuLR7Zl~wYkLbc0SXYq|Bdn4$@V%q9tZ#;EOo*h&zQJV|jQdidv8C^32YqTYK zP$k++($#N=BOtnvPHli^HUi<`lXln)1h`LdhCtP&F>Tk@?WAey+pKlf%(pmn~toaLnPRdFuKtfhKgNhRQY)s=W#@(4l((+p5RnHCOei=0PzD3jf;IG+ykL-VdtH(AV9?9G#Q6_uOVkJyQp+! zUNe+RDw+dKg?U*e9OiLsm9EF#t72lH*;Iai^s8Du@!$3Iq#xb4V5(7MMB*!*V69d@_htW+J$}M<>ND_3aDI!Pe0{xG8k2N4aQiyUt1G`&ueqJ`Hba%2#+EHJfsPQv$tH|CT8kHh zap{H))h~CTEkd6apL$RC4(#RM!tIlLI92T{`6q$_ubgD zFmLu}J-qT2^gB$QdT!R`1fItCAXR!~U!&1r`S1=3;aA}uX8nz59s+ZV(fNe0n$DO0 z`eq)Op9z_#!Nd~;&B}*^ZPirLkZ7}U3c4^&7hg5HK|EQq6WdszI*T77h)*+~t`8Zn zcc)G^FYcM0^@x7VC1>VQ;L+93y`;V!&I&@HDiXR)JSL^@6$RWvdFMeiXRpNu31v#G z1La_>t$At9bGOoJR240x%a|y)=u*$UcYHQ<{sYLCnfAG;7MF#cZmrZ4(>CWFi)2&u z+Y^n+K)&WRYn+f4#wd9{?}uf83f(!uwfEQ+bM6J4_P8l^`_ps*PxX)u>1|vJI>f8^ zT7H?Qq4=#63#W$#$sSxY^99z%dTi+M@26ujE?AzKi3FaNwA2*k@yv9SD?J-q9ue!z z>}ruZ-Qczt0wX&XqP|}R5yq)V`0i$UMG2l-Uo6g)xA)AMu@>SeKJO7Vd<~_qEBLjt z=^q5QWuD#z$;CJj%>zy6J?_O9pwGqVjjfM#OMs6H`qz2=U5^*s0M&OuQ1-;v&h_?8 z|JT<}HQ%Ipu_}_Tp6wfT)I{;WSZqo-jjH}(`-?2oajG`@jfOwO657j>U7(<6ipoDD zTkoL|QrXMBhMU4deUea6Ysk{59C11xXUu=NPx;@Y%v0iI3(Q~;@gXhOPCo?t_CR## zoe4)Y;?$ic8ES9P{^jS-ksHHm)5U)HL5I&p|CU8K zU0)J5A|7Mj2`+>lfaGN*ChQbk(=>B(XZ9GZS#qFOY=;=Ws8u)=x5;LXEJ8#sJuk37 zG1(7WUHn2oQDBGKv+9FAGp_q%b9*+ESWKHXtp(wB-J@!QU+QmPC%bsoY#@{kL&eze zilZ{N2yIZ!9>UR_Of1MVzPOHRmftk9rp09uiJOQ^i1e^i#muiNxFQ0@qU~`im{QRk zHWAdEK2KvOJ;mb~K)51S9o$4b1%lG98ez2kg=Rt4tln3;pMJLNeOluY(o870HMN>< zp9LX-n(5@T370gzdkC(_>AV^_)Wc!R-=zBLQ36LB@GjKAyX=TupRdlq@#I-}0IKOm zr?aIBD&*U~FPP?jEsm@NA8t!GTZ>|in?Hsa+cT5Di8HrZP)>l9Rgv;mMx7hsBbZhR z6}hc`GuT}GJ2$uceev`ZFj*=d_T4+M=}qL!lZYfe6dhza7{jyYus)k*2Y{6_V&^yxuBdoS=nPFTn^tig2i_cVE0CS zvEhsEJ29|6N39MYZ#2{4d6=b;TLXMoaq6+{Jp^xXbo5@R5z>*K-?Rtcv^_Rbc*2}7V<;d?ce$}_$v~S%Vj9ET`bfhpYT5z?y&DlG51Iuj77xaD9pEh_hCCh#p zwq`QA?BW#u(@MKD9Y$qF9gW$I9GF@VZX`^ULHe0v@FUh+sB1YE_99)}xUpH=#AK0- z+*2SG=445Z0bi>4W-lRSeYlIBoz?S`|KuZ@eh0um`?Yg}S@(&L}CSbgC;s2(shz2f!LwL{@3(IYk^^FVV z4EV%_n!bo>C(VXA4K6+`iS3lri`+>UF{^C_AHNpYMjqe}k@WKa9qid%E!|QywjFdj zd0mf{@5h&g@^(w@S%&QSdcaP3H_Ikt&e5GaNjpO>GY*|j^`i}BNDrV7KJPq*7|}+H z3q{9Bx4mWKn!6$K($XEVtylXEkaoY+-wwZ!IHm(P?@_T zSvlwf(j%;71JW?`Xx^w+Sox9S`7NFO{)dK6aaVs<1)X?Mijnisx^5P@2?0JM)) zvrez4I-FFQ>)H0ODCqwC@0fv+x}JSSGzZMalxmP^Aw+_UF^HYkTsxw=fDvA9;_p}S z;(=qEk9|9;YSJ9f;@D_(z0<(C*U2@^0sl{ojxI}|@x|@>lC77HDw{a9m)Ke&=LPYc z=C|G~dn2%|bX1*wz^{$1o$6b^*`Jj7=B;0uw^BO(PxXyy2 zQ}A5rDKOKG7=?wU83a|ylB0$%60t-Bp-yDbQkN5X&**T17R>q^gpwhXHf+-(?^wiP2! zgL!OD-!c`heSN)!PE)leMR?j;79!nl!UfuhU&n!rL}9jL0wI^Wefyetpd5_B>wS+d z#-AxnesXZT#~kCHQH25uiZ10$diaRx8JqPy9kP?7$D~q0DHb-{v?+h*<>-Qrhj*Zj ze#Nyc$VE0m%jylb1V$^^tXLK?kh0l6{e3#JOCs()D&+;_HXefi2p!PBKAqxad9?$o zcL8A^v$^VT0JBc7mrsBV-^xB9GetCVp{)nq;WF)*DE8v%=GTaN`Cf{JLC^F#wmLrED~A(tZ>kUQ08R6Tsw~U*;OyX7pBLL zo6~YHkd73<&GN->@N4haS8ueL?zrZ;xlHpjoI~VK#EhJ zWIFI@>9KQb|J4*9Jib$0&e6r|<=RXV&%3pCJdKVJ}QhWAu>zw+xw!`wyK7p14th63YTT}XdnFOT5M)*HZEUAyz**d2t3Q!TA1WZvUsFpyQLxOuTbWd+W%zG^su+u@`xu&NzYD zHHI+kB@~rlg^Q2MU#fIU^t8Nya9lt3sME*S){hAV`xsDEKGR)sIF0P-UeHHi8X1-+ z?j_f_UuXkls&Qi#90GLW6AqX{N&KgKGQvCcAi{5k=KzQ8e*|ZC`bgeqX;(S+kR%B4 zujz5eL2L(2SlHoLjy>ynlgGxX*T^WElHcl~_uNW3$f8@l(lHxuK8x%Go*!O*(AQV@ z7kw~=@Pk_GIu#|?8?g)~Wt5Pf)zzx`iF;x^Xh$x<&}Y=|fldGrHtUL5aldo>cFX^L zQ_a_U1h`3e-VofZ9iqLuywQB>yx5<2JB@$Bg^Gf#Nj@GNJy4uj^@uOr9QYh4f?I5$sUA3(;E1eqL{}SlzHZ5^2 z&VXfYJR_jc6imw4P!?7&TGWpVJ*e&HT03|8{<>4J4YA&I{7jV2^>w;a==%2Cx>GPr zVf?(_ln{P{mk=hti_+9X-&2W*fSs26tJi!gK{H=RE*{}~$#r;c-M%d;syKj&%*cYq zT!gTlmmiJF%G%8B`FfV<#Q6O|p> zEkyrD%q79afTS87B-Dog#bMoC-_PAs>EP{)J9&FOba&U`ZROz2L1pUG&c)A3Li@dr z;pyU8_?Tis88yCMy%B0RG3ByoFXCn}*-ziQRk72x zF0<&>nLRCVu?esUd&>+5s7?dgJDu$90DiQy==XkV9#Q(8(G(!R40!6jjMH&oAr7M% zR@9THcJfmI6)<;48M58Kcp+mdRN9n|Az=@+;@dL(n+zLy>?*)9tt|GI>PN=Dbhv%~ zOtVW2Q22Yh=#0z1owt2Rz6#c`Gg1$Z=Q{jtY{Lt`-8!Ey8*GC>DJA-s3)J{qViceS zZGpZJTpM-N&_#YxhM1Q^5ju^X8uK+)ld}(+?E7h>SwMI07>~N>HHiY{GWQ@Ho~B+& zIg#?HjZlMqFK=*9v=|7Mn_~-=WYW#Sok(YT2Gz~WQ{!R4(Wz~_xP}rSwv*5l)DNff z56<^&;q5rL`AwjT9p<7gpz_ntHLUsbX7<_j`akH+fee_WO0W9$3gcR@OWrJm8Q(c1 zuuau#HtLItr-53f_H0DDcIbMu<}Y#%2mvw=w(Qnok+N&hiSZyfrNBVg8N{K*A~Z@n-MdJHB7cTQMxvO zAY-kzJFRx7FR&hHYPRMNqoFtq+)myynr8viqkh{PwMPJVj?L~DKzH&<=)S;?tl$ay zpLDC!O-GI6b%Zq?jpH(9onvYB{#&NDa-o+$v9;LGTpAGn~?HH#8uiuJv&xGpZfR+yGrw-CHu1`f4Dgb*TPzU9wFs*U;!*XlHC zPjB>J&}<**NFLRmV!8Um%|bzh6FBBlaYI%X*B9E$Am}JEEYwOuWWm%2*zsVptWGJS z)6a^Tg(gQ=LJM7L*RVY>DU9wZ_kM?kT7tom0VwN*WT@&5Ae!X>Keb2zJ73!hU~@tl zIe(F_cWkIS!?%nhQC3HPTnR+@)QkfndJJl&Xv5euiRf_^!RXN1>mry+`MhiJBF zij>r`Rd;NC&#ou3db^lo?tw#4b$|fnDMieHc4J^#oV>dDVkT=@bLEo{ATG)@%~axg zEZn+L8=2wjGmCx(&}s#$d;|=dExqc`J|kWq^zKYF5`6Xgu=`3a{KDCM2)DO$IvII- zx<4v60(20Ybo(v3tSr>#N7W)Y6iRoy7SRhxR!Co)NZ+HYYCj$r1#<7*ta6X{lu~2o z_k$mU>KRjb#$yG8h?+03#8nuoR&EB4L!j+t6Q@Sn6eDzj|0q9h5d2dzD7FbV^@kVk zJ|QjronUxoT%v*1wgHHhCxHH$@2@vMT7?krG7tW#GwP}PtvwKX`KJNcHz3p>JEfHe zgzqO0{|Tw~c+&DcYk0GBnwL2%p)x(u&If(MPm&yD+QYx+=}k@f@L7dc1NsNz+`(Pn z#Or#!Ps>jIga-+5HRZibOCb3z?8~cs82xn=+&^$y%STV#fv$b3 z-6kUW)0G+XDO4kY8YLi<(3HY#x@9%Y0&2^pp3d*psU`i%XDB|dLE@d*(WYOns)Ig^ z;@h82a_>85Joe~c0%enagI<7}4G$cwZP#@_+|~g7;DXeu)2sN$=^cU^5v!Fp865_(3tYu@qaKzOQQdPH?XM5^tJ?({dj-t#q ztu9MOq3Uzl08rfvxii>W4(#cSo|uV2tA4viUA@Wxis}=T;j`r3A5N>rTW@V3bn!&p z+$>t=OrBmxuCoVY^#k@|y%7Q6ru^Ld@xczb+3WsVx#EN8eQLS#`*krZS7+%0Yw+^U z0DT9O|1&y9hkESOsHObrY3PmG*D)(W+OhAgh?7-4q?Wpk*8s7tWje)E5v$C z`wt+u4!FJ|xLm&SyLtHU;|~x<0m$J3+3otjvaoz@u>d2)G#w4O+uVKGu7b207`}g* zvNo*pz*kWRHwW4Fbp$;w!EYz1gho$}8L|7yRGNzve3sBpXdCFs>GZZz^%~9cd=kbx z{F~mV^;R1P4E{+5Z1B3b_{{>gMivYKPf8i{~3im1cq-1(}|xx*K3! zx-$0Q2i5PA+9Q`GSIv1xUZ~YOLqFGiZy<;}`qz$^-U8qn9`V0&WB4gO!4Eq*U~kmJ z?gEg|7dI)$F4@eEV5r)133#Gvwv`HeUMnqg@ak%{b`DJaQH06q=L~W6`LA>r`1jrz z5clM7H$dJw;O_FR8!&psXY~)jSOmo3^$82BkZ za76xQF(`>^mrsCY_q5D(cFv_^rN!g|K0n-10iD7jN?WNp*o0uNQrVJUhl8}&5E$aI z03WOMREaRctr_e;6)A7NNRxUQ^S#yISK|@cw6;jE4$axW9tY8hd&;i5DkoT5GN=cB zR;grII|w++^3l-|0`AfRXdeJV2R~kSTJM`q{bH9?IBEQ^QW^7rL!VlSIc5ebGHy;^ z+(f}QnU-6NL6_xrXaoGNX5SzEe86vM-T~Ha>Pvv@o1GItXL4zPGK>YFn%dtkv_oB` zk5gjXP8hN)>L+Mm2tw71AS((v>`Q%ryegmi=#N&|dgxES^sqOt+F8EzMS!~ke+m?@ z??qBN_>Wz(VFNJf{g22TEwX6o>R^bzw(;fY~*}-Y& zj^!%kpewii7qmMP!>$>o7Wwd}%|w#TW7z_^-?v6tXxz~sTRu+J3 z76JH+r-1G6?yuQuK6q=j?B|^fgj-W;FELE_#-cBZ$AIafmkOGGo~8zSR?uzl=c;n- zD$Y(V-nOEdb>fc!_B-trRK3V=w?*KZ2Ee9|UNoQs@VTo8aHE}7Jq2L?1AfPSVK@cm zbnx}Y)-{j>xoP3A6MtV>hIS3LkM!(U%eodX>LnL(t%mYb57cIN)`8q%pZ>EFh`Qgb zGP(}qCW4V@)u+E;-GF|-^jMSK_oe1s>$ayE2}smHk*S4DhVJtGPTkrQqW=bbU;BLi z+&dX9T^XkMmd7>VfiP;jx_>}HvpB|K_W5qYM%ygCuvwQTY+scv5R#=%HmN>+K+b^_0Uj$jR+RKp}< zVDx%9dEW9_<^m{_)S`Vm48I9%Zg}X$0=T+X06P;4f}=_#H_P?8D4M(%l~A3vxV)>X zl}tRivXC1r>sLHL0DDYe;+hMH4&WQ_O}Da-v*U#n4r+A&fYq|l5>&r`OhmYbGCV?h ziMSU29_$px;CU`^Z8(C%VdLQF@7HGCM>$5^xcLF-5=K?PThY~X@W9AUS&44W@*2c4 z#knsHur$%X)mV1*Z$fqL{@74a{YZax{3^9p)nO;skqt0^X>&R|&5RtvNT``0S~0m9 zK?0s#qX@n-HyCYhYkRfX4x_J|LaB{qV_?;EcwVnUAHGG)-$a`FLK@1MB? z66=FSpHDhk1uK6HlPEHvSsoNo_stSW0A7uw7lKXc+;S@ z3qG>Hp*+l0MiJ>--$KN3Y-CfQbbx!*_jHzl>vT4H;QnRMyfh0nvl34V+6Y4EAb#RZ zEwJ=m$OP%;Z*BN*&on-M<~s8AV-pPJ6=fdqN!O+QOuLWcoaL&$`~5(|y&vC3=L?`c zxwId!Gvzt`u+yV328LPgy_YgDnV|4{mq6BB8VtuL?0u)Q_uWrw4eM#5nAQCsK(nsu z1Q}Pkbb4OJDq?5%lO5eLQkn&F-|*{zkZSLv9KvykMT!ObD)l!oV;FFjW8n=FrSkn< z@F8`~_@9h|?Lxn&TsQ)Oa{-UfSwD~%L{A*9^Ixw`UeH()Wq~BZ=wz+_Kh@gkftRB^ zE4NVhPUPuJK^Q@`0iHC+Y5xJudv0=8&hV)L;&;)*f+0&jp(3NB;&3Lt=_MOXMjX~d zPirxF|K?a+aTHdA%ypg59I&3&JzdAKRdOvH74| z&fKLHtb0*9dIJf}c*&aYq8Z?i*gx$zut^>ZU|Tyttpq@<2ttsSn*#&jVdvKR^K0gw z3%F6sp`8ObPNvBGQ7!UM;II`YU`un4tfxTB5UD`DS8ZthOZNeCbN~_Kp{dO^nKqQr zFl9fr9ZBKaPFqDzvCIFaCm$#?=Yr$C0fzbh2U9u%2Pqr*9S^%`qM0L@Q;$;oVk*+e z@{%^TTu84h)F`ZjJKVX*zw5nYx4ef83m)Qv@%H{>jJJKVb!nG(4y^RSNZub3>oJ2S z*)Qjq?Al39($F&L#1apcI8TH@hX|eV@sw=`o(^|84YdlV9-h`TazrEP;Bu99dICMY zsC+%3K?V`7Y4oZQEu=q=XG)D=@rvI8aUh}*-iu3ujuKBMA*yHV&9(H;48i79k(@ov zm}Nz=1b*-6@Dt+mAS%Le6|(4eyuA!sl-QJcfB;zyAT^7j<%@p$^o55xr^9Ibi~& zG6VqeSVM9El2JovN~&Zn5qPrDLI~AR9Suran-OawP4o_qO5h8y>h*HmVsmN7=Xar+ z_gSoPB}*3HVojMb&A;HX?#sK;v_^6Dva;sf!~`u}CKU%RsDEy*|G^5zSRi^!qTM3) zW^cLz?`$u?#g!Wr1iGv)_zC;?O9a>rN`hs~H;I+zchqsbOnY27>Ln59ZP#u>1NA)> zFX2l=3PrVw94(YS@9kH(qQ|c+{6~Fv&F&$6y{emXK|&1emAyKMuKUEj$otK{{xo9ZtsaW$G!w6uwH4{jH=*V3GcGb}e1xOt)XdNso|rb1SVL zStbgZwPW5oKvTPUc0;dvt+wK!wQ+cJ9i`DQ%tPgOUQ5Bye!@UNrpk-Z7*$jrGs9<| z?_*iq2-erf3!lfgWBd~Fz%g6Y1I~eQLwuj_De|N4Klh|q;ax1z1 z0MLySWdhNu^6OT6m>V!(t`!oE;l9~&xjcDallmnh0k=Kxg&l~m*{f;MXI^+ z$eLdBl$&vn=<;~K4BCn%f?n<=ZgRVC?b$v^|1j!%*X?YEY&2g(-XY&Ez4$tOTP(Ul zz5mkkui^Qmq-BqYsZsScI_;7*rUHHwYzNfxH1O2vFU2B9jN0Wsrv%gw7pLyQ&n&9z zNuPC>oi5WV^DYtuy(Pt>(yM8i=)Z*HCJ(_EVCoTLqkkmV9uHi~j!W@P9(bzEpjC6$ zvq#3-!b^G8c*xrm;9=!Wy2jGVQ<_X!maPp8N!rCg5zlemX^Hm^DzR33)#XX#XeYw4 zrQ&;F@s==o4Wd>PxLhuHW}cX@tw5rClQ-yf$GC}Is2-T&SbflwJ8f1N`bfDz-id#{*VPy7k2ui& z$q~KWfAfJ%tmWYjk8fy@Cn<)_3$e9~;Vj+8=Fw#{XRMwX59cfcO za+W7X5i1Mr)HBWQ&w);EE1y22XX}^A!sU=`YTKlREu6q~9p`~~L9+88mUtVlLeo6? zN?t`S z`9+z=B0CY37h2>3ocHFUR0!*owt0$n;juEg%|%m~s9E&}$+~5MbQPN&>0Q^4+FBVv^{Wo}ajd|MC4APXm060epIs?;Glb zB+nD2Se_9}o<2Xn(Y~TgvIS=z7@Be?`r8G-Pji6nuRdp)oVuEi1*955!+xHbNW5DR z;2lBUF+4{;iHWLbv$SF!5#Siba#N4864U1s+M!r&>-R=d_Dxf44JjsGY0;*W7l8<% zv{)TrqxPjBxh;5H%-`yX<#xbnT?yvcZ3rP&zIsc9qxyY32YW8sCazEeUTVRu95bl7 zMWwq(tHobJ9shO~L!h9B+8{4y`s5S=bFTbjgwI|u&_92!&PlNHYRL*Q83F|}pjIG( zU)+on6U>+P4H^l-YAv6A+C(2Izqp<<6jI)P0&mJ(V2HtpjhG%JHU{jE z0YncXSV^h?bX5kPXOmW1-Pd>_yterCF->W5B+n9R76cgnms8!B&3Zl;5tn5ENMzoT z@M+TegL~=x0YeCfUfz<2Sh24LGhf0y&tu^6=x^X5GW7)7AIL}M)LeGkpC;3M#GG!0 z-?!DLlMS({zmcHVln(8`1=NZ8b_48M3y-3mt?!0F0&?l=y{ap{G-jsyF{%=!_V&tf znbCjLu&bGVBHw{z7g66&%<)uzE<9NCLS-63tsWY&zNd)hk^;*lh({hFFqV-5g$=H_Hs+7$E@@Q-O?d0^3`^M)r zEB|#M@WAc)fmqbFyFB0v;F+ zB9+SRS_Nt-f8X0NqC0}NCjFNKNsaA;0$4rharn5VaW1MR1Ze~*B~PcgS2_Uz#iJ|iye-FpRo^@aqB~>_CPKBJr9-=tdYh4mFR4n{PHC8Qk0c`*= z4gu0U8`BO}xg3KZA0|d1y=U1yLER{1KK!j-$yE>CO(Y-4N5haoPRSLE*eS zo4S7b(SaJ!^_Xmw*%AaqbcsP^oed4b2jOlV4G_og2nr|MVM_Ln; zfo?071Zy)%{w&|cKnAEoGEXWfR>C)dn``0&1JSub(mgeThJzzbk_ZrC2-0m~D+|(* zPsn}LEhzyR0uO3H0l_EwQ5HwJb)p;6l_=V=hH`-#f%@$^HLT~|m6)mqn9Vklzrq)aFVs3S>!ftIO<5-+)C3j)* zQi2|qFVSkJ)Qcc;)A5vbjC$+pggR#dIzPLbOoc1!PFY*Q#)L?J66SXAI*|bec_H)o z-qE@vtIVZQ%bLlT!#?UccA83%-B3F`+Ei-OlFxwc&y_uM7`6-+z0`(_Za>TJ^kEfW0H;+)IbDoo+-pEHQ?Mt6F@& zeo8ufM4>f@yieJ`6yvQGSmCPT88Q6)4q27@31jr_mz8a}z?O01dPI z1Sqj-nx%gf@u7=SanPH`A4B+v(n{V);s`=d4J8hGXtKdVVat`;oL(590thu}$7F0? z9}+XN3idf_>?YwJgr4b5L|WHC48H6LwL;_?9HBCfiHzxuS5}fw9(ZECoi7dgh^2t@ zCnI|na&>m`LT?Egwr{=KBOH_;%O!OCK+8?lNj{yXp2qH0!O&X=GAch+ zfoKgmN;7A?sxO~PLomuT{kxeCDXJvHE`TYJjEj{r@ht4Sx2;=cJ{HrIS+cH?)a0B$ zfXC2zt|s*>1`dV$M;JZ9B4U|K3)HQ|QaSh7K%Hf5pioA>6XKax&ae$`7DDp{;cbQXeXFn*OUz3s{8r9}JzkU5e z8sVMxw=4WX6lAKQ)C?V3nuZ#hUwG2fLLK5Jay^3e=r7-^gvJ#KjuBE=!ao<*&i1EW z45sa4su`dclH{{qoSZ(QX+OFPfcLWj;pkKj^7ad;xJe&%CW3Nuc=%qD5hg32b6r|C zcp9&v`?vI?vc={};Kr9^TtEABcLtB_0$Z#E>C+0^^igk$hoiOTY}H_5Vj<~;xp593 zD`JfJ@;s|C{}7OQ~_Qe?H!{)8n4etQdXaW}%#^@>S7Mox4Cr2U++QDAj z!DN5Zgr+kF^uU$B)WBgM!sniF>jmT=9qYcZlX>hjMqez)ePlYx9Xt&YLe_H>VyDoH z6S$X@wj@RJRJ7EmZHRDi6!H`XQB8rzI=LRf9ac2^Fnh9~O9}2mkoHB=v0@#`A!ye) zTz5TtsWmi@r0iHPO}m7gDvlilZvjIUJw&sihmU7CC+g4yRF+3(lR>sW#ZEpZs`&q1 z28n(-TL{FC^V2Mt|FxNWg?9{(BvmNrr$)HLekv;xh5N?Nj!!bb#h*TdjL>7EN={k} zW@Q%E4Nebw2D@W~5`h0iate&f#IFHW89=DtNc#o*%J%5 z1;RXcqOoDX!NactkorQ5zxYRM{1{#2IHf_feA;0^DL21XR`63(Ng_Cx=Dc#WMk95(Yip;#U0f@vXDds03x6DDBOz2~#e+oU zbrEj~*^BE)Ei7Yfn!_4dQH zu-G}kb<#H)_0a}Vatb6YYN6Y~Fl?SIVX;v7%FpOY_)YHp;$1$p;@Y6n#uv>&b3c2C?E% zJBjD3(UUW7RQz`e9$0IEilqvuJ}KDfxxyu|ufHs{9Lg#dkuo^BAcend2qKZP+9Hba zkMr0bd4NfgJxZoKuxnL40b@Qf3db|kkIKLIM7hO{AUj?PiwkvP6DBTs2tBfL-Og^6DI}?IIqNHlUC5Dv<+S!960NoAE*?^5~vjZkQY&YPsKj5&jPHk zJP^en6{vIovX7d!!kZ?ofWjeS5E?$g&1Qt;{)gHDnS;(-=oTv7zuOLz!7I246X=KD zfg$#%+G;IE1hYx+KzuEa>4=wNpe9P&H(+w$iSp_nn=~MA9KZ9gqr>%ff z#;2J{jd{Kub{4K=J|75j={oG-k<$4S6h02Kqi(MY?%pZd&d}u}GtB+|P057=rc(LQ z0;K9Z@3UUDy?UIR~h!IuA?(wyxzCxN7<@&7hX};XkQ@ z@J}8M*j2PTi+D#}>vz)l;X=Wtmv|!zZyIukzAcv!B!h};P`4EbL&37>MP1P{dx|!x z+eetbpQGVV38WB$*r%+PM8Jps6LDT(*ABBwl`e|c6v#Vapw%W}s5+?^U~5Yvh}A{O zEwNP<>8s`b?O0Jg2)vnR8kjXz_jjCK3-JHK{}8*z+r&gSQN%lcOk z<(rx#idhq`!@%`J6D%&qht&L+#N3nx{`wplUlYNR$AT3^iz|xz|aU%joP={wu%dnsaNbWw;hRQjK9G#jBlKQ9ArX(bep8-pXk2=6BkADkc>al z{fJT%{QAk;ix)ln7O;I zQeT|`6;b*Zez><`M7_a}f_?=jkxSia{%k@TqArjM<p_}k5a0Hx!g@is95))6(TV`&Ds=)(LL++WiwQ;MH z%Ra}LnHljCCqw)kv__r7b49~HX)m_6@8L|4(2(@r*hNXYOI=_@ZSs}@On;tBs8J~!-EVJqk3rM9@NJXS*b;s2@tq@ z@MO!g#LVJ}HWAXuWDzd=2pQ1&eUU~?AiS||dcTGdMdbMc!Ot>5txk=^bxDk8Y`(HK zwoy`9Dnyg_8@4xq>IF%>LVw;-op{d=v$+R<&&l`a4JO4l7MQ?BA1fvhVmJ~ek*^Ed z?0X25nJ5`6y!76j^h|s-ZhreINs$ZhJ%8R9-Dx#TlVMKEip!6s#w~%S&Ay-=1lWgO zJ#0r3pU)R(p} z8#T)UicqzN$Nn$5i)6+BOYU-R z55h0=-^t4a?N9O&)!=~b6LZJWIDeP_u5j)bu9K=qTxdteZZrZ?&eVhTb0Fg2d)6QaHr^KtLS?ituCwG}M{g7DF zC^-oKpScU_|IA&yl3t2`au?N~+(j8P)BX>a6&xh}BJ}=mY$wO@Wy2pH8HZKQ(BwN! zdlq(1FTZ)gUy8sz1665D%6=ZBL6DkOy0SlLvLOfZ8(;fqM^U7}d5Q*9 zeLVZn-&JewiNhbx4D;utr2@7C*{1XM=X@xba9>crab?8sx`J7+@=oX?p(L7qmSn}& z=5hc{D*pg7u`B~N;YhsUn+Qg2g(t~FCdz}678LaNhan`&>nf85BV%yj$`?X0mI4>3 ziSpSLqI=v!2|NAB1%lfm#iGgSB0u=`35~F$1_g|9#t&t-DF|m@7T*zRU-pCNBCXP} zq*AZosepcY0h}`b{NkQV* z3Pg$5yT!Wy89%l^kGuXc#*E6JoWQmF+%62YtNaqMVFt?VKO=t55Gc>(zd=Oc3GQAN zh;oaxn?C^QPQ@r48wPV?#|s&@`+4;}|N9PPQ=4F@3SQ7W1j#?{8kA^J5Kizv3ljX# zf)-i{BW&0AZf)H9kF9_*(UX8UfUPllrUT_FuN~qM3grF=T1%1LCY>6|&j{3GQbC}; zZFKx^7;DbRU`I%f#X*`G9KgySJG1B~OXU=lB1A9HEF2aaX>9jDNW4vA%teZG0RXFA zNFVUh_CzJx^@=JANXC-St};wnODNv&E7!vHjkly{wruv`U!?rs$@cNi{W$1;Nh?wz z2*<-PKfHhma{hMqNt7hXJAZe<)ZB6!zpcVr)A8NwQq9?l7_jeBo{3b=qN7J{Z@7Nz zAF90$;Tkg%AL4WTcgy^FLwZxM(0Qn+Xrd{-z1me68Z^{{+3;H{@{CM~;#(Hq5H_Zt z*Q_)kuvEp2J6-Zc$c3lv)ns{|yYv^NDzJx|HAoKw7XDJB?P*=s)zp(7_G zjk9VnGK|x6L>(*op3IZBhFeR?jeBCH%UN2McLfXDzfdZ{s=DQ>x{H%SI(Qf@WmO#d z|JEE*aDWGar}|i-gZ{5z{P(}X*jmVw$sF&D4Pua`c|7dhcygtfz(Sec=RUu@bXgNT z3e={enMB=JA7AE&d3Q+vKhQYwe@A1ls`_9c7P|XcoihoM$H_3eIbIU8fS}ORQImWV z(R1$+tUq3dT99E_s0%K!*{qi_oAF-W*7#}1dwZJ9lVUM4C>PsZZcYml!QAHjel6tx z2dNM)GGsqdABj!CqcJrDGKJ5~=STjYMTQ%HS}N>fAMI1yfv~_feK0Ti#V+Uc_VdD; zb+*R;!70QjAmk7~5JM25pgfozXJ2St=}7dXk%lpP?jVbEr3?wx8;I*$l)hCSj;1H& zVk(X=rN<(Mc9*sSc`QO2X`!&i2HwP zt!|V3(zNNpfAt+I>mry5KY6*rK30Mwr!+n_nh3QRkUn`oA2a6~eD=5*MtV9KpYS6{ z^ietCFCPbq-XRKWYdcKW<}UY+-x`OQ6(N$!0of9#!^wbtjluJz^LZn}oT@FXh2VL}x# zv_sxn9f6JMw4T3PbjXiF_7sZy>M#0POiWSiCwhq`Y1-=^&3A=`7^F=P^BoMLZpKTf zSWU?n~JN2~iy-u;r>&3)?3^mZDADS&^XP0j`{zPmjbUS=lRj1GSAW zwZV+;OIx|qGf&FJ9D~$wV#TmpP?Edj$XCy|A>`X(#5hS#LgMmxy7ly&C)|0?f@&|~ z^(1-W6~TUNKvj20U|hkPERt^oIslpk&W-i*ak$K8%q1f9rn{S~1SMrK^p|E7-}H~= zCL+w00r~~Uis-iH>-ky0Ry82>EgH`lGxS%*FOY^p^M?JsIIM9~fROQc!3A_*C;@vf zatF+1MhxyTEdqOAC^!LmjyQNRL9m_!CDtMA6A6X4p3_oTcmFGg3(P?w`XD4L2k#Rd z5DSQf!VNHsS~j@Fv;^F|NiBs>_%(5Tmk?2h5K5d+I1m;JSBH?RtRP(@`V4V!ADLH2 z1=(5f8x7g^rzJpDB(l@&>fJt8Lz4A#lyj+38}E1d$YKPZIZcvzEj2>xG7l_P{0u}w zBMT~KMhX#Ev-pWe)GbCmE0=BNlMGTOF^}j01UUtrnI(Mlr#tcnP*%~DgM$s?^9InC z4=x|i<@ggUv1B^Lr7`JdT6G}-caYZeu0dPk&}#GhaWeDzB&6YKzCqyXkaURo#G6%H zEctM;DN*KG%~ew>X5HIuym5bE56M;+1hWowLQI&g<>?$o_W6Mlw*=1w*r=?ttJFQL z6dB0!vrDOCIM11LhAIQBqbQq%?$tC%_A++A zrJFzV4%d?2sDvy~VFPSD8J_15iP>k`$PTC|5?U^0^_9c(4LVcalK@AsKyv*W#b*j? z@C2g323(DFnZ%}PfnVlk^-}0F9f|Z7@aueOR%VN&TAFQM>z`_Y>;N*jt#V zH?`VEAA-0jt9rqzM0kd5KSAk+%f;xUJQwvDXn|tnv5UAEnu_>H@2FEH_zL!ny@l4Q zkWn8%^@}aQUNWiC0%=iCr|6#!b#@7>Pj$n!^A!&?@aak*!a=))R<6j03mgTU4addC zMK7(j5aDiTXLp&bW1-uRfwRa`NmF$hre$St-;S1ahxT-q(xvt6y_vzdC1#{18{&HU zWsD3t#bvceEp}xlM|%J5sR?DMzJ|m=8;f)x0WtKsdhqT?q8<5N3APBwbkozCPlh{i zV6QTNTW7CxW+i^ahNR<33UPzi0(Rf>FXXo-q4 ziJ|L#ah)fzOR372FDv>_o2`*S2CqGdXz1-RE%IS+mUrlH8#|tdZE%xq$u05{Z<=>W zuMD}KuM(W+o+J&1XwFR3amS=bTBi$yp;HHE~oqN0<2dLs&pJIo8z55Z4>ioHKkA=(#rL zKlpTOJH}=rJLMgkgQIJAq9JZ-K)Pp%2J0EkSZ>B|m&_S~2;wITiQO`C~YrN3tFPLPkC) z?hHZ(_~sOkM{+^sJwBHte_cTfYN${TSrfMNDWN$8|1|M#Cxnq(u-uf$Dn;9wPF%9^ zjyt5L4F4*{Xb=yxqhk3bcTce?{@JH9XL_ZP91%}Q<=>A6*#KVTYruq52Hh~b#6~F3 z&*%94{rcoSA-sP{k$JzB)Xi*QiL1evN1WtMD~KFXV{KmJsHH`YCA>(ZsZiH66Q&NH za91b7b(mp${q&Q_uUC-1AoCEugBGtbT3)kmPT`A5gwBV7xF3=h7M?uPTD`#U9u5mP zxYmeP_Dbx9%p2zCrmmL|Zo}^HmAeEdvCIKy*l3YCvL|JrQGO;)PuTHCG?z?86cy0^ zu?%Aw9&?`+L}EADe zo=+Xe0BkDG?yqdhCXvDTGm#+i-!wL1mQRk(P72}a#A>6ftUD-k)%=zz%*|LV{E_^9dVYOHab zew96){~c6myEbK=;CFA#+z?3Mcl{-&>Q~g_-l5%|Sm(jDBx7muoLD%~35&^(#ch7i zs+}Xb$eN-Au7~ky`J=9I^xryLDL`jS0O)L+k4@@-*4aeP{}0fg_F<_%ZI=I zpu#l?mICDtBj)8c*21?{6ScyKZlbeBKx=1n!Wm+)JnHCz=+BwhKfXUl$7>SaHGeKn z+98~aLBi_&dvgrF#^Qm^C?BCYd_LZ(=Y*3~9+t2uyM=)@(f6wy|*S#hs_PJ;}t*CCa)-%XZU`$(?7XGXX%6vdm zy!W4*Vl_K%$gLPquCVyn*UcaTGTctz>ydBF*9j zX#$pAzkn7@NZ&@zA=sXOqq3y6T9|UICvDk#y;W^ z&gCip+Q$-oNvhl-Fod|L=WRk{FF<%eb_rYmDkO-*x6yE)$TtIaHxF+WTsT$3uK zvi|&mW}fF$Dd%sYE#xUX)LQ;CCe8ZtcfhWW^{P??{^{bf?`kvX{EaM^hyrDchlPp= z{EZR~;<6=82>cJL8Mu_Jp#29A+;(3gOIP6nv`3R+CKAt{YBTc-DcE<0fj1I5IYF11 zFyH$sUw5G&CM$Q|#oHVL8mF{QmcHeVl%IL#P6EpjY~KIqI0^_Y8uWow#|}#p#n_Di zD5wJ^IIKV0ta4q?1%gpkG@#DHGX&hkoBqJv44;W|{(i!au6WO|8Qwb#4@`>n3vkdS z4h+@v`6X_)I7^K4_XC1#8_oD$GJl^fs(~+`leH;2#~n@OS|;2xciRN>)&3!I0}(`k`U zW1!v8tfUit_sK+>*=jtQeam30;hl4-t~e|?QUY0&Xx~iE?9lPCma5gb7ARbxmGjv@ zsKg5YU=OYU`Z+5Ls^eK2d~0Lwc1LfHY=8r7P?ovu^$V&#f5^Z2gX+etLuJ(Ia-mE9@;^7=aiH>pYdpIAxqyIwb?g39ZyR`gfHNmeLTzP!C3MDG8XP?XRFV0P*mnP z9k@}fxh}U@~lOp|j9g#a6 zcSwCZ1P{^BS{PZmIU>M?%zA;;794oMkVT^w0lV4zG>p7YO19%b>LWd!Rq!F z7ZH@I1X-Cn-^wv8PnPEdsxL-5ia#Yp_qruZVf|HLYSQ~dVA6xQy5b86?3t>HqSqTA z#fTQT_H+}3o;&%@EVdbhn-C`{?z?ba7^Sw6qm37^)We+EPSPkhw95(a@$Qge4;Sw_ zf@)0vaUFopRD2r*wK1V5Y1AAz;WD-a*_8xp&f*6}()VtZQA^|f0xMS9*b60JtME?2 zN-zcK*D9cKC=ty9tMw);_g<2v@--XIw}J5L*4!D`StEGf0kuO2`T+fOIE7(|XS zWurJG%B6T-=9$XegXGD0(yojl#GV-~t-RC#h$@(nmy1+#+`8!J^&|{zw);z7;u0K7 z%Pm5J2l9!%Yz>s8ieLbOZEQfMUq_8Wa@3SHzFx!2eI&yoVBzGDYluCwMx0e zXC?Zgo{SWp%B?I0)?Jt|$G7<>=LaKPgT zY2aSyqP||EsdN(vFG&N?HFsP#0S#$W8 zNb3|odG`szX&}jO{A1DA_xf|u&%#6Ors$_Na@p5mV27r67FdvUekWmVeZpZ!;N4PDPh=&G|nVgw1G=nH05h)q2!UUo|i%7g{+N60gzt{a0BK#BI(_RPGbGT64f4H$M!+uG9Q%)!zQdwix9Sa{- z#9)j*1xY|v8wb<#{|barQcnL(oCn$lS+qj8uN=ZvXynzCuVQTqOe@HSr7&!tlw09$CuRl$-)EL4icmuY0-c_D|r8;(%k7aH%Bs zI>I@mP4D*~xERGsx_JO=3=#jWIwcYP56+s1Kb$o|^dUl`MNm+|m5Yi~Mc%8~BJng7 z1f%sz=?sk2L>2T4Ju}?4=*3whw~@t_68(rHdoMLjE*zMo_y;DbmadSDx8!Hy-oZ&F zTz9egv~kg0HnT}A>V>L3SpyTZ#iH{7dkym}V43^HrjR6XC#8%#Cj9`YG%}Yo8tG4y zGR@3-6vNeb3icK-pP`QORDIFUAODj*{ik#^6RARdwS6 zzNkcT0p;jL+Ij|_jo)z7wKlbY-&&jc3$|8A!xID0_;*v#Vqo4=@$5q;c8UlhE zDFqXqXS;kdEDp@1tkeSvfmp9%IfVH(#;Ms4Wo^%%P>XJ5uz-03Q zrtAS1a9M)y0S;u80^-|o#va*;&`q}C`OV)5kUXwCB;YFvFbCLs?{LCkFA6>2(E`l@ zUDpEwF5qoed<}v`gxyZte1Q`RcKK8U&rA6GQ3T@baxt0?%d<^jXq_jtj`|gKph&`d z`C03;a**Nnm*F=Y`u4gisNFZ45PqGPcjWT=26SXj<=3FX-hY9BR?@~899oOY&Z|+n zL&_Vm{5(g#pwppwuEQeQaq|SXnWheaUs0T#ZM1+wt(M%`SVm7dihM_ zG%DjV=L#G|LbG>*xg%yx0JSss-O#tK(~K=OoUV>M2QSzOypke56{uchA^G4$V+{*qbdFI#^q{nV2Gq4a-T{io9JI?M9E zmVWqDC5bG^IlUl9P%MLI`K(~9xCO24sEXD=^QW&l7!)kU#bc2iqF952tW{Zs&DHuK zPe>@n)~PA16!v}}p|Ke&0S2iH@wmENC=p9vb9uoAGeY8YN|sM=gP7U_uRm%u%q2E8 zMg$9}s4zPI@XI1!t5Z_9e&+Yv*YZBt*$tAUZtLq}X?adi%9x#Jq*GDXA?XrZ-i$|A zy0t80R*@g}t7tQm-_uxN(-pMR6Qs?f*4b$ZHYwDLK%w3uz2*I5`XA5!`}9xQH}=Q$ zzf`uWp%0M8-2R<37LfiKuBK@Ad(DHVBXyB9Y3~joA$gSIRBD~v)(b)8StaFyPPRDB zZ(lnXA9ksnsYiq%4#`=K@yrCV^SAN8AOgg8@rfkbNPto=+1BHFkT6G|kx=+{00Z~O zJjYjD9K1Fz!qb6;PF;XHX2mITd~>xrB8i8%oB8mJ;n93=JA90>;mNI|0G?WPKwo== z@Mo_I%$RnF*KQi&V zRRp%yHPj58Y#QLY8`!F{JIYRKt2I&y+wTV=(s6u@|IZ;&|p14`Tzxi$>@1Xx@ z7!dW}VL&Pa00yLU2z~jIC-%WHIQ&6}pd8#+$7;-LxT<%CB(D&JPwIz5^hMsjHw8>h zVs>;7kXG{OH!RomF8KG(;99)r-*yHw@4gi&?4AZ^dq0D7tlL(WR*G$b3`9dXU8L|B zIh0)l{aWjStG5=xXi9ZCzEtZn4t)a^AuZi((n9Y|dWEf&6JkZsWH{2~u_sf<3zyHs ze3KKbOP2@+9CDTXF9dq8kIT}F&Eu|6`fB!J6MWx@;3Oj|l_R~w00No4UEBvN?PUsT z9RsiwX;4zvb<@q@!_7QYX(QAI8!%FIjs|M;S%eR+CBFDyxCoT6MA5SGtsOrZxbT&} z(}1YvbN_j=gktDMb)!_d@p9Z(+w+H^+>aSy(;4;~VLxi~_5(4H&vMYnbwbfbv;)6Y zN9J<`cZCRRG$vZU(8=Cv4-Q%4QDlJ6^dAS+a>`VPUBEARqfIGFUPNB3N%uV?i(?CK zv3QxGFzT>tF+zcoxwjR@XCSqxJA}@4ZcGru61aFAa-H8>5Q9gK37MVWd&J$fZS-cZ zfF4Pzw8Aj~DXm$R!qK6|12A$)cc@@5U(=PIEY@(`o?AAjooF~+7lwZwK=v+fU`NC_~Q+A&Gz!=VU=?y-WKi@!k4Pd9O$fxIhfFcpG1S zVP_k^^Zg(E*I{}DDtm2z?U{%C+v^ zL(EGlTQ2{J!V2dv+B@mJj~(aa^S;;Q6{N4L{go-EfbH9wTey!8Xl;C0PNdoe(=6q zFpSPZ^2M@b!ih#4%=`?lzA`BAg#y@z4?TsXnogC0N$By@2*^47&em-1iXTo_r)9fW zQu>?R?T3D%b4nJ#>W&3RdXs1nYgP*N;_W!fRRS_GS$zDPrm7<7m0kVsjX=Dwp^151 z4?HI|MM}bl>J3?f+AiUCE+}UKv+`>ZyS#)Eciek{Q4s~_(zxI`6gy6)184>#g%fy` zuAJWFVJFy}i`xi9e+GzI3vd*%unS{>`&u>$OUyVG`%sj8vm%|}Nty3DZQ5vT3WU=z z#=W`vV^7R!xyig5q0D?*?)fb`P=XDp?4|BRQ~(={;PPK>Fw0*C0WQ-GiGOmLBKxNo zvbt|!^UCdlBcrk!=s_UHZY7di4!m;OSr$VoOZxZ70~VWVt8P&(aK|Q?hl{3`H10bX zl7Oo4e)@RHVCw579*~!4WP-4AMAy2k_cNq-PGvqYac%N&YEgI>4D@5EfJ%sZ3ldZH zGAXK_yegJfkTZ+YD4LR}O5RVgdYAa(gM|*LGAiRGCF2>{E{~gOkc3n4gj2b}F0s#a znB;|e*??_vDM?SilQ=Uz(tse&TG${VAc#|<0{Vw@CPMFeR(VSVVjOm8niTIamPR|# zEmyMkdLSr2T@4Ln=no(30l>$a%k|@v^1+H)sr6!Io9QDeUfA^j8?QyGi9GzsjFvLv zp!T=#6FSrw%Z$kD-1b;l0QYJKJdx=5*pC!0%ezvQIa^u2M%0B%9?R%-mi{OIj6KDlVL{IzPPj!g zLZ~|0yQOvLPnOm)zi3lj&T2SmsfdWuoM_j}VUEvb-CO@gC(!?`6A)pGZ)Up8@oFgO#Q1&5cMt-B=P=9CJ43ppF4y6|K1sd(VwEMVq)f`q{xx@vi0ywtoA^Kfb21h+#WL4BrdMl#}B;(mf0}iU#&AQ>c6cshZf#N zm`e^Cf3wc;{na{?xa)ZYk7&QL=QVj9pe2XCn!MGGnv7~|vdLBDc5DW)v?e1j5lwncy5W2l>anW3S5mjf*C)=1eZXS6D`0IG)0N z@a((xgpV)mBFO(3>&L8Y(j9)3XR%bvhv%d|I7|Ad;tA|Tu{Wiasoq9M^I#ABKGTv} z&+1XQTpBfsrrgad0vEF&ROhVfJ4$-b;C#nxnXzv5Nx4;OG(AIDvc55AC|jiqab1FQ z=?7^Al~1^G*z!b*>b)DfJ!;kZP~yF(^rpmpGr4(zs56kJKOo6P3xYLCYbEmY*4go- zo~_MKz2v-DhJ?9=@`JO+MufTkyBDTmON~_RF5-wLaj_;%-ckhV7=6 zL=6IZMF5MTZFKrdkHS%;QHQ|;RJ_}S4>YrA{ed5b5|&`ye&w#?UPJVWwo9~Q&vDvk z4DV=08#9|6vBs@k#EMCnbe3f zUgphTOLPCW5-t#r4hE182+$S(kPbQvapTVj_(Xq82b;1p@6rK6Oz|JmL6ibOIv}9@ z{U~m>+>GK!*&=*O6oI@&yDenE*F4XU*>Yu_j~yrR+X(T+RiX&-W)$KOv>8sclqmNm zYt50jaFxz?InsF=URbYz>~HEriD}S0V0zA;mCah26e|184dczY=1>iGXpL3&8~Hj< zjRhwV311gi4B?{libWI8$a!sw#LOURXR?M$(pt?wCMq8lZd@MfYihL`dK9JSPX+!o z?&)twqKzq6$=Qs&WGkBQd~T7+BDkobCJs|6*n0Q6iUl#&{JW`NJb~F+?@v>|&wm2` zFEjr%^*5q1|IbtZA+|K?U*`Ub&&Ge6`=OiP=YGASf13M!tC8R5em{Z1Wt}dNAc^UP zquE zYGe7#sN;5MK*!$`wW~xE%4W&!Vy_JUakK})yYr)`C0p-SVL1HPKrP(S9`@~fptjbU zoc5>{76F>L$~Z~#V|HnU6k7ZLRiYLp%lL2R*AN@eck^p`ZP5wjzcIhABLA^m2#=U; z>7DuKLH;B2-;xCTUlX;7SpPLqi|!xh9#H?i?;n_d?$jU5|0(rfnSYj;UhH3(e<#$n z2lp&A4j~L+{T40*77kwVTkdPnFUJEE#z!GJEF}jX} zQooS}d4JdMQHzX1%yx(4@xNMM$7BDnz8Zh5eS0R*JAGJ|POg`+BSjwU5-IOU%+__x zey$_e=ESC){6w1F_qfQ1ObjO}wI(+I9m3x1nfIF(2=!1?MHQu#=b-5 zpck!SrnMZiuW}3!IxcF1*E)d(;T%X%fdzz|=;@d6Fw%g#GHYY(d52m#I6_Y*k#^Jr zLO(T1^}GPvYIt!Xr!&vI@gCaGoPj0`>0B0dYet*X02@BpzaLGzWA1Zq?0;TAhuec9 z;9&<8((!WiFtmgc%D@EgDorWnT;cPJqahKUC?2FUYY3rvG zs?)8}LEMS5^@wyE`7})5R?0-s8k$jD3A13BX~Jv7cxrQKe9x3%MZwgl7Gb>W&Be;G zhz&tMKtQ%>j4vWQ-_Y{d;Av;I_V;Z-Fu*BS=2K5;uqRF6AiAz7>@^nSf350<1SYqJ zACz8u^Yx0J&haK;BgniY;p5q9IE3hx{Q7#4pxIS zypieU{^`lJ!`q_F{gG(FJ%n1Puy%RMaob3X;TO}51n2qea z$6*a24&hVd5;yk*jS16MUq*j#va*?|2|IN19r1Z$%Z)vV7!f~;7$5z;yh=ZtWm@+a z$c~UxCpByEVofwm)c2A}K1d^5#ZvcGg(~pNZQP?rSdIpW)}?-B>&l)pCSr|d@S%q;@a0B+ww@!s1)#BXix%8H8kKnkz30S10zUI#-sH7&wNsgaerS_B@{jck~odU zZ}&)TH6GcmG}eyW!vgfhj?I3<~VPF zM4pXpg=4CoyHIMlQspZZYow1$%xR9u^rGA4aU{CS`f5@ZDBRrv-~>p|wM&~1ceU9~ zOwxzb=B+o^I>1m$1*TUZE$mm@c9VxQl?Av__?`(nZNuV{tRUD1W+t7yMqw}{EpG}c7xhM0e*{&T+7i2sKiC)S3ZSJJ;Y_Z&VP5NEeT(MJlW zBx6@KeXE}fGBs>7p%)E00Bp={;xaTBd76EdaIR;x$SW9DryQNQ>(1y9H~N9lV&H)1 zGVmG6x;Zfn9uz9l$zj=7!5I{sS_G0>M2B|}()svwsXU2aAu3d*U!MOQDd5``(pNz8 z+5qo_#AGxN7xB=r6%gQ_$*687oV8eczKi88-)@J86K?nBid{y@sL;50pi`c19V-O; zc6IF2G7jbO&Ge<{W;dlW11FvP)WiYkx^LaPxuSQ5>4n7xi(Xxjl%~4O6RT)|x^9Ri z0iI#3JDeDYU|!7uk0ZC52o()|VG{!Wz=WbR5sF%Or(yz0X-SwqfPg;W8wEAd2l=GH z(+f#mus1NFZNrW+vebEhttiRnRD-@iy4RP%o)A3MV7N zKCAHtK&@Akog-PunOJ?FA3CP8mhQ`yzCn0E+{2w~3PIjW@z=-SOW6(kOOpU`0J%`b z)q}a<$tRcvTY;ii#K6#NX|d^Wbhv0@PB}7YQJ_R9K<89Tzz7#h!`jV}+W<8pi}@_a zI{-COnbzalovjYBfe9PkWTbe78Pz_A41IJJ8=Dw!;MQw?ITbIz!AdWNLsywJ1&O?I zQi?x|-2kz6ge6FlcUS{Wk?*12Mf7=1`CRb+pWBj=mFIWIbSMFT?j>~5{C3Aw+O&Ri z?jz(V`o#H>O?tofR2@gL&uzG1YpO|*^avJ z0fx^Qh+bs~o>Q4USbWsgC9-Lq198&_^IxS={|+68N`aaER1Csvcda#%MOijbu&Q`} zoCv}_G>KA-eC-ywi7tM8{uNu3RT>t6`Mrt#tx!lBspLV68i-VP{XK`6NM6<=7D;QP zG&9d^r}P3WN?q`&B-q>Vq|9JKBD;(k=G`$Ye=6Nq`j=>XE7#=1jx4jFIbCG3R9Q76 zBlGLGgg_7iV_y73zR3zdzFlZ^5GpfdDl-a0+e`+!L&|A7bsALgly|35dX&*^LiS^= znt{lP{SIY~oDG|2EX?tNqW6|ay)xFnaT=Wt&%blS(JI38r$d!K^SlP6vspdQsfZiN zsrq}JT>R`m?{fxlzF6wtWAE!r+x-mH#{PFNKC&1#gZbT`(EgfxmjZ|Ar4K6* z66x9&To>d*jP8(UZ0KuKRt+*u-n}r%eNE19yu8~#cX4usvv`N}Wb76X2Shw%(==1DQ z(*%8O*mW3Q-q-hl4Br5T4OYOgL3Z}9!$!i<9`zrlVwb<0iXFcT{@|usfegf*l2sSM zZ|+!O&O{`w7fj@X3s$-Y?hsi1#g4lml~@R8gR54N{S8N zSw>Me-jZ+fxG!D_m#m1C2V|`q55Ky?$u>yHXkRf?V^Q=8A@pHA- zvc#m*pS@F~j(#%ezDC|BDvtEt(%x$2fu#kRgMy#S(Xs7x;cXQ?m6yQr(8MWp^I#!c`b51)~!#>YFRA$dP# z2xE_%eJgzdJ56Oa@?$sth_U>2DX#Zpd1_}o(+Py~==var#@7-e&q?LcxL#}VFt?%%pEjXPS`#Mfo8dhe%Em;ortb<-JPFR-}h2}yinZEN0p5@k;0&$TdU2AT9W%ts9x3 z&d#GOHX;{JpE>?$s1{sGu5-6SKo`}DTi0nKccOZ3!$NvauJUj?m9w5cLhf8;?;{S} z@X4VgFS7sx1v05w3>Mg4S%g4`_QNoZVJTeF()!^?T?ZyY$eiW@`X(XVG;`#kKxUNN zbLaw`>>p_Ou%+}Wx+xmEXZ8ZAI#pBXh}L?wBpPeAc}kWXNy;klI=ohrsYi0;`oZ?F zw&m5+5MlPMQAOm4#Z8%W6=ieA74YX&mxI`<#-kG#ADy(3Au?1UZcCy~(W*J5#*b>Z zxFI46BX2cc54X7S@NiYgs4g<#g%I8zblZyW$G#EaFERj=(G1X zkFf~YY0WTDM(wBya6WLBRCbiZ!o@NxADzWz-1T9Ota7q({TZQ^{XQ8fsycz|c}uyge;haJ+__`+N_b?7C;9Hc zbJLF)|I5M_H}~r=6Tf`?Bvy^wGLq%p(3)m6iI#A0xy^}{z$%ycIzi;q2hx)hPlk0$ zOOhSr7BTY~nx|u0%c&%bUc<%eqt*aDlq1Zi!l-p*?)5q38x~QsW?I!E>n!!6?{;8E zBx+WjDQ|s(hN3%b?JfYz``gqKU?=VXvfRzBE$5aLGBCDZ^xN|CvoV+U0gPP8+mEsO zE5cLC&|GIV2#HKRm5LNg5w}11BN}LAujbe=uTcsDh0`bj3Ko`bfr- zg;w;mmw)U-GNotQJpWJq#N z^0AV5Fveo2dLgYxYHE~a<+E+`)LK3_jRYT(8Il3-cp}?s|0|9!nk*8eT%AG4u6&(vg0-ELeC#?q4s@3?lmy+}& zccmu3=|`^5=Uku4xrr0MZ4(FpG8ToZbLX`2I{|)Ft;~NqNPH>*MEr}+1@$36YNe!R?9-z(Q)^3yL1+`A#dfw1<)724DF%?=z* zgXwO*gz63m)NcVocK+QH91o)*jrXK9*LA9>joWewP>CU=S1Oodv7< zUZO5CsAO5t*Qzg-Vnv*pEqfe{`*Xc*(hK_>brt*Bq4qK2AMFOEXd~4`a+wEhKs;#% zA*OhI>y)l9c==7iT}y{)(>p;u!SPhIzZk2m!<&ZH)FF=sIjH06_aNo|8j0d`#O-&A z`^>cl-4nIiLt$?zU_tp*)-QkwIL*6#lB-iR#-(u@WMJ^oBl2a(|1d9s*R#}vG^20$ zdEQM^ba@C#n^#{9WX!SI^8?pzq7=5I79%rE(Ut_>+q~&nj?jpG>kpTp~Ev& zSo%BAUJ@%YA8@$kYTkUVK=9+KuSM2fKY*EE#zD~ z+_L?=6;*DKYGsx<_Fv!FeUvV04QjrRaeZh?Zu2Qe7@rA4A4eIVF{=*&Z=&=<*f&Ey zI1Gn>Edl&4RY%D}?&sGMvPF}|`H+BDyh#J`+Os>~A3(y3!#4&siN`fC4PQKgPm894 zXw2>Mm}pv>?k5n1reL(`}q4Poj@92XLO#$y z^SzjM;DQ;da~Kdv1i6gN45^K23ANs&p|Rs(U+-})3`lfObvy;D$Ol$qlc*>{chBOX zBZvNAggSA`!E{5zGYyS=gYl7^jO8(D`g7*ZHJC|wM=To=cqVw}t&0r%2N_Tqc}*a* z_ls>}1)OD)h481kyk``dD7v_@|8a z#KX=jxd7Jz-bRv;#>pS3t35~uwDjf&^V?K-MmW@?8<0#u}+e|^$&aTP~#T0E#AwIV>o46pS z^8OQEvzj1ReTo1^q&tYR;@u{)G#)dZAf~=dG82W9mgXvMn}vXWEEjp|gLCsaz!i*b)Uef9bmvs)ddsRAs;DMgUHta4+vdp?GKRXbH^ z)}=yJgh!{(YP`@g9G{m!Vye^%>(X%UP?F*-Nl-#5FDM|>7#4qHOl$oN$~ONCtv>pULaZ0El)={4F3^3NvFQP? z*D{p>OWHEt6p|wuPdK-)8v~Kpq~SV{k^iA@JIr=aD4D6jm|J|s+s;Tae23HV!Q&Sk zDV?LlNN|aI3LBzpvhzi*YSx(124$X*Q}@+W_b~KsC`eiFJrVIUi(8Pk5_w~F53~@h zUo7H;po@Ve;~lTP@ApmWLWg5kQ|jb=geyt?tVi|fsc0paZ>Sc;1zYX3&>_Fn0;3CG z1<&mHg~wxRCP@`yrniVPj$-< znd*fO*#(2KQfz`6abSG9JfmCGg*c?OXUu|%H7*qo3}9P^*H}sk^O$ZCedRV8Oh`QK zzFxJ*UbSJg@#ZTx`wE!dOK~{xY|D&n%hPEe*H-ohzBOGTmd37Yo;6LRGo$BK*1Mu7 zOHLNd=3NJk5vMAw;nzAB(~t>C=Y7Sply_~;X+H1r8)Wsw%S-j~W|FFY7gl+H;W?{ej#AeGu}L^9u3n(JlbIGI=7~}BQWsZzD7fnt zYV&Ay)zD|jtDj5p-jY+PukJcdO|7fdPJ8=>bLMwVyAw=TndY}mV^ONfmq_LG2mseL z-b?vHWXS+ZZOH5wchOG_m9n2Hvn#4GU)kCiP`luz)Mz3qQiv$~HU!ZTtXw4!NRt!x z>PT;W0{4VXU0X=V`Ul`?(1f37?HF?Sk%CLVF;{^*2?fTu=~*eKortozq!NT^aZGF)lGV#rNn>L1yirJ$NE_iLWG5f%mW*4r`}c1p%zZzuJ6?Qz7bdTqZXZ)%yic9s}Mo3$ssIm1KGC=OZlue_EfP%`Nh!RRNZLfgc&==)=m&h#^5HOC`Ov zlu)@54}EJZqcqhQh4xLj@^gO9wwE@v`Q^j z(Dp5Z6-z2T4n<-jgUvb1H6Gkwhz-&HYS;seO-93u*TY#Wu?Mg1z!XDOpcZa zFDll|@rDVT4a9XjkG(%}TvHx#I9k#d~CAWv;%IBPbZGVh|(K zV`kbj{sqS8gX^n~y>+d-iugYheF-1P*2FtWQ62R&=V(&WFyz{<%A-RUXvFyLqrV7D zz#tcO?Dqzc^;MPwtjcq#P?t!ufo!Bz7nVMK_un(2`Ov$l8%R^<$suV%Kk(-IFAo+3 zvLXc2(_x3d$y(9{6H`T3L96pwOeP>SIf1G3ed2~x=j%v7aHW_>%3d#Cn3(-Z;(t2` zGQxC@LtNbZv8`)5L{g$2XR584@Og8_7?fQ~w&(t3H^_U=t~zk8F`0*sE&m1S1?T2T za%vi0;-|SEVO*tTukwp~do zPAaO{wrx8V+qRR6D>nX9)qU^nzOUc^GILJOPIlJVV;qe6Y0Ya|NGz8GHd`Y?GL4pC zAwj#F-=+=UVa~V=he21a4dHq42eiBF8%Eb`!)Ms#?%+M^(CjeT_JFroCvj-K6K~ac z_3TnnI^!Y;w#5hU$+I^#YQCn(q1NInlXUc-5mlVjrak39yq@>k8C*SDHqfgEsbi_@ z%a8Y523ei%q+}~}FZo*8{>q#e@cumU{@h%5zLKQK=Q)mBs$+F8j35Au0sOdC-if1c z-H8ndKwL+TaVZ2)JlgsS?(Q7Tvz-PwowM_p?ghQLdg#3iwrWtS{JWHd$-}m$UXqcc zrWexR#YJ-?bWA)eZ^-Dg# zyA60VZZEnoaX?Ga5}G{a?(xn)5GSDbM1wMsb?~K-B@Q8v#eN?hnUReTkHHg27(M~@ zhj2qPdZS6($M2d1Iy&#~pQ&ugV&6JVVDr74`sGCFH)zS`mIf!kF1;k!zibM2AQtFh zzadugkU&*dv}dQf+Tb(j&o$1rJ7R{jb$oZviFY@Nhev`hMEtppxt|ztsNRU5LMppT zX}-e{@6UuYOVd{$=F6g}(ISkdhzWcOa!O4K>{=pr8qf}ngYW@W_oV_o)+*#Wyk3ZT zEGN>6uoHRM{$U{*tPaHUh>XBL+d?V<_$d`7Hm!ROc>Z`Cp|t5Pw$_Mk%$CE44; z!=G#$x9dR1o-6xy!S89g+b%V%at-FnPo@bm`FlT#qb5i-l5T!PE3x4s zfbxAn-=Ry6-=TwWxQ;v^_lSrHLau}gLEjyt?F+wZ3ZbJl5^K$FIYpyHlxUHv8&PcVKsJ**9J|lrTz^QB}~Q8VgOJ9V38=BV2(|A z*hA=wAz0EDx5X!VZP4uKKG!ieMNUt!U=0*-xSV#Neh$oj*I%4V5dDEOKD~8>4Ap$T z&k~Zt%stI`0|?t4+g(uAEX*-L8TEpO=28;3w|9Opqpt#dk1Z(-MJ-%On-a({3nP4) z=DcKI6F-oAAPrwYQZKJ%?o<|rW^C5Q3F>C1o&`^WjRjA%PHA#oYO?dXGES*~?15oA zP3G0YDnco0#)1hN<&g^RHcCe2&5(Cvfg*w+T9Xp=23jcHf?xq&7Fd9n#YH`ygq`W~ zvsoA?6gZ5arWfHtSvMkBA57pc5%*f*`ih}m>fIJx^wQTIy?lRgSTeU*@FwK^W=!~*l4q{>lE-}Fyl>NM8g0%vRX@HP&ny1ndL zph3*$f)sL)K^2y?6VkS*V)cEMDO%Rc?Qw51?=&&wH3Y2F16Zf$&pJk(aU5748?a&v zjlEVSayH9WmwHQzK);H?fq$uD?&y|X74ux?0z;;mfaaa%3%uE z&rzkc9~i|rK}}YLZ8L! z6yNErNu+2x1TC}+X6dk2e*Zm_3Bf51&@}h?oFn} zIciG|ghaRXheqzJbz3dv6u6tsD<>{>iwngpHrHsx_S5y|)62LU`{B&@)4m@!B@}Xr zL({)XR8HMs;65iQEBoigrTLmqY=EmuQ^FA5@HdB1$S zhLXWjxfLN%45|9xgqn|nd zi(UhPMgooXMwP?E7BU8r005$N7u1wkKb<`tX+jBbS~YQY+eepTgf_Nm2n1klZR!tV9)@2BpGyu8 z8Sml-bXiB_WliKpPklrW8}A3GECupc?8u#eQOO*Skj6!q%-A`q%V`}EUf1wPwhUNw z<7omPX^T{xZ#}Au8^>e(_qBn(PA=@6bl~0%oX=E#j4pb4G4dVfu>mA(1MsLC5YR43 zm)|R%EE*Y;M#r4W2IA8O=8D*l(4anHiLU<#I0*-U6V?K73NJS|N%x<|%VjsnZ4|SZ zqG@uef}5ObWonQVU+tx>-~R(RfjRsGP6pGbu*42i6N&yCoLv1EII)sd5dI0NWb-l? z+Q5}I1qnL#rZ_>l?~$+}hys1skR8$~TP=+5(9!`_M$&D8GnFbnAr2UjEd$SnBL?HQ zfp`zbMZdl>k()ehni|8JA5DJ+>r8;xxc+*aySy%OA^ad+cH>%o_(9-#fkY3Osf2o~ zIk$(lR0mT|Tvw*(+reZkN;xrK=X}BIjC0hZi!oa^4EFd%%v^uw2hV6rk#EnAVXIDwRP3ilAl9CrNb4$kdxNrWsd2rpZ>MS>+EH(S@--?qO~N2I_ixk=Bc6;+`>auXt1Yy;UFa` zS^PW_Ecqh~Js(u&;Y_uum=&tFR3l0B^CbU6b-!F@wS;p^mJL-E0fbe$f1NrQGC2f1 z`3I;vG$?JB9Ch$}S$G5Q1OxnU6%02iU4tg~?m15WC`c|I{oZ|J!-O7BJ)3S zs~9R0@1D@sho{5us1Y+XC=R1>D^Dz;UiUwz#cw}-*e^eCd7Eysd4G{!WiqDc&Fe9< zcw8K%!iL;WhTK|-n8Efv)laB}?vD@uwkpi0PLva&Ql_gdpiNeImeo4f4^Hj!DEegr z7O;iX6{ZdJg4F_9MAu4d?|@QMf_t=o-C@aJgP&c3<1yZME!}rT9lUL3zoaq7@;gycg_I2(f+EAxhnH1G#Lu{OZPeSGVo2__RXY$E4n9munEP9gq0yTBO zAs4>FX{o4Hy>h`hs9REP9U&^^`~9+kpIxWlHYbnBwvXFhJB7cxL}QrPru%#7C8bD6 zJ@spmsBwZO(|)ANuu!wxWTQ2;S&D$OL_;Lx;1CHBl!Y3MAC;FYX)H%^vs~jdBK9QR zkii^f4qIc}6=hZmqt}=8ZI}!LbaCF-ZHT7t z&3txO_vpLsqJ~Httq`Tbw|4g58KLZDaTnIin@iw}^%Gr=MFtSm8+zVTWL$6MO^0w8g{Rk3o?^!O+#+a+!T0Yhe$jxdG_Z2SQW`vll+NAY< zW@y&}+l7%gTlnpUKtFfyyRP^0cfV0zxf*WsD?g1?g#mp&0ytXbdZxERAC0dsRVDss z6Wh*iNp%+MUFXsejy9tEbnAD$t6_%sQA@v!F*NYgTdyqDBP{1|)UuaIJ7327HAs%# z5vzEr*j&3@A@OPi*(-Rfu)lT{n6F*GVX5RkFt1iVG^%&Pr`_hhn42}6&ZqaVSKO}F zMFCkeB}`f?*$A!G%0n%3(qyO=EWOny7Rk|Q72io2=JD z{;8tnKk~v(twW0cpm;6Pn{9t`FA8aud>01KBcZZPGOjI5UK$oVW$Gfc%|avxJ8Ehw zlV$*uqhIvP6F(_h2$tYXYZs|1B=b~@Xw_QgxMV;kWzJ%*f}g2zj48K*o3U|i?v?6# zj_fJzE>NCi5uZ=(kZ}$sIO7&+YA*#;X%-q=U*S_oG_8<)YEmfVUCa!Il`STxI z5GihO)=8*$$#o5a$(m#=zT{OJ!}B&e)3S2=+%&)Y*`0XUgO5DlOMfV?vO}FTF-cUPK0=P*uQc`x$!LP+v1K*G47NQ9Rlw>T0==japZR|% z=M5`=GARoDEk9zog&O2dwo|{p&;;6$@9!$h_C|h#WLbhAV#b0Wf*+_St_9SwpW35- zm-b!JWEncwHIcAdCv~Px0{iktIFxXBN?3Hw$FUuw-N@Usg6?At#~e?w9eew@&A-4x zLt1VEPpfpb#K-wTgh^_vQ3+i@zLw8H@!mfpR`Av5^)<(qA9d}a;?l-28Ka+%APlqT zS}&zb53{3P_HLo6 zs%{36OC3x&H(~%E4W!EGMfTe+&@l{|{?H5H88e#XAK0a5sl*O%Fo#X|Z(L-SA-k}z z!&j7F*HDpoanD>;R837RNF~hfX66;t6AAUd7%3jG~6%1vxJlhm~qyztHOfTAVS-FeN6(aq0%@p}?o= zaC0dT(7EifgB!~c+aeD)qC*FFP=&n7bfZ7+F`}gp-1X-Q9mIOTW?Gbyj&)pteNv!6 zeNrTAIyn8i{kticV~T&f;&(#a!QWM(>O^+CK36l254_zC^;UkFBu6ZIIr%xPNr;ns zJCArwA{BQ`pk`hX%foyl^S5iRHABuYUTWlR5hIqo=7N`;X?N^YqVca5pU{RMh7EvF z*v14~FcAV}=`afE7NMh+1l38I==c`OM@(--Y8jk=~ux{(u>W{I2w7hg9TMyP$x6Rafd^j$2v7gw%QZEbbiSl7-K?w{5g>+hc zr`UXCf#ts{K#G4KwLOB){cr5ov#V3K&Bx>0O>;AVF~;k-Z9+~f z%bdM)zobTi9(wFZjCJ5SKUBctj^$+E&0z`T1pzO|_bifmr+ z`fB00c<~R3Fbp=cUWuk|D>j#H&pi~|ew7o;z&&+cs9@99O(*#eTA}bnVBsb1^oYw-W zpqgA`!9!>Jyo)5#kv23cKMl@@&!FF6_-COL!WRRMea#R?LS7UK*@+-NR$c+=h5f4W zs{q!o*GTly;`#r?-*i=RO^tu?x03$<8-M>VjgT7$8gGnV;h_;27k=D%GgirI9S3#T zPSa#UYz8GWHaUXIhK$3!yMhSsvWlsh{;}ICZ^(z2lRsu)s%V|Jt}j19gHq}IU)8}~ zo`0%?OJ#r5K_SThi#j;`|5OL}wAj5n<-jP?eBuO);UHpnnQm|u8Xg|`u?^$huu7kA zK70{hSw|Hyb9P>Rq>JmE^9%r2sC0J43&+5dCR9^5${*zUaJ`%+|<~@{srVI06;#bnVx2Emdk+b&kT$A?LeUH zmFf$^2|P27_?z`aDn+3Q3Fm4@he+QmdWU=x!zf=^H{qCVAK2+onKT5H{K1#(g~3}G zsj=ZbwESNfo=0HVb|hX#mCPfbgWU|{>{%Y+Ff3G(E`HmR`j|-)Qt$%=IDG7SU{X@V zRJX-U969}@Jso|j*u2<7pl^0K>2txyILK;S(-IZH8AV2rxOL~JINHl-oLM*5Dr}a~ zqShr(ZylxK;+;z^A=tbAr{(OaV9(>$=^9a55COU!X?x;Lea#ua;~wk5XH5K8U6ceW zMO=!mw4jLl$Rao2fdM@^IXEiK$Pw;;$hUay48ot6 zZodH%BT3C*isR1jt-%-+(DdVvj|QjD0iiXr-KLwoRl*DKz&ec?g<_D(d$z2#IKPJ! z+}^j)Z|Uy#AY88PP> z(mGinw9;9glv;`9^CBq)-fk|`_uH zoXrVTGl2mO`<~3cx@@19qcMFEOaoJ65=D?mxz=~+BZkm#+cPbUIV17g^JM(3IGAJh z6Z)jooDq)v9F-R;zcsG5v53jG1 zz_-wIA=kD7P@#uRJXiyrwFo2I5>p8dJFtZYbWtV5?*z4k6YbzjIT&C|8hQ$oFRlY~ z@DI}>9v~;6Czw(oC)0XGg?_Exb2a%qykPe<$Zz3VKjZZqm1;k)(4_=lgX4K5U)AJy zR^3;oQ?nBU;b=op$Pe_%Ns(v}>$h8Yb+&jc*;z`ry}t>xwrNqv325VORgRr6lr!_d zsvl)+mQUDMQ8#oLnq^|>orFDVR+}d)$=X?TG0nhhcuRA7t`C4u%BB*ACMevFQ z=^&2H7ihBZouK=6+>Pj-9S8^xR}@1>n#2vE!1Zf(tc|e(8??};J7o6P2P)5`_Sr9wLpA19CC52p|o&eRxvz#8P zV;08Y;U+zcVM5H``H~)N<3QR%8whATmeA&ZCaww5X|^J=m5XpGfZWJ-D!l=LcYI_OZYjyJD|J=o)KIb#Ld`O zH(j>@CT?OmqPX&rL(n_%`SP^3qLaGwPGVjpDG^BKY{G%&>XM`%Tl_Y|1-Z$_0J~Aw zQ;^;Is#`(AXzw_{k!a;DG~rg&tMD2n=nFN1IHEuVeZWDdjCqq#y@~coD=@*^CZqja zu}O~nglNa~ndSS09W2DU1_UAx4FXb5&$*VX>fV4?tC$Pq=NckV)sAol38<1-u%`@+ zGT67M&fbxIeaie|czgbyPRPM6b2=za2W=!y1y|r-NiYuW6^LW3-Gm3~RL?W9>wIEm zSpIC}^dG@jgda=aI6eznqgc#MeAB$rh^{Pszc3NA{a_)MoN+vXH~VoD70}up2yRx; zR=4hGNtn2w(EfSgC>MAaurXq9_P2L4rw!TeJSSEMH~FHX)9a#@*HWw!t~7Q5Fd9Xv zu&AI}(hd<2?Y2lMrppYZ28o4>6?%%TDP6l8IRbi2N+UF~xaJ{1X9rCk-jLf~xBnKu z5DW07MH&C`rMWAs?}p`nYHMqRQ+!gx_rv1}-D~SCxhvCoxynhHyCa=Z)7;r_DlAc9 zJlB7`SV`qQSKNI0RRK?MVI#Wduy_sdSl zByipF3vjEfhMEr@8bxwI+*adWXccWB>EC21r4}kw$yjBkN^zET3x%gyUo0G#4N?9_ z2}hRcuY_|4^aPM_#ND%h=f(U_FFB*O-K^#oljsHrmTO?LCkpUcRWbSU3uGyC-elkp zb3<6?jY0*)13Ut>*{i=3wr0*B7$&x6n%g0LjNNWybj>_tsT{U` zZ*H<78L_udf8J_EF+``ak$3L?K~XB~)?_%?|E=Iq=l`RB6xI9&aG1$Ax&0YO`>o>! zFphTKZ#`>jSLnA^hqKGVS(BIE?Qxoiqod1$&yNW;KW~>{|DLzB=VP}?UtPKCQuLPY zRWAumFwOz-*_G(-=syC^wh7VOPT}I-Q#)6_@fZCdz#xWUFr$1ck7`>4_|ws!beNC< zS4(LY!SqJL!YbppxCOCmq;^V^+n_NQSstMtAX+99;(*Z}S9rE@KXZR$-?YkcqUgUA zV9f);mx;{8{s-wMeV#Lg*#@<$*~p_BmzmmL$7HV+-X^jQN;?2`?kkg7)q!|nIP2FK zsoSsrrQgK4y#0z>X=_BLs11_W&jUmK*9MXauu=VAdzm^(I-r5XcyNi$6A4O-(gz#p zB7R$N_W8SS7xig`T!Rr#_<3h$!l%y9Rfh*$pC*^|jK%<{eoTbAUzZd)sd-ia@g~#s zAz1sT7cM-GR6T@s_dm28X2<_>n9Wl17ZyCOY&(bb#4Y*Mha99;&pG_<8o#3dqiY0J z`|qytZSa3}jrEn4A4iNXU&<5;elf%$H#q}T92fWht>PH`z`oskAjmx5+$7q457#S^ z-f~vRX9#7^VDxWyDpy`bkU#KFM0@%_dq(DWvCjw}gJg4V6Et)KWtZcR?zm2Sh8W<} zkiCCe%)~~dC~+j@XHvv7J4Pq6XnKts0<31H*5Eg6vID{K${WrO2fOc6B{#|WZfP!1GgYNDr0HTSE5{yJ45DAz*oIF6VpeP=_xP;jTqaIhl1;9#Slo&l>@W1)t8Cwc&S5bz6cI`Qo@{ z11HnyuStFeZ|#AW#FuW;28lVG_^hcl$AmMIzwp3<43PP;_6>KCY*DkZu5xtbv4}n_ z_PgieWBx^W1>M^@eM)ciWc6x@Ht>kl$SkXFP{_Nutka3d^1P zCV}s?Elu$xXhiOfN62=A<^gwa%;SLT@ppoNvr9a-#I)k}R_~3f$RKMhx zkuZAu*$CB`Z3%=jjP++hX)Soyx7T|_N#8fnC4M!UuC)$MOe-18m3Gnze9i1LqFg_QV8WL$sUboq}ZZfvKNz>B>>6$(REfH1F>_uqM=_&rkq2Mx~ zEUNBv2R20o!N5 zt%};P_u^nsR+-5gf}*9D4{J9-olS~^$tfrKaLjHR=nJXv*#hx4tbU!7cc@5>q3ki0 zE;!b*>fBYhBQPT{z*=PkG`3}$3Fz^t6bK}H0PF-ho`?K(q)07OGe{qqhdd@A*t`zX z;(f%Gnk9OQ3m>5@xO>?HtbV~_gIx_4nD87JsaX;nI0iUIF53V&rprG|@B0vY;7|`q z;+WbI#>%P~74$|tCWw6+`Zl^fbiUtWtkws*db%Ku;J7U`P%SUM=3Nu$0LTEd2Yx7c zXc4~|%m6b*+c_3{6&MmMpdzF@x$6M$)AhUbG*zod=-r4XtzwNaTcAE~!XSp>6J<>_ zAO^(mDW~@!2OtN4RYt%^0IRgq9MrSnuH%91poIZ$yx`we+&quPJY+4V2%cG}v{Lr8cUBbCSV4h;4 z*p}5G#-_9n(Mf;CW09GmqW@rj$@Tk#a)rV?(LNqXghGstP7ZGpwvKj6=JQl=`F*4B zVz|$CUWP_ljn8&lm2Qa^cqUy9h_xNzOK1p4Q84tc1N0(@qr8(}yP2I;_2m90KGOQ{ zmy;ax2Vc&(8%AF$xh_gJ-sk=%dK9`F$5>Sr0$;xI4K|4X7sV|x{EgzX;0uI88zz{EEIQ#I zLzr(7zz|k#4DT<|z!E_edd8!v$exZH3l{<*yy~}jK?8||Q;Bv!&i1WcG*YURZDy3o zQrsK4Tdp4w);s{ljvG%qN?DhU*FZioeRTbAK4n!{_wzYU8>I|%@O^m4RMehTyuem` z%*;n#QOOZ}F#_*bN+CDvV3Q)rRa;4LLgh=*jxhSq(z?9LB1LnqJUM+HGBhrxL$Wou z|8{>}B#|~r_9v|34miJ}$wfNF9?!lWyZz1&#Ymo|N4>8EqRV%ZW^ddnVVw_#_x2Ud zcQzb-$INbWOHYMhcr3ROkee2XiljdF(<(J$Y;9s>6gliYs& z7~#Qn6#5vh_V<6p>fU)_3~jPs?mmb;=9)bI0R_~PLLC$i+y4R!R_FD;u-M4D_upfo zU&gWa_8Gh1`clbmp;a%($>WyWzCd#HV0~O>bFomEQWZ?f=Tf7+~9f z`A<8ywXA}Ne@~!z&DaZw9I2oQVnI#hq{a9ypARn{gyZO);ohw^hehd52%mGdypHt2 z=^>%%B-)B<^}E%Ir5^*L9;9~n&t~pIQ$gutW;08^f0^jm*CgJ|?n*4_qR@~yek*RU6=b!f( z@8&;eHDpTKq|$v77`=Cqye@rj!Ys6E+<8c_?xR>ROrbZne;ehH|K|EnmMWLV1im2R zDvGN*G5MLz&5dzTYgE|Vqe2CC(113!4<;X4Prb}=*`8mCVMNT`FgOO_5T0?CUq?cv zbD5L|aObc#zWj(Lxu?H-BV+!`w<&0lKboj@TubsPwW+Y{DCrP8%edzzeMrq2C!(Wl zGfi_~z>iUa#Md&zLNQ{Ay9%2S$NFM${(5seKU;b1mEa)u_!xEI3UFYR7RLVRx?ck* z6CkNv3ouL6QV9tC5c9b|=R#Sy(%}CPwv0>(G(zrw(;Z*)<9Z`KKuTELkbBirA)WCD zwDR$phzrBq)4hykwmr;mC-MRd!&G9RFS%eCB+t1rrRbb*N(CATcl7JPayOiH_UhR3 zzde8&k({Jj)5JKSxox|hh8s5R>Wac1)U&+ zDN!kP(ZZSTpsVg4v%aBOvo$%jGki*GP}HAvpagl;VOPM<)(r(+qvoaOU^Rl8M^KxW z+rotBHM6Bf-KZqp$T02#*cX~x3VMF~#XBCFD9o0ZA9SENGOPkrx1eofUtDji>`&#N zajbv}%W{?=B*lKx!AMG9;6YivfC!h95Yh3bnL0cSw9c659!_=)n#cWUrpy(awxrs< zZbk3fv$C}5Z~BbTxsy=x00kNl1_H{+!vY05PzDA90#f|=R7-&Sw78U3` z8K*lJ;-h3(y~05p!5Kw9wED!{c`8@E@1G~^Z|LgLcWf5#6^KFlCqq3?ut~`y!r!b}}P$f|11gw2B ziUElx6*7oEu)Y>Z4O*M3y$fvvVGU(7FPLuHJD#H%U90gkh0kq8Q;_bc+vD=% z4#(N+HfkBb<00eyNJr0>|3VIszwd zCx!zhZbt&{6cqI}zu$bnk)E9d(G`3yQw2J7`*KL|MRem*-NFNX0eEa$_xnwZ;B&i) zslWY~Cw$nE?>gCCSLB2@dFT~=H+bWEL7EM%3#~u)%v^%W5Ud?(8wahgs)LI8yHMbI z%W@$L?oWHyju*txb`dE1a-m2RgML*@yr`VVjwi4~0N3%Fr>w?WR1V#!w!yEdd8PR# z7uCdjrRE$ep*JeIHi#~d&o9W8otfF3nx}20wi{b&r+v@k3Cp8bqy&KhhuIW|S@bYL zINGm*AyP%og+}6jk*Y+%ZH+{)L_j>GnH=MyGpM>(bz@XnXuIsGR#J4cyrn^; zC5q4zHl(A~6owJy80QB{jxAH|K>f7J;Ju0WKmb53&Sg8gqo%UrgN+ zT;)`0gE>U9{50{ZP1Rnaq&6T;f84@Tw!I{K2KxSu8hyq==qKHh!+mzQ7@F?jWo_=x z)CU60B?;Pw*zoK%^EFs<^3 zQpb=BE#X|Q#MB{Qt_Np`(-QBzh4?UHV5OnOY~m3=kWqYTcwhml;}9wBDa&jnmYn+F z`{3Wssr$Bj~wPpV;vlOZg0Uqmm$mF-% zr^4+^S8BGVRSOL3uMxSte{q-d6pWOUq) zx8E=II$vx_!%r*Q*PCaz8oMI3Q_x<6~pBL&Kweoka5v`kQ&ICeddUP(5; z?v&i!!n|g5*NttDqe^kx>8Ac88JvQS^tq4~R_>gW15;Z0lqO|}Mf39y1)HViI{iNs zEc7Z1bOXpDtsQV+BJ;v&@~lc!qWHS%)@7+fi{9d9_Km%cPlri)QBwN#Uqv6^+&6>H z^fX?`H{9djgT8aw&V`-pOcp=eYr)@7q(p*{VQi$cMoY)`56*`bp0|aq;90Bb{h0ke zE`P|E32C4Z9sH^Ixvd;Be%=#~nG5DpBm6PmbtuVQ@p_mf*ZeNe*zE0pOFGs|Ouc<+Z3Z4g0bqc%Xcmr#xDk6p%@0$&1HAr~Oy(p3 zlr~QY%_9bY>B=4(6j0$veL>Wq6N$A~AQi z|G)9CLlbUng_BKeLraHS9CQnkH9^sC#y(666>OB5}AjyAuU)Wo!! zDoVtuQo5o4Pc2{f`hRTstgEE3x*bFL+ytHn8f?KlGN88p_If8-xfKt9MC1cBV9Slz z=q(e!X)+Lr^!rhK;kasQ_$`X#OZ!VQ;HI!(4`*h1w*Q}2?|6GeamoB|vN!opvRCl| z9zeUQe)-?D>vlB2JiozC_b*y~%)e>%qyViRK=*w73-3yvPXUnXnRCSd(5@H`+<|CG z7Rt$gX;*scn0V<>0aj1jcBnb>{Om+u#QdfEB4i7pubB^p+Aj z#5%5f-iD8(V-e%MzsB}p5t}`)brqZla#6MdJlsDdDXc(X5(}pqa!_?AXbB0ZALbQA$%~g( z%y1@Uw0}nF#T$p~*5j*P#Y!bVEwHpHZ+nt!jSgo^rM#?B#GCOy%GNLF#7e1O^;*=E zbwAzBvFUX=_)62>&z@OpG3ig}bKkCIatO5hJAVHl-I#AmqmF(Lb4&~L)2^2msNA`l zHdTxMgiKOz6X0hUlg=z7tA5SY1;_Ly*EQf&HkXo%<=QZmRI59dA0R(`c}vs>P4<&+aWnv471VTcux*Dc~-Uw?I(`~C7$Ko)QxOq_&hIa^$zc} zsZ7>!n(6(C)1E2=KFe(4DX-Vbn8xn_g&G(WwfoTZ^SG}yyN&MX1a9PdgUfu#^tT=s z@n+q>@8%M@*3v+#C^Hkw^ovAZlyslRLEV~wIMY!*kiH~A)&t)F{Vmz}F^O&cADE^) zUJpGtsXd9v{E|^ICvg=1q(tNUq^&B%(=rRfTG}XC#CXhb5Gzi+urdwCRyaV?uAoKd zs;?^3u4Rq|VZh(5^l`pRxdJmL!GJO*NrN(~N#X!A5*2c(vZ4YRf&faI9;leMti0zy zF$IJkm|jlQx%Dp4_6v{3?d1(eDt zNrrl^pgfP9eE2>hGcX|qph^xvz5>o?{DRmD-D)Kb5OE0U5lf)~CG|Q|jDEaUW_4M8 z`UEZS9l$m`G4Rum0V)RXoh*Q$%Vv;2NQJ;F8}2gLLa-?C(+zCBZcK;tKJ0^vY&c|o z-{zUh2lj&BeI{@d(gK_SxU~I?H5QG{~XTeaWm{J8!V}Hc32o`3d6&pd?=>O4pn_m%e(O-5q%tTy82E` zot2CXuQLD0xTrxh%s%>#j$Ouqip>NyqW$_gL5)?L0^)c0<$)wOKkr#opjNOw)4SA%VQ&+MLJX71o7|VXTf6=qF1D-v1%NO9-qt9)j`ccPqiVfNizgdMcEpoQ8k&M;(nruV}45v&Xuij{4#3EroAHA{$)kfh$ zjijTbZ-N-@m_Zt&!I4{INC#z}=Rf&;Pu#KEtHixY+Ar>j(b?wRuCHgW`Wjy^`0Hc? zy!!j~Tju$X;~(-C`Fgt2x-+`0RXne8j|az6%(_~`lbF4%VZEHlM7Z@jS?F7E8CIML zmNew^YA6lZ7d7UJcxLoq2HgrfGKJifx@A}OW;AAu{`{i9v&tZ3lp)4r%pMhzTO@@F zZ99(s*6zK1Vt$%wv>YhaDE!aAbygU-X$`~Onpo@kzhtKLVIHw8?zt)3r#oGo0+Lock# zji)&+)9Ec{NLa~#sX5Tsl6YtMrK?qX)S6Dy2HxDA@yqSxdoi2Gv65UxJh0Eacx*Xj zl@Qr*lJ4jM>^>xGr5LU{**+!h>KoM^*j5r*#+L>{>kG9tPxCEG^dRu;a##%aWSD-C zX=N+TowjK3?BE6v+S|(C%+qu4Aul+l!uW;nbCGgmy$9gVB~JKw$WM z#fS>=0a9`$W&@vPMp!gQ7IbM4LSz4uj=4dO6bv776V~%Xgbk{!dUA@aN%s>77vYd$ z#nJMyoz9k1^=5_saj$dts{{{oxj@*g~Z zp3d4&MWbZH&%9?yzzKi(UF>Kpuz7`4bkM zxODrmh}3fg>*Wk8=50vjFO7wan!A< zt&)oAEfJG#?61GdRf*=$iv70hXkYH_lh<5g6kLZL5Hf~vVXP8zH5}isw=;-P%MWm1s<+X zPhA-dw|v}Fv`Z#Vwd39LjME&Kgy6P+x5|D~^w}{_LjnT#zJ5^gjQ^ka2I!*G?!LJ! z|4fK9;0STi5&J;pfk<;gt*xZTm|k;&?GcRjXs!@4qV1a@6Xv02tgb2LKhzI=6S*%f z*g3>nNYvce>>rP-mLEU=?7If|Kq#wt=gFs=`A8XjVRmL{?A zjnpwcxg4q`g-QmqqSr)WC4-j<7#lQ_LRvc}6B?ZWlJQ>%TX3OLJVD-DOMcQT-4OnmND?zXbb?9^ki^fr?u?t=o!%((EU+Kf%XA@rJ;Ll`4$b|uvwj*#U#>hbK z8n7Z=ESMs=;-nr>xt8)h%npdMT#X&sVlX>BkSg62UaoaAcP{ncI<17tJzZ05f-Ti1 zgf4|CP456wYbaD!9n>JXDg!A~mozCVe0d3XOV9-O;7)M8EAPAaJ$s+K&sX35iVd`FrmOV zDy1Fvib-644QwJ88e}3@6l8KFR_FWij1$sUUhfHUQ{)Nre$^pXcxCYH>%|-* z&)}Ocx$I)X5z`BhfT7V40+X8bgKqQ(&SNseGgvk$4NYgJ-RB zpUO2O?#*cP3o_oU0x>|A-C$v9*4R1kGV(7Mm9+CF=099i*<2+hog-IXImFpzmCqSL z-ZQk(e?m+iIOn@c*D zHP=tmZLBf9Ujl#8%|@Eg_x+n6|Gxu1(3|)Vj{HA>UlLoM_@U`fvhPhipCKMdhqaO>3=U6$gLDqI=eQymYA?16CHUjapFxd!Z^E_rX|Ij6V5^Cf zDsH)UFg-e#l82NLTkWT;!?>T87~Yw#sh$3*|Ey^2qnDE(QB;;3hF@>;pUHUXH~%^r zKY;O%$#{v1Ka=s@!v8uMA72dd4{O!8|7fi${P{U_6ER}J^)^{aU~Dj~BXVrG7r9G!2F zuE=^Kac1{y8hDWirEFgI@8!(iU7)voT0T z%fx(i1zC*Mb?&5ji5(SH-r2>XSN8Ly<@O7uP2T=>A`#2;j0j&3D$hN6 zOt(nq$|Vm1R>0WDZ7Im09V2ZaJW5mnl8w;hygBBW`2lB0E8e%ngNdzyb~fA8ns_VD zK#a*%LoNz(;rDO@X*`9@plY^e)>`tvd_hJhIPlYirxj#$e0boQL<#|OlE$q??Vf0eOQhHAacXJtg z9(T$BW~1sw+p%=SCq3c6mU+CLPEd7L%kHVe&p1^Hxs`gE4gTO0ZGEPs;HtzU_~s&A z@*{W%BliYlOb^LyY(IudEQA6Z*D?azE&a~|K`P{~dg>V(RaP+{iC&JH;Z_6AzK*gl zvZyA8Ck5qwgk>w{%3xTlP7mO+P~YdWY7)^RZJz1VX1?>4NuT5vcP3Y8d4;JkCOK7FUs)cGj$|jk=3|n4E1$Doy85th z@Gkp=?K(8Z=R4X4?c?Z>#5c<+eY(i`y7rEs(|o^-`u5zK+`e}o&!i*D-U-%zAf)OV z-lc7yK#lgk&Kpxlt1(UEtuRdUe&D4#Wnk&E>i@%ZRev*G&urFU_Q;usVHsXx(@ph^ z-C|YWnscTbs!ZBdWdY&}XPvj(g5dF$ubG#d^Hc^e|M%PDKt1EN^z=Q$9r^25?B^6% zn?hr}%UudZQ}iOzz;nUJAHRFL$>JJ}Ca)_R2PO``D)A4A7&5+_Qj(Z=1i#3b+fr) z{hdCT%1WJW&3Xy)CFZQl-)K{r(g=^F>avI&HM4V=; z4lRWvt7~>$c>EXlr5`VaFW2UL++D&Et5f$nw3>$&t5d{78c=ee`HuQ%M6XG$s;29l zQFezTKLC@I=|~sOsId!UESG9xy`U=L$~axC$CmY7u%*D3+rv!31ldy~YUJ<_p?8ddA+xUEwb1O5BbvWM>+aNvevavaDSD1oqbdhoL3|^IB%?W_%zSYU$ zjeAErz9^3=Hn6pf`o3%P2o$nrK(n^y^D*3z-V54 zKiSpCT<-Km=bWm9JwoKhg~W{>Jf;tU+wb-Fjh0-$lXrWTfvchPO9pM{bLx-$`h!Uv z(-rx+9>AvTm~LOlfG>r|U9Y<{JTCb=FXRKtRTdtzsiD+*MwZ(Y?kyQd7>YVgCplqh zT*VT%>1B}6A1L=P4If+1sYmVc5zD$;n#U*GBwcT)IH5*8LTSXVXBw-*ODMJidZnF!y3Dsm6Wb?fU5dN3ci*NCwSJ6e`03Me@^Xe$I)RQo-ho^r8ZLVWvN5qSVC&HYm&V6EN) zFO0W!MX(P4LCHR=fS6^o18>?|F8H6Y07~KmC}|r4prk#3l8t{*axC}{N`6RSf^*SN z(1iT-Xm{g6Y`@y$lC#8oOKbfmy6R?8Ukbr}grxe=rn?wIk6h0CJhF34Kkc~Jq=Zik}=QFvGgp$egD zDGpNAf+}0`M+N~$5USgVBmiJJ80!g_Ez6Z5o*01Ab-wU-&oQ`ntN*p;KD_OoYcwub z)Q6Ra0hR(2@M76g6&r-&s)3?^_a|fF3V_CR02b?exv3=LALG~wXEy&nLZgZ65ktPS8pr$i zBMf;*NeNFgHfK_)#O>)F&r3$xb!nKQ;5;gf2=T01rwZb8ItuRo0Nf6Zpgf<$D=8fhOv1w6ZOOvUQgyKi{P6a)08#i;+zKW)^>|Zv zUxI=0es2Djc3aY3298X@pqbiUR`!z6W`Z=8O_x!sEF1{*F7{2Y7~E6sg&c#{blrf8 z`BUUir-_!;5=+esbmsSZLbcf4=bXDTmGKHyh7egRyEo`vbzMVTo zAwgmB`kdrGVW0eyuR~iL1`C}7znTd@qwB}kbADi4$C<@E>#k?Uv+-Br2g{EWM?$nrrezKGIXjx}wT%4b$deLY0H8r9(N-A_mVBm8}qLF~jJ2JXxgXQO3w^xTrkghXs4 zD1V7yxN-3k|9iv34#Yvz2N+yNavx5Mam*RC15{LiD4pJ$3{_uJW_;eK&mSj~&lQ;~ zhemx-X6n6|dtWtGSc%n$_On96GBPGRv6DsT_fF2j?_Ud4wo=nZgHTZx4Vq7FP6DzP zBo9-yOIv6ZPkGvLFXv*N4@(~(_|`kj2Gva0Dr?!vv0|Be^qS!DF(gBK(+LPezA44u zvRP?CZXl*1oG!iDgG|Mc_-Voq=O_0V7}Cyt&&Yl!$vMs~D+a1o*}#LTR&j=yFa26p zX{+8s6gR_|!ogA;pxW0ulyU%5&^?5~b{TcRMz5&AdIe?qjx2=Ckaqs#YN1}VADhJn zMp0$Mx{wOCZ34st18Bj6K6syj|(fkepm#y_y2O%!c2%0y+k5+Ut0I%nvm(-NKw$7khx{6JZm;g zbyKZY4r4Pk@-Ej5sKnIL4novS&30z{1UDy1$!{g0Q~`HX$UtA1*#6sE>1kR@fa|NY zB#XYHU;0Ho-$9HP+m5}-AUEYxX$W}pDwU|;DOKKhx!A-ms=>JPjCDQrm?zf=ygDO` zYSJw0fp(7hs@7ZWiOxM8$s=dr4a2xd>#|! z{@|KJNxV0PV^j2cqlV(G&-<8=1;BfS8j!N^ElayX7RY^?)f*7JhFf)aJlGwSlo~!v z9DwO9kQ=!bH^IXp`lb>UbjOK&pFNBuE`4Os%D{_8p)cA=tvcIHau8d|fkv$_+ewWM zTK%9`s*b`X-MNTk9PuQa2?~J|a-(5w% z5w`gVyo*f$WEmjo*%rYm!c_PZVW0)l^J|9#x0URN(^{+n_6czn$<3n#5)r=Roz+!%UUun zPeQXjpf7B!*(o0!8$B*|cl8iC^?Ym1O=2W~?7C+x+Pvj&J4a;;JfDOXvXmxc4iLf>|d#&Zy_y!I(NWWo}m@h zAoHW72*KoFaJ`HoD?ZnCnCgA$4mn0|WfTwgujqI9(J{_Owjs(z4ihuwi_)vXtVJ&7 zG|Kpxg{&W#V`gey`mROSW*MMhma(@d!RNZ(hokxtk+cXOQFeL-bz3y(e!{_0V_Zr! zz{qPIj>GN1WA=SuSzTxfjJA|!k8DiON9Ue14QZo=MDL_s@WD^X@GweD^N<1gVZypX z>P{tDpi{*JO+4@@-*~<|vE2R1H9C0u_M@Qzbc$wA=7nT)X=gXah}}z9(hC-wcRsQ$ zvY2*7$ANZ0J}W)R8^24T!(g8gXoy+*U3Ylx3rV3=W-Q1kWcaihFV^TvY!b(cgyt~n z-&Okz?TGnF2%m1=Zx0t6vD_B_&{g!YfaiXhps|}N*liqduA6fb@Gt0JD+u=*jIv=i zx@sF8^1t5BF7WZm_ghkXf9m;TuAIYZuyQy3E&4 zK>5Aq{UEO8Xvy>Gr4}~ZXqSFQN&nsXi;1ymj&N*Xp|AIx2zK>0OmME@_IAzrB6GFG z)TZwIWdmOyycrq!cFXd>?(aHx&dxSIe7)<*3$Ldq@0!~$NR`>%b`}+WiakXMu>RtZqDT+>~Pv9M}6Gby;oE)UOhkYJT7-Q^BbV?>3 zNO`c5w+|jnc?7E9j2s^J%ir?sg6&4DBj83N#EI)xTxZ?CfPsjb4D@B|47KsF^|xOV z;zDST`cXf1R#2+Rxfd^V2;Fst=rl-Q2qKS=y`C&EgoHCI+a(B}ARceh+o*{|t)n!$ z$NM%rcGV?kfLXv%n%IHq!sCSzJQmvxUSY z6`7E(I74Co56!~gWHk+)GSp0 z)GWt|hB1Id2HszIIR&VW)bU}R)4_eud&#Lm!d&%JU96GK*&L%I5(2D1>Z((HR7T&ZE#s`HFJoz`WOwU^r>zvB8$ zsh2QX?+~VBna2)Ftx*ABfarb)1Ch9D7yVS0f!+6}Om+CiVz2XiejC4<{x#n(!q5AM zh@5)p?m3U~V=kFzDFrMmZ(ypsHXd|!%$H%`=>`54cX#9nr_Z~YDy)E-IN~_a)Q%(L z1U&jkZQgt=`&>_wrBvzVH0-=RLcDq$av7$96vZo;y;MJk$-lHkc^?{UmJNXCA=!Vt zX7hBt*KN|sQi83z)d3%7>4XJttN|BRfnXtEUUCU$Er$e-NaANeNs*dBHnVw7Gb zII188Po4mu)!FJ=aDn%;?H&!g>lL@zE@-l`h-%}|mc@;N!|A#)KXF&jUw_Arr>e1J zaoh9RA#8We_qhd|A+#Pc%^(fXOD!DdGe;9qh%4gdfG!FO!mn|!(L=*;Ic*E|QxY!@ zn%95-f(PZP|JSwM`txmC-@~YQZ{VV6Dc0SiSdY%TJ))3S%1f|L6`m`-;!zyl_2|`dN?}LAMg5c%{1|ZuptO zD3=t({BUxUAK?b!-RnQ{`nf#*qxSK1Qu0rpgO%IRI+lnq7`E}BUqg48vbz3700~SD zsF8JZAKl#Vx3 zV>S9_VgfT!O~+Y@T){&Suc8%Ko6PKbcneZSTlOzSlpbncfDWZ{2?*6h+~K}_-<|qj z!gQa|fy2+R#U_ixvQUeEUrK@>{a2Zj@9BEAT{eK7gs+`}?>(228&~~8zo=`_1T91z zE!8?koj0;cf!~Lqg^u+YLYLdiW-ut zHc($-eY=U`$B9x=U`P(L)0e4~Dym#dO5snf&6$Bu8D;;Cxe=$9h?` zsG;NzeZj=!=Quh24W;*>ng0vXW$iA4C+(L`gnMGzpEGuLQI_BPpzat}L<_*7-3y!p36b z#-eL?1566oauyOe2mG1`BPXYOMLqh;9%P?P_iF=JbdHVWvJj1;7&0Rh$(MFKUa z;DMMxE0pM<7GQQ7&lwtw2;!y#IYDgfjiHh*mxykf$ckcjg7ty!2Se58kU2&iHM+D=$XFE-wB)c} z8kphmqcFRY=~o#1cYieP@;M=qCm~re1&!($EcLb%yL#mtBt@!U(Yu$?Zc*R;l;f0H zzrf7K+CMgXg>!^xN7K?diwSa-+8#^a6&ualD_blDNf<0qo_D+n;SFN6l3_={7{uvb);76x+i|mVZfIE_U4B*g*C-nOCLWjEq-u$V0Pf zOTIsDu(rh;-*fxu?`(HI)Lm|j@u&!$lo8*y+t{RTPVi_7oqUKM-M!tZD@4IHA2>4> z)bu=2U*&XBo9`<=q6-Xr`qJX=X8x4sX*Yufs@~CwlXVnHDr#{ta&iYG?#t}doygK z9<$xTPL|Wr%;(oBXQvk91D^D0)(eSI`>K>>rjc|uI?R?|RUvZNtXd?l9~VPOMs>1d z6)uqOL&-O(-hZUMo=#taj-|bY*@D)!I$mn>6k+A1~soVoV<*tpH{#p?D_($gAi2sYs<#he0 z%=P{wb5S-`o|yO~(?9G_QGd7W75fp#D>Arl7}~ph+SC@F&p+vM703^W+)3R%o5Mox zi^@iXJ}s^~m&t9V4tb4XRMt&953nF!Gq-q-FWh{}2QjzJde*Ftp0yw`XcX3-bI=5L zqnMj#ns1a6qlw8{Hhp=M5({@p7sZd>d5NlFSOFkxk$hXX>$=J@w-1L`Tyt;5u4yR9 zer!U>=K%@VW|L(~i^8j0-fb!Ewdi}hkwCFw!Zcg{yy>7GDdW@2`Nk;>Gtq8x=(3Z#wSb!~3`ghy^hEFHwR@agO!j?~tto z(yh2`2Wk+93e2$bQIRVcQAB#lVa8^N1BML^byWiQ+LOoAZN8(>9XCZv6zIC9#p}i( zkc&F2Vq~#)DNTN7_tF$y`MWfiMwn`=dc$Levi0fa3f9x{a@puy!7kk~KO97W(zA(1 zfU*sV5@D_OA)-%-!LMI0I%Wnrm4muiD6+4WJOAIxb42Wa%5x@RZM#F~JL}|WgvF@w z0`opt*VetO-S~@U3@FKAkMNYQ$wCH`yNvNO!~*kp#at@4R8JtqUqX2nXS>XZfzmHI z{!ILDUvOUN-&>w4-$w<>nHPT#XjeDrcm@lFx^DJsBy?4r*Qwcfx zRnV?@cqJeX&xIY97UV>T148RuCDF4LhCo~MLNmCjx>jzv(l#7my9iK z0wZI{(3H$L2vbt5lX~k??03I82L1SQZ)q9K!}F(9mkRnN6cuaFO2rR$!>SwLJ)PHU z+}}S}1YXHZ%U^Bp)VBH)Tbza?T#4ga;Ub=TT&u8^q{x#OJQPM4<2H0l>-0q*TWkr2 zZAiVt6ZuZg_%nAY44p=)Ds~HfGwyrh?VFz$3YUGu=u++>$JE9@A}-15t(9NJB-gpY zv(PPO(fc$BY9H-p2=2u3no`prL=NpTjvN+`MWG5H3kZr!Qf{B`df~mhJIwe7MF*um z2&FDb`TNd;DWvIZH-r?F6tj~X+0&&g?KaZ`j_El--kCZkm3Ig!&ps!EZk;&&ASes3ke70N})PS{5UpCu%i zdxFnUrLj+Zfl9M}?EoZ{xKm;9?LIl0%gJf2@2K8nl_KvaKfmpmCc5Y0a zq~(&RS16HCtYzwBIj9+BBz~o6uFT#=2u2;*8d)U4e-Ny15q3#Z1*C5}EEV-)X}|DQ zOSqqs8SG{9{+~)=LVh8@C56R7w6a|FGs2(#x)f(vHQ$%gj5dgYGNFiKmdcFQx~)?5 zQ&KNekk+z;PveQQ@)A=abrj5okUXm0w@kZlJGipK-i|Ds2&IV1*eY3sql%F7$nu0g ztYw4IwV}8_Wk9FE&_tJ_P*9fXs|AAee_Pvfv|Pze*9K2tn$l{qM(VGRBAiN~*jZ1fQ@B%n^nb z+jog)QTQfMA>{_%@q0~~(%&D^Hu%-S``~>Jp0-0)i9Ia_c$cA(eAB#U9yYb0jX&3K zaIp5RadS%cHmPAcbGic&mci zhrjQ0DAVR%{rT`HBTl;BKlXP@F^TcMs;4?0>gcPzs_kb!I<~l$3?M7jB6i0$l zD;mcfqzk3XJimB~Gax&<6b)uS=RCje`0fEWtD!dEz0keT%C}6YtR-ixn^=T#hkxg5 zV9Cg8gs-~Nz0tkV%10ZbReyHonP9qwb0PvmPs99}*lvEUM` z0WQgu%Br*&6rtRi$@?E@!cSWsL(IMU$KJjA9}QP-+7~vVy)e27PYu@f(+#M%+)GIK z^t#tbrk+Pbj^-g;pnky)>nnp?u&1Pl{b3W@!RRF1!l&{O!&zJ~r)A()2-g}I*ZI*@ zsND7zPf*+JPY5@teb_1FT;B|6;oD;2TUXF3Am`g4+$`UKPrsJEbK9Q8;Ms#6uX2QC z@pK=5z6AP>qEixNimvB`F5|kue|O$#P%JY#B%T(g@HS;Xcu=kkA{GkIkPL#O6N@7N z#i|30KE;!JArHZk&82}5+xM2I+Znul1m4a-8UqhwBS0ipydk+nHxd3-GzT7rNMud~ zkr^VA&8vba;G|I!1eic0v&AIs3`Q>9zii*Y)C3Y!g3q?rAnp`(;m(ma@VmLeXXfaj zb$qCGK+pem##0sKSEA5^i39G0@UOx3pKqTd0(m)~fxsnIP#`!E3Wxx7$A$npkA-j| zL<9YG?4<|1s?ek15AK7AaNK=IpfBkHZRD4T*40Q+V#U zd!P5|eL{}ox43*t!mtgj-~~o(;mB9$oF$M9bXg z@)Lt%@xCw*W7D!?;cj>Tba*OK1?u6vf7iohXr^#5p;T^0ly`5KiHgD)z2i(|n9e{QeM=YKVANJ;|B5x4V1Z`K zDnaQ`It1&E%#N`B?ig?a$n)0@%eD9KD~I)b>Bjn6m=TI#s@EWdlJZO_fuGU$&QgWT zBVPIG($e#`ddvj!kh+}Mty!2NMrCdKx{W|{mH|y(9v18#*+v_pC zRDw1JW3z)r;oAptla+Itn%m-Gqp=2B_boL6E3WEFN-0XdheOZRpLNU~xZ_fle1GP5 zKKOexl!-}xfC$iz|Dn&X;i<5?y&d#WXVYx-Z#cnP^#><{qZsRMpUE4`^HAEH2$|8K zpJmAiiG&_=o(u-z3o#;sd`qDGxK3{#_qKn#UOuf*-1T?heM$UH@3O={rg{Hm2~^

      PO-kK-%CRflF@KAhpe_SMs^t|7~io`VgUnm`W^ml=Lsx5;d` z$JOMQ1B^NU7zlX3p!?+0koCqVXJpzuZI90PUJ5vy+GvPjwwMpqZsA?g@Fo9a(cA&o zq1E6HCC#(vw9mE z*!cN-%7Wt97ZawZxQ$RZ0{IWr0kv29j0YyO8799UHXc!ICde4?I4FFX3C*_(&^i2q zw!|R+wb5_*&qlv)Ine0upMd|jM!))9I)>TPvjol1i9>}gP1|nIlSt6PDW{xS8;Cp3)j7H|s%&c0$-t)5N_8JyzSO!%`S_{W4i;y|P!66%y6 zyMVZ-XKUKs92wQ_N$Yo;M`%~q2RT(nKmECncHP@4QLJp8*ShNuuzWG3GH#HmnG-iW zwf0eDQ?r)CG^rT>vD1Hu094H{HztXRR)8$dfc`lBojx|sX)W;#iFDzRQVj&^r#wA> zQ$;VGJRl~@hO|tcs6CoHP&+&8^aK^(~TTgB24~5Ho>-~t|f^9!_Ha?CQD-i1VG6f0*uATMj(e2xg?|l2ZkPRz*7vy>uMfwL=c1sYl zZDVJ^k(&Y>y;s318`}uD_x)}en3nJa4?*m2NCQ?edT8E|VM7Nc&>=xqaiZk!pPTY7 zZDK@k5q@m@QHT~~;MmnpeO2s+b*eRok^B$Cvjvh=Gd~x$3LXYQ|Cor%;jv&aDNLhA7p3gP|b9P)< zOO19mW-lthrd9v^_1fu|^U(xZa<}$mdnle**KzGD6Z5pvdt^e(eXU*xBCKF1&Ao3U z76G!1(X}SRU`<>8S5BjtdIX;%oga*Qb-5ZVL+K+nn)PZ@KHvZN7LY#t@huqZng`lS zv2=u&J@Z|bdz)`RaH>Vx=(*S|54$+hW$^Tk61V81GbAKgwy67r<#u&c_LpHIL&%h| zl_110U%4Mv&dS+r{e!`zDF^x9&hQ_m4r zsN{XUx|Oivn-O+~AJ&2EiyYMV!D?I|IH@sT%H1FI{E@;AVC4l=>8P$(5hd#2IRz8V zah(6+Avw#GkG_?uJd9cgxYVWx^XBS&{C;jqZtzWuZnYCAbzVi}T?%zxqu8z2gOqoYw@9lnpfX5 z7+7aO?SMu}3kc{414YHJyCAhT{G&>D)9*=}wKlKke(K1=U(A<7Ud$KuqXp{AB45no zM|CmjV3NGFwE`y(q#yAh;k(yPL3YwopQ%IL3Vj~@WsO_;sBxvG+74Pf(y*3)yA{Gu zFk1XERnQ}Aq$o%Vy)CHFRarLj;BdSIEEO^55I|o+JaD|X84G9bX0#A?QQDJL#QbwC z2YRuEd0A*^;jM!7QvYK3m%^il+^)nYkhP3Ps1cS{suWlBSgbxqRf`eUyh_N2r|F3; z%5oxx?TN;iG~7WrBOK=3m4H4TGpY#;QHvQ9n_>BK+JuaEY{^&};p2s^^`g#YR#wvV zr@1Y{d?8fS)Uil!;~AI|a=rpMKv5iYFT+j8njowQkTDw+tt`;!`9v_Rs`Iz?f}sfi zgEfhYH7(FAK%$`g@eLh4RWx5!TD?u#W26=?O4gV$RJ0YrVNn}l|Q=yIvaYIWmrctOh_Fa7q+%FEDsY5Tu&W5+s)(X_+NN6 zaS#h4;n!^Wo%Z+doLC1wgcYL&F z#K%H1;N-!C>@g1#cG89;Me}PFCgFh&wzc74MSGe;{USD6M-t(xnN)H6DnuBIZutr5Rm82+?A=#gJ{nXk-v*vySH0NPJa;s+iRzE_kVzhQ z_jdO#;|CkaAowQsAb5G5d3({5Pgax}8<`kwF~-GJ7e!VLU!rz&+;()NZcbmnV*@Od z?9jh8k#-dbi~^$yt-Bml!b=Sz4_BK=)FTgnsEDbb6-ZqV(nCRCmE&7m3D;D^vE|>Y zi-DZmmI+HLGW8;7?E}6zAkfbt&W0r~T!&npr`^2j(%Y4w;7a)EB6rk)qSsfS*H>3x zCoE)Yc8FiOGc}edN1I-7@84>y=AUq?)?loBQ=<`du zCd+joanktKfDBPv&IM>Ds%~0F)L0=bX4V0GwON;!53ecmksORzdA@%a9BDgdSZ_@;upS zZi&)!1c4D9$rLuY#Tg)oQ~=HB05sbH&}(vu1NRXD_X(hQ0r#EX`J8(ZpL;=2Za8;uXFz%h*uSa9ffGgnKV5)Y zx9kX5T0f()w3dUY0H~7(pf0_GH~mTY;#;_*VpK>V`AU3eKKJkojYEN_j@M>bcz1G# z2TSiN`u}%t=T~Xa!+-U5)(ro1Z)f25|F7N-g*r%51!Dv~>pqtt&x8lD7=QW3@dC*j z_AOlR4@X^!kzqHe5x(bqgk<%^88)BQUgPqS(Cm{nK2m>9A^8#8Iurdz<>B*`Y3)>r zO1_UxI1$&iD#-6Rbc01EKk{jjY5&9L6lGle5t{F>o={YZ?5;tkpTi+{9H!@Np2-3@{0?Cq8DTHbRQGJm_OhkmN_Aon;O~mQ@8*yg*s(0 z?SYxr4ciCe3PUbFU?HiFpvbW}5#TBz@2-9I8T%wCc6!?Pzi}@6Z=6G#qhbQOL-WjF zkfh;r%U)@AHcigWT>PUxXXEHkYXbV5n@Wl6%g0M?)rgq-{F_>$igu6k)6Z=~Lr~YI zsVd7nYC&>X%e?$=f(6PEGJ%O`>E% zx_@W7Sh4@abc&_J_GEu7+w>g;%O@U6a8UP-&CB{v&Fd$Gp7A+X50;kH)ZdatZjWVd zTi)~F3y7>r-Mvr;F|!2D_@B3bdS6XS`RnleEnE!(IRTKF#s-E%n>-rTQt^@7Zg}OVqcFx+Jr|k3NsesYnWeyVD>~(y4y~_#F)W(l z|5Ni*79^jVodL1mx=7WBLb~j5v$LJ)0J}wrK5UvM>--y-n{&*@vfO^h2s|b#o33J7 zfBvP=uda-gac^k?unEb>8Qk_U_SiS`KKB0!bY&K`w)fQ47n{zqf#fjs_)#y2c+CmWg6w)}v~%rGKg=bL=hp z`A*1c5jBgvvIx2Pk2#9yI-t4;A!_j3CPZfu;C%Qc=pKo$?sUwezr0gZ>n*tH&`rmq zC(enkD?zz+S>U(LJhZpByYY2AHAt!YeAD^$82&nLGJY!8H?-|!Z%+d3z1G2rvmwOf zaW%y|w=%iRDM)9zNo6R;+tWi4FY0QB@{)w)Q=_|ku%-M7EiKVPsZCB=?W{0RQnt*Z ziaXs9<20?6Zl6Gm>Whx!D%_pCTx#xbSNU4+)?WfsnLm26r51nrn;lIRL5wL^_tR3b z2Fom~x5THwiaj&rS5DWKQ2MuI%FKum**hM2o@=l7_RzDne#Z$K|n=Sk4&lurADm9j(TU$noUO=I+VWA zvc>`#Yvk*U_lKwz1$;v&;(_l!bqsA$f7|lA19sb`HAUJ0YjYjkzl+BCJ_Jo-01xQk!aWDZ<;Yl(mgU^Wcs>w_Ugpy3}vH zsmeL%*L&#E4LQ1azT*(;Ij7BB=*MnZS*NOy&pAphD>O`HbMJf0YEUT>Uu+q3qzY`( z)zzN~Lw$773~U|)BdiS0b?XP`&LK-f7e!A&Lu=^0MSDk5%795y8Vm_vzR~wNKG!6Y zV++DGMWIkP#VtILrIt?==oK|A{N}kYz>TCwFjer;r;c$yN?53wUdeB+Zj4JA0gvn& z!lcVfAg3ciP%SgdbAjYx)8#cl$q-af^2OvZ@=c*5yJg9sj1wxhc4-TojYSg(FW7Ut zM5GPe?uLjyc6}-tu;l8`jZo$N`LXMr3!4i|A4YG1U1Pz1UYC%a zM`*7;kN3q$cQJgeU{YY*%EkWRP7}-qBW*nFn!%{IaMwtN6gFE3PIq${Bv4LXCc_0v z%#NrLjwPUVP-oejKS!W-w?fc57t}iXmBrf}7ZV6SdYX9Hb*6$S&{HujcpcQmm;@03 z^>pL(M)7(Q$(_GXyMuB8#c&sDJKCP891h$y+7v zJ~<9EbK>`1dcbqA^vv|;_x(23PkbHhfurJU1dnGF>Kjg#RBVPr;1 z**z?gq#vAk`SsxKwAtkqJfjJ-a59)mi~~0-0it*u1F~2hvpa>d-(^{=cLpA`vm4&P z^m$w`jD2f-p8>rO_aZyU_k*|C(ctF@94fS>uDE?@KxhFb-il%PJ$<1rX=h>pC#ugmPsWR^I#2V)_<7u zU$WU~!*;?Z!ns;gK=n%HQ|+`W3c+PzlP;v=O|`LM{ci82s8Kk*i2!L67GQw!RRoFv z8BfqdRVOhEQ_N{A?qSn_#kxkQX(S79e^W4&UI`qQ=;s8Xf%#1flgzm7r}85fu>z(H zqzhkjud<1lC-U7P8bOsS~1Esx#z%(qYC4e)a$_2?dV zu%-M%dwfVx-4+~qrXM8Ve~_d-l8KOrQ*>dB*9Slw$+Dpz^h@?3OuTpe>O{0u+8p>r zr*8sQ3fDW4L-*al*mvI9RtM-9yr;>*k{iepb_KnLR_}XHQ)?ZTW&4*@B;Z+)JTJt& zpN?UofxZ?h;I>xKj5}+{XR-(;+FI!zFybevvl=8p#P?pz%qPAGDVTK&dd4B9y%Rvj zK`LpO52R`aKl`0B``=-zApqC;OgqH+Qb_RDN$j9gaeH}Y;qJh4PSLQ)^%#0ta`V9E z!BWU>3pZGDxqU1%%s?t2k!aNsdfaQI&U>vnDM=Kcj{@8M*a44^_%w|VyneZvnpd3N zwxC!4SJ=^Dilcr`NCJ3xNKPSv`!W!CNYa7tk*7a6dSknG8E)b9NP0#*VS$KYDS^f4 z;#k1NRHt85gXr145Wh5o6ZvLyK0zOk`tl_jS}Fk?^|<}nfN|W7UD@JlLP&Okh!g`qb=H0!4)0?oPpxtJ5YcSAt?qb zx@4NZ!iY(D^QhrKsO-D@BV@(6@r>Rb(2ma+vpC|9Z2k^0r1sv>dVfTQ?y{ax2k0Bs zd~Xan4m<0o&^t~b5ulJ~bRYtBB@h8E5;GWq3cG1_2u`vV7&@$R6_9&%nP0{^@VsfWkc4d`w>!2{~(ku+GN z&_Pe&PLfpMZZH8s@D6&v+(U z^?U7jk|uN+^XQsMH>mjPAcN*Xigd5cWD&ifwm9sC$C`cX8wiQ#2i*%-+4NLBsP-~! zOY(Hyur99gdS!gMNv5a%xsR{~XS1mFfX$lxp62juUVUUgQ__mFkTD+KnKm9THhCyH z+1jxoAAekJL%(Az4o;ZDsRG`oBNfuTHUr%cT_nd!n!?q)kV=18B$o*cij&-92R)Gi z_>Vi%$}3Vd^qX8hYEh;?Jv8a7j#B8kEaGOItX3j+?N3a>rgSL{ z3WFNi2E?~NMGV|tkq!Il^uYn>4H1YR$Qwoq$UB@w7TEi?f?d$3=xc#^d%0cz65a*K zn=m)rC*78}fFC{;wtz2epf8ZhVePa|F<~?dVx{HfGc_EAUU!iJ|0dhl8hnro$Q5}( z=oOpT0?HMey(ls|7f_@+Hk@1Fv3AHYk4z@So(@qVU$-(4hUx^@b%Yl^nS2oVW~s4P zt_?g2vB6)Hly<*t0$*pFA0Sro2dx$uVeif-#^LISi)?=Deq;G&(w2E;={HwG#$i1bDNH!rkaM$zKq zY)vi>ntlcOKbk?%VRD@PA$EeZuYb9rm4QE{(%d;dN93aOzJyQo@!e`!i2P0OhQsGD zWvH+?7iOSc%Z77&14Js({)$v;u*@3$JyJRG{*Oqd6}MT3E9z-K_zlGtw%TmE6BsdY zZZriZ8xk=d19Yc0{g%3^ysyQE9Dlm_qkl)G&=z{ugiBie1zwPpj^kJ8 zB~MK(QccE8-pL8%IwquOq3vvRBYlbzIli?VKB=f#CP=-#w;x!K;@ zY4LG>D_G{|=H@)jgljXAZyP2b-n{xZW+%>HW~X{fJpnq*GU5H^Eu7C+-fWoN=YF~1 z{q%>xFf&`Ur@(YNl)%uYQ?5)-220U&G=SF`De-r&v+(a;XLh3!-(Ozm!p#4#UZ-2b z!asSPkAJ+*>0o_nXsj-Q+DM>A`kLVC5?OFkZ|;RAM#WcF+0*setCCC$N=|LzoAwio zAI7=D*&Nx>-L|+0f2#-${@*J?DQksq|L2O3P#~ZpL`e-lyQzIe%GVeY>gG|Ex5n4I zk?|3y46FOKkqG-2hmn3ngw6X>bC(~y0Ra+bj(z>=AA!vN2@uFo5Qc*Qg)IE5_rHcG zzXHOONSCYs5XjF_GP3t*ipEG}GX&-;d0;*iU*}!-vQ<#0c@=YoBe~8p;Pb|Wc zb!Cd~%@hVAROg42gkN6nFR8VxBZO_XsXJAbwmBgrrI3f)-iU|@2UhLHjJFAj> zBDxg&-PqIgu=m4<7#z~AZ|g;Wpoe9)q4FDwQ9bTEuP5^yDb3H!PB){)|vv3R|#Y=qBr6_*N{{MSYs>5cxp~$a`%rN2^d|u-aB9>tm%&ouyR3|&aSTRqMXX(+v&UIK zJ7AlM$tZ9p#-f3ykM=+q(XdUn@pn5o>{oE|*^&WP+94aXjshZ^XdQOi!Ac_K#YUg5 zFg{uKXCoaILeu20+pZt)Z^QbE9=^ia*uuB3-0k$OXy~)K=2?Qqb>Ynn-PW=kgl!f< z^X7z0b0w?bYtyL?!nD8p-!ss=kCIlJ=9Wp-=$|vFx}-;sGYT%=O7I60+epYQmi%@5(#u$adg1$W#-@*_N+ zbsqop_-&_fH7kTU+Jw*Qv%xFWdFTD3f3?$wlrMhBA9fiYM|FVM$of4k6!85nYJ}5# z%H&5$>^Tt9V)y(z1SNiEnq+JrE&HU{BJ+Mh{`19f;^Wb*?h%LYaKPn~V1x98ex&TO z9p8gP*_LUV^D%i_l-uQO88YQ0^P&9asgJ5GYlCU|6^8E7t>lv$9jw*ho+{(py#-7E z*rxtjIbCh8zkvBdg}-~1szTgV7tGl2z9iiW0rtX=Xap7cx?EjkwT6{_s0qC1qn-<- z*o)ZJ{9nT=YrLq=x-}lYo1hnX(g}KxDa}C6(R(1y2#2t}SG6;UE4)2dwfN2my^MFb zR6W0H1=^*9q91Qizg}SUKGe#s2Pa&5L`vMYUjL?qJKCm(Rs&0pOO|el{!p^&`L_4l zaZe>vu0!)1Io+A#p1y2mOT~QXIIGiMFjwZ&582G8S~+rWEhlmwwPyLOZvFxfU!pQ2 zdYUO)9s>0BQ z`-izRvF*Vm6o0gU`6w1*nRzB)8)ru;T4@V%DOxMVv`nW5E&{jfsG<$E&>ql?yb`IFalKoEsc0%4npFT5PR^zFQnl(M}sD#5wsmt9rtooka_U1EnsCjM}I*J zL*!5te{jtxY2>+rC+}KJ=WvOiAFHNwMaP_vE8edK_G*6AidzA4+Scw1ux3!4|XIZH5DkN*5vlQIr-y;`QISBT6MbEJ+cM)X0 zAOdYl`|%cC_rp)8E?w1za!L4{x2d|_zy3XMHpg?;@|l;%`f zP#zCKA4x0yyhA07no-q|lByNIrhcFHCmtK09jCP!2>%wj;fQ*?N zG!@e4R6v>~XD1aoS0>|DWRkd{Zy#^+6D zfA?SgCdBJ3KU${ul+Xf_ByT3o=q07$HLnnK6CXGHB02k|67Q9~(BD3zoIoDddmd&{ z;8#Wm42E23x$hpQUE;xF35?Km`v}IX-9G+&74S&ZcvZkf+H)O{$=6umDS$2A z`cFi?D;`$8s}ytwc0KE!4VW|8S23UyIx7f)M=4JdAQx(AV3%^3ohxMhp3T2)+*-IF z8#KC*`E9Rm7u%(9D8%|h=na?-247ZPg1*p{W?J%YXCOmstEg&uVZkB*x+_N*sx<{oL_8K7QRZ+syeoM!dS2lVF-3fKsStFKsGsZ z(?4un&`wHb^*yd-L={*}LStjv?4tfzp zgO&`=sNit>#h)V)gHc*H9P@nbmrzo1#1Ive{*q#YSt(Y%SD=!ka-ip!VIb2yJk70A z8ZxU!2GvL$%8Gx|FF_(3v+iYb>vOCbG^kP^*-nHFZQ(wOA7b+9u&%K02QN} zZUJ@_M9G4oU-M9Qn2H?h86>ZV{5qdbd5T4&DxPJcWs&Q&AdQMkqZy(sAKQ_*RsWEI z{Ze@ro(e=61|2SYB^J6N?UEz4&6^Ompy2fFXTu|K@}h?hFofD3r*i1E>e3|_=+-_nAk|8B^#I$At)Y{u3^gt#Z%}aX);ZpcA z>f+wB#BaOng4Bm0s)dOFIbCU5U(xwfs!F@AAtHYtKA@Goa>HIf1C-4JvUP$cts*y)1%9TgeKnOmo6eY&Cs8!-0k8+KZyq0 zXpc_|=@G|7u@BvqGrzr+`FNUV?#|oUY~bP`Ky1#>f1Enp-NQxKtMCp z9E~UcSM#~D@!y)y=6R;tn@xSA_1cz=Hnj%S+y9CU0|;wQJf73v(^GPC?&JYitMOMi zr#CwX|AxVV$Mp{ehYE;SamF78$NwQtYyyZAuT+h51H$Z|x%+y$h+BX6pjS01>$QuP zB>$g#(9md+|5IjIfrrdLm|@COf0$v8_Mr$mGrz#YqHz>nK|G$q)|3_YnuRYhP#SgT z6S{COf2_48A%7)A?GBGZGDhdR54}tM1-pFncW9XN{{$Ka@%(>=hUo#IVXcae{|pV| z{W~-)W8%LI-NZ${ z62Dkc;UoKo;w74(5eUr^qM0Z#j6ZfroAq9dmX@%Xhu-JjcotYQ|3_XI{Uxtm4nQ(ng-{#{0-u+q__jg^-oiE#^iLg~tvw1J?>yQZdmtQ1~SWU#|ors8qW^6*)H~F~nw@dACSI=)Mw%KOOD9Tz~)kt85fZ zc^P}GIn7rKkmojr@wFT>&L85VJ_Yoz^_)Byh5W8ntZ=nrPuZ~^{ZRP!L_fsrmZKDu zc;5=&KkMWV(sewUvVuOnnT!<`ByP{^O|ru}pbuQFkKl(J?x3pdMaCvIk;iYS4mMaK z{q4U)EOX__to%$0DA&DEH=Cs4bCUgPOA4;_UV>!M^1>)xyV*Q`&CNEiL#GRxQQD*l zGzF9a%ppw)l#z=IYC_#sjyI!G1d>yK$QA87#dPxkGy{|~Xk>!~4b)(%F}nHYmw$6x zwPW(BlO3*qRY?o2#!@*tUKkGf67K9K!5xEKU5rulC8GrkFkr^Op@p|5^(w>LQ(dKd*n%Jv*X0d~?Q6<843`U`?NEpvN+fT$W6@N4M^ zUi5ndTkB*^cC*++xmzxW?am9QfudHSWAo8kgl*VJG z_Wsb%Z@WOI?5mY;nuU;d>5H7)-rlTy+{}|Y*Y^utc#j_MAB#^<2hThA&#R?o&P9XG}J5SzO<=TGdZU6p!`O_~Yx4uFo_ldE#nLCyJNaY&g#f_B7a|Ds) z&f5K?68BHv^~rSNc~m}4fnc=#equzKdCFP9%kNJOM1)a}D+f1t|x%!xHTD=U@Fbx^@3 zw22^M_PMJajz|qYt187Y$w@%7`q5KH(jiDo73{_&kR2rK?~U&|F_Ul}S13a!`q&^QMx@-D^eT(WFoIlfHd~& zV8NG>(k7&rkt&}?h)2a$OFjtK$e9mxGdc~s9VQWVfiI3mmmV!UN|dBd7*d<0q&`SZ zMM*wP*C?o9nnBxJXKGmEVWHG6^kk8om6dnP&`fG@#FD;UG(4d?sFW-nhgXeP+Ew!6 z@KdLhlNfHa)=Y2E&%9?dD@-hCmHb}r_>rb`{zF7*;c+LIsraV~2Va6<0=N{f@@ULZ z3@J2oNydcZmWbq3Mna9yRR(7zTd6c zWM{lm((#U@B=y0bq*)`UTU^}qWIXC7%ZbBplES_;1y&7N&0Nj7G)}j~16E3>L=rZK zy*fiSN+S)W^a4{coL<|agv8)__2B9eD3~D_v{B;-v_cVtMpYh23vhMn9!=n-uoR36 zG^{zVdR5;$tQ2bd1-+_~bZRPNF`#f!BusUh9(~5*EtUa@@If(J^w#3ZHfh#m4)N3A z`lWVdY#+vJyDw_EKWmMGt&cK`bze?RbX(pYZdy+XoB7eUHyg;8`A=IqK0COQsfSCB z-sRg~5zn-M3iH>_uyY(8soO!ymMUczQGk{u>MHhbJ+{{h_O3cQ#~d+P%@~|LGX3NEBYf{S8w37pxh6D_GBy^4FQ|V^wzBOnRdBwA{T}yQ!{uJm1mh#9QpO{R6uQ4#r{-WkJC<6_8jJJ9v*a0hKu+aF*a^=X%sY-+Lbb*?{kYS7!D8nc<1A``{Dov*e;b z_$eMF72UxC}!NOU8+To_9yPW9Jt*y>8$tM30nn!!rny8F`>eL)7;qn7D^ zP%}eN?CSr<9yN3QV~?8Gf;6XcvMpmIfISnD&JY>ktZ2#*{v|7ArTyI^x#j*YD_NQT zl9l?!{~{})!|s)Wio>+xIZ|U33Nb`wNwhNlo|~)01fYG7{B#VMI8o7XWxw1~=lhzH6BGNWnj#fI zcA8T%dg_Y@t1rrZ#+9CbtrL(+o6?o|E>Tu{r+n>}_8e)<^Cu8Y(E}K==AL=U2&yAeA42yunvHL zT+Tn3U(nafpg;g$fT_?+Hn>+dm#XZD$a=BsE-zBmaks7TT&qVXJ^dRN=Tup!^B>7) zDM{9-#K)_DF0vM`NBt?X_B~75i`+-wkAMNBXDnq*o#c}^NX+c+Cy6!bDjCQrpP81n zHtv4?Jc_6L#&E%B$MQ9vi~J<>xu>s3@upqV*ztV=x&1)OKj4onCAJe2l)JRUM#?Q2 zb&}+K%KvHW*6?@QGd91eR&QcErdY%#nL&0DbPRe~H-Tg~{2TFk{(H*(oxJm7b#+wo z+Hi)~V~&@P_v%Yl&Xob2zz*z0wj=&q)nT-S1axcD-FvUapBu;O6br{E+=l>n_niZ+ z?=CnKewh6d8f|`u>K8P-HW?I()w~ne-F^)q|9sijL5!e##P5iM)3o_7+7n&+|AqEc z@&6xdPip;tXiwDszqBVs#B}g1KzquIDgKl8d%DQ{f76~nLKzMk@Vi{; zz6KUo{w)SQ{%>Q@T|R&q^fA{TM9#V2-w`>re<5=2RDQ69e~v3jTheXyYVj`S z`FUE}h5Oz^aNEa*4bAhaLzu!D{2&y|k*lACTZINIZW@H*>ogaH)T>o95qYuxAaWG{ zAadYs>N-#(O?Z<26On`bcSOz@(HPn}0{=l(b!AEW-5@V>0akYy%sRThA`+w$O&+~L zUx>ofkjRJU^*8oGIQ3+Lhdv|!_NKni?}x0q^QEM(ye}8DqF-NRp)+Mj{dxFK-F20* z`9}QgqxHzF5b{>=zX%@AWU~(5R1hx|wbh?I4ELRoJ^Ix$v=Su$0`B8`Vc)G{n<^BX zrN)ksnl(BzlTsMlB@aS0>gt&w>9;M!N!4M10c$L!SL^)&^~HT^6aQ*4Tz(ckc;I`J z{Llr;E8jKEwGmeSsSbPO2_$#WZ5E}`Q0&jOkQ zVuPrDZo-C8y{A572oMPvNdw~9!F7a_{)~DxY#JrA-8px@0z*XFy1Fj{cX^_DjqG~L z%@>7efagsv@}X*Q#M8XORg(dW1$d+~Nz|}%w~c6wqy9XHEcPQj#}`|yorV%1Iq5Vh z+chGdI&I6}VtBjAB%`h!LOF?fG^b#WuG>LCHo#kL2wU#KqKM!TdBUSsBg8n`9q$SU z;ZZ=|W*(5gsI72!)P$gal_#`?{-Oq~Qte&=ByVNtHQk&Nr&ur?Q91={;DJlf0ooj} z5LiU^Z$NuwvZaJo!Z^v>boe4$Uyqk8zx2@gZno(?MjA45=z{r{1CVWK3qZEgBQAJ5 zeb0MTy=uLiK~Ozked&R8Q$cp9&7{6`@o{(c=pV@9yamJU&T{*KD1($ZB9tWXVtEF9 z+H$&wlY_luFl8VN2S^9{W&tvtvnas_^FSF*z#NBJZ0Cjyn!r1@3Y#NUd*5&=fIMNI z9Jha&Apx$RL`i8AGfLVgTNh(JgbjrCuJ7ahX^6|z z>+elg38-&EHUV!|m#nbWWSG34sUrG_bfq}!DY9X%UR7biB2%v0=l2E-s`6i-f;)Mz z+=M=?-KK6UI?U3G7)CG7?v}^g&9Ty_;?!W!BKZ$WsNk*Y-|e_NDI1#s-GjV~&D*}_IL_EwI zf*HeZR!jWU6-R%TLBX(4{B#%DRD@%YP1f+%=(_Ufc!q3RzX)+lctiXGA`)zgOr)#y ziS_=rjVOs=tFF=n0WVDAr3{2<14^LUjpMr}R5&JZ$qCd5AZeHbEii%mYR)M;z6-*_*w&P!cbhpZXS_m_->#BE^n2>0Ei~mq6gg38}{<)P6?Rjo*ZM!>~-Z( z&p3$oz@!9*0wbw)nt>bhn}o}#As3MFZMphq5Fof>Eti;a>`2^C<8R5e_}1moF(`dH zoUx25j)k8Tfo30-^dZc*r``J!j;tfRLW&049Z!Y;_mJ{W-EC!HwcGu2?P4U<rx%9vxN* z4YbCU`8cx;82p{&))Q)qk31a?*%vg38 zZn?1;`kdbCW^axp_SkRvTq^Iek2kr%ktTAgHCQw*M>b(I@opa-mCN8{oi_H?3<)HO zkn{!h@2bc@ZuAM?5lsNoF&u9)WG^?46NvNxJ&||GS5z;MzjOcxNrsVg=aVrqc+WMt zcM>*HFJfygmv7?HHrGuzKaFoM%F-l%$H28JJEWN!w;4CU{1L`8y;(WEZMP_s#W*WHjXIB~k zJc#%9+2h1MZ~gqaOVneGTRC3k^H0A4{pk(|?eWa@SbF{Jhw>rFKBCb;4vICtSp-<- zH{lG9#5n|r%ch>>O6bISTT}>4{vvtR{X?a(N`Xv*rT`Lrr>;|nFl~G z3wb1BGz~MplN>LOWSkiA|8s=r}-ZEw%+^oVL03Saf8+jhD1)xuIBnB!?E9&EB+l!Va2ivaV> z5LCk+(S#|xQeJ#D=iR@xCx#mwhnfzuq9S=LGE z{1Qq15)oXq)?P&cxwdEaB@RCwk{Hf|LEg@oRO%$wO0lF7sN)aTDM|;3lZ1N4OwR%D zeqv;C`~Dn11riL(-={#E8x;)%Iq%aQD2(~br37BT-XpJrZ7u7Yy4T>O$o+ZOTJ>$AmNC*fv6ydz;?PF^Kr46HHEaE_!l!@ z4rMW%4v=90w@)eHKwor0qeySO7xX8F9A~_LJ68G6DXw^NC5LBE$s-o9ZY{L=o})Gu zwq>e#3(Q^=w$>%WP49Gz(*wUrr*x|-r;fPtwwDvO<-sTMCVV>nAgvPu&ycwen=VZH zx$bKb!~*xGs=|xV&DyH7XN`3dUlGwb#0>q`K_XoY8-)Cp`x~& zk_mix0VH1{AkkCE913bFgfOirT#FMFq~3hL+eKIVkdmdzj=~L~kR?!&=clUA5LcLI zk(~KyUBZfUWWpU{KqCw4mm>6Y{IEE6Y5Spr+siYxR?x!NTMqW$a=Wj{1SeF4 z0y7|I9>Fi-HN&()g08^KI-Nd5ScJ&*uKauBoYj3l;Rqn*#-`j2#;LAcRc+t2kQX3BXw%Fbou!r&alm^Eu$F(n#Di{ zeupcdL`yv2n4aC-SuZ==UD;5W#}$cbeL~NSwR7hr;Q~>g666rxGJ&M-l~! zAwm?IQ*g5n%~^H@hz(WDo;}FKU?SsIj;ym7tySw21vbpKw^DP+IMIg@E*boq#TrP{e!QwrjuNyw`8;R6Cifa=v}V z{;u4pd@o~yD77)ARb+WG43M&5rbGfLjGqE1z-dqoplMLzwx1e6ONNoTCH>KtdA}6S zLQI%jPazu7>R$t$kln81A7>Q;q(GFB2e+3>NWe-+1W0R1sX`MMHg5%=MI7hh;VI^vq7X3UU|eD5h(DNAWQn6a5piExmY;xmH1?0@+MPJcvKA2_*k$XKbNK_K!hs& z6ylpdcHud56gQh$O;N96Oz;Kftb7Yz#(?Q)4a;DYbwIVKa===^Y$+dswZ_8A5R&N< z(IYr~)5oMiHX8V>%h0^A^}gAi1F;zuf?AFtfm)UoY>BQk#I=1->M&e~w8-j;A%~Hd z&m!mfiD=?0kB^qEX(aD=2`A8~aEHDAIfQuo3$3ldeoQ#@fftXd)c681GC-n&Pv8}% zBdS!||6BmsCWM~BX`i}I)RuMXwU~W70{NHwugFH5Wq;p~V9O$4$ZhjZ1uzWvXOB6I z7wHCS-)AJ-hAU8<%3KH>ZCQ8@cSzfYwU_1Kxi7NGkv&<+2%kbCh%N(Xhdv3*c8&1p z$E`45Ldm7u6}n_3dA0}R>PE*NELvD%)@a41KRFfD{Ci1TmB#xBsi-VhOLLrOcq+4G z?@2Mfl|6j=TjdU!OUr}jBb#DxM7x$7*3%;jMDPm{RV^M-w}>Ak1d8hC5RPylJBKZ| z6OIImly6W_5%ESl;A#>sz?t+q8Z5t)rsl>8YK2pJ_GW70}YzQl7*c5}NQnIrp2jjQSZy=W69|gR#17?t_;4?logdxg88@8@U45;5n9-jR zquWw*ysnAR?Kb^ylRzPj1{FtY7vSstw@~ry^5yp+BlGz77sK)S!iUDvB)(RQvr?y% z{u9%0m4%Uq&44I6qKCKFzfJ;6R)s^gY>gIlkAJ$`{fTj-e?|cU;{yHZe;Nh8f%Vxd z=gzTW8(8AwuJ0q&MtR63N4#n?o#DDM`+JsKhlz9BlA;Mh>f_dHXJ;ovjQT~YOO-{d1NW`yc=vnRjb9DaJQAd+3I2=V z2Wr z0K*sBa7b%1qID~t(MTB=Jggb(np0nk$m1`DZ(3Kl)h+owim(=k2*Kz){$T=ysf@P& zkTMuDv_CG(QPns-WjaA}-JKxurNl<)Vbc1>osig}lZTX6wV8ZvjNo?|p*6gsicAuk z-{qwhFqf1~)7aH(C7j_d3ty2|Q<=VyAfkNP$^moF{dXgQDoxOziGY^+e=`x3|4$|Y z41Th}dJWK57D^jmx{4uAqbZs zuFCjTZ^e9xL|Qt+v1ZjQU?v*kat3tx1^(LW@?9DEkh~k|A^1t-$$~ah9x4dlE7Jr( z3Y{rQA$aOqaDW#u2;3d{PufbP;*TL8PS{e6;1i;an;-DVS`$gJaIhM3?K1WU28R7+C`s-GO?Ka=>N=iyu zQtf!wnH|T6=1iG*2NNn*C>x7ZUv}=zL3?0loPPD=8;9rYfZ|FWqpwx6sDEV7^Lq9{ zkx#%PW3esPa4vSEvSvYRN{O%@uMSYQ9n0rlr{GWbf@M_<^wGCLUq_fP#}{tw3FFb= zxr$-mhC6F17)U(Sr4LFSx^4~#u&IbV38bv)w0YeHd=25f2q#AvEnuVv%S>fj6NPy> z;$ON8e8oOoD)_dFb~KV(YlfUON7~5uhoZ#NQKdt6*&D%5Pk50GI|h13qn$YB|vqw z6+f>gXS~*cw>1PTDL5~R&{I%^6Mi(T4O?Y|&*x~Q&nNu;=T-0Uw!1ru-lh?R z9KJb3LYTR%cB;2jlA}s}-OPgqGoDMB7GEx#bL^yOr)K@L+b7SW)Mv=kvlS_SfN^Py zQ;x=%R5#@0+|(A;nrb65+zCoYp31=>V|RXH8**;;vr(pnCRd!{KC0WJdqb%&#ZH2~ zJXP1Li`1!K7=p6r3z5K}n#41lil!Br#cH)W{p+xKD`x`wMR};z+dveybLw8r< z1}0?vs$Ls%o5w{>vze(8wFKv-x!I*@cLqFKI|9XoV64Sg9(t_BYlT^zs@4JKau_p^ zcA4MidN6-OAy`}tv$?do24CKV?huyOdJS>Top3jXlz%NEBqQ$FW=Dv1+TaxF{2*ld zPCl%1G|BP3*uyiVVrrD|ELE{e>lAjegWo}0|37)tAbl9o7Y$F>g3 z#pvfmzuIYoy7A)Zkzx|ET5Q!#njDqW8*x{rCi9S8+Bq@$u?U#Tc*zCMO2k8hjABB2 zzG7{|RSD)@&Gk2cne{V>2~8`?p4dbW>r@hVRl>eN-*9mSY#u{ni8q_l3{(_nQtutY z`AYEM;n$)E&CRiLta=-S+V3njlZcf%)ZtPs6T6-|n4>#4g5d_529>M}n~c$gxdnFJ zq$9)vxz;fANc}}+?|~2Fz!nxFl~y{=e0hT&FZ1q7(W&~rYrkmZLCe&5=N$vPtD%>r zFyS9E+G?1q3+|y&omEaDH0Qqw>vXb3j*b`Gm_Ga84TDXRa=aFt3v>9xB;)fp0;M+24Awa%A(9QlyVtqv6_-<`>KO*@~h zNhPE2`b0^A653*!^Qam{dd$m$#6GeBM^xxmbFv-5Yk;})ialC7ACEFhoh(SAx!neZ zU-|y%(~EiKr#JvPtsRlEgHu>NP_z1w!kF$cB3U_e={T#g z7jB3Gyfkyvg0LhZ=En~cMj*PF9^~HjXM((9wAv$9bY>gU z+q3wc_B6{iHmvcNfznFvPE|aY?f1)*gDfqftREGp1ow3&o8rr+{6pc85~O5Ph!&j% zI$#TT^cB;2ed#Y)<{jv|?P1z(HC`Uq8Aq;7QhbflHY{`R7e ze)ffN7<8m6O8gJLRppu*lHk#e8-PA~!0?)?S=-gN!6mC{o4|Y_JqU~T&xG}Y(={T} zN%-gQj70RU9QZK$DDHw+SDGk<*2(+^*&(#;Pj!hk@82ezPL5N~rK;sYEa^!=SF#e} zYjE{mt>I4EYP5CPcLsjSAOxX|3)z6kiTI)blbcfjlhegr(8(o$)c52g`|3-Q0fmVs zG=qnkK(DI=t^rr5OF*bIQsdST=?!jT%sAEVNl~S^I_1Y>qY>8>5A=59T2INnCE_>*8_psDV7sb8uyYKZaz))mWZR z^q(AzEYI>{%wuez)woBJrh%~fHA=6#g)n=^zq3#tuNrVCMD_YCzOwnAKVwk!)0hlD+)% zbZGX!#*$P`3jP{k!-?^h{$qfpN*V08@&=l^#iswQ+D|=2EPXp()JP*;>_>Q4JZK-w z*EpT1uV1=j_`-Bw_LVBK%X*)Y<{KbmL~b!#HoIJ;`EpQITD+7Co1ZV+m@%k*`Dc9H zarIvOFXL;k#J+m^8f&u0pSu*hQr`?bdAYS?(3v>KGr>!jpc0ih5p@{Nmra?hos65`wggV80)k5XOP!ftE%TCXkF zMX^bZ4)D&9k*Ne^F28T4zaTgbBZSrR{{7%u-T)X}Ri6GggKNkCb#R^NvG`>m#F5Tg zBOiYYanfg=@$Cq1hSJ1<>pA2-NSq{U;93wgSE5YCIS9C|Ril*T?;EVL|NRC_KG4z7 z)TEvjUR!N+@nq1C3Bn9L*sqJ2Qph+zzv_khcURy(W2cbVd`S6lgk9-9#6K;tw*F;- z1&07})*)T=`QH~2W))o(EyfYY{66086FQKM*Sx)%prN*=J( zI@hTTnfwiyTP@1~bL;L(oTD|AcPrIQAE{rZ{YT5EEe2^*_d1u)0z=S17d|W0@k@!A$Meujf27G9Gy4Zeo zC`<_CaXnK5{B>m=^2gs+>=855={7^*2i4mV!l>m^@o$R$;srU*4EMDeUC+i1@jl}G zMj&>|Vh_cT9*}gUjWl?#WZ&JdlQ@4U>{JPV>&;@#QcQ0tScu2~=;a@FQ;xG30(llI~KxGxtgkK4b)Wiyi8WA2wu* zonXU&JeIQjvJNjKE+c{WPXl8`{hvW;Y)(PPe`SLrXT*moJ+Ph;$wwp zYrHcU4q*?HJ|qqyR+?g~h3CT0vV2-K1|rFs`x7*ypr#@5@T|0fn^H6`)g4(H@ZPdI>AV&P_t8-|Pk|h+ zhE5mDyz^5gt2ZJ0&EcPunML-T^l;CezY>Q&o48cB&u9ieukapaLq6XTbrs*P9fJrD z*aP2!Vz$Ma@Ce2p^TnU1;IpluE;?yiPzhEQCA6PWsC(hU^%_=1@b{2}Cyir&;Z=7l znN*_IB`GMR*NbKY-yu5DoFh8DybBwm?UkTfbWPe_ehS)X6B*_zc~;HJ{V&qqGAOPF z-P&&4HF$6fuEE{i-Ccsay95vJ?yiC05-hm8LvVMOuai7;=9x1y^`5HlSJTx+@2=j^ zz4p4VweBXF{D~@}+a1F~`dce5!9q-J)Ar8gukK<^I|M&@lkC<^f`Z`aJaE*=9={w( z?~nT8SW6lBoj;3LJ~!#?ioL+54&5m0>UgP+>c<`+Bl`nt(qBW;*j*VDbidp{dBfQ=+L}9mYW74_}g6}HC zUTNN_3m(+!(wF9z8y(9x$|j1kTY_?NbhU=J3eN1qrC&ke#79=Neur|GS6au%*$bn> zcw3&mHB`%&ma#T;*|wu~G4*+k#%_tmEG0==vlVj%@33}S=ap|+(KZdXHnM}dHRSyX zO=EA$^0{tCt|vJ2RNA;`_u4sSS_q7W<@Qjt9r8x0i)z|bg3f0%BXX0N920lldnTuo zR7T))v#XMw8;QEgo54vmOFv7r*0-kpZhrRBrE*)URcS9yeJRtYe+FrZQo#d`a5&+%`7LDRX2 zz9qTFy1~|SwX*Cpy=QxA`K<<&4)ngD1L?RprsDli@SMSm2e588n+uJ_Vbdd%2oO1B!^Y~|eXN_aW0?xN z_7JQRjovp@epm>wksKmWEAdgzy<`l&NzfYn3DffP4dq4s@W2MmmEa(OekYodhOb+m z+^@HqK0#r`Ry#>Src}u1+RI(%B=^xbY-2~6afYs(4szZEjV0T%1kqpp%KbCvIFm96 z6yCdp&d!?i(||97^Rv^|ib~24E&P@9*kyVqC0&)&<-;n;-5*M?1}!v$+n(eaB5%b{XA8CbV-P%>yZ~)jY`FM&--4NRB z;oXG9K-`R8nKux+-bY8Uoerh}{J>6-H^dR({n!Ea1=!i&LJ>kq-d6GKw?~X2ignf` zRrxR7MC-7K%N<|vZw zEPgz7JbX;n^%u@Ia-nuT*SUMi<@}&YsW?8cak3XRh|G0&`&AD%_$$2JW9imqoj$wK z(24s4HlQ(SI~L$dHmQT+dQbwkty=&&kU0SgT$+Lqqb2mx6~pya7Hk)C#QQCU%XJb_ zzcC3}zws1oK}P_-rZwQPHpEe9p&dAdP!ot?yLL}hlk zpq%bW@0{*ZLP&I3h#MoMy%s85?^VApOeSl3(CQry`w!4n?#s0K0O$^J1Z3`92xvrP zT*9W$kF`7>0D)kTzGz6Wew&(tew!^w`fd=6UFWceKk&z#4elimZQK=~DZnw)T?@?3 zMM*eg@*Nq53{oFB^FfooWqNh|V{{Q6b;J3V-}c3GOW!_=UTJIa(8eeugoGF?mekzi zI-E&JEB_xCe<5tYF8=6LH%1u6n#o#HKi2zPLMv6CKT@7>9uh%BNM#6@CA-|Vs1<^e z-#w}*KxYI*`UVMWmm^5nMGsKIMBEnQ%As?NKr<1EoPE#X#@yqq7c9XZ>xTBTd9=x% ze5}snv@gMTri?Vn%d!sZ_OI^a=&PfG*wB` z8@dmf*NOCxa7G3vwcNEMDL^K{5+s(YlOzB~ZZVCLU)50oW&N6$f@)K+yyEj(bEi*Q zHg_yJ@6`*wbKG>o-VL*SE$^1>ugNVT5Bp%@4f!VRsnbNiQTJgp9FloRMaQXbr!a^2C<& zB;6d#8%un6K9%~e3r;1SqC1{AX3`3Y`BB|qi}J55m@ADhCCchF#y~JlS-lc32~MF} zOTQ$|Pt42$BaRVgtaHcCkSkQvm2}^h(~|0+Ts}z6!y`Ve85oc_6bmTiESq`Y7?0=n z_}4f>38GN*&H2msNu~23&Mhc=-mn#~?XnejFBzz55&;2<`WPm)>+wq}gR&+U3G9sa z>k;~N>K_u1c86w=&Ud^9$b6AtWDalf0OP1*^xQ! z5SyxNcowShbGIlA+Hu0_TVs57*GLxXut;fG8i%>Y6Q>Km@}=bjaWyh?{YN`0W=Ay)K-o;i5MT+2yj|6u0;8wKVbvswU{Q) zfgonUA2gauD*essbcZA8NnudCKGE6uRcN`#pEU2pK=cP`40bCEvx{f;0XA5lR@5CX zBV8=d?~UUB{em|P{5v9!;Sbvwl-R9rZ6rp2i@8L zM&Sr-bYH7BXHt`r@`hVj;@3iP#|a<)HaKG0<~<{Un2UL~$wTW@ndym-d-}nz^dBnY z=OnI#BIRUnJ>QaYUI@K2#!I3`-S0SOY}i1q7%p*89;81#K(GXY`oFlM>F4Vqy=hm@#U)}}Vu#ko)W~qC@H}Sn~cl7zK*gBCqSTn?H$X0{h7`vw66Xx zw}h9|0Cw^0LxTwM3=wRwryqGh$g8|H!_%j=z&OZPlsLP!5x*KQE!)Kj+v5$bSV|`Y zWH#4_qAe;2L9%4qIQ&9PJIGHSOZnGO39m8lZxW?*?QGrSixcik*Tx>sQZ6Pmh8$5Y zJE1krZ$juNQ*~5#dDdo1TizqEIkS>~KVFf^)W^9H&wMc(rc0h7^@%*I6gq^W`A+-oZ5Y zJ62WY)c*Aq;ozKEK&2?mC)sk8+PJ!FGu-GVei(Y<3HJ)*fH9#v|FQfyEGK*}rlN7_ zy$iA=HvUZz*yt2vX4q&ZD=1hbaM);T1-Fs)GYaOnKuz!&Vu*Ddi&)g)9<+#?7c9UY z*cd&L3~Af+eSwf3S~N(O9w9h)^%G!R4HYbFJ(f`ibNuKC61O?#;Jcl1syre)D#(`= z3|tuK3wsp9)R575kWe8cJrHs5m?rm_dlWqo{uvZd{uyroGVq-t1imw%{3|AYZtwsU zKwbwlAT&4ufQ%`Tg~(q34EgJt{q|%0V7CB& z9g5eK4iL^M2ncUM@-rl31oYuyPdoc>NgjUD!J}Q;+1xGZpoa?v=;~4OZ{ED?I`W&p z5drAZ7kGVkdyxn_s_HrtdjGUgbcu7$xp6c4)0ymh?sU)(Ks7xwsP4SC-#qZ;SDyh- zY{dMHGnl;gz_mVqZGE&K8VaEZe>jdLe|Q9GYc!g7H|`Mmr+t0DZ~!_R5<1@x>CfRm zMaHfGsx*XP6)A~`>L@i^bWsN_>h@&LP}Z&cz%`96`dbj&Sus}7&B=ze{HJ~^AkCH( zAkFk~$Ak{a{>(VKhOSsKVPYw`C^gjTVs?$5xJAuY;puefcFN0{LGk;TC ze>&NKA#t^9pexYk3RfMm-LR-61Bb7E>Y8nd!{UGb5_!-aDI7^QykUSEusNMCFfYN0j`tLEpINJ{-5 znf+f(?)m^+#9d$f@K_T3@PL1l&@QCM(J?`kpTUoz7cP8ie?~KQ=3)tfx@ePv9|I4| z1w5<^@US|VTvY|9a}CqcA8WMs&1f35URG_gSU(CGg5M^%-D465H08S!D3Qd>+keHS z8FNg;MwLr)De+2;bL)s8Gl@^ET(tW{*svV!;|`o@D5Gcau`KYd=0{1YTifxaoy1i( z^20N{LWec!MoKCwhY*2=oyV{-F->TFE@288N^?nw7!>p?@@;w?&$)0MrPuRDdPq@C_%%tm!JzO?E}L* zr{-X)<*fH+OXuCIh9>1z%=ijbhk5Z)6!>lbn0;7~FO=#R4`DtDyOar=UGl%51v>UZ z*<3>D%wd!yg4QZ*Gd=GLy)D|)&P*!RfDQtYq$YIwLXxfFxcyB~p7~Sr4-(xw$@?X_ z4!k`1rkWzw+9C|aT|3_-v9uX29?&TJiYOK!4TMj7goH2{4_xLz>}`=vT|T1teefDV z>7+$B*7UkzVU?+2P{+G&=RomkNm(j;h2>_3GpcNIvPg4mtM+vnxXU3L{)+n2hIWq4 z+62}}(>sET$Ga|Hif69KWpqaulWEAeiAf2YEaVv(7?Ujjd-}yV%$re>Ax@^$L?{K z+m*7vO-dqsHCJ`-N;=JeOU9qP%h#Es??z;+r_YXwu81HB;Yl$(cQcPPPglNpO%9oN zT6hsgLeqo==B?ttFl28MY$cQ?_%N6^LUdTklw^F)XCNewi-w7(P50y|G6zmdA|qT# z#o6}w>UnVS?yZrSIm!J;*eg=)7d)AYBFpgPFI0c>h($^n%Q2=S3u{cf*2=sF`51=6 zg+PSZ-QjK1S>UP?2b(+t{-mC8uGE{Hh$YW?#^ zkR7X~em40I!bI>ad+`W%j?!4a(cq>c4@$s6f!S z&iQXj(Ie*XN>P9dtAvC$^%9dMTzPQ|HP6d(2b-{msSft%JLQ*mPaQbZ*A)~vy~cn^ zt2ybii2i)T?Vn#n7coKzcOq6Ut~`-1ChtsF`kSF+-v2<&mq4fuVpk^Db%}5r1=c{a zxRfmn`6O{5ZN~%)h7@N=eAkKMiyzaYwuMT|&m`NN5A7{PcfW9{l`jsGEs`{wJxG5| zl+6j0FM01m6ZIk}1#Qt9d>RvN=8c4C*RAc+EzHjUMijt@ZZ;z3R7c~zx98JFllZ<% zG~@G(PubdXxl5JcAfo6lVp!+v<5Bf!G(q~=dj8w%ng1R_faX{XZ&DoeH`(@5NJ~k) zkQ&(ep3BQQ>?9@pqz;88tnzbep&gp^#KzcC`%sy7^;p$mp~O0z z<92?0k^omaT|P5%RO~YdXPxbHDb?W*5p`G9-L#W2bTNAiN-!<^H{at@`+ z_tLb+o?}uwZ$HFpBw+`$AE_SN*N*x2AmTW~dWb2BeGenH^LU}S_kuyG3u3r`NT1A= z-x@h85(3i|GLBP~AN}v_5*K%g;?13+ZhiOin}?T(S_UdgHIeSp*B`_m8eYc4Oge0i zbPZHZOK~)|sElb%JmU<&8Z+nHqO=1!V|vvzS3TFfMu_-$?@N{N+Qqk z+k=PNFuJs$+k(5aC>~gkXq7Qq?ac)1AaWZ!ag%7POtG|?J@?B{Byx`#pxepVwQxdC z_ziZuFcv=atUv4n+66HVPG#M`xlhl-RA40EMyng?s5QCI?X#-R=F`uQ_>gyDbl039 zE8ke0a4$oa1B#Or&WL4a)evhw5h=l@4{7GuDQQUSbjd77r4Nx~+D(uBEP|C?fL%xs zlJ;kIGS|O?BMyztwtCv^Q40VzCwDG&+ENQ~b;Ab+)5Jc;~N)kTv`+`^T%EC0Sy z!{5POw>%t=`L;0F#FlQ63RMM5fXc7q4&c46i|qda+*?6a^;(JPb>BM$+T1VfD#$O) znIHvpI1B_?P4SGF5K?J_T*lv|n{lK5r2msXtTvgKAiFh`wEw|q7nt(CR4M6-zIc_D zAnq1C*zp4$cFRmYlh6LGUeew2cSJ0(X}X*yIB{o#n0C2Vo~k%k3?&IqYr;GBCq`5}qp6tvp`u(t)Uu9k!GckAp+joA35 zV?cwj9q@L^B=-8HQPya0($3WbD&S)Y%eIRXpZ007d}_u`zDIQjsIU}HdB-4qBZh`2`! z;cxujMUNCS78(YF%bG|IJu(Y`1xy4o!0Laz1HqDspt__avl7I{enmmG=W&V~;BADV za>i6p&_4)yY-f%WDM6V`4WGD+Y9x^rITycc@_liad zQWZ%MdDt8@{?ctQibRY=K}saOJ|uI|u06o4s0y2JP>RH%sQ#c;rWZ4!C9lX=OBB!9 zE`U|b`~dl+EEtOWO%Nc{i9mRp_5Vj@Qeme4 zTrH}-G9G5RR>V5iBIT2N2rj{>;G`@tQ8E`6;KCr4!CPIzPgs&u+D@$0WkNCbq_b%B z&Om-945LXwS=a;gFDo_Rpug%#ib;qpP(6YY^q0hp(Pg@IKRP^ZH8sXQYQsXT)gr7x zvma|Ii=a}?{}qsFQ)!9XdNrZ>^gJdeqT&wZ!rd7umy;44Tzyom@%j~I@CBm&@HNlK zz|Tn$)&dzjN8(-#!c6mZrDN=8W^2dII`u`OBY2U7@|Jz$z83{Mc#6O9@VyT-gFp1* zD6`hPS}Ldx4KU1>VAXTe)pOw}9VJ|nlIu&-Udga6am%sb`{~o?n5bAu<$Rc7Bd$xm zt7bk+L424_Zs#ft2@%!%V2hPhDsy@mPb-(a^gr0m0Zim?N3tzbD9G)kqRyxP*ArB#kN{c$v3SMCLf zhXbps8<$V;&;BJTcH$I$8{>Y~zP`K+2Nu?s<-XUF#MMZmS5L9@PpffUjIRXymFV?{ zvLqi?{W7TDH*#g!9tA9914r`Ts`2E3a&6m384>g3%1$`#ieL#Jkrd@G-I!9I$~ga9 zH`4wW-DqFq`2Sxv8kGK1Hu3^xV??&QoH8*Gupui0o#E``#aBp{lnj_#??I6W)g&+% zT@UYzo|BX)wMO{Qn$fc1|DYN1erd+Fg%{xt6;XORQk1gj?AfBY1k0Sc?^bhNyfT^$ z{FtggGnmZ$WM|(+5!9}qhxW$S^OzH&!PE>Hv-7jDQIEow2wBl+US(FGBhwro6o1s3 z>1sk#@uR1RH!^O6PooDTnKwOoZtTxJqC&xGXP1ABE4Kvmjs~~+-@uJ!4-mLX@cA2X z)4%uk#8?+1r~B`wDS@Sc5Xg$xzLqU6{?e9I>kF#RNvRtSc8WwJN@E2Z zRsCHAt)(=HMfNrWu1;T?lECeR&WBY}Z(JJr6j6(Vc5mnTtgPe)e?z}1Le{4a7l_My z@4gGEPUZFCmWJnJ*f(g5+&k`V_nzXZq(bx=2irfhD)jqaC;>pwwS1DMDYwMZc$COEtUj){Ce<4 zvKBWta)T1#NE|@bs+St;Ok8r6y8azo&Kid73wA1|*v(LLetJTPcXr*NM#U3_XB>}M zGYXhv8Mx9=sd$U>QV$MBzp}S^V%*xQX*#QXui)7u!f^uIdD4~h4ZhSf#|=5PPEfh5 z9jh6Q>aOZGXM{>K`pDiD|CdjxyYzCmY-7e2d&lYYQjXAy#o8hbqO}%Oe1^Wv_^74b zbTlfiX4j=I&q`0$v<_M5K1f~(ZWoCs0{+o`&F{JPR5DUtO3KXjnNO_2v8hqe}$kNm~oBoykxv+f#$H5t_)m2JbRhUNX=Cu|-W*>88Wl z7|QlT`!i72M(M~ZPo>_%cekwU)0Rlr8ZP?|VL9=o&!}1>Y@XO;IfxJI+e=~yzDp;a zt&08CclNG3r7Iex=My9Q_!l-(izx-JT4kTNC+Qo74fDd$ktG5pxwzn~Qh6fZs05S2 zO*TR2&}sL4NSEfzT=>t?cGTv-dLdDG+3Z9mW|Pbb=vAe9BQ?HQ;&IxU6$W9PR=^XR zgCwh-Rse!GN4)JueT!@L7A^A{dwp1LN0<3Kar)NSF3Z98zQNwFF2zALRmY&(trHJc zZFEo~kY+<4BTQ33JOMfLZ98ikEUA)lH25_#7hHgFa_{{)fjX+GUVi*L4v{zM1r)$f zVj_U(>fOY}W)@G!BB6HBcWq3XssbA|t3cwr39I38?TN|p=Q`OKFg%GmgYaiEw)#@_ zy}P3m*aaP_I_zUz@}$634BC9xnq`YYKxZ{7FXOZB2lCCipRQ4>Nht1veeU4%B>HCx ztRU00DK_(ByV-`Kg4uhK;H=sRMEnk`P^>GkTa}PI3>o@8tJb*cbi(g!uaeT!{mlJegk(f}teVh%?HL zBo&s2;RnWR+6et|m*~i(%LqeB zW4_B*R*!<-3Z-*VRZd%+#Mn1FIyWe&`nX5XT5Uuyr;LTYcT9Ol zhs-z5fuPnz(}9!|x`ChwXy(AQgTE>;?SO7>^1g43Vxp|w_+yRT*A7MzhKqpElKSzt zs~xLJ1@gyDOdP34m85 zKG3!7C;S13?Bf(_oT7agGzz#Ygb{T=#-k9(hntlyJn+-TR!6mLK<0WFD7&AH_u z;Of^2A9*9K8n_QwCWZbSAS@Ld?|228H_bKTkGw<|v2PT=S8@OuLNX-}X(9dMg~z!vQFjlh(A znM-?{HcAIN1&POC#1$Bwg$*bw0wH!|%~yF=d5xlxeJK|12|w=R8Yz@7(u(;@}8Dt-bitDxGpN+9)r zeC^6sm2%heUHWXQ9Qh9z;BNL$jWqQT& z>Srmi($(ziqYqG%lKO3=Y8D#5;MzuI9MxspEEhbP0LG|T&F}UaMh!(`;R<212&ZBr z8V-tR;xzpPL@4uNJ*mGFjR7L09wJi;7d{3+EMSt(01Z9X!RQ}6xXp1(Cn>WsQ>c59 zy5;MfN{X_K8}Uk~3QpoyPbZ?08&Iq^&m=L*QJJh09Q^{qHFiL<_tHk`$uJhbI&f9%-|9It^Q#*E#oYu>#ZUg--BkSa%iW~uR_GO&jP>^!Fuf09 zH=rscfM2rqr`LK%RlG?7A6ml^A2j$I1edl3+M5wTdz0wnZ+lamcnROsNg6bjQJvYS z=FV6eTcx!GxJu0P3s&+#mLV%qXkF2nVfr)7OD{4eB8vFswHQYs2#!*64kNn1aDYBk zRP)iL)DZbV;j!0*I2Wp`Ve<~_U0aNT`)U^IyycP-jqyZMK+LxgO3M#0QZE)%Cocb- zi?{Fpnu{yXz}N@{vQY@olsJcbbLY_|CV*F(drJQ$Q^`_($k7zhi)nb%$hEk)?%6VAUsdy&Ejz3Lp{4uIYbOb9| z5*!IKD*Zj_L-m5=krQF^J8!WBjv$Gd2q_h4LadT^OxTbA?sFQc|MoejuDvL6dW@eZ ze)*i1+ZQ3cN-L8T%Uj3=R*ZagK1jrLk86?X?3fgvg@&Hx>4^N>M2$;`o8)UN?nkG$ z$@7J+6@^NGGjR{cW<~>H3nz_Q@>iO#4BH!3f?a={PZOqZ*Yt@+wf(zXoKSXBmu*D% zz;C{`sQGT|f2dM*537Hw(w>j+_QcVNfKjx>*Zyp-4ojFA##m;hY z2=iPar&i8?PiN?;gU;|&K@I%R}kd*zG;lUT@~YgPle|+Tu~S1 zo>17UQV_=3_CS?!f%E$J^^dWvRk%{<0u(!oc0U9HREdVO^MCxE6xX@W?~F%*?D zt|*f^l_L^Yq^K}olTq;asXXEO^jk^2KQV^iysdt5n}1_Qb@`q8)_CcA=>uZzo26O~ zquwOp;#latfO5UU<=wT)cI++r0 z-iUv*?x3<~Rs4mPWe344&(nj~UJ{$j2W@$d8~sa6=Gm<02mL%NhWV|a5MM0cF&NAh z1fGSn2D=D*9^?YEdkLe=K32#$VDS(r!4X~+;w6k=I&yiftF-3)R)M?+Aqzd{n6g5VC z!MfHA#!{PP%xtm6gn%4mAvzpx2t8Xt2BvaBwfRm7oi9v&6gvTvG)8E-Fi65#C>y+P z7mVkK3lVQ=Md4GXDmB>oa`YURn%Z*dn)iyt@#zey%X~&}i0h?Sf&@^(kpdN5Z^+&F zuX|^}d%(xc$~K-o*@^d0_Od6&8Q=T=DEy3EpVorJO$U4*G^>GI5Al;*DN+sImx|=q= zxm`68*l5}y?1!W$`8}w?X}-VGDr5`;xwgf)_Ps}8cxyY}`|`kt?Dza@Tz-Zl2{C{a znu$&l;7fUIFa|uS!DM3{`=U0QdVRM>1s4*?EBvuN zL4uDt-!s`j`ke=SX%)|@19uQ~!VTsVaf-L{2w03~EHYsuFc~{g$y%=?9L^F(0OsD4 z(hqFwJo~uC1=0%@DyIid*dZv%@AXTy-6v481$zTkThg*;%k=wn3y{0q50Ou@e7+(E z$kxn&7ohR_c);uDlh~_eZ66E*G0}LGQw@X@9+7i+`MrVS&->TYJd%5{Zw7=g8J>)a zRYAFhWHGco#n>Zmw2BCJxwf3;wtp%{i9RO8T{N7=|0N-9E0Zq2bu=K1mSFkwkm0`u zhZ3Ha&kny)RR8?Up`Niv#Y~!2aY`ae+5s&}3X_K4o;NZvNAVB)vGuq8$agR=hgg)z z?=Dd_Q|B;%6=G8=T=8w4`-F1|+z2PXA>e0SzlBURT0Uwuu!vjP}3~-ksu!`c{ z8S`(J6FfrvI=mo%>!lmnSTIkg8`wm#)2|((3eD1^!LYjE>?>hfVvKwxT|4(&S^lv! z?OeFax4fRJFT@wG{~SnTI+W5HWhoDJ@XaY8;P=-J@uYk;b@Wt?J)!!M4&hgj#`f;u zTWBL$7KJI?YpP3Y%;5B@UFBq?g9>J5MYh{MTxhpnMxV??xems7-@_uu@Y#?ud^F{+T$tl_pC96MVKze-eCJEv^@l9jvocA6#X48W6MobWz!O zb<#$gfDd0$U;P?6pNOx2{7)0-sWB|Qaam08D6i)&^>6&v2`9MjQ}U%rQHUHkc$=ps zYz`TGvM`4zucLF2U0+vxxAO33@m1(ir|0<(OZRauO?F9t=OBGeqpDL<-0bI0` zj{T4o_&4MaGKJTH0W1+3Rv z?uq;&LCB0@X-adO6-k+IA*I+h>o$(^6LnE(gdAL9?pntxo-a2WYpa_GR3ht@qWB}f z(IM)`BH|cv?iV{Y1 zQa2vCfp;RZ13dz)GBHkZ)UCyG;y((q8xfiNmyMV#>CN}cMoa|%gD;-W{C9jYHK^oI^zF;iDu!#$*yqX{A(GD1)h zEDVwSlt{v~(KHF?s5ZN*akRgTM5Aq_93Z?H4}=#*$Ho_b!;4aa4!V>K$^tSa>T}+^ zpB$zY@;FL}Y>`7G+h-Sk`G|)Z>e${%l#7m`a{gU^d_-VxLtC=sG#1$vUZznxHyy*T zQYwVTi}3oW6H1PJ{7nM{sgO|}x;29*FJiX=ixl!L+*0Bkpno{E{Kr2$P_}?GHe~94 z$~?Uws^k0+QeuWr{PpIsVCcuxJ+MJ-la7uxEI}j1W^Xk1AYOx1D_LIFj$H%7m)aP= zLlSD0soY8s--Oa0{Zk%dl~K&li1S;hYaxrHckfn4D3=JqawM3v#zYw!s#B5PF3<&jKz=(r1us_ejp4ezIf3~(N(?p7Ho(>Qa5l6EVde#S31 zY<=?LXBNBw27MBEbslak8xCV@PEj9#ASZroz|!}L9}bVZ>65artKVuJ1;FTtah4HC z>fd(LFNhy36Vm)!D0rU4t|P|rc1#nJPxZW+P2Ubr`^)XLb~Tj8WSi4*?>2rqw$8>Z z;DHX2(}gwVOj)I^e+CM@9-z=$X80xazK$VURXHZCFJn|t-6x3Slujy2b#y#&@-xU> z0KSKdXA^-Rfr5iU7d^S426($c-Is^spJQ%R@8n(HTOzi{v0E`d4v86glFm5$Ee$Yn zwZHjd#;848W4W(t9e)JqUFm|{Pbq=j3j#W_Fz>0}c>=u9&A`taqBf3n4&FWabs*=^ z^Xs+bNml6ni8}ob4fQivc}nZ=cgjnYL)5~w6T(I5e)Xy88tsJY@z36R03&R=2SJ`m zMw*ZK<(7H*`jjdOeo*S;Px|zz)*>2kRQ3fvhl~HNRp_pcLItoI!3^rOF1nA{)E@5h z-rh6ytY7Hot^NL7)R!idP+zEzz-G7g9XfgL20mh-DiL%Nlh(XEQmZTwTZURGBjF&X^{f>4UTNH z2?iYk=%$SY2?B$5b%l0?M@A&fI0b`-0^Vu^pX0L~rG{}irk8^$WCKEp5Z zIWX{3`;R*kNyX}cWqsAMZ9gWOI&6T8B4qgtheErFVY2MP@`m)AZY1w;Ujg~fbKw-{ z%thcx1I4W6h%*I5ru0toJ@&LFefPZ2AUDvM);pvyEx!4JN;>$AIqx9$J#vwmQ0nhoGwFK zO{UmiQ+Zd*QmcNdAvm_zcg;H}jD-)gZ@j45^Y3#_+Cbpu4Azf;460YMEc30kemP4r zwEXDj8zF;;9_JwZU?Ta0CFl^{_tkTPL={AU&KLo#7Sy>%Iaw%Gh`!|A7Ak}m9!sG| zV?)Kb+I@Hx?}t`FR@jp(^@3`DlXmbvkt=1Ba`DI*7RgGac4jZ_?lALB=arpmEA#4$ zSyTAlt9FtUQEo*uur3lsYv%0ut3fVYWvmY7L-kI@ulwqKit$adPO|l}`H=li57dhj z0)-tNlI^+Jf4U+Dl`c`tt}pq9j+zV*bwevYiF0eLiY4@t{4+RYbUDLe5+7IGmE2mW z$Hzfy6_&@_fJ`=ipoUX>S?|F+ot%^Pj-Hp!vSMzex=``GtsS4YO#22yfx;y;&!o3HM`* z5?^D^?gdvBpqmuZC@ajYK8Ue+V8PKeWZ*NoDS^v5z^i>MNQ6%gtq_5yz7V#TKOe7u zADoeHV{aKH`+JhD&?}_zC-@Vvrd)SbUSyuG?K|rwNpwLzhfq#+jG{WW)W~fLbf_v= z)veQYt<%-bIkMJw3RUy6v?gx9Gp+P8X^W@kcWL13$=lA-x}2f_V>feknv~A_qe4YH ze_+UmKhm_aM7PuM+F9|NLF&?W74PDuQ>nLg*`M4^X5Q#;OHm={4QMHrihX`a^lZd9 zN_Q!+P3!2(%;ME3_GbOkP^#nDJRcl+Nl?X&5LsU)z@!&fy&t#ELKL~jdJn)?G zKKC+!$!@-`(*7(IH!7Oz$8CwHRr;9yeD{w`-Sv-84>XwApV|I}nLN|w`&WUQ76^V4 z)@3wew=B`X^(SychPg-gLsp4HzM-miFKN~wt;l`msFY7;TKjqW@aFNyT-GcP@9ABo z&p7uQGne<*=|!PkA$Wc)ahlr^uK9+QX1s^I#5tc?ajy;_Hu)3srG~wSuebESWo;Vv z(o%uVXrRsJ)c(KIHnI1Ue^sRpr(q}msY?Bf{*S6uWu3IVii6e#a$i9{#@=8d@Hp-l z1=&x2{WE0d(jtVhgbM;jr!CKMbubQ;Tm&DdzVv3Q+cb~z&>Ji3HWv5Zq}`&yVb>QD z7MvIiElG4McBTzgmj849O?UeXo9xgCD?B{5Deb$vn-mM(`~en6^18aL+52 z)rud{j9}n)2>TkB<;1825B1+`(F(dxa{PCR4}VpoDx=DWEU4G-zE`FuR9~2eR~P$t zSP}%K7ShdxRqN-3bK*?2E-s;wy#m%gR~)hN|Mn3zfBA^)fAbNqiT~~+4gh_`e5Taf zfA4`9ISaZTKR!G)*5;4^_?WKUnNX% zm-F4mRkkP|T6C_cSqwpGB0=LYahaZgV}(=N{pa?ck+94MHfuDV3d5oyOWu}JiK-hk zr|L^qIpBu1h8e$uN<6&snXQX}VfOGJmBfWA=+V`mp((cQM`iZQr1*!EeI>sg4sr2u zm{|9vp6BlkA6eABNrBTBm$lI=d&`+``p8SDBz8!!RD%^t4p`Mo4y?s@(N%x#&&+GC zPMC`o{vmTPo13SiVsBP*Toq%ZcSG@ny1p}?3EohRh@F^hXrV(@)*-Fz9#%58lRGqB zFlR!vYNx7)C@J*8JfwB2TfRL)FcC9I@>#y_Lws|LPzd;~53C_yxrqHVBC}tvkHlN-n}EvwFRA*d)XWlHHR&@m5olZ3xHs=?pzEwd z*N)w^UFYR^b(WqE%u)~RAu9Sl-C3#nc+<7|D+{7uWNw+!O7LWVqxxWKokdl=gEKZ% z9=9}(;xvos;<&G_o$wlXx9mhC0_v}*Vyw{o|SuNn#1EPD2o1dIaGXnk72 zN5@d<=JdKDoG{*ja1Jx^TC;=h(*P6LnLAcB5c<@%0knkf+;A19!}Q<+n(o%r-LR@b z;>&d<0b~ZGR2)PkH2!_qGT7W>p_1&R`3f0|xJS>jXWZ*dLk3Y;V2v;i>iG*E44(dN zs5WLZcX<4@vdXzQrU~7SFtuWmSgy+TG`j&V^`4to^V--rBWt2Woy}Oo_K^@2fvJQ zUJ6Q>%h~ezdf6D97HjM#(5$i&1WYFQ%eMVT^h9A-6_tc`GsLoRZk7@%i~#|aSnr%N zfQpFVRlPF$1`0?^xQNAsO2r}75D(pMp)v`E>hrPSU`=7auuyb!Sx;fmex`>=`{O zILdO92~;WdMp;xzuvq%THdB5P!{2lZE}FsS&5<>|KFcs#2KOS)o65JF%^d2bQDT>t z?M-b+N)MI=Q8T)SpCGEAAEPL`_Xe;K#<|1*NI*n~Uf{7{7^c4Ilh#y%i7(;BBrG+7 zkby`_GV@xi11Kopc%HgIGFhzRlIY@QU4#)!ZnL05o(1z-a=|#?2t3b#SAtPAU(UuK zsF7`MdnHXY>S$W+k9_0~NtcgzH{WwLy2{z|wV=UBgi834@h@9!y`HRt`5~RlNG8y5 zZ7<5uqDFro(Pv=Bf}b+AJWuHVi3w6`#qX1tQe;AWS)R}_PxPQNR833nTUzsA<;dYy z);pSR!3s%h$?ULKX%nZNKLsELt&CRtkvlUZE{ak$^DZ+`M5xMCxA z?8VZ`XH^uHQH{?*AUp!K_xL?E1Jk<8t73x_Y!|K##b9x1^AepwcefBas}d%_b*bcp zJa9wHY3(cXQ)M(^tMu29TQvt%b=^F8XCo7|jm?N2CK3-e$4^43IfD zsP(#_6CN<2^!^Tc9nNUR7*==?8gfSz6qGBRu#%GNESyK2u!^>4^AEdTn;p%}mv>A! zg|hlybFC%F0o&2v=)0C}eb7sip^$om% z7L%0a>mHy$DA(hLmJS26@#??F@@dzH6du8Mp&Z= zZ5Spc4E_q#7B!H~5HiiK%u_X2fGDV5^V=68DfLSTfA$?EE_Jth#pGB~+_4dn!3+ng z*G&OeBJemVtAX8#;dm)nxg7|yW;@7c@yW|H=q7b+`7(V-PRD6m%{M&xk~=_mqS$V8Qg=MDQ?WW~oWp-J?FB~9_9 z3JWb-0&I+3oG(2nQ%RuTCz*9)c4KPB3{`Y%*YQN;qVhuTYC+#U7A?0RFLjX?CJ#Jp zYwp2WCG0pQnhNR4NoR*WNW4*FIag^zW5j3+c^^zru?uLUA+zG1PVJh{* zZqy`KK^1oW;Ei*+vm(lyE?S_3Li-*=4rJwhoa}pHH|qAdV9f&+tx8wmCe(;(A~lw$ zntShL^X9dK7mIM+Ckbxs>wM+^u;(8 zKmw;X3oLCjwjOOb5#cIB^8d%ySq0S%ckLc`cXxMp*tkn^cXuyPWaF+aPVwUIMT)z- zyIXN9viITr-tSzTnKQ{nZjwwglga;ip5Iyvw!et-!*^}72$t>QJXv>jx_r>H0BeUA z?kj0HdMsbTz8m^6tQ&h94C-66aARk?I75|$iOHL*7CRc>pAFbO5G#UTb$~9iBq2L* zC&?m4CHzvvg2a74W81S1Qwb6;ZJLE^(bgAhxbfbI#l$tO$Qrv$qwCUiY?V5-7S1%*u4aj+3v)oH*KscETb3)lO#t0T z-XLw`-fwxD#V`Tl<^iYKM#}A(pB3vt$GPTmS*}qZhvlAxM`~34=q+maWeqjEW^Hdf zdspnM(AP(;aQ)o%@Ifk_?7V8>L5^~7J8GqJa*><_BxKod3wve)Kb4>5cF0MBfL?Y4 z4rx_xKMaObw!~iVtntO2LN_*goJS7MS2Lx2R_F*g_o+lS?%O&kw{qHFwMJe|PWcM{ zM7S7wznwn6eGG&_-|htUm<7@-sHxKXge_GcP)oLuGevc`pvA-)Mak6G-xAH0${)L~`DhzxZ zD+&tlpQt~qDu>>Z2$CM*{7od%A-yUBcMaX@ZzWagS@QP<6N5N@WOpKiso+a_=dg%V z)H6)*?AU2TW(qSOp32GJoVBGq#ru58XC%T|c1=UL)JgEiM{$q^=$iZzef?igOj-ZC znhNR|>UDri!EE*`klxl~P)juIck*nW#N{8ip!^Y{@w`Jw?pJqOb%fbkf!NucZ|Stv z)U(iSZJlEALC6+)Iu3M5Wf*^HeuZBNq!}te+#Mm`Bn)*aHd34XWforz&kTV^gYquu z>&$>7bf;x#osR!!2+Id)%#LJrLD@*(fWJr8iPN8YwkkLKV_VKnBDbFm-))!qWq^7T zKaOn2#ovugvft<=!J1V*f{ZZh zT4KM?{T1;Zu2u32v&gdgthR}6EV`Wv&hn1gvT=O?b?%rFC zU!{S&+K`>)lq)|@6)~?!KTG>dBM2Q0?Fst=Yz{VCtOe)zaxH_S&lz#W|KWW2U5OX# zj*_<%fdqMsMv3(QrCoRYxrqB=9JYJrWbI5riCks2$MQ-sEN^P2oEd%cOj|B99W{&Pu5)0;YpdkA$JfC^K| zX-lP*U1^Y5rK5la=^$QT%%?SBV{j&F%#;>oNdR8kBFov^Y}ph%gR1Le#yg=VR`O&D zW@rGBll*N1^(2T)Z2&)?z5Yl}W~b({&E|qV@>rHtyyQsRxkrG!Rmb#6QyWB_E=TBP zY|&SG0Dz17_{3F4?CN*M!73t;hu}#n?5*>5?5$Hmw#6e64cM-iU;a+2Mh|7l3V$Z9 zWqwOAysFVM2h!-Mnyt*=^(aubg&KLb4+G!j?cTr-OER_Zaq%#0sr2aYKAD-xaGX#{ z5WhpO2EjaG%I_=trQF~H1KZ*Ext+ct67^m271>m3(o;5=OpagqqYdc?G`{M25bkP}qbs+~n|uDPO$C zWOj&S%g+a?S(0yaL<@FXaTB3I2L+-{6`=KV<7*&Qc}F9HPFKJWw>1pJvcUH|r@iOD zdO_*QVC-;}#Fp_1@vQe900HeI7}O`h4CcSxta%6PH_k&F!$rda`YUGL0@byG^W{Qj zcZv-XX(9l2)mhKx&q+F;1v^r6-Nt_dKGd}TUDt(Q z2!J_BN}qsmQExS%o)lYquv#xhj3$*@Kng`Gd!kyZ-R>3>WM3@K#UPd#-3EY~O|$LW zyrjZsLyxV3JS7ph86yE1{w}hWZKmJYiv|)(iPOhCW!DhQjgz{&`F=4zJyil3s@`(> z6v&(~_SZve#6ZfDKc-&Ug~eCKsC3C^(5&rO$LWX2diCaoI?;=JdJ0ZRH-}8OvWc?# zdG~=9eWQ;@q9*z(I4@28u*}1rx6zNCh#*(#KnA&%w3beF0}=e=?o!E9?(Cn~ z;{jaEoz3sgWA9&>JW9gBsq$Z0db%4M1``(T3>B1X4t$f)uBY=e+s@|>jR7bCyLI)A zv>9oBHcGxEY&jL&ym9l!_<7qt#)!;Jq+9IC+DTIo$s^_+D@uE2TjmjZyuLOpyi$Wt zm*L}er-^UdVMPVlc+y+>v>hnWSj44Q3jUj<@dO6V)h~hhZdq!;oPCI{SMtcIfAASX z+;6nzn#~h9(Bvyj^ooj>Rwnj8>I!m?__bu@s?NHTbN^0z!PPwuEjwDdZ)z=0a53{1 z<_;0p))XJ<05h|*sT8|0WooXXtK9Taomq_=me#H=KkqL%>s@F`DOIuR^0=o#4}?XV`kCqiUkV4|B&S1D7kjO+HJlh;jjU%1pkz1YPQw_P z@%%Z8_%s|0MUF*19jh8aZ#0;GY1xrg0-b{%*u#hL7r5u4^pf_^98x;sgn%HyS|Ai{ zxj(I1>Ed~%FSm6@gUoMfYcz*&B?AeR$9b>438r;r0q=-ZBE}aTl85k$lWxpiEc*f zaTlLW1Gs`YOVx%Ar)Jrh9Wr4JY|=~D7GW3{)ie{O(-b=uWGP*+h$ru;EhEH!K6CnW zeplgUmhmQ%o4FFoq{w+>mSDjoL=lRUY07rjn58RFKXR&3oiCL?mR9>2XNL)@gxly^h!sZ zwLW~-nK!|u@!3^gA+aYzS?7D(3B^5pRt%Ae#H3xS&l>y~1%Z@QqSNdS;H6LPD>G;S zH>X}!9K8oHiqb<*yjDMghxQ8qbIzWXaAZ6vewZyqAoB4yM&8~DQ>qQ3?Im+sna5yNr0bzAe~kgY56XB(!)L5;E#p|4A@LI|af$iwV0Og9W8D!R+ueSoNQ; zn9B7xU6GOdK~Ia%iK|J-4qRtc57<>r(+#g4gLtOUMH2s=s_W9oUQ6*-p?43~zd_^_ zX(s$S;1!%~>=aO9C`oep{ARYg0}tI)eOM2G7zncGBxUa%oo43M7Z56e7`12IA%x-1 z&~w1u;(-Hk2X8n;!A&HSp6{P|v~4LzTqY%FOg7 z^T}f!H_ylU?wYPua$V#}Q0~XSG?S?pF!Gf z*GHS)|6QX*2CpG*ky=n%rbL?yD6P1H2u7tiWTAjoeeMq^8mkCBzvokEn^8IO9#vTW zxc^Ou@`p{m#IS8G-3jRb2GzLQX;5$7j2Bg__~f)yo}lFl9*PzDjT`ljlt*;8!>$2F zk&k)bA^&v+{v7|g{s!Q?V_^lS1>g)mH2I#Cy~&q?W6M-3=P$X|e)QwT`h2u<;cNWp z^ie65g&GpJLF3#Rqn@cNf&nR_6Yd~$2?o+(L&`7u-N<6G{S$@Mn^iuC3PZ7w^C4!K zEoDwWj@8H@DWNskgov7_JdU`Urtr^M)lmtM-{;n;!09gFXHxy!Bg3b`x0afL)kj!z zrDRj}RB@+e0;a|^enYUkeeD7Ia>(a_H_6GGZ^6WVcP-B(mbHhf`3!>Ej#JJn%Nq5H zaWoSMGXWwDj2R0R`uAZsp*ls{T`Ze_nnU6pO<9mEvn+7U7AP?~nYra9*{jE@n7mTB z0e-IPPAKQ-A!&!KvJ`)xgj(6kVH716&j-3fir= z8`rS-7`SfV!w&P(Hd~+Q)!wbAjQnHpiUqZO;Es^8haRrSn^SvYo57SaeXghT$>vwuU|GXD}zAUFYWnpgkQXR?wT^XWK$t!R=i70j^>xsQl|R z0Ijemf@srhb^MF*Uv+l}y&V0FGGTo@NiyeN&!cDdx}YPlr@$Z5A@ZA6^Xt-NOE&)q)u z`pj}9-u2P(^g9R3YK@fj1uF3~3-K2i`=ePaFK=LEj%-rERnwrddGVT>k^&RLr#*5d z6r-GrT0)ye`GACn6oAN~`Q zO?}B74}O=*L3~RH$MDEqf+`=yy$B(#yv}z${KgwQrL()sD3KslS)Y)T#GT9?(ZT3* zUSX3Z$LVw0lnwVFua`5f{RNc?~w#a8q{bU4n*!s$nYz_H#txmXgZQl^$m) zr<6Rubnn_%?eDHlyvos*^W1?!FBri+`%2+1i+j~sbI<-4p zHh3_jZc}8QAxQDxmA>|ryi_!wRP)^Zf>a;WEn9#wy7hUa@hJi`}W%4zbXZ$<F9RJ4rc?n zUdC3EGEW+IalJMhbH)hG`Mm}F1dp$sfvm{iH#P=EYt@d-L1jH7`)63zMJ&~7K(*mS z7Kzo}N3gBNF6$th%ml@Kms`a7&sE}9B*bgze zc2VBsy4~JJQbnhdbrz+>jP&xtL?(tDd}nr3SEXgUHY^daou=gG%O zD$|JAA6{EapT3G|KLYmZ*W*Y}@arlWB4}TCPVF)m!LnhX^8bj=oA&nS%Q*mLWbJeT zVkuig-vUozz9J)C&kUjG>Fsu2mFe^UxEykY6Bz{2S@H4pg7EXGvfx`5w3;OU3y1$QQ-!8k1CIWRsrhSRLG%>9*o#j zxXOqbdPYo!2&QBJBw30=wNNLFjVBI^xIco;m&TU0o$*(k`2C`Wa=tUbl#0N=Q{D%6 zb4`Cv4H~9|eA}6Nemvaep?nJq%FAf`!2~`i;1?KWCksAE+AF5e>?ey3{1L8|#RT!9 z&`S!Y`jO^}gti`gg{af%R0QAhr#xep5!1D&%Y7+lPGMa!jhoe-#5PAcAwgT?3$!Vu zr>Il#K;aAa+R3(8tV?j~1-#It)bC>zoNk7=P( ztm>BnDbpuYMKewkhOekjIR5}g4D%MLjPY0(N_O6!tda73ESXKM$#ZWdPeY+u$nsfI zk%%fEhVNk8yAuQfem+75@BICX9dp(Dhhh5`j5rYH8{a00zly-)>U;2eMEr$fL>DSX zI6K@@WaZ50V)%wbM=bE4G9CST2D^QThkuo~6kECsmA#vP)z;VE8SvhncJL~s|L(xs z=?VZ4^y0-A^mhI@q$<}4T8*%<-e`Et$&L0K39%#gq)H5HhQc(eBw!7zxG-%plX#|K zn{yF1YlIN)^1=_G`{BZq-$_xqbOtp=9<~g-{sR)MJK4`R`}Nz5kO91i7$h|LwdOuq zSW4~>qO^YIQPwz1v)|E_Qf+sHS1pMwc0u8Ib5n}dba6=7TK30`DmObuWoAt4czF@Q zed4|5n6FTD8%k;J(S!l<+(vks`a;&0x)A)OdA}vC&-Iz>2?YcZRTM+6C3;BqKE*I* z-qFDuX*2z7NsFzo)3(Q<$Ck6Ah?BQ zfcEbF7LkI$YG%4VvkNV4=6n6-bhh{fi!hKX%d`@_(gdd9o-Dlwq9wkL&GsL2dSct)xgf9>JW6+V6 zRYTcXx%Co9{Wj{l?>2Gg+`ndZH?*8UAs35YUi2#{MWc7Absqq{3e6~aBru-|N$Nxn z$E43A1AZu!^E!+aE)UQbD%5hW#yB7p)39uwiB2sLQ{<2Rg8qtw8~LsEuFo_4 z={958pHAn>RzvM4hDAuwuXzkzd&+s&-yrml%dT4!i;r;Y4*btEUYHsO{E6Q(ekYM4 zY;i_pCbY-?ZBI@lH19|Y{o7Xf;a>(F1odG8EbzjYAo_UJG}<6#b2Pr`-Z2|5YYm~W z5qn&b@cZS3-6&ywt~tZ@>!bi16C_vPM17j6EyeguTGs;qB%DxqC+f$1wPv_8sX%NS zvO>XfVMx-8RX}sYpr>i`d{p|Ohc`axxS3}F%i2@0_Woz256qE3y`5tmbJ#sS6GPZrh;ZxW{j#RsA4DP;gGqZD^-8l7D<$BHz= z=2{H0WLm37y(O^T5{YseQv)H_Nl^P8HQdQGvG?N&*+ipLC-^s zVbCF-a}_9Qu$SP@Q8uQCB^nG*Qfo#BFS`JVV`xuKz@sHBFf;6DIWHh~!REw9uD_xh zc!Sx!)$7k{?%?%#P+t0!0UxtflRCAF5nAH7)(Kv_3B2W$SYECy%AmXqXzyHLf&KGa zXryya?>vs?;_~$Ne~&7&jAZ$}a4iblW-Z|CZ{m!A>!Tx86FI&H>z=nO4;-6q)0#rYYJe`<=tmWN zN>vhZO3aEQai0l5G<*@Mr;>1FA-837M_8(vV)~u9!;FA3m6|Ag2`}UVeHbTypf+Cs z6iS~^&yyyL56>gWs1DP999;1VNyq@DFB@Qh-vx7^;XB}PNRUdAoglbR)kkOlX0g!~ zWgIwe5vd893`1rrO{Ut=BjNi;JEy8fo@x{>rmNc*5ociJSR$S<{aQCI`|@_Qzh9lF z+7+6<@iR0>Deuc1MrtPaG0u1m+YRq}7)V07<{?eCK4Yl}88y0Av3UW5rlmcTyuQRX z;@?+tg!KZViut-mkRJX<@Uw=~7ppa_MXHtdLKNJ?B5`jV!teCh#7h@kQcu_4!a4$% zUl-%RnK2xYRo_l~d=>Y>=&y2PFG-(w$pKqatEs-r#m_pQ0*Ub(EsUaP)Hd+;$t>^r z4i7>i0|v`k-12eXC<*_3Ta_zh?L8*!C~+u(rt65?7soRAv+0lEb363a>vZrW+wX?< z+ZgVp1UF}I&-r9#j+G87cAuat>BMVqq>zmfijm-*AVEb*1v0YcJ&)PK#k9O~}Jyv4erYvj!QI zLU*xFEc;F$xLgg{KA3@JHeWk6(GT#Qzk%j6*svW02BJc8@{{qkBE`iuviJ3fm;XpNzZ3m3+-Hoi~nZcqsGV zDA*yLJCxAuP=;T+rMu$T+@b~3N0bjBhM=cbWDDw(Hv1Bx5k_wL(rNXPNRj%n`yK;m zir&hrD7wCqI7!3c$S3E-!NB=Aj~ZFcuAU9s?z>qMRM&+=(xSf#4PL_GhkUh2j`8Db z-A(-~;F;?&DrM$3Lq;0+Y&zIO53~ono}k2%3{7C(u=V&Od(5qBq+gQzzcx{` zu_n`PAK)XTN%lB73N2G2NJ&9x1jDlY2*|N8ygDbrCDHF1QGB1v|8CDk#9oF?gUQ@` z*Uy;;lAG$}&5Emzq?!|=ydQv{xnA&Nz9W^j1@j*}1Lj=d4Y$QBu*>1tJ=hAP!yC4x zwm_(s!sKs6*fcFNt)_ylV5}AFn5W?h*LWso>vDw*3*UIzi@%WVpTVD0v?8d34QX6cXxs)ezkW52s8h zL5{=Sw}nZq)~Cg#QQJ(b=y&>(VBK^KW#!+*(w>Le(AKYDPyzW0IO;Qve*%>yh{(JG zISUOv3wYsmwg{i-I5akQu(7)ls0Lcq-`MleYdCL`6GAN3PvFu#@`7ScOL`FR*PE&p zIn&tpaL0x6tRkJ$zFtt4+x6l1-;Aq8FXem{GIz9q0u?W@68j+!m{- z`3PW)yyxHYbTvy~C6L8QDeNQ(X`l(R@uc((X}UPm6>3Zb3jYLe!wyJcB6I?0 zApxO5Cly57LPmUDkA3Rap3;O*&Jj$6(iPsn>Uf#1UhT!f8F)4!kY7r{JkfPIUf}>qr!N4D?1Mog-~tl;c__KC2lIc zJWdU_}42;NB%Ry~U%qAft>JMoJAiAFH78_;*sDb0dtC z4srfu$v`+tOC+Im3SP{VT4>6S1rt8N!^2m+-lDCP`7?_AxJ=A5^$~6sEY6#sib2iWsLSzOUu@bOpRFOp~CTV4x zJ!m#Wb8CEf^vTDK{w!2{OR_zWq(491R$IIao@!BEbQ;|1i7|i=Oi){NqS=o7JaomS zbI6f=$`gJ30J24*%p3a|>y(Imp#}AP6d!^$9HaIbbo(7C* zvco9BiUSY@4o$84)tkNxv)L&j8zwRF%mqCNo>TfYyj2F4|CRY8O&QkkG(oJJ8);i)ohP_%)rsN+C<3w60W`sjn? zPgk@=Z9(U0#NT$ZJPZ%PCnKeLwZv8I2(fm&-+yq$uRXLbD~q|QdrLz0Or_3EHz%CK zQUlumEOk)oPEe(|?H)_8%%~krlyDV!{P5c235c<0Q&5dTHthz~DWmqh8)JqliC`~q z5k)JwSajG7md=dR&rK|a;oG`06|b-Zbx)7N=1H|8O^)6j4_>C$^h9Vg+Xov9-q_fz z-cg5fmNju5<|wq^*cdIsd$sT-v>P(rG@W99`n?S@az(;Arm(L!bW1fxxMY@$rCq2P zRB2%&mTr%2YDR>ru<9j=C=LmiU_=efG-}%`D9{8N5))E=JcPNDKE7LJop7y~Q5shh zWl+5wU4KWyv(ip>m1vcXx3uWj?c1D?y7DjiVvSOjc7-$*;1y!UIN*IrV)TO`sgR4v z(^{Izu7jFKcA+sA6T`>SsULa<7 zT6WHgF$4mC^zE5*fu48G+!kLyV|%R|u&^re>&7>*V;N{d>%GbuT>uSrYg?ngM>lt8 zZChak5m_Daj_<95v@8J&geS6<_#>YreCCh4#cr5NdMb@mV1{xNto8Wxa=Wd<&-5a^!|dx`PgPxb=qumm z)hB)7$0xQzsC87Mz|kE!gTU^Zz@Pb?7R}1W+lG*LyY#izvcNLM>zDqxMZb~t;@(IPXhxbmUa^OL$VT>tt8(%x(RtfBE-@&)rXN`(Jmd>6ID${wDja=) z;m8t^6=@~I`w{5jDd{CG3G+*Da@jT16X&zZzwW3{EF((FNJQjGM*t(L1Mf&Egzsu- zst$x?VzWEJ;>Af`1Q6e%#P5-o51+YO9}C}RLBLKj0ga8}0Qk`3#kcPMf%m97%-d+r8nHjsD%owLZ^#q0!2uP z9yq53vb~5Jkd6jEYs_a$azV5H(IvQ)5Hr06JMe%z;7V`IH6k)q=%nJ$7oH^Kl}Yb_ zIRy80{|>mwf$%vPCMK@UZ23A4Q$m5vlh!kjo#K;x{btmAZi`V-?caR7+5P>7_r#qg)0o<}pzs;9XT<-j(TOJ-Ws(4>*u~jJ52v)A)B0 z=9+)bFLI+GOfAvhVRhok{Jb#`K;@f)?XI$Le#omVR-8A$lE!P7a;QEL`Ix^o?bF^x zJp_snmEHl!NUqv$O>=z54|*ge+a%1KG4w3udI4}oEkhCplqYQ|2Iv3{W|}AJFBrAn z-=1RB1lUNw@aDf(OqNk^?$A_^)BZhMqsMqadKVTriY%;m{>Q>6y%CJ5ByXGY!zDs3Y|`@D{SWBPB0QQ97{hm3iEV@Y80V zyA(eQs>@GI#e4IKp7T1OtP6KW-sc&mDiS3ak%^Uo+t2Hv%^WPAjdv}AcHhi}USID%jb_wOjpD{S zd=N^5*PV~Omj6&|v1>JycrPQO(^z4QHgH=sH%+Z|%t4kxis0G#y+79uL$c)Oe8Ub7 z&j^|qCZcOx4EpnJOsTg-GPmcawRU?=^>Y)MGHiRS!f_ajgXmk+;?9GD! zaBL~QnG7GV8!JL)E%Q}( zqnon9S6ZfJN&w*%ox|JwM_$FD?;z@TS&|4?zIfO*Jsq6Rj`2eLB?8oW=o$k0%=5`v z(k*ePIeAk+sJXI)5iJeJm`0uG#J4b0?3us{c01bXcm1+i7#L`Lq5v%Qt*^ghcW~z_ ze5RWAAW3C^TbM!4AYRSpW6i*pb{B}cF;SnL*Yg)qSQYX%3YwZ@92aC`N_f185ElKh z$kbkyjNIqzi+q~#-Q-EVnlXyHq{n_zY2i=Afxqi*Ux|n$)4Uw%7awU zwI9b`#=T<0?C7#%?vry7a$~PaFXPMh78qs!%j;hV=_F-)UZCpqT z^<%cyb_Fo|=$OQoN$>>cU{srHtNn{OSHifOtSu=|y1mN1&q0zT>wDi>o*$B9N;OZB zlyKLDY(^n;8|mH4Pj@K8qJup{DQ$QJa25-$E}paeP)uY?qk%(s^C*l^hGrTh0ZXV^ zcZ#9HdA_4uBb$1MFahtnzJ7hW;6~`btyMBA_Qrq5#Fe_%+FxsW-rk>W|EvOq{@5Cn zEkFW7Bs2#_TQCNzBO{7uk3Q);iaJz?NIN>q^@^zA`4N;*=hOPpg{A90y#d$m~rHqQ`I99n^#y;WImbS?opI`pRYeVtL1S znTIq*FU1e}5vBbtlU8#TJZKIzBi{4e#Yxm9;D4{PeXB3Heq@2R)IOw5LMj5BKJE>vg&g`@ z(Ay)BO3j7;27;|v6ZEJps3N&wLCuH zH9!{-eEv{$FMX#F56}^u-MAZ(I!p@dcu%<=403;xWt&O+C$)!~;*stb`W#BjrTRCX zVqBcnKE0^%xk#YJO;lw;3v&hOHo!Yx(`NC)eQ_eKMGv}a^;^9nywFNL?U@v{eX+)S zBEx$8jViu6%wD$iJ6yY5`Ffw579o4Mf77J)ruLwJi)W})v50;9b&$tSIp-KXDMHz- zwH;HVRd4V1Er&hrJHGiJyQnhD=+-pGkYJV{bR+wUp zb*UrYcbIn4vJ~wFljI4#8+~C%1mhDRIei>z6`!D};vRjDg2#QKzNoF~+^%(fufPXW zPM?{Ne!3U>w|8}S_vG-!#RJmsBR6*7`ULRm;16tYAyx<6CaK{yvJHiLZmh!}+BX-9)$!~V%_rw2q5c)pe*=ec{q1-Q`$RNIPb?)fEi zTzu2N#Mz>r8@QF0Jo65^LVJUR@re(zkR(rWg%as*^(wpb_EJ)ps9xLny$`?B@n1^>6#|k5DuD2Ha=VRc}YD55A=b8G{EHX>o3>;u_^%c zURCdHOj)HGK4swkrrROMuKkVFR-T;!pTW@54on zgz;I3Zss>Om}~ZFh@xH!-&mVGWEC@vl?b>dye>n^hvV?b6^4Ik8!>eoZZMniV_r-y z$jP9&%TzP8!^B;2c9_JMJeYOT_l_}U8 zM|@ha?%lcszCo;^K>w78?pVhm3ad*;G@$pqkjC8r5U;AZiXhiENi9Olr5B-#Ht=R- zhp{38rPXzqPe%7$-@WC4+8^BGx3}>ZEfo_W zSlAJ~pW{|jxmNTt1Ber)cIjCf0(>u!ZTPh|!YR+K^KKn{oO>~m%E%6FJ*cU6vjrCi z^_)qR$m)ILBd<$NW+&!5Q8Gh4p^<5nM%1u(w=yfdF15OLKFF$=SI_+!~Y6gtj=u; zildu3&D&7;;3&e3)R8V$*ur56tNVP!YuqY{J?(VZ!A<WTe_;+@P|M%n zd0GTq7-jdN_|Wn%d6#t*_xXc|tX331w0zR&c3bzqRVegKHmk9doQq*Jz`jX`#z$y%&PZ zt6F0yWP`)+2MeECpGk#N1?-4#kN665sX1BB_FBA=MTosyU5jDHvz^`Ksi78jA^l}?QQjJS>|Jkr!5{OB-95Tfyr=;BD-B)QXed|J zdS($I>?lBSNLv(We-ru93J`huxCn38e0{W0>;VaujQ7(n3A7M4uxUBV=^JaJE`^kt zxvLxCAdW78wkin>?SByy76g~i+Ws1kv@&XFG}Dc*!MP_3&|Q`w5bCr-&-xB4g@+v# z(8v6f7?w!tKwjMq3)=|Q@-T65o~xX_zu^qawkDv>2)^B^O#YD9eM za40`39GdTz!xN$Z@;|oR0phMuF57HCa*^}cu46sF-==?Q#X&$SnR}l>_)Aa7Tt+9F zsM~sc8C&><3I*EU?E)Xh&8HW&59TWBWP*W8&joL*oqT$U&l@j2Dk6fnK*DerXvhum zURCD&NCTU-2vtDX26?Wp!wEpMN*5-Qe>TMQ+7US)DqS}?UR*oU*EIysvkYOg9 zXbp*wYAIIR3dSc)A{gS)O3zATJlGXaHfiIY5Z`&LBOCh+y>yWWER#8%Ba7A>i<*}; zTytw#DKhxa-R%Xj%2F(m-E^Po@JZ)FcEvAdMj$9@WfUN}-`<<>iFf+XgdNqteiAtN+n6%~w!wt5cE@l$*RKjD0- zdgrfxk8<#Ps6=crT?!{}-OvA-TXPKFneQe}6=Y`{ldARU}Y^0bl8h2<(){xn6URYwX#8wY8lEBZN zxS#>>dEqPbY{%Va0F-d!J(e11Ag$tE)P88*ac6~x&+0o2!*L>vm;AQTlHcCG#hny2 z966mSPt`gLM>}m#hDwz3lgd{m%*2{`{Ba0i{l&aufmuTKD=5wg%Z(USnZ?5Bb-!2o zflJmXygf_Fk~>x1bKf!Bi=?;ZoMtP(?A{;kDWl7tSJl+~h&VLWP|=b)yk0>FzGk1W z;ImfeQ$F!R$#E!9NqNR8ykEq9whZwWm1sRLYJs&p5GUa@ub(YFW9GrVZRKe z00IZd#n2XORTq|(hSWkMfvY;wVEV0E7;W(QTvM)`1Hk8+q69c;|BaK;{Xn9$$nNZf%k<~|clS8law zkZJa?<0@pc_jtjE3#bNoUuVY8-tzCc>vIcu_AB-WG6_fcd!A3wJ%JaW$X?ORz6G`V z2cvtTbEuqe8jCNn(mq4(n1z|eGGt7oLCxlwOqyE^Bq&E5k!Jey_+s9Vz7l@v1+!Wg zd^sJyg8v8TwZ^<9xQ=71pY#7k@&&P~Q}PrZTR}#v9$jGN>|N=X6R7S9{k6wn<$4;@EZ@aJFppC&3B)wvjJneOs96}GSln2_VufCJbznZ4b}O736uy`ay>I#?Tzfa(X??f1gJ7GPP5iwI z^0#28bt^Bqw4(~(i(@u6|4Ps?c_8T%ZF}w4wH}PL!hbp4|2{uLX`4;=@}WCHyYG%D zUyF!zIdj<88Ks~Yo3*>*Jgfg11JZfKICN{)v)Ovmu9Ty zBUW)LX!rjNz9LR|vCF%e1Fl&oF%QH~$45)zPZ4licOt3a)mSD`2k+IxfwX*4krM`S zUDy1XcNNYQ(OGIA-e1TVx5AyiWW6pnA)g7JN{53nFXacssvtSFRzk`|67Oy?Hv^GtF>|O%V3$z->wG`;I^u)&+{GgBQq|dem+{S@LeLnp5%bOB z^Nr+ENEvYoArNb6GHT9jnPHe zqH+o4mlx@`8&|-50dx>3$!J_WwUN^aC!*(YcF{=nwhI3ovdLiwz>D*-)~G*W6XC?? zFvvR7r=E4bNwsoeR=xH~yhMi(REz?QNNr!OMTTU4^4d3T^2(*AWL0e(07OW+t@?6< zuK(S;Kqg@3MG(f&=eZ;5qg}*I)@4U|`(Sd37u4#S2eZ|i(U&?s!xeYT)8(W8`X0zc z%E2WTWPG{HoDjL5F&i-7+)2@p(9XISN#Z|FOU5@cDWfVP=*Rc}LrffT`0^Irqdvq( zoPz@}?cWuM9`Z4%$f$>VlU(C9&9p^td5z5uN_u44@dg3^E9zmRLeHRxdr`jOaC!Nc z#>smH)fgTyj!XzZc*bPSUrO&;pf@DUk6{=yrLJ=^sdyb=S$MMS8AWKlUEnzM7#aOs zT8Pn|^~lk5^BluwA_~Rw9R4ZUz69GX>pu&Ku1M>iM|f&9cvw)wcPyincko0d^9lU& zFq!ZA98!Q-rOng1K^U?vRH!q!094wDN0Z z5o|s^B2{h+f}^~e&QlxzmTtT%Rl)tnm=7`vFk*OjwfT5<;@MOJ*VJ>nVEUE&_V5%$ z9;3I_v-Fv^{K?W&vQhjT{(I}+2b%f`8eR7C^Iv7%J)5H-IcdChvw_<~jcy%oA=gd4 zcpHP=9V{LXH!k71r;l9UFb6~OANp0u@l`Xs2UrR`E1%1xxz<*shQm73S{>#R1h{#_Fm*N}hdhzR%G!FLeD;{(P-@y3@p!omLLNs|nYiF2BL6hFOpJ}{~# z=;6kk_{4lnJgYpHJitwg9q8i{Stx}CMFD^A8;-Y9@cs)`T3yh)Sj9u7r%vv|XE#pqt_AF6WR<;lqv6-WcWC2b>{ z_)#%&Z!H)+7A2?KDhh@aiqz`OuQEvm$r1mG!i4h=_i=f#R>H($wb1Ppucw{+U@&;N zK(K_SdS1@ev9Hj5PyhvA<@l3$yL;Za8AiH$Ystz3yDFiUOo{V~lQRIglE z0)t8zO~HMZHaYq_brBAhzk7DqZ-SJNx<@&mX4))v{FuAr+He92{6i>;PI%4N?YZaj zj>qHF5!69a&N@1))xbad>wi(0Bg*LqV!w+oDmRiHE&hn*Q2!_D5n~)tf6L*BC@;w= zhn{-)03$b4R}33c6;;O}NAqW2G@4==gqJ>BH`*VIc~z+GMYQY`;Z0-}ZH625#68j= zS9c^wybfdKbOd+9&|Z8){`WZ>kma-dhb;Z=PfgUmhiB<_!z2*RifT*rZgHSGpomiL ztpRuKU2N!G_&vBUk8}rw{}e8L37nD2>HN%PBWQUSyX;nO@+bcv<^`4()&_v&83Sfs zd|0rjH`==j>t*M!z6-Vr(uCl<)wnUpC+|D*rPPUSTPFK#6I~2HbhQ3>_VngNG7gDY zfR#n-Q%uL9grTgJUnqf>;8;mxI8|(&``G)~KVK_}uCZcaRs_7h-7Rfs;np;6?1cHN z3F?#O8J1~*h_p;v43KlIgDbcBcRQdC5$3i99Jaf8dtTmVv~V?M6FBG=XpU_WkWJ21 zgL!TaS(uze{Zg#YpV=^IbG1`xUtfM{eVXqbUSE?`x#HP42R(So0DEB{HGbJJ) z5kYe_N0qNpPZ}vVCVZMIFR*Ll{WiH=+qhiCO6!R%AyMomqc~5kQ;xDoU2JFDZ>hBM zQgfY&K8pjd=DqKLU3w>53EVn_`HF7iM?T+9m_BI>Xc=P9O4C_ctmc^LM*K9dvZGG! zQMgOFs12!;$WP&6KvAWjxrox_&x^4BaiOA$hoFOAV4eH-n_>}!n4u{noH8Ww&tOf2 zs&^>HT$E>ob){!SZDzwOwANoloh&!QA^lDp`5K}9%g}^aNE>LECGRkH^55(PTM_eX zAOHKfuUWhTDYOcniw3)y^uJ%PrYo=dIAMvIobSaThR*%}etdc3aR{L2PTqbgyVR}t zXKh1tOeC%2kE?iu(Kx61{HY@djMgor!V+2gybcz<`v6(Ht!{&w6H0VHa7&yCZ?!uoHz_vKILQQw*H^3IaW_)%$A@f~zQw2T{#IH8gB6Bt%+7$PNqlo*Uxy|}Q(RXB z!|X1|dcweO>0T75sjH$*f@aLmsC^QRgj~BmUSgw1tFBCa=)4O*u-^`Kcb_zS+b7^# zCPs?+WjGi&{z%+d9%Ct9AKw!AmEleD@6y(?^PCbt^sy&Yw(V#IVY%69+S!=nHc`z- zT%K59G$7;<2lom5qvv<6ec_Nqvj@(p&(f%->=`(eX6xWI=y5gG`Vpk&UY)!5$oD8z3AS@_wHhwD*vJO;jl_3J|m6reg78EZ(h! zgGD>3g5S*%X4nAXs6u|-01XTP`&7WgG(H}?|8~$R7oew6t#gRgY-r<-7|@gX3b*;E zmQY8Nx*?8A0IarLZ+*-J;%_=a#`6|* zBtzgs*oPy?Ks3|fqn{T+lB3)6JCtF!0+<8Ahsl`;WO9Wp+*`v$tVP7_t<}Npb?PvH z`1@W0T__6o?E7Ygddge^Ajr8)2mV#41pT#41I>BV0Kribu<>yCo7ZQ#oOvDDKpU@S zvo}(Qepsi~O5|N9WCIBAwS;jl=&XajLLuPG9f5RvGQ^%mk=DCxc+}PT|mujPyt#=gU_0{sN+wX<^2;G9S z6TiLSUS`AU7Gy8txCVJTs=K~8MCJH!mc);o$;k{P!ZaK-?0nDAnYn?%6KjPRJG5uv z7pt{<(74Tf1`of(5iQiWF;EM@ja4QaBuvnB0^+{M{sWr%>zsv`HS{B6&Zl){8C8MR<=GzhfdvYLUUr8SOc>+@PNo55#XGZwDt z3vi#R`t_JQ(8wUVi^Ww1ms|;gAK3fm40_KKwz~%ton@^+tGQMUXkE@ca?V}B?|UPG z9nA*#qnXH6iZ?N*Fgk-XYN%pbST!76L@aKMV}c}E={L9k(^lWwg>PHN0MAVbkxFJ~ zK#=)J@%op+&m*GurX|PeK4q7*ut+FtoX#vG%p7FxK?h?&qNF+N2A0hl@Ce8M($^z6 zp(H!&=#3W(Bit4~-;Vdw&~ll3WB0rajFJ8A(EPkeMUjE8w*w^&w;NhDEFOHSv>SWG zR?qmPwzzn)Eht+UHePwW8?Yw1iwz_A{J~=`w*jAB616Qvy5q))Ue;ZyoH-Vc0I<>8 znGWh9i0A?S(}W&m1pxDuSzb{OAeb0E|DL61t@-B}=m1rSSaoNw1N1aeZbObyl5ve& z`$l9;*TN=fl6vBJGLM{XBN8Hv|BD!EcEVOAGFvr+6*bS~RovL`%HFIMA#&8W#cqG~ z*!L;8TCRDY=uyjLi4@Vfu7wwlVoZ+$vwS&ZuYF>-Pw3i-*&lKgW;-%-|N8O@PaHHX z^9wiBc?cg{5pPyG23VRo{XDTEE?mmUMU?D%tlxSE+p~}^;BPjOyC$f(d^)ZHL8Zb! zwm|Fxwg(`tJM1@*Izh{J&+@z0=TolhG~cz~ner_ZS<|%UFvQ@o`1zUdY>rUMqK$B_ zi&@cllOu*j&0?p`P>W`b3*!i)Z)a2xXvas;1c+Cei@2{8SrDgrj4>HEeS zaV{3DgDj#C8Da6*Usvh(s~E2v4VqMu@lyZo!@D%(zTHg4`(lOU{@=f|wcorO?&Ob* z9tDvOY?yH7M8|s7CA+N_tJ_NZY>FVOG5=QHm7U|etr|Y|<1F*epWA!T`vTu{aI}>c zcTlc1&dP0$f7*A!zcbo^bmBD-K5la7U#?XsfWDwzk%q;(jW8p|005- zUYcXh04e#KqY04z>m8t_WjAtARl<*K`#&+7Vfk-LhNv22+Q$rJM`DxHuu#7L1fAVH zY|MfK|H}_@-W*0zez(p1e-XmdTF(d@rx2a*A+nb|cd7h?MBxJ%-L7%5pTB0=aQ!(h z!2_OdKiP>qRsm!I=>NLbzmxqkQ;5&O;;vu}D(`(k6ViMKX0A~**FQmsA$VjcZh?r~ zM{*}n2!}T+kkPyNMn6yZ;DR~lzG5BIL(lwxqi0NY@?s-lP7PmQcI-7*(S`|(SMWP_ zI_3)nJI&)pNP*8doflF3{`S9IpA;1~f zVy3IO?&-547K$BUE4vq|M%G56IAGl3_d;Ze<6sN<7xV4^m>x_LJ_@59?4?fin$em( zwv>bM3W4K~9bJ6DAVSwbNzav+FqHWp7|}}|@9ckA#MmXT9)7cxw zI&ifTO~|MqI-B5;0TtA!d8UZ}Eyv6yxD(NWIxG$ghx8L+cKA4s6;zz#{v|C-1dJ?N zqCXPmIc=20L!HgL%Ggj2iHqgyUYpaO28g?sB0!>Ji9b@MEjo@y(jlJDQUaif#)zv5A283|%)}v1K!*%1 z$R>0K{$i;;=w~?Ow_Zs72`5L8bMAseQMyt%2;V#KwXhMB%;n-|ASJVZE?v(L*2XU} zY;`D_+TmF`VJ`9yj!y1=W#U=J)y9|;6eRpsInFw=(|*0nVi>IR{;&T#Ls0U9Gk`WN zp25zg$%vw!48d-jg|Qke{4hWmNVLo;B}vk3M-~OsuGs20Z+b~Idb4E=w^BHrM_wpF z1d#VK8f`XHE;WT(q_3ja-8n)eF719~H5ymVe&9;|9cf3NIY^GKo&z zKLzpLZo=uX!W{F36}*5MVUPlqbE?P#OCwooP*b-SC zoO!1%mxv0vJ;rlEgJ6XI|6w4b@;DKpC5ci*(ZA^{ME|9lc+AqK+#&Z7_L_cVB}MuV zfxP4N#HcGc;RzALV(pKv3MIFfXuz*`B3J*(sQ}bSEdV2nbalkYF7#Ry?>(dDye?qu z4Fd&F1xuy(K~7OF3qkcR#oUOIT3zBoX4E+NeB6rdd*Xq{=!gk6^Kt2HITz%rMrNvj zsNg{0to|P?)ymqQ{(tu@Y~D;COj(xDI};6DK}t(1)DcWQoQmNZ#fL1h-O1t~X$`m& zD&|+GLtk!si`y7L&zo}$?_IDKC$Tw;P?;?^Ns2s03!@A3G9~3}m0+|Br(qYl9b`{t zs-mcvc{K0&rr(k4~#&H=4$(*JIP#v97-` zyeJ%R)${_|C0Ip_DXFb6&l0Bff}-3cWEK;c4XUxYkCm|9h!=a@1nbin#P*=PL8 zhRkO;X&EWzJH|JJ6=A{m!4pEa$U41WR0TNa%{gJYCT z#T!xa>O%CtN|T2QUbZO^%!M5!9G2Eo)KJEKIER4*@#LJ^cyOLyZ)D}cVk1D?l#(l@ zF4l>FzrSt^qv@%9t~RT!WEDuw9CKVQgr2L8|1{+J%hI`q^+-j!`gNYdrli@0S@dyp zNH7)aPZNr@MnLWgyAG6u-AaCra6b)yjWY^*Ya@^Zh7ssv-w7i zl9CJk%~!m_tJs!}Z&R>MM!u;{FA@xV=Q|YvU=ti75$w@Mzb0s7^uK2$Vp2$QNKu@l z!UclWMJxik^>X@gHeRl`5ZHm1+IXZte*B&>r(kfybU3BvQNOqv(msJ%oE{CoNgjMX z24C>dCiQO}gqZ-*23vllGU9DhIAasEY}}XeK-S(S?YQW4dUATC1~5`7Ib5p3qHqaK z7>gU@Ok(m~O^SSS$^gleVoS0TUXAaG@YnI`FJ_88_bijK5!%dU*p?qqsW)m)1HOSB zezzJBBApxSpC2$Dy+DMEU!pxm!um>1R_FNLS~IplqyMPNUE5a>8XDS{q*sviXYewp zBeG-@biUB~2yEWof$Qu!Nz5YgO2h?BH*OzqVT0wKpl>7{`aP&(|#}%K&z!|N3b@e~*bOP=66D8KrL| zBb?appVtD*MV~$`(z|O_%i}tU!ZY4{Xt2YsPT@?WAE9n3PoLig(lL9+L!m3a-_G!b z(vab`#=9bc$CEez3^2kyRxXH1V5~wa(7xUfITN6nuu|tB%lnJ^?y85qE#@Fb1jS!p zxkypP#qKO!D4&cFPshimlLxE3h{g1}>RVF;$1sKDUtQS|8T1fO1FnOhZ%{7o0b${v z-GSU(f3zYH6{lMXTEcH0zwHZ>si+Dm9MlEO-)5@(tX?QRC9skkwkLH_qgP?hp{AF) zr#dL>d0WeAbhuI=8iUxk@9;2_d1M48O66+C;Hhza-eU{U}ZpMwv1J9OuPzIkTd^Q548RC`$P+ zYPL$`Ze}`WmFoD??)?=A5{17PGyd|@JW!K&BW#0p^M5XU(cXd`yfpRg=E3{5Lrw(u zKINK!n!7iS%Fx0=;KsqTNmQT(g==%X!V{X0zc)dHMe;D-(fdF!l3(JbvG@0^Hm6~n zT5w~60St`a32p=Cz@Tfc!kh+;IS_N~Ay2>2N9`WeMw>cYQ{ zo%Ipnta;#fdYb%;u03c^l<5XJbLy8p zhWgzhL~u(KpDW*-1f#9=Dnr`$MihFG*q7%H;e{v&<=gAZP9zBNf`wMr6y+{aUn`mT z+!W1Oy=IV(X!%9@5QvFk6IA>4BsQVz3tJ|J4;6+doUxWd64Bqn08T>J(qWV}oKgJA zXDbS+ed(LdYVR77e6>Y#W>F)aQ~mY1zAD6)mNVF*FVHVXuv799?jyh23AMcwxKIln zqj10TFlSEkCQG9Gi;-LM=OleS2N#vf{C89X7V~fg>OKUwASYiV^A1-}d*btk5X#a) za23MyBO65c1@3RaIcRNAZ4H!E?0k-3ODsARn}-lPii|a=f_$SSUhH!+feP4L5UFW+ ztj>Q(w)U6U`5pI7!EZ^Ykzk|5A7Kos3A5 zSa`7}R{`kNciY>f*W#5_>g=;8pl1tgcBrNUy0_V+_ph3NM!f{W&Iwc*K3AQ(3k@NA z0=KcSmfK6NZPsgkOfsgGhaWBZs_mDTvH#V#LZuNpA~QE^Pvax`iEdZ0|4!3SL7OQO zy`18%#BuDS{LggisPq8lWl+UpvTb`40Tn%EHBAAD{6{2eAGoXqlO))yZ&31NPJ6nT zl&;pDi|Kyw&0?7F1ZKs5jpZ1l@zR{gm6#YXTf#?k<~x@|7w9-vBcF0$)_yhVfvUq# z884{y-9n9ep#KHmqS z>?>ePlm4IrqsO0_K5hIfU{$(j9AC&KMOc$w0*Z63fR)bwN7`-#-&dr3UsZGdYn!~~ zRK~t)H3%bWXBRA$0gF#LxP03mDfK6c^edr`DOzYcYXG-wa!S{FQ6^ig>if4jjC9+( zfXSPWCh4coJ#(^PToJUm;s{eV4M|tc4FvMf@o&MBVA)`GV1zqO;5yL4geuUpdR-v*;|9 z^zkmP@uCI$ny8)*<3kV9hrgpcJX{UVS6i|K)@d+x{o5M8~;bg z>1jTx4l!ls-IWc_G%7m2#TqFl)I{{=UlfCU_p5ZFl??n$ZUe7VA>O`a@|owTY_8l7 zVPzpS?2zq z3WWFMpZS6Qpr*z;>&&fu#jgbxX9hq7xyvgcK@QDBPvV1-#oJDwC?9C$2F&7aj;d*Z zel~S$p1*rMed-Ne>ZxoZJ-_`DQI zvqt^ILJUg}wXBm*2fqOm1@zfVax|%^QX^yZTO*rZ%&SyZ~dJq|2X>E0RYm~^Y zAm4LmV{cl%<rW7M=RKeOxAzuoO$ zpx!90yp6alY;@-yp=R>Z{)5VO_A|rV=9!g5CwyFReW&FhM3IcAoZvw%qe(*Qx?(P5 z9z zZvLa^uZk*2n24z94QvEW^eG%XTm?I;3$erqF)dI7wT;Myhdc>gSJ7!fBRULY9TNm^ zi)}v3XaDt3V!(isid*0ZH>t9;SOwSr^zC>s zwzG98d^dL6FW(<8I=`c|n)-1@#}pvX=OHOn@->2leXrNIhGRHTrdN(?dga~)o7v3o z3$mu3$FijpE(d1@V>Mk8?<;8;#J0#HOFQPE^QgZ!Z#MwUK-<7X!EX>-r^t>J)H|zI z!x$aTbl6CtNy=kdOyDJy%q0PaG6)PR5w}-|}Ac5+ob66$JwvPhGCixzB>y+^r z6U%$*<%pM7C|@h=0vGKK;J1UaX6sknP3!WPONk(EM!fk|MK;z9L**4>fZpA`=b)Yk zg-4FWygu(Qd}f6&sd`;WyUJDtzN!5upl@ww=j%VvXIF67Kq9cG#S;uilOF0wfp%XqP)pwZi~x+^1k_zrm_#m4PMNpfzxAX*gxm!fH>zarKyCe)vRO=tfNV7c z)NFUlLdR#OL!-%v?en+lJ94yO>+7yIz z95ej`=X$=a5KVO|uhB$ro?Fhgrp2gN6Y4-K`#Z}3t~-LSJmEw6#mD_q`BnIfDau0s zI*YZboTbk4Z_C_GRk3sQiv>7GUqg|AXIeY!Le_AcizuL9@X2Rd$$G;BnHt&4bNw{UZ zzyrSBNs^X3eIrpF3G7+^>Wi{TsKK^7bB{rL_(cK@u-)NPClF!u%j1@bvF=@s<;wk! zKlwx@NMz!o!N7un{_D-%Pi^aGroJ!GxPDT*-c;D6v~j ze%x%^@W?d3fNZ&69u<3x8mfhLRDSBdJw6%DOLj?ke&mRrSbax>8&#MrY}F)BIp4X3 zvpX%bro+lLmR~Z#jocHw={-i(;=`z zJ)K{pD}BUyhr}QgCw^>{V~}``D}h;rF_V?Zc!O=bG#<~%sBIqZxv(mYt490l#i4~k z;DPNc9qs952bRXF)onzq+E9@HFz>AekA}f7%B2wd#em%k=Lk6$Vr=Pa`4WRH!<{Xh=sF3(j7D-wn;}Fyv_<4MM$8{M@jq>9 z?()mVg3c+O&kXV_&@f~>OQ4lex`|d0^CW1MpK%A&(6X_04Dyb*$^q4698|quFMmEy zmjO^v{ZkdY;hL-Bu2(J&e$ur4I&OU-AO<#R>}j=AHvcL_&&5f;b0NU+j0;t)>sCj;;1@EJ2>gjGtF7!UB zGlIj1VD81{wwhG~?TfwpIInAkHuCxg-H4AcJ~sWip7HMF&zr*8G_$3~mGmR-wEPfQ zC;JRDrbW-Vvxcy*<;m_p2%s3KZ1w#fbr=Y(kU6owa_Aw{b65)J`0QMA{Q34gK5OQC zfC^FU!$@Jq1$XC{BzYlLFKV@zqR)RzjCtl)GI)VhKk@vM%%8zsy~d-Wk)}BQceG~n z(pJ_)ADOd!g4aCrot!uZ0ry__?R|25WHmQ_*TH=!{uGDSHJr8MPA7sTb<9$2H2F|f z!`lPyUIoSVvB{RnGamF)qVw@i`07&Yu7~ug`5A0?%`Oi7@5WHnYQS9C!BrbdSmg)U zl^yh~hW1bC?swQ%WHjXvjw9K#IIQBVcnWcI7O7iSRQMIO|3Jn1V>2pL##onIrcFK3 z#vD~m8|69&ze`}-$<$Gef~FaPos z`Wl5;*X`|Uz`FmH#TN~zH)1(JJtR_)N4EfGyQVR~fkPegpDS&FT2bOV2bCu^l>@=I z?cd7zIO@`ju3si+H+)<&BE6BrZ!z_;?$`TJ+`G1=vfIkN0O0k7-7L+f9&wO=WoQe_ zM-*{Hv^Ns{gd75xLH71@=@Zmk4fgQA?*aC0JG=tJyRQ1SH9>#~t9)RO#(Rq`2yPK5 zPd;O0FSh6DzFVVrv}60e6W`nuk_dwS65D4HaJEV!9imq%=RQu2`4yYuk&*~0$dqk3 z(GX)!EC{_svV%_F$jCR_piqn^#IacA$2)Z(Ibz_ z`Ia?4y?d~PkQ%)^TDaVq98scs9o00X!U=igh)ey~uI5=$T>o&7j_DZx>I!l4QA8)vbq7uK-rmr$N`CD}e^S)d)>r&`NGP61%rAd%vjzHNoK>zj)qEVgI1pFLP zHTwJ<)HPq$X?GPhZJVq1BvMK@Vxo9*?t@|I6XCiW7KXlW=;B zHVtwusfvJZE_#aG<~P8!}&#FT*6qg z4q_=GA)SS;YH@Idz6p11!9ZT`E*2k`0JVy^&X=`@Eub~VF zx*+7gf6iQmVaMB1Y&;9%C^mVwJIsKo``E$wGvR9=s>N$FBHO*{8^iT&hAv^QWR`!f z0!UmxQpZ+q(-AoP*@>tt%>QmYXo@kB$ym#zt_xZ&mkWOlS<65t%Ffz9;gOXgsuUJI zawEvvZ)BOLQh$f`mZqejicM5vmxQ!J@6=7x{^^)4JN_zKCF&%7VkQX*eksw`NhmAl zMXML|eqk1w|KhmUXceDMBLCi8)>$Ok2w{amBN@jEJjP}v|lsgnG{m~vw0_C>+J*v;t&1k^sb z8*Sej%>6FbML}o^hP8G)gmHYFxG?Ht#y)3k(`9N&^^Q4RM^#zrs5+@wbx*C{sgKxa zq;6B2v(Du%Mz>0qcg6Yo@QCdE6^P-25y!ebZ9epCwXK?0z&rwI0uf6hsJiOmb5yL6zo9=qWwLPd>n~MM-Rt@kmUw1<+D(@0R#e#=*LaJE=G|&f-Awpp=UOIG z(hnl7-7jrgw-{K3Y5qBriR)oo_$EV++>Eg1?yn^`AN19>bW%*`;hQjypda!TFvUs- z1Q30}c^pe50S#HH09OVA)<8X;vm3`CpZJnPP;nT^3S9vvwu8MmKE0d8H z{H^U~%b9huE0EHAS6!%5loqkJ0<@S4$wJgRif*<1qJ=c_2{x zvgXMqa}lV2PXwL#3wqoM&tUHRmM`lOVQggeA-_Hg#2;~xm%gUL9)>utHM*PKo6Zfc zx;W&nu|9}=f#>))6cQ!&lFWau&8$TP2Nu@q=h@{$^1KYvm^v-dDRc_LQSKM9B z(A%4;wt*bGBnH9WcV5|no8K?lqwCDWEm`y1Sss6~%%=rB=+Y)j@Y6 z_s*60%Rc{fr85&t3eWaGDv?+ZL+fsuqn&RnhEH*K$(`d_3G}8MavU17EnCw6?M=rq z5Uoc&Jtu}0xI89$v~b|{=f)HHeE!tY)5!m402!Y@+jp8#U}I!$t4|fGzVRAi+5quo z8TKm3Sn-A5Lv~+_V{%y6r;DoFl0$QOqAuHdYHDhF)`nR$I=d(_+o`~IbKApC_iBhO zKU8^zhq_nJT41`8G6hZ7PfqN??F_M;E9ZN8Fmcw0iT6Z;eX3Uekp)j0Y{CkZ7WA4X zu(RQ##qOB)lW`t|R`J|(;r`rmw<9j#nF?|lFi;7^Vz-A7RwE}=Pn59^?rwgsUgscM zVxcskr%`1vAuvpr%`lFen(VEkgs&tQ5SrfjmdjH^^H;FD0sWQ73NRCY@YBA{CH6S? zTrrM5*Q(|C!cS8*^Z=w!=DI$$z06@P`krJUQsOQB6q8eU_l#d4Dv45+v8pfTZd|EZ z8NPJ3fHVCkb?^fYJ9&LEXXcl~l)s*Jow6UZ_QZuJ!yPEZNs;WzGL+aj9|&mGI|jkS ze=_~I`!VLX5z8x?0(0%$-o^!p&7L26SRq&jpb3i@3~_B`9OD4|+r$alpu zpv$w*GQk=usa^M9!1?vKw2QEOBsG3fJ{hJ<&Rx0;g}^u;BJ%nXOynhMef39rmjj!e z^tn;ip0VsJi_&p4^bNA5^LwVgJYEO(AK^7g{=WHKHi)|H70aO2Xm zmS8RiY3re`%W_-CR5C6SJty&KItr?i-^Sr$_q$m zS<+mGM2w`m3<+J#<$^yA`i)0x{{m;7&*;!s!${%@PURdKQh_3`WMu6-Q%^1Z8Zt-P z(An(MGS$9oE+2Y$^?@%}6ZpAZ<{BzaU@Uu3XTlaLP)EUlTjU~I#?a4_9X29i2`B-l zsL~OZ8Q988+|?H@3fP%myC^y?-ut{axcKlR{mOuT07lZ3&;m|l7_bYQvD*@;H0=@e z*l_vo&VC(3iGC!j@rI_-sc^bTK!YVVvasK4?Cnn$Yr2+gKcb%Zm2P?XpI}4Xf<2LL z)885EL8K2pMW28cfYVFpHHZ+Wl8b$@{p5ZVw1Nc@FdNdD0!^a(#h9Fzni4i-%ivhv zU|_vWf9~>1Nca^&!snLuwu(@u3PdNCb&61B_Dr9fva^Gk`);QRQUjb(S8fSC8rBDb z&*2Mi@p*0hEO!Dj8oft+1w@V*LBLvkeDtgih2gj6PolQMY`c@bT(ovcjuFW3td~_0 zXej@RRW!_c#o1QU&MW?7PDF#X$^JAaeJb-QK^bH*j)=+egxKy!lia@GNJeGhRot*h z6hpOFV=X@v0s|d!%N#a|M}=~n?PC`drd|@?clG5Vw|3V$)C>kKB^H@pY7dnM&n|)@ zXNtG06}gzl;>VJ}mpXJw2EU^P6i}D@TPfMPRox&5P3JKWxfyd2dk}vhOdVEE`fdRy zsbLz8rhF*XT-$e%Y(lIF^`y%!^a9@#DibkT7&Vy4u&eFFK{Ges_gvGU_jmZ8P3nCz zbH%qByEb!sN?)~Hq4pj1{qVuS@)HbR= z%Go6nSeyhM1$I1Y&?@YCZb_PbU2Jpbb&SqB#gx7}hYUf^@2&l9M|3j)MWK^!(D;Yc z<(TCfBDU$3q(M88FykIBXIQ%5`t7qisSZo1)8dxS%q5UYN%nT3Cdf(cXn~<`=cd8? zlN88C)m8{J5(H@swY-6#1$GjFXj{S&Z=j)cUsT2BH;^sI!(%z6fwG`H%m zM+4YHanvKft-HnvwM)~q#Ue(%atWolP7_(R*3)C;E++rj?!8J6)Efd+yg25*`*T%* zXer8^N%gQnD?1G5pe>-NV+BZf@ZS3kz~nLP&IIpseX0M*95J{Y;M5<)KG6BF-JCEf zX4J*49n*4YcXAp<(n0pQnf=doey2K%gKqC3D$HCy=vQ|rwEUNn!yUR!Op1)mQU;9} z1k!LgvN3ckc^_rGaPkhJy35YVs5aE@EM=Lj8QJ(@$k?Lo5wou?8sewd-}0ac#>riL z>_jPX%OqA{UU{Stt+Y7EB7V5mj6@6ukrDh2q{6J0@*kWcGjvLA4NHUM2wOirJ;{yv zCHZ*Ht~iT>ybvL>h^4=t2e9g1Q)t$g43$GPFP&?{IEKP{Q2|oo>>F ziSbp;1eH&%zCeIM^nS4gwva|(^D3>G32?FxLJl_7VAJKh!tXnJmX5IfuOW-xmmA37Zs*{ZfLjKo}P{!5o`0pHu%eA zETRw0a5ZYi?gH|;%=SMAReoNe8Ox&{Rd5L3*H_T>mDXWTSAZu2NDzFZ#{r%ZH<~&JnEoB$`)l;% zX%&UuGKQoBU!5xj(G(JN{oi_hWeAc>198{ZIamhX=YscMkt#ECPilO5zU<+5Tr;b} z@K;tROI_ZqHIobRy|z?__KN3lx)U|Cis_G+-@HgrXV0A{e=jJl)m5vzP%57|N&m@aWH!YTvtjscPn>13w61UyO*!lK&80vo% zo;*0e2~c_XJD#PZH9xASQ~oQHtbN2m{B0O195F?Cey*@>%d@ARcBat-fZ4nM+2aRn z@LdJX-vb<VMgj{n{UI8MB@d}iQ9nXw@$M>LZ(Ux-1V>3_~?Y_5& zW(`Rq_Yb z)T>I2m-!3Vn&pBop*Fwm+6ghK+RH@R1-dxK7sZ`SE9b?NvJ>=KSrftNgq=e zVXdaEfcu;*2eL9z$<*I~=L-~T$N>R1ogH4rag}&Uk!pF-bxLx9vAQtHNCUFgu*$d< z+&5pMnuy=OX{fN+$g%-OG8M_VH_iyJtG=J&HRtYKhWV3hdL8~nan(w)qfR0(=Wq72 zhoTd>bzIghZDmiN#U635PF3|4la4kipKccVOOB03bYChcYcL;8eI~!ixZ%2v)rPci zU33r*7&1{+kX1GR(m1u((VwJjV8NB1m{r?C_@pwZm3xIH5K^4C$c&L0d?~Pt8%o^~ zNm*J66vFY7l*LnTAUQ_QWK5&fsJ4%RM265WILpAD)w+hSL(1%S0O~yJv?%xMI?|}p zOowYU=rfO6MjjtAs?Y4pD>BgYG=buc@4^UL2t>^G`99_R>fXQ8(B@%elO~)D-&B>cNN0 z4xh60C6h8E;2MjWKh0eCs5C_GQ{z)@iKA5cXHkqAFL_;Iw+E8P%CW5<<-jZ^iiDMf z@4&ovYNwD~^pevS)I&nKM}a>bgLnf`(V%#$dD&5!lTP_dA&QgD{jr^)wv2cSRr6!? z{>$XQfB`5r5#LV=oqtH@R^JV6CX3F}lk`35elT;l?0N+9(>NLWO?G(gDw_5X<%l&4 zhsOtLYa3cA_86%!A6}~~2Fz=Wo9WSL+`WwzT+g0uVTtYJH@GJWIbJV-igQzDKv)Tl zS`Uy$hoGjFsu#fHQ}b&s>ET*BXk|ZnN@JzChVdfzyU2Hp!gTe9E$mT4Kp`RBuqQNTdOFi(HkD=qvd2`1UpUjV({nJmZ zKi-F9q^MfY^eJOq%l5n-HAe;f95~v);B<>5Qd+j#Ycsk4iAYc^_6n>kKee_wvqhUX zw%}esY(l-!FCYi7m(X88t!L{I2<^`A2hg!Apyw96I5}a!+1c@-ZnIVQ>sjq7y>Ets zYBF(5RX$Gkwhbde&uH!NdO#5R4D=mH$<1P-YcSZ(QF3iN>MpRQU{d(AY*nWvt;CK+ zNk^4c*BiuLze&&58}tcyHf|vTHFUJJY=LLMZLYnFywulR$|ao(%&u&uE2^!!d9r2e zMC2wq5I0d26Nw5_A@a!N69ZN#ir~hL+uDpIznT3fze&WVOurdXx6pSy7sJX3@|H5x zNrO?R8|W|27bghx-Fjc;mQt7DPEjtJN@|}qL|uEnOlkmYl?q0LP`BVV=>89?wOEB5f9kzuVbg8EocW)bDcS|vAZrBrDGj-0{ykD zetQg6nE%Dd4b$htcFBwn?UR9>+}h?MT`YFjdaZFA z8rZY~w_pSXO0z*8;1Eph?q46Ivx!`P|%)i z9fL^d&|zj8+^_-9X+P-WavFQmk`FAw%Xe3QGY-aB8Q=$mFb9bhl<85hWr}P>4s%uZ z)D=}$NbsNWv4e55U5!(3{3{L72g*JW}yr?&*x4K#gdJK{dsmz zP|d4X_(M%UnsrFO5jt3AhfmY6lPlgM$tzwD%#utBxdnEP5OrQfk6Dep zJ=DkKgs86ylk3sk(=9b=Z}IE$Z?48O2qJn6c0fQ|6h^xd^z7MT z@xHUo1$;NjLA?U$kjF~%3|DI;(O!$;P_C zr0CuJ>{;2mCQh9JJ^6O{ZhV5sbJ{<98UZ`*q|;S%Tprc^&?_fS8FI>3B(sLY;=OG! z-te5X@}G|wvN^*-e5;|tHg2i0QV(#P8&gM6yjBB3{PYEZ)AvbW*e!&NTaXTaPpAn#h8VKJJ9gw%q`AgJrdG&=UYrt|{V^9moQ9P1 z3^1?3B&zt{f$s05ipjOK`beT{i_$H|XVm3~G_a__nJICEET-U3UiqdvdE&c4-`pqf zLWb&YCe?SGzOWmj;cKgy3Eik?d*9A0^4T>%L5S;qyw!L%{C@zCKybe{miq+s_6n~g zl`w71X7Tkjfw$Kr^wmOc)HGN?x{v({c}F9{Qdx&~pM{M7fc?ucXK5Ui2_-KBE3T;> z?5baj(+=pyRyy{;pxs+s*g z{r|4_e8;`YSJCxFo2vu<+JtS;Y!;w$3?TDRn=cuVT=Rl`#?=5dnHc>GQ; z{obr^)g@S=GT6!nsClI(5=n+6xsj!XhRo-tzHDsq$gz#d>2RisKiu;$y&QO!q|Ra_G1BEkGJq;U<87|}31RvaIu zTJhxFUJLbl&swPW?73pfy=N8Ptt8MHYhU%^wx^rxt8L@?Zlxi^Y0BxFi)$75_Av|7 zD6ZK+A$o2Jgp->DV0zj^ZG^AJPbtTeJdIgE&iy1k7sO|AAkHO|IQ$T?fPDY2CJjRJ zujcLh{pgRKogMU@qSoq!%kjytC>3~2(9``$VQ;5ij1e>*heSwR+Ms|*xJ&0* zdFeoj<(3XpqilXZd)3rTk>ye=EgPux*04c8vNTM2Czx|WmBwu0DKE{K)itt*J_ zZ3VHdAhs36zD_|*q>&cE^tDvyZ%A}>g=wgII=`4oB0k*ibn1$|Q*v5Xlc7#WnkGmblhC*s#2IxRuwo^4eBj`}*XyOb8og89UDf{maT}0lA_+ z`5*uLUro-K9Ep!VVIBljT#*90PU}$r?Gs6!dFIxw^l9onl=L~{^H%&spQrd4vzR=D>^WDgd^q8=&aYxw zw~FV>$ey*5XRo&vJ--Ig6Vlp?g#zgARsj9B1kfI8qo;Q}x>Yis5*07g3vvz>l|Yh; za~y`u#{ej_1*G@kwmjai#gaHflKWMZm+H#WTV+XYrMIp0ww2!8k6)YgR(`jp^w!@> zZ(HeYE4_WC(wj&lw2t`oMaorhNWB%Twu04GuyWzZ1S>GoZzZe3yIDSTcbBZ5Zw0Hb zL9kjVQuXgHQdO#MMXE1Cq?+dyx7^w1Qa*S~HT9LqY+G9x+KOy7_}YqWTaj&!$W}C8 zt#1wMZiTjQLTKB%(S375+X6e75yNa~!&f3!ZB1di-d3*K%2f^=Te-@-n<-b-#V4#G zSM6@)s;ykLm8-r+xoXWofYye?6TT9`ZEFuhTe+!?cb&W*~)EO zxos=AeZ`X2)F0=W8iO2+2SftreE6FRCD-Iq@Rn_V;Tq0ApKCqX@j6pUB)AIluit?WbN zfL_rc#Rd7|wpLDp8xM+r-QXKqvzc9_{-s{r4u4(ie+43NofH2iMBx5b1V&pC_;VG3yIu4hS~9n5 zA%Rz|6Z=*&&QZD?Ml)%6F>be#v-x(vlJlGdy<3_2)5y%9tE9P=m$&lrH!CmKdirfb zVBTF$U{;iNB;M8CuV{-rpiIr_cp}ec?yg&zdnc&nk@pN6s^k@Hqdc@Qndah0r$;a85eDjSQrovOm79{ zpjUTKNhOwgrbo%M+1dfY0gcDCQYl~rkgOJ2)GAm~ zy}@6PnZ;5QLG#fgbacT|iB56sPY6eESWG43G#>ve{#RUmi>N>t{Y1hD`4h|~3KYv= z2?>-yWXsD5ma1gJt_jzl-sjc^^h-iGmW==LbRuOU2A$5B%1L_R`7G)rS-CbdSrnx)mDA3Igi#wtC_0i8(upvQ zJLW}g+dD2+RB4H6tjDe(bB3Sw;wc>eFhzzyTTsxVH3`{NpdUFN;TR(vvUn_LKoCZP zNW@0jryyHn$WJ+zd7ot@ERF9{y&aTr_9yWr0Q`z^6fsT^jrBfBS*-9sVb?WegaSGm z5iZb(vrjTDEtG@=3xcjFxdyZx|8(^B$Cp3<@}n083X$p^*MPU99B@4m5cEz0L^XlE zHw8_fwU8H!>>y4OCRD4_+4#e-3Ka?^Lq0IFl#?2KR)_Q677Cc}0A!#5h}4%1tgF6v z(;;zZ2cRiSm{$6XFux4gbv#?_t+jeoE@GLl6)YC~>-P%Ze&eKq9nwU#>FkA3Hz0^3*6>4XjJr<&wcjUb^E~84XjH(yKdGt zlTiN>tUgX-+L~C|p_L-1^s;lSDV7EK=6-4SExVgHcgrt&QStYF>36UEVz*l^QPPC^ zrQf|EpT9p`yeLIE-@4wf1Vy>igL0>3DEfQl7p0hy!=OCQS#Vp*%qOpQV*g@bQ)^yu zb}bwWOiuAXF-Pxfrm(p;Cx2eWzyJ5EH-F_{t}^Q0hgY|a4c~ z(lK0xWc=9uIKez1F$ugWj>0AT=yto^gS|cYZ@1em|9Agz|KM-E-NVEE{oejw_waAs z{_gJH{@+mdp2rSPs&t3Hb=U5zJh(69Q48{Mj3WYec!37rqk#GnHP5?E z0BYarMNCHs#{u#n-copDE$MkA#up(8&{M`M-;`|VWA5eBU{<_b)QFq8ZuU|a+{yZX ze6B!Ma;6J?^SswwreCc|R!5~+llmJc)a=Xybb+Nm>0I?1moyFr=)c%SBO($jZEw&( zNcBEIA3h-OSP4^rDs+3>PE@tFz@`ZFqsvv1daJ|(FxZFzFiM;x3);kS%p?eArb<%@ zo}QR=CX8J+2Pk1ew!tnRhAsUoO~xDtq*}ZkkdR2yPFP5NrOCldk@`L%0SQ{@f{Yj^ zZFuc-0{u2bLVVS?dd zSgD&gGVh(I@sW7T;#0)L=ptt0TaPvv&vP#e5+2|Cd z=>XKn=PmR&hE?a1@vRjX+Xj6W?)HZdQ2sVI1<(kO^;qpZpr$!6FstaClQ9*NPn+m5 zy1i9RWJ@Gu7dZ5kTH?#l%hdpMdpnp@P~vd~h7&lX)Z?F1HOY#(Ehzm7tL62+X$m%5 zs0qVXf0)_DdUn+tGdA^SJ5m3B_*WCBl0~Y(S%Dbdu}c#F%i4x+o4IWS^RZA}wqt0) z;x;RhODm0byItT4`~v$PPUVDg`WLJR@A8@OD9bs8Il($*Az77UtilU;8WJ&Rv=L6| zkDR3m)N7-rlI}Rs7AfL-6KM9yABE=7`zM++Jo%&0B)kvo zB7!262qo|FIOh{P7?6Be8q%GB)U)5C4|tAx`l z8j>*yau<>b6Y?#Q*Nk5lU%oy$F1|Q<{UU#n??w&1IfZ0^p1etgJax9PCk?gN{Y>NZ zrce&b9K}=ko+e31A`(j+=4_!Ox8@=G8CVRlRjkD&~IPsI`H>P{im~wRptM=`rj1} zX@DiMa%9`*D=B{FS)l**4!V0K{jYbpzt#U9A!CsoAw|vjEXk z^6#t&46OhOC;v_DT^9sY|W}LPt=4Vb^v^s3dtFg%m z75bwG%VFUd-5;NF{nzk+Z$iR|j$_8jX8Ksb|GNj>ev$w8_WQlVE&qRr=Mg%=QW72u zBpK4Pj;<#pMi(g!l?sIt>|f$B5nkgFdZ*}IiHeL%fy9J_AyNuHijP4olvIaU3^f%0|!-@9!P>{h11hQlTXsq9iEAdO=qOyt$H-60f{${>)y1MvS8&za+;jmYjtl;cv8b zKWxGKGk-z?C7+t#C!F0(hb=uSeo0nM=&&Gw@zYSWIFm zU~i!@I{oKM++4!ri`}4i$s19iaN)ju1wr zUg}})SU6R~bK!(aM?o~Rm!lvmpwhf6pwqlt52dD&1>o{a(w{Zu{qmgm%ah(;4@A|1 z3*Spvq=i-D<$sklFaGK}HM_i;;FyhouA{DlLZsHyDEAF;q*~EOk$dN;-+D zS{^+0rI^JG3^8S_07Rmk891VuYG4?b;Ts}wFSP^5@f5)^9SKlTe?*LkAlo-h$zA)*Z|;2zO{c#|gA?Pw*815wbMwjyvjV*9LEbToH~#TH{@g`|of!q%ea*)T^K`A$oZMNC*425PrO`V3spw)QGQf~t*yN^}jS zj1H@6M&Nu0Q@e1O$EP4b*P&9k8`4YS!0w?_5|S$%OHEAzT@y|a4h2JL61YBwc4((B zk6yfa=|w@#@Q2GEyANUMIIC)?2|q`jUOsGuhCY@uB<;Mhp(0e5P!i6rC@>(6TXXKJ zc50;kuHWE9*ri3Z_qdL>V@b5TA~yLZHwH zwaXK{W}Wq}2|OaP^pKLrEG9DW+_3<)Ul0;2rOSAMIx>fC$t3|+T3#7s`2;#94;(}^ zR@~WnM*=D>k9J;PQF1-Zz#TgFK{3n)CTI{=Di(r{W5iVf^*a-#z()}KQX{2KP&q!; z2v!0Yj@2w#Kaz{7V#-pnp<(I#8SI&=69CE6_#dLD2I2u4N}iJ8j)z{W#Ve-?^>K(! ze>gf;ZKg>JO<9T}I-W>$trm#}T8R$Tb4M8R1&srRZb9;4Vsxet^m3foWv#Z8G*KKH z9A}3m&O1aMG;}zx{#`IJ3QfDZdj4ss+8nwj)gf?x>~khGXEVE`hhC2sVGfVSTq*Gc ze!gN{p=hWG+ss1CjM*gty`HkFYLb~{sR{AHUSMgbP%m567gO}l^n&o1NFr*9Rc|r1 zG;2Nq=~gJ$d@K?09Vl0+KETQuQazzgHjzFj(oD`UU%x}U@4%*RIGh8RKG_=PtM&7u z`qjvN#i3T0N5ld;nj(Wt)NvW1q*mc{`Cbdz&3npHj@$)cDx20kR7+49&#k4Y{A)c~ z<=^j*vKG*ivs*p{5djJ``c*SoV2D785@I2aAv2SI3WBS}N0riyeATfe=MtI{p{!(~ zn*Oh|U*2XyU_!W{Le>chCi=(n*^J&SRansyK@6Q%aE3LTpCUqsv$qUicQh;0xmEt! zLSjkU#w4NM#w;Lht4a+sNOGwwb0ixY>!9@{6P}Ec5ODAIs!ENjSYy)s0^sB?4Vh ztoB6Cg49?2U=)*UqtpQ@n5C!*+0*Rug&zK?aqk<#z*dqO z5$M;~NKQCQ$4UdyBLhmAz%+~W0uD5u5^wBTVt*oZ!JSNNF5<%sRx%V)AqfPb0T~RR zb)R*I=&8|nhU%r#i-w@==s`}TOopI65}ZYWWiw!0`Gz|!bUmT|B-1ReC&Vl(i+@v8 z(?ZOy5oB{glC^SGXT9*rVYR#XV};C8#+?(pt(aC9~8zgj0wpU6OX5cb|7>@l6cp_2~HZ89MWEEVP}) zhNRfdRdKH(Fa0lep(g}f@kr4OX9sDVVwV(DLE4)qR=}2T?c!h=0OxzV-Dtop3`P(P zLo_V-l?^Q>*Mh`@bCowrn9+*=cHcx<(GA|42Bpmkb zU|@YIhEC7|G^pJqVKp||8GJ=zEeb1|Ml_tyd)=-E?D^sIgE=kWh}is7GY4W;p+5Ce ziy|gI5d!n6wf$Akp`M7WlV4ANMo))o*$q0K4`NJJ2 zdVDmp3t1b*V4qft7VMyr8G5TQb^|DY7o|e#rG7!O;&YK!07+wRCKZ0W_&c_eY=8ud zNYQj@Ww4|L zu~^bLbuGl%!6rC}-02u4HxpS0-J#DoX$P?w4y?waY07@b32o~G5>>+BAo~h6{OpLS zZ7p0g8dL8=BGqSyg3Q~TlF;p~;wUeu(Asek%{c;vbL4}bmQ-pw%G}R(ve6dQwMB!- z5N>c1wD(^`o-gMuCHdN5?n_c3~KxkK{%>K11NB!puyE{+L=mh#kov(k0|GgZx~L= zI33d%hqh&yIqN1+0po&9@D{<<}rIAGi3M?OVXxdrbK)6f* z-9YP*oTPB#tAWbEG4g^Lf`dh8bFD++OxhooVmXJ#g2sYjX0Iupcv$KjerUSko{%Ad zr=;0J%`CdcWRUMRZ?(wFNfKh;J?#V=X(Eze1vyHRBOWQK*>$0*lsw8Kc)$N}J1p49 z>eNonLS3U4tJQwAUKcPT;CR_8P-n#VSp>&R7C<+MSapALb|O6VD_HE*R))iCJXM`B zr6Nma4huDBaqH?cWye^na1TP?*@V(KY-WL;En?(hwOUC6j46Z& z?QPCU!igZU)S6aivxDVsj)*TDTjRx4vy-Qa4-I7!D(NxjJ=pI3#^V5}A0S8nee~w% zY?Lzz)G?wI9U*XgH-zd2z9IV}1c+^W8$1I*kEETp|zGb?( zmnz;V7B;1DDq&Hp^9X1A0Sr}vLv7QpVP9biHW?GLi;NUu^m^M!W(7yTzBVi{2RI)w zi52zQHnlwjbE5DwQPb$Vd800$33PPw8flNM7P?3!ut-I=9Xq|od=D!o+nlK8rAdf^ zDS`Oy4hm@K8XF5vwv4O~h64?FF@sG9%sj)lEFdS0%b_(X?A(DE0@qxYANs3lvG_FT zwQWq4){)>b@$TaPS?B-z%iDLSuYdUU-RrlTaRFWw|JCnz%l`knz1^+i2j;{7cOpApjtvF;!qH zxg=D(yc&e?IZd>=)Hr|GVt_Ztqp@&ys#%jh*~tutPGKz(YR9|4L;r2~qS~0Pk=x-q zpv#*`PlY9zD1$05AIgYjZxu9fU<+8BQHI9gCagpTUF76c+fWj0B(M-Xeb7@a;i+H4 zolhJM@$Ee|{68cAP4zLK|L^zu2fcFq$L{`?|3Ap{2-PyrM&q?s)I@EXPP9}~%$dnL zTX1Y1hL*dI9M>+T!qX8EQnb)}Bjf0fR6jx0ZmbBfrW`;=kDyE^n{-YG zK{=G20$=QK;xiu5czh0Rb#@esy?}(NV66$5pF+9>ogFg{Ty}1C1A+wvNN7|LMB<<= zS)0UxJ7lZ6IUeoMg)^X8L)mexBAZWO+i0AbJ#ll1S~Yuty&@nI(@>byqWKQis!Xl+ z4)Gd|^S4ZrL3Y}}CA!97Wse9Cr(k}o4}&pguNItRa-s`@X`5^7iK@=YCebM)Cx==AuX9|bLR)-TO!Cos=OAjGZ~{7ppi&86ZI?cJUa$LiO%gv4 ziIwIf8f~qw_Pt*J@961kYaWA_|Dj&*wa|Md(p(TFBaFat_66vAn6oqv{&@OG6>g8z z94M;PHmLUT=?k&513>*qBswJtL$BizYcz(#q0eH$LehXeTM0d&veae5MOA{$KYE60 zD036$mRi-ZTUk50jAs*Ox|m7S4M^8CCDMyF?CFTiJ2?a8O$~sa`i<^sIKFZ|fB`c6Y~8U$)HLbkwHM zPNVUTSsQO25lM+afsW~MLs+z)^gc>MNt2Kub5tSzc>2h`Yuk60fC}`Jhg>csp}go4 zRFqk;msp*dA-c4RoJFUDxsgtdh}!KW<>T_A(<|wnR(>OPMFg^8knZ-Lt7cdT=2Ng_ zWk)`mzP0ac2oHwx6}-c6%nBi*0dQ;$i01B2xl>UB2OVZObc zfdNM!LyDI-lJFRZ*`ZRZPnBjA*Qb^xx15kjYjAf@a?Bwd$P_xP6@FimY56!O@2ozo zlZ_mDGJR9%a+K<$1ryProg=RZsu9$Yb(+liBDmc^`SL-IW?W(!=-eqf)Km0KP0QSWK*&U3!CS_++GyAGS_)zIi-p$YwoJMTjoz%=!htzz zw?~Zoq1^=+k8+PDX_y++)0l=kw*wQDp>PyMDQE$j94+cJ zuE6y>^2TA& zdV6pdh8Nhs%-n`e`9h%zW!NJf#Q|ANK)g71Ij6P)y+4NJCiJf?3ka;IA9OCX*I6#K z8S(&lWOu+uaSpP+aWiXsS95)ARwqSI;8oP1kW^F*Nct}^w<(?{-4Ee<)GmKlv< z6gBr0l_up~!6#AMN)$B0j?lW6I@ez1tv$&#>CEK`z#cRjAJGZsI8wxiKB5;y8#Wc2 zQ@^wZ@Uig`wbg^nf7``hP@v>|{ZaAfD}6;2h#Mtm471G^!WJC=bU3MsaRl-qgd5m& z4D~s5(8po3dcM&dW{{OUoIj$>fq15y>_;?g&hmn84)vhthfRJ&$C~$AT?(8m3PI1+ z{6aH>;*U>7%L!1_)>0cI`_V*Z&I2op$$rOdJeiJ9{fLgTaP8TkLLj&OeECcizZL zb2j~mtY3dkN=*l&v-$%^{$-{l0oR+4I;@Ln_qf@!0eGy&B)|p?-gj;+(?=7QR0d;t zxA%|ewa(vD`DmlAoor!F4i~+e3prl&4k)y&##7QNq~obp(7t?d?hsJnvnv8AfC@#0 zyB^$xG1as?8XYFz5#XcXPinkwYurkmCC)fVmuk6iIvx{_F#3~SfUAkBh*Iqv;g*q;a z%^CU=;kZ11M8nskw@jXBU&n>OJEF2IaiE%zp0X zZbTlO=W=t86e{W5>ce5O@RU+Uzw%mi(+RE#L>51@Lf?SnHT%`>ugmxOQu@K&yCl*N zmhCJ{leoqRcZCV)$~t{&ucU#pGv>clniDPTR`IoiN~shpW0;Xd@m?vmoG@_)Q1?o? zOTut36ue~Lo2BHrooYqqoLW{c8D*62pPhcz$lAhMiggo4yKsU5!JvWt z2_;wBBeMm*Cawk8bd!0DWO97L#O~P4;{ailV9GNY#*$#7WIZr7#OSA^qF4i2077k9 zVIZ10XO%J0<5hB&5t;yUdr(|Ro;%~9Seo3Y5=-(%PfIqrCKb&~bF`gLIw%;W8wH1M zbRL+ferNo$eFUB?dVK$k*>#Lw3z2H?-$>dnft&%tL+sQFX2m!2I5P40A(fz7^U;p3#^ZyEa)r^@*K@toOV+J@q znL&2THF{kz=PHrKms%DuH6V1tgbtagkQxnC+mJ_;lWVZ3z}bc)J7i7gfhFZZDEcyI zJrTjNO(^QXryY+8x+WJ8(wEVgP4}oKrG#FS1}YWO!6}YidszYMLj1Cx<-!b>;J2V8 zEbz2xPc3pza4_@Ya1)(T!j%=Ssy!;&&RD^F^}TrewI8xH@WwD(AVKDq>o$qUG$!UC zm0hlpmBE%`mdL2zz?(JqQRjmA+3$Apqzk#O3|LSpQag%e1|E=3{TSI$uE>6C{9 zxEzDUziUKgtM+?m37T_e@E>#HJdaOb2#r%?*>jGEtjpRS`g?&y@D-zh)zL&sJoJ-| zK{Nq7ik@}2u!+1y1oMy*uG_Sh@oCB~i`m=_$+T5g;L-`P3d z*H?#RxnJwOCL{xlsQ-?MM59#kh1@`?&E)_ymXbuqVbtKRlwsD*{A$)19*u}EwV%nA zy`qJUbc<#^y-%1Vv81p_ZjfTq1;c#VbO!$@owT#x>-Bev+(mOG;IqyIX=7~R1{Awp zLa3^a=rk^t_>v$9;ZQ&uEW(L5Dw*I$lndhulT$3^pr}(dRN$u5g0Z^iSs6hS9zqB? zc7OHLx?12Q38$z%Lir8!*Txeu6@;txOJcc-i)_cxUAyb;KI@q5VRZ%DJ`XyzE*4I8E3*aI zY+7dL0kIt-k}(>QYb1!z;y^TZJ@o#yb>MrHU8<)T*^cWya*@iymVJEsLPr!hEO6fL zt)bHAwWnrBaRq4Oa9&6qjE?M3oteBSP9C2YqfEkTa(GZPM#FPZB)Y=xP72&8Y=os<^g1vkQb1k`4@85bYDST4B|-L17YjBiH7M@+ zF^C=rMp`96j&mT8Yhh*TvLp`La8~M0kMXV{g+8s1h`zwCl}YI8g%qCRJMSj0pB!TD zx}pVbElZXA?&q^|MnTJ>V8Mk92gZRehs9I;>9-Ln!bny z#O5{B2Vz#LRWoj)wu-FPihGVd#`qh-8%ZP5LTb??MGoUhLDQUI?Z-4FQhVWOY1}NK zwi5KS2!HS|G>nWBU!vn99wtj+Y>x0SOJObGAgX5!|9!<|`t!m?rtq4m@XEM{k1Uc=`?pdLq357&6o8|z^rjT5+ zDa~pfMO8E!uU#(?m)R+De*Y(t;D^&u#A;2ewc1Q=$sL_l%3)WMAi+X7;z8iLukCV% zY08XjfMg^Qk_2Xl_?bpj+Hw3qd~B7=Y*l85tvrp5D=Ur1p&FKU*3xdqj)s=`CuV%s zB3S8#&;wXFoYQMlz(Y9*Y8+HtLX24|uL&JHw^lg$k0$uaoPz=3vA9)Wuz7wqH(iK{ z(t(hERomI-weX;bx0?0ZghuF9Tay&K0?o#A5$)$AtJ7)o7cMl<3=eOq9IRm93hrmEZR` z2(lb}g(O_XIJVWoE;|wHgfC0C09JG!7)k!JpMS(^UI1@r51WnF4 zCN!bEN;x3$b#6p!G+yQBm+gQgl>k~cDxbI;=e~$wwX=#AO0+-ln$pF|tk}Q#A!f zaT6^ktaw;Vt~UgAgvN+UfglZ*Vslj5m}h}Tm|JdJGog?%WQKt?h3PHmj_$N;FQ+2e zm`uG(PV%r+UD59Vy|)Ji_AFxg@aDRA?pk}{cGpodVSAh^EOm_BnuYek`f{TmTLsr8 zGfUMAxr|j`%|<4&wsIpSc#yl{W*|0MbE(8*lx0(?9xK@(G<2rE(MS=-)cC<#wv{;* z8408WUrXn7F?sdv8JY>u$P=l^3FSdM!CX$kIA9Vi2@f5`I*R@p1BC|6=HYK;DuCKK zIg4mUvepx>jH`^+TgVEXrR~fekP`Bi!?pzk%o?gioyKuQ)rJ9AOuqxwOt9Q04~Jv3 zeaVW8ZhivG!nxQRs#IwOgt?lH6DI2D)aLL}tRp+m)J({^St?6<0AgJx%{Yl@vdG*T z{?l?^whHHxtt^-Vo77{54gnOI25{Dy-}qNJ8@2gpv7^Ahv!YeZkf1#we5A3$ zVtp;KJ(0_dF2Z(icV_Sqx{)Ln^h&oxW2u8otVugJc@r#XAzVkpgM8;s^(?7o7&!5j zipKC2rXd)6tOp*swx%E&`(YYby4Hsncbr65ex?# z2ZsmyJJ!rY$CGxbI@8s_(QROWQNZal$ zEihfR;Yhq~&cp}yP97&xSn+O#;r;|s49d&SDt}R z2iFU|VH+)=&9!L?yWtF4T{iXvt=H&#?=%w-*=aKv7l5Lv`vT21nb}=R2FicxEY^0qrYxu#?z3biUO5^l)z(O(Mrfl}yoM$U`ha5PeCQf;Pu6m728V3Vs3iJ##A|kQE@}PlWatA26^4oPFxG%d6kq}?i(HS7gSv8TX@PoTZ8A2$(#l zH~YOkRs}jn3F4yjhWeZdHj>^ki;`55j)FsUmWO*J-c1uSK+UE;JA--Au8IM?;RFZ2 z#Nl*+KmcqY5IB4)ry7MqGLFY&fOAq=iF z&>G0B3_UNeXh`&m*FkbCk<_v3y+Btw+*JdQlcdx!a(=p>YH^rTXvA68jNLSmVUrA9S}2yM)` z;-^{+g=1279TP4lG_frF=0F(h zBpfcAmp{-rIMQ(0tHyP-nu4VZkaR61#$U^(12=j8vZ3%hZBx|(*3oHq2;n||a>%Uq^snVK_- z0s7cB%q=gfnuFFnQ}Xf|nD(xEI7}wE=P>__Zi=D6s=y=Ud7k;JI%@+|q8KPySFSLd zg_Z#;HDl4=HGtX7%xCKk1}&SeyfSRnnE=4{r%sspl|422UvZMOH<|->LH_T({cgXU z|GU@U-{yaPh^IEufZBSGOdMpR;U?S6@6(D+_7Ri+dPWZJHPhgk7qxBg*v&Y%%4kD^ z*!YM+m4oP%iTyEC2moa!wVEt7)^JT&a3z;R%%0k)?Ch4aK&CrQq^c1vIX z3#oWh4(1}~j3>LZkVX1@&jxc|^}U-8i5+*rwv7)~-}XB@o@*5>q>If}@Z1VFSn1$$ zw&{LHiQVs9w}b5P4bDoOh^T;!Xl&AaK$J{AE%{-ew#kd-5)Omq)xE}S?onxmFOy{1 zJp<_MCwQE}zY#m>Lyz3<2Cn&R5m=N^#(B>jAlH1G|_R1#XJ(=w&Uk zLn+HruP~=96|=I6>T9j?AoiNv;&Pf0Jp)T_Gj~X;qIr_}StTZ;Xqt24EQ?uo^?mk6 z-;1de9%e*Ux-EDqR+WWKnsWsQFZu03Gd2?i7*Ks?t2dd;3wLpNU${b2BmeU}=b7+A z=3lPc#{&6(celS=lK&6(4z}|DgFNoR;-JxXmGJ@t1k0q&7BX0rlO5RrfdT4!&%EAV z*77XwJ)`{qM;_Pk!t>t}tMjc!I4HqdxstNY%8S33~H@HRSxzIW*Lvd+reMX9S1 z4auO>@jUgv8C#3nc-M2$vu%9a__pzFa+$?loN`lj~O;cD;v` zVPA45DnL6gFWn08W=Xm35zb2DuNB}sG3TcD1zRB@*a~pHlzwoJV7a-%mW3+IUw2<{ zRTAVa4cUyWboU16f-HC|!hP>+WLAQ_72&+swNjTrZ$p`U}SsLCNGl$LcrSz-Jv6?Wepj4^#h= zlK=Fn@L8cOm-jBl_>L42P@$tGKz3SWlMp!x@y9z0vn1845i^<>~8L4p&`ln@1XgACA-W=R1jH~)P{gd8*;A$P$H z8Vyb$@qrki9)$9r5ffGE%Mg*9B*ZjU>nxyxr?4eoq`{a-Pb9?8uZU1p`2w1jSX@F5 zinfz&p_AnjYbU`)r;)JWMb_01&=suvM+ikUKC)r!3S9LH-~1Y5_vOqnI9Cqp8vrH8 zl8mRTjUii?*Nk6=344*4rEBMoD5J0C$uvmIFu9pmT@^iyWMWL(Fo}kS))Ee;JAsy7bL{fGo3?n zfDY6bwPIK*vzNQ-rO68QZo-L}urL^)URPfhtfNb@$+<<4bAQq!5BY97~sp3@;Vlz+rOPaJhBV?z@=?R+uE*6H*;X>!aof4~dzkq>;YmtvN_O1wGdTZb3Nh0|V40#f<&24gQ}4*#dG zhP;0{bcgPCUll&88*qfwq40up@E_&+PqJvAy`|AHrKxUKzJAYe!dEZfMHQ7Rt6CNJ zp6;j@K*iOYiT$(J6Ni9`L+}Rjk634bV7+~uq|DLL3gpPndEq0mgK_F>W|^^YAd9eU zEDGdeK>A6F*3br(%WqQ__LbjMU4zEe7rHBvKbXhq;w4FHaJM5LY+C#w(dcA;NMVwF@+vvll&F*JO2y2Tu z{7Yr{zU|bp?i__&@p+S-LRRu*dT2V$OriITj4UTA% zzRg|VL=-(8#m~z%;#IV8AS`A%Nzti?WzYo?BvW{F;y}dIpjpaP_DW^dR7NLQhTv4lEMlxe!-?d35U4h}#E7K%Q>B^! zn!s2C<&^*@hWug9XpK!zot4kvJOm$sBm3~=tK5FQH+(ikr&MQhk+JfHd#xe`g5vg2 zX*RSIqxcc)xn(NYMm}KENDzLVqt7d*@q-|0OdlK~%0op2B>`tC?+|q+Xqv8AXvuOI zh5lNN2RlL=@?>VVGmV`Y&~^#a0bEkLSsW?ITzct+BQ%`zEek#!r-FUqb0sWGp$dtn zf`&=r28*9ho}_GsuwCGVA5!n42b4^$1HKaYZ+q6Qw}ti7TZ8C733$!KG!UHVjIwk; zBpx%lJJilItmC@KdeXBBTeO$NBh(+dJMON#*O$bWmxR$%M>9X1`||~~$ETC?J<$|g zaI0o+4gHu)@21?_gUY4K%jY+lgzfsA7>`giCDF&qf@#Pc&j;R&FWi1<;fp2I6J3%% zy^dH4j&!DWL+X3tDvS>JOhPRt1Hr^t1bM~~b8tqj3@^g1Mfe*Ma4ef-p$G!N`4pnO z?o5xRABv(GuDaUsbIqO;iS}1=^v9lmfuq1oh6EtDGz*;si@;&U5@JzU<2jt5!<}bu2!Cbb zN3<8`bowm~u*y0=kwK+v@yI^DZGh|^Aw_)rn(6@R?JUHa5!%>0Y|yT-J&3X07K9FK3MZ)Gk}&CrNmKh zIAZE=F*dN24hhH;q!AEH7&BrwS`s;xr+``j;Bzyv)hL=p` zB6X0X;%Ph==bd`(hXhBdLxSgpH)6l(x1yFqlj-w+y*vKy?Ct)WgKyMF5WqVDoqHsD z{*?wq=>@?>KzzO(8Ia?-@1%cbGq;w<#QGuz*tmFzJkhNgr4BT1L&N;y;shjd1YA)a%j=Bcf5jr#L0)t){!)N21i^&Za;&Ba z9wX5ZOsCbHVLanYzxrSYI@u~d$|I#c7QagG$@@~+C&R`jI1sVxnc&U%;*jx}tPplG2f_x! z7>#jAuQq!iG!!Bl_>_xwML?jC2SH5vbrvnoGf_-)5F^5Dc z0PtW_Vhv8RgrRkAVd8 zyOt(Pi3z`N;OLSh6nHmqo#s@-y)Cm zAAFnhUW&gE#BW;5b0z<}z>9CxON8_=jLbWP{w0EdCD57(RQsR(H?P0pL-?bvq1k*X zL4XXkY9HIFa!nsCNrT8*BYUBeoJ--Coyp0Xot`?A43EU`ksxBp(iuwW1&-Jj!m00y zdo|xE`bzC`^f~4h`4F0{NJI3n#5ZvkOFH7NqT2w*QPiuEKuZ>oQ>3S-F6vW{L ziMyPz`Z1EB0-MGtS44L8M;T7Bva3)+v9sl_&ZBgY`&ik9Jg26ZZU|{8M9!RQ0gn}C zQxY)~YEQhR?a6``x&fIc#Gg6iY&;IJkU7L&ghTmV4Z9yw|3ZH0K@en> zhgVC)ywsCCNs;m9gv?czT{M|$5-;z?IW5Cl9#GHvse~TZD=xRwD=DbR0W4lHybjw>>2q* zBi^!gbh*MhSl6~WX1WgTsT2v1MreIKzeprk36IP(08xgaQE`QqUvWTEVK!pVu}m3b zO|cZ@HVl!veYeeKN)egIG=byz?Yq;15jqvB4lB%&PC^bD&cyZ9u%@Uy_9gyKEenV( zR-AdOr5NiVUda}qp?(Rb$z$jOFWlUWo1388A?hTgb8Ip<85#30j1T;^kvXGB$NN8> z{nyF6w@MKW!Fj6cf|0FD)JF9IUT7)K_c zt-TCfxN21`1CTG6O6m)6$H2<(n`+h?Qxrzs0|kZVSJyHo3_+GAWSReN!A+k;XiU?Y zYxWmM0fa_6n66sgsi$rmQvH!%EFe7=gQb^YZhaeUG)+@Sf#mVN)A!goA#*QT;S!?7cNrbOUxjl#@U1>XBim4G0m8UbSjF>A&|Jq ztS$kcMarfvw^?kv{^Drf2JEI%>Eh#;g>5)CL|%>SVY`Ava_YiPHc!2X^=1=VUyYO4y-n`i@j z^D_cAIi{yLIHSqbi^y-vGFD0|LD|EZ$ovbff>=YZU+y2>)e6(3Lq$gfqA~GE2-Ynr z7(a+`^+FE9*HRdGv76F)hzKV(kY-Z|_W4}%uj*(iTHLLbC))ZVXv~>7gmb%Ew^*Qu zFcc+Xc&elvDx$p!lpmq984hF4CZ=(i6OGywLa@G8!529%w?#VrVIsQrTZP{KA-X*nDBAMMNUx!4ZDW z3p;$`&fPkh^_q%-59rAJGNARM69E8b{yZ;yVku3me9TgOBb9b)Dd`r}Pl)EOY}zTq zXCa+J5`gDM8-oz~@IjDW_Vdq{Z3}vi`tt?MlDrx#%NMW)dyby$K9MgnhR+xa6> z4`E)D+Z-ovPAfJ?VZCp4TI_6|-pxAafO`C&(cLXb4z77Y)~-FRFX{8Y`bAwyU;UE8 zQIQNxDW^@+2RqT17%wnaAUKdo5+U3(U$J6=i-dRlWF|tYisvRTSb}-&lw4wY{CM0k!o-s#OGpfjKcjyiu4-1;eHq+{obx__ssA%wGlzZFT!a%5KAtY)% zE>(EEEj5UIJD!H@N3kJKL^5~2mElypATi?G81}0=f%$T~$i|p+1(3Xol_BZVPHd(3 z5&1R4uSkf6*___@LC%i1f|Mh4@yUR%qg z&va=CTr5XLb7Lyg>&p}?Ga3f6Q56~4YHlNoLd+OCmzSGY0PC$c$FS)cPB(kDlx2|4 zV_TMBxL*||C;^SLmMr#d&zJ%v9A;Z!L zamw_iNUDKFCcE6kDiG$HqjYG})Iv&(Ojf%LwvH?=)i7c()VAmu0qm53!oWJzjB>cA zg?&P9t7@6GZid@hE(Q}JU#o&?2@DlfupuvWt5*^xs?xSJQJjVRSP<)5H0wYX{xP0; zmxN{tRIZ*)G=N73lQ_8k^7Ufpb}Xi^h9R1r1AssmlJj-D=r zNflpVE2^r0w!LTx`B$9=4Wi2=XqCybQ=lsTxh8-!Y44=1y$s^6jUqGvP*sF4;y~{Ljb3Lj2F2;oflg5dYymo}r7r!;s}WLF=DB zAy@dBxY|??-Q28;3=ZnThsFyy>x+6mkN?HPmqoCHnNq2$}j?D6BsBk&A9_ zstZlBFysYg8Ha)bEB4aa^ZqB7A6IVPWbdYru948-Ajb)?PXmnpiLgJTz21(S%X}?O zL8Nq0JJMYePsl8+!H~WmF1)|FQK=}50P*G96Tz0*UUV>~(wt2UREJKwT}I1gm%gjg zV+%KtPoEH(XoQu!kCJ)bfLD;rpbS|i72}yw^lWB7pU(RAb`PCXJblPjuL;@>340jB}JRNz>Bm*}w; zsjI#4%3CnxCmx%*(Cb$Xv3x|OOulVsQ}kL@V@x4{j(cMq;C4!ajeVM z+$^JdcvL`?gJ!ozm!x#)n7BL{o(WaphGBLFQRbbgy*EUC~Q^_p{d8 zdhS%Y^j8?vt1h#;o}1N^gX13$UsO!&N*FAAsI7leGag!_sWvyCd=lTRZ{{}lBZKm& z?#Obi9iLkU+8efysuw|Fe;&Pi3C>i7!2!qr<>x0veJ_p+L4tUx=e6}k)vaMf?GcC_CN#P7k^ntYgC!i&bHrEw+1qu|YdR&7 zQA=tz3wQ~Z;usCJZ#`$kgh;1`SL*?EG67Q!Rlss+vRQ()yM81@gwRj>$8QhcerM%; z_rb_oieG}i{q1i+2;dePQicV$1Xd*AQ-V+dqJHdyDyD%j-A?8t0^4oW@YoRVve(vp zera}o>1UbypRFEVrj54zzfbnI3-`aBou^M8?tl03eEKx_3SE-<2vV+2NQgPze?I5K z;?M91eKi1zHTbG`@G(|o$QD7%GE@0^8c5HLQdh5$g`9KI#!wWoip_8gkAK6RHGKy#TuO{}i+ImSX@*plvAnPRd(q z921Vqos3HkQ0?Z}2i2Oe;V|S-1`~p-q723pU|}x+UY`~NZd3-+t#LjE8)g|_zVY~x zJi6#%VdzUL2Wudl)>0LtS0Gvfd#iLk{h;$Xjb!kZ`VNWjqBknP5)1;|2}%n?k`O5X zDt~7(8p~@5R!fS=1kps%m3R#a2B)jZ;FE2zxp z=Kq%B|6>{~%lrSY4)MSDc6UnppPk(Y{{KFns-+*(p!$@u-R=28Ek<*-h(MCZj!5g6e@#bM|t!qT007og>DM`z7t=Tc+I1#p@z*V$j zm+sm^DRw3=Qx2$U)7Hu=54+T;k5 ze4MLF+&M$t1^HZf7X5Woh%=Q}BQNCmyp*HeZwm8}ha-+JHuIENR0YY+tzEWYDV{5z z)iV{TS1ernFsy)WtVYqz&8VfYIC}prQ>?ZW7FhRnCoS#I@1h$PW>Jts%r<^)0cC>r zCT~NlVM6ay9D5EfF)qx$D!KPQ$ zRjS40h2|{Ul-toN)~{2rp)6LfjzWBAJG%~k?Y5|^P`ksMd+-@{`5kv@>D^ujuDs)| z{W=(vXuxK24?%!I^a1r9pYOE!ML-hd#9e&J(LeryB(S{il|svygENS=)M3|_d(^mf zAzY8q`#-wCi!Jm>_??ZOH$lbGrP+&Wr|?z4Vd%L)D#(xgCLkC1wl*3f3?ZsXNQYr7 z(~IhYzkAB17I)r8qZBQtJT1HxC2Oka4*#rw+GR{E8D2#FvQcTJsZGpXj>xv?W*z1` zb~u*``m36{TYf4JwU#jDi`7!tDjYupUA+a;OViLCkfRde1PYU1j&BZ5zkm0#NFQDw zo}3m6zTW@#;B^%pX-l`uQ`;qd6}^!3Tvj|azxul~~ozaqpMj2e$%1#4xNIY;SC=&zR3uYT=H zq$iEm-HbZ&0B)JLh13{JqSr5``?#2^0xcDn^X8^k%t}^i30_q(f5Wg^&g0-0#IKbchjp=B^>$#pPCpz$ zf2Jd-l9SXc228%+;B-cVGR;}y4xs@qc~&(8lWxs?4jf^Q+fcaV{*G>Ll%s_i_rKW5 zXG>}B_%_l2_~Go+mk|}ju>S1pv<1o*7^O4BGCi}TOr->dZiYH*k@LObw_S_ zHCLsWyD-)&J3&DNUL%Jrl;-oQxPlUL_VnM4?AHpZR3Y%qMfj`Q#CBA%^4^6gVXY|W zxLFklm}qJZM5RKmTSy~%ccR^#1X_ukjrml+-(3z|(VO3|482k1XDLEV1e8Zs8CxY% zSF@l(c~mY)CTN2uXk+HFAMiqz?f=4P)ZZ+iB7QHmpW5TOHcG za&Rk4cG84ZUv<%aa9u43nGk0!I29r(tuWL!xYp6up{wmNE{PkKQ9G7;_InVxqt7pN zLccE^a_Jy%Vnw>C!tHD-ze|3pTQ~AK*zcwzg_dRB$TD1QR%V>N-xiuGB$KSDWzr?v z_2Pu4)TiMHoxV7#Z`#Up-q5N}$z2WE5-)u!doSbY(*5q$*~!6+_s55)|2f-#`R4HL z+53}&@-F&!IYjL%> z+Dq0Xtm`+h@^a+(&2FQ8_>T5ZPJViK{Bm=d!e<~>s^Hn`tNf9M-imKq9)2C}wtWip z-jF$(s)p>(^&Tuit-n`1YiEn0&=MH;z0qaee|SSHhdq zqr2U9jV)KtC{(G~ONCujMElN{?W(BPti|?K*lr_eC+Dj?uHd?8aibMuVdR$*z7|#v zw<`{@PDqt;S=~ypsIs#Y`dLa1dtz1A_QIT+?G=YL@Tx^;RY=&W{8mMyWtTfRx~xJb zB$qhCj2$I(jH?9DxdIi!XU-jwMhN*5l^_}f;B|uUk~XH0f?Vld`ShSi%?j2W96J|1 zFObVkZzH$_OqIW#f7H3$SA=CHspsGAob}xx%AD4tUgf=8A1Z2@bw5a!k%88+!S&6% z`V%Ue)wcKn*wn914pkw2YLPsxHc*fFUaWywC1P*sU|!rNfS^YSr72L+3hHkOMpc-G zcCZ~qmJLG^hq66^+_F6`%lAvNeUX{A=ZRi1O8sFa3UDGuRpdlP6!?*<~JifgL0#ExRMy zIM_)|m*Uy=;NQB3EcH@6$wG!x(bF}4$DEO9+RM*yRsXTP;zN#w2I+WLBbhp>VX2+v zgn;b=z}0EKBLh-fo>iTM>z&;S>ScS&j(&@gY@NKWv6)U%xVob*Pq2za$ow|6LGF+@ zkZ+9_vR+h-cPHUm9d^rX?)*;fgh-WmtPYi~Go9xE1=>wEc%`C^OxPbal-o+rGVvc| zSlWb!807n1+h~dZHr#t$jQ_SfeEReu{=}S~0LSPBiGmT5 zaYT=4hW_$H?{A{vXaSSfJ^p$<=TjUu^u_o}a8QAAU7 zZ9>R;QFC$HD_t~}I2X;Pu*2rGa|9ce#p)v~z*q`$W=8us3$X~Fknq1o%c0Qmkamz4 z6Yx@JBlMx){~4{JexDB>@i}3T`7#oW_KyzHlo!lrruxt~*);lFs4r9ggJbR`PR3AV zic|g#Y()7VAz^9%=YonZH`DbaQaB6DOmCyI?XzV4!~miX#U{mHUwWT@u4hI1KjxDk zO}iZfZS;TmWLTj8dyjV?@;}_mbLaH`Td^`$I|f!FyK*i5?oJVwjeo&@D&=otpiXiD zje0Ftu-foPs-8@;(zSn?e56@E1QuJRP;uYeBrjwwJ z{y%y8q(J|l>^^yj|9mgcQW7kire6*f?N>6TKMO-&5_Bz3Yt<;^c85%{3?x$zqsXeL z?drsUDf!5Hv)!PEE@dbxmm*E3he4asp{^`)Kx)yG&dk`cy7rn{F-d9s)ltL-14E~1Lpl{0bNA6c!`4^VuV;)$4YcO5cLz(Z8HKPtRtCFM!HX)G{^39$2 zAlgK!wCDcHD%aoDvkd=l8HMqQcDmjN+T=fv9~a~QKYsG$f&agkr_rL4@9YT)u{iQx z5v^HU^?^IxyR;yFr_OnIk@G(^%-z_O)*6F^_as@hcpb?x-bImW+Kn0@C>%Bs-KD|$EN za&^DMnwQ}((5A&cx4ONX7J(%y41+kn>MA;pQ@Vuxt`E1R=)X?Ew44B_h5qmEmgxWP z_VB^}=UyJcn*x<+$r!uY#fEsZNaejaW&=&?U+NX~hmb54ZOfrtwVk2-R;z*dEDGir z`y;TlfooP?!mVBk;7t3qz@^zs{n=}4SZW5QoEyvxP_=K4ArU8O;-z>hovE4pRqR=s zfJJz%+D6T<#M@dk{0VbiSfLZoDmxL=;C0nh8$_R#5CwgMJ%b7-e}?@Fmd&N~JeMp? zX7hXGp2}{z-+By#BY3|cZSQYF`y#d#%jULtLpM>)pm%SwnZfUbLZ$8b(ulNbnyYa6 zRO0|$n_E{hPa(-o=W#@f%5z0SK! z(Yo4g4oS-@3DobJ|N7F;GW_2RdqId9b5!Jrj$B~d{eOF>X#cUd{c!)kpQo$)SS@pC zdxW&Hh&d;$I&pwBkz3I&P_5A~z$tz%_DdKH@7s`BZU>hP~(My{y;1L ziqA6ipG4CHGq$AlNBjMMdsy`U+1cIRexU#N@q8*KycAQc=)TVM&&ljt=|AO-C~&Vn^UT

      j|<5M{aM6Q(5;UoTYgz`~UXK5PeO&SH-WRlxxxw*DK6axR0gd(D4 zZ7P}D>4iW@W6!_9DsHuTB*l1JvmYvo>QHw%B2*oF!jA3WRF8(;k^8_gC(fEQ4q2yh ztz5^>!|nLtS&sjUrX>0(WqHdmfo=A`drwRHpPdK)zx#QX*2v3c;fTc$C-mdO(NU%D z-|QD5Km=k&X$K3=pyA{!PNxUil^?K=@;!fs#jX(lx-kj<*%M7%;wWY4lOn_tC25)m49ReNXHT?oBkJ(ON7qmT zA=|^LFI$?Exsa!@e=0Qyot{l-GWSvh${iA+^$(9yGRJ2j^}P^rZanqUjQxxrC3sF# zeC7o~!r#lE8N&(x@oR=ziZ&i`RL&AS!3j<_*JYo;Pvzr6b>d9f7m8=N{m)#f1bacD z2ru=lP>kWIqS)hnp>Z~uU{0KJlRzhvd@-1iGq@}?%@zEOLVSrs_Ix5%PS# z9L>4|{PoxAZzRt3F8XKg+u58%XCaQJ=?o1o3g3J>kI$e-Xs7TAmWueD;*aSd4*3Gf znPz&I9`h3tr@7Z39qR*B^%={Tn1|wnRS*)E41S66RQ@?76ZuyhO$)ePddZ@$yV9wL z|L(szIXplghR&0p|HtiHW2Tl+dN#vefD`mRWhr{Z`CO|M-vk_AR4@s(CQgBhJtoEq z7{S2+_7AYlyW88=RNmA<7wL&sfNWJ@+4yWi!W1WR@=A8J)rD!~V|!ENKcjUp93J%t z!MgrCSa0c5MNh=`QIFg)|Ew-{cIkycKzFvc(eCyR8U}48cejUVce}Ni7cJ1^d0naT zLX5W{Wa6DqqcowRUBwFmwQ}_H-_8*nYA>LhkFuDh3HIg^h@hiwFrcpULNti_aW)Q# z-?wWmxjqKX3j{XdES-m|t_&}ZPqOiQSQGvA!V9;*-nOL7igE|Fg-88?cj={G!i$gk z>hE0F$OLVubBI@jTx96~A@{5QaX0?Y=ofbFGj{z;JiX>5=6Xsd*KstxCO*CPv*ddE z+cmqK^8bFjp2vIFbUMAJ)645CJf3ep+RUwHgz(3hB#Jo7=j;5^yXh7Gx{*irm*(8= z=2?dSk7*DPmSo^%G0uW1?q&$qrvKY{vRBmqJ>7l$!2jRJQ*@i7!Am{G-@+6Z<(V<$ zA=9!YyKWwEsjd3z4Jpk4X7d$M?$`BU}H3D&p2x)U0T$VAK&O(}znlY`Um^!t;8)A#m| zqZj)}^4Hsg)3a|6-@ZIMIXM3DP-giRuaEbCQdRzQa`xi;<9F{)<%>5zynUzO?Z1C{ zczX8J@!{!#Y2lS|LD+E zs)~)vzw(ROTcHUyv%_B=9=*uFI68c3&0iMnv-b?k!!gPDal3xZ-|k0?bvQj=lPLRG z|2>Q25YKUxdZ7%-SXXqyL}0GE?<(EZF{LT^c0syZh3vz5`IrEP!yR~P@! zoud9{xVN+SaQ@%NbFcQF;38CK_jy!BYyS|egeaf4bhr9$8=)*^3tFMMuWe*PA}=Jr z;Y77zUUY6k@g_n~@rDMtWN=g2KU3ToQhw( zFTZwS0qjNSF=mW1if`-Ns;piYfaOc?=;fYe=>O7z-{sSG{~K=a7U}=vrw{u7dwHs^ zK{EEQQ=rsMQGD(DAOw{CBhc;7VYL6L6o0*VrQRsTS~ek-Yl6bxVeEJlG=8%pY&9D_{t>{EnNJw4|p;2%igF4q}{A3SD zzAcUV<2czYzyFt)0JZUdPaYTJKkN)2{6FsJG4hIy-$&q_&Afmlmk&Azry^@}IsDk2 z5Uejxth99d_c2G3E9Ol*8IvI{a~Qp6IH{zJB{@A5Kk^v6qDf!_j^(>Da9z5-0przK z0W9&N0P?@T&E{xty9rEF%JP=QD3^iC=UvV?E`&bqt$)@7WI6i3RM;Q=w9x&)tXM`LcFgYK=Bo@)pW;kJ+dy-dS)TJ4mmkIalont+|fS)89lJVAoVx zP-O%thV>~?TvbWO6%zHVFhh1qqw2z+J{9D|WP)lt@S1wTw_fN)K2G{Jk`?Wkgiv)8 zYXMW(eFz9PG20!cd3_5ae7n- zzCxWQX`-=K`o&g zm9F74<^L?;^tsc4eg>t;?^E;#&kFlr7QM6mzcbt`#eaFaz5B5L@8hZ7|8L|JTe*K7 z$H@@^vtV4GCYUnFxm6?$641&w$!7HQeyiG^-Rk71!fi}|+i*1(QdPE^!!DGsX{TVZ zi=!Z>BvQHNNtEK`(hHl$L6zx-J@XSU#-}n&i;Br@zieu&vUVX-+>Azw(;PvjnO^IC zz`i<^bMfX;uu}pycQwH<^dy?<*|J`ZI!>PrrFjk!`h||6<07@2dyGTuG3?6j^}G1g zdU4!vCiU%re~AEJ-th{XqdSm?oPQHide=U3doABLtY5%pmyFDz~ ze?5KB|KH1Vul_$x@!#`_f=*<~lRt>g?sM3Xefji0<+!HH#NU6&-Sd#UXUW_>ZJOeG2{kzbjtqWHvf?j%+L@$`jjQ%4chtUA47DFysHbe zKKTC-`u_CvXz)p%bUQceo3gPFsQ-vJ*hkNwqyEnJb|3vLV-}X_=8F4&sZdaD_MgKi z#r^-}@!rGz?_QpY`(HH;_#H%u`V#a)$3&=&%_L=&RRNt=j1p84xJSk9sg4k2e{GBp zWEHFoMPz-qLM%B*$5(=1R-`2Otzs>~4;^O-ehFUtfnWRGJ}c7yr9wfp@_(iHKf6zd z5Ak2`<+(NeU&c%H)&U~E#0elHBvi#e5Qp6tjeP(k^7HBh_7?lUvnzNT|F>Q8|9QOg zVE=PJ&zIW&w{j5wB4prxJi0~K?%J)J-)sNOR!k4is?Un_e<@SYHvVt#aWVeaHZ-85vG31t zICt4>Fr)OMKSJW5%0Q*L!p>KczcN8tjq)^(w7Mz2pizoHrpovt_p&PZd^42FIJLF; zm*?ITyKxqVLf0-e!0`IWyd7019ImdM_x{S^&>_BUL<4PuD5?G?30|>{Hva$dZZZDf_Hg?l{@=YkYv{;JQ=CK$r4)&2MprW&p>amSfJ9Ri zd;Wzt#mw!kq0<>*pko4$R5rt5h^8SO3!6g{O}D^UJ|&kJO!BSwUKI4!P=u!bWGq-awR3=r27;q;m3m+v=51`~E*Z*nj!v zz?}yxx6!=+pFY{yF6e)TPj~jVANK!!JZtDXG0*6G9L~`TKKH%eSLiTesTYPKc<~h; zBW=vdNrFffgFeW*KW|9$7Fa;KJnr?*&(D1tF&g3?KTZ%4;8iwp zRgss2YO;CW7Dqs$bxL(bh^frq3i82!O2-yBveEf`;m8-~qx$w82TGg5wHUpRNF7d@ z`ZNe|h*J!oEsz0@L%NvbD6POmRx!mzi>DAX8aODF;5og-45@zqkd1K?;S@7oB&HFh z8uu8ZKJijTQOyW(7@`?w50oqV6;BfnCe@3OvbIH%*W_n{ha!B1=H4$fL6_nR*z4`f z7oq|An*ZXLf{l<|V01Zjcidg%e1k4`+--MzGZzutOF1eDMuZ_R>XC@|#7oII#Auvg z?}B3?;YAn&f^#p*ybyUJe>$MQhE6Hkz%449c6PYkN`*P|0_-~pECL?A|6 zSj=VOV$kbdqa%-V(y5(1xaPS=FR{q6&AZh8T&6S6x25VlH|-qJ0GUL(Xig$B&*sRa)GXo^k#H5v z>ha2D@I0@>%lim;Wl<$&x5Ud3#gjDgQaoMMfa2>|6-7*zZGw)@KcRlQh;e^}`o|O~ z_WL;SQrt&3P51&{A-Tj6X6z`TW87F8y_Q80ltm1uDfoLf;l&Ti?{L~5p--sKIb@Ec zZ8Exr`kcA$kI?S+_BOgfeG-wBc;QPNdW#e6(Icli;s@M5#p-YC4-%tIR#h@lsju*u;yeCm&b?Pue!9}gc-0`J+guYK?9$6w>G zgQq(fKbh?A?mYFMO@`0*_PpKQ-6z2$`19i*+6890nY06Ke!0Kb~@=lqmeVZ?HHsfcY2<5jV~RIO^fZbSMj0#R1Ox>g!^ zl*>X`5B+ZTqqqz;@)j>LmeRSpHnl>(8@&9sJ$)@=r||V9%j(%YJgUa)F6J>Gow5Sl zHE-Svf&}N-iIhSJN;H;r(FU0)@hlEDS3$29FFRJHb(skXOF5l5JVGxHUmi2zDS-p& zZwe@mEAaa8^DXGA6@{{H-K%L+MXdp>xC*X-kd0R{`eFl}*bf3CI0}uT5T;LPf@G>O zOAWX(Vu06-vUEQr9>Xp7*JhZ^u2+(He`XJnM@JDYRhnzp#9h1>IV7sI-y~R6Cvwoqru=pb36_sQ|3-dI?Ki`p#$%VIbJw+WX~L5*B(qW z65xUSFff~EuqNBzbnl9|q>VczH=d`jPx8Z6Q~p+XX%~_9`{#?J_k%Zh&Ts0fmJXOO z2+5q}sPQc~v29e-vWef)Kufy$c@@(@vLYaiDV4t!UX}$-+dQ7?qFu1N%y4eWAIB`ooK)7L%d$9rECpLLb2MuJCHZNwjlP;(wY@yHmVG z()mj4u95sG^j5wXp)nSwNH{EfpF@_?1f#%9yS>-V-3vr=^}>lvZ|ns z^Z3#~M>Ij_R(!JaO~4C2E&r78V&u0byiUk(dA#(P`JqSVrSj*)?eEB)%%dH?tq4%e zqpcP``tb$u8v;VbJl;xE)euVPJdamt9^1z2uJEz~B$eS^qa$lw$@}lTUiHXn#4+}Q zpAwSdcae`f6O1xmO&1mmuk=R~O{!KTbW6Hw<250X7n0wq$$lMPrc$x|`3KZDY$sWbuXgO$UxhcGErN`k%_KaRdFTK=j zqO8~Ga3X?4Y@vWg>nUdrvD}9Aik~|(5+g4~V1k;(=o*Y(?*y*~ZPPX4MIE1)bpRQC z5DH7;g68QOosToN7}Jj{35%=ns?;{M0~%yE}B3Hv_1}t5Vz4j#pmubdApY z{oCA!%6L_(nA-8mtDA1CRLbGia62mF#o52o#R&Za$*a-I1Z-LUYd-|xVu~%!3k=F? z%HN7k;OMej-D`9J@&O!Ol7xy&#-*1KAxMio#xO9{N*R4yK03Mt&wy76EwKOQbE)_i=565u37<;1S%AikSJvK1n`%>XeoV?6Q_AamL4fr|$(nl?y%0AREs{i% zqNr}ziEbOOXEX_?bvBkvU0o1Gj5XCN+|`&a ze|uT~kCuPRDtJlu;m+}Tq2e+&pw@(!_J1j0c#G?-(2d9tQB5P(gqI32bth;^b}-DQ zq)oIW@H!GjzZ~f6Vncs zGq+u0ZED?0ygI0OZ!5{kg*$IlJ0H=YqlwYo;PtxGkO{mx>cZ~?ucJ20I@yjbxi?A; zV`isxFB-2UEpc;rN&Q5V3`e!2G%!_io2q`CUyv&@O-L}fc*Y#rP?wcl#;d_%xQJI? zZc~ZZwmWo(kCztZRN&QMFGM2ZI2C?eRqGkOe|z|U-yfX4I(&WbcK^-6N#zB&(}AAD z%P>zh42Cg(0;e)*k$6P{j2QM3e+E(tiw6UTv>;%E3>;qA!1DW>BNAy^Q^d6nuag&w ztv;{B3uG1itfmvK234$dZXVMlTY=N5#Y<-tiELtfjl?8tZYM`xOK2ejyQ-JB!iy$T zqNnp39R>;=noPZjFc`Hh&hKB%h%ekVt%+nanuUQ8>vZ)_YsG6qL(|P`^qNkI?}bRb z<|{;?qXumX5l;(j{t7g#6|aCWzM@{jdOb(iXx~rCrI!k4%u7lFF+}{kTyNr{go6Th zOEJ~0c!4?Vdmek1byU6$^jtTO?pMF^-K;3`? zQ(M8n0b{H$=@T+VbAEq^u`1IS4}E5!3S3YL=}l$7aN| z-C4Fqj?LgzNg3J*gTbd0Wl+UCX>zKNtXyx)EjNSmpK8J7hD^)N>m-of)|(N(-^pq- zSXG}wEvwC7(_yWt!YdA2HC#~6tjx0+K4ZlQ7LBW zJs=JziEw5bdw#>rSF8cfd2n=(zukY)ApX7O8UVcX@z>~CD)3^Eq64ryHc4&twMq)@ z)V)pyh0s;RZ!4jR@bIz4ju0Cz^0BS(HK>|QD($G2^XQ=sV5oAlvBg`CQj}1z$->E; zFb0&sW9SNp!U&{#jB|LsXLvu3_mg>@TNvj(MSwI_4vFIdmRbd}Iu2W@@0-mNZ}0+Z zB0k>7Sy-oM$Qcr8muAb02&T_2|KaD_!EbyDcv-8X3cXgm?A3L9ykvm7x-oi*CnPdq z>;(IbKVm=Qvo~Jo1#FCfEz9!Nj9Gf__585V9#ih_xt?hs-Y2SqA!OVUvh z*Sc=(psX`dh0kogV{j&I7p@)qjxn)qOq_{r+t$RH*tTukw(U%8dt&3>dA_&4{cHd2 z>gww1t1qmz&huE(=Sr;#dJw%&8QJk03RWs{%Xvv2%B>wA-&=GCt%z7TZl#sC3B6H@ z)WUSCz9O1tw3e_+J=|ZM!tkx-e-V13#E$`~Eeo|11)Vc8T9*pOCh$takW2N!sb-_> z2RfnZ%>>Ul_!pmIl-063pKkbSnT$GxSemE>es5S@p@~|jr<=10$Z!pyKqqQbMSQ*D zEzMx{#67Se4$qG6fgGEmN|PRi|E>(sM`NDf(6r~N>@AtJ*-IBfPLuU?4oM0Hgw**| z1eriKL#D)^qTlQvG=FnxZIBmALx>#9>?7St!5lfVVh8w?F;j0lgV&kmPO}KJu!Y%1 z!bkZx*SG8Z)K$>SHQmk-;lnjRMF&(~O!p4#Ia(Eiv4-qA9%zCSb{1*bKtBzWLg1ZE zLL}ix(sSLkygj04LZ=bwCwEl|Nse&v-Omt$++6P;=jLAxVitp5w%Wrzy3TEpijh|~ zE#U6I<92JJo%BZv2!QU4A5GVgMpgt!X|R(-kLWf;(3V&d%}6X$P@zEZ6dLnx3VwxF z7w0wC2yyRu^6EPW6YXe0(3}7~CV$KzqzqF~l%YiwCA#w;pTIdev;XZzcKf#;6GK|DsF9VsOe3RQ+#av3`ec;^B5^O>g)P9x!9jzGd zf|WCJOeHymK6~wkU}ekY2W8oD5WaedE9}nE!AM9E*z8Bn7O^Ks%$dm?{Ilp#eZNb$ zuH2gN5I2hD_HRos_BUW!J55xBEt!G^XexJ`XJ`HP6NFa~%nRxeH+9N$Iv(RhWX9RF z{S1`4QQ}J0eKhb#AJ^hIw$ogmisP6UVHQgZcJhLxdt#oNBOWlLQZx4 zb>8p+S%dyf{jT$^oJHyi@$+202opyWSV&(#LiNZ@BMAOx&eM_y4&?ABUPVonWthDf zNMT2$$!_}@;;FV|>;H%rJJl+^el;P#JJS}L{wg!~cFH19BODV*I~b8_o;I&@?flEd<6WD)!ka`HRe$=k5F9Ti;aTXf#hRCvA67!u zZqG)TU#x*tU|*$V0-3TQ)GA zLavqyp-=3Bka8-VU@Geo`FThw3akcy+jn4m1P+Bv6JR^Df^Q+=y!dW#ep(6F=% ze~uTj#SejsxXgZyqA9~b`F+Mv2o7*R{+A&jbnj7}FX`axv7i7AnJ%WOOxvg9wvh5T{L}>!_oCHCTJgOb_nlJ6!`qG=SkNdx2=Ex@ zvdCZ`1~od`x^wnXA}MSzX_eD~D!A!tCW07MJ!XefViV?kqU6?-DCbD;e2|y>*tA*e zq|R3l$ZxwH|7PFlCa=+Lv6s43X=K(O^umdbN6vZ3$>=cNMMV8iGKc6Y>3hr?&t!7) z9Q}9mtbh+z&q!8V{GyF*=YYRxxDxqRR|J0zpY68=&P8<|awNO?2g7Rd=9ksvnViZ? z2eemP)L06#)|J7;gQMV(@*k}3BzRlzHL^*?JZZ|6X4q<&BD=`z;^k!Ff7kvoa@ov4 z5RsJu$%7O^C6dG36xb7Ik6-o2SVg*fdk4qK0QTH@ZEzd|D!Z%7`R8}WWT8FkThLXgCT0crltws6 znIOgVO1x)m2*JRgMC}gwrvlcbMw{CYMiw;GB*!Drus_rOvHRY(`_bB#mKTlY5SS19 z#-6V}rLot`ze)F#Mj#pjeUV}>ie9!P45G$)HtraO8bdiaBnuz%NqgUNF;hJear8Fnd+|IQm(U%sbeWOBK6pOuX~z$s+AtXb#hj z-q@5L9jxeZsp#;xY?ZevhhCdnNp%uMM8uw!?%@OeB|F}rsML${F$1HWyA(mtLk&FHt8;6}X1QRe_LF0X1Ye3Uvc6ieH zDWs5Cj_9rGP=*wI9SjCL6v7>rL6)6|io&%&AELFG*}ZKTWPu8k*>@h%faqHKFC|VX z1`1qSzs%3Ov7J1M(FxTs`9d8=f3M&$BYG~cqUo=)(XV@EYE?Bj{s&I!t=RvRk~0P` zi>i=!OQ=)je6Av9O(;0LI4#TLKU`6HhY7{YX5%lOn?h93LV=BYKFyjcb$YzUTJ<=) zlX{6Ut5kl{S#RIPj}|MKYFI})mV_`?k<_5zn_|{HU~}%%2hdh)=!re!9(Z3G2lO?! zGk+f!{sO+c{o3-fL?FmveEoav>r>(<3F2DRytWGo1QXv^vTeEomU?;yfA%)=d42q+ zdZ3ml?dD_$(|@*pwq)#^l84cNik-`Eo5;Ug-}Oq2Xso^r7NDg5{Yx&4(IL!aZ#&Ad zMsdeLWS?m!16!=b>hqD|2CPP>Fo)Femj7YliYtXndbXakZhMoIh6AZK>VyDR{1j{A zrnlQ9MpJ4F<{OyIPpo-3E5TM+Vt-D4sGb^yW+!$G%rPf6b54+o!8CGMBW<$2k|0(Y1olVG55#W_!Fp(AU7_D$F z%QXy&6By?J^@Dh$taoLxM^tHyMTpSnU-en0Ibjb^R}X2C=%=0?pnxY0M3yC>T19n; zSXV`niHValo;pv?zQPt?z_F`@yjkzNrjd$DXd-5FOpc7WDNkj5s{b$6D3Ofw+b>&h zC&Kh0Grm2?Nosf=SJny@2R7gZCy7hBD&1%T+0jP9Jm3$$YAi6xeWc@Q-9pS;XU z>`_iDLJYnBFK%L75j@*;*HENVRQkq29me0yW_36>RenJpO50-h_B4t!7|G&jO;c)7 zZdlf;=K2$T9oWRkZ#a-h-kdTES$1%?vRt~nXAtMqH&h7a{24yg{^6`-1x+2(aExL5 zCh|l(OK<*gz}e{Xm9+2PoSdPCd}5A$I2KvAuYY%K(6ig2m;~ zH&(LD4J1?VpD%H}3o0);oh)V`flzXiaM;s%0C||8C*w4%cpTK@ZYY{_8&K>`8NOV9 z2D`U_)$pL2WUf2p@J~FS@hYDqUgv&)Rr**d z##>zg`-v;LOFIqzxHKPvn!Kd}|BCm*!;tqLPDw2NIXJBtGw{re)ADSuHVbnYZe{qBN*( zuTxJ}H$O_sK-l~`C6y4V?58l0i#2UwhkBT~H9gPgq4HFdcyNkap=zVtfPS|=6fa4Q zg#PJ|4LXo35QFfi=J3R*Jjq0@9s=*qIXE1j#+75m?w_6P<|s#U_MXRlJ4Cp_!)!saSkL+58R)M2B2@{R9FZf>%~5VV(~N~_&NzeQL>KCFeXuhI7qhBDy0YTk^8 zD_*JsG?I1hiPk?HN5~C6t9GUv(F5M~_HLsVA~#uBi)E62-b*p12DbIG9MR+ds`m5IKrB$^* zNlWa)tus_!7Govk4bJJ^i5{hvs$^dp8FaBdex!E`cv!dG*TYznq|n=dv^#QPRkXh@ zVAchk+?v)F&UJJ*gUt?63su^2nyX9o92azq2s%<)pHfyuqckOh+ux`S@dsCi`;Z*8 z25Gz;A-ktOS`K*$vG(V^u}-9`9ZgNf0xW-k*F#DUt+9n*r-{Do10~@EVNs$l!=4wq z$jK~mjK)8tR9cWHKd|k-0O2sD91OjIbQU3C5j9;@D`=HknBm(c?k+a+8lGZZVOSpt zu$^&Sc0>ce%%-Fm^2GtRdwBRb9TsCP zv9OgRKYZIddFaM~u7pUfgoodl2^F1W0%+Sa9T)@T@y%^&2<0g1LH`=kYDfyUNHF_d{Ku4(;8|G4a2D5SV5t?|UID zXb#K9N8=n)-d3jI`>`S29T2kZJ^2km@h3{V0NcbRS0TixAufLfSBlZVN?rQIY1Tju zEsVST4BcO!f>I$V?|-~!?h@pNg(-lA&E!)Xal%M?Wx#*YzqrM84Yf>CWj2Zc5Ytcn zRS6$=D_EK#xubo?5Q@a-62IXbXf}K0(4qnkS3k6%{@-+t6rFE6N3q7{&*88!A}@PKk|0juf)evU5uY^3>Zoxue2Y_chdlV`haT`O zVp_3E)=&N0kJKrOvU06y!Szf2C)e*$`L=4#0N>r=tXJU302gEINP%{GDFJ;Lhc5qy zS>v?y5l1;6omC*vhB;4mZ8{k}9ds17V4PwYum~MaP~fETW^~!nq%o~F%%`WLjkm{s zmt~kj1o6x5Mqz=)tvk{@c-V@51Kjmxjq(6JDV?BCM7$4W&u58zJYqNhmZi7cZAZt_ z#7>2G80b!_fQ{t0$=gJaOu-_q2z@W2t>1hJWcXqrtN6S^9=A<&pc;0kl!|k(HU~Wh z00R(9p5}PbFk`#H&K(`Gd^?IRj+~Yq__&{@nr|eqiGzJ{sEv&ae$aAiAu2bDkw3Z9 zvd8VM2uW~G8(yMHwItX)wW9! zpwX-cmToPWLA(}ff~^{3V+`Lax}#*`g3GPEw=8?|n1^xoN2>#psdXd*YHKtgwc9pu zDPlY3hl+ZSb&}ff@l%+}X#=f2imTL8XDQqee%_M1goXXZF&*FML}>%$LChR=8jLeu z?D<5i_&B@tX;g&nSql|aT@nE{!Qa#g|aj8=*dVS0uv=~35NV=BS9_0VsC?DQ%HgVX!F8lbOE~c zrYW!+S&FlQG-k!sb($EzXRb{oc~X0E9C|{(C%YYlKYo|L_QSWbwDrFqDzp>n0jNii z+2^$FW6woLlVFRafDsjICnkvzHCUwxa#73p$UX1*d|X0udG#%`dglyy+nUMqxzJpw z<&-(MS`%0AeY-rzqFi~3#X!d_e&FBctzvM9mO$U767^)~Ivy2`@c9n!ahlQZ zZ5hPenRdf1HJ+SN>=rTA4(lMV>c-x#X@MKog-LkMqFINL6I&i50w~9XH^00lMxJ~9 zfp=^Ub`h^U&@^;G?>o+}L>OsDwmNEoTe8v)obzzxgKJfrJlN1;TJ{VSUh63FKCPs4 ztO}>XK0eGsxW7;o_nG!2ju3xGI*x!@ z!W87vBX|BCOcU}U$BA&*o%f(;g0E~c(hMe+n#s+z?t6>9jusYfCiUl0J5#irIKHy*2)umM8$H=^buP{^z`B1vaLQ^TT5`AVv;L3 z1uG$3VyQ=S@wk?hM%b$A3NrSZS4cNg_Gb!EB_x_?58`$pmGc3U zakPwcc_l?dZ(n6`&}6@F|X%^Nc*B7z4WVW7tkciK%e!^p})aKgS*^S5$Tnb|tc zuvVo-ol0kAn}jHG1B56|iGnC=hqL;PYZBR_2!pGVC~LcxZf1iKN_xsAh$seN&Bba% zQ}e60;ENJ*WNWamoD((%_0)WM7QC~w~hO2?mN_@1%NkEpry6K?d&S&e?#ZtP?^S5ZmskV8*Z2 z_e>WfOgB&?O?xaAM>156AV?i+3iHNJ0V-0FeA|X5rObBZr&Ar9g+}W{$-m1VaoP}D zZQuC3PSs1&8#w?;SfoxiBvg?X^2|^}hct`-t1<^j=gK|mXVLj>5uiT?y0hT@+64YP zif>wv3_#@Vv#lN?1QTJ?2)Ui&o9CedtX!*( z#<#j9N0?=FxC@vuX6!Em0&qG8NB^}nZq*JH9Zobdtd2hBI#Cn`vy8ktbQ>s`4^JQE z-KnDlxVv9n4(1|VU=Loj)W*T6Bjs32$GqlVLUiK3?OcNY6$Abuw8J_DE_QeS&w+zg z0z^U-`s0AGnVmQXSB)!9EJ3VuMbmV51(e$i{vvC7bK<34@WoJWOGGS_{c6>|1Fjta zJ-UKd9MaTu2_PF9rl2HnIroHhTQ zNhi+pUpjT(>x(h|HU!tY;(vW%1^ONdI#lU= z5Og>J)z1=YIH_6v>-`)WDj{#I8Bcjma?fg|`JuO3h2P!G2J^fo^c%g0jaeV5?I}q> z=uXjB-?=r-1Ae{<<;oA93Oj2Afdq*bQAv0`Eg~IsHz)P6bXdti*n6+z z1#MLMOHE7=)@$FVh-ZFiPfzQQP;qyff4(%`X==`o${qJuiQF7nUlz23D{b=eDd5M^ zJX!9|TC4+jgPFvV6PgYX27t+(I*v&CN>~);o%9!QFprvR?+pIR1mGeah}pXD6~<++ zD^K=})))W8J;Yt_`HXKj0`D|SUD}brjEOYPabB0HIAHeY zZxo=dxw$RyopTn7dr(ry2=s#f4Rb46BJ8c4&<{%>XbYE@Y^t7p?r6+>cSYbJh?t#3 z&@Tk^DiXho5V2KJ1}y8P6{2e=`kC{g3V@zK9ERS6J#4bOgC^g{4K$q;ydE$Juz=y> zlB6PG_5<>y+@J5CljJjhKam;#n~UPZ*CUWa$U2GrCW-rnai}c^d~O4L+YJg0Gyk(2 zY}93A{2l!#iv#*Z->AoV$Fs6QZJ*#^(*4434gMKnoLhpB-NS8&xpVDQZ_3pp zZm(SwdFId{UDu_p}T!3aU?A1DIG>4VUIP%p^M(AJM-nN-VM9VHq_MC zzNbZ3ndkYPDQOH~tiiFkK@lCUMuiw_BAp_Py2+rT7DCN}dx)mtzVF^`k_iunrqV{e zWRkTIcs%jWW{vmCv?DEpcQA-0x93bGPNJYNi^rjaQsh%f1%d#Kxb@;zR(gxw1|H2E zN)?%PY5;n)6==L!V!t7mUx3T2NJzD3Ihaom_3QIt;32_Uo390zLtOm_ySYZHa6i@P6&)VdT zo-YLL>)tOxpG7DZCbi+hBs2(FNDb!t-aGzoCQQJ&+Zg9WfImF@vsGI|Pl zWk6Nyyhp7n!(8lSUK&v}1lP+&+!b@i9UmO-1+AU+<>sEL0VfDNmx6E0_;67!qIXrqBix*2zvPXKgl9nY~p}p?_v7OJ-dsz8+UP)E_TPJnD(?oeu(9UwelvHjA7WvlTjwQ&L zMEVvP5D0q*t;B8t=0ySBWehWlQ*p7D9UT|uQIbx2C%pU9w^}FoM8QgEVaO%JpzSHPt6BxQ<*15G_YQC+PTs zIEDy~WDt<;9Gbc41<%a=Xm3Y~f)SRGYC7Tnmq65-wOWQ)haJRd0f zxK}Ei+Y18AYC`wsO}V4Lhg`IF=%{?lKV8L~>eszeyH*8x(QJ}~tx~l>KuWQ@WCiP7 z9z_?sUsz7k3KW^53#fYqAghpkTra}P)=E=qyszzW#kX_N6MC zyRCpFUwIb;h?VM%$m2Oa;TTuWSP<8vYHXl&YJuVD07>5v#O+X z)SXhLZit=K!Va+f%Z{9Lnvcd|82yxUE;Ve<*B3Z7Y;c3>ej4L~7QQ1IWx$#m2d*{I z9)UOeG0HB@?5m^7N!(G2;j@xTqb4Q^SH%+j0$j*bf(krBr`fw$bj0(}yVxR+^_woJ zf-TrJz4&W_O6IC(lJk^VwuD{$v z0=wh}cM#6l2OQI0|#T_dd|iR}E2WNcb~+Ee~?0c2eb{Th%?NYpE{&4=Jj3KE0D! z>41&MV&6egMde+2P@Z+1l$(vsC9)X?^z2Hr3T{74&39s8fS*|LyFbv~><6hxtE?zd zu7^|UVA6^F8v-J|giEDMG<&V=4%hsK_L9oVh%07bd>?@~l*j2QXL0WOa2=QE0!#Ud=Y@y(~xb%QsXMc%7a7^J|opFSyQ!Gom3E z|77k=L+^NbL0Ei%L!#}#{>V?d%BF~jOQ{M49}R`MbQk4eA~rnp;{t%#$#a!?ou*4* zwhTz$oL>!mK`(^SW>>1=Zc$7%y;vVvO)Vjh3yrELe3<(|86KO?N*46F;wv$Ldbth5 zVYa70hjw$FQr(?CP7iC#PGZ6~K7j*}z}ufA?FFu+F-?&4WZXlY4T$Ake43jZj7yv! zxt`@=x?-3k=uU0t77zGH-= zwYh($1x`yvH9yp1j4d}!AI=)d2Yx*f=|$f4pA&QCtrJ8ozB3b+y1MwY6L>;H`ArQKjn?MQb*z>oKua5B>xDe7vPW0?aYQ59^} zw%OWiG^%vvOqh1pRPF*8jfwaE{M8AEclzG|&%O*~o}@a#4|rWnL4l z;9X4@YslEIp#Y>0XRLpVs&qt*Q5*}KLOZf&G`(&HSq2VN2@Q?guE>uara}&RYBVPld*}#3PIKwT8D?OUY|FNqB z(#`+%au!O6x2o9VPh$LZ5S!cj5|c>@M!K9!!T;3;IpsbWZVn?|na#n8`mbA2=CX>= z-Wt89KIE$UH(N0zfWQQ-5Ql5O9YH)Q9a2#T~aTn{_$Qk=DQ)aXCg-VE#=P(bK@$asYp5Qo} zlRnxZHt7pa*sP-Kl{`2*FMBr;@rM=s-`&f&t!Q{`^7mU!^*=2;&SsGKJXVA|jk^n; z;1t`wL3hrOHPuvQaIkaE9%h>1VY1|MF055rSkH5TfczNtIn8w>FD!gQf8{_<0@E)h zG6K3Far08R707&C7G|fBFM53?yD^dK(e}R~To&y;=Q7Js+;EgS10x#lO&T}S+Kc0<0Gxak80;Kc3`dSAiI2CFKkKpCrUKs^}ewJx??gE=4#hZ z8#Mr#!$uUOt;D8l{g%8iBT)=47VXCx5>000NZmksG^TaVZ?24GSF*cYY{1i?D|^cw zB>G13tgcm*-AtttAx4RxDHuCe zldP{oeLg#zY)|;XTL583-K>QSU%s%A1F(d;BM?t#_THGJMo=Y;$JdX74N{x~ukS4r z8JQ0>hf12PMpY`)w{ADYF?L2y(3hN9>L?mnlmS0>5m|!{9k<z9sqUJLNj$i>!xWco6D@60=xFbMUwAPA3fsZ<{bG6 zf+K0nHu8KeT(vVsV&B)--$x40PnM%hfp#Rd4{RJqsci#&A2PF1)u5b0CTTcGEQe)oo1|ac zOT*QVoqYBfuVpo6e3ys$Uy}A5NZP8Y>X)S1>m(CwXZR<79aSsd5^~A54+HLjRw4mm zLsOCkN4JDXu93Gp&rduTuRyBVQu!;a(`CZvUAJgEyf(FW$Emgb7zw0q3t^_ePw*Fq zzXtM4tH)hd@!HUvOt`gc-kJwQU{HCa=|CqM$J(r1Z~ z_^j464dIw1;%J+EgIw@+qGadns1e%;4vFzZ=a5I=C{c=q--1^9afgGmB8hXL@zEZ3 z-h9N^2#w^zZlLU8${w_H^QXTcH15x@Amt|^aU;Vzk2FdHy)L=SXIb3~DG*uEY+J$1 z=+hk5GNAm6TBu7|>upmN3;v2v8zh&o3l>`-oBEI$Mo|Dc!|K{;Y0q zbwc|w?30F|a8Wz;MQe>Ah4whZdU^ge0}wCFeKk=UAxI1FNdXrx0-MY{{sg3JHCMBy z=f-k>f-H}$l9xR`V_NApW9Hh5?kRXz?X*e0(uTFV1hx}2BZ78B5cp^MoI;haNGz>Y z(Edv5Z*)2+S5TDxnzvGs7|wI2du9BKZ%S|Gqzd^|$}X1}e--bC;2>lS`Gi#eb#-PB zEH)o`+qojZJOC2n;rU#=%tlhHRa!3M$s1De(KPrnQ@yhV3x+z+7M#saQ9~BY(5P>7 zuTlnykv*aDk|`Tqss|V3inh{&O`(_kr7?ULh3poB)O7w_Uwxa-R3?w0^~cIe$S3m< z=q+ZW9`6(0;X|hgA7AMY^mU5Onl{nW@7Hfj9a3v%SY~B{9De3lt>_3 znwdd&f5>NHYtcD_E&Pd@BHE}YY>yNZ zx*Kf6z@#t3M#iNJH>XZ}Rfa;wEG*C?4jn((U3zM-K5repD`IGXq+i3(w(rc zoGcI*4hbQ%Gxp!eP{;1$OAuyb8XQi6mX@a4Z>Mo}H9e~)fV|bYfdNy3g6bR7o+M`_ zrV>AeHAGBfn_h5H@W={x?sM60cqY5e|ApOH`L=iQb~5$6!*=^a)iDq-}tYM}Acvqr#Wq_MaxCM;-; zHc}dEmd7^E0dM{rG=6z9Aw8Kwg15N=!MQgJFGZ->lOziM3yt0OpCAdvdnlgL!Z}rM z2cBX^H=n1@kEPm+=Z!H-;<)oe?U$$5;{EgF7+m%tTmy#9N)y0LaY_HuqD#0j3RmD==D@jRw4X)J` zTXg)R^(fY11qauiT#kfVOe(E8bUn5L?@y44o~T}45)r)sZ)v$*S+do{FK$MyOrbga z!98X=y=12@k9T$OmlmMqWJfhU9u$b`p>ev7W1C#gOi73>K7N=?C|w&EazFo@X;|b3 zePi&xtW$6gSU=awsJyqv9kiF4_ZOD?=K^59>OHqxt~3nT>pQ2J3*;M7PJ74r2Yzg} z#!HW`z_#wAiie}diK(*t!AJ(*^BO4bayajI#KjL!#ec#WuMCP~sxHL#{xdS5%RDqM zf47i1G9rTH&Y5@V_QXSSesTISCYZk0|gHJ$~%9-H0~vA-J-k zzb%#iSWi5yP(Izn6c5ORO}V)eLdq`PL*ap=OyLbpO9w%uiMqB^N)f=hMI5+|yk^&T z@hIC^TT4`OiMsYYHSqQQLs;}|%`bCpeQsol4rwAY00Aw4Rw-#=vu4w7?8m<(Hk@!0 zU<9s;lW?y|{^efF0;o(16Qw~9ua=e5KmskzjpX{;WSM=R3q3)3{ELzeHwye9z5a#z ztcfHx8hS!adZTm{(18u_qVe>`Sb2>8L%^EdOAH^Ld?00CtA*48Q08`)d6M1V-~J z0Sg`a;Uq_G#=9}L^qL_0;u)t`;7h@d>ElswACSr^CYHIAZwH$UI7s>!n$xCQ3!!+L zt>76^I){e&1>KaXDt+t3g*Z}IhhHx|UzpKPFqZ&gr|inKL!5qb-Mc*Y4hQ0?wTwRG z_58>)ur9~u2D|TPiD8X*uTH3?Lu~Efs53<>J;f)Neh!@Aci(NP*LX zdv|b5)<9o34PM~Y<(2Qn7jS2c^oSp^dxCX$x*ap5ntV12m_|F;)o*n7%vg0^p|%;m z0;6}o-tt&rsIpycsXiEsgk7uStfCaGm*;>fxwSVrRA@#&D>8S;(9p8*ov(Y1cA^l{vZ(xff424xj1jg zppf%Jl*g*7L%QS;UFM9=v#!+%@Mzw}vw8uG_;hI^IzMd|{P5zT@ma#BQNq?1XAD(N z`q&lK_0d6dJIjQF$oql}+8vqPn)ijvNxKFl+~@5seD&y9m3j47LatEyKu%GP>7c?d3tvsNswIlDkFYH_E2>93B-Hoj>S-4(i- zdo3~yE--d|(t z-Y&9V6O8Z6Aw!R|6^B4JQHPX|Yv+ik-t58d?B);ODD#m|{ppT6H9)EwAd;ii_2+k&_3FepW4}uuV+1D85O*e%sD@N9HpFX6L^2z9TNpcQO z%ka)UrLbHRxyAyCmK`D~6SynMhb3*sY`rq9%G>2zN^>v0`)yB3`PiXe2VVYjed=*} zzqY&hcvgG_HhWbk)?#!9P@=VwE8)QF5JiT-B3_1hu*;!M=-|l=3cNi*oDd#rDgalo zaA~=KJJkC?=O@IK6aLscneI|OLf{G^5a=%Vxf1&6yKAm`=ewR_Sn}ojJ!5v(_;f~r zUPl`e)@UH}>wYF;E8f4T`w~ z*p%2-r;Y_0`+MP6_;-(*I1kCbrp!`^>Z&dGM9y32p2#IRy#kfx;$GrJ)e0e}XueOPS+xqR9h7~Qao8JlxD$9KX-P{vj?d}&I zz_SMT&jyhug;5Au4TAv1fofvJi}Hg7O+ukQZ`4aiV)&ooR^yA!EP6=loS=IuF z)B{T@LNN&n^mdM@#5hRUmcAAjefVMdS)gPKIq*6LxsvHRPI?rTL)20KsxBB*hWzBU zp{m3d6>WjQxMyX5Bfv*s{S~#vM06a6GJ>q+4^EgPaaGI*y>%cGGHT+EQtm6PVT!4< z=*ro@PyB_CK(f;;5%la3a4XG~l@$g6_RfXFy22E{;jHjToc)mEw}PIQwGh zoRoIc0@crG-YjIjLep>5L%^?7JM7vQ+R*4BDv;l|zBO(IEk6>wgnD3~$}+($05(Ro zc@B>3L;`zD<>ub1K){sR9^D7 zXFn;Jiq0%#fN)CP$I;D(nje`z%a>q~EA70^@QbEpo<22T&A@GDE>ydoBXif`#$nMC z_j}cFHy^SbV`U0(Oq6Age5~l0PXa-4KqHID)=oHe9};``y)9&*U}JOm-JZ$(7c3vs zMRS$(g!)+&zbw#WmT$TMgmN2bIq{O^qC3)hP|#3 zwM8L8eWg1MF}$-UThW0A4Ym>}sWIVrW%T z#|YNQE}mP9I_|O($Y{W-TPSXZ;%t(L>fZfXQl2BKJbrpPsMm6&-a=TF60eD zbKW`*Zlx`xrr9X5hR&AA8~GBMRpz8Xohw^Y^`EY2g_hp>erm%GZTbI-CxCIA~< zlgzzp141*RiYS0@DXUW{QjUYKRZBf$KOrRFuIQ1>!b|oVr;r?*?HA9IC&_?mby9dCvsTdx`9Js9=!;1l|yhK*JrrK}yEXdH&A z?j+FX!g&>_V44dXm7A~DQYc-mMyGDl@&s`@jAHjF(HL~qe9cbtNJBKvV-C&y?N~@A z(q=iP!zI6dJX*2@Ootc9uS0R|?0=3Cep)&M2PreBImVd@iS4CWV|jL`-gg2EK1ct} z?5zXe6>|cDp<_rs8!w!*YK~BjM}C$4=5r>KOCCajO0`%c5^NVVil%Z4NIsHFDV%oF zIWsifiW|p|=3@$(z%s*q)L>t@9$ifx_`wp-{1ixl^Trvq*dq_L9@D?kYW5EOGFzL- z4TSt9D@>TEE!|a)`;wy9e))>yn(5HA;o{mu!`#;Q!6C<)xy1ZkY`MHnJqCWQe_c4_ z03M`r%*F=yKB{K^bhm)qVh^0|h}-FH?BCE66RgVLK-7le?xy8w3l_Cs`eQ=Vq=&j4CT?WZsT62x;vV%P;TyH#1o;ERNMhyRW?Vd{ zaFg<0T)rX{o4-Xv#`ykyh;OkU@CNlz*Rl*`5@^8&`X}Fpr#J{E+4(almkC8IBCbEk zj@xu@*wQBy1q9#9cq5n(NSB7p^=ZnWXm>q6GDV4m&ln2joFhTto18)WiiP7_n z)z2MS=-3ySk{j|=0PS=-WBFTdH_?9QjW1jHTS{0VL${n^muIl@{v9IE1vJ_x4Bd_R zSdS4dxR4+=qG{m42`QMH^F5dNOHV8=a0m=^b&y^tL!8TtHl7L~6Gp@>t+Zj+C$dF78cQ;@QPfpxjh zsE00O3y=_=g~HI3!!MVHE{V9B06E(c^=!otTfXBGmPIE@paDVF2FysYUsP5uI6)&m zm2-NNOhY_G(}ek+9sqJXxh+iFH~2e0=0Y+ijL+v0iHW7I2W3}npcA;`6Pr?bg($E4 zMwBHeB*`6(Z!G@ft@vA0yn&7w^M@hA!Y!2(f(HX1j8~XDB3=rooUpsMHa0Bv5yaev zJX<+ZFX0V>8Ro~tdzEsn>p~ZE3Py_Z^~pVPQ_#I-E>YHnL~^|(@t9?w5VFM)@XtO8 zyxa%z5$uYU;Wijx7m^@EBR(@|+(V~f>7&pQisg#3#rkP;27yo*G-c6V24RBl{%5 zPJTMz*d6r{9(xCSbxA1eaiN~xTUJ5?5@(8njmTg?+@y!zQaJ>~nxA#U$-U1KmT!r2 zeLfB_V_@hGH?|&A>-GkUib;fy05{Z1oiJ{?aXf?zTNuA^xqTE%6=DOr*S1|62yQr@ z&u+lw#1R&?p6wBcN&WJFH)A}02q=vn2HwNw=z%@lZh0TD{rks<@ODi8=YPDvhy0&t zi~swqqHr!sL6`L4nwZ9um+d$Wjr~Zm6=S%77j}1QLhEMyLRn(o)2k+_{ofB`<&yZL z7}h-Z8BRt$^n?0Seu0$olm1(NiwXALg~3D!jR&E;8M$H_VPW~qyE-HfoUTiHtUBP~ zCttJ|npDwGGR(J}0Z=IM9Nx_AqimaQnyV1HvgXyaf!Fs=p2GqUGXZTJo$^_seyG$_ zhn3h)hzV-mzVJSV4FfNd%XSw_bc+q6YrK!+reHm<_wJLiT~dm5qB3r{R$Q}iE3!w4s% zm#t3@-*tg~8T-)r=%~H?=axoLXjo0&-)pPTlGC$7JHR7z^{w#}GKPlmg*Ro6)_3_k z`Qvj7sB=dYRQF!H{Y=u>d#2egT*m@N@;&&PV(%v$@U3t>trrnOaK(jA6EHLhJPP1DV*>?-| z;`6K*FHX*XJw2}INGN{kZd`=AT;D(cq`EvX`04oJkas!neLwpAywveovwELCmHHD} zuG|PqV?m#hHJHw4?_Pmbae;ZDjILl31gM3h=w{bZ^O%Qx6j=Qj~gG<>7`YpwQKk$jirz5x9*b?{~})F;AH zjnQ$=Qv?_=fKwJQUWe0FWkK#UwAmN79IxJ9@U(pC;_AqjW1S9^$A~CIOI>lPDo!X9 zVHu)~)ZlcR6ECT4&g*PlsQ{%@A2o|rn%V@7`hYJd>c=x^Pw!>(ZZ_!DtP!Q;<+!Fb z_jYaqqu39V0c!n~*?(oNLTRGjc?MqH-!LH2Kjg79>SN}+>P)M7Z;A{p0n1d3vd~~v zw9GgNRbdc}KnkTe3RUqLYU?y3G!#aiKA@{acGO?ZAP4zBbCcVcHC#B!t9CwPVCKka zC{h9Y=9xXR6?J399LnNvX*+=)P)wqLukfwEw@~Y*w~qh%jXe4I&JoK3w!MPR zy(mO_stA+R@KB=^>v8^_Zx(3^A`8!4c9g#46o8tuV9oM+Pa3Qw?&!4<$*L-rRTC{s z8Iw;9N>vc_1@jw7QZ&9PYfFV(`BoO9Icpyx<@%%hlt0Vz^}DR$Wqr@Q2G+?+CQ~A3 zSsyfWKcKL>LfuS+MDI2XY*?-3=%UNIQq%EJ8}hWE)aEpu}fTYJIC;jj5k~)?=r;Q`xBq z%oK0UR;xahWaZjWy{~X84Jz}MNQ09e>cD|(r&O#A9$(J#b1a-@%?FNaWKiY&Q!s)r zeuj+VqF0{8^S-KRWr<60`&1kqf>SE~XTB;uUxXcMMdxN_s>Ozb(P=_m8uZZRu}NLv z-;$6pb{5lq!9!}4B+)-eQshY_uCxha<?$^4gSIjbe$A`K0%JL$(4@I!93_)iew=Uan0S6V?#b94%eAn21z2p|Xwo8Wc$;t1 ztc=s!_C?PBmOB5{P8Q3Y|8_cuo$~qb&f5O-QJ$jwQ$336qW`PFf9z{K7Pgi<7Eb$& zB+@TK+gF;0lR{clGD`^uUz`{_wa1gWGl9C(fShNle3jeWuSzZ~HUDL%S+3wS=70B~ zTeAN;?5^WKJjzo#4%TkVs&iE!s)9hs28`pg`>Vj8iUlzJ|N3%-PZsLQROTyil9XubiK{ar=>XU(ek^G%aJ=1xTq3!-qb{ z0_|AetQXBP+ciDO{9j7`M=VmnZ&kQ&>Y1tkb$1H#|8VzUt^YmBQ^bEZu1L#s z1-@o3-8@AZ+^sP#TzO64<7vTlVI@Mn0*eiOcuwvU67u%2=O1&JZ0N)DhmS-c(#X%Mq zC#EzJ5v(9|`I#!`L?<%~R1x@M;-#U7!$jQKg*3EzLFn(u^O=l+u1Yd$+=fE>X@c$u zxLivNFytpPG}C~Dj37Tm9*L3>5T=6_#WXs`5$^kepZG+D2eZ-9>(}t7aIJ7@Oypf3 z1dL<6klfv$jh^dElIQA;x(L!QB+w%9^cw*@tbcm+F1*9BcXW1|W#Z$JB_x!0aK{1m z$NH=am&>4xxz65s5 zV(;(~kcOfcp$B!hF%>gj_{#JBNe?|g=fxg{ljm^k^V$#7dsP994KWW9W{mS&I1oWl z0)eRKheLD}MMv?N#wf-Rnk^aO5M7)=S@m_Lk%XqhK?YT=lfFq=0?8$a0S<@R>G=lw znZ|wJgJ6a-;u^FSB5FDMI6TM90y|Z3wMVT~Ss9#Dn*8hsL>Qu~;qlGuKTECu$`o(O z^Z&iwV*Ho=gMsPc=*Vqu_qGLhMsi4YAzML<=mgg?(R;nF{z^PRh zy*i{uWG*X>3|}Q*Ho?zfll)d)xDlRb3vGrpL7TADmQt%AIa^z3D{o*_Ymclx)|&j7 zadjKoGgsL$7w<{)_Z^F0ZcM$}cRQJyLL zzqx$Er>!IEz-rOuq}G*crKTgxiIIh)BjjXIt14U(B*`K-IR~HG5iM4@_>3B>-^y~2j^8A=t&d^WV z@UI}>a{9l=ZTMHc7!BL}AN7;nhV87NK6Y=?2#L_HFC2CkSudPEzOi07$vCoJ{GYXf ze#Nm*Q-)4ooiNLh$5NK#djz*dx|sgwTa=3n%>VO~qgQWEoUzxmjv4cRcYmk2|KB-S z+y6e!lLPnW+e8SI4<6Z;@kPg2AJ7<$aO~aTSVUZUccBA2D;Vwm1ig5B`Y&`t;*bPv z8{Nfzl8_MjA^Hau^F0dE;SeC#MeZ!lGIJzQzX;mYr!-+nj3b7y2{-j2N34LjYX-=) zWd^sVA;RcG7THY~l#AfLr2@knco83dA;Gu=O~0kYB^u)p4@nHL)DUC$oJ16zh69=d zdyx946NqB@aV8*rK2ksxMn04(B5N*JxWT6!T>r<-joj}o)F%PG;~X%! zDk+)CSedQ?Z{LT0WA3J5HGd6`ZHSZ}2?*b~*-;t~iyRX?fGH?IW*FjS@-c5jKy>Li zq9H`U!i-VZ2RM}sxgRDkvw9Kvr&{nhSKo) zaQw^B`Q=As+p_M`RFWBIQ!mmrp#4~mG(Q|#7F49Lnw0Q?Hld#Yz+cTjKOEN3;D<>} z+aS8GfSwIEE6+|wM2HQ$59O(b`r&ZPL6;N&?)eDN6M&0tf#xiskvx)MKOi2Gphj#P z-9pG*JrtfZ^uYj*`?%?tIC5Ltyer}~)RD%Gsb<6-ujoWm3Pi-!IA)8<6g`*Nh~6z$ z6dxW>y{b2V>h(YMB}&;Sis}9QxS#5ox&J#X?*F<6-L?J4qdbKuOfF7vK!=WtlO!OZ zRX`L(4PBQdk>i7>aY>v&L|qNqSDnr{trHa(!_F2LtJN9hx?zh`!{W#+9zL2NrX8p2 zbn+mk7bIaQjUX;?rU#1PnrA5+oyGK?&-wcatY0{bgvL{;6r9k&=d#YRYRD2dK1NLN z3<;Ez^;H0Y&N2Vz#{E>!jQM|1j{m*W*51A%7sZj2O8AO+968 z6>l4MIe>sCo1POx6V=>t$`WB5rn7Cbtz5=Uwk5#ujNF2C2}QDr5Z@d$HXpXWaFuLa z$|{K_ub4HKC7|;GiX{$EOc>v>!%?E@~!4zH27O$0)1wqn7B5doJgt3urKyBIjT=)xt9GV5Sz^+SU zzDo!umX#^qLRwqHfc9}9*Tp1|VXVYLCCBZ#3`8ekumG)6Z;eF%_zd+49|BUw5>K*> zH)zY!se7oU|JG#z1B_Y0Td0Awc9X~V zG78gvehTkX7SThNfm`$L`M|}QlLt^LCC%(!@47=p> zXNTRojyw`_0_x(R_vw>J#|ir^z-=!yyy=*F0&&0}OLR9PF);|| zGmvc~nv6(%=QARaaQy^@X%K)VD!re)j{_K$l0Ps%s6+xaB`N2X0w=-YL_@#k0rez+ zj|M*x#mek3rWs6bv<0#Vdq33IMt z58cAH%9iQ6*>`zV(?cIxh0HCe(52CYbAz2uuQ~AhF^(s8KV_3XY_??0U1zuJbOAyA zellZqNk%bEha#aJ7eocdxWD<1*%kJ=)$MRptfi`ixhdro4P7lTiMgLl z9sdp3CA6nU;g%q29%ki++ETnK1p2BL!1?o{8s=3(@I40m3e=f=tma{Tn}9?0650^I z3o(54>;FRfUtw#y%?II|Lt}5I>q>(hllI?-$!|>S41S%kcy?UCK}*;pE7Y_0jZ$v~Bx~g!y^AE?-?dpT;yV5x-|DCyFjl6-r`7mo4g%HI2#fGdX#K@DkYg)*V`Jz&&7ll|8vqD9zIK0D(12-%alA#=EM8ynQQpT!F0XYw= z;+2@eMc_J&c)!S3QW8Ws8J&UW3k;o1yM0TDXIy^E;3@iUMA_9|T)Y;SBH|`PUK9Ot zd3jc`SFNPGfX`AH!6N(Xsr8ff^JSlv=>Icp!lvv0-QDh9(f;$G+gba6KgzQr{eMyD z*f|#BiY<7?iOOy-45VSY-5|7SmD$v^#M^oz)%!jR8|f}Nqb zSD~S5_@j!Oc9dbEE(C?DxHJP2HJ?mCqw4zAwQvPyPBFi7XvqQL*a8c~IQKFODq!8@ zp;T>T+k@Y{&;UEleS;%RJB@>v&o~SMSeX=ab0&Ex@MoRPW9&^9evlv-v!K zSyskW15Mi{Fr`$6beXA6pD1;&!bk-tU`o)cDsT#9kz}iBA(e+Avh9=+J5V3zfkUd) zdYh&%TlN&`QYmb9<45)_q*<7}Sw|aY#b6o*sJbuPw>WOcY1kIpKg&CG7DCswA>+a% z7Bp;4O&~tKY?H)oGZuj2BnGbWrxStOLq6XPnas#$-;nC8E^bh%?P8lJ%aza!TPp|s zTMztOgTq^g!aEaWSJlL4aj}{ns*-3$gjijIk{0D+rd^l7ou^|KSi~5O+jT>w@4I z0(lr_l&}~^6F8iZjtkO0P7J$NsT9tn9(wla_~iWZ>gUtf!pZh?IpGbN@O1xu^6#n1 zgs6iOk4j}4sk3hv@7|vupS*mwIq*YI4sD>hjckaOH$cLRyj7+WJs`$Kip|yB5y2j^ zL)6_e>e2MhQ%#|fvuiQiI#+v2JepmX@n=F(|1!U`{gjYd5YoO;RxE*T15DnKXd=pR|y88MO z=^J>KyZ;eVV7m3!Z2SLi$^ZXge`g*4@ll?NowD#sf-PwtC-Z*t*ydj)Gu2sFA$d#K zuhaOe)Tl=`uv$4&zqol-iQ-jQS5>g#iHxf%C|QLK(u{8V(xz2U)2haXRp!e@EUUEr zlGJA($-=5zZ4$Mpg;h;)%UDFc;55}Su;*&rd(JSuPe(4`n>BF zvLUL-+t`9gnhF;034W8g(!m zOpZ%qLcut+U6ilNWxRoyo#Al(1;lNQPk61|Rac10%?IROhE`~XBM|Q*oURz1N(p=aAeMtm< zF3~1}2IJ5OGwsK4t@xawP~1O4BgOF@iDjhd0v{Z7ggzJ$eD5L>BnYQyQ-f@4Iz2Enp=_WA#{@`G;D`nhI+l8g zikq}g#Ic>GWk#)v{}2#eLQa573XnoPzEl!7fdv*_E33on2CS{de1o>B!0I_W4~WZN zj)pFpXhuO-A$J)Erw#>Jm;4|4qVBT;}FQBEVJn&P>ce6O|24 z0Z2k(rbsP{E(4iQ2qrIw{{jRU@l-eXuXDM7v>wozssKHpR~f1jdO#=lcpL=;Jy;LO z<`0tp+xcIR;93u*YxK|%G~+?e3z(w33}gGKN-^<5vN>+g3DzAv^z zo`dqXs7TAAf0U%sA$TPY1Lx&+8N;O_{IP-Nf*e$3e^!a?Qhj^Xy3PjJbw;&@H{tDT zwF<2>-T8S70gO)IfB;q!3=z>=1};ECQB1@NF6R@I3%ZzN*HTnn!w;=j@CvTMW~)F& z?gW{qItj(9QgV&aAS(v)v4$Q|j!8_-CB7!9R)F}OTK_c9eooYK$SVa^LyDnH!!W#l z2GvTAgDwj-HiTrE4aTCdCX9NI&Q7PZt3sD)z@#ZSEz_%$jv>5`BST}9QYGtp6NAMO z2Sjl4<1^tnLp+4}5YK#8aL5%i!=w6ILUgz^@(B}YLI887v0#Kh3%F--0Ux3h>4c(+ zO(pQSF@YSdw`90ukjx*{&IG$mBuH z-yg*UcHxXi+}7Rsf#>4bgMB7;`BwCWgCvZ3`LuZjhjLkA0$H7ijVSDZN5B?+;v{>3 g3kBz?PhQv0`dL5g=V_n+7XSeN|2O32HUPXU0NNw@WB>pF literal 0 HcmV?d00001 diff --git a/released/assets/rancher-monitoring/rancher-monitoring-9.4.203.tgz b/released/assets/rancher-monitoring/rancher-monitoring-9.4.203.tgz new file mode 100755 index 0000000000000000000000000000000000000000..fbc6ea9f3a29093a9ba73b937cc0cc1badfc71bd GIT binary patch literal 233970 zcmV){Kz+X-iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POwib{o0TC=BOsbQM^XvweuWN$TVoCX;U~vM2G5?a?RMllNJZ zi3aQjNsO9}o(5VrV{5JFHum55(w-}M7Yc_4`am`%N|tBTKWwoZC=^bGszM!doJKQ} z2XmHE!E%~T`$sdJi*SMG$?rDv32frH( z_nti){tgW`)c(?^-~#8r8(h1sYUjR?2d60$SWuSo(H25D7j%LnF)PL)W&MPv=X``d zZ6SnEfKogsBLwRMow6d22z)@O$deJ836b$pzdxl=J!12Ima{n#Gg9y%V)J>CQnBdI zNHPy1350ua-(_6n1kcfN&VDA5=nk7@B*%i~{qtf>g7QPXL#E^i^+aBf-WEa;7C2$k zFv3D4L>9t@U;$0Jz)3Pf^&JvKdHl^Bi)hwZJtDGAN@82Lu~yR`D5sf#cSkHqNF+Go5UL> z&6u3FD{e3v$pJH!bNoJ3018g>h^2z0q5{kLQwz)3;)1{uJm{NK*b z!R~NS;s5q`c6RRhzuS1W(Q`7vMIw-zb~Ismm39VP;OIQu+D30@lq1R!M*nsA`c*Jt z`5X&*GEQhhWP#@-N^nll1MPTie_I8^F^+5yv!N6iG!HtBoZIy zI34Z;=U?%lK1Kna#|L`=O5o`TT@1o!;XpN6B*`&LXtWrimyNU*AbP~*%%A+@1v)PH>^Ns1T#kClqA*?YmjEy$8II2JlyEzuS;1#n z&OXRRke`zymWo`miur4t;%Q|WOmM>GI+zoY(}*9#unq@1`#X|%E!kAqYmo&N%oQwI zD4`@3dii9!{$My%GtS8?7U5*ZxUg#up_Ikslt}KC!@#-G$>^^JiFcDGQ z-d{zl6v@y?RB1dAA(D&dG#{Zp5mCQfA$`shr^vT7Ax^WwlQ093T|VbzQTrU6lZ8_x z!bd)k2-~mgtXT>C^RLzIZFIiNZ;Mo)@A6ZUUvwlZwXLzs0}j={q^+^N4N8K;=dW*V zlx1`A{ECO-vzt5=SMK406S+cYL=K~f6{$GNNla2fal*ZVH02~Ja&mf3v+qexCyOhd z9cn~JsP`Fnp`NidPu(U$dfij^eu9=w&~NQn*WK=Vw13sa2X;ByH^2hkg;gSH`8nCS zMZst1OP74?v@PL-mQP;m^sSh{Rz`N`3lo0s;t+l|LixF*pPes(My?h)R!;aiS&UY! z#Ky((OMw$fA)79~8WfDj`tA*b-VMwRR)ewude4)hk?}>O29G661JF= zRFn$F8%NSpV~$X-P3PFFjQaUk9O)Y#BpAYlVCC&9qI0=8^<60*`KdBN3h*mf z7|@?AOW;lyCy8GrOTekqH_CrN>qJet+pjjNG|lD?CgEDpY6{nNlA_q=gs+7 zE>8~JTt<}$-S+hZN2VmObtH6|o3A|f|tNgdU)M?7Mg#2;tb8}o@P5;8))@JUa1 zMsM$?4kYD%hN6e1sa0cn*Az=ua>-IuaKYv%H_HvNTp=p|R@+`(v?+pbuG*ZvAIi;- zX2r6Bfqps|Ls z>d*2cLgYi11IK}$I0YoK(}az2GE$~KBGLCy>gdpymM3INxyTn<0+X{Ji9~Z1O*dA$ zgesu!p@!k`tMEX*S#lGVk8z}L@+{pw`Rn0PNy%YSeKiFK^PYl}oFiQq{_}6HG^3TD zFiU&gR?Iq)MbMF&O(?3*682uVAefwWlH*9!jDU_#_*2dDyvCU}RnqrrM#t=*1R9CM z=`<(P<#@naGoR%t?tayvuz~ZInaP9hI%AOW>_tualkx1ZvN0@frx}UpWPvgkySt|> zaN-KTKHC_xi1#CwMkEuwpTVT}GZqJ+K%!z1=y%&V%Wytt`G&!A5=oAH(@+=Ou5Yv2 z5ZXq%wa`=uagxn&g_VZIMB?L|$$bxWZ-gE`dAJ@Fy$~EIBlIw4(K*S@w-TZm+!ExN zh)xjmB9%u=3DVH?3CT$s0T0JgxJI9|oJic|V%K!C;3P)xXC#F^FR3Wpb#nzIUojN| z^K+OGkRV7Pry^q7q^vI?1^_O|a(aOU335%S`dfNd;PbJ2xBbJ9@|z{BJqp0`mt!*~8F_MtZVrOL}1X+ul#bi~&4&n&G`CW5HPB zz|2`8{|_W99FSOYM0TleZ=)AVl18Tqj?VR(Q(si;Bh#dWLq;V6!1tYv7bEn;!=Kss z;g8i%?=cl4v^(I{55T2dNcn4jUVh6-MzC-`?#|qg5uqSKKI9V7AZ3D1^y1|YEsnYv zw|E+Qy0jWX@bygfm^+;e5GQGTCYikC!eLCzBp^XPh!J}D@uM|qLp=Z%YMwKcC3+}C zmzNLSia4WZV7K*Wh1q*Do-uYF6nPTNNKXD@3R_b-r%zyP;L&e|djCl%=2-&TJ~Md; zm7KI1O6bd(JUv+<^dva*+cvq)Gut|?jdMEOnb}WvM$;lm3`+o5IEq2=vlwla0t56~ z&FMeox0p@s*G8D$ns63GS;8CPF2k!P;uv!dM644fKw_4&Vmbpaf`{BRsvIP?w-HIF zG$kQ=Iavi$pGCZK#F=TS^oE zuzMuu;EW3?@&94>#hTze3edksb6K>;T?pG%=uX~coHp&7m)NaS=n zCAs8fkUN5*j}x7ssX&hslA`c$vbItZh2H~D`xp(}o;`sQT8}h(;t)CsDhJKH2j!II zg2cy|=G=vY(Et4R|BIe{{D?v+Afe04(G&EO{0YsX%gdiCu;q9*3~}WZouKf=2SM@_ zC+|*Pd8ogl>A76Su*%I<@Dn+^ZB?8`wi@~gfH>;3QY2|;dGB z#Se$CUYxu|0rbA1q_fxnql7orua;__4-FpN)2LW@a8C70GyCsIPPMD^#V=QJ|Ypy`mqr0K+djimI zW?0M+pRpo|m8b;5gA4jJBT)!a)iGSQxoFASC0Y`xzHR>PtJ8|yQPZmFPMaD^m1&1( zj?)4s$-*jtfTMCeom@;r;^U!Io=Vm0_9oEx&4EaCyLNQ#&&tqh_STGTqYl;UmTJ4y z=E+|pJuc`}jde{#Q!vdKj0uVof>RQsB17Qjjfzyq6!`yXP{x~%69K}2T#snHus12- z4o)se3IZBR7zeupd++DZPNfmu#&>D5P|9u(TguCuLY&6_fYnw{!3mfhNzw!T`=(Tx z=?g8{*&_QceV5w63C{kKeI-igt&kB6sRmXI_O33Z@$Z>sZzDhLqH+X7X z)y$3JPPi9-rQfvPD8hGh>2btT&?A}Viu91bVd)8D!n==y5AQfpH>QJD;?=muVH?VI zgHubcK>7!z>>OuuRtSz}{=nu0l*C4>t)P3OtG^tR{6v>EBtVlwd+DKCEep0PVyk^> zp~v4+c|u7kT5b%vlq4wtj$8H^I+Hnlpq5G-2p>Pzu?i&+MJ&_|5)gK;bMSX{>gUgr$N)C^D#;u@?*5 z+ejl+0yno`OHi@kRAr;|?rcL6OFr~Wz8?ct+L|H znr~<~%$BZrTip;gv(VhB>2*C|OHxwamyNpYe0A7>nDFx0UzaRzxcD8(-Y?!0UH9_M}-E+`Qg1|#x8kcyxsa>kEGM3DB=`M{YR=Fx z2~n1Fra^G)H@92{-YS!Xf=iC9pfTxdFucD_wCX3InMV%H`_BX#3CajV}bJWxWjRXxZdU#rrkawlK2OL%Nsep zfW~CPa@q8haHSb{+Ej2(6d0OLeck{^ zD*DzrA(<8Baxx_!M(ClWJ!g+%Oy(@*M0_gk+COD1{$$VdPjVrBa(3jndF@OsX8eCeiS}= z{J_3ddso|tOHdM$QwMw*=3tNfU})c)QPd|)rw$FP4C7D z8yoZ7=WblIKF(-3kGI`sxoLI_)zB$7jKFD(^BA%5&mqaPP6M1rGb%_VikwKqgNUV4Y*&ipc-ypZaD1(Q8|z^y zuevHgFz(56mfk}g=#&50!1WH6mmqbsN!3!QBn7J^T^r^_&R~G6V9J0l zJ3}4O1tC7e9(ShcqU?ua!NH2u$Rj!78B3MrmlFgJ8`idFDdy`w?A$YD(q~%IrBH_R zQud+KRCWeEqG^;AU`*}ZcRq&ckhNJ#jKE;=DCH-22y5yDU;AO?5*<4!(OjB+soRjU zkYk75U|XQp^i$2x@flX=%vq5N$L8C#>eW4#3kLKsrd^y@s@BaOw9#bWTWQ=eSu{rqq1 z8cg7l+E<08Tu7ECG_k$lAbaSkQ6It(af^Sa(eVbx*oU2Z`ca4{MpJ@bu_^i%%o}v+ zcbuSvO(%1K9%)YHF=9FTnX}Z1B$lx0RN2Hx_H3#^jC4(hFPx%8(%(i?&oQyXr8!>@ z^Mp-b$+{yr3CcZ6|3l1Fk`Eb)K<<|>wVdq}AnjHG<5+qzD-r=pTcvrJ<8wue97v|c zyhuUoVeU@JF9lAlR>wsl)Z7Jdw0wkyC5unz1jS}u_+s`@6w3$esl_2cNMnKss!#%e#QTalE=9^o9AZ*}V<NHcZm+}h| zqe;%@C}&J4GX4C`DG=lE_v&8t_s%7Nud{fUCnLX~aHD4Y*D9)ksT9w1j{g4k?J=6+ zG*09%*n9@#f=dDAsl->s=XDKc;Qm63>Xf6Lyw52x;Q&xsNU9#_X?tpU792^s<3Xbw zaUn+=1XI(AaUnEkW3@np+hw3817Q@?3HVb8ufw4v?ZyWeNN~ZmJ-_y_QrP>uzPy7R zIhx>?6LSFuY?~xmN+{uoX;x9+EySpl0ax1II|?)KXIC3ZQjw}QQRn0%gS4csC&&kAr`(GB%|^6iljq#G`cbWN=8eI2S>JrL=8 zI8c$k>omu$IBcxwT#bXnm!JWjz!9-P5l+3!QX30H?RhEO$`#^hOUz+vR+(bWSWG-7 zGIpb*q8?`x(L-~BQ*JG1owoEv{1drLNd81FNT5Et021$+RpUtk4l%>Z+SXxXrVLFB zoa0mwI1P=Zfrpw#X@>K72}+csC)(j6z7j%BZT1xTjwuJqozq6^VO_ zCYUBgP6BPG(cq-^AC{6Oop@WKG(vt&b7yJ$c*r@OrpD>FGIn}?aMQ8cb*o!fLf^I; zL%ZPbBxl~+^w>^@WnyF*J4cSDNiDYL1(+(Sl}6L)OC@)!*D5B8kUZ#~#%Jr1`WuhcUF9HlX0Sr)Yw%iyit{xJ`sCP~lJ==|Xz!dWZ24aMI@PGNb zF;t7A=x{9>(2ON9mje(eam`pfAS{$7ji|Frg}^}8%}(xRP(k|JGi5e`={W6)0vzanNHbnbIkiq{c8p=;g7U zo;OUG*w*qCNfy?=z-#s0%clTNewZ@OY38_uR<-F#*^4T7W-qU}a)IZFrav21b!oh4 zXUGv2S1NhaZ{h>mm0V5vt^a6^i?mfBp& zn|bGjF7AkV&aqb-WFC{|P6HP$g#yQP(^Z~>VwISkqMc6=Ml(8{B@0ImvjHPq>hCx2 z_mkydIpLnP&@$340hO~oH+B~9$+))#PR;K?1d1z>=q2OUAhAzX;uSA+yOz$&(Cwy> zlgt2ON~qUO0o$7*7a4m7o$KYHNq^@>0V{>w5>z-v;%toj$=2^c)#+v)-N`b5t z{>)h_mq>XXc`9-&$W-$~>W=t?sLNpAqrQeT56y(?PtWa_7gbMt9M5Tbj5&V~kyYSg z#%2VlT0Fbg(q?!7UBNVg{qB zYj}2TdO@zR%$_#R!;Kkb>*l)IW1DfPm|}AplL%{Lhx*2EA}ooz-_`)jU8_HHg7awh zrj{+O1a5r5maOEGjFgu`ww9r)4NE)50#`I6OD?v?nNnrk3ff;C}d!d zH)zLds}d1e4utchuZ!5b#5Nc?!SQ!#vhYHxlwm*|)^1u`3miStS$2%0xyX{o9XJd) zODGqbs{n#01#Fs5``ZruEtd_H!+UCmw=zC%oJ`p7TgKKTl4lY!fmY=^U42E?Gf(f zl-#anrTq9&@`b6Gpxz(c+&3Y=hQ6O>M_10uEwWixbQ3aG=&%rGy;z|)#g zVz6cOZqt$P(3m9beWN*T$!^2B8c38~#@!<<-Hc_w8rXyA`lhm94N7pgU@E&mD9^>t zW__87E4+@aOhU&w&KH5p&VZfFFdTjz?gTi=C@2hd6c#uGq^N0vnw6>$npQ^iTEeVd zSQ(2Qif1KQKiR7}=FOgkqa~j@0Xp0c1}K=?Kb5r}Vw1_A%FmJgvkw*3zo8_A`imN3 z)bk^%K-51Iec;T5(^B5w)}xSz>edNBgyrMiG@*v&N_Dzsr=YS{k&WL} z*;Ggc!xSuH$q2nYI@WL1b+0~7EO__Ca7PhU#@-)cx7G#D`w@<2q_Mt6j?IbXjv5tF z71h$vf34L^^1WKB-$Q5gWkck+JWxk}$7@SVSM!6g)KDbzOe`Ruj%KQ=3(@Upd7dsC zIkk56S!)YYLFUfQlU9w^RwIIwJtiZxxBHdzPVwYU@iokUHFo!wzv$lb_wHE!!bw!Q z+VwAX&F$=tb2|%nvpeQaw|b-7bf4?o<^pr8gVL+DYka`u_#m87t);dJhBDfa%E?6G zPxz4&^h(uKyiYmYdJELE#JEv=R9y5N9Ui|#B#kphQ(+uxj73Q;X@8#bMSA);P3 z1h}j$=gyp0HUk4Tk;`4a;ey8U2zFNMZ;28wrv?d85|I8om@zI$jH1K%f^udlM53ZQ zwkr2csuYzn|1&Qr)0k%d8~e;INUj7;Wpt&l*X6Lo^sAmKjSMGNP`ZYtqYk3^_0EBd zxB}?&2UWcLI_*e5!fIC39ggnGLznKAmuGqcyMoSgHa3?-O988bUBQ}zuLEFH)KThf zqi;<$P2q>(@T;eF@coM+giIcy98PJF^lPQOW)!R6YX@aLygc8NML7EHWJM$Ln=xlhddc|NSI>rb)b(JYi314p))N0$ABp zskkX3nxP`&A}4sRjl#f$25!EaHnY0|tRA6BFtLrAfk##G!Y%aW$vDp5xE~XDOw6Hj zKPv91EN7PQ>F2MVe&+YPLGOkYni|LdtxQA#@>rKtp}x|k1)$NpltI2Yf;)_-+S+!3 zULJEqtx9^riZn*rI13t8S`AmlG8}}%yK&DOThMhSU{m!(?PsndnycG%^hlwa zOaf(TsXV!3k`U!a?_Y`a_!3)1y{h zV_GDMf%rx{4LiPA+Kv)n8QAHx+H6h9=|KH$D2%RuRQyU*_buc(VmW!9@(^6F35956 zpeJIA%05qZ_DLw#q&91yNna25cWWfczHFjM=U?#vXPKr)G34jE3-srHi`;J!y$u?- zh~5{5lc{bIV`1d&kvQdZ%zrW5qD`l~zqjQwg~yfm{Cp9Y*^tXx`z^Kh?>F21X1lwa z&DjadRgk}m>C!#ztR}dtv(`c)Ax*rdfi3yweF08ZxI@yK#Mzn(`m&q+v_WxgXZP9H zHP*I``K zcD24ljm#ZUnKY6?H3xT!1l|*t>l2pG+PS4nnS^F;uPtLHUnksb@{;6Qh3D zJ#DIU9Pr|NcIreYZ{@{};w-P@~C;aRY#Nqs;JPIgF`6rR%l*_g7_$>Tm z=k4v8Mcf>vt zei-eqdwSW!OWD$Km!d+F6h8%sW?8wvz)cL9<^#-TB5^KAjO&w%hGks0(-;+5EdQi} zqob4O5Gt4poQp!aKYnMz9M&6m!VCNvT@1qAuOT&x!u=?Z9mgb*@Z&PVL_K0q_m~s> zmjdUc$b#vNaZ#ixNpv-pp=B8EhdcU>NzkHxwWcXWUcBcrz35>)rx1n}y(i-tW9Nt$ zS!M!?IN^9;QJgEt1PW!wz_2lK6Tci8m#pQ_7xIqT5CX869vG-;VhrBKoD zpO!)Gu`8mx8oj3~UruJTGMK^kZtZyKV{Aai5E#fR2fj;{bu%imX^vyU(Ib{4>ZOk) zA1D|6u^Izn66QeYPs#iQ7IcXIOM5vNTss~*IeS1|#NOL%5lRn%X9PoNDai@Rh8L_r z?E0ZXlsvk@3CXY@$Lr%5Omk5!z*GK5W`Q>Bm(QBrVvp)(1@Bwdtv zgeEDOU2!;7(L!`G06!#onf=L)(djZf+=*nJs|Za_+&IUzvkZDQvMgi8iP#@8h;Ms^ zQF|nN><$rxf^-MLnIRLu2uG3RVjA<{6r6+&dD_;FZd|_CTtlE+?N@H54%O>MIoZT! z>9r?`J#ILXH=QeXWt^$CqD(c!m>PVg!!VndZzVdr10BG?i{+~V4oO^CMrvc=W!&x@ zDcmGt4YbD&O{eBve|ugef(EixGnKsTg%ji#;vkia%}c}i^4K4xra`LZ+O(;c*3b9q zuXi1<3nEUd@qJoG>w1dZcFSfPf_fqJrRB@@qQ?R|YDBFDVqyu1+J#4uO5nuzT-U2n z2uVgEq;5jwsh%n5%Of z7zjF(8GNY*q4EZ)D%;F41^Qmbs8X3@T=joK1mAq3&lyRYE1tYKeE#}{N}dI?sc|@U ziGH0gY!B{HMmxpTkclQbJu4%Q-U%zLvMsGNT&Jl0>2D z=p;HvZ(f!qBAn2OJ$?%9j7fwgc1*ZE3s!coDFgPO1tmqsVjPp=2M9UOqoj zdE2Urkuph{=ElsB&KMVO6p!W~m+NL8yKdewB^Nd19D@+ARy_3cyurN^VHGdC6(a%KHt*nd`pc1O>IV;gZ=$o zSd>1>%$TE`TB?|eSWcK5COTkl)N_+ed-p4?lXCS@ zt-2^zq@Lp}$cdDM6i#kp7WH0vhdQC-6(?`roIs(M9sBb$ozH2!kbG`bY2WXVP7dy* z2KR?m)z(!>UPoT1^Oj^*?#Z$-G zaE^|S->I|Ip96#Uk(>E&P0;E{T?YNNu`<}#XRc}hqi-omVq{1I~gI(U7dGt0|{1}EDox95RScI>_99VMZP8#Sy@++^es22F$vV;cFq`zf=uP2LV=;;;&x=esJ{Iwm zh{p4!>o)>t8yvt!k!0kyrN1{Zq$+-P_;&`YT7p`rIP_S3tgXGtFsw zXh^Wise;fPe|VST@+~k5Hn)~q!jN4cW!$8QLaY$-Pj#=C@Io2_Abi-k2 zmZkO>_*y4H(3!!wO`o+i8+_YeJCu1?=F3+nIfhi%> zqbIVYr*vACA!*PUjU8y~V3Cy*WvLIwgB+pJNmtmJ*m= zlTUnZ?LW$9PBRjPPD=gjEe+>PyP<_qUmA{-RZSvSTOg%Y!WrmFHn|lnL~3Uh5|;qs zoZ}3RO~`##;~o49SU0Ux^$@eeqgRVn38)sYz;(1N-*0J(6P3AD8xol0;Uz=lG9%P3 zWCP*j$2wM_1frG^y1WcNenby6fH%c_OmcL28MfAY4$B=~UV1x33ibfc+_N-cRZheV zUl8>-?DR(LbQ(ii{any#jv)y z)iGc`Rkyz!Ktr|1M7$>i()w|@K)lfY=%xImX{LPlvdNupDJ*h zBg|KzUwg$OELr$-b3a~F1Y12EN*K$=I68ldI8&S<6)0xfSa(d*7~v_VDHrCd9lbpE zP)f=+s}AtWQU5TW(^O>)lRrJ*6|jYN((GOkb&|>AIyG_{B}Gg)niOfIcnHZQ7>fna z<-oy0=MWWyIufi|t$G!L(Sk{x)wtB0rEYi%CvH`O1>vIqOF{AlO{a1#^|$5T37`vs zTshukdEKuL4qUzYNu_-zptE-iB)Rtz@gjQ}w-XM(s=2n<@#$v6a1&MxCFfhSWB{^T zF=o(WZj(KO{!}w*(C^!<8Wj0)6hCm5sWpca@XatXlJ#l070TqGWFvx9B*^EQm-P89 zWyi?UltjV^gf28MGD(JWq2vb00svP29u<@oX*zvT2}**Tbk@Ccm>o+)=dIH0mzkBD zVySIw@vthc)>ts}w#tRMHE>41H;JP!c1k*=ucNf$z_FIa>B6NPh~;+jXF!sTS(79& zuriP*cb`kN=F=8T$Ny-GV5?jff7{&?Szi`{A396ojtM#9F&(eoN zb$R2>A0-6mRod3Qw+)xywWiB`bkm)`CN_;@VHe-KlUL;ht<#brGd6K%*tDkJ=>w@f$VsIK_R9%|El)u7Stnfp92eHl9cwNhA=3^Gmi zP6AdJPC+@giQH_H1W)zpXgq)$IM|!#lK?d>^V-hA%i6hH`fCC+r&nc@JGLQZi_js5 zDNUa0YKXm0%UKRrK(7$mI`C6MZgh-FmripyC@x>wW|l{Lk<^K;FZY^50n5>lT++u& z9p}dP@(-)`a79v{Oo~Cp$~oGq05bP_Nt;UOn|ZCQhb?Tnz|k0Upy=8@*6hF;N#>~3 zdOfuS05%-7jT6qCJ41i=9bbH(gxE1M9eG2OcbxFQlVtwAGSRJ^OVwr7ur`z~s(HbE zytM00Qi;mJ+lE!iBukz{=~OkbDPfg^o%`_zJaVacBUhuZ-s=IEOf#FHp4Qw30IDZf zh5stpF`T)Fr{&g{*->lxuOihNYv)#@=~k0z7q8`C1D!(Z>SO5*V$KrMLpr8ZWyn^K zju&P|X#$v(dHnuddzQ?Yt?(O`XF><$m?w>2hwt! zR&OO2skOIJLxVTDg&fiS&TgM_NS1FM8$VDmloRlvejJhACLPL9gzHC_G^ z%~O^$NKzuXrsJx6iqYL_iQ5}iNf_dqW=+{)c-IC-H^)&-IL#}JtNu1Zu66PhCFFu6 zRg0Q&C2pk)sC22P>4bT(lo$V+!0I0U$gz$xin*LjDdckji$4AoB0T359JL(PnEGsY z#yd_XMPexO2THU_RZd{S(YupZzVPqZ3yxgdBomTPN$>yj-~X4(m4_jQ6nd?0xhJeq z(shi5wHjG0ygdhgwRBuaLe!7t(Dpf<1~`vqRFFs%IgvXth*)}|7B-i=(zI`PhW>4W zNkBL_$1w=3x3ipOSVgw3yK82Sp26;D4b@S-Cl$&D(ZL%SbQ?L``Q{u52&aMu)`v90 zsf}X>Jf2Nw0Q$=;!I7_GC|5gkRWB?ip032$+o-d-$Js>m(462@F9p9XZBP0n%gKb~ zPvjthA&)MA#Cv8n;}8;q8GVgy9gPctQii4l&T%RT*zOzKSr0Xh(hTSE5|k)MPmBxe zl@Mxbv*!nc%4*YLZh=!)`JiMRqpL1Ac4$`2VJc|VdBqS%A5>{PEYDe`X%Z}B37and zK^Ct4l2_5c*VW~?5S(U^wdP33$)eomfZmbw0e-aop@WKRCVVywx#7o z;(89!*3S=h(@A%CkuERr?%kwUyGh&ak&`(SktYh3QNOQ>4EwTPQ!mvSc;~taXjS_8Px)?TN3(*@D$HL0xh8RctA)%}L|HCL zd9e6Wn{HO|g=j*sJcXNM#g!&0;YA?a6%xbN*c#k=~DP$;vER3gb^o zNq9{ABeXyG8+Gt(l9kFxc*@53NSj-NjWT!h6*{KXuAP^%GWMgPhQ?soe{I^tIjK1m zRKls2QB=o^wrGtZ`af)3tq50j;L9LuNqNDxYI;M0=vEaeoUY%;LFL%fh80>qty^i&~wBgqS} zSW4Ce0~}3g&>Sy}tEy7Sa8AJ%ePNmw42^Sw&&z0}bXr zlA%=G2}uD@!}!ruO3GMJ$34707--6<66O^`ZbWLhH-@oMSo%(4>M*Jux<1=MM1%cTh$El$Rj?FWV^@6OhR_YR< z^kQyEBWg{kGz1qwgwG~mI)$#1BGf`5xzKQ~m?qRfIwuQ*&^2;}8g>?@y*_TG{X7(y z#SM1&=1YjbQz^pW=w9>@fIgKWyflNNrBW3m=p82yvR|+$kncC zhD=+OVm~CS?5-1$PxU;1NjN5lMxF z5R(h17f?-=?%e5Z#Sg3nNoit3R6D!mA7!Lve zK1E-cadp*{qMR|IRuAxD1&u-XsPd4}80`!OgRrWHxdH94rwD8cYwAZam1w!I>tRg2 zK&Hd8_{0NYdiMKcKTD0eb19GXW9BDeYYmXEM;d}R`CO5vujVCiemJL0E>cO11h1Lg zYd=n4&NWPuUeKJSa`^m-)r>h@yM4$=PGN+Tr*h}ZEv?P)Ww#*EMkW@hbpBo^zJraeh)GL3H+~zTqAgWT%hlVG7tYGe zWb370O6WMp`65WCH2q+!fVbu_9DW_{1USiPN?a!dwQ=o9Ow*sW&$%Ph+5PRfY0n8x zO)^vV9!jf-KYn^^9bHeB^Wv+p^4_|1@@|a8XA;7df%tS7a3~zrBleZpj?kwq!>^>( z_(v-5xEUmDGZ^aP-Vg>Tm^wdHCZua?PtHK2}Qk+ACb^k3#g|& z{?0U^JX5AA`J#tHbb0ylBMOxfT)4ytP_v*6cHRLmOn*k@3V=QJPJ)E^h+zgwQ33Dr7 z;JhEhqm^T;Hca3|HBgUUv#(i9Mrd#MtA=iW?@aL8 zeb?*4^(cCoQqhrgQLkt#`HF#;<7`eU_HyV^Msl59fImes&5_6nc`UnOoTSXG>fj{S zcd25)XjcTodTSbH=Vq zbB@C^C&CZ*b=qhU9-_Biz$%-RRzsTP%wFArcm{cNovyo@vj#tC6O~knElvgt%sH8l z6BX3o=f4HU(VTc5>%B16ht9 zq-mZQqqLe{&xU~pQzkeAeejMxoBI(v0A)(G=uJOYryDoX((s`?jC+s${$j)gH` zZ>*tpE8r-rZH|3tY0aG1s7kldYp@!Z{Fxs^4V96>w&iEfLWI3zaHL<<_8W6z+vdc! zHL*FdZFFqgwrwYqWMbQx*k-@^Kc~*AdaB;4^Qk{{Rp0l%yZ2hxy7pSX9y|#_!&NfM zp^>eVevxHRUo#{iPDd98bmv$Gp(iKIHY2pKvhUi!8f#oqRs7*9zZ6wDG~(V!O;I|S zORQ=z3AdpFBfuJ{1}kg8FInzwo3Cz7xn8#V*LEB#`K0}sN~u4~kD&t!>!zU0Y3)i8 zisgUscxs6_t;k_6x~<9SQIpT|lxFPAfX@laG*ozr*ba_KIwGX0D8&e?ftMfXW;0Be z&+^AP9Th|K(s41<(6h1|bsht(kX@K5$k2xSxFfdLLTY-BM0eZ+a+8R9aOt#MNQtw; zuldgrvNWT%VQ%iiWRQ!n(<7Cs<+t^-7w1G;1z@sPjgVv=KQ?IqTXJr+7*dUxb6~`d zau#v}{mC@3iWK9Jf_ydpVpllk@%s15!_DSSRj~H8Z1W+)Z*qTwe~J}zgP`dtVcTIl z@U@A00csyCdi3(CGD;VE=OAvsvaYv#xe)$9JN9sVV;Xi1?UBBSen2e& zq2If{*$h_*Zcsr%d(#d#T?03U*Sov!7WEYhjNWiGq(D1|%ht-AcahvUqPd_OsoW3} z{Ef6Ui%@P{v_#tH7;+NF@L02N`&-pPs!iE}O&>dHAYpm|Hv$4uSUQO>hcq3?4G{p3 zpA*(vKhHq==XDex686k85tJb(OoAI?Q zCgf+`{PXBcmj6OKjUQ$kXT)%W<;!MM*PB)+aK?=Muhg_?0>z4j@#`1S)zuXu-8*pY z>TCP+t1reJFQ*)%{_)m0f31o_17zTc0=*cmYBZ11COYXq)&sdJyX)Zyn%<21gi~fD z?Ad3)v$qDA(0u#T^D+ldN;RtjdDO6zu+!CJ=tOGo)N~sge|`T#fgiQsfS#8iC-yWFu}FWDL9{(m?E2Zs&chTRFY?shj9}Qmrv7Uj8~XuFyKTaocC(mhqkE z?=I|%gk2_pEZ2S>VjA6P}UB06;OT zY~eE&+mN0j#UEdivRGHNRyfDGT)^*wrW*Xsa}dLV14`I>x?6h1_p0onk=I#35u1YX zllFPIs_#a6Nw}_a*1cniW}C3`UGOgxXu;>>bPXSxW{W~Rd4@U%dI4U|zKI@#!ptY^ zF|jsvq49zSmoKf;J8ns~1=-7AXfDFXWQx7=79!t67CVy^edtqTF#M` zZ2+6Itu!7ln+4-?$1Bi^0e8x6-);j#vI9K9W+jLQK4usX9w&uW)|44>w3&k zigcZh_Gu{yS$!Le^*Hk4$D-Io-oamzrhkEYFT#5v;N=5N&ZQy{RylssB$@>H(Kr;^ z3O41&aPddDV-S1J?P&(@^mRDo@_)TEpMS=MQma8x8s1ZXeeMlCRui9 zvJmzfqQ*Ia4y~t60rmxKiKIMC-W~hAy~{8;$Sn^Pl`HWhH}bqrLd`DauJFi^b9D=7 zc1*l^*8baMXMy9)QeZvg_jofVGo9tJ;a?e+4XiOzmz|}3GN48Ti9>8I0>yQY^3_jfw z6BYC2ZzjEgqQ8K1U9_9(ciYTH8TMbkk6M*f7Z(D*va<3d?zXr@vvMNu&k zwPqdFQx`i%x|_3QrYGsGpRJr1aDH!G*boGUP#5DkV0-5{fZ18Q?)Imbb4lKlqAYf# z(2$jYF%dPqrk9edml0i$lksA4Rvx6#H0|&cs>S@OZ&V%1S5H@8!YXs|?H6eK{R!`x zx(#eUUwTJjyyqU%Lx)b`f@jSuXhFjz3FCHw5`#D)6#V8Mk<^tf>9=5!7*#T z`*e89Ecx#2WZUG>XXa9W9$okQ^DJWP>A%%>>m$}a)}^<_W9^{rySoL?2P2UG(f69f zM&uLALzXvAglnd{RW#~Kjp=;{-~8QABJpSx&F#s}dGYjC%S(WJN8sKXkCK)D$90z) zDfbO$u7okqNDWK*t!AyhW|RJB`_CX=(NdP>UbUx;b4ZL#LiR_B4T8bq_8AHntI7s-Ey1Z<&``7x%E&aeh3}{IS(Aw5g6N^jjE76 zS`(U^TWysU#u(U`sfeh(nDpf;phpma20?JAJcQLPrL!ia3lLIA5IWxbKa!WZb>OK? z9ZN{>sfRZ?t)qWo%swIqikTqt#H-p|7C0H&nl+DSVfMt@WKX*)(UI7~u*QkmsSQrM z3yR}PUt-);yv(e#U-K^M8(n%UaS1aUz(qa&bG}u@ks~9oNNV!P{c^ z#nMd3~-Q1ot}vpCbe#_SIp~EWJFg3+~c3%%Q+- zT0EWOkJsEDBV^uz4pf{824v39q(cXHMAo19xC-d%z`4GzRsD*QS+4i7QY{Uoo1F3% zDPsjqFu33v_fUJl z&y)QPU4Q5FsZ=epHK~|Mj4oquQW)w&z)|+}h&(GSfKM;?5&Nh}v-dJz9^=;l)w9^Z zPMfxp_Y1h82mE&9%fw5m2eq+4=sx-o5uc#cK7lue$NE43Ufi}iSIk_IX&Ok}Tv2jF z>_qqO;UDPn5ED(q4n8~3T2aXJl1IHa#w7vsxT-WnpRtB$oakc+%hlM`+tK9r@iT9%Bh%hwhwfc>dH@)f)LDx;JQ9z;QPiXm zf%b#fu%!`CNKe*ujLn=PJ)hgD(rTpL^psa@q%LGCmRgD>X9mVR%KStI9Um8u$HVd) z^VPr|Ltt8#N;eYFMPh3Q+;R4&ZRj6ML|le&t@sq=KC}t`v)2-YohugUr>iOoI8{!(gf^hl3Jf{7+-ERW)lZ@VB0_}-j~8@)RT%z{+svdFjm#0Y zob8z-jN?R#!(cgbOf!zO$$m_cM?DwtgDLp2O!z1{c8@cH6ZZuE8b;$TO}cUb3Exwl zZ9y9Ty!-@U>j+@X+K_rm#7B1s-0HFV2+R2fBlUa$=;FwLOf8@nCJn}XtIb0961P& z5SY~LGi`Z#xHTw+R|+pDg4J28?Qm&J5Zz&4;G|n%$50oFrnF;fuXOfbcwNuJYU{-U z0Q@Ry!E97LoAFHp0!W+t#7u+W;T#=SZCq*;DvW^2y=hd0Jz*Nspcp;R0UFNrF?-e| zgtM44>E!^#I4dD@M%~BnQeMGl4=)8Si}Nz7ub??n_B>f&S>2--Ui5&;+5iUpPUqyV z@{t17c{I~y=e)30SbIyd*MC+I&vW@7kR{QY>|{E77w*g6-W*Ui2)smq?t1>%vE^IY z2Ts;fzDDSy>aG3>-4D%CW(=`~77N-dY#m9g-nWg^KSJ*8b zsqc%Mrh5}a3y!kby5F+KKs%;8r{o(vTXq7*n=>(@#aj_2~+9bfldG1sV*azhNu<}n<-4zq3$l8<6XtI||f z#*$dO1J+0o}#A7I-_EG9c@d|-Zqg!JtQON zf#dkQ)#E&$r)lHcAF+g4$D+1|Z#*o1vgv)4P!7&nCj29FIc52ss+#%)NC_vZeY8CC z6QlpgqysReZMW%CBM0Q^gZ};5fi-52FI|w2YKE0lA8HMZk+og1DrO{OvwMtuJhD$F z={qXp1?Dxpa36UlNWZkwEy5!U5;B-NimSjBQFp|Oi-Z?UJR8%SdEgAk{;6Vu+kOy7R?WZJeuTZ(%tbOW@fXoO42k{$=lht8 z%21?HskD>pV9^e1SOQaQX!r?Po;-H9Y$q!q$Vbl=kXBkc4rnfcY&C#~?AvY<_#~pk zYh{lOPz_xVrr~uaAua9zhvba&*kvN(iNCaPrG!r6s7vudQn0xh1R#kIMDm{@ z#JR+^rWuQMMIa&CWBvvg)8g67vHS!dwh>CoHmyZx12d!+`esB7DGmReF6qeGdD${9e0#60lB50HYD=PPRqHi8B?uv|~ND%|V{@ z%IsLoNNzXWgZMpE(uFLCGM>)Cgt=1nVW;~f<#YOT%`b+y{y6IIxJJ_ho<#eSO`25O z8XYJ|O&830P54LHcWhBO3UjCM{!82H38t_Cd=1j4ea2C}jP3sWR(yMAi&poob8YlQ zDpCZ$6In$J%1{+8j7ughc|=UplexdXyExz9yWVwRulq*=;A7Lr2hr6fzUoom-oTgd$BvGt-2`yw=P5@(x4~W7_}WgxS=-8= zBKujg1I}F>BwafB@Tk$E;D&or(Vi$Hq(}7Js)CNjVPh;~`1NdliZ4lr4^fk+XKoA# z6n?Ielt(1wsGcA5U(ke4-E*4oRiouA_Zg63hRs~Q0nU&Aa(bLlPy7+_;=44u%sr>J z>b;lY;@%=tlsVg8XZE8U)HvqFfYwBC2^5n3Y^SfzeSeLIGs*b1IXEJ(y?$KAAw5aq zsx|#h4y9p`uMXZuHHV~{ZzLOy`k3xGcDUx$lK>OQWdPxsQ0PzMdE*6BChFxKE>KL=(MMzF}bCzk=nkxyQg&8z&nb z@O6(-Y%4)jx}C)UEFaGShi-PajqgKPS%(fYX8e*HzzcdtJ(mzS;n%9wNrO>U48ruS zUd+M$hGwWcRczeCkxtY>lkm^;`#-lGC|b8Gt+Q1N&PNk7?`xeQYuau3<}n#mcM z?)e1P@M(+zwT^!JU2&zw2(TogIfMEbKO=2XH=daoG=ba`0Q|c`^dD84VDIZy=za*xjS-vPH+g&wbn-s zJ?PtqC{yA_{_0vPQVMfKAXgAB76dgbh>d-3L7k^9bnInGow!SlE)ww9&cx<0?x??z z^m;@mDt|bzpFlNL#EOc}-^RlfEf2~?6A|mv=2t2$-e`26igyJ|@+`oFczJLU&8I(a z&R`uNO^u%2C_2c5Hf!oSlE`5|(R^T#<~^AbqL|t}7Ra&x(#ir3$rRNi;!SQ~1}crGX%vL6RAciv_foC5*u16HPj9EtLF$J+$Q ztb*1H06mAG2Y@-CP6GJsc6|x3KU#zMv`=)W3lr+-9t=MUzGeOfmp)p|rT{MCLe9Ic zT%wGfb4>P0MhS{hw1gMP!PYdzOO*mL#|9ArLU;d&gqM&HxcZp}^Nq1g0a zP2aOy=K-_gfZbgN6Tk*e54Y?8Dq4g;fZh!MX}Up{mD!G?`pFi8#*X?);j;G0l-j_( z0(X_5t06)I){BNV)RidlO?}rX&Ectb)hph^gB{Om#vR;%wYmlq7)MoWYvJtJ~=Sv|A3saD{ zhRsGwX0ok6iZo|rkzd)U*>r||ob5ZLJns|4heitDJhtUVVjbG|%Gm0awk|ZY0ip)m z^=nZFGoZo-juS7XIklG88P{Cz^ZtX5u%B%xJu~Be%dU^!>g|YMqZnwt1y()(ty3y* z`<|ZMuMYZl#+wK~`+V8`q!$QqH=V;B?46HC9v|I$Ok5FLwT zdfbW`1f?ovu1sa_Fw}G&4vYhx6Z=e$$-ljIli;`S;fZ7M$|9`WUM8Uz4hCNmI`x)u zhIAVtlx-ZRj#c%uejUTwy00q`iwevA&w)>IK7tuQJ``6`{(gjeK8sT0 ze$~H9yY-mhoF>$RS*XZ76BcL4W_ zq+6vy8#Y*T%KUkOn)AnC@+yq+Y$Idc3`#S2?HL0eoUQ&+bgReDf5XfeT(RG1riG9* z+&1;B|%|EdeXvs>j;-^`Qy^&_C|PB-jprx}Di>0C|@4vJ98bF#De#^-%XIM82ocv?wRL%vw5M9*18j{ay3o zBwSu!3)#4IB5G)RxJ}r*TPD-3nboae{DRCTzqdeEGjMB*d$nQ>c(r{D=u0u@e*|lp}Bimy-GJLs?Ipf)ZAOXsA~6XvJ>jlKoYcD2G|8qd<3rYwm$>gbIj$x zp96ZoR~+CU@pKlKm_S_a>ik$&0ri!WTXoIGx$}My`e$X3qXMP?@n<0#Zp%1D zSCOAPbG`L8sV#@=gxa8dJxB4t6_l4eh8x;!)oHzk@LOT>>iG@e8^cRq`@QfQV9hNc zDCqrVr|qu!1Q2(m%1P@#l{S+P8v58q!ZF=nnR#9Q>@Ehm$-LZF0&J!=7J(c1M=G$v*1q>`oV9%nI_w^3GV@R4TJ7Z$45%8i(8Q5l!0(?Szx;_xx8eb>`^0KRJm4mzV`9bmL z>xJR*%<6flMHGIxNxB3w7z1>?1{zmpP4|3VtLIkD0%wZBT{y4wX2I?DKVJAch4LV_ZG8=69_nh) zE`ID`J_gosZN*3dWJ52sQNC&++N@665qqsOhiV~5N3APjTQIId=_yzI`%2eL=nkt+ z^>_o`Yfkj92b(Z~RQ1H6`pcK-C)%14_ zLV0o7CSnY0VZM#F+j!%!E{)r@t9Y3TSRoK&s9TLFr&@1gd>@v@NKT=?Wbsg~SpD8A za)P~~%S|O9VT7$;6c4q~G?CCyUbCOVuo#C_AYs(e^Kb9I*vi{*f7Uwq_!Zu+{4$Dh z40LekD*pr6-01t>A}M77u@qvPHO7J@g>K6lD6IyZZuJxDMlKxbh^?m08?GQ%d(-?P zx+@4S;M=e5*NV>vQ)LXc%CsQh4N3^|RA0qLLL9@XE`i;Yobw>}R&rx-Lg&~H?EaC6 z2k_%dTQgo0{6oJvM109&B{V@h@pKCC!1%@;CAR0ejY6nX{H7-u%h^P<{`vzt@Z5Sr zS_<;3ty>&EYpe_n80f7f{q-Jfwq~cCI4Cu^8fm>X13K_{U)tJ?7f*IJ{Van3pIe2* z_BM5k1GaW$hrvyxoHl1~-X)a=+VjIdF`M))VLkea?0h9NGTJ-%m$nBfSH&T{jo&L_ z4byVeG9MP*rz+16W_pINkHTjdBt7U372pvx^!T5vuO2nG&a>AMs?IfB#de5X+B{~L zX87)he(I@T(QMT;1R|czr?iRXszlF4(>kZk)C}|jYVTdTfzn!X-{96QoqV+?B3@S@ z@Vndgzh5jZy7KfrJpYvYG3uC(Z{E(ukfeDMCJ|!Eli6VMiC>wZ2qNy%t>}cUUqONd zUJ}J%YS^_JSE?%r{YooSP;=?HudU+c^gJv~3L z>_1}tGnwM-lq2SF`pn38k0tJDp86Yr@M7@}a3Rq34D3iL8vq*2cun2!bjSULz>4s& zOB;+z{1v}TC}$zUh3gwMXn$m|w}Z+d(c^UbkQXfIoce_SyXd@`JChdS);hbVP}fFD z_@9t&G~ffA#zRm|C{~kJiZ=ffm3G(kr@xBb1H$;DgL6CrlJ>57YJL9(>8dJ{Iuk~9Gn zFHm2Rz)zy-d4+l4O%EE@LGVkeFo@GH-m8k=rElqsi##I zlE&jCL9&v|{-cQo_ein?`%1f}Bc7@kaOVg<+Fi|%T`FfNtX0Wvb}Ww8w~4Wgisq2! z!$dVeal(VpYa0mv$qZj2h7dme%_C(~KGMb;#4AH9a{c#*h5cX3&>}IF>QIBY9+BAh zh17lZ4kJ2=u^->hnQrdh$GAHt+Lm^CXT=nbN4Y@>^LMN(Rlhtl6R5xWwc)i&xm8MH zTw#c74gtx68bu2}RP{ERMcIaH;g*^#I&6d8_~sM2H0rfdkn)F!=z3oH1^jk-CH+XD zi$<+1b#~7Y-n+lDEmsG)4RQW95Z|7h53B@*a(g?lCUFeFQdMQdrds}SlmiMreSLP= z;+=z!+&6u}CGR}cBt?iRr(TLRt+{t9Y?L)+acmU(_U6b-!YAbiv%@+F&!+KseLcCu z=!;43inrQC-R(`*s+{clIXDPFLqkVI5BRZI5=|tPvWqPqTeI+iGy_)aQob|-?ZkMl zDD43P-?H#xXvpaC~XfN%zeN@ImFr;X@+;u1eY=eu=;GHGyQb?BQhcVOe#Z z|BJ?nWN5oXgizwK;5bf1M?GHE+d1&;!ijC(6r}uNyR>pT1Q0WNjgM!937d>uS=2Vmt*)$ z`7a8Jx!vnqoWJ2vg0q3WKIC1h^D|gtFlUL0ate$0LE#WsV%c}Z!-2#Hb@rD5wg}a| zrWTp^zhl0bp85&ZlI$nmM0*myvh%pBd+5?Frn8Jgy6{+Ae@Fa8mEg=|V8*L@65ps| ze^+z;a%)Z3(fO@@!5jw%x2T@1t;@pYkaQ{lgHwXSHc~>g7$*=@{8Iw>RwR|%r)}aY zeF%d~=^5k5vqn8Ae1i5My6&MGjnY}{q^`^vqs%>A!eZn`rj{k!Cx??D*g1mTu=*@} z%6dloUb5>qZ&lKk;-^roTfD9(gFcK#o=L&bQd9B<*{8ZF>uW#=D}L;-GioHZY;AKj zUU(X;VE#8BcZiIxn}v;>#BA8WUdeR=lVNz8UeH1Zk6jPY{(|Q=T^2YxS#!1QgxG?= zj;i5al#jN+>cfmr&?6#Q^Z;1ior0h0w{RlJ?G|~unWAHBOth)f`N!L+Px5Z^0!PuJ z9mGk+6g{pBSafj=*iD4>)qk7Gl#AhO%tsH5!X&$NL^1rM65X`kS;m!{*y7qNfw^1d zlWIF*g+1rrnB5-1mU%nz?~7WQTUMR!dFx@=Z$bCEfr~2g9S-2O#aV|#msuUYcg_=e z(cI%%F?T}cw8po`GteS|zRO%}^LEOkdcP3c=t;2L6ioZ;Qo-0nmwX|IIww*0ZzyCL zi~ixHs;o9E4ju{SgmUq9N7dWD!$>$;gic#+ zl5SpNFNf3bF|yOSs^Y^=FxJLv?j)kqyh;+u<&_rhwP1cB)p8xxoBxToE$a@QR}&$F_K@<3RNIcro;`WFSNzvblOTRS>6{_TDL8v zSVvMTAECx8qLjr(w(!DHU}-*EV^BrEIj}A^1#Ra=u{ARq zxItag@O6LwycL;$;V?3Vn=+eR#2J2SD{`jx)^p<~UGNd_ajIz6g}qc;VusR)rKB!* z2m*il7bkk-q(5CKBBSlQ9OsUg0kXPACX$qt?Fo*(p_gLj|>U1_iId%qnK?S5s zm=8*7n=&Np9F*%2^l^m9^!5=QU&0Pzgoz#6sxO9XV)R8%lib9sT?hk@HNuIq5KT^+B_Q&WA%_aFSck3_)SnYpe$k|W4A zlqYZcci}P;{d*~QybW$g4qT(71>u9kfP}o zED$J=A9}UCAkjSEcsGzDBlT-ggGmeWSJhp^yB%y+Xy!9CU<2WwPy%N@oY_xw0_=FIu0?49Uyo^0)LCtumTvgo&@g;NIZyrZ+>uF}1)tWP zp}Qr8F}wvzvwp|7sOG2`lkfpZ)1>?tem}>n<%DLER`Jx}#bXfDL5#^rZj%=Omb8;% zM0CVXNYl;!g`Yc)@18t~QvfBu&Nd-fO|L+Z+ zyQgr|W8c-(>&ZhIZ>jLr!)(*n(n&<2bfn<$OZ-k%L`eTM9sjhad$2Lc_z6-$Vk{xX zEu4k2K;0+G`mLWJ*|f?aTo@f7yDkK~&3y44knN`~yIm9npLSt_>qbz!E*iVvT^a(& znuZyTLt_=zR_{eZ1+@tCrK@HP77m9%T<8=-ITe3fM>1AXplmNeS* zZxspWbG}UF$@YQf+%n6yTo#I0xQz9+;W2;&J32MI->_MxR}zZMJajEtOqOeeYL()5 z;wM`Kj8Tfzh@1N!PYDZeKA_yK=-OwW{LLj;06AcL4lrr>1ncRVabQe5*BL>_yH*(VhGjAhqRn-P-4?ky4LwBEEXX? zXg*n8MCun13?4jKH4>lMD)Nj)YPw6inV4r}=!h%#Vf8FfH^} zox%S$m=A4q+P0>)LK{(;$}0ALN6k#%qh2U7C;;9x(Kgp3^iD1|!C54X(fqNP6TFwu zV0q~j(|Padh_^{87F88SmpoL_&e*1|@5ZBdi}uu7R%XwlQ(l&R^a#40==DXfX6ujV zd!H+(XDy!Y0Gp+wXo8bx${UnMe0tE%bSzGi54E*SLVEoBWED1_*iv!cGb6LCa_(Yd zTrS_D5j;v%6(k4FLR0e%l+)a4Huhb3U?7Zr_{-yHnQfthRI{Y7;WV44yT%^PI>1y! z!QG^2h^nRZMWVj^YY4}S>^Bm@3a{TmLKCMX;s_ZYk7y8(62d<>x zzX3zw&IKEfp6TclA)bVJ319orD#&@e;SV(dwovIxabk^z?S2Ce*Wr>lYEIIQTK`i8 zC2Mygn|{uYBEG_Xjv-?)qDb9+NOBjU+?D@||G$+%_Vc;b96Ni$$gH$=Q#iLly{tnb z5~b+D>7b>Plc?%ED;nx*&Y?N?+p=hnP2clvB=5y?ML4a(2W?{%gt5L6P-R@h=8I*C zi554{FVQAqK|~h9f>Mux1KQFZ@?2PCi=ycrC&Z)!kSJw*Fb%|GFXuYmhC1L?_BfgU zx;2Y{QT+9iONXA$jh1-Gp))@FwI$}hJ{sW(*DQmt-C?4cDV!2mZr9l??$HX|_a_hh zh~A(HTyuJ({K2TU%y12&BPajNY7)achX;PwBdZ668}3c|jWFd zV@7(i@W@}Uxo$QdN|Mohg_A2rvm`7lWXfVjtR(-M0X?Hg)moc_$#*0?N5<-73I}b# zWxvqE3UIf4uqtq;ZK&sbwr473M~aLP=VK|?Qp1RkkuR?v@~HP}m_D0ZqPE)E3fWit zLZFm9pRB$MvGLa4AJ{5rr)7hhx`VoKp*c>Jkk9O+l2J+Zxyvq%AXIc-l?fIc)|FeA zSHJiUFT=NM+JtV2gcG;1&Z7#<_4^-K+1*uDb z@uSGA{L}frUuukqD#;`yITg@?w!gg6^P1auW|WRTf*MWUq61Dd$u6S#ygkByHt=1q z@(*o~;dzdZKFu~FBF&(`$yaKX`&|B-w5>{Y!IS*gri1j1U-U9mcd`OmWqb6{%>`%Q z5_U19^`do=T?SV02j%$+KU;&9ypm5t3<*%3Ya0YRzmpKOtDY7Wl&7gKXOD`qm(84wC2UJQ_{op|P8f0RJ4wlXNOon}m)HF5isN;=P=>rr4 zXfxMt`G-}4?)yi<+FXr1K{vtLAsw=OLG11en~wuPVcXk7$%H}5wQ!!{6nE(Cf>eY- z$~uwyD?)MmEx}*6gH*UMHYpu&K^?xAw+qq#y*!8SU9RcrV?JCmi&%|y^-mCn zwvZJ4+WsviNQSohi#*k)VvITD5{`<{)}UEn91JRUk@5i2Mj!NWL;={zLVp=)T?cnP z5{UH5_x`Px0BmF{GFL1V+H6=mG`=3F8&zT0UD$q=Q}CN)tP<#7C1k?=3jR4)IJ_x! zu)Sz}S}-74>M)=jrvm=+2*V&*xD{P6S^wQq{WIFPM(khH7bkg#`?UkYSCbFn0e92< zV2hQz?rJ~b0-0B-L3@+p<@0-ADNk%Afqa0x5Rk}LJQagQvHq|De7A|Gd#&5sJBed5 zSN51oqhorzE5q{T&?o89u_mg)jACMbywT+J?plw% zxOCsl05y*Gf*!V7pp0etI{|zWLe0dGl3E6uYBw9z1~O*Rkj}$FXF&3=c;TMC4c&?5 zo3+?UzhEfR%(k-Tmq7EwB9F=MA1xK%0pZoyl^$)?K;OXKx}n!{ z^sV$%hY$ZW$u)41Yp#?~yQ-(wBw4V7r5Q(7TdEfIvqzCHKEm(wg~03AVRYA+SeZ50 zM0m>SR{!YXa0^mg*s$AHQ&SS>)!M9E-1M|Ws`qcA-2bG^nUa-J`m>$gTR1b;)bR}A z@&DE_=yd;E#}v7Cjql<@`}q>2nre*}CA?W{E#Dbz@Nn}qPFMItI2sEp?HMDh=a#&q26j zL^h6@N+9)ln1I{Z|2A>sC4B?=Xh|a=1{m+!ukU5YOUKGCd^RV%lb%dkUJ;Q3)0I4J zr^AUJa&RzNSW1Y8e=wVxrPj}P^s;Jh+}H zaI^Q3^OW*rWD12zLs<$3kec&}ime6>Yl=T^z)fA1kc|En{{K3;$5VexZH2G}?jyQV zb02T@NJM)lV22h zwMCxwcFYi|x;BrR=!18JLpH<_3AZpM`$>f;%HI6?rNo}P##Q**ou`%-Eja{HOd#LL zfFwLkc>X>QC=9OZeOM@EWX075ZzjDAoiHzH3w5dJsUkPH?2$-O?T3Fk=g!i8)Q>1HhaSeiltZJ z$rS}q$!l`G&(vrNo2}vg68_)kWuTy-V6?ve{*i^WD2o4+%`M|8Fh1H@o*bbYX8$LP z1E82);tb1u?owmhURm*bYmmX{=Y5f<+XJw76~9y5-mJD&8{!r%L$t$HYhQVj!V>f% zY&n{u`4i|FeWbQz4r9!;MqSquU)zH47_7!NAt~WioZt`%e!l!x8>m7W0z?5My95cuTxpSK*F=nwpikVf-oPI%cIOJm z@k`9)^#p;y2Q^(BG$pZp_o+h!W>@7oV8a~zr~kCX8DpRVm;VMSp%;Qjc_8Wy@@~OA zv`0C$Ok9}EvAs8R*zU*W*PP-j*e34)+ANRF#)kqKJJaYGnO2d(lNM9jL6yPE2BpYHl2EV z**8Sws#i#5;J{%Y?N?z?aW@wApL*^!^24haJ^>YAy5hgvRAC0eHj%KnC=+|TFJI^T z>(@;RtVNQuJYa5{$gaPY{gE2n^EoXn=+v3O4GpBKjwoWeTbt75rH_nv=JfyP5nKlH z(*mjM7U1;g$1!kGf31iId%5c~lS(flonV-TwvJpldXJZ~$Bovx$@ekJ+*Cm^$U2pz zPK51?e{>>D_wu%2x2g;f9|kGOBmYRFatvRe$$mJ%0&Z5#B}NAHrc34 z(r)RB14zb_$yxf#X-Ri#WC^s%7Jr!kDK_2#GGrBJ3U7w9iwtb3%N4+I{tlCmA>an8 zQg1_<#u9ZM>hyt*V|^!A!@~bta^=>9l1h4b3MpV$XaCj*EdGib!4>4tL_^|#4xa`Ph|A1RG6{*E;g#LSHI1Ksd9RjZ!@8h zt`{XMC?>ZIb42#&{D?MqjRqL05R{L7jmAl#U*-USb2XrFJlybrl! zIPM7%e%hGY64le@(I{>bx%_;?>6*Fj7r93EhcVp;#@-fMVPWP+^jMIL(ly@yucz?( zu@>tC#%eAhCb%0d!$_T#i8D-+z>Tpw^dpNg*329qo|9$9K+;!uK8E_tT*TEO2E4Bm zaiX#MU{30@h5j4aoo?z}{T_eGQ$N>b<$|MtxQj{$Y^egyH=R*W*rg-jxKV zJ*j)sYv{r7{={}_l*tpkOEy5#7grKX^hhbq&5@zZ5xqbZ87clWxslWEO}}n`qX1Hp zQwMWWPDkI%0QxW$7pbqcVHT*_B3S}GSFM4=ChxwIM9Ph_?y~nN$^j}j>trc}(lV0o zMSR_C+z-b+)By4sKr$;XN!%NRr>Yn#Y@ptu9V z*0WIrPk34BO-y8j!*LA9C+Uq!oPAwQOs4Cdx4kV3zxecCXV4mdoo!OFYUSVR9HJtP z_KF3m;P11Z{U6reGAOP^>(<8I-6goYySr;}f(3VXcMT4~gG+Gt;1=B7-95n9Wbb{> zKJvbGzgw5CqF1q2H9xvx&N;?2=2DT8VwD6_5odky$G8bpwZ|$?N+it4EvG*s9@TL| zir)wbQy~b_L^A$$Tfz6e!hg0APR>!UeDbZ2U?Jb)s*P*04j!u4jNg8Ks+PZlW@pe9 zd(&&Jmw0R#Hy^guRX&YJyeQM%>4_k;-A^*}pktdrxDR*+Yjveu4WLGIYQkYmSs)?P zW-cnYHx#tgp{WT{Qhp&|?udEPmw@0NWZjuTtNXJkPyH4YbcrFJ0t&*?0%H(o1ERi!Hb?{|04HxjUiTQ zWezRX5q%XEZ-^@vd{|ldTToc@A}qm~u%i8kpn&qHpkRjl^7<|)R00Hr=1BY&)&jP@ zHjD@e`x04BkFj6o0965J#N6ZVx`cC@I+q=M=Z~t);_{V2Xi>Pii-G2-{JknexM@HV zFM~kls`WhEBQ4#CQr}XR-bw?3niOsuNu9TS6<3w95j=ku+Arb;?yaMKlqCmFi zbj%Oe65tRz+7!{v_F{(_xvS|r)pxlVh-@i?5gT*0dkH614=8fqHN&>qq#+F}x^viG zwirOH!}rDC{^4=ERO%eotTCSnsIdHo6PaN(B?=$HEq7s?_76HBT_z68386XnW|Ukf znI!bNh`xT4y$^9ZQl%H<_HzO{G$thanpcc>C~9w~_;AdbDJ6@I{ADG96M3hTDcraK zD6SVg{H6n(Auc?jMjG>Nn`nqNW-I3d>_%SYW}ZH?jUYgeDuzq&2D+H!X4@cHg?uQE z$GT7=VcW>Z5F_c5DDIL7^@|16YeHatK)sHQ$XnVX$%a7tsU%iN5fby7>jwNC*&x3Z z@%tnSn?b&*Lzj4&9I#aZMKd}(4lp}la<>9oD82z^r;ecZ93m?w7h`=N{Il99y6*$x zR8B_2o*Ngg!@|hT<`YEOG${fl%D}y)lMReafuwaoq|awh0z&a~3WgCCr%>2(3QQdY zr2wy=`2PCRr7Cj3WWdrOiHY8R2@!ehci%_sVgq>mzSN~<5y*qY@^s1gr2sLo886lY zgSXujTq>{PhP?j-SPw9o%ZMrAdaM9zS&ZJ?{6ulv09FSn2h%KJAE|^t$T#{{KeOtg z{*4+%AwP2iTbvu2&+=iL_R4sTAj6!j!{$wRRIcD?U%*4-e)od=&f98!{ARV+z;L0u> zg%hi}0oUz;#w)n)H-}q9Gt(i#bIl^6o*9)|c1k^UnMA&ht*s(ARz6ej&yft<8QU87Z*k zf;FA!Y^8a!@=dqP@h24~TEeE~QVIDQG85SHZ+lxit(t*0F-Ketl(sZ1+W^<^P$kBi zRZ9STjcy_l^{9`Bx1UGIo3Qy;0`ZX2fU6;Qqk3qV#UnU=^R2xruXDk7J^60yjpC7tqjIMZJxO!N=h=(dKI~lK1b$JM z?h@=v|{(N8ndn7zg?e1XYb{M2$9;6(552$hLEbKotAt!Ip1}cwDa}T z^Lfj_-L5Ag;?S=W1_nkSGWQ~^x92ma*WQumQE&VLZ#MU$)Ys56rWYg0=dCo4jc4hr zBAcaEJK!2QO^ZhLjb0m`?>p2(GAG6edg-xaQt@bsa*bnBNu6^oqBiUJ^P5axAc5QS zWVyEYTn;_$%lgcGXu2;L=UFxQ?3U}wo$71BonwpO9QuJd4Nt*Z> z!MW^9d}!8@eADDPGHM++ts5Nq!Z=ADuN-+7B2JW?gd5q}fRf+U;< zFmA~v^@foSc=-zYhOmJv0~mWqnY)Sz5C@3svp7*u*++_%B3yr6D2-a6ijRyc$cIWt zG<9%AogUANeg>>aQH2RkyVf003een5tXvM?S;|Zj+XJeQG73ffRKe}eKKOtLYDvKR z-E;$+Q{MqcAHg0{;#h;^*UN#iwk&@}+nO#1eCTn4A6R#ViTLFpc}t1;;eQnQKd>qo zT?%=nhgd1N(zq;jW&RL|sO05~ zh}38}+nr3v^GC(?=87nE^h#N!;DLbVS!b3qxG!1v=qJEkul7^yw4X-Hou>U88Bp zlZc%839!S3riHc%gPAZVh9Pp8616Nb!MJM8u<(`k8yd5QACsMVaY{OqP3Ye0Pq%YT z1ZpMbe%8dC=34XBh78ON{g;;bW8B`z8e$L`P;?XJV(w24^mmi(`hPar$nM=!6Gwy7 zC@Eh05DSU;yO9sIL6_ke^YsFz9I}ovdGBM~5|zjX&{J;L?0+FYb2_@c&5c2HM z+>nUqG>H-oT@&s`i4W%U3lX5liv}2Ay06?nl9{ONsJQT-?Y2vK)+~92LJEx*x3Qc3 zKztg9gT+o$M*0Mi%FH68d8nfw%*bfAz;)ivs^ps$(XkJ`NUc^omIsUxNeWHNp@6VE`iksw^dSWutp>~vHJzHHN8uA_RUoYhOmU#f1H%ca( zr=(RH05Yk0T89nFYpYZ+oSYoDvrIXGh25Z}nrd@$Bw&wK3Os(FP>MVzjyksgQr=?B zi&IE^`Z>Yc9m;{cWGVj@l??ChTQ<8}Zeb!seSgoC@c9RNx#*L!ek!Bku$hJWDJ)Oe z?DYhA(e5Rc@q&#G^0P?#4!On8b$*UCOYQFsu`rxcnG3arni1UY(x3!Vy+u*Jx)9v1 zbB}j~)@(4=@crwJ;t)2c6vJ!2-Syz{sp7+K+YplXV~0MhMMQdy#yB354fYC47hgUT zpsAv4GAl>5etK0%$_xz~S?#No`&lm^3~|u1{1Y97z6$W)-6_~_WLLNa)vg)dl-hxB zvJ2>Igb-+M%q^fe^9H3^k)ESXi^v*!n`jk=x*4&(7iI);be||UBj{@pzafY#c_tso zUKoM4w$OuwXuxTYFiIT_lSgRcjR)x~y1t~9xJ}4HO9I07hM|MhsKIzghY$&j2Kg9? zfl%9+Fjoh5ULAWR#AeTV$%Hs{y6f`WvG1fn&y2&vV2ZXNd|V9 zyv%39S^Y!wr%b5WpuO7575TTlG0C@MgNv&^vu&}>#hW0J`4i*MBXiZGC~Njj#bJsw z{UxW+3NPa!Ehi1Mi=-HY7w0OG+i7ANf#K@|-?Ka!n*2N`zc#yOFp1fQ0&#DuyiTOb z{8IHACKe=e%Q;W)Wp&G$R|0h1>Wdqv?=vbydu=DizYL~6^ zvlVba7v>XDS0=KoL9(#K_-rT9!aOnEU;FX1(e70&0=--e-pQ!NqjA*+ole>rl7Sqd z$r(`xNY{G}zODYS)LU`*(pxSU=L{BC59m6HX;#wpC{`#2VHyiZf}Qr~oO)eak}tzs zI$VxC#2^{uiyjXA(+JMwITBnW&UxHipOhX6=x1i*TqCYGpPY1)%6=ho6ypx^^gZLZ z3B6D%6VfaFzH}4CSvN_`FA~A$@u7NFh?&-JRUc^G)fSjHVq-${t?tmNjS?u;_de|n z(!j^s1by`F5+$_j>Afp^c>|uCSBJ1SBC>(|5$)f^RKF{f& z(gzLs^AzF)T?K-lOPux$pV&qUj+zIApgU+qIRdoT+&vaueK%`r%w;U*e`qJkRo_ z1Ib8y_EnLXSF3!;Yn~D3+#Q!!mh-zQOR?go-}+Y>%R!-#6l=7*e%RI6|nQO{a-4%VYrE0J|_vbFCiI+;Q83t z-%Cmv!n~z$hljapa*JDQjUpD6(f18>G=ZtEAA;;tWbyuz!GKHN%_b;~{{yp$4n0{f zIakQZw&Mn7xtkqB-^fr~&qt06*%b`#YWWRWAP`f>VjalB#yL*XP3$ z=jxTHT=rSLcxK=77&7?5g0`8nxli8HF}HHljc%M%6vsQI_IYxAb?TnFLzKP_=vF^8 zdqBB_A3cGA?*P8wyBGQ^ zdAObMwiZk-&2-SZ$k@=wJvlhMMN=d9uFWp^_9z$~O+{}&$BTCYYD&_C1peKb;#low zL-_T?O*>K(BSCUIUsJx@d3W)XyC(ZzoT;IU1MC`tPe5CepDssR9CgdS9uKC_ivCjt zTg>~(VfkM2d;iCh53KggD?7Z?BkPp-pIFUCgHN~hZ>;8n&YxJ#&M0FBis(mud>rp! zALB6C6ev>n*Zj;$DEAqP!Tb*il1L{XVxRdt3#=l%hQ|lm+c?Y>)HBX6h{CXw=J%o= zgx1pxiAhvoghzo?OiiI_z8;qqEAGMZ?6;?oA5Ewj-oJx2I(jTD2soW$^p|!gGOV0^ z#QgdENr|F?qP%8*ay7F>0ItT}m^N`%j4voH65#`i4pRJ}D=ifB>(d;;!d%ypc1R%? z!`#8!C&UvaHutqmt0jn_O_uB?%fpX^>*&lotx0!@WMu7(bpV_2 z!4!d;U-hk^dtl-E0G;_sT#LmtO2#B2>Yq%FQ^9Yhra4H8Ra!<(kqDik`!1Xe;wU6Vt)awAz-K z2i9U~9AKR~^S;D)`|^FSR$f(k?0%$RZ!3oz*%x|!+?)L1ZznyT=-S?#HBV%bZ5KPC zqq7#P=*PVi=QD`hA|^-f^_fK?w)(UjczRt;=a~2zAdP29$LPH7z~ibLva_is^AKp6 zC3E5I-ucLDtqTI9%V6%us2f(5-f>vLO{yjbAz zh7l$rZYuSro7-U?V3Lzv?@pm7h&?3Uaff#=S|G@3E-rHjf830Y{Gas z0_xD=rhjA$HD-Bsb`!|DMuKbL`Bynphej;IPjr^Uftn)<^mAA0?NRJ-k9Gd%@eyEZ zzZ&omEx01dsa1t8f{a9*dBOleZv@N?$O&1^@{LM0je3ev1pM%$Hti{M8R5@gihp)J z9H(VjU3@kOxs_EQPQOt}3IIq3X)ffSZ%^aoD0pXyB|np~fkA_Jx?EV=j@DR$!uXsX zi)K94uQLlDI6z!ju2Xg1^|!9Pm+*y-<(N~u6u=t7Y`o=Gzya?0xs{8G_I-N4-r9^f zWT)4!g;LCWH+|2t{_IoUPS6wOZu+93&u1LHD|;{a8!0e8k8a_;1Ewi_^))83^n#L5 z@WiR(PV1l<<1?_Sx^*{xhvhLivSzWj9SEYq3j)U z2jbOmm`M~abnNVd-2fY%{6iaqFf>9w#%U3&F!3w-OK(Uc5nk%`-r!A~D|vhVpisb@ zkn~0@EDGvgxF#bwH{cFV19T_6iD;1}Na7+v{LuTi(ltz|&h z=ls`iK%-R^mTw+n3l~_h{%|h zV@2HXr8zD^p{^An2O0`oPip=CjeC4y{z^NCT0rH`=pwO5KP|#j{4KK;Z%Qkqs;3A_ zI^A!AunS0#D+u&jJ%XClh>l#yBxgk&uG&{l#P!?7pb?L!iG^*F59Q(Jk8~^`vCpz> zLP1AX1xD(*;g^JxTeF{cyX@~L>?;rqH5)JoA=RU?0hwtx^^C;nhdx|9946v5?JI*%Sm z_K#>y60{ZTKC}os5|;(m??M2sB%*;sH=>1yr|>(2 znms~)aQGMISOqNCp&tP0YFmTSQVKn831Z$f!fsYnl2^?N>xISEi|l!S$|0Xg%7G2@ zYel&e5KY)tn3r@$&bqSUp$RsQ=>48d6{CQa(Ip#3!|rZl-BVqEvir~y2o19O7DCmJ z?=`l#72WBd2)u69GPw7L=b&jEaA_QwE>-3+tUzP83_7&xpp_%iZ%LQ_t^MdC1JM9QJLG+CN zNKNwFl87ZIw~uLTd9DfmvdFTBDSWKFe7V`6M;I_5W7WrUJnmfKQc0p;(>3-F+}5~J zWc{G%G2>=FEzyvbUCy5YQia;=@*^JdrX4x-7tm11y&kODeM4nNOw&BbTTFq}fCn&% z0$X@1maZrd(gg64Ti9ez3Etu2B^0!ORRU&*uKr&ED=-me|1igr3Vxeo<3gszV*d%; z#)UmceZBytJAf?VX4j;lLWB#eX({V6%ud_0ov zsdE9;Q&ldDgCe5=*zjSL;!Mk9ZooB|=#iczbHbCe;G?^dli~e1mE*ucB1^3N`u2BB zq;S+srnB7OEM9RA4$CCb88QTnz~CkvQ7~AuJC!WD5_&o@bR?MJg3zd{{MY$-e*|XM z1e~t{AYdWJD_0!Gq$<7YIV5iF}R016=c4z>ULa!$tn41aSOa z3FyHCC;`ihzXbk62`GjBtpr?-xh9kXk3sxH2{8Rj2_Pt0$OR|?ziz)}H@N0rC-&Fv zVdV#dNa&;!7*!FxVX250?Cns(uXHr2X!Z=kuxJ0qZS6&!FO^3qSYUOUKv3bj8Rpq6 zp#s`egyL|sk;Y%fu zN3$I_qtY6`orI(zbqX>dn?+)d=>sr7|H6QQ%^wt5yn~Ie8kBD-R}P;3i3)*7Mz6j7 z1jX+CJE6bUcb(K!u8gkkYnk3gl?NsZqO-Mw;TED(qJ+=(CNS%-R03QhZ7#Vvd9@0N z!D1CwAqldhe{5VXO2QLl$6l>*v}xA)8ni=~%^N~=9koW!ZuaE?s$0*|#V4ir9z%2H zj~-*R(MFWx9+w>qv46Vd`}re9r7V}&EAG-nsYu5atGv`?_8 zSIY@pk8e^w!}#zH9H2=}7c81?*u{hZ=E9pljq}GnhmP;;{c^Iy$=p;RCMfG}cO=K)YlGmxdYu zP6{)^Llpvdvl68Owwxo$ZbL&(1NoK@+zu?|%c!p+rpMFyFEa|Pz|9yR0!_Qn+dx2_ z(7~RJZ5jE66>qM;pdsrb#skx8vt&IF)qIUi0B&6}I=S zDWoS&Wp-WE(GUfa5_JBjTcs8fWyfz42{iRq{7?i)TqO3Z)ymX*00n>a4+UR96)G0P zl6jpis(+aWpx`5vFTznLV*R1uGrlYMV{}TXrQZVnQ1Ao#eEzF~AF;%;3;qXNI*t4B z9e>&S3xC<{Q0o3H4q;aMS4Jkrit^~}B=y6MY9ALCCRD<|_5eeXo;ypj$d&0(;YAVf z`M!J6RmN{RS~jfYQk8powMj_`2H;9~@e1asH`>&+?X)6+2Wwu3=oo?4v>p9D4Q+ru zJ=t^o%naC)24p?bE1OBF8M_VDNEyRRSKMv2)earsrF*D@)mnPXROKcx)IaNTwKi~< z#h~n!6=8gLYW(g55DV1v+!qCf&`~Q=$=haDY#DtP8#O@rvHuCLRzs-6j01Fb!oGuw zs{VL{9Nhor3xFm6;R_u8=?iEa{<|;0{&!#C6DyVsMB@tB!+lSGh^*6aAY(GvOG4`* z0G~N;arpFu+AGrkbQ_ufvb?vKV=aSY=N30~gJj>zNq8+Y-srg?b2slhRH2#OKd~8X zulpP5(M)XQ7e5y2<{T>v(>>*X6AF@ea2{Qd>1=f201g4e{J%H^p(G>R9)If#@U!bmlGgxv$79N8dqK#t+{~>7`xpZ{)TC&{|K_~tpT7J?j}am z%=P~Qvd%L!o&N?|rD^^ZWToNA_*`Q_p8n7-!GCgq~1>{Wp-+ zpXE=G6=w~40D#QkpNstsWL5t= z$hv_PJsXl<-SeNw%xlGOWah}rw*+U|O6MQQjPPH`Ov;}3v4B#Kv;LF$G^U4?xtnDS zqV{L4AKyxz2al@D-a%G*t7*xq$m0~UnKHi%Dl=s}eN;DDOoIxq4=q4;G*4~s4gn0D z5~?e;#i#8+i2B@nBC9R=P`MyT_&Ml%DyvT^gsgt|_{*&kMIG~MYEFlAfuG=NAmJ4W zD_#q@!4U~o?lXcfmi$AIcq^R=-E=rm0tcK)*xYmkhG~K>X1ZVf@5o2>Lh*rW&)H2w zix2=W3SHZ)0ts*ku4lR#n2ZwTCLz!GXE!>nZ!MHsFt%cK2HN8C0;~f_ zKAa(*zMFN|*h4~*B}@8LRa1{8t2d}B4_4jFk|w5_)gr!#=cvVJ0&1mTkx>-#UU-eq zz0t?ttXk`Z30<^@=gFT`y@6e*_NVo7csdy99vy*?EolNNY}r3ixm}qyOD*3or~#KY zAl2rt899si&hkYNwoTi%`(@n8H=Ca$FQ4C7GF7ZGNVzR<<{9~~`BTkbJ8gTT#P!{e z+-0=uftC55tG~$$+)iy>A{z{~8x2|W(}Unn@!Lp#zq@xnZRG9<)GoUyRU~6;qXu); z*^IILqpoka0O~sayf!~oT_*5Z)7cFEe1DfJKzXnma&Ba37B(mav`8&GOS@gF7X?=> zV?ZE^Z1dp2#q2&LSf3Qlp@6fGJ0Sb_rI%chrv#ZUsj?U0~hP(Gk$t$##~sHR4q~30GI{= zN^HMP1FWbcfNAg{apv7LASO`zZ5j}l;QTfX;G}K=ra_+a?@NiP0Vk1?VDglOR7>$W z_yOO&mr{tRXCcZFSM;P1luD>Gz?4doYn(Q&%=hz@{bTRipFf`?d%6ldsrK(SZrV0o zch-6>HUp^=xo}{%W`L&$1b4*3wjWm)`qA9S)9_&0z%*ogF8LUw<-h3eA$=@OcY2IL z0ZS<@2-#4^Z)savY)!UvuaCi@ui~HEoz?D7IWp(A{zs66=8qr=jY~BrgW6|FUR_KS z@w{nhankT7=}_i6HffX~{^Uftd9d2eX-SLVSRe01`j2xf;YmBvbQy>Nknb^ASD=)L zchHsP5SGbQ^%N1kC%-R!)D=Ge@~N!5Hwe^{JrIVh|2+*`@4#SzlPKyagH~u!@}4Bo zV2d!Q)=%NC6EDUdkB}PZc++N=Vhe0SwhRiG=gOi@6-KuCfsmnRKK@uFjLbpl_-lb| z{Rtk^1y-De`G>NaKGJgndt#EKv51nZ*#MeZ5%qX?6Hs`fyH`(>4EfQC^Dh_^x)N@( z)&HxBALj29KY5({5CjN~JuZzsl}YZ8@sTG~wUh68T<#@oJ%4!mPR#%G^gltD|AD)r z9d_pea96_rhPz^J4P#lToT5`*4;*Pu`NMUnBwktB9vA_1ixBtja}LO+qYii?v!QKeuW5ZxO`59jrUsg+}ZcJg12 z)80qFgm7YXORQZ^9{ePT3G+UQ3VA37RB%Ctl6Jeb*5*T!9v#+ffxz<;pMND^?@0fR zd_{d>#sNfVZS_MqcvB}S65*+XXnPs?H*G8eB$=n z_jlwK8RWOWkL*uouT&$EXFKzbybk=2V!wavyV$?kBa4>*U&Q|JKHY}D#s24zt(rBS z7_5}RG(&c>u$m5T-CzH&LbS*pqu4Ivo(ys`*+o6K?tpDV&2y#=B>%#rRfuP{dUuR|=bFUVE!}K(WEgibv zGoEHAg3EsVp(``-^iUaxyKWM6?T#4AN@E*Ef3n79a)$NQVQ=!#6Ymb>gFT3FfBTfS z*uSJuihie1B2OLpC#03Yg94ZjiMNl7-<*we0^v#v*qiGQ@!YDf&erbwf!snpv>|OMK`*Rt!jWLfw4iM&nifc_`~6duoVez6uCWk}Vpso$xbzsJtNw&1R9 z7iZUNpO&VozJRm%n`bgwS zr=aaliUy}(;=#y^PKcES_-Rf@wyX4PyEsLZehw)0cT(+chwzBU+2sicXK&@ejyGqt zUzd5HVf4P;)6m;;Yo}J$^-C%`MQhW7gkge3I$b=OG(kY807YJ;)qznDh-4Yejj?9e zcAcJG{ZRs~rqixSxbtF!T?5ydG>sD7gu@l^_s`S4nqOP&NrUK1pKn9*u}4nZ6sA=> zp5D%t=1Nr<+d>P+Jju^OLK|Ye0w)2wPQ8xn)n-0Xm_u>|0tx}it2rl{_#wmFZv(hP z7&11xHxwE{qq@*)WQj9%5+B)pRTZh1P#yy)p!(d*)DKp!w}SBfUu6mOIUpt zTWMp3XX5LHl$fJ2&W6*^odg84;MX!)7k8(vdV9ZU3=(v>2aBsGoZn_7KPFhjh#$U{ zcV}SEI<(tVwc*RJ8hpf3!Bd#8+OLWSf1u7z7C)2caWR|M zjO^t_XX>JkTmnx0p1BLY9LJ2w9LM~m?=qBJyiqA-pD`Rn*;RMx=H(1qs*B%|>{Bx* z2D@&ezT>l{b_W&nh;_b(KsXmVN4S{fp}h>ngPyPKcHTI9-%ur0@n)ECtb(&s=>I58 zAQd|&CP?+gdm?QVK3770bvjX;QZmBh zJd#qqZ>OrIooT)mCC1qIv0(VTfW~|DJPc7jCsT8Zzf=`x-RTp2GH;vUJ>j$3r0Zd? z;+7Y{YOdDYQP*NvQ`^a9RbH%?*sm2AJn^gGmD50u)&nsF&5LOjo@baOO^ILwz37=e z6|1U3;~-jXgj2>P3QFO;w`xP4JmgP|d{(+1J6Y`J*aNxZpph)E*#qVBluvU1L({T1 z;MULG3hp;OCvjqkYjet*Q1z_bc0pR?o(>Yl&S#MuP34r`_RR?h@^Uohn=?+)Pgypj zzNY43Uw`SQ-IG2f(v~klnzFYNWU5Z;SL}ES9T9@JSmOIe^2LT7=pA$RjYly3_wF68HK zM`-_jWqf=$dbO#wHOG<&tor4dq$bsxtQm1224)>IGsS!BJ}Mk>E(?41`k97j#tq&{ z$|UH|x;ndd=1%-loMhmF%bpfQtsT|R7e%Mc?s)s(lG0kxRHb{ePK-@n)^!OBlOFTD z65yvRY-OCihuP!qDqhmgY)lrU6w+K-xg`YB1p-q>nE|&xI^e%ZFehDeW=I2qKqELk zXaX-egMibFL(+`v3P?mfTU>4QW(qAP!VHfo3fXv1P{TCu1aR+wb4yNUN_eA`q}&3w zHPyamu12Da-JQO9vkxZyn!m8S8AxHFYC9N7!t{Qejyzg3n+fQ0_Yu^y0PpCkd!6xk z9&?K)%n~^J>;!Z}zTw+g)i=xXLT`u5s4YfLS8MHsTQWr3Fu|T23q8>rO^Q#vpyfo! zTTn}Zfr+(v1&Mh0nW{SlhSu;{KcB3;A=Us!!~h0VMN=NCkP&`$JEKSX6*g*6hJKtP zfHO!h&bl>or$40X^}KfT8i8LwgPo9I#2m5RSDFjvCBZ@UbWFl;Ey)Oo$l@ymle%zIiM$PMU1ozfQeg5QL87HJiNQI8DU zpe@g-%gyhyg%z+ysjXg>Q<*M$oS6x)gr99tH@^#bN1h7UL1PMdr?OzxeX!k^;W!a5 zZC0T11#8UW5mf={DlscRSIReU^{!Rlv10v7)w!!HK@QaoaF_bhU#SR~Ze^BG-I;mM z1PhrcV<-f`2c2?`Fj3}D-Ot!s+-?H-<2OL(W`NJGuRw1ltR5obXH~NxNY)MDXl8WY z9Hq-{P#kppeCAhB{?MyU9lW9R1L zePNl{&=U|Ue5a*-+R35bp-jzoaSH8%U zabHU-I4%+2Kfz)D){T9XNAi9IqhtaIjpAuKS#fZK&!YPP%@G5zgasXTxy-i<9@ z7^^yq`JV1(*@KnJ0I2yGl{rJ&8bftGu+@a;N+WG(l9J zN$__9mHI#x6& zu5BIq;DU9q;89FQF!dRB^%>>iEkPr_IknH@@>?6q z`M)AYaJm1Ivzr~&oN9NhySNu#eIGXb2TW=-@e!~H2->^zQI8ku<-fDx5VUgv7-9mh zDuuS%UXg%z8xhT*Vk3%w7o=l23^N)}IJc)H^Sf~7eYOE<62(OJaD#1KR=q!<(BJoEKS%`sj> zJs*?={r`ew=@lMAfi9eA=OnSEyVqCveMg$3-~4CuRb0Gao0 zoz!sowf~d~Y3CU<&wfjV7u0`Ag=ySWFS&mZ+@~`RQt^IXIXYfW*?3nD((pdjDyd zZT6p1VfVXKmK;jdY`c7>aow(n?V0)8P5U})r zV?O+wSm>ehcd?L60H^GQIpgg=Q}3rAf5Sx`kMhcFIg1AWNWIhkm3k*Z=a~Vd-a7%Q z_d9wgz-^am7?WwBa;+#bWx*b8W&27w^wJ7hS=jo2U<_l}m&~jyG8INiMh9~^$No~q z<46Sh63|wZDb?-lLsqifFKv!8Va#%h_%Ga8>W0d;Cp2(zu~_YOaa;BwK}5LMMB{)s?b$XA?Joyqfmt z4QjjNT}HaL8^yPDB%3V2_Sv0j$#OvvP!$p|B`*Sd!7}igJIp4>xm5VG%x}ha`&QZ* z6ip5g8sl|@I$VJ?W_G*fF*j2BTq+oy_)JIW?CrYMJCtQ#AJa|&_r8m?wyUChJKNP; z4qWg!Gmi3Kwzg}n0Bu}O4)2EC3V#%g>VnJ*LGmIhJpddeV0aO!mz)D5Tl@59LR@72 zK(^oXYCe&QLm0JbL0OraB|Dv}Y;EG@m2e55iofz`0@vWTZiIwEcBO&tJ{P*@`@Rmk zU7mzHt(QGzJ9!G+kJ?5+eb99b+(zIsaGZ+}7&tHDEPmkuR29mM?#8F;wQ;LBS#9IV zcM>pJuvELTX(hX%^!;kJNTQoBL+Q+TA1DRHj_SZqMo58$8i~<02?u1aGETTl2P(BS zxtiO+Ca{bmXmTu^DC&&8_W(!CsnVJjcTRPomm$+7%v3Lc^?Q#&u(e~bHzksN#E?9y zXj}AbvV-@0vR3`2fu13sA9yp1edW9`wn(OBnB&(XeuK>8U|F#e#aZxnAEQn#PnI85 zLzb4t+07CI6bqgrI$oxTU*}0isLb3mbLMdeeD`cr2~XW$%3|NVyg2I=)VBl>C6L}8 z4LeF7CRU<}mRLkRLq1Qq*O{G(BP~Bp8u3uHPSA@w=*==w$L)TU^?oENtM0OaLzrgM zI6ha+yeG#Q>xR9#qkCGO5O@P6d&8E(3xW(U*5^$~8gu{zF=15tCPhh&g~d^wOO8x| zvlGk{3J8&?ic!fVr4gGf5X_o03W8T&tVZA1;9lMQUn9z;z1S??e5F=>U10Po1Q)1O42-XkFNVFq%9aL%K43nJJ!$T zm1KRHU{8c^lkVUc>nMv~Y9HowslX!{G`-3WySB8YU@_L6k34H1@|;yGW0o*WR4)mVT zyb}O)xNm@&e)%o$V-JbKs!qMwGa(%1!durXU_bebrtkT*KQOf1*Z66=j;AR*#kab%}!{O zdG0y)8`$+oIZ>*&Qr3)848XVibkePO0AB4^!Ss$(Y#HPuEoJDB~0P>LF8GqJ+>AMdm^v6%#NZ6=n2L z$&~18pS40kz_s+*E6%B;!4ZPfQbI%w_e3`pu{hC8H@mms@5uy}*snGoQdFT3iu|_q z6Lm%1pTIJY6Ho&xYgZg~+w!JUEuC>XInyZ4>D`x?-Y^i&F0Bqkeuh%t5sx7(e#E3^ z`7x_9F^rMTXx*HNqgXZRQ{Y{`{dl2H`aAF8 z{{3oiF-+aeFFMk3DlQK0Gr}J#ltNGsES30EAyAy^^I{Qkq*(@yOd5P3JfGnBzjxS- zfA1ok#xl32(1AN_;O!41lZ?+G_B`T^Ii)oB>c9*`ZVy-4TMAoHy~B+SXZ^YN^Oy89 z7=_f zfu%H%#`k)e(;C~ds_|U>Y=I;fzpC*~#rUSw>w`TGpCh3&B;+>*4QRh-Tn4079lkG%O>g%?EG{^!-{V}pJ%>)m8v_)tL)q?sl%XiHyGYK! zNP|9HZJ*G*aMJ9iu#I~tg=1A6!&RGpZT2uRD);I}EYW7Z9H;JswSd8b#gd_bi~1&? zb3+7bP`(A}U(Ft0z19idMg0Y`3#2Puff`X$!Rew3rc5sn;V8ZR_3aJlCv``1l=|gj zsGvqICLjjYl8y@60@9*&%04Nm(T514YyCmD{kGdzjT+Gn+>I?evETPr6qgQ@r~2oc zNV-+Y-AiQ}v|YiNu7bGdko<_BXD#MN7Pt384Y>w)ZBJPw;a4Q?tU-twHn}(PBq=B+ zwQ%4Z(3~n45<{SyElA*>9LPWY$47QJ;>Vqdu@vO?^S@ikq{uo^5xqgBYtjt0K9H|X zeSoYJk@pJKa%&#=xUYBNfsymA_a;3e924dyphnQZ6!~->q%C-t*qmvuyF zL%_1Kp2!*$SyJ>=`zp|;DZL;k7!(Hu1QaCHy;~3uL=b3@imspC`-6LORh%=aicX00 z`~%Uih=pGJHX7PnEXB;N+=`qgU-G2rHM1o68+K3NcH*2yE~XrgoW_CaWg5UU$1L~_ z1mIDK3ht3n)Oa%*RJu^u`@KaGasfkMq3KXoXVK3(7}Fqw+gmdsmFDZmO*!5v5FRwh zBC2-&ICgr*DnY4`=)j@-py*&;LcJn&@q_}c1Vlr1>RTZENLt7)2=4NPYthHJaC~l4 z+W^PgX8I$E%6@dRB8oEgc$Z5#HK}20X$S7CFonzNGPNDYR;k3xCJH+>X9oVu8>MUI z0w#!WTwgxT&&0HL9Tj`}k4R(nTtGKMp}OhxE$vEBIa*CKQhtm(EW-MjOiD3Iu0ud! z5rwC~Q<5S}k)~6A_^l|FFOT&bj+XUKf|-ok!p^R(@Ub1?TiEE&y#J}!r)+# zY)vQ8diGe_q~Vs={4p7|Onb%6^iUX@l`XJiIh~IW_(z}{Y;&j35$V*q z8=RM`Oc71lyjzsmbjcKPjyx&@=Oehr6GpVU7RBrRem3S$!f5$zC8|{{`7}D@ zuY%6b6$5pKdqa_>JCHt_3rnCU9t8uvpkqOdVEx?A3mDK4US(t(S2Ufbu?W>PVk-OO znh05V)bR+h{lEC90ZElD$+}8n1hOXT*47T(eX+^SwLru&rxAPBBK0(qTN`JLWOOLY2g#ofhwvsL zSJ6Y*+lkR^W_A<4$t`a?qop__o<~=Ysra&bN2%$k8jbAEAFf!>x1?%?v&VYWq@zzl z_KQN(Fh?=LwIVM)B_FJB5IV~h9n8Wpqi`T7jPfEc2A7P_0x`hQ`#vfjF4#|LvdR(f zWr$Zil^q{S(zFS}vL{Smt|tbI8q@Vks=npjH|LUkmeMjurItFnJe4r@z$&9l`h?9q zNEMK%6G%fnH3dep zGs|x4GcT8-D^q|oPTR3=W6L!}KI(@aa^>qT?Wmm}Q5JNf$EADpV@gbQR3G*nGRIm3(E%Z)P2|B{Ct8{7+4IWwkB^g{ByybJpPgxiG2*VS3yjdmq_GjV?RrGP#Hz5L zk!H#TjHhlRn>HC0?FHw|TDv~upQto{j%&27KIWxqm7Qjdee!;sXB}JYeBH)z5VOv^zSTn!leI#NjyPcW2>(Xb z!Gzp{D9?=_Q?+bFO};6Hg=FI{i$uPZyzf$Y=a;-MVeZ~WLNRcNh>t1pYtEi2p9CeW z+`qmC!bMy>QHe`&u%X^{k9ZH-SZ)UfZ&<4%knW1&2494r5n7^0#up70CkNRX3P*_m z>IZbglW8K{+8DIBdFSO}ksF-Um*&p(UVgbXmw?I^&y>VPih~&= z67E;Omv&Wno<$KA^kcBqRXSth9QJBPTLpc$?KHCL61oP4x(-m)7*T(5Ha(D79)NG@&9r5j=`0-Yqxf6 z+qRu_jE-%qW81bmwr$(&sAJoCdKvQ8j{5!BP8H3VA{7O!U?%M7wIi>M8Y?W?*++~f$fOT!(v&GJ*$ym2_pun# z%$kb&MQq|rb(FN$mG8lIaPS;==i#TNN1=|5W91C~>A#{%B;@qC}#4Sjw5$X-3Kl`|DimKcF}($Eyc8S@2^z(EgY9FWIE zyG^BY6E+lsebWkA9oHjj>g2F7AK^CtmyymQ4sTbCFD+NzOxvveu1yKU5o1U+v8`0( zvssQk=DqZKr`phAku+jw#c?TRwMQV$Bsw;i6y)T@w59%HQt9!{*v^*AP)qlbDp6f( zAjvD`wsb!QhKo_&GJR$?u2RoqO?=cUy_E1vJg4w19BO&r$xsL-MSTqpJl%2@%pHni zD1waf{yLEC4Z09!FjKImy)0L~B9aycbf5%ud$N4AJrRqh?~roT%rsj>nfI&6 zo2cbn_zNyk%kmLT0+OqZ!AcIHgxnI*mkfx5U!5qt*Ap^=5>^H=Ns zwZr3UmUft&(C%PALzcjhr}$zRguP_I3VEbXQjawi=?`e|=C1<$~ z(x8Pw_$c6D)wGnpY0^)_qADi|M`49 z)lZroew8P#H8Qso&)|#13-~Z49U$JZ6DR@$!*4ClI~P9%%wXZcx4XN!A{OOqaU(XZ zw-XIv=d22*+^9;d@ETm`uR+ile@Vkq9YAmubA--b@!P&?SZO@7+ zWt))ME`g<*d3=yZa9BTY)ymT}24-4Zah;18yM_0t-qZiY76tj(_#%7#u%PogH8W55 zbZ&N==e8k$%d3ll2)NE(eJ|P8M}}U4bDt45Lb*|3F|Fp?B8J+OKz2vA0Abu05Rv=g za$p=#7wUK*u&WU#(u$(TPIR+-b=B+U_SM~+x`veS^}hWsrPFrKjD&K>@AHLknV*XS zkM@Jm6rA`;$c67#Zzk*GN*zbOWz*}=Njok;GF0Hl11-gfYw%RKCpd*7PC)N{56(i? zCXhrHKZHCP+MS#nmr99E#^sOczX1+KbU`tAp-S2y`!xcwdo(<iO{a z#g7|y>B<~XfS`4yohjdO>IQnr|I^jvMxgF0i>R*V%=5>RjeD27E?60CS!Ep9 zLN>Yu%o&9_*9YIAW0jg<3H~tcSSX<5%#t5)GmO`{s;rGN2y>F2>J8?ZLoN%knBOUDTnO*lAnY-aa1A1<8Zg%?6?aV)RDB@c#vJ(}f1OZZiOO?+?2i1+gy=U|Vr-F{Eg) zr0x46U*y*SL6Ghq?F?3p{8`El(STxjjsV<;MPN(1Q>V*S9@52dwJ$*e+fcK3gvWDA-HQ08Z z8?<@mdUwoJFqOlLfk1_T9};a9!np|#dk9@Q3`^GPw)n!J1)38x;4;Rpz~u=RqK*O% zm)j2Xixcyg%P|)R#IK+kpZQ?%}XkmB;cU?@tFhBb~ zU=DW3f39&sUGP+oRm6*PQ59|onqd!c;zF2*lvhUt?LQza=|7+u4&*;I07kGN z!5;`YU2p`>#6=6mRMwHRX2KJ(Hd=E(j^cm>gXUj%D_ExNLkJa&4lx~eV-RAj9v!4Q zV8=WT=~lJpH1G$=}_m2u+9pe`0IDXnf#XXA=#NkLsA_I;F?5tult z7GH4mx}IpF13Wwn9V}c$7wNeYJ+y6` zcmCIzb}^R1XTeU2VmAXu5wpUz(=>??(*fC;rwp9#p67?Fy92F69?+v_)|L(uN2WR3to>ueCpVmLdh*S!@4Qx7Bdh5P!2aVP?xYIP?u(W2~dvn zL`jm_tKm@;z1GSrkUX6M!P<`rp3fInm>_cn;JHj>usLO2q!eu$IK%ehxpM{ugDx@F zEm{L!16~)DKKGD>KKH-BAYJvGcwQT@q6Mqqm!Q)$t!CRZk*efvXzJMh3ULYaM!%R8LI z9fLc>1$Xd)gdH1(HEP|R5u_TSbou(Nm>#+T-X6a>MnQ_ltp%=u(Ce|vJq&7u@=LSd zSu?-2L^)D1@;HAGVvTU-1zd&3odCnCtRxI?Wc_(OvU8aq$@2 z0XZG_iUy7Z0djA4RJhIleQP1n*0AO%Kq@Z#DxyGA_^-gz@nh^iCrpR?8BZZ2uaSw z3^#r+`^+)DyVN)|XDmwU$Wypu;1*6>JrNb$pdFCsTOP?G+PAAMmd(Olk z=QHMhK5=Ayq>=N9;*#+4QO@kZY*e*YRS|wFi$5bTxa{=T+y%#hOrZN>Mni3rXh$E# zb@_uPWke6&lJp;KnmuqXh-2WyBQ4|)7_2-9$_Vb)I{F(aQJ-H> z&kst)@qUNMe(0?`bg?vLSSzU+9}RPJ;o0$hbG?ni&IZ4Ivn!U8Ab>F*D-uowbQf|h zbzG?5(MB@MO#{b-{KYKXwTo~1?&|vH?E7d8{fiqVi|Yhb9a6$xi+6p-_8210D>0_k zaYjmSiOfc5-F4t>P&60=XMBVXm8zlsFq;G;Vk0jT^x`@GK=u^fqyL72>j&Xb`}MqP z{?$7@{MnmZsq@gR-@KtRUPv1zv8QlCnR{ z>Q`cYsM4QQD%GjKHe}C@*1V0|wsdk~j8GY5ZOB)eWDO8n3CBp80FVBi-(*0JGbutb zJ89qy=z`y%s3;4v?u&$=fbfB`FV-|C2?Qzq_z0ZorlB_ji3A@>R|`+yVx2xSdQSHc zsoRPyW%U_E;Ae81=S5NiWZc=)-L)xE?bMSZ=DE|kbQLM4&W!i0Mbq8YDN(Q0k|OK? zpJt+)?D=HNbm=Qn^Z?fW+NEYk$edRtMU_90vWwu2(`@2 zPS)+@b)Ly)&cZqB%W!K6XYox=6x2+5lO(KhXic*m&bUUOYSPtYi!biXuFO+z^H$u+ zz;>&ob{S1-W5Dhx7Fr@WzK9FkhhC&{4jV&TkO+$JQA}e+?zIi?D+}@&8=)I!x~X(> zqwZvxKn4~$1-pSMrGeLW&eroVW?D+&d)i6xVxi#zahHLb?RzHSks$h`ErPVxC!U)6 z7orjnd`?JXKA~nl(0<4-e>ADJKe7qOs7( z)4Dj#$X}xB^_f&)MiQ3(`yA;7Pt%rC@;?eg;7!?=)!wns;_RHA_h)-py&YU9_^Tr? z<_q}gpL)G^1o-%P-3>7@w`GazzgVDM3avNBKCJ1t8-seiyg#x(JKp_%`^wfLPV9Wu zFy%&e`|{&y6&V}7SiIL9JZQ^WKNv4RJ0OWtCNFTbamps7Sf^eTGEH;`|A@GJ;olYScv%`PlI zk2j$wMqT(WVaC!?e4QRw5@O8KP)x@VB40b_#1|_)lD9VEsmAsFoVe6eO`>HDww%bt$BY`_lUDw`6PSAa<@r3gwu5)i6x8)ctJgoIj?@_IWuF!-KI3HPK85)Tj_?xN)SkBu=*doEI zf}ysA>b>4=1boT}Ry~ZXahMUV0=t!Lu@P?M)AUA_GVYFfhc`*5v$+V$heE;205QA= zZYb4OT+2K%Nzojb?E$OP&hW2bn*Us+pPBx<(m%uOb6F3rn zkG9-}Go4=vm9I5)aGk>hW@4D?iq?Tqu=dMBH|WXZIlppbb7M`8SChhNK~}CRBf)n6 zuAd=?w+|A|=QR0hp^HL-<#V#JqI(dDK@UJWA*qK95wuFS zjBCRrlwHJu!&-0h%rXGMBRxoO2SPMY^L(R^8^ zdk-a=cS*vWcS+}xXOnk1$vD-~)NS9YInEyi`CO{ay)oJs&K*BB1|$#la|PXLa@S~r zJrWd_1)6F3pr~I5^azJ(*}q+kzMDA!S>Az4IYqT@Z9-?=wmBU!uFP?TC(Sl;u+KTM z7@-80Y17)*VTpaSY#aW7?_Qztx7Q8So!)VPo#2+>7B@4IT{BZ$tC;i1s2BY)v6%<> zLr!}Oem6QWs^GSiP@Wwi2Gk{i1H5%#?SZ{PyycAXX7nt3+~CY`&a}!^5%`?n=^Ca) zyq;DEX@1L)C6s!c_miy?WD`6tC7hKf6D{afPp=lf8XaXM{@5v+?@tl6j?`Sg+dzmQ z8aiep5;`8Z9nJ>p&|eoAW#j>sz% zXge|l0v3Y<6Z;8LAI$$Xa7LbDwl8$J6Nbq22w77b_w*DSwQm7~R#m9xGX!iklY7fpK8jHLE-?jURsFPNYL^i=6r{UbP4@ z2>lK5P(dalq#e>J(QceS+0*l;@# zZpX!jG^SX610-;qYM!-72ofx^n~cYU839Mnn8XngR8Y-bq_V+yB;_GyZMiwKvJciC zzyB-0G84Ntp*Cu8!Ka7_(dE))&bnZ=IGAM|+U9PUny0VU8;Esd2DynW-B^mF1jk)* zm`~tMRRBB1LTNC9xFw^Rthys;fFdr!^bzwnzi~-z&OHpbWHCn=O><|lNvB+Zn~TrpP0)|Yl=vjSVe=8XXu6e$#@#N6C&Hj zC0wd2jY+tJ&|A2W!gXIGb0loi*kpAp8T8CG!=-^Wjjrk?ZkJYcYN-GsC07R^ih}r)m~cXQwScrYWrK@iC|x*pZS>*o%N=xHF1kmEonMIX zMvTxYZm4iC(UseZ zA}u389W5P%J=9Y*I?%8H=PFZ(jlR&B`=DdBf6%TA|6|9C0d|}v#k58n`$YPC-h{9? zr68c>4)Ago zhVEe`$42(h3XU!LoC1H=#CJ2PVIK(8UynD)n&lJ>$iSd%Znq{ZiykT}f!>CR#ZF=f zt?{EJt^(|M4Zx0f$+_hIW5;py$L&XdUlSkR+wOMB)Tpst#lxHt)t5_-cRd{Pq^ycb121OMG+7 zfbenB$GAlweykwpr@;CrKY!oQ6TNQQ)UUuUR&}1J6LHdS!@KUt)0l%g-ia8V%XCo- zuGG>Yc=7~|L&@)x6}~`;`4zZ)X?WN z)7Xi%n5k(&0J4b|(sH*=JrY4{yqoFO;ilRN_- zvE#jL-KROWqZVTJV#P<5n@0@BZ>XPlO!be??YZX>{}}>;lzvjK6#<*K^yck?lW=M> z`>g7qci2_bOz-<-r~BvXsMRew-b<$2ZP1`UM@R3M^@e~$oU5dJwYNFHM5ig!6U^Ih z8UN;<5@nvd=|7I7X@s+KsME57t1H9-eTOlP9|mty0%=mOCh#SCDkQ__=sye71?*Kt z$^j@^M8nPz>AUHiS}9PJk{N*%M)BFh%puh_BzLmskd6ei%^-&1Uzmha}99 zW5+BX_Js1<^K|^fG=y{Z3;Ll3O%tK}yyXhW6B01FsT-o6%iOIvGS?ipLtuUQz-@(; z;LnX^o50NgxU{*lhO*?z0Hrw|Lg}c)b^;U}W&!~)F)1S#+~0vsApw({3TB#{XaUnG zZ%)+3JaTpOjKnI0e>Y%_2=Oifd=EVrc55vF7kA~agFfn_0*eVhvLnUFl56*t4cQMHiRoPjt9w9Ih#Yk6WNfWC>?Aq z4-iAn#7a6rJODDA2S8@yT8O@Namdc2pXL(aw95dtaUf-;h6Q5l`t!@hl8>%BpqRby z&wT>V=%3DpCey~9uTLI>FN?L#sXy1yc>;j(n>RRmu2ozOWhvm7aO+ala}dOjpN8ynAFysj=~`t>6(OW zRllEd50U7r)kI_XOM2kSHfU#ea}AUo>^0eF7O_m6We+bwA1`Yv zJG{!e)>XIpnHJ}0WSBhxu$h-D(8sj5rkH!qb$;x4J-3zkSyj2y#(AaPdPV2RSSRGs zhdL%lk^rwoHM1|jK(->+T_(W@H^f=qDO6wrG1-?4mCe+!Lu}e0Zx>Oah!Yc07-^$G z8xx{<%i=YB_~tY~L7obgba?=vf@R_0)f0ZeaV(Daf6s4bMl*!Uftj`Bj;3G{`|3*ADQv9>0VhqAxD)Te$ zR(0l$hRIP=P0jBg)mZu$FbiL659s;M&D%IL8}Olj<_jZE>KXJi1-TcF^=Rl);6F5D z*Ky9@#djQrAdmYh#SQpbqpwudH~%|d#_}opHQ2)_&6>>|8Ocb^?d-QLrPrD|0`w^I zZ_!9{K!z4gN_iqpJGJS2G?i>nuPIdR`Y(#hD7MNP&0yIL%9GHHz{DiDraUb#md2SQ zTsFiJm&Rx!TmdVBOn`#>=fDW(qv6pcrSeYtydV6PE@Q<{L~Tvo7iz%HCGMQTFcSQX zp0lnPak}o7f9uD7)gK-)BildD9VfcuRBvns<%?2+r3MbwoPuH*Z=&?R>1a>O!Lvls^5XIK?YqLuVSh06NLsa9rFhiqj4AE1%nthN4uzzA!|II{Z_SYR>HA2y z5w|I&pe`$2w_*&rzN--nB9v&Sl>TN<57oZ%OpTj6k^-+wCobnmy;ZrOKmo52KSfPH zh>nL@?$K6>?$bp}HAxh!y8DKGamxCVCp0khFID+HvPGO8Vn&0&Xb|PQ2~nB{KwU1U zHhup`U0!(pqb`+Nf9Jm@KS9e?6wwx2lF?S)fj*_~`^ru_yyX?i@IU&0%y=kEZj7Vo z3-L&icq2TJe9T4cyGn(=AiLmU*HFJpvr!W`1M;$WOF|cY_yW!P_X=m0=%&v|Qm3TK zkN3Uh$ASoVdxf`xkHOo#es59805R@sCIIz*vkL|(5@wKjGwA=d;Wz+wD}ei)oRUOG zZd^7Nr9;Bitd#A;{Kft&s=~bn{I(F0MSX_RR5-pVNZu6gb9FhAoIl9Fpj$HtObJ+s1 zeySpqq{6a5HE0YMjaV;?pMyVCyS3Af{HJ?b!D^AcjVP8Y_@@*ACj72o)=3)MZdZ)z zO~iybm;=p{c1HEC#Fp`{=f@!&`f3v-*YkP0Z?Q^Uv)ZV9Sz2cg5V6%*{>_g9{S&U1 zi+Ny{_JJmeX_q|3^aJ3gld7zlRc~evC%(10LlZ;69sCb zxjmB(ls>Z{b#Gx96DwGVG!KOuk0E?uT>Bar$e7rj0&hNLLdr6DZgluUX`TUaLUr@M z^k0ls$nFFAe`BgEg{Mq@cQI)H3a;xa8h+&K2lf~nR^1JeUurYfTUu>919Fqxw`8;L z1pt~AN~r#u{+sj1oQBC>dnL5OBMIIYK~m<86x4FgDVE8Q60Ap z!wH&p^rjKasiDv|w}U*b0g?q0Xfi0^@_-9uephUsV?E8KnVxV%6Ra75(YS{6`v^xx zf7Oyp$wPcNowI zkr{P?_+M;K!;YLJ5eGa&*zyW?OrW+Y{3X+tFY~$*-PW)Rve=%WoU=oeUXkYqzoSI+ z$`qv1m}S|%zFm*_-9BO6Q@PeD`__PTl zU3;-B37+fq9%P<-&)8WVGDXTTx6mm2Q^1f zP==}NA8sBRKh83J(F$sdSQZ}I0Urg+&-yf})m zKBf0i#^uxPHWe5kf-9gzRdV3KvB0six%$Ad-67e!{=*zW!+oSlW2#3OE32Z^&>IPu zAhzk4+vv8?1z%P~jUTL4YyoQiDX%C%1|Gb1CsvT*;Nd23yhyM}(oSP&;U+?ktIXC~ z&_o!2C)wTQ$Lb4K%PKo-`P>!i!1;@&srr~T(115tFyqLnk_H+OBcgxm*(1mS$N`HF z!6^7>@i&tW+Jgpm+;x259kd9L9W-8W|9R)W@{>3Zpba+9{Z4HBPlqW&6J}5@K8&oE z)niax*a<0)w5*JhmRj(T3^fUtRnuLDs4kh&%s3#c8`5D7cv6^tq5SGQevvYV?yAfH~zLdGxn3dT6)UItlE;#Mz8tDw%f^(>KX2~ zn=S3Kg&MHgc%{D>Zn*CNX~5h-u+v?n66pQR#l5}UmYQZ_Up+r*t?%_;{L_Xxm%@za?V1_o{>wSBi*Om zrwsU85K!8p`VLv3C7?*Z;p5NaCx2V@Pc7vy0XAFj75Alx5LCJW8wgzj6UPkVfZIDa z{K2AL51_$b(}w`fPJB8lTt+yFP!Z7li{7)RWKbx0H5kW493EW~3bF;9lLIU^O1&_< z`I}#X>3PDLa$#zPXzK9Osi?)KcO1Tm(7m!PNXve{MJeCU1RcJZ0bT$%dX_3P-ceH@ zNd-+u=<&zMD|tDBtiz%u82@vVeS&H)T9xXpOEkO*eaL^Egy)ZzQ!~!?L~R|1#^jM( z6x-C2m2<<(o7!PbU$U|>_X`z>Ul(q7MUiM}h;_;=G=emR4^yws0MIWPOpco&WSiaR zyYC5lD42@>n1UA*%fh}3Yo=`Gt9v8*I z7}j9&v5cHm;g>g-OgYrn_Eh6AL>nD$f;#=Fgw>uQ%xSX1!rbUYFda@W2SJTSeb$tw zSv0{fR7!yRKUKImpyxp~=Ltfneee%Z#rrRy>fM-!C`~(&aBievd8m98%v&xUi+H~> z?@`qt4>N)y>}MI6ma=FUd367!;t7}1weYk)3F-1Y`~!K0OnOKR!oio)voaUXEUt0W z&zEeab{M&XnUsaKdzjbM|K90fNf7(1xdjC9CnI|}U)BDlx!v5tq+qE3%$(E%dLbTh zN&=n^S|P8%cdbMf_l(tCiSw%lTtyRzsI2WM!C@kDzKGP6IM{%*VtZ~UOl0d252jButy;F~6cFki}b#hkK z;nbp1sU^Bu#aKiI-EG4R(rE_OZ9R5tM5V|jL#3&3vQvjI8;!%hn$vblhYdS<1Cm{a zjPI|LUUL-E04y!N(eHctvbu$TaU}PgKSr+U&C`6lr&%rENPECm+DujCaAx;t2u z=h7>^4iZ`p2%zZRH)X#nv^Pf3xJA>ysGo*0Vv;cL- zh2&KvDb+fmFFQnxw+)Y3FUqJK;V?Kr<6`E!V8_Y;`gh=d4(+*Z1J>2|u$BCJ*N{sO z#}<_L&Er*-?KrgUSg0;ym=Eel@>K%1><>J&(U`4oq4c0Q(rg0M_k8VRcrH=ZwnuWW zI2J%f>A6b~5~96};AF*52*GS#z{KqFahCEFtC@Vv)DKwd9{0BOnnn4G;7upk^yIt* ztp)15@HRGWPks(jzKk?>K>iv~KnAR6MnL{LG(dpI*tRWO=j0Ok-)sM@K@Q+P+wxs@ z_8S4-7E5?uPw*F>J|AYt%y0UN2Efeip_|*+hi~JklNBkK7`$Zr}`4KM_zjC2UqY_ zrU6j^tak-b;1}{R1Ret&qZQ?ZwFf>lQvy!fc1ZHGM{;P@&puRDfTR*|10E9qIn0cS z2k&s$@uDLVvGs7hlodP>p;Zex8c~y4TAr!2JifFr$;N zER3P8r~fQ25vcN4Ly8K2#G)Z+YJK41ZoYT1=C{(r%I2Ii1k*^0W&9O(m@@<$-@^d% zq8xItrGY^5B0=ZI3s3{-bV+bJVgqREmSFQjM!iL*;JzOkOu+|a2JnJU=Dy6<6^_~~ z8G{|JhP;kJ(_MB+1ztF+qE!chzMYA0HouzqXY2s4(kI5l`j1bw>(k1@9U9j#aB#Oj zZVL8<`8!Ma%dEAD(m{fD`K!$e%iy?fRrc~_P!)FUjar*LW8=S3X?L1c!xHX(;%=2B znR{@qY!#BBMy4wutD^c($OTT+TrAC(U2kZFuPPglLRCRK+%g73E*Lpk)*^?myEpyC z0v7!NN2$J9tY8kGW%rG@18&#|@WBn`nBHG1(o0QK6;hb+o)ga$)hh|99lODW<_%LE&rJzNv5)l6op!m}Az&`5$)D_(s>ueR4tlH4$ z(2lW;EnClx^}&>nLb6b8T{};25&OcQj+5+U98tk6EJ$Y~b{g|vQ7n?E=LFAdn}x2e zpJ&E1e7t1~3rD%-iw9?UycIKI)Qwp)6n13wRuuJ3^tjvPZ#uK@e*pvIU@2`rdP&;l zBWZ27lkLwV-L5~@WRa(4g%VLU^Aqd(W@8tC{iE;ay}ch*7UBKmkA6o}rP`*+%x!vJ zDDHIYJ~u{h9wDEy+Zu=0hY@7i91IixF!s0OFyVlwsw}oo%Y&<^eQc01MJDS9c`R24 zdALjigjS|vTG3yjwdw@j2(n0L1Naw)(?dox{HTfy)KXn${cdYz6(}nb(6})m& zzAs5%^hryC`)7CJ_s4d2CqHqV*;O+SCjY0VdiI*$iTq!xycs0W+(t3tX}d9iihf8~ zJAPBgrERa%D~-7W%Cx)CxZ{8z(pJwWMfaOMo9RP5vIcI*9>xk z$P7d=5pCS15y>>sPhZNoYygVAr=DF-*m`kG4`DG;g=9Porq16%;@Ml&mR6=l!&zt` zMOIt>{~o`7#=VdpIoW#D;Ih!z@}Tau(OU(!LvaV9&N(ofWFHJ~xHT6|HvjwNwIdcX z`#653ovnz1DNIhU5X|jAdc9xBdU5{-=P@k+;5<&X;{O?(@A-d&^NrSE9;s0OI&MA9 z&a1rIA~$)0=6+lWj}b8NnB(TT{9z4E`9NQj8lnb*29PE^Tv_ELP@jZQrkDs*4R zaVNYBNN&5C;F(*p65II)yCh$}35fufT3@@TgRERVn;$|$1`MdPUU#hZO0j=_7ELwg zqE?w<#37=;pO%s+D_dQ#L?4k?Zx1s_GK(^3#?rWtl1Y1?rR$X2@g-Ir7)=*R`&=sj zX36!U&^)6bC8K@WVO>Sh_x3!^sM+EaAWeBYacQo?VmxBZ_OR*CB-|9_67)m5I$e`N zANixwHqkFYt65B_X8&T=Kr`|cBvrXVn2TvbKDB_d>?2nb2rH1t;B;7;+EY7Tq@?bQ z*^JbKGje54As=`9%Q|s;1^v>K!{c)`uSJ9(_nj&|Q{Rsxhw|(F?>$%U4NalmVqJT; z>0n(jt4t7wm%b}nKna$W5b}CaVUpyb>p4pnr!GBZKbzx@9Q~nHUY?NNTxU)2ADZ7iLAl5YHX>TssQNWeP#^NiQ;bWHs^P`(z%NcAy%{UYA6 zcDKqMozRU!cW9Xpo#EcYEWxDb`e82V+gdtEHC0wpxn8lzo1)I^IH+4Q5SJE`2NGT~ zWCQRW&_5%SI3~WW7m8_o;`KChm)4hr%r6ridm2v}Kt?>iPu8YPGA+Fzq^X6HO@hw? z7rNrW3oG6D!vY6LN*1*ELgig~+NIpSFap@$LJ`Mb(gm0)83vRoSqhX%RRRZ?iMZ&S z3L7er0SI8E7=TLX$}9Q~6jDJLfEi>(o!TC{t?_`Qfuuz-`{sVK^(nP;_04&!0i`UE zAO;rm_bCOC^`Z1BU4dwfC5%BXh^9G_AdisOjM#+{hQA-dD2ubiYyiEHL2ZiLD<#y( zz$jS2Dx3yYDTEJz%F%TBCz=)oB#sRQBpx+_WEEj}AW@zsDesU0rsx1fZY-e!KSUka z#XoH>%r!QR2oG@-8ZhMt@v^iEM5WmjltZ_W=|FL)fKhe?{$?V%2sZ+13u2proP9_U zJ`QRL0+>1e1`F^GS4*w7N^ajk)Ler}X4c#5ZRi0baleQi`K{(3gahfZeDV;_1FU&- z{a@OFfVK~P!rS++xP-*Q)!XKeq#mtK#3uy9=YEfVai9tYNE9yEm=6)4tW3nLjxq3^ z4f7p3ZYI>jh{hsnYcP8$-ia269MS1S>R>HjE;vwLibidy9I$+z1C2Nmr0zCR#)buT z_$0&~kwe98Kzn%lj_#{iz}cRm{+hb8Dt~UU^u%Sc^rUzh<>nzkcOROA>SxAcjF9E* ztWP@8P5BuJKRr4GKYcO;zb8=O>^V(A&cAZJwQ-Z`aG`u$h>L!uh5FHK3XOTw?hV zyvAWjo--tVF0Wbd{cs_rZ!D^;G}ljK$)Ls^m3(p}vHhd*Aw`MxZ<`=jKvT5P<;P9U ziCj$4{;$R@?ljdCj7E7=8O#4F7GR?g+|e#6CXG((5IoFXtz@f*z1)*$bU$2vZ>;*Jd+c4Sr?r-_KA&&U{qdWXFW01C9~;eFov+PB48w59GHf*! zj}KGI7w9ct(4^5Ko~x9)m*OFU-Gm*eJP;PMGl9BO;d|02=ym3W+f*a%LEe1okQ1GJ z)crVfcQ#xLy7Jec=npF_{Pjnub(wOLv~v4bn3E5u*J8=TUh7O$GUK?X13InA(*nlR zo>Zu_Rxc|5O_3W9BLC=^XwEL&zS_obFU!CzXE51;YvL3De&%7;drG z{yIn<;WcTE0L{)HM~l3cNPR8w&^ToH(5AF$Sg@++BU482N7U=NG&$24bl#MRl0}*gK z3yUsqFZ>xx+)aT^=qiq)d@i&r4<;zuDqqPPw1C9~hgr0+i+JizmWc93ueDi@vM-df7q${0r78@h%7I zf~PqH8|uLuWx5s$ez;50v1Y7GQos9P{f94I?1YAO{y#Kn(QeUkOc82aAERACs=pvg^-MhL-isL+|T;TnddiOMjmINF0!vA@h0m?rlJZb2uasx)FxK zXV+v)qoqzvMK(pN<_OCfWo}L-H9|)jp_tui?5niHTi{sF(luO-hDH{8L_aE_ROCdM zA<2%|%n$bJSOJ{wQVOhWtx9B0FHm)ml!5GD=Ui~f$?O4+fL+ja)(U6oiA6j98sRaK zZ+7>%mDcLFAHqeYP+HtZO+p2~rh>7%!OD*dnGrMzmGWE}9i)s*`FOzr4`P|9Tm@AJ zQ3j4l)l7B6LW;WTp_PY#=n2@Tm5v8i)*&pq1gii?RKO|@c$vVFk44v(C;}>ElSmdN z@yg5En2|j&>3I=$A4}MJkUklwHG=wnAVKvNF_O(<8Ia8?S&(Uv&A!GYo1KgJyVeU7b}c$oc4T&58YuQgf>eH} zREB7nRM^xZ9lMi>VK?lF^KxKcu9|732dxj ziC{@RatMbEQi#)Ua`ZHBX$4Y$eJ(8oX|DQ7w@}G35gQ&zp zGO<#G22c#eR=%v?JJe&`+W68?7~T-Ub)F@s!&Dq)Q{ssc#arcwZK};lVsF+I#31t} zmNH(m47nOu$p?37ZesGQWH^q+thK+wK!W~2VkX3I^Fz*SeD_q~4c|MBTLeS*Y}d-dM52){x*DN34ZnXU1^ zR6`RQ2j~$;9F*B;F6!c4MgF?~-8I^VDe#;)75a|up;sjjvr9GT-vEDj#d4&JrHVSB zRy#^@)xN(wT@;o|$ZYTwfo-9}p1J;nxz=B`cJa`KQ4f|OgR@B0bk=g&a9XkHAEYW? z&c?;;e@smz?z21o3%LJ&_z3R5hD?S;WYweG=Vk^yU_J2tZ%O=~!@zlVJpWQCsDR`C z%leu*nV6>7v^jsA71xScKOBimC!F)cUeAL9p3ja+LFMj$Lv>&wu zpgj-sKQ!^#79fD8{=GTU-FDtOCFlh&6W+!Hk2(6B|CAs@`WAIz4W|Jhb-Qf8-@qQO zWZBSp;p+1}*ef;1<-f7-!R>t{sqS!cBa4geGEkP-$mf@iIhOD+4py;;uFsnp<;190 z9Qr#E@bzFz%b}o~C7EAzUj)usM+x`Dq`q7HPo67a+fHl)|h zWYhZ|ZT$9s$560x~P0}Kv5jw0b z;r6D)P)7^e%vL;Wg@%&j#+SNpcYQ}h14+a_H6Tj6Etj>q>y-BAm3#9$+#7e|i|@qj z2(nbR1>1y!G<0XBalb1Gl{hA@WG=`^|XphQkR@yaZNlFDSvEL(t`NT8}&ok+NDhSYDBGZ-rB&jAX8hxGE?<4-2hR{0k{3zLhS8w`or-MT!8WE($cP6& zf8uV_VUmx!)9uEL$~DcdZHg}dHDCvzPOTvFa0|t+-pGtU61haiY$A3tToUGQ8}MiU<6e09KTJtL9DT9mp1fFG?OT6mz{k# z7Vzn!@}qQkf}9DJCC?bwJbiPna@1S;z3y!uWy71~HmjLWOzS#n%RF_z%6^lqLOqGCHa|1 zvj?xv*6{qgz{io9n=*SnY^iNw*1pB;;U4LHYJ%^9$E@h#`%XT)0tM=LG*`Yo!8k4I zjsNlNpU5|rf4Y1Mm#cVO;E)L3>k%JD{}UgQ7;goW$>D!`ArD`C(mP(VnvRZC99y-} zu#7Y&PqJJ4tHUsJFG4!6+e!I;F4#Z+bvZ(6redFKtwr{5HkU;3M=rXQO#K62xB|Bw zMbxjcittd&J}CUYE>tJ!M!2G-&C*)KJ0;2(?Hek10ewkGBFUbG>;Zk{RI)ARsu1Rz zt)RZ7qs$K_m=Nxpp~$#kVr5)d19+U~JI2F?3cgx`gUrgK2G0@NZyme^^ge{T%9ZF$ z*6CTUrpPYiz2D?Q3014UO+Xgkku-QnV_Ok&Drnqy&x1*@FV-5?$&t0NE3F9McX-pK zS{b2qDXm&$>0qOD@mMfFdsF{~`^|xWsd~Dkh)tJC-kO>|9b@!@=Q|eb!b(~Mt)gc# z9f`oP(4fuOUB}fnVx7hc3M(wax?*WrRrv)SeWL^=;5B4HT~IeE<%d&kvFdcm8E##o zYf$@fMKq(EE9xoX{ua7cO=Cb7nztk#0QFJ6#Hx z{73rXvtu?#oNnQYHT>o#VZ$ZHOpTM@SV{Q4=?DdWCd-Z;H>04_F1rYzlZYxilST`R zC^%aoxK&u+8RgLJn?ZXuaKm7&q)CsO7SCyZ=w_58-7)8o&R)W=H$CStldsGMvDuwF z_mv}4T+5nv)>)j_Pv9w03Rc>!DZi;@fDMU{T<%(I5eJh-GICi-^V{kXbyXoTT@wqkzi?Hht6T= zcKhykof~u_k;QbifC542ye2FIWHb*A}YMMtoaB= z9=gr;Uh5bbtl8c!GGDLybuU`KN1V_cV;q2z8hV>wz?z-y0F*pBHbAL-gp$muq-&fS z?z%`NsD3p7l$?SCpyb>mlq3Y8q|GCgtbBr!xH$v9+ITq$kWGQK<^>5Ym#+)?rvqNn zslv^Z0*(8$Ul{SbRdi5YlUmCk?FJifkMEn0XU~p(j*nlxRAEgyHiGw3i7?G?`}X5w zQK{b?CBOx0xl9AU15C+`_O!lhejNy6!4WKyBOt>ebCQE0bK;0DTAT&}I~+2O7LZa^ zPAYCUY|j`sYwKj0-A3}e{m4pI#2V0DwDf+_hqZ!zhhWnLY5D`|0E^y)k zIB|jWw15*A4V>{9XU?8S+O_`Iy+RMs{u$v`*mUGi4#*O>flgHpqg3_5w9-8c3rI0%8@ z*HKlO84O?icj333oW7#mO^yY)F0#9jfbA4E9Y7p3XkoYH?aM0YvszR6f3QJc+#5lE9R@sxSD6Fclq5o`5TxK zr3$2?VcWRNvhNRu$*(2iVf=C!G_u%Tw#;lNg-#5I{>Z2_<4Gwg6U@Wh ziZ;mMWrd!eCEg28D)RF2@{M~vJ$b2`fmab3XBN{LYE0i5BB`AEn3*im_bVE#^7qOL zJpeHdX)y|KcgoprMg8?;VE9=+4Qg@stqY!m$K5l#JBsDYu_qSZ z;nn8%Jc}O>^M@JE@yUcR3zb@w5PlXnKHg|kGwc)c$D^$<$h?HTJjHP;$fPuvnByb2{GNsH#k*uzlcXsf zh5Fa1n3?Q|ragP}2~U0xfvL6mCMz zN9$(}U`#xQfscarX#Fgp54fvQ)u-+tXAM%zW_m9a!JxMZGPd_kyeS>YDZ#D9m@HN? zgFLCZb8Id@;wBfZgIwEP{sPBSq+9)nn_qMi|axw#&S!H(;_dd(`ssCcPm207H76|u`;7rTwym;V|r*bn25E% zn+C~8$jA}H&n}@BR|5dy7r%>i(;@2_QCPn}{zcL;U4@0%D?!boL5qF>ACx2UzumSB z2;U-WHR|tY+K7sVncGOz5W`5)!A(jcW9(0Q*#+x`3iVF1g$BxDl+RZR!|(2#rEBZ+ zMDEva^WG~_W5zTZ)~N5@o$XMs!h<~JJ2!8)LI>0D^_QltR;xEUaWTQa^ zjjOq1bf~Zf+N6E7r~DCg)6(OqR=E!G13M4U@rNwZ%?h=u-RXUyIcd56=rHIPGGBb+ z4p%OX*jA;j(puFN|D10?rm(HblOkhNtQg8Qk!!lDiTxM;(JE8cg7@@?5N}=T1*+*Y z;*Z|Wq5G%vs}VirFA341Uj(VuX3>4)7uJx`YrZxYeD0{2ejoI$oGPwM_kQOj@3FFv zYnRP1pN?h}72`r^l>Rv_S^ztvB7r*dbF{)r_Ym4sg=@>^`#;hgbQHXbo7F3jva*Wj6xc25Xq@so^`*)Z8W@`IZIvE<;gd9Q{c`)P&Jky~f#Y z_{NomU6Rp#rY$mWFJtsl!tT(z{JD6u-?n3LB!j5E;A7`X-l9)Py=Uw3Xf@GDPwzE` z{%FD!H*2j_QNWGvN?%-+h{8#@!9vpd?dNY7zd5m5px6t+0wD!Wuy$DJtMV&d9=4tYxlo? z*KmIqwZ`dP5pm;m6bSJBO{fe+At`?-g3VIHP6xg#VobYy&9rXHNk$EZ6E5_eIEz6x zm=gVje5UacAi{GyRtps<)oxi#TIalPOIE07eO3^GG?rY3CvKr$zj}jtY?0{ecNlgm zA$eWO=d_t2(-{yT7W`o}gJF&iXCK->j^(Cg7RvOM(~*B70#1hp^P?>It*IniNKJAU z7T1K4f5S^CrIwd7?u79ga^`WzpJGARbSPVoDuAIJ*sb&xmJ8ny7o6Q#nYKkyN+c-yAG^tQM$`C{;? z@R`C3$oz(uGp1mF&wVxNFH`T@7p4LT$Di$l@PqoVQ z%fD(BlmDnyJlDh7Hph(|PK%N8H|6EGUa~BGZ%m$_$yZn>oz*3A8VTI~^@VIFY2*5p z`(>3Gw&Qhom4DL@X5p0H-klWcZy8Ys#iNsx8V`HdL{Z|ypIsV3sX)a-`oAldAYq_l zso4c87Og)kmh3+(79*fyF@LI9`nCU`RxIyioTz6S1g^jNYmTd*@<;RoA|I^3`ok2q+EIAITa4|Ob5o2ZQ%!u{v~XYJ4uXMcb_b;HGeXn^-=nVB2eZ%S zu>qdNJDj-l;JhRNlq^3cCoF7ZHLS3M%83k__~ivoS;tA1X#&P~!Iu_eOCYa3676@U z=p%tW;*NI&xA2UZ+M#Pta&TFqdWbB%wp}Tx#$~;Y?Dsg?r=9@OJeymr(p{0OCZHR)QVb^Illal$(5<)cDCY+${H+J(TECj!L}l{rWrX z+ZLiZ$4y#-0b`<3$2nYAZ>}CIuV!(fX|XWH&C;+J2rKrK)DgA zrSmc0{fRe686Pd^Sd1Og{u6H?0R1hQrf9fjklty-?n#!k&&`+VH*X3z)YB1M6QH*x zABI(fKE4-7IZ(?TJ~hFK%B-g>)I7uK?tK08OuXyeS;x(}5q2J>-qE%=Y*HuRb>(D9 zC?07<{wyhJ1O?DSxEQ=T$elM_x*N{*%&T1O`5lPw=Fb?{_p6CYt)EX_X7gr~B8;ST z3+qUlp3UpBLaF!Cbi3t8Rs-)lou51##Hl-b$Q;^OPM>e120o-6$7eGyAiU-_k_ zX)+J@Oxq_ZbZ^NVMNRndia@jJ=~tpI%S-)E+c`J>(VH#ShdsKMb=ar*BM z^CDa-V#mxTpl`+Pk6T+}YFglK#eZ}9AA&X$Xxlm!rBSIPBa*qRe~}yz4b?crr@W5j zGTs6W*920p>{&58=CIrStjUVm()QBXwB|0Z$)8E2eIX`llaK+S&% zANrDV*(tPQ@1)f^6lI~Pz#RR(N`My5EBFKf%1^SJj8`L>W5f*&S+mnjWpry8GX@fj zrrO1H8f$SpwH#2zjB0c9^TfXRiLVZSHb-gY*FqGLU)c<8#$3(salN=BJwkky6XelO zupzsw-eY@`Gp*=Pb1%-fd+a7P;|Xh*wM<9zYs?tzg$i~ZwXMbD&p}qFUP!ttPx)04 z(nZ4X+9D$EhnM_wWCwM1vJUIFGBabj=UgP;^Q`$$LZ0g`euSS(rpxQfWF(2JFWx7| z49ffAyhS*Krh+Bs&V9vBvAd&dmb6$^9|TjiU&T!05-Ad?0ZX17p|Tk>)UDLVG1?Ef zDG+lcN02UBYiI4XeOS;QuuoZ4H!FqiICUnBB){)xCC|}&nHO~NDz#GB!9i>zUS(li zGEOI|+wwhJ;vWSOR-)1we@rqQwZUvbr(k>&P?s9RoqgTWt*3n*{V^AK0dn$u3)ML* z#{@Z_ZhhX{o#l}`1_MF!al8E%yNnX@gE8y}`Ve+{1U+Zyh_=3!u%Puvpmeg<^_`*B zQzhfHwf%~&^iH;gM(LbFGUCi6nhD()_H2{9H%V;)VPimxUMqpgc3arknbuyW3VXAZ z*%gZ0aNc3FR3~DGT{QiZtAjS;U9AM-iE3U{;uMp9^r8I6tGe4yIOg;?(|#>;`g@H( zD=E-byCFNpc(kT%ffCUn1Vi=`xfD62D`-F=nXpL-|9fP*?>c)-qfhlj!p`4IKT5(h zN;(({X+Jkp^;cT?tf{v$T&f!3RYIuu~(?Z^jOa@_GD>@$i~! z_xE(+S1;y?<vDUplEh0xR{3d3mh(OOHwyN~E1Z@06 zoQB%Ny(72m_8A@_lYv%k{oUm49*QbaD#E`MX4 z8T^W6Cnksyv``0Xg@rU~PdQm4Bj8~iWq)3R>Q%u8K5;Ad zdRWQuF_$WP@r6uoYQBm?bOWrB@Mf$+CJP;cVS~c+T+r;vUC1H(ukZT)hIg1)-h|B^ z+ke!wma{9y&uoG|s`$3`C3{Y3d&e-0)}w2_P)0Fpb2RF?;YcALBAYV&D7~N%g}O(; z`&iRD{Z-Rqx#|YCJ*qHrQsNQg!t|$ld@H|qxKgk+4u@C9xCF!|;ekJ^oS0UcF%&VK zsIzLFlvjTbl+Cd0(ComNq_gFT`RqD~6w(f93Tw>NWe{q;_~`ZyDsdLfNp9Hx>T_N_ z?`Oda!HdMA!;d>Rx-l^ur-5bH88wCM=&Bf9Q;y-{sVO(>F?or*E?V=33y3&4t@u@Owlcu2C~#OrN}6VA znXo#v^YXLvp_|G1{F=H_63Y47)mM_@M(3iV)P~0dwhC#t=Vtx+JzHyPc&z=OGx+A1 z9}8XR`Il!85<%sP@H(z#q)2|=QjGTz8Ogbr1W z|K2^lLBvnj`5AexB482(nW+=tuWPg-Z?|So7x1k_4Ky-+i(p$%lHCp@>+yz41^&+p zcmIq36o62P(dQrgaz!r5c@`O$w`YJlcKhKl{h~3yN4~+U$}Ba1QFq$Y@KP>H{znGc zISbsQ>7x7~{CBIj=`fam5J%yuS^G30QKRd zOCMW^UdoYB&}=EPyZT~vkXh>Klj*hQk&G&1s3R* z@<1CqMjQm5`Y}GrcYC;WL_Wf?f5<7cvaMYdMXR9g4F zYEkOFEQc99j^JUvw}cGXl<()L}+nPXu&{dF1RC#-n|nba#f)wu+x|dg!rd$Wo-s` zFt-}9KDo(Bk+2~MyF51tY}o4A*<5}RMQn;5dZSEd8laccHG=_giLf+#Is}|Dw(JF8|+cJ~QWkw)x&tQAjA?09`&lIJUGBaz{%4mDrSbotE?=PHJBN!~hF6=aYSqM9kF58~ndrb)@N(6|E%sJvira6o zAIcBYJNXl#6i%zr=w<>$Z0Kl@vwo%wv`3bEYOEGf8<(0)7-K% z=g<=wTy03|iuK%|bpHKqg;ebok_s&{Ok#dA4qkOaU6aZ#J`Ke#hQ4wouiAyR$JZ$x z)5~yP)A01N9FdIVTFPR8-UB{iKe+(mCxmyTty?Ip6q{Y56`&~KqbuMi46e`DqwtJD z!4shp@%M}-luUm`IKrw@(}oc;fV3x1_B|7)y5;ZWzJGNAvy}9lCQ<{#-UCN>7{xv} z00T3Z4g*s~8U<4^cLD>mCMKjHO9lKQE0qvaB{gY7T?9m~I8TfP>n4>5R8*8juid0f z5f&c>BUH5iDwgL!_vTX@YD@wIqtJV6ETIpeYcxcut^P86}D1Q^%Z6en0J=wwaxWKAgkS73iUh4*jZf~zS90vZF_$Qh(sVzzRq3PV0s ze)J%C_)25%g*qsUMNuq)izg|kB;7)THQu^GNtp0Fgk(DUICN0Z8|$f2s1zR$Y$w>6 z0mlPXf?lPkTcI_i9m@mgsiJdXD&sfifUn*rsQ{17P@P!Lzb*epj3hlDctIHoS_t0t zEp>@2t>qIzq&-H>qXs*H_g<7$iOfnt3VjRLdEQDXKv}JHv&KOxK_-~fz8jP^>*-`~ zq{uloXe<;Qm5uz}$athBP)8NhK1TXIqauL)mOZN25FPJ`jo18be{TuSUKv9I)?Qi4 zm%FHhDkNK}#m4!KX36FV6F}<57Gh$lGD?AUiFk3wZ!co4uP`a|aJu09uFnk*3=HHk zh%wUPB-HrxcJBOOg_dY_9IY?ldQ9msJ^}Y*exeRiw-K}(um9p zB`jEIheRn7_VuUw9M%`_`MmizSTaMs6xSQ!WxNC)s#aou9p`r#xX=8auZlX*+F+^P z_*``MR;So%&j-ot-NU=l*G^lh4bv@!TKL%oo0c(|DEe0V`&~Tq#M$an8n-NVa4m2x z8I!X|`VE$Q1kVYddldd~hM$;JnsK(?h4~HlJ7ZEq24yDb85c7*^R-fXc-yPlt1I4K z7AKUu*NI>68x~Qsh{@;d=l#yf<`jWvJTi*pFu4Q;W2fMK&KKXvT$hT^mI!3t_KoX! ztBjW>?K&Uz7A_lSR$*MRTZxZ!mvxeLY1W+b$#}F|m&iu$$Ab5#!5^SE;CgiwKp*f% zBzwK!q8lMtWL$zr+Th-F4%nkYNIlr09M)mFKLI+kvCak5P&Ea1gx-N0LCy4tff2mQ z6TET&Edu3y1K4pJ3360Yh~l^|Z^XR~H&|*5$L!)Xc)v)~ewv&aru@ltg?9~@F7Wq$ z$O035rh#EEql0wIgn%QGl%NUV*;@pm%sm;*?}$cR!Bm;{g6s8A=6qH~SOmcoc93;Y z&osEl0Y4EOGmH)OLJdc7gQ^qK3)I;$&@c4Jz@jaZkWYT<%w;aEd>x^i3%y8e;s_lg6j!#JRIjdynC+>gIy8ZQpK zU>P-xU>O~#7kDok=n(9Bn0Pwz(0-z!kg)qhg+i79X z0Um&L{^$cN;j{H9z$J5sSl|zhx6%L{O}06katRWOTsNf>NL&$n7YiT)PziV0;mSS| z0pjq-Pz)LJ3OZ4L&SaJuP;aLB>C_6PYzA=N{CLU2qipa*1hAksX@{9EiGnuq2|g9y zV(!rRqal7bOW?*fTZKD`=SrW#aIH4CEKDt5V^C@kVwu2|-Yd^%3M*XY6*=H%P)hG*3~mQ4TB9N&9V?aIn$B2`^$G=p=SIyq((1 zQfFYiJ1{72ci>0KgsSSgXkb5}_Wr+T{3h?Y-23x&JaqN$zi}r{P<1qc-jww0m8BOo z<{bgHI^HF74F7}^c^r>$f~_L=vc<<(m19B(FJnL0FH=vlq$Atxp|L56MR>Q=9ka@*)iu-`71q*5I*h| zx&yDd)BK|M_Aj@QwU^`7V+qveCa>N-cFivzlhnq6BsIXp{qB2nmG?vSL(Wsw^BfTM zOtV$tW_bBu;6%mW;KUT&#oJvJA8c&7fD?bA{EpMN9BWslpa}$-gfT>MbB!(#`4@$^w=!xX&W7P8%UJOy~P@)BG z!?|_nZ`l0s?Z>n*YdA8+KHEvic8aRwREeZ z%+bZR?TGTP*k2ZRF^K-OoW%cwHjd|ULv!i%dSbU1);aff!19*q`Hb!6>rtX-v@H?LE zpeHkAMvnM;XZIY??gfD>_)KZ=q2Psf&?rLmu0)w5{nU~C1SN6ce5VND6&=frl1ig#ip#dB_*jwbSK<4M@vgM19j|I-;qY-j z@=or;eu^G$4o+J5tWS;;7@HS6igG;s=%Es+R%lFBK_X})z^J)4$V#5Im0;<*ngSp$ z3?ESY%cxnM`KYzXi-p2bumMf2j$riC>2j^4q@5m8_%dDuIs-0JWFhY2^Cd^NH($QJ zRc9d+EUrm^z+x4jecpU}u$Oo)Izo43RN~0-YPOJqf7|r1)Hul6P?78MYiZ?oC&TBu z9TVQf9+ORucK50Hq8yB`orsJ*xDsSPDQ;dZyhOz9?RC(mYZe~SYbow5#6bmH6td>O zys8>$rbBs^UX00_Dgut8VpNeu(I_R3Pmsk1@uf3%i>^Zv#9yHk*-yz)}Gd$*r->; z2<@!Xp19@JgT5a?o6+yk5+dJ_XZ?C&Plzi2#hx&=VxS7Rwo>uE-d8dV`OcUdbiE(Z zsfSmJgyFNeaJ@g~nA1Z5h0wZm1hSTtXplwNmHc^e8{huHNscu-(sBIh4{Li@5;Ij} zP#Z{~RV65*{fklYt?l5SASqegmVvq8FhL5nGUmw8ub-aKf?js0UkMRW>NqXBIZFWgk8K2 z2if<^0zX=cR9GQ7TVbA{sZy`3rZPTj9Ag5`M;S2@5mkHmF4!@A_Sdg1tV3Ll?S1cZ zayL9)u%HggHzvMfHTknjqfS<=5 zN6~o}waIS9?-KkPmK5@o6fiQ$oGCS4er5go0sAbWU9&dEF*lP$kYBKSEcJ9My1F`= zAU2VcmZ!0ztrH`?G&^YL;H{XM$dXb7)cojh^_ayqPY&LIimZC(JZ!Mes05Y(gH>A?Q-P<(4o1~^O_TV z?v@=jEs|*Gf0-RfC_9CHo0e>rv%8Y}a*^{V7uuz`pJM$e$(ti-o&h=((%>`!X#hJh zMT7Qqk@p0kCv*f63kVfl%0PQRQlX9&A&a2KY1l?9lOU)Codw?3MU8z(BiIG{2yUTS z5~|MQUES^Ll_MzW)OAGJym%tAMHUKpk7k+ z=vP0w!Ewciz$cRa8J1z|M(zZpFU`LX{n@hBzbH$u{-iABM{MhwBk<`?p@~;(tv&Iy zf2I5_k1JOEk*A$Ir5GlT_S!PDh3s=~=Mzu6@hVB0L%w*6%n2DV;-dN@XrzqM>G*|N z`m_n4E6rP6__V=wT~korak>W&^CyKMB8E*=w)N4@q2Lrl0d%F%XAs2+(FRdKmK&2KE zQRYQ!=-O|d)o-Xu+^rSf;XYFUhm^|LnrSAM{tA=+iQerZ7iy6A5vJh_g}D@4VZ8K~ zZkp%&S)vj_e3^&rNCz_uxN@%w5C5zPFai3;4esL zYphy&Yq^^xO<+FcPJ?*}Rn^fg%FD9P7wc$dC_CHBE8I6QP4}?^f-?yZp63A1f2(2B ziU;OK($GijW^J&eT7f%5{3*Vt79=Q2eQ3zccFzdqQMVSW8^RL#MUIZL|Apo<{y=jm z6V!~raA=wd0_v{#Wk0RL&;Re)Q0e#|v!S17f6j)oF8?_j>MyYQ^zt)FT9}?rFRhRJ zS@NLk!;#^SmKXx9-!Uod3V#iU$Se9IGVVVW0sa3xYt*y34us9n2H(%0Bg$lNn>^&` z<5uEEccmWc=J(@{3MY?O<2)1OQ#hyvR+InD*gjDBCt=%==*8buz-ND{fM19mVT=Oi zUhh^P!?^N+Fs^C#p&Os5q4&cF{JW1~Tp7+l7+2^l@6pu|O|NIbu@4rIiA}TRzg%-| zkNOf*&83CkRqXkyItHPbJE>RP;0f31XKeC2{ShEjVf-;uq5R*O3bkx(#x;CzEc@1D zWi+cuc^D&cZz99+iDLwf4<`F(_F35=FtN30jQs!1RZ!cZ3F3Q?9T|}Ho0ghgkYW#m zJ?r0r*r+Ctf!O@ql5Z$~hje9VW$Xuqf1Ljj!2Nz8RiDu>awWh~TULX{?dypS!|t;Y zAQ1c4$~>CoTO*ZI_7@&BQJ2^Qj08=Bp>MHkn7&4p7l;6QY2GnAM8#X2p`H0t>YU~Y zrM>6Au`Z*Jp$frZ`!|>*g_4gxuD@TzPCaERxMVPlJ{$rgApzU;;==JI%Bm@96usA- zy6zdCYbJSYEqY|KH4<~Jj_wez)F!k4#@Ifrgoii(_J#3&iGvuaV~ zjpzL5VCbOBNaWWTeXYco_1;4^_h0mR_94vw70DfU07x!F3FhBO&hgFP`A?1e`eb+o z0q7a3=1QtzS|NLrMQnoNk9pYT!DoN~_=Dj1WVSg>+^ER7#Va=*b`q)%5+8GA8*c=q zJV}i`U@(*k42JxxCOsehT)Wy;`F&on5`8$6ki1#5f1g3kg_CL&htx=7_zv^*H>(_5 zcQ``VOBK(S-;C#ky+TrB1E-z|nBSnMla~ad*0wdLZSwEkYs)g@)rA+967KSJf z$)aj&fAY?ZyPRa4|GdFMzN2>fHHoxZSzfuxB3=@!rJSXCY`AZOcz&ZxCa!F@I}mrj z!V<${`YBn@%F0eDS4T=ETjO;?dBt~v^0Em*JRUimZ<45MZ(Lf6MUPA(%6+4-%&bbw zYocyyup1SUN{}e_xLG4b`(>(mNL->6YH#lloIZb+C^ous+ueI^bNGtxyg=>ds;hiI zMWVpNTl-g*w62Qg=K=F$*VWfw2Kv<A6(E_8osi54 zR7sfJun`y-6>Ut6XJiF@IAjHWPzXgU9jQ^7SRw2i_Ltdd8z4g$c33u9$o?$v&$l}Uqj*Rbv^qK0xCd-PUCZm9<=b2=u;AP>GWmQ0N zU}|XDJPKIZZ@?XeaiEk#YSujxra&vO~%RG0vysjFr_Q5n< zlI>HLUK3$gE0fN4-V3ScvD;Ov*(!^zElcbvx1O-KbE8uZ#6d;w{*59%2aPK_v5eo^ zb91ih&zps-_Uq2l0oV7Y2quZbk-$B?Dj-(yA#I^cceQ)kLxvrLX?(GJSeom}02lE+`K4oj~CN4-ER|zWo6U{8u^Oy2zB$#jW3)PS~Zt^3tLn^U^+;e;Xc-QovcT4MtQ({Ua@{&LEB&0^}Z0^XB;x z>xZ8Gc80{i8NI1b&Wvwsqh^*z-~|64%HA=!5{28=j@9X?la6hxW81cE+fK)}ZQJhH zw(X9c^tZbAe(%})+;hLW_eZLdT2=Y6P-~7k$9RU4n_)UHA^!Q-Y=$4M{z^a3)vZAWTp`^f+nbM$h>vO>iHL6j zEaR)_-Pcb{J9GzS;)%taIQ{DNAND*K%r=~uoskK!uGVBwz2f;4+pTi^uvwVI^XWK~ zZOj<=?Y(4lDks+wAZ-G?bTGbhKoKC}3A)HBq-J4qIc>!~%xa%7e!|x@k_5QF$r?&5 z2M&q;U<09oxu=FnhTig1(#t}qfGGp%!d2g`Y$ET`U2G(y;sURZUOyiH60kJXh3*>V zGSb7C%ly1~KVanqFwC?-E)v$@_}xQQh=d<-!$J66vEm%{i8l3#emj#26pfO#r%(DB zXfT>)Nu>%$8p>^Za@6|syKej`Nl-IA2cf7DlreNY;x2{G{ zldl!<8c35CMR{-2S`0cO0yW+$B)+<6v8o_c3&3x-1n`?xQRi;n*)9$=0$yJzu0OAD zV3&>#ujsA zfFvmUv*=QsVvlAOSY;+7CpqaeNNs}gdr15SO0#RyBtM-^Bi33|2jks@()kSr3XLD1 z+?;af@$ImoA@}6etb?E-!;tsp(8SR*YayZSYxfbmOEtWNQZnz8Q9`M z4~RpLHXATHcwL;HH-ZBk|7WieJ>?TDv}sRu=xI;-1A*y|&n!Wd(7+SrFgb42^njoH zBFHb(9brh*oH@@2@==G4Xy@LhU87Aq+_qgv;yR33)eXd}6uh*dz%!tE**2y!h+Yuu zY|#DF_GEhc!y~x((EVlB+>|#<+;yB9+`kJ5Ew{WQHecV|3T@wd(|0P<#`c6K4(ujc zJzG^AR&3@qA1o#h2DB#*#PSbs3Jx{3FN;TRlUY!0>+}5)#xu%5^k|9uHLQ*Ucfb^i z(~u-Hbx$>E4vM5RfkCm7d+eacGXS5tL(Lqsu+;i>J2AhBrNb6Q+LHs)zUnC1;mjfq z`iUxeqBrvsy8G_ZLi3s?|e9TihJ-(D~S-!P;IU|m>Mnu9^# zy#-9ro}Xsv=fK;KU=YAU0*#+R-nD8VpVsR|5n$Ou1*88efq|>G28Uk!nli6>3>Ts) zkaj+$E%6m(p9`SaHI#7B-6R?p1$$IuUB3Wf4Su7E39nn}k!j8b-3|tN0=`m^1-VKm zHG{c|H|ZpQsehy6Sk;QeY%2gAOr&|p@{Z+U=MXI@G~{C zn9|YX1%741em!Yw^?gUs<>~Q;5%2K^yj6O=4QyB+T2RA68Uf}K*-b9l&GHC8pu>qT zAmf1VOt-@RHScLi0}NE#7A5)3rJV;}dWye5Si}GjR^!^#FEZ=BsFf6*BW>f~f}7AD z^~YcR*NjF%H<5pL1`=;r0XSIV?*&N!w8b2rJ0G`1ZQXAUma_rXf=yOalw5C0e@>-t zYXx5ANt}K{pYxCSr8x`bFn{bn;UKHs*h3_Ge7%`Lf>n2+_I!OWJpcnMHi<4QO|+H% zkxwEpY=tiVO zS>;iFVkxc+AH(9{>mVUxJ=~Wpt^&(_?A-kWAxK%aNeYa1`APAIBB2cOE7dyjKbA_W zw9~r3EtNYT|7EFc%KWCy8Fsgm;fnk-vix|0-9OfUS|kBBI0PR)HE=U4+mfn*w1>&M zID0bBgYWO;5XXd>H@pBbE%mv!a4llbpX3mf)?bB#QZMsuNnbnuC}!(YMFUoVVvfVq zQh0t+eQ!A{%gQ3lc3y~%mSSpz8OP*0n5*LImU^sY4Nbv&(3g>nUtOqQDLsl z&gL0Pa^tR>`t6}a=uLnxhIDbE7EFmOnj@8ER%JC_47^JE-PYa z3ae+#$trIu%h!^AuKe~+4*a)F^JCPM`@g-DZSVh6raAaeLg?!S6@ZcD1m#uF`eUnq ziuC`SX@=FfHXhi^G$ou(d!M$mYmhtn3z0QwQW-HtGXlV0Gd1j221vlu%ivk~ucY9O zs&@rY-=MsN;zzFq67Cf8gh79v4q*q2B!dUr1zR)SXNz(XSV3b;(1M4Xg%9P?uRTgS zYQxXpZDPcaS_4qF!gB~&@v%`A7R7L=JXIucsQ(cV8UqA`Hb-uA`{n(ACxi(9l@PM} zPeO>}cS0zuDtBMYF_5l)Mvr%0CQ!$UNa7#x}{}288c(R`Or8~2EYVD}ffyrq# z-EeU=aECH@Sz-#%J$NqP`v|@BMh8-)?c-^zR*HWp>%MZ!`mx)qfHTSaViUcQ8w zf}4u@W0r%b`K3%Ikw@bD90xZC|HkGs;%U0buq6)i~U*c?5C$wu&Yr;~B~y=+zY{r8)-QQm%SM z(utlbvph!_?+OXywTizSDerCgk6j7oy+RV>3C1K3=MfmSEu%yOpTz5IMME&2+Bk&B0xv!r&K^pqVMxsEbbRMF39HPgsGpo z3+v=+Ggc1M5GpCN_+^RWm1cD_)=@?OQX6McoL$rgXigWvNh4_M$}~RCmlu`FIN$5^OW$rtemk zx6iW>`B2YAZ#C~6{ODZVJXftI0>Qgyd}+PS+*D$*I0u%vJtWJG;b5d6vv;#QCQyBV!BSJ8vb>P`*q22{|IkiVZy_*)rWZuuKqX+M{Wac`L zw#i8W?SwNld_H{2R$K4=KXU!!pW_^Sp0yeni@m*kLpRO3F`}m`^G-*o9XhMG?Ym*` zeR_XKK(vJ&!n{LGR9iL1Jr{_X6%j-u(^O=q7GT6@H&poCyytJiQI3noe_iLEiZS0g zoQ5U2V)?BYw6f88^b>g)K9IfHB|5`@-#|Ub(R~DJ9|9p><}#-C-NUl};{{b|y^}l+-5io2bMC%rP}RMV*{U z!XR7U52AGi>y@!vS9HGtE~)v7b(s&*8fp#lywE+ia3o6CDC1=-B-O@;@`LB@*~m_N z1S6cVSDhVYBc=pi=G6SS34_a!ZEe%JLH}{*cwBDJr)l^1HYc}G?>D>cwgBGtfr-@n z#^zE5Wnuw!L1u?6=D!d5>>S}0cUc@p8hU?x0t`=-BYlaMBBb+8jm~-FvtNr>)MCx2 z(5P>}EMj9BFZf<84m&F`=aw6CeQi_uj?N-WO!!kAO$L6wF0IGo?1+o{VHtZ<;xlCF zsDO=ah9ms44Bvz6d9hGtx*m^DO7GR-(c4VRT$zNkJb>>q z>2_tuQZLxw3_uS~PHANMvCd98HLGx-XGsVGHN8O1e#g~*>en`2mxG^)U6@SglnH3B z@<^!4g#o)>2nIUVhB>GA!gY3?Y;ca28dsw*_U^#+7fYWpjxTEbYNcsXRXn@G zo2)&TNu&kaSoL0o^XKC6tH;i>@Ux(XK4-I{#4mj&)H1>|Xf0MtOlKdnIi~7Nt&bzsSwWILftd7XO%20wIh9S@51Sx3 z>ZM?@xGXuSFee)YC6JtbW$>D+vQ;`Xr!rc2$R{RQzyGNh54srVm_gjEH)-8FZ??V6 z*JRpS>3vej;9I^QHx@TWO{rzBcEB)pBSA%3p=6Y-OtZCEjDhrikkH0DAZe}rqMlme ztfk**fkdelt%^gf?T)JNmC(KRqqf2xNN3*%khzOv2iju;f<*xbiddNf^hW7ge$}-+ z%|JyMBtaBD<$y#0#S>PyYkr&uqQ5!VK_GNNP_F4XnCgWQWp;sGEVqL#8s$;7m5^2+ z?GSNVmYmD3K;%*$8y2Tu!zzSpKY%*Ziix;Wr6D9Y_#RPnt{{s(JQhN+FB9KkubB}g z!6Fjp(h#5x0>RjJnq#Y62#aN$kjSeqto4~{GB(+NFrp2abCPU~*HBmuQPTLXaO^Ik z4yk2)n9_GVqKUtXS+UQ{{fbSb2sqcRjesugYoiED|JT)ML6f%f~UC zo$o)?P)%sLtdu!TYVCC#zM1^c!bhHNpGM(7IfUv$XxA$#-TgG<6Ows|cK%Jb7?|Vp zvRRL`0&mlRb6TV!=cqf>VOqg?Tk9eBNMWzBf*=HQdWBQXitmK+YjAzlgz&qy@47=` z6RN$+O{6QrAx#Yoe$V>Yyl?9l^`7MZ`g&aW!uyr zXRn0ic=fFn3_!^;3tx_sC3_c*%Xa-Q%*D!HH9 z$+^W^NHMGmJ5X}e3&$OLacUZXr+2(!%s@f*8er+wD2-`30;t&0w|CR5;xJ8p0M=_N zO#+UAX3}dKDOaBrz^rBKE@GVjsLpfQm31{zd*|QzOii0m;h_0VFOEVv;1fTSh;leI zA-WlOvmc%{vGDlZlKx;Db4SPld46bEM5+^-je6OjC2lS(HVS?=1A6YbJ%73lwIqgNyl$T9C@+PQS)l>CF!Q-BR>-l}s`^o`%iZLE-7zKm!st9S#c*wOkMPCCMwAC-{Wd%wf$|;LK zP7@V&*7zu?5i7+h0S9QcnIbojPl=lCx@PDDL)Z|v*6I>tq4-V;cj++t<$y) zOF!=B=Jj1hMZNoEJRrL}0vU zb}*;lZV;BC3il$f-%eq9y4f!?S52NA=dn}YwYzPyvT(Awo293&$N>Be}IG!PHj6?}DlFe-uoOpN~^dMX%nwil{T0@HlE>LG}IJFGa6GY0xw_&WY^^}u< z@PL&GKUTAm6dfv`h%G-mO;JTWr|MHxl4JCVWQ~*8l@(-TQSGQ3Mr>!iG|fowC%_GQ zBo_3a!9?u;1QWR=0l~z1A*g=_6W{v&DiZ}9p*Q|-j?jEvGEl{HpyzW1oxm^iTrEZ8 zI60r9Bafe$9^f?zY{AeVAWe;tvH#qk!T!2GXZ?MDmi`~^&pl!N4_&N(f{94bImJ`< zNqZfZXvY!_RwiHBxsrYrUar}G%gc_PVc2ap805rr<7)-~bAOIU`0M_hq-tm_2T<27X8?75X=y_DTV3-zNV5NR zea?dv0bHNy;dxg67T0);(M5m6H5Wi!_lBy{jM?POD#(r*%r^>hT0cVF zOG`(|HeZzx3`}huus&5Ea|B=YS<<(H_6Ob~9|fZ@=k*uyKVSUGJzhm;CTtpYsj%IK zW99utB=ebGCicu_`fg&CT+#aq88AIdpzLvVa)ghZGI;7>%i1Y6}K*jn?68d9Zuxpp>9&GR&kdRrW(pt)5hw$g71TCK4v1BN17cFyQH3j~UK5(QSsD2rKfAd9L8E2eo*`K$Ix!5qJ_fS0Ha``5wM#k(04KQQ> z7FnFhyd40dVun4{;Qsl=pdTm3`@d(9TcO7-Z6XCl=w|6|w{1r=Iv z?>%GAre}O35NC@w&U|0}#!l}~?%x#~3EPYGIbYL$GJyIctz+QKs~bB9LxxvDfjlV0 za^bw1S=s-ky;N@b?Y4XF9dZ`&+C8vbvpHscKQB!MsmH%v*6wiGdr9bdCHVfv`-xwWYJOJ8D@B}Q)iF4?e zQWO}=k6-L(PqPYz1{nQ4R=LTAjzvo`@?W7ecgeC5Xjt{l8+-f-4_7y+EzV4@&cU-V z@dPZgb$F(BWDH~-JO=I6!{3b6;O5t(ZZZ}@x>pL7+`J&^Hr7L!<4+o#AE{TSfR`>X zmdva!)(TH?+%;(Ea90@)=hT;*B@cifFEAd>Do-gxRkS3|Pc;0#-%t#UhoQ^#t^Z5} zs9(=)aGL99$82z-^s$E(E}fT3y73*wYXLs}`Gy2+o#UHg)0cRryousCxx_=I)ckp3 z|6#<%b_x+?ipl1<*aSO%;Sy-i5mQGuRR)63!G_-ui|@i{gO?^^_A~0`u@ygh6K|Ww z%@Yo6M##$d?M6b%4;)enX(!I&!fN^{~C+vkjF`3yP5T* zLwEY#L5E(+%_FJqsHqi4YaAv0jql}w>lMJd727Ixh#ebQ+`E^iLtO| zl8tdz-6*e0h|SoH`R%l!W8%$Bfe;JVft|VA?5r8ph)R5Zc}z1&J`IPel*D(5`yDX- zLRNgtr8YCGx-h5NHN!;ZxI+?)%GqZN;mTk{Gr6sR;L(h)$~#Z85ORlP_p-zyX}n3_ z#&hf$=G49rvpF#I!L&LUH>_f@qpRI(vYX9R))=)qG4OjuWkytpS7k=D$WLZQw0(P& z7FNp&ASJAf2`9~8INTQ-v$xJ_I4Q3qaxsZl2C*R7n6 zxlC^a$yn;qtQGux7-r-kG%yaOTT4a&8V;^XWjvoAw5(gZTr!}4Vpe}CuO*(5fA>S} zOsg!iJEd9Whmwe%4q1S6OHezoYnnjS@yO>Enuay#iCPaUkf5NWxMB28!LIc$GXnZ8#F@Y-U||2r!Qs3 zmg13;qx1kUq|i!9^VuQEmE+1}c>3&SZ=;l{b#|g_M#A~(PFhh1urM+yakaM?psmhc z`71H7W^X~Pc#A)|Oznot{w0_AtahBnClYcSD)1CAI4)4yoGsVh@~6GDL?bJe7bsqZ{!9O97v3jg20su8?!>s#}ZzL1B$GyRN>F zWORzzI;P7j?kAh-S!|r3dOhGbT@u;33TFRbe9jk1al!mf%8$x|GA}kQ%_tFik$JXR9ztS z%b$C!@jfkoM)>_p4%ykG9PkfdG&p&4IxOU;GT#ecF{ma`CEztaX!>P1@e&rU3@0l{ z37PbR`Wvnz9G%XwQ9u1}dEjj7kog!|jK3yJ{JMGh>_b9dNJ{mYTJRJd3>#DE;$oF;F`;&q_4_%!sEsQuf+JM3 z7}83HQ`Ca5iwez8{qxap+?DT=kp32xM+pbND)1!#+)^beY}JOANNvtAW>7@UY^B~G z*WEnED(bMR>8;7!<9iIqb9%dHt7#NrPhjLN=Bw7tA~-G&T@eSvLY|JLDQ`7o|;ji zyY^Hnqs2T>J7XXG3;*cc4xm3?|66-rmOlUQ+SAVJzqDt;)C|ig`UlCMa${I_>?oU6 z0}7HIB{T$UH%SDN)ubb5;~~AjwI@#3_-|gddHbHeum}+XdVM2=3*-SfbOFu$Sr4C z3k=GjV#F1W6WNpu`25~a2^kT2|A1AyQ~d{4ZPfsPRd3M$3sz0bxipl4xA&8lV8tq( zdQR5yXa(tgYjO>cV_j@bW51AMu(0a8N)$LRJQ^X@HpbY01@8-)>-u%>p^1>y$nYo7 zN{g8zvk_o1dJf!n1*kaIG5FO3s5pN80D!AA&tL&XNb>N16(LE6{^>VPt%R8~n+>!4 zyWSX1T?Z0^U2>Yw-n)f$;SV220KmryZ(@h(rJqhVeVq93iB_8-fDf8o=^s95Psx8K zTCc_FVki~+F#eHf4V})9?WEI2_(QI~DjJiRaV0VMU*u{M{J+T6hE#c)wE%MUC4gMr z&Y`jHAW(K)UQ%O)&x|65H^BMA0B}5iw~;)bdZcks82596*8kh_+^wX2%ao~pvz0%! zDesuO1!y%EBpBWdJ@HYtdcuPoH$;0iJD`39CK;IoK4R39aqema@AhWjZ$eI0VJ zj|#k15FP<;Iy=x~l{FbcsM?Z_LMXYkn4FJ17#IDw0hTcwHZRfM^m&I48PHm!2@Z+) z?YPaQ+XKKH8Pvdvvs~fEn2SDNJNT-4EL;ieU(>Q$A6*du@;iTeO~<6+`ZgVdgzFRd zEf@b}X#x6k=-LaZ5h5-+Bi3eUjuh;VBW6YfUU|_pv`_#dTjZxnM(3(-toWzo#an#B z0Mpn+E1)z~YNYB;{QNc}+VUqTJ-9@&W&o`xMbN$(J70~`w1B{lq3Fen(!bzK`k>ir zi%XB0?;KF^0JyFCs$$sO;ZE$HUOUGfbTXdU;2sJ{C9IJcY0i&VW-!-JSBqX(iyBmY zth&h9;?@G(JIA{duLL@dU{?}r9KJegXF%QZ;=VeC^HPC2fUiB2W}oXruf&{pwlH;6 zu^zd7tb?z->ju6p0P2Jt@a`cD?|K6{Q@_)1qVqt&@ayh+S|#u@c#Q_?c~=q@#8LPk zlv|ZQ1_0;wJPE4Fs-sE#MA5Q_0Q>}U1-?zG0_0gJRoc5m%7UN@`(7LFlZ?;lPAcmw z4wQHaoOmM=P<{OqN5tkTB?p%v=+m~Vtsla4Jb>-uz8m9-;XB6+R18@5vZF_+0I^~z z0^oR0ijXis*&y5-ES>-aXjx^x{F10-+-BigX%LsbsJW*~hk+2K+OY$+rCx zcCUVU_T#yK8&}$sqKDP<_|KBoV-td#q0{3lqkgxQv}9>G)rhZ9z4`@!3?;q$ie$JP z7bqlJq}bFmC+cy0$q1PbfjrDP0wL!3tsZmU_=MK zfzKhfC3fQE&w>hQ7IWL~qMdpmbkxx+d}>{n{;bcCO>5^NZV4X< z@F0T0mPiCTv)dT&cRUDU@V2T-O%QMbL|&Re2sWU2%H3GLtD1$QyccXhjUeJc=0NlI z0Fd9RqEn7D;e}1VHl}|0BZ#jx&;|_I&rci1q#3^JhtR;Sr7!@TiM7x^NAx;i;yWW_ zoO!lQD77|JLA+tZ+XoTn9rlfJFlvNqEpHd7B1d3@(sC3S=>G)H9$~k}NMu9ce0{V+ zn~%4ujEm3W-)T?qrR+)kmmb)h{~9lX3)(bKyr?77Fc-g_!EbW7=eMGg#(9vBz*0cG zu>^ODyUxUP2WRhw)>U^an+dZTl#bTa;JxR~s=#Vn6{QD|vSU?|1!bkhhqT=UvZcBA z_VV=3c`_udA?Y9JM#AaGoxM2nL2kabu;M&gd;7KW`gqu6XJ~`i}OuLthfRu=87U?seaBPu6 z$L43gK_c}7VL8MTH&yr{n~-y!ql0XIwaDfaO?JdM)V@G@57!K zHnBz%B>-5^>hjRF?A>=&qgL3sPnM$$y11K!xnA%3xi2HNv*9?NsghIYBl*S~>^#;4 z1KCX3H`>QY>FP-Zzi~~L?EBZ*al{S~nMQ*HMirA|N>g>}@@AlJ>zbpaMZL5lxAn79 z9;vyEUvqWrMGG7C?#4skqAR0}E>knLe-^X{k8|9c4$#69ef2o(JX1ekkMcx(ZO~!j zM)+z*($5$BB*-&9aRqO;D=5x$+`I;&(>SOo-KU3!pyxmW9Z#L^aj|kav+u2lgL)Be zE1Fi1yNVN)#JBe2H?EJ7#KKteAuEC`U%ZTL)4by-#4hw4z-aX+vv{Ft8p#IW`s{WP z{D@?H624&MAUZ)~$RUanK{-!{w9|CwSw?7%(!4}A5ZaM`)v$J$3Xd6*^5EC3Hj}A| z;nRTOU&Se^$Rwh=D=&q$xqxn>#i(8_VT)8b3=cWiOr1jd4t>9sBN)qD$#}kp?^Ieq zWctp96&F}??`M2hse|lkL7kX@fh#AEij6;x)qsoeGcJVj@>vzZ@a?3dNNGT%QmcPFug4xJ=s)}%svDG~T-(&=IV^O+*7_xcRk+8cslMXe#;dH&Cd zmel%3aN7O`faP^5pM5RFm%Ibj6T{ z@wHEV3E&Q`j{)LKh6eWkDr0sN8l35_-^s>+$5`w7Fj@Oz+*_?cnFh zNg{e*ze#E78+{oReY4r_y3Zp*_=|<$<#FR}iEA2A3OqA4U5V$}9W zJy696hJai!E{EVw?l|Ik|9V7D%FdS&h@+Fb;;92JLLP9TI>RutW7URrm6JKyk&EO9o@{BiaPg(LWs&F$~`}&v=vpd`O75@3%26wkpAa-{I9{ zK;gO;+;gGm?sgvw=%3F=1VqkYFEt zf)Eb<`x~Co^cHo<@NmuVLH&E+ z@~pp8uc0J>P0XFH2G!MU9&t3ogck7c+Dp}6N#nhEKVODHEg`2;CW;Pi_Fl<=9~jAPLEFgVxB z0GlrdjX-CDNYeEBS5pnw-#_V!eO*M4CsT2n8Cea3tnnp-9d=s>dv|8*KA314Fw@po z7y$WH=Z;K>7I0l&)L3GH8Al3OUkJU-cgYUMefN()!7Lb7sCL8|({$iL(#w6WPs^w6- z1nAkqt%{HwT)M4iV5ewVrIPiM8h$&9E6mnQwV?ctr>GoFPobH|z=_i1$SLNJ_|&x7g;(AMm1 zONVYxm62oCSfS0a+Ty?X`C(n%DW%8^=h6LC<~P2#p+ftyq}}9xJjx751AAx5+RC;5&S&{q)|S~{2l|8kYt0GRU3@$OHmN0&PR&B zX((!GhEepOCX665XhTdS`}sY5>F|TSuxt{}J)^Mo)yBdrEP{l1i7J3f1zfsLtLI;l zqJ-}-(4`2gJ~Iv$)`f$;4_;8my{VkHI$>mwg?15+V)YT74ir)xBit=mXO2IFV+fU5 z+Cj^8CEnb{>Y=NBueHzl2=&tWY|Lnbcm%q>Ez^;Vs%Y!kf9;=WdO2F>(1_1;6chC&=swa3}6t z57HQW654zoNSU$ zCz|2c?kzaDu3F|igQA{?u8UwuQ!3YEcuj^lIRi@^2DVRap=1v;B&+wn_{X=(?J*)HljYq&ZN56_e@7=p945g7dDVZ(R@B$V%J zf%Efu>!+?5Xmd{ib8nb}6-J*`;q@;-^uhbfXh9Gx@QLvj-Qu*^aPw+%#%c|?S}~!i z;DxXSp5j96vEoqVFdH^Btkf}n<&&~}h&-bGa)IamSe#1-I^$-veUN3$kyNBy9lcYi z(=AU+(z42C+OsPjJ}@vhKwZ(CFK0^6ew>=CxQhSrgDio74o|GPlIV`Hy2$c*ytTHT8HZoJg^wvkHn_M@2?9Rsxm&>Bp%w9E< z(Kb>?(4gzm&|gy1*mwqifCD>X@Y6Y*c0n>bP>|oBSK3>AbLjKs7Cp|Gg_tZAaa9$- zSzABY#crY<^bf8GdWvu;X#P1*P^Fy`ga&{85$hIG5kHB4ij7TB@8m9juo+SB)J7US ze42rimxX@d;ib-~qc|Z)`!QviiGwV0UuSh=9n>?BGRv?_4>vUSSVa}<_Qam~b*y4_ zg>zJXmtq!0drqt|%BR0r!D7=c}4EcN{D^Uvms6W%I6}$&!do-o zT$D;HV9Z%2ol)3QEo@J*>h`Ix4(9OI4Ns)u+`OD~Ws5bwwD@G$Q!Py(hW&t|3?)oS z;TiGuOm24;vvkyI1l`LWa=rLrO?{t}(i7A(0nK>KzX23C{1Z!4v$7>1)ZaEbQnV=1 zaN$%bV5n9NAAA4uZS}EYDRJ$9tfI}FhA>h+v6{B3>dVD>@y2MFxz@27OzqWl)gdZ+xsjTz}R?fS@9C8BKS{{V;DW{|pgA{f-r1*r}@9^#n8(6i;#F#QC+#U{{G!gpoMR zOgH@y!<918qzPPQN{#@KSgJ520yVriBR~6e0=2LZIWBBov89qoD<_#97f0ffguuo# z%UhOEQlq)Ap_+u`BC&BD^0&--(XK^9@5Ya_B_d&jNul_&8sZ1o@aPi^b-jEd?X6&$Fhw406d))cF8hyPBEFUUH*Dp?6iVA%H_UUY{Z$RVR65lqc0e@%h8jA-iMM{a=;KV8)^H(iw?65tQ<(;=K` zB`He4lU|$j=Sf#xqmWoSBwW-EDEvgF^+M1yt0dYgl~hH|FnccBfkJo_79Q@0$DEtI z|B=gtxa<7P7!|r)7eK24y~Z=38SEX^T6OnC)bqg4;CrEV0<;F)^mEX+3TExz2~;{` z>`s@p_WV?;Cltz-U|aAr@pivk+{QqtyzW<5MG#r45is7`kee#rYfioPuySW0%CB+2 z%H!gY6;P^nED(-L6)g!cG};@-`@#cI=g`+zw1QxEI+fZVB5q$;#(Q@OR8sM;UHLc< z#uEB(wW!E3X-ABH6#C7N;=JDs@3bNfXK&`;s@X;lLqm@xO`c<9Vm(tdK^h4zX$uMlLVg(E6rGMtv-H_nM zzvtIZXk%}ObSvMvj_tzDoBOc(bmC{g5^KJ2E*$^1eLz2!yOB0QPd|6t@P*;7Oobwn zFms!pN+ErHfz)EA%&tJH@oq#*L8ejwRahk5ob6WrqIsY;V%ybwVWWEBr3m{hy~xI{ zxL9VfS9I?mTdYxe15YlV^trDLtYevMm5We`aw}*%o8*_7DML|i{uA0q$9JZ#p6m5G z*%3h-G`+tUS7rKT{bqX)O`%W@(~fPBTQ~pST**y~PUC#y?1OF2RJ?^vQyx2Qd^b%1 z6-(*Zw?2-=gS|>=0Bo{OPwAxQI4|$#vy04V-rVLnPH`^OxatkkhLndG9>*uIukBpm zQ{jJmJ8PF2e`+o1A35)bCyBf&?Sbkc=HbJIJ%HW?cnA4}_+*NnK)yR`Y?m*ljEb?s zf)ZFx61*f$bUsLyTiWwbq=Y{Ru@X(Jz+1sX#)UKm|K&JV1E7r$WGE=5yb4DMBDR&e#@ibBcuQ+t-9tTyli_5tE0CkZ$D<4 zjq1--wQQZ>qBT_9Y#{BwPkR9Sgx*kyS8$;>x+>Pk-<>w_>f(_84tdh5g{%{@BrYMip@PPv-#y|hU%lM*PQQnXwE-v*%R{EP03%3d% z;v&|M{^&^s#qjY$qTWGWZ-$X}h($H?>j1FEVzQgL>MhWZtZ?^We@=6AciYyscGfADU_ zBIDQ3*r~iHy6g1KglH4yoAoak47Mmb2mE7wW%IA~RS=|C;}-GUum630)mip?eYKZ< zi7y12221jv_0>54U+b#^PWc+@cO1dD`%d&`mm*47h=k`{DtaYY2>&-k`C3z}iMf5_ zqW&y70U-joMEBz6--GM8XzlYWC*#?XZWKu2@4?lnTDkx7<@@Y6?gdW~6I)9@4i>O( zb!F3?m>y+tAIlH+2&AnotpFZ#R)O8+XpBHc582PV%MDt=vZ;+02$#<5Lzz0&el^kj zqb6t%*M?cfaQyIEa%?-f>oON9!Kc0-z^l;-sL8{86@joIp+CMy@c|z9B5Cf(ts&;b)-8#o8dbv1>vj6-B=!mVS9=@qSD)x z&EOqgJCgo=)b@819-K~6cyAj%?5$({n6V{a)@!-9%1(FvrDxsO)NLF87!JB##?H=N zRHkNIA0c{tFqRW;DC;t!pzWeRUkLhs74P6U3zg##(WirkS0$HiRN6-H>V5fb1L!+) zTCR#LGT_mtUp=o%toeqVU*)un_}9HD^^A$ufnTE;K%2U2wa^y!b9XPgEuF?Dw<~YN zuLIDcFO4?*n!{LHIr=mPJ|)=R5`sBV`6MDVL-Ju02O`V^^I_j6Ak5Rt)DiMwm$!GD z-5Jn9f$sXAd9cMZf8gWPU%>jd7^upu7Y-fyas=O6qTv1nqa;Kbw1d?4-n7HI_T|G1 zjzR!o18kol?dc}X2aLE*Y66%B?Rs4K(L{i;1MPUxh8_a#68zku_Q)oo^so>HV~hO( zoL%@nRv7lCH9ag1YZ>yW;ANP6lzu)c&-93Z<(lgQ?L|bWKwsVvY^Xp}Q{jWI$NWhp z>`=|#5F)<0{G|l+RSevVhxvV+Y;~35qK5Ki*6q!CBYzV+8}pfiEXu8Pb0T#~Ij?ff zEOoj0w4c(Ih>h+caU@(lPNhO`FM(AO8}~x>O=Cfk=RpllRG7+2%Rgu{Jbq-D!5#JN z1`IS$4m`32jL^$+gzMh0f7S26%bKR3VrG{7RPnh+x%p80y0AQdN87GNg;Q$dsdLw7 z%9qJJKeb<|cKH7z?Ja}iT+?ph#$AKEI|K_B+}+(>g9mpB?(XjH8r%sQ+zIXk_i&o* znb~`0_W9oL)cb>as-Yi>YVL-0ExYE{IJ_-05#>JKe{i$Dt;lu!?CCF7+}|TqZq#*_ z>dgBsYJHlYes;T!Cnh*?Oqmj+#T(wPa&e<9MQ?jDb4IDX__*xRZ6HN=ds4PK zxZPFb(?N>~I#~7(YI2lI$ybCu_sm&Kbo zC2@SJvD8(Pzv!T{kCxeqKXb=EvZ1Z-s^ULuVO*DQ4~-ISxc79BuRp2;xY7E%s_{kF zSk~Bx#MpG?Bxv@uOy@nKifJ9SST|y=9WAbA#CGV*L{QmhzLw?)*6O>Q;tbJfKF(Y10TgP0o%vPh)aU-SzI9{FtUO0-v8-lI+?{)Ky0Ll0?_y zA$)cP9=7p<*4v9cLBgf{UVU8F$qh*G?WrRx()Kg^Ym)amN8K{-C(ssl`uu$Lw6zI2 zwlr!_x-48Pbrh#NolqE@MOvm-aEB%OmT+4l3vRWXAD_n4_HNsZk~`dpKN)WRbYiy{ z^C(-Bimy`sDM2uD28O(@ZO%pAK>K@4w&#K+l3=kAAKQEOCY>lJ3Ww^;u{qupx{-JoT?`th`F(2x3PFzqc<< z_F<7gnEHv4s|#g?f7szpy#W1y3Qv;G8gk-Z5ZfqN61yi^O^IfC9YQRc7)^grRPb#7 zElw=cO4a3wcKf*|0fIKheuijNh79s6j`GjpLq?B*N$6K##p z9#rSe&99vuFL$4h9K~K9&JP=kc=ZI)WpZ`*1zctxteE%Q75KMaDndf5S{y$)FQ}*T zMgp4nDA*?MF?Etj8LRM$GGtbObBWNNe#A3fK5Uk`0^yqBrh zMschIr+d!zQ**&rO>3XF`bBq5=(-`;NMi@EI{bQ_QniKta}Z_|0Uu&Ba%s|+9bn7N zu)Y|>4g!E$Chm^q!UEU>w!~R@t22E~G`*q)V1s~KYFvs1G!G*~n2tZSu#U6UTW!Gx8oOBR3){Rk<@nPlD* z$=P=Ws9_#CgqV-H5W@&DxJ1oCkAB21dzp}92q_*{DIZ;?5cQjrkoB9-z!r4`;A`6b zA8UghRTeuE+O)(3!oNHfou_SFaD<}wX49{&DI-%|u%56vfs(g99=FKT*UM02K-Q1r zeMqrJ)nr`pU4k5A!#NU*O0WZu#(|s1ty$;R?+14$tjABW1A0vZ^Pjo{l?31^GGKud zgM(Dw)WY&1_sdGF6RJ*VJa0h(c+P<(nSLbQQc>`6bNkNL_;6oM`! z)3dWX3mNHEP#8Hn@`md*|7)nnmcD)Ld!?<5x&|hOUSgC8aa2|wcbU}ON`-%F89#n& z83VBXoTgOG{cQ2NmD$|A%E#_63C`$OG5!PO0wi-%A3fH}zXReuUdj$&GyEfdOBjA+ ze@GY()I&-lAT0h764M@xRFea(i1a9yLG?c&`PsdiC(U2f6f!xKquUbJk+39rYurlI zi?vt{!e}r8;KD7VK9N&I%!{+Mz>r;7G8txhlbdSK6=2qKo3Nt9GSwp*78ahloeL%S z750jm(9A=dG~sgXRMycYX#-S@=-q&t2LxfkF}>B@UeZbtp1 z{cieh1H)b)hN)rCho<*A54J3lUT+cObaW+*xEFPaFrF)<6CP=EGud-)$=Z( zU~_>gTTC*7ZVk$&yRTP$K5F|y7ZYoGg*lB8m!xiV)ciH5unJ=`SJSh($+VhzQ#IAv zsdH_va7ft8$le9~~3FqfUWM>;8D#P8OW#lqfi;k5ZSiwd$ zJ&v3C_ZhHOP^AsR4Gg8M$;>R*a#s`vWi8GIHJAaOjD( z^1ys!K!eqzi9Vi%%$+-kYR)cJlC1RMmt=#(`1YbKO^;BI--9mgA#l(wAiz!t4V?Q^ zr)i*_J22PV;g~LR9v{#J?q2k1fmLGa%*q~j<5U!z*kBogw9J=d5-s`^v3ziaC(bU2 zj&Gi!f86NiX&4WD&F`e8xx_m1*Dpq5tuv!U#ek^FWY0Y`pR_1)Wrc!dOkn14UDg|v z#Y0edW;;TXfeN?zT{aTTvXP%y%8#aifRPxZAK)_OCO6A0w!%ut(Nf>PqAJG$H5+Z2 zw^ZX$$GYz29D1_*Y_T%6cI9bo0_*?TyAf94C$%Kf73)lP z)^GUD`pk_u|FVdOxN4z+Qhhjw9)j2!Noigd72|PES;6H`@5Yz@H}A&41UaJitWN;y z0=Z?T0U=VU6gjy7Evf;G!ZFzRfmUtav?dL8B)71{TU(IhlsErZDUykneItRGiv{-S zBkNR|nJLzN{m@_Uiz{d5Ev}U1GMj*#Q7{Z#4^Yjhc@DRpq=TMY_&IRfR`t5>`)vj) z?z&L+$Lqv0`*~%Sr^S+0xBZ!mqbE3kixTH6r+N^wdh>(c`qXEGhwvlK7g&;-L(Z@-DbjLveMBF4t zynlO|>(RaVfS^U%@U_1krgeo>XTYvnBw7c3QkPZ1PXzXsTBDmQK@;1@ok_Sg3vo1B zp4um-&1Y%BCysqH$&Kmujfd32044>&!&EGeLq)}@QA(YtZ{l$Q3@SpG2b4OuUA14E zm_iyO1&CUKI~!A`E&{K`AsyhEEGoSz)D2cd1#v_Tec|CL8Aa;mE^+L>kB$X=oWBr0mj`~80C-Z89 zX*>5SVV`8j2fJbF5=k$Qr@dkfA#1jj3m1XXX}+lEWK|+lAN4{U|DoO_SjrNWZ_pn9 zP3|dYamIn=tM#A(z*05voAk_N_hx+tiYP?{*Oz{H(Is4*VaUtYU0BG350Cwt8`uAlD74 z@G}P%6jxXjh7Gz#fKHxQ2v@i=oU(ZxI+xL_RgSki>pV`MU&Ep9mkm~@8@rn4muX^X z>vZH`4h@#`jlnRQnJ4xI1!DCN-DL`bY4w)E6$RWc*h8cY^1b2Ep9rJ^^{=M9^sh?D zAk&AUA`V&V-8@5Y5Exy3dq^oXqI>e;SNwXw{CbSE;0fyQK8~)w>SKV^i}y79YZUZv zGWHnWa6ooH_+Ckgze6~uTR)t_95C|T--ia7Jm&4bO6>RDcQKY$8@K|(2C)efcSbyo zq6DxgVPDc_2r*DWPwhZ;41+6Uz*cwP0ss|+tcsA#yMF=X$6AO!SF8UjK-G8X}m zU9gF=0Kg*1lJ}qhLt=6OkWVfKL#77vg$CGz0b-c}AzXrhkTxWMAvqJEA0Jx@5Yi5h ztoPO(`IlQL!I1G$LOLNMa?S;lv< zd2%U2OB@|sSUDv812;kglT7isTTdirZa`W*=3lgUGVpu=Y4NszPMzy4acLd93s46+ z@%g}2sagyo7ydKf)ei~2tNRkp$gSVHu@S3kK0*&Kl1d|@3V@~HGrGc9Jo4@)-<``l zXWEVl0Q!Nyp^)QFD9Ejd`Z7PkNe~uLL?2JQs%qSr4eg>}A#am&4#1_5?=#@Rf(qne zJpP2}GMs+{J?SF+m?Yws|=U?m*2TBiu@9y@g7JSu3=f)}!-js!fB_uHEWxw;y+ zW*hiJ_eGi9m4G@6`{ILqw4?(0I1$f{a>CI&3vmEFWv@CYn!CM$)(+w@iwf#6>*b3_ z8w$dCHk<Q^X;5mU^v@fnTT5@CRj)JZs)fYn`*B^3=qx8pzc_Jk<2qOmh2~{1^-A4EGXIs5-lGzGET8LiVR|CoP)k11M1N z`1UWsL-0?*Bh>Uw@CYM(xn!hZDxq2Qv8?f-$&Zv&2l{i;PEn_|av*>EbH+9#6_taD z^2K+lbbW(}j8N%6=9h$g4*KoP8P4+u8LWDeYS>Od+JZMsPB9>BWhmxn;bC-th*0JVepDg%{xdoKkoyvj zEXvTHYK`SjqWPXnMmsFU1#Ee?Ef#e(@E;E0Ujfc4?=KxXKB9J8&OyFPKheD>Z8#btpLdkx z?pjeHSE*OxCHafb=Th98y)tReYCjpK?!snD^Owq)em0 z7!MkZNA#`7qnId5@DFH3-r+GZ#Palfl1BdjP)b6+ zZ}(=paIPh1>@c5YLiF=9$`eAgI9}<}3#4G|V_7f7$QX`45ZFrHIYb15e2Pfd`Atwlu_Wq*3ThL6D{(9!)$|yW3aO2<%uKK9v&_zDa*5 zhhf3oK9-4s%_@p43C!xmJFxMo3I9tg;iK4ay(2h*d?|uMYf}wvY`!f+T4cA>~W{(SNlrj1?f+JA7m94Lo zBUTB9f|J(!_Urk)+$`)3MUUT|Py4*OY+OAGRO*WpN=blg6|T?vf5?pzQWrTeaC0k% z|AvhurI$49usEHSP*Iac%yR`)s`YJ_qrXV^lXy9LuA~OSZ5C-XO3z2k z>MRze(1<(#HU@`#^m6ogk);8(A4%%s`@@bWrD!_W`^}9&ht`SZ<6PV4& zZ)30~rQQq9bSgB)sFEJlIe|xR%@i(%yW744_k`d>DYw2U!#lb}%2s6>!=k-9p8dkh z*KHwn@-I7bUWw1Twzt_=pb`Q72C-AVefeo^H?=?TYYB~0cclj|KK328$~V79wIZC%FmdN9o`WzI=)ZE};9YU2f%);N z{VbsVG_ij)U#Auv*+1YkoqJLDY+P*er?E$5hryxi6W)NPu56HbE^{w}C|sflJ%0nT zFq}Yx{ADG(X35FfU}kF^J#@#*fYs8LC1ejmJyaD=EZQid|CE+*ec@dVKGhiBBIuLx z&yR!zIcmcsYiq4p*7MgY465N$Phy{HtIAiotv=(XA5ACYn)1EVhg+yQMOMDCl*qCU zQ1MmzR^ozEd_)Vi$eK+3MaG0)zNPd;R;OELB{F@K0@H40V!H@db`f?lK}gz<#m-#+ zN{S>TezRDlYol$|JK8r0Sa1%0P|tL5rTy#%@NkB{J*mh;94-bru45;Gj%&Arb;@PG zvq1*C@l%Gu3jY)y-xP?16(pvf56#joq{#K3mQEwAs=DcuN!mQx_T+IZ)%{@IbW6kV z9d8T2nAkEb9Z{4q`YQvx*a2P}x~P7@2~R;+^;(Jf*MV0GmAP*y5DSDl5w?JS3k5+| zQ#>ajf>hh&((yAHW!h{w9kkel)u!+iLF53NVaREL6L-qZ?vQKe$&I^HRXSts8|mlDJy*n)%8T-cMD_S( zBjY#^lHdfOa5IQ=qk{5e#k!2)?6Hw~k3_yjipGvlp~_c#B>Rw=p*DAEoiR^oIU-4? zPAa`7->tL-7pULz-3xh4K?1(1T+*^eXO0So$7DrCgPVS_s@oZ&seA`)MMYEDAVgpj z9_pRH(vvb{cPF7t@VopRm9MWW(TS`F(Bp<6TkC*N%jN+7UY!G}F&p3XJ!lZ1BH1ki z923%MN?lOc=?l+Pk)J1pVI>)A&tB}I{e60&Z@`f)LCA@e`Ab@n5H*WM3ZYeyWam=m z!Sm(dg7eG)@-L8}6guefzg$?m^~xZzHqD8#yQeEY`{o10vKjCo*w?uPzFPq#fI+@E z0NE}tK*Bn{5iu}Z zVG%-y;2bFRipa9g4JDRbB{p#w5DHXF4m9|J<0SPf$rdhTLV&J>X5~p0W)``2*g7@} zWr=6dP-_>u{_HLKbOPJ*FZ~(9B^CXCP3lX`KU^S-cu|3`zERGN)E2-7YxedR*{%>vJdFF4n@CazS&;XLu=>N$U zUa#}@f3}5_$X}>#^N2-A8Ot%^z7y7%ajBL073ghvVY2_fcZClr{^<(mydoh9&vuiO zCIQ-O$csS#9x=|nA;wZ$g#WE8-0H+TZ-b^76EhBaZfH`nglre5#EJ2@R~+N|UpVqc zc>52&vB3Hc7g_|i!U6mCjdHC22jv*|FUk=ID>)DLCxnSZU_`ROm5Kh&az*Cr@35F) zJ|@(tu7j6R&UtL__@~dSDn5nl$-pwTg<*3Xd+QV?hQ#Uj2kbVsu{&Lcla({~+OpU9 z3VX;D3hxj%TeQW8J|r3 zlWv^a{s-L{>YDymrnV1+k?Ya|SnyO=LK=qNc<|s4qy>i4AL5EfWQ0Q_>w++Zff=%S zJ?D?OK(=vk2luILf(26>QI;mqZ7>yWb&lhHn=ujSxamQ7h?+oN@CUVl_HL}GUq8JT zliW&}T79_>jy#3oEGGD2fZ$RxuEVfy@MK8mIxMNlnoat_9%%V>4#)O6%g9>p*rsXD z0h)iki#;4dDkctzk5Yq&KXvd{!UCNnC)e&R;o+G@CN>A{UldHdDKV&D$PgSSCeSD|BHEF@BaY&+#=wHuiRLj&%vf%bY_LjM0DieT@i6jvKTz6e^Lw ze7`Rgcj4Z)IjE(*;M<*D0g2<2yQ?NRg zD@Geh&oWqEa#(+{B}rasjw7aIYM!H7`!DTUMWPEl)LY+~Ja99PE1@3gK7MWy{+$Kj z**oTm0H!FOZ5>YXMY&IJvvsJq7i2PY+-S^HX-HUE+Qhh56xk>amy*he-LCuSW7A5` zU_%-NOfvDo*~bX_eb95I{OgWERaNNC?8%lF%AENx(00WZ>OGN4JZ*ME6SGO@1@vrE zI{apSHL~Gz)GG?YnW;XaH24b9-m&@i+U@aj>~+m7R-b&B{%F{R<8Z|=RV`YZF6!;H zxvC1%_0i)JaEGo4dX`SPgucq2>$hX%*CF68)zi7e#lxeG4L68$!~zj;*ZL6=kSAs6 zd5=T~Q*S$USelXJLvaG_YoCP-$UpNqc>0mW)2TtK9oVCdPRCGav#|&Fv^B*xe&DlPJd_#2LwM;mIHHJsL zA(5p-oqf1*$OKA~Ut>{p=CVqwapBE@B6aqO`_B71nSAxYpL!51ga+%fKw^>?RII>EB?JEjE|%ryV%LnoU=&qhxFKdw-?7dFms>Q zoW$u)mB+Dn-7inTzfGX`e9zFXKB~8lLr;Xz-Cn*=fIAn2T+mghmaauL-=|%4Gft2* zD~WlqJE9`<}jPaHB`h*LV(+Z8)2FA}nZBdL9ZWf{T_GYMv%^V5xnX=;fpr(P6d#o5^>etMgt+@Xd*IDTi|z=Fa0+Ae_TY2*+9c)@*<0NFvPfDP`EDnKU_VMOa@ZiG7SsvF?c5^CO5 z8*I@g3%Mrq4D6Gd#Me^>o;OLwRg->KXWIfdO@Rs2Ly-F!4n<&9tvvZvVZ9&0v8H8M z#Z;VIH;GiVpbc7-3?_}BqiAeuo+@;|U0sn)H*PIR3am6y?(rr*z?_^>7Z_)(z+>*s z)ha`vy+|+C8Hm%DHY`xB(V17TJWMiFHgp133pgg7ph4igE#m2yLABdM;UqSQHAE@Z zjdfP0dk+t67KlRyHVaU*?{PH z!TB){O4P02sl?v&{CO2_@_*?02Qo}oPrIMwGWQBUs7N;w6^k*gG66|T&2Y)KzrfKP z^*1;w0Q>P~8R+|t*Z8|C1O4zn;3)s|Ta`gemR{|h6)?a!^jLJLwR(6MkFRqS%GPMb zaQoK3)R#Cgc<=7bR_wcT&J^W@I4de?xicbYV#yZOj{lvL*CAwylgE3l-ea%EXsIuL zJ2%oJe?}K5h!?@8(%3JzbXb%0;<08<{Az;Id-xA8`17A$@C}6DUT{*ASr{D>P4-1c z+T%Yh;1jPFPFzDeR{sW5DJe5~jCuP3fquXe-LEb>;h8J3?=@*o)gqAsML5DZsFshUXZ&V71$RkiW80SOhUk%!W~!Dr^M- z4(D-6J&y5#nLz}76K-?|8vA{~-nZ`IMy+pPl?n%Kl3il&5e=uR+JM*;rAD8P>#VFx z@mz`nXWGh`HL^u?3@cd@0_ibwMT_jAdeQOtGg0z8FR=v9K#AFKDHUj_^NG zVaiKesCk~WyN9HG%s?gFTK%^Y{{6ELHBO)L^KWQswQ~{7tMm^m_$Q{7I$(;C;Src( zkOry-S!NIdvw0| z{?@^9CXG)H^?)J9$Z?m?kee9SZbCoHP0(F&qra>yX2m!jp#bsS_2OSrXjT*xvA`@K ziW=@qB%h0{+-cTC0f!jHpwQQi!z?_Ka!2|CnIc$ufesOU7tF&tBv(J3xDJvucHdo5Nrje+zjJiO57yqRdKRNgQXRWN35O#& zb6Qz;_xBk!^ie#}>u@;3Uie`E+$ifwkghliD(;YAWuIM`#APB7&MIS)SM`Ha;&eup z`tZd|!2(RA0#Lo)E$aq$&Y`z(UfZ8N!<>1(Xxa?qoT-c43WH23JcycVVgBqob=01T6Mt6ONPpzpF zJftNXm`g&rTVqziIhzc6swZCb_PfM}TuF``nE+ogYc@8UUjjLd5x9JBtsXWmq>7!W zSfY-xo|M@|*iPeYQboIhT@x){OhboLS&*~7qNu>UD>RCia$G3gxX*>%mALoxW1~KM z+{MPt$Yl&7@f{L{53kbcNHzk+D5N8~tm}R7g;|E($l4T`n_fmK8*V>o>-T=X8K|4C zF${R_!Y*m(;Kt8{+=Y4qU*{I=y6t+&@!G9X={{;AQ3x=?_)FNuqDuQ;k+mD5R(LB^ zcUIP{qcj=*Yys+wjm6i_L;5YSLTH+(e($nEIPKAGO3ci_=Uu}F2UYG1g3wV@z@=kx zKZvybM5A4#_y*lP$Oco?@IjNpfKjbcilMM~PT>u%tPird=u^zcRSZdMn}Yb4r%mVO zVpUnr$N81Irv3~~4a@FV8OKh*B#QxCDGZcw63hm#+XLe%heE_(URAKjRHX&`xe`79 zabaP_V%=+1;^b_W%vmj?KN#uKGeP3ybe8N^75FH668MOFxm1E%(;hXu)bB3>1f3bEe^-28;lrV=3r%SA@-`5y<=8F==vfeg+z|77`988H_&)AQI78e-KIo4@ zAerv+5Y$l6BD(e}Z4Hr9MY z@Y_JwdrT7lmTJ}aZ^ljBJ)m*3d@RQGE1g(`xYyqqH`{+3H?yygDWPU0bH0)-SZch* zp_-LRRkzsX+QU8o*C(1+>bF{AXC%IOn(BGRa zp9)gQ75P8Ky){qlj=^;2D z{Tqq6G+mfwuGGF~SPh50%crej7E!%#<`^dW>(`cgGrx6$L=?A0iS#$oU_7K~dzVFA zu8H9zC)pq!&(DFibB%OQ_f*v^*vYBOMt|n_SYH=9f*<~!Tx>)Ar;jndEJR?&QlrC} zsFo~$3L)gvn*L;ENgu1sRm*~sPg)V@Yq3dcW>)K8J108MVq1g9g0XxVW7JPl@2ae7 z9Y0=*z%O{u-Sex1^MnMD9EN)jzZFn@|GyScrP?e23#f1~PtCtsPk5VqaKs2V@QfXV zfHND_nhqMC1D76_3CI0E_f6aklbB$>h%U#rybGsqZr%S9F`9lG*rGd=rB58tgcjJq zBdzgKLj6EZDfP?ByH9$ox{V4f8Y90k+lov#A`r8MrbTO-Ee;7CDN0C8g&E8IGqZ>I zmf54C^_|O?`W1CC^QzG<-j| z2J?z$wKC1$u6m@s=?u(A=@1p22|4bMurJN=oU&bACmHb>$kHl?Yt17$S@o=DF?Jld?7#mfvV{bpP$%zI1h1*Dx}h~%e45dBWhWdfOMsJfSf^r?PfnAsHGdkL*(u8J2kt@HAOdFg zs%w8|_Bd;q9=TcS_K~we{r)JM2w-q_eVDo-{?A~y{YslTlwRj<8Cs`zg zNp4}&;~NW=h{6lA;)OmP?Gse$E5;`~k zF0}fhw#9C{BsHwkKv+i&LaI#Uopr3vF|x+|v5;{GZ)B7BvC}RFwo2lAGKTy==)%TTCXxR32?%#|xTsq$X?Rm+AH)+$0c<0e;cDJLBy6 zna}OkM*DG)+QO{B#H0D^ABjh*4`5CT?zhngnAsm`#;B^-x*koXU+2~$)qXV5)sI#Z-3x#R@1n5>-lzJgpY1lV_!?28H7)( z{bFkp6V!n!iKMHad3tpLaU0l3i(MEzlLhQp^hn=*Lh< zt0x|ec=yy!FYSwP7eVF^B%JXlWA6QBeHcvTgB{OX5e@{OPV(F4oa)jG!9(RYP4H4EHE z>H=qrG(nn8vRVoZn*9zWPzdk?V;Im264=fc_z?se3RxETNig8GDgro4ab#B0``LM7 zA=^u2^l)^VB{@J+$;KZ_P~dtEQ{YamJVPBIfVgWBfn7r$oc=mE{gA`XZ`+16 zh5L3jDezs#nAUp45Ykyxh3r#>a00Asor6^8hf?C|YyE(#k4J_IpQH|7DHG{CEtdgW;v8~#y7^Qs%c z`)#*{V)vx*JJ;+*z*r;IoYj~U6$HNAPVznWjOP2^1@95=9K;8`BP!GK3*ojl(p*#0 zI>dV?QzgK~n;utr&=L#4PF z0Nw9Y6z~N!d-1cdlnj{$bz^Q%N2P+3rwii`@>E#LRSfWCt^PXZxNYte4oV&=7{rR>$Gmra(qjZrt$*vZf0Q? z&N&R!Yv8RTf}+gmR@+knzkX;8Zs!ZI<}Bfhzwv4cuyHiklmo5^x7`M(L6tegtw`PC zm#R}}!8_fYSDcZnXWMc^O6Cbh)WWV3ULek_q@p#+4a+;5?)oNG+0V^xb{b&P5@o`X%q-+L z!`+#)?x21`N0OrVp;Dw?5oanrSUUW7Bbx5jAB||L3LRbp9N#UL{*F$BxBkNeN%Q;wiyCYpt&HRsc+ z>=@oZno(C|E!SXvbBfh1Eq0vFX*9lNP60g46^Jvec?0>o?|HUe5n5L~p!|vo&qQ$-SN{Aha{ex6w zurk&DgH(j4{U@my%Ec=3FWox?E*P53?J+;&ZE2X)R7e;hE2)9<`tamsmlO*@)TmjuGp-4kdVuA{KB6=bkqJor#C=>dpJc8?eCk= zFn~>HiW32U+9W&vYLi4~hJLgxmo9n{i6l{JY6+y;kaT+-u8FAVbv09c?eDA}{IJFn z2FZ*q%$ms-f0TDog7wmpuh8^BEbeAxfD6>O?+=0c_P%t-Z+*KJfOHx3(!(FaCrE?w zk_-&gM67N+^1+wV`WTWAn-S2nrymG$e=1p`^C!BHq`R3fN@)x9U(OiMZeu}G7^*{5 z*grTx*7#!1C^BU0Sn=dDrIie=VP2e#z4R_=W^vJqs=7Z{amD40j^t=H#C&nXaF3~H zDk0|DmWHhYE^vi<0K(kR{)u|o9*M|te1wr~WA%TgaP2X`8`xHjoh}O-O0I^c+OZ#(I4Be14-fW{6n5H8&CaN8GL*ZYzS@=f zu=GmqpRA;kg;~Z+$?C#eQcyO!Sdcd4r$}ndrb%vmE}@^ips_7IO{Xe}E1tJqbbTN{ zT~@}yqU@|HPN~K-+SzaR;Pg@8G+#(`H#bEy7+AOYPKAJ^%+a;PfxXm8U7S5*E;!(O z`MZWb9ee$fb%ESbFhO#As-^f5?O{J5P!B%n4zIS}kNqrieXm+}AD)jzEPc+pkjXY} zuuf;Y@I8&Hk=^r^w4J#!&XpG%3%Cwu<2hwF@Q5E@^HJWvlMM%_yi59}RCrF~CQk%KvTL$TM z9ySfv&Z(-8&8d_67@Yc42~4y}h|In{05jGR#{(Vn;VzZv`)MUwh5HJ${+eoCMdubs zLv<0L`bkd~_1zUehtOkFWhX(6A&22(G(aPOBZ-VVW zG6#fxC+Z^PaH9ZR-+b=G%s2@@fh>-;>%)l?OoEl8JbWP%FR!*9X!J){E3jUw^e0~s zS9TB-RR;}cNn>`+KuNR{7tQA=ysx_Q=(zG6(n7RaWwJ|_LbO8DLNc99yNo3^7@0{6V1oimhkvFEQYJjS3ae}j!xNY*0#eqOrne{&lL%}sHG zKUPno+KF2}L7->3JUpDWIj7!;v2c`Z1Y~a$!VQ%zXe7ESTSd!PgJMh;o8Yo(0H|d~ zR^nYw>p2j8t&h7Jv|8QWin*k2cv2$d(_S*@Cg-UEr6h6)MPZx{j4H;2DKy>6u~Xdi zN)W=rzLkbqIG@nJHHBS z&kgkwX~vUu-yXKrQ$6z=3!ub2*e`k45+9=Jjlh`cvkC>Z&d^Z_906I`5;8z z2>b{b*yOx8f0+hRyFVJg+bm?FapFC=@B;G;vEC zV-qGTBWIVz+YLz@J&r45Kf6Q}=ts9V#%a=0m$-I~`_D@%X4~@Gch?MN?GVw%&)FCw zQblLkf?YbosmS0nN~c%$DB(owf%lhzJg69^sfG?$D?Z8w@2F9C)uucr_U_e>?{1c& zvgsUQ{Mj+4K%R|{-)OLnwm`F>P!K>Zjs-V z4)1R}?KU)V(#-3B!aPo}toKbK#@(^Pl8Gs@IBCJjOPrNjKz_%avYEAvO*uW+SliYXnNk5YB8Oj8v}aV%DL zl_C#Sc8&O)wRcftCxYq@KTLCF8bW9lE6vYvWlF*}%NECdZ;qU3lPx~!)XEm9_&)In zUnWvqvCX>JeUn@{ljDRFQtX7|J8v_&28!&GL(5w~^NRT|{7^Yj~LafW0 zx0hFJal%VT=(PSk?}S&dzFujbm|P{bx)-2AV5}eTe%KR#=L4{>TyC9T@TBCXq}I3T z*Tz&KDto~BT=XYuF~g&?FUu4&`xX}Y_NSu*F#>J2`Bs6AV+7a@_)=!jlS-(%^~ffv zigc9v6wG6AUnSsm!?DeKQ_nQMKz>2~Zn?yTNN+HL3BHvecdGwmT2e<8$DV@)liYE% z^gbABtq@t9p_W*S|GgXoHFqLr!cH&e4vEM&E0Rq^6aG?v?1M3xE{hiz{@isJH?JcC zQj-x*9#IO&3-IHJOK1v738s`3WG6kDj{iO^cM z6g+U=Cj9M2c7tqn#zkg5RKl*`oPRT|$DR%2Y9m-CE+TL^-qxqkK52 z0yJm#uw21>Wc=Pz0UqQ~w3QAS1L1J!+a3nJorYTQ*Is8)@+`2#`zofIV>M zZ~)%PZ4HFy-~jxZc3*0q2>sTc4!@tyo<22N6ed2cg@5_LjPB z)$OC-@Ar=m55<4`{eJSl{qb=0x4~h5*zX?=hJ*g!`oqEDX!JMG-^`HXk4KsA{;j`u zU&+DUk%u!RngJb~peI+So=^22#QM~NoL3+CrHGpgfCxAT7+PlfrPni`TD z-um1?p*8dWPR`_rsd@%+A)!5k*azYK{upa0dy)st=*N{rAwc`$C_-=MS(dPlKo8v9 z?E5hKEr@wqshKF8LbQ{R61wA5ZY2T8moLCK7V|2}j(D}N0AUki1`at0)PV-?UK(V? zm7v%<0~<0I8B}{v4I)|mgWSGBcus@%QXh^vb1}yP zdyM=?x2^guhYWYrk!+t>&&r{7({Q>;2rB{SW`dQw#y+@hxp`ln!u3CzuLrtmik)HI zdTv3N`CN2L@C?n%tb&sDe{gs>OsxM${lTDJ|F`jEtp5?!Q!0S+Df;uH1C3rGf8=WT zAEDtw*2v1QeAn%LU!3e41kdJcYXb>cSOp7b(FZX``W$1zL_EJQDfQ?@mYiI>lejh! zTb$O^ZHiF6y1o-IKs3C4owHJ`gFx6wkn3YCi#fl7>Cqv?hN^#jGb_!C^5536K8J2Y z@_#r;$^Y@NmH*p#HYESw#`t6V^1qe)8<+c=lJ~x7X-?cHc=4MS_o=78{EwLLgJ)IR z5h(Njjh`mv|9CVwY~}wpp0sB_m(t}W-s(=Cq<@1bdw>|Uh0u$M)uQHt$?58N4#6WQ zR^Xj(!*22=I6kS|G64IalE0D*OgWBtLxE!^T)kp@3e`mGBQ9FMe90PI;8Iy*9eWhD zVa2?Lbyt8#k`z^?{i8_Qf1hy4B?hWcN%}SYj(l-nS~|NQ#Ss@cQu!kivBcKhWc#v2 zywRi!%AzpNnB{Y4*SJmmyr2A4!cdKKP$ibxRR?DM_5Y*c>JF@C`N^l${_8(YtpA5c zPh0=rR-WeVzZidP+47^J@7DU;u=N*1bE6iZ((<~tUz`tHt1tVhD*p}3qYSz(v0&5j zAA_U*Q8NDHaD3Ft|7|?=zeypthFo*G#((@kX#4;4)kUuSi;M&=lqV1TcbJ%v1~CE;0Jwzi z)c-VxO#Ij4rZfNJN@vF6!Qa980#V>V*G7~h9q29um@t4aU<(KmzycRK9*&dxe}B+#<^MLG+m-)6OIEt4%K)+92RIWNt}luT@be(>`KZfd zBiNwc^fNSqK)P7y<#R)v@_SIrk)-ekjWzQw?Eb-8KBZ(R+PABnZ~mz&|NWJ46X!oh zqtyP-V0_f-|66%h_WuM7kvJvt$QKD>`{MXSi3Z-U5)iCNu}&=EW3v4-;xcusCoPmj zL@?M7>bb;Y@XUoXbj|B=?X7}4L9G?ECYK2H0j+Mlw08g$GujOczOB3DZIPl;s5^6M)bOWa6}ww1)xI*#|~@b3JHd7~ap-uJ`sgQgv|UHMFP z;{syyIC0ce;i()Z%P4&ooKlF1sSrQG?8^M*&ru&C-@=fKd5c;8z?fB4aIh46$GcVk zzU_r~N1mGc-}yqvgnsl7M^;n@%k;nDIA#A2M^9V*ZyV3b`X3XV@cNdtK-qhN5*PV+jLT7A7N-v1ifS$;!RbhMi83)$KJTxak~U+%m{7ROCRy)3g*6WUq4 z;o3S{ZuR@AsVSo58&TBij<^b!)zH?`6mRh;nCPM&Uq(5*r9P3sO=8lTApmq3Cm!J%b7uaUY=%rmR@( z!HC*OscrF?_sp%W%KGo4MC4U!8m{B)63a~(lOL>Cs0$tmrQO2}SpjAI_~p3%36!Aj zwLFe21<}+=)fzvBmYkgqH`DnZ#q@N_Vj= z>mW0|4ugYB-90dLV*%xKm;d%0Wd0yCQNv4!8IAHT`yd$vV`#{c4f?~wAN*vu;y+xm z32OxO@cV9#zk^3E zvSm${FZF$*7=<{a*f?Hj>dj`5OWYU{$ZQrbCI~X&id-SB#NWVzm(ZdogX1B%fJ-|0 zlVEsaFU5b42mQVc5Y`QbF5$_*1h#%Xq3BO|GU(4kba3qpx=M0w3sDAf)b;oMXt)6A z24}~J?*#ne*ZH5wiH#2b5c@W<5uR8O&)EVDE)w4iVmlKtA}~yR609PBGkDDo9E&rE z?g+I;gr$GhFLi3T$YHV9*Zax`QPrR{Uc$EI2c;mg^*KEF?7+GI=N!%azZ^VIz;>y- z%e>*5h;qe^|JL4qeEkyqHrPM<{eOF!g0p~y*kl296T09R;brGaqf&}b0uC=Yh~+_7 zcqV-3)BlI;Vv|eV65?Rk?}Jf)2nJ?Z$x(j*M*Y%aI$naYomXnQbaYAqkkeAWGYDob zvD7NMX$E)*pa0oE6N}EN80I6-q0EK4?KdK&LRlN4?*6Il5NM7!wUD8ywNh|PcmreY z;6TVBVG%y-KkFa-pr-4m-gGiU7K5(OtAeE#%#ICCDMhdW)yW_K9KCydsk`9p`S~xC zvkxy{z5X9?0yOQ1$C>YY+7FLoP@x&v3j`u>8H!Wje}UeU|LyJlf5)HcSA){8pPl(v z&g)<2X!g~?^RLJtUk%UwI{))4y`1y^|M}H+4!@H5{41GXe!YTIyYr}%NXQSb9pnbH z)PJ7ExhAp?g1>J3wd1z+qHpD?s{cF0e1WLziQ5Ez_RKkCmCb;%^B?1JGXMMGV9@6O z+RC%~`R@#dfY}M%9bzG4nTTOHOV@Ay7|4AvMgo6i!Ey8qQrHMTztoW>v<)#9^-V0j zaqX4@dj*v25NEcgUw^`S0wLK4l&=#BhN3R1pZ178Q%*sIejKm0Z7z&@J13Y`8@$x&`jzAgA8IvcN-|s zrYn}_ic*&xr6pS20Ef~c=DF_9A$yb9R!w|J;xksM6uzK0Do*XcK{ir0*_4+O!5O9Q zN@lC}sq$1_|05Ay`v_?9`ae7x50d9UhokoV|8|~y?LEhsE4kArN>0^UbGx;*6s*!B z$uh!o9}h~(<#cM+{2;ubm1q?&3wJMVAmiE>i^5o@SOwU02*m!{43f|bYx1fJUF6J9 z-dhwKgZe{YC3%YxNZ({s+(6=ZN(hF|7V_;e&?-X{Z%oV6|3D%LFSq@$3`k^Bm2Ld? zd%*=n1)Ss{xo0J}t^LUpe_1ovUZTZlP8Hsfl;5D(Dw2RrbqZhep9vPDOUj@<@ec+~ zTsTLRxl74gIUbRWPI@kM2;~xbDf_$3ph{UAOrMwfcCzZxh3|XB?YC9fu?1O#+CZ4(p@Dg7Wbj8geyP5 zxd>5tMOMI4UQ?wVRl-j}>#HFrV9Zah73cC#t|ftDP8|m4?erpOe6;0wg_5a1s-5$X zL+Edz1~=I8d39ahP`^`M93~g9_<9qAMgeA3^|V)C;W*A7Ml5~Fs_V@h6BoWqdM|uR zgXPYX2k)^!ZAru6<6U|6={Hw`5Sl%tz%HF zc2GX7{YnHx)u=8j`1M5`&l_SSuD2{`AgbZd8ZqOan>NDF&t6w-C0?l(YshrKuVWW& z#@|(hA>GhQQuk7~JYi?WK}x@`iki#@S6eOp#FYV?hIuUOOrNNgg1O^D1~IFyQ-$6G@TvGH-I-`5*zM!RcpV!E|FF3f_vIS$NdeSO5|a9%-y zRY_5cbNj*-)w0PFe{zJZQ&%pgEF9Hy%+T}M3}M8URd#rSqH?py|5a!IQ)!^q)>2Tf4Eykp z6$Y*?bk__sY9zi!`p6$1a-sRca}l0@G#1eGEQIH;gJGG^%g4e%o zLu`?rd6xB2^{XV`W`UE}!1|KE;JQEcKDXFM$pX#a@&~{LXX@fxw`-YVb3m_I-v|BA*OFVf_gUD~XN$Ny<4QTH!BElNBbV}8* zi^S`y>vC3eD=ls!52wGbiN9+uX|n$M2=WibpAy^AMH&eSQ|fg^1Z6h2n%SiW;|0Ge zt4~qomG&C(jJO6gLpOtR&>{O<e;tn7^WR%}>Ye|~xc@KflS7@Ck#d~A z)~@n}fel{|?oek(jsf_IB{}vV@tX1sR}dY2d=g#|5KpW6Z*L0yLcM>YuzWy+R7>wK zq3a?ODq@sETLd=Sj_yLB{R9TR!MNAo?`v6*+}tGYaeXWg^FRJQ7EhNb6J=q2{ChHX zB#289O_{+?foK&$UOv1hRfL2;_9%R;UL7lzEqRsUy*`+|rDsL?U+WIoGWkCmB<26% zQNPXqx0PoL@_*N^hux)RU^lLa6&Pu+iTxIz8uEXoyI=oS;r_3|_-R7^_n!{i^S@hp zwk-eiQbB$6^}sXneYfue&)TC2hW)(eA>M-O1x|-`Q%N~4xX?Bm#1;S( zyw4i~-w78VZzzID>9H#snR*OdL15?@I4-&5#tdR$MqF+pK};b)7?{vu3jtWTx$P21 zHJy${V_+XVfAdEC`CRmC5EuGhA|UcK_Ea~P+-ZFr#{NDI-ay-7%NNKEUpOw|izhV0 zH!_4d{ArRae5JeQ^Rw4cB|a-CgP8rd=<(Fjkp-CCq6B7%X>Ll<*Qu;%g zZ?sb5_t;B%f1j%QpKw?m#E$ceS5=h468&%dbd=Qp#{Kc2)&I8f@VR;LJoj2&3pE#Nka7_aLFH9QYxg z`~BYFz}7LELCRF7+mATx!3zQ~VZd03#Bm7kJC<(1hu}2^#5Lur=6_^-QJNtOf*Eot z6CxGN2$xt~Dq9F&96ty~AfZo!Y!KV_Fk;Jt1+?saW1+i@9xxZe16xPn*3JKvTe&m?)I3zC z_kC7LlR8v-Lo-N}IR?*_qB5lEH8u$L4VfV7Uj;qXb0MW7@6EY1M`md5$&g4uWxNt`i$v1k=0>~efS>=v<*NX(0}jCZ zchRqZet7@sZ1U#itMk2%Wc`T?#mcs4>(_e`^G*WMHsM5^1Zf2#xKuG(22he;}A3W7-zUFrm}R(CawT(LOpSX%FMIYU^8%X5}K3(--CWR!mo4} zBRtQ?_giRBp-XGe@YuZN$mP1*jCk1O)+Zps31G{{gSqZc?>O%KyN^I3Q{BWbJn`FD z193{^`NI=HFvy;rVKI3fDxW1`xxEd6)>(D_L^8ir|F38NL1vgu=l>i$?H{J{e-4fg zTl;StPmcY^30>3T<5l(%5&u1~bv_3UUJ%0*4m@$Q5^?tD9x|aQGMb3_5O@(<6YpM_ zc$~5dppn4=uN~rY@y`2t$;F7jx5RCY9W#9RAX-!Bo|-zGxVgp+|LE&HFUS?Hr0WP- z85$>AN-z9OrlHoT9fw*EpM)m4!eB3|A&io+aHsb;PZzTFYoUUCCesesQ&br0*~$mc z5!%OJTJMQixt~ZqaY~2<`jJXQT&0Cbzv22n^t1EEdx`ZEmg%084%p+X$R6));$PxE zaUgUj6k;~vDz@iBI$?zARtmP?M)vQW4)_W5d;NjZT?A?L*H3Y6ceJW?!TWxVDWBQ~ zf|&W#-vs56(oM()m8nlXyO5rPPDJ=0!QP&rV^$5N+;_az0T^}~L*+a2M%=TvxtWtT z&H}GNSk|{VfF(dl;8C!q%ZRuPj$<=z@5b$vZ;$5>kfdTq{k`5Mi!~ zP`I}j7lbNpjmOIZk>U(z@6{a)@KM%=g@9F?g)TI6aIj5Ysob{a7dBNh3FtK&?+ zKzN?ZnzUK&S|G~E+|}*LAD)gGvfy67_v~4>fW`>VClne4n{+buj0?zeSdT3oc%pe& zcb6dp1nPPf2Iv9{c4EqQZ!oSaZSwg*D%q#f10%1o-V{6dN~59nB}3m*HP1=J4v6jw zH{{q;F7dEAVJ>pSJ@X}O;q$ONCN9My084TtIA2B%JGzYPd`!D~;eFt3?+Y5M7pNry)pcb1^?) zOV0}P?Jf|sK{ZmPUuFHVF17*hrP!dzvL&cRu5v>eD#%5F>L@ZKPbN01*JXz6-}VM| z`)u^77ymIAVFFh5(0}oi#Qz`mpC;o!4*P>P|I1dMocNCzq1({^HZEk%xDcP8b}hs` z#^!Cv$2|@Ch*4SKJ}dS^GJ5r}k3w63Ei!aV)k+6UbQi^eB(!?D_Ym&li|y#piO)6j z;7jz9E7*f(Vt{|unXxd*yc#BgbKW|Z^??m_%(z&Fn0hW3%Q_P%ftVo|hF4Gn2RYC} z81mXP4;wOTY43ru{~#Kd&5A#+^d%SZTxN86n=YIYSDXp=w~qZHQ|Olh2*=`))y8#f zDosM5&vkA903G;Nj@tw0ybnPpgc+O%E)?NIzSLbrJQ3cEX1;e>ZQq7`VM5fV5(kv? zsvav2t`-o>g)1DTh?W+>_rNRS0(h<4j>Yi^)z-BaP&eP|n0~~F84FDXkdOL|5BG(~ zmNA6J`Rr1p?cN)7N*M(c3|qV4zCHEy|BLTwP2K-*<@*2A(Quf||2XKk@!wl{a`gX@ z(5>#@>i%o${ukfVUDNwR_HK3ld#dw?6i(~=Q9P}1w}y#vCWhlpJg(D*PS(i9EpTr^ zrgi1b8xK!3ts5oPnebluJ2l!O1I;%^ps3lRymk_7LBcAGaAO#(uY>_55BfU9>;@Nsc4Cl; zc{Z`&jO{rKopQ)SV0q6Torw2e#J?whY5#BU42m3{Uq5)5+nJq5GPZh9g#-fMwXso) z6Ia4LCp=%bTEs`FD8agl<@iDO*fJIx-e))55Vi>fLl?5Ko_8tO>UqbemMNC2u`5%*%Sg~Um@ z8#E=DEzjr=3W+$vV_-tZB1=0u{2efijjj!=feQMj|1 z`^dk|JZlGWM}5#LVXt*et@hOP|8REF9VFu&tGa?p_kWK@$^37lVY~mkl_$^tlR@a# z71X+d>bQb7nzJ)ed>S%Fo56nk8<>=0FGnum_zb7p*;l&io#+A@ExZ| zS7GowGxn_yeY`6}A2&VpR>8iP&kFj#vV>q_!u=qcBi9@#)Bm~7AJhLw{o$y+|7j~v zk^Wyy=++!)&4G1yhP^3_6!&+;gwKP>uwB&ti|0dY4BTg9pqTc#L8Y9hUm$wnZ^FFt zEUQvXcHN@n7&mHi;S-pZ+Kqb9GAWr^rX&$86>(->YeFgyec;<+?_ zwCV942jZCjGns{#mdL%)V{s_y`*BCgA;*O#GT6jI80v0zJ^fNg*70vgi{HCobR+^{ zhld^TBj|S?tKqGqRl{5F9aXkRlu_SSsFFdHT1Wa?qvE!o2K0YvVHOwwW%~coV4T$d z4+pLOzm=zs{+}RpYXGzcK;s6$hk(cKgawe85v>XEEtvob;+F=R3XRHeyhQM#Epsp+ z(}G$z_(868#KMfYKmP}WzTjlgR`C8fX#SXYmWsyWQ0ygjI*R@b0!D4(VI~69PP7B< zhL1c^c;>>K!nGhwsiIksM)(SnUis&-Bmfd~wULwARzAAYKrmOw)JCikDB_J(0i!1G z$i0MLU!VW-{?j?wGaRoAcp3i^nh@IfEj036A@4Z5&-hTgz;L`(I8@wb-sC{Dw>zRf zgP`1T9K*?SiBMiyBRp<68+A(Sx-};*Vhj5oA+Tt8O`>s%#A%^> zgt^3s){bPmqqFsvChL8ftG7B;@9<3B@j~kU_dHugj{G2dc#XH+-7h{~sP6Jsq_Ezim7P{=XQZTjyWv z{AHodMy=;hURy6t9}pwQ|~CwUW3e);0_c5?ihXr-W(2r2F#Kys z{fm3KZIF^LH#b^0&oc$%ik7y`Ji+Mm7!NT|Jpcyb2b)F31%*_ zEa<+C3mJcdF@^P1g<3R7)xJ%N7$Gp#MNm~NCfpR;B4^${af*y#!CK^tcC2raY@r)w zWpd?ulQt^VM1rZeGWS%WU{ed$Bac$?Rw=~c@Uv`HT2c~8-!?{uNI!k=TSq-VS>{KX zYp{?mR*g#${PMR+1q-q&$hRQdAjUB<;mcs|6ibjiu0Bf@U4bM))!Qdc;7_VTBGr$zWgBhf zjh5B@|Bh4j7Kmd1|8Q`0l#Ks99372X|Nl0g3jTk`X+wWo?|<#of0>GZwe11Np`qJb zO89rG^E=x+={R8_DnZ_5U$^75QNrJXr`vJzlY{X2en!kwSEq|Ngg8N-ic&pECWcru zqr_h7bC~BnEYtyr0+(C1GAmD5C7cJn;Y>^3fCm_|Aq59u3~Yow25E!#okL86Bg~2+ zOzLDJ0Oul|w%*T>?++w(YeXtRcBHudB{a9B3=$zYgR%X42Rs2seeeW~!A~H5_1>bo zE|2>7hz6)U-d!+zeUv6nX#xu^QZy; zeoJxdU*^^GRX8Ea@gFgSNua!oP(am{x)s7EGPrdR-Rh`-!gDp%MtDESR+uha z6J?(=zY|x|n`FIpB&2dP#Y(KF)L)JFl=~-|W4^&AbRq@PS`4VvOYwtPhd0NG1zqoq z>{B>s#YI}>!6sJeOqQ&=Osl|bf1Or9uenfXu*z0fYPJ7eUaA%PesWBmL2g3`TE6$# zEs9J}0F%jM#ABObG1(_KCqzdiL_mtgZ2dYoM*;R+c!_+cn8FZwTxfW%%a_uiR&y)} zfQKzeX$2tUNE?Siy?*XV_;(>znpa<9bFspjC2?Ukje{oC=-`4fJ|T(6J~Gd^s5B?v zV{55Q#<-{DA6(bqvfYFfxzGe>#H9RP*x!n3cW`Z4G>df?f*=OP6nD}x|dgqmi)q_b<)T+1<@dyDAZ;5k=jh6Yy) z=t3@Gmk}#^jzcIn{Rl6%5r(u8&1T3#v8UGBCGwxT1pkXn{cPKn=-ws5$@ecZJ(Xxeq*@@)%9Io6&}~>uI)b6_;BAP2pUKonj#rs|97f@;iwdo) z@&+6snwC?VdWHd^x&B06Vb`LF6J80Y!M3@;cU5eR-ZOPnNm@&S$Rf8$jm?~=Upf9O zxC*?1{EtsZsr-+J!=pC-Ya35_{8vcmHVCW@0&DCD_=kY2b~s2Y;6Y-g~WaU z3c|Hc&pz=9$E5?R=2JhF`E-Q)n}k)lq&+?R1cF|He+Q@BFch{epT&k~8!%!C=`3=x z3uVZ28#P%Rk0eKxa)5~3*8$%O{p>g+)G8QIaH%L2sj~S@rpMH?JDF~^Ag#8aAl;{_Yq#9i(PJ8)n&#tw3%e$x9= zjtGjsh4wjNx+Uwa#uk|!ZG%y^BQ&Du=i87Bg7yJme|UuH1*Q^PI`BkW=&q@C!_k~* zhT~~B>qrPN=#B5(?A{37Do^1i=q86(M!M{&oOw!cV?_NgKERjP(z8;DsP9yNMVTuD zAPPL19Vp%J_0y5kV*d^?nr=Mgm9T9=oCaA$vDj0Ag-aN-5T5^n=G9_<9#`f87B(=uV zuI&G#jJWz7RyhJ%a{uGe;nSx{|6jk&|G1r}-2dkjy7m6G-oM7Ye;*}J-Sb19{>*8; zhxgxm=##q8cX-BGlyV9A-^B84_=)R@r)r>9nM!%SfFRilFf1L}(Bx`HT8|40Uy8z_ zY)t*DZQqbsJffo7W*h|l2bj6ANzYVrJmLmPBaXrX8^(fcA}fkrUFFb=YK#Wyf!2%@ zOm$}Hj&2~fY^1Lr!6>F6t`icNWT{u4Wxd9)i08i0m$VXR{;X4I0)l}H4L*seZaZAX z?~3Tu+veHufDR*EF|dH=1b67qi01-RU(y~pm63FH*c(w0vd{+EoUbqlb5PBQAUS-V z4AI^&&#PR&dA{#}AHiT8{?xG<{_VKXLVTD4oMgH9sqf&} zwv12u>Yv`$y7}4mep;Pq_vmVi)$MGXkA(NL}RW8WoFC9Le72ZQ0vtFxj3}LC0Xw2 zArsAJ&=r;{v~|po0WM`v;!x4QLk1B6=LAE{XmBW~LEYEyGxHd{j7$;#iY=r$QUtcZ zq&WDh8#3jU1a~s^kY!G|vB(Md@UQUlg0KE%2ii?ni<;89+M|J%c(Zr;TYvxA?@xNM z|8#m!v`(i3egcE0h<8uu-0PXm}1fGC??^$Cscz*W!jlAQta1(+d+YUaVSS*F82KkQnPd9TtZhl)>$4j)$Bz!KKQAymDH7~;f*$dwDhk`MUZA( znwq=?ryG1Y(fYk-&$KS}roqS_o@f@CYh8|rhkt4RZ}0y*e)Ia{`PW~cpP&9B{}sQ_ zKD_^*|9m}t|L)z()AP_4e z3zo<@wKIY!1GS`Cipt)L;?%(zzCDW^sh1s$>sZalq!>`&cs)}bBGCk0)4Ujl-6MP`n~?38zyoW zr#>v$0ZDGD*8S8oE?^!rb-<6{sDJolZ}>~T+nJyas+#(BJx-#>PAmv#x+qW7J4^V`t= zJ#`<_a7ByEN8!1vV``&1`?_l(pZWdW9`*wWZW;Z=ggzo)2Y7sC=}zVA=vJbFSh0nb z!yZ%MIYHbxnK6hrP7A3o&^S4=udL3;{%}R?@02;Qg8t8tUFq0&_>}1Xqrq^P)c*&= zHvW4nPm%u53Ee9Ht@6L7^3U05CpCW#SgZEmXSJVGI9KOCwTN-?@d94GfJ__@t)%UU zT7X`_D`5KdHlVKbz)MU$7lL=^X8=)P5IjS3&xIy1i0eXwSxern5PAzj!)ug$hwaqY zZ8!q1CuBAgw*^T5Xm-ji5ysaa-3OhfeX2k8^}k-UJXh?aSpORi2cuC^{~NXX-*%n? z{ZA6QRRCKBu#N)AIp?Lntn?t(rxr8|UBkrON$pUA*Q$s2SUr>^PV0x!NeLU_=$3he zXG8|8@XBF$p9>A*n#bVrajc{~RVQ}Bj~~Yxw)N|b^IKuX{394$pgF|Uxyjb(y!ro@tZRx4jeDsn$LA| zMmav7aJ@El*}tIR#DX)Kthtlyq-Z!{*%Zw(QwqlhKj8Ml<$N#l-c}k;*Cr-B(U56D z?dG?E5)B%3eH=FCF=QbsSov7LoDb|g?EA2&_*c-dHiR3bKtA4UA)rb%e+U_Mk|dUo z624~WmhSH5r<%?jMG)Mdgh<4shl0^|C=*;uuV?<~9lUtq3 z8Phl))U8b240IHcHYV&=!Nve&kSj`I{mO-~AcHmd4yYAQbz=d|>g9j-W;5v0N-44% z$+Vqd9KQjTpC6|d#~sB;T)@WRlfA~;N=f_%u$b&xsh{eu(gfU9T(30gSDE(dg+skZ zB1-JF8hUGzd&dSZmiVH9@0C^LT5$!$7R%rQm|TnMfVzVkz>%Nj zT%GKZCUfGJ>8;Jk6&9EV*Ov-Yp4-MK z8lj2k1+T%74J+87GPdUAFAZPXu=m|pcWU;&`%3vgm;9e=@vmv`i@2M7Gg@?;um>lo zNIvD;(c2u&ZOqn)$`!FzMB*!m<_iYRZPPlk<2FI+jgD#uXkG_{A8)W-j9 z3y^=84S?ed1zaJ|m1 zg()V=w6Ti!G*&S~lnM%D9cnpCO|cKqAlN`wom1_yD7ad1A?o@K#FHi~H%q(3vgDzc z@QSu77qf*IYsJs52rDxh@+27YB!I(DSRM0meEAX=AvZT#H@ePCe8%y6yvF_!>RvMm z71MZsM@;yJkPFXg0`XD%n?kQp=5^C_A*B;b0KOxLZf%OqJ*(>fbxr}5-2Zhr8l~?4 z8n^oYcAirGzdZ%iD*p{D|DjqQy=p@3S2f}Lt@tNrXRG<&d(A)ZtWrw-JQXL!KR}D< zro0TbNbxiwHC*I~4GGElzZ?^-O;jjcUcXB znK~$`(<CoUeMF$4>sX(|G|#CY^EoRY;3T|-c5a-k*@o>3T+{&vC0$X7StA{Z1RYI#D_Ty< z1o&HErG_qtiLGd-1Y?mC=bWfCsm@dxJX1G`j(XXfuo?rHMEZ5S1X++}E@ib^NU0)m z+UaVQiHWE|E};v})pe2|8@dZ78t?hX7e7lCjB?enBmrcMZjX~w@-vx+gwR=P#s)D6 z%B8qwR7l?5@f9pQTgT|nsFYOcgbwJrkOGcFc|)I08JH2z^^@d3E~G2hViBbtq<)KB z5^x(0Of6zu_~O7s^dd%Fgt?hZV>6UdbLwlFbP~X|?j#*9()m3H!xe8@jnh|H`Gz3n zj?&l&A#9S)L92KUsBSwJ^hsTfz!6N6$k5zj694-A%_(tRPmry;=xu@}W4 z$~o|(V8Gj26!BvQPymWQ8I)T^ve&`PN`+dIpbDqs#4kP39S34_{i!2Vm>-+B$fck2 zqqr28zVIAN+%U5G{Hf&(5wpkU%7u?E;KI*R=`cNUQ;Zov1Q@a*WxDN9F!h*nnYoau zv|J`;_ERni1%CWngQ-u}NeI>?1gj|>b^Q&)+umN;`KQ+Y-~OOCI6P1_*-G1hCGmep z{Xz2nm+@hn|8F}_&i-GT#v9lHv~|j$+iw1Ce)F$jH!rpM_pJA<_iX=JqkDfUJB535 z>dPkf|J3&G`wn1weztpn_jC_1P3qiTK-DcJ_W@sHgJ6m%m&=s`&>o*JU}D3K%!K6~ zn0qvM5%b9U8BoCgtz@83=*I2``9HvA5%C!Bi!QOzd!QUp39Gw8=m!%?MO3g4xX|h1 zOQdZ6ul5i6zgpMt&i{F%Wx$$*>?`=ggYGhfP=)6-xkI`TTWo$lZwYGeO*+XpH*TY= zQbKvqn`u5HDYuto4WF}47Cet*ntYJ6Q8`}c52^$9#K(y=8}iC%3NE!S$VGFg?k5F% zslwmsfQKh>Z{~PaceKita{pU;G%Im`wEwI&^O#oK1YgxAPvmaTz;D@hc5RF|x1p^f z>MgXV(51D7PE3+;U=LcLKkIBjV9EFK`SLTFMrPb`sKxR*Xp$=o_M#e>F`F;iDb3Bv^_fiL31E~9^gCeBztHk8t@lK% z*-xb2KPAKh{YXXiPZK8f)z4(wh1e9SCE~rr`U%T)&q;7$KkqHf5#vDU%E+aR=m-_I z-$o(_Pb|z0#Pd;vew-GppVnflbT3+XxNM1=nl z>`B8utAlG?JMc?^*iI@Yz!IP&@F-Z5n_|$NEOa`N zg);FPw~yCB%P(lYc;|8O-_In1PUQu(o4`{ZNBQ^&?!EoxGi)rofVjX!G>FdN zJSeStgV+wi5Hl*Y8oD5!W%7;?zJ!#aIaf*(Gz|Bq_u_(3rL7$7#2@U0LWpz3PKU$R zf1*#hj9Rsg&ToUUeJoOD{d59GH7)T>$4ZiMq%-TEAI?rcaN^M7NZqEn=O3KpuHSLC z*K6)N#)PXNs*BTilMyV&1Jub{GL7?>zd^t6XU!I?jp#R=(%6g#XDMXr0#Vc;CVY6J zz5ll#Y0v>b|3@xmAWGR7Hj2Vua%gHUr})(i^?+Ho@1Giq{%qN-WwSyy8#m&X=isPJ z_0b|%n_#T@hqKd&ff%XCKU^JW`b9j&MVvKhv)r{nl##is+mk;$9W!LXy?*c6vu**6 z5uS$`iKm`%0a*^~iOjE>hjn)uGC-iNS7CrIuwW;qZ1)D^y3!_}52TWPDjhH~K7Lc| z;46)W+LzFL(zH7#v5mPM;f5T0$|W8)C(K1oJUMwbTlhS%CP8Z~A7?Ic2-U6aD!7i{ zYZNw~)Nx1sK*w!>d=Y8(zRKraQwO`K9&+6&KYiPO6DY&`h2^9@Ni3MX$q1@^MU!y(jAI8*5UugsfSuOhM zr;D}I5G1v^29LYmD|+V7x4S^l2GvNFewFpdy4VK1mtun=%a))PxylVqsUQ~xs-sAs zJek<2UYFRtX)~^U3(pGiA9E2aU{%imSDOF%>0vVe+hM=o#(!+%$%+4n(YQVO(T0Sq z91`Ml(ykq#h%tB@?Qu_|Jz`WAxX%jvkc?hE;v*wu|8TBl8U<{Tp=7G&dihxhAdlTv z&ifm^3SvwW7K7Z^2qOfon0hW>9&{$C0Wm`^l%@E>;2;ND2#e%oGY^a1ZrzHVHxZ4?X2l;@ z`jRg-TzGYPn=YIY7XrkB?Q6ft6#At&>C_l^wQ(JrN|O-ibDbL@KnK31<@Ufi??aFi zVFu@c8%OxDFLf6YkH*risqNd4FOZ1ZRN{d0Nu$TJvt2D9mJ4V&N)drCfbW4b9#L@`>I`TiB4F$Y<9U6y~r#ka>%+o7^;u=zv_V6(G zEqpuCFT9}WNS?S7dl=~7+_(}!(XkHG4`Ro6j(hsm_}yF>V;>j~2`80j5_`Cb3cWp? z!gHn2KqQE6S8uq51UTH{IL08dt8yc@4tP-M=@e0K6s9O|{=LKht}<9DtF2Satc2$s zYDaGn)y=LzYaFL{q7d~DOGZi7vpgxO;tZkhw}e$lBOfvb?u{v(+q}eNYeoKme35d! z$z=wy04aQd2vis!RS%~Jb0t&^W;4xJ;cDuc7doAr6BtuSiu=V(M8h=AI~hpeMV2p- zr>pywi*DFhAc$Q9wch^#vxPI^5_+L^wl}(IjpBt7lfPdPy)mfA%rZwuvo74u?05I} z>UE$ZLf0_%<5a8ZmJef>VhgrkzHb0o(UH{f-%PuFk%?sDGPF`q^lp89t?mckKqD-k z4w|ZJD3Nh!X`Y41Xjw9$W$Ap-IerhC>7L~#Mp~p*3JLwl34BVVu{4iX87i z5ROD8z`~sOsrDeET>oBoO;NdncE>%5GsK8>VIOO*ZZw9=`xkz4dz4{Y-9>)KSMo{< zWP7OD9B6Rr-o+TXwvp#GMf)a{74HH&qKx|XS`~>EftG;fH86j|rnx-`j^=t{&6S z%%(f%tC)XAcAuyWB6w#0JoR+0C7!$5rQO&%SojuzPNslMApqrVsP-G}_dizo+^=Xe zI{J)xdOYE_rh@$`kUG`9gw*C>WG>&5fM7 zeu)@B{4l}Pu|1-{+Ojlf2j)nAYI4vWSrS~jDwV@9i0*`Re=WKA?_P$(vl5}{=T;@{ zs9I)FuMM)S^#+2oQ@60ViA>l&g>HP&sIac#Xfc(|qf0dKS`81b>&To;eW~_~Hn;zD zOJ2bMJbn9P4s1rN`C}J_KPf*R#ZbT38hhQ zwM8RjWO#A^SIUrIanPiZp@b5Sw9sg`7?>;p2*=A`{)$>`U>m%cw1`dnwaNZ-x^Z&< zhrGY7`-_VTOR^oMiWbZ5>vGzUWnT-S4N3!JQNyDidAN}5u+PgV?nGLu-_H4KS@LS% z{`={{;NHogOf&>ORC~E^zyH6N3BsDm0p-@b`$0w9B`sAc**)eX?$OhB2in*_(M@e< zQ?EDr^JJ9iV567*#7GH8z|fwdH?XFbV|AmSHE7$fPH@v09bOZQv(i}!esVHB=(f?m zTs{7SQNdc|SLL{&�h~_s6Vj#9M>;B57pT6+*`#DG42AFuyJf>xBKT7!p z9%8FKTyg$JE%^WCK0=4n)&7V3So9Ta@fGCU5Xm=OxnvLIV#{^#;)-3`mK`vd0T=q! z*<*NBi<%Q|GV#%ck@d&8!ARD)y_7Ou(k3lcVw}vw4+$o!wBmfcXLl~pAwT*eB^>-T zmI6K2>x09R`*aPOA$i?_B*H@_EWE%^cEEx*@_g01ps|cw2aBB|qUBpoxET!c!n+>= zd{|UU;Ld$K7Gb5lh`*>g7X_0CeerfF40J3`73_A5ko6jXtptv<1{4&4cIFB{02gMP z|LmZX&wIsdx3Ie(9*Vt;%ShvpLh#Q;0!*OHx;=o6v! z!Fys(zK^ia8%X)SO-=wvX+0Y_VCm#-^6+us({|wjPzD4E;B|WVXb>|^doeP<+K(Wl zgODy;kd|3+h4FKU;=$G&z<+1Bg8z0~gJ$mX<`w>b7TFwp6|!@CA-;M%^>=yF0ke$j z*~kHDLbgqu5TcU!!I4^599a()6N4<&pep$bq4R%_>u%({@0_HOB3?dtPvyAw)oIltj)t|B zH_Q>+!@fhk@&uu5^TNdPn8eaet9vQ*p_^`#!(Tb#qw)n5i+=nU z_IkuUm4~$XZ0FLmrgD28H%!(*5bx^WXd4~ge`InoDNgBk`#(LL_q_oxQ%iGCSDT&u z$gM~^q)jAW*Tg=fAF$1His_dwSJvBeFfP{DdzLKz@{uiKR@4q?W{5!yt-3}A{ zZv;ne849wNepqh>S{`2&G?tMhbte`1YJmx15Q`IW47O+W4eyw$-~B|H;fvem7&x% zh&$BeFcj%t$FNXU%$ZL=;6vOjT*i-H# zmAzgU@79@gwoR;i)`q!HsjdO{CasH9;m)r^8{A-DrKuc~b0n&E43$50od=+%mSF~b`KwFTl%tFz?bVp2#3PR zKI^a+q_&%Uk;fm^kyrV;acSgLL=L$Z0Z?^!_n_PD@Y+0h!rlk~amVup=dVm#*2-sY zXDj6Irqa3CK~E(nV{(7yY_#1(MAUL`*WPjkdm)u0x5RSCn_MbaWFw^A#1 z$+6w|G#{sky|rJ=)&4tu?9}S{`}pAMMp~|`Lv!m(dUQ{AcCKrjnzc$E~!bz;9xYhZ1UskB__L4+Er&{g%DIY33l&9-zWZl3NPO{FM{_Fzl7>&@|2%8HJ zfoWYU4O=jlf%pCsO#-LU^TZW!m^>iP|0jw&tpy?W^vxccg^|1!EnD>85g9Pz`V&E9 zx=>jx6DNn@h+PC>`U>0_(+foQfotC{&kjbGN3%y$Vw71+ z+2Ny@-H*ZQ>WWil<15vOW#)C5@-B(-%p`lvTUG+lLkxY7ei*5auR^kyeG{!9&eSWv zPmX?>YESnD`&i3K|9?+|W(~ z=q~?8`Sr4@O13TQX zN*1eIhTK9#k9wmE*o<=8cy&8S`$atTMjZVm<*pCL0NPP@2rt;rZP6}nRz`t7+8zF5WOIBEmy!4{920TKG~8hSyO2WQ zvdq`d&fQ!2rMJ+H&~uE)NTGKJZmU&_8YFCy9wnIJ_DR0$cNLoc_>u#i6Hp-N0Wl~e zI58UYK({f_1DC*m6H|-&gDX{gKkPFoh9!!G2E+Rg>guk@86L{%ximoHI;*A;ktnDq z)FKMrIr*14B_uYEEH^(MD(;w=?b(t+8$CUQ@GzC2GdE&(?}JA^qB!~IisnDW=X^hc znV4I9SEFYe?e!`1lq>0-2GUcQWQhKSJO30+6XEin*8S6jEsuQjD0_dg6Y7KDVpDehpalbs8;SFUFc1YT~w)Tf73zcVEhnPcKA#n{OMuf z{68>aHR_d{i5rx~v^^ebc|P4hEDAf7h}cA(!EbnHbCKyQ@lSuo0CGw($+2|19Jq*9 zg-Z<*))Y&t$YyXoM&D3GWUL>Qh4GzKnm^mrE1Y_!u*}DT8QKHEABUxqIEa%`XK73F z0Ws0M)pHZtV?SBvQaJD@LyW3Y`m(uFcv~80HC5GA6@#W4CYnD>Dru}9))n}Ps{l%c z9D=7%1l~}UhREpC*LI0KrV@XuDD+s{&_0vg^$cvHcr@^k{44@T&@ZOiqh8s4K8v{& zYZzJloHHkEveKo(e%OC~IE8;PNSw|I0>~MCbH8=VF#m;*X01a~(+JDd40V#bw|8*$ z$rH;os5ZbDBm4R`%)ghPkmVU$RYYb`_;yRD;n5T`lY5QS2GcK>OD8DLiYc20Pveva zKNZs4{~F-O z9pLD}@CEQHDp(=}7%-9Cv_T|4S~75?zNegV)k$_q+}mAeof!&ZIWz_^?pt578c9q! z!i7*71mmv3iLHj4v6<|MmM&Ulyr0oad?sL(jref(RjS1w{o_xp_CLdhWM7!`sqzC( zaI;c4(F^zKMt;y!s)(OU4;uuXjheG^BOZs?~Z*iscM@T_qD|ZXu>K*QlU_A`x z)>8oQo#W(>&A@s@DMc&r3GL_a)LFBZ`<9l4$_qA&pKMp8<~8&Nz=>A(jhcGG=|uaZ zt?j6q=Q8P%M<0IrbBvm8HnFYXBSgtYD37RNcp^RLzHC~RKG(XgZMCKG>D5Ss-n+j8 z@~PI#7HrVZPrJ;|?yW=rPipHcKs?(b05$y;LW2%yHz`F07rJnW^BcaiEd+hU&Z9vVA-bEwAs>rhlCi8HGSjqO5>kQ`P_(F)({OgX>wrc6^8KkZwU4{9rA<7t4 z5Z9aYxK0&q(RU;5q@o$W6fXth?gPI5rfkv4ihT2VruYv(*}cAB(u!Uc;hfVYSf%~x zSt?d!_|lla2+**?A5e;7XD$=F^m>P#KG6Q%bCoM^o~F92XL+oXaOUe3!AOf{j<;Fu zp0XwqR3gyIPByAKN3Az3TT@V`ck_BY>E`dfXBaL$uGMV_JVr(F=a9sBM*f5OfN*Zm z`P`?8bQMgQVm> zv}T)h7`R%)Kc?lEkDdK+r6Q!Aj)+2nV4~Hv3eFrp`9zqE{fWJ>X^L1%9^((^) zW%UqyN2>=Ig0M6FZ&XUkL37q*Y+iV-djvvSweBnp{Fv1fs-t%aRL^f49wvaMA)Bq5iKh8?2G;!sa!JYSkx{P+ubC~B}Jyf%%d z0PXOQF~mFml58;uFZ(%K*m+kNH~zY9qIUnY)OHp~KnX7UOw+O>@K3kvnHG#>)Aqv8 z55n7k8wS>3`f3Sv33GkLEA(oNgA+BU?`3vseI8z%Y1)s|Na@A&$@vOkB8a)WK-L|Y{dz|K4CDTki_kyn{q>OcY@RKOiH4*z%me*n z!_DKNI$W&X_7Md&kgazC7SSVyJ35T{vlR+m+*K&xKr7~JH3cOuGVI>WL!KZtWN+10wW2cjjj|({{A{5rZ9+f4-33P{P3J46A9JZ*Au_NG->e5!COHef=|MQfu~?@yTc@Q?U8wn^|H|v z%XDA)f8r}Pu~I!Wl}KT5%~LwxdUfRhvf-TC*L>qZ&_f*JM*^LZ6W=OU=6krK+Mdtx zandimw%{ERhHJ#nJhMZ(xMpuYg<+S##KRxcIMvJrf2ZeS2BjiU8n|)DtOKU_3>tX-8w^>%zFp)pxN_ ztl!C<{3F8IMKq$Ehn6>?@Fw5{62iS9Yio+X$NW_4&Qj!7!3;e|*he~i!$c>)A@@*Q z>QIlJra47R{WC>$|8sSwrwX2n>jb(81@id-dO}Xzb?8?cfre*1Cvu^EBrXd#W5zg7 zk_4Ks45^uSP9n}3HMPMHzFUeu(^;5&6)*f7z`?DFxlU5}0zMy)x17>%)R7IUW_BCa9>~k$c_Y)65ylt4ytxaM00} z=TQiF>Vf~4l1CsWCuZ%VyNW;gK`3{yYIcd%cWe4mA8lgp)O9OT??}1B;pmEp#jwiz z^=rvTdH=XmnU{uMCl`5j1~1#F>!QJ~GK%P7k$2f%9ZU}uZI?aSe@NcH|3mT?F)r%F z@G1l-5~>aco=rqggZ+%~T`5G%Pg+LP`ET^{`>!gd9xMo4I|>%outC}A5qASR3dcVz zhP((({q^CF;HkIs^<<9T;e_8NtaZ6FMS`*|uB79LG}>>jyuv4Y_5PWvKR@vO5rp%% zJlZ#Z4pgMJ0Cn7>77IOn$%7$&SMMXsS;@p?ZT^GyFzjX`zR|_)Jn<1%!&NT1f~?LPNB5Fg#lx;Cz_H0-ePx<&G9DdI|QCxGSLbse|?^`1(2GOrFs;eQSDSf{F zbIJ5=?fFw<6FgGa|&F+gWvx5>R5jXZ77ST<5IFj2-$|L{oJ<= z`~QNfGCR%pBnK!{N8!X|^flX*UwU`$ps`jPO7WmB67b--+iiX(BDAI(J@$w6fMV*F zG1sMy6j3y}V>AgNcOd1n^n|zk23!zuip^upO@iKqB zbO=!!lN7hWc?OwHYvAKRF)_9F?q~Xodxg4OpW|tRNkx*{Nv8XSW!<+H-a}G?^{6fv zXr3HsID7?5=j~?th6fcw2%GobG1?!3lW&8ef*dFiGuK0*A1I{o_p>X?b|FdOpy7JQ zl~~{ZKJ1d}>$G`{WMr(F-a%_QAhDE_NR~&rwjVWZrxceacq~{*!)gZe%h9*3+6BftRE*kU5~iD) z2~^ipCzAkiKrCxU9`p3Sz{-@|m0PB#cFL)GXw7t{R*1*$y5}It_wHW;e^*~(XLc;& z_yHE5)k9!oRCxs;m~D9gYyP_3$p7zGdk;e_DqPfNSxbOJ`Cq#|`$1d6*$yu(;jhjm z_qDYK47T(cX3eFEAr_jRsY1O4J$;-qJ=$612HRUpqly z#}F0&%NbyPrQ5tVSoirW(v_QX<}Z0D zLq22x5xI6uj)vbcz(LYo10gQYdXr`H7shs=t)L)Qz~7;z`2e`uP45MkDsR*vmSw=A zzJnon>S?Uk!3^TsSrAz;40B;iQQK!Y4uXI(VPuoRymp@1=!Vq{&{CkY3_WD&d zYaq@|?k17lSz%g7d83F;p|ji`pIUHFgjkcav?d#6R+?iI*OJ{9Nq69jel$XXMILSG zzX%4DD!bh`DrC{w4&SY4KYc8-1s_^VX=r+Leb@DDgf2uf6;wQwwuYlAc>!M6E;B9` zZ#b|%&wQqXSfvPR@pd~#*hExf{G4kq8W#hDx{_9 zrxJe#0|A{{Yt2!F4;yN$Wnz&XYXOmC&Z8umLu6_AadZeYT6-1Y9{wN0Ob}N!#38Ro zG9S*60L)MAkEn&W72(`7m^bBLnh@{SqEg1+1K&7eSXG=k%cKjkx{f7F&{NZftp}N= zcy8c3SuKS8r-2(^Hj}ZL^w*r>XkLCxeqPj-Ln%t07zyzMBBYA>g%YCF?7o18eFYpu z-nN3q*Zm;cPa9RaVtJ^BHYnHl?QKlwrMua`1t_EduCA_Z4*)(-oOqx)0Z_XIBq@Qa zae!g?T{$|yUQ<|aHqJtOCta&Kq*?$z{F+BzSW?szGJIem4PioL|1e9`Vw*iPzH6g7 z&YwlhtA@)a#WuzcK{9)ig+dHoMJ!RiWt~l)(?n0Dfp0t%nJC4c8oY_V*GDOhg!X)b zfVZ1L(YSD#lat*bQ(JRC?N8de^!ysrVO@3&`S8vxu7@1%Z*4JB>IkFDjAn~wCGBY; zbLqp7QBKW$KkA^tPMbofjbZ$N(mP!EO7Kg+t87c{qs^~)+U%fxi;ky*yqnEV(LIS_miLE)20@jH zycStJNRU?M1&f2d%5Z?tR9IFVcHCFc`~L30E{PxX>_BtvfMB-A&G)Aj-1-SG_rDXD z7mV6UwE?O6eUfkU^efZprO=d7_{W!LO)m){kqij_WLTST`9Gdz(Z6k49R(_1Fy91D z#W>S!+i_$SMMkox1fyDCsWa_0Y1v`~F;VQ;k+l$d@~Q4i3@-F-vK=0VB`(>_t^8Pk z!1G6%V;LzK?=fPlntU$nq>;bTMUSDT9FBs^*2PylTg-oDk7wvSc8Bv^9d_M95$#}` zq|zsm)DTKsrD`|wb$%Wvc(c*JW}WXLY9(+aT7(-Lkm}L zK&!mv78ZVq3PGh@*ZRB7ign0^eNi39>?8eh*2m*g$!v+>@S3JYQoL8|l@xP@A(J%P z;-rI>j+=j~Ja=s;J*ebzjpuKnv!5W3hA+!jJV9B^iZM=Tf9mht7eeY+BOoMIi6giY z7B)fV8)Pp27H4Fr!(C?vH28&mT;7k3vd#KQ7u0^dU+r3SL8m4me|2-tFpj3xs|s%M zJwvbyhe+?3rWi*aoXH{*!p#}J<9Hx6T6qrRW6-niZBRVU4D^2|=~_C0L+uQg7=`zG zyA;QM)Z{NLP>DClbyV=dQ&3UgmgX=cSRj73BHT^TfgPCP8!HPdA0^SYaJ2g|8@`^^ zu=4}WawEa@`iMP`oFq$6AV&+&NOorHtc5L@&_)L-p*!!f?a#X{Z^5!A3l^`~ShHM? zypjL7rrbb&`ma>+iL~$k#wru>j-P4bnaz~ue>Vn(t9l>~f0(aIDAs zg1_7(*rnePTcf!Tld-dFZSt(H7Oa078C(wWher{1c3wpmor;ziK8fmO0Re+ijp>zo zX=_!lBc(ILg33^2)A*Nn-4h`eI|?VJ@po-Yh%8Wvr^No3K$vL!e1{5=D?JvDHS-;F z36OpKU#1l{E@02FrXRQvIN@Kp^>@D+-v*j2^_$kWn!mg^PCVW&IEOSOc7(Hg5zah2 z-c&QIqW*5;J;-WRt%Sa~NHXpuen3oqU|=@5I~Ah6Kd|7q;4picF#To-uA_Zuf%vdt zyt+6onq05&J;)$LJo>Ii(Asp*CeN%l&gIvJT%3LWE0~vW=T*{n*oU5??w;^@($SIb&9mRGxn8+Cf5Z3%->~ zs`D`WlNc`{2BTTy{Zd(SY@HBQkCp3I+%Y9JTNrcat!6kA&WM@vaMHe!s;BE~L&=xL zQ|n|cwQay!qvPRL=#p6Fwww5?-IafLqB#Pf-!P~xVn7F1SqW3ECvKkSXHmCDd@edM zp>^JFTan(FLpO?GJ7vFYy5xSDnWjYBkgVFJq*)XiuApj?tJ1V=O`9^}R2`LnR!5c# zzautCF2SzKChd;8_lHF(IH!TxMP*LyEX&_13zDvg6>1E@)LuqVHRWz7*Fgdyd@w673scs{7(k{@A^_1JZi|g?&uwnbQGV18nM`t;i4UI)6wbf2z2n8cx#d zcGl}9hFklh4}0lVec@pM9Cm1%wcEiawy$?0xyWsd5(5W|?D=*XUqLh!Qrz^i57od! zb?G&=Edf$GFVxb?YIz9qK67N3XeV?1qs#Qy3=4nx3_DU>o`M)5LZA_AZ-O5BjA$TQ ziG=qz9esW8EZss;s^B-M;_(6-+{5g_0?w#4@~oI}i;Bc=Lq~e;1>7=NXc3m*Zhzt$ zxbWx+9NwWJdR9yMFe+_Piy|q9jWJ-1Lcgr5<|Ci>h2KedjZqLO5vLscmrziaywdij zT7F^t?ITsL>Y8INpXXoEghpV8!eZ$rPo~u000Ws_ea#+D`(0K=Tjta;f01v7Oyd+L zVqKZuHM+0po)TrWt$||FFk?~-BX-||!N)eQ59Jl*!ZnNFO-DUUG;V^>!6(ZgcXY&y zz(OW`;dK=at#V45aM}aPTcpF-oSy93J=mC^j4s6FNMvrKjS#Ir`6%R450aX8>0eFr z6NT8N25pt$Q9;!{)Z604v{RwS*QwV1Iuw8*1|W6#wgG+plHO z)b4N;*zZ)Jd&Ql@yrJ+_r==`Y&3q5^liyL@{4R}nCQZ`PrI`<^dUVPdF z4Z}kJ(r6>@%-n|ZF8`li^_T^c$ z{UaZc5JjS~NtnOp#}8Ze9tRuZRb3@Rq$8M-X%M`?UtrlgQA=C05`GP6+R+3el4o1C z=R%n32L9z*EQWKBeo`ObQqnQ{vG-D&p+Cy{hBr*0VYQ~ww1`;kfYQ%?cKM;P*DTi+ zDJ5Qtp0o2!lZs%YI2OYSTtrl?e)@!^QLR%GP0d`+!ND#vcaMV9u@(f8JZEVWIV-4` z_#+#2pC~#!j$1}>3IjSzs1Z7|#gl-`Qw3`EX zf}4kPsz6Zxy}@d;`~ky6A9Srm8kRsWNx$dfpVEq1UlYqwRR{`w@{x@Piu{H$KQ|?M;=UYfjMRP+&)wx$ z^sK)c6x9>m>U2LENVCS>J}4@@emQ(0=^tM9`jE*>3e&7$yOHRjVP($tbLEmgj?npD zXH3E&zg)2Ol_OVXpW(CaDwy_zrp*k6!XTTZhZ^!Q@wo61{=|z7G+0I<6vq;ctLWZR z7j1FY{nq zr$a5safCoYx_|2lf^0R&N($<9z%6V^>;70TXu$wxzqTBoY-;Y{-7lQUzEStAe7W0Z z%gPVQMz_$212c$=6%#^kl)u3r(sCbDUb3%G+E`Rku_%v@JF`E>Y5S_|U+HFBt)oWm z5o|wis8`Gxga->I?EZBp6BUQD+a6S6(WEwzF2bR?Eydv=C_)^KxFn^Ll}~v*pI;HL z7?tSrV9;6>3TY%lN)t4d}tbz9vss4>MJV|ooPAbWX*3;Uk{FY!|Z!Dx^L-E0VcTad_m3W zz3%7nG2pdO{SmnON@#QEzcHeG8{%rjX9H7`KW4SH&6 z>a1g((Q^j@1LflK+kUoN@u*D~>7JxO4s?AM1r*0teLxm7V`h_`jo!HS7wyRlHiFQv z!yQx@C2gG9^s|n7P9k1tP%5^jgyp$<&K+8Yke)~| zFKTS47``%39U6|_WaeH5Cjz8e%be5%4`LD8`D4?Gn(pqqege=Z=t0jo1T(n4+tDXA`Pe}5!8O1s13W!i9|LNix>j@DSAFU` zMqD0WHH%|wHR?(~lI64=GDJedlURM+`}DIjKD1p53XS6vujA}f{jbu3F`Ru?intuh=1B}{@ZE$r;9cY??1%& z{XHRcMMJg*H>-vwI{Cnfen`v7xq_C@u=Af7N5oNv`I!?sfrl{u~m~!Jn$1g#sL$0I%I_ZEm`(2{n z;Rv8u{?vU=fuWUG^UyWMiCp|D(IP7$Zp9-f zhRDWzi-=1E{0b?3yt+LxR@9LDqF9Z9HfEt`C2>8EQhQ0|knnc;k^ zsenBW@Q5A$&FrkQoDO`1Z4Xemi#aFgls>pp)(Ao%&}yjV2|N9#QKf-eF;_B{#m5k_ zg8c1UW4VAn&s9nx0KbzZygq?J{ZHow7|}}y5kI0d-vf*}t_J{S zuOhN2Hwt82nEckElKl)FTW1@5^c1UNfjRHYgE;}Lv#^RQ`yO2R0yBM9RF!z_T5@z< z(`cTPxL_f}JzD)rQC(qP_DV)y?d5W&?`9SMB`Wc>m=_o90R-)@iQGgpW2~RGCM`eK8y$r>Kl zBw6?UTRN;tndSGl4t~n9JY@>(;(y3ukA;G0j76$vy644}%Jf*DQVki>p2zs*3^CPQ zg0Z#V%3Ua)`jRvf4Dk`jNRMb@BPe&~dAKL5 zK4E}9bJW_>zR~z{(elUVpFJl1$4xaUOIApA$uS|Qrg_OzX&-nLrmQ^xF1OQ1fEATn zy{6;tbdKB}yvb51X{9nN`oVXIH|2G>ZA^uOG{@JHN9JxHgukSF=P?|I+4ZaY?R3j= ztjA+&t`e*n#u$=0U#`j>Ij{}MY{N|u`chu`Awxp*d2c3imK zlB`kqzj6`f@rvwn7jIH!B!`Vv7aAX{))#{{&-5U|SZ5>sAJSYcO5sD}<~bmsc8wt$ z@b2vFWO{$!`exjip0_CQboZ_w3;rxZew%{YVl5aDvY&*6jrQo0Ugv^bQR1Z8yx{A1 ziynTzi@K}L6{qz%_lt7|T}$dpwJF)ZjY05krSiQ5G^?%A?t9u`g7P7B?kf8PTt1-i z>GOU7qB&F2fGj%*g85s)5nzBzK(!6S#LRDR*73Nj#VNT zkugMylV2KAI9Py}0&k_w^!$NJ+Ut~hA0ZtK~eck^BxAEn=?Qg9S8AZfo zG{o+DsRk9kt$HTf1|Ky%W+ZtUi8T9PFIkM(>5B{h2$oAC!s-PjQ^`o)=o+J(Lp=Zb zmJCd87PSGd4by~1<#VXJ_@Ev9F}mj}y{0u|s{JR#Y5XyvlyBD759OP;Qq9!W@1t*bvp^Ol}Txf_A8!d`cTg zSRc;fyk-}~ket18&H9~vy~7Zth?nR~;VBcD>xUkkNt>$=2MW!d7z3_TMMj_xfXI(# z_vMX2|E-Zbh7n-;BRd?>|J}AUKB5NFM+xiFyYVOTc@8b|m(@CNzy>w<0_qg+sWaM$ z?V;f7g@4~9!uQ*B(-ND$8(B|YU8U-xDRb=^mNt@->Y!XxsuDP{2 zyGX=jC;Hh*KH#0$FUe;lIe1Bkv66}CZ}o!HhAH1(VcEgQ%Q4I+mrDl6ib2MigtJiz zeEZ!Or<=R%re`v+4zm?aQ#f%%A-xASq?EhI617%N`q?@90gilt#v{=5Cq7Cg-#XBT zupqdB4j)atsCCI$+DHT~`lm1kyn2D)wi(*z{zqp(mKa~m*5&@S@n>zRpYI@in~@HGBcu@c!3ajSE z<^zN^_*tBMm$1ekYmCs>Hi(?i!q~6bmvS~Jz zNyg!2c6x&gD0p_!_ri^NLJ@5pe^2TOYtOyOBvMeIM^K_{pdl#V%hOU|E!~YE&LpEw z%MLPG1UP^#5z+lIsC4KHObwHrZi#hLW9a4bb@6bhb)OctuxM%JyGX($d?yUU9H8$i zB%MiU)7@k6e?G~b_?!;$Pv~y^4%p%=z4rGGd(#G8G3LCD09D%nU`YlDej=!yhv-+d zPPHppIK-tZ(XHryF-&`pgk}Dmia>>-iSu6f=!^ejn_|<;*45!l`7uC^_`doT@`=U4 zhJd9B)S&sQ?=L&71L{^T20A}BIf1uqetnn^{r9i&40+vC!G7MqhJC$lV6YpcVmFXz zGe@CV!az^F*dTxVtC7@6z<%3cV;sy}=xi3i$jeDSFERP!%?5eLsknRv`Ot87y2+oW zerPFez=cu6S>g&=b)as6JO1j1#UJ~6yztFz@TBBiL!Gu29k;|OhO`29)+;lTaaaSR zSRqPJH7c~oYT_!R6;VbrwJ-`xom5e#l*_zvWN!{v>Pinw@5AYKz3Wy?#>n!r``hc! zgNe#9%l#_)d0~094Y6iYU*iz5U>W85il5Hjmwu*-IhGf5j$n6FK>dgL)%CUP6woOE z9AyFBll>hGu(bzZO@#kCcfrPg)*XO%6`P+JmkSQujhk=2bZ^mRe||Zgmye*5&&B~C zAS5<=c!28tS&e$@He;x|^s$<3cqwuHPYGd&9}IVOb_7=FZoi`yywV}EF+LYzgzSx# z1kKOLiNqX)ZhL>+F2#6L?ZSEC!SE0&)>{;s86|mhPw^T;xR=(``cv7+UD}v%R_LNx z)cYXTPWHgQNcLpBF<0cq{lI`Jl}7%@1O`PuFZ`r0bQC*87yW@MB#5Lpf+*V6O0%dg z7`mvO6dMCH{TMiq!J@2{wl&&euI_=&H($-AQ2vL0=&}AsfYe3OjE)%nuF-@>jwQmM zBF=7!F0<@A|C!*KyYueOP9@OPX3q}j@x43o$S(_+BXaL@;oNpE7N6Xn`p_=+YNltB zR3i^!8@cyuZL!J4o0`2BBKbZ{g+8+3eJI#);{Q~uoD8&S1G(*<+e(Qxu=$`T>-9mQ zv%#y;pGsL-scu~-C)7FXlv1$G5Kj@pIKD@!3A!e?OC93`YZ zy_;F?<^G;=>__CU?xPf%6tHt%E0LVc5sJ8dbHUJ!OJqz+##X(>A#J*}eDl2w6LMt9 z)HYgRy~xF;8LNv*BdIC9IYkNV6AFX#>nbUE2MzEHxw<1nGR`yXGEXMK*d9kzl2(kf z9;A>;&XNd)uWK!!&}!bzO}3gj9T&o6LQ$=gg-1`4!$K6=a`+>;A)kJ=b_$BwaPZ4K z9hjM0}%Pp(UPY+m>ZXRwv#AMc=+G#D?A6_a-|g-KO^>3H(mY`i(?Q zfyqje<*zSYk%W8g2=}tw-bt-Dbmp-knl2IJ_9l~At@wS|LHN1i)p&YeWQ?m$&7!%r z?D3;mA$G-q!MS|g&NBVZ<)pP-$fA3er!uA^a{lgyg)Q!w(JbH4a&y(;($415id55V z)`~y_W(y}fO4H);U~-1+S%phf==)KYk{@_jY@$oN894@vAk&(0-2vAR(-(n1Re?-2 z@Ih9KeT1Tk2TrA~PL zGnH8(r|G#PBOz6SeDXW@+1-JxSkze?a;GgebiJcLO2xL#>am7W8hyCFe-342XlRsG zO(pfYgYl&H4EWSe7eTKUy=qW3)+C(4)vzYUm7l$V<~}|;N2TDG6pn1ny6e|OoG22n ze0vWrDbrPGXm^zSRRI-BWZHQ>%RQBt@APFg*?}9Kt%MuHW)|QO`E2=}hL-fQdbvdt zR;6~}uhOb~GhIo^d76<*`J{*m^S4SZ6skU-9+_G%XI=*S!aQwKgoZ4{1i&(ojkg) zch;08u;jEzlz~7m23e()KdNo7%RRm+Bm?~`wTY_qtdZ^tf0ATv&kpk5ADwvH^WMKk zdlZ=ATi;rn{cOkzQhzk-b#FbhI1uXu8**}H!`P#%?^HEhANi`~0b^z%X}G|PiGQ~^ z;0+7g$?(w~b%b&Pn77p*B=!f{*h{QzMmmKx=Z`mmRPHO+#*~{>l`TZVofF!%>|Dlpl^CZj0Lhi$DOt#SWbwjq3bfx_Nm z;FVoSS%f)8x^FCTcvKZ}?tYw51vx0>hY2EcdpOjr<^IGtgV~Yq9GJW5u}IZj7+)Ug z#s!zEiz|Ief!+^xOn-47IvmK4G8|K6L8g{q;=711SmQFNIsH9T?U7u`_Rb*%Fk-P$ z|7+_{8e+mPLKt`+b`2uMMG48GFtKA+GCZ`i&vY-J(@F;DbZ?mN()$3{9Kw`~?l(o0 zPouy4ZDlc#9y1_0#79Xty!*tx9wmqM^egJUU!AJ54Um74KL<896ZKYrg1L=V;BtTE z9^`L)EgI)w0b<1bwMy^YZaQl~YdUi-mCYmT>!fW^0KGLHAJnHJVj zywk?!{O!iw-z(;5h}1D$iwxhN7oubqV*hH2WONWjmHa*YD-(T|{1t_Ea9?)hf#V6w zHSK)|(o;Rjot6Qe(xiY4R>DPf1Fc+olp)H^p^F&UhDh&Q~$!Rfi+Kw)ZGK#(rX;3MtYqJIQV_BKXf z$u8|$uwYRcHdWO|ws_~VpqMuxQzAL|2J{}xG6}GCc21P^A(V69b^q4g6?fEd3*1dn2ic_nTXBze+0J&W;0=q=sAIX; zh>F>U(#>qm_v3h*$JSY`3{17Y_YLPS#0D%~25GRewP1IXz@}bFC9wACBG{T}=(!W3 z>%T!8T7IBq?PS)Yp|BA48Sg}@5$9O$$Ku$To@z)?Hj?FZg4y@boARb-MiF7=3jNKm zeSE}^e7So*epHomv#hYzVOep&+jVcL9k;by|J5Bt?+daf%OXFAp#L|1*S*GbEJ(8k zptNOAe(nmQN-p1-vbQR7`dT?x2Pai6wqLOro#96}AXlS2;J8ysuKpaRm30e}jm#}e zg?V37M^Db~#BKgDYj4#cIdWMpk&?jDjU0F4*ZK3kG=*=TUbQ4PW5X<4{Q&{DAoDWi z+Jbf~(vGD!fk4)HzTCqfE<~1i4PR>yZPw+mVP#5>d|u^9wjp-Y+}@ANf1}ApcOdOs zux-YV*7Lq^RJW?r=LOuzeeVoIBhN&}d4->)3EmZ0EgJmUXQiGy(9^kUpfQITZa%7l zOm8uMyP%kCbdS39QAM+&VOm>x4%N?>z#q!`a1~uxcQ2bwk+#fj0whkd+*&4YbcUyZ6?fa9w>e_FHzhtNZS1` z0H{D$ztl8Xm~+I{sZk+CONaj`!@zPP0{0the{1g}S|GEwtZJ<(@v9Qcg87Z@Pu%m#IiW*5l%;>3Sfk9 z>?(IVWekpJY(JJii7~sbnJ0y=V@|}Fh32-Xx;b-8y}|sF04|ks#xAi%4{EmP(*<|v z{?snVgpS5Aq1~sQn%@`6u z(-_j=s{VZz$B>(#St<8UK~%FM2@`TiZ>r?he0a%Xc}D+)<_|jmSt`RxeO-7zvnov0 z8=Ne#bVCm00fteXRH+Bne7k#8^O0p07o2mEV160WxQ0dyX&4?WiVsVzX!2gSg}U9R zE!2JbOcCYo(+cfY9O#t2uX=IY)6MnNvGHuL(vYDv<@C+Py$W>un1yK+*Bqb_J-5Jw zlbZx!dfY{Ags(=ADaVpLj#)s?{UkjX#Ak6J&LxvL{1CB#eE+W|4MOs-=I#4~==YtS z9rT^T*6M=f)LGJqoD0G!5!GT24QX~eGYY)KzJv+vR*G;k1U9c(gBL=Q1UA%ySdo!w zHG9p&gBE($Y1T6>$0xs_RNxUoj}Ia>dpq@PjG*x-BtqiS0R=?D-8xUpTL(%kwsn{q zW%K*#yQXG|ER|Yn+d!qah79^C=j!0ya%j`0YcURO%ZPpDj9B^Ix{TQVmJ!=BVp~S+ z>tw`48fg|xUrTlVhD1kKn1-sS^NWcj;=}FEZe6i=iciame8aq%xt$Bxvn^M)<;u2t zGY5_>yJp`_W7oQe8|K%ZZ27eWg5hW_iUeX8T;o2XCRKz7n2os|!P0maS&Kwk+G0Wt+jW71dYkYr{HQrtO^6?uQKnZ@>O;532X3Gdt1J0%U5mr zs;`l+S~C!!wc+rDuY_^i>ch~MZ>yQFE#J1~+h*`>y$$>JZ_|Km`L-?Jw&mNtVoqzT zBGdJzuv$2zSR7ks=tB`HFEFn?{+a<6&Ovb;I&8WMDZUy_ zp@$aR>c2+#X4)4TPx&$<>j&)T`dY9B#9Ugd$hVln%aCgtXslj@%c-2>m6OiqNWr6e zIV1_w5sgibeAU7euj?I@4|Ez!g;=R5=OEGF>Q|SOI3S$BfiMhNiOA_ttDg(_UOrEK zGHsJX0{7Zp6%kKJ@LC_l)$dE6W!;tI)2f7Z!Em!N4Qhc$`j8V6Pebdp zr{z*??b>sPE+z=df4W&*dX_$X7<~9JxV=?i!5@R$+Zj{#!=eXgfsH6_0yV&wnv1P4 z;Og5c8JRl=YAT+M>9Ce{UpxhDcFn+tGJV9H1oaeBFkU%-EO9)yybp~7dPRd27x;_Y zT0RMGJSYNogKucfVRn)FmwI!T$E>Kmp^<88$~>}>!)j_xKM68wKjWaD;G0Ec%t}hD zG^RCTAY52c;WhOqHu?dJimZ$B1F$-_>;$a+Y`EC(Ut}N3RvJeC;m;az`ZRCjJ7QBePw|=9rPVqFt=+Vfmf{)`<64# zr*yFy&A8$DbGzl7&9_g>InPMYyXBcb56^sGIn6Dh_IQ}cI1dnt+>-7 zEdIaZt%UOFB$PRcoVQZSok%H;t7I*|y_I6VQ7PujxM+LG!hmofdP@ig-MV{9DzVg4 zJxZQVmktOHXgsRrVnHw{Nd+{b3McnEi*U97P6?k>J-ImXwGdG0Q4q}iaqSn0xu&9Z zoZzUIrW>;TJi8sg-f2w9s&J|NSAtZnrWTnWWRKb$!4gPw}ES4Gx znhzeJqYIWwbc$ntOgMVOVk#M@@#tUizvAj!LHXV<{8S-`yQiIZiJ;pGCV#R<6xVxw>~d9(o0RTwp;0 z#9}1J1f_|PoZtw(zf3Pk+o=b_&b$tN7DZ`H*hnAt30T1c+(`dv6MwK5HQ_ z7TH0ZBuuDQC)4K-!!A@)C>ipBkfof|%x85t?`@%g`3^t^3V=v`$-uhmc{jTx-rWIc z${eQUJ|oO819lxxXM1b49+it&W=jS08UOlo1KfS{GsFCq9YRgvk4c1c*m{TgCpiht z*~2fh)~g3uQ<5kNv7~YFNNK`(<(vYyc?}vB{pE9?eRkbGbY%nUlFzQ2wap~dzXYw1 z)0oyKR!(Ro$SJw(+)9dNM!tDaI(^IT=FPqGi*8i>eNg({Ex*|7luMK(p^^{3w~Y@U+K9vfy1o6&_PGyF^;Fq4RE1>p z*!?)hJRmU%ya|rN1^ei9I-SG)efV#u(<%S=;K{+^U%LC9UZ-=|?R7hU>GbyYy4}B^ z&L=CaufU2rGs|KYg;Rq>fF z^v&~bbCG_vBv~DmB2DUVoKSNz_t6EG{&@GQ+qk50&`1AZ7mbKWtfaku10mIWAAR_M zyko^o!BnB!+jgR=wFNdspdVeXI;ppcJphG`=mVj|NiwHR9LG!oV`i!}731lN@$Q(h z%Vr-XOvpCq<-@S0f2GNYXk2n>RA= zou~1Uc+28b#$-vY1)qKqghQ044PE0zkr8KtK@8tSZjP2=>YP!7r* z#S{3RCP_#l5=$KBWTe{UBmGt#U)h1yMiGtOR16Wm>7&DggFPkp4Tatt8)}Xd9Q+)I z6E(2h=9*8*6_~(HV{P^`1^(a(>cYe{Qpe(?+S-Bz>-)# zvhDMw1V8i4k^i~}Ps;LN_sQN?{=1Xsff43L5j9klFOdW{!29&p2TMbir5M-J_6j8Q~a@2yg1Gy=)UF zEHFChRU62iPuFeWG*#2IQX}T@U2iDw#yDmGMNJEuD0;^@!51{7k`mz^oxCzcP&g&& z5RI|;Cz;qDA4_&7!4%=`m~#JD38+F5B}qB$S#i7WmqV(_4HZ(8Yu#o6qQ~UlSrHgo z0TNFBol;H$)I7C+9iKiI2y=oWDukLVbfWDQhRSIh7vr3WgaH?+su*L7mV|9l^-Yec z&>ub633G?%{P^6vzn1=cV-iMm6f;gX)5je8-#P5`iuAvG&^_GS(*L`79-tE}CE>9^ zk|Dk7=z2_Ibdk~!kUzoxB_0vsH6EaM3fUE_$hZ_pj7biG-N@Qkgw;n9HLU0sf|KN=5^+B(Ln+W7gm zw=Yi58e{BV?lye7+bCOqzw_ki&l;ZWE}xqH?;4*s(#P!m-`juE-7oF`{lkO(?f$=u z=K(q%tCKclqsCDfqL@KuGIgLSkxctU6#Q0dykyMTcum6)T@ZwWfCP|SPf-iCue?U% z!2|UEL{k!ESPRtY{EphF*XecIohR+?v&Mr5573dS-DvCo7Mya90-Q)v?~~(fJnMF$ z_|shh!*N|Tux@1sVSz9TNJ8R(#QsDBywE@;Lm<|nR1gk?liVas5Tt#zP(&oBzB747 z7<8M|F7rMyel*r4#_|%4HaaB{yCP^%=lAa4)q3$MFP#nT`agC_f^`Q7#yx<5OWg zAte&fmN0-PoLs?N7V8Tbc;14can>Eo5(sx_KF0~kN@(U!GP`=YIRUX$g8QIqARD0u zPmak1M7C^(X#Bsx1`Q+_#e@VvhsXGe01H_f_O3hXYS(7o1i2y{hsaS1J{GAzR!0T6 z;AIs6Dg{s~^igNqd?h4R^bn2~z0QU>!pL`8dMskh(lAh`Ez&k{z1rHV2nnhV1}f1t zlrl1`su_Xv9W3qKVIH3X16?f&ffkym%>h$(uLp1QQlp$&7jSUo{x`>i+c13{z>A5v_ zS9MY&?RWhKC&F$mqBZv!xaV2R`Xsfyj0QP(ShX&#xoZM40|lC-=Sh@d6AAI@kg5q3 zdP42?1g}|VziR}KNGv_1_%S;Z8F=nk0NXDJiIvc0yg(hE!?xt204r^;46=LybGq8b zK}2Ikot<|ipwiN4=k*mO*Mkh)fukQ3gPdW424SaSA?PSZToq8iGgbp;v12%1J_f z9HP@7j*eBEY0^RymZFG`#u8ntO`?HTtV7lA2t&T0aiFGKkbIaJooRz!J|}ittK%e1 z6om%I*+Gf&4$v+dIFwiaE~prV#$8=K|1?l-4qTP$04P89ITM<)nN!k3uZHtx4v$7$ z3GoDezGPfY(Lf=#S%sDvvx@?HKV?rG~MARay zK4NNd)_elgtzfSCSVG_xFjt8_K*||XJ)zxfA$?AyS)4(>e+Ty5fkWL;I0rCo*&5`# z^?qUfa_GL~P^;S`VgVgakeN)h>k>jqt-$Hhy%w^E_k^V!xf{S#Hm!N67NIhlTZ>cq z*Lt+dzkfQ+nuANuX?Yh&1XG}=Up12jh6t1>CKlotGF|!SK)BlZsA8JouXZiUxrnA% zD9c%>rvGvF^V^IGOb8cL$T}v$ME_Vio8gp|h@sO0&YRGWd9zf~YaH!r} z6s9p^JkW2(But$65j88A>ky> z_+VQ{A+6R};TVw{93>&JoEV*j*uONOX4(%boT>t0a9vYOmc=!fpRLz}B%EHU>c%gR z5`nHLR%aq-LF%i1Fp9~w5$XUH%vRKh>}hiOTo3=$xc3cUU@avUfinkHN3lM4Q^_JM z)lLg1YSSlNtG(0|E1Gge_(Xg0XBiqa|@Y+erK?9c&nG7ZhbRoi*AW?v z&`<;9BY}Q-h2)sCbfhE@Ju<+QF)Xu4FTkMjn0O=4BKsqu3+`l6b8$Y*U?oE#6_P*@ z8lb`8Y3FHYfF2upXP{mxxo7~wjvnM#%47i2Bf(h|ShfPjm2a@qLf2#Jk2A^QdQ8l= zvh#0>YFvofHG*s|NU~Ng>I@mbR?>x%mXy3ngcSBfwe95N(xXv`%8CM^9^781(;2Le zHxAib0d;a*$#pxMN1GhRFAj6A$;B+JDXFE_L7YNF>4LcPtn;ihjc#JF*Q4WCXXwnw zvCw)J8cv4b0M7UJxY2-F z7z`sAhG?&^*GouClUz{^kpO31rRvpxt5VWGEYAPH!hbKTunU@81 z5)S8f(6^DR11D$!8q{u*up1lg489_=7MT@|BO1i(*Bs7E5}G~c z{K1YBJw6=TjjWYoa89dD3wqGV482tty8#ryi&7!=R=*%w@tKoW07=i>R4n{<=kM5Z zvH=n-B1P4u;o~!vs5!IkN40y1F-m~&F-^VNXv1k`-#bJ`6(2H1J`_bME9*gls~2Sf z&0t9iVzH!g>S~BH!zMV0tYk*X)kM}oci=Nl+CeM^eJinOoU-3>LfhIvqDq)K$i6}i zKQl44t%hq#W9nTG5Mg!C6SsAGxxKdY_tV& zZQdZV3AYrmP=SDTY-SOWnb>BR1NNh)Onz3_L0V>TkWa#yfMZmW- z{6!G)6A2@|@&IHeMrMXQ4;?AajS~S$FRlp+8N1Y$;xGi|sph}piHQI}#?s(yO$ReL zmL};)tZnHEdKRnwi$|keUd^l$Tt^%9YqCB7b5uJGAi#-&1Xp`#XCkp>=Q7znqMR$b zVJIczbVOqu+LmGEteZduj0-ZxS5!L;)=2HR@`&uZ4Ob0E*G0SAjFJE zIMnG(LOLY=#MivJZW_u6quP51pv7cJa}^X$63(z@f3+zu3^SJ(!*Ug&3s_9FJ|d)7 znI6Y*#!7xhBO;N>!4qhH9izcmL1>VBVC;H1aEQg>L{$`-J;!xrj?hi__oCBjlW5FQP*Ay)t7CQ$Ynr^r! zWJusCX|_-^i>@&lWnE7Su$fR)Re`ot8L1TvR2JKFnwny#!)Do6!pNw@<7(WQ&`zd13jI^$ir&2kOVWP zCPZj&b50UY1c{}Vv@)F?Y$Lh&;KHp-I0|a!ojByEXHuw=|AfJc(E;Y_CnxC;+M&HdFb@^1Fqmx%idu+APMJjW0Ee!z(com;$ogP7(0~^+=yX8MGkD7aa>BSASe3%g3dj(+>ayJEua?Em zrc##l)m2_6w|75~pV|KFeAzB_&O!!Pe%z1@rp@Vxl1UawR3|L+|<+4}$9#q$7x zdmg<=fl&UK(ttqXa`4#wDa-byi;&E#S39XTx*mGT_@#cArw?e^qV^H=*EK*L;$ti*iM4(pHG=dE24H`^I*)~vhe^ZibgfC6H zG|S*Y(7ZYebMn|if@sDn6T20E;^vN1N8lv(QGg{bGQ;`UDG{pQ<1z6sHFbmlfQZIa zfvNbCP@VE>5W?p)(dts;{9%j1yg43?1>316P1>@PDGr^&nj_SXcY%lg+t5XIFk2Guh2ZIf9%~Ly z{Tl3i=4gm-@2R2x8TxOkkJ^OFSEmS6WaLwP`xhLP;^F zChKg0**pv_bsajcT}p(fLn5STq4$Qz(H*INj0~kZ+9}X(MK9f05g<)DfQ}qNnNBw8 zSO-Bkl)DAGxXX#pctGRPIkdIAqe$!pBuoWuO~CvV(k1BZm~r5eb1NGVEFeHaPX$3F z4%(8nNgTLCwxXNk(GFcW1DZCJ9Y-s&`2@C&#+f-2H^;>-yj8S{Fz>dj@E(oe^uC*tsIw!*rd^3$t zJasq0pfr?$%{i-gL(5tYwE$k{xJrfA_^_DdqxH^#)jHt>WDG&2V!qlgessNV=dT(i zejpMn$wxHWT3+pW-QHi(<5yNa1~31nUhlWid&SaR5XB=5!EyFE$aOgv~#C z25TsD6Xup$)v;SyJGzW#6PKCDE~k!m4N_1x8s`de-)G-)bhXui20+x9`sZ8~+TGC{ zjLt<>+~8)F3{}*OY+*tk=$YSZJVdVc4!u8p@%qKl*^BeHM{i#IUOQ9uX@MKI$zHk1 zb{ovKtGDdTP=V(C{`f)R_m0LLHFjq{4H$E$)RbFbR-fA-JjFaWesFY*`8LnCA`Swo z>f*4KMej*nNc7dld2cYI>ixD#xHTMaxO=qcoH>2?;W$3i12n2lidtzOx8az@I$iaxMzx zMHj%LOoP3^?#vX?rCsD~Ivvc7bZSJ@ZYL=pl{cNI>%P>`3d( z|G~J`88sS5=0#DJWPDK`gT3sk>-D@n)c!lV>UkZnvx8_HfJ#|pVR0NBS8$AItadDx zV0pRV#MK@_sG<6)aUNk1VT7mQf5};do_aS5)MwsJqhTZ6pINKNIKP3xQVjJv8|xrH z-p)XQqs@@w#f>C9#$jeuO0`vKN^xzqEV<=`L|TQrYsoQ2IN&LCSS$R#B$Ki^C-1C2 ztdk8Ld@_Ag=yI59(}Ia;(9V%p1l2I=$U05tbP?QcpnTboqY0N-1Uh$#p6Dfds+Q=v zc5zX7m9;%gW4*4%PXSEo#yLl;4r!br+EeewyD1pGTVU%n8&0xXSpec_opb=M%am&h zwDvnWCXt6;QZ8i6ZCg7HfQr=u#D;2sYHWkSK#Uuk+5f2BwjDh24!n*%`$%D^Pd{nL z@1c2f?7pEfjc|yRpdLlqo!yyHSEcM6YUW&36FyL~lXo+45aUoI#uEoIaOTw(qmlKf zHrUxh`IIOm(6S|1ii9S@fBzmNG_T{L-+}Jsa7r(Zf0l7BVMA2qLt7?Yg`VE5+k(Ly zwcA6+eNr?pbJBKvGTe~USHsNauTFmOdQha8b7mtud_U!udTPysCZ8_YK3IocV}6kz zpfM<%`#^_0k)=I+rQd7Ya9>gF*J=W+`_6|qSo-7FI^|}BllR)z`@8!h@8up%(l9ls$1x3eZu=%EL(NeXr62`pbhJ~a z=L%fELr!oo(Gj{N2KQpZNzlsN8pc#e#wUa9R5TuBHlQdVlJJPe#3&Uk@~YOAAa5KN zt+xkfVR(W4%gk-qlrI#jV1_m6C<@480_?@HOF6X`=>0JyH=%!KSwLVv{h$+~y~+}z zP2mT?BYPKg6z9MjJn-}O+Hy>^l+re-#`6SgJ05z+K<3b94g;7vo6RL0Mjr>tBof$w z9MP{TEX0^yJB|lSaX$aeQWQa;l3<9Zb~>FVjpf^tnnwb?cZI3nA3tz^YIevuw9IG> zp{Tj1sI(~W3OyL^)U+F8NfZZrLW0+&M5Vqj>r-P*`#u4y`5N=@8 zG1TYKK_3Urs(qt5$RI0uIDbT$1MyTh*^g+@oaP1H9OyyM4x9Xljy3JIvJ^O36oQ_s z`Guwi#UG!FmJ^_;wWT&j_M?f+oCQ`Ell_j_crqQI`Vk#v;o8$dg+Olm`SPhKek}q} zO~Pa^fKa{tHYVChGEXP;zFK2b$)B7k537Bj3#`N2raXih0@rYGql7(J343vH$n>bq zt2W%;_3AdcVszk7;m$ZLL>lQ02shjlUS9yfh8U>>V632*>|_njNd^wESRmBCot z?foNqrStbxKH8{jCtH}4!$t4rLXH=G0t(Hm@szX*>3FIYv@ajn9RezRc10isP@$-B z_k)`-rkZv~Plw5O1oKhwCpBKTHEyNO7H1r|OSN4%9gPS_82!O6z|}-mM5*=-aa*=Q zfCaBttve}tipII$Z1Lj4k}K<){;La20(eb37hV7wK#;9^XL5G~7w`wWcnsI@g*q;a z%^3P4;kZ11M1xnuw@jXBU&pz?pBt$AeNcKgl8KWzTvkMj5Nh-z(XE!siR1C;fyXGje zNmO^sjqP~I+E~k<&>(Zg7?_M_)jKV(t^2wenUNs;JS-`5#x-fwCN{2ngM40HWSJz)a6vQ8h{D`}wYl=W|w)D zF(p^pBeMm*Cawn9bd!0DWPE%<#qQ|L;{ailV9GNd#-d=Ncs)=x#OSA^B3lDl079)< zVZfR>w#u03@hU#cFiiltH53<;=T0#cOOyLlVoBcUWyu!Tq@sCYOxyXQgMd-GQE=c! z=YfjqH^wj9N8rh#$M?^eUB~E^5UKWFet=HX*d`jVIahvkGr=~%JNQS&Mj;M0M|36``nlURWNP@v(%mAks zGsteaMz0F$T*b2ZQu6|)282$S&><5QQX_$C9rBQJat#_4ux&WJL)LU2SW+H@!Y^a% zi3pBuLQw}k?RZSkHMxM0z6{4~x<|DrrRg^Z zUmcR=ey#VKkPK!-{dYtp8m5Xaa5>N+!4mlPT%#M|5MlxX%ckWyN1WS9oP3;` zoiXgAwrppaeYAVgPkKs@+*mnvQbnoMKXUfgRUBu28Q|uXjhz{c(N=meHE7dM9z_4{ z^_hoW6fz+zzIONDoG*=jFa9&G$4^?Sah^# z#>l5Uww#4sViRe@hC@IVmP#cj$6EB%$wecifV>nQum(rfj3U`ig6y5{EZC&fAh_pd z5Iqo#v`By)=RiQ$!p_uXNgTAnR_ZQ~@vb3-KCO?4zQC@Pap>xW6rQ3x@5Zj59AfUi zq6KL!OO^ZX^;tQipe0eT;X;N3<3N|g;wk#{YZ1BM%tY?uY8H99R<@TZ2ZmTJU&I1p z^BQV{nB{8KikqmdB5Aeko}-U3{zmXd(ulN>+Vn`F!)RQPG{;!`F-?fnUO1W?H(RK! z82v25AN&iYz536W==jL^`UoPu#y;SZbE&>wCbfEcZ>!?gf@h3W&JYyxqb|&;n}l$= z>CSUS8hJjC0Jikt_$bFm)3e&ETDfB@!WPq+%rr1Tj{DPlR@2Xfnnbgj#(-s0NG{lv zCbf>BDjJPft`~?)>=Zh`|AR>I!`W5HYE`SX(oAj19i3ImAy<+h!9pm6@@Xr?GKmrST|K!_v-L+RfOJ&@%tTjLzB# zR&pWq02&U*dTk1LC37+)DX7$6>tTLl7}=Vx=%g_tNE z23 zQuRVEqt#cdk+H0;TuBKY&eS&=Da4o6|VmufDaRnE;JEk%}Bs9<&q8M&{3?T=&vzgXuxb9{#GUesFRbk zh-N5jJ>kl8mEn2|S*EjeoVf#1Ox|L%Z20V89jA??5yYEZ50{acsIT zS#i_NPGDKEi@l*rlvY5PtJyeVq7F}O4j)B2GJB>bLe9-nS<(Yw>oRV}Nko%H=GM@k zmh-YzuuHbGUgNL<%d~%`n`bAc{fRnShlAn+4|Hl+alI>;}l&YqTu`4t?br=yY(s z&(ul`zN0nV9apT%mV zHl=ETnrloptWc}sBH@NSAN{E&KTra_&d51-jodyC!%~`??0g%PY~8s<*?NX*n00g% z7&&l4O`LKcU3D9mG!FXC66h6ZL_}gW%l!s|#qFcy%5T?!;J)lML_&O3M|)trVF3~9 zXB(Xo9Q?+qBtOSKQ3cePpHp$EbEW&(AJcfGD)iA?7HdX#jMSF?T9n%F+ zxxV9txH!tIai0PD^iiCKVFTs+wQrVKhoR_Sl_gzmsqBYkHjjXI&S>0_S8w`}vn(@-o+WC|DEjDQ z+Yq*c^GwOhr=Z%q>f$gNWKkmq^kuj;DxQ3+$9WL>$!Y8G0C zS*aO|{;mPcR%SL?cV^I%>B=iZR-FZa+5X%KGrzK@CjTo=lJ-V(z|P74y?@Z@mGggh zo^-eQU+?0nO*Ej6-XjwS*=V@QHuL+mVv~Ku5UR}w>A?m_%iD&jLeY%j!DL8 zBTG_XwX)jhqZ;QRTKeuxCqAcoOGV4%paKsKdns@nm}`KoRiI!`oMuUK?Ak4T{V$~A zO*yEG92-w|XCaHUea{ASUiG}2T@pL)f^8cgtiB!W?s%?Nu#he`7r}EaTz@IU<#g5k zj$*stxo!uU@eOPxPDE5dhBP*5J|IdaUzXh1r*-mTv4q2*d3CQbn`tV|=F22mc5MK= zJ2{`)vKW~&y2eN(F&|ldGB~r;rdIUS%x)-2@$L?4qoY!a>TIvIeZ_Z?U`o>Js-Huv zi@ulLx-PQwg)dq4gH45Am-_hGzWJW1V zQm-(lEEUtTit1~v@*wt_+~RVQ5WNBm9y2Q>Rnaub{H!9A5j2gRILl&|U45Uu(f4BN zgohbYm2L}Oh*V`^lg6&#%u9ZI(3HbO0R~u~>FQ19^1@vl-WM*A)bRg2&v_=ikolME z_A!V5-`ndQl=%O{{k^>{|9=;cYgp_z+O9BOAb_BmwAn)X^K!By8z9g}J@2X4-OpN{ zM!l!BzeMhMr_Zj}?RveePjk>s>B0sY&u#UYDh!U z-`({*^}i`ci`#g|bEjw9__pzFiNH%W6Jh5I3d&#hLR#v8@#k$F>A{@YcalmVrreI?6RmkbV-PQJ2+pS)k{m?5D=qRS>ooUq1o5u7s`i z$oeU8b!AkYj;R|()b;uQ8u@SPk+-X_Z(mv@oFo5rp6u@z<-cC9bJ*L;e|Pbed=_z% zbmT^@K&sxSg}6V<9F3XUK{Zyz=Mawff4{+Tx3_!wwBTiJD_@ey zHRA!uqvHfO+SUfxXuIys?X0&5Qxi@Cbx4G1*hdkTl49YF2oe8fGedZkWiE%NfclsH69Wk<2WFH{#Qf<6Umrx$l91SHir1jKYGK)RE9Hi>~7c1OrHMH zYSn6sEi!>6E5fYxUuyqrDzr2Kn6v+%^!E44`+u*u_5Zt*=Rua}-QqYt-@1|;wAmkvYg{}55m87Dzo2jJdB3SryzEw^zL9PaCbFrzyN1qzB$Y88&ji5 zIAxs5i4#N7Y&IGX&@Vi6lIJ>v$B9B|Ae8b@Q@W!6flZwvu6#8V0O48Z8H@|dvF?Nu zh;$cy)NM5Q1%{}R2j~oLXQV`+Yjb19=?_Q8PAFF%!e*km6q^Bm_2EvCMk5i)w6;#p zP8MuR^B@i5Cw8P$v`=dmXYqh0m-~DuRYUL0jUzVlquhx0<@2EItD#P1L3E}tU5ny|_ z_w)^gcOi}FqU9TqW<`}XSdz_$_Kg8P?*VG7$)H61@06&zk3O8AD}c|>zyF`+|07sL z&Nb?v!%RJF-acwPK!pgR2M{x42i!-0`ciin>=%c41=y!Ry#f~&y;`)gf9;=ZbiyZMLw^`J zVKPV<9+QC#Z#jr*jQz6y-)&FdZRa$jdiG192B*5><|JM6EdEO#pA*XBQ_eNX--?Io@c(sa(BTF2 zH-R*9QKHf8O(f!jXF6fbxApZ^@;67`3_%re(7-06izsE z(BjO~BS-Vbjzs-aW58a}N!M1kf&93#wF`sE#3wa}l)9D+eln)M3VjD)x7Luz!<&t# z%Qr(vU74a6_-l?3y~ImPALh0|i%-UDkq;x!ZF-}Uo3+7d^4pvYMryPIfk%Odgyw$J zaU{|J`$phH>A?yy8DyAB0;I=>uvf7pZz3y*%%lhH9-f{cnb;@^R5%oA^yldC#`5@< zDUfV*D8eGEun;Oyor+2cEgK;HO7Jz&=|X6Lj{kFB6dZEA9(gQEKydS8;*LpybN5E* zv{=eOW-6gvLy#&(zIcYFUT~I9 z_Z9gs{VXN_QT#0Hynb_Wd~V0L@gjZH$$$5@^77y9-MvQs^C-`U4{4}`c7@zW-JILV zM(F+?LI*)?I2E|bZk+@&)cw>8l2`^dO$mt(4dt;|J9HRVbJJCBiUW6pZT4FqK5z=9 z63vSI2l^g&f8R>832>@qSrNWL9UOYBqns4ABmI!XxYzpd!9pZ(=hqe2N4v6#B24sA$~|AX2)T@D7a?-Z|!Y&bNhd1XSdn^kMex@(0Piky=fn$ zYW%*ync0IWM~gEdee|?*f8XMzTF1AcjQ*Pu*hx1iSRp5 z-Lllu=#KNDfrIw8;ZJXRo{UD`Eoxh7V|@GYzXiBDaiHo$#D4!H!9HhyT!h0A24c5< zC8BjGAM-x=pg55e@ze5Nr!ag7gCgVfc~dV|Y^}%8hKv?-^!i-IlVKroHtp8QNJp@N zMszqmBh9^vSff%7LZCJdyo7d9Os8a9A;=(I>Z3-mDpOftp&9U5+R_skP5)r=NjBir zh!L&WXEG8kRMxO&-YyMb7YNJDJ$l#I`Z9 zZCme`bIv{AJ$K#vqu1)ytEzUPtGo8IpS|~G56k&=RgRVHL&s!8<=d}D+!&9eEXhN~ zzA8*piC|d`@9uo14o7G5yP<8Rg{Uh95fQ@UC%PXkb0U>qWx|3cJrrYepMyk8%a&&%k5<_wDxV+9_xZwxDVCg#=-s*p9s z=yH1zhk(3j(Ros$zy{(o6sr?K=u%O%KDOiUe`4M~u=V-Lwc8aq^AEE!3~K=(Z%ZL6 ze3AY>!um77&Rb)4^j%qmaF(YE7D%c(hV?iWXBaaX2i`n-DZI&ZK#pPoM6aNNDX5{A z*DcE?dur$n7SV;TKbr(7B~rn{P^~-KPu!@q(f!-gI*pDNfX4MC{K^eFNR0$F-BBMP z;XXO$)*riZ+Z)ukCqBzH3!haQpduM^jYPq!ris%)27N;OOql&EaEA;p|1 zS>tZ2D1ntc?DM21r-Dp*U(fAY9c?cR>snnopS9Uveq?cyI}Vr)$*BaV86U2aZRM}( z(G{E9=O^3c4ipR(i0ZFOtRu-}70@G5MrL>Oz1L@$HKNJvvdRJej}Z4GGa$E2`reDi z46M6wa_#OflHgMAYy@lSM0(UEJ-g*`)>I(EZj?7*X%I|r^m@O~laoE>BL6bW2Eacc zA4ifc#4^SOm!zOtfg5|DMEDTBH~0-kXYaWOu6Y2e@2f#{Z0-6-McffnWzOx5Gwpex z3l_-(df>DN#hnN$#DkjICIyqvRWz5HI2Bv|7B5s@+CHFaoF->6s~Vm3%i%Y(7y%}? z1;$~Zkg>dIV@(Yqe)Rc|yILB=U0uJ2%rM~>zQ4P+j3^IycPo%IS91^z&8?_=qMsE_ zPoJfjFzt~d*9&0}L5X#gSNr&`#Yl$xpw;x!4r;~t{8*A$8oeJAJjNE!p@iXP9O=X4 zb8)vZC`zuzfNf+ukDNTK&`Z#G+(M%RL#@HUbKbLnE>X&u;lmqA9-@yZ05>WQj~k|z zCEgZ^+r^F-=}tESXEG(`4CwduFnN6(fCBu@2r*3EMJ42*7KI|VPpacNr7#FoKa)tX zJLYCNp8r|sFGR==rEgb~E{?^mTl!C2BAwe5J$p;H->lHp!{WM<6EVa0+-sSXFgi!f zS>jF1K=*>e06K+le%4N?jzIov(ie=fA?7}e3#Gr~^L20UVdDiX!L{B`#GB_A#?rV? z(Sgv20KUS{TGtE9@J? zLxOE)K){4}Ybn1@)^M&$8GU+)DRPRqZN2+un^uv7N0LIbDBQZ##VWx0&_3RVIX5&U zb|aa7~IS=JjIb)%EbnicBI=iEo(WN`uCPdgqvpQ(Q$VP znrzUf$0p9NsDvaH5w{n`Mo#@7NQLAYc?SbFAUF)0o(92rJ`t+JJ3l4oPDQ zS5}p=-=#@~>09eKN35&O83uZ_2S@UeF|**@rj(^slSc6HhPN^Ha3cvr;`9%=D{-p; zx?z3dDdb3wD3*tib649~{?@t!h8Lcu4+iHjNCd^4FSF9DM&SC@mF*?#UC)TS<98+! ztKLr9toeQ<+qgAfm68{lB?d{{HUQnr8DyN)K|RPg%N5$J@31WK02u9W9pt$OH9QE7 zFho${X|_Vd$VBo6dvE$%GpC}HQ*CV^t0ik>l3B%o^IogV|e;YLJhC%!) zqNJq9Ax(70J`%O3sc+X+Ot4j{h~QKp0Mc36b$nnlwNbp?xssyMTh(EUD#YBByT~nH zy1_#@4SZFxZs#y0H%k8?y2{d5(I|UIWL=EHlCy5ZSU7a@pNB6_CcLS!xN??t*Zh5h z!3C;6kDq*Ff!}esE`1L_wmB?-tMS`PVCn19c?qb;L>8lW9A7*SpL#W*(%c_?Fp9#! z4ll@e;N{iTvK+7{(ab=8T>HbW%}Yc+QCxMsOD&sGW06`clz~*=z&L^DR<4~9<9ZRNtq^UiSPg_eYCj@-r4iq z(7m!dNn%N!Y1LrES*nWJpXoYW!`+nL3H}>m1o>w&-k(yy`(Qmjmj^#DKbl(Lsg2L& z7f^4Eu|N3$&?EnH`Bhk&Sps)=o5ohTrQ>SCwr4c|99WTU{lSF9Vi8Ie$l;RP{U&trFJ z;$BbUAST#JDCHFk^TqdtaIb1(dqh!4Cg~T*?r&_t?mIBMOqo7tj!Qisv|5}gzbg;S zH#^v{C<=kiPd`6?hVKbvedWhLPIw@IvMq;q|28lf+>@9L`%NVotm-pqe8SNv|AWnO zhumfR*K%2EBP>bdYg&ZxvkAyD9rDVi+6Z)eZoT^sCi?7_`7slBH~L91`w_cjdXm!L zbG$~rA8_G=-bMt3JPGVi-bGp#cdJ(6axnP~ZirQhnXCFQP4xJPU6O@sMSgwep|%IF zNq!r*IqwwaZC$YAleUN+2>kSv)_A{n{XR&`5TmW*r*y<%dEhpDAu%(7Gv_u8!k?;1 zOe*N|6xq_)aM2YvR$~rq*5%on-beAw9h%gLYP7|BLC&X4%J(Yu9(;Cep1x1XZi;Gn zrjBG$U+(YLFSAbX4Ebutrqr6sWwo&$-&JN0gqYc_M$pJd{bp8Mg;8L6ZvB{~<0ONd z6js?QYcscMCHSG3hs=PbdEa~Tx-BpK^We!3H+hQpH$NCn-o-)XupHlwO@N&wS9U=Q zl`?UqX(mQO8@aPzCe)S8t@0t>x#fLF&6sYyoT02+d*+p`-Ihe!9?%J+%|q3XM#L9Y zzUza60l2-j`nGn@?|1&>7eiY*c~dKtOrkuFL%J!|Mos?MOP@p!06}B_+paD5}z;~WI7VR^DJ2sP&+nu{4RrZ(XM5+~?L@Fu*`{9&5+G%4HiTw@wC z(F?_r+HX(CSFW40KoVbk=C3?9?4vDl(D4oro4M9D{UW*hDl3isvOB!=YiaH1s@?p0 zKTibmQ3JPUm#N=09cf;yAzDGk`ysx`u7c4%G(|NbN$Jc`@Ar;`K0d+s40lzdK&zqQ zpi$s|yua&%{3T=)QoiMPD&>K!y(<)XzLOld?nL^ZgyL`tp+e>$s3d z`WCo`RK5%3M+O34SHFteKE*ok*!c4TzZlBDcNE6mf9#4L*Vh@fJ8#6dZ6x2IX?i0- znGFc|8DPH_G0LGc6LKf=U2o9BH~l4V^V8P$TgR|=!vW5SdsH|9Ct==xFtzur%4T;| zM)`}Yjm3+AM!+a^t(dJ%DU(-Mb$TRGK8fW9{gc%-Ew7^X6E*!g220lryo9+e-QxU% ztWgrz{@JrWF$QdDX?e=L2P)>WIY;iNi+~CusHJ+DjJxzX3xwaxS0E3nn`*MI4e z*xdi_qY+J7j+Z2R4KLo|hfo5y(4;%J{nG^}M6w^$cNwdv< zc>FZ#eFu6EI=s*PSW6w%uSg0`RYE481%YG~1F}22=A{=fBIH+++jI<+B}**jxkj&F zKu8l`VkT}9B2kLI@D|Oqv@}En%${?H6@@{5gJsd-MEeuxOo2URwt|MZ7TgkXgXC1q z;yFt|J12SPh^m#n9JFU?Px0TqT5ERXN|3rCAl8i#UOl--*azT3i6Wqg%{~IJcjv%X zAbyjVJuMZBEowMIDD4iNq|sI<8ep0oqL-dy68Dl%8~MbN;buLGQJ3yhAPI0 zVGnH>++Oym(PUkeQ1>kFAguF@YhLW$rGaS0k%9U>d3VWrJN@6YX)Ay3?hMT0OZsX= zv*_EP_xc@z11KuRa0?XMeF0?(>YUfPKyP=~TYQbwi;g-U;~~!z(KbkZKiirnRk(Hl z#P)kq95f=Nz)hU-V1`25d8fWMXb8q2@+Ijc+%UMm`IO{(;~ot1U_Z8ymt~nQ<5trg zq-ZpfI=Cm?jWh#-=!s#vQ`+FlK59-}RBfc$Nv3k2GgB4I!2gCXdX0`;RB0TGD-h(W@% z5{t)Tu+?Wwe+vE0oh+EYXiQO=U{&LkuAzK*)a*Z8JEBwBT$J&dqbYlcV$E5HZc7IJ z$gIlTr&P~FN=t%DD&+`E+g+_`os#5zLKjzZXy3=f!QZu~cRTXrf6gI1)$V;0F>Vh) zu~a6^TN+DroropCtukNgG2TLpRdW`$k z&cFU>KWCycsFPruOir-B8-_Njg{hu%_6qCa65%JIYIEXqrps&C>Kcx>^1zRaa*Czl zZMm1SW)?Kqv^UMw%PewcpZdTWCQd~2_mgc)IwZ%N)fsTTg~Ebe%PZ;a;Mk4wfNOnCxU^GL26+)Fy(4V)=%FWxiqHTR}tk z)B7X!&204C{eGQF!&DmY(`XN0`jY6P1)Xe$e^RH><#BpT*;HkGyH!+w(ev1RPOCDS z$H%xQI6z{Iwo5rEi|9Rl-_T>v)r_SIHEM9kwA@)Oz)Vj9Ag_TQu%3k#))xvu4+Ji`VU-u({@c>5b7 z-NF9Oabqg3b4S^C&C0Cb`}xqik?B1&oz;e#QE;&nDyH^9KlopGZ)(J)YI`ie1oaeeYkvLU;^I8c@#-HJED{JMp{e)>;9#fi@h(efGCE- zo=fpYa-HzqYBBEPU!LWsyt8P_bPkLIN}dQF(p1$6xOydUYQ%5-?CRS0@^-sBks@gc zjtFXGrPOG>&*1_kzTK-vI*`xuUQ2eJl2{Fqfy4$gd|mv`#)E5MN!eMS_SYeds;1(& zI-NmL{*rZioh0VmdS?bKqVQ*<)$@hz1leQ+&kp~4HZx0dFtl_9+u^c?hcv(J$^mOZ zYxd;Uw7=Wn33L(_!gNTySjvw78$OJoX)CGvQD}lG(GRngc6NicH=*#|g7-oiH+^AcZ+}iTmMDAll>jczO=G}WcN1~8%G;SVwjVc(N0b{xytV$KG zXDIyCqP?IJ-BokN+K=_g-y8Z_)y>*A0o+JV{YZV|@T7lrqs>9aAg8o_A`8Yg0tvP9 z<{)Hm*aT@wW5ax=^BlL3rlZZO*_w7&2UYzWU}U}3%o7SpcXHxa91aCuN&6{I@BD=b zphQ#xb?f$#hLb7rLGr<<+H+*LXrSO$j{Ttn*huQ@1u)M>=kBqOneX$}MHeX&WE3Ot z!o;$(p3JIM1tr;@P8FaX2OY?4;r9L{o{JZOL<4#_&5W{i1rAXytl}=5aEJ z8soaRx8CtJd9d)z2IQi z2?(9tM(c#Hu5DZ|SI#u|m7(50e-emrA!4pL)Z{zWSA{{ymcxA@Q$QVIA3i8mA@oHe zVa$=5=F+gi7CIOQOb z5-U061u*hv+p?Hi09`QWA-PwRg-SV3S~f%aOXB4@UPL*LNzerhV{Opy5saUlw?`A0jPk>QjB8dIbdxmNc=Kc2EPMQO_1(TU3b0!FQ_VF#yb)3kzt{iEdE#hn3V=Bmu@j+1EP>Z z@IQt^Ed$PJohX~fXc;EHzh2rjAeLIuwcocEgW8xHTz&pxgltI|L2z!ofc|)bO*ENh z#^9nFCL=S?pDc%>Bfj4V5&@$lO|R)*uhxuuLtTdS1L; zjM@>m)$EkAKASH*fHm^tSH|}JVid8jl4dtYv^{HMC`=Z@?h={c$?7_9$Fe18S2>qy zk?n7Mjn>9IUO1#KKguq4nu2?x3-*G$@E2k9gu;HB-v+cp1})uK_(tN6z_Aop7t zktc+`X$+d(gQIh^p0KBELq55-E25S{M}a(-0;S}eP@(2-(8_?O2@yOX3d8BV^pAr* z$xZk7t!d11$Y8B~d=s+dT%ZvQKJ93M7CEy`s0pC}U*s3SNt|+3d>3k)9aDoxj@wpY z6*yHHn{=a`HrfnmUp(K|H>6IFkP%U!YgT}a+O)P!t=^7D^>&P!ywnNEEKqYivH5mwdINed{@l9LqU!}DLyFsZEEoo z1Egs1))zlwx$g(zU+r6osT>macHw}GqFU0eAD*rFO50AR=hsfB3(LZ1)Vt`Yx6oP~ zfQtL$P0xOb67uY={tu^!q)MbPGMYrCa0Vc^e9cH!tAYSHS+l#>6CkmVh9u8A@`WiP zhV-_x#)Q|tu688%P99ap3V+h#g|-`>8qB=fKVqn%=(uz;d@})bw~*YV-1(A5PREzf zFz?$tD_7}R+jd_0MTk<6=FTx2iNbUdpT$&1Mv~Fi-{UZ9 z2)MtJ(kfj$DGGh5eli@U7tamnrG!1^V5fp~87i@mD>VoSeyU5z>1zI3cDZtKul<>G`n1;KnQkEJ$5z@Z;#u?P=@V=%m})#Z8B_?-Y5#bljkyn&zx2%1Cg zD3Dn|R7F)rYo@;}RpKxjXra@GS*ugtWNh!bRzr`v^~MA$+wvDvMz*1*mYiHV$_^J-~wGWg1*0* z7e5z-#zoMf_zec{{*8E~SDXKuc%;|tHeXE&lTN8yNx{%uRxmZWITOJ#9nr@&aln87 z;}lc)4GJ*-rke1uAK#?4so+*{FhO#{Z3z_%b>lgSUpZww0>36juemM73tSg&*+R?s z_q(x1!b1g$VYd8GKMG@_NrCBVg9f0T)$tpNu}w6l`sdRD1MzNWE+0wUOHJ}H>ehXf z5CTUm60B+Zc_T%;yyRz@igXiljOdznbkj0IBC`U);Udqi)+ ze_N5|IOYr5&1Lc2wc}OvNdV(FW-4-i5vK*WJ4b}!#3M2IAXP1KNue=Ob)9mP`afDL zO<9%PJBz7@=xdi_`uQ-iA`JK2`|*MG{9SnaQT&IE>9z5H1UqeaE);DcD}zONvA6rv z>M-95^dcVxXP`iCC>9xR=q`LP%J{Z&`cQ<)GJR8j!lJl59}hoY2WBUy2NjsoCI*}k z$OZ+$m($1khGF2MU{qKLd(8Z4>ph3vOfCTd&nl)z08JWu?}nf%4;&0O5wcaaPB37T zXjn3GXmtaokG=tHah>&T?uLFr);9jJE8R%Pk_Qs^-?PaF779Aa`OM@)#MSj2{}++j zK}dKynlc24g`x^hAPt@TPX3Pf zHZ&#;Bg~8+PcOZ48Ah5K&GJu2#~yUfSaQ3$nVFgGtJEyo8|eX86Zp=X4%fyj_3NFB zf*MBcFbBPUCu0ZLaaglDgDP#gO4O^UW%8ZmDxUhd|A9$=IZ>woNX#I@z(a^aE*Fwa zzAo-Z|GgxZSu&Am6nGkaMO?6K=5$&>Dur&8@bkwFQGIF5t8~C*btG}Tv<{?WQiEm| z*>fbZ_4nfh%&T}5B}vW z7__1$!)c;_1H5~o$Xi8j+$<0ppkVc>V)sq5T%A7mdwRNjbY!j7#C`DP63g$VLC1pEskc}&VuLnHKsKCb|Pbs{h_NHP2Bju#N0QhxKM1-43vlyQIA zdC|-OFE6gyUwiNmJutr*%)SagR|syJ+(GX1G7G^~)Pc~gHUDD#Dmr{X*7MGW8%y}h zR7i3%3hO2-X`Hb6xLjyfkx~|QRstm!b%uP))ElQg&0+TQl)4>>*7K??AB}#8gN0%b z5H!x-neykm>b`Rp=FLm$=xSuww)$86jg13Vgr^;OSrpZXI=X}mw*wMnDr9rudoH4j zlOC+;s7g*uMU2iAdgADF;gVu7#f<=Y6^NA;%t@TI{1;+tF9|c^H-3rarV6!4PI=A(Z_2)ok_1+wodZsz$t1fl?r!-J-H*u(q}Xvcg%_Vn`?oK-Fz$jb z=e)4}fi95#PbIU57G}sQ;wb9^VCN{VRe*W9M3bQ-{zm`TF5){wzjFTF-x=Dr%mrW2 z0n=?GCK$r@oxP<=I2Len5I6^L7jui10Fyk?86cW+&w#Simz!HF+-sg!M+|VekVp3G zdF|txJ*M-P*<$C?>PR8Yx%I#Q!Ye-Zi=>uIIcp7S%!DPf+LpMg5w4t$>BVzicOe3wo#=7UtE5^eF(*l zq0WLb?`{~9z2kyeH(Bg^SeLU zd6syvCN|5eRnty%FGzsm9+2W(;l(M%Gs;m+(pUKXLzNB@!2rQ06i4slk zA*K$x4;ll9XoD7BAiq7@<}L@p%7U%bT^+e6Nw+u$0@$26mRj9l%wi<{@gb zJ6zNeO`?~!QKj^CLJ(HK5Woa!nd^+DaRF)I$nvUZjBbJ_?;>mbg!(+PgvYId_ve>$ zvZ;!Y+sO;Myl~#1jwQT?m!Jb+^#uc^eR z5=oKXpwGwijb;ue*h?QJ-QZ)se|ED!SygtUqq(B{rFxW0{KMmS5=prPACXultnh5& zgM?t1MTH2TZAvtLCh{JK#5G8{uy*R2Xwv#O)*5dgZ|yIRx(G1VAUB?(r6h_%I;W2X zI8tHQvLlJP5;Mz4hZ5|72RSYD5ncS|mOAZ1$Io0zNR?vVEr>{V^cQMFn7p8-wviw& zmtub4RfP_+8*9Ri&7_j}B54otp}Y^rp-qQR`pJb4erB2|!g!AvI>_g(@{$WK$u#tM zi>Tw<)Aj7*i>rhE!9tev#K2*Gk!56#nO>%RlAmU z3f3W$zjP}5^0IchaU$d9%O@luMsepaP(!LtY}gX*48kOej7;%&LtX~|#4t`rO34L= zpH;8#*I$UNYFtz-7-j~thOEW{t7y3fVh`9hEYUOM!}P&L-958JY{>ZSw$GXSi(>&F z?V}XjN}@4^aRW?U{z6Cc5iyK5d<>Z}rEe})aXRB0FAr}lIfql-ijV+AB0(I?2-Y6)WSaX~V<7l+Iu`!FG-j4CVc|H&1X<|$>{D&V z{yfNyM$Ukrv-QqGic><&*SnJ&0xd^c^PNV-$IoSs6gM<55z=n9OI~s;xZY)s%#FUD z)ML>Pu{FI{6rf7&b1Hphn~!`X;pGH6WaPJI!^Q063C`TIle7)pqrW<(Qpp(V9Iq{$ z2(})=-nAD>`jX7?8V163;^l9Q@GJHn7@Ew|nFXEfA*Pr!uI6`M>#n!E(qxS<-ehda zWjV;hI~}FvT^`8O`t-;N}0J#EPOXD>b9MY}G)i?087(Fp63|Ca72I#~IAFM*@x!IulHln2)x0HWRd z*}1howIcwZG5_a)zvr`O%53c3ub6e`o6jiubzQyrISf2k%>B=K_lo%JQNq5#2F@gY zYq)MSy}=h)n|$}{esUYQ{=TmD`T^Y3ZT;Q}l=7^D`Vyp9 z^J_Q!#=8#md4{9?1B8F-*(<|HTdgvMVW`YHTtIJcqoe09vtxRXmBL(bu{lYjHN-s$ zLKmAC>HZ~NFWF=6nM)NyStlZgZQm0#3}HDL5?}{!#5F)^p*7VL$kpZ8=>CY|iJ?61 z{Em97=|+^}E*{yjgkdMQ#F%+rcz1*5steyv3Bzfim*3@h1ACeA&iWY!dA=vG?iuYkQ5f8@fkC{a6;mPy`d!A{z?ezwNXsSX z=vB0H5lQ`BByLE>p41Jk{9hMMLTC7=HNL?$`rEZctdD^MRu`|?V)pjSy+IE){!?iw zMiQb~Anj9o&?Ck?TDI_>dRzZ#^$t;+HwPzcjDR@VWJ{L>{h1 zi!Nu@)z(mdEVm5UYOJZ%*F-!>u1>Cxh_bDQoGUL@YvGNJ{A2aj|Ai(chd(Lt9qSKu z2=N?8TIeZm-38%y#gkpizTO>B3q(^k&ntFtCD~ng*u%AO< z;Z=-xH4ZYghhR&R^0|y5EevDHAtfvsQuqAE915zBJkhg93=Nk)T8!!q>&kiWlDgdS3<=|AJfU}QDR!GNU%;wJBYTDj7t$FO<|nhH3PC5 z>PUxAYJW#ci9yRyebuv~6#ph%=A#(!;5mx}#dK5x zmLKKUhSW`U_~w+FR+N(%r>&awT`-)deErtUMVyWclRHkWJxL;bw9G&JO4j{)tlTg* zfJ5CwKmMjp+R&4|uVHf+(=(^*^O2t&wHc}?aMFe|uX*ft56S;i#+IZ|`t~&-8=yxt zj@%@uj{^@AsdysC1!GkzVbi6> zW(@2+drJ)9=8~levj6uxK@dsF!X_};j0h+Zk74#R+c9yp_G^jrR=Xh3HEKZQOCrt= zAts@rE9H@QMRhK9nYq@@bNg`?Ql&u9B#y$kJdzw5dqXH>mC>8)%4FHlmMpkhbt$xv zAvQ26VR2=*fNBUiU2*g~}&0)1TM;WrbO*3e*w zK!7dHHA$;;`Q6>BEctp1o?Oa1C8k%OjYZ#z8M>>#%|2YKj{1us%oq~)+96zOAX&&= ze~}RFh7n(qL>bPD2693?#2+4tWztL-lUSq7e#ys%k(UM>vTpm|JK1o0>4wW^$kI4` zqAb=f=O|-;=eZK}`BPR1438tBm!H`d9`$T3j~ z^F(9N-p>f-kpGtOoK4iNjN>aW6Ay9a z_{!=Ko8f*NU%Yo-!W0PL>|1|O{VbEF&5z&1m|4=K!Jrn(cEsR9IJ)yWlQuLZbKzu* zqr?5HTA>kSM25m0h=MzP5H0pW&F-a+Btp`=cVF+eRCn>Cw_or=;|u{x=9A7IT>6z1 zCsj9qhSco?yU^IF9CiWD5ei$H<6p9blSIDUU=7V>s{=q@0!f-mu)=6C6C`xe=5Xz@ zutPQUwlk-1JP{+3AHcJZiM@Xs|F-S7tr)DOZvNOe!4ry2%nl=Ym4TR0?ab?s zIu-*6RUopjNHQo{2Wx_wDfij|h`IvjaDx-IS3pQhY9N)2J?%8P6fKPV(6*%l);Psi zi=n09v8ff3F1pZRq^szo%&dk{LKvyxPT?7nMZRmr)*yi9q%E$CN-Or?;^i;^zRwwZ zvpCw!{W6(glC}gHKk1>nPzLjL4*uei=B#9T&J3cXM@&~{3j&EK-NO$cm*{sF9Nlc6 z9@h!-zLm#a5}op^e!wd1I!zr(12nNcs09)T%I>Ah_yhNmt8{m0hT?&oGqHO%P&tH& zSC~GQser>9OSY4-G5n>NT8vYSc33f6Vvai=oseP;NvOWa9xD96giH#|#g_yZp^LL0 z8S@&IOVwdLWQnCWQzSMCQ$;Z<$izMZF4O zmj1I?0I3G++)5jg(?zE%Yp5&;UbpOLgORmNG)4Pe5HrT*X&LaaDpK-C4crNc^;?3lF{QQ)F zfrQ2?S!3=foedF9@R%wvkip0JXb3qSiKLcZ4uh(r8>Em7v7FYQ%Gzs0EIu?V7P^hO zwJk}x4m_>i0FPM|C`=e&|>SeJlQBP(@RG2l?h}I*K2WlE7qq?fcoOOv*S2v!; zGpyNKm~Ou`(HFC}S6gz6M+Sw%fsRFbT!@?FkEz1HX3@KskY~w*^8`$5n}7k8L&yQU zt>9Oa^f4p#+h#1>lJ?ZNe%vQXRB4;Izx`U%5Ky4z6ib@z7$M@H{ey;@)KQEMW~zFP z5)4~vy-BAxC+#6F@$bMC!SSY+nLzNkLkd&Xa~tS!o{73t}KxVLc_M8h}3 zsZv4h)z^x?K9C)(Q8%FK9$T0cQM$A@ASr<9sX~;VO=2AC#Hdt;1Dd6&C6r#+zFRRE zqao{UOX2)v9yZ613KK+&KYWU~CztwWo|mM@yw|EFmOf1j>U_6o~{R=1_3uZU9XUxsZ2}O?xavuv+L4`rF(__N4e*!Wy=Hj{3i^VDh7Mnv5BQ#3ciEIy z+K{XimXY!nFQUZc@^q>%3UWQyq#G6TOuWr47U_Wrp=HAqvYqvd95wFAVDJ!mQQL48 zk*Tqr*(-bX?pEw7z0g1xp2dA!JLE@Xd`kD_EI~u!j}Bm) z57SahcJHb(jLtz}MJ{FxXA31#(Fx<8%gzt?WJ~ zjY4rxTTttDB6k@i4#PrrD!swfwn2SJBCvXBE@(aJ?kM43 zCCUUI*(=&c+fE_Dc{6OlirCanrY%i}f*6LtVfaC!?A3qmBe=W}zfr??LlPY+#bxnk z7vX00g+AgNBOFf5{t{z3jxa{;V9p;$Aft*vzx`8Bxjr44U0~bF9MaONLDMa4OcnL- z_lw{=W~O2Nacz(t`CMe>sS8hcs6_1vX2&1qw8gH6X^AYjLggE*ch`@e_gA_@%Csw# zUepRCHX0grV#hMg^N69bpMu=*j53OzsykurS97xS&$Htkla(%Iu^)VRaj(6IO3m;> zC!4h0P>G&hP9U#(5!{a>j`2TocnilsOX)8%&T(bTSh4T1*fho(zz2dbR56rz9&et#jyva)&zX_j-B(wbiNE<0q1Gzd+?J~t_H zM(VO$;#4=qMrHn8FxhQ&hC^V>4(G<13oseP@*#y0(6tE25<@9T&GSgANIfeQ=|i54 zmyWcj>E4KlOGeeaai{4Z?=-}bMSabYY3*hu3NV?>wvIBIvr-uu3lUz#yS67`gAF+7?U|brJB7rYZ$S{*Wn|uJ3?SPbjqa;-tYR&h_xf? z5YPgocHBGfga)5kthHTG?_Jzd;9<;u#s~RWpru$y5_lQPcOi801Md3oBN&SoAbO|N zpHgR?gQxQI`HQ!@g+u09KnP^`+fFj;~N*r+u`^-(3O~F_T|Bp#`MS!EE`QltiljV63`n z2`s|YMpAbsv@unPdflikQy}#G13vth3i`U<-Z|Jy*ygjXxA1i6(gPGs3#}yOKSSfy zS0hwpi=Od{WmxvuMQ0YJ_6LHh3me#Ae4+(H*U+nf1AaXTIO%8GmZ$zLF7_4jue2<- z;uUSJ*H-$D=T}`NE9_XN30Zl!QKt!6UO;UVi8ho!Is;YTE!v6>5rvfq)BR*#kU73M zK~AfeB<5)UEzv5|B&RMDwK1T$yUeli*%WRf7SQ1UofTp6t zuer-y;$1E0$L1h$(jOO!3AuoZm*q^5>FV;oe#{qnEwQr*{##O?3dI3%ZySh@daKF= zKqA@K!CJm!S8p7KRdLymv~RaTU%s#Rrz=|&;4V{cZp^ofLFOE((79NVv`uK()%Egj zZfUKnIj3@P{*2v+goj(4WK~UiY6>7tMhutkW{P}}ih)(in}4b?h!%Fd9BCve=m{z- zPr!8v_qsdgDt>mFaKbS{SSRo+BAg|^dMP#h_(geXQdsJ%sdb~7!YBe~G#(M3`ld9p zGzAtaPB#xuZo)YQJX=bcEuakYhXq4mwPF0cD!WGI-Ram-I5$>6wATq_%@LVVWcN9r zFp-E5+6Fw+17WDCc&J3uJPaoe0|SFr3YRFt^?J>%*xUNJTH%8mO`6-hkd2rjRG7`H z)n?x=A>l2E2)Cmg;#XAgd4&jtfnpd!*Po99xgJ#qm$MW-L$~G~rX7=t*zU=I-zZeFZa%d)24h5;x zyR}2Pw_M-ZT>2O)bXKH$`?O${5~Sg~e4U(mIDMR49d3*Vim0WNl5opGfV}qg?#n(u z1>XsERJ6Rp=o;8KqW*RM_oBP zN1iuBr{4CY^%Vux=w}7V1hcERDVBNKGCQ>%MBAsw+YvNRiQ_0J2k`KCMBD~9w2e@( zb5YR5NAXdkK2wURzjDn~-_F@@yJka=`jnul+ASG-ZJq>7vOipmgVS*iC4_d@C3nJz z4rpz&enN)lC0OCOXpMdYpd}|dvw-rP4nMsJ{zhh`O~w$-vqS0RyHaIR^)K@YR*8j9 zmIoS_DQf-BO1IPzF%_gEBHvqkJ`tcnwP}6E!*^19g&@AO2#q(F5#0ZQEvK1mC@jbD z*J01RPp9KMD2sXh*tqzZpJ9IHSAOh}Az*v%$?3|md9rP#UqR_$i?Fgl zp%t0pCAH+|4#iOtIB0Jh{`98j$!O%=qPCSb#y6cMXkO=O>$y@{XvIe2`!n=Mf_Qvs=Fs(K?imc^`Zf3=N5c6Gp%`(u~b7?sgvWrM?H$X3DR`V`xJfO2~U4=vqVK zY}&1p5sJiVBpT6YuZWNV@4Pr8U=zmqV5B6Vtwe3gN+^sNcR=+~V^o!?EU*yDIS-+J zJOS|g2aC_D0jI`@*T{#>R+v0C&t&Q$bL_(i4F75wnqxPV^`hLpq_gwCaYT&aG z5norW(`+$YDjqGJ0$VSx4V@6Ugq7Z`YA+BxV0LZfT2^7`3OAwBM#>k!BICaxEdEFw zz!IoKMcaybPjhj?VR;a|WE!g69EUnWy-5yb#2~mT%7{BI5heiO(P=Q?sTM%GEKY}D zpDehQ`Nxms(ZvXJs4r*{3`AJ9rAn}uBU%D_qjWX>5b0<|gq7+6spQwZ;)M89n@t4E zmQ9+SBOy`%RQ#?|ZokwywbSKEBSlvZbzJaNSSgZKgqd12=ka2d!l3VB1-u&h;j3?}S-@YH zP?=B7|1HJ;htyq`_y0c&#Q)yeF695+-fQB2Kgv_K^h4^FpHikPJzuE#Xs)LGDOa{_ z?&adi*e@5bl(7&dfl801j0QsVkyA?W4(M-q>Q~mfLtfyLAVymSX?dnMGY}jn!bYgK zl3vWxi}p~6l*!8!!)KyQYPymt#U3_*sLzoLsc(i2i^i8Q46sc<+k7=uCiNlBmnex` zwaEeWvcarMVdo6>BEV-tujsFvLY%2Q7I`7d;iW9?T9ccHY&+ukViT;yqAE6SX6>>W zi^){^qYhMnUa@e^!?2|7)FKq!-}h?@i=+47Y=XCT_v#7@sM~swhW6)+7={5^;AQ|b z?OAJ@N(1t!7RptVxp2XzT~|SCsZ^5aT^rU)`x$CmXZ+ucv^~>}ty{^BzqA}^KsgGY zp?2PFtNmVD3Tw--B7wwHcd04p>KF5V5MXn#PDrP=u;LuZ+DYBP?ju zff;ncq*vut%Ejcl?hM+L+0iPXuaz^4%vUduIs9NdyQ=-lZBbRBa)-|!!6(?|4?Lu$ zcY9TH#T{?#*Ur!jI&32M5JV9~?@-%v_)eQ%xn6{vxK8(?+9`Y$@HX^ZAQiwzeiJR{__jJ4 zA`BtQNyq|dE7FVdf?qu4Qj0rlqfv;2Q=Aswi;^{!42OT#Kg}{}oETn2{W3wRrK$6n zy9|-7(al=SvCL2{CG=Ny^|1U@w$)0)lr2_CVas6r1a$QyfL@x0W*Rvy5Kf>l+2#1^ z_~Pd`M|t}2^5py?SMcTGkH;^|=*Ya)C2Xiu0;C#y@#f{x@mZm@>XZaVqxrVZj?dq` zJ$rs!Xl+PiO>iofXQ^*danHVeee(Z*dpvk?^78og;j82GMbJ>yvjqYU?EF6`r-O@^=YwC4&rV+awg`Or7Aqi{djzYtR%V$q zlr9bHRdf1PuU!dzHE}N9s+T3rX3md>FgJv`xUwFMEbAt}F`}HJ@?lBxymlLcED5qk z(rV<`ShJPHxI};{m20`-loec50-Or8RLsr$`&K>~S*ay>S;g!P!{|8+gOd}#mU0}% z#d6i#f$0t196^7jBdC;<)GG!|zF(1eLfsg_%8(i|Nn%|i8ROWMF33J>zg$o|- z=>A?gTBLaY#!fy{O7p@|r~rl4XWv3wplE?nI71B6GegQ$IKUoESyrQ0 zs!@o2Vinlpz%8%lDiw3*aIG>A!h1KCg-^C;(?p|HH_Bjc`dN0^dyZzOqeh zMhq+NU5Efy3xbY`RRTa7DQyl>DUs{ul7>EVpCQpnqrb?u$W=@6jq*%}!p$!_LjR|J|Av0CB{X3&Ud$aI*ek8DxqE{AC$gK%atoK2i7#O$iqOY+v{Y5zL!9mEwIQ| z)v?hY46UhRwmfWkDRN6oE~E)7zv`mL;JRu6N~4z5z?2J)v;wNl=4!F6!%~|#E{GeJ zQ9Bk!_9Y11(We(Wp)X5^TsX+*u_BA9!p%%6UnIY@*f6pg*B@pext?Wm$YQ(NtSoi* zex2(omoc)WR+=NE@BUk*-RzWwRs_4#}>If{3li>bO$6GaS|IRO@s zpFt4g>;#mqgjW}*54-K=_FO)rP^Dxq<#tgX><3@AtAbv!7VB4Gy^Wxmc(3%hg6pEe zjh5gdm0!yCwXm|+Ejh#%0;&kh>Q;(*m7STa&roWZ6RT3Q=jJrsUZG#nUb*P33P8L>~f0)*JZ%?-ZcpbW2X@vk}?5wra+1CnR7?p+!nGWN}HG?0Iw2!7ql_CJmX6D z%BKfCnXh2Yv|}cm=LIqe=uH5ZXj3I==O1;#_7&SQGSTzzW@7rqT9k>a`>oP@w?0(V zGF$v0Sw;q0#RgY*Z|hGeZ&q952VhdaDmhe%^r=Sjv>KwG@V!{kVws4&W`J37n`i_* zi71VMik47+LolksG}Je{pvZC#N#zT8HvS6*Z3WC;sxVYc81HwPvjLJ z(k9H2jxTB?QzbPl^s}50uwDSTI?cCajA_HOY9ZnJ!fplCvb|-oUt=U&C9j*?%|cSR zs-rGTu<}GG{hiVVxkFw-E;U}rcu|7yg@kKW&@HpMvpabqK+42pRiG?7(^(EsfIZI! zuTXR@6ZW-+a$D(HCjNsAOB+$2fP8<^K5F8>^>%ji@!z(4JKIhChsStI*oSC{9TkEo zBOHVeIuecx$LN(8xP2t!h@MfOw9K5rP($Smgu9D<^_>V0(`%{Vo1E5&Xe_D4N`W)* zb$FUP6v)lHQ+@>t0ve~+CWMR^6&I(S!bM|=b1~f%X4ss1j$os-SaoCtz@;E(DYnlN zpNQ}Y5&x^d90&^@(iXy@2VUx|kKVQ0@6j4+w>k1WhZ6>w0wW^m@bmui--2ACmzyA!<<=u)PQEq zv(&Q`{a1&0iFje&Nl-`s_xAU4^nY)AyNUn&D9=(7ER&{R_Z00{GNr!?LthYdEl+C| z7Bag-rcVZvsnIABC2G4mfiNW>S)Xq=s9TpZ6qO#4M&lE=&gf8A7HJ)|=t(DAT(G+K zno_-s{EG|L&Lo-0JuUIc^qKhIFW3i96lK<;^}PHey1z#U`WG)+ zZfB!1%gpz3DA69*8|f50CDLID6oLA8qrx(1XVcUP=f(S(Q0mnl5A{G6D&#?|fNnXk zs+=4aL1I}+75Fz;iZ<1IYTYAZK`Z27I7|{KjbIH!Wx-nZf4_v#3ycvqgfL9 zhM$>}L_V_E)d>BMU>-RK8xSY9VsA=l5~IDY{xrq6@H%~$F}apl9`5ZpG>G|Xlbu*U zqxPZWkTC8e9EQG3*53h-GS&LesQp}2vo3%M%$NKpWLY8c!P|=$)^}|Kf)cYi2@8zw z{ysJLgE#OZ4ZYtkOVo%%FYh`h8W4!(yj4Vm7Y6@ocBngJ=RITl>ClF4 zmAEN_ETh8oxdU0X{Tk{ef#ON>dg9Y0cWI2joNFHcE^vbGC|0TtuEMc@cS%zleYcqaYa-CiNy% ziZo|&lU`%e4=-pExE!4jq8vS%|9Tk|2Plpb<((?h5J^V?!sKM_&T6IS z82?gY_MJ5;D+4#H=-rUZ)&7ZSUWUIwn+E$_>-L`Z2rN+!4dVE!s%TkO;S%;mA8t$0 zf1QG9IRQ`&{omd$(EqLdy~h6MQ69mY0+p!A7`wTM4e@54%HuF(9Zl+w^a}baBujbQ zawu1BXDGi_Y9Ky|f;l8kA1rO)nw6DstCym2ru|yr(u`wg^3p&{1!9W1!BPa3`{tx1 z;yjLUOvcign#o`Jk;M^MgjcF<)ci`gjWxp`KQn|C2Jv0#AVTWCESu^S(C-R>g1*6= zK?RdDAb9g1U=cU}LOOYcC!52n@C_i_=o8097T#To)>UqENLp4(puTAS>vKQL@P8A6U7s*!smKuva)EXC|L#`a z{$r=x-2WfvS=4>3k~uUzLh4w=j1yLsI6#`nt!Njh*63&86h9SvC++P{PW$LJ4M>5T zTbk>U!U|!i@m#gu(8_P|S%&_5!8js}EouExfB*0H^8PbVvjKU@bp9;Jk0(XGt>@9d_$uvFBqqm=|d9ZUOO+)s4U5ey7DD4E0Eim1VYJZ zmXw+?aps)}*vrqn6!)K70HRPlPY{wTGv{t!(fIt6b1|!e%C@p*7AjtWsQ)A%^QKB; zDGufe@MB+g75f$0I@5ADzP-7ELIjBABssJGNqIbAMu}kl#Qx7iQ_P9(kQ_8 zMwyM4nQQYyF7Qu5C?a~+rjnVRo(qID#Lg8_ajVluQjFIX`=O+$4t19yLgle1%-9ZA zIX29JJO+#zan@)q$`-`2ViRnK@oQWu+(ZHwU z3}NoL6FG|dBs zq}Scr5q;c?I{fg_H54Lbe!J$e$6DUHbhyKcna%by7&5&!W=LRgG8o^VhG5gCz)M4Rh!OyH+-J5z%g zDEmV3^t%7dl!^#;b47Tm?{dW$2}+9XW(y6I(TH&3l$iuN8fA;Ygbd)aFmJBlZ{(9} z;c%?VBnKr98Xa1D)-Hy({KPILR+~{ zuvEnFnB2yl(B}&zW15MtF>@j>j5DuqE#m`Jbr{Q*nEK*_Q4kWAbbb%XSpGToM)I#P z80TQS#?h>5xYDVI|8BoJKRHJ4de+|i|FPQ!&eRf$2NQx_5}}_di_sI#=NhH>CgAX* zoJpuLajK~hGl45$1UntrKfpF`ce}<^-dD9Q(i5%FvQdF0!@-ukZy=F`$BN5w2J#xqVv%J{g8v8&%x4K=l-Q7Yxx31)Nw}-a7 zwZ(8SL%Y+eQp1_Rw;*KVokN2-qP|%LyRKR}`uT6`6b`lLFw7@O$l{3Lscb~h(YiLE zuJv4Wh}vN?^gX9-)>?9XbmlJ**o2dK>aV&oa2TE^!?&;|+UvO&c6+^UNu?{w?o<}; zw>$V6$2j7}`)&1iW@z3BZK!jISA<+-=>H-6>HpXp|F{1;yK@-3`#l`raT0Sk_C|MM zFuwB~dgmn3-T2Qtc0K0*{dqSHckbwTd`HLEcQ<4>-F&i{S?KS-WV?24cIqDwi zDgF_rI4{o(ArG0BWr`caX|dk7X5m#T6)eH0J@taaYwY>J-2nXNn|yYK+UnI-Af>hO z?b`t7y3f3;2cXbIM!@t5P0bov)q_7v(tk#rB=X{!AOZ^tfokagR(GdB|F`#>_#cn* z4W9BQY99bc&9sb48+OV4Fgd z7#$rxAH4bH`0VWD=orxmJ^%U5udk)<GQ)=`Rn!Z#o))2*GGf%bVO_^HURQ5aC|Ug?jOg#giHWP<2xCV5)1^1T z4UXKy)04DPS!`VXm0!$W3r%o3JN)Iz>GSN1(~~1({*vI3y=6omj#0vo+x0X4_Ar>O z!|D0b3zFOF?@1W?WJ-b<`!XbBRnZX>fw`)_t8`aql*ZuO1?g@Tu+4exrFW9+68%2KwVC7S!n zPDWmUeeX{asXo#d3wNP-6QQSgMO{)bxG5c9T0AwR03(xm_B2K=AUL0d$WLDqW%`Bc zq|x4=B-?)e@@p0rjXn1-^Y1A z(fO~k0DP-#fDvqekpTHBB>%Fp_>CL`l^F(B%P+9(1bn?Wpl|zGhW_Wg{}=9~hW>YV zcMI{K_x2k3-=jSBfg>uMwE5>1eY8b}>c=GU!qxdri2q245oj&%M3zfPUJRj;a~^{_ zcWAh`LjuQ?Mtwa_Hp}n-GxXeKGmXWBGG8W|YQ2Z1#c0(iAY&ewfijC{i z)g7c>oh6M$IB+5V`|D(icDnPLnU}J>W--cTpz?VaGmZ9|6oo)KoqOleeJ_``>soY)(o$^pEj*!>avIB-bRHi0bZ zCrt=dHL*rx3YzS@(ss+L&5K4+R_`1H_GkRkz=|E4U&{hN)V5fg;X|Kkwb-k+30Eb_ zZA_v7`zNPzD8`F<(3|zaTDt!g0sEQtc&cfd|nuG`ntg{TZ|$sJW}zCae++%%#-s+Sy=stN**sud`*=ii2u zL181mjG1Jos`O@^HOWK75c?7@w9T{BvjYEzg}8WeHn3j)SIGar*K6+okMfis4^ktb zG(k0?8kMf$6XpNR!St!qfqnv|$d@VlgJ*^PFN;3d{@?2D6ym?^?d&)E|1qBO{r^f% zv61`NvaAddNEeLl(1=h5Ik)npK{mAVO>#bXdcT!z&&BFwsKUpX0N25qUPx8hat=FJ zzM`L;#V!flka~g2HSYy6iLS9f4-cx$V$d@u!XdekVOms7Zu8~5zDjH7BE?N;pg7Gw zWSVK!-UrO9LopX`76daT;QXOR1W@knk|Y4rb(@;s{l&%F5W*+fC-vgG+!qO^h0vqM)4)j%xMzZ<&EhUJf^j0f$YI^lmdAgOj@_n?QoZvY#&VFSM ze+xVP-QS~zy?n4|8U8Qk^9BDdocb4@I{EMZexCo^+1qR6KacX{?!tU>UqpCHZfJC6 zihmwDb1yIpytmI3H8@HFn@x1Y;D2*aQ2T=a`!m6QJZbA#fl1^av}IJr1x5v7KqsON z71_|CE;)FzaWf_{vMdoc)`|!VX}}176GCoaOQ-Dbb@`9TBMkM>lMhMc-=nP`{?S8s z2;W?x_0Iny^z+5VY3GAH>9+3IH)Ut`E$~AdQ@9LngTc&TUZ?r}e|j=7_rIN_lKWpd5BLHiM12l^ zp<*Ib#%2<_%Cdk?Yeoqw3EU&&_LN5m(toXu52R%*4Mn8=u7z0YA{Ac={?Z~P!QV30 z68xd!EWuw~);99m7n|1P|0{)pXq5j7@qdm^Pfh&SourNV|0=IUHx3Z-IZgl(A)ze( z0YB_MYwQCUkzdwlup8|E)=$BkHn`ocQXNQ6CO~o*mq{cpWAfSn}y+BXNdSgwE&am8arQV{)!A`J+35H*Ibe66R$nfdYurfn}r^5YH)yF2CtLqzUPP3+UIN^Mb8JBq1>4j0!8{>rb z#$Evb=sZQ8E(A0brwX^nb$$_rx%T-L+en&+Ko`x~muv9#|-C)E1JrVo+zjXlP9);D%CkF0P0*V;or;n)io6kT1upq714ozNwgEo@zu z?YRW^c>Xy2j|D&~H(%OTFHOz+|ILf@%U3V#xx027_51(q^st|^{|wF!`^RSg?;`D? zfAD!mKM;S8F4){#);H)Xpb7SU9=!O0jFEEYWGsP0#h`bh>@WMmJw_glVLa^}Sk~Si zx_$ZoyL@9=qtVC-0~-3oV#f*cc=ZxZToz>cpqOZ$wZ#Y!WZj0UAjDK=Upf0=e~O1K zaAc#=eAyKrM#Jj%yIshgX0D{@ZQxbWw2(jbT;h|2z|UHhE{XhbIVV99_WPfUF^L0`5X!PdVE|C$n9|Vka3VQsIzp@t-VD_T%I5uwrZI*| z#Q~Duwn)gD>`cHYAP;Dc{}aaOo?ihi>s)-`4T#U|FLo)|_q{uU?g#dveT2H-q5DI- zZ}$%}5wUT?NQnvZD8hl|1*|7H@y0$uacep?^e9yb>x~SWogs}sE zF2hBPV8RwKVCn2&KB(foUO3SP9_r$qaQSF+kGTcE7+BULy2ebBPIU0#iu8ys3CGxG zU20B`3Jq-4^k_YH+ox6Xu9IIYX+5HmeE2YG?*Hq>d`x0CB>{LeH{~A<8Y`_DFEna` z>Kvu*T!$`7fppQ_3%vPaj#5a?JY9k3uR~ciT^R(=Q59YI1JJbyN-5iru9PX>Br#6N zbXidqTgNghq9Siy?P&B7b&_R7Iz!ZX69UJ68@V_k9rUS=UZBhO?nyu>y^g~%sm+aE zimV9oB1)13-h0;3#SY4Ukfbw2A5n)%$c#wcW%McPFyXp0L`VI8AALd{FYpo%`blQK4I>KEv{d&Z{PO#@MVsbl+37v($+Zm!kpLJbqAja-n^zaeAky%^y zaNQ1m8UbB7>#dli%AqxCc0PcAJ)zl%Zk#h4Yi|DP6}#E zqefSPr%k0KT?w9|{n4uhP0*OI;~9?Q(Lo7aXLjE{T7AScy6CL2H*t=<9}T>{6X zfv%6WJh`4OJziIBEswg;EJ{HbwQ9Ol1ijVB%h1IbU3Dq+#mjt3Luj^4-;86yJu)6l`>_>hXs+BD+7BmUx^4io``*!GZ zn)dV~kDbESm&mJT^Xj^su5HX?HacZVb&srh?7A_@h!aT&At=#UltugAM5=%r z8U*Qd<)bgw@QHKR^|(Z#NaV`&Nf;vmHKv&X*Cq_;nuRnu_dQHW!+rUYjSYoYATVW| z>$^`V>XF3hv3h7W|3>5G1yeQ=(!rok*5`hv6kYKmO|_#DyrNlGL=<$j;H#1zov-fS zgM}2~m?(Rpdw@3QUy`mbjju|&*gda7&Qas#I3!Al%gsYIboDk+#z?wg-PT{?3v{tE z;0sbg*SiiV_qyZ*o<~08kq-7d+t>_@iCp7kRz-12EM$cdgxwm&BqD*!{z>jhyo5do zTei?O+UPAMlZDT1d-5kQn4)(MUok?h%9Y3GKi{D9mw#6cvg>sm`aX%duAdHjy*nlG zbg4I`_S8#ei?Qv6J^Vns*dKRA&$^B(-J32vm-NIBy>#>R_C)&!_O_TyQoBrOQdoA`C;Dor;#ucFWu zq6jEs3i&spOY@*N_SL~L7g zjd3B@nGtv4leqSVUbv*+J)=k!Mf+hgBQYa5KrXift#uvH=qiZ|R<*v~Qi4?WM7UhB zIiyJ#6XfCqXYy|(wB_TB)d=6W%Lv9xD}we%(Y-T5VT?vve6rC2&;>uOo(gnP@4t0) z-FW}a(xt}C@v%2A@ES_yaU)ArO(>yJmaf7) zHjUS|=+Xit73+IM*V?)g_uqN7>5=h>Hw3#s$6i8y3>?y$VHD}AyRc|tn{FT{<8_T;c@Ran?t4HQ_-bo+394o+L~-Bw`ze5A58T zc@e@10vFUpgdV}^bt`n$SeqUZ%i48V-YyWM4npopoU=SVqS1Ikm*eomTFT-wx=O80 z&2%Mrn#n&J*hd31=WzD$-SIVrr%m5rNgU1*PKT1O0~_5C?n-xleTCf6p(qT{ zyBDlAp^PrmMX*DGW$wjfLSn}3ds7my+aYmvl?9Hx-u=KHob~odaDR_u-fZ`N&~?I? z9KcO&62^0!AeSWA^Qo}(2CW4Tb`*UIV=I(9&67e^caI*l58!N0{ zCmqO5$>cGiZ%jf~9=k447bR`(ZFIqJEJ`Jb1V@qG(1C7iuV*Bn;Gx%QW#Pc(@;>;; ziQcwaYw7ij)5PC_RNHJcow~dr@)&EfRk*8Bm49|tD{SXnA!?iLLBrLQ?E(2#Ob=`S;ao{L(DcB_QPPxwWZR9 zTISzq9@zocN>TWzyh&5Nh*lWw%l$Zu!^L!llE^<;kJk$|Vd71^S_MuuU8-{O#}9bE>%`|gfp-9XV@xTDtu=ZpGY$xb(#tt7(at( zI)EEUU7RlYcEAf7G#ig{zdfNSioH3Gm$l0K4e8Pms2jx_aFTs_d47%XBAJmO@tjI~ z!iH+E63F2yzIr8J@5OmyHiC*j;5!K0|BD4BT_ftbR*<7WijktNRv z;Kn06BT{Ja#_gvPMycTYj(a4 z-Igv!+o9`at0CibwX}tAg|6!+&pOeLuDMT*8mXI|w7n?0R`kTp&?W2>bvhi`j21pTF}m{}ylL#Yy}M_$D;jFEl8bcJcns(1%Ia-O>FV19dvLO{DyM|58js;TT}>Xt z8}hFVUDq{U!g;!y+=MsOF3kncU8z-4-rrHdr| z9aq_UMsHtV{r}&-c>n#?%NMWDU%j{~y#Tj5&@*(U!c&ESk-9&@qcY)<_~5w&QG#P< z23iVD27?D_u1k9hc<@4d+Pl9w@&d(c^0Zdbb#o!b>QO0OpsQeKbvRLGP$^1h<}ryE zYe+hkbSXrUKxej(h)=STb~5a>Ko&~tF6-q+bcONMQ`7l~u3Sk@7*BEFQ5dzSOx}N( zc@BTBsZAuEg$v(J)jDlor!~?w3H`L2kLYDM^&IRY{+X>1PL3S3DMUQYiTP{rutvIE zkFphY3F~!)9?`jzc=tHrk1_8<&*ekJei!SFUzCWOqi!Xkx{)q$XMOAO2V@ioV_y(# zFbI#pa#Al0vV?$AlTrNkY8^?xk*p>?Jew^ZD(?4_xgjxXFX(`^XIu7Qab#|5L7exq12G z#WnI0o)5f{vF~eFS9X0N0ir%35wOeCKD+pYflJ}m0=15^9iw+%bnDZfNbF5Y{e0lS z09|Xm;EoMq))slnzQ>m zj8&1p$k)y~pAlRCy~^F}=u|;thSz8`ey^B~6m@}KNmJbVr|QA9~{VDrc&;ByKKC3WC|MbJy;Q7@;lsp?fpE9#alev|B!9Yasm;uNtG z!K^GYECSfG?ABc~e(Y3_7KuI#eC%QZkqiiS+pepsPH}NUVR)+Z;c5aPQr^TP?$hGF zER#aSy6eKa^8%KiYY>zT!$v(uR4G9mOP5$MF9En&BkZ)LTmRF$7X4XZ7sro~#5 znb#b)a=y0GN=wPr*V%q3t&8;FkFx0I$#0`kzIk)2Y$bVj|b0D?5>#uBPeKUpvZB+tt>K$6TE4 zCQbZf&DhtcGP<}}TYgKr;3BVl=_umGSJu9vnkY+GP^pI3UPTLnU=Q$1>Qnwi3Oo)J zC#L+iCp~jyF>g{i8vNpch|jORBXKhru}+RE>AfYiWUJQF3ujb9XtD#s;UwXYna0?u znfa16z$6bw?wh}#U(~37H(UcimpcAxUzT#ZC_r=ob#GEo8+EM`N;`S46G0(V5&pLZ zXu@Ck=xRrZ4Hq~>H~6NcrbsHyq!w}X&^`!Mnb~;CS`HEvhv1V%;<-mDZ~{!x1M#^N zNck9N=z2@Zc@&+;^QvcIO!njf(qulwj|W(4CB&*YY=yob)K7d$7kCq~@qV-LtLzLJ zM@`b}l~;evRuNBR7#$Yap#4DZx{_JpcW`9@uL{MyVRBa(iSYVVX(O&gNg!5?M}K zO;oWG(rTlLZR&RwJ_LS<-Amo*SLV@OcDS65!9JGP$YD!R(;xR2f#;{t>? zJL|8pCu`{{xG$8^Rp+>{q0>SYU4Nlbd8f4DDm{>t7}K2-kc<{=d_n5s_ClsJrqjZ^hT4L$Mhu9 z2J**ry>UfDn=_z{Epprx5I@9&4|&#uVZh3D*iz!i=Shly8_^7(6lR0f0C@iBoQR2WUj1Db;mhW@s| z%{({|KG-(;JMqH@C`iLOy9|ou$`%j#5cxO|IzK@sfCL_5QDRMTeIU`lwNu~2t&$RGdmIaR;cW`)goc&RRn(qwJKz-&2SUkK^v9AJ5#iNKva^kV} zfm&rw%D9BNUJNmMmiq5J(7gId)Xi!cYGr$QB5XD^kU5nVx-`Kl+R`3+LncEcA6QCm z;e>O|Poj4ya!&)2T)9Ie|BeawiAuku_S&I#UciqKL8~}Gz+GhfF@6vMrWTaM?3O`- z1gK$u_tHy2Z;oj~Vx7obujS79`}xg_)8ov}(H`PB(*I68VGIMLUZa6o(+vqlL71SJ zB#Sse|L^9<*J2|4C2Sc@hv>;{Y_|W7DLFkxByd7@O2L%x6MJf-e=s>SIk3(Fb0JdL z05iY_62yhRv~l2I@M~EkqIXbt z+8|^~(#C+f^YK!HU|HhB`Slfd5)gL}4(_4ekLEy|cgK6bdC?(4(v#q8^?un|>T<0(?KvhRG0K*fTJ z?EJW1Jm|Sze3)(>ORf^WkUUyDWUS$@55H$kr{g6yCLb!+#Mg)4vqsqeWHV~uV24U) z@vM`x#TOdU_D8KpH8*HHW!pC&r-}W>?{n#MYYF@kg|6@#OS6NQqd;PD zLkx04Vv3l|3NF9_;nJFg`QsFJpt_)s1v0Ar{cNy6^3|*rNM<410x3o841b8dBq4#t z&lT=(24Wxtrpf4dZFIrCFy-dURV4&3;z9*1gY><%bm#L}_~#N=xRE8MKDm-AGx~Q&jM_9HP#kW68?y zp3&T?Jw%UP3!!(mZU3Uqvg}S#o>BE%rNos@?UevxZmhpke2*r4pU5ciY?GwR>M2{Z zi|I_9pkjd#w`~7dmHP)Z?w`C{T=@pF_y&@sYP$!u*gZ@(5Oxt8y`{qLPYGfxhqv|A z;=){lWq1qS*Gfc`lY5HOD2b8bA*5YR9El?x$7+OVXh~3|jB8wO7FkQ+Bb}rz*p_vp zbzGYa6s9o&fERF006$qk>KGFTvz@FrDbF*}DvDz8 z_zfnE(ck0nfu>&gZ?6stjq<97yq2_0j|sM6JVl;si{}}_Jt7JDRG|SAM?w6TK9*K) zCUZUbjtQ6fi{G%*DB? zQVfT!=J zpMPfkKffSxlF6XW1yB`^+4W2^u52Gj;Ka)aL}p$XY|-TZ6-Z5dDx2!qw%y76;Cm!U zYJdDES!RE`PZ@k})-ZqQMnxE2;(AGj<7!XbB+)DnTQE{fSt_6^hw3`O05-Un2R`ApQ^2FAH zW;S$EJA;oCLX&zi7DlD3k4jgLiY~*d+0u<7Wu>~DiEwF!`q;UHzZaf6R8u|>@)+@w z8Hp_+6}1W>7D|V6iF`jZhIEP884UllWrl3Am@sZnx*Qp8hBeMAJ`7QZ5!bPlg;X(z|GRI0 zbC5T%-aVtruea=+9|Jj*x?#^#yVC&um`wj=&lXCS+b-Fy@}LT`q0PH5)DHEQ-Sqc@;a3BK2qA9@u@$CDe&MaBm*+P+yA( zVcnHi=yI z1kq=O{jW*HtF_Uv|4;iT$NBw#HaIo=e-~*F2|cUyHevVI{06fv-C6D5=dWINd1U-V zxG%8`m&EaLOsXENc!9iG$uRWPwyd;y?(eTXogRk?_v%fzB3He!O@|&ZMJld;s)
      Dh!l8}!n)_FfLUF9#>AW3R)647q^-UWg;d4;N{i>8C;s<|1J)`d3v}lJ;d*~~>8utAMLp4b9o~?yq7+vU-b2T(7fk&n zo3jf&{IF$B{cwzZaV{plu<_s8KT3pqvv|ph{fi0B9TXMoBPIym_f!GVqlldZ9EJlHGMbepD0j=~EXn+aEu&Q$C{D zA)h|k^xlzR;v4{W`0*pp#|ZoM35dE;_V9V=f_%i-fxbo=zvOE}nJ>ack~;Uwa6aHf zm=YfI_;;ZSFXI!ob-V-x3*Wa8&-NC)^E+~UXd1BYX@--sv6_VO1CCvUgJp`Rqt*Z@ zZ?3Lc@xkGl-M9PpfLAMu!=C2sNm3~45QDF;BHbjspyZ{}8!7#3ZX?39alQcCNUVc< z52GJ$Z?A7GBpAFuslb=*u(u|=lG6*wKt5t{}T0>NlpdV z=Tedl6{1^hSL(L34By`Hp0^_SZAZ%`M zyyT#~Bu-$s?#NPmAtjf9P$*8qMZitlEdQk!i*?W1QSp8`pbuEr*p3wdJNc6j)`%^t zk>_h16B>p5kvyYH>g`pN--ExsX!DLNGk-hyLeFAx-+E!=;fPfhO5d^%(Z^3b(~l89 zq~LI42N;j-#6^ZsunajV+9f5hQ0CNw8j*hP4bi(_SQ{X834N~epjQ{Hlp*pqxM>GZ zhv*)zRb7#9kp3>B2@KJ@POfkV8g#;F$wq^}0j+LX`e}B3Zye)z*%g3sDG3~@&9Z>s zG#oP$0fiqoxuZs$7P^Eag%9EO!q2R|byQs2vM(HhhY*4U4-hmsAp{K&90I}J2@b(s z8+Qxt?(Pna1(yK9gS)#oy(8-$;GPB^)+C8gksg}D<1E4WY#*wqRzx{fhN!6N3^rLU8bvgOGB zvX97##%5#D#7|AjWmiwZ=`E$$E`zH`R&O1Nkszu_o?6Knvw1_n0w!20KEEn%cGwuC+BJHi%L36a9h4QfiRwu!ZHPP&Y z_TJR8loxgv0_T?(wYaSMRY|_S)o~iH`_D~EY8BE{Ml(`f%2FF;JU<;)(6-P$13U7V zETa*FR&o2VaFvngkPSnPmeHcCp_vC~0~W|fdn!%&H=O52=R688?{p^12@mYeLL~=t z25%b`G;NT}@VIFPXO!<2-_C!NLy%M>;fs5yybX#q9{xg3^x_tIqeSbJF(5Qlf`@=n zdV?eY(DSL7{B_t1;2d)A3wGI>`mzrc9`rtnQ8nZb$F;o z24Fq_YAShoD2USfv0K&`;`EcbA5>7#*9&clQS>Ay_sotZj$4Zl*Dc6ZR#AN4rQc)qd zLuRVFkKgH z9FnNm_4k*x=`5FetJR@_QT22qhu$&@XcD?#%L54cUaI&&yp!I^xPAIeeE4QzK+;? zI3#%n;dOF-BK3L0&LJ$bR9Ugzd4}qI+@ zO%Iy5j^${ZZqVIc+c+@@KYKDJCI=fW3w1NaQgUiQR@|!V`HwwK{itV%eJCp0BQiJi z(KIP%s-`&4?<+&o#TCzJ&ftfiNE;o%Cw2$j``%D;3i!p$y>l+?o{%tHobhW+KGj%B zrC$i5NquE$scoBs(qMq{b{wOjVTQ_SO1^pWgM4K@n`j2~?ZeD=yo}VH#ia5EfRs_` zdJD2<;~c#QrKi3mCAfth7bMU4Bgm6OK!dnVBfpwWmG3$8!lq$bw z_C~0kSVQ`ELSxo(ER@QWmaNW{{JXKV;2m^*|eR4t2n{ zr#gTqa5XaY1=j|A_<1H=t(4w3>et9PJ!wb6_l=Y8V8OYVqQY)=0ndkF+?~g)L^+tBu`guI7u;&}OfoX3dmV z>ZyPwmPS#Bq_79Z9;0wP0h!iU$A-(|A&U&|#jdi}7Fc#z_1V4K{2mJw!IL>ZkUN8! zH4if!g}3}|oebt=OWniy)i4P@TyuXbq}V&|hi6xXG{6`#^@BjBW6N~^#nuY> z1yiR3!~wsO$BfS;$WcYi*Ao_fH_&L#6l}1C3$KBHbxT1%>(Hi3As1<@sVQ!L5Q|eH zGF0OByV2CZMHuOYIo@tP@&sDzM)ui>W0wi4zIcPHrLo6mGRBD}G(V;_bVq9YWyDoq zPCZu8TQs?Cq!X$(-Qp&>Ecl}(=Tm*5cvhCnAkgL6xBD5` zk=32fsFgx8{y2jfs+AI6!(DjVDq9fG^KiJ;*I>n@?S4N6?LpJ5s`cI?*?Vk%hj4mQ zltv!6gDKZ5-z+tphIx=}>4k)>&J(hvlsw>2-SncZg8s6AMRdf%6p%vsBzp}`+Fc(3 z34$I<62Bf-ZQIeJpvV^&KQp*pp;CAM(l+?BUuni!EWV76;h8*oTx0BLmu(A54%NbA zIu56=0NpZHiR!(x8+415+46E~Uzp1O3Dx&?{i?vxFC@)7H#d#!AgW#48-&d!J>;&b z2HWOyk+a*B!tzmV-layCHUGIyea|J%y>C8Ld4yu^pMvGNXj|YV5u;kAIUW4A;h*Fral7BL01lEE&590j+o zyl>*9)Fj2QfK{OS)1X?{U>eld^j<_16UTHGM!>3O=F)x1900O*kG%%Cxq07QWoYF_ zr?7&;5LDz3Nyf$sUbcW<4jOlU_!6gcf|m{RtwBc&51e(4FB>b_`Ki zJiv7a71NJ3L&-`6cog(2hg0b7aQWUinBP8+i?uiu=ouBYZYY&EDJTA5?;T38h=GdnpmNziX$12az`zXTNlx?=O2T zDz`qb*l3yXd!2FnXc?OtXW*5Hc>5KfQAwl4W54KV#wGa5Hw4*EQMY)%`b^Of`_6Jp zbt`q9t}Z=Z_bjSJYDs#!m>pD#0eq6TN0=q>nK;0j= ze-p)MH)=vjj3_^>`)|Xuf&9{V-cu=xz~Skt;EWTTdazw~zcC(v9Q>m%*hz-dN8#=z za(P|gW7f?#TGw3C*fveqT>w|*c%(OYLpCav(#!ASFE@T4e+}C{XZgUd^^G_BAd9O%sY1%McO-1w%eln6DvFdr~PX_ki^^&af>=W@M)qn!4 zIO^JOb<8my{PdYMW$hhqebno{78<^cQ8o6}^sRyz?$f!mBwfMCBiB#qBJ zBXacY49MhXIn{BDz6voRoNfw34br8}e3RcJqL;}Bj(Mf{4yTK)x;^YY-P>T6OT|u0 zO(R{7lP8%(bOz@5WMR-E?Tdc#xq3q_n_7vGrA;1X$x_t|2`O;`wR*bx6r(FAk*;tUoC<>U+)DIV$xyKR0dbm7~&6&4p^t zrPrBt69~u=ABK$%JDPoR{MNq}_aD%D!8?d|%rf4XLwGcEVLi0Q_Pr<>;2-i?HUv*?@&4mJ#@p66li8~PTNwO%SIgiAr4yz2=yQ?H0uMLVg%F19cd@3X=?0n;uM((JQ zt?qtp9o;L>EZgbKtg=9>PN*KYjsZ80xPkCq0!}`N{!z!Omk7nK1E<-W+B>EgJb|iy zL*2`;4CEd|W>KMStsgm=Ls6ULAGq$_D21@X37dx;r5eTA62y-vq^W8jYetM0-YDDH z>#8-lqCh+1+-asCeW4oa4%z)QTmM3GTZ_?EeD_%yqm7pzgC0DS(X)Uxb~M?6P9+@C z@}D)|^$>HVsES;ssjkw!6iz=Q#*nRe;KQlEpW?kr@bL!;&pau*#nj3#{J4WD@n}J8 zAJaiia1B^I(23H^jh{f_tw$Jf#<_o7|GGq|g>O*ZzBS4o>~^%_6&^G--Iy)vFo z4h3fWxz*aIb*FByDWgXMlbq=I>iFC_rYjEoH+WBduwy3W+NTz8x|zoCOcKX1dA|l5 zDeImTE~BUAP6XU&C-QJTy2LJ5KNpAgT!$j!<`snXBW-O>o*mn9JRI*Y{J9O8#Q;8o1f z+b)Ktchd4WzWeK2#1;Nlwb?*4{?l2gv*n^{sOXuDBHd4mMoeI?^q zrb@YwFbvXr*tfTBo6I<`A$g4dvJVcf6xKz{y`GKJi&FT_Dox|8j3V)ldt^9531KJc z$8uftunuE-F%ePUVcRy8n<9B!FS(IIM_veL!s0z3P9aUdIV_pw(iJaMqxsOiuOGIoyZR|&b5P-ile&CX zkJVOOaP?2%Twjr7^_$_v3ay$D^()&-hVUTGwMuMC>#ATy#~%GW*yp0Mt}G837;c}8 zA$z;#VE=6gN-Z2>Y_G&tyzQFtwddlc)~5K{*!%dwB;ga&O)qj;ot~H4K8C?)rL%5> zi-AfHrwZj}i>tvi&vsbc@iyQ*FNESUp#FDkD%6F~A~Fq;cA3!AG47#@%-JDfIvGqO zxz_rrP3AP%Eb*mRMy2B1axxA}fkQz4Q42WdPDsJ|bh)#3k@!oQO} zu`RW~0OCY8xq_-A1NR#n!z=uMCFIY2-j5})#{%jierC}?$jx#e5@0F@V-^wQ7;7=? zj|K0YdRm`C8^+noW2O^;c|8zd$Ot)}jKTJW<@gxN6YW@ukKBVOU?1rBU<9CLnd2Db6a(AGe~|E>3j$p7=MTTf zeL5wDu_Q1skQ&*Y2INaQ{!G_>*Iw z?ov$|?=hAkjBVg)7$JOI+;3sW@qgeka655#rgI-8`{_&v6S(h(rBTYU{#vO;m_z>$ zE<<0wVTP?$8@``gw*kKTz8pok0frG96VvVe6>$9eHy#393g@?A%nOd(fb-vM=4U+y zJ4XM0r+gV85&#LAIRk1v07)vkG^`Zy|3vU50NBQ;N9%@i=_x|%IMj)~e*ut|8Mz1l znzZc`#HvoulY?x9@fr{%Tlp<@Hx^E|d(bcQ|C3e!!NjjKDC$}PD}={OI6zhq;9>7< zw#I+(Z_E8Z44e?Qz!@xk@!AyF=H~)l2|I)$Sv83q+!1~#DB!t!h01Ttr z*4EMNfd8+={5duBJP&;ntc;nJya6VMUZ3tJb%K6M{5O)n+yr0!xyRiB)8)VK5jHK5 zS_JDckBQ>keXHXG@a|+JUF-a@sfJmA$lHsf6<}BckzQe7{13%m27r08rMMSxAT8k! z#}{lB04XsMB;&Wx-~CJIE6cxxzOrn-3c8LQzF%Ja2i5=IH2@UxV+#t#yt!6~899yE ze`DnIFe8Vy!Ek?IJgW-$D~$dlo=ZWkwtwR}0&ssb+XI^Y^qbFrb1B!!l!SkvcTF10 zZv&JK{m;k*`#-Wa{~^!{P+rpcy+@g_2V=Z{P-{?oZ7^hpom?>nq5_i&C;Lt0A3{mk zG5XVR!4zADC*bgUo3z?|$P5X@?H5?DCjFCbr<{W*PLAtN!1rQ(TMsjTz~Cnsu$~+{ zz}%;CpE0b(;lI)GZ+razLRy%U;WsKC2bg;|ex~VI=SpYvR9Jfz?00x`%mLE(F89mh zD;u*rfD;UHuCGqO^z6fU=*aE8P#uD2t$IMh3W)S22JF%Q#p=iWV(RNqFe|aM0wfTo z{{sWTFi-I>{fE&Eb9;ZGT;(gE-sR2F4-$bK=Rn7+e*KvJ3q=1Drk9+7{Qt!C8hvcQ zkmDa@V;*ht2f~gzcK!CTf{cG#_;1*ha=|s}c)*`Zq}b`raSPy`fFti76ks^_S6coU ze$1~kpAAtVz$})4(yxIs(52D;%@(R=ffLi+IU`C zUIOpAEuZttzzcw5BH;KX6>PJ=?YrHi<5<(I22eqQjOGPAz~E+)p9CKQ{NMPJe_1)} ziWAejZ=lyOJW5Zz2DSVNzQ?nF^$bpBkQuBKo&=b?gXzfXz;C_Bd^4X1 z-CS91KGY$>NRe3X0ha#>MlzT!$bq_WlqpK!#VI%vnWjJ#x*+o3;QG5wu1#tN9gY0h&gxck^Zv%r~%S}J5p)f1Ej+7p`ulR%6DOdk`assUhg5e7fLE;Vb zKl!r19h3g_LjU`hKw^qG>;qPV~2fYe`zTHH|8-zBFF^x+#R;l8LoNI>-NG zqOSS1l7*_)%UPp{wjV%!Xg{$V^!Wo#?gq&EJq;V`;UmEZ8;+3R29(q!yx}f3J0JaH zl?9?c=dBUIxcvkbod%UcpJ^P0t483p`b~RSpUXR!m((+Fvb+ot7`2$)fdJ$Sct|(z=FJc9<(5+S z1b#92r<-e+oc_p2yUl)aoeq})9?1;u)C?aFZ18Ai=hwgWS+`+qbDk0(+)D~~N^g)K z^t{U3v645&iRr&4mIAMH4=9GSYCC&QTs}6(Ftg>|t3*4(`h+5ldrJ7!Rz_C%CzEWq zYIeX+5-$?As~dRXxv+zm_jt3#&p(~ap0^nU=c5s?lfCkr$1TyAPVQXThsWgAj(ekfe zj}HvGDmKskf?eUx2C7pLKXow}`dujn9U8s+0!S3XbAj*K|xtd>~M1 z=;Xt)TG;JP&$B5vE-}1+YA^d>pC^smKBlzQRU=2D|M;nc;Abq(N9Ke`2>x%91K+e* zb%?%bz-$cmHO5@XDK(p|!r2QNpwv2=6Hl|;`L6A=`|^;sTae=kfdVFtD+YVpEKub% z=IG~6I2nUd;us z@Z-^2iF%#Id&-dZsZmkK@f(M^)mX?G#t%tV1)B|3(mJScR*CUfek^uSYP z`n(=JP1_a+rlOde?2k}>%K0ioBcl89rwen`!W--RoT<+3K_KsR_j7|dZa-7868)g` z#w%z-%f}%DqN5~TNrKX+NkY!lIG?%OUEdVp zG5at@d}#EEFe%97IePP$nU|1xB?Nly&qEcQiIujjKZd*?iGAmOMUUuyah=CnSxwIu zZ&=3L#x`4ZD_vQ3!Lva2EEwDBG0NVTFRi+CFN)3FtS7cPC-}bUon%<2dRlh|NCzu3 z)cNHvPat#9ipn26Bn%*U;xv<$anBlGdnCcV&W_F1VMX_)RuvwITHZoqKkdBm4l~ws zPEa#4WpeN`%V^Z4T}R4W7E-yV|IFc#97VQj#L(Bb)Ou%pnDE_UDmPMZ;w^tZNW4mO zjI6z?S}G`Hj;;4@OtbyL0h5~ZK`QSe7m6e&a!*z+l~iwn)$2Uy8c%TRcHm|in$>0; zI!G&R%8rF9jdd`5fe0(G@uPICq28SZG5&eGZ4yp#?rj&YctPBKz$xpO)#FVA>RwD7 zIyNUI*?PCQm|%Lur>5GPpm_*tZhuBnN2^z;p;W3h9}V1fp19zuUerW#yK6v+W{|tj zF)DbkOKTbxe$RQ;2d!|F!9cKt&9+isXx1W6!9Vs`{T60Ez7o|?o{4cWctCU<7m#7s940rk0E z9HlAu+q(7>n)p(Fx=v)vooC@rTD%NQN0>FR49*R-CaGOg)%Tyfh<7e78xph9{AF zC3Cq-T~Vo^e(%_{tNoGZH&yMZH|IZOoOFx26za8Mt#XqY_tkr1SXH$9)lvf>ehR)A z=|jqS9H0W^?C2aH2{_o>8r=X)6Md0wR^Qt=NPWzl*KR4*L^l?=h;WTX19nnKT1$>R z^xJNpO9%y(+XrlZ)*#mjsn_YO=YEo-6H>wMMDNv7v!TXNfK^DEBu>h?bAbZg9kIfV z3BHDNXij780G2qW{V$%zS+GExg~3dfV_J4LI07_Z_KmyD10ks9z79dzZ){F{u!Or^ zwhDdA;Z-sDsXn;J(!ob&d#wJnzr73C^iPn&w0ZVr-^}Opk^Z6FREwX#Gu-A7Y9{*;mW98t_9)?elBqzUZCq7Jnx< zbG=f^^mpyt$SgM7QSr>Q3%Bp#=PsiwA|A2Z+{w41dWa`I6WNS@#H4icB`d{fLQ$e0 zEz$nX)rtivv1?gV;`4TAF*|sj#&z@caf@Lk)}X~|*(UX)=y9_VVCFsGUx_+hBF|OV8fN0CMO*-Aal7r5rygZKabbvh z-ZgVpc`S~S?s~qzM^^4?Rbl>Y^XnSZg(BLVT!*t)ui)Oxe4bi+oo$$#tMo-G%<-)3 z(Eh;3yXp=^ z7W!zWqD}E=BJ@?J>vhxM>dUndyuhw|aem6sT*2qiW?XhEof@4wqUPF;-cQCO8B~W2 z>dj4N?D1Q#~ddZ$1`bw|~Ce;;Y-aXp@`BzOu_zc*;~N z=U_x*$h$(kg;az^!(2as%-~0$& zzr=}Go=qNpS8D=Zu5E%^4WDkC{qXt(B@Mj2i3}_#fIo-Y(d;%%0dacRgzr}9%sQ4) zG^(05aXwdJ>DrXJmiXpz+&4ky63?GaBt!U>5G=z09!~E4?FW8oB#&;uDSA-$r>(IM z^h7}{?YZVF51JH0uc-<`oYVlmaj&`)qPJhQhy~Idjb#f?8Fpidsg?3Ba!M3D9UabM zO87%JiPBHD`IR8%r zj;1qJCPfx4)%O+%`w*vbas;d^i~zr8Bl!Zq_^FS}zRe%=Dg??0MI(KZx!)CdJNoUl z!#P}V5uFk^LP*U0zpsC>Izv|q! zrEFH@Kw((F-0V2`w5=?~thm`isky8kHXm_|{5O{pb2}mz1@nb1R@|w1BUYmyj#HB6 zrk~m-gy-u8^-#;ou@g-(TUMW-LVeChN=Z$j9I|ExZJH4zy>Y|J(68|IE{VmDcdomzp z+BF$1_X565O-)>+KKj);TL@RB8=*{vY{dQ}W#j}auecewO`c*AL`6Ec5+;=yS9i{I z_v3T~zlnWLV(f>}H>`xPV!iu3 z&4d8U3U<*~{!Bxva=%P!&Pq^z$yy~cQ78M;c-7fk+1n}C6nC<^+A_hQx@aV{yoKUW zgB7w*a+E@-acnuZ4Q1LG5wYxFQIixWr1BLP@-JR56;tst$w>&gCJj1HPXiUEK=4nS zdzQ-ZD*!6@2HFh^J|2+2cvo|)E04(k2$O}$`~nQC6l9b>X0kPx$D6OHpra}p;`DNh z;Won!4N^4O4B@xW!^)`fZJx}eg?4A|01guzr(mb(5C}h!??-TNEf+#{UV{w+gzMoO z;Wpwndf`a#WHKS);ho&Uq8ne*o}7cBtl+BSy`Q;5dTk~zseRoUjwyqxg!AYDy{Qpt zMLBadX?X?HBt}su_T39+cUEB;ZAOzb(YFeG-Zhtbcno|7X9DTxx~O30?0%Z}^UWup znaZNY>R)`N`BwF`YNpVhA+1#%4zPlNLBmrvD5fbCk4*%63G!bfGj!{QbE zmpv-W$HG6H18NxSETe*$?uwu9ye0BR6(gSPruYHf{wyU-eNUP`$ZXueYEVd>Aj=A- zIThiIw3d?H=3%Qurf~!>9LLJZI}e`wg+|JF4m5^so#jT7W^54e)mk@|79S|}P%wa9 z54tB>XwW{U?^yXe$GSQ<)vqN2ozj(uC%_%Yhffe-CpTjqFz$O$fC1uHzPA7ehF`tS z(=W$gzY~@fVEE&6lsVJYULAty$NZsWt#=LL=4T)Rg~mAaLJ7c0(HXFFx3@Kb9fahc z0dH$O!r`_fucc`UXoL+TF4Z!{xNLWwrjhABkYyOW-$$d$h;^AxK&E3fV{;kR%VOMG@-VhnrJnlQy=c43_*_%lx8q(l`W6al2JojkFVb?o|xP=$^kFb z&fPL+<8cJRg+odET!6@!8X-GiLBi}MTeGxmlx=&{H;?j6lqrSA;gcPLZeq3FSx6@dC6wQR6lG6fDr~ox^{$`hy zvSHjRF}-y9gKc{}i(Zpe9cP#X`$a<4Vo$K@F^WuHV7`9$(4{3>I;^(dvZMG5X^He_lmmy}=#rEaWzS zl%arse&B>^Nx^U1%hCop4Q~aQ@#hL)R*1$4T|?<0WN)Z!2xTlmS$(ri3m_w0usLR2 znQB15qwtyIz&__O;Na-^6-#(E&38#zKoodd#dv_f;QNE*=9xE?KPQ#F0IKQbrYZMLqN~ITFGm1%w;dW{w^g6)k|DewpRYZ7 z>lqg8P>)XCZEiA_DRNXz0s51RsrkZXKALBxkHkg z!!AX1z?Q&NpRq{#q&DIwRx$Sb#nhj%d-vWCKl#iBe5D--2@5?-E4)6F#qlr9`l+Vv zl??2&G)16N3CPR1eXKKLEibss6T`-lp5PP`M`9DC`!J`j2)@r7;iNA%WNTE8@zrMD z(#Lw+ti-m@m@CFcSWA_xpp_3_SiFk4`1}zIDb=Y@*eqD}lq(=p2Z|*i5~OvB>9`gp z@1Y1Q!N=};TCtC3Rj%FU?BNEL&mklUug@kfoNhZ#{&>2G;_3Q0npcZ91vaniG-%q2 z<0nD!JC)GEiAeECuMy0#s(q}42aUcsowU8k3}yA1<`&a)RhTj^5cki6XqWiXVqVLBP#Iv&7EGN8ZTB_wc$PY6n*)AtG)&A_K@6& z6LaG+`B7a9U1zjedz*$rS}zaW6bh)9ZZExmtG~WbwnKM zBgQ_wiwQM%?w>+XMxsK!E6M$tlTB0Elb0{G_hVkJO^`09`N|6<%zE_d$XfdG<usrDn-u2)z;R&H6&NvzfG=J=!v40h~gsFlof5Tqzg)i z_m`BNcZE!kJb&PL23d%keR))pLzJFw4%;7$P#4lhLPOpcu56x5vC5Z1P zhjUne$izd~dpEh4DubkB;k3Y;kfly5fyJC?8F)2SG%Z+KAEjtj=T)lla{tAx1MagT z0q+UQz)I;-vCBPUeLgmW@Z3B79+{Eqo9zAXElg7%M@{p#>BqkgJ&Ee7(M!^7W)f-|Iig|zIO(vO>tMYvIX@AlOT)O`>v zKAs0C7Gw%o^s2*?-<9f@31G#kMCGY>bInH`gcmB4Y)x@1h40}Ao32w;V@@gIf6S3D zrk6`rKJF1!q*u&W)=zuP>#AG1n% zuTNC5pi;%+rVc6ZQtj5^nQX~HeThPv(B8b)#Yo|^Mb~j=$#)$f3qu}DVF#{fvxPo; zPg1KKnyZwG(blykFOk;U38tt}40Ftihfc<(Dclu`RX7bloS!15vJ!TvhboAQS=^@< zNO2ixOj(wC`7PX94wHAp?cK5}8b@ui6C8yX=6@m~Cn(N)VTvZ{CREH7pw;4*Blzup z_*(SALAkB$QQ@@rHG7V`P_e^7TfReD_r?8}{bsmMtJu6|R61*a%P*o1v{0QF+a(=% zKe@K)by24WUx_4ky&QZsB}X*4VSX~5?83HRP4%>Gt`R+Rxm~#~hlTu&(XwQb_CiS> zYrI#!8m9_BEps-3bd)bV8?}i*aHvTl4bXY+aaH4(rA;wZ;=I(PFl^87v>sj<^%emf2TQk~m{IAB*dB5ppyS`71M?R|rI0 zZJA!a$iAbdh?-G9QcOH6&6gp{dRKI0FKPnH1*fgoc*sgS7(y;46sUzR7vB!vkhUV? zXa~P&@bvp}0X?qG=mWUl z^Rb_1I7Zu!>%RPVvhA$)Y>G>{q|d887KyAJLri*P5=m>jS2ls-?u=svynUPKCPU>z zZPtTmA=|uK(C4bSnfebha2xzK|J_!g_C-O1EfF`(D#!YKQJek=7eXxuFk z-55brEeJ%6q6xbDpFb;b%5mXmwf9l-E?^nNS>T6?rG5L_JgRZcZ4n5&@KD|i9J}Cq z#o>SGhVma~Y^?JWr=uhNuKZiHZRlxN5UyE|F5U_*W00zz4t;NeRdXDj7ow8ERtRp~_dCBOKZ!P!u{>Iu#pvS| ztmL6KE`X(T`A%++AqS3SkY2qs_IcAQ<^ehA;o?n+GWOM;pI#agxZYgxb2xBFjCyqj zQy2nXd@j#MYc;DQ-h>{RcM5Refs=CMSy(QvQ+p=r^@-xQt6hQo6+Yg|E8D!=?^O#g zkF&eWolin0BxUhWwwcw3jR(esZ_J3aKFy|P5wz0;iT0dUjxjMFe12ryt6+|C=*C_} zm9<6=AJKkFt{WcJVgO_(+_BwFW})jd)sirV#wA2Q zw>NT)(}ReDaxxcu@ITN?#Lt(zBCxwCXh5cF{xq2i{KWb?siDElkCtx*sHP8zP7A*T zalb^XN7d*#fBkgUqyyrN6OO9!*ryLmAbw#}7iU8EKW7(wmi&;iCl)w~mq*-}Gect|)179D+J$ zR4`94*$Ht4(LQQduj(`AK2L25N15!sef))@>e&%*m?tdA++G!>ds4}J{oPQ!a7jos z3=caU^}P#Xqy*|cSXQx2Q9?W=3p?a(Y5G!d=1%I^=LATzE?A5*-7VI(9J^7LMiiS= zMuf*_D7d(;!RXdC23C^bj2O;89{CoQu1iMH5ZHKDm5}6e42g@xvh^ zYhl0DW(r6h*>Q~KW5Ih4R6K9A%W6o1Hp4V8S+Xmiw;OUPx%IW!mp*E;7#wLnRf_sT z(ew%%DHEKoaX3W@C&MX9bKyD{vG^qLOZO~e@5={KI%p%Z3GU?4I!$^o4_Mx_u?jxS z;tegUpO0a`#5fbJw?AtE$&a85JFB3jhpzcYS&}Q=#ZDJ{K5?wVO95UfiO&G}7H{hNTC~kHhtenOoKowIWuhsl@Srl^xYp z>#!n>NHV|;gcWWf{!0e0avit%BMta0^2+fBP=C8>E&^-E|*fR{Tzg{SamGa5PHeXVgj_qdv(37UqS3 zM@n89hko)pCRGp3hM7``JTd*fZ`n8HpVub|BHDfZcjhk7^PI4hUCv8EJav-qaxGGO zGp-J=JYd24E`;ijB0bOZ7)ZPK_-qiCKBkwx`B{eqY2X895&+w4o_YVoXXZTs-x1yhxMq?98?d1%f(Q#k zglW0x=)Zd@3q4r+z!&SE(kXJ#%iHE|jbid(JX7~^_gdmzwRx8giEbOHIWAYU91wdQ z6|Dc<>w5TCJcE_0Bokv#rd*Kts`MirX%O$dd75^l(z1vEzIfTU1rBDlZEoHy(R~wM z*O{c~-1ATpX!F9MCBdr4j6yrF`^7X{1?gO?C*|3j5lP|RXj*gl*+y1c3zRwgy|b6A z_q9&^_%R4W(l5HOJZ>MNSycasH;E!Mil)gMRa>dd;LS5`fMN-0rg5j7ccH|%7;2CO`rSRDFv&nBy>xgMc6~~4rlZ< z@D(>N7Z-QcbF4Qm^-5Y&mG`h;!OMQH3a6TS$zDD=#gfW);$1!FN&hmapC|X>pqt56 za7(Vb^K_}3d8_I_R`pGQJS=Z}a+ldHWS|vSs3i#ivY7AsduaFW+}BRflEi#8 zBr+!`e=Vb0#PXbssVPdO>!#F&?(J1!{JY!d{x*VZul7)QRnblcr-=AA(TA3T>FV_K zO%E-3V;0wPRiw;%MLuRJZ4E~vGJKzyXv()Mkd#p@^XJm@Z{DkGmXrZWfWVX@* zEhjdzG?LGQP}xZGge{Mw4ygp=i>81weJq~Z<==8^X+LS~Wm`I(l@R^Pzr^5Q`q>U{ z=Ie(bJsCM7zXCs)0e2&jz}@vdEQi~uCg|P*uf=lM_TgrWJq6C7mT6&o8Q1^KoWPP_$19H!qicuFC6ljJ! zpV;N(C`Z^ubc$Gao7V6hYvJ3iQ9xl>4l483XY^0Tp~)AYmNgdTudp6jD} z8_Mxz@GWhnqvK~|a`iL2-h#K=%`crI#~iUpc^2KS4eazo{HPpXM@z~&{ya<{Ye)7+ zhT{|7!{pkMrBAklC6&7cxQO-tyr9Zce)lCyUP#jDRWG){k@XUp<7s@isingzL zq$&}88i|B-YCks;#ifB@juXFoY3lt|p3{b7Em>V5yu|&~psE++?k&%5F+FQoH>B3) z^eX0pWG|}BezD$Ra~|(R9#S9IDmFWt%HzJ??K_TL$S>XB`{I)IQ4@h#Y$bmFwKeA} zbi7>k)E!5nI7MfwmoYTpjC8H`hm-DG8DmoIj8^XZ9KutIw(V2s`T^KT6kFkCuCu(v zWRMob@p5Z>XtD-RrrxrPGfIo-tX0VM*5l&Vn{vMB~dTgeI#@naq;)v{cIrVF!kwOz{s3D>beuLwrPjf~jk9&Gk@cQ@PH^*N22 z>pRmCp*WiUZlO9qsB<)e0SE*#g7lV_?8R^~EAbd;f>bh&&nPx;ESfAMmNb{O^Lpva z==UJGb<-sn)9i@Y;zKsIywhJG3*IZw{2W9ZAb5tGTHsf!Sm7wB<%NG&Q{Ca~R@{M)9JrwiVdfRtjD z7s>^{w9PUr+?L1}zN1$yYnA73aaE$~EBRhtTofQCUtT;gKxZGNo_uImqRcB@#7(c9 zq{Ec0mUo$u`@V%5y+okxdu z1*S2TDS)^ipxT%BPgFu*6auvjFLMR%#S$GD%OR7H`4>A-HX6$k=<|Y2d!t@|!`tR+ z`)-;P%U3V6lZ|=Ip9dS`jguDh&E@m51)j;2Y0gPp_qD5QZ9S3O$Pzj23u6P%%M^#t z#4FqtS^T(V4jmeEXr!}@SqB#nNDj403IMx#Kwk`k z%u(`oXV`7Zi@g)1GKqRRv)?v(Mvo)J3ONm)m#~r@vy9Xy>VN`v>pKNoZI-6OL`}Eg z&(m84<=*Dn56o!weIcnE`7zWQ9M8zd0+Mo3YWM9wP8;02H)lntx@@#oK^+n!)0~m~ ziu*)gbVo_VpysZkxT}iqc^NO3g-L3h`D}${6+q7Lf-u3YWT>w6>LpGJg>H$rQ|HnA zaGF2dTllnG?|L%<8{H+AK`|M3*}<^u?Uh&sD3rXONP1{7Agy(5BOA@Os^el|a{Tnpyu4z30?$S~Cg5h?`#wsZT z!G7DE^ETZHqLZH1>h7>5?ZdS+{uyX$aZ+3bUEJ@$a+~yOK2BOo$I5(otmXZbR}?kq9Qm z@gQPKlG@zvdDukScw@pDs+HJ?JI`irJ^E*LDyw8k<;J9EZyS}}2XV&npU_4en^5zL zBo*9!1DGq725A*q~yj$nOyr5vh?~15PU-2uplpk zbNxCb)+0CF1W5rtccT+hk_k31ERg;K9+B^wY$x8PHUlk_lI=frTh=)ZXcguLGVFad z$FNb2CLMpoG3Q#1XAF65y`l4n7-XC9)%3i0tzOpl2RWBdPmUrFp75&gSL1`gdC#R> z{_|D&5h<_&V#=VfoTGzQ_PGN*Ks=2>UrNzQwn3|ecUf}O5l87@hK8yww0gfFhdPW~ zSU@lzYdqf(ErlNkQF0`!*{oEm0o~&QN7-o@o0vR=b;IieV}0ii&Kj5owxF~uiHvY z_51OyTd*wMa&S`OABAAIW4}?tGTu~~(&0Ms&hAo*jG)wsaRwg~L6u^f@FwU{u!4 z`Q)znxlGL3zL6#-O0E4~@3P3ClI$l!GSJ5XD(Xqr`Uhmg7EzeH-9ajpmlDspY_HDc zYk^OG=Vx9LNQuoB%)Te7TU@sjUv%0ON8*hQU(a$hf9a6Ee-mz{n7q<}6$rmQa$KJI_Qb=$#nxZBKrwB*V#be176QyO-Xuj0aFAd%DTfcGwpB{nu)U3E-XuN2+ zS&6#0H_EK~JqP9|X{DIK-)wmaglyZ-kSi}=_5E|!8U&X< z4NU7?iN$7qbb+5EnEwanfj^bNbK~}GLdPhTlNMI*b9EYh_NR)W5>vd?wqsc9;FsY^ z134m!dIMM(f&T6!4@`#maQujhBgGR~!raxLT1k1i?nv-?>=zIAHvc%Le4=WmCO-Ys zX`n>p?X$tRV(_3I-g_^65=6ITyewTD$R%{Bn%xwFQ-b_)hEi!wB~F_^CMm|7tLG8u zF#Epgeyyi_8pK)6m*6@4E1Bvox^TJn*;8_JUnqNrTsR+2F9ZBT$;wm zkB8IQ^lH=XqRSQt++!;}p%rv*wbKscdaBsi%xvy#X@8dvqAlwi*LYcf;K_Mg#kVB5 zFZx@zS|ISCcTcVd<8(P*ZDD3HQtx{Z7~={wwqZWu#P6BUqY=l_w$dDc6YZs9H$U!W z_*~f*S31gNf*?CHQx7MWuaP_!0Of9G(Xpymt`U3vxUoS48E1K{MzK!-kB zoKetP^5!%8UVypZou@e-ph5dVJVGxa&+z*JRkZjaEConFxg#Mg0PO|hUoP#rv-r#c z0^z9lig`dZHxT4UdIEt{B>!pc^skoSLu)@|>s>P>j0SzC0O0+Q`!)JsUatt(p8WQm zf&6`qs2X2$0HF8nGDFEt@59b;)zmnFI+h3jIXq6&>p#Pq=fCwUNK18`e~a&*kbC#D zZ5yr_g)X7a5WX&8Np6Au`}LS4)_+qG*H$T&2Pp$vN z)o3_RG78{$JSs zm(GNw9Zh%9YVqhBZ?cm(ZTPUJV5C0M%tayO%0^$Gd z!(&qr`fB&44^8QRto}9`8MnQL+_b;_B>M)b`O^X4Dsa;;dIkNpiuntQ|9dI?1LEJr zZxD@a059u;$w8xDa;D^%OMy54Ksg1L5RBh10J9tAne+l;w};`cF!sdISxTX;@qi@y zjOh|$sU!dYsJWYgAhdtXqahNv{QoSvI=R^|*TCOe-Xr>#5?Evg_`)&VQ-JN8uFT+L zp#EPJV9m+#TVl1W(Z3k5H`OvVMq3vGxvgMskVzhNZDz+S3XGO@3tqrj&^VClnXPe{gof=(ri!g_f>P3wMxviVpI`cAejkVyMb%xiv;)?f6>AW2(QBvG&}UK0pnI%i#?FtqvzO(W zou`~Bx%>(@#Ou;f%x{Tw9}}DoF=9S~HOt|UdZ)5WV^}{gYfMGO!YDs^yf%ypq$pCJ z2*{t>?ZwXUaTZ$s;+d*Bgk4I+wnM%^65bOC67xSMeq%Cd9q?QN@5?JuK{Ek7MbFRg zGM2d=t7#_>j8qjgx#QKsDe;Yo_D@@vBiN@<*+iEh3vm#*5Y&a}nd=oHZqK(`%gLIW zkU>ZZ-A2m%bT^)PxE(Y565c+^_CmNJFxTOL}{kiG5;-FML zxg5|_-cgbx<-&@^og6D7`m!M+7F_tjuuiyaf*=fcjIE-L*f7R!)sI<)E*r3~B z^3?`sUX8qYcu{g7Wv_HB6-x4MmJ9_Ni|-;m4DnhbD*e=_ybl z9HM*^;S6J^FG|6f8+R^D@HYr>&kh}{)1y3ItZ*-g?n!+%O~m%qr4|lQU61imR8{pD z`%+%F;(z2wqp}h%udS;Qs9XOv&Y98@zpfao%go-el*p^IXI_3u(YT7gZ-5*F?rFCbM@V+ z^dZ8o5NWOO!m6Y~RN`1YuS^sEL7pIUoRV9>Ya&0KObjE3x6c-_vpb8r(|4Z_UV#Mg zga^<48K&YTBkjaQzOqZaQo`GzHYt?s+zK-s_ozY_Ul;~-nLdh*QB!SaQwUyLXO9mU z5rTkTaTTFHW8_KXdlQQNPpFf3G%YNL$2hHS6UfFL?H0u+qGZzEH*7}Q z(nSZ%;nl|cQEjj!$&r&TCRQqECl{mqrA?t1Ff(xrdkj9WY@H|lk}>v>px~8@)MCWjn5?Q!W_NoFtKk(ju$ZOD!4QuCUo2er zHd;2J>+V_8WtTo-iD2m9_l2Cr*a0Q!M?zwwK>@Vg?5{WmvM>=tPkttp#khArI1UVx z%cX=yjA(VgG47ddu%jbg2=*gwWc_A&j!!8d)acm$ZIdwrw3#?(K%X`son4F6p!aE- z=1}%KU$}zdoC1+T-*?2_$7&Z)2C`T5uBQ;SSKS1F1LF^1hWs}FMM`W(bXJ+(CL#T& zA^`|xi-To>;!+NC|#c9WjQhOFIjvFK6nyW zml(p3LN=maSH2OGN@g_WtUOQ=drW@FqiN>>zz(28;^rQ>UzSb~P!~d=FN*xiv=3f! z9qK>yqLOuks?_VXc~M3d`|#E+0_Kj@XF^#J4mnf&J%{DqD>cpim%3m z=yds9e`YPp_5 z7^SJH27k1bUeOvgmjeO*X3poure#=ZE;bjP$6c8y!Ctvre(GlbVZRj3Yr*If2~gZwO-3eGkP>BQZ`N;eaDDN zI;bO$6?)WYgOhQn{I%^-p~c|W8T}m~S|~w3S4dpP$r7je9dLDB1?V&b<_722X9Z43 zv3$C2+xt{T7kCh%<*zGATQ?_9*i${D4>xuVxLbN_>>q9N*RrhMZ$6oO+iap7tz>Cp z!P8A`ltz+N=|@faGK=yG=|PGn;xL)Y%iE`z+jO0_Mfep;lxxW8cDx#EJVQdttXL^U zIz%FiKa4{3QzU!FE~NY$sPF3|R^R5aQD}lmxiOMO6`k&r7~MQGm`=%E{ccuPU7f#0 zy_0$+?1$urxbmnLGnvdztfrBtAXkP>Nmclx>GhnfwjWmTFCQnXC3W@Xwz-WxX;^$* zus`Kjkm|gV?i2VZ-jt$aDaw2|hyfnJw|u%WY?B-58KNYHE;vCKxTfn<>=l%+ie3}b z>zf%N(}`s6U2bz$2R-A4`gydbWCjyA*Ts%zJKFLuYHSsA-~1AxJ)Vp;hh$clVP7}x zNHH}gh`}Xq9)L>{Qg!aB51Tnhr$WqL%~OlM^h!1P@v;X*to4wLu*$t~f<<#;+GMzv z7oGW$0vYy1B;lL@b^s@CJg~L@G&jU;8}O-So8hQ*9dyz+-G9*3KrK795%)2f9DsOT?ki4jRq+EA_@$}woTGtk4%MmD72seCfpnoNkq5+-gp$HOFT5Ukx4VMt{_jLCZ!N%#}O$?|17T zLNL~~cck|J_$kdu_k(izOIsDx7owe?Hx5Gyw8IR)CRqrq?-9EQ?lDQx3Ua_6feL~ zTStirJ_Nx|>&(J!^Ri@7Qeza6e$JLATKE$rRdn*@#w+iN-W+*&IY{E%> zj`U%maQ;;OBvfvCwH{6OixSCgmlLx=nTq|xYh<_g;VohLMC;+K$92hMDg=QBOQ!A2 zRp>?<80RxG%U~0e6OddmVlY zjwsoweBTKaa-;IqsojjYUw79#NDak%s!i#UsRj6WQ!?WqI8rF(nUGV+8ZJ|P#LzDYw|r=M}_9?ABE@rS63kGW`YE_Pcd-k8XRJ9aWc1}yyyTv6+cEi^L&Wf4@Iij;SIl~$yf&dAQvq=TpmX_672q3+W}G3fI_Gn!kp^?Du2n-7tFW^&p4C3D zwS;x-9Da|FD-c-b9|}iIueyJn&T=SpTL_so-gz(8o9H}Tf|ofZ2->LO9zQ)^G@Aga zird^5IG@d5C|w8AOJ$rnbJ)mS&2Y`uU|W-Av}(rM zQqB`=OA3F8nTMt6Kncl<`95tO@7+0}fV1?FL1&^6WxjDaR3>}a#{eAjv*g&vts=CI z_Suh?WD0~`WGZ7!9T<%JCTqPeP1nvDqdY&ag&m5FvjfC0G*Lwz=w+sD;2j&U6k00j zbWr)AW0TK%MI>3-aEYQi#zu9SPO&QO`=pBP)Nf z$7NUQiIlD8n$Yr4Xh!_fVISvFM}RUB!7SS65<6a zv^spEvvO7Lv3q1dts_@Sg?DzPs5N094{sHGfK`6WO0~48DNRIXfL&cxm{huP&0c`r z#3|YM2wLV$qleM0eDhjG)nHKv31uo@VyCssW9Kwf@{?{s492L*37Yh~bk1#;j~1$i z^?kXET%HA2P6~ejk$ad3Q0f_-oo}xdmCis)V_T6I0NQE}80uVJ!hqjQ{-xQoJLZ+N zKCe3(ZNnT4b<5eTgGa4~YKA^$XyA5PyA-I_y{Jsd9n#?VVgeR0x7nyy0m@}PyJg12 z=3>+GpLgn;$JFE_pS!2Ins-*{F@mpWD-NeVqYF#NEXw;VK5?|{N!^1jWCyey%)UK3 ziZ&VsCdu18??250uAQjufB6l%##LD!PRrQ1^ z2{>-f3`t_i1N?cy+`gPy(LKszEt`yW3+PQ5Pb?%v>X%aX;;R z5U7*2SW{Om(DKR!v8#hZBs!QCvW5ESBQHo$JdJxFx)F`^=O)2I3_tcE(`qkh_bBm+ zWq?(YyRQ}g{lG9)atyupJk`3L7gQFX50kb}IAm4Vc+~#oJQAdR*9j9 z0uDV7Jq`BW4HLv$h(DNmzg0nVXK#;S%uSMM$n)y`A+Ea(^U`&iY8sYxAC*d0LhDx_ zb#|-Wgs1GUf67hfTTF^DZ5(K=Jc7gFA>>W0#Uv1tdhs4YEPb^Y_;KV%MoaK_!7#ex z65L{Dqh;oB*o3DnMuZMvJkb6?a-Vd6441)KP5z{0&zd~@smB>M}3(4nTHQSI8%&v9#4-}J>t-Z&>y0B%c|~O?CORcIFUFl&~{$Qd|@+d3b6i%EgsA zuQA0R@y>-+?qDOGrUWK;*6g{<5|-{v8sHGGPQ2G#Vvo=xkdY_F_zo{$Ij1y}e$z&! zD)J!J;f6Dc zVQyr3R8em|NM&qo0POwib{n~|FbwB!bQM_CWXpEcO;QKj!({SpjqFMM#P;Zu?8&=V zGFt<7gCs`HMo$ARnX$FjzK!SadujVh-i5-Ufj;mgN|tBTKWwoZC=^arg+d*2oJJFp z2UC_(!E&08yT=opi*Sag$?rDv^m@JC(}M%}zt`(k|KHy`=>M*N&^ze$_xAez!{7D# z2hW}!{0{Xt)c)M3-~#8r>)p7mYUjR?2d60$SWuSo!4^U|7j%RpF)4;2W!;3P7kq#| zZ6SnEfKogq0|e^>ov|X12z)@O$ddt@2$AtYw>zd#Jz~>tma{1l6H@RXV$*4nQZegJ zNHPr~350ua-)CIp1W(aP&VDA5SROXZNR9=|yBEcf1m%Z%hfK)<>WI7`oh^hSEO5fc zVT6T9h%AH)!2+6cfsN_Ne^7xx67SW`!dPHQKl*G1fW3ia>EWxutb^eWo-dI=` z;u(&}0I8QQI()_jnKstTa&}2$!h`W;K0sxiFk(4jTn=Pdj#u}x-v}iq3BjCbROL|!`_IGvR!n%5(@em-W0oW&5*%@INphT^oFrI~82ybTQ>51BF8XVZM>xeO z#(XklIFI=*!f7nmXSu-gA|V__Y&xVViP04m6BM(kn37cOE2yH{=14H4rvwqqXY#jN zk_3@74g?EG8gC)=_hLx$ln4nrDYziH(_7U@i3KXSd@Clzefhm!>fzRe$!S}23(-gp zn5mrOt55+bILRZH3X+NnEay*MR!-d%%U*Ob=R~+g&J#9fK{Px(91aho{e!1rmX5bB z$n1*cF&}IN$e^|rAP27iRWS|R1u?}m6_}rZ~-uA!YwLmM>)QwvaAuzq!Ssi{lHNiwV8pO|{IovKEh+5dWD!9nQRx@H(gC z;jAn=r8(mXz6>Wg{`Z8E%Z3*IA3?{n+`$Uxmo$w-IwR>A=l{tIPP__7@O`UwM{^+W zFm~(E^+mN>m)oV;wqJ(_;a=}x>vJ>6U-{D@|6SswAbf)Y;9U7{Z+~xpZ?7W%9q#Qt zeUSg|;@L(o$OspSKx*32h~-tv8gPN5i*Rcjy_-;uC`TCm*U_8T!HDHkEF|9?(S*nX zFG!TⓈjbQ#_QMQ7|+lD3f$QMl=-+%~+8mL8h5xxjfw3+D4~p6*^K7I%esJj*A?4 z=+@Tuw*Ln3bWp@G&IHM2xtxsF5=OfsC!{MGM_0dSguhjPD~iCEQgon?-6RCpj)1d3@o}PuR095O?nLZ zWdxuymWu)Uy7zT&3n4niW1{fSNyfOWGqe1nJEeKfauNqI%}FFaOmW)Z3of4Xpgu+c zp2klP0F=Pv0lMsk&%&N+vPhB>me6Q6K(9t`nK;P_C#kR>&q$OL!3XH$wH#TVDU_m| zU_tbV%b7p@`%83E@X1NeKDZL~oJC=};x2)hTn3kW;bEYdU^m0j1s)S_hc+wtB+J6ByrqZ|`tVinygT3!5&opn|D_B?~2# zq(ZNwOxN%A`)cYrdCel6Oc)n-@gbD5n4A$QXs{{%X#7y`Hm*UX*PHgW^i_w&jp#)J_i?M<`jwW zu@5A|_UkHZRs#S0Yjt}Y{ez}4yW%eEf0Qyw)}tcNNh*?=r0ade(q#5{A7WaayE&X#qk5I5z+gmg3P1Or|V7BLd)&gc6Qe3XGn}&XY6(hK|t{O*!Huza+VQ zq0c{(J@&)iA7v$SN%EN;C%NCGP=%9(T_Fj+hJj!xFH(gF6wh)N5zdjAV1Xi>qO2Gu zluy)Gy+Z&fEPI3L35&Nh@Ru5P!xob$T^5bcg`~OQL@pH?k)tSLMJkSS5|dO=oN%uoO*x5*oSa?I><5z5 z(QHkTKxw-MsPh?#tDdnHg{da~cvE5OVS?sO&~Hsz)7@THVtd{s-Y+AuZ9uZW5358H z^$W81IS#gaU;4?`&fgq4cm6E4&f|iaY(1##ePM^&`#6N3jbeVT)9v1uKr9y@DHl%o z1(^*Nti;B}@k@b|j#d)uz9SyxIFrZ8bWGC^0Zqp_;oPA^lE~?|Z)K6DvkgMq+vuIE zo|VTWPH-MgKm`rT?A8`!b$#WgZ|_YZsIrC77J|bcjfguhUw^Gvp}_f=h>{wp$=XKT zo0DyX5YDnXbPZZ_3|)8|oynmgh^B(%mpBR0s}V|>K%9u(>NRq#uLrna2T?B9OdM*M zTS_`pAAw<-#(uAsC|t1*NrEC!EL*TRK;3c}fI6FSo~e#^Q5{ zJD~Jqi80Br-Xwpj4$6N&3ZFdw%Dz=A4Vq9}P(pI*WC@PQ6o|@K{c_dmQP&ueY`lkERpM zCj*3sQGaiLYa2~xdLv+baWRb*XMx)$OAnRZkHpq7%#ny|dmY)9E_*7AO5*EXSZUKC zMU-(ua-rp7hy5y+YJZMNN^(hF?VF3|?)ex_RvA@#t+w|^mzXAaNE0e%ZDn5OIco)Q zmauB02@#byB^CH<9cl0TTNaZe*?pRh=N3985zFIxDMbR0h8&1f)2A$}BCI}~nuXE$ z^-QoFk4f`4*i@BIrDR`uFZszEC8)Ww6%kh~zo_vc{er6GpXcw1va;vyn) zV>+@FEPKQwmP!0^mc2EfxFR6~)Cr$-bZ7MTZt6f%?q?`^RGPImmUqowWhIv^MFkgZ zigL5u5X%*!@^7{6l~IEt_{OZk+54f~{5X!OYyc_;Nef_;;9fG(j5s5}3DxYrBS(RALee?G*K6;?IfJ^l9RxTNGT zslLjPgP~=?NzRcgQ~6c``mB?mGD~~iR?Iq)MbNRDO(}Kz zk>?H0w9%-xVbCpBIDtmuXgtozcs?Gm*34(g#oezO6gF_)F*AA4U1tn3p1rIoVl$o{ zRW^pj?JOe^9nDb2Vt4nH1x{T>lz(!IS;V^$OCypA-pydryBUiEQ07uG3-r5foMkwl zvV6l}If>+7y!5+%jqQ+B*-

      YC#>d_HmQ zh~Q|oZ3$~f1CX#3>YWygGgnTlX{z*A62=5*o?tlH<%tprI z7Z&+%0eLkgHN7Q5Q=00dh&);jTrIghK`; z0wDLD4`&1P&z+yyaOcPBrz=dw0PXj9^+TzXJDir^a*`1&oR9kx_hUpToFI3&L^Md5 zpd-C_`Hsa=7vmOBLr>>cLkPZ}YbBY}$pCSZ#^+MVOD-M3#7qJbGL%`@9Nt&MZq-<#M^c1F`8NsLGUSU9?Q z@M#-tl?MjswVKm^$Zs(l+pmo$43eXE8FirT6Pwcnvor3~Sa6XlXTBQ*O+J+|h zk|2@O@tEXNmO<_ahCWVogvJ6rN=S;rzslN5NfiD7GVNp3b9?p#N@zXO;E6-%B&ZxT z^B$BlmJ1S}V48Cm4nqI?KmRX!^6?`IgN9+y z6JQyTHx~aqdj0bB9SWfL4JDn$1{fv0seZLo^L%LV;3!PR%!6~LUz*vkm;GslCXA!6 z+k#f^44xpjuMH*VfOk|nAupy=oL73G-s#1(p!AaMObO?B?2q~z^{%0vhSE#6<9Ky@ zZM|^3z3c6@)LODlt=g6XrPrp>wZA`oJ$QotTy4~^_G!Q~n&ad=WrCb%I3E0E5gu@a z*Gr)J+bNl{OM)ILc72w}V|vGKj1KCUmDxcZy@ooE8@g*LYL$K-S)KL*B6`P!bGcV) zkld?*)KIES zJ3LdI7C1>}Rslp)->cNcL?jjK5`d*ty>4#;ecv32M7L{4*Z!;wtrl<1*f#1=y>6+t zOKqO~H82J>XKJi#M>GY~jKPqgC?Pl{F)A_y0XI;Q>i8}HKMl%wE^`9jGq4`faAt2( zATS5HBqd)QK5-W1|A_6MxCdJ0a!@=uZ;=-)S` z%1mEq$<7wp_v!o82B~rOm$Fv_jkZEYFr*q-FpxVOC3HlhS(K2w?UCbV+~HYc zxCNUV#l7$_e5T*D-YCL%bLnx+QqUur=8E))zh&tuW5T$Mpu71A^E8;Ye;}5h4#`zwOSTzRm4{N z)IyKHqmo0(Q?%R|aw$nt01~(CF?1$#`ams}HV{63tYZ~QAc|O`>+9g-NA#5j@V1x^ zLB%9O%ZkUm#Zg7)tEgis^ssXEVGT^lNQ{XrIlL3XZjHI#JMc};$;dvApRL$6n zh3##m5h{V3+pjsOSa7PcXFEBcEiKDkG@XR0()ui8tOSfl#jApAqUs%2E5hrtAd&Dh zhut`RJyW)dB-UJ@c~$An6ry9C+R+tkOvHrbN`RC7aeNG1wx^n|?uo`-(X!^};Z|Ak zX3aOW8)kD?ysd5sn^|b?)O40*uq7#}8XGUz`HI=VG2zvTzb;wcaPenu1_eV2__!j_ zKbC9MgqGO1a*uOA3>TCLZ1WNMAaZ_$;uI`;kIf)SiPoq!-Nfu zdF~50LS+|cG@QoUZnNApyM=1#lp99iG{$+1*zji(iU0kd|I6jV!!Z^(L~qp8jo1R4 z;%*sC!$lF?sOYc|EZ6s)T~5aV&Z7wxBoakVB;rBDQh97wisX3Pv~O^HqkkLgVR>G4 zRe)gJljSVKV=PKJ-{TA!i+Sji|JcCw7|Sa-b+b{`Qm7;ai%z;Wq?Vk)09V13!L#=I zI(imDe1bjcOw&c#4<&+w6{$IoJ^_{NxT{O`YItKg_vA$Ei!SlxAP*Hso2z zu|sdLEl_KESIcvJf)zSbR;0qQ`8KV3bx-7i0X>Xq7w46#b+ZR;G}-l58h1<xazA7x`LW(q@iK7UNY{yfh?!XXni~mxi;|+|l4?FYpqY%51rUboaWAq)EH|Wyu zIY9{mlF=6AevWb!6*;s)X=$ejPI7W%2zm2AzLt=+ZOTHfF z2^+tbbqBx+$~{W|P0Uo14;hKz+%I41bGA=_v|9y?W9eS2NCYTtmF8iJFBC0uAek2P zA_c97xjQAl6gaV39T$aAOBW!~@&W3XB0ilG6q|M7AG0UQ(@ZWP1pH>ia=R!%81L`( zCOgU*0CXnh6+%wNMS^qi&mf#TRQ8{};Oig%_-M*M@lVrFlgH@MlqLz~Bw}eSkCp2G zDNPHx0Vb@-`QwU|BoucXAc;UZ1IoL}OaffcQ>EM^4Si@O;6PYbgQiR)+ zRLVmz?`j0YsmC6;@!HY~jBRwul444Z6HKS?H1jF%FL)`>AgB6qf;m?zsDsBr1nTY59TL<;S-e0LBmTFgT5H##T;Tj%r(=Xnh0Wl7LukKZU?_2`-I*a#tGVuEeH)_Uzt)dzj%j0>@(cj*^J3$ki z#)8`;H++XOUI^`%QS2+bC8~`c{N!0^AZM#-x!I7jp9yH1k z7jm@WU}`!sEQFS9tQLrHyA0H1AdF%<0)GnObvTry-T2@F2`;#{=hq%q3VVOomv@i@ zM-%*NWG=u!Y?CBQ9ZGC;I>05F$pKJfY=nDmZ5GE24hlpfCd)p;M z5ChtmoUx=MRgq2eF~x@8%8g|L(5Yrkz>^r2XTXKF_m090LQ1HOB&kSM8*=7tF(0SW z<;>2Pod1MQsrCv`W=y_Jv;uAsn`Q;Lt>}ijKKb@Y2+|FgM!F_z!l6!@pdQG%(C?|7 z3w4^~R_r%cbgst1;Y-i}kAOwYR0Kiivebs7QF~qYDx z)TqPRNOaJY;FMd-S*I<15&uN)5|TfW3lgZ0E`Y=pvuZqffJ4lPvbJ^Dm?=Z!0_Qjt z1h}EGH1JT5pF|-T* zPIBhGO^@wlSRqE1v2)~Tn$%)@QGltET4^*Lzf$LJ^;(4`k`kaJZ@6Ud9m%JjFrqyH zURrUqBB}%`P){ZN&mIZzzXMMbrk*lV&#ScZNx7a?1)%^bVEvZ&dmcjr?)3A8V-}e&Fc1UOf&a_bjnR@E zMTcwAfF>-7xg3B%9oLM-1HwXS(um?+Dg*|yZgz4ng9_5$rm=INOj9sr*1>t&2T)Z38< z!k&-ef(W8#!3nfM&!7cAdzFL|#XOAI6MxnmI0^Rc(4w_M$4C*~=@gT;MsP>CZ-0T^cXi8FCH_ zl2tn4ie+hK6oU&fk>^r{iI%@*xwNKwt*VGjS|3+MbdpmBOFfbYH>8Mbsm+zLna3}5 zap#!lu)WeC^Mo{a8l-4>C~!vu^E3NsNN|c~$>xV=8InX$lrqj-Yc%a;?j!Db=1ol}nUC7idkW zu?$&0?rL*7-$~aJd>B+yoThYO)X}+>s&OIMxmtYZEFYieEFlB*10`2lfgqQ?DXb;B z^Ms9QdM=Ul?yd_l331BO*_0J?gXgw36b><`(Ht9>GO?MBgn{0$n2u&nfGY4LFY}a` zg;NHL;uCh28p$5)pG@Mk437 zBIR}DnaHsqV=WJny|7!SdO4!IwyfB`~`ijYoQW!)70uYn``ccO9{z?Bay9^}sYX)C(90lsPF52};OF zpdpz^{>oB=P}PoChicOS>7dPWysfXAZFSdPw9Raj2q|S)?5a3bIW-Pm~p5$3UC^e2y0WEI$LUDdx^5X z&;U!GqCcw`t#9X1PP4SyS8~bZ$}3A-%kcb$r5$5|D|)-8E?D|$O4oSLLi|k46%Z`J znxI!D6l;tpPaJII>hR9Aq0bo+e=0!$DJ(eQXhLwD$UR|<9Dk}^?U48bk~WF4a2 z5IeLiSG`q|WMK3&{`O24QE;4KYg*~}!kG-uz_+%7OgTA3#%xaw>KlkKRtp>ykz7E) zUsY;Lt#Y{EJyBbgh{(#voF`pf#NKqb!N>`YzfY5y7x1SHQsW#v#}c#u6%$JPDad-0~d= zt4C5kwsAk)w+@TLK-0Xh>Zl&$i0LmRrb5M#F*7dTN*Pk(JJ>4KN+RJ6*(A1=VErmq zp=q|QfaztI-md1S{`gUzT2e7WojQs0Sqp_rGM zVO|WCK%)cQ!IsgxO~++KLz1woMq}^tFsQ;+OO)MXrAJtnGv$8XvyABGhTPA4CAd2< zKv%nQ+z>2FM_P-AI0-R(N)Y&>l5byvgg`1FjrJ|0e zl@Yy>s>Lp>jKvPcv-%Z3?Ym*~X3qj^$;VFk7`KA~3dZ(NWlM_KX!NJ@b7cSQLPhm& zC<&qdqJ|iC{CGbQlhVY-I5)xGRBQt4@5)1UCki0Ka(d*ZYbhk~7+qhRSoCtGI$g6< zP+6P`y=euy2N=m!qJ2@*4N0f zDY4Q~qnfm$`0V?ywenNGS4;H==!}zB%+LVpXqS0yY3XWyh@cvZWSWT?B-GPFRdpe{ z9WD9kypdCDSMyq1kP0$&?nSlYzP1_>aQ2uC(82z5=be(to#HDPr)%sU?9$PLUHbj8 zO9xI=F+A|i4vg)-NfhAPGA!NCFeN_}o(`7;~pZrFS~hKPFU za^NbxoIAs>Y>FOi;_AC{!zGO+3wBoPZ;2Amrv?d8Cm{WIFkxJf7)3|%CFRUgh(yI6 zZM}LjxwJr@{M-x5G^U0B#y+!4lB#Mq<4`J;d0;NRyz{_*jjmKIv#oMnr!Ss4wTn&VtV*?Gb7n4AkHaPrB# zFJk{a7_6KFq5BkN#d*STe2yIAROS|JKsI7bfmVup)tIgJwoDS6AhQjFPtm0Rqx^E%R5zEPol!p))fKY8l zNjYMQ%DzZ-Zd54Nq&90xQr$nSC#kkCn<&!7a~?pRYS`d0WRJTK^yguVJZurY4H~zI z-WNuascsQtVdU+RIOS8!e=*Xc&9|>pxK|mudCxCqahWc^taaE@>+oT-J#4o7yV;zb zFkc1vtC%j`)1}n}_jT4>ATfUdEG-0f!(;C`m;i&m>N^!#cNtv{^iw5P3?mW&zuC4KYkD=X{f}2qzQ9 zh4~oa?`T4_xpmoJ8&a)`q<(>IeUgi{AixU)<$}!C2NGP6*}bs?b7rXZ=vrFRyHlef zm3uqma}`0^ntga5PZ-GJ`mblCbY_zLlfB(G!M!4Z4}|6Bgypk#Zmv)!p_$ujE11cbO0zTX+TcOq_=T^^FNfVV z=ATh=qa4*hFJS9TYgV%VdC(f92%&t4bx%Oqvzp*Qnuyl-yRL}%r14+*S5_C#9Vue@|4Ov&# zVTEW!LVHNsFpjU*@{XJIF*+b6 z7!yk3QCi}StASWNA+#hN9u~&o_{e&v2Pg<4mMD=w9MOa*x1UfaC<$QM2I@5O&3|_v z#pLo+mb2&+pYczZIPWHO*o|3qLGo_+$H$Mp`qX{A9OMxX#4IEHoBw`<3&BSG(~zd4 zsW_if9({_&IV-YHY9WvKr2_5Woi;6E|VM*P#L;3N{sr%5p;A{mbOr|B;RDaa=& z|0j5+kd^<8_@|5umXl9;7M*7_BP0IF==kNIGd_Y{7?BZ&b=hRv@$BoTwd0e1xtM+J z)tS-Zs@%&mFJ()|U5W}ReEbA8T4d$^0yi;ani-hQljB^F7}qBi4a>N0r!gwBSpG=` zN5`ixAdoc|I2VO-fBfDA;jB0AgctZTy6lDfUqj*^h5Kr;U{H;iF(AKXdC|zrdf|T0s0~cSX(vT9O?7SpHR>vzi4JfB&4BOL6kllD zRGOnJJZriRLm7ko7!V0dgEt1PW!wz_2lK6Tci8m#AF9iGIqSgHX869tG-;VhrBKoD zcgvIu*gc}V8a*9kF0(m9%wT)BcD(d4HXvgN3}lr9-={h#UXhJ+921Tnu^dq^xhX{d zLPY!bD1bT1fCEKp{1lGBpaTw0$ou) zsiX-I(PUoeEN?3;*bF}tAxJa{K+M-J#w=Y+93H zEAyk&raF+TJDt#Rxd4A=Lkq%e&Bmy;`WuUn8e{C$@*AkvwGiX=IM!QM2Mrt zri6Zwn3Y&!RMbry+2+bHUe4%|icgbJE*`5WoMi}`LMQSeAEKn-^it=!h)Fst@d!=I zJiFp>s-lJHR26=}{4zJ08$s3;cDNH~Jy#K$oVan0YiAksYG6giiW9LvVi0|KjZu3f zd+ZJoL>6@i!I>cwzX(T>lwumQG!>kL4Os+Nj=f#J*HS~ETkTeErjFF>#&fcX&C+R4 zVSLiSk~f{ncwwBWm7+{F#F*+m*FnO~%Xbo;{hkhB;6<8N0f!_mEF-ls@bbYg9mn3J z2@bT!4o%1AU3Yt0B!ULARWp^m?1dA88sZ?8i_J?C`|89WrKUluWrDSd!B)>k?5}qn zuM6U#tMT0}qjl{fx81VYhM-;ueQDX8z1YSej+&!Z12M4#MD4<3NOW=Pd#>x%D1;=V z5JNa2lB;J5`uqruWdkZsZM6mW7O9NRienp?)$VW=hYVnqCr(GwbfRD`1)<6jH5irg z1KXhSmY;(3!eXx0G1&FAhl+1Wzqdy6z3t}Yd(eO!dIb+%l6)wI98hx*DcdNc0Rutj z*@G|DAXMHURnIn4Oo6_aF{)HvBUk;O5WzQ}hIT@d=8C5;k6yfasZzVaY-$|NT%uo> z3)_Qxl+jLcHDsd6oxsY7qxZrJt87av4OeNZQO{UcFrtU3Uk^7YZZ>K|woQVw|F9aH zGDOu{`k$4rFQ5j{wo~J?Ym(nV!Uq-m-3hd!1w4)(@gkZa%+b+5&d|%hpFLKm2%X~T z`0cB*M1&I>vB$g6&X7b{g4dphL6+c@*p`MffER(N=_FFoXB5ddcBJ@l{OZN2$|_h@ zjFc(#v@~Xhbi%lJt7J5vU9OrJ@1|Mt)VZi3BOZi!wZ}t03nAPqL6)Q@4sr8DOMp~8 z$xXhO)sp@BnNFuPo=G`3sf9kk!@Nt zhP;^YZVrg0!oovTdjn?G$ndq0@L#HiW(fu3iYmrtC8IOeb>-aZ>bdnabLPCdd?gYf7B5U}t2Ilw2kG zy`x>?0a|mxm7}rJ((5-bJ$;0Hbt3udnD7-_Ua%%Nu=qUJ%8bP*raUh)<@i{{Vtrcx!M9LwGz%iSF*`15Ft`KtB|+^ z25$~;`Z{c__X3tXy1w>yh&Jaf;|gjG2a z6MRX~Pl4a;PX-juGLkwu9Z4G7t)-fAuTL~WC2%8S%|XS2QW*mK6D=!#9&VNOZdQClyJ0qWz1!;gkIXEyk_=SOEna@UhK#`=a@x2X8EEm=k~gg; zS;6RLEDmgXeEqK7F$D~Cc;ybHTu_Fl?_Qso>r&N}voFfbG7aq0_09GoqZ&t7FPutyyYi$o z(#Mt!U9`VoQ86W{&^HYk4X5$8NVt;<%jue7Ged%NlD}gYB!y@l4;RC~-HTyubIB2g zTQj+CeGzo?)*+3HwyeZWqn^57qEb(Gong*V5OBeAFvjQcFr4BK!7yRbMG)&9{LS73 zc^2Yjc14`z1jjQJONrd>+;?zJac5gwogTAkX2#LUVZM!yPF|_JRmbJdyNhA7_P3GS zu3`h`Q+4~x0W?&5NW>K(kk*gG1>&XlM=#G$nr6y(ubSNH=E5SEI4P9W>%lAEH^O`k z`nA_A!cv64F!$p%MX=Swp@gw)h@*>L#F>%|sX#H)#=1kA#t4rwO}Q{v?da8shf-3u zS#^L{j`~OOl%^_UnEdJau7EAHlV(t0;loT=HXjG(;k|Cs&U@R6umjjH2 zP9Z7?bxyEmwdz#}Mhhl&R^w80mb#HCoVZm97KDrLF9peGG#$&e)ZLbQCx9*la^-lF z<#oS0IB@mmCzbYvfTg`#Aj!R#h!@$*xV^Cdyyn_s$7eYkhTE`WC?(&TB?FM%iZO#e z<~G?g=ub712K~OxszH$-NAUx^OszSbfNzF5BUzt@JE2StN;V=$3#eriji_@7)IS|Y3LS-4vNi7S@w2-W3{ zH-DTEoL6bv^1W@i{H`@!?xWl8{0*^b91FYn-k-iMFKC^X44JWsGsC7e^**nN4`9Vq zde>N^1a2f#@Y2&v+c+EJG&UDQ=9QM@YlB$U;tka}__;xlwwUq=;_fIryt1frzpJWR zsfk4Q^7pe2Yst`trlQsReQjt7};ElK=0zOY8B{co|KRbvXR^e_N5vNF1JTH zAh;%`DaWl{-7`MHYK4GXwjQr)71?P=@FBKMIS^jOws4%Gt)i~PH{s-81)jVE#n3iqD{7JwQ`( zW#>aT=ZosYW6l zE^t9Pwu#(qqXdsNcQhWr4HE3_%SnKmKJ(hn!OI%oE&Vk?nA5AW$sOB}vRUYm!;~hw zx*B3vX*tW`0_YV&TL*qd$gPf1>C$PKgOc)o_;Q zmw#BjhbxkjGbsTTE9Ypd0?6F!C2cC9Z|1eK9=5RQ0!Ks4fud{sShE8sB$=X8>$PhM z0BksD8z-DOcZUA#JHGfn39(~jI`Wn#?>XUrBgym!WujZ*OVwr7ur`z~s(HbEyteC2 zQi%%VZNsV*lBLX{bgG)zl(5Rd&i(iU9=TMqk*m>H@AZI7p_z?PM{8~a0M(JJ!haR) z8Ohwk(@N{}?5OqmuX3t2*3PX))2$}cE?)D$20De*`eW%0V$KrMK{}>XWyltfju&P| zX#$u$^Z5O_@iz7EH}36*^*z-Z_i1xa7Vg-paC>Vzwi&-gdzaS`Y}==1p>Z}$eV2`2hx0;7H=gN zsg<`;LxZ=ug`A`Nz1=?Lkj&pYHh!RBC@0`yZNjH|dL{@!#L@xk_hMW54gNr<#T0S+ zZ_q5wt9eHMO_~A*M{H_j4Wpd8%BdiM3c{1HvA)MTOL3OXykpZ9PL9j!HC_H3%~O^$ zNKzuDrjx3BiqYNb6Sp_4k}$+I&6={q@U9JvZjPgvaGF;HSN&~(T_ykz*ZY6mvNlQ^@B67JYmdB0T359JL(PnEGsY#(Pdi zMPexO2THU_RZd{S(fiZa{^8%T7aX{@NhTzpI=%nz|NLJrS008KQs|Ak{PEcvX`GzpfmgpFr^Co|W6 z$*bt!>*{cL+I$}gw(FWP?V9Lwfwnpx5`jZs-TQBrRvDSwiFYMRRd-%vTUuTuuI3eVU1v3Da| zS?RXjbq^McC`U&?N4!wUD`rD9a@&8H;~v z)6FWm5RC|yT)2wQ3k#|$oy`pw;)rBk$dGE#5GUwI87Bleu|aHbkZSOdvgWhHTE%CF zy=jAn5}hd{Fwp(OV33@HNsmCTm~nfHpuBM7U1O0p^_4m$imoZZB}j@)N3=ijFh>HO%HtjwaNF#e>JgvYc$ zK!?4*QU}kbvr-uePuUnBYjaDmQRZ&GLdUe)wewO|#(p%^&=@THuT7gcCpCwHN;uUr zit2FI7OgQv|A!5$72&E5d>Lddd0w!sn%>azrjU(BG@^cwVt370i^i1(3pX^#=Y*)3Wy@B`kpM9-j5<%=$$Qx=c)Ju0a z7)f($%~H@q{k;sZUd?;g<6=Lv;kh!Rg1~H$yZQK6aof>VKY;7VA0=gPS3uIR&)(;+dm6wd-g-`saTS{`BJ?9}gb= zD|T?G+N^)(!k%#b7QfL$plmK81`%Bv_gpuS_N$Frl69{MShdSrVO3I!ZUVg}w9^2d+=dP)b zBG!@y+s(U;j#V%@KlDR0HJwLkl^K&8b-cxiPT8^AU-Cd|2h552TVCWSV&rPqv_PgU zO0gf3Rd&~j$ftT9dg_Y;G?k`NFso5RFL}--#fWD#P4R__TW$0eu zrR`&}u2_oat!z(ti&)Bwq)|8vw1>?=7Ybu?8OrrGcz)RHIh4B54j#dYJ0hu&5Mpxa zam4YtLB2Deoeo4zG;ggyKPr%2gLS6r#q;!LdEm3Ja8V(`P#BqoRiMl zC(tFEt)EJpj-v*l#i!B@QXm-Cs?6fjf~Il59b(Wz1|!im61)eO(V@>IE|G zm&HdO2-CCQpZHm7)SXMo(odM5gsn9|z8+}^-sDR~n!cKsAo<~(GPy`4F%rCHaXi8is1hsK3C#LDo+UMLk)7ky)xM@!bPE9gX zb_JzX#2-JswT`YQ%X#rtSb1+Jj@&YzOGmmXTM|YWyRW zciapTwiyg{ac>9%6pWo8Ding`+JAD3M9z;c08syia{JkDYC=)x<3}X))dK1$kH2$G zD9@E?NMuf#nd>q__T1HOsV%)zu{v-5@ zvZu$Q(_^Wzk~}NHa`CGm@6>qD2I_jxMXpHj6uMhXNvRXm3+6K6G8{xg9T5siS%*|J z@FxXr`Z5w9y9;b>8p2I%;{jjPGpVyTTMU57DuX_qvU~&&8TrCL=dd|`K$`liU3chW zREy13B!-hnU_6C4$JhKe;+QTj{7V<|$C!9!4g8fh+&o%XcGPeU?ts|XLrd{T@&yL%3Wipj2=5abdUN)2S7xM`_ zw*%p)zMg3m#2$hB33z3_ggHy0!t~`5F3t>oO!b13n#1xgq;-CLxnV>?ABcl&@qjRR z(^nc?lD|9xD9+S(<+(5C9bI3}(Qm+zf=#hBXwfv%zm+F!dHf6zT5GO0hb%v8F@$;M zm`DXpnHtjp{s0P;TYkLGf|+CQL3sW(rdpPeH^x7}nf;Vfz=Y-R7;+m^E@RO_4Ei>e zc}`Tj^$#iE*=ya7|1syH?PKYFA`sL+qtjLP|y@nbuU}rFUjyOX@Jf%_x4+ z5&Eir3+mB|mOEPJsvF~UD;CEsC&6ORnqSeRy0biJTENiG0*Y*wP9(t?z6Vcd=J3<< ztfoTS>TIr6xs1;#LJl-IY`}B_`ByKkpy-6d{OUhY1g(ah>+fteNR`V-;*g4rrha9& zn6B?u-ibVq1w5CYn<7BpjN@HhK!+9Y;0cz(s0;i88E)&uNh!Z5Q;uhC$15Bkfu3rL z!Tf-)6R-Uxp|K7hC-_>BIeN}FilwqY7kLk!M#KN)Ke$VuE8Xh6MVUHJhYn+HosHaTj z)IX;U9#ll%VL!YfrdHhlOnrM*sL}arpSh;x0{)5vC=+dou_qnkJoZY-bb_MAE zcn$3Eed^Qz9(UKaZ{%&1vNB&#@AW@Bwxc%6ov&ft{?o~VM&dz(dn;>d=D-}7iHTKY zu_Xle5pjRE!2L>hV~vV-&DfcO{Xw&`SdgJ%{Ns_`(uL{Y9Y%pL*xRA34T=0!;PWki`;NKG9o%d7ttuB<^pw+{Gs1t<_|_@l6@Ci zDJ;-iUP1=zj9xbzI$qN{05fF7W8%|7aU^VJhTq>ecz)bx&cl;7d#=bh~oc%fYlYq`X!JH z17VR}W{F~(1Q$6x09SWA(Xu;PJv{CY^#PnWy4@UZUXRztCk#I=Y=nF4+90Fq9A}P~ zdV8hf$Px%>sbo4^5==yYet%t6q(U>lLd-Ff;>m})KZDW*+m_q)JkOC0HUz?m7cN6f z(I-oD6}?=lSx>RQLaZ+&m~;zzla+Kyl7P;9!pAYWm{6R>QO>!dE{NyC+ZIK?kx=yD z@K1`YZ6A!379gIlvT~-YIihyIW1P1dTtBhBEFHjDXlR9kw1nGcn@X_M)Fijp|slS zD*xaBSAmrVM@-04UrM_KiivN!d| ztbcP{nDtzjuhR35&l_NB8{GwlO3qf#z7l2YGf>36OD3yg5#wTN)YGEi^bx)7?L-jF z1@-qRYHjPJ|0%ptA&2)L2NqA`j~S)Y%>r-Dk5(9PnYy?(#{21Dec_665>o{+8>VI8 z;4ML%@=4#z%$?TjJ`3^as>OKZlqn$Es316;QRC{adT5FI7FbBtv2#>4vgIlmWPVUR z$y_o>+h3hV9Fz+I)f8OV4|w+7h!;tW$#lOGR)AC?ouESwHjK`{*Bu({2X`Vm7z`>U zrnX7zQwycq4g7avVVrh)sVQDmIf0*^1>FztbQCdsdLd)CNrh}hge7`$ZrwJ1`Q3*1 zjBvO}+tf&s8QhB)iLki4_+oCEM=IgjF~+Ge#ob=G09<+_#!T?jt721pe~BhD3S@5A z@*zB~c^_!qh26x8T-Y@)>yJ@@^rg>j!i{pH<1rVkq+v^Lj|089qo%nLC=ieS=-4v} z6=^Z=+|iz&86IDlxQ^0bZY&{1%}Wr6VIBzYaZ8q!4g6e+;)pe>`!cp%rzoJm5y*`_ z8LQ2v?UZpTbaIf=Cz&HnC^gcltzY*{5>{I416=roR%(dX`2 zIvM;SAyPPIph~S^UVd#%dw6N_)G|ymon;aU;*h2JhLn;NO-jPTUq}g5fJzsKDvhz5 zxb#Y*jd_wf9msB$6Qhms-s>dMmrfqHA7m}CtS)*J&cw?MfQj!%L~&FxiEp8Nluc1% zk#i0C5wdg119x%KaExY%;3UJn;MoW}lxR+)uR6cIz(F-;rK=x2>lFi_QLlv0b`C~E z)q^y(d)ls!)GtGX`tIdIGb`UJ(q~01NDl|{Dj8`IoBS*F9oBOI8E)`48u# znY40Yqj?&%mX!X|-FV{KO?G7YFqyh~xq&>DV8wZa zQai7H&PV(;dQRI*&o$PAcOVnD&bO#*-`CA{!@&5@)!PQJHt=<$!~Jktpm3zCXVd0( zJYIw>N=^1_u>9KC=fc1EuD2n1m9fqPQft`H6gqD%FZc9)-DUTM@uuqE-}<1=(r&~i z7YTBi)mDtIhoWOdFaM5NllQN1t*%V*rW39ypHrnEWA8>L6i z`a4fGk*dH(f=TZDb`=S^I_@2F;%UoWrMrd}%Wao#J;N&xc{V0z&hh$Tg%E9BTsAmk zCU%ZDW@cPxWUI=^3|MO<@94C7!Q6k>0VI}d!jQ968TR^3b9R1}oaoKh`F^%mimKR9 zS;ayXQsr*6jd*jM9H@veo0S+9^he9wXb>`Qy$TiQra|fR%4v|%K1l~f4@+;h2M!ff zz%_gSw#Uk+vYCGQ|!Hpsbg!Jf)iGNz9?TeVL$dvTmT9JcN<3+Rdvol^!)%Q4cmJS<=;Jk zNA{7^)wHrO7qR8me#Up=j{#4O-*9Oq_ff5N>ZTKf{D zJgqcIDtT3~`k@7b!TOVGNB0K~y95@N3jo_H;Efcq78v^px0GUc7i4+|WTyJ!gylK- zb2ZgDR)+s~*Eg!ZSY}B^`}aIKU8usE?$EZ4TdG9aGuX2<*UodVQL{e+&EEwIS;Ln? zl-%psVjbSQZ4N))qnRF8F+9$C-giSnX~}SWoe?QOu+&0T^tXRIL)+y~ZDwv)&!-qb zPFz}ClcNc9a!Ik3ZPY_O`ZTA~0!)x5eGI_+C2P#WaA^HyiQeWWJvfDp%V>ZBA+T$= z>KR&qi1D}I{@tb&O_v*T1YyD{CTZcvO>NZLVMk_reh2$c>&}`#SXn?7&|ajVyedCA zf7Y}r$$+jtt;XWkN9>PHj?1v{OzG1*Qb`q}6nq zA5GwS$0_=721aZ0NRS#Q=+8^%e9(6&cuDY+>*@x;Zj>R1&Y4@@GDqNb2FNUifV>0G8kriSfg zJo{2~(lL9!|5rtZr~H;uD~^L-aX$1Yj!^xSCLG>r z%IUCIZW>wuyHBMjUsmg}(fx`oSz&f4dxl~ibk>o@{9XTCM33JSL`$csM>wa0GIsBw zv&br5F)@RI*ltHOGk&ipYHtnJ(@5OP|IM|^wOKLh1NpTb0GP?*W{U?*R+GM!=^{^r zM!*e4u@`OfZ~PVxz$||rj?Gw)yIW3yX9+LwCzMrj1_NTIq}Ns2E^JnxjFO^wttbaV zT5R5r8ls^bRi0Cr5Jv*~JiI80_0YpZyzzp-iuM%*dF$gofo|K4 zFuQLK<-xNQPH-pQe+Or;MgnMalT<^-*71a*lol;nZA6Hev#%qZeDS_6jf7&Bux!d> z=$g4T%6PW(HKku2uJFupfzTQxVX3xC|3Gmg39Bpz39H3@DEXOZqjClK(PpmrMgcB&o8sR#n#eQ)po=VtXd{VWZi+PkL)FfBZKc$jxnu%^mRD zXhz~@y1vx%0Nk+l$+1gxKp67?-K+1Ko)>+97uihtqn^jLZ&Cz&>e3^{!P-PT61fEe z1f3K%70<07I&ZFAKHd%QvKvb^`+3OMz;f$8B1=c3y%1nifw6ZwMt3q&GELFRa6D;F zGtv&nH#{nefxk#Nxh2^C{_RAz54w|?MP<2z#!LUBN&Ys2r(yw+$B3ov2S=R`_+WYS z0qmXyd;?^&x$*#1nx)fhGG6+i;c%6vp641_+qUFVQVaKrxh9tFf?6^!Oi#Y5r=;#r z79iz61LFN?K>pGjc)oFoI0I}q=+^u=X?&GHB0K_Uv$;wD*5SEKG}9D4X&bp8EoS{H zXYX_2!R8L-JNZ0n$qQ2Hu?%4{!RCR@b7j$&{$N5Hvb4r5{Y06GW6t)&_?9oM{Sy7v zvcED@np0tC53R-|vX~DGXYmxIIe;h`>@_#R@dpHRsr-M8*{DrZ?zII~ zl5jfLX+oKRXba; zSK~eeOEWQe2snHYPOQzuGH-M%un|9-PFBxTWsdxWnsG^cQ(FPWJJ3egOnuHIJ+jD% zmUEa+9J#mqrLj7|{^3%@y@+n1*e4H}=2%mdtT=Cxf5jl!@B;F2o%oV=FZXKS36z7Q zNWAcoNXp3+@H$75e$4zDeCeF-LgTAGmM^C22bRG!K{?3arwN0Cxry?>%>rt!@e*n= zj^NABzy3;&&&c{sEh>Ket3^eIX_DQ-b1e96L7W{@CC@?c0mL5F`TjXt?1pUQLY9UF4@#XKp=#5B-C4F#ZV{ znxhA?3;;#o+BT~UTrynzX#?{YqSx%a>}~UY*mmN8cI1zN%k04T7;u}~s^{DE4~0Ra zDmv;X^+eYTbQ%&znW*z37f!|rm@Pb+`668lWf5~{wy{dweEPkP$IF9nt~>>#j8)vo zT!-k+b;``Tp}D556T3!RnEsCio`nh6b7NCLP{h%z>e9&QiGzmKZE#!SGb8HX3LV+^ zR90*hSG14P*@6x2chmxaj_X@yus&@gD@2^VXHT4+IGvuTf-rN`a9>&?AvS82>fH}! z(I!lx;13gg+93@ab{Kx>gGMX{1tJVI@5bvPJirn|(CTkIXbnrI%+A1l2uKIpYv=(QfM%`x;k{~bTqy6-(D7nMYY zt&{8q(_KGasrv}2*+2A6^;lKtfn{)Q=>=iVQNH+$8+^0w`>5OielQ*38Q^kX83$+@ zU-Y?RO^15)9UHxjbF-lS9m`g(O-^;z<3$5#hq-%8mu})ofyYrPt5ubR2R#stYfblU z{M*28Qw@wkare0t)<62K&F$hp9iyVAlW9Pq6iUS4M z+Mg>OXaz<#wGHM4zt$ET`O<_oN1J2U`#oXoEj6rw$3G?WE3-~p-8-i`#{)dc`_r1E z=hyk)WTeF(j}9oOSv$edQ?&@P@kB?h=W5LQqFy82QgC2io(Tf^WT*AXG<_r~h|{e* zi7C*AwJrOC>0~JC_haI?N0Z!m=6eT+lMNr$WI!!ve+?l7?LA=aLhY#MD?s-~;JYKj z6y>g`QFUZBfDRF3!-*f;5vfh?{-A2y!{m~Uz>lTR0*#L~{@CWG5BG$Lk7~h3$2Q>6 z=jJw77J%^l=MtEx zTJrk1+1$GIz}fJeX=#0Ta3RsXzvHGIUqyjcjpEf>Wh81(IZ1N}g2X}O+@fpoG~Wxg zhrgByt_4{wLS$3dX-Iu=s#W=#>+oR5jhc1`%WtiwO?--1uPjEs;IGdS>-qWTGVNmH zE}Zi-{(dzHp1Y8UciD5HN`v0QwHl@B(;Lm#9rFhoqDGawNRHl6lR&^t4$EvNei+;Q z=1NN?@HjZSkuq^66qHhOi7;Yq(4;yJGd8hxbaGM)q|Ae68{I3RFz-zo6(A159yl)3 zn+VN@{)%<; zK;aV>%k?WC7oIFP#Nqu&E-HM3a3d5(KP7V62&%;VKJHjO*RcTQu>n;kx#U%_(Euy1 zr`WVop4V)@o;1&NdYXwi;r2BTW?*4D>DcntSbUuDSS|!mZGlkF|HS6J>7rgzR zov{Y2uO1H;Z;1t5tWCR6TT=(mgJbu%_>0t@e-auu_3cMbk5uFb6+)Y(iZykOZ;^%N zhuI~>dh$&oe7wZ$WN%!~0`osTP7tLYVGsXw3pw49euQ|ao#G-YqoH!uHt+;E^8S=y zZQAA_&Rg`6y-76^4$z)sCQproq{^4o_@F35A# zjd%PMbMpQx4#ZY;ssG^!2zUE0=*k27_mr_OOvxscl*MkQLKkx2xk%#?ApGvZ zOmLDQMa^w~GnlnkOf9gdKdK(V&53kfx94g3cUhtXrEPND2w~^+dYJ9+qyBO`5_p@6 z;Y;4&=Dk{K-E%xMnCtt)OMer-*vx1XDZg?xC44CZw>1%Si%Q}t2>3K|kvkCw6*g-N zMT^At@EMtr6))920Fso*bi6S7iYRdM>J$pF>I#6D=aT2t=jPD76_DcKWmWPn6G6bQ zMbY&~lVyZXCM*gHg687>7+HX8w|u)kZ}wPa$}9pyNH$X5?|_{wlTD|znx5~tQf}!q zuqvf^JLwF^%Q--_12f9x%UNaM%Qmv}>m>Nmr|hCvO z&UGtl-q1(UjMb&xeDvMMoK*`tK0$J_umJ4wWn?-%lJH|cMY0%X9G#Pm%^>xaL5p{eUs$^!@ z3az5-;xJT zx9P{139wZ|^M|mz@sXDg1K3UfuxD3c#Q&n7Dzzt$=o-W63`BWTTQ9&-j~-r@XSK-G(kVrxdM+k>{OG5m8l3U zO-<7f<;wAX#j3&Dn(o{wrR%N+TP~o2+!y1_2O&rGiw{1V=hbI(s)6teAPuA6HNxkB zcp^g|H&Z~?%zW=n9-gv?OLg&_T;@5!sv{ep!y1`*hkovRr)mnGP)!nIDFRz;EI@6j zvjirEnV+;2X|RrLrd-jSSNj`rOavVE%Y=j5Vrd085|;4+_zXiTPoY9Poa_7r8Nzu= zt8l9LU$V%)JLeLhNBM$|2JNLLtu z@cyClGncl7zI(Xbu!u==o_EqfUY$!lM8G{g4!>9(dmln?!zK0c76oZ+vmPo-A)Yt1 zDk1+-^yJ@JbKD?|?;d40odIBAcENwZc6Uu6==*2$;sTxu0hhWjwh33~4tIDfm@JzEHQm20e2N582-7o8-1TuqHu4IrCi9x4lniz(V=`026+`%zvWna|~?K(>5<)Hx8w zn$I;)#jp>LXY-FJ*O6d~`?FjeeXobR5ZrrZZewN&U>_xRzm_4F#R21-eMJPDdAhY| zB_BvRNmMM*rG_zfz^kGz;p=-L#{&?u1`I z@p4m*`GCOwJ#}hf^t(9mS-aq?8UpaSJ|hBdWV4HD=t?w#(%WqOay!vn^#=J7N@T+Q z*(U^Zq9&S8pp~ljgSm<Kh%&5c+bc5TAtsuu^#EA8QLS=x@` z5l_I>HIIMI)s9A17uN5jQ_UvAW(sOIzXR{Tw?Fi@+}t#P0OUf|sXh-tzIS$RUM%kL z5a97X`K}Mma}A-9ULvl@gcn`C&~z>_ac+y& zzL1^xw!PQqNsBwSQ<> zx0$L-LzG%Z7a*znUXQ4%!vp_VXcOI>Ce{ijO7fi?F_tn5YLNT-v|&3p1vTa6R#G+D zK2%xg*I*<&N%&5jt|bexO{~RM_SI8*sQb0yalN**7%rafY)2oAY}V{e(q6JuJ;aD^?12ywl4Hx=ewxke=FYM&T{=(j!r>KifwI`^p@h;KqOi}tDrp%VkpACPw z9i8sv6TZlf!W_U!aS6Z7H{QV02Vg{q9pDygBO*xp@TtQ()!_iuIOr8~^IW%?Y3=Tr zNc=P}eTaHB^Egtv7`b#O^u*g!j$9QZ0k^7YabwM#ECW;8(!7$?m^bEikYAn@)1Ke# z3t*-41}!S9-kplm-b22t z_P1h#X$r`!8rkI$#brUSVmRLcqV-}V(22HVHzRy4o&|a6ZHePs`kbs@tqPKnh+xwxDnewQas76~O?jFo(m52|sqA;i`=K7LD z=e(!H$833dQXV5u+^3%CUyif6?9_|7Cv>VA0Fu6wNr91&^Bm^a-yVOu1Vwv7DXU+8 zPO%tPk#DUeL+iMFSn?-4M}~|LkYIgbQOv@(2)AIh(sdTcrg>rPf_^DBP# ztOMYbsL+uzolV{=Po9LUF{)4=xDhff%GpOs=uBA_pLIsncfcF9L!I5iR-|1 z7nCD1zv73^14|2~nBUFB5ZFQZkHi~spl?(h#F8uGQuc$-pXzXOzBBo?8#saWNszb= zh1HAT;?NAY$Ly=esArPxQrVPO7#hwtNlp=w-Kd?ki?|a1(<_ z?MLsZ+fYws^7Q0LJk;XFnQRsO)vUXi7arE|Q0R03>- zxGo7Td^s#9(6Q`AM z_LDj^ZPtBXH#N~QY7C`z>)mh3yBj@o<8vj`@oS(xS{IsM_(_rJoL3d zD{L^+k2}>101-U3VoQe`_22R}g?uNb@Rm0)r0EaG>U;3RkyWYsk%0qICJPh8oL+P1 zKQ^^0F+Eu{$IHp7Xk3#8`M^z(Md&HNAUBO95d=le!J_QWAfF24h|DAB0H3{(W*d-#vg?m4V~&fjhsE_lkcmEBJA|wzmdEn}CaRKn<0APjx>9YF7qeSX zqH1|}Y7Dl3api_ZN1MOJNH8bmyMa`RD2AFmXg7aI+(R2o{SNh@viX`Ky2Qvjt0oTo zl`_Y8qaI6?IhUI3A7PZqXMG!Axbk%T(zq8JPx%h>N{o6Y%8*wOQO9-0N+g<$>fo&t zu88yGcITqmBTAc9wr$p~CJ~J7Z$;KGN8Iu^bFsBf_zMleq!Q;621eTWGucKNiE5(( zeTfs_@Xm6|3B;CHnm7{Uit4mQngr@BD18R^RDZJr zn@LI!ckcw#7;zR3%N@5=jk+nk^4uz*?hDUwR+1r|@EX$ycZzudnAh@_+$C6tgg(&f zuU2Yezusl)sn%<-*%pL1Y$(zaRFf{GDzHhh?=l94!^g2lssi1x%3Y|Wg{uXZ!pPy_ zk+WRlAv!W9ZJF<&ox@t+0&=>(thi_VF@0E%WpIU$t`0pe#aUzr(9=8_NhZI3T(;Jg z6W`g6I6vG!HWCR!OPC!Bmc~Pgp%dUWUTSH>dH5`ldE+IEoH2U>n~ct;Erb(gypScd zTY?I;#58i@s@%hh8Lg!9?~K%=T3+xc?`iI~57WwbORPqQF_gS;(IVO*zzlNsPnjX{ z*qjvienp_CA5E9ODNAf{UJ)#5Tr`I^rKxX+FY>$k)iw3uf=ors##M|SW2`( zzwaWqY^|Z0p-CbXXK# zGogU#*Cq^I_vOi1kvtBClFZ-a-ekv5^Hy1rHny>x8#n5J4f}{uMzPHACfgF$mw+!O zbi9Y-jaL`nmqm4`IU}z@HLrj9`EY~3A}(fzKYgP8ck~(+b4kueABYH z>sKG@h%I&=GUjcuG{4d;W^xYs{TNep<=KW=-0f-Dr^eG@aHh{i&tUZCo($7j>hU+` z62>e9m(#{7y=fIByet?(gG7}%*)_k;hYzsytVi_Q5CyocNZc0{G%NPR$KD=o*e&P> z&=<>OH|kH7tE?ro)6+e+_0fs2rs9i03^j=|fM@?f&PJcZa{$ePD5XS{j#d{tI%nh)Pv-R`J!HlVdSi0W{L72>nMT21QZ@@iJq!a28l1tA27 zD{IY)sn}5knQf$+q11A_^VfEg9KS>MA-RbkTPW-WFr-*a7&5Mq`gZuWal*CsI1zW5 zF`)o;06Wv&?|@!z|0Ztc?77Af23!4lt@WT$A^O=I%VA{DJUZy8wY;A&?rUJ2$#Nvv zMluYL!okvC3JTV_QJ6$l%KL@VG*Cc(PK}`-50nr{i;+sqX*XQ$dEyT{lGbWUp`IrE zD94y*W$#QQ(RdBMYO;~7&?4dka~}`uPPJrC#eZ{ryu-!@$ewu!xm@)5^xze{`3_FR z*c4s8sk?;C3U-|$+OoDf85FoY02>Br-cYbA3B>7T(UEEKv+Q6Ie{x6ncaWnwA_9u! z)YAj{4MgwQb`3;-etW448X2t71?kC95O=8L7cl1Ycar#N%H^dA!A17obXa4>Y}o!&Yu%Rd%aoSH!8H@DbcJHfWjvcql#L+#GDO1A|d=6%(z zWOMEEz?82(Fl?a)R2H3QV!`gcp|lBuWTJP3RGu?0qG~LeZ~0aNX%O(Ma^9m8pmEs? z+1rH^cQ%reiR`T98t<;7!`2>>!{gl)q(=3?!O!P zL^d(%&f6i@Z`0D%jUj=dGSeE#HshB-fp7ewtJ8T>NAf_fZQ!ove009rKyB3bp!UFr z^H~gDl%vKrARD-#y=8>pzDjYhK(Z^qvJ;?bTD}>wklkAIb2rYf1-K?avM%7VAD+jc ze&ERzT#=dW#m#&$sORhW*5TI6ihHUv3EY-geHsbL$hqoiP`Rs=ZZJdVzff_5{;t7F zaLT6n+x`^>_ieu-8bdKl5$o21G}GzJ=a`s)yq zuE`~YBC3WNS-D_TD^WIpzK2+_y-$ZkdHz=0eEmWC8-=gl8 ziG1tyDt(lHf#$n=3O6OYM;v@+lhz<{Fd^^ig@r1fnc*e-DF3}xz9mmLC^q>aKzt}4&QEhK%%6}L+*aX2z5}-QD z*4NVZVK5{+>tEt9XTjXB5)fihP`TC_1sD|8HYFIm=*TH03FDOS^8O`Id{{ngrhF-0 zR9u5(0a5+ez3v8(E+aN&Ydr{-x7)N^nCdOkIyY!zVP&?DI*!BVJl5h38m^ss&v?~Q z-i`lEVogqU(iNP~YQVkJDbe0SmluW^&B*hP_8yRf*q;%d{v-d1RQ+0 z79(n$M&LA!=BrDQrefy)hAL}cTe31ANt9*v1O6GFrE<+`T#3n*GCDV2s`c5LC5G5S z*5zG<+}?V)Mp&^D=4e}WL+{177a7GiceaIc%VAOn!Wr&nRnP750pEw?)drc+-k3CF zX+a|@n3@21KF{X#PNpHvA+Q(3!;Tl56l2DXX2M(=1j}HEH84d7VW*wc6nK*+eh?zd z@uqpyGzZUI#*}gj=F~e|FFIx zri*E(D(7k@8-Wgm2aa#>nAfirXW7$s=ms2qHq9pETNj z_qJEN)Ya<`>5#oa_K0a=&ubs*AQ?NMm!*CNu*o7(9QE&NJ^D?qeFf1ZS4HjR|4D<2 zAn1fO_#W$ox&`^@2ZN-*;<*6|(`JF(=P3WrJSd})tYXT=6>%_f+|ohxGxuh)Ha3m| zoWR7Ff~g@eY5FP2ZYk5?r1NE7_{%DYPi~Z#0@fVD?nfQ4|4%c>@1uaf!+a_$B*yyW z;U&VH+vTA-g)DQYSEr(2gFBfIbcbTXz!fHL#oteaBtQql^zpJpu(H&Dq7hoi#ISty zse^njP3N|eWwi$FzfF_dY zEUUa~hma>s5h-{X%h29tUTq{lOZHT_rZWA1s|K;=t)sKk2fYzqdS?ZvZ?HzEs=*;3o>l*R0h)ENYZCM zG@QmtS%;e8Cc@H zDI+?&n!b}>9*SD^}2ZgqyPq)S&*WdYh)4u|0 z%Q$@+FJ#+MB<*cXKi3pItYPOHo~<+UTu%8ryXw4OW?C*t)f&pxdZJ{z6TkwA9?6hA zV-R|5*fb?E%vvtl*adc;d

      tj54pHP{<<5>I!+I7Qfk4=@NI0dj5SYAMMkNU?R__ zx!*247lyn^cvL*#s7&*bOBK)jPOawXpB`-p3HgmO@esYmbQ#qd=i+IFKyz_>E8VwU zm>x8~@;$iOY$4HNXXM@SWIMwU&iCo>tx>zKDmxQVaI5Mu%9|OKGc@f+iKvNVcQf7R z#v+tI?jZ7bJ956pn#%u)%K`OIq-?PiqFWRydMRfW^b;tJF`c=Vfxj3=(pMTNO%jj4 zxU-aGH1RX1UkWL?u3y4x-{ErIkVjXLG#uyB&<=5^Pk?`|&&^Yml)!~7(G3lsDvByu z`6++PONw9H=?Q56U7ena^Hr?B%1Il%x1!w%s55*X*!3t8s1vKK1FCab(FuOaKM+hU z;^6WHk62>J24!#NQ_+FHb#YBDO}{2oMK$@Oy@37cL+rgIKMi+Bh?|8S!IRon3nLk$ zm&R8MsAUaumz7S^4etP2b`f zSb8c#Go*|*YC0wQ`F6-ru!7;dKftN;u$@yv$G~mUDCmZ&wHl;TCw~)lySreH<9#p3 zmKmy4_2ueUc~C*$BdA#i>@0dTL`zuPc_Lr0wr?AdgE5|db!REeWK$~xR4gq1O0-b* zP#htCwXq<-b~^$h27Wc=eV3TFW!V;|w6qZ~4#_#}nwq)?NNuw}vOZ1k`aEPUE1d=I zG9zJ%EOG&RX+V>&3~)v=1=~^5ixCRM>Qgd^pe-^^*aAAsHV8~ z2q?5^uomcST~OEZT(DcP-Lgku*YSw?fRgz*e0{QB*_X(y@fENg=xk~*Um2=EpbSU6 z-eQQqzA{mZI)O6(z0&GO*w0Z}yH+*%v0gzXHbB{`@*v#cuA1-7uyR-JEynHsa!XWb zuaZ2x40ok+`4{5x`p9#95?J%c!x6~V?^ghC*3qQToV~r%7dlf#*SQoby7&7M3@=t) zf-WsfyejkvI{K#@&42IO!BVuPLb^elUMk#opM+oL99K+Q-U$cU?piD57&&WFiM_Ri zS7jSCeMd3FE>KI9TdQL)-o*7n844_1N@KBUk`22}e@87t1cX38ELnl0X@=e9 zq=s6Oq-Q`3Ar4A0=UVvbLot$s{iZJuA9cA<3|WR^8PH%jTYd4FA}upPWcwQ>Z`*>V zMBX2@YM=zGIL(LV-Y$@KFhcvbY(pP|8fjvrUhsb?%xG}_^>lRkT!M06S(}muep|U= zowcoX@v5p!;Goh_@LbRRuv)zjEe#u100jvcUO4`cD!j1W|BzoB8S>@ev*H~S;pb5N=+=57-yOBYBKAae2x`l z`y!Ebd6gV*V#dNO@%|u$UA3E< zlG$uFT5q<=nE3Rty;Sc;FE~BRzP3GUEUk0SczoTT7 zb|?B0$2C0B#e~^2CHfD0_x##sAwRgK#}E6ZoA@;q0#UiB+C+Rbg|35RAubuzRT-@51bI6Qx64CeuB+Wk2+Xe^f=;n4& zLtZ1_l@*cUkj)d3;IwhkBa^*fw}!|Y{KhND$T*gS0QXXqOV>I21#UbqG`yk!xESS!OykV-pJ{T# zajm|@r!giV0@3?wLZ>05PFis@{Ht((IqIbDP%DmZdLxxhxNl^V-I`wdi5>@ zgmw1y8PrGD1t`eg{mC7m6U-8m%O5w*DxDLorgK`z6^*5&#P6*WO(TD8kW)&t(LLp` z|5};DW>m1R!~{=!05*q*RkPh;e#sG6uMbUWe1gYe1a zJl<0fEPR&g1h%_fw{eZz0R&{)#eY#c4aPDC$wwBBk(qLxaLTPpL>hP z*{-$TtjSTrAsPp;d9zsh*=m0ncCPdmB)O6h9C<^U=ZyksW~((4a1;=*iaZDi2$=Fa z5HOmE3SsUkatO-!0=^XGtDW)X0sP;*m=tzlzE70iSswqq`!Oxf?PI>ZTk9Z1{kZD@ z+hMptppgHVNXW8chtsL5xj~>q%a=%&Q#o(0EPs|SX9I$~slp=XxudybxBFJraa$I= zpls{?Gvb}C&np>DKk)jZ7gqr59%A(?kkd8Dd7w}$O@AI|*RNf~UIJgCHAvf1@^TRP zq(69DT+Co`G)-bG}ltc?`9WUsOg<+Jh&vf-Yyhw z18X3`pQi&I@qqFm{sIa9U^bZGf0*s{5q4UP3%~P>Vbu*>t0C~eSbNK$xE6E^6xZMo z+})kv1a}DT65O5O?(XjH?iwt(yE_DT*VoB8Gjq)4Lj~yXdvPCEteD zMd>m+T%lX6KgL5pBv`)r2T+STOWZJ$|NI56-XYsDt11+`XRs`2-0(gt|T9qWN@nv!UD> z4IcS2u<{Pe@{WS|fL2a=b16mJ?$FBJ0ygm9FdXUwH&nL~K1?Kdluq5YEz!MnBWfphb4~6!1~3~4Jy0C=Vkf;$(@qEuB}0Jqh8-* z=7tt8@@9xr+$`Nh0ij|}TZL&jOLIv-f)p%TKju5S1Rv8BJ^pt=K4gv^I;JVv5rL85 zxyNwE|8>eK2Z#w>q$Q5l>uoKE#66lUS$r!Mvby`D!3U7(azo&T3e19>{{w~hACHUa z#ai)&U!@x1D{VJb7QU(_I&x!`d`~o_eQ$`0I^Ee~b~A{eabvGP%`=|AIB;fh4=fMD z@Me!y<*qx^Trm5|c|{s-+IiAJ9u7ql5{CR3-Z>?6{pm1@nX=d9Z}#by6fzkkJi;hA z=kYZIWfCm&QucEgz7)T^FY$B}L?foI2oLg*@6HqWKnF3Nq2dt355o>897ehr=3Wa4 zM8ns~0r*Fl*DgeKIwY~H7g3Hpq^n}tXi;I37=lG%yn7E%@g>y9_>3qw7whTFa<+{v zene)fsxizPY z3)5ZNoJg{;{~+Ye<4uSc@)P1U6!N>T&&JPx>ea2tf4TW!=qQKqbwAfH7z|w~{feN^ zmtd#L`qak~uDsLGB=uS^;*I{U3r{KT=h#r8yWm@%-c&XLeb6BT~mISwAayv9M`>rdpV3?5*co+dNWB@EI2 z1(1dR1mxAf0doANNqJ+6#rnSkvJ>lXK)%?=7MpW6(hvCuAjka!kgX3s74qf!S9IRY z?9+Wan2w%LzE-Ee>MLOSy2pB5#AqmFMpJaSG*PrIRp!5p8qKvQ1#@OTzUbHqW(d0n z^1ZycE^ssH7;94t*WUsb$6p!xe1P9%2Bl;+uXvssoIA8D4~jc<+PV!-*lp{JK^|`p z`ivhKGEP3k2}7n(-_~dZnc3?qSV<6qqsP?}11aM8(1Aee(r`O>R3FfZI5B&gjA$JJsu82DK5&w}T+dGnqiHFhQ z2H^*+cLWf&l81LhVlgl_YaA$>x+RP*G0#v%^%PXK95|^iahFH|LbaTn;*umCKPzP} zv{=`V+g(v)cX}v}ALHT8UST{@!6v^PB1Jz(Cg*zf$sz-2HY14aS<>vAyi~1=YS4Ja zM_>u{T!{EtDR>Ig21@VP8_sV4K?i-3#fYFw_bStsQe&SXF%i1e{qG$VmCi8SiL$nx=OO z7aX$&57u%Q3>PqS()z7pm3tykQD|cOgDiRY47qSpFAy1&9Z@xj62{F*>&@taN8T`P zCy07ICLTz~y@?;R1`lIC488ZfJCJ-*F>pRx9H^LwX7uvS-Os}y9iWUO*h30VOOT=} z;PhX=lRbcW(y_+_q-cc)OzE7~TKHQ2iUo61b_|PZm;^&jw`s%k`LyXRitlctL-74p zXNLeow8BO|xPZjhQr^0ypdETbo+4!{tBN1WMa*mjMDYh1TUf$mJN~@gzljtpu zMtoC3ifxFX-wove8&*XY$a$jiF!b#+IRA%a(Hl%o)g-+-FW%Ov)(-p{$N~}}p<@a;E9lrMViPZ)EWtBLm(8CR< zs6%|g<@fj%c<*!Sp{!O@r(WOKf*koCO zeIwKy1F1LamJ-evEvcGhN`E^#H3s#a`pl3jF`dx#NW@KgusOXu*gamJD0c_bDPWNb z4=j(?)e`mq4P=VT3N#G~nP0L9$x=$6pJ!4J9X`*7GrPS^y zlm-l8Hd==cY^k#3@*n|ARQC<>+Fp zd6M}racZ0JH!H@{?2YDr9xJ9{${%lOU2T!KVe^Q?DLZPA-w|trTmE-(s?~*caQT@GfSnkUzMkV9pJVG;TMYY-I@|fVU!E52 zEf?%gaw38T@}>?>9xgEOT}9`yUs?gQcrsQV`$xNz{fwx8iwUn6#0I5Z`9F z1RX_MYRa-Wk^S$Ksus@JIQvH{#XVM*=6)X?r65DK`Ad`hH}%AZmxact)40FW;l;+& zf49|Y>Hbis*dv-LmWn4oq0PKVKV3@=Ghn3^b|v{yCe%I9LKu z$Bzc298kReKqw^O?M6D(0A2aOkf#kYZ=o)`7Tx2khmmd!;M#xte-DUOukiLRf}OXPczalqm%o?)8X zTZ>61Hlc#HdTL!j@Qm{;b(JBNYxo{*;^OOUK!FPNqrzKs0%SPPQme`a6$; zrM#c?(Q-BHA8x?Kk(eQI@k_m?H}y|kZeTDyh%4}!`wN(Ygm%`);9_4s;XIhX1{X`> z&_KYpa8c|D=^z@?eMOF#mPbPk?l&tMGkS9gBT{Ot_b1s9ap@ndj>zqC&{ug6>HPv{ z(;1=|VZxSb!h3E!N4hh`0B0&1XE7oeZ7({verrex&j^wlZ<2I8MD>gjS2YQ4C0&yV-t0Yl(iT&i z4Qq1%oFGG+384G%{$K2CGqXmf{_vSk$qtW*&I!GZjemg?4J-TDN>Bx=xgGGqK8XfG zmjrt#)3wKzTrzko1Pbav1p(*JIj_>#cZq0J8`G{Jg}@ka`wNw~Bj%!=LQlCclpYwj zBS=RPfXT22xqdw0exQE2xWdboWCP&yAz`kKR>B^+zxNLHP!p<(onRn-a;1y=%`#b@ zJ`<7X_z)(Z+9D?h9xi?-2hsY_(uK_rX71fHEn@MH?}~i>s~v_mL)EyVr}NW()v>8p z1m(M#K?&j8n*<$;6v0U2u#ak2Y7OF4-MhZa(ncD8)Pf`P#P4-I>(~T26L#8P zx9mslzy&$*mwo)MM|Y`kNf`v>v+2`m4nMQ$qb&-DcM!GhquoI54e9E{Gl^|2i$9O( z4f|x(mfd@L2%v>_{O3KVhYbWzl+%^)mO2r-=DjDqxQD~sve*+wIS~mXe4NcJ9Cp>r zWqWZQzD+iUt%BaH9`P-H4=_OH0Qj9B2sJ@yD!fOiW8DMl|%J@@}sBal4CU7cJ_?zJV+zgX0A1{b;{23&9y_(J-6mBDuU~j<3YzW zj!KnRe5=`31m~#dP8Sfjd14;TLcdQ9lALu^G6SaLe0ba$P=*|;2Kwd&?7qzdgS`~Wh2AP(kn zSjsYOOL?*5n&}3;a~1tUK{T0o4u`` z)7YD9aT}{AR7pWlwFZ7|`s}1Yuem@=6t1Zr|2XlEmN@K|C4-H~SOnyS8cA*$%}w!5 zPP+)LO*K7(C|JQfKceWI{`StQ+fg8MWBE5gjAtDvNV z_#Dd?pI~nwDCcB6fLd2T1px4B5c&N}=pDKgc5WlP7Z^j@5)k>7&1EU1%2cS3qENUz zuf2#WgLh4JD;6^G%KhBBgamk9a5L_LE9g;+dmtZGU((3?I619wtk;71J3C_t$j(RtvNJ9vYZZUX&I~F2 zGdm;qwoA1bT;mUE=YMq%0z!b2aYYbL%Fp+6JZVsfZ|@2O*L~AUF%e6od>aX~D(YhD za+1^Kw0V69aKrYkiO_O#IAHIq8QGp_rtp?Dqe}lrp62Jo=8Dh%P{F+ahYEJQ-s)$L z^Kk2^nrMg{C2~|{s5attx|PF<#rroeiah9!*?^}Hs4u2(JH_#5t1{O@482;^zd|%i zfa|50|3drT{}t_hRR8p%6chfN7Zt1dcP~mO1J@(KQ#Tkk35vw!EiZiv%4L>(Fpnr! z4Dp00>Y4X@zD20}@c2MS`zKRb<+Stvtx7B``2T`VD19_HXUNF;p7r0QH|TSva+EWLiwU}Rm72LA;xe7uL0DPOLCuPJts35! z>x?IU<6ExDgVV6Rz+PC4``283h0Xa6yAEG+`mPk1^b)MPlVxvT<~h!(LTi>D zH}vNqmox(Fj3c;crzS%BcBdKu@<*euw^0CK<(_U?w~%N7C1PQw#KZ>I{bc(qr~)Yt z0=*W?FF5CVnEtWD$m7plMR<<7(#wqQs6@xe*KRxYd7ZNVd=ncTf&P5UCk!y_G4gQR z$f@l4-d>}qY(7g|SzUD04N0AS+z~7{ly*The;oRuzFwL%6-b!HcEKYblO4K|xWi9t zJS7xB1(j)IQEUZiE5kmqrFXrV0v(37+Hh2Q=f9LgESKRV$!RGLWr>W2h2h0B69r042DAeYw>$5c3<{gW;xrgS)Op@Go#@(EJVV7l^;XT`1V(H@Gth^Z~#f z3ikLmX%Gbw3OY;mk_#u2vn!8z|t4L}$$AJ80pm zYF=ETU89t z+>u+*7QBZ=3N3&yIb3M&yL4en($FLNomWDo!rZD~(ykzJ46+-P$e5&(i$?m#F-%Kl z%1r*;@Jc*VPdkCmeL1%h+_{AbJXS(x7F#xJjUK z{x4HIEn1>>Vh+E9b>|JtbuZgT9sREw+MbeSvgQ^kN#(TF$X`j%E+jrsKQ~Tcl~e9_ ztLQY8*jHL)R1-DT5GBcfthUn@VNqlpfJwZRf6nfHFx=3Ft2YtLd^J-1h$;V5^T&f4 zC3{+@xK-O+nmHgyD`Nd0;wY_?ala>iv9y0o{GR_KkJ8io*E~vSgaHlV&8pGGJxDz9 zKgfV_B#8KO5NV82AC+FJ?SGjmssS^9HD3PRlgs&jVHA}8l>6IFuO2pQPVwrxx?cf*)P`pTxDgMlYF9{d=;O zM4pcrtGx*Pm0)fd!kl#P5?D?d{T9)Pjx$)yhF_@GQkOsaa-r$2s}VwZgNbF#rAFi( z-Ay;Dbm)5DV1|w0L)K%TmgL0KLnR`~hN1tp3qlYJwRJe%$vTJO8AgWP{?uU<`w6(v zHkehon@J8`)c@{=eTc}1xcD=j^5UKO{d1tFCB^}4ERhjBC$Hjre)quQ^#K~wlZZNx zQMjbzHe!U^r%z&68#bGOE$z8E#8_n>TxkzKX+ss4 zrjcXavG*{Ed)Y!^6j=FR$>9ZAJ0CyFvt}>p=03J(DJ6xA_R{3zO4rgN@Q>r5Y0Tiu z^{DDRnYy8K%9=`48Y*z^?~GTt3sM*VWbWFn`#PQ$nYNW;r@uYc!iQA8Ed=^Nac z>be4`8M+Z)?6m3v2?n{)z*;V$YnH`Y5y4%G@(6lS^p5?XQNdeaWrID8Qd++>8owqS&>1bC;v$ zBXw>%_*muFn9_5m*|Vs`WLk>cE=H%#~$az3rv6;SFZ?_5#E)uvG= zUnMVxr~jA$dpI5@Y{{Sya~#s|ek|h9d&aABQ{4@R5*gGKiuFtJ$8|3|xJ<^wt0?|W zF9e1EpcnG9f6xnR;a~J3B=-+`A*ZNf*!_fWMsI<3Bb&CPAtJE+u@^yV!J?JBW*ZXU z?*3g{cSPKLGjiN&W6H-F z3-G=>h!%}pvNS%il)T|idwg;wfeUQLTm}dWJ;wA0pASC35pLS8-FG!>ia*lzh;{8b z&U%mFAJ?!1XV!R4wnL{x0i~z_{41uQ15CiP`HvF1inK(Z2~C)Uq=$yf-oOYIRW3O) zc#DKa;Uymu28s~76g_nMF|yz#oNwtl!nqW&g;k z-@XuXtCtVCFEC(PpJQ-Ku~!>07k|-fSWs z{ZII}HrV?c{6CBQg8%fA{{jD@lM27!pFnJwoA>J~DGI=^iqy#|C#64&F=rNTHX|a* zq+$yPlwmq!U+qm>rjkioQp3iTl{vl9glvU)3#2ElOR8^bKfvX>T^FdRerT+Dz=B=5 zy3$bhP=6k5Hz4pyfTFeyQqi+YT#@A3lLTRFaiqxK?@502QBbj{2MKp(xt&%wL{t5fW^jUnxaJLQANJ7KP!xqy4g4$ z4nZorpoM6R5`E~agGbnKwqB23u*UI?O0S!OcCiooAc2Qaa@hX0 z@x|Kt-=nH((&7d(;CBqYg<*M1m;*f#%9UojZ6fu}?u-CS;JfDEECD>c%ygW;CRTCP z?`&>9s39-{*^<;a8?Cie&W$_nN+za0*4}3_0PJWw2{!y2=^a4T26;UHLtc$3j5|lN zJV)5Xb}&>Bvv@KNJ2wNm@&+$L9A`5FO7n)!i!RJI3QkNXYxNiq^HGf0$JGV;=5yRj ziaZHbYP#c&onYILbW9@!Uy5UD>$Iv#gb%h`$UYwcmeY~=4!D?U3=AargE4i7M`^wm*n6O{4g52(O0}K| z2&~Ss2A>E4mJSdlIkVr9Vx?~*X31qqNaXSp1vCHNJAfcBY+9`>kH-o1*Mtm7EYANq zuqyT61FK)Yu2S=Gu!wy6G?wrI<|#jurEM4!W;j16yejW)A;t%ui6jP(v106Z&!*(< zSI>rp4h7VMU%v0}i#j&MG<*Rn0q(i*zbpZs&_65zHSWJz0yY3kKyb`?^WQCjcje!f zfMaKkVuU4IC(SKc;@PH9g|3bv-eY!i-5p zSz(zz-hMKKzNI2?A5KACT>!(I0avBY3Z?^E4du0l@@%OD5uEMI2u)pl$mX{^;DJhO zp81Nh#qS4Dong`z_aNamJqGS7w@c0)mC&?YN3t>eP5|q4Ma%d~WV-zz?_Z4w+rMQK zf<>9HLE+6^LJu&L8y)(qHe_^q&Tz?^0pO5>hhRR``0#@T67T zsVYM)?oFe%dG+r)gCrEU5bOMhY^dSoBKW^+fncA4yI~%u4+p1=EeI(!8^rY`6e{de&TtV(B_?n`SSbX+tM`Nyl;;VZ4J!V9s#~yxk_xF%fp4)QVuIN~ge>4|)*WfEL<8_KXp>5; zpknDT8NXs_0S#`m`*KUM;%1)5IWORqU0;jhO|X5me84_?Ij7P2MhAozyf*gZ%*dxu zH|Kmu;M}#Ga&y>YcX&J?&G+k+LX9m)pe40@qX->=YRfD4lvvTLngllC{W3x=(()Uj-V5XLtY6x)i`uv7@rsa52F5_Kv-sC7swf=Kmb zp#Z)D$t@gN~--^$(KI3KMSwD0c*Zf;U8)g z=g|8)^WhBlaF)Kzt}QYCSSks%XQ2B`WQdo=a26ZF>4y7VKuxk#M!c!JA%#ej6$x1u z4O`@W7+YuPt)+g|L@HKuOxT#38n^3@<}2AjlcK7tS|G$!$Ky10ILL~sdqjYx%Ohc1OvwRla(^yj1T{ewU()ZP=g!Kd>Wz^ zcC|6VIlO`FZLA*(dNSaeEWk5Wu=KdfDJYr`Xl4prR&)~{e(B^)WFd&Vl5f)pyOrje z|0KP!y(N}a9#_^M!gf2Ue(Fe?_cEmP0YV=dVHaxe931Rl27X3NOo-?39ysS9k6K>s z0fQb|*^jO&*>>g;5B=|ik-`^%1|JJ&eGsu8K35(gFBPC>GAU_B{}*jP6M8fq6Y15P znW`n*!psQKUua)Z7lGNLl|41XmS%NOYBt;iFvq{E9Z%HK96Phfd(n=lznSAl1d8?= z-wk4^-PxF|3`~@7T^yJIQ2Vs3`4#)0&*F33K7`LiI)!8}?BCO5AVB&CyskFniD3L>8QPGQUXy;nMRaVdu>a9F1;K#x6j25r6;o2z(MRe>13ojI2iAX$lMj5qShnv z^NH$97)S58%XvY_)3rkc&##Is!pNwddBsb18GMtQU@IIEcZ1ieJbVmI!&t7o5LeXJZ+31xwXqWRm6Q53E<66Ca*ZvI#&ieZ`x> zeILb%mgjhYIMX96fFk;Y^yQ<7uZ%} zZ5S&56Sfl$9>av_ZNv@!W3JWmSFUx8`d_(LbH_h(t+Rj2wK|NOl#@8IO-yK@medxI zl032vGm8XTqM{XI2RzB*1e&p5!{wU2)Yb@IyYQ9KVMYb=%W|a}XyEz!qR;kU17Ld$ z0Nd?9$Udcf`PgqK>_Lk?Pd02F6gt=I!z67=WL9oX%L2STeRE?7*M^}WlHb3b5{RX> zT0@aT1Kuw4+ua{jF@0!Em}ZgtK8&lC9Z4!I3=sVbPQTf{*u|#WvqJ4QoqqOI;9o;{ zffvkGEukY)I~Mci&8W4`lYJ7-o|w+r^zoH3zS1{C@X_^?bkIOxQ*9z^MK!42+APm@ z>(liga3r}$4!giR!v}vj`i$9&a$}*wPX5|GvF@o{s+FY~plL8v67=P$Hvav&j&b9r zaf;Y~R3%Bffh@P7ydX`ep>O3HMKd)vkDQfMy>4E8e)=?NAQ}1DbSz|jzB#eU;daM| zjI@I@C3836@@l1QB{@fhV$&-2qv(-$E(!`;0sLKzE5D;4-`kT~+gxVr^H~gj6|p$T zEFz6wRXg!k4g7`ED(gMBjf(|AXA)yY;=r;F)jrS%S;-W<(Tn;7QKIe(#X`tlg-f3; z=nt~6N6#)r@@wYyJrCfV*&vd&Xf#R1$vS}THD4CUSr49nFRyU`n%bjh=lt3})D}@u zq3jlVJnIJYYfVBttaFfU0Ah9qK!7(S^&Tv6hfXJRVC=cH zZMxsvLD`fYeC%X=J3(cdT(pMaMqGUve|S*>Z=p=H29g7aHa%>ptK}$1@f0u zlab9fB|#>i`B1ijjnh>50|?V4pl)Dadh~imFt0iUMD8w?gUuS-2Zrt~s`+S3HEhVb z7Gk2Rv?C%FG!ju63}T?YQ~pOluym3>_UUFqksM61QwXY9^PUHuY6EH2M8gtn)=D(l z2T2&gZt+OhScG@V`=UAEi!uV*3mn%^g>LazNOW_$3Nli3R%#35&ZbO?zU@`nQ*gL6Ur`U8C2zpe zsm6}KE}c4Gs={uPq_={RRfs05pjt>${v`G7?o&_%T0`ix3T*8~O4cksWO<12d3Urg zePP>IQ5O>CVbJz%`wa+`orYVOjv6ye->I*Np?OJR%kF$)#wsDnm2On1AGM>OM8BS? z4{Yd75EHd7aLUv$6Q3!UExw?|i+<)dy_dt8TXqdSiNbK+Tu;scg}+~-$tdvHxU>Pg zZ^&(BmOYv^ue-g`1%^>BGJOVV=epj7o<5o@DZ+~;a7*0j9F>%22f;BgGwJ3x3jaXb z{;e-XUx%)|E4dIKa537$F7d)~GH4m5z4NyW1DPWzz%dgs`;d2>6u@gVpyIWOEjdta z$}q5NbGh4gx%lBJu*?M!QyLdMML~f1wF7 zL3*J{WzuDDO3ss{y#TC!p((K0q9_WPDVb2;bgx-TBy!5;NJ^JbPTqjj74~6a33Jv% z!!|TfE>b;RnzrGT_XE2ui-aMFI=TvnCRT@rt}wRxMn7thbyX5gJ&^>4GT&tuLp_?diXCJsP1WSd@1RX^sKU+HYH88n2+XzMK9u}g+% z8YkEiqo5~xBS>%w7u6l`x%2DDKcZtST|puonoxEp!O(m?*2yC+Z;aA~5!8hNRZx|I zDrA6L+ezz@c!LcGw93cHecAoBqb=Lgcl!gY-tOzRuHkug(%A6vMobYpyd*eaUeoOq zPsc>P*AonYI>M&A$8u1zvHMwGyJm7$9x9c6Al)G!;4idfpdMrdo8lg1U`BJjC4iiP zE|e*(VJ~9lD&oFI!m()AZUK6xrozBgUB+aY}eu2etCLfOlmm zf$dbLfp;tO*IWiWyy%bPaZ={^nqD!+%pOr>5wGGi^K!(!a@X$KbnGiOt`r@+x?-hK zoXeZ)N?)Sk(Vff8p}Ny^pYayck;jnnfDgV)+rxyLK6O81s&hK?<&EC}og2r0fA-?* zt%TJ^Krm4>_J?HI1dd=r;}a`!(G{dWH}qtyd!{MuD{#v>$ru)OH+M4+p7t2 zYwTSe`T`Oq-KCF$%RY8)D)Qr>UZc+GZ?BPU^v8C)VhW&2mq8ox7q4-2a-KpQ@kv#l zO-my`P?osF(1|B3Y23@);sb}E7a})-oyaz)Puu2CP2?2$kX)S}755T@#_7 z5C|wA0TpF5*pc6TI)NKNu*d=`WVBMm5uh^47wMyOs~t^Z)TXvK~-V&OcVukHP8mAb33yaNsxOM-SHg03a>7z<1mz`Z^9n9hq zV#+QN>RC{sICeDY0`fP&0!Gmpz?5g%lxO9Kw?FG^&nuZ!TQ#U+Sp2dNc?ic&X$^19 z8wR5Rmtj{jDcH1lBI8(`DSPXWv8rPGa}N)w)=>=G+&nqHx~th*N)6*|;qqB6(Z%zT zDw%mfJM#Iwp2tk&t@KQjGy638@rRth&Kn7HqpH&#_VpL{0&5~jlwQqd<{=AZ5n>>a!33rO%%5T{LLmuZCfkTJMhFis!%g=Z;5yEg!`|Qbk55 z)qs5x;RB2r-~U}5tn>H$wTDNy6)Xa8%O)F=o>@SOL#p717}3wt}a+!e_4OgS5SN`PBOlyv01Tt9Fj1dN`dj$SNhzeJVCn0@8iqA19$6Rvo-=yVT17pnBC#dB#rfA2#`8BhzsJs6 z>KCv?JPWtv!Rj{U!@>YmL-byr3i5BV$9R>d4HsDw)}{>vn#rl^h($6{mQV@3`mjB? zZ8?tS){M>BO5)Jy^@-xOuR|ofX@dM(hkO#5Dm{EKDRvYdG?rhowj@g?i9O6o$ z;v_ZUWbp7cf_sjqfYAz?btH=fb=X8e^+oh*q;!A#AsGT%=_xBKqQ#E%aHF!}=rU5M zl-I-_e-*bNLh!kiYnUF%c4mR#+jWns3Ypuz@sk_>Ag$3;$U4Wf(im-foV+yDrwIpq zuq#s%|xWv9ncQ6HUgT% z<}HvmLfg*mm!R(M;~Y+6XCChb!4#NwJSyG`*J1#H>cIQfZ6bfFc45O-_@33#WNo$5 z|MdB~i4Qz6jW_M4hD1J5XLsp@Ib^Lc!*ZF$*2((ZsOlpTAv7y=ErH2^V|&&sd^cd- zIFx*&LCAc!6dAN5kZ%{Tjpt9eO*saY`9ryCBi3QR8=OsfAUbe38_Gq6a2S%&jG{pQ z7W@2Y26W_oIz<}UWR0yOXj2DfBC))-VV2hZsFaJ&P{ZC*EVq{c1%#oAb2^cqMtH|h(NE4iDgr|`ObS5vtcU`xUYCs=n|#xr^KGLH{4Lt~|t z5^h?pZ-ZXxcnQgkCa^ezLH(TwVv~hmw!-UOS^VBycusm-!5gMhw;8&Pw_7> z{k-CHax+4|;^Pyc9C<(CA~bLdw3vuK<8_{Z^Rb&Y{dJqjB zY{&eQ4e{m#T z!VWfV2HnIFeRoKTQniy6@9eOULlZbXf6$XkY_dz>S=e`d%v_{)JL!PnKIe_ z=d5u)Oedwx=qvM2$Cyru7F~=Oj}xb-UT0_fybwb{?=5YBKX}#Uqqx5MPcS=~SQIr7 zbmUN*f*$Ajr!rZQo~UbNS0Da;mm+AID?&_`?c(HJ&lfo~0V)xWm-IHR`}@mvwmpgsEN>tsOz;4DPH6p@Opbn{)p67R5qfYNiUTl zM|!>2$<;l#DEl~2MF3uVCwOhf%)^m@1pf{!)`lJD-!@1I0xFkZ7JesmG$yb{fT8F4lX;}Q^WFaJyem9Y@0lE0r&Is`^n^eTa<0%m{d zeOCb5T5_^zTR+3QreinC5e1iWe;N;)lYWWRR=d*gQ9pPdm(BJ}AqBe)EA@U>0=x!g zI=Y|vUqO!0zkJW0E75V-M4hG2_M|KVy_KY-E!O#1vXJe0dGS;2p1L8dZ)g9LX|sk< zBD$etCercuEIsP(N8wRJ3T&C1OdE$pIFjsJHG$8^r6A+T34Iz7^Ity$S5#qDoKuQ` z(*>jy1xkM17u%A@Xht>4(R1nXfX=4CezbX&6ah<8=(?pJCe3a406BA{MC_hcJMEzJ zT(TUMq)p9kPZ8Cj6JA^PLZ>&r#8nln4m7JIlny*`hgPE8PDGg~#nM=?OEqgYr=_u! zKl7c(nqQvRbgQ?CgV%HeTfj4v#lK!A-jLIB@DJ*UarAyB2mIUf_V5&$FYWf7-MI$! z%0+GJB}8aDfC;N5cD#!(i;Ko!Bg;KwQJlWYCc3!0J99g|D@@c!ZoL%^P>|m9p%r3Q z`uLh>Z()_GPHgBt+l{^k z&)H;)n;F2wsQ1lPV)kdXy>_lCq<9$*#;SP0;>QfNtALKv#7 zH>hw*)qi^#YA{cmcu`XF#&RAL8X?F{cjgo&S*U+r;H75wd1pPhZ~LO%sj63@CV*cvf7r`wq*$~J|5S8ch)^69^qUPofqfhC8~%U zCT8+fs)@;usBDQUf8#ei<%G9U|GB72#C^RssIO$vlsQ@um6-3a?;Df*@OJy_^AU1v zkfqg-?%dUr(%`3tU)kg9B2Po9e|&@%vORwRsE%zG&(wKctf$g*Iet{|rCAE?yykwn z_6i=g&V{~FqEtnl#8qqxNH{o#r053>$+gdW!Vumy!_*-C%Oc^ocW^-ERIWg(K-K$c zR3PP|tq&^TW!ky$wWC(&?_5A83GrxxWxHpBpH=F>0j(wnR#Aupn8`WU86nVCsw$`h zGwi9kG@uiegd3nLAnmbF1vNT6^0|9<#2=q@@(&ZK&hKM0fCQH{U0CXqjMO2TKWPA+ zm8=BCvj$A1kZNbWANWsR3Nb|+rgj@Ek$3-46ovr81$uHtfd>6dUj+r^fep-=eNFXb zDfE*QJ$yjqXI?Q?fuu|;GQm3#ON|`K`PPKEL>Ndmt_^bYY=2qDc%g;FK_riGFo9Ts%n%^WM1f|3 zic4UA9RbZcoC+yid;Ir5b&r9YaO0zCfmC)n&X_s zd(%vctxb(jk0jsLw>ve%eG*^`q2fM+)l^xPwBq)dY(bR_|7tivvc&2bOIpo4+u=Pz z#o&*GXoW&{(Hz-G9jvjxm?Ni(6pd-XP+KZ4lPm}*#?4~1bl!cbVwbUN6`CHYq<8Bw zkzlM}A16IeEWPZ=A>jX{vaZz8XH6xTj^^=BP!^Hjnb^bU4P z3Aw&{OX|@J+g@@jVdBe|=|w0X>mTCao3kU0X-abGI0(A=@m2M2bFFdph>sFGvH@|E z%!yo3w(xoS^}O-SD9Wc`M6r>)&M32_Y7cq;VqCHy%U@AC z)ox6db^rKdHzBZu!;ZD71Ush5B?&*3b>8BvQoh9C(+fe{X!~wEMT~m*262z|wiB3= zpM0}qyTJkjJ0?m-kmz_^0D?M!;s@iQeEo$n_bC=XRfC9veQPyIQMN5o`RbVU$oJM^ zQlg(9h|yk0)_?v#ti5GSoe!J;c@FOG?(XjH?(XhTq_`C=#f!UB+@ZL;dvSMnho!&g znfcG`>|~S8@`i+*Hz&En{rSpuUE-BF==SDxYSVMQPm*7~V#Dbhe6XEkRUuSh;50c3 z65)z5^>)r=os}M4?y(Cq((PSkqZIVYT8>UL`@iF3|+ z9^}cK=VGUW_6!=zcofFJJ1jEf@IWSlg42q+0Q^3BhR z?y1VYJ$9+7mZ@1uXgrb+q_whLbm zoO_1cC{km2(uOqDyv5|U(S+(8Y_5WJM6 zBfnM|$sErzU&5b2mQb<7MYU<2YUJO8J1mC|5VoWqmtssrMA`Bfgh@w41G%~paGokp z3{^QK7|fH4y_dqs2$?rrRvy~ImA}lUA}!i3p^l0FLC%Pc4x>IPK-}*rBj^9YgKB4Z z?z<*j(Q4MuA2ZBQ;H^|jFIrp`D=NX|3~rOX1wbs31t&M=U58c4yVp&dZTeZ)(mtiK z&mA)3K8@TnCd??Zt&i-t?+x7lTvhCiUbWb`!~!qwZon}0(Xese^it80#&aUiV{6}Y zIYmCvb90O8vS#);j%U1je-hv)cOP4x+Sf_MSlT~%iJV5vZ`l6GdIwnVA~-tT`y(#p2}IDIy>)xF)ohr zZn2>>ZGp7J*++Nq$ zsWp9CUwu9TbkNT&T6*?hp;-JfPcuyO2N;hzGy)PC`YMKP0#7?ViBWneaMH4^Q}BDwFgcKfQU*=^tOEvEIvG(6^# zN1wEr`u!Nn zHDozVk;RH1;a(UwiERG8=EpN!D^cu+ z$LtU0R2z7{wrGFa=A5a=^6n7M=HFU$F!-W9G7%34Nlu72vV)x(PkUy$VM(R$w?*uR zN`);XkkKrQA;yDCa-ABW9ocqXchz}uGUrDpm)-VYql zl(n3>5W*)?v}~rD(;o(KzRc3Wa~`J6`)aYt;ViC3B#;}yR^O_ia8P=XEVkIU`h<2csjl%Anlh5cgvZZR zmsJpx2RH6U?{i<`7v%L*cl6B3yUKDx7P)wfKVHsLg0?!O4nBT5_WqnK+Px<|aygig zMK>sK@OLlvvvZDeu?@mYfB0)T=2rCyIUPYeaH?qL*BL0FJpfogPN7LYx6QzlTFQat z5jzh{5iLG2Qsa`+#S(roYkcv&p;cRzp61$4fffV4I=FP9(E${+)`z@TggK~M4%$t+ItmyXZ9z?L@Vw?Nhzr@U1M+-7H+6U77T@}6s#`T%%$!V!}9#+ro}4`?pB$gV-sQ< zf`kO^0>>5n-S_oBAV=M=R?e4FoA1Y_W*P32F1Cdqe!H*xw=obfZ1g*hoj0|wr^Rl@ zBOvNbrSR~nooeGgxI>XLVt^U+#dnSFRsku$b2+yJR6{r)2<~acidJE?*#zwLetHQG zjvp@Wl!e4(A5Yn>I=`J3eTm41ULJcNeuW4Wpin&ujG=tH2rA`sX0TH5L$o=gR9y3V z->kzOaP6Qwivui2Lt613YsJGxAdW$Ai-~0*OBzVWdF+K9_HP|bGTK@TEL1*nLG(jX z3Czg{Z09F9r=t<-f^jyjcM9~TV-NUX?MIe%JYP`mRIf2e=KKoMcv;vdT{~?Bo~Ov@{br7!lPyao zx5U-mWk?1wU?o=tHH!Fr7SPfHr5w-#mBS#U4^A$$rX61-w1$R*;1^T9T82(E`#nCq zR=8y}TfvIzm3h#>;N&}34ahB>iU7bXtC$XS(S^Kygm^<2|C(Mk8k6qs!vERhYVVB^({R1BgX`sd^odi@$K?thETFi67Yneyh%5x~ zuoi~`gaIx|(7^(d(Vzf~pAQl=AQ?p}DA7{4h@=b?_^wEOFAT*M93Tqy`hLAuRTioF5%! z4w89mvowc6cc&C^H7XsLa!K!`4Y(V$G3iNO3}z!1S)DP_oC*%00AnMD8L^)UwnKhj z_3C^=2e-8(x{WjK%SN~dSA2uqHVjA6Ls0mVl=<+B}Oui2+B&CN}_y zXks;6oe5_O@I{sB>Im>XpaQ;3#Iu3FRB~9f9r;xO#D63p2Ie8LS5km6mC}6vCSU)` zN*75f7L}|du=eXpe-46=0A>+-F`#D}RLO&0C18sc-01PX$7zi}Ix29>c(;91D;9H6 zp!1cV1R2|C5E?b;;>^(xuF}Pf0Mu?oBrug8etfd-BZ1_?AK&Z4?@2``opsq4O*9Z9 zHLNb$G91rbux|s%(n0hF|4pmUs(3c7Qqhyzmq1Ymr>a(w^uq-#hzs5(c0*aQklxElK9 z%REZZh9mkNM&v;)lJgez;~R#AWfIn_pF8~Y2^^=$SbT(G$;?p-a zh&jmBCTT1LuJ6eNsGu<(0-e}!j$qK}LcZJ?>v}{8DY~L*BgPkGWq^q+aZK{2&atvyE1qHs zQ>dYypGKXqGL|Dvz^w%o@Tdgl_nrnykgfyyT@fT2lR-Z7I5fyeLoV!$sq}8GouucQAW1@wHH6qTBS=_L)z0&a*4nH z7gjDmF~K|Jmhp8(e9=6|7{8)1r4D5zMyHw_ zyS8d~Tn6|MXMdHdY!I4RB6nedQS-f6JL0A14t$r;NCsA+saUHne%fX#R`T0Tk^ zZbzGuq>D;|6y3lD@)lh;jqXuyheqp3m#8x8p|)9LmUekieo#1;c4i|BFZGXH!6(bt z{I^`u(Vck=QE6nIpi6M3Zk|AB8ABP~JhWI0r)kmnep4*mRGp?#lV*`6M?TV;S1v+c zJSI(@4|a+>_E(=E%_I3erz!ES>nBVRzk>IT0A&X47vZR znanam*rBG3)2Wv+9=?HX^ytm-B_F}-?cF=Uj#zwI3P%gBPVp2ql78lbkXtf8?hG$e zYp|D?Aj)fE3J0T1Z_lbL0rBGA!BIDy336?X-@7)%)It%;(NiG5=O7`9ms*Y3*mCR& zigoo1OEAVi`lO)MMfQC64EMBo**&Gmn&8gs+Hsc6^5Z-WGRgCH>^PNw_V_FP$zkf! z8NS=N<&aM#FkB??iS?%YBJJaMXhO;$ui-^IIi19NpYRn&%sUHfufH^bLNHX%tU}n% z$$d(MG+U%dk9{_DkJ!q6`vjU^!z+=)J?KyDN01funzan%%8~S zYUh6OP4^SNeLjJw&=#iOsBFO*8i%u|9^jrUP)c-%~lX0d@=tjne zj`N%a{aRnXzxsrpe4Zm`R+FlK>6dRPC|>~sdP4A-hpz1RWk+j;4F$58dlA`Ga+t!4 zJksFQAcNq(R+87T2aqvnmiK!agF5>KZ7zvM820z3M8c{KpX#>{z^#NA#C0lv0RS9 zOld-Cuc{|U;p|(R#Lrrt84*3l5}x9r>d4oSVP&e1A3;J0wqMl}qD*;056>$TI~WLJ zBDxg?*eW@A!LSv_vIIVb39hd-`C10S!M}ycRi2Ck5i<1NO;Q+%ys-#DWfQK%9Qp<; z{6tDfN(F{jdL)ib!wA^B8Sof+w}7T5RoFgTnv<|Z3?K0d)`ifG-j>h}5%D2TJ))gO z?Wv`!`6I}nHTZ`L{E8ZXl5>U#uZE}^83OuSL@x+avZ(7{m7}?3 z82flK)=+d=LRG6Ey&rs6XhX$AKK_y7lOK9hX?m--ZDHiIV8!g<9N4Ud#*<(MhYr=w zr2;GHkW4Sy{tZT9=(_`Sd-s_1sozFit-F7VE zfwtiV;v}BiH>`q|t%1<40Z)DdHL@rgR^Qcnwa@mGn;)pdT6?OhvIGqa39|>jWf)d% zx-dIQS#?5@UVta&>M$Pstc)^amkE~FdERkUxnRu^geDw~W z5gzppZ+4%1jF2ouW~5umL-{e_p=b}HjJ{Li#`>J0V$(R~i~EwN!3Mu#!;MDsj{5Jd zdFRg2wexy7y)!4x9f!QUu*_q3H8k7=v>zRkrN*voQln&u9)q^f?d+&T? z6YyTnPjHQ}+jnx*mu}8;Wg(x*rCWq*X?xuF#FEKns7l$PU4*((UV^&8F#FwcaqfH5 zsO$Dw8qd`lOXj1)eCAN$gid>kil9(lTTG(_xS-@`M8VwY=vP?!W)w2fj?aq5;$9*m z8Nz?3Ek%?2q7Uy8)Vu-3tigYnrh;3cJji zR#6z~A?|};-mkg51!QEqjXO^sNpz8)nbhVNsp>u5-{gdksyg4FZBN!(7oNDE&s$X| zdEpya@9$*)LT%HZ@zj(26h4;OWq3~(1${=oZ4v+h?LVesFoq=&8N= z%m&`UWVC^AcHiCPVC3-Q6ZrUwa}l8a0c(l|Hf+99vl7{T)9nq?SsR<(>K==TxA#5d zS2%_0@`I@zG!?ASa9};fERTDG!6kIci9WsJQYwr0^}^%o1m?M%Ljp5;Z9YFHTA}iO zRFi8$3Z^g@$4@|ML(i%hhU#B#3gVUas*$<#CVaZ@st`K(Xy!4+?;L$KJ%p3m?oee( zfRB%t`R8xqPQ6<#r@uyp+vLovOM97l`Qan*zV2!MrkGZBG#`llK8e1sTB|t;37W1( z7MgwSPM^PFfu&dcZs1XR%kRBxtT_|-Nqz-(v%HqY!FQ+?jE{7cYwTZ+*2p zbR3A`APifR71M?GSQcIzOzw>ETOHZ*+v?@HW$W_WvgtAg`-Qf#BnT86JVfQXRRZ-F zLvrs#E-Z&=MK4{Bz1Jj4+r3IB%nR7zNMpX>mI#y+QR=?W%q%ZD_uLh=geG;YtMNuf zHE+1C+=hBWYP!SQWa8dx#Ay>bmM7r|7BBqR(e^BLFS78XdRTsWa#-BUVdM5Qas+0WJkPhc!XKIU^|TCKbR@Pu5`?kr=-J|D|=q#N!pR0dzt7y z?RZ7*zPHH9mx)VsKDoE{tXGMbuWks;CH^x9kHiDwsb&pD@bVsZXRxG1N?#DszUX5b zbjB)i8XtM;WDin1P(=U`XZlC zH+l|)P*nN$Y*Gc#25nU4+{@P4>aH6lcb>*@mHvB0<=2RHeL>sIUV_rixD1Kw5zy80 ziXfR9b6>v&cBrQD@fHMQ@RTv=rv70sR==rvYaTbFdZ{L8PAhz^aoa$~TaFhIO{PtZ zW)Vl(_r|s#o3Q+4cs?=b(IbUWXLe?f$4efDSZ`dze zG)#g1;?1RL)=)?=m zly?!I+hK)M3gEVa4D7aoCZK~h9O$d5) z&0vA{^V%`dfFCbPWO=&HMx{f7pYC7sz6~^sJ^VP%&_H%CJV-_o_E&sNDmmyu$IGW&PEC`*js2RU!xx>w-c#E z8N-RVB0)-($|SHi4SmWzpd(-C#>h9Us5s|>N+qZR^cMd|V$pLn?(S10Om==u=X?00 zT0ncujHz5d8IDY%WS4JDIP~|P=sulYmrWO8kFZc^H4y(y)|NA^Y zHy01sxP%N`8a(_FgEdFT)8}`vybxTkMl)upSpSua14NhPX8*;-f-dPJlkkfhCJd5_ z+X6~>IF}}87eFpa?wKFzrcFNh`RJJUK8CtvR|#MbWSOvS-|z@f?BFD6`&h1at#YW9 zV=kj^Z}}q;P?)OTCNPP7`RVgL=*hfBK5+0yYs?pHcxX$p*y_FM$pq{XPMB?Q28@I# z%&$JZg}F-SHiejv%^%?p+Hd4STqu714KB>XUH7CVKe?!6=ZQ<=-IzH?Sj|+=LL~?( zhb)@~@w{4oUeUa@q{y{P$UIkvuVrxTjrL+zLs(__5RQkrcINMF*BtJOmrdT{_>TZTLOUn)dMV7LI_)-psQmINzLD(`*pUrpHZjlr+Kj*UgGiG<*Sd;< z#OzIAy=S;}o+dsSbjf{iVo=R-PA-cmJ)P+ zo+WH;^{-H{ggm463#IyYY&Gk?M=cCt*1cu1wzQBS z`yp|jN4McV$e+kv+&3RvGJo@l5pOYb8=FkLKS(bdoKg!-ICoXs0dx@9RC0S!ML-U1dy zg$TY4#%s0PTIrAP82(QvsM8shbmnc)_v`nOT=+@DDfB+cDU^cLU~huk45Z7(eEipk z39yx9Z$o#b6NV+y>_Ick8LuoF)9EAHgc0}us<<%~|E;*iPW~$H3!uz~xFi%SWINP% zck##63-AIMZeb1K=9e-xSaE-yaBpbG?@!_a#oRVvMI(< zrN`RRus}=o8BB^1`zgwj`=ec!GvyW^!ltvWb)^?5@9h#%S>7%?lA-FlUx$p}+1s5Z z2^PKAKFc3`-3RecLipn|Av`z#?+Kyu;qQ3p<@_PHLb|A|&V&v&my=;3LldwOJ6Bht z59#)pX)7^7(tLBWs)5KS5gd-5+4dD(vRA{J0|p-vDSQ*t^{n%mGZFb)aOHg@3MEEs zb(4TgwXCfpGQO(mg7Tz#q($A*32GKPQh#F-mZ6VrqFB>(d~WlgR0Oh?R@=g=AA|WO z5b=mnW#b6K16UENr%g;2zZfeDs#KROnR4jDg9jE^u$->F#h%)H-?WR7GylA8 zkKBJRnYFi590I=!C!BY}tnpnuaIE&_-uLUX`PK0gCzYoT<4c2Vz}106r{jYf#UM6| z0KqoqTF{QKncK_DFUxb%I^UV9YcH1f(_61cK=MhGs{_x2%k_l(8J&b6&Ioh#z>iCx zz_H%!I^m`<8b$k<+Q{D#Z0tW5Sv<@H6a~p%X5$;yjs2t_gI+y<_+35N2suFWU~cHW zX*4?%qQi8? zwPrkuY!7u~*)gifK9Y-hm95r6+=slhwrPf@#%(1-`@QU>u_~u{n_g02IB#)0NNUoi z(<_j+0=n3cID+|_0t0I>UFTS2?*@yMz@thHFEc-!TZY_$=t^>zW-4@&;Uo(lNKrZJ zmL|XYyI%xO*KSR)kp zK6{XSc#!fmWjiQLSUoiYd`O5di_Yo;R>@#O2l~e~9|m%{Aw3E*G+X!D zjV517fs@7+?q3^zr|WO8o`vDB-P@O6<@bg2DQ=90hkfdFe=gb1ncXL4jMc5BjrB^% z?{CHb^z2BFnCz4k{btblLEtO(2RiR3T5!&b8hW@wDbf1ZGs;M+Z@3HTl}@}6A-Ghl zpNV8oMS?RVx&x)6@Rr7zettlB%!P4XOeIvzir>fV;1BJv^v5t?v@cE89UNZ7Ef-2^q$ZR&ZzAaMTe z9zukr)DVc+64gUgfAH-gn0)9%S1d7He%#}Bz0WqfXgj76}+Dl%>O+lwlK=b$71^eMrVci=lM&hofcdcX?@bT5$dYR1%L6M6E0 zGiWP{XsdVHN4qj|Kj8Ms3=1&AUQpt5uW*e-bn#g*UjJ-R59yxU%7aDfo?gM5rlDOv zIj~*M`jHX|f(;?YW`9G8-Jp|Jjm>5|v$&i@$XktX%^NbbPZR6%KZM@ttb6Fpp^9|J z4G3Tj{=7m6Udi!`Y~2Br4vs3IvnWWg;y1!3Vi#e6AUJtI=V#Cw&{-ph^|BfxHnwcE z51Qi6xUrHE1UMK+0hv%m@A6FSTX8rJVwQ*by-GuUapK%sjD=2GPubV|LBuE5F@KEi zkH#rIh&RRv%g72wz<5q7K{wze0S2v0@Ftg<>yuApuxTQ^!b$ z@b;Te(&z{=DPFVAC;4}ZFPqoH43G)ilMk9l&8Oj0OOQK!w$CgS#-)`>YOp#bgEtBk ztO<}&Q4*msY7Wt5CHG!Jx`$KxT7#7r#0H}NqlM;by7(r^Bbp{m$I`EI(^P(4VAG>2 z{LwI1nLzmNhV>VC?^JXr_)-(v1s3A)3CLnvNhRq}BbOC5OhC5O=xki?0brCM?{ddIS2W?645fAgvii@Cg9Qw4HD z+*IiOZ8()|ohkc)WP3iQMx15+YDOcwC8J(pq%>rK#BO^j8)EZ8ky5jiLSsmH(rP zuIa1u7YZY;>%Xvav2%ORAVCj&&0-)%}(3CY>~L<>+&Zu zp0xL}$>021{OO-w#QoCb=Hz6C&tKgtu?{|&QJ3#omhUsLdFMwafl}nfkFHuVrJoZKD6|iB_DIjdF@LPN}zN0#|@(ca=(aLwWX#*>2 z)p|>Bczoh9yjv2ob@VOE4ooA3*sCVZD;>LZ`dKB{gFTQp!C^Ve@-vB6>iriw{_1aY+?FS`Ul2M=c6ayY%CUx2m`-ePmrixTaoqnu+0Djhc4Kfx zGY3xLMy>xlF_t;6ulyxOzE5HllNj5Cct#n${2z5Pma&vlURl+uv2o{khyE3KerLyx; z#kElOWdY}NxvuJdI}wk&@{5}<%w{>`$=#85rk=^g{&jxhA#~Ufbq3v>LvWRkQ-reO z?)wh0l5Bb|SsrRnS`ufCVuP${I}ZO3Fs^S2@SKwSkA3YNfn=?4b83qzckm~?8~eR1 zJ?<6u2};qeFI0YIOXq~0bezqHbXpJBI3>Gr)Z_;9t3qYy*dSKQGlkl1$qj`f$S}(AF53N3fK1MTE$g5LX)i9-8Y-O1j-D$|(=xiwjJ? zFw)%U_O?eMc>f0|JqxTf=kh?KJ{>?iVKtapwM%=lyqMq1Q2ahu2ou9`*uK#ml!6(7%5${m?u`vDdOwI0!^tfe4U$rv% zQHihmKF&Pzl=P&4Fgs#Fde0a~_J!Sj|F>rU19{cS0OXgCoNMv^pdEwsr!)qTDD!n; zsYmp!AZP?ghHiwd5|EGPGYRI#53|*I7;5eBqe_{Wo?=cmmMkwOAIYwarKZgoWZ{BC zdc7?vU&Ln|1e#fHlZ9lHmf=K31{k0}Utqo%ob{C@8`EYX>StDdeB}dW>~3Qo!|_jK<}pVc z*PFAj2TS#)-}`RGGm1x><%$3uR=~o<2N>(1zRmkj%f^dX!S-jf*V~8CFMUlZEq$Iu zrel%IDv?(fZjo0`-CC`86^p2y1KZ^nVHY8UQirX|Hg3P%&xZbL}`r zweqjN{ODTp^|(bu=*pDhimtj*k)@P`W#+Wcf6nm{ z-PLc3bf?33tJo@G2qN9k_n*Yhs0=&aS&i_uTCpWFJ(mqv;sfJS{+3byy;)uc8Ey2 z&c}PtLyAkW9t!g&1k3lFi{M+49KY9g6LZ|fR}Vy}I+EIaXHJfQKD#7KT@fNzmVlx8 z9$ zHAvZ`_cRcd{0Q?V!9*HoQJg8B%QSc)h&WHEnyUIck&->FeB$?nlL5<>_ zMAa3=gt>=x_?c`^M&Ow@0eVcIlI>t2qDicmC`jYT3qTvkATNeSr%8?ind%@9UZZwULf%DXFMMB9o(43IpaJwhK0bvJIHxC(S6{k8o)=BO6SY^!9X zgn5I{pKQ_U$}4>dXR|)M5mEbyYz|EOsK7x;BcL3Kh!)*5Dj@>?du#^I7cAt@(iYwy zhA84NxQgvQirWY-=xZuyHd#8Z^e{ck+MUC1JJaFIhu)duM2@}_cB<}3fZ#RIV0u>J zfI&cv{7Drsraf?sAz+{pG%8S>D!(jBm#FSXJc^TS9F)^2-&5sg64SdTDD$YIas_BT zgjFgb5I~0rN%y=2>;nlm*C9lLB}&?lq$WxNA5nj)wx$Nu08D^=c_dXaT8-;r_8b-z zsLP-tk1Su4mZVbY1DGzLx5}7X5)i-xlDz|xpKm~hz+*@21&A<(7{;+@^@SM}DQeb` z0U0bR050+dz$P31<{aD5D(EWPXJQ%|`OdTxK#V{*1h`_q9; zHCHdJgRw%#7xF7Bv!4B~YoVY3j7ozHgo;BkONcr1TVAdbT{|)Lrr&1RA9zSo&)yn> z2!0$Muk5d~>#cZSoMV0@mvvrC>y1~uj|DJ=)n0A$IT*ogQ2GjEx(&A3Ak4|4OGAcF4bVh{u>3T(=-)CsQ$J_3C<|4Z;WRVWZ=ZdpW0?_zqOICs3y6 zYY*f0S5#hvI)lEt6of+jxi-y1^-k5)&3YcT1*Qrf%lv6{x6O3F)-u(6PNh8k>__T@ z)uW@rWwetDl@-m^>$G{N0YJf*qwTsBo!*A0#7dRr{Pdo}dt!Oya1o^AhPJtMZEV0v zbeg{e^;EJ!aNKzazf5Nf`Tc%lT0@2bIkFh@DFu8MsG_b>OQ!C?Mf$rEG~@wvHCKVbQiWbba^(^{~~}q;|0^w$B$y-N*KpIM+lnQMG@nUY@Bs z)J)zua*C0y+Xk|Gb`xi{`C`$WDgJA<2<^=XSUrmVY%(i<2Tg#tdZXo^^G-!hv4Q*z z2^M&z_Y}P>i7|+CF%?gUGCCRp`mfLR=IjkJ0~{?Q#S5$ZR~JvhMFiMr8q=WO<>$+B zEw;x5?%v0PrDro-8Up-G2c0bmLGPD^2EAC$A3PaLmPH_PZJKEQ;RW}z)vfsiH7$*- zJjXFZ)&5qdt96&ejiK%5fwPPn%_HJzm2Omo8)s|ljY!4_Ewt}9OZk}5sr~cM;ibrHo}@FE?dodZApWLp{37c#$@Z+*6}IuE z&I-_z&0jD7t<9w^x%NK|<&*~=!~Df)QM_Ga4CBT2B}onoD=DQsE$4q3!q)j!yuT7_ zPj5c^f(!*CjEPI19`5enMquEwC0Cc|v5K(tpLcIIvVWuau;=0@iqE=Pj0Qy`Ss-{J zqg+H>vTndKQ4T$>l%){${y9` zhQir9pN^e>4|b&1|Mvlo*-W-~Mg)+jrzH-J`}U)zyw+BY=ax^$SB+U}IBa14b7RJ? zxJ>(F|I#YD`@lwzM{Q?)yn=#aPNFrTyn^P>X! zW(hGks?c~uMTkUN_*Q;y(2$)3h350nb%O>_+O=l#y6M5MnPnjya`QJBYTwMA^sr+# zyAq28sRce!7ETJfpc+PjKVuzfhPMuOY(fW4}nH?PI3(Ha}TiOH8{k9G7m#A4COH2*lwsnMZ z?a5hj46EMqlT;krR4mmm5(l@M=8AfL8#agT3(JfSw~_StIJ9Jf(l?;ZBk*oN^f+${ zcqDKDGh>Rlpi<_Y^suoBGrU9vOCV4s-=VCJddd9j7%2)dc6c1u>FqFNtwurWe@A1G z^Wi!4S9##oH|))PTtd7VaI6CWC?o*D3NaQafT|t@000DBH%+G5)s24s_45Y?O%WP! znuOI+0QMd>xj-K{SOxHgOkuR3J_k1%`Hg-lD+2at&b#Z?#TcRi=se}}Q`W{rD&5+4 z(p^K&-Z`C*=v{Wd80RK#Lnl`_*ZgvvWCoG||W1-{nHU zXUbiWJBK4T_i_-=J7|M+49sm9wr=g>f|MQ%`iPLMJ)aR7Y&2k~BQnJEZa6%{Xn}4o zez%D|FQM5egQjt%JWz%od4Dzo>J3Nldx>oW>X%10$~+U+ayNVNUi;{)zO(!xXu!|~ zS!}ZHSIQh8b(B&17ZsuFfL+4yUAG$5Q7r;*z#ecUzev>6Hb}{j{-P3kPj($%={>7U z{7*V017NSooCGl9I4A~4P|R(s29AIxXvRBWc7am~&cX;i;fGy6d?ji0x~pk}nFA(d z(*pJg0ek5Pq_So^OqbeH5Ucl@g+Bv^WNa})_INdLga0sf&Y6YAGqubhLo#y_d-a%H zR{ky$=s<#-C?SH(A0O$~xtKEt+X6)j7DkdFf?`a7Tvp8pA5G_gAg=M=2ZI|I49m(H4x3u(}0<)iAEuXr*=5kTB_VQ$LsgtplQ#H2YNCk+xql9_|h#==E z3FRsxha8tPuZjDYsUVd)O@SfteDDTLK?Y2jbKb9ZGdU9+8~wh`t?l9J4{L92uE}kf zXe=%dmKt}Zg_jhKay?o7-IBYddX-QQJDwF0k>5r7O_jIu_YDms)c&e{Ca6cie!$J@Ay){f6Q&-bCJ?b;4BM+EeBxy2Q}{h&cDpQU{TRU}f?^W? zkX>dU!Tw`6kiv{x9;&bB8%05|YwIm&4s@zDI2&;eH1%SzRXd|Xl2Wh`6CITZ3>p$> ztR_7~uLVg{)R{DiZSpfI=i|hS1ayn#l^U4{!%!11^#+IBG3e9RBJ@~C;STy_$GfBs zb1*&euUbe>2mX-22O!9K?TeR#+qD(eF*{r9{&7prjsn;@G`jJd8tX}7`%XuOKrNu7 z{!ocI3wp3D7ty|Dqsn<4Suz4xf621^68$EmnHjrsL3o`h7o0xyK|WZlWM}c>@CyH zF!bgP1dres*de-JF=d0ky_;AOrxx6T3i~FV!pgvaa}G!RwNQupd;Tdzj4a6c&zX!4&v4QKUI?elA#xZR4+hKcORsjKUcR+R~1bczH=8KVq`*rO6(@ zq2hkndV`1WSHI1TTarn$c@AG`cYeZ>!*1*%N{uZ-O=NP^g{o)esjtBtAxw~ZdndAHC#2P8OoFKNj$}NlC`a2J%g&;QLvf;A;3s0{K~3WlsBP&MU~^ceSi?CO!A8J z*_g*4`{5mWIlB=#Ljh`IC=<)S$V7`g&VqntMkPw`fE`wvIa4jSw*z`-I;zUguO`qi z7lSCr-k`#A{*MF8ar1A^ib)B((^_jFbz7X{Kfj-gNqo-uk077>5Ydo^BvR@R>$Y5U zsgJ^h|Etz3ef+Y}&hfS7P4b1nEH?9@4GqWe|8ZK+@3Vxd(f&JBfsp<$P=!G`+>P02 z#|ZkoY+@t=NIo`GZ*E!zF8~ok>m#X}qVsEH^lCnAP?7Wqg zb4EYUr4RgwjdnQZD@9p64j+IHsW|G5=WuHz@%p`cNQCf;+F=bm=AuDNK z4}+3Tk{ogaHfeM5vKI!O`Y2PEkG{DY&q7b{P!-30hFFV;)Xxac5X{Y*N}R@Cl4fk3 z+t}f~vLWA=y_tKdoIisl%s`p4$KeU==<7*&W^8SZtVm!3Zq&L~*3Wt7w1YnO$OCTs zLS+8pa(_OBsN+3viZtZRgC7n)cNCB1bAQT?y;t|uODjU_cHQh&x!v$}9}<3#>}RTK zEOpf7VY}3`g6jO_!dGpV3cGFneVy!W(ExC&7jkBFQac-hh=n9V6e0-Vn=Oi1Z%Uqy zg#+2Z{v&{z!qNkodd=K=O_m@vbk7a#m>7FNew@=r51na(%>o1Y$ITa4w!y?47m$z! zk#MbhHt92&-}3_z0wDKe4v?Y-4p1d$1{BHI0OZ)yBmgN$GkP>>r~o67F0cS?GZHIU(rC>68|C7`et#K<}nr%Q#MJD~8X5}>8>a}}2E4nUWv1fm5} ztwse%x-N=9aAO|hPDC0c&6;$CxCnoEhEdft!Ak`^vqiQ+ZWh$*FQEw)QUVg!hoQk4 z`MRVF!JTH{*f$GooV%oN^nn=#6wR0lGtk8WKLM0L1sT}Qg0_;v_DdTfd?7jQ!ZlI3 z&1lFW=vY*u;s}}*j+}suuQ=S)m4crb$PIJ`*-gL@Qt(ujZP@`jfUL5K^885uyqc_p znnNKZzx?;}xRUa)it3AsPAEv_%@!0-Z{ETlCWlo-ubYOn*GLmSr{XQm$?L#G`}Ymx zQ!)}q?0L!Ou!0P{@$;(rrd#?%-)e8DCCCG4LV%JRe{4YA?uZ~*fXfT8*ufd-SWNV}tVkgU*aJsmJ-}3WB;fE8qJ2o$kTa(Z zQb5h%?k&5uwQcg+|5+CD0OuvJc9dK!Z5M-I*7t{jh6X_KqM40=SlD<>gBL<&wDNou z8kk)QvpFkc(p8)|7oeyattiV-!Ek;9keiQULrc-vnnCR3}alrngdf5V(dp^WBQlXnX6Ry82{Md*d23xJz*NV8Pu9uEE`1HxeYcyA#~qJvaon;O-t=?k4Y? znR(BhbL!St^@YFIV*NtxYy$msKixede_z#ho1v*^G$5|j(q$pV;NtR4WpG#GXSKU0 zZ3<5C!i@B3RvFo33*32yxm;v%oL22>Q}V1jW-Ys;j77TRVawn}B@P-tyv4ZU@*tzO z?)B6uS4Nz$m)i_`l)ROxlb4s*G9|Xwg1rY!gRE89sLo+hDdo!<{MFp`wvP(ek5|eU zYUL3lDV%$z%ICv-eSP$K0(EJI_wLjf4_8N;Vc!cdNohg3TP+~nWl-S!!Po26VUj_^ z@&(_Ar>Wn}bXxE3Rq1{m8BWy(=@=8M#!^7MD($_wX-mN+iu-=)_iQ4NuZ;zSW{Ntx}C=Ow*v%*hivEQo1D2 zVA!kDj%QS6z`DkuOMbh-w8m!J{l3?b&~cGGa=gk&YRJ`S$m>_zhpRhN8C(nirOe0s zNV=rPF)fBPt}i~Lb+lCmQbUbGj`I>Yg76ts!l+x8NlzTiHFZf9P zKE39m*Ng?Xn$pL3sB*}M~R znYJ#qt%LXPSgvGw>kDfgy@o@bv}eYgRlSL1O$nNaxBN8=iUxN5t&!v0gs${P+G;}Y z^~Tz3n8t?K=2;MU?~Qdwr@+eC%dd&&O1=xMH4x;Vidr%a4Ux|)-S@nJh1b&=&MHL; z4etJoVLY!0v~n2jN&a>r`SMdYVxH#FcL!a z>&=!eGQ3~t^m)A0+wem{xPhX^q^A@@lwG;p7G1efk)m}>;8vK$IQo!U1 zbZ)erS#n4$#NXDdiFB=)ZFEzBv>xHzu>xZrP4Xht?%2BR78k}+aQ@O+l+AfqktGY{ryF(76P4Du46Lo_0sYIpG25xC5O2fg9!?_~Jv zV&b4LkyT>P2EX||3Ad;Ty^sukg1isL{ACrgiG*oM{c)R!<^&D&TFU_U!Njj9+eAzL zOrex)tz+X1@p5f}XH{vmM^?W6IT#gN##1n0XP@WX(QpFwGvDr_^4Re3KEo=ea$AH~G#`W}Z5u zEWr6?pe&?d!XA%m`FF|f{3=lE`Ou30AOM=+2kQ}#5?7|dq@NUX7UHW4AxyUh8MXH_ zxja1#d)xDK*OcG)>Gh`m0c~!gD&j#RsKt%Lisln zCtKz~Lpqu-1?X20!0zVaBPg9C8voUphOQoWXHC&4k=XQ2t})`(hh^#Yaj5BW{;Hdp zwf+^)AK1Y2USdm#?Fs;3sfC%Lqaz1!%vmq3dME#7_nDcR1**u@YQ&Oe%1)-O66#{w3vgd#Ya zxNeq2@L&j#BXB5&iwpnR{c97)6oAyLfu{%N6h#m8or}sZ+a&CD6hUS;>!zAX)1*TY zeJBa0)nwQvsPJ1Bz!?sq0F@0dP@fM_pwE#69)ba8(WC$+fX@g}K#SGSwfIedVw0U> z(%J85Sb)#;X9NPXZO*_FfC^X%_~#5tu%Z^`q9uqTO(8f1jBJY>(1xV6;cS`?+yGgO zXp0Drxo@BK^iU%QATx|*xW1OL&cmng4(R}fK)vpzX2+#sm0p(ZZ z08LJ4O?g0Fq5`-X)PyD#K=Y~q*P|2-I9~?Z!NqNBQ*QstO}ucq3g$ni1p|oyi-|%< zyx@)|P=zO4Q?;r3#`Tjj?0+$qq^S8^#k~~3r~?d&^S!s z;~!VbdIXv>PaT_P4IWXhpL`WCY;*TBYQG1D9)%{T)~KcW=!GnUWQ>^M$NT!GFCRJ7 zRnuZFWJ8aw6--)VgmqgnB-)Vz++%3XL|Jjr3$l&9@u?npBp_3;K&>8Kpx8sgD(ho0 z`VqgBr(#e5yo@G?Pl8M;e5J7r!@0VH&Yk1jg_6zBh9BSi$tqM4uM0cV8@?TeQ35&zRTu8H7D z75@74#g*-~D?=QzyUisJ^{81L9wk@Vl`R|jXLTsnzfI#R@%ZE5lSj%t-Fq?^Wg~H4 zwG*R3dJ_*J(Pq(GX^D~l?t;eIh|7yH{0Q6iHqe|z-i1(10$akD+%<%7m@C552T z_pYp-SRq`EiuoGKDqhIq^2h7-VvtlM$Vs8!my-1u%Hx5=$=+Ry( z7aXxV$nue@nQi4=mtArw9{i~sVbP0{>S%I=+-RaUoi?-P&6HH7HA9Z*RrcQFB!Zy+ z&wa;j**Pq4&FK!biX(d4yFvb%BBZOVS#YPIL|Wl+mDUWgEXf)^I8&2vI~Cif z8NFVXZau@ybFdd&?pW>CjMRlKVaa)u&9xjyRKRUyxy#waI6;%ERjp_6DfI1VYu=%9 zV^6!V1>sek6UyB<@$GM}3=i)GLADSfUW!`W;c2EzXy)9a>)Sgc-k+~mLrtEc+*Cf^ zbTFeGPSFJC5OO|I27SbOHjn9n(w)X*FJw7g4y&4__u zd#lr|WX;#mdT!VB_E)H9(jsYL>e?JEv>+3!?6lFs{RLDd4i`zPDi>tPGbE5feHPi@ zLI(5=j%*2iAvjEez)dTz<6tXre1KwuHbb0H*91iD$g)F5G|%J#f4Ja>eUJf2$cVm^ zkWm4Is-QujmF7c}tLB+QN+9k?$WWqzqd|~EOVH5+`#{hsVf78jyLta)Vs~;SJ=`A< zozMBq00+Fe!h8!KQI(aDqa-i0c8hHqN8610tyx}gMhY*N`tikXJiv* zrj43daScl26UtqrJ|$|>ND(o+1A4c$v4s(V5TL4MMIVEOj1i6heOV%Eo`-4ivSlot zY)4m70v^L*dWlP$_>Y9wC+o)fPrRkdlxt!Zxj9aTMPz<5MZyK$zu15MybZ@4fgWRZ zA~52B*qNupp&vB?4^2!Tv3;b3;r2?J_iLu3zwKS*Nw4-Yl$+_ryCyx)fHtN__A-^e zO!(y1JN&V$pJ6vticxuUh|fx6j0BBS@X5}<`D$q4=aR?op+TgE1_F_&>}#!VueCji zprJ&gq2~Fv;tF5gUV6w|_{fl`NCIV)ULA;3@Rki6i-~t?aRD}NwJjSZzo4BSd5eP5 zN^vWu5Q+RungSgj*?ZUf>m(LXI14m!i)J5~hop5?OJ6#Q5|tHO0%EAG9)Hj4`C7Mo z&U1efU-Nc7bT9lue~hUQYA+vY<3!)3oUw;3J-^V%AZ$i58Mc(faA+B}fM<4biB}0Z zkoei~#+rnGSkt-a>kc|%N8tE9i{$)M|BsRR(TigH@!})Wflib9e2_@$yJ7PKishrb zpQ!Q6m+QUx`h~gzOk!H+T{c7Sw+8iA9TN+Q$~}B=-d)Z6s0-@YfRk{jMqRiWaDObDnDFdGjV}F2ChJ$z@afI_PmRo&n`L*Equ%b)r z%s0i+@p*}$(9y}wAZ8WyAV&DnEyR<8BPz;69OhY=g`3a?d6yvq!E5ieg2`5P_No%T zyrg=H8Y}2w9;akFX$@{cEZ<7QJlad%I zOirIE%|*VA$1#!@PzI^^xP!gW8453Ej2P=cr_T;}wY zLN~=jD=PbR;Sw?c+1_+|H`sp@c&yoDJy@7at(8ZW2riHQJ2jhXPB9?&ZW80i4{IW) zAE3~@gtkHnBMVsa_Pwa`BU;Hg21ThPURhWQLslclpm~!^r>H5f8jlApZlSA;2Cl|q zdj~vJg$BgtKiHV6hsD$oMLH}8U5&;BY%o@6_tcQ`)ryJNVpOKPu4(W-niKa*y|D}S zU{$W?cO@vGuGigNb)p|Z;<&Od_Zo-ofz@`EB-WTl!k*wNfG(}D&1$u$MzN#JXwj>! zAFM3Z;f)j5x=R#05FOS9k$4CF)XdNw*4e$wg^=2&7}!4`n(`@f$y33|)H<$xw{jqw z11_%ZUc2J`f=iV2E#}b^p9drFP9N|?RmR;d0wUS|dL5_oyH)U@gAatH)JQRjq-=;LKRPb+23{HmXNQ-u+Maz-wbFAqu3Uat+}<4fRajHg}VIiAv`mfAv|Sj-#08V zH<6@U>oS{!hpUO980EzJ>VGoA@OHC@zIr>fdVg2j^W96odj0Kn{#tw6uwwm7;?+*~ zQ8|0r>FC;4DwqD#fz=H+Xr}~U>p_Bbx-R8yfjB~3bl}@k3G9I*vrmuScT`f4f>Vif zinwi(GVcUXl5y5KlW`EIS#Q_$fXaK&!T5>QeiANwT`*w@4Xk%nQUq?yLJ(rfDof-0 zT~c2G=?X=48P)#ID*hOF)<6;y&_iXF4Hke%s?STwO`XACq9c&uq*ly)LfvaFJKl%9 z^Isqq^;^jPXc6)b#G?zub(7VCL&JbCf|p{NxS08eg72~N^MQ6*W1!s&;{<_^b^ObP z{ursEkH@EiaL$8FnTH-gSGc?1FE4txx38&keDmL4p68u3EtN6YuWs*v9jB2dg?`p? zAtmMD^^zcmh;N4zLM9=BGN`z+-D8{qFQ^!hUs42?4=$lY3>Mvj8(lJL2_VK0paIS_ z0VKv!EzJW%vqoms0vmNt_eC)*TPZf0clnrh&Dl!J*y2?m&y)h zR<8~>Vd0J^@2{G+a{$$)xyl15(>MaCgMlmssIC?XaGh-8@2i7D}P;&LfUAH56QI%8p@Adk`vd-p-Bb)qvNh8%&ZgpkwLrD_^D-mtvQv z-6M8KSPB%A77FbzA_+MV%2CPH8~ZKPpuGPY`|jI~xWJvx9a2;)5~#T*zSuY-PO%Ax zMhyy=((qE$-cY1LWRJf{fC^_k_MpGvS&K#Zo1j%62p4m3@Yw2&^1YO6j^?OXPr67e zkKyBWgS*qaFza$t;^EM{YPgZYA9%t!SsrsPu{|o-^R2cCv$uDQyG(J~QjRr74iR`G zlgD1gm)4Xh#D6$cZ0x4T6VK0H=KlNgaZ_C>81X9iripN*)rIsd zwQV5S``$3+i#SgLKi?s}k27`N(?A4b=~8fMSTmmwJl9L2^^qc$PE#ZntiO+}?Y)@J zwR8!~#0$^-<<&P~gxoExlVfb6Ec_d}pE8zC9-u#ROdM6lzoTU0lEri(EV5Xc(D3dG zJa2EgNk@gI4_K*A=c0NJSBe9z1F(vRg!=RCt}tcp0( z3Q=y?h3b*j$)n#Ml+Qlbww3c~uk%cD;f7l&lV`s@`!{mFr1KsT5Z=m%n-<-^hd{Xl z6^Gl!J1sA^G?j!h(N{Nbs7P~J zNWD@q18fSB-t$Y_uDGwk&#-TDg5j+3Ni5jd!5h7MkcE(ru@I}=P+(1BewOc>#6Cc2=hYNkRw!*j`s4L>hdd1*@&(Vyk0KQm45h~;MH_w*l~gQ1ZUbSis<$O;IBs(~ zgYhfI!Swz^<)Jr?6dQKRm&PcfPd+ni9kYy#lk%V5;hV0{_e2n4`rFNIw;!1J2+@aC zIS2p~Yr=+uzJq|kB4wi`UP5C`HavyF7~_{yzR9n$_U|%LqB4hl{EYPg@9=I*s`+qU z{vHqOtzC9juM!;xi(i8dwi@L+491*9O*$LaNilosY~0C$z8)%JvX+`)Q%a_C%5$cE zjyi|t+-hX{Y%pM%N~%5|d?EYPC_r83{!Lc3O>NNjFA4EtIrZ^a$d-lSL8mNIm7RXtRLt|Hn#W?4;ThF{(HN*siZu8C>2sA+ZE z7uV>R-Ir9L^7G<(2P9U;Z&#chV;Q-Ow~QU90uYZ{Pt-6zQqLC&r7+q#m8g1`C45%* zM^Mekv}gH-R8+6&GLf388Z{^Bt~yBSYC4_ykcaGUU>1tq?ey{DOMmI15v%Ss(-f znyX0~=Qn;M>Z+jmn>LpLP2E2*yCteA1(@Dz@{WwCLY>puR+_pSU$ZXv>WMYqSL~oX zYm+Zi%wN)f^Kl8;x@_GjAF-vvL-r;Ons?1*Xy6mjkX~zh$`{0T(#Ti|YOp1v2y1_s ze6gMvrQo3ap29oXK%x`!%?8yaVnz=y2UA}SgI#}~a-hP!9{F5lRYH2h62s%G^!*4G zCsDhQzEg}HDBgq=+ru-L*LV8ipa}}*U$TFl(yy#8>|<;2RW}K^Ie`Ln2^oamym=aC zl+FU;HPjS8So2w0tPe2$`Lv*S#X=LCyge}idNZGP$W_FESWfe|R52Xj!W$uWsZ0i$P11&Sz_ZI( zBcpuK2;!SDW!z$!a`hk=vKw7#Z7d>(zaZ^Q2m8HJ-V>!#U$k#VM4uHcteOe8#ETM@ATBn?jTsxP9*s?ug2i) z&us%AFAA}rpQ1Jye5$|R%btEs?b^zXoe=68#X;?xCwTa}Yw&bw`@ZkO3S|0Yy{|P< z){{tx(&l#{8T}UGDA*xlU>JjnWMzzEk*{@C=fDx$m@R8o#}Z!@fjgC4fu(7z-n{EU zaz>r#7kd)+CrEKR9M%aAfrA@H+UeobYEq$@hxrqvR6~ub9xlURz<&5M-L=72+C+jm zBqBK%latLbpnw`&se^ja!!ka_ML$N(MHJvg0PP5_HSx_vi9!ZAcF4tac*eB)bF|Dl zK4KXnzO4pg2WDZ0Sp7@K|k(Gha&w|A`(^ z#@6Ki@hH={#2U+}Fst5`Q}h8edvv@truz-T&31rI}B&rWEa_mFs84tPA;bfa3iook&++hrIx_i$+Y7OQU0BJVj`$vQ!ieT$(csN)AKN(tQ6r(M6`JgF z&fr;}be?)eV1E)hwc@Y2^naG|KkA}fc1j_Zagv!o81E`N_4ty;a2Aw?>3t(S-@T#w z{YYO-yblW}?*J!HCl=M1ZR!Bk_C%*8q!~N~eY77^vA~mqV~BI#G)UV9H8L>mg^FTE zoXi59Eq56!1l=kp#uD`7z}V18*@bmM`V;v}$dAmliY>_SZ>^_+3z0T*Ojtf@c0w&k z1!ZZx>URu$!%VXo`d21rj|@|V)i0ieu|I5E`w^_;F(`^v=%|_@i~A(;NjB zT?Lt3XSjWurLK!NSri&--G}{RlH;All?8`f&$kO{?(2;+Y+YD*%O>fn`+on`VfEu# z`q7@lVIAjCnKNwfJV!PB&p7$E(YgU-xDBV4V7}BkPJyh5cD&&-uok<;kjOOy+n*%h z!DjkZ!3r*!oC3GEvy2Bu*BhRjhl;XMpmqg`$GQ2=-|Tf+z^@BSD#`uhR8=Qt0a2Nq z0-A!vY}f38(4!)h;*-9`SNzx!`&ju0nolO9$+V;+xt|tVJH>mRLkL>Wq4?`VLfuUZ zjCq<<_i1xSNoBHqmMtJ*o&@Wbnmo|=g#;i8;QmThV zs0ZzwFu;#=B>YLr?9j#DQ-j5TzFhx-`p&2r`l^2(CtPb`)^fR>-X@U5cVBD=xxDQ~ zC?yaLEyTtNT(RjTSK@8~GS|4T=*u03Z7LFD*>xci^5fn>J$@-VSf%4S{^9H5u)_2h zW!!Vi^~a8~EmXE7auvyrzGSXejnyJIDIeZXJcr%!+atZpMeDK2;(86K>=&1DH@uHq zaV|jKdH5{%3Y8}M-IZ5ev7bg9PYaz)WVVyWEE-vy+fpgwmc_iCUIrU^JK8-uVa5fF z{Il?jx@XIr8lM|YOOAAd+eFcId~<@Na|s<@?Nw~9${pSZY2|eN#?tnsEwx$#`XAZG z6dgqL+kKcpN_A4nc2A&K!5vX7gFZy@7i^S(fnG^mgPny|#xSO!T%dfsGNE?dM*b1l zDzwmt>k+8T$u7?~PQy-gu4z#4uvdNc7$&NPaj1IjO6JjgukWc$Z!yxfR)RHy67J>C zJGT8<0sYszad2Gq!z1NZ#gZTP<+9#~jB7{uGJJkf4It)q)S}Nq2J6mSjtcb**DL-!i`8_b`Fl8JB7fk8nECtmF9v24 zbixI?7(XqH4=3H_-|R{aPO_&40^^33cL?!5w}`5#)jdA^Fc!rJ=dl|45l*Y}0gB(; zL5r-)qIzn4^%Qngp{#EDmft3Q6SjxdPIU6lsj&+i#LX( zf+pv|ds|0#urFttv{Kz11X){J%S7oKDIBQ*N0J<2yc0Us9}{btmjL=vM`OW+_o;cY zNoY1;r>Q-0i>9}FSQ92_Ym5V5_#uImBwvrZFzA~0TaAdLqwIFP%JQT{oOM*cg)MaA zU!f3MBIpf>Nyeo3qEXr>5Z?w0QH`K4tBQ1+sXj)3`wqIyFZf!lK36j(!13o%?7{wA zkMA>(z#Cuh*N((B#E@~0u<@u9^o)8sj?f8heMcbyt6@;kWVH%hkkC^l28kNa8HfGaOa5yQSe7tOoO|WKRlPb$I;jl!z~5%%9($!SS-doN*fAXk4e9; zUGE{25Q*4r%9}%-60-{q9UGc*h=uSiIx>1vJSsCHyXytTW>o{|wc_Q%U?CoRuF;zH z>9|Uz4OC(s^&~4OWR9R^v-YvA2Pwt&UbQ4c%TaYMX@r?1gf6ZNB}v#%8% zSbZthfYF}`9!{SFiJgW4tOgi{8A~#8a9cPO0q_yHTt0B!(0pM6)EEZ>jEtdxAZG!v z2+}rd07h66fWZpL!A!7d&{^U%jJJDX#zTA6gpmzHKqE_b2#JR7P&!P=X0rJ7QO$jw zQ465y9vs-uVfgh$c!RE5kTqxu_LCtRkf{Tg$p^!$B?RZjLHl+ObEF2@1Z)C4TZcYd zHp&c2e~Cq?tF8t-xxpWs$@&AkzGhb)0y)rJ&EI_XJ-`BNh7?c_u=s8)8eE6z+B**3 zP(F*O|7(C~E_Wn(2e3Yl4&If30cgVL1K5EKly&efPy!LyiVG}75eGB@?6$xGSOA;q zvcnln6b9mD%1`Z3(X^D1(X_Mx2hbeNZB-?RL2Kl}l{l};-8A&g^)=YrtxBecd!ipY zPjU!9+ZE8=v}cf(WbI@@iwf>qggX@qB-f}ywieYDI2g=~#tJ&3EeM*;wgHLYJP4N` zVzI-*?eu9I2V<1RriVXDton20OvWnYGF!kJv?!P*05lxiqfg#HbQ%TZKBJ=eV0H9v zRS5S5LK<6WY#F_`2^v=M>j(9)Dr)=0&`&la)1XNG5j3n{6Gx*BQ1F;V>21vVp=Bco zsMq3;TiAzXc&Y|zTfsBuzc5i&L6w_P824k`90us2_GdfnK_m6{7WahGJ^XW``g3O#Hu z@V56q6P{*dUdu<0M-A;?Kb%v6LR%Bqkcgw{_D4?wRFj;8Yn=FZG=I;*C1Py44&X;I z_39uz##v%Hj?70yPM)o%-+OpS*Hx~yJoUR&&o=i)(tC)O7o^=@_8 zFZ-HYdp>8{yP08A{`3f@6sLUt581fpQD0|xy=CJv{>N-wilT&Td)1dDSJ2W8 z{>Pl7b-T4GXV6ZA&9Lxa*WteyhC*0y4=zF)Zy0p?wEaf^>@=9>!%N%7yJi(;XoMB- zk@bC#ewc?^4~MIGiqHqwFfmwfeVbUrTtnT8bNrnM&9~3sr|i5vxY!RJS0O8LPReA2 zPFgM!9T?>~SwcFmB*F|~SIUL9#mA1YYxAIXK>wtHRFk^xsV{sNAtYQ*!9)&d~Q*H*$go(uq$h8HG1auCFsG4#vYk zLvqG>_A(rwwdFEyC{pT?zT7QQsBXAlh9;%J-;CWhV2>yj*tmG17Gy@`}m_iTdrPo zf#t;!vtdOD-P4Qy*$W}uEt$)4kLleEDaCF^O2^5zMQ&vXOBj>igMBHgz&Xq$eA?*a z6|St<>?UT9N5mmww29dw!WIy~ zrRMT{A4v?oXSZI)T_~HGRniG&7OYXj`Wtr{2pi2n({Hx(DfkULhR4Sp-8lT4{)%uJ zcv$B1pX>(_`{<7k{-oo&*V7hQ)5!Z&cG;YAyp`D=P-q_sKoCjaO-tU3B8Hjp)^M0m$ z{On_}u9Q+*`->p~>x@4eIcFKTwarVyB{w{b&Lh__H;t@KsWP+9eZO512g>cC`k#ny zs1R#IK?4G9IbhXr6##*agn??H+}?Xa_cF#mxjj2zWyx(Z)ug^r&pWl(itCRHL{?_os07xv?G9%_>gW=8utlLs3>|VUpPx)H*3Z= zFLC=sA6SZ;vTX(RL5{YFKEo0v6P!@UiW-Yd6vj`aT3K`F^MA`1Ln2BR@ zt(&dye~hd!ZVwW*OG|FwC545Dc;8Jv`e@G#5 z3g%+y3=?2B-pY~hJAaU4gWiX!rRa3OmqZ{^fQgcPg6VRVkYG`3z$ojC$cJ-?9fSq* z8yQ9?JC|r|L}da8S5t%l_jQ2O%{c@MY{Uvw`*O~&e~vahHn1L@m@m;Ji;X`OyA8?? zYR0AxQkOR6T_E$I&CmCYk~7zM7})!5lP7>EgqdDOu0}P~Z{Hs3K5`Ion^LjeLD7L& zR1$P4A&a0KUuOK>kM6^tN29-s{FWM20@sitmX@rL9aNff(fCUD;kyoaWy8s}#jo7# zI%^5}SlBM%WWogxo<)yd)_CBhuA#-7LBz1htredEnT(svT``>q`JoEBf}RzQ3PAzW zo?8*e4cKRJ@)e874RH^9%|>eZ@YNgkr9Oz7{UQcX&xjPWuhZcjCV} zLh}5%XhQO&;QJJf=>_oeLhg+WWjkvq+pEDHCe`k^ldx?gn$xVPx-xu zG^ueF*mD9J0Ve?`O?;i-@wr#DpqMbvX|j5P2S2S?z-}0n614-Z9Il7%mYl~2tAVJQ z-V`Wx9vt7y4Pa=-6H-QblebZ`Ir??1`!^w2-b8qoYqG)UZ55PSSmrR4+GI;~1I%9x zr6{%POW$_}=uRK~YUMv-8u{+V4u>>3-;YHP04Z)nBhCoRuJ51D{H6Z{%?Do|&lvfu z&tgUtx<9GxrnM-|&%7o+6udMRI3A9&I~RH@bFzpj4$YDZ;&jb*&4oF0@Q76>*4!AZ zBYM5_;w!CP>~{J+!_LIPWxOGAPJtRtJ z)8a*#9hN63=e&sp(#c%7z;t2kf?MYsu?jdt-BxHqkg%#6VVyc})*qaK%YbGuhotww zA@Y~N_%fMze|7N_MVXz4uP|11)RI+XXbAs51o@kc< z&-T>Genb>-h5G=s0jxBGXY*LnK&;$dVUIV1IhLk@jp`6Nc0R~})@C@xe49q}3dX-0 zuZPxYwwhMh$T$;3bl=m#M{xSA3KHVjjT0Jy#vyZ#ewmmBCG${w)Q46e^>34e+K1A3KS z-i4ch!JRn)yaEmIZiJ*peVZqZDZGve!zE z9@TXIKa=2WHE&7q`bcdyhbl$CE2w)k$#79IuBrsQSBc_X^BsJ0TfwvmGfApRY<5Uy z9jZDhrpjjBK^OREy&A#E7g*R%gtZO(c@hI5f0p_(dlq<3;hhqJEh8BrsO$vx7>56a z8{V=0jT?IQ75=SKuU-4kNlmc`klmWhh+f1yM|A2+Yp zjqi{4a7+<7d|VE>hdZYk9&T=;jI6j?$GCOFs}^6W@yel4`_#(IkF{X^dlvtW5)rh2 zM~MQJ{{bbq<=w^QvGDbNVit`PxEvo7wCh&7PMwLr-gva%`y$IfK5uQAignJP;RFW< z*+gk-0iezT&Q!{W{{l*XCG}HBvmiN?tohf~fbakA_#C|AJ+j;uCq`^a0_G+0-h) zo8!iYsup^`#~3tWGpwC27#80kvYRmVBot=aQ`2z*r z`Tw0Nul_4l?%a|eA7RZ>@y}E_$$zEF;|^60*L((T^nN!T)ym4)xM38AvAdXn=BOE6 z^!Sx=fX4caI~X#?myWhlz+{n$cyF+D>u7D3P&p2b5+#oV)_Pv_woa|>M-VgT=&$Nj zQGj{uT$*R8dCs7%w|gWQ2dN8o+wkE|eM3ZoP3+}cw8lZ)G-XeJrOdIM4~;DHQ}Yz% zm}f3%5#}QnzbVx|%b3of;MEOIIP>}{GhX9XXdKQFvZQf1n{72eT|6BZ!8lUq*fJ#{ zPZ{vw0ybdAUnql69O+roGbr3D*hj%hp=&2#rxAkuq6Uoi(Wi}7V@d4RVaA#IZe-;l zx2QsdP#}eBm|*LsxI$`rqkfnL%hN@=QXQ$L2@y|a7TTjoh=+X=C8{T}M~hOO!kJH7 z=;w7|mE6$EZ^Uzy?7>GLEtg*sT$&q^*KA34m0`TgmmNVG+HGmnEpQv;fTZ9d4V!_f0 zzn@__+n7%2uj)u-SWv3*Lyn;MBd4V;HLDS79CvlFb;ff!LGL+q!A;si#_k`KAujnR z%4{OOp^RvifLP|%)F3V78_LL)o5TJ=ndUc?F;_qMgEH`LH1@@Y27?yXIb|~}-X}q2 zZO|Gq9aeIxKGq&xNSjIlZ4sMFBYNO{A26}5>0xE4?;~MHjUOQ?z-A`1g4kzNTuitHZDC#$RLe^mtK<(r-s`0X_Y;K@RBKxy+|;L7uk&L@{s2bwD-cYCpJ z3xCLlXWk=)XY0Z7PWf;n{((~z*%V2R^|oL?m~O52YGZ=Dfq*YOJu?=jw>PLpC#Kz` zV##FaW}4w^@#nnK%ViQrc2}*sMi=_@s}`u7m<~F0+~_!^OMGc(o;BC`G0Beg_=u!2 z$?u&s8T?5^!e3gz(B#;1CgednT|Kfs~P8?2Nr zb#}Si&fG__sy)?Dqc^zF6!$qYxCm!7IZn?_`hu&E#@uw^un9qV#zr~M9RXpy;)8kS z?*aHdq0TqM?YZ3dl>w;|f*+bc@~&ylkC@K!#PmXQ1fL2<0qNt8!qFW%X~`>U6Zn~w z2>ZY&@|zHC+At?26w;Z95z<*f9&~pkWf9V;EB)lW2-+1qe-hDIAtUaQPYeVck0Esh zIpvEANr;yetbKo%KUB)EnrD5Wri5n*F7STi#6JNeVU{U+`Jt zFyTm8%|EgmQK-Bhlz~r?9H9|5nG({-ZJJ?YGs0+8&?e3hOpA-_4+^2g#2S>>1d#yR zbk9@1WdgPYap51+;{Ep$H3lgpBkFR{WwH5}#Hso+w&Wc%a+M@LYp%kQ)9BDe7rjSIV3;!(&sBo$^&91g+C9J7qn1^FB{@bi zPi+WG;pA4KE;?d2rh$S2gEx?lO#r8bplu}4qb_r{lvIO11e<{{qO-=feJ3d`T})zb z9+q3Hg(rhJxkzIXGOnxU#Ia4ULRCc{F|PWxuOO}Iygn$;1Fz3s7@xDxo)T)asWy=~ zQtP3?N}b`qfz{o9e2i@?qn2kti=L-E7EH|Fz-s;Ze*h~@?7fq6LAxn-ao{oVxbEYs zCj=&e)6fb^sy`qh_ACTY&vfl6j7b!o^H!_L;eZbKl!GXU;`ZTwDWEIHE=G;D+<3&l z`v|&Fh}i8jF$(^iAS|RF9SSUx-}*OPYedMkTL{xE2fD$R(b+W6N~f#n0qB5*0Z;5^ z&Cd_Yuddy*k6Ay1duLL1Zn3JjIBDE`MxHv<4sV{65q&^A0lFrM);+8Vhzv3^Ay1$}h4 zu?M&-!z}0-m@k!U#gmj^<$7?^!(!xmsLY_uK5i?vgDhpR_BTs;q7-B)PkQDO1G!el zBBxbk8Tt+yKFKwLH07@cJ(9CS;!~3#@?JLR-L`_u#Wn%c#!@p%&g%d8$;kDw1HQ+@cwo(AGRknk`4v4LW)%=Hlf+c|dJ{p+MnY6&++5(Fl z2d;N8>PS^y301sFdic@zyd=bq8em4cf{24{vAEG6iLap01a@f!cctKgyMQsUR7$99 z_qq4mAy8IG3trA(n`4YdP){JF>{`<}0(OG=LcBmffspdf)A~+}B=WC2atP~ZWze_1+PF0_W8Q6_N1I-6{ZtKU4i_ z`@y0ih<&*Q7(U{`$S_bs$}rFZhd?|R2jV#jTV#s0|GlK6*`&4kzdF>yk?=)~|8l4w z{|AS9)BXR+p+=(tl$V7%g^qhG_$jcYf0&N2erz-fdLIx1u~E`Uk2*Br6cFMZIZQ#9 z`z;~SEIt1O1Df?0dWv}$n7*(>%=VZsRvx}EAs z`>Vd9$&#O_?jlA|3OCw5WJ5N_SiTZ2^X>4qWACm$+;CTC&MJ&eXQ!db57^QTk)|gR zkFHm7ZuRdElsZMYV}k0XEe9g?KhXb)b7ZwvEAtXqvr_`Jb3CDDNy!9r6icBRd!hL} z=!U~$r(jaL9ZHJfP-SKOunP@v3kBsFi@9}3sByS-< zF^R9&Oq}wFRmNY|Q)$vatS7Ac|7JafFD(^cA1K;hluG05e6n$pDe!J;Nv^fc?@#PB zrg-;H>q)ZAq1UuCp9bQjkXq}x?PkJ%Uqq+Zv@q`|)7d5+RNFnj*xzpQHNw9MwKupy zzOe5Y-W$b5&$5%bJw0<4N&Z?eZTbt;<+~ebw_=Zj!BA+mENdmwcNY29<=cvRLpjf| zn^=iQkhk{kceAX>o9`6idhOA^D%nZ&{OjoV?knFRPXEE=-+iY;qT8&TRdlb{+P?`; zEUy2;xT2Ry*C9k-tk;jIJy$R*3vk|EUPwB2JhZ zo&~X30vWV9a<>{6emRD8ZJ2mg1)Kcp18eE5^l_)mLtaByi?Z-|TXDVA*zrH4K)baTwvgYIjv)&UzoTY+ z{)McuS4!w=*N}=F9PjR@zEH9!FA^jy_X10$$2&eYy3~7FHA=xRKU2&W<44b z{eMV%tME9YEL&44mc`7>lEuu-ELn^eS#N`wbmX+Nmea0#}xEesunt4c)Ha)OOQj(*YmMopvx`#x%Y+ay(Szi5D?5(xJ# zeYtrBI9@1KtKhu6q8<=qJHh5pGBT3^2bwo(-7ztCt@$CNxd&f2s#cV^ zU^$*XjWQt&ilJ!{IbJ3^O-Jb^7DtF^O6!QF2^>`sO?1S+6VMh0H*OgEh_vYMm*qIX zVLMuMIudTP;Fp3YW*dc1l#?IEZBzhRyQ72ZwUr`?ke?-5(TY>%p)pp9df|lOOG_%g!QPyXmiX1cn?V@Y{8D=@|NN7Rq-^6MufDNvAjJuV@h?uW&}!wxvy( za`a}(qmj|iI+aKcn`hc>d8n*|q;&ojRf5BcE4QzGN;gza%Qg+sq#Ht~9QeqvuHHDj zUU7wfskCENdE0o;*j;Occ^t0#Rn(d%oHT5YTn9fU63iIu8`Ll-52CunZiRz0T=P9! zqWg0B>&wm({yjphz0a4YJS{y{>FhDP3%BiG{(ZoSTM%9QK3k_ydSM@T-RmdG*~&U- z{C1&R^S2=c81c#34K~*gl-62o^3av*rEQZDoY-P7&SwiWd&ZOKT6}Y*t+#>Api8?U zSLO}@+bZl$VGMSS-Ew-VS*3~QqTQcOj)O__I(7UBCML1e3#IchUw>F(WONK|>a1R4 zfCvEsl##&#esCZWQ>g|~5S3hq`{jTL?U#ZGC87x`k`pfafF}wT5F=vcTj8~eiA`R{ zK&nB7GV2>8xe*lmHh|d|eyuRCP7kWJ!9#gr%hJA`Y*dS5#%5eOEeDAoDFMV2_ZYW- zA9?m00UmxbVD2&Y8~IY;H-f>q^4S@MsQygU6!QoUj5nPDWC|o}A|AjC=63JqRy0Zm zb6L?r(!&Duh|~CeBZt`190_S8%<@Limk&lTb(3|=sC2;+xK$6CKu~OfrDPB=Uq%Bo zh0J7&xUzOQw^{?-WX9tCo7HD{b2jr*B`}pBnfz=WA+~UPn%$ZGY(X{&5I5yPx&U7B z=zoqtx=JMhz>=`5@b?4>|9(H{qndIST$k=3D&SF038Wj~lTHct3i)_;^>~JMiMz$2 z2>>3!U#5pU9bRcWr5hiUjOawbO;EAy#@d}aUU}0hSm1FCxP?{ zzKjXJJ>J(edb$JN*V5qgd7gW;YFUvsQ4bU4(eraB2j#)WXAcvYmjFZ!hf1lsl9#g8 zecT*yHpx(Wo2dr%WIU^euH=7p?HZanUx8x$lMb1`1y8Ibi18^VH+%1{HuC*!S9BO~S0 zvykM96cDF*??G8%%$P;vuVAnZfH7VJX-$BvrVyU>3ylU2AV+7@j$JJNd$FB(25zRi zAt&hulU?>yg2~8 z?7815bsy1atwtWT2T&)Kj<50)K{3ax1)peN!O4f7g383M24);JKu%CCYnftN8oK>w z@i=3a0Xj&zAU3%M#HYevG&%hae~v*kATX$0r)g?3zrAPSk{@m7K|i4{*;PPZHDj-N zR?+P6TUN6N_}&I#t^(5 zG@(Bo^8-BA`&Q<~Nqsr6AP#8wGL;0Kp`pbAjGz3J4B}8CL2t;cnLf=wpe>VG3Z1+G z*cXkbBMC>XU`{Tv%(*1|#By83wwbqiYG{C;LRCnu=RriOV}>09YrF{Kd#}pn^KjH8 zFO!@1X`26`Svnjqszn?jp2FG!<;MrK>rW5xMba7q|2wl<-u|CGnDj%tI#?s(SYf7} zFvueSY5KwIQv+Ge^eBh{yC0WeumV%w4B+YW984WCE7(FbB8)7 zdXYVBoDRaap}m*J;b^wNOoMsZQm_rR7+L&Mzowc7>y9jF?Aqz>+jaMs|4i2))w+m7 zqzEf!m(me7m0(n8=;H;Ld4vtZV97Gd4O9JO1r&uDma@y0OcH8;O9MF(l7(Fat0DM2 z=TW08|H=GI7uSK!7Cip=Wy{y3?&2EMhEsltma6UCt#^_gk%Y_bNH8R*kU&skA`eYK zNZ_ZPsKHytj4jDc2Q2qbj3@@iwGe)Bg$W>}hf=>lNl(6cm-i;0@P`Jkf+F`!fxZUa z7z<|4)-nA??U_ZXrGzt8+0%6UbU4yFlS&zUvp2yAuF=oIb%&xBG28pgNpzfNjv~~H zLN6jd)01K~za%KBEnrZ9AhzS>rQYk*t6k^mfK250kY{}Ubv2}nQi=Z6IR`4LUV zH$V`vw|x5?f~TSbff;>l`O9_Sqv}F)UYWk}fkza}LN&ugq-?f)$@==cY zEDCVNgFKK2h^m{=1_V94eotbf_~19~Kl&;bxfpYv8c=ec97cz7++l6tl2Jg@lF>y1;uTCxFBY;qJ6G>DIG9v28CY9xSJni0~E zDMzC$3Lr7Y0qM6nN3jCda{&Vf`Xd+z7yNnE0P(WL5@nOn0VSLORpgIl0atGmW~cfy zV`=9!K2mD{>q>TKlm>L{1Ms%kYPuWl;g>eDgAS(kpMY#J7TNpjB%DF|l)d4B2!Qt> z`eg^9_-*n^Y5VCrEvDxQ%)!>>ukW{frA2fByywyd`~ETC^dKg}6ZLQj3;NYv&ws0q zkCo60Rb#(@MTbPI(O<32wn&FvMg-i0ol@q4pK>V7Vw`fggcv2a`$KEuB0PcY^MUMl zj$lC>Z158I@M;25)TKI(puBJMEJZKC)leh|oCFxwKT1N1 zw>%nUU*L1oAQ$=R7a62A`Irg3xm+?@B}$W}jT2v|VIkE@t(h-)&?Y&7`QNaz_2=G7 z^%fqQB}`xr2*m;hD6|uB9SOe>CBS_faWYzcr%NRsAUa6Rn|Wnx%q&3Ft0Vufs4`ln zeQ?rNK-~kEKb@JFHZ`m&>z&(s7&l)e$7dys``kknlP+uKe6f6yB|^Cufbb>p54xAIx!5dGVfWRk60CROz9FTPgb%5pHA^C z$Bmd)MYXw3SNl~UF_AtT&^&F&?7c#l=m1xYKc?m|@mq?J@W0FDo(>l(Zwrl^)gYi; zW=<+d&Ec;ax~|F`Zl}1o`l|oF{DY70U$e}zX@9fK*6yFk-jmMyl`!Av)JWWWiMXR? zq9gO`k=dhTDt8@sA8+@(oUD;gPG8~DJ8$Bgvw*$MKWWIyhW(YFd-*Bl(IP!N;LH z1cQa{x(-u|zn)=0|5~*bCmesq5j?JO9r#P#rK0q$@Tg8uk9<6Oa0&g=*AF&aJv!o(o6W?8c<#<{1sW!w zTQj)N_vkeN(-=Abuv~ zBCK43jZZ!mi}*}i|6_4!+6R=(5bVoW9G?81ru+#3k9U$_fV=zj^b(TS|KgX7_~Vy+ zI1L2)Xvx-MmTO@Nw^SlhQd~{Bo8rsEx=2Pp1EJPKmEu%C2}L8!nRllwS+P|kw4qPf z%2))`a!nW_m(G7HoVw2p7r~0JC{px=7OC*L>v9sH?-Kf&X;}L}f3k|J68g9oF?}u@ z;>)xa3Kkjd5d54I(qV0nWulztbp=hX5T71DgiBNnW)YE{3W_z6Z>lR{yW=m?rWdSe z$n+&}M@sbvXH*(}#A^zP<>e#J#RI~0?pM5=zTI6goBqJx2t~xN8e%;V5;lprZOstaq?i3Va|V{K!q<8o9D8H%}HiCODjuN z(7TFloLF29J>sHgxRygV&2&-0vAC{K2@EEbsuT;T(Su#aEDRi#f~+jF5zC|PRoUHGnx*V$|)e$EM-w1`NV zR7cVqoe(Sea&Y`qg9MdS+UmrYwnVXF*}DE0p+tSHz5_}Wjm{j3tZJVO&HX*2hbFZx zdTv|QTfOS7d(%kub=jvG52vfBLxFMM&&Z7uoVTqo7``p_F9F(LvGL0ev5kw`-C%EU zy~kmcbXhV~VQZ6wCnjfnCNptqN(nCxSwGlZ`d>;BzvfXNqnW$AW>iJMe8mUR+=Ovj@j>-#=qLbA?E_|TQ8?2ubC(JZ~-&_9TkeEjkDk=}A=sN7oe_RX#v9+VS& z6@d{dP`deaEL)XB(iTEPwFIl}(+a+x@Fc*m#wP~<_MBW4L}< zGkfWftLW4jfv*nHSQExs37Cn_PIW35Gp2akinfroBy{lxy!=+UgXAUElcUt*IO;z^ zcizd9qNG=w4;!P%Y|&Ao^f8+aBLp52raSEnnYi{ks=n;4yoj_(Q00l=_g>@K{h})F zi^|do6ZmC(Z=fKS?_ZurHm4@GQCsF^#6=r<3cKgtk90rd3+-B{eSgfWmuBmrj?9L8 zM(Ink9Ii#3AGXUihCX@Lb;F^;BTk7*?h zfXbDFg=Joq1KOCc^55?(ecZ!*p3S#7!Sq`PCQ|Pbn@d&HC`Gg+*&VYM>A4!Mja!>( zcx1jDfi;&m_5OhvsC~Ok{_&l5C0f43g!)W0wUAD}zMgC$i%IK%vVxm)ybQ2f8GCkY zC7e9s@!76QhQ%gFOMIh{F$<@~gw6j!ZOT*nw3e?U83#c*F=S(#^N64(JLvRiSs{#j zsn2KQ(+WfJqaT>6vBHqQbbQ~v{Z<~RX!6<}uSUo|@LaHT{@i_St|&4nW!Z36G-_hf z(Ajpss|D(zi-XqP0z`}i(3f_$TOIYgQGh3bsX@vxu-9tl-B*AQ2GAt1knKAlo~ z6E?X`Cb+~nk89GH>UH1-NTtu1#uqhURH#lHEPiTOsh~!_rwC0$2SZHhz_w<0m)2=R zCV{F~&zUe)2-~MIt=`yhB)9RofWVlo_*l8;&I)SXw0x>);@{QPS5JFYJT#Q7-;LNKhz&N<_*YCDqo z^=->-r;1yB=R=~Uyr`^Wto|8cs?F6^O&?nArfQPg)k#gPc{nA9YliJ3(=2(2S1x$%E*f*&RS-BV0NWp!u44Ke^du}UC4DQ|GVX;6b6fWfv&cfi*Q)UO3yjv!1Rh6U)& zo(k|tr1}JiOb$?A$;Y(c@hXChy@w1!;G=&UKS9aZj7Z5OK9qb)r+$uS%Nw-7)+9Gg z&;RnZ8SiU7?2kB{F%vS?idbYd?@wi*?$}CEuja_rc!|Zk$`eZcJflL@Ac5Gr-in;% z$`A-Fqgq5v`BhLDhr_f&M&i0K1m6-=iJ0>%U?^CgM@>A$HDPs3_t*qY#kEP*am%*& z*&Z`URs5!Tb+NJJB1Q`};pJKC#EIC-RbggL6W9b#B3nLnOsXs@WwG^GMXSMBu(WAy zvD1}tl|i<<&yKc!3Eaffgh$FyQup6(m>)iFu}5gsoJz~vt1v`u$WZmbvzSaP{hq~Q z!4@t*)`y}?PY#~{$$CnuOvyExm2cBikjxz&V+z{R;2OIUCHj94!sl9D$T7WZs`noZM5lt=}t64n4WcI;hyz6(3bW9EIU_-yS9*e>T`Nt>*VTw z#Ef>Yrz#ZBA2ZWG#!?!78@|2r^g&|G%Xekj%7+H}lCH%J4RVfsP@V5E)G~IDG*e%; zlvp>cB`Wee#q+WiJ*fuv-jD_m{X8Eg{XVu-Z?6wr%hoSF+Kp7&b=D z+9ek6nFZV#OyB}2z7rJA77pi#;oHtVO5G_sz=zB zlUYwW153!wXWmmGC;bQeB92-qZlE;y^B>6zL0E8|bm!^3(^Lk~4Tyc_n1AUxdvG1E zkcPwtTB|r!uhsMM|k~O_M_MUjF&S%Q9XG@DW z#Nujwwr$P*yzjY2-p9U38pNyfKVuPtWc;B;}M~+J4*FopD&_+*0(T_0mIbz?70i$sM`^B5pUz#l<^(swxISp+d!rnOVH^{cHCo4;L3V7mI@Y)!!`Q zUgQ*U@xSoE>U)`3D1%O-$4czDOm=My8_53$%!Z9=>2&qQtsR0jrgkRJ>GJG<6V~!E zF;V~S9(Hpu%i#TA-NWHx|7<(AXyjZJ{NZfu{_lnL_(a>u_p`PRTx^bS0#5j+u)XaF zrcR<>aZKr1OsgiQ1-JjNW%a7!=5oS1-2E(Kn1EsJVbKXEAb+Qdhqx&}9d-QsCVEC} zRUq{V1tLb5OiYJy8>-dDsrRPXGwUMnlt^9q@De$fuMjYV$mK4W346M2X`vz%wh5DH zEIjWn!tyNNk$8lrCC&F;@tU4nI7QQJlXCJ~FN4ld-#=1_EB_}cM9BY#6e0&Og*eX6 z{eP1}>T*|2SMN{IT#ob+GbVVHk-hjV&x9m{9B-(oAfj_qB)@dR$iGBY5B z8_jP2*^V8>~nzt8zN^*d3{&AcgP4Pe;o{^O<(2Up2ZiTKUs zPxBh@aY$ZTJ@rC$@)ZSs=KC19t96)w*(plbbXtEs`xH0%&$m@KHjhAFXmoR=PXbM2 zJY=0B-Gv+l$zB_iItC>>_WArVGIeaMon4B#W$9~r8nqNwr~BW_v}==`UB4QtjEl<% zxk!1byiJN@5=&}}CB9?z zEyTEoPju<}EY+r7J3K*d$u=#3+Cgr?^=OI%w&1L>IkjhX@BAhm&_Ock7TrOek|LU+ z{2)Q-sCgnJL2~xTl+OqcuvBv07C@+QGY&6&XieVSwTZR{}+ofj{89}P&zR@of+9t*T4f4Jv z?A7JEuNpk;8qpQg@og~v5UoLPR2E0QXdavO|0Av{mmgJlx-PC-J|=yZ#aZj#7FUQ; zs?M%~(yB?;)I!?FAet4Zt@;Xp__x=RZtrq^y}WE69L~ue^>ZXTLuJZnh_X=uO;P~^ zN%ouZx&KgC(&Geb&pp;+UogVu^n{TnkKx{xnWxB+Y=N9Osuw~=oTv@~7%>AWZhoVN z0G704E0%JE(`MoO@_GS%3fQ`yR*DV;*kC)mJGc_|O=CI`#HuW)#7iqrx66fZy;muI zC~KUMUxaV0O$8MLaQgzK$Hwn34OY;FdVHAcij4#c}YW;KkEZH zhvkGNyCqdb=T>Cz9)qh>%-0mb;ZJ^4GE=ZV`tY%PGH%P`QQrigfj5!6NC<8X(nC{x z^7fN5&>~HXw~yKjAt76cp<&mr)7oxggb$z9+2aUSKz(*oe#rIe4rgIAq#iRU0CT||7G3Cb`0V`1b5I&8ulf) zly|GkdY8XY)tmaNj5dtVo1rFFuP{ZEX;&)crBf|IGwq_jpPWDYydEeTR`{cCdTk58 zB2fMylt#%fDm;D^P81NE$*w>);ZKY#W3C>>E2KddjjmZyLZ>ti3hzmd z6i*BxCsnqS6i0O!{ra?jS%w|XdDx%~rRr;U)&X42RiCt(N4ec~n0Gv$bPk4TZ`zFK z6Q6WV6I9*xm`6RH^q8-o)r*$KKA1_X6QN9_JD3S&#dS#;WW~!T5#uq?)z$YRQu9@U z-1m=0uZIf6oDqtnF~)|E4-!Xcz6`2QP+9J!rXs8Fr>7QIuuQYb^5HM`c_GKiFB9p_(VL$ z0&9umT|wbsnj(j$oLa8lY#O$E<{lfib0!%(%TAdwJGP0ca(V-mINnb?(}c#5dYur4 z5$I2YpRh+fBGD5?V;a>m{2M_l&+}5#E9sfb6GFclFT5z>(e~aEvxKKd8qL(kM3Wt6XUpOr2!5dnR-cMP{`W9Z1rmavHu<(1a z=o!WjmrOIs{wdJb`iH&ijGjqbBy#foo7KU9 zocYDpFACP?DQRAL8kaLWIh73%($V-IOWg%hOv+re5eXnw2FjA;IzJPNmrr>dTnWgj z8AhzZ;|n;FKxIKwSYNOWPrvp97vI$VCS2V+Ctda z%b)5Nf2x5r1xyf57BvL`Zzlv#GVMb#Y>I8ZLU_NA;(0vD9W-Qif;A)i!nG6=!B@*4 zIuSpV{3^|}aIEBD=$6xZ7Qve+VD1JV3wj2e4IHFPf9{dp$O$FahWf3WMn8E*o_DX$63GpZ)fVQz>y$o!CBS z#)_}E*B5ZO8j3tm9$j3-2=7sL0tC3bpa0}SyZeC+(ajDGK?wNjm3d5MI<*~kmcD~efj@}!Nnjd=p`n^kR7C&k$s%-r_wPLN|Dh+@ zX8-C*!{UF_lPC#Cg?I{ytrYgm6uHtfqiK?@oDV_}!XtJ`rn?RQfFg1t*{D`c3bu&M z!ILa<(WKXe(x?T(3bRQphQf$o&%E*IBNbzi9vtB^8L99X4__zDh>8u4b4PN}Ijdme zjmIuU)HQz@hBhg}*Vs$cP5h`2X8hYfWhw13!Pn31sI(AGCMtY~zvH)idBbNZcjy>w z$vu?=_DlhHA8|g;rG}E~vEqT)f6y~CTvx-%ND%z3;q8h%{-^ge=({{(9;BZcmg^~_i8xap0bCDQn4W4>;~ycIlZ!Lw;= zl=u6gZ!s%B%h&D{FTsVR87F}}cw;8h&O-+rR`>-Yh*?cRW=t0Whibvcdw*WP z%Ynw5$E*-^rmkTY$e~8=Wwo^`LSCXzNtL+LtOgPuJ8Lq`;%q+o&Pk`=mbjz3mwsl= z7{6nDV{OGU8=4gXw1U#E?3)G4%8eu@oBo6EI4gsQP^bWJsrSQ2A5Z2O7~CLdJ*n-m zq`a;g@${lf{Bow~aWVO?PUpR*{69`-9s#MC(Dx+#)EuDZWQR~@NBEEg07sd1&sUOd ziXyctSS&3qg#bIaSlM_4UmcuG@$L{jDGy4WH--kKY!iT;T%P?fe5QXwsO#_1qf@zv zbzF7CzmHMly2jU&|4*S+<|UFgbEqyNokM<(yB^B_Nq55SHZ1)&{>|XX70bM5H~`wq z|EYc>f3xw?o{pOM#-)4HQv_>U0}1xK1->_B=Jv%7A*HYz5W>3u*u+v~h@u0d!ChzJ(Q`D}vTs77{gFXJYq1*KDva{v?i|l0iKbD=mDDD50orr&BXEh@ih4>%Y zNhJ0!vU5T6KV|39Z=me#WLEnBB|E?RGwwAIcDd1G27RlP{X?Z58T+3&ICd`r%Odr= znSWf*=R*IZ>lqxM>@Xz4aqX|``8Uw@ysaid!i4jTbKaF2CLf*mp?v7gh%>_=IoJ4j zmcpbiDv$pDPZEy$e~@r!&i{>sqjv=);Ur%6{|gBx=(p0C9u`CBO!o3k-nQIQV%?SO zAc|bE$90<>FAW9p`*h8(S0v*OV%@U$vk`k=TJ z36RDMPKEGZ@`+0DpX>8Dvs8nA&AVc(ziMDD?C~>W6d~=Q@Czd6+~g zQJ2Z`S;I)LeDovbjbo;y8Y5LDi2TW+=CI%8tJ)zMg7&q3G<&{Xt8@$ykLaDnv%mFs zF*NmnQd*g8LG3T-c^T^N{YjffhnO$-&V>Yjd3+=-fQFaqu97m7TwC0vhJBJu2VB~O znj60IHK+Q6{7|0lmvp*12YY7RJ>7?lnAd7a$U?-%7LE994L03n7Uy;bkEKfIsX0Ii z?N}n#IzvqQPL|LxjZBuQ!6C0Q*a;>NmI290NAEW`Tcn)9ju>Nw zsXaJN$_px`#H&X=J*ud-2j1{89SmX%*zkbf@Q4vZf{M(03tf$s-~?t|bH_390k6vU z2wUol+&$F^C|l~}&bZs^+ve>%_Y51}C8!Mo5;MO^U^v4w^4CB@J;9NhgHV8@i`H}i zq3P`8AuR~@IzG*ANKc9xt2JyO?I14c0qe~l0-hfmYwXddQM>Qj)u3Y&yhev9DAXe^ z6~C-hcg7FKZ8;q4aHlfT4vl@dkzk~-;z6Lmy)`AKEI%-QMo__Y3@2HS*r-jA`Qto@ z=L@XE3)W&iVgj~~`9WH6EI?Y=_NEB70(|Y`x61ddMZmXUdocZ~d!e>yX{8an=-(6# zx!@@H-*q!HN)bRIO28G55EM&)9)fxgq6WNUu;@Ua|0EX{RA{@1n~C=uD+X{{ zgV||Gt#1hU#ZpF;3?~FCW>r3R)6I2B^PdPo8Y@Z;1ka>bHbY+wLajSL{Q;ZM=629JrF(J$TIo`)G z7kPKG8J~bvgjkQT<)Nh;{lTvlYJ?;L!JQT)DrI|8A7A0-deaqAe6ePIiz#RBh#rv0 zzrP)wsqdCEi5y77Jff)BMv?5e;CY!qnH}NpJ`=3fpFy=pEdf%J6Rs|MUS&R8_f&q` z(s=-IE-8X>Rue-zoF4T47N*GaZyq1hs;YopUhPIaYOuuvb?1#Tprc*%ea z3$Lc#M2^+?dwol2TpRsIm*@-QduV8j(hqgJ>|yG#(FReGSo?~jglbojSeP*NRwXsj zCTvXZ2H}>L;{#epHDjDINYgOg!7xY@Mjw-3W1gMF?$7B;TE@WrQwY%HPx7Ap<4#6z zMc?p_f+uU}tQ{1xtzO#ZNv+E&70xw1EHdwnoEl4;+Bq4z>0(SGsl$0)yD?7ET`FwT zx(3#}_*WJRv&>XH7agjB@vKdq+;6*wH}w!w$x<8H-LHQ9$XxsM$2lwvpU9ELdL=by zA_=(o?5&rM39_B=ml`+lR(HD`J$CROhHT{})(w-!bdD*AOc&ca*^s}|r%l|SU%`xL zP$L&jVJGS+vL6+Yqy}Y%^%#v`;st##T5o!hp*n?p(KEqMGSM7*>w2E6s~8ZlZnxBY z<7>CQqibJnJlo|fUlpjU;4@w?Hj?Y6O3*mfe5kT)b>z7o(3y8%f0op!$U(v!P)76a zX6)Of3{#;Fw3|MH_FBkN`(dRu>r> zij0<`a-?8!q<9e=Oi&`%L9=b-x9e{aokXjL5lTq)55d2tyd@RUX%QtFsVCe|2sV@D z3mE(ogaQ+w%X*MCR85sm6jK)=M0+AR8@8Xsv-V&F;xLzrGR2Wejlp~>DI_^Gl;AuY zROpjB`o5TIc$jzB7C5e1C#XMQd^j4ObS!6fiBb3rZjrqW5>p~UP7cH)&4d<+p2e^h z+kWIJ>Ub6wj6;Uaw*AKXdXNXibtH>s*bDRo5bajm?y{{m$&O949vXaqXDB|KyDxPw zE1uMfpVUfc4U|B>Z#B|^{Tqd^kMbs921nV8I+-e@N{HwyWC)<#$H0AU*Yn-TX@ zP+*b*S@c4P5Nxi7fU?>=pslmgR*0uK=0vKlJi|XnHahM~*USeK$1Iz9C_*Oy?hLPa zDDIGY0j`rMNVB zJ17OFT~&prrJJ>-M^9oe=u`Y3a0mkq!gf^0U6>b&LCx)D!`Yn*O8Q)WdEaH_gp^cy z@%%_Y#6ZI95CxU=5(v=T@!IbhiAaJaz|hODPLY)IFg zm`FavucuGI^_db6xISaUn((NxKN?(Ul7M^0oO>F3PQB!$!nhSjp&DG45^o>`#&kK< zh<-Mtw21D)u$Bgb096w9x;TeJx5LF6(+Z_Z?p{JT6PEfpc->}sCDdG~%-&Xo^iXfPM zd9a4Z`OdQU1QqLqOH|tB;3or{n$}y$0g^0D1)vA$(0G9)U+1Ou71EkOkkW4z9sdB~ zsEkR+S?_|cDeZ6uNxz;2u%m|p*cX&9NUZ);Pzri9_dnB%8TL|p=jM`O6t=@zdWsdo z70$|vdt4xMeht5l-gh$x0po>LB^lR}dEVI)vSrvjqPvW0<%rW=pw&jlahDVc{e(L* zvYmUOR@gdn*YCg;IUlrxz{@1Fy^*NkgCgC$=jW0*0~#P$?>&nx7)WG;uoD1{Ui1cn zZ07y)PeuR|7a-AUdA{CM>$6TP(3#X%R}7*-QWB>=R}${=Urr3|l}e^#-Rj7`hnq<6 zKoKM*$f@;LZ_g-Nh(%_7z~)qe2Ff^8CViKgudGpR5BQNIrp1^3TZXad%g6^x?X*Fo zNqc}2Yy&(&e}^jZsSFy@ZcJz>F1Z)PLs-U-5?OdwaO|N``6mw!@YGnhL|hXw;}`o} z5!#@%?a!$;r|#VaEMJ&HEt$lKT2@0z(YCctYpSjaqJ60xJBGt1E;B zuE{E?KO2p-)tyhpmaX)OhONYa@-e1O)GDq3s^u=N%Q}(_GBtXs#o<0u*}9wn6~nz0 zMkt464BWcfBOpmgV#HhuX*rwpn9UteO`NpSR%IFnQfe`%;6{H7fVQT8762xnHEB3A zyS@hV-bokR7sP7^TbsvwJ{zwt6%v@MSbIB6&8nOL$1g7w{gMgTZ{DwsME11zUauZ_ zF2X-aFS507u2xtKQ{EL#|5cyl`KMEUFgk4f>gCgvV`^+MHKp$(m>rtofayG~zywXJ zC^oui6{3(r9BVCz=vrTF>{W zcS_0VSR|Ul|Lu!|&`Lo(O+DGEEI5HtFb_RKF=_O7+%%WfbJv|WTB}WiP0KGKCYp=( z-PP|6pDnKxR?i=v|Gf~X_w3{|=5xDvxWCU+G_3u$-d?poc{YqG<3D+_DA8+ZCIMW) z{eOG10V{!z6lv_BKzWI+^827sbJlQS61+*WuXSg3-7MVRb~CM^;{6#P(^vLX zVZR?!W|&}1CUs0FbqI%3n9E$i2ec~@@tEl2SO%>)i?l9F0}_hcoZR(c_wI9d&3U(}Q>oAH^e?sNB0! z@f|EJi9;~i4;OjDrFdg?E-;}~ zJks6v=~sHzX`gV8*xby)d(LZK2!!c!u!8y9X~E4{G-StVdxf{eXZ^gZ6g|>D)*rtZ zjdW<*B{|L3H%LZ&2fCVPk7L{Vf9CNe7o7>q-@+>$pin3YP^$`s*yXsKIHl>cQ7N0q zNQd53CVumSTOFpAO#r)7zyr77tgp`swXIr)3rT>8t6-dj3ki5dR;slUr=LZm$mgv_YQCfmD(Rm7#*@HcN+Et+D8un-UXG6}=q(2QNtuqop9+2K zbMSzLG9axge>*rsOORRPy4~u7{JZ{Cu_q!YzV!76RwKKo4{6faN2Yilt6i=T=Y#|2 zgdD9oVleQ0DL9j{|@3Q#7%IWH`DAT1>o@NHoXtWR90w`^S@l~tLh7ViGNnE&M z(uX_SIGs;7K2X5mi&Dzwo_bS;B20^3Qek-*f8HJBOUQ&U3pwpn zAL%43)%vpXvl~<1Gc_5IrOijCfr;wcBqnn8E zB#aso4N9juhvQM%*{E&EY+<7~q6#-uHTJa5z)e}tObu6>9ieM-+wiqN9XIAIi&-^) zSxdlLPaVO6t;@oG{+`AqK;8!daKaI0bUf~oV0WaUzT2sEz-4vp_2ZZRoiPhJS*qYR zFG#?%w!6dULQfGOQQ`k6>tNh`!Aer4pAwuBdHEja9C{jmPJB#=Pg3sfp?tU@Tj%Ua z88UpHMUdBpe(34=i&0-^LP_9h$|9Q}LFTT^`r0PAXFp|@W(OvkqWqz%BKGN#I~`-S zY<0zJlzE4HmQ8PNq#@dutXKti!#-pGIcNX^`Rh7!*)J$|Bfd&zH1tWc`OlS}T7zDA z;0bb*sD-(s;OaSR!vrbow*^gBWL(Ow#%xFdEBKoCU>DSyU}6qYKcC@G`Ta)Ec25vB zcBWE^YaQULe(~W?V%Zy$N2|0>#>0+Tq%dsd;?0$nSB4w=?#h~G6_K8_kKzTeQmZRf zDpjP7DsV1Gq9m_Ns#?oT9@X<~`5bpxica4268gm`_gSgNx?maDZ4%#TS91iwq+2ld7BADhgYFkwuFMghfD7K30UgruL(3Xsm>Qv)CBl>Do9>aYSt)r3-HTIWGA|JI5H>M^PpKt;p*WG1znTPnkIh~lJ zjIwB6H?diel@QV-iH0M^6`r`)nD&5lAByR*X6wTcAw$@Jcsrij3{sP#$Bs1GyjML_t8P?oe6rVOWPdsn@>P%-m4`pymDl>Cv z`iM+O3%1jc#1O$l5K$zh4tL`!<*a;9G?WXkH?qMHZJ}4ROGnX=TgKkWAF24 z`nCC`>8-}cLDkdIz_V4)0~@(}x3Ku;BqB>IC(lXo#M@Rc&V&YO=t1;#sKG=nL(YUR zGH>%>ZB^zbLhn>lHJR!2Q~-V_h8 z1$X#Q%xYykX7!s{dkeQJ<{+amlLu2ve^yhmfFg43$nJ{aAQ^8NBdC>D&9;NA|>t%xV!4`5i{o;VC^^+p;&g&dGH*WMgfS@p7`iabtp z-yG+b0ybksR}!yl!#RTBy~UtSYCa&CYODciEmgn{uK;syTS`%6*-l)B0t7B;#I&|_Co_L8I}=en z22nad#}{WMl+K*nX5Y3ruKjmxtylextsXU_d6xXsT|$3hD=q0C*xHXv_B45>H=?#a zlHcZ_rN^F68)6t(qR)=D6CDy}WML6o$jE|z8v#L$VplT5)fNd&qF^8*F|xkbq}~DK zfJVu)Ed^8QUPo*<&yZMnQSyO{GuS|Ksp%bB1z>~0>Z$LyH^283pTDfK-skzUkcPgP z^0PNUvJ%QjElWcssD}8wTlP6BxP(BF?Csfn1mTi~XzmP3`|IuYko)ES-G`4Ck@S#F z&$uXT9AO=GsxZ@fyaFUb|wi&(8r+EiX>+mmhOT<0nmf~Qe{-%-d`o}oVDmFdv+ zo(Rf`f)jx`@yiVmlYu$W#vO~v4LqLOV83A^aJkf9V_G>KYacv|I5_)^WxaW!6O+%pnQjM_9cZ^u>*+5wTMr=RDT+x5H)3MCz9p zfYif9>i@x`hpU{8-_1VEB7g}QV24&h7?HQ*&lnXKb>fUUkhH8gyiHW!Z3=FOB)Klw z|Czh$;+OUuGE{&Me+V8_fT@|tulBn2X4G`*MLnwqEk z4nAJi#s!t##o#HY&0~_{$R)QmZpZS=`U`DQ1&9E63|Pkvg6 zARbw;P`$8~0`@zz8jXKBI@-*pC6jR{r;ye%uh42*pCTW8S>+DP+AM|h_chCB+xXh(IGon%1Dz&~y*Xa`G82p*+eiuD?pHwF#L*! z15P-Bn=j#K^xHGi3wvOu2Ey0y5SbTWz4`U`_d1MjB>T|)+SR09d_ zyAJbWIpPJLqOKn>h{0q`7{#Ybf_}N!>7OMLW)@Ul6O+T_rde38w62wbPugHym0fFx zG4mXq>X|9s3NU7catdHi@nfI3`!-zo0;?Q@Y9bI=VO1QMwbuH!y3?Tqumjcl<;nyW z=qI#4q}wOX+#$Z|9FM|Za9dfe$QDn+;i5W(zgb#;K~oE#G(MK*w{5m>75Ya?WRGIj1rGlfj4U#d8RgsJSL7 zy^NU0CAmjq+73+S?~vQ9^Y|YdPj%7X-e4vD?lIe<0T=Yrq}o=%r0O7M1LXx}>y5bk ztKGrWS43OcP?uu&R4FP^2p2?s)2Lr z{5$|Qd&WT9+LCQ>>2%_lR*N> ze*n*48~>KF|BY*4*CkRJdS{23iF2<}Jh*)z!A+ zG7QC|p!~8(h}OLCwMel9R}W=K#%1b$rg{=Eu)&@D=@J5gM4HuWKE z)$6##819Vt@|K|Z<46@9Ka<9Jub>uUsFEaf`|jq-Y|fEnR8}ZWN!Nns&CDgX_)`3r zw(XV;={1~^z%ULYlED;3HvcHtojN4uqRPNHhha{!RK?TVpW80pAGZ)>qg5-$o_Lp( zp_Lt~TiRY{o{6koCt6Fh>j*x6PydPcb+UDi6+<@=1s|Pe58iW0G=08j!i_1i%27ru zvZUs$sr@NE@YP6^aB?qTwG`B2-qX8yC`u)C#(~-O$<2VXcdYFNS4m)#yQjvhw6U2M zb1cB#UE2$yvx3ZxxKm5gQKwgn;}EC`qXgK#sP_Fz6wsYHIX>o{v9@U+z+EPM+`II+ zwV(?XWMB&wPe9J|NTA1+IbMgGni$UC^H1mGC+s(0CtOC)T+@58H^=Kwt*N0BT=AXL z$bC_GUYsNeGwFkPiY*{W zvBL)Fc29chc9#%Apvu7CC?f7PljC}>0XmpHT*R(K`^!$?ES z2fW;pti=F^w8!+m^l@&3B=yQL>Fi4ZEHffvss4U1#b^07QXab>jg(1L7lz79m;mD$ zN`w?zI!jy8*wo^$Fz)&O_DuAOj<*vr(I z&Rr>MCz^H#bqh!l={5l}GMfY;^eHL_nS81y^|_LIX9OXt!Yw`=wf$eNMH}$M&$Sbl zr8jvMil~`9`oud>kvK#=e5$#FMCp`ViQbK=Tn)l6;n3Tx`ax_tq+TQvB96XY z>n9aO6cRJ*&FSUVe&jjx3;`&lkHu1>*f}E?#L2CSNqu3k+1TY|?_S5Izh&F66R*Z! zw{oD(zQWkr6B{O*o=ti(t95bEmXu}UTcH|RfYYLO@-VpO4XNg$ZhzBZxQwt2K%Nnj z7aNNw|JYu0`7oR>;%9nPAltNRTnNX8gDjr--O@^hJh5Z!UTA863>1#oJavCaND17= zx-Nv%ypRr$r#7y(pjzMB)0&vs5v+JFQ!k)bGX2wNtJdPojf6TO#poVGAstyoRsTmD zH&96}l1#zKduxMHZIjLu>g7ZImJ>7Kmb3br>+-{Wr>24*vlQ<@J?}JpG zRGMY+TU&=o&UVfBfChTv4<%bbX}{d!(MT89O#1FCuuASP%z7EAgTQ3Hqj>kEObz!? z_uq$HnghTgH=h?vB{bkhqugfcN4weM2bVgU*?n`J9rnq>+wx!9fP2F`nqU-}ymw3Hfh?lUcrpV5}>B{A|&W3(;OA%5uv$IeFsuDqr!U*LJT(lIQKRw zcBA#~#igkFNldkOwHKB2RMQ?cuCGfHZ0bBu^B&wq9sg@+!`)-$?1bou34#!Y?1TGU z+mXiUN|Xl^j*E5!FNz3QQm^n2ZqfDRk@LHu@&75afx!^~X*ZaI~ayw0I7VM&|t2c~}1vQ3x~3d6nR6fR|wiY%&z7+ihO@6jEe~=tN4G9P#I> z@cxyndu3WQ?qPa}igFThili^6w(HTDiGZZWg~xQNK2c8;T7aX6lsbj9+F^2u-x;Uk zv1YBdOALpkVP9Fwv1Z^zftTjHM}tWIcU*%j$?z|WrhO7%(ZKQxnQ1vjFgi>Ec84U1 z#~KNAKgV3mH(VTAeJM0D{pL_5@RmG%YxXq5J*#L^A#PG3jfwBpt0gYma!-^@#7B!f z7F>Bg&j4(<1by`4GU9f1Y)4_oKkW=RQLx&aJ%X3bGS=^S2@Oe?C5G$o_ZfE7lLge# z{mXjee>QBe6xP=-uYU(NSP9xVDZkobB*pu-_i1qayJz#rWT06Z6Jk5j+$J3N7UpSF zKtSXa>M!h0U$PvSzK@eTLMD~#rBK?W&OSu5s7tMe;lqkJ_eKvG;6iS()zVYH1#)8@Grv%?MY1n7!Y<2!8Ybm3WQ2__v9z? z&OjzH1tvVhUi^!Qf$};-XwYX-6mHa^Sw{!yZ&H|u87ABqg0DZTB2~QaQO*{Xjd(Z2 zGn#8AZ52!mut&x+W}u6hqCdv+eQ|EgC%RC?oqxA^8aWM$a?V*=ia@e$C1B++vl;m} z%ZtG&%jrE`ak-!QL|<(n#d5ZYDMcdX?WDgDfMAz>0$hsW(b|84&NL2mu0;s8QT7A` zxQhbxd^MIy3*){L@ak=Z-jsS}rt=Eq@=W}TrRsA6cd=h5M69A8JcuQdWCFtk#N__g zPz9R+rIgM|JmL=mS5jPsq|EXToFKNd-LUUWoB^@hNLwguHoGs&YKlhAZ@c8wU}X?$ ztkhz#Dv>FP2}OK+uD#$AZpgl)27ySH_|1rx_;tOyR|~OBo_e368A98EArKi|NlDX~ zT$S{=7+nb&T`j}A3|_rN6Q2l1h;=_uJAd+Av{hRY&ec=2-%+cz@;i>tmO!B> zXjq~rSbhi)6^O!&9EgG@>7r*oCep6Lr=dy&h+-%?yDPa1hi=2-=k`H2{LU~kLm%|3 zDPS59m6Za(^MeNP{K&S!@FYZ0MAU5cSy7CGC%Tg;2Oq?X;UaW_CnLNQj>8i=Wp)(p zp*e;ZWWIoo?@^inGKPfH{`{>?_Tg8LdxFkhnk^F01-Jmv79d~b%f4N1ojoDh8R65D zg&%x$1hLZ)b8r!(Gs}hG^Nd8u$M1zL!S5AL$`$ggKj9Ksz(Ph0>WKvfcAm^-i8t0g zn6(F_qz3rp+okC%`yJqkU=u{yJ#mN=da++&W8kuTibR8HO1O3lr1QDiO@RxGNOAlQ zczh0krU5@lDF%RI#@HqycMKA}mN;~7}gA4e1a{zwcAoeR}J8A`_p!PyOxWF9d zl)xPHaongolp$zn*(Ce}Zdi!8BIWn+Re4EBRe7hN$AIVL!uxZwYFox&p!7=L2M<|S zv@;4@qBAO-bR3Kekqf@L++ZSD_wVW}FjhQiwU?q(QYsKixs0>U`dq7NV+ z-@`bISb#7Ni{}0WOpeHhL^#IVR-G-pqOVAMNG;uPBtuTD;1WP#qPUAnZ(=_`t|=39 zB-o@6`!VC{pGB35stn$`=;JLfE|C{DJBg-l3)8z5S<3w)nK1NxjHNJRo%=a&8^n%p z4PFL;h>BMZ1qx7$R)~xYc!QmckSePNC3RI_h`-OZ7yy^6Sly48Zx&4H3oEfc#Kzt9Ngc)+10&7c!CPf!3)&DUrq)_lFUKB+M!258ZrwDjsq=gYsWTn<6(GpTrL2%Tf$?} zG+z*LX;ZnP)Gu~kW~SmUHU|CfiB<>KU42Hozcpa#Bk&!n=Dql>J%#;jPyF zWo_~zbG6|yY4v33_9Aok#HHmu*wYUrlmocfy4gkRXU1|YgEnEtd_{BsvM-sPJni-5 z-4)g=uXyUer+V~RQyCYX8+CMH;vwzyG#&Llmwsn@TF+cOM)p$znD-c2_NovKrLdI! zKt&@Ycchrokc3jPTo;JE1^AeI10})YxS!-@%tHESNKB=KDPsv2gbhyJp2Mo4 zFDY9vYpbIG{SE7;9#1}fr8Pi8{7Tv+ED(-M0cq-j$tdHaUWrcO<*-ZPLX&CRDWO9W zRHiD^Vv~JEQIOvMVUP&C8zjEalojDo$j0sL9WOXyB#+PUy<(!AEYMtzmzw#K;qra=#;#XVMiaZGE0$^ps@58Tsj5# z&z;c4J*ytO(?}zhNaE5iIW#TN?+C3U8PV&Z+{7y+=HemDBqfdAltBoWT8cy4wbxz3 z#pvO<1r8yUzJ~hqN1D}(C&24-`j~!VnLgaQD8_oo&$FxVBO1iatvY+g?}xh{m0Ds~ z1%}yH+x%#jorIJ;{BhVC`8yV>NPfR;qU+-L)rK!fwcP&sA2et()n|eJ!tYR9lmCqU zqq#PhVeN!|hAJn%q*~o6x_m>UXrfEG7zcq?dP{%?3OhLPR4&5g3JL+LTN9yMh+XK7 z+>b9=cZ342y4+)LPcN5N8M9NwFDQXq`RrsCQZ+}(FV>BJ>wCxRW7)$&{KF>b88lBhy-kK5$F}^hpD1n!6l?KQ=yQxa{X_LXzBMu{ zjaIw4;iO_Gv(L!FnMD#SQCW1Z!R|n#xt?v_IP6l#UVN4t7o_jdkJPWGY`Ir=MgK4b zehK1EEsXKE{A+{w1dsqI8d zw6(%=WE$r@tKl)$#6Twv*Jx6+GAY6?YF{cmyj>ud$0=OywM%%}e0pMV^ELduRV6k& znDs>5WH|=R;Fi+~Lq*2Gs95yUd^MAfCh>XEa5~+QLUIEX*T~tmmlS(7`(^#X6u;Uz zgx-Oz^i%iCtqZS$omIz`ymI++vuH}TQm!9tT%Ec&Ca|2)f{@$vgOpj=A^E7I8Unv49U;`1ktUkZ7D5U zdt>Mp!o6qs;ubtCvNauUQb0KX5tB{{y$)zn0ErH4QsAIr(KM&D1;=GqqMq^cF8RBW zWGPk<+X&WIb0KC*E;tfz=rNVG9_MUEhkYpAn9VZ}M;~pHv}@80Osb*BXi;XWzX@oyHE zaybFBS+QA{e$(uf=88@;XV;_ARRm@VJe?@W>0t;Zv<}NkdhtrLf8qhg=9Gm*${zRs zoRz#a4!TeySY={@?!?clJkt{5p`zgOQ}B*x7QvCt+1J9_g~=GN_ZYO7HfO~v1iG?G zxf{zU*UE%uTY5}L`tI=REpZ2FHO}qOdvbD8+s6ZTX5?sbhQFpP?=@xbco7M zI~5EYcV-O~N|$Tq!x_fxfN~rR_o1%%jQoV0KHoxx*%+74B|;}DgEVvWPE2$#2|g3s zO2xsiSRs#yxWb;^Lkblw@{ahcQjPY==|?F#^%8K4h!PBFR|$_$BskS(L_ZGm&@N|X zN%(ree?obCmMx`WMc~Wm3zePDiC(%b!(r6$Oi-(nwi33+SunxuP+JGKsA#oOcivAw z;vn#H+-UiyaD1c@v4LXjF&^Wpa5f6T1v;gh5p5Oem^KPE4z+rvX-Znq!QL2%!O4=< z?q1o!y7&wNzJfs21)v~N6V7x)LRQq|G6$4G7MV-o_)YEw3d(Z>6}y1~$5)1nzp>zN zFgSt2+14h&ZJ26vcFOzYjblXl;n>6z9>DwL14>rnKyfexKKbRv5-~ecB+eIcpB0#a zfa37sNHb>P8GZ5rkHi7tl{g?$9-Wx?J^*hELtMC8AXs!peas$=h%9hKk{k#oIHSfr zP=v8?VqXHvr<@45H$eFatNCD**QH76kny@$5Mbw08VJD+k=+u`p%Gdr4nB^j08e&Q zm3s-GAz46U5ze(bzDEMH81%s#*2rU($iVrjd=!8RrVz80RFohJJUlYEv#~(4KxZ(O zS6`9!$V)K%$;vz*XW1?9(MBs*7s?vp(e!dx*}U=dwtT(OI(oI z-dh4ivWo+AcUN^E+gSgLCLvpN-W62VW;IPT>W`$Ev_l#Csd4wd!DL49=)M-N9}_fk za!p=9Buahi;xsAPh~k){S|xZ?hen7`I0u(f6v!?lNd^1^lTJWI=$u(yk!q9!T^S}n z!WEd&L!>3n5)HD?nGYv76AcFR!md!#5HI_};%N}g{GKKsei$-)2LV{z; z!12_2<+!KiP@V3i4IjKfBd<2hZlX0Uj8`VV>l!P$Mzt*B_GX{-(Q7ZSy7YN4zP33f z!iq+siLaxy9s#wYFeF>#53uwK0sIwaf+_Mw4rP7G7#Z3-H20vlktNM$S`|{m_?!@j zS&WRzMm~vpU}3bt9d0u}ueSiQhiggZo+})+WG7*sv8@peU>ZkM8b>0d%Av8aZy%JW zJMs-8QBnQ7?i0-z^7I8Sui5fy2La2~!l z)O{ea6duxlLSO473u!9YE9ZwNtQRy!MEt}JB^7B^Kf0Y03TQI@wCrzlfSSUgNGz4b zLfw>YIVIkO@t^cX{_~@>TlibRT}=OE#WwBnrJ5&|_39RYLAzGd+*WA>&=tGfI~p1= z0#U+wj@F#$T&zXgU9BAdmKOI#*UJF3_%NU}Oo;2q38GU+p(K+hkA|{oOAZ}x1-M1| z!PxqekUltkO!y=5?sITdw4k`qpLMWZW{2I!-*qr(^#51~lRV`X{YRdL3KVtMmVFWmN3(MolX>Wciy%vn2abZ-< z;~9>j*j-VROKQ8z(viHk!9IY_@b&=X%STH{blwpQAeIp_esxn2ib*; z=VU8bQ~x;zWele!tF&qOt}l>O;O3$Rh1#qM!kl2lm=1TM797;ktbv}=0dileZRY+D zk&$NgognecxPyP|jO75Gv4M7|(jLN(nM0)CCFeoQ6b-v92 z^P_td*KtMByWln1l)G?#kTEj<(+Fnr@ID5DMni+xrOuDDidxQmdb=vq@n1GAF{qw` z2~7dwGqMuOFwX39E!v!O-?7n3s>#TDALfQx_=Bu=(8<%vA1M%KP>Cs*rH1<%@VNfc z7~#JDsWG<39LshDGc9|t#P5!x2W-Yv6UL$M4s6QB@DWodX^{wj>lRX4pu{o#+*`oB z`=H!V^DZ$;wTFH`(fTN2@a4 zhNRZuqpQ*0>?42HzO!HMbz=jP$ow@v1 zs@Ex`{5Ea6nbB-}+`1#$y>Z1%<5y7o7fj_-7yTboI-fbZCJoUOE8layIF8GuSJ+Pp zM!in?!VU89W~YGBN8-4-ksIi6SmJKZ4xPk!C*tC#)O8X}*-*e-QUrHcp4YDx7OCNZ z&-{ykmYk;&&yaTZN{BxPiyzgtQn?ECksc_bfiZ6_jriGF%_ue{ij~U?gmW2=>%c?v zs}I?0x^TQQefKOOdoW89rh|oj21Vft_Aaa|YG#ECcjd*&=%X%$1T) zwFbk*=|T-+tW^hx5a65P>QcKta~kzSV_hy~pn`fXS!uowA=Y!LtfE*xM8N1-p`0tz zj^R=rFPwM8Kjle2d(6?3H7u+JV(Dc}l#j})Bht9$d%q>5j6G|KSj>;9$w(K(AD=$> zL6n)Wv82A@T7I%W!*5Of$|NvMjt@;%iC9hvGr=|sqBLnE;dALK6w!c4$mM{zEf^}R z+$CG$x1m^{goqmTmDX@L>MM6+_iC9!URoyF#eP5=?D)+bsAm!$rzY{fA$12S{?#bH z2y}_$D;Ll0Bw?oW(|D!Q#gSmTmK(i^iaGH|hh_@yWd&C9#l@s%BDc#Px*y+)Phmpp zJ{x7=y#pt?H+rmScj*zxoHE^>9qH11sWblt+N|jOl}B{3hxM<}MDMHJ>I(F zDGvTJvcJ$?Sd2u0BEkcJFrC&7))DWvE=D0XiQ#seb?wNUT24Pv!Xl0ed*SayzV?0p zrfHu|A`V_iiEl5M)_nA=m!}2XVj=#?f3L~PH-sMvssyCz|a z?b+nWe6r#7B``;vkbg-~vwwws&k{$iVL+VAenLF&nrxBAB*1M0x?}~ffWIu0aX5w> z9RJZun1joSPbO6=i6lS9E!YnxY=J8ML*9_c z5~B7VoH!(WMe%1slIBVtMIAQGi4V*?-+%$b5)++1g$y8YrUd{Y-A9Ft(z)M9g@7#2 zH!v+SlFC0cS*W+b^YuH!Ubrvw1!6EI%37uHa4-CLuAy8KCNv_k$+zvFGUM76!PBENlFWp45~I-zQsgh>2J8&lY)} zEtjbjK2LWpuz6_b-p|12udT<)QFnYOK2Jb*z^7-}0^p5^w%$$Of$qv^#vDLa=Ho0O zPE~J_xt~q3F8qUaBq36~6VFriUQO(T$dOiv^w`lzwZBRscy2k^vEZ(Xp;*rttV4}k zLox?*(aec%WudJDt!R^iHC8;~V_DOv*N0Quh5I+@NyQ^}H@V=PC?D?m+yb2dFHOsV zEPWweM6WIKXvEra@S}8DT-zqJ`L!D8^Dx2E?*XXCipXP1V)}T(1^_)dt{b?k13Zyq zLZL+sSsFM>pmr@t4`tu4K=(*Myg(k<5Mkwqha+&*xRoe7ViZ!({{iMWb$s($WnXPFZO#|gv-Y>G{ zIZJj7qK5b}h-NXm-V71n3@w}ZcNDd*GZ8>y)>}C~DxAr^xTFhw8se@=O&j zJ?>-{6wP&g_ya|K?*S;Si0IURK)J>Af_JWtWmJcDXwKCW@l_UYXL zr#39<{VzgId$U4p7s=`zNk!3nOqU-5H;R`jeT%JPL3WM6I&Dl{`lF<%pD`23O}xam zaA$s0Mf;QU^lmmQ$%yXN%%x>u_4HlNyjZt-aveXsm64ITjk&=DMfwMy_WkD54?R>{ zxvqQs>w7HEo^gzc%utXSQJtzM(23KgXn{iP>Ehjn%bQ*%l@;H(Lw;`MqSCrx%nDvPbItgFcf3?5k{<6P`rvdhN%~jriZYZ|>pAE&4F8g~y33i*~cI~p~ zIM}3GOVBz*sCEH9Gg-v2QcC zKV#op|A>7f@w3Zu8FKFacPw450$?c!YyM)t!l$5v`<%rQsWJ=ni(p>GKe6?|wk=8`4(tvGqOp4bvJq(2aL2HNj^9V`(gssTwqM$!( z)r;WHwn?&hxW~CcENLZkOdn4E4;ZcJ5l82CNOGSzWTmK-fl0xKBOAw=B{QnC`=|?<<=M{D4R6g_;;vuY zi_3k9Cq3qEbQ_v|UDCh*E}5xgO8p|%j9ju~H|UKOGKp0ibjrMk{j+68EvO%RY?D4T zV&h=wshTPnL;j1plr>CQ@c|k#?c&Y&w&PH&IGxv_>v_g)J|ulFkPnEUKus%v$mQB{P?Z*{7gxZfoTq?fK1>fPUVzwv}*S+pf&k zmxCyim2eN0fn3DvC{wf<4#ZtXn?>I$&;i|gTJqAbK`b=K<6WR&6swVZiUVR|i@hW{ zy*ICGxk#RhbVBGag#nb&qP?z9K$k2o27C!n%I~c*Xs^lX4!Qbvu#iR_K>Y~$u8mq5 z`*b|$sfK95EA$c^Vp%nEXbfz5ufcF{ZjtC9PVbSyN-eC1L+HO3r)@VGZi^L4Ij069`DaFGKXKbs6e&NztEfIoxwriHri!XX3LSqKzzc2E1Nn6h5tq}kv23dO#2I0ufuO?W`}cJHu$G0|K@Iwp@ckfGbu6s z)s?p=hYnm?s5d(x7~)K4O>XUq&k|22((TVS|6j273>h#1v`|jGf?Wl@VCpZ23gMuY z-4q8y^f7Q!oiqsP8%EHR?5F6b&HP_;K3?o*&?(+^*>y}ET5c3fKCh#GuhD!!yIILE zQ%rB7ATb00Tl`f^umtD<_>$ocozUB<&rQbXStD+g|CJgMzwvRBc^^`>BMDCT4e%}W ze;MDJks@pq?6##8YrRgveSELcvNy+)diaDpyFg|ztQ!KGw)%Zk9^s|h1s-e@gNpfb z$HTm%0%C;`t1q}!#J|Q^I0V_X$`yGp1AGCzHH`rr0yuvly`Mh_d4CO$>Smz|HSOK{ zj$M;iYIJ(;V{NzBjPvDDM)bk)cYq7{cr_zt>(E`OxNGY117DwT?w1{tWb=X*Bg$n3 zp~$^|n(TIH0-45**a&s^E4F#iR>5)1HO~A|_H%2;KyQQm$uDF}xGl#CtSp>0uJFP-Inpg&>zP_#ul6Oc%{3 zU@c*jU4SA=4wKVVFQ1!I)?JEsc)>7MfDFG6O(aV8vtLrP>XUhe*B+^%Mwt1{N!0&@ zC}Uk#h|p-YJ|{FD3(LqAGGKb2dlJtZ_aH7JrBW zDApcz=GBEOFL9G%eWY-yA9K$Y79UH}&Xu~ni^{2grFo+?VxN0& z>NO98Hr5zBc&ntIm3F3)`Q&G^DW23vG>~Od8pFP&I<+JWv6wZ^nf?x3&dV}i{~5U4 zAEgg}+VVI{M=xMj9;qRX9)K=q!t7u^F)~{D+gfH8`NLZFPySjl!#*`c{-<EVspZ4le`FPx&+zd6LsoI!>0MC#K!UWDs|J;K2Kx?dAOB}y+e+mQk=)Kj zJ!}0pVEe%0@Zk?&Oa1?zmzwz!o}dM%p)MLHL));j*-pSjZNsU!^-##tClG{31$A(r zQZ4hXYKB2kJ(%myykaW-{=5Cmd{LMJ3BQ)Bv@CkUg1doyQ=Cs~IY3PDXE$#W=G}UR zxRi38_z!9#P5u9+ChA8q_WZAd66LUn8c=KKUK#lIlll%bT#BZ$sj%b|kh(<~9FUld$AIc$_#XpooYFl=>Wf9KB|AuIV zElSVtgA#HzR=JjF)5yP@dGplNdyi7$qT80?fE6|&yFI|7g!(>UQNq4`9N~RYLQ^3w zT*No0c_tvtXxRkN&BH@a@`reY0Ce-*BY$`E#>68g_nKnceD2YpxB=a~Q!`x0&>r`a zkCBSi3zHo6R9hf|=Vi*Xwm8vZTz?6M=Z@@u3x>WH#6z)IAlS(BIBk)9F0!&2?PK}% z{N&^$t?MTlxWp~)Uqc?}h^m)tWRCP{Bl%ihcuzO&lf@E)53DC~n|M?kH7&&L+-Zjd9CtZ3au3sG039-)4~5L!99{V@vGsidWm_<8Fw z(P4Z6f&dcODE_LqR}NiB9v~DxQPwC?!77x~QKMRcj(;}Js(Tj-!-oJuA(`_(g~C8T zC4f*kh#t%$f-CMQ=1DZ~rqA$QuiYouUg~>%oN%2BXTb|VE_Bew{Vf-g(zRy3%Y`2A za$$OQs$DrJDP__4GZLTE8Y}Uh+a_YCl=PMb2rYdpsd=HX1*YP-Vpp8`WbYTlabBVN zmtCYq8<}moDKEtq;eKUwSn=U~jo?Avli6MCEv0fet`OF4mQ!KgGJ}?24}O-QvlM3H z1Rkxv8;gp=AJwPG53}q-ys>_qn~a_IkGEx$;%}>VRqo<~^!nHX;rc0Ww`CX9FBa+F z@@m+5-b9}zJGIb_m1a(LyjhLkrk5jCH|uGui@#;SP;lTA_U~Dj5#4YFBuI0kIDD>H zuB8lGR|?k??x12C*+ynst0eKQaH_wAMC~f|%TkaganLXynn%=uges)MCse~a0JIc% zd~|`j9M@$8s-n+;y=NyuUqPPhG?kFOM{`uaB7X5}4{P|rgM7%zk7xL0_4Ta-a**cX zQ$#EN@##k(ohxnN`zb}xdjX(!?GN{*3hqE2i6&s@b&(rKp1)9^eA4Sb3*vT0!-8FUh`Q(Jl!0n*gNMR$jYrM`oM>|A&eEG<(Ao*=CKnaT(2%<1B zL`-7uH@6gu0%Quqd@X;%R60clOeo`F@w@n(-UXj3Hz)x+GK@n_c;e)6ZQOD`TJ@eN z|Gzjp48WgTT^c`4k&`1pa(cAFl=mhiLhluRlQ6-~zS)AD!1j%H3Wf8*2C91ktuuHZ zpmZbvVts#GDyH*EF3%FZxX(Mf8}~cBq7{N|8u@fhrxljAphv{ikjSEw8PMhjULRX1 z!W9%Oes&+*yI@-ipiQ9e1Hd1?zg3QHw}dLXsw+T>iWVTI59LZH#TZc-1L`wl=7B}K z(>XBAi+(T!{rcq@sEvrQxd6pvSGq4A$&4ax~S`9XTqh9C!yUjGLP27Crz5tKjx=*C@lqWy2Ugh z7krIuf-d+yLBnmZv@d+$&yWgO+Iy4M>a&E;6jOB}{b(ulD)zYAz$D94tTT@+?40PF z8>VvxJ*BFv3BSV#LX6u@n)#6_3fyi8q~#-w#h48Q)?qn~0@5x@4*u=Oe*EtGbk&HKH@8Oy49dtjPCgP*vd{aU@W{dS66Ak`9X-4zJOGeDlXFtK=||f}_j|LP;44 zm_9Z(u$G3NA&|EcD;@-J`E8hot7(hyuAUKCHKz$J!}zV@q&P|!&WaCM&+=5d^?MYK z*P9on^(yyhGSHpZ2_#%?*(2OnDdQr6ThmtffPPF(;vmE;t22HIhHSW4mA8t7Jhut` znIobYMb#m7(CDkshBE#J2N^iM53vuYoTALbXKo&^MI{0 zJ-cV9Iw%tB5LTK&0XG{+?>nuZ;jt~ILVSsDHWzI`pi-<6)L z+iZkH8Vm?O_G{Kddb;e|c2)mHh9bpnVvsNec~VfXwDq14&Z4=lRB{K5F9P|^jr1Yi zXfb9E3mLD>dQ3D&-fu%2-r=Hq^jlDGyfR1bNBn;&>K-WWB}h|eg6NzkdA*>OSD^pLLyuDUFmzM~o|&#t z-1MNBiIj5)IoLh`rbLUe#^Mh8Gn2t9l;QMasph_QIB5|t1|;uyh&*z?wKOk;rn5vS z9Wa!QM{|o?3=gXn7ZyKVMVntU%Bx|6^X!}#!eydiR$7W#V9_h9|HM?;3f;;+&r)ZT z;9x_wvxt;QFKgd-lqVHb7x=@mUQ@2VDl3$ds_ZcL8Ya9TpMx)>IfhmlTPor<2G0X7 z|Drfrp`W(uCU{;NPmFY`;)Z5Q)OFSDjtYF?*0vW}cLE3Gp=^2m27_r>xA@aqpm z(|@c+%zM1AMg*lQE7|BUMLBBJ>wQ_;$>d$Ubt(~EQu>m$Qgc1SDVX-Ycy^i#^Y*8o zO>_58KYQ%aGW}mhPld5D`LeR;_;=xU-grcZiv8R3LAGFH`>5E6(ZP*2GEWw^Uzs=n zlc%!j@@Kt2R^l@wWt(3}esWS9H;pj07ND3^EPp{o-pyUKL~I|p|7V-V0`f1nI}OWC zVA^{5Wegny1Am~hWUKgHOe{V8hnRTxBs#GAuSJ?=K8}O`4yPA>N3GTcIqSW`7nT0) zI_ZGzh?$av&+Pk-VD09z#pxn>l%(C8QYhrh2zOi#ppk&-Q+|3*35L}7xwG;>$3LTy z%q)A=zoU^;YX23DoL!_E9_j2sctCxOC8F0Pj@em^wwDn6Scw1GfLb6FtcxDoVSHOP zK{`fsu`fH(iS(e?{wLn)6LQ{VAq!b108eQR7h?TlqN1se@}VVPn3Ww>|CSON-2qZ! z8B)cJekg>Eym^`6zp$zPr@z=V;GIn;E&hjCWbOYMi*$Iheb*9y&z)ZW``oEY;WmPX zX=Mq*|BR(*LZlxy693qY(BS*(u1S(kKCNRXXpqD>Q?U!VLsU5Mh{>T?rOyO;aK4^kWmqz}W0*Avq z$_y1p+a+OR6;wh)S=_U@Rl;?I)8YQ{epA6w718 z5gFO$dnutwUFXS09w8PPPh&TkwU+}4j^mG=`@W;vY_K67^QK_-P3)NXC?S2uwK0#V zFCOkEAGv4wMr#@7crv#Fpa+j>Xl)PPes4DNc?i?o5~43wtS_q5Dp52tY{&u(7Yw`(<7@jG+btC`F#^`CGl8B3EtBuMZXI3n^~SLj(ZW-sm! z(SZxND>Bq$_}fH-?f9*F>Z5LEMOE9dOw=iF$40Qcg3+~)4G{Ar54)q77d zd*wJZak!d3Y1Q?pox*9#%Gu!}o?SMJXZ5uf4O%=z+=q;R*?i0E_6}$Ryfq$$>?eYo zvtoF!5hDxc2pojJIb@&&A{2UWPJk*oYO=JHSR~KkqI+>aPw%8mPgZC}kPZRl>t6f- zeSYudy~N9xJ-&M?Ld@epqZR}vuD33SWY@7?KbCro{kPQ(MC75x(1w`MSR+=(%77}@c8cs-e5dW=js zsQ_B<*XQ-|tT%UeSX_OOi+OJwoABuIK#CX`3A=XG=XCXa4XH2cNDjsTMfVp>*RYxN z2@jjj5Zv?N;)m8`sq_N{23YkdfyD4R@}_;j!uTvnd`(h#wb)J^)Q&{#fL^a1(N)p_ zw(8(i0R)DLCuC`5ygD(Sb82Ay7UebwFqZTlK}NTkCf#YBMyo{uyQnosD?;gQ0k>wO_2KOz_%pzq|8|j;|ilW4P(8~Ic8AA5oUwRsFFxEi*I#>>d#HG zg^PjXeT%`iUyh_cm{-(PZS{N-)i{#!oNE|M;90;mkX-c}rLuS7s=^}Xn}-^nnRh0x z&=n7>#rsLE79*0IfZFW`ZfvJkILM6vi*75XCSoh$Re4o+>ZZ-~Q!fw~w2YLae8Q5I zg-fM%W(7gghSOI+u{_T&c$)|s@(;NWPs&ge4y#%voLk#X8jBV{s{;r|DMKz+Zu-iNTEN?wSt zbg?%gcphpNtmjwI)#tGK26NOz?c7*Z*7!o#Mp*0trpBr?x#}m!s->V5i(*jfDhZyQ zNuyQlLkKJETEeFi0|`{|H3UzS8MIn-)=!>Q+XL2mDzb{)ji;it(7LXQqWjESSA|-- zbydWQx2}rtXkqtGLo5KafkCHd>YbCW-Qc&?>n+2_vq&{DL;(%d|J;^~DB zt(I#hY`$`V~6(?)GK83f;=^PZjA zZ+!&WWtu&-zm}6A>hQB0R`uv>pqA&y&rlm9$) ze^W9l1-y{+qjfsP3bszCtfzH4l@xBBP9>%98l82WPT768K7&}Lo%I=1i%wa`X|RFo zFI%TU>ogEg>ofqZ)1Y-4WIUUXPHDXct=9mwUW0-tmDX{PS+I2+WIe6pprml?I4CK7 z*XXS4I7q#{U(qTrU6;7c2dg~Fzy@EC`8vpJ4Ek!Hyn%$+QR`7-0d4(%p-Uxh2H&Y4 z*;0>qIIoRnrx8BeScM z*GtJ9LD;Z76FwKd(1KKE73PxdSqzo%K``G!xHmW5HiggzCMmr{&PUh!u*61LPFHC* zkM6A`yqA)2T+O5$Z`zXFQK=GbEmn~&Sp`6;(^sR=lAH0> zq8I|wjdEEaEE>{}m(49&;Igg`d4=taN<0TD@m*tJ*FpH8Xagz^_h3-~_i9Vfs873N zyPFGyvKr*&wf{=>;$YLeT@dcyf{@3`ceNmt@lvzPK@FjLSY0?BHZPoVdvB#us!&r> zDfTAX4OM2K3|vU~gWL%19yF|l2ttY|IvZsMI&fMS3 z7GODAjyA{=Q`y2x8)Uy8^|MQ7-q|wDd^<4XGwHV^E|CojnZwy=Fd9u~!|`{AN8cSE8HQTrD%_-&ab&lTK7ZZ^5S!rk_Afj2 zxH>i#(A~EQMvS-!&ky`vZ%7a3u0GSTeh_*OXm6?8R^2}O{eJ)G@KF4>-|r{?+dn=Y z{bg|2KkN^N!@=O_Fa6=*@bLIApud?R#~+U}-Tg~{?Y@$OyC)ClOEd#IHbGA=QazvQ zJ&5(G1=H{SfP)u0T}+AYn)Ib#a1Rq!Ub^Q|`0@r(hVcAtxMv7%Zy)In@}oOWz}4W< zCBo(j2#Y+jA=9}6ck&2`&Bhb(`E!NtLgwXN03Z}IdLpLfs;zwf417h<-}R0H6!t}+ zbWir8fgbn*5H=xZ;86CjV@#L`@1ZA;eC$`ln_)p6d(J!j5hF~QZdtNL02a`)dvtN& zLaE&DJH$f9@&ss?5IUM7eAGV${VUCX3f(JYK)+0F8Bj9+hr{E3V*U?D$HR91Z{t~E z{`=hU#^(kKt(pIKauP>O)ia0-3GErgJ_x7whgd_|^E+V1yoomREK3+kpa*Vm_k9@s z7Q}?D)JzmrA=*jE3Egojw~_#4bx}bbXz=c(T}E69imfwa@mhgRK-Y`n*?Nc^NbE(p z$Sx&>2=)>5xc44fP^YlR1upmke)kCTMP`Vc4{1<@cn%=h=Pfxd!fXb#zfleBm5g0Q zdnev0#HKum!yDfR4sltgsP?(B#|sG1eVOPpb_w$aCPPpwJl#>yRbE|1wDO;h&K4&? zJFp>hkwLXb)gY3^-^*Pbgy%G9FZF>hAAmU)*kk11x^2~OIb^t_j%549LQxK_n}*X( zLRbknHxsN3nAF9qeb#;o*Z*j~9_XeiHi&iWxdmP3bI}>WGc+%=3QE@h!QtUBvHlOZksW1N{=6mm1m39Qm{D0%)r2HR`hJ#lAZ{zVr9C5>Wl}qXJ5^r=T zPtw0els!TW+L710N^`;Fbagz3;IR`c@K(2BH~A8roK|ibfPGNOU&#fg97nvNz%di9 zUa?(;YNGWq7p+1U z_1FIohO0ZUn&l^-Qv0ueoLK)4kB(da-&UUH?Y|g*Y}xXoqVLxF+pzT)Lvy1RpwjZX zwqKkNTdObosVe^s%cBgsF0o+K@gIYu{!udiU`_@sMmL0t5QkV(DE??kvkDEiMNE4?RHPE6Oz^1n$Tw}xDExyFC;NND^2@YO}G z{ENf{L5!CF4igj7AV%O309VkR`k&^IiT_&Mbmo6t>&#d@`YX6tAPOAl+K6(b1Koup zgbZQ877!$W1uk^RqrdV`%O@@bb61~Ep$TR#vB82dhn^f9%n@67Q(=H8lV16AYLV%I zt#iU1n8fgGh~<)V0B>~Lu^>I*q~E8Ic}{O>Te0DTUp4KwoWUz-a9nb;6uXEB}9#tn@&a z0b;@Ta3(ZdUlbMK=TYGEQJ2R?utB})CujtLbg|IO=Y}}!_o$X5N#PF~Yvyg({iC&f zO36^PuU9+Y{8Lr_`zzrl&VP(Xsr{e9__)>oxALs){|Oi(DB@4q$G%7q+ZQLNN;L3( zm4IMHigjXnACv8$6PKx5J!zpNB7(twP|qbEgXb=sp&MS0Yi||Y32LpNB}Zoqn$vfH z6K?DGCJOvn;er+8xp>6--30$PqCS+P+RED9 zC@r3g(O{RuH(ygB^chVq2xUH*m0eo?wq$-N6}eKve@Y}fmS11lSmH)%w5=qj)=9ia zhj-^s%v<$@^1dI2A2jW#?aF7W8@Afe~$VH z`5J~?%v;Rz2gaVMmKR@VQR;DlFqqy@^}3zWb(c&cdHvPKvOq*N~~QPJw_W%2&k(9ZH3s-mOSbYIBM z_UAf-*ZOkjHL^HvD(YpKm737b;tki<(Q>OlOifJ@C0~i6R(HfzxU7b@maf?9Yz_ag>R!u}DYd#P-b~qLY!NO|nS&bPl2#Byy)s?+vWm77 zPF*3TMhd<)1FIt{$7YD4=mw?2sQS!;c`YlU)_Gl}3>SftY~!V%Y6S??VDC`b4m7q< z{Y~`2--kwF$PK;hf-i`zBOF)M;(BCEmkeNx>67tRGqlT!8fJl(nWbqqH9-pX)087o zrP6+qQHYzw2DALgSfLN+eav2rWYf$_QJu!ov%d)@$Y%XY5KBY`gU({ntY(}PvpQ76C!BS=Zpux^}2@tw35d(#5G54k0bR2eAySs;0iHxCyq-D5t1r}sO~ZHckvy% zE^#Lona38_0~1~yP-YU3fot8xvaEy5^g0X6$g|rfX0}Eb3i=GZnhTsw|>EsWB;i`!+yWHyFBtrvnq%`ptx*Kj7)0 zKM&EtwJ+!@IkqiC8N^Z7-}R&60-zh59V5OI@P}XLe;_9|I{f$8w~3AL#DaLv7GQ9h z_+}8>nTQdAVd9fu75SUN8+PDWoI!L)s5K%i{gZyBQ^Q3Li@md&iy~1hhi0v2ME z1=LOGf}e$#ohyw>DLx4}yx<^~4qf4y@SRWpzh@VlT1RGGD{PEAxyC+w=3(lWk{5&~-|MI6-{|8Qirv3d%=KG%Z_a`x^&muUmiZxNE)WYk8{b{|+%$ZX_^7>4t7{pOE>JOpDT z@JALLN6#RIjqvj;9a%!#5Mxo_#L^qrZYi)=K*?+xl!WN2m{dO`JQj@!PO{PWy#XDvWG2h4|&o83{{z?xS-wQH1eIio< zNYr`oMiMUhJpowIOzHxI3}Q!j8z|7GE0*SpQkNX1C0g77hteVDh3?KFd!5);O?*h= zGghe-zMwZMPVK)&Hc~d(l$R308Kv$^W~=t8@>E{`BN1Ku2x#&8KRh}*O5gu8Z1;b* z^5kppImTScojy@=s@9s@t*xbCl@>{s5uW>aP*N_ZQ?up=;RUTkt9V(sduan1*S=U3 z#xlh!z@|eW_Sa^RgkD&aS5@dDXMXbDqSzSJ9|9}MTZ};ZCZpm8630_QFm$$%Z%=?$ z8Jc)wTAuy~5A*2 zD0KofEmJhE)Mu6MDp9exkJJT}mEiURoQn{ZS7Ze&Q6>Bow7wd00>=F4T5&G_ z=vope=G0+u-cB!q#z$L@S16hKquM$DIE4NdYH))cpI0~K4fQ+K#bI*simx{@XcS;p zRZn~M6^@haVZ_pxth(OJF>&GBr1!$7MBdk`BDuh0I^WD`=g7YPEy%VeOwp z2vv>hvVvbLqPY;d*p)lYR9uxXh2vd;90S}B-2E@Tk1>RM=6KFro!b7X$? z59kk=fPlZM3x#MVJ8yJln67o}jMxre%Y6F>fcU$LP^BAMiTFt~QF&1nJxUWvGSvk~ z9x9;0maX_vj}LdFRbvmfcr8KRqK2wF( zAyK-=Y+6-Y>UK{I07Hh3%}r6v@VZaS?+mRN}=dV9A!&hl@hPa}isf5zOEX3zu#6 zW$ooV)?x#=^Y2j0;NQ$oHSw9*dI8U7_qj5+dRE4mRv${n2y(Vys%k&xmw4fot1Jsg^&B(wd^STEv1OG#p`fVTUh;p{*)dfbsI?gt)GNb2{C$OiYYW{q z!yFumuaQ3TyN6t8zVKXx=O2s(G(8L9`77ZG^k2WcfrclH{BS>(5ruP-lGBL*ciRz?g*oM2pm8rKlb7wiNK z`h8`4+6-|GU0X%krifQSz5)UklW;Qu+c86(5evG0G)A5;TPd@SJ6ma{uCP$6R+ZNN zr5<7@_T00q52`aJ`8G>n=QXhYa#3)rpn7dw?4#tH<}VWj;F8aT;>+rq9Hm5KJkF)s znAh!6jfcLhJpGH?yoAg3xghI4_XJ)tiZsR%;jQ;s+>m>DeG_AT4~5Vy8gslzlVf&e z%VlGam0N4@2Ej~67`l-Q*8eTVPo=GGrIE)Ch$6nEoh9IkzpJOqCfaL2<#!PgCbXqf zsz!GtURPbrvzl84E}8DrUqr><^$_LPUmrpK+50nMJG#hLAz@0ru85$_=2o-S)R@2E zS7n_ms=U$$C7u!2fM)2MP|j0if2+KQo7eCvU|tc+vjaDR|Dzro1ud-4N3x|i#KSBG zkbJWWRDN59pl#@IMdkQ^>g=z22W;8-@5BCKGXLvv+@Am5%2V(BU&j4^S)Uy0yo|Kg z^tE=CFAQw>dT@t2J8}%bPb|r?|Cra5XSjms=#$g%f`E8h)qi-dn0__Jd=nclb{(fJ}g5>r#agXa0d6@snZ?Sl~M42cH>yzJ- zksv{oiD=3U{Qja<1bO-Jo>UPM{=}p3iF$RcSWo0th7bB+_LiO%<$tX^V9VtHXpofu zhew0<{MS~VEy({}yB>CzmVw>4B359ey(ac+d}_%5mF|B1ONINt2IJ#|{O=zR+xx$_ z@@!fD=cR)B;Ol|s;`?sj2cETg5)Au!%|pBe)eF1<>!y-&Ty%vjIEUs5nCTYftH@u$ zdw-V~FajJ`qXR#f=%nz>K)uM1q(?fG{wj!xjRtaI4xS zj%qrch{nJ^c>eme`185w*B~zR-8VqwY3!-~CAn|WEC@%3SG75#8#(xDr5qFAAu}OjF0w^)oId7;J?upw7pMYpP z+}3YSz|nX-8b1PHMx{cw)lOZgoA0o-d`}4b30Y7c3l3;p;G;~+(4LrB&{QXZFOt$9 z%AA&!8ovwoW&5o8RMr24!|EV*oL{`Eq7;_sf8*m(QvVzG$49OHw~dF-&4Z_p{sA#` zbp}l^bBPU}qzU~*N-_C;!I(o&4h~%Xx;IB`;Y~dXUB1LX%tS&MMJFK+Z<@FV31#KL z57^xA_XY>Hj?oNKrZU}r#9@zK5P%5-#zG{HLwMh@bOU|^USU97Q?6?MN5&VW8L}Xl zA(t{CQo)RHiN&R|h4AIcqhJIQ`XtB(v270{wmeus%icE@y36PRb0Ivib%YQ67n$1E z!9q7KA3Z&Yt`*y^gO{uFdr2?v>7Y00=XrTMsq)_sdV|CK;sH4R7~TsqCG3INH%Um9 zsRDo>2i);bGF|(o;GnJOo?x}hCVEiYi+Ty267lxS8&|yV~t*6gJ9o~31awF&_g{JQY!M^Tu5_dhUT7(RRm-v zlx2h|)3E_*@Ivhj_}dTQzn?$z|J~j`mgo-Li{c&spD;X#$9OAriH$(>hBuCT0)!88 zawU+sr%5;_3!N^sZVV3-<1&AGR z0N%Zge*NS9yN~CS*Drs%*y~8vpSV!0YBWlSPFIsx4 z3(rEpU?AYI2z>#Q9i+-Q#0);h87_;dES<86D}b9&Ph6og^Q<-444j^ZCZ)jlpkI#g zYu&{N&-3y92HI2T(%LgTHg7p{x$ZV29yYo435ak4*s}3puKUwFjywPEBap~cH}MNk z{5IA=oDxU=%_$%lWY5m9n7j^^&yuj*-iAQytU7-pnO~~^*R%g1Gt8#*e-4iOhl6DP z&%yDawg0y9Qp>d+6^ukYM8fuN&NvQSkNobO54ECZL!YBy~cY06qbRk>65h}E6ur-WFbAE`9NRa%Jj8?OIDKRa){msmexneGMYfIYs7?D5_v z{w3}c2SRs3A!ZYa|MUX~+{Seo7N2^*Fyzf_- z@~Legh?!6QO;8>w-GppVnflbT3+XxNM1=ny?Cl9UX4O#2eamYdfMKUGRK6vz#XWnQ zn>lIYEbtnHWqpeSSOSy;9tCU4?7rNzpU6U)c#Ydr>!9UlG+(^+IQZ{o55Qc9PGp&?1VyybHq-E!`6SQPq~a*wT;fNgRy-wuz%}-A5OujrsbAt zh$k6GIzRsL{`~B{yuop+-19e1a{uZ`n(ZZ-yN)s8DhM$nrt{q@1dH(ib+VRBq%LL!RQM)Vs_X>3~1%qCM8h@u8D;Www+yMJl7zmCO{^W(qeQWk>em-J11|CbzE zM_HK;9w`fAO<>mT`-ixHZDoH?%VsT`6|&j55jQReM`fxH7P;O8W6j^6pG6GBNJakP z>NwLc5uWF=CT*6x7Kk!3cXfO6yQgD@EV$S2J$u$IpfSSp355p1CY?+@;}WtQ)?-Tt zo@yS}-DSuCfx2FW0lL6~otU!S8;t8pn|wZyO7@xbz{qQ?H^mOV(rBoC$7(x87jk;_q@L>`QVo*0*`gLU=9pXd@BFZ?a7jUfKnGqwN@bPXst6wH>`0A|pm zkfFOXT}(tTC)c_)nQ^>K0x(yYDa}q4F7^=HDxD0`r9!D4qtaA2E+IB263%roP<3 z?|Or}eKz{ki~pF5FafK2=)ZVM;{Ol($I1AQ!~USn|FV@QC;lTw=r;7fjSE>bF2v`j zT?=uKv3VQv@jyd9VpJBm&x-w!j9xwLqtF&$iwxaTwbB6--9>RA39Vl4J%qdXVmmr? z;&aVB_!7P33ihCx7~o%YW-LrHuZD@>oVSi;ePBZ!GcJ}Prk=~ivd#obAZEyg;T6=t zK@PMKhP?L7!-h;J+IytzKZwR??aFYVFu@c3q|;luXGm?PlPw4neSaz+qWTKm=Lw8 z!~x~Js>h0h>jlJe;R;77qNN4!J@6B80ld*|$KrT|YU|nysGDzeOg~`6jD@BG$VYw7 zhx@`~%NRoAe0C+0aPJK|rHq0JhOJ%j(4Knw|K)eIrtbfja{d2!G#n=LKMn?M{P$L# z9Q{8ebgTQfy8oKG|K)dd*Yy67y<46Cf$IDrh12?e6i+MMtzlxEiQ#w?kL$FdlQnX2 z3*1|fXTs@uR{dOi}-ebiMDUONdkA_58|$jwCpgZnmQE;4BBbmLQTxG@aYSHggj2Ynr4c7tm@ zJ2A+_Jeyc>#`c_rPC4Wuu)JrFPQ?4q;@{Ihwg0zw4n+>nFYi6f?aa<&8CyN5LIQ#B z+SsVYi7Vlr6P~YIE#f0olwe)Oa{QosY@7w36xxt$?1$`U;l2yR_X*b}PPO;)sQd@W zwA*f?K`l5(FT{p_j$Kxcoo0_!>j;AGMO76Nc2q(|4Rs{wQI(PrBmmW}iF;`g-K+|v zLgJ*{4Vn_nmS^+_g+v_T2{55!k)<6S{tg(%MmGoxiUc**=YW-n{6dE|!5K8ZbJPjI zDBM}hec<0_p0$IxqdsVru-7`KR(opte>gko4wCVXRb4@)`@ct{Wd66&u-*UN%9H2+ z$sly=3Tj0BdPoxPuNgk zHcjNISOjCC&01J4^dem&wjdtci%dqYK6StW7{G7)M>%>_0LKYMPac5 z_)gNJt1$ST8T;0UKHim~kDDHPt6)FKX9fLVSwh6E*FiK#t~pSq{|^WKxc)!t4-eb> zpSJQ8>Ho!qZq0$#99VZ}*qg#gaeqrp_&kUV+ePiacs{hoz(Y0$ifNx4RLXh!1)`V! zCd^NsWmSr)d;zae*6}1Wd@rL&$xPg}vLB?^TRC-Y)Z{g?ED=5FS(bW!8p9g~hKFE5 zJeS6gHa*$nK%DS@CbRI;61g{eA`T^eH||I|quW~RNVE`fc`Hn%mM?TO#eR` zjFbBR;jq>JxAN4{{}Y664S?1FXxspJAMn_{umBP>qBQ}&CKDh*{L(;Ep-~x*mk3_8 zWex^pT2Si-KghL?SeOy_$A5#+7n}^*3f`Xt&7bhjQqfo(ioK*xN6{Zaz^F|;%tV0N zsdk{<@{uPB&s>;OxE6#dRWu9I2wy?cEB`!}1VCc0HgYoC%12ik2p zVASLtxtH+EtBarCeY^mBhU0YsFXLZA6G9umg+`t$>6Jhl<nqZ5y~rTgvTvwqNNNbiHAEif>zM~sj+~jXEhc7Gw2Tv4^#0!{Z{|q z%2TBOCkWl@`>np;fWH4B;HvU_Lc*dud|61=Olj?ahinHVh`oATP}tA}4&lWAh49=D z#8^&jWVj?F38JQwFK5PlBGb1ay|)}tR5q~HqKdLnr?jqHbK)YlupbZti-y-E8mCB{ z7J5LKON?mkNVa=ATkmMHK9sq7r&IMF&(tkX)bYKasO15h8=0uth`WCiwGR3kpQzbL zycZL-4&EwE)Ha3eJ$vf=|6B|ir2F!^tV(&HO8kGro)U67@mx!=Pmb6Vg+96#xV;rX?{ie_tD`d`z@>rV zUqk9&+{A#B{@mO`nxdqL-@&&(B{~Mz3G~uF%T|r8}q$y~_F5#_^l8v3N!> zbBSd^_f1^L_#2EVtfwl}qCu+mT~fpdfvGNns$wzWrq~ua^Y)2TWDE<|B44y)eTQTV z-7qVYE7zN}QK=>pOudo0rwRp|TCg5@l!|vsAr6P1WvkMXl1TctF)~E@={w&#>iNks zKge8zg>5kACP0K1qK-`V74HKYPg5+`ad8+6NBnhhCJ!t}eQWX-ZeylCq zXe)2DtnUAJoT|4#6#M^&gQKHl{O{rDxZnE!xA9c)|2s|_`rCT{Yp4FpRQ#)L4>%4D z-QH5dzg3;z+1^RV2@6pP@-F+j9jA>F{u(^pj+37pgwOYLVxGA=UA!j53G!5w>Pa#& z#F`l;_EMk2Jnvzl4nP#R+_IHfdBQ5;Jm?K)TJi=wz>p0oH~?c{BkVCq8?^5nVj3J_ zRt#ZMCldiUm+7?ieujL1AgNm;QVFsn#qCd_xg}+g2*DYQ?cX}!DLCqbr(g_z0P(B$ z7S(mRET(u%*n6m(%Plel*R`h*imT&vfC=8`i|112;TD&gTLjPfYP--e(6LB5(kx{$ zVXiXj@N8hl?IF20Ago2!E(k7A2(C}~h%Yg@#@cPCQ4+rhbL#u57b5r#qPEVAMJ1X? z4fyw4id+9Oub!{M2~m#!h#^b@B2Qp_9^o_aV5P;)>}tHDmPQC#Cl5o)p$?2f1)|&8*D-+QXs9xfJ(g-KZtdBbDUVv z_0GsXg@aaHq*WelVwKKh$*Rk=3e5J`X$AC}3v~voY;~np``_iITA}Yp$J80*HiV$% zJCEI=$n*p-nLI{3wiyZ-R3aV9$kD$ajh<43Wo$hUdC`DGh2h z$ASQO*n*T+078zmaTwI==bnat7hj<3%HM_kt*CYf*Oo=ISa%@^Vo*%sXBHYllUj7p zsVi|r6&&R#&_RuW6QlyxwC-|H(yNdBp!X0-eG(;0#*p3AmY%;!9_U^_;E2+nj4fi@=Uy{);IKl9Sh4Xg8 z%dAhl(NVvyuR51}|0L5hi6%s<1@f#+Ie`w{hQ*{K7zz*Gh6wnHOpWAtmD$H(6z;mH z(7Gybz!9QpIi;y*7!aE4PvjMLEs8kdC*d^MHW&D=ijC2Grj9B}Ye^7U2VAwoL0Tc_w~<;8KT<0s z_9IXbu61_)kxw`-9Z)r&`kBn9Bi!F4tjZMk_*Up=CmEqu!GMBGMX5-Y&1W(_p`P8zbgKnvwfzL? zo*iWDR*U}-d7))8?(7=-gHD*PyRc26e^qd$h!BTO$amDtjOr`keyO|2V_ z=2SBrPrF@5LV!VUeD7xWM(9>~3O7MFIlMB`Wl!bIQ-T{K>i_TozPyp1l}bc?tNJU- zTp0jS;L+?r>3*-Dj+7SrcZkt+;~}qvZ42Tw$ReUW7{^75MF!%YzZICoqtJ|Rq5(9= zLa$fS6@DU9Ss|kM${ZO$Y)IcHJICFK7S%d_D}t|y+Ufm&rM<;4PmWGle1bYw%5s~KrME-ZW{ z3X8Ha^{=*lLt^oWifWs25cF?g=E5dDQ_1m&8zhZ53JYu)3$lr{a?SV5HNmqxx5d|R&ZII3R3WG2Q)r<&| z!{^Bm?G5w1%JrM)`wsXX494M49h>3bjtfm>u!)5*)ZM*J4gJ@n#cy432%dr=|7Ud6 z?{lE~H9b_-C*w=kC2qAz$d`wRb$}dt`2>p}Zj<3I8MPKVRr~>)V|J(xSc%0+mW!YI z4vuZh_@poX>20l>pKb4l)rt0iuC`d+{ug&RH*x>N@!>dW{~sQYTl;@2PX+s55V|%0 zTl2p;^Ix#kE?e#bz}9g83JiBa=|a2xEiqxObUaVeW(hH2Mxq@L%M3d+;ws_oL4Jw` z50>!$Gjr<*%}VUf2FHmAHc|1h=CH`ACUBy4W!+PaxgM06EgK6t_oYLvQ}-9*&<>Ym zxu=IrG@C(JSgO$0F+&Epl0At-MgIyJL~jZo694l-AWA546Oay{ljQ`_F!R z+Kc_C(|f9QIvwx>7&JxPGYdh?YFIc5U7nx60`l4bV2EZirk#2SD1FQz*oF>^JPCXS zE`r#owT&;0mL{jH98`ueq*(lW;jM!%q--LqM4?u}W~j*xqj9gNsXLOfP5AuX&XU%1 z8;n|%r&yC*vsOIS17RDVYrp}Jw?Z}XB}=x_nITF z1=$55Z*;soCuVi>T3H7`Q=}5<4E>{>g(pk9z_18~+^k>=2rOhH#utXcpxT`m?-om*VR(ZRE4 zYylkT8c^I03jB*hIU;kh?_ZFbog?Q8y2`Q6@}Q|^FS7B$Plc_du1pPYv&2_b*VQEM)u9AW|6tp<%sy^PwoHh{eLH~Uwydv^2_s!v!CU^ z;`jOccmMbAFK6%GzI}Oi(RnQSB*q`>9O!NN<010LVO{>ncVa(3e}Rct+2r30O7 z)ROd}k+e}Men%8-MtG--D1vZ9B7Te9BUJ5RII4^n!o6AMD())cz1lfJc2S$BpeZ$E}(_FVwDbm%Q%##od61qFgZ;BDx;8GzK=(#GKuO;eAPRLnBWJ{7rRes4R){J>kqnN zB6o4>!-5@<Zv( z>#n!!8-MD>e~5E>7_w{PURJ#PtNi@O;rRF{5&tndIzDdWKeqAY#DA!SZbLuX(2q4k zKYUKwwTKUu%iCa&2O8|55;-@{)+|5#nd>VOvwZa66%Q$zy!K(>{hJ!dHk*%z&C$tSCB1w-)gtN z4(;Dk_aO~ew8(rEUbs4@Hmb9)yB6}9-{0L~KY-wl(N9e1Bl1;%$Db_SseB#XN>mUl zwy<*86AC;hh&v}U2JyyeA@v0sCr9>`)%n;Tu894eGACBh{~59?9s3TS68(QP7!H&A z|6th0e{ba}(*HT3Tjjr1{?}CgIUDVy=Fb6Z)&7U9_Hzp7>ilOGF)lw`!s{21iQ}P_ zv>j0k&`Wp?Ouya+)Ri81iK*v8@b=;yAPNkEXK3!Z&;$l?U1%_C$-5OoZ$W5yjgs%M zo%*^BN5IX5%x2=Y0O=piPPrw*`1+%VpwqNZ^{2l6*Nc|tihUI8f5YKmG)n4!qgMah z&QqZONkX>@V5n_8f@Yy>n3y}M9ZK+8_3#0!hmyo;{V+NyVIv&f zGLP_#$Y2#-ISlV}p+Q{p1Uxy3m6WII#7_9hlUT#Hev@&2E3BA*1fvTyhnQLyh%;N^ zkGiL4&SO!p1y?EJOt>pXgWfft`na9~Kq=3L4giaDx=c$9pXVRH^0hYufuF?k3-i7TqT7 z!3ipoPx*HAHb-+8vo)e}MXVK(_!^@5f%_mh%}ESM~gHacVPS zU8vfQvbv@kssm5K;-a)D5|F3;yHzo^)=0N9Kmk#q&q$RG$+%)=!LArvDds)+wyc9N zbauraG9?R!EG7>5f>$^<3N(hsk)q%vCb$~L$Q_BLRZw4qW78$hM)_{F4szK}k;oh3 zx|IN~%yes^;|_VQ4&H73Mn!hwCjixU@wy^hYl56_PPLdTN!`Hni=^Fb!3Q5VF4t2) z3On)L#Tbx#9PFf!7k_3F4%o!Q%pnM~Q|&;zjVFNXbh<$EL5j8|gRjBf+D*XVxmkNtN1`;6*EMspg`84mh;pUdk+nQ4P@0h)h>&I>jf90uHQgBX|i&&v`Z{Y z9(oC{XsdEDTX?Zn{OpRbGNU0+f+0@=IQ)dwF(1e0&v6lQd#iP$>%7Eg9KXkF>>r`- zHIq;=jrX_2gs%y?^qeLTAGNi(~zR{!75Q>y>Br+`}JzhUJ+RLi4RO{o2JpiyLO5*;pFolpdNo=B}J_55B28TDI;k zt3fbR2PJh{MV*ypCzejx#1*YgsAm|E(wV2IuyM&#s>G(RG+Wtxt0_?@?_UV6jjNKL|lN|aj#kOU25_ctpfRU4uc(bB|% zc+M6p(~}z|U2xO~Pr<0qt&@`Of-9_7?yzCr5oY2CdB^c{{;|-yjB!lN!lbeZ*#VW> zonmRO$0S@S6TsOz*5@$IbLz)@&dLWk32&jD8z*bFVY>nsb-+PMR}^B_NJk<;N7LSl zmXk68{u)@Rq03=nE7}>sSmeaHASz9&GgSu9)J>wJUiK!e#sDUfejP7C7G#-AS*;dQ zsz{u6x>{voB5IH;=t6UKo#gw5?t+QNd-37Lk5UDrTy-o-02!m(ljM~AM5ZAjbe5X2 zK@5U&DXtk6lDBt!0SnL8G5RAaB~?1119~o`fa6f!(5F)dX2f&-B>7JY>B_ZOM5za< z-y)X;+(rXaix`)_I4}{tj1d=MZsyY13}w`u`kE%41aPf8Nr#Jce$T;h#hX^+^c7aV zAxOESG&VvAo1}BlDxL$X+l~c&Qdc8z1d}8(GIfC)`{pfj z>F4|)F2$uUJjW6@jI2I?YB@v1?6J9W;iC(<@RL+JOi$btV+IfbhHOZgZaWlAJ*He{ zE@Ub#mx-DEluJT^AOF^1>XUU6f;9=jYD!04f5Y&uw^w%lskQ&NKj;k(4^&OI(l%g8 z{NGW3ki7q8eAwpy+s>1-|Cgrm26g~#oigaQn}3_%{43baOKtu=>pkl|+ke*R-k-`& z;ohA3vWfjawY`VF1DKwl?H=F*-2+UMI(HXPbxX;8z*pEHm?FyMa-{&YCl?Et*l;5= zVR;AU9t~c^JhFZU6!71b3=|68*nGWna3lfy@0)CF+qP}n8{4*RZ*1GPHn#1JlZ~~p zXHMSt{BGS-r|RDSrlzO6tGcG^(dYYpzKDSkdYC8)cYWVe;a;gJ(6q+ibYTI^NowK{ zA3@)ki=fohNnmULBG5{|pAUFimkw%++RU{7t!|!17RAVK`HOfiYS;Ak)zKgr;-lH!;?1 z(eDEEt1{TY3a~z&IA6B$n%^br^{F3wOC{RTA0=OwZCO;Ue<)w8IlW0eeIWy;+gof+ zd%6(pF;pB2zq^2S3~naLVPqMXzHEoaXlLmV(7M7{-w=xM`|A&?cs`CxG59!@0LtAl z+$h!ZO|FW=4MT2~Z=7If{9*DkLrDKhLh7tIwrVl#53*IB`l*sFV_@$*?6Z(r#OD5& zQs@!jfY=y_G=5}k3v@jC#teDlY;`_+rUXe3`-824A=vo{O{t$yBbx=j6Jf;@(l=3% zh^1?DfzTd;RJA`W&6Xjd)<*vsxPTrSA`HxK613F45$o8#2kR{7c6L3p0naWQnI_!Z zrUBuV@Uwf5vl#^w?5szMq73QtA}M;NjaaLlzc&3A6|Ef<>%RdNC6E%m!aY!5KzMqf zO>c$CYyj;OfQAI~Op3NTFq^rmA%Jw5aimF^ zv!dl_`qb$4PX8W6odC&)QQd@4paUg}8zocW4tV}O_tdzQ(+fkVq+PHRx*8ic7@l#0 z$R9AFu792h4>YZXu|A;R?#ZgqZo-Rtui&PiSE91~>p`t>m{xrtgWP_W4VT*rr`*Yz8n(zzf)lw{T2fpDwegv%9HT{VS7^aDv^>RuVEoVfQKrk8l zP8vLc_hbmX`{RMrW$@xOc*Bw^uX2bAv&ZQDK1GDgm(O2fVv7X~Ic;_t6Bb93+xPhR zX;p$+e|^wmIRXO%Fj|cE{{KJ|X0p2#Hb#MYW-DcTV3D`8bdYT)nksdT z44;H`O+-^s&0D|~K&_Em#T_4QQy>=oZqtWYzw?b78cX55sU$k%$v@L1k4vJ{R1iYV{T(g7A*w+sp)g%4Ne|xwVL~a$~ z_*rIX{?)|T4tiU*Q8>{|Q7KXHDyB+1ArX8*y+ox%$yvQl;o3Fmx73#}WZTtJd$8P(NO@ zjfs*MYoz?l!mfzs+T=@u7+6!~SM`{L;6VR2ZB2OxmS~E^$_$w#e&8C11#Mhta6+f* zdJQEWgCVCfGESs@im*8!_n*yZWtKAYh5Oh*MB6d&KC6mtDv!r9At9^IA5VwQfph!^ zIcY{W#K!+C3}>8_Yj+`0-{}Zi=sE3%^l(w@H%FU4-aQ1W zN{%ePvY_>&mq+`5coR?rDH_s${||4HB*V7xqq@$PsnDTsk>x80g$*+smYC>?hv)__ zfx-6;O0B+dFshsDER_|O61#ozB2JL*44AREIt9?f1q$HCMZkOox_NCoeot8WdENu1 zk2GE!-GOQD!0Fqw`tvUm(+*xB*y@`YY{k7gl^YVw;rR(c#6=m*az~x@9&FQVd$PX4#1DPE~oMt^5 zr_Glp%WbraTfFiH62$JPNY6bS2T^QZK-@2$#0p19h*<6niO{$Nr-di6vj^uR!+P9) zF4XBS)TiY0+DnNetQ5teK~CZ2N(kUDz;_p9s*@Oavd3|TO5jlEL1Y{Bq&CRx78gSI+zs$2Y=(-YBM@U6Ix_(cn@sW&mCGr<`|nYHH0T>~O4vO?Vq0 z0xH&>Ii1If#9UWR@u)(XYO~o*Hjw}cOo<41Bp>A&57n1)5KKfWVh3Uj|QK|0@^WgsDI%yH-MT;4xY!XEGu9YS+?GTzfb98zUP3 zh!RR$=%9slzMghdl!HZV|NftUAxf})6CBU;UFLg!jD1R-7y;G2k)&m({{ywmrV&*k zR|4V=o0}W;zxYPmq;T|*)zu>iOd~3btVE`&((tV-S3<9F2a(N>tani}f7zrH(@&nm zr2jHifP>b>FttvX=N%2jl&A&%58*VP2oUH@)inUf1>RfVszoz$M|b&r^siX_CqK)$qi~!73t$WEuQ{--oWA(4&xRG z4;3mR)CXj{NEo{YeER|Pd=;?bc6^9l_bIpelNelgg$hC|!Y%>OZ*V7Jlb`bGaywjo zWz17bcT9bpeC46p&J4~qGO0)R+-Ob1duFMhdU!Sx&OM#eZW``w&CF-)gKOntdR{oEgK(=izhh6X(=4uJ$u3QtbKK|XZ` zU#@!LJ01*P)d}oJu2C6Us`trb)vX8-y4pqimF|c&0`)x^MLwzk=Yvg zlx6d)Kx|byYG9bx%!(MdN0hZWg!6P65|gr)iMb@#Py945tYhm(V_>%fG$>JT%x6{YVWASUw~>dFm^{R-#+9MwX(+hkeShp}FDj!;#&H zb+qUngd3U48~*=2+f>x}bWj00JTH=q5`FCd^KjhoRuZskTiNHRqTRNxx}?lG(-q(R zNuN7SYC%$W=f(2tmB}V4Ssujvr5_1$@&R~sSK0d?Eppo{lj0HQVNKlYAIXt*sF*8* zwV+2gE7NX5Jv&VcYOIR3LSc;)Wg(Y^RA|XI-n!QTp`6UI75u2?vm3 zql;*EEfc8K=h*OVE^yUFhmD}i0~(SHwD~r0vA^SCXa4IA^9wEl~J{ zKtm-~)ICm&?yN<)7sov0MnImVlB1-00om;MPuC&ovJTvd;{4TOBP#u6ChQmz9@o8# zf7I|9VR4hi_0W~X*+L_10))cDh9%?%o!+Hk5!cEKg^F76lCk(PRh`sAL!@HXz?|j_ z+OC1HRUk3fz(p0{zyFMIkmA2bICx4FAN>ONtGpoXryv{lNBshuPZ-+3w0Va*bQA{E zYYs15lZ6S;vT9`xmwOTfRx3d5l7(cd|0jv9ux=QQ`#TB3JTA*6k1*ENOEvLWyWf%1 z@n~(ss&P*WhoYpo#j}GFaP%t&K$AEqPyoOI`@MW#5Mn7+4m81A4qUu?G`xCzB--si zFM!0^zCADCDD2J!SbKSxz9V(8d_~SG0uR0~pt9HJ`5**l;nWWyd=ho@^M@HoD;_B^ z=thK@aBT);m~iWLXUWffKo`goai}jNn8yr6VuYm>`2eRLNQs3$NXd=|XzXnPV&eaO zlZ1{YKthf_V7$BcooGi0OBmP8slOs{E$GJOz2aaq?%TW%0c${|g)yjvzzy`TxfJad zyj?t$94Z9`=%i_v`efenSGq?|bzxxMwoG@=ODf-UvbmLSZN~=a+E!+6O$b0z>y}Wa zw^<>vuE_v3vD>J3)_b$2upee^OQOIxfOiP>$k(n~*2Y)Ai~Q0Hu~AR<3=N}B^P|5a@$D=243SbOfrvSHIR@-(tDrREv2Pa$i(`arHR91u7I2FjolHsW^a!xS0a`n3linB#!ecJ>;7_ zHjG$Ul_<3~piK$Ike3Gvka2+9pN#v6)Be?Od)i z%`+PG`hFaLesu#sUNTxd9ryb9;kw}U{tGdRWwH`Lbu6!;)$_#c5P;+s>S2U@Ct4if z1HbKh6iWY2&g51#x@+GFqxfjP;tR?9#dC$tKRW?K12qJI4Y`zgF)c?L0i;36|AEDZ zMGilKcbx*j{=AB_&p^VsEpZTg(jc2?5SRFODXC|QJ#9Ykzd{LLTP;AOx2r(HRR{*w zWDsaEMqTgAAM`CezKGlc5TU6sV>S6+b4H_(AKnPhHMR~2wLtuGf0!Qyjn*86W?w@1 zabwXRdr;qtq=BAvN~2FgF=KVO3)P?qRiKX1FndtjZI@HRYkF4hAr0bG6Qlw8HpsuT zy~@5J-6B(&o4bvXupEC>Y@3dx=T`EiNb-hrI? zq+dcJM;d#MPhV}1Ur3-rG$2yd+&#`w(}j3UxMoPl)vt_yAfkDe{(vHFB1$9kDcv$5 z#Y5v|50HGfP?7Vo97SqMr?VIeCLZmjFBwJ!)d**J4}Qw@(CnP8<#t9fT=~ZL%8J>b zMyiI*e$2ahmuT_rpAaf6b?2A7c>lT?gYUIOd#pb>eKnYyzkjWrotw9--AQ=UhVsnG zDcHo`-u(V(?S5h@s^Zvd_X5z~1dh8wzSvLbnWgFhb=!eLHwmgQz*xks*Zw;GaDY(S zSlvs*6F|NH>lDl~kE_qE(hD?E$CAnv#N?sq=~2K+sX+FkwLqz>>F4pE^{D0yo88t! zUAkofQ1LEISbgxOL5lR5AxJk!H~2z`hOpR^WL#o+dU2e@!!*xDFf2U)2`s%EOdSQY zTf)5t@)2t?+#(IQALD(29#$DLxWJ|AAqxvBmKY=r@v_o_5jysWd(pSKB5^&)NVCs@ z)>@yiD*Rq#FcMX|2ctiLUv0>HC%TgV&Q{6G{przeEcg0%q7NqDsyG)83>YioL*1IH z(>AN!EtE4(1+e9>;CAk%qwCuZRvu1_J?k#V?LScGeC&DLTB-}j$d_ujRrZIr_T5l_ zjaDH21TA>LtCIES3pWZ-fS(^fUgyIRPbv5dYpIjtOJ}*^_xbo{dGV;FNPA3#!NhA_ z+)I#sPvTTfr1R^nJU-mqcMfSGGG`EUyIjDyTBrf%F`z2kh{{KAl=mO<`>%FGArj7I z?H2RWJN-nfL!qS7e=CPjWhg!83jIg4^eWb&HZFc55Zqhnm?Nn0(Up32HZ8llj1WtS zFGHP+kKadXjUd0CfCr0(1v5Y=FTaidRxc3m{h~)}KdcynW*q?17QQ#!?AS}Dlso4*T>!on-Ty|LO@bl0fW>(J+IY=!^j?<~6+qZ3D@HKe<2%1B5UMa&#?FVx z4=EA!f*q3;oSlk)`j&SMLMQXzr8mAPb7koMjSN>DL>GlehU6UpzkMikg#mYYtqhX* zm)p<=M-Vy~VHE@8nigzH0fvDo$IXv}gf%T@f5~O^o1XrM@b~!Nl^ZT^=*g=XPMqxf zj;G4v%l>cwn=GtbYI8KCC{nGZcbUyfXOblth;r2y%oO4BUC=LV$524Hdv<-i&QZNC zFvG>MB2MT2y-e-d9~3W<&N(up$%QiLh}`CGK~LM{y8@CK$p8(hZ;hI%;(DOR3{xt4 zgs$vf_A|OM8r}ir4rc&FR~Q3b(BFdhP z5d|Mv9X_)_Ucx}y6}7Fk+)EAnJZE|P28^KQE+EHj`Q<;3KFjJ^tt|EMUb4cV3WLG_ z#)2U`HX1FJir^;TI|X~Tk~UEaMf%P8D}U9a3-K;wf+KuGe=L+Uc@QG~XkW5Ym|R-f zA%$eutPtSVbxXah%KYPhA-&P2WZ{V_Xa(O<3gc#pi~+O!mtcDKKWLsbb3|4ggNF1A zL}5$m=1I!p(2-!mZCX;Q3O^WTi%7xw!(>{En@bf-z7^Xu+Un~1KZ7^>`bvWgRE?+h z>*{ReZGe2WtTcbWs4eh2Odx3Xysr?$`*HzU^#6et5x=2DTaEufi|D^x97f)t`Udjh z8WL{{6?E%y=&il#r`4kh4N_2vK#+73mt=z`njAsmJ0Jb4KWPUSDA}h*Shb7^94v6A zSQh(-R`0?Q?L)dkWawl5hg@_y`6d^C1tr}~GZ`Ih@=68{xSru6v-#J*vQNs>8&j4} zgi~@;Q6ArlVr#HJh(BevF6l#uxMr0XRxj*jvu}nd>PK@`?=y^>BCkMaN>xuO*rr2K z^uA9Z`5-m5QiAXMGM_!=JUHb+#Ge|vjkI5`By|0A?fJ+e+_QzT$?w3Tk2>X?2q9r! zXF(rrkd=F99hR-8V>>>6(f!*avu@zGR6j2Pc7MTOJlN#eg6hgIGgX}!k&`B-rw?nX zeLD#$j!YR#sjQ*`ZZC~ZeOL(}B79(@gHNGdzc+&W2D$h#=vp87rabWU<9A|1*K`zy zz&Htdb`Xkz9T~heS@vvVI9!oVjrDy)3;I`z{Cw24R-$Sb>LyU8ye8=ZE$f%jH`NjK zqukI%=Z|<|as#rpb6B$V;LOor<#ENvhCJ9lbN@r$?=;a@9BSUMQd+;ZCFi}^3 zMd_v?r?}PA0<-s&e;sx?2!2fSW6*-CQfb8PpKII%Ygx%ceDAV|cLnnW4U$RWC0Kj| zU^yrCpL=jp4OcIisruYLKjEx)hm?2^QWeRREn4Dd|7p&IFr5L`gQFyP1nkr0 z_RhFg1w3b+E8OPaWP|3yl@*T;ZhyqFj zq_3n3iS>Y2pJWA&dfbIJzwWYTx@gpNQ8kWPpTEC__JII|Z~q*|K;#sRMp)!D8bNi@ z#t%n-Zaw9+7RQU1N-mlD)f3NuPlW?`F`^$lK2+O29j0RW1}MMYIE7~8tQ2w|9-pjt znxl%?{A~s+G1>q~Nix(-DAgMyfI_rgKD7qTB7z3fpS{7H&KYq{2@Kg=D2T}ec45(G z%K(3a%YR9K7A|VhZOsD{5#)9}vQ3&=9uj~@DCLeKk`j^E*%;#euCFyL$pelcd6k+* zP%UL(N^Rjc**aYKOH~%!`D?XCKSFmqwUZXEooi*AjQJv$29~Xq1Xy9$gDrLek#|B08p--8T`)| zll2dMmfsBuOh)4w zQ7-^nw&s?K^z}bXHV`=9{hk3$$S~0QQ6Ie#H5e6@Objq8I#$UzA8Q+;4W}Nf*cj-T zELK=!hnt_BSm%r;0-4`LCG`I$DjT-o#vram zjF8~R_d(#_zupggLilv&|MmK;Jpg}7>iHwCPyfde%`0^V7|2c70ob$WKL!{Ue5XPk zPXNySuP@@R^I$6PyHoi~fq>Ut(}I=oz9ZMU;?(IeAVs?6a6#fI#%zKjh545Ws7Nz} zkrr=r(WH8JYXm-KA8NS7W~Pb$mL2(1g2Ig6Mri>HPi59f(J8uiIHnnzww~7e)SJU< zUqAdZmWJ$8QpORps^NUt&;r4Zuw9on@we2+AP`;kaJ|dPNPrTcQn3II4u<8T2&&dW zV9-l-04EBcDw1hy?z778+c|WQ~+Nsa)`f4O9jBen)>U>hI!RcQ(Pr zXXh}^5(=9cGooQ7ir4>vPu7)O{$KbcoR{gccUWG zhX25malag#+Re6~Nw~^Tj}NtrL)evA^WS3%u4OJyc1M!niFeyLjWN{gsqQn3p%w%AR4;^0cagrA&gXzQH_540h-?)?t@`4OF^Nx zvv_7Wv4!P=xfSL8PEU_>;>`3>fm>!BDzYw7T3CxQl}xd)&@&BllwqMXUD&Jm{?VJIG=CM4YF`Tv9>;S%4B3@1qq zoFbbEPxb>8Kaq?&v&o}bCg5E3RXpr|35=-pqET~+=`qQYTJ z;Y2Q5T8;unZheq$<#jt=Y86o7i%DXj%_& z2`6!bOyYQ*pg>I4RXjt7SGWR5pS(Ozgt7|pOR{$xKXL2Bnz`bq4Z&+MX^qM7jF!aXO}PB4Py*WRePLHZ~uey`o8CvepQdmxK#OQ8T4|I)o1gvO}Vcb z9jYRVo|O4k9W{N+t7-cjN$FjxVOp*9wO`as>!HdR*Yx6f6@wD+)yG0EXX6$?RHFSi zOOcCHH<0zvUY1CI%LM;d&yM9l&cYfwCKos9X+%fvT*zX~3)?=@9OVp?alg_`>g*eZ zPd#g^&z&O@nrGuElSrV|{dDUSH8*51WUl%8#8)T?9cY8~SL!uHiOLGl`G{05^nzUk zN%V;|Oq#!$gT~rXi2O9+VJ5!Q$L%^>XiG*<{Vvg8UX}3yN05W*hEyrGA!wr2jWLM~ zRpXle|FX7i0^I#NIH3Y4T-B1B2%5a1{)+O*BV(LasoIGwqILvKc~&b`uf|PD6wk_0 zFh`y#;@X=v`qeZ?)NL=Q1i@95x8v~hhI}Jel3Du*lY&hjtQ5q93R&hDFOWND_e$RZ z0ZZ^WHt(MJ|2)I+Akb=rG=LP$M~BpdtbTpD6chkWG^ zLHo-dxPn!+9EA7HnU1na|$xVlVned2LPh+NlgCj1$wOVCd+*<%F zCA%oj%ccz&#yyppgK#e|!n1)P{2;|@W`jC$>TfX9MvTg}l&fd{5YqY_)Vb={Aktw3 znp%2R^_Gx<5D;p z2qBmey5L;2?hi$mw0_U_70ai~PcIn&+|oIBzxX=WNPx36Kn^9q)(*oO@XzMvNZ|LC z)d5@5{&-cl<98p9;2lH~PC4hNT+qK4jQvlYysG}lsm|6462L=8(n_1fipdDL)%pI| zo7zLeKG+b)Ojf4MALf{{D4$;neR0F_z5FMpD|V3xujR)b4Db8rta`AwGuArMXAN*q z6qgl1Em&iJ9a#)0Q&GyP=DJAee%j8fyF|)6c}P&weHYrQt9Y`P&eiSIy3dW>hG?eG z!{Fid4wd()lbL4t?GId`vQnI^Y~ehrHO<_X3{yq*iOD$S#L2dWmslX9n~ZRak)hD= zR19n7X`S3eXuoMvGWe|MTeneQDFaS2R;=^nFTbxqE@J{Cc`@SuU@2 zYCm)SjBmg9`}%sn1>P36Bmr-avPpp%wRe(W8&)8z>>%O%4fHo!P)G1jAU#t^@)XpY zAb4f_eCprs*}p3><)b6Ii(E!bqT73@=f*;g^Aq3(O{Ag9y;O3+sjRB1t`=}kyG`tH zsR)k%B+VuZMTopnf<|A``yGtr=Y_Dp3k3MWl|M$>sOQ(NT5cYQIAFVk;wk6w(oGJ%%@1b zWJe{<@5Sn4X||_&b*gEc7DzMfnY#JgXFuh;2;riSCD`$ggp3=~pRY-!ygR}@rV>f7 z*D4M#LRc$LR3KFST@;GMZM_62>-qyuG6F6e3c}w{b-rBTfbU1;?^rb-Ex~;Y2!x6d z7NGwep$X#2?}*m8@0DjaOGybU9woSV<2u8{cbNm+2cxCV+C)CyLIKk;J_DE~Y{vpg zx}*Ho+&$16?@|;zh@+WPzStV|HQfXmd13`EX9k#XyuT~jem{tq`_kgA=4F$7Tl}8B z0s!NBU;Q23-}b7@Ku=Fku6JOsp86v&?xcV5Gf;Upu;c*<%?nhc+V?$4S!XByqv=(? zR=3ndC5S>;fpR8IZ4c7an5kMs5w((+B7=~7!nRcLVR6AkDZO`raN%80q8p-;;R-(? z{9|>&3=Q!mwuGY#YxN2-*;p*{ZCOT`9?w*8QXU!O`7eV0Uivu6PZK;m?8ezD`fo{= zv;)P(wZ-MeTn9?2(>WM_Io()XaAJxyjOP(pwNm6$nIPObh(vUM5 z9Y{42;`#OWrak_h`COdjTeiLE!%Wz+llU>2W63U6(G32izmZ#(RzcyPC!AYcZR_Ru zS1o|vXQK`s@2c}F13uU>`3XbQw@Z-r9nZ$C8#7(wOe#z{PUJcMG)H=l*w&5rT_8Q^ zjqz=sweIO)b1VYx9uMxVpRZNVL*YUvEKfv#pZ{WHH4pkrmFa*XU5o(aO&cxFzthnm zv}W+7;R4Tk12w2Sz6HjBFa{6Li_yHB7Duz3ryJ`WferokLK9G~{>V6wb<)j&tjb^6 z5-@H^?puD-vZIjUx6t99eKhC*4fJ0xyq)`MQ1U&8Ef0FEox1XtG{vL{6bGS8533KI zbs9Ng$Z#^9y3mXgyNW2@Nia{1r?Fj62Y(TCJvr3cgeeJ!-Q<^OTpKs!YuEy8lw?(1 z*0Cc~@c(LuDIy}!A=s+;XV0YXzLJ&l*By5{LXpfVG){6wp>Qgm091yad-xUq8a0HV z%V;g=n~XBKar+=yz7w=Cr{eo+Hi%Brp!CBWGKCUj$YuGo^NG6!CNks1JgKj!r|=XH zCkZw)pU=BtRSdgku=4COhbs+okfW|G!DUJ-Zo;2sp1h`M4-QJ)zl9Uz8}pmbGZs?l zKRg&YzK!xzb^L7FG{poTNr^4+#+Q0G0#3;-F>HkC+0u0=lAEpt{h9jz+tSFw!3@JNf!LUs1_7VWcXdJu$YDiI8H+25Awvs^7 zf&Nt|&nq@DIA)XhiDgp{I~Ayah0Z5eE=pzfmOt4da~8)9S5>Kl<0Y~Jp9S6{&zlt- z?-?CNl2U9|3n5NFlp`|6f{-UBme;1bmsvgNa{%jpi=|cXD=lom30R+?Q6CCCT?@P- z{5ucayuP--0B%on&;izK?P2`uF0nCKNh@mB#}wuvRg#WR6+JaQLNb2Ppv248>TfgO>%SqjslpdfYElDeCIG%;nOq1wFSvbnPl3 zvJqXX8V#JfzmhL!n69>tXO>ZA6h*x`*=3nBtXL*k8;XHp?7Hu=L#NZMa0Aa;Bw6Pm ztEFZdxRBMX6@*URm=wF5w#C#7CK+1h)6vrNMq%RdLEU|te@Rl&H{DH}!E`3mo z-VC3dD>zEIHCyW}pO1cTbx|P<4|sFHqJurssZ`OPC0X89x-$~)%v@bEtoYVP^rGBl zd^{82^q-iWAeRUFVeU`UuG+DtCF|8rHOw7c(L}Vp8?>eWN9u^;*!G^#?Hm4n`|*+U zuy=d>Kd}&HgZhVDPH+s=qIM;b?$xWKN7ac1#obQ3x{{6(f_YZ^Dc9An%Pk}Yg~{HQ zMfE;a{j#tqMGmt9^!5#1TFfe!dP4~=G6_MlA*k2{j77Cs;vIq5&u{m<`lrzoky!v`%>Gmie)$Bit`_H?g~YH3xmS-CjZV=(_j7G zek$dxC8%E99m{=9N8X$rJ#*TWxDU4SGV|KmaiJMC+F5^+{`d+m!D&*v%-JUdifk%A_8|urz?mEK;oL zPB*GQ?CG}@^q$^O$FDOz%sV=~vGNgt8Sk5qM#cgK0SHsR`>uWg$E)9gI-h~PUpsl9 zZ%EyFdA)IfK%#ZMufURL#}xoa522!C;N++if6)?Yt#92)8s;bL^ghfK~7`H5a z3d6T}nAmy4CAe{5L^v1h1Hr`9KiM@PcBzxRw1*z(~OJ!ZA2S>V*o}4J3i3R{z5KxqXk=Md|LE1A@j_zRrDr*$6nBs z6HCuUIf*R!Ynb+P0z{1_i`g-Ef>fuA!-Rs}R`W(LQMtbD(w+*nd`l(;Zry$9!fsm# zmg?rBmgr%ez4XY-ub&SjGKGF=R`MTsS9nehA6&=7wUXEc3&M30mF~?P9nZ_(NU4`R ziN)TK0k@eUWS7kOO&9clJXRDf6?$QFD{>1tSvZcnUfFByN4J;M&VN<^R-{G@Rs4WV ztqzU@Z=2HviXxN9vLD$gD{h|e#k1#1Ia3+1&Njdx(W(Wq6LDgW7VElrR=P`Y$7c{gbYhjCiPM&oYo@UL!6UZLUg=orb^5tl>cb2YAy5b1nGlTEtbL# z>y-Y}CH+Sm&gRqpIujIwJn&fXV2|6T6fT1K^ihYy+y*gN%7Ig|a#sQqON&0oZh`%# zCv72k^gaZEv9Jp27gUAW3^`9q>=B8#z1Qv+S%@lTOjy~|i!6o>C&--Lx>Btc zXngF~P2<0xGohucS+B+W=rEaz{lD?ZAH^BXH&_z0Dd{geYESCbcI_zV)An{7{o zf9%2>?%^maxx?>A4oHTwmv6n zEwouP1PAsGIClHCuXhdWej>F3~PU_cQa>5k4ktdt9df`YhVnfiT97XOWT2ckcX zHGjL`VZwdZLe5d0wZI&_$2P0Bg5*{I#yxN49)()HIztLHqP4`_mj9bAJ-n9=C2qVs z{CJr^HmHey+>*pCevKV&s~%H3E?ejUXMG!YO8W$6ZxEJXpI}q@fZ%Wu6Z06;rmZg5 z*2eKK+fxl17jYG~Uv~V>9n)JrT&vKhPX~{n{jzqUm`-5rh^dzS-n24=;fIInuDXQY zf+#|o3~dbI@%m6C5y^JHlX@HwE6h+eK`r)m-r(V)pYZYi4!G0%rSR3@+vU>KsOS(` zx1Smlsz{nY&n}r7$vY2+>0y$yn87qF|Mzko!NB39*a-p#(!@?8`EFI z7UA@isKWQ}>IQAhd?x@e8}9*gtnc(W3tkM#%m6Lvq01vr?VQ`cg;e05e|0-6;tJO) zjS8UK4DS)PhB8WUeYog~M<)-Umjp9Q)IcnHH(W9p6rrX_AC{H#aMD>CHxq<$gJ1lf z8~zje`B-k}%MBFJU-%g*5T&Ij51&g0bob2@{aSZ$OaXc`Wu%C3i$Uhb2TDPb#HQKC zH(Ko)C|czHdHZ00xFV5B@T9)o)Hc+IrL(oJrWPIdl2$w<<|ZSgYHp1&9$<7{nCj=v zYYe<5_-ASew-osBN9P^_|Kn&9pi+|;>`UTFs1KZ z+=>-&b@zo5%>@UC6VOl4t$5djV<#HVHm<9vcQ0l1mcO{kEx-Vc_|1&DYr)ABu!#Q! z&rkkHCMj04IlB~BZSC>UL^$`^ITrl20I0X3o(jxgzM%~z=|PbxTJNv^Q_Why2p0q& zrYNa|uHY+Xdc;ptx-n;oo{iAhPwSKc?m9HTi2-A{OpIfD<1zY{y`*KpH11N$!PUVl z)@=Za#S=rpb0F^jor!FvALlcn=|DeWRe)Q;AVfyHm;Muuaa0Lvr)5%Zx(idjcHBBd zT4j)G*ER@CKRu|0C1rxB2XBu1>}vhgY`ahCJ2?kJjXoH9JU{<84V9Y?tU6$%8;Gvr z4C+vuz)drwZxu1z^2f5r)q7Gem6H&crH~hcL!&{vYKq3;cKaKI5jH+4V8Z(6 zs4RS9oaW6pB3H{+E^XO5K=(v|mOpN(z^ z^z(tHSVRP#L3=|@)ZK_aKnt;Exq>d2k0E*!fttFlNeuK^(WY>e*we(sfHpe4uGr}FIRM>`aa%^HaLhLwa8DO zWhp+swB&`-5MQ{mheD+3VAHOfOfMc;7@OAGxllJwjJF08ig9#vr?NM)=?=k9Z|vFy zbUbzn`HLo;e=$$NQU*Ug$h5FDQ){tzmiW;d$yQnV@zxE~#J1w6>rI6IZZ<}G*kk(F zc%OgrwqyD6YTwNx1RU~5|N2mkOzcYX`miU1xfe3nW>3wcyl?oVF7N!9C3MaMbRj*& z187V|>X(Jq#noQ{AH^k=qJ;fIzSHSX@9^0{yu54c#{X3Dxtfh1Wo8S*}8b2HUu}@TA)gkD8 zl=$N)=l5@nB;X0&N{n=qz;=euylm7n;~xpd!fEftFS8XXa_o+g%DORi&9G>8k`x+f z+>2XoT$ig9$&oO5qDrC@nWnUIr5~g+Y$l*jluu%AGLW$;l>DLAMf7$94dg_g6t^o! zSJa>=n3$OZd}-*_5XO(ErS)|u?K0nPc2$Yn`a-7X7z4L?j`hyM{`A(|?BbNFR2t;B zai%<{b+$uHc@dG~l!4<(2^5pxA;>OP{E@a|W!usC)=$B4#oqm;eD%=-{YMMr*)Uq1 zqLQG^7zXsucg(Iday5JC4+~ni(rK{Sw-7Iu3YQ-Ys>OZMRJi5O!zo(Gu3G`uUSHXC z*JHPtSb=fV2OAmaQwWS{hb#}-mcYGR57*DYijJ+fu{WR&M9mX?+m%n|XCMdYK2_WV z9?yQ?F$iX&Dyy=v)(xxaxy_p5@h^wz@y}8+G=^y|ranRW=lBW{mLc39g@QQtcRy<|cvH~C|83_PlL!6NO%q8jtvrM9G{*yyz0 zYe`YIuDjO_I+vP9OQ-gogIyvHwckkaz`=c0hEF`@wI&verO?=KOKm=9jiRcBR5WtA zFm0o8%bW4ho^V*dOgDEDJ7ULTIovXcIh<4)bK{Ul^>p6ba!2)yy>}m8hwPpOj-o4# zrs=@hi#+zcaNSupXejiBp5I)akaW^C+5a(zc-!y(sqMn?RHq++6o?~URSop~^&aS0 z0^A#aB0C2zeDziW_hP%&XC@_qhVYSnhEIVQey_o8fpR)mZ7Kk+DWGTR=joy@UAH8N zUPb$dLgnAz`k5)^G$yvMFEJ8WBYp<$hXo+>r`R6W>xqif24) za-Eu=ef5)k+ft9Al*lz$4uX#ktW-JxNg1Yj(}b@GlP<@+(D9cHiv$BpG>c-R)cwbb z_`}21WXn6P=Y-QsuvnS108I$dA76G>UksB|UF@u3qT&axEQyPcoiJHOlQ#;t@%s}t)mb*gU8e9F z8vdWcK&qxqB{$?RK74^D&k642l#Em=F48$bn5jVupU#A0!21KT>66)E#rPI3#oZox$I=-hAFnV)Xd+db{n$`(%?``n z0i6L}@)Ray%(DpaV8QyJaZny{B}MfXse`{TsarlZBQ#r}wT-*c&~QZ-2)wFG>B5<4 z=)=JAuL9V& zUwQW!p7YI3!_!n?*NBkoYz%O3lWroA4{9gw)01d@I2D*41?2JWGc`q~{`Iy45 zU9UKXvT-(bh$ujt?mQqnUVlFiWQntL0BH6B=D#C_D)1|y{`MDOPy28^0)c;Iq)B0H z<6__=Ly2IWB=jH}G7=aDJP4$*REe-1Df$_@ow9hH73%xnP-j`HYNWt%$?(Ry2@fT3yhfvqZ8tU1jSs#iCKjOen$E?vu$DA$F}g=e2MK_=yoDwDa`IV zkJUQtGyWQZI!a`c_wD3gvK|;q#bG|Km^u7{{_bu7TGz{tl#J(eEM-(#SAYa(JgvQj zx(u0p*-tPE8MlO;h{tFQM3gB78QqeTh}!^5O&#m&8}gvHPoZ1j=BCi=+GU{QD-a(5 z{E(m7k_N$pF(L!yr-m75{1pfPPe328rRpAao~^#RB?NHT`w&=4pl-B%9*bl=N=Jrnem4%nspX@&B8oYATYvVToX5-C&$~$5e)7@ zRR!aTPOvJbQYz>i>0a1mf6l%{fC`gC;KFL7e<6R5z&}U?-J|v{5hx@=HYlX(|YK_6%-1-J4WUo!ENOs~Z<@Fu{sKV=>GJLhx$qibI|#SE%=7>h1pJjMz%uF_Hrwo%geSIpYHDfX=kFaAPCY zY2Jk)19kQT&KI3UvRc((t4>=nhx}oSjTbIU|D)DlT0{A|VCAZ<@Mzol-@6Q0^syLb@=9W^L$pF(QTluOEi~{`Z85{sck89*$5s`bgz?xq)Q+><#~{b zy_fS{`Jra?x~q)7vw2_VK6@Qq|4vZ6J`2BC^G#?lPCLZ?^V~rNYjf|+-DKOB*bjQ? zU>|Ox;$+Tr@CmAezy2mHbYOD5NtmbEko6M}UzEDc8j#cRf)HD)z*S75#eHQuX;b@|#CagOk!uqO2tT zLvJzi7^RO8NKncNy<2=%?mBrITn~yEYYvXq>rXT=*v~M5s&kME1g&mpwxJ#=Ir9d! zF}^bqwkY+i-DMK5=R>aQb5{M!JoNEBQ7aF3EY68%j26Yl4!hX{p6i^xWr_5x)@2Cv zA&%;&CYag&-L7g71yhn|5_kBF$L3D2+`nqr`6x}tPSt&9+CLEmwf&H+8uo2vf9x^n zWJWHib>UaOBu_=Vg48ZNu7I7zoQ7&aC=hW0YaeP;yoYrhC4WlJg-X=u%~e@MTclyD zt$)fYGTI%lTC;9@0$`_vbDcc+Xi}Q%VCle$G6$~BNTM06-@ZNHPJio~*`5mOhy9zy z``fz$YVfjvrD272VVbnmC)+^QLoF{_RgV=p@8RhQi$sCXm-j0xGJFRyn=Gs6A9Thw z9V^XGwV|?rY5(jvNpWoVQbu~|a?zCvEH7OY`fHVhUZ(W(#-smWuZ8{pk%*cL#(>X@ z|Jv;o;=j6^^PleLT3h_r{F2SZ(5A`(W9tk8XhtG>5RQB&MEtS(@*JdUGa=~kg%xFT zXDa4cqpN#0GOPM*_N@eJy{6fBl#lKX6ikWdu> zyr9TZv8kz$X(6OKe8%AP=0ro6{G7)bOTS-ghRCfXJjB796Ej23jRj}OZE6i`7clJq zgaaIU=>%o(Rh^|`ODh9(2KL%h;C)5V+^2`;D1YFS=&?tA4iVg|_GgU5xzmEOi+d1gv z<3BpRjsNdnu66JKcLpy62?plxJP|0ZGS|+N2J`Vot(<1SO^UGD`frZxhtPJ+{4JF~%Y4)W3T~Usk*32?`g>7q0B&Xgff%&1~FcA<74>YNa0<=|GIh)=| zvIzUz1<&KcW8g*Tc^>XXLFT2v7POoPR463bU1vp@k`SLngIm5XjnnDIU7WjS^8b>D zOO*ee$N%?tb_(^MIve@_ey$S!U(vZ63mttT?y3TCigl2A;neU)i*e7;WuFBmSUx5^ z9C9+mlAN=bIt&x;C)9fC;F1rUl4-aPQC%_Mde$UiqCfAj2CsW#fs(s!@!6sFUN+H_ zfC~F36iY3sN?Q@~LTTXpukhP!-WjG6pUQ6#Q5D!T@pOZ(-zB;I+_&KmXqUT0@7AOCf*^R1u% z_l;a%RsWwaJQ#Gd`v01&_xB}%R6gKkaq+A2)ER|zGjj{ioRM0;$C;a@3v8I^k8~}{ z|9vb*mke`%0TEyx|L^wl{C{`1`>mh<|BYO0tKmY$5xytx|j(;!9wNqDt&7CdK&lRX+5(}8d1vRUL205pnZ=?E% zslPrW$>Y#N`#bO_9iPR60lh`_X1!Vlx3%9=pLm$J{1ocx=}_5NLbDE!D>Mn8rIB_9C9K=GaS8J4%m3KvY~sJ~>B?zlW>Md( zHNDr&-wZab9%r3z4xvBUCB(TNqU^Kf1F@&Eu*@80xRwpwcJf!>vyjv>^`G7RyQYpq zw#A*JdntDN`He#4n$9t#f9`SFP@73*Zn&1)@vw=8~m7W&v0M0xStN}uFsyjboX zkfXTV8^xsBwPyNXnie!S|EH6y|F_fK?QP`$d%2dN|M#E2li%Kp(%m()lht!~Qf6fT zx}(gDB4NC%^o%O2Fg0Zx@pPuDt<9{Dv0>_~UyJhp z5#~M#NfonSa?Q*C>2>n?zdJjf?uP&0$CW+*9S+U(sV7nWqEkm1=Ah|#Go=h`u^DcK zOja=d#e%%Lr9#qhn831~0Q2}l!7Yf)45fb2tuJI(Y&vwMnGLPvhLj*TP?0JOv#BZQWGGLrE;WqeuDGL*kX7;J?73K%cI2?Y~ zSLxa1QxChD-RachlAuW9dlsHDCUb`#rS%h0x6|n)l9eJR(w<}Uo}?#ht$0+;y3Tkp z?G#T_cS&czrg$;y*K@u;T#%i;FsGAq-4OE9=t3R^Bp1Nbkrv7Y3>fcZQtm9ZRI1(&d@dRYb zf7VU0#xM1cDa!MqP+c}dXu-~H@`fY$tUYUE=2lsRGA)s&VdgP)KBEudd2XO5(Cm|s zQ%|8-|B({Y#PCO@s0v{3xiGVyC-i1`U$sDRLY^5Q(8s}#7tPq=55 zgU*y7c5g0JTR2}1*D%yViQqMt^)i_wcV zal(A#QChZvgetAvz-g?eX{koC?(`)aIfqIk3W|~zv;vYnWc29djp5J2d6N#%2#ddy ziS2PqvNNgrL#=J|-v2KLROS`QW4C8(XfONas72(K3aM2i-DU=&E%LAA6&P9u5_=X9 zswYPq9iP6`2hPB0?%}Y7PC$)DhRT^Ua5yI-VqmdRpCC^u(8dOCU)4vqP@x~TU?L6OkI)I0l5l;tmtJ*rGa@0n zjA;PKA7Sqb4~b~i%qdPHjv!tUi4h3`G*mJeM1|0B*Z|MJq}K#RSdN_gIP`0eP)LTr zOwd-u$$;JxU!N}Zm+cn%H4G+*h47^U2}OjXfQF=1YrQ(pevh+1YmboHI&B~ZqW0?_?_Zss)kfI6 zYS%p4uH|Ljr!6`B_g5A{OZNZqFGufxe)aa(pIc*pEq%=1|GnLVZtncY?(Y8n#{YjW z*CTX1Qk*tm!`e|0Af21GG5I74N?*%%mN90|z@9-~yMLADgJ;f*&m2+$=#*!T4b zg1{QpzG~HKj~<~9Cz_HVd$M?^^AR;suhZ)^I|t3~^V*|FkI<3&y4KYHMIW5*j(i+R z!ar{55=`y(kjhbf2||vu@!FCT(jH?apSA@I$E{?Kbt~Hl3xttRBBE47Z=wONG*HR( z*@q|=gahFuw-FNrd9jdeY{Ipi$+IW9J57QF5qj!b6tD^L(dEREC2CD{O2+J(pnh2u zelH+6j3cFx3DC&;V7DoMH+?4osBCP>!1W+$hz9tYal{7b&sa!vKA-wpi9AmY zb0sGwUbT|-GrR&0YwYtYa?C=>Sr8EZPD}Uw2HZdMM#NY0srd~D)ASp9RQ!s(lAhm3 zC$Si*CnyO+hK5t(g|40n=yoHA7^zW~1(7h-H4Ws_mj!?2T;U(Q5Il|I* zBhb~30JkOKZeLq{Mc_*Zs2;c@gi)!RdYIc5PSx;CIN_rse>}C9BY&KkN^>tWo#x(Z zQ)(KS11`TJy=hC{%ddGazv#WyKvXTb@V$afn%N~z4ZX97cr7gpjP)j+=xncGJL zN&?>w9ETI6i!%7RaBRdlN)=;td@3|*Q)$AFg#p|g{wi|c3mACXf}wFbcRc2nK)6Hm zIF3m2h8F%Lv#Xc7?h%WnpuQerYQzQb*Eq zx7|?}yEgMC$Ti_OK#l`$OT^wtu?je$Gx-3Z(ubC6R%hFMBP3Py5Lk;|XG0ueeGd3*{2blFtub_04v9N1gv zlmz4&hf-scKsSUFgag4)9QlAvG|Zsz>8qoc?_RaWeoFBBGmOfDU~Xc^6+nI1I?k@@ zYs62dPH!JJKz$EO8IaWBB>D0XRo+puqO+>__1F9xa=n1vk69+6DI{RHC_?U#Ug_JyIXCeX5 z9SdOlB_W|wx|jzIIx>fC$wdK{+g=G|=>q2Kt}E)Ct8i^;bgq(cKLNMz*at;F6_}tw z*r`|uIt&qq>c5huq7=mBW6vBET_&g;pXvz~`bg+Yf~;rha-xW`RAi`MrDjbZZ5fCU zQD5?y^tW5+joQ3&5>XEa==7(fW7TFHHPD2`XiSGAiEh*;(LgKFp%~)>L%yV;uclj& zbeI^O>EM}kPVBZ;>?Dp9g;sNk`Z>zmM{U%1D6jsVF)<2_yZZC=QD3#$cTK8&p#0e5 zOqe5|^$1$%&0yZlC54#b=WE8*6!jHin^kC-F}ol5A0mtZuEq9L_qm@cISJb;`Xt2)qR5D%A%_IYX)^)J_%>l0{6<>Hh6oz5`6% zP&fxL9YxYlck9E#`o++F!J!tn$C&waFhTZgv$jhJCAA8tOZOVcGVckCIdV6E`Pj79 zLZt|ms~DBTscdXeL6oQiTH3$C6J0uA`(-!@eZq;aCJieYSqUgy$wQ7L>WZNW zz_S!6P6mXNFp-1pHwtOB#R`Xr+~RQ*fXIo_S%AGO18QRZpu+i7APiyRO31Rf=E}3> zc94kEYxTK_fu}^EYl;<5WYk(FR+i2BBoXM}SnBtgfW>9))qgRC9J94v4Nkx5{pKo`dN z3N)&S2|*1h1sZCAd?L_qZ;%{u77vvMqDKapGJ<6m@g+Dkwn%H(vdI2K=ohyWtvNd% zX0Vb$eR2{ij0QC5KkGc}^wE~lclzq4(u?|_?C3#`q>TEYJreBefu$(lH(~Sr?FPCT zQE!xJ7B?eeww0ZK^Qy*$kli3i!bOrbQdMWb_>Iyol(wYwO(LYQ9M!gyj!Tb5Au7u% zgnDp0old8}Jl;5DZwb^XJHB-NXp_SD&0)?BxtxVHIkVI%h~qR>8F!v{o_D6vO$`2e zbo}NFoq0GE+RkEAQY~{;)GJF%|C?Rv1%a@4k~PEGL7D`Vih?Rgd$Ys}VENWA4weB( zyR+;@17=|`f?yD!ekO*yZ)b8PNLt`md8dRKt?2*e@KDVk)yvv+Q079=hMJ^MVMXJJhVyy1)6sxEKX|@BqXj%B zzg`p0sZXX3#Oy-t^-`N6Bpwk0^NF?n75z|8MAFG`r*F|#A5J1^x1A_ex9{u;8?D@1 zuu{&eEphGjw-qFpSaD=F7}$-hjbgy3)ushI=-3Rskr}%I6u=wDLh7x4Ns`xRPFe;e zJ#$mB@W-9MV=Kw}NU$-p17 z2|wFTMw?OB<_#j5a7zI*9}w`4&3r{9F1Fe4f%sAKPRc9nAgwUiPbc9_axBSEbF2O- zu?7OA5olquKp`qLgaIlm`OkL zI3Rzs2>6}`zX>9KA;DO$JOG)fk%=R(g^rZu#)*gn*+4f01&m#3PjL`{@l?xS;lu>x zBjagswx)v_9Ltf`lSA!GSJ1Oi?O!|`ruu5)l}Kvzl<}%*(*O#b$Y^k-OgmADtvHwH z?qkZiq8o-%GERpy#DQ%YR?dbA6u`J7BYaJDz(6Wlr1lhbZ@LW*RA41NC(-6mf54Su z(*T5!@i7jNT1OPn0r4iDmd$n3@QyI1y>kF9BmW>tJ2D$sjua^RcSQt#yha&L@IiHzn=z~#y z!s3kAE^R}b2O%JY_~1YY5e{wFp>3sM9gY3WnQA7GFxRpvoQnJXTos4Dv7j-(pV(`%9uJG1 z{ZDnb&_msxE7?HxB$HL$>~=bx`WG$oauNmDbG@BlBaKA#n;=I~bi~I>YIZ|t3U3~z zi9Rnred%XxWMyinCZVoTi z0N4+ZqkkN|dz*}MDuOyjlx!dbj#JCOwwB(En9@dx5Xo1DCjCyy4dGzz*21IS(l}({ zWXxh=KTBC=>Npm~=oAZ^QaF{csMUFd6Mg_gRp3zDv}@Q`GX+e>l*d3uiZFV;Z6vXR zqu<^b5|{#ImT#pch=h4d;2<6W)^+`ZOA|PV-7o`tsRS;ewNmQ>6Qmu7c=r!Y4`d(V9r-6KO zO#&7Hm6AkA?Sj=7ANAEw@i=n$@U@8uR(P(x5n399cVC4f<^-LbB1vUHz^tli1R2m< z)c;VLMEbF>zWqaKs$+Zw5=koHL4g{@3sdsgK!Rw&Dp9+Yd}5`Sk)8@M2|eUviL=6R zI(ABg>i2j=yemx|Apu}aL#n`3a!H`Lyc&e?IE}Qq)C7On*I?e9h{lZXRFfv{*+~qC z&dXXN)PZ+?3;n~;Ma7t{k=vm~rNYwz5mGeJ2P5O?j#NKJ zhf*DFXK1&gmu{{IkfszsM~|Sa?K3aq9R%f2wlj3G&56gjPs8B_wAJ2LB=(Yq)>`8; zFNV@YFb0SRPszE}4G0#HAfcy%AQJjb$(khe-631m&53A-E}Q{P8_Kq075PvSFH(7p zO73m9YPB=N6Z06b^x7Nl3cSK664O8+e92 z5}lHWp*P`x)oT5I-(#U*0jUAcRzeS`EY5s;Y&?!bDkrFju<65=!5YdSbE|1mCbO;T z+^wV?{Z7l4EH#;3&Nn(VNI_YvT`0u;kUUG#)qV~%0J6r^KNsqy_O_N_blu171~;o@ zsG=5RGZXSi&-_m9F>u&x37-QUR}IDdiUyM=}hJKh$X?M$zHz6W)s}C%eU;z zP=@Ax+;^WpMd#`ElSp>@9PnvQ$7lqPS zD_~J#!LG176GL=v7de|wCvziR6d5&}QOt+=O{aI#xmJG1?3xH<(;!{;o~mY82RwV7#vFn3=i+?71_Syg6^;pc;ntK4el*!TP3cUutL><3ETyi4k>- z!x%yfQ!m6}X8Nsx&`hSsU6w&atF&;*?60)$S^2~4`8134$o$1Wa$PJ7d?ukxiyGO~ zuK?i`vV%heqM@cDJ7PR#9@fLU7Ovs8I3E@Dd-Hd&J1U69)dk;?DRZjByF+q=#`sUh zt<9)bJ2E%2rX&-KvIYLK>u#&p+Cj~~q3d3&)9P#^8v0;T7D-whhrksaA{we4izRqo zE;(_nN04f$erlXY7*rV1((u3LY>b|@ZWXA{Ter2E&2)cmy&f=g8c<6y)a_)f{gl0( zfdNOmA;qg(NqC5Z#Hkc(uhNv)wbwEimJ<+Z4eqWd$2j3YrqF4v@cW8P^6s3pv+}e~ zHgNFC^i845L9AU1CZjjy4_AFhR6ut=raZ#_8PvU#Hn{l9lQLkVos318_s8Tvwp= z-^mdfx6o_Kg>1NO>!1NJv08xGKn+lht>5p9QEff@A2pk{gM-#yt7CZ|$qe<`op$^I znm26s9S!Li2S_RE}$k0a1aA0QEed_+K6g{ zoeh*ui9!OcTY{%ZXd?W#7oefFIxhO{>0b7y^y0*4ncxyOKt(yUVaiqL=}o%LILuMA zIbhr)S@$w0O(!P9O*wrtNPPZ^^F!2wBE_6Do7v%cF}KuHTOKs|biww(JM231v+@89 z!QgxdbSOFP?-0Gw_qA{MP*H6-0n3K(e0t{`iZ#a32kqe+j-#lRJ&_5jPaf8b zlUM)JK+xK&+lUhZmCg=7e9ZS~iiW8{ZG|-0{&HxNGSnQ6$1!LD8XfJ_>A8Z??|>8R zPjrSZ2_d|gaN;+Tu!a#8lJQAD;ff}L%qA51L=rxxAu&b;i@d6JrO2CrMH}tGSrA-e z?rlM0=AIM4KWHKty&M zY!nwD8$9yT_L_1;w3gB|hm52J*0x*doPo}v-5drm#hZ1yyotrq#w6m~gdA~LG+2lc zyKw>!7Lt7a!D2LqL?yuxkL`3iO&ZU)B{fe3`rs;4AGaR4KeagIFfB70Lny4b_g!ie z%q_}!CMHqaN)$B0j?jjdUQS9{dy;C>Nyrm`eORk~Mkko#u|hud8NDRhu&KzL`lU61 z&$Z8}sV-#x+syug7jnVZpA~%uyC~M;MlKk`u-Q!7f)k$(o~jU!K|X|Z16z)vyoL_? z+^-k?8})tySuVo)GfD!8r-sRXM*aGh6!y$|k_Fy6H#la!dqjs;_bbB|d z+tiBDi9aT4T|lmj!KR;) zjq5Kyb>sP`^#_6cRhA@z(3{UXt&8dKxaq3_^H|JD00s=vcWy4zXOotc2cvq}`)Bk< z*Y7Djv{~0qwJ@iKi{8zd8ZVjy3N5Sgm^3owc#0qBSU&JO_*8i8nm`Gl%&WrP4{pJj zV%Z%%9j4w9%tt1k)I{Bugq1p5oN&xs}&{zqNbh0r2q{e$yVJn=VX8s@F%<665G0TrUq^L(4Pn= z4TvJAEV)MG!DCd<`_H&uL z5qWT0%guEu6w0}kr^6)aDY=S%`Mv0t6I>C9B!6aszG046>{o}sR`2tb^!(+!B+~P% zc9xV$Tw#Pe!X$Jhoo?CV-{9RT>)*(&i57N?^RX%n=smilMDz34eX65 zxz-Vx4Tv>yEx@LmBw8eq<1;39$7UY-2%`v7p2#p31tTTvfvF)xzZ_-78mIygXv+!% z(aiBxhD487$yr8d0?4hSI8!`#ilbPX+NTmr@=h;Hvbd%c%`4;DP8S^%jNH*feK$J~ zOjLg`e$_mJNESW5zlZE5L~n$Mb@cKhbQ*`Y(15ME^0QkBwg%C`KQlHANUkJ}*~_42 zkxbPV`?aa$n60gnHuC$)F^UL*S-B+gh7hCs7304C-~apn5%yR&vyy^D7y`x&aC$L) z8*v2HlN@ud5?MT{WdZXAq)wRBA(ItSqJe4~@_=%30~QtVZ8)++(sY_wk{^V^FXQVO z6CB!tq7HmI@R*<*atSGY369xvk7`kJ(`(8=#X>rBibL04mVr8xzpPg|vw}JJEhrK5 zTiUdzHaREQFBP&(@Hh7T{9IY#s@S8#?SvG3P|tnlhM;%>i~ZIRRtqG^)NN7(l-EHFAmal2MK3cyV$=`{%^jU*+;Zdvd^GIk|0<-SsaV!cx> z?8D(0Ec`=HRI+PdI9t&8nIV46$@4rueJS*u8q1#J9pWNF*A>iY}xEN^LF&n6Z>(Yyw8j+~q3Fx|Lte9>aqH@uZG3 zxwc2Nuz_yT?57VAlO&WBHpwkgL^@-b&zsKRAElGF_qyHQc9yzmsswb_Ss-nU%^ZVb z*(Ic^>WoekVu`N^f)ow~w3$Wlc%z&NZa}#(p)e`NQVxnbRYL`8I>{KTyDcjtXv9MZ zA;<2oe%eqA97VwdH3vyZA;&i+5-}EptNlwtxk!j?+u&WZ)7p8~Hr2z*UTk{YZi`r8P&K(@C6q zoLZbQ;-mI#CzXA4c+oFx zaHKs_P>9v3iD$+2WGqnWNM}wkwa;!5bjJ3d` zvqcj@KIWm7EbJ1SOdB>B0IIN9Dm^*Ws;4e4Iz|e}E71bc;HX$pB-u$&z0;iqTa+3U z_tXud2ZE7S36K*U2}AS9AXdva zWgm0$Ubh}R)n3)c9s40{F@ z#ilf=bre-mtG#ifKwM&{(D}okL_!=+TOq48t(IytrEhNQs!|TQk^~7BfQtt~=)Shg z8KNl@v;mZnL`dQr4)KGYvTt4#A9J2LtxYTY;L&_ zlcfVG{pxFn&1>O7A#btjwMmW8ySAh#b}k0iG{uRok%f`RqKV#AA1X?LE2TSX)&e`l zXyFaW_b0wBx2ljB?43*2?b( z?E6U#zDyCWY#!TUX_xKGfL&T&B$$=_WHsG*Hz2@G9QyXKZl|PZYwYVOf?z@@grLzm zoe7O7uVW6A_$D=?)oQO(|7FuBQ6Yhr4e}m$6Wli@SaDX-K#?}_2tpvuYu(wd**0h9 z4%@|qL}7NVv>kHOh8BKaQ&QF=y8!9SIwvy=j*fKKE{ifDp-=}Zt=rVpF-A5hWTKY9 zC~l(Rq!stG#r682j?fTMDG-#wQe=)woAWHt0CP)iOBNI=hD@PR_v5^T~ zGOJWPkjq&0)oLUnYa=yMLIk;+ZU$nLHJ3^}L`gN3qFc!(p`kPNjE)szOiUcCC0j{Q zk&!@h@HKQz7gJZ?`p`^*Mp{Tkjwtt=5$19N#sO1cNwm;WsI%yAFkq<9Y#shaq5>$+ z$=R4DC~G6(@^h8odIMRZGsn){0VyG`+H6}uz^tKK)MXq8R51)VV)`6ZGr>}uJUGXu z$C70?-RuIE8Nb*&s#IwOggKgx6DG>=)YkA(q$BZXY9i#EER_^J0I@ESW}HGaNoH;d z{b@Ki8yUZ3BT1&fru3M>LjXm_KKMG*6aO;4QCp7|I|}@{6|F*s1O;ro+n_xjR={g!7_-^s63 zIEJq=4ZzrABk;(LH3iYo3u52mwQg)u@IpsrUT6r4v&&@+?9HNe-ZeBuFcX=`YxTa* zfQ8&pF-k*D9lx0e)qm6mP~S=FT@fiVi8tX8vIaR>iLip_LA3Xt_p~4~y+t=77#th> z2m5>5*33hPqh_GwA7pvA8nZqKSL-K_lH*z2%=GhQRv^6t-q@KPYCW5&s^XU4&FZVtJHId_$9YbQ#a_nFEC#xj=1 z+5VEIf|iu&ZF=1ACv$7U2hDkb=9tXnEF}Zw-*pvh%d@fyswr`u9Cx74rcjgyaw}-) zVpQs}%ZKDD>XmQGo|fR&+s;-Nw`N(0@iM`+<~Rr&tRruzN9;&W^g&AMliyhokHJPz zEP~6>6(Jffz&A^{Vh*94QQFG2ZUtPs<(39rZaPiGHDB1&(39VfjlTMOi3d0pmOU1# zk=l}~8EURE*@!}oLWqQ$@_h7fHTk|$=ygTTk?Z94a1i9m+$8+1pYwI69%UODs$tgI zQQ+jj5jARnyP~0g=q!O=f!dfztY-PJhG20IQFQG!%Rq2%c4{Ibp87^dV7y~K z5$b0Xof7Q-!Koy_h8|Hbs4>5!;!4*__pmpj;ZS{Wh~BeMyK>c(ykDSq`^|5sZw^sg z#Ft5ot7s4Qy1hOBS+CjK@AaCy-d?Bq%Nk}YXQE5~&kkICg zD|)KMP;is7n~-oZqLC%xC%@|xhDJJS&W6X}gale%TcGg>a5_!pr^d%<`Cvj~HAOeY ztH)RxXPn6|OzC*ZiD*E_O}u2lVjm^DUI|__z&r^tO6jg@#^uxyWNWl9!vo~?y)&yAo^ss=oLsl2(@oE1;SV- z!MSX1{zOCnNW*218rRus3YHE)(y@@3cr9BF+|>EgAxyQJF7@P`{*(zs6oC4O*aO3iFHO&w?ZRn#ny|J?_Gl`xhYR)JQ z(dVWiZt1J4IcTkA-n@DSroHPf4x$n6I>bN0n`|nudf^djwOZz{;;J2@9LB(#W$$HH zGt)B6O37ICa}8j!GPB9LGlP~)7j7A{>MQ`v_SY_$`JG)Q^1Lc2528-MvmP zU;n#vu)nGQdLLJ5p#jBuk4zq9t>zZnOwZE_P4y8||9VOd?iI`6nH!~TZ(C-ZT4l5$ zL9E|3r0suF7`;C|vwv;wp6x~k>Z2Li?u*Y~SpvL0htLGm8zX4Dv=T4GGV3FZ49kGP zBonle6e+M)Ssn9H%ySS8eRigkpHn=gqG4)KL4<}q6gc$FF~HUT;X;nf z>8AT_C3c^?VF!ux4SXd|MwCwmG&E&CAWJ4)mekp&ZSta8!C|nxy2qH!bd@IaWr{4j zK7jUiDyKFqMy7(UaS}<)ht{49!7Qbv6c+$2Y#!^U;bl5x2} z0;$>9X5zHkl#Uw!o?j-ldNq%1X;joU2yhoQUsdA^<$=4c`{cR_OB7YnG|BudB9l=xjh{HFVwN0zpWM;s zV(Nm22~y=w3$8?}lC(+VS8(PfJw0d&Gf{v6)+e@lQ@K2I7DwwFS4c|a{{an%Xwz`0 z6v8H)D6P-WZv81(xI`Z_<^OKCvwx5~|EJeE*zauQ|NFQ;)ex#*T+lFzrKlgG51^!f zGSim~izn#?^_Aw~->Up{u(}#XqPeQ$tK2W4c-SM%+dh4gp zq97j9@QtsYMsX?14z8{v=y`7U)_fZ}n*F3(DyP3bb3Z|69``k{fL z9#A2Z=}#d;sD2sKK)zAUbsOnjXNC?@y_w1-&1T(sO$Vsf4|VyY^!|wYC3mUE!ebUN zIK+_;FY#8VfqLC;1NHXy8mPPNHf^WCIh+yw|FteG-1pKoH4;(XJp0lp4mLZi$DcBr z=}VQ7k=qEs7x8$@1gLBQNxm>-`Xa48aiN98ivSCG!AZcde<5P9{0`#a0;0Gi9!D1@ zE9sMEl7D&e&w3nQh3qE$XT9Mz7+@h@{O6zb$N8K8tTz%<9lVhI`e*&ihn!tZ*1Jh|6^=zMhVQ5lfeAX*gQA$}QVK`R!i;J+Vh2EFRUr!t2q^LnuYvY<_5VAq=b4q)Z|od2P`CHI zfp$CUm1iaI>~$Kbd(dkj)mo?Z{9xP8@5hv9RokldL9&!AatQMf$3v3PKe#oiu@M|38aU_doW}2dihQo7>{oS(rSzQ}X zRnNJ}i%_MsKneiaBu1-F#LBonlbGI&c^CH1z&c8 zqz1hHzI~K?z>*JU%$BC@a89se4866Uv?dCbW`i}pFJFbsEh21+F4 zP2^@){2vCLGl0 z=?q&xFzMD823sf#*T=!#&ZaT*2DmU@{IiZdNv~7xz64hn5*K+UdN>^aIGy4RyWg;T zi_sC`9tmX}Qn@nMe|A@F-^OmE_3-^}ucDsb-7x+Q z;me0Eh#gPSe&;(fDU<~YeBW$cGKqr?W8X0L*^Ir{t;pDSHjI74*f)%QK4XV+C`$(N zEyC)jvvBm{1?sHg5XjE#*Ja*sv9MLU(Q7yh`Uhd)Q}uEjP%Mruv;CCf?j`009sMg+fHGp zj|d%(V8MEwPIOz(@w@%>w|Gx(@XQsGcTtRXhr5lVKrz-ZVY6-SprEF7H#}Xcvuv1q0T?YK8;nod)fQN&BRIQ z6Hb6F3wx9x6X@!T@at};D#LaVP)*WnEjeazTHQYz(Ln*(6Au5z3}R}4UlQ%^YGC4&*mCbB zG(?OrCw>VD(}b#*CpQ;XT=3#?tP3s{l0Pbm8xWtL!hVZyX^wqe#!yK!Hyvt7h9s#O zb1A6NTyk%hljwwYe)w1be}ZpkX_I0>)J2dA(P^ogJe*Grf~l)xlW+2xsA>d{4!i0H4zn(GF@#)&Ca7| z&pU%ouinVNr&E66mCHf*vePNP;^eM5uN5%rAqkw>R%c3_ojZ{@3n3askyA^S2MmBr4&D$kZX*JPS3lDkr0sw+bFHpa>C zO^ig^#)#$$Ul)S@n_P%^e9vJscb9~-4q@w*c!XYOic+lAOgM$B*#&H(ic6>^qHk*r zXIO#Pw}59^%C*4a{qzuI;rALu^rrnQiqx{l{BAA0o#mw7AH>4@l`N+l`|cuga7J|6 z*mv*PzB^9<&j-Ml2;k7y!F`)|H)3{rb0cQ2B4*?3Vb$z+P81@9(wgNiCz9NAp!zm? zu+lcn)%R%9Jh~}F zGcBPxBj~~N?^`(2L^DsEQt2!AWFvh&Ea?kv%`uSWN)Sb{t@nEYOZhd-Wy?rm_bzF9 zQG8coRr#VqE?k1)oJ#89Tr!Ozl7(CglOR*LuX7HDa#jMt>XO~@$#2Vub%iLOP55OV z{K^tvCi@V%f>hmOydVtzh%#Rm&ifPjJV*@7F^lRItkQ&|ZpY0ynko!E%Lzlh-JCR3 za0~Ajg(2!gvae-zg}tLCqrF*7JHkU^KtFJJ>k>H(o?$I<;Nk!n0N{uze zhf|Cb$ff2&avBb^{X!H^LVM;Ct7L&qcEM(a%T^e2*3qMUR&TkW1J9;|XBRJw$Crec zFCL4;0!#NwDVdvvo3U^|&04s-UY?V^4tk3v3BAdWyhfe86kpI2r!3y_dKb@^zBx;9 zp+$VYS;WF37T4i&%Fr~Coe$~uI`+2>zFuR>EW;$JZiB@M_{ zr=@1Ia<0{dCCZ5r4)*TrH7{pABjY<;&-*2;KQHIJ%_S6{=zRIcD&ka=Sn0-_ zWp3%@N3s9B+e>2;i$GUV8-FkxOa-G#yY;laUe!ErR9Rj*pP3FIL~ucFBg)Bz3G~wE z&R@lsgoi{Dp#%b8=0&MsQ5LVc`-lm-jhYBf>0A2|G$rg@bvUCo$?%F?1VjoFdVCVe z3y*NA=R}{yUM>Pm2{@Z67v%W=G2xO9sD~v%uT+1NX05!UP*FYK)8EvEHzH&FJK@3{HovcLE3TpGwMj!w&dY~3O_*NNvLxduz>GW~A-T;_ zESG^<`0~6q6Py&-s`2&KQ@5QolDJf!I?8jjM3#Ddae*_%hFuAunh;e!^)&Q?*e6G& zCAjUfytiB0ZEPF|l9q&E+0_cmKAN{u(B*}WyPI2ddxXWPfy#7^?IqW_B->cxAuOi& z-xkJt_Gw`->R$QF28;A)od>ZX=enU%G46XtE%yMlKuf=TP^COBf?;{Z^G*@%)AY#c z3=RS$nK0@N0)86^xE$(zC8Voripe5p#QY6v&I0foK-gkv>s)LtMtrUbRg(&dE90s2 zUO~b5k{ah%MBd)RKwkLo$C|+$ouZIP&dGT#?55eZvDWrT7Ist5d=^pf3hYMaV>2Ze zRy%U_LM!&e-)^Q(eaHRL8>fHoIe&NEA3GiQi4zgtbN=r7dXIdxV^F%BgLrd$aU0%u z8+Lo??Ycjlw6g=>h1bH8nZAEBNY1HWa&{vOEqAKi{QTzq|B2ctQPi?TzaE1f&`DaV zU#F^6?Mv-{tm)!7^hSg?$1J3haT*TW0~!#~HoKw;5VXx^Y>sf~2Q(ZuBf>$E4n5NP zQ?PJWADvF8v;Y6G_wU_p+sfWJe*WgGz$3RiaZW^CY|Dw(&VG*Tq;1wtTCdpce)ccB zzZfDRi8V#C1Zl^Ob6)#*VE~XI35wLk%B8^SYAg~22DiarFf*USL-@Df@0b1^4f}(` z{~8?j5Br1Ra4;DCSATeP*gyO))ZbPkm!*^@IR3Bx#&wk&_k|>}w%@(;f+#JhdOoah zNX|BpGwo^ECDe(%NIH2moPL$Jk)O`IfNMka2W_510^umt7y031*-SQ(y_nQARPha) z;sC1^@%5;AAv@=X>Z^Roc1HHduDWY$s*Z3#d~L;ww_35<;tQqHHudQ{-dob;LAA5> z)er2x(&oZI;2;PSEV*@dJ5^Wgj1RU!>M#I72F&Z8nJw|095ZN^+dGpZU(1}mtvNuWI{d7JFaqMdJu$D4*HET#8 zcC<4KNCK1c2$pRtK@kvV9JF61Mf>&ZJ_LWELsj0Q(fhJ(Y=(P(sVAnv>>_fdSp z)~u(xaIH0g3hF}@)CMb9Nh~h);YFBWA9Tbh!B-?e(=bM`-@)x@8qp*sc!9uqDW)h1 zk?^NR7>OMba#9kw@QB~As#TT)y^2Ra#Mt%tu|aL4?#8it=cs`dsNOr4FdB;|32th6 z&Q;&l9)&saRHa!H?I4S2P&II<1r(@@Yfu;2pw4@?J|KbWSz8MCp*BYom!K4xKy7^` z5J3s=P&x5@C^M#4*?Q4ZQXjvd62V|texn<@+9(DMaSWD3GN_AXusoVU&Gk`{r7yP* z`%i#S-#&WG{-x4VmebLUrLL)Uz_*r{#t#kD#a=eL)v|qCUWcR_j;^GT{ZTckQ_;u2IS9 zgGp$^Nh}E{Q6EyGE~vzkjj7BeXV1M9a;)zED|xw_X3$3G1J4_kC&7 z`Y&>a&Ngo&s2f3DOS2KwKU+clQ|qmttS?I+G|SS<;`HuF)~*M>HG=qGMi9>>mIx>F zEh!kCFby`7SXL2ORu-l|d_b(RWp9bkU$7Bj0nv5nrwhVH?F=V#BiP)pU=x!+A|u=w z;im9ryIRQa!x$0l%sF2QC!kt%A0scJXhB>L2f5m@_E7W5wT~M}Oizr&WF)4%D?ew6 zsYU}-(Of=8>qu0eix%jwBUHU!#$Sz$Wt2xozA6>}<;hoP+2)19DLQ=5%`1=Izt2`X zMR*YgGlYFVe`bG9`lt*oVRi9pP{6)4^3`_bD}*WflfA0 z3i1*c+7g_kLX>)Y*gg8qe#9gxkfHYXQ4j5m7Ez^<)O3yp&!G-1h{02dCY>Pd~O!#_Jk*hZq-(1>dHCaM_`?Nf?qb-FDjQfo;f zGU8AhGbd0~IblH41#yi;WHeSr4k{J@1;|04TD_D72wq2KY2m1AWELZ{h}WNi!P8Fd zoF3;nGEI}BXnI_GXNM-YAX_~a-|fyY3Vrw>Y5n5lqLP}(7)xdCGR9IyG%6QwL?h)< zjXq}s+34w0BN`deDDTS8Sv1N7Be+>v!CFb;?VuH8p-kA>|4*=w6g5&073f%%43Npz zCnTezDr(iCDecx1w1v8AWsgwy13G;be5Hy-S{4^obhR2Mwe4`oD_7w{Svv@2UZm|P zpL}t$>&Z2V@k|Ljz`EMVuDg+4UE)k`6Jo?yBfb{id{N?SRkL?6Twi(}HA}B1DhSVD z1kmjYpv{7xd?XD5-uXBofpe=~EUqC5?yn((Hj=WLSo*mNqnL{;EyHVkE<)BXY6K_G zAxI3Ck*~~^X@%y$tYBp+RjBZ4Ih;ZTVQn~+FDe*oWt24)XHCISsA8=(#^kOdjWlAe zwFoF*3nJ2pyjBO@Q3Kww6n||Q^kfYjOc4;KFv;7?tYDWn^#V_t<*f#oqDM5T8>=O_ zFzQI23uawKh^fbjS&983aa!L@D6F6u&QF!8D-36!Bn6h%hBgm?A1n5wWF&*;2xWDT25Z@nIB% zm@;m*1|_Dc)?ziIVl~BDRm7MgW=s(^M#YWM4VVr+Mu#6GgHrq`qvD?Bz%243fhBYJ z!}pV`pXvWE+Y(en88&%7H5Q3UyHB|D*_FauGV2o~Iy`9WE}>bKHf zWV)qSOp4d2O4U5CaePH$T0U^MTv$hyh4rMxx~j1&A>M2boi=#VkKT96OHNhFE9$(` za`EU-q}nSL4ktQ2io9TU!I$bl|E59DBM(||RzgXL0BW?P(vT>lgStsoQ)rBXS!1C? zwNUN4Tj2N4ae~jJ=Dg?_Us3TpVGs}}AqAnC<+|V~s-+%}LYhpy3Oc8F{CyZC=iZ-C z@KOKULXMc|zJsSrK7&qqjiV+7oIGu%CCpa^4)&+sN##|Tebm^mG{W(f&u;(;d~e6=iI)Q~anrw64%1V^a9{Q(|&8v5y? z3JAE$mBqsW>LPqSd+2f7iO?nQoG8uo{%}S0VG+9I*?&5o>y!UeBhY-Y0?m^x2{eaBpwSj;1R8B08i7XAeqRC&O&460S&&5--@bcI7AM!( z^I0A5z((%F$Nioz8z7}+S^hFI&THrZF6J2N#z;4L9;3zi%7mW5XiHMhv5|VTg&L_x z+lNN#k+k23)RT!aaQApi6S5F)E+ERdn3TkXt*dlG-ob}F_{}@)`=Nt@L?{cU)Q69ih=gCLMoTLX{X&b2ZABUA z$jCrO1~M|x=PUyqZbt?h8W~7isF8t;4D@MaAn;mVTZs8Wgi|KKaV!ldApm zTJp((kx#UR8u>)qheke;wBM(4W^F^`$6Gdk{z3&Hqn|PIkCA`AYWZilB@1HX^ls!I zBmaCY^3NA5u^5%jr$LO-OADKB@}+L`tH2}c?Ec#Vuo+dh*ET`&2J7S34EskdpsD{N z2sT=op%K<*IXI1<&b%N80O%as1N*4BZL07!N98xVk^5rdYX)okpOo2MD|eEOAz)fN z?w@7StuMYZ6a^W8uH0w@G94;=G>Y)V3&Rp|6!7=A( zRk^AHqn)$P=a|kXA&yX$eH6fK`vX?VMJUeOvwDn949Pi z6yA`Szj~XWpV7||iE$Ffzdf8MNkqrJ-potp>BM%zMK8+obwiO)_iW!rFQJYJro=^I zfRZ^uX+)El;01bnl}<=k`3{Z)O%*!fVvz=3a@(5|f6;{&(q0l1(pz9J=!pl~viH?q zVYw6R1-$KyGNt)hEjH`p?{1NphL0hm?AFK+Zz=jA##0<%g#9p>QO_j^BT5n!PP12T zwtA40#yH9AEO$cd{w{sDkD@sIoj3^){CyasMHmz01$^J~!hrSvJiO6NBjkG1DTyhX z#^EO!md7aa38n;Hd*lYX<@CpspMH4p>gONqh08jUJ*(nri-7=VQ{p0zPq4QVUz^vd zrM#GBAH^gJDJ%81zW*?+Le_;zh#X*6X-qWzS#8c+naK?ug&;u%P{iJ3WL*#K_dOEy z_JNv?R@PhK_{t4$0=;Od)dG~l#4nSwn?z~dE&xW3atDBaCD=4|=463$YK9~EBDwX& z4iabJ`K67hlaNK^BtJd0!yV(&j z-*n!#thHFps8~(0*5P6CXTduC*e$k2N1>ce`A}4b=+6)|L!C(+-q1|1kk8H^!|WW? zNnzXV%zwWQ{`K$gU;ineUuU!N$ogpA1OB@P|34;wq+U!GBuJ?3htAcebu7pK?;jit zOZfkT(cxj=;Q#L;xg;WiO9ICubZm7IJBp7H?0_`E3F&f}5NaW1`xzs-Iq%LeXg{$Bhgr$Wwi<*k>5}(R7$+pIDPOmF+hU9KLUkKg>m1mFfj!LX zoN)oCrV8=4xzrwANQdLvWC*xkvw%LE>yuE7S zeOv7wQ@API6mAONX5p?kBQzN!I>*DK(U?4)lEKg&9v)3xG8!FDo=y+Q!NJgR5AdP$ z^pK364#*SyWH1=^@f0794hCe>?;j2Zhfm4yXlTtyK;TFU;U$NIZhz1n99{IEjt7Hr ze_$UBpB^7P?e?FH`~A*+$Vp#oYLfqM@xtGj;&nu9s`&^|tose_(`Za&MZPHKN#c3EMap?ObevJb>TeYw2 z3n?{2m+Kyy^CEHFby^_4s}jv#+yk9warpjr9YW=YRZ8K_J&=0t%!!-&>&*=H<0{G7 z+ijAqJ+8GUT>H5~diDK15nnzuuhoQdAxcBos~6(UHk%M%k>O@srLF{pcx{$#w_;^x zqI^`Mb=z!&mAN_(QNJn?xOMKq3SEzNl)o%ddM`{Pz9JjX+2$#G-!pcd39Fs2_b^@8 znyvcDdLMIj?WtNnQ}1P>-gto<-q088>1?hX`t+X2O!k$Co#G87IL5QdNe2kTW9sU^cvXx2MLteUxNWO>HqpihvoHu zJUlS#e-~*FJ?BPahz~EChH+&H+14Jqn0u5P?fv`Y^{XzoI7)~M@&wE9oH#y?3A)Cy z$K(Nuk`PS@iZG>M_mqU_HcVqAEM*9_Ei13yTi_XCqDO+gzzb$*5+-w4b@^fgvo=^( z=mt}iT?%lUF!pvD`hIxBK7SrMS0rY{S$n9hS(seDy@?-AdW2wiLXJnH(cxh9^yy&u z^y#qgI8%%GH$^FB^kC%pVd}EhTzf8w zxse__Zc}dND4JeiG`F(3ievqgC;sSA?U_S=EzG> z7$7F5p${LB{VQMFl4rs5j~{LHa>~XG&G9usG$M|NeH0U##GV6t#$#&_J@jm1OG4>9 zOnn!Hfq#qQ6zus(;<%!rY!Kmz9BP@CQPpGbSzjVY!WY`FkrnQ?N=v+O##7Ui7UE{HE7?;azn68 z@po1hbbzudSPO+#n3pb_KOu-ZF^-69iT7t=oQ%=%_~5D9G=k1aeC;_zm;&-r1ZgxY zJ6lmoVTc4SINw>cP{bIihX64Ax5OxnD{l}|8g?`HoOy9;mFt@gZ4}ZZf0H#kv=Dqg zMo$k$Pocz@Qwfr<4aCQfUC3;I z_`vq@h+>C){Akl_$9A~CnC*uS_QxMS@O+H0j~{`kb3Uyn1T8`rBp}8P)H%xdC7&By z*dQ(n(*(?Oc{Zp4-ONc$6vEjGq>oXU%t?IXQG$HJmX4Q5rwGXQOYDo|AM_8bkC0mj z7C0&Et7#bD;MhetV5R?&vI_D!FlXcN@{D~x7#`bwyKfJ8vEp-B)0{m?3Pl;B^VL}d ze1!Feg-}Y#E7pCihWz|kT8J=goG-vK67%5N!|2D0i?eeJ2?h_#a}PZafv09I6c?I2 z6QfA-n4GZx3!hdFvTeG~i3#JXSWYM4DJi^7<_NpwkCeTSNWAbUX_Ytts_8|WPUlD}UWFE%epTrgHAR7v(CZ$9y{}W!?X-r%a zBp&wZYRz^%$~p_3pT9zsIBD!9x5$|j=Ze?l1@M%dUwKU4_NKSR@}GM#u;g2A@=X&l z%LBs32FJJP;?+4~X9wu6D+2qNXp@`*4i4DznuclMLb)veb1xS2p4Icc=My+tz$^kM zN7WX)yz{{vu|+X*e~n{8qY$ zx31$)D7cD1rk}Y5EZ^MN2F8|{6d6LnGUT8r$B@86g-_eq&nhNuKdo^7&(3YV zcXQ%LB&K!}wNV8$oc|9;!%^w{f7l*hxT>;(x32B5#>d+TG1Wtk8r&GN_Ui7^S$O&DMKA$BQpq<~MwDslPV z5i*%PFVT9`V`Qow3~%{Gyiz*v-!2m&*lAGFurg5sG&E!JEqg$wQ{u35<4>VnrtGnF zzZ;{@i$B1xztCGXWKglw6vmj6#Wjgf!$ri7DxJR%?7?BT-$C{%j_}0uy~HEb{%1NN zLZ@o~;3eWuC}%q=Pine$4;mjLHPk0 zg>gyp&MJ_qoa{GSokD~}4=dl%{KINB`};b6Rr!$TQFv3QKCc``amx*hb;3miXnt9=O*tAp%)-K2TQ*pj9_s5pH}%i)wu;dOJ0_cO1y%#Sls?_1i< zIy)cQ>Xh=R9A>vuopJlECpss}S7!Rv6WYa51XEdx9JTGRd5`Eb78a3>s{Df+5-gkX zExL;f$2;jQPSPr!RhViU^;J=8Si^FQdcm5``<8ZLi50lmF1oKoo!XE3KCEvO^iVxd zRv7MD9lksHZ!P)1bhM}4c!Hh!i@_%Ozkk>-$^WC#;jxkbcaijaBjS6DX44c}76fZ1 zzgLF|Aa#!*%i32@K#;p0SXW-)j*$qj_9pa+wIB(0ae~Jd5*AFYnLR>$-NGlD&9$_n z*ys)gUf?n|atMny^|_}5j=Ue@FpcOKy?qdczUSON_^qhPVb5Ku+=MJ1p^)jC#1lFO zU+}jNQc4P6!amNL)?H-}gYL$GTceVc9j|}8Os|XJND+jA)LQ-W<`rvPrzg~?9i>HY zJ2R4We#@8<`?lNNV64CM0@n*>pLEDWpS&ScRs8t?*( zBLs(rm3xAJBFtpU`wkZ#HA9vSOo@bz2Bi%ln+{#MA$*y(ea`2|J_O2lKhXOi00y7b{DNbwp5k# z9cF+AdC0PN}1a0fJ%8aQ=?#LCo~`7zwyFf zp7Rcs%NE-aC$@0oT|;Z(2Bj^z>ZQ(7YSoMl#Og#hmfV1H$uv7veDB3H`Inc>f8?Kt zjI_7YF;n|y?|KGpg{qp8jF^f1vcd_fnEZ5I(E{YjI5bQE$@~kTH$p)$ha)ro^ zxjoo~NSRV&3563dQ|agmEOm%xEvROAYG*O>Q%btNe7US=YsxN))@}1w&Bw}g$sApJ z zvmQyD9;H4=XMEx+f7%gv&lJDABDW2nb+3s2QwO)GwCmt5%T_3%rro7SB)C>rDQ93} zi7HE<1ER;_Vyrww2tqXrl~3h4JB^JIO>mM@n;)zzHL+D(u4asM98H+YS4)uGqFT(d zyBfG+wbcTp{_!*n67oJ#n*?Y6pTdA0gewu(bAVP;x?Zf1xL}{~;m}N^HC9TdyH)e5rg^oSeEwxFJq-FwC+W63(hI!gw084$!sr(I zkZyI~E*fMuZ{Vf;O*?rP(YeYy9OcKIG82e14^ihF!ohpNOtIC4%`mzJ4T$iL5w@3n z+I1?WuudAIZ$6y9cysaY`im44W_fR*vjR=||a8^W}DwXICQN~ibOfsGm?4oXf2K!1q8NI7i zQ)*;$Eoxg=YEPw)n(I>jObAU-_s_!c@#;UKzx_>&$oJS2rdB{urVr~tmiJzQ2HGM^ zJy&1i6}fFyV6~H$P>Hp4R;Jr&7~MkHaG9I?VSH1ri509oyf}ID!;1@b_BxT~qskZP z?ylNGXTAtsba;5UG=DAWvik((rEUkpvuAp`%b%3Y)CwSF#dGd$!8;&~`3XaHxRLH(D7+?dv(EW@R**(ADzKvV#O0G} zL)wIYhK{r{^J-7s>B%;GFY_4D5?PuRRU%h93X}$Ay)rfDgldnjS+wpD(OM`jf*`IY zsdo7$w@hFyXDD5+G}W-GEL^zRYEQVlmQuSZf~r2v6;z83kymR9aE`gDx`(vc{SRND z%dNkf;Iyb5u_HCS)~?LID(0(AS0P0U+0WDXtJ0_) z8(3|7E z=uM*5wXmuwZW9ZuvRq~Y{(a7A3-VuMM6f3L@9?;6|9`|D8ToGqX*=>?$^0jaW3a{D zVhiR!4O<7QvHsx>Uh5nG)K|L&+n@Tvi>5!wYEYakxl7dFByQP?NKAl68zN1_7i2ka+?|bXa{ih%i{8PEv|~2 z4hvrths=cQFqUU8F}osVUh!}_^`=gW8+gIeNjTDKvPtF~he_y!{uo`Ha+8e&$1{?g z$qMT}rCK)Cy4hc|wsAB0PjD>pah)L8ApZ>y4$Jo6#|H-gX*a3F8H>)&RWtCCGjxqO zm`^6#31bq1-Da=M`lKs)3l7-ehpLWAqj>|7KM-#^1vUh^^y1Tq$sN_X2pT5NV+?YKCrAL{_{1yeb@L3Q?^} zv}SO&ZehQ@efYERRH)sF3sbIPBW_`H?0YmJ0YsNNIwNW>9%h$Y9-%na$ z{|A(3Zx)0xS*?zS{l9;7a8!=}J~H~B-K0HqhLeQEJhB-dU34=i0h*+q?|Q)uMcBE* zGeWZ{@RSExqlnIl@1vO?PB@G9g4tsf6CWquH316)Rk?IC=j1g}rcBt)s#J zb9iuEmj4I+fr7B_@c~5vzkh^Aa?KjVrA+3Pez4IAdV7|kRG^#`bg$jTGhHlJgX{c59KLo@VkR#wN0;CX^ZI#4HV1q@M(jf4%Mc1mU zOdbTqB$t8p3w9n5m%kbfpEpsBf-ghXivacP_oWO;blK2cwqn9GQLGiY`8Ji%8gMv9 zmsK~y%YDnbP$3usSMnWp@_{w&<}43qOmE7Tt(ZD*m!ijLSLo6&_K}b!Y|GlKz>r)N z)b=b*_uRxiZH5jx2Bq1@Cq?TEiSbG9a$BVOAxB}jZ5uij?-DAJri1VX$ht6aL z=ng&4akJ1Jdhs4FBA=i;>kf5ULgL?U@fT#c%%;*Mx@!rVawpaWEKyd5a(tAfsCY5? z8Wh(e1;hsqAcOfaSIjOxM=wPn&%XR!6x?bJ3vUC?w*rOaA z!9~h|C^-}g=Oy`;f=<}3`B=BOm`VHVc06NB{xydql9}y=377m&Xa8`n^I9uj3 zqd1|sE`rayBu>etn7GA27{!4o2rUJ9fHe&EO$SG?Qp0J^?=$70+B?Eh33yM;k9X+u>A~n}xgA0e%Gx4hF7xq`oGJ^(D{weiUtU%*d^CZO6*M1Y zBc1)37THICvDCTDC)j09bp~(4+SlonTBmy2vlar}Ajg3LtSp!!e6$oeh$KWY;XAlk zPgHE^e2rZSR&@zKGP#0Pa0xbBB`OLUWR~kiz;~63*GdMmBV-D(7&-Ke^ckXZEwMdG zwgTAi()yP<-7}&#L*6Ng8iEbw5{BZCGt~<@Ho7R)*boG22b;41mhs~9{sR}g{b$D`b*g}4Z_DW1EN;D8BcinH^jKxT2m z$Rm`aNde4Vh6Ti3O~7-CG57$z5dI;u*pzZ8BxM2FncR}&&OtVBTDub1k%T1Lm0NUd z%LESAR56%E7diC84np#F$6 zyaY=V2UxN8GD{p*^oNh7qE+)HUOJ!y@l{X;cv3f2zWZ0oQ;dwDIM{-23%C_|7=2jx zZ+{a-6zuv`X(or8h93x zlm3%_ft2;ek`t&O%Bme&-9Y9AaZXth0fQ== z1lFSqFB-!rvBk#LAzu{LmG*bG)b6gx?Hymg|KJPQ0UZy&t-JAj*TJz1=S=Ldqv#_W zS=Korxk@hAHg7>Gmlw7VBS-i_6i&c%=$1_5Bu0QS1^ZKLUO$gium4vLiC`irulrZW zfp5J38R{k-f8| z!NfK7y)X?tOs)k|d)>shq-ChpU9Dl)d5;bT_VBa17F=WfuZ#oVu>MD*3jV{vQGa08 z|1Odi|GjSL?+ph&!?0Y61eI5()qO5zc#6dqVem_+>?ocR9BAR+M-gSEKun7~00Cc@c38bgV`gouD3 zv5rxPW$yrbsd&qBi$%yk)PNCV*Y&u9IWvZ@p2RpIvs(@VmsrK8c`v>ReOAXW@R|*v`deD>z5gY^ z*Vyw}gT`oJS!J};J@hXom8IDCZ&6H~aIqi(*BvII(5T&J`oG)&pToHe_-l~!K-J)c z0d>4ErBJjp4?QQpVN5BBg`PrQg2n_>0y1LY5Fsnl48A_N_Tn&D2&mX(j(jgkd=4?2 zk@6VP)S0vDUweUfl}<v@2)+WX4Pbl5@0+t24zo-1NXTd7SME}R) z)UpV#g_<{w{aZANG4#!p9iJZLUH!log|Y+B82(1ciPA9|_WKL*dqEbk_>TIoJ<&pb zC@Op~sD5z3KCp@|Ec}~up%A6$W=;SQ4wqb|rLK6AUBFpL{8fVU1;xF%*(#O6^MIcmgjeHK zB^`3XrS?#I5$m3neXbO5E1u7aCm4)9_n=|C38G1V1C`{P?@mthIR!a29a#7ES?D6^ z01o~bShBSz?lZCL#)PuHyGsy*}qln@0quFyJx_COeDSk+L@ zj8&dc>dgX#(Tt5Gn6FHyUch=zK!CDY1Ystuy**351U9!PoaRpCLwJHR>)hul6Ti;0 zVqSu^nt1%;J#kVH!o^ob2fPasFKGS>{JU}D%)j@D?-pM0mk|0;nmmJbaw&_7BKk6@ zyyU_{xm;d0-#@#o10gCP>-3X+Ta=-UU7;xlWkfdCQRq@D3SH#`4v5YME{UbTFx{?8*y5wl{{IhSytwnjFuI$% zcMs=x^zM4!eT%z){&p8!FUWuXEj9 zW{doku(zl9y7C;oLXPpkKC};jBtGsugdeX&Ax)`TnI9D*vWeN16O#%W)F^MI3A$IB z6MQ<{_xW#)^MCFK_|wl9FV5}ceX_icCjYhM-*dPP z-!E@op~)?iMFSxgQz9L<=~z0%XLePcpTq&VQ}z_JAwDoT_lPC^)6dUeygU2(&Be2C z9w;K2dU_s?$c4oT^YaM8DH8fXMuv4>mh&!5tKR+yBj$NBEB&DfZEp z)yVSzuVuf~l9y+tcJN!Dt+&QY$O0N70@r6^E_)_^eCz;q&OAiI9OfHA4C_czX@%+V`UtgYT1`>+jco^5At}ylw zKFA^WmHxE7V8(`=jlLIsd{7zqyjiLNlN?X!8?T=WnQE-Xaz6X{IfTkBbsh+oTUZ1> z>fk7P*8Xe$;bVc#{7eIv->F?%g#(eYm^#0D)JtU7X69Anr-Oc9#yrouuy7DBQ^ z7-Qvv27(MC%o9I2VUc8Tl)p$V-2h+v2L_P&~efcWw=Gj51 zYx8SmSfi5Zu$cov z{wxu3_HFCs6batM3(2@Hzf|RlNnr#dOcl6Nn-MRlZQs}VzS6D6F_JH{E|z&}Gqf55 zww=fy-#~lD&)N^OLTA=Byp$pz&uA?H@2^N;6njB3MV)VH_gmU2mB#B`W#ZNS4HHs$ zRU`yWF!da%%4$EF((fI@ZA9f*1I@dlH7Bu`h=@;FQ>7LC$B&knnT6M4*R)`MwyhH~ z7op8F8)~VS(+ACxZ%Yxfls^lLTUj-XIf<)wwqjDn(v0VV?ptN`h*s3i6?H1}zlH4t zxeh-uR;sU{I+U)%$mAFtEyqfwA`VX%@$V%-7GXowxl2Cff`zf zxBGP!1Y({QmT0M}j`*V@mud^CTZh(3W-h0)VlI;LLrTcmkxK$N&4BZRBDblx7GA&( z#uE=b1VMCKaW5329dB-F5GtxOrB}L*xinqb)rH+va%=kRQ;R4j-DBEF{&&IMiIN6u zz$X9y{z2LQe>6BW{{K5k+W>KHr_@*$CaLAgw=Qf_le}c-kv9v`lj@^P3DwkkQkIM) znaNTW6-1TMm#l6eOWEe8DlL`1Dz>r|@N11Ivn%xLlL{`PBGIY0zgf15r4;|NDi5k( zYr@-B0)Fz*)dV&MOadXtESGXt2+6vNlx1s#+JeMYFe6c^DA|`(XF~bg+EBBVP^jfw z;jC88ZE(RAQuARY^lCLAt#VaYvgDIV+|zZ|3QF4$j#dps+bP$1rWg-azR4{Mi*aa+ zc+yDXM&o2|M{(#(>9gKEqzT(j9ep->OS4?`mR2&|kcrKW4!c6nub@>oDR-5j&Ti=S z;fnLu+1wcnwS$VvxO2-8dMo@uQmM70ELM^sg!Mt;+OHG~!maL;DkN|{C@{d5s7CPR z*Nv#bNFQ}r3C~yUDK$`Ep0f2)iItZr;4|yga>I3j_jvNXYZ4Gj&*E@Gisa0bB>I6Q zCwI-<%T$owAL+j*Utg?@EwoOj}E5}T4fOzZ}jyGUA@#VgEZ$w zmsh@~QFV8aR1|^os(<#iDJ*RVqesM zc|U#7+)Vv&*KEw$Tb;1I#^kAIb6>)wYPa|+-LF?A^LGVPUuCCJqp%b*13VPW?o!uh z#=!Y0Co}e~4s4dY0T*J+NE=m*jmoJ@f!3&$biddd6;zE1ZACzh<>Zy{QfoJI9YAU( zkQDOjx9g?ft65jwl{emz+bqas)aT#HTrHqBmZNVh=OUZ&pf=6Tpk)iqT@cqx7i07q z{8=_@p?6qruT_=PMRck{XGw1D@f!oXRy|$N3Ds$X z3J%HQQ9-%0Ek?c3`ftGfk*Q(*4@QHk{olyM|JX^YBBM!f^~EkRe!jRXL>;DFx#!C6 z`ugL2n-7;;kM(h7vlV&;?mMg?6K; z7LyI&sNSyaldS)Z_3-abevDSVkBqLuN`TDEqZ>|>kjf8qr$lLyLdph^B4 z3`_V=2mR5=*njOLZMyzjul5R~_>Rw(&yfv;J`r{Tk`XLvoP|)832xjJnofQvjy#MO zWNKkjWEE6=>vYx@r0LH{k}+wWv?>2@69%w>{|}GK{C{}FUK{?ugS1WlFQPqN4<;nR zlH;F+t_&{4&F8*8T|frL8hh8CPiAV+z8pLU!tKQ5ntev7gZ(@lQXGZ}4_pR;oX=!A zFS2ZEfiePPOx!eZvBWzF!l26vLjMgh|G~v2qe!XoF%&XM6LdqsJ|LSU2B{$CNeUAavKrK3MpL1cF}|E z*6M+LB5&rh2Lcs|xY-j5ao4h+Zg>;i;MhGmdzpX4<|9o=ATC8uee5l=xAGd3J*dX` z;?G{5o#q{0yzm#la~*CMExcfiq@H$x-}AU_M}<&s@OBTKkr<+l3*06VM~TgVG~lBM zBbW^v#524hzRzPNu=B|nJ$S>4Jqd0ffZFGk7o_iH1sr~Xo2g<-S$}f}G6+h6Vw1>VACrmi_$v-FXtm#M(or;bIX6=-1P8JGdoIB}o-Yo6{}TD)8tebfi<9TCU)T$`Z5<8k|KMm?KK~DojQ#I!(jHQ< z!`U$r@Dacx-%{RWq4lR>jOI9YZ*a^bZvA|o1?g7c9UuMl^8cYL5(mVmkI_x+B?$?T z7oZ@~`ul+0?eIiyX3V5{3y)VjNL~Rk*RY1!6gjU^_sreKk-yK>WYW zBl~3q6$1C~OFRGtCgkmp#9!p_g=|x_>3m#E30PPka4;2tKc(7m)pgS`+a=!ytbd8s@^2&>Vu-T??>_O3!a zNAzGn;D7H}rXB}X6tSO?t3t!u@1Sun1DaspM-T(8(6~L07k6NNgP>MV2KOr*YY1rmO3n#$|I|8R=Cnn62=~y`rE_3!tZ@FA%1wndO+z_K}loBihM2l z_LsnG-MeX^?_Z_I_IOU0_=FwYx=|X>%00&W0G1%f7NUTtUxKU7VX_gXG<3WSpjU~w z2d#p-s2Xm~E_7N(c4N0?IootxG>b9FFZCUV!Z@ErDSS|wK5tKdJb82R8|rpN-Ib*z zK5V9*=W9XxshDYAFcZM35~52oA7~T$j!c=jCe~j8O|?LS7bJ1m1J?Bp=-G4f^18{K zaJJE%KzXvEUNGCY(M5E2s!0{% zwr>yYei7pKoFo*b5k!s7r9>Wj^(>|Hvp9S&P_`NS#(A7PmP_VfgbL(rfhwzAP8Pou zQo_dPV6lw0gHMS6qF?_jgTJ=Gf9)TY@t*+_#;pGxBrX1Hc?sPc?yHqo52|Qs6vM=v zNhn0ge6exRKenvU4OYP$GZ?Q7KNCF^sgBV~h{__{otoI-ZgzgI-?O-m5|P)!>LV?58jxW8_W6kr5-u4^vlK zTg8tRyBq*M6iqKMnp@f2MM@I|<)3}_knR^gd`R~>2BPvc@46&JqKOdS9wasoj=pe} ztX#@Uo+YlBGYC@vWd!h2?4y`ac4CJ;s}9zX;; zP8hROf`4mSx!}#Ty=7QjO_%qJyGw9)cY+3Y3m)9v-QC?GxCeK4hv05O8VgQvg7@3G zXP%k+nR#Z;d9QPwuid?ORjpN3z4xl$`Y){pu3M0FNAg%aK=g389|Z(Df;0yh z-E_R9udhHf^*`gM3Cc7t{0xYE!dlqXVR*Fo40_xFqM^k(Ao%ok!q3z9O3e+kxW> zC|?Cg+2k=ofAHRPk)aW_XHd)oDKl~w2_Bv)Nbi5)O+V0+ZJ-jJCkXlOJmDIV@P51Y z3b*cp(~IZXRX}t}y_Wm*ksh}Up`WfZGvzC7XcM+HNil0?%HwFUI2fr9Jc0@UR&MF) z?SiENwMpd@sFYA-u*h#s}~CW1*5{WB3+o%E^@ati@Vs)ydT}49+@_ z7dxt4F{}tjwSf?EUB?=ayA-o`E~#3PE;clCgK$Y?Sd3yQ(auQl)v{Bpa9}l~r`|8w zRJ+w-f;BK+LVxJdm~5Bn(PMlRMZF}4#6FzLEH>{AI={^zgk086vmOxx<~rV?*WW!d zvHKgpC`;Qgc{JfMU>*kgiNS*3UpB(+s58fm__AXzzBMmLZi%KPmRt=)&pc$&ywUg} z7HSO9G+MzVQeY#-IK<+L-BRhW=*rppA(`1&hkx!}iTgV?>iuqj_gVw}zESQB^jQ*O zKLX~K2;NB^A0PyBwd}5NNd~>9Qr-vsSWJQut@uNOGL_E~KWE^y?;=YaZE{NNynZjs zB%H<-bl-Zl4D1Q?5e#}yzN|@LN{6ofJ#2D6{5ABLI=1c=tqY4+r5|Sphyl)Q%I>94 z4hu!^>Zs={zd{T?3sB~&mQO_+n0snF4+;&sJopMa>yC#6cwI|HzbWED$jC_&3#;Lo z$bML*{Dh2y&R^;J{;3`|V#^l2L=l|IDhbbODpQPau)%v zzO@p0t9vR#26bB4p16xZvjv7-POQI2T*y@v0k*Xc&*t`9+;2zvpVv$T$Z^_Y@kx`k(KNy{pmPSdezB0 z^3o9rLuWNB-s52P@$B5!vPu;p7V_~-(QWjiE$=vo)*$mlQ^``(B%;P4g2}}CgdK!# z>Tz4P_TQbnT`b@Min`hzyHmFJC~Fq9!YW#o4bmVwPqgfnS-vcKX_rsyxf(?AwUFHV zeF0D(7kcMavu?KV`Fh*{o^Jw9e3iO(_=~!5ZIgj7X)nP2`NAk*drAp_03D#inQgAX z`F&Xw$mtEiWc0wLpXtUQjql(u6U*|8Jpgdslm5#HyS=eUR>i&h{er!RIhaBM4MxT0 zellCL+9@~hbFq8shn|Zm>4hhS`;ZIwuHP7kRvu!#J)Vj+R@6WOXHsFF}+8zi$t!)$rG$I>A^Y%!9H@hv4sW7iYM zCgjK(P(TU@OFQh2M6#PCBNPMh7`BFmOg-wrDIfKZhdivqz?)kso3*j`8M9yZTe0D6d&z$ z7|yomAvz|_;F#lx#`EkPLg>$?ebTu33l{7~KxHnC5D7S;+;W%l4$8<`vENn% zQFJ5=HNQ3_LZ%LpyHoqDXfDb5G`%7aO1#Uap!TN3mUwA+!Y$dNYnW}r=b0>pLp@^a zdkz+BRq4Xq7I6J;ckf2BV>|$Tz9WJiLK+;wY11D`-kEjl*v+cilsKBGN;5IL3NcA6b$sLC`n$@FQ?+K z>&E<8N&BICQheB%DugMDx%Ae=>f8OCa11&hr??UH;8qfaf--xqM=|xfq_QkvYFu); zrvjxuXh3W5TfwJ&k+U%C%mwvY2SUsKSH!hK2en51&DGw)G%5@8()yWrRsy|2L06YG zV(t^U>-_HS?!s$J$>cB0)QnCdxY@ju6XpPw8GyK(-^26!Xc}={Ec4}U%BX&wfB92o z!_kIsVOmNw!)J!TRP5P~Ht5Sh)DOBmPyB9XP&+YwOgu7W||%v=U@p9nc=K`aCLhzidD7P}X}@bb{K5 zk3}Q*3*-J{luj!-24=y0xO9rc>IdsA<1P1g5$gt{8rfN0ICY+W*Ee0-#U zC3%o;fp})!rn#ih4{+VL#`agen5w;RLxVUYWE{KNdrM|b3@V4}FuIy1rzPz{IE=ZW z6gAY@rZd=I+VO2WZpzdqziEGbv034^7kS6Dl}jx^hax!W+Z`|(e}4%a50!l1kXV51 z9$!nu{=cFFrK;5aD;;<`1%EctmiY9ss*&xTSW(!P=xA3qsHqF59~7M}_uLZwe~Sk~ zCi4AjI?xRWdd8_keg}x)0Udb$P=S;oz|}~gMMT3#9cY-j-fxP>$=ewPPx@|ebx7~4 z=RjTo9_E(-lo!z6Z$@KP7oB08`~7PoMlh=CUJ>he;=VL8SC?)&Xe|-RytGUxdGP5# z^*o$F^(%yWdadvJffuUt-^Cf-Cov4a{A-3zli8Z&fQtCBOOyZ=KMs;=svT#jWe+kM z!XF41caX&uDVI6L@Mc(yd8ZL%_^KuDw!|Gm(xmno5f93_kMI(BhurV^$eD_fp1q4@ zN?vek{7n=k(1>whMptz2AnuSXy{Ub?)$DCBhy?;A28Sm!AXS8aP-Bk@O;T6#a28yk zTnu8=en5X8V3Y+Zh$RRJq-2B?+(!x~hr@Kt+;`dsZ+s*XVug#1BIHl%;@gI?9xYe?&O|1&f{YUHFrT=;Bu zx#U0w*_lM3_rr@yIAy1;C9@8jQ5Nk=^rmmNtR*rJVew=o!S2sqGre*&q#%YT6#l3F zEO(dm2##+b%_cSEbKB(RO_~{8PjFtOzhk(A1C{<6p2JQ<{ZDo-cu&u%)Ui%N7Vl3PH5(k*B7F&hPa?-CGOz*)+8S84D;vP&Qs=tOi z1F0q^KF23CVqvpT8-(m>mjpicgPXDn9Y(K@937X!9XxsL+CL^-1JbhIla!Pt=dX4i zPpCREiAErMO#-Z>WQL2~iAq=7^+b7X2}eVg zA#>7p7-rI+rf3yuYh!k9nWI#l>8S15&?KEm5k%!ghz*fL{1yk$$7XX5Uq7i5SN2da zrX|AqRk}y#6-YBeV(Uo_j$#SBEks?;BOr-t_BZl4mw>%SX(FDn-eV@zTj8`-oc0)vj-2XJg z9+JX@(-OHA;a*tJw@UK6!;#CK^bOWKRI|9^uJ+4StZ=I=6SN`gM|LK}?Vkvy8mUd!xL6l7_-JOyJDD1^DwX8{pvxZ6WBbpoDw+sL>AQ%qhqJEr?i=onH#aQ zm}wU&{DyAf37<}lQg3`=md;asj7lOWQFSQS?J5krS5<&?RbpT1`@1f+3>QztsUCXk zgCoNY>vR1tz&mv`?b?0Cf;`H{vCOVU4sa7XYnEtsnO>z2P%d6Dd7HIg_;5}K37{cA zg9|W%FK-o2f?grtAn4BGsAxV5rK;Y_@*aOyBg?53P1#%ZP{D_UP35LfNd$J zR{-Squ7QA$kC!mOt(`uCSC0^&{og-)t4q?(0j>u5vXq41_Q3%CJXu*mufL%GhJX6m z->$X!34BPr3|pcEYF+~pVEp!hU4L&UpH8v!uLjfhkp61girNnlgvF=6|)!F`xQs{;|x-UdFxy`KABK+W+u%!@pYl|6&^S zbvCbn@|!Z4YWh|{9v9#f;QTGr^)K!TJS)Bb+4q1xkaf^U|Nb&?Joo3_;xDV{6?3!w z(*jPjAy`cYYEytrND8z9P0#r7(RZJJp8YQd99)iVJB_Nkd_AT%m+!gXs z0MYx)d?7FJ@_*^5J`1oe0t`U;*NzbWUsmkzSuC2rM)X_O>91jAH|I8Iz5-^b>&f0D zP=IfamRCaVpo#h~ylC=2|CRhxe*@gCre8>U*>%YKKduG*@yxT-U%71meYSvBIObEG z-9J`156>yVlf$2V5ws7*{TTlHM)smvYp1LFt^*I=EAqa$)0glJ`>)*HvJU(x5$Lc6 z1X=iRTl(TN01Lc#0H_)P+DHDsd3q7!O^DxS5sF4Uyj>dy4z#IXKGw$q1$c<#VnLhw zAMm~3-HdIciYMUpW42Fwhm`6aI82whPC4z&yaox6 zY+zME75BO37k*Fbz&Pp!&BKo43D<$_S%3oRWB5zo`?V7^(9YBFHNYde`SEhOu&u_| zC^uw@$`^|LZoHH>Pxo?dS>82Day%1R^ba|&_8;VYx#Z_Xt<#qyffeE%gI{LhN<^Lj zGk`}2Kfa-*X2KY+0H^dSz6Q+Lvde>I*0cPV)U{h?#rl>pq5S^qPr5t9F7=lHa)jUF z%!7)AD$(!EZjvA-Z+760M3*MBN}0Oih(?d4{-J!3 zV7vS5-qxSCl0W}KW|=iyP^fo-#$8fuk96E~!dQdqFl)L{Gyl+EzWFsa?IdFD4dsQ$ zam@z2D+VMo#9o$=kp8oT6CNiMeOGF7p*=+V8Y)DONS^SMNoe|sL&2-p?bf)}FA77l zYmK5j96=sWkt0zO>G|m#Fk*aWF9bRD6Uwdt?;O1vw&0SFiiOPZj);}EPOGZ)=~9RF zW-h_3yXA{P3P30xdj|IQn8NZEf zbLpTj*p$+sJ5T07hJRZ#n8?}9eL%!C1lv71FgQ9M5t^N!Oj)Hx@f)C#vldoR#l7b4 zE#%hU5gGzZXYD8wWGz$jrlY!Myw_dW*WTB$`U1d~aMv<>5YT$;A+H?+?+%OEV#(^S5#5(4!4J6Z(o_XZ7*II;%f(FBV!l=Z8UrLdjT8dNIBvCi# zI>;M*X(m&MvT(`=aF^3@%0%{}o7k|&m^d6gq+O4LM z_J*Pl<4(zBUN+7^^5GH0_Mn+ZC(uD(^-&%q6ZaocuMkI1Xa&w{Pfzc6>F2=c5e7Lz zBP+X$cr2Jeefn*gGl>4ywUnDA{y9pqw&7^#A_4Q+_s#~|_ioG1ePAN~@r%FBMTNnT zAh!X0YnqS+;xL)ho&vZ?{(T(IREa2;4sp&MbbP9m6YeXq;teeGW}#}4Z#p3KaMn2@ zn~;L;;oX!yh$M_zx(elC-OIonESi?;DMfUo0RDqA`$3b$1k9(eTZ!WWNOcH{jI(KW z1rrp^Unbf`o^I#V{Uy#z6frR+hUvG2i5Y}esRpw;LoP1UtW03Ec4m(_6xWa2s^3*VoXgKP$0(N89 z3nLAtCcWjttIP7)BZYJl&=|r60e12$&#tiuguPr+=-?n}8JCB2c(HDzZ*U#F(CMJo z3OwYgr_ltongua?p}M|vy`9+RhHUZNS3_B03t}Ge;~Bb*u^ne2P*x4vm*)EV>mJJM zC^Ua)x&(BET;8hp797u5K%n5b-B4%!$!B#*u`WexknmBB~NhjdqwtQF0Ljro;7pg9*|1rstp&O&Piiki4S z{=mGzB&Qy?CaI}Ji($>{-vqnXtcAti@rEs-<#j0GutpY${pjc4 zGq4=KsijnId&|oOI*fc!<=#yFehFloabp7NNK# zwAwV+VSyYyH=ZLAVD=8PE@7!K+Wl4NuKJM7f8t!s#TLF`TT{mURY!1Wt^=c%L>22v zKA8Fvyqsi{mxc}(5+jm}cEfj%^@PBy`H11N9PM>k zb`&MGW3w7;W+vI9AtzJVZ%q8TU!)lFaZx9yY_Z}uv0En*(Otl0 zk{dmfm>E%Q-*%CZ%DKy;E}_I6+{QD`ZmHON=<)!*_HK(0cb6@_ z_SVdFb_>AyX6&`B#uT|8*oF_V{>pkGjnlNgH(Hh*_F+8y$moNmQHNopfhK2j)#iMu zEZ<&&VwI@1&n+c~t7=BF_XO%wiL(q?1ihoq@nI&GI>rqIwVu4d)kTOx9TyJfAdZ7& z#Xf_DZ>i89Y(95wIcx%i&3jjI0S#P$ID^!iidO;jEs3d6VEX)9-Mc({If#%r8Ro~aO>HJ9Z?<`eN zjE;d8!xxJ7G4mCrDOwj13tb)fOMIv(OPh^*@Si0sSw;<~?=ReY8i|UCupu@*mZprS z_(m*$3(Tn6WqQrMv=O<_T?k0#66EmQ&N##l=RhtiXP>-rEm_Hoe_Cs|cIqpr@Fb6} zSYhs6Z~pa4FQ&@xm7fTSP3w$BgBAx~GXZ^{(1Up|$qYz5B9n?;5IYYEz?XL1K!Ny@p;NYd#0` zZ6rgyjcrg{=~;8rh`WT<6ozHfoMzq%E2{33i6n(#xB#m!^TYgd)hx&VC5WIU7o7g zj)*`jIG`486Bp>=xF$sZ0whL$K76;Jk%`#T_<^Z5riAS#>KL}E#N7urvrYfm5#d=J za%E7EBT3IzB-h>NbD0y%i6wVRXWddwRWYE8@8^K}mhnBSc^DyHuok?1Av9l}F!j1@ zz)|mLbZ)V4xrl95_FyJv2#jsbG~gXx&Ok1P(2SHmoEI7}$euWh z5j#3%S8uqb!>DjTXZV9oF-op?s!9FR;dYDypiwtX2`Kci{Z?Z~`9$Cs@L(`+vj%-b zzJ8c>ZU3P6;X9HA#vnNR?XQ&Spw^{UuJ6f`Okx6LfW9{YJwN3$W`Z$O^AbPqkkVc? zKxI``)oHN+WtDSG=(zo&BxlHO#zU7Xp3Cb62AcpPySXD|%sdvyX3wXgUDWGe`$lP{ z`rZ5;yh7eSm4$?&pW{~xg-&c((A$Ktj)JFN5DDX6qNl+OXsb_8_l_SKmd4(4oda>5 zc=qIc{F`8Ua3S#|bI#PGb|I>w=SkZ&Tl_?|xEhp2r;ST5M6?PQR!G%NOC>~PGPCA| z1x4L90vnxM&Vb&~V{NZgBcqxx_Xteg11uHASGB$RY1e7KGDO!BK0TsU-z2x2%bgVT zRf_yS>eubuFkB^9PB^rlsn_ZmW-OI#X|FPJyYcF2xSv9FnnOFz>S{3RGOsdJ@1S&) z+y%$%k5pz?efyDiu=SR{oZ>OB(^XknboQYXu$-P+ZZI~Z?)bdY(iwlJZnJfY@v*XW znX*>-44cJ4PHrMiv&0P%>tkUlRrJ|xmc(gWj@iiRYL;7!;--H3hrITpYE9o|1ydP6 zb(~l(`0stS3{@Y2pK8tBGHoUsv)DaSMpV+uB;J%#%RY54C?ZEK?RB!Mnx-wy%A)$d zEI)rs?Q2^AH2>IFBQ15XTAq-nZ%jkVEK{ChTiy5c&h*uVWfl761HIQ3f4{B4MPHz@ zuI<*|Ik!J_J?8c+N{Y4z?hSl?mT;dIp_fMa1{b6MshER$EpD`rO2}+d^80np_kmyV zPS@wrUwSPTKmAz65T6NsT%d(Qdrj{qw{mpL^01VR+u+B$E1B2@y>Q7ZE3HS zk8H_7;OIE3j4|CIRZylBga4^ktdemW;YpcZrQ5Bwdi^aQi77mpgu21p;1I0>C!>yD zuB4ol8NI4Jkef+?%gg)qO84{*Dr{Krx1Gc-j%%R@g4fwJ z0j+6YzOP?KQN*E;^(uw*QwjX&tv8-!N|xgOkR&zIiq!B9 z6ORlYErI(m_nU&`OxllPvd-;yfLJN)}_2*Ra}a=50pm2~~vjEhBeiatN{t~S+r z&$QMJfzO96pq1fLJh+P6`v$-Kz7UZsYSt}4mUy75!D2NLJnxih4hoL$8p%-3dY+UF zMtc^@TS0PX5PZzl363iu2PIP4)c>;l&e;`FY}DEro+`x$gZL!{ECQ+p80Bs50653r zawn$3)2u~i{$%ef{}rihVR)vFfG$LqNtd00-V4hKPOdJeXYJO=M0Py<7sIGBLcfdC z%qL*Th2i8b@aHE(bx?SrFMAId;nTAf4y@brGJgl~L^7EWe922$gJ>CxH;&Ez&>qd? z`)m;1wMG)E84zb7^3Gx+yV?m^xd6Oyci98FgVI%^X~KY6UwWsZXGmt17)oixz2dQD z3Y6Aeu6E{f0gV>E21R0(Z_2naQ(6VcMGGgK4Pc}uA<%e*;)i_^^| z)IXbGP^&W5bGn)<{>=2fIPjI-W@Wa@oM8|Y{7CS&^+{<1C~Z@-Y85D zP#VlsHUt0c1#HUb1@f+)ab4$Y+#GBI54;uq^A@X z9`+UL(zDnO3j;@LMlk3Y_J_~;dJWe>5_&yWGhV3au`fAy#QpnZdepYpFQg~p15?Vv zz|ik*0>-UVDOK53-%(|3kcnPWqAm;b_pi+C`vfbeXqoLBf4h>K}WNiQlNM=NDk?&uWjQISaYZ)w(cY;gys<}%x=}9U%){v z+RhB^QGm)jejVvKKQ`@z1>FodiOsPTAPVH;NtbZ`wwS(dT~jl@SK60U{_sNz1&9_B z>!O$h1C(e>$t2U?e9)=c*w_I7w!gv$XIP1a&nChhfs_so$GcKY)}ozo3=!ceN{&&4 zKTE+!wuC_B=vA9icsMliQ}WdfqmB4wRA4q|yic(sp+?FzJD%QE=LgNI$)L#$DHDqF zL9yX!rzP$)NcHLYVU;eAts@g)bs(RiQ&UH^j82@Elr82KDy2m8@!NB+g}(*yN`Xij z9}2Si_Ns+2TjInPcb;gq;{E#7W&*RQXcSJ`BC%?X9$tp(+h`&BO@vbp9VMhT8Fqm^ zS*4I~_2O)_H6C*P%1*)UiK(!tWLva(Z|D*F*25{rbj8dfI9A$KWGx)n8bES4b+fVW z%L9CPfx|B(5s^rud-PV(e3c$e2*5XLzPCP{vJ49crP;cKZA-O~MN6iMAnUE?T6!FV zIK#3d)FZy&-sNRo)bb1Ak>HmJE@vbjXDTEUj{`=+?+ z+*}q*d7Uhpo;y3-oC7+F;`&0_m znVCj0FJrS(rz&{Vtw^wv?$V33?0X;l#Js1`b&J7RaX8tFI%+%E#6q^ZW<)Dq415o}%!Db4gW9BkbDbq+e z<;@eQl>7K7<%*3qi8m7p1$`5_IZlT1Ca`?=bEc~pN9Vg)OvPl~Q7-+hORs2MZ;ndz zp&NCtTsNnJ>o2L;k9(0efsx2D8RUc*%F%JYv$di|rpxLdb$D&nthO-$qR-5hn_)SbKUApoTqSxkd1V=A)TcSe4 zS&>Q5AUB?7#WHlQeO(n_~88rsP zTjShHNjIdT`vbZg%E}nlW_yEfkaWQ#YsN78E(KM+_(*O|{ycFvBp;0k1Dns*vlDfyf!1DSdby`qDjS&60r<mvl1K(Gv>h_tk2o`tN|{+*q;*pB&r&~FdTnYu|tvZtXoGbjnSJp!)%39lu zEV)2?o1DqWS}4gn-ssEaX8C9I{HM)wAB!{qHrO)X)!rg)0QoZCgYj~=q7mPxjqX}u z$8H4`J!ouRDULizH|BQ}^dpA;3|-!%Nkf_R2{Ns(6W9}EBgzCf2R8L9`23t!ja1Cu zDNY2!eSU?qQvSlCQ`<)>J@x8xMvUMJO^zj>=opIF;uFIJIY}*LqvFc*seuDddJkHB zwCDuL=H4M6<_s(OQ&i6EDbHt*^%`uB05L= z#v6UKAzImD2-Q}x5MY>(#v=0Yu$cd35ow(rE3EJBQZ|@M!{w)q$|UX94llz5-F)7p?=kU?UV>0cipimh~Uv>(3J85v7vk!i8iS9Nm?>X=4KT3 z7C%AgYF|`+)!dOCV8M*qlG?NL=bP5b$f!|}4cRz8u)vxTg7Lsi=ivLg;Dq*^zmSCJ zgjSxf*JRKsD@dyG3(4M*jV~yhm0ImdEG-!QlusUo zQzwVfkGI8>R-3S#!~aa5#>&GDsRQ)pezXmYVGE4D5189h8VfkScSp&(?~Arj=*YMx zgNYLA2~9n!6GN8-@_N6F;y&*}Ny&dE;$t>~S6sX1F)f>!GqOOnGRLUrXo@3bxtX8J z51(lNnpLBrE7*35&21e2Q54dE=Vc@YxpvY>s}NRxKGO4?XV4Pv4gTZNt=?*Y;kuIV zS$t@0`wISqlR_+&@z4!T3aDUiQ@n0(ZqOMjU#OvvFbYV~_rV($;J3Q*^s6hk)(n|# z)Uz$d;Fk_;gxF2vYSfvw&mzb6-GkQ9%v__wa9wa+7A^-~o?eG|I+EZOp@W-)fF z6kNGYO~OYX^GNa0CI^`Lo9jcs&+#^DxSCJC4yT4jhallThpQ&2i;_=*%D;rb<%cR_ zLNh-soxoZTq)W8-=#{*>c$Sqrw|=RKW#rlR3e{m#=2@A57gd&O{si8I(j?sk7)<{e zl9Ix2)56YNK(R_Zzxq3hO;!_)Od+k9YwxF+z=Zm3OOQ160rJ@= z4KbvF%)eDL*d92JI6I4}`hbB%oPLDQcMZR+^F7i@bPzL$s&0pk4WtCxSeZ!=U$N*W z>J*-KmJ1g>^TgOXUZ?sXNV+>*nCe0_8_v##-|0ztimt1ORr8cpIvMxMzc=m&g{6&B zlE1?rY`RHoEN8*Oi}iUrHQCfR7bKoF97A}%@RVi8kCmFQsp-H;6Uf%^%Tpm9)?s`( zcj&;*f=4brU@x>k*`j)vb>NZlHyi;0;mq89HUq18=&w$SO`XIx8Ab5IH-cx?*>GpA zXG|KbTVgZ?qKy7=2y^tWFBGlD6p1qI{3KK8s#p}iS6L}JuZ+&XDoZ*VE0fiWPP-|Z zh8++|&SVVz4P-}1+Q1ZyfB3x*Vmj?>PJH~>8q`2VEdgUtkHky+gKgNRaJUwhirf!y zR*XubMMUZf@B8JaR9*aMHn9UYxb`SzlC7bEakLZfYY%D*!`WZOs26I7+-jCj1F`oo zf(&(Dd!b|-bjYiCp*%TwA#}OOf9e(-XLboTty+WkRjip8IUOrWnKW#bwBk4D9AhM7 zecGv}{*B+iB3!<56=li`2?sf(&$I^zH$$FbTjt3^_wBw&!cYiP=||zSw9V{ zyq`i`vp}bVv1~RcNDLJYgwsk0`Wc`PEdR-)P!~V!^iu%UEPf{zA8(|mMM~j5`qH6A z4gr}c;QJh&UF6f(X#Z&?85NSRK71rd+Z_+*{`&NpJuzpevq`aSYIicN9%^}X2Q;UU((i@1Q5!9tik2SEm}DhB(JMNTV= zHejg_7CJH8Hd#g63Y{oUfVOt(qDXoaQ=?RNu9n@58UB9BD^6M!<$R@?l%1$A=jRe4 zk%vF7l0sMkgG(y@9{L;KJ%u#=vXU;@^h+0t#Em%KZ2UdJQa~8@$nJ#Xg$*93aCcE8 z4_c%sVhRh&_wT5x$!(RwmCj2Jt$bl{QQRC)mN{%X(<>UpeG{e!R-D^Q%!&+SO7Y$4 zN|xyFveSJkDcd@4eLw7)PdwB4Tblgnibw2!Dr6~)raS*g2_BVUiZEdg!m5>Q30o%12s$JB8w~0XNtxl; z)-`1Qc&gm{Hm*20@tO-dIVE0v3~bAJOPX}T8NTV+ONbv_K{o}LV;mUKnD?VQz4M>C z9NOb{+WaY+SIxE=#^>vH1K7L?IQ^o84EIyno9zn~(4*;*Wb2Lk{YWhlGo+{|It59KLN9$S2a`i%bqcq8Nf(no>z#eA(uKzaD> z@mmKj>Z|-DJu~H+|4~Pi93a95yOu4wOVkrW_O2EA7oh1{jhKNYY?zO84ki<7{(Knz z;{hTrHeuX4B6`9Z?6qt#-L9oCc+#cO>9EQrFIlTOs1N`eAa4BoDrk3nEXC~`$5;&& z(lszR$kBE=N$;UK)L?$leO+~#q?x{T%cq$Ha@j&m{seCSvUi|~1OC{sxf0U2VU&3v z6A?DKR@#zaaiN&u&B7VvVQOdKcql*o_=NRnBtH1b8Zqt*^3}o1kW$(1Pb7JHM~ z!D(;0Y$_R8cy_P4>a&gb>0QK2hFawB%a^QYG`NUR90r4qW{yPGNAel=J| zxa4~*eXy*40`}b0a0g+7-aEt;2~Vs=f^5QaoN5CR(y0R+nS0Pdq1~zM#~#vT`S>C9 zI2-mvBcyxN->eG~qs} z$|7m{GoGynH>MQ1ZQW_zHgM{(hlyO~^tVTFBBp4T3e7XXyzqy>-_-H_<~a{lt)mcy zb4||pYRrW=)PrKG3wl(-tt)qWD$^vw&?1u6OPqTgUVi68l1 zW@%W%sWa=-#J=UA+9#dhgAeP*6MtpyEg{N7Z!P~3{C5GE!0rzF7k>&C1-tLuviDAA zI>ADk4sJTt;U2ScpQ8*g#Y5hJ=fa?2L?nsNiE8ebjY@)OZtk?w-=!uwiY<-MZ*xs% z?xG-?jfzM7=rDB^ea1w*iyFyfM} zn-K?+c>y^3HrwDsvQn4(H>?#IzvlO+$Ge;7!~6B@#q8VSwlaf8_<;%Yx7&m=Af3Xf z7E!8aDxInvQ9zgX@AsR>yXEJ@xocatmY_ov_989eIkccAa%+nU@q|eBbYs?WPx<;d zB-H!XW^b&XTeTExQ#U4Wog-_dZwZxW3-7UTaf#PD#*d!&26G@}U-E#n(g zPWom%>N88*cePpU3{NTZ7KABx75FrsjF~A{{)Z4e9SC}^-$P%NR)-N*^z}*f`~$pe zX7w4qkEf0Y5tB4AHIHHfBz=5*N>31FGPY=FmE8EzYPWwb=FTK58c4V~-R!-OW)jc- zN#QG=(4RG*8dqPxb#p$LkQvAR$`DwBJqwaTxdanBph4RDlfp*^%nM!SJ6f$SARMP1 zh(5){QL3a_pnm1Jk(T4AdtM?UVQTuFIwsAWRH2nb1VZ2kEI1IJNL;>A34%nZNy z(uZi13<}P+66-64T6seS8fm>+wPn^i#+>%`%0F8F3te=9m3c=9m68$PtGIT52PZ># zx~R5PTU>(xNuH{jKKhG3cORdwlb8Irp*PSmB(~BFSvr65fR!@8@okOC$e{t=?Q&&R zVoBI}o7HQY)lxKab^3ON!B#iD*fo1~m2>BAW^9!+tyVa)%1FJR-D2gDmAc&!{o7CS zboGfpdjAZK^`}3x#hI*))IV>kGFC4*YhmhM>GQh3rN&WDaG5nzrwhk#w@@5@p*T#JnCbni%E|u~9QrZBI)&f@uCE^4Te}kLQR9{aaYx z#J+JL#Khn`LQLa=F1LEudVs0j{@#rNd#Yb1=@&BK#rdz&i$2tc-vlq0X##XJUtQg2 zvVzKT3K53~JlQkTNiayxx%sVDX!OQy9QzTZ&g=T&5q(DxwTcFhvFtzfCl6nQo9dHO zn)uz;c`?#M67EI)cyK7^qON8T65dOwnHqhJ5dv#yA&Fpsp0Rg1h9FxIHMxV5)DU0k z0@5=OGK5*y$~GH1rh_E^yZs)suheKaqcBx#jVWqDlK&8`#Nrv%4wkw;`77|{Ey|j1 zlO$ec?|e$rZva9}kG)s{A~JvP6OkXOM} z+#eYq|2g0-Y{>l|@otdhf1bQA>YJ-?m@Q2SlgoiP(PKsmfE~6kjObCb7dL_Loa8BG z+b6fZ0KE0rH}E!d%O2Jfu{m!elqzJ3 zw7T4kk9&Y9Pv9=VD)aZ!joreNpk=R3EpT$NIHj%Za9F=29sxL;yEWAO3fNk=+Uu)6 z(3;#UZI1sp&3|N8D()M>`{xj(!WSnF*uOFrqd=L8>izUI@P^m|u+`BB>t{Z2#UyD> zaj{pHt=bmEarI{^cVt`jD#jxv38JEW#SQ4J;j2kGbt%l&a$-}HbKe|K_E`57;Z~yw z)X25PC_2oM_f#bJ<%PZ;!}-k>oNh;z$9GKcj4=`|iNXYJ%8tDV^+MsIW<0A5HexFV zVSu~ga1c3zA(_Cpj$&ZY*mI&bRPRw|*R1%U`0kQL#6?-4=S3|;-XgSO&;+yYfi%pJ zc0`!=*xV5x@PXH5Y;$4@x5(0i>~kC%Xjpk9L6d|D1hc1!h4;`WhRdxoQ%QIPHrvVH z8y(cwQL@cV2!9MywC0%V{JiU53T+I+C&VBP%S|u;005ATHr#QjfyI-!78jKk{Zp=@ zEhtx!AsG3?7ARM717EMIj@=6lD@7M(MQP1TSohtQ(|2235TO@Iiv?l{lJJkzzs@{J z>i^ZMM2o@s){efAi--NlZYA!@y=u90g$!3f=O&j`(m;(7mEqe*(?7Y2sHMkj9SqH! zpek35p`a58GehZG%ro-69lmqZQOyGRDSRYtFpQ)`S(U|VxoSc1vi(r{54C}w#!!|? z>Z@yYa!&rXf<=g0;NIdiZ1x|##mn-qC>`MqN%7A`_WC4mGN81vRZl($u0ScE&qc%h zk@Ci^l75^W;-Z{vVpnLb6wykMR+qP}nwmogzwmogzwr$%szT5Bni;cZE z_U`^yQIS=db)q6GE6?+M4(gtXH44t1c>reMMb_&wYNhh;AzU2xpVv|9-1DJ1d0t1@ zDAv&)6hi`}U{IbsD|Ju{n$xf&rD~ldpALJZ=oL z2`^J(GSn53TlWzK$G1Tl@P2W4VL@|=QIJZ5T02d4zvOcSBcGb2P>&l(DUw6}-1F=N zIeGjP|Cnkb10&=-&ISLASyVzO2El|(&SuaDFPom0D+Fb|wN8Hpt% zE2`A*454Xyy-|ia=kno1q(KlGyhsE0Yg}o|DG&@$p*zlj+p@K`cU}~-d}{7 zQm);Mn8C$?>Qdr!(!1=E8#Fg&Zk^*imVH2~mf67%%}P#VUp(whc&_~onGSc>|CLf4 zg!?R$a_5Wb$U;<99>-ds0n}CmM-*@QD>RmY(aU&3tb0Y2b3Z@wv?>?x4h}q&%4e@8|E~gM4n1n zH!N?<%T_)>=#Ro1-70z#jOIPz!l< z;%}f~)X9?{yCSw+-8Ww+(FjiQ63L#{8BnAr`31X<`AI5{lB!> zA(!>|?}cU&KbD`Lu8%dQ8<^jE21#oPzs2BxY(;%Ofq=S%lKszae0O%Q#{%ya{GZl4SJybq&pZE(_y5}Jgz4n_zcK&*PvD$pPkmJ% z{u{RsoC{xqpFsg;eg?I@XZz#(C;6YQ{$H{DKS%g~JNrH274ZZ>z~Meo-n^#+|ALoW z`r0uV2Gq3d*gOKL+*5)9w5Ahm!N2ItBj8jd<99obb$OA!q=gh2DCdgVGtD4KWZ)9Z zJOi>fekj`p^CM^=jo4~vs;cj@GH)z zBz`kOd(E*t@)&GEWUN7Q(PjyrZ`&7T&LJbQYwU4*z#-h?zn`a}9ECQ*AZD6gTEq_;V#*Cty&MW4GE@shHy22s**O|3I-7`vC z7qzEMc+$T8F*Ei3{V4bKx|;se>vI5!dl~T0uK=iy-Y8`;m$>oK-U-sc_|1gm zk`noODc@Y_b};dQDg_-@1K7|ey{dr#c?4BAtUc+t9Lntk@+x&!!G4H?NLN0yl^o&$ z^{0lUrp*R?PjHNTRr>|%%J=9~7gBzFy{q54#o#jE(b6dDoyu9*6$B$lvrRQKQEmZZ z;g*ohPD6AlooBKQ&pxR=|7>4%T?fGOr1vna^*u_eE)&!x4<0uyMPh+Jz(n59-Ps(n zj*wz9Eo&F`D6F=Lsw%{8@+Ja$w2v6pnrlIZB~I@FNqAvV8~`D+tpR0RyGXC>2Tqn? zF=^=T2PUzywSGYRP80a74U*Ga8Z8$WQogy<)O$nwRy#y<$EFSwGcr#OePwz+b+F)}* zZK4NHt3jQg1B$y?r)b8?jFqB7zn{>YggFJU<}awlAS}pS2$9&-5CRqEhL{c8k@*z zE42sJD^Sk~xGiIn*_Agi4LB=eU)Z0eRZ;MC+y_e@f%3KIwgi=p%TWr)-v)fuyy>MJ z_ZWtD8MN6ZU^1expl3KrE}Dw23Hv@%=-Pw#?}eHAt=>;-G8zC;F1FAYcMlt97-5AM z9r+1JT#poM21>Nf@CqF7`CG()8co@vUEzK(1D7`UlME^H_kKkU4cDt$2+V$8_F{yd z(Pe_EXj@DxqEMIDvqi$RydQN%AhKz50I`AdWp%-{t#_Mam3VF?gerGk4^5Z)?$95BSct_29% zTt|g~1$GC(dt^6W)70$S=^BnA=wCOXJgV<|fDeJ*YZaVOF*z#yxL-+6=G1_t$Stg3 zQ{*9&ZyTpS%ITqY_VLlP?B|!|s4Zedl=sRA6ZxuL$ef#BId|c94E1VYX9<87Z=d{e z+9$vq$;oXM@FDJ$B3>?od;b6gIurb99hkfQ#C3;ClCa7a%ZSpOPZ96P&{tDGsR;ov z*)~^1{K20)7q~?~8wBlBUpJOHIG>@)u)Cdw0wOtrhZg|{1D$>9J!jsOxbZ5CHSUBB zw0Z=3T%=a4PCoL>Z9&B$YQ7aSD6hT}gD;0lM}VdcsSV$o8&_AXAMxHv<}M&|B+?go zLU(KX{wWF?J+f1`3xoFeA6_bm?52!@tDv5{Wz%9@9qPpo16hd4T?T5|m)RB=x`n?e{*1P#4ys{x>k zj4d9|pd~4%zY`{IEY@~o)Tt7+xKi(X`dfh&9SEJZ7rPB@4YY{%I~Zj-m1fjx#>39r zEWf+qH2QG^MsSBP>78Keior*Is@P?JqbQy-<#BNbfC2sUkt+VOBmMTgsohuwR2}~O zyt3WxTvP#q1$zdR>b_lHn7(tnu76erjR|H|?3$7eIIsJNqi2HWp@Omy(DDTF{z{t- zCMVNz!8$HJZfWeIS@gKN-Sm(Z!918@3^L{#=BfMo4|+6$TwGd1Bzm$sz;;6YAT1U2 zOH5lp%w(k?gYzvm*TY!I6A1pr12(J(N|d-7?0rT~LF+%yl?&M3f=cdGop1fp(Z0t#BacI;s|C3Lh1Nkht1bPy3-D z*E^@W=v#wZ%_#TDGvn)JX`b6J>M`nq>2Cc zC~IOhMUkum511mK19{8*8N;@HOSnT(zi62YEr`QYX*x1pU!M*!R0UGP>%CFWhIdj;T@6T)= zU~YUSoB~(^iH~ffCKD1vG6ZjINyeu3b#?%+BNKvC6~_8ZIqH4C*Yg*#jpi(W?CG+l z^9HP3usr)xxi8BN%p%0{pEw~U5I{j~^yuYB|7a3fHLLa(17pLqPO!#xTb?+EvxPIq zKX(HI@>abfd9VW&Ua1=4(IGYPg&9f(~8Qx*6aHN)pWJkVwGr$2!Q=ch0xja^*j!@70wa@k;CS(J` z^-_#?H{lNG@lcGk;Vf_z0>f5(jpFr^RZer5d|G@3t_!2=x$V`I_fk?1ykY!U$92|^d@DC>E_=^fXW!qH9k5RVrdqK*9cNEIPcHPIwzpp7BjKAqqZp?O3?cO0YhLNs_hCVg>+3z&UvIBD-!<s*bK}X^(%JEaNP`^hmuD>y2a(ft0UWjsl8iCo&A9 zZ%jv4_D!#hPG7qBoIO!thg*q)hbNm*=5)jinvzuFZE~ zJB`!$vj*uSJ8Xi6Zzx>I)pCpDP%lM@hA*Bq>a~RZ3iKnN0~Xg%uJ)xSZq*2fq`nq( zKz{HOeac!wE;}V2!;fu=!U5;j`=NJp;v{P6!uPIq=bl0j&=I=!)w5ysv-@`p1@W6Y zv2|G?s9cmhug`+egQb&mz8Bc-^00~h@$c@2xDd)N9^Dwd?(~?xce9-UIYXqM@))i< z@D6JcNCv@n)gFHD-XKD%Ix$JgkzBwJXQ)v1P|zPyN@G!fJc!gK(1Ei$|F*0Z@+<#9 zlCK?ZqvcwB6)9j%^lM)jzN(dXoKDuoLR(jMameeuzij092k_BRVk(7Pi{(O=H~#Et z@lAr1{m>!M;EMcwU3`xeC(F3&JjHz>wX{>Yr$_o2KP!h6G<)0Y4NJa4Pg96IuumZx z@-K%x??sTMXEXwwhs6l(pVB?FF5J!2)}bLvs|gTFp2CEQ;DhbKQ*OYl$X4W)X$wgI zTpLkjd4z;wPD?KciE1ITRd+YY%FBI)RBEqR5Hr}f=XhMShlzf-S?#(#ZV$Xq^s^4m zhVZvb6e5ZlGiTPoS?chrE4^sYmMb(x92np(8;emM33#*vTa#%%=Www`sD5n4ctQ6 z-(N$k^P2hR{kONf7VSWe=*cm)3&(IIJLJ#<2buF(rz6%w=Xc;s68Ey)a_a z@L*0m@uui6_lo#?BM@sPYFf4wuEmeUW~H>5w0F%SJC<7OsPg7$wWTg?>2ynmkFlQbS074G)PuAmXxVO@N3 z4rLko6%mF1_u4@i7BjCH<%Zk;*oJa7$)A)7N%BLC@c?fPvQZN$f9?WN4w7BLl%GmD zF3rXC7dU&tt(?}g_eZzc^Q5g71n}sUdr=&DY`QdnBH=n_8;R$oOKK-p`K!Hy^t`Wq zd@L(dWun!!l}HaV*XrA}6ky%-+KfMt8L`TESKS-z;Mc{hjHo;}qzU=^RwHSjsn}MG zIDf%E3~AslZnt@>u^+N3Uq)|ofF_LW&18Hh=f7Pf=jpA5n zo+GO9=4(->^VE+ZQpq*et^P0Z_bmn)WgiF2PmxhjjgbD+T{kXn${=B}#}cGf+fx_l zOgk@Y0CvY}gE+a9T_5RgD6-~GxEm0#2UENrq`Vo1gXu4|MIfQoWy-nZ_(wAkBhW+P zF*veZlKR3Ph73;D_!u!SCM3T7D=me>I2YZ1)v~v?aPMRp*RLnt8xsVb56Vkkb#488 zvm|c+hh6mXsF35}dlBWS5motBNg=qqs$FYxL{Eq1?+Z|C*Fja_W^i)W1OTS2X_h`7z<*TIdv(w4)fpU=1SJ<(DI~pb7!K6oVMMlG=(D9y%w zj5irltk#w6>T;I^z<$D66Mct0ztp7k9T-A8h<*sQcRDcY8Cek4q?N^4f0|m#-WD_y zN4bLPmnMQ2>*NZFR{E0U+qx!_F{F~Q}B*)^l4qVTn!!$hJR@;=4i{)q;6`Cy=syD^9NAGx#NTakZ z^JiLU7)CHT4Nmxx|Vupd0DrPywv zXr0PXV9M&)mQE96urj=rtI(hymnWE|-7k&=VhkD)j`|RI`1)0G?XTVGhXD^J{HrF2 zUtOSht;|p~92BPiKCpxk1yLaJdP>wW60Y71JAgk#Lwz))Y7?j;@OJ;3H`P`Z$v3ygG2zq~u3EPd-wN^%n%Ue`8YsZU1$T`y z9Ab;6eP+JENgp*B{}Pv=UD>QNidvi+LL81sU7t1YEF~4@A8=qdFxVK86$+P-tG92hQ>!_hSFUIRycri;47L(<{H65 z8Qn+RxZbm{fwACxsGP&;*`3qOn7rN_PfFa@Iak>RCSW{Q%x*M_^M`(DDX*8m{j(xOX2g*;FXF- z^u-PS0E*!?>zB!`oHeTl@{4nAjWP{M#gbnqXye>ms1)*&Uswf>j+)=ZX#w|QmjKC+ z#Np;eV_*X5!HrJ0_|4Nj6Kc%Gi9yg~qI|?4BXF*cRqK&n+9N@%OcF2efHmgazX5Q0 zGLn#3h%3IUmi~tER5rVEE}tfVuHGcx*ZeIpW@v9a)UcgO+x#7A45~UR0zPTdL<|JS zM)ApH14C(z47@RE)8#j*>y9fvequLndGjDcEZP z%PgPM00Louiz^>NFe^r-l2r^yV^Rl`@uNT#T!8>(Mpo*G4KqZT@OHIzRyo1H|EBPwCt)aHiZvt_*Aani z=PiXcrdvfj#XnXzzm2g5eD*>Ys_n~)URR9L07+VdMaF0b^5|(bx2sg;^Dvxxw|QAgTo?e?2~^h5>rC4SQfG-Dd-@mHVQc0a_>`hmC>Q+YpxF z9EcVaD;kx^OR*=xn;~|U`hnMU4Idd7EH9<6qt$&Gxo%CN!SG>XWieqsoUK}8O=!MF zzI)CcMpghVPPzk|A zhK!>_U{I0A{#c@pu7p2oLx?R1PP84`!PVwL?Exo8H^AudXM#ZuP+x7zy1@ z(?JXox1o83GsOpep|zXA0q1`RN3*U#-Y!N&91=mwP_b9?%?dfSwxN=58k$}t%_t5F z$lg(JLuI^!f`wZ1BKN;_Su)~dvm|yyYjJaXI(V-Nt$a?9Fu*U-hQYKS-Z)s$WfYok znC`Q)(4~E5qB>QT_yv~$8~h=kL&2odbGYg0;YhJ^0gl0=*|WKbLL`yNQ$6y_cd>Q% zm{odzzPug)+Fe|!Y74t&v14fm{1Y z9fd#mgjW8+YidVofpiwq<*lh% z1iOFw#A3<%=kG*F?z1ftxlfo!>R<)C*mCP#B!LYikh{yHvU`GiG9Yke|>sE`Ms|x{X$j^-%9dfyt3|;S>1&I{?LCW=ys2a zb0Gn}gW%(Iu?nXjb8uE@AK4T0YyLVe^gS!5wL)2~^=4v!m+9Tv_T1_eHn6gugHVL^ zl+%`(AF48(hv1w=x2KrJeF{?WYV$J`k)Qn^ZCq+kKla2;b3_j^4|@lfL96*3J7W+~ zrQ)D9m~n(IjzI5Tz!^t1K}zVU)Vl6CA#*m_^|Me~l2+M#*!y#OC*<+ost`~J6X_Op z2C+Px9RJo;V*XPP-DSwKfUP?SNS6XtMdap$TnVggJ6va{C-U7V3}wjlyyRqExoxO3 z)jL{FU>(+)fNy*ben`Xah9XmKDrXo%$fshQyw$YiF!sYjV_&?Rol0v3LP06)l@S-o zQr)5sc#2z>YZPbJo}=5K4D9C(&aJMShgDtoDz3%JZZd`#{hn!?X_KLhwsXf%mEWm$ zTAUT6BRMFly;t&{9ydi1k|i7w`rUl1m9nZ2;%bF{R=F}uLkBks^g&IlfbTmB;}_o} zLz!!S7+TjYT5dOZm7OJ74*vEqH+#A5EorOm%WMeeiKaJ!AH?gmYn|%zS&G?~r&h|7 z-bWr@SjX%S)e3ReckS=SP<$AosD@4js@j}kOPE@qww{JBT;?fsleK%C6Etm~^3G|` z{W1Kkexx+w^Q6{(C8x)5E!bjnv1EK4O7slT(jY+{Q_-@*5lO_d(_$s#!Wo{zG@~Iv z^DO79Q=!ZruoWO=ZEFYY zNjs^|+b5D|oH=40L@qsg7nHz8OwA^ocPJ)1Zej_kD2fylCq*BEr*e1j+=1V%{tGZRv_~L%OnC~tbsyUyx(qi?` zP1divCs-IY+ac@iEg6WQa0tYkSW_v*jX!!yH#{dR6z*58LD=&Y;QD0Lo=$F@f@&j< zkSvK0EDSgL1;;Y-SG_?(0i^7mC|220r`(ElN!}`!3hcS532)%tG=je)%(c6%A|(xi z5xpt%r^-%{CFiQxk2*u@r|*J#&r67Z${Q887o*4k>y#lz_7(h+fV*h7ISiu_42~#V z@E50lvhJr-wtLIeN;~djol?bTWjoIHbJTg)$(8rPAkW(OUr9YYjLBGwm+5AkQ2|ftxfx2 zlD&wQZhFSCdVo(IsfqM_FYMRsW5N0g#9S9bgZJh6PHpzHqX)> zp5Z2*%VQg3q1;@Sv+|(t+Rjb!-Ht~G1l;$GWKK?aHyIMbQhR=%9|aTlL# zPMvf%k72J@u#B*o>fJK4J4kiIJ{3(y0jnS0^OHj6-$^Z-U4d=9f)}t*ZshcH#_}iX z9Bz(2LnJg?D)8^hY2|k@<#XZ^}Am(gc_*W6aXJvc0-8?-v1i_{|+h1(dJc&MShAIp`JHW7{4Kzoy z^T@-gaTI(veqGRGR?o7Xk4 z$}hDo`e_mJ_}>k&putc?uAFwjdrDnQY5YO$#3kLuCH{V2AEE|~bZPD^wvBII5)V=K z`XXpk^Zw<_$iY9C(sB=7(#X)#P@JJv47%svlp|RQ9|a{ZMvD0tg$a|1_ALAPI-l~W zZlo9U*q&G3Q|+M$=WM9`cV_3lZts1%0aE4`R^&A%J3ZtONCw9a3#mM+5~X|43}gON zF$9D`C2bM#s-)kJz@7k1)|h~M(%9AN0fRhr{|k#&z=H@U2DL%0*?LT{Wedlt%od$IIc=1$!c?r?oVoP8j8T) zIM;qjeeIm1-+ex_TphmsN;DE#gOi*FRu392?&mS?p95tG-AFH|Y9(RsF%zo{JY^+; z0kxd+6^4u?$cLwslbh|k6WdisO`nI3h4w+``vyY~%&y+fOQNj_41;uwAwaHD;PDtu zd23^vf-8%Ia9OV~R+!p4sS3zJIz8q9oT>ewhZP)tC@ZTM|E7JpxIF)BzRl%x)y?xX zn-@zG&SNq00xShNN3xK5KNf)CR6G*+5J92*!1 z4o$I+C|1tM6+;bHnh}KPxGiC7%YYA^CR=3P?_VuoVxPI_M2ufRilJluSIs5VBU?9d zgY3{dwLAGE)kuXuBl@Y|4kiL(xJN;PLwhz-Q~`y>If(YcV{b$HC5aQk8k`@*4$-e; z#a~I&;LIvauoLY@V0m+d#JHP{LV{|&$&MG5#NHIFgB^)nFV@JE_gU(p{EtFfzG5OB zmcX|X8{f}hcq#Le_tU7md{r;(MoBL=p<}jOXSF18(exiT6v5SR_B;FNlW}2v~=OyO0baZ z8A#f{yxJTasiLe=?l+CpS*ox=aO44`?L@1$=p?+zAU-=~L>L$A9_g>$xiYBTI~qTG zjV#z+-gGIdqm9_OId>Q(o!mB&SEs1Ziho08D~cEo2=HR#M3ty);sO2*QAYc+ z(wxVHTF64&LxMrTx z4V5er@11aHA6rfMI*kGR?PjPx05w>5Ke~1o#uq-g?-9$K&N94Lmv7qQj`@c0jF{u{ zi(EyEjd#uI>!>d;FsU5Ke5O)2Ey+#(TTaDPcw+S2d+5TJk8W|`BZ3xm8x zXQ&+U70ti>Wf{{{Xs@L6s)f7=A0yt|hnCXkjp9idsZ++~t69n%#8U=Z=s1TJX(){j zNRMf==fb3m_|BtYXD7(2yD^WGaJ7O8==9#v!rzuZe%f(;K&XUsEZO{Q4?Uk`numy{ zn~^~-Txn26M1b6nBH!1LD(wY0cT`VS6?Y~G?h~^c# z!fQ+>!?OtkEmh}k-Qx-tr$%VR5KaJ9;1Q?^F0!g|Ec+^G6!QEvys+mBF1$a%Me(b)#Uu7$)Cs-xKh}#ke7Qu~||HD6drB-x{$}s77UlQOC5Tj)UDL>b^@* za@0aY*b6~?qb?F{F?kd5>9@;q8XL=Q{He#&KL!s|A#$GKm@&Xxk?WDcE(Twe>uzK=2c|vXoYj0^fNZ7+3Dio=$cGYg_X!d%b>lu ze>~s%m^fIFwgBN%ge}qcIDSVrS-JdpXaKx?olRXdu$7#M*~!(M{}oc0;}lshMNcSo zH5dRbx2ykL<32tao6QcwAIHPulC{YXl?Uxa(-AiJ6gK{Eaubc7y^kDYt>R) z8N_q+o$c4^qIKxqZK4fgFr8eMdFU=z8u>6swHZvVr8hA*S4Mm$G90y1rA{PFjNAOK z*B>oUL^m2)&!RCN=75%VXiKq_)$MP`+EvddF|ze}o0klXKhg|1F_F%pZ_G$!R;PHf zsvgY8rN-dFJ>8z2LVpxn4{#)rU@_`F{GbUR?#@2qaLOW3_IJ8gISPi7Ghqb>XB(lB z$htEZ)9V%&i)`Hi7<1)T7i-*G6cz27-YA74VdmAk-BdLF>_q)e=MiS&S!k3_hqJaw zH9>okM8h!DdxNgzb$HNoIx25d@}`N0P^7#C<}s#Z!B(R{GY(q__2p>SqtRB3>1RXg zqO(J~KpLpG!XWfhNysxaJVHbilcX}Bej*a zI7`lTK|+RL(O8*3RU;JPP*NkmSPPm)w0S33$1!>*N*`;y(ks1bYGJGijgeZ{(psC2 zhGFIPjiI1TgG&EirYll>n51#oUnE7SjIt&X_B}_) zgi#>7xZJRirb_D|a_zJBs4Y7)vwm4d{aXQ}O7OfKpFBoWRX~Z7eI8h+3PWvegOa*w zdj!*YfO{n-J;fUa+V$}%S@v|JU1-|+(4;`TtHK_a;wUpI^_+z$ytO+kq{tF|H*U=_ zSwrLU(mSV|GWd6TBGs_)@&i~t-doDe^W4*&h{FTPr{}}R z3Y%KV$PL|0HNeT~@BQ=T=keFlnMrfQ!ve|7ElvS+S!ihGTl^&Ln7nUneHECT6%!`3 zN~SiNEr%wc_9SM~5gLO)<%t42aIQ&8*nQ6F(zr!q%Ns*XO^vUogL^H5><+Fp+0nRp zpSq`{dc|x(!h&$jy?JGO8$8$sI;Ri!Yndc~y znJ=oZM5o%V;&>^AU=_1|G|LJXQDmq|X(i`1=K6|PBQOFN`8Q&{Q%)`fG6GZsBFY$A zO3s?|B>q(A2ZK`^`?ClDtF~ry5!lsoKy9erk;nDxSyuRYX2APF({wO-PXprh=killz1~N@0D} z0e=5#|Ig3g#nn~GLC@9mbBD}ls0ug7h6{Ud3amhqJbXU{8q`S0)y4GPB`>mrFr9a5 zd*Hxaychrcj;gRS0a5J zmUKkBGj(`Fk%9=BN?j;+$D~v-mA|~l*2FhAQk7C~Z=nc2D){iASlGls_IiQnoY%$h z)~{mC;hHuoA8;ZWz=8ackpKR52oa?=K(;;?;sPHv{}GY;JwS|XdLqN)kA(?eVy}kP z^J#~QUd5JCwGWD8yog6Yj1X;!Xl$4fINrev@Z5)^bT_#2MXFVZ6c6EfT<>Uzy6%6EXkfk0FM-|Cjl zeoxh5x|CDV!{bNJ;g@3SgBa2&6ZF3~_o~a_!E?mhv0g?MHpe_+6SWa8>2ng+@hfnZ zGeK8^J)|%Dzou%KxaE^L%L-*)sH=ukm*ZBF%hPulR>!h_(!{su3w1&hk`nt|<@@vE zkt|YDrjd~kAmPlpv!OMcW!7aS3Bj)b?e*OAR{&Sn*WXXT*O%zG-WU^vRPM;Exo*f? z5?tVdnyDv=&o7#u*O<`tjjPV2a9klLk@Lb4WE6DK2{H|B>6!zMamf=Q>(P4#Z$3$F z#8&t<`IN_A$;uqydShtrz%_3b2^Uky=;Y5-r$KmF>D)yN%H_5)~9c_Ts$`tTK zUKh<5Eo+skT#zE&vs)=CV#-yoKF57xsh zkp5>$z7R=h$Xy=3U+Zpb%jBaBnJA6?7u{arQ(wDqonb;ZEf0QJ4!cDpUV^R9 z51vT2ytIlUhAVFMw$v0vg%}va8|*wDvtj_$5Tzd|{3u@m*R~;m8=U_!6}4JJYZm}B zxKzYkU8`nH9N_2S4xP&_!oKU6r_8f%#nJ9`%Xv|C{`jvjCV}eS^({a~DvLt2x(|b; zdeFCFP;fL3*fd*E|4O4{Q(xzK?PR5iXp0cUjEb`>Dcw%C964E6T}+}`&C^*zSFLptsF6BVz)YmA$CRN^YbQFoDxVQYl*OlytCAwlW4XAKGZ?{2%4s9nBO%6-5_n}mTfJA8n zy8=GK@dlT;vkG_Z-@d*qh@JM1H7;svEB=#Txf_BtQvVpD_KlhA{@Qa8Ehu=FwT!oP z0{z}2n6_ptdZl;=6K<%Ae1}bEfdN;A3v>~g zng$baT4zIDYu$Ob z_t_0ODgp)?5==0dWPT@lawDA-?RAIPPC#$*ROJzyz>U-FIua+4uGRgzSRc#@=(xEJ z_=w@k_waaix!y@pc^>ve`cNW(_*i&b%?#GFM&iDgw z4iR6+Hp%X(ba3hL)Y-RK4j$q`3+VE0_UP3D1g;Ogm45r(ALw|L2 zg5Qa;3Grp^LiQcS9OOqMT*NaGuvOa`U@%y4_s=Ey2wxDSzaq8uHRIO5?4Kkh#C^Rw zOPU9HbSl*gqoPkR!#C z4i)N8Q!+&S+@nv21wRCbhcPh%^Ce2%L`m&Fe{!A0O`pr$@rv!tnB498(rw`qhzYG4 zZ6mAkV9nT-V_STS?mTxEE9Y9Bmg#qki-&oyZaq)kYHfowh?E&|+XnhNzc^(h6aTS0 zcA8XU(<_SY~C@lS6SNDUl#gh+tbC#C4%QM+&2Qq zu&J6kM2)Z=2HhYQ=6hupypWz=Qmhl{Jr$uyl(*S6Rsj0fS;LQb`B(qTZ?$vd%2Md9 zxb!c)TqFOOCO9YVCM+%+VgB#VC|nyK!<~k(Zt{fOIq=``FB`a?LSHs^%8e8yBwlZ$ zVwGtGc~Yoi!moRfrWUr|_ji|5RcnUj)hk#6!?bSWvqENP8GdehGJmM6x3G~s3A{ziBqi(ozJ191XU-T2fu z?rp#4_!w{o5X7UA#Pfv`jg1=Oj>+0H+Kv8$JK@{-Z|~r=Ma+ZG5CFJxK)&R8FPtmn zYxniS4;)*5S2biM`q8$^lBXBCbxX;1(N#U_=?$iQZ6<6u=C~gMdRuIM6tB1SzooB` z%FG~DodGRQwLjEhuFD^z)6WFdxRGU-TT1ZF2J4`ii}?#aect3AWk7^=CwHo!N{uRQ zA@_LjF6R0t5&9S8@xpHY6gqh=vWnl)=|Jv=C##(It~$d{8VL$)L5-Qk>aU8F@9`lZ zNqu29+%yYnQ5jg}7La|d`}4v1!+Q6F=_yhNAH0P!x6i*~MP1;}h1+?~#kv&Z}U%R|&R0?zNft(lYk>w~9` z+!-+QP=8&$Y~9@KFg(7TE_b5uPR_1x-L4+aE}t4eD?4vHV$ZZ(jor7mi;ts|v&Y*) zI{({I4PC5HipIB-v(x9mQHSfw{?G>A%+A<-%yw>;&d#ToyNfs0%5BC3KNCs{i73;I<$)v{NFmn*eo3co`8FB_a`;1aVCH zPP&*weL+jU(JjnWSmAjvA1?XuxZvJ}HbN=LWoqyr$+8X%!j|;Iu@k7oYiL(Bq zbM&C82Sy>FL{78a%4Q{6{rCWv(oUQFD zGI1mXRo__ARIbnfsPB7F#pgVZTpuAqpfGz!y#DiXPfczThRcPaxK2Uz-Nr$uZ7mYG zmir|l=O#TAFoXN5!>w}CqwC5x1$cSM_y8nxyN}=_eXNK(oY#|gzq=y>kAMGpeO{qo z2V{l!CFgY6M`P z>HGj_`vZoQoWC!wik^BpwnPCP87EX%0A#S;8A@>TzUK?j(Nu!Bljxxu16Wi-Sn3cu z`kP;$K63oN*JgjdbML=vbi}{_H`h02`+Rsf%UZCt%)<9D+}j8r-hV zJ{Y@tCBiU`DK3OkKnZ3-=0#Z}_%lRUIG0E>^Gympcx0JxD}Ya|Jj%BleLh@(LCMOi zZ{>0L6I$ku=x$b3Q2??3Ko&U}1Puqak2MAC#anvvysa;`5pj{BY7;{-;h;%C!Anw5 zTNXoMN$4R)+B^hb<5K|09j#WYq>i@0e z;bO3txxhzDwv+llK34x1WA7LwTNJE`Hc#8OZJf4k+qTWqwrzKxwr$%sPTRI>`riBE zy}9!yCgxW~?5bUvxmMJ!%v@i7Uk&kNQ|lc0+V3Os+?nvBeD7%* zd_@&YYyT99-7=qPL0{cwU$y(=`T+Z3MC-NQP(#vm0Ukq{NrVV_U}u_XY!N}2JkrT= zo_mk+J(S)zocoS5DX;>7gK-<|CYLqMikPpC^hM&LR~I1EaOKlE}Znvo98t_Fk^# z^zots@O%4h?6g$VMIHcFKT$cHI*d=Wk`I~Yd(XOS4qAG+gKDpuy!kzyY{G*{ZIr>J zXSzUF3O*(u&BW}X#fmPfX&25c+r4);IAjyF9ge&{{kDbMFCs4K&vX=8`bhs|YUD&)Ul}3nsYXiy369qk z1w&rdZnQ+;hAkFb3myu7eLTt?dEi!`ZBj$;DjL6$6vuf1McyJuo3J+jXHl3PQct^( zJU1X_j^X5lB4_rzc(cR1qk!wfUrSyjjPCKC%*xialkQP*n3i^Nn(PJ8EhISI2)MjL zdjag&)wTn8CzKrlm4AW#0wERkgY?qVA)D(nlB*i1^A{5p1F1n?PTP2wkpeGkSq?xo z!D)n%GQnc^A{xPZNo%)nt^GF4CExvO6%d`@dX+x&uDZL) zzb}e-5dH#Q?vQ;Q{KIPHrvS;CZ6}SLtv5PVJbl z*#jPZYXJY4;Adrg!06p+s<3vmc5B<}cS?17ruq7R*kDke^ZXG@wPX5Tz5f15_a7){ zyUzf5eL_t{e=5CGHvu#;fVyVwM1buT`x}7Z#54XA5d4N7k|}-ZL-$65l6*utDHvPbd-SC;J#8v;F5N6$&20fpY$ezJxk^(da=m-RMUC~5m+ zH>o*a1s5kvuAvZtPz@iII0Hn{#gb3-Ilm!N%?8G*QX085+RRrmq4fSKW!@#@u-5g_=b4CE_C~ z4zL~+HOeAJ7m@`=j+BT7!A4$n)X&k)CZi>v!R9haf`XZ^4Kp7rWpdv_lI6Os1>1Fm z@EiJJyz2d7yxJ%DO41L@sVV?|u33PDvlM81m^xxlc$mW5qdCdQk|91>2XI)Qs^coB zI=OtFhjU;5eo2?dRX^*%O?wA(H+f6{8VwMkHur0()_a@U1(b?I)b8N6qxhZincV=s zx~uI30gIcv=TDhm0L)qJcg-1=_Yg1?7s}%u$J~O0cnS_kliPh9W`U7(<#@0R>R-MJ zuKYDL5178J4IWGD4%yAWUB2G|fb%6sdIknwbSHE~aa@Y91ZhFCL3xD^dC=Ot(yv5G&(TzAMq>w$>;KTd0?bOx9e65 z6pDR+QIN^e;>)Nt9oG*yhoXPMLl2t_)If=QZ2@E;NZ}=g+9;9h5tU+$XEMYc3#qI^ ziRMEuLpQ^nj@k+pqYafD!<(Avl)CM(UDY4Q(#2qqgqpR_)a(*mFT z^^jb)om;nTm%f2@?b~%*I}@V9V^DylWDt)a!{FhDB^-nxfCYon_h^7atQbhafU@@( zhk*x}{kZ&lLuarykfw{Cg670G?d&J7Y#~1t?e>%`8{2da_`5{33pLoS4b_|WH~?l; z*ay~}HoM|i&+)_fpVsmEAJ#)nrf5b*)CjCf^SHvgCe|qAMc@ ziavDRr**f-to(z~osnMl%y@Dh@JS|H5JkaWkmM57l$s{iA%aT{sKT$&`87Mq)pkqa zPXk9o~lpR0c^p~nW)>UyxbzQT%XmYkJMTTVIyl90AH1dn@-cd;F)DFE1 zNL`>-Qi6j&V%>j=Hb$?q5ORW8E)ndL*Swz$ej-ou=Z4ubG7b~qVq4~p2(7?&yQg`# z)=g3OGEw171>7!T;M`oKxDY=3r+Gbhl;-4ii)T0OE<7XbVkS<4(cn1Ez1H`#RWxCB z9Etc3a50Z4IoJ6Rv9?Q~8+zcHz}pJ^y3at$@Gh%8D=g<$HG->4dt2hSUyp6a%X8m! zsgYZPOr~=o&(>w2SLgv2p>XpN6@mHixD?rois8h^&Ny{pmxNT#QIbP#2HO|Uai=F5 zsG^$loIl}$U^G!iqw7H7Pgj=wle&eh{$UgK4E!a6JL`a}Z>Q4NeB-u#^gVhidoG<7|KB@m=sjmdIR@){m>t^y>mS`I-A#fdmFWlaTwCuD>}C0;O%X_>&f_KQ`d)s&)F#y%Ssx#X*fnMJ%1dzgf<mPv(8vezGQrF=w00Pz%;;g@%5I+HV~MqA#=n%F4}-Wo(b+Ng<8hcdO^3F4*Zq zI(X&Wx`-aOXk=vFmp&5Gibq-Mzbht$C+6Mw0v_h&w@jUfT!IkSwj^%4&e{CFhs2%D_-P< z>r|lskkZQRN6t*jKaY*<*f#FMaSpt;WY=3b`vZeHH4NhQlGQ5b866OGF}KgU~IubnIn5Sqbl^aJ_;%SBRh|wprafffSpY6hg;H&U}g3Dx-@KkQp&`H0>wp z+5zd@o_)(h(aQnS!B?@qND$KcGcXLes8V__UH$&jWQcS7Xx9sJ#Ag8uZAqKZf6!b&DoPqG?J;%09tk`rF(O?TSf*ZV$*p~0vA(|GH zEDv$Hs5G!o-A3Ik`|$Hzqg4NHII(-#`p5!a8c;2_%|uYwdvJ-O*RBrR3Y&0Htw=u} zOi^d&RVhynvL3lAgH1C4NMVpXA{5t%Nu$(#-0MRCLt>y9IqDfGs40I7x&#KVMlE-X ziW3qL{`(!1(Pg4@kS-;t70gM|r(kXRDExMMi_HW2CsH#agmOR?YM#*yC74BJ!ga5Z zg;@3sUM@CamM2ytoDVl*Cz-KB3Y`cZT(J!$i6{cR{w7+2(k^VMRTQ10Fy|t7bMvMu z;r9LKEMfE6wf3q$-KJ00c5EL?E?yp42J{+R<;*dPNIK@!$cJmDGJ>%9=v{=Wr^Hj6 zQFNgc*$zG55hW$YeIaxwIgmj4ek3^JeeETpol?{Jrcl_^n2A`jm@*PSH0RXq_$fLV zm-Z1|OOxY~tQUdJ$*Kvay7|(J+%WME;S(2*^xqnWaORQBYqV>ttz^HpDuDVVzbRH5 z>PMYZ8@#K|2v+`d;N)vBDxpuGtJ=AkN_d$jW)^rFJX14r9V$0wF$tG^6X`#$1kq(a z7)*2=I0#x?Ny~D!f|Vlz*0_CtZ3zVr>ncf>_Hb3K>WeRqSWPbMB2s9!)S@RTne;iL z9IC$Zut}8~T0s86DCXb1GQz>9{Re8F@(GDB%43=^Yy1Jbc^YNZYzOkEXIPq$$>5u+ zA{0$v6FFrv&?IxjS;SYM8tH)&UkD2h@dn4rmrdo^!gM(Yo*b$!KSCY1U+3+YaG2vg ze_R~`9WtXO(-msf@@@s{)kP=%admj{sp%mFg4Yjmp1U+*LiclxrJ}Gw(f3nXp^zC* zAk|SVaQ%^)L(7;5jNf`)n65`v^EwzVMXqBLhkEGCn$u~vTZuC@>hM3B5>8v=X|^NN zfhqGKpdKF&;m#{}<1_pYBp0g;xOftxOmd(rgVBf5p?ILZP~mSm}*;G1}`W zC9{L4FUdO(SRQz5>krpy@rm zdJ)cUsNN!efzdDiJP;&^zuGERSiAtwuYhj;j@Pr-r}@nwc5(9*jJ*)}M_e7O2bDns zlVkZkmA|ye_GR*j6dcbZge7$zj1CeHzB`ir|3chpdwZb@3krUVYFzAbaWC0CnUd)c zRwA1J#=-twW>(_-kUn&VoGnMELtZ3dfwHMhO0n+1&3XTW4K}q^kGU6gsP_<=cG)R3 z)(;xoM}ntubizs!mHhEwEAl z-=D7j2=+h1iA)d9*x+wcQ-;*r5x$9t4C6Ja6a1;2r|g;0^Y#!YVZ9RdrG@0|tdQ}u zh-$k{ZGOrVdNXP)G=n5&k;YuEWD&A$(!lFil<=1em>r z^PYWvWK4K!8*e}Kp$#h>DWP!ctU{7Ne4{R9_P&Lkl`1y-;lv1^XE&8#Wx^bc&1kT= zj3dX1e8nWJNH6Yvsu?{N_CFBQvT8p=sabZHiU1~YYg$Y{<{`1h4xrl52ymxbZ(2yg zvlr<&_<6?O`VIgFe<({Bzu z!K6wq5)r+cJ87yq;acvt8t$y9M4GZW zQ8ODim@UvXtUGQKEh_(7zi3%vwLNobn`?EBv42xX*(Lg5Mcl7vJ)k(gzmdvN!nbwa zk`V{d9FcxgWZ1gU{p%oBp4P%_0}8a-6B#t3M5es62JT~SBc6JLi~7>6qXSQ~(- zC1fbiS`dY%g@+|OzHcd|b9VX7RW%&iW+P}QDtD5NEAZAJ(H}NX_cC+ zY4L>%4Rt^zp|?7id|_}Doms%qWBVA z)cabi|KKND!a8nEC3VlyCnon+Jz7}qdE(8eC9DOcZpW(W{kEOGuaOfJ&mB~&}=VaPv>{8I<`FyQSgf#0(=iOPVf}XKZ!d-3@GIo_x`LmRn++& z_0uStZFLepu4#lW{{GDshCUnPw#=O?Mk zqc6}9G!96Sbb)q&@~PI}fWj$$v=l?+RB0RTN&s#*&yHK*RYp_4>nzz|id+}L&88Bk zC1ye=z_+p2@TZ}TT%v88@-Gpo0wO-*`fPY~)R?wa83ez}s&On)xW{k{3eD$-O)`j- zV`iliBz-ZmSt@NkZD8LlIO20y4wGmX{V5NE5NEG@dR$%BGvZ1A?(A=g@ajCZgh_>G zZCgM;r00mB6YrW{$UHUuvTNTc&d22#l|21oz15D0~JaVHrtbxHO1gxi|vTNY;q zfl~sOFLuzaVi^V2?J(PW*|Md2A*i#4WZ)Z4>Z`x3cFiQof!#7kks0KhNCau)+K3q? zXV&L19v8)i@LhVhrQR`_JTR*lhJyu6~nFq!g@g8h_T6Kte`ebxJ!xyEz{ z(wGV}DrZ(LXJ0 zR#;?mpqSU~aeD9^sAH%ITSAzk74DPKpvI!^oUNI9Tt^;Tzfv7c&G2Y;?6Tj!VjR$# zfkuhNj^W=o>z%Du#DP>cSkj>qu1rju{6=!mZirC4Eu!0c|)_n%9$35*e? zSRQ8K%29DS5`Pwm6a7?A$CjEBm9j<`mJ$8W|%%ZA`7pb};DS2z_IU$vGau<@F5 zTp>det5^uHk@bH;#TMz|X5&he0K2}#kNX0}%(24!?6DWUy$pFCbW>feZpH#o*a=+DpXYRaVzgz8sF9@_5_Fb@IA!bv>iIUA)|7**W z@&&qi4eysg0=hku$ek{JZj2~qaz%e$s?ra;3yR+#ZVVtrX4W>upp_mBt&pr$`D3$j z@&|gOrFUvAuDIP&heCxukPWL;j^F%22`L|;PaW55YX>-|~ z+zy3ER=(3M73t8hvy48_4_G7Y@A=Z&wJ(MkkRDQ&HPmpca8=3CIZ+@UUgX&!vea zBwN=6gs92KUrjc(P$>i|%6u*@KKCTCN|fy#Ik`E2sLS<`F_~N9PHN{8vMADC_xGd9 zTHp?HFiT^sIz54 z;;pt21qd}4e^|{m|CC}*maS`-3?xrqrXU*G(e^5XOrW&OyP$g1OE#D`Q?1x=VOOH4 z&>`-tUlEkL0rJ~FN-faUy903B16a#et_5K(@%wQoyTgAPDkU!`U=b-K9~&;DENKRK zI|D7vN=QeKxrvNc1}+|u)#}RP`z1M}=g5x7r^Qm7i){n6k-2?hT;pC2cqdcXZNIU? zO__lG(Iq7Pc{KemFcA@=a%|koXIYkMB8}<}!pLF>eE~SELVYnXM37!mwT%hu=aoHz-{*=Xq{5qofCv{0fO?Ne;m? zK9L_(G?(3u+0bOLHN_)8_BO^piU-vVwmCh%I1?LDhZ#ut>BEZO5Py10;pT=<-qS1# ztD)Yz(+Cl3_=XS~w7bMI+zp3zpOg)7?YHutw0u4HWrJj(1XFS&;$rK7?_E?@bsWDw zxqh5riW_H|u(P4Z4P6pO`sDo$1f*i1H2opBXQUP5 zAGr)QS9`sQW0%UA`1{_FQYBA~sf`|o_@sN3TQEg}OkN881jY@0+1pa@0?nd{*^dy| zPOJC%o&&!HHyTaxb+Uc3?L^1x9U5s9nX7EawR9uBXt|8`Sf(N0m8B}4@qBWA8mHC` zY}}6^Rkf_hCuiZ$`9vt>PYuZczhI&>Z>+X9H*Hk?vRtS2`!{;zZ~2L}@?cDO?a5n& z7^r8-Dipe?*|7ChC2JI1{c;xUm56TBojrNxGaA~-gc*Tp{q=of3+uolg1Pv_K6Nm0 z98OQ#F7iF7R7R@DdLx8+L_OewrXiV3$_nutTH$Lg-qzKL9tz;FxB0;F&x_rmR|I&; z>_cb`XJCc;fVN!AffNEzsBRBz;7MAVAo|SDUF0&!K38?RRafnH1Yj~l=7$6RaaO<; z7s+ji=HSA7OeJI2P^o0>z81Y5wuPb?Ehb$_m5D-(;1lh0)4=@~!$>xI^=U7)HFbcZ zo%If87!efyL=hJm{xa!zQ}j7OgzzwML{g?9I)|FLV-@9rM!($0>}X3WY2(!7BP_5S zq`X;Uy?;teOiIg0x@0Zy{>rCWom>bG_l?!J&K+)h|;2E@VH-C}y=?%XGunA#28m zgB@bUL(L=+XCMXB%(+bAxRimn`o+dx-7@R0xmsgL9l*Semt}?YzXe(c0mbQu# z2p4=GAN2w6tIE?K^)$%O^NaGAivqpUMgE2av{X*wa&i{%C_vQQ;`dt^FF9k85sfES zW-wmNPX)C!&r=1rQ7VK1Yja?V%Ec%u#LVJ6TC3JxgO0JnLq_@=U~1|ruHoEH>?O$! zyJs5jLfdNyI9Us?%oIo~?SD#c(deb@T9C}jsOg@PvuAx|q;gUQVCoFYwf}{O<{e_e z`gL>&^k~U|HB;DTU{%L)$$L3p6lXUXGZW{%my!8fbBYODg%1Ms-1BTv(W=yE+ZC(c z4>vMONM=y`$mD!GH?PiP=Q2r0nMopegk>Z(AoaOH-*-PU@&JCh=#GB~8Xo{rrSSki z>(bWF-9vz1^vT2aYG}S^&#`hZU^v5RPrhMF-rnCZhC6JZ8#fx}naLh-b7h0^3~;lz z?_3AO-J!OjBT#S{kgN_$A|v+8M3>*dTq`>wtBPXY6#0jqQCw7NsqZ(68|@K%{UC}e zC$XXy_!4ckqZ+15d5DtEBkP+QZKd^8YELPT4k*p?B0)TGMUTx_uiAA-DYl}hF!^6h z3F}ye*4Q3Z6L*r5&12=ipVzNzK-l__}tO?vSgcexny*r^{|~ z>@|W}9~oQ^iJ_0F+*zZbphxqJ@o~#FyUN@0#=cz+L4&y3t8toK)ZR$D0B0&8;v!Fy zxY2uy#(@N}kJCB>ElWm`l0G1HJ8P6YiM4pVsi@W79I;L?4Dk|S?0aWtN6!9cIBI7l z3PW3W7RM<1&JBZq_v!gL?9j6|>8bg-WA)GWCK{;sB=SNUG{`NYxL)4^?abp}U5>FjbO8iFc=Uvs<`Fll{c}PeXd=H73gNNbL7w^MBZ#lO}-F`A_Lg>Hx?(q6mP9X zS`R<>lR{%lrC-2Y0x3bDs3^HZDrVMOE-Q0ft`U{Ms$2r-zm!o+3r>Scb8CN5lOyq! zN5@k_J4iSg3N$qJ4^JKZ&4HV*1cEU+Axd!ayLDlM2`-Ao?#|g!s41kaC43bg<%1LN zSD9Kb!27f2CZ%)KZvPIkgoqMCU_(JgDll>XvH8vD0xrbI8*QEXUvko_n4QUCZAc8{BKaAJ4M{V64V74L zc3xgKrv#D*nS;-;3>+;pR~14x00>kEzgpv;x;rBb}`QaMQ`c8 z_Y4yMV}WdRDDcWL6m3)13NXs((H<5d{K^R=rFXIJC73?a+;c=7ve z_0Y=3j`f-ri;vs$M%y&8y-XL)Itp9~$iro%7;~&q&zJg0W=@Dxz_=;!`%eDgHdC_IT*@_V?d}lZ08u8`?qYo^#$)YC(;xjgIAx@{Wjm69b z5=LeJl_{2nOcPli3uknXHHxk0(X#qhXbgi5425F^at=r!HVGuTehjp~b52EjP?swB z)np33uDriC-%w9CzMDsU^tSi9(vOgaOH6H(W|BdtI|FvtH#cau0Pa5ubh`&U)~71t zhuO1vn-kYy&4+m6*6R#Lu9KDp&)ayY#lp@m6WWQX5NbQIGR>5K4Vgu%Z#+tyRX|A} zrTw_APua2GFGER6>M(-Nc$^E1wahydb0Sc&-#aRFU*GA;Icz?ptqK>F&4EX+S#SG?7*XrT{_7>Mx@) zj5$c~INJM6&Y%MAH$T7K6s^qPP{C_?+ARC`FH0t68OxEclJc1(N$99*?Y?a7$aQWC zT@%IL`u}1r2=4p=PHZ^Ld}WZI%UhTWAnPc|o9`O|(d>aq&CsgwUhoG2QH~*uLsm!g zXvRVo40O#)n!SQ#3Q(!RS2RILA1xvz#F1Vy?8@)Cpx|eY8k%-USHcF z1=3A18HH;0*C#s$W9{qH|Do$0)3u%q#|El?F^7?rlS9?iC-r~9U9?X+h#B{+?Am8T*E>Zn>(e?@pY_BMN1`>IwpxlEOu;OtPu~=wr(Q&$WOp8B@TVWg z<%ez|m3R?Uvn%I?RQD`5gd498M^YBsaqoiDrWGH?2lY)!kSFz7=BOe-F(}I=*9LQ^ z3g*WLybyl(It-uKLWXE4!Ok22I=Q!b0KMDWJC>Jz_($b@I0-!3)bO%orh;|m%-viv zU8%ev3>SL55MuPssndblYOmdNGM6zp*=0(OZRm2S7~6&Mp*@5o+;x_V{QzI0o`#K{hnF0%W;H$lT!VWm_Q?U@d-(x98(*@pghxbMG- zC1YOCYa0(cAZt*GV49cCzs{_g+EQbQmm9<$3x3|dC?XOowCnuxZ&!14>^)Cz^v_N# zIMtMYk5=S>Ou@M9Haw(=F{Ntv`ID4!f`podv-T0o0V|oFX>G$jA3n1jYE8} z=Ylm#?-Uwso^veB#HEgO{#wcYWvb|4TQVbKaTVz7Uv0GAcffj>$nv{2GS6ZvY1e}J zTU3on4#4L3{rueun%u6GHc+9G;p|@?`$#&CCo#tUR03uE3uS zxr4o;t$zk`0W}eZ$n<8Sut0CxhC`>fbEh zb-?pHrXggga(yx-s>=qzL}=dqY=eynWPS3Smge|bER5QVZn@2RO+M>BRgh`)^T+C} zR>B+GXA67NNqK8{L0`JsjQ0#gKn~fVcxYumHLX#_b`|Ukmx7}uB8*K}0C{|#p4$%) zgag5!CJAQseKBUNSmh>C=0wF>KjFLrUoU^LC2X@$qb4NN5koKGc4Ma`(Z8I|%GOsQ z0)W~Wfi?lYzxz`Y66Y;=W2IzJa7eb(Fszj14$;%QEsCq6%4STYY0oVcZcWkZ!j)<0 zcJ>R&A$v=E{jCQBDO^wpuorUwAa~EU zZ=B`ku@a|kO@?ScrEme8n7-g(vVJ~bh$$-wQrKmjd{v_3R;@&XAI$G{|8{%&__<$t zuquvWkFbNg{WDUKGMzLF;CX+UGD=($jDjd(t6o@dZFIkpM~Kto(j?U4mD%A3PuJ^Ukw_4$9t*;$88MDGe@q^VRet52h&l z61RIdd2v4_04T8Bqx_v%f(Bx~uR}+D6G5SY?A$g1c7CGMOE?pPOHE(}mC}JSw`|92 zu%K@7r=t5}%tiG^hSO%4MUeC3<7!o}#ZXnDUKVI=Jwoz2fO?ppnVFfoZ_c-Vq#A>< zfasg{dCm(H8wNWH9b(k!wriF)O>`xs*Zf7amW{q{eQ!!NygMc4Rbm3o5!kn;b zM}gKXE3svo@RZdS1!@5iX*K`-)Kka>wr5qX^inGVB;Yh}yj$0Nt-94>0!%wMw|A`` z`Qz?Xbc{+^u(!~wXpO?tTG(GpwZznroCQhq&+{ZgY5KgVFNr55ahzNmm^ z^&vZ`fR<1*3}Q9k=xMTCUd37-2vvQaG^MSK{z^3ZO)x%Cp>B)ZTos}!>x@ueM}2Q9 z>p#o?&?xj>%SOD$^8@bg)oucuUH!~D+%V-X-}-?+5TJ}2gp>|LPx&3=;+2iOi*tF< z*?%hUUP0UVo#V`AeG{6;?wN$r*J~xU8PO0o108Q5swR8ezz{{+o3sa<(B>qQ*ordAW~*l2@p17dljAT`e@9%`)lk=xD#IXr)Y97OzyV4r z)2xceAZPvoe%kNQ&%2x5*LKE$FG~3U=Hr~4NwYn0^HXfMxrxP_`gF#+%}Z3tJU23Z ze~=l+p>L4nx)JrRR8p&}T(<|{#NsBLOpo&T=%_5e?a@MHC5sGW00^>n65l&e2tQXz z&>g=Gkc~Azj5>7kHa|q>`^I6W%?WhVByB^?cO$d24On3c@qFgEW_!rj`OH85kW!&5 z$!u*WXZU?^n^@2Z)xY)LnAi+Ha+^T3E(){4llpJP-^{bfC%xR{{lT$9=t;xx>CWHo z?yc@oce|}PZ$Bt;>r*fas0dRN7S785A4HiPx=YG!1c@MtP@u>kjx<6o!vZvW&YGCT z!}P}Sl-rt;lmu(hUHABmxQCVYwH6Me8z!h+2AoF5;rCc7}ci8673ugg2uO z@yp92)Cb#n6mPy56d?7Jecg(01^7Kh-IbAi&-1^zu8m`38{AOG6#owT@3`clUE04S z|0_0mf9MA2=ioBKFRF45Vb5YdxWaq5pw08 zcd;rHk+)_z<9n%N%RCak?kH#Kx)|rX0`8iO!E&Lz(T@_ZBR4WwZ4s4z>Dtn-TWRK7 zcPKV2R_rjfbVuwUtvf35f+hX|!V;4oIbNaT0UmrE7k|F&bXv62oXB$xPFTjcL?*fsxz7S4B!kgPfqhv9v$ z;0f*2VELCNF^loEbfU+1iDg!#DceZBywLuIXbTe#zDDL8n?R7Ugj>{*ZG`sS*E(ZV ziGHBaoF0`TOWo9&>Hz`Beq}Pr9vw(NqCS~_80ZgTIH+$DT*3N=*%wJAN(W+PcKtuZ zc%4{%I7PUjd*C%|L6)L+)3`|IkFx(o;tehgHK-*YZ|an;_)ju*&~_r}*>TLY=L8Zx z{@#wL1{=vdG!%XeHQKBwc`!74PM^TzY8?5c)D;ZlsR&~!G4lW=W$J{NM51}4iCHIE zJpH>&bfM%qSE^Ll7zIYX#1$Dx<41{is8-q4&&6&&VtmOrO3&1@agJ^QD%w6rdkGyu z3DEk`o8MQWDV28W)?ZB3YNg+Yj%KT|D!v_=!$7_nBt@4v`AUc~X5cxkS}9#KFO4?# z;C*EGDh%+hEG1|lqbA(g*zt3WutO^}>2t@O5=ox%Xu>S4AhS!Gi{%jG9H`_VHyJ5{ zLII#9z*ThLuRSvDQXQR`QXV3X^K$Y?h2N43Pb?8iXd>lSnhW4)_F=ID z53~`B+$HRWD2~1JG;5II6CINF4-PT`%}&WrC7pCKJ;X>(79Dd<8=`7gfng_rB;iNm z{7W{95FXIqe)bR2jT*=7aR(B?_L5SXOe9Ii%UeT86-d+yXKmfpWg}fjDaQp-K~E}Z zPR&x2hgUiNQ_>CQgAopy`q_OXu$&c2hmghO54|L0Yn-9PC8?UIKsQ)TvV(7zXc|My ziyrD|!C}4;E!S~FHi2xp45MC3nDE|xL-t@PF=9i?G(>yZ#CH{QqkOYbxoZYp-6X74 z(vDbk?J{-r%ySb4Nw7;0GXm`4L?9Wl`J@y?0wXGlXJF;m&~gC%%UTJsYTE7KEm~oa zblp0&Ktd8>l#+M>kE)a&4f%NNKGl+0a=CfaEaIxSWVWOis=y!fXa31EJ)oz$DQ<8z z;e>+d!8%;0&}Es}s2Lbu`t(HeKg{?!MnmT>dxsuu9n>Bf;PI>^^0SxM$+MxS2YvgP zXsY9XcV_wzq=1nm{!pgz(G7`f(B4hufQ1DzHD>29sG6b2i6%Q_$U-k{W#|YjEQ9fs zf(0PVC)^{xX z{;N|TOycOD8br}u@kb<~8NFR|`j9?W+Q^LXyrnTtVZ(PBcb8o1U-~+$8!Tzu`Nxw^ zp~aTBL>s&Y&~aS_nOhTriu*@~W^*hoL1zarS!Yk02FCZg8-5=Z*~80s8#{7oc8Z8j zS7uNCq5bp`PLk5}hsKhf`(>m5DgpXnO;BtZ8#VCT@!{=S#}Z8z)lM)v!K z9N_)mF9Yyrjb8qryRQLgZ@aCX+S6YE#UBg*%P0S*FYrYN^cqaOY_Y@v7>@jQH?}W+ zfA_}Sv;KcpKJr-Qz5dgZo>k3%d6B!!gKz}EsE5i%0TdAfK4$*>NGAFwm;Ud4fRaS!166ZNPtK2VZ-Ki36t(epYn%M>EYE z4)B8cU#q1@#Af;5?0)F$Y_zcg*tw6quQLV#DG$B&SGF(MA2;Hjng4A;zh8XNxdAsh z_q;DtoB*2pUiTO5|41MH(}j=EFTb1Qn|AY9fH^0?+uqObKmTg~?{?_F$NK;7Cm>V4 z`*XL0)QCWQU$4ys`_=Qk_bbQf`=t7M=MTxxNrt(Y)8j==r~XvzpC4NIevvEk`t_Pz z=j3YCVzo#XGn5qd=DKFnjZweuenb08=O^3+bJWxfXVJgxw9kUK+_80wY-(_}l?)kC#83x#o^FP_p@D?7@0ASWnVgTh*R}z8Ml!gc<{3f;~Zx5=S+%PK+3QNAR zWkeV`jN@^f0AMb}agbmTIP5QDY|H`r-S}JOZHH#0gid<6ZX$hLD6AY$L)QigEYs#* z`?_Z{t30%8^;@4A?lb$Vw^#KZu)VRfVf_p+=1F2mH_g z>Any(Tc7;=C0NFw`K2Ydx8PQ8hXkFb_G>Ny-4ff!gGzo4OsTV`phe&p*(abxWXbpa zZC?n;$MNpoPYW=;9;`D~;s>1Wwb0>xUUj5{xmS9mAKU}jS(X&|^9tM}1zSaAY(^D7 zXI0K_WZFW$2m_URF84>JQ?7qxas2&dx6>Tx27%w_``a7i^7pPl5)C4{R)uJ!CZo6Iy^3GAh(}tI!ipR4R73qyD%|z!QaWER2qsF8L2J3U{Xr`yJVJw=fWC{eTY?im0Y;7o z{r!{J5DLEH9Z<*n)}{zPlzB(0Ey|x2{?3r+mOFD%%PJ2^8daCupgxvPw{~OG1l3k8 zpMm6{>#5uKj?dIv<1zHPZ-W_S`?OhaF&UjP8BaB-w^jEV8CnD*ml)O0O5`)Is?2F9 z{kymP_}rdFmOVbYC9Z|ySR^DK%Ww?&AjiYp1H8YQFj-1ItTE0XP7B9r$RCum`yq?WVoO#hkjpgs^zC<^%vM>ILlsBo| zDPm%A+DB#0VO2qp12v^hl`GIzfPQZUAxPkHq}d~y%(y*aVKEoq6_6V8YGT-VIDm`x zvTSWB@)Bg>P&8tA(fy8y5xQND13`v$IfM69Lr0%YP`#sz}k!JhA~JM zkx|dxa$6E4lXO?Zqo5%Shg*IuNULNR8oPDWB5EsVKf@ejsYo89{(b!1RHHLSh4FgFCb*nl5gu~Z2#a+|7ubDTiE ziH*w?i{^qTL?JNmLl!bB%>h}HO~4~g|LV{hQUfC1*Ta+o7|NB%-V@r9BXnREfwG^7 zR5mwWVUiOSOh$!l+4E+4@cS@%=G^Tb_M$*0^N>X#e>XzCXHg~)i7=uFf~AB{D=hg$ zGbzwiD=EF0{zv3z+MjDO!1$KHZVxvvz#L@_tJQ!8dm zd^cNrO!V{`K88sgR7j}Ez$xbd(U6st-H5vsDq+PHi)g+HF&e!YezqeM=RoY}ymyBE zU5@V?QU@poU%n$sw*+*b3>aCZay#}8?tCxY$#y?MR5ppI+UYya)%ECUzS_1BHmTiW z#zsA@!v3uiOh(HIpdT%Xn2_En`MCGWukF2g^vd5k{q2{0@^CW4;v!4o8($Ie5olnh zF9)X8#dKC=j(1ym$>SW$CpuxpK~WcUw9i$clj`0XnttdUXr08TUhzXE*s`NrSe*Kh zuiYOOiodZL%71o9iwA#3v1HX+vEb*P%Ne%8CG$cwwubtZyDyM=@{ckwpl!xpqy_#6 zWj+iuna~LzofgA9DZ3mUmcS`OB1$#>%d#casi_7QSFf8F#k4<*hZ<Xxuz%|0|}PpMLXO5o8nwvbD$;_W!axQr|K)7g<43eJn=H+z8(#bl%$wN zvB29+Mo#gmmn*l}QyYS-csdX9Ks3m;GM|opn?4;EG`-j{V})9M1^0bml94ReAAdBd zo<(U?!hvsq`4z4F_+8VYu-cQr&`|_e(5g&K7ll`~&XOz=tl&nkV1lRO$!fd9L)hYt z6^Hpz`?n_D%xN0@50N-Z3w#Z@DahY?=PL}*-PzLeT=neBHl$r;u6XZ(EQHi|r~7Qt zWE>8QtqvDH*YcL-3thjFNdXiVenlB#L8h4~!jl2IXa!1?oFX>q+li!U13J3dA@41_ zu`sJ()~36SBA#l`quk{iF}fwgghRb4;ivAV z1?Fj>yXW=XUJfAc%cXx=q#K=+b1+R-_gZ$QaEFRhMnVGd;JR@jVIPURqDeb5@WkG- zFai}K@3=}pCwXZ~fY;hu)ho>F#*z2+4M6O9Mhbeimm0O580sTrak1$dZ=JiMSY$s4 z7EpI2Nd;Z#OS0lP|Ayl+Ad7mVbSHt`wfSRACW|L8h>vV-MLSFFzji@>%P{DW;#2-R<>Hkfa2pR}+38 zHR(@&eWg64VZBNPO3AqcV@~{wKdGhavX6gfF^ffEA^R`=g!AH_5FT}Z@2#kV-KD9; zyIO(6-2Bax@VtU1ynf&ix|5D_>xIS~)`Y$j2joN7=8``+ZLjDM7X=La!Z2J#N6N@( zg$xrc;uFmVZExZtUEC<@GT+a*{Sq9nRR)scaQC1ZoT;_ZR%PCoUG=rySeU!OpYLO5 zPalVQ@%PM0MH-5rU^unO?vFgaB z0bV_IT;e*6iK<2a`+A#Rv7=Ptr%ow_Rr#}JWS8Wt)fFYW#M1eMSG!*BUc35;oYbed zL%Ux|Wze1DJyq{&lmrTuzINjzEGOxX`CI5;Fr{-W6tJmxGB63RI~~Yw9pjJxP#eux zBa##Kp0t_AA(|q{=9X2qux05dFJo_TnjW{Ln|hg`aVWwMR-e3;^r!AfCfv;nz&hD0 z-+!{#vUl7GT41+jf5xjo-T3haxBatxZ_K;V=_S(wI`|us(HR3jf?=27JH)+APz@Pv z?|b8z?q+R^EsKS#?qTvI9?9z)F`>19*A2J7Bn!a&%ADMq%j9`%BMP6pmP}qf(|PgM zj5mI6szeIoz4x5#gjtztliQ6s4lcKzO?u6EBfg&hq3@H!MA{oEDQr*vu9SysJ(_vL zLmh$FgBkBXz}?3hMc|(J31Co;$GI5R1bov;wtU?q44K2L6C@7U&~d+Zx%xO}mwvbN zH=%P*q|@(es1G_O*;=b2mC|sQ>tn9Z*7Kg2bhX26WRtK3h4$xWylOEH&o}*Oq&c@p zez?~#)750ejCFxaXyz2yilb_c&KVT}&yVa$yk78_bm7g2BgsF^#hN_H3U7LAlal8Y zXZ0w2p4;`YX8!<9_HH4XRMi+#sl={b@;rKZCil9`Z1)Cl@m(H<15}zd(Du0zSU$J2 z_uhHg*q8-3Pb&x>C3{lbeERK+ScN<5}5+UUoiT;lLEK4Nm5gG zx|=4mRQgzR5Q95t4f*9MuYcEv&#D$&-kh0Gry%@7Ey)|)jNm0ibK?{&lBKoL9~+;f zr;b68e;id6cML^!n}O)Xu$oSyMKijf_t+>nR*6rp;&8ocQrgf$!V zok-m3>NUA~!Z#=?PZqo+>a(t})tk~yNzeq3%Moif0?w1cAl`Qt5M?NP+-uGSoSp}KTeh;59>)hZL|hxuIxX+%iD+mR>rPdgR@0J) zD9_FEu(&CX%jC!7yn_c&7eLheLONqQjES}&qO_xp zN40NvEp%;UC>m`}O5 zPOV3zY3_SNP`aLjJYHI8`+y4f%%W8lf{Gy~yMS(k$<51sYW^FmXEF3qbFy-bo>6?E z$D=wm)bD!RdR*uwmA0eF!xib~Ql>fB?P6oF?&XhVM=?rG%b%x44C0iwv(6NG=hoIM z(f9n**!`ravZuBCB0dXO~RIX-}bU29k+|jRrljXMy)59$ItoJw}Td_$v(}t{|@+4 zPyPN#{D+YH%M+Gu~hZ=nUe)xq8QHLf>J+nN^(h;~Rx!ANX=pgy=ar(ut_S#(ie z{AtOse^#lpeB&+Tz#9zjG^v1%71j~J9kQKLD9n93AN|m6@B-Y&Kk@Z}yDu7;p2Utv zIZ}ZQ_EDgv**)VSH}>jxB)}IU3&{k4s3X@*-ECy9+7B>qTwT*10wTBFYp<$c;0!$3 z!UjA_=hTQpR!a6W%g&4uzx;D_RkbAMe*nVf~(ik{nugBCdTyN zN;p4kQNa))obx`T2yH}Ocv%K2PGn12{UL8xH^-FPG>C>xoDv<2WH(t3W$xf_M;V?! zJ>6K}he%&A-8T(iO@xoad~cL}NZsl~5SBXRsd;`tZ%uNiZb(jYyZhB-S=e!fXITI{ zmHCE_iaMh+mlf1!tt#UKYr~FZ$__Fqk;}eaAfb`YJK)buZv~&s*+91;dBeT0eMgJl zZ=f@~N*WB2QX&%MypBRwZ?-t#-$g=)iAmrTCm*F1t^T0c>r=x0x6%Sxri;N$n#V}@ z`etp*LYb%#-*g;k`Y``y&5OFt$i>0wQ`2&L2PYRKHiH&f0~6vMgP`q~B+VkJ zmNFQ&7KChqQzZWWJ5SUy+}5=ASSGX-XGgK^VD?j7mXlH{I}%F-`Bo3Bu6 z;hv5x$F`XRK`wOKzncb{jNZn5>XfvjwTU8t%i%s>-B`cC!V*1TBYk#uG-c_AGydUf3R4~JQytS$e16!}?wW_Qx zZ0ZsULDmWyVtvN}LQ9AbX11-6^4lAEjS-9znVMMi$r!eEvY!G^+5$(&Pe+G$%@Lrije(IJqSV&b(gKm`h580psrMliqNcKD#it(}W-;zO(*ea@L#00oEw0x!Q-&+NK z5Y`?POeE>UInFQ)_9QM)qu254i7~1(ux4R|c9Ue~_)4BOA9XZ(tAie=$DB}ld@O5t zhWx8(dP{u6FnjZ%5W(@N@Yv;Uq-Zj{pQa%%A^JTYlFv|*)&`3PLWJ0IEGw{<${5KZ zg=qNM+yhAdyhhD_tvB_uA#5Q6_i_Pcd50$YCK@&c*5dFDpo^qJj9*uF??8#0JMF7= zK6W+{BVlu&)HmVw-epSToogu-DnV0i)5^Z{vX?ix!z6FWe0~QLX=2MdM0F^1t#TNs zQ?rxB?I>@-zbr|!`;}!w-+ZF|D~W#JS)E}-5xgU+7c9lMnLNe3>2Fn z*~$i^%&ywNW*j=m7$yB8zln3lWDp%APCbO!+Tt^%ak&<5ICSr}M5TwIi<)54;zVjuKut@xVn6~0#qvT0aXvia?~Yy9$Dixr5QM7 z|GBp|Dt!bQo6{sqCY`}7;@BkNeb~`GM##_D1SxTE$+gk3`UjUJdBor2?{VGJQc>X* zQ6RK6Dpj!a4nyxjhHf`vVlIzZztLGh2S0%TOuBk*SD|eyw`E^ zQpkbZRLO6Ik=0lj!L+89b$myOk9CJKT_-w2X)5n;Vjdh`7dVi#gDlRUHgY4;_oF?L zTnp>Va2B7;(|+RxN$Qy{Z-f4hg2lvjeim1PlDlV@3v)7eu^6~*U-82&yoFMK(?eyt z!alt8#aKYA zsbrKh6Wc^M8W;{un=522JVbdJp>3nUXSW7Cf9$)>T0hAtDj^~SnWQTT18oBUrXjCuzOAM&!6g*_I9Ps`0s z3{AP(W>U2NwhGwjodtzSv4v^gOhk2?3|wLzc2lQIw^h#gu#}RiIPQ%-;xxLcX5F_u9<2|6nl0 zfAJRw1W*5}M0EC?kxxsiBV?BN&K?vRh?%|hWBouo^>uq!;%lQl7qu2+DF8+wKxcYkHzYs^85qD z33Uv7nuRNaii)c1Xnl}t*H$I2mBPG#8g>Yxra47#5t0cd4Su8Z?bnPVCzJpi?@?8r z!C!EfVIDYd0>p5CQf3imP7>*susQPPeIK9gN!8uuN0Xwbx%|%ii8K5{u1z?Pp@(uN zIS>EDGsu}W;?4Us$%wBOA8wd>VD1EHRE;L&OjzH>2wL3~45p8MXVAh#k*!o!H<|iU zw^7N`1PBd+oL^{EA$QSv0 zm9ZDw6&N_}4vDDgFiy$iZx65mt@t}(4>3<{iDGvDL@|&LqJyNH3*PS(+cp$d4n|Fa zw%X{PhQ)OaX5RcM*(udIOzomDMLRK9>~sWMEg;Ug)6y$yeg}1oh?D!l zmG#uZuM9s={zG3d%NSBmPmD8K_K2AXg=OFOO+Pq++Fzx4sZO@C=7A4kMMx!Gvkb#z zkea^?-WhQEC-1wyf_@`~EeZ078xz5yCxF(6{ITF*e2jcKXtSCb%X${#Kz#gnnCMc+ z-6aKqHfRt5aFX1xqs}VtmSeZI92-rIP?4$uJ7kH45Q(nN2)`Ia8-B#1te<#?*djNW z4?zPHZVT8e0bw=wnk>{(!{E4O5k>Y2#d}Byq^i^ZgVrD`^TA10Q_?#sHt9g>pvo7OdH-HE{{=#8{K)1A zs~PrBM?R$6qd6aRCBV)NLIOc|Z`68^ihuEOyCd>HXICm7CdNLOzcclMvvxP?@GgTh zy;Mgf!AsNMqr`L$++h^-^$rYCUN<(#p_!L0< zXTn!faa>874AH4R=m|d>MYom{dUp+SZea!%!sczOHuo!~7GTdE;HK~Ucs)$B!5pt5 zR>KPBbMR>{R!_OtPYanvL4{`W_w*Qu*P%-97tn#)LxRvpv%gJK)lZ4Y(ri+UxZEaB zQkv+0x-M&zFoRRMgWkguJ}R_s{{nO_%D)7P=iYVqB1-Z7xEXtaUfAQjn8y4)~J!ZD!HD}C|rBxW?C-AiIzxd zuNUzIY3RjW&c^I$WQ&>^v2!={HeZv_AEt294yFHocy2IXWHBKA4^@UN$D4uV-Ruq)L}oli8nXs%d?HU2=~GCf2wqS64}?vsA0-s>~4+xz-e+g%o$~*l>gpT(9RZc)BI| z_&w>a{>-5jD<+#*?!t7$qA3yMcypce%rWg7I%Bsv_}h%P8j_lMnjb=voJFDwrV1hTV+yB6P>T@?1Kz544Ni{)0*_t#~^|y_3SJc1B_~LF3mns1LV10{9K)NPkfq?qU#XqXa^2yl^UW^2b7U zs&KBvY)|d@9=pj8{ta!|rnI(0ap3ynn`3%m+rR{%q+tB&3*Ro#! dV&1OG!%(Ki z`(*!g^M%qIJQwz;+lnN`u%%oT^tAnW!LvuBg+1x`73>wuU5OJ)&z>+JRs$APsE*u} z$E^RPP_>@hg%@c3mAWQ{w*aFGQ%;whl=-b`$C`m-ZOc&36+4ciE#5dp0Im+z3Z|6R zKO9uQi(fJxv6cY4C7$S1T85ux}FZ>Tb*- zVum`;q-v6szpeZ2=vD(^zl2MBVJ>u5y9!73xi&f{K`u$raOR=R2f863vCaef=+ib( zVDRUy0R+K#zl*IcNcihHSS0^V;>Jf5EDXQ3DCm$bGN9(E}y)VjD ztdY|ezUIE(w%{M0T_@KZU|-J69?wg|W-mR^gT0WD61YUhQ*!{=Vb~^ows4uL5DsIm z-cJc~r;VcG4?d**C@RJBQTDeCD=lV2z)$9)N|%MdM5{V&hP;@LGVd&wpDwUOXXSr3TLF(I(3QPjzYzZTOl}+Pj#epvHd?T`BA=Z; zy#jv#r3Y#cAHrzcRh+2WrYE}Ig@|7H#%rkeI_2$pt)sJq(ne+`=+%s7!794a3G$dM zDp$cw!>@djz-rtwM?gG0t2WeQ=`BQEAK&fy`PKtIq*mQfhM>->!n!$gDm0E)@(ScA zTu(BwQo2S4J`06NX#-bhCokI%rquUnyCtWP;~!BSF#+%U8ehYoV&2*8Ci?Tw599Yj_EPAd;B^6PnOjwv+C!CeiWCLI|n_Sv8GSlXMN0A2CE(FSR74K zRaF>Fm$@c{l$2f}NpM|Qk4fv1tJ>s{k32^AJy836;t~jC_f#5Dz^L}%~!e?8_J?MTrxn0_4{$7{*!)?^Fj0@A`JBWv0Dd7s<}Xq19c2JP%VcCn=)rW zZndNiep^yKeomzh0xUC1yIH3~R1>W*9xKfUMQ+-;@&A-#%6-TnStMI0i!Ap0&^7BU zWFIF0K(Qy~x+k@5~6DXH}sZuv3?=ApCcmxPErV0VO62+M7Ky2 zF5&5L0_UdKx=Ah8o>-L+9RFNv0iVd~z{mN8k&H0STM=2}yE4fEf z?GZm5_^I@kU`eRRJ+ywe)|oTIw{>5-#vkd4;+Q5GWFqk1ut82Sf|MRD)crMS3?e_c zd(_IG5XQ#KQ=n87pzd~7!vxFeR8K^BNe~t)y!-4LuARm>sUI`lDX`EiyleiyQy5f- zN5`dkV6nS1yB1rLNZ5zYTnS5iI{57+M-%19g7+M!ASe`@y2Q^$n5dc&RXk@uQYZz4 z)GFO`y?dQyBa#>r<4I_DUOc%EduI4XsE^{h{ZI--t42K8<4OH?6c)PV$Iiv{xdZFF ze?A%}UM~O00C)p{8D+e`ME1zsysx{jW4Oe}^)r*>;r}UE+j+5OgnmwQN@4`iLKDvEZaPgJ%YFMuARI2XA4`^V*Rbfk*G~J&Z@<|uhNlIvZK~Csn{6pC zNE~enjxBVges5nKbOw#>@stP>&h=C&(hI~dUUDz+A1u>lTDYGVjOFs1eM#IkoSm>} z>Ms^!&6-fZ_)30d`DN@u`JKj9jj(?nJy<9^OXIq`q|kZS_gvr4GZhXuOy@G@PbDilKKiQe4L?L))4&UcMD z4U63FB*lTdX`gE%O91k0<#O=7Wx!>w5Aus|4InmtwU^qP37{Fs0J2wRZibR#zAx&i zlCiJ6+4czidsIpv9}Yb4TsdCcIj8XcjN}^c3jF}Lm;$bsAoE6$s)9hE`Rlq2gYKcw|)&`8pDYN0Ad zNQh=Ds5lBg71mbkdvfyniHEixZuR)FJX5g1BOD)GO-js8lwBERHkjJh7pnF08vijt zX3_GqJeTX~F-H_z0dt_~YlZ&8j3?1chFJlg73Of^(KkTsHJTu{gGvo^Q9=klq*wnV zC-(@ne3Vk+V-=O-XyQI?%5D2dfA8iws$nJ1{-7_--G?b$S6YRu!JE+++D(=5xnxT_ zM#G(4NNEd^CGL&GIIN~==K`b%4Qa?KlrP7@zOAuK*k#n}nUd6pFl8jeu|1vLr1P}M zW85zBdwlh5@VDU@H*yS-j7D3*3>xJ>pOQFjNrDU%y4`TP*9=R93yNbw4O*_RIvwUt zLFSRu`9Dx*G`Qfhs|vJf;Rc~o7f*NQ+RB1&tAsIhQ@gu}L~{$;kh^s24cI=hgGnoB z!%e3CL=Yve*+}95OVesStvV*^&vIc_v=C=+KwQcgF@BMo8zxI6l*^`^U<4DTt?dI1+vYmfAuAg zV(V3ZGh6t@(sA{?V?^w&DHPT`Gc-F9(L7TkmSBI}!Lx$iJX6OI|8idU%Kju?NnXUi zf>6Myr^8+f;R*?AVy&2q@zoZ^A9V(>$O+=)9(c7xKfgo`I#EvDJGF0xx}Qgjcr%cz zI7*fzF0b;hjG};0y6D}7*pskg``D7a23U(v!|WQv61-io@mj$uN2e?+bjN!atJ_T? zyT?bGZg*7D*QItbHd5sj@^bkOda7=WGg5M95!Wf9J(*iueA^;nF_04GqfSplg4y<^ zNG0)T8I_X0pow}o&#E^OLsSoKtGoAKS;+OhC{drKwZ$WGF~YD5eVlVD%ZknU%)Dye zU`$j{b0^cZel@_khpsZ?*Gs&>|E=FMapI_b)iqNJe+OgjcIi7N`|B^TC8$AN0JTiA~pG4SSSiqA7*>+!s)5Dhqe6Qa)@4}goLoXO z;&{}^WL=WZ{_?kUyh=Gt=Mq+m94iU#5=q$Z2+@&8N~?yTHbY-N=IKvEtVKdY`_D>W zl-}0R{2A17J`J}O+2{E_m5)3#Ipf_GA268G$;=tgl^rPtX3$7g>WI57ukv zV;vyj5&WB+^l?zdVWu$;!AnB%UYx$b%Fj^oHm5H#E(fYUm_>Y>dhIOV2ISVEXBbd( zzwO?7CS~sc&s!U?FZV|;-7}UUmw*BC%RTtz-eR~rbRMXF@gfGixzh8&_bQv+{l1|9 zIzS2*dU1a^zu4IN_l4&%2IzC(^W*(H@bfb2InasoU+@3(2gEyo+g}a7x(JHDY{>Zk zv$1=NqaS}YZLmu6SHld?jM>{jPuBaXCvrAO=fS{?!oMElA-7QxeG8g3E82{5?AxLI}mf(PI?_Y}!u~a}*@WacmzYSXBw1N4*L&W&rSoiq_ zB9PD-4ETsR|8dvQ9O)3~xH_+TagPFS)c$hN{Xc#7Y7=m4_}}~dxAp(48(%rb zCNF)1M|amyJvQ#U|NN(dTy$0$c%a!2n=M`CktIUt+TZ`28Ilbl~;- zcb}Mt?%4lu$v?u9^Z%SF{|pvJbt3@oPv#!*yWjO~d%6FEc-;LzhQeOs5(NZk!d-)W zAr`(PqK2#qdm!`VjNskB%!7FJjp)jfC>VurQ{*xiGRPd|cwp^62g%+5clVbMl!3o| z_T^uJ!YKXQF)vf?fRCVHw$W=U#LfTz0R5MVFC#84E>L*|KtVwP!0JS-GZYOs)c*ky C(iIE< literal 0 HcmV?d00001 diff --git a/released/assets/rancher-monitoring/rancher-monitoring-crd-14.5.100.tgz b/released/assets/rancher-monitoring/rancher-monitoring-crd-14.5.100.tgz new file mode 100755 index 0000000000000000000000000000000000000000..0811d7e1a20a7e780b075e2f91c246c56d3224a8 GIT binary patch literal 116441 zcmZ^KV{~Of)9xe_+qN@tPHfw@Ihoj=*f_Cm+cqb*ZQD2R{qDM2>+2u8t9#cu{iAk0 zRbBlwVFVP~kN>nU>K`mi%IH3#RxtK0Ox=<%AoD!mFP^lK0-A_to3qeLHnAs8vO}~Z zN{VaF@kFhFvjnRi2Mzflxw^NrS)d1+lZ?z?5`n`N=5(ZmuOU zR2(2N1X&FD^>w14Jo=*x*>aYHv_IfW1t)nn^WKOpivF z-EQ}0&y&~3*Vlu^djB@9CttGX$RHa@L8o0lyFU-h5AMF!wg`gmzL-`q_u(j5}HbQCa3VMN$3+SxEVyJ`0{xnGq zR{cBD9y%;*Knfy(DpqGIZzJCkprbE6CjxF092drcpvbi+D7)o}1VfRnSW;kE-(Kq zMf_(zt9A0VHSnD4U;z8^^|+Q_oxI<@)%EgvCh)~CR(>jLT$aDm`+ht~w|B$z;yd^( z3X?XZqD*R~d2pQlMJ8;8-%>yw>-*)2B$inPti^I811f&-+c~;mMVnNFZ$Z^6wS&yZo-)r zKMl;)Jz217sM*s)VR=(RGlsu9gT=hel?Vx(oRFaT4ClU4#;kG~ETOSYbu%M^OnxU* z(@Yh-X27M<^#VMfaORm;9z(kPxAyNLJVjpaD$u*We3OscRrvQ-dWOk5lbc9&Ie$aT z)xCY*ujo3mWFI)vb6svtMD>Ups?j~?zU|oe2)iNU?X>qQ5noXYU2X~48eKs2prT(^ zRA_Czmw5dz<|X8nye9)jx7wfd>Ugg)V+Uk#zvd4uYin_^-)UD;0#zmq84WWi&IyTr zHhOx@+n{E@K7`SbPhdd+zJMVL>wk*<|` zJb$$%7pG|Y<_e5@x1#|&NqL8j8R!4vB+?gaP3U=WCSxWV{>p@#`BeX;H8v&a#_<_O zQRu%yWun+Ob)E?LdPc;1JUG)*mwZ7RNyc8N_r5)V1cc&Ny)NR<)sqvAWruxHS#T=^ z8Fk#C^@nEqu$b3XXfg9Yw7o5Qd>*8T#aMm4yd3Ms&TF@}6M?hIIah%l zmHZu8nTv#x^#8^n3&&!JaPk~v9ybr9^i|KnJQ<)AuNRL&8=tN-QM-D!?r5cnz^g2k zX7d+_pU#y@4OH#}6K;$hRH#6yJNYTLeC{TfwmOJR^3GdVX6*FP0jR>r;Ek&&I3!hsAx-$GjtKWoISl7pv&%yC7=p>W$+#TbpOlAD%CL z-@6O;Ew6Tyub0;~+wbr|bpgvf$E7?B2^qHuUo10qYhPs-#cIbJDdG_;3G~krtb*8V zthiZuw|hQZ+t~qGpJS2EIl*7oLB~Och89Y#_R?tX*Qql;8I_W(0-1Y`7#xuVPnw(kkt8v$-eK@hA87G~_@^4u0 zkcn>+^;h~PW1b@!GY3V`DU$Z2hWmgg;PpL}VkJ_mRZSEi5pgCC1mVZleZPNjzF;D5 z#EMy<<{%UowJ4n)kiF7`bmq#GN>PGm$_1iH0l#DWI0{uejrq#dR^gBZiEB;?Suzo$u@(OCnFMEjaQ`O${wr1qIn*qu?GGkpu}7Tpp&Bqb$F;1LkWL?F=St$_T=xF#Sn`KSF)V|fK9-F zlVHIR$5#4nm) zu6s5n|DxtbHSK08So$Og?185;niTKjYhoF8l%*@HhzJ zXyE}`-6Bmpau%PK?wQjyX2t1;Qt{ZC0fM0$GD$*A(XcyEak=AZW7HPhzUyg+PcR6R z6a~%O{t#+QWu}9Fv>iXy^>dYGMfY$q_Fc`morNH~EK7d7ufrXo#}x=+aR0C`0Qd8( zA73ku@!TAj0(%z0$}$4lcxbWg7P)3LpJiPI4i{l#c=}RY+6AN!i`c=AXE|UjIqUz~ z@^8xRY20}#+R*r0|G8IG7}*WZw@_aeR9EV}ECz-zQe?OFb1~ceFH2514-bnB!w5}- ze-|6BIOtf#&ldI$T+<45t;1`NyL;MsV`7vXul{s4xnhR!i`L8FW4UJlN|0gX8FB5b z>$su*&Q^JK1^;;xm9_oy4biJGF9h>wJhU_l95EeYNen$}2N8m~hcK+U2kQKeOm#=y zrHn0}fwwv|a*g|>^jxzTaig2BcJA#Myh27#*>q13{Q^|}zFg*;{v1l9lnb?K82Z){ z!R!!cR(iCvsxck;v9RYq>A&GKf(sOtBN>WsyTX=;lMm-4Y-9O)_Z&pQYJjE5j949z zaBDM;yZOG>08(ROJjKGxz;!!29Ac-Z-0=0jK4z37+dnVjhhiIyeq)S*KL@f*-9fU7 zR0m_roWpYg>{yc7V!&LxJ+KiszpEG+>);O8cU!<=8(pPk^K@NVlpEmKL8>af9b@42 zG>_9nVuU+?HPTN(m|XLGt37DYY+CXuh%!@SZw%~l+PBw_!4MRs#ipTk-Z)7yA`&cy zXzo;CLhv8h*t#RVon0j-~a&y_9Ro)$~ zrd8~9CAaCNM7p})eL*EEPeIH^PZNPtaXj-TBW%P`*WEFQ2K(4-P*aMlT^yaQbAjN6 z3)h-iELk2UbqaJLFR<=)-DHQMqiSm-l5qf2OC+L-MW~o=-3+{gf1|@wdWeLct)>uV z0ksQtdVO`Pqw^A)X!rQ=qLGkTv~@?x!gc4Nlc=_4m79wMwp8+;pST0ivZvh(K@pfP zCG@*(x8$>}71htiJTv%M-w$Q9!#aW;=Q?nJ)4~wgP2@!D5JjN@$O9Z-Ld_>gS-Tvv zMHs#!^Tv~8|6312wZZW$Etz;dHyWNdUgGvMZ}WDpDYTcuv}(Nvar)>~`803oWlu_$4`zTQRG8Z<)n29pbg7y44Vo5s0UUTPp34OrVZ4z<9}<8AxO=bv0h*cOpr=lhh)KC1mS1Qv4XYfwY9hRFbf} z2i55S6;Mt^B(iV;V>;CgB^@6+ON zj%MQBifX{K%N<$o^9D=plxUylk4OKTH>Rr5TR9*}*F|g%0eB?mgLhevoH_UCiRTi%(3Fq_tuVGU~fQMzcVHnlzWTa4FV^p9&efKcA*63Gu4vAwU_ZBT54QjXh8&1#6^vgfURJ zC#BW!AO6Ri3B2&QL4HWB!=j0L6(xz;y4L>wff!@D5NJbdRx=pbI^DS)ZhT1J z{RaeX&X@A9NgVVF!`at}Gcoi8u^^@O&$-yh!1mx~Q!u85&0~w~$gWk&{OYIC^3X+)RXEYjiU zpuz6*H6`b6ETyN2r?=OjiIS&cyL+2tg5wHQ%X0M~ZW_&u^o3~e=61ji{EklyI8N6( zW<$CtL?ixdY3JkHGl1R^^(^LjB=qvK+ZMvw@#k`-)u*FWOSox+$B!3roDGV|tyh&^ z`urB{iw$#@!n2?HxH;VDmQrEZIQgqmg=50Ll(r=zH-L{7%SH6oRmFukF!V7X zDiCRgKp9@_)u6z($AEE`y$OkA)w#^C3aoARZ?Awl!J`8dGCXk}u?S0GsLdZ@5vP|0 zBoZ7WWFcB1${c>m*)IW^V2wZz*jlJe?NCvROcNp&(eFXxW5c&js0GsaDV@UjRJ;~M z?H}FmZx3l4G?u_ee;vpYA5Ug&cu6FOfpD3OoC<155+kx3?v@ zwEcnUs;ey>gtC?S{?Q9ThlUo6v(`TKkDBB!G2>3!(z)?QlLoQ}zeosXoRQ-r zS+OX$Rhsg_#0piAo?&6+55Qdey<2h7~j*0faRdR3FUvo|ciQPvu*-MEc*Lp6R*p~o`x4`W$$#tN}HMM4FM^kBPXO@S*h$e`2(>G@IPVKYD7Irp}%0KYtGP`Qk__>is290z}Q2| z?;15eL(OxLW!S~B;TpAIjn*nD5MA%vfVl^A%?{2*MTVp!` zKckKt(LUrYxq6}iO<y<11R2g($+g5-V&Vq~!7Yn`({rVe$re6fVSQ}>p~-s zD=@J2lTHp@lL+gB$|A6EPVZ0oQCty)tB|v_ZBPW>uR3`JKF^$?U!uUp5O0fcnPfWnq>SPGnvgb8aA?->uYFZxZ`#gwDP<`0g-QRV@uO(P zNJ9kp@5x{n0q>9%MrP`U9o}F%ntg#HTo3sgPBc$JiHg+mJf2);&Da#``b@_nGo*Md zlA`O*8-E4ovp>6~JJtw#ckJ;4Mx#`tGjzY^Lw`*wS?E#^u}Xv+!1K)7he6C`3|@<> zq^9e)TVv#3`4bhTN~J2X+ikt1H8rcMuk)Q=w+(Oe(#+UE%D01cJ{)_WkNzBx3BmNl zj&Ikqy-!P-jj*9QGv~T&VIrvKVd{DhGqhOXZpNy2Tsa`fcd1TYH#A1P9;ah?=+Ln! zPn7{IR&RSjiq4P0yE0}$+eh5c34Xwxnk(@0Lq5dEhEj~Ch&5x<5uS%WTZnOnbZMsP zFa#Jh*uO-|Iw#swTBb*0#6q>kkILa)x&W}UA|a2nRxh;=yJIr?3GYm5>xGeMl+|?*tmKn)bi*3#A414mT;Frsg|WH-C?b zX>cMNyMmNoTV{7fpy1nygNT>Z^_L|^9u|ztde?5DVGj^{^sbxE&1PU*yA~S-)YT|3 zj-_&FzSTw^8WHM=mzGe;oW7s07!KanU^M%$Fp}g#N?}LRuY{qau_}3+--Ca2WQqR^ znI*}8U09MQLbZ1N_n!Z~_`Fb6^>^IYp|WTp_d#hM_+GBCR^s|j5q(#ih8=SK5WZ?XkGnB$H z*Y>~I5_5O1%>}m0?bS{5g67C83YLO&ZvEn3msne)eH&FQ8N)0ao{thdbSS_QiMp&mKLcz`2UQ*ok1sJ3A^t9K9# zenY(64X|*9+fxh-`uA(r8TZAcxBBeLy!=EXYzg0U?q1<6DGR+!SJJGve|w63537y4 z@+cLMI^U(Gdg8K+v4`8il0*oVtRfW*TnJIz9vQJcu-Qz!+e#7;_{ma{pO>Xbh|8No zJO(u*e3ICg-++#>GF&qf?AG)D0XmOCC?wp?Ut$6~W7wO&-+=Dcv+YKJH}!u2J?k6L zd9K#|_uT&%pz~CJ1G*c*E=a(C59pA8eiIWg{y%^YS;3-?uwT?jp`E$CM`(PFxdGrZ z7h25V7%iVGk4TT0i*J70KZ-9Oj~Kst8XY`vz0$uLD4lzGW#sEb&Z`EvucTTKqe!zg z8mc4U2d>j3yJFhv~wDFLpYbcLGW^;$?$EYll*pEB}3CvZCJr5mE^?Ma>! zdc2bqY;1`MC(qm<6|JkfHrSY~yI3|aNmqTUKpQ!;qT;CSVrfZGNDLfn2Cu<`tB6;5 zQ?PZ({D%;uJRSQlC{F1TVoqRjp)YrNi*UdmiE7vl7@^Li=vpFNGk^alb!RbPoK6hs z#9JQ>Xm_*2M7-R^)waXb_hD^`fb1^VPM(K8o(j9?M~d%dDBbkeS31IYkJF;WhLWB6 z9u)G@ee2K@4AgnR&fne@Bni@LFMY?yfjR+;rarUpSlRBT414*#5qxe{nEv(_GMljP zWeN-L32dX^OvZi0uQbz&1CLIyrX|;3!P>2Un~s=6)Y(Bg^DPVC-obHju2Zr|dSQl} zb4uM}?M@!2L8U5r%U~_(`!?Q8CfNVnV&XjiOFYCXBWUAxhy9{_)Hzr4<@T^x2ScE3 zyEOB5hRai&V<#H2pR7ZXWbrP<(g`lg42?X{LrN6fwu{>hH|iNZ-}cIPQ2UWsk~$LK zB4p;Wd#2}AcGRG)!~XtHxA&j8;Kbbh7gQq?+qcgks|s1et+}Y+8dEBg&P1MC`-}Mm zD~m6?5C9ys{x)!$40OF*b07uyJZfi7X1r>l4GQRiTL!X54{PA00rtP|M<^uY7M z+8EG~H@@6g;swF*E^DTe5!bVkw19@3h-iF;Rt#61qJZ8D{nZ;Tg+M()J!JU?I7T2} za2N~NvGf0Hw*RRHH4O{mfvXKQt?k1Kb__0my$!wjzs-i)vFT6gc7(yxtNmYQqjdW= zoBTCW4(5Mrw(q5tzyI?8Hk|hCi#WcgrY) zFHEK&Y3TWM?S4x+v)mbltnjr)ZvQ7E$(Oo{CT>lMmGK9ydV-$Yk0yt9xZ!9r8Mz8Yo!^`Mq7L&8f7Ro6L(qPQsd6!W(FdsoU5Hyusqtes0(nPH3MM zq34>3(aIA!Fg6W^TN0_YHzKe{4#0_n4FOAAp9x}aVZ_s`<7l#B(>f$4)=RYwc#Bv* z{+xADDpuNGAzaFs9_lF#j3yS$CODTKvI47#Vp6Ugwz_NWWze^Scj%I9DdFym;MRth zgmn;4MaHBMg98-ISHK^TO&P8GFECc-CUV)UZqR2RLMMV{j`eo5Zw_Sxo`>Jo7B> zvyNf{0#z%L&VFmQid(}Tjp*dnv23juXL9sioMc<7Q@EuW&E8(;F<8LZa84?r7ylk! zWeN1{@8j$gy`18-KlS2G@D%YmvG)>DLiPfy(X)chQh~LXaEDI+vyZt}wBrhefePO-I%!l_a zP(82u+UzsA`j1VEf3=01`m*MR`7ePzL1rZi9#nKNgLxYx_t^B!XHc9itNrZ3C|xc_ z{ms2yA^W09Qyohmr<9&yB3f>k;&(i3au;pZTkYDQ!@Rs(WW z@ftxW^kMXHTxpRK2v@QR(p~q{{WepfFq`EFkxwd>1AABe_4^(<&g00nq9t1atuBIC*eT~5*Ud{ zf{my&wgMKgWy+I-PA3SD$s*h4yLbKF*4S;YyT5rX4_}{;lj_~PuaE5Fwg_8z1l|t| zGc(QIobRXQ>{~t$xDL-Ls84k2X=7V>e9zkB@tzbH5q(6zPB!eu?r8~+UB1pM3Bnc z!omwfoYF?I94%iBsq53B0zj~HpME8Uw4xQJ9rw5nI})tYseJn?1~_kKeer|c6qari z$a@7Pcx7T(WIF+z8tq&K)k*?FT!Od$F?lhMYG57CeG&(AG+gCpdaf;yG4NqFV)6!7 z=rC)wlaXk4SxF=Fe{S63CUUelDCtbo0uTly{eoj_5BtAPK~au$1ze#~9-cYN zP6DPZ#yBLI(i}P1xI{JUMSYTc3>}K{7vCjbns461BfJJ1Wfo)p&1#h#FLmt6;A*+! zM6DUWHS%S{?yjn8-bzmB4KxRcFNtV){*M?yZ%dV4c$rrQbLFY~m>dws*e#tE1b!5p zvX~`kKjD{~6B+KGGCx5*b{2K)k=t<^hce2`v&DhU8qSB_a@i~xI?Og(p1)Spfbrpx zYU$n%|5AIBAxLW0kLJO&)aAdoZU*H0T!)KmRKIk7;6zC|YpM9APm>|LhBMmKM7jv) z{h*UOXmJ*@{^thqP34&b+zo%zmlT+d=QQhxoa8k9yC7-qCz>0>r^Gg_I;Dguslr(_ zysVVFQ?@q^Q6Xws{Y^LA0`- z5griLiTvOX>8Tud|m3}+9eVEBeNNV5~nKeWnr&$<0CM3#XrtV!f&_(z-8@2Wr8&Xd|^r_5!v2CS;n*K&U%nN;Uw@ zrcOx29|elIgRUD$n@3Twd;)139KnN$*u~+M@cos9r=Cu&p6yL{k^g|H%zUyiO|9~m zX0&POdW0prW+-q`1toLb+=0k|6vC-r%g|9o6im#{<;>skhXF*}N0V4|$yc@I9RXTv zw}v;Hmh0NY9LRGJvC`;hpPl$Dnrt~hD8|44Kv5N%CUnjY64-dfU;>b=xn(ahT%w2fQT+UCtf ztR4q^cX7J9f0vKUg@rOm$GgX2(Q4(d{lbDDVuaPOKByd=UxkpTpYjUIzy*eh$Y83< z?5qeXXP!w{=C?hXEsc}ULufCU{q^TVy7$XL1oI|3{waO&a`LlR4c$$77{hH&cm~-` zd0VzJ6V&#U*DjfO4almYTB}{bROzQ{r9UFlkw~gRu?z2Guo#FOCP=~zw?Lb-pKwO&&ZrU#7!k+U2+sEYZ4RahqpY4VbbTe{-ZJbgubKybo-w9QuQK| zRq5fxYfu5^QN$Y;9J27Z`-lj$$;*}49>Wmya?zg}MbUIr0dpp=ny)5`+}>1ZJV2w8 zs+6MDLTwL6rl#= zwZG~dydE_=VuJTbmGjNUOa&qR-+btV3^2L5#;vv6;g`PNb#hW=Wk$b0Bup0Vi1ho# z0X^1>+ArVXr3gHMZziwll2G+sxbQ)-zqVfWt@v#j)I$o+#L3c^^+^|wXdxPv`hMY3 z_0zA`ExpUdwhc%AC(i6u-NdhHSuo96n+((32_oebe52d3@sDcn)xp&moqE9+v0Uh! zG<8Revg$Z?BQzY()}q6XzZJbbWA8~S$f=Gp=(H{Bdlw+}wJmZ?^(1J0#;{~)&!xwi z^ALOvN3BFHYX*ms!0{!4KWOX#QZ+AciGTL6s*q+dHvz;+8~^lU@MjW_;L3=+g&^zN zHxW#v$4&uvgyla8Ge-E>DVg7AloB&N3lXbVZA}jLbY9`qn`4%7d zDb+I;O&!SgJRN@&C5AJ0fD~bO@OQVJja79U*pvTsaKeQOg<)RDkX{F9qli~es0Vy1{S|81^WquyK4M4>&)(IZF_p!s@FTP z5V7*OOq{8IVYBGrLQxq#UnD>H8f{(`0!@=r&DZ%-wuf+R#(QE`w;HBd5CFhj`r{c= zbsDX8v>;V~3vF5s681vDt!pIr8JZ+N8U#E6k zT8SG8#qx#p)?`BRn&hW>V2vfbF~!GDT(!Chsl^ptPH86X;V21l2aAG?$0I0h=`~B< zHt}3DWdcqzmn{fgYK=KDB-7!wMCZ*l;TyGg(K=p<^6YhvbnCs$@iEt(I`pcz?7O-K z>wfl-L-<&(|0Qhf3^S?P0cS0Ro$qk|J$*``BbjZ|_PIKM*Y+yIX_8=ApstA1(>lnq zWFm~F<_1|ba{6x4Q>} zK2`nVb)K3Wdvl%Cv(Ltllm5FbO__@3h{1gl2rF0B#m)O#oxcU_#`{R@7`wIa%Ukl1 z5XPKzeEP?fYMEKO7x0r#Brh25-h^uZ-k@l1UqFuJZk8?OMUQH*4z^10pXIDS<`)ij zK-bT0lkiUHh1KbQ5SyC_Jx~IhHE1H6+ea$wfYoLs?<&CPkBMn*Zw~c(TKPEZqpa3X z?SBN|v#u;wYZ1kR5zeKxuN^q~#}|r$tDRc$t{3i)&V=)kt9^*2Bb;fHoz?P{a}on` zNR?iwnI>f$2m<1es;Qqna!iG(T+iM&SAHPZz7=`D>0;I;j+XAyM=a5Rflc1dTJ8(k zc0b9}Tt*RJu*e`uCtlT?L|g@%I+^`Jvldh%M-s)MeZEi6EKBracg+&!s2Fdw5Y$sb|=B zlOz%CGU0DQd+n_ErX&P$Fh6Qxp`xMn;0s91;zebxQ$g9k{9C|Az!m8y1nupk2lGhH zhYay(A0-C-f2IQ3)MN%8!W^ihLKS?VpMcmqDep?Ux%$`K-OJ865)xohf}hM}S4TwT z!VL*fBJP1!6vUcHK&wF`NEb5Z^(j|95GiUJkKDcNv3ePas4ZLu3EGKisq^@t5$GtA z5vRd5E4c5vCQ0+Bi!tSERtIsU?^QAts&C_`=VHP-Xx zx(kqVSRP=5-;xHF%_bT@X2}ljaU~+>NMp%a2dy&>{t8%ijuv&YY67AgpmBP;szC`( zh~Bkv6Efgo4azZd$wks0m2LgHJt)tXtK!qi>frW`T7$a;j73oa%V&$13978M5HN7V1*oW$MJXI%?p~l=<^1V*W{nU1pV5?3#u?d~2 z(Pt*O36)VI*1g`x8J?g6jBiZ~_hK{JU1?C8x=I)!!vb1QE>WSCf9(y7=(MDRkX}^= zo>M>ttqunf#LXFXEn2b=#JPg2;KXQhRzO`-5rLF$#`n?tW5K;U zU9$gAaEXqdfHgz;E{ngrqxJRf_+#)ucKOxt%y+gD(QDIkt=pNz#gqn}Lrkk$in=Dn z3AL>`-4Z^@k?$*PkuIQ-$c+eg=BQV-)^auHs2cofc62fcw@QeU>?)%+DsB!D z)BGrz9dk=JL*M$*`Pc$qSXctl;HjyAJr#`fErE}G64%r{ghTqppDNZ7gOya`V>L`o zb;JFoPS9c9#n_8dRGK7u^{}NWOs~Rau|v)ClD@#@9zUSIOC-8qv;TI;*41^Bo)(h7 zXBURzBFpH(a%V84-Mj|JCU>Ek`|iP!>FQjsEAD>KL#I_c%_h2y*PCPQM2pnUQx){+ zvHNmNjkGrkrx0OaUExOycMIz6;Ud*I^tv!7HX>Ma&ylrtH%l5@1t*TINS$R+D(4QMv_+W z7BOLvfQ)H-Iz6Rb9x`q8x1ujqe1&b$#8h+w?AjSnZ)%rT(Io|yNlW1;n^vm7!XV1V z03C>`iI5VV73ju;cz&p!_A?_d)G5aAF}X!yigTb?)EMlIY4!$ zr*6=JW9vGn@?z`8whj)F$`njV(iC-!-yQaEcX?j7(#&>oPGFF1)OPyQfL==UDIHdA z=!SEM>aB$IQ;k1u!1kjl5n~Q!$4(M~OUC=n3e8fVV{TYC?=q~_KKdxGJUx@Nnw?$asnNo3MMo^6hVY#w2L&a>8X-nwM!%j; zeLs%6A*#QwPZ#tNAio}#zPui~gP&u*+&)5how@=}T+$P54K~6l}ebO*JxY?;nD_ z+KFScm1^(D!@jg=w05LRScbLPxdXq)yFRU@F*tQMDNEwgyEyz6)yW``f#-(t zshjM(x^CYQrJ>$9@7}|G=Lhr*dQdEfCVvD(qSgzd3RbpfqDg`(0RuNcIfb|Ej{5!? zJ5-jkY2V@8dnh}cHT5&Z+>&931&UfdbZ~{wOlIaJ+Xin0@AD2Td&GU0-d8D;86jKc z=_!(hVk#6AyZaj$P}qov!|0@QPtbw@wjmqrEoBG>h~LbDsM+ZN%okX^Q6$K>r$s8+ zWw1Qa1gEuXN}zN6d?Bn+t*s6We=hIEXY*g?2?$x zCEi{G`>igNnU*w4D73V4Xw-WKEmWq3%#>REBx!{b3MNn*Ft!Iqma34%A=&ZR1(C`e z4cf~3nP+GF8BRj%4JwrXyDfVRKSHI>|H71p4V#jrO_l5@jT{4u*rt|G(%ce&<{WE&NK8E zwh1FCg^le!SYb2#3Q4?c3BS5}6rF z06At5dmtg~&;7vZ{e{im%`@}|*Qx6`u=5j_swr}X@IuWx0glIA@4g1tE-cQd8hA%p>^iczT7o$)HdR1R1agGQOHx^d!^1CR5LjfSmq#j04VN=*W=*B6~lfH)huh`SpW(dIi|7?~)OBJ#(w+ z%Jzgsa_y~bAlkXmw3lsTBeoTw$Hitw<{KY$3N{iJdqO`oB~zj%p`ME_r7i9|?$t7b z)KH=y^Q=>cnNR#uKLW2}%q52r#NP%gtCyCmmsW3h_)3|>iOo>|iZzCa68!M>-W z{RNk{QF%^t$231JXbpZDRWx$(U!9^!r=1)?9_n8;+<`+)K6S-Ree;pZ*{4kO95_PFMvS#h7 z{_0XEXKohK*8Tfqx^35|nMDW#?Q@1shEA4O%jXFiuW5V5P=IaGjCbi=Y1NuSO?qk= zax`P!;w?w9xCXfZ-ASEUxp&p_56wY9Q8F=ke6D4w+** z>F%LZ;19$b{gSO5i*`ouPWEU(FE-QiFS7)R9BAb<(dB9t=Se8*re^Wvu*Xf$0A1Ug zlJTI6>PTkJaIy%Ey{T|!?{LSBlSY}oMhwkw^uMSXY61j@#n${;FU7L*dVq<(OwyY} zW(|n!>{oSXx#J>-EJT=&j5k;F7wuP|H{6=|p%iG-?L@_#4QWGYWWAdnE<1X%K=5vQ zCr?(I1`=%0!%I^yr+Cmmx8W2!MjfYkFzcoQr{46PxO;k*EgJr^1QV+^CZRay$BW>W z8)7uoaeq(s`stmoAB&e@68S=g1x;MOJ^3)suiV9VG+cPxaEsAc>l&};tL`4cux z(E4Rf>)fD?7-y2e>;Rsk8B#VBEMA+jm9E*q0hXerkiV!EoB|& z21Vw-#tYwb50CC?>stCZk5xb*PW#J2)U;k7i8&5xe41|xepTF8H467mXHf=n1xqFC zEAXMQ&#hR@ITrfOw-CO_$gB4DrtRlyP)UQPE??_lA&u#|g(b9FlDVbni%R1Jmm-6? zLU*d90s#1DJ)rU9DcU~iuyh3hMp|_W_N?QVOI#tX8Yde=9TsCnX5D}RmadRFnkixcIRr4I(w4Lju z#HXJxpFRuU=!#{Vm3Nqg@dOyOAAe$Fa%7a^41XLk|6fEm4)?*9;j^>wA8KPIgO7l2 z0{qux{>tkxlJ6Uyz{w4Ri@sJ*`#4HxkPVoN2S*PT2v)+KmO&eq)i}qEmj;P*69;el z!$t8q7=oFBSM0kN%0E)xKeE5v@RZk##JG)o z<4>E}lHI985>5c6iuzOZ)%+d2FMBU*#GJ*ZK*EY`W2@L@Z=QTdqJ;f#dbcaOi5|MQ z{!^%-4R37Z0$v{fweYr;FhhRjq*dBX)=IOrC*wLB?w}u+JSvl{YKaY^-o7j`?nwP z6qdsYV1TlVD~?L06axB-o!E@)ppTg>!lIfk47qL4OY@65f$}#|?Nn@GS zZ;&rpB^+b%%v|DVhP^C?rA=6uBP3a~gDzVoirRsl^c!N8=EGFt{T^u#nKmg&vkN#H zwE~>;dO;H!5p<4E+BxQfk+Lb;C|(Nnc6bH5UD1vIVqa3^hZBvv{N6aQ%N0WHtZOIg zDM)S<@nlZNvHVF{BPv|k#=x+G_F%vM-jca|)_}7W zY8oR#vzT$;|GZXJ3%5_l2UTJUS!O<|qnD0ktyZ~4fzku*l_qk724nEsCP(T3^G_BS z<^*E^S^5^PQS9j4peuSsuTeC<$3LL|qq|)T#OeU!n&kY?Z~mj!Q-73Fxy%5w>kJUd z4rdu>jV;eZF;N_`>!@kw!lfCs1zwu>6}2|}56bQ_MwhVb7ku|_?Y3>(wr$(CZQHhO z+qP}n=AM3@^G-4+XEMorsHE!3s*hE<@9VeLzmVUpO$zvp{Lzr=R3#pGhoY<^m25V= zkGubs5dz-um43*T<1k%>uTXdaa97w4x3&PAn{(HIg+<- zoIqa1S;oNXISH9uQ57p}s|M>SN~e7LHxw&&Nhxv}FGVW@vTE0>QlUi?X2sdwL019i zusxhN#r{G3BobS#WWVPxz}45ybH)}^a?vtG4;2+AU*KT86j~=x6i+yQLgi1MRT)Oo zRl;Oc)7P#G$KHB^TME> zbl53rO~Yf?_NgbLXp}H#ZciS=e3vo_jv`o_4WI*k!dF)9wy2hHmxk3n;w^woJ`y&r zT08IH=)v$|_kDT^OKN&cL$evnr@37cX5uu3up;uIYIV3ABL;KuhL=Ln=$ODR`mb-{ zw2X#ZH5*i$y??_`QM~;nKp&Z#;Zy`~ceolg`cpe4cZhz7nGSc~=5z_Rm+TvH{OtRA z_@CCm8^NW;!S1j2;hThe>R(T|$9`4Zuh3uC@Lp!a9w^UT?kpXn5h2q=M^HRo$P*FQ0@albN_%+3Kql0bPKNvF9M~>lZ1AP2 z_^aaVWF%@95(UO)zeS;Jo70HU&bdLxa7udNN&av%UOr9X>uVq4$=>>j)|LY4q^lXN zP3HC%YqFiHvM~n2u9_EmgslyiLAD&x&3k8*HWML#3!j<@BUgG=+CqhS|E#CoT zLB%hTU2W(qE*2lqI+*?`t7N02bX_1;2^F#w1hB?ID%V;GQ`!Kq7#3amXf%@1LF~6( zr+ef$O)g{^%R0D?_}uCslrPSX77qXVWrtL24eA(%gz(mSkAtIi?VE;j}@)_C$&nJ zaYbJiHGk$DJyFWnda^<#Wpm{vEBT5lhjq}q1d*Gm0A$`Y94@knS3T?$S@p7>Nc*GV zKvt{VI&vDcdd*;z)8k?PmN-a}<=?2eu4 z5K+xSa6tL#gt~Svx^;RAM?Rc#}Z|78#2&m<<>dR8TGWA^0KkGh`rhwwfPqI0PA7I8Dc-dbCP^ z)4di{!gf1KZNWoBpr{oj2fPewlDspdSyp4Rzl-QVH`1yn4%u{jj0x!{;XB;sT6DJ$kmX@w}drxPc|X+2iP`T+LO~ z_RA>92Co8FI$_(8^`7`HwLmKWz1Rd+{_jer&hIjG9ye$14_qhe|5SSJRSEv*j>=ZJ z&ex(hudr>+O@XVO#F%YG4iii6hfcPC?1tvU)`nTKBqE0h3o$(gv{YHGkdNJse<|iZ z&qU8`v{#*6eF)CjY5DVcaY#>ZdoORy*KWpwc70|GZBPk`9Wt;qv0@5@$SnPv5hG2K z9PhT0&66%h0J6fM+M35u-%ZO`m@=TJQ`^bQ}P&PF@y8c9?OfvD1*V+I`rz>X)M+m8c={4Ji zuO9pD@)Uz#riVEZb&aJMR5qZV z;4E-ZEcjQwEB4vEG_1Za9W8Q{OdSc?r*HEDAfz`$(_s>7)6LI3mSo@c;0`7+Paefm zc5|7=WpPW4V84!V^md%MFxOjJkxN|uZDT+0LYmH^z@oTvj&ZFr=|kixxe9Xog=cIk zxaf9;Q1J&{5)_d^-;L0Z<-_|@N4%P?Bndtk_|?P|b~Wzn3Sg1p6uufb!44isACW;A zv$tv0!WQP=r6z+8+C@wWAvKe9gg8lGDX8iT*)q2n1eD%eEy&kd<)(f1Hr5awZ`q!0 zT$s6{-y_G#97PV36?hcNWfOUqEKPbi=cUkY-NNy*8c73JeZ{e>$tWJE14tzgM)W6A zGA-+n!-|_H^dT?#R&$r4D8%ZP)Xrhr+;U?z2iqx{F4^45Lvl@a$*&Nkrt7Nn6 z@RAs?dd;`B-D1!^6VlLheANV*UF@az=+w#{@YL(|O?gah1?FMpAZu^q=9E}eFXvDt zN3$&~)&i8EpJE1)h**^kUf`K_N$+aM=E~XBhpo*|)bH>*$hgrihb~e+jHejZ>sC2S zmvJhTCrtuZFk|1=WOj-2<^HWKV(OW1R@m8ZTis{`u@5_vH7fXdW!%yYkV1xWFr|Ny zD|4Nffn`VM(UZ%bbW{=GM?<2hLCC)r*G|eG?%+l-dPqsmX|4O9D{zU@3J{@{#fR-!v!1xT4Hr4Hy%jR1ooo zPA5{k_p&~mx^Bkd!`Q#_?{EI6Q`lr% z4$>KM8+Jz)$p|_LsxQ;rmx9k8q>?8jZa%rqZU0tD+zhAI+YJ_SG@em~62Vb3nuOi1 z%L)8iFxdB%a8KbZY4fc-65N*GLTPq86$4nRS2vW`!u~y{y&6aOBthS6QN~aT%NOF- z?hwGpAjEB)491^n3*WyX88@9I5xccG-~>`_d$Xf;r%Q09DemD#H=uxiqZ?6cz_q9|+uI)0Y@$j?qb3q9!R z`&W?BtN+42XVwDaKTQQYD*!n_LnjoV+;uZQr8PnbM-L`Gq6FB}Aq5*Fc{SK`#$2f-U9&2+Ukf2F(gVfI0k%ucNhQbjfIWw)LoCX1jdf!KS=>w&i}-*IGc%7>BbQ&^~&&n z^=16#%iCent?R!*0g{KeDOBP1C6GHiE_^RE7Pg+Q>KLOYwX2~OAE0_XY$t|_zzB;P zcF+q;;AUM34WdxhVPCd;+SFTi&IX#(NT#p~{Y=^!Y?{po)eRG&(|TX%BEoD1g6`OE zlM0A=EGkR8(C^iZ2(T`t47rqxHRV7Lg%*7HC6|YgMHFK`LA{1YFtRA-Ys*+-(?mp& z1PYXn*uP0a*}py22@4?Tl6kE` z7D0<3_m}Bo^9OwdW^I#aBAzl4p0iNsM)5Dz27*j??z~R9va_oXn;{8u?AK`nFG4bp zNVIHQJyeJ2+8p@s+a4Ibt)*kSFo(n%8r>lzrjQi zH_plntgrqfwk+nOIP z4_|wC#1@~mk6foqpj_9Dm!1jN#BmFDCo{vC2W%~stjBj*rIiZBM-$BqS;sK22Pf55 zWbW!^<^2xui3R?&|4kpShp;yA`O0K={)ZmP4ivFiZIhNeF$%x#g^MjL1Y31E=PNcH zG`GS(t)gy=*3u5`*cCvOLkBo}%&T9LWNozBKVtfkX^KwRJEE<24z>lKt9l+|O#VZU z8r`|6r6A$*^5Dd+b#*44ioAN6i1xdF1Da;-QWimTSBgNG3+g~toN7hBbo(j&F|(T< zcX(0mm1`(!jwpj0@3b!1^*I7Iy12v5xbu&k9pEuXqr+m z`LE?tcCAQ8O?9fMtN^5ikhadgLE%sA=EF&@?mJ$|VYfJ5H(z3uI##1BzEbL5gD5}t zIHxsFBb1+ZXvXh7p89D56h{Sbhz;mPc;*ap8e(0(_y3y{Mmw0dDK?N9&bs&@KuS4@ z!>$A!Eo?<#wNw2u2BtlwYth{q(_4|{VI^1_IZJPN=JNW*LSl_Z@{JYpuc;OvezRwu zY=2v$PM*uKM}d}Crr;QtTzxK~`oL7Pt@%lrTl_MOh}@)s0}u#EyK&dw+@KvGL}=VJ*sWey$ZGUL zD@cf$M+Lj8&i-1V&U3AxnrX_LdhQ*+SyuD_jO#v~wn|V+XU2DEZhJE8;N$G@V_@?} z?xZZe3C>@^^J9oDo+Q*e+|h$k%PPuuN{XH^^1ArSrB-%+VHug^n+teN9hWLsAQ&jZ zUm;Q(l4Gxf$C%PkA2*lqVep=8k3mJd8#@hFr*B>To1(`Od#`5V)Oa;hrdnS@I7}1d zc`+%Ayb}H_-qKN@^8e58Ds}9k9;Ic|q@`2E$NV(Ga4@Ft^f(#RFj8vtIL6Eo`KQ$}1+R_G zjt>~S+8W;x9wPF3u5gm$a0<|oBcFaF7vVN9c7Qo;N-k7mhVsMXJ?Vf&f46D`4FE+9+`R_blTVbwCm~Yh~(xMMtFTzsLiUsM-8`bbIHJw63Ujbz2%0 zjoA3O6E>yRjirxVAZu^g2{t56%$CU6>nP6rRmoVv`2HO-eQu=@DxSW07^kMuCN~t7 zl&ovulBARr9c~1Zza_bMEzp_C>&f)!u&G;d=xDLB=}w|qX$o*_H|tx?ZBeiR3tT)z z%fzX!xJIO>bKbe;hLXfxFI&3T@|7}F;1yg*nV;XpjPsbN=7tjOWWeCoi1C+UyRaa- z(8s&5_#c8fW32K24vOZ5RjBPi_vT6HFLe|yja6>PMC@EVf1bpO+c@Y zDOPGQlE;oBY56OxeqRB)u>SdI>G1von%HD05rDq@;+mC0O?;k(R-kR( zS78(5^&SLD3mf{@n`)A>FxNVegjub{qy{lIA`X&ia}%4iU)FYomVT~u34$ax8osfm z*itbwV}T*M9Q!&psGz_&%dv%mwCv=IN*Mc~UyNl#oQ&hrLUGE&PSi{Kdh|Lb(X%~8 z*|Csa^CvZ#hem{(?yhk?M{WGgAm|UdBXd+Fh6)TL=XkOqPtzfB1IE>GkXy@BQxXkp9>M=7ujGWU(c?azw>eC)+ToHKB16E}RIf+Y-~gN8 zCA_ehYb8~g@tcflr-|na6KOpBuyuG^Jq6vIVYSy=1B!I=V{!O$VP0qU)9p??pHG{W zuMJI~ml5Z`&RG0gIXm`1zu!L(N-5GG+yW(^25qfVlbq}HXC+Iie+;FrBcI0b6w9OE z%*XYsZBU5Xyn>61C`hnYPbD77P^I|aNacT=CGQX`Al1+Ezu?k_(gnP-NAT+_zt?{M z<(IoPF({os*(X^4VVM7v?X5dbsa&Cg+;^ZC{08qHV~i=wgEx>FvFWU7W=AIMv?-M0~L@&f_)kK|!oh62Idbh_nb(uwM5(?D#Il1GwfXdY37|Vmu33BJ=p+EVmwL zY6dhl<*aFazPiPjQ#fSyPFSZ%Tq`s^cujPReIOwKA-5bkt|zGWAl)pKI87NZmOL3D zc>_n-rx6esYjkqdH+eV@I!VJhjsn^~l(ncIM_9&MK*Q)d4jNxl7Rhg|0O>AFA%FQE zh!#B~7e0%Xpq2($w&_wT)1V5qWNT@oDgSN1F_1gK`bO|5995}cyW_*h+0(&w!V*<< z);vH16&WIvZ)dm=RKs5wi#Kvi=|h@P7DCioyeU{8&w%&B#!_BlE&wG!iYJ^HPhyZ! z2#lR_9nqk`vh*=h!WbTRwzE+@N z%wLrOs0DSzTT{ubzgarmS=xm1WvjmVchM( zO615l&7|xB+5tvdtX-?)MW}AlPq@+3&&Po;jlNgBGxPoJ9ZMQq<4|{<%W;>e&$8QP zn)7Pz^9El!+4iP9#Q)0^0>KwFUM3`E5xr4b}ArVbrEvbOiyL)s* zd^ItiYF55Cbf-_{j_ugA{;&RgD$t91o;a(2Fay#&(X_YWC z8#d{scdodrFDFLt>G*-f-*4@Gn?>|>UQ}h^N)C<&LMFixpe#0<d~*CfSbK>Jb_wt}oHX8%av*qkt^RIl+e*n!nOXcLM;2 zMnSER%IWrEbFRxjTqqtQDLQ@D4I8x@#%)j~dS1nyC9QcC#r~b^AwAxYdWmc`L&bY0 zztd}xkT{0shZ4b^2#;pPP7bibwB%cI?SITE`^K@T41C5$irf%qbME@htb)IYNuLt4jrV(1}$P*1hx{KSndV!#M)59;#@p$ z5oxSK9KaIe-@5wFY$E4e?yg#7Vh7)Ulm0HPe%glDs~Yecc`q27Gx0!v!>r3W8;e;_ z9tHo|$kqh3MxDOCG?e7d`Fh7_iyx8tixvGQq%*904~Kcm3w}EsxciFShoM!&SLP@Z zkjDylJkSps<)iSj5Y5`rcUF+9@wTLveWOs$FevNIq~uATp&>~ATuGEKCvPl2XChrv zX0r@<5hHXl=7Y?cgvCNI_N;-KB&}G`6>h!L>(6MGT|rERP_62VbiCi|-4y-VrpJlo zY=$=fSa*3oWnviBX5>*;eh^A5Dgk7gFa4L>{puTo+4>;-disS-CS5^vt=vjAYs9je zIgv85LgZ1;-H~Eaa<9p7^a#1OonQ=`UJ*4+!oLT= z#>V!RHCrFUiJI6}jk;B!BX;QgJ>@iMKzx3gHQaXEISpD;`nK4)IeBsEVaCm8S8kL1 zlRf7)TnvmDHjTGD8vZOx)24yaXilV(Q|UnPE|8N6PdCrZMa(7bc46I%r?!{|au+|g z{3pn)pfhUKtTO{`c39nk&FsE~Y!?jAz;g)vnTa2rhbpgr+6)L=CRmfw#*VWugOTR`sGh3pl+hNl*l1NfG z6M{?X0Wg#$F@Ew7@C;}s_89Ft5%B3kEC;6}^149-H=*yMr{r%WEHZ~Sm;?}5boe!u z)Jq8!swEC1!sC0^`Xf+xb|JeqJ;)Cu5+IS~K;9dBK8t=rpnX=pVHRb>K_oE@tbjPd z@Bal(<*{d2LXD#%{}W09aiKzDD^GKY1Ab*%PS%l|-%~&Zbi>z?weA{?|E}w-8X8{d2rlz*O8xu4 zOMa_!s&W2Xb-_Gx!(Hj@6ZJcv`g@Zpb|*F2y?Xumgc9<`N=j9|f50hl<`Ljs7&efCiy*2N6}WysT=n z(SpCx4*10C$l(X+lu=@!V2y47HyBVdnjtg_ejDwz=@#I)R#29o=tB_I49)hTEKyVL zG|1ryFp}6_@cJNfJLqbl5COn>B@0T-(fo!c5(n^N>Urc8Cks^~4^eWEv%>tF83AR6 zWK$_NHtxgj^(e>a^6X@QzLsDM>cJgsj%F5i1h&xXXMRc5&uDt^izcYn==q$ma>EbE zvioDF*og@=Yto}D-PZA;+n(e?XDz@gUk@_pXS^vtrsEL3moOVR4mC~5)5HNa{kF=Z z@mQ-dkUQ%F6RFKIl7@n16Ju1TRx&48GQfSJz9DxK5hrO$8%PM{&YYVb(&Muw1{Aal zVIKZOW~yIpU&y9w(emacZ#%H2!40ERd2(S zpX$!-?6K<~TZy|w@R20|r!B+zt6b)22yoOWOk`9fsZ_&20cV&V9b6cbLMlXU&0jjP zXmNb_>ntLL_E`fblSuNW(W8cFpW^y4$I~uD{Em@X(&Mj8;wDTTy@N@0Cgio(PtAd2YQogvNvAR7^U?Y>L zyI(k==`Co!|Ng{W9HGmw&7o@m)|w@l5zgcCY0QNd^{P@>nE}&&ySo0vT=A|Uk~}f} z+hdmxGn$7LJ6*M6If;*Y)hrf)>^bP?$zGik8Xk5dZsqgDb^k2aBnY?g z$y}ZVR%MpLPR1{TOR?NAwDM$k^rU9DDzG5;`9MrL1oabb+Nt@51BPN>&9_~?3Bh=T zH?$5^KCIX}DsbS0YcDK5;sD+bvm`sGSc^EJT6Bc8+dF_SwN{+PiF3iF%LX9H0;3$J z0+DIVO29(f&op3G1=^Trfy^bb6Pi2Gp=z4mb6A4T^ZYjvl84dGroZap@71Ka68(l; z-_C>8RV_JxZ&pgNdoorp2hSMP;K>m|VdPHRjYj1~Z9>}q!6Z={?j2`G9phsXF;43# z@Cdnaus(_ja3c2{bbdS8(+tjwq>bZy&CC8PLGUp)U>88#K%xK*JkhYC1AVvKJ-O0? zHg#&C&8}x@f?d*Y!y5~Q9pCm2`eP5&#~}+Hq>Z^@jyo4TX{su?SY<4Fu(z^H--^#@ ziqkZ}=`dmjDdzT-W)-dxslj>1DFI0AYsN{|3_>DfVDU!F$Mv{uDsEq@yTx5@NeT#& ze8uVzWsT}m3yy|N9-&qDldDQF1>M}cVG>e8Ei8Sez>0kYG^C46N1PGfMXqHB*J1V?9>2MNO+0M^8GyIWx^ z^uIz;Cn-@WR5S>84=v0^_IsvEvd1{`8Dfx!>Y$_;%xyZ3Tq;HMlZax~4-kC-f2?}Fsfwk@qJYG%x37Xs|7_+6V-nEi_Pp-Q zL&eDMyKk$rIpmKT5l^N^2f@Dwlzicm&4*F6z_tH83W*RfI)DbdT!1IqOp%CSXoJ=4 zXBmg9^HLqF{E26h3mGq9X(N?O_)Y)*gsFD9xyl_=ZJd%P6Ea~kP;|Jq&m7>3bP(xZ z+zY#!`76DofD}m_Z*aW$UXABL4G$Z%QAkTH@zkahrfw17qbHk&kYUap?^qG_8i68F zRdxU$Y)6hMdu9sBEK2P+7Pt|fbeC4mkl*ATvwh|G0KfNoh-SGYJG-%|i&cPjnsxj@ z8KE*MKhFf47Xw|Qeuz#rk4iBg4yt5%8m+0 zp7#5@yuvJpG~UNwj{Kc~S{1%K1opiv-5WZi2x4m~ar4c2eKbngV?W`eXD@v?&=DDs{Q&9S3f5NwOK~Ex?NuNTp~e=)Bd@Q z!trxjl02eM$nV2Zqsd>TU#AzjlZ(1z;}N9bt!W~kyU4PTAf!aXG?-sw+Lqm9NS)*B zS-w}6Z8b$c8n^K$Uxv-s?3#Aq^EYsNjYZ~AD4$sJuxG*)M471L=yUXbkgpS0$39eF;ayntTp!52d9c=SZCUMge5W0=zXEK&-mL~>E>9}?c;I^cn zqQ$JUJGMdcp>_DN9#`@s2%DW&Qb%i&Q~Tujb!Z>??P5P~vlx-HKSOrf%~#%W?{E>d zYk6%TOP<|W`m$^v@?R3{SBo|F57Z)vQh@W?_vRXl;VYD8OzB?idK)#AcP%aB1<5g~>+ptb*z-%q)J!ujum!S*?S4#1^#$k^e*k`lxpEV7%?7efrDAgnas8g3uv6=LaQh!cQvsxSH+YaL&7fb`U}j=` zJ~m~Aygtj%QKDBvDtM-5eiUnSUtEZ~pz*uDmjp}Py`J`^JkV@%iCeErQ=SlIX5dUV z_p@5?i{fKtEI!wt40wqeLf2mA$*qC7O>S_kW)fV0 zu=ojUh@5Yp%5EgUWMdR%G^ZkH6v+c!m8vE{L)&B0OWdgEG!z-7F;ONMS*P{FA$j0} zw)^**#Qbn*KaI?pIwQdaC0r3ZRSdl7r*n95f7E4UlTFz~l;{MRyxzg?_xgC9TwebT zGi*1;donbUOrX@-LUBlLlU%jiMyT0f?x}qaK@`(`AoWVx0mk={dcuQ;>i}^ zjApM_Af*j!K9Y{fA3felP$^4Ns^X}}Vrm%kjB(SR-d<)?J1CL^(=jf#(E#Wt5$emq zGLo>#PL5KUC!0Y(j3sR7seqh#<(=el63%Ho!1~mxhJbdJ^8uLKgFF9$Lx$KpiK31% zw1@#NkDtnsd|WwSKe6RU4A=6djE>5U+}9U^64Q0oS<~y%o%e+t;}yl#ElyK;y^X@! zVq%qQW9JFUpmr02b+^qz>b=dV50nA(64H6U@pOq*p^^V4A1RAGPA7G(*OVB` zfOt&)kAphJbz;+<^>jAwfrPGP1IE?VtXs7{1MEqW`Gd_ZfP z#xu-B*-`f87MVIm`}aY9mJ~>Fu-D~qL=?}H%J8>-hopS#t`eAINp%W5vYNpz+^%(E!Xhgf|DJQ6?l%#za*LtAJ(_5JZyrpyIFP!9+%^=~9Pe zU_F(>!Ro$nLneT`=r_*%sD*$n1AJUTxDPz;X9UNPQ<@7Oq~7zvBKu$MW!oI4(>(M@ z5Fe_O8(UHQvaNr&FxAdMGiuS^igV(vNw=HpGaiaK)UNxZEZyQU$`7)&zl+l0V%)4KqQ)Mp|R#mJU*OkWC*TU0;!a_dm5riramsS=sSs}+6W)-ah~nZrxyDfF?SrwM>Mim(!yc4#RS>43Yr zY?q0mYDwSv!Wym*J(o|j@3p>H$q}TU(rY#zX*~=Foy;dtf&%iKG94n8Sw-}#RK8J$ z9&Ad^?>yEBp)KdUL5^x6F45qY$!7IgW8H^VZgTQoh-q@*{dL4a9@_p?hgQ3RJ)?s*t^p5dL&;&HgY6$qp^`vPGCj(vFK5}sHY(Vn{5Luqq^ z`1DXqm1Co43T?!Pet5;hpS7I_4mWqpu+{AYh2y-N5|JJx6P?0T8gIZJXN>9BW>1`! z)8JK}9_H*yCEW8EQeX6$p(fbV73@l2J?K`cxX7zoOVisPed0Vh z^0s!NmFnEX6;?RV?#>bMZR@DOQw@Z85xm0Tb9c})s6B>kMFI9&_E7_{=TAU?b{iz(E99XfI{6Mi81OTovoh zrvTFBf}J)Vd;-$cb5LIz+gt*8+QFsBy23vZ&KW5zv8Z|#onr&R{oHZ`HqMIj7;p$6 zGSWfum&!rhY+nook&7dWts@U5Eiuu(92%C8)NGppRhZc}{MRe3`r%fSP${69eo?J( zqL7~8ZfIC-rbqtqRQZ0$^#N+<#x7$WA;id=BbiGxCpmdF`sbY_ zc;7jq9*v$L7!%m^=ReA^)YO8))vSdF#?;n3qpje7viOYRUd|w*Uu(5lJc*bJ|DtCp z2SH6!3FMS2wspNsV2Sjk*?IoMhzqUdgxc*L@&9s%KB8~>hbU9k2WCvUtYg`$gYm`Q zCKj&NxK-NN^1hH4YQh!m-f_nAKA_5Vcc;x>;FnKsa#^ctI9V^Rg5v^Qa|e86Gfv^! zC+qe8BOS($nFie|JRyzDK+5@o%KIUNF?)f&SIp}6C9IeTy~~r;I5f0Ff7h6bv;K1e zHC-(EggSsz70$OhMS>5YeujCYw87j9<^Q*w3q8j=mF@g`35wKX_HXbEd&(NT2NjKb zNEp*!!mQ3j@u>P{;k~v_nb|SV{3qWU9*4=+ClR{e6pyw?vw%K}Ya-CY`_V)kJ305$ zKP~Meo_j(g#2k87p4erw83b1_%*f}!bs*8kX!PM-1jR82Qu2HE1G;x@9R2_iZDaJ4 z`AY1{R{ewx2Je3sxSEE!t#tc60Bifbk#i2vYVV4s>s}4>_vi>DM-tM{m8onp9=n*GvS95GGVZpKt&M^>^h3_VAj}B@gheX>}b=nARTS%^E5@uCp zivkEC<+H>E$WHE?$DrXGs@>reo}gB~j};JriI8!7JtEuaOOZ5aK;Uh@mK5@?A))p5 z9Eu2zExT-}!GM8+sYz}`aeoTPViRV}hqacf4O*rmzbTUP`n2d|cXM$p+x=9y&=Gb& zt)(f?7gp+mksh6EHxkAltceuZ1hxJu2nSS-7GG9f6|Zn8UZl*VFyc9cZ?gq zzc?+(ec<}~iQ3Y~TFAzf=Ygvm^V)EH(@+LRkjE35yy@f+?v;6=7|^Bjfwg|m4o8$EX3eA7C9~v{iIR|s4n(b(rhHwuY*xvpO`M`!uRwds>-bCsC+(1VIC>d5(|5;N8_%U9;yx|%)c>k zU(JSD+mf^f>ViL^Fv5VHflLjtsXyerJ}|O*_GPPn%|<8n0V9t<@+Z}K+^AI9@YPcB zdq+PL^}-_^?HqKShJQr+uBT(RZ8Aj(W?g0b>~!-5OHR#FmTMTtVpY#d7}eW<+STcv z%zv8YNyN5d65xn)YQ0AgprIggG=fKkfc|Zt2V>8osT{w8J;etch|Q%n42l81kf7J` z*k7dY=u1pCs24!OO3;ax9MdI_&i`KmeDWie{t@g9t!oHZrtg!(OaCJrg`T&$Z{0tO zJ@6aW-aANsB@R`wk8$n=VUrAlH@@V)4{3Uu`6`mX<)z{Z?rIrC1v;Z>Xa2IFA39qZ zOX{XapjyPo*mgKQsH(W?N@Y1ntJsX~hkE4@?-Z~Jb=b*)MGj=|qT<;OZKjzIbpu$6 z{qg+LUOfU`J1+b0mZ(-Tn_Bt&gg+Yz+ELx2MK2T4?(Lmx$EHEzIO4_q#&xfWf6D_jbtiVy!9wD?#{t@x33I|~6ujjZ{* z61wn6?=bc&kt5lasn)YJ!0N^Aw+VIz>nfcQteE30m6t$jTAFJdE_9u+*j3z&wsiU{ zAXejj7r&*oX@IekIb*i49qlQ8I=G@L$MFQF#b%x zH|1pkh;BZD9Rzir1oW}SLU*FqA;W}jaQVhf`UNWMUvBiI%q*Zx%XaNjVL<$JiI?aKs93CUFS!~gJkHk#}TVT_cwynEd z1>~=!poSmF^zQKh8_$rb_!zZTlCi`g5eIp-FjbFFnQ2vF@T$(3DB)o5WB+r2{7yPA ztef_)hw0yU##iE3BAkPu*l{oL4=29Y&Fa2@DkB2rqRraf09?lV_*gQXa9}Ci+nEzK z&CfPZq3&r!*b}j%TAC^KOZ-J*GiVYV(5*z?1!aXl5C+Z6M%2xxlSil z9@}e@YK|c+wjC(k(WT>*QV7R;IYaGqz>#7`fcR9rg790J#x{?uPX-dikmAjWxZFw7 zcwTI+1hqL_`rL{6s<4~%1`kTGo3ko8BN4=mi(xm**F0d95L*E-mZ#mCoRm;vNna^q zWvv}FH6GR3E5oyV_C6I?XL47C|FZo0`L>ht@0g0~ubfu+`RkF;L++h7No$%Fve zdZPZE7DKL3z>3zK7xS92pfy+8#c7~zrXDb0W-f6G+XJZkk1PoXCG)Fzo2VPUIcP5! zs3^Mg?{u=LnI?|;DHHLSsV8m^3h4Ld6`5^}2hg9^YVz9CqWoHIZHjCrA@?3&?APb= zQo&vxUw0q-g3FHwrPYoCY}zarC)*4RdiD9(jh>LWGqCv45ilb~HbJ!>1{{W-21gim zvq|}TJiVZRjFX73ONpZ^-R@J(WV1}0E6KcN{eGFM^SQUoQW{L(-Hh$fNA>E>v-1iV zZbzDvSAp|L%ReYiV-o{8^m(yW-ch1X{xb6QB| zRxp3J!3R4xLU%8Zhu`=p)!_iM3(9aZP!}UnIU`FWE%ROeP8o9(+ovBNmdgA!w55L9 zcoobDN{_#dqGfHpGykg-EahryknoN>X=~4Qw zPx1#U$HC(*oN=QxVmGLe&>=t;NAgekyUPvCB3Ab@EGP57GLR?8TK{A_Vg@ z`o&UXs8tpK$yF{?ayQZyCQ-}LU<|Q`&BR<9-mmBH z6u2qtQKKBj28t%~B&)xlWvcQ$JI*>!X&5S$tUnt9qz#qdetqwG&Rk~Tt@d+*Dz|mP zo5E_m-vwIE<%T-QkR(i63&=P!P=a(~N|`%#SQ<^G>fnm0C#wL&erBGs87?1q z=qkP?m9S1F)+Rn<{c~D7&wk{U2akVRteSqC!ue$|<>SBvbs-tuByQYZBDCDmRsAz6 zRg!jw+qn!uVE`P2Nh?*%K(YC1>>??2;|X8ny&auIVt8hXe`G68;&j}O|Kj)+wK*m4 zL2iN@!R%5W-Gs98cKtD=K>2F|X2US>pmj8J^fCkxDMqBCPNT9l7|~yM5wQ>MPzQup zGRd=bW9>J*zG|U9y!r9rVH3_i6P3GGKd~9=beo~j1abfQ=&ApV`5%ka8hJW^;xTjw zQ7)EIN+^sZOdTg)S28=AI6Wb71qo>U8HQ(vXHTkX-3KqUG;!adi^RZE$aX>K3T8tW zk1LD^P7B-ocC<8dD6$?Tta}i`QPLR4Wi_K9AjK^C{ zYCHb?kZ!wz>y)k8Weey`8Q$mPI_iKcIO&2Mc} z`JskmE~=kB=E;=ZT@`JX51jX(7X2AMQGsV74u=?G@wY7JAZRduf8mMbu|fVmK4fqQ zlG~}yzW|X!33X#08+rIGcO;BkSca04#I}iG1pu?WTG~DCuFTrQy41siLgC{0>p_(@ z%7g%_Xkku}{D;QaJ1^Gx`Ycu%T?D)mPe1{eeK~}G^Jm0lpjla)x6Z@^9F*7%O@B;k z6TKhoRb*?yV=LKmP3oZL`?VttQnPHfH&LvBOA#diy#DevImQcyoLJm4AoDNc0ZlBK zJ&+_CZU^` z_1i$!uauy8viZWjbIYP8g4LuTIu_W$ygSU$TgTXY=#12}SCRd?2RP38M0u*%9TW?R zY0=)j@00yDj6x;1ni=r!QVwh4Q5@DSB;$8xg1;32YX?zGVbtHu>ZM zvUyL4X(bAHk1co0O;E7LC3a&>T4TzExa9u@pg>>0(Bxcg0tiEy~Hi5-}q)u3XZ2k-Dr}unzx~_4Rl!3qzWwH#DS2b^-g72>cvNN~LlCn8`~`MFL)5m`v zmH7-KFYei9f?bnQ?vONal7`61s*;RY>F}mMV2D7b82grbbhkDv z#Uy~Uw+#izcKmDJpOBb=Fj@Ih*0ls)7W!0=3*ka^Zh z$qAx@6Oc?5Ml=A<(BEcK8gh&k&F{4pYUa}v@Qu<1vtmf`nz`)aKCV}Pj#?9?}*EgryPY?m~R6N?xwv)Sr0>Q+eK{-5ej1U(F@V(I16pMR$%0bl*yVdNzNA90?IJ~ zf)}&4Hzwp@NSQ92%iI`XV$EZ_5Q0;^4C>CP^Z?RSN)d6`mU!|+a}JivDzTAuy84bY z0bDe#OmD#gN=3|Widn+t@^-M_<$c4;c!s%k9?|NHkqiib*UV4409F%~j{4IdbpnvX z2{U|c`X{d*2ELD6i!u8#%_{dJnk2FwePtCF+7TAgk3GnB=i1uyT9UrjhDl7i3@4C4 zY7GwoWu$$A-1ZIDxdK*hd{x$5Yl!3mi*jUwGz-ogAd?zBmd?M>#ON@Ae+tWHah3i#*cp4=Q7!~mo;e=?+-2#StZCknYSF(2E+a8ta~Yae zJ1EH?Uc*xTRo@wqVYy}B>rp?T7P4c~as#-rSX-?xj)Fe>Y_kpGwO7tTysUtB8RMm@ zEvX!=eeno`c!&vMD|9#uBJ{-Q>CS_C3j$x_8y<)ry)sW%0XT}SGLh4KLt?Xa-896q zc)=`t2W>;GW1jB=AYHMT7prh5z|VeuWqV|Tg*av*8r`GG=LCW4yC1}VRLk%IrXn0> zh?r?9*@v-g&x?>6&#yV|ED110PTs-d_vnHp!2tyPAMCAOxjUVEeQQYg$`QO?)aW&Y zq6wiU7Hdut5z)l;Ze>A+esvST`bu^0>b9bp0{(?W;t>dsfGkSCi>8U|(L0ZTxq!5b zkbua0ru@)@<*b5eBA&ua)g6TX<<`pE+pPh_)>`qh0Nc`h#aLZp4vv3k$wT{}C6RFrFH&;|x-|-$2Vo&uK3Nnz9ya`*<$Am0D%-1`=TVSi{{D4UBY)3lIU}!^ zG)-9&N}@D?Lun7S`@C@b2crmhZd5}_F@R*K^kIDenkbqtn9>Cp=IQ55zw=aq2m8kk zpjdzY`Tc-6+@^kc5P1?m@EE}llAP!wPoGcF?85_ZPtMlUMC0g!CK70)0mpN_G@U@v zr{szwzp4HU9WG@SKfSecf(8|)$FX(20sHB!Fm4;6mPGPZktmunQOIP|+09QW#{P97 zVIOgThOH0o@#;DOw1qsfg5O#w068Kd5B9lRG?3X6kU=aWGpg5yEGZWIrK~y_4yZ(9 zXv5lBZvCj+FNomgt{IyXvy7!N5Mp{G0;{{XWQ>3L(;w!0I_2u4%BfZmE8ylg9&n)Q z@1E?B1IGA_ma9h$0N)RAg__0;S__zJ2S%B%_|Xab0;FUE?4wqzF+A@Xprsxg2QyDZ zbRQUZ{XITg+ohSC^}y?nU6~p0o+5{1Xj70L!nx4n6ls}eOi!!4NYi#<2CdChQ8|#P zsLq8anL<<*P@}AvqChV;`J-99)5?>2*|x1JX}hZ#SYnqyecz?aeD%j42Sjq}himOK zodd2AV74r+S0u2vEi%vVSMA>MxrkVqus@hA^7v1$ud1(A2koC;Up-rD=0(Ix3elL$ z`;nLVlk+lf^~rPdl#HazJCQO!*<2+DcQa-2pq0$>6#JXZn>Q75;y=B=znClJcMG@Uqpc3zgb`oJ;~xESNZHLnd<`i77kj#{aL5aV3& z2=dkE41G3J^5*L1!`17{yQ?>^h%JfxhSQYXiPFjAr*N`)`s}yPjEbUZc{If_k0iNH zxhkDM*0t_ve(5A8cBoGrbx&qXD4+A8S?{6&AZ$%>0j< zfLYAV3Ju#|h1gF9OZY=s%O5|y-M<1jdV@dzTC7%FktLN&7y42jn!4GuU%mRZNGZ6T zH3^0y26B-e|H(dHGw9vz5Ju8I6h|Aynyc$!*uPjBBcIX$T5bEvdyh@SmV=8sG&g37 z@1RgIQ6e|1gs1msge$8Kbnh9=QhIO4O3rA~t^s%HnZ3228svDo+hlmo>86)C*sJ9i zd>*X}*k0|SkGKqF$T+^feSLdfOKpJnp3=S9ws1g04r41tOPXC4YWarCNUYfaL*3G! z80RD5Ry2Gps+3w|%;T_bMUp#?o*FpmjHK+rl+E2Ue=x8x-S;&4xw<1bHg5c5a-yOvfE(k0uuZI(k?C6p*X*jpf&J((=EAq&l?va$%j7MW z3h_!<8qoeDz)!EoH$b+P{guXX{tETF4KUAPRTgDJ4SS+;qBa?iz|_BceFINQ^80Tw z&i3n<-@fSVrl&7r7 z&)mmpfAc)1{Xupv{O@f;bfPtT>uSyQ@AuJRV%iS%dpQch69FmTOl`$|2QV~|*Ey1h);_>>Cm>!*?#c{JVk^NyDP zVXXfCY3fG8&XaK|lt^~~u--JhSeTKCrJOGA$ z{l=I#7HTa`_mcMhee@+N-aR9Z?yLuq4+-wOsk~A@^U+z z>>~{Kryu5DS~Bawxv+jRFPM#{mU}sgsT2rspm!xbF^6efwDx-9DL{-3*H0jkBlB9l9eq35>eE5vDj+9HOM{y&P_Mk_YJ+a))7VOO(U(nQr&>IR z3>)ROi`f&Nb)%)t&msTDej*?{J=Pd0g%z0AI*91`W5E~sf&8xG#{Qbq)qCdd-jm>+I2x5|BFOOzHd*EZn}{dQ?y zwT7S8ziG^3SEii_O1EQ5E=kTJo^ghW+$i41j&+QzTuGM94Yy_L^K+Lrol%gDpTVU` zSb9cFO`fyA*)`47=FTs{-@QXqDzxD6v5cD#tjCx=>|@4r7!0>85@~mOo|f*os+VE= z#W>JdOyVMUNqE*Y;W1YmcPe8T=_!sq*J-j88lhR13mPq%^lFTDh=Hd&NF!!j08<3s z(d%TgA-PcYY_H{mcV1!eIxco9-@pN&@Qc7&@wxwpBqE7z>i`0e5s~NeBxa6L6$|Z{y$jm*M7{q@h`Ug-dmBs z7h<+iVL>YY3!kk(mep>WpBg!te~7NxKx8Ug7JmwfRQ|1AV1`)NEFYKvX$-yqxpR|4fT8z z6l0u_RRUaEC$21(Dx^8g^#YR7oH|iK4k>wRJU$f8sZfP!{h!msHPJs|*>^xFmeRD- z^H|+B!sA3dI5-OuJ=aEpv2ebl(LGCJqb5c3z9ni@ZFp0{Qp2>A<1`%i0;W71_s_^l2+%l z_%IZVBURu*r~>m@{OpJVS9CFit5xrqU=YKLmVsx-A^Fu(JWQ0B6p~GN=W%3ETkhEg z&RT<8^A~)fV$3T64i&hsSHch9z0qoV>f1}_OhxAr%a-Tnlg~y3E0J;~@&UB+mn0HN zVnX4>oV;e)(iQU*?Rr|mx=e_0(l2kg>-WrP_Xa{f8^((Jm|g!&bKyLSC>|mEXC>#S zkBzHR_}LTiifXu?qq!Ngn20sYa~?BEoNn-UT0D6QDUED`o!24R1P2-Xo8f3=Iqu4cB3Xu__42r{*A@!6`iZEt$?DLphIe{qABq#|zjRDL<+ zINsPp9+7>Qp#@d!feuJlWvgAIb+es!d2>zvgk|o}%##a+md+coqI>}Hb1g@^t=x?( zkYI^EL-m|53caH+yMU2!rFIQpq{}thb30VCa%=h9-T@Ws4!oMvbDP8)m}3P|P`Hqv zk+)*OQ#+f4Ij)&go^&;RTzNaML$171CRZt)CEbS{wKUcgPRSU&cOG-8|4VLf--3g* zNUfCz?nI+@9DErk(f;Ee^}!(Wn(H*yRb#S(1282a503-sxpdQaOCH_dcz#fk>wBqp ztFi#pf7@4Knd;pP*>c@^+V$2nPZvO_lp^A#Lt9}^SF3(wP`~?E8CJ}l*9F@lHZzm- z*8!f|mhD|l?CL>8m3I|tN^1wz{IwSPX*$5#8a9K>Ru?#mN^=zV=$>6;U9_JF+7+Vx z324*KHfbl6x@kvQI{?Ca#>ER0H4|Bp;FO@#qc|TRo7@J=wNAYv#qb z-+c4A^KU&}zUW>L+lZncQS?Iz)DDK24@cw$q2u?)#1DYkgyG*u)cbJM`!KBg5a3rB z=u!(!+)qq)J~|~!r=+aJ#@nqPuI+P?6EX9dn#w_Z zd2_AzMu4iPiJX##b=|t4z!oTNTdEXWWvaU)N1tTpbx5D&4vv|h+$%2MO|hcsM9&KF zPF4;cYMO6KEHV!Tq_@2Qh^;2SqFw@)!}*?|ydBz!%T{f+L}CjkW-9O6Y$t}d_Eq*_ zkhfStPPVwRLRPI`G=Cu#I)2+6F|@~eYqJ=%(9IU1k2Ia0V~ z%I{XaF-j5osQ+yd0!Wl+=Jkv%>6(io$G4RrN9HF`*&9(fmj>pCajlaLa(Z9>2?Dp^e4(UdN5S9EfF^WD2s-7&E1x_;AmB5><}{UCXHWxd45YS96Z(N;P45%X<_ zGu3m@)TY#W6+e2`nX>A;DV44-OhCE~KXjJawg+u_Nh+#}n!c!-OYijT%^61A%^+ej zHm}*G?=oSzTEQU6Nt6^)u^f$J2y~f}_d@Rkqojzz^T<*g!3coWT&$`AnP+GYxF2qE zvC^C0LXsaqjffoVPmC;WwA~h5EsNPS5-ZP)J2&U0YI8nI#O!=UbxpNVr*b|kl*r|I z%+@S9mwYjyd9>t;MXJczInDSa66snGHj&EdD*j5Vp9xLl2@0cXv9;@Bx~4qQHqr;C zl^ktQ)>TK2P&6@Vrr{jSzOOgc5;r0k|Kg$+S3K3i-hTq~Q`ipjP@sr`;~v34_W zezsvO)SswIx_^z?uJ!~3^PASUaEC*>-+uEA{P)F+7q$QX?!~vi`}SWhzIpM@i;I^p zFD}0QmlrQzzI^e!e<3f1H)r@&NJaC1d9nAm>W%wMuCJUKlGBGNnj(c{xj7I9t0Z$a z%|sZRrt#kT#q^tRr!Op&y6G7hT;*7sMj~fI>aYB@KEi(Uo5^JI8;=BB8(r+9Vkw3p zTb%aAZ*b1ME~FBx4`!;pVRN3sbotGSDH>BnVaAng=Q!UYmj!aNVChsFV6%cJG0UNF z`)S>@>4lz!djHNvddF8xD!R&Ek+evX-x%*6@mtZ@&fjQ-qQ8x?=A`){EY8-EDz*R^ z2L3%E4U+Y=$Bl^JVX1I4;Zpsj_QP8)RYk>k^+v75(?yZc-2X-EoJeR5==>jASFf!G z`i*R z|67wGraV%Be>H!(6G_$UD(eD1ba<;W5x>*JFOsgCdxp)W%X`Dzz<@&$Bpk_TuH14` zu6f%{Zf)+?s#&d{TgWJpQBE@kdtRp$0jBJo%;0>_*Sgm|C)NrJZR&|WAO4I=9$gmg zuF~q_@SS}erKA_sQiBUWOq9V950+mGA8pjtrM2V^N1coR+ycnq_4BXnC-;H&W>m@t zk%xy(+--qSEIpaAe0(&D-o_hjlMSoK&!KHp6~_TitpiYjjhMhHxTe&dpan@4lFVcK z+&$|ILnA{_SL1nmw|qibGasEVGn6Sa1V+~fq6-c>?i)P^oWb^U;|#7{;|v~WaLczk zXK?Q$Ge&ck1I6uac*xPMn+YpJ8VdM4Q<@>1)N>dNF0h|r&m^b5f=C&QrNIbTWkD^% z2y^X8i$rzmgQl_JF5}vaGjN55)5d)um_3T(>6Ap!1Q?{CKYzs#B$LO1Y#$i0-H%mh zR{*^;dnrm|2-Mj5 zlLyqge8;-6%hPF3GvrKW;En)N-0~eSk_tD7F|d8_-VpF#uG9jM6IpVW zd4s94T@KxCm$%N*)m__l*Y@DeRchCbVRkSAECxj2U1Ix{uviQ-1BjVONzNARBf7Zi z3{=NC%Mu!OG6x1*cqgb3g35(&WPNkor7FPFi>{s1Ss022btbh7n?^lgz+6BlnD%u+lge znMI&=%Q7ehSn&QeEH4h)SuLkVt^M-Wo*tDN0wZV3gU4#xZ|bHTN&*&2P$Frp#g53u z>N8>UZU503yytC~r5-%(T}NXC7t!P1p^w@)%%qWwUOQA&v$n>v+#q=R)ys?j`8z{1B8^m~ zArttxA!?b6VzI2Ya_4&I1NQ;PyKDg-#~`j+!fng-xX&2(8TD)2XN>!dai1~nGsb?hDUZn}JXI5s zPw=~5C)LbP9_3DJ3tQ~Gn5(xVB17f&UNik#iv z^Xw;<^Z5YMSCeSRAX2pnfkC|t=S^=YNtpcZ*`^yUzg4kqo#a_Mx~m_{&>3T1J~JIO z#=PtuwT7UIK^%&Z+g}N?27TiwFkLWO;H=!AvUDe+KnTmeD^G3uLb7kFPZO2XR03wE z1o_tpYi~qMgiULLk{A%8-6@y$Rw1O~Eno2lO=dM)=30fKWvy(oZKp5rFbZOhUs+h@RizRi}qp2xxuQ5 zfVy!ShYlh$seVd`5$xJ^-Fyl`gEj(W+kQ%jI0*z-(TS`=iG0sC$I>J%5vg4A3<)$0 zF_A?N`~*gVEds~Ib$UkL3#I>a^^r?mTpE)%g30$n!JYkCYT@(2O*8-kJ)Bb1N1!M? ziXLgwc(PI)T$1ZlFP^3?E^U-FMcBnO73qYnGPP+e!-zoS6$x|{XNp3Oarg!4m=M?z z7f@*+7@~?Tctln#UqA+!Xt`&8ra?sZU0{QK0^la3!uZwp`3_T|yMCYsyTBCxnrTmnH^!YaR+U|PQzT>_Ux%X>`|W~f9`mkUVD zxAgv*Nt1@V6P5sD)zLlM9Gz{A-lOaEs7%aM8Lv(g13&N){B|^asR*!(8ht(6YERg;<2SwXIymX)v*P#cyMp;Yb1`GXsXyWB z=Kp;8Z~t~t=l{I8c=`3n|M?WxGvfa&N7!dd{fQ0uWUQb1^YFJv_^I!0bA3WZQFE0v zpXT+aVEELZ>LvHoYLrKArO^v+y3mU>8#zBm&d-tav(=#4o%8b=C)lI#ezucC^w2_B z1)vROP*N?hb@(mc&e`hK^_VOYF{6ot_1cediMgvo<^9!&h*jQK84a)oQUEyc>+ zsP0{nEAbY~8ze!Tbk-{Hs;cLuR)M6>TA@wY1tc$U^s@ji<#P9sbpJN6tjo zXUK-VCuX5BTA@NU=J#`*9L&zJL8`?J`XKj#^x0-B_8U#(bCKK7Qiw_RD3P5XL3p#I zRPSva(>+m)oft40?1Japf2R5^6*gr%if3G-mO`2pDiW#WG15Jk3Z!{x^?TC;sHz*= zg^#=D*~-o~A$ckT!(7{lsT(Ww2?(m~6?#nDM_Aq1u0h1r_Imo*wt(Z~GCbY{yzdlA z{uzYH2grX6mESj1J{+hM5-$IQ0rLYUUQp2d6NJqV37iiPoev70|Fq%r1NtgBg#I%R zq8}iVz(D#>6G}g%9l_!Bzv_VcK(k{I5I8KXen4RTXBt{R5E{?}njP1LD zZtB|5MLY~_)mXJB1YOxHXc|0c5Z18H!E2Wgje~-->@_gVpdYN&SoLQH+S;k{{UEN! zrjKAQ?+RS<2KP<)(s$T!lV0#wwR!<@W?}8<1%=sb7>%S~g#gKqV6ng@Zh)E5ixX^p z0R6jNgf3M#%B}ajb9U4Y`OT)v^P|d&8})IV8(0bB)M%l+>0fMBg{hUOaGhNIhXOCY1$aC95i9v$6=PwqAZ zJ2%ikv$&3mL+-~9Z)J%O>w@9!Zbcm=b--?6Grz+4kOA=@#_$^+1=1D&adGi)-@bfN zkN0$7H&iWOk*Sv3)I4i`MVbFpxwo}|Gt)5 zZ1fIhjJ6r0ZN_Muouh4zx590dr+{W`N!MKD_P+0+OA4u2-XX=rRo=4 z^?}N1*N(1yg%?!BV{_>ke+u)J^^$F>C({oRKc+8sl)lUrGJn%>kB} z&w0eFZHz@!tgPxhq(7Hx`K(Yr_Pm5#HVRc%#Du3|+OWhEUYUs$Gnp$vR`i|`srS$v zw%tIjHYM+cVu&}e8%?cy7=_)oR!Qt*CL}W%(WK-vo^S;x2(z5gds1YJoW@L6S9QC& zr}3H__N$z&IeVz)Oimb;jHE(gMlzN{1)(~rAUuu4Dx(UT(AxTifO^~dc;#cB36Kd^ zvf7tEV(;G z3nsQ7P?o`9&RP5h@aDJf6W5DWxZ77BSyXgm&bDD9SQN{VA`w4?JoaB;hKGcQD@TtZ-N(h62ji8C@Ql-9;t%|=V1)htEvLAh%#Fw#V%Opn!-p15W@ zd&MK_xO|OEvJz62QnE22x){tUzhq>QGxV^_Vxp0sGuJk&NtCUSN&n(zm zx`POWbwlh<9P6i#uyIG$bkM~a%oeoIptOuxk>kP%Z`RS{|L$Hok*B3Fmwd6bvZOgK zmeoGk171;uM5Y*m;q|W94~pe0*Ba<5OM0Pe%2!#!Bd$zelNaO!I-9Fw2?K8;vePNK zgyYeG52V7CZwk^Mm7*-GqgA1>(abDd(XbQ?m)Nsqm>0`eXM{>AA`Vuf>$_@)qi7Bp z$Tck1uCXZ=%u{VrWzx+y@awVcjSwua0kJlnvV9)Gb$AWw8N31m?Hc58chERHyaom} zk%2LH4Xya_SOIru)o45NCxw0fHYoCLXK{o_;WY^3^0SG+YbfeZV9~y9eHpg4)P`1> zW%JBnE-fWA9JpsW(>jtuNTNYRJYvuvUIWw-UONnqAz^@cg$4uS6%rC?p9~BP#49*F z(0@Fvm9Rj44|}x7UYpELa9o?lwJE3-V?I!I^Mx{(i{lnG+i)qF}Zm0Vn6`j*Dr%w-ygsimaVSbM|VDklI(coK#?tN z9-+NFct-Cyr&7fVX>r2A`j84>-6d32oE?0{oL?1{kikS+Z=jcHPLGc1ZZ(MD5CjQT zZ7sw~f0d`osxVyzX5~Rn*mN-^als7X0fID7v9@v}6o8fgaP9#|8n<+=)yiVzKch1#<^nb(TSb$YN$}9Nky%YoZ-}RoxXD_XFd8VB8Ok z`+;#kP`f_A{lMs}8rP=4Yh0W5700+XjcZfyOXJ!!xZsc?`-L^x-eUK7V|M2a%tX8s z5G)gM2M!Ef7?GGHBBIKKwCY!kS549tdR5NIKSat96$F4>v0?^bn2GpAp0?mjMjY9Q zBYRpL*^)}^S6m9(VP)Qo(o^@7qsny0n~noKf7v;f#0uTzEWWAM+*rwoLXTq>lZ@pP z>})~i+)$_1#*u01A<$vf>I|fOEB%ZWRrTqxVqgXLXO3!VkYzppd%^Mz5o_kbh2D8#fFx*yoZlepEOPrx-_UIWdj&w+owyoPV@$j~j`mQWsroxZ$wvSN4H z^=&omnR3_fEt;V_z%9Xy%=V4f;0+qty$^?P)X3n?8X2@e=!5nO@c^NeAzRqqOyr0}^dAq$nk`ou|ffTc+|6V(< z22*LpXe!B(-CrNevizgNdbb}fBL^YM9F_lNhqO3%*0W&9$7ZZ_JH+I~+Wn_mZmCe! zA5+CA}8+o`NHx_9k``*17BfYq!2J`z=#OXy5d#o z69UK{1_Q`yo7K+@KUS^$2qOE^KxFVEYL$bd$;i)324g*EAgWc7D4vyvClWuEpvgWr zPSNV@(O;v{vOW-@JUDETpvR2kktT`3hFSX_y{r6iPO~@l{OO=UPqd;>bk}H=-LXR8 z&T!4FGjYM!EG?Ib6M1@ScgF`^z8+=y`GcpE{}{3WL4({9REn=$fDYgt9OO=W5?9)j zg7H3?`)qeW#4~oAJtZRI5nW|Z4~%%$?y;u^MvN}8t!u<9bX<>(r3-g=?e6Lt*k7ZI zYtUjlV1xue8t&Hm>|9!(Fga4V3u|;=eR}s*;0Orwo`kuq4&oLG0CS~^?+)nlM^qcC zi>?KaNmeN3C409tt1+Uz zMzq(6_NrbZ+G|96jcBjxHKM)t6~~D78qr?$YeakXR%%3hjcBiD;M^L~UZW%H*NgV* zN->#eot`eX8`7}rB{5T!C)yfV&>Z&X_Whw*CE>jlP3eN=Efcf4N${S(N@MVE$Vx_G zoF;Rgn;hRxnKXBKr$z|)bnN*7^kC#7#T3Y9IVzt-xmR)`dnJ0_MNy;3n z!JZBCyq#lyv&rSnHO@>=;)O)zEt%eULCqoCZ$wkAt&Y|gM_M@@tzRB>&AOl&H)Aws z`JK3D>GwS8OaWMF(|6VPF#Rw!j;c9NnDKKdp_`+1TuNx6mMm2~GO#gG5yjq3X;0eQ zP=A}bcWX596n+Ece2^+ZNrUPIZ!}eI@A_m^EpKu*=O2SBgpa$VvVXq2yMbcdl*$>& z3b}+7)caRZSes;q$oh$XGs6G+!`P z6{RT@>#GOWAuF6nOtv3h<+ry4U$Ju36QQ!qL?TUbnL0!^)`$)=W^YwqRF^(!vc8StKB!X_lf}QI*|o_wk&JCsW6B4)_^g7 zGjDHfv332FKMs%qzdEM`n?l(l8A>N)+|qGmhp7)T_U3U2CZ2`Vl=%(SgMyy zsk>Y8h$cV+LlKezcyD_jas3Ea<*Bzy8MG^xL@J&ngni6d&Q~l|G^svGq$nwPAeM`# zfJ`c~NUV_DCSg=I9LjgiHkxr9>um>rRXN;T-+E7@FfICSgYaBE;1LpEs3p<0H*`ca zikOt;7XdV!u(?90-I?E5E(w*gSmAWai&UF8Ja)P}N(!l14&Q-DrqfJ7j(z~~9z=oU%vQWzaG}3qWSrk3sNDT-AL|h_B7>1ER;T2?wXjZrZlvY&A2a$Iu z;%%-fTq`WR59LHwBIQctrDmyxS3n1ukKuW8rTXofGt3I=wSS({@(EP){npMGXXgY; zCd{^ZWUD63o(V~++GWE8to4OtdG}a3;2gCd8|Nro;~Z_f#yJ}NfQL5?F$XHvik^jF zV}T*&%&d-TwDw#O?6p#r3d(i%SoPAzWk6;AEHLQQvo$a6q{rB|NTiZWz}W(L+HKQB zPOfjrTp((n%r+R>i31q6IwUPtvli%NPxX5Mb|KKZP(k+V*)AyEBZBC{7J$IB+DAO4 z4R@&pIn?$&lO5pj33H8oaf{JFDTO=5p60wY+$R?15$pGd1$x6mPE;T3EcGcS;UoIA z$4UEqC++@z>}NV-10L#wpFJt?ETH?l!Df#NGaJp7(Omh$G~Z~hjOI$?HBQ>+J86H_ z=1MO>>xrRR0YhL29P5xktdL&r1z$Za>?%N-0Z^;Q1X+!T7GIDK9}g{>ztX9KLjX~S zheGvsRcFn+@I$&TTerJlL-~xWoaUSFZ!f_Ge}_q(Zr}A{huYsX+r}aX-YOh3_7=D%+!xQ$nh8`Zz>XQ*>$?^M=%55;w67^>uwCJ9h6iy{SzEX(uky>cUBL$&IC z59pEom(H1r&NKJcIW}%ZGkN|8_wR|W+8?(ENGrEd=R|JD0J<^SC)wlI?nw(uThcWbIkJy+)@4e(hQ=l@VoZP`4O`P!g2^Sf(PPG>dvk*g5O7e8X$6jt zSfq@sIc??Mgh3S*c@Czw`x36;G-t2KFXf2(<&6A-18I`8M9`S!zaW9(FKS6sAt#c@ zETZ`@Q}V-_9*2noewo0Vnf{p z#Dr%2c>YvfA6>r(iYULlNa52wMPlow^|Q}nrTHR^gzWe-Ulhm_X;cbJRlWhpA$EK$ zqI*5AP=iYH`rRAdMKDje$#Q78@UmR2dCcM|`HAKnwmHU#jF=?9J^AVK!(ZQDzPmbw zamPMpG>utI3R&hlFjCPUV(FUaB1M&cJqHunlp4|0aNp-lie$~=Gv8#5+|GrkS)nW_ z0EUR3;wjF~7#rx=pT~_u`aXnPE1{`N*a*LJ0~$-5lJ`QH z#092vVX8r!n#cUr`@0YS`{sx1_jlvaABX-Y9r`R?2MznT#`yGxl9REaS9IrmzWuQ! z?%i5ismoQm{)tu@+tbF15%T~9Ka{r6zMh+bUJ&02(p1Z-=e2qL*XuV|@9(a^zrOl# z5RVP;+75Bq?5JDD@FyvLS5TezoznU%S$J!{)R|(55;%YOox49T?x| zq9;Ld)nkPTu&qO;sjrSrzKhD#HwzqcESnV$>H80KKIZn+e_@*stdr8RsafDcHF+Np z;OX|f{l{R#s2hTb8xFzBGLTFloPyzt^YZQ}v0>y3PshYEjC&!Rc_EB|acToKE`@)7uf+>zdR&r+ zoGZmrSY07~nV6sHaak@->x)hj?eZEp(dM=qJ2VbzZ(4?-+v|NqbG1*ux!Qz9@L??+5LVzYAzpnU1 zU%62OhSypo#fr(ZGRj2XW$9X*VDeE`xtOoH49&3B%PC%7;q2nu?+jo_YFKu;$@C%$ zr8fwe!qn~24DYy?O0S~hE<#ci13SE8dHRa{e<%OvfBbWD`X47J|M_C_KmY50ocy0D z{NrCw|Ks$Z_K*K@dU|s5pMQDxr@Nc0|Kg|r{Li#l-Q!>XJo!&{^ zO_aBlR~=J@NoA`IwNdmQyrB_`SsF1&5?Zjbtr#MFm9CvzvA|;lRG7_WJeC_>ce`=w zdERu;*v`0jSx-wG$e#Xl=dJ5q47b*l(nC^ROAh2m9C7NOEV$(H@acgHJL}ElR0m>s zk^VepsnYujK>Nsw2C0UUqB!kzc1FajH}Z_UXKR+9k?Z+;p>EKqsGecsgM`n?D@c2< zh@uNH&a5By4475C0&qe;aM@@L?cK>=K}lLU;NLroG~sg=ZKC#Ynd%Y}A#PHY5JWd_ z3>4cW3^NQswo`OM+&R;O@^Dc~&t@%7aN~>AEx^cf1Q1x4>)B1%DY^Q{A}_PHe#4NPDgndyu*q3E5qqs| zdyVhG;DPSOKNFt9j4~)bOCMSp5jg&g4MAd_Lo(`(LqpiIAkVW9ikuvuAD?b*e~+b? z(A8j}%SuVU%90J#<2XJeTv@n;M`~)Ig=a(xqH^lc>TnlA67s_6m6PLt9-k4WqEqr9 z(qjeHpOQNadT<48L_t!9Ky~&}Z%4UGHZX08C=^0@sj`s9tB+in(@Z@!UVt=l>go-6 z!q@D4$!MaMcqo&Kbn*|D3jjN&=9dr$Utl_PGTg7#XL8h^3~={oCGe+#?CyWQySw=l zQ?+TMOR^_fu$^G}T;!`m&YyN>w659;sSx>(i%+U|2uf6sM~p|Bti4l^WI@}g+qOAv z+qOAvW7@WDbK16T+h(lkMzt824*cY`j-<28brgBA9=JRGg+B-7i-xwh^ zOHqJ?=)pqilCgODGszkFtz`igY)~bFLJI`BuPYy;wgJi_6q*KB)hZA?Spr$6*xCrv zIWK`UnB#0v#E0tJAUdZ#JSBz--(r_+JSZAAs<0o5d1;ILjh&HhszII_%2!s-hP|0x zGxNswV$2AIkEN?gd2wsWLn7~iHh`>8C z;H2Svs8r_5ao9#ZVJqe=FdN9#md#|gdKD`v(PNLEcxj7{02eI8{*gh1tGH$ z?YmOo5Ctoj+26)gNNUEqr*sRoP1D-Z5zN1{QMe&GDxeXzrGNi#H$scwZ`zm@1thnJ zbNYem*k#s86JVSC&$zJC!|f&nV+Rm5Ee1FP;LT{FVlqmY!`MrAE+C_a!R72t5dT@{ zGnpvjh2)Tn&j*K%$tN~5>j1X~Z|0!^7JIv=9nO>yYg=pKCu^*2S*q>yE6AE43qpc> zil;$^$z`DicU0Lp_D@NS3jpDm%{hS4>p;G}t*`2;8?zXC=!yB82IR|$fk>5J4=!Jv zOaO6MnAcomv`bVM5UPBak0N2XYaLHX5mPR<6V z=%3^LPcOCZ9+_0FYm((1m%{21M(u6*7io86Z6ib7{xAave4;!|9s@wP=|(qDwbkB7YM{ zX1F*Q=vt}B=nX}#(R|ia>(QioScD}#q^sEJ{m&*qx$&O?!w`ql;weHK1mE!;K@Z2u}%xwyb~0;E%GYR$EgT zsv~X63&|BhP5vEPP)E4je{_Lf4CFUEIoZVxcXVlviEI*}QiA-`#FicH0?MI<;i%DuMWsHF4l}^(I$2;GSwz ztK#kG!;rQZS6~sl=OHp%dq#TM;v3$Rrw7he_C$fr&0YV_gajdoL$-@7C^hGVr((1< zC@qYMwa&u=H+@X5p|{38PTxY)_dbX87PfPBW30{M?2g_Jj~$DDgn{EG(!$qr_vZ;m zb>s{j=i&156io&28-q4k3x?j4DLCMst$Wdf%&xvn2<)X|MzF)?6K>(4H>zsFz0>~w z+S~PLh^H0w(lBhb5B?~>6hJ_w^aY{eC{N60+yw2 zV}GoH2lq+_V!l%{taA292aHc;q~FR@V;V({IM1rS-;*&QZ9!RQB*mU%WeiPfd#Hzs z+2}j^(DM_Xf$dKO`UDHwDQUeEOwuZyXjQzqiI~50g$-p8Xu%9-S5i!s~r0;kymza*f_LXdh(({v|@dJv#8&E z!|o7Q$F6F{?wfiLhZrE@G*2uAj;)R@h0F!m8MY!1u|hm5^;njp zkfU_$07vK_Y7k3bG?lf#iB`M%O3G9$C*4yis^5Tex)O%xM%*;Ym6R+7s4$%Rje=$a8fD;^41UGs<4`2GM`OGt#aX1SNT=@YvfR|xDMu( zzDt+&@`P4EPB~>c^cAir8+GTiVSplG(rxAByGQueWNvAwSHzBy$Th-C@p2+x!gs~_ zKgPi8M*z-k1)2-1%M#?c$prZ!iWtf=>R;dJK7SP^LjvSbkuUX1+0D7BC2G(Marn_+ z*9TbB56jc5vM`$c9tP-H02V|#$%$ZAIjsge&|f79&_dBvj@XN&5tBbJ4bqCQZfd?+ z6IfElsVR}lsX~j}usKXyUSJ0JI=xecoo1w7+x^I?<+{neOKnH}K@O9p)bLG~&|hj) z=M0+>{=_SHo{S#UwL2-Pd+t6PZq)Zu1u@2+!a)Zx(=lf_R7kamIo?uq2e%>03bfHT z39`wn@$yURZ+BmqE^T507K25UU90nY*gZHuyA>ak;%Z$5nCYot?OC$?^b}pJ-9YU? zH=<=M3b4A$mwS~Aa7_=ORpV|QZId>bl3l~<_WV|v(f{fKzaBmlW%uh)?27AXmpteI zVlc(gg)naDNBvT#5BM;YRQhE~EFtK-D&ujC-;|}aMi9wNf^y11H>|V|lCm0{B+#fG z!4GRsmPV4)nju7m8C?PbWDH{gJ}X4Dqfw4!$KmMvYE6yl*C3%_U4lizPx#10Od{<# ziAyhC1OK|j^m$&+G)hO0y=&9YnmKj^4DCiF;*Mh9Wa6P6P0gj?UA$U^jeLC$cP;@- z7x0)zpxjn(RG%wmvq_}BD1xGY(6DL~wj{(i@3BwSQD@%yV6=v|vGdQk$RZ7H$))NC9oC?jEI1$6l)T_IZngv|3{b zepGA-o6eUaqfp5AD6FRD^)#XDk0c{{t)h$dv}%o-Sggb2QXHpJnpr-~@~)LwWLW_N z7E}s*|le{YrqV;Ik-Ya4=cW45- z+5{_^TFV__yGlGX?>zYyfMy8vaM}FD(STNYK)Ytr!f)dHF%_<5@0wU#$f!#wL}*Mb z%(+L{K(_2ZKn%YJDE-6fJ0>-wm%}1%wX;k*gD`3n?`$ANtzo$gvgj#ELcv)9ST1>6 z5%#sik2#R$PBr;Q#=T^@1zT$pInsmgj!!nR;Oh})piHWKfnzm=7{RqW`}8J}Z3F)A zf#J@5%y)WSaaCZ|asOl@fx~(d6w5%sMj-U?D6iJg!A`hixN$-Ps!SU2;=k+Nq_HpF znw>j|Qu>OQF{GjCk)b(NikC$5ACSrFALZ=sT}51WGN)f8UwHBQcM1!4tHdVDw(WjSJP<$A+XI@ zdQo>kz2VFHR5mrQW8peTNKI)bi?LA@x!6YPr{P;AHS*K@pyyFZhq59$svnUr7$S5~6m! zXG?Z)iBs>h0&C$$C&*Yf_3aNOfTIV#E+pg3o|QyF6T_0v5)<6bC>fbIq^)v5%m2a@ zRd_6mHe{6mp-NGX(Lv6jEN2^^oVp=)7H0(=rRDA$4DL6doE3#p=)7U)pv4M`-m@kU zs#4HRGqGQ1WIm9>NifEZ;dUn(fXVAcHiv)+1k*2ChgU5kWP&Z616OkS*CEyJS{jd! ze74svX)d5d=mL}dy1k{Y=%!dDc0^K5Box`k~85G-K{_5y2#SnBtue1SXI0vvJorY;Reb-+Bf(|>35d4tcIR2keU72 zMt(@a!B{92KT8=WI+ldYPvTT}OXFPW^S!V4C0Zg)v(@ixT$HbwW;`;qISCXv>9E&`Elj{E%(BflAia?huD- z<$5SxNoi>`L6If|qqt3{+=u!^jf7I_pu1ldHFOIpI1^PLV(`8`K#87X+}ndEus z^E{2I$LIDlH-5Tm5+q4*?tQ(^+t8|`^YCHywk4>@;6ar{ehB0%x@U{cTOR0dux8#x zlT!#@L*mdHpYq?o_M-zsr%d~i34v7b%?MMF8s&*mcUdZ2!@2ys^yzgp+;$%3m3{`0 znho))M1RUR=sT0jt-v;*3hS{K13T1iXk7^SRg7w{ncrnsO2#DEzAgPIc;HG4jfGCC9kys1|JX<=g@!RKycbv^ z>ug`)NIG)4Z8MvpASqTI(5G}-HEL7_vADa5@8S8}o8t-X&^df)bT{AYq%-(1FwYf+ zVU3>wbpP-`voL4MCQ@A2S2+30x0(~yV+ZGzIY%x2_C%Nze0W-8&*Z*ciT#Xtfvh(voLNbU+ zHmoL?O@FO|NQg2>B~Ew=(GP~t#-;tdFt;=pc-&Bxi}?5U67m;-=XK%Jp!|8BEBkF$ z*@Fq|CRSK-IC*V{mU-Hu{oY+Yw=Bc`^e_`NJ-AY$3~CqiUBScTR!y%LM&fDZ-%VL@ zD@q328EwQ_rnH=d6(LXv;b)bFQP?HZa{|&ODcV!9=KZl>`p(>VpzWhgyYM+-m)PoZ*|1<2>4GDajjsSrO)&nhpF+8^mz$mK6tf2l_jO=S$A!~s$JzsF?2 ztx^d^SFp765RLm*#TZTY*uxl{IFvSf^F^v$PrNn-i^aM2Bb;ULiH+h!D@j5MFu)p3 zEtqExlT6JSiIqfmiLxmz?Z&YGaBVngi`ACtf8E7U4J+GgF#P_&pN=vSb&N*$rZ3tR zrzT#Chjn(?ks0HfB{M@f!@?5u&#r?b27r-37PS8QZHq;tkIOo_uetj#mQ^{+LMd|b zRaU8l2%2;X7Y6f9|5LNts^&NObvF^wAG^-khm?rv*@a8s#SL6b-)OtC43-76=t2yG z=+kv-(6E~7rht|X2iXJPTszr=R%=~l4nWLbtmkny&70SK<=PS-M9CE=gS3u98{%mJ zQ-+Y|s0i$WlCx@H>MmK^wuTTwd>mRxodsrFRflDudO~ua3VNB{R_AS&&3L8!MHh>4 zl=PEge^iC3TO{~LjJZFBylz8)}k>sW@)4HY@5C7A{@Oh92PqHY8({JQFMmPW~2^|0w&bmPOFBPMydvx~f1bs#>hxmt|+} zG%sDYbE}2>S*LPY2btS6)anpxZ`$J`Lr@ z5irt(OWIMHfo_D`4|;_^bs#aXQQje^p}Jb#WW}>ZNr{j6YWZ(%~-JMwVXmZz9o{SxB(iV+d))oPmR{yH)Et8xK zLBCAQ7tps;+SmcBOUs5*qh@+Ox|%!`-3#R5J97IGFFKFG1)EqG#YPrN$*FWA=3Uu_&y*%Uujm^~x85D&dF6>B(jBJ z8x_3mwBMMpUO@+c-p34~=EC|EDeTM25b?l0M<^|k@c9q0PL%ku9BlQ}O-hy|4!dm$ z35{7Xq~oZdm$rd{>WGU_65uk{FU{Kw*Am9&RXSK5s(`QNWbbex%{3H_w|}Oz zrp*WU`JVhobqsDFzqo{#x{Ol3jo28R>H;`xs+9QKqW&_sKce{h=_MxqRlbf85)==C zb?$#Y4fb}g_;g?L_vQ~O*r-{dHrHjMYvi#ThqJpc#l{q~$jU3XPAAq>V0wNEch~l$ zg7dl2$~Xn9aSO*LDyO}i{C*il{tvr0TC^7iY&OmXlQ^$6Wz?v4ov0LJ`A3@(u`&NS z+5}qzU4c;XCYnZ#q|wK=Na8z4!sd=iyMd~0H^KztFNr}f5MA)Ij|doL5Ev{}ychCUJJDT41E~uLP4{J9s`bs<(8k_xayaou55AUtsa*K6> zIy5pNG4`a?%+3y=mz%3|Ib^g+6xu<*jZb9;yv3x6C^DFQ`k{io9B^4w2UYX{GsXkx?{acupPcAGB~c-xKM z{1&mL%di^QuyO$;D3v^Evw;lzT+Tbp#zD=;iGH&Iqf7PxiY|A(J|L?($c6ypG}mq~ z{*|!DcB4O$^4P{OHZP+QWBJK%mpf43Qp1S=_#c>6tVI)O$;|>q>@eL%jzr*tv^=oY zvft>Hx)z3m7ts^5&yn3FHz`z>Mhn)`H(27I2fUx12MmIq`4(wznp`&5&hT1fnEl5X7$=yMbH5n6Rss`rrJ#J+A1kW*Fo7dFW(3Qs1XB z=RH3UeNMdofWGw#hsmqv!da1YLkLRt69!_k+P&lemEKutrC<|14Fac#CyQzV1 zVC!r9c-r6$S*U8*ff_ z%hi4g(_p;KB%%QCjiUZz;`KcuGa!=;RPlu%zanw}^mnClo1?0)+=y^;PzjKH@3=$t zRm8-oRoL~fbaE>(z6w(5y8$Ls{%~roVk;;24TS})xbzFv^)3Hhbk?tZM2m+ngloY2DU0!n}B#M&655anA)l{V2xYlk$RWoUu{{^E|ngG zCb|mLtQX|~ftfny&zX#}P2IwJB(~y~yvW;B*2`znpkO~Cx^!&yqSze!mXCL zoM!yE$yL_Yk27>pW4X)Jw2`Vk`4R-GO`<2yCs+p4Bn6pPN+4hz+fh7*=*CiXyMd=f z{LuSJEkjy``ix)3JMIR{Bc$HSzv7rXhBUciSqNR_3k+`bSnLb*0nL8^=hD2I6u$kN z8~J{97$gHG@Yf4O5Un>WNm;Nq(y%j8i0LCQlq!Uxf{zPgbp2l-h9Y(af)cOD5$PSU z`Gz@KBdR?QfKsJ^nRMz$%(BZp(u!LQv7eAw1`|5wOF7>)3r9$j9X|)NEK0djs^PjW z8=nH3J+0(;_`21pCE-C#%-x6(e4|3#KPp;vlMuLb_R!6G3B>`)7emZ;{f&yls_Lzi zvZMtw;Ucf$tmbxjRi~bm3a%or5cv6>nx$r1VMHhSFeRqLwTa=locB`cz<-Z(zF5UZ zk~>FNio&KgfEhjU& zEond;zKNNnKrZGfnOSFY9uW_Nh{zkgSSssdQ7lPUFHTo0>PID&yol>w`juLVX*B(e zdPV5NL46HQHygCT=~2y@5@nFL*f8^0>1;$!y*xh0!ABmI|m}%%CeD()QgEZpJL##jl{p@Rg3pK;8#=xns zjwJ`i;7p;*rd3*s0SUmZ{VWPJJv|Jj*^)LTyTH+c@z2@|*H}7`A^=jxEDzcgtFQrm z!*GYgyx|50`-^dOLE8b~@Qs0QJM2o3k*u@Ex2!bR`i@@n!DIT4I5M`Cx&4RiX`AeF zu8i&QCjT1+jnjR>k+;5`v|2b?`3!Az(pN99!l$}HKcVDs zE@*WB%RaXiR#SR4fI$z-a1^hbXj%>@d8Y+;?1V~Yubeb%{c(9j;nC3rB_CBbH8^*< zKOvoMv3|+TPhu_FVMLyWOtswUcQYqd7U5Ayx@DjC{jQ;IbspBeC=k)$IZ7{P6colp zbH=26AD>_9klJBezSw3S(@|TxGPd``H(F>!|N0h&lgV!H4l_7K#YyJAI+wSQIWv>= zGj_+9i5n?D+X- zs(Qwi#$6os-0mgoJ5aV}oo#)BT|j0RdoJW(-Rfg9&bNiBO1Nca}$-k_!CWEMo5Mkg$nw zQ>R`piEIld?d3x}O$cK;RH?B7>`#-^%!NGVt3fJ5nxQe^IxBq?++M=OXTPLyg+LrJ)PZ6nx zLQwBuQ{B%j)+^j4U{_*OKwD&(f&4<`|0?v;9QZ$iel_+^Wd=u-jfvV^Phvc}#9jS4 zGiS+j?{o<^wl1};F^cDFOcmRXmI-3n3zzxDvcvuvMJNvn&LOn!f9af_X=fV^N7yH- zDf#Ui?I|R|^calK5D4DSSl5rWz)w3;ULh^ya6~KfVWACC^EomJ8c7b0iH`2gR!$ zn+ciO9bF8Z6&$mT6p}&gp}WU}lBr`p^867l`f*(@MiqRt=F+08BNgKvt5-^KLkLM2 z(0dQCG8J5^HU=IGYG&{pY{*2 zInx$ZCZ;?X8cmjZoh)Hr732?kRJku`B;25T zctCjzvqAe59d3x!ZD!%>`F4H9p2v=sVxHJ-v}orPq1v0zpYpwIEWxYT6iW= zYwl*LPyrEW7{r{dJHcT)AAwon0npJ$XhNAhRH&+idthrZW#73bV;7Q&n+^Db>`sQ< zdaG_C4)3-eUwdm6yfvNKZm(x?WWsg!byYeY|HbdHZE>4!J$iNDi+53r;mPVe3OS}X zK(~v=2R{xK=>3?ERHIfUg7@OSmn>1;Se=?DfI1ZinMU5-#aX&tSX>i@)$DaOz)SC^ zL|_w`iJ})$E;fKd%Z-HaoqNiz5iJ2tK!a{`U{M)>wSRJB`Fm+ca++_qB_=5V2H`!E34IhYI z(+*P|t0s`DO~cCeAKik3#jb5jzJSlSaUy5ckQNoKw2SUvr+8tDgR%h~F^@VW?(Q%U zDVSdsi!uh_oT|*EQvwrIlW9UGaB&NZguL*ud`hSo0Lg)1dLo~e?)6^@QfdZcW#rd0 z^5d|M`a3RAlT3xU6r+ zTsu}Jo|n_lv8$Q4$i}aQ{L03GSy&lLB3n7tvuSz+uWp@AY+i$6ul|4xU#ag$ELO6J zTri|~46%_)tzY&B@ zHM{97kHAsdBnDL{yD3e|xe-MB>*>hmDU9=s81?m|k?4Z_>f-gnkgeO`u=ePFgsJ8w z#4KrU*B<>4Y0YGaeOcL*b+)$bF(P8&8(a9F$$T?w*msvH2E%%&c6xfJoKx9B{M9ld!P+ztbqfa`45r(kf z@0Fuk;iG{eFQ(brRo?J=jYo-CgYqX5_aH9;BGSi*+$GVs0g);8&M;u^-?9ztTgx~LCK22vU!8dB~= z!@m4lW3&pOfck!Q$Ve|&@c#CgLV&mdp;fxI#G&8CRsuw)FI~1RP;o%O$gpclji++{ zA)Y+e?^o-QuJ1nGld=LX7JUH`6v29OxX4`OGgxx)U!zd)2b*zOGnixe!3i>vT(=ym zWsiusbm;A+)D%giKQo`^RG5Smm;!CM!c)hpXw}r}zOYPFwlCF9FmFV&?<6ej3mHJ$ zVX=u#gpty`2WRzZ)V|J z?*)L@9};-*->T7b)9+VtQD4lPT$U8^x@Zfo%r%@;mDTr*Zbtvspx13pFg6yFK4k9N z^Uz}i3Xn06Vb4xafsyfLtAUy20VnD|Ie***-3LefNRx;oB!W1$fJFXtnO zrVc8jz_CE+rm?V(#>HP5wB%2+1E?e5$SQo6g}~v5$x$skFp+%CYdd4*5mf9x~PL@rT7|7T>|z| zZC0d6=i-1oyQnX!Yow_G)PF^bSQo6>{MUAOR)VF>fcgYPn;%ogirXwztL7>b!K1BP zT{PHaa(AeKR0l-o5_OER->{DT9#1*8Ryw&-szP#n z`M$NdDK0OFejx!-S3&`INwaE5(T%B@Kn?WkIQ&$Z5-BSTDKfK3@XQ#l^#{zB7>wWx1H#A8=Ej9L2dAWl&cblt0~tUjNEQbk zLiO2iP-(#?4T_SRH0_4CXQ%=@jnfG>wXuS!8_U;qM>vJNMQgmmxv^6FS4W*H(`X5f zD8FK7TMsup=-ExBdT0;XMr*0W4V+hTz$1@CNs`KAz44+{z8ICQx@GP}`w~>-yt|$K zLa+e`*xs?I+9Ir%|6|Wd3LBWg)8`nU!#B5Sl%1aUx0x|ZCDYd{c-z?n6bJ4Y9F4zI zhKbtmD6BCQ&(zcF=+hDG?AWi&%x{0ET%75KHK=|}qD2FO;Derxr6=pPqW~X@MrN~8 zI7bGz47KWz=Uh|zxo_6Qak}4IvGHWSY-l!^(5DCSiyy#Tbdf-03J*Q(w7IJpSM*$b zu3eXe7QcL!#!&11{R-{e;CE2_hz&3(c`mgL!Y)W1TxS;di8t#R9XzAj3X1flM5;mW zfz{4P3wbG2t}kaLMhh9s^My9EtB*nXFnW#z`P2gIj;ttS9&W9 zacT9ubIKRB1&jX?E)!OF!O5<_CK6>;eWR?Ti724(VC_^7HPDqyT6!hvqIZ2~9AWU3 zQghbBO8a@DN-Z-XX>V_mwT$3~C!-GbIZ2-P>Jtn=c@(jSU<#JFwLq3HmGWeY_*`t? z-lgGjt3|czE&;>1yQ%!=qW66YE%KrEWNKyk&=n(u##F3hTzscYO<4FSe8Mc2jpq>M{|%i+G<3cV@=&?~g)Fu8HOvR<{vj1tGwj`DRO z0tJK$vC?ajpV(y_>@A1-3)%4y1jJEwnqt|1y-{|U&aY1-HrS2g)c4 z%#Q~an?RVZ$)Z{us(6eh?NhyXqA7LfE2pqUHN|A<+8M-tj;Y~ti-BT+S&I(ou7(m2 zEz5KYt0~H_gWlKFw@ihgZA#i#>P#$tqgT!AN0n`3K6i^{u8!=oMQ+|?S%};hV5(NA z;meqlrkgoNLPn?kPG-cVar5_kZtJ!*#+r*L2sxRBINWQw#axtHNZAYImpR~zZy-*T z=FDk#%@#C=7wI$g@aZFTA9 z9Et;QD!(BLcG^g{2GqA!Ss}|^wfY*cTghAPYP$RCC7x+W@aHVKfZRasF!`bGtw9xb zCV)%ZMs#5!t3M=N-tc?*IM>`Ee6+8FiClH*0h3&Qia)?v%IlrDMD+sy_WXEqUU)RE zylu>BvYq_v;J=57#^b&>FNYBg)w~a#{iM=nF7jPxi1k?BdJ&;KUMJhyKo7B?)v`pa znwjHM>9*U)dx_aUhg70=#P04$O(!1!5P>7DT*B!wne>SUYwBv)1s5FgW)_tYy91sW zc%zSF01StBC69bvUj$eMCA_OJf2v`>9FHdst+?eB@U$u*2H@B`cf6Ko&1idqOCZ#Y zx7SJaWJ*I-F4w>^oQ9wo*$=Wm?MV`<{^WsnIOzl=qx%8>l8m1VF6JLfS)bcbPN5(* zvqY$=F4`N>@ZlB(eT2E)#%P!`wZYcfk59Xq*&8i;%L~hrUj7DMNM1Qhf zbF^z3>GnD?WFRa!`@kk;!nN?a+0gwiEC`yeI0CwMx4rgrdQxBP zz98$4oV6v#;twtlP4PN1e->V zHjl3un}p*5=EeOw=JQ5VwXKrI54DmMn+Z2}hgA}CsiC+Low zZ*hg=3|?QR7QW?RWxPsB*E%~Ie*%^zP4C7$gqZI|1B6VIu(&}&^kI8YK^#>|mJ1tv zO6NX8{HI0%sj}TvroEBFO#HS;@zg@uop+6!%1NEAB32~HIIZ^bvOb}yr6?93;meD| zXdRz$ceL|S;+NbYYAhTHkc!D<&KJi!9GY>TVOLqU@T6zxKTYwInlDPyzPcziCTqPW z74oCYB=Xi$TC2e88hBKiYm?B>t}|B>BO4oa8N|90SCyFFZpWbkO^G!0^0EP29$$8P z2RQ<{B1tKeonE0!yQyceQ?NR`K%G|@OH`@9Si~G9pLR2kKj%(Rlp?OMGBn6~b>g?2 zNM))+Q?a#F-%WAi=YurPisab>9HH(#Xre`6-^T~2AVcOE!v+#ILB}xHg~4^dLB{F= z#(gX3b($ho6Pf9BZoQ+rZGRcCu@1|WV-MiDiYTQec%tnt@51A=OW zdTngiVRJ2B$!>heZIts1M4A$ZdicynMQfYyg(jc6N z&!x=Lv?7>_$8MFaM!#+UM=C|t4yO|rvUX58^$De|t57c98<#S(6x04-hdq$aG4&lo zeXFdf?x_xEVq4v~X+EQffWKiguKEnx8eR(mZj*m1S)Ap*R>`zHMfw79+F-reyYFEq zcskuLzQ%@kVy@dYqjcg%k*f}oiC=Vb=6>=TUXi4xO-({wf%u4;b_o>1qsQnlPs5XV zKQ{pLZc@40Rfy3wLJ)K!LVjhUK~`a}!TPtKLP0#fUhBzMYaks*?VHw9#5xPw>sp35 z&lmQP?;?nf*ay9SVU?kfv06|z{WGFxL>%XFpG{PIyYyH}lRJ^{GYv4ArS_<~p6 zS;n}PD;OZpg~lk$jT|jh)Pk0+fyruay@ol<3xeF?kPcz5)a6krIXfPp#;~lJ>aTI| z_z6`_Xw@x3S34b#MO5MKwM?K$QhGyKer>3p?5>ZUL`)5W$Spen=8{yU@OapfSF^+S z(!tD@X|sr@Mo+Kjz4-=C;VHUw+G?72CleJRxj;0^;4GRvu3r$?bT+4SFR=Q+<;89`fnsha+ zWx{YugSd~kYIc$L78gTc7owW)(@cWtW?P+sq&-Xvum*0E5)TKn?iuxSx3l=qmtmFJ z%dlYXblnnaR};Z9CxI@(JyuUYA>Yv7w8j`?1vUI^nJ#bU>?ng0I==TgOZZK>E7p>d zd8R8l3-}Dg=#IHT-J!;3wC?{Rxn%h>FPo{2Q@cVLgs{d=IN#c!yfUHDD`Zp8QQct~ zZS`O|k4vNG-E=4ENf}opfnLilmheC|71EmN8_7<+q_=|M(;`iP)$*X;P@L`Lkw9i7xAC!cPmOGs* zbi4NU^Nf|cV#r}gfu~)+rnANpUh9Pb*Xj>@%G~nRM>+<6#$mIqAQ8ECh{JGLh=zj` z7TP9Io}MMV6`LcwwY%~nv9cG6k_$R5-PRm1x>CUf+#I21+>dO%^hJV?Y7lyE1f}Z z2w&&H?Vu*dlR+T-HX5+v3p1f^+*Hl+T(9rb)5QdmlH0^^`RPsA)EuyIxG@wLd-|w% zpd=4D)D-R_98ZV@p1eBCh74b)=Q}G_|28_Go zhdr2q=FXFg_MbLLwRmhxFMqSNRVeXG4(mzpZpm1>7C2O20%U#zRN;DiC*1oS=iT(>0H?XkOc7K8=dv)7 zMr@8mg7i7k>LrG77c3h=9WJ4@Fmk8bGX^h1eyTB0 zykGQ&ro4jvVND6UsOQyc@ZndGGnF|2wII#M4~*kx$!BVef+tjoqYpI49zX*a&a&XV z9&3mGcbWSgI2IRcD@EWS^;Rno%O(xfuQSu4mFZZhVmVf(<>LZI7Br<;otfPGHOpHx zjZ(TnBy7OFF)YI;fC|`=RAOXHq^3}|e8%MLJGlUMVs&6bOs0lfG2TH>T%#xCi5%4~ zF;Q#DigvN1XaRZ*+zxdz7J4Mc4Q)`#Pw9UOlzoXn@%lb}M_90Q;zKRci`CSr_efVn zKglU|nh0U17r+RQfh?q41cFWGXZ)-7M=vjEoFj}!6R&mtHD$;q+6lUPQ}A3lKc-Xr z+I1}ETjMODdxJvlG(dR?Rhs5W5amyr5)-p}11)2^yJU$D#VCQ^Rq(G2^rjzQQwI0x zI+D7d#l#e!5eV<~BBRiyCHt+_7_qI{P3`-}YwJ1OF5iYFCY#*8sfn~jtx<<3zed_o zfECha55y#V5@CI06V0$%CNsG;v(XyGwnx(uXQV(e&xLSzJUh~Oj;we#-Hy7`h)}WwoZ>F!*?=L;bZ?*tGZ>N{mLA_6c@AI3R-Ccoi zhueecqcy+#LA`I~q*uDH$Mb%_hQ{x!)$zT(ov$_nLBxXzB&OqmsAB8`I9;LFx)IYy ztr;Bc-ye<>XKiD@;!-h-BVPNHY0qr%%Xc^(ssCj~>pUOKesZpE$7Hw^Vbou=yXe=< zjBBgwnpV}N1_js}G5A>uU(U@Uu81D1+1M*~Bu8KrG%Wlhb&P_yz{g&IAondnVCvWfW6d7vG9$M9`yJ3AJPWPFNjrYr9$=ld%UEAM)#VFHOkS!P%(wDH8vko;c) zCk3oBi6OMfks*#f7xDB9et!3uh5+HPZMNV(l^hb z+v)#;oN31^tsX>uFcN>i7>LsQ{)#8?`xT!_AbxlkhRpTef5u-sHuL>{)QTzav8jON zwQ*x&v07}%vTg67*NN7@P~<;)aHL`lXf}}QRA8i@pZWs-d$xd|hwN$WhM*hTHSqLx z2A@(m5=TV4b3Sc2OVow=Kz2rEuWFo3UQ(o4%~83DRr#&y!A!g`ADpHKg{t6IzpogX zw8lq3Tw-}YgspM`Y-Ca8OvyHw*OGgQAuAJl@YPPRGXxILlOpZc`DeR9jo7F7$y|kI zE3!jrsNuJ_A*^U>1j`*xH!4Jd`YH>kp2o_--*{B%TO*+z*3eZmGIO(MaG&kKg>a4 z85EX5Vd*@{L17sbmO)|p-773@j+~?M7#^E^b3_uE=TxL)$VEccyu_oe=dlaAONX;I zycrs7et%<6?T64zsvi|i*d^ha4|+aOA;>EXdrBniMeX&BCgK9GXe>t~7McZe+$3 z70DL3;%Xuc9G8*AKwB`QRn{cv)j8cQHLSRe$N?5USk$Ks9}e2|lx1{_F44Gpm0i}) z0@CI+WYR<-oE12U_5_q}6H9$neOmsuM*Eb}kH4cTJGndYW4ISd7ZiEGZ4Y zW3H!$UAtxM*k)sniwzENZ-@8v1sDqg`XM)sE~E&#e;^wT7xRAO0_1R;2t$1Fimo2M z6n!kDBX>zd$A-OoSWbdWT@JkvH36SC2y_23E5~asj+jYekfoc@(O>W%V>_b1_DKA@ zmH#%M=@6&E&GJMF!yejJ_`3cyS;#Eaq>$-2V|Q>5!QTlrM)4`w^sQvH;#-O+EJ8D5 zFR|K*$8-e<;*nyPGF^FP-y>(He^j#E5Zzjv+ukuc_h?3RS$J1ohUg%dtu9 z9gR?=LZ%aPEptZhWL8@7vMjv68>aP-a>_E?11<$LXbktZ3wuY9&gJNv!yVWD3^!;< zH7wItO^HaRGPqD|>*Dz`F?Zo9pHFKVlDK{Pzb0F9~#C-&$h~EwF z)xNjza@XY{`40Omn94c&=BC{7_q(h86wfksKUVkS@px>5v=6i_p6@1PP2?gVMbR&+i>)_jIZE;Cg8JC3v}NQX@RJ%@4jg<$NiQI|~ZS{&vUNldKdj z0>Y>z#z43wtVCU*WWuzbkoTHt+X6I?fQ5CNV?r+IlF&>$w;$vzSe1PQ($M2?Q)w1! z^4Jn=U1mnt<%oLg{R8@3lR~kCrA#C~{-iP-ZBl@qzV%=Q-b!GA4r_2OQiutR3S?Il z2U~z$8fuSyA;nlpX&}in8X3T6ye5oXcp-{Vo?AVZny_F-5+=Z6iKvjsZ0TP0{`{1@ zAP4qchp-Ye$^p!ZnGNe>6Z;nQhn9&2d_= z`tLQ{V0T*&K6=FVi@~Or73%ZC_0E~009N5OfBF|m=})*hHG9KF`G6^0yBNzs^F4z` zh?jrx7W*jJsjfn;V;Jh|==ULP1FKR&NH8Ueid5!nZ-X3$G+9K%Az$?>wwpCT1@Cwt zego<{*MV-RzoV6XRoAU8#M3VBa$CrCJ>*7a4DW4zh_>;wj}RW|Ho}`_u`)v2_}NET zZWNPiBeW8=K0*+D&pW~v19N=00*$MSJUI@RcOR=!i4i;Q8CTkPQ4hxg7c1L;1a~xN zoL-ynzTJ~Nr)p_cJCp)7VI-t~wLgb3-~jB!%QnJo^&WHy)oTX}Z#UcPrB2KylYRY) zk59tYJ~EmF14-)pLO7!jP=dQJgdV^JuoOCg8~yVK?hd;q(+^3`=L-|`rHqzhlQ*Wj zZxkmIE@G72G9_46<@OE`yG_wKUEG>=gbsokCA7-=TakTrb zEVVZN2$Ogouhl&lsl3Vg5bpq;4r@k<-L6y z%yUgol3Bf>cyWDPZwT>y3#RZEW`8F%_2!X#HeE=0OAb7Oe$LIJoK6y% zM_~G~=5u}ImV9i-c1XC$Lgh0Tz^VOR0bY`XQ2@z+Q-jrQeVDM5!SeE?vwWR!+fzrh z5bv$4AYoR@Q8dmFuR%{!=lr#;$Ee}@=9*ZZ^t<#@Dz z3F~AXCy6YD=@9gJz1Ezb4^NtxS#=mJ{$GN3^&a@#36`QOU)mPx`-!IRu z&M(g1-Wa$Z{!Q;}GegPS0%b1F)jWlNIFJ21Bk`%cJRv9)ujI$F-*&SY;ngNxELWk@84 zxda2yIE-ULZY23<$<&g}GdYD(SgyEPP$4zZJY@;Rw1Ms``!KiUsaNI;MI9(fm@tZF z1i%rH4G*d)!u&N!rC>yg*aq&o=;x0gX_{II^YP=)UU|-$p<_^c8hGpRdBn7liq2b& zjQCVARcn_$dLi$94;2*qF*z$z%rk!>OJT0d=_NIbE?Cca6KiZnN^M8u9XGCHVDfa4UfAE0RW(u|6C~}taGVhuz`X{(NEDMGzEHW~7LG(hF zSxTlfxkctkxq=JE63^u*f9l?zL-gj13LUKL3#-niY=1vM>RsQHDs8@4$%p73JhXD< zg5~hGr_r>9q@@5%wbC zwui^CBQl@=!Z4X3D3qC&c$ZA@OFqPQlgUu z%PDFzc-=-*2=&?Usc;mVfc4PwtCO~g6n9J+sEu+!ebo5r9Pk@thRYagI&S5xN=Lg+2Yi(K!c?_-GZtL5B9Li z_)q7QP=pBbx@CE+8^w2I(-d5AaSsV#SccJ6Wvu3RVsEtGrdD6#SnhtKf}H%Pjpe#_P^_cFy6f(^%YA@a#=2C>G%RYepiq!Sacy|wGO{{Tf?Fw6 z3_;ho%dvobUXQyl7FL7Ph6ywFihT7Iev?>Db_a!o5~lTqOxxtq%284^tIpP#T-dJ_ z*Ip+@QaQoCpm&eAP&5z+UpI!=jazEKe2%Ig_P|5SPai5rVazKc+gtt6-ujAsLykpN zm&I9{1TFMJ8n0j;X!pg$5z=dUE02%K56sZRl|Jn?=-@I?{zG+}T77aQ+uf0SJw}K6 zRNxw|vxO{5bj6Z`k8}e6x+ef|WrU5@Jq9Yq<=ZO!wIiylrDfd1eXejkk)qpcM*=BfEo&9OpPv zG~kZNJtIX%A&AHmBDY&S9+6A^;9e7F0a&H9Jryw<#0Dd+|8%dwObfmxn0@0$Jia`~ zv;fX2gPAX?5=3rln2*3!xlCM?Lfp0%r9WC(Hn>50mgSxW6tg|x8!;a@6-!s!(k!@2 z#|4Ej72FT;+d{to*2#7jc5Qd!M(X*iF}Smwfp;U#b~)B=b*k3`kyb$4pJ1%r3N4R; z`Yn%ai6n{#)v73OscI8{R;yD~#U=viCbqIxI`8xA1Rab(q?h#AR$M3kJm#`T+O780 zr>p&by+y~WD&BhW6e#jV}!O{Uk!PBf>Y5VL*qkd^*bo{PbR{uEs$B>2~YG z&o*Rv{kayD`TB4>DUE&R)`~=rKabThd#%oZR_}3q?p))+EBZ-Bwcef&VQs1Q-^PLS zQ9qTl&F9X^D9?9kJxJ_p+FS`8nGpNDkZGT}SB-){>ORIuI^zl7NQ;oo<~7flUTVW~ zsAiWV)EvB&LK?zFl9efpQ7Jk7Mk)=pRBOuZ%dYwlckW1k$QM0wAIYwc*;) z;nTPn4K?K!xwYbCgr`?+WJ#%@1fykNmE#o#`*kUa!ess0yM?}DG#%Uh|NC<{x(b+^ zyp0t*FmPZkXfyWgH|ljvXh9QhS}p^RIe|M_c=}m)dRcb9SgX#HEIRc(k9FzbIK8si zxKj~IxMqNeascXGoY{#K$P|6H>4_6yC%&;A<3_0k3BkhH*B|3LI9xPfN6o?kv#b8S zcT!{S`28z*^x9BmSh~NR5}h_=ZGMg3?`kk8m@-XLhX1EiS(>W6M{$?5adi(3IHTHJ zDmjG`6upfdZ>Tm{>Ej-pu2ZCMweDT+R6f)xrG|}dXS-J0?Hq3u6&i;0#EI6XM@;CJ zrHHGQg1KWHm3J^yei3BInbwVgVJ&n2dzn))R*a^At90EEjw!++TCm2c8PF;arpw%W z%|kJ&w_)2iOyfPE?p#<{1q`M3-^z?gPLl-}P7-QE1y0u)I>3B2=XXvqz%d{O&NBmK zyQ)v!N+)g{>Oqsenqb*;C|DP?!TQOuos+dq_k3ix+Y|m)pB^HzN(_8gl{kQ?)~(GZ zw%u;0*VXhgcGT^pyL3|SI^V0?l)GXw~uwHrEruAp`Uandbh+H=v=bp)^rsr6r?=~!`DYC`QWUBp{V zT!8B<4105ZGI7V16ghy#{!5^lSF^;Y3t|riQyg<&V;p+Gei6;*g3owDg~^tHy|!mn z>S${_5Yq4jFjG`4eHd}|o|XPXeA3qb?alF?DyYy@P{XG@<7T<~j`eyw+f}$J)$Baq zc$TlCKY@0(jazs=3&<}jy!W*OpFOJd%Ul%+#v$Eg8p|7Z8TF4>mnW{-n`>-VRq%80 zxvR?)&n2LGVGyL7@4vZdeyg`=g2kL!idB{|Zse^rEZjD-C7M3rVsQMLXKX}Hm@@b; zyVn0;OZx{}SH1 zYwMke4m{Fv=$o@URG-ek%ogWdXK+ZO*p|3{(p<;!tJ#De$&RD0%KT%A{wfuNyC1mc zZrO6!v|sb4bzJ(}+p!%UN~l#nIv)R!sKzNH{?O-ZS;4E@OW%FoVfmAdm8jQ7+pMg( z07e-5jAw(ovi*@kUHL6bzCm3X)Ro51uxY>CP5Zl6SDfkO5em!N!M{y&*`>dUqbZTl+UqVehRrTVA)w^%j}l zH2NJYfvqzAQ_Ay>QtDBuN4{(f@9*Dz{{Mw z$|I)@VrxapYclkmhgshWdG8Rmz8^XBK8fJN51x#zS-&?@F$34?8<}k4^*VN? zdYa@=56upKB@Z%oNu(f|l*N=Lwsx7gt7)j@OE+;D37@Y32OQ<~q--Bf>Jz&pM!-Z$T{8#&dyBb{`JGdY#@~3}Knt zKr%ay#RIQipM3Y-cmLwBNmeAnFR6FyVi?pNc)mRbz&iSfZ@ypaU`*!jD|IU3> zRA^ob?qUjZJtBHU@)22#NID|-BeLPNY#|p47LW1o>TZ0u-YWJsx@0jv`79TXz7uks zK>`;~gNA-82Vy4gA@NHJWfr+q+-#U*yYjMCarsnAONV25yR!0|QdBxnqg_FHM&+bk zG1;z^Y*t8Gj`W5tx%n>Bwk^R0@6UWZ$qIYhaeT9~Q|llUdxMyepB7AD0xX(IF}ETT z(^EFQZM1O+-3p7g@I*^;locGeM{LJwRh>bg(kaO4tC zM_A}b%BHsbCVc}1T7v|-2MBZy4)`Ji10Ed|@Y~5#(&66Io|j}`z|YHoLw=D@xFK2| zXsi>pzGSXeRE6yv>O^&i)RJ~hpb>t&z6=h6ymGtyEy9qy&`i;Ui+Sfu-c9^`4NQtZ z#P>Rn_=Oyu5$M+?23-XgJ3Mb$Br?Ys4FL8cczLQAh49gPI^6e$``%`X{6_A3wSC#~ zrdQvao9}mitMbW?rvMnm3n4^P-`Vtf7Z>#h-Y}jV7A4%$joJcZwut8 z*9(J%kmL-B4xe;{y;p~(Ur5$;Wp=XXi$5odhi2$L)v*^J^v z#>ihnW|a|}%~)doN=of5`tUpyd+=uZzxaRswTZlK@)+N+X;;@vh`^&hSkjLfrh>iL ziNg3MSXs)&17cAGnq{?zwd3+=VceyxO6S7JTX}6sSY~WQE4!3MsrJHhz#vtj_s9IbvAu)T@zq%|QmCL6p z>Q?pc$tP0y6JGOJ;o^;5+BGNG2nqKq2_o;&iwuio27OstWxS%8uMW!u>!|W$Pb}TC8&))fj2Xwl^TPN zwAE&rNyYA%A_u92Htdck=5Rv(Z>A(HvtV=dJvjFD#yjKFuxs*y96&RBd15K2hGok` zpW+A8`D|LKs0QhuzTdi-+YBEtv`#CCnTBfO0$gdN)i`EdwWq47V>}W zdQ+m<9C#PG@{yd|A@;N>8rR4|W^%r~E)=8bi4@u>*jbN0ps_!qp+ofQVULeKur~}b z($p669xF<~JHv@v$W#-WOLr2_`5hBsgpWCUA*1AVOZL;1+zn9+D2M2P4l_uVACGi` zg^?>I12_6gMo%ki6Ilv_-K5Mgm2=_hgN7Q*Fm;4maeGNuis?dP3aYS1smv+g2oCFl zV(ODz_4B4x?T{+v%TJ~HoPgnHNSxXW`r0*F>X)A;wa2u(rbZo-qBegzr$g zadEf5x>^SW!74-Sf#yZVMraBDZv2ZBj3im94O1iHr;08HJGqy*r0`a--NC^}b5_^; zyqZZhd3p5m=*27YE3sX_bpQX>{r@}iEBTcWa!E+-{{;R&CVUo;;iVm>v*7y+FR;** zLCxZ{%uwUQuEEWc$eh6#UjD0p23!e-Na3D*c>qH?bOpn6dW)LkF{I+NFF*Kp{Nj*E zQGfi7ORJ*z5gxoeoU9G`+lC?6Mhl~`i)TCaOhKdi>2{k1LxH<5Sz5q4yzsYG@A}_l z4v(&i-+lY&tD2q-QfO-x3GJ&f0G z4@P2V*b)}7Vf`L!X}Mo8@m^?ZxSnx3-5g+27g0a0HjC_=?jD#jn)#}~mNEIv!-&QH zz9HDw86j4$sg})8;i&p;4@+sDfAykJ5f5B>1CqZ&6@1F?YsA>B;{!1&w4<&`$Cp7mhL&zbOxNV2 z)vv*Kb}v=xY(S2fSXj|G3mMP-oR>t(0-CNriIoMp#-DSSi^^$CR}O?i48+0`W%9?5;w^W>+zj zD5mW(EoVNBJro-D<+LAZ-HV15X`Pe+4h!67R>%9`t9`nv)nT-cvEo73m((me9XJrr z=w9sduR6dBHBKKkYjpsp4BujREW#b^IpLa;{Z||F`nH~$ICv!sItNbbG>6qjmDv!_ z%-nIR0+xWMd`ej#iRH>P`Ki0BkCS(FNvM*gNS%u?_!ur$Ui{V`FwP3`Qp*!*@gjGaRYOWMhb6hWyFI*Jik496!!FcC$eseDbGDH^2EqK|y#HJDl4O%f_tvi?c)6smzbE!WzUQspYF|A*>&Vr4a0GKQ0K5Dy=eL4#TFct31Udfcnw)ZdTSc>Y zY<7$WqU5%mvW$W94acF+*zHb2fNDzT+w*gMY?+Qwo8w+H9RAb}-~P-tDf(SpLox8mgJtIeHC`_gxv7r6*=>f%Fcf@Tj|Q)<9q^B4+sFdqM6kS zG=~o$XLw1~ugD&IFyHTu$lk+D+y4nO(|Z$go(H@(7c-_RV+l5}=V^3QKFhK=fTvZa zQi%l#puRj|N=X$I?uZO&M#n|`>y+5n96%}D*k+qBl_ zGavjga+YE=<#8Pzva9QQu_7d1&)3q+H*%D+yCa>_mm_$Mc4$;n8xz%J@8w>A?`O+V zJjUv|nN*=eFxS7>BL`AJ&-NmoF?z@R1<3B2CAz5&w-)K|VrC?rOpT<2inzW$9-+Hu zb;CW-@}!klkXL}=HoJ1YRuki*e)F>m0Ccc*@%BK0-20>wjC4+5fxVxfcBdWIUm)kF zUWP?A4$_+R=XfL>9Ov{GDahFm*Y0(PpNSY-H+q`~avW&&SoabArBuuwkeyE4WB>H( zDQmwcr_@k9Y+aOHtaaw=krG_Ctc@y?Nj@PU$2@~Qenhq( z3ts4Kec=7o`IC-~ZCT^ij}3^1X*xFGhij(pc)~u_$?@Cb2cPD&*D(X240p`g@RR;%t(qe^|)-v616avoSZ@PK^%8!j4$C zE_l3Ri?w~7XzzSzC#KD#4r%562vV96QM9VE1D1y}%aD#nF*b@Xds`y>pX>CDrtrLi z^V2X(9~rzomFi|XU5C~lZdABTtG8@P07g5L%5sFNuP!qQOzo)DOii35|Ab^|lkqU1 zE4DSs$#$Y#u^FO@S4wNs(ku{D1%kv)y^%@|ru<3B(iO$uC296=Dykhny~Jt@8rrh_ zBju{{+f30^g2!6HiqzPKra2d1%w}p=TKpOMXoZA}bTdWk)I5P_>lz8R_ZHjWVWD1o z2hgbZwbVT=oi=B_)c?%J_?B^zR&@THZj;@b8a{zDu3+NY(ByWjeRDX;wtjYblJ)m_cvpQI))x`x z&aGB?@{xf*t0Z`SKSpcGr47ZF>c?03+FhUlR7_N!dRvYr6|(zvIPzGT~*E7X(a z7mX`dinZ2|@g0B^nmMci^-;g%n>!}n7QNsynW=cmI0B6{DGp${EjGU@l ztA)D#Gy#004&kgJ>A0`J9OHWJOZF#|eU~*#5pAe)Ty4MKWqdl+{G~qX*OgnNHN+xy zGyeQVsEqWCu+!-2yhTJdjHpFWy3{He8-*3$CK+8$)=Py(M;-{+^ zjF+rE0WIlZ>16e>q<~CHMG#mVIPzeW%szQU>Tz6&H1nLO@-v znC%L)=G|1~>vM8&5}>}`9e6GbQ!|>d!&rs(cmR*FT~Lu`9x+VV0~EB#pwCosNI!L) z6$|QfpKgo+=%iRfkKH}GH~^>hh=_fo;km$GI}07_{}a22AcsM8EM=*jvC!wohnzf# z!H%gWip{MC1j%nj96R`AOvuiVGTU%2tJ(eS1i+|Xg>@HHM*wN6wM;l%OCoxrItRyP zJ++ZHy2gex3E612RyONIAR$wBSxz&q7uUV*E^iweqYrbSbrO)n8FLxi>`&1+9DET6u003;+*oA0io*iFl1I(q=cB*rk`)^f!7ch1^=sO%ipKteWN48Kh zgOIuBmJ_nh9akv(cey5m7TJ8CHu4gG93^=%a1V^;Y%bMu5FWBOYj3$HundE1J)12b zkf($-wZ+130#|9D1I@TnJu0N&>Orspz^_a!$bu@}z82D*jih|RbxgHi64L^&yyBbT zt-ljJ`HgySrSyYuT8ud9YXbyaT;bMlUPOKNN%rL{ubn&em6r$5E;wG2+Om{`moFXw ziMxmpenN+nAYwg6kLM3+9SCfRXFM``^xQpN55O^Oo=Zj5lB7;`T{h&hRFYZtPTGc9 zr(Eq5KsskBFXr(^fS;ghhO4;YT_!k4s4PU2TNL>MAdtUTllWh(^!NZ#5u6z^Wfn^Q zVH~?+MG(&N>)f4X2~4TT2Vi~=4puA zh+5Ym?44^5?~1ktA+}zM*9FLy?ki5}k`ple2T4YU8bWJ$D|l8%Twg>cEW8lT3A%=b z%}7{iriRmkr`^!+N%Gqrxoj(Wo+MF(`Q2%qBEREf#mMQ53c<42B1#=0^gH+@^iGlPXK^ zc#6Rfn!L0_zIr-Ivv+rVb9=UyB|1YFERnz(U2r_Ntm!2T{feA(tZ!=nLW4`$$Iq&E z0nk9gEFOE)8&p3X7tU-W&5US1FET>~lZDQfTetZ!!Pw3hGIoy$8pj{P<8?j(Wea)Y z0l&s5AaX==DOh?Omx4)nQH#g0( zIVsDTNTDER1tV~}dqc+Am%qF-zd}>a?~S6CK+K^!zq5ctvHtCc{b7PJo)Noxzy$F9 z0$+*hjE3Ht^}>4vb6m09)ac~2l(>Y?LcCYelbBlE7`;j=4Rn)`7z z@p_9^=J35j$iWTm2C^uuq{UM#%QR;8SgAsY&A^P}&D2ocu~5-!Ej-N(MpZ#+lsPjL z%8L#E?3lNxJ!#ptUsYMQyWWE(wXlRbXZx})_thVM=#a^2A6{9X+Z-^3KxNBPdc^|v zensy2{ifZDpVNe0hJu>W#UhWsKRvI%R!7?JPtTuhY36Cd$`Ya}*SCFL<}Y5Cd2LUg znx&*K%Dhui=0`iLG=rDeyt|-`$DVm#AAZ&fhv9M zS-)ew9m*E~%D!bf5r1}O%iLVCTt+fue0arb!;SqxY7VYeY9Pf}8J>xa$>3c(dfuC z>})NBFAVAf_zbkbukPoFkWap?(7JnzLJ1Z<~e-h$9 z84cm9a+W__z2AQVh`rIDKb7-2H)KZjETq1aPSbFD_M2Bb6)6F?GbO=P#K>BtN8kI$ zR|NX-b4*3jwkVEGCDy`R4^#b%i4^N8bttRtU-?+6rs2my<_^nEnV~$>6}XfgUH4n? zR~S1wq(ckI{pHp!)k%Gzt6g-tvLFvaeCiWg+<^s?wH2erB{vU{#UVuVO*sVbbZN{_q|!J8cL zDd>V$GbWU>Lomr;hpsGJV&N^wyF>MoPGKTaIWuOi_=0C_YKNO~F|FkKxu(|`!pPR< zWl=+$YB&wx;m1!mL@*q#xrSXAf!BTzg2IQxA?VUC|6ygVG z1h~S0LDfcGshG!sZzY z12tv$S91yB|BOGQ&a{GS_>Y2Sxb}~SutU^g7d<7vS00`pgC1CD20Q_uFp3Iofn3)J zj+`0)h`cmO9#I?PfMJ_BF$dH4AzX9Y91d(p2b_yn!D|z~gqO*Ct_{X3;b>6y9|Qa> zKfZ)wTlr_2rs^%yb)R6afGf+gp@#RUyfn+4Cm`zIoL<6{n*8xw%(MO7*WbS0x=oK8 zE!kPmJ-Ge-3q%S5GrlhSKDZNxcwsjw(8+j~-AC1Iy$)G}2saAP?>=WAkNxG-IQ9q8 zT=+jXq3F<3_Ko+d5ZzVt*@oD4ghq;BHJ6HK10qq+K3;!*fAZb=dsqDz+@94EG&{s- z#AE&@9B$nj5o-bexYCPDkdKj#xGHAvedS#-*|^dNGMsn~)~cjc4Z$v6Gqu=IX8u5n zirPYQc$=?X9j^G`*4~3drk%&CF2V6f*YLcz_gkFC;00w#t0k&TYtPf36c+4d9U8iI z>`Fq*I07V*ry1oN6NFdJS<|cd&ucUz)lA;Cm}p8G-wqyJ>eM-?leF_5m5Uqt?J9r5 zUlRM-y@(Tx&@H&;)W5Qt%h3rezTI9feSS)jzgsxHZWm$g?`e5>x>PR-pO5wowsiB*|;la)Kf$vyzOKR%lO(wbR! z?uGTEd%-E17VhOCrU9+D*L)>UrIl6asS|Z(u^Q<_D#$D2m}*uQMRSQ}16QbdPIK3h zr&_XfkK?&Z72FSpFMa#03*A1NncX2p^hWvewm!HE5z~TUKeKn8>4Z@cwk`v+>?}ny zDW=t}s8qRj9?xaYwoR!^J-*gPavPRWO*AcQP?sI$AV;lil+-$Sw+ez0KyRFN-;?ZD z+>>l4^m(X0W#!ck^YM!6UAAEfyL2%tug=9KNpyMO4fE{_1xFPMF0XDSgUhRXtx*zP zM!39w8NJX}q1Nd@#Mj!ytG!cN_1V@MndQ}?!guwB?VkDaig6j^^$TfOuVWYfu5qsjh zZfscdQ|Q039|*_}JvlZ2sQ<#WEIpMk9qf=A)BE7+`EUA*RC9KhmInffcfCPMapYuCfKRpNO^VWJW^h} z^dMP(dxu4SvA!hb^&~5%H(dwlRZ?Evx|WpJq5GGV*Q1J2(cMi}=hsP!>TUyiDt4U? zgQGY0AbPzkIr>CZ`UAO@Tx!R!+^2Ny3di;irQV^m;p#QeUIX=4?@;O;N^4i|P{QlL z4kag`l-{JLf4P zd77KeO?8B-_6|#_l?8{7<=mxUJ;do@_c>R94A(4?Vtad@4cl?PI)>jDXFy{qNedO4 z@GNM?Q*M^QE8{BCQ^dWnX}Sa&p?R((O=e72W{h%(3r`Orjo57gL=kw$^2uyTlr-MA zx8Z{~mBHY3WOha^!2u|%L*T6Vr22;@GE05t@gHB4oTiXWeV%uqVfA za8A;3=L3WMu`c6^+~dep6{^C>FWiehO0tNi{|D>++8*=n?28-jw@&1rg&Z$UT$0Lv z;IsAY6#rvP26mZ%z2S2)oM~$Hi|9aV&_=wp?M)U*!mt_5S*16o#F1OK>(D77TT?zf zbPrJSvUOo?QjlU(u1%*J!T3TQVKf(0tPeRaGQ;z%TxEE{QU0o#hE{A76my)gssxy{ zUWT!lFj(eLSq73*MFXgyhm?NhEIt(cR7k=s{Z}*#ORRcW_C*N81QlB?k9D;X9w+iH zgtK6w=M_wF63%xtxn&~7y7jQgbSdcE)zGN4ep`8851btVvoU<86*A?0S6t{0dG0@G zZ1lG6d}_4UE51mW7Y6J{_MPZrYl7a|R9!$6uV5n3xL`JgauhVPM{*hRYF0LGygWqB z?wHclh{_uu*qV~n$~V+FE=lU>>btZ0`M;v6)a1KNCb#5_fq?grMXS{~JxmG4zEt2r zN(HKM`s4})&gryEtyZfs0TRQDz5>sVDEZY)-VKc$7MczDR(E97T5j1Ae67)|`5V4a z6XuNsg9`j^IpNiJXO>Kls`An?Gs$tn^4YQbQGkxgd{S{Tq>NLkW-e= z!Z44quE#A{mrEI6^s9pI_C1H~6+}?uZdGv~a_gUHFPsMf#RGKzto8h?#>Ul4_<0X_ zjWk?LP~1#eO5}nm#Z#t9pbb?`i)W7krM{Zr*6Wbf1Um`*6@p^lTPG+qopbR-NJ>P# zKq~`myz80Bu41-MXvQu+MTy$i_-tL;_CHq2r?iw2`CC9*B4oPRQu)g%j#I%stRu27 z8=6wX?r4X0RestlW!?Pdom^g!?{UoiEAuF6P|`V*bILmueqQO(?k9H{1|&FQwLFUXE3gmbHDFescnJ@Sa@tv7;l@D;?SGM;w zajQEOs=TR{ru1^qioMo{e!30tvWD*ihFEOnR4JY5VO-O9>WwS6ZvmQ752?-Q(ig4E-IMMe^b zPVE9TepSYGJaHP}r|T8NZuq&k=YHX0=e<#~G)n4PZoF6Zkhf2yB63`<)Kntz$>oLB zjUcL?W_m;#__{Yifh}`@;uS41-cQDNS7+wkeZi+b-LwhQ~I$3i( ztWdrY@sW85AglI5Ky1DF6|FR2Ih^eY#@k_?$hKBaOCs0e#N6b=n*G73@V=TJ27QYS z^khqG9I`I`qWBA~(DB<9o2hmb9Lgh0ZN~@6aXU$Lbq(abR%`x1M^Bh+l_55RCpAPnI3JDU`;3`y%;{ zYL=1@RM07EMK7-}zx(jYZVYH$7iWzgf$Qqm57L)cua5XoD>^`Av?tDOh56RgnO1wy ztQ@JuJbm!4Gv(BGBP!dzFa+o}+}JwiW*zj7W~Xv)Nl%`di8(-gwwHpy*!wqeyDOMIymz6(Q(ybV#TaF=JHg&Ige5h<= zk`>x8h58WWIE~0hX$TidR-|BbX2K`0Laefq^Lj4s0Ffr#sEqyzIEYlBdSFs zW>$Y$kV z6cSeFTv*^QUBd7y*XFk3OR7LLWqBr-maeZO`F3OGHsfVZt;pK4w5w7U@`f!dZc^-- z;!{fskusG*n(!QWQ0kBvm4-31cXFoeWUZ78YIbS`CKiSY9+mJ|CmN%6+bSW&&@eUU z0(d>_SKL;RmuAMea%F?boSMX0QK9~sR1Gbaci*f+?2D9@5xOk%po_>;3*{Xbu*X(` z1Tv!wuNG;j_UM=#D0zolX0xa;Tqi0k_whKc{HU6rZNP@rC+eVX=Q8Wl9s*!~v+*tD zGL_#u+J`VX)Fjl6!? zrQ=mtarEC_@BOXS#XXbjt02-TdN)F`uFy=mxC)T)%Do>-Cm%Ncws<}I=G)P0pOMh? z3?NsDYokOeCbj*_=OzsM&2NUo;cqJS^sNxf?hO-|(eG0p-uwpX&uO8JoL@Pzb!HV3 zAU(gCGec8qC{VAmaRAb;Bs5eVPMH{4fp%Q*EM*D?_n)@Q8@;gNcbe_K@ zqR6t}I72yET}k75e`5)>{XUj%Ak7cqkTn`xa>=X0DKHt==5Gx*-*ath1bJmDDX^3=1iPiUi|pG>)Oxj?e;1Y4mzY_ ziBu_+H4rJG8AFW`X6>R{E7AfN+E7s`3EQk5Z0gIflJ|Id;X5x>HCnfBtD0dW2I<1X zgT*n_2%^HV+7ZEi_1cH@fr_I*+mlnl{}o0H(drpBOdAkRl%N^9bp|1*#}#BML}di@ z{A^Ow{23{AvmN!ZAPgKe2qbIDGT`bKC|h)`6%D{xmHyiM0TjYUVl;wjFCJ#iJhlYqxw)~+2tJQOI(GeX>WsZ(Uq{VJyU_L`G-M?x!8|R3f=Tg`cc5GK{@iWK84wYMNlMA)Y zMFO;Ku{k=Y)o8rU9o_n}Tft|)g3sD**v=yYHf(ykC3>=MufgMGe;NC-DGuYLs^B7Q z#>OGzocb{GL6Ym&#Ho!Brl<$f>@qsCGdfT$GJ1^N=Phj+q`gy=Y|+xTxy!a~+qP}n zwad0`+qP}nw#{9(y3YB2^i5y&&5XGs*Sc9_WR98fM7%Fy2EEhY_PPB20bChCQtN3_ zLNfp7y3*cgH&ocVqvzKVg1xDcO$4MJ-1@deR||2;x9&kN*6AbrD9P@xGYH-KXFN48 z+9h9(tgq9T->+ThZuPov&sRz75BJEE(-of#`ZM=6UnLbs(id611Eq2E{;tr%pM6M{ z?h$vdzIZiik*7?{l!9cID)op9SG-Y0c^v2KMjHpnN@{6MVW zEqfAq; zE(=kinrymQz1`4N*NI!1hPE?Sja7z1o zeIT$KN}jBXrK$r=iGmd`T3;$Ge?FVNa)_BInwj?VbX|(PsoRj{U$QLG)@)35%ZI^Q z5(};W_+x-&8iZ=3-nc25V9e=7N9(Jmvei7OzsVNg!e3NSFpq9}6IjE3CIbe)(&vvX z3pr%i731b-uG9qKf^`|z31~|n@_*#NuTYrR^4I^(F_T9ZH_|a-G({@HRVrzfNYK&# z5^KJB&oWvq2_bhWWqq*B)IOZ5E_g)t;b znj*|l$tCujpb}&=7I~5>!^*k|fyQsfMANuZ!%&Ot3t;yT6hk)*wymf$x!}=MVHnp8 zZr2mgUG$UTA>JP!998GxzWzV7uBiwTrK+6|O+Z&IFQN+Mo2VTu{jk-@G&~+0?|8Ma z4O}**r&gY$6;D@GKPj2!-V{p)saV^x97S?(-w_r#xNXWj4RwYu#QE(M$c_xo@UW;0 zQWtx#*O`HT2Akn5q1ZLz%eT3JQ!+vlOjP#@LJSn;k$OTH!CgRpDvKLbt|0fgHbp{1 zM7FB1DXvNM@zP3hw6jtHBs%Tqw$<^;iF`!hgb-BodI`r!5c zZV{~bZ84ry)D=sf@cy;sqAuh-afQD8Ye^LCfNCWj>g|6@gF{ULjG94(Bd#qZ+U#GG zVRw5wMnLSR0EmE44#H*Xxsn^sW&2@ty0b3~zbDRStJ8W`txA1XS7zO*w<)g&9{>4t za+2_A_k^1|1ijg9GSqV5+^N8>w81_U;(CaePO#p7oJX`A#L`g@{ikgSpkhbLJg>E{nX$1po6|E+~}o3wAP|Z zx4UA#67&Bqu|*dAX@*&|a7PwiJ(_RK;!2&89^~RXw;YKgS$@|!Bu<8D6<0+_&kCPg z+vqxy+gK`f))=Dp?IH>qA}|)g6-mYbbO0W#{JpouB}K*QO#dueI_ui~E9tAHZxK{B zu=VlW!v^&sa~%Me92z|mY!#$kB!d~#MKRc5VRrOZN#tTv)C;NEU8(#FJl(XBFmKA4 zD#Qh~BXbAOAtcf&RA6Y??5O;sVQd8Sz4F{k(ZiH}RGkMXSe!!BUD9d7tv~A8?||-? zo(zYV-#V*Z15~WmrZKxRw$@1~|6zLzaSHFnojrpyz#tYV;caTlyj4<^ z9lPVqgGFW#eZ~8bih1msbKXDBIxZPOY@=$6Wl+6LWbEw~%w4#!k<~kw0x6KkHzlEm z!Fy_J!dCr>Ab1IoqkDZ+Zb0*5)$9H(OgiJau5fVqO81+%9cVqIAGmy{(7b?Di%f}y{tDyS%$}-ezHy?N zYYqa1rFajlF%`c5t~(UD=>HbW31;9h52aA~$%Oa{V zbT@qqFihLBc;##SD3(f}unHS!!cEFtPW59A7sA&`b_jD5Sc%4EBNkxlgn|rEEkkPX zf72Ml*`@aIYmsR-Ie%Vim_^d>!G0{h?^W^KI%n-8b6ub$PZ_%@zV@t#S!pljkP6G@ z;DgjnWviK|JCi8ldzv|M_h5tB2sdt-X)pqpb{;rv;o&br^M194YmcR2vdP#3u@sfP zN_c%Izy<_BJkgH#pdC!o2K_GU3q6L$yzTdK#cj|>Twy!d*3CyM`~iJos^uR z|Hce^)Fr#TL1AAc#+qef&RX-(SBe<2`mCW~LC#g8AouBK0S zG35|-yF7JzDWjtDJqzLMYKH;5kw<^czVWQOu*WAbjX#S0-An!YIPO0!Og#f^WLLdz zR)!c8DUL`EDfx7f17vR_MH`Uxv7wPyfCd{N=prUBLT_-lNr^UMhZk1~>`U3-l3%+< z{-;082%RPcmBzgE`(r5ME_fm>laJ=jxCy!z#$O};*1;2InY(pBP>wRW`S?cT@bCEz z0AmaFag_w35XJBkd5yt5&)P9VOZu}nB?y4=lP^K3<}oabpQkr!`5y;Q4`&pPzop^+ zuP~RRND;6BMuI$tM&SpL16yJS$8v^={L=L>jaCnOmBCFU)E!{>C1ww(B((FAUSBub zwuVTM{I1*L(4?pi2$3H5^?Wca%l2e#G^nkR4>p%G5xPs{Sp*Wk_1?Q|wz)zZ(`yQ}YONA1rC`s!l&PiKh1 zY~!n~HHKcry>0O-_@`#dSM`=g<(pPEXF`MgZL7njeZ`k*XK~V1>G!2a=48*1t=>T^ z-Q8yW(9OJN^sYtW@_#E21SWYNz(RBvr^^H$fLZzdLyC0T%oIx4UhhI4Mf-atBBlr| z@dK3Oss~pVI!KHrWLRVktm%z&C}Tb7De~FU>sYhX%^Fx1t$fFO-AdFvKvI3quR|a% z6$81mHyVmoa=tpVe+To^1h@b21%*Gm4YGiy)Jc|#{Eg)1PGl zG15ZsgN6aAei9=0gB{Yg32$a2$6+wFvR}n@F>+sI9$RWBwl9?gCA9Xe8_?hQjEpTw zLZswf8rpz$8+maudGNo6Me8S`%a|q`oJJYkUF>~SUs`d-r%qr`6GJu8uW*%>rt_n(x2mSF+H?+`Kez}VKZ=AwOln*d0Ulwj$L(qdx96e z}?S`OS%JTcy znQ(hC<$5?{2)bPOVph-I?!zP52PjD17r9pUcT2Tr@Q)XV_Lab(Pp|O|CI&);VkY<&s8+9D&D8&IkYk#po%A2kFgXmlv_rf7Afl`6l%zL+6-9Iig z&K0$;Ch|wj3!VO6g_%DG`3~UvbZnTK5Y-ENsbo+$ObH@H+gvW1(}%DO{p1Zh>4pOZ znAsT9GI8jr5`dV2Njvkpgq;~)8Dn><;i>U&ZdSC&m92t#c<24EMYZO%6z;L5B8N>x zm&bMk4g0?@?^5bFaNAAAUH4(uRIbsiq^%g|N5dU4Zd1Thr=F*<(=!_oJETdFV*`RB zd`MPfl}oSteM&)wCA13$|<1^estQhk|6C7eSySnPsSzWtm4g< z9qF#ft{1K7(XK)l@6UuXZlWGLjsI!Xw~#mrC|5jyX1JfR>}QcE6J3d`W z!>pZw#9a4=>!h+MYHSeYq_8ULToCP`vM~-#ZdDag@9kizw93&h<+-+`a56pOD*ud+ zO=aofl(I~|*VnCGoFG}9pecmrz`lGOER|3PuWODOSCLg%H<1<&|X=H9HI|4!>pBs#Y? z$VZ+ujW0i>-4&Cl{5uC?G^aHoV3afM`tT%C*i!ICkhihwWzWEKg^c>*2F zJgIG^eg+D*qT<6|xUNC|zNgHYmq$mFKYO*Jp3ogElxNzezmvv(3`Hu*dZ*ayaol_u z*iZ{*z~@^rcf>bJkFPGTFF^7t3F`FcQlHFmqcCj&mj(SMGJVzsF3fGfv~e^l%#B}Z z{SZu)`|rb=5t!&BX?=5LtlF9bj}x^{SG%RFlG^Ckg^YG~nl%`7xDWGA)zg)fjo-`ii_O7ga71zm@9ZOXAjC1%Nv7*O2&y_d_fDUIOim9sX_-$R}v_dK37`1 zOli({Cf);i{+lgs;)_7dFjJ(2<0d>tHi>>7a32-Z2=4@%r{0Cz?at!?lZ9efboH>@ z{H>jN1m64U_@LNI<%osS+PvM^L?vG!%n(NsN9qqTB|8tXxP-``^Zq*v-;fU2Jco0p zxXs&M80&-^R&DvHkD0lXl5HcVja$k%KN^kj9e#myWl{b zmIN}wGO)|YQD^|v-Eru)mckKTJcW*8DQ9I0I2|E?h4C!DB`X-S#qqI!(Ji`#R8Hn8 zN|;U?yUJD0ZKA;^3-o)^xlU38cg^=NvlukzBveHUUb*WB#JR{Sz{$ClIP~i>9K^Ne z>I~&^#3?d}LB%wt5i<|IwZk!^g!)MJWU6lekgerw5oI2{HJky2H zF|XKl2av6lyDNCAeax{O+G|!4YXP?U*pJ#oz}&F>?{M19b3VW8ggS$VR2e}1$}L9& zj|Mu`^KFpxZ}r!)LMcq3*Wp!B5az__)KyFYOf}d~POJZ~64O6cDsq*@=na)G;_R}& z{ueb|-~X{QbVd2+NSUY=DeA~+A|{rR<-^{n6=XaHVp%&DLUd20f-M|6wq z28@oH28CySby$TiWeXF&$+b!wKOtbrb-<@3Cq~_A{?mU+57Jj3Nc$1t6{k<&CKh zN3+=7v@C3B&kP@kX}WTUkAx$<{6UA2oHx5EF~dr39ywQaZYj}-p`186KaFgBh-E{& zp`EF1$!s8m(a_Jiq+c(@IhUzPOZJvbG+-*IG7NLPpbc-K{JQ{+|7A(0X=Z*B;P`wX z5_r@`W!RB@aiW0s%Ky+?e~gmZ z#07XU2{;+!s27MTBKzfc-IHO106aer6fIh=9}@8}=;Acryx2T4&SO@%lmowM)3gEE zOiHBM*HPnAbz)-GU|FquCws>p>ISw;a;5QtTi2>1LG|(y0L5|8y#*Cv&<*6 zi#qnyPBnCWannhyyRaNB-56m0-5;oPhlPOzIQJc|q{GhcS)H*9*Ekr$ZLO$4@Vg}9 zL&tvw?b;xJWONT=3yJAK|M|~nO&4p1@M-WGIhL5SE{Rfdngrf*_Mm{ zrsNXNMdShTFjgCUWy9JV!dRtt`k`o`SK{lFiWaAYEa6XthV5ZSdm<(N6%m(>HjwNh z`T0rxIraU1xn0)N?fINt9rXRF{dv3piQ2>aIsDCiwf-FX_INzqANzh^55BOap8gE$ zeZBZb82Uu|e!Wco7@z*2aEw)|`My~%J^l+VW@bGafG)-)l;1@xjIiE5{5l3`f{OVF zfU%VlL@c`p!na2oxFmBD?}+@jFZ7peX8kH{RkCa;QBfWCN<^>Q1LV}5g1yuIJahH- zs5!F?tdNs`;q62T=Pnr>>y}kWz7S^(%2hN$`$R-^8gx@9P+<)rbU{`9T{;eFD)T!3 zh23 zJG=z80B1u-um$!N#46|NDZA*>B-8{>I*vFTh8TfQ!gL|95%^hTPW7%1#sD``c!@g4 zVbaeYAl{rXMX*B(q>&30_^d>#6sGu)BUSNF#3vBG-=qC;*}u`t4hh-I*_8)wEgPoZ z+kQ?zFF<=F`+f|wWO1mzwwX0W(HNXTa?HUO!8s51dx9{yLu!c;RBFerX#KXstzrU> z2mfSGl996IAjD5-v>`%sQi_mGigXj{zX^9*qBH6_UUDp#&F7{XqJ!tx_9N?Ekvs zRDWjCKxCtj_0*1^Kp^MK2xVMGMKBvhNR!WI5$k&H{0CbDJ1~C-*xCL_B9?o3LsVLH zXpxKnCRg!$E=S0W{Pyp&Pz3E`$cj#Ak@IB&$X@$9?B@>F*$Q!W@P1cxf$&)w(bQ+9 zZZ{SwnP%`zqh{%kq!QBag*P3+3hE0zx{;iGeCCiO0}GJ50iMCc=RKz2G(-qW4eg9H zXCHX-!tBBbG1Be{x0CY@h=3!(as|Ae8iOY|fN(fZ!o%#31~{=$z_`0Rc|BUleDO4N z5gWO6=$tunP)wixito8&7X$r@3Z}{j-!?kr2Llz5Fhqo$IlZC?zNze=O-vU4@CGc5 z*N$Z)i-DH#5wa~vvL5qGX~6f>(`RpMIVWXWL5!x14d|28vG5k%edb`DPB*pPVdjO4 zty1n`=+zx!6sD)=D~XCTe4;5K2H*sDI_^av!Kv0zZ)_Qb_q|kUZI}1%Y-#(QwmLW;Y6lLJue@+$IWS_rV6|Ric^QREc|h?`2ovqO@kpB>Qxsi%+sM(bIw}1+!hHu(xCJuHEfY z{cc}2KA;cBwpr6mRbaq&MgIU+r5!I8;#vjfs;)vUfuDy6M~dHWYEe(K=IWdhuN6Oe z?NHZSfV027y_cQ62Xi+T5oXA1S^=G{Xo?euQu!t3wUvo<@dSIFx%>V7();lR9twx* zB|t07o8#5D@1e*<3E&};+FbTLTw%5$!1>ON+{=r7w{Gn@PI`{|0%732Tx1sEHl1CuOGsEi@Dj zH)KBCxCP#!QqkcO%)GwtHz_ET+tFXu;Eu3g`<@_AEEGq7eT*!W);rJ^<4K`%u{Pf6 z?+B!`s=JO_7p82n*eXZ2^s-k3*iX@2jAsdiez$XupX!pONLv}zAE9ta((k8NCTFdq z(sxYT&Vwdz$Tb7>4O&rRL&;27to(XZo8}8I@EE}d3EX~Ya3fr<*$dW#mFJLgsL(NW z9kvUm)0ucY6JOO$qs*YMT(wU}48xN>&c-)lJr?wQUH9kCqp2QD;O3pT6RxpvC#KD! zi9hbQZ&YW=@{ep+JYcbkdKt`omcZ)^Fcr|+*#yTalMzc?_fg&1IcixA5Vv)>l(DH) z`)|NP+sxeZNYr{*{!iGfm94*)v5B@jm$B&{uV!mksognJ?e$3~ZCw%T>b_i%jJCIT zPt~W}4`+%Vm!RQ=4y|1JsXUT>Eu%04rjoIYwl~(PrspkFz&l0!scq_4j-n&Sv*pZV z5H6m+xF4pWtxsZDSXj`~$SF=fmP)ROEzq6G^I=kwo;7Yk0keF4@rUB2J3+-^b|TaQ zzU+cc3rYe>Hu}Jq!zgN2%FzH95%s7GtFp$+;Y5CUs^azD~pG?gS_=+}h~3b0ROC4_rnM z3s9(vFLSI-b2*fcGB~Rf%{P}HEz?%GP-Ro8Ow4$)isJJuSF;z*6=QtGZmO4xWJGt~ zYugK1yoxe$a-T+|Sa>BZ62k+kG51=Q5Oaq6i0bfiNqNr$s6FRE-G49JNcUpcj>gu8 z9-Q;5;s2`aB62WH!>4P%wewa%=##`?$;<8jIBE8MorKKAN3`@tU*CdRq0Q<9BNI_Y zn^Q2a&0Sg})54Rca^pw3q)VISGf=v~_4>YJFWGk_ zg>s}f4dJ*uCv8xVr`>5=#e`U-3ovRC^v%3ztxs{M2u(U>Dp%3_KVt|V2ppy3 zRhXa`9&z}%vu6Pal92sB8f~zQbc3C>oJaJnIqGF#o8>(Ss&OKX`Ar2C2@lJOo;J1w z$DvBF)=ni}`%~Ps{+$baV+HZsDwAwy=+JRYqQFe3mI1`j-j0;~RLqONrQ<&13@YBz z2(!rxeda+@*RsRyL4doq2JU7J&s zdM7f~J;C$Cg9adApN6x)yA731fE2FQu0m=eVCjKN6ZLqUx2XA`o($zHjr2Hd<2^Pe zwXv`Ym&*(j^Le!vIEyrk3nd#sRLS_E1ysf(T2|?yV*W8WOf3R7BDVn31NL!}uO75Y zqh42~ixUjH1KwFtD9D6sT9J`8c)-f|if1yIp(!XdeNjUL+7d)a>xwU<^V_Yea$#Vn z#aLLXA@AX8i$3g~*lYcHI}=am)5nsH;hBq*DFHhQmyzWT>V>J9CPQD75Y^&?DeW+) z%y_@pM>GJJt=nL2|e!ONb%k9%uyMm6pn2>%`BmUAqoB-Dy3QBsfQ{BNp+j z5cr+kpI0*P|8DUeV7!z3I{%yQ)A3H~166-i0L-l6mGt|Kzt=)Q^|6RynvQrRb7By` z*0_jn&)AJ9@A(9}Sp@IOGYwd^^EiM{SwfF zTU0b}FAPLRi4)dqYVTikL=bks*%yMvoO5Ml8$<`x#>#Y$H$M#VV^X zY%Bs(IAFI&3V|xe0h@&zfrBqwcFXSp%#h|hk2KTTgFj?G!kT#Xnz09_?v%j>FIdGB z%OPX0371fXfpM4EffexZsdE_IYvl)Pa*%s{|EBGa*h4Nh5l5`dMWPUsEDQe)Li&s9 zQugd&WHvZv&p|&k>oRk#(+AuH77FPRS(pJ6ItYTKE7Fc_4G_K13DKbd@bEcQR2>}Y z+8HPsQ81l$Po*5c&Xm&}nf3qU-JEAmH+I6zI+z2pZO+z5_c#RXV^OCUtUr`7k{W0| znx^VQs*pe@BGKywoSgn0us*%))$`@$_^`XH{{nA%vX(TL9pyf>F7lmb)%8Xg6Ue|V zl{{%9RRIr!qc)1USa4)9pKC^{f?-!tMyEqp?JtBh0J#@(>o(t**6>Lvp{|yB0Px}} z^?5bH$Q7sM)6x69K?$RKP)GU!=TzihRVbKZ=TiqL z`#3R(MQkF7Nk+3?D}Y{-03i@we!yI&fT-5LibPQJ)j>NrW)4Blyf`gfmXv>W7BP=} z5a3{8YTlWpAsG5Umq%HI=TSRt5wewRvP2(7fG^Yd#MW6#0g zZ7N7X3S3WXRtKE>6Rh)wip%;qK+xP&^aw}?G2`!fFaYfsi5pr4<6#*873B`D6cZ5@ z+@Fl9UbSmRZBiw>`sa@PR%taYpwab^o-b3|ME0v8F$!u)k(=RQ@%(1{;z1n<_c}$+ z_E5njWPIiP^Z{7A3VrajUKFDghQI-IVOgcX{l9Bx@fmgYzs40#0LP8h7DnQf8W=*N zEN}Yj3O789}^fK}N61Djse*03* z#17f-C_}XXu%VIp)7`=*S?ShP#2tD3Lqxel*_$#R7c}|?Mh~I3v9|IOo%o8AA%GV# zMB^X)jw@O-7R_AJ6G!_L9NH!~oFqIVLPM=ShzBPLjO9AN5tc$|Cw9bt#ceZ}fBw#N zn=`EAje8eyeT)f7xXGPvxvb>{y0OxiR0tuiJ0HUgtTwkvr5kD+gna}=Ifa=V{oD&T z5H|@HFqLE4opE6V)AH+E-ER9=5Os#^X{$BPfEo~5CR>3W;iZ!gD~T%drqkc>)m>n#IL$z>&B6oERY4>kkOjSmNDxFB`GwfqjAhB0h2aJz zNJmiIWl%o8gGHr8Y$>piB@r{H`)^2rNI-#T(1y%AaV(8QOs4DwmT1iQve*FnfbH;^ zhJbPF=$Z-gHgb*L3Yzv=zHT5dd8IKv(y042nj+GkwqbTHjy84 zrc#U$LI!y`OFCNmzB_u9IcSWAlV2!E;CxDcII`gN!0J|$G0Pgd+s7Y=;FER@&{7y8 zq?#rIi4p(hel&)vKO+tnbHWJ#NQf<{}MWbs9<1F&5#-o^b`GIeFq3pQ$!wZYAJ|A-nqIuWg+Bi564gm z3sOat2$IIwM`8rQ>J@C=V5|N4(qh!rynrnsB7&J7AY>vfK~;52x{m@IZPpN14N%2W%WELJ%A~PQv6KD)0!yrPDFukdB5?k#a*l z@&_1ldc}wt^A0(Qj%~IIaI23=MN-zLUbMbzM>Zr63IAOwHP2d}=Av!{k|WVN>U zji?|!8U5!KQ`_0Y4-D2kgrv_g!$eiQiZBl3kzjHc3n>(HzUt@XAX11;$X2;;~(ckKZ#D$G2^<8DTc__KKUbe(E z9(}1ht{?<*ccsiET1!bNm251Ktr0OyBc0wo|J45O*``k94MhL1H-$LYwdQ^hc9EUS z=)wWvnYucAH>SOa#7t6%F4&3KTKQtsJqLwl#0}qmn&cWuRx5YYa<82q<$72}Ts5-m z1g*)1Zh%qHx;l)ZfDWZwTn`*yieqgqFW{@HtnnQXd_5zg<@Y1w%0!MbsiF0k0#gj?`qj8UP;48q(d{B00sn@>!4Vj%N z1swEf8bjJu3@wC8LtO^XnUp~LXWjjNtl}Tf(LcK2ae{ILtLVhTAnr^a5ARZOMVZOE zurA(sKoWw~JY!v6s`{br-gXDx>5rq{hNz#$!S1T%NOy>7oyo4002#HMCvhVucnAfN zcR8n1IOP28q%z{R91hL05OiZwUiaWeWx6=VlUsnZHxDVdKO2OzH;#}VDn5P7KBJ~i z{rEGHX38c~omZAwcur)7hW*LN`ggkW!{_XdJWOeI4a>HA-);^dEmLZ=-;2`?ex#C> zOy$t4kQRJ!P-MRvxw_9>4+F?)XI{C+!6%VIStaPaxUYR^#)q_LH&M1jxhF9aVjeuY z@Y1A$m7$AImOEvH5)?VYW#rZBsZFxbyeIyTK5b+Um?c_)&<|D`>jkDE16OSRYO93qaV|=D>PdG*e zCs)*BmSG1QtWc{87mD=|y|(H7GR+{%aB4RI_`hB7MWkvXpePtk`TSRci;cgtKJo*C zMbgRr>j5OvmKALHD}ljs6nU4(h(xL=uL zV?u;Fj|gOK%o%w;@x;WA9=|~HEh@00oHmpFf>@C@JmR2-I6N&*+jsxdVW~-FU{IF9 z*hs)xuS3+I{mS2}EU#_?@apC4p`U-lSliaVewpHoAbyR}Wg-QAGo^0W6Ex(bY#n$` zjJ>!XPmU%{!`{i|66InJ(oBG;?hT#v@=Em@3q{T@p;Y>coFNl2mH!epm-RE2bfO6T zA0ui%WbUs?7d~%d2VQ3yIN~M7 z5Ac>t97Pq=OXOH7l2cR*k>$Jj!{Gm&ue>Epr>FZtILYf8fgM$LD%;YhadjStDPCM;1WL zYo{lGzZP6P+pK;|Bb4HuLcT63v)KFDcj6`aa6CD6f`w+d1Dx`hTQYevji5QeyE-y-l` z=|Bx=;^UT`IPe^oswG3fDf#P-wr@NF2Z9vz>2l8wA~J2D1LrdfhyM!Ma(kgGoe^>* z^m`FtEJv!t4Y&43dxKsmFDc&{D7auQT0QW4y!`cG0si`c1o$5&x8)qML6pf9Vbl_C z-S8pI3s+ukM_G5Co$dCSzD8Ev1ZBZD)bL?f`p`iz&j2YmQ8aDTh^h00D3rq1Ak4JV z%5MwP20wY0oI21SP3&_H2nZ(k9F6?c)ddxOUKgJpzi`_jzuD)rfu+)b1q~^Ve7nqq zf?>F63YE8q$ZOh>p7wr#T~bNZEzDSScnJ(u`LsB7V9wLGBwf}V*YI3|66)h__uGY^ z-Bap!`r2N2X1g&NM9slw54X#Q0&gGY15z!8U-cQ6T) zvkHHoLDEA=4bxH_hf;at#_M>a82XpwYKcONRItXsr2JU}e`}#pEi0zfz!{vKoQR<( zd_9}Y@YyeGAJCHd{|31buQK&9l`N$#tgTzt#Z(AJk$B~lo4fo8+D7mtH?crq_mA=h z|8QWMRMtEGrW8iRA3i<|ufL6EM!KS%s(~?(iYcd5B)0x9e%qw>!iGQL5!Wj&AlNX$ zE|&pNU*EKiFEj4699;R;Y{8m*pXzKqWNaPc|y#oT`OaFXAk+48-7SdpT9}H|r&L9$0a& zK-&M zP33=(tSpju@v*hleEwVn`!559ec(Z)H^kB-ex9?hNFL569Nees5nmZQ-LPsQSbI}ARxXtBxe*l+<)Z_ zW7U_kFnL6?nBVg?ehi|4&y1^2pd+iPeoru)X-oHMbK`g_rYYs?6UlI4vTAyTej}OO zmNQLvH>!|;2K3TrK69c-Gnh-AThF1yjAcQDk}Y_G(-Tu0+nud=~y}|FWuktZ;Y#X9HxkmYakc zLLzSh&TmKuyf$}^;GC9|1hzPv9ZgIlXJ0%uW`L}?j$58MyZ3)+>W9eA^8cc#MhC!n zoGKaN!~dJ4E>o)6llI1w!4_B7J*MN6rLk=ajYB+23Mc{qCBejL187pGji5qzXf`%) zS*R&zM3z%!`71B4Z?=(BfrIYY3ZhZ}cAe&JFlPV@-O;dFr@=IFRWJ_{@@=?IHpisO zQ^-*VXw>tw0U}PFFyKx^*|ctBJW;MV<*f;{mFjP#CN6N+w{r<$TSBaKsG7EoC`m#| zWT#?}#h{Pk`@~P>0~v*xLE=#B>RMqieX^xB&%v+t*ICI1ps|2r<` z^!|Pq<2q()zM}sxh}u8^j9SY%kflOMQwJ=pW>r3v(@wwSF<)hOR6kkMMa0D0j6aII zG`2aG1<5&#`6?QcL9d7q85L1#38KgUdRuR2r!-D&B$*hs%jht2FHL(ov!0z`DHJU- zZE4DynV>aK3;gL)R^Z_TP&XY(O~lc~8W0ocASjy`FyZHA3{?VpWO%QTA%#qN!7J?* zcMIWe2_j}4)-O4f{LZPk3`#C#eT^_!@1EEj5HDDCE6SxwB`zfLNUopLmg8FjEdcEn z7!2qwKnV}gjvsNZ4LN%qbkUDT?CxunUJqwd~|udcKgnhq`FMhu;u&w6yf3o;jYANFIE^ zCj4`$UNg1Fnc_i!VIB`;nJ31Xm6P7gdRpg=4#_CGba6GWYHv9SwXKopAb2-oT_?`& z1}RER_O|BfWZNR%{`=>A#jVl1;clAEHN(1#AajWAfEXvkKEZ~UZXtYTgyn=7%yvei z!$w51YHg|w^GXp&76K*y z)`BHxgK3-qUd>Iwac4Ddr)*`-b-raH^Z&tW4l)^gVy1}7E!{HX=gU6tl_$Bv3Os|L zqE|UstMpO~6(lQ}HP4C%8Ar;UQP&aska`_S=N5YP z0nmUO3!I>+fVt-Eglf&)h-fn@WA}S)8daDxeZ$au!xy&(Min3rTBP28pfH~$Z(mpi z!8BLrjazb)TiM#LoADR^OVBR<2c(S*Ka;lZ9Ibdg{UGXuisMicW$mRTrhw#<<`MP=9;nY_ zMjC5+ltZYA(M(u#XobIx9bWd4Qq(3OHcR$+&S|gL`ld2KaG7>-uH}M9~DBdj+f!V z9(CClSOy>(%vh3C6_gx$Jng5?sER)9$4n*Y>G#1*4{g9U8K6R@%>>9efdCF8VfrJ6 zGI2r0bIoh(f=oR4hk(*0?FWt(ZY@=?qD)qTzvA*0GUr!|Z!B-G=b#ZyLJ|QOEN*xy zET+#eYR~W=fc^hN)#yO0fpFgLL11*daQlCB*HkE_b^|EbG#r`nL5>cq0A*UA!7A*K zvv5*fIF@|?0M6>R8E|Ds<4e=6{$vj z&ib^1Ft3J-G-n5#wunDElDm01g{##@$;C325~nWGY|>L$NdPSpB;$nUQ5X+tTBZgI z`A1_gHt|~tU;Rw?*~Lk`cv8!ac%K*l9;eyv^U97uLLyvM4~wkA0aC(KJd#EWO-7*V ziy9i#6vc;ISzALpy;LtF9rU}OkBq2BhT+3z@nz}2Ug^u*9=|`HI25lBO`n@c3EY%D z4J&h0%}-7<9(*4MsTLVbZiP5zz}c=l5DCO)?$BEqJ%-vhIA*Z*G> zapdpQrd5xS?zoyv5S*pj7K8XNE93t!Bm3W5`1TN9$^Rg=-}K%uPtymY{-ta(YIr34 z|D|nv`TlES5W>~%|Alc|%VH4Ro-yl?UvuzuGw|M&r|t&m?U32{LPUdih~1o8T*Ei= z|I7wTg9l_J~6a{w1e;ex$|MOB}OaQGI=<#sjkl$U5gM;+QWXU8}T#@l+HZ zcv=Z)YRc8EeDh=(ai)T-)H;kQp6fuW=Fo*l7D*8?lz1k2(UQ9#Ywg$I7aP%T#w{c& zgdu<*+Q}ScVI95?EmT~FWM<%>!~nV7m-SaT^j|An_wRe!v{`ryV1hK^zNeVh?EfI~ z5mv{lSBu#9@jXwp?3ye9(2>c=`sWWKYD`opDG7vlcmlJjeY@sJ> z2qV@eLQ#l`W`!4nV16Px6usLhne}#Ab5KuAx{Pcq^!}Ir`TSahW+p%cj{E>=3N&Mz z{rHd6{L~1)96SycReJ}zHv01Vr1S?}(@6)f(_cH9Mt#@ZYx4|gMot)6`!oO64Ox2V zZhL?|OltJ}wY!pfl6|fF6O=uOW#Xv#gjzlSe4hS{*HFV!EkVC2NRpCE=JNklGsICDU$&t8kDuXl) z7d3pB^I&%s@K5F!4$zFL6j@DI35*2Mi78jB_|Qt@L3u;U_LxiL;gx%r;qa?II;jT6 zO~A+*=ca_p6Y?%j!{(6o0vs$%O*%8>Jth?2d#}-n%T1Lhm%PqKr#uEr$Pom&0+EzR zznV%h-lTVTF3exV4adnzCpzG*;h@iQ`H}i6Vqh-7rejXvP+-dCq7PZgeLV05WrA5} zH_6lokxH97-`@w&cJ2J!roWc(LABMVw7|IEf!i<1*)0wN1k6lC_x`jH(@l>9f6$H) zyP#Ck?S=7OP;6t1)8muD{>ZHCR=Qx&CQ`Jidv4EZl~h*yA6g0R`ZTsmV7nX?BBK@; zyc`G?&26+T?AHWwt5ale2@yy_!dJ{m8-TH^&;w8HMlejK2^c^VmX`P5GFv^0%dD{z zK_GSb-LI=QGY}_NMG+KceA?NI>L#W>Yt`y=ktPYTiCw|B5@ySM!qb!Vfe@k;y!e5K zqfBgPRSlhjh@R2_ZuU0{{XYREKia^Z4u|sx%~Yqe`NIxpv&w=je$-crNHAxHrqob( zX3J>I=Li17o?Ok|b5Y!*v!)^Zty&5wTh$ zbUmj;QIX2|+Q%%DWwrdV5qXB28LOT^|JY8V_Iv0!%XNSpwxG@Em}N-*aHsV8P94hq zrsU>Mr;T&Ik{S3+XqdDe;!)=e4|bU|NNcq@gWUO;b1qt_?An|yS+36+=;q_iIZ6e( z<06%JdKc346Ta%tX=0DN;bN+*K7zyIybj8b5fQO1;DmX) zq>O4 z;p}Lo9Xx4;D z@e@LQ!=w<#F+jsOH)PJIGei$UNhZaVcuf_0{R2izMeeAY6G{@A%s}m>f~19lEEmIQ zx*Td_#brzILDMYfzZy3IzXR_dGed)&$r+bCwXAJ%)fUy~?)ABQeePbLyVvLLML?y` z-RpDrw#}-~-RpDrwmsJ8?lny9*~RqtxqE%?UZ1OOa`&)utEeeT|q;`4p( z-o~rX-Fwoxd)lOYV?=&T@Sii5R>C&M#bjbNE~#+zHG5$Q-VWw_XA#uQ3?Posd0jWW z?&3rsa$YeF@pyuqe|i@mY1kgf1mFH7k~qgm37n?D76+pwlNv3sxUghKg5t%!D!3SL<*sH;cISMvKnj*ynO(=K@?lADGs3$}YF4?wgoAXzwKu zVcRm`_~kF9q5nu%KTGEL-QZ}uQ`}f7n`;cZ2D{a29Ldp&yWoQ#qk zXA?5v;1K{D{Q$!&DT-rSTTw^~Z+7!c3fvS$0=JJSKv3y?F%Xb!I00M<(>oFRQcnZpw8)CI;Ji1~0 zC#7@CJ9Q+4<`#;L$UB;4W18IF$oF!pKZ$dtq^i#)qm~NI3URyA`&3S?M35K8dxM)6 z45uLwH%GE6qp*9}?>lZ$Ll9=akJwWkUsn<1>(}4>5z)*_jDLI$t~x!y0|zw265u(_ zGAkrj5y%4ikmc`^@9gcuF9=TI(dCMUg_CjXGoSiYK zy&Scy+8f?~nz=&%<4h*EBy~3{miX0Fv_ll6ug;|A517+D51|B#-qoh%3tQ8}6{p96 zw=t52*_SVQAm;FI^zE+2_k>`PunMG|cCBzi4pKO~V`*^_bSx~KUX8e-Bxg!PuLJWV z?9^#S`J9wB#rL0ZOeO3R&RZVZ>R&iOm25;+$X1FwWtTE_FTpXwY^(;cpe_|WNZ*Ga z%emK2nf)akGkod+4i|i;uSy;^;^rfI& zepvbNM=5~4V*oD%NTH{YYYdX&g1i~MdHp3w(#=XQ2fMzHfg~Z89%NoVE3m`dJ~;8d zO#0(KF$;dO!aS?giFgUj-O4+a0L@n&b4X+Jj|kDlc+Yd@4iunVlP09M9JyMjgcsx` zK6!*ORId)QWp07z_jybBe{GTH_c;Z}MYTjnbl|LJB~Koh0anN)^r1+|}tg%i*SKQH^8d0`4n zbiPlrLi5ETPE!mY4}9PYvT+ymcg8p3PjknlBfTCk2qqID4Qb2pI?^G5wwgKNR38@* zi%uvkPm-=1{~+Z1a7xg&{o1$-Tj9SM@{nZHAR)w-U)s8qdIlJLse~iO-1{y`nCz2N zj^R)@Gb*IMDl(U;XW{C?ozvj#A&TW0PpEtOX9F*NR`#vW?%vO3OD`yq0r|W5yghqk z22~?++*O(}Wg0@Ow!jwKjlGu%ZODgP>(=I;By)(rw*bI}5}30aj7UK;Df2N+ZZZ0F zH9HuZOwlRjLYE=#7Y#uP+jvtZr|;0J-!gAGb>@Fiqboa8x@Y~#fa*aTX3>ZvnVi0F z&Lv!%111a}ehNaS?3!gjHXh>~oIxcjM_xY4)Yn^(DGHZ5nX$CUz^2^^74gSwBNd&p zQ-DYdSU;`5QG!yt0g1-@_JAPdN8}`fV++1}Bb&x~$1{fJ^i1A?A2J0SHJ6H;hN$H2 z+R824APBC7*4?tD*X}h-6mtQgc6&jT@XAM}v6*}BmTd@@ZlTtjCFm8uV8spVBn{Kq zp(htiEjYV7b_{Q5(S3*;rH}1Y^zm2lALrOVNmHkQ6q-$n3{?p|A~feeGNri`19Hnn zIv@p4|I%#cZGnLFmiu-nTw~YAP$LVHI}rY8qJs_eeq~p*ZOfcCiQSu7=+J&)&tqkg zyZg}slXN}y8f0FF6Dy~!R&ox^5KeCdgCEVLn1U$_th^0h8*H3Hd-B(o{m!ZVe#_!v zp0q}%QqpP+7XHGIz7N5(sVXoV$A1%Mpe8jrc%52pbR?6K~ z*2lrMRk+L-;I{U(Vtm4!=777w@eqnYqWm(aOP}&MUY2s7kuq}*SW5}fIcgMV3r46K zbEBwQhHOgkVl078S~=*S1yf5<-5{c?^aCjdVZJHmwasPfI?Z}yStYy8RJYJf4W|W9 z*>PnHwvot<>dz)I`+;}w1I-~21)jH?g-8oKrfdBoeNLfNQ!4ns5TXe+Y$}!g^QBH? z?%)jE^i>6zbm`1N+R0JiWOEXDwK!r1If*ca>qpsnClHc5Z9*qb?RikWUnhk@bWRgC zA{Uh^(ST@)Viat)p(N;l(9FzaF`W@D=hecfbI1eE+>m4 z-WRq{S@KMh+OsuhYyaig&K}ohX1pUOsk#q!79t@FYm(3sq&>>b{qDEW-2g#~51=G_ zoJ7ovaVQeRV|Sy`{reS0_Twy~51Lv3Exse-5B53Gy?!i^kv|WD0ge_N%9{$f$5Eru9o%0D z53Xm$#=kZNX|4{ePCJNJ+!G(|hjLPfbx}^R-c7#1Mka^WHwlC#V z8$F1C%HYUAoIj&Yqt<+}p%Wt8Z9(3+Pqkj3xPwa9UQ^n(TCFyuTUQ7F-cOzSeRQ_I zy+1;A_UFk1V<>3bPacTI4x=Ue1?*NR7cwV#77@0b4UnV_8oE~hZXUdL+`D*YWleaR zy=JklT#)uZpzJADh7f z=Ctipi2-(7o3Nt2!BFczcu9)hCfW%j(-`zDY*x8HWW6s?y@xxd0UvFRc{?n)6lvQ_ zQznI=Lx?=bsA*%#wH#_>&idEq$k^fox{s7^eUvX__M5#aEn%rFK`AV+jzMFq6qVlw zk;}j?x}Ut|Fu7i4avdmHUSP8K{FsYEWbF}VbrTX0x~-Azd&KpULq-h5zkz>wq4HYr z@$pyRERXRJtr2pSi~BO+x#{;D^JUmSXf~$$7yV26%kr1_m#1IWr~hClsZ0`SbJ6U- zsm#g(BHPMbvls|Jgm}E!mhved3YCtUm zpoS&SV(=F(FnV2Ti-khAzz;XHGbUfJ${1(5oKIGKhK@N(G3mj<=z|^^Rv!z2M*W)1@uOLdB zb@(LYhQYq7**chNP_uq`F4)C~tFDNc-gwzM&q>dRv4ZXw^lsZD8+3V}F>b7NTvI$F zfI9ndE)s6p8qBVta+P-l@`S|Lc5XFWnrFUhWB#F?=7x(+cTKC{aCc^3ussl5Mb~AH z%0y$Q9&7ACGgp>!1v20A=TI-QA7OuNi@L=-*u8j%D7Gm#bZTq6Luz)DnLQ`9#UXKOD#GqTGnGvsbEmZo>H?M5dZ4E` zDhlNz`~sPStAs})wy2EU)SegOUPdex`8}LGM=e6Kx&i>CMxlcCq5KR5D7J60?QgdG zdL4N^fr<1#pAsHV?-EChX0EZb5nL{5YunKU z`qX#=s9oeiOW3`6e}f*SfdK&_ODh#m*-WJ_r^@s@c~hWSmb0u-fd6ujxf$xo6k$|@ zB2S-v9sC{UXP0@tQt>Ju6Rv({9*=~3%w4l`s8dAez`T*BD&!DrNc#4WG6ld8E`@<*xQ zYz@X7!g4y=X-}DH5D46HF3daP^GYEYFoYxDs(Q{UbSH=qGf5#2uQmzMq9!;x+fX*= zrbt(vlSa3nPT38O)RI3M70twAVGMMYF|k^TROCFVe~7?Y-qGp&8HGQje1)O_^l~h7 zYxFo_DA>_QU=n;UHOSf{c>d@Dz@Cma6U}N;!#%duLHH1*U5*=ZsJw!Qt-kk3vE8BoK1BFJZ_fDEW%KkehQ6Fv?Di}m{z{Jj-eTp{x0!ueNW zH>R6(vj{gyqMpcw8q5C-_Gsjj*l6#u&E{Ae(+;ITO&Dd$e!8CL4sL?=P{;K;jY61x zhhud5y)}BRqoT`GQ{Up_ld!e-{Mzp1Jho+RWOz(5w;DEpWmX|y+viW3=xJ7_pA!0m zwU-iJW?fFWaF;kX#BIbldk}dB*ayVg=Hdyua5O@^*h9EJEu0VlDuzX`iIQe7j@;mC z{0M4l|MeJlSN0&A^wXZ~=&TIklzo0S*-ccjW4&P@ygpjl;bky}O7{0dA{($`#uCTA zBxP*Kf)AsKJrKn1fgpA_yQ}vE01`1TqDYllNRH=hNI~FC7vgRTYT!R}6z}bBlQKVAA$}AIRrSN<`WmlWkbU~hqN_a6oDw-zGIf0v=|G~Po+k0qOg{C5wWf~|$kADKEr`c`70X$A* zEW*Jv@aO?2hlka6=bf!d&5n*N`kLUGc59R{(vLmJHY~d$`r#R&V$3sX^A{wyGlzPoD&=ww2PWCAH<8Z1KqGhby9Bmi4xN7SJn;4VvQW|xOO z3B&U}`7@!@5Xml?EFsG%s#%=#5$);UnG?F)|x+G+;1T2m`r%Y!K|R zDVR5AzFK-0l|72QfI!6iO#bXjbM`5O&;j^00`kBTqNEePX1RdmgEI3w{H6R0dC)#zy&|G_2k z>?CL(WFL2VeI))Sksh4ag2$>3x6rSju4i{XypeQRc~y{IH58^BWwx+f1r9OVChg)* z0wG{@IR^n`lk8ZbT2WYTGIq&Rkz8`!ZY1n;Am9LfVmflSp-4L+w_1neI-QF+7A^Q& zZtrBQ%}4H{qU;+sF?UyR^g-Y)_uz<_GJ6FRyBz?zwgKd-ck>_}aUVd}7Z~N=8F1Ig z!5Rr#e*pCQ0)Sql7C^wb>u~SwF*s~}TPhYB1~pppoJWPof!`GEeCtY}k+KwbD;1mJ zSgL&M4P(X7GO>nybqnuA#**#n!9YC)EL87RJS2}As-$|Y(ye}X5ld+5K#J>#`%C_~ zy@#TubMSK$_}t`e|FjAScOM~qheO_>_jtk4^E0NGyC%0|HLCq(lQWq+9;_aM1 zk1=L8kDu5Oi8IZ}nv;uUwdALmS`p(}W~oI-W5BRPpR_Lu7lMN?@!tH8%bUp1?|4!# z>dK7?Q#rfH*7$RE`_yJ_0MZKVsDKrhXO+!UDLEJ-8;uI?fhwxgG!=UT5D~zsiBZZ% zi-;!|9*e=NS?i%rYk4lSr1e+FL~2j2&o&~WNv7MFY3tjt+=JG6n+rPnMv_AD2#8TP zSW|T1p0OvvRtbkt1ltj*S>k?;D1e+kuuDv?dazP>KZ~#4Y^S= z>;LKi(+UeWlzWh@{HqBqQz6B;ltJIiTG_nMZxaMKf!HYN(T9xXU)yZIT>f>K$iJ?Md_ea4f(t9~LEVWY(K)Ub2?0?z z)uYIL2GU4D`dkhpG?!UBW`uu*YrHTliO!0@Ag+Xe1#R#*D*MXtCj2XW!0;Ntq3G;_ zy<$@M*GQQihE>toj8}$Ru~SD3<5_fe!vWi(aRti-yhe{zs58)BVY@!O`fxGo&kbN? zY*shOXdKhFK^zVL+SbM#H97~ZjS=c|?-mcyh;@^hbPiPwsD9>^QysS144j0^bf4Y> zpi&t+N(h{UmSjF2)As5mcOLcR$4HX%M0WOt%Zd5U5zzw@Xo{I0PnJnsW<+TrGkg`y z^}X;qV;x5h`j74l_-0S9F7Yg6;yew!ESdYMq~2H7q_#$E8fddRq2 zEx8`Et-3YOckMZ#u+EWqi9OV|xxR%;C^B}4bE}?5NeCau+Am=Qd)Y^ z*I%}w>%=bvVUS!STB7vO>I5}~fD{Xb^_ybG9mz=y7UxM)dsq`Qy*Ds)sP3aEeo!;h zg=Hen*ey5#sypBo`=G8ri>NF*jo-mJ+H+)54`!;4NU$BXBa&(=`G+LE{qP{xl^dQ8 zV89uERt>IolA~AsKgqkH(z(p=V=mdXD&2Np7Q_F-XSVH}q0^XJ4}BbQ`r_P~?dLAu zVaxTuN}kjq66h8^wBdezl1Uu#98az(HBBqRh=SD`L8u}w$!bKbw}t10jDRYMQX)Di zIYV#^+_ab>hf+{S-ZkH93h$N3rHWxAXboI%0-jK6Da{?Vu2QCrCdGr zB$k`;Q}(UP--jpw8`vm{vqtVUb#1j+7AhByB4;PDf_KEDjEd7K`yV1#FwB{_=Y@Q9 zPHqPQY{OGEd&5rPH73(k#F7^xS)W?hC%QSi25LXBRK3VVEvQ5_ae*dJW2l_?S3QSm zH2@B01zS)FceJuX$Ii<}1#mUb&>ERSg@ z5F#F^#H|%}M-^QKGyrNqq&3jI zTz2jqLp&T~f=<3{xJiHu>Gg-0ggc#r!b+Yypk%}*FFc6k^@op)Xm)7G$RSvy{R$2f z8ShRB2%iW}1sDhi2@C`YbV`KOJ}~TK{BcuYKOcfTf|ORkhz~xJ^3Sse@f2jO9KXkh z8$rpjxX%R~x%+pmO5PFw=J^5K>f<;NG3z45O+f?EtDHMB)L%MP> zvV|pXt=WCn%;cKAJ%4-t<{kTmnWEp)zhBY6U$bA>FO0EU#%ljE_;XTx^~WEjGA4?x;mO<6=|+{mYN>LqwonT*c&1Q0DY%C#1qhao3;EG*!QR3+ zys^7go4V0;Xzy(mzy50Lt)iVke+%?3-Br(9yUB4J}?$Mv1lk} zVpePy+3|6~@Lh63G`Fc{nqR38s&G!r3S6!bNrEG7=Xeei)NDQN)3RU_X5YQY)=zxh z`W`^9$Rw$~i7Uh#bFSG@t+7X@F=hZkHpm5F3&NuJSE3@BX=Ng^eCwp6dy{G; zbWJ`Q`x=scpHv=`4~RMw6V40rkjd1pxidB|3vX6DDVU)kre(qYJyp5*cklU5A=)Jy zhnR@SdKC2w2{3Rq14fv_<{AV3vijl~;OM4XDRf*3l zkxQarBcK9spjL_Q)-WkoH1P-%71z={7aYRbo_LF=sed2exp&_<$0CJ;8}um0g+U~? zi(I8sRzYUcIW9f-AUa&+0~4k@PrEx9m_k8|(cygRQRI(OJe@zO+;rx|$ean`8l3|w z%{hY8u)B{}AK$TyIHo07YOyF2TpW7p!S$U%V)hv;W&HndMb?F2x4eVuq>lef$RAHj zK_CEv&9MK?KB7R~Z+FU+PS;bXE{xmmRouS!>{)jdE;+EOex#H(0`aW_5gDW0?HgV8 z8v$jgvM@G>2fVZTxeres)db42fQGQ zinXOP`bUc*#*kBO10WiL;gPgq^}dM3mJWzsOZ78 zGti2<_-VHBX025jyZC9wuB3iw0LnGa$vJyK7Bi!kmP!{c#)r1Ynd1(mLqvdA-4UFZ zKWTy0pPT9fh+UTo3~`z+^xZ%RO}+cPFnt^2?}ai$Kdn{Co(QxMl6j}>POjduYmdea z09hJE84Jgem(Woe^eZ|bj837GGj@&Un|{ZR#OLChqce8&d7;feS+M}l!qlbp0yJf{ zjldT+QR(+TEF_wZX&x&KVFW}PCh}b6_K?Ew1_<$sRJzJlD!n)gm{xs}+d{zGPCuQ;;_+O^{OuWh#-d3T zwK|!7!rP-Mo5@rrJWtj&@Sy6sh00xl;K+Ju+cDxzjJy89TB8 z*}mG=vC4lgb72%@kjA~RPdBx!xzDb6!BN=~?n73|eKU*aa9V7sEP5;k7O3zdkf!%T zd2aQ&@?WMpm-r?m@VsLmR3^?~aWS*H=+B>WS@a`;g@M&e{VH@o8-8U+Wqk9W>n>V_;mC96&q>HG;NtmhgEyWrjZhEp-lH>o9x;vLuhCXB9PB3 z5fxQv<7~-|Fkxw#6cFe22; zZ1uNYMUhx77h$ovmtwX2ZdP~Mn0xHIS<9M%frRR5bmSasmdJ(ZNfrwVlv9~3R3086 z2LNHv&+I+Di@_0*N)i!SPa8DE7T#ut(-Duh0K%3s3On%p)AhyG`|D{M|6!?~CWV@m zT1;for!@j%ZUUn~LLyaGot$QEo%Yc>XW0)L{ea*)pm@n#sp5>~oSd=TBH|_q_G6I? zaprIKdNIeIM|*lrcwWKzGLvPD4DM5kef>0ZZ`*@-Gigk(J%}}f0JDY4f%dUJx}u1n zX@Gk_B}x8*-7+NOp+cWTZ}NVBr+g9%jJIomaqzNOVzdDW5^8#DFHr#Bi*!q9d}|0= z@Necks=7vr)qyy{ejfK;xtiN$mh)I?q&_vRu1y;rr!spri)q+su{v~XgG6R=caPS4 z^Aet|TO|0t_1L--7H+L~#G0qGmikFc(Be$j`d`TezcN|HRX=~pW0U>58eZTqWanOG zzYoJbq(CbVGf)+q8j(aATs3 zp_Emu=nm?J%!_e{7S-ZURV>(C7LICIWsXY)w2sGiJ*@{$d33XHFgW=?{^LLDDb8>H z_{}#{c13K*QfSLP<~AgjK956guT^Lm(P$(sMWChferbtCOt&U7Dlpm-7a#^8*|-u(5$$0 zku-3UhWQ(HAsLC-o4huxXqBsf;$T3yv$y;qh6wr;^FlHY-lmO^Tno7FxHB7gA6pmBYe3rB-eB^jKJ;sHga;6KO)2uf4_nEo* zp07M^SIA;i01{9vD>}ds{I%!IwzSckg|ZW2uX%;(Ab#majRpiIfes|%%#C=TWV~6l zF(}bI^W?Z&4n`BdZUKl_s2KEzEDTg}$kW*}W|&n*>kgOJqUs937+E=iRVbtaCF#L4 z#^+ikWr43&Kl+On3bk2tuu|P)-Vz4kh3jo-HT(UtPqwAO6id^R0H^g{(kq9o`rnvE zA2gc%anmjR(iS~kDex+QS_ef?`!(&~Vh$V3T85d*vm17D=|X+&ao|l>hJw79e4?*$Jn+oathT;U~ISfd=;)j89cPN_jJ_(7ydY zHG>Fp7(~Zfl{q;JElD4sRYV1GL=Go{u#C)4UOgy$A92WH@k6$%-H&*Z z*hC=fUCB zd+pQVG}<*gb3jELUIqa8M%IiKepW~h_;7c2qvCfi3d-4k1uzglHfjVaQD|D(6WU5d z-b}Ajf9e9Xk_VNt0X>5^k2Q-`R5~Iv==UrPlu*CpzEg}mS4j=R2$2<7(_Uy+qPuHQoYBP}h1EvS|=n(SeKFXM8JY~bQ zAhvHe7M?j`7Y8V#Jvon{tO2{KrBz;l80OuhztVGju2lRE)8KiQDU@~kjF2hL$h^*C z_(QLFBw%JcK^Wi+8Ao@ zvPi`^c&7YZ7oc3K-Hu9<)hT0WU9gB-P_Q2Z$aSQx$pI$A5aR}Icc#0 z++1vE>$gWipMA9)Q+Vyn9bSorZRU6-YAYxQYhOIWBpzcz*b42>f(Sh^db#tU!Gge- zcqId)N3ZGWdH_x#(v`}2zGg9PUDqwSEM79p&Pm%)>saQy1dyg8mSr051o+8k)wD+@ zScn5!=g|Y2e6Ax5p9OIJ_d556bV#`72-X)3cnwwXgmKEnTChY#JaMC2Q^+u`ZUIPhat2vZ!?+HC$0sNaSbmsIt1OAh3%8D)FPkUmogqV{a&TM z-BQaAiswZXB$&UutV`tY=tyB%vTmBQTV95WBA{ZhvnO0j~{eC@DvP3{^gi z?=D%v^LtU40tl7$HN)?`RN}$zxdYg(KmGJ!L>_M2xIC#miJxSQ!4I09m?BSKPtxqu zlk6rg8fYRpx}b>++DO6i(x|2rDEgFLOGG*~|A!8jis8y^?OaEL2s888y54|$XkL=r zMion@Wm+Z$&x9&?wlx_+8Xw>SEp7#o(rJg$uW|64qAu#XyJAAgWOQW03#Ot128O?W3ki#)F6=bGx zuFO0|SSBKrF0-t=GlO(9FSs5FRMf=6)1ttrDu6~wMZp1HZ1NXU-dXKQqqc3UDi*^! zJ3(yv5^&CTRbBMeAAT5-$!Q*Lw6B73FA>?YvR;uc#uq%^YcCu6-{$6Smg0v zFR$yb)hF#=FRx!MH1mBVDhSb7>W2d^^B2cu-WZeD<|#RVGH(US{9it)Q9P@TrX+H#v71a5RV)j_Q6?&**bDPE`Hb!*(sgDQ6?7>YrNP?5!(vyJ z&fQdy>1q#R!?BXl&srU2qbzpeUN*j~C6k;PDStdYwhBAh2;p;uI>vG!hxW&F%GgIs z(|u;NaeFi%6yV32HD-m4-7M$+M=41LTRMql_Pv7re0i3=*Kb!{U;fIfREE8BlmXX#gray;FwS9s3pmKPoD`J(IS=#{iCV0*QLJd!#TA>;UFb~(FgP#fUAmvnD- zDGq4Jer%;^$yXO;vAmKxQjcPUp>E+%$oa^m?H(+LUH;d_Z3EAF=YvOE+Zl4>?^stV z6_gihFt?|^vn+L?Qkr@v9kU7!R-S}EkGyW6GhH5Z92KWBRD2E{xLf#qE!Gk#va2qv0~Jx z-@9s2ZtsL^?-k9aB*eq zLm&~C=l0&!-pv-BEqx}(iQU1PEvdglFpbwDf9!yn-&3Q4hLG*w=WAMrE#AAgckewj ztYh;r!STm4c;5Q^&78*Ih1`f%BUFXfR;RtHS+J9LXhQASR)kh@1Slde6D~Uwgd6Lu z?N$79hHj*q%exj6%~|W)?gW?9b`EfowjQIZaT7aS)h)aena}PdoS=kp!8Momm1Zu- zsBW=zdn;x0Q);lUU#id8v&p`nwzT~BWAzU&Q#TW~UW`jssBDV>*4vgB>#Gl+xWr)T zMC2R1^P?!Rc33XIj%1>jX3Jj1Bf_w6uE@Nxq1Kv)mvxWtv#Y3hdqx~HSWhY+liYV( zd!=!T=@U3<9+H)|kHQO|%&bW2;)c28NC5+Q#e&XWi&%^K0PW*sTlL7MvU%o$>PQ9M!dz z8Og>oc62oTdAU1wZsu46fsJJLXjX891;7sG{K1^}uHP{~NVBU)F7xr6Azi)xYiAFs zu5C5q7K|cYo%!tCBGt9E5*)=hQe7jMN2+TZ4wB8cw`k-S<0YxCSBaS3cI|fi`Ae$nMa`&Sc9UlPMp;qgeL%0puQQ@>JdNGUzMddQU+I>9Psd7>+VML-Q<@QQ z?BPJ^aG=z29d@9H9jLty2TF$nrH$)wpoG_+50uD2sZNt#*I^RDcV9%2DzoBFJ%|7g zd64nBQSLKaqP&cyu?e>rw+njJ8h%FpX0eD}nRX=K5tV3j# zg%-(zuq`tmpS!Z@NI`=a=B`-k~WqSaA5*N>U2ebF3cm zc_nk03^Ng_te>8zV>qsxW!P~c2bzdkT;`61=aDBemc`ng$`B$w$GPVQO;?@9_-d6a z9xa9TYK(RWg{QlaMr2z6Qv}{IdNNtFTov|guj7MvUSaS$D!U?I!vUc3i@;jRh5tXA zsU)_U$A5amRw9pR#)0`I5nC=XdfSMX?w7y%hAmZ@>!}~s{TA+_g>Q|vf+d3Mg1vpi zQkj)Ts0R(7XYTy*n-SA0+|UU(aW+q_X!fiS4UQ}wS|1qXkGPBtyNAS-->X@nzAzVk zkYy1p|M$lIIvn#({>6^p2P^WgQq9*zSdz-$@!5KIioF?_)7$ZCw^oB#?~e%HzgVSn}X-?K>r;H|4|j?j9g72OBnI1?A#i>S7c|FuqWqFj{8! zh!2^TNg-EB)k^mQNq*l=!#&>w#~dd_l>nF4i7QKF1;QNWMuDt&&Rtglhm<}gj}M1) zDimQx{^vY#P4rJ#cAXG~$avQ4d8}_6;c=#(TsR8?JvU|oSvcSF=s{#L;?_eW<8{VU z!qD)j-x}}hGx8%~Hipf#LZ!TGi%UHs&;19DL~niTQ=`8=myeOK#(??At`&XkP0-t@ zDg{JIZzh6_b8b_Bqu_~Il53Y&(-^qJ+LbQ2HtamR_F70KM;%usKC8I1?Kbk)d2;j{C*5ptJyKZB!(9)0?(FH z@()Y(G%3`i)M6rgk0XQH@*vi5)*9TJzu^ltW4=(}P=WhK6Mp*k%82QyZ!evTB07)6 zYI#ndd^KH=s!SFt9|0?W!6KC;lnSR7>{6_ju9%l-*UJLdt&|D}{qm-}d5>nhHxcsr zI8@x{9Qs$vh4U<3@eJ&rHO@~zHm(lgXHURuqTyzN=4LEnrXEF}%UEdUWP`uclF3W- z(g97d_u40#;3$LN6Da1rO@YGWRA#S4qy*pv8XKVVSF1#}HM4cZ6LIq~$kd+Uvvq6R z-t^#824F<~<|Zx6RNU>U{Oy3_cykYNM0Qm}_q-5Kd<0#Ut#$*}%?{qh?G5`Ymbp7J zPp%5Ibgop&H)E2dkYT>i>e+UOFageXN;p` z9IU**+b5&3A~CVtCy0E4(&L#;Miw@mh7D-^stRK~p&j7IS;MjGZXf))Ul{EC;FPSK zlDd`~Z?}4=+ZQTlYVIR7Rg?JQ_QvduAgZ1xddgb#x^+Q;El}CEyeLGvD*6ZV;FIjV z_UV({!ZGusd&TkHlqt_9W>tW9vUc#$kbF~SBlEC>%(fQ-V(a8r+#_JwpYI9E+oGMQ zwi>G?QX6q%RC(8CyD&W6SKEgHZ*c*fY;jFP)~#POe}M`ezwK)Y)7Pdhluj`hER|-H zMm{gUI(XJ&tZ0#=@tM<+!b}wYu$qlghM|ws#)g5Qa;97aqD7U4GJ%UZ4a`u}S*|%Jan7!v2zsFtC$?W#q_orrHVApkX)p{Z@^S{0q zUS8cS@wr;GhsbCvoQHtDGC8aJzjy5smxlGvyWj2CQQpVtT z6q!w6gm~3lrS*KwGqeWW4}S3`%-rZMEI*Ww9*h(@3SB8Fx`QCH-0UKT3X=dpMc$+?#I6P`y)S%|18b8*gBauTWR(M&d#>1i7O!HAy;&*BMo zM%`lTmc{&$%f#47pM()|yhT{o9XYDt3DHc$IhcLlY^pVGL@@uwWi6&MGrhm2tkF~A zI`s||{4R~fDp6~*x;IyHze}sng|*_wa2aUZr%EGQ_l7Y#I5KD01cNe*MV>&iXbO@j zrg@B}<6M|uRw6f*HMSCLwqm0;g)7SW)!kzqt!dwD<=c%_rm{&P@>FIZ@nOIM$AX;{ zOCfVYk7X$@B66ky43^4Un02=wtuotnT6!gnYUf^Cv5HMUZ`p!f1`AZtl0RDeSOe@I zA-{sPzrS|2>x{{!U}^l0E3$DjZ-2IBJ~W@G_w}%@*{t>iI_BRx-$GsEq0o_8Lw73G z#UryR7cuN0uza(Ve#edwwQrS_IZx<+jYyOr6yCA_`M>`SOBFHg!QtlrceoDM;W}Ku Tm+Sup009602w@Th0Im-J1B`F# literal 0 HcmV?d00001 diff --git a/released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.200.tgz b/released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.200.tgz new file mode 100644 index 0000000000000000000000000000000000000000..107ec904c701839fbae36c9d8f27239138aa3821 GIT binary patch literal 113776 zcmZ^}b8u!s*X|u#6JwH0Y-?iMw(i(YCbn%(FtIhUjXSn&+sS?AdCqyO&R1WZUA4Pc z_rCg{?p=G=TEB}p8V(ceKNpAwjLuj}h1o<(o>R_~n*+e6!ECC^VWp$W&8euN!6~n4 zYi(?A>Zzvez%ONHYX^4G_31*uo%Ew!@V!>3>^=0to7C)idFt)xGIUtw`J{w_j=t&r zXtU!4x>5+el2i#YpSs@S-QPb@E?;1j7BlLP?X>Hn#Kqt83aA7r@;hEEtg)o>F&PB= zqCEhMw3^qOxpZo#{R!=R`iLNtVYkogCf9Z^=wI*r?r-S#e%9gd`S{r5_j&oB+XM7A z+0*Isc-aDaTkJ_lhsEu9rukcNW@sSbRdqS^8O)~!XH~YVaPGkGw;y5**np z*Fb68Zx?J?_o#AKj6*gJevkBKJj#4rH`lTS$djz{6G@3&*V7!CvWpOwZ}dMyRu3*X z3OsXfp_rd+FC{-(PPyi54Z3}v$~|0O=AFKl+37L_&>&BEL5BYCi%YMdt3%E0*kh0h zpJ9RvXQ{Y3oW1ABY@Ha3?-O*JzO#HQWy;6n#btbQn;M-plI&QH#YDH`R8kDB#FCm5 z4={sLA_oUE2IXuc?>8&HdK%a5`%MmLcWw^{%>qL;QNm4+7Cx#HT`f zO@Uf!4eWuSf5+>w9rK@EaclFGkZ<7A@9}aU5r512P~`S*285L?D0wgcar}7hNv5$5 z*K{2kb?A{tA1X7xf~MM8Z`mr`K)LRlK4{s_{gyO~2V^(6WuMmlAwXs-%Rq8qIo7bK z#-y08vPIZM*|uQbuUseC=a2O&GMm!oPm^iJmbG!|$1kltjFf%Ax<7Vw!VyU9mPj5` zOz&IblC~oJiPsCiz+#+dV7pSIo0IFJ{Lg!F>Ze%5oPt;H% zA?01^ql-~d4{n#G@Z7(hl#|gb1+_Nq=U>cN9sI`RoU^1@j-%(riro=ka;*NQENtlk ztF-D{+@D>2FL+2RYYCXNGSf<~#hO>w=zTP>k2pAh%a3Dx_l7#==6niUk=HcS2#3Zy zRpao`r9qC{bDaX8j9E-QxpI`#D80%z0e-e|f3!GmB+c-eltIGUFgP2X@O8*T8qSlH zE{vAL{$|#uM0v#baP_{DU!Wq}9;dIbZ!K5J_n(RkLvhpHinU+MKOR4aPaZ)Z=Rmvn z>19KI-ZOvV{nfkd{G6v@wm@pD>S0m90SBsmczib{2%7Ks+CMLWDOrSuazdWeMZy3i zXo`@Qdp1qG_;h?cf9*N^@DMIH1;<@6!1w6@LhdE%vh=Aa(_+3eQ<%I9@p+Ag-s@f5 zZa+3}Dhe}<<5N{C!DlWC^V6T-|s|DXf8Aq&*xBjxEc?|5jrxJfI>#DlLZNndq||#{byom_E&b4 zoS0p|47+@wL7NMp?zgwY<^5L>?ljIIv5NS0=`SV3Nj1_?hCm~JG;WYy&gv!uO3Kf>}OQoKLF{I5YHRw-ep5Y$4WTScgxkVpaIu`rkjmaR=^w4hj5Q*?WeI;n*oc93 ztbI&^{rAnRE2DOpE89Nn1eJ#lMkP%9k+x)br};!9ceGR|yRU}(QsTD8q$BMD%jTw` zllWbLvZ)#e=qV;ak7aTp>y!K{q!VY`C9U|4BXeGE9q(Lh?KK@>W$jOAo@yZaWq-K9 zG5HIjwf7X56WMqUL^a$dmu;r)l8g1NsO|kU8)h%~^O_FT6jTnGNawAFY=JDO=80sJ zwmWPz;?5Zd!IA(64K0~UPl0c4O*2T})|?Vt;*C^Vz20%Sp`a4<#sbX{KqLR4f~{?> zc%DTgiYa>_a$_hvie_gS4z(^m--{wCJA(vCs0fEeqdkkPJP{|1pd5VEZ#bq~j=KwB zG)&H--^WuV)vOe8Y~+T1>az$!R5TW5qulPNK{ls{Ec7 zEL(7wFrw%D1|8lVD{;Q*9!|SiTwI}S9?CSPakAu1g5B>N9hsJY5ppwtPiw7SJ)t4keQB8 z@s!lD#opg#)#atC)+$2MyQ0xvnYZz0cEj&(ujbGU&E59{?noCHy`)eH1Ek7XfYfHk;UtyNC0YUs)DDWbdO(q(M5=WM` z&&djPjs0l$0fm&ZG#q4@-;npK+d?{`rTQY&OwAN|?m`tJnoi}wA+dhejLBH5?yh|S zmH~b1s^7Hu$q?(3tVLbx8#vqlzw$>TUnS)bb9oNh!!gUV>%a8&w}{lhXr!ucTi_Wu z36;9QYuP5Yu{c4kjeD5)J$B_SJvDWCPKWEgx^p7YUOOeD3Q6K^7G4~(mYm9kV3HJ8 zM`FSOLSC)FfN|?n?Y+PJ9yyL{LLji4o}xhUhIWCH1EV4g5)7Kki4ld-nK+ZuYOwMD zz`kgjdM^GGO5k1P6nvqreaGkZTSDVc{j#3mOibzF1H0pw>?}j7t)S+dUKED&ZEsW8 z%{0Zl=3K8}=>cpo`-=%`WtqGaHNc6`yWmkSAIyGMc{%)XL1yKXzTRsba=2+xsrb$k zyb|U}_Gxs4$jS3V3=7DXRhLrq!}X7G zD1P$}yf#ad5!47^h7D_kF7U zEz%5m22n!WB!z<~PkHHPn%X9&Vfep|U_#Y5c+5*0$O#_7!rwOQagaf=&wCtlocweR zfd1GHpnad%AT(GX^NVJ(CX--~D3pI62LJs>b0tz~m*?Thei z{elsAPxgTk2TY|r3%m6mNu6o?Y2l`k)<)0(2veG8w!6ckMdD zwzIOp=iaw>kldsZL6_ig!3zASIvk%$Lfps8|IK=@bqV#6Bafq+gbfyla4h2&SUF5D zc2h3}4Khi0SP09ok7m?mGe*cVBj{h^W1;x!U7tjL8)#RMjp=Ro#SixJlJyZ)$#J)) z9qxyGR(wfVTMlsE>bh?JNN$Zb)up0onAjsA1n-!?AAT~(J(RyanY32={uV!z?Bwod z&ob9yDq?TO$kw*9;DlOA{2d8}m7+a^d#u^ev14s*eAZmxtln# zV!=d`zxf&OaV0HXGW(U<1}ay1X~pxu`~Tl2=-&bS?et;J_7rRtc#v~Pwi8BlJWdJn zpE7Hgl=5Yq7ZT&g=fL0|GZm5N6$EpsfZnHn&8nHv@D}k)4Kgljj-|b+2~`<2NC65Q$?+|h@C`0H&j%_j<^+1 z5suBBA6Y|e5V-x!V3$`-OUfySPs$~CVVp~AdU^B+ij66BP;d@7|8u2p#e8yE_LkdG zx6xA?Qvo{(G_)U3cb{4R(qL{Pah_Bw&P*9AW08T|;MYqIu{K@!{IkS->Do$cYEi%b zLkalIi6|si^sr>TX6dA$j78U9cusqEDBN##Zts!7x3?ISMNm6(@eS1l$ag0-54$?> zAsm(|G|K69Nx#Y8WrK_d_E*AifPvIh(ATupEX0MR@8((d zQK=*VG_5LtlavV*o_)fP_qju*0Vq7noF9-#n5JckK}Z~G34Q0#-}XkTqdp2s4S*IW zcI>}kJ&Fl)Xc2hmvUC}5J-j&}cR|?R@hUZcu|j{}*246yf42@6hiGct&C*)ao}WPY zf!lnj#=$#p=gIKov&~fPWzS@&cHc@V>0#^Q+Ats)$2g=+uXd)E3NuYjK}^$t%pKH2 zI7D>8>EsmgqcvQa@$9fc=12+F=+W59@HWcnu@u*)Fg@Si{qV&S+_CsDbloR~gx==d?eC_URE4bi@y?8-V}tq2 zrLIaz+K4~4K8#3tDa^E=%hnTr|A|T(TYd;>s*kFMeZcCdGOkNoqTRN}*`( zdNeuOObA70Y+Bl5nbJxZ;p)K`hLgJEADr5fBzlkcZT_SL8%nqB4r1pCSuV`n}VmC zZ_eFc8SnO4fm$Cc8QypINqvzBxGNXf)lm~Soz7Y|IXYoyWH7X+4Cl7gWC4`GOB0Cw z08w2?Nq2kfEHlRDt+Uik@4=kfDB|G||EqEOGzknx1-_PaGxM=N1MS?(P@fv!XC@u9 zr3qdsY@bOnH+aEiCWD7ij!dap6U{m}Fgpxx1=8AguoV@wh}I*JR!7$tKUkwPikrbr zK<-@>6BjdB%5yE{6besoY+X2F;Ela|&@|d}pQLPFgd-jjyvw-<&fuB;*@+L-yi+i~`AkccnBx zgl)&{r}CZ}yPHHeu8jz>y+C{f1+Ed#bJ#6WL^yM{q|@L@GWH0`pUDG7V^U&EqIhMX zbfq;BYiuFq1|;hiy}@$Wdm6C~dhPjuZ*DoY%S%l??^ZVJC?=73HA~tu?)`INY(-b! zdH;Io>Uye7GQ@2$yRK3)hc#g&gmI zgOQi#YKs{ET7Huc?*qWU5zANCHQxUAe~8svRBAQzSK*=Y-cg; zCt2lmvQEfH_rC|^KSrcpSkV1qLWs$BN2GrF4FBK5m){mKAr8NL~XSQX4|M#){w@v}4{0BiE`lo$xgU4j01=S1h# zvJH^ypoW2MH;x4GqNHMX?nfICH@gJi%YCU#WS~!2-+y7vdIfTDQ2;Px@W3o|sMmBl z%uvE$YqIk%HYLUTOAc}-trGEC3FFT#^FHctnS`EiQGSg&Q7;oUC5pmr*Cdo1^n28j zOgFgNe}isUpt)YkF9`bEh{@|Op)V8$ePD7>4baJ;zzCxXFioO+t#d**NjPw68xZ1^ zas|p99_XRzZ{#0BBn;V_3SVuys*?mX{msI)TBm=T5L08|5lbBwi=STjBcwg=1V$ON z79a^7??s!;E9;oXMdTqN*6rzSa3^==jJv^~Lf3XgBU^d^sh%^%O1Ix$Gn3`>`Z2Kj zZdfz5W#9@=meyAno)eW)Tr`uaId6RbqJ=@Zq$h2R0};hfVZ)^XI}?IHe+31zWjm>o zas$ltGysYl;5tl!`DeB6aN zK4tl6Lvm5zpokzRo>ZFHlo-K<*D(T<0f-fIF;+Jun@o7FIKuM7cIb4m-$k-$Joj0a zn!FryidFA4g1D^y<(b7SZGOI9UYe}4H0h<~au4MNZwh&P!g)mtGt!r3Ie);oqz|mc z#d!+iq^J%{^89uO3*i~I_W&YPUSkcm>63{9w_TcO2(py+C@fT0fB1~x>||<+oNA;c zF*gt@>yngI52}-;8EfpfL62{nhl_UC$`=7EE25o7f=n|Ox$q* zpMjkGSby9q2D@g;UBKx)=UW2Ga-UtB3Ps%*cgEposFg3Kyk)j{qJ37fK9ACY_tBN> zz-uO^t#I~LYJP0juM>*zsJmf(;%YgpnzoZ>%G%UxW3{3~WrC^9kp|<)vvSp*b8+?) zDR6~6xg=a#4roV8%@??iXh+G+7CuiFv%7d)6y@#1?yl^1#|bZk$&b%6Fc{(lMZUrC zvt>HXsuT71Vd0aK9K*+h$T6%=cQEaZ5NH7X&0_dNCfobm$#>hj$)OVO(m5l&@_hMK!HxLo*Ky$Lz%Bo!?HyF6`Hew=Wul|UX1g=^W@e-tC_yM zcPkWw_RrB;g7Uwe=zt<&kQ&P0#&g*Q2_K?gnYUE_L~S;+$J?+bejq6UrL+(yT&B>| z<(-7SK{rXh3>@U?b1B=(B>Wn|DVg%(ULBCUW zzS+JqL2dZc+F)#i#RCDI`W1Vdv60o&gH_7G>{ntAJ^*s4LiNi z?}=d!)l9ng?L3(j@4PqNgDy;hsiG`Q4-JG8fwOL!<*I#I;<8=+U;?x$F$SFF(wFu zYdIjRBZbn7%y#x%HSceC|akx+R*4yIo!$(A^1(b`kctWasj1_ZoX~;%YbvgN53jRAV?vu-oNkKT^FEyhp_(Gps<$ z!kDINGnyo#N=K`tkPhqVnA^30DGE=={;Z_%k{=s_l(ilUQeuURBY-NJ@5qHq`DJ6q zEY{*O>2O1rhr1V$5QF%0h|!j-pK&nsh{k3PCl`#$FfoO0G;BS=Q%}IzP9TAqvY2E# zUNPSA0+%E1k|CSrK%J#|b{*f=8~jE+*UqSE%#CG|N=z1j$-u_D zqbX&j9J>E^Iv#ZXbNFsl?k;FU*2xwuR@IrV+Ep95DG~Y`(!Ug6H1{?n8xEBi{7CZ0 zqHOySA#S|yZEvhgp6;7Jd`h4#BMfwwsn4WBdW^YwWU6ooX0l;s5?T|(h9QcU;Gwh( zw?q~J!}+^07kK3>JIY3$gF~&qk$E(Q*3Yd#_zE&rmvS#D?p!YV;;YR4E52gR463m7 zwmSU0L}Vu21Cl8-8OGYugW85Vm)u$HW*XICcD9326n9g_rlEm6Jo%2pg*TIU%);=h zXsI(c+;JI1yMrkD+x==>o0b-q&M}pUX-rl6@WSH)0rgc9Udo!aPk~?rGihIGWfbTt zgYelTh;%>;-?#_cUuLDM>8QWjY>x5@+=#dzEqR~T)Bn<97U@mzDHpBBL@6KnKNcTi zO_FzITE&}E6qWf@@PnfJx6mR>a@8F!NX^GMp>KL&t~em2de7x^)o}X9vaG`O>uXg` zXnDt|2mpskMHIJMiHN~qH<0jp0Sn?mqRiZP30EfRpu?f(^KG3*q5i=P-r3XL?Fl#; z&V|Oe-4l(PER&b%XiTXhkEU81sobT8JnQ@IxZ5fz9&bk>*l9fia!le{N!Z1V^A`ODKJho2foQ`yZp4vtM`_4`{Mq&Pj1T zzAe2evDA@VuSV>NYX7$i0Q>&h4OG4cB|4&@EuNoB`Sr_hF3M-b0H^SJO0Xwbr4PoR zrTZBbRsGD)Q)~B5p0b0oZ2&HbqgiYTpRR%KpC&HlTAhLQthi}IInaXw-ulW*^8S6e zi0>z)+FpeE%+-p0DOv~Ag~6*0N*9AQnbk((R4h(G?ksXU=Q9Y8&E|-1X_)ab3>cYB-&B03TU0T!PZveGaglefs4tQ~p)98i+o>`0@~I-o$Bv?$u-?%tfkH=D z@g#P(n_LM(ynJ3l*^TUVcA;NAxZf^4@XfScb|_B`l{OtB-$_7S{7T#0;O!YVqS&>gN5olQeMy zwG`HSv1`N+pQRnUu($ma+#LUR1~xx#_-yIfA2r8?T_arJYa(WmpXpcSbyKR732A+8 z-|#So1yS0)gc=h>w#MQ!52e8&6>V|u^-pt+-*Svyz_#Mt;}!qF)CE!spoRlHhZ})~qQO?p!}+jir}+oubH%k*qWFB=IJ? zbJH5>5J|hwwlZ5w##mJ3YvJ!{Ceod38w>*oZ5v{!!|utC#;H}!4rrn{l~K49`@f!O znBFre3tLBxl1*cfy_j4M&{Pi$+zg&Lgi+>r|H#LOv+xQ?%NN6S4rb!Py7Qj1F+F8t zqgrXih}re1d@n#lRStut?hl>}N0H`V$FBr)C~x6cdRFx#E_fNvK+GFd`#B-^tM159 z_>q6F%()M_bd?);aui0PQdB>=7hfxrHUCnOypg5MDSK9N2=%$eC^Tksb>-}|d3%ZU zJZ2ye;3tnlOA0WWVP*$uZ((qA$t4`?{gUe`gAY%wA|&OO%zf(6Wa7_Iq@WE}s(mE+ zivoMbVjT|2!qiZ57I-FAwRKxT8+nItq%zmANU6`f&)6S~CfKhb)(Z9H44dEAa~wr@ zfKW#84(S-)3Z5(G&69uXAF&F`Q)q}}z6QmSXUCHu;&uZXm|@W&>lOjAWcQ9;q}sL| zC%+ECnzvNKqsu-gib8UI&oq*Fv%%CGwA2f8tVPCN7blqnb3ae_Mrhjdr8UcMbW+g* zk-sHArMphTQH1XJ)9I~G9a9YAY}w3#|E=woL7fg528X0o2NZ&{lgZK@(Y39)zw56E zx;0Wqby|#Jk|B1x!|-Ybl`PTCClwV#c@xaxWt8)Brx*>Z7?wLp6`a4~XpqfPnQ8=- z3uyX?V@-2Dl2|ScIn)&O6mb0_)SMUe_iz%e+1eCQB=>F%!Xo@aiO8(CXK!6wQgx=} ze1Xq(sVT5wyeG_KaQ2}oD@<2?>8WX0W|vPrJSxTj(E0Z|YwtY!q%A&88DAH=!O;DV zTy|f5gfTvpfDoxOpkXJuJb>)-og_V1*T9IXN!Pr!@y~1*C9$EX9y@H>PP++(F&iB3 zn86B$>9tJyNy0QnJO=qnrdPck8ZhKE^RphixEXkES@mHXAMiO`vmwR0PdbDmj~Yhf zT}RkVq`y0Z;yi;4c@EWbKWA==5Kh1uM45ADn@d$o8LIL#4B~ zGA)vZ{a`V0G}{mF4nqrOWHg)Q&OD|QkIVt$Iwq0JNyJ9+RBY3Hnx84;BgBiJp(;0<5Zy2`E$a>J0Jb(Zc=X(+E?{E48qTqX= z4XNga7WWW>cavp7f@W}b81kYr;>-8)KH9S4?7}UVNe@-T0z}&Fv^n&Pw?VFL=;2pw zRi$Y}jV;X$+bt>M71400dGauV=g4!~GFjzuZWeWt9~C5fw2{Kt?gYG#7|>O9ur6!h ztoC$Biyn&tb&*{;w651NO-%bx*e=yCSr)c^jIJVVEB9L8cB=Nhx7C%?_1Qak%sV`T zl+u-iu~QHm8h(!RYn^mc-8FLJXLzm`{;q+f{ILYxX4cz`28>2_=&~ zC2$H176#Qr%*;zoWw{CGLgUa(W`2Bqiz39;UH9$z=QILaRFRiCAt@Z!Wa@ppJGyvF z&+gg!aCZNCx~sU32zyVVWG`jQy=A`Mst;Nggp^1vDJ@Upu2IE;*yE_gt%4H`dlpXJ z{k@Xa!Mz}&Y}{ElubD?MTZLc@y*T2vVaY>Iy-P2zy_WG7=qu#FcOs9)B2%-ysrOa; zq8wS6Nd4R!$hQ)r#fld&_RQFBF=#fz%b)teuNld=ag8_|Gg12^AysZQMUPB1#J)p# z%g|4=9-JAp79YCH4&)q^0oY`*xRTJVmRBcK6k!h+FSQNlnDaRHn!MzjJvvk~<3*O< z`6jWF#3svLN}(xLnu;iKigSq>sjL4~9-|K&^5PtAGCX(VrnKAx&j>a5I&XHetxM9l zY>k@51PnM^rx`6Hf$1yzj;Q#!MLpLg7d4%O?UZ=f)H7QwU`F+Q5@0)9#4rn6Xj9+O z(^4n>$0p^;RQ%eFR35c4l?Tk-aYM#u)MZvF!4SfLavoA=6|8N(20JK6a4PXvYKX8K zH>NoW2fF-Jht4JVS8)?kI#7U7>_Ot95Y*0E`$J0SgeAhpM&WQ8HX|oXB^OFgCS22J zp^^?Ng#zTTTmdL2lWe{8rwF`_Gm~)q~Vo&a6+WK_z2(o=NtSo^G=Y~Z3 z;{be@eVQ!}ynm8!9L)SCVR_zU4T|{ZI6JV&EcHpFlr*&xY~>POCopo>RJ*0F1r3-l zdq(`R7Onc5t=YWqZ}#Pd&U-gj&Ibw@*niA`H+Mp`k*>`Wvr2!hOH4V*aZkG@dV9oy zLt0>YV>&xcFHHe@+ggYxym=!!Q9JT~8?n8eIF=!}Mvv>#;F`X2qt&*~cjcZfK4x6P z1{;V5hD4U}n2_;h&%LY(jvt3#S@XQoC86`Z11o2y1RF=h@&CL~Z~byaY1OiNlhD=* zo4=qWUU<3)Z{f0-jAz*05*_c-kN@N?IE}I)8=ns5~z;pY%pG*DhQ`OC%7&bYBYakd&xJ(>RnF3^;&$shcsQPOshK>`JzIDL+B6d zG2oY4m{k)*_CH@66U)R}{CE?-cgoYY-_LZcq+Dn$`@Ke2y_VoxT>kBmXj|X6T#@b! ze3kM-KxWAf)(gxt{qI<(?gO96a3UMpMU?$$)pcu;Ua&Ss&YatxuOU^D==^CR;XUpO z{_jO!RqwnTebt2~ITq7Sr18rO{}Ykr*V?bET5?1Z7V|$ul2-&1fcXWKjHy58S+$(z zff_Xw%Z~>)$Vt6h{2Pv*Psy>WqiSDd6xvWWduQ{GA zFENQZwCwZc{O)}hs zFs-xVVw6(Sj48Z^2(6S3wbTuJOi6Ymr^a;i+_#K5G|1luC%+YN1DN6xN1qsJ;v?^| ze(mNf_z}(!z}m{4ZhH-1E(B^PbFfh*ECm?z3H&Ra?%;*rn%U5@60w(0qR+6R$cT|jGFQk#nLK!iUDI}QU02C@?Vb@l;d?AHfvsj&VkJJR=yz3T?7((Ms&EP9%tp8@9&f5*lyn zD0EA=2zuKhX6hr%? zZQ2IHLFwvdnZY-bvTt%5|J*Q;9Aj?UgV<(*itjAMlV-Kt69$dq_yX7^5B?a6TkBY0rBV!v{&6#M+ z&%76Mo5eYZP{J&0YW`D>xmCZn%uFHJA&#pa5%P3IkC@5Ye{2fA#Tbh6=wR@*?qS+o z&qaz$8_Uj4H=DvzU*`>m^yi%3RGa^E&IJ3cVrS0K*Nw}@;Ix!RH*e|5ENN`2HD%NM z=ViJ>{I6A!1SKDmAadV34DE66i9XwcvT=%BVCQIi#}nFJS23Vhb=N*z;-|^^7`XU0 z_|=iyBLR_qj-S`ukSI4r%Y-j2W_HrGRobMbvj?4j3gV}N9`zy(4Exb4 zHisf!*6l`k&`{vN1d@*H30uxw>|fS3*ry9-SH7c%TseV*6C(a-Rp5DG-fTg$d=A}c z$UVd80q6eU8jePiswPukF=*rLWT7|TF%@V>ozCx;G}0(@^Qsu3Q%zzkF5u321>=3A zEaXd>6_;APIdKA>T=%M8N*~jKJ8YAA-~R{{W%ZlD>rN|wheDyjX0-g)6#D5afzgp$CQE?R<1{a%+R3EJk}tmw*bJl? zsf{Q0Rd7m_IdYv<<*~M@UMEgUDG2CehqJoza3p}n$>N3UZcKi@yiLrT=~Kd7-R_dMeCpkChRl`SA=Cc* zM=N)1=iw@(f zKwZxQ5*T9}=%#{-*z;@~V9DF-x<0tU@v_Nr9j%;jMvj6Caot-C zI6lUr_Z*KId+&iwlP&^86mxzOdH>~kjs3fNMw|TwRqfw?nt-sRT!`reZ`vv_?mVfe!pH4wqpfehMyiI)|Ng zjlv`&;zgM184e`CXRiKP@17x@d0N%X0b$XHl=weO@AAQxbqZ0$N!X7YL*qmhg=Tw9zbH`lW1P8Qdm@*6H0@x`9XiSvoBr zorid}(2T988GXXGPaoCX9fEGlV}ns57OZ_h=vlxIU^0g?rb4yT)tbngAZZTnZ1zoj=jRvSlw;AdzHyYWo zA;h{?Jva~hHbyF3(POqRWH-u;fD}>n_nsI)e!|;9TTgk*RjSRhVTr(|nWQ}AJDDfM z2IS_zmID0qNK#E3Jtn0Yoy0X9M_t@flWxg5gI(e%gWaX=^3DAW63Bsm42r<^cV)fT|)q+O43 z7V%dD4uq&F;v)iVX-zf!5&idb3sEP<8*8J^3s272KDRZxqJ%^!JBiM!LIt|GcJy#y z%UuG>_P3m~liT}O?eaBat-W_V0Cq4J65j=r_lF1Z%va&c;q!$+{-g}7T-S_M zJEX?l5t=}?@K;#-+ydt{?Ih^}QAh$;k6x~!-ll<{zvu1OEX>6g)C^@IQ9p8UblFd{ znv7I2j$3`NwXyhT*g-BrJ&m+QjRCo}+1T4$W3>^s1DJE2g$kG+3CGeCX|C^D^tU6f82A$~~=`<-%)VmWF^^Y_Hd=xgQgWoT&(V(z{(6Y7S zyk2y(K%sV9jk%p^mqQIP6luZ#@$F(<5TMpD5xPq4y%Qqx2xR%}u{F@&>fwPjHctQrYs!LpLZbAO7^y!$;|T!*(hvCtQN6 zsa>NxkkV_w40Ed~9RldJYqK@rxb@XhKlBzcLcjUhz42yp_HA*tFY|Ik(dA~Y&+Hnp z2|P7TQzVA{BySw#;qH6tYYl5){xOy(d8PC4`ixB7<4;a}IOvD$&016FwS2VK=>X=bZ zmqswVezjFKb0AJ(OVPTjjfm zu}QsV*{rHMcbgS(#p(bUpTYS{oy0S4jZwJ|YEu8U4}lB_3BCIKigtD1w;EHOG}buJW&*NM?RaJH@DkAcmA03C7G~Ga$KX@6N*7rP@onX+qj}%X{{VO4Y1=m z5|zc^D#IDbaCE@0eHSV&(7f39k73(h{bSgy4HI>V2&}}IiXP}@LSlEq^*53fja414 zp2OF;+!mgcTy!{ziAe;au@r{{=IvD{{H8ib_H$t$Z9+zfLyH>XuyWEAeq?kx_viA6f5iGIovy@%hTX=TTGNeD7S7Q{-@0YFof}hl6KKx?Q znF^pjLup#u%xgMYkGJ7RHC_<#xDwW~LjuX~Vj3_V^}T`+6>r>bG@+UAb3VpyvT=mZ zM4yAaSspdgeo-{+SLPTP5z%~e`1e*fRJ^daFOg^RniYOLt(#mVIxod1t5b~nYv&PO zEP6j;QR&#b7jNuds(71gQBvKHgi`B!QJ9uD644XRIPHg&H!8@S_RmYf(QXDIuQ~{1 zk+2r<(@-5wc)SIK5Wc1bkKX1Vrbaesciy`>-xx&wMsn`=@6saDormmWCJGs1UcAD6 zXWh`EIhi$JM3b-`(aQr?ENbb-+fSKrO@yse*L{~uRhMtemq1<`q?=p7eqq2 zg?&a(LxgwR^b14$5glmQ2y3qg|7)l$4Z@|vI&`Xyl6z5$kis=t4MWtihTDg5L1Z?h zjnVRd(5Ent*X1*Iv@ppxE&Hk7{{I*HgwWmAM6M+-^(yZt!u*No0%jcx7Os;aO0CpX z%kvD2uQFr0`q1%T=1J%!Ve)8MMHIVOJ^kOVu)ZC%{yz{Dc+Z`sCt>3Da{u2MNTq*Z z^!&XCc8VLnQk2-=eE2LEr*rXnZM>Bwab?-aWIvJ(l`ET?$7sId&0u7((npAR{w$_9 zb+(Oz68FNBkoma=u}g9P!jBTWdGpe&#YX1{V(=a=TmQR9T*Km}acOj;`q0`*GlL_) zQQ@VF+qo|4#LsoT^uuaJvGY3Mqt2$+PV@Rf5Ozy+L09cFGKOSx*zaX99XO5@75 zc-cY=`SCMYXkv@`EOxPJZ9au^GQzOu&2KOxoy%cp%Ca?Bmn!!xUh z;S-;w9N#^XUfC8nG$Woj#l*q0O^T@(zBY^d4v5;QoC0=JjtYB8{yn{AHXorXFUJf_ z|H)?ZH`y(3s*f5=oPcJ zD>M;ZRqmC~gI?*;St0YMGpH@)uWgew&O~eU&5yzOI;?Mufn6KmmN(aJ0N6H&v*9nW z4HEkRs@Yr=%Qs@c6R0%VmUQC1hivS~WE3K-HiLd5a4?{vt9^fzPp?)ATNjzffIFbN zWnq`pT9A#Vz#@-Sw{!`p^nbXgZTJT;-on5A#Yu+I(t_aS{|7zmG`@Kni1_SwQ4$If zFOm|pY01Tl89UPmwr$(CZQJH8+q`Alwr$(CT{ZQ0Pj^hjykwj>x$`mO zoLFnGZ>w2iE1r6O2QP^~LN<<^s1hGjmAf~W!3#9d`Z}pJOYH2rXv_S3ZVkbtWwV4{o>B$lNb3y4Pv!JYDtIJ8y zd=E~Y3hFy!reSk~{miRrRy&{WZj-8GhoEXpj1O{=EQmZW%R9TVLS3(G!jgCD>4Dnw zoLa_(Qm;Cnp{@I21F2^&FIw3Nt;1jr5Jeh}e4p?c&mG6tzx1vHp^gn6jclc0+0hv@ zJU;Ubv1)fY9!<&n8|e?pWXF@f5FQ@O>HLrDq+rd}{RYJ<;c1nR^fNLDp-G zu}Iwk)o79y&&H{N6WYC-jLPX_U=!I5|6j)wvh#lpODfI(*(~c~7Ts=@_!@XE`Q1AH zt+X->9n>oH zpllO+wYfqbfzmOe34sh!)<&_~OmX_qSx*i8dHSX}l#=(DGvZE+p_+8qFNk6hhGv!e z9B?$X+Bkp&f9o9BDAiqnX|6oMOk>sNa#0SYwjX!W0(`W!ie7m~ z<)fGM*|B`Ki)pz#3R!)!Y2PZl4zyzya!P;3NW{M(=Eg@&M8|dR@;vS87*bG25L82+ zc65B7{6#D}m<7Ssaa1FiPO>s~EYfzO~KES4O8Npt2MTMP6tWrCt}n#YASqg`VxV=flL> z+r~siHxcHwQpW7RY4_oQPOlLt-5(fqm5l6S$>Ua86^O8vO2b-07>sRjl@K>WtLtNV zXp!K%epx*qTj2)EAXH_%3x|TUxZI!yW)lmebMR-tuDe_|l|k}0UpJ?>o_#Tr7}5Mq zVDNi=WWzCI0Mea~(`>|4oSR4G`xkAJd;1z56D7xJX~gy`Fb}^soguK^ zPbl2;;jj2stsJH0hJ)+>$vCUp7_RI4?Rq|-6jcg? zohZ`?)L{Z}7J0&vx?7^y9*|8~t_Jqc+^!nx|EHit4)$WFKAOeQ50Yh)H`-8|E1uDf zyms7`bo{|sNa@JsN9z^1!eZWP-6x(d3m}6qimEpD*}2{g99Kd)nEov=M%YXdT9k`N zJF};Z>Ta7xZwV|A&xOJL#kiUDX>4H`8BsZ?0x>n2)LDcj$V8JxkD3q#(gv0zq4S-C z6y`A88kx>4RsSRi?{FEskE9Av;`%0K76_0zHM|>ZS@RMEqTpRu_d4)f(LDYgwBN zz?xJtj4b+E$dm_dj%KK0B&0Z2?k-Y3CYO40NaA68@&e>d?KCcA*b#pkyp~dNg3C?~ ze3~d8JaQWp7B>UlKGce;=`u2c&NYLLZj%v&i+?i9ZXkF=cmgo!D~QKGJx6^;Hnj-w z8_gBqP}BjbRo>9%NjQ$c$WRo5gtrkRu*4DYg~#${_bpnB)kc9oCB(`X+}7?5CB91p z4_e@!VF!a?dmsl+>l4zIi?u-Z-X&k4PE1i**UE}et_IR?Au|Uh6-_kR>faWm{!3ft zcWXr_>oUEX0lHw@++cO}p=y861ppu}YDPUU0bE8rzlJFyG*_OUuokCZ_`(SM^M?k_ z2+*6O8`p{=kZo>S^KxiO8+sEzXF!v1@!gA7(W54mX)EVWXa)mm z!V?A!TF0!D*_^uSqRi&s3f9Sl_qh%(s{b`;wIJ8eBrcjo*nWZgK_ADiVbK|ui2;Ue zL#DU2V%S#`CUdcu%@6WFo79nO%<&Z&9ftXD zf;pU&nX79(rvVcp!y;3s0FalmrGFtwkDvga(k#}2QK~v=AbKwqr|TCn2 z<{`Dwd3trG(NCYGC<-6)j3(=pie_m66Ya@Hri;Msx9%MfmYbz`)Vczmcu+tfoH3l5 z%>QL4H`x+H?ev8Dkh5e5oPtk{_?WguoAp;^$j{`vTGljL3Oy$mi!OS3yFC^0R+WMq zXV!j@Yqa2;0v_tjlRntaJw#!MP4m}MwG%XSA0#-!n#$Nqu7tn%WW~YBl*GDD8tGd( ztG>uw`SiQVD6B9J#oaNIw>13ZLF=6Kym#~@PzMdBg?nPR+0jSJC~@g?Mpj#Oucv`( zwxwvVBo4@pOMw3yep-ejJLH45fuPx%iOxngnPiAlnzxX-Yf~3pAFK2j7au=yI^No6 z5_K#;jli%kz_-kUt~n(I;~-mnX{RCDm7NuvfYrDgLNdV-lpq}fB7DC@VU*~QC8P&0 z8|6`<5|j{3BvFSf!?(!8?^~eHuq9nr=h=`H)0Y&2arVq}<1_&1W)~&g=qThSomSfo z{>%C1!f%IN`|ERFU?{zh{KxU!>ES4Ty!nsC`9F^5Z4|}VzzOUB7@1eUm2RTH558FA zuHSmT|EE;zf4xs1+QuZeLd{`g9Clz|8dV3?$rDwfkMEF{OIW_gfQ69Ffw-t3pcE)A0*;)Snja(bCAT1HI5AesZ^ZV zt@9zo7@-${URK67324gzV1#KvegPkah z0B%s(R7>_Toz8lz+i>jHVB4>QyeYN|16LD7t3uHR^Tq?3+Lf2;K!l zBs`AE8B^RafHwr^Q>MEAMl~+3*M&x3QX&B5f;(_9_oAxEz)^g_TQgUd?A)Cl-p?e^ z;E$3v8DGlettGolG*}D9wyHiAXdk&8@{~)^XVct7Y4mje>{qW@5+p)XjT{BvAyPG| zxBxse1vBaD0xdq(m+3cv=Tbqq=Lgbrt1SX?Kn6l=+BW7(}&9_dSIEEv!g=bKYGXYYQ41HF17HEQk0J8fg zo;~8aSw7RYXQwsC9V%+%B#zKN0t(_x?Z3-;HapGtBX9Yv47WyFVmc}0*!~#!@-#E*US1T9KxLp{gr=Ye zSgwgIs|KXgC-!pcF9_V&D}&jqX7M#Ld!c%3uE^p%V%rV4UF=Jqrqn~_y59Iegk4*~ zYFi69XFmO7E;5u^!?Hs~J3J;Kv#nrUAeF-K*q~A%t4*W}cnWq8ukRzrkO*b^f{5H% zX;qW0pSWTO5ZD5KVc$-l4T`q;HU8_g?DojXWFxMREJ)w(?nf?KCPKL}fnrHcYDip* z7IJq2P!RT{08~)b{z4dH3-^+k%&_9>y8 zaP~pw2&SQe9=E60Ry`f=y*{pq(HR;%2Ph8b&457c>|CcwyTdJ6bDEhl{9%7BWxA(e}9=&}EyCFIJ+t#>ir)`0bD_FPK zCtGUvw5K5EFC96p=!uc`%4j7y6PJhzskYO_!14CDv+6aR`v$mze%Bk55nNE$5-Yu0 ztA|*|Jg%}IuByf@FJn*%b=NgB3?;COL`pQKV|*kEaZ(fB-#_Gf+PqCm2Tb#N9`s01 z4MQSzMahvQF9Oyw&7QBRY>#WCW{}M=J%zMmQ6_39>d*LZvk|AJyuFz-A1;6w#6PmJX?xA zoQTsFVrN1bojR#flOPsIlRUcgbbP*S44>Y<_*+iE;LwvA!`Z#%` zqF80IZROTR|McSg77)}i{`Ew=Fj>l61GWUQ2?i5yv>BOdTPChkdbi74PM?d8+Koy_ z%~-7SFk_=`wg#z)Ls{4}t3wazK9^47@)%X>+4P~%IYt$jO$X@ygvyI{s8*4qmDG@T zQ$NXCZ+xo})(Mi{+&^=oj&3|5+%yP5Vct$5))-v^yNEwC#b}c5s zr6??srQ*pO(9r(k!m=JzX&ZjrKz?$BPE7&L3?&$L$B6JCs`Psfgj%A_EQDUy9pAk4 z3~H$C`i1r3rZ)J%dO+pN*R+qXlw$-jK)a1Ak%&;9kSx{& z$zLZ8is8Z&3v3(_J4;ow|W~f25hq~!-M|T zQ)@8=V1kQVqIb&w)lTsd&E=wB+kx8E>2TV>>HcbkbIGZY`-R91$z!+A@5E{0%ym*%W}6M&@b7*>ua_*2(u_@pAqL z@tkaqbM%X6Ts?tPn53UGt+UOL&Wozb+)n9kD?|taEp|q5JgIjiyO~U|a{N56NS!!9 zriPto9-wR{XDq+0CXbpX{JHDVll{K>`P`XN`(+UNRef8%?en?n^XlDEAMmO!{M{M10itEpK2z=zYZrBVg$mDheP!=SAkJ@C7@g)Q2@Hbd;d*~BS_L<2 zFH3-F^v<45SoF{Hg{Y3O8hPy>on=oqer;je1&X%#ig`MHw!x=9OO!NLqBREyXHs{ zmKy~2U#`$Y$soOAq$|_i~rVOY?^=hk%bgX9gH5D0lOes8Ci=VK@hdp1O z0qB*MWQ5C#|8~Q>6MmDIe4Atmk`gkU8+&gxDAW?4MELsvTFFiWwU35(_rokaxp7`UMYl7W({`+|*E!U+h62lFHvDp?pK#F|eImNLk#C8qVQ2zQlbO!P0vwa? zj9~?lFH-Zoo}8~c$y@Qi`R=(`3c?$+Stxh?w^zSrsbacpT6JvSp88v#tHRlE(SX*Fe=%G#}|08AJqaXt~cvf0HVHH|BRuvLC$d%u!| zZs#re!?^9!!Nv~w%yqtQa819dWyN(BMffsj377HUTo|EKKy&-x(g+H7^qCf9g3qr7 z+|&>O5nakDbAp5{@+e&D7V4B-iPh{fu40gha-hcRkSipr524b5zABob#A9>vMt!#G z46TzB#6D}Drv8k(6MSwQSFk<(cK%%L(swmE2%S^($Ct#_j>JLTz|cJG3)FHPY%ja=7rWad!!Kvxh3&}}b`;aXCJk0w9-J`)(* zPx%oOvPA=SUKrW}OpeQ){(#ZzX?rggJ8~J=EPe1so3LAAxDYUgH`+|+b?)Mx~;c$iS!kA^J`DQnFI6Zs# zEd_>TCvgrZ{>+8>&0a2Ki&@Y%rQ)l(0OX~xv+?0`Q8jJ$c7}oL(UD%sO%%3>1{Zf7 z42!iM@mur-EgK=PhNB*$$ji>g0`<2vT1OZxIAaXJM7r1+aypb(XK4Q6NfphbDZFQP zLyEf2%{8|BcV@R`t=k8_4T${d!Xk-WlP;x8|AoIs&V!TjWam@Xu_2DDOLFJCl0IdggJxakQqPY`0bRo$hLXxQmDu&0+NwC zur+ra6&Aa!525`ZT64ftel99n^275;OO+t63BheZm7pLXs~7;sM!?W|-XJ|sC`z)s z-Aqvbl&kMm3NAOI(!GXnuUqe4D}K8Sp&=u-5$Y8yse!gCwS|j$I;IR+Rm}Tr_%}=E z>UK2};q9Z1@m3z>+`yg#0m3@BF?kMmgl-uubf^?i(?m-lD;9 zi<+*c`>HyJmA7v@u%jN@pF<(Z=w(oZxku6VCaU)h?V%VIND1;LVW(J@#>iJEL<{`E zEDek*NOf!%X$sMVOiKeS*)2@sMQu2U7Zm0n1_@McZrL^Ud;!O&OSLd%EkVed`VRpy zr&#rrXUUr(k5a>N0RQ7K>DU`65;+aB@fUzdME7zW>DJkiF6Tt|)2{$nm_0+3NZvAR zHr?IR+D2n!23(%FL}CC=h0wk(9cfQ{+kM3r6M?oT(b<1qHBr&SA9ft zHm1*9^@NvV!QO*Rs@&W#Ef8qLox%mrJnG%C@Q_O6n31HBUaIUl#lF0r4cV_lnQxCS zybGGMjIekZ^3RPA)q?%j5zVoV&!OEpDUgoDZn6&%KocVCN!nvVbtrfqxO|9Gdap8R zji5^=(Rv$c+x!}OKUoL84C4wp9=_93p)2|ZQ34*OH*|4z<6j;X3e;fUR zZ&W280hwsiJPaY|`c9FiN>zfERu%Wuk&pqSh2QUkSFM^XzeivrQwaCxo}B+>NPX(| zK3xAL`|(l{FmB}^>Hy62{PFJgg+=}T!SAu}julyHIK8fh9JH-&!Lzuiqshy^6uDAe zua98bq}w8;euKo=yZa2xA50RD>^M{DOY{DY{8m(T`Fqx`ivf3>O|AZRgDEr6gkO+1 zuJD1uhf?YcK6B=C+(e02@yVpWzat%l;1n4xHqOXhqS}8l8L84!LMP?|SHN{>Wapzv z6(X(!3$Cd;JPq28tv!)Uqt|135-8R=sH9FNR5&Ln-A1i!-Gp_UAQ5$h8$pGy1p?R*Wim()%OK(^5ZJc?i zK$WP0W3q%Q>%6qhOT#nHg7!f7iLbWpR&6ro^^HWQ4_< z~yW@7Uj3CtYWO_2LGP)F6YRl!E5;uQZSygY$=46d|Qu@ z2wIb%!2O4K))iQ4w~10}6*UtTnG~tN@uA)gLD7O{l5$o1owrbOvbhAYIS1@8(@C{oJ~v3Mfb1dz&Or!3(M~ZPdo%e zAlwQI&G86p@%TlSm!sE<;{p!7;-tq;W?6RVZc%yIvtPEe=WSIUCxEJ(}Yp05E?8K}80u&W3 zJC*uSHlcrS&(0&PVq{$2yQhlSDore4b(xBq08}@K-d>OB1gE)*wB@H+!5!x_sz05c z2s*Hms4II)tc>Hpfb_;crTKq4fRa$4KWOveg6+`ahK&l}3!Rg;Rtn<&2^5)rLtg;8 zT&hr@?WA6TgNoRzi^cbmV+$+ejmvfRo;Bu;Pp+g^ zndV$nk)k7<2WPvSdM*paB34|yR0?txn4{HGxKg`L=YWg|R>_NqmS!pKoCEArOvlf9 z={bGB9GbYO#63IIs|pX`)0<0d2q}Dz{i}kUvgq%4=h$P?#ti?b&!p7qfxoG$D$45i zrr)SDmra)v~uLN9QE-B4`$ljAqOzQi2mKb5uK;Lb%7dyU? zFS#NRO^mX1syd9?y7ygKa&_cg0>iT1?$GTwv0~RY>AAgR@=>x}Eo{)0`oh4!+i2RN zq-2&pR)Dsqj!Z)`4?0TISI$70Yykji!@Zo(K^LeV*x|4IY*SZYP>3o<2)o<>aio3$ zjz-Nl&q#8H)q$oed^R%a#Y8RO+#D@63Fm|SW~*cwbg3eNZ2GC1gw&Wb9utWo0BTJS zLEwy}Hp2tj*bl79l0i9HwPGJBAs#U5`pZ7S*XDqToq^4=s-=ZkbM-4yc8FX28Hp@_ z>Fuq8Z?7`|bf$~TbHrF;@}KIc$7BEploC*ZlriX4f_}4?if!PO5s!6`p-b;BgH^m4 zsMqc;y-K7uKPA*&OQz+OY|o0_Y@uW=?nC4aodYlK!boRW z+8#G384zu7=BHgS()r=7_db zArciJd*MrA?MG(KX&C(Us!B)c+>sS3D!PvS?s1hYe3tNG*A=FSgLa?WIr06jr49o8 zBJ698@esmcj$MIJ6)DzO2FUa2`Lra`Sqx?3aqTUPh^O*6@ND@PXGNc>+~W`UAgRk; zTX;Htd%;niMLTHfu5rXT=)$5Mf=c1(rjMo<2N#O7+HQoU({A%G6G@wj%*WN|CQRUG z+V6!XT&751__@==-fRS_-H_CaDpJ_!R;o=0mpfg(~Q!%&<4cX+4M6dG(fA= ziAXe4YKf!dcjKLc2!cUSKqC%*UX(4<1uDUE%$qi4vuOmk97)h&J&RmB7Q=Usv;;n5 z-=D=>moxP{SBQgyMwb6zaOwZkpyp_)-h4(`xi5W^SKS#~lZQ&4wx~#5)(4{?ySg8A z|3me>>fCc759OHS7bvoQHbYaNWsyk8)5BZ@EQfyg(>yNWA+Ak@meUxJ%R@h- zu3X~z*M?H)`rmjTETxxC4Tq`H7i%G%3!xR4J{WWUt_5RG=YhwTY}|R>cJS~m3`lTG z(k&+6)__MNO|g#WS)8=(77J&+j#K@DQ!)!gpVi}8o{gmq1kV}O*;w5RS>#jxf)m=^ zz2_N3nrtqB7FORF>+4Ox`l=%*J*|_jjUQJw2VQL}{S%a!IH`PLBs{m6`H^aQB%)|* zXhN61f+>KI&F(07@UH6uNK_da^a^56uFi^Z#T(ppLHyGgH;S{T{Z8F~<0g>-ywrBH zUOw>(HtzQ&(xh&#LkulbcWX0jTsthP}D4yOED zqNzuDU_%Ho!#@oqZ9Tp-v=`q^^=ZzJ@wL?~wgF3J1A@B*T;Mg`@_D6bYsXT2WnxzU zz8#+iVe?Ejec>4#zmpqB_Gl+d@XMnO9@)&K0XJz;Gi<`6<_Ot%>xXT)o!sdDjmwaH zED_pgF_4r{Dd%Q!9yrPv{mJQav$5S6{Uh>n@`kE2tvuFEqUf41c6q?W(t#o|eHuk` zp)Tq8QX-9Pp1=b%htABO?sWZj)8biWn=6oyhflE~G23A&Ck+VwrQWq2tD+Erni^1x zUQ0WGYCp0k+{)04eUvgZW*b255;-YVNQL7}Kbs?7&2Z~!J3k>Sv&5xzGL~D`PYtVw zD1lersQxU9-Yz?>*vy+q;o}0OBqTgnRW!-TOKJe%z<*}t zNaW}Wg_c~JS^o22RutzoDhnc{kah;2yL~seZty0r08*>fkfK3qN_zM+>+$uv=h@rn z`)U8xsDw%UX*1zlg|d=#&}a;qbC|nr3;hyw*jyIB>Wy7RGy$8k3b!WYhZ+ z4)={z&|Z%Sh1=X~u&!n;g-U?(z;KOV#0WC;aDvCDeKXa(*cEG{b-t$C4C*&)G7w%P z8ua|d4SVu_br50k%Iy!h?h<%=R2AgI-PeH+$Z)h9kXhdF(Lt8Zyl)EZfL@D`TRf;0 z^rKHuyQQ-NY&!q3*%E|0;USGZ1WJ`+cij%g{e!2x6mLS!z^bX926)xigX<#LqMBOlSxQkBgXQzQ zcm8?5wd9=a+k_IEC@F0@M%wB4P@q37s_bsf4%KA;{@0Zav4ds~rhTQToylu~pbI6R zlZ0dmb@`w1U-M)GT{DbpcNIog%MBs!WaF5bk}8v-1cRKq=wxepjOUeWQn@J0yT)r!Z$S_ElAh#J2NFVF=*S>O)6lj-;l8jXEKrM^`DSbw~RqvhX_uk{Q z;7ysbV9ZYH8hn`{tKo%>xellHq+znv@>c3<`zZl8&5rFn%UTby%4GLZ+!gCe3<}ECYa`f11gMasnP)BrI}26M7_802(jH z_^+7po@bsGv=$Od1a&ou>yZoWnZz<`+&_fXhT^^V_iw+*!-vJDo~^Dff3l8yU@0@_DQqMu}$+l@p*8@JB~_D9}i1+xi^7Yu1Gh5P;91%d){ z=S7{Uc;Dy!v)NIB3`e8hG#4?5s;Bp%oZ`P#*9(#H-fh!H9(uK()%jz8M`C#H_h!aJ zLp}SY)uq?}v4!HMtVeH%PT?o`1t_0TbZMchJjHO9|8t{3J6@wX-uQ%RCc~*x3(KG0 zOs9$S3qsyW)Ue#M2&1YXA*70DWIRw=7?(bjiTB=3$E8kV;UH!$xnk|{gsdN#;QM)- z$)=XHVgvDb+iKbQorG{bIh@`IOb(6wnHm`(KN@$}GPHzM=@AG=G)%guey@Y0Ih+W^ zWw=kWLX+CXU-ssU><8rKA<6jNJE|=>_R?&R9@681Ps$wH36{q1MVX+IL+nqWkFqYy zeC1pg;`$D6&D2*wM{Z|$LThnk3uTm$+&;)_Q0CGn4PdAc;kR$_u!)6asZm5MA1^7N%vtSv##8pO}r5$B$Nr>9N*FK6oIArVOv0h>MAvu&bbp1Nki?8jU$05 zosdx}PL+ZT6yq`h@>R)820wdD&WXsCpwh&P4Kb+rV4`@gT#rhF*J*{8@hwe&sm*F( zmp0I9DziY(rPt3llX&(BGWM4|ywbePuJL_qYCN!c)|Qx;rV>myZjBNjqb~Zs81X2? zuwqsio)LUL2u3c;e5`=6Ujt z!5@J*U(@*s#{Nk7`XrrUL=enAb^F0OG;9WGu+SYkeS(!N4z0mWQ)SoBB~z`9tf*ozX)_W`jhtNp5Ut^iap z9npY!5`)xuJ+)88r$M5NFvJtfSF=hb4Y5pK+H}`E2B|?L5(N-I5LgjwAEcf#`*YK4 zg90&e#6)gU(2fq$8M+K**oEg0&Kh-&5=bwD3e)daf<%hCLXV7eZiIf`bJpT>DT^_J zwy(`=@RL#ENcmL&P3uoE-}aJ#E*1uLpy?gD5!Uu&WdeX(czhWwh1B(4TTN$@d}T`Y z(mcfELStx>iWGJIa?&et2OrhTEY^Yd%f?}Tt`)(0^@l}>_thdVoBDTXN|S}p z=?(!!Vr&%4i$QsGaEF4ip{v2`5sb>Zr>2rz??KTMLX(y!>H|j)wpmP%g$GJezROqi zIl;39$Yz^VVaC#(W>Z%R?Ks;q>vlN3%_p(ov$gXN0(>H3qju9^P6(@Oz9t;Fr5e8D z;I9rfiy6kYtW4`LCP_=qJ82_$wJ_9e=(ijZ;G`@#>E@tJb=QKk;;X+sP=*%nG{|7zk$jvBWd`+xWtpTp_P$jejEmYN zVMcxEI%zw+j5?IK4`Q0dCoM6H0o9`myf#t}U=YkFgFt1RNy}ubHX3_kUS4jIqFx_0 zz1!8R znpFVXT&LzCy1)|*3SnW*LcO{c+0cbk_b6J$V@iu_xvS|&{7@P6tqQPva2b0cjhh2>^FccV~uS-v+k{JAKOk{en{uXYiZLPuSiQxkk?f%Xz#pL^Hb)!g^R^+>Oat|h&46<$Lmde@4U^`C>>^?QcQ0{D|2 zvN29Fho#R21~g2Gt+o9Zg9&N1k!HTwe(DvJaC}CKSJKguF)RBYx?P~?W_yO*cVaC! zA_bv}dxn$lI25{D1>T00PI_B2ZAh&i;PIao8Mbm>&g1ExwaB~X%jU7Z6=)mF+fJ}< zOl{Q-Ofas%fhYQ@k};=GhYXabGGG06Ln;N^e&T)r1v!7~-lMI$g~QFDcJyWrj|nm~%&?CrET2Ad*ThJvb=b``BqY{Q?*O zK&0DJxTu|eMLAcZ2&&d9VF@W%36?(IMwRG|&S-w2gJM(f;wG zl`e;79UA!*Q2zKC38Bm$w<=v=xuz4fL&eD%kC$tzZTp8fOhEU0$!cKgz<02pF5XThM{vR6~ZD+f-a8N|BMOqG@J}^s*%_$ zz`ml{6tmJY;P1`oU5$~tw73J#lb|T?wc)j$BwyrLFNpM(s1${;NJ}qkwpr7br1$2O z`ciWjuo4tJ;C9=g!rmvc*2JU$VT>2B?sS&%H_y^7_CzN8q!#FX){+<>4Ho}QpKxCg zc9lu5Slee=>3sumUx_Vf);rdhdUz^>z{+oUAPJc5Xgfn*V)0U8w5iW?o23siwnUJ$ z!;HH^4)KEy5h;7Vx)=-iOwY6SB;5OJ;OL;&Hl=m8;iJ-^RVvmbcIr;0ov`|JE4t?J z)m_xWP;VaQ_;rU@zs|ae#^z7Xi)9;z#SqV+_M+wVKnxrZxv{W7QcGhE>l=Wm7B2+1 z?u*X=)>goWVya@CfF@1k-=UK#y&`h$hD;p;F7`DZ58nba#M9@|lM=p?*4n zxvMi@pBt$tilnGU0AN7#41gedlSV`T*a=lrppUa!&Beeh0)4~;cYh|J4}8T5QlRB zS+(sr%e>-tZA6kCJ6gI5t%!X1sF+w8>^*7L=OlT_XQAS33T)27929DP;9N3JJg%bq z6OljrPy3|PGC##TP%R-`d*p*WZ9TtjcZniGqy79n!KG&pWNegXSh2Co^d&hp!#!x# z7UNXHoQTgq^71*FxnCJuSUC`x^H(#BRdVRBjRP99Vvt8oqXqoY0&U$s+`BJ^kl(@5&%&*bDV- z54ukCE`qx3_qya`!z}1j@sgtuHr=GvgjO{WbXVGbN5+>H+Je%2e3Es3#|t%IhKmQ4 z@0grnbL{7SrIb>lzQ)i_5b3cuTyAHQo7)QnEu$ggag6-Bj#DX2z*vW_I@4x`+}%HV z4w+TD#UuS4TSICGG`J+%Xk|%k5H^9E@9vWVil+jwu?^Z2w$6$!Dm#A+k5;MeP$n)> zV|)zw0eN?d;84}(L+db&YKn<(9|0x8IvOHsLdjiik&on-ehhEt11c?!3l z`qbaNC58nHb!#)&^Y8KTh&U(zU@iNH@9aZqKrKg)+WXw%y>OP_v55L|9^Y~#sl{v1 z_e=|VYWr>NcM>AFsX)x7IJw!K0U)^7t2e3Cm8cEihbZ=a>r) zM3oxot4Z|`gO)WkKw_zq(qqt&j!L~c+Gqfcxu4V(?=iZTP*h|rGBqZ9RDiB;8ecT+}x|T+v{Vvj;V0oM?o%tHNd#K|k zDsK$KY7YlUCX6K_AKEo_9n-^DB2_J=*XV6D$u_MC1qsmnxO$?m2#}Cv^^ZM94gp|G z{ZcT8=T6u;g?vS(5nB0rT)`n`JccYtfH?ehD)?!r>gLt<)&T%USm_Vor1`{}&mo*< ztC7YsExoi1(n^TUVqaD0+!*bCM8M}LwTssD^nQjM3qG49MwTVoal>rRI8Tl2)B64* zeAlS27s$A^&ir%~V_YvzkT(}70 zu1O$Ne>xKfCiR4_NodhlMGpwC%~kjVBKpDY!O_+o zT>o!~j#*}6WpqZGApxn8ZH{>$@-+Lga~*{nQ03}-|Bt@-ea?=-Q;=Qv_jS<;J)cV9 zJHOWm*&`bcF*!_hG>E`a^;JXh4W(f+XLX3_NCcCS_l{ZBMyOcmqrRVHpzxtZ1Gt)(pH84qtIDU$_N}I0Il7%uZP$7 z*OJ!O0-zv7ZD+;^aGTts+NaF<$a^o~kwbQRW|eO@N1Frd15Vn4Zz(KU4wvdTh$y|0 zfeBuR296~YF;(9EL1Mb?KWLJizMEXts1E<~9J8Sh4{Y8G-Vk;_j2tKzM{qf;n&fs8 zbW3GQ#%c)mL`LmFW2^yQEZi%buguf88==~bQe5IOG>oGdN))Y@<{OdE87^idS8WEF z?1;!PXh8|ONz&{9%cno*fTC%mFyo4yC0au6`g=`Ct5x>1rx!NI?Go;#Pj zc3uZTi;InIANYZR4%k1|uQ;(Tu05W7DSo<0-#K(1=oAM?Q?mAPDDzvG2R;ZSeD=zA@STk`_18?7kl;183FiG` zpx5DA&h#+^kZXD0w3FnUBaGf1wGxy{$aBt*k*PGI>hv`FIX6h?+f^A=e z3`kz=up&5=xYz_V_s~oUcSEQ>pt{xqOJ%AD%IvYEjHqV8HV(K_Pt&%|x}KVU7z%Ya zvTaqTo77^y)k3xR37zZ636~r|#0_4DU|)M+gVy!X)#IqtFMY8?mG=lS3f`Rk#Rlzw zdXl_83&RFwFSc@Az~X?~&;1^oi^N-$;DD>Dw4Lb79#=rX@k#v^-hWl1M@AB%>eJoo zNdBOfl&K@Db@R8oYc1qzaCpp0@#jxENN%7*+&e z0543@RagQr0dCogFjrx=cys_K^@qYMhQc~wu6-@(Mxx@i--VYPyueAZluIu36F^$m zSNTS>PL}T?aIYtq8hj9I+Uww-^by2!EgL=zaZYnFXFlu?2R&mYu6_Yl_U=P@ENmfQ z+kF3!zmE1W{pI#Gm##3^88}Uq#SN~~KbKc3?=(tVW<>U^tKoB=%#~{zv-~a4)#a%A zygjxp8!C1sS2~M#qK<(+LmTpR-Qt>^DzI}q$#f|-qL0@N*|^m7BhL?3V%}yw0{P_6 z05FfQSO9l%w*FV>-Fe3Lp}nqyPf*w(35{8xe|3PtfpBMyW<4!h%Y{RpajeCx!TSTK z*Z`3}o(Zi-bT=5J{fYi^qT0&QXo?aQC~{FY#UHrkE{1qgz%2@JiOgy1pn~^qUiF+_ z*02j#xwsl$x@uyRql0)ciau*M=E9M62z}5u8@Y=O6R1gyN!@i}fb(CwI>5MDU=!k9 ztO7+lx{v~?IMNO9^_3hF(w%m~eqzAjk?vpP3z%jr1Ni_m|58C$0 zn!_lqTa6*8{&K$O{T=~wrUSfEE@={}Zf7 z-gsVJWff1^B%&YG>9v=W$n}o~+OEF?RDEc&fq%0?EC~y65V!vFjxMDI^7+*M3 zo~BYC&aTr3UP2f(%TV<9gUP@1k#XT23wgU&DC&Rd35cjxr@r`bV;d6QUo;vK?MX^p z;Pbh4sFFq^4mtwh-&Il7AGM{9 zGRlMMZL4mC2L96U6`G1Xj~ykmGggHs+ZGfqiFe~Ysf&lf7R6bDi{0n}BfqNAm}XLv zmVEjhByJfyJ{bAkk&gs&b#bq+D|E?)7R3h77ZW{z2|Tc_=Q1piLJnjPq}sH!YU6MA z#^W%ZtZU_sT{ev2JtFQLyab2Ehe|c?)?>~Fg5%xfCmy~5X^~c*SMG}}S8g_JgC!li zG>@feHcLc^K-UiH_S)QbzVS{_RW9mLnrhA_uwp^Wj2%JSq!x#>eaftKEBvb{)M(IY z27W;>u27eCibX56QVj?VcV~_-Y)4-BlLD%g-BU6KJfUP>5~`J8>)1ZeBAr=mM7HS5XOubuzh~!gFqDLkjDU(f77K_LD)>LvmGX3Z> z1#fG>i%y5dhNk>kkWL8A`!zzmY)3F;?PNYsZ68b7i5bJ^bh1ng92V$heW4EK+l=NfAHPg}SgNO0s{5St&_jTU4j;`MR7!)I zW7vURh{IJu*l3XH<-1Q1qhqL?>l5Nbfy$b5jb@CWU0l{7q03saU(b>(jrOo%Oep<0 zXw@oF^fjYx%6t{YHul%s70VkS0j{cX6AG%NajKz+hcg*T1$!e;)dm>0fO`Zq=p#%e zmns#Hloh{G(F74RYL&DBMu2pw-NvA3j$v=y5@&h1aogc8Xni2E^N+kWZ)AKsx%;c_ zwpQJ4TU(1@2lL4yS!7f~zgaR$;bgTV=Y;olBkkVIsUQK)-Pi)(^Jrmn@GSS4gZQHhOo43F3ob%lK+#l7ut7=#M=>Ai+ z_FC)h;Lz8?Pn|M5I(?zl-l6UMd}l+Hmb=X4W0-=fqcCD%!ez+jYVboC8tuVNa5FPo zfG|CsYI4}0b<=+|TM1%5<|g85aq^RnFj(mC|JQaj@>|5mr)$zcwRnzPmF9cnms0%JM;{CRcb!TU)AP*sEAm4jw68XN{a zL2nL&ugpEUKP=dl#-UJS<^>K78e_vx(OEV}B#*u+h3`hW z3BBI0uu)gIV|~K}i(JhO(uK)&{wWbt;2Dc${GH15nFo1pS#^zMbIYbhDm6=tVWg^^ zV%>awOUKx1JvjqKa*)!mc1}A%c---3*|&UCH|1{4s$fcJ5Nl#T;eP+hijgw^s~!iT zg1V8KnvgoO@ngzzjnF#wy~HiYB1*f;oL8X&fQd=yCO%wjRXlx{`=_vo$MhIlAN_o=DxYPUw(Yv%NE~MokJMe6uU)JniwL5+Ohm zZi4A1^v>o*U%$=3B!vXJg;Ja9bv4zR;hVW)K|NX3He#tjiB5z|d2O6b$qWZ%e%TjW zoQz)(?$Asmu%lx{t8jB7(bRpGuZ0aT1oi!lzuUSlqV_1?c9qYcDH+yC>~D3&2p1oFX)wz@}f#<1=8JmQ7`Q3zq6J zMSgJ`nKXc+QAxxv)EWY)$zy9*MEr4cSU$+gl&VMS)|G$y*83}#w-(^YDyUn2{?ZCZ zFH0)Fw7-7h4-|%(7^(-`EFP&JSMXjqtSD}&LwO6^-&E3^4N6 z4~L$`-`!$`2@f|Vt5RcD^?zD#mw}CwR7PZ^s2kbPyV1rU5?xAKrc>0OvF|z8t?Dpq zeMp@WK4lBTP=+zvME5r5sA9CELJl+ZQ2vvvb3{eM44a7etFY}{{fvbOY$C31o}V)x9xhoQv=$z@sLTF*_qmR}G@KW6|VJBaGd z;RRI^DvQJ74X*h@4+&GSDJfbyK z>)&INp?s`7es{&+sE`sR-2V<26r|HA=_BRWrNkLABB`&RdD9v}n=<*6JZJYgx9@+? z1C6yvvd)4GKvncQO~#lY+g>3omz9)cF(jl(GJ=8oV{~gdNd0<>h{!Fc_a{PA)$l<; zjjYSqA=5!*;IrBgUB*IW0lubHYDWdkP0SdZhT?mYT%spSnOjmVO6Rn8L-Jfz(blH` z#gaqZ)*bpEbRG0630Do&i1iT#U)AuQ3>Y%Zhn-bonrsC2i*|>k zQ%rrNOiYRYo(-eVClbvASmJ2Orb*I~56OE-S*vtbmz_@vX5S>mBzi!ae4-Jfcc_?TitJK>0vbNit*zDX^y!Qjvv^tWc*wVPT% zQZ+H%!r&&$FgV!A>GC60GKMve@qW`{p_>clPJYc#C}j4aQ6eRdChGSrr4AQpm16Js zV@Aq^YnOrD@)>H8nDo(7Jik@F(643ddi)4 zn|n%N6$jPDF1J;guC-K`8^dl&K2hIA(7Tu{H*ifD&d-Mco2Vm>3D0=24oCmtmyoSp zhH7`!oXdC0+-A1JzQZ6wFWLOUI78%Pl|??H2wif8Fys#o@CFAKK$$TeO#8CC2 zBZ0eYM46P{_)+pu)$i-oE1M7I9esDw);(*@>ITba$BEwh*`p|r3dq9pcgOy>+Bm0y z9s8y6oCO(^f{Zaal1W-rX%tgMUsDkQQwn>1;V+gvm+s)>T<+l;5Q+#zUxZrFQHnY$u zaTN82<~`BodLb;U$J-?hm0u@O%h6hxo?8?+540EFXDCv6xyPwC05rEs5fX^F zWM^Gvvp+<^re*s9nAQ%Oz!c@=Qi08iRpd7H;~;oVDk6sTGb%TI=_B#{0?J6aF&8Fe z{5le$3!~JO?E96nr`5bNFzk<}0^^kTnN+3K;LA^sEU>@69kU)_px{Vt+$te~wsV)v ze)dQF`0r@j)oI9)PWM;sf_zKJb1Vlbj=yjd$Usw2I*{0d9iun$<>R_GwzlF4`Pv79 zs>3hTDu**%=TubYm!unn61Kkq(pPo+SHCL^8k?-ebp(m;uqub)nxKPv&nQ1tR$8W- zRJINBl55btq^?+QRZ!w<{LVp7*xfrEViIL;4HDyP2UveIWRx5rWXGDgc|BA6+LPm~ z(>VQbDs>0#k}5T!IvuEO!}O@g!^>C5z?1pwPGXW%2Dtx@kw?IO`a6$cDN-Q@_u=Og z)QT3&fLPZnoSNIl1f1nF_U(tsD!X)gH~8Ggx8sj3gQ(io_PLCV0eqqBu;)%M7m>H1JFPMV zzv8PqS@g5ePDBM;%(w?D#AT)jVtrw^4b|XdV24PpyL@wG2Ak|y_;`5mhuRD$t#3Ux zHfOmZ_8;F5Yx&y7`gR)w;L}lOYSbqXO7rF$WVOR7V2O&<6=44|v8w38LsL%owk9@s zri!X>-6ipz(yA@Bl%~oPQ{EeL&ap^|0J%Tc%WP}9I?}i~Tej*yCNJG=6pBl2$SvCT z=8i{WQHuicqDdcNrrb8Zq@p@UMf;-4r#_Vl;8b8TUkng`*mM2O5T*13Bt&dOF&sIZ z8x`*nLgUccD4kRc7t5z8kRkzqMw=;gpl7tr$aOSA{3GRrtrxyFO{HVU+F>d=soAHs|H&u zKvOJP{;oE$#A3uTcz#g$Lxn+{acjrCs8uzWBv(B(PU`mD&n7d&**3F`>ZK?7GQp4xfCPVg41%NS=qfn*z32OvL;e+B`WJG>*Bnl8 zOzPL&=^2m)oLkzuIQ;VD0dCx6ps^irK9I2!z(Dhzpz*`#wEvgW(H)E(cNsI?RQ3TVH2a&0B&-%s1X$-d-TXXGPR6zW3?5S%T{|83-2bLCohT5u1re; zc!q#`pYjZ)Q%aO7i>v+hr&5@aZX9u3>QDA_)B*~tplEQrFr}NW2 zI8uvX9vSht3MZM1gIuNN1bN#?O8K!~vf&dhfcg9Jh0@Lk z#Cv6VC#h1xvGElg9*zr-#8@o_ftK+Ruxs9oWe_g(&{L>2)aDRUmunUHp_We=y$R0& zFPd1s(KO3S+WpbELuP$W>UJLA7hSA~n%KOCqscZZN!qupOSZi9JG}1O2XWM1W*DlD zk7p#K+@Jc?0zF(`E(V8BD{C&KBpo!6-mF7pNvAQ`PX}2Lc15*zV&!_HfTzyCSc!^<5rMpMYBcA^_tOuJlRP|sk!q3h~ zU-&j&Qm4Zue{q4^GB=#jy4N(GaY=M;NThe#zP~HZ26fu@%R4$BOr%jAx#jF_Md+@N zdw9sf8D!{0m{_(Bj7^h*lccBz{?URjgA}Xy34~@v=g3a+>STptoA~l?GSdaqKC+B*8r6m&GYH$k@l)oOgOJf{xWmk_xWGT3iO{EJRq@v5KNetL44#t`sTvBC zc|$r-+#t68DDCbPLa1&{E6ztxcG<ko`fkUTtDs*iEes>5}-Op+luv75X!2iWrR@ zr?cr0bnj7k5)Gkh{sAGsNn@^OISKbGgNq)XX>MAYBxwGIBpa zrBGf{IiFd^I>8pGR;c1Td2)Xlim(wEwFd`gPXx*=gPvg4EHM?y53q7U1j`@-e=Ab* zuSZhNU5+)xKe6SW{<~G4WW3b3>9X{lq4Ke$==rUy%IT7nLd@_Os+UgQZKFP z@NLp;ca;uZCPK%jc3f4MQC|j^ZG3d$q+9d`+z}pk;aA#+1Xaz3;+|nkhZKv#`bGgH z>0GN(qu*0nuW=4rv_hCv$DEUF9qumvw-m>|ZX?jnylez`*sJL0KSRhf3`=lgVI!N( zH{!AV{mCAA!)>IkUzON9(07-=8qkivGsoysDEmi#=Zpznfsy6A7|i-ZNZsGl)Dt{7 zffizGO)1;K)u<82r^@4wdcJILx9`p(Y!>Jthv)ImlDE5Iq)DE(levnRtp3?!!!mb`Mp^r5d{tv`bP8tisVFgDyhV$hw77>iI3<8y7l z$#5fSAw&&!j%xpf12Q(z#tGyqstaMX1}-!nXXX|27|tpQ(dWX()A*bFfS)i_rK_@PrV_K+QI1%!#WDM_U=V7alnJ=_)$)_Hn$ zygrg?dr=1>qK=UqxVlE=(!ePIlz47CFv!mbsp0*FQ*=;cgI(=%9Waa5e@mP9V0qy zBw_hEy|E20<-TSs{63vmriMUV=lhf@B>)?D`|4S$`57K(eMaV#RPrGz)_r*&S;He< zm)c9*cJOoBr@po}CP0dOUl)x8H6p6xX_+^*3U+TMM|hE$ZY3C^DGm6PW^rK8Uy?qKe@NsX88(Vy-IC31Mb5e!958p~!|PXT+#|$6Gk@7$>;-fmor|#TA^& zH~a$?8e93m8$`ZV3E9V2B=Ec_2CgYG_S?cO6rFcbt#?(4G173T=35;4gUgU^8qc_< zVDS77VLfAX>c`sSAAuixrO$|v*a}NuKj+phFG5&f?AQ8e3W7HRnbHZn)vY&HhYl1~B@iMSD zpS(2%64?;R-I;jFzvAW7XoFvcjhxc0f7DPoz$N!=|9BfB4Oy}Ko9PWuc#IS6V4U}c zYiJU@*a75w?xc9IPx8}xTaWX+xQ%R!y1`kWhN?QL-sC!|OQmZDpOQjSkI> z|BO)m%gT%p5207rZqhq-5P_LfT}Z8Xzl=`H&HpAGJtyvb^=%Cr6xsTd0psbl49fHj z&z{M3IWu^G9qRboXkS@aT>!!_((@fbqV+9?G&p-g&)WMi;t6BY{Oam9BGs=o_I<|2 z3+r^ySFUKcNGl86tIy|NAwnaq9Z`no5hJ1}wo{+c>7kV1)|oLxtQ$l)5I6_{(LQcf zrOnGw+ZkN=-;qRcyiYBp&`>!0PppH8oEbd0-^HX!XFoUy2MQga@<|^~2%agO{P}fy| zi-){-q|X+P(R&-~;Pcb)K=jR((YuFvVGOr^dmO9wD=Ur>6v-z<;K}RM*$)Xc zUhVzGN?Nim{X}T#OvF++)5~=6W8`F}dzLFtAjo@Lv^_4G_^4+ON#D}l%dndoahR|S z8<(o(Ua(4!KMN;gQA>DPd0k)@vCOLIdTib%wLOiTiBEjm^*gY09VA(L@p__Torzbl zsm#2KJaPY#DF6M2qbiA(qP{YTw#qd(U|qy)4?#0?7becCHHYSh)1^M~)Q(-ZCPF40 zKlTq&*G@Z4sEPdSh1*7BhfhX(>gOM1T9o~tYabtUATz}H7Dx~2zlt}TVp*k5#r~8RqGE{{@af9l74k9GGu(YwTbN6BQ3ro7ZOiFG8MSlJmxBD zDp;{HzFx-`#w{hBS)ChiW;ij*Y8GP_lk2(tVwmd~5oVj{1(|+uPV<~K z9JATg<@uGGUQ}|4qAbN$#XJ{0gW@GS0yf1nVc(i}c;b`6J%AksYNPIvK8If%iYtO( zQ1WXf?K|p4<#r;tHjA@C1tWs`xpZjcOsv$e&=sahbB=CUDh*$J}z4%l1O0AMLr>1R;2QRU3P+m zP`X&}4#1V_tLW*-AB&9Bz&cyoV{UmoBY02CrOXr!DVm#_x%h+jfe$=V?{#-_ z+t22bL&P2V_gKFq3?KfKM4%F&RTFI9X-6vcp`SJ$;%xB4lL$543lJa z=)w&Bz5bde60u06BwRcZzw#N~!R`sl*=P|a2TE#GAz6)bs?9=Njg&7L{}{2W!$dDo`rkE*i6v5&j>i(_ILmWUrghFH#sJd@0 zGgenSITb50OxIh+JB2FxZwe6`S)`39KyLEP5*yCoZIe4J1l(YmvloJ`3m(QWMF%R| zgK+_Y@YKc_y&O!cz!R=hG+kw}4!eZjMQk&KHQ zj0+I+czdGQm9XsEjUw5-m%XFddC4j`KdpoKLk5z7@4B}1;$cLZz?(RLMx#cC_FPKm zqT2I#gkw_?bNr0zf+>g6ml!?@hSR6EBe5R=fIA7@cg^IuBPt~9zb1`C6lTY+K;9iA zmk7uayLF^Kyv}t*+yqw)f|n24n1^z*GshKe%LY6$ES9ql%i-HB;g~LjH&_g)*9$(DQ(CDmL-DM?y#uu8jMTfH zYQ18XK9`&?o{;1v%3~!v+qnom`w82h$qXX;j>V8fJO#o%f+^hdEJbrh7>5+h?PIo} zAMk<-I~ieR@}}qcyh)e5(NbGU(Uu?4h;0JEO8m`H2)muzryH&%pn4Y`5tSoirDGcE zdaCO`Kxd;(>Ttcdv$D7%c?pJKdGplR@lKu2iK@DD+)U4-;}spAg~;$UCtX!$?e7jR z@!HXzmWduOHxOQqAthV3=0aqg6Sd?z9e4^WFA=ba)cSnPI-$0=%fW8HOa zs$Yi?gmrkt^&WUJ__Hy-WF6-w1zv_NMsIaFPy39HB#LF4b!P?;PHn_^7<(6t@S*;6 z^e3SIT`otnIQwu$tYtlf{>ot=-BRVTdvj^SY+|;L9ldbqf#+C2Ki!Wv#b(h)0zN-J zNGC(Zq&w0m>fo)XBC;@7`=!@VbI{;Wnl;~})9tV5rG8}=mwY*Syy2lwaH}n&?=9=+ z_;kt9ryfa@kxVV{`q9)-javHksjg8CQeTeOmyosUx4beWX;z(rcDHh?S4gBqSM)Vb z@d&rzy5!o94Z$xKHzHt$-wA!)8pF`(%u7rH8xy(7#qub#+)p}5mPbiA*}Ww2Ux8|W zTylRPIX#_5^>T0gXcaJk4gjxqPi!kL+LREP98Og-0~6w($fuW*2T5gkl7g)_t{UOf zQXvdQl7w@AimHM3{j@tx=?u!v{wFFEbD&4p= z^=KhG^^{7o2`#31aIN~SOr8s}aym0_ucxrd?}wzKfw>(RQauYV5%ijXR%A?SNpw3v zueO-D)57wsXms{RW8@et2OX`h{28{bBche0rP#H%a4kN5@76Z)Whux%=dn!mG?yU`vR*ZP zw|_Ln}*@1BQ_kwQA2j~56{^f9m>T~%r?XfGt{ z6Mj!Eq6IWquL+)PaC0bxHXIfV`>Dj8aU4TE(?J2DFH2iyNPMPRRw+3f4PJ``-b_p< z6Mu1#7gPEar)XiSfv7rF(S7o&V=*C=ztZLg?m7zb;j26|e4jT7zaCTHXF%BjYB>H4 zam(kS0-pA529=)3w8*Jc7SOhuH1TOsq~#?jSrL|!^yASjs)!jOv+982+*^T6V${_9 z`drkr()64_K8b!ykvm60)_B=eA-*@srR0q1L#j-Ml_}!G zK^<01xEz_0sA5MuiYPQZaPs*)wW0-`0K$>{aE0T~0!LWax<`RgqTiXjS}H4_!HLs&rm!&e!@q zGw|Wu=>1&ERo6DU#5ZGGmfY@AD$KWC9|S_x0!>FWIL|)JZ@M=0ddLI8Oqg=pzL*)I zSIJOids(%mt>^V~xgSboZqLS3s5r+3nXZ6VvXE@5vEPI5m3Y(5ps|;%(QTClGDbI6 z+_3{`55_*^-rWEJFqR79VZaOXd$5Kt>~X4@Mnb2Sqk=i1Ig4j)hT$AJX3zDPDX3>F zN`qowk3g}Hyw-nWr=SjU;YU~n)7?QU`?zcTDq~He5#+^7Y$;>Fo^ftcgWgOEF~G?1 z`(S@UL>N5=m>JLgXI4Ep$lJALJH7Dhs(L(`Mol>Nic2XHQzTc$P!EgO>L(<=TK)r= zyhQzTkieKfU`{(CKM$5A!o& z%@yb3cP63B+hq3obSgl(NR^qOJvvAbNa?E3LP2%#XmYEM_NAR)F z;k7$L^G%+`B7c0~ zaHc{$m7SDIF?H^?&K0a;7VftnJ@2tlohp5FI}WJkt_Rwcc&DRFH5vjY$ZJsmI@NQK z-2OJ7LB4%Wv#Hzkj`Jqc8=h+#KZJ|Os~O&y zx&Aq@0^E=0NqwWzbHH9YZxDmt21W*p%W^B{rPY@6Xp(@fMu}9RjuAdQ4(u?RhWsaz zg9$I7gcMiPR${wIv!u8mn3Om$ZhF-V_9%aB;DE^610+#@C2v^_70tRutJFDMg=gdu zJb29JJ(h5@wLdOnRtbx6V<1F2kWY$rBjQ|bB$exeb;k8m3;dH}SAj<^--SB@3o`>= z$~xOf&#^C4=6lj=R8M}SA?g|p4%>}mWj-Q5OoBG?X4QmG*lOlfSdxIJp>TdF?j5}8 z#IM>=6L<7a2MdPu#t~6ka~u#<>H_hfthVC*7eXc`7zoT&#{u7s6>0+uXyvf#Y{ZEpv+I4K|m%rI24bEdD zp*p)-T2Y?f&XT6+4W0kpyy5tBm`RRGA0CG0XB)LvBd>abmRZ}bI11l?jSiquM<_%9 zN)xdo7K$61S6URizwv`8#Sl7tUA*GYUEjR9n&b$t&Dz|dMpfGx$lJ|MD3Vq6k@dIq z*Dd;Zr$EBLixA0UU1VrC8t1}b>fQ#ezDHJQ6mpRElvdC*RV%|7oygC2cI(eaAA>6? z?hEHQlT!{}C6SCdm-VE^-9U-br-i!Kzig<~D;9eWQ75DG_!j<1UgI3I6&XYgVcXy# z2)&>X$uP8&`h;iW}HR$&H|@KtN@~8;mVHR z{0kXrvIH$?zn6niYu|~{dlWPT#GTOi=8L0zdQ?SCJ*NXbq4#(Gph18U`8d zoezmKM6*W$e*i5oekV?klv#6@dqQ2}Fu_do?%13KokopYt;%&fmku|9uz(v7)(x!d z16k1hD(S%G?+Q>3PzS`NQB5$#af>S+p-(xgCb<%YsiR|WTWYT*`iXD8ALaK%hP_sD zzm$dU0&Jw=r3SM$p4B2Lsb@2ofN_5KX6^$ zre-=#D~d%obs}b-N*q)Ri%zDyMZqKiEHx?JZsn>vWX@3BW~CDT{s=d<(aX5_mC~9aLJi)6Jv-v2R1vy?)pHq%PHhH9MS~htXTLDYREs} zFPCyYuZMC<>4tk_qazP56E6%dd^-Hsp3i7}vYK9|y?2%*qcE5AR*H!N<-y0DIq>b5 z+kiHGzr%LTFCe90xEyNpB7f{5+#Yp7b8zlD|6#aXl7{9&;)X?Lma(q4zAKef48h98 z|FZj{X?*r$RmtAx_xJCAdwu+LVM}{N1=#$ISHa8YLt{~*<$<-0^fZ|u^NYf{+i!Gz za?}qQ?d*g5)gV|d*mU2ni)GflI}((Xq$BTesg4$(>+1o#Il0CziP!U48?`@n_YmH8 zBPT>gcHtu{dSdfg*M(Ds&g*8-gKS>!2Gxs+&x|b`@6#pRAPf6j`LXfGlbl9m7gAS% z{u&M{MKMO7y=S@#OmGU8R&ir~%EU60z-xArGClTwVogl@EWk=qw4nPD*VMr`Q_B1t zA{dE~!h#}r+g8Ngo`fqK10a(!+ub4#Lq?XrJ9D&}S_3gvz@bIk86cir%mMcO&xlV} zJfcjk&axuSDK#=(+%)qR8?DeXES{GPbJb0e00ruuQcx4WRtk?i9XOt)!K00UMaKa* zVWp#SDs7v0^1pPVml2C<%;4#a`Ucnkz{MRGvH#MGJbO|sEs=wkUuStW?kuVv+0lci zn@2u~2@Wi(Z@QnokqdrMkqb|%BmXdqP5&^9Y={wV6s4Gc8h}E4RJ*%xGSX#ipiQDj zn<@I$M;!WtVrpqfu5PN(?>-fPDW;vA^(~*1KH+h@wzV^aE`IA;X}KDa+Wc043^I4d%4-vm zx4lqp(@T=37ddQ^$k4ivKJrwl%5G?D{o%RcdTbnUBQDgjSb^Plc}*2y$&_Gr%0e__ zAhE>%`;^Q8&N4+$6nnh$FI$}zEJ>$*7M!Zfx3Gh>Dlo2-WJ`bY@uDAkgK;C(AY9AF z*a~n*661*qg`>k-Xg0ZcwwZx<@Kg+MDdc&@!}@=WBjMc{9QKiv_H~_fA6W$uX1Q`@ zVul#GcqL>CLcPM6nMKpE_QoR&=5`q;!sE1XRl`Zqc8N!?K}1}uU*zo+x7Cf%x9J|( zK%Dpvo-JLQ9FNdV*#S!Xez z$u?mk{?w8~x2p+3o+-7>lwKYe*{oUa@fP{s%3c{687v^!=5DK>6!|XvV4q`ZLbj_q zuupaIF(+MA?qRbm8FKsxB~hR_#5n-U3Lj^l*fIo?v8t}})bCWheDkK1F6s5)*|D!Hi_;zTYx*|8|r6eHzq-csiw+5XbHMEJcr-lI}v%7S) z^L%}tULm!iZQ2?_Uq0CboIB{J@O7FtIR?;v--@3H;{fnQLAnT9jR`;n~( zV8h{Ou9Y|RrczzA?V@?0U=Pa`_sHfu@vmy=kxkC7d2OanP)^BiCeHBtyDE`muS#`p z#extg#q}jkCn#=y-2hY8*Vmf;H z@wLlx3bun?K&1^2;OGTXug7B&;D};6{i17iP>42Pm#p;6r?z61T3C>K7=>y`HuUAz|5fx`jGlh{pYC-WgD9MSV_@IC^=5EIzz*GyQgw99ijFmr;K z=dwIVBx24iTFyB!8jy6Vd9cOT-jVm(FNXR@U*u`B40-_!_=y$r(?~o*#;x0BUMkaC zb=Bvp)Shn=0iEXs;S~nBB2X4^M=1IhOq!So@qpATCs_llq9*VGU!+W&Ny`EubP^F& z_&<_#_D0RMn8)-(i^SAXr*O{&w*HrcFzB>n{Dc0jbTWwCS3SZTF}Y}o;(<-3#!F=7 zdcG#vniecKgba3aiK5U0cbD{nsx7h}&2JG}c4?`h1A$|1F5=Bnw0z}{#v|sVF&J7# zn)qz;A>b?J{iy}R-D^o z_&(p2s{geYNwXPr!f>ScPZvBoH_pGOhVgDS{&~*qk@h~^_{yfJ>G(?ZJa76s9OVZW zyn~<*Q@@cMp^{v#%MJ3>h1YemF2>R7J`$%X_g`)1IM1{yOiQ(E%f7WCrRyn?lfKg- zO4nn7gdmW=^&Tmk2pXn&oFVRUjN6gz%58%k6-}6x9j~1vE+zI)?6<~n#^qv04bm|n zEMo@hi+RPxp5{}2GH4E#O&&*DZz!@vj779z~0!8Ti@4R8(LHkSvjaNz2Y*sle)O_f@M^^S2 zPPyX8nOm-jsXv>@>8(HRvD=)5*Az^k2bC&&Tnl_%SZcicf=@Rq(E}2U`KS0YF zFprwL)<2#$7><&!D(wW-=C_Jiav(BpBHt{YqS4pA;h};2VnG4ruMCq6p>|W;0Ca=l zAH2on?WkG~E_@A?7P{C56v|n+O)cdPfMNn*a^^q&;vLXmG&>c0{HB97oyKOEu-@6# z_UW_NCCL&k+yWK7-$O2(Gvb@^o}K40*x|^HTD)&pEV+O1DSxyv{Eh*t5tbk`LWd%9 z+;~>-G2uan4RTlI&QbMqq845uemT_?PG`8_mnBU;T}jaI61IhuIcax#S2%p-{Lc&& za?+;~x6FK6%)}(Ag=C`aMzsF`jF~D8JHqfa;3!tZM9HQVO%v<_s88MHfInL6qJMf+ zHC49guw{tZ%Ci?x&Ql4pX{ZU+!((LQ5UnIMPZ2=e-JdKm4NO6zfZx-ey=#BU zhjRi2#@=kgN`@WP1y?(D-9%jI@b!^xn6Y0srVWc!NT_>k& z(Y>B71P(oZp5VsOutam8opB$)h~VV6X*5y7smjn9DTexemtWDWMQP(oX6=)C_uw(Y zF8i^IvHNNfQ~_R{!(9Pq_-w~HW&(d9m|&?Lr(DgZ8z*_Y_W%I)jxBrX03jSpx6fME zg}Lvw9$Rn#!%O=1EFm1Wbe*uzn}z5YF+-z#8Xd;Cn91>D)e(6kV6yY-8F?dUk|5MT zn9z4}hU`RaWb_-_$xxmmnHIRb`kD?;?qRqJO947y-38Cd)(QND2k-jkIMLY7P1i>l za|H?g_7YZ?EbK40^-sF+NF(20>@l--%&sFB_bI$RP?by*OgZ8OyQeI21EXNh9{!U0 zhAbMZ7>@+T*!}t52iE^F7~TFg7#Hp&e=$+~$6ypX^ixMUv5xA^F<&T0`^R8JBmo+X zHW+yzp2SvuKyC(TFq-{iFk)MkbflY`(S`qZS^~w}mr|Ds)chL0Q|2Ds5q>iBoRJR} zj>`-``fh=$d&-)$>TXGRz&iLsp5>k_>Xwb`SC+KOR|iGn!_5hyT~5|PiC!K) zcV3A#|9Bqa;&QZ+jK0e&ING5Z^U9TT5-xSZF46Z{i(Q}RVe5(ZU6<}`g$0>rOouVf zlX!|HNoM|B4}ANUd#}aB(HGpAZoUWnk10eo&|t&?30K|Bg#XuIRK^7wj9ME<bm6z_>cH zQ#6s!BWu*w&`0%RMn@xv`{Yn`B#i0+cbxFEf{Glo48@YkDw8Sx_9Y#=={YjaKgn@` z`d8leq9EqxdK8?YZ1IWHns9eUZcLJz@c^b&f)h00?=U9POi^Jh%xP;FKc27zfkg{R z0vU^je`4$*S%sANbvc#{JE{g1kCp_GVC=*H^)JEL?fpAaShYPLs0XR(2ZG^#;7xO3 zT1%e*(**u&E~ZfcCB_WK|ALD^hY`_8`h<|T3CJ`8N2S*a;HfK56X}yLruc`!1aIcS zf8fUdoNF5VAKOTbsX2;YlEkP1wd!j(Ks|Z-qHR&!J5s)Y=|VdrbE&m=JiBN-QmQ0w z)%_#GfZvG-kk6VVEr`P}Te;cwS5pE}R;iE~odnGRuFfrsf>CzF+31Z#;Ng?}Z!DG) zNVZO831Gs(G#^3NubkV6mLgZ5<26TG3sSHwoP4b0)%!BYvQ{Xqie`4~7?!=sm}c|_ zEReh)HvZpo@jIBMFviety~E|Eecd(P(`bl{AFuia8verpeoI8S8G?durNwN=_98>5 z3??G+kzj8jD+aQZo(J=L^Hu*CjMNW?cWBL`3KEVijaf5<;w|&snyuWZ^Y;ineQZ`i zd$K#IhiR`AXQX~Qz6lf+lnu$SijgvzQx-*2;xlApDpIGF_4@R=nRG+~lZ&us8ode7 zGA_1Q-nLa`$~E=_4nTy_NO2aT%?Za<+Yoixb+rOgc$h!f(#Jx_kb>S{UnZ#h7rhMJ zw$TVpfzt1=7DxT1b%bWefX0kpS8&G|`MFna;n8K-q;>Ii9Dnc9O;^DVdKre1b13Dd zN`#f-aEHP*fCytbrb41q=CuB#J-wpnb2@GJno6$F$6E5&9v9OZWi)i~sH8HBRU?(r zi(tk#Bl=?m7apG*H?o@lM^#4tt^crrjbBqdXpw>S-v~?&}1HHm;p=@ z`B^f)xB}OHym5j^OP$>y%G2?UhLBix*a(9x%L#nWoyZP$Ai@a0EOTa!5JNA^%#*X1 zQy;&!&$|Ffi)UvUGi7mW#f@2MY73zeS zUDXDE^p`gbpQ5)JPdfq(|7IM?^oth0<^2;>i&g$YCO=arcdc*~k16=hrofNnYewRR zaM5fs1;k#oW^#T1H5lFdAzXn5V>Z{x^xi)PqiyhdUFIXY0|>-B`(Ol|cm=7=vThyQ zK9;4~wkg4Sh?)Er=?@z9jLdUa6G>QANpl3X4{!?iIEBlxW0HIuSI1?hUVPV8=HI-# zH;?$sX;8>`@i#`7*A?OqG`}QjehI`B14!++Vm1k`ik#^-+Dg4G=xKNhs&enFV;n_x z<^pUf*JaA~RL2lGNmvN{F$1&|M92Om7#q%TXgS=x?5}wSM3Qo|Bl!O%7`y%@82|i- zVBFU+&mm5klpP!@ny5E@tB3aQ>50*0U?Z+aa{}rf?Tmr#YpK^!!ve!Scw}yh+UGH#QS8s2Ri;vwA^g}dD3c%q;iXC4qw(3s|x2w!HO|T#fQ9)*j;VOE?>twNozFX;GQf;IPob_&zF#Q=ddJIR4jj3n2 zhDEON+~FS{rGr_L(h?MhZpA;8mWE^{tHy&xR+Y^0=Bb(k-Y(m-t(vv%yJ45Ix@uAi zx4@_7#dK1y!%9`rp4H6xu#h(~! z0XBFM7jkCU6)EMDpDK0seRl)cbk8eliPC1MKPzGAo}#AzA??XN}_x%k~#gp$sagW8ep)5ZTK81VHWC#%3qe#!GBuWciD4pCXe9->Y zJT7DOdwve!#%oq0+shSX+Ja8{@9Gq=n#b3O_}E@7*fHMgE{ag<>t%f{YSQQZdT}0x z#WCrqHkZhQ75-%@!7QBRlD2YEX^kX>S)|DVM%kptzCmz+UTR=yp~-lvj*I`Lof&@* zpCQe=H}(iZbN*lg|FJQ80MI!sGLow0HN+JA!}&*H#7uPZyfhsl{UxTi-#K?j-FV@s zSe^tXiB4F$8t8!J2HVPepnd2e^+NoGEuJS~@lRLdrSf`B`lfIY1_{OF*#1?dNUGmb z{q%H`GQR|9Z|$ha8Xagdusok_D%t%`rizWPkEwu+*pdxhvhqgv-^avZsur-=|HIZj z2S*lmeWQ+T+qUgYY}>ZYiEZ1qZQJI=p4iEkdEVzeU!6MVpS$nfwR=}})vm7YzJ6;h z?7_X&sw4yh^6;v;a4Q4KyB=N00il8CI7Vv8ySPX(m#d%pSJcf@C}mf0Lu%0x;!4d| zn`{#|8p`#Wb%w5$8sR~v zH@`!C8N7^#JW0VLJnJvR=#mLE>;R{u%fg?q46qVIQm}R^VZS=Ldn$=vrn77h7FE^L zQ6Ec7m0)84)LQMP*ALQHhRGtlrR^o|U{>s(P(NaYtp+fbetLte_WkP(p06V-`*Y9A zx%>S~n=L9S-aqs{{Z+cj2ffWwi|#n1IJy~svod6|1i&`qc&CoE> z_TukF^RKbPkS7^wA$*W(G|UFIUIdmlERO+qJ|5%J-!8~x>WC@xsOos&B!BG=0k`095sGhrbJFO zjJ2!sS52b1h6!5oNLYxFuc&Yie(@vg$Q%B|9W;53dlt6Y$(lSOsLw#57#^H>Ynj>1 zv7fX|yO;S}XdPuZ_5ImM*$XTyKUfUVI+BLEnbT}9OcN?I-{HS~-oM_C`P@-)5rENI zj;Xi^I_b?{sJH|?>3$wM#slsHMD;|#tw%wldn4f5xX~Znd{H%eV%kFNnuS(RXg6z$ z5TZ&rJXyw6dcML_Y;w^c2CrN$&%m>E=?O^DMQbUz(imu=WK5eN-gWq(v zG`dkp2UbS-{?*T6g9}z7qgHRsI28#28nqu%d-piKt$grdFNlKAdYpUrTR;McGO)gD zU0fY$AjypAQwokV*gE5Z8#!5gVt01ap6zPPXY0@N_4)9tEorB}3xpffOB|pyHtIrAEasvY@7%rJY+p^p^vqw!v&3?= zZ(o@^({^x0z+f}73u9LHPhiiLHVx6$n=T#Iw)LMlepzH9J{9} zRjZ2Diy#dc_7JV_=|OOMl2<_7@(bw-b=KBPXuTbkC+034+v<2?u5X)Xkm4+`ct99c zPh5r=KSwH|0e`(}LU!jkLS13}f>G=_Rs`v2exP}%Q3_Eig)P`+sqq7Zd#d+ux&c#b zJ>9J|8`b?!59v>RaY-*`>^rwZr|?o;Q>sxS-BWz-7@$HQ8=D+8f~_2LnLK`md~Uwv z8KX8Hx?&Tzd&Mf}7CDrHSq$|=<{T__cpCX{jL|Z&&zuK}sF!(3^U(h%`B1d2eoPKpzdg7P7SVZl zF=DG#7z>&HyA&GI`MQpfKe$zdFuNr}Qx<(sF1kdZpL_{9!AR7o!eL(%#>z%I8<5c; zw6rCpfR3Iw;FUGx)n`5GCamA-D$LZhKFZpk(H_Gn!bDO*x`<*u%P(p~hC3=nSgx5f zl<5XazTYuwrEr{S?2x70w)(jm`L-=aD2X^!x37~=!nMn%H+!=b{-sf;8`z|B2PYt> zI9FTqw@4Zc6N+0^pCSymTUFVnPYogRTDA&L0;yiv^k|Ip7$)S%XzkVj5($!_V+94_ zMgHNLYz$?XI2i@nmwE(^liTOm3ovnN)!2|}F)@>(quRV={vB?mw(0{w1{)^id~u&F z!(w4sV-(8Y1(Xewa8Az9t!5?1!Idf=($#xxh3x`{gM#oDW-L8&Z&_WV4uYaEdkeQR zWE1czU`wT|J^wlqb|xRtxC|Ju&@;NaTN#7pFk1fAvosa#d~198lic(mB?Q&%Vhu?$ z=y<6W+Uxn0FfddBQK>cqFhvLr!Hc#vsE(hgLm8<=V^ncattyR*reMqbqo9RyIw@#> zk*@B4gANwY1efM4CBHILD+*|}R!d1(Bz~oz!$C?mv)A8GZv(vH7GV|DUQwWoB&eQA zpHgi-Xz&=G=|PWg3iZO8O6M`WrmFyB_;NI5we=F>ueVa_`4hWpKH)B;(fj6;vbchA^Or(k z&dkwsOs&;Ad5pX7>@PnG8(J* zVl>FHcZE5jbMH{v?WSQ!pF5|lH@d-aRx#s+U&e^#R0!i?Zjr{q^lx$)BAzA)gK@YF zW;c%YY&QaR0(CcsxXnQc*}Pf7o)?JZXr6N$iqSIFRieFi%g=<_YV{gTyjoaD4GD{k zUsEak(!#iP2=!55-;H8pXaN&WSb>p>6#Tzhj!=0PZjt6*l1X~rW6+^BT&~Hig<7(r z&LAuQyy8Eqk*psUULR~J6|o-m!t^8|afB3E`j5%CmHsjLhP!Jl0-b~)>5AyBLxQUz z#IIe7!HrNTnc8CU@b5|ZNWsguq0TENLd7Hx{UAc_1^*6-l)!(O@ZP_lJ8>vB|= zqpWud-&G}B$Qq!q21``@~kdhc>+hkQXbW`>N;L*~u_2J>b&3 zR)gt&ZD`)nAmdGZex~wC4}G+Bc3-;cOlE<5z}2k}E1XbhZR5FiaA>JiMcZxyp#xys z$aHby7k`!=WIto^50oeA+%vd=g4nFB?3FaGu1l)`oMN|MnRu~AuHHz}#Sk4s>6nEwQ4Yt$|E2aK-2YHJ zN}t{h0P6$1W=)|6V0R7w)GZ2o zPok-mIOA(H?eqJHBopHP%TB!E6{Erb7@JJehlFv@U^=mRHr@lHRy>ItluLIVj@z#M zKxE0+RB@n>O9V~!(V)yyqiTer6bf4Q`{U_jlilv*5LV_bZ-6%`4hNd(&yL=rmna3L z(^o7~eZ<&(#VGoW)xzQ#LeB)itp5NYaU50s96&~VFyg&VvSloL7bE{;BSl1)*)$0; zwXYqlD_THF&E^h8lN7ps$@P&u=c4Je3RdV?a;~2N3zCZ@8fn@&^fN zakoAD16u8Y=S!`hyOZ$Fw>>m#{M7VM#^wbVVo~QF6F<@>x>#)=mFGlTFyAyKGghN| zOHh#4i!=25v0rzQB{?KhO*Sn118~sf_wK#Oadmd_j#wp(DkpO7)K5)-!LksLAVMul zMBLNe@BR+cc=zN-|AN~)OW!LxB`=B~a0?l_+O38ldKQ1g%4;ELFj(CGIy+hH;jDeL zFYY-_OyEd(GextGu87hRxzkTy9@AsZIMC672bXyRsp>#PxM{JN4t@P>f>hnt*E%Da zSZ$`o=6K`X12Xu`QtU93$5b|D@{40gCbhPOM>06*!Eyjt!0q2wcw5P%+v0^0H>|1# zp$psre}0U;BXe0QlLd<63lQa$t6goi%oWV);y6@03K{G6!J4BAhWz+M?oe zA2glx(kn&L91)`6)L4ncT95zHr-PYBhM&8SizSN?z-(tbM#BW_#Nf8BHt6KiFKJVZ zna=)!_o2JNI&#uNN`6i2XlfVrM=r84Q{rol2y}NHCdS}^E-C~MW*T8%pvgTH4`z`a z>3DXfLz%qk|2@byPA9S}8Ox-+8?j;$*;y0(wER%|IphB4X-&PKg%3V=1I6PYhw{!e zqU(Ro%{Ker-Cr)1T8B3T+=1W}kYI-aI#soQdh*CY_Ry`9x-6!5mWd z=8cwojg};4?;TuquD;*CWd}wz1sHxP2bPK-v@re5P5Sj^VrxCl#F9b&O^xv0ody4l z9d}*Ads@GQkMXhgioo^EZhh4E!A%T|2%&=BUSuf5intWRU^WsB%7eAdc1`}u7BH81 zIV?c4o%18ZswP7-OxxdEOG2vdoLS8q9pl8TI}i*D!$Z%pyBne1G?o`h+KG8#P9xe+N+yfhDq9=_D-*ULw?C?yhulQ90}l=2#qqL@^>4e&(cko z7R>&KH*J!K`#p5`rpCV8!0Ta2)8nX2B4sVuho8${tk^%o?!md5WxAe%A#s`WPuLY7 zeuO<_X`oFx*NVoX1PGib1RhKEdj=vg-nn8UG3iK1t9{8E63DVx9Acv6Gz4O*0*<^Q zjkHdE6s+CRsk@>FGQ&M@R*|vUX;Ym|U8?f9GhrUZa1g3uReu%6xg-BPrg+Uc=D9Ap zD7hLyKh({ttj<_DHKG3#8_f|tsxFJJLH;gE8R4yys))*w)33rZ;2n!a zyG6f9+Dw29;xIy($xnxV7qO+3=HBVC8^y$00j@Eyr`H>{v|`9<(2=$k0cCw+4>M)| z_%Lu?iMw-5T-&53Eho{w*tm?y~8hHARLGf0YRUzR=L#Jif(iS~;n)r$pF=LOWf*(Ix(X!Gn~F#5=$s*d8l@Q3Qr=$;F-_ zdGApy(jbSZWN2j{m#=|zY~$u3reVme^aOVsHAZ#(2>YsT)_GRF7n*eE`g9HJRrKDW zDgYM&rcNCUJ^U7F{LD%jFG_WWM0_-)Xa^eRORG66=3>7Y6S_GXKYH8+wiBSw$$gp> zW>>hT6C=8s6P&e>NGJ=aVe#!8__k0Reev7k|TZKNp0!+INhoTJ^b zkuN#RwtevcnMEGGmH=nR$&6V2A5R^+xlF})GnrO>r+u*!veiLv+mcJxCFnq zp@R()5xkRY#zyTRLlNxE7Lm*&A*-kjASDeAnM+8pT%wQhgn#Y14^NptJ zRf^~600ZmDN25&gjCSuFP*zrUcyGXgFTh<95avv$JmxuonJ=`(QF{EKFXSzFh{xeG zVtuCVu}6crS@VBOG}ozdH4`otl_SF9?Y8u=6rsX8uajQlkzBaC{WEsw@h-uReqIe6D8BYi7p)#vEdoWCuU=aNMjOuC>)Pb>UQ z`4=C#*VnbAk=puGLHJ_VP*aBUOF4YiBCBY6Hc>#;+Ez6mhkq9>=KxFV^)~jCKDw1N z<|aP3$~YBq|gw)vOCmY59x%)0Z-Y#^x=dOz^T}S5`xIA>W~()ii(3kHc@TDZxfEcW~FYya<6 zzWyP*mm;lE16&p0ZlsEK(q!?xyvU7-P0w1xFST~N9`24 zMo?9kAq82X4(C(8h6XrabJ3WWeRnpnyW?{1{37I$sYCFOWJ^8{zkoSWu%fY&X$JZ- z`I~B#APj=2sR{`2D3Guc&(OnWu!=1d5k5>8*!n37(gu6*PQfH9uADZNOhVM)BYfdt zmi)_vMPGR>p&H6@#ij8*ifyzIwKK~~Zv79kH@G#O-%HD@af6_5PNSx92g|kDZSZ^G zW99)B@o0#Y^C`y}Ufy}jV!Mb&P-)24TJSFfaEG}z)j>MC+C9-or6J~9TmeFEQ%#`7be8UkwOK2A!ujgLRCwX z0(YI>_MiN!@gd*hUUk_n-v5uXgAzlJuP4xW$TDC2KHt=fBNkG~Q=JGaA##gBWe??i z9hViFWRg4mud*jp^=*>Q=YK6ve&4ccSWibogh9bWAbLW2Y|Ag)I8K!iA;cVk7mT6SWjc`4U;(`g5k?a#y&9 zqZd##epT=Wd7HU1&XqT{3KM75-yixH*l}NFgrVs!9jjig4PjVa>Deu8_Ogb zOM54(-LT|mTyK1X8jN`qcVP&9?c_&|h9w~~HSs8Fu`43=PL(H@D{(Nht`5-BN<;a( zX>46B!Cv@rPfVQ1>6kW*+2zTcrEudE1=3du z+ayBjjT5o_ZXz6~Peaa@V3ScbJ6i-6UMkO%h;eN<2oKzF)?leq}3uQcqh7Fb#+ z3YL~2kbLkg0fEr~JZn;1&#ZH;HH+`yEymn8)Yczp$374dEn11^vaZd*-oXfAvS)&? z8Dy@wModHPl9co9Vj=}igo+qE!#5D2XPOYk)CpPwjfKk`u?NlZl<~|2>GA=I4p*=@vSsu3aT$nogUY{d%UzO3T9Ez&7UbxoTBF0tl_e_BtWu`>U zp|S@ai-?6z$R2#PASyZh1jJ?|vCx7fcLgvpphx;$MA81#;sajAyFtZP(0`Oy+z=#YOAU@;_V-ZDr zXh7193iur^WySus{U@(6IuwK5CY26nN9O4&#%QOE=sAjKG=&_>P(cr;tIKu64lhz4 z&&2554i6fN%bD?4AYgu>$K=D}o>oiAGt3`j4^b04vfo!~aoAa?D4iy+ys1Rs{L8$_ zIF1o{D1?*I-fuUvemuQk-vS()uukxoQ&OOe5Zugv`Bdn)=G3{-mZNv8p#E~P<1>fI zluK>o%KV1+l5SAEeHWhnt{YO?j>r|*t0&y9^_bncqHFUi*!YjM2jkUvZdhpZDWI~& zYJN zVi)qIPKZXWe}#=nko~I98`tsDNisK@6zJFKDBw|Z;af1FzAOE<92+|4cE$!RB~)GM z1aSb}c~KB~Rz)L_;hBP z@)F&NT)F~^H*}AeT%n<5wpVe6?=`ZE@FF9XTh|kzJJjmX*RTqjp2~3bBCd1KNvx3S zvmb$(%xJ4#7iPPd1)$8cZZ@hlI}%E;t1~|1j(4K%OZO#JeE;4+K}DrQR@-s^uzQ>k z`poS5`B$jNKyp!rF+lf`o6cAhx?y4n$l&X)I1X}9!PS98r+3DQphl8}c5BCGSnGMV zC@*9e3>yl(_Wy(-0G_%+pGwg zE*?-49^ZIK7ZV!2M9Z}8Y0I}%Ay@bI*MVA@S6BEY$yy2Wgp9Go2eNfCV97DH6DUnx zZGTOqMsK%ZC$8gK8?3EctK21JdqA%q%|b$1X^@xt3_SXZK|@&oUNQA>=pDqW6kT`7 zG}wHVAXH;H`TpfeuH5(&s{7_s3#YiG>eG1{Ag10f7}#DfY)~WTh#{e7%3)z>VjepT z_O%JW&v#ERYZiWs)o$6zjX0oucrZw1S~ zzeG{eNo19}4s#z96bh~xts_z=D->CW2&V&LuU6-#&qE*JWJ4eytFA*Xn+9D-#B#Q} zkI|;)I6b-1bDO*Yyf8;Lox*RR5a>1_L><4xo7h$<3U?i4vo(gvW2K%Oip` z)M%W(X0Iq5?c08!OGT4~IzdkZQ9EQ}cWlh|0EH;9KB0qQL4SqeS*>{%C|xdaI1;Bc z4%Fqvhk9t&AM(Y6X?cMgLP5opQ9nmODa#LT4{#S^ldcgupn=If*X!t49zskb`qVHq zIGCHde9X}cnB>++fr^G&b8Gz>sVR+e%NMcb7FaO;ZL~&do%EfGk|f1Se!^y4cc1C& zWd(lM$=2=I9GETZG{6AXtJS5^V%wy2SBD1G?tV1r?mF5sD~nBDOP_JSZt`{6=bjlYqHlp2`vz>+o^*oty(5wVc> zeQ4Q6muu3&hd=}<%oR(2^=+&Y(vE|uhSfZ5#CnjVy9}^(k!8jVC49@l-zT%WEWB%$DPJIbXM(>l7m)HL zF)(Z@t2i%g2LPRi7l%#0Zn$~uZ(;!pYe@6Q5m83 z5>CnE1!sR1ZV#HXKimo(N>EO_a}5vASZhFxjJD3r&AMGK$-|2v&j<4GCJkfE=xxo7 zVs}tBTvrxj_L)p>t@M#X?N%}GT;}9+>Wd1^nUn9cTLbr_-UPSgps+h|AW2OyXGYhN z!XrEZe+u@Czt3Ms+RHd)ZlqZm@CVMh6HFOPu2BtOaCdPh+M3?TNHOV5q%6MvHL3IH znzsTNx3<;C?hx6Mg&wchC&;5EAon|DyY9{>*@T#`!G!fv%H*gHt2NR6&|u0Kkb`BA zJEmN%{=Mq&7gx}(O@J???iB;1^Nb5hqFyr!e&8Saug~l>@b9mo>yW-nr2JSY6yr4GRO3#VfL)NVTm5JZv`h*FZ z`dY~GpFB+V8Y4*1vLNgpdS~r6Q$Ym#^`!np8UkClBr z_A}iUU{Y7=N_L04BGH9j*`dpaJ;04s$JS$bn97deT}&ds>~#cgBE%<=U% zaMOMTvg+$rsQu^4owSa>DQaVaogD<*Q@jAU+*ut*oHJG)m#BT=WYL{kM^|p7QvyTz zCnI1P5Jw2G_J07JR|Ep{TBC^{QeT_D2F{e>C-c4nBvy^u%o&Yh8-$sFu{mg9Zi#J1=9 zAzre_93VX@9!m*d1ISUL3>>Ay19_WY4Vm1!A7dnXBceCGBSh15v4d0L^oR;*925Sv zjHaJAYflV9Ml_dZf+yT9-I#5OVAq8;9zHC$o{n$6x~&U`54c(52`~>j1?eFnPsWqH2w)~c>sjH@$T9XmF_IQ#)@^5tG6&GL^rLUtC z>hriXcI$Y2rp+^Md7jYTT%UPE^Xe^1I`e;i71+n|z6fw`nW~fBGORMvnh(4~eKZ|A z7-V+tw=$D9+b?5B=3#4BmrLvL?E()vYb8kjMzwh8=sgtGM%;(>`A8viGsG;z?#%Qs z*IU!U8E@K3NHVdJv2~LcG_*TCU_HDV5pwRT)Lp|(P}9ma!b}9HcKASXqetY7hw1a` zLx5qe1e-<*Y--_bQIpQF!Q<~e_WE3eIja4m!~jVaHCSrcavVlF@bo)>@TN3qHZbo2 zR%EXO*x0i)bwY$=JZLen6KA~_S?kM_fm!Iu!OC!R z?aJ`V#plBX6G0`9U?0D3G`PqIKCL}3L5Xzyg%X9*Dzgaj15d6K%K*v*OE43x3r{eU z%#;z73D&lGgmx~`Dt{!mKGO4B?k>h?&QQ0+7WTROznhFP+^Y~<=I0WJo+rj7V~>;& zrceQAdE0g@5T+5@yWEc1d3xs=fH9m@%#6)?Q+YT5Due4}^`)lHuJEvdM}!&D`HTYS zaEZ1~9s7{+Q{J61QD-^~YPF)dTofi0D?r@+@$(_3f4zrMwyF*lI|&|kV*Fm23*x`6 zOTQbd&E8Y>Od|ws)^Xe3z&zgE)WKKpg*I?kE5Dt=jvO8|3g5H8pWmOP5bXQ(iv#MO2D~>cYYzG5o%&SE1VgfcRF5# zv4c;YDM)3U{Sov_9^c#g|GbPQ6yo!xS?hths` zF6=};)kF~nBJU)u^MrB9m>*0>N=!{T0dzq-?=`_(h|L1|a#IUOmTL%#OTn~^RCt9w zq>8M`@Y#o<+|Sw}3D;b5O9OHe&a<&>AldElc_MLYJv0s7v#Xb0`copv{nHQNY(q7h zQHaeTR@)_I+I(6@kP-`y^r)FOd4)i+oQk%n_te`+74^y@r$bo9X2(=Oese)=Po(h5PJFyWD}=s_ z5tkwS6^4Kbdef>F-RWfU(PYX1ybg>JWR*t0NZ}EFI(6od75MHgl;S6{omUerLW`#4 zqH+vtb6GWOQ-01$KF&%Q7c=6?=|szPJ|dIa?U}Xw>gYgRDXr1%JWHcxcD0{x4KDh~ z##TmTBvPG1*4vGULp6L5At<)sPv$XHtLrPXyI`4%z-m)y>j$D@!NxYs>l$OCz}|u`S@!eZWk0(wug~2xKmL#Br(yc)m|Q#e6o+A?_|lNz13z{idR8T4TFG*8 z$<_!S2G`QD6ovAUzfMv`*k7}Mx1VcxQmLt2XbN4~fuTK-5fmyhY$+0~9^99x)v{ftHI3ZxXsyeQ|SqrmR$d>nk#szQz` z*H)iiS`U~4-}n&k6AB{@v#?LQph{qwC!NOX&h%2xtkj%L$W9Ph-;ttgMO$Dv?Dk_% z_LzWivLC*54y1Fs%Vy}T;(i{lOIBpO>wC=jFr2Y2V9q+Bzm-xoz3iU6kEV*$X}+!s z(5XFiNoPDt9<+`Ac9fXdGBfcAaaA=LYT$ZJtJqGXIfT;*=J&8|6{cP{sp#QV+0Ci2 zlUr`p8ul+e-~7B0)6faArc-*ndYehBu=6urZjJsxCVk3chuTwrr_%&>Gr^;UfLfl6 zsm_GV82AwyWrYw#3hdBZ!c`vP*>$6Y8yf7BucfB8l>*HFvNS$!jg^@n*3RP7kr04KKB1(b**uROxta4xfoA zNEgXQ7n{$rY6=Oeyk+2F+Ai~F^HSDu&%`qJ|M!B9^f2h zO8o>M82h+R+Tf4;CFkLvraL6li8~zgI@DY-;?M>AG7LK_DUzp)Z}+g{Y8B_&uN(M#$DnzdY^R7`urdK1-36eW?B4?D3iKGO2pto6;5wuU zXqQZ@(mSn%g_-(eE%EqKMe2%{zO&Z+x7YA6k?@TeFfBXtL>2tUpHDYvHkv=t?8=ye zQmcM>NE6Eac3APhx@V4lg|2_Vj9%;tLzzpE`4g68pD$-$V$(5i^@sqofh%|1GKC#s zRyU#Jt)A8lt2&jRHWQl16h)xoXP8{!J(0d-%T^NT`wkXK39waZ9O>aj7;TbVO)#}O zkZ<<`=4*a+Fb6TBk1G1mi>#;fZKoYIIz50aMwK<#`|iRF`pM%rP$58oX{gE-y-x(M z6$uqNITEu)ZADhG(CBMn+!?34`%8RPYuCXD%h7DHi$lVfY_ih74Z&f=ULfI!9i!Ia z0c16a_Y!_{lh?}gAi&32+0Yr})$roOJs7=Be9T;*fz+gsPs+~1FVT9g^1$wS|# zOv}tUMy^A$y|nXb1*1SJ@g4`lM^G+8YfGw3l@{-3bros}F`InG`ybSK0YJ8EySmzJ z(g*3bVua?~zB71X>AA(ul&>?wg#oD*#nBj0P9mquC~BE>+)NNxZFt4&K{L`M=pIuV z!+Q>IU8n%zZqSgkvZu`#6(ekSh?b}Qg2mQ8sP?fK>Yy z;lq6{6Y45#Eqkqw<-BPXxwu+ey_rM1TJ3vd>eTP`k*`{0S&`M{LQ4D#%rJdyh4*XA z0K0@T==-ne3t*L8D;`#>sn5mYw%JF9i+7_Jx*t?a!GDZ1%!kKX3jFpCwkx3iDt4vm zrc{IVDCs(Q2Nu`j8qrOrkC4R?x=2Wg$RZ~q8e7n8)K(c_P9m{cjOPx!%{YVxihx(F zJkd^Y=D0%B4y9{eyO%m6gr=_lHi1G${eirOebMXJh&-cHAX}|(0;6zX8sn~QWHw`_ z8vl6OB%bRoR%1JQh7p+Q=j|v?6ZJb4>R9LC$5q$DsScRv^vaZhu48#q=fGaa#k_Dv z)d>m;vsHPGJ?d61`Ek}gY_b-y^|MnR*x*z!c0r;tLq7n_*d~Jka81zu!(jfvQU zjY>i1)r-s({^swM8x0MrNXc{00glz5RBgQ@A;q8?QM2j<6MLtS_|@a>7FAvK`-zBI zEq0IQg(TIqdAeJtjiF92$9e?>8mXJ~F-;}mXC=k7ZM(r5J$FG#lvG)MjaFn3ThJZT zrD7CLUo73xaTqa%qb26s!^e`J7yjOY=bi@@-V#Rs1-bX|IE;kJC|Af{FawIaP+!1d zV+qFmaydADLoXk)u>E9<416`uES{3ET`M8-P)z{mr9@foCx@B* zz)q;w0Nw?^p6v~7+EeRJh%KNpMEz9N@YbgM>KB{)#A0XaC?fSqHhDOO6K|TE_oC&F zOHXEX2h@5}+S3W!qrVsZUTYA1_h5tH=oDCo#RE?qOw#=n86c@u$`;~n+$z&M$^qxF zyDVdlQq;+Rw%1>5!|rUkyY^9LN=e}f`WZ};r5HxPUA%@Oo7i7tdAJm@M%;}+rfb~mKL=xm>ga&M+*KGdE>J*#0)jK{6v2z#ghZPSmq3$aa z1YXpep}@3=DTO3vx2-pElsMJ%cJ6Q`0B2eH=^uD+4nb%`Rs_cxKsG z5Mo26)!M*uVs*Q>Q+x1dbYKwR!h1T@XkB(^Ernm`;R;qL;13a(cyZVtaP|z#7Me!v zl3T7j9NRhASw!Jx%uBC$g`Rek%z-h9?I;hDmDJ)b%%|EJU-%?(53`NgxUOacN_ut& z{T=?_=FPMiy0dM*Yk&$?3Z|4AbB8hJ5CbPjL$v~o0b2BIyMHsx*i;M$&94hU=f9{F zT^$ucpEm8l_FAt%?b7stL*`xo4s31Ttc^rn3!H<8%Nf!s4}XsXsL|OX+6I@Tr@|-w z)Ilvr0rhw9XUCXznIY%v=d>ebB2SpvYDo;*C6FGAwL5Zo!IqJw-a%+ET7RcXkr@z-BV$RkX^ZUu5sMT$UT>h_Fo zOZB$Fiihp+&3LSAjmZ+1LuehN0V25R^){(qO*huMA(;9MXz?2eq{$s2(+)Cc8g-jYw(?~j!|0b~pjvqlpbV>N>0VZ5d zqu;pWrQ&+svB$_dZp>j`6g$*yt=iezQWqup9*u12qD|JU%v}t#fSkN05c-LrIP~_3 zt@Eg{LAhO`Do>KIuuHXvb>J zVawbnO)Sv`w!i6s%k?;HhYl#g3fNYzQ4}IW(A>4lO`vG+jAsaOf{iC1L+VO?f@3is zT&fBkL!qPP7wZE5o%KbMHE_>gpjl;h>s<01=p{L(bWwP1Id{zx~?@n6NKz%8;Z{H!wIlyvgo`qmqvZidsQIN^M58T&H4i&H)SvSeT;Nww0hLnQ~#>c^|DmyFvof62irRA>@$`lE-vJ>x;P{7VGAgTRY1m=%gW=E&jo&I*#_O#$A(IwlZtC*7vxS!(ASdy@=QlP)4|18gajRg8(V$m}8 zGjdS0ccxRw_G47W#weza-8_}iCbU)G%5ydtr-D}`E?$L%WtE>yJ=BtYD5b3!^k#bF zF}Fn8$0fXd*|pTj)I;Z%xIhyca2m@0x=vZoFwpz6$Doj~^Q?=t>aOKU)`wq4o`H2Bn^F{LzmUe*5wSVuH93KlZ&+M+5lQ8*tWn>Dd* z*<9gWy)cTBU~2|!4bs}{kHUy@SvFvIAgrhG+h;$_QtcJ3);@n{Fy#3k)a1dLR*4{J zMCCy*M+GDK6Cz>`B|j6`?{K#)7I8$qW{=!+?7&?+mAIFtWR8s@OqyN1nz?;`e2?IQ z3U?Uap2~?)eUaFHU13yyu1YVMC-;YQ{I7dR>fbMNhcQu>C7wclAEnF%NBBPtWr(iR z8`TB_NQu;VhJ}{;HE1~cjBtewBg1jdvuDyM3i?0i!}^=^V?=MCYE+OgP8bBw}7~j+P>Tb$}^2O7rA|qYZ&=#%-zOt=@AOGD{V^V%l3c zjPJO;;tA9hB477Z=cW1CG)RR5FKCJLwdwfjV!<$mWAd=i=Dr{IC@t&0BNcWIwHr z5Y}CVIE08Y2QgbqC7NrQ^PEJM3@W113XPQ?NAsVgZ-r;Rf4fh0L1E}H2u=4E^O0g_ zRC(YTg#p->5CqL2Om2kswY2?tULlJx!ePleP_h|BUM9-g&(+?9fD_4KUDHCJd%Xq* zc8Xu1i9r{`^#84e?_w|rbgHWpLLhQs29nu2SI7tsxZiN`P-H*qw0M78f@kKE5f6Ba zgMF5tAFX&Z*q~isLZ$oO!BqXegm7AsdM8&YdzHvldPbFY<07SoPv|l;e1#2)t+WB5 zH_$3pQg_BWEz-s?)u?4IjHRm*g;w?*cI-ATQVzj-?l_RXyY>e4<3c~1L!;9WQZeb9eWNTgZIY4YgUgJq^8-V?cv(zx`@T6 zU?_Hx#+gJ>D@XfP4!l&(1y`Rnvpa6EuWo)%pk%!(--FJ!?OgjhJug5=q(E1!9hHdX ztwHL75@n)a>K;x~)kPiCA>{E-Hl5T}8^`Ng_SuxwIbYa|{&`+iLw_o6Wq(oBv6=*X z)X~#v(=jY+pHYgj5OuZuR$&@XXHoO2AQ=BuLNlDvfWh^xYpz-@%j+MY()}HIf8#zP zI}VzN^=-29VP|di1;61t-=jIaHX~s+uc?TCl9;$YgdF@O<0@+n>cxgCFr-3}51N0BoU?~iZll#Kwz0nm2>o5QP7TGx z|75MwB8dG}?lhbfi)_Kc9bIEc(NZeGvyn!6mfmrCvVS5t#GO@R9;`HVe=cVR=-__m z{V$ zTY8ihS|nj{;r}KY^+n3akTbLqDI6|Ishdy86=DixWyF`V|08d${r}L-vZY_N2oerm zbvks~FV_3>gb;94%`@(%t}7``n6=9S>mXxKnu(qIE1AD57;TIl$4o8Pki{F( zB!wGZ9XKTHhj=FNozJ`l@GNm`P|Sj@2PgWSC0VX^_*vw_HI)*=rUOpW7FgV{ha9Tk zH!R9o@=WW3C`G*L9zGH_V0AwOBXfHvhXY|lTzw*oT|ixSE$L#a9a%sLRJ1hIL$-qkZt$ z5fJP40Xt)MzPR)_fZ3%IW|ur=JL{AP;NgVmtVhnf6pHsTZi31yir+?V5NE@L4JyYh z0hH$}r){}lK$)R=DMhd79OZ;1HjRS5i9yhO5*)EFgX-S>j6z@pD^4H;i6Sp?M_Cx= z$bcu*ZbG2(e8&-L!4Rr}c%|?}q~&8Z9R5PI%P#v{P5OU`I>%U1dT?zo>}A`wZQHhO z+qP}nwr$(i-pe+=^`4V2=f`x~PSRwWOf&6s-`CSNe(NH>?pt7U91(vok(57_L=f!G z=a6_7AaB2Wt(io|y*DzM%>bVNX?d}9BN;LL=aRq6+n z#fb}4(L5QV)UO5$s|nrYcR@m_uXv}!N9abg!_`oHR-wYs2k(jQg-FpD!aL~3ycK&= z#U|e^4Jk2zYq?%;rNuENNCO}}bp|gQZonU|e3Q#M(balACnR}d!wD3ji!QPFBeWS- zZ-87{>R>4x(jh5&-i6t3@P z+Pc^wCoT2iYuN^8?h?*snAd^tNfeb3Ix2v^TXrWG%CqCGnk6EEKwPy$TWWm^!PHmbL z!O9_7w`IVps0Nfl%SAt0e*k&z3ztPIz9iYn0k*ieM#-$oQaB)MaM7l zF9gH@k#iOT$aXQH!tCiaV9PQCwIEF>X9UDdaSG-ahODSOBM|lwcrG%L=u0s<;@Usq z;kp%P@N2f)t2juVQYgo)(6#3ysv5sw44OdOrPU>pIMm3;HXtb+{;zvFQ zW8V1Nf+ZDBD^RS!uG8JPg1qS*_4DNg=IayzY2{>QO#N8=o*d~2pR0bZHqq^Ainz^9 z&n^LN$F84zCd}W3a!0^dZtS53r~oAYfa+NgQ@kz(9cOwR4m^;|cy9E@7f(~MJ`_?M z3`7 zZTRPjEe-^PREPUbyU*lz%Y>|8t~-m5{RJupg=$Lo)n4aB$$_3swNEed{q+`iw#L`T z=l607Vh?g^s(f)WRAg(+3r8J^)l^{5zv9TmWVD&wS*+1Ya>+0uIdb#D5%INJtl?wj z{JE;ptdFMwPEbo&oJbxpTwq>wxqvERXq=$KFpS2vspM)X9_r4pky|FMliS;PZGf}?C{l;c~O`to4G=WE5JdEw%ooW7-YVvUaXn;x!|2I8ZTlZ^dw}XMs>T1jO8@QT_ zpilmq2#%T=3h$6@ji}Tv_o7S!!xN0hDDIQmoa{u?SPA3L#FHWqR7jexE#(-!GDq{T zCu`c(#28YJ{x*$m{-Obu_ZH&O6PI&aa{7?ZX71fijY+l?9dY6818b) z{?EIS43QvsKmH0`RFZ3lo>SzuR51k(v#WkPb?Qz)niQI(KPh0HWzANpsoBOiOcJzB zif5V+8MYpo8ATVL5`~Woq>vLyUkhIxf1YxJSzWG*?ya@g`CNPH@GtH{$)LT+j4m(X zOmNT~F*7N8!Rs_xZ-}nd9KvG(f;S+}4CehlD&Xm+4Lm`>A=h~|ocYnq^!U{b-wP@O z9}iS`fCU&{ammadd_~z~w;33n0IKtP2RlHwgK&-?#r+wfgF7NRd^DF%Z%h#raDDv5 zYV3^XwPCqW3LPj9(j}me;Vutbr6zFJ|5A$V4k%7QN zNSxuc=Bnn&;73+hQA$3%ZeGbdspeL|fd-ErP3P`7o=YeMr0s_yT4Q@%+?N@kz3&AO z_W|QU=jaLvmXe-i`SX^fFb-@@MoJn})kTl(JSBAzM!^qBdTHy`Le1DPgUG&e%p!E=`5sdhEdO-U2cO8K zt#*UIOaBGhfjV$Iw7eBEw~(0Hl_!|9tCXt{Wm%f;%U~yLK#AWkFy>SII^VdFa8??| zRR5DjgY<_%%6lryXxr-*e4*8DP2&TywLpQ|Dnv%P zj*Wqx&>0Z+ON(EKg?(K9R*2$OR?V-w6^f6hRio{BzIxjT&$j#y8t6I*AfMIUWM>!Ab`UzefDFlfry7b09^m*q2 zM4W?Q%>#~R1UsthtO)%GrB=+(RuJ@=71dbr+S}Mz;sTFO$ zk%I4FYqnPR?Yn%5&+|z;foo5Hi3!~$pH1s2&N_527sW#6PVQ*_LtQin$84L7{z`Zv zibyR?x^P~h0-fmV(xnV7P)iNY1+8hMth^va5S5+sU#JBs!{Dsw{RwN*Nm$?sTPCR+ zAlI`qoZq6Cdo|f~$Vl;u=fkqN&uWa8*vvlZ5A^Tu&9e=Z-qLH{A}h`A$*i7d!@Nfj z*<>|u3kXA;{g#JLii$hN!DL0+m`G6+RlBQMgb19N^$X~Fx}R2ES%dgnCh83wsuT}> zYCj#E zDRbB|9y)&yW#qp&#D02xzFV&So$7fQ(V;+oodH7!Nzd^YYo`ut! zFSU()nr4g$IjE)*>wi2^Uouzs_}ojH>0$?DiD*&14{Oo94QVmF z2Yms(H9tBJq1}hmo@$^vHb(&5`oZAFvb&qIM=mR~=R*)RDjF`{#im>fT@j%p30x5! zvn#RUPyn0aDsUx0+f%>nw-0zg!ylnd+5a+P@~7gtVuZMi%&Ew6H^!nj)DE?`dZn<+ z3yrrTw6_k4#u11}-=U*io+fhll`FDT8|7)AW=@dEtV8LsK#jq4NJp^DEKQ#Tz(1E~ zOk05JNs@#;K0j2eD}nVcCrO|d)C<@(++n?1P_>@!mcD?3D)rxmovcf)WoN+vynxl0 z){vL5)N_&V35yp6x|ngUz^Mo~rX;8U+D)BKo0hx{2{2fQMP57@-c)0-8kf0%Zt5sY zFj3gsYY+reDaxD7kRMcqQIa6SLbkLSl1B%%E1Vp%8onGsuL8v@1N9#w1kZ|0)=r9y zuDqKTv)ucPRiS^)-!l}3Fcu?SZqh~=%E!FpVss*ifXtb?VOGI#>UypXA(c z;ur@B)Z<&zyceku>axOqv?Bh;l_+`9;QzNj`Gkn6N}qIB1DzRBm2B!ry|wQhG4uoN zXFW?6CJ04B1F(7UedSs*dJI=H3h;PGKbkh$4ljci1?~+v<=>l%+&RC}afQ~0V)jLF zdf!q={cT0a-x<}b`a!wpXVM5#uaCO^UE9q<^%MsXj>nj$eR&c=&=QAG*_%IvV%sqh zFMk?uPslE>Yt?MZuH^_6yLIFA=|g-27p=y$djNK^0E$HF0?yLOh3DM^;k4_R=RodF zT_hPh^)om{a$xpnqX87>gRhp=@EC_iWcRpRf*H44@f@L!XN+f9k-y(^3Pj1^Mc0N< z7z_hU)7PhuMG+dfZH}k8yZlh3)!gKo12WrBZo~>8q`xW+l$oXUgplAoanH-1TlyP> zJ#jrU8BV!@)}9z0R|>7&j2(fbW&P#;{kdId&Q`4rC-J{QN2gakXgcCirzZ=Tv5IGH zTFchUN0Vvw<;El7;K-Phlg(xuu-#UqGxH;)mJ^Q5vUE?EqD={n>ROHa>ag8bw?Z4L z*8?1NZH~;Mb^Gq>q1}D&tZ}@(5~hOAwcFRl$yU{|8cOwM7#l)CB$&I4dnhKCvk7_& zwF%yaZ3175@aR~mx&l0C_%FsHv=T$su|nk;%rtRsMyA-_m=xqv+9?E|j8;?@|b~R30my6>ycrA65 z)_NMbf>9})MpP%&earwLv-0_zzmIU%|A`Je86ev~{E;aJa?{sflZ6nRX#+`6v7NYl zexzkKlHZ8;jf05SGd&ihAfZo6k@hiqW2ZhjB~$HkOa?I1D6b8R4A51M4`<6{KAOFA#S(;-Fh ze(s7Q4f=|uBPK$#$~>cfsGY{CALb2egeze8&v*Y*9Hu9Rx?C3A`j*lUY-++xuW!Tf zc0HJqJvW(sd}2BPRQ7L4V8iEqxORxKK7O3<>ya1puD~h=H+XsxEY~nRmT*ocjE^{I)bFA>xygOBADO9JYGt@@|Iz zi7g7LkGv*A^e>Bo_pcfER63b*3$%4`jNo-XC#6AbyOY69ZKd5K46vS2ZX1Y&wt?3! zX;7VXL}YfciINU|p_^bchD08jheSlR);(_Jy=bI$#eqvyF%F(QOc337h~Kd-N5O>H z1Y}CdAF|F(^Y7)rFF^7X4cFP}c0J5i=;CDAnanfi>ePG$p-(5?$G0Z6M?(_6{kt%J!x8d`K^CfWyG=^*fl zV9QF;0LW{?bIMW%TzG&#yS6k=QHq8pTA$fNElcY>L`F z&rxFOP)4w~B?i8$06Px;ueaA@M2ATGUM%*-VUKeFA)4hnS3n_nIr3ouSx2;6QsoEl znJ7GLL$TyRGH#c_+F5+yBLuMkP_}9*Os6jpY|s ztDmBFY0=sS)FL`ou6iC7kz(OBsR6mcocF-C39dWpVRne@!Yua?>)5iVWU|bYl-rnS zubMu!O~>|M>TK>#YBLaT11PvWEQ>R+?6UX^qcP3T&Tfx4*ETA&p8=slKKW^0sc_mu z3exj1#Evj^7YTmtzFzBPciJMpuY%UB+DX5PXv&(pSkZFXr*9(6LnoGs=R=otdfX5! zzxy7m?xK1XKih(_Fm`cZ9$)hCN;u0_%%6kxGHN-54TetqD6fN_FuM~^fdCNFOhy?G zRK!FUt~4mbFN7jzAtA||1oq2nKSW)C!cTX2QBio{?7TCeECCkaw-WkBmR zNCSixTKZ@iH|NZLzR$tCfEjNN4YZ(qQP>2Z9M8jRo`Q)(44Cx2h#Gh`XM)hU&o@uiusegytCNhD85bBQT~PTG0~tv zoq+;S7Bg2N$1mJQUnZ%KnP*gW?)1r=rmQegEvNdkb&I;e+H!67kiYCBDMwRIEhm@y zd;L&^aF*N|Q++v)Z#SZ}(haD4q$WMK!w!zS2vRsJKunj4%kI$C1(d&YN-x(L9(&;- z?i(zg0o8sYmU9QYjF;xM7t&)X^`}?;kdub^s#uIVE3Qd*pV!IuSLqoWNUXsOeNJ5} zjF|*-cw^qr8V^CQ9k>SEJv*rAPx1{wSm2FHB0k84Phz=u`G(zOWG9rc1n0;1r-!GG zW$|d=H3qA0pY>*?9~nB!iIwo+w6Afm<50?af{Cmj|{T2@p=hNe`e?Eb^r&RYB^R6@xkgXP{>nI zvAmFJb-?!5L#Nso%w9#G?SnbY)glg2Hg{#wPbnrgfPGoqxjNc@tb@#FbW1k$df%GP zMBk)RVr`O~fq7QvUF661>4U%sKJgm5$1<VORd^sCr>yYlX$wu(cml6aI9qLmD?W*Kozw7W8g#LUmtims$|NXU) z?>d$+03m$@3TnWkkY1)gka4OwslFVyI8Yp;YiL?%pAM$$&vX8W|A@$ahp+RBtpzc1=>NjWijJWKi_p zBpp5(+JmW>2 zD)4_BI1A1hfnfmD?d^U3FXPKb1`M2l-@U~j%rURL?loz-=K>6sJnmt-d#~awE9s?Y z#9QpN8P9TPB8`X14~QteslIW{R5gqs)DSTqFK^m;iA&)g;uF?%R2)S43y5iV?&wzH zAG`Cz)T?rN5|;T@x9VxKet813^)|hI=`wxz#5L@P@rSwH#olzRA6}@A*b}}~?>PC5 zK*2gkiw@l(pWVFpy8Vc<2c?g+HoPR~NA)2_xr!Yi9R1)UgDHp=VL`>Q+h8Z zVRtX-+wBl91GcrgFlhsi9vOZ$`fhmIvIamGKWAJA{E&$x`@=lZQ*RinudoX~A?y52 z2``+NmU+V8vtPfJJIx1gqbMk8nThuqU==j5gPH6E?64x3D%ipa+=IeLUZs(hrp$W~g_3V{gTGm7|axaFCBJ+gbIz@Sl$C zL@fI@Po;nNrR_~f>W8&LC@#)GKCal5+?+#Vq|Qe;H}o;x#fC`PVF1aar0jUa6LHne zA4N8{ze@x!%SZkS0w(0hd+~{V6=W&`H{jhwnjnxh%Gl!xX5vyQdEVwB5|-v;pbTc} zzEIYU$LAQ)V;@%F$;-e?kvcy>Y9Ep%-@FAL_z%FcZ~j;V{0QzJhx|2j`$J6cS0Z+Y z%U@kFIIR92NYo(%xGEVsSdE{`Q+RUgI*^NxR%V1ZOY|w#r#@J!YQvu`LUZakksKWI zupK52Jja6Cd4;u+Q15^GojNR&0?hXg;GIEH%N%*(l4A%uh<%v%_A^K2xLp^79||N~ zD{)1hFlyqXyIkk^Vox<;mLzVOEZUES zob!gMU=e7)=?kZF84-9)@I{@m$l z$Kk>5^B`}m@C^;JzJ1FUvbn{;vPW9^XD<)STjaW8Uvv46p~J#usi|UemHxib)da0o znrTDye5p?&TKBKs^y~?=b7#NW67Y2C!u6`sv!>BaVG7Fw>5^&}cI7bYc!bM5{Gigi z;l)z;ins2`Jb?5kt$Z-q(-{J~q1pDt^5U)!^$=B-Q~48$+eS-pzc05i=usQ=%fq z+ZR~!N}gsUfzuoqxu&l2Fr0Vm3C-(*DptYDi;97jiY68r8q|tWbXEJ&6KBqKY}KGT z?+yiH44Z_AZe-0Ad%>wG^2k1Al;M6M_X+#LjIYDmIcDrVqUxDlG4|F<=vwck!S@-t zR&+V=Q8%(0k|UA$nL7AFDE5-6Hq-d)Qeu<=h4kXAy@eDmdzd%T#F%7qCm{x&dJL1A zuLpy%(+GN-BQRrpm8*XDXKoDW5uxXUwa5v;sKIx%{rRW{F3IZ0Li>ZQRdwum?IwHX zc&#pPqK+?vpA<>_BjfWu#zMyT>$l_WNoY>t>s^&wtjzcE^h4VFy;XA6BQczDt?e)t zrt`TlxmC3;2+5lhCN7nNEpz$r3U3=7C&}10{crB}$}#n%Iu8vj%IOJ?1nL72Gj-6s z!#xMC_Iuofz+S_RMO4x8ohf#Ion#qbYU)bYnw`|LEMm@%&^~=OY$`<$MBpbKg%!LBO zUAgApPihNeG^*rrC}UdzaL>vp;GVW6j#Db3jkY~ELIXiKe8oMHpD9xCF<5L(z0)U22-Yt9Un$)?#gq)SS{R^m*umoLyKdR z=1U14LHQnBHuD)4Nx=p)2Wu`Z?b`Z%z*4T$*%$bNNkvUlc+d=cM{6PB31K8!4kcpA z`va#lSH&cw`@^9Mz*vPO_AEYz%TJLr5dsi{%GYEssW?I-0k9uS`ijzX)vYS zeo{$Xsb%uAa1x2XX2S;bQk4aU)a%FXEDc-SW=6xwW?)0~@;|r&d5R)I-ahi8sNfIa zA-pORH%O)2SF}Zob?$E$)IoiYf#M#<@ADt5^wHB1f{{_KtJZAXeZg0A9B`*cZan-vdX%~mA zprqYj`v|$cJHQe4*8)QO3aVZmDMgLKia_f)(pP!n#&6aR4N6CRo%8FI2os@3y03cOK`H^Q^62#ToobCUi$ z)L(&@avX?sS(#Xx`)fo{j3zitDDI`T+il|3-FEB9kUHRfDRWCj#sB%|n1iq$Q595HYi13Xd>30n2)0S!^4R$9Soy9{Wet z#x*gjd5-mKON8s`nK6(9*HNLi+!T(vbFw{45=p6B^ZlVp>YnG>9eunK8Iz=O%}~h0 znS=xmdlPR}Wddzywh-wgj+-QtnD3Q$HoO$?RNGGmYls6&3QGdxCT1W-uzs+=_P zBr*tX97?wSNvPqKTJ*edAA!@uZY1*TdK>a$QF}3-no$BWPgzl((kp361l6&O1;bBN z&2)*u{et>r@-uCFyBkEvGlOfw6~B3-v4=7XEbhwS4B~AToOp4Hn`OwP5+Tp{Lm+;I zau}PCWAHn3i$(6bmfNc%{?xAHrEK)q0lGy1y#)JCscX~o#Qq(V^P7`GzC?J?3Ty&E z-_l2;*j@vh6{h{)OLyP)V8`J4WLL_dWO>PufY4YBW1-@ZO%ZEQ(${>U-o{l8h<$nm zm&J7IkOiHgO3?skX5Rd>T}g4SUX@qf&5Lh_gE%1^v4YFLGcH@H&n%W_p?y_?NXDWb z-zn9DC}7F{{k0bth-fhbSTYP|z>FbOZ?F|?uyJl^hC&dJwI*QtYc#Ofuw8C_Eu5^mv$OLMYV9En@0~ZB0AApZU%YR(d>+p4 z+17?TaHkT^U;Aq8ZiNgtU)7y{@u4?Yo(|^#-ma$0P^P~?I;@Ttpo}!51rcy(<02+~ zBcg_4#+^9nd#E_hXh~D7r;Zg5i=dn&2i+~b*3ARDT}>;39Ogkfp>+vgjB|w#Gu>21 z^-F)Ln;1Gw?gpwD0;=vdjC5t!_lJi#jCL~g6}T#LC{SmAFfW-&`Ka%2M}?!7VjH4H2WG2Oa`cQ$w{Nrm06>2ff5)5k{G~W6tZv9#SoxrO?t6UsE2|Z5BqDZc$VU z67oAAQ~W}++hB9gS~O;s0e|OnON13hdYdB_)%utJOiuD#1>#}q7bs;#H94uS4*O?X zRaqH_>Z$h|A-O}Dooh0h=U$)FAj;G>0o(E{2}1X!lD^H*d13+Y>sbcy@*C9my#)n3 zN4UPW%n{9$dqWg$t9mE+l;xgAg_`8%*MwXC!Q0pI{=5U#6byVCGqt9pE4s$#`tx1? znViEB+YTDXIt9#Ry&Zxg%4J9PdX1{E%hCRl^#~C~v?hc*SNr~v>oRl=;(5`;$~}K6 zXbr7(A$Vd3gvcKbOsb{tPW!u1GVZ_fV#r<4RIW=<@$`7Zr9TDiB9_X0%X*fN@4)qH z1Ojma$Z@hBej`tv+S5o4cfvnRSSf{VW>M1Av#iV0{p3LZg#|*Ce}w>M8ySaH7%3B( zR;hm#8<{k3HGZ8FPVvIE|3zFw-)7BoXXAx?vG?5URIGevpuNg!tZFPSkuyz+>DZu1 z325^-DMG|iD0|awGz$=|-EC8itQ43wZ>KURQ68$+J*hGq36ZvB!ni1mzpmPzQJ2Sa z1}Jpb1Vfs(G5*CFo~Why{QC2fFhJrXVQzO@iw#y-;BQc;o2k>8k607w%AYF`IMr9& zPI9U;MRI9|vYyp@w2zr)jziDv=LQf#Rf|{#JYB|}dQ7!9G0BaETnuR@{lTe^qmHWe zGVogUdS2i%t`kU=ibJoxWRAn7z+Ub$cZ)VCOeVJ-Vy}W4-J<`w>f|=DzF2%lmbKiG zZLHK9sWJQ6A#!?CT){en62I!0c}W%9jek|W{|pGuQtxwq`qyhye}$TB6sGHk@O`BD zeXMXNo=#*=WXMSGzgeb^KT;?BvlepdHI^Lup{T4On~JV@OSNrWx9j$PyZzG`@Wmv`~1DUzsBmmuTIePdf)F?`V!LQxLmv?ODaCw(!l(z+#LH7 z&t6j4iT({?i)1P?SPUuicUG+Vl2%(Uzp+h32lt!Oo#}l~oE$r|1mmdMwR;c}BTagr zpVittbJbO*Ae^ojnQ{y!w0q~NL6!ci+S|F~{tDGjmW-Nd5ef5~N##BZ{r7D<#4J-$ zddlsU(i_j#W~kq=CJ|Gx;aJD3S6001%3 z2Ck&px9{0{!Uvz=B7&Wm>H_ew2&Zbhz>CH6U<|c)I~=}Vm)1f;Dv}vZBBAGzhhK_8 z$H&DDIOz4b*E7MdP*VujM0}Y|<&znmxUZr{CA0?^7E>N|UM(xk2rBN|YK;oI?5+-Mz6y-H-WNVU%x68lD+zz^+0F)n7XXNTY zQtL!PlZrqM)>>&Ik+WyXj3lgi?qsOjKX1B$ki@DSKV~aVDH;h1Gp^BIr}rrwGxH>l znjusg>3xhZoSOH?fRxA1!IurbDd!V)W;wgmprh9llOZ z7b>OdH~7s2Ej%9vGVVg;^mZHM_+_6B+#=EpaKhq-#eqk9eMQ`Xo)b08>cRRcj53OfgCDhsA^)A(Sjs0EHETE7_pkM z?1lH>St4iEeP08Qx4}>u))>^=E7&S^x%?ejMUM=I;Acx@NEOq80jCTb2&NANVn?S@ z<4v1VMzF?-^3&s<`AaNEk&=J^GAjg+BX`UtShQ@YrlJ$Vx`ZO^)|k=yp%~mI|0Q~- z1nC(!Tp0#g%8ti{eznRb5Qsd`x=VVG~D;QU_SS7N`;qWFB@!X~~S7;@*Pzn8X6`%FLPuBBtGemVwr_Y6L8KI9(8Qoqd1 zjJclkPV4aIzL&6_O+qRt3~l%#HE3WIyv~vi%osnVL-XRyUmL(yJOgLq^c4W~NF+KW zhk3RF4s6yb4WR{XV+L6Z9wtqdTE^y;f^S(Ry$kj4N_2_f7RU(fYjCr(f(&7#)g&N#tv*R2mdpSusX#QsSWH^kD zYain!%5^vPMHeV5<9B!^$A=ZFpz-0h^UtaI#Vl_5pVbP)_N~@PG@=S>0Ha%$lTC{F zM`54S12`M+y&LJGU;^E?z+YUD!A$2jR*B9P`VL_@U4;AbnFdz`KB?^lY6iN<;aa0u zeo!C}?${X~?1$i#%Ues9x3X)ln(jkKLY;y(&pid^=rF01=GGa8f6n@y0Wo{FBbX}~ z0|1x6hvZPNBXZ0|R`_PH@h%?}-^rxuSVx5-OyClawTIc4vOfwSFO{)+4MArcEgId- zPnek8{=0fj<0InmOJ$$UTi7o6zMqm_36c8jCf&nc^phCY&^YJIDS+@8+iW!Q`iEEHL1$s>Y9#Y>C;cW7# zGnUie_+3sS6ADSDmh!Hj29p9|u9>Opy_j9Gu@nDN-uY@8{=2|7JZfX%Davdup(U&!62K zIKwnZvI3oydHcU?nzu$pJKY})Ve+UfG;cm)Oc&`Z*E4vkGPHJkNeb3K02rb1tJUJh zp2v%0fHv?DPF`6guz@?ORVF(@_T`l`T}o61Jy1bDM%Cm_S>MUq45kc#N)(W3f6+BF z1g57F2n-1L*~&Tx5yk50n_0QLPmRG{)w@VK0U3u;B6iH%=-vh^0$y zS~19PV73XS0b#i?z(5)V?5VG`4jJwOfVoIK3BS0C8!llPlRuxHpCi57eWQ>JGOyHf z%kaz_D=O3LI?jE`2ZmDrxB_mRx)tau{A(4`$+;N`qU**D& zRK-^D*r@55}fu016p76C+&@KT-J3iR@Qf1e3KHIJ4L*E!`MzS3&YQ&f-p^`k{^Ldy}EX~^AFrbAF`4EnUHUQp8 zqSsS267HW1^%BdsoNU?2G^!tG><)U@gzu1I{BAX|pTeyiV<^m!kq+Lp>d#vg4*3!t zQyu=-ksUQAy2x2u8Z#ndqP&eY)I?Z%3~D>JJal+mvX?*(B-bUcXS;Q{{ zW8lnb84gZ@hSX${ z>zoqsS;k_8NjQW!r#}bP`MqoP{mcS?(FHd99_!uYB7EHd{1Eqbk^7T)HUqPpbs5q*@_i(mw zMa_pO_>egF8f?h#s#&t0eU@43;z)JnJR0-XYM4(ZU}uk$&L%Xwc{vJQSHMC9)PA{Y zRfr}k_a6@J3iiid$R_Vy>dx;eTHFLq-^N5rLYy_J*&CCXerQnD1mN2R4@)>sm58Qx z)+8zW_}WBqXaz+~FIB*eklCUgge)|S3KNvhxT&tO9K#wGyAyI)L0_nB^+F{qZu}|^ zWK*96Sp)mdp0c2-ZEJ~?f2stE@g|@JkicM9G668SrQntBez%`c)2B5fsFh6F2YNbt z(0@dsIWoO=?s~R5;s4p-U?PZ$cUrcRXfA3CINRl{Zd5N?=vu@m9ji(Y6k$i?BBy)q zH8Z$A(Cpo&t}k$-x^zLtR_HsL>il4Q;ycb6?50uuD-aHc1sL7tfmwiK}|9$L`B;3G?Gj~Nog9TzFH-+N9~ zbkrkgVL5t|Zp0)gPY6-nkJ`^Tk_QW%&>FgnP`@bm0%t3ioVaX5&q^1-3~qB+|E2?8 zu)n2_a}38NBQNnqFzct=<9O1W9Bx9h4n*lDB(yawWinVm1aWv2%`w=5O&d-<5zPDd zj}KAAg{`ljxScSqBSH9T8n7ObFCd3&OO*B=V++~y!V@lX!gZnDu^72gpe`2<|SwHzt7IJc$qwH+KaP@EU!4IFKH}j-b(x$f=f_Ld@ zFJSH7&7S7BhRivOG8JGk5DD6p0SN{ZOVacc_g0SU8uswN-_9dQQs_jw^Xwvm)gxwA zKA}^4`~B!^W(uyOckW4Gp0$aROpJG>NmImgXj`av4ioNH zG$)h>&#Ym$=FA&yeQbx)!NkOxs$t#Q+$*jceRQBqh{)xvqAc>Hw(~I7OO*zd8U36j z5gRBdOV+gKEE<+d30ov>mh545N-Rbdmf>wJcY<00n+w$UmEd-5sUVzkpPti;K<%y(<&pKX3c?Sp(N2VT51_wp3&!mdHX**2ZO@LpR(!^1rma zu;|13w-kxQ4FZ&QMD=ifHm-F9g(FQ5%xK*LF&hJkRG=} z!l)q_hwC9QAYGkv-zvv&?jm%8T>K|6ej-ZFp%b8i26sczkeP2*QEqrI^WQ-3&2Tw! z!+7JS^j4i9B+!J+sx_P};zTuVVn`v^0Ffyo6UeRyg&iOwmm+{g7NA8T1?l=P5xw%a z7(VKUm08Sk*xJ~6^yb^WXb7U$ux#lCi@qGDw)ytxKL={7EYOqAi!7u%LwC}hp+2NK zM*lT_i|+{M81cftau^4zZwO!7AHLXH%gr}9(9_~o5U6KfaI}QLu9OzNhQ~XXzn`4% ztR-N)-%nRK3xpahOj$BBF2kHud#kOTjeD3Ofty&g96E(sS2@@0jV}2B2gi{MZHv8{ z@ep!B<cZfk`6acJSn@WpG#d@usbw3F!t5-iAw6Fi*~TmNi^izCY;JtpEutgXXOUBUekisDuNVraod>Yrxp!zOJ861dG7UI z1#nbbMm5Tgj_`XXM3d7Zmv=*>=Ba8o5_b&K}Qj{4Fe*jkBYHW2jJC{ZUw?s$v-=5`=9M8}$+$4^Px8BHg2!WBE&oA;MUwuV$=K`|UJu z826AG&oI(0N)uglyVm<-j6Bn>s9z)@iVVgzOYe0uD4GyMLBl$WAu!5CJYL|{xh^>~_{DZxp9Oc&9;X;QFB^ffZ&K!past~rf1|_Co-55@uEMNQVx`f!qF-GQSba2UcH0c z)x?8mjH4q^XdV|ktv-o)YS<|HG2--motL?00Gr5|9@F&4-8lU#_u^mP9}~QP%USu) zNXxw-En#>C$52MsJKVtPpX$>*Zw@p2!XDVxo>8nSrS1!Vs!3pJgdPwABpv6tE~dcq zCp>@B``vy?-U5VK^iVU5K{YR^<+}7pRfl5^2YRa^&@oGY0+H&TOfoE7=haeEEPK&OE*O-cIrm<6&K+dQ@{WAw zOK=5P8lm(Y%(zs7 z_Mf!xga9vXdR_C^!N#Q90?UfalLPK!MH}H1zf=mgxTJ1E+COwQ%fR@zbC72mxB(8Y zf0J0(boj%qBNH+*H2Q;Vw6`zq%Z(f#q-EMOsvQ}(s>M1kPE!6$j6_~o3HooIl z{$-0o2w?%+coLWWSa!Mzleu13EuIBIjn|DaYY^YuKn+vX)A%gdd$x)9Wr^klL&umU9T(N+!}a_6 z>XYU#fq%JM#fj!5gtM=5CW-kc|aQz=iPW!Nn0nDjr%Y;k+ zv5Y<5`ki>@he>)L?I0nZH(|CGtL0{DRi}Fee?4!C-K1aag}0yUvpkJ@2GhuKc2tux z@%{f}>Yc(Xi?(&`I2GHrQL$~?wrx~w+pgHQE4J+!+fGi_I(wi0znOjTwm)OG_ibPM z@n!~~$!7kgrf5&&&)|!`_T4YZ*e_1H2=IcoJ3isO#Pv&V`}KT$b<47cz;y;#Sbbn23Kp!njH87dATimpyuI&o2QO;%Np^hUx;!40_3-jBz=Wt@68( zyImpRo-Zi&S4IBUs1jY`eDeUyXhyScO2$1hO0+l8k8q>*f&gxical$8Hhy8w@%+x? z(skaS&RO-K-${Y-=v~$wFQxL;rIp$%Y+qdJ_}VvNIKwjFZ%+|gKnE5EHFWvOKc zCv_mlx0REPlZPru(Q4GW1rzm9j4Z|D0@_&N4(21|rqvYg(_wfItUgUez@*G)@Pg!~ zs7{fTJ<^jRWC~umMp%@e13+Ac>uk8-$}BH@%ilA_vo2gXCw|FNJBhVqbL|xnz9v;H z3N<|*8jgueKW(3}G0)om33dE{#R_Ncs%2|RPoYI&F+H4dzVn@R@SE~&EYCNh zLlXn1WD_4jv$ADF-7yV+k&MKPo6uv*UWmRfPnNPgANA;vq#YvT`%Cv%S#!r&nPn>U2 zsHFL0N#5sh`T?_6@6bI~&KT=N0}&nVE3Wx%_i~(MdigNB(c|xu5nFfx(|;-uXWZ9eOq-%Nr$^1vk9K zhoZ~uCEl$5tD?y(+dk$WM*k>u%COaa(`{if{*a{0D>2r=HA?8_kQ!g{JF$Ti2>Ku=8}nU$|~nQ&QtM*+oxUd0k;cB_L!13 zpTK`fJ8lO4n)WAp(kqo9>`{HmJGbUhM3gz1ehDh7j=gG0xcZ_9qU$q=c= zgC`^y)p3Rut?hi&=n7g1@AdvEWxopbio|IqpdT|HOEKcKppIuEN-bskh{U*l(pC9$ zSr*jWG>FUV`bolV511!s#3+DUF9o*A-qA^-t2s_6#qzsLOXx)R{i1vM?ld0{=m5*m zyw%G1g8)>w>$N2Li}V1;&cDATJA<_LKTT|9a#Jw(a2w%H7<|P?u4+|lp(!j`l4MdH zMy0Htq}tyMq_})3)xb~XMRdkOU~AJ-qN(_*OpBEtr-V6xLX>t7{d=OadhG<&tTx!~ zqd&uMZm()I-FGKi0^_YZ!-fZt$v}4VXd=atQW-4M3KSntgSpT|{SW0o!;tQ-bvZbF z0l}AP!}is5Nl!hT8O<-;cRl~48Mu>;p%}nqaYy`r1Hl@Hfm$$)BLm4E;?#Q*J5VY{ zZyTtBv?YIg#R53VMnSfrpm55F{>RSc+R7*V+b$MG(-6ak$<<*P$$Hrw^a!*?f)t z`j;oX%B>*z3a~<_4dApOS2$DLaIg=sWo;UOo&a^{weSdRplAuZ#Cp1k$tej$#%@O% zX(bGMrpd@KkqyMG>fk#yB$|{y>J;vjQ zq6l?V(T64D4LAw6{|sf_TaU4yipv_JQE!SkU$X~2`DgG?<#H3{Z6?N*ow`3r7vZRx z=`&X0#SUhm^b?=4+(HzZU@Z8TXx7Qk^PxvR5+(#~FV`j?aPt3(B7a>6q4OO`r(Pt| z9*JaAAa+_tI8qqu zdy2;!13dcWEM@;**hw+(wfutm+U+4eaDjRHmx!b}sWpBw6h`WqutGhoWMK%0`LPE! zdDUoe37b(#k=m5FP#}Vb%MSE+Aq)tFY+L&@#1j@N@fKIEKHyU9CB#F| zoM*8!oTBeUo%E2*ME`n}spd=6nkPP=Hki0pep+t(Asd_GEp-ZWyaIFQ#5by?2k50_ z)Qxc?=^@#{6p7C?B`ZS|kv08DnHXG=tolBDw>CafRZVQZhwpVnGWs~7902Eu`Wg{v znw{ib&^&RZ%&nM^ZK#CgP0f_+fQGb3LiiD0hI%BbV0yc%F0Yeu(|+{b+J{AXWRxn9 z7;V3{mN_R=U5~6vf49a^h3daPJ=Kd_ueTDF3?J*lZZ-Fe!B!G@*1Pl5<`PoQn~;CH z3PheBTcs1p)Hi5N{a$btMp2+&+7JqpC!ZzAw9@pp| zSz4`cu2Dt5VlwB8e7a-$JxL4BN}h^3-+xI-_KHeQ)ZSC&!pw%KV>KNO>&|R9JKFKc z@#UI7Y>DfqhF}~Sj>|FaxKu;DVvWwbk5S>ODq@)OCP8MKPXV=CaQgy6BCTe(#R>6# z5T*4d^kReYKI`+$iK!e`L8-`E^Ss0VR|cbFS1M6G3!DaL(y%;pC~DPxE=tZzCPCU5b*Y~@G9@luLI=4*A*q-IGmett1~6SIhf)luYv`z z5_lHPey>r7|MT}aKc(x>9z4t3eoaElv2f$HdYKx3`r_ud5l2}TsyneKX0dtBrvBz` zoK^+;RQ2u9ef4OIVM{6CYafD~DeN1&l4OouubXlYoq z@bsN`kfGu+$ERf)PzQqPj;Rf8fGKcW8J{g?L_BSunC(52mO_WbfJWA-Tp0euxPK1+ zy&p&?I<}7&9Wz*GhaV66w6-2uc=`52-5y9PO>Au+vL!tsYW`IS;Nfkis*cG$X0Jh* zxnKvOEG8Lp_P|%SUTgO#97xtj)gK2wDAJYdFptt0%Xd+I%NA2vnPNZ!+DXAvG<1jD zlUP87o!E(aITP@dDig_Nw0Cv>f*~U--JZbM(yc}w&tFx41)GAgv|TzLSgRu(wfxh<)kJ*eHL)6?b0qYZS_4vVg3lHdQ!;A zUJAPY#wI=fIr)6SaaM!WtJB-TsXiDcthetQ8Adt4N1uSNz=&wJ661#027qeGR62sN z%N+~KFuvU5vK-7Up@T5YKnHx+-U6C+Jj$LC2;S-t@87TB?>1a{o$-%6LucsaxWr%2 z;BOX&UMq}zUEcBAfYvO&bvEA7^RbSzoISUNs51u{FdjO)k{EMIFyHVvI`7ysTA^Xe(0-d^5Dhuy_but;6L}PoCxcAf}$lb-E@Y%o@kULLvXjI z38q5K>8LiEBAt|kQp$Bv&TU?(cN``?ct=?=$%HxjF-(F7!K=~VHKRdiUASj~xTfwR zo%nGFZaxW_Qb^~>$7Z-|y37DQ*iQ7gQ?+QF^*TjdL&Uh>q2ibWMO$HJ2_PHT)L-`(`cn@WD_S>v1G*Zyop}5i-J?m$bJ?q zt@Pt&va-#%_M00($yJAT^cZC^;Uqky-mkx&SUD>q!~60bCqAzC6T*v)I6bGFJLm1S z#tn@jlu`uC)9x^T8t)!)8wcYx)HGKf1e{5iuRK-a9`=T`D#a%w*9N)huEZLB*KJ^pK z?#Wz$huCFQ&LpgWou`ZAiGW0b9A$mxytu z1Sd}X>=?cr-}g&lob81Xl`0;UQWCLnND0p?E)&1VeuB95GHNnvtt0Ji7XJydsOXas zGUq$?g-fNZS^#a03RS)quU>?G);#dHi=v9Ifx?Na`&i?;m4L}sGFO^OPC>n~{e^K* z<|b2_PCn{c-$!h>Io7v`63I;z1+RH41mI}h*{pnlP3hbnCDpM%z}Fs_y`<&UUX7N{ zJkO#??o{pmXpUhanvBm(>FdkRPPx}N6du#h{Msel-m%EV9yc zQ|E;L^uGL48wjsoiLEblG`ks=v8v$7w@)lvae|j{pkM+Yr3#?RmEpnOGewsxZ6Hu} z8EO+&o|ss}gqozZlFo5D>Aqm##=~tpVkQz8J4ofmwC^bHM83e(&k210?UPz$Yei{o zJjy;)e3Zrcf5qgsBb)T!qjIyX$$gqN=j!e$_yNjrAhw~Lx^0%A@2w+AT4j=!GcPDi zoO-=Gl0U6vW?Lc)5dg4@BaqqVzO+41ZscVIGUM6J6uwz*%b`3Me8~Z_*EA@1M;qbgvZFZfGNV~gp3Fq{vV4I}x#o7Gt(oZ!E3wE?{s+!?eJUNQZFN*{Z98r~qKCiKdZp*Q;`8s_@6w z3JTyaa;}fUAPAgM$X<%T)ZK^p`w+E$Y;^QTunTGS!U5!Xv!`79mGeNm!rImg(jIfh zBz@0E`zgYwm7Vao!Q~x%ECIqr{oTZHICU-gxp6%hIzW__!_sX5wp~CviK+&8GrV(? zcg>oeRnKAI&u4lISSMfOl)IqAp9Nf055eB}M8}kWwCHX)+>M|is)q7slY&fkG^i;EQ+#z9J=vLuSH9;8{ZPb5B>?T*dbG|& zs40UPV^x3Wk!xFZQBC(b7uQL)1F&NH0!~fE+@u)2qJhMaD{oF04;qVdIFNhLykYRZ zx)8*Sh*7gnGa2&5yr?{(pD*|E@s--ThkP|JjT+TS&A}Hs+%Zf3>5^S%t7`Rh2QOfqC$a)WrMs{Wz>R*IxcFS-uLFx-9 z>8Okjz*O3jYDVtI4MuI@e%0u-#?VNu{^zC8+E50)EYtR ze-nNDd?mLNSG;`e35Og0ZkD#t1SqEac6(Vy46^w1M^N5k<|b}p+y~hGHVa+ftj9D) z$p9^tO`GGrxOk7vo726xD8Mv(K)S%COYBLj!X--R;ja*}sszfk?raoa-eeS2uAtoO zxh%W;A-ej55Crmil1~B0ODLhE!|Czv>NmoPtNnw43x%T`Ai0!rO9jSV}&- zlnb;dS}JGSIY;HI9-~(X3N$j&BPLd{dtdU`bvW-e6#(fg4#6d6U)f7cgJ|xZoEBnVFUcTn^2G>3~&gEU~ ziuUwx`)AYOcJcOx^hjo(Bs0pllp`=(1h-*oOr%;5l)1Gg+BZtIjZL}Sbx2SbeSZ*^w>6HjZ#K(qw0W}FHiI~Foz;5U7OP>j258PCrS0kmO;w8Ls<44BV*9HLY-wevK?2bJ8rkKwyaZw~b+ecK)GrGBi2~=VU8E zeIqkKJOZ55gZ*mdB@jol^}TvU1zU#X_=P@eGTA)K5s(3AM@qfZ8|qs|mzywwkQ(=z zk;kV3~)SF5cU7h4`5H)CAi@=4WI=kj~-v#ugLvFNA=+_>u#Kg+D^ zS5)^q&J;05c!tHnsBMs@P3Bp?B~M4mtCczG$)T3>njAcTHRL4}cB?jbcH(#0U*aZs zes?dq#dKqX(toG2_3au`C;c{_;}YX((q@DEFk;YJ^Ki6T>;_iDq62J>+OYx!x*SD`1^M~NF{F5+Kgbgb6-jFSGT#;X`a$sY4V@< zqvZJ=@1ILl#eV<2wwIywHWFw1Kli_unTsEudzgwJ{BXv+l%;xo|9_7@=l<_Y!bDBU z+)8xD4e-&Ry&S>gWJ&Q5 z@ky04J5$<{2y*Hr%xJ{HoS}0*(@E+1CXIE%5(!idyid2W@c6HRby{4nv3f(O*) zcm;jI+Y1@hEy=S=9jsBMjPmPWqhAHai`$EeX_y3UuMszGxYbv$Q27jhY9otp5(a35 zhhvyhQw4#j##zVC>!-|0i(^h!vRf(W7lJHB;N+ugYWK9#>1qX**TH+o@LW>=sm%y$ zJdq?N)~v=X^dBf?^^GjhvN8%maH-si)00eQ^ieF4XLn!J1I_LJ$yWn-)rKUSPN! z7t%$`e(T)frR`9E(;ROxulCI_9f*)VWgo=q@c}(M1QHgy4f&PYG$wCChyNSW*}o_= z-h(KT+S&b*2*5oxR413xj>qLN+@Ay*+Cy}a>UxQTFP!b>F|b<@ouGZpr%INUbZwDJ zXL0Aiz!#qKk*%LntPFP&&0VBLUt9T6uwg}nLQ_40meLTOvRs85d?~RPy^;pR+HHfq zegX9Y4J6M(ArrUMJfB&#VVq#w^5ez5|+P;V^$ewA~rL{=cdwW6!`=Bn-H z45!8uK7^y(tZE4KyUZ7ioc4r>Y+>B>`DEs;!cp$_lIWR;Sm9Y3ct3954A0VlQrxfk zdWb#pg0u=%E-2&F%1HK0K~3!~BGeUOU>){E(+g#WiqB+;wSmevQcSD!%=MT*9SK5& znS7)(`;aKzqj3DyXfqI4NT@N1*93jV*Mxk8=^(TPTvF%$`yk zsXpR6DVuGB(u22C!74(TfqH9ttiWji06xbWXQ<>FP{DP?>GKo?5ph3GVvJCPq!ka#>u0RRM@PDW{g62+In#px0oD5p z{o&S7_jW&+HVrN5*&FWmA=0N}h%`6GJZ=5h^Psy#^>qSkuIxA`c2O=f@oa$KHpSPB2hqY_sDJE@B9#B9tiZ>0Nxz*q^A)O$c zZ6z%Y&nY?^8Goq7|9N>%Fl|r7w>#rDxCzR9F9iZ&Xb({>&x(VAeco5HetWJ9tZ9B+ zG*VZtBD%GP`chX)T1mRY_xusYn){~q0Sz4&;G*vYc@59L$(!Iy%hC4eR4||`51BJT z(NGh!AZN-NS}ED?pe5+4JKA*Z7WPqfkY0Dy?Q)S|?ymDba92!;l6qz>fzDz`a8jrb zo=+nS;b%l8S;h_{c)r==|GM727fFUhrhnU2z9zt|W;AdUTAoPZ>Z>M^B#mestJh+f ziMebw!iQePChovEJUd`o!4ITcd(Hq`v)#w``;&K8tj2k0obHh!$5-;4FfRHK??qI& zGECdmZ>Nc(hiWa6-?P_u=gREkKMX(kKZ*cpt15&k;BO(J(Rt5?_Bb=0pZB@Wq2#e6ky)=s-y_=-K7IPq{nDXs?!5+^{er*{i@Z1pj^m8zPg z?*7(YGXQX0!|TADkHe>oc! z>dI(ATvItdsG;qos0v!m8bW7E95-?OY`+m^Hz|6J@|)gM;d}KK&=Ja$j$f}8zX_f1 z63|`OPshe=N-#`9gYwE{roU#AdemR`2U!aarJity`9Nt4g!j8)&{R~FaD<+$dN?Sc zXjE|oe*KZxs!7KNa}Jvn*sO_L)Qq$J9`0}501X0C{|Gk{E6#&NuPrz)dhc@!kDJlh z2Uoz~vEh7O6pFzVm5C8UjHIJ!&F0O`==3RhoW+td^n}=dy|AC(^iomo&;x_#(<-{n(0C$kZtbDO#npj%sdObh6?enKWoR$lhT zw%O?RXZpkQY{XYY9RRL62zjKW6y%j>B6$kYazUP!J=e#S>hJztz(P|^_ zD|`^(nY31N@K%klK3Mu~Wxn)21GV%feDl;YxA;_SOIwhoWb=Tnc4?6bdWqw?-K|~I zi&tQq40;yYU(t6$WW+^{dToiPHe?TGkNu6b$QB3SQ?Yu7jvJD`$bYz%JhNApB2X2AT%jP%Ku8`p9K%WM;EOm< zY|&GU%+*n!8~kkO0NU9Myr}q%1GMI~ed-pAxNj5y1kN$`EMy6I-$0n7|MM~=n_}8# z**&;z`<1*hsYpVkZD_`^C@=&qQJz*BOY*o}Tr7{Snp)5lNY!5_b0#pRrW2PfNsOgd zj>YGcVsdDsdYhcHckLHcFrCBadV}$a#{4g1)ZArxWP$BZwpQt~6g%!dAL%k-{~?GFlUa{CRn3Gcb>{{XYRwf21p?~a zb5FQ{9cx(9NJLnCw@i!uwaUS~lAxpP>|<_`-sjfoWXa%$T7@yWBqV8zr?p%f2x(@q zddk)*9^%3s_krXpAG=%d&({*1;tThV4?XycUoO&9?u13i)O6?w4V}^WAlC5wmkf{- zXbeC9V+)n0h~&WB=DnIc0C0y}Ea)hHxRVUp7ZTL@Oc@;DdjXQB=v%OgudG{6iYXf7 z%_a{43gGvc7sf^MC1pUSV<^ioTEpRk_gvC-luXt6_io#Gv9fVXYC8>=GLW}bDtZ3( z12L(UW%LWjhZXAr<57m+B|P<~vgC=7-f*q8Xc>^MT#T?{jvTd7#+p;9x-4^1o0p-@$k0t;vC6Dl<-Ox9c({n2x3;P2 z=RW~%nvaJHAZ>y8DW|kwn!NXGGUX%$;DB&s0}i+b|EbJ%xgQ~2<;XZao_;;qv**?F zZ$ZWt1{v-8595kLnmz-=5r{(m)Czu=#Kaq8QLQ+#s-6YbpzY1qjMC{)i8hz=}?e(K6|ZS061?EG$6yXiYvo30!xQ1*xebQ+0&Y`IBQE0Yci`X~~dxhWnKkJ8)-r5V4bIEjgKU4Ay!QgTc`|8$C=sP`Z#5I?Dy#S z`aXmCdo_D-?!x|$I;2<<>xRNh?apb;Js``KfIe%VpHqcr?%AzX=d1FvQ(YXRMVfnZ zPC0D0!}c0PXZ>FgNt56^i*Eh2ea#s9%Khj

      ?wsBRSBw-&)t=7jr9GH9w?t=_P= zL@HEG+GjVFF^O#PZwpq!G3$>59;yoE`vIRpw!+O2`Et)3H0u^avMDpAh{PJg80;~U zwKqSay_<3yxH@?}+l;@{m{xbbu~b-Rs_@T?gQcCmvUOlCnVATJF|1^C`}Ch&Mle)C z|B)MVr4px@r7-{cOceiOslZD=(JcjyC{GU#SZG_0`T4d1q26BV>Y(`E?&f;>uiS81 zjYc&!RyDMf@Jy!XwN`*D?P2J1!2uB+(acI_2a*C2UJn*32)T7Ey~Z;GUcGM4;<3b+ zg!gFOP~?SJRp$9Qfu)F48)DeSpuQP!sNG6oJsV)pTCb)%Y=}|DAH7H=0tr&#IL}7J z*_Fixyy7}yDLY+&K>$rjXx&{v#vJlk-$%Le<21|;JJ*T@TORb^r%*WsKLQsqsIaS$E=Gm=nH>7IDr70i?1bBJ8L3djm~~ zJ$d+StM4N|b3$lL-?$oO6U^+eIfUv>C8|q2WRQb+%(ITD34aMl!=2}3EeJgPwNf<3 zoVkSJMi|nUwnCj%KNJ zXva8JD!It=R#Q_-0bZ|?WjHEkI!yI=(ZhKtJ*3yo*mP)$tC#sp+4{+N4e%AN1taEt ziJSk?7*t9bIdt3uLTbIoMQC5!PYbKDgBuP71Ie6hfrWo0231RGa+n0^L1tLeP&+mn71e<@=2}IwWzY+mfpjfyF==y|N0!4< zWghmlaj~Mtl?&d*)Nc*4*6>0}BFW{J@a3}JQ8~3U5Tn=mi-a07HQc0SQ1sfm!plND z@gg>nupW;dx^Y@E+YcNSoW>BmYtvenak~gJmw$(IHTHYaxHk)mqxF0!Dar4&hBTn* zs(^zKN(miE=ru?bjsQPxO5VDyve#T>yBx2&p10dl3?eI>$1oo$bS-w_0#P6~K?rqQ zzj_sDY|FPrd4Rh+l5^34FH3pxE!0W=KV?Djuxn$+H;OF`yGpbrXf5||X)sOH4OQjl zByC_>KT94mRXDZf_>?PxU&wfXsVV8@d6HlDKM(v2sqJ|2ggi=(Vb1muu#UI?+6o!j z`K81MQ0hoXd>{jH;n3PtmhJX8|FIR;O7M*&w~hQL(Bm~9ktI%qJzLCJl&x(l6QX>c zU}(VeTb%D1_GBZ^c;trPbPh5_#5-|(^$~|QE2?bbhH|6w@!ej&__>yfb*P`kif}AY$h7J^e-9?X8lThdg%R7a*-HZG%oo^d2eS~#_v{=g+*@4z! z;vQIdBEXehZOJ+fr~bMSBj>JVGG_0uobndv#!=#N)ASJJtS{1W&v{A^L31T(de+LS zU&}AiN!Ix%AB!hm;+k%Gz%KO9#4;Wt1T@b6;Q{!d959! ztcaupxS_FHQ717L>~A#bX$Bf?Vm)dpx1VnTHOra7@LKMVD3}&hvM6^(HhAGgH3wu% z_*HXjn#h*(nW%cg>OZyXVlx@Z=DSi=&uX|<78B2|Mn?+vi@RWCUzp7jzwI=Yo)Ll zu7eyClf}o!M~drPSof>(q`BGG%iuBvq#nWY$gq9;%GsTpbk>!ssZb-u#50oYxYL5# zfVc213YVIdx&;;WA!8ymhFL`ck9ei~N-MPdIou?$FqTbnWxrzLtfVk+zWy)c|6%zE zeE*B|Z|whz@^iD7KxbM{oPHko%KIVxW15!*Tt5=P&Nr*X^v}urE&EXwe3wCY54+Y# zjG)nue_Ra3FfVN?o(cnU7W>jOE~xz-FkQ(KM*vRgJs~;fhbMd{AsI@Jzs|}f{wpUlV8oHFU)N8{Zu=T zJrUZ}UK)(o7KlrjuajP!w#DC|FOJ$)x~{r}p0=Mn@CR2+<4#ctI~27}{WO^x(IZaD z9OZ|EV;^N(uFn}bDotmeafMoUYv8VGO@xXuh1}CEe~~cOt-yajvCF^94F6yqGQNLy z;p^%m-sX6l*LA>H(Dr`o8jyWz$vM?TVNPx zd;h-B;wjPo?PNJ9<`^uE(~5JutreJ3b7D(} zUI7P5+(Y8&4(Y<$Nd*llK=2^-b!UhKNqWfXF7w!}c&90OP;BL?KHE_Kv(w$4E~B=X zI!KA(@OKrw@ENCB7*TyyL(OTxkwn$jZ4Fh#9sID;eM1X5TzY-)u3n_R0S&Pb2xJK8 z>>fdzk$4Em`p-!5t>1?J81=caCvOA?Pv2<^HpH9ny~I;T(kCF1_UUDd35)(Ctn$mY z5tE;fks{42`3E^f93Ikm2#W79mQVq{kr&zP^ukLgMzS$Z)KFw;c~^hl9KMb#5uBYw zQPj(C)KcPcafpepYfn>=q$;w%eAnLw~cW`u`E!KX4X7rx-lB+mgVJnWz9}_d`?tq13?~{nX_G&kUgS~?TwCUbh zGPc$>-O&8~&eLQphGw&eTN;NgsEd`Y&M*AxYu1@1#i>WGh(-*40@9lC&prvwPt#S~ z80WBRkSO*KO&f3nXEDLx{a(eh!HZOofxc73=c;U=ku_;6qt@OTnZiU`WYuGjF0 zArPkj&N^pNgCGV@5;@51$MQx|UQu+a{T`5_lJXs`=&Wp4*yk$miugd@*u9RV;=yN> zFJ?`$;Io#z+(Lvu6N>CGJt#&W8&qi~YpG&4nPj!B8}j1EKCe#Yh8m8faVipBpTSOP zbSgq4KF1xX`-J)&b~C-(@7khSDqi)>F`m@C(yQA@dpa4t-cm0>=58qG!&yksf<`1*~?@4tUIUojWkzdxw zN@&|9?}zfgj|X?XvKd*S+zs>nuMq&{+4%gwwEyE>#r-}Osz4`PR*_1~?%eIsb>?9R z{vfb=@K(tX-eyBJ1qh9EP%FF*lo$AYKBlY=>~BW*@y26Ee%8r39e2bv)+9h(?^ByO{PU50|Df)%RU88G*CR$7 zsnKA{vT{?yiV)0eA-0aIPg$ro;gJNInqc)H?q#lZOID_Rd;XnmHC=zrjLp3+V)hOT zB)Hz}+n=$etDl4=UQU*DdgjfHy!4vD2DM@t#KtNo0ag(mvfoi5Tf@^A0*0!qNnFnH z(HqdBhr*2rHYE(DX6@cPTq+KM;q6qfspd9AH6}vLtM?jcyPLP(8>))Sx-7bQjZ++g z<CI#<$@OazMT2?`QAAO~cz>GFTB4)%5Yc*I&P>;v^rP;h+e|t&B zn2Koh8LW(`2bh*<)_xk>+foN9FiFe&f{h@D``vb~$2!^jnpF}rJ7&u7I@x!9+c|n) zPp|CV`E&IDbbX<66@Kv*L(!cCnr||6dh6Xh%?KzIpK5AFf*fnAaqhC>z^Vn43=Zd8 zc~G<*UH!3Ao!8McrBKPkNo%iisxISW-xpi>ogaM9VrprAA|4B@t1;gR@mtD{Z%6lg z=A{;SkVJ7WfJC$oYR-nqh|C_Y!(2;xggZd$ORYi#|7wH!n)n_E`e*1A8wEQhYQaX0 z`qN6U^*^9CzsES|A{#cn9}rhNsIPDC|`60KP9gKGOOe^OqBny^gxegBOF0pWtgTv|wjH@N4tZubeVbbsGSAtKZ z3;mS^sW!tKfvOYwx3l0Falb&$o%|Fi2HQTjYOj#xUnHx0&d&WPe|4e)Fy7Si=JXAuWPQ-8&4>LB_I)*)OnIs6t)C zWSp-aCF~JBAF}}28P(ZserfmD+sS}g<=z?Ap}v+~%!=x1>u?Uh0cfX72Wx(h-mCD8 z-wHj8e-xy^MxgUX9@DI$cP*aN+HRB!C$4ZEpZlEkMBgd2LaUR>`W*R3EsoqOHr$>d zJ2WRe6fXWWL#^rluDD#&=iAP4_p8EsMpC+Z^m*t-$+T-r{*%U1#h@*~-Lb+ZR=;nh zOLr8p+BAU1Jf?m(>98gf_a*C3Kf|2cnhhV{XP3-{X`nO%l#0(R3o0@%;d8$%WH2MRNolhcb9c))gML{UUL&zlcC z;1L);5S#_enT|!yz$^$SV*I(*kiaU+9B>zOX#A(7I0kJXC{@8gse7F!XgU5*u{9ES zoc)d-w5BLoJ-EP(e;;D<0!Zh`8tQwh5>q336}+S zT#aSVIu^KB`?5|;(xCjgpm*T#Uc|DQ3}Oq|J*}Ob2`cDatD}qOaGl zjQpCUUju^4fP_>WAxWVmRu3pkx%rA>ijx5RIOPgxE02(;;KCF-{*8%^>{cw?G zcS&CvnW{c&NZTi8g=^fpA1r_UgYirML-luhIDZKK|0DH3$lv1!;oll({m=d0M;WTm z?%JQ99kGV( zb2YpRmVJZC8R|SXVhM9>8L*O&mhl+rUtj>>?B4xeZ9Zrr1E!MdWU)qCW6O9f-j}cQpNB{n%aXWCiX2{JDK?H@;`zFxAA?0ni++m6uYl4J+D$M<7~NYd@xqk^i#h@q32OE&;G zr)0p!hxFq~gcJ)>l`2b!TLaLz!#H2(WQ0;wb7u{vo#>UsUJ|Pa*Hw)KJ`wD{CkV!j zO6^4)RHzFq)EJb9?^3ow5fN(|<4rFgq&piF)WJ)?uG|r#u2TM_He702>zidb>?^%Z zIfOFo_U#frm2>`GrEF>!2A}PC1Mn}f z|J7-#`yM)iSc;d+=s{@=SZii2I&FmLz#kFFm|nOIy!mMFv+6(iNito z4y~%Kj`H({>G$)D91xWjYYk4t$uwP$w_tAGUiP%PE-n08@d8xj?0N-hdq(va|jP( z-VucxDD=y9I0jaNmN@pR9xr>>?}zceF&{UATt(lwzUtYths9wUWu-bLA!m+9(2EmM zv37={sQ8k-x%(2NtG+VS;gf&Pfqb^zXQ8y5 zo_=>1&XGy9qJruH^NQZiTi-;ISk#y@fr${`@P;JUA~3@JZf*^~`3_2&C(Kn4!65m) zidKVXl~g>fF7DTn?i}s=@hq#)^Ndd~*5*P(v$-H?1^Lg-9Eh31(w%dPk!4_t17y)f%9EZjZu%a&hUO4#+3G; z^#%?Y6Ky$aHEC?RoMO0ZIG%0Jw>{%(%XRH0RZ8KeVZV~aH zbC6egGvIjx*6>z(1jt?G!y;+0&ar%26@Yw-G+AYe8)IC5r*-Dz0_Q(lXTo@Dn+kX2 ztvM%oB`x>sD>eL-`&j?|Q4;`^Dk;B?eQeAOW(dKQm|J@n9$Y^{=`m6UsPE!0M5k0h zQn=QzKMi~lBCpew%~~tiZIj?g*e*y1NedV}grXvGjs;Vqvv{5`cc6Y6@y__j0U?+gJsOq~ie8_mU%GF` z9TS`WRG<{^8_W-op}}$L?{=b^3Pp_`E@84{%mx>*1NjHGoQ~{ z#Yv&K2`|@g9J^B2aU zB)gPWis!CH&$I=gi?Yh*^113w4^taQn4P<)Sdyk4+7C1E!+GA}K1Oy)krthEONOf| zNVV0lu(_P%Ec*QniUGv@WC%R+@{&Uf-+X|V=bEs(`oFW8oBgs~mD2FS>jYOplm$L@ z+d5H?jA#uxMObRzy6XEf3$eWT;7jh^&m#VZlHAB-rlRC-`6*7876Jn_te#pIlGj%D zLRw74w8n!WFjU& z+e2xkas&qxWtu3uca@bZ7MYm2-;It)r~WCiJh73Eq)Ep?b>2yx;!W7Z5mG&{XX{(9 z-U%`kiIBJ-1c$WTv)TmcSpIjB2Z>V81><_pDt4;Y|FZ37wrM&!T(N<=f!DzI&jfU! zvcT5IC*sCI{0X^E@1!-}7fHn$i)p|9N4YX18pX5kS1s~F#!jHt#jNFqc|0yJTy@kl z48%GXE~`#AZwM@az)I6H!d_G16a0$b&&+Dka>^xzj2PZ_W$Y93DhD`v2s{e;F{zy( zg@{d=rM)TZ(n;P1(JChOWF3K!h-fJ+{3_2Z(l=M3V!;0ifHZ&0tGuanrxml<55pmi zP``{0*y;K(m^}fq7N|n*9?dmZ3>irlL}o5o%%}bz`iEC_!+rFJ+6#%Vprngt+M>Vm zX7WG7x92#}pUK6CYeLIah3=EjdA1{TOL+!z$rRIoA#dN#-@Ti^9k>8evgWIG-_)B_ z$w`&`XHX^o-Z@j=Q@(fnaM02k`$6*!7qQ+ zZdzWA)Yn1lg;sWKzpTL8j_#Dz?uRuzn*(}ec{^bZe&s86$2vsWEtz8ZP>j8+dO+cQ ztH!lG2y#sUH4d?Vu)>$3!N2te$t5}Y-5=H`r&!9Y8#XT4s>*1o_oPHLIr;hjc{}?r z|KI=hdL#cK|FQYU`XA{(9{;g>^K*~z>kZE`ZZk~me{OhQDTw`7r6ehILt^Yfk{zR^ z>;*2J{9cMmv73@D`ICR0^eptd+CW|Mr_NH9Y{ezi(1LXIHO*77hn7P)MF^{#3J~UA z`Tp8?fQ{uVazcr$7PEqma0BbxNo!}apo!BT+{+<{w`Ki({VQ_>_1q+49&I$~~#6WR_G;EEY1Eg+_ARK$qe1z78<=B7a@*Ts+Q{Q&WQ7E*|T6l>#l z?$F^#*!_C%rlln#=btWzBWE65Qn$gAXCOG>`d`o!VBBJZl#RfWr-W)95zi&fP4P5K zqGTDhjb^l#+Bh4ACmu#JISihG>FV!UY$wcH|DnbT)>94FO!ff?BcjlDMIwh?FJRr* zN#YWpNL)_MUu#~#4dWTLX+>sMoBW_{x|%q0)OCJJJ_)7&rycJNho;t zSxbV0id+!moHBLww65K9VcF?jFHIq5oS$bBT$1ZtTTW)?btz71h+9i47x@e@8{V>hh+?zoc3S5+Z%vm_(lcd`@$F-0s#cTB7s|U7wb=o<3t~|9tiBr`_~!)5f8O0qmPnY?xZJN}{S`QOdo6 zf$x*LjiX8GzIy|Ofe zx=+Rjn~|0Nb*ER7X&%(dI3L_I$dxQaIwyBxQ|Aik9WmZEn51nwsRY#ESRuMsJZiFQ zUby%c#$!o>r%eB(&MhrO`kws1IeCZtB_07D@R#dLce(!se)+pQST6EA{H0`S#Z$7t z65aZ;eVwyMOpqgqsafqvMQde9*oaL%Nb{LD;sKuba%8tL`?K4{4)(ukz zCp@mn?LeCmcVEZ@J3@NOy^d;OWzaE=T0fiud4yf_G_QS;wzbD^SbJcr+PWdF^U#lI zQoG-Zc93RVdsLl+OZ5KnA~rgjTQOK z6=pgI4UW7kdQQPGGp>$aW7`vb&iRIxJFRTHB~V9T=E4rqYATo#2_A@@e_=hosBri4 zPzg_;Gf3`aqJ|woUF#p;1FOH~?61KTsijn-)17)D7{id72NqnFHwBh0jo16dk?j35 zoU4wB##SrMXq6B9{bFMWIN2JP3dY_%CO!LcI^8LUJNu;fC@lJc4s=g zJliK7Ie;HPc{=V0LS9j4^1QDj$TNJR;U3cmcb7g$@v?oT`_;BiWR&XqVy&g))afX5 zCv;5W8%e)J3+dxGk3OtzG+B81sl7nM=oe^F9MkkQC^E)1hCZw%H1SSjbTjDoS~{tY zTjS%bWmI$L!`nI&F|00;o@Xesp>yqOaFQL-$~hvE&^(7pPOpZ2i1hRq=JGdgj%>~R zlBf5u*c41RViY=?` zjw!j{(c1RugJ6C)o&t3&@7bovsB+Y88kyQ)R_@GHc|7|KtVGJop%jLY60%__uQpLK z^5jQw?e7YPm<`-NBv9A)qR9g$mNrG0oG0(T75?Osyn1B|D>0f|hb*$VNZCoN8WVog zP55KeDg=ug8-U4cL*NY&CHcrUP$KGitM6TW5_4He{tJUNnz&84hq~cS@=peJf$VNr z!^1f5JVMnT3LEyrKq&vk6cop+UJBIq6S%82%?+%Y=bnO{0b(`@tg>~n@wb*^>H$1D z>k^PAV!P>dBv~-^$QX*SJG*|ZJ4Y+SUJVdXW7P)05jZN7b*Im6x6XPK;lB6WdM!TA zdDdlQ8xgA)w#rSy6LOzNqmHh&a3ps0+L!|ZEyBNb^TS1b0XQXYSGpb`$C~8hxMOsF zb8X)5Wh7>PW&oQcjeVEAwqTj6F9Ij){LbgeX$hWLi0ApR{{1;DyKKy#E zE&}ip%J^cb5I6;=wGvb^Nb9Nc2+9^@Hz4*_T+JW;4cIFYn@yE-wL61C6MRuAQOdJa z>t1J)uV%DN)?6{DhjK;>K7+|Y;+vdr(%;l6b_dJF2k!1O-`&f`q-?)wfSpfdwE$^jvr35)L)8Gubxtnm zhGiGjR}A%qw-UfSGrb*$Z|25PdT4kM3q1V;wms z;Jax{pOi_sypuI8X`)yOz4!1^avx{}9~oA%O^gbW5?ZOXC=b?fnu_c*d%HA$!oMW? zE^u;1O!;l>EB8^P{+57y!n^rV12}9ipy^h((QkODcFUcuK?2n3IaNY zu(?xGl_kqnw%hxLm$I>o!Nb?YUch^TqQ6F%L;VG~@BNJw5}I2|djn~cg@k!e>)N2cxTJk&bhPHm%)aBI*Olxl{zU~9VN!nW}C zl58)bzWx!z>MOz=+lHSO+zE_qKV6;r<{IIvhSL$eYb$026&(94m{yGHn%NjfY18gj zP7baT=^#u%DckG&ndmJ!zq!T{&&hY*! z?x;Qm)IObkv3e-fJTz{Sxc61)PCZ#X*x?0%iM<*8w!5ES1{-6 z79Q#^O@N6>pdeBE`NBICRkSGh`Jtjl!2(7>s=fk8gT;)36pvo)sQrA!!bj~Vk|U#D zla2)P_A{8~jK%82mX+=1R*8VFXuf93_$+unls4XeV&!5?I=OQ?V^Yh5{Lx80ADL#} zej@D7-bCWl&x3SHH$gon6+MFH*ktwg6Uz$tc$3)M&jAVTQFKWQ`x>4c87JLIRMLC< zIVb@>a-v$EMkd2YQtYM7M<&L1Mm26ZLkaWkXLRy>GJ+DRuD~$zgFGK>Ng4XZX0&`MYmLRBmVwGeX;qpHU$Fzx{k! z)i}OHKyV1Qguv)>0pZED%Lzo44hWKTmKN}o5s0whqRI@!D?vxqa!rpMS1I}Sq34fqwH$h|*y5p^hRC)+fBMVg<~fwIRo3duNBTJAr;9nfCA z2KoP8-3b>;V{Q=N{%9JD`hyL5l2s|9zknTJesl;~RXvZLi6_CaC^u*#BUR_n_nK2%jx#KDYulmz znxd>UQ5DS&3bHm#!vGkxro&K_f3aX|LJOL3IS^(m8z-B&e40*E z-VtmgyAcO2%tYik_jvBSFemxK{#1|Lbxgf;fc&JouU4M~;LcH8O8yH2WyPIVLkzz+ z<7(CM*K+pc7RcNwS}K-$TYE?FXtyiPPz(KLAb5r|Nm2&?8PbjyqEaAp;f^e}Nhn4d zsX}K|s+&?Q*gX%2u6kWUr6QQA50UK!?nlExVddE-oTgN$%;RG?y@# zXHBp(Euw0o5uRg$s5Fr?b7!Jn4}R&dyg(Z!C>4A!|`)bOf|m}AMP^!L~wnBw<2|2vkv;j+~&o9h2ws#CI|$(rXejtG!u z5+HPXv5bERe2Xi-ts9r8sk%JR`)ssqPSS5U?VVLCcC|fbd*XKHk*hyiPL`P|xut6&l(o z^WLw^6>BQvt*;yXw#y6wQqGlsS##=;oHZpfRu1>#>{bI??%{?=A<`4s{(WSRsa}$1 zAyO2P_cbjrvz4OB+5qP8UjXYhw2j)3QMMDOO4ddqs*)EOBY&!0YNu?uWQqE3q>|QT zf%k`(ymoB;$^N(h*55$Cl7!!jDBy4fFWT$RjvuClG@zz7_@Xh*#=#;eb+KOz&9V*& zImiCCt&KDw3FE1A(4-|JpTwQ%NPS9fz{}A51^j)V#MKi^Dpx{WfV-U$w=Np1iLl|k zIuW*p6$3@1l`w1QSgi-PYf2WIs2)TjPD5^R8@Ir4$bU7C6tP+G90ykC!8PBsPEsdQ zO1}g{I%Hw}fxd1x@DY`*Ywxa0q78-cS`oRczgINt=1`kIc_T@^Lb;DTOA}gRa-2z_ zv0d>IF`odu6vc;Ufnn#RaShQ@@dVl|nU1fH7*r_ps%FSL?6nlJ3HSTI*}rHCR&tSo zQEyBNCzsd9;kC(KGu$bbR;JX4wu5kSCr8z3+oo;ko0ep*PvxBad1pa50LVeyse>dG zKkX)oBE{A*Uy71#SxH`}0uZch%M;b>Ol6<{o0S5XEN3gK__mHiShHPOShFN=$!j1+ z_-4aWP8G{`u5uX0(~Mr_;g3JR@{y;^%|MBpjxa=}Z%-1|*P#pIu_t{f zP1$7=768U?faQ>Kn(s(eBw~Y}r;KS$5mHeXC8G~Rvwx&L$uo7xojTX1D6O+Df4W1oY42fZk zoS5vvb~!(bD=5T(FU4=q&_{WdQK@+H=S(CIdd4xg)yesfcfH?rW|))nAMeN|mk*(A z7u%JzZ68wdfF-3*P9#|i=$Hw1Z`7Ez|^fX7vdAC>c(5p{EL2U&CRm zuz!6i@4e2X?jpBh-Zq%tiqpZm?L`DFM)hT)Pw3PZkaM#bK8LjWKVo1zpOE&~xv@NB>laEDAI zJWgN=DNhN8UM&-SitLZsyWNh*Fw_ADh-!?C#+m2 zXDQpB$&|i3g`wGcMyfpz4^1k`t9P&F+MaQ<652kspYr>1U%h=rUW*b& zqm9>$(JixSpIFNhbnrKG_s;sdrZ-Q>79kk;NI&OUY*VijtDn45WyN0UU0RAVK{*WJ z(lrBw#b;lEInqp(=jJ~As5cw79Z5Tx!$Xxz@(L>Wzxskwo&?L}i*_4$VWB64!|=Q}fuH(zCeo>6|)uAaxjbo$NdFICC3>JihV z&%V2_z39J_OR6X;F(z@%wes~{sL#a$@@h?aH@9X+qEvB?4inR*i*_-Zr-yo9{;J=yIbqw&$#&KjC|?rr=Y7 zE!&N|@NP}Dz#*F|QxHdjjnzBtyS@un)}`C1DcVRb8HRPz_ZH?|(`x^~r)OAFA0hoO zeUDO$U^Zad;=wVm8b+`+q`0I>yR;WpKK_g7EePsGUv z;V@z%AWez4Z11y`z-Dz_FW5mJa^4bFtd}t{ybD&Wzq{)?@burvcXzd3*qkFz_A3lm zqOozL571t4%(dUt;z{BC?Dn)<+8yv!p%zH(*XMV~^WH zZ?^g^F7(;$)%oSetNAAV&00Lpl$ceL&A4*kM_;BrE~EsmV;AwWb?lSxC3=j(HKVzJ zrKA)>osyCoSH4qh5Mwedt1QD6S0!VoZGVU->HqlmbZc6%V%X2|S9D^%ovYx-dQpEx8!{wpAy(nt)94(&OJR`)q7cS~+ zUFMbRr9Gr2O@+ix5PB_6<9w1d-SGUIIEoy-)PHmDh7@^4V;ykv9>QB@zQqabb9b79}zyL{_EgYU_JK?_k-nHyCN z*moTGftRIGp2mc-8X>X~DI*JBw*l9RfURc?cczC67Bzl(-UULo`jor{-Q(?l{?Grp zfwB8;U_svg@ehBPlS|V?hqJm@Vr|~hk^#P%0y^8@NY5;=xf2XN72AqpbzZ$`8BY}U z(85D*nlyTeQv3ZHe*$ZHN;3Yy$WlUe-loP2!rwd;6Pg3)90t(rie&1G02l&Jq5UMM zPG3uC!27^P zAz}*#MATOt#H=e}8SrQo!8d`@MZK{Et{7|}!!s7HR=A0{S+19RCEJ5kTfE%5Kli%p zb}ow`N&jUscx8kqAG}if7e|n2#KnS7-1UM_%q4@5KQ4ezkFRUVfJc1U+`5n@SVYz6 z$HRfGLrw1nniIN^BC8aVZvN4TohVL%LD|}IAaQCkEl~u*KCY6XUuu~TAGHL%x4hvD zW*7_^1+vV;A)^u9)4w4*@yIq}#J>9SUy3xv6_S!yoh}ozb{v&J$j$hBV>q4 z9%F*tU6a=rb*hH#w|bo`RxWA6-n30KKW@loN~~#~W;PFmuqV@TPJbyaIV4t|w_Eo( zGAkntHlP-Z-@s1~w7hK%45onN_v^8>tvS~W0QU!ork$ut<6yVlR1#5Y6D-twf=W`d zmDW{DtObZ=1}puCXJOKggzIZz?~EJP=cly}+NDvF#g?a5(Z`0WTbof@P$}y^McxIH zBH>_Aw{{GbaZoo>rdYY*IqP8e;~du5rPNdVH)5f4k+Pd=k#V`c8|jVwH1JbIKlEaZ z=%Mu41pB_r|DV09dv4pt_V@Yz6`1tF$xLLodpn&@W~Vcbo%DJ(O}(+(KJGvyY+*wY zDnZ)O{p;@l2VbN};6Re?cq_cbk;o%_iy|h=A9P-55%^5T`%he6DhpUN|?h8KPdiUtSQePLXIxuPWk(s$*7QtFb8VTLX3U(|b&mY42 z{DlvXVj@dXbdFC&kDqr}rf~3+b1WI7tLwLoPFITi`kprB>E%S~KwstYPlsBZ6{306 z0L#vV(#90KfffE>Z|`@}!QTE1?Ct8=K4DI8Ef_mi)S#4S=nPgM?1;md_&_0xAAZ8j zZa->)f@hX*5>6j$Fx7IR+UrPLg8<$ujqL$mgTOJd5(tI}eY|QOYe0Z{4eU1ZHQd=W z(2i0-R)_Pj-Z5g}0C=Km)J-e6M=rGHwC#g-fE;f|fyIGi#QT zh@02FoS7GQ-$m2aZONklxUtpDZu(`XPUbOHq1v|g=T64L>pV<2Iyf->+Pcm`*qR$148^$Q@7f&(8VIXXH% zK031A1T%5F_Gb1YVRa!&m{jR%-tb1Y`r!8WM(fT=yNsMERW(3g1N^>7yTPp@_rh$ib;$x8cxHBq= zZb`|TZR7WstmNGiYaRI`$S-nKK# zRpDOEu$b8mrivxj#LmB3d|55jPN&!+(O6Ad$lG2JktTV~RQ zxH^$uYQa+&@T$Dy+8CvuQ#w(|@1QPYuG{t2sphyb@%Oo|6+KI~x27VVE?Zyf+ zr|R5VRoyM0uv$M_Y@3hUQJOkJp-hD^{Dpz!u1BNFNXb^LE;UrRpJ}nRryIXh4;w4^ zQwDehd)&J(Z9~XMcn~7%<601r5R;mz?Z2v~Mzm&;EXx zXB9=^#)tBS0ejICQ9UI`!i=Det|f;w?yoYg@8M#uZYoiHMj?s3hbIR&W%J<>N<`g( zCz?BcGd61|IBs-Eff27Je7^PAjfJ|)fop#8x8Kkx0qW5~n?0#d2Uyzv z9uRBuO)!a!qzAJF-4@IfNg^StkA6OT*MF(M0DeAu_a8yDaa%ACd0uk)`M|RA7hu`g z81?6FLpxAxe8m(SkF-aTy&5`KWri+bc_cz3#pQWO9-$75V+~&#-_LrWI~EXMzx#Nd z_yG7`Jsj!O{WH=-8>n3ySK`O-s9k`~VU}&B)bREbTTPq{162kd9oPvCIlbgMjsU1$ z9cSz0u!EKGn4G`6{PgbZ^!nZT8)D`2P%%9w*TS0>CvOFwPff=|`g*-K+a|5OFII!1 z(3)J-yme7aF~zH>MD2+ESHf5{Z+ZI~)GUL#zF_^|m=wv#CB#y=YERsp5f=^{kAP*% z08fIC{LrU}4@tB!h8Eu>vWPtLiMBZ$9UocMsB*Y9Ht^N`oLaLnr3sdDe^wn6@~fpd zeXX>c0XR-1(Z<%)d%8#D+jCoX^RS}vP#-Pjj@5}{7_|x7iXg}Eldt)2pFZsN)3C0P zKYS*ZOWu+Nl?#{F=c5tas@}dvseR6O)mD2QB#fhQqeah+*kR8#4EcS(u0lt-$0t$<6Xvtd2tC+&)d$1KNQHk3;Jm-;4_y!`Y zXLP1|cQ^eXk0x&e#8pT5HaSgL$7SbSyq=`NdsV=Oy%1MX=N@`rpCmqic*U9}muf2+ z)yyJdA8{V-qOQ5sH>J)^g_$NcIJFB+rzUL@jp-@e+ul|Uo3SrkYFmZQT@Z~wy{9~G z0fUA$L0N+pyj!h@5lde4nGkBtfxz%vRcing)!E2kAfUIp(xNfu_Ep30c*Uk^mf8ic zZv*mRO?Avn8W!7VgId3`4I<@z-loGbL=n<<6G}RgFlj@oYBJ_LP_ZR(fe! zy&``w^Xp1IS1Z0~$^Am;8+9j5yHex01X@R0m-gKg^}bRI;jrsT(OLhJc+cV1I&Ai? zYfZ;aSqo;MgR)4(YU@l_xn5Sh{;Ub&&1RbFj~Q$p11jIGv+((=WT}Z z^m@I5s0X(dm_U$l%YE@857GLOTb#TYZ@H6li9?7wy0|*Kx)>07!Dl_QzTFQeTDqNC zKMo5tW!9fM5OtGx*DQ+#U7dFA;+)Gu+%fc}#=?df(>md{6F~|&``^<`EQbgtoWR!e ziph){(0DD4jJ?%Mo%aE_TNnqt(vQ}`svNz12@V~E*;w>=|&`a=sL|~ zu$#ey5dJ52?=hx3=;wcSw1S@cxU2oC-^<9#*wMDV`_WkdI?41Y2v4*Pt)=R6Eb!Bj zae5t*mu<01qCV{@BpxbjdiaA2g`fWQJ$i`re8d`JdKJCYuaXa3wh(~{vNTba4vda@ z@@jH%sbM)+|Dt8tyn*w~f{`@(_9h$|9)dmTWxHPSLSNOc&n~qLNq+nR&=daWZ$Eq+ z8O+CuRL`_`Jfgp8Cq*GQHc~4pSDt6htW}s*YPj5yht-S zh@Tz7JczV68iT+4aawN2dZ`BVUNrcm^vm80g9rul-7sftO2z+LR>_riw+2la^QPFf z6B**MMTJ^A5t$>43YJcK$;3{){Vk@o{xlh0(@{oOonF8peI{PscJ z5=w<)Jt-ZoW3WW*34l+2BN`1`#UXv!LvorF<=2LMVo6t%V3TS~2%*ilT>kk8{lBDO z`9tu1)D{qdU`4UrSU0_@vhQCJ31 zc7i-;{YxhidfH$Mcz#=2iTXB;<}1Qr2UfaRg7qqDEXShGCg`vy8W%z?c!mzoi>>pe zqv>|8mPs`7JOth3AdR*M!E}reNkTT{H0Lo&;y5pI7*#T0KSoK7GbDrb5gufe>^8-f zJi>^K5{zL@cHGD)iCO%~=*DL;DdVP9z_y&^R7Odh;9Z_#S4PRiaG8>vC7R93jFL%E z+|9n^>^@Kse9pe?$n5M(77#TQ4AH|xP2-dgXqhA+hlrCuWQd%giI|{)$PgSMj0g!K zvLx<@I>Hw;iA09XJo2Pr$sv~T1y3>I3x;gM7d-cL&UAJx)d?2r44I>R)t~N%2;PPbQKMd_nW!gpbD}n|w(J*+BW4Lv5hs2Hc>8rh{^zWX-BH zSGF(Ntl6k$Ic9APfA+AIam!TyS;U-8GBE~^rf+tEG<~;Aw#q9oPk*=DWYycCy+aKz z@+8<+y-jiPA@|||8e*K44|}d6xch>qvlV76pPw&yX1^>|6gU7A9Df-ScVPqcCBH*S zHbbB zVjwkt+s)-+^d+B>F=r_$eF@Lam?62(;+SS>%+Zgw`hmdaHI7i91fk`*$uOUzn`^FwCJ#IZ^GvSl~sFiiTgU#`g=8?lXMiDaT2)+|G@ z%r#g(y%`cM7y@_pU?wtr2gdvV^;m!&(YtRlIujU+zT~*}@z#ffYyV+f`&Wjm)_Wv`1KEd{aD$nU*D+b;M7M?zOTfmZ&3OBw|gz>g87T!ZA4|4J-JH zGoZnz@HtEeOYebH^d+lq3^76-5Nic@6SMW(>Z0VDO+{A=)B#~p`Yq#F!~ShF4qWS@ z<<~(?LZcUSEru6tqmp#R4PwE*cL?@n#Tz}XuUH}K7!R^9y~*=#D8bGmV_!yIW6Q2_ zyvKL6;w5j_&UJ1m?kKD?)6pogr_zryp{rFRXt7{2XgBD3iF)CZ~-M3`P z>rSZ#h<5|k{D<$+%MGiPW7YA^zz4IcRsec#v~shnq_S><-`9i(13#oWio%hrTe0W8 z2CLnov{mG}k9sVn#HLb6je}$K+e8Ka?8JQCVsgs=2~YNu$?b>Z;87C|?s0i|?5NSF z)7r01i$9JjxT?F@IqxuH(g9kHT8!w%kOC$c#N^J|V`;SemA54n* zdRM}(G)EOIjft-#cnpcNu9;(S5{^E-J@4;IpJ*v0d0UC%GdXAa9uS^)6Fo76P~4Hb zs+pI&a|;~s@ShPLelw4C!1F-EU(#DVor=1#>!qe&voNh&E|G5*;(peOStr?yM*?3E zt@zB=>RW6({sE8ou1l@ZjtBj@I`KcfJy*vJ2HlNIa>Cl;q+qMXiK)t0(Jf0+^Hwxy z2E0>Jh^jKE8sdhWvDLx}dH5DR7DD<;2rPnhFy+--X2u5t-^_D2n8%(3&y0Zh0lH_u z!16~|_62Z*6W~v|RE!6V~-{x346ez0yM_zOx6{HWv|D(28CBinxqi!IS;_i2X1? zHr)!#@gHuolUkHhw&}kv+G#MC0nBligYuTP?4F`o#%)vjnBs2ePcJXX&meI(kkv-C zppl)6CFN))r2rf{tk$IyM?juBg%bA+z#Z$P2ov31u3g{HJw*6 zcUphrujs9sbWFc>QgW&OC0AD;v?0B#t!A4DZ8qDU%jSV)yW4t#eJ2Bn^r9|Rb(!qN zCmA^avg$(2btFgJUvs_S#plbwUM?E-Ssi@TJC26m?XqE-N?+oyt=GYhe`T7iUMEya zQE=}dNdTt$!=luO#cs{eC;gV^mmN4uj4gvxDSinx{jgKjVWMO(HC*?&8LaLH7JX;8 zHx|J3rf#({Lx;0Dh>oMdIGP{O_HVSLiErJxH}(Cr&Y053BS}D}Y^%BXd||F$%)*t<;v3Izi^z=R?#1)+ zVlqcE_K?|liMx{zbl6u8URLH^m{pgkX*}OO+jP%~*WQ!JkUl@yA}4?`|qOtfq&11uRy zyO;1-OqNl8Zjn1(qPu)Nr3i1#%i-w@ZB*v!VHI2mF!G>D`3tHS(59R+3+6O>g1u`||4Y?Juv?5GKqU7w2PMMk^o0f7~rU zWzfcqV{mV++%dz(9$0a-^UVa`A&K%};odFF2P8-KRnFh8re)8@VfP}^#;pybFUXd* zU2nJPE1bWmHQq4DR-bG9gwniZ5B}=~t%dy5RjeUJ)ybAMa4*proBcWPQK*Z4QFWy@ z$+Ox59O$fqMlAbC4X;60a$f{L)f4-x-h@P>wSB<47}bhzdAsQ5$Awr13i64G-DuY* z^GeK5mQ*!CsmpD{=Uporc~Y`FR-H(GJEKjp;4LfKu3;y1#b<@6@6>b?wLD&y->5BW zM(c70ofK-jQ@cC8qr6f&<|n2$LAtT|_f3MLr4^~W<(xIzdv4z*D^W_g9zss0%iUk{ zT8+orU`uR*6t}dwWg*vVIHo0ARbssy@w&u}q|-*x6;_dWYIPkIkh^lDMh zTGlLitxp3zgt5`sXrUh+^0Hkp-WaM7vZQTc46hnES2VBoGk#sY+k_3?->JQOYR#%t zJ-<~;_BnX^;9Af-u+NlCs>8t2Y3N(gKH58W%FH%5px(EzUV9%kW6zDui~jfho{pbP z!-~#y7yS3=^QM#Dkh|~v|MW=C3^KX?0`RL?`G&Mj2j{8LlFTRnbts2&D2H+=Pg4Fr P00960KcKQ`0B#Nd+Y!QG literal 0 HcmV?d00001 diff --git a/released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.201.tgz b/released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.201.tgz new file mode 100644 index 0000000000000000000000000000000000000000..d44bd338eb9e255db43781e0c672a3c7e1ee632f GIT binary patch literal 113735 zcmaI7b8s)g7PcGP*wKz{+qP}nc7CyKbH~Y!jUC&zZ5v!7zn?KAfIi}(kdhB8GA*5m-P%oxqmqoyE{Gl4(mL zB;>dL)+#i>Pc;BM-<-X?yxun1w|l;Gb93#!uTNWQ{=KIy>wllO==*+Nvg@C2>jT~| z*}vcDPac4bpZSVaG(N^plZMyyHuy(^u=Zi7$1;5GK?=aAvu_V+dZkQF#9k$Zf(v1# z=GaH(q>inrGfRTI1jVJ256bS*L!F6Wv*X!EK2}J$+7coUa<-upk!eO%0Q#~f|;kLMVa2@&}rfdGA`a)(sOKWboIU7Tqay`qr$t5G{hR?6}0P#B_Os68uD zO*psPX4@0pT)v-s%GXCX!_HsJ9Mlm!NT4U&-#-t(xb*sc_3&_h`vHhPhINtq)jEO3 zq)o+^hiF(T0gcu|>;d+eWVDvRA_jc$K3d`rM<%L@ z0i|Rlh4OD(56XBV&jdr!gNwl^)1hOIh7WO5k#7v4P|}st&3MujDVweQq9P1>i`cZA zR08lcuh^`!mE4Uq=ftuLa3L6aR`&F+ul|b;Ku^OfBi{6Djoa}-8u};<(SZ#5dwt;6 zJ>X6D{R80o_I7SReE-duOFt9SwW$B`d99qB2yP07o6+zrZH2H+-%<}V&JQC<; zE`r)fCQe;3+>Xnu`KZB6tpZ}d=slepF@XB!a=yP7I6lPvyr#bacdyEa{<-(xm*?}g zuiyIrUXLCP+qbC^@Ms~Q?CJ&jq*<4+h7x$^uAeBN;w)%G#_ZrviiGA@TQ0+DL6j)550*X z3U3)Vs2PZ?%tggXjk23+e%?$pM^)w}*#?uUv-`22&9hGQOsB*2;MrAvJ*TNVu_A zB!YPWj!CHByDa?>6X3;7ZQSvsWqa%5Lvy#dU)gxzoN4^8A?kMi_#nFaa-c+?%6?by zF{jyS){wli3sY$oA?XrerhT*IaolD0E3xc=WYXLhIgwsB@kUoS&L1sPg) zWWYND#^mX{MfaN*S57wvkT@gcgRwK3;8_4a)wo6U8{!xfMbVk9zb#baJ!=LXML*VO zN_c{&kKY9Gz!UB3cT)Z5((AkUM!WpfGk+5rH{Uy7*PDLS!ZS|M^7nmB>H1S%jXr?& z41mACdY6UCd0A}?qBy4&6gDtojj(}$?;G?5>oK+c%_pi)R*V!}z8;JL*7XXQfurGl z%oC-0oTfM5o{t_`Ma0S@c3BAayxac5@#pngd{Z%KCOH`gsayo}eT{-J>Sf*b%C~A_ zjd+_LftN}K4*r5=98>B;dmGZ#&_Z*YsVX>gZq$6t1uzbe-md}l0QZ-FKaU?zzCS7C z??3w0_LZtz^Zx}_uylL}Wh?4gJJ>fUQ4!gBh#7eXsdBufG@h9%nrUgx60v>?-qia~ z@8lgQBA1v`UoP}Ol6X?07;Q^Qm3v(Ifd#RFH(i4ZSrZ-I!M|+}55+q22o6gZK76BT zDKCB-2KVlNHx!K{^iSncNK)n|W`OQP9?zJ4_q zn~Tv>9VxAdxrNMC--Z_4D;x#E9F+1^hXHs#zK`}UJ~jtww966VY!9)crlIL^Li!7gy;_G^k^XX#^d~=G zb}n=v4GMU1Hy-?VFZE#^fxtZl)TPtg5FLJ+Si9=WNq(PbMv2TIM4FmC)t%`JIz}BZ zeQhE4r_b{iqK;{ts{Bt^>{OGQ9B6h4gK)Mk>=+udy{FpIL}bJF{nKYk-TUMNBr`Wg zx-0eAt(|E6C-EMv%Tju8)LQs+!EGC~MY5E9l{1YX!IGjIVk(LxxMYGiY#mb`Y8`K@ zO|;)Um__I^HJh?c%(a_!bI>V7YXhmJfK<%3tEI@UUAA_{j7>XXIOZ1tFxj@Yb+^L`%{0t3YXI*61;TI=BUwMA=V<=gYsyijR|r}Mvd3uCzQ+&hI+n$M zDfe16f`DbGGi-AfaGmti`@q_U^KnG|Z8GXab-j`$K2~*uZzggS!=*22qsG7ta78Fz z6?9Tseic_ZoYdVVgJCbWR1jH$1Y|TC)kHMO^zssY$y2;VZ^;5jOaWpQ`E}i2MsL<=QwqjMxIAUi0#_oC}k4edjTJMn34W+f%|6QvK zAhRB@7Ex>_=(E`ny7^6jlKLx~3H)1vY0a%42$=<9H|i1)jnN}VW7W? z+qQoWH7^9_G~acD8>0CoL^6gN$PA-N6nn5L*tzX8kBT^`ppb{MD><|r5{RSKT-wIi zplTQ=Z+M8;KWdDyA`iHopOB>PE%yz9okqyQ{l~!-kWI8@{83x&)3C`Us z8Q(R70NPAC-(L3;NQ&3m-8!9@og#9`ZM;)g4Ii#L_)nnwWeb*Dq*<|O#f zjEuRMdj#NPrIMY?t#r=yAGBCJe5pVx$t|GOl*;32oOvT4h0>@=$-}2c;F|MxOcpWe z$VFa}BO4~_TFGb={-vnI>*#Zwn7VSW;u!CJbqkYz8FDpS28K(S)sRu_dMZ-IICqu2 zisd;5T*6a&w80q%o46Iq1qVz*XbLftHj9WuNQ%p$B$!@>NWe1z0XWr0$6#cjF#<;d zgP>PG4h!|h0f;C;5Kl_o^)&XP{;O@g1A#sEwwWhfog>p<8}nvca0#6XSrEmnPa4Px z>eK_8M|g=qp_D!9@dY|46_nFY+HKCii7l8kyWHeoZUDLg=p z*xT=N_>eYov9-a$TWdot1=x~Ii4>Dz5hLVK(xa#qq7_!(K?JkE%CT79G0^@|eA=Me zZNGC%FJz|kSzZ>iVTsX;{F!e3`qI!626(uZ4WtTh(_ukuCC33Wam@+8-gn>PdH$oka^mGi=eRH}mb0qR{nqNKFuWsmH~pMRN<%@@A6iAbl4dVm(ttR>oky$wT+PYFVZ$y2 zSn*TvZp2j!?jf4+W}xc@A&IRrRSr}@duhy?fIE4!%y2T6A&ux>R^X8mtROmiP!VksQV>Vgt0T6nujkoHiPws`5Rlf0i)DP6uaaFRj)LZZ2lpWpdCN9{?4fL@HA&n-PEEe(< z$kA58=;1}!*;g^8fs7^{>$MEgsg>(X3ocOwp<0q=qWCP<=|>t$AZ!(e&)H8~vw{kU=5Q2{gxQ^_LhMf18_~8Z+X& zY?hhN>bR%NhQ;I@7mRnY9#<6OE`7y#oA(cA&G^Q!1AYeFEmv^~(=_J4%?|SzHZDE> zgxMD2Uqs${U19ARkc%9pn`vF$BHx<$E} znrvj$)2cWu4Yf8ckdjya>5b;UT@Zs-cY`Jn5m9lA+`L$rGfb2Q@>c8LLOnc^Y`3fC;REEF zUo0CQyk>D8>DosL;ESH)ZcI>&w%k$6eoRm$ z)9JI#1#l2;*7mD)MZe85-6ER^jgT~y2lwKKpjb8t0-lP;3qqk;W;g;MFezpfh{3U~ z$^?RzVTlIfw9#LM<2DTp;;ex-lFL)!%z`grTUl|MVK;7Fcl>Txyy)!vip?4)<>DgGCZ2@L=j1XP zYgAxVS<&brM*8ZIYCD7caY^xH;2ser4A#pV?W9PruF4d~1$2%`{T`_tea=6qfs+H~ z+CdFjkfyr!qGYVsbyqnTL)t_%D{wFkZH9u&dA?d#b?o875x1Yu{Cheo8Q$PsI=Z#J zcwgJPfHsGPyvdVMls>2Ae7Wm93^u&b#&-%WM~%ViQ{6ha?qV^7wS}?=i=DbdS5}dc z{KZgI#JX5zEm37B0EyJtOJ}M|lOE=e8FNW}B5M+69ljcTJ)lcEp&)hyi=kj6B_`uw z0*~l3s$l?FPXaqiQ>)rBlx_!!g__`FH)beq`7SM`B`?88~xtd1$u-+8aN zn}%5y;cd)GhxWjEvkefVY9^ZW^qw?OZgCdv!?+a8x8Z|_EX~m4as{`~i-c&%7Pl8Z zOHLarERr>v*Du01!-H3pS|qo~V}i||>3}%m(cqzsbEWN9CD~by`0QCyII-I?bmd_` zMxgA0)-g44)hvOM&H176Vdm8h5%VX%}d1Ns5_S*Qvdz*Ra-%sB7;~n#x@4q4L zkL3SGG3L>LYt6C$b^oi`x*a2r0N7&{{8TuAoo#gaO%0GbF^;kyAbY(_FGJ4CZ&A^q zui3lUhz}q|`yiu_a8*z9G<@+`i4LA)f}fLs@QHVaC0-a&{Gx+@!bxVazPN-NW0DU{ zXnwK2YaU|~pJSK*32O2fQMx~)|8w1E2a9+&j~r#|y_7TcfN5B|p7(tz;5BJ!t=z9V z(us~#l672CGT|29W*n@{KMjVm6BYAX)U~~Nfm$C# zZsXG45Dk@L9GWJgG0@tK=oHcbS5?+&;$W72+Wb0;uw$L8mGh60yjGE|HybG>dj}#L zHOT)r#@#{OB0&BT`INGe(|k^Th%^fCSh9=h{_a_)w8;C$!p3J&t?)28PjbNQrU?Xv>mOJ)g4 zP648Z0?%|~v~`D&^uyseqB;9Not&M)xloM14yt4kZ{M zk-TEo+^LWjffdelasr7{_Q`x{@4EBO$iKNsMsm)2Y&ZZJ}>3wlt zDl>Pcfw0FFgA|9wfI@vgPQm0(L4CHK$(fLl8G%2yiwUgA48fx5(|05zC{ZlLC_WO1 z)F7Lp(PYN#5h`K`LyK@-u9)}Lc)!h0;kx#BWVLSCEs9kLx3jZ1)MZ?L3cF*do`toY zY2-)w^2${=jgBgE(Ln679=XP;a&@G0mQAPR`Wm+uk(DhJS$pL=2{h}b&SmmG*XY50 zi4i%%6A>L{2B+Dr8mPSP|)ZN(uU48&h*JW=sULiwVUC zfhYW#ucDKC$~Q!dZ^efO@N3{0zDT^4Tu^KP8n1&p!pZdq1xj-)M<~D6X}e%LdiO3} za!Q%{e9QI5MWNqIg?2-S!8u~Fk9gP}-Od=yj9B4H z&NEzB!>`v`*7r;LwBw&gN!!-f+X!Y^rQrSL@^wP`8*w+ZS9Bq}9?3-3Q&XFweRR6W zh$T-eoked9KJlj{ITvG>M2Rfs$|G!7w?!~fV6)1!Loi`(ICZp|CmLqHk@_bSdwq7c zDoZ$%Jh$o}22VQ08quY85|XXTxLqV?^VUu6YgzA0RjXm4OjW1hh9)pn-QTOR;5&@^ zHo_=A92@UC1C54my`ly6qbRh*{FV%#)?}*CHtgHF7VORinFU* zRnnG`4JOaQ<>_n4s{x}s=)n;6y>Gt}$N=xU4Ta*dyZi;!pR5RISr&XMg^+?NL~tbN zP=<$55q!{(gB^ajDc39~JM9d>xej!IkKb%!Sxa)!MFUYzf6Ii^Tvk2+zW7Y$tXj*j~in4BT0BE%*$$hn$l#H zDC@*Z%1@96R#>OUc<72My7Oea2%DFLYIs`F;^$aX9P1)+g@BrNi#kVS)q4w3(+V>@V8R+laH{Aoy^z13ZjP(1a+|eM!S$`!^ z2T+QkUAUvyr-$b}D_S8nq`N$1qr!3A4Hk0z_PIDFG-gr+Hm%Qzh z%TA;azFnkL2CRJ>GW!gnu&+UHyknmIq}57+wyg-wKAW~JsXyoM%8AP+%)w7IRpPP(R61v^gepcD?aOgyMt$fbA*qrH5;T^}mYM+y+)tci39` z$Q&`v#QUO!TuZ{`E@AOAv|&_l+)@WLBfrVIh^VJcN)s z`4xy3T&$|)v`uQR>1x|mlM^21iiXYUbOPLYnP@UR|2*ydb^!sXFM1YPjdT+gbf@`z z=|t85TVPLjJJXm%_1_~-=xA>RO<~O{1K}v}sTIJ|Oq$q=9tpNO@-u`sYVMsYDE5^d z3M`?Wg)aHC8bNj$y^r=q;gO2Gn`I?-4b2s%;gFTpujEo$JNL&&I(a&BOSps~?LRQW zQw%kZZF37R+)P|F!?esl&g_IY=-w}tcPA!0pSqsRD3A_AT}KzkaA+7cYs%uDvk>-y zj9IlET`w^IbYcuOW|m9?QHA3OQN>NlTAr+g9w^aF@@U(ekgo_f(I%1RNF$vQ?!;OFF!&%hBhOPe5UeU|b^7 zA~#9J8hjOEHze>3YViW}x2&+g)3s%aO-CQiWVisV40EMtBMY{uh@7T;7o71p#GyE~ zykuX<Txx-RxJ^e|-6dgL zj|fc044s3z5ep&J;4nnsd*S%ALEC!-)HvT;i4@m7>oFHE1lbhZ)k+JlGX79O5gy`6-?BdBQ3^**#z5hMkAe(|s5+Nk+ zRZHw!!HV}K<8YRyoE68X1cqNvM`Sf+KtWAgyvM1P5!Yf=b-6WkLncc|rz{f>5}ORsz}u*C&c=Fl#p+) zaC?+D!+PiSW4Umum&)Yqy(k4FUVj0=CbZnU}L8%8NR*`4X?Du9> z1im@z8KJE}SoeFa&*?G?$7PB6yMobYR29Uf0|zKdY0^Pj`76j#&0%-@nn`hZMcAK; zrDF5ZYJ1)VW4pIEJZwfUAV3eMqE}4VEx=?6tZFfwk90!-9n4&XDidg7O{8!)jJAK8 z>Jj&!`_O?OFvArC8(7a5P~C5ZltbmpKH^HS=&l2dw2;{tq5GV0PIW}-vrbd>SFkrRVv8t{x0)}-HRED;f? z3sHm4RD@=l+`7kuWXpFb9$Rwl>PugS&0>lM<=s^Ol7> zCDKka6t|=GP*W)F@^PoI)a#Ma!H+UOG!0m1AgdstFs*c93Z$5t&Ues9V#j)`cU>{# zM~f;1-l94$7PYvcvnlico@O;Rzb`GS@M0E=>e}~Tf6LMp)p32i{x<_$_LIB++y*`V z9kW;v$Ioo+It@E@=3Q;NkuGszU0XLhkQw$`h`wm;KY4cMog1Q7g)h#g>E4-BCRp(V|D^O7hIbg8Ln^Yxpg#~(h2a$*RBpa9#d#<;<>eR zXscGm*sX&sgR-shEjM;Q_Cz;KzS7wH5@in4EnB;u2dvvB!D?;1nXOsI!D_9)A>&v^ zy}!`P5OK7)R&G{1KZnP70MkC-YBMY)D zaR)`gRr7%VT`Gejlpp%)ncRDEuF2X_L9l22JvG288=GL|C7V8N*d1-0^a*ldkYp;t zm~GCeE|x(>EU(xY;neDh^3)>lxjM{(H7E*^MPh6-yBqyg?B-E|qz zo_F^SHpo7t^FmY7XK2pq; z5+*SpRR%o2Ed;!(6f!|QD&Yy8*XHLIx@jOqFx1IZlv0@@(7^EaQ(MX-3oH+uRmO|l`Hc>hN{dSpBT z5_uGyb|zrtZ`ri6Gs2=%6P~6G&!wmBpVP9iOJv2*Oj%%__aRl^0OhqbfF}d3^?;fE9&P@E%3xF(jY!7t1FLqj{Nt>=OAsn7XXqs z;b9U+&E3iZTkwhaAODjK9+21GUKDz)%| z;k`?xktQ#Si?w|ofp3WP;tB2VRCrDcs3F|eLct0i8bWxh?&Y-*S{ZxjNM0e2GrJ`* zE|p$oXVv~ca}XVlElx-$S24E2DpZSDC(?Of>oKTQ8j-ot;J#WFcpkkm5nT8oJCWo( z8qD>!D9!jiOwn4WEVp@6HRM{v!F!%9_U~0r)lUvT(|eGu716JG{i%+@K3}8Pc`JFC zKxMDm73}4++CVOn5wc_J#7x*uyNq-pVLhzy&eJqP{s2>l=uRwR`=OC6#yhf`DNIjh zv90I?_8g1%1@hDLCnf3(I2lmETVhWCF_ z@N@au5$?W_=lFf03fQK~3z&CEE~eGa~r43`d=l1vXO}L5DwXig_1?Dl0_N0 zCs)_>tye#5UXa(l?6eZFKf1mK7clfgG7qOSv3uSS zsIL)q0AupH7{EB+Q~y71CZqs`7y;5fPE{?r**-mDEsBH1{0dXyrUei_@hTbgg|W%m zi?*Zo@{k$u6nkn*XgA-p%xjSSk1EQtV{qDQ*a|j#PUVAH;@-xH-6cPx4wx~iWnoYn{swUHvOTmR^Fn2r^Xu-gju-em}mDQ_v zc&|^GvR~3Ff{0kE-Cp2JX)Wf<|2DoJpVAuc-P6>4#aT8=S$e^9=c7YCpJUNGU$Gb} zSa>DD=_j~EM+x*AVtXSQOgQjW(6=nLoLj=QU?!4L-QLceaaf`fEq_*ZcVOHf!5=QAg`&M5jfqjeqh|}gNZKT$ zW0ho0<3I)q$rFlbrS>fco0Q;Du_aDvsH54Y5(fs{6i7ZYQZfXOtf7i4r@|<0P!|iY zbh_lF8v~u`0c1uQvC(czgHu(k%KMjqBV?r(q!N9F6;!~P=33H9FDJu$MQU!&4XAd$ zV_ri8sY*(4=L;UT%{dUN|DFcT^A|c=#QZbO`i8^b?i!&AqL%yP3UUwSpwRJO(aEQ1 zGhhKajwut<=a<|-o{@<;qxfL-##v4lFmJnezvWadr{E2xYzQcv$b(AtL$eC&;vYxwnC^SAv}f^!wM}Uq!$^WYz)8d&?kBzSgw)*FJdGltJvX zQ(6y$i+Zpd1bO{hLaPnO zJXAoN&^pD9Um3h~b4Y{Yw?jeBJ*ITG+69J`kqzrc3hNE{TbsE}{7b>_K$Op3yl>Y~ zrJN~DHi-})iJXl^-lslj(iLilKB+gIyMNQA+LOss$4b1OYP@!oQWcjNxCB5t(9aA4 zC7VD5x<*+pfvu`KaiJJii<3>tSw+$vY^uIuH%Og2=1LgJajA}R8qV>u}H66u* zVjIR`x#p&$OfgsjD|Jcou+I#3vEcHpH{Jqk7BhFl#^7?I&yqaNk`sHRyk0qT?6U(SKg2DHNd&BC&owtR@WmV5Ay}YaQVDB z(mx9mpH`KkbUY=&6-f-sTsr(@UU`J$DM!QrK_?%Q#wl1aFbQ1)no-!2lAu=^Ioqy8 z$&y!FTHHX28S}=gz@5twsJkpeWXWC9Ri>(@2O3iL?q0wix0bOOaE_(?Hk|y$SiIfE zS@Q4$IHbPQ=lDw=;wV3FqA5T7kJ zfrK%x|K+hJ;&qnD*i(tZ~qKZ#B z4rUmD?Tf}AYcdtkpvd{!@9Im>!Z%E3N@PBOdz=kGw&noL2@EE;76wH=Eb z4$PFGiQd;!ClF1EXY_VCB-H{oy;?9SxnvYmCg{D+(Mc=X)SA<)e07Psl(@avR5h})AE*;CRrsz-j2qkFC z1ve3?UZQnPz%V&mKuoC^E0Pcdlgg*`B?|WwWAKoQg58nQAP^r^MWdW(@n|t<$B|o4 zF}}+@^z&4}UqP#{DW(0^OjH((WSW^krff~b~vb z1|5vYFf=^35^+AWFv~eXw*KSnA&Vb#Zh37GU#|C+o;FJ=rY zf#k&i3w5Fa)ay3a8+O`l>i}5FQOnln~=s$VzC;34IJThGnvmI78EBLBqdU_Rjyie z>k&hZd5t_jT~_D1Rd^|*lWLu$Gg~eXvAO}Vm)dpJoZ9kq{@)6qk3T7lD5@}s1!)9x z7MisQDK}OMSm~{eZq?h9c`nV9glr<~#js)Jqkfx?6WY25u`|;5M|Hs(3+nP)dL0*0 z!$j%gt6Fb^#sPw1bZ-tb#4e5YSo{cIB5EG81ahfn8XnBhG&-?%lNI@^w1(DH9H9J* z*sw61qBD{4477QEuXp{c@Gp>kt9E41J%2lsk%DTQ0*4eHhaM-JjFmS(9{&Q>IG@it zk4UQ;0oX!3M~o9w6949TeZ7d7qz* zt3CT6z@}qKFyUl_4g!^bC#_|eeZAbtwCWqn*_aZMDC<^E_M1qep{kw8bxtOiibiAI z-TmhVmx8lVMOAFc32}kw*6%B|=RulK<#BO9-myhyNllJs#rV)T2+vGd2bM+hIa9&( zatK1wa@^e8=1?5?T88jAg?;1ZTiQ#TVu;&lg0b@LNeMO?F0mm-H$fq?sg2608o z2PwPi>U$(15zb~B3xBLw(}iNtFRWVUOU_Mf0Krrh`qKVest9QI>!;Y%#PHMlKa`w| zH{E484f4AfyyzXVl;+Ajo2ov%ks2KYkn#>scyiw{{R#UrZ-4g>offSWYBIOm>FX^b{m{iU~!3^&}^3RJqBy~B^@2C-jdGHdqSdaZNV|J zJU-TFB}Dz@l++H^NICDknz` z&F69mgiVTK?ncM^$hDO3`_%@PNc40W0%_gq*eRUvigfXrYDsfbxiqaQ=i?-~xVlh1 zL87^}dR9qhM#my0wUlW_F)F<;9!zQ#gEn>&lI35xQF!H-Sw>1CR2>yLhUB|B{#p8e z*#uHs`SdtDW+#0@76kRkC=4~oN6NBbnnnp`NWLv)QcYPx&~8a1#3?Y@*3p%rTD#hx zwQ7VV6J5K*^JvsOw!c$Q=LZa|8jMO;P%Mj(zA&1DU(nR;6>0wo{IY!R!f2#;rfM~O zWJ>Sb;B&-q{oyJ9f#-|GFjV>plVM%=Vqi8oGA@p;?)S^*&uQxJUE;H#b;tfgzeN#E zzJV|KBl-T7e)~V+i}GvV;LV&AodjHR=HLE^+>iagrs9YU&%=#hid0YAW&GAp^SkH@ zf;t-MR^C8=xz>4xlb$uotzmSQa2t@?Bks;)AJ|(^$?D$!{nWIOxHB3$2uEzaqpK!-fhy$3;m7{xj^LKh3EAZXANNh!dOAl_z=@T zGg?u#D}!pnf7z%9d4K=s3*HKBdzmZ0Q$(V=q4M}c-|8mnWm88>T>2+z}I}YI@h;?pxvAKibei)CunUwQH-@|G4#2K{M=@ zIb3(?*{$Pda`x?Uwm0LlPuBTnuGjP$rU^JjOf+)5n9s}RRMr24 zktlXJq__1w^Tkh|z2LJ9V29nqo0K)Unzqo!#Et4e1Sp*;_;o_Ra(2>Yo>Zwe?z#lL zm(QWq+Hzd->ZX(riCZ(OTbrI;AfvinEvzXlbW0-|_{Fq+@Lfk;`|mnGqWWeG>Y0E> z2lUgGtVmOyp-_Tp&J0_u*+9%GS->^qD^#k1Qb94_dU0qz>N%yVE-$^WMR;h47bFme z;q|Q3NxJd)e)E)0+ue|Jd&wtPbKOI6rTY17LD4Xk!w6fJB5PQIO!HD(wak>S1Y0r= zhhma0d!r{;n+zZaQkSjunkYJ#}0?>HIKZ?hhz2s*&DVe%Q zZAHW)?a8pkBV|C&45)bmC%jVl1-Pv##(n#l3||B!33s97b!OsJGe zHg2899pb?Ue4iyn3wXWC0 zpZy5Tl51FFt~t^Qz$T5s>wo|>9jX%msy4*UnlBJ|okMB@+AI%w`4UWh46RdWk(Hv*2GVo7Lu#Uwx8&qE_QP){9$%Q|jiRFYffq0=ixE z`R!pg3*UiD;i?T~piA^NNS?aYwT01?D(bwJXiUNQxmu{K8>>zZZ9Vm6PsUQ+G_ zFCm31bi&-$vF9vkh8R`{w1X}>{36~DsM)mQWa8<#q_^!39e8OQfhxZ(cu)y+RwoY(F?2`;(P#?7u zg-eea1-qco#>3M*GaKt%-XpB@3c)&CF9nxMJeGm+Xo#De^k&|Zo@(zIhJ|O0c5%nS ztJ$8wXA6y4??!p)yl~%R?yYiz+jmSUtCZpG1|U8!EpL3Z)jddF^(=gr)!5W6HVBj^-cn0=rYOg7RwIJ}^c&=|hZU)mEP`pvCOBZW{X7Itz2 zL#NkkW*24B^+#Yk-%)&9zna?OfbNbse;-~MX^Jq5pxkYGgi zsjt5TgkiF)*8I|DHF&Wrg{S|=Iq$LlgFAmX=re#DyHfl=VD!p^PdsV-2ap2z{*!S9 zI{V4_d_VVa{&Y_ErzbQv?*kj&^sKSi$xz<0ZERTTj&|KpMPY5!)VJ?tI;S9A7^|0{ zbZ~OGjRSjgj|1A=bx(Y;&7Ya;YA@~RJ9O8XFbHzVS1$Hios+BW5V>`;tEra6T5JQ( zfpKi}thKhi42D*Zd{SHZkSC4P&YRjFdoG(t!D;P$nJ*iM!K-aQ!($o;MX}HdYx*%a zX#<_LTh=zEklOY%cSxE#!W6~snU;eo3!1;$?`B3L_uvuXwOWn@)-xaSGvP`yw%{dP zGn+^C!y?PHZLzn3rOQ&Hg1eyoa$V$*W&r3$%xYQDdiX}#3O=*mk))=hOb5PXk%Rk(pkLq zB(N#}>KnL+V@&7sOL>=p+0aCJxx0U}s9XHE>d9engLC5UB&{TebkOCrb}<4~X3~)` zbz4)BjoOOZIP_bWt$*VD#^oVM6Y?b7^Qa!5zh4Xj6;WnSzM;hzGeE$n07{si(mCC4 z5edOslUu|omFLmDMjkg^o|Gy`f&P%N5drp$(kcwRj-sLY%y1z=qif$)7v+$3qPWns zT6WD~NH-Xg&@Z?;+yVOH5P<>WJD1umo;u(10kde8rtdX}pO>!~5>bJj#ao+N3R;L!b=H=b3kV2SxZ0JcC$ zzXpsMnM>RIe#`B5q5tG(QP}XF6%hn2>Dn6XYzZ2iRza%GR=ao(W@;~oVnk``t27SI zWHbLlYb0_4?eVD=iD`}n%{I*;aOUGTS5=$zjk%8N>7T#9xJ6g*@1Q4=zFEPF4u1#4 zba#C=kF9NOTCc(<=A2Urt(pnbgITTIm4Z4tox%V4%3k9%6`Gq@PKd4i0nKHB-_v>4 z*gK28kJcHiawcBuWj7myRT~KiG4)EJ38|M4^!7E2tXEl2D7s!=&9B{MY7Yf(l(a^d z*KS+F7aEiitL{Qu3>p9%lf(p_qCcWX^hdZ_zY772bZBx-hb^|AT;Wg;a?lL}>jb)Nw4e_=*3`f))1b8^du50`Y@TjaEUQP#u}W6$ z6Qr+jscIq)3&SY~4Z*krS2ReKhb5#z&G%Znu!ZR@L9s^&Pu&)dMfMF;VBE5M1$u2Wv*QO~UpA)8OAw zmc{u`=hqXh5km32+qZpIxmJ6)ySLZDHZ>88=`ZKqV&Oiq{Asl(1;HsjSZs}Jbyz_i z5@eI}HA&3{Ubjq4p&_pfMBenvke|RZI7Z%#kvC)H%@}zTcxQ~f86$7T$eT{IjFC5E zcaGL|i2?$THo=PTWKRE96m~ctFN&g~IZ_-Ul+(ms5@Iow4?1oWNqP1zppO zEXjpTa0YuGD*~K(zIR;}Wz|K~*D>496NI`1Gql8%ppbDmj`Y__TAWL^D?|H8<_FM1q_78zcKdQl@=5tgW(k}cJAkPjUp#vnobL)dg+ z>}>b_2EBd-REs65pofeqU%dkB%iFW-UvB?;`^(w+yUVM-BO2~gn&1M@X-31md&dgi z{0taXnx3SB7iOKJWDu`e$6!SmGMo>p3hy+nx!Xf61!l?#JAL)J4Vp#Cw4nM_j~h;h z1SOoMDM?#XKd=wztpmNOBSz8n``gR^6+bGnG!o?=IFJV$Ax$O&FnMF6dq!M(-s!32 z@3>0j;l3$ZJ2Jn9fO4La8M-!15xVULd4Kg?%?7~yt3PIn;w;-BEs3phMvMztaIdz4 z>XKR}F15)u7C4iE10KT%HLHK8g~>=fRqvyeFs`gzsz-u=TEP=!WK-jY2&}3OC#skw zuvo_isdQ_-uEqpSJOHzlL~h+SmJQa@svcJmoI-3^fz=A^ngO6WmiHtzug=UpY$a)F zI{?_}-DxZ=2v(&aaQ}vd+&Mvn;dvH{Jc|m7#OZsMZEiSM-&Y}3k=yxm)f2p_LBnMW zM#^*wXo5hlxJu^d_4XZrJVnXQNK0HLlSIwXJG?I5aqwgHET6W?_sB}IMZYtx!0F0r3p4X$ab@?Nf@k} zR>s5-1J}c4OG$+3?kq}TkocE!PBNlQ#4W`2V`W+in1=FLIl>5^bi!l_?LxF_tWe5H z9j}Nb`swlZx6v*BR%l zeCk~u6@cypu2Ne6%pMnMh~lGoHCEmZ1eoknO0v`%B1|~8KF?XP!c({~dVt%UG0^K*oN?}Q(WI40bw3H2;$r}j#xHl$x^Yec=rcUNEP(~5dPb_u&rl6AX*9zfnjT{7<$J}oj%zyZvtDRv$}5^?<2Zvin`{h2^p_~a=rZz zZRk4v)!qHIWWl(JnP|q5y9TqSX{raNwdmUBtF2iWE7yw3W^(wXnsmTv+-&VILH}7w zg>dD5ZuOj~Vvd2F60bGIq(!gC_ZTptla#n9{%Xj4AzNO8=PB z@7^3!`gfi&rGHH6A5;3rlzw=|l>Xs!8&mqnl>RZLzwwMI{X3(KDgB>Evfh}|@18NG ze@y8gQ~Jl0{;g+B=^s=2$CUm)7g|a^sg^NW2iAb!h*g}Ii-p!ux%aZxBkowDtK7HB z(Pgd4lBfx!HJC7+VL)vlC8RY9A|VZcp^Nw5&l*V&UQ?zw6{0WZ7-sXHB{5FP8nIoG zpccPL#-)iV0MI_y)Cx03oYX-T$jWm<7~%zC#t-G%G9auJPF6ELJ_|y1*`d|wn)MQ# z8{`U-V`>IKI1yY*l$V*JMKy$P#|Xp#naHdPVc=LG#uN`R{dQxeTLNdjf!81#O(3B? zFVx1kT#e(23aL<%QMmqLb|xnjMwtYh`U-MIVXe|GmZflO6iOOLV?B%=Af?jY(bDIc zz^-?Q*=)B~*zOdDaAVq^8iVv;0aBi47b-&QbgpGfm`++krFS-wb#Jo6Pv)sQ==LPAp;qz{-t(_9s3wU zV=5>&bE#qg9|Toer=rs2(t%xbJK)j}y6J>_=RnsWHGgNRaa_#_nhQ!6Xh9jytOv?R zUyvh$jX*7>7EL*Gjup3t8T#2SLWz#UD%#W(P&pF7bjFW#;eNgV6VyiUCihy&YQNjGZS36nzWW&+D2u zym4{5>2VtmWtH42_o)*yIuD3Id)mLqyNjhiOgG&AG@XS$=i;%^wWuYwh9> zr{MgT6T@6IXY_Mund2B4UGAHK*nyy4Fv-Q4<*vM>uw0Xvpdz9Kg!el+m1h171>1pVK zRTK~e;JHYir*_ZhT$9n2d+y)fz z-zHvUKx!ST!}hARnHxi622SRa`|u3vdjw{MMyID{yfQ`w5fYlisSmKDZ!=6o8C?j~ z4Ue9-jQ$Qh^`3ZN33&US*qg@?I3(l8oZ)Mp+E3t+n!*JgqLz%veLr}6ybtwS+Gkb& zQXN+FmOYBzy*f|%gohoBc5AuM>w zQmda=hLCq#6TadMgdCHD6bM^2Pb)@TbC}n&*QXzsP2O!a#M2nLs@SAC8&95*E3gqg zt9MputLtY_S5*Lh(#jZ#Dusv8OAu+aEZE3Ocr~aDOk7&K*6-#|I@{(D8=~#fg~QZj zzwS8ZtuAs$=%sn{SVAo7t0!--UG~Le5zM1(E&bxLz@S4HeK_b5I@-649|wOTE4(HU zCrdLdyqN?RE=RX!RnY8~ur(E&fuCxP1%;d{n+ZWTd`A44Moz(xGR@(MGltU7hUiMi=gfjI>g^d}r5D{l6qDYjHJu!8M@+7#l~oua6fga;XBj$>2d;a^&gg8N?JgCf5~WKGF>_`)OG7* zeEGfcNCh#(m)3CwAq%a!82!INHc5&tVmjB;0fuTeh29nSRd>l>TJ5B^}B#E7Teql z8xvWwl!y#ND|Lg_)Q+`#Tj-f;x?4iQ9E1C+F406YdQun?Nl8YOOXJyzRrb?k!P9p( z|1-F*>-xQV_a*uf&q-#imuH$uVY5_&_AYV1A>vzI6F14L;OWlfL+Tl>2kp8A;>%U{ zT!&kwavMuE`D&$2vVkLUPd3&ip5p>Z#eHp$jm@+wQ*HQ|$uk8ins4f!;fnLj`q;Q2 zUKg7nN>H*U2#YyY0*g(R-wO_fO+{0GD~Z^EJOqJIAb53x)HEjuaOBh^66QRm3m{-i zxH}<$-M;-&5;0wtG$kjEjq7qB1Z4xL*zqy<`yDPIjso7++iNHu_E@&MT-$`s&LO#2 zVn%;8_)f4QOD^<3U&@3Rb{Bv*zG|QqZ;XD|2~k>B3VsSfip*X|t~_!EiK775cGT_* z&xqPPga3is=4Yy0sIKh#E%qa9#1>$#|t4O{P%B)=qCr-&|n`!U9t|2)PShyOVcj zNhLad{nhE}cw$O}w9T-BEXxcFy(_{*XQBW2->1`m`#=Bp%Uu4K{IC4KRm%BR$7nm_F!2dMv0#M8lZWQ5YVrGWE=Xy)AK14fU^)W7` zaYmv4&}Sr3nOWz5L~oiTi6Fb&u6@^=cZ`GF`P{1?jfN?;oTP;%S>S{qEIWgcT03pd zlrveG(@+~>YsX;oqaBEFZJI)#c0ypXY{EDpDmiJ2BPVvzCx0~mG1c?__idDUT!#V9 z?z2(#^q|?sb*omLd=V6_TN zD-Q9tOCwwI2Mu;bi*60d-gpiq*hBOuRUApd(>Lhd%4H?m^`$txAklINad?yA~)^|12fy4_};q&$9GY z@pg(Vn`3dsb8pyXS-T=ATe$KFlNr)|lU^ndnin zqxQ_VKix3n_bj$L;wND%{q^LBSCVhbDcu|Wlp^wO2AzNhmXH5uyJY&}>4L@K_bUtE zSNW(n2Cz3AB2)x^zw+1iy-I5j zLBs~4f%`j^^rh>DB8TKgCaT+g*w+5dd!Y3rtkF$wE4bx#B%SzUnE-mpHgvOk169NgMb zJZWJJg&OR}R&(=y9udseQ!A_;e-6UaVP_ByrV9khg{pt`gwTbKL4QAqy*o+lC3v|W z61$l-$1+NEeYQ3d2W%kGcTD1&Mm$Hmh{HFE*snzdng?p9K0|YeXJ|(dQ{cUqWejTq zv0wWK6kNvO#t%(gdZ7-(@nLWo)yQH077mE}JHzeOyrD8Rc)<>6+YsSNsGt2fXHdf4 zhkJ&TaKcR*BHJ)L=jq+Yi)}-f&XRkh(0RoPwuLaMET9HzA z#=-c#m#c6D>FuA-^qg95$E{FzD`cjm$oQt2|FY}(nOyi~x9c7pLgn1O)W?(ou-LR_-W7*D!@F^vN$9+8R* zyzJR~^N!naklT%7#}|-sXMwb&qON;&C)AxXsW3~(pa3YS4dBVdXvf!F*f&jr+O3Uy z<&7zB5n<=?yH!|`MVZ|aCAZs#xMIjfh7;0uWI?j<9m$IfD^GIFz=#)%<`bJrd-4Tf zBBi1$vZYV@%SlR0Z~N*t9)AX(itRn_HroKGlBjTUZ*m>#OcyW9+iE|4bmX#E2xiU_ zZg>k%$#Em)#f<3({I0IYW-3V7DB716z$?TBdPj1|!+9F^gUClQQi7zv5{Ryf+k`tP z&QiyOWsuV1cEf3W)@mBK&D^1I{#N6GroY;%Ek?$Y+^AUz@Ffj12do7I1lSn>=3)a& zSA4{L>nNt0z=Jmm9M!J!yjAvXPSgV-=I*$4_-kDDS_=t^-Vm}<<{E)^RyHD2pWSvb zn>w`ME+B3+=$O&0O~}p_Ss}J$HV)2EUqF?Kj%_~>IR=&c4u%$CSiJu5wi4vM9JkF~ z_uyl=p!SxGJ4R>Mm+n?|1}M1P&2J<%#iOy2XadJb5Xe)o@r{P{Tl~#H4$>s#D#3BK zCPE=W624^g*FY6yGkPVbYg9|9m0%Jx;1o z)aC@Dv+2B4T*#AD3%w_jE~i)|E2;=&pPb-=PGND(WCG>s7gglt-hA<%`kVQ*_wp~) zD1g}UdBY^Ct#O&NHy5{eRqSj)b<(;d>|hN-)|;sjPT9hh+^LEN5SE5J>ov;D$#M?d zriuepyes7rT{83*=OlZJLmB7Kyp<3|HPzd(|7PZ%e6Q{ey;Yc{ShyTDef8G~MbEri zH&A$~fed09Ye72(qgj*tq(s8yovg6Hi6R0D9GgqYf1pj&mn9`vDYD=x!lhbqvA2X% zm%W*~+ok@={F3Oqz)KY|HBLhGn%aDfKJ>51mjT=>HSosfQ1*s~8X#`rmis3@8xH_)@2ba?B zwzq^}Di9D{<2}e&D}^9TWt*)rf{?9#3Z~WC=>=vh!}@JWO=4Og!hIjER+V7pAZ<;g z2^R7wK=(DVn&IUmMjjmL>7@c7r#TB^GB_)ngMF{3$%>1^ZWQBfEwYX|>t0O|dTXW4 zP*Zzpxd2rsUfaroL74S=?Jk*mmyiJlw;up1HHl2n1JU|5>+4VCmX_-y+?ceB2Da0i zlNDZ5E@D~|H&Ljse-k_$s&oj)Rr8XKSfkxmN?o>9G*lh$mj zw5J}B(Ix0Z0;qdh`{LwKsC8-0BvqdEHntBn%a~4CyPobXqwO=#GNv=t6!0BAIj+4B51s?td_G}5Z1ahv z$f(z(rw&i^*^Wzu*h(lIg7}(EQq}*OqS+>LaZ*G6w zPN_6YbvWv!4|^VRW1hNOk=8HZBs{x1?-z)o+K77g#Z9(3v^B-WE(5iqyQMWyP9Pp| zV{Dw5*#_@66g&c^AeqerB2XKruAS0{j$w^Tk%k`g+7<%!oLm)az@+}6@)Qg}9s(`G z1s(S<4h`e(`f<45W0}>qHAE-a*kft7NS^{<>Sf2oIZzgy7H7!*fHRs_0~xx%WPSa_ z-E+m&C7Ym&N9sy*oO2?txPo7v1)XN%dmz)+{xQ{`z`E0@5EM(?=CQVcYI~^E+BO#s zA61}(>}}fGe4M_=IGcheYSuN9L3SiaE?PUXJGE+1GhifGuw|L=L3aeteTvdjn1*#y z39QJHCMYK&5E0dW3eDf+rVz<>%`=d~V*BlyC$?`e=xC%L-n826NHH@)+KpckT(LiT zt93P>k1HBCCT4EP+*J7byT0atpnpRJrhQGn^>gNm1~tF6HkRfvdITzw-rqIONQB^R z1Xg0ZEb_&U#4TYDro_%yhrfu(Nlz= zgG#wZMfVo&YCc>2^O`|)4JdV7hfCSWFbxF2p#7tYI_wHiQY`Gdh&mLmT|gR-k@}O$ zQTEV`Lb3*xhWRh72Q;x)r(AqrwHttrO}R-dc(B#m!_EelWMyiizW^*Kg2OtB3`XG~ zqWVyM;sj2s4b^78zHBx9TyHhOfKV^vS%uAtF3~xkCU|~8UleqE8HE5@=xY$O>lt|>g(rZp5f9+ zWP>$oJo`t z_}@P1c+N`&JQwcBVjb$VJ;Z2|VX3YKpOZV<@4DJf&c{-jhMNzzmvGe@&aARucy^h- zDOP0at=H0g21xvRZFd4Q36pu!0$a;Mssb8eIYuTbjWgm}0D@c(cIi)yAlu<@AXffd z=9o33k3Q;tTD!PWQg*8(9u`*zdf?yeLWYn?5pBVj{sWn7pqa_K} z|1H!6t1}N%c)_ka{1M<%$)S@!Hq5e%q&p04Oi!pI4pQCs|P8Ww^2{UVfBxI~TdH zRcw<6hv))EADH&0ct%8bD~Fv98|~5o1y7G<^ZUs1p*!im1y2pnzpG$@-N1A>HxYp5 zFA%)eMVA`C$~AIOrZ4)6ASIxa`yVSC;e;#}BvJp~XeI^kchgX1sr#e*ubmR9eNvwp zFQOF41-$6)b2oojmVp8NBEh(B@`gM#Z>|wj6&Yt)3xst2^6QPXQ6JXy=z)m^L0A0N z_HLP=YcQMCzkmVrieEgEr1WL@^&D5P3$YzuR=W(%x>_#7niQQo(8m|J#i0jV_hch0 zw~cjEf@@{cXV-U*7~|jh@2(|rKCk;^+r++lOlS4=hJNXnU`qQSHte}jDc!6DTHb8-{qCYJI6>6+zyby5bR=aJT)<_RU!kL3s*R3acY|sk}N4FKsfOrB1$Z zJf%9ct&kmmwpUdEz+O798l1U0l{56Gjf*OR2qP0n>j4R6blX|424drwFSsCUBGAi} zLr5-J)5PD1@&6@)1CcSZ#EPyf$BMHN(K(J6Wfz!1%Il2WWlw(%8Kv8MA-SKg=B z&L`}fVunUe*y4oMb?6O@@Vcj4B`qs;%rU~AW}^S8X$@CJ`OO*G;}q@D5O3X` z1=&WQm7k0+1iGj+*63?a)-lIW1884&WgBcMQ7cjncu!>kZN0yP6+3g=(7%y6+Nen| zYY$n+rFYikHg!A+vxVeLymWCbdCprDbO7=Nl_F zOM8frd$g_Y%q0ud%?rzTJx!|jZ%-X+4~F(_Ox<&5#Wkbevki5l51sFV8PI@wr^$5a zhUsrTJ*2&K4-)+u2?uH>-7|i;f%H>aN89$$9!&4sG`g={bg)tMv$TjlY;)+I?doj^ zy=N=vC$Dv<33Q;*vk!Q<{c}W%XAj`c#?O(>ojoACT0Zx+b>6%EufK`&;aUS*r*MQ^ z5+#zjxN{?Y>77yN7lVh;hf; zl=NnCUMEf!yu&~rmN)Q&yvVRrH2G7;lY715nA_&~?C0B^?^-Kl=wPWbA4Nfjk~#-KImL}?|y4mfI>4*EJ=hPBr!{!>!m^}ad#|4zteUh z?}8qRHj*2GR4ziR!J7eZ8(yLZ91KNN-0+7Px}(J#bkXRWVQNvg2cfb~^A13@3M}l6 zQTL#Ar_pE8g=w-S-=HJ%sJ=Oxprgly)c?cOLLP-|@t1j(1O#qSWvsg62tva z&2y-Y4-9el{`~zL5K>ca{OOQ*jffCjR4Pvc-Eg@kJTC;#sq6`h0qZgx0e>7$gc}3Q zQGQt*?H0(=r^tPT+R{Ob0>g>q|37>0+8noyEsE~X^D9u!RLQ=jZrMpDvyacz>{28- zqcgUwV=2kqpE76?-Hj2O;1FcXJ?EbPehX^>AlOX;V0X)Q5@J{FiCg3%9t-RJ&=`0< zH|b@krs|!k^JLIeVU~ukh@=ly8Z3Jw3|%K@DO;b(l)gHJsUf21)>3929+*^;XRn^w z8id*A)Ln726LV48Px&2$&t5(w&qWEdNoYL62QvTU_H?b z&XdlnDr*0pDLMWb$ljt%Os``kAs;kM&nDQV^1N*cP(l`f?nMp{R4&OgPz9cSLMl%p zlni18rt8btoyL#_a(!v&yyLJ>T|U~^EC7dMyU)*8^xq;USKr_1X}tI>8+1T1b+daO zLAlo%OaEP$Oo<*5lFYezc3XN;zmrQ^Q50fyHgw<4TVAN{#SDry=whw?k{O8-84{rS z3xAw<8ZE<_yI`fQ2TFAbW^&2UwVu8< zxkDC~`+`r-FreOn`8$1$REwZBJaw?}Ia<R1rckAL9-&CPVN%fBx~q_16Hk|lsL}=g7({QfeKCYOC&jT2sTPFx#-b&cV6TAx&5K|5wxT!k3 zzk8BNBW^YjhXD%#YD&CC_zxBWo89euz)X6d`xM0Qd&0X7or+y=E?yOws zIGXxPD!_Cl8v9Np$@rZ0Mudm&*GlBP5~U}CcDI-e>^6C)-^7%Ct<|Ne9%@Re<3^u-xH`XlcQsw5UoFMsq!N=_vI(#H`B5-qBPu*L9EDo+`h#{i z5xXtX47%5)x-+}&kX{N=osyF33TwS&gJ_juUS}EZcvUiX>e@p*m1K_3r=4ZRl3|~* zjg@RL8TQxiCQpoN@wC35LHl;~&c18nY{27I35W>{gm=$H34LtZ_`#|KmJ4;ur<#|1 zf?FBGOJFh|*nHoO`oQLxh1^c5g&MppuOLmuYsS;t(YbTFl*T96s<P`6Idv+@ zpMvssN@|||m%mEZ0J84QLGU#q_0sjyT+))JLSkPhwHK#xHc6VUc>YCP#gKsI$D#MB zj5=G+xX)nPiINuwo(>sBp`-3%jP$b?PlrYh(v%wm#;iL+Xsy>T{@4z-x=$}g^5r^@ z<$b~OyNV_c9y|8Phd(PH9_k4*VKJ#aZw@^ywHvpInn5K00;$eZdbcpD>K*N=a^ALF zm}j?`ul*TpPdZw!5JjE!XSP885l(zhW~qgzA+D^3h^$1)$c$IEm6^zGk$m8p9xRyI z91@q)wwqtQ1li-|pa1-4PZp)K8-l$2?%QvtGHnC4w>Rd1rfLN5` zpLp0j_lCr{ohYOh{B$|E+$k?*%B||=%l=rCCY7!u$u{HA(B^?{OckM#cpD9FxOPltFIgD#&n})gh68?FfOs6ME9z;oGMN567)$jeRENBaDN8;1M zY2XE!tpbt}n<#G@QEn)<3Qa`O-W_+lo|HzwqqUh>1?u7L%q75LuqzqQShxi4DuT0I z&$s%31fe>(?C{U6UimF%5d`UHCY>xJy!aqX*<~C-pb?A(M;v>>5yNC~`27MncJSI# z2E5|)hU-G6b`jP11uq9S0@n?JXin%%ima{>bn{0|cA_u|CS?ke0>!al98v_tKCV2j zpK9q3AGNQEw`T4HRv2^{1xlBMT}FOg@k`YckE|m`oU7rVu})Ynpn5r+OC5PnpbGIK{PbOJ}!UoV{<2Ufr9S!WAiNO+Z{(d>u>Y7u90Kh+h zG;Ks(Y6H7z(Upi&sbHaoMpTlLEtITUVu4vFU;Ch#v?Im!Ik9)z4C}Mg8UyWI3&~>5 zQzPhOm+rO6>My92w)vfRgQQ3}DAdl0p)d~OhRwxo#qP%$tg-dAr=WbqM&}}BxAiRJ za(Oq<8hO+4Dn>u-_!!Yb>C*|eZI?tcsNc3`ZYf-lZmG0ghcE8Bqr&uT_5Bc#5t1=o zvqBw&GxwjG4u|U3AM?Wf-K(@`ncU7zHpCevHJx~-v4<>yYz zX-yepYkuK!?kn)`jpgn#}Qb?x-R4VU;!DvpL8G zf?q$cuo1GiLiE7u!%(*>uAXgoVQbw5Q&qxeP#R|FbZ#J0#O;`PM znlQLgmT(8na6?+XH4;ip+osNfTYA+pS+W&{|9qo%qq7i3*Wi*Uv7lm@*v!h6Bw~Kr z%9(k#e&tP9H)Bvwskxcv;HBTTjEd^$E1~<_g*_zAXnZYjEpb1Oyv*1}Sd(TuqU?wf z{jEkPz~}_=8E$_jM83}CK6lqhqX8ZyX<>wtAB{?~n zPESsZH$fwAUCk%|Nm!nU6p<=C%{eb+1&q7VkKMJd%v>86L)fnXbBpVy8&w}2bLZde z#dsTbYjg1RLTwG6*T7eU%W7J~U`KGc9;W#;d5%9$lcGM=4@_5VCCW{hL>M6IhX2+m0Zt*s2gEEjJ|9`uN6JF=*Le{2dY>oy^CB ztCGM9S!tcKlp-(lDq@nFffAlcn3rx^U3(X*;~a9qpMblie`lB z^i=RA==6qURGtI4wgRI5a%c9@Q2+zk^hSJ_H3)ZlW?Fa=bMVqw zrY~(NLmx(M;e5`sHqx8QbasR5T>J6|;AuCS){>QzMa|QrB4~ix&XWi_`{treVBhdr z$;ic$<~hq8mbq0dvCp9FmQV~-P&`7VhhIk))aNX1^D8M2nAOpR0UL|Sn+sCWa=|L~ zI?3zRjCpR;=PPCR`4hVi%fP}-{`u#d=!y?rXY?q_EPdoDhUiH0TmgLX`HL_-KJvb% zCV_=%!x$`#z{+&G5LX=OIRNhK!=c6%$13pZIVBUhJ$95bX15(kr^0b<M#+nTr?C8T^&N894TKbE@Cx}$(TCwu7hBZ5?d!a^ra^>cLMti<6&2jB zs4H28@qkdEY{e=HqhV)|&MJg2f1GX*YU+Z_RTDi8Q1qvjr^@)^sP1EKz;(!^KtmrS=8*;o|By(P(3l zu%_gB%H_k@W#f0yWn<^mf9*E3vBkz0++yPs(I|3MLuZi=kOfR13D-z*d+9chPz+-V zDi&3s$IJc3P1Tq9a7jFv1~7)hF2e0(ZdYW^%TCBE^@ETc;s~(aw(XnUd+cZ>oRZ6{+YeV4=l55auZe-rUBPrp?nPr(?9~dI zerga8+05%ylTDg8zE~)VLUVGR^U6jo`2?>d6S`2=hZC({!n8fCU_jR}0UpX+Qo z+zjmoZ)4SzkoTtX=&6!!wu<9;5^c;(8&7u!e8ab8J##1O5A^{kYnBJta1;?V6Nx;- z56#Sf{P6a$PvgCc{P2ZXt$0P2R4#2=UlWaBZ}t8&3emY{tM;OGm@pnyH~!=Y^YE6! zW`EwP9`BChQ}Z zV5@-K1yMHKyU*k1bkHy+C}Xg~ccFiBD`LshWgmwz2V#fcEZbl~QOHI{0|8yYq(!OC z?M2DgJY)TBmZ~Ms7f$nFXm!kV8W!7GgSx-6aw6n9)9}O^ zPbL$vr#%0sl1tO<1^JojuPgCf-T0&;k4pg>buIO}Lg#22^yjI0_e{O7#6o0tEhv!n zFG=G$+*^hnOm&Uv*a~Y72HH{6gGwb&;L|F3Sl4Y`_#d%#VFS$&_nnf!$rfirttrKoG5uuQazn$O4 z_7I5)CouE8V{(87)ICcLX9(P%U%LZ@=e**y5`i4RwpE~(m00PkaBTp9 zV;h)p3#OkVJ9UIPXjh5kw%XoS80IO-*&}|{%bm>If6+m-3Rh|N*Vlh>+$evw>DW3+ z*8{OBT?c&(4l{TV!v7UZd$j2e_xXR`In@5t-sQ;2nA0}9dt)sCwPe5r@rkOW zxl~&oTlncjJH1ZG^C~HVRiBO&5|5MBJN(v$!uNmuh#n%q$5=y5YofRCDtXIgg%Owt z3mRoXV6@MZmy_#TD9c&=LesQ-jr`0MBPl_96Sf&%ME9iU)u!MHsA~5Yw*W(u|NIWC zCw%kucP~AM`Kcn+2iiM6p}*-ML1AcYBnT>ZO`kP=R}rh!aao!jE6$AZeV?^%A08dj zgZ(K95|P_2B0{{aF!v!M4yo`7Ohbvt!P+AKSNBRMij(yG#ohURG|m1i(Y^{uKa@`B zcShKV`M<|q6mQIpx5Ai~>2 zg6A&G3){JVJ=^4$*LOG2Gz>3<$!Tnrx<5LNIBJ6>zwZ+zkcQ&X~j^MD0`ahzT4c6%G^?s@fot4XRyD+v)3N|HvW!(3l# zVa}wyNR1q%!43xxJnQww;2+LT)BU<$ssnu#WqeZlZR>@t2nGGO?VPbb5&uiMC3oO% zb(YfQO)+=JbHrVjD(dQZV0K(8ygK14xcCd_~30R+eE=nj{#W8)kDaol*luvc@i4`q+i%lw$;FdPu z^ZF03(Elz}mftPDA4LK@W%)Zx?R$Xs72yw*+V?;lTB6t~LF|DVU7WZnKKu!sI2sKj z5y2GLH^HKK4ZPh6hLzU8wGeTqb!~yBzb(x~z6e+I6>hKtOKmK{rtlieW2?>v+F|!B z&Mmpnbm(aMVne>PH{H(8GFXj#SOwkSA$6`NqSJ8%NaA)w4);8cg4o>`*^MgM>V6yr z)!!i*p?CB_j)Gl2-lMvj6wsDEHe4iNpYy!;V|)@izeCA>9C*F?>VG;0}S!i0c(N2qbAb3kJIe4g@@)$Ds4l za8-#6?K{|v*bamPS8f6%_U%R3jJ>vFm;grxbt>GRTC|KtMx}OCY9q(*K&cJ&QXHs* zwu++lbyXYybGQFuZ-2!hYHe>P#&)O0fr3G>Cu3yKMF;9|vOBa7V>5<#WE^spl)Mz* zn{fc-b{EHRm&PIT(VqPro3Wo!&JoN+ zy5E8J{(m_Zpik)C*BPCG8jH;s;@Xe5K8&vYr*ZAy>0TY9U%zuTqhG%nqhEhCfs7`Q z-7)(0Tgw{#`lDZe^y~Y^QT_T_JV&Q~H1d5RK7HLK>pV$BomcnbfdyTAQA*nm)ZhZ2 zPQ#;h%9SQH__WXUi$=*&941d$Y9Yp&eAUa9+Jz}OCnZaG!5Ox}r}#UfgK6&(DdLpq6yjG$?#Ji4Y{@u6H*DY2k zj}^yv10VFQDzNCemdZ6%31!_n--m_=TYgB*irkaSD{*966D!?DNvn~3KkBiN5F1J% z)eer%zXm4ouUgDDRZLF#|HdcV$>iq8?&48B3vTuDXlh4wJ{^`m7D}6r%o_yF+h~Kv zOq(POdk$YV-QseAa05qn%$#d)g(kDlCV$XJe2?E3B1RrA*@DYzKnosxyp2wh=L>9^ zu&T3)7nxnTXT27b=5?;gm^!veibV^s#9qK{@Z5f%yp1$i126YM_-7Q>INJhCnCqi2bQ$bdj$grIH2wG(w_JwdCuBX|c(( zB=zw_CcpO7{n(kluKB?o%m?G8b#p<*Kbk4B;M0FhV*M6U%r=KM>&^WKUD&&|CR+NC+CK3Qax6h5n@AZ2!y(^=+or?m-xMi&a{7`%0s za;g58+}*teLwcPX$urNfo{N~qq4gQkv%GN4n#eXBQvk^Ru3Z|(Nl0vIOhMjF%YaCQ&T z_Gr+K<|nlMYbmMcua@ui{k>mi3`yjkB&sg`e9LWI-D7klUE444WMWKg+vda*+qP}n zwr#6p+nU(M#J2h7zTf9L=dAOgt84GQ`b)2_RlREeuj?1yV{XU?YJ*x(#=LgcvSIFJ z{~HG5{k5CU|F3e|hdB5}z=RJ>H{~LZY8;1_K@rmaf$O%1) zj0r18)2J;n_0OAP#BQ{^;Ol)G8&#DD1~58ER7OFt4phOVeFC233jyQk_XU3KNmNo- z)hyiEv+j_(k}FC-R?|toVYacYZDhEST7@JrOyOTYuazV;;dHa&2iVd|yIZ#`o)#R& znA}ft+P|`7q$v7g!Gf!zYNn#Xr;2L+n6_BQw~Bio>(=XwgLinPTBOswEt{+`{r` zF(xqk))MDE-?_b{FBhJ#PKIaS{SzP7iX8x}2ug?^Of9UdnYc*`Bwdk|vXA=C&q~o` zc@v{dS5L{xIpXK^uuWD^S!=iVE2EB7+fhChvIS{B{S%p?D!Qzyt`-h-Vof^& z9Wkj*34`lTkoW$UQ-3xObEr{;3vc>PQ%dk|#4N3-uS2dajNTd7^L$O!-(!jZ=bvYE z6K?h4HqEQ8P>YuPo>b}*TeDeoa!=kqu5TY5=%yE0aq@_2UU?BI>oXpIBn^-b`Fd1o^#qR(;!vrYcnqa05j#5GHJ~n zuhL7mF$PU<@CRgtj|BbqBTVW_)I2fq1V9QZwLGJL(j*(w24wLGxq5bhbk0FZKX4Ih zlEEU~qFqFP!pDF$r3yf!zJ0Q98w3%FRP0UdtU!@U=h{Mjx+GkUUS#tg@y0xfUw75lf&=c+?vmkRDC>n8C>NZv>gn=j`+m%u z#v>Y~z?f#k3yEOVi=D}Ckgv8CznB|pt6;`?m)dIS9$Gezt{viKsZ^@n;3j}%W;`*z zP3cg<9979-$xZSgfLXFxCAHEd>Otflj&3%7NY&IE1mIE3l2W1R%(H6G4FUqkQheDg zO*~ymtM`5u$oUwf^1^^VQTxyQE49wzlC1HvBkr%+PfyR>4;pjN0_2qdJ}2H9_7hh1 z9*a+~qhGV6V}Ie*S|f^U#Fdvu#hToTd@0RyXw*4ofp55Vr4pEUB>yi$6cd^#9U)%<#!9KZT}Kl*Zen9TjUe_;20eYAXdTh{G) zKa~CA*ZDR|a|%;XX}|Uk`nK0}HfoH#jKP8ucxB|p%1Ei5-9SfSf|I$)1SGMudy=JY zwAkD^J`VY$>BN=;{q%qKOC!rO5iXYcn9oT4$oc3yDJl{oeylU#NaLJ)a$({jfpm7m{L;z zg?X&#%JSj)c!cL{%ZYr?sYwGISGY;vVnxX8Ejp^swoUPsMOJl3AIOS539d2tI}Sc< zM%?4_!tj}BsrYWc4rm%CQq;E>savv%0l9UTF>AE@zJT=g#yL#-OyE1*qzPuiysQl$ z1@xUc8~&6ZL_D?Xli9%${{FANewN$a7O0~f64RuN$|Zl{n>cmqd|qWFXCP*eHUQKP zI(kW`scBx>vRo3I@`9swe$7rgW2i}+U$|9u0+O=0%OJ5c!3vg>z=beZ9F74h-wNu@ zPvh`u3$q$>YT9U^xkNNn`6tW7%#g3?hQ8fK>pSo^1G`PWmbpGNdguA)x_P^Q46bHv z4i1>m^GRFZxH1AP#D3+1wOEo@YjcyU3NA&Hw8yRmH&ChJ#-gxSr(i%LDrfK(B~pps zLt=PU#T!I@I!`#lI#wZ^vJEH$=uvThMbRNU5vJW>73{*k5zldb5pFzuZSH!wqiBLy z8o?k;>Imv21~;5G!*sAlGu~oM{o^~qO0W^1G%f^KRWXlU9iEjcMWov18#=E_SomNf z*Gj`2kAeUo6&WdyrK6#JQJR?jQaReHDtA(22IN1VQh1DGwTs||y=-D^4N#%@WYMMYpBlk*9pLsOh= zLr`hICFH6X!`WT6X7L}=Hyf@quTzQ8NjKip%;I`jWfP4kgBDzW^7#-&H`6XEVoxR5PtCjdjELMR+?=w1eh3Z*f%#BMd&< zfjf-0(*s#jJ454>E+7a-!-*hdFf!+RSCjmB>)lCn>keDpcfI6V;l>K0(?G!t8j_fh zAZKP1rR&zKKfPEu`3bj07y8$0-c8dPkyW97Bmtxe)@>?&T3jXDLNGhymnga1)xua) z*LIiR*A4o{l&(b95q%mO>DOy)xD|BUFAB4{60@(%xJxRe=oC{!x{TZ@xqBW<|Lxah z)lJ2V$h0shM*aa4r?e-IOEJ!bIEcuys)Z%K5|lOrVO_T24Qe- zfRKjigI}1l7aj}ztKI-giqaZ^2CdzIiRW_R1Kc!o9hmK&L9l*Jq3Wx@Kb7Q)s4xQm zWFgESNAoh|$An6WHR_8-vOSoO|(egFz$5|N0{9pz1nHc|qV%D%`_UqUhxGi4o-udk^JIR1$ zTZEOYg%U&(qVFR4nE>3`ZaDMC**-;6?XP+4I@}hz=Wbb+Q?<2^CDIfT;n^FHJa|Dr z35r{-NFit<`pwR=B{F{4NtH1OdNogtH2`qxAEGOji!g1P`+o2$lsNRMha_%>5=W9b z1(e~^1FrP281?x4M@DHWx!3ar&&}B-|ESM(IVP!3vk6LRLD#RYX@99+os%wL;2&Yy zITeBeE#`0OzuO%1;C!I%Rwf~bIbU6M@^!Zn=UEQYob0fZNPeUtb;bF>n&Wne=M(vM z^z@MO`M5>G=%cRJXvzETN^2_1>oPCG$p=6r9WOo-E$M_Ykx{QlpVJCK*W^oBB`ZTd z3oCARv{#s?JZ!Q)GLBh{El()F*$A&DqM~c?Q}WvQ&=|55YP#JIX!fHKpcN{;+Xv3# z)b#i~@O>6BXBKa5>nO|axQaK?2zRM9KN-|GCk3)pBo+Iv@GJ^VUK{~m8Nl`iZN#1N5%gDGKntx0Er>UX4WLmb8?yz=NW z%8wi~y^0GQp;BifFJqzpxp{jL!BQ>}EuCb)@|=?)N0jnJ;{DUS;58PJK-r%lu#D>9 zP=L~sh+F^(QfMxlA0C@X_UYAsXF>D_%4Z%*VPi7|c=mIrq|4T(Vq4gA-6utfbduC8 zGdi*^o4-_NHNBW&^XVpyNV_$M_DU1G0?GCz;%bLK)0AymUDmGePx$a4>?eT(d2P$I zt!WZEPr6z76N_jcmF|luo%&WMfl`7_vKIuH!b|D} ziVNF>p*eB5G%MW0g~cPYQ8+6bm@FS5Lz1>lg;PxaA>2Ub^Y4{5FW1^fZlkK3;E88z(b?H|0DT5tuCpfzHJ( zj+CHKt*tqo8T9Q0W}IWECfNRnQ14_XsO9V67KB0l?XB73n%S?EO)%sYT9|#R5grj{U@k&8)&SA$?y}bI z?k(+}t9>+`L1kR!srL*^#=;xe!;^W*&}WmsG=dSB@OLV=-O-=3;8nwyy>lO4=Q)?y z`)KDq_V_(_n89n|Jy%uN_w6FL`_qQ~>uB2WbGj5mSK~9*JL97Q*>A)6nb}Wk3&cJR zov2bZ1ns@1dM706{>aPUUIGs^XE3V^!%9zGGEsecW-bT+7b0 zNO8==WZqUM@$1g_X|mP=$6p%M?QG<`{c5tJgqu_~R$}GwJ{87@cs1whShWN4hVwzi z-20`+Wk1$!wqYNh}Pxrb2tBGeU#UTvzDx{HqXU}9#$B|YJb)TB#ybJ4}} zBuUv10rGT8fjZuR_Xx`NN}MXe!x-|u8rrLq0r7MpbcUY@H*?EftiEZoEL*^mI!2s@ zDAmhELWuADbYZ3sOL7UsGdlrW{v>BCm0X;IIM5_6KaIdoPBtudtE}@FU^StsxkikI`YLNsTwfVz92If)=A&1;Rc?LRV zqe+tsVeyhSi1G&F&Y1xSSGBgZH4K+MW;$fuuh$c7Wwk1E1*{@Y2@Bi9Mv%tj22MYYre;fsiVkmLSFAQg&-awJdE6jv*nP>W)Yo4LEdxYyJ8t12-+1Hcv{lZ+sGMB@Bf?JzU6<=y;JCMUh5c9j zpx;N`S3p|nb**#t>WLS5*`~af*5zZ2NfU9%k5zhwfm*c`1bYa1hE+>x!1|HAc+f>M zI`ZK0yKjemODa~Blx6HH_*P5sn1D4-AyO)5={nb>OPDLD-W(iAEYx#M04EDYC(o`d zo~Tfd7PE(hl*@3mXaEUW_Xf7`7T)ZK>m;OTT8pTzq<=NT-LbO(>1b=-ompDd&i%a0 zJI71D0FD>7m6=uPFDFAm`_qfM$%yy5)7i|O;S^8eR3D}4iB3j+)h(L;XHh+8WJ`ONig7^!L+v9CGs!eG4@kGGHrCUUbmOh2WX$^=?P0nF^s)D=@HFcE+ibn zi0DY`ba|bO(CF&cRP#Wo=0g7+7_19($LsI9Xjux8rC`&14EuzVJ^+Nb8^3Salit(G zXl6SjAD~u3R%w(-cN;7P2H7A)-CYHnc@di{(h2^ZVsRM$*n(T86hN}WIs07nSTZO! zfzn2d1FE28Zm8_?%WXI@keJh8uUvwHrMFvb@41#>JVg2wrR||&*Phijsbw9n^CQ)_ z%u#arA{Yr!J%&H)pk@4V_GledBmBT$xZ9|zSdPMN_w`I)?g7hi^Z}tevP&USUzNC^ zUh;^I3*0f!Jp4#7SsyIuGH##uWp-eM50NT0+C?EmhKB8WRp-s3i#l8=7!EMisQ(FL z!>%dHu{I&f(`*^#aXy9durf*+<3ST8AB+32vhzKR2^GzJp|EuO{)W$^7;S`ieR%6UAkq^6X^P0sh=M*_{jbW7Vjhb5?h@R6`_$F<+&L6=q zxEA;k^S(~9uS_FWRmIBU!EWU<1KGPsW^l*m)*mgn7qFdwO@vA*rU>Xe3i0qCYM~Qu z_Pca_>eR;D-(QHs*=e_KC8POo#Z*zPL5z zm2!HAt`g%N=0BXej>z3XV4D0O46N9I2a<51+J&zTi~G2b|C@ryl&A5TH*}@6bj6Yk z`vX(nlCQqt^K!+qAyi#*G>-ENAjEWZ{8tip7=c1O5m0JgQzA zV*o6>Se*BbLz#X6EQ`!{Z8S8~f*5}Y7S-s^19&^~c?{uZWJf964ru5jOV~l-#T0}; z9Yp+ZkS+wyH$0($n9CTyYy_fwxZ_j=D0?-_{LQ*hdAifT8%phXr$AOZjgP2>80@|g zb!=Err#7l^MAO!5zaCk=W@{w4BrSvs{6~8XSW@@X>vFP3O=6~Fj_h%qLifz&i$PXC z@rbK!PM+5^%3xfk)eLo{#vBVz9?!NW5lDsPn{}qCdFvRkK2*(v>h>3dSX&r-G1#j% ztNY5*u-{vaj4g{dlC&V;h18GabR_rJ0O()}@tA<4s!0-x$AJp|M_U<6riFM65Hb|? zWyVAz_GnYbQik|7^pxRCnik8f1nTby_J#~0}EX!$h{-a@87qSIBJ>db&$i~wi?BMRm@J3>8Dy&V?NN-7unX)M=JyvMb zV7YM_uR&hIM*Y+)(+{)yjc&4QTst$#ywSBufd;9OB~Q=s$+So1o4vGadTVS%YZl<6 zLB}B)=3ux8W6X-fySB?~-NrwFbo)4(=Zu4&$Ubzsoshw-%JBsw)p~z{*GL_*MCv`^ z)ua53+o@3kkxCsvB9d7QA*11j``F&}<@RgJw%lKVM zmx|A@i;n?>0UhvdPy$LiFAz5i*s*po_%XaL9Yqn~SVpfbqwt+LJ=xG=(nN}YeU=;X z8V2)jyw?GErcSq*TU^qohKlt8g5$BQ;T^Abqs*wraNDddBc6)j z>HUSZti!ihhM&AEWmvG^zm{%WppM989{KZZ#}dmvMTG@r<4g_MNTaKu*NzAqTk9_N z!A;va-c91cF7$%#6wjd6r@)2$E6?E8CxPIZrw@URKz1MO;MeItgKbX%up>R5yBlw` z`&-YhvRR&AE+Qj6SA%Vyaz0VM+gOJ09n8bePoqOIH&=%5o@P=1yuD$3@ecRI{yQ`B zT|qkX{KWXViTS;*NBRG)66cbBb{Pj<{tS3ZGt7LY1PR>n)SpuO1=;Po)+Og@@h&9X z|CFh-3Hibwe~nk@E~@+rQaO!GF5t5*_Uwa#U`X9k)gKV$TKME(&?MYxAh%~C@U$ZlLnje zNQJmFT3TFZOAGtBs59olsJX_3HS?Wwy8kHF8cR56Mxa)v08$R2r`^X8oLaIfpbVDn zJ&#oel@vzsO68IwapbfcZgT>ywnms4X{K!|KH=KBlQHDabaPz&89AA0pJf3_c!h6E zHpiutA5QF{S=%~$*|t+-j*}MQ6O#4Zi{BUJSp*4-YSPQ<>mswTMQ&BkW9tsF&1uwZ zLh^U!;K0^xm}vRM`;C@$HbLIHI_ECx#DgJO4(5iVCWVH)u{wpO#;qW5L)dZ;P9tX* zD&Dd^pPIq>Qjc)@uWhdeTn_ASOa@}NZc7b_$)dc)+h!xjPeuo-X9f~YiowtIj}Ka) z*)k{rQ~7aH$*$(CwDRz|y@{fi!;g(|#RBf2#9w4fTR-GgHd{2zaq(dY`*Ih1o?{b3 zJ%;~eeecD)=|~H4^g(r!DX&tij~a~?#6QE~Ej_{6E@!2t_<5jIhy5&Pawojy*!~;I zli23#DS8dYOc=~ZE0Gh%E&4gb*YIoIL;zy6-Bo$hg#J{EeoDOm&!22dwX-s_Hob1| zXkB1_Qrju?D>KF!17H0uNA%>m2+qpz+0axP8{q*J;SjYf*Lo*8zomr1II}vlfrMPi zdzs6@TG%j`-s*?Nq)y}=tn5fN!Ik<7=$F@X03p00-IPN7XoJu`6g8DQ*%Cm@@zL#( z;txa)J()yH+Of*2X|MWJcfeQp`|-!y_*2c8d&Vgp|3Bqg%+?sVvqwqX*BkRRr99sS zTgzjLS@9GzAx$G3oBk24^7{xW(5ag`X=biqH6%L)bugCE_PqwC0!C3GS^B}O~k96zEEC6;zBW@qqLOi0X# z`6Ds-14^#)C{VK_wAO92GK6{4Nwiwpy27iJ2BkJX#YjBtKN z39+&^@GID_5~7h~nz{#9Dphy~QDAn($TQ%98BSxoj8b5<3{zl0e81jC#AbY4L9J1u zp1kG4y&%GdxdQfLqHt1PF)8UIdc8&^R)cS15QsLB5^ic{v7p#TnrXy_u4o zM$Ppj9=0C<=E9u@3$^bZrC842pwGD*Dj5qo#2gzWp0k$Bf+^Vd9iK^{c7fA2yteqsknJcVyR%{(u{-MVtIaydtpdedGHdlcXNDLBR^};XsVrHvhpu1madaxHSOL~B= zD*-r?YG21pcu0dM{5%>#Y4zozNkqNeghHip7m6gL!n7m6+==8MoTXWe zIIIkvp)*uz7nlf`NyJQeYN?T%`s^JxJ!pfd^Yo5epXHwbk*Q$+iiy(gerI(`A42oh zWTKlGLP!;{mfl@v96`vcGf+FS;^uY!l!!_nXRXp7QTa!OqRk&QVsg@;RF~-L;aRE$ zR@GU2FXO|G1Hh-0dO<>#{NA8sA~aBtB(g*iuxJ7WW=3My&kn*d`TZhtNnvX>7&rQ@ zI|wo|5lEN@LBVlpJIDwDuuUm|d;JCS)*BP(z33~vC*RtSUoCRB8M?jP-nsW zp4og(c=@FL*OUpclDxQ8@VjHga(-FD?~O(0*ZHoF29^T9 z;j?g(u6L~{j|zVbYn3p@65L&kD7J|Kte!5NDUobnHu!}uK;1GfmvgO}b)o{*az3KY zEcjeqehE+u@6r17BH3CpQtNYN{DxQaQFF0&MVObMMwsm7?#lZd#^-h;-j5bK8%q%J z9Dwo!D|;`p7$u-MjU$?0?)xrMc0|GA94&8#6g~4S ziDZFXt?E=4=&>#@8)f&PHr}^S$7n1}#zrl?#@Vy!Z?%N;m(Qv4-ForP#n;u-{z(K* zq0O7Fm9Vs3AX{sWCNKo1U@E^e=j3)LKG8z2}g3#|2Z)BTn3^l}k9*u7o9QCJ@`5VY1KxudLfOI&zrG-G}X zJj5?UTstKXXocQY61vf-W{eMu`(vd1tp>{Aw8$tukCJ*(H{boUi2v`QEpBFfg0GTf z1`J0$w=op$7bEG_GJwXtV)N3(vyJ4`OESeetc?1>t<+wLtN>{Bbauf(SKcQ7cUT1g z#;#vb?Iff~z*{0hu^y2X;l&`8`s~lO7M53e-NP8b=-z(@IznB=D|qv}1$Vrb61V=m zwRri_txfXFa&SQYW2MN+VUZr4MRhESq0~5M=(NkDnO_b{ht)QH&b$MnBJ<6Dr`CcR zKy_X?MfCtYKo@aZA)cF}Q6+1)sHOOPs6*1Z*KW1V=0^>TJ6f^YT~e{)Eix^~v8RTC zOd5%=*XR68sIJY_w)TUvqq1s%H;q|NebPd`IZUzZ-M$dvQbsBfgo<$WQ6BzIi-#W> zi>hNL<8fSkmAc32pWATdS2vx7WGEuw{mh3xfFp?nrA<}?6A`<+FdtUJsF487{8>bT z(!vMw#~!{clxfWvKCYdjLowkm?C{ALj6rht@8_KK0i*)Vq(A$lErlE!?1NURZraL9 z_WRG(womi#H(T7_T{nQ=ush{!WFZ>>!=fGh3qI&LJYRzoF zC>yVuc2#x%4P_!(ir8@Q5;WFN0|mf z9LxhK@};~T>gS$z&#hCX*>GMYANxE`rxPUK%$W#{_4_X3Tpp%0M8S8ysebr_`<7|X z_LKW|q2Q|L#N_SpH>cjt3KpbDn$J(%$$&TGj?;vwn$}CF^2hIJ?iI)9FX@O^B|Zl2 zx?~FWznT^Jrb7u;YT^yy03mVo^MwG>+DBc;UtZMNP?rLt+9IAP_0jneG(1$swH-Ls zegWStL4uj0hXfG}m%leKXad@iLiq+VX>_UcRq?c;#a=STTTNFhTt~15r<*-mj2C4y!S?3|JKew9Yf!HHioxul#aC6o$BGx+ZArF@sJxd(Dri$81$ATgah=lVr z_grX_6gh)SX=;)jKp4G*$DmUJ%L8YPFpV5Cl-QTvhQr;oL<#@I3)1gsr;>1Ob#G5y z%tO4dR&V*&qh3WoU8%i}6(g&GuCQacX4FnI`^|+CAy7m;%Ftmm=??^_dgZh68Cs^8 zPl?r9oK@(mRRq;JQJCxMF<3}C1yE8t6v%NQqwKj##v6Am>P?P5gAk{(5#d?;xT02} zP;J*$Oh@4TR!keW&Ngl#+7pju+vLRyyC4_NHZJl@E!p>md-~w^EW&n|uvy7SF5UO= zA+FFwF?lsBIExxyhRRJ`mWWD0EkFJNDs8C38$725w}Mw@H;LbNp0orfQc?qyKqUTr z)y2lU=a^!Z(0$*_1{2s^J2!~H3;`h>5N6{D*Kc8pLeCGQPUrx&R0WQEAteVEH;ZJG z=8qzv;wm9|Tc)&N>M_P1RMK~l|K7jLq9CR zRLVV{Au3r|uGY5O<}n075-Yy{Z{dU{5~^Hv}XkK7*7f!5l>B3$fmo$ z8WOeqe-J@bYOe&5-H?+s4A4%+03XPAWxrf8V zC!DQQzSzoFa!eo7tgkE(j8WZ6d7r1ZFIwP#4x6pfm$nOPQ;K*Fd}ON+7KSkg<`*@7 zm%hc5c6Xv0R!y^ouu;M?sz;Gh@0?B z7$kGT6o0p5%I1O(+t7_`we*qK)D4qc*ZYChcj!G+THTD@GjSI|OLTc=q}MxQ^Fyfo zOo*K^RE-0Zoql&?D8}^^92ko@i7+?r=LZ#dBIwJdtncfgtYTKdgYm)s>-*t*YDX>| zfg7(^1U`8*FY{k_R>T8P*HhN=KLjd*PTMo!IXAEnK4!-s9#5oS8-9H50^p@N+^+5uUrhwM)F;r&`53|CBC;OjE!b)T*z zMMbHoJ8a6MrRT;*(%t+5BiH2Xh1|`0hTT1$$05wj$b=zm4D3Kcam&_lme3W`LTc#c z`=jVOIl-l|x#MGw#9LUYaA$ue&NSMygzO5|22{W?3z>`@ZOFm%uSz6XM#g42YjMWR zI^%$Qe%f*^rcr7`eD`9>rKBhc{|oksLm-~inH3mVLSC6UDcHX6xZb`{^KV*-42EKV z$9N<$F|nb-=_Xb~m>fyRW;L(xr`__7;AmutU%aIFR`uE|3e=}mh(F_Jn77$z1XrMO zyrr3IZbk|c!(Yn#HS=gE@XFwRz%?s`5cSr#F4(kBP5sEwFQ-PI&#r zn!-I26zbsnR1A;I*z+HH@rXYM#LC5ff#Z)#OK3LTlnSb4;d*l~Sg*+Xk=B_ekV%$x z_4F+o(yYh11AnC^kWGv9l%+k)WaB*EQB!j;JKG!@y0KiCNho8xCg{PEP1Bq4*uH{M zPUb?p@Ri$?>I1Y!MFV=`>mW?kM6!ePEZ`F{T2Hsl+tuLaF5V z7K$|?jty?8BWwko@4%CYe0(3-7zXye&fzFw$!OPU=ecD7PLZonCSI(ei&sL11mYW# zsYw(Y<8V6qK*^9{1}bq28vsR=Vo)&YFL1=Q-d+AyQE%NaRj=l$HPETgpDW-9+o-l{ zajEZHc#wQ4ZubW81J7>7ZI)`5Nh(cYCRa)r_k-MNl>)?fTi)(6(iWGb$%Io24xOGB zI60<_4ih>#Y(&#m*~eSNdrJo;L`0Cl5bL|`L1M(ah=YBO=}DO$yPyG)rN{g%5!r{W z%2e=)Bcx>hvQU>m2uob71wxBZaK@T%d(rZl1`QX74)Cg}~P* zFVqV9=m3$|$Jc8B(e^{jum|E2fxS1;OjeZT1D^5i>yRW9^6v9Wto{Y1{`Zio)WTx? zAkg`bQ#qr{8dZ|h?^|IFORo%_b7$BZy_5uGmSRuB#yV(O{7?qgffAAgo$aNMyXWV} z;yPtpfw*qDU8#gv%uhtbr&Om&NK)siFXc0`%xT&|^kK_65Edm}(%;N^_Pu@*$tz|+ zlcNIRFU4xs9Us*Txv%0V!fPNO;^DXq;Rjd=H{v6ceNpg2-?Qsvd{N;`8tc*Y;6n5k_`RpFNQ{^ z*L_;gG*y-Eb8qiZyG^$R$@If=Zd+DuBn5apIzWFdt3GCwn3tEeISW`Fz*A7c+~-U) z9i87_de=|sEv36vrd+T=Hb6jO2mAvtn$zP#{tGa!O8o;c3fBB&UQ8AEMOroXP{o19 zCm6_Nkb-_{Fav}kja0f%`U3MJ_W1+wz=dD?3mS`jsbImy8@r48J9Ln@B~M)gntsDQ z1SgG8tx^$L<$AUQ9ePSE%EM4A6L;38NIgMM3CGO@rXgO>9=7ju=TvE+epifIm0q}{}*Z=VIG&=SeKf+mJrs0SB*2YCRZ0J1$fZ)f}ILEZUq8m{WrmQ8izfQ z-1Xa)qZv-Vu7Y_dwH>M*n_Q`u1_Tr4w0Q;3Z7VRm9bcG|Djw2yap3S4KVQMJ z$8VHu;H=h_QxT{fLYffBp=7KLmYM6AIo6jK{k!hoZoX4_ZP7&U@dFjV@)?DFNm=pV^TOaTqNb7GkVT1(gIrsl!)k&e>c{$e=s=c~wk#2=-zM z3U2c`AlT$5%2zM5Z7(E$`44WScug`l>!~v3V`jMnAnms9x=$)7tkEaCV^%$K2o^|L z$iMTe^$MO!7_~Fr^r7DbBWbjpP)bul#nrQO;~| z4La*As=j)YV*QXz=)HAlEQ1)r7vvCJRQ5%;ZldaUB)FUet$n)e_5r50TPth()8T2` zwI@rryQ3RQTi!Q!E(pzOnEA4FlS{?!iIqUf+#@BWpw~IY8SW-S8dfEUaNs%5%8k7F z(8kw7ey)?LU#5(g-NsSc+t>BuYuGp0 z3@6+H9%n32I!quDnCpdK^eM`7^-d};p(mdzKJ`s7yM_1;8`6kWfsM393?+ZPI`wh= z35yBnQ1`(>$3DXtyMUyQbrPdJPI9)gDz2mmZMe8y$xw#*q-}@MNiP1?RU$2FgZzzK zT%C@JHnoDD|F<$Ubv^;Qom8~w#tkJl#4X{3~Dkw&5&s6XlN4&tuq7=PnTyCjH5_pyHT(2hrneNV#;?hTI4?n zW6{YQ_qrECfrp`B1ySss={oYpVxIqMKs-}+FB?CBsut&SlrqYyDF>pPqH)##`tuduBL>1W( z(BiAAO$K61Doy5x{gO6q1LSLmDMV8zKranaD~S7ac9VQ(k63%qcMQ`NFOk=&{dLl; z+dORi2AF{O!YOXBauPO9e{*iZ^}@{P=QgFnpI=V+6+*o&4rz8OwD!*8fo$n@zU0!Mp$ zgf9$G{OFBnuhrf)eplO8f!$}*8`3tVB3}T68LJ;P`~tn8EW_o_@ZEDFL^-mKKcnce z{=`wtDc*PyYWGWa4J)Y1UKDf=|FXR+cQsFfXh&?dDF0ygWKh5#7M&d~RO}s+n2S{C ztN1l}8NqKo?c?U^y5*xzcu8EeQTb5TgPc*_n&gwna!#Mg&((f3ELyj-Sf3+}T<5TX ziadsXD`mJUH2EnEL^sWx!zBVCrnfABE5%Sp?N>D-H4h}$c7C8ryC`L>Y+!v=Cqa|^vjhhy6KOk%j?uS1;UdGmlfD>tSgYu%({9Hc za<63+XKDpl%ohH(Z-UYJnDeXU??<#zJWN!&-QK8lpt@DY8i=B%lk?r;63xt?ru{i- zIKHOD$6wK#OK_$8xlI7brpqIhX(((**yE&o4MizB719NxC2nJqgF6mpn;T4GFxry{ zDrjtXcJkpz9cVkG`4!hMwQ=7>oRk8&%KtfJn zK`KBf39IUikmi6K93DO=7sNe|S&bh{1cD4=^x3ZNNQNm_t*lf@%C@#ikdX|bft+$J zEyVA#Fv|l~38<$r#=|MpVtgp(Q~YNt3dS5Nx^q4AGtTASoP|9wwf`QbSP66Z_{|id zC?qInD|goB9&<5*GycX%H)e;$fq|92L71d?2g0w0h7|IUaP6-BN=T%c%cD|WOP;IFO6gxQvS)* z&w=R+=j4BD>ugqCr6k(*TDrhQpXS$kOM>JoVacBFyP1-d1wK>5~pyNV7f}$JtTRiby zC}kJXk%5b$!af|mpseAunkT4JUJdq5$?|dr+Vs4WBk$O<_oH#@;QDx%WgeLmPlCFQ z?Wvq@HK{XSovmK-B8uG`r6v=cxZp#Ko z%eytT2Fi??6&#d6Y%5S~3>bnFIj%?6r6y!!E}<)+)O`r&H}F^V4H1aKnHX}j>2e5; z;05f)MBslMMzGTPMC=+V@jeNt$-fo3J3{nKf4niZgIIpX!fA@Mg2+0Ob;Y`MdP6)O z@`HvNy{B<`Q7e2vYbnrZ%@A6Qg>5_)wv4=$t4qFBSLmJ_50&04pYyB}Ys)|1=V3#; z&Y!d{UI(T?Mu+YU?T94JGTkKQNo!uTgGB<1_{kwBVX zyV_y9qidK!mNX>Z+?X?0t@6?a=-FKtE=Nj3(h6snYVfuEFT;q)0m+dTxDTZ{G#i1a zigLJkzc?-{Np{tOwOfwc_I=S`4fioKfw2{sKFCm8OMk%HR6zI2N?;nw7hglV!x2R% zfMo-M&;$SU4i-02f7rOpYz|9CiLDpIyw!>KY}!w1YVYU7A3g7f2dOQfL*UowJT8v( zXNsFQ|J<<2@btT;GX){Aw&}-_;$&a&;hKG!$>*t(-%|QR83*9B zqU2*0<=4sxNhPT+zQ@-9QtUxQF8|If;bv+lglh-(WzOiPnjOR0K>_r?3}ddCCiaN5 z@nS@!Oxy8dfR*;B)ABjoi~5MX{@Zl@Q51LSyel2&%ZUI0+KJ277vM~i`rK&nN?pvh zoYoL%Yg1F38)axS>fXNl@||sXiX>M}Q!L9)N^>>r{unihlg~{2-d*vv<4^P^JKV?b z4ftdv<;(SLZR>vd%j#c)0jz@Xe3(k2V@a2%ZcQhfatY6SAa;y0tyXf1~k!7QYRuQ8k)0ak>oJIu#Q9R zOwG!NbKGpm$oa7*BN;n~e#)$Gy1T-NGqcxT+N{r&JAxNBE0RgSJfYi&ANet5$|X{_ zG2QHl8ayE=J5()tgWJy-+J#MWBAntS;7Gb0>AN2KZeJBZd zdh4m_a2P;5H}kUxtKlhfCBMgD+fJ%)(f%XsSo$mWUJS1?!EV74>>;8uU=z3R^7XL_wFxU)w}ogTkBrM z$@ALEh`EhPZONrSaQ8=Zc6SWzt~Rs}r*lwX^sKyAhd>(sIo!n1aZJLZG!h#57OacU zC3j7|p!!mm;Y2W>JnBv&U-id2aY~Ln)T~C4X7y^g|JgqxP|RgYvh>iQ5b`F0*cnQq zDn(CPqE~pM^!FpO7DD7Z06P3~LxKzf&nNL*M(>r05|i6QlCtB(2{1vT!e&?EP2wPV z1#~b>|Cfb|M0iDlkjiO~Q$3=qRw=+P?uN%`G9rQdU{68YQ&XeO0886{{EFXdXw=O} zg{rr@@gjzVWWD)UOC{EE$2iPXRr&T@A^ti<9tMT#eDWYehwSE%GrBXxUII~+fV`hj ziCxXFRH>F73l1CwDN(SKpEQcFb`53j&x{pg`(wUJg zZuW$0cJiZ9OtebPA+HR5BIQI8D#00Tb|WmqtQN6^!Q8BTw|i};w{yRfGhlmi)z)hb zn#!@@^TDa2A93gG>AUBKd!b`RI6fANRwAeW*FRyi)42?Kh(~UjX4JYAD;-m_)I=pg zm`~)bT&273_U@!V+#j_(?|(ea1h|irRoFgK&ki~stH!t&=5?{+ke$~2y&S`aN0K}V zFh|E_y@6S^rN^>V#^!aDobTOgmKF~|T5|jVYFv(-5<4nZVDMH%3?#=d5ZZm6WTlqi z{Flh$$4dv%N0-Hfg<}{Zr=vmJ2=xFjg=K4YW>5j|9`iAL*L9wEa;~3Xnjr^Rd4^EQ z!}xFnvTYM>hc{;TOwjq=P%)}zavTmtCn|SKfYtv=8)5(oO4c%CWEh49wdNS z#wmO|Z=24nyks#vq_E|ryjeeSMsb^Y||gVBR?&ps}6lY){-{Di^?zc`e+?VL*BOZ zn@j&6f)3EysjXI>34-()dna@FYA>&3nylWM_^_=D^`&?xj~>7j?d+oLqxfpwm5k0) zon!J3&P#*`d#UFWm6>nnY|CnRKc7AzEXkUn9uX`~w1tHzA`>Vil#v#8YOp@s*i)-; zunLSctT)ae!iAS%7;^Ai#cR=z>b4i(P=+u^K8e@(_FIS-W9)8@6o(5RGZo!B z`mE4@0WB_;P`K((hX0vD|5$D$@Y39$T~v0(vwx)Q_EhZfk7lQfbvX6PCG1Sn!zLu-d2l*$`OhFok)INVMVE=?@5KvFbQ5QyM1=Kg+8 z+tx<&U5-vf^}gJXDn<5umAKw#f}Z;MHzqRQ{mSa@|FFogGCX(5wy6YI@r~e>N+{%> z{V1VoK{_P$l6u^)Qg1+|GH0zPfQ8@=X#NuH+Xb9T+o5xwF|Gw?TW1WAi50`Tqz(oj z+Be14+NbzQ8{Q%esb?=EjyzPWp@W3oH6wZO9HL|}gkcnUO%+2rS)Qt&Xjj6P%3=xk znrnT5U|$#ln{T73eWx8NO-FRU9hqoexbE7Al<1g}4H4-cVsXU$=XzR5 zXQ&WtpI;jR5{nlpyy0stHv){weg4^FR@O zHzT1Gr0BoRR4Vx1@#L7FTRQ}FV)-MbN*1&yekf}XY?D;J7ppuu8V;<2VV;$i<3Og; z@3h0XiS$@L4i^f=k7a2#;q=Tw-8iuN?eZ@IYG*QezNN;US3c869G{sX(Tp`iHg1|K zwVADQl+%?R z0bg*d2tjsB1g9+ej-0Ae-VX8^oH!T{Q_L!;jEJNbpB)~h;kiv;iFjtEF*_Z z1=hLuzA$%9A;RHkKKf0KR059ew(arLDd?w_+BN@b1yg9A;VD_FtR5n1Anb1(vO1K( zX;0NZSG=ZUU@oSpu|{L)7Wef;I1Zu#x3`r(`cOzv3>+#+agXwMPGln}!o<7*9R&P0X{Vg43(sUt2=qqd`wWK_*G9SCKTz^!n7KlZDLAOPobqZC!ypiX?kJeO6`VNrT(qRQJbNreH4`6RCXK z`(!yVEFZR}?8bIn?8SN#T^}NV=Iy8XBzmtr(t4h)>6E?9E8&Hp?2@8%VGo9sQfIQR zS7Q(4iY!;}Xoxo=zo+KwBkN@(5T?cX@`==#p^$Zr zeRe{@RCK?r(?NL0T)aRN!G@Z?YYt-eDIwi$qEjhRJI2V+d-4j$M(g&XrqP_qX98J;ln# z$((M(QT^;&aU)mmJ7t`^(H&ZMBgm~`#7O>BY{tHFtg9@Mr^_7F71Wbzmaafmgo?{r zma<4RcZ>4tFr4Pmz8cMgXF(344(pE?isRB^8bo+hlFmwDL~H$_5zmXrju(?A|9S?D zgeDVpO<056=o)gZgA@kUO=^W_xP?th*~N_23i{^Z0Q-QBRtWCt3NRt* zC>mve;-tw?YQ3B!WvV)NwD&>sRgNMfCHT^?qi2wv1TK_%tUxfLlJ=W?W zb*SvG@&p=@vNp-veQ0JdjXx>^{e);HduYhBTRmoecyP=atv+=|{lnsySpU-ZH<3>> z{HpvH#((y5{bzNBp<6I!{B7a7c+rc6^=qKc%&M-uU!Hkc-v`fk=q6P^x%H}gS|x|0 z!-smnv9RQt+}k#N)j=~^7oR=;A3omhs(m6@6iqV2u$#ZJ?R`2ZJZamxK4G)mGU*<7 z43w#j?Htpvc&T3+*{Je+?WBdq4!CaaiDUT{%@5Nw^SrSuShxwdQ)~7N&2Qa0@m_O7 zkm<5%#J$>jH#)lMw+JRm!K!}L6`DYMGvLxkgRvbY{g|{F%l0m-_DrP`D*=M!zbfvx z4*i&y0ehIv2`BEPKF=bb#VLUy)w-tS!SBP=+}H??sQZ`;tLh3IewbMc%5|D*5kNXw zO0PQ{KUN3CwPJ*+0DCMknXFJUJ_9|)*?!XxtdmQ6)9aCJNlXL}$DXu%3UQuI- z6jUJ8LqY(NsF2=on(Ev7fkhHSs;cm@lim;DphALR^$q*HUn+QrHJ#qFn~cB*l%oiw zvNIVrg)>Zdv0G_!muN5~G!07H2MKbEV&djQ#Kj~OYL5KSg{F*`?RCjDLR+4WxP&4jcIGC`}LyK@>JK)P>X6+B;@d+vpvxB-g{K+5q)rZP8j=F>O z2Ko_W59)<*c^X#o#bEN~%QZ$i(Dg-?V8t6ko%a$Fu81cA>!x*Ybm?e>J4}UiDC-}i z)-pH^ICDd6&P`AH7U1|`C2x!hO|(je@$!Ly1-@>MucOCI4tJSE-ZDFQ65^47u(s#r z2Y*D#@vN^x;VQzruCv?V`-}%C&Y)VxKBhdoKFA_TYGywZBmE&Swc@pXxY{YX59$cQ zYYnEc(Fi{E!0h0>^79rp=*xNVv~o`l<>{tX@8n?uhr?rCjA-HP1QDo`SHU~DWbXCX zf0Vt~oooZH`}cVp?&slit?gLn^>rR;Li<0=-V3VVVadC1SYKWLK-m>=oJB?cXVT%G zp)#3^yv&sD_@lVuZ{Y~vuCucx$)1NS#m$6>0Wbsi!OeZrZ_(2 zUa}zKybdqD`Z6_AZ3C`6vyRSG?WVB>eDDo^_1I!FAmt_)g5F?J+pIq?-;h}%D2eC8~4~jq`_Yn2$wdi#eC#uH-S9;_m4Frd%eT z?dto4lF`h6&s}x@?+U6`No9&_IM{)JRiqrVy?lI8jb#BH@Brfxx-ZnuQD>z_L7;p9 zTaRE0_0w8)%2YM_z)Dx`$I|rmHoUXfq%+EXtbvwHM6W-ATL>C8+9TL{s*P|sLY&K! zzpa{+0MlG45m$IE=Hwr;lFw+IA=(d`x0Tq>t5JS1!AJ0#uoXM&0~DeQ_c=j=T8L#h ztcp#V9mk?y3i4EJp}LM!DoQZ%Fmbk2=1{8MM-kT``|nk*v;3e$*HSgD=!DA`{OJ5~8kRbvc57R@Rq$tty>pE1p%}Tt4qJIdZ5N+k9Q> zi9%MNY(9YJHl%veBw-F@iA4pT_S|w+K~+%^X{mxD?nbr5QM{k45A4dEfHl}pEGEv`O^A~ukOnoaYaxwbwDo`kfI@`oT3>?v0%@O z#UL2U<9{MXpki=Mc>8{j1n|?ALM``z$5iQY171pvyg$#i`C7h|J5IH&-GalJv&;Sm z*!!7qk2Yzj+P;3#S1|KP6_eZLG)xlcG{*Et&>OMiDWh(M7q@5TYD#2Sl3l>=IufND zr(+2`%Ew~KjDV43l~PDy3Gp?+pA0y6R}+bjJwCUpeTluRg>MomT=^5Z*FiC?8-bD7 zS~<-KPvo$Iihssb3gcd7GTMqBE%U@hi?3#B5h(>(bP89VSck_C z;hGK422+dFwg_5?(?m%{^Ww2h|6lqjv>`S$guWT~lC{5;i&pggMx zo3OsBGrNKa4UkA@t2ipQ<@2*|U;pt+jjF`e8f_fd++@*1g(*Y8T9xMk=Q71#idAu? z5g~Kz1`m+XT!jX5adQoUmJ)TQz})E7CvfeDoH!+f5y=q&7ny(f_Vq2u{N8H83c}R; zkqXkbT7f}h7}0Sj2%`Z08g}CQ36GbUIv(Tn+{)`Ba>Gc6G@OUcMUt!vq#3x0<_$r4 zBdS1C^^nZOXA`;03qm6MtP$-J0)FmBC=)v&-=G1g?je0_peaIXdqluPZDdpS+ z&n{D3{m^X#wkf2^0=3(Gs{QI|zLmKpn3=t`Imtsta z7q1M>(A4Y?4!WTgkE33bxy?hL%TI5zuDQ1s$GnlrX1Uis3 z?e#1kn<=;j=Hd(_T+JB9XUc&0Uub{b-X-hVxao3dMOa0HyS(A(5{BS#A^+p+lZCMI z5b*7}xCWUwcuX(K-6{0B4DTzyZ0*g8kPziR@9Zd z-0PZV*F98fbyv=FC9_K&e>Ht-6Bpv*jbOvg2CZR@&=FrqJ!0;p5l!ZKySlt|zc+5Q z$0Io0njCqTHS5@w43?Sa*KP50aGJ@EHTeD5p*4wIf4hOo^jqz0@~R;n^CQyV$35qE zgNc(Lq!aZ_&rgB{6raZ=ef#XJr@d74GTC#j2P=_N7brRSlTH6Y3pf>lSj*V zm~)|#G{Z{Cd~Fa2eYqIS3I36u!+r9q>Tb_1IEW?q3w->%skHk7dkB-I_Be8{uU|{~ z^KPOEc+7Zj8M~}8P_7n&potdxwN4g7B@#+Rzqos>z0Jj`ew{Q(t?-C1U0yvv-qD^W zxVt{x2bgze>krzTq)>;%NR6YWvGh}1+HPU_65)8};$EbU^evrKT>)x&cCD5EG>bDB zbwQ6`R{NR>Ex+(>Zt6;*wfCh#@x^SQru{A`=keBztfA>y!vNQ8U($LR+bvzp1C=%G zZ5pI_@hoS~Pkw7xa4d-62)X>n*tKX=&`jvz|1tIn5=Wa`a3b(zr$Od6g}5g9V7BXR zSObZ&N@svbUv@!kie2n z6jV;eoD-MQ+R3UYCy3H7#cyKYtOx>r*ux07x=J`pQ`hxJ{`r2nyx_U-CqwbUHIp>Y zSNtGH@lkV_G{5aplJrSY>??VitN6N`uJ}3+x+#jcd6Xo- z{`=nlxrz{NQ_^#h=CBctI%p4iWgB^_RAGL^*2J1uy>WPr!#1T@YBMQSi5x*S@SxMM zv&BEguD}Rx4#eU9@zLr?cbdPPw3-RcfZ_;S_`)k^kd?rq-$^Jyj@H#d;QnqSBD1v*1$%?uu|}rjLAZ(SMPumtswu_rMn zV&wz^o@kUJYF3fN97-NEmBt`@Puwc1XbvmLzsByOe2GLS ztYGq?;tBb(bYYOEWNsTO%5Hc(1}w7evN3c1j)kk8W#cw5ETlowI_^zLl9_00oQhfmKKdkv$47PQR`4BipuAd4U zQ6ntfIJYHYWz@pEMuxy1fyKFj}E5b))nmE>`{Tye(WOt6-wS{4EsTS zohjY!_cp6Ln^OFo{L#(`nY~qZH{qXpL>|hv)$^+Rrgou}K)#IQ7?A-3LhQ+x{J`Wn>b(F(az z#zezbzQPB@$OY=N2R+@il1=r-c{{Y)3OSXWc&8PpFAKgbMh1^G9nk>`2vq0V0c{|* z?_~v^R4@p|*}2#1HPTgEPW@y}yfN+OVjnKFiY^n3?C71_v4fv*7X!m!w7`o?Iq|N9 z&Yk>47&=7>EK(D&TBw_Y*DINO{t{zKPipZnFCnz*OTYA)8cQ~}AgObXi_Vbfvls>& zNNp^i;-+4a`Ju@Hmn-KQ?QsVHYK>Rb11%W465Yr@pS`RiBEb_w$!xe^fbItQFH+mt zvl!d7c_*c)JhhJ)nDnK9D#m*Lv|cX?qXD}lZET6<+I#G9U{TbG}UBK0wUEYB0U=`{?6F2 z^>WzA$Mx7Y@@Jyb)m3YiHt3lfQl*i3u6t_=uWV=W#~n| zOZv|m!G{5a zLGmojeT1JcxNNA7NS!!WU=<{c?w_ezm5n|Nvx|)thJ2v90`=zz2ONk$3L{}F6AMsVwyb`L zIzM2vWo|9b4@m63gCy=mXdQ~$v@q2I2_#)^1p6Nm=K3G6J>s4;X)@PfQv_ShRvrua z^P)$s%mntMZTqJc5Eep7;RJxNG|{Ue$c=`KshDL2?<##rv86?@gD4g8Nl{y2XQX#; z-AmcI|A-RIR{(yyQhgo$fh^J$OZdE*XLk36;R20y_(cMKs5mv&4u^U1Ub4Nl=Ko$J zQ>%5USGtfzAJu=2W}8xtb(zFn6D&xp^Fp7q*?8HwFg$i1dF17i%*R!YO&{&JbA{Q} zk=t)Ob5t!=*SNm(+bsO}N!Ej-ZCIT6S6Hf~Zptjy>x5X2#Bkk2SLcVs}clPIB>S5G#WG=UT=y z8m~xU>snH0?sIc_-r7-j=cIV*aDJRVY?pxJLmBc&B3^h zhZbFnb>vYz@ruLey%14M(ynYUVO%wvxFvWG>=GbH68-Fo)t};pfgM*KPy% zXZRWPCO_SIBTBOCy}zb<*Y}pm_Eymju5zX@s_qoaHEV{f5m>I#A81v@ zS9&)c#E2`AeS3X}YKNij(f-FW#qyk%3q_5tY}8eDHY|tLd|(>&W3zx{8*Y3&9gy_g5R;$)@3DpCl(&q{A zcLqosf#HB##(L7Fe5GMheo4*oJH!H-cx1s#^2{wKCo#70<&L5bx0|50Z|(|{Werf_ zf*8`*k|_)@1J5+(?$vyOTczWd(BCCNG`}F%hg%dy zZtLxd9Ph=b;wHc>`GVZ~Gn?(xOAh7FU{DvgVDalstDQIN`J$}PT1092xS>=Ak#$%;iXBHM<4Hf)gdpvBvnqJ=>8eIKJ z)57&`OEJ63Ge2VgvJ}+sK$|qVcmD80E9-k^(Pb`BE?6@k~XLfxdj{8Db? zsPGd)CSeCQTGc4KVFel7+`x(e+rM|y8(z8pB#6~9jlYD7n8(X;NcVU3PP9N%yCAnfKe@6MM zxu+m?2P4IfHg}Llh!<)>l(4yVzxRXmg^|_c3n`MhllvzVS&y)=#tu1X&v4pfuj%?A zWORL9E_n9!>XXZk?60=ij-$u9q4TlRH}_4+#06J7(%g+xDQYk!wFl=9X7a}^Q4KyI zvYI@sO7WO|yF&l?RE3;nuBco`u>p?8o1|lN)Z4YxtY)@ZRf_f7SkE1+{I_$lF=uw> z9yV!Y1q@#b`waTI9)6juag=fn5ewPWdnb-BN!nuyMaMlDWZjeE&Dtb7Y!*c(N@=8^ z+8GKP$1h;-i@qt}q$;C1eY-F1)|xuji49f3n}F}3C?P$bB9anp(oF4alEVRKM&1*5 z4+(S3`|cMs4^vm3KLrdIq+NwBsqA*}J#XS2zHcL>_w;KFHD`mKQU97x?GLcJ4%(VZ zTI^P^p$V|HX)2|6c=d>doVE}rgHX+%IQx!8w-F9ty*|LnT>WO0XLDh@pY5sZWKS?} zC!v^F%hIcxjv4%facNGb7cJmb%rE)yr?E z%f|ewFF?RwZY;Pcx4un%kA7*4A~kaP(%Lg9(X;nn({qqY4eLr_-Pc7C4nxz z^WO^x@9R*Hw6z?i#g)qXBuCXLLQMqjypZrgT-u8lMr)X-4pVi_pQpfDAM zq1A-YYRCsWJCOkDzdv>Vh0^Owz079-m7`unS}=+&;?hP~)5Q2D#HM4to+nJ`p{JvD zNx8aG3UgxI1s(b(SDt{#i<|tewg)@Qf?YHKzq-)WV^Gytv^ci>dc2xw3!A=_jK;j+ zM@@7EBnaVB@%^wOZ|>LC@BVYM=fM(m;(EuBMJ|`HDJaEGF6-@n3WvkR&?DJ2a|Hyb zyrYng3yKv(K^SdGQB}nx@FhS2e3Gdsn;Fs#pDvCx?{8>Md7}yv(RH@4YSJdX*La4q z086K2Yzvuv4ajL^_om9hB#-;o+Qiw_uuOEX-d;wz<3Cp}KkFUlo2xkugRBN}+Rmsm z=Q1(_6q&Il$1MSr)dEF|Dw^WHb1%bHlxqvz&Y=}+T~jffF8X!0WU#9;zLHm%RCPD9 zlp?#7rJ<@Ob@$&RLGldCX(4NK~_=Q0d!Vg2bsZH?m^SP`wVt%X?6ur-l(D{mwq1cAAlE_h^WeVW)#j=u()nWh`#bV*0CNxhOnG#^Z-Net>h=ElgU}}^J zMOyuSPx$k5=2+4~h6!@1guB*%1ZT!3dM+$c*Q=dZKmbCE5});P?3C|Im(KKS|LgOM zXS>X|+}HZE`BUw+cEs0O_kH8+?@Nd&rW!S(yM;RYr|aOoB9q8cK~hAKQ{^a;;d6u) zX0in=U#oD(;TP<-w=E!x`0y-8uZK*_Gm=Kbh_KzZe(bY0QnAr;ETyZMrRBibObXiU zqBhZps)ji+;{EaJDx=Cg$K>eCd0>bu4Wy|(Cu2XLp}rHaz1`K%*`GEZyeOSbGwPK$ z6$?fkq#lq45!zluD1od!Up3d+9@^Yq(M-Kcp^!|M+OjW(tNBI;CX50&bVw$fDSnSk}<^uBMyDwHczK57$??(xs z8e{l3*kfEfPBGnO@sMbkYj)oh=Ul(Z4h~MdpzBWSx-^SW&4<*&jsQv5L{*zL1lKO* zms=ZH)-%y0BuPd_o9dMx^!!fQa5KtEY<=kIc2zNdkp2c3l(FE2(#bUWQf9#NQtVnp zLJ^22kK)Eaq)V)eW?~szxX1rh2o&fpgg7&&^5))MO^FdR;ieWa^^g?WDY@t#XR9HQ zw(`6bypc1WecKCj^QoLE4qOvRFES)(Jp!p*`vv+awKQh6;~=7bqG>P|2OCjvXh5&x zi4`y}RzW0e%E$clM|lSMD=eK0eVK~r4|~Hi6sRd7$`VvNpH(%9EdiW(VdxjQVNG%H zTwFrsLdHmHp7Ssqex*5QFRY0GXB%+a(xNPwyOe8tg0@$~E`X1{lB+Lt!9{>TKQEOs zr&C_xcxdVCmx=CYv6?4#!NLr6_7s73u<;J6E!?fAC3HgRiS3juu31;9#q=^86JrxV zurBIDpI{(S{sP+gG1SRNPt7}NK)>Q47FqV0_PpK;Xfj_Nl&j{9$f*GrB1tL^I%dW1 z_bi_Hh+YfFirVds#+^=+eHT~c+HB<8=QA-G@(l-b`dQ_%ZT)kMLCcm-xMo!;vi?eO z)mCbWPzseom~&zU^hDw>SH7lH4^XUJs-Km5{b)Bg%I_wHwPa(fQ`w9Oh+`aArF z`8q#q{n13@Jw(!%R)>B@Se|;jZF~~$44dVy6J#zu?iwjO>~yt04#Q!p zTYhfAk||fURK0bFmFa{@fd>ydwetL2LmYIlh&Hlok7~8mNWpWh0MQ76dLrm!}C5D)= z#lp{y)6+6IH3uFPC#@p@SL91$Olzn?&|rOk!{iLnb7_8p20zUtfR#;Pg2sewW#{gGL&W=KbAvYz&@h-&%YAWeb3?ydo3Yhr7Vs*9Ix);G?(*Qf9<8tuA z+-sAEv(#jS9UodNUa%pkm|9MYRl+*?w1+CT&f;3whiIry+#|U(j^_l`u~rSr$*eK! z&xW38Vv3;C`LALFBo-^X=+>up8QCGFNj6dWf;Ae4=NFWqLp|}KGK`rFv(SgnvxF|< znW;3LzB3w%&^{TzxeK0$$M?VU&Rn(AWpjU1nUyY*4g$&;H9W(Uv%NX56oTEvY!&VS zc#d1PkxT3KwcGhLYqkE5#xDInp0(ru{^*68Tp+5#HQZQhx3oTDpN7uIE;nZ_71Wj8kmFbYpSO zZxCH&_z9UEpos^U2+wn)VzC8Ge{U=Zl$S_q8S8eSW;X__fx_<*qe!;xmo=r*yhZL- z*zTjo45y(NxKE;xQFkJzWn1zb7L{*s1Yxc7L2MWT!C=_4j>cukTI-X*kjit>!(!q{ z$2ul~J8O*ma<2?i$?hyj&Q{tT97DZnC7Py-V4q zD>un;j78Zhx^i{Q4;PXS!zN5tt``7|5!b3e0HFmncp54c9!db{S*s9sUBAs-<7)w} z-fnDAMoa$l7-V0gt>a;EC@3FND`HWdWNhOS9JhA9->#wuc%F%z)?xE%UP@NZm}9(l zSs&`~v2Rd8q?Wu&pVUwldR0@%*mM}I({&M+!AzAG(r!hAvW7e~UMa@l@Way@pF$L) zKlsD=aQagI^~Bp({5X2A%w54CxE%X8A`vrTJjNNeA4Z@2Cddzb%v6SOuYlasVEx&VE?tCnNR1|~&VJ9xXho5!{X!ac~6RDp{1y9rwJT=p8* z$0)KH;rXC_Vn^M+n-=|E*s9AYCVh{}*`#%5GO8_81aTI+v7#(TMo2{#D^P%BvCO~C z4qCARvPgT4Epq`p23SYTQn8vlj+tr+<+2&r6qFe}c3$&fCq>iBx~`i=w+_2M{>)HM zbZ))4+DtqJ^HKyI!wBBeK0U-{#%=hCuFG2Un~r%Qc6%VDeFK>(;u`efhx8F7r?*rPzCk_+VNz2?lKcoCKQzlqam4<`dkfF}Rg;LZp%09<$H(7?9f0ylV z>nQuHUOvAWa%2=pB?HXI$+Hcjz?UvjbxHM&kVOAeh6<;MqofB$Yqc;mS|c1-Nn(3* zS_OQyF@AwjavS>Qrjn0DA8+g|}QjQHjx0(y2a!P)RhGHQSdA>gEad7kBqHNE#t zQ41ukCE-Z7vJt1l!P!C&+X|`j2zC9_+ZKs*2iO>>*|xZggNrJGBY(A&TWyZ-W!3&J z^z4m^#Djqct-4QuA8E+$YN7G&UB%h{eeave>eTz`{`~usHkJJ*Vp9>HfI5#@5-_N zr~@rnDwtGk$Q$FCLkOB73DfmA0CUx`>e*$Pv8osfncEP7Dfmz+x;Q9;zG&Ts?Xz8n z*`n`| zzL{^waEehp^EHN`g!myZnfH(dl*-_3<7WX(23-Z~bR>@`Wh_eS@K&?Vun2@ZHGO(H zSAxur!GBOpO9%P4xG?t^L8CFJ&evcwF%LfptL=xqGFl`OW0zNKXR41qdK^Nxch-GX zdwjO2B4W!V4G8{KkB@ovTJmOQgR=CrDv4Zd3r--R>JOnv$exbR-GUAv4-T8e&a3{B zvjANCk(2k=@y&Qz@gFr7?^sgdl1o-XbLYtHqRBtSw3~qn2|+)O^oHmGql_cM2k_Fr zvN;edv%Z+(RKj&@z0%cjfk2voGSOuF%@6YvVdIv^xeH87<(%ufQJ3%E`1+qDhfI`? zv~1z_2aTu+7Qcm6-KFHOg{X1EQ3gpz(nS=S7ewL&B8q$BXA21NY9`&*JvS}a(}68^ z_CZrV(~{J_Uc0T%_Lhn`#m9JbdpC88c6I)83!a zytG?AtNUfp(d1?FA`}`N$mKSV6<2lDiI4k`x*>jhEAG0X%?2`jua2eR`0W0!zA>$S@SR>>JMno`eKY zQ`&M|ptqgiVCG>NLtaZa4-(V3n@fQeuq8z3jvDzK>@We==s9l5#WgP_jtR~>I?q-C z-E1ajrTc4A6C}5sw;mGist`edz29k)CTigU`hh(Bmu*xiH>t&|grx`Zm>-mQqa2CESG&V7#|-|k5t#Q zW6}?uf5(Pd(10;h0d)*2dWXZ^J-&rR&xcXsUNoxq^OHNKxL7tzPbOsP>h6XCi@Dc{ zW!PFn@pT_DW}~7Mj7(|fu!;hJd*GcgwHd!>PJic)_YZ zU|g^$-xfA@jOfLR)qd{s<<=pEeFx5}0Ls0@K-`ixn!j}#6;AkT123AqFdk9l6FJ|tg%kq#Ss@zZis51ObFhGeDPZ7x$#`o z(;z1~7?-fQcHPe%D#CF&e3OvoY(Ao(@j9RP_9FX#&FcCI+RW=Y1V+bl z1?M=|ggoyvL|{_MIQvF_rNC&U(nMxIlJ(ceVJXMgFK^`&SxB(Bx9(q{b?7r^W8ywo z-ZiXwM82_WoXZU2)0@e33MqU}WmQAbm<>3~D`3+_3;(POFInP7aG|gy%Ix;a12JjA zL9(~H*vUsXA#}*{e81|dBYPR>wh-NNl@4?Sy1`~!kD&!Z0bVWM`!d3>3W^-V0$JL3 z;FSfSzaKz!v@a@Kq~u_$`}GPWYNNr$dpz>rz?w!B!G3ZP)>Nwg_AN#P`9kDghtZ1l_yGqq^AnDyIAh9#!TQ5AXvp@+h0MH0kN$^D z9Rp24r7RKk2w35~@bpD?xC75hF&~3Jt8{rxlmF8~-ni}r+?46JyMV-7lLZkGH*jRx zduAxVae{KH3FDNEhjB=Xs`z4C%%E%^zvG3COji2MffN0C2b?K2GlW3ym_Q4j zz}8oJLs~^red<{kun!9ia_}y)ax2gbV1AA@NAJiVXasgU17~0J($k|;OzpYZCjn!$ zJu0BHQu|#k8bc~J`H0rJ!|?oaL_nbJl$C>aYgg*;(tEAzL3!#0 z_6^mvtKaS@My_>Zyqs??e5*2@%AJqE{WAKvrsYw-8Ui&1#2q64cDT7D$ zHVdy>NuHBeol2!=@4^or#q+bf-41Y-^YsGVyMkSJXJmHbBc0h^It z8sI5&8{i-hrs+@EEy>hK(r|4PC@D5L)8g+}N3R1t4@YRa6_($#W_vQvVOpi4n3vth z8Ky>MFMFj(Ilk>k4wX24G^to!2~FsD8)}MjvHXX8UB$Dn{U^=L3Prn~;(qUB##glU z)R(|I-I`h@#yZC-wWieBzLx`ICT75todHvJ`RcW-?C9@ID#1g^sb>j&>AePM8|QRo z8xzyOHg>Xbnn)E&)!*`jP2#mAyrRnzTBzG@$xGe4@JJx)Bhj=jLB!MUn;`aJa?MmN zUQK2bbM{eihV3lIXLG~Ew|xhorm?26f?M}qEKFS%A+EWcpn08*+XKE3BDtN{biH30 zS*7L1RK*4pjE!W*SH|DlIF{{GP`JPH?HAY*o`kyfUJh6Y{MuRzx)@<;%$lX*lL;c$ zswB_Nz3(6X%^F;p^heHU!_3Yr-d-Zys2i%Ss8ef$ZYOPR!GGbNvdB=|aWoNEOH*D@ zL8xr$dH`~$!T$f2n;O+O5;O_Bwk8u=J*36SN~vGC z%4Wsab9XIt<_vm`kqw9mr}gBXGcB$C0K=W(lZ+WeYZp+q;UDcZqT476S~e#kf4yu& z3%6kv9wOQid55eKoRNn%K!n)%!`|S3=ma$LcFfOs29Kh`_i_0%TjnzpXX1q>f{9HQ zz6+>L|2W7Wo)fiK9c8V;mM#@uxcU&fPby;}316Xhi=mKlY!$#>_9)9vkp#7XkV;c* z`XMz#SH8KkxZU~pSZ-r7!2}rRy^bV7~d^@b@t%#W@{j9|Z zbTMpFxvEz3Hi<-e?PvI?1gUU+-k7)RUJBCX+8#_!X;2OM464bLc4U&4b}U_F^xNp~ z^^x|Q9^2l1&l_r=v_Rv7_UymBvo8Js^KGnfYLJ_-xz;&+Q@BmR++#SWKkKG(yh5$h zIc(E6)r?MsK{km!nZ%=sfpu71z~ldms&@*qrD?l%+qP}nwr$(CZQES!UTvD(avrs%G9}T!Ri}O+Ll}fhoQTOnAlY$JPu4qOk%Mrcm!|FG{>nJBIiJVMsJukf?p0 z@F<$_C@LYoD1G5jsaVx2|9&+xYIoBi8fG^fS$Gza}-WY-q4<;86u3|9l z{Q77g?wLctV2<$?Eie~VP@TNPw)J`v8IQi`c(S|SFRmTqdp9zHj-XZ?({lK1ZE#@g zRRG&b9W8Rzzz%wF`zd1pf)sj;!o-euUe412$%vegEl8}#g7CQj-=H(oQ5!J&BS=tM z+I=Z+gfZ=V*Cvs%Q+R-IYHA!c0D)>A`KYIdyEs>*ak-CHBr8Z@70g^fJq+{8Arl$4%H>|19K_s_qhB+_^KVwLGZpsNmd%TTUc^OxG5#xXoI z!`H5B*=>SBYl~B-LYt? zv@}NUr5aqhO1SG_p9cO%Q5F5^r~&#Of7-ZGo$sfX&k_j)i6|W8)1%H7a-jHDi`*yE zh5mt)jXkIYaE9^Tiu9arc>Rzk1F>mNtEoJMLy-()S~U**Q9C5{gv-I~3jh1ZD$Q2^ z@zL5)0O7vqx0GQq!Z(P51lBBqYXXkEs%Ahhp+&EZ7M^87 zn$|VOLEz-4W6e56qB+Pp#M~ranI*$vS+3&(v6U;d+H6}>L-`W7G&q~`p;@yWSOpaO zx+Hih)qo0ErO0>VCjie=@w{-+j}!+bz&6+RAh~H_94AyQ9@>mfF0GWpr2uR8v{wue z1y>QEbPFRo?50)&jvOm+J<_CNvUk`Nmr!A@|D5UrB5@mm_bd~s?k^@MeCsiw?pib^dp936<}s^F@LuXT0)`h6eTu`|A~(W_}1*VZzF_y!^8TRS+J z(e85pn1tdi>g8Aj=T*0mQc31!0InY`-kp02Ak;>MI)5eAK~?BHTFnyTsFB~^uurkJ z&|iv&#i%A=_sNYM!ER(u28A+$Q}uFy^wJWuhMue*uQqhVkEI_sTbR}~MLd=U=VyQx zl+QCorzxJh-M1vOE*pIbrDN1=&$*P_-Jw~R z_a-M*x@R8!XM(=wig@*=ayhRF4R(Q*ucBl5vo+>>9BnK@%?Q476N9$PM?HR2#-R6$ z(jcH@I=)w(9z*N*UKB+Oy=elRFEnvzG&B0I)>>yOPK*@lT?Wzbhd1~WcK$AI|BrW2 z2hd|Pm5ZZ+B0Cd4c$z5eh5`qHB`0QPh&UEpcS3toAz1)J7rHdQ`le zHOmcKO)&>XZ3F6^_wC5dwYlMO>_^3}>9TpAH!|e0u1v>CTW6>51KW$PVVM6qv~7py zeq{tP4-oHaTvFE)pc5D=dchYP{WGoE*qty!Pa9^UqKU%LRrBIQ4i(VMsuVGcwpDm= zcRCdv1lv-{qj)sM1KE!r%(J%CQuh+Uy%kyn{u#;KdOosx9d&fp7h2aoA(dPOe6tsY zag_~Fd4?@&MWnTPrzN8q?^!&?^6wMorH5+^N|`^0Ugf!={nE8;sm2%;IO|j@&}JP> zOrhi$uM^m(Pa4qpuOME$F$q~vBH+PHN+FVzCVy`|4#Or`5wVMa9a#bH!JkbzfWGQW z5D7sH63)|yBs(^1IYqBY=TqRYxEXZNCa!xc|3Z@rBnPNBE!!$LG}!!vNrp8`bxm}m z#?>Y_r11VJPwD0gEoe*HSrm4t%<4fk+f|%yn6gV0rX5JA5@K@P^JLzy}lQ zV+BS~S}+fQSW@xaZUn|4gl@my!U@!CBbpIF^>{{X=(vf)#;d-VSmgcBCqXfYZ~|se}X_U5Z&{*(-iFr$lt`a5dP7WG82i1kUZXO z+Dg@%+!-TXLJ7sdmR%BmJEvng0RjrX1C@tcQ#O$ZxTx(fTbjywRA)|r_JQAZ>>;}m znU>qjM{-uW;`e8P@(j2d94vNp#SaU%^R)b80F~$q*|M!o6D32Vvw53!?CNR5Vyt>$ zSI2jgC<^J(U8_yow>gC@$fZF{!kOG~#hfQ>v%My1o{e2jI1-b#37=)qL9X|N`F)6J z=2E4zHfzcaIZTwzusYxB>dgKMuekS_po+;SgUGSAnVjm#_qe4ZRCIr$3ps^doYM|s zm*^9(5MlUbcy-)zYRx;nD3>jOk26~-PN6K&AIDP2fP!$Gw#K92Yq4?PZ$3JJrS+me zNI4N$qoq^}c8K>4pmR*(G{MR}{EaH0MQd*jrz0D=1>*1NXRMf}ivSxMtz-kq|ao$E!t4e1~L_x38@b}(e+0E=pw6~{jn{{S+LXQaE zqhfi^p-8$Ty%=i2$B0p}2yX=8;4bt@W z@%tfHp!jv4OiJwN#*f4kA*nQKi-4Vme@?1%@yJ}8zq4P>;7*7BFh4&LZC zQkrEdWxMS0=nI`H6Ip^@a2m{OrfG(utR&Sd@8BVoMSFgFuV<^#V8dZB4-+eEUaW`PF%Zn0$@Wf6xt1em1Z&AIT+F!=lM0VGXB zG~i?a>b&qOtryp}qi`qC6l$1z_cXSfv}4kcC! zlPR8-sl+7uJ-07F_f=Phw@0t-D=*GU5klkqXKYHwFf=EAbIKmO_wBpamQDT$!1Znq z=Rf1+Sw=qYH=4KV^0X@EyBMx6GIL1w57Rjj_G$rRu=1X@%ucs|GOy!Zv*;2+FYa<9o3J;-*3yF3$>GSSp@f$}S7juIP;Giq;)1`gCP z>y)9)mT4}y=i_is*WnAda8M=fHbgrBt~^J0dqdiD%$+Omv$Q~*b zSR!|>Q@5x0eld3q==y`~t_kCY*)79W8?!eCuSa~ z++D)~jCW`1dm&Wg#@LH{+c&^SZcl5@*g-|^QXrycb=m$s_b;a`2PD`iA}0i=^nBP@ zwD;1uLOcnu#*`n&-6I~5h&LD$t~~}U;V4{J%ux5vc?mhbidd}bf}!S0?=S2k!arM( znyb1wV+llM9x>34E}|Lw3KiIkRdV$GEg`= zY7l!-C@PxFQm^L)QjsCSLRZxoPzMBdDs8Q?t6vHUn5C@P?k2DC?AVqWXkXzhio-LPNq$|YftKQ& zhcf|f06f_-il7fR#7m@yjK3vJz5KS4xn@y3&zHMVPPhn47dRZ6Vv{li9s}C|Uq1_t;^ePR*~(4hH9jznA;cI?yEMiszce zaK`t#cE#v4QEcF5{sBlv-c{xTil`YLpiRzVbE=eP1rI( z)9-4eXZL93E#OgAoRV~;;Cc|ed5+54pK0>cfJ~{gHrB_byhR8x9z8cdP)v|}0Jv@P z2JD%y1Ur=y(>1F6-K&aE;$%?RG&KOcE%I&ZuC_=*3#Qan>1L9yJ`=}l`11EoTHAT( z97eTpB5{RO?;azd#LCZG;WonAzz+ueNPyg6zw1!3@1xds!wjUrEL%u|s)eNK{dHNB zvFtM3KYUP}{^8C*1t~*v{HXix13T^B3E3L=4N;(h1|=OBw3m)*R5)uh+@ZEWS)8d= z?`yHxe8vr+N)QOtKTBdwa&_OVqwmfmEPXTU(UxV_dE*uoF{v}O!_Wle>JBYJ(EnwLrby7U;J{ zwdH9#FJ&qQzWRM^+tN@$$ODGp1Ig9(1!W)$3PP2`!SyaGKCt#E=c7&v;qGRl=7A`E zJFk-7U6BtX%xz^pbHZb7=M^raj@UX`P47R*ceP#e*T|`v%F}BRmaEq`T@obk>$z~u zpyvpBY;-8=m~*0&+8LatekT7?m;#P~0uS(PFFg_TiL$`fkMK4?6B8CjLtCc1%YpQy zfr;F+O|!1o^4&$jEswAMq7H_JSJacD6X`v^Bnf zEvruA%FX_pp-7Be4l^zttj6A9oflw2P&O}S57Kij1F4|eIt*oII>%iZV2DYOODeHI zsGFjTsxrnr1OO?v86^PZTptq&8*|fZPlkh->_6?r(*Kpd%)I5Nv`7M(WE>s3UWZ<8 ziWGrl7IHY%Q_CeIHP)N(5V9WTH$<9C;mx46NH5!ip5j8v_};GfT_64)1HNAGKlO+f z#H#jNjXtDQew2?7*XEClSugpYu{D+t4x8&39T4A9IH?GmC&nd!>fl1|NI3eQp~o|z z5991g4}4YuwjTi8?QO-255foBEcGVh&GQ4JSQWT6L8JJ&2;lZ zDXb_5dyIPNl&0CvcRmjRQ9w3fz(iAPkY1?Glu-2>Ytx@~EM+aqy^u--$i;>aD7%dw18ZDOInYWdbQ z96EeyuzNVGPeHzIqvG+h&QHN{$Pvs9$2LB@xIf-p+p5xi28Idy=BI4^Hh3fZvfB(thsP*vB)iIvGceG_BtJF}KQ@4IF&;DuuQ-{)9& z7S*Zx+ZBw2b4UR5`cXtwz*{wA{p_ul(#RvOF}4##d++6h+aGxe27;1hG0A$OA-!5b zSt&-yR1NQOx+CnhU}*9dF$-@E9R7H)c%l>7K`73YCxsBwdB^NONs{@f0NSKO86q~( zF~qP-=J4wepZs9Z;AM8v_Q^9wZ2D zIdv8KANu9XH0?3#gu2#)A%)9~4K}*z*kHPLUN1yPzQqA*+t***$&5?e*|qN8APg~r zHFwI)K;HA)ojAQ@4f>wAL7#oUjq@&&EZ!Or%eDNnGi-Sd^>jx0o(fUntCH#B02Ppe60m8GNJ`4g#nq=&(rRBSM8Ly2oYE@C~p)7{F$ z#VQsN;~t3JpB9tWUYhj2$xif)T#sHMWgq-6c+b=q$rhyxhya$|a9R`&yUW7Jbz<0i=d@(FW19 z=5;WWMu7NpG)h+>J!_JU5T4E?2=6#Fr1#iWe`y#i@u!4AUl`UAmN1W4dZhNP^B94V zzJdib5HWC`_fAf(uyuciA)$BpZDeo z`B(Fj36R^i4T(rJpq%l^_Uoe(dRfvUajIzV{at2U%bZ5v=XGaJZlayD^zX+;TeRS8Banjn`E>NRsDqcOHLX*n?>9{ zXY95?zx3PH=)-6B-+N^T)EIaW>c|-bpMRh7>xQH6$uIrh9niwoiV7V zt7SM-(vRE0Dc!)?>3_dRd}9DvrJuKVA$&b0b1Mw`~2X=R^E)<|J*| zwRZQ1NgHiwtR!YZiF%Tp*i%ELA@%^;Po@tAS*40Qn_wj=l~v?x8X{+FJO#~Wq3H`} z+j)467eDpq2AQ}Cz7ekv0HEz>DVMR)Fg; zcj7w~(k&>eiH3cf?{n#}N(r_&JV0;(M=y8gLrje$ZYS|$J>1J0QRH=75q&O_a;v}> zf5NIsi0N`)6pTC9hF_ApE{nifa+Fy*tYC9ei7z@Q7nk=_Aw6ofJyO-it18D?GM3*u z>OLP=^c`MgA~lXXJ*}8j^i3*TpL${r``ATRoN4oetGd+TFA6BTi==#fWwR#&Y6uTY3TZD`PQ)ord+jQ0|0=^I}n_Qsy_F%mq!!>rK0YQd4<`aO>q zhu?#OiSic=_}Z_@E_{8LnQfP>Vqq^I$4Bg{Voz)BiMid%ZLzUpe4X*B!QC9QS%!5( z>~gJ7Dn@U?aBBJj)}^CQa|vj&bmeMY^-0V0rZA2Do@`aU6SrareJt927GXg3&FE$+ zV%=BoVh+gJhPUVUDlgfkP=>GqfLXuA9z7&jd*3nT6`0zE488`Jpm3H*%c-H^)L?Pe z?jo>)x1|qMNtv3jf9KQ)a5$aO3F_@>``_21aSlK@m@1U^u4fBPS(qrBl9jOEKA}?9 z3$&t$U1z~4wDeVn5Ph33=%1I>af+6o)r@S^v~VafV3ti{s@hJUxN@)Jss}Xq52%^q ze)Si6QMFSXg(qgHBYRY_#)n0`7o5v8eokwrSn*HD>Q|1%ID0E$n?2XYUze0Rv1OoV zT_~EUP9&0-nh-1DIBVuQtYhzM$uY)MGRrfL*0OjUk-j7oqf#jy#Mp!yajY7CUd$#g zBN(mDAk2x??gm{ydGVm9#9lA9VkZE@Mqe?GS0mc^WGmm{j#oSDTDZyjJujUQRh zw+T?D48fK8{RMjo>)R7~&-dX9Jg@lEh4vjz&ih>U4fEaE29@TCB+3X!% zx>gsQ-0gs+N25&JT(MZ~bDQrRCFgP2m~xsL?{JpS)Wo`iq1<$&2_!wo0MjeVPuxad z>PrO5BkDw2GlS4I>hiq{^2Ga=L(zMa3}{&Bet-kTSIvHgiGK@{_~xbKvHP}!PZ4?& zTM3J|Yr;ioy{F#I^R8QB6TNsvy(ML3`v^SC0p-fZ zxT~G?rXr7d+N|PMZlzZ$BrO!B#Xqz0Z1(Y9wg#pO`Sh2dA!0#*Fu&M8DYlU)>!Go$ zfg|O4v10}6!NL9V`4WXkX#4W}GG*He2|zw)Klq{|X}vyQiP71^_=4Lq?UxPUAn=+HA>VTlgJ)MP6i^Wk-s};;zkjX?$v8*>RKD zAX6Kb!P7F?Brw)+`pZlEPJv%=G;55`HNgcmRTSJJ2cO+ZEYk|R8DVjo5F0_W}H*Ndif=qpjgOvr$myrq$N4JY#H~TzeY{X zTp>QaaTPoqPMZhpWTTE^qG zhk(bY4FYjDJus}Npz_s;O3XOC2&|SfW0^O8)P7~(v1F)9#by{dkRGw2)m;0*`jY26 zYzq5432oOSpeGyq=Qvy1d1^4f!%_6t6*K)?0GPQ{;Di2WBQo8TFo$|OElKomvd}7m zw9R0s{rqrX=G2(57+q+PNWxotyVKOYv*p%_F|E(%QuY>_THq6K)LF;iEm`{osH`CO zraY3^o*PbK)SUUyDstarT!{!TBZbE_N@a6!#mCdF7%0$t&LybtraH676<=WeVcVb6BXOIE82FlIqBwN><|0^mwwOe#m`!$B>{($s%QvZY1pKLP`pc zvyQ*)x`f;JJxR-wZ%%NnVfjc?2`DR(E{;ZJmD$e>)TXf09uccM1SqU_RYn$d6cvm< z3N2UnBwYVWBX(Z6i^%0^KNxj#y$N+OuQQ)O!z2lnr=p}l<(;!2isn?xis>(=ZnnVa zaY1u5{+YhH-3=)0mB~HkM$owSuZt=hJpRh?1oCYff@HpuhjqZT0x{3zLoi{9Y7mEr zv;RA*gH`^zme;#2;n=?IrF7V}@neG!W&!Si#RN3DFLE({Drb49w-6FQ&*}otrPFg9H&giNf>w8TZY!S9a^m@ZRd*T7j7NS6X#H zI(SMzU+v8W5=MMKjvSK(5L5W?_GSeqT!JTtkqGqteIFjR$~1p|SXV7&{4@^tVk6UV#{sZoig~3x zY-G~rUN;NR-5{Ob9HbOG8SQ0q_;$ohRpH5ZjRF*5wJ=f$#_`C{>Qms68rH&4m_KtP zC~d555qEa3Tcs=b<@J*EJ!D(QT6c0yY&X?mAxOpSHO>d)$ykf z35;UQtmL?FA8IgI^Zr(_;Z{>@p>VdLW6eL3wjV{XN&G7GDt{CIlTscx2Bz*XH-nkg zO_ZMuiZTNW_PGE@!o*@-k(dydRleYj2toVCmO$wZbDuCHb}%*xqJbz^Qyj(>y05Ua zxOJHc&wZ>U_$v48EE+0A7HE>;Id(qratPREV3t4#(Lu3CbvKcHCFN?oc$-%oynq%W(bq}JErKx9;xm2s(^ z>wXbaIF~!PrC@sR_qp_=O>Gi!E>6RfdGMC?Z${0Liu>Pgu!GixYrmeQt2wwJ^|j}Y z>t@`UVC&j6xFKh)jIyiLr*!`1)GfIF_12i+m^fCqAl!ncED#l1E-18f%oL;IKS~;hV4KD3Db;RRFV z;X3+4UAb^#lph>M{+h8-iQ3MkWvb`cP+$fwg0L7v|BI%S^Y=2))I6%zOohz4Mzc_Q z>^Er1JaQC&QV^*v%YJ?b>zKR9lS>%s&B-+@RrN|}Te zr)_?dcJVBkM6C83))Da=4_0CCzYB+3k@PA4X{&hNtCcZrDe^zG|VN(+U;XTJ$Ls<6Y2WCZ=|0uznzYs zuY*edUnRcY*LS@C>;8-X>pk?t3%%dZ`H}jMpq}4q`GGQ(?2&&b&#QJv@<%97PxToA-d`grgb_vkDY}Yfhp=r@{kE9t12%9(O&sUy~oSeGws^L>uHn|W}!DOl5`MO!p zU4<5=VH~ez8Zl1f#EWN>L00$s6z|MJ?U-nJyWr}2dkWA7gZ~%2L!;u6!nYK znSNmpL(RM)#(_PvGl3Q5ko#loi@celMn2g(?|<=n7u$e}s!3_NjD`7+KDTx}W_(NE zUzou`oUiWX&6f_(nL@a*yJo+%kKoPKwwmb@*I_n*i^EK@?(_5gJbY(Ih?a3A(%t&R zJGhxoNz}qDWYb5~po&dw9ht(jhNZgTp}lzjy3m4Kb9hC)<}&kx2}9$~UQE1?%A%i) zQYDQl!}MUBMajjkHifedbV|4lKtADyv`oM#^}%0_S3MIIbIE3;)tpX0a{)$|s8qEz zDfErnxt9Gg>+y{Gx_41(JU2>G74M+f_3fJCp-$iX%#O_l*af7>j_RJPI5T^t#a+)d z>IqH=TWO;Ke>sFb1n40x7RYHFe?oZ>CD^7grU91&N|i3ZP*!zHESj?opc(Mk4n^?z zkcu4LW#Aw5`T;sW*&1x<(qw{5#w}k9bcA>a2i{_vP;;-8k|7S4=RZe=yIF@tuSv{m z`BNStbI@z_v~+r#Rg(n^z@6*5s3(y1E0WZ7Oks;!u>u8CG#sAvwKRqXd_f|1bD5GY zGb(3->=-M#ZOEx^vK5uAT)PY^k($-&G?j*>=6{nIo~_&|uXeJ|fSm}=rGMzg)Hz>8 z(KhJV%8o-m4O;EfZSim`cKQ1PIMV*+Pv-vNQOeBwgFrYo2B`~CE-!bSW4Vz#Cp-XQ zuCwaT3WK-&)kY~|H+_&<5Vh6^iey4YE4p4YRwsz(u_vrQIUT@Rzw^X>TZsE4Z@0)# z*^%J=1jb$bF=Y^9u}~E_GW}_~*PD3>hw^W``nI00$RTC`$BP#OporA&iA7pDj!|gxv=o<`NQC?Nz+AVpT=!hzG1zY?P9}bQgC6r_Rhk>|h5RWtJ`bOR?>8y`@`P*2L$+ki9I1lh+ z2LJmuyjJgO)xZ1oppu^KV`jvIkNHF1Ir}T=iob)Iv*zmr&D%fv%Kegm3Sav3rIHpAW=Y{RFWeqM0gwU zuolD02u6rDR;Z1TY3gj*B|Kqy#QqJ6tED#Ef9blR9K(8#>sQ(1EV3#@mVLc%I#*N% zGH+Cem7%0bJZBJZ@YaX_BS}4nnzPEUvez)q58jq|T|nbwBnU#-#D@XzY=$CUu3kOy z>WlWMJ4Ttqp#yL8eb_eXeDuSksFaW7pRY)rS(os%jnh1P-8tvIQzIm_C$#`u4jJw) zEfUNXXhH?AwdS<7PCeFC1TZu7a7LCd-6-jMo_n>K1J*Gh)y~O#qJPZM)}XDw$_!;> zu_Qjt>{I2zmWG8P3lj%Y418P`-GZ{mMAFOn816&o{h^0p(O{s;3?Yixxu+qsKGKc` zA;6Tqx@i7R;k+e44f+ORa+EhZ>80`xZjTksY_E=c8CEmF#xTrN+=$yaiRUyf|93_h zr>>N41P+rF24L&zyrlT-!Nr&hm%DI;l0y&Mv%9eE*`eV@`%J)NN~{`tX3EQ4CrbB?x%RONkdP^qvXUx0A! zhYSr)e<=`Zq%71lH204U*jzz}fj!^12L19ftdHr=2UYm6<(nHle{LXFAesmmgCdmT z(xfkK)Kg97X`=J40FFG?zWvfjnE{eac9eTL4R=HOMd5?PK_x_@ zkXvcPOZ@?dvM^LSnh<)_1BEluW+<0oE##!K&TVgRJy$}_gar}>HwvYKort!<2}B6H z8629gtJZFpRTb4Dg;fW*KKP;j`9mOk6{yyckwW0&G;^E50bY=oJKz0BnFBV&|2~G53$bk0_ssRn zA1kRa>OQXcC;)-iE?gnSV0;mJ3_WGz+Y$i~35H2w1%tOd!T|vWYVGnK{cK(&6&v9v z)hvGneo*bPCiG4)2sa}fT6pe?nTx9_IGe)mS0lhGGWl#A;`yoV@p$6@Hkj*7{p(oU zPJY`VQu~)e{eq14IV&9JuWHU9waT>3N(UXjkiG>K)YiYD;&IuE&Ej#@ng2REKg{J$ z$y6)sm6E9s>oOHOSP^O<5 zp+3$VDMedpKoTunfBK=fuPyeHP|{1`9X}7Qi-@A9ex4NI&dU z7*U-JQZMO7!nH;?Z}^Qr4R!7f3oVn}+VUW?zdcwV&XqIR^$WZj?27dCm?63LrE!dx z>?-YDL5kN((%0x0%)Bil!k^csh`Rmd zRvLz|{kdl@c;MX#Lz>ZQu-p;XeR#Lne@Y?$kE^Dfd$}va=b2kIbdgMKrQW5E;qnCV zrrzikMa=|rB5iM4paYAmz5>dw8s7b~b2my3Ukv6Ra2 zd09;f60V>1-UE?~%ejY(pt9F8g<5HW2syP%=)}T%9zBjc*Q12DIWmNU2t zs{6l5{NIEyxzZC816Oa_a-ljbk@v(&1Qy3#g=)xzz6KCR)Eg_7re2$E4Vwb40nG2E zrzru0!Gxl=72KVUYUsr6r2<65km3t7?LyKiRFRiu%bY2yoa5AG4pF-y6rSyQ$ZLS65X=K z2(q#C0+Iv(L4ryH>i>_ricy5|mlbA+{2F?T0h<2iXJosBT|5rkyYOd6KG1?&XzQgy zYO8t0yLqJ^`(N>$Vk^FuBy&S|e1>3R85K@FL>7Q_h31WWPoN9{Ni+yVn$(sp{2s)N zOr*?yq67((el4IndMSO~liJ&a(@Ws=FX$+*&Y+&IEO)p*y?=edj<-$=59FwoxN)kmvT#$ifAOBx zaa`I+w0qVY?tUPqS5hAMxPG|PJSZz;QV*hjU=RKMU!Gt5KeskoKHhfxfAi9nzhCI* zy6Zo0aM?aiWWKkth8>xE*w2OfYF*b~hV{8Pcd~JX3J#IF*}or;{&lfeYA?N|Z1h~C zpX4ZY%2RHaqTI~JCGUR~Cm(caGI;eZyG(>avs>E9X=n7XR{rpi-lscIxl}P+f!IiA z@N^&2@HXACks~#`XqjetA}3yWQ{ONKg;oi)NvyS%Lg(1&v_sjyv#vauv7e8Zm8AQk zM-n!u0Mhj*{Y`fu?QuS=t=}g2_IVmiqCz3sj%^VUsuDS%@&i-W-^G_HcLqFo*r@A0 zCoSKfZ_V74sSBH$ug;*(g!}!7?lx7V>_>$_n)H*PkYn+&p8&=B5rMl?$DY~)E{DY0 z>Vr0rjg$U|sI=s48|$6*NvwX+dy1)PnG-B2YSJ{9<6+{{q;{Wj%b7iJ&zx0-owvb& z);l*x<9vM$M$anST$`i77IeS3mGRs*_>-Ay%0((e`oLcL3#}?t@|u3iK;!mR9gG5G z!xeWBoBYymPu@^zoK&uJKcv2gB0o#z4KQuG(~fgsGWeF^Xn|~_t-mBz*kq^rTp?h# zFsePmPR28x8qKO*c7uHy!k59N&ArWR27}SIW%i77YXK`|UDl{~IuMg+P@n@o@aX-1 zkWIV`p&sx&r1gZY8d-`Av1LXc%I4&3si>=kb*DnVo;XHsFH!=DXut8!iyVkW0i#Nc z>C^f{yt3F0u4X3(nW{vBL)3Tm4lbF*t2SWChvvdOOo)P0=nC2t&SkM})iMOP?e1wB zUZ0I9c+$1?TxaaPv`4@0E(fij7tUalgax?)Sr zK(ZdTqkP?#-%?^!9hFy3fO^ogrqHsPN2k=59PKSy2=5aCQPi-V!_6rCkM32oKT0UB z-dysmivsAD{v1k|-9J2Y4IlQRKW2NI`&Y*|>-qrk&jnA3udtf#X0k2$A%Wq;6{@9R zmc>uc7KIA90`>nWGW)4?SX%NUc+ae`iAOZgNLu2 z5$z7$+`)-evfxKzU{T{r%i%WDbc6%clvkV-&Ukr$t3`&!Zsl~RZw!3_>kE_4{-d=j5Gm`fv3kC>D zn?z}D5vHqmw75Hk>JvJM-^pWAoXO79?m7;nZsDdia-?ZDQP&tm%d9fl-oiNHk=g}k z=T84x_!3*fR?l}b$6wa(Y|ObtC4?x(SZOk>Sl7>Wg;0%90Jx@S=BU!|t=M#DB{v#@ zWrpJ|vU6CqB}duzju1(`hU0Zpxr@Bfw%bfNWtZ4ZARisW|LN2z;Gb;KHbPnc+QP^a ze_XEH-}F{i%))E+@6T4@2mABzwru}K?g&2iol`u{#Jh6}aq2dMwE=FL7R`5R^gid` zXeodJ9xgN5MIl0_)^WT!a19O~9E(QqPYYwpO~dh{u_YyW%BOwgx#;IY{+j&+mJie?cpN!4f$I14v=6p~O zg7>wD6QN>ofph3YFoY+IMVUbwWJuModw|LEteE;k>2^WwE6O*~Lzu*Auk1imRAqfs zB465_Mp?0B=Mc=Lx>g8g^qco*^jdK zz=qlC9qGdJz2l>aLpBD5?8(y`RBCq-8%@m}866n2Nm7t$JUU4sQmAu7RqM?wmrnd* z=GBNtrNnh@f24}-5amRat~K^{+Y~1*GFR2lrrzZJijhl1`G+>i+IHKjx8NA&zy!te ze_{xvIgMJxG(?AWAEO=<5SWQh){DE`XKh}xq(u^9B$rV#6HB(>vdBg|gCdH0HF$@X`^1cy6lQT zQU9L2YF;Pj%5Hkz#W1M#Xsg<$0GC_OF5Otghc0(VSgEy%kLF8;$W@a5jTh*JjK*rx zM-`(nXDEzjNGe=~D;nD}wn!x^h#SFXBpi(ykcrx{C4LX3hWAb$)iY0QVVoR7u?aRf z>-0;_(;&w)&XZ?V8ehz^a5=-I_gQ3o9V8k)dzX~@Bc=EjE7}LG%PV|e5!5U~1zbRFb@x*AzqmWS2iSK)Qk9Y$1`> zS~V@wFl~Gp1fPO1^-=lbAb;jbnOMY-9ppNf!%a)p1o1W1Dnfl~avspDnY7JtNvOL` zJ$)g1((Jck`m$7t&*xNWfJ8o2;ub~^_ym?Ife=SN^RP-+{Gn&7a)h^m@k&N;@9Y49 zMc!^L_Am2^HzB}V5g_2vtB8v>!S!i;jATTkAZTq?brHOOxKZvgv^$8df!?Wyd4`vU zBHaCb4rWJIy|Cth{TyKq`^3KJA$?=Y#}Roy0g1nv0Rw~yMlG^NDlX^j=3My-Ddiyg z`%b#qf*gtkzZHx>%a%CnxFki`iC}Ma7rZ7Bz+-Pd%$_)klt*v3t(D>lur<$2Vz^MJ zauVT(vt~!KXNc=Sh-FTe8TbV5Fw7n(A~Cua_DMtUm=peJY5wU*KV|Jb#_eBY}fJL72YVYP|dE~Gmp9K;g z{Lm4Qko<&uUUoc3Awqt{@)BTQn%gjZ|i>x;2R+!f0!gZ zZt^UKrCc?m3V$MO_31WdtQflvE5~=$65#`wr|$Qz&s|*lB($Om4FDo~^cQqSwR;nU z%@LaKnb8hE+Mb`zMX9Cgk0>w3%)c9excF1EX63cW4*-f0khpMpI)NW& zAT!&7U0I(z5z`j4-sDW0-9F$CHKnE^rASxTwZ#-VrPcFX3{ z&R!v|GXk9CMRFTJ9Cr&v-Q-43crKjyx0G_{M2~wP87wzi9^CCu{vT)W6kS=gwQI+= zZQH5Xso1t{+qP}nwv!dxwkxP475~}a`S#6!b=tXEZT2zRSl4ro=jr{m7eWNCY4z*p zf)!}*;vLWXz+;6bW(^rXp4W7wXUz4HmVz*VPH{0nSj%PSWUUfwf+R5C^)=|`x5P*> z^y)@%dpbtl`L$F*tyyz=TnyCxPpOB}x)kR1>-xG-tAWKl3c!VFUMX?>(+MAfE|nKa zPurfum&X_N@Iz!W^(rze1H2%dj;=ZH;&+91{rf&X@_y!cP(LY1w$-p`OGnQKeGf?0 zPUIy)=9QP19A5YfVDk_b4O|WH=WGvZ_AHe%y8M=(!LJMEZ%7RpZGEwFKJ@Z#Mj|nG z*$cSj(Riz~Hw3oF_K|?g&A@;Cyn&4D$tYJdpb3N&>_zTJElrfm4Rqz)rSAJ|B*({r z(I6M%l^(U=hLn~^H0J2hRcmtoi-*#8{Rw2>@vQ*l7Wo_%R5k4v=G#9fGR{LV%^se5 zVEl4C#22m=O~(6;NJ?;pYafg^#$4*td3EOKEUVq9^NlNwTaR-kCG6ZzMHI+-Z((f3 z?IQ(MyPS0rMM*Ujt;BmX546s^JNN{=UXzUC-vcky?|?d`jw1&cqo#tu%tPYQ1$hOS)*i2A~NaIW>uw z{YX|6c<5^(tBW(GTT}eAmaAg2;Sq4l9X%$4poNc$I#QA(T; zO10pMw(p{f?JWZ-b@7c*UgO$r`!Ncu8%8G;K6zCc(Raz$wuM1MQ}3k! zzMI^l^Fb$eOZ&4&N7Z7BNh$KAYC8~;5StPm5PZ4>uiJ>q2=aY+RH|o?Qb}QECm))Z zOlScRGG_VhHAMD$b4567@BilVbwBC;y23k~2a{D!N1j@v$Y#bNFUMwV>q-3pUje-) zt)O?OO;7|q!<^3vP6>jxob$K%F@ySF01Oue zs+NWY5_x6C2ma@cy*#w}AAmjX@#*oTf`ts3k;r;l>K!zzA;0`@fLehBEJsx#pkKxi)W-Z^kZ;+U0X)Fh;5*!Uz}Y1Ax^_6gidx+Vz+ZdN&~Rffwc#^*KX zDK~%dEp^`9xlEmA+LNUr=xNblwEI5_n>VE9qq=Pf5i93fFD$AULl|F6GNvR2y|0_o$EWi5!P@h}UkyUWZAIZt{=o?LVu*kN2>jhBzsCKYf(7jbk*#K-qxPb3 zJM-YL$##;dcI2(QU|=0KtfiUu&Pa{y-y+|Sxqi8ogaVgpf9f7?5L<4r=e)b6ra|>^ z2_urC3xP)j@q9R6c7fR#?|eV=*4)Ah`2HT2UrklZzpU-)>hFZnl`Fa_H!%N3JTQr2 zgF`4vOA!OKP-tn7yl>1ITU)njWs0gy$4RK!c`gdj$MeY*KG#YI{?Gw#l zBG0ZPU@jaGw6j-Aw}1qvcs^A*_gl1iw0+f~4UT}>YNJr>YeX$}3(3R1(OlPAK=Bvb z5mham<3i;_DMW;-9kf1@(tl05wcBtVKU)8Eeq}>wgQfd883N!t9mfUxNeuOSIW)~f zV;wi+hY;W-Z+7i`QJ>d7IaUd9#g@&RckGK#c}~ys_7_Hcix8cvru75!ziCcq~3MM(#=1sYC}U3ocAC^03^cf4{%e7adiP-+G_k zmR%fPr{8oW&QOc*jJ#Q3%WiP=ahhf0$RE!;{V%uwr$z4k(|+*#CyNlF1I@&2ESKez z0LUQt@gxXIVvKVeC|H)8RZ{OL{;{M&ZU*!bek;O>vqyU7s79k1p4O5hSt`Y4R1V*h z?CJ{^8u8DhIAr(oJ%h0h*v71sSQ>#UONZu{OM;x!!h=qayAPDrwVKHa1w&9fe?D`+ zZr_SjJ#QCA!UKJ}NpJl>GL&C&Jq-7YQ*I|3L$E@q^v%)l!s!QHv^?s(8v2 z7;-9s9vOnE*p}4lI(cx|LddMq7qfHCu?#t*DG07=iAaY@VH8^I?!Ddoi>H9-g~m&K zLs6#*AQOq<&O;nqpK!*kye+&~2Ek-pkkk&O(yqK7C_Ibe|0jV#F0C>75F&J}J9^2b zbNv^q{-L&cOYPivXjoAB*%8gxfPRwkz;;2#-Fyj!ryMp%{XaN~t7#@D9u#m9tFNgv zq{ZFR#)y=&sgzqFt(9Z3ItwNyXh+>tgV+&8e}ovL^OHNqg9@8fek`Y0s`(m6osaGt zAX~`DshYME5kr}`<>KvGXQ&%RGbI7cI0HDtdw%zPmT-Sa@iEd?%S*aCp)9mh$h-%P zl(FLIQ~F5mnrom7FK`rms?1p=*M!s9JpN|zZf!MZU9t~I!jSy82Px|_mQJ@pt~nj| zOMbvznewQ@b6(Ay!x6lo#tU`HK#FQQQ?jipN(vV*1I&$ylE# z05HdrhSImupt1+kgkLBPzTu(s2NXqCIpBe$Qu?-`%rmPoiH>@1dZyU5Sg~gN&WA_< zb+hT{@g%iS_D@>nQ|MxA#U80sEKOq6AR1%eiG zBF@C=rJi*hoAp!I^EvxX{x0}CB4&wx9aUOfl-ZiPn36E)SnO6MrgVM?hw0xZaK=rW z!3+$+dlQ=}&xa?(AXTVvpj_Q05$}AV>!tYv^p{YKgdvggp{EUm?}oR@6$-CW4`s5KWt8*5rY{F8Q@=9 zZY}oAG7hWa2}%CvkQ8vm&GyGh#A}xxnX5xdr($$pe*-hN%J=8j*D0gSO(dA?I5*S5 z<-}wu6{H529!E_m-nnsmzAz2k($FyP8Ye%wmR{S0tWHFV&fYX&Pqg&Cry$zqOgNZK z`8f4!owm37iT8u2xKdxEiZ<{b7afcK))Jg0qAo0{C>Am65z7l^3Achtn8!Vf3v=BA*>}+=Rg#IQZL- zhi+}du?ss{^mxE8ZpsavOTYP?pkJY`ngphLS&Zfa)+-5!0H>XismbJImC(3hufL*_ zQS|)Q2zSOkAJX?S0iB#?{ORj4yyQX{RY&r{s@cFamWxi6&lCBIfqS=7USb}naPxJ* z_?KjYz*qVA-}i5}aRzREHMzPuf!uGGmtpXLvvBo$OSL`op9C>h#aV~4T~t*BC-#DO zl4sv78c4<-X+3&(MZrH8_e7h03*Kk!z!eva#v*=X)0o>-;kx!d~N`_k~L z(WlQ3qmQ){ZNoP5fX`8QI1_|#h!>>}oNG2ySTa@$1K(Jzt`O3dq@OF4QPcvhYzel{ z2Gf6Ht$oRJs~NmCKx4LJVIaTY3jV1|$dNK5pK(gg_CA}MN{@($0d7;Mis)nhb&U6Q z7)UENd4L+*GP#U`It}n|br)G=eFb5`?wF+3+~D(>E9C`JH_|BlhHN%fZBphlYYRlq z9oq+cGSG;N7rD5352Ih!P`Wm`&Lk31k)~OLJDglctzYt2woKC6004V3ND7ggsYB_`_W{}K}_0IunVcT%q zmZPM|i!e~i&fddJ18SE|iG+vSuT7W*tUO?1Lb(K62Lp`hrwgg6aP2+UARo||Om?2T zWyUT68u(Vpjb1Ej@?)2~9N5*A#!n_S1b*)SvjEW8S?Uu@o-(OH=;!~>o@>CRNzJYA z*BTMmPjP-?Kdr%c7ts2)Yk|)R5$Oxc!I6jc*r3s-&?`}s$hx_7&rL9Iq!o+Y!NL7v z6f~H3R)`&6*M{WbsRs4YznQegbWpgv*MAWnsI0dh@19ASmbsU7zUYPg1c@(tTb`Tlc zGV1%9q=}rg)vVV@f=#~t?@8>huih?&8FZ-PR^ zvrHWn1b@{97NuMYWsE5N)ih=B`o(#TCmrcN*WdIo>hHJ(doaaxI+OlbB)|~dtp&hB zf;}6ZL0c@7n%GUXDay6W3w_1o;>k6_hD|Oeo=s+KGY^?bI-Ws-IQi&Q0qwNhOS<{j z1F!ig`dB3@BmEca(Zpqz$myuz(joIqRH8DE4|QAzQhX;|dhUb?A`8@ zTfn7Z`kuLtkMVRUqY(|BIR&p)BVhlDw#hgPonC$eG(Us^N|g6v7J3Uu5VMV~E8 z8`reCj6z#({*Nt?)bptw0_H?)1RpP%*DKVEwUY`ua-h&r+3VgYDYEpa(?iyoTiG64 z%COcNLSv4h{O4|Wd)oAxQmRm8`U6%wg2*M;8iI(Crs+*Jq~33%KlpzxQ>gwFFvg`n z*)9fPccT)N`~y!T86tN`-~odF0{wkWr7pO%PFTP*27gD=UQU|zHJx}4LE}os4s<2VNydVBMvJnd7Z~RrX7GpFl~?qJvy2?BCiy$*njS>u%E&d& zi3XZHJ^$A4&Ee~;8qwKF3{}7CPCP9E50-@FPyIz2vQ$;hcQ1=7t3FSZea+g4hznK! zWWaR55HKl=s!<^@8!2qmQ@Gf7#fe=Q|2 z4a%OSDsrf2d~e5yoi<|n=Q&Y4r7+MlE~As|Edb5BkEm>qfNc4pym=npxT{-zzrHTg zeEvNVSu)?IAawjM1k`4OFH5G*+OuQcy#v~gxlXb-3$xCzjLy_86@~iU*#rN+mNhn6 zY5JL5R3k<|L21o|7oSA-)!FG?%xbvPoJdZu^%)RDJ7Pm&CVgr&;-|^L!7j7JSDK$Y zlC!DmlU6>NnKGo>g28M?*=`3;WHA(x$`5HDk-Uilg9~rtNR7XsamrVV zR^5D2`Dg_$=?nH2NY#VrJo1b}DYPs1rdOL;@h;=>Tn7iZh3e8{bqoz<9gmYN7qyZ< zLu3dz90j4} zZvdN6;WVOAzu8@AY$I^JX&@ur*ySb+G!aDU&UX&2_Q5eJto+eR z6-bZ=a}sTn8$5x-0@tLxQNO<)PF41xh&^|AMiW%)R0(ds4k2ehoVoQf6WR8|yxWb@sET%k$#w9%yyU4Q=QqHQMljW*r^9KCuG`9l~h1fjv>Q{W{_@n=l!&f{49d2 ztHF(rfWY#oKc>mnxUWpf=Yy z39^ggkuxWUu8hsv{5DiuPv(A1h|z`-I}zzcuqi_<_v+%=<5qD9is+<%O*6L{tuqm3 z)p*oE-`{@htF5BaMVHkdwONu^xJ1cHMnB=&IOn3F)2!%A7YS_-N_!JF(1Wtn0fN(p zO2m%0X{&xW(fREBM{OQ2aPdc?Y5JT-B|0l3ra{J4sjcG{Y0o7DEEw!5UZG}SUHkT( z&+`SMBTeeCB0Pqs-y3u_J^C>_|Mtu6W$E=~{7PO#n@y*jtq@%IE+*X6eH>=j2Odl{ zE3dSa$|1)z6;!Wz%s>o_r3P_wkf)K&{av{_>2#8YN948BF>8uuE$Z@T<~<5XuDf5mC9Dc z46W4cX>7@X@C2lgtrg!DselPjr@7>m6JhLL6@O@;)=~+m%d+z@sF34&l^E>xZ&zMWj(8gJ{k znATC16JR;Vr-VnCl{$t6eKE$#36wv%>`Q<$z)^gARJekD!`mQ$s~ZiuFC3zbTQKtM zJw#+$k}!iz41ki>#0y-cwi+BGYP>9X42X={y6C z$pKWUEvaVYa@KUz0p(kZUSkZ6#142(9z6|ZAm~9wa}4T_OWG97WaxQyBT1zJyI!Ky z!{-yZr?lSHS1&N(RMJDjW*wN9;m^f(DLKM0&=*dzL&6+n)o2Ft;lP!H((MO<>I|qs-z62ptFt7%VY*#nXNPmg+MEg z#$E;Nm7VVH{y5cy&_j=}FxqAs{oxiyk1X1N~w<25f=$CUkci9~y%7_Oal%JbPmrRr`|5 z*wOqQo5q2t$J$uZBduSFXO$i)N1?az|B6!KA~E=)&S*E#de|)JYyFD)J zVqg^7VbsZE{Z9je*+%Xao9@q199k3q7A?1+m2c=WS6y%D^Y7-i>#xSVLlM7t@xJ{D zDZ^zjT_=NooWf9uyKQ|^tm)8FkM<;SoabzAI+NGAHX8AGaB31>&NJ1;&&Or%dSS- zBriZUJ3H@#L$cH2k0aUa+J3Y|(hwLBVhW@%stX*$#?t&FT=ej1tpVwNgw6Ho@W@Yd^(~<&SN0V%$vmoZB>M13P!sd)+=ez=!)uq^SXw=K*?zVKUlg5Ucw z+Txz2vcxyqqCn_hdE(FcvV^aD-|YWveo>e7FZ`6V>OVjBq#E`x7w!K&__OC<|MO4( z=j5@lbSLF93&rIC)*Y_Ks93AcC2rLn!RlKyzI02puX7xOv22=5uCNB^kjoe{yPy=5 zHC<*1Q$UW6@0Z;!l-FGrOK%~PNQUwG%o%T_qtq(uRyY{@W44JfNg0sDyN8l~7ac|(*=F)aj=&Y5a3wt*s&sjW-&Goyz}0KFeM! z?-K(x0}?2m6{|SWL$J1fQTB?6O$W>i^;d1l-+( z(piV;Z)S$}(ER%A-tVo^692b3#dZ$oie)MUGkuXhY{~y0LPa_s95euvL}L*`AhFeB z1Z$cgu1fbXl&Wf4zcoDJ4;$t%uj;9b#UQq~JA%$%c*Fi0>%6=3!HAjLN&){A60a{R)W=g*egz+x+jP?O0bz4mV9*;DPlEj;wQv5-Z0+V z_#n&6O_i3-l>4+mybC!@JL-Ef)^T>vVjLR}?)Kkz_7iV!Zuj=~gRhM8iX9e!^YnQq zk!BfvvMia}bXNlHZp#R5RXAgDTKAV1e^?7Q9mzC$d1UXiLtFX%f?v!{()pJ=#Rp96 z*0fDl!wlGHx{+9BSDw-96EeOnViZY`Nm&BI=6u6o^{Ih>*=~anz`=lcqmMo9Mr+OT zwZGcn>0zkY+CqQ|f8z=6$AP2CkmGyhTxv@!`xCvyl>3b`2m*h{c_bnix|W39bT%GD z7Mer2oi<k<43_oBP$t@3xwM$c!_Ug&Q7y;*d3 zp~!>wY*u`z=1b6`Vxbd41i4lfvk-X(X1nRN3a{z(@O8ZLjs~e26;ubI^!p~(^;;~7 zMTIE?j2!+8!LE2;5LRSR&8>-_-?*%G$y@~q3{n81cRgfYNyYQ0dw&+`!LfcgUlc(K zVT=gepn6>k%aPu2cV@5mv&rbeubwC`FHv6ZM@IH=i?<1iJ=gPPOK;=$hiKOX->3A& zHdd^>gYtx@iCqQ9RfM(|FAa=@wO)Ja9&LW+uro5*?CW;O$e!Nf+v-sjyG8emmCutH zDC+Zke#kP^=R+U-HMu%pp9cfuer{xe0Fe^+OnsCeEYQrp!!iJPh)LU(01;77;K4&j z>o$E&ODBO8SV>F6Gm0ueBc5vYd)rzQ$k_|>C&If4YlJjAP6dM-+J(Z&ufnvesOO8e zdaqXpH_641za1`9LVxakt<4;_sF^rG*WVE2Zx!<(dA!-47Q zL>OM3?}nWrUm_j%Ck)w&p^oBs$Q#zllX$6a1OKo&&N=j{zSKMxr20r3GmTL!vq6PW zq^SVjvHMkMesZkbeG$43nk zMLN+KUaie1+d}QiUthY6?l=SUX))MxfG<#$UN__4S-m+H=1;zP@jBeg*7rk`1?#;UCYy&~DZ~H32H8{1-feOqepv&d; z0wH>RY<8uJE{SJ=eb@W}q|L!$NbbwY+u2a>pF=p~vNj>(UG-KrENB{BZjqVFcd-$< zdFee_3LSDOfA%De@&513WO?Dnm*XND=``91yvetj1mj{wR-NoaX6BquLt#>z*`di^0|>h$cN=kn7iPFM#`uij+LgrGZsvPrqSr68nA zeoJB!e;Vza)S$!;9AfZNauQXk$MiDKj+A~y`gCf%CE$2>VKzQ6h`v{xp?C2-aLDe` z>q@weaDR_29RxIaq^~W<&#pi!j;vga9AY#zN&l1aaY~nO$>$QLq>&fs!T%2bL0UmY zoOHn}JEPl_WTR;sc61hk@d2qO#qgl~F!1;{MTPhC4{?Y5vJdo?LUe93kAk!t!#7Jq zyD_7pFt=%MS+Hq0X2Mwfnb5Sk3Ppp^%3a`V%CbseDFq2xtqZs%@VE!1eQk2zYk%{P)GV8(Ed1jWnb5(V*xFCpx8f}r zJx9D$j(uG{y$iav<5~I=aD039jlA3zaLlh_6^;@=Dt#?J>e{^e$Y8A5e%(RE{fMn1lM2w9_U}K_Y^0<;i zmnpSs2YD$w>daTif7d-MSOg_>_S4Hpam#o1#fHxIpSvdFx880S3R#j8-%uI1tQZa9 z#<^3C1sHB6X#^c^SQMZD%1AGlb0rQu>vitK2Ypb1OCeKaS>80*}srAB(D|@6FF1bhc#lp8#()I8c8byrcDmfLLebhHCoTAnH~yC-^q}ufZM9gWUs|sOU5Pwe%jBqEQ6)k1|iGqzs zEMKq;AGOd`yM#6SQ64hLNqAT8K|0C3g4xESOi6#f5%ooX8T06fhI?vIW#`Z_xsP%*w@=O$FaM|2P#(nbdJ-d^#U=9DTs%q+qW(r^lkTg zxw{&4H|^pGxI0#DJu&weHwp0y;WyRPN4fhuDYSFuND*26&KOD6>Ak+KeO0U({v$YO zaOe79{~^{ebLhK%r-+SZ%N#3M4j`+)ANN#JDL)N-4YL*P#N91DbyTa_2uo$lmL!+z z3SzP%i#OTvCq6jP-8eT$=iW6%!DLn$f5%h)ksAo=D#L4geOjBrTyVz23&yfiFdW1C z9@m8@41Vked!l5M9dYR36#Gsz&`>LH2(Ps&K_eE5!Xvgi7gCOA6~Qr{@oMjfKReaN zi0giqAB($MiAw)Jx#83JKXQYIN8kJ<6a33c`%h+9tI)z@orqnB(s0ta*PnG z(?pEI4L5i~0+3rI)%<|3%uo9Ul-*?!d`@>xxz@lSmTFoOkbbH_twRUkGO6Y!&;OCa z%8$KXB`a`M%zRiHFJi{lp!Jhpv|`husA}Bisb(1`F*FfX)6eg*8^{D$KOv|(ks#tP z>SPU|CaXAUZ2>04PJm5M*{e$p2k?XioZCBKC8){* zD?gk20^E0yl!XG#F{L3++_Xz=p*Gf1MGKWMOW8pR?e4K*i=Qd&#^feFoSgBiv14ZC zh*GL8rrC>lArz5R%F1|3`Zx4$yEpI&d%;S<1}vR!=|q$rHY)I%u=j!}jnqHx!jUSU z6_cm#(S+j|oK;gU`y}BY;#_UXSe^z7Kf3mIVQEaBj|3HkQ@IgcD8_2QV7M-m0||o$ zy~647WhA+`YP;+WH@N{%sI2Gx>Liiq8qX=L&lH6=r)YsFaM~c`x?PBF1#;W58nU|} zC8KG9s9-buJLrj3h{Ev`U;~gHr$|bZ>)yP>Y2iFEsAa-~btCB|)zJi%-!wThK@x!@ z^GKZ-RFPD+jrVd#Yl1*WOKPc~|8Yb%_AsIH5XKwzAv(x53*dv8@07n06>~B(3d)O$ zq0|xc_y+|gKte-TT5{4iXsplYXd3MmLGBs-l)D}Bxu)$b^ z7O*)xqaTJzUG?w_+uAvn76sqd4v%g~Uata40Gk{)Oj^qA9a}L)zzMZq!q5*zJ10NJ zIPsk1^SD6x6S+9(@DLLHiqg1k=Dg_hM=Yp0Wa)Ddz`n>NCG}A|))4yuXjqDjp*<4b zn%M|_gT7&3RS`FieoDFo`m>Bp$%s$fWf*-QPk?^|Iw}bn;-wFzj*}8iod6w5oh1T5 zMP!}TV^!QIPNb{4Er zM({{wr^3zlNFQu-8nCF4WW;~DhDV1bi@=5>PQ#?26YBH&BvjGT^H&A@^0ch|6EQjh zm7rittQw!@U@BU|$|<0xg^6cPB^nvo6pkey zl@s>??=LBFiWOtsKvgeuumMz{X}}k25~NBiDMSJkg()R>n91Bp7n4ypNLpzuhyKFn zM5hP}3eymX)YXD(-|K9)j$BGY*MP3^ zR*1tLmzxD12T?YlkpZfL3-@bv2rnzB=|0Wfw;<*x)XcX32ioVwtQ7ti>EGJ^m+~LD z{}1E;+2p&?X6yWM0Pe2-XAiPM?#BT*^M_AzW>E{*`x=W`0Y%iP{u8_EXq>RlX<&R5 z$&46n3cC_La_aibCqI7WAsB7RF228cz8wt>;hh(LI_Oylo4A_R69$d=^z|hxKsPef z)*XE9W;>-5;F)LG9GyI?*wzJl?c&&0rGdNC2W}T&)8boa>5E%{ZJzz8xf`a!7O!hJ zf5{=(zDI%C(gFX}vPOW}(grVYQ$o)$S%Bn=H@3Y)Le}nBy;Cnuu|@)WU9!sXHsRb? z$x-`u7M9|I7tg|Gv7-fKZ@n69!;)g|#ZEMDDBDitSVd+C=aiu@jy>%s;NI&DjlB1& z4$<5lF!u1i2S071QH{-J*cbB3A}51D+fXcywo$jr5FUVi(KCIQ~EJ{TQvA zgBd;t-}v<^g~>>>bh_ehp0o&Fc!|qi709?VvOWv8c8*CiS=qLng1s%El+r)ynkF~Z5qsiBc6oMJs1jKIe1q9t=aQDURHG!RNkvKCMKipV+Q6*^YhDrD%q)S7a-HideEt? zrJZv-zeE|b?=j!RN#p@VAj-aq5AgJ!ZPtE4X8fLylIy5m;p2`wpHp+{?#D}K-W8E0 z@@fr5!+VBC7}Emq6z%M3dZFqL`OeT{8Q3bGob688FqbP^Tpx4k&sk-bm8G4|!q=mS z7Sym0d5leCo0%K$MyZ22toP!G-9J5Q^kgznr?jCYC3;*;8f$bc`ldUD=RTgTJ#FEY z8)!v|i&;8*>!#3z7760hxuF!;Y)InCBh;SKU!r*v`TG{1#t|AhV6n>9iq_qIk$I_v zPZ;xm&J$^cFnHw~g_G&IZOpDVuo0eq$8{MPKr7uvyju{DdhGv&*%y zr!E<7E2LI$@Jr$yDy=9GXoo8Ua6!62*LWvV$4yHVM_;t68#tG|qYeX5@-~xOkr7lQ z(BiGmRW^}0pH&c0Zt~V4iVo{$2lTxtGpuqF2Al9AH0HZUR|a4iWR}0EqzXkzg1AVx zC=4G#(r$mxvN(Tzp3GGCAqzkBbVn0c>s0e@e~!vF$jFWuge`fti+0G<`|I5Tk`_`3 z;kAvW@wuyv1vzjVO{od?T>&F#Fb|VJ4`v$SA24Zy(4MUSMf1G>eY(g^``=~Rqe5s; zW9}#Uqx`G{&YK^K&#nKX0qljz+Y0Zl{}<~2ta$&_Kb#-h6IG8=eTHW&)QOlwtQ4!$ z_2g1_=I+4joHAF1jyMWaf={h$|67_39@nB2l!EBFF6^vB56gH)q=1G86#4jl$3fSt{+>N-Q zng&YOQ)29Pw5Z8&FZ^{GLb)dw_deH(eK2Ha<%gem+$dc@h*`sFBh5hPnXk60Vi!$T zU(`lfe!((18zt?ebJK#eibj)yFJm~2JvjYS=s*wBVh0db8xjdC!G?|c3!vl8`CfUJ zz<+Ts(Ij(0wE}~k8QU=Pvc$%5hq&(o3K|0XlCV%Cu(5sn#rxqF-hn=KL=h2N)$awO zh7t28-*4yh=C=HCDt;|Ltj(fB&Qch*YabhN>NXC&=M@L4ij7ZNT5*oZ20j#u_I;l8d z=B)eb8~a<;$b)Q>&w&h)gE&i8eEPUn=tai)!qbc>xj&UAG5fu3a%&Sv9ohy9Q&uV8bM%xx}* zINa)H)t4Q>0%pA-sEU1^9aNN4g}(ufF!zYdhRxEF1}Nip=Sow9rK&1v@D*3h2{Wc4 zhoK4Sfer>ua%s-9ts7m~_l!t2aq6|W8hW=!XxI=|e9{GC2~4oAL*_L7=>b2GZ;D1B z-Je16=O*^QdS2N7PzH2`Jq1v)$7m1t(t?zJb}oKOxvVLVsqR)lJy>h(9|33q{C7QG z!k8Nww8uN>JrXEeo*52WXxP649C+ebm{>ai*$2$NQHVCCS*F6#QodD7yy)3L8=nYP zp^*zFJ1q?_Oj8vim-!#-(cRqUHd8@{obL;*Z=SWkHqe1U$ckap4h{l!P%dm@4-3z$ zHL07J4N9~V1O21B1}#ALCN%aN|1}2a?cu;~yZ6O5sthJquwwW+w2p&NPP8+nMOc55 z&MDthjl=E`-iy&q1Q>_d`|;IT1Ffd zn;b2W?^}^xh*kcyLp66Bscba&`}FYG_t#**APe6>n`O{Xuw+p)eX z)^KdC!*~?6!MTmfJf`(D>#!;F{x%C>m}C9HQ3yx_b}8KF28ZH6%JGS1prQ+tTdcrX zx|5n|I3i#}jZc2FQS7;cfy{#2BQb-$e)LX;KIai!9O~39(t?!JvkSi1MB6Pscw#NC zoo7o#4SoT^1|YH{I-s$vOijC?q9^Zb4G6bmtWIwSr^b3qi(@bcyV>&t1>BwLUiKny ziO;bX4)1P%q($0`fRlVDZ<}3q{EB|hyG!QJc8|}&mcj9W4%?l_(S@~1Pm*V_4^r=# z>~2wz;%Cd}-(>tYuy#>-(LM4U>MpCmO(Zed4s_~$LWFn8{WhBW(rTUnH=@Y;<)m$Z z5nbkGffHRv-M4uOuGP7!!x20zuUif(cVuQ6uKYllsuIHe;#_?iGK>exL#}5X6+5aV z>~1!tEUwh2!*Ye8&!jY;WS0TL2_r|Zaxn8bO_Ub0snw1E>>kChRW}hq<4@kZykHS!Op#%bO}0P$%R;s@TpZ2p($KLdU!{?ZS?{{i;@1N{qssQuA9$N#{7 zWeNY{pYq3qBmUeIZ`eg!wBP#g!5^}(_g@XbewiN6i;_7i!PHpv;iXIB8Jo|AO&evg9X|Uh^zDMW2XoC?>@V!mk4nf)A)S$ zoF~drN)2TjBDB>hCm=*r1~}olvuu@ZE^~#u14P$zP(x01(CM$pMiX2Jjac%Nj=un+ zQtLwD?UmMFmaahn{YIG62T-9TbqQHEjdG7e{#`8=C>#<=^L9v}abO`e0n?|MVJUvl z1Z3b^0dB6a;Cq<@k4tCKQDnMOBH59{hsYl$3bZ~a9EVHV2=vfKDb{t~P~~C;6#UpH z^Jz#Wh8b*n-#ln5>+pS}t;Qjz@;m5v*+=CgQqX1~V)@e|6?+;e<~B$E@>*`vP}nqO z>&v+o1J0rgdM2USwk&hap%xff9v(OW_jxs?pZ*KH?Iyy^pOz%M9teW`O)!o;uc|;~ zmifXZ*E@6&!%y3{Iy3R#+8V2SxgzK#L0BM1XGSu5*a^2+R2R``)$5sOq zMW;40>AaQqAkXkx*e$OdYvT!vlseVMCxJJ-=R zO(%bLzYg{io}O+F_jZFG_4A4x7Lpbi3s1t#GW#UhGPM}5c-!2TklL%T#$wcNZ~uH_ z%wKmT(P`(AJkO49*0R#B3R2fp-e}ApC zCsce3-eSvtM(GBCeBs}dkP2T(z;8Jl52K3A!Cg%n>6xU2lXO8V=V-2HwT(aNuquf37HFF@c`~o`~zdpcC%u+W!T*z{KYKIEX~H*G6&w~cQRJ6I}qqq?3EAFX}kwWyr$fD%HeQ^hVuorB(N zd8)x}IzIjcG`~r zzp>pOnP~BKKVag_Z1-;Std82IeZa}*O$-q8eY`$lAMW#_335!SE&KufXt(pD^LTJn z_&3U90+9Y@)?KCn$tT$Ky@_C9bwuvJXsFz#9_Sgx5d5m>>A6PGgs6qntUv#@*ZcqK z2mcoQwFz&GI6XlNjTO?1%*LiHxzd-O!vR+tZ)ZS~+*v3*R2qZe-jhQE+N&^!7rC%8)Qve|p!yAT{+V?u zysM^}e`~(F9kN?8`zkG^X2M$-wmt_F@u6ZxBaqquxlKsjV&K)%M#0@z?|v5~1k(eu zmSI+-g8!@1y{{4D88UHRPB>I9(CHCxL(n2S4<`o%q?fZKVnUKaw6OpnlD<%SPH`0o zGv*@Z$#4Z!e}#}T>Az}b^o0L*5JZYZdsGKnAa48=vrycqPIO`Y=f&HD3bh*17n+(| zf83(~$d4D3y4x5#A}f6dH$8!BJt9}0q*ZcLG%A8Vvqn?PbpJEbOyJ`}E;6ZZ9ei5I z0Y|_+zrI`!$4T^X@5yZ-bN7$@x!m)B7y2T?#7p2!4Y_Dji3!AhT{_4zns;oKwff7X z>fFy5Os`Qk$CXsNLs4)EWzCLJ;#y^_wYrUc^B!!|7p4>sW|(A z>#bG)f$JU%iO#~XU!b()n6K2H`<`A>G%>u0J8{;Oaf5WBnhv%OupTAU^3lA% zRc;U^F+mEP<zVC$r`ZgmO-JTTlH$j+BO z|1+`1ff+=UYmRE=DdOIwxK)I2uyF&cG_yiotZ zXYlDu0v1SRaLLOvaldC(^Es|=QW`O#sjJeh& zJd9utIrI(u7hP=J=JZaU5E$1yd+AfSgO;Lo_@jW+#z&D#N)_YGSl%`@ybG$?dSJBB zI6%2+@r=lXgj3{6<1vfaIsX3(mNaS0Y!R!>6(tvtVIrea4tLf(O%nY$p;GcyUT3<~ zidpQ3VUtFvUq%OPRek77tpo=+3+u{Lk?1Id=4Ca`EAs&~jCw`Q&q+?Fijco`GC4$uywL+qd&~@8)lN4uF)b z`D)$0>P@QTq)PrXsFHtg?Wy1{-`jrJX=yL}nh<9tVfFs>8)cO+QedMMhD747wYzjS z!#@Jv4fv|o(e_!`one#>fQz(PMigmh()7_V@0zG`;c7IUVWBK1bh`<-LvqhwW$T4Br*Sp4 z>dEf?@>i{<71T&W6|`PxX2;gc8kpPBm9m=ku=+=HK#i=xTXa`t|_3#!S@fh@TI8nZ=FtZNlt$EhxN%RrZQ{0jZ3zwGFs|2DG^Oh ze*S;n&i>2)_kX?K$bZOxZ2qzSNBWP)f9&4;+#&pW!?TRr2ow9y4bLkDzW=I}B!y~7 zj6F!QW3-eV$EBCwOHnCyQ?ez03eS@sg??6FP?!9vHB}{BaS1uJARK*7^Azqw%RZbU zxYbPt2y?D{e{C$l=H@GMLW!&vvx1H=1MAaCYiF{ciPs+7i6MulrTe~q%WOeCHi_8y zEi*o>W@6T^!lZR-P++x=m|Nn6HXQ{xW5!4eh-rt47;(A)Yh5{R>XmYB{K(!5i2t*Y zLUg3qJ8tU??e~P;ulG(`S~7C}>9XH*7QiL73p@onf*p2$K}&!!i}g}A0!y9}s&z!% zmozuY(=3USWz-g$(OPP4Z0H~OFp|l0;prK!{+`8l!npMh4lC$}I-D~(1R#v?LfaXM z?6#XgSJz466rV_(PR(CyUcdUvO)3}p z3^3!CdVr`~G%oE_in29do(~0RE*LSNN0|=qKr~O0(S)TocOlhtK^0r^glt&33iY$l za>~DSgGqo!Wb^drX9>eH`mUVzFTv#*a|7dFN=K8n(JgT~qarNt>Q%Kt_r zz?_`>u35S@pEn4MCTUGo>#MD*Wi%%Y71MqL@3M2Eos!43kSN6+dhpc)+r2t%?L1!` z<*V!b)v1F%w)TN@zrYFq3jX$L-Z=#OZ&IOy@gTjn%Hp(}&S_d3)X;%_Q;H2!YgS2A zbu3D`(^0sPWSXt?ZiZODM3gDdJ0VPy&NAsNlg={fER)XCn43vwnRJ$4x6U$9m%i;y z+N)o%7Fj9@Bqssvpru8qQYBx26|7IfCStQ`=3sDDdCb;NJr%NhN-T^}a+dyrqODQB zI!CK4%^>fSvB73!rQdGVN;1WR8WHEcYX-5Bg-GY*PHbGPfL;+}ZG%DDqLWHM4vrO~ zd&Q$ByXJ+DZ=pYyBv{JyD=xOQ5b1mJ|K{W!@|So7c)(w-Fa7EM7x?Ax?qIse@9<5@ z)QYEMfhoH6Vf#8~j~F0F5|gvq6N=V|kgy&b*Gco4H{|#Dor0C7vXB0jKWysr?TLxI zE+1#*<7_sY>2cZum_3C&bD<1o$9uTB*@lfaoMk6m@b(#{ zZe78Y-T{v*a@$j8#9tTkz>1K8bg!dISQ&Iot=9L4KptV$0>x`zq-^c+3)UW3s@4^x z^=|qRMQZm;(e~1eD^KgIIq4J5hq35Dt)T;}tc64Nf;DKLQGGTnBu3Vq?bK1~S7hSW z%(p)MG~?GSwqnv(5i7$rX2(~TZR;uh3;mqJvbG1kgh!T?{Z~6=hO9ing0Y8{iXEzk zFqju$@a7vT40~8f*q85fr~vF?rC(pZ&!IxEhn0AJ={^Sy6U{3X=)1%6?c5ob;R+`A zi)Ld+K68Yb%0az7Z;PH&xR@DJN2jpuiQeaYL(833w*3;QB`|YgyJ$5P42c8_#4bFs z0bA5?_41(1yl0&C^^+LD|Luek{;Htb%uxx3( z-cOEX&!7HSbqqANT4_eByx;B@>pQ@~IvgV<53I}~yw((@bFh?ty4Ow6TUWZ9ZRe~G89?R*_j%=WJi>8j_@SZ?J&t1)UXecp5eq? z;lj<4rI}xH_a5e(f+)uGBoS3U93FYsdAx6bx1Z_@Q>_q!Z<*Qz79l$LrYAJpJ93lg zA>3(`48n>NX(G1P;?X6FK)ky>%15}oz@P3(64VZ)xH3;-?zB4-i7i|-uhGV9Tv9I= z+$pNqvdZq5lKT~{ZJj=F=C}PRkjL_#ZHkO4Pu`}Hp$%r{&Pq`d44VHi?E zHZ0}UCQ3%0{0OG~UBM8uf$N6^Tz)T_JYZmHorKA|^X?n&PcF%;S2nQ{qq#N6B8!WZ zoiwsB;Wzz+Kh~u}FuAb-n7lRw-Vjlek8A@eqMkSV!O15vhn3{NFbJcGTZDVa8(s(h zWRMrgu7gxS{V*%fPfmSHUN&mUYV#ny?5Jr)@u*< zec;q<@Nv$wHX~b)n48!tHvvz`eF2R+I@`jL*fDs=>=9@Y_N|*AF5Cg&mAGx`dVn0O zgOB63(fQ4_dA=3Txy9dDiggVs9;|_FFYccnN8IF;xicf>Wmil?=jqsyu?S1=;n8y%ksUhkpb1O2lSU`b^`B#qj5ZVF~ z)=OiPI^JI0-Mb*kfCkT9Hme%8SuduZaGo!1Hh7oM)&^yVuLfB8L{o(~>5Nl~8*R4<-MGM(~kgC0oR(5GkRRT8r{v4X4h?KC`Dw z{S*F@=(E7f6*1|zv98=lk%mhG?g{Vur5bS9oIq2pZlj+FP;H^NjF4W_?f7Wpz?5NE zX3&+{yHH8Nh)Uy;mHlE0L2DkztI)X2)OZ7fE4Yt}9q<`lE%zkP0?{>j$jINFvQb28Mt&7z|A?Kknleh#i`?GzlUJlh3==8GBcKE`*9ImAbp&~pOuoO%= zPGU4O5=!>dZ2NgwZ04Uv6j#$G5zf2fy7%I$#^9ZcjF3$JL_*CLA5GJmidg18EZNZD z_d5x5zHZ{7?$iu0F&Rim)NEgPg`$!c4Sv2asnK8pqd}^n1V_Eej0PzlJ=sySeZ|B_ z%@)a#QIAPa0C}_ZhB;%hI8n&-=p0n=Mu@#)Ol5hchO$e2_m{ zq30vR%$qIZ-q{&QeE9hwUD6Ivj|oMOpgA^Jz1d<}0b4MLz1a>3Xpf>x8raw2!I5#& zokRt_H`_r0@R0-6@-#9SK9XW5WIi%5zSXO7(>W9{-)y6U=Oc%`7h*pcNFPbo8*bkd zR3Aw)F7&<*u#Y5ryfFM`8wkm7wn(XqZ6t@qSpaQ|xt(G2hx50eipbp1>}G_v8$Y6f z@c(A}vZ`@>ih#i`*c1Yz(*+Cg7x z-)#OY-**ivHLk-(4rG)E05IfmR8fyz0g~K@eHT%i!d9|P<7cFP#W~6znP-&R| z!uNpY?A6Hs?_4EZNR7EceEXv*EE;w;RS(S7fB>?fPDEYRhqk zg>G#*)L)aAl_sj9*+EX$nrRpSgVwYkit;b!Y)xoE6Rv_6#qrumWC!=s*ta%>S<2eT zW)7da(p0bq+sJCf0|#azavXa+cV3vCd|_YJJ@;+X;20o2$<@{Bk^tN}ic86VVW6z| z!)l1(_qtz=JpNkFp4?=m0ZAB3orfkZ8TlmcOhxKbasyU|`WLYGeG*qsEUA0}aRc1#^|-as zSha@@$JO$%)vP#>G+GHWho0GbV7oeHvGMAGC*pL-3~v1v=nna>#*iX53!Y=gTpV2e zO=~3eBBk_0(4|8rHtgtYR|6lB+1gomeG;wDh1c-NUH!eHSv!W>{1o&gbrR)1@+?hg ziNSFugvM6IN5p&r@KO{XfeD6{m&Ptf>D!Zp?l|<~2)y3hRw6=o zd$EGhvWti6e`sE#u3Q=Jkpp(opia}(>{Lk;p06Sb@ZL9{bai<3Y~ddWw}spq*8i@d zh&|~|Y0@qmw*WAH4J?O{(|kv&A`u(3JY`I4iV%vrC>ed|8~r2gNS>)e?o=W7pP@po zvEK*x-wy`&XKMJh3t{V{*xAn=L{Q|tN1muuQK@FgF^=6BH0+1!SO%Byt|(ZZ_Dqoy zX2Bge5p;@@krm6~fWpugQZiX(;8-{AU5Ej+#o!OP6a8SL{~B5t=2fyL6BE8}FFZT4 z=o7=}IWf_L&2)YiS5Sx^TT1voLm%Z;My2A(pEHp>=n==9Rww5_-gVw*=WU(o4L=>s+fG#Ekp@vCwszB;-1Fi+xoTwE#_W~tk8oK> zmWAZ(D#h%n3UY(LxPfMx)k*lSA6*8M#Zya75Lby$c z-GUiX-SkRsc>`3BweW#Y;K8yMk0cf7`hXZY!pc%$j*7kM1_wYQHbp5mTn>0J!Lk8c z!0$4RusFe0NCi?bbaI*KU1VRfgXrVHaLk|K!0V-r1UMzCom$4Sspc$0Ukk|)tJGZf zov?D9oTY4gCR6(E6uM^f8L8$t0yL>4uim|ylRLiQ87;HjX>-K&Oz8Wm{Z!bN`|9m0 z@>-P88-01r7~L`(_KCSHK?i>`_pfZIYI@ywdKsSKs7oU1Gou)yT0hq_@qj#uhr!TDsh5jqN#e7!LT} z%PII&V99o4F1%Y)EpW)D$`tsKU}5!2hmP-pl`eG~HAx%EB}2DP`rg949j)dIAw9#A z`Uv5F>3ft~1fv1d1{b~t{4~$)pF%{plxK9oGp=^}bbd2$1y4$tfM;#@k?KR!9{>k6 zd95j&J!--8X6`hHa5gxTgaQ?hrov$pUhiuaLo60LxQ7lVEARq;{{Hs*;A2bg``BYk zKihk3!5>VbQBUDsY-oLXp_A)hpI5BObi@JJOzB{4wXN7nT*13R0b&!#!fC44?yrHk zpNO3e!ePWfK$?STAFIco(c#e|Oh5;OXDUcXv)NtoKnM z`W3n>(b#t)NyeAV3*H;vUmKBgCCb>kz7Y2hvrRslH!=Dl5n09(YompMS<(Ui>$y%a zb04>f-fZ?;oanRLtMki`SMyE!o3(hHDKV=gn{nkokG@QKTnGtV$4=sBYuG2>OSBk+ zX-0DaOGzn&Iwd7FrhKp1Am+-jtg;MeT$PNSHtivSp#S5a(~V)pis6v4jg@S)7!Idd zB`?fs@v`23K!;}a&b@1Wyqf9s96zuf89?GKMG2Yj+x)>)0>gzAvvYHne1TmVbCy77 zZrSqCiMnM=3>a%iKS8=gmMcIM2hDh9I(lc$L_L3jsfq*K52uIv_PnTdJDNYWZX?8c z5H1=jT^5wN-SGUI*os36R`8r3QlEI9`sTMiw-@kaTYtj0 z>#T{!_ebsh!+Xyax%CaUJ%dpjdb5*%&t~}TS&`N={&gIBU&^Sn=ZyObrkyB#apdZd zNfkQkEXHU*2c7AVb6eWXFo$-hCV^OD{zL{)vHo`ke*%Y}V*@9=d$gYC(HK?_k- znIBaR*mvysfrq70p2oPcY9X=_DI*K+%7AM{z~(cCGc&*i3x{8xw}Ft2IwfyG_jvoC z|MP#YVeFw3Sdh1W{KFsS6r;OXM(|}Vp&nl&Z`$K z)Wus%r@acpunqhD%>i?yz&0RQdDwTcCVf*e5J)Y%mKzEK2boxY#@oLSmXp!=+LD zOy-`vkqN|R#xvy_!&s9#jH4&OE8|dm;DPOAx3@uc!`!}Ww58^5i9A!~9lDrpJanR? zD1uH>8XxE~*pW)-uH*`O`7#rPj-(WtcoQB?v0Vbr=V z=sKJkA~s<_M1I9y%(@bm0gsjud^3=`sMD8$BL)k|@Qe*-E8Ik!EZ57ul`n7(7RC+PNQpJg)6B+!5cXs$&gn0uC5OPu z^JeKDPh@4pg$=01;y3WqJtc1&9fKiY|HFE$yKBxh1HkzKqG>0p(iqrnHI+n^`U*Bw zdxA<*vX$0VOUwm`X$C9(!?Q4HN5b_ruy@7`8?w_{1MSi%$zsb>tLS4v)vb*vEvS^P zPEl}zq)0eis2eMW$~dSSDO0T6@SL@<`*8+qtWp}t{TngSxk%YfwaBxF3a{fD|3 zmHzen{Qqa~>Ym%SvHg9%e+4Fea559w?cPqOliBHvV<)|yO;c~|wvRgy30v4ugi4Th zbpQH0z`++O5;%}#JKhQ}aU}8x-#9oQzuzkSJbG!bDmmndx0^F)YL=@TW)D{rE8Q1- z!1)lQp!T~-0@+i$pfwRuj3jtnLs?i+Zj1nT04DVGR63Y@pVZu&>2SF+cOh7e2CH+B zJ8HN3^p!Q?v)Rc70>6IR0%v6u%rg@x64mu1Nu|CnT6JL3>?1RC!7PHckTepyl@;t* zMxH-}_4x}Q9>qkKqUao-iXK1ju1w+JC+Ao)MpxHw8=bBc_w_w(%G1k<)PcUrA z#AenkB@s8TdpR>N?!JqrtJ{)A|8Zlhnceiuo>5T^y+?XUdLDf7z81YKp+EQBOe|-~ z%y$RMj)RwB`5l)y*1ZXvhlc6{uq)WVFl6Vp7z`vos|LEucPMc0oCe!p${$+4E4nr0RF^%E z3tsa;60su{51a$@F&vZ$A=<=y&QZbp@65CP2*Q>vSE8ZKnv~`~zP45j+Drov>%_+( z^KoZX65W!LH`~VVFImaECDuCfN62esK>zyizv2xSjdLz|{srtbAtc@L&1n(9vG@FBx3TJLat{tW8fE~Tlj2RkL zTD@&&maD?Onqe`s8%z~T&eY5(FXBdfY22YN9h6~g zMh)hC&8z;Tx5#v^gS*=J@-yb?_%!V#Yi73{FZVh@6T9tAf!Jr?pY=D`_k7+ka<-s# z&8pzY9DpTG8I(f^#RP)l9*`cMM;6pmLfbqOc)+Sd0|R=C$@??X(&m=6>UC0g%Q=gz zrl*6ld-}w#-7>JClmGbRBO38xY>e(jQ?(>L(gz3}d=s zM7PYO3vqQKz0`uIFyK{r$F(s^Kc{q}kl#UF#$31Sty9f$W8{m-)F}A#&X{OKyC9M; zyQ-x%6P>Kqk*V-F9iBR~D)t4YF6QiV5BJY74Xn%yJ3zfdY|7gtA(lyM7PS+X7YzI^ zI@*mDWKPw&wW_*XK4GhYA{mJuW%fZD`+Q z2%r7^FwZKA!i^8*3j_9|C!%^vj)WOO8(m8dY206BT;IdRT-{Wn_>4jlc@IwxZp!Av zA(V)^15Y$}{AO&{P;lJnkOCuKP5wqq&2VYJ77Yz?S5IOZAT$%&QkexRI7HNytc7?$ z4N$gZE!A+Mv!7CKN7H62L#Z>i{hl$X5VhnbGtx^n78(n6mjl=Q;%~p9Q3BMXgEo6o zpAN9J{XHPo=9^#=8A%Uj3%V_sCz3=$R3H6(_OAa@e*ye__U=D|XydkE9`d~8^7DaZ z<1fInu`%k;-G+9c*!YSmHXdn@B6~G-uF4Eu!173hMvBYxkUT;i7{?mEG`^qpKzA%4 zzJB-dI`IMUy?Qv(srzT7hc-~VHm<~v-%+~&o5L*IN~z)PC$^e683w8hJUXxw8ghEc zbsPauy*kd;$zca8;W0UXclqhv+3EGW^EbrG=b>VHOs<7DD^A`DJfE75hxGM&ZMIEX zdta;uMWHphsCnz6mST!mQHk0S`>%wtXx{SnHK);U{17-#&fV z?WbW~A%FNxESJ0`3n~{bt~RY#$z6*xbh(=<%@~ zq=z1#3Zj~VnsxQx9s88kB_KPZ30dq59|L?VD+Lr5-O!S?lvgo@&-Y*}R-zKOd3eqv zo$w7rR?p~6_3m!^KORlq28gSU@NIIMu#U^lxp+NEgZHX{4SON3qRu_^zCKBO{_u)5 zOD@$`GOC$H#6IFY+C^P+t8Yr3n+h{cY;bB9nodpHBpTCGxVOEn8a88JxYV`^ox30! ze|k@O+yVv-Yl5-{D|okB4n~ z(=4?MUf%}f!J6urnKUf6(FV1CWgA4uO^DU2;N!2?q-ILkg3FyR52_lGSmW7jrtK*& z|E=`WvU)}SVCL7AdahP{(USXx&^PK%ns%keaS61Jv@Y$tC+dBr7Q$iIlcKZ!CGnoa zt##P!UDuk9ow63pKnG=!h}G7au5!Jsc>P%u#GB1b%?T62Sbw&&wPCb^Jw0#p*=Edl z+Rxhzi|;gFXv(ZVbs*{{@2*)E3%WY(+Qm7Sg}7trOO1sMGp2RIZ6|^ha`wNcmsk!F zOgMq9=M|F~H=yxa8X0@9}Ul&^>J7GQ@@vym9e93d-tQW0CbY+QxKkL8(K@% zwEMN>G_B?#Plk9sb3`@xNIQ;6J%+k zEFBmf^W@d!;!?wMuKq>KvUvmNnFS+h^zBVJGCTx((#v+e;)TAdU7uZQ8It_?1E44T z&)bPYh6v^UQo4@cGu{<0P4HW={LA zHk|rqqU8@@1hW=a_NAZIp*lmdMk7BynCWJ+q2vkt4ywh_3vl&|w0Jv@!;|)7>f~?m zsZd8(`f2O6QmX_)jT*I$s|}nfRM;u)y9-fBERgy|z^1bsKm>|pwj;FCgCX6p@6znv32 zcV=H0=K4)^Q(Rx)>_AHxz7jU4u?Ka(_dR0A9wra66aSH!^Oe5!?|%PDZ3Av5ZMEDN zq7`*^;Q!^wYyI^NPn7ySnTHfM!8rw>l$+qZlO~_ZwEMex++6t8 z`1tLEx+Rnf#d=aYT*qLE*b@Ms{6;hywu(dgvWMg}Dax-6`NWd0Cc!4vmJmXlZ@K*Q z5&C~g!SaXT`=~7-0?R)NwI2~W1;U?z+K))gg(wanh$B+b;KUw$_z|2qW*Q|W?)L4#1olVeTPc$xsT<{DX zo)=r^OGne~TrHDmWxLiJHbKAJ8&MKn@Wnf5;FyK@%}S1Cb#( zLKqPeLS#wY4|RkuXcCDGnR(<%!;(WR;R~K(!WRtLgfDpR>7428SgI2&)EP2I`Kmo_ zSC5Z6Lu{0}I#XKq=7R;9hmzv04xdaU9r%Lg!wDacMK<}84zhvrHHX?j$ql$c2~7v( zK*^d_X|8NvvRSiH&2r4z82;>GE8~`_{!<{h*LiZ;cnm?3kMe{qsuG3Q!4$;8-aTFg`o zlAMf4&c#4#{WA_zsNs|Ld^;J)(EtWOODl7JbQa?c=Qv2iN|?xc09M zSI5DxKiZmuU*DI5U;khNIha5;%fYYTYu3T9fAH%c{Q9x7SHHed&%vpWo_t@4Pv5X) zofd`Y>h@ZEW=Yo`>e99$HQB(2yW!EUV;!+ zN*Y%16=y($PvLWz4wl{nspv~q-56qoIv~~x?j~mIx79_-HJggA7N`TlqV!wFv4;KI zXdJlKL(8v&nuJC#=voXf*hVGkiW|g&eeV$L%ZfL8T3@k3)G;1pUwV`0-B5y^MaI62 zyvCMY<9LtnXvIt3uAS@LP~1^iXQrc3Vo#+XWkOf0M$lrxWYBKVflX#5N~XgyF%`#MKYNXXYY$WkegagIwpr`=6PyV(s0#D|zX|^%iKt2oZuH}~ zxT_y)3bUs5^@cCCg|kvRqB>G7*HMDZw6*_QtnQSeqX&vzb_01~!VIuBr zB&lIy8qBg}%JW-Vd}ej2>GYsW%5_bb2E){mjwxEhhQFk@csdnzW7kVfzh+@tw_GCMEX4h+6|+vV z8IJ_MAX@R6t<|^KcKib#?_HN#p&bwUb9Lf>dV8*p84S7`m*j-C#Yw?dixX3oucBL) zqUNn=&0rvMx6F(W2ELi+ZZMBM37#1N z@dI?veu3qWuIvl?8XEYX`Z)4NaHNOAZH8RjfI42Xl88IjG`wVzxZNbY`SNN{1c6)i z=>Z1+Nn!9au1Ue>rQX`yylA=PbtbIq<8EI`ID4gsOnhe#u5B(NvY-{a_!V&(xq>JA z_YwPHfNZ)Img7I%WGA&Kr)<-IU9{6+E(4h3E(hf;ZP`6Vvy9uO^fATV(4Ssjke@-~ zZXm0TXh9=87fZ^~OiBSbbXcuRCyszTbqXc!8Gt+1se6{W0UeMo_pDTSogy#-*-&3k zVq-=zVaW21Y9d)Jx%L7D!3l;x6v$^GQWq4D*vk7LZh39jtuQXl8yeF^4w}M~Y6?!jpT{Y$Q{K4?RFS6j_C5!!6FJ(tY`%XYW*1p7_~66r-< zs_HV?i%&9g0A$sLnCnQ6xWDFl!HdtAfxTQb>a#ldsCOI4LdU~0JTaWh!m z4=no5Zf`7r=}p~gV}=fAa}XUzgK;!JpzYsiNfY0?b8qVVX`L~pkw=oK#_s0>wiZ|f4sM`4a98T0{};}(1i)rW(KcykP*IVv;?-aM5e5OdZ|gEvpB1N%d7PS{p+^ZCMDy_kh7oy9kv-xiS> z$=!?R<;7%3MCN#wT{?pd5Mbm%3!@rDH{m4R*X4s? zCR^%a2EQjT#J0v3@$1#VUE)4IcuAf)C)~lfzu8D{+?PEFC2N!b-RVX&M9d9%Y(iJ} z3+D9lLfz+e#u%;SF&W9Go{^M^rv~AgP)yAg6!M6XTw*72_+(Ui+Ihg2f-7-iK)VU~JUG$ALIc$R7 zlUj94iYos4YS0+h;uUMd$)>K+H3X!qzinhwqT$wYG-nHX$3@qG+*Xhm<|}<@twraI zgMc(3;-D-S_3y<=bCgsUb|5H!jY{yo^>p zi2t}-e#)SY8OPw>TDfC}jXkj9Xy=;=zC#k_!NR>;mJdjd?5mu=T}{iLjl=Fmq>Wn} zMqiLEZM)uX(^oiuQER+mkgYz~_z9(X$sYXI3t9{LsjFB+imH<>Yv5j@GdBBk;G<9% z{i5nhZIWlT1vt=I1&vttks4luuH?Q5eyS(-SG@^|Mr-?kbup?H-|}|R&5sMQ3>4%O z6T8u_Pv(`FpDd|rf>M{;hR?fJH1ecmcdR;*{B}m0V!>Nhv|Yna=!(w@QQxWQCTe-S zEWc4()Qr~U3_2;)cBgiCdPjMsbj(joZGv=T^Y5DkMN2DEcgs0zwD;V;O;)0ma6N>a zOqaXAIpTGR8A+#&qARM@vuGPX`Lov=xRjDa zfgsf;X?JzWno2`CEcFhxc^;cfjaGu@Og*_`jjFcN5A_AOR7W#&qMZ-RJvQ2|vHNec z&FIylp0%u5@>-t;dI)2qvC%?5I^<=$V7xI@A!JG0!WdpPaIR=x?PvVDdbbH1yuVX> z_tctIsd|2^mh5xz^ue{DcVM3>nN){?rPI*2qJ6Y??39^pZa}?nVZHV~YQ~-$nHT-< z`#l{$nT8de=`Q&1(dSJky&-qs`TyyWoEc-xgAVdv`KAV;HI`CgGL@3&kn`eZH(}LaGE-%@)=}l=P}I=ikk_=cF?KNX zQd4&1mom4r2f6I|bj9sRrRo%XuM_e*PQ84WlF6$x^LuzsGqI-VY%ov#?d-7ATLZg> zn56X!93MnJDtY?*3l3T+AOVprtH@5V)TfHWwDKK<>tETGG)k+E%s9?b9)UEUvL;zL z;H0HnvI}{*+$H$V`B!{jfSk8|l$4a4-#+(ORX1N(%d36w+iknOZ_nAuyPumARgQh1 z*VzH0l+ajRFVrQ2`@0GR{43A<{^Up&0NQFQ%ljwRP}FLt(ex$=+SEksqcK>NXa*{2 zLsD7V+`1a8EYxQle$67XSzbe9F3QG!Sg+XWc=@7a+zP3k*IXj(fh4)7mu0e6m}hK; zQ)m*hqf2(3KJPTtOc))izb}xt=i7K+o-^M#mgI@hCLn$%-xrR38$92;xxT+x^1kEme1m4j!O}BD zET;G+MbSns*D+7s#mS3MjUQJRJsiv68CVh*)Mb`?<*!N%PEbOaW)Dwu$ z`zbaQ2wD@vdaz#qi;eNCTY?XO|LYO92zFkwTox?>ra1JlC5(LqISjvHB3=H(@?G>p z*GZl7KuMMg>6+qn-=qn(lgwow#B3wC!nJ!}UMU%Av>bfiyxGGCdoZDSCRyljGCvCV zq*LK-Y$h}-6A{6lwK+xCnt>;hLy53&3KMxWmn^bwv-1U3l{jpJU>=KJX&K?=V?@hn zzH)ClANA*X*<(E+zPB6Y)8$jTK*jbUlbbGjJ$7_23HC!c~?Wm_OaBwJe2Xtr%$Dz{ge zha$(A14-jo=TmT+wewq^d3FtuMX}b{z_`VGJ7=2prNqKwa_^A;onWyV{YQAFI(y+C zHH0mXb}NNl$%p0D#k0qCP_Ah10>bQK7!{-sWo-%5B}3||0zf4vXe+VQ%&J*u0fObD zC5goG-79lE@@CuNH{;~9?#az+`>*_*n*bYXci(3}@29?>6*rs`b>Al*l$+1_b$xH! z<==h)%PB{b!)DGnSTSi^L;_UOI&LRk-$(X0%G;d(I$p1w3^9xQ~7Mj@U^ci{OVOT z(n|pn4oXD`M30KYRI;$Dr??)**2-(bP2rWZ^A^iKUn6*winiacZ--U8S8D;i1fPP0 zN7i`(Yc_h77?_WiN~sneed(-|wusmA8ZzR;?6XpIj`eVoeMuTUbdz$jv^u{_1z`++ z-eP|w^HB{x+Lh$u{0$^y6c@SFm8Qm+-Htb!D=m2D7qyZf*6Wq{_AV>`2*%4u>llKGvMoLp8|!8g zwDJf1rYo^~4ec6cb&>!1rXNw>kC#u}EGzuUnsoHhCtVbXGyTFzFV1PB%-puX(MX%( z5X*^>8_{U!X+5ZPboaKLLv>l|JF08^JKsF^I&8-`x!|S)A9+ar39?BJaf|4?XfoHywiAx%R4-Q z%#oUwQ0HcVx6BSafH8)Il-n52l3j2E(#y<$8B9WSeUjQI)AuIkm*xPM;~X;SamA)wBDTs z@SXIPNL>W{0l=8wJQSWAoqqK3ctL(|w|@IRE#LIw&wh`2_6pIKz`efx)%x?ko>ZyM z%}9;{YZ=YNF6-&92a|`^LQ;}*9}H97e)<7~JkOi%{rY6~>i0@ati=o(!~u}(1v^zl zyj4hBP+a~dzjn6{)E&IRRr;>2Df*>R5kQaaIfh-HPV1S5!mN+V(M5Y=X0Sj<4kl6F z9Gtwa+2q*oDgNg{Hw&%8$)H=Jdb&}j+o7)5wI)>!u!wFE*+eUxNwOdNb1`EX>H7uv zE^GRde}-h?&cJk`k@9dAP4q4~jCtD39Aepm@-2GciZ(}=nx}Q56)aTUbV)!*o&=Xf z^77NfT!7NV$7vnwvlDg>p-$7TbPZ?sYQ+wE5z(nkb|Ek&t39SZOL0Yx*DBpbHn5yzQj)3LaX^3${Q(Bta>8;GVadjnV(#n#$Xt)a!-#=-&qZ#VgfH8fW0F{1P7*}} z$vq00J2;Geo2#AYuY7f@Y+9;Yw!kM;Y0zzJ!>+u3%*y(W)AL3dn|kq(y*UX5sXI5y zZPfK8w-UJ;S!5?1y51i4hg*n@j-JaL?kmx(`6?WeWu{_*_wyx5s^rBodEAgFXC6t+<)+Zj%}BDF#Y+c@}5{*v9XqmJ-3_a2%cs01BO$ zg{`K*zr6pDbcyFJC4i`zIvxS^E0tn0|itdM?W5n4~F`3|89h)y9~D ztd`$!EJV|t3N2W_>ziUHMY6N$2K2B$8M)r!J}X z$OfiadtMT)uZANm=o22tm&7T@`Sr-2i=#tehY9k?pqTIlB;&1FAmr$L{7LKdE+qo<`iI*58m{@l3XZFHo_9a821pl@y z89kJT{4$yFe0q2VmzHVyb>(?ddxXlXxb{rfG<3S{5io}qo-I=6m~OQNj#D=rJvjok zqHP?^XY~VC#HzGn@XU(TxSYre3_T))A1dfHJ93=?l#gckDO8hJGR2+Y^@e4mZ!Y~mzLo5h0WQ36_$ zdz&z>scxoRWD?+qb?p;mCEZaW+9Q}$d?hLDn8jpFI;-1x3ghmgAoXZf;uW%YQ4(~Z z#(~f7*+C$10wpbBPIvP!hZ?E01Zv4E6Ur-uF}0USiP;3UZbGJej3vO9Lu?R70xRzLrAskdLR$t2ki;j}>f zS9Fv%Q+Zq{RvRBq)_psEGq`8POP^ZD!ZiN(I+34-MsuV=*?x=FCEF?zSFtraKWxr- z@M}rZ)k#tnJcsZJlG-`^Hvr9R0^`Fq++QgiYWKN5dK5i^WTo1au{n>0G|<+K?a7#X z5!GE#wmSbjP`QF#jR8-mztZ@=#KZh^E;$_)-Eedr{aTi@Y()#|;%*VW=5swa50?X{ zD8NRLihpZ!h3F2tF>e~KP8g=xE>qoP8DhK6su8S%ALld&Yf*tXviF5atF2ny*#dP1 z*v{r(6pW6oAQi2G%oA%2N!$1vb}~u}72-~$VTsVMFvIfJ`0gTiJ07jVw3KZ*hx(jf zk^+U%Lq}m<(qoZ{*`+9Y<8ARM1bkfs?! zK(6g(9C&c-!+wh#2S4qC$zW{Hl*53S7&ZvAHB((_or1z(in$D5Q2y6N9f_05`$Jd0 zzjp=)ok>tSg2U&^#uxtird|HgE6Nw_)DaEZuc^O12Qs$|Gdj6p7T0h`V#L)trSe(H zlObkXM571iVW+;N)ceyqwd_~ZB$k&i?rgavRK!}Sx+v4YtP}6F6zVaMr46b@V+b`dlo1r*u1;9VkI<>?f>_}d1t9?0ga>oRT8(@=CN_< zNEWO&(5n%7XSId&R-n%c)PGNc%X~tYF!>P0mT-$L2FtJ&>(7s&jTDxRs>u!ax7KVZ zPc3I6quf@;5a_D(Y9i2 z36JB@P0%FCH%6do_AyenHi?K!o*q16avQ~LFj$qNNETH$0|n%90A>`JP{0$ zU9Di?0up8aN<%VkZn64^^^pUoJEUtNF0&HF%|*|O;SR}<9enQ_)hFJB=J(IAn!7sC zfpt8b5OJ{Orb1Nf4ebLtcp?hBsY)B~(#?CF%hz5*>nA_{TD&2fm@iGj6&i68oF`dsZW1u~p(t^8NLx;_#CU`^LN~-_bbCk5GX|FZ#T{VHWl3;1&6iv`18oT)JmDRx+GJ_ zVo4IMoUE<7sSp5?Q{5U53jqIN4~w_nsqK`uzUEz{`Sud2Wr)EKfc>6M)2;?k{K@ew zWSo*q4(V;g(}aK3^SCxNP1Qy_A<|x8H+~}j5b5<@$6WbMA|9_lKmyV%dzc|+@B&(& zN`&kT{4R9%`IH2)xWc{Cka%lK_JIW} zC@~nHc*{GB1-r|={r?0PmVi)4!T+5n^c*4}wP4DleQgiFhPu1Lz_#iXxSPHAbRBy6 z2NpN?nvGQCC}WQtARV_|$>qEEZ3J%QhA5=9XsP~%II%oYW>NidBEN@x9DUh`)|-VRQA^Z8TUC;%(_ zot{A+#`@<{F*^}*@QlnfFpm`n?ZCaDNe(K%7vr=9Y#vg0JqtL8v0{pivH+`3_&L93 zZ~_;+$`(ocL*&6#TC$?_+bi2}OKYChNHG1fBoEv`k&JDTWSNOJj`pGp$Y9D^pyUYNQwpU=)*m)UzIzF=UM~-gJ2@LytV@11nBG!q zY0FdapXjr!^amTYbEtl=`$K0>is@xHGk$}S7EFhQ{dDBiH0D>!&1-x-Ns;yJ7&&KQ zfhO_u8*xXVSwPo7qQdunn1*dh9E6pb0no6$BHubQRa7%AP z2r!y`Gye>B*f7g@o#mgV8!8}^*UhIRI6MnVuS zd`1g-pcGH6$&;iehB&i}I^vD`RzZ(x^N8MXc_#n-VAr8mA733C^T0sMRrb%h7bBph zyE$y&K3zno<+I02H6`trN6S0OC{eYGa?`PYyTjDr%i2GupDgvH(IlI4U&lK~+x3Ag ztT!_`L3Z7rsRFks0M3zXuCQB21=|>7XrS6ecmHCUe?7W-GOXJ%)Z2L`5Jwu$1IKYi z=TG>AZvLiv^Ns!j-v~hev>WgdDvmFLZaoPcB@{>6$_0PJ6^st8A&uM9rPb$zX&U6* z3Ts4tvUz*X&DLK+GW=!heq#3t+QyGj?OHkB`)9c$Ftz(kS4eHvC+Fr=X$MkI2XsRU zz3U;b&|`&!u+^gP^=$w0^nC$yM&i>W;_OZ8`PH8rCxyg28p zmm1($6+U@XwnI26l3l)Y-kybgusqIkoPGs2lsko97YZ-*m27&Q@4e~t7O+;AuO0uK6w*`D$!2DN|_dFkM%JglcJen2Wr! zuInX>=OecEXfai58`deG(>{pjYx_mg3M?S@CAZtzMX!8e9*AKdPMsZWqdnI-LxjZ#WZ;RP9QrM`FhG z?=x(|&x;Bdzv}~p1zj#U)O7S=nHLItY@j#JmLYX;eF;1>?O#*}|0LXuXkws8vt+5_mYYvaNj(mJaLGoym>6apk)4<< z2FP4p{MJg$fyt3C*#~2s_zmXRukpMWi_kix2_)w?B2 zQIVoWx~S#`V{(~gX-<%?tiC&2x`V81Tc}B(2PbuwHQBB;@`E^V<5t!ngq+v!j6w$xDDN@|Ule*SdyC%&iQen)!tWMM}7T_e6kP@=r% zZ&;J41&B`k(W?{FGd}e#aJrJ->z~0VtPszIR3iCk^%RzDzv{20l+N5{%OyY49;q&R zIAzq_$Rh%{$!YdmdbQ>Em>^zlP`t*@kEe76@F^?z@#IOuant~yACEDQjnJTp; zwz^Mbc2VCj>$d?`PT8iA&BKL3wJZ@ahGDc}aQ~a>jP|p>8)rx;d*XE+W{osF2I$HyNDC)xnM4 z@HhjVu47K$J@LCk?0GC=Xg-~ydnUm(Lcnup9x;$nPM0Dc4;BzxJf^O~V8}u(ZFT`C zcY_y(8(g5F@3={7s_tyvSydPw;(?3B<9-C$ag%O5ID22^_Hz#rT%Y&(Z71GURKT0& z@3sO%2X>At$NQ`Lm|5s9aok>iD`+xHUJW!yNkFRrP%UlYC}AeT?%G!m!Mtg7Hn-4A zVJf_sb_$`oa4DATKI#k?fX+7+c`MIe>;aK0OxF$s8dG;FYgw!G5>Hx+-w>;2OsQv@ zYw{IGNoG4ZB8fE>7frLM^-Hoo<_&lW09ScEJi-wk%Dkd7TqLe|+nnO1Og3$FUacjuMR(7~LT?mP&%oEJX z#Mx%0D_er?LT*Kbe}&pSgT|E-3w69S%e3knr&)*4qWPaw16lL7q}5o&S(`v+ZVJkMpqe*`jzHFe#0)-9 znu`Dx1eyc^%HOd5w}y$%jgVeM6M@w%Ky$WxV(Y{vnPDv_VD;0_4AnVT(iz++16H>$ zp(Ke$q7;PS11Qk5zqOQLZ2jZ|jDbv@ z%t<0Z)7h+;Q{;xlGb40${ykX<9w{(3>*=#TJ8;=w2l`sEtxZ!9xn%^E4ez8MVmUDq z5|jTo-Yl+$-t)AxN1h%{GNlEBYbm?Hh^|5FxTxMOy1pK8&d{skgm3J@PPGI|x@gXo zf6djelAYj7%;`K`H9KBF1%j}Vfy8FUh>DiJWS?6nGrrBF`f6wNmO`GGK~*jREG{qP zP0c*wF~ef{`Gs4JN;d1?Xi1fE{)<8g9zx+eFR@tbrvTO?eCtPMws|WcM}B<9q?cO`_c0Zv{(c z|Fr8LqJP`W%rrTgGCAFUynigqMsg(b>M&$iR{7k&t;*VHbN5&v|cE z{~@qoJ14Re4Da!v^Eq2?<-97jcwad2f~JPFa_9s@ElWOvsCW%Ep)J|wSUW9=s0`0q z=BwO#yxy6A$=vDZ3JIS%5D;VlS2-Xd>K{fs7ePOy zNb`i><1u>Z56X1S!~xO&1rograng*Zs-})5F|+O|z~C6=S%G{gaYwQ-Xl3xShIwK( z02#%}v;s9$nZX*eW?4piUwX!fWm-t6O+i~$%t~^^oPjzuIDTr>N(Y&F%ASm;!4?&T zwiH7=-Tk9R$q~0z$yVBVe2qmoya0|)6XJey9K2?#!DJ$H;;L~R)Sp2)sD#=YtyB6u z3foDOkDn)rUP(3xt%%)eQWXLgmbwqAqxINKI@8UkD#A&upreC&{qTO*^0ZT?^`dR* zUWL5d0@eL^Gu#|Tw_?gABJE~;V&tRTA6*OH6~rb4Btj=clnObvuKOMQiPX8#=3QUH z^vSCF2Y+#cH=9QM==qH0{|@t7+uv7K)daE2#SNVYuXyqd#SJ_kum6jHmj8=AeC~ps z;KeQ%#tX8V{+flKIrk|s-^!4>q^)n5AI^$+Ey7r~4FsN_`{YHfz6LUsF5?8*7Q0%? zF|9rDF&z|F>BDsMF|@x1w2;>s53;%hycFJ8niy|x8@PA1nllLT#n-QoIG<4IZWFk7 za_Op9$2x3+t%7rG2&^{uKJ^2dfUk6pek56A46C-kE`m1gli_u?-Yhn(ywGOvswCQ{{hk?Smyb)d@s`g}H0}kMCVzrm8YP>H zG3QV+Yf5C&kSZ!SN4d0np+2`MdaaMKVULJIWs{lO&G}@KMr4q@R6aD;!MY^upxAr! z0oL!NZD_>*kk3qW)o*I&do}DfdrCE#klDPa?!$z6MzZh;p%B;!G)tYYuV_Jf%Jy6Z zb>`o{!;El_>is1v9W=HW3}OFlw8Q`WppTkC|Gf{(Y z-Za>%qcC@451x{9?7)b*iElXTlz({ye!6;EKvD#YfD?W!c;_>W8O`(<%o1^yj<{E! z)*?z~IiVWxay}gNs#e4T^Q1x`a#3GEQ0%US9K&K;MIeD6wajaYJo$LGiR6GzKaJjz~`y;vIJX*Myo=DtDOU?v*uPao?|_ug`%UN-|Yq`BTV8h$=- z9B71cHESG1ELN6PliokCt(!M`-xIS%^?UrZBrrM)E$nOSsBEzYnOS7)orK zR@EQkgrJ|X1|9oW3feY2Z2VLtj{~i1-fm%{{Nuu$2-Rq(CiCSOKhw~m9WtS6$k$~> z4~-w(s!X)`QQd4E^NIYzWS39r@zM~vtzbs++lz!N`RIrdZF*NX!sz83VWas)JkK3g zBzV*YR9)4FelI|EIk&kWpI*n>i>lEqW1q_ALu|&P(P%~I0U-T!DhWIXVxxEn!~R55 z@@cU)+M~7-_Ok$V&e-k(_8r&+CJE$i^v7Y?HF!yB#t!L_`g+BfHPii3NkqodDg~q>iKG+06G8w=-B? ztP(qbM9y5R{}(L1Tfp)%rF^QoQ;bdIys`vzuVb47x?lNxZA=eieg4LrR@%O8{Yc@!kv2wPrV0M0&!>1y>6wL>`mGm^4DsE8&OND z(Nt3qif~A3ld#M(9Zbg@iUKk23*z{R4q8Qwy)`!1t^nqJWTGb z@BXm{JrI>6sOoc~5~+0t!B0oPvt>ojfS%X0$II;z^Ia6g7ixK@pcA%YHvI`f-+0wYPD%S2?F*Ew0f9F*2>mZVHz0gQD|=O+ZGhC$V^AcuX+rzOf(o( zVKL=*O$Ff^^y6sI&Js%T>G>ycIJ*2zut=0nE=xdpfRopqvJ|S&*g^P4FjILc%SNNAS zJzDz4Ar5@bL_cW!UP#t*-{PPdSzhIfvJ94{2E#I`uu#n(SeC{LXHf_Z^$0ZeX;iIh z(-5`J76WzDUwem24;BOynHM=pD%ei;P3Sx%jNo z)^aIXJ@RBR;2dwaFjw*xoGS4|WFhTsCfm_Bb}*JDng{cVO<1eJDe;VcB!%xRR>nC5 z`D80-L?qfSN)((hY7%N1#B;qd?b~&>Waf==86)?i8D7UKCS3_E2j94RQ>`>sb(Y5H zFf#b+kh!dM=-D-$j7h@Z6Bh-RBDrDu;U`mb9oUTUdoAukn0&WEGuSJUW}9lINooAL zNbm8BcsP`DrvffNgf1x`K@ahON&YEf2!Esm2~tSe#X;m-u9k5ZrlSU_HL&LA z+*7LOQ4ZVc2Oq2vHXN(Tyc`ECzUNX&g^W3^Nyi2X%ob zhIlw34=_#YngEOV7&fsxcvj{KJkl~2y+*iKuT#BkJ5(pZuAIYrQ(VxGbd_>s`>5XO^X zq*4Q-|RG6J%S|x+s z1tB+>hsU2z&@VqVCakr|@TB()weq5bOf+XP&0gf}t+CRPDDn4;{!+B$4na)NO5m9l zXpe_>y%g&GvqjaXL=|_Tu9>}P=b)>K@yS}8pQtNzTXLdvTL_8hridZaBPQ=eOxp!2 z70|jO&MJFS0FzFY372KP<1%0a9(n%~`p9Rpfd8usO84XB2!hl!&yu z2)21Es4rl7jsE~+?j`C z9Q7yfY{r6M>0>Tq}pQ+6EZAa{X_IJj@uIE2xuJXTXmQ>sEpZ@<(`n|&Xe;Wnl z!_$}KsZC{6gWL8y4%5s`jfmKmZ~16npm@;Dt6%FLoi?tRNiRVx;K*gnFcoklpf2D* zCMH1j&%M6iSjPT_uA^SehMUK9MQHMxO~NWOi(RXgQi|CnJ6IS-2eHbxwF$!}RX8tz zGdtoYMz{-RI*4$w$41tGqpZp#$cHTKyqvRf1A4>GAi6+KFtdXb<-jnIPfp3r7vT)H znL?NZ%9&||F*(s8n?^@u_;)od&<8c`^xG!HQY6gfVcMAL)sEhYg{e_ZQ0aX$@g}3e z70ZDs_(66Q)oWN|PN}rB!;!}pHxP{eNKmo9u{wK@Gg{>xwrka;wex@zZD+nxj1~5- z2ccHfP_9J6_>I-YmoHs4E2T_6Re|xWspAAaKl3v(FtMdnI|-RyaMJeAU6j1hL4`76XhINz`nO8gaGWnfAu~owc83~s;7c$~jjFP>%UOSI z2fou8^tRhzk86Q#LRMeX5?Adp1Q3!OzWHCu?F#r&G2=MOfJ8x>N=#`E_gJ*<5W?pO zgGf{oc{`_N=3NR=r;zNeJM4kd_wnIwpXftuFUo*YMf;$3SSg^sWCz>`xwk379QY_3 zp~?nUJafiHGEd#2d8t4*3-2A% z<`|pUrVp4(zvt)09HfP6KF&1;rfZUS*|zD7|5cfC7O&77mN8W)=yxb}8m*EA*)-r_ zx4Q>%g9KH~ATByNA8IZ=J=QZzrt9N*J$?y)Y;nJPM|1j`iZW)%VtwOoo_0>N7B7-s z^47I%=*fO7S06#PXm;}Od0!1QlT0OBH!(4}sr20>ZKsN(yIE*^yI!u(&uBT;&P-+n zlh-6kTld}-w=-)M+~7Nyz?ZoqG;Yi@4_=)Ne`IqTpn-z{yVWC`HRW|+KiRr(J8GvY zm|p`!4ZQ|}f${tls?T-1HSTo8F8G4)Fy()ubO49@>xjn4Le%nO+1O`!V>-5w8JzNA z-p>>2i65*?Q2x--+<1ziO%ssQ6LkHANtPvqNwiIXD-hK$QcO z7^`^`u!@?qKnq6Ki(%2A$RjpgT+wPXnxDTYmdsaek{W>TzNE%)X<4~KQkDS(3X{QD z-+DOVLSpJ@!PGV-Kip}v)`;d~2+KL$`pw0}BLD0*t5}|;6&>%Yfi-l25{a7-h6}C9 zD#IYH<({ruuS$-eqHt`(*|!GhY1l2~#7fSNW2{ByE%R12FF&!CSJ8k7TAKsJQU^s( zAtTvze%hIlcjKu+Q83i#UwAx7=GwbPBF?*?4I0}t8hYS8Xkd1noQ8QlNQuy$Pf0q~ z=|8`UqD&Xt(SLpv_7{j^`f;72@NBdJ2%!VWXuBzpDP>vdx-%huGDvb-sLx%d{m1@- z@@--v!*WQh#HBLQ6#IPd_8xIQ!1wGplYNXd4P+vP*K~wU%e@cYjyD=A9KO6Y16Mnq zPPq?DXc`2w2l)<(CuF2os(57u?CiMhJ_EZLC!)`u3T`84=> z_eNj+_KyH(-v0(Gl4i!6tF(Q(@3zZCxqnT9Yhc(Kv;IlK;%pKW7^0b1BmJopQ?m z`@<>d8mlk;)WA072g9zoxrgTM8ySM=;lEXLPBIiT%{yyMD>Dvde9P39B4-StekLJj zXk{B`8OLfmr-h&p9<~~)Cb@&Aa%C|8*p<#Fy&9ll0{QaPnNzon$sn++r?`a7q?68C zCJwQi@qF}B^{=?%NUiDQI=Z3IV!)NtAy;zmg=dFe3(gX4T;mLm z(Z3~L+rKP{Yd>{tGGm&wFHL;Yfnn_IeIMON*p3hkYiH#H!gg;THPjt~t*aAiF(Rr> zWL^liTwh>cW0vq?Oj(O;Ezxq+6GhVi8)D0UoGyf07|l&mn@5;j{(F_6^qC)v+gweZ z)8elZzJBx0uYm_H`6n+caGPPE8}cp~7@YhHQTp&xtUGm*S!+%qYJ$2olZ)D_+ zMndC6Sv+F#($MO!k|PJ;IidMjn$WguE2u)6(OI+2?II2z?(df>gj z-QKM3Q7_5ah1>!Gcf8`PrY{&}?s1-bOw@tUi<<`?t9Z`tFLQ)_C@@dRu7p(kHB^9*=JW>I}*KaJ!qyCSQQ$GCZvLspkh`t^l%`n>Ka`HPX z5Jla+k(#?(=jQZ-d#wJ`JHL3Djf|7^*sIC&WohzYBPdF5q%8EQ(fIribI&;NVco2( z?CdjP)YyCp`y>OWi>)V1IM%Buyc7L)93O_$>Doz+zYhX+AnI2|XTOz!AaXjmp_K2K}uTy%ESlyy+7Ko%Bh*U8?Fsg+;$q(7wGq-> zF!@6@Oug+mVD@_T`agaAnReeR<@P-L)94Yl5hzndODuuorg-(u+tcYJ&;riL`gO=i z;z9rR(FK*VE0~1D#l@RgS666bz}S1PP+0n14a9Er6EVynw3Jp>xP))YIn=XzQ>^gI zMW;xR(+eD13F0)W3c&9FENf&Q&_9((mzF8Kd9_oubR_%_X+QL&`1MmOMkQ^THEqq$FHz9kua`EImU?B8jQnFeJ_K%JZUXmQpV0g= zM-0rs0YO6yrE9X(=cv>W+H(Z>d78&RHG zl7)$+5d{6&4ASm=e&0N0vkteEyx#FCH9QY6JpTt{vsA!|T9=_{*?`UR)7rGnRjh?t zGmqWOM>DYB%j@F1vXY=>XTOJ$k5nPxG7vrd!^)J(P-0}5=xxO^+l*^(WJC3c z7@^mStBAsL7<0*xak8#1H8Et3p4X$`@nBZz4eZHZxw1h{ zmWV#jM_I7~*BDFh5?*X0ZUs}y9#Io2J_pytMq0EkRZ%kE&ciBPYh$qwOXZaR(wt4)=*cX+;4fftjZdC+q!&3mL z+uMv*{?q;%pE;(b7tBsc=aK9A{@@oYt$Ckj#eWH?ekZ&;6-IaOSTZ)LW4lct0^WK) zgy`%0(ERGzglz50NH`*G&eKI@OM*CmmaZJXgP!d{7eX+skXgDBr5KkgrN;|2h)yd? zdcj*Eg~4@03U=X609M%dxW_q!>1|@&YA`Ovo+$RlY;``DF|8q5%|Q(uSVhgD$&uK@ z0=)W(obmw!Snx~bTi2Ze_?vNxv0pbOL})!0Nkh>T%+A5BLR{SnY9=CbIrK|9DtIjW zws#a@Q>oMe@&x6L~rTLk`XE-7pgLU9?kT)R_g+)Xr zZ$xY9PemBFcd|^B!eQ7rDUFO>UT;|4^vO4$bZxvUPz_jNc^~YDSVC+1S6Um{ zE9;>lR|fF{H;DQRe;y;li5<}1dx{y)z7fc+ot{Kr9G0(fz% zB>w}W*Pa5B$y5ITX@J0gkzXL^|6;!1ZT;N;oYRBZX|3&t;HEbNYiv#m)OR>LJGO@7 zJ$E#5csmWv-3Phu8E7}=niUv5++1GM;DNl8pbiiHQ$HNb7uJUQD+k6d{Y@53qCCm9 z%l&rOlo|&lUj3XJniYvQ`=AR@T>E@mon3FE(e-2Bv^D`0plSL=OXpMnRqF&Ky@Ma? zRr45Rjs0h2Z1adXHhNLr5Y{$*u&Zv{#+3|m$G-L-vX-t0Wr+ut)lllf*00X{xryj~ zL?lF=wqv2qtjB^Zgwo6%L@76|J$9!Y7HJsiHg7vfA%FfV3r!3$-=ke@)onQX`F-DnmpbAWL(E*9Z%BPG=qhQb*d* ze6F_`r`mO(q=k5dJXw@)R3){pJFFE5hUXnv6>1A{c?3%f`jbuJ97~aFb_v&uwGZlw zcy;Dm{DWuw54tUvF1dA&7 zktPPg_3?L&y-6*&JbCCG{YW+4d6cJ%>+9fc1C4!ToB8(tr=I4>d8o*PDbp7Ff8I+` z)`BC39#tKa$fXMY7ziKFKX>oge`HMC@fyec=9Xax-Hyd-S1k z8dhkdT$?|z^M`IrD`(2ULL+0j;`Tqpv%_vVb#;xcP!TjT;-nGLDtu|5N)zdQ;!Fx95%>Xt|=2+<| zTLd@YJ4ToN&|GHyqNAz3R0vfww$`33oc$~e&;@Y2X=5%N$MRw?)k1C)p@&&0r)9Ra z5@m(Rc%8WN6;ff1ZJ9YfEYtuQ7))O)kP4${QV3BY-_(nGM{Up<6jsNTA2Sm|#2L-Wmi``h-KSj>2}mCq zm#Sryg_9~D7NTLo1C!Vkh<1ylWFB4(wBYvRL~KqkJ?nn}r@`UWKQ|=TU!3_rpi{c> zmwNtZalzFrvh(*`Vd=Hx7j8cP^3cmjdf{zPZ0;ty`(dvC)cg-5)tLD|T)O8~-tIQi zD!YB#Ns7$3qSWzTZu0JF@aZ2laHnVuyU<+m7oObS(i~43iJ{4?Dcg)G;lN7^tJtMG z2mAarwSsgQXQ*}kpAVFR=|6SJhEgzGoy>>%MBl~=xJa$Nq0}&LtaUlh8C`rHy62iJ z!sa`hwGr=E7ZFf=_;Q3&LCzBK2{QFn3qh!$PISd4%hF`^-jmRzGJo|pwsfu)O_nD3 z_S}0bBC5V>8LbB`-OL;&kf+YvBd`AzF1Qk=GSh9Y%2=xKsfEcehmnbc%E2J0h(Xs& zw$vH0$n`?H$&O&h+G*s~c2>OjNk08%Xgy3Sz0gQ%Qz`gX7zrfof0ONf*(2cqCD}Jx zDne>bbB|7w%@4qN)P2xYbVj5rtmK%gr`;pD0~&ro%HWq^cwtb01IL*r%LEx#=WJ>! zJO?~<_CE>OBKbnWDS6t9qsoCq<|T#_Ojw5kBB6Am@IUa(SpPUSyn2Ldv;mj&!^ltZ z3dU7v`rhx4AJ0oNdbU3u-Jh@b>u*AXKN5*sdmYl}Xm7Ub{8@N_gp-O#%65a)N=VTL zEtct25rUyl0?PY2q%5wVe|v_~?E9s4ysQI^<>;wOxt9-u7x4HXO3cLPmlxqKf!q&x zZO%jG9G||A_kRXs!YQK!+rVHC`-DXk#sDO>H%_w=QnFp#$=^7t5#3sAB$lHmYw&V2 zOALdnp%ntHJNUMByi^+g(Egmqq~)_tFpEm)TVx^}@S|*2ROPl8CWlE_*++p)8}9m! z-11GG@0jV)Bg!m&kP<~wP^6s4;pQse0;8=hw&DR+ln;cF8$(bo*YS~Wsn?X#@gc$e z_UFfGv_u&NG&PowAOn}cV<_u30d^Pzm_{FAiA_~7IKXL$sjtHVIJ>u?LqYi~k%4da z=;66Y!|S-i~K5?e*Xi_7ugWjk?PRIuR-$&e?l#Y)NKMS>Ew@SwBai-7UXhMUqsmN=z>B- zC;I8YMuH|sypOW~UPoUAEGghtiK!PT!>(5!=!~b%q)d8L7_Bmh_~mLBEIkXw)swPo zpr(tCxPi=~oodzQzUMnY@5_yVdi+ls9_r0AS0hp@PuWE?vhHcpZ?0JC^p8Dk6cVu` z4jUNmGtxVNeYCOIuaX4Rwh#wyJT4vIw|M>e9LDTeaPKcgq^T)~`0^?Ey~gV9z#WCy zw!AX;Kh!mNAz>+BTaFldUo?l&j59hde>hB|Oe4((ajy!4Ep`bm+Y%^(d}X-c-0NEz5xK(ssA|SaOeiez!JPjj4 z==rat+pe~-t&>FF1dNnIcFqdW<{r-j9T^MHBk8s`ct_ebB0pGrj3x5HQuDq#^dZiU zG?_8_VoT+jGliwN|nSoPiFKkpH^OH41a`Pr{`C@n)44=l3Hj z9ai^Mnx&unnNhVjznNR0439VE*Qa4}ml0#xqO)jlNY47C$m40YDU>7ml>DX2-cik>p3of742D?JBn^-iFz85*1-C}Bx5 zX2xGu%h{Bv-M9<*1hmcnFg5)TyfknM;(wx(Fnb$xfONdX^cDR7SW!ahh6E&gwp7oO zd(~`qnMQ??L``R)n&_xi4qWs3$rBC#R{Nx8jX?y-5&tRa_SckCt!RueBHKg{iXWa+ zg);yXEo*dXd~_qOy};6E-l#%u<_N;uOnojH#^qA=O(dxxT?&DekJQSZDO@rsER8=} zg#4hOY7HQNL+ijSPIHN z${YMktF-h*xPxa?A;+gQ%m4Ly@Fgvml`^(D>aJ|Uwmt?}v+r%Q%`%Bj?Wmb!syO%` z`^ST*%LX%C_}$N;9){`?$V!w6DNJV?3{~j`f9s>>363FdW;9H?ioXs^M?p5+D2(QZD{GkQkQ5&r{elHrJTvVcy@OfI=>hvnYDKYfgTum_> z?y@86n6hoB*}=Z655UcPJJh)u(oq9+O`IgLY!&cc2 zPbUC{cY|D>I89+}x3X?Mwnl~2i(4msC_>T;>>N;L92{OJ_Z&&QWoJR{Ap@yDOxGSy zRK#yJX;2w@mL0X`D^lwh)se&LvM8_~ED`xy(PW@Ay8*QO`;tt;&pABlsVg`-P}hqk z>tuO8cnG|!cf5WKqk(xOhGePOB}vraVP&k>q;RW+<`OL;Ap>w`0>w{~=WS@6~u zh{s#f(bc&qbzdQ9{uN1fIn(fZG5>X8sXtUsj-mM#Qy@%OcHQ7J({JEdW#1jb7Cpz% zs?E^%Sr`epqqplKg8=_=rH((T!)i%)uzuUH*ZezcYWW9(|Hb&vA1o-`RcZED+N~C7 z*`J`zy6ktPmOmh$En%o=vFah`wO!^`$HTL!ehF`<+?)aL*nVnxb7y5}HIZ_Bfq}=i z=RlXI8PE%|!l?XC0|g^g1wBAAT_oEofZN?7&&PDYuw$=uCcg>DXC&6bVq3nDQX&HT z9k^}m8-cFmXSJms#gL^=qnLab8#qTny;DAtzthGA2g+VJje@2P5PXo;LTD67GqH7M z7L^*cr>9SI1v6!8g}Wfy&xz6N>KD%;q(s8KxQKy_uN!$==_xy0du^+?bEx zSXUauF#$aB$l6Gu2}Niq+me7#DFqk}F6ulRl?vI%F@=2>XQhM0;v4%y37bDp} z-eD!}$UJ_%1_JFfr6JB87}wZiTdKCS7j)I{9of$4DKUmh7$s@r=Ey1;_IpeI+ zI`rwOk}1;APFw6~I^H&%@_f*DMNXQ0qx=@s!ap{#FpE4_nY>`X8|zkrOPyjujq*An1}oyPGev8kjXG9wbLDw;RkDJ9DL5vLQz1A1 zt@s+Pnsuf!CJJibsSY9^n8?DvHdTSBc2)7MYgcwvk@4vzJ``qD03IB~|Cj$tIrsyJ zNK4`CO)Inm05%79AOWskZTz~e7L3Fc>^E0isbBbHnSH~ta2$Ge_5k-ucdfd*g7@`e zj4CFYq)sm}<0FWSA58*ofGO$^`F|dQBwh7f{k5}*L^YjZ_{t3RIJ}6V$jjsvw1srrP!zSuZ zBXf{Bu6t3&BMlk6hn865QTt#Pf4l&f5KE~vc72Bp$6B>Mhec=+C}KiZqo8#o70qv} zSmaUXu#Ffp-{N&b8?dgrGy@+Qtv8fPonz&dXXt~18C6;{0dfQ*e)E9nv~aQBI0)Hy z{G4OkmPXg==k34(a0H-bE0*omSxAgJYejd3dh<}`L=Zq<&db+!JsHhuWD$y;3wf90 zL@*9<&N=P7+U-V~x<=fpSSvUXtgR6|A8RT{e#SO2ej&RyAgfz0edTf52LJr2I zq%8`F?bvPNa5G6(%r8*U$*PPdE@l+nfTkF&pRAqjz?XDHdEfBKmi+nZ`MyDI`z-l1 z`JP#t=(+0kj9Z{ApjKY^vXNFR>kZe2Y%{of*um&jJQR-w@d7Uplu_xa5b6Z+GBps2 zEmH0cVhq!yn3RVnL(#(aK53yMQcGL|E+6yFyW9+~< z`FkPI2&9a2AdhbH_dSD~AZ&b+{RgGXES}K+(!S$a%VwJn*8aqy#+wnnc+ox{CE3sq z$-njzn&14YkxgOR&`4UqDzFMGU@FELx4+2@(rX>UZ>%2TAhq-34|Nt zGS5i9M} z%KDJB4cSnj_rV0&9o#eEZ)ZxAZINT(;k-rbVa9LPeopnZaj!rWfZL@LQAzC+^RO;2ua5S zlKQ$)Z&~SK*hC!WGoBv{Fbv)^`V|D;h|TjlGTyF4Z_SzWU2`#H_&3J05U#p!uRcu@ z#WdN}s+itA^|xM0G42Kc9s_v%Lc1>%Ki`iIu*e=eHIp9;Gi-{BUOo2LGF&IQ5DjJW zew`aLJJJ+g*ow4mTet&;J8i-l#p1drlN*&LfZ=IP>DPbjc;-(sk5w%jYp+gtse;E^ zGx8G@ZOs=d8lT|>EpgFXdlbZU+O0|LMXe3<+qXiju68=X)O`k)<=2$t!OHB#+>ZEV zgYg~#7+d3)hW=tkqHcu2Uw@xPOEB;WNs~|6j>Tt@Mq*RCP@^jUH>^{?NZ;BsO)gYN0J^X6)nzN^T9Yn}dk zd`VdCNEp=iPr1OW%TRM5ED&5Fu^_PP1x554A?!9ARA`J~^(+YeQWwm1%XL0SVhnNh zcLt^d+4fKyt|f;5X!7ChGlI7MoE6*wmiFAXf-Lz4UE{ zLC6k#UyE@7CA#!#HDQGy*(}7XhZ#`F-uCKTWp+Gc6muPWH^{ek*1loixoT_%v`K%X>B#2UZcTmz{E~7& z7+>2lJ{>*`^QH9vtL=}on!7Jk5+xdjm1?YNhEH@a|A%26V)#cF6wth5NJ0V9Zj9Z4 z^9*p95w_4(kevFq-sEPA!+LuVSW3xxbW?tBtO84cvv-Gqo2?Bv3^wAIK8rI5tBMR%r8Z+Px|3)e- z9{XqlIHzQnVGA{+cAi=bEw8?5%^EeME(O$*#_@N0$DDKa(L|$ZXjC;GgNfo#ccI>~ zZx-~o!Maj*%Xs%xSUbt!CKd~lV2EX#S zCc*6VxUk`Q!v?jnLI}zx=wK8m7DIXy#9A9Z#bEN}a39(^R4M&j-4z)ANUr@(-z+|K zgbL2KqJL+~L37&$wkI^|;&!~<$m!#G|5o`l07y#5TU24ODJCmCUH%nc4ERYR< zf4^~yYrfg@PQz3#Kp|C3>?Vb;2Oi;>kALb zg-|$!S`{g%pObCR>sb_BIu?1-bP&BzUCZ!`hr`IWKcY+a+9xz7JHAJ^7OjBS<9pk@ z2>_aqnN89jA!|aw^1x(`i|K>PBz1z$nME2M(B^GBN;ZOve>-MiD1P)Rag~B-qj)P+ z=rl)>RZNg~cjec&o|EAvK>+FE^ir@pwEE|}F;p=~UavIe+x_T{*RC}n(#3Z2v zTWVf89F@&N4p5Px)cEp8BO>kK~0PtYHywx)$Ht6qx3tg zgqG<{wkja_ZK@j4%*|=2P;<`*Ei}|iaFmg(M~Ri6Nh!Z2Ut6lBo4Pu=f1j3FI?mG>W_1Y3&A*=cN`K zCuA;>Z8sT6)M?8h6aIlIBRO|)3ehCXQZ#}E)>rMHhi%6%R6sEpj9Q-tg{}=NYspiP z&zt%6F_gd9&!<}@Jud>$w*z~L0yxQ7=wxC-Hc?ll6^=J-4?pJ_qb-nGtSodHHG1u< z4LcU619k_{JT_K^n+qRFZCi40oVhtcmMDO!Gl$u-Ycq9`pfb5TQ8W57ygf){$ao4H zLLuKtO+AnCU19l<#N00&7hLBP=NG7x$~3)s9%6-$8(m>_Q>-+x)HI=*lioBjj5ML{ z_c`ch%#cimSaHYwMSDtrT--C`-mnXU*MJBTfY(8qtHeD=X8}1!&oGfz6IZLf@}krU zOx$=NpKwXX|n12V!3@k}8`2v(v#E_fmZXII|X)bPE zHOf_XY-t1?hZqF1j*LQL*x20)_7~~>OW5GX3v7O{*rf12OIImJHa}~iy}_TGolv0< zle);GnC<^(R3KNVHTU3qC{J%wiwE|_gR)`0IrtP9!-H@NQvpVIO)8 z$5wd399Q54wX!Cs)#FzVt&8-V$k#H9W{^H4Qn{T-$X$^1gfm=U=P7wwSr4h-#G5yD}Z#2?UK^Sh*@~~XQFT`IMpspKN<}@CS)PvT%rtP4jKsz)lB)o zbsD|fCL^Z~xlk)j?uV>44}2sDjGws*+QYxs%=hOlg{2f(McYWnigQuk0RQ5r`!oUo+ zKqMFO>`Ut)QV@JwSeK}I0$=A+loH9YXMcXPOc(MRM2yJYTZDOrgu`?94a7rxW%=Kr zHM!ZJ%Fda+jguGze^~M(bmT3K)`~aFrx^>-Ii}o2J1lA=f&oT&fPm*1^7C2>Ua`8` z8~k(GR_8xvoWkca zVc&qYx!|xDr1bxS0z%IPp2Cn=tC$rt-rnn%9vzyNfPwhCB2BQ`v!7-S2G8HQDrToi z*Mlm@u_CgbNc!sF+vMV46mJ$=*nL^U8wee*%%^{nJ1d(Z=eebq(@nvFL91+CNXL6p z8<_e)q)TgZ65N6%2;z_|O(0v~0=LH3M~!K46lh%+NcJlUG`Jr%Qz1-@ukIG#hO-Y@ zt`)c(cIaTL{~!)*nse~-_V(zd#D7cjs@|P2;7Qy(b!NsaB%5-#gVM4TcNo^l}|oUf~)HokDPqvHTRh9c5YcYGmA(3DV!FHBN2> z(Z}%drg#}XDJq#z^`}J^De=HiNG%c%ur)34SC&a>fdja)A75Q1wK!R~Vr!ip4jpp{ zyU+MjI4*1}`q(+N-5&00#ZwH>7L`bB*U35#0KNI1i-Cc{`vQnYo+8HswAx8kf#3iy zNmk09M+WU$jE7@=W~W?2c8)MJB~fl;98@bY5{kXx+1kCG3_tSX3$UWu{ zNi&e7b$4G-xY0K1Ri&T7$SR0R``+8gGQ@!2uEBQcxN4dLOX})Qn6V?047VlrLgi}i z`fUXQbqQKL&=v;3=;OEBMBTpls#F~pK<_oD0!;QNYx75T4V=WV4ma#QMwo%jwI?H( zTw)7n)8{Ht^eW+f(iNeIcY06AC8y(UpdK3f6cu9FDS_oM&&?q!wS1IyLLIm8B1Olh zFzUUwSOiXz61@G8rP*ZySj%s%@EZg=HRbcukFbblpys62T`TnJwtn5nba}}hZMpDt z(~rBmmkO3^wVeP%t<9=315uMAfxDyIVesG2^p7J|*n`^^$p-QBk^y@~4a=iM53s^I zSe@RC5md(w0ap@L_o2a@7WY_i#NFo&(e(P->vKu2MWxYrh&3Xk1QMlWbIufmeN~wx zBro7yeXtiWJT!+*gf^-wX*w^R-3IO8f#QV(Q3d$@@FH@|YT(9|O|#9kKlr#pt-LDM zn8eYNovU8L9i`KK&;i*}o>kE0YeQE#Ai(py+uH8rQdwpmkF};Eg5bY2UUfK8(t?d? zcP4m@5zjslH6%anLQH=9v2@~Z;m98v1kBLLI3i_7EjHy$EdDlDtFT{|1`uqTosg(6 zR3BAS8_tv!(tgj~9ju(ID=$)4h{C{V-;Y94SuJ3r8@R%?MQ)~6W)O|=%!u@5BW2M_ zK5jETid|wF6YP3%O*zW^UioS0i8m`$R41(CP#?_}jL!SfPO+gY5vCqz-s?dQWqR?2 zRk@nB5&RuBIVUXTujVnzPTkc&+){QRmP$ovvOlE(Q0ao~65gC}T}n9hloHtI##{!Y zPC><>z_X)ThX*#xLIK3WJ0Z$Yptz1d|@Wv<>PTK>p|OSV{o3$K~atNlx=*&Xf*)^%L~fovtUswn2@ z?5crOw8qsKz#GZ2U0lc#@xX3ZzKaF=Ufbz+bL19Wls|^^>!>+H9@%6T`Qh=f`PpQS zCJMivc~HrnS2#LMA|m19V(@S%ah|Z^VCYU@?XK(ixRT+5hY(X$01g2#vbgT}`Jl)I zip>=S%q1i_v(~S0W~X-xjR|=8vin}xn)awdK0f>`;jkY&5+Dtlcjk4la!lmZ4G2v@ z3cK83wWK_meiA~hPkF&;0Q{TIR!fNBl?a`}z912#xPPr0TD#y(eba><{!Gl_r^w7d zkvCOqgCQ3uat&RI0Qod#Ak5alm#tg}g`@+d{*kJl zCa&3Wwx8DrzpbzLqD_j1qeKg@X>&=!>i;;CAQ&^{|Lkj~QZ0Z1^;NO&w4*4gC_g zrud8G!lG(DGL|b8c*t#DO-blx2a0N>2VhMjG3?4IlJGFW?`$p5y^PaF1F$g`B-bNu z04Pb~9#GK_H79O70h}mc5pdzj=u-Mu8PV3==(ugST0)I;Wr5-=(6E(qLh()$mr!wY zGs&p!6$itfo7%p`6_dMp5n1$8E?z7Y11@&F$=yNKb-FV~r1UrFUjocl%L5b5;)_1$ z5V~aDviDe|U>G!n>{k%abVrn!&jM0g?+b43BUKv$8%I!t_@fll&s&1>D3>9Lf1c^& zBbe;XtLav)XDKP*s+H;lB@zS1z0YZ<_p2k9t~!rryZ1I34B~gQQIBwV#e^MueV~l} ztPM+$2fzKsqPQh@^m6=?gh83=W5+rTnc(Wnkt}-POQP;$|=mfZbPXDPw6G1j~bS8U08w-id-opZ9M+2gHQ2a^Lv%iAIi-`$y1 z8$;rXN{HKx$!V+L|4qi3&?{72?TczbKfKJUQv{MU)TkYswv5l497u#AC#-K|3r=RhPb1AJvohqh{U-`5#N z<`gzcpR9^OMLFsJysHz!uBTohp~1D7tT+nI|nKCKc4AUC$RePFqtC?V_0!nbrOb zFGG}e@L*=5R%f_sVrf8xAsPJD)G@|Tpw3x!V=~*V)m5?6WXHT~rvRuA2(-85AjglB z!R$?&)N7w-{kC`;KVwT_;0hsmjFfTHA(yj?*$}%y)+8H{as)ZA*lEn!fR)8zB5vjx zTopdC54nPQDPzIHQ3#shGN>LAa(QMk20_>B?^SHz>M2f^L3Bn-dG2O;p1g`d`BtxL%`n z&#Qt(>d-&su`e*<~CV+nrRJLMnfKLxYS`DPUoOpOaZx)~7IUVLs?94=x?J_`Rb zDi?{LAtbV(jDg@IGgV{+x4j{LyJbt3kceUniWTM; zwavZ1cq^kc1~n7hne8#&`cEqV84Hz4WQihW`Ku8`oNsy)-LWM(j=MXzE?EiqbnASK zs7tq+6lp@K3Fv~{r&fKU;l=AOi>2xOdZJwOiP8Y>|HzOaos6LE8C!HoAB{T;KI~5r z-L)I4N6-4{{Rfl7RZ9W1bN?aug1^`qVd)iw280oAQmA}|ZeFmkVthPRW96?~U5!NNBR92?VCadh z&Se<-qG3TD=xP&uOn*v&;?yAJx@qd1rZmy%f#U{LEY4Q8Gz&>U4|6bz9km6y1IMIx zczGq;{~iG&D*&-&gH{fgn_o49RM<7UEd0_eOeKku6_)QT;W$ zr`-w`vazwnb%<|dY-CzG@;h#3+s~>a>tfG$Eb8@*b`jUap|f>8(KKmU+8{#!mnMO- zE6uAiL7p*COS70h7++H%8^U(K$18gxQhjcwr_AUlXyCO-(cI>T&{P)?7PX5oYX5{O z!^lQkLGogV(z5T&F)k{&_m`#~fuT*%sozpaL31}jSz{VhD6AwpJ3Sqw@&0B|Zd`4* z8tf4LEjlsuC#uh-R7vnycwu>lW8WLo^|-7<5^gkzfuo-H$EahO>m-g@TK3L!A#9^i z_OY2tcmr=P8wrXiQ(hx?pY;SJ&-%uO2IKmM&!1=KFUt-njSK44azyTcd0K%I2cS57 z>ybeYz_gqYTFGNSP{uNJH**#>Jh59ZJs; zhB^!d>hHjyv2ryb!oz~{^kl>nhE01rR)D+s)D?Lj*DmF;h`Zr7hByna6oHPy3BW0EhhpQzLIOYgSI$GWXD|0R#Ww*CI+g& zY7Kxx#6>ZN5)PKb$hZ!M(KoA9`1v9y ztyWzUDT^MWp5JMThAa#)WsH$|kx7Qh{`r%4V7mEQ9Wt5b##kTw0;74x3JABMCXKws zhChp1H?f7fJ4f3FU1(g1=ai8q#R_&th=M!PSxR4JsZct)D2%ez7`074yD+p`?brNm zfmNx#SBUxC(dY>xjT^AILQ@acU(S8Z)SLl6Gyp*2Z3%4TP9LLeD-n3|W^zHX2^g^` z?(RBeX!U1QpO8Tjl83w9a>Cm9#FUTWn;O;e3Z+V?Ly{J?d@4v^-1GPlMz>p~F3?=( ziQ1v!g!IS#A>}voSl+%IVtMENmR2-cR-BRBc#MSZFi>|hY)>IUF>U~xfB*PAI)U)x z-V8r=F1w6F=9DS|^U?B%*<7UQ<7O+l>rhl6GL@pfmods@Bxk_h82)k4hiy}3^E!#c zAiGtARdW@2kX}9wsw{;o&IUt}e_XUs880cgJ}TZ4ojwK|DrN(U2{RT0{n=c5f`RTW}HzwuAQvX5Ay;wY6;ZO_1{Mz=lZ0t&+Rre%g_;Z z>#Yo@hF(>b+}45@ngCIFcZyf3KzrCMrcoKco*;3?O7;uN_*{@-nM1~DpFWjKRC^y) zfS!vxECPK!pFq`f^*r>Fk^+Qc2&Pm0=a-b`h*!-vF9EQ*5+V>o5v{cQkVe>e%vtf^Uzg4z*ijcaS$eD?q)g=+v-I9D)XZeZp)MZ-Pbz>1 z-LuDU|B@wVL}&yup+Jhft($&x-M0_7u4e%96aNPrHmbv2o@mL?tOz2uY4(9FuPr7P zlSlCcb%sBuigwHa1O`6}3cmy9>H=o3VaMg6vQw$`K;UiDmy1SZQD!WfmO#^>E1oXu zqayOcqdT?2jW|A}R2={2c8p4D?Xy)&T=1foYvO7-ath0S6(;cSzgzS-iMf!y`M(;B zzci_{rI;_!kRLfIARN+KWid%oj}!MVsRo@;Ugqf`55KiYgE5pq1cURJlthZ)VSLFX zugsGgVK%d*-I4oU1kWeD77;H`dy}z)uP&Xx`g#=huExVAA3o68nk8REAk$VDfrMht z=hJ@qm;49d@AX_|&eR~Tw)oI({Agg+=zwL`$lzqr=Zv|rZfIC#Q~!Wrj?`XJz$6Yf z7Q_+n!&BY%MRVT&n{HlIKGh zOMVrz&XOiCxI(7#bPrl1ADX+}h~!ZG2bVB}70|Lp>t*Vi%efIzdhBTFs-z;~;iF=r zWw8IGT9=*ZC7+Js*&IZQhbc6~^4Q6Ilz0k5hw`sb9$VXVTX{jUr@u;k*yiAeY3gu( z+wS?_AxZ@&ud(%=Q;@Mys$qG?F5{P^lyld>Rco|UF;jdV--yfSsHP_=&Xm$JPeA67 zgtIW@sQPy6C>YNwo|QGnR_vjbvvPCMe2*jZesMj?xl|zQo)n- zs`ZFvy?$54t=EK}^^lgo&F?2!=XczY^X1q$koo5nOd2ykx9cU8GIjL^jshqj{ZR@# ziN4b=#(c2~-#u&)2R_qd$Hnjfcfv{DErO zJwD(XO9O2_yw^SAlNms=;7pV3&Az|yY0^wLt{Ih?^wf$tc^@VT=cEQPT})!UfXphe zn$0PB-eUObMuCc3Ys%$a?jejiv9&>Srd?_(K2TS6psl4gLI_<7mQ-m|Gvf4NCDK&W zFShFsq&wa0Q^8b>d?_r{ z999ZtZ|m-8?btRy4C-l`d{4%Hu5{#S=O7=Jut2F= zT&>p|Zj^4_5)9<0{&x1p*bpEj&g`9jh#vccF8e|W6In20=NSCypNVJd<9!ATpY1SI zhUkac+pLruFJ3vR)Y=TtTL&}Q3bHU0m&M+X*;pZX-@d-B{O_1-Y>mKsX(H=#!-tNq z5naXX8OP>lzg6zLKzf8(tQ|X4>Wux=z&5on0RDSMb=^SHrFG_~BOmR0aVqb*YGh$ud`i5*qw2E;<7;yL zB<|{T=ZH{v8;VJ<&`<$#PrwCPeEZtw(Vw-h`LJU` zE+0D=Zyc$HAMwT-zo# zu*4BJW9#Pkx8uX&mb9DR%x3{B*0)ZRqZwV`1{CGz#p(0e3_LZ6B%GWn$Au2rdyr39 z_n}s((swuI&YY3Gh--t;hm^ZASrV7q#wYbN4gWmhBI1K|Uk0)PA<1UC%ZR$HZj<9pSc+WVwZG|BHi)H7o&>y!D;r?Wb;%S95f_;D4d5DH+lU(7hAa`Gc;ut)V zRm*`vY~u%{@A%WPODXuhE4)4j)aRfp&7N$l`-zJV3{#9?)c#|}X7MeYEMd&nfkQRY zI~gE{?tb;3y?2>V=*85=6(=1?qWeC-pBAi|rW+P+JHIkAwH~)zP(Qm&tt)2_jEifx zC+{k;auEs$1SIiz;gSJO9dy0v;!e>3%)&lcFgVVOr{P_kY3YTpcI|T@ufIl~^6yp` zK~>-&4=q=jb=(L)7Hvc>yVg$0^G8y3E+YFo7F-8gkYv}HPM(i`)I+OfUR{v=Z4&|^ihhqG)G9$hhYE7@P z4Zu=WA3?N)tf}K{KDW%pa-P}WjE9m6i7uvLK9ulSxH?w@t%!rG$i?6+oPH8?WRC_A z+q53t%N~(~@A$y)kR#IAiYdr_=O83_jOHGdt5qshu@@0JB<-csO1Rh_m4gR+l8M&- z%#|LuGd*(DfPGes_Fr9aX{+h5|2vtgU2HgtjJ27>21y)tzO@;Nw+JR8$a7+hxw_Vd z762)C5Nh@~%b?&h5n`G;Xa>7y^Gyq2D3cMI%?u9&;DIjO3WEpA$0>agYAnbS_Yc59 z^`Y>JuCPv!VP8X%k)U|(cj6%f$9K{$;gk#Y1dy8bRi4qTRpq@1)a%Zn0vE`f`Z|b` zHiB@jam9@$%5Ey`$bwV(9g%r+I=jGfhhp=>*Nd$u(yToFSo6^G={!T$7-r< zZ*Z3Uxx7+(r&72wA+Tj$4V!agtXyN8%P_ikx(ptO|w)giM+K{E` z7FF+5f|=V%qDih1e!Ot@zkE*SibWhrb4*6&Br@(1zb8Q*ePdxK8Wmmq*0*;6vLXCJ<)xdq9fV_~1S4|g?zuKpw+ z$cc3gYdxe6ZGeLwwoP1JJN#yf6~MkD!k|^+0RGK%#yfgyRfZa4^PmpRZVMZ19KqUV z^y`D0*+6E`oR>!Qq-eA{7N})#6U4`7)Q|R{U5wda#tL&@uO4mWipgyk|2dA5fJ4rD z#?n`pZBh5_XexHjm(KPC+!%l1rq}hS2ODbE`>cojBhN#MIh*vT$pfWM3r)!+quOkgsIV7&4}iybNz3)%|W%Bjw0taOE3H+SW^+BYTbCoD5QGI8Dq0F}RiRIU_ktribaMr)4UOusZ9Q1GZge$;U}?3H z{GxlrBKs-4_Q3r(RUn&3jm}^ zMPh^@4{0QRRuaxp=HtFn+~cD9b+OtgMJ%KFW6bZkdI7&(?C2^%;a5h72NtxFRHWmrpZ zj;imfrdI6qHt>u#6)@@yR`Il#Y@Tb55fdQ&Fqms}4%J=A>6hFapL{rXT;4jN|J+&) zp{SR9Q8-^+F|r6}P*>^ol#Ier)w=9w+%05-SK5dT&R2=aP^fwlJ^r-xO}u|ls;HLr zEKWA&5>>IFq{mOF3{y)X*}P_yc@?m!h&8x(Xo6kijTWm)JH()tS}FU5gt<1x6&52c zpd^DRWcQSe0Zk~FmV{`;TidtOGf7?)8&GcfZ)T`fgQ=s@8Lgw}gF6DotmcRdqrScK znXC265D>mAN_0!7B4lt%%;WGF-do6Q#bljjq~mP%dD3bxTT_?5iZDo_c)rI-RqpVI zuN}_@Ywckxx&HnQ{<3TYe%I-UvRJx*tmKAfL-7nrDu{5$1m6ue1^N*nW#{Q~&>3O~ z$U`Nm;qi7G(17bxN0#f;{&>SzN0{joS!=LGVGf-`lgV`|*=*|}+_T|t3=$D>k|EMH zglCxQ5YWbH&v5m@&8w?~mOLOP+-=A4Yfg91q9t*0J4VW3WZ5C5-q8J|i6MvH-LHRfrt4@9E&d($6-90J(q|brx6)~g>o{dQT*cK;F71Cb0Mgo$JLoC z=ubp)A5JbY+n_{GlSHTK@40zzeRWQXC&?WC@+*4zI@)jbDC^1Xq=kL``Kv2EM7wXwCq z#>s4K+qP|NtcmSxY+EIfUBP(|z6cYr&|!CB z(JSQdRvP)~5^RzRS*K$x1Y9x41PP?M<1)+dxy#X>vp*|C%d~{lcn}VmQ-f zJKYNzf5v<*XKKzLhQP2XPBd^?&wsii*ImpQeg{rjzH+LlOc~g8FFii`rZJPndBvBu z-`&!;kbjs*zN56Nhvtu2)@(VITn~cM8(y8hwnGGK8a+_rG{UpI(myq;IqL}@{0u`S zA2}8DdDJ(!KG;M9{(xQ3>|D{zUxA<3?QCNd?>($MW!zk6MEYLi>D=4Q!qllE;;nWl;ekxn>84IbW#8()$Js(9DZUx$6+Z!_Rw!7%M5EW z_x88#{vsp`eX#mBd>5>QagM+?HV-S%+<}~y#gr(_z}2j( zgK=Sa|GS2`cb2LATj2L(R0!NGGY+yAIstcfil6KPUK69R@C@rYtczK&m_gDVX~rLK zHAK^?Z?z-ic;D#p#z5dDW(mmoI4H&~-R+fu`kiWM;p-T4T^*!p*V9!CT*$qwJ#S|L$%icNBhj+{M53dG$pNy>Ezf4Ee0keQ@{gOlT9%-T+xo)h zoxcRX)#0n2k_*?)dxo5;ySV$vnrO;mhHv%+on;)nHzNheAOKmeLvQV#3=KPs%u-2U z+NktsUxw1p7(gxKXLaH=ub>xl*{TP5i}g(BtX-l(k6(K1OjQkc79H74WZMt&X;7=t z_JW?jF;zvCTALVQz@%2WDZ6IQ%il^W9jF+cQ+<0F=sFJM^)g2u)j0R&_+vv455y?Y zjs7?i*uv~xbh|1s(CMF1hB(D->R{R(rD$I<-=&zZiMuQ_rG6H2ZWr2k+}}8VB>Ztq zijc}#&DhZyi7DXU!%Zh>W)lUzygj4gVHg}`ruAWc*a6$UCZE{CaN(IGVB)-IKGr{~ zE_f#Gw!)9xXm2BW2(O~7-c%~DyZx4X=|0M&>jQQFP31P;?ClVTb^%VQkW5-bdQe79 zj>xPb3W8I_=0#eg$S}d8t?DO;6=acClPr5?ey!T)PBS`fadM@#^Hq#cpcw3|z+(GR zVmOu_eZ>kJDy^iD0BaqdwKK=~z?rT1JzQgJrHnvDBGtb3*diTof;V%XS^Zu(c{$Ar z4*e4u>a$Kk#>l=)l5c_ZeBi+`1m|dy>uV{mzG}7=&h583vDgcg&t_>Qs`R){9iSHM zrt>QYwHS>u|3Kyhj~ign+2=c+s;+U1R9*hQe_PiN-YJ(;_MEWBEixS?`b-bar?Q>S z#m*vevhZ_dyKvW}lFA7xHK*RRi+YoSx!(wECNHD@NuHZJd=T%P3z=yPwKiB9?^=g_ z?ekksIsN0}0?L(o*WXh?GjkuAT$3%4LORuChh*m{11n2qA{Q{q55jL29HVQ-koz?b z-@!G!3Y*Z&Ht)L@9XkWSqniqC*d_|)tQibnEr0X4L@v12rHnG{TfJk{Sf7^EpSB@o zT7GtQP5CA_^3TB9{<-AI;mo*8uH0h#^mooojo-V1rqdgoZ4pbtU{N6@NHdU0rTQv!H$%YdJ~CoY$ZD$83><& z8V>zN&s(&ip;Vi>;2v_D`$Qfv$Xj>#(Erb=oeAR10P2bDABFAj;(u;#*G>sPe?oVa z)8X4x(AT_ zqbi)BanpBR#k{=ma6Nn#ak?*Be%AL_G&hP0jcocXX|0qS`x$+|e^{L*&#At+$kKow zuZlNlU5gejUvckJHe_TrBG*tf_6Qd*C*mjHwXNv(t2Cb`DYB2rA4t>#kq3FDb~>YO zn;eDIuRHU9;L?d{JNFFP7jv+3-_=(+h@*h16Dz(AlpBsNWJtFdtkI3b9o7E)3S=c( zk4qdEt6b5ridh+&kt;!^*#bnYc+r==nklq0u_kLHr=k^_mhVl#M10blTXHQPZdR4K zXt7$0US=sHb|%y!v*UBgQR!c#2jaA`U{hAjHj!RglTX+a%JLqbH2`Ki=PXv!&mK!t z(g-bHd>3#{liO5>bfjQI2oi^225q1yuUmH0$Rq6xV9QMHB`l- z63^=Pgy_Muo%fvM%T!HD=e`{tL7Zgqv{hfaF>V9iAX{z^(GH(ki^WGjpN7Rag7m(l zH(IGS0^FqBFv29pD@+*Db0(GU_-*{QUY0mFRL>()Lt&YP`^{ZaAGt3=(H6mE%(p?& zxT#nC`H5d=Y0{yME3T%bN5dm2vPtCPgb8WmG_=`?jPY}zfdK;ZMsTt;r$joWKl{zS zmQ3!DrdaDB9d?a_jA{xrU&8!oWS0{tLURvhAotrE=V84@%ixg*QNHO| zCPAHJQ|T;1%{)MTd;tHfS-`o!;9=NHUmYNVWh5+GL4=KbE63KUC0$)2j%wy{KdC$g zc#<~nE<$cShDqSdc5Jl|%$8G8{6M}lf>DAM&&G?B65T7xz*<-(3(Z@hdESQ9%}Hjq z=`AXcbE|M2V8HY=3ebQXfj{(=A;4zkMzf-ZJDt19k`o)Q98r2rrJ$hlaXsm}usjvg z__U+Kp#ZQQBo^m&d~O~JQ5e=tZ2krT9bizrC(c`Ie3#2z=T?FigycFihcLl^=dGEk zxeT>Rcar02MU+7Ul?(eJB^cZoy-}UpW{BKp??jVFkg0($JQm~8C7SxzoW>66?^1%J|Jmd3PGGT=d`0-Hg3DzS!Uyr_Eys{b5 zwWy3VTdELUEXSWvKfQ?74jG{wgLmJm98)n|IvnMx_lf;q<5YK{beMZ8(o^rSn!khq z+7X>unl86*d(QqZ8O&POn*b9aasKi-Jd8#ng;^1eN3+sJVck-VYWVUH&q^(gAd6$m z`%IcQON{AU`iW{y<(8aQrWjThPG56mG)!Y%K_Qd^A+nf1h$5Rp{_Q#N(3)fn)^`q8 zWql(Vbmn8bxXZ!5d`sMG%{RF;{s65JI5fCCnLAf=Hleb7@#-!Y$DlWr{8)vk9`@)x z=ysJ0WX(9VR{Z&AEbPw!!UvHPWo^rpgGCY+%u?0u?}Wf#MWC;RBfeybUPC79;qy@X z2(YCf46f?8r9b)l9^kQ8O?_T9ZdvD89Xn|kGvs|8R&`fPey?Y5>A70Cd1$S>)(T&W z$!Gu7!G&&#C5s)XXy!03+Y)ZB{(JSLogMsT> zo@BdMQHFoS%I2lg9lwy;Ydl4?HPaTT1%|QR+lw)ze8=5*b}EpMEle^46yhk_Y=zD9)A`Y-bhfnKh#2Sq^j)&V+*I4SkTH}{>J7u3Yb+RH@|=J2FoK` z;zljf=MMDxONr7-PoEUw-KP<>s&zz=d!OfM)uNJE^?vdk3w;oYdg~##80^LbfsvHi z*f;6s$yjO(pB;-q>t(&VOU0JOlY6zI++G^!1o>KyB>y&yheGPp0CuxclRD@H4))qG z&Kju%I`1Y9AGPu+nV>3^_z8cHwx5`pu^E=N<&wjhIYNMB1 zfK{1r<612%ODYYcN;cp73IsLGz$&TASXxSa9Q^f>U#7Cy4xKz@D6$Lxv=(uU^z97O z+9#5k3g_ajj2Ekvw7lltZCuv(FzAzf)(vU$Gj#IP3ZY*T_~~(b?zZ)Qy(V~m@afI@ z^@_f3+W(waY%p*Ei|s%FK*f%G5h2}*m@bUX`hWgkD0Wh}0=V%%>Pvt0WLgujGX~rNDzjA6snBYyF89_S z%MnL=ai#Fo!aEwJj!KQJ|KL`E6IA8ruaa1zmaUizMh(Hi4HwFlHj_<5Jzs}M>$aVsqa-8z$fqpBYaAJJc$B1k7Z5EjU80OwMmgmX;CubttU zLFGoYuT^}t!v7=G1+6uD!2?M0R2&unMLy0s9#L&C;kilN;D6q~O5|?sa7A(I2-wvi z?FZ9=9Wfo9rI~XfLTytc-^ahU>8^;4NX&YaGqS)<(JC3a+b=7*P$;Nmp*Y397I7H@ z2_zYV6Z#upl!7AftQpYrV=w>X`6P@yi4kbYX-)`Qhek?r&6>&^24D(OhJ3(30kvrl zlPPb_B)zO~^XJ|PMl@-F)YxIU(@e`zmzndFAE@(2%4?mu>SD*jZlQE4c62YQaU<#i zrXda4vu(GM(GsgSEO9U>20U^=EFsh9;`pnHY0&bANe*Gjk}JaI)Kh;KWW%u&Xfd9c zlS($%mbb*$b1I-WSQJ3rE#a!V+~P>S0~GJ3D!{6a-YrniRFN1`YVb zcaz=;F~55v*4LC4`gb8QQf#tF}85rD{&3sf{3;7Gvi&Fx^6>d*SM`qwo!Tgya;=%IZQTd z?mWw!_bVWc$tuKe7{Xgp7#|mXli->%hBV)x8lRt>f_Ha_R2U7<;3A5|A?E0#!!?j} zVy&R2NJul)m)F#N6VWF}*K zDA|j2set%FqSbAnZdj3(W|P0ztRDYe^_A9A<5HI}tS1&|+6y8k|Fa3BLP1_9J9(|Z zZxR~{9fQ1)J2$q{5Nx>_?5V&A3jAGk=j|L7sPq$|o6ZrZ9vEsRY%5uc;drYj1|{Xy z?)NZo9%8Zx1r`!^_}W(=To)QyKSX777pc5hYm&$=q5W^Oi$!K51}5$`2GTI8XnDBW zyt~||)v@@eH@q>`FyZ#{kC^Ft895LuvNNsI<9#(oySw{`z86}x07hR(mif6gu?32g!wwDm$4h?p{*1nBE&F)gZ*n7>>{8E9qG5m9yO8^hWNg1*uN*^5`7fqQj;j@A zREWsyf*-Qwgy0j;Poqn9T;XxHr)28M$L|u7y%%?tb^KBdCw;^n`&`q2MyL9i09lH? zALu0CBBDATmj%*m;7(`q#57n*SArp1GO7x`+Z_}Ttg%b*yIMqg+U}uC@?#E_4o7?1 z{`_hV_ZI-Y6WRH`2G;d!r2h?fWPPw(WWB_2zhpyN$e*BQi+UT&Tb&d(-twhxcBH|o#^FfNa9y*!XXw=(Em%0vh`NG?FT8~ON7 z;ix00YZ|1y^@`Zx-vBf!*HP-s%?i@y$)}AIQMUQ@;sa&K=8cqXQeAo0k?R|lL&vV- zW_8`(pC)y#<50Zd4=O*SY{G|BcPj>#`z<#tHu5~ zMRcKD#ushJa#OVHg+)5ILK&A_%R&azM2sd4DFx;q2|m7qgqo`&}_25!Ue4E3&n{Xcx~Wk9wKkB+7%CoUy8St;UN}G!aF7 z#gkvtTczLf&Y%i)C|(n9aeWBHX1(&<6;WbveS4UkR+o0ad5_1PXpAQ0Mu&vcyo)L} zeZr96!GuD%j!*-!9^fn!mlr*N%ak|L9+rmQX2+Mo8x(feUCZWb;n6ij-R3X5tq?8C zC0#0yDe9A7$D_cJ+M2)}JZ|_i^?f(4|Ext$u_u=5RjObU+gdPql{fF<3QeW^=Y)^o zq!692?F9d`)#$c_2ZHTOsD^s6`wUklxdOfDJt}z8Uh=QS6jY&v{Reix%ip59VB#G1 znCWH|&6{hw_Ct|1;e^A10PPl3W{Gb<6*}i9Smus$wUdji1#(W2KE*30(zT&S{cE&0 znRZfc7Almq62j5>T_NF-ry1gQ+2S|6dKdkLATmB9`nx{*!5bWr?pfTIv(pEcppQVu z`YXa30+4=^p6!Sbt#2`AAUF|vH{X3tDVdTM*4B0qX?(76?lCu?+h%?h5svnVw6Vgw z{CFA@B{b39kzjmUF(G>7H~~yf52psV&x|8uUn3)cAV3OB^z&(`Za#$C&)^|CMiLNi0!N84;)ux)o#CX977@!B&FL2tnC2rWNKQ~#Shv8Hl;;9r z*`&L$?$6sFP9MB)?bz+24v^bXUdA=?h++m1+NvQ!)f|Rj;`Ltq{iTTR zb(ndqbCrmmr1DEO!YJ-6O9`Mlb6!>T7~J|QzgprI*!n2Kw&WCp^5`2&apzNm^7x|^ z<)zyo)az=Zx6S6mKSV4)t%SdLlZs+#@H91Wp107=i9r*aw z^Wj0VB{>s!!&}+odIXtf5 zgVZf1YbnxVZZb`3)O4Se4bJV@R})3)h+Y$IAt{dMdEko5*W3Gj5}fq--Sk!e-QhggV|7!}&3WW&6>;!Q>k%WEs1U|e+gVX5+J{9ZK-N$99*5t&@siG@rD7-q$6o4j0eI1WpW#C5*Uw3wI= zP!?evIPBD^&zzQ_*RFOq_Fosb*+tUHK7ft0Y0sl&`gLJQJhkJ{tAmt{AcVt2>fUXm z0}U+9wf4}h=LUpl!U-UZV&c|)x&i?3LI~FW)7olIqbfD@l;+m?cU-Ji-OpT)H;Gip zJ7m#eO)Wx+<*ynxRl8*1_e|^DZ<_c0Eqkn9qhH@9B&yGZ2k` zO~Cvsr!6bvq7jFbL}M_G%~$f{9od-B7VajXqzBDHv@%UI_u(|l)L&tgSv>Iz4Ef-O zzWn1jWhVP5WhSIZWu}LixZL*xm{lt5%hz1YXC#y;H;7?;9B#VXJcxI?KISQM+4A@e z{;R)|8aL0ehGDV{$8-(f{Mm1~6-$k!hD)~!<)OC6z}LR}!eIB@EoA)xUt1TyS^!Zz z*Ez&eR>^-lX1$r^e?9_v`93Tday>aUg^}Y&I^@_7%8Ne*8RFPGLba5)&X|2WSUehh zfHOKkM!Qtm3H#U11`80oJwjo#4X>4?AXRjIigRT6ll+4|qqpkr4b~XO^W#To{cDDw z^gXoxy}auzlGBU+-l656YnTrGsdK}^wNu_hZ3K%3qar*y#eyl+1{azpvUFHivvg`< z%XlX0j7!lwz|aBQu85+(E@4WbjCK`@%^1znEac@#C8sIVC{39b?CtNsmBev~_>oD6 z8pJUfe$l%8aLQQh@|<(HV&=F+%Gp(tDx!RY-YbIq0dO%e(?})p$;C!K+KM-Xw7_+e z&X-$0BQ|NVq>2V&BU@G)52qhxW=w(SUaw>XXn{r?U zYmw-ZZj=+d(5+f}Y0=d1{K8+wHAoI+5`js#lz@fn^`F1Z;joEkbd(7F!cb+wz(yNF zNdkgmsc>=7__}|@nUvO|qLb%8&`Nk?GjIhaB;<<)V;d2ZQ9MBe5{Xuk(fVND>Ou?_IJ3!Tp`iTzqy zF(ww^d2DWe4;ao=s%J~5%(4j_X?);EU=cyE3=3$n4TB>ifC{~Pj4Th zVv7<{eSAvNdsViyj!`mPa}I1oL@I>Km-Yr(yB1mMqr`{NToY8H7h&OF{JLUiAK;~U zlY#bk*WMl%OfT-98ds2A?K?^}CeR*`NI=%z4=QT@kS+1Py#2_E_~Z;Xx5MqC)?uhR zH$vADNnWM$PyT{+4RW;|(aJi(U(m}FR2l+)){1t+?jpB5(PO@7r{Kqj_fV&RGaq{}t^Y4i38vVu>Y*dhoC9{~@K^ z2%krXb~^wEBIprW$dOx!Bkm)lbms^0y~@6CedE9XT;A-?4mZ!HUB}whGRXt-3$29)-jBo{O;FSqaLEUm}smfYd38BU`*zzNeAmK=F>8h$_T6KZ=S*zYr}WT zcNm|8vQgs=fggO%19;R2CNsQ{S=dT1b&`${(BOI=@{mss6&AO6%jCL&R{OeT`-T>K z-AkBcTVd-LFa-*OX*G=L&(B>Jl317mtsKBbg@A=LvPvK)jBc`UjiwHxg1CI|!)32E zu*N5arfIp}*|V`}T{Ce>iAYRc1CncpxY9*bB~Orika{H)F4VhjJW1Znoq@hv zZTaQjtXiqRadLP~?OI1E`e@K!*bIAF8U7TviisX-bc7}YL>W#>Naq=6pF(UC9Sv^p z<_1adyTWC&SKsT*^jaXwk`o7@>4=kSEh96ppGSfNC zv9p8GFo{ZbMscLdaJ?yE!Cr@Z5P8e$Lk^Q^Vp83PyZNO31fAnu4`pgRF|ZNN(*W&# zsYI1^E(SaRO_LRcD`ZwU1*3hC zp;ll3=U~~Tc*>C9&+t?YTt!Yx+y(N!wV7%!R;|0A5<>qX09a|VhNR-TsT(i_a{M>F zxv2m}%>`5IN&Z{L2UqOXJia31Rq^xJ>-EclfIEg45fp>vg!-A^IzYHzvktoO&_B4w zSWx?@D|hCr={f}&)f3MD(~aTC;f_J?@sw-n*%{>k!+yt*pO+{;+PJrp=zb|7IKay|A(1-3p_s9{Jp+ptR*hxMCu|@0 zgK;9ybOptbal(RllIwwT<^!jNyiAs(L_HYoF#?PCC5ZR$%!@v?#&xmQ5v-;zW(U*3 zK;yStFGKu3ivdL2Ig35SGw3}(l+)B|pbWqwLvcd&SDQ`UwmuWEp6RKB<23MXT-175 zOrw^&(`7Lim!eMHy!*#vF#ePZFGaJ{L@qy}3cLBwOu6~`2U=X#LQ^^0KdGrs%rk?= z+m#`kp9#SrhJ-%?mV%_VbY$bnXp2jeeM)eN`&;Kczst>)03D_s#d!ollEfkmup8;L zSb*YVcjSD70NhRAXpiXw0jdCwJo6)3v$9p28H!I6qUSVr6kwZ+hC? zRlcB4?-JyTK2a$gFB?rC@nsnx)zf=DuXyW%FPqd@T z;`O)(vRO*b`5nDIq*po$#&k|RWeCRbH66V=bgXpq#v*BP{X&GGmFo$LHvjWp-fr%WwOc9?lPQM=!c%U#q7X-+Hp5wlwx<-kY`oRYu+< z6I8}Xb)IOjxoS`la?N};zmFSU;FBKDRGqc!g?^p$e1Wg5=e$7DaPShr>q$~+=y0E( zV^`QM>Q%tdtFNp^3FwxLu}rK8y1ImV4D9@+gp-H}f}eF{W0WkC#~h7eyFE_Ts7Eqt zHmM(2?INxY3wk|_`0YpgRy6WPgU;N%Otcz$2XA~%t{Z-=x{2)`x3+rPU-25ddQA8e zsNO&sYBYr^ym-S`rLwa=ql0jPJ3l&^HH8K1uh&Y?v**33A=g+=wA+QPsl7fUMxLndok7k_Fir+j7JZ|J*jvTRMd`+Wqb z2#zJbN>DeO?^CyBZ^8VE=#wLqcgdQ0;@NS&(fFeIP{px`EOi=gs1t{rdLM*>Y(7TJ zN*Z06SbV@^*`)gbmrd6=ISr->cSX?6+SrXjNgTnc++3F5#N;xZQ8ai9++lS_;NoO! z?b(mCrXbWoaOih}aioX~+vjvd1kY`D7pr{ygdhOPb%|FC;YB*MBOHN~c^W^}B$*NO zOx^dEMk15h6j?Rmx%bm%_;hfijQ7J2UoepM8qET33X)35P?yhsz$%>sbJ9CN?|7xy zLsik*vS;bOjRugZSG$|n*AIY850sC9Xzs37BZ%F+2vV|}%iX!{uW$l$wnKa|aVT|b zDU%VX#H-69H@)L5@JMcS26{z2Py&!!h~2a`4J}>mqWGu^*}zX*ZiXTRq7|x2oBAQh9&za#?B6@&|7FJ`hmET z*=}7;b}P$;bJS-IC~NG*psgPnjzL2Mc|n?vG5NjTUIL&_MQGmD{sT>btj4DwKft!y z7xk+;L2jFJLU#|+N!d-y>+4z%OOrSn+xOF6h=sT$XJsfQ?re@b44iwQs#K7+{>X%L z)iw3ZO}+S!zaoWuFRn5lvTB}_tUTi!zpP_T!#k%5z49EIHbZ)t(;vpmE~YiZXEuKV zEHJOB{!SQDQCAhB(bf;7v=~P#W^_~GwEm&~DQ9T$G3=gu3)b`*Zu zg=q4PrqQx9k_7u5IE%^-QXy?fHc-{0R2BpQpAXo}M)V{!yuRrmCmshlTSWBRL{@^> zyt|+q#Jg5p#Nuj|Di(R@39=4OhoEt<@Mvy8M(a~}RBJprA<|`UgqQhy*WDD4>SdC@ z-3m}p-e(j-iNy*o-<(5}5*%+yCiTzUOYBi{*+sN(U{|IcjG3fk1>dh@08hK|&3IcH6(88QUP?5f0g3a_BQr z`z7?oLnO9H|JvCalx;>!o-+n#wM#ov#)k+yEsnkqeibqc)lnh^Ph`xl5pPB+;3t2? zYN?H-e#1H{%Eh&1GsTlKm+RGuf}!4lX)mcQd)uU7$;b--&K$0$*FjDd@$1rc2T0|Xaf8Dr00BAiiofdhm%mDRCWQt| zrKUOHB@^31MtA3@Ej_6gBt$(c@6a=0nj@=0gNEp&`sgb0INWC=FY&O*C)@RWDT)M9 z3*F5BlNG=JqZVU^POdusw-#0&_y0vxJ1F0c{ofr!dy_slp{NEgIK<(rzn87$D4kuF$YY*>xBV($YiLY)d zQJy|=WwTBCMB92^XG6kLw_ICNHmdE?Zi%KqIXbvbzMEC7^($amRD?Ip*y(PA85W#7 zSKrfvuugI;S$M#QS@OHKa6wQ;aNpQuuzFL{G%70@LE>i z>rI`gS*GNzH}aAB4lAr7t2XX~c1~ACDQzMpaZj4;f!MAgia2Tsd3?B)67cok&g|yi?*EGb)1Nv zQclb&ll3cc?c7$U% zck`EB9(I4csg-d8JuNxiYZr}#@bg`nxNZ0u$sSTF2b zvHn_cg~O!u{Yh6f24* zgEGWY3L$X@bdf0Au^+jcfVeu9?TXL)nyH9vXTBuuZBhtD(JjtXmBcGKc{o4bzTRHe zY$}do$iK)0@v4hB*@lL;_7vJkP?b4-OpURvcx#J#n{`p}3yI#VgRz0*LL-!_g+)P4 zN76N>8iX%2uU*P~mgR^k7xGW%xcpffGPIDH=JL^Fm$8p&m}8`#M8wxvjy6QS!lvKPWZ)Tb-$AW7vc8YUXu9ovrETAd&1Pa$9$mRD zr{bJ$L8-2J%1quOcKbhO${vwTm)*K8hK97#p6bP-Zpo!$z( zONvPbN|MemsJB_pKQ6n0aLHywCc<0E?a_iToAhX#l*xn|UiGGI`;rk=byY|8DXYaZ=P|FDh-GaY&F|VzY4= z+oRz&iTUQ>^r|c>j??vjQsbAxXdCsvuX;OFbGwap%+vcS=tnIfuyB5Intj}W_yUV$1!LM` z-a{P8YUcN$#hTw|J1o8Wo98pOoRf81FeMncKMJNv+g|n%6TY7Jbg`iLDFOUsNi_7V zxW(bU6dGfvD*mXC2V2)ddPl1nVa%@rcOLW_Hs-z8Ad?(ytY8&Hc^>nrkW**s)<6-hON+@ak!dO!gcgz&ub%(v=%6- z39udZQlxXUuXWv4`M^@frmn@;cno2l$xyHbu*P73PI_&&=wp~|h&R-jG^bI*{DK9J z`rl+$-VtD6(z$Gn=k@Cf%T}SJVtJ!sK?DN>M&a|Hd7qN4>3DODBtT^0Ru=908Ky(?^JvmU~X&Z;!o|WC^^ILZZm%<)J}XyS%#Koh8)OS+;w8iQR@^#*gW4#k0jB z#b@tKvh4(5^EMZV)#HYrRX4t^FXZ~I_{Xti^>X}QhH?DhDf)M|SyIk;PjY^^-B=#; zQO#1y&kCAOPCCtfD1Q<+7WY1u^~ASaM{D?q#sT&H__D8r9L_*<6>Ot1N}T;YOmB+n zH$ifg-AG3)*1TlXQ$G-=3z2~9StWdVQUP+Dr%*wE%B@W0;Fy1c(&$QS7`q+T8@Gl5YRu_O;7IL>t8-{< z$$um6m(_>v^c>TrU^K$dl-H4z8OnE(B<+Qq%6^3%&EI-K3M6yy3)Jbu-u2mzFF3=0 zPX>LG77JUtO5793L3W8?rky{Dj$-D>=4M)LMBNCO?7n)IajoWKWB8hy`_a_+v>M zQzGLjM3C%a6Rl4c+?^r(aN^`Imc8<;kZX{$R4HrY0jk#B{NBjU#Z1MPPp%H?0@sFO zE;Ha-i%`vCZ8qO*%s4;OdGEx`Jc9)RiJ!q4kM$r*{*Ph&`Nc5OigS=*A193T_K2Sj zT7npi>TK6NHT~Ax(t$tXH5k^RVWeEujxhgX7(t+)aTn3@76otkFk+mzX5L{98WV|U z3MH?-iS_$ryM|OW70>fK7r6`$RWE0$kX>khs?R=IJQx-VM8@PtNtXPMNGilC3NGRT zUW5zVO?|xVTy(zIORP&uwJn{_04Uk?9jV_btd&nQ#Tg=z@lB$mXo6f}Qv=($JsCiItM_-Q3hl7G?EU@jK@t2B*>Ic{*c1%S zvY^BI9vybRTSr-JKLi|@{Fs{`LfcW0r>ZT@TBXfejrA?8LWQiktnNmi4F@CY2;2zx z4`Gyyb(8)=7=xx*ixGIh`>KzECq$OW_x~Y`u5phE5mLiLa{>6b*vq(C3qFT@ici(l zCmMy=EI*+4A07nR@=o6jk{>za#Tl5)`=Ur&5Y6kXtdZqRX4rw6x(!0KOYyRt+;5H9 zjl))F&8}SJpZe0`mgm0q_nD<8(V$uJKWxH*gDN75=0H^m6@eVqQ_LJ@mFf8ER4`6B zdwQ20;A@=l1Z-26{V7bV>fMZ!xQ2I~n0AO#e3&=re+Xk*t`8?_XaLnHDZOT3d?1Bv zE!u2mp*k#VcKD17Yn;sKiVhE$D(;0)4VGugH>fkLVJTCf?1_!BH>3vF&zTx%&r|;> z>UUj}|Hm%+zV4;Y_OSlXT>PRKjUuVv`wzdQ#u(~%6PbTqSv6mu8A#S|rp`JHr_O%a zjsN;S7qR~z!YH^WBJ1&g5k}^1-n#GxYk?))@*}gwmxwQfk>|0>)dk0<-t+{07MJNi zgz?*d2qSqyEL3blMa*Tf!mMZwbps~`3A!^v!*ePnv%;vkNe78A@Pi^P7F!i0_f=0- zHvMoy24BywlFx*WGT)HQ zRzaiMSt>Z=W{hC`n~9}jlj$cN6Wiby!^o{=l|po5_#eYq5^0M zc8g7rn-KO4tdI{!ysS+v*4XyeTS3=HBAiECf!+#G1nGqe{G$1snisjo(Tc?_+nxKb zoW1nP2gfj`{?NbrNlRm$H81tfQF8c2m8@6`1tOT19;6JByUt3YWR}HZOcq6hdegPd z@?fN-%0jyW&wr2mPFH`s2!P!9J%7iqIOE7}VyfZ9LFt@5H{qW9as}@sMg=#oVm+g_ zw^(Pq#6&KbCSF=U_6>JJds2K1CMN;Xy+g*O6!7>0cnh20NGJ8rQ-Kw4@XTOIX1v1z z@jL2(*FGpVSj`G*r)j<8+!B~rrF*9{J7qo8qewf7l3lS2o&$P=|22aa5xEY6No*Wd zG^HkBhHd~az)f){4yQT2TooPRjT)>~OxpPeF=l*0jG*g^r+P>+3<|vbMt}1n<8==O z)X6jA-Pp#>**sdYE(b+?Cu+v(H4!XdhGN?KTS(YzddUa-Ao25)BS(A$J-s>!GnyJN%Rh>`E1weE!n-WI3TfeT z2wX&W?0N88aDAuI@~%-jvDZUcBq*}c8m&(CISofg*AfCQsTu0gA@w0-B<-qxy^6=P zpfjaH5F>sd*^^$1z=QvBb*&c=Fez?Yvk*f;K=Qrwtb@%fD!rLMI&31|>t76X5JM6{ zIw11s({OAw9$*jhVD-6uxs4xvtqOMcl(e^I33J=s##sTwn`wA4Ol&Upg=$fU+@`FG ztSeP<5A1}9lNk3`(CDiWHZ%M?yV~T-$$MnKOD<7(J{$DDY`S^TdQipS#5f}BeIq79 zcTy1$vqblLQg-!^VZ2vU`eGQT2_OQaIZ}?d0xnnLt8oTKZz7Ys(jcI!iQHPh7{>9N z{}$SO%h~C<_t1rDMUriv?;aTee4h{>pnzt)1A^2fO*CVaW{qv{a_-h?Jzk`RNrN1? zX`T)O{t)#dn$;Y6zkq)!L@(2?gvnnD{Szbv!M9nTQLmpZ9Xl6c>rs%<4L=yvT2HM? z9G}G&n;h5GGzwbN6C-}mmsZ24U8HXi3!ZY(*nVn1WX2u3yi5*~3F?Qc``I6!$23Ln zq2(;f0g4t5;GA8rfae$w362wp+=`lff<0XizSnzj&Tvr)Xt(xfErcrwEY{9WzFz0Z z43_m%1DS8&TGN8XdnLDuoJ*VlAK7i%WRZEIqO>ye)$sCa)^a?p?31=4I+Jie`M1Oo zvm%x2)Pyz9p_0@j3K@%0)kAKW6D%)&vv7z*g8VYssUKUkd zZRr|`K8pq~W=232egsg_0!Ll0yy3s-)GKdC33%U!sQ6=BuwnK*$gOLt7p9*KV}V6F zFY%D_%U(Qd^u9CZ`B^nuQfRIO#_Ue7Aj#CrD|F11`Frr$oJBI0Lo)w|ta}V^bZ^@Q zUUzC6Q@fqowr$&(dTLu!x2bL0wrx&r8@p>gYwh=W_x^I{pB!mECTV`>bzbA~dJHNz z`E*jSMd|vM;MmD+21J%^bX{0w4L{Q(Ykm+o7xMv4Y@Ysby3m7kHhl5;>Hk+fE#ReT zk~d%EQf%->bzT9~id_4vp}vrs4Ywy60#og3Rmj~{Fveic23)25shz=_TGfHsyB7-p zT^pueQHpD;IRqXurp<;f#-kIL?3e@~X;(5&D#MJGOmOOv9ch7x4$2Ua_TeEwU zf0;Vmv~l|AD|&2{%`T|pP7e1!Q(@cF`GIKyO7h1XK174cYdPa6uAT4v4o6=jq#xU86TZR2Zqs=WQxaHYm^y|yhX zux?yF6=7Hd8K%?l#fVBh?q=d5sVC5tCsv1 zh{?z*Vc8Kp-*t6}F4Ka*Z(I`jg5;F}1;ekLq~9Q+_yh;bDMp0o@b4RnN`t8zXV8kz z;QK`*BgIrZZq}&AF4Prkb;=CdTJ3F1+o#J}@44Jjjn{xssRtxm9oR*eO4gb$a!2{K z9ReA?LH`^^om|*<7(v(mQABJx5)QPHBLV=HMMslc!Rmb#T{PqH)4Nk1=OiP_njWcK zXdVh*sWc@;26%yCzl>bOqMbJ2Qj`wVlD1L^)J}o`a1@aKu=FyMfzmd#FJZp9x_YXK zU8QlnM#*Uzn8?m&rAA}p0$18?0qTaB@*-rIpHsHu_OQx#&TyWx@GHK4Eu5O0R|lpZ zIZz39;ou;x-{#wW=O9JkmXnhhnEPDslj{gU?{}=Ube{7mk*(C4S{-L1es2Kg5GcYM zW(zU*ly1R@^D94_$I$;u%8#c?Cf&0vu*Dp@>*&yJucG`swKS6@hiVUx+V-;{Dcs}U z%7*#%xF=l!RO|(EydK;>)83(M%#4*sfwyvnL*x?i1JDW=VoGo{#YT&@XWJI?-FV24 zf9$s>s1r@jEOtI&Ka?w06Rz&Y27Co?BF!42LdgLBuq2vq;Yo@yPO z1bF^oxKcJAriO`*XE#rh(}akMAy0hV45Xk6ZGg*YaxRD(sNAw_u^221ca_k7I8hz8 zk(fsQ zFDOjg8DRr};P>N%x8`IPM)Qz$R$*N$jzvx0S84eMuM%TLV=Jx2ip@-MOCKLeb`L4<B2qH;=)lm zJW~TniS2WQ96<1Sl1-K}-VDno?+Zt$p|7b$YDA# zm|v(Kx-VL?ufM_$7n9)cQFu=dry9lPqBjf~c ziZCbCQlusclh(jpw9dqYIF78=5Nal|3|83w7I*4E`~&3>ap!ITPdXM1^s3V_C6I1^ zCYSrpWGkh3{teQO&V*aDi#n(XX51wQSYGFpd7mzlBew84_tTvA>M>cLooY+Gj}`-E)Td4>a)lEzw2%fQNO>D9FpUnz|+m>8LV*_mzGoD}0m^EA?_U z;7BAGWawwV+N;~qRhg3)TW%ym`u+5)&nzNPq(S*@(_GVHEy-zkw^Gz^gLMlY_`$=u z12!kuzk?5ElK%uBpf75a-imh44<(37wNv@{T_&6;^IJQkfFfcrh&noXY~H0HW}ic1 zdk*m7zm|*Qd?H{&BwLH@@NFFj+=A&eKqkvTXv16Z0qmNr20PTd-0YnUxtiv1+nqvP z>R4ofrL2+=iQ!gfo<6>Eh!uS2!()+M&$q)$5uKlnuD5NV$G$;z@ys{q=^Z`qmH=y` zQcETv*a!lVEN*!A(p?WHf4HoUNC62| zEvSCBw0JNbR*5^z76C_WQKx#o0X%5GA9VhlpucYL>S24=f2D~mY)xf8qCM%Z z=f`CC)%#)IjfNETBdaP#ZlMF$Q1YO@HulyJ9nQMZBo7rZpV{h$CyqRX3Ep9WS~(0V z!JPVmpM3v=d0)I0haZH*CmI$mFZuKBB;l_N1P9_&@=o`Sa~EmZoUa`zLlL_`(_iTa zOA{l||2O@>ftoJ{0>rH>BJq;{8skiVvWAO=^n(zgN;-nRFD6Awi&P)-*=3ICtK z1AhV%!jG1;}Wd zeh_smAvZ-_;jgInpbT4Nl8{^jM+oC3wtSC69m-y7GWmj$QZqQ7^&alp(7=^f#o4_MO++(1Vk&@>Q6?LwdGx>VuRl?TZ~1>SgBEB zW8=6)5=Hm93SY{PfSD_pkaMN{GV}|@{z*O5k0Cocz_(Zx?FCn8xJgzXvI%bF($9&Z z=$J8g%08vH4>$>kBkjzd%af0yFXIlcoDtuWA7bjB62FjL&!RWx~wmfsN|}aZCwx4X93cH2mPFl>nH~ zka{*4mMlWoMwK8)=8e)=d}F=8!A_m|S{5)U*#v1Il~+T$+OCXdvr@=Qnj=9pI`1St zUD^?qQFRG1eMzuDpkpJJL!aa%X(p()(>k?_B=yNDzKQx$!C(XuG%}Tr-F@{nn9=_Z z_dMJw^9+Jpvrv2ad(iV5=Iagd#bpt9DgQ?=-JUV+0P{&i4ReFm^8njvgztI%ZG`nQ z25@~*fu7x5=eOTEjov&_uS5i|ny>fFmk}!&LX{KSlgqTZ&S06%N#ss@x1}Ud4_0;_8zY$ z4;^b+CE`t$!c4fSVvBzNt-YRfHz(KFRT6auUDUIEsM8!^CyIlK6F?|I9b7O#@UU_c z-plgtW<(P@ch}D<&CN7{EVD&FSFx*Hm0AI4u{#Yoy;bmuFEVQ9i2G80(pDb^pa z37)0#=e;2Y>)8?&7@Pk6o` z?F+|$W_5gCMz1x#h+H3Dc0$uUYDl?s0b(->E#xx2J(7sHN>pvcVo1mz*F7#I=}Al> z&_eW~nn z|D*0}_aQQ7w-8=-`r9(R*-;iOqT7Q<>o_Q|5AA-ukAp#U!mH{xxG4Ce@9!bJb)i#I>BEe>n7kdHU)`ReRb%} zonh|Q?BZ`V*9D2s8;0B}Yz%ruS9fz^p=Xv1A}`Q;TB5YhU33^*&{Gdd8er^h((OuR z%CO^(B^SBy-HMl58+AWcTy|@Chba1pQFmqz zgoN_DYX_;ixlU}dm);Y$KvB0a9e3hWpodbSh);7u;9dE>V%SUNN5V|2G(?-&Xpr1a zcILU{A@4KepK@c@R~1;TETVPdlYx)7`0 z@ka$T>;`&J@zR9CC#)w@$KS)_?VA+R4)XFCo-f2_HyYO{+BWtp&wI2zD0kR{lknUp zX5DAkf218vg7y1f(%$#Cv~!oc)w*ynKK?-qvn=8tqMkFjq;+l&U7eDa{8p}HyrYZ} zTpBxo9qB+-vwbILH`V2K>ms{3ZTyXDT>xsNhJfheou$JpFplc*vly`~l)K8q)1ZS4 zG$Z&*1%w+E8ZwfF1Gky&QrK{ZFG z6^QAcAY?RkwykQBU6^j;4W=S?SgE$STUjr`Q%EY)W{J6tALtdg5MX}kB!>caBWh+2o z!NEZTiXpiVzoW+Xqh~CKm09uQ3{}9wWIr{JO%uO*$8Ubbe(E5i`~Xh^^(7kQs#+|0 zW?kLBs&f-d_@JKz6(jqJI_RH45cG!kI_BNkIY!J9>2b+>Q+u&*Se1)ao*4u7)9f|q z1&w26=B01NF}~hnQ`%6q+v+Kul$_SZ&h))GAHxb5u;nOwvy^<7uH_}MQiW}cac3Uu zd)~KBFg4}Rv%#gt8@vK9(8;AM{oV%bXxW6>Tt6o|+HRV^N?)!!7OBqU-Noc#zwMNC zXk<7Q3+De)>C09O*;v+ES+jT?WF@3(IDvhY$^ui0LP4Y%;~(_rrFDkmzU&pwh{;8j zBNNkdp={N5Exk-!8OOo_Gm`8&V zaFaK%xU3lBTxH~M&AOXe@XL>l6h(<*n3^Y+%>e5LMIEAOIF0hgG`u~P$d22l@Si)! zq+_UVOd^}ov23z=lsAL0Cm4US07Q1HQ>bop&!ebrw{B1Kg~K?nUr$iloA~>=XWaju zo|Z}~5Agm7wjieEDn@EA?Vp?ijw5Klh`sMx*%qGWA7WPztpf{TEjwf?6LV;+Dg(7T zM7aEm*r~#=#TY7C2ex_zlk$>Of^}xW~Uy_#b)#`!J6KnD1ENN z8YX`Pd!32-co-9aLc3iV)o5$@ zf&73qlPuy1G9VsppJT-w8?8~RxHDNOsL4M`laT($6A9fnSgmidSTWX(HiO36?=4T1 zW(a)8m*TbKN26*H08C-^LeAf`_dkabIXoi;{GY@qRQ1njAKzKr?m=8=6Z0?r682s2 zzl6QYyY*R*jW6TtpT}ojC*gNzNfga#@Tul3SJ(3G3#;zp**h9q5x-lSGTdF3G|cjE zLc#X}3p*L=fVTG%6$wX^pbSJ_wz&Th_LP5w{pc@YU#@JD>8EIU`8c@w4E>~H@E{rG z`ALGnO6Z;znZ4H#c9Ck%F-_*XXV)URx6@g9<6`VR2f7lPFfoG0C{o;by8nLf0fz&0 zTjkB6mTtO|WG-=*`M0oR&Z~-pmIT?C&@HLYO1s1Vg8e>U{*i%BMtrQ?L{2#t#OP4+ zfebdEL_|oDmW$KNR7RFwY?{<-_BVXglq>^)z?PV}#^zjCkX!sK*T2$d2g z-ww5sHJ1tWnZSsSIzbrw^H;Ky+%8Sr;2C%%sd&?MQH!8yB?w(+U()IIm6TqsS8FF~ zeG5M`z6vyH=6KG2oS&qdMOI6cDm>W3+du|L7z9#g87IV3U!^wRe5Uh9G7aj`1Zu`- zK=@6poFnx;PIu3fP+WU98EqZpyGqC98be8GWd2&5u0iv<-xoOWP(OYoT3TawsQ7W4 zK#uD6yTo+E+MwDJ8!KKAR@-+>H7-$oqoo`Z`Py#5-$dG=pSJ&ADX0LfI-6U?#pp?n zbIb&MU$EY?T%1ZBrAnOi`R6mBon-3%N!K^VM50B`S`DOwzRlr&)&+jf_x+35hyFwC z$`K4q|3&O62&M!m ziajvK6#=iJv>}GY5t@++NOS4oz}qn zN10mR2g1vo8&b#(|1?vZ##Qa5u9z_KykPiwyJcRlGjQ^Qv>~17`%3VD67ZM;AUH*+ z?GS+J+Y;(%Sc1R74lN#XP%k<`V2EZr#xp^wD=#0t3qorlUlmq-b0U=3c#9sfTF(!IJQv_8hkYtf`Z&mqCG(E%fLf zF9bWqH;STicj|ai=A(hPo}suP#5uom@%Xn(y%=w1ytnI*TAM9b&;oZIFbUH*@<|EVW$w+e4XrVNf;5@-pyN02$<{4DBt#Tg;Oz+~DPj9mk%Q)hP0 zmiton0X40>FJ%Y(t?c-JDSOhFvinr!6VRm3JmW*aFm%Ev+^dk$x5(PAxm7WYj6T9WX|u-#%NW70zDdFK-SnIy=P$P z1fj-lUbD-7Tm(*2d~waBEbx&$&idLSF-BR?bt_Hzt|a-HFw0kP*T+UPXwmJ^>+LbI=$M6SNbhthqQzsv;-6XH3(l z#we`Pam!LHxrR)tP?oR)xX)?O*%E}3u%gBoc^1gw=HS)tPDlW&_crn@?hF0<#u&BW zKwcocX5yB^W&w-x#F(R@uumN3fdDYmOE$dHu~|oBpcz=0ffAgxc1l61YWoY`cEwd% zvei&603wsH2FjWnuHxkA=1&xe#m*7WB%t`Uz%tNE~&Al6_c;HE4Lwa&PfW&_}yIvgHf1LgK#>Z0x zUCZkqX9q}Qjj6fA`3k^h1kpIo{h&1gRs%2kIEiQzd6ndoT6s^cqpOpK9V~E)*tyf| z1ir2{69Rb>>`(g3*=h0VA?wV_528dX-8$y2D-P1vEsvNkO2QfWl;>zF24E427 zcI?ayScH&Eb0;V`oURv@8av+5PSk?ST-Xk1)x>Qb+KoEM!AOvA*j{x0ff(jlH*=4biJ&{KPIWYhKM*(0h@<%c zt?M|g&ss1#I4ZW5p#L?U~b);6JGT=X|3u{QzLM|yB0m^My|8ownZaY=(?pv=p)xmS@r(AvG8aU%bwY{du1rFYr>m*E{J8uNYUr)m|gU zQ+T>7Mu9e)D`{R>honWq#^`Aaz)=_+?sxQOwUKe2qvd#h+1vh_8>JBuPy;?H&S<&l z6juxefrux_@44J&y^*b_=UE<=T^uqSuTSz61?$<~hOEL!L(~kXl8f@z#Sz>*hkfc8 z78vfqC6QaE;;q26pD@s!(Cc_>w!U#GBFHQpeg(+vuCV_SM%O2HSH6s#UEDVN89@c) zGdqeI;onQV#}Ue`iSAU3tQ+a?7ba!3^s=#=T^ALC$!3#9ceW*SaGq(jSxWR6$vu=r zj%=u)huhw6x@w0HV~1~Ib@Fu!&FO@cE5LtbzQx$b{1jYq%oD(_kvZc)AK!gPJq$Mq z9llZfmYGZh$+y7sH?>p#P3?SHpFh3f{-yTRzo^~C^o!axny1x0&=;chs-UkpxxVuR z%M?&?rpx#tcu3bu-n5GGUhWd>A6G z8a8QOv}`Jo8Of-SkH{eoN`c1QVMzyrvUQnJ{%3L}#gs{WjMGZk8&)SaW6cZthUlh6 zXyP@UfVLl#xAIIzB6#TR=F}sN8kwry>oyAK_o4OrJZ~-x$~FV6^oWhiA%jnM7XvGh zD&U31^w>wDhBp3uOkI+A7O65=ZM65k%ayd<%tTVT6+IEU(I%&!+R1NgsVo~0n)>$K zyJCRsPaQ0kvA=ZmoK#KeT%OTmR*971abg&F@7unV0vW8>%22HGE$5V9Gb5#i!J{qt zru#24@P)TUuAjd@N<3s0RgDc{{DG4TVTL*K$y9=Q$jXm&rC*xAk^}GR3anQRqe`l# z@^s&uj#G|9?=mDt?kA5+Etae$B*snW;`&-T*(hWo5j3+P4$O5}s|yH~2xlj!y?#1Js8Jgv$@T;emlk5ArT3Z>SvepwQhUIY1oA+1R_g!1|^y{&=M%XCz z>p;a~6%|peWKY$7H7uWHB5Be!Q(3fBpj7ts)q&dO*)!%R$?mW3CcjcYXX`b4X#kGXT4qf|a}Y4YpC)Gv-jyy7jY zH;zW9!LDt}g*%8ie#qs!3ZiL+DSmDpG9m?OfH%YFu^Sg?DK~p~BpjT84Jmx}{*u$e zp2IS_<>)Exa-;r0X>bw$j2&ZrQc}3N4PlJKSdwGNf zznsi=%*-$>wW>88!9zme5HFs-$5aIy%Wt4SA)FE0ZbY*>1iuqhAA;BgTS03CY3SsK zPzAVQ)T0!dl_?JW zDLNxoagt;u#{XP!SEUt4ND|*x3*r>-cf>E$ou%T_z7>{ndZ51%xk;*O?)fTe4F)qK zR_+@1a#xF7VtTMDDL4QlhGQi%a;wh)NLo2^6mL{Emt(7hTe;|`LMkSnqiU*q$zb4n z2HV*S-&chrTi3^^|T4f~w*E!c*jdACD;Fy4?HUd&L! z&9oM&aSyoHJDZOJ(}H)^2dUD+RuRXMbleOP8zC@N8d^yN(vtf};=`13!qc?FzymEsw6Nu)up}BI<=w53Tw_$hU-;&b>vsH; zXQ-I{7A}~%T(PRh>mM82+FBbdS61mTfAz_TknVUHtu5YkhnzOOmbQQ=-UuYr9N{-* z&ybmb7Mg+~)G~aeuX6nv`$Zx%*fpWnZJ>X=FIk~c8QFFwugz0Mw8bSr>ki0=Vp8jl znRDkBW(I^>*%f80D$tOcc(fP+-;IbP2Gc{V$=-AYOz8LGEtsd{(^_mgKKwK#Ixt1h zt}q)!bB8GNe$aZ7^Q8;LbjU0uGi{5r)-a(s9plIW|MW|IvE(In{U^=hhN=!{5U=*f z!WA^#MoWzgqTfJUrox{BDvdN-A7ve`(8;x5S`cZJfgMF?lr}6NwKyN$$m{hi@2fc~ zGVF)6r@<~vR{9SxY#K~j4L9lwb=ViEMlwk@HqLbPCIU9&s&?(e+pU`%DxC^KPb&f# z{$8$^U*U?}wtNYoucdfW7LD1eh2NXLS8iS0^6*SsB~|AT4R#!leB<58*PKResaTle zAI7CShiaCVZ3%%TYAHZ2i2v19_*hQY>pP4;meYSVtvaOAf~T70!ok+aObtEU)qpgl zVbFVn3SE8HF#oXEkw>M0Ac*!ArX>EQwzi+Nq+R|1QR}0O8V;}<&z4>;(v8fC3Fpj2 zWaQVXKkuXo_Dji$irOCa6k9Qd8(M0P(;d97t~>>dBU_oMHsBWTN}vlnm6{z zCCu^Ensf@o)1w(-DJPQ{akFj+163e5H1rfQd%MHb{*ExC5YCML4vF=&ud^Hb6v>4b zjeSg_rJP?CF}^biUss?JqD(a9jeRkzVr?3i?pwEHXJpi-Pm~D220tVdMUN<#=4XO$ z6@%&fF=RH|HLxPl-+^V!9 zkrD*5(HDGnd$y z4L!aj?PsAskbTTZLD$L1MNlYs(DVHz(y;)g`~xQrx#ZibJ%>yp7V=K|>mY&Ecgg2o z1!9)GUJ`+)m-JoM$M4fa@au14161gE5RY3jr`T3?qcWsm=px>Mh z>t_9B67ch@+8^{|2>+cVpP z95(}3d&$C4S_zHCg*}&{J<^A-cT=HFTN>e^wwIs{LXL)ejwFWbY3w06`$y#1_&DHS z2$=pkrYh4kNcjyTH64Zpn+MmoR$Xk|GI}3Wyx`P5f%Z?zcZ;|+!poaXPEYR%S1lL` znTB}SY&x7!7fs#9zj$w8=YK38r)a)aF!6U9NyaHFM~qYB9gT%;)Hy`heRpyB#cQi$ z{pzkG-LWaxMF*_04+ZjZZOKis`)TfXiqBvYuAL>A`jSbBZLs~Eo`+N@Ur3oiIe(2h z%FGZ$nPB0RN9o`duKh`K;VZF@w)}8X8&XUn&d)e+z9zmlnp?%R5X0QIU*f< zs)RU>3N|Oyrf2bWXz6s_;}qzcX92}^R5mrV>^c(A04hzYtLV>Moml~8zDo)*X9`*b zvSF8Qoj49A&o_QqlQACO_Fr*lIhhxv6skdAhDwV38fZJDCfhM3O&*2FL2!Ay%|eQL zBWHTglIB_KdgG3VwH&+XUT7L-YVUJz&P18DZPC3gVxox2o7CL6eCyhJKyVH<8_?EL z=Uo~qUZpS7N$i9DqKd^gH|flA)%M`gHX*raG|L$XLz*~Do* zw;g&QfS+l5+0;~Osr+F=L%pU)(e33K6nSNzJ>2!e$gbiO2_~Q^HgyN6D2+^_E9|6g zivH!;osO>}fr8e|dP4LqR6Ti8OX}J4qYVSHDsKfLP2hL`Cf4F*3SlF;_{0UXmq*cX zfzo$?mO-JA0Eut9)k&?GT?`bhvI=7@m57Rd2dTT9TcL9REAZ#-LeE}&dA1*s5+1{9 zyMXjp09OeiQUFc6qHIsz3VX`mHFG%62Cr~Fb;&2=X;O5(efza9(apWcrOh$4AhA+r z0gKicv*g zh=H$#0DN+KbQ%Keo4$)%DTakruKzkKun_rANIppRGh^Yw)JLU{JYzmVjdSu!WaG|R zte>7H*;&#USrS16On}K9911lfDME>SiCC!hvUyU%4;{U@w!SMgNvtGs>kY3@0=)pB zO=er7kLq9~W$zgymV3)eVa`fvq`T=M`pja$yB03vhkef~L%r?MeqnI})Ai<$G-!#u z3KE+EeIdtIL#EpijrS1^n_?~;4cpB5u{$J64;$A(cpDkqGxb%?3kVgQ)6NzW!@Mfc zc!D)dCPIy`Rf4BkQ3R&<0`&PmxvIsylv_p{Z9iC-)A5^)3y1NSIH^diPDds^S+Tc? zvo@lylnG~RurkLI_W-7deWA48w-pB|mDpK+h7Z&vSBcX|k)tDR3RbJw?UQ;c*PL^sNHKi@8c4-*aJ%0*Np z<7O*J5F$4uYE9}BjGkHuXW>4JJ}*3$c1S3bUBPa7c2>2lM~F~HbV6j{eRPz=brP*d zxHOH#bb}l7eFrZ%6Rigd3=2qnIyyRttN=x+A3h!Q*XV^nHkCy$&Dqx0mx~BXb~Uo} zg$@QRN>(tl-;ZvHfnf-f2nu@)Y)i#wg;kiX?kg`13aTtsRL>G95O5PyBM8JT(+C!^|f`@rooRvFw}uN5VMV}hL z2#8E=P?dS5S1oONo~|ZwITc-ks-%CAp?cn7%TTHkk8yH@%YA91t#;PE@N3R7Zm;)5 z$z8fw>7?Rog4ISuL=m_GpTc%Wq)CjaLSjBmxZ{6cc(RHQ9|dg z%p|7Nj}wBWAKpmHed|VzAMEZmc(-)=*bI9+soXw~}MOf8G} z4f4Tk8Sz#28(8EW%h*x2@nJ{? z4jC!!vPq@7+g4PxZ2)1Ks4ab*u|&ZW57T>p8y`K*=9D4*vb$JB@n;IcS{GOS@p7MB z6lZv5CAbi2LP6jm89|R*!PI-yY8YPRL01L-WQydvxFXX=9p4{5Q}=$KFfgZw@|S5F z_z?zen;*iJ%SItJ7m6!3Qj0`Vq?E#(W6L~85>H$?l8K(c_*uNb8g+)TTy7L`loj<- zeao{Mp$IsUE~K*=gpn=mNjGhZ${ojZ6&k!;Vsi8oq2!N=(D`n$aX60Wk_bZ!mB&wQ_!>3Zz* z^?*--yCov-tZup-Z=eT2uYpoow{$uoP(Z@JA7 ze&-WQfMA4dPQMFowq~+m%B~9lrrHU*hAvUd*T2@d(y?bIZ}N6^@k(4rQ-3$z@3Ur2 zJ9f)`jKDhYnMLh{9z==-)CYLGYg+atuET=kB|k5Y8-A1@p36s8^RYIU-`ozrmz3mV z$V0s+jmXIFqt~HGUpYE9hAWat!>1tdijz72_({3IkQE&4coS_4HIaWU1`^$O0Zg*z zu(H-*(S>NaVSo#0-RL_r_k8EkEHa&9CxF)e$2ga*;|8hbeAMs_7B(Z^G()S!-BXKx z^Bkc%+NnZ0nRlcsZ|Q5s(*+$Zu~3aj&R6%aY_1%VaUjVtY?%v$QMC=fA1Wax1rQ?T z8RA;yV$Ft(E$xxIRSw;OsM<+zfZ2jX9&G2>9SkKmuDN-MHVk&N;Am!j@cvmUKTLaXds3=K8`->RcNaeUQ%#H4KgM$xy9*D0jpd4>ERshv>qTM^7S3?cvyIke zuw3t*#HbQt*~@JFMb|tAE9HLZd)-pyS*bF?W$^QwTgA*8Y~y`!{DWDCQrgUeB75V;95c>R^FHooUq=9n?LSZ4i zTAk~o!uM;}YpZ;XpcPv+we#qS^ACacm0r5;hI@kY!BxVRotsK8lcB|Vipf$a0Xpxp#VnKoZwYkIAqOl z`=n=zk+|ImtosL{#NRj?n7tspu{%2uep>MSt+kQU_r#rsCc*iQMtDM3f|$_Ug!%#w z8cLBzmKunG=MeqJga#JN=_sg0dGi_53>r2h9TfMk;d5tSBTe%vPk&3T)o-z8Q&P); z7gs?gqYbR}J_PF;^xbIgCM;a)%Ebl4%+RR#afWzL(y8%>)MKQ_Itma?167O#CX3=( zOC$Q?e0&x}3|Rq5^vrsxTT_qLZientbLr9s$T-shKyJt4A8X&jZ3WE;+;zo>3aCc5 z1DGUYc11_nI|_(4W;D1F#=L+d5P_tb4LIJt*zRZ`|f2DiF2^(bX-c5p|lb6j%&Rg$Z}c`Z}qw)Je= zbV6;cWU!jGF%SHhIb;X*-95zQGddN{Y3_vMH*CV~I0-PRRnj`r^=~%DSJXco1HWV$ zGL<3^|2|%Punzoc%+j-uG}B55i_>3al&r!u@^ywBNS44%4UGNgVsFj_MI29mLyaN2 zn30=qGxDeEP-j{XCm5nfk|Kg28xY{XnpU|cn%*Whew}r=7i{-SvO9Zpvc} zfu;>i@DfwycNhLWO=S&9bmkUfX#XoWsNLiu%$^FAv?{j=rg*9v1Lmd~e{&x+N-mBP z(ANnzo~yM3|0U^a@IG_SUpbc-uGV>Ct_1fT{p1W7rF);ozSI~^-+M#q z(mcM99gYwl%*SBp5QuIi6EGm&7RQI|!i&}fXIYq!BoyBkAT9)O6MJ$4VSg8@ zC;+!2o# z);Pt8=*C0UGJ^xDEd6sXUL{Pg$}3eJ9|)u#C=Fe<$KpJP8jGMx#Z7ohHS5H{gSzs- z)yMxlF?6DEv}M(DFl0nMH^Gdu&1@xguMCSeo<)sDL1kppyvK~b1y>-J?byzWKd$3> z7jNoMt&!Zv;EaT<7N=1iGkVhN%fy6DR03o9`qA2${t64WdtC}(n_G`@uPT)20{!XA zNqdPrZULk@O6k*Emd-pArn#w<2pkNpVn}xyZj7$@j$efDT2ZiYMf%6kM}$SjsXdH) zo_XdhBgMJ!CHoTy=jE1I131lCJhe_*+|DODCyh z-(~8RBlJvNt&*T%iK^rGUr#y+BR?saFh|F=c6R>ko}cnWmrjTJLpvwL#WKa7h*phS z5H1OJRB}DYg8QeR4F5(WN%!;hRgj|8wv|vxqETCMImFq_jFP~#hLh2!4}2gvt%?d0 zp}gQ&f8_NbB7~Z-k>dijZvzLj2nFc3)I@}Pe~dtM+WbMXbV}jPo~)ZLERxD zI|4fQ;=GCB@Q2sM62~hrLtrh^f~g%`YtDmiRQ{aOKeC)Gr}KlMXH~6@u(6+(_DO%S z^0nUNq)ckOf|U!8X)G=LJJN#YH*-}Wr;vgdWR$(r2RNJpG!@*lI)xs7in=5hqXy}_ zxO6?8-B4gLj%DJBrozB1&0EF{G}PRod(F&7Q7zC;$ks?YtWy;J^Epin>JULBP9w6K zvYDKR8c{4I{^m5eYLw-N{=CQ%c`i_Q4; zTFmz0YpEv~wL6%{y~^8B#RbyY_0a;~`XP!ch<(;D9@c_1eBej3oSpC(AC;3Id=ETcbh>*Oxf+bHF4Hd#D|$+<72vW70d9E@>Y$rY|;F6z|EmG*>twD2(=QCEz} zIjI;SN?A(n_h1J^Tc(cKONK2jg_XdK3W?hABFj(0vck_8=|)S#3c}AGej%w{poDfh zWQkWsObz3qn*rC$MY;sXbZvUfQ4xtx;h6^3jGSYB! zusP6BNzyFu>!YTU8`1~{M1)gBVE9KX_xZcl;f?y=Rw?c4_URH+(g zcr2Ww)@m!=hF5-*Ya|-pVK~8r>jzXz6Xq?xaKO_AM&05ylz12G)qoVu1YPs#l~uxc+rw^cQK(m@;o+zT@`)g8qroP+2l#DcO_E4py|Izt{SYp|UVq)? zg?bhz7CDNPbXExmZ`(ImQYqT)QvT-m36yybUMW@=(A!%lA|zE}SSKK@^@v4yecG~- z#GFi@5LKv!@sLP|37SFj*5JD3!1!9SbLO5w*LGm%^6f3#58uUZH`sEeCH1&Ng* z43hEp=>$CVP@|A~9jjmo$8_C0iH{M2^_oLKp@O}WTeD4u1? z2o|Y(f+TR-!Vv2faT#6hZF5=JK2o5MgZG}5I~K3k;$tK+Z2R|~MnuOwaK|Xy9>*L80HeRoPbHi16@{|P1V;HPI2+_n(sQZpI+tj5yaMMraGI*ntfei8J)ySn zQ+o>+nK3?k>8EUS;4Iu!7&Nn=i2++ubW{?>s-GSQpqBYUm`ZN=aZ=-K>fTdQv33Lx z=RSw#g1>1L*jHqe&ua8Z#VE9|OxSWPgl|+Pleu#cxu3fiH1*s|HiMxi2{FPS!NQJ# z_q7yjBNavf_CHr%bTiziA3J1=9=>LmJhDxoC%sCa{LQp&T)SF4ES^Zlz!T3Lm!OZV%!0HR{FRpK%XgnS=z+mp)DT8;rbzN+JW@& zHJ_f$UIU!1RML{Iu0cRMJ-$C-pp>M{hyqE|cpCY8-YH3AxLv!X)z(i)DB$uxq8MC) z$cOD0zU=-*tLR$1n)Ulf?1M=)>nV&2=0v@|ZC;BEl9H0*NOzOI@9%m856!2;r)Me= z;++D7GM#=}2tbL*^xQcP`P)7mFMrNPcdX1!q$1=jZQn}q-1d+`EjY*~7~6|1tV*)0 zW^dzNEoq`*<36!}AgvRP@aL>eKG`X+5M!q*tE5cCncX)Bhwwqkyc?wl7VaEw1$xK| zDs3@A$;403f4-&RzDk%|@`cr)MWLs0_KJ#m-;BTx_IuLwgbCGL$8D@%??S5Hm}pl# zEUA<9?9QIF_(~`<6w#IV$af}o3XQFG<`4Kz@Q#X#7Y^l~;jL}{vWx1DnqkW#UOfY0 z8;oB^&$A1spu=b-Y|xxVV9sbhb@T@9kIi`pfQ+UIN%&* zm*_9tcG-EGUqc;%wi!JChpu-D5~buu);413zh&#sxEPJgzKkF z@uj4hV0`bzrR)AhGm}0pR8oJ&S zpWYG&!pjPTl#rR%3Thy6v=ZTfiEVN&Z!zW;5Q2w*oOBicn-4sx5Ocd4~@#5qtgiO z!UIFMG1*-1-LKZ2otw9MIZEyi3pGg{n$fH!p+AoVo!yxjhzJrxnvmZlzLQ@d8(D!@( z>Sz?fd2RSw(P=k)X`uhq{vowN*oR?mY!i3>q^G$QOaL7IJAw%gyn&^tpG%NPY}*m* zaDR|~bS;4Cw$)1x9X3cpbTbsC9Z6|WatOJq^nex%z8%39LtPeJo&E286;wl^Fz>lQs0Q7y zb}m9+=mmZus%MT>BBGR9VN{q0RS%~#<|pa?5EE|v%a1&k)lSWk=_~(}T?9cRKf>?? zQ@I4UH;L5yE&RMkKwsI(?Do;9#8uYFUNy6CUW+X~x~*k1ij^G76-6=Z+VL@MjT)Og zF9Zn`F!qAIdGuuGY7H5Yxp*BAd#^k>8hk$PrHRmZ&^c3HXu3%=DosLFXeO-B(M zyCf*1?7mvP?2i&C)^%|JOOmcRuu_HB%8xIun|xWmf;9;?vafWu)kQ+of&^ZWObk>p zolJ5GxnmyY?0K&cATqZ+K*<++MEXsQ8Y~&6-@5piVUl0e1iL_Pe$brqGXh~2!QXi% z5?#p!dtBQmJnGj@4U4Tt6RKqg4638Pkm^zmQEV;ndintRvG-vO{-nJCoXHb{;KADo z>ZbN8c|FE z1&me|N&JAfAgl*JYX}i-Ol1k;E>F%%!(Av=K$)ti(TfpR5%=zy z5yx&Ool4g%IBD6=2mKfo0JlRSND_h|Mis^~im4VuB#O8UC#YVX%c@5aH2<`oz2r%k zn_CWgDlcRy4=uYjos!w`o?!HkNCVP*TYi%Hr5m%VZ0Ew=ON$ikkFlkRT|Y(|SZ5?W z;Mx4WX);dzFBr9;y%7M_s}!AWnwPg%rBNHseZ zLO9)@?=jqHCD5e>9O4<=XDaV2-iA zqJ6;XTgZ_P2Yks}jR6G8KOW)pvMFaaoB?PI`Bwrm1{SDN4lzoBW_Sow$l?&@Rv(To z)Fg-iu-ZJW-a3JKliOd&_qt&!Yqm~Ku-;|k64-V&Q}sGui9zmb34JKt*HMmyE^&tmwSSS8Q;e z)wtuMz2f#BcuQ|bWM=jAle`zE`+S$8*u!mvg^3^BPs9D$x|?s;gN*fu=-AMriIAeU zT)odbc(?W9&{xB&rps{_D+uiQw^kFkFLer$7frpFfc>~3jWHj)$=ZULaU)_eW?w+k zENFUK6Sm3&_FDs;T)IvoZN03-gk4|82)ga5rq(szebJ$7gd-xG03yTUHZ|Lp?QKOx zu;|rB_j(AuvBVk5Ce{V=Gu8ys2rhP18q^X)OD47S*4-aJ% zYh;-w^m{yi#Xcy14-at5|S!CZeY?Zqa-6SJ7q@a^L0TkCx#dwS5^6kZ&b+L?oKH|+f8VG=3YT+^$&9!YjDH8gv z-%ahUuj6BEDGja>(I;6nuO&+@ng`P*u7LOhRm`XChY$o;1sMgSwa3%?eewL1?8Nx> zn6qY>Ch>B}_~tSCmb+{j-gPgBRwO;dB-0^7FUa+hWDYFjnYV5~8`#4M04F?VLI%mQ zO9UUS7M_7LnvcjlH`bRdcJP|sM{={N>@Tn^J-`ZJAC0Mg;--EJPYJEazs<1S@g_<-Uk#gYF~q8JqBbX`9R*dCncJ?pc+BEvMs&j5)^w(Er_q3f9tzS$>? z-Fx-jV+kj4#^89ghwz?pb1fqo59rUkce#}p@f-|W-ou0J1X z{$N>{i-tKKvh|-7aE{YolwI( z7W8@g{mcFg+utJ^#-#Xs9^e6&Jp^O=cYdBv(48Ez(B&!dgfzzf^{ub%^J$X{6o`h_ zTGS2zFm}J->=Fn>ipf4ZZbD;mQiG_Gj%NWWTnAEqw+@?tV5^bet^{5O{WbjpCm2l=h zZwYuo83fXMZQ8XTJlCCJD%sURa-Bwb^9Z%8#sfH9ONdU~or(C@};s`@bFmjb;OM^CkNjH zo+K_j`B>&>6MQ9f zMU0Ltcu9Q7?!*R51!Rn;$Q=*Tn*3(FxyKC_`Uq`|?uY>zdo(~x)KmT1b{;0Wj6k%^ z5^2$)Y6grU&>Yp<1cSvb5T1I-@LPI8;^r-1Vvat-(>94hmBOq?r?oVR$7aYxvi$30 zlkrDjwLsrUhUry7!(PmWcP5;rX;%_B%@6?+>k$>J$1jIf-{RWR-9(oj6uUanAZ z-YsbLT7B+f0?roc)#8*`_^2v%4yp%TFK0DCVqLlz+UdK!4BM5s4&fT5W@^9`{;U(q zF03c*TapR=WYGrt$Kk_y9gTZ=nvAM@o+7*<^u6Q0_62M=?46 zC4=YKx0dQ8ihZNw)pK@fFz0mgfsEUKat8^Zcsxkb_V^V~+-?J))40Q6j|dTT4*!aG z-HY64W7#GYw>_li2=k@yvml>!gd8tH@jiuk#KON&B)4Bvh`VRO3;}25K_wug=bK5O_I(L7 zlq)XicI#ouTMtn8JLl_IKbgDpxmNy~CMF9mMUk~FS-8J4jisBADYP~x1UMCU3&JO& z6%-8=;zu6<{u-Kbx0Mt@PbEfnjVgN29KjRUo8(7L4FGNneH%HeEE2Xnv zM04wX6x~T~*bcozFXd0ft&nKngYzji_23|L?PI6n4e(=}f=G4NxGCL!V=Xk}@RzO@ z!;{do5VO3$E^9EDazOvUhQ-JnAM}+H(jo%G$Qkk$T$NVIY8I8H<)Le;Ui|uiTp|6hbS{$q|7rtPV61eg)ID6w_Js&R^k4kX;Y}pz>V9P)3+KY{%Cy% zGE3o9<9g!$-c;duktkkKh>N59anW)$T^@3~%YRF9`shsM+k^sN>ZpHqii-1OvY>hQ zPX&K7Ee>N(n7U6=QRlrrnDOzdG>bdup|b0YhVh^DE+t#{C&EXgPsXo8zCn3tp}=|; zpyeMag6H!_1Z%)oGM$77?K1O>`mt6Tr*4=am=T%)gKw@YNMVSM2!`pLza^_5V=HZfYA6LoQ0{@!V`(X6|V{Pmx@AoSY=3Smm6s}NO5ggYLJdSww z1+0#zJA81+A0DM;VtNJx^nfsg)HHFl{dW;}SR6Rz{n;6;X!6_ktmLpwN=^-oiZR$q z#hW|n-1m&WFdd~~A)>`}vF>jNQH4R<@Y(!255kDc{PVY&wW3ugJsKyuUrK zRF7l6;@Om@@NQbR4I8uFeegUVUTibt5&bxL<0oL3ZZ<+&63>Acd)OCgQf8YuMp`=y zLs~RUaht*fVV)5*F3d&`Bmc+|s(|67T6CCLO-9?S@e6w$YuJ1!f}LBLbt9m_mLe-W z;TP})81ur%<#YWzLfhjhBL9H+*25?w?+TgtK(ygZWm@5BWY#^{NVF3Zrf?Y*zbMrR z?^6sQ|5=I9`Mf2-B;jM*N^|&^maY_9v~>#D%|VwXZRqaKs5wiir^-_4LM-$&=7MIk zPS*t2``drhKw4EIF7suVXl+X?vwDLnv;M94mTbwBCSm0{K*Yie6OAjt{2SpINUeJz z)+!QSv0{A(?xi;g*u6M2qmj#r3Xiw_$)F=sfxZT}p3 zh&rIX+xW@`+IeggWmti^$@nEH<=i!J)g0qg+?0@a7xip8s_B(9TW}FS$9HPa&|6=) zpmMmX&adX_#9b1WEygaO#bqfo_Qq;&PLXEo()Yj>(dtqROV&m9=XpDMsUN45ckz#V zn~B>lX0*P)Gk%sI9Fz|+P6Pt*zJ{Q#PN!(Mo0nbwM#mo&40SNRK`eCP~I;d;c1 zUcW1{_2-yN^Idem%1>JW?#%%{&Eu;a{1W`4CHMD0oveB`VZDJPKk7%n$Df_?XMZ3l zDdu0V_(`%`7G$M-_%yYs0f%dXejA2*cM+5H_K>lkJJWksJ}spDG({Q+L9J)>p^F5m z*HWNWT9i*hb46Wrn|M;6R^6ju$tekU5+>OeJUcub!s?|G8?j6*NG2G1_NgF3C_}+K zhSh$WXO%?DVca$lP0&Ny(E7Hn5H4#OP#6pUdN3+av~#i+!elPx=exRNzRKGSBTW$G zAWK7L_*oQajl|(i?ZnS)6U)}gc#Q|oBV@Q>g^|fZy}D`a$G4>Muvo0q-vWk@8yoRy zM-vNLI2GJSdakcTWtQyeS5Z?2}B z?6a39wa}D*6=xH%|N?7-#8 zQrOVgQaFP;Z*6EAx{pGDnYLysZ$dyZ886`eh0-4lkW3g#M?6SW={Tf?dZ1P`Ed7yR}mm0$>@%_4IF~Ql=>tV#}vfa*$036XA;IMV8eq{LsN{TOt@R-s=l&y!UorLI)JrWPHi3IpzPU2o`EG#7U-C#Y z_IZ1siN-pjbNbsXKL7N%%D2Lg6EFac8+hw8c#mt)F8KGyMVP5@@k8)R){0UTcDTB^ z==x(FNKPEA1;1I2WU7eNjrw*W%+5V4_Joqczf@KfGHj#|6SAjDa4)3CTL=!}azsr~ z$|6_wmeOsas2^PF5(?6YU$=24Athmg%J+!cJKs#hJL)A3l!$`=7aYRS8G0^0v(&r` zQEJ|TraBu!?DGyehvfY;q)Nvf@m5E;B)ZPYlizcO&#z}`NeoWOCY{CNpkk+bc2w@> zT*=Nf^x~zk$)ol6@Xv<>q9LIwr&OS;q~7(w@882cq|{-?xPT_%@0jnj=|^eC+X%@w zFXpK|qB$POQQk(GQ`bv;;N7Q>jGXOkpNHeBvNHez5b&DgJHBhAClsIfcNZ^RzkBwX z$&W1eZVoqIwMiF4nU6fyOivE_2QqqpbtoziOA{wkeK8fF`-6luYcMhi9={#_8T2yW z@*I=l4>xQc3LHT;AB-GGCwt(ksuhVGL}(UD7OWNMOmPe_hP5rd980__tFMf-yPJX9 zj8a^~F*J-LU~**6lI9!X&l4C-2+iu$zp_T5VNe3%HaSjQz%1u9yMQ98Jj0c`g28G3 zCXZ!bQ-t7*ZGypn^$gh^wRD%q?=Z1rbTuvzrcl9X{m0DBxz{n%M6iYQZiq6U2cwxa zwaY%O-$?qvPcrKltu;Z2Z>POK6~Au4Cs>+Vy5UKh@&p zq5*-S5G3LS3wpFVSbEdNonj3fVhx;`Ub|^EY+ygP7tC8V=SAAHf8>YBigcQ^SHtA! zd#;WnVZvT>CMenfT`HK8cx=MCIkQQwIhEu^M;1(G^7;#qco@5}Zd^mm4oOflcCmrv zFf(>NV~Kg|=da<4+vH!L-kC20mPN^t!=J<__LfnoiCls96X=8?YL&4UQn18i67oIG z!(}Z^8NgY~)cv8Xx=-%#VrGA6K_+heZ$#?=;HZ7*7Q0Ip2;jc~e*2L+_#s%3x{?)B z+kG(4S0Z-1N!G|sa8%tLu!wzzTNN_&KUF@;FQJL7t3c9Tn(1MlC?XFi*0sQr7i#`i zdo0N#`O{$IdT>(HL0YDij?7MV1Ul;()~Yd#p&~r6{A{gaT@PWUj@WY~b`=C67Pz8M zt2$_FQIu=}KT9RX?KZ~C znz1X(u$K<_wvO`7$K}0-7a2(mqEAoDC*{53OV_8Sn1X*L_3|@qZm^Y?n_LCHrFUTz zkM#5kK4T%LJYkC1{W_m|LMgyTgka-*k*BMQ^!+s84CNySiP5Inr-X<^@7StbW-l0u zYWZ&al2XjFQgva+VKv;`#+)n4<-p3NqK|8uHSH7|OXZ^6`Im@!tfXXTj&3U`E#_(WUd-yVZ=6bTD~T~P)=nr zvN*GyRkXvnWQ|p45|D(RRjfBPeFo#$v0I4=c)W1oyjAX=RqrA{f#rsDNwpnpekXjt zkHakFqujmf!IJNsv*6y?i>*0R(D(bQ9V43}OSU<;tn?Y8+ejvutUj@_V zvo&(Orr3%p4>j*bQBQd&7N6R%TLZ^YKhtU+Kh;2nF`|@enSHRF&Si`EA(kAMMD8NW zDo~4UQTzF5JbD_-xis2Q@4Dc%2bB4KS?#5NUTcqKQYk^1aadY$H__ zJyx^Bnep3jCFuAt`bm+-UNgNtX)dIHzW)x~UwmX2ygx;`M$3GiPQ9ePK1wH5J`f`) zS6dI^K(#;TCpOE}^g-}s1&dZBT1cBen&)JoRmB(Bq;eUVZ5dRKsrFPdqZ}V*CQ|Q# zny7*0?C;oduHNIu`F9(x%_ED9X7y`CTkEU!;8-j51ef*J%3;H!7VW5DQ?2bp4I;34 zWWN3Kc2`b=3Zu%PmNAHFTKTEjSwnPVKnFPVx5ycsG-Vn8U$B^7;{mQMSPQAesm`1^XlKO1}Jv5!NsIV||?&WuA|W z4`!Ol*}Q^LXQm}1JT1+B^KFvafZYwH7}At0OmAV2s@}3K&KPtVYSbzb8z@oUpOdWJ zcFyPX4|YVGelMlWjnJr&$DoXK_`w}3p@6$v7upXf3#hkDzvS)qMdQtD315#NNnod~ z3`(@f&zm21;Vn@U4+blUMFkYRtn>nW%ZClA3>_x^ur*tfC2a6M2Z+K*wJJ{(^hKXr z;Ux2@Xk|4;=x0z)-I-I8=9mOD9jW`pk}a#^|6Cir~_& zg-f#JgTS%c*pQ7qpd?GJD*akvtITXN?X*)lthA9DoUf8n_@m+vYWG^*c7F3rpb$Q# zyff06id*yx$lJg5uNIl@!}u_*vb`TunyDmAIPK!ruOUyEUEcvUO;OIKhW^14H>YH{ zx~$h7e_&&7GjM}EdW((-*3Wtu|ue2@xu0bUGpgBilQC&sedlc9d2m_+S2O)B?=i*JB4pP9II+u6JGe zh>*Lpxi>K62daO74vh!slX3Qz%@IXMM%d!gc5#;lYN7oE;q6L;YceraIew~@?3P3y z)y1;HCn{@Xr`ApKp8^mz+^vh(fsW6Eh7J?MskK%-Q*nGlAj$<3Q{s$2HCCJh$@nRx z>j^P}y0IL~V7ykX{y&%dN2Yf*@UtNJI`H}FZUFPr0}u0q(Tr$rWcxMfHm!X2?E1t|50zvtqxi+m!6i>O=RzPqk2y#GzMn$+ zSE5DY5Vy0I_Q{B1tn8RTr?1vaDsYpUqgcP4%b}(iLPDhUx``X2#5gR=wPn#uJRHM? zu3GFL6&vUH2***@uM1&Lr)Nfg4qSWr>Qa3;=JxT{ED0>dPVM)H3dwt%XIJ!5a|&b$ z!~=AYqg>$>H*6D&iB7;I0^vGY_y2i1r+t;AQ$=9}Wh-}SF6_+T?IFO-_*?Z4PR!&2%!GNp-x zdr<+z0IBO*s1#bLA=1Fs@7yrz_4L z27u5^PE=88_Uv22l@`qCq7O*x-%*Low-#PEFkd{>Ou@wVvWUt#-rWbygFP4qydc&n z`K641Pg^dLyV-L=puN3xQhHsHjeX+zv0~S3`dZ|s?0hHnLJ>$tCu+Js?ZG?U;Pcn0 z^4@zhyx^y{Wx95!1Sx=cOt$D&G}My-h=)tn^Lve&R0Cd&U|MZ zt)=v=X-VuXRJ`H$W;Ms}!q8@EK$}8JM>9)tcTxpoQ~>I6HKX!ylneU%)12tTC|md> zgF{uMcHxw|fuYUluCIc@ui|daKt@K*cKlF?O1|H~pgwZ=1a+w;B4y%3F?>JD&EWj8jg_*%T@4ToI1+PKpaw)9hFv_S$TK!| z3RPk9)`PJ47i25!>CRY*u zo%;L6R?P?wqfZ@XJ|5m+F_0JjFk`|hhg(4&Z9pbi{UoeEi((P`l&b=XsgvT`c204lpZo+#SyoYMs;h+r znOs&%>NjJev$y8{Zc>MqVG61hqw7`1$g-l=KWrT zf}JH)+g;*}X3VuFg0^9~8Tig}50gYqa$_o^TKd7$)AoM61=SS@_%M8Q!9!PYh1cQZ zqvkz6jV-DbAewRHhr#;Xe_xR0g5>EEL4Je1`62xtI24yb5M!b`;5GBE_rlc$qmG4Z z>P*0zUiFlB-vS7MKM0sWQ`^>c!vByu$5KEsHaMQx*E41&{|I8=htfGoeu${69^f&~ zbeegBN{j11P%TlXXFf$K{(b*LrZcJ2mEN;?Wh?e^N)oK3q)a2Tj#|89_N~k~Ij94` zDrBx*pWrl{Xqco_DU<{iFTWAsL5IBO7Oza6GRKz^h?ey#3I`erUN zVK{{%sia)bq;dNz_Vw_J6{0=Kcx*|3n>Nj!juooL=5@4LvhbQ>_9)4+sIt054mT#Q zVTDo=(BkV-gp89=@?_X(6d_r?)uJ0&&NX)2OF^MgovhNos5Bi9m$GEzz9#;)cU@iA zl%sKRFLB)hM_INnDdG)J(y@AWODd_HB==Ra^nGzAfhnl=b8XRWH|mq%wx)UWH_tK8 z3s~}6*=}oBKU|ydG>ci95av<*b%nyd=1>!uF?S?gt%P-}UXDyD27_FaOG1xe#0QGF zAF^An8Hd}bnf?fodJ#*YP>_D07Hs{gqx?FTl_T z?sH7{a~I+Et6H^CnU>NAno(^il$wcW%(60_PLZN~GphE zO3~@}`3>4Wc6htr5AePZmTrDtM|eN?mhgV3M}A!2hHiAc?mm9-e~S&yUzHT*?s>Iw zKdZLJz67#&miMK^@s7#omEw~~r9cZajIT`kM@71PsM3<*S1*q~UwrC0IJ{u=LRhe@ zvqR${%6Oj?cUV876qh8R94_VSu=m6)yJspu6(5&uu3fXerD=cV#K-Ho13ku)*$z{V zJ`H-|#Y*yC*;x`gqv(7BNb1AmYvD%@G;=hR*+rFsbc>ODzY^uQlpY4YKU#P4kh!Bl*vbqVfk~9awM7y-(?(J#uD@s;LV!nuk zUPGHvRTi1p((w_bw=L;3!MpF!;yRQI7V`c#A{)See=)34w8puc3+QA!nXmiywsZv7 z)8nV1pNw>~JnaHzK1zmt*+6sA1=qyD00qGG62hjWnK z?KzQYe2U0XHIM{7sguOnmA7Ijrc?K)SYF{-N$UI_oh)m@MKmqs>#vwgm!4)W5&CZm zV})=^tEa8aiBhrB1%5qtJ^HJbppz6iwM7a!R{2{ko3I$&5XmU>s#kv091z9o+?-Wn zatyQcvfgs8!89Mw(J#yk&Lc$-7V=}Vew$agZ%^PEEU(JuD@ocW((Hi1T~rkptN7+~@!W zMAk6Ol8Vs`>Z)<_6>)lI@(2c(b+^m;`ESo2Hg8Spj#~TF&bu)U!_DjmZRuh5!E_ws zCOZv}D@)<;TpB(+JD>yqymy%e5h9pY(SUiuLe3%tu&;bl<3#jhu!VnK$e6|+cabc9 z7|7F#*T^4ad%qt-e!tKPRnF%ey6@K^JhG3O5mz3j4_S|lulOt84knK3uM;p2pO7n; zOWrHI-(^{GSF1kjJ>FcuYi65Jit|G2zQl|hnT4*hWP@|YZkaH=dGhy0u$2xVmU;b! z0X>t5j~EeNEdKD+ucFh^!-Hq-sdL7@G3J ztmflOm)J%vL<#XzRg4e{F{S`%u=8-R+c^8@1Zbk`?SQCQu~XcAzxZrF!lkQ6tX+_E zPy1Y;sYTOxmln>zVn%q8Go;J|RTBJ;BuL~({`LQZe}WK(?>SPJS{`o!gUB^xW~s?| zSA6dcPy&C48XW`<%koop26IA+V02Q%yNN0rMMd9>mEVZmIEvvgC}Tb&NLE$I(EkG+ z{|;c~{6^_2mB$6SGT$&}ZHJxC3huGfX-1c`nIihW@IG=o63WE0kNXknx*zwZ2a=Ty zG_+UX%O0qp8SJX1f{5NGByT z$gTy?GMf};D!-L#RJQO#Fv~G3!jJVNcmgO^bvtMiNJcjHD&^v{B6(oP&fsSs6sKI? zYNDKxZDZtAFD5eDB&=!91t@2Sajg`W&Jg@t*2grc>7y;tZ2l+!m;@mtr+O`keKtzM z0Hcj(>45k}25ZMEG7J%k2RX+u_bby-9vorXUzRm2_g(A++&>{Qv=#v~x+A9H=AG@Q*T-+8chyQSc9LQjRwFxAH# z3PKPWsDh}mcjWd8^(Y>LhDg~ppX)&Z79I-qgau(Gr*egIUH@Tfh~U?2xz%pZ{&@k{ zlvVNp@%%>did^QjI+s=SV0B#l8Oc|*o`;wFPJJ>Y@@GV9!23nTyJL>z%04SLdD~xbtc&Nn0Sc<ChR%C$x zDn5HMEX`f&Yj3YiSoY{GtQk#55H!jEuqeMgvwfjd{g0#*46t;|3d(nj=5{=Z+gcK^ zfBpy#bc1rC))xy_AbiZDeCh_bvCGr^^!UCT9=?+|l*)RJp9b;D@jFbaPaTLy0Em{R zs70=u-sA?21yrW)U&*y7p~K`Dyw(geKNob`UopJs%r<7GT&33#pS1E93Q84D8K@pp z1=vN(S%Xwc%a&}dw6b}0jVM9hYx)XDq{`L`N9QL03trQd+QgHv(w7RyIjl&Pt5eKn z%f|V|>?8kRH=4ScdEcU+2%k>;#k(Q%74L1@ymZ_apw#t{wMefXS&zmv=n_tPo@t3O(z@?5q5>c{|6U5dnGBT6NjXEB?i> zGPrvX?_mti_zx<_V^os_sM?oe4u$G7G9Vad0eXobpgdz>sUyr8v7<))64kV%FvG&e zOq*GQjfA8|AT~oGWr^kp%!%vk#ao-j4UHRmnsdG0^LsuccON*;LqZDUzxox%{x4IF zESE~3=Z7?tC|_P67GHWnGx}In*iJK7T_-C&& zw_8SJe*Vg7*-t)tc1yyv9`U7vP`HJQ|O%{ zjnq`XFYhlBeqRF!1Ii5+Gs}$SHl}4B=>W#}(u=gLuF&Wl*J(7~=5mmjO~x!ZufV)= z2aP<*6p7Fat6A0+W!8JrG`q0%ATrl@+^KkW8Jskh0o%?!%uOiHmBCzN#a=3;%5>xf zZvdXqHTz_UJ&9E#Ir3DQ1q|8y^F^}7eb5z*$JbHzud=;(BvW*IBP5#k9j zqgYHjyTgWcQpTAzXc-h zSRn=LG$9C#UFjx`#&$}W8U2&@$Xm_pP{y11;aEl0clal7cdaC8JWxhhCbSRDUTUGb z2sgA)WnZujpRKffdMGBDEuQ0sIO`y3_>*HPBl;cRd9bbgud>Ou<3^$`) z?^ao@HuI~eksVazZRbCfE0jGTg)z>N#l{TQ zglI-%@i@txLw5lN(;JjSKO_8S0P#?{Oa9d8fryxKBm#B7X8|4V>i1A(!vi=TY7w3F zJ({c7<1>HO7gV@=r|*t7wR^}ezWPlcdgmteXQ6)6KwWv>Sl(OH;=o>bfD`T5w9eJq ztB>o6#kd<@)(?(kXQJ}(xZThX(A&;V=l9i(&%^tZ-uKJS_r^`h=Z#Ljm%-bPhvoB3 z+GiJ2 zrugc-S(4eYv{3a;m1i&baRbm1p%Gd%?PI&0va0Js&C)*`mx8iLb9WBMIPkP0NLz$t z>Mnn(w|~;#U>7j^IW@cuh4(?BF9$Sn@KkfH;W>SaXs-bjPPDq7)>x=&UBt>-m~4vN zNR>tnm8zArX|QPAY~4oc6#XdRh?Cx8zKSHo~s+v=Kev2Sg*Sny#1S2GC zkY(v@&BNT%-*FXDCXbPoP1Ajag!Sv^GF*(^+vFTXo_(mbpOK^)%O}l|Znloh6Xq^1 z5h?4W8!1h4tp4^YJE^d3gI{TWM(GH}@k13D;)BhliP;X^#YfsYD0TY2(j$9W2o66f zPh(b;8pjl?ocAnlehH8LxV`o3?KGn781z1*nHzzd$!gCC=)mc3iqYZ_T5w{YiUV z_vxJ=%LnID{mp3+`%C^>YRaoi{aNF}Uq%lQTk;fKLKiojIbj1)$Y7Llk$oCk_$$oa ze^jhZ0wpLAVdHk4zq*LW04w&Gb0FI>4&d)$=i2?-1!2-#+O66`UM@Q8^)8KtX5VyO zvbHYY!wA6>s_7_(Es%wsDox5Z_Em8;ksZ-8fWa6}J;RB`D-*^q!q1x#)D$fB*pypv zNMY{Y%JWAcOoP~Gl$ocZLoAk^^y7Fb4*OgX*71Z&+PczCm0YU9w^ZZAOcku-bu1pt+b;s?sqEHvI`1g9cXNdg`n7t~19T5m0{ z-$D)vT+5v1&?{84%DY7FaI5+|*bbj-neSDPCQ}F~k2H?8R6gV9VS(U8$%HSn#k0;* zPH{$z;&yc5Se1Z_qYsrPlT>)nG`FY79ifBfUNbf{oD+Y>(=0>9t4!iQ%m%zeiqgC& z)X}`E2|@hK4yYbwleY+`T&Y92R+%c4WA%<8LHXsb(WD! z!)@|@OPAvTPrtp6S-p|j{TbWKDja9z-Z=$7b(z832w<#;<~cQZpYv(7;zthPCuK9()9ts>p(2FqYyN(Y%iF)-j4fnDxX8JV9C9O)2!Q(2XfnE<^s+ z$C~#@me_4(mG~VjaVW_JzLoox>^KW_+T-@|kwpKI4gu4^m#Wur+YF1|PNeR>ffFU_ zet-iDB~?TrNg#??pN&st&4__*+kw%OU`ZU^y)lMR9ntJkM3f6B|K!(DtKD-Vv@|d^ zku*j_FPAZSYJ)=cB6O*?wkdUvKA9>Bp2@8hA1HymsHbePdF9xNSID*+`lt}MzF~`4 z-WRAChn%&>_HLDE|CiKB`Ln4vZr{B35<&K%OuXjZs`4!$lF2VtzN}sZo}{Z$gNT~& zu=QiqbpjkC&fa2i*W;`WOq!%XOoaF{Txw#;MpXKl-2wt5VbWr8kR8znXI)lgE>aSd zHQi9izIMT}A%)fwc`bEO{~!{^|SEHIZ&SV ze2-N8esn{Ks-wQCW>mZS6y2g=Dfjx_9o|hnB+5YgT=lxb(LxM|7_;k z&GP+q-w}62-h*8ml>%7zV*+8wHnM5f5L%;txHC0A<+=Ex+k;Iy(Kr9HGno4xPv= zzwK``taJrai7iHC@EUJ6y0MS0`#Tx`nkeQIY3Ub8lMVmX9!a97-egyX2|xs1L>n2e zHTorajGr{!T=O_G9cD<=V6~B}mr!mzSMBsWA&_Z3$0q45j;*O=?C9{6K*OZ&MHfVQ z%H(VLtC`fRsuQ800W;vqprn_YaXQXpoKaEw%*i^Z&m3ig!7_jSF=sMc$gSktxia{2 zA)#_ixBec%-$MII!Wa*@H4TJN_T!(~zg^!QA;t&T_PDq7+)oHPbh#nqa51FQuz&lb zYy+YEY<>Fv{#u6I4)v1_D;0*$_V-`=uYT;*#g445qu8O%>d+rERMU!dejH$h@C+|6 zgyP;d7~sdSp8JTO8b~QepYHvMe3b1Oq}E#&`J zGx#iB;;8>CF2qI%bL+L>J_#Q%{36)ko;f#W;)=&yCK?-6>BuOO6@END`o}=}^kC`) zLCqhb*uerFPL3;RjZ1=1O&Z2Nvl~?7?-iDHB?I%B$F}6XK89aK_L^%iip* zf%N{>hwUg6iV^G$R>wgXMS;|w{3fP>TNHy2?^-D)NX7Fpue}Eryq9kFT2sah6FDf z>X{u0hUh=neQg~yhuWVVe@?Emr%gXS;7+df-XMOwXGuRjDx_auM*C!5Um$*P&5^#n z`g>&mi+T2T$UZ;#GH!4FH`cNq=mQ6B^#7UcCDH-?*=7*nf2QpX*_B#Hzz*ROQ_I4&9(B)f*Nu|6(0eL{w^2L75 zOC{nAMMo8^CEODr(<~XzMYX0tQskF=3kuBl`4xOD;0*-L;RvQj#cROdor9%QqurQ~ z%$Z&9=XuOamHVJr2JuzsB#=FuGbgn1h3_3m{o;-{OL_4R3)_Bj0IJ%^Pxec6X#DHN z=s0WLgD;6n<(Qf17VPbNfiqP#6aT)9f9*mNB|K1@Z05Qb+rhYaD%b0(v%4gy@wltu z4g0$jpkca`vVqC|?YdYrF1ZW+&xsU3AI;QRdeS{&>j0;DqtUV_h>H|o8yVq@x<9+^ z96<;Ep+WXjTh2B4%qe3<-y^+Q$4UfS4O$I99AIUWcMmrduS+qP}1Ds9`gZQHgh(zY|dT>I?(3%+))&bo=1 zZ_GC0Dq4#<$J0me$%(MN$P_2NxYb-%wx-Gv#t_`ooo~I5Li3Z<1NW|Qt`Fy+Tg$}? zO7-frqh7$SH%abNY?5fV7cVbDO~xkEs0lE1(@JrpcftTD>O^h~F4fClUfh1D2cR=6 zPF?a&O27}efZ>;#U4nps&M)_e8`?H;C8g86cxx4t=4AB$INNK+WyL{cmoWch<&hbc zg`lwe@beeBn?3r~!wJmRoRU+>SuTP#se!{q*Lr5_^fpbgg2%D*NI=_R?Y!T4w$AcQ-ZBx?%-2Hb z$l>q?QHX;yrQSt|$ENneGR?}@@ceScaC`i0r!H!2Z<>1}BP$Ot>Gx>jfa4Gf>YfNC z@6{a8D(`mR1Mr-|7&z{s=X#2@kem0eKger-O9RY&dfKA!Wzi3Apj>+^=X_0qG6NqqF9BY4zO@KQ^aRxwN|!Zqq+^*l&P@!YI`WrTtIKj+fhTM}0q zB45Q+Q1j2vO52SztB_w86emY@l>^B%-?aufQe69}?_uesLn$kE0E4i{*38kosJzHUE~boCR<$V@N!gLGpF%*OB=Y&$n7L)vW#QEW=#OJ%1wXJj1L14bZoQ>d`lnRl_#*0Xrk_SAs^99! zOY=SGg0D_x^k@Z-CY2qo8ItY=Fdq-o<}kwFLu8;Az_zvyjq|sWAP5gq;-b&i2jy{P zfNdEcM`Y2YfycVwaMNso$65f#ZmME<5{I?&m(uk$VTjB?2rc>tO2B(quw<`h%+{A# z6i}&;^03h7vSu>L8k0!VWydTm)?wE4-(AccRzD#*!!raz(z!qkGFq5q8pk-ME-16- zoI~p#ab$&q@%P-)a)2RmVS8H?VMGiDQCC}*%cqoQ3?Y*uEZdts%Uj0NI#yvb>gNMj zmwn4(!e;4KD@hEgTKGY38UJXY`c&l`8p8HgM(Ojq0*;?a2Z!hJD=C*PV1AepBM)wU z8HkO})@~I3=x%Tza_6ODR3&2j3;q3T3*~@6%YSmxy-KsIn74HvLSMqvG9E`q=%$d|3x*dxmwQOw|@t5d{U)Jxx zk$YuY{Y#YszjqR_gFE zp_5O95A$FNpV4R4`811weYKTbDFE8NG?+*jL{T0|6#}(*C2DEF9r@cbvN1{uex}%_ z*LjOkGa-V8m|F}O%(#lR(YVwYDg5vwYa{y0+;DcI7paWip$J5rX|VL~i+*GjcMb6p z9*b2|Zgk3VQ5An;m9p#Ztdj_VHc3Q0DUFFoKjCe);S?_2lV{}0OLg;x>akJ(0Kbx} z1FDZc-uTR(&78EG*#h#4EXJ>#(+qz&I_Jykb>+YNO{oP?{Q08)dAgq)ST8r!?1xO#ckv3@Fpg|Q)w8wT&Sfa)ulp~AHn>UxXMwSB_dF! z*3)t!M`=Zp;egfZOy2**QGW-I*%=DlC2mrdvrz9a9@OVUtfIa;YMHE6jk@o*%DAN* zfiD-8)<>dV&-;5%8uaKH$2ilQ0YEqE97Sza2?Ez zre)8uX+Wr~9>!?HTUyDP7V80%(#Bu+#H2q*)~MIZ)u-Y)#QnZ1mKdJ9&aIlZ-iPMb za3L%1OO#J#t}qyBCwB*nox`?$2BHj9c6&`mOglR{U+(4yO2{#xA@%MsDeFcv_7YTs zuD@CAdJ<=m0UnPiba4!Un_7rWG8XYLwZ+fEi84G$KKk=6Z9Wk^5!2008b%@0Wzo8x zk(1s9e9J|_DvqMR?rf131`vp+QsW)~hP(k15oX$5LZ|i`jW)i0)jMJ}n|yFPc&SOx z*+sY{W|D2u&(UBa3fGXr;(0+Np}*A}Qir0g1Ps=VZL9J!fHQzyn7&xo8fjXf_E`vf{;jN&Nz9Ndcg7**EmHW4P zjjy1<fr({7d^- zWH+&SnY6P(AYa9tE!~c@X?eSzOM_ zE=&t>h}C$)MKpOZsU@k)29vF?4?rWEG&V5T3ONRcNs}voSDBUZs-<&%$l$u*J&`wI zFXAgE3IR71rLQXChU?x^>`bi+JJ<12GZ|0yGNw(WjqLiZMo+l7rrQpaAaT^^{H@m! znO@;;ADKx!D-Z3bdWe&J_0J~x9Ws0Y6G@}d<}`wd`$%tj3bWVIu_}7^F_J5XSD!C@ z(8}xmnaZML?oTbDYm-uG%@9&#Nk(tDB{IYH01Tx`tjtc}4oePo`}TFK=liCIzB;s? zl9Z4Ufq=oc^QV)*_rFPz~;^H`slpd9X{$16~DqKylke zqrJqm(Bfrz^9{0o2oRY1pbyS!mvA7D4^i-3Ui&zp?Os%DGPkAII59Jvum z3&sGO`z#_ZOU#IL#4a%%@MvNpH7F!9c9}?#PaFB%I?&x}Os!Dw4r*k?P#FOM`0dl| zCNjtN;lYUBK1Q{+%H=s-$PJ-nsFE8EZ#q$K%*B_JvqUzVr^e6c+m1uUjhkmq#bCu4z3@u4gn3zO*1_5pY=$pRr zKL^{bjT!nXyF*6?tqC;^{WhYV?53p9vg25RxJ6qqUU=w`9zGpYzpzTE^JG$$8$Ru0 z!>S-RdN8hp@8SCI3g3Juf6RnQ^-V7)aw(y1UC4z=6@m9lDmL@`;pvv$v=W|MzpA@M zb0kW@aK}F?ihP)xMioz)9@*+3($%>$45Ber)#!(9TDhT(a|n7X(3<(1_QorE zE|yt_lg73nRr&xOMq@kJG5iLg6TL-V4&uT=*GkLXkl4mSuiIEP5Wr^J^d>U~5H-%u zT3i#k@|bQ}Qe`d<^pCXXm@iF9Av*t3ZtGUC|LR-lR9J29f^`)0Or~_#zcfQ-H=LMAe|J~L9s5(vCR#2 zhST1OYm^=tPgEci&&YOMFd1hg9Vd3+!Lj^<<8&Lz#*;g0?MB0qN@P+hGtI%+Wh&N# z(OQ$cNQ2SQav)_t6y_#%;yN_q+Wamrt+2O#Sob$VbqjF$h>mZL{Y?}j25&@}eP-IV z@eo*`$4*~6Q2BaxH>Xy9 zTjBFP#<>adR=tFT@=!=vZ1yQX^cdkv)QK^v?2RldC!Q^h5Nus7Q2w3O0ew zuMu$T3bcW3jCw*YG1+??HnU~TUkQvJzfu;gi6-BA2&WFEjzPlh(n=S@7J({Zw&F)O zb85tuA;37dG5rHd7EchHc2biO)ybbo*ED{V&JCsG9w;MAR`YIt++Xg;tX!c3(#fio z_o`@qa-a(fZ|}_F5hp5hd}*1Kn|4=HcGv5oK+MVeCjFlL-49I6q+*x{%t8!Pb(mu4 zb^O?|%-1G@DzXL&Cbr^j2J1=&CR4#wVJa~N^~zEx#h}DRsyv-|*!?>E({U}jXO!mT)hA>co6Il)bCcL5Iju;?Q1uUd!fpJ7de`+0yObRPZc9pB`yOFm+2zD z_ybrBH*EJDNg~O@usmcw`FRugdgorf2Pv=8&Ss14DuPisQz>dY+l7nm-ESZTbzx`$cb4``b$Qsfz&XS!sbEd6PK{R8YnGPXC;pQyP0c?lcw2_t z1nhkma8cd)zfJtq-lXEFAJ_8woYVHEI}OXB$2F6fWGCy#ftL^+5(lNxRdKjl@Paf9 za+cZxj5if2s0h+s^qqWuu`X=AE!X*@2v6FKxp5m=xzeJf_oa`N17Soz*{FzUsLeU6 zOtO9aD5A^b&``=wsLC$rj}JQa;!t*{HZP<9aR`<(4Axs)gqU_SYWh|zH@uV+k>mLI zobVY zQ1FAm(zPtj)YixM-)CF>xGV)9yR4JOfu@2_`AAf;5kC}$#rVAJirhJ9dt>1foMGao zZ)e9#&W#>vuvq>kDEX~EO8%PhptLX3akd2=-pmiC7p*enwl+Q$4~(=Oc|xtYdayQ; zJjf;2uKFI|8YEEt&n5b!@CBL;l&Y``^WoVbZRjJLAQs9d#FX`9Z0dB08St360L{go zm2qPL_tH#4;(;Jmm$DxeP*agO?wq@S>l)UY|POIkg^U6RBTOBJ6wT8+nqycv;H2^v+ z0}dTiUVsKFMSL;Ao%NRld*wO#|A)vOsP)q&=3;LW8irlgn3E<5^P>x_EUR=S8U}VeYU|4s?+8UVdzIw*m8k)ur zHxMQ0o1P;&@fsUPLOyv*kSuJ5&TVVv@-&{JRbnX$N50gGrm|D{@j^;-eF8`_zH-;~ z5yee3r;izp{mu*9u%d@t{-ylYnv3TRL0=M2o^KOx@k;Pj!Cy7UuLw9t^))+*`nvnuOa+WPe$`3M&RK4avM`!w~ z7{jThVof^aI-54?!}ywmw!Qkc%Z~~mooq91J1jiH-&+(evwem5z|uUT>ENOHNpAWe z4DE>xG_1jpfktN^-%T6N5Kv}*CC`4N=URk2` z*Uh`1kd+Abh|;-XsaAOoAjCM@;>z8AP-pTx?xM1Mo8FUFn(OL6x!qBqVarpzOs?4q z2~M^{{Wn_t^q{xGK}bRpx5!W02ZZHvui}4ZJ^ju}k;ZZb58j&R(Fksq8YfL z-IlWv{z}Fe3DUUArcvNhZ}cU=3|+4`E>JoWKS2NLu8&Cj@tlf zP-j^ZSWtJCxml8>pB-=7tH;CTt>C(Fz;2P^njH00RYcP4$l+oox140GRoZVXUR9?d zbvAS5HX%8vKx?qQAteT*JxQjtFW6laMBCn+f;AK=t#Z*K-ZecgI0(0X@eF8(&m%#3 z!AA6Hhe^w=&VuY0NCdr(|;;Mw9P5q0yT$)@i0Ms zVJccHRjGZ1(5448{p!rZs*QFm#Zv0Xq>4=umwz*4IS9kWBKKoUk^O`vBwr!u(Q5R^ z&n%WUqY#F4g6(=qC1;c!Gc^o}%{BE+kQN_A1+qx7vJ|?@)Tj!eo=r-LJP<~u5#vjw zo!~E3WLcxRe{!N%!NJq?(}~a(ZTZzkx}g|NK*&NFlxVDF5{~geu1!4*1R6M6>Dk{~ z*E@@fkm}n|I}a}a5ZGls7G;Js-$A#Gp;L3_zEPx#H^z{m0zFX{GISHP@b z37As)#R^S2H@E6N>`izupE);wke1u*3Q5u9$6X8Mt;5vmqTCr=97eean`RSUF#| z*mWqA(f?~vjE(sd6tDb6>Mt^v6I7t8+9>*)q7e{*RP}vUxKv~jXvg8t-Fcbzi$E_s z33ieu?-?a$ZCWgi;A4A#VoCmcV2>!V)9(W86!)LuR8DFa zKLK1*Lkx0B9C)1e!+lwx7(PO)v}fz&-0iAqzb<#;9v&|Cck}}8^rq!o&Buf7P_eZHe$Nua z_d1P$Ko`fu^T<5VlAQ9!LJTi-8e-)B_7m$I4V~qj?|nS2+Y8Gx19v@4IQu>dc>OR9 zQY|WB(@l%_PeKkKC?n7pp=TcVLDC6i0gK6Ii?j#JHkHYYaqskztDFjeh3|W2^m=e5k~!2b^E5B|K5W*Q0{zKq!jgMLt}M#4{-~r2Zg<^Mz=MbIT3N z)2HUrAjn}{SU+K=g7gm{=+dL&(}ma=GKSc{N$ zVkd!<(N*f~TqVn`Z?uNRS%h5n``R+uAz0tZqP1ZFNO?WTfFoW{$0n?TeLmW*hZS6d zeLvcA?L+7Uoe-2@#uR@-bGyE@@7rQt8}Sd&pvR!nesG>`^(H&p{Bg2%s6JuISJ`02CB4g_(?-`4l`jaN-@@NBRwTr=vWFnN*10xAcdaaxD+6>5S5?Mfv zx+L=Ll>Y)}3xa;9YfXoti1647x1A%~Y-AE9L#IhOKq4y#tsj6qm|BozlSGb?KAI5dv;AeZGMenuD*d4TsUB2*Eg<>I%K zNZw7m7Vh`x`_`>9_53FHEv3C=XTgZ~E@u)aCPxE9(puTtR>-z^*~mDelH0)e$|RMR z)Vyr^t=*8BqWtBCmymn@9OZfe?2>Q813$cUnxk}ID6^eV7G6#BUr~gKSz@40v(*x z(3%lwmLe5|md!y5))^f{H;gzrCC@bBbBa;Y%m{Gjd_jNisU#wfImZM)WyhL(eb7#ecmwXLCJcXsx8{k>iIk`euj&)D>z@F_TW`GtgG5Zplf#smlVs(GKAIMA!D|8rZA= zUy1`>0n!B#b5dw84J}slfg)8av6qS(t((z&*3z!y7Y7|urx&Tn;R(?q_JnzUr<4Q_ zui6p6#dG~nmdDa=_tpIubc1x7oZ!w2^iKyFA}cpB?TV-0=s8Bka?Go0Xu|F#ujw%QxhhA*u7+`x}WAoy|Yz<%~E$Yo6^{`EnNvnC+)HdyB z;>x4~@lP#V)73@(A!zZkl9ET_hr^;GIdqleyhi_@0xiW3mZI)D(|v_|%+I%%Y5xEm7P= z`Fd{sg_Yixw_qPH#n?sXYVGg3@Rg9tQd3Wa1;|vi=m_~8k@z4^@HLMm0SDnJ-#1x> zGE)?C5NZn^P43&|TU*SC8$S5q6xt^ewAeK1Nq%>I`7{ys05xABH*ICoVn7)W@B8ZXw?yil(&|YmNm0Zt5j2{Yv|S1J3gC zdy%&4X2e^=)gB2sYs-W%KwoyjB~azWlN!2cSR9!QQ2CfcI^8IO7;v3GVx;N;yw&|*=tv_6ZPbzf=^z%vkH}IEGqK5Rl4d@VD7iUH9+b2z=wrPcpI7hpX9L`T z_$a0_o*O&>o6q>vS7N!vFs-foQ9Q0}et+5C;d9ki~~|%DVE+ zHBrh(CyIq&oH_(9$@?KZc0fsFAewf!;Z~gI%RZLoEiwev_I`4B`a1A2<;K2}lYJfw zSsZl^eabjL%M~iBh)%kYUfO6%0P%KXkDXlGsBWdUMFbhD`Nf5Z;_Y?av`d`4l(xy#40I61BqVSrTUHsFy9{T)#Q5^J0! zs;5$t?w!!Fij86H-u%#D+?M93^gB$kYMX)^426O4Cx&|ntnjn}^qk|>i@OV7cA@~r z%7@htzhy`u*qutHl_I+;6N%-aSoHLt1Dy*VxRo;vhjxf6L|T48lwk^32J`j$V?-E~ z3mNvoUl!Ak5&t+eO(Mjq8`mKzZf%Oj4voOXZEsF`%2vO_06F!DGqYw{6L!d>K9+4vhs}jJrDB&-OLhPILgJuzl`A+RQc= zQ!Ni&z^(0hXS=7~aQUINS5U`vrqbcQon6vrQ1{t5~l=%`=n<8|qrAaNO# zN4av69Fw1MY%RubzPx3fMxM2>{1!MY7dD1+-CM=b2Erb4Ro#0sNwC=@GJH!Mq>w0- zxfo_UWWkUV7@_b=9Ex!2>Sn-Wm98Q5Z=%e)3lU>2BWtQ898gAC_$OubF`Z{^^iHSmlxNFr3i>LVWu8j)=6T8?`oghSdNxU^ z_UjlTpI+j*YQ2w|jp4AbtH_qeza+@seShe0MAf#@+D&p$sP6?%iw>(bwJ#!=l+M9)bU88u*t)T*?xO{;cE6;Ax4| zT7bjzsNMI8)axicLCDml4IJR#t{--++iK;-Kp}w20jpAIt{1=KZlg~*4^yo>w)eg$ z@1RmV2Z9rFG%ponW7G`cRyCC|=aSt|FAmEu@<_?)`$loRcV7ft0g&*FCk@cOVxt(q zqq$NI5sFHM3Na^9_Ho5x*i(pK%@ zh=@tu!l|al-K5(pkAc~$3gGe^a&xwN+fh}L<3MyZ`HSr9h%jQSEJb<0WnpFj(+7c4 zEoD<}rn-yB;T0&oxE9T*9dzDmfKEYPR z0V#v5P+a`0uzOwW+`EgN-xs0?ywBKii%vk+eytq49%=s%iJ_KpZ$(Lk=c3_l@vy=a zmQ(4N>o%3&4?lNHQr5>b(odzj0X)s|BHte6M9v-f~kL6~Ip^`^iwokO{xQ?~xYxtsG$NLQ7Vhcih>ntKoApiSP_X^N4!LQs*~aQXyJQH@yLv9Y8yrii)Ld7kGM`SqZ*VG9SgRX81v;L4!;$%-8ZA0lrxODOK_k;)+x-v zRVn2&RF>C%FE#uyo@~a_Y2+Kv`>moqjB!a$%;RJnI1`>(9?FMBZ8Mr`__=30jDF9T zpHo+jjjXkqBaHD(Zqzwx90(gj`6wr=eVr4T@oMj(jjTqL5=oOFHJmg~IslAFI(BAR zS*}LM{vYMQ0c{%2fJ9b)yIArRsT^fi1l+6-(p$GxQb5YO2J+;X)ukUBl*lCGe6zRt zBhSyBVWI54!4_{J5Ui}32|UUWAq}9 zqNvzkU{cfc)LKONRFbYGfy`HRmW?pKjHVZiz zMgp1-x(|3fW{TMXlyy|nW6nyY-{YH;%?$Y(u(Gp>Xh9=sl8A4m0{EAnJ})*j$G>gAJoUU{vYSR?)cy8&m(QR zHknb=*Ta}P4^{<_@;Cn9z3cfg#(`DgL+@uaeA)}TeCk!*1_>ELa#tT4T~L)aB>C5E7KS7)z}L*D!OsBzT5&d^=l(@;uc+T4%f9UcZrtYZI$e( zsWr%x(>&%*bE6*x$08zvi9(nlgwd@9a?EDa@+l*JENYaStE?en`!3V2!lvZ2?I-Df z(LU{;7S=NXHmq^xE^Nf(+B~k3HL#{`z)=S+Jy4T{ zdKFOV3^@bdSma~_(C6j}Cc;daW{hg0X;j2+3XNfoogT=`?9Lt>!z@^&BBB{2M%J@p zX~ZL`L^0!cj+Ic3i(SO)_wLvYe;WYG;i)OVn2j347^gci*=V!pD=|5m_M{vJgWM-g z+y_P68((In74{h(AGsFmH6;#+t~}Od8pwTYXRIVot|%r6l%?FFw!jOWQm()Y8LF6U zRY2&98D8Ppr6*F@<gK8tX}1D4Z~g2 zw3MKve~zSnd>yc4K;C`Qi#NO=xBuSPBBOF4V%>EZNRZJYa`NjYQout!b~l2A&sHoE zTJ$y26x7cmqAqD(kY{aIPbkQg6dYR$>B!mEdB1tx^4DG%Orq*cA|)B|4;_8OX*UXt zr#kYhU{FKy&`|O==^}&A&wHl=P6G}C6*Vp&6a+OFMc167A9|dgJbiyWhjjYqa;XI|6Im{TQ^W^D`cq>DcCizN41WiHbYe6Gw`CV46UZn-g_Q zS*~uUZts`2MU6#zvS#{>iAfGq}O1qL$NkGmv6 zB*hY3$Ys`uNwqa+3Qj#;;+hKsOST~MqDC_I7FUgT2<$?niW$KKSZv4w2}4oc1isiA z0D^tv=e8J)tp9LXQ)$!pF?D7<#uMh)?S3?gP%67bJ#P#hkFDVW02}g3Os>OFD;t}k zLamni9d*}coZh%>%tx5;HnoryX)=}4tW2752|q8^stkwnmb9n*e+}_VJrSFwar}$; z|3&=&BL067|G$X;U&Q|};{O-%|BLwlMg0FF{(lkw|4WGfkN9aeJX#9V^1_R4KG3r$ zvlXVK8O)g>jhg@m2>;bLZ@*Paf;;gwosv10(d6=z7z>XiUqpP<0FKL%lsO>3+n5=M z6O<|zv$D$n`{oHjk5$-9Z6EdBCtV6i;5@>yGU!2px*%0PMx$V#iK7i{J}K*?B%JjU z3J=XR7DSaw=f20%3HPnXFV&Y`Nj$2Dx^6!aDBCo%AzR+bBbep_sbjn31hQ;Yox$YM z^a6|ThWGXR9l})S%bpmU|Kt++$aOK|6j#rc{HN4oyUPJA%s*=Ng-|i0P^K_+HGV9( zNCkX5$NX`CZ;Mi4p0y*8<68Fb$miYEqJ&Vi_`8lBMCQrB=kuj8g0=k5i$C53tJ|7_ z-xS*v=+cvtU#4!QwAl3_SDW>Ux3-TTxn|MD;vORV6+O29n9P!;RQ6oG?eF=`Ca#^+ zRH0L*tw%K%(TpG17bY%=zbD=NqILz23Tk=+*RQZAmvIBgw*ePK(n5sg2&+1LGNI-M_JPx$Gx1ET^}3CM+}FydOUPD_ z`DkGYjkqu#^CE3*Y{Y9xnN0MzO0_0-LfSONNoe^INR?whAG?+>@Uq1T01dEa{@s>l!MaM%mzHB2p4INb>91lTo zG-wqJ_AZSJZ}f5Gd7#!YYH9wSboy;G=b?C1F@k~#I^7r5v&qgGjZDNm?MnMoyZbS| zEWQDcxKZ0tW!_N_;x)j`0YS{4ck4^F&Jh8Fm|wUb&N{a6uqhrmlW!<=ze@b2e84=! z&`RA>B|hoSWk|_&Tk}`TF9&VpV6*IC7$3$C zxu1T`((A5(JSOLej3FrOWXiu4T{S9bk=; zCP;&}cY1ZX-=LtBbx{vC;^@ z59b5XuY`TJgtZOkD*_iFT8^W1(6%B4t5~9IAg$sNCc<%#WHJPB5#3=_7%ox8PBe)s zFk8MLwmF+lYHOZkQx@7XRi^b2J?|1%Zl^&n1M?TV@$_{-Pk(WP+* zRe`L}Nj2(tXP71}#^DD-ypPqVz+q2S*elJ1qi|r0zn(w$(7Tc0KC4zF=*HIUd|Nm& z45%8aH(HI)s0xa76OiWsfTORYhxeXOzps^vs`rrhkw=0Izrru~_mR(~8J>Rn7Ve4G zD2BSP&D&1J-M1RaZ^!H4!PNi~FHxyACvDD`F4QE$7E-O7nNN@Tg4vlmSLPNaZfVn<*^pV+%B4@g|Gt>2sQvM%I}4?wDhM)@xW;HNP1{E`!Zi z1Xk5re9K>E^$7f!dqK_2$ZOxehiC1w$R*GJ^F5Tsl&g`UWMbX`K=_nYgb|Bv0hn(E zC_ZA&X0!aJyMeo#p4 z)?%6dq^FhrqwvX21dI;ocbS^6`sn1^4Sz5ev4SB^E~VLJ*HO zl+DsM>ZA%wbrc7>Vtaz|7R~b=ScV_pM34I_h(U&PqOd{w|GY?9*?woN&ujRuaZ2UV z`K)9(%lGIL*DE87%Yv*5NJYqhrw{+2UX2Zu8Fby4?vqzLVASGsQ69yosACWu(`bVU zcNKlv2dS!O3Fwp?2G59V^8L2m9YaO16v;%W#u}7FC(?=Ks;e>ryAQ{-!hxMf&r$|) zw68?kqQ+-kgQM5>hWV%?=~FD$D>IUUiR&i)vXk8=^a~UF4e>3b7|*)&3)B0&gfEVG z2j5AQuJVvfPR-XMXr_013m!`!FpiWrX6G!IsIyi0-YXw8$Jp1-fZm# zqti#QY@=O&eE0VVS{oh(^L{mqhp~vbT>FXwX(cRYvBFu15TRVHW%hp4jAHZSJ(yJt zjfxgVp^NP+l87aO)ExYLB(>aGImZd|^hlj~?(%G$%JTb9uWjr`xl-OU3}oW7>BmzF zIBF&bt3%BkgY+9KbS=h{iqItc@4>|-lMc`EYeBxE+RBSQ!o4_BldmQCwAiE(Er!Qd z#kxF8$i7aXzKoh0hI0o}gPfk3ZjjoMBwwFT-Z$tje6{_DwzqRu>Bbu6+^gV&4G|ml zVCqzEn)E2Fmq{d3DhRm8PHIn6dq(EsXkCL1=B}BSkd+RG5y1S*EvfnOk^nZ z&@Mkip5{{fhg*4Qxg19EOOyOyIDxGVK3<5H&*ZuuaHYaz#VA>~(;$1S;92h0J{6Ay z{k3^_k5t^TY`%fIQ%rN~ruj(Km)b4*Ww+k}RSuDf+_g+0*P2R+)xkxuXK)4s-F$mP z`~qO3K!L_j#r+crHuG_K&%lW#3y*}xXfEJ0Z&d!=ePr0xj6TjTCk3eVT59b%HfPeJ zWz{pPnw+v((e0Ok%@W=}PmU;l`n>MXjU+{pNy+gvnNeVVz>1(dSIfZ3))Px|h`A%DyJiCJEmudx z<@^lk{Pqq<=O<^{ykhQT1W^Bq#D`KLgotfF;1jIxY?TD}D^myVY8A8n5ebFw#)F)4 zjou{jymnhB38>u{P7ke$a<4=YA>7`=KOolD-Ia4AfjR|O)XpGhbX(5~8$@?ushJzb z(Vi#7`1V3rEg!#3jSoSqvdQALKXm(`j2*enwuy+O65B40%Y!pLoR&!*xzp>DF6_jG zHh`r3sg-}+x8eaV@MLf&kRu%r3LaS zmc0||bBvHaRtL`OhGCd1M!qSdzx`ttY5dC;IsC5zJ(%SiROV9pA-d_5lWgBO5F^eH z)wRym=jwyhcF>sV&L4$0tF~Nd63Nm$OuYM?(B)tkWVe>{#0Z=G~) zOf_t~w_fp-=tjgiWxHUlc@Cb2RXL(u2W}qCl@>J6W`^Q*xlIE9K{wcG|JbYN1FvD5u<&6Y@%-J2<0gu#~{?sZI25_lT z{jRJ2K4{7P;eGe4q64``o_{thM_dJK(1fDG3VcxZ_+bK5kAvuCRgI4D1%I9tdeJ=I zww@!D57k}y9k=39?o#74w&J8ohEt6R5aK8S%Nf`uyq2MBKB+lH>?k#>eU~%^u6NYXB(U~b0j$a!w}f06 z6-7lV32OpM!p_lFsFkdvsK>NurYi|_H~HX*+mos#cAB>b)}_QEXOWg}GArhnuz#2) zX2k~}C?{_#iev?3{<$co^-(0-yOw2ZEDSRwUECfJ8tckK@-|i?Zs;9DV?1f8tKRgAdzAvghrBv00=Hky=2xn+t;o5SzsPNgjNP8y zdNwzjNi_<#@>HIQ?nu0-BD2bc zT1&i?a>c6e$uGb^fQarUSzd44HvR~)bFIksWLSI6+Ko}0oqJq^bQtRgJniN8Gbr#d zd0s$l-T0?IKI{S{);&TF;C!w=8=nfX-t;2gK$g+#bK?l)p~nW+zCu>pEEewG!ktC; zG%KzdDdupt{+C3BZbm-4Zu*q_6qNxbS#!WS8+++)4b>D8^X=&U2PZ<(bc@i&DedNI zBUn-TCGA@9Wos>IXBWwaQfZ9eVC`!>!$|U8378uQ@kUjJ(#|%a_mVxQznjf)Wv;)` zM!dyP>2z9@Zz9`;?IB>7CJw&;M`C?Idrp{ce8dLM`HjE#5!@vMbK;du`_HC56Ha=H zU&r^F)0|yZcUnKhMb*R}D07=#mWNLBV((^CB~E`ZhBWw;>jqoG+Zh5(?5W61{5tAfv#mRRJi7hx6 z6D7CBNU@>5`_dasugGvO=A;9mB=8I7yT0{Pqb4;{Jip`>iuU~w6)5liAr>$e>5nRx zeO|iNZMa|H8UYwB9VsOK-MIxmkjbc#wOUuNvq^;{k2a+yjkOVfBxLaS0-YMesDCVL z01HJE9}pvZ{4&aL=Ni%K_6Uwl;EP`<)ed~hn0JiCG6G)FqD4cke+ORIvVjDAq2Me5 z^M;L&i$%UAp*-u=frkb}z#&g7M;x$6O!+8yNDTUys|%YwEARJj%HQ56M{T>>F7xZ~Xa5|MdnfV*HM6oFc}CIDA9{&^o#k*T5nC(G@RRTwC7O z6r>HiukfGiFW0yFatH75-})HV(0}GmK>7o$N>D;2@eoN)q-p=Z0FEbd*x*Sc5OITx zN;43z1f5jNH8pZvspQ+uo#p$kMWw-Y*vNs5at{E89FHm*uq!~4d%y1@YE#%swrTu~ zG_TZ-vd1EpgnsH^8dTK5-z01+#^Rjw^OO zdJ0D|)erS6R^c?ap~lP?3YyaG_Mkp9K)ukj&SjV%BSshYtU{&zXcw}odKNq5Pl9bx zZt;qYRGnQvC{ArT&aluYTMqS?V9fqR(i#b~pTF`_m??rLE zHWJyvgEaP?4PlnDF|wJ%r>QjM?ZGax8gbyjOhk@jkLS)yvy(6FtGef|ZR#BZ#3$8t zwfZCgcaGvx^1m}sR@`AV#PEC5uT~y^EoaX@0hv2ROT|)eY3~Rg?N+53Dxu$W1ovPs#hgcDuR*v;Mrc{dNdpqR-SFZ zX-XBFJJW`=+X#(ckL|vsxrELsCMQx`qHL=gdFvb?TUyH6=1u4%g!B zW&>Lt;D$&c(lgn9KeEPDFG#ZxDT>JZnigEMm7>YU0Os%)z+lf6%ZHTZl}ksi^gg^Y&fothpl17K+%p5vq>w)c?l*PuY2cC#o$P8}%7U&N7 zZ^n=!wo9I4$Lct^=9|_?>O@NEhoDQxOswD0*R2LVBC~aE-E~Q{As1fDBX|9`ie}vy zYV#+rC#jbx_mO95LQ4#eGa)p#Dn26S6M&bZ`0z|Hth_X)AzCV)K$#^|@zvpj3PoPk z40(sOmLeA6{_vf{gQj357b#ro&6UE*<@I)WX=2w5cZ!vjDfOo9AY9zRQFYk1DI5B# zC7J78xgdYsTM!Naau9dwAPLD&yFsEzv9--tqGUT(l9#Cf1S{L|MD;3D+4g_4QUH_X zY)uv4)qV(jZC4i7EXix~5{MDL-LjNZ#j?FC9fq+qqg8qM<4@0gL z!>eZte<0iza%)-t`-UR+S#L^{cG^RJ-n;*PFt|Tc!>?NiTOY->{k(<Q>27h@EV*5Iz`FIn&ognVQ32}nXEE!tQ+?(!~oi2@JHN317Dto;_I(iDC4dnCQWFIzNjmD8zs*#ebinkMcUBQt{-EnMfY=h+|Hx zvx^_^dhc~cn3Ibi@5mLG520umTa~nZKcwUVQ%awmNwN`8F%xWS7K)H-AuXiS&}vj# z$O-Vo>=E=)G92ns4;7-mhTT?S`}#`WdyPrmNpAVPtuwvlr-OOhi;6r_FKWcrZd#Cg zUc4pOtxVgPy|VieE}Muv4^^W)!P=mz0d@aTmm=4n>9)w2d`n)i&+2zCX5_`^mDK;p z)k?nbnN4oCHC`J+xJ`)Nk{MF{^h)*edZ?ai;XR+ggJmNgNh;9w0Worfm8HNO6$jG| z4uC{#i&AX440tfXvH@Gb?J|w9IKfp&c~UU+a+&B|WM8s_7~(*G%%9=Fo0W|Om=V=Y zEo0eKbC#j6g`|&F8ZP@zSh-HlQ?@&oDSb18uGxG>syz-5O)ANYH!l|Cj&FHJ%WOYu zkGPo$eLuCI^4oG>ynaDmiV}LGFRvM+J7&W^F_$Ii;I9_$mGxCkZ(8UsLeTM%e$2Dj zqF!fKKY5|bioMXQv=U{4av0pD8wLoAkG=$Rq!}vD&3X7u4{Hb=`c6HANEd}_bG|8z5=Ti<`WdEPFKQvMEgzebB|Zt{&T5pYAbax8@OwuRN$ zd?#8*mm96IJ!KC40pABX1wR*9vfY>q?>1Bm9I~x41%4!0SiRD|bc? zp<5??Yhm6st@aB(J;RcE58;35Ta;P^qXE+v7rq4iG|%l%KB7CyGrHs%S9^Urzgl#H zCnZe4leYUv^`Y$#fP1_?-U!vTp3nXmf?)6lCfFa9^wi5Km9q~ z8dj_r_8Hq)$wrG|f0|YD%&ZnK>)i*mZ&vT>cdd_CGo7B}2eu~xB;HDtkomsLA50}M zTu3pyFlWgZ*p)G733TQYTOB)5pV$fm#=6l@kS>ws3J}F!GoG1_!I?8r&tG7w;sE#I z^ibcP7qw|8^QSg#gjn~&MSZ2qymGy?o3x~W>A>?-WfQJa+8q9R8~3@K{fng~g=xdUL3HW!$(8Y6hA78D@w9)qCnlNZYks z*k=z8-}=vBdop0qLKIczMpXm$9Xo#HVQG}7F|Mpeh-^j5$dcD(z_lV^^BKdL>EVK9 zjbC1Lfsm~_C9gsEc>Qnx_HPZ0-FE^D^7{9```vm4l_;F~F+v;Bqi z%mkY=!QfM|tSDyZ)r*$#L}3jr+~lT6qn9YP->>l}Fqbou@drj$60-9)IbIO{=AoF- z96;yLfo4@CQ(pwY5HJcI203-=T0#Nd2ezN%(ifE1*tsjJ-1+-0P`)ed6PC6%m<1pf zrT9-=Y@T}|G3}(`(kOl=b5GvN1Y$GenR1POtVt8bF%aODai~4;!1l7=Td%rdZr=^s zQggRNo~iO4UCcJ_JJC@TK_{t=$Z26YA$q`Mw>Hn3b@C9cm!gB%kxW%)aR7*=`^%&> zVGLVZK6uA&al8w1tA|_zaWQ^o$Ljhnx~oQ;3H0-9u{cBVAW9+?EzOSBe|H~cL0f2t z@!!*;Rci&JssseWs7+JQHJlkDHeor3E>!2&WoW8rLt z+lZ6pW_6IVJxI01%dPYCpt^47un3a$A0~rGMtJbSBc*?E1c^o*EZE|X7i=+y3^u=C z09%i*Ysr9HeAS$~5G7bd<><%Ffu%!D?FO0?x|AZT6q0U!G-4-;lb};JcN|EZnoLU+ zfv}IuWayV#=EEmVLGMj(IEN7iT}FW@^RUZkMD_G<=$?4uJ7UDT`r=>)=4vP!rctq) zfEYZ8eHyKJGvy zEMY?tEJ4cA{p;@l2VbN}e2B6gZ-tjQ5_yDgoO5u_@8@%RgbXoGV@$C5HF|wvQZ+Q+ z>UG(W`W|QGjcc0utFOQEaQfCUIJgRS^r zQcT)`;`*G}JLQJ;`DwL-_FgH;Y(sOc=mVkZMrV{(m~+EZDfM9gMs#$^a&p@)3d&dWL~rEHz^f4buye-<9!j50(Dz*;P9)UM zhPbGOQoF_65JXWMXC;jt9@jq z49v_~3qdELSy|4GrR3Q|Sf0P|;fYUV&a&3?4f+X zb$)(3k~+{;dF<1!7N>HAn3JZ6{~u)#f{Iy1Fh&^dI-Sn#oPS?Kl<1&|9RJ;LU?A z_O3-POX$x7H#3&AWM;b~%8wX9MRL3ZI9>wypMAtj0B4()tCe!3I>5ac2so>t^llF< zgR@er^wogA7l=R#cJ3(A$;s*I$%(#AP!qRp?q@$DQf4fNNfoZaP#G*2jc4IiFn zRr^*waJnXIR&T>wgcc%R?nqS<-pI4uvb8_Xsc!ls#DAhoFH+d}$)$J3a_Zb0fDax= z8>f9+@=a21&<59D(p_DW4)UCCD34>^8}WHas6GI@g8eIo>|7Uxfn;Y@Pj~q)3fw!T z!TOidht}?jW(^tD<-p?-uX#igu}3N%aTl0RaX}dnB3-qE`3duMc$&7H)U#zv^Mg*%z;1h= zMeMU5F1j1+2fC;Ux>(_|B!zQi_P`Ry9Lg?)VgNz$07wrnBMa&|p>19WJYdmA0|Q!* z$%hNn;Ce|K@j5Eo^@4a-)AK>uJ%3`?vj7U zPCk!JiGsgqm5YWoE5zx#EgD=B*79QOnF>$S;h{6DAYWkW#++T|;qDnGft6{d2dHz1 zjomhJh-KoEMeWSw1p~i}jCLa#T3~T*RYkj`BVOw#i*2)UJ3>>BP$)wo41ZxDxx2xr zGL(~wl(~cow=>PR_GIHH^|11SKWBi4v&UV1X=*ICrM1|Aw1=MFBV776lEa7Uy!a#Z z(SS)FD`*h*xZq^hp?#wveERp@JS#5>cYG+H8?fg+5yew{Aj}BbXj*bib_vv=O`qR5AbBqQdS@Kp+tlYJks1@%UG=;=eUs}1xmb_{52b!;aq_&DjMRp9K|$< z&`fZHc@n5#A5oW+2I2uFK-ro!Si*_UehOVXsy1sGLY>j=w~Rp==HlAepPkXWcw z4qWw%zx@`C5+EM!wb_#Tw1A~;?Eqh!@104cBt4ohXqgd9BpC@&ee(0gRrjUt0{Hpj z>OX>LW0?^Pd7e}L`N*>I7hu`g8TFU$LpxGze8m(SPqas&gE~5^JV6)GJQA*x;`Y)d zj}QmOse~`}?`Iv*9Sw*t-+j7Hd<1;24vuul{`BNcT5J zMG|xiu@t7-BbIZ7!J*?3V%aj_Cc#F2$Wz3IBBo(`W#M9Pqb=O7~C2i z_-cMmtXZGZ1WUO)t42D`<(5nz4kgt7>~k@ zKlxcd+%wqB$2;ipz8$249v=##8iSfO^`DM?O3ECN9is_Z^b0o*zLk~&3X5!LP8v)L zpTcK*uwfM|*fI^zd7u-%fyn9^o{8R_rvJyI$?E`d(Gj*yMiZ8C*(rwCvo!di3Ru4v z{3`0gLhs9y#O4oIq+U}lwvs{3%p>**=g|~(&8)sLb#5%oG_b*mU1&TtX_shBPT|h> zR@G!izECcG6*6~$)%NrryK!?EG_(s!JFMW{V%v{cvYO9`Q0)!`hTo#t0-&hOMg|7~ zUdl?dTDjY+nr>)8#%Y$C6)l$zd9b89CMpe!?6g6wU*0$oawB5pD!BRe4wXa*TTwpQ zco5a_#2U|LGwDxx{coX{=EWQI2T{K+)N`@ovj#n^n6#){uG$qE$2HJ8;xgCoo{9H` zS_p?-M~ck)=g8h1?ybWn@4DJ`Y?L);1{x@fK&-aRbmiN1LCepQAYN@|Vosg0NU zF~9B+dBJBLx4zyFM_Rg{Ti*{0H0IVHI}l})r)!qk3RmZCv$~`_V;d4})M(f+)&}E2RKQH|PgqF0SxM6`Dz^+%I z{r2Bg5UrT2xcKSa z-<@lepG-QoO49X6w9s{u$6%Vn10nin?B1hXchJxOY;gfSbu-of)a~WS%IMM7y?bLk z04*o-6oe<58kbyjc`WeLiMsSUL9d&v3Zgz8C?p;#t9tmO356g3^#k4z$@v)Ti0M@H zR=$cpQrstxSS^W#=dHoK~GYv*kOY4mpGQ0@(q}R>1qM0<+ z?k;Yn432*M0niiv=WjoJ>lw_aid0YZcRb;J(*+iVJ!ly8$ZX%PdMf&G(OK0LF8TrQT`F$+S z@g>n+3b20&o6xzjlNkV)H}ijeJb!=nQE@uR5CVW#^V~r06ZI9pl7?q}V1UZFo0*#) zpKpn7M#+2=bK0l+aLW6UmOp|MOnX?#mu^;v=nPJ3iTwCzuA9+@qGz~w5G{sY0MpOY z;{9$Mp0yuCCx0EE3UxA*G zZvTX~0W*{KTJ9^>urfLD|90TD?)ru&E+93f7Jz1FPec(r-I2^dc10cm15P zF%|!7StWCM-Rd-D=r%>K9nTOCEvl%cVAs9@=YmyGYkJKSPQJfvb1oI?OgsR_=L zH2FlP-QU&Y%HS8{W48}%mQW}Z>sje=4TELGo&fmd_pFw%RTR>fEhMK(QGTn)C)T(c z1)CIGf(vcF=kiZS=>H`I%kP5kM{NNfSpGq%eUH#F5dHwvzDHszM6m-w?2#G`PHe%4 zpWqTlO~c5EpaJ%EuqZ48FFQdRwEnG;2tBQ^1uVZUE?Bt?qxmv7*n#9GmS9_Xo#nBp zvjIBnk;b`@3znh7@?y(;X>Yonsbvt2JPkoNI7ox-iC{X85Q$tiu2TBB=vn>;uooz`1qJ|Pf^e|FWKjlNTOyrP5 z_{kpe$Q0**@!tCWMXt44O@1O zG-=xfTV)lP=eO;4S@m{k@1lk`@+8<-y$x~kMefBtG(!60j3qTmFMLFc7(QwgQ=4%!mS zK$zHa9U!qU7ojbCbw`>4hmx2I`&En9(a_PTJsP!<1g3Mk1 z#Zi966ti}eiLuMHn5Y;8IT<547aghT+iofkqb=!-j44Y==u7e3j0uvvERJE8#uWW% zPd-Om_S4IfIUa3^V|z^0BV2CC{dpg4*;Bbn;DU5sie!aM>=LyW{QQuKGUM1JZP~LM zQy3;~IV{)Y#769+Sw=EZ_G^})Sf)BGpWh7`Ef@lK4&WwIdl)X%IFMW zEZUNCwIA<&I9}~P&ei^0adjN;^#@yXyw|toc&~qSfgD{RyXAPV-)YwIUjKNnf4tZC zm4n{vEA<>M^`j@>S8}JXShCKujJ0KR$3Bzb)n1g*wj(vzz{j)jaGO(MNhOc=xq49> zIpTyVbCMg0u`XZnawB@-6rH1*WVE6LXz($74%0!?dqgVwoD}zp7@>5CwH(_-ZT-5s zQF7I$BC7@J0MjV_nsKZq|5h4DT3@_MDC2>U+V!@$z2=b+(wVc*- zlCjdqgKSG@@?7;L=vk!v%aLYm-qwcqc!LX?(`IX~&K1QShIOVoI!f$0x1)@3Rn-h< zE5e<2gAS}RE2CuUycZyklnStvEA*sdi)z;Bun|@9IPEj^rt&=JMa(EWk9Np36gx9`!4wKYF= zb0EKypMiZIdrKx1%LWw$^9FtQEn3sE6{v7r=Fb-^+CZJ+{wwrsI& zVsgs=2~T#D$@PcB;87zD?r?cn?5M$~!`jDESksYtgVOTW)}VINW*Gs_;Y-UFS2BVOrrDn~s&F%NyI-~h;6}V|LDZ}-lSM;rxJFBIjUf3jC}3EV+fpe^&$o*;pEf%%kHl9 z3FnNX_XW#7qe~*~0QbBb>4`ps;zaJMdXZ1(7C7SJzaTvPdg1GUmw|@A#>;p*6=AW< zr6ym~Fs*wok#AP)Vb-u&%gKy-0$(Cp@tJJJx3TT`2Rz;}ml`H79^~iZ#Q*gEQXDfe z=x&swGty*d8L3uhsw!Vax2#!78&*d%;GLt46@^08VE5>PR4XIo@mus%2z$ow*EPj#CcGC2q(A zj%FFxP3dBao1s6yy+%KS#AzU_HETd4yJTxjqnVT(aA>z$w?-TSdEyib*cpI3)(SgI zSwKgm%L6MFR;O^BKswadlGvzG3^=mvMK$82z1i2&3o+AMUI-nvuX;Q7gr@-6u#@U?#5r>rI>U?zIB#UF8)RH`A6wUZ%eJ&211+F zwr8?=VA)PvPq6PKAdy~|xu`DTo%kdr2S8R$h`Eg9@ZZMc{IcFKQ7bF3|RC`$D^01iJ40+P;d4B1E)5O@^IhFiI zsOpDFRfma^z|?Tp;bzdfA9(bQ-(GnD!<)L+#uOdS?jRbD26fT=h`xWNC5?P*&b_hk z$92Y#M(#t%_A`fk*ExcZe@0P{6>i?|UVXj>7CuGUx&_`#ty? zsyPmjISetiIle;Vi!4{5FqFPwt*SFV81)AY(5w8!uox*+7Rw<=`b{-nm(IftvdB?M8Cx zJTix~?7|sz9+92gxIl(C93)l-#oT;MJJG)%ff&Cnqe}aDUF&a3)yP zOxn#9^XGpBg~sHEMK0c$XxUH(STK_IAmOnwSw`u(Mdozz?(+VWqIhRs3QwQwqf(}a zR&XJ}$buGnHHdcPlJro<2a1_&A;S!QkHrw%DqqB}^WJrd`S^HC^1?acj?VqvMq1}S z??5PNrv&Iu_pC;2p}=DUy1HF3=eO6wo|hS8xZtN~Ab($}K_UCcS~$3A$hvBLQ{m{_ ze^%dqvP1HB^Mav9Zr8Y+iPa{({EoBL(}Mm^eTsB6v+Pjmx{-+t9gcS7^AT9~-otok zrL5#$fy21BJ~P&jsr7C_vZY!EDA)tk*Perc z?v^cs6hWDbLWQBPyvc48WdxbjzsagZP_i`6<0NCLDtYYvsfY8+~B;(av`heETHIy@k73=Z{E^ zY^$8UU5(404a4qvqz!u;24CO}ZraXn(^WWs5o^3AkgdLu_zAgsNgw=oD_k=EsVzv2 zvZCb;slhIh8JpcXaKnV5pA~H`UGk*V00%Owpl0hXQo~!&mCP5;Pj$rpDmNikOKl&p zE(W#YC2dyi;xuDxM?pSQu^Y|yY*Dbq*&2%`2z9xs>7s2|&ChbOA;lS|%Nee-6>Uh? zv^6=y6`f_Q+=%JMN`AV|zY$y1443%~I?2^`$98wT!L$%M<|iUHLADwcCF4>9|w0 z!a_asw(*lad$og0C`lLyQgxDcTjr!LB$UHi?ohkuu`+6;60{)V$%@pX+Co2+25>Hp zW@1E}J1q0qV7rFw-+G_XD_J>fNWG?|JPqU!`bJ}?g?4n%>t;o0t*AoK8aJ78yh`9) zR=+vS__gJ<3G2K+sl5kkO_htD->W5u96Wh&t?&l?GdbbnFwk@w(kePcdxuV$+3p6^ z`4-k|=c9V)xq*4n{l44N{*$R+(V6Um{~ml^b<#Vu`Of}Nj^s=slglpvzl!AVP*b;X io+>R#eez$&axBMkEXVRJ<^KZ!0RR80Ojud~at;90-EYhQ literal 0 HcmV?d00001 diff --git a/released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.203.tgz b/released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.203.tgz new file mode 100755 index 0000000000000000000000000000000000000000..61abe98a2bef94637f8af12e34a8c25641dd93f4 GIT binary patch literal 113953 zcmYhibx>Ws7x#<1ySux)6fN%VZU>6HAEZEW=iu&8+?_&kcXxO9+voS*ckay}*=w!+ z&1BC`CNs%rh4dF37TAB~iyn;8R7Q=>Tt<;c!JD7kj8luvLY>=IPo1AfSxbvYQQO|m z^oNDFhN`2mjHSH;*m>87D`8s-UAyR8?Kkhkl=C+kxtv-H|GURjGh3SWI?I$I=O3Hh z)$q&6i8}6(#9)e%N#kFi2(aG*Q1@_7%zLh-Y6>ngC|H{^Plhmq+^usLGKhTzA zwiL5_yo^lq_91uYTO?mu|BBz!1n+eZEiLWZm+$RG<<;lK0xzv`_P_XPr8e!C$L;Bw zV~@xSubWFyoo}uh1Jmcl{*1W;>!tRs$xv&5lnafqs03Xfg0&yN{BJe<4Ap=vwESaW z;yrhLI_cDO4AVpjap-}hxIfwqLG{p>CHM0BPRjX+~XvtK5; zJHP-kakWXK!iP$0`h>{5FkqlDTe(xJY>^gJSDQ$ZO`jBO-b%wZnw@(55*)6SG-mH| zLlfc6mi5+nx4_HmO6lgrPTbLZt+N(}HyO;d=V#C7W97x&SI1R1{?ym7SNAt-i{LQ@ z@`i()!u&|H$8$utjsgtTNVeCrla7`-Xk31+s3IFN&H`gTO4)E|F#r=?j_83&>al&?K#987&mS0JWx4YNA};lR&x{D~Wk zO^l*#wJB$H;&5 zXplc!S}1?lW&fp6(}Hzao&xjq-IqLx=oTWF>B(eZpdHaCD0lPjYs>Fbhd=M=J@D<+ zLjUt?gV)%f`@cT84i5RXMozsxPFIL6PXPBlFYmfaSW0#MuQlBLH=>`xR?>o|NrzFxQZwK;_~QC@@ZwY2RAbgI?wz~u zmoESfr}C0{xJS&p+Ik&?EQ~kSz6Sf)q>hc+Qu>hyiaDS)*NRYJ%=UL(8hCPg+1wEz zm5+)i%s3P%eOj57=YGxr;M4`zrn=J;sWTUvMFY>8(S9GDY#yGL7n|XjsHW27J&-|x zT0x?oe6C^S;xWeeA5FJ3?l1Y88mNTO@*!XN zDcAAYrI_53V=pCL3Aw7TJogU8v$T_f4{FsB=l&HSOB`mxDRUkoMNDzg%^}FzQfc#K zBWa>8Goq^JM^~PuURJmDiWQ(?JPDAlty68pOM5r&U!IZS!sk8JJvIlv{}ac8j54d8!d zL?n3o1&mV;J~F?2{i^?1e0k&ku|a$Ema7*)!^ieBy`W7>D_Vuzc()@8$x#cf> z8c4dga+`_Ae-UF2p*pJ<@^kPn0A(G8)Ia7EUg+q*iN~6x2G>8Y*pCP_`VzH)NzHkk zqDXl?!fm*+mEJ%989jyWvl;6BF8T=@90d0zuX zM(2dSelN6YFtQv^2(JZGJJIcYl}JV`+|UWRpL0 z#Q_zsqS0(#_r}#bGl3-d3s=WIdXW8B<#UDG*m6{z7C&dF0!dO58@r*xZA#9*4>WTK z+xvdX=*q3!!h1$q?}M1`J5W@E`9&mb(txklRAVoJNs{2)=~s?=Q9tGj%zhL*SZLF2 z5IEuqpj!4^&xYoY?mblUt1c_PM3wTUQpLz!ms?*TVTa`bKnc{c#)Z(6MI~TamhYdV zA3Fv#d;>K016_5yYK9o@Q-2KKhJRJ^UXa$XOrDb3$wMosa;7XD9~;syxDRwX-y@OB zZmMaCG;W4?Dy_hL8sSJuyYypC+66Qs-u`{BfQ}BYPf>p)=&EQeClc+H-tvFDSlasc z;p7u-{AhfoVy9uj5fGzZF^Q=Zd{W<2>OJ=Z5~$E6iT!zYN1lal_7c8orj(~Pv!`zF z(ai5p0&BZJtpq=h_Sa^xP*ah532I8-Vo+KJZl8w`?#foiU!Unh+ns-9mVSLRMV3x*5^J58 z_?V~S#PpcO@a*8~W!`y0E(=`Jnh~g+?@2}K+(Vil!xkEgNN0i1+(>cdV6{!f0H@T@ z>l-<*T;Vn8q_}=zo`}@oV>P1GveKnCYFV0TTa;rMvPIw=TuI4OK);dxWjlWQ^Xu*K zqqy#E>K>L;5I5bOarDJQD*l6V7tw7sy{}<4;w%5A4c;bIPPxjJNsMe!*8?>bLl#;# z!56WPBNwwyxYa&7U<1k~e2I}q-9F~Z1JE3D0@FH2ZTn45asAJ%O~D3V%V^Asn*^I+ z#AumD;O5JmzFilUlompkgG1fTuv#+{C(~*mWYdSVZ#jufDNQ;om^DYn zC))JKM0epCJEVF$dVA3&(!9VOFR|s5g+D)Q9TTxf7+GBbxgf^hff<;QY=AFncDa{v zAYG_PMO0!cX}dr;@{|hTH>EJ4d@xP?G#o-IgKQMlxQ2R!o@zP$aO%1F>)$b787wmNgU}K0PFBnrUw!o4jf)uMCJ}SkHsPYjrdCiV{tnysz z`vIe2Z~i|i+lGnNQGr?qM3(@6UwCP(1Z0B=P7%?`y3YXP&J$`ScKK2@Q_W_lr9bRJ zfO$_sTPYkjvXjP-nmQy|$&8@}8q;Vh)n5DxUcn!r!$Lj=IP{_HLOwmG1j=YFx3*Cp zxLWp!YazM%RWgWOq+dWfom%lU-LBF6?&@J>8gD?NTq3h+?R`^MOz$r{M33PI6!Vu_|G! z=jAkRJbBjiK1IfEW5T*GKX$7Hm7cvO!36idSQ1$?@az42O4#9W0&N7b$yPP350*4|y_Ypq%B}C~YLL7Z{q|Bov&;g5exO&PN=)K$mpx577 zw(uRf)QigQy=C(R47e!FCJSsYvmNyT$0PFaQLKCR2v5bC>HwyYhiBWU#m{r4DP%(A z8PO)vWRgnRbLuCi6w5?QEf^EgAD9q>|{OE-9(1ldg~+O`x;a?2O5N`J9}j}!jP z%78#rRV)gLmP(2qE_>)V5LOhhS9_W>?a~jvJGS2z@`}tw=ayW9HT^(dMiS>{} znG}&G$V|7BX1)jm@w2HWz)TnN9;mvAXNi2pIZAMeZyEES^RIfw9wA8h79(sKqqcKHR!yQ^pxC+aUCYuNOj1HPEAU;E9 zFk90xgA-XTro7KqtwM=}#DyU~lXm%0^T@m~w_7NtGdQO@py|#@YCc0c@@fu|9ttwE zL!3R@BHf-a-%P~sj#rk`A)~H~?nqP^Lymd}UbMUyw*Iovr=@RD*jwX+@F+cszUUGf z%h-+Kt(0;e3bYWyFHN&1p!AoQK2F6I+8a~Ed~$m2>oXxYry6TZv44YZ8LO@)ayTp` zS$l}~IiKV_txHfRdeHHb7WSAo_svy}yYTXE%!sR(-v0N)v#pc4rFG5!t0!pXs zU>h=?Le3bD*-Gu$786;Wf7mx+ z-g8{CYrDcaf@Yo@cHFBA(o2Fn+y+^SJP zlfT)p0*B3wVp7zW1_#`JtZuOb3;3#?u0jsM%0Lyh4dKF~);BTt&H8L4afP+X-KJb5 z;0dQyqXS)t*yXCe$2r~4jFN0KhX_2VMU6VXB6bL5UYR`q6PGem2xKm$Ja8BUu6dc@ zZ~}(u?FS&-jYlQr_hZ||TYMivz{sxe?AU6*`WK&< zg0}5ZV)`h8PghhTxh|@lOQ6v(n=LiDh36c+nIHYOY8!oOSd9x0RU>n@5+?3OP)NN4 z`f`TF|7dC2-bBmY?l7(89bLB^)xmbi8xT>zU79BU@@Zpu5|{_q3DjB9&N4Ijq90m4 zrYg%cq*ZskIoNCliX3y zo|LsBQ55K$%GZl1YtAlT$vrvEPXs*NFAL2Mg%D(4rv+8)S%lcSa{P3{M?z`n5p_!c zNIf~x#;_!{ohOvI7*=_cE)({%;4=;!@5;3z!x7~AwE+LnYyviJFQ%c0&_M!Yzy zz|47C2(OW-zqq0z4W^{EHVicc{<9e>)_#MDZ_M7lYmxE8SF)-$iexA>&}xiHOB&Nj zsdGBbvSdWeSU0vZ%&$i9skUykD$+Hc=>+uq6(fM$xceLtpq5ZDTw{U`wo2`yKvDY! zwk(Gh(R%nb-P-j@3D)3&;?3&yP1*gAHX$CE+?zJ0H7xPA^zuMhP+4wvx^=|cc44uy zWGhm5Xxl>vqS-@_zXVALN)Y=Y`|}{-+t-6QDdf<{6c>z(W8vp8l0OpuEv!$6N-p|W z0(g+WSo{o|@X*_j5I?SYmI41#b`gSIJhA1s&C*yhBAfWFB|K3Z&v1gBYHwjPf&`dn z!#SUE4BwcmHLC}{LiNAbo3?6kU~3L;fysQ>irERQL!jxOnNyTz@G$9<*`}SayX51C zszmIsMSq+lY&c)k)BnPPhRx?)=F34p751btFTwF0aUAUi{Kw+BBY7WoM5Z*7`Tdrb ziLVs#EfC@g7V*Xa(JyZ^(hHm0?j^_F;OC0%kCJtsllZm#imIv%grkCdiCvhdjtuQx zVXr0;zRN|zE0lv9h%+Q(!s6>6WDdt~M&y@9WoWP6#u2_(ky|w6Uq)?wo~(aApP#;E zb!>@~LI%#@A1a3UtL)n}zhNWiE5tfWseudBu`6=Cjx z0*alFk|nFq_dJ>Bpqb7>h7ZchsY2<{_wI!20E}&Os&_niQR)7;glluEPVXU^XLgK$ z=ulG1one{hZ0qRItE|iaD|q0P?r+Kc-+NS{e+}m(`+dK-h7%3;y=0rMw*=S%=k){^ zYBg0Si>b=3`0436x`Q1uz_72?$iqA#_PWXx`1Gd_1P#uwV;8YDHENqQ?+>pgu6;bk zJ+4DzlsrM``7YzviEzL0mLA1woKl0aQ__$oqd7NtL|4K6{-{^p@g73)jMAi=7bKdm z2f5m##qWueeC5Ahl^gX2+EdO9m_b^c7UFSEBg;aqIG4F?Z*(5tn+o&tO&w1iWWh-{ z@?062X5;Gks#EafCxVYF$Oj7oT9|sTzgZF{cfYa8|3%79fM(%@ZrM}CyqFVh{DeLh zSp`SsM_E`c3Y+enM8>PF>=_VJKOK)SHs>ajB~ zM6pR>e&b+(3S8ESWS6;x-ZIT2!Pux*)8)sN#1*t@0vj;n>6Co(XfLqn)e}&RZUx}@ zTTw8jlBgDQ&lIZHF~wBb@`IVm+4mNj#rljU2`V~)cuBk|DYiNVE4^r%_>mq-7@&;j zl8ZR+!4ad5GE$u#v~420{cd*dUrWd4JdZ?7B{}hKRZLP7u~O}W>(AEQN7z)#V)C7C68us_L3el!)exAgssea)H~E5jUcN( zi^U=6bt^dS7&PG(cit=CkFnB5BrY9~!L;HFw4f10aCHmR(?Ep(hP%_vfzmZgu#yC# zo&-qcbwtcqoYN$X{_Sf8<@2JLcQ1tOF=gj_5_QTVeiBqCGwh%3?R7*&PSS}gc~it; zr+VHl6W!ZJVdwC~j@F@Xm;CRPkG@$_pql678Ih4h(fI+#Qe7y8G10Qa9_1nOstc&1 z!%^oN!S8&u0M0pWb)3j}25OWPYx<4A2+u9GDUfmee*5@Zt9`}F;^-S!0Bbe{9>X6+ z^7j*RH4w{RMCuFtLNqF%d0RMd=KBofn(Mc{f1=At@Q)Z$ss2Uu;p^&@8p2TB9l}d- z-AEs9|F_8rmeZfL?c5!%&7VPQIS7mVnij^_rv|-poA=CQ6-UC8o^Etk5G>VT4pdPa z-c!?pfCNeZWcP~K$z%sXG#ke}85pJ-!<_p#XUP3Tqp8f0DE)pIhxR!ix^7-W4zd;Hb;5xn zXNU2Jk+f%5(5N&~%`$I8RFZ@X^_ga|RlGv>B6e&dj6c%pFc}^3Jhi~Yt13G<^4~M; zYeovDVAhP7@D{6Tm*^f+UJ9nFL+!6J3)=1>X4CJg+a5TCT8#$Ioq=N|w!P)Rek8U0AX zxIwLLDB^1{oGgE4p5Q11F?go3?A#Z&K+q+AsH+iP(jSw~t)LIzxm`BwYP(M{%FG2j zkjuZ}T99OQne>)+GOkju;^i5_B)n(`c9Hme#@WG`^vf_C;tKi4Sm)%{>&ZrP5-uM_FtV8b-&tr=Ms z{%At!-1+p){i>8bGv@Gu&JVW#E%GyDWGi5)>NvstS=j~<7zX)=285b&Y@|{Q2Pq3J zuJdA6pe*ixQ)4W3Ac!pRjL19DC%;76=1#~^T@#9DJ1yJJKd_|oF%8I~mg28t9d}7|tveAd zesou>l2L-1EKzd~PP0%8<~6Ad#P9tmt!M8uJeE$AmCL_+vEOT@kVPHEXJ9hEq)yV1 zt4gqC5P)L$m}uaL8!M~0vQ~GDsBW5OL}h_4a#OT4s51MB_RZm$j#X2YAyaE^DWmlz z{wGjg#lHgV5a-KxA(x5IsqaV8j{e!`VrPxA)t^t4PS%_CF~tLw@iDIzl)~P>C5*FB zb&|Fa8z_5^cXe(#442@kYQ~<3eRuc}Zz@>%Q}8-ToFD-mPpUGvcI)}V0C}I}hfP9i zhW5mPo-7RP8@;Wn5+^+1&>Psh(O%b9;(~3jXJYzp*|t=M=>dCi_=ZeV%ocmus*HZe z{`f}nQ+kcQ^uOt38No4-2UgV(j$jtb6dLp2PG@gxEvq+tB~7k+5FVP`ES}Tm5*A=z zR5eO;-&-{ZWC(DljaioLkv+gc;naSfgsn%TBBu{-O-7}mSln^yo&gA1pN;;|Cm>B~ zL*lX^mD&-U1-@f#;wZZD)+ksUxCOtJ&te(W|9o;=P*sg{YS1W|Bw;r_QmRIly6CtE zJ6uX1ySnRs4ma{q#nrpF#PLl)W`jZLNH=3GE|V`pvk)UKu)RxOK)_XmSJ!I`#%K>C zgEqBINnQ6G(bY24zXH(ini7Xe#}fH~Ikr=++}wYhWr=k3<(?l4t2GxGs!kKjiwXds zaKImsOR@#D?(p)SW%ip{F27k$&{Tja(UCH#NH0<~@KSQ*gW8OBfawmu-E3@)lj`zp z<=uevwjKqtf_r>nq6j&blFuce8A0GA8P59Q;cu)Bx+*UEEwqD%f~R=;@q>!-dd8fY z!9vBB7TAInRaGl|hV4RppQ-K6T&pK9O4{SZs>t-bUw^2zwWZTin1+}ew_!F2IXEBp>1{Us5q-6lCav9eJwE3q$HT#Jhl>nZz!5`C`y%eMj)insWtm2t>H@DktnSC`t1snu%H2XUPKxDEX%MzR)PAdpO! zQWs4Qrq4Mf$jxsFGZ@3M8Y%qPXX$;&?*K!B2`yO_rgS;{LV7ujE{TiU;gy57cT}6M z7@~fM#|AwuZap29D%!bb`d8szVVa!wJ{>Mvatzi7YVhfn;;`&JNLGjbEPtx&CC zi8i!yZ%x4`>A?Ax2Dzy0ov0R@a40?T8nCR`YbRO_`Bb{LR!JJMY6edb>uLf#l^F#7 zB2kMyLS|&~J!}rMAgMb=eA}`PDxd}A*vo9)@NVza5VQyDnU!5r;!2wJ|*T~ zQ7_@6&|vrWM#PXzJ@Id~#8P+=z+@g7SG!OB{_-On2PW!4H=hL%uA8Je2?6tUVcoOJ z`7^^xLG3B$j!4U&3d4Br7++NNB7uTI%a&J7mho5?;%55r8G>A%V)2tGWMFMW!mEW+SyDgXirACJc0Eyc9 zexqe8;NxOkq3+g_-Obs@`*m*OCoh`NR?jcgIlbHrwUQD81>_PVN@|~Sf`T`SN&htl zSke=28*<0KunzC)Piu|FRzQ*M%k=&md<87Pg)cO@IB_?e)-z-&)EG$F4 zn@<1Eena^YZ=<^n7&gA$^NkgH!K9G9;~NJ6V$n`A7vo1B0+5pdTM^98fnw%*Aa#c} zTtWpn4cY zYGuqJAs)dgEAEA#A>ccp2Zn|wZ~ZjTcdai{XzyB(;G>vcUr)AodAZ_rGo)U7(6{q0 z$1viA7rb*A;0Udrw``Lb^W5Jz3(ycns0!l;YZ42RU>+yOiWt(~{0M$c;L~mTU@5Hg z;nMnW};5Hd#&6bgr^42{J!DN*~RoW&9rgS z;GKJuq~FXeus|7+;I6;-tR^n8?clfdyiGrG*8RTt!P;TC#(_(g^L_bzx79Vd`Uk3@ zVOBN6qI8Qx@EJIvLoPsX%g1DB<7^sK|OPdHe|RBpOM5 zTyq`ZktmFvFtO_YNWaR!JJYDi<3kn5P!sJYCD3{oL^CYI-9xxYwDa5?6unCkqL|3ebKEtaAfb@pyWqXD1jR3N6~QA+ zGIah-#hpTNjbUv?w0u!D)w%4bCsd@%j?wfX=Nu|7B#BRw2Zzc-sz>!;52%9ZEZ%(l zwxRsuAG%9u&fHpvV^GBp^`S@2ch^ygQx#;2kjiM%L@kURJSDC@O{A+eVZmkwILyLu zUQ!6b-B8*~h02?-dIqsSKN-}87=SC92ZCLq@%AR!D8q7npt8Sxjmh$$AAW4bTimf* zfJ?dd%e#}Y_crR;J6RCaXb+B6!w}ap^-k)aI-xh^W+YEHCYvFW@#WXIzmQF#lBA_5xHQwPC!%K<&>}qrnG}b^f7O0JcwK4WjA;|%c zfrQbh;EI8X#?Jt-8(;gaU3k`f?OUrZU*}+>LouJM5}ez^gQRN}6ca%h_YM(9CMAz9 zbkfNs-Ew=|3OskLjnWjfHb%hmZZxi8pjGA}8sFVbru^lPDpIdion;p?rBCKM00YGvFqF_P5n|TC8`6$R1g^^J4Pb z-`?$-byXzr?M*Gp@!kE!cK0|aW8p+xP z;)?C^whB`<+mMY`eSSE%r=ezYhLlsJ`(kC_#SlC;la%rhP=r|%wR3w&GCNM(=?^AJ z75)kj{2HnWzI3%4=sC_>8?zc+{H8OL*I%nm%eVF4^4`b8jsEL|^=QLvN2KoExrr9K zk6u{EJ_g{fBSws2k#xr`I{|IfqM(pZUW+8Tc|R7P+snZxy&0XrYra2$=Z)!Q9o>mf z={WQ^Q>pR)2IstNqdV)8UKgHA|HU6Ur8m!`IixrJNJN_0Z-<2c*YIEPpImjUOm;&6QYa3@-L|8ZW)?QFG-#D%e2RwUzhoL~LKrfRNDwP|f*INciB8GJmXf)ZErRwz_MWmDi_1gGB z!b=9cO=#_Tw+__IeKpF4cZMcex!lkXop}fTVhe}J)=@%UROvkI>&wda+G4tqYKxKd zaxkjM=-RSK^$IO@=De!C2;M5gB=OGr`M*0WpMn)04m1jVt*iX;X@93PiY;+b%Db>& zX8k+8jsh#qxiZw2(*1`E+{c^mpz>MzkeJym>6Z8yh;)v-hw}#XgTu7o&SA+T5g`T+ zv#b{>GaXL(b+twJMA==wl1RQ6NQI~68_oaK3Z=FywUFl~-k10u!7hXLg~mgSC%ER{ zBVB6*v0xU-a7dV6?(TAJCj`R?ZPc)44D6%qcHOw-!y3YuZN+N=Zeib6`K zlnj?|hv}Bm;ST~9*>%vvk&Z$t`UMpMmyas)!5J?7O2+;_LabCdn9D>K_rmAM#o$YA zQO_ZL_P#luMyR?yd>-z84aP+=#YncnqU`rc%Os6}DHyFC=b)$Mc=|BB2-aYD zx7Nxp#*WvL=Vg^zgx4UchyLgg+cfsqZUATdI*rRH;2YzSkv9Wmq3?;~tXEd&wHKvE z$~(BkKu=n12Mu3~O`LAonsQ($FTBxFM>8^}ohFdwXxGcDGM zF>L77RdWe_qJVk$ zv=AU70yXL3)_Y9JJ(bW*y>h}RrV4-*&aXL^nSjZKCrug6eUH!LQ~1sKyq$VzN=pG~ zE-^A~1M0g5pEs0mIRzG_x3GO<%Oyl0U_dKhh`J`oRU#dO5H4zcWcws-$LjdIqPo6D z5p_+XY=PA=@g`Z8?2oYWc#FYl>}Lhg?H7_*bVFoEx@(iTKI=W&5sM^dw>6T2I}pQi zEl6T8@+v|yj0|2DULL}C`8T%z(?sF;)9<;oEL)D)^)tlOStvphiw@l-DkLpMMsu@> z;Ip0jVyb>OPaJA?nRi!yT6|TSU7X$5I*w{61qtseBGXW10n_?W4{|+jExLoESnWZK z4=?9%rD;Urp0sUqT@wO~HEdp^bcZ&douC1ZAQ5!jLp&uk#23Fj{b<8{El-2!x`*-L znG(fga2J#qOd2;*eps?c%vUg%SSwjkISLr3B2v`R1Q10~$?D@NvhAVd4i;myjg6q( z;xXK<{_^&~4degvnecE|(6Db0i9{qLGlj^A{w07a2001FaRlMJ{>?mLHw2;*S!P)p zG|2f^ny20hfqD1>^-L)Ebh(+&i3d536JJw|eVr>@|7~2;JsPqNE4P+_No(L>K^#J~ z8EryHDUt&Eg*J40+?Yay7}0JMoY#&!cI*Vb*7Z1E%mK_~OD&5Kuaif0sT^LI7gbWm z1{Y1e$hZ7e)Z*1WrA!A;E_`zzzh0)D!zCL?q*l~;@L5p^r4s>MBJr0AMuE-CJYQKLG?{Jl> zg)7bm8FT#faAVDiGy5+WY6>HVcO6?@Htlv$Ku{on~>gAq0)7 za%_$~>UPP&9$A$`nh%RFdC)?NtKRtDB95wAaQ0l6b@Z%R-BdA9=9xo~mi%9a2-S1x);qeTQBl zhyKIV#TetD?c^UASMEviD2kiGWvMP+>YSO^w{3EmvQd zwj$k}taK2d=-j3gbv9CEE2kodi@3YK>k33*a#F%-RYkJPM`XRjgfu2Q_u0@wcf#B& zEJiqRYvZU#>8IPXhe!AKLBJpGPJ$Z`Ms$mlie-~?s)t}Cx1wW)rt)F{&P`}AR9gd1 z;1q0OAdOh>m1vQAak&%zzOt0ZMm}Kk?c~V@kQ`S-@|4^=3Y*J)rO%3%+;{K}Cx2#J zE1Zz3zy7n>i%E0Xivyq6hyJqz6;2$5{wXKv{#8c_RlNW7|37Kq8UFvsoKR&7f?@S2Vsj$qhO7vLMQ`o8v~S)fiyXO z|9EPUo()+_K2Z!i{>2}@(rGOltzIu}uT53<$1%~_)(ioxaf-XCKN_9ZT?M-SHVZA> zODz3HqOBPTjxj80K_PAmsAA}0!`*Jx1$6||2HZ~vfukuwrC}Ucme{Bw@2s&yuz#cB zs1(QJ!--)3Bcaf

      vYjtLwPU{Z|@O#%2n!iJe7z&#OS3A=v_}CNMpF1U^ia2E4Qz zXrQW7+4#$new`pJacD*d)f`r)ywS7q-kaw48L=79S~YgFU>Ny&`eW%3nXpb!GHoT@ z!cPRXXv3VTq6O=svc!XVgf~X!)({(OM9JR2dUH&&5jgoblkl7a7w*Ye==_%3ss7)K z2IXB2xUZiFX@1|#m%)ht{T5ykSZ-+cT_k)u9bt6BpaQSgS1e_*yo{^O&17jErS(4K zhrrGz|1`JE#Fnldk+v)F5SR$9rxMP27JNH{yB}dfsUlx4r9PQu{-@eB{L>6KUvdOv zJ+oolOAgI2kJ_sv)VVCs_4aBj|3!K$!lX>YV5dr4U3yvV3Y-mYOZRWR)obwp)4V3T zeBi^vMyG!P?s}($AnWm>lVpPeF$0pvpAG&`#x>s?h_4cLr8&LnpfX1 zjyul_v14DwKS8Cln<&*zLz796QQgqzNA44Zo2`5s_pLEM>*ao=ylEhCNNnvfW$x`? zruH1jzvN^i?qEae-A(>J9IH&+Xwql4@GC!PEzn>wE3RWeHQ`m~+gqRxa$wCQ;PD1) z2L{oOqs_QJnChv!xw6#DrW$Aa-T6wq>UBJS!1H|_46@-);C~S59rBGeQp`}a})seE`1I7s@5tv$NNEYIa|s8(@7;^*qt{f3jOv9@o388Xv(AE@4C; zv+ug1;Ne&!b;!BdM=5@cW7D1D=mS_v_z<+4U_(QJd$A-Q)e*OVTz|Z*xfozg+t`D{ zi$7U`gA*f?Eh`B;vu(5>seFa4*X6uowtz#ww?yLN$Lsw({oQ5fa5yxb9-Q=YEFu*0 zN)oJ_KXX!!UmL9|78-i!bP9QXoQX82B8@BVK2SK!T-XDt+(o;o4YAq%{qc|;3T5P( z-TFDI^bwPZ9&LkH*i1PRqCgPe)WYNz-F7TC7Q{!aXg2 z(nd*}26!=q8Yz56%&GV~TR@fm@8jc#nZl`Z-J)%1qsQdfRlT#vpLEpHy<`}nT+f27 zF+fCSCa9&Ak(cMHjK%z^C^8zpXOZJS(r}1I_4B7kDdhVbi=nLikmSSrWYGOu6LV4M zOGJkY=L;jlmPsx8$TwWlEQ~z1lS75p`v~@uQ>WRQtEaE{^P1Q}xs4ps1#&y&_Yjf< z%!oYo7)B@zkeF$UH4hyxg_F(vgW)zEZaZw;E46~L-j%=BUGMuly{X7?9u5jymRR22 z^WhFvn^OZmRZOPye~A#?!x3NT55u|

      %_Z8W%6@uu5MGjuZ0I<#ow3)vcI0>vq{Ufi z5|(C++F@&Fy6h|fE862vYF3DE8&C@SU!P_hz6WpIT>Lt7d@Ed*{n&!fTDs zqU-v(OBQWCh{>bHWlHPgk{<`ie)<3nqVqyEd`36OkdlBY7WedBV}4aeHMx5dwSd-d zp3z(KZnfNUuxVEX^&N~}{utrpxBpJf2@~P!E1w$?xi~V*VjD*FW?B)*Oz`qrL+G0L zig~qg_)dDoh(TJ(x+OQd^K{@n(tr)0n#Dubzlo;@ZhS`6>^p}Wn=@({?1rga)Wa~F zxbEhU^zQ|wW=re`_EDuBQMKRE0l53y@ROSZCp{i~E?Kf$?wtlTddR2P-*v5#e>9(;QtQ+8fr$rk`s{f#6#i=(1~kkhX$ zmPPNXecL;$`p+7kdw9)*RcI$sjH+ObgZ>BvI zjq_xiGQjh*u06`0`5a%slF)p3b3-um8V-IvKFLa#$m-$`=ocg9a`KXsh~%Irqs+?w z+;F(+>CRdEtV@g4LtMSNeBLGh8W^qoZ#O;eXItbP$IV!}MliH6Bpa-4Mu8Wt4n4LOIA6@9B4gdjCh=zocM!)5Ln{K2JDCo$uCC0{&dy z@Q)avc;Y}!BvGO2_YbLrnWCC#2M@x-lB3gG8w1l@r7YgQ_|HF?mnY7sGPL&20XVh#UNcd@3G&{_K2I-*Szv(fMW`_xxg}((af2V>uZd z$y@siyEzR`*A@XwsdA+Sh|L zOvw?zy(Q#2Qno%EvLuf<#36UTUqvLDJku;v!4-~XxraJk-wzD$Jhfog80Q5QM!!nZ zMTWuTHr{tHkXcx1OreWC2v5O5>l{m;!U3!Qt3MSjclVUJ;sEzA#YOiM5a+-Mnzzab zMm>Fv_Oi3a7VbZIUfHf8cEDKw^1Ed-BB(kka+1}t_RHttbN9CSiOz@Yk!U)-@HqHf zH1Fg4%+b?5>GWseu{Gi*B!NGc@NZ#Qu1`9j?MtHRt!Gs#dtzs#ExnYQvHg~8l+`l~ zfmZpmtZGpcRou*OHC#ZS8}DEbe8oKHP#d{72y64B~Py3noNaSXc}!gEl8)d6_g2!vz~aa zYE^}PI@=|? z<#ml%9nNqasAZmOVs`x%xoYv=mB(36`2FSljTvJ3EdS`M%nFPKtx!%}-dJ!fv1*iH zl1uDyPU*~@O;q`GD^L2j{X3Y!ET6`!*cgzCb4a}ab!YH>Zu6p4wqL&FoRmz`tNGt0 z6$7at?pj=-u2xXvC$+B&#?QLGS0WUeFVrT~zj!d(RKwS~TW2wdUa@PaDeicpAj{H&Mo_d*ZS_NV$v`ZkMO;TTo%^pjt6c|*(pkoJ@IF!z*)wR!1Hkb?RX_o7)9 zvQkXPJ!20Gm%Ryq`5wka{LC7SQ|1IDx2f*ZZJy6tt!Kvb)aRwN7sZzOQwS@*Lu=;r zAJ%?&pGNecMBZ8j46B_c>DKi?UdanRxv2AF-En-@4bZVIE@{D5J`EyKRKmOcq-o5J zE52*h-()K8zQh3@@mTOjO&>v3jo>R1R|(Fl56%b`l04|o7AlO#X%Z1TlVJJQ94{Ca(b$7nz#SJub!dTSl~uN z=oJ8zku^)k%3{+1dWd@(_#0*0O6_guu*W}4Vq%gtvB8Dd80+#_;^K<;;WbVw7-uCC z%MAI(4R!=c|5~}fqY{|K47|W_%&)Z9ucZzRTd;(Dqj#qh-3Z+LP!YDH0K*{ztGsXAkhZD37DD@VEAPC@7_P5f~Lm zc_m+}j)g7s4yYuTIQcnNNTf0>%Yx#prtcs*XfJQ1m8Pk6G1tGKm_=U()dkW)`y}=MN3F5%dm@=3y$(czfI56*GEp`;Ng4p?l_4Dd z0o5i7E~q)sfL1?+O_(kSea60Me%8hyJA+J{yV+jf0&$0GhoZ?cr^)Wh?5MH<{JkR$ zkXN&5tFj@%a~dcH7_88p2S3B*iRi4+(or44s;DI4MZoVzjjN6%xMT=@ykMGlrEGph z5iaRac^6l;Ps`8d9(E^)`i;nan`+jM{6`10`Vp}!h$7Yd4$C-~3O>927}*I=Fi}g6S~0KaXf)5)L)a7bFD}F3Vj*4ZZ}XD_t;B;hHYgDEpg`oQerlg7s5a z0s~PoEQe>yo$Cj^eZ_QvQeF$7|_?s|AxONLv7AlNr_w#C7;A_CV;A*jH$1qpv zMx+;H*U7jseF`H6s5aHkh-Nm>lJKL{ni$h+uMQ!Ss$ReBAd*>bcFo_+k{*+2XgiG` zo`$)x4#TC=Ur%cBkw%;&rcz1id}8`!L`Jj>?Bq0)ICjkRDEK!`UYNlLqscuqs2VF6 z*FckzjFAgFEP+xCY#q=kU4CX!PCB@C<^Zo4Gqh5~1u&e9oc!R4d9a-Q>O-eZANJJOS36{zn00_Tg8s%{ydZBatH*#6y=)(+O`U! zD;#veO^Rn=9yzpNhvwk{>D)PWL>55vR90Sj(-<8= zwx??WplV_!v)TJhrtW&zJ6P^TVjA8ube26@(l%-wG7!Ij1yCa1*JjRCqs?+ieHvWkA7q4%+c)J^zLm}-63JO@P|6-Agi zg)0~;fvRf)KBWw*&?0@|W(cyL9Lq2;_Mj_)Y!QkR-Xmd2R- zWL=c2_g;7ndr9*eQN8k68SJZrc-BVeyv!uCRd|uB0mXdcY^k>yV58Ep0CfUTWN)h)_chI^O(75tIw!*Hss;=aeDYBgBw z3E8{+l=W3r9!C4h1E`Npo^KZN{i?#PAkU8A=mEYnC|si`v&_%nyRZ(x++oko{0l$u4L?1Z#z+R+ zKQI!kctWW1%w(O);E2HI&*#ZR3-(=vy0$E*?k0e)+lnC(rC*bUf!RLc)>-S+LMju6 zE>VuuGF*o_+u7fDpI3jfjO?&p|9{kzxhZ@$0%~9CgyjyvM>)cJV93yux?M76qv!1D3G9Zm!i4g`4MoJ&lKT>$}&=Tb&A@9m0Q}nP#+da)!b0hM)GYC zn8{#y$1G|9Snn_~g8P8$ zxvh8rRV$|2z7(9}G}zAtNQYT-HU!7YayQvxRx`efSs0g9u7xsriReh3q~aNJUaeJ` z1tBD8FEJokf76c&vv7O>aX$Cht4e3J|1mjtl_;>}+SH~{2!)$PjYXQ$rWVVM3f%8{ zdzDqVNHNQ=`%$8Hi#^Z3=yXhdwxsCX4{bBG^g#il+Py!3g=mA+;KR@2){cB)|8u0F zB5WBV&wYC;gSSGvf@kw8qe4F;J#^?X<-xYjK1cn#bv?m7@m7kuH&=BOM3BDvOZM{)*rZIi&uDcp`fon$&&c%CD1^FPxP}?T5Cy0Xi z4^6SgB5*9-w1q;L-G6?wNAeOwOu$BHZB#%s%^5#MJA5ikP85`;2g zwo=g%GR-ARevqIpOt~hjvJ}m()8M$WK-DJpRJK)hh9-oL{9AK;vi?d*^&2hy^h~yJPuW7t?ZgB$E1M(tkd8jugmg{TU;Xe@Zhi)fM@b?dI>CrW+pq@+tbk z$*GKqR@f-8)XqCbvwKy&f>a>S0kMOieg;m{Oc!xetWTMh6*+e~=xsj|F+_8O0~7Le zmc~^5h)qiMMd`5jc|?Qg#G$?r8L*LASKWFAYIJ^lZa@kx4$=f}Bo$h@1#YB=t z^EZLP@AZia$BY3;YiyinLZxQ7c#=MG)WWzoS4gbHj#uF2rR6^j9SESWmsI6-6ek9YSlfny%oy!^jb3w2pKcoIF~UmDeG(Ce zlai#K#Np+s-2Ef1EjQu)RF?LHQ5rx{FIMrBY^&6kQgg$=fA#sJRU5 zp)gdnntnP=0L&xz(S^rLX>B1@#56YG09;*KQ9+=6<;Wn{JGHS~WTEujGlFqu3IcKL zJ~Q=GEGOq5l!cUzTtA9WAa<6s_G|uej9EbG__0*g@oySkKH&Ir3iV2F0lOyFO0Y5l zeA=0PWt3BG1kzzJAR^bsw~rI{OpgV{Wi*uYh-zcR3QUi%cJR~0E&a;kjE1LB-lQ^b zzQOpzYlAwIZJK#iXr7@?X!(#kOkl;F0%7$wy#)J%Zo>J3v4MqwBz`>BtKr=r#|p<@ zt7lTv%ot+VPoPp3{xER$Ta{LbU=_tl3=D(4Pxfnyhz9Lk5%K86-))%*k>p4Y&<0!dI!m;Qko3*>_ zdkrx7b3&n={*Z+RdGpTF3|GrnaM2F0dLH+hFOWV0aD)s)BDKe40>ghm`T%fSl{lwCK20FP~k;JScgJ+IKkrO z56a-eM@JAAkn*=?iDC3cavV-QrqcF-M>9?{R%;Y>FEL1Y-~x2;2++_YWLBo5KEoPf zI7@tu*L1NjaS&M{N_VVHS1;XI^^IKt0PtgECroPN21^oVRVgqdSEWN{!$69*A7i|> z*f*iW>@sOUccS*7#$ISy0s5Rgs7qmVhPf{1(^Wrf?t;BxFC*qH?+&jQ8H%sxPboo8;AcH_O zVmL*aXJ#k4*cKvm`$B)nTW|xYgnIKT_F5mA<@QpG)~@ zD!`4>8oVgf+p^69k9L$w9dG5Ia3~~a`sq7$3OsZl#4AFY%GgV?g}t;(h=&v}h;bdu z=vz6fzQ`Q-2)oHBsByCp9H_`wxBTS6=#=nvbo3-sqq8v}O|d(!=r1$NJoPrB>TGy7 zu|OLgX)3Hq!{#U_z_LeWRN;`G_DGe%S8vW#Wh1FfGQ=wFHx;*PQx82EFEf*n7e#pGmVs zhN7Pb@#Wu@TmPTYo~OwFyJ+V`P^ye6=|h#H zy^=)(k;ShO45^suPbo}cV56u2aUmeR^Y{0M2GLoc)%atv;NuYXfc16*@i2u3Q8N|d z;y&A0D>DNq!1_tLronJ%0%s|ZhKDSKP$&N6Yo4|iSYT5Bm}T*ZnLsHmS0koQgRZ|* zfVP06^b`ODnZH!nf7Z$1+beWGbbO>V6@ow5(1WS_1jReHmCjPTm29_|#s!eXjVD3t z=qVKr+zJFJl8jI*e3R3Mf&JtO|CICus>v%=)`#kmZKDJw4$Lb<>VONC*SR#`xsg_% zU>P#5mZ3JX`r&P*Ka`AOajE&o6I2qyr2K(na#&2)$`h3PB0&Aw#kj8t z#L9aU_!H~gBWd1wB?PPqC^SiR{@OL(I-c<#yNV5al`QN+RN0MA#sEcjfSw=Pk74Yz zGi^OLhlMmqTE=}SLDTYX9FnIT9Ni{%?u)!alfY{;C^GNP5qq0cWMDG50dxdYgpeD^IEDf1Y*!^Zf$?F;IAo=NHnLWu69uFJVVfi z6HRnHR&{%^T#}hqd8i&AM)EHtg_<;PyCGnuUB$4@xI2a@eu$-3nx*YF)f4c*=+uS- z`2%pHjXkVJYfW*qeA;l(LYXr+{{zYMYWVjr8Wi4|497e5S_`c7NAOx*?kjBLAJF&4 zV8kEsDj}Cu-6mEiBlF4LF>hzQYyqE`-pbk2$Hhps;Zl4-K_~VnK-Wi^U<>jB=)Cs5 zxr5}n9lw%oq#G(gyB#902XvqiW%ZE@RB9T5kq#))e&ZcNz5Gtzw#pR*5_p|J0#{OlW3hq$XrDTs#f z&8oBL<=d^@ZLZekzoI*oT^Cy(PgsvK$;+8ydN>d9dd2xCqZ!|xL8Yzm9RA%pf-SQ} zp^hyWx0pj)YWCD8bhR%XIj*P)vHJ3;1!TT1~Iol)nNOV~G!5CwxTud}s+ z-s{)rA!nPv6G)v2?>!5W8{Hv};{Edzyi=j_#k^&;3`VGg`+rO_(VQ|judX8xJC;mx zk7#ub$Bnb%oE=z%Qn1Tc(P5CTOK4fV%{cjVr2(qH2jZn9phIuyFl3~QrO1NYZL=cj zdf0Hw@Pl9HIjixF^H|Ude%MCA&U0L4a|3>VFz*eO3zM(G|?x8I8KQm!zRGiZC19!aiUScFxmVC3HdM+(_{hXY6^*S7_k%s@qRE zHz|`g)XT@zsBGe4u*10O>uB$=(ZngQt-P$Qi&fGr2S%i`Ddgw8m0td+{i-iVhC%Pz zS3wl~<5>jMC(97kt;;`k?a8ev)8D-$2Eh&qAOeBV-^>!nyq`Bg($3lrfX+J;;3{{c#}3)h`Fh1$B?v|1XHLhXI3{sy(AMSxS3P&p z#chmFxJ_0*r6WNXlNGxc?G&or$f2*48qY`X_AjW1_Pp$W3C?R;%)OmqXo!j-SP9`bJ zxw(oOSyeG4CCoybU=(8wQ}t6F1X51uuPZ*e;-7E5pO*;jZ>4XhpOf>W9asJCQHx{+ zw2HHDwvtL^eG$4}ImzqW4U8_OBgv>gZ=gbcNyW|*;kG|-V;$kBBGs;7x^Oj$DMcu9 z1T9?8!$xvE^|&?Al5wxRtF6c?Ud>LrIo*^L9xG}6xvu=}sq?W(|74-dRQdo@+2jxV z9GVg|XOcLjj}1n|L+9oeM{94S1K@Xw1KK~sVEY0HF(f9YN1hd}@F#+Gz={|LiYO+i zFPWS;VH49V--vBy2}A+cHl2@Zwi|Ttwud$~K1>)TOAZNWsrp_>0d-d}f+pAXObWAl z#*#eN{^jVtV=*rHy>;dw-mAb~>)FT4%%hgMkN%q_Em z^D}{ls0-Dqe3Ti*FnoB7NFrF&eo079aLudv3B>G^DffwTpd1)iah@%D&T$GDcuCan z{kYXqE=4-fvc^%P^Lg@dLhm+$@_Yw61+jh>sj3=?flD% z80)a)rrgk%GiTPhOS|C;jz~vSv>mdG-5Pe+jB+?Y;5xNE(C9X%uqXmV)OuswPjuifKf zT@3%a_TcjfZ$FZJecw4k!n;+`?D!&YWbOs97~vpPh112aGpm<|HWDo6b};y&wo# z;bAs+$_nXp*pNAh*%%eJt_PZ*?Y4oddJL?}E-A|bl-mkB9SO(>;5`8_wa3m4p7q7LM+*H~ z=gZw?1Y`SazCRD`f*uVQFi|QB`_W?0zqx~9TXPJPRMrRW%D)i|At(5CIl>Wu_{_V> zlo^O*I}g7WyhkB-!>enJ)$W}Bn+^HJpuomeSkDAI zeAA^JL?mwa?OcAc=*VRo)UHLqL?SZGHuagJGlOTRJ>l*5UEBt7bZN)rY;-Tok17B~ z*9T`Ue^;^~S~v(R%~Z)8hv-rE5912tz?U8vuxV?*h$5)fIEx|M8PEt5T#=g)1jvYbcry|6m%(LPA96t!5E zX_K&j`oOKAmN0^`gFw=@1;$}0HsTLi;nk?W@t#&Z8is22VX7Yj9qQBwYtr*8bg!_a zh?=of&SOeKV)FL$k`4Das5fQvOY4R;aIR#2|5( z%WWbyi=ysi>fhd*b5HAH|G=nx9|OQnVeMQu;t=l45d*$ZZ)748@pmS_)AClC)}VcA z7io1c3L0Cs%we;tV!w?^9HnyMLZQmD5gFpMm3yT@-59fa#W1u}nMjeqRmCydGAfkIcg?3ZglP2dy_ahwz z6pE9>CY`^InZn`a^VdmhXc|nJtV*gMb{XHeD-Clmkw$wgtK1yGz@oK5x1ckV`lQ#U zoSlEDLy>k4RLIU=ww{eW(cybg3sON@sSD@B&h&ch<$QYxkx9$M?|ooE6AMVpqEd;omw`MuW6x(8@r- zEHF8fQd+-qagCr$2GM%kAB)zl1skD-R)wJ8q#t_K*mA*C(cGm9blSu4iUufqdx|St zFDZy(AizGB?SROp-{e~5<~2+rh_zo$j%HPsu6{FPWgQ3Wh?uoD8u$L;YDi0^%6*4i|YCx zmZp?sXnB|YrYdUmK#iJ}>-aJ^NDO`Z55Qc-gi(+!q$<6J?r&jRi#Fc=D2WbpeXcGJ zjXjnl!eSB!q@eeAw!VQpNwm7IXnTP!gtDm;8YMlQ)K&wjGg8a-BeG{G_Ukkx8g!K) ziAdlI$PS(Cd^D+2lyzXiHC2ZvVY{)jrJythW41@ZL2IK5+AYQw zuX8{Q9e-Zpf9)krbh5BPnkmcDibooDMj!GGk!Oib7iZgy>%4c=Mx07AfIEF?p6jY2 zECu(ZcC0y9kDZ)B3uVAG8N%#1HR;<45tv<^XqdfepKnD|WV}T6LE*2(rXPp7&(S>z zVs91?3T_HWa|$$xCF|b2_pl;I_0O<7Nf+xGE9=lKi7)GE2kX#xyBxJsCrHNwtU2Q0 zk)AT1=eNu`SFOUKRe}8kp*3OVs_-sR89**kQ%oh)MbxX$yvcNe<5wO@CR~+2$Il~I ziINS8@$7LHR7GFTJ{R9D*<5*b6LJV)H(rmsjLA zc~Z1>Y9Tp&bE}z0Fv#xXsa}sHW-Um&!5M9?@RYtFE4iYe1nLHDaILUPn?oe4Y@GIP z6+k&hw~MQ$M$Wt<8z|iKO?8McjK%y9^P7k|lq$ejfJOa5wUXa(oyBf9OUP-0EY!)8 zdc&zL{2d8_5EQOTWRwdYzH7@UNTi~Cpj9$COazMv`TudLpya+K7VOW&%R>X<|3h~&c_zpEWY2|?_L zY7sX~;^2O%?6vC5~seby}B+tw}p0rPZ+8(?*2JWm-6UB0qa%*~Lm1XYisho;{XcGW{S zOGm-V-Ojae__2pH5Zhf@PJE?wRkc7Z@W`xWm_dL7R9m@_kMt(j(szN#7FTA*xCe^j zMj@M-f;PbWZB1;98&YB@&^ynN9G2r~@H}ZJ1DP70-Os&^cC&_2e^(Nd!@KE`)9C9BYJQ7OdA zAFWczafkYR>S1`mO=&@hEYaj9I6oT)iIrti%i~omb~ZVYU@=E>6C!qE&uv3H z9g)svJf(k|qLK;hy4WTFV75N9Q83WCUVeX)CQ5Svt+$hxLOCFck(IM%k-@kZV&PgI z*((;1pF&TLNtW1}1kQcblc`kIhpqI~-feO)fpR-jeKlPybBqOoQufBH-QN`Eue1-l zRqJFhvGbwPee~Be_AwB)s<2%-tsAAlk-2%|r*4QQLaqxxP`O#Sf13S4U4a+&HiZGw zd-!iP(R3_7DOW}X(z;Kn{1gAlUi+3>2O`z0#|nRm6{I0|?#Kuw6P1LZ>i~6W96o8YWg6Q01 zZFHFUSNB>g{s4hZO8x!jkDpK3TXE9vq8)T~*SKP2zOZcjW2NYP&5x(IiyDG!y%iT# zxyiaL16iFUk)yN2VHoLq;@h4)_||!yV1x8=&XBdVg7sdc=TC7Juv&XkAGGxnmpzWE zcVBl(n`1mM6=vdnlS#0HsO1c^$zF>?&kwyaDFitp#HF~AE15uDW` zQUgtmER&nsYJbRI5d-GBAWw!vm50CGg3PEi?sSag5R-dQ{5p3M2y zf0uYZ+brn%xu&ZE2;gEUet~@=9$3|NYK^Q5GUj$lg&7)U)V=Fp8OBei z2usjrEQ91rH2jkS0V_N_ib&O7jZHNTo2Q-GEKGI^3LwNhBOzHwxHhb&K9oK!q~n37 zCqyMrUsj;57=eMwVGx0&x{}96-+z&9o77mj$S?xol^*upQp}=_a>Qn49HZ1ICe-QT zhH8xEqxzSz8~!wZUcI1(Lt_M62qxEOE6Jv|NVrOzWtS%jwDIX1R`qhyM(9WM*t~$W zuad_YCuLhBVPo-*coH?9>F$^YV7VilOJqaBO*#JfU8;YVJ7W>7Dk(XwEXS^LH5T|- zlkSQ@@OrMfohgM{o{f(B;EB0xyNAc6lm~sig~4Se3uPtJbB1*>ir2Xt+LRyoJd1Q8 z539K6=`r?so=5!Aj2OE#&3Wc^4{Sch0>@@U$cw(qZsD}sb*@izPHvv?y>=?ktGS|u z;4!-@7q4qMi*(jcbcT0#?|BA+CY$FU7Z#rwtK0LxOUt*-m1U2c=bmrU=@2Uz>#TkR zM~Ou7{r%~v$2zLSL2;rDe{rST(_dGlt)56{fbPp&V0bgBbvZF7S7%k&{3Y(X0RAwJ zozi^9kVh7~$}KFgkNS4+%RTpi;@n}(Z$`~yxRGr}!B0+Ci?1!#2%^Z#$s3jYS()Sg zczi0hdX|^1pD&bYKyi6OK>7FtXSO;O zE}S&(!I8eVZ}y)z+mo(kC@0772b{LUdxAtk3$ENYR!&LWT7ki_FyUt#Y}RC_llOe+ zwTX`?4M3e{hnZz${Z-PDqGz|J2Sa45nPy2$J`YynXiNJ}+K}pS$}5EqFyGzi(&pPSQ$h z5seD&X;)w;nZa`Mq3{WQ^*`z@z1T~15eZvB8t}YN>LhM-K6on$`-YkS+&ktnMKwgs8Cj_j_1}p*0p zBm(0FEd9>j8C^>ljQzCrG&yhBFO^bao>`!K^VY5>9#FnYM#q-m+)OcRx<|oq%d(OkOcfH`{-;*~(Gqd_dNZyOne?B#+4sq*|`sA5S-+@cryc=!Rd6kg? zFIg*1lEczq-uRq#`Tn-!(pTZ}>G0hofn!<%I}!pORdtcW_Et|_jH^oGQ; zpLM|_=e=CL9F>CE`$O$lQ`~g8OUGdOyDNA1ps<^LhMJWT1R3xSU>QiIZn=HG?-ri6 zt)+H8)SHWPu8g&A!IfAuUoC~vcV-^!t9N*-SA%DO(Q~!PAoR8+S4WUKp%LM=U~yZ^ zcsqJL;w6Y|S>Zzfp#d!=J4IgMP=PYGuDp6>J##*iYYjPK!U|gThwis@HvX0P65U)| zw#_;)KmBH+pGh)5XNkw(aa=?}!0pr|jkX~ck@>r}r2e^Nebe6_Ol%i6#*nIvLPa$d z@Vc!L%A&7YDyqV@lqx?E&GBjH?D@23(J9)Y9y$;XlOS0OtoZvEd2%%rDh5U@54Gz% zcS~l_R*E^`+NJDlQrAtKE=azlu&}salWq-P)Ff3+BbcjNa#&W!E3_nj^6ss%p;Ddk zlBu~a9)@(_dwuILO@StR`Gv`Rr+RzoW}O}Dwv_^q!O!pZx{W+9Mh1&7RZ_oAzQx

      b*sah%ooKIA{FM^PH!?Vv zXwN}9;Z}*{9}46jk$$;^+b%|tet228|Al_CTz{flKaYMQIX}}M8IsNiITj^trk%nFMgSEn&7I(xgq74p1U(qra9|soijlKlpMY3_PYv&Trx?u_F+hzK%T5 zF$$R%0>1|(&luZpE<=6SH|4yXM&G7Tx8I)s@~i+-M>|O-l)8pF+bYBbokTKnZFG5+ zik{bwwc?=p_Dkq6Xf-^@@zlRk&1f96|2Xd`BGY0n9iNlVq*p^IK{g@eK3EPp3SL+a z-A9shjp{hFUFRK9<{-3{Sha&InZZMQ!1;kJJKh=tjfZ3QJqRsunUjH4sj`!5-OD8? z^@S1s(2$<>uCHx@!bN2exS}+x)z6!b2Bl?^@yy7kTJTeKbC8Y*{|+(MU89B9V|6b{ zUc4&*hWw&=+5aERO6EcIi2c{c+rY75DkwJE-lDQ)LVvEk^EW9t zC53mTc3ENWKIiS3)fWsjrIWPBPcA9}?SuW8*Gqx2s;ns!!^eGSUzNpH#W;GXEv+~R zxG|MvSU5@qJN2J-KW7{A029Ibua0Fkr+Zz0D`!eWScA$6s>6$hhE$%(HV!Efq8X$F zazNQ(#%itOz}mrDAqBp>?;oZ1A?cQJK9Fh0XV`yohhjH;+TQLm(+kROkQJm_%NZ5} z<`H~9$5AIarkq;}505>vIs4JV0c-%?=`%Ft!78G#TIJTusgMX)wOdJGI;@V`WehPI zS3==o^HEZcVQWmYMjV5XWEx5hg3RzoHVobS_?*$A_?pB=mUcEk9icG6#WbV`zFoB* zgWwo=Cok4I$c8Ma4Ust_vH0vGE=qBMQi9b7dZ}pwJlSH+TVf7b9tu7#f^o2@O-!RT zLnfAIBLeRPTuO9dKtfrGDVrn}9mL>1$pKA`eTrmL90FNC;z7^_yEv~tS`B}0B)_}X8&vNyICn62W<;JI7 zkBN!Ro^X6|#=80XR=;Y)%De<%A3k=B z&ddcKAi{Ozbo7a{tFZTc|<`CIw5Z`QjIRGdBYm z=pGlFpByC0lAo~ZN&rrzI=2Cno-*J`|5fV@@ZuS=95eWl*50O4L^aAyDV7`eAxT0j z%)$aKoJo!%SenI&!^_YaI>VIre-Zs+5;Yf@W^3f3zW4`|5xhy*dH%p-!17=FkeN~c zDw^{BVP~~!A3`(!WRkl$LTDASw*JFLJVEH13y>#*($#H#pQvgdSFQ56m;x82VoxtM zk}`5YwI5as))t+!p` zuiYVXNG%+(KYV%0xS^|&+1&+FjAZK_}A;KU6bNYCY-{?Mh?{b z&>zo3g}P#K4^cT-W}>$g6fNO;qJo7cz-oR(Fgx2hL23JN*n`{MHwkgJdC4EVRh!GC z%6mcp#y_wSt27j%vxB`>^-8!?`S!IdLiaAaN)l+-^5S=94vuUEf}ttJt_gzS=g zvOTw-Z(QkZ%?=4tI!*$y9V@68$55x3%v%Z0amFt)=-}}<&qRybIa*oq%}w<|IE_>s zRaxYx?a!<6`a<6dKv5_rx9Vr2KLEArldb|^!UoUBec(fZh2lXR>L+U?K zeUz1MONdO5hANqX2=Px9(MibzWzxe-K{XoJjO}Rhd~TF~)?gZ*1B^5BD5;n9@;$x) zB74tvAXy2CJu1|h(40T8Pe|HtHgbG60F6h**0rfu8_Bu1RH{ux8THd^o`W)30npm{ z+@hnN(l&npf{F(EZg5!bJgr2?dooI?F|{SZy+|(g#rUl@mUnsG(^!G=W56s_q=u?@ z%+|JuPJ*^FkHLeE#F&GJ+xWi=!9Mv9l|pAPMFw=%6|qRh5|iu!GYBshez{1#jhCpC z#?H9%40lJ}?G<%^+JZ=`+7Viy9^#B*0uM!_>fimrHO1$t4``QO`?WS(;2LNTwBps< z3hF*SRFS@>HmxIDrCa;2??@!9TOV+n8Fk4wVR!}SAx;4b0*F)CaV{&k z&r56_Jy+4JQg^;W<~BnOHo&I)1wMoeo}YypZ&*6E+nP2*Fx!7en_bx~iuMTlOOik- z+E~Ibril|59dX}24}0hDbnd9Q2q5Sz$5dPd9rWg}R9yU?bU#!3Sl~mTsGbOf^$1u@ zPb6Gx7xX)JPbAHbu=aqP=0Pn&!gv7>+!uc|;zEejCX;b2IipEE9QaZuYYI zXm0oV^5gxki#;0#JgPN+j`FCag`q)jgKg132lZe#$d2~#{5bX)gJlg!nZ;BXAZeK# zU%1$%-;p#K8B&i#uRk!V7>SOI3Da8j6fhb|4iBP5M^K_8>(GEtdtQG2v48}6-dl3l z34d&=Bax^#MOCT4(Izy;aN~*#vUqR&gypIhzktX~G{1umN(GZTZWGUF4=#O`o7$LR zgxCDeFHoU9p(d=X%=%sX>P|RcnYA$8Q3N3Wo3|39zWzQ$TqMA}4kvuV zu4WwcKXvBLKa<09ksZH{%PJF7Db^tIZ8N}93vluM~p6TS49$Nx_` zxuf{WL9J>%C7C&8Oe*O)Ba40eyZH?r7;Z<>D$wV&Y{EQF@CRCyP%KsqGes9howsY> zS}R{-af>jx8Z&y%8kJW)xIc4CHo-1=nj)44tk}KBRK0fLkI?J#t)rkOqEntxT_>hS zL&;#n4}hD+eSaC>p|Onv%c76@vmO^()X3gI=qJXP=6-Hc;z+X}QYSg0px@34ly@kZ zOtwqcvk*H|{D4zwda{kmP0oAXQY3bznviaWrfB*MiH4xy*D!^eqk~ia+b}Y+`=A2u0=# zyDc}L^US%l5+!GS!Rl7RKbWoye}JVC@yytN{jeN1NipiPEI?$+k_q;foAICV4tncaZm=vRQ(FO1TkT=RsTBx%|l|{#P zAU{hMum##3kB)WoI*?78m~v(UvPXAID~j{`dE#`v(#wp#JJO`%95Q6O$Ox1G+nA0z zdDSzNocd11aoE9IR8nenxDq(gB$fCv3&kzX8!hsEhyOr)v0eTxLW!5oA73uExqQ3y zu1|2uRj=~Wuf6kfbbwx>-tM{9g;1ZIUnuC2{CN!P+-=rl!pL-;`!ALc%*_TF$I+mb z&DC4|ilouSLJ}XqK?>Xj$kGxC$RX<)c^Exfku(=-L9E0F@X^{Vh9aZMV@^7gs zbkv?eG6r<)E~#7L(d2M8?Or?x8*-6c6XL(;Z zCR@!5uA+xmAoUVgB%@PN%TIZKXAT3rp^EEhYT?T4r|{cwl9%B`OYDFWi6mZcy4d&* zq*ASs)jajnLIkwbEeyjmLW0Nygj+Zv3|tr@)AB+92yLJjs!_31((+*Ob4a%70Vsm1 zEs|393*B_KTj}V(g>TI;r6BccG%6Yct))(pEWyNFP?QiPL&bbUCe42&^hTr_ia8cj zg@tp<0PP3uuKj?hW@~xhVFs;r`cdy zj6mIV^|XLz5?<0yCPcoR_x;a&qfEI7lp-pNBp1*gDh7EK2#TwRr0*M&;rr2wLog4N zHwmx}4sy5jiDhp~YRg1sX#vCB$Y}D;$lF^)0$<@p)MJs^@j)X!-~ANVT3LlBj+Em-R3i)EY6%KEJRtyvO6UxaYL;$E=T7T{v{nSlw)Tvq zZ?vY&hd{b|nJ`LqazDyXKHse5XF+uFjcGzVR zd%?iAH#5L$emrAjw})HQRXr+vJT{li-!s!=m|Yy2L%bb+c-mdqZPXo0RvZzvl0}_D z%_1u>iztNr58wCEb16Fl4?f?J zT!U(E#$9J-gkvc8Q>L;BLM36loi#{}miri;dLC!Z^0)L}GzOcY79Ywx9-^Jmha@LA zo=Xpg>p9s_l{lX0muOIssLMn z@j57AF+3hAR{lrWNJpImw74u>u=_zfAV>9-?aeTJSPO*VhDrPDwoGQjw<}pmNjmx= zi{fPZwX>0QKfl1ZCFOQ8cdL$J{{Ze|Kaf^rY#%ndsxQ8XbyGM~=(1rBHN@uqVOYJ4 z@WR-{`SGuW2YAU~J3l7wWU9-U>{8|$mZ~!rGI<%=fTQq=&fP()(i)7zEvV3e~t_D(7WtGB>!h$p2E445N)b@|8Q=P-P z;MvlXa;V$DHU`i9O$hdYkhK=D;-}OH@7DPQi~93-9WtXQW59FFm^v?JCArblZhG`m zQk^H0YS>Qp|GR>Zu9-Vz!mRwPksCfAQ@;w}!mNbI{icF4F}yO-Xl^?wo>PVXRvJy@{0#VHDVxbK;MQuVW*)d!#{l``whv zGZ7r-_afT;uG$ioO*gHIYE`(=)C<-tx^ZHCp#^06 z*Jj$p13JPSu0wnF9L=BGI_W`kQ;-?Aam1s_W-lhDaYzIcrC`k<`Wj83tx4<3R)whz zDdU99#dgjs=fR~bbou(c|5oN8KM8i281_lC1r4TSpcJNJOg^W4!CyEGbqi>yJSmv5 z%)l4XgyCbLGebuS;V$LFxV9ZyoW}2!tv1QGoXou68|uLXCj$n$wooP&amYSrP#e>v zBDzy#j%@tySb}3G{=PoWf+;dGnoVMOHSdKJ0W;XsoZY>4IbQ&`z||aKg6pCJuPk=(9JgjYk)lSQ4wjDEMiGMfnSB%bju}TJ zSW2JX4G8NW2#sqpbuZhq*KX_&cQNAGS$N?a6#hZU9;ASCj26fKa2Hb~AOoBnsmG?t_^W7^mnljU+2)Y?`ks)T~eNup?{D*%LQ>hph{$e49COu9w z?7DdFQ1)|7qKIsScu(4Xh+$hjLt;_IR|`pmLPlXPf@Vq{w(<)!rSo*6g$dgx;vGg2QgmzqXle zsyaF3+1aOdpJ@x0?T6vov8vik4)lC>g!?|B@{(C-R9@_K5WGBur=Ws<%%NwxxO}|! zX`a@PVZIZk-LOSi#v!r(y-XcKRwT=XaA}36QB$8S@7&dys*7z}K_5~pshL!X?L^}n z3T`rprCSyy0HV(#@i#H;FzyifjktFC#;13m!u+p#l;Xyc%wzRGK()W8SXC#Iao+<9 zH;Ye&dO2P5c2y8HPDLEfQ*SSqKy|8W6+=%E$NeaZIq8@#apK3+LUyFdRoZf+r0N!S zk$P)mCdEg{p0alqzU*+UJa(q`@*5+bk#7}MMeQO zt2zTprrTx{Lnv5}V)A=38X@0b6T2uL%p%*;3G7OTF((<6_ok7Z8ANvAEhhh)OGdFT z@+t2{<<8X(ax;nS+KnPR&wPGjZ(QD%KRYm$4yXR_3%Gw`KU;scd~>pHbsA|?*bTOq zQH%1iU7cs;oJG;TgH=u3DgQ@bR7pdiatv)kFoTq}Sq7LbPaaz9sX;tXyB!E&<2xaX zycYgea~s*|L!tSPzW5G$Dz#EDj1=$rlw-&K5olUK-*QFLZN`wK=l=5NT;lS&hYbJY zs;BJ-zc}k1AVsv?spuGq^b9a3%vB3g!^N%`M!V&lhpNnDvxVz8$vi7L-k>Y<-Vm3v zKWAR>M*n@H79$Vp zoe|MrT`RYg0b;zVpsdW-c+zVc$=S5A^|9O?j4VDWGsezi^m3_4#uCIFhx%(8_a>`4 zvi_{#>^!~d1X55((8*EGLw4CR4hjUV{pM(PuPU!t@%JM%-+ur`G(qEa;w+mDP75_Z zI^VIi1Nw9BL>gw#n+p*cXAyPPC&^}(1;Xm9TSRckef<2@0EgPG7pwboFn!vTqJV4W z3hxhK0KMJx&p-Fin+?5b`fWX(uBYE95Kkk1 zyNz%K$A`V=^Y55%syPm%BRq~oh%AHJ!r1GK=lMJ7yu_Y-s)V!;qii?g2d&@6 zw2Exx?BXc-8`Wvg>^DuuK$AV^M?c@>iDqF5L+ngOXTr4p@~ZgeBDCS+b!8(7=Cih4 zMrZki_ZP|Z=*`k&kHmUyWlcI2y+HqUMG{aGC1)Xb)um8m)~8wmlz*_)S{dl==5x>Tt}TrbBPq> z>jK>oJ-YTU9h2UnhO#_~%%8)x=R$;~4YDGtdk#Na&%g~V76vT_#S-RKvfqc1mBzkv zcsq!*4S)xyw-d$1IvGwB@Xxn%U|W@#m(U}XwvfD0U2r+|(5xhURM{*2gv8c!?Rrbu z?FHKW3>3}udkIm_wqLmswBIw3gB(ViLxRfG^$+|&oF52`-te%}Hi1YpZofX_llT}U zA`?kzOg#2Eg(g%VKiwcQZuW|5M5<>w?g2IT$>b;&@zZR%4Qv z*V@Z4>~}R!fhK_daINr*Qq*Ro-q8C-rtrO9W8mVy~Lod=<=mu&vdRTjP@Lh65Qr!Wi#1C)2Sz6H=`EqWuVRf(LUh@SJXLzoU z?gKGrbS^J~P(&Y4F0rH{d{SyL`6B!{$pmXeeghk~r|?WG)wyKVWcwY5#kM8H!xsDA zkwUe^t^6 zJg8Rit6Pv%0TFY?CR(cy@g^uq? zE48V=o4yiG%H5L>BCcm%3-VzihfppA3sR{9nye8?|ZT&IEIe2{Y>l`ma`=8FyPuT!H`{XcvaQB8^|xyr!Ap{sk#+ z`XCG)$qh71p}%29R9`r$Rh_|Mh=H_Eq62h$klJSXoTE9HD^S)+^^x9>%i2JJHd5mX zU)pr6`$-)KFUwxKJBe+6(gfyACo7|l6 zQWzsXGQ1Fk`+%{EmA&L+#VhB&gW^K02!m-C=$QQp?{doZUHSu?FiwDu&Zs>Yl?l?Y z&OG-or)_V4vou39KhkutAP>uBOM2#rxmt!RJ-lfG{I=Pg$<9HRnPkjU+HWjL*9J(I zjaj>oi;t&CnQrbwi$ZD6vsU)T1ZqL+xI3{kg_Gu&tk@v`a*O2C)JHm_x|CfLBU#jF;uHw58U1Ku0BCSz9 zT;s2uNEPkHiQ;+rkR**t`e&LsnQN_s)A?oNu?i(|t6qj|2Ywd<(jwMWX+bQ0S-L-+ z*;*3tvPvb)s6;4EFb!|<{8#@d zz;vLuu6Gs%p7HZtzgQ!1G$>$&06SYy@T0w~`P5Nl1exAMBrzJ~BW%q;mcsjJ@nErr zKn-P?>dEi{rBzfx!kMKxcMe~?ZIMT_{RhJM2-i2jW)*TEyN7(7^-g|49H8T$OkPFN zlm?|3Et4~2Q92_&M>3&8eO}$DPgjsbOCT`K24(hxSNkpF#SZhQWksbzz3rH@)ntd6 z@{G5`0n1(65P8*oy$W1-lt0wc&qBwLoGwsbCIsL>Cj+x*h{miBeN z5hjvWocm)+Y??hmgFM}u?92Su;20Z$9s&U=l3qBkNWzzh`YxO^9Ry>keGpn-iphHxwF z)W4{$!(GL&o)gtLcfXOg^GRONJx}-bK+5rbM2Unhg1LpFS#6O@Dbg=$=>m9I-IgJ= zt};Ym)@<$Q_^^vJ9-$tqKcXDoW_@cW@1>Asxl+{bn!$QTZeSy-T)7MsSV##sam`^z z#Ll>mYyMB1ulOmJ4lw!=vd$CorqZnn{}KSoi8$nJJV@m|iS4nGi2}xop(PYJMMU47 z`=Kyi7YW7vM`3Koyzli~SDXBWa=U{;&qUM|+i2i5wH|L&mK~7gVUM4q;1kyi(0B2y zKS-gZRHw}6)P6$#dzuyPs3(d}XfseakcxQSyO0y{fEd?u)4R zl1Y;+2f5LrQfEbfZ0sT_=!TN69tErm{s+RSad90*V)6rFg#14c#_bR^tiZENV{h+u zX{%H`6<;yeJLZctqka|%#!8nrw_rX>Br-R|tP!E=0=SL@`Np9S* zcZ;#w?8Znp!+p$5U~C0uPrB4LHlHxI6;Qo$l9)yc#kapb;D}-p!Kwhk=!N6GgT+nM zpSBLOTfD%?? zEe?79CA27R8a!|P^AU8wJ3DV?${SwB&OZgU0-qWtc=CDA#0GBUXC*<4(96y~IxdI7 z#3yFHcA(Wf1CQUmT<$F}oebR3#TMYSAfr*Xe@ z>J-U$Gx_T`!V%TN;x{w@p9Ud>rW;k&3 zLvyn8is-B~unXHh&NG~>>@va>#o&oN)o<7*WmOmtiFgmvA?Pgj7`H6*WJz-*oNF9$ zBbBXKu!^6Qp$IXplCM zY(YyRy2ef*pdtAHz^u&|qZ3Q(GLfIiqPe5*vL}?zeW@ z*Hm%KRWmqiexMj>0;CWQPjs}hi_BGEx7!rT^lLGMG(bSnjit;eA3BWNbZE@*DP^`o1hrmcQk;b49f0K_f0dYciJDV( z;ki8eL>@8@7HwuDJk7Kkv53*kv~;&~ZD)J?wkvvv-JvZ?hFi}_c_BMXnw1MkbF&N9 z!JU8lgBo`J?0#~R!vB(y5u2R< zUh9|X3_%-k&}Ka=`j*esbjo5)HBo;%2deXz29L3UoP9~LrzZhcTP>sS`3cL{87kG8 zSCzK8{Zcu{vIk_(^2OHRuICclQL+SuwiLYHZv@JDf-G>bxD&p=l8>D= zjQm-**k==Zg08dRgbg>zE1PYj!8GFC9)f?^G^9D1e0*jy+66>aJ z_>1PJ9UaxnIoakHHWm*jK$}Ev3>zc3K@UftLARv3Ekf8qrO;jl4tMj~OCveB_R9!v zg$Jqzua2oXSnu+q1tV-l6&lRU{qt_x3yEZj!k#WY759ch_a6CX>eR&c=_(KLgmRK( z4W@e{qEzP3fopaVgr*wb?6jI{1YqR%)x@c}>Z`^upT1L1{gIf4vQh{X9`KKGI|}k+2b{}x4k~D)8SQ? zU3$w;d@)*b7*%EgSH1Z9e}*}Se+DVE40M(^DlT1aI@1p&$DT{Ane7)P!&kCBtgd;e z&6sA(<~V+aw7rvAg5=jDa`h%JbpjZdnc8A}TlY@igbq$&ju8r#&PpcO$@WRv2d5>X zgGqW7^yFn16`N|hKX@1KuuIY>NN0=-Gwq>C@@S+AaU~>0y_*bgx3+X@>}-Ogb!#oG zFi2rl==#6-u41(5Cu$AVkafGupD9C`qd&zOe1^2d%CL8LCJQ4)&YKHw9Q{^lSpdo` z;){L-GLp-)>pbX8C*7FY<&Q=vbPIem!1G&5p)K@p&+k=RzQ=;f^Shu!AL)xxxan%J z*mpDT@F$`SEkwHMZl&b*ww7w-7=wNYOEI$$GBs&WXeU~BAw{UTL^k>e0XnUZv>7a9 zVVB>Ycr80W!3CMwD$T;zs{M8BB-fd}?Z%)J&)xb>^Y^Z1rg z2l8c%l=^ahTT@LkR6umCLSTyI&K&N2@m%`~zLNeY{%|4*`JebhFOPHh_d>_#zinY} z@G)Ai`y;v@@FMx&GL_%pumRLfMK{?ti@k3CRc!&| zY`}CO4fuo2?X3G*KXG7gu3D`$vuJHD!S+i@|- zw7>qFdpISH>HssbvF%^`AwYh*wRyx3dX1ipV>#*_bK@(})|h=BZB`f5z~PlxocMo2Ml&`LW{?3bzg_9MzL6Su*D{*q!}!M9@}HNR#$j) z)QPRm;{>)E;8Lo%g)QviKu=?N0aXoPX;Z7{LX_B6hOCA|N>(xjA+^Tij-R>a;a>yT z*zP(gi}rn2LqV-9|NK-V$?nuy9RWR}KJ@7wp?cZ+HDHf_6c99dw5;&kC40`VSXn$U z5;EU768cTyvKi(6BxQz~{DC60&V@y?SG6SkqOKpMNFI3>jbX{QOa)6|k2$Fw_( zSFHvo79W_q(UxJO7;Cc3It%Zg2hxvPNTLU#AktmJIptmWI`LYS;o=}99sHAdkdN=( zVb}y^>!Pf{sy#gB!mT$aPJo3w`(Tc@h3YG-XOS2+B(xuG8{}C-n#}XD|l-xN_)^#uee3**#=!qjQSnADeefw)ma38we* zN)1NmZwY~9VH66RgnXq>WX@f!*u32ViUBZ00uRKJsGJ*fG0i&-23%v+5Qa zTGQO;A{9!<4#+$iL3YX~&Nmfkspj{|Ld-lRqQ8xIEGDkSJsaUb3A<7hc{)=@ucbPv zX;c~JVmexjywXHJlN63FUL1{%EMzm36luRNSEq7ce6mpQ4P|+2hi3w%V(6r#V|5CHF9T{GSuZ@q{PJ# z=X4)~kpz}JIC3DIaQ{YsgwWI#@|^CeLxFE2B_VTxFNqU@JNOqY=3kP${n)=jF(ShG z2eFJldrPSa%G!@W6kFqPM&N{Jq2@yAT11J=gg>qASVZy965(r{aTDdCVTP3ndDCVv z16rM{OmP08wGlH_6m!lOO0?7)I0AkWg6>MS)U|{SCaK0uLJL?iDW-LcEN| zBg9k&vNUwh$lpSQs-%id>KNYu+<#Ri=xv|JrBz8XnF5MH8WR%}5fWoz(W~5{Xl+$H z0A&r-KZ&WDqWSfnp~*h#Z1-dCPGst2dLmsGs=+m=s&A@I=TY17E0Pr5&zX<6 zf6w@7lN&hMyz2lTXGAXMCU-L!I2HKSziDG)vXdgcLs?q>sz2JL`>MIL-1=d74A*q{ z6Mgkc#1>Yr=OK^)9-Ex$fOCEoA{$z_EJ*mnuP*_76Men)O+M%LDkHj|?R$0WCHAMp zn%aOb9L<`_6tOp}Kb$0!yM*2(>nCB=w)BbCe6{GzogyCAZQ`NTH}r`w8;3zF zt?c^9*7o9HphlPV!mpBgS}Qd!ooQ3mBZzF{+IrGE4$|G{`2^~;N{xq!;bDKAy{36` zDZrd50o|CDU{+7++HZeBZAi5XSO)Xt&gI_NQHpOsrJp)rQHxjqbyEdVJh(8e1oGY> zg?@g;P}3LJs!oz3_+D-zQLJceKq0|05631e@G**#J|u-KzGcKT-Y^{YjlkgmL*anW zNgIxpFM5tUPU`P4Be!=#nmDAR7&9|jI>!7&gx&le<79YPK@{~MB-Aa2k!v8)uQgB8 zFch^VMNn6f&Zr0Xl)HD3LH0q-7dgqG{fWRZ*OS_QT)A!JXet8E**#Y3lc!*#yb0h8 z_u>V<`eT$XQ_^PZgvqoub56eQW>{JKwDwNT95$lpo0yA3;*;fr5+WinuqfhtodIA( ziAnLhjO6G!dS_dUSnXU|ljdT#>qUv>$z!BMz7mx)4E2!9GfMN2OMNwTtwrF)SjEnL zB@LuQ)X2isaR8sN-pF?l_@@`hB%)qY+Zb*D*soaXf0&*93H%LrAM9tYejZWk+hF4B z+c8ec-|bt4WYrT&jrSfFx$$=##!b!9>e}(hFU@Mv1#SS`YRiz$=7n1#^KJ%8!aC`& zo>FhjGG#Oiiv)!r-}yh?Jl{`~>zr-^^||u9+KDkpfQWY2)u%i^%uf345!Dzza$huz zK4rl)V^+~69%uq!+Y>6D2*KiOY^XQj86tmq8_a%GtcNBP`&^M~XgGLX**le#V`jI` z&D-t>Xne*8r^ICCtdnmSD*yV5E=(*}Y$z8{+7;(1KuX{AMQ+MCV6z47B4BgNWgYVU z7Q)Vc@Co1S8)j&&T$9&-&70yqVd80NWf7<39v6M2*h8vQyzd2_W)QMCJTiAhXbJhNTv* zuxY&9ulvxW~?1{(v zuEwoRp|;|4F8IuHlZWpJN~LXcKu?bYJ%=!d+jcUb{jLSu4CO`J1l9Q`G(sU9c(but zq0Oa8YTr?&C)+w~y-|sC;rKn&L`W5N2J=3i0TM9;iArNcV$hqB1O`ms!XS2>AIBdd z3G%P6KY<254`&*geeFIjmd--tx^7JhO;9cSg|v6JK=mzHo&{A7`KXpJ%&fVzFGKppONu zC^i}&wE30WFwCQCJV3jL>>IRlA~cmJ{fE~v;jES>OqL=KE@V}}^^f7NL)d;FQH9-- zGgi?JZucSlw5j+D@$@|vV#^soigLgAG-J2rq@LWzW)>KLF+Zl3`dES2O8AWbhRg5f z{x4mpCSudX<{X6Z&~A_&DerX}4mNjze!(dnqAH0>?;qB5Ff}K%=Q~^%R`*xR=Dg9; z&Cq#(3uj@t>pF1vAQYd(11CwjGH$7@R#oI%43%FBqdZ5-!$PWxL(wN(TS>*HkPYHF ztM{XuPvTc_TCM_4PaQ8Mecoz@Gs@`EuOjI_2Gyu#r^*Mda4Unb{e9CVpri;JeuSXk zgi8+Lgh@LZeivs66GgR5n{%D$d!sC8h641?FS_U7Qxk*`^f-dH?ku^qs1u$o@pM!F z8cj6rU&XJwFrXZ0!^cOYnsl4iVXDyS*KwLa)0lFO;?=Ae>mO?fZDR z_i=Wd{_S*s|9b9{d~G1Y5~+|j8&2oi+uz|a4RzHG7D+WdZBI#+QCuMrx@>7sg9L*) z1-=;QLd4?otUxU$aT%DY>Saw*Um-zU@_TV#`2HVScbmGKn)#viHe0QKY5lQ(^6)$M zOG*D(G|pp36wi`>f(?^z)B<~xdDcEhsvxd=pDHZmy^XFt_SFjBkl3D$TxA3W(29NJ zJ^fjo4d6)U-oBKRHk_6*ZiR;yqb;ToV?kL|Lmqlx-m9v%AP5TQ2IaS@>L)j`B-vc4 znT)+Ml+~g9Jt;&LRw3QA<8P^PoIa zl!dDg=<4=_EiM~!=ohDLMnGvz?nO@CJvsM_|H|8@XkoWgLaMR1pL#u8*Z_Wp~}6#`bo#ut{{jvK;8-f0l77-vLdVuYqDFs=OX zUY%{&6_V&pFJ2#oy!=)-;U*jluEuii3>}~}KbC@`zeA+iq%29)R$qaM^pC8gN*WB% z4m>JE$pS%8$TY5F?8Z-tD*BJ`=v|?^U-_+7j!iQa|=b#&_ zRB5+O>0#CU35#)skrBhZdj(LB%*>T@(TuEpoba11YM%vO=X}V#5yoGe^26K5_8M@O zHWtH2i6`cm3(2=9(E(v-Z{qgYNW(5NlV&CT)qvx4O6dQAh4$k5Azs_uQGq`z#3mfn z;RZ|}Hvx+WAzfa!gF&z{nGYii2H%>EH&6c3BUdCu2vg3|%th-^3+dR-%}dO{m{#cp z?J;eP=_K~qSKZ07*sA+Xlj2;Tu4S=?-8)(d;K&QrrVFZ#*CK(GSt;g0p~f1Yhk+dF zNDFmiGi%IL6hLoCH$&q^N3iU21oSqQ%$UsOihMaasHwTx+5>w>Izh@;>9b=*hqvHb z^p4zh!XaR+`uFHi{53KeEUK_8Yi-yq)2?f@cg!=SZC_r*UTBu{zRzs0>3UxKwHP@%)k1Bk8Ro$ z%(b^0sLX>ZXA@U-shFP;qTL-duBZRV`X-bULr+C2U<@9!6me!=Vsi*Uiq@D~tcCzc zutEC0rlJK`05tJj>m(*{r#G#*p4SP6gQXH>gG3L(#VDgenB#@U@94g@Czt7WQ(Z4Z za6mw-p$zmWtoWI*=8VGqs_ky8rnr5;fQ zs&g3$RHJ`BZ#)B7Tnm3`EB;lkoHjG`xzU?psvoV#Z4|JCk{nSOggL=8jXC;i zKboQ8*()kUy2$`*jY2}3bCcAc&PN03q}nV6vO)P~+DeAqrJnyo>y(16{-M8_1Nmoi z;~^&aMDKVHgJt7pEn$`U)#EynVs=U~C!3iIqq3|Dh#3kALBTp_JVY^g>7!#uj_Ayy z!yZvNc6+wHfjeE`RubmA@BdrKuhpd~KRu@Z7p?#Lk@J_@A4UIH(64!ZhAovJX{RSv zvk^aa`CpfQPci?;<9#NAlJ5N!#}g`mEqb2yQPCgm%~%u}UDeX*uhjC=H=2iLjVedO zPyb`E_P?4p{ZYzh0| z5R(P6;g)Co_hqjGGvWVb>%qD^s=B7(At~PNHDgkI39~&GF;UWlxn2sVv~8NRw*!T9 zB-9+5-#;A|kU`ZMU>R>%_Ck79W716%yGtbv{2~VLnD2fW)E*+`gwr5SD}*g8)>Snd zoSuDN^IxOyqJdB`cZR5iPqKXBwd41kmphS)Qgs>H^Sk2ER|IRbePk4?ovZaU2Eu_w z9^^28TxR6vB&}T`tyf(nDckf_0>H8eYauOv(U$5FqYwx*{%h+3FumANt2?S`7(L*l zjkBdKeVSY~7FS@Ja4whJyIZYQ>vXU_^bU@iv>0llQ%Q!S66&h(3o~E-IEdjujq<`Q zsD%y{Eu0ghGR{cqOGd)^oa2Qfn7a~nKsL!gw!Zvh>(`_D7S@6cisrdyvoWQ*hhr6h z457L8vMAnfh50lKO1-7sZ)euCopaOn&OS$#;}r-2c9ieB9G}THf*lvDF|wY7dJ=61 z$eQm_cpGMc5S zQ7BWc4v?}DM)OaTczQZ~J;=0>%m%o54Xd+XstMh+-R`fC_;%;mmwSKddta-iV_Pw% zI3{uzgVBQINIs;jlAN-_H&NCrxr_|Rpk11qzo`jU?J8Ake+{m*lWjkN(1jz9w@*}d z`LN=U8E;19ZPhHp@Twpct(sjEu|Y-rZK4o#7O{UPhH=(S+i9#L{(Ss$)O;#6d)zWt~8dP4M2V*;33fepSQGU>uNe#Khxy<~tk+sL(UwgCc6 z-eZ_uNUdI=aFl3tCy0%T{8#U@ySLt!$8$X8NA#0=gUU}7a8;MF(G;HU3y?wer-asx z&wL_*LqZT&JIV>QOt%?1QtPst&JxmHoNjlVgJR-xvq}Yy3sagdIwYI|fB}>Ub2~1! z*r4R9hdjx7Ab%El z5^?Oq0m5Svg@1o8AOFeH3GgAvxD0LucRp(L#|X^Cbj>zLr(;{n5^~ySF9+(FnjDVQ zQ#en9Gf~*-$E(j%{`e|A{zG@m(!6Ja;A$!QZ1KCsXhy{5b@AdC>_y)c zh_--|hKKN0#Kt91tbuFn*b+@Ow5`$ue7A{BxCa^O^s0^^<$*?6r3UBp+zV&__RIZ1*Ft0m-`9`2?_Mks7`#KJ)YI99CM^tN5sM%_JnoXx=| zP`hP*l%-Qj66^;z@gh=_=SbPs9d-FuE2OI4{(4Yrld8(@Wl3v3-k=edm_Uzq7Hnyz z77~Yvi;d6>dhT{BcCz|ED}6Qft7S)=-1lfz)7i)kmb z0GIMLvt5rg`UiM_eK~c1;MGJsk4u7s`2$;f_d58l4aAUziyS4$I)qCzV&ykbZd5^! zLY<9mVkxiTHGYK+UzWPi=*pi-E_+V9rRZ)Q!AA|}rJ8rxD~v?N=0J0YlfbnT>MCfd z6NW{lP1nSAsNX~BlL6;9fzHx4j{a@fahvD7DjB~^=s;ilIG!X{;ZmM|Zqz;NoSAtN zBkAQMMH;9xPT#aq6#47deyT-h#Yvf=ql=^&J3cou>3k%`hhW6*qL))hVY1We+zHNQ zg%(9EB2LKtfb}AqGYv}obgx@8=t59bLS;H+ufpetrJh0^YGT-bK*cgOc2l}r7*RwN zT|&u}L5ju(H#wn=|3cc*ftW9As@T)@p7{H2RuJ(zf5eNOBJJZ(aAu$ItB;satD=Lw zwE&n$_i1ypGeNh-JhcjU_bRoT7^#I{JvmLW9^+Bc6 zaDkxT@1;IrBhzk8R*m50J-Na@n+{17nx*P>?0UONu@FX(zG`r^qXxOO{>2mgQ;msp1$wq@px+Pg!s#M=6A^1VVlYhmz} z`iO7fkysnNjbKdiw{PlZ7EiYU`^}YbtRl(ySLdF-O%n~s{=SCk$uYOHd5^%XAdF&G zv=L+QJv#ftZLoD&-naQFn5|mMdXsHfANzVFd%KA#Br7qYX+!c2c9Y*u_%pwTOn5p6 zP8jK7(4_E695}?g-xmPGoOi=Fk>>nd5nGb_%CxT8F9c&KQkrmvA-L8VBX(aa zfaF#w!8dtu4K-~*T<(?TtIUHSJ#=q1h&_uB6T;YIU2%^4?p%Xm+mQQPHE%#N=`n>j zWjU~M;dlNx(Z)ZmyEyF){T(&~N*$bW+#0o7g{rXxI`(ERZ93>9DLFhRS>ifqJiT7{v;ROF+<-bcz@aKWE|8K#aY_+?eFT zSZHmo*OSOZ0}Wi2LuXa5wZn~- zxhe|9FRMt7EhuE=BY+TD9qgo;$Qu8UQIr8h@A4L&C_aEN@47g`7=HzM4C7N}v|V8kyC^t(f45=v^Q>spo+(VE{!xF(5l(c#eXrAQi@>hHdyWNFq@y`(E z@pE8=zfK+Klp(!hEQLpTc^b&)8KtM$T?r=}MtSAPi4t{o7%s<8Js4j&`CNvWySU?+ z$aq1b9s?2yd%;pz`i{2B7B-Cx`XoB>9ByKd<)*a9f1Esz4_l6(e;#j3BrCRYB+K4B zm9T^?>N+`pI+Z;Oh^p%Xm)=OQwj|<=?vElOu8#jz-Hh?)I6Bb5c$bp?o@~#Fg7bWb zU!!s3ug|ZXDYUk3?>Nm6fqn3PmRhKNdQxd*GA@*oFojei)?(4gQ~NBsW1Z2%Uqa^6 zo_c%G0S)hocR~5W=43%){x^@LgI0LIb7XK^UZ2wzX*gl7{;V%aRZg}wh(c)F;)(aq zJm-i~o(7wd!B@rA=5T3j*D(E5Mrz+MJ)*riKl7;Y8O%$$2wYOz?hts~_}RBiB9Psh zRT-$yM#2MrTukowvAOhbPbVz&<+3aDvA3uzq_%r@fd`*9kt72lnmxE<*b~DFx(eWT z7p`Wig4r6lFvDL$w?`1CCTYag>+8g?<0{0g{CuCny0w>*a&58FU%-v_FC9Y|Amy+| zXYXB+=8?ql-QqET02?bU&>$8zPS$qn&sp9-ygF@TXBkuYpk{}Q{cN)9MP+Oetx9Bx zkHPifE&lRLH6e=#E-ITYQ|MX4kf{U54J-|P!;uEf=NKmDI#rnj{V@+h9Q?>$|5?)d z_Odt=S36n*eYr~wJ!1L&b(xf?+%wSErvob+<<_U6=g~KXNvKLDSJG=5C5qw3b95F$ zfnpwI4CUMv$|x;m7-fv5Z5E~Vw@{T2qDv3S73`mGrf8mjK40kPu1L>hM~q<}`Pfpi z=L!ez*M>zSkCYI`Q2wX6o7F53#^IWOIP5cXbk5TFa2*tl>kvL-!s3T z*S~V%ZYvTjpm!YvBFi)eVJP#0`e#U?%Me6V>QFrf#Em;NgRb#4%Cc>Rq-jFMLT|}x zH={<*^We5-v|PBG!0ke}Sf7{D%A6c1i7PDs$ohT<`bOT|ipPF`ou4T7Ga`YQW&WDC zXexuI`b>L+v&KE21axp;h%@H0w_+iHP_3oQc1gN>{n*z2<%WCdy#j+Kc9E%fAC0T; z;=gbuz3yTguIctNvjNHMfg%W0(wa->0rQkHE4~~Tn~35R8aN#QIIaepofAhr1OeQ9v5LQW6D}N{u9%kS|skK7dqOThA0WhZB}OUUD(W znxJ=r2$N8to}rZhbZTyF4h#fB*V)J#&CDX-|AP%tfZR5O0o-+MR5X(Ly7+^9)Eh+g z@^2)PVRs$-j-z2twiUV#1b+f?4IbD*c*VQmxw5&x4BBg9^rl%&5S0@<}Ey{xR+L%vu2rY;f+Rrs#G+bAx$y z6+z1hCtYMi4FfU~32uU>uT=cXx9zX$AHl+iz-7a!Xj|f^d6r%QZgZO?O z^hRTqpSV-jQVTh~fQCGuflnrhhFxK*;sJegvx=eAcn8CGb+cp#wSq6(vVw!AESs~- zdB}NlC~{<}W~lL*CEpS7`-f-`e<*3FnQe*&idfod8d~PoBu~YpQl-(P^l0AJwgg=> z+8o0{rw{w0(G-k>t*&#MKr-j6bc)te_PgPVcqNA0j=R*C@swo|bjI=aTyh27ibwKs zI!MH3!3TDqs?qO~NNeaP<}8SS;pn&bz3Fz^+bkuwS`0@ZH&lPGPH>WDl25QzYX=*S@^-y{h#BnDmv3TPmMy< zbHUXx!@g;npc=E5&^lHE3eRDcgHsKn%G9)MS$>7F?`RtKm$7!zTeIz-o#p2FCgyR_ zMWU1$zm0|hxe8a?(Ej{Wbpmbr$ZH2p|K!mypC;HTwvhgRAE3kB_3-CbEy1FWzMX}c zYFB5NviYQls8pP;3-Q_(dHW*9&?nh*UvH8<-oms>B?!BdSqxMp?HMsNTQzV%D*B>8 zH$lyMPIO~Q71TwO;^PZr`t3->6(-mC>#)aW31jxP0kT6+6>>kB2x9=dLLPIJ z%Nt0jnMLG#NkTAm6WVEmK5~~F2d#yANoebPIcBw}xuQj(^LC{ewwjW}Pv+n5VK@0V zP{|>-Zr*NGFy5vzSd87BTpy(k~Gfqyd!@Z7z=+K5BN{{ zDdD$G5^@HgUj|XIdTba}v@1TX$2C&e3sJ>RLpj5{BYjDiEXC3H?9Y=EU@Oyz)58lf zS|vCeVQO?C-|qU)Rta`72Qs1$%X`raZKnU;Og*f3cmSFAFKM&)-UjOTk;Sj0LVy4h znw2j2{t@s3@dF2YVz$VQh&(nLT@B1Tlpt4Mv9Ct$8Xy4~%T}8hBs|Gx3vJjiTn4;l zQjX{eYF!>*`#GZT;E(IL4*px-U%W+=&&k!jfwSwUK;0jkurU#ytj(-ekKxCLy^RsE zZrXL=qH}U20TKO{C*FiMn-f?t^Pa-(9y?*&C~c*GWH$&2mO-2 zCyeV;Q_0=CQx@@Xq;|`7aS&UjxKE0U^Vu{zh4{gdt3h&%b>@b9#9q(q$6Ap!M!#r=4}VM>dWuhu9{5@N zAX)#~29D^m5^M&w`={8iIkn4}XZvD%Fgu`<;wdTlk$CBM^!glM zhbM5guH}0^>*c$dvKD8dPp*rANSnui7P2iw)CN%LOoFKTk^a8$%z7<0D#}U0>KZZL zE2<_FV+4@swAk5!MofLH`4Tp$4a@R%co8AArELd^7&2Oa*!kuIo*aYX#753!dA8BS z41v)^^SZgo#L?n3(~-OH=5^HS2J|K)aQ)YV0o+=mS0dEGCWjBV4U2oS-)tSLLrStH z)nye!%N5u|4Ba^==-`BUS$Z4P)iScf)NAlqC1O(ur)-E`QXlNB7*&cc0N8<5N)4b2 z|F2JmBv*{O!}7{8$8Oy2@=pWqnKvG42?M!NEg6jCwc|o^WjYX}7x9B7akXS)6^PQ# z-&q=<&evaVv+L)<)k|%$;?U~JpVsM$%kuy+v4l6lIO-sCLJOPReqA3bOmgjXXD$-T9E?ppLmsVlCdIR7%Ob#^MI-Jb}e z98@&ek}N3!C28ycKBLJJzZP34`#OjMtu^-cdC+J;Z4nE3t6wn;w-w?rD&n zO7q=@**zxTr(Bwq@MEN+%zUgBL^eDCyGcDyaQnV+nXylb<{d~dOAdmhfPUt>+llvb zEsdTihaAFhGxUEIV@&`1aO2Y|{PyB^_a4S{6-7KrucJ|dHscW55-y4knVun%@P7^i z`I97(l6@o9niy)=e)i6!f4eiT(LbH^Oc5#q>mbk+@5^$Yiq4&>r#1~HZ-1t~V7G7l z{jp<^q*P?{!C)nQIG@YJFCW9Ql~k3?6)YHTuOe-wE$tjsqcz%qsP0fx!k*m^BwomZ z4~x=^8)6($YfJRfhn6ZWGw&N+ZLgc{ZVkr!0nR-q_iHW5Z7j#}3E!T;B>eY?+Tz3^ zcfi@x%$q7Au#0ZF?r^MUVCidv&DmF;^Kv{L#@P~M`hj>x!!4IiHeJ|E32nSSh4+V8~a`oks|fErHMtqzlrlZP~TUI&E1t z5Ij341fBP(bZ~J{0C~~84U@3lgx;a&pUD*26o7to?l*<9rHqR$glK)4|6tF zNZVIA({OX=2NgS;rv~eCzcy0mJGhMtg&rR*_x5v%1yvrtIAlT=^A1zdG^{M`j-X$n z-;}1(fO=|d*j(4Svm~=Gc)bIdN5d&d6%4_hd@?%7$K33+Lukb+@5-OrD=}GwGuVv) z4l0cZB&H6}zwOE1cGxiponD%EdF`>8!gB~sbXK6e8(#f$>h;v`>_(L-8I|T)_*UFt zLKS$yNeG@!kNZLnfH3wObS^x;e;a-A%!W@s&gM2_=|sV+%s;Tl!^V~@1!m8YIfSF& zL~zx8h$i_U#qNXy!lt#Z1N6H4O*}EhI!F>T}OQfKScN%VI#K01l z&zN#eie(;aI#HMJ+yC@EjSUzpBx~Bh?)Mwg5H6}sU8&g>y_gFdH65iHwIy9dDtm&( zQ`b`5k$qb!#2n~${Vcd^xLAqrws(x1kDgkgi=rO)`aC*nDotRj*hpC)U#hcUeQ;)k z?R9H49MP!_Z-Ku-JZb4AmwyCmi3;)gLyq1+1G=H%lqdj-nm?>P14~U;0+kT{H6j6- zYRp`Z6GC6)P*qHO5>;d*ZDgI?tNB?K@VCouGo()eHeo}#R8E*2LG{2PJA<;Nqn;I% z18g+$2vb|U9~_H$|3aDn2nro7w^3VQH@lxCW9){%P_5MD%GvBY&}Vc)>qZbFE|T(5 z`asXM68C7cYvC;EH(;$w9V0DJr?WgXZM^pU`|Y6%FiC&zgf2xrL0^AyWwXr_M;Sjc z0BRZqDYXgFVx_jyoOorB_ogFG1{4S#a>3r3 z-YY=vDyKe6D}(47cGF}=tB_`03-{@uNIe-uLqk}|$;ZEt zON1A}ilG|nx4jiw-=|{>D#E|!BKNzRMAhX zWx50joD%Jg>c+-mQ`K~K1F|BVYs9q8Xniu(trI4wK__7mLLDR`1D%w(=V1qG^; z*{b>z8!0H@L3(2P^TXXQpi(jUS6pHpDQdc1h-8XI-^KSSJZ|!1D)7nIGK7hq=;-=Nz-g=#8mBnk7EUOBU10;BG68%w<{we5h4 z7lYNAbt>}yx>col`Qh@Hpt~=%hF=dG_+nB^Ju(b^XF;nid!TWj%lI1*vX>AUR0jwQ zmyu2$Y)02>oTSZq8oSO^kB*z)qQTqMHKhmh>CU7*h2(w2b80aEOevn{Q^lt`u5ESw7tXf=uXRBimVC>?qJrNG5PRKWw_`$=n5bEJk{sq<|d*3_5IBdbIiG zL5$F$euD$+k;0JKK&(WMzjDyhy^OLtI^>rw(EM>D0`LhTYp1~?dR+6{!K6bO#r$9= z!=)FjTyJ|`^g_FjB@3ScReBQ-2W>yJTVBN5>z-2u`Ud>94z2mu8GJCvLqQk*#;+^p0_KRs{j+f_S4S4bbIpus~KAKKvF$=h=$@-qrdV>GN_V8w6d*FcZ9CbLwXK`< zf*mM=j(GU=jd>4~M3ouJRJq}*e#+W$-=&8nU>`QpMR)S^@BFu1<8O_xfffk8pB zJH8|Cf9@dZQP6m-Z=0RqobC_5N!Qnla9H@-_G_w zGOLY5rDEWk<@iw>QRGIEyXG)oNFzGh-~wa3l2YL>8(EkK*)^vJhX=x4baHv>t`c*{ z`vN9P8}~cy2RYT-#@EeTh|P#wmPV62byEejhy0Ot@ETa`2L zDy?Wgc6!Wbjd2pP`^~(dXkVlF-76=)rMjg8Mqz;$(!OxOzC@(N7zwsy59z0^UAM1+ zxeU1Uw1B9Hro%{lG#xEPZVBaz_m%3x(sy^G1D`jFR|!P5*DZIiM4Ry2q}-gp{x&-ILwN$S5<#x@EW^O>nqns z;&{*0;KeU2J|s;ob!K#iF!Q6`xL|Np^;7PK4qS0{n3aosOMgRmnz60gOR1Zs&wtoEfO#s3xeE1F!3ooYs zL)SY+$r5Z`+ilynZDY4>+qP|6yKURHZQI&yTVJ1Z-tpi4H&IcMd6grhM%0>fK5JnX zJS3U=I=~IcVnxtGoQ)rj95ObI{4Izs8-A=3ON@K3D&A&|BTY7<k*U&;o;Hxzw%E$^w zCLpl__%D5*#Fwh^7kM%E_)-fg_8(#=Ne? z%1D*|cL|g^%4dc+(?+Ot&s6F#&zP0gh?Uxi_X;qoO|M(1)Npa`7u8U`tw$|P-q=X4 z>gL#Q;>r8tV&!mhhNuS;m$#3?u-6GIqHx#ZVTedCu`cLf&dMPB@q6BLO{CNA?UH}V z?Y>sB)fqnfkqLGF?D#V+#4I*OgmvBpupQOZFxB^Op@ny2GlU^Zq9rPfZF%N(-|vwO z$qHHn#rVz(UVhmJ+}V!UD5-Cu!#p=Rhkf(J*293CMFsBTV!>Hl6RG_Pkx$5_`1#r< zge57s!rhWQO6zspd<5m3(_FN+sZ2khmk)1r1EipDo`%fl($YGx7_SUW;Aee;lU;Wl zXZkWzq&71Q_;pG*m2=&aztr;IB=JrS+E&&?f^wciak)xisaVO-!aB7n89 zmkj+8@+Z0Nl>g-mWF&tJYI*2k1uga~zpFc?%x>li6Vgm8+9W^opHURJxGAnkthl8K^w@Ay)xo0`Sb zUk0YXkCt3=py~O|_8D+Kz*zneeLx^!sOqkF`B1UWS`y1PNSB-dvgjVp7T+5iqQI&-Ux=;Dnu`sSjPt);seQb2eq)2Mvy)!VaXO`s=x8wR0vr z-CwPoB@hT0D(nT&p)QtkL-4H?x=p1DHh7VZKWO`NhHgJd_hM{#{*WgDv1yE}DnERb z{HiHS=4wuw|7qXpZ2E|o;#8qg@54A(OA8!G%Ky%Pov80o?)T%OKY6Rzs8V~15}Hvb zR|h2#hFLJvFbJ7>VP7}4sb5Z8Yo3y-d5&QqeELJ*xJr>=4SEVOI|f)vkzwDG>&i}G z{{*GA-PKrE!oeY{W?Mq{GA+p~qEfeS%cUL#vWSt#b@lQE|1SZ(xyJH}cs~!o`oWqz z*E(DEgyQn4P5B&Kl*3k&fnpxVzoYVN94Vdk^-uqmBUG0*E9>heW!5VQcAD*~Iwt|oO^ zi?@C4$peCr;j2js_x1{d*d`(8n`xf3@X^Y^xVXYR>g9Ma=T(oOV@dj!Kdvt=-mTkT zK&nkkd48*Shu_~ft(s-Tv6at(n72Qz|MhL6S`oWVb!H3npp!Dl|3P?Epz1p=FJHf` zJ*m~j6CN^n^25glt}*!wK7E@{YcPm zn&W=!EfFQqLQhgY89LqdPtyI?(41>fv%LZxJcr&ZUSF$uv~pdUJcwZ>yWrwm;i2^L z64N7=HYT2CC|(&!gO0nKJx(Pu@B5^_ps%Phj&Id&J!6Mi1SKOC8bYkMe?Bl|U5X#? zJWCP|?6|}}jp*n7bM)aNcQ?1!>j9_@$cfqV>Hf8hJAF1m#KDLS1+Glf*3?uwQ**V6 zq9yoO_NadSA|!WM%V4pxi^547aK5a~Jh!e7BIlqCX)kx;ie5ei1~H z;+W|E-56}D6&af-_yLvT5&Y$({cm_f23ZiIkARgXD#@o!&na?Cs)!ob*;O9{ZSuNr zvKX55Pm+I_=0!{Sx<-rNAc>Gx@wUk>UlP^*<#OW) zw63+>7iQ~Ub*Oc3D(&lk>yu_j?ePp5(J4jxk2##jtG7|Knu5BIXt{l(jbLBbm1FPl zTEXJVS>)Xq38B8T(KtUa#&(3vM}zVT_S1O~DYM$KZKgMu9Q|G|Eb(_|v{BoSvit+}dsH2jv;RgzH%ub)>I`fGPB=tM`rfT4GL z6b~#C3e)yYrQO`one=T4<`{4z;IU;l=B3b}#8EbsrTj6Q8!d>Z{|m~p(B2N26u9xQ z_+kJR?+@O#sZ9|fM5D8QD?fa<_u({D$FHI1zm6A$^y_TUqaI$LLl)%KAR^&RYt_P7 zNZVp_L(=*udNJl$NZL|5#}FN{#tZgq2TVB|A(gRRSz^FxD2ImK@m5!FT*$xZG;Dw@ zEY$!j&FC`yr#;*2APym;_YFheOMI zm6g)9)dBN|QoAFY5S*q2^x0TaAMzd>13O_bBJPzK-;$8{u)3~jp2M-)2k{+snN(@g zD-luBsW*RLmss^N`w{PMvpD9Tnqz^52kld_JZDoV-jZTh+2Qi*VJkS&8WWW2^BVw^ z$?UANBNC7xix^aTN0Q1;x!|t(@t%V;zQ2B6$K}bZFYm)Z`nZ0bd_HxuKgfJK-ZU=sRv_<%@t7Oj8L@5p$fk2ADd%w3dt0(8JdQng@_A(ME5 zt?P>@#z>|Qdh?d{IyC7W-lMaj`)9J|Gx)b@p6B65q3jRFl9R}pcaYAk{zAZx_3~~M zrmvUkG3_vaoY0LDri*KqLvDXl5(#~*HZD_ypjfeC*LK&Olvtd%~~WC9hlRWKVV33pM8@HP;y4v8nnpk;aLfwt8_N= z5J2fNz5d+HbQ*iccB_Dci^4OcK{UtUU*m4z%^-=NrH z)_#w?Cv&}KUG@q1oPH(D>72Y|PVoYt0wqvY{QS)s&<7DR;!y{+38`a(w9@g`ZE?4R zG&8D^{uvEb+az6lDq0t;uEaqCcoD-!VXu1L7S+nwuC||DI@ax#$DtXa=Y|v=Ge0B zD@-Qa5uWRQ89{0{WHEI@p($crmm}YzX@OGqVk+$R^jh!a&jh|a&T5+^+Aw)#I_qXS zNQ%>?{6H6LS`3Z?&272>&HXC{mRqL>klXFEZ4btCF!{U^qJ2d*fP33N$Vh%eW5(E7 zLE@Y*tYCH7@ipI&U6c(HWT?&!$tk-SGaBi?UYaMC2(j9LFU#FENnu1OR7hEeeZ72furcA|I*qn{Bl+n2>4v=mD34!&LirMXx)2eTN zWb0;UNCS%Hrx|7IIN7oWXygCw6E8wr9k88zKOM|MrS4av^dT=oqJ^n}dTz6xwO+vH z=dLKdk#O+dwZ?4~3cGHR9pKtpQIw9t(N={pfLdPGVEXrVStuC^6Fg)?ixFi+V9VUm zfxG_00?Z09Ss5r~7#Tt*GD~MUDzNftTHNaBBS($#-C%Y!9Bm?Aw$7@PBoYwoiI>Tl zI1<3P17LxDOq%^m!N9fY*&AXEf-y8RT&8}7;$tpKQI1bV)7+;%5H6LP|Jep#aGqo zMm%gXW;x`Rp=0XK_PWgI$sw8bpwS}{8l=~^ruisJGt70hZJ{=z=thFdW)!FZSSclL zswyzu!;H|9#9B6GwBFk9iWKIB{@Z~e8w-rOp@VV`>SDEnnh}q?1ubEsvmZkTW0#Og zhYoK7oa*7BGGHm7W^A$LxtL=WlF_de+F-I&)sW%$U?3ClAoOd2?X?7in%Y(g2&Ua6$`Yf4_CJhzs=o`N7ionC|M@tlH5Q z=v%7g5*2BDw6QoSJI(je)Pu&6DmqOlO*fn&w%4IYR-+wv6(b|>I|6ylk_Cv98MHW# zR0n#E4G6D?%Ei6u59EZj-a)fq_L_bJ1*;ryi90PMAt!%$8;^J(TZ_@UIKGSvPEH?l zP#O+vKT@=4Yt#B#%e@$hX?9^8`hsF;DI~P**m}Ex>u}$^Xc_NsMYgfL^#*>ibk?L@ z2@UaP932FVh(CQD^-x_dZRz(OWD~SKq#1BA)V+SR^y<4;*Ptb(26QS*?VePM&hVnP(3|J-4*dU zd0kZ`v4JIiRkM+x^B=xf@OJ75z0D+QCi7A_otSQ_^Ek0$M#aZf*%Ql4IG+T1KvaN*e(_M9=p**MdH!c!>_tYr48fifKkv1MyZ?6GoEqnP& zLT;XU3hnT5B#=J3%(zg-cF4J|P-(2OefN90#B9zLN*x#^%BKa98M#4J<`vlJ;jfZq zwa_~MXVzvAU0D47x3gRVV$-M=L1LQR$WK3jAXU3%@~?zRPzUuVz?pibU4_VM+1l?k zhK1U6BJ`b^^8-R( z2NWb;76;d7Zr+})8+lg+b|4!!9aVP-sf%U0xHdyEG#|IQ@l;CJnZ3JGdKICKuA1I& zi0^8*q}kB1rNYB^2^MR=Ws)Xf*4J&`q;B^v#Q4bYH!F*}liaRE<1m(YnJOQxEYBlY z9Hu9VwscBk^8if=uf8-M0;m-=?uHKM*i$B@xRMD9omDccHgWwx?#fFG3?1>gD0h=Y z&G%S69~3Y0-RA@|uW;0Ub~}7ZKX7~77p5;mgxna)n1&IMzV1wDYg=?WcZYx!=CNa6 z1!T8@nLZ}A&N!hiI8P)mIhe$6fI)vdf5_)|5Su{BzOQmWmU)jBLQP2#Y?1uzOi~98x=JwWoD^rXXaL3OG zBffF&fi&MFJOPJa`4rtR#J6dH1fSX*!9&}*v2(7cAA#@1hkuqzJ%pS0?=1Wp^iFt5 z@;M~)04E!B`a)apSX)mVx>GZauxqNa#1Xf3dm-f}|8)uyBiC)8^9QSuS7_G-m>`t( zi|Kn+&9ShVUu-+>RhACE zXqLl+9ih&D1Tf}JFWVI&=st$x2+|6pN-_Hj*z^3{Mb*+1z({o$F^;gt9>&xnQ`t49Q0c-Dm z1nk^!v4lb_u3wKd&7M7pH}UYY6+X{^Hii?09@dFjb^&({0bke0S@lHAHucIJuaUJJ%Lr^eQO|1s2J@aKa)0*?B>{#<#kUY)-1cH61zzm+YYZKDU z_yxP#svX^o-EP-+Xxn!?ecH@;wfS^pkfuOXDcD{7RhumBW|7H7R7e3u6Gw=d)NUeg3Y$5 zy0o*@&&{sVb03}s=N!0utC7hOmYh+5J${I_%U10BH`%es7jsH=H;8W7xSvr~uE}oU zW5XioQ~{5#5Ix&m#1+13FyOAZ{hD;6bBG&K{q~^y^ojs}rW_XsssNjuVKegcxKUa) zRo`I5L=fe*->tSg@e~LIEzM$vEa z26zyPaFvB6fpO3ZO#W)!C#Pz~gW9&BxQLl~DCmbWi0KcgRV1LW&S zZb<3h5EsV`PBdVrU|pX_VN6^Y;9sLZC#dPH`b7$}fqj zG<^>-$5M@eJ1W*JPzh&i?`UsnUjumT?{b;?jKYJPdZuacYonQuRq;C$4*bof(=fHt z%wF~U%BYmyYBVk$Nrr7KaT&lxtVegeOMR$RhDrEq55zu$T_S4!=c};E2gfHmiTMcq z2qxg+LCVelHqlD9Is6E~wHl~-!O$pfp!fm+XVV_j?Hy)!Oc&PxZbPNSUCG9d9OmKg z-%G$=tgh^>O}_?#Cezx5gW28Bai_x1c8SpziH-og%>@^Kqg$3BaKg`<@~+X0>-d=; zjYS~Jr|BpAtt`!{2!!JH79X@T&zkBVJWK6imH4Oq%&;V~hm`4>6DQ$!) zf!r$U^X7{=J3Z5Q4?Xuj%sgXItiTH;-VY;t?qN*;tncE5{ePq{t*A2qLJ)Ob+PwfC zl5^@WlBb*ZF`#6N-&cp*y@%9;AL4|Ysr0LyEz6OU;UP{R#0gFHd2RZfVMtzD@OU)N zv;#AX;tj?ZoY|-dsKPe@6aU2FwaPhq`;&)32eVYs zDi6=l|HxL+5W!U03&}(eU0M0Dz?j?P@72;*UzG~+$ZQ$XP>kr4!g+y0cuXO(X zkLMr)g$zFg`G?W60;>nzpP*G6g{>V9Pa#c0WiIRT87H;7h&JG{s1UtIl@7*N>Kh)C# z?NMOtvFNdK2AUfY>bZ40tDX??M~ah_eb4r(WZ_iC!Hm3a$R~{I>>tScC8x5x^MM%I zZzuN~hM2A*MdU0a(7z*O9Q+cA_z_JXg*LXRzKwjeA9>S=ks*dYsvKKj{Y(Mm`abu? z@$xN^M(>VViHju^xtg~Tu+?BuGFT~lscihWuW_|=KXj@oyYxM|LqI?#Z(dSY;9R&= z1NfB9`2QTNBMfUn9P(C=4u)**_T~15>Ngo2h}(cZ=+sf-1Q4?IwJp9XOT>zrs%hsA zHWvi{R=Tt5?SpgIbw!Y_sR|f*ST3(a;5_#oeI`QF3W`NV!M-i@J9nD?owqzXr1~d{ zUhc*RDLx9RgM<&u8S9a?WW-O`fUnXJCUE{>0(m$rD_YwPXgBLW$`lELO-w{v?rDm$_*M^U_Za zINR=%6MnhHR|utWm<065!0?+45OT~N0uF-+;*b942tZ~C0A?sW3fKpMk6@@AHyRLY zo@3bMX^OBAxX#l*HxTC(7w0MAwEq>4@6 z<||ZaOe$F>uqxd%yP09KPCsvvS!+}v5v{e*ZhY_r-lpTKRP}%R?AYe3*ulHhS-2#aX|Dh!(ghzNnE=$vB zf@5$TtOv*S?;?eEOkd!muB31Xjs%hy+Q4f(@rSffl65ZdI0u+PgHLP}>)Vh74v_{K zk-~MXb+A6?ivHW%bo@B3(cTQ=lrY*&pXX064)h%Pe7~cCNS^$&Kc6MM`Po)h$Z?ddI?}dAen;Sg7`~)${K!j?>^@&dE$XC7GTR6Pq#y z@>Ai4XtgXt7{1}&Ls$D-yokUa!{G%W;=g!xDW#d}D>tE;OSL9c3^XXSKnmauyOq0J18g`HTP`Quy0HwC<(ST&+FE825`-=Mxj-#sc)ryx=?P@<`1 zbh}Bgbyq}L#NAhsr+!%>9(Nb z`IXpn8{AYrRnbh@DQuAGO^cuz=}Z$C#xT8BbBE$SUt%fOsjLhA5Hc~dRDKM@p3%_| z@q{qa-^`KNpIiNhYgfgt-;U=4C3Gyck)|gBZ)`g2oips1O0#Sd_2z&nYf){mIqbV; z#Uqkm3)&^9$xVbb{)v_7D|9lA`mdSQK1Q~`TPjq$2l$0DQ>HO71(05TwF)RE!reZh z2ra_GELB7)=Qp5+`ULBprbOpsI9N&lhPpR^V zNDu#S0_XsbV7{En{YSJ$JtYI_!(A!NH=q2Ak=<*{3HXaE9|k=(JG$~`VTb`V;nyhX z%8hm8@N>DpjzcsR4;C;#_&KBSHCMZMd6K>3*VP4`T1QE{{L!YMvD*RSak?gp zL6)4~&Fhy%C~xsL@2gr@OPiDGQ+Jf;$B~xLf07hNwv{_rhck=$dpk&WjpF2}8>m7= zBQBfQ6Lc_%IZC>2ipc|i>}1@%a(Y1#3{`Wcm4>yj%| zCfuzEAW^1m=%R6Iqse80Z9RhT=-KY$Ftps;7S|zJp4}GZABtiIEZJ}No7y+vYd&Ik zb~gizq<18Z(BRB`6R}~yuFQWT+We?WV!bxEzl8eYr(hZ(c@RWY$nozwXdUcU)#C%T zQYkEh;y!9!1M2Yr0)h4VmPzS*qn_9&3bYb9tp(mlvX-J6$EIS;|4#^jN43MFnaBAn zFEpGfM4Azl4Hm@?UknkP|(kDcssYPKvQiZ#=UJys0;xSnf*KAQ*aygptXWvm%pNrpF@ zAT{AD6*D9|=ImwYtK~SSBT2WJHd#C^73C~B;9(`SZa%O3(YP$gX+BRkxH@K#ZZ`gA zx|57}#lkshEp4med21=TXX*KzmWqs)?apCV#g9y5L4IWx8S>CukX>>VMvAxd*L+ZX#nl{W#%+R6rzf9tYMDuZ86H&O2wtY^Hnn`>;frIw8(IYSZ9u&5|bgx2D2Ev#w> zKlQd;Jby}P6pdyn>v{iDje)Z0rwJQo`CFWWvk4h*`O&cXD1=SqXQOAC8+!^(VRqW+ zo4CQ$0%l%2UUE7pNDs)&KB>qZykjMcGL<@&6yLQyOWq^G!GUDJ0P;?9|$iuIL)S%kQtn zdnMNsjsq;74Vv6EgG0J1`{su)kX;>w-f?~+4oB{zyGzTq8x6np?mu=yE1}?; z+Tk$d}skH1h?FFYA%henXUX04SYcXDW<>Nz&$nSl!-%*WB2(G;_fFLO}MB5O^R zO|5D)O033b%!kd=DQ>0(kcu4Agpl4GKj*ratDabyFSD<8taOY@=b8vi zx-}Re9RR0g%Y|#??}n`xOQ`xoQ%yNrS}aF=-%MnVBi|@mb|O!zsD@k@4`rb={KBfc zQCS_$>?2pJ<@agaMBfX;KhGOxFPO|4^5lyQfxF!F7V6Hi!rh=vHC3fE9I(gHl|Qy1 zaI4Nb?`Bx1k!Dl&Wx%U+DJRlR9S5b_PW2&yE9=?&U0ueUx=pn;VNe?Kxf;<-${=Wt zq7JL{bogv~J#Y9;I>a)hld(JSSrUlpaJNRSJmXADvnZWLIa}Z-b{I=G-8^QV+vQHx zc&fAc$9r6PI}1L%Qs?%iEZp*#3Ht3kH?@d-gs%0Pf8fy^O`&TB;nh>3j&~7gtx%Aw zZq0t~>3h?}7MQe{IU6G&yR@g7(sNCia&64VQ>86l`BfU9jCB}TcNb(5-eXef^?LrJ zc@FyN^?0{`?DBWL5BB~{R@UnIe%&vt>2-TPefW92E#K&V?_c;4{+bPz?#h!(?)7x} z-n2TCK0DJwo2I>Y^3~A{qj;>;^*9leFCNYM89ndQxbzQpV|Hirjj78LP&;@h9iwzeQK%gAa!|TiE+uY+MEcslQfp@OQbi6jYWH(Y%O- zo`)w@bmZGVF6ck$xN7C7uE9k%$C-LMoa@Z4C-wD* zdogiA73P9v6wPT=7$#?uEsFjv=u$d40%wFd0_G6xO34QdRUG}8d)hKlLshKDI?QVK z{0fd8!m^q6q*^Dnblp31R!l{;ZNQ6El;BikuskEy%DO@z(79|ltHLKF;k>l6f~pY=?m8HVvP%JwZvv4YFcf0``jteeu3 zp!Ko!uSF4!W$C0G1=y?F@_>Esj1sry)u&-34ufCXb^h=W4c+DKpf&(dYbYJgjVEOX zMTCVGt{BajdkLOGa#7p&)^&Ls43c$^F^3$T(Oi4FRESU>!e2mOHr8>%M)H+eof3YfS*3Wku7mHj6u?&HXG zBeVG&jfW-5aX9c@X>?n6Ju5>h>4Y~6qcR0o6HmZwLD_JV0fT)MfW8Aid?`E?F<7%Z z7UjCc->L9Zbt#Cqgnb$R%^rkUpwkG3$Ni8RLOo;bmKT3z8xjYL8KQ)9GI#O&$Sxza zfT!=XjHFjo43{ho)io7|FubY))s>sJz7c};GD$~CXB5G|Ijn4=n03$7BPO2BiKKjNwr zEiz-6euOXif4*;izCYBspL1)!Z|{$df8J1L(M^BOY#a3&zRcXnMw@@O^lxtJzGA;h zKMr%g%*>2`@4c?go%vqGbv6pIpft4MkJO-rt$dy#ADlIQO^4ynox3%HuXqB<#P2Tv z=#flxN{;YqQ3`D}suX90XlI4m44%Qxlv%_RlB*AHRoKXM+BBi>gmQ@N{ui^!9%GSF zCcO|D@X)@l(w8=&GNuMCMdGo7e2>2}hOT^f*@Xu+d!AEgr(;wUvHy##LiaWJ14dW} zj0NZI)EccnYioD&M)uwvp~U0l!nk+UxXU)_V*VEJOPoSb{(4q?@1T@}OCQ#y_q|?Z z00Oi~=+a40#R1cm!A0U_l_JcD+02aEl)144$O?FymVi?2mGU`mzc`KsjSNX}j`5x7 z>*7oYVV5h9`a*UDd!|mbpZw#6Equqb}Ss1`!s$;kw1=M}s+;ECcV*mDqv8tsl># zJZG9(8#s!xr_h#=W8)fiI_E5~7Iq>7{&tkl!<4ncAIeXbb%*$}hCYNGHwBOU?~$>B z!#j}(u6`+nFbCbh%t`_3jcu>}BL0y67qwO$BEJFS&rsYq%_I#9FEoj3JPOvpdh6bm*Mu{3J z1G(H1o6?NQ5p)pP4v6d6t#7splM<0yi9*!-u-gt0gJ%n(sRH^pKv6v;n`RA(b2hTv zAf26eX}{<}CRN8;U@+VmKGA4Ph(ihIo#2<_o7rsuHp6)4VE^x^f$a&Y%7l+APqDVtygFibT(qnX^!N}_j{~Q5aHWFdnSNF;DmfO@vk$MJHX^iK`LX|KMA{t zPyI9-X_$QW^ym3t{KEWYFf^nN_GNKsi`zAP8&a{8+h(_)(s8-Oo732!T~2_+KLh)` zVN^d3v)Y+9J?3w4UN@OYiBzAT&y(@JM&E=zzmA&x;4dAFOKc;N^v%a#<{6_FGDB*CV?=Cza>Pm(4ki*B)xQ&E zHT8od)X_}4J8UaTN9PM4&Yu}ixM9$bP+!;+LHKydZqnDQmpLXwX1j963&?zPz%eson)GAH~ zzT|BkDVRSKyN>^+ZO~6iDDjs*S zB~h(PHOG}t2#7mIg5xw{SYNF|!AX@R+!f~e{+<$kJsZ(B68{vL&#K#0D&(X2r+61E znSd>??8)>c;q(Qc_2Lf5x*Y{ttUv1B*~+e`z?WMsiiH@lf|Hp(EB|4(O zMN1Y_G-TYQg+0iGRB{MvOA=C=aD>2`7;cR;$|f;o4QB-1QA+<#{XeAIW4yAXx;j;Q z+9*Ho!y5EI$+TI1$Ww9izw`SXY72S?8qOdD*Z>=>L0C1&RUV8f$fVZUH0qhgVg*UO zM7SqE`&9tD)N~9o2Rk#&5njlnu`XQyrK_Nd**IR32pA((#k;3-%bup9XP%{qm*lX9V&CX)O`5J8=@E^xi3Lk<_O{B%&u7 z|3EzC6L$R=Z&EqxftS8#xlD6f%H9MIU;PjHJqnc_5?9g*?b{EFB89qBF%*;cO7-XWWNs$H#&6?lB_WP#Do*BP z)^Dm5bs>Zzp_@{#ks~0}8)?#Heez2oSdHM=nJx|7`1T`~1+?-rX=K{;$(g~09lkIU z>S?cIi^@hnVXzhrizm!Is%vA7#>oz54xHJUzVqjbBBZ2c{gT|oGe{Y0$FdoKu{~WN z>EST0Oig{38)@5ot^v&N<(Fvy2E(!WOP5iv^$vtHAJ`ZOGw}`^eko-MC&+(0Tvd%a z#Y(*kXQg8?8G%}yOkRrm|9T9FT_13F?_)RSchH`k=x~+#C)ypp%x;6mu;HBas)|IS z1m|(otT^UN^;)%+AX-je-Y1FKJK*SuedgR#vSjL_SONwaaX$9W3asG`lz2es8==D%+V)1XX8$S6gSNP@|0 z>-+hfUxWz)%qo?T&FwNLCpc{Bvn+R8rW`QsoyLQmjNXfdt~CN87*uZB0%<*I7 zA2?fnZ`=Zrc+HW4b(s+c$FJ@nip6$}n;iwozw@u=wlCpN2z9I^>)!{--(D_Cnh2H> zkq_-bbCy`FD#8mZ65r)($73rmU%dha?Ims zO&2&=lq&wMe!KUk_~SGl{>GCM66(efL1rkm2vq`*_(ySgg@;f}wMOWRrYY;5ew#p) z@qC3LSdNFyWss+<3mD6@OpT!D%YE&YqblI-EC*Ax8Q`q5IOOE=r+Ao>Vd94j^tf0% z9$K97f>LkOdq?PGGlj5cuKVamgt;Y9(&03akv=bZs%- zvl@JRqV&-clbo!?L9YAyUj@6WT_58JWd z57HI(E8%HfZ{2R@Q_a91ppJF{GzJDH$`sn$Yn+HLkpCnrrIZ(5D-vr0sMprwMNP>ZsC zErH{Q)H4g|F|C|Qb;XNRi&L55+PhjFafmd=pc5h!bUZr$oDU~d+!t%xYuGy#)I?dk zFFVCy(u<+&5mRWo1F7G#iT#3}!0u*Ob2Su01cy5BQpCfP&9#ST_0OR{`~PyGGw}7o zLRaY~Qqjd^j!%PFt58!x_Y zrPKq&#+s%(xv{&KTQvBb1veo6Wp*>-Izsv}^GvZ2O_M~cH6=mZEKu~Ec}h$1@=+Oz z1Z2Y%vlpHE((6dtRBoD5s&hNCx(6aZ3*q%QX@1g*wP(`*mgZ=MY^SZiB$nr4q55nk zU^X|TKc-H?GZ`EUtz~zGeHzA>#-+`Y5%(XwIoh;?lRD`j0#uXnr<6>pTM13q-` z`+l%VxC^Ep^f+SmfUFu_P7k(WMjx&OZLh1StA%x=Lcg9oLGCD21PSlB@yd-Dj6ngT zN{H^))FxP6>H$}^H4B!cM1o7$bNvb;83(M~XUT=?z&u2Nf}8IM+z`TLv1{IRgum(R zY8YIb4$phox%TW_e?}HTAhXd^j9#UPJXfDp>>RG;X`%Q>#|95mu=<7~k*H3t@*7mL zC9W%43*A<}a!q3)IjW4rBhN!U;8B}r(ZZ|I*o+YQE{X@=6%kfQql?X6BQ#U%#KjXa z2vd6`VZl`vcu`{!sm-h!#YEekrYP0mXm#&=>wG5fE9|!NA@LPj$zGqsr7+mbueV&D zB8X|)!IMF$0H#p=?H;Qh5_N)x;;;uAUBdZ~7Uv$aMe8vj(B{!JV$xQzm7|TL#bB<@ zhi)Kd>-t(hSn^>%tv+DD;4(~4W0iqoQDQaC8CEXS8FrIQ$7q4|zr%NgbBuU_xg4g! z${XU9c9<(p=2DXtE)GV5Dl*N?3!bzv*roD<_w-oi+wXoG%vuH@_<3eWbYjZlbmk~3 zY6%C$8)$#hvI;?9soOk{{upp`oDq;2U)l|RM+&AVo5Y&<9ZOr%|bPE?&D zc$f=%hZ3WGQLLwZRTqZ*nIBX;&Y|cPNxf3HU0k|yFWCAFNJ^!C4105xiXQN6!#;cn z_hqVTyWLU#TLONadrP()2YBlJdDQxu)E0DfE30Udo@3_>;@oK#a}~riDT43J`1Ox} zgN-0MNQmr67ljDHH<|_1^ z6+j_35-GdQLP&ADu0exFn?L~hj;c4YJ*Oee^I#xSWw`G`PI^<^wKZrmI2 zGZ;3aZsnrqmE7P8_I+g%5xeIYTkPVjSP30eKib=(wsS_Wp+#@Yg-Tm&t8aosX#!*A ziYi253G(U{h$sloYd)qOCPC4nEiBeoSrE!WxM95B}MMsxSg(Th?O~Db82P{^` zoFToi=OhJ|L&bm?GRy>=OP1}+B4}(8HnQe54kHjuyLf`p`(yP%5KN0K0%8~xc!mCFM;PM5c2sjeu3z-}=2`;W-tP-WDA}*pc zO_E`UH;K+Gh(hh9L6^j%gw_aAR}(9}glz43#ud>@fo+#3g8PM#7$cc;weL!2BXL?1 ztg=rnQ6~vq^^5iNs*l$LXS`7bFAiNaN?`qu2gG6f=;k?N7|n)_uC&C|UszJF*Q(54 z{{rjo9BMu{mh+F=9>kGIHE1haCx2F3u1=k41xD^yhrx*z@%AQ*JILgsD#tQ(LPw*O zD5COV7%~(lQzYdNgC%vXscJ=%r37_gGGh;>G>L>vnWCSA2_gNH`?d6A+h}M<*v!0j zPC5fpin$3VNthPCv^>x8=-SBKkzl`LBuuPANDgw{^FgM?%e*)m>SaN`)tR>_)pXoOxJ1_7 z`YyiU-#5E9R9}Wl@#!BG8eoAB)hNw<8+^P=36O&pMjHe`Nq$Zz5g?o-WKkGj)BB@SJX z@bS^?QS5euLW6Ov5$rdELOJCWPVTE~xHmGGCQxw)D;Sej(QhB)qRRreo;9!a0MBH4 zUh}v9*S*TW3+Aq>%i#ro>mgU`hzM@)MD;*9iy+h6-adm#Ma^|gPLGGqPh^tXen`wsNtH$ndFm?MAl zI@Te7`waBLH$(pL?eCI*egymF-rgX8cbCe%zWjF$+vfK&jLAT+-2W|*e|pUl>w*6K zZfY-qTRPMV4C!rgzAxG>ak2plR#)vu&b zp+IHHWN-O#9#2YT2)wVmdC9_z>-UbupB&60wpS z0<^5&vy&N=qoJj(E9)Jd78r}!Z(x5~*_xap(@jbWS_>xeiy`DhvW}Kl*3$nxg+0Q!5Y%!5W1?FDcSId)hJ3dO`yE5SYDMzc8#yoWBAMv0>a?g$E z)(=fOGZdY~HH|leFY?;^@T5t6P$|B0Jy*{fGw;x)$RIO0J^kxLK3)j<%I zCN6!bEz!#yIB?_4A~iP%aTT_?YKsHAyznLaz!b|maA_a!O^(V*%q7!xD;N7$T-ls( z{f~XmVF9U!g;NISDI1>k-hJ(7K9VP{>c_IORZf?^y5xJ&2Yp?fa-A`*V{Ndg*a|g-mQ67t_Px9`W>A!aM3h# z{bP8gQ}9>6WE>VUheC3xc%7cVd;1Hr_;lMk?{q!sBWoxA$CQ%dq!uVqX;Tf%QvfdQ za8DTX{we50^uNg=rh*PqWIy1CEJxpO2YZRmU+TE>pHgWi-yXo}GF_w4xmZQx_dg?%MQFnNKZgK{;s zAjFnU6bk}UUUEF&P#w97cK_q@q^^loqe_a1%2<|!+J*Zp$C|}1xa5~ML5r|W>@lFu z63jOCxZ#J1Jy2DgTfYPhbxe={uxS8JZzCglLj8kf@5yO1s=-)Htms$;Yn=PN)AQa zFM@aJfe>1>59ENqVZjo;>M>hiCQU%Lyi^B-J{Gi+@s?@%>MvTR!8pfR%Lls{IZHl5 zvib)I1f+9;>{9AzG-`)LM()Vdw?63&A4KB9Nz@Mk`Q`BuQL*R8Z2mO7+M$of&dYB) zOs-&Yar(8}Aq8vS^A#rvnu=~`ZXWx$=K1Xlj1S_ulQk)m1ByWik@Z;{u2s2RU2O9A zEq+`5O}aWh&AUjsY>kt&7|{%5Gu41wZEfu$H{ zOS3DH>H!B@-SuoE0E@q)W$)EZn3jr9`7OkJW*!))W=7 zTQy@cX_Io(I8QBG4PNLuVuZui{TphROjAIqyfhK&0H-`~$MVvFkVMl_w^~|Wlo@y^BH*7&u7Zzw>a{!nH(+L?!`Ut!2L3md# zAERry9ClX$e#0^5jdZKv7a*w~nM( zd9@=r)w9YR_@z%X%bM~^y^^zg|6)1(@!Ejg8SBlQLi0);!ZRd}^gDnrUKOG||4Av) zyq{Cx_CQoaugPuHHlKnGbc9Mu4ajb1!4L|`L|kfm>IPQfEi3r>G+Kv!TP>TA<-F4~ zea#H>cd2XXd&>R<5Lars?uDmX~xdG>~*hnuyoRyfs!7%)BU=m^g9yU4THi@hjsEiSdmq4ASI zsfLoVCsW;7BDiCJX9y~rlQ0%$P4ib?A zPuA8t`VZavhRC8on--d-7Jp0GQwae!yp?xf;RTf3POK1PN(V4(z%htcA6N>Sn^NSh56u(GwC48K&39|Xqn@<#T1UhO*nuE@p41O zAUfA|kAT+Vq^>_XT{0P0c9Kqd%6}4Y^q=d9lH#=2U{%l@q_{mxkI!pbvqE9 zzkB6FAzQ**K_k6I6to2&pRz0W?{!$-K!L{vDemtt|6VGOl-d=`u0`fmhSx=HvzuOk z`r1TTA{6jQngmiu+)`F-M$-6~_OZ-_q6jA~4k7mG5TaC6MizRxJ;yX)Ob{!MQQuSC zGlMU*61)gnq&$^8=M!-b-V*04d>;)-Lk2oN$K$OttY1A4)BKF+ z%;52co+H!jk;di$X{GjYGhfpZz@=B4f9?A{wPxafam;U)itOa9roxtg+4=aqlNZAa z`xhJFrrJ6g9!VsER^rfOvkAgK)@{fVq6VAo>1AJF=OEG2YaEi%2}@X8qaV`e&wFXl z8#TM+3B*(03;J9JZ7;dweFn@e)|9YiL|I2_K2e~VJ?d6cR23p=)c2(zFf1Ee85kxU z|HMuK)Ppo<7rkkkT|cthEz(`fnzNR27E*+O7)!F&m2jYR9m;oS)PIw++#F+aC|8sbgOtySk{-c%#DNf^HqbHD>g`Wr z7&$I=78lWp99`<7j^ASfc%4SWk&+JHZeI=N9rK{7N!*&W>g$JblFPF@L!HoZZx$g* zOrzwkJa-v0Nk(tJCVXD6eAIN&v*@YG+0pUoyxZURka`~mD*m`>@0c8Ot2)R}+ZAsk zDZ|^d=Drg>du>ob(w{M!lGbFjg4USYjfgGW=dHa^8&=%FnO}R`t(Ik=xDdHv6q#gg z>1^*y!YM}_Ki>~MWQ{rxSjvul9MQrW0)P2?P-?i~}L}mx!b!E;aNagXBcuy}q7wKQG_VMFM3G zP1JMKKu5Dai9)T@uZ|6)eIJ-pH|I)Ao<-V6ATr3hUV`m8I-8ktrY{kIT3QgWR!_Ai z6_aMAC)|LMnTrQIac4)-<+W2Age4iC6$y%L7-}wl6fB^L`968^xTBO_sN!tTpDn2% z7q+G>NG`s`Na8|0-@v>^)I?|2{|J{Ek;u<4NQEadX}v!IZIT z_=hHTmIq^>?##n%r1Q|5%n+Gh(Z4aV8m$Ew z>2!HU$%NdBRY5^;*&HE}N+ghm2|`|#6Z47^pjxiBoPB)}d7f2<=bx^Deb8d4(U2r+NaSpR!l8T6CkQi9b{!SwvNhOLIf3UBF zvR~{XUVn7OYB*>(R0>Z`;b1-(Jx>=p9@1Obr<@9pQ{?ibjBfoI(*_&U`Xh!7KV2LP zu)GR$+xO(`dv2GqL$2v*Fc~zXPlaPb#;sO2w)@1RUvZyFEz>}qJokYsDVz;K@+43W zI^uw&!;-FnZPbuQrXe$XV+ADfd~6MmJ{lFu!%gP?3ie`QuYii^CvZ^w$~Q=iNIhhK zAAjOptizf(puPfMm#HWFv7ND!Jh`HfBv6)ekJ17!bWXVfFQl(*bX5VV{agPA*XBHt z!X}qKI_1e~-WRh28L#jUcrsBxscj+`5Zou|?@J0*{)JWiT&`ibTbh;<f2g5;Z@KdqY|8WgIG~pN5ijPT z{aqEm=4Lb`=0y%!Jf~7uBxFZVKY5Z5j;!U$U-Qtz6a0lUMHqjIW(A+Q#XbZ2eCPuF zZw~zxtMr0`q{B%dM=1WR0@@*uj&W2IbHmFJRRE{Seifc`1AnT9SnAJ7RcH~hE_>bD zYBj^|@phrP*L!m}D+I*`N@3z6*0#2$2_)WGf~eJItyUbU0&#s&?F7EqnL`BI#!p^h z8X5oLvZm6etxeIH@fdfQQSL#<3~hBC1#0HBD| zW|-c%Y{*BD5Hht;6>0R8(yT<9@eDuzyHzQ#ey9o)(N>7xWj7eI?Y=RRrTmY!1uDGp z8^1h`T)(16JzIYsblko?T$Tj({&4oVK>il;2EWqg66PPt8!*KvWF|l|C?bq|ODmRZ zUr^XOz6fQam@tEh;RcDNwy)l9)BN^ePfvT+88#uwOh*S!{dm*(!1v(}F|jBNYs``5 zA{qF;cwcgqO@k@@I#$ctyqH(;3&OAgl`DB4SUW{ZDvzKBmcS<1X|zTcGc%SQ`QBJ? zTWU0;m-#>6w$0N1YncTvJ(j&#@r&iN49ac68u`BXAqmRu!RpT<*BE%8k?BLs8=c|PVFcv2+uciws8QXRouAYNp-yqQv|DZ@#JUN>`@5V0 zrrg1S#iDx6+&u5hf3ihJ!(TaPW50udqsI&$%a#A)omBN*GLHIrt)Qe!IDzgn7e+h`#Qny>14koljpOrhj@&t;6jepT%W0*X-Rx-zg@_40TBrnX^~H` z4#dEw?WW~$ih5U_Dy#sHsr>ITDnN&h-rA@AePT-%UG>I>7uIUdHfuf*&2fwwFL?`> z+Vz3;r;?d_c5;5NU9vK~>l9W1s@`ZVF9qby;QZ#5Y?Wj>b;Tv@(aEqGU4rm`xo~OB??M)BAhIcA7{tV&dNdW!AIqrpcM7Ueaw{u zw4*QSCGf3c7MjX*Y3i{rjGCqxeJ1mZU+7>A)1e&z=q5r)1Xu=>6r%o@ z*N|&&vJ~S4ic{^z zdbQ?QxCtN-*8Jlt@kxNKwn_|{{hSKYiB!Qs+TFLZegzPKTsGAN#$ML6y_!JVPcK## z64c6JY6bD`o;ITIsXALds=Eei@^}gxN&NJadD>m|gL)XfIl_spa3&-Oub#Q;k(hbi z*MP{nyGg&f;;B<$XLv92$x~iucsU&7N5o4U+W792N*uztZoV>M^Kzhci;aTc%bQFh ziscl0c}J!9q9U<6{UA9q+TzdACrc)daZzo8+gbw=Bz0LKP$eR9c3?kR4k$pG12Q@> z@fJ${^r{rAku{bsmi(Ghtb>c?xy)5b#gJx`hVejXi2POfITq8^TH!G4OoQRZ z-NKkm<%;AqoR3ib4A=#GMH@!4tMd7tS&w(*n)goJZAvPXFA}r=s?G*Z4~He0@v_J} zW)by3m)%ZX0J2!suPlC$!?{lYXXlw{$=wE~X+zpY!%913=Bye?nsN-@r9O{QnwG(#jZ6s zaS6UP?=dT_Rprm?E+{zI@&u2f7q&utvz<_g7MquD7Ds9CiVtTAxDP)pqoU8dEx2V}S5Ta&6#^r< zaf^ZcqGdNvw*mTBz$Qp3oiH_=ju^2_kjhx0AMYnt8tRI1@prgm@BE*yK!HfgRH zh<&OGi5A;(G+4=Tjxkm#@6;77X_ArJnYpr=;_sKj)mr|<$N48aPN1~P+nVP=+gzJK z)DbN%w>$l4#e6euBhu*J&aD=r7!&S>5YD+4BrCNc_qYAFu`E1FmW!V?1XU4CPiUkf z>{Vn;zdlho^Jrd^@ipUdT>7$ zFn=!sQ4&_x86x!q+1r2Ib%+q3_F0TS1`ERKMdz{OKadPls>xd7BP~wa#6yLpf)HFe zNL!g^Ggmm-g16tt*JXzKADxEO8)5!X4kyb9`t-&tG%pa^T4_2pa*RmOsHZ*p11y-J zAST}YZPc;HyQjejfk7Z_+y(_Y0wScyt@}3BFTn*ChX7I|z@9F^|K2R;;nG7JKdyEtSB8YpQ`pPd%tO z3pY52%bc20#o7(tdhJC@qTRSf8#G4N3Ito0XQ}rG=BeD1j(N&znk)fJyI}JwdI+#5 zP20Q+6&+(T{AGHGuO#1DG4gd6saC?`J&)|1U6Y}qntd}7b@sxfYp&;Ca7H2&RCCHE zb1M4_K%D^~7JrIBN$m&lRmz-U947-u$;`8z zi=U(a9-wWU)-A@8rcQrB)a<M`sNF1_OdmeMq}!y$H~6c%x*3RbG>BF z`BuRm2df2nz4=5n28vb~hVg}4#OkP&SECVGJY;-2eqKYip8v`?zdM$TKnMs3P`1cD zchkN~!wjv@Mlu>W3YLa|?<_Gqf$azgba6a9kMt8Q$vI!F$FO3LK6NcqP@^aN~BaLo40)h1}LeT|Hu=g7x*q2+*?;HliqJr@yx`2X^wE z-a^I�M~n0k2Xuqls!trhe=EH9eK7oqQCbCEug~^7mxt>`mefUE+4to2jCz>6|_* z72rP!-H~;rO0I#OU`e7E{!yiYss;1CgF#If?_2lc9@y-ROjbKu9Fx+=SJ_tE)D}M99Rn6E5%_xNFPJ&b_3spBTU+^II!Sq z0v8S{3g?M?TzV0B?{ZvP&OsCbO2K4{kH-~ypVmKMpMJKD*u!|KajHlRKOl)sJ=kIIHglp`q1)Npa5`p+G{;Y z#{-MrFyg_bSGn519oJ1I6Sh@pNTFVh`^>U7AQ`kf7PRV!@((StS2(dvhb3S!wwaXg z2aimG7}~%Xk4=p(O2VwGif;_YHl4t@4CvH3q_08cp4PqcT%O&N!_IE}*z6OiRjy54 z&o714A>9mVZ2IWU)p0k=zut?v@2tjD{yN-lyiA!7@A$YwCfN4mwZ$GPCJB6-Jy3)K zR9!rNyA>bVm}FOQTWSAwNM@ikYg+-apR!j`C~^@gYpM85zjSLBO00qZWw@nVM2!Ot zjGIfR<<&Ys)LiG#L>F-gZyWWJ))`2PlUduq=hfcDLf_djfPP*TgZ}5KWJ3}(88$25 zSm{fxF1}&j6-gpFR3S&&D2eg5fMygjZ&kxyEs1mjRT$prLB@_%J>R`m2b2 zDrXH3wjlR{=x{=h|NEVqR&(`iZOyZq+%P&Tr$TD_Yo?)E`Op0pT;7qoGwg643_$RG z&;y&Qw0ux2@N&-6O#n%yoXq#6l zdY9J}zb;&lFr<0P3szj3jjlizZ*ByA-U22+xbk3x$&y0&bFX;PBK$wg*;uZR*jxI+ z6LuU=!JvEAQXE1RMi%GTSO_#2lWbNiHclN_ydSC?6@59#7R2{bQKDtu$&+;x`WY#4vi^OqPa;%! zgC2|`dq?;h-5YW*`A)dmaok5+p^!9*MD%~0M5Q-T@;$#EhO zKGAZ@X(o*%UN1TQlU7w+WqJiwc8#<9i`voY`l&jg=d>o3Zd!!5b_^EQL&0w?3N-)ZH1MgTv01rfpje;bgKOkx{+_FwP z7FBU<_=>-)%(Z%C3DVmILkxxRl-m+@Zm{cQGpE@9_@82vaF0vMbfI`)V@>RsOadY` z#q$~t^)E?gQAWy^C~l&B4VV7HN>B59@Q>GatfEVm_P^TCl|Pgur(OsOkf>1!DHjw4Z+>yyasLgoPx$l$joiQTr_@0MTXkSQBW7DK2`CWD8(nQz; zRK35saV64Xds<8{0;N6<_lwojEJ`YVwfjJ)%w)#>+kO!!G?8Ld$L+|Df$p>J^-GQB zOf&lIq;p&bmDV|XTxFxTe9iBYup8s0P6;_%)0ptR?u@(-(DKncHB7;vSi&!$r9%#B z^uv$>UqHamN+HfSeBg3K~7FSahxB9%-b$v-J zVq*Io>bJFV3NmE%)>+K>@bR5FoiBG$4i8E1ErJ$;m0&>wB5c3F3HN?a-{SZxvozzM z4L#;%yfyvoXrd$bU9%NLPNJ&pqt)*=59c!#2MVL^+j^LS ze*eQjG`)eek-x`u5x{%h!vBOQ0!PkicG+~&f`Tdq)-8~+y(E&7LYwli!P)DZCRxG1 z=KDB$K9~x5@B5}3IBEq9n)5^IeFETZL=eV$A#k_Dz3XZq;gO>adYm^7)wL~e4{P}b*?#q#o zh113X{YEEG5g%rZxg9YAl+c79O5v zc8BY1SU!lXm97XvF0n$44y*gfxbI%wS2v=D48cu!9bYr%z`lDKbWU1t%j(I6)WMCj zu$+@zRU>_G+!bFC@}%{5kg@R?NsRwz$N`iDP0cb;iM<8U@a|5qkiDg0`RjcD9$^E6 z5pXjwcWJZj5Itu&(2Vl=nx);!->KGNr$+uYMtBg$+p=+XuXDNG$^EpAB{*WH zc_#WzH~?eb;MCxa_OR2-@cavJcpnQ-bT|2R=d$k2iqAC#KKy6>9EBY; z4I;D+>M;O*{YrAnEgM?B$%@5wsrd}=NwWR769GW};4P&?ScIDm_Q0$A5T0h|l~%0_ z!m}cb^`7ZDgMYxfP=)B%Pr0VJX6LcJwMJY9t(M5;LlE=3JYSIdWh`~31OPsAWPR37 zG=dQ~g1vAm6CSrt2FY(%UJL``87(|L1nCkq3RR_)?*@p{EBTeWpv8FO{{kB_Se<-k zQ7$+&uL*0cx*eQ1puMDAF~Fc}1?T3;{*5#+tIP%en`p@0MLzdCTs{7OFb%}NMpFl9 zo(Zt^U~ya+hVUfhL&WAX$OpNi$%K=IIA2jiY-OZNbvgT=OzSbZ4y+^TN4%Pv;A&pq%6@pYI3MKJJ81Gde8BoSS%G37gMyOEJ4 z2pCc=|ESCIq8*GR#95ljtjPI|vP<_L9U+m|JE&R`KIRW-ingB+F=y7g`&!azp_Dxg%8klVa?RXg3?kLi zxSW*4?Bp&H=XIv2$40x4;TN%5u%UE$?zQ-a!)Qa@B?v`dc)T&ou;^ z*^A^&m4eNr`^Ypp`UXse9#{-W4LjM{W0s?ajY|+DlpBpQ=5Yea!YC9KaTIi}Xq~sO z;9_?I6asXa+MH7e$XhLy;MRWJ@gvpIGVLxcDD#*zxM>}X+708F*JrVhva}0HW^%tL%uD_6>;k@XUvF5eVH3Yv?8OWXXKA~Y`3fcQ2BqbAM2iXpVf!|t z&b|iQT00>KDReC?Z?7})rC?Mo=|AMcFE>h1QjqkjHGB$H;y@z$ndupAr${XMv(AjG zZh;IT_+_Gv0n?dz%)N0U&v7bt;s^qBhACzuaCuVcHqPt4npn=-{|m2x!GFTrgpN9v z76$dEX~?}t)j#l?{|}{QU(e`TO8kbKMlTgRD(n>TpcRbuj^!G3g`Yu7fUaz&#uq6jk7ox*F2t zn8mdZ8?VsLCezm*1p#jLU_WAt+=+K0d z^HwPh3>D&4jS5k0KEBXIKwt!(xM&ZJ|L;V{c zKMsdBWth{(6l5SNTGVTfF?C<68SgJ46^-;u{5+blO(QNlYYeT-NgTP@W>>Qi3ipzp2mHfOayEk^dlHo?G9hw{3G=c8D-97&f+S zjE7o4lU$dWrM$_`gJWkjWMis|0a$g^bXTfw?TMQyUKV=$Pcy4Ai_}}Wo12}-0YMte z4z6+QmF7wC)DtMS4vsS%qYAEm8FZ71@TNIj^<9Wj(T$Vz3cPo2=hz&Vek1IO?i;des(e?d&Sm?PCy~!&?@MnOjG9}ruH6#u+atILS8YaU00d?2vG-% z0!y|zGaN!H1;j1Up7+G)o3*3xN zM-W}kb3(XCrVxVL+O^(H!Vqs-m83iX1lI<(Z(H%)F?8KVN)iK5GCE#1#iGdBt+;Eg!F)bMKW#3A6{weU$tJN^-ndB6b|8TT)zm8XItQaaPVPWrJkwWU3D}cr5f|hPL%a0+A#C)Ir*Uyv8 z$G70=g;3uPiAAPLr0VLJ&0WQNQG>sy;CD5c+CBFWv~=@nZCVw%3CAKn=b68slmBKV zR$G66`u-^CLSYlxJ8&AeWwx~uO+`;*5!G6wODu1HQF$6iC2R?Z^^a5d&07N1?BqC6 z)E$ee{yr&uif~W~S995AQ4S?S1@7`ZMKhtzRYgv*Mh|`L(D065pgw0=y5)9)5EJ$U z`T{p-s-X0(4D#;<6hTN~KaL|UGXkez0PXmk6O*qmsx8c3#DRxyE-6APZ7Oc9?-Luk zY3ZSTuq6-HVYWHypN*Rdqy?0Gn9akH-FNs+20*zn z6WYLk$N$0t$U0@J(_JEAjub2-BpC0?uo}$CL)GjL*<$372b;l>?{NSvumnFh(OXIMCz6&G8|zp2VS+lbG@C3-gEe|j z#88a|oUEgbr&u+lX<4*lUzg1!YtJ1tJkh~U*rx$4$XZi?T2_hSW?-TH`7$5 zlm*U|C=Ui{DsbfB5PyqL8tOIGIc&(MqCTr-d58_u2Ib%9X+yHDgedZCW!d0Ta|jG> zCVP%BHyf`o9b(3Px%f&vQ1bp1GRjhaC%5iI61{tNYR_8cqzP0Hc{B+_3}^aF;nQ(TK{smRaQ{p7A4+V6nw2+ zPD>UuGb*6e>#Ykl0AqQ1eBUd!ihW9CZ6;mA&wCnZ6!C=^x8^UBz_)3Ea-x)n->S%+ zZUMmqXpxC$IK@!Dns#ZEHRnfMz#hrU-h^LD;Z)5OA;-CVTbg~<<+eMunn@l&BF;pv z!A`BhYv*Z`ezl0%)i7Z5tGcnkSB>rqw+ggc|4A$ zYZRMGpptSo;wW#I{@Iwp>2Ke4zD3g2GpdeuSh&WKG(RxxHBvA|1MNBE80i|@ zCa@0}yrJN)j*Q`#cH2XWE=Eee?aHlGW`CJ~;}jA`$HYgGr}$n}6{Zvw7jaBohsztyd_I0&=YP~2 zZ~p$#wsJ7ngPd;NmZ+D&GD)u?$l0E<{JZYhT#*(%Y?W;j)nRPqe$#eM^W}31NGscf z+Xe%dz;}znX|``L3aA*5SQ;`kKdHq8grPmLfrd5sN1(yQM7i{9SSGrLT`*zeFZ6o2 z-zV?kN==MR?SZf}o4>h@z-Mw>skmnhuk~Y`k?E2s^Y4tcn5@HVV zDx_epRH6$Xnp9ph%j<}#^R^J3+NUz4u&MOXVuoJHtycP;;3}M^^*JH#76H=#lQ{4F zeuy%^WA;Dk_Or#YpLbsW(foVnzQbwN?++VdfDQCn%YRq(DGR@Hzwh+#ori*wZRCqg zWaqsYx7dIoqbBt;?DAW@<+li2$;JpThiEzj>13%Xf=Xb$Uk9OB1f+qi$x?zC{4&*i z-YuqJJg(Ad+j60VlZ=nY2HArgq!(dVLjLKm(oBSiia>>4)n#x~4#rLJ)%>d3Ov%Xd zwKyMg%`~8S5_5(PvpX{ZN>+}g@9k(^k=AzhlFdapeEg;g(3E4%<0$l-SK%jx& zZ^3%I0A15?NU0t*fLRE^y}&N(sVMUg(;YPP7&=u)?mGplctf0MpHtl7zZ!6NFaoU+a+V^a6 z@s-PEi`~02Y2Aae5-bctP~7rQ$txtT2dF?%)lszfeFoncQq?z^A=2S_KdpzKwrAv9 zj{RLNg%^q(!W8shweA?h7yjsVcbh z0vIRS#4z`$>mh7Z!{DEGx;|@q$S1mZ5&PuI0`t={iX)FKx*!M$JUs{}()UuFjR|X@ z;XkHq@RF~HKe&xL9){Z|nfHc@93%D~@w-9KjSz$c?}L6MH}=UI65}yKG=vnGr??V^ zQ$46&5gu|)4Kc_japJ1m4sU0HqI(Ig(qE*LbGLI?y#)3NrAbytc$G^u6YR{KdM3Uw?Bk}a#pP*WKpQb)l}Wv>uqkH!&Hhf5Vfk&&(ev(N=;hV%=VfL0ZwfOCojTJSY2)TR%>sHDnc{_! z*5I-=*1ihrKWv(&9RrkLyj-KiWuP;Y}+c8SWS`E%Qm&BlDbub=_- zkDu;?z+l$^{ywGoyppo+AmI;4`x)1B)k_eRTbsd%$RAb2td=uTaI&yG%(cupnjt1i zTf_|1EL1$KcjJjDm5FjVG9N(H?rHLP;ip7}bgqw$da$ayWh;a4V!azLgX`R*yFVlG z8$xVE%(eZb!^2?Qm1r>$-@WheUHKLb%x;uF&|B2*C>v0_EIjgQp>yz>g!F9KsH~Sx z1SEroMSj@ZR*hq1xeCk{SD9?ZlA74eWOvHi#THSVx)V4p_5l!dNGOHC1H|R#cU^3; z!6DT#pquLxp6)Q2tFm|t{0TVzFrE&P1t#Z@D?0GG1joKW;(ij?%h@wPPy%TTE%%37 zKs^}W9Y3X@CcHp`-#tcp+Ug^{3@3OPB3lZ-oOiV~F1<3hPEi5*%%?D-B|*o;rsU3> zYSkhp-I^<5rMA{Od-Z7Wn%NwXi56dVz=X7ob#66GX(%6R$EN%_Oar4iuOO$d!F+x? zA;S2*hV}Mz;@^+kj*%V!TvXsS{^w*j=G(sr*0!Fzpol%bcNX;!{x|rLwOaQ<(P*D+ zQvqp6DiMXqsC`w==i3nidQLCj&uHg?RZ!-82@r@qU9c$GB^dU_m28owkCh6L`swK3 zFM1kf;co?$wRJP%D&pN9=b!k?uA60lP*Lze&${>Vwy)@0J;*u$whR|Xf^e!lSFCh7 z;wjiAnB(Sj)nteL9x(Q9gbUScxcdz<4na>fMJ7=o6$cvVp@r9{a(0vkpjkHL(7rZ{ z4Z(Si&9!vH_UMVkK#$%+4upKlYB|>?%bS7Qh10K+5-Nt=dBLkQ(4l{o%&GX&cD%1+ zP}G@t)HRTCcUHJu#|Xf+{Vb%IRm$Nr7rAx-Fz;DnrsR2oCH!q}(Uydb(z0+ez<%4< z3c`mZ$oYWz!@P-81;>OZesF{KV(t_t-xX;{i6cG>=DJV#58FP(&?dVTV7Y=i_uUCj_yE|tQv#H9W%b{h{UZrSmCLM>nLh56wASB$hdV9DWGOb9 zDyG{{;RgKAGnugX>NV0y0b49S=bV}n87zC@{Tp|#T`Bx$az}Cx-7aV|$iw&E=Vc@! zH3cS6+Z9P*^YAXwrKSpxqjI+wzbA-zu%c?&0>0Ztc3%`xcKHGUC;gFeT$7lSW7iA| zvaAEg35P92w|}?YBQ83`6(6fBi#L}ub)Jrb=YfCuCB;X0isHFuPm2vLe9f8sL6{Dy z?JmsYYzs(my-|P{TE(vppdj?B)z*x7V!*8L>N->X^7_56xe&dD2fk$DW&68#DxsM~ zVmw^xQh@qse%9Al)qKBk)ugLD3)pNdu|D#NoT{Ppf=X5`?W#}C{{o-B3?{Cd{cg8U zU~73sEl6a2Kn>pwUEL^;Bb8OL-mc|loSo%Y*|EHGsAHm3?$gU#DmAaohp)D0EOQ5= z1gvJ2R3mOCa{6yX?1m!nQEr4)v@CKu9iHr73|n~XzenB6c8NdJ?3yj0_8yv2q>?hP zF!GM#E8>$q&`%Mvhj?(H-WY{X`)SZy`FWKr6rvuktQa z{x5Oc&0z2E{-A^SsVYZ~UDwV62$1q^qqer8Gr(Yt>c0j2Gy}_bZz8*UKPk#J&H3MP zz7wk0T9o>KzLbe5%qqYs^{O$gbdQD}&k=?C1vo5?j@r!Koj68$)#Qu1|PXS&mhS?q^llSZgtMh9$Fedvvz09gxEA$E`Enk)J)NftzA4q1$+ z{!jhlwJW%f_E38u@inA$(M(%(XWk6{XZZF4JNh%Ze0M`=xvtQB@-ff$gzhNMKrWeN z8qnq4>&2Tli`P8|KuR`zz3E={CRK7$CI1;z$-lMsRB)FcY(MO@w3mHNh_jNgdVl(j zvPu{!u+<7fB5~K+T{@rRkAQarzN&S!Ll*Y<_X4ZvGbEW4EIbDv8liO!#nA~fJp|OV z4?7xy1p9%&-lAOxwF_*?A-gEJ6^&wN7-b9KA}y8?McSD(eKah(CaPSx8cpX|D9Z`m zZUXL*-1Ar2dM3?jTurTdvU|V$RjX+QHPTQ8t!J9qvGuYB=5}b{i~llgkNrXmT?Lvq(Iaj{FF&1ER^A$OvL{`grK}VQ@_35OwGg;8YYY*6<0(mFLLuv$mVEpbAdjsl!9W26Pdv_nOVI9-6X zt{pe^O1UOI#TQ%w{?d0d&2HF2PZ8p8M*jy)$chA;F8(}o&p`g4!d8_ z5@5_?y_Ai>k~2cJj)?n`<|cWXB~h}B+Cnp0ORbF!{R1CHGI=gMJ;T-Cv)E1;xBi2} z3c8^V=S&U(2qV1Ec19w*?IzIGb&@#6XA-AV^VfzKaKZ$7ZAy`u*(N{eJDnqr9Cee= z$OobHf381seN2WEeq9MBKL`cSK50s@Q;`#5j8i7Bp4PP+CM-L=o0UoAjN=Oof=hCf z>zk7qxl6?<4RL#u%0)g0%($fxV!^!j8LyYe82m`#@NP3 zQTlGtIQze}I0Z)e--rZQkPF{6OSk6p27%Eet*L5#wNkfdTo`(X*ZqI zv^J=r1N*iVTc$RwlBnuflyaw|a3RSwTj|{lv3`jtQ=WH1m?oWN(pe^*WztzDoux51 zlg={fEWd1>WuPv7+naPyzhEP>R1!!|0@y)Ii%_LXz62{+pM*`scH7Ls;HvVNt)F@- zWcQR<7@_2>`~^i@qkM6JR#}=s-X~*&&B$86-Kv#jiU&0!&U@DkVkHZaF36qOx>y0d zBF5SVgS15_m4F-^Yee^oM@@Fa3m@M?e=JF`l<8MoY-u6Vx8(oL$s6P^@d)sMKiypU z)BP{;%irC>bdlfSo06$DPstKfbnCkjw)eg&@r`I-yZ^bf>jF? zuYH!XwWlvwdt|9vSCH1b=|>c)JuF4rOEa!Kt*_>!PdFdPq64*tj;yj44%rLVpnXF1 z*|3lpS$DQmN2yTWraV24&zt5opu*a2tef~a&3cVgz;`O=v95hTc zuT-G#4$HR-XIO?Sm^>_+jT!mO5oRg}_4d3idS-AjGp3GCVcRpk&-s>?d#!ByB~VLX z=E8Q-YAP5K2^NTbcwz&#sNw46Ln%B%#vr+uiRw25wQv9U9NhXF#(oE;NG&CYPWS4C za2bZsJh;JCd7WU{(s+589Lb(P{jus8Xl%98j8=KS-7nU6fP-~7MoJ!7nL~K3DN5&H zDgAoGuwg%(@S>-n0%QO}vU^kE<;gbb$PWAf%F}6kFk}_=2G55of;_<{I$UG==<3o( zDPFd&bT`}9nT%3hpRKfXoH`wK-5J^@@r9(HqlEP7i$@<se zERW~Ef|*Ep*%!hvq=al)%ByXZj6C}hO#AzSA!Y;D4+*&ZUNm{Yz|uMilXvIcH{73G zk{2&*VkJg%Ymh}27b!byWMjf_`U$_UONC%^V*@aGX$ZU`q9pIx7E(k#ZT5qcPht)$ z$^XtEj3#ao?jdh@9sH9)ULd;~_TpiTcLAYlH-&Zkp(B+4-6Rypqh1Qs_7ga(HO(!| zTHu_5l>uTl2&}SsvGHBYF|GrT-n;~)_SkM)6-ky%Ju-$O?9R?##8$ZpctY+AXw=c!7EZ*D!8>M;K#Q<% z-TrXt4gjyjZA;f9LLIyA&oDl3V~fPb4pOjAgrg#BPd&tU60sXbG3N* zcVMqXY`0a;)&3k3P4H!J@mAIdo`_#6fYfp2oLO@HM=?2eX; z58Pj8zP*-z=6DaGEg)gNG&ZT@r|Y|W7bF?b;JM3YRl_#x#ncnd^Oem8@ABE&pzQF~ z04tx!Y6;TDMwJpJ`mzC%o19$IEz2%xC>iQAFC~C^=6X4fU(Bs1^-%wU-YJ@=v`o!1 z=%c?*ar4ZhwI2!(HIUp=#u{?Yz;@G=J}HxMcqbcL(nPTmYVYBpWZ0nDpCNSMI$?!zBR^gm?W?4LEF0ps7~3)lUSd zw$NKfNN?zFe6(?3%CIYQ=*s*}sH9*-rSZtheldlhHIL&}Xk2D$yo|fz6?y{Ay(*`L z+z55$2nUA(b|iQCUIV5F6a+L3VR5IVDod8DY=7{LAZ2qe1`A*9djabSihhSMhx`k0 z-iHe*Bs8~_4m#2#3jycq7M zSwo-tM-!yp8fg>pXbvrlleFr!DS8v6S&!GO5|(0OJIHQxg9`qt(kwC~k4)dM^P$rD zc4%9@g&Uo=pj6YnCEL&)7q*0VkYsZT_3@7w)=(1W*fRXI;9g*4v$b{V+Z%+h8cs*> zuFaS=sNmSPWLhzDIkVA^(xlzaoIE&7q=hg6rR<>YXQG$n;`Ro6ydd8NgFDO&<$IHE zNNsqT&I<|-I=z;&R&QN?ivg0+)lowVsBNuvv3e-vJTzt!mmubFwolc|q1pnSUiR4z zpShRAwNxQgga-qbf+@#IjAlkc$$pycFb|8({L_fyYT6{ic~@Nbo?X=#ymOHelF6S) zsM+G9XAjOj>J8HJCnE0sKA~`bZG3f~)Z?@hrXG~TncC2g`w@L(5MGF;E#|J1PJ^a-dqCMh3%2QtX7xM+U~XdNpo3hXUrCZFKN_ z<0tsBguNh?R$diBT2@E-q!*4kz`L7hTm)hA^FV~DRr@p%DM>G)r-)vu2HI7daFxUl~LSS^dfZ@S4(+NbS4j3fqO)U^eBM@ai<8lKZglB5G6EO15eI zjMT386t^73{$-vKsNgftiRL#~#m}mu4ql+E;bYecLoR28d5` zb+x)A0C$e!Qu4nuP*(h5HN^0H-LFO-e=TRvJ^`6KMN7rfU}^6N9&J~p=_{dMcLeuv zCP~WRzeC#bQdA0LE}W6YE*bKXMyk*mmFl(>OLotPU00ndp;8fy)CbS@64#^Vpkd|N z2Arl;vAH*GNVAR5`1RQCOPWjQ%##M#8WvHGXoTgMASzAd%$%91*MnX9D^JjtN!b%N z&~2?*`HyN#^Lfc=3P5B-gmBC{12uo6c$zrA&S0M1qz=!@h%uIo%5aVSo*{mp^S@!r z8!j8wvZ?-esb*wLlMT;f3=tsBBtYo&WEuMq*cR7(=L(nTJ`Nhru{kz8lbwmv@{=or z;E?1+OT6{vk~(Zy63-x|S)446G5~|LKIy`S70{zdhO#!)ZG@ON*&Sjw0%jyKXj!ou zAiU6&PdD^9tJ9nesOR{Q8tU4p>wQ?4D>hWd-@b13)4pp6kn+y_^IoTpiCI%3V`YCW z&UQAi)d6mZ6e2y7&G#c~Om%`Z3z4FTymz$VnynN~HU=<}c^0?+qPxif72!T#&NcNZ|MB;ofW5;$DLgZB8d{fA*8 z4alhtwrC8q@vsO=U91;Fv#dozF0j6BV<8Pl!dU7&G-=7m2XSXAQqRaOSQ+ZSfW7a7 zxc$gC6 z$bU126tP|M96RRX;OcK$BdHfDr5}PW9W$|EM_;=d_=wEb&bsT9XniichDYxDZxzkj zG1TTyK~GXAQSKwp(u9^69A`pkY*l^4(qR}&Gg_7VKmPR0M}agqJt=Nl!Vs0d z14-zPLobfN>&eZte<0iza%))syM`k6S#L^{cG^RJKDhsWFt|Tc!>?TkTOY;Fe(oTGBJVx&M5T&KHA9YZ?8cyB zKUBvuxP*5_!Sb|cij*)5?!bwlQr8L>>0sXWq9Ttph#IlAn-=7r z7jMaRBhxl!uWWyW%Q_-2K-DNuur{b_K;3`TrO5SXx-Bv$-;x*Xv-;hO8F}$}CG~%D zwURGFW|Nz(!)rqbw+XRZGDE7HUdb(Qfa<9hKJW=VST^F3qyk+Z5F`QhKeH<8$`7<1Nv$Bx@Gosq5 zWh|R&&NB41kPNX(&1K&SE7!?+%68{6rEg}?HJi^!HOCR4NhNvl=EZ{C@h#72neAuI z5!W-J@2B=tVO#Et*DuIRQ9^I@ zsMnd*PhP09VlVV6twfoi90qskh5^FjV<^EKsfWsQa~{6eiw(<;q`k}$pvonA0U7*X zd_gHs2GitYL&`T-u``X{C316R<$S}pk~Ys#UwUC|`q+JWv88_(Il2Dho$1D_uQEYT zNWW@lFL1;3+Rf?TtCDHeBc@27efCg$(SIjbR8dr7OyHVt=G|GS_r((8YE61Kzh*|F zRE7kk{yGfFYje_n=#E_Cdw~6UOFoF4&0wPvy;IFUe=NCT0kIQtplHqvW8FHp)#fb_ zg1>>g&C#;V#L}WOpW3hQKi!Pz*7u)op0`V*l)ppWuh!z~n|!TH47i~hITnWWwuRN$ zLMK{Fmm96IJ!KBV0pABX1wR*9vfY>q?>1Bm9I~x41%4!0SiRDri-tNB7m&#;j4pY`)n1>@uNJM~ zNeL71r0qUZeQ5dv;GiZiHHGs>EqGonoaPYD24|8`pyJU~IBde}L#<+n#X<-7(7|K{ zUf}2NKiwRCZ0UU;du-`vdyg&n!6X{>6z;`_)|Y2Gx&HNe#hOe<9DvP~4%SxNimk*I zyc-lCHi0ahrh4uE9Ekgg*x4W)Mhpa`DG8?SeX3KD*9m6s<2KQo&3=m$eg5hC;_ChNVw?VIBOd2U%qz*}T=~zVFH;^D zLIO9jllajZ_R04WEyiG)(Oke%QVOAFq@>1_?-d)wTp3nXmf?)6lCfFS9uf%pKm9q~ z7*?zp4jJ26$wrIeaGF)}%&ZnK>-`6GXjbpsyVl36nNH8~1KX1UB;HDtkomsNA50}M zTu3pyFlWgZ*p)G733TQYTOB)5pV$fm#@f+OkS>ws3J}FXGoG1_-kCE|&tG7w;sE!< z>7l+oFKXRR=1;BL2(cc7i-t;<1?75aH)%;zA+ZvKo{L$WO_HWto_`ZtaY(@mp7TTM z6VFrM{I=)z5}s`9PxyA7HPQI~sJ(x9@3|tkzQMLW`~=XDa()R;k=z zs6Q4gzf&}M2-vZwbNH*C!(%;R78aAb_2y9Z%D8cB)C@BDHz;+U)4PSJs`u2BkhX2P zu+JVGzV6Rpdop0qLKIczM^yv%9Xo#HVQG}7F|Mpyh-^j5$dbD<;93!|`HbPr3~<5H z;g=U}AY`LX$!pL(UjN&_{aX!V51qh*y#D>~ezzc3ricz_u2!PE-qDf)zL^3#J6uT5 zOt3i<3_cahieh$Ny=WOv6xPtfO>T-b28mMpeTP4Rxtx)VKQOYAke#>A@q+NT0L6sn z06K>b)T<(y`XT^^0i)1ikW;I!B^2O&VEZ{PeL=ay&RtRE&);u>@@-+Cu(YwkEC8`6 z#b0r;|9|$buepsI$=~yR3RLz%c9kh7d#Th`YHO=x$;qkKcC@CFJZ^zAkcjngz#Ys` z=6(7rpz&{pGeCo+Bzr@=SSDwh_>b;J_wUE+Xh=*58ZM3EXOMg9013n*;~Bcfc&v#} z;}}Wss<`GJ_{6qyx3*Dr!&u)w+EUGK33H~acjN-vcjr+KikamQ!aB7<6m% ztQn_>P&X94h#kq=&J2zY#8UNTQkpb|6>UC6+iv4{&&iEyvJ1q8{Fx1N{4T1hMw?00 z^X&Zm47LZ+5ZThktZ4Q5^ih`dh4v=?d%6y|R&-XC(1|eZ(i6I-ks+{v0SJ7>(U|pC z*a>(vMDSGtx@e~^i6aIGWO&8WXoV}p$#Q)+fNW1n4d!xieh%1mdxu3*Wc)B0Ju=db zPaY||2S-vU;$VS-J6@n*4jCx%djTjr^V;nUu*C2DsjIUD*C>pBSR6ndYPcI{P3S_3 zs%t^C|I%zbsF|cIWwGP*j^o4xTan)EaY%;oUCaFNQ6cD~@P;$p!sL}vBFj8|Wt735 z{sq~IN460W;~L9@8R@IBY#6U%`Ggoah+`UmELSG1eaz{RGQ=dum|*j3^5W8^YFNJ2 z>$+vl9WB_)&@_w34cSbIC9TWK=7A9Q*)YzjUn(1}6Du!5>Yji81qd*Mo%-OQ zn6x9s^#!qa#tj?u(^?1Zol%m-hL={+2SU}2%_v<{DIHHyw1cE5xHhPR5d&phs~aV2 zS+n9b>&5Ql9M-^68o~ZWbaX9BcGE2?E|>F6Z{&xOS0Vag=Z+CPlrfuN=({A6X{enI z3sDQTc1xurh`gMSM}?W%n)M-cMo7g>zO)*MpzgnUGAi}yuk||oJZiL8l^pWK+szp? zHOtivvxlpRmF^2Z;Cu*DQ2X5^f$XVW(wc}UMiRWPp)9N@H%5Rv026w8DxKWD&+6{Y zyl|NtTL>1T!Rj33j@qq0ZL%irY!12tfnUF9fwM9S=9vi;iR${1q*7lOtvWDi_K}$} zFpFR?L#eg49SXEBkbC_2ZdqQ}o)SEg|AlXEN?qpRz;k4{&Lhx&mw z<;BfJ>Of!R@lS_ZoE4&Z)BwxQgwnJ_lt$X8&qX`mgYfUIf3^onvDchU`)!^)FpgP-gO%L;EHPk;tq{rQvX zjhna!$QLe&QVUuJiOsB8Nh0oE^>Svu*?bpGSGOgL{^QP8GrQ?GJ*T1?dXMyyym|1& z-?ivv3H^EGW@0%@X1+U6enbQn$>|c{bO{iD_7N`uf^Ax_RxXL@fbe1<;jDr(xIOR; z&PJ`WR|EE50D%-7+)&Hh4IU5FAURl1sYypgRwxV?QGwsmFe z>aQ5m_X@ghIO0PTlr7}W|FqY^>yKNPgKrw@FnE5{=W4Q99>pKXTlMm=JfY+Te0W~0 zyI1Cc^A%f(W}Dt3tPu5bPpXmdQlI6Xt^ILMb=My${u5gUk;2YTuDvs!Q|HbBd`KK^ zob_$#H(9+Q8`?xkcWuc!$Vvu)BhMekhW`lx_od^iDHoXjEzSww+n73J+?A#oTT%RV5!`O@(%=wyE{Yh_;>0AeQwYkgBn5W~@w3Dov-FLh^>I6;fws!?$ zpZ)2wzrp^*7Y!qqOIp{g3XaSHSmKmJIfPJ5ASfOI>EY|hf_hG9o38{Ouj#Ll)#tI z55n;9z^4H96Ad$tG2JktTV~RQxH^$uXu(q$@T$D!+8L#vQ#w(|@1Tq^*X?@iRCC-o z`64nk3jU%qE*jA;iR7!UYH7_xC#!8_Dm+bxr_QX3eTJ!vIlJ7${WDAhEAzq*Q11|% zx^0pW%Oo|6+H02=4E!!S+Km-tLDjjnuDW|Z;kACU*ft-xqcnAdLYWF-_yYsU-Ht|; zk&>-hU23RsKht7sPdEOc9yVU^=M3-&_PDp7+lH!bX{9zG>!Ig&gx0Z*dfu8z0IS2JA&oMD>&$2{VE=x|W>MxWCA_zQ>EX zx~oL-356u`6FfPvl+A}jC=q1?Pc(PjGB#@{IBs-Eff27JeL-Nss0Wx-Xa~l0-sOpZ$FKw*OLp0sMUV z_CJDXCz9_GhGrc2K)^OyZ~Ss6&9wVV3Qs)bREr zTTh$}162kd9ry_iIlbgMjsU1$9cSz0u!EQIoLs%V`S|wo;`Z&;kHpI7p<;SYZiRO% zPFe+?Pff=|`g*-G+a|63U91L0p*6X#dF!HvWPtLiS{|1ou66NsB*Y9 zHt^N`oLaLnr3sdDe^#9n@{6T7eWkRU0XR-1(Z<%)-*k`2x97I(7GXu>p*~v5hSiB< z7_|x7iXg}Eqp$g|AKxAJ)3C0PKYS@xE8dbNl}ne_=c5tas@}gwseR6O)n0oYB#fhQ zJe$q5Kjp>0lwMj^FUjxB{JK)l)rv1#@~{-zqVA+=S85zrKW7S@41t5i9?7w zyPjXpuLne4@LA8TZ}-EAmhR`)kHZ2@x%H!U5R?Ssf z{q4uU2G=NmbLrS7NjDwnU+Y<`6E%z}|L+Ika?3=hGc^rGFa zd7(|U+shj*Lz2Jz0O$$-^XDJFjSS{fMXG1|JD%{q=^#ZRH#Sl$Ds#`XX4WdqDm7eg z&&H}Vr}(~S#qEQkgZ*ItodhJ!K{aseeP#_@q#k*?U9OZ|4NhUD_9hxqcJf6xY{xJJ1q_uZ7KN>_OcheUCV>hsmSt#J^|e ze5I}a!|k8cHsEH`Udw$cT2W^Q{@;we)?eT7#3iJrRMYMOCj#O)$LMw^iFNl}djF|O zsz-x_z=V>N=yaItE2GTWlox3x2l2Bbm(-ztW49@G?L>xnY*C?>PDJL&qJpK9UNW&0?|6$T^N_+OIHv%V zaub{n(&RIlc7HRE8-rhskKaD1TSBQ&tY@Xebqtn>Jpu5^??j_vt2m@Ddq_@`qWsE` zPps&A5^Pd!2_dxkp36TUq5pjfmOljFM{NNSSpHF{{fN*h5dH+zenes}L~#H?9Fd9! zC-&gOPjHE2rXg}7Sb%*SEDFmY%1)36t$*VrLQflP0ncwsD^cI4(R@W1?7&JFOR!x> zo#j~6*#sT-MB_rp1<%mod9iiAbTr-0)iQ}jo`;~D9Hi0qAefF3B1y=GoaQ`6NgU@z z4x>s2?8hjnafW1&KEi{HlHI1bl1CVkQGzk7$&MQtB{7RX8Qu6SCS}~T3fPvDoXRMP z6THh)?8+#a7%o$ivqZC5nNczcio4mDoZSZsg3sBP1DTzD$pWH=f+2dCsA-(?0WFgR zbvogs6SuiDdg_4ueW#73E`Go@v3K3I@>C@J3R@X18dfiGx2obd5jWRoxH zAR8!Oa;OcI+<+UD&~#7^l&o2m=F0XZn>8ENEXS;k;m;nnGVYn`KZ}^NNhZeN(X?e3 zNYl1mvQ=Jzd4Ah&msM|v_6{|?$dh1S^)|)Dhun(?XozuEKJ2-Q;O+~a&Q_SQe15** znfB#WtVST(ecMovcU$*4t^KY&r2;!@1CL3^NRQ>=;^GI#kG zC;1g~%-TsN#y-FJ!a|=AvfgyypO)@sa$1nK?W}&Ss^pK#H@ulKV+s%9Gj#sdv;?E z!=x|A<(fRO5&LMCNG8f*%`z0rT!-cJyCKnnA#mpiZX&~XU~d1v91qYF-tL=>&IHDy zFF9BHc<;mMYX5Pr_UDGH<8-e-+M3h7zAvYH{gVsibP};HU-fdUdf}X0kcJg}%^A?(Q}`UFgQfRCD*BRDcZL|D4v4h^+r(`Bwz?>} zW>eAC0(C%Glzz)N*06sWjRV(uX!&hWlhEk}U5nub+o>d7bAwoL>>YxAUh_sz>p3e# z9pgdvr8jxr4kg%GWcPGaZc*dm;TO6S`hEf)-0A zgLZ=sY%(iRGHu=qkVk3-Sj$yYtsW{I3>@^O|9;g)j1gIo!v(@n@I2USA z73cwe7yd^QQI!_l=r7;mOh48XW=(7JhOe}Tvr;;uIvV;vfScsL5`X@lEJfGI^DqbU zJN+5h=h#~^rC7G4VpO)|yKl*g*PT)g5bp-6`48Wtmm5|o$ExGIfe&U?tpW7hXys;C zNoCyzzpn`o2KSKWC<;feZpD%J8mxAU(pHh@KI*ZQ5}QgPH5VMC-zF;X?@lbXEheY@ zAMj*9ncRLj4jwhp;2xKU$Br6(I<0-&D{C5=H>fRdYYkdAZBa1b9KP~wakT)si6J{? z&UF-_$@a6&AB=6j$LEE>=)(=W=d#V9;DN{c(@FCB9w-x5UDfh+tSP?^e+d6Y*dpNevUzV3s9Qp5M^o6RS&2rw3h9Zfm+S7^aSNjFkh)lbPkJ zfR_mysCg?IGy~oRDMVEnR1I-QF4=nNggkzWo(ds-Ed&-pI+*h6 zEi>bTfo~SM8_ZKrg0GB#_z}A2xWMvfbNhleLxa1gK90N*9O!MM7lbh~hbQ~?i2X1?Hr)%$@$YW3lUkHhzUez(~1;rz_^4^JiUfXpm z%$4RHjp-sMP2pKJ1u3hyHC$LvHU(tIt>6m`&b;+grm(1tyv?IN%t!A4DZ8qDU z%jSV)d)Rt{eJ2Bn^tvupb(!qNCmA^avg$(2btFgpzUFqxi%&O!zg#rxvpV>wcN`7B zJ7mK&mA=87t+&CBKQ~QQuM;YzD7e2MNdTt$!=luO#bM3RC;gu1mmN4uj4gvxDQ<+C zemJP=Fi|p?8g6^s3|998kG}KU8xLT5Q@7ffp~Kl7M90x!E}9?F_iwbMiErJxH}(Cr z&Y053BS}UB=mRpxJ@^)? z83)Lmh8SrD`SyqJzn=nco`h(QYN#>r<`_hCRA>~uc`8L9c3C$K-aM@i91p!Y;aknk z=L>W7Vjiw^7T4GJNnVCU6y>Jr?AIB^w^k85_?8L(Qb! zOtEe(npt*#Z~Xgx8wQLRT2g&(JM0e|! zL5iTxMd8ZOH{Rs133^Xzm6a4#{IzM&n5)G(Ys1N=%;*{d($(KKvMJGUdvUa2OS<8r zYd~%*$T#LIeQ0e(=bVLIB4F0_q8u5i5B^JS%$36WQD*EjkERpu^qCzbi`w~Uiq}T2 z)v1W49Q`ePzOR67=K8Czjd1j&f{hh-U0CsAizeIj*M#ad@`g%QlJ~Tx_h9?JnBTm4 z|56QM!o6{QHFnEr<%9SShvlaX+L&<+9<7xJX4u#RD~@))o8UVnQ64PZ&8mDva%5lS z{OxL5_G}z>FCuN++c5fqY-!u|cALJ!`ChH@hC#OaLgOct<|TXZ-!5q__&O6`(owFNlPSp|()^^qE0fv)7f2!5(3_7}YgiAHPtfORpd z72orA*)7fsu?iIA*CuwO-M(H_V)1%KRTGrD+%|mCwW5))OSWOvYsv3tv?-RnWkuUH z>@{8USt06;nr@<&=d1EhYKxlDx|~5Lh1%}a?oKz9S4zkH$kZlCcQ*gNOHj15B6YV~ zutwjW+qcPDloHHC$jNlM`zv0n@z@${iCvK5mNxe+k|+?Q+9d6+E?HA)D2J8ap?1$>W7KFRXu;HzYu2c0EB#O#z@<8x znG@~qu-s##?HaRxn|(&F7WJ%U&5GChG|)pB8;zY7`q3dT+9l(Sp$Z`@+7`y~s)2Jw z^YS?3*VTtj*x>zx+IytdtV`ANd$r`4gQpL!CEb93resnb29{1kTSdoc@7O6b+ueYA z-@Dc zVQyr3R8em|NM&qo0PKBha~n6ZXg<%c=u3L9q^vn4^{{qX>swcm6-TwUtdgAMro6sd zaHdHjngM133?)X^`R%9hm?wu1Jt8NkG#?}m256ug-His&Xb8fB35pKmA$IUO;XO|QSVv%mKZ^d6(~ zRZl7v5#RJ4Tvr{rKgmNF^z?!=r?#RX;Kj+{w_adSa|5fX_V4IrZwcVxkm=FrpFa3~w-qh(MSULCG*e35vrIAt6#?2$U%f zGoA`i7$*@?D1FZxM|?;kHv*{$^)CRc^j!nba7?8VvjMbPo=0OcHn{{QTW{a(*N6k}AUz7DiyL1>>!GcnL;rlTC0K{Ry}~)I1Hse&_kRI z1kshdQP?ZK>fCOev;~oAs)qv@kw~IRB4J21XcE06LyY7AZf?zo(vaI~S&|16%tkbm zFhn9yeB_tNzNcBos7M}iHlkw#$s`GkG;GSoasZz`J7BuiA8Cv{RRievr02EUaF|NP zWBMC{njoY}NEDtcK@^T>Kt~`^dDYZ{`e!`Sb^K^P>+UbV+s4J@`bS2lghrYW1L%96 zz-$z=n783)gjA*^ie?}%;BkyB1jdzSR+(TxM>7bWWaOoRuux}+kW6*swHRng2so1g z<*78Fg9)br8bLDnNff>n8xlzllm$YYD^i;mEU^EDk|0tBoB^^a6`aM$l!Pm)CJ<3A z5(akOl$RjWV4|ykPZ_;Thv>ucNDCH(9IgnfU{WfUGK;M;jT`YO;#ZW74fKdIorQ$I zrqXIa5d2~B7neoB_GHMPoq$4 zCEXVaL#=qsuUsItrb8njz()q#8VtpC*IFEpM}~JKDnlX*N^40C>?IHjhe{YDL(S45 zq>{3+?SnLm%=b(oW>#EHEm+nyitjXyqH_!cDl2TB#2^(^%?>$Jcx?zVl5Yi1lL5Ti z+uPaIqLQ+M#&>L&3=i6YDA1>D)6=e2q=aSBL6hBTszV%~Ek46~mdIREAR z;^XoABhM2<5}0&DHcKE!u>Y+o3TNLP92OjFayE3&qSB{4gshcdReB9rZpLb<5e)SR zM0q#lf$RpH1(+z=O-#vd!oyBR+m1`qdS50-nVK~X^4dn;Lrfw*v!bgeM8QNWii%s;FJccusSrmDM7%D z^lP@VWN~=e&<}4;&h?-2)UkK`*=;_Btn-dp7|k@zAfv^bTp#ZUK@Dg$n8LxX)_DClCGOg zrw^dD-Ku24kjY+EI?Al6jULNOS~LhuW4tedoylym2jGDJmc9jBW+01}6;JzgNc<(@Joz#Tzidvv$S>2a@Du6$_W28&#`v#)g@0xGPqL-|zGwih$3rs*3aKzD zv)5gbveF7k9Sf&oM}o(>#?I0BflKuhkJ1>8g3VFNSn409v?kF1vAm~CpAt10z(2B| z?u*IkKIOmNH-RMlz@nK|;9u;Vp;Sungp7$@6+7V!zvy;-Ci1i&UQFCAzSwBf@Ph0w#W?tx`lW425^avtoVDQ%*Vy4L&q#pVMB3#o;9m}RPq@)uDhT={at^@G|6&}X@jez)U;C7CGMJQM9$WojIE_>Ly44i_HNfW$}-c}Ug3CtmOahu zfBDi(_vFLJqjO(fs|VDvV*h7*zyGSX{xoN6I2zVS5rfub$n~ol_om!F5I&lkKE%1M`YsYRj;;UJLaI0sDP9dIrcyn}d z`r+*3>ld5aG6_@!V^q-TERm0@?w1$T+EFT{msxUT)Xagpdem*hOY3}8=Wm*?Z zxS8V)y4@G9je{3C*-htRB(d6q?>Gs+BN1T%ieiJ`d5jV<|meT+_SNH10jiMLN zkIsHNK5Xbn1OCC?c%Rl)`hMdk>++~XPoJ`}?sDDxG`ZcF>-Yk#!OhKFe;UkhZx`@F zzQnzTIG=uab8&L;{-{PgW7I!_5Jb=-N%DIA(zf7BwJPdTt%iZfTTMXv+i02%?+U8F6t%MED3qd6CiFZZnuZ zWTEbryX*f|Dl)T&ZzK{KRVU8?l4#CVG0kjDuT2(5qg{r+yJ*8=~rwBGOkGaaJyrt#lW z<$fACOV^+B!AIv@nyIPRbr-{w#sjnMqNk{OYiCqvhW3zNLc`{cFa#2pPThWXmwi6XnBWrM}y>b zX!~FWx;Kp{l^$peD!%tKTIeRf(sgLGBn&YidR&q`M)+q=TuXqFS@Q zb2u}^d2@2E^J=3@8`4|8cRT_&s#+kqy>=u`@QZ_XEo}t|y)s1(pU7yy4Mbw~k zvX425vpfqktknk@FY1>U2A{#}^}D&$&YUzBO4S0%+geGza{~)q+WCuY)u7pW@4|S? z^;x$ z=el*8%&yWJ*X6qz<`XFX3yGuouTY|3^=C!6OH!kilXI8T5@RICiJ{G9$afd%aab(k zl`<>a-0s@mr+or9*wxD&pf@jtIFC-XqCh;Ms0ao~b?)G{+)%o9cZ>RU_dH(klPuVY?B#G=!``#sG;Q-#4 zoOi+`arhi&|dA-SA#3A09Z%!<1jGyfdrAhc7@`h)lt*2BQsHjZ8M@$@~UY zFmdh*ZfWv#Be^rCsmaB#?$`cyv;rR(1c z#OJN1vTIA8ZO-G>mYlb$%B8;mYpyUy6Cmqd^Lx%>Shqi$Y>g(Pu;zJJv}(>JZ@&BL zWvkSz*^p(D&bd+KwKljl8*Xn0bDtF%!|iRWUgv4ab9=5#;nrPXXLwJHOSpmaE;rdn^+T;-}QDS;H6s~o2Bv#SHG^iom!3WvV+F7LRFpw}-pfB10z@#6S& zYt`z1siC?13^Yz~iqAQp_O}}uC~L3rUe1ay@*%Ajt4j@(+EJ2zTk#6&Ae)vuIb&f* znPpv;5vtK=zupCIU9M*~1$y(Hrp?%gjqYsvKaee>MfJTZY>$ z(rna#qEloj<*DF9tTtq# zRPq*8of?UCKdGm#-yDG?q)%RFev)opwu&PLHQ6f4Ps`3=jome;t*YKS%^I!ju#-7g z&x5Y3xCY4cS*pHe4^oltfMQ)KHZ)^lp0X!f&57-9?QYP*O^UScz}Hkp5H?15aq$vf zm`1|j_1%DU3WMB2$k!1TlBvj=C(h?DNKjAWGx)-)%xYh%{;uo za?8IqP1l;JwSu1)4@G|lNm);$H5#<@OZxU(<#>r-x^zB zi7lHJl!7G_9jvmSIzr%W~D5*MQ-2q?hZ&hiTMx(8V}Wvo};!(Ty>rX*_`U z=Dh90Fl@F7?q^A?gHe8dq>9q2g7@pac@yCtR>eA4*Rt$F z&VXK{Re6l8(z-+`Y*x+(>%myZ@nIdFtc2t$IV)5nbyZvj)`hXmUttbLDO^~E&GHyx z>q$x(OfDp^8djQ~=Q_>Ls_{RONynX^5j?_s*#Rr<|9&n0<92^{|JnY3lBXuAVn~9_ zVR~MU&DSFKmCj*Ddv{>;j7L~85=;S-stFhLH?unGU;fP;@R{}-Yy!<}_p}QhWl%Rk zsRmvLNJ34ZG&z7z8+fgdX?*0yXRo}E51%#?9%ddZCOQ~Jn`w$-CQxxA>R{A5V z0Un|A!O9fD668F9c_sK@RAf5*6@zRsqB5s)E~#E+N&7y;dW6~3vz7HHf7a0d4-Nyq zYW-)guK)Y{{hjCapC@@9Q~$g8sMG!s70ERIDGxJ;U+aneKW{B4TY^ahoze)$<>1?G zICHT}ZCFd3>S8DZ5)}~z1n0^I5++f^uTC>KM|rj~z$^m0z%XSYVamE@FwQy}5d0NF zDh;5bMWq^F8X&_|!4;a2JBi>^8k)1)Hiqp8nM9xrLQK@eG%OFmDtK}@AM3XR2k+jQ zpZ0)azy&%t2NSnjY9JN2hYoDyyR;iwO12Z7CnSRFQ4qsC#cp`!uOYu;S44ydr^iJh z&5u$cb4~z<5utJZHQTn=3G-2LZQAkaVL|Y!yN-J=*6=$JQ#OEXojxYlHfr)-C6KcD z+J;jUF*UJ)u@u8nb3n>$FPa|AyUoNGzrrZ8v6A%sWB?my8teg^ZJ1@hca){qSp|kS ztQ-Q7Qq$WW!!<#vh(H&2`XEUTM9c*UVj^U#31M)4WMD0>D@~FJV`Pd%ZhBPC`aYG) zWVf_7dnNhmV;jEbVn{<1i{1skHn^H7!G69SQXyuIoLNNcC#^K|5i<@kG(vl(C1a02 zz5TOl{LlQ^f5-iw{_f6P{J-b;KTq^D?(w>b#vf>;UT{8#)DIR`4iz>XxSKCm9m^|A z>W^w2*!wFQj*1i^)sphCvewZON0&_#LShsD(+s>6o^cB{8CS4rhT6H@S&+o7E!e7h zk1jmxlYK0=sOpSax)!Ag`}{MM4l&N36sqr&SNFT_zqz$^YwK%E=kNclssCNbj{6M* zE7$+_>-+!xoxSJv|0j8t%>V8bS!LNck}X)>cQ{#i6#G$KhaRRz?j2*OqJvsZ;VMm* zBK}b&PZ0sBwf5+j_1@w^aPE$o)xhdS3W${>!p{*}{$NkD{`V&s#rBSbN2p`f{_kGD zzW%rOs<-{D|DWP%!zob;g(6M-XojiFul_+MK-n4?&nnUcCmkf4doiN5E* zIlnkpT%gy6LmtPR!B2z+_2pIKed`a&rT49`;>7#*zq~g5LsnXcbn=Uy28dsBVm9Kf?3UX;dW#CqFyU~_M%?rM{qKJVoJk&`r^}g3 zj7?UJHfy;bRs)J<74 zeM=N;+ngars1Q1xBo*U2#Vies2->@TC1{wM=Sy+K10E-wnK-gUN*+*itF4jkB5tw4 z%G4#xL2LaA(eh@mBwLX WKhMt^&wmF10RR6|A_>y~kN^Nv-~s6X literal 0 HcmV?d00001 diff --git a/released/assets/rancher-operator-crd/rancher-operator-crd-0.1.000.tgz b/released/assets/rancher-operator-crd/rancher-operator-crd-0.1.000.tgz new file mode 100644 index 0000000000000000000000000000000000000000..0f8d47a985bee66d4d12e4c831b271f34998642b GIT binary patch literal 7035 zcmV->8-(N^iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBTcjGqBaIf<#boSn9rnBAdnY&Cf(@i^_$s5nK*DwX!d`*!m zNjb^v+5i3=Np_qMiysmtI*EAEo{4P&1OX5L0Z;-bOOz9lqXaGFgvj*Avn5DGkXezjRca$UqG%&F^CZILLV=8_mC^el^Oy4CNUfKJ#B~4T0 z?~;FLS>QkReuYDZDhGmhGwrxe-71aQ-k(Wi2nr|V&-eV2$n*$u`X@?71%H>Ue>#FZ zzx(IO@tfn5qZAd9G}qOiuIee0FPkZnvqEW+U7-?%BzTT<%4tQBBLmF!0|+N4N3nOZ z-PkMt8nc{%M)f0+sp_l4TM$=w|JJuTzDtyrlrI{7Oc+J3r${8~ z&yeB0d44ZuNCcnL#lFcFQWW`}7Pz;J`sWq4NwT3&z3A#MIV&Wv9U+dAL=jO={dubi z)ADb{Om678nW{$kUGm@m9VN*c7)>h$U4JNYeteel@7N87hTX5-g zV&;;rLE|YQsP^uHENBBrbZf;Z$X9s}G#W+gx`8(L{WO zq>xnKwz9Y)(_NulQ-W85_24xa6#L;)q)BPJtLwoQuvZl}ezf)B0{ge6BUVq@k7wJs zp4HpXuKMb&D)NPd6sKB(#>HMgz~&>R5-6XdT%-If(&jVWZo5}A{Uzk8^GvEj=S*-? zNQs;@IyiO%@w&n%z*NTLym$A$5jqnD*d}&&TIgj{6wJg11kO#`4+7AMj8amoEc((kRAKNI@}-g%MM1&aLcetzHZiz!4AxOQ7J z168i;KMglXwvB-_l?|S^C;A35G+ji6gP_#%bb(x#c1Z_gP%TUIq<2(HAl1EV-+&AO z`;ajDUrV7-_6fl#VuXnzy_8~2)BRXjh3s0L+2(LwiOZR`U}6T$bh5b2lGL|MB}S8N zC}&ayz$cV1Olo60Ty9|=!O@ZuJ^3y;PRJ5T`*GHi1@AHRv~v7bEf;3k`_ zhY8*5xI{rk!xKkj7+j=aI00!0m-h?3(5NdGjI|kcP%s+!bxz^{E@eFiWQQA^yD;#V zHA+dFZCEcH9RORu0^bXX!yYOC=~E4R33WjH*2qBocq#4ND(=|{A zGs>vGoz{8M!>w?G!;}ES!GUjcuz$6APl3Uf#`)KBzG0X9Ab(+C(3LYVILx~Wpdl?C zjU0xxtqO$~o8-?w?$u$mKWqy{f=n(?m7)v2oBrZ_IEt+^ zbCzsyc!P6)3Gph1ezW>|q^c(h=j>T=;s(Npx~;)d{>W-r7k0)3SxvQ&urP9#Yjkv` zCe|cRk0oq}bLfOFxR5wm3sz(}f$!mhrCJtBPf}b{f|K0hZTn2^6mopQQ;`AX(c+04@Frc-F9Nwkh^jy6&3U{1!>$dgXgj|FA8+StUe^Y?7f~ig@62 zi+R>N0#R+Otn%p|-5dwJ`QC8uBt-^>^2&Pjw8RYx8Qe^yJs6xg2h8qIuI(vy$xFRk zEfh`!(Xgh*I71TJj?Nr{8?K60;@<@-?YfWd45APuSx$tEq+*;XS%n~jkg=R7mVFT7 z=6S91B@TV}oKj`X1ahUmB8qN0c`%gP64G*B!ghq@xPUoapn)K_+#e?Wd4hNFt;b4# z2q-ONBzJ`J%6P!ZoY|AB+zp4g{;esew_nJ0$yOxT0`iFz1y8l4`GnZ+6%((M(3Iu6 z9X%y~Wf9%=bv7xASf*L&+m&u!N)Olg*tnn}&Vsrge&R4=5_83CDs=(u%zA2tOuDO? zq3*u;5{_M*L&5YU^657hEL!Yfo3D@y!JKX}UfPM(-Qc%WMpQ}T{j^p~Tb7{OP?io!P4Ui4VMH+Nvxx_Vc zJ*9lX@KR8&KLTZiS%JCO%~okBS29J0#1Kk;&Xt7q3adi?-ua#8r{>y1XK0D5zH`~W zq(y@%FWu~@nZp_`MV^8-Hs|n$>mJZzjPk{|3WK0$oGS)Ntqs3%s1q~o7w+DuBtFNz zA42DSHEOMnKLRNJ`uYAE5p~j5su2U1w1zDl& z-l?j|t~b=7Tf32QbtxEaZqpU!?7|x@;Z!#FJAK~%M76vReBG9z-4vfaHXYtTUjr-R z0R1RM77Vbv5nZ<=`UCRc@%9RhHJIL5_+e6xm8sWw2P_glOFnVpzTt4G+Z>tig#+N@ za{rk4I66r(r^wRye0A?Fmjl_-iZHf<_Tdon*wSry{o`S5EfHJ;<<0Tv&iEw$yPMKA zRrbWxq0rfG*hWlL1mS=<{ka}ZPG5BRQjowQ~TLW7PVfc?rI zT&oWZl&0kUwkkCoOS&Iub7d>+_6DB#ogFzyP3=k`@k*t06}QCmT&YWK&6W4{=!;;E z=UUYu?A($z-B%<5$ddBKABLvCtuRRZ7%Qb}<>m_Xi^I38im>mA@d`bxYE(AXZq!kKr6n;KU;a=29OLUx86>&G&wxo=l&D zJBrNXFFT3Mv+>vNZeJrv&ZbhNM}N)DWp^|zob3-k{`Ls$w_t#n_xJdD`m@%rB)6t~Z`(?+h zhv?CytzC1fwWPB`yHMM|=%v*nhH&CTUFs%DDz5o8$n^Bm5~3aLt{&|!_tda@w6ZIF zkxE)5i*-ORX=5KI{^?`Gqv&O!C8O2rMpysbyAIg3k)0OVcpWfI+KP`?eqIa&{WA83 z$Iw%}55Zq^!~wHh-=5q0!t`?)gDEX6MF5__6VE_B{ceB0r(Yx-w`p#9x9)`on_1yt zl=Nsc_7m*ZAQ!0r`s?#}51CwF)AZGo!Bq(`ys5MH#^_QM3@q=j@5bwjLyVV#EzwAN zi{LqHl&W?)hB^TaDt^w?290mup26+ug5V`eMU_UbBW1nD*TFqyQs-%GR_sHEx^foP zSD1?!YJkeBlT}|A4UUx0g`)AXSW~wsY-~MLH$;q*z==G~1vQk6wSu4cs-TybJL$Oh zOQFKn(z$PaY^v+12cP5qP!%WlfGiEmc1s=WZOCdF|S0CvbLj^6-NP0~6spHX?6^9=D z2^XWPoky{CV;ekuNvcbq_~>kw-$h#Li2E4>8l_=b2{*P`5YgetmqH6Z#=Vj}eFh=Q z(#p9OGTtp!{C#@mEg5nt%5R{h7XC%2n%22YF_TRl3$1ozu#7q9CAa=TJG|=QQ5>}! ztrOAe(JEoC9zIE=yAcFmpTyGL@JTV%9BF z@z`SLVv5}ub!#Z_97RL}Bd8ydAj^5i{_{A8hLNM(h+HfDni%YJmu0Ebbj1r>w*70Z# zwn8K6(HuMkGvPiKDvw(1>qxn^%9kkd6<4<0+1ZSe+nA*&k5D-bPIgPMjLO6gUvk3F zW-D-!;uKlc*r$mkejV~0$>u;Vj|CbCWoZQXycd^Cv8IOS%{-tOur2ZwG)}byjf+O} zzzLR%5|x56$`{`%s3tjemQYvKox#mF4r`$Gv=*87QV@>n!AUtN%T9P9=YW_6DdWeh zVuq5VMrBCNw<2pqa&srua5HAx`%wcv>%|SD0VU>)5@@802NY9O<25PTX(8>m>3yi! zQO)u<--|Mv3@bPjDGRoL#t(Fj1s7XwDFmAQUcX!GR4;3To@%H7E(@ z3^>PEPJ~PsO}N-kkZ^Nlh2X;b4}hq~yR(ha)S4 z8Jc>B`aU-jlHWboX^uXN)N(Hsj;6VggRrO+rX#|d-w|=EOvwOBEl(H7^=VDe; zRcd*L!)(O{l=-G6D7fEESvH{|4Ye)}<_7#$o_4jfa6U(3E#B!Toa2xm)em4zGdxXG zd#+|b;Mc&4!!>Dx=`V9ueJEM6tjY0)V*fgFiF10>B=g-aKXOUepz*3M;A@c6PBtl3 z=XD}xx5LA3+=o+pg*2qR1qAc#Ia8w2Lhe-}HpVdgG;v}H#UWQqVayB+5$!P2PYMkh zOH+f+DFMBIwN^CjF>V`(#EoWkgMnsQHJ|5ELS0R|-MBBNh1!UXnlx$|7kg#~WL4y6 zRbSRYgH`BO`O)G?cS+T(oaHsJ|A@j~-|3#AEm0$Pc?8aVO7-@=;}#{pE#B(D3t8!f6D{o6~n>A>Hr9NW|1s0R_eR9+uA5vfxj zt!OB^)ejDjo{O}_z)QmQ;i2X1TW-)gm;z;=b_xenEZsuQ+nOjiK?imXx9YNB?4mR? zjmpx^{D2~*`jZ$o`s{V4^cGZ|3z@+IMC>xSId$pw=o7cz%v%SqdzpGlzxRN%t2XF& zNAjwIycaxt4IPnDJ=Hc@zdt-5Dj4qM?9dFyy%)VKSZ}0i_nrg8HF`CkZ@ni;yM0ME z7D3fM99IvloWJUr;~6xA2-nE< z6=?iKGaBX^^?3yq{jR0@4P&`pq4bLdD>=bQ7kMZxe-~m_Nag$tsc+b_9t6k|UE`wd z!TjxGsqRNr1&uYTO5 zwN5)%A2^Y>RSTgAMLwJIh{&ZYqe1j&cm~rK)P?O5mtNuR z&;iCS=+?vc(e6jT?jGPwx(7KE$9IEF<4{)8I%-;v=NRt=R14zpKGwrAin-4i#k?Me zvXWOQ<}^jFsdj!{Y&!ykq+4LS8aQ^|MZ{YKopvJ-EBS?&cEhJ?`tgW+pWjxc#>HCG z3`Ozm$lY3w>jPsZZk~-akM>2|X-50v(FCu^zG(HcPWKi*i))d9WZnrh(NNE0jigkzWBHGI+iL|5>DXDWo10x>M!znc!Lq#+tk0xV_?0k@t+IgT3J~ zUgnLLc`sm<17GGvRfkRri8ULU9-8Q!t0~I$a8C;DAd3u|pA88QcGQ9|T0guFEjS0t zrq_^vF$#{GVYon!5;T_bPx<0r!`JR}53H>zpGzn$G@u;i#gM?AbagJpO=HyBMO%-` z>qU$8>rh^UDg`TlDYC@0=;+Ula`~b;c9hFD(0Y5r%=R*n**38}(PLetadGBnayrg^ zt2AcKy?Shl3Rq5guTK_iAH_Z6jqL%0g1L*uH40u(aJsScMo2Ip8Q%OU1_AY1G{0vT z3JwQ006TDCAL|Er2Z1!m4sl=uY!FI)F0MHf(EDrjL`Y1VJ5L4$a$0Di2pH_TFyK6sSfvm8(5FiY!RWa*da5g}O5}XaVDNT{U z0I(!S!xKiK;Y>I001dLd47H@h62K1wiZ3X?xip2b0>Kd}GC`ncjg*V@;z7)?UvSmy z)V-^}`VH*fEr)B$Q*o^>ha{oVEiCedgw*&tycGwV50y&8WtBZ9{_t7%jsKD}=-VxO z2=^}`SG_9=k>YtttP7quCy6@2atXkt$WY^_Qe&KhHooEHc5^Wok_5N_Sx6vwiIR#C zuR$!hka!N52|h)08wAf-jcpwc$-XXYXdm@y{7B*)C31r4{@PR{Axx~LkRj1xubgz& zBN=G2{BV<(CL|Tjrky3K=$3A4eP}p*V6sFD8i>~?-0E#%OBmKEAJQxT&pGeWd%@<2 ztwWIBLz_3ls<`zN%&__8DZk4NM>;sr)nk2O)y@ik3aoH;-h-jWy;}&m#M;43aRE5r&;G~e{dC;ix?B~>Vg-?K~{26QSpOpq(JRnWe2EhWk zKF6Gi+oyTM%`_y8BG=QZVqxE7oJOW=WVlU&SHKAcua(RbHfd1lWR19NOO(e1v}Slr#gWRfYWi{CIH{hCJ`=3Swrlxq`sH(VW1Ae8KRDj# zt?9=8uU1rpdhn-5Y*F`;PM#vM>4#tMOTD_w8s+LQIV&Wv-7=1nL=jO={dwC)KP~@O z%pR5gY$PW6@BfY}yO*Z-*hS>XPcJY2d^;se%}FWZbVt*7|NIsg#@&7Cei%8fqX)C`#prw~ z7;4ON1{zI@-$yB535H)cb3V|_4}k5|^QI=GSKa*N0h&F6-K+p1r%lbs8x=%1|I+g7 zW&yQ6Z*ph|Ti#$eRCJ#Kstpaw4-3r(J={3kzIk4Wex6aDQoaahpUZoSx)i^A270N( zyBg>B&w=+f?v2O6c5Qm>Dc zVQyr3R8em|NM&qo0PH|UtnfC6UdCMfzZrbTgZamXI!xU`unj%$_ za+2Az|NS0GcAO839}*=xiTKc-iERP|0T2KIPy#1QloOGo1TEx*$n?jvB}jdI3mN+% z#CY@O&71%E>8I-dZ{ECl{QoyUpS=CyrO{*b&00^KqS zr9uAirZcR^i+d&mI2Rf;6!XZPI1HrqQc3h`!mBwuE&m=Mgg_H8Z}Ni^8fDS=aZ9vK9c``o}BzN%Ks4KzUV+s@kS#r|D}#s|5By+ ztxsmC;pAvVdHTLlRE{##kb;I%iPTaI_?#~GO}3Dt$nUhky=Bxtudq#$4SniGSAWS_A%X1(ag-#Ah;r)BTTPgj ze=BBkL(k1rHNx+c|NQqTN!Gwe zC6zI4rt?e)hQObEzRJ|^cpDz0RWU=!QKQ=Gtl%J+SS%=Ce7(*0?Q4=yjoIE08~|HD zJEIO#!tIk!xk&NXQdRllZDQnlq^PLGbV|SPWivl2uzdg)q`@SffFqGc!+f|m?3NApNA*CjoUmhbHdGYoqG<5-N@i(FviR% z9}HHhJSsb<=_qLd(YPt9m~qqw9xx~@FI@Uyk^KsI^9@+M0y$VWpT8|Y8PK-i(&@y^ zC0&EYQ$kSf-37RIgz)y?gpZX_zFoO zslIJxaYd%PLb;{{uLSGCYcMGG!=*@*(sozZgDqgMDs22{>%#^1Z%aq4p0Xd$wsAeH zccESN)jL(>3kfMswFHfey?%hrM@l77K1I1k`B|jRXS&^XuV(s7$W`Z=RE5r&;G~ce zIcaoo>;~d>g-?K~jK_KJ?tLS4CJ3-i?C!MC%cdxpi46#xq1>=$_FMOqgq^1J)_eZw!N5JlkHZOsf+ zxvqaV+#uOD2GUeEc;24q8_3Xf5fu)CQp?i?a$VXb9gIP>EX|YNQ7wT~_pW^dG6d{H z!svf3g+kdU1fz%%CW`b@iZxC5V__AtYjtLu!+9kxXWD{^88Fky;xbE8-!hdLO}3$& zNfiK}P`)s!jqPx`g?R)=OG@OC*iwzds0Mvq#IY&Fy^rCa%YR^1y?eY_c9E zbg$zQ1r-fX9Fbvgk%Hj_q#<11FZ4pAu2?YEX4FB!XyDg5i37Nl^%#&HZgB3xz+cuV zC2h80y>N5@Z2by+FC-3or~ssAReD%$z9@Aqq>)#{dQ6YNH(MM%g1(5c-sb3WKY%N9 zXJBw!CjJ0qCFXMzbhiV4->m0_Y;<5B&Th^F*gyNnn_O^w8V(IJ`)^e1W*P4`_Z4bs zF$7yoegzso(Tq9}#A`F}=KWBRm02#jVEw|=14`5C7b&u-2A+aUKYa)& zU^enG0qF-|zzNFf%8*+XTC|yH4wv==F@qbL71^hIE50fio{1uaVCIr$Aa76CKpD&^ zqxyDQ=SdH@!VL~n0t^QSzRkh@)#g0~23s2EU(5N1UG9VYg@Hj=&cNU>?<#hF8FTxi}T?qw$991 zvccgE&iy6Cs~Gyt>g$oJo+zBNXT^yd2p{UU221%Pt6^Q(853kR)k4C;$XTw@(V3c9 zlRQ0^upQ2!6T09+;$$sYk>LcshYOZ!Stvb8aZL$Ma*Ma^GqqFHC0zU(3cZ{Z(l}Sr z+x`%k%q>^E{Q*x!29!sOCvL!-bVr$wXw3wr+ajB9Ps9Q!?}|b85qhd>(SE^Hz;IqGm-XSaN-;=yFaP-;s^%Xtag5t8Eq=5T=qg4}X{nDplf-odvXEBzs$ zw2+b95y~s$0Vi{2Pp)z|9OC-7rkvh>A=f2akzfnRCsGtV)sp5DV!KyNyiP(>mg{!( zl>C)Nbl2C}q$pyUW~Faex_K!*T;pTof`&K?>U#Kz!;DGH6|bq(1+X*gsTDHmu4ab1 z`{GMDc5w~`)04=j-(0Y0v4d^CLM{Yzy2W^DCsucZ-%=S-C5`vfS}ko^f@+gbMmd5! zEwoSs7|KhK&|G~PuFgDuIm}$Ro_eLf0Iqn_z zEO98MZ-wlD!9d&9P?&6?@;s0V2~C?LNYAZ>LNTioBmz~eKi5uxVNNwS^%v}Db5?o5 zm2Cz$(?Xh)*Sr8HepjJBN;Y22UdUrGL;`1#D=iVSsuOzU3%&?7W?Xljns_eA3T5|B zRZVuip$^^Jjf|^H!Dw@vt}tg8-e?J@vbo>s^Y$mI<$dJqwhZm2`0TOi@CN!CSP=*4 zFH&T|0J|H}bxWc@Apae2uh3Y7>5YXSCgoU}dX0C$BJs226DRH)4wt&kk@;RY06s4F zkBN_?lO%JBERD}s_ug_jkS(nUV=HJM4k3>%-GIUd~^pTvK6Q@WKf417Fzt?pMn9!-xR91y2J*Q3eliw<835*VuN=|8J_u0KSa0!-p;K7OOeCE+99Bq=z9c*LL#JJIJ4*uS0-1*EXKxdz<#{REk{~t&=CZ%U)h6e z^^t+nlziA$rG{fk_XBONY=zz4z!Sf-BL}IeT?r&!sdTR5mUx~kb*Zhn^1dE@5zO&i zs~UuzThgZciX;G8Qoi`Z(Db(z28kbIrBtolT!DUZ_;z&>6NUH^UOoF65x%=BXoZ7Q zJ-vt2+PZ@GB(?o0Om+8`Y)lSNOOV#)LH#1($N>cNhv5uVC!9T3q0%L z<#D#!DAQf^cDN*p9)`N|7eu>mN%|GU3XAwLoWlv6c*MY5>O?jNuDP9&cM%8jUniPA#?3ncs zJ({$&YfiP6bXI5=YWo+xv|7XvPJF0K-6ToHHNOU#o?co)w4>eCquu468di^1c7-oe zNsDB$4(KIq?8C%AeQbCXy)3k3w0hm>>Ysbp0lPM`(;^$M1BOXk@$t&fi-DkD#@_H4 zdW!cU_-l?hV3zCKb6a1SelBA$rG=#kz!P}l8K|eDcwKRb@lvoQ8cA;v zJZFtk)h@?SC!j&a&zahw@$K6)xIJAEyhN#}(#UnBtk?KDxTj3&JdMqYedthE&Z7DX za}h%gP+4`d>g%Gxk@C4vG(Hw<>K28Kt%vG{h*1(ak*B$!hLW*X@DpDZ^zw2i9ru1I zRM=WN_pOgjbshEKbKD=Q;^ZEXCFG}tUY=7$#2Q^RsgEbHoqmeSO-1@l9^a;+oN5YM zI9?<4h{)d&kDm?qUhwj8vGk|z8xyC%qnCXtqz3ltBVA*tpd}hfkI6oDJo>WY(1SnW zVpO&BD7J2FgQqV^b?Flyoz3#QNJ|}YKVv|nG%PFO#x@HgIvn{@Xu-$0SCXgCAVgVO zIoCqQyQPZ1Pp`ZsLoP-64Ybt4zvxucI+rPCvZ-UC)ou)yG3UJG)<0;6S3Nw6qjsZp zB3eCKCCt^sCy8`7g5c|uSh^cNDW+Fm!F5cmFpY zTkKp+u^Xdqt%h#_#BOwy|Mn;+t;-{Jqa*T3w-X|1TRgEFu@}%%3n%0G=r}s;PTK;F z-H0mNt;;udBerz3D(={g_~^GO{n(Az__tP0hi_YYV_4t8j8>7?7(Gt=cs(cT;cJD_ z<9vc)&mN~jxuyh9N%au_SFu88Ph_|n@*<_k54V0ZN$@78vTDOVMIyLM%~3E^eKnV_ z&KfIWL)={aU5MGO?RD2)?kyHl6b_O4=XPf$aY2=in^dil1CLnV8@r$7_U7>5?+xWF z#*Jb8>tdRL{iV}B5m@1E`K_2Jj9rV0iK6Rci1B zXuO7~R!%O3Mp8OA=hb`bqY4>S$i1Ny`^ZaN93Cj~+7vA$EHL&HI2$xBBcGk>R%wjd z&Zsu^pT!FxE_VelI!7>eJIb*QxP2U2L&QS}rX55Z?!$O-$yL?W$CHRrLKNRR9?ij4 zXe2$FgNI-y+{Z%YQHy;YDYsVn5+%Ok%9cAjn^AHbvlQhKDu=Z-akxcSCm4YZ!tBJ*Af!cjdqDFiFb0oE z_bj<%%<`0!9N6h_WMwcz zQ}0mU=SD*EyXQL1(Pxob?xn)fG#7FZ7L~$uL|F4XB5su_89=G!=>oYvEljr_E?2rr zEzfY6t=NDv-_!&J_q!>}CN!j>)}_JRfZxi~u67pA=SZx@JN<-n9P*?30jz0;r)g@> z)$9lS8d!0-CT%eNWzMP(B`cOSIo?q0Uq>!+PH&oIzT4$TF6kOHUeyJB4RYGaCZ+1U zPQ>hXc-W2maB8oRhLpE}V4gi^N>p0Ny-LK!7>1uFPAs7~|p+RG5 zYS1|)p!cuViiSPLZ3B_G(X4JT&@8Lw^E^tZt4X&T_rF}-Mr-Squqwt9kqisW zR{9tgnv*#n7UVWi5D=p6XfC=lomEw>iW#2fjW2+@cp{Kyw0dQ;_Jj%FAe#MN$b-#C`MOCAJd&xE(_*<1@d-@yoAcB|5>mw&3b?T!P z4Mn&5!Qs(!k+v9kNw_{dw48m*4O$0NpzPC5;ed*zTc~+k69p&ez^>s|T^5X8lxC(; zS-P1YP^46U62nHHz0Q>0f~s>NGdO^VT?RL&F5Mn|;?|pa>)>@SQ%~vl9&mQm2L0|x zUR99yf`_l6BQmO|+9vDwhv!2D!=0QRn&G(jqL&5hja2R4b6~heug3GO_atezFUiIt zs5)+VK2_1;Rg6x{YrVh#MD=?RAxXI4SDR;SzFmD93EK$Mm$3diu^uB$o5%LSr6EY# z<#{g0uJ}(!r+rMi>}7I~yj5qTHt4q^bUiw+yyMz~(cYJ*>(P?4>oJnO9oant61y?D z;wu!&UrVJj9wv=2+t73*XCq8sa;{O%Msha7^dn~r%`|}H>VcK>R~>UagJuxn8o9m# zjh|>n!(5|2ub`sewN$@hEY~ZPez9OBCphUM52fYrLd*)OoSz}}4O`ZO09m4IT(muy zzkN)VHURWNUJ3f%akXP=7lnP;8hFgaYo6-)=cv7oOuT`U=yH)xkra~Z+e_=!kDIjC zY3J%AC-SyxArzs=XHy;#xpZYTh#n2EfK;zG(YB*ypYNu(4fX;mG9!b!uwCNPE4&># zz}N-ddiXxt{pi=-1Dr|sAZOzEZjfml%1T;CP3!R-d$IiQmc#ELZZUkZ_zwpv-_*6|l9&zvU+p5&KSZkW0 zD4rd;Tg!2MV9dnLvytY}zGyqmXkR><;1$^yt$x<&-oj^bEfSEt#kuvKwPLn`NH^a2 zIKkaCusUOf(kL(TE8s&0&o|&dixe+~)Pq8Is(d~ZTuZ@Nb5|U6PqM}TJS~dhu5J6=Rn!? z8uBkj!ErMT7sye9#!~(%U)*c>+I{YUwKe5)38jSwl%u>D61bDD&ZW3%j9R;B>rr{V zXt91B%4<-iVC64GmY5bD{kc&tUo^*#a@hu2Z*Q2{UIsGTCYC39tcx@*&iqVH$GLBn z#;mzlk4;el%PH^m$%5^pxM#evJz!8Ucd@ue!3zpbH+J3#3Fa4uH-CyjKz$a?@7aZd z!+{OJ4jkAo^#iqJVR|+*D3A|8R@ht!5C+z&nDs9>8z4go&Ia6+rbu7_ zSdydR38T<(rki(w23cN)T2f*O;D-Ul7nI*zn!;Ft;D{8NAkec$%0+tdAZFMvxaxK4 z-qm0I26pe3!!_lpxK@`#lF;ZD7WqO#YJ45uii6FEN~Phl${rJc_^kWJf5{p2?Up@+ z`2&JtC0OSiQ?G#oxKS)v6E#Oo7o^|r7j4C|B+>6QQIocHLxU~|OQ zAxQ6`&6{CW-1-S-*!=R8-{poQ9USQDvA(csXN7MAE1aG8V5o8L7D6tub}*Bitf1Q6 zDDBL~jkcdH)l9WL(s3qLp>rlUDP(ybG^#xNIdxs(6JRQT#@hR5r9l@DNYk`Iut2WQ zF=yiTY2I)%4GE*j^|Y#3*!LKxk?9&4Zj;~@a6-XrCG&($8dSQOj~OWaRRUMloL^~E z-HC&Wu_&q%(ziSXjeSDNP^rcnyzbLW1l81cqxCVzV5idm(| z(qHSWtUaedv(k|W=@VVmB=vg`fApvI<`hcSC%b=DTQsSwwCWEwsyDs2Or?b^IkEoB z(PT0?y4SfSft=!vMqbT#y!w|qrsBu-$qY4|993;qlC!GY%(mnCInF7sr1U654e7?i ztC7g1C=pi25;$3+JSLzu!(%FrRE|~CkNd_+^<4CsU`4iF%Wu;!pQ{_&$Z;J#n2j$+=S#s* zW0o_}Xj1$>O8H7K{JNR*fo6UHY^R<#H6gv~<|hx(>=Eo{1qeB9YDV6uAiDXNmR~mu zsP%c1Lqpi|2E(DE`wUQRXi$DwXg28K#@Y7G^GfvdjPjK7ML7Fh-c!`2_}w$mOC8?T zIKO`me5i46JPx*N8{BB$0G?Jr9gO$wQ4l5&v#<4KyP29USw?SS^d?4c;vOE+y@|(K z_r3eE_Xu~VbFWgKRY0V(`TLaePKW+pitlgw+kU?N-Hy7=R~QFphDI XV;tjn9^?N500960T!2)b0Hy%|{j$ob literal 0 HcmV?d00001 diff --git a/released/assets/rancher-operator-crd/rancher-operator-crd-0.1.200.tgz b/released/assets/rancher-operator-crd/rancher-operator-crd-0.1.200.tgz new file mode 100644 index 0000000000000000000000000000000000000000..2550ea820b8c72e0f4d5fdd4994c9b75756be5b1 GIT binary patch literal 7039 zcmV-_8-U~=iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH|T&yS?2rZ<%D;O*@^*jc3|tn1XFyQ>02# zPBMG;zuzOtj`LyhL!v|{5g*z!u}y#=00JNYO5kLPaw2k+poN?enSOu11gVejAY8I15{&{-x-O1@sKm72+cgaZ*=$26^ z4f4B_&aj>??u88CTxif#aP{seNeF0QVsT7BYlg>Ed{0nnI;WVvOE$c+_iIaUC@*gJekze6D4dj&@0pj#^ayhLCrU*H zf0wL(ID$OC|L4i^>G2OoDJmjquB$&?*Ha{)H&Z0%h0-FsMkNYK@B-(Q(~4e42AJzd z5Kc~xV()X)*em}Uvz&oO^*xcP>Z}Ni^8e%MPp79pKau~RPe=J5W;_%Q$SK}xMyZZBEVdKcBb6g5zX)ks{TkSn zq+Fvs7p%x?O*Bbu0Iqx^0TYUKYyH(C1z0nF-dY+O0cHe zIjVU!WZsT_-zf(XTuZ^O7;yZ+(_B!lAAciBc)=LV7`{tN1^?v3rish36zbVz)(Q9Q z!V`!>?wz&%QOQe-%`QCsOw9fdiGK7EuGD$8`@t3s8GIA`Tw;n`Q(!gMg(pKwRnFk9 z3WTb&gg1QUw|<%=(O`M!Nk5~?xV z`+);s3utH5K}xuL_9+)B{#vRkU%X9>T#pnLm6%THx4mrUi2TDP?3d7ccvP(h1BT>> zsaiJhYYS+NyIYP$UIYTuBzyIsTxsA0OFkZAT?}T(8u{n(NpIse56ql!^IYei17bHa zxE+i!Gs*{pRVt6l&S^SIT0k^ziYjItwSfl=3d;+ZK3HVG0^WQB7H>cf*3IW{3s45M zEx2?#F>^`Rpz(|lRC{;9arP!voEI}j$sp5DANmiE$KhHm5*NMLaH_Jl)dx=GU9P)< zXd=EsQb?-rT3K9?>8?<&DZy*Odhi+yiv4gY(xkNA)%9Qt*sBT~Kic|mf&JUk5v!-{ z$Fpr*&+5m}uKManRpbi^DNeNnjf=g0fXzorB~U&^xkmX(q|Il#-FB~L`b)@F=b2Q6 z&bi>EkPUl3YVMV(4R6X3o z4+_0Rt|@^gTgj&V6znIdW!+AgKg8eY-Z;%<^WT)=4DbYEK=uY_OCeUBfY_sUrAi`8 zG>D29K&O=@^>xCWE`Fi=t;;@OTAW1V$0hd*Nx!vb{!Hu_c;`i07bx=k`}uvtFQyPh z;M#4?3{<(Ue>dD9*)|5!R5p0tp6DCM&~y_fune=UVV*(U^}h!G}=^h$~~P4{DA6|x(3Zkxk-B`#;$f{7V0)5+p8OH$u5 zl^9L7p`1w-0H094FsY60aJhwf0!K?q^yHi1I3Y_Ujpx5V2xPM-%dpMueEcS^$A0q2 zgPUx!9wv0J;}QiG4bL2rVQ`Ux;RK{1T;4DALZhx&FxF<&LBVL?*Exv;xRmu6kR5Jt z?!&;J*C-`zwqd<+bO3Dq3VbUh4tuBoq~}$7SZ%&2bt9yaSHpTtPrx@@96f@*jIrM4 z=y5-QD|2UHa9bvR4`e0ga}#v81ApJF7lmweU?0zJ&I8y#`-j_HaC{yP4Kw?1RO@CL z?>6@}YH2Y9TTFfp8b8vEIuOKbGwih#r)9M!~vZ)51 zf=oZY4=7+Z@-YGFdtkr`%IV6GTNPTgnP?7|_5(44TbdQw#|JCEE*PGRB7|V(l4c<9 z&elK~%qXM!Zd&I_54XY%4pRaQ2M4~*!T#0eJp~3^8s}fi`G#HYqx^+|L08Ve;4trN ze1^1iG;$c$wki}}ZjwL$cu-t(2{O4nQ;IJ5Zu-lM z;V8Dw%vrL*;SJ9HCB*9(`pxR=k*c03oU>=ei5mzX>b3?;`6H`gUDz2DWHr@7!otW| zuF=t%npl%OJ(jQ?&Y=^!;6mbLEm)D^1ipm}mTFljJxOs*2~Kj0x9u~vQ`99~{2B_q zoD|YHSJK=55SYv@SG@fJPelflM~f$Jz?*bQzX;?GA*%kMH|Op454$#~qV489vdX7>a&sK;=6l1rlN1>k$}8*9(-Jo*WN-hLt1C0mhT3&}YdVdBK%!2Dj5fnv>VO04IJ|p*~7BUd>*}V=zPlXOSx{5wfZidgTkg3N>b2cb%Ge zA;=14_fAz!cDM_ z1h8M(gB$gMfzp(`-&UoDV@dY|ZLVyE-QK_xzq2C;si|EFBwnd>uHu$>o-1{!t-12P z9(@ta@m#AKgk4zDru&K{09jJL_`}fjw-pA7A7iCdt=wFJesTDEeHjyl_!3?{`xz0w zyDDgfgHt`dht%4-g7+k~{U}Uz|CVe_4p2*w*5*O|BH_pZ1oP!QTsDgP_HXL+96Vs_ zU2_XO>*3{bw%RDuUG#RiB#It}y7Cu9yKYJP6~qdQ_%WQr37mMuz+CD>;wv!9t@+-s z)RXB`a7U4O`ei4Pc`^Rl{q1W6$=Otj^ysg-x$KUHg|q$P$KM`-{Z=gQ9Z)wvn-dTt zx813Sn{m_`C1)ae=z<PV06*ETFaypt6 zd%x_M^$NyQDn0hyj%Swgg<-PNPr<(?W= zk5+btFH%X1WU&tDC2j1(#6Nv(coe-Xv}Ck;-RSC{d)EQGHnP(q8?OU~Nn7#p%Fl~| zpkKz`@ECfE_aXRejyPbJ>$?kEUzmO_V=$$Kr3kkGI&T@buNsi@M(b)>A<_&T_!OzJ$1&5C{K zP*={P`WkZ)Lk&<_b+YQ~qQQ~!xllAd7HjGjg^jI;>V}9>5;&2kxuAxUu~zUCUlsKF zawi@4ekoMgS~~Zwk4<$Q_26^dAFATy9*`yEXN6u~P({QVT{NkWC$ODAr|ugQr@*6^eJP{{_U0p9W2m4d8cC1IK6O0$ zs^ZXtKjC6jweu*pZft|6FG+Rj6Ca(;^7}|j9dSQrK%+D)E8)gA3nDrk`BG@X$GBIL zr!OExSz0+aLdLtLioZ{9yd^^}MfnZ1)WW~&RMR?_DQ2>%W1-b<43;tHyyVtDXopul zJc^@sqje%$Jz6Eq)x#%=bT@+F>yucz8$KzfyAg}P-buY3(RFvC9{@Y(#8ba^c|kCA zZJqb-0C?~DUBX*-B@=3Q7B57MZu^X`$&{7L0D%-8gH+CbobhIk&*p2w;w<-PDjoA3NR!)a+TY6(y-@%Mlk=GbKPWyN} zC+gvAh0)`DhGEYhr$V`=1kXtI5dRmkLT688xEk^zrN|Greltn%Hm9;`!#+hKxJ%7Z zFjRdtm#@wmD`7+2T>M>#*`4im*Iw=|7E%-rk@}Z*XC-k#m5!TKt&szdSl%1EpXK)E z@Zj$a@Vc;a&Nym?(^0nYSYsB4P&Kn4H-Xjikrq%oouQSrK4( z`T0$1@C9hRfv8qaE`>%?IyV>9d+VbL8CA%Gp%nYTOI#ctDDm19EhH>3_7gZ8G_E3_ zo$5|$jM~nqHuYb`3m`6c1+O|sFm^l2u?@I=99l!fLkOlFL>unIcyY;9)z!z7h*3fm z-#Q-6!B%J_J(`1uU?x1oLgi75eH|&cR{0VozTwK2dpny^au>4{!O3n3mQk75 z;Y&{V*=z+aQk){I8v8Vn#IHl1BiS6t<*`5mp)8F6U-sg1Dc02RyqO0S1GYt;g2t(q zpmEV?9yq~rQKC{XM)~4v1=S>{&JyaXx-+=_%3%$(p4KAsUJAldJvb=`W!VWYq14z$g))>Itqwh_ee95+;h&2F)2_5`@AfEjX~DNkMHL zyapw~oB`+f#)**Wq6ruKDKc6#FM4q~D;CXp0i#Ff3^f^#`qm2Q24Rgu>);%ex)IWt z`fxA?k4X0~#c&O5rvap?L^X)AN~`AtrsaPPm;2%1Errq?GW@(oDXHlKIULOLl$0FU z*>GfKFhf)CP~Yc9Lh`%kI?d5%ky`Gh!qGGrau61k!gNGf^E)DLl_?oOspZ)MxjrjQ zw;nE6x=Jn2ahR>xfHL3I1O@lIDa$4_q@mWO!Q6n~%G0iP7S88Lti?P1gmWD7qxu1? zX@+NMYR}c|2mBgXakwUJF#ToDst+YAmNhxvQ0!kvE^$t8n`FM*Y`4>>~?tAjr(wFuaJh6w}4pR^uv?XffE|0*uPpN)<@3=*YFS&ej zN`Vkm%IG(=#3J!cDV-H$<(gyNH!h@5T4d)CACv71WbrYX3ud`y90m`G3&-x5{o+w4 zg&%bX2P z(~&1VmufBo!dorjOfHP8@PGe0`l>AgQ!V>FwKR@;CENRfuV42n7u0AFyIGCa)-7RG zj3pu&7MQK{F)TDEb3QD{ZJ;0^MBC9^bZ0uNs#+B@Jj)wj0Cn+1AkAp?%4Y2e6*AmW z>gou&_gwEO_)mGH@Oz!7WAzgq%fkJN8HwwD??#KNM*sGbZ94F`D#!NpH|jwIFO}B^ zPDJX|M=KhNZuNu1qvs-RG4PUbb9iVu`<5HD4yHiar=7w96-&2J^R^}mPSAnfz@54( z7`rUZOrx@NGe4k6ss1R2jXrywDZK?%=R#(101>+kZqHo0J^IA0H}lrP>t3dw(r-QB z?5Yj=-I2ViAnyeaUqeS^R8O@{)*lYfhYE%}IXg7NaqmSh3)UN{+P&w%aE)G#=UeYd z(r#apjYUv(-0*y=qQ$EiotD>nfdPo>_aH)&aKW!P&)9su{x}l05vDI;{dHnJMw&K{ z?So50khIJ5T#jAwpN~%am~`38ObY6MKwFjfUFHhH_C1=-TBzrru zdj=$SV{pY+D3rgJN@YAu8ez7f=}68-n7-s(qnwT8Y=r4Y&K8E9b8|=6D9p zAi_0reGM8v(u{_=Mtxa9MZasQe#2O-|en2Fas)yvOOdmEW}11HhtBAp^BB-M9U z)~g>kX|2=F)dx=GUDZM;LXpp=JR)-G%4iTh8D0UYUTvanN6S9nO>Z0Q1yp2426bV( z#HCkwH*|op3%d32eYE?@ue%30lkP#z#PQuA(>Rosw2qqA<0Zy>0o8&yypQ#GjAHIH zMlr9)p{(Q$iaAY@YpR`J7u${iA?X&_t_F^scM(>pg45 zYy**Qyzy~@yJ=u`&I+YbUgp=phYX%?z<&}cUJ0oOh3-`Od@i__g0beVIBu_aROCIU z>0obojF)-iW!@`T<-nJDQPrW7LSoHEriUiF;A)C;J=~K*JIEq~=4V5~gB`WttJV*1 zLkrGpi05YUy3X-Ejs#hqg=jfjveK)4Yc0gFtfc3WVTH#PxM$9X^h8KZn>$Yi1#(tsp$Hi4 zx-j5Ut};-6_Y1`IGDsK*^C5(11EhC#K>5P-Y-Ug(?}4naxey=>tW`1VUvM@+h7z0& zxG7DMzyPo$N5d0Fq2Ww7?*I+5ybQIZ#1g;{1Bx#wzr8Yru>!#nDKbHzXN{DL^zu>6 zuwQW1>(srgzxoaA-Yth4%2RQpu7)I`(Jd_Ug@n}jI=mGJn-7&r!)28{CjR(Y_l^IO zGw9nbdkpt4Ay>UC3X$SPNvunrHz$cY!Ey<}rN~g@$5LZlfHuD2HgYOBOy$zrH~=f zVy~QZ)*~5cvixwHmnI|?&8D3ts_2$(Ykg=qd|h^<4A-b0%=!>YLTBh0Y**!^1+SINGd5{Z>1IA=p!63B zTvc;^p-pus4l2f?s7gp*^At4p2_-|N8gKBrPcIQvQ{Rp5vp?tYkh51G_cFIZ#2uLY z`H?GTl_E=jt+TTBoC3{CM@pVpgGC|RHG{#9+!q^{DcKiH_=^uaQf z7P92T`Y%V5$>iuk=avL=inkhhHQ({-U+S2O@7Jd@)Np!KwN**Zt8O#fj^`IRr@WHV zqYO2q8xOBWBA22>SRG5?WQp>afYuC;sW?(OR!u)18Yk6r(dU8{*>)|zO+SCCZfuj| z@(0Hoy*1s~|J90WP>=rfge~e`(#dlqHvRDHeW_P>Rij+}C1-^Mwp+$gk|-j|sXuMo z=%?l1irJIWpN+&M|M~AxW%ttb0lSDC`PtRwpFd8?60>`Mc%MSt5@|b{l;#t%1T%YF zTp@$WZg+uiRZx*tZ4>*&F3 zd^I{>3Wgf9oPkD@;`dR?*Mi}f&76-k^CMt8^}MMG=~XvBdw^z-U^gp3$Z1nE@-Q2&zl??!j?A}4i()OfNDd7^20*2K@T_1wr`#{qMv7!r<5gB{xI3MDmGZ0tBAw0O=ahFk^!HMHf79Rg^X>0;)NQ`%_z5>@cT=Y) d8|J%ljAI<*7{|*P{~rJV|Npy)uS5W*0RVEZpH%<= literal 0 HcmV?d00001 diff --git a/released/assets/rancher-operator-crd/rancher-operator-crd-0.1.300.tgz b/released/assets/rancher-operator-crd/rancher-operator-crd-0.1.300.tgz new file mode 100755 index 0000000000000000000000000000000000000000..073d30206d9e859a9a8096a18a567c65ba4c16e0 GIT binary patch literal 8634 zcmV;rAw}LFiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBRciXnIf1mv+xX!z>owj@Lv-0NHZtLA#{I`;Ipgo<9Bm=|BH@`qSHAPk%l={ny){-=6+-`u3l1|NZMv$*C7~ zLo201;-}NWSWgG{Od4X0E2Ic#^4&?2V5AV`*&B?MqVR_Be_#-bED5CVl9pEver-k4 z6xh4uzmzE9zYczdp&Vp^Fg*0M<2rdS732qh#^t+&5?0|L_?`2-ck!#_{oynXY_NeU7RQmFb*H%%AG=eCRFyp)RPHz0W_FkHZrFjCLg zi3W4?2;ubfB=$OYwS)U#L0(X#K>h=ZR1Ovd+Wr6Q>A!yc`R$Ya|L@a(|1$0W5N&^R zpn|}i0#^M?zFGgbtTx!@?E(~fd$J}heb>1ePI6EvMG93yq}dmkmQsO`Z(0`HZQ2uA z0It4>(zO0HqSt~j1>&63GH)c&Ecws;^QUX1R_~HGQXy5!Hv&+4f086yh?|FhtNQ}p zB~l5(vW_2PN`R?3U;*kA%3-gcKg$JR&Xy!Q)LABYSv>6Xyc*MBK! zDG=RF#7UA!%&V?HZ6#q^{jFSxc0Sv#8iL;?|MR~mNwPtdq_u!}P!ey>E8E8RLqZdwYG2uSDT`$0CdBz}Jg zhj-`$9+B%{V1R#~%T))z_CV`g-Ku3p=?SK5?=_9&D1)nmTi5rH2$Kpi4Aqtifk)8- zXeX;aHY!Yv?Le6oZI0tSpo{j$Su(u((wgFfXV$#St41^|;{cY}PFHJz1;*TTYmWi2 zdNE_Q<~h0xCiil}f?-v3$CtO`J~}{kAin=%6~!GE09rg zZ+<&Xrlx5OkmzGPY*4jBEEf#a3mlkw6&zYh5Erdq!UL9;ZlhZ91!WlbpkqWK$Ob7m z!x-ej6}RlYOH3B!f)X60`}w|8<#9XSW1N6&l!L9TT@dn;VR2umVGv!DF9DZ=sQX^W z(8%*HL2L+y8%{@XrD&AM@yg0NQ&!3JTd`mM_aG+mD4?&}=S`WN5+ z%k?j^EHZ&om@9!4WCxuirXyu45Mgr=8xWs(+HF6W?drOxzqnWr?n&0_2?*h2+3X=eS7Q!3c}g^n1lHEz^Tq^>~#ZD%A>@A{ceq zN+#(i(cvjIjN6LxefqUW604p}XGN*e0gfOVVsBxw;(R>_#Ky^q5nh32t2hB#jVx(m ztV@#pMh;t-V_+H%iQ11V?&pGh@6G%BY@1Dl=Ta_IeCti)hh<8~F1Egdp8EtP_nE zz{anj@1=mSN(G_xyv~_z%oizdxzO^e-xJdl_->11L}*%lX)AUh} z()WlWhC$5NnuJr|TbuH3cj-8YIl3cxnSaZ}W+6z9#QoU@5sDUs5_Las zE{}v8VN1gtBMQO6x7lpJn@&%jVJqYOOVwZ4;XcY=2n<~x27+TgTzm{^=_p_*tZh|F z*rq9d+`Fiz@6#k^O9>wlLm8x3^)(-Lf4RLq=cRLTCMC((uKTNta5J{a_4)kX@q%-I zg?JM~z8TMYxV~iR@33d2Ntc7~D_R59{=@6AN7x1Bcs*BKpiIkIw%*Z&oLSu+7|V4+ zGR6hWHk_6@%+Pm#&Qc{xsb(o`2!>fFMp?Bx)j*s0KRMA$xg^#!Ljqr*!{K`~|3Lb0Xtwj62 zGs1^}#{!UoS=gOR7m%P;2YAIpHu|gZ7^)n>C z?daUXxnV14+bguT>uAp)5|F^F85fa6jMYrmE=VuaSalT3KJXEF-pFDFp<~Y}k=jfk z+u4^`lD51N1)&TsE$bm{n@^7On8Sq>!oUpi!(_aZ-~+x=lGs6Vg2~t=t0UMlZ{`KHmSMPfq$n6s=p>cN$IS0&H>f7cpdpb9WmVt{r zTWA?CLdVVm@@8aPTRqR!@Fdgac!|Ek1>Qd4qDLP1kb$z+j|X~Qg9zp z@h9BhfcEaYGZk)>BsPX{Pbv~O*F|E*ec@f1% zXYj;LcN9n{Vip34Qwp=~c1s-fN>k!MU-6`AV@;T)UaJc;UKp;cjO9r{ctu$DQB!Qa z7X^tMW2Ho{?T!ND((v`>Dkcf>cX<5EI9x}v0C~Ih1)NGdq3LZ1Z>Pd=|N}HoKBp*7D|_&vTZgA`o|%z+&7|G zwj|?j#F~ouKAhumoH+QvZ0_a77hr@L@7cW2lgyYKciJ*fzihQ-p3QmfA^I9&=d`&P zBc9jnj_j6(g|+?R#@`N({a!5Y>`>P~SLTr-yVYr$opCgnBmj-~X=~S|+ChqBD;YoC| z(2~jOwVPM>+`9qP_1QZ;vhfB`nDpH~PWgE;2z1NX3s0fr_CAL5nk5a87wZ1PRF7+% zU<{xh;p_{^K`N9RpTCYlWC|22 zB7YYM!!-!PQ>$C*-l%o4PIu%U^_(sVLzH~CD8IXF)@RObdq$hu#<9F@888q?S>~{K zA))p8e&pI9j$&?^m8?>7ww540^PPZH22%?F_dRQu-%;o@1*wN2{+Lc zlTwSv7mk6@N7dKQ z=-BPDH&dk0+%cNhlem5s4=RZ9&3SJmCjCXQyY>xFqr2V>O=Ay5w$&~UT-A>gDalE9 z^^3!8sIxDLXQK^Wd1t3e`;6u^!?u`?Gu-1x(&DX#$1SLC$dSTz;SZ3~El`{EF#-A$ z+BApD9Q$n$cP2wPG_kJ5eYnM?ysli?W0`t#M$-lldElVEO}dK_`S_PTyy=5Qp)0ku zGqSo-T%ZiB9wvI+!kxx9Z6!4Ogy8Vh9p~IRF@*1H6-$Hr;f3D+rlp0u zZNz&V<76W$Br;Hc{q<=o4U*j65}S01mpu)(LV&_uQ%G;R@EL^y!)s)__PVYHPIWqZ zl97ydsn%Me)Q_jc5GP0>8NZBKOUBo)&!C`5R_9GiA{8(dsSss+89Y*P(;|({iet!7 zTh1ct1_~ZS3=mO!XvezyZ#nY?mn1$F8)BDV5L*s4w_&2xR0Nh5oM@`J_rgzHMbOJD zXK1)mAiP4wS*cbRL}I=H8%gSN64-V>Zz5%WJCASE z5JnV1id)_=9FdT}BdVX4d#_lfT&xnTBRd|Q>`N{bvWeEbY){wZD(Fc@GMcMk>yN&! zIrQi?T#SciSQJ|~w!t&jP8Cu8$d+tYJa}5Z?P^EFFsv%v*k(b*14psqinGb@l@#eS za8XuP&Mg=5qEzwM>6O2dR0v*u0}RRJFS`1pbwc-O^&c&3pYK|*B6iNXi9M1T`zN{f zN^u>Su{a=K(xtBBu6d!?t;oo>xm11JwOA9}Gaq!|RV%k#P}e&#Vef&ty7E3e$=6 z2MR|%aY_&yg5eBfUNZHCufh5x5=_RTG9|!{_eq5$fxChP45DX61T|g3Isj3n3aHxNEJ7!S^+~W;)@%xpP1f84v#)=C>Ajy zhVjG2Bu80P0@iR}eJdsjIcG$1n@0>@dU9mJdBhC7DLJzz8OeyrnQ`@pC7}`{3Rj>k!@ z$heNIJLSDp5cP#Ym+DEe6^2Eu;6>*M#(p8%A@0!2z2xj#n%*e3{CZqxnu~|M7YQ!* z!1EAwje6oSt`Nnyjwf@l7a7Tj=HM}y3Hwx7zNQp;8*gN>0s*i1X3K+}O$ok_c@^ae zDaXOdb_teInb_h>R`i){g_TmpH5Z-cz1b40dXU4qV4!ZfSnCXZhrw!=fMtZ;U9n7n zl;;nRZe0t)1yT3LV!)n=;3>=v)$ZMj5?XSq1&2C}P{W&s+KbP7aE0I-l6E_K{V<8* zw0%gkb7~CdO*?f3%OzlchkHvQXgtyShqQZKz(4M8A+3^GoCz==lIzC_!VWu>_9}}M zDVQsP6l9$&Wd&ukT`F}!SoXC>)y=5&eA?QSIlBAG&<2sFTZ1v;WVzV#v5nOt4J+Y9 zoCRS9qO>2c%LNDq3Z&-Fkdas|k!`TNBV=z{`y7-YSkCJr9FvXGXM~fDG8jcet$>0O zj5_DV0Y#_9CR1oKg(g#IGKJcfqq})2%!zno7(tUEHi9A6dVl(uNC=Zp&9AS0XgnJh zM4(Oo_BpBbg?9W0H#}5n5qBP;%%0mg^})(&m^ZK#AXi_A-a+hte!of(=iT1R@j(C7 zYyNRSO%8a!sJMa+2>0O9{lK#iumNr0+b?!1c=3T}P4ZSaSg7$X+fwUuO7!75-{2S( zrcjq>$l}K0s)}dKI|YJW+%uGiFZ{$bFxw!v8auRU7#X@`$2(Jmt zK5;f@C?xjwAauSe*?LaC2b^zFvfmfQ`L^m^P~gvd+#P{}wu;WjCVF1KF|^U&VHgEJ zteGbnQguoq!fK9rNS{gtZI#^ZAGVU6;q9MC$bn6uEw;P{@hPazlC>ynZXJi!9nE#i ztAHzPt|j9c&s6HmFI*|%43jfd34d^@K7nG=e8Iyz_P%P2 z0DmpWhET{Lji8q|dA>`U4+?88mEajNv~|4^%P&DimNAO}BT6t29bLzim#GQO8Zq%U z7du~Au&E%XcQu1f!IC1z;FV88uF3(IoTil8=RCNAmRYw7nlAlJnXda^n=)PdLr$5l zZJTmU`w?{uXak`wl>$k5%fp?-2W8yy^zcwL+QmEvC`|?ETmk-6ddl${#Ju{iMveKy zTXCrv%Hi_{gdjSnoj=S<#tVk%S-5GXXaTx+@7*jo@9|WZaq86&PYpFy{LN{hjSl+5 z5nQJtj7b_1mr9qMA?2!03p^`z6+4=K^yP@8T%ALhrD&n_RYttRX|tewBZV55LWJpV zJ{Wo0*3Pmy4vlr6$fCC2IKYbJaF(X#I-}#jTbxfKnzY{Jm%bvjuf1XzlMzNYjzYka z+;#1F%dR_UF9g{j1#L!u$37iolM;E+6cHV!Jj}+uKe1N|O{#-Om}k$K0;J;Npb#-J zhUTY<6-!8l3c2Fis+K-{g4+2LTp+mBXxMRMlwv3g^>v&v756dt){PQGm1mF zOSW6A%O%6&zV?WBSZDef)6JG?#X#XsQDtKkEf8Lp#W`n7qJ3<{yT=RcN}uDRBQx=a>+jl8{d2hKyiR*N^6jenSgOr9V7`>=STx`jzElRw$ zEiybdEx445=jSLsCD7grjZevvQ$s{Q3>^Y8%je<8rK72ed<0v^>O53ajF#|))Xf+-l@a|abl&5aa8(TMlt5=9(~iQ` zO@0KUHf)%B*zbuUko`iI_mXX1_9!!=wXp3(t?@BL&sT3l-t#p*CgS;@z+1%|ITAEt@z z#B`llcbV9PFXgM{+l=hROP0IwgGiaW+LF@%m+barC8PUi;1Vw%oQOt_2l|BIKC_{p-F|K}0Z6mOcTLQn%tfncibl0B$ zC5}GuanUI(S9)MX#R?id(o0 zu15lr^LFmNX1$m#(9}&4A1mCpzS}u1r2=tP)Nc`nbDp>GpLhxnFCm6QpYHL$f}q!Q zkH2Z_aslRd^Xy(ntA)imNdrE=H-)BOF!N5K>3(Q-+BKGPpVaFs*tnB=ZCa&XX}1Hw zL9bpg**xqUZl`XM1HW%O>GT)8V_u6+Um`;1x2X86-8goK_6!&Zq@ddWgk^gL?}zst z*!Cc7DbT~~;8$V6C(Gj%h?mLoXj)}?6oTJ%#>Z`Jk4Y83U>15UsyMKUo3zX;*g2Dy zX_~|2IROh2?q%XG9!%RFt*eV~SA*M4kzgIVtdF+7HB9HVxw^bZmb z?E79S$h#}Hn$#}BN#QOuUg#zKypf^6XhGPh&$K29MwDQF&N`oK@Cx&=$vbtDS2)#K3DqaeZxrsn z@gPv2cse>iFhm2eLxmEK8yKR$QN&nxXHdHYCukm2Q^1i^+BAwN(oBkb;47h3d$!&9If zqmd<2!PBcpSqbC9-2&Rc=;E(N8Q*faB`oE)@;c-cYTZF)kqMN-TnVHgJIJ6$8ce>E zRA|!S97d>1&B@W-SB5r-)Sb0PbV1SBC&kCOe{r!MU7GL|E~**5Vnz2oVk<10SW^lV z6nv<}$^}x|SMco;sFqw{4|!ObKp3t;5bopo+l+Am7YK6B=Af^X>FCEbjl<$TxXl=b zxP)&ByB4q{cVoC-JCOw}K>)*$9HA)3rb-1E!kj;*U4iyXO#70!+>8 zni-!CQ~=R3T_?k}*H}Du$XO#~eqfUhk*?=silq7?5R-MEUr1Nw6AKYz5L6Y?*CIs< z#ze_M%FbMv;oS>Bva9mz@ZNvqai6`{ACJFKR)S{@&a@IiLl)g^mD} z{vfNmcKrdupZsalYN2HFcK5G(iDpfmpyq>C^rm~ml!}Xr6Pv%B%x1Hbz1qPEDhS*u zV0C|Q*8eTv5dM$N+XX1}_M|TCo1EA6j<;{_UBHsCdY7K$pitT#AR8hI!7GC08-W;J zfp~+FQWV}0ej*E~%g*i_C)LD>b56^AJC^^qdz@i zi{>@6PWPSv;6VGiOhf!to4^JQ;*x20y5EZ2BIlN8*G3@xE0BejG7}9$)F#Q&*5>I!#QciRm=4M@RJ2#8avJ&R*?3q1{UF z)xxuOhzvG=f1G(MrGIe74?jEAzrVxvwukjss~>-z4mWj1vSEIj+SH~twb#-9F8~1l M|2%W;lmHk40OT&ktN;K2 literal 0 HcmV?d00001 diff --git a/released/assets/rancher-operator-crd/rancher-operator-crd-0.1.400.tgz b/released/assets/rancher-operator-crd/rancher-operator-crd-0.1.400.tgz new file mode 100755 index 0000000000000000000000000000000000000000..15aff04637084bd2b24777fd72bfc904e033cac9 GIT binary patch literal 8647 zcmV;&AvoS2iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBBciXs>_neRS_4_UG!;z5FdY!i#_6HCIc02JzlLO~#gS0HA*0D%-2Gc3}7oUf2jZ|+e} zfAP^yPft((^Y`ED|DT?oKK=jcKmU39%iG^ie?NWu>#uL${?{+3Z~yu0>94;er(Vzv zt&|FhUrq;OJssRLX^1hdkRqJPcPB}LkwTPbZ!l7d!W+W>fk7y;B#^#KT3$K$wG~NI zVDFOuP@;tYIQSKYa*zeW@X*ta>*T#ukRSXRm+ulvSb2BwQvno^gjv=3fqt<_Pf$U= zgOG%?cgg106I2ur|2%#3_Ra4nDM&0xq3S=~G+iWL+AfmwQYxO`faImXZ~;rgNIhRC z8qCcjgwxZL*z4TY4(@*ic|nl^`422oIam;A_y6yw|M|~fe|xh3|Lg7P@6-Md(e^h7 zDhS*uVAa3moArOoYJ+XwEqBLJoMCrPq}xOw=ux-Z~e zB9$O4>-aII1elrw7N9<(9QOM8t6Tu)Y)P_1on?ZT#lt?|8%FcoFs|Fyz2V%RuZPw-^zt(=dS2_hEGO3i|AKq}6s^kz2nGt|R%UsJpghY6 z%f8+hht@Soh=Tm!2Nu8vXlv4u5a|A=PZ>|)LnW$Q>DDoF(^8N`KsqNs4zigg@%uwK zyh9)Gh+GE)1N`e;t~&U&2U_RqRxK+^PcU73uW2Ml8C)IQy1s`*m{f>isJ2W9Jc<@T zJ6ZLyQDI_i2g;WlHt|Y))XH+v*ul1HKJh|2e8C;x>^e?Fy^LPdklcp ziy5mm&(U2lxt9|b46D*jwHe)Isq{e9uCjo?OOR?_aCOznCk@|w6uetg{wvB}fsB%S z^V?}MHBDoHL?7c}gQ^{3xnQ7P;K03+T+mU-Nc*AWzujp7>1I*1`J85Z}2 z8V1od`4Vs`h`R6P$VQ%b31UMq+;BQVFh-+>j(0}7RE)iH2{wR(qOkL$ZD`DM*l=Ag zpy_g)fMMr&*1!3VfUbX&WswP#!dwZYAUhadF*&8FK!nXfY(RYGX}1Mpw#@6E{>{aD za8I%(=bSTK3IPmv#*NI5(QQqShpx2heDtVkCpzUA(e_B>tW>M6!v!51U~~@Ru;3de zQGr#z?GfEx{+))K!uHhZuZK0fWEo-L`@AAeIr|r1d?h*X()nbi?O=pOYWlrmn3m~5 zt$Mu550z>KOc9K_Y$cQQlj!i28pdr!`9A$xr^c!$leZ}~I=~S`L+mXqR-CT~f!Kse zF~Td*Y!xR!tC1zmDeaPEe~`o0xvI>Q(Mhd9 z>U5T|fi&l!J~750ODRE&iJ;wLnDR2c7JNg}!&DeI*{wV`^zCcu`S?mrF z>%;qsqS-c-Gpi$!Gr}^R*w{9kGnOYfN)W7OKRAOKUIFgZ|Lzb#7f*&^>f7Pa(E7A; z--DaA$z(IrL2W=%6#B^#2}6tE6lO>m&T+>>FBPbo1!FBn6BLXFzbSAW;A*eOK(;t< zdI$r5*?wO0>f>Y_&vgFzFg|i?G*l@UN1_~>A*hj-IV-usQ1gef;0Fz9O|d{e-Wj+ z_xP~BZ$JryA=sny8>HYP$%(~;I4$Nwzwb-D*6)iURR6#0`S7mct`2p6LX~Othv4~K zA(kSMethq7gPEp}a+JPD6fq29zSg9y`rg`Cf3S(xl7c_jOtW)&9flurBO^a=e}^E>NcB zEZgYlLe8viAB+_`AsOQWW*bh+9A@Z;zhJ2nrBt&NHUz`0FnHT8U0X$6{Kc@zA^TcE`tV460}=-@?aR`9^rf z8h&M}MFo#F@m8XJKN#Udz+(YO!7S&DD6Z`>aZ-Rw%8?>0n=w$gT&$z5C|%5QP%9n} zzA%_)qZ1I-#>#7-?#aoq$CK}tb7v_~q`9@;w2_9`l8~djnJ@=~6YGH4e&@=ZVwb$s zv(-|p&FeB05vMR3Db(6*OwZP(GBK_no7S2Hdmi5RPytV57qrm^ZMmVMyk zK#FDfHk|+pe2x(alVcUFioW~q4q!0#XI6q9r^8_F8jcR2) z0;J+1k~>0JZ9KqiNzKVs_J%`T|5lgNJ1%l_Wh)XkN5xF=lBG(JVunrUiiwjZ)MdGD z+epb@c|>=8lh4XBmT6Y`c9ol#lH)Z#S{KxZE@JLO{sTW{2cC&FeR3n)K1*{1rKj)i-%?Rs@{G;EunFD3poeO zS?b&7Fh@E!h?arNL|bSXFG9!80`g{LTU$Ne?X4W$%}b$AqjdsK+>$a}?5udVhkaVY zK2picLMj0$ub;Z9qf#$I*=xt$BuQUzyaqA6W?ol>K~oXKSQoJg)V@b}4XpDR#9^AW zr4t*lKb0z4Kxfv3o&A7H$l;<468wV}u zAA;xJfbF9OO)0ofsQ3%+Z$NwZ-I)qEN)j7GxF;2fTj(OO;=XXSG!X`UK8^=^Z1O%5 zm&i_%ED6vwK40xUO?V_rT2G9rkVrU!9F}x@tog@rEG_0tA;P-P0SD8QxUX(XHbj~) z1cV}IyJW{fj{~nY?*vS$=?TISar$#rO;%qF6}PGF>F@PD+E2V>-A@F0v8(e6!mN7y z+qn&};04Nzm03nPZj9hi2ters_LV@Z33wv?uV8qVN}o9-x(P{b?*5~mbq+wGP(>XoL%fxhBN)5e-GOTAVXX1p+5 zR~ajkfbfd2?31S0dM^qRH^xedT-&(<6fjx z%(L;=9!_5)?3^|iV?=+=&SkeWEUfJhH~w}A?Dt}E=YYEYxiXIw*{x2~?2MzqBw0_A zgDe=)WVDlw<7poIvzOQ&E|w&QgcHQ#=IhIj!Z4n~b-AEKuI7_Taq!EQSr5^pNn5+- zOesMYrLviA_gj9w1`)!E_jRb7Bq_gTw@9RC*M<=7WOt2dciE?gHLaIj;Yw7}BUx+! zc}XApFmX>G3s0hxg_cZKuid=5=iUvVuFu}-k&QQi!ldu^amvq&L7-d4UU&)}xA!sl zYnC)XUa0#EQ$4P64r3rCrQs5QBY5H%s3$+n&!&w_gzYjFE672ZoZn}3X4)9{=M<6r zE93>Ws3bA6qh?dUw{PE7LyU2yztnx;M?F27Z3`>Md!jj8PsVCkBar7b6?LV2!r51n zgH$LtK7Sp9$P_44M1Bwm!!-!PQ>$C*-l%o4PIu%U^_(sVLzMimD8IXF);{O9J)=!+ z6IkB13>XNcEOS`AkmocNEqzX&avw&gXaRK65r?pxbVT!-L|S`~V{XSjo@3HG@{$Z$ zv83;+CEF;BWr+WH=>7gS0<}(j+O&pSot$(}#P*olrk>8T;ao-B!ZWcb?ZrI7^t1g* z)?l)nX09%nIeVej;DD&iR)+apn@3RocBgz(q9C-Yv1rRy6fH0H1<$r zTkYb&RsA@TlALr`zc}262K$nDHrmjYcMhtw&uC6FY>VkQ!##c^E#7K)+=A+c94TBE z{s1Z64r-G=CP05eo91wtW4{gJ&SVIOCf2pM54X6K*Oe=KEK^U;XxiW*4;-|&Np~?K zAOEsPG<~orbfvbI93LG|?vhE}jI3@H7bpX(hlw7yaNhW)t%PQu5FDPm4k< z;We^ddtFxpr#c-y$w)@KRBJ6!>c>-Jh!docj9{(Y)6`$q$5E-W&5MH6;tW>KDA~D~9jU;vP z1h(DJo0BrXoyWIn2qTIh#Vv0bj!4Mg5!Fx2y;rPKE>;QFkpquT_9Yhz*__tA>`2!X zD(Fc@GFqr$8;`!OIrQi?T#SciSQJ|~w!t&jP8Ct($d+tYJVaW)?`lWHFsv%v*k(aQ zhoe|=#n}}1N{aLugeWU3=a!3jr&RIR>6O2dR0v*u0}RRJFS`1pbwc-O^&c&3pYK|* zB6iNXi9M1T`zN{fN^u>Su{a=K(xtBBu6d!?t;oo>xm11JwOA9}Gaq!|RV%k#P}e&# zVef&ty7E3X{kA6NMvtoD#%_U^v5=mrQ--Yq0i2g2`A^rUcmWKBA|GBN-kHK6>=sW+1Kgoac@`sUGl}f>0N+P&Mh*#0zuF1%t}B;q>7tVt$-mG@x_hU zPfTx54v+raP%L7c7{)&?COOKY60nB*>RT~M$T=g5+dN|M(vu?#&Ld{vP05)($w)>_ z&Wx)+ED4nuQMmf@DkXS^6x^byR!$+f0$e#a7d%HKY7YM-LVA&rj3`2+q?fFs#iGKe z)1ox>jz-M4vU^ysA>%r-?v(dZLDUxpU8*O=Ru~p%1ur^BF!l@44(ATN!b{GfrRj}g z%df``rnyAedy(K`4?GW1*Qh5R;|fuH>v%E;dy$chXbv8OnXpfVm{(Drka8THY?ojem5D9BWJRCJR#+)jTyxQB-kUA4ss}l&3kK?zi?z_9}}MDVQsP6l9$&Wd&ukT`F}!SoW<()y=5&eA?QSIlBAC&<2sFTZ1v; zWVzV#v5nOt4J+Y9oCRS9qO>2c%LNDq3Z&-Fkdas|k?mo5$C15h?Q>9qU^%aga7;Ez zpAk+r%3u@?wE_xCFzTEa2Nazan@pj}6q-z-$rNf^j_&5AFel=TVFXQv*a(JL8~y2H zA|XsZH^092q48{35P>%R+vlX#7uxZk-0)DP#kuncW%k_0sXwf&hIs=^0dn<~=mW(5 z=l7cgao!!h91rv_z2+YW)D(dCi;64QfN&2X-H$x`2piBIeEY>t1us7GtV!Mq2Maac zWm{@}PKo|_&Nnzlh3TlvGh}gNaaF}L=A8n;F76r1LvnKiJ6A}BM9mh(HBaZ|g6VU< z{GzV7RA(756@KH^w>qv%N}ChP2*7h=f}LkzwiM_)McUkB-;h!vO0T3M+NVoAqgHU& zf-gx(k-SFBHF_`j8uZs>p1<8zkMx`pU@E8uwTBzjh+3BmI4elltwVp~Wx%K?p(cNdBf}C&g2Z0K0YKY&-&M}he2C=NN;9|he6$-g=8Gm$+5fV6s&^Aqt zxxt}fd9kE$*GR{?3}{F-z~K$J2G?{;U<}OmXik&+Gy?Jl1V#7X#WJib&o}ZDj<5%O17Sp9|7lElcs+6zH8NI{#?-?2{z*`!2XG(|**DG#%8?@#QNLX+y? z5$4%*rU0q9I4DF+jG_5yV#N}Yp+c^>wyLF%n4ot41XoBwWonQm!AKn*t&t4VWMO22 zNbKgUNvr7_+Kdtq?vm{m>vGAkxUVDP9oCtC#&ok~S}{<#Q&ia)MGJ)2WpU2gl4u_r z@gDI4yVB=9>;juwrKHU?`;(XE2Tp7Qv6ZkPYJa5LgQ1iSoMLvS9 zW91Lk6r&}4B{@iia^nkl_CmMvLk$<45(n96HJrwx2^S8-VbKI2le!t>rZS@6gf4pg z60VBDof7CwWZF@QW)#^^`^ts(BU~zb7k7=`_20C*rtWk zoV}3jgy*h_l8!c2?nY|WsHuk0&#mX0B>mPUX)S`fXou6#oM*5F>p#5S1N1Pd_Dt9U za&`lfmjc7Ln~&4Pc4E3tth-EX+BB!#O|+aEVoLkT(WYgB+Zi-Z+n{w!hOA|>H@$Un zq(0>Ln&_qt9{Iqrdz*V#o^D!C&TiT??fs_RF(9#P!3AF_L42r$%A`y>G5gHvG@YH8 zuG6^zv6!Z_6Vq)vdq}1Lj;jMz)?c+ufwoPsvrF&U08=+efxp_W&nu|tb}Th+7|Zqu zWn3y~#R*oj$U$hiyAX>~NULCP)7-+AO~VMUz&0-0ALeftQ>71pI?5wK*E6nuOl>2u zk6Qx2&a9>>uXNX*|0n~egcdxV11<$o_vWXY>~?E&D?{$C?nSr**WMnAe6wpZh@Ld3 zfYhiq(e`m~2YbTVvFsb{MIiA)`&!+hHpqn?5|>`Xedqw=5OSMlp9ggC*TVyx$?za& z@*r%V|44dAO`G-{-HSCIZ1&jqO5YN_M3;0bPsCRfn(=G zws?=A)2?}9CAaX>uDKKyc-rEg=l2zQ3a;Xm^f z9$rEWhd$loe+7qL(>?yCt;+?N-_5go9jz7?=OhjI{N8jl{eqcyI-2f>W~W_aDfdae zzJiTAsn@1e>Xmi}037t{1(VIgzTtN27CG?ywv$eO!8_))==3EbbbgD9FWQY`=d@?Q zKp+Lx{wFNkD|kP=@4&VPVM~D?UI)Jl3qDyMuRy#^mPgYn%cBtduJe4{#`c(0@e5|5 z*P@C8tGG$ayn>xGX_=-;yn?hG7&)G_%nN3rNz3#@o3uVyj8*B23O1xqyQ5`-gB$7YkV}wUKQq$cKaGaF`z! zMH4p<2l*$LDjeD;j6%YFDV7xOLgR&A!Y>;c3XB$njrvS$l3+v$=I5;QxdyK=51YJG zCwYZaot031!u&zu?mG_x^_i!m^8-UP06SDD;kbbz`Ugdfb(hBViWGz&7@`5#0ff5X zw~TV6c?Q!H78j6qzdPa;8A%#r+iToB!}$$k))AvRA7GP>{~EE6C{ z=Cc;$J;H0~E(75QYh5nJ-#9HusEyOY%}ELv1;7#vG>^pl#+kQ|qz4&Z4oVPgND=Y_ z#WKR~u60L?o^W^ylw&lqL@IcC^(ZT0T)1068yH>u)hOdz4!4A*{8nCvoI-6ls4Oyp zQkW}&6l4b()JTIVc9IHBI-J7@b*VWyy8Fh^29dh6)`%`B8rxHRjQejc)}u=kp29^n zqgSlxzDI0@Wpmb)0tE#hE3tBcl=c;Ty9BBw7uZ7{RwfXJYY>F{c>XqHT)+i_oU=LT zD`h&yaZTf}xDReKh9M#0Tf(jdEXmy%q1R4i0ZS0TFrR{Y>L94yOn zr10wUuBgmd!n@5&!x4ksg>S<%$zz;SRAix!$r}@QgJ@|wXtTPJ>vRLvlDHlN)}K>Z zoZC4li*Br%TR)-&bid^9cHU_@4;J(4Fup!gty}D@;aATBXXn9asw@sWzN)CUFx9Lq zvBu@8Y~9Xr^ehF*pu9zRNzun`k+(fnbqKJO^=7J+!^cOpQS>od^9y(3xqOY zsySW!`R01}9AZj8gBUAz}=IszUl!q)5S-C^<;knF}+#djUvxRel}b`_DY?v-kSrQTo^IY zEy&Uj&E1m&TA*9#2tesivZ`y>A0Yh6pEj))N;YqI|Eia0*3=1VK4?X6x;IRzxTrX> z`OC>{Happ?9h{(oz?}kC_xEP~-|`LN|Jb};fI@Fi>cYOsd0p>#`{v#SED5W3=}8U> zrL6Q@bM3MuZ>k@> zY30_uwg2l8HBgWK^n@*%*UXZiiD+MBY}Tb2-E~89{g;B40@2+tPLf1oUUmI>`;cQ= z{jFR)DL&KgnB;%{_oTLaNxH`_ya0A~ef9mfIbK2j;BFrhh}%ipwl1OhWLmtLJvOe8 z#$-3UKw9_5pCxK`dHi9S+#I8e<2NbNX<*%MhQUm?G<^^EZ*XDk-Iw9Y$Z{Mbn2j$+ z<_k_iL0(X#KqvTJgz^oi@U`vpkz{@ZwiC~79fwh6^G{D8AK2L40uU9X>p8qm0Wr+K zH2k`IgBl;$JvM?3uYevaxzB*qjwkYti_8u=+}YcqeqM=uUJ#ZNmie>K#h#$9w%?wC zUdiyG#`(S;c;C?8sSdVd3vRTx!1Ef^!g$}R0zZM6LyxcY>#6IIW%4E_Z({N$_UMT2 zO+1yl@9fpy6WXoxUM)Q9fXHC;_ve|nQu+sH{P43={rfvyZ+lpOwfgbb>2OnLBpc?J ZsZDKaQ+p2W{{jF2|Nrw5Y1sf60st~!;FACV literal 0 HcmV?d00001 diff --git a/released/assets/rancher-operator/rancher-operator-0.1.000.tgz b/released/assets/rancher-operator/rancher-operator-0.1.000.tgz new file mode 100644 index 0000000000000000000000000000000000000000..3f60df2b482fc65d1a6371c9cdc3a1e801e28651 GIT binary patch literal 1085 zcmV-D1j73tiwFSx@Z4Vj1MOICi{myBzR&&@!cZ0p_S$)K3G~Bu?|Ky4ZOFlWT@-tq zs3%KClEZDo{`VWd#G5#dv)xUzJ?e*m)qX{={vq^Jm2pd6WkqDHFgcjt%adBJ#0 zisxifJiWoFd{!X-Fqi~>;0-4p@%(WR`0vR0Uzp1QGHs~BsYFr;1~j6HZtaKN;<#g+ zY900SJArEY|8_-{aUW>H&t?PnV=@{Y_kR%V`aeMb2f+~i@11Q19r&O7p9&!jHB1UU zwFn8RpRfelh-se(qRIZ&-s)zKNlxd(a#Ar;i^?R1Z7yvAgVQ6yTMl+jwK+l zVM=VHGO$}au2>X-=-D-%Pj%&YF zUjYZI!O6`ZT5eU5dP+DG*;k9E>@!+JCrrtDfUjx&>bbt_Svav!vD6fzTPci^oXkrj zB-2bR$wy}XOtp2y{(5gb&$G7vKRExmK`EyO^!XyeKj;4dUwZz(1P=VaraS|E)&Ovd z{|Ej!_y2H=zezA6-oW!Gqn`gS0hZ7uGn7?I`}_= zl*@-aD!-BqPMm+=9}ODkf9Q>d{rSHHc2f_`J9M7kd|?6;w)eIBtpp5ijG_7YJ(6JP z6vDh&V;&TupgihDX81c@0N15}_iihFeC+A}zl{$5ucA9Gzk*jpf>ZUs?*+~LKk&Ss|1W{PtH&)zHO~Jt`01^e z(c^{aIRE!6;AwsdZqnDKfTzy?aNsr0|6u4(`tyGYY&H(T!V`<+jylxAIG%T8aa|gg zS9{x(sr5>)R!bEVCMNa|`r3Zc09g7%{bE1O2Sn8T|JM82qeqV(-wVD0@MHy>03-ka Dnw%%F literal 0 HcmV?d00001 diff --git a/released/assets/rancher-operator/rancher-operator-0.1.100.tgz b/released/assets/rancher-operator/rancher-operator-0.1.100.tgz new file mode 100644 index 0000000000000000000000000000000000000000..2c01c4acc05ea0ca7fe6908a8b09900be58631d0 GIT binary patch literal 1115 zcmV-h1f=^PiwFQ2@!Vek1MOJdZ`(Ey@3a02LckDUfD}o#tiiw@va~A(Y*~;3eGM4t zWOJoRfuy`Oo-i(n7^&+|`(kcJv2g`Qi4 z#MDqO7cP#5gUjSOEsS)S!0B^7C*9@Z#47nYqb6PsD#xGxw`<@3?q@EMbMDf+4Is1&>FbQ+A3h*^=Up?1%eG3DN70XSI z1^LL#pSiYn_+LG-=Xus9|GoW>KPczafIeO&`1kl9MYHLM|EHi{{#TS2ppRMr4&i^` zhh_f5U=kwyBmM`TKlMlaKLxRjE}%qy1-aA=SHOJ>ALj!wX6OPjszxP3D(&ln^J~dj zjGDitSJGT7(1_)hwczp&5xqt~M7{EfkQ#;GLrM#7ZeYQ*DV^H3bvWFSj!b*-KY^Uf z`?4y(5)BUQf8U=5o&7&S2pISODQLU(z`jG5{mmC9uwi@Orr*lI;Eyr1+`l^-44p$< ze%9Cr#mK0)des^JPVa#0nn6k@gZ6l14EnZWsNI1T}^ zdNkuS)496%91o0FC^!*5l5GbSt231h;z@ zJ0fV^ZqzlX6^r2_j%6Xt)v%|xUg0C{qdoYq?r40JKJXC!PrRsu|9%(-BmSR)w(-A8 zIG*>HQn7!kI|290Pr5nu)mXjUk4hGK1;kF->y;g+mW7I; z;c18!7+pOhaHnjM(Y$_bakPBJqwHOya`xj{-*#EW`qmQ)nG|~C;IX&qnB)k()x!en z@$c$#qd$Y*&469=Gb#`+tFEd0DdhkiZYRoeLcJMUj^kJ_&(kl+U}EvCbfI`t+BVbO z;|-g0kLbmR7)@%2szG`u=Hr$7YvB;WC`Ud@oRfYg0000(iO9lV{ literal 0 HcmV?d00001 diff --git a/released/assets/rancher-operator/rancher-operator-0.1.200.tgz b/released/assets/rancher-operator/rancher-operator-0.1.200.tgz new file mode 100644 index 0000000000000000000000000000000000000000..cf340b127539719ce4730cdd9115abd2a3834998 GIT binary patch literal 1088 zcmV-G1i$+qiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI*zZ{s!)%~`)@{GhvCJ+- z66DC;)X;w~^kK!8Y$r{E1dHljEK!^p(&T$Hq-BaP&<5I|Wu)!N<$_rX?^!O7UJFqa zMd#CL{ToG5|2LY=qNDh9Hak0u&!%y76vfl&d2|HPtBv3Q3P;QyMK6xkpWJr>rj#Z| zLMxYe0Gtt%Itw`?k{Ako!V1!XP>z_C3G}y1z-{_-&WJB|8gsNH<^t2sa%VUEX3&Zp z6)~BBPqsjRXUBy|Q&b1LD3+r$jN^{Mx_d{M?=;gc0V!1RZRb~G^-`qhf^2CM;IeRp z)`e|=jgHHBr@cjq%wbRsZa6NF8Sw?J6Ivy(oOsNb?llVIaN?!txD|%#rc15JY6&-u z8z`Jm8GI7-r*Yn%2+J*hQRJ=Hf587GlLfk06@bV1KZ(!!{GY`m|K9{6XBk$^w`jBz zr0spTeNG132!L3Yz_Qtu0JZgXA?3A}g5M|b+x$w?wMB=DJTH^_j>%S6NY-%x8Ww)Q zIV&XHU?v<@L4DtQ??2;zhynizb0Zm{JGot;G?mPed6^VE#{bhvKmX67>15>pTVS;c zAjP>*2!2D%+q7Zkt!=64Lr|7p)ltkL{L?e$ z{=;}srTypk{y)Dr9N>S7M(X>jDtloy@Cg6ocsl9x|LlA=^8YQcS$Z;KTvfq-6)H{O zL$~~1j>J+%tjgbe3QT8^SDzh9g$ui@9YkxYZ{;mvcnu;z3*DXjffTGmXG~j z0M-Mkz_lVK6xz6w;KS}L()Df1EjV7Sx(Of9-4M!hwdy3ZHVz*OH7Ltu@R?W!WqI61+_PR=1KOzI>WOZR`A+Bn;`o!sU zVL7&K4!K2g^)uIMF0!1N=C#w&>UD|st~ELS@p$OF%3?$BDZ^YVw+`@7+w@#Y;i!Jd zu=)MFzT6tlU~u>2H|;r7EW^5L>VKL`#9nJ}l+}a=GxUNW@SeX;zX+8Il|5;>w8S>G zt*3h+ng=l46#EN=;_ffxRPTny?DJOk*l!82ai_Ohg*VM*T6nc?Ez2>Hf zS)UhVg2&GPabN!@(R4B$_5Urfb@jYfj~+9hpd9Z#jS(Y8j2Q7B@oxYC0RR7Ym^^9# GAOHYcG9lam literal 0 HcmV?d00001 diff --git a/released/assets/rancher-operator/rancher-operator-0.1.300.tgz b/released/assets/rancher-operator/rancher-operator-0.1.300.tgz new file mode 100755 index 0000000000000000000000000000000000000000..89ee6c239bb7ca0e30031c23df8e96cdcd787014 GIT binary patch literal 1087 zcmV-F1iDc zVQyr3R8em|NM&qo0PI-bZ`(Ey&a?iCgMcBx04bF1+Jk^SbZJ)%*s>r6`Wi6QS>{TS z1W9?#4E^teeps<3*~yZ?K{0(VmMGpGY4ZE-NJAxCp$U{mL!B}gmn&*qcuzBN_F5o> zkojy@{SrdDzhto>XVHvI2$@Hdh@6pVHk(e)fV|oWjv%*=nltj^Sl!8eC!kU)M;%wv z#vTBpjtZ5Aj5;SU%?yIlfilAkl`*lN(2p>cf4F=;IayWuyDhG!@p z6*2hEeoxIC))7c`bD8N+(wQLWoo5=Pm7)&-t$L@w_X1p|JPLHXkS$T9^?Ncde`Oud_MC3B;XlMv1GnMtt@xS z+_&53qPL9z98F_b*Siv+vcArRxK@I*`xt&(UMY8N(4usnmkM=9MWZWDRB-@m7Jk4b z&4s(clv`H@^?mQH|BU}3di-~oX+a&@i`x|nUCNx(FO!1D_&=R=^Z$ZGvyuO&z-ALb zf=ezD{F<1zNzKe#(@@igpeVeuBVR)JrOppEwYMp5kkYN0He9+T_&?YS|5*-DSZrVX zhw-3Hy3cR@e|~Q`!v6%dQ1@k3_QGo55&lQfY|`cbyIC~y{}k9QJ*n2VtYE)#nZ)p+ zU4Ab^M-%F3nZFMdm{ubzKU);YoHBK)uTBQP(>oNlZh$h#fH}Z+-!+Ci5le_YABVjF zYzI<;Dd{MeXj;osC)N*cf@V5b@BjGt`TG6k$My?ARS5rTR2J_v0xUU-j1&YFN%q^NVXZW5ml}mRu9OVLK1GSH74gjp7(v1S*-6pp_nOYw*ek%n~qDtt*ahV ztbhNmF1PwK=-vJJb$do7O|hz)x}TN;vD4ZaWjUeV480%-yyvgeFI*;ErcYWfC9p|t z+vy&O<^l9K#o+=WzxxZBt9CU8F&By literal 0 HcmV?d00001 diff --git a/released/assets/rancher-operator/rancher-operator-0.1.400.tgz b/released/assets/rancher-operator/rancher-operator-0.1.400.tgz new file mode 100755 index 0000000000000000000000000000000000000000..2c0657d5d4825a7d0f3636affe2017e37748a08c GIT binary patch literal 1091 zcmV-J1ibqniwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI-bYveW%&a?lD!B7GPJMzYtErvc^bJwHLrXdIS8WefftDY(E- zkc&93e+eP|UoxMQlPD%JiDt7XnxBv;j$?8HQC-F0hLlY>bR0N z@c zs@_F`Vdow|?cur*;#vvL?i2WJai!d~L5tFPUMAEX6|J^7QO5#k znD_w~v=HtFGj3fK*!R7+{zLv}81Ua=t_5{y&u*6}bR~06zf1}qMVxH7zZD2+Go{I`RdCUz+^T(0Y^NM(Ny{X~U&kfd7L%^PlAa zg~jg0e;5zSwEz6p|L6CH1N=`>3w2*rWiPA-9^ro!#j`&D-^KHZ|Hr^~=}EP=RR#N% z%QS%x-ST@mI+{{PtK7Y(z_c1!_1U68=9FpDe0?(bo!+6aO#@UxM$7>=`>r+IidaGH z_}K3SU^9>kOi4$%MAKPTIO%Neqw-{{5n#blq&K+O zZEf4Hsaq!9;KS}L()Df1EjV4Ty9poA-4M!hz3wElHVz*OH7Ltu@Y&G}%JQ^}xM#g~ z2DDwh`2&x=E>MAC-a{EU!0R@ z(*I*%TmS0?r-fT8!~d!8gu<^s+4fqaNeY+E)yItz_>`<*3V}B90-&0IGOEzE5LY!^ zed4sLFbvx^i_D<2^)pj)!Lyv|=C#w&>UD+Yt~ELR@pS0B%3?$BDaBk#y9w}6+w@!t zZe9J5Ve|WUeYrK9!Qk%4Z`yMzX@+&x)c>>)h`rX{D60t#X6OY$;5~nxe&I6ZGJDc; zDS>Tj+f4UBG!J07DfSl##ob@XT)i6_v(G!(W4|T9)}7vZ9o{sTY2nqTwJfJ3^IROz z|2DhRW_@0e2_8HDM}7UDk(k7j{vQK7SI-;u=rQvN%JJ6Im@r|&gbDu<{{{d6|NkSU J*Vh0b005v1E~x+j literal 0 HcmV?d00001 diff --git a/released/assets/rancher-prom2teams/rancher-prom2teams-0.2.000.tgz b/released/assets/rancher-prom2teams/rancher-prom2teams-0.2.000.tgz new file mode 100755 index 0000000000000000000000000000000000000000..0dcc569988cfcdb83cfd16dc8545b6bcc1f655be GIT binary patch literal 4289 zcmV;y5I*l8iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH;bZ`(MN`?LOvIrS_0xLSVX)z7#Bmvz!^@HL5%WOuPB76C1d zZEh%1OHxj~uJ3O@kd$P}mK~?*WxwLW0*yruXNHe?a5$1AJRGBJBvQm3jU-mh-k3-o zOi9ds_%@~0YPI%vckSO+tF`>MwYRhTLwmQi+iG_@?e@VBt@iHz!R`;x`bP9OmQ-mX ze`r0J*7D%KlR`KbnrJGx>Usbn(S(Un5E88!22?adl$s7HMqSAEN-fx!MiKHZ_*$mu z*MbPu1x9)LxwcgzL!z+3NsI-l(zf(SLVrQ2sNh|gv^|m}#p6!U3EEzSDwH(Qw(1am zLKZ`4_A(5GgucOaWiY{jD2zaG&|`!&QCcF2VXSqcy3OW@>Tx;D;4N)ah8KTj$68}t5X{&G{Owum2TdmkU#28!R z?atd%>H(uMErWHIz&fqgDfK*sazaBp0zFNz3q6)9jq;>#SQ1iq;ce^fKRs{3xPcuD zrH!((|EiDxq2L@tEo9ed$wu+mNF^&bt1isu9>6mgNs%VkgrU^xdN75MaI*;nM-W2` z@zOVo;lmg3OS;-VQ?4}Op=(q)K}q%0J!qm+<$k7dOr)zGQa(bNNXoT+mMI?yadVwY z=D+e_nVYUq39>40@bc*R$DcpI7dSb4e-2;Z*TajmlQUCsd~tDp0bihZadLIi zJN#%c=SaF1+{}5ls}rKfU1*9#m&`?Tj4TcXAJS3NNz@-5H-AGq+6e9b1e8lhTBy0E{ux3jyz^ua7hjw+GVtfX6|Wt@aDGrAC! zLIt-}k0}Sjrwc-6(JUGfH%KdB{=V4*B2h?CdPb|3PQ} z;7R@;qs(T_*D#@R7Zhsi(Hj@?U2LW$9Ag(=H|KNDo6Q;!;gE6!-`S<>$T{iPGV{`X zXw2spkPadE#T_D@m!BW=YrXrTn|0=f;6GPQ|Emxnk5+zrW`N$Wlto zjL}=2P21Wqt&I|PH<=B%L38>k$56~k$R5?YSzl9u!y$&c3;vn7%os4$#zQ35U+|Cr zObPRsr>2$-m3bMJ1yvYNQ1(Qen3JCWU+tj1+i3X^^hiPmlu_e}2LDP2m_=oR4^(GA zEuH~tvZV1B0U^s4Q)nSK0-naPW!!F>-TVw*s~(mQ=mpGLfURad-$~}- zA9e)YciS&)iO*s(9G0qEQt(=-y*GmkwbyvA{3UFT?tQk}W+^#jMwywNP+oNBqPd`r zaMKVWx9TuXnWiQ0F2aO~X^dPepd3OG4=BgT?G|;XoLM9}(~Bip^%s})|4Qr!>LpCX zvEabS0NG|{9Ejs&)faU!-q{Q&4_O-3>5IT{V2!N2x5E^{rLxy#&Lak>qBw!-y|xga{84vS!VJ)t7BZBVUr`2v5YLRXfg7E4Sx z8DZ2IOshOyy7<-dlK$PU(f^CG(f@ZLsF)-Vy9~H9{(rFI|L?b+;{T6QtcjcuMk8Y* z8C4p58xHlsKRJ7U?t`C&Lw)dVIMfF}4~JH4Iu{yVj)^K%cUjx!fmcWBRnc!qCh7Qaqw!e7r|&t|6e%W2&BO8<-h%PoVcBzI&ZuS^>{+UUuYPUiSg+c zOc?tRK|up<$H;3j09EGHwK~}5Ysh@XEIR3=&|xxF&apSTmntwuD394d?gMKgN2p7E zBVpV`p#eWrr2{C8W4?4uh?_J4f715t3=Qe%lq5d9TxSC_TOPoxdYFah7rc7qEJEc5 z_lEMQ3k4-FMol83Nw<90v(X9{9L(ogpS9p6W*oG00M^3i{y_j=fKwhJ*Rbn)E?t=e z__-S}7UIS?y9FEBdc3g@X)=-|!d2kLEz;3g`(5yN{AzQ4Vbn;;Mn7$q>!P#m1@pP3Vf)sT`Q)w$ z4(%w@3|YVe2VXK~eJoXUlFwwQpzzuIX37ta2J9DqCQ|K8p~r)vK@tyZV?Wd9$dlyx#m z64fje^HH(*E1G$GE&DZk{A)F{N-)fB@fi(?st8m0(%+HE!(2{>$3%zYkB+jf0QmZ2 z;ky2t&ufdD>>8-LQEW{gkmw3?*u{ zV0F30lF{Nf60^!ac)Lc?155-HBiqT&kQUXsWj!THw^VuGeV-w6x5_nC7w72m z+?EDgCABu>Zpf8(x$PP((pZcQTxr&1R70>|N?lp$vdC+x_B76cs?JkB!m-v#rJ*z- z{c@&Bxg=6(5en9Yt6sm<=2q|2?6NiFR+iC}*mUUMm6lQJgnUv)pCdo)_pf{BXYWrw zT)#j0cwC{9#p3JjwxduEkgOu_U!0$Iu8t2+FR%OO7gyUOx1QOysDC=Yya#HUY>l{g zes*@;yE?zP*Q{ht;kHCRT%7;hzdrnUd~tPo{o`-jlUnxJY6&iKv&w3vFdSK9NzJr7 zWdutx?WJs-AWy`pkgQ4BS(HT531v9Ks0%~F6joZ-rHQOU62`=BKSy?~Lc+51>?&+n zy2j})iBTj)vRv1I!;c>;Q&3U2OW7(VRaSe^RI9^RX10v93beFl6~MKam(Cj%Q_#n};tXS$i+@j~O+O0Iz z|0dz>jpx5aJuvd?${pvwcDud&{>T1qXaDK^_ZX#o{&SJ0=A=D9P4Z)4UqpGjsPh27 z_B7Z?RPqf@cXh_`ZbLT~N}r*=74oK9dD8DyEBYr#i;9J6@tnF~*o7CTsnQoE<@Um! zCO;Z&UV*bPhkR<=(0m7wZTzHqgKj}~^g0WsxWXcw9%CZAn?>Ru^f^&6qP z%e|-^q#E#|I4-^TH_>QMt-0xcnK)M{htPBbrVSY_i&-p76+f1{_B&arI>) zaY#Ssui^j4s{qb9o7!(OB#tFW(7um{ffpQIUSDb<(R&8jOCG=UE+L{)dBKS4rv2Zs z?*)UuWYhkiSBytZ^I!g`CcL>oG$7$kn%H+AmG?SOw~6;U7?2z9b)e(Kd;LG&Gx&u_ zDpCa}N5{$w5-E&_?*%kM(sXcA{NV)?6^aO(-;pm;BmdP5!f!z14*B2NX)Wjf@9nmq zzW?Ys1zAtkI2Y>leJ|Z(lE`&1b3TF6^=0`fsmsne%8p9yNkN5$1E4J$HB0t6-mEHM+KU!1?EFe$PAbhz{ZTJm)0;tj%UN zUS4DmugW-PGg#1Zcwk;&)>Jb)UwtWJ)MHE)*jyOco)9a;6^rzI4llDWLS%KXYKMlQ z%W3Gsr&)2|Dc zVQyr3R8em|NM&qo0PH<$a~n63`8>a(m&%qcpJqtv zQp%(v;+x)$+iDK(3rU1Au85+X$$FIe;-2aPpmm5-j9kr(Cx? zRVtN(Zg)b}G#dpWPrA>kz)=0)E5iEQ-IMQRTc1vFcE&{{2c8eplz2WQs00nA=U3YD z{GzplP^JiFC`=tp2#p7j5Tz)Q!30tM&+n+DBH>9uxd&j;;tJ?|&v)OX!c%0voFYzV zC9LTf1tToNKmI2{$z?i4fqFm%uqlR$i{H1$-cp=Po{13c@a8del8sO>R4BU!&9c4N zDu_JINx2>Lw}XDK@7=d-eF^Cj{eMd04CO6M0GI3kesA~joc`b6+h6PdyGR@G9LFS! z6;VBkUg&E$sdRVFyrTQfO^}G>hXS9@B6(fS2RfTpbCN$du>B zeDX7%VmyFd&vUBv4aQWemrS8JCGi0IiRbAr$d0&B1K8i)-SIreBRs~~s5;yKR8TIc znjOYO%GXBo=|OJ5uObG;frKH->J;IXf9hdxz;7DKKqV+l(wHcWJb+BZcKR4}yJdwS zvIq_2X{bkNdiLMF|L*A@L``km0@Ij=L=K?ud16FD+s<){p`LRkoJ}=20dKxPI0S)C z9fO?mERJA=5DIktuzw9e&-9*`%5)K|qvN9$L5)c)(eosVQySty81js%MPLcIavG7k z;PPH-KyRmLrX}EGP*a=(qBvv{15@_p7#LR|Q2}9*gJtL;GTZ`U0Z|DPWGHltkV(oW z2JkqGW0Ri~FP{&+4LHoC;t4!|eGDOIV>-!%v8r_IBLosf80o*~c^Oh3NiSmZ(9|=W zwqfAvftXo-0|0#J2iw6;uPv-niUn&rEJkd7ToX3_Y|+ z+AmrnJIQQlyXBg*nNA70zR4_k_~c1&Z2J4`+4++v!Ovub@hbyT$Y;+kHeoaaUFb)_ zv-JDfvuB$IIj?l*B@oAPuSg1KR81ij=$HI!FlN-cmICO3l&+jKk!XL*W+S zN2LwG*oa7u6F{bP7d-&{NTs4|GBAJJvY#E|^NxKA)aTuGvTB*uwI6b4omU#sgm_qF z48t@VW|B;BC^6(Ll0(H6iQC$Lx0AfzZ0m$=Oixj_(asjo=;?#*gJtc_(FuU({8WAd zpiC;lLactPqD}X^l2xw!7M0HnRPs|EEh?V!s7Vbo;6eG@tLTjnA+^%Z2@)Ee)@-l6lD7c|Y^F7=AV9<a@N%aiabj*yV&Pq_KP?)_F1hFDPz-XxvT{}9w}qvev;jg z_@j(PF`BW}8~lOB*fv~9%miBv0+(lci0n`A*AX$|IX)S34RZg@m=1K4?gwr-|_zmDXZS zBcG1jY~Rwr*UNBiu22RQD3I{Tn(hYNKX?XbriL~%sn8-yrIYDMw=v_HwsU~QX8KoX zG+#_+z$`><%xhyvTix2gF>nu#UV^o@Av3V_KtrA+88axhc9pXpd|NVr0}UXj{Fdzs zm3h}JFVX4}{T>|%04^?IN+gUB8AO=Ie5R%GB?AIu zJkv6mDU?PfmC~Q9)R;<@tI?`sg~u^J)4#ONB`kUx=hC*R3{^6qJWgo^aN^K&1NMVHsLi{M}(i1|Jh%jHYq z=A{-xE;@IY^j}H-hf|DG6f#ihb+!VQ$p3DCd%Ge3{a$Z(E&q3sHsFohlhq7pXIJQ0 zkN(hkhK9oV^gG~RT$q9tA+UP_`F3#YUO-VT6_lwlbp9&4oofNm64LxzTSsPvDB(Cu z^%~Ig&d_xZT+`+t+5jE4MsdWP~w4bDt|Fv{qu;{E9h= zB!q?W8cs3F;@m*y5~~osM_t{`DuPX}uXFthbcP;Ta8yw-4Yj@Bh}KP&vH z7h)`g{T=fsO^%K09XfueeNdiV^#Uo{&=c?sG%ZaW1&}l~0|~spqlIqDE8T`3l%AeL zqSqXfCkTHlP-}-jrWotRk3j2t&)JqrcsQCF)I5KEtjp>tS*93n2HwjtxHt<7#I0kc z3y-k-Cd$g#2=#&|0wT3lkj1g{$FLM0nN616}G!n#&UM7&{+$U3%AfTHnet(V@t(k zgz@V1HkCRHM^{C@{X17Ne}cd?CLu!SzdFzvcCIgNP36$Oi@5TT>N}pV7cq0aSm5>} zePc-ioSzpQ_>i(N&Z3o!^vy-!&G?%9)M%*V{^+a(q=jkj+oD;gtE83e{}6>rtk>i^ z;Xq65|DB!wM-~5Akb6~)P3rsJ1{8*g#CYuXMP5poq1Xb-fQtx) z@to%61m_A4530K#+T8Xw%&v;IF3xZ?<^05|TQ;edl(l$Gvr~~Xp;D7OpmbG)$d!Y;ugN+alygx62MhkMgiGN;4-aZpK*~ zlv!@*3C4|lwLw-u-_A%iWy~f*Wq_eT_4?)j0iwcDdVb!@T6H(8b(~myzrnE$D!WY@ zg7GVH=0dhY5;)`s^WZwBD~AVe|D?|N%yFCD8O)@Oq5v}Dr&tLYYH+;bc5q<#ckZ04 z4QU$e91<71cUx4qi28vt634Tx0vUNwS6#FVAs{Jr=7r2HtoxCNTNH(r1mKggf0ft( z5i@a$X6M_#-dL_vEzrZRE=o*Pz$bubf+H)|=Y3D7UtC(v{&R7Kg2(8OD2phY_#{(P zKf)L%MDa`Q!e!@w`px+7?fsqJ-rD}Vi`20H#E68|RcKWin>nduK)LU_aCqI|6QcD z{=WnL-w>7C)ciN>$$E_4Z|^kse|EO}Yx%#6Q-`9Sk^cAMfoBhPS-3yYSfR*|$TUu)!Tf17Xggj8OOBU8{die> z@svki3Arp)oEfbQ_hIm8vwlkQ+oC+N$4g!1xf7)3(BQK%B@I}73i?& z`1_@3D=>3IMBO7^YP#l@(euwwqYs?;-wnzxom6jtl}|SFEyhkWd~nWgDJ>jrrtyD} zByKP9Cr}n4Q?PqkSYm4%^`krGZ5D5Gd#b(RqT1z6FFCzb5^+g$MYW>2{aXvbTy6bl z5bfvZU(2A4)z*Vc)_>bO`+JS`-|p`II{xoY(sfrIIe*sFOElq|9amhJ!V?KJm)9{0D``#*P*v{ZB-d2h|#C1Xf3smy`>*hcr8 zdrvMQzahCtBycrFaYm)Pk;QR^Jr0<1Y7bB`u8Pa!z*P4hb*ttwVNvT=)Wa*;C!6cg zg)!j+$JDF5F7Gss3MO1-N|wzZw6v`*?l-^WCJ+O7X5W zZkwW86g05NIIrBv`>yk-^S+1-a6fBGY9;x%_xvQtuJ;_sfPc-|J&|DWZza0?+yO z3j*sD*E(^NZrq62D-nD}qT8f(pIOu7^eFDUY?jJB@$MQ4_!F3OzJJ#&TKFWc=J=Vz z)tr;jq7TCpnI$d=%X(CtckZF_>A| zf(~}^yV&uo?1dKWQ@!=1f>ry326SrZT6kTTMoy(qrgBg|z5y2(gSl))CU9}lskeAk zd0%6$M)~+gwWmZ(Ds1dSw|u)J|K$7DXXvL~sHYXU&;)Uys)~xYk2`%S%{_=5fx9nDoMNU^n95e^NHe8MJUA63Xj^%ihN`u z*4R^NxpP=~M38Sa(4gt#TS;%U6rSJhtLf_u5L8%&pI{ zG~t}q7{k5hGKWZ`?Cd4hx&2y+uWPbU4z7Ne_98{sUigahg1w!*CJ}}F+gE3n@_+IA zmQp6(*QS`BB10*U1RvExbab&F?Nz;Ha+hOIk;H2HM?K5*q7Gaq8BS3*`_tREN5_>M z%BZ3wevUDj9oqnc0qpcDGdGFoXW6sn=6vy#P0j9@3$SSAin4Oa3H{y@R+yV{i|1de zrOG#9Diy2K?~06Plq^-VL(UX_tf8I6F+V#J^pwUp!51b9CzMVa`KzV-*B#epfS2bs!-Ep03u@t@-=6=SbOHL5{22r>Gg}O)9Q8Xmx_1w z;`TbCS_QmTe3^{T>-6TO?YT0V6Jo2KTF}+NK^>$@(m6=gZ?`i=R$FYF-sZYsso^gu zvtVTNrgQzltphcHc8}#+Igns0kPVI+Q=;{ z)^71%fSKAwqRWs|z0`XZ(4s3j$$tzBg4Zf=Q}o z?Fs@#rZ@mJ6l_Trr?0&aX2PlE;S+u!!NrIq}@dA#E_BLJ7i|Lr!3Z}3)gl0w#s6*3o&SEkyS<+O z?<6gW|5#ubtmErGO?;i-l(c&cxSQ+B$^mz#TbwBp`zeonk|{1j5}U1`%6xZ{jnG|< zx7OG9m2R&8m#+Yq>Hl7@-@N~4dwu`=-K6`_|7*qHrd}7`4Ya^AZ@Dt4^Qcq52B^6H zC%+G9(KSHp^p&QS^nV(Su6Og3P0RHEZm${t+3WY#_WzxvhDV|0so$!9tg7=<6Y*2H z;jET#c?9^jZio8fCyLy8v;xX&Zz3D`wYQCHn}#b@&ozFl8>tmU{S{{0hsJx#%X-lQ zqTY}D3V&Vi2Nh{G{V%V1^Pf#i^#9Ioe_sFZuJ!+&q^2s6Y4!R~-}hJ2`NuB8$UR`c z*7%od{DpzZZ9&O3U;S8G50LF&rj_uUj2*}WHuGGt)Y1YbnyQljDwE2TvEK-rMfsp|v`nXW4>F17V_x%S zZx7v!)N3zugW~t*N!G2ePiudkX(juwxW@Vu#s6$K?Z0*W&t0WU@2Ojd|E$A*zQ*vM zuP5qf9qjX!r|ZrCZSg;gErF%+KaZRHzx(@-*Y7{vNxIVhZ*dXrI{xPq#sA!Y*w2-t zebx)MFFD;@|KB+Nr}ud7{olRq$Lsrl?j+rZ{$DHpik`j7lVHUgV2npt`Kv1xQP+C` zY&H3xd-r?gxBtFbDgL`@|Lyks>-fJrNw@p{-`cvX3wcFW7RNqc)7GmQdH7Kw(`3qB zvnWjC$P^7t_4SLd>(r7~(*Jf>_SzvJOYOg2)Bfx2@9eGh|6QcTzQu*_KHAF|zFz&_ z@aL*o>J++QsL)J^Dwf4FkM1V1h2B{dijK9C&TnS4SBEVse}c2yRGBNv{}o>QnNQ2? zzyAK*`>(zJdi{4NX@P_{_s<$TWAnG6(&xiyE?YGD$aLzpH)I_b4;g| z+u>5d6%TnlfVYQ7=8Ga?g6gPtaaujx_PP{UcCoBchb{fp8M?^Y!uy=kRrEixX8x6@ zfo1mJ{@nV1duRRr+ufvw{a0VmE%F33CyIRO_|=+(H(3YY@A~%=`46TTCv?KNz?-$P zO#b)!jrSk>`}^B#`|nQD1{@KkP%sIKgQYf{O_9MUqp^9zDJ9_vnV<~34KVLS$t*Pn z3dkwOF-&4UvWIsln`~*xBZ{7)xzM%pov_H;0EQD|9m2y@;Fx~Q-Av!kES=y+?sOOT9vbjY5-@G_@{^~`LL^o~Ya{2G?^!J+bzxQ}=9shABX#ku|wLuyJ?-X&S=Gy>O3I1dZ-ybaADDDYnyl~kehyb3A$L4WtZOqm~1!5d6D zykukUc^^J}2sx8HMo;$*gw7&S1QnJDd6H!2s@!};ZJB`^Cgo<7z8z%+YL-Ssp>EOh zhR2BTuE;BKr9TC7YPrB*OaE`E3w13|>IMmmAmX99-`#Gx49(!2G=O=Lp*FY;_(?am z<9!RJRq9Hh8RBcsac7COqHQX5@9jR&Zm_QDrui`u)R= z+V4#mVa(6;s4JLseOQW2S8fG-{>tde7|mEaPAjH?FvmFW4u3j$^Y%UXzH56%{KWfeaCLyyQz3I@U7 z<5(M^PU$)^Fk5Cb+HM$;`=87#i)mpG*h6fVfo!XW2j3n{kO(zl%aJ7q zZDg!!fD}Uo7VMQZNg+pa%FnI}#4yFiM$JUX7sxMIWS({PytiD>(j`u|0GZ5${qmvy z4#@{2Js%pci+nIseU6=)#Brf*ifRYkQd_T=O$P#aIj-hY3HUMPW|C%lvNexG7-&;2 zHN_4Ozy{10uifSq6nCw+yLC0nUBr4$J;wosEb{9Qx@y$Donp&M07Aly#OV{4yI->TKU;oJ-Un2Xwh!_9%E zaDD0Ec`q0l#dZpz(rIw}@N`Ht$r^M~T#LLJR0Kr9hpqQ1tZW~s@Roe9i)MJ_53T-E$=yr3xmH$yQS zz=QMQP#cBA;nRP2{waBaL)-VE@j-suxp?3lp^bNJikJW3$&=uX%YF8&Jk(U2^;h8( z<-kTF8aJ-~k<5m+Pp&ze>Coo-CbQ(>lPAHk>F={==TDvl=3bXq2BeVBo?UEeOz1); z-s$_R)Sp%{FbBD zS3{;V$|8O?fSttZ!AFl?|MK?5;L#&EMr9-TBmhdr+ZKT9{>RV|4Ag`@&N1r0HgccDgXcg literal 0 HcmV?d00001 diff --git a/released/assets/rancher-pushprox/rancher-pushprox-0.1.0.tgz b/released/assets/rancher-pushprox/rancher-pushprox-0.1.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..722fba8774d599a26debbc0e8f326a0654b7f0d8 GIT binary patch literal 5934 zcmV+}7t!b+iwFQc@!Vek1MOXTbK6F;&)@tM^QdHPr3_HiX|s}S=}B_pS|2J&$$Kf6 z%L0KRi4_PS7(g~-dq4Yj_Z%1;ykuF`!>+q=lHIS@OR3 z&Fx=XTU!TvdyIbX@6+$C?Opj>U97)zuz%1$*xKFOVO#zEt)2ciZ0`%u(zptddl`@t zByk*aFYuodi-TC{!zq3>B|NbuQ z|G~lj_BU+n)+ktT{XgG-FOHMk%floVgAQZ9mwQn%cHws(aW_nQlQ0N)JYd~CD|pvx zq9g~~_&m$QQOJViagy=dnq!&%@9pfN{_pH<_qPuY_Sn`oc!0fo{lANAgPnrP@GKTA zPng_y_HM#sHY~y@0L5gWuvgxggCuXTi%BS$DAF{^KurY5O2o!dGGtRP_b1T$5d&QX zalYozFP~WVL0e#en2$-=*~2vBqwqZs*t-zg{nw_;Ud7RjB{B6xl32faUEY|=2_Rhg}RsZ`3JN?~z{lANAqv@DBhwMz= zV?KgGP!IuX3YwyCzt(Q<&BIBar()3Sf%Z*`q3b8po*J;H8*PH`^l~PQV?C}oR&Ncr zs+}ql-xeL5=$!;y*%T*H=Z~t8oZvie7*Wm zn`kWkjC(n6(nhQGJ)qF{xxmjn%-AFm`2zv=FMpS0SG35Ck3*zdTEIFVTy_YI&XOsI z0l?f;f+`To5VH1zaWgDsr&w z67PZEpIolMT3gGKX$tBUxyxWKuD=W{wGDO84W@?4F#fH z!W&cXiqj|@*_E)%o|^h{$#PL+fRjeWKpQ=|+=rpdT?V3qJAMh0$9<6J^Q#b1e>j@K z$ejyIa8VJJ-GP-zoeoNq=NY3nLbX+*^V(80V9K-r)tdDdTE&GuHkrZ_pfwu^Or#ph zuz<)d^@8+804^d4<3?v`!Ks%)v;jgYG^usdrF0LMEe%t^M_v)-?AnV81bINf2KyNV zKJy~_u))scJ_ntTfELvR>?7E56F0%9llR^<1rk0&D+e#8emm7q)Zo&H(j|OB`=M_b zV>INrToob0ZhTaFK`M%4C}B7S&DW!l6##OKeoJGV#JLy7qGHNsAYJdgIJcxr%IGET z9&FwZzq~rXc>C=1r@;@_Oh1((iWC8Oc>R2&+HAabw^>(FT2bVMs zx>1ne+i(-TA)xr))I$T;J5Kxp-80Ew4{Q>^!3{--+K)E3ve1iI=235svLdz{K^>HF zw^Tp0C8bMYhv>Bevu;I#941XdGE52hwg^52(n?TwFutH%WWsSCh9SA^CC##wjH*Bh z9?3qi37Gr1RD!F*`qqu8fR+j#z=e_D^u3fc6&e_O&*MN*Z*k|PLJA@A)MiRML8(%M zQV$@E%eci};0JQ17=rDX)NzX=fJNab^z}};?Ab_7OL_<*8=`)f5DZw2g9~J43<1xh z%2rx#c;a14I~9d~P9Y_Qk3jsBo&6{Eb>LS2nnk#lSJyntz+1}w(UwZLKuAf$0WY=E zYBT42_`uxXq)97H%coD$tGf6tm^I2Oxi58E3ciQf(04VOj1u3A2G&TjGcotmr|xAb zV3#G;ijPuoy4~993c;V_sJO$pLP|GzY!rE8+*&Cja<{Df6L1=|i9EQ{C!rj=)Uiut zsxIk+!4){cvK@DYwN`zsw4#lSxJw@ig;yo1c>m&lFLYOK> zU>4>_(k=502Mtm1lQiULSpcTuI%1CK&dX*pIl~e#2V~%5b}~)#8IY%kEfB8_XSM>l z2DcE}p;4(>IGU>o7?SY3RdY+OJOyG5;J~G-&D1<0Y8e`jT&1@lj+n#UFGA!MpDm&h zzW(YY`rgqpPI_ONml+pHk%0s%JI(YBz~0kPg$_ocbpWe$&)2ezLx1>G8ydakIpK>W zlcVF`N(=ByG7!=MRGg~x{*CeSB;qn!ki?P;f}Z7VqEC+kJzu|3Lr9m_f@TctQpVl# zOk`N9*^4SBDg9&xnClpLI9qdc3F?w}Ww@K5&5=emka4Pk{4oFHt;bsxQf{`FlEC(@ zl;f_lk>x${qTjo$(>dq7Ov#mHzgtMkm4j{4 z&T$!tQUp99wwR2Q+5t2Q?$^$|{xz;f{y*oyJTSK6_D+JVeg0z`zCXA>|8W;rWB*ke z=r#|4EUEwQZ|&~X>%ZIm{rmdQU0fR`9VIuOENERQOyw5~2kiI57tbANHpMD!Kt2N- z9CJUyEXTE%g)*3wUMTehVK7V=%)sX|V_`7YXr>RRVAQp*#Yl6Q*ix+HjINf3^|DG{%(K&$&>!}lPB9-zCZHd+S&3R@A>-& zBmTJGE9csH-gln&_i$k^lbjC_ddk4r1Im*k&_QA*BQ*^X$|Pmwpvg=xcM4)^d3o&i zP;6E@!e^MZ+S{N3wM0bG5>bT|s1qu)GbL6o36mihU1FY;5;&CD@DQ2_1Yv|l9>J6{ zvlV&Caa{f zRgnS~wAnGOVF>fL8H*TTX@#A^rqT8COE}!I(wGCbeX#SyUK+0_ZfO)nny8k3tjSIZ zzpIQ%r<#-=FyM=dAO@6%=ycRB3>x1swqa)|5hquUR#j4!264iuO{D(zvk<26NbP{;my63B8l(c`%K;gg~ zkex-URNX#W&t`ooMzWeHv)3}OfR(L!dPr@G zReFk{x9#<4L}vTF0ek%h=OEA})h6R$ZPA*~%vsgaAj&zYUG9ws?3zxfI;vg2{2p-z zY!{5*t#$6wgnp9FkQ?IJ;+dmxn1Kv9!$Qo4bevYr+;?~SV0=1cW|nvteI`PBnZ`LC zsl663(wGB>HZBHJN$_E%T~p0k_D!Z-u#8jSnF6$9k+$acIpf>kI=z}XJEy;H+c^5J z`{rwhDEHSFycXntY6>izZ0PwnNenEB|99cPTKvD)-@QNoc_-J04-SITnj3`Jul);M zD1Zi)=PF1vD#yUwtH%PL!?^Buu0k{{M-t4QfhofX1vs61Xuss+5fFrG$zx=JD1cSd zy4a@6Tt>h;@`fDI3Utv)=VlMt2>X0w5I7;mVY}ErD*yrDkwPHH`FBLf*M`(YzPhTdi?-ERi!7LC%~mSt1nBj8=+1+B+-m-|8^0s!{Ht9 zDzSE75DDSpy1EqJwN~`HJLc%Cksb*5sITLE#$Nw7+yHO)Rks|-IO8LnS#SD+RY0qz zz^+ZRD28~RPlftp624g$uv<`n6REzhXogP&iojyA*Zve176u&~O zs4!uH;l_hAyn7hW9>7fqwefkl`QI058gV-J7b(kVH+=!xK+PY>yIwrzss)PpG{gtj z)JF!v==%ZN-`m^SgIgmZmF|{?gMd50XNAs^gu*JBkkhRAOiQXmKiXt@xI~fVum@b7 zI(eXPfOE)rZa(T$GI)d1Aw2j+-BOkStE;E<UcuP=M8f&Xt@6I}BA*G~W7poafyS&#LyBzjRx>P4KtDd4>;UkWEa&?RG{ zo2dBK@q!@3RH!C}Jx^xRiKojSh+T57DWvLB&Vk(U}h_Qd{ zU3*y%f});;=%ROJj@o0YLTR(Asr9JijY+H_Y(q^XzxuJqbH676MoG)K_ZqB+bQgRbl86>H8+-4h>V;O}#L zNfeI1Ok#{tEB?lONwGTX16ZsJ*{y`GYFQLUzCall%}vwx5j#3Tm{}y!qZ@KNS_J6^ znqtzbc3ZoAHrLCSJxd?o-&!c7x6R1P(<%+;jYUo3p}1AQU9FWaci^@5%RITm#Kg88 zzV+dwB?;W0B&>VRy^LPuVwKU!8KyJ+R0f?@ko8e1cHPD($fN=L_QTQ1*~QzZ&z_&W zeR=reAy)cp}hzK&NsxCEoAA;((4q4;e{1NrTOUnjqGHC&oUMrmqaXSKO*DqF( z4<^wOsc-8u;lS3-i^H>@PcCff_0yJ4jUMdd$L0$C$utSr?(Xiw_H#)$&wfeDYiuXN z&AoQI>s{*Ymr*^x`FwtR4URW2Y9p;~yjG{~=zqPb*ErNvX_F?DJUulw@SU;A36{!@MP%lc)YCFj4kcXqey=fC#% z`uFvpySQr6diBAMW*MmcZAA5IQ29izE8jRoPh8axp{PMtsS#1Nr#APOEfv)!TY8Yg zyuwG7`RVMiGL*8eWFE;_J;$_8+Lqq@W!%qO0a}f$d`*qtbZWMkv418*s#y)n$CWyG z<~g|VvN6w9J&P7&H*lH-GMoM9&B~ZL4cB@eZqDZ1dWCJ-iKzduN~JkJgfCK(yHxSb zQY1(SKdZ2TZ<*sUJzcVTH3L?hCw>B=b#Wx~w>inwsivomfa|wss>A%Z^Bvq3`tAhl~0f~-j}oT z`H^PNWv540IJr?RjD1c4NRqeY*oNI`{X-kF_vatkXx)AoYllZx^ zpx99TTUgD9lhC4CFOz9~0kY-Q^^1rGtUMXF3Poj}N-yEtw`}kudsup<3+*t~Ex~w* z?<#5YBS}`vZ*|IuT6{ebU9LY1q^CZm9XVvx8pxf_+V_08q zbW^}WVbDppDSw+Qi+wfGgDtNf3kTxNHS%)v8dg-wWld{B?H0=a3hYv->n^xeg;}dG ztATlM%&S^5zuf@0rtX_Q!6AjK*tEM~-<({(LrIP{9xf?I%(u{%`MnXtzcyO9zwWR5 Q>;KaAZ|yZd>i~KH0MfgrTmS$7 literal 0 HcmV?d00001 diff --git a/released/assets/rancher-pushprox/rancher-pushprox-0.1.1.tgz b/released/assets/rancher-pushprox/rancher-pushprox-0.1.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..4e4581a087d7f12267bf73caab9e08d8d50cbbd5 GIT binary patch literal 5926 zcmV+>7uo0^iwFQv@!Vek1MOXTbKAy}&)@tMvsChIr3{c1b=a&Vue6e!xSkJ{q+~bc za#0nNd)KU>FMLw-2)`^Vt>LjC!L8&nkDZ$ z-`xJy?RF3L_89%%->2W*on84`U98tX*gxnUboaXZtlQh~_PgJ(y)QsZ?V5?)%Yc+1 ziQ|xafj1S6?V#Ccv}7E$4)gnOa%I*1Kbm-1?#{hwbZc_}KlXQb7w`XmzhCTsuMhiw z0P^w;>)sj#ORoRt`|rhZl6!fW#A485%=dCHO2#hy&Li%INoNuU0gnf)oo6%Nwwfr( z!8Sh6@^BRLV8GPf=610+cEnudeA?VG;}Q1+cW?kRhmqMv zx)U*AQ5etOx4bm`jb{RuIAGU3_?ViHUAO0UTLBk-7N$AfI_J4yvy^!(;Axc1r##MC zGGh6Jvs0Mx6eeUi>zsLU0L_j)4y%A}*h;rRlA;j03b(a@=zN~SZJ;I!ecFK5wM|y9 zbtn5@(|>ouqiHyflZ@Zi9INzyufK=-zqixh+uiB*SQmcm_3!onF0L(h3M#|1Sg<@{ za^Kmz36I%u7DfRmCIf}N^2Qt_d5c|4Lczo=O_L1NM1ZVBY#b#+HuZ9U0<9l0&{YuU zYYzSLiFF^e1qO)un1r1@Ofxy^d@Sw_5JC z@RNXd?nZ+@@2ctl*~#JYixYPm+}<3^^}n~%KiDbjfA65*-MQEQySTRMj;VFX&g4Dj zBNzk)5um1^Df;$n?dIM*oaA{b2AvLQ-()s){bbrv19o(yZSb95&V+HS$0f(=ZQxe5 zQ$=Dt_OICxtOU=wfcvnIfE8M;XEE$l6bbgay0E3h(n>`q&p7XlCr*k6ucIwrr#jR& z8cRRpUe4>Z(Q17UDD-_U@G}oHHc3SOK!E+r-zC`&ji7ZPf*qca9J+=~R5`xy8Zz}^zcaMw@b zQ8=Ducq?ImioBE)@_|va&=+h36EN=i6Ag)qMQ6!uJfVA%{8sB%f$jqs5#pZ2K9`+v z9+E3^C1LIjBhE%Z8TK6|QIx#He!}N5np?o74*NZs0qaU+l}Pd!dL$)ilVlbJ3~((Q za?A#u`6p8LV289PKV16lzA!`w>9wwKdGqDf;DH6Hj= zB!$0E6H=psh~CbD+l7C<8WmR{*$%PM(6VAy&HrC6E>6$cj5v?5To5VH1zaWgDsr&w z67PZEpIolNT3gGKX$tU&1ewHX($lo z65g14SDZ%S$gYH4cGT3DE0&8I1DrG}2HNP!<+9%>U2<;JkJ=t5vr{co!6G40aKP1mGf)Fm7~~7Myw+L>nNaLX%oGT}tEyjPO@V}u(8|G!sozfd6E(OrqI3yg(0=F} z#uyDbE>}f}up1whUXY677)lsULG$$}WCeg6quo{b}%nHPcUph$2M*UY@|@icznK8Njz?j5<~fUyo6uWW8M}*uf=@ zgKiWg_%_@`X9y_1GxgBGb&eB%hVGfXeoi4Jg^xh|lm7mb>N;?%f6XFX%d2aiW#BF4{%A|3TOg#Q;eeM~ zX|IPG?2bu+=Afkc7)!4Bh+P~0EYBv}FQI@X|VsXz^7h6;pXv<}6m5#+e+ zqB0{;EJeODVV+#^xZsOMHX0YfEj7KuIz$l;WX*ec`fNG78nDb7ObS9l_U8QjIivo7 zI{*W4|4J;M4mb8V%y5oF3o$CIQfxg&Izt2~vp8^Nf`~Fd@Oz5PfyH|$;@3$8PK7X4 zjKD0+kEC1X84env;3sLw(Xs$c#dX9S(VdsgWpaikU=GN@$LwU9=5ruV4?9D=Hk{iE z-xljwU#t2pU>WnN}nB(n@8P}ymwZvgh5hAMP03atZJrF*`XZ5;Z;r^?XiEzb#G zB$*r?|5jRnUy^~44xr>zrT4FmmnRXI(SjtFToCjuZWDca6zKW-jT%C_v<5U|V3#uP zmS-ZvQqEqKF-hSkOTb*mz{B~5qf1biyeq=p1Z|Eqs)3AC4djRUA9o*jOQhUvFC~G^ zTPep~XCsS&q@}Dtxyp!ZY~@3cXJZ<-3+7lnO{x<~ucZ(z5>^O7>-&o^9ndbJvY{SI zrKoG#52$J%!G3&{`umeqV4re4luN?h3w$pND9-eJ3`M_pS*vxq zG|+7x09jH0-S6)9tM%WV?(Tj4=Ps@-la7)bPZqQ)6sGcvg#-5c;fv=EG@D|THXxsY z4UV}VVV2|C%R(7UN-vapf-o4S3+CW+nXxdKYc$h`Q!wh<*J7kOOmeH7pc9q`BtT3t zrX*!<1Arn;dYt%IJVWAOl1=lmG8@K09EKc3c7M0G|Kv$;=gE_uuJ4aLxcXi1@t(hb zFyfDUono%7=RN0nZx0vtGRgS>p{ER-J)k_91v*H~WTd7cLXo5_9W27(ZC-HB!?GWvNXpKHe1##t$Si%8K_2zWV_ z*ioyuA)1sT3rb-CpW!KoXx?ho67P7j!Hd+ns668M7i03El9Jmq!l~JOz}oE=smVI2 zY*nOy1#P!XYZ$`(ZN?%7SXyCcuxWI?`~nWQtTg6;?Hu%<*h}Np#4U}YNE7AKk2TpT z;dhlWX_b@G0|tCi5yXJf5UrNlg+c8b#<)vM5pd_3U{C*sE0xSUq=WHp0pnV$wJj5S1>-5*9(vr%y!GxfE;I znQ0Qplweq{nxegwvQc1lRUeeiW-U0u#+p6a)Wt6mk%|PM6 z9FUzws#M)Um??1*GpEYFna@S4OF9Xp>a3i8fO{rGF<>7)$wso8D6`ixuYi@UYI;a* zidA}wp||bzXhdfFy#agu2InBqCDkV5U~SQw&&^rY!XU~ys9o-j2ke>-&N`}HulOEu z25c9M->!6S(}aGK&XF79+47mAaF~G%IK!Ek59v6qnz`rp@oa31%*+b!qR&J~FH<|G zBemB8MjCVA(8k4JDhWQUwQH(b!@kLs3zl(ac%}gDSfs7Fea`syw@$BS!OrQgn>LQV zYrpy0AncRUawNg*8JIGRP=M39hxSW89sxn9mOMrlhyqwO zt&45i%w+_uBX7tNtw0x@bguW1jj+#027wb|9JY)7vl$=&JW>ec{|x>iMT`0%O`_1B zKX_9%>3BcT;D(xnTu`HHo(-V^Uaubjs4DfO^8~mwXZ>XZe4XDQcpq9 zhCsPq)M*l&DB+kV4xo!#ndub{P_-Arax9Nz>y{If{8r%|4MDu8*9uF&Jfd8;8BQsdWYYUy7X-VId z`;+H4op@hPtXHRowAhB%jhFRUFH4fXU{gyaGS#7$hk_kQeg_M%ymw{lig#(4+pfl$ zsZ05;#WUM|D;%{ZmP0n7D!hVNNYH2i|I;uN`G0}K{Y7?B4Mhn$zuX+Sv*IL~1$3lV zG-X;Ti%wa-@;nmmyjA6`x0$Ly%9$F9xip4bBnhF_U}3Y|8yEBzX+d)X`AS%=)?YQX zd#eZ-1@ezsl5_jJ+6Dn)%EqFY$zhH&`Xh*c{Pv+b-M(G=jDjCQ{{1b) zwdE!%zID7H$gtI`vx{;A!e|ca`HyulrWa_}uBeo*3#mn^2A?yOaIc|ALC>aSdAn)A z3PT$7!>*9o%tG?vJ15d#F5~QivCF7;-S+j$PL(d*!V%EKxu!NZCT~@0!=9K*V-8~M zA3N7x)`6g?BhkO;T$!Wxn5t0PtZHf<>Ud)kD+t?A6UncB?C{+02oVval7egf>8AAB zlXAZ+K3~zzfhLVz<-zGyy?xKYW~C7pth;iH$Je%&N&}`;)KYyqPxLfPrUUCH#DXD@ z0+o%a-N!&_zyNCHGvF=7ytSE7i>uQNSd&Flr&#JEXlqd)W`RN1_4JZ8XQu9n4>Iug zxxFL`$6qEf#;7HKW4@$Vo%H}LR)y@A0#sTSg^@2%#zlS8w0*>mP7r1miS+1(+>Qo8 zx`C#cw5r|KE}t#*@bJ|a($x;U(tedEcbJ&i zw!^nRe6%Ei`;&yV&$*Y;i(ITSIyu91uAj=FvkJ04D#fl{8wHs(VBdZ?Iyt*|`}EoK zleaGqUz~iZHw4>;?f!N0`_g98)X|8CwK1*M#dqhgemy%n0WdHENm8OsGWjR2I2<7JIE5t*6GL)pJ>Y=J=4l^Ji)M z0o&c(UD|#j>E_ulNqL3s zM7X)vOn0?Qwf!op7dKzbZ?DGj+U`o8AFkwjy<1rck5;^H(QO}G(Kb)=J923V^NDs_)lGi-{5OGT&k3D*@P zn@uTA^>wO4YcNDtz0}z>yzYxgf7ffB`cL`IFPoQvR-FIZ>F@4T&wuUr5AN$fcX3ss z_40!q^)gWN+lZ>wpyG*KSH5wGp17(WLQ#XPQzN2kPi5{eTPmtdw(=l{d4-QE^V8X3 zWkO|L$vl#=evWCAv@N~)%ebGn0<;=g`I;KPX;rK=WB*QuRI?fsk1MtC%yV$zWn-SJ zdKN9lZs61lWH$TH>yB=b#Wx~w>inwsivoifbzEAkS+J%W7BIL|1U$6n?Di0!vFVo zc6t^6-#^&BfB*lTTn(9W`BVy}q%G%DdQZ%X;~(aMmi4WwdY#G_HL7xsjZc5b$6#)L z_+#<3w{Z4j@!;j7A3Bk{FgjmSu&S1;DzK#fCY<%pkTmpN`vghteK~8NAF20Tb$Vot zlN;s2*yj|0BzY^2ZP<-AKeQoxfBun;#x2>r)K~4dMxpQa0Nr1}^elvPX==&UDm+&_ zfL?}k(ttI;#BwvhR_(e9udP`2JzV?h*Ao2qcEY0+)XUA&&wCZnD*U&0F6ZT@0Rtx za(fX?*4iPvRat@gUcYZxHIofjwIWg?QR!5FY{+Wew1_I@r^ZDm@pENCv7!2ZVbvc_ zLW^p>Os4S#$d*^vFCrSS;$+-96cu?Yy@YSyvcZq+Vd0f7w8K=l1mhvTtE9<~Bv~cD zWhT%s^)a7|S6H^$!&<-M&Cw0hY;QM7ZmpwiV@YYfYGT^z{nI;d^;7SY`A)d-U;R}v z-vvPbLT{;n$aa$mJ;Wkq!|GUBm@3L~B+nEtk}x};Rn=32Zod7K_~6H z{B5r-_T@wmw!C^Q9EdYF$jdEiSW+pM)vXD&TPpu+uuGw?yWmzCX05}l8s@z*uPVv> zW&_-qy07~LhZL@4)9!+O3v&GqB{`aSxS|}f*g{+8_eKo=+Gyeay1(wP|4Y~Z0^$qT I!2o&y00TCvO#lD@ literal 0 HcmV?d00001 diff --git a/released/assets/rancher-pushprox/rancher-pushprox-0.1.2.tgz b/released/assets/rancher-pushprox/rancher-pushprox-0.1.2.tgz new file mode 100644 index 0000000000000000000000000000000000000000..b60ae4b37c855c690ea49976a69ad8f9ed88607d GIT binary patch literal 6095 zcmV;=7cl4_iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBxbKAD^X#VD>*ekaucBi5wzmjN9&K+MnJVd#I=1@Ar4NxAp)1e!u>If9J){v%%Jj7dtzHo$W#YS%0v-v)O+J{Re~Kh9?)2 z@Mryd_f;R<-{c`_$|RALrD7NWL`0H=O~QysnP5m+Z%X4B(;;*u&#~hbv6Q3AM93u_ zQ;dgT-?o=a$qYqCA{>J0pgUtJm5kGL(iL+dan@duV}e9rS2a-dQP6BaGWsiWL0LM4 zi$OrLtoYdv2Vp;mQAC_(QolMuDIm{)K#W|!3ZHELSPIul?>)A=OA&GB}AeKgP`o5&d3BIVyPrFrRfAl zOindVmaM3L8K#3TM8E`7Ovm{|(RP_TEog-Jk1#2*sG84mIZ$jlXAB7Q{ z^)k+8D5sctKoVl(e(T4 z>k!_K)tteUTp)-HBT5qBC?uzm))_wrYp_m33>~0i%JL)zmL_xHd8#@=8O3&>Y7+G) z1v6&}WC=;pRnonXC_%Km2UCv81hu0R9r=c zsU2I%VoB-4@u3!OrAV=(7;5n_?Dd?u>t0?K6LEdr)rG^$OQq#AK_a}q4#h=hKDRT4x zR~#sQ1SY4*zfggYpkf^=AwV+f7 z$SSCdI4Y@1964#3lIyQ>3M9rqa`in!KBGbysguUKO#g`H) zj;YflF^uMF;w6I_IY%J5oH9=Ti?J04#Z>5Sa)Flp_e^X19Aiu+C5gD*uwyC|vf$+8 z5Cld!r*aO_6r*#~6HWD7JUOSz8mHrVwfzIiwMd?;folRYRGy-m8^Y&sdUyiLv(V@| zN3F-~m>da2BvtG+W_cRxc2)TU$}Qcietx0}YQIBMktRU6pJ~NfmxB^CdG47(f}%2PqzrZ-W$TlPpS`XbQ!kcm@%QG`MmICN`Ywl(B&kV z4BA z1X|22(JpezSw5LsEmPAlR!R7Vk+V5e(}jw8*?-v&09KkcTdZZ?^n9on$|fS9xozU~x6Y?;?V>zAf8x{d{|oP|_j!s*hFpX)yWdj4690c|cW1Ze z|GyXvcAxzJ$9UG@*sjL9ZDY&eZ z1|<=-O2=l&GJNN1`K8+iQHNZ6@S&2+EIlM6OoV~nu7wV@-|qJU*Vn!?>AUrXLwW^& zt5INtXq=oN3!|*k%TQfU`&Z(6l&hi$3RQW0eK&7h$jMr?i zq66pD7r&JOXN?J1Z`2cI#b!4f8*P-^sA$S~RN7fw*3F-rd9R-JC%+fr_oBsB{66l$ zI!&V_kDHj)WY&Rjqm6{tX)4=B2UTLKF~`2K&K6Oa!Mf?T&ZmVf@V)33s4pkFNnljC zNsl{C`rBBU>$0IseVEkNG)qN^FMBGVoNeKqKOJhtO-@t8D*7E5SP{N4%S53m1k zu>WcfoapiqiSDv7w8Z|~?r-<2_TT26+|orT3SH;|`A7_vu?HWY=K?D= zwZ2wE>)u9JX>^k`Ua%zP5a0gwrgc5ld>2xdy5)-x$A@Zgot|Ar>v$vj*qNa0d@6*F zs@v_}W3K-XO=Fr)zUh>+1dnm7dUlh3!zcoPCc)ksW|5D6$4FW-Fb!5`NV^KR#)PS2 zgDC3y#Tbb#Q&vn&4TO75$|``|ck1c`F?`y)7>rO7H>e{PpI9b6(%=93;}RK0L%mT$ zFKB`jf74;ggnWnc3*+a-s-}AP_GrIa=;-Z1`GV)^p78fz>Ity!tTz_)=mI0 z7KZ5_s5y=#exD}uW5)Edx>+$OQE|bNeC8VK!gGNUNBR7|GS+PhSU&8+bDU*zen9zi z_d?GKkyG_TZ--(0vwdYHK}O{Ch~t=k)udBex9<>RZ}Z!Xq1+pxHW=dMBFpqB~sKjGI_4qYoTp}Mr$F6)8T3fi?xxnZq8BGuG z+VQUG*p1FM>7h+McOKSDH!K7Cf=R7}NZAUFeaK6Y>^Cw?ZmwPHx~5%P`u3x-imogB zor`<+>((&pb!?h!v#Qh+r@|PGg~9(51gn9lERZ@7bt<3jEkI)*FS zcG`6mh2G_@_OozrCe&=(z>;nwEH{ba`g*vqm?V=D-f~;Gc%ksBZM8;yThy;@J>bw^ z_wpOUYH`9RqU@;)-R}60IDP%y`p@rAPCvgr+NgZfOPJl9C$GO-KRSN@|9<=Y;rOsx z#QL{g631MXdVhRcEud|*uHy68O=HXr(2rfxp_DF=t_;-~p)>bdf>emqp#+__25Sgu z;SWDT%14$0KNr|d+{c?RyP)l=)w^o>W@JwtE?1%}&S}=Y&}Hrn-m;|)zhfO5)m1k3 z>)r+7J)WmMWBrR>xyuz&*0bDfW2$<(;+;XPS=a?MiTU)phcfC3k!X|35U%%UnCW8= z)q3YRUsA1mj_p+=vO=fbh;&u4N(&3dU3-P;h0mo%fLRvxSYOAJ|HRpB=)D9OQ%qvJ z8q;{M9Hk)$Nn|cU@^c!?bgZnI%_*MEt z((d>>mMR~$qHl_i+E<4`zu&JD*#kMKdRW?x{6*2YXil1wkE&ufrrZN@rmC3fXd$FK za7wYP>X-Gyrxt4YvSz8{2mKp~^q~<+Q!4itD({G8bB#mspnAI+E4N&M*UB%`@iX=c?R)-u!lBF(c}9i+hbWz0&2kllLEv_ust!ZhcJC*pjw}xd&Z2 z&k)9-Pnkid2_;;CP$H$P%-kuG7`iD8HoSfccyH59ZIH`*@yB|r@icI>yf5!hi9$m6 zzm@4T-Cx5${$Xe2Cqffr1!;harK*lD@|8*$v^H78+~O9`alTT6O(fj_C257TL2mmj zn=2M5N}CY*@9I6NhP{`kd&mENbLvxXl(kf9)PSq2<_M$djK#3My?tZ(g`hk1S;%W> z*MJxA+TpHOsh3{{_2S}-@l6^SZ_KX2`QB2jH!HT(T8jBqYP8x(RSs-5KVUf)BOgtf?&{m@4y}L?x9erkCP38yf7(R)TRp4n{}^7sYxLLh`2Ruu{Qu@)dvoh) z|K~BD7EjrnO42T==f@lU^vK~~jWE?^TOrj**uQ4*S7T6*9ANd}Nd42ps~QkLM08aP z8op6*RSP5!5red3+Wzd&s&6x@l>@8%mv@P*D&m){J^M%zR)hACsJlj3EokmO5mt5M z@2_yn(bKc&S=s)($Bj_S?7ywey8YMRc{>03IM2h_f3@(R;z0WYYKsR5|5>6sU_tbc zImmVQ;Gf0aK0xfx;>N3?KM*Wgow;Gdvc6qe+u^fQcc&PlmbxoP5ShAni63g#Toyfa zi{PJDyK<%2pX%1?eYOw{3`+uk{6e=6`^k#qYWEBJX`R&DZx+|+hCwrE)rI?eOoJkh3WC*AGCS*erK0$fpI$Ts$_`>1# z!+u(Ayyvru{bz-ry(8}ShTszWZ*yyVvu6KoZufVd?7zo&YT~zgsJR&iUOV)>z#J@Z z^$jD&k?G*jUR}PrBjYQG*(C?A{{(Tn;7s^Jx$CwN-7z06_v{vmlaTgGzSU#QZWFed z5l&`>ZSh$|Q&gz@s0)7z8rt`FHqvJ6u)MBPtB?3p3vO%D>cRL0x=j<=NB>FFI4%}M zTbD!^OwNNx*gu@I|4W=ySg7tRB)3G{uMpUrP$4nZw+pTw&AhTP-~+IdHLwgVPv*dF zpN9SqrBxM{Qs*ff5zrVB9xc~pf=F|DFM|sxZh)9XtTvur39llI4g;7qEn5GlR zNOVpnD2iLaMV@K717eCv0+WP|jEJV`AIfjQ?MAD z=!O5a5yJa4nFC98O$8EU$RVLAhCz66^7%wEj`}9!*^H&|>;4JEl#3voP}$S}8t{W~ z^k3f7|GF2`Nl*Rbeu|5v(RrSkkcr@jP<+XPAHoqi4}J*cO#RI`odiGp|6mP% zC7iNcz}tg2B2XIpcZ_5Z(iln46zA;sAiNL}i?R22Sov=7|M8o>gJ0f+v-siqSaSYz zbL+)so&WngPxrq(%Cpu?TM_KJI{_h@5-wpx1jfM9;`K*&m+GhWmYen66{N0^y{29i zX*UikX*b9%l5P}tx3Uxn{HHk4<8I0hgWzo{BuNqhAL|3V5m-G^(UTmpH<@-bCGdJq z^7ZOXZD@PRT>RXC&0HExQtz5+%JsJ5a{;N@f7F9C%Xi4_P0=+xgs=x6kBTe>@IFIM zB;&2aFm9Hg)PULI8}<9%_m6cNheR-EVa3Hg^@R!OpJVf{oY&E}NTR7rm{Jbf+_hU= zpc@9k2b1_91*+yGjnGt5{b;(e^C2!d1p3jQ>9az}YSny2GZj19cpv7gBFfzS zO_CcC<2QlkRML#PRp@n%Mpfa@KwDA!Rc3gRBgXgG`4s;j_lYUM^P z;)zE$IaZ3)6JnI9FpMlIRSN7WtrZvJwjh{h%<`K~@1RqM#G;Ig#;+MhQj2iCvY}5z z=~_lC8_K8>lv#@~bSHU^XO?iQ7hzN;W|}tv4f*X-;M1Qr;Jfhdy>}q!Lh# zQy(eq0A-d9{Ol?&ZAc}lN1wb|0_c?A6xptNJ+XI;a|pyJ^|XkCRlz6}&bNgTm!mGlxsd z^~YW|7YLy({;V~#OZ)Cs=d2{Kvl8key@?uMr&Al9f1F>9P$#1^c|dfoBuye_w!FLm zk^x7f!7V=ttI!RPomo+JrhgQ6h3eo;$86Q0sH`BXQg2eDRT@WQiXxZTJJ;k4G{iYZx^Cu4EBCcJ+4 zj^5skt`=Kn1ti^&r{(7E?78i}m4MvMlSsTHY(deN@wz*R`hofG5+sP7`Cepq}8zSE@$)H`?<;nRIhn z1ev@A z2b`Diu9m3m3eH~kU-m1Y+-)umfbCP+j9gnZk!3?hQr1klT8k@8;7G6WnBBTBG>Id^ zW9?^>NV%dvgb)NLh~<)886fZgi*jXS8+zu@IHKAEo@%rdD^7L>lu!u2^~&qh^YlDD VPtUh~{wDwc|Np9n1P}m#005c49|iyb literal 0 HcmV?d00001 diff --git a/released/assets/rancher-pushprox/rancher-pushprox-0.1.201.tgz b/released/assets/rancher-pushprox/rancher-pushprox-0.1.201.tgz new file mode 100755 index 0000000000000000000000000000000000000000..2dbb296395e685fa3b75ef6e8f37d0bab49bcf75 GIT binary patch literal 6104 zcmV;}7boZ+iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBxbK5qyc>m_7I6t}F*qw@!{7f|4{f)1kZZqp99^2`?olGW% z$Ri0gMX&(qL~Hwg_B(iy;6s-DsI#3h|41wnkAs8r1P*XGNuw$9ZkCH_#@UzN!IW?r z&dDtK=CPiBzu({8-q!#3`~CX={hhtNZwA}_&3=D(usP^|(;sYa?`?kr{YQh~mM0gI z@NfDL?yEkyzsN(BQz^n=0a$XL;SflcB{b3~4laGLHv5C%Yft|-4gS9*Nsi)C1;7&i z-|g>g*ZF^MbN8A5pW<1ALmZPlkzghs#*8;8ISkg|Y)S=C0R(>A|K+GVW_(7Z#2Cgj zK~>-oql9pTOTsA`B`82L7$Iat2#kTIlEIwi93;-Ngh&)&5R~218JQqNER}?&G@ZbR z$*Jbak`>i2!*uYO2$*1soM;$0o9VA(mL%-6s(#3#3*-v8U=5~HW@6auO{kpaqcCE# zUdGuB<}X&5k6Bn1uB81kTEXd>I%YN4c9w~rr+P( zgz#pp<_xCf5Q`HH|D7FJtlc+x_ zm^n)zOGt{YlJ12>5eiK^dhQh<%pj#`XG8U>!1_#+1X9FU6&ENy0uj)&qgORfF~LYO zZm5VQifk14syD`Cnog3rnzI9zj_D*fUxQ$hun|eDUX%%{zW|J)vUGcb6DlO1524cu zG@B?Qo@Fdm*wFJs1&mOUfK_%FTa>8*Z3IQ>A#{qri?%cZJg!h9oT0+MB^x*V5rT*~ z$uJJ=_hZK85H|O=Uim{qI7NO*BmBicV_LDGiK6X-qrAod(>P-^m4T=-yG)7xY_W+-#$k78_ zaiI7Cn4BX2Oa(%Migl=jG*1$R9aZc-Pc&6p{Am7QdJ=x9NK%EXG2@>JkAbAB^*?ge zK}iEsH4kr&RrSHkg1+px&@sYuHag^d6p7kH%5r+OH|m?Xkb zNQDvgv>Cae*~rqtB_;6l+1c@F09L?j_FRKQre$g|LIn)vXbLHaoQx>}`~SLXL8%Uq zRZtgkR8o~Va?&y-*I(rnNQ{5v>U)NKMujj^CyjNR1jY%O*nX^(vrS8;aHHSU+m-AB zQ>RB_7|qqhO9nG?fk1LOWt{#SV=E4dsnFfz0xkRRo7N6E#+XV<5^=X-$5bd}!RhG{ z2#j)0}^gpkk~)pNt`8!?2d8&l|AW|Wjx zZc2eE7IP*8vm(Pyisz)H0aUb}ZV`OFH-rx#RUg{uGHk;!V?s&udEv>F0@3uL%SkdB z!libry0+Y){I2W_lEy>$(5Y4K=nf;6%@sDpo7;PyQO=d7>?U-?37>aIxtNc%*JVK% zgj<7f5CmG@EKxIZ%2_^{T6I%XHC9{r7LqeQRMUm7dD(y24**u0K3lA10`lK(JYuk_qlBb^|#K)ukEWmKac-3{Qtr`>wTJHk|7tN%pSHBu*Co0 z+THHg{QtfF?%>(~e~M=fPV9yKOWKHN#+@vmGy0k znS#qoX;2bTt8`+PEW@|1mS4JU5Ov742OlbN%+ez=!bBM8?ONzi`|W-&aC753lfGMD zIHcF`N6w@!>J}n~aFLIYrzlaZ0+I7AN?Q2#6AXWZb!%qF&^fa*#97_~kSbrL0H}18 zfbp6QR&?N;`r@}T;H)tL>y3J%tk~>kW22378x>6%k4ig>%ewh2{^WNe{7xuW zarj-_fpwZjNgg+GsR^qC;YJ(LtkYDsjR&gaQ)7n%V~;JODT8OzZJjdhYmKKg9G#F_wSYe_Nn({-JyOrWsK$kI- zo&;M4q`M%iLTV4fRdxMnfyk|{5G_F7ccQCVtRlsp0(~{;d_1<}aPgQlh8D|YPvG7Q z;eWRNzs3HmIdG!OM#?TV`Z@XW&|27A^JDbn;-%~v88WD^}X;GEd%LdIU<*utH z4Y&5B{nPN`r3fkOT@Hc^s{F|VvzU3p5)5W2NlYYBZmZcmU0K8f7;e>7T2yLHkA!dy zDNSP~JhnBf<_U^n&;^pwe{z;*%8`DNv4lqR7ayyhym}wI#VuWgqR@pdk&nbs8GG>I zMJ}*XQ)_QEwC-Irmqs^9;{{7n4)N_@Z(G+>&37SXsav&pe{!S-*Xh}1w2n8T51k3h z&c{Losk+_n1Lpd_Xd2UW@>QptC3u2k)w7%QTSgH8Gzs?3FpGTjJ4VuyfoZThL)uli zGbT(G8$?mpHpXOZnX+PHY9KslQdR-vp;K2Mh~d-Te6ZLjK zoxcbG1Rl{e|FZado@EKnFqI^+lF={vOD?1?{=&Q^=>%;FMdCA>4xw*<0?f#lA?)t# zZ0!U9V_}%?k(%R3;&*8>KVeKStD6;r5*3#$$!D&yF1!#Jag;9}Dr4QIfaSw3yueu| z=ZBQPa4+<%5II#Z^mZ7=KigMU5@bY9k2#L%7fm{)t@{=+_BOxG7|Oj7YJ(w8Pmj!| zh}p@o+eAN~ogKIMs;zK4>{;6K1bz8u`PbLBPoAGY_ql`pfA5&E+wK3s)?j<5X8-s1 zcDA1F|EG8!$^IuV1?EeZc{EW zx=BXUqx*KeYdUtLvrT$vQ_sDJ_0kQ?fWBZ-D{|3tZv|4rreXH&%%6cy9??cEJ`aB*D7 zJwwNEMcYohj-t?;yVZUc?#+anZ5vq9ZG`3CFx=b>7Z#IbQo>vA1{W_BUbU^(sBeq< zwXFvn`m11mLs%_N_(YUFb)nlG{}HD@e!KqjyVJ8zZ;m%A-}HiJH|NQZ->x5@y!)Tu zKD|FVsur>SZI{F`SEb&aoK*{G8?CGO{Kuv-<_74;F6mH87f4rz>Wt8tdo4jKMCu5F zPFsUDgtYL7A0g!?ZExZJ1rqcGc=#wR|(Orw*4Z(G?do>t5W-0qH)ojG$$Wb#coWw2jWas zG1JjPNcZ5BVp-KM>qkv3)beG`QpXSaw-V`NBa)_69xPPe5zFQphvHH7b~RRRxdN}1 zU#7{sAf~?Th`b-y9wlHjWzacA!lNloCtet(R)*PJFHYEl3pOmykX@(IibB#5zP&nl zeRB5cr#DBhKfT@m<@HUo;04ZAxqrR>?bc#O)ae%Y8*O@}%WtRe-k%)2{_)%OF->Dj z+8X8_bmcrl7=u1#2Aw99a1BC`YGVOOEz&5az|r!) zygwxh3Eh8Jrq6VL1AqIQospjiO^g+!0VqVj z?$Bo;uc2K7Uc76EyI!SUei_t@i!a7EX<)oDy9Vd`OR?Up*ivgL=2xlFYA01Wu+;#m zuL+ld@CE^l8xO-j3*k=Y0J}uKd^z|h)liFNR1rn116LB&17WkF^KGEjh1crP9qd0Q z_KINsRv>Fs(FF2Nu0U;4?$>6EpU}kUJ)3TGB33qv%hMomXG^tfl-z9wYrQ~i-(y)1 zceRBpn@+0(?sklPG-bN0ud_R}0z%xbmpzgIRRjEa6X`GYtg`=Oc>TW7U(4hF2isfq z_^++Ko#*|Zr+8XCWpfxwyQH2UZ}ig>hkrGKR+nvsRO4d*GlRbxgL>ist4BxbpB`S- zfcP<@t6I?Tm4d5UAbE@!q$Sh#XNOjOol&hESmnRGPh?dQzhv#%CyKBdw1-69H^OQ` za}SBIsvCb_|Bj>QXYsSL{r7+yp_bWyTbp(JufM(5f42Xg;&~kVuNMAOoMV4PZSe@< zKTA{xEQtOw$GYwx{Ij^*M~MAd+;}zg2ZAN5Gq-G5*0(EbJA8KP?iEASQg`JDB2)K1 z@k7m;%c6(w5d70>SFRNMQ{7s9$QGi3VM*YRU+C^(KUr~j?O{Pbt&@89&Ek5!6}F0( z+3|lV;Z@kZj61i;Qdj2DmAT1eaj27bF1r%xWKXuX6mxQuGsz;B4B_m+gltH{Cn%3y zhl{ETUpU--*w3qt4}4a!|E%z{cf{S@5L{yaZEkIE*6hE{t)0DR`|l~9n)t0Aac+iz z*N#9hFbB(9eZz=xWI8ysSC_Bu0Qm}HcFFPUKSA6sI3d1J?z$~Rcg#o2J-dbCB&5BP zZ}k|nyM%3Kgp*leTYM7H6cs8z=)xa^hW7oPjkMW1EU&B7>LWhWg4>$3dN6*0Zqr2e z(SO=Bj*A7+)+Nyelk?~i_K&CR|07N+EL8Uul3SwfR|srQsF0ZI+XYvTW?tDC@BvuK z8d!#wXLI1LPecEQQ%q)bk}{5u)yES3-{0BVso(#-yZ3zl>q(w9I3`jeH@6g;d56za zOktGMB&O*EG7?>o35wztaFJ(P?tqwLlE5TkBO{_|I{5)OCPdOp)L{(Xdy>Y%8l*Te zce<`;`V=h2CVJujZG`YHP3FK-T~mPs8FENyieV5Qo_;!&jHABEcs64x{CaQ-G36o% zCsg+IzXtpu9Q~X3^uO-KbkbA*xS!%O?UfCUNOX~BCS)S`J`|s`;QMeyE`skvIa7Z# zPA9?l{~N5quY^;U3wU$*S_DdC|BjIiLK-9Knc|%N9)y=7Vlnpq3M=0Y{y%xWfB4Jm za27vaA4|@EZf@;u*7?7``F#J&lRRt9v=za=yAu$iDd7@EL|_aoEna_cSEznmZ@F3D z-8||F*=y=Wk#^&-l6HgKA?ZeOWh+a8z`u$UJ?^ILFbLkHLXspA@S#4iTY=Rh6+Ouj zdy{E5Qv$E&Bww%I)P}Z~%*D?Q*vzHDB=xSDrd)3;z7UX_{YO1WvwVl#-V|NKLkRou z;kd|B0Piy7L^9qw4C7|`Ne!4SzEQvL{oq8WaYzJn7FJx`Q(u^X{y8@P%6T1qizJ%5 zgem2q%@w=Fy}4l!yf=vtQlM&1(g;l@)sLnttxBlW*GRjY*~8dX6%R&x^LHBC{#sF{T(h zBHOqf9!;9MZ4C|Ks6kQQlJM?#XXElN^#&9d`3TLjT>;CIULF4Rh3Gcrgg%m@LBUw5 zN{pmduyF384$oIWt^F^dFXrDo428xA^NwVyDQ7>1?B4Zxx13+e93SX z$FN*_A(19VT)5N<+Bt^v=2^w_jUYJlui#H(CwG+Rqj@?mMII@H-dM4%C7lnqW)ErQ z&|7P4fVCyUAXsapp*XAXg*3@klxJo*&=pn#)~f(0kqZZEU36LAv*}bQFVZB~#6JoE z?>^Nv_3Om?kHIw@yAI$Q4$G`ca1F1&kXe=>TnE?CRS($zyVYO1zpTB$&ousH_;;_Tf0QJuAlls8 zdvy-i7E$KHZ<5@KD3|eOHAJdQ!BS>5l=k2$+1$To)Duzw*|p8W0v1^dIz04Bo<{{G=9l2 zl3Il8l?{C&O4l-C*-%E6pv+o?p*zWQJhy~fy$GW^5f!7QVh^Z+X}uYdOmiw5m-4k!su0Qs&xj+bQ@n@}>UD|iAI_D*UotID-=}px5I-T0+{Nwy;ggP0W$pfNu zC20~dv*o1&kPJ8)4Q}~KScPtQ?A(f~bN!>RD^v&PI%cZ|MP&t9m3o~Ttirxnp;;i(D?e12gEJTd zQ6yfTSs|%1%)ArT=QcA(#4?J)WE0Y9&WcDWvXyhIr{@ZTLk-nVX7!w&OEP0mM=!wcp8}*kMz;vY;<(;d1hG6v zw-A%$E90^VCb4q52tct}U#t)Bl4V&3*79Bv?xUK%x~Vno2Rxb9b#@rT1@#0!zEU;X zztNr-%A}jqDrjEGbXQ)UulfGNN83atuFtn-%5-B!xO2`cRuiF ze#h30QO7=eIpDm6ceO-i*Kq!_|FT~J<$iN%0BoPiX5`wUi7Xp3lCoyX)mmI(D%a__ z6pb4tay*=}dPhcUS<ZAS#F;`2LJ$Lp@81*%Tidrf727-xaG}U*P=O@b5ni14nv| z$L!X9rb!$T9&107M9LNYK7=4RMJ$)($^d~!Sd=Rp+t4$I#u3#X@KmFvSaGs5poBvB ewO3xBpXcZKd49g`^M3&V0RR6}LZXQPfB*p7I_Y2l literal 0 HcmV?d00001 diff --git a/released/assets/rancher-pushprox/rancher-pushprox-0.1.300.tgz b/released/assets/rancher-pushprox/rancher-pushprox-0.1.300.tgz new file mode 100755 index 0000000000000000000000000000000000000000..05c25b59ebbf103d2c6a572e02d5b6504ef7163d GIT binary patch literal 6318 zcmV;f7*XdRiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBxbK5rdX#eJ?I9F~rai*fA*l`j~yLWu;w9TxWcx<nsN52cQ7Sf zhI2AYzS`8&@AvzAySw`Te!pM;zrVNh;;X@Kf44t){(LZa`Bi_gyZiFRSJ2-W1WTS= zNW#DBe|BH>!TpCkBu$wllCo3`1AvG~lCVh_5h)W4DeFyX9Ai3!j^sIZT8l6-goLK~ zC-1AJEA=@-F6o$JJOul;y=USV=RndJ2pkfevGf#mDOW-Pnovxo2!jP+$$5rDAX%2sNKZg;>4UY??*|Vs{|)}X zBuS29qXJ+B|L^r*?AH1J<<9OS|3AdD1&25$c_P6~Jd7D{&}tZL!P%4wpaKZ|w*T`{ zcg*;VNQp6wX@aW2Aw~(|2$zIYGD=W@WH3U=h!7Y9O(lal%Q;A#WeJfe!XPNSr!z7^ zh*&BKO=&uT5tCERbtSW@UxuyViU^osikxT|IGgFOW0oZBN>x8((FJk^T(AXGDKjzb z^(ItK^HCVFSuf*khH{Fz=tgWd%Tp@nJ;%PiQNl(&L=uni<=)=j?qKir>%sHaub=m$ zXiNwpJALx%MYQ*FjIRd0vahY9LHB6zLJjO4lQ;xAhFmCk2t*0XV>Oyf8YBN!!<({L zA!L|N{>JU z^z7(WjZ;i8l8hTFVu>Of1-|Ny@tCHQWUl7yfTd$P$<5awm?UgO5~~+wg6b~-qlzru zp5TNE$>&4pbOOyLiil?!OBFWs{7?ZSR3u>48O9c6YCzjTQF;iS;_sp@jR21;)Cgy& z@Ndb+4S$3nB2F@l1N;4$aXEzNFLz%1Lqj-4en}(z*+64jv7m{f?SiAc#sJeeV>Fe4 zs5CKz002|P^zjgsoe%_e7KV*40N%i^rZk#XRjcD~HMJQNviwpEn+2e&58?IB-fP|B z+cD&+K&iNj3R63_lEsqJFDFM@xRoNsj$)|A!?4$L;;wsrT};I7ZC4i#udkIJ&jg9^ z_BIrkQ5Yq;kjTS?MI;$sUz>6Yu-jV=)Ttrs5yFhc+5%GIz^73qFAZ%NV*_JgxfC=; zTTJ%=S5xHZ0j@Yud<#rYkzY}Pkf356Dk062L}5o2`-LZ(DlL9Ae=t1>-&Q24!qu4Z zE5c(SscQYtTy;>=z*Nn{+hbLI@cd=i5BuT3G;6DCo;KpiL1^2s$oHv8%Mpc*03a85 zq|m2&7{Zt&!ca(s5%shgxuDs|(!nJq@YC7Z@o4~7z-#v0f;hA#M`9Sw)x=8%Gjf4Iayez3{tII(4vMMJ-Q)r-`|q394mie`N=g!O zw_(RrC}hFu=@AHwa!%zOqA5lfrYD-}w|II%mAy^J^J@EtlxvYZR|D4sW~e+xH8+IM z;q2%Xl<%O?b%9!s*)cg1h)Al~Ys~UA*6phDhm>2oSN;4z6V#rCrXr=I1t^Y{+9qje zK20N`ZN}+W&QWAcs}2p7Kq+ZD5k;4(lcLWHoL7EFH7o)%Xx&5&>7Wp!|fX} zgzH;V=zV6ClvZv^fhiVqCIhn~!%d3khNJ;hw4QDee7!e>55KEEw9#eQhGWKrlIHWm zS1ARe=|h*3WHN+H?KpL9xk33|*%>5_hw!0OtK88YMl72vY>2nZd!A9wm8R?_bi@gt zcSpIHkF;N9K^TNPgK!W8THdTsGjhsVKABo|Q&TloTlf}|Gd@()g|2zkf7K5F)|x(B ztYrfA#Hbg_I3l0~TH?gI?{IE@4&7)LOriVSHiPKzr;GEP%DhR!#l*SS{%n8uC2gDvTp$uRprksaV$rHtPc|b0sL^fl z{rx3!u6!<2%oJQzsseja>BKBWhwof1zjWIm>X7Son@}lXmL8E2CYC1b8uw7I*7&`^ z?XACr;4kJB%Mds4XU?Q9>Xx5|P~v+Xh@3}RQpeXHVfZ~fwa!%xoinRBoWCUisq#<@ zfJz4$7_V90MF(yvr}(Y7)0&X*v{6r#6`S2`Z@0;-MnzM`lTDq)W!?O_nfL11RfKOu z_>Bm~WiXf+iMfL0V?q*{o?KoUKCXJ!R zGT9Tj_d@u?*?&vy|C$3Yx_m^U`)mxZvj6+L{i^-{e6Y9If3*J};%V27V0251(zL5A zpn0a;SJ$NB)*iJj8(zH9hTP>KxS(k~gac!QpRfdj8A=ipNrnM{*&bh8*aH~8)m2)Q zYfYnsa04k#VA4^J|d&}jbT_v%WHdLO&ROv1)-?p<`4MmI_01xu0+@$Fxit?PnzDN>fYRjXf4j?~~fJ-dwB z@kaEaGeOz;y%0vKZnygxbN&Bl8q;+0MW>u4c!FcqvzzoKqX+<+1bb(gMLzliBWcON zG+3P>?KIpO6Q+s{ld0<+V?4G@Surs+5I$>C)&b;mr>;H_!>7H=f$}TeppIF5YMJy{ zfB*L%m&h<0>Ww;jNfVs-n@&?Eo$cf zA9mph&N4Yar2L6{p=X82sd}NeLoxozzOs@aBXWAoaZEpH(kZRpcZjhU{9wjV?u}6! z40C#VWH!ajPL|y!{ORoMxW#L2h1+4z(v~Oa%RkG%zO;Sv`24lc9qj*m#{@37{|7re zgXcB-zyI>ZWBl)fJR7qANtTJy{44gNH>rqQTyt-QcO!r ze==2UK~b^K-`(9i02eHX+_R<(>$Qb*=ujOUK~U{y;Rax+WkUl=x{a_5K!DrZ;lg5) zOiFmmkb~ld!mBn28})5bzqWO=Lx0iDZwRZ!37?3vr!I86<3Ho{`>&t=^#1hhXH&LBLJ_IMR61=9))3Od3w{`$k1Pd#F0h-pkIOK-pzW$@y>9tt_*fk- zSE4H}Xx6>dW$q2$s`V4UV;z6jRfhccy-UJ-JWqSZ#Sp#fCZ^?P8@Sig74HpV&5SRg zNzAA3dnlux5Q(izhM7J+Q>}M_^A**)7ua4kB5QQojYwA&tF*9S+_hJjUiw^W z1ej$}kM;GI_z#@ThTcnnF~uadOFoVF${QPkkVNJpG>&znC&k6}Zidh%(QK%EvjrzD zn$0ZRtI=Dmq2Hiee>`BR#81*6lJ@!Eu~a$26@62D)C&SI==b||BHNG`tcRt2)t?oO zi{_*``KT&(W6C`cXR3;sjut|?2d5Nkw|-eaG;g7jFKd?8!=S&ENH>j0no@bNP#bBcsVQ<_e^SY53Qv$QPNNltq#=BLeemYw?Bfq_kKTNIxBv5-+h#!>W%Kp*Ki>Sdw3rcfy2brQn_lVi z+v)pXP7dCD|Mk-`O=C;i8s;8!MQL*mcJ82*79cl-<3CGyp4&OfMzS}dcAC|V!5lBhlt zHhVs!4Ya!OS|7TD{Y_%8I5E-+WQ{7CK;Fp}s7=cK+HCO?ni#!j(``<~+D37CJS|SFIgF;gMbE`Hs^fvfzZ&7ItF}U_5wicD z!C#F*J#c{4#*zA$hgUTq-b8d&3mU#qa8(N=n}|VLF>QZ!Xw{b))!Kno{>%GBRu%C} z*3^8U2&+MRNYs5JtQIu)IT2QMyX+xuv3h*&`>bvMea4MotL(qsm-YDn{)_(L(f)gg zXEXL+E&Qjr$6$lnVgunnD^v$8i2gALyzU?Tv$)$0#QrR9yc+rg!HR{GC3}hOJBb^P zBC-UqGKQ$7+(SnY84y;+4>gOe0Q3&QKdr{=TCqRXt<}%jLNqX}2>kI2-979lE6&P& zUeHhL1m1nKxL$9Kt>RVA!he*6ER1W$o$qC-EA!~eT$i&r)X6&rUWs(F2WeZ1IpNHi zWD!e-aCTrqHYDK_l*g{aMO8(sm|A<-|IMq7>)3x*F4;Q*?`{aLu>YR#?AGJIpYQBF z#(zJ^Q5hH(AeS zEQMbWP9dgT1mT3rp8nT>AB3ZS@t*$Iy_imV>L2%0T&BIUp%IBL^2|gt1kXZol?Bhj z5xEGSg>t6;W}HrfXa5sy!LNi6zl3{SkzhB4RQ2{u5Td z8~lIrX8-W#H{mSaTpugWe?H%N`Ml2m{hi1AUmoPyY9=NL_T8P35KRe}Fd_nDU}^FC zgS$fa_opqH72M6Uu8>VrAd18)hn2)Ca^qGwX1ph%h2N9N4E@v0AZwY~*iN3}i0a1xfmn&&8^_`GPF zDl(fA9%G8JBeLz~@MzN1ZEI)pY&O_hJ-@Faq4AH*@-(6X6FQ`|) z&)teq?&AA=h>b{)VC9F}>r;0E4&BC{+(xCw5cs~)ibcdNg2f%Aft z&f#Xwq$xL+FEop)Haz#ywc_WCDS6Oti&Qc`m;^G!xVe_P42_=Ki#)%x#|{5J{Lbs? z?f#7E$KHcakhcl*@Ru9-`V;+|G47N{tF2n@|%bd`oRSN7YtrZvJwjh{h%<`K~@1ax2 z#G(vY#!neWQj2iCvY`(v=~_lC8_K8>lv#@~bSHU^=az7*7hzN;W|}tv4f* zX-;M1Qr;Jfhdy>}q!Lh#Qy(eq0A-d9{Omd|ZA>MpPCiPgXrw{t+O#Z@n<<_A$#kpv zFi#{^{9T%0Hcf(1$V^#WNfIJ_HLMdmDXK_lB(+Pa-Nzd^f4#H!x;_rO4ywlD?p!wW z<0Msa8L!R5p>TQL%;D2=5we%f2SR9zKWokG)4s9PIWGz9yo9<)Z==T7>C{H&pR`va z)aeFI9vGb~OOuG1EiWB}WWdpAaLZ4^Ds;nR=T=mm>mP+(p*lF%F}q z6_Uq5VPUtFdFOO7I$p>L$|XVB%DL5pZH2+1hH59XdW6m;8L|hL7hv}<0n(muTLfcq zlI{zFSRQd(h)ME=aaqK9SUFw9hS;n>)`xe=(yRk(d9R4XQB7ap)|&RimrUzAJCNam zdV(iksT%FyXwM5W(#>fVG_T~XD6i4ieE;Eh+e9U<&$njEbaO_ydzwiLmg?$7)g~$R zWW_LdKJaLM$JUKe$F95_fL_AGTB5oeIDgfD)vthZzqvF3wohd<4sFpymJJz6Su^Eo zEv_+@PwBW6joT%1Je;z6M@DN|i&p2LDu^I>c1E+Io+ZU>iVqD_G&$`%#cDSfIKMIc z`**{@kzV65yLDGIi6g>e?PromxuVZP2!d0@a!IZX5ZJ(?T-n&Ro;fs*sP=%T8ZE_& klbr!26v8jP^7{BZK9A4i^JSm^4FCZD|2ZxiB>;i|0D_88tN;K2 literal 0 HcmV?d00001 diff --git a/released/assets/rancher-sachet/rancher-sachet-1.0.100.tgz b/released/assets/rancher-sachet/rancher-sachet-1.0.100.tgz new file mode 100755 index 0000000000000000000000000000000000000000..0bb35071cd6b3588bdbb340d8bf7b32f6166a4de GIT binary patch literal 3512 zcmV;p4M*}HiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI{}bK5wQ&oe(oFLPU&*^{6 zku3>h5WoPSY^~$_>{kFtiKHY;iM>u{MtF!NpaC?1?jO1vtti5?DXK`5Y>K9LHYLi$ zb5gJ;4_A^TNsbQ>-QOfhx_^_S!{kZ-FgZ;6gF(N4@+7fePM$#WfIMt0r8Y!8N$x#Y zcX7XyLO2(O7%I3<1AvSe!o(!bh%pRfDtZ|zL&p^J6e?L+OE#r>jy#3Xs1n1qBtoaa zC@-(qwkl*uG)9~hxR|OE%YaDwGb&95PhmC)h?I-3Nj!)Tf*f_Gs5GwX6#ffY0hyI$ z7z+g#ZWI_1jX4MoW{OZsZ4{CMrp8E}_IeX)rsXKkMA0iyYcjzRRe7)CU@co_E-?in zC8L?!!(djk)sK_7pCrN8KHqJnqyIC)O4JVw09*8baCmsw)&GP3V6Xp=QJ%tU9Fvk6 z@JH|T#S23mJcXa8R0GvO;P0pJevHOK6~q|KVN4lXg4dWaq7Y_8Q8Hqv!3Y>3NTRK> zQEmjxMXA7GAsI2K;~19u&CJifD@{Xnx_z2G_mTZCCTvp43(le zx_YOTjT+B)7>rBCI!$2^WP*?B?tT5qe7lxx*O>9 zMof%)1Bia8dVDYBuVO;bHP6dVN$SnPF?wf5~Zx@0*z`$Gq+ri)n}}1TT;q4Oi4mfl;ehmDE+NyaZilQ#<`T%IRe}!WiC;t#(2#;EM3pN*dit?pJFZ zb7R4nxT1XGMrV{;5|aN~YS&)a2{>j}fYkh@Tff3WxYZ+MrDAg!DdP5KY*4|oRo#T_N*_EVP=H#f@lOoRZFIoRx%z_ zPR-mke{GEZXO_e;)K&Ahi3k=D!p!jkd>pco6Y^T_vX(~HtPS! zDKd#l$41`Q71*NxhlArmNB@rx_x}Iml$)E#8ZDF~gx&!ESlKWiRb_&Q5Z&GemXMAi z{@Hto-h{9H_qC?`qMKBdn=yoc)xGeG2C#-!_j7P_(|Zy8LU}H(bd67NMHvH<=L@*_ObX$-xTqMg)k50wto0JU`K=@@ z>~76kHgsk4v<_5bF++7G3TfTA@ZbA!|1e5Ih|h>5Bg&|usN=ttBdkI$@ekBgAKf@3 zG$gjxq~d7ZyH=#fvBfkx$~%cR9`UI)H{Cr`g@~5UVC8EH@8;#`@0_A!hDJ-G93>NT zZyZw&nJ7k-V_w*YX4xJo(72+=gsOZmikCC}sF?YJcb*1WI^Uim}5jv9{wBj-ou-rcgySKMye*E(ph7Vf$c zg?h_2w(qjtRxhg0|KeCrU+sRLOCA@S;0I|*=VC4G+Pk=mn(VDYc=T5tc1H8_?lk5a zEnn66Gf@BjKr0ihkB656lv!=@@_^lMC3nQze6oiur=Fw>G z2ddBM!UsauYI^MoZ`<(hBBQk&_(1uZJ@UF0ujku294<1}-$^ zSfH(=15g_;hNuY|@9P&tLN4qjFAU%{)h31opwO|a{*DQ8SxN|J{Sd-4Cur}84B@+V zm{HkaF+5*wU*6gA^XDE}8V`m2;F9t@g~bd(frjM7khJ-vuo0~mGvD4;^lM2QOn6F< zqibo|;)3`DobnvGfkWS`^AZaX*0L5okiw_P^|dGGg37fWQmtk2^x*k#zeU`D5q~EIYpwLSrfdNE zT{A4+GHSxc4F*3KV7~-5tzTF@W-^))-@8VU=G&*AqBdbYz!t=0(;qj_x@y(008Ong z)qstCT8nG#N6;Fp+StDV*}h*=chK|Box5udiy`Y>w59Vn));YZBCf@>l!b!I^gy;U1>ICvSz|zBe7$p%QEYu-BSu>8e7%euBkDy z)zH}8VKeKZS)>w1WP+ve)7h}m#^?+=YCTk9gzfq4JU{sCn$}3fOjGDZJ=?Y0=BDp3 zsF39J3+J$X=etZY6Ra%ooz;+)Z7Xc;&<}|wtMh+4!}`tjCVJ$DYf!8x(lQ67b#BeX zmK8}|_Sr0>E1I)B_=-1G%R=fReR(3aFm!%S`cOu6Wl9Q8@Ka3~2 z(f^ZLK2#d;w)kH^S;_x7PWJxaqm-uq=R-ohS$~9v)NbH#X-|0&`x0+3l3L!=!;^~6 zD8mWnDU1ozR?`V%;%ZnoywMq9#Qy}KrkDzC&e2>6b=j_bJ3MPw4Bx(9RxA@veb}jF zn8LGnr8XZLiKow;NBN_5GFo(w=9JG}dnqMDmlVZZYN}p8-2pRsJjeb$D@=c{;LtmVp5u^Q1l-TNaM@z{o{0f8+;H9?{NV? zp@XRih@?%-wN?I(s~!`)uj8_KmK3|LrRhmEhRG|Eo%%nb zJg0neUl`b?|Hp%_{+}Eq`~2@mDPN%f|KX+LTZaL`@B@x5b2SXyvBChL0dSwU9$k)p z#mrQgWRS$hiE8D=tDBV_o>xCD4)0(Rp!pNzHT>0$8y+zA+86sBasc))`sXek z{Ew%|3OeCJ;ls_bHU4wZ#s9;>ak9t%$0$!>NQ^<{fA{83-sk>~O3JLC2a;r$WP*C} z|AFXII#2~YMaE#l#K`ATQ9gMI3K=nUhVF^HQBQatJOz#upG^FnR5+&BnEOZTzdVoO zJ!f+e-1W39fkgMSJ&c3+^~J{vBNPTtq565q&u15qQ>BA=LQT*8>)8+D(LYqr{aaT| zCq4U5{Z-F+Z#mG2WS6CM3D7!t5$h`%yog8SGI$Z2!hRNtPJ$Qz7d(ZZiK3#^@b>i^ z9mG-z>-YsR&5`sxxe~ty@l0nT$KLM&S3COeHeq1}+66sA{I@?iUWxx6?DPL0r99OC mN@I}WM3KUY%Dc zVQyr3R8em|NM&qo0PH(|Z`(Ms{ac@6p4$c5pqA}4Keh(m1G0(H&1;kToNV{Hi$y?7 zW0?&_swCyao8~_IfutnMvize-klQ_kev$MV1c?Ru=V_|tql_v68 z``)ywllz-A!nx2yQ^8f&0| zybe%mI-(eMA?vM&<0M9vkN~?tm8PPprb=U64=j-(QP?zt3cR@%dnBQsP%0{T7bYE# zBuVkJ<8Qb9wilubBu%vKJAkh#4KBf`f`r7hYKiInlNT%1gSDzdW=9AYf|16 z93jM5_#VLdm@1$OxX_SD5vGA1^ED;R&fkXtj!=RYFxEOz-B#=B>dOCO>1C{&xxq+C z2vHNtl<(Ega56uicE`Kh`d96LLRgCGVI9C4`|s@R?^o@Acf0*$|BulUDJC>T*#)PD zULd%}YuzV$+=WKN<08Z}WEf~6yKr;sB_cfFnjVZslv6$ZK!(U>0KflH1vp0;F9I2@ z{y0G?X^582C}nJ+(~FoG5|();&ComnILB~=Ba$*bz=$d>r*;59nD;7?$^ez+8Gyzl z!hXtFUoaX>yKp=@6}m4`A=l;iXBbG-$}$N+WH5F#NgVF&bYa^u@aAp%I{%R*!QKu- z_cJ4ZT9umT#A|R#OoXCZ7?v~hYt8w9=FGQv0GdRF*8+GBDk1z#3rQk8pC$;_Vj&^Ue`V+DK^0RM9K2;Qm!6%W#IGqTo&5p`lC%q*wsFmg z@k2@@*PjGSV?1Pp#$B+0$jOiyw?86Gp%a`V*M;48)GK}-GNRO}^>cO&Nf4k?C&FmK z07>|(q#92MpLzgpf{v4zTwfTOnN{93R_FamlS|6Y+pj6gXW$WoFENTi9y9*SUp8Mcg~8HhYI zk4r_foau~ZC$@ZBG5c!ak(&?`9gKU|iA1IHXg+^;iPJ6&Q4@cDS}<0vt<_`b10e>0(C-|Ct4bitwKJxxjAhp z_*^zlb_=p8iD46UTcNTR=^d7N-2yk^3TZUf-O@BD*Rx4DqeLFyY}Svb*ei5zPQ^A5 zbR`CECp zq7_=_Jt0h)iK>KA4UN~06)4JbGLFhRVvC?=XPIoguhevEkq9QD>H9h9lzLYy#wu-C z=a28A4hyz2QwalEf||*HiLR{DmJRgfJ2YkkovG8BJLt{EnzKfCmS|6H_r@9o#b()Q zw^!)Y{o?->`QI3s$?or+{;fU#+u!R{^1r>kr}O{EX=R7xj@2%*c=$qQ2Wt%*_*R06 zEc(le0JR5l#jr$Du1C=LLA4rpLV!$R@uM;0$5=r1*)tif*SkA8ucCozH;+2_Dk zx4eZ6H9veeuru^UzTk>trv_1x7?h4G;Tvd~@&NYU*hdM4}N$ zL1UCMHl39UfFz0K-1mM(huy+!L&MBM!4LzIDg-5Bg!e`G>*hP6$U+4~A}|_LjUi|O zdQ26(98Rq)j!w@EEaefX1cO(;cRYfutm2Raf@?y#a$<9RRKpcz42B4)GJGl^midg^ zrJ~KxcWbq&diYzwECtv|g z-h11qI(Jvwa;ZtdmkVM+i_auxYe2t&Nq4x0A1k4+omRG>re$s#|m9VGAjwQYpzeed&1M3*>itUCqBksp5i@WG zR*wH4zw`#5FMc{W>s|B@&VR1MZru0GKuaZmxV11b6g@5gALpd_79X($(8LUK7=A6tOO|K}W8DCo< z+nXU+byT}J<{k^^7OzxVE3Md)t*!17gr8l1C@)_9ZHdy_2ByQ^gm8D@9ED~w3Fg)% zhsQY4(X&kOK9|zF;Isy;d@HehkwRz@2-b!3!+u`7 zBr-x>zP(sI23aMgX0z!%&+o?5IAItg*UBCx|7LGp!a@JohjRfcO$@uBu1Jzl9)U=; zh0C-Dh9tN|9=?Vvdx{Js*ElPUFvI6pcan9==`MfXX*a1Lcu0kKkkxja`NgHyQboG7 zs%r;)-*SJa__GZ?5X=$zi=O~4Uhpkes<~uFO_NW0^SR=W-hyovy;Un*iZ_x;Fpqb) zU57X8t>WE$Sr`0&b^rIr$YN@5%skj0vo8MMeY0Er{$uB9|9_nJ9Qs6?9Ylc^;1(XP z#>ioqQWhF-osi&?M5ui4x%L)z(o&(3o zeM$8)kvO8)7{V3RWB8v}K78bC3WD2_h9#3O1EU;$&p$f5Fj+f#&*4zSvEcCO@C-sK zmFGuPx9nfXzUL4Blr8%=?-)ld^C$nQCcHI6WOk!8fe~e>ye(f{CEk`lB$wWnuVeEp zB#peSe|gX06OmM;3XYF@$}@)b1q1E*G(^&J;8J|?{D}%gh^@cF*8x@gAM_56PI`VE zJ|K;?`G2RH|G(LL%KsmyrW?kjyn=T#ack&OgMQU8xueS^6x~hhG%hx&1!>!RH?@SACrM3PKU2CiHc* zw15yb%9wJ@372^>v$jIun6WSwX_*iELiv9OU-8tQ+Ee@QYX1%Z0RR7H&sPNiLI41; C3twsg literal 0 HcmV?d00001 diff --git a/released/assets/rancher-tracing/rancher-tracing-1.20.002.tgz b/released/assets/rancher-tracing/rancher-tracing-1.20.002.tgz new file mode 100755 index 0000000000000000000000000000000000000000..dbf8472965fe416daa8dca5c2776d003aa36191e GIT binary patch literal 3273 zcmV;)3^wy0iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH(|Z`(Ms{ac@6p4$c5pqA}4Keh(m1G0(H&1;kToNV{Hi$y?7 zW0?&_swCyao8~_IfutnMvize-ki9*GeQPUh#+-uCXc{#E;*5SF5PSO>7i{yV#!cGdoOc6Xob|1nx3#e{|^yWrH& z3k27At@}ieyU=KOT!eUr37jAC7M1%)i(}U57a;m2v$Pn2K;P*eO0Ou&)7*VC=)D8d$^Ij!V8KAN}1JIa6 z*iRYj3r2%!7mi1#LiZ&qVku}yyjxGQA zRO&<+br>KCf0b0@3E@)@z)jF`5|ir-BQvwyyT<&yKWTDFxq16FMLF#Ysk`uYr_=Ei z$_WjuCY3iorzXzX8t>e+@UNX zQ8WXQhvspqXqGdbvFyZ_Z!2bBEgW$ZVxog_?>dpFR36Re?=ErLg&}I<&o8Ul-3l-O zk)R}Y!#d`rZWj{H@EQIk;Ss`%OPs!j7Zbvu`@i6Sas9$HYG7^qHZfx)*`*bGOt_UCR`zn#=2XY2IYD-31^hZ1DwtJ@f3T7 z?#-##27<1{z>OT1j-aGnt3v5zKnvltWvK$xEicDL)UtWr+Y48SY~YA1*1J|p^#XVZ zhh8DH&ZjT8xec{qt-~*wAmt%mzlIl7V_devO%}BYY%c%W+_a1}7>fQ1msP;zUA0c% zfjEns2UxU1>%1p~DKk-(Fsh;Py0HR9Sx&}LSx0OU)a)#ijrWzBPAw9_L^ORrC!JF7 zYQ|m{7 z1K&z8kwt%55uo-!t{9d`%Jm2uKd4sYP6&`GEPga*{1^+UK6@sk^?KI{;h{aK=OjiD zBl{fK>Xx^Vq2`D026l$N$QN8u?9?DC5`)rFC42)dQy#$H8~aG(vvf3~*U)G#^6L0I zlt?rJDQJvR#-_7U0gxoIocrFd=&)OOZD^QTC>UZuQiY&IjPSk)f8BgX6j`W%NCZY> zsxbsDK#!?{m&2)*#nI`Rfu%eGm0IJe?Z4UCd-DH}(aM!lk|e4% z>3Elvhg~=-*58X!laOfAEl$X9Zf0rIqJ?MaQK_JNb2G2dw%bA3cr%OSNRl|%JeI^M47vS2^_Ctx0b*$uOk_|7(rwE}-!Rfkb zZ9KKL)63}17xi6JG{k^N-`3WBDq56(!9aJRVXHEY0x*#xMm@&V9;K*2k_1cj|2m+= zRzez`o$bB1jjD5ZB`uel6nwcL7PRCrcusivQA^O z^5!fyx5ck6Gz=HnYOV-@j7pbQFk^I9%7fe6?&5n*BDlS6RH>HhkflLcNK^rt&nb{k zs;M#^0e-Dgt`-N25@01GcEb7T;OJd%aMA1k+&k$F4n8cVT8nBj8-3P4IK4PK|2Q~! z*Sk3X-0#&6&lp%v{pfhmJ3Rk5_Uccqofyte4*q#@J~%k+oz;$BR3=yO z^k=osifZNf|M5$2@cH7WgR|a6|KR-RI_$=M&kVFw@`u~ovPLexu_4RtEwt+0nFXoJ zkI@NoRH`q<5a(0&vDV2u)bpJHiM@T$s`k2it8p@=Hxfxm9~%8V?P_96;3p#Gx^hO5 zFOpH<3jNrCyL%Uzc2<2|KH;J!U+-xPfR#>m237di&Nh@I)7sJVMU%lwBxTOY+|l%k zQkwC#1+u*vf>lSgi(~GwfNt?hrM1$EE!o=Y?mqb0t%vgB)nAe*t!-dB+yw}C2hLGw zCX--pU2=Gg6Fohm?vBY_&WD!A|H&kHple|3?tktrod4|Z?>?RXJW9KxLc0{9Uk6sb ze7TrBENJ#arwT=ozi_K)aaXOvI7+jNM;WH&Pf8vEbg-`!t0|9$gh|Buot#_H@k%Q|aJH@|+osl_g2qU&xIiBC87Tk5g5~+Mf<^^QMdZ`Py!mEBMhv#!Cy$eojz{-~q%NHqx7J*=0 zI6v&?wM!x+)a6Ty)nkxVQffAv-t+u!JdG2EF>KgW(QHA z1-ONWt1)sIrj&)oTPGyABoQj#d+t7Q%KWtEh;_(UWXse=KpVYpYs35X?aNJc?U3Xx{#IoheTlrg4@U~i~CC74!JKT=RS@U z_H#<#ISGfv-W4E>i7S|j)ZRgmX5S|~gjjH@g@lkQE$J}T7(z?~DYBSI`JVTGu(fq6 zGAw H073u&&3kJ_ literal 0 HcmV?d00001 diff --git a/released/assets/rancher-tracing/rancher-tracing-1.20.100.tgz b/released/assets/rancher-tracing/rancher-tracing-1.20.100.tgz new file mode 100755 index 0000000000000000000000000000000000000000..4e03203f1d80a0f3af573aa532230003a69c52e7 GIT binary patch literal 3691 zcmV-x4wUg9iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH;Na@#nP`OT;3Q?j))u85Kxf6S=ru1aI8GQM#fo#e@0c5BN8 zku3>h5MTgMw#M;2`xO9^A}Q)4j@Pr3GJe<+*ywIFx*OeSP?GRqhO((82`HboPG&@E ze?cPl;?Y{W-EJQp9N7QucDwq&ecai9(K%=zv^)FzozC%#cIROKP5TA3ACHCgEm4}t z7wxa6Rh`_Qq!G@ACYlPax*kA4G+|=u2SjUzJ{7GQ4MXHzXlR*WqZUM{E-=cI+rraS zugv2BrKS^#VHeWgdN@uZR51y#3sh+;nrfjmM)klF84`s}GbqQKX|YFQ`T?b)f_Guw z@kku!UpxMO+i!azszB0M+rA!rN@#EmMin&tH^C`NxOBLHa-|7lRz{F0)1_w!gs~>& zO~DaDjD+t2T+XNhs(=d(u@qqv*fF0H!tDHg7~%vaXaO^=W7Tc7Zfe9bu%}Z z2niu-LYeZt`Wenk^XatP-ow_vYX5V>5>$`t0JhkF=kVaDYX1kv2haBZ6fKrwPD7Mk zaBAoUf@{3h1EObLXf!-7LL4E(KnvN0yL&GdVUKItn@lLDdT~z1$d&;A_-7U15@oas zWVHJI9HpcoS~`=2v6W75%EXwk)H7*@<`aN(45v6D3DZNIQl;g>4gd(VUL_J4pt3vz z(1=WNkT5n7j0TG?oJ}r-9!ONkb@BNK1BqH$CIN^HW{xI_!lQ#O>^lbD{Mf$DzQl2G zbimMkP03$Wr3N6!Bygx=756zAGvg5_gemkqCw%i*Vk{KZ!b~VN&Q?UF6cWQ`$yGF$ zF31DWWSToSfR~_R!be(2GR4b9j9?8L0>WX8(1YXskGDH&oO;U~T2w!*rZi0@Jh}>QonHgm`G{))uPUCCJ z&C^c_%EdrP-Gv_yIvr1;oYTPSS#fK0OXys&@!d^3&WPPg5+a z&e72iM-TMPPtmIWUt<(AqEWT3NNT{oj=yd%*y8^WkK5Jw@96mW=-K~2MZ3Fe?LoHE z(98pq>tu|Qqef*Sl28Py6$l<+tnG&hohH)SMvEv#r@R@9uxa*+7VNd|@4dUbrtyW8 zBQ#8Rwi`6y-da+jYw0|w#PBqclut*&48w#`K0TXqk$3lRF-UC8X2%#Jlm{#cD^!MS zkTt+}^Z{aNVzI{}I9P`*rDz5s56#E5qFK*$%CZw%wyl_bHFvd5h=>km{o7cgQdu;g zJ-fz57sjZGUtU(TyX9a2B1TE|FgX!K}Wwd6? z&Ou5jniT?dLMRh03`kcYn_Fp4I|@FNjg#GqYzku7Mcp>2tVQ~OW!|>HO}Ifio#}32 z8kFnhB%Dzq4{$l_r&H_=x>r)M9Ryv8fg2etoj^gmHigpbfL6k3%TfiXTU?HvsHOA# zYA;+NvV$Y8SnpOT)eGP;9D0S&HlM!U=62MItq#9nf|Q4N`x;(RjZx7GcUjaXuu}fD zyJ;C~Fckd_E-Q!0x@w)i1928t23WO1>%8ZLDKk+OGpeESy0HO8QBKBDSx0OU)a)$t zo%fZRPAy`=#B}jXNjinz&5E%}8@Bo5hp5Aftt?f-Ko+2u@?WDXo3v#Iefa{7*+FOO zwB`YNv$N)G(VaEgQ`^0>20^}AcG~R?I`wt&|Azc;hRmexU!DGKJ^wpC>QwW;qv!Mg zr)fopc8~9d&i8T64ivYC;a`~`WQm!Y^_={>a9)tjy!u(5P$&ays z>Sxbnv|j%Mk%6Ur3M$6nd*3^oKw4IDNCLq% zp?HD{+Pt#t7qh@^t6JbQ zmxROO51p9Y;GEY|?-w(;w36muRHK5;(ftxVTlcwQ|LgsKh%pn32>Dl+gSVak?H{%) z{{Q&R!SS>Ie~MPDl#)1Bt$D}0rabJzX}k|S~KV6$*Gtxjbz(F`TkwlGjcIC5w9%N*8ruM#x?#?={GsubYb(DuB* z$Tn6oGf9URZVbaGFhjwX?b%Qo7?hM7aE3(bTv1GKt`ntE0{96EY`vOeRuV_CR4b- zZ&axk>yU*(X-HH7Dd!Z(=hal1P5?huDObyXd6BP@5j)}h)H{9KA71qbKlk7DhrRRF zRBKgDmZL|5-o@4E^8K*)wtsc`anP?Fo-(kW`svxQe{%VL`0?sP@BG(#BrS)fWvp!{ zRKN5;ZbWpAi^jH7fDHM``}1>)_Ui9vgI~@ru719}99#|F4=-y;{CLpm)baSP|ITps zuJ^xJm&4vke^fhqRhe8#(_dCIE2@>@|DRv`!;e=#^+x@xLGSYCI_$=MFAcO%@`wBT zqDHPhu_4R-J+$iGnFXoJkI^}DRB9l_7|SX9OzZe9>T)MQY;Pa5s=cnFYMe~ri9{08 z$438^b~U#}?sp>Lx^hO5Es{~-3jN4{yL%U@c2<2|HsQSLUhiphfQ?Re36=ZT&OQ_) z)7sJHqRDV0k|O7%bTqx8lxBQwj_hcOVAE0Unlbe`s~nTSU*5r3QcxHqlIq2Y)B5GY z$%OaRh2TRWbl1e-Sbp@YLTQg_+Bqh>ZTEt}tm(z>Arq_~^E^-uoeCBTgay4@vq9J0 z(eSYu)JG;orm0Fi0j!J&+Tgnrg&1PxJRw5+PGa>2kHZSq7f3Uev zE{vgI_!H$J<hZ6;>6yFi|Jb_l6ZqSJbSb8n8Q%jJ z@S9q>gqZ-KnXg+a+}P%oh5MV9OZRN2$(HVY+EQW`I$6{dl?O0KIZgo*g)8gfm}t#A zW7H&Dfq@7|DJGZveoM=dom3FU#LYm`Ib}G-z6ywYxnOw#b|U21zIHKMs6ew+ihtev zt9hoJ38ul5Enb$6J0f!1g`>m6H;2XAE#+P4WMdL$($GZdp^09-!nF@6;u8{+F=bTK zY<+v@=Uy?=tw)o_#~Eaq%N2^Nyf@2CLU|$z&nZuC%Lpy9p1tp@k~n4=-=*_;SZHWKo!PCTl?W2|Y@8R*$bN%;8+5=O;)Lqx= zdnHm__24Tx;bZ&j{E&a;y@AzJwJMCGw0yN7CD*JOx&*4(7FS<~$X{x>yW2_JDg3`S z5ngZq=^4f&_<$|;zkhsqymJ5J;MxA4q-{#;YD_nK{cu-{U8zKEyH%WN9VwTJ+|cam zba&k~=+dd<9~0fV7lI0;vKg5NkY3i6I(I9)>X$NjUMlIi!|58Z;_F7mi_}7kK(H=c zo(!_Pi$qRQ7hg-NmO(d3$;9t3vv*@@lm=VMUM2aveVqz=gEJp4g^k4wH|mDOG38Sb ziMDX5_Q03~*T}=yaAR+g0Le7YN+V41`5Vt1YLwHx)%Bp=q=Miv72;7=+i~XSZ>tq< zq!w0n>wqs??k^O7x}gVxIU@h&Y1rzUd-+N=*UYFn(>nH`R4e+yTd}RYw`zrJ@lItN zl<^+6>+q(%RlK_|>x%!c?*IM_Sw!uP`A6Ghw#EO4Z>s0N2M5pl|I@UWFd*9OAPTeq zxA1T?Lk{DFve0rtC1EGy_awzqDXM~ za593BO6B=es$2H2W8d?~zsr{Wn{~{lE%PV)s^+}4L}YfOB!&rPsJuO2-NfFWKPK1S zp06YGSx7qd_WsX%2_J~0B2jR5+E<=2tlu!uo=-z0Ee9^eZ=OF_fe5knXDC`#?SI(s zoxbb)QTT{7w&wqxYX1M`@Hzi~nwEuhp4Wq+(}nc9@0chIL2w(nrEy>3*8$uwrj&jh zMcAKH@tu=!NbFr=$63CI zPy~rRXSB4mfDkpxh;qyb7kM$WwnE^Tvak?Ikq`So`F{pq@!X!Dc zVQyr3R8em|NM&qo0PH+}QyaOG`S<2ibeX+Ma+?|3K*-)4P?senN9_yYV6$7Vwq6B! zrfutxrCCX1;!F7MSNdho35v5THUQy|B?ntcs52EPgOBSiE&oY?%tS4 zoy^FDJ-L_G>-BnDo16CkUa!~uzu$Y=f70LVt@nCc{q=tDNw5F1*MIp0diOK^^{rHz z$S1vTo~y~+KS?8;3r#c?T%{2}Ml@k!lw?F}h6xqj45g++ig^lNS6abxstQJCF((sD zVR~Y<3HFW-TA>Y;DoBPYoRtHN)l6xew1Nti0;9bA-1=4`L!vNDyHMhY6!bTgiVB{> zv>%b8nE&i2y`&fAs4__l?H~fdOq4ksNin54N;u#e<&b0u&-RWEo<}q@z+1VS9Ytq2I~OunX%qwHLrIjDWu{As(S%U03FRp5TbvNe zQpgCy!G8wynJ@x!j2`=yaKBpiaHK>jGql(Oxg)B_<-p+S8lg*$8dWzl9LI&{IN*q; zHDUF7(PJy>s{JLc&HhgbD^cB_1GvHd_g=o-Y})_zt@V}te~32SLu2EN?H>!JQ|NRe zfI>)}!sg~i1VFjMtd#hckx>erzImS$O)@)B`4Oc;>8z1MK$J4Z&i~9L=EyZAOr2mR zQJeXKG3!)xFE)^>W8aRDqa+$r(6YoRvX*L3a4iL6DBlxKMvihiAtQ7sB^E+aE#z!& z7rPTGrI47%?Y7R&8yv~RVYRrlVR+h4)|0-myduXFWSD6oQ}}WbMI$B#gn75AnWw<{ zvNt#+CDX?^qDmWLI-T#*gtqN}jgx{A;~YMXkrgOaqKj`Z1vl;gjrC^y_iD5EYPJ6# zqJ8-iLykkr5jswDKjlt!KS{5<9f&V3A_GW=ko@MHgVX&GiM8tdd{`kV*F)(1tLk>{ zgaDbs`H#+m9_0C@=f@W4KUuqe|Id4^;miad(ovjEZW$WfwEtf<^S|}=&0cS{{~w|? z(xfxW^Az^%Lcb?PG(k;_vrp%#M^zPkr_bcRe1YWHxzXe>bi>6(6cBiAO3dICzFKej z$2)5W{^4AwjSXxv2Rjy@Hx@ohNiM|^iG}?Nf0jbqxf*C34LeuR));4^p7wd|n+9}< zi{c?8qxNCd(5X7yasC^Xx+KiOwhcD{S!I}$Q6=Ikv=l|sj)y`8J@TF*lD%n*;C^+MXR-BxV7R)5mi+uwS0}h9n=@bsd z{%6cejdLWTFwiE^-TzFLRxLwL{KmU!j6yl38NSXkQF47)4Dn88j8FoZx%2Fqi0%wK%olU2FXpA{I{cp{swPzcSy862-s??#zlo6!QJ)KWRzvNGsOb7Kq-G)Rt%{4L&12o(-~1(>!Wr^Ik>in&+Sm9zS#c=%Z7d8%A%zy1U@82%cNB~W zkt5VcHQ2fbT86>L4tZ9s(w2|^<$z>&%K&bQ|9idlM*QFJ_cm7X|3kFzDgJMoQ6Dl~ zSA@8mO>Ek4tJ}DawKG%OtvpJBGpp_x8!f>B}KCp=JZ;(|>zN*4GcUqRhsGicuwGUM46JDC-Zo)yH7lJ+jJFen( z6BAcao(Umy%Bvf%We#UtmYSl$WZ>lXyWVW~pDE8NAGPdyQc$BdC}V>Kxu%PsYS zX^g7(TukbBj6++`@UpmuoCsh+&3tnFtdSc=;+x1&<=}rX(={{XYay-X_P&g4`(!3F zy?Kgnv(Q&B+0};nZc9>i3pdVDU5LL{^0yK7V@DvX_LyzS_+MhKVrS)Vp99=@|7Yt} z^Zc*3zN-H}NNZG6uRdrCw{h$t`xQ~U0cgH{Z6t6lpySPXeHES^aeH8nla>O>O6d{$(rL@A8&H+x|b^fBokDelp4LX^tEA|I3Y+jr_mAx$$y! z|K~y4+Ok)lqd%4d{KvDq6cU~TRVLss1Xpyx5Qaj6EIFrq1cWirV+7-rhC)v45fL5I zES$&z6QWR{$3(-qA+eA+rJ_`9W{?2okO_(K%bbiwp;7^(XK3;NviBYc&+W6Jn4x|F zgHpqoOc4f%942ClIfzonVi;?Q2wE8W#JLNw?D+cSZV0?814}0b!wGT?lxrOMBN<0} zMmP)*a-1R)1?FaQ%CyDliz^0sjs?1NCo!zEBr$s0GCPaot<*vq zvm0g`ijwE>hgpQh(#@@bqH!+i6lJ35NQIc&b;UUrOw0`aZXr?PpCwgPqe{kl!k#Bl zw6+FE)fZ6|&(&=!c?BOgevINO3)6nm-!y%%y*B~DVJ1phBjiAdN0d zn$ahhp~1)Fzu9G|QmKUj<(O&nXn=z|fxnB=u9H@XIh|i5_5BjeyXu z`*YZZ<4_cVT|cdPdY$L~R}!6`p4!Ul8ti{2#@ZO3OuQ6SI1d8$0o%3-ZQ}lJC1TnR zkGqSvi@;|)JnovwqK0tRuM>_jtC?oeF&50Y4Eyg`Fl!#|$vnw)Nf@|q5MEgQMRzz| zUzpU)Js@fvWkkdF_Wp;r@HOBEQWR_k@er;&sI#oQL$MD9`LnE-bwlX7UAarPJMZ_= z>9+d-XmQbOH(HEulj?vdv|*vhF^?BAuEAI2T!&vsegDH-C;9irt5I&8qBHS=gU#!W ztb=;gB;U03^$Q5O$W&Job*8%RsB=OJpZ0YFUjI9`Xk(AI>&^Xp>RnnC9Sr9iVs1pW zfQf~`a6s#flUW_iVKB36Ou2Kd!Epw&SarL5M+fjD?42CEu-k?s<`#@lu5G|zi`P!2 zF6&KX-nzs3FiGPoM#(9s#xxnjv!i8+Y30g;75=XR3Y0b=u`Ig#4}KLEBm_6%cmIoq zeQ_QL#zeUY!_$)o!!C_;m?EdhGh8VB8XO9ZDV$KAp_|`hDix}*+AjdPGBJpCNJda5 z96H6%_Cn(?AAjE8`*8U7;N8x4LG(D*!mXz}93Ki9d!lzwVSq!UY#}DA%orI;4X=jP zAD#t88=>|R_zL9w44!_m_rT$Y{>4-HYF3It%;CrN=l=n@i2fyvb4zIP{b2w7#TjhVN{BM>2x%}_3_u^x; zHv4aH-Wi$P(sh90o!@D9-fmV=~RXB z#thx7%zWRRU40HyCF5Nvw(QNppQ@1KUJ^)vRzUp4jYXQ&YDEu*R~2_?y{Jp2Idri9{y=4VzUZ}A+|D?)6Q1VZ7SQ%D%QMo64c@09IKED&}rT($m zUz2ipYa^Me^0%tVwQRJL70LlkvW}YlHL}9nYsk8U_}dhAE+S7~i;lu!fT_`XSgBPm zrKrDOuJ~2-E`fQuB=owd;CWruuKIffmlo}My)(Mjxp^P&3<*>Ceg1KPRa>=H`+wd3 QF8~1l{~+pC830ZI0Ne5eBme*a literal 0 HcmV?d00001 diff --git a/released/assets/rancher-vsphere-csi/rancher-vsphere-csi-2.1.000.tgz b/released/assets/rancher-vsphere-csi/rancher-vsphere-csi-2.1.000.tgz new file mode 100755 index 0000000000000000000000000000000000000000..09c7044fd2c03061a838f93e9e57c4dde9064eea GIT binary patch literal 5776 zcmV;B7H{bviwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH>ea~e6a`}6!2DtxbAQfCIRosXqr*YjeMqb{+1VCUY})|D;K zG@!E>%}N>^Hk<$bmA;1g1nfA@?ORlp7)Da7)oOLOx_bo2Q7{GGoQrr09GZb3t=<%K z=`Zk%{_rTJ-EOyE9vtYu?RLBPx6^*n`Jr>r-fOpCcJ?~$AKIN4?Y;I7sQoy@uP%v@ znE%lJ>amKG`-2o5MNDEzSR}e0LIIYTvWXvHDJl4bwF2Ohj0uEYWO=2sSx7`o@uC^w z8FbNnq`3+8MuW=Ms+EXw09|yO+(1(-goIgTQzp8Ik|_C9S<8U}7T|_mGO>qa@)5Wo zEb5|p$HQ@)e%lKqef#877g$Bm%B$ zVTK9qq5xC4`5y;9V2VCwo;B!_A< zIO}rTQqcw2}HoLgf5ai0sY9dx`0_sb;a-cDMG)z zqwEILf7!1V+a?LoA^Q9oariYM975FaKN?oIRPfVzp;;m%x&ah(HYXv34fHI8F;1vN z^_^VJL=W%OR9gQW{f>T3m<06Yi$zV5$skpP>Ihiw<7ipkFRd;2V_eqsQ8lIZZsD6_ ziYL__v%HZ7;MUlmw!Ip9ljSn7=yQLrK28<1aUXf-1Sf}E?)%BZaz?D;=MPB^Aymx_Sr`A|%K6CW``LhiGyK zq(q?3x8)~K7;C*pu@E^@TRl-!ErK*fpy@15j7U$LT2SYVl3;PVR9{Nms5-bDzSoaD zBjW9mNm4r_bB?i4Em;@3!}r$nb*0MwlUAXM*3}ef3|#m!{t8oYjs4f&-z%Q~UmbMz zw)Wpsl+T}=D12 zsDSiKV~Gz$Vd?YtCg>lmtls}wnHi*ZRWpQ`vc(Ld&Af!G_kZW0yQzNV|%<5A+k=k|^w=lawKHem5M)qBZY$Gmu!R&~B=Ys~O8yThE{}`-jGk@lV}j zW#x+)0tJdgOi6%67bz1%IQvU$;u)5~^gX@-Dx9%_<9Nluj_Gap4941e$w68N%NjR~ z7JQQ0M6k%~&%oy-fa4%wNhD8KQ^whBque|ZDhTG>3CPcOSf1=umpdY-_v&Q2N%k|I zQRJiFQADB;B8gt-0V_eAf1spy28^~E6>YBJ8F zyBx(Zf5oXz6=U|J#^=u|Gp^9dKKk+{b1=@Ypa$h<4xRqe(neptbnnqo;tBflB})y= zCz(l^i8Y$d`QbsM{8W+|utXm2x7(tkT9YCSIS6t1muJT(C&T_|^t_@W1+30Enkxy5 za;p=~i|80STX4BLgtT|Fi&{$4Y2Q2xZZl2hj3zVqpf+S_mNWI#9MoEFKQD_JRDlE8 z3<)oqOnFK#&+WcFuw?g0mR0iS^l!x}4w?HhitD%Klds~FoOD~FwnoK#16H`#`ft4G zVNZJ}W{L8c6XmE9U{GmTO zKkoH&9HCJ>Pbf`g^fA4|3$YPTD6sw0lk>B|=|weTBoX=4ZMEw7V+rbiuN1HkXD9t? zK#k?X7UydKd>ozstv~E*Fuk+Ww}W>zfLb7fmi7uMjGRsH2P_&_LwiI4U5#l8#!r{SQO(NKL&-5qRp+;y&ANpOgvJDDID~Pz#@3m=?uVt^J}a=_tPL>HMrN%c@0h^A##%y=1b(|!t=%IR+fSg8ecu7gQGzHYxR zw1_#AEMT;YE_&ygx=L4}De92&&c%!}kj#Xt5i!B6syY%8NiaPDiWegYSQM(WL_62U zDyFo0KUW(ACoD`WU*sysn9zj7#gv1XG8$$(JKDLqHnZ+c^eqH?j;i+)^ZBk{sp+$- zJSRLG8}61BOsYy9hZj|9E?n?UD4vUQ+>heqR{ z+gwOa0@-xH{}AWNEWi|2=|ow{`y!K)lYL@*lNE^=*-Re2W0$Ac6`C4mv0R)G6Dw~v zo5gHR=Xz}@mYTUZdLxHHHo~5|P%^n7#xvd1_<&0e1e9CffW#d)m(jok>?`I{gR}EC8+YT-CO)MyEoR{$ z8nd%V^PNjhP*eEcafxktn)0CdAHTuDJ<>zh<$oR&~2L zmQ|`S(9BqeK{~QSWjW0y1{SLd6!MzCYINHopjZgQXMrGw=N`yI>&G;!ZLEjceaK%= z>PTe$3Ke4pk+3_`jGo$mrNNhLT!%)9=_)Y7F@aAKA|*S-3R(n-kZk52>7*%AiIzp? zYu36%_cfciQYQXHqL4(BZy*|PEM$?~{2Kyk1!SczK;=_+IhM7F*jM7%dJoFde-lxT z(nVN7hCiF(ySe>ml6@cYTF{#OuTH1^vS9ypUhHq}zb7e=l>dcc#-b5CB>hYA)jbox z?w{&q2QlhkBsrEaS(w&x5knU>hKy1YO)ibXFcLZY$bp{WPnQv%V?yx_1(SOAmAPXU zIaAhWjomBj$T?wFrRsmZ&+?RoU_Fi%uNACxS+40?^jPNomDX4JqLF{H&Jn2_Ddwgi zQ)(zB(2TL19{%Oo$#C$oKfD_D-(8K)dVjwsEzH8Ab(3mv5DzFJD@7%v+S)wCto?F-;~U60K^tQ5hZmnir9a9*ZP=$~g#Q zPUeKdB;!`HxK(;I-NXzAh4|gN*j;X|>bqu}rA-O}>}ExP`o|2s>d^Qf*uF4vHm%O zY}Qn58)!`Nq=rx@{hu!1RgfkhNLmvj{>t$1x`6D%8FWPu_93bOp#aDDhEO626vA6L z4An_?^z-QI_~gUjwDGTOc#=|fckaOUMS!V!rE(Kh^I*1I9V6R8YeLOCYoo^xQhqTD zMN>Db?|5HBAOj_(mS9Luu|zmp7|_BH3Xw>V5RjY_u~eQ2bI3u7Ig9ZGO9;^o4sMZT zdh_Wwy=OR>k_h|~^0tp&*~U*KB;16CF)i<<5auL+6~qf+UZ?e|^?p7v?LSHL=aSLZ zss5T=vPV?>o9B?#cG}1&D5M{3nm6`n7H1)Lem_C7kr>%2#@csKA=qAd6-HsjYwcmR z+w`owB2PZ_sF1QqmLc`g`9yD4me#DG_v52gbAqWy@{ISiU$%&BwQzkrgf}Kzg?OvS zA|vZ+UWuxEcS)7yOHbyVr^;@nm!&HDeQz(;wmh_K?*BCc=pna4t$Y9fVE>@#|2=rM zz5nS+O5q)~%Cs(b^OAnQz7X4YF(0j*%8uU6GsZUY|2o*k!=COUW4d~*{B2SC71o=V z2M`6>tg%1aRRZ_e|C#Xf{iMK}{oiT7D#m~IUbVOT|4B+=|7Y*gNs}sz+rE^f=%hfV zb5<6VL_uzp(j{kwD@k*Fmw#iNh%`}HSJw}cUiFh5DU-iln?M<3j%OfkL}eAVvUda_ zBh&KN2G!w~>zKQRE%##Rsm|Y{)=t=|4GWu^6KN%qgQwRvG>cyZU6P`LFoi7$pO+!o%j4sYlb5- z1|dbuT=$lCdgZs1PU|@$0%09bA!8C~t${)iWD-G$B(s;np=JJ}6N=WygJw9w6PT$Q z7G)-O#)Bzn-wNXbJ?ou`=SU>M6k&n>zSKhKVhV-fwa;3l;}}nyP{@!-!bDrr`u3I7 z5lMc75Zy6;OBoIY;z<;dXrl1Rj&!L56ur@4H-+u){u8??ZXZ7=-L;DX9HBc-Bp@7x z$lTauT{1$uu!{JR>}VQ6mPmxP>q{X&V<8zYv{yJ_9I}lA7J~12z0tr;-V)c1CmFf{ zL?R(ErP_~{>uwUcghD@)iHFXj01#F)Mgg0}SQ53A7PMg)wftso1}d(AyQ^2F%9$x#>ma|)3L$aDx$%_7AxGY%2%lFMB)mkbRs2c&pfZ53jG9iMAvcj=B0nhoKj z!B|btO*S(?I%zqD1-c`YqKN7HkS%E6^BhHO@9dhgXc=>5N+2kz+~I}jDhAm>Z+<#5 zF;3KZ)4Dn8qFw=piN&h^_NseyIqGjOCL57HUcUtrq;*NUewarlzIQUWy$D zQ7`;+bcBX3;T9d)an+~eFtp!%@A~>$9dx}N)c=HMG1aqD=KAsqX-i`30NK&%pcIR~ zg@s`kBGR6_h{-ANJ7OhLmT3&?V@#-5c6I#j2_*HrA;eUPTmAo(QKg=ZzQ=*0k%`I+qhi4L_s0BG z#xg(W$P-eD%9C1$p1I0Bcai&QPOszjRoq_1?;CRbN}k`0>-%SKHRo5dzBWr0UpdK? z zusMt8mET5}9e?W~_zy2t=YJf>O%6Dm!Q=P<)|~(MIz|6)=f%N6XM6sCin2ZbZ_oeR z^Z)kz|2XG=^lS)Y)t#Yh<3+w!r|IhxkeH~2KUx0hnz(+xwGO^}snY+yCLr_*JDl+f!m6t{xIG6d!W;JXb`dhXxNBhA!vT3wRG{61F z$*J?z*}h&rPtlyz(}$IFT7hKdBwUS8kIiPdDImsNCyi4gq{1l1a;hx{?QpXoeAM?R z`aIpy@9LQ|^`85z&(#HroT%=-0tSyVHRoq2j(Ayoo|~_$H3q`BAi48#6!AJQKF{Ih zYFFS@0$hjLT0xSM$D&p%J5c(DR1VqGvh)2R0_2}%&vr&0_$c+vxTnUb$qI$cTCLvh zYKu2kO4URAT2+C7RTrIQY1cPL95vsiPO#2f3M_|s1d91MsUWNtm<+U!a!#bo( zIa_t~GcAe)tP`jCP9`p*16?bX)jDLeS#FgoT8#@RTboy#!}ktDZ4hW!N+PKvz1p%7 z+@%6dS%yhu-7?Am#L*(xP3a1KZv>d-QS1&vrpBSUVFJSEe(h`vGOF+fNOt?4>!(P+ z7@{z}F1{ObUEa)Z8ApPtRnhNS==W4pM@>MJP(881(X-Jm8vea+e@GHU#Q;VOT(?*( zTl^NTeWU}OYU-w!Hn$vsDGO2^QTZNAN%bwaVX503l-zVAA z^RlPy_VQ<8#OV&afitlC{QU#l*D_QnQdjFeJsd(&#p0K>*Q^bhJ#M)94b>IjETWFeG`Qsg_E^ zywO<#2dcnK8Zue7m+P(#95l>BYbm_342IHw_5xcC}ZueRk_wmAV!`$hoDmn_y< z#Ute`z;%eGH^H2#)ccP-7zu?W<9q-_FJn+f^PmaOs2~O^MV*|{lhf^tBgw#XQ>vi!xq>LvL zDx#Z4LIRf0srF}O>D^xm!(LMI+rI=j2^PRz7=o`+xZaB>?MJgYh(tetFQNd8oi~?{ z`|%$@%*Aq!)A&{jID&u2?b&twdtI-^|2b?6|8cC=IR9Mbe?O)xu&EgQv{vD<%|{WD zLot4)aF84RT z-93zMZttoZLNXcrlN9seMj_�T0FyZkHD2ql`<+v0D}MRKB^^BA-^PYQChC)6r9q zE1{=?dY2tyk(U?rv>tOso;9}CDh+FgJJl%9u>4aM@engM2)E8ohcy@Myi+w#iBat? z=S=HZZLCj~hfzkPKjcihLE|^RFOo>#H;(nv`1rrue*Q1Aa|Zp_b-O$I&l$A*e-6vJ z{vprx_RX2|3f?~;uu3kjXu{l*Qt4SzPC?gLA(lc5U+^LM{dQ!mIjm%r?G2`JBe?XE zzAM|0e>tK4Y3_lJ;lI~)YxsA%UW@;;*e2q$jMGHVgk=9TAO3DRt{2F$;P4|B;34o8 zBq7ne5KS2FXDO2SKrr;$iB)y&=VfMkYK#n(O#aNyPk4^pBCjVL;f@Jr94wXe1P_8!^CQBePV>Gf=_wbojDFZM6zbeH1*DgXf0_2Os0=(K2n*>P|pY&j>*IlEpf! zc%+;KxDL_uCYUpodjF9JBcYIFoDYELWemz_9@L^Ch-Dd<&hTNY;~(=8bE-j|a3}ch z{O|R>Ud#XIuzLO%lqaB0y8#^If5)-Y{P&$6?gW;d=HGLjmjBOTY)+?;GQWgaD5iy6 zR?K$2OS_s*kyAHWl#r~8QNsC1aOPw4U&4E#M-mi7+AyYEOeill7v$>nj*y)CKSM|p zuE#KCN~e)Kol7ss2ebYBUzD7H3Xb7_fSbb>{*e&u7XN3lO|3*r zYGE7CEDAQ2QX!CTMHI4WlDivoWCg6IDa^NY(pst+#jAyiv%3yDh6RH!#b7cq+9en? zzocA~-us*(spJt0A_2Kze!(iWkQ>BR*6k6Xsl`;!h6E>iy|Ec)Q^jc&E<)-daorw1 zhm`R|LPdJhNJzl)Io1BGEWP_HVc1Jbg!`8RC&2=^3q$ZVir9M*rTu6&2a)Ip@I@40 zvHd1eazFk9h`CtKap>Pl0Y~s}JFZp7|G??B_&SAvv7`_-rY6u%mS%i}-OS%N2#k!Yn zF_-(B-|ikpH@A0H4I!Bf{z;1YaH9}0&wvMG2)9d%@=?Yg<=D-NZ7SbfYmrZ@RW)DI z$tmb5$d%AjLA}ckG0DpddYX^9BF`F|Yn6tz!<}lBXITEJig<_(8-!bDr^A{HcHXI) zr(~#hmvg3dtTxuC%EKrl&mVI3+@S6o-xo=w?;FQ@X?*p8t0{b#u? z|DVHhu7AjLz5V6Peg*Fz5LG1?S2WSxl27SbQcgkFSRs}|3t#Xd`TcfetU0V?mF*3t zaU;0&lD;e3kAFF#{%O7g9mBudb87gv@vg=HIcyX0S;lFiXF{@nnh$@s9M=ovSaA3e z3-A#53X+iMU5F+O_p=m9d>|Nl?Zm3O_VcoCdTNXel}!H3&P;fY+#<3hnPUSEu}l+4wi7Y8Fct r>5z23Q`eoZ>HxTc>Y=k94@5!z{?hB&T5GMf_Fn8?wwd%804e|gYNd9h literal 0 HcmV?d00001 diff --git a/released/assets/rancher-webhook/rancher-webhook-0.1.0-beta900.tgz b/released/assets/rancher-webhook/rancher-webhook-0.1.0-beta900.tgz new file mode 100644 index 0000000000000000000000000000000000000000..2535be4fb46ff874cf8d1dd54ac54329f34ceb3b GIT binary patch literal 1215 zcmV;w1VH;AiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI;?Z{s!-&9i>Rz`%!nvMkA$e5o{|nBSN<9tkmrRqrX0f<=H8_sr zOh%*P*KwTouQMKbH}3HEc06{+BiFrg+>tkNZ@_uIDI7;?i0K>W#kSfn_eQ{^RK$oY zX?zPHV8n!4*a0IFXmd3PP!o?hhCWn#rL)a5i$kQwafLpJlO_prqh{t30=O8T(!ES4nAU&nTBr$0wx@2wC`pm{Cupp0v#Smxj$>W=3qOxG|5r?;XkJ$UPVwLK z+&2Hm?v?*%0gu@NbLMMIl;NcGy4l%-_6`Riw(w!K%OZech-oUsR0$reefT+gR5aCS zP?BXWgqkx^i3^Fs7(hw=4;Zmj&yxxJ2lcoctV?r2MQaR`#HuWmevhM__*{4~UZ0^^x4k z=B8Vsxughs|1*Q$Hw}QoVDqQ9oe#>e{e0>5d}}z){}2O22xS$Gcx2K2GoMADS9~ z!VUgWtJvQu1c*3_aE8%-X;nUDwDg;~+s$>SXyFb?6e0CkT-ob#aCXi*lrhB3^nZxB=5+!D5eVXquRhoQwKN=0I zT7!DU1H20Yl}dW-oa?3e@n6Sr{nv9Ayv{xFl>avxw&On&*Bf5-{~XxW|Kf|Yl$J{K zzl)fV{q%ohbG1Db?nP<{^-Kx;fydux{(Fw+-Cp^B4zw8Gd5WHvflI%|72k^E{I5#R zaQ;umQym zFV$o!hhgPbKXW9OKL>)Nq|#!QNGi3ejzc^b@pvWyUAP`a{ARFn2Rq5o;#HNjwjqz& zfr%Iwsm3PhwUA2Z7nLIDRhK^ener7Acz74tSq=chLwty$;w}S^O6KDbk5Q%c5d$Sd dDc zVQyr3R8em|NM&qo0PI;!kJ~m7-Lrnhz(A3cWl2_?Mz`%|TNG#)#->P*0WFPeHWaCn zBd1$K|Gm(sZCPFiS;Iyey^Cdj%up2H<8Y{%3|FYfpK-BL>eJ+I#WdMZED<+ngX1{P z%=gP*$8oy9&THShaec>goSEyn&W+>x-qgDR=X^srj?56#H_nTFbzklq0h3Y@Bd(+g zEP#*^6KZLPj7Xr()g(ksJmwe$P_LEVW-A^=C<7Rg&T!P*M6v`;%0djFDjb_9Lzwh7 zRwe+!W%f^Rtww>&;J7f^j;mS27EAdD)P^e=z}mA|nznx(+qIqX0*Sq~A~d1qDU}r; znBWm3E|<4a!cEco&&nLcO2cF20_Z74WA(dT_c(D}>)K!Vd35=|W+Fp#UI948f6sHf z{P$-A|1Scbuq77E*O)59N$IC{Wly>*9Dvv|fb}km07?_{Oo+J>JbVh^*Z4uvT%$or zmbDaW!9*=CBuZxh74_d?%rZfbxa5Wk&!f?`C*(Urm;Z!GDj1=ed|aVOQ5&1m7fQh? z{!cxp!~faLeKYX?64-3U5Mj(E!l>fp$EYIZM_sdW1mirniiSJ}`$M%sRIF~cy$aDxA?=Xd%4X6jD| z{$B#Su`)|jGg-UVCoZD^-nHM~N|0E@h!tCRf9z{g42xQW0z*=|+T;^P;p#WGKw+u^ zD103D256RD-EYTV0kLP|s1bl>7zIKliE)X#?O2G!dTV7|zstkz@AvQLw|Dn#4L}(N z|EyIK>=XjT97Xhq@qTGtK4-KF+Oga1ai?ut#ai%cvuWS=8PT;N&o`S^FU!vMHcEp$ z4-Tq{Eg{cewI2IF*4}t_1GmwE!A=v%^HJM9RhrDak>10%|R=HwP>=G|DsivKI6;+IPle)4y&>;ixMs^ zlP&(jun?hf-RJ$Dq#PYlRbD5fHXHk~$|u|*n|E34$KX2gw zMX*Pk{miNR1=QXn(tcLAiN)G5VO%~2&;$U)^b)BP6{K2`3Y7@pkGr|GjbWOoVn4v_ z4Fs<}rQZ}z@}E^w`Vtv9#edhC?epI&o(KM40v*Qp?xLq<;M#97;A?T5|8>a)_W#-I z*9ZImaQ}N5?B#!&o6kB4(SHQk-jvoCq<2cje3@0vkBi0j`qrwKRvEXqP9Jg2@pC&TUnEsp)#M?b%XmC<0bPb3W&UQeb|*WRq2;S8X>C&;O#l-! zE;5bnrPop_T^v-(q*qgV|98gMOyJ>JWM?`643F?Wj?1$QJSbV%A)cVh=sku?MkWB) Z8Dw_AfC1;ke*pjh|Noir!$bfk002P$Sa<*c literal 0 HcmV?d00001 diff --git a/released/assets/rancher-webhook/rancher-webhook-0.1.000.tgz b/released/assets/rancher-webhook/rancher-webhook-0.1.000.tgz new file mode 100755 index 0000000000000000000000000000000000000000..f958933beb849424e2c4b7f4562661160ef56bd8 GIT binary patch literal 1213 zcmV;u1VZ~CiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI;!Z{s!-&RM@=VBp1`EK{=LywxqurbU4^FuX;23}|U&v!O_p zq`Y+v{r5tjwq-dEHi3{GaSw+DuN}d;a8k5rFNdFAQ%{I>=~aC_+WcQpo}zwV2XKo2u5;7ozjt%p z^Zy)RFLr`A`L}1yCrMrkqbDXTjQsU!n(TrV2F* zV_6F>=ag5j#qh!uKuP@17}1oQ87`PMx!u9w($n$Xq0N7Tal)xVJ$hOqPf%&wByV&D zr}#g1NsIrJiQDu4EZA&@5Msmx!k}d3Q&`gSNmaZYz%a|KydjIgek>1&lGpW-+{x#r zTcVgS5e)vPM}u!tfLvqqXRsX)im?5B>G}L=iZ@>ePVnDxy*B@E#@9~I z|8rnBR;Ed!M=QsAW+L?AbF=bGMr2j5e1R0%*mj2wX!hBASw>6kl-)mF=}`j&^=-|oLmZ}0A#HvmN# z{F9Qgzas>Q81it2(Y~~jPpMh@&Dibcy3@2RV=ef!*)-q#g44Aj%Qlp1TJ)tm4~09PYJ+MfIsV8*$i(6mhl7$FE2l{l_Op^{@`5o7;J{X+Iw)mB8pcdm zI-UQCLGFZxRi7_=F6HQmN_mxx+HCAunNPAGYH5~zC!Xgx|10nO4ldyI{cn75{~P!G zKMVF~v!6M2UP0|WBJF2&>sYJ_6Nbg34|M=ws9KYm4xWN0&MH0Rhjfoiij=JviWgmu`SHS|RTTzaOcafdx0MIPN`zR{zGVmZpuE($#Woo`)AVsKs ba6VF5xkry49{~Rb00960DdGx+044wcY)V_W literal 0 HcmV?d00001 diff --git a/released/assets/rancher-windows-exporter/rancher-windows-exporter-0.1.000.tgz b/released/assets/rancher-windows-exporter/rancher-windows-exporter-0.1.000.tgz new file mode 100755 index 0000000000000000000000000000000000000000..19bdbc89973fb85795bc51f0294ba4db9a896aa9 GIT binary patch literal 4955 zcmV-h6Qt}PiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH+zcjGpa`OIHYD|^>=KarArb~MxTw#Rl7@ATnkd6GBJ-A{qY zl7tup7yy*5alF5M9}ZH~W%)>)?zhGVA7G(S1=NM3APJ9$D8nnt6LFw`E zB6Tz-Df{NBrP*vY_jh;g?`E?(`@4CtxBpFRx4GMFZEv?)2j4VX`>nm!H_&`?&-W;~ z(nNmKd~#p2%zY(=a4s~_RB+V}0AivE6N4xwS~HBOXbfqRAa6rW%N%P9L4<09m!Haa zFIfg4MyY9^V$ud*yBLm>6jerIY=grdrh-!~B;|upjg`i9aYKm=iNeqzDEpX`>40SP zN0f>R-iA>tAX!%a+l-pgZjhjgCC#+0>Y!GTXE31wQq+>h3i?u{@RLIiTqLMqLT>w8r+0K zU&y5*76of?KBNk$0s{Yf`~F?n7cwPUV*-83&;T4^%!ou75lKmpp#m+ShmaAaFagT7 zfU(FWXiPIkG^!{F*5FX^J{{!JNp3J;qDPoFNt&Vg3&7a`Pw^QJsM2!WhFYzP0ilC( zL}PsK6c_Z6=t7HCp~Hci0%}75fZPzAw87ZAAXqav(@b#WT7ils$?i4+!P;67Git!w z^XLG~D7N9-gKzf(0Gg74XG>xxl%Zl=s&~VWeYY64F_=X*&+WP&G1Qt z1T~>df#5LII#caNV?gyV?-_&D$V%%M#v)B~PW5<>jR1hifkSRO8@1u)b~09njwm5j z8)_VNU8uUBsJff{dYt9;Sk;*r(3r4pLe*tm$5}naRLF5X7T(O(9PwwUL@r|lMpLSd zgOa{R`K~S4M{D%0tSYqQ;)hLuCUSty(Yoh!IL@9dH1k1w-jwHC%j#vIlDBSc9@MKryLX zF(@z!%bDpz3&<71#f``eB17l#HC0;O`iVX-bm@)mJjLK4bdrw&8x zxlR&lEIwfqTkE_(UT4O=81k6l15`zu#PzPUS>!0!O#xxQ*yaP{4~hmPF$2I8z-uiD z>>OAkNUTw+Iw(<$s&PGPC~}qIB$TCi%`?_TZmglY~~DA z4WctQtkDNU>a1+6>cg%#Cvsg#%oI`!Q;KWZ>Z9|{I4_WQb;?K&nQ}c|zE&a0vNqh@ zl;QBQp@D1=k23vyfbAM6s9AT zCU7?TQTuBvYVC&28bpUABR$Hfrl=yLQhxCreNVOj)8et=($Z+jk<64E^%Y zs(HL_GveJz=lu9X_w?i0c>rz+X=PL5uQ`>NKLpUoe7mOA4qEe*EF>-`^b{bq_zjdv|tbrKOvY3uJF;PK`Zos?_m32 zPX7;@FZ%x+WwFD8+gqb^OMR-*lB(q(S*9AL`8cuy(?R`s^YQ1I4YOJ^vX&+b~K zM90H-kHow0$SPRy7%M|#%43Os?T`Z$gqt$68F>fFh0**%{4*Pn_dq%o>Mp_Q_Z8o| zZN(1{lo3w0n>qqS$?(?rQ0#N96QjRv9dgXtH?^x3}%3V44gj zG#jeZlo(~XsAX4bSgS)V?3 zJ3LERUSZK~?ynXTyQrv&N2|FYl%DKmRJy2cCNGVx?J!o_FY3q#-38u}V0nt~jYuvS z<}1oon9*!jrT|jY;*{uN8$NxCJ{g!#-otiHtL}7zIYFHSO$#tqB;zhY|Efe>=G=?+ zl9dyYgQ*#Jher!YC;%7C=9eOfe}o7=K=|g6^e88C91exjVMg?Dsn{8a2I{ymcjw^u zl4Q!MK3r)c%AWn=j?*?i zFG4&!mh*U3-une(P2w1pdJz6hFdC2NF=irB80V7eu?3+xh0v6Xja=bWOM66STHkXP z4LM=>1OfUx?CmE5y5L6C()Gby`$@OkGpmHz!FBrF7`1w+Nioo;BI$T#KDFP! z#<4E8wK7RZl;HrAHuMQoMh{E?_W|{lkeAbyC#Q$g6{jahlM0#hx9Xn?{obB2?QPgN zGqrE|c*Ab~y`wz8Uj9ALGKMK~O_(>TRnYgj(iVKf)e=6ahR`YHZD^K(UrMgqu)nvr zvljsLm9q)I6FP|``N-M$ObBgHLG03KG89wceFz)MO5R5CZxJDz3c{GU!sG{EW!r={ zUOtuBr`O8^{d+)_f%`P`6BH9 zB*QX_g+!rjKGCdK@W`i}!;?(*^ZAxP?ovV7Q)eEv+n4dN`~!XAFQR8DYftW*Tj!RX zTesnln+We-Ih`@Di__Zp{?634of5s@VX5fS1Ijo zMz6Lu%KD6v*e=P;SD$sZ-YUN93E6EZkUpr(0%xk!udJ&j;floeazoer9${AtP1v3E zEN%M;GTqXx4xGj_l$vq*i}_LBvB-$O1H7@YqXcc#<-Rz=+64!T_*rkQZ$E16V%073 z_A)7AR7yy-aKzj~bs@EBamXzfNKb{;cF}r@#&X%*?HWVUo!lVrW+LgD6>pbjE1=4o z6#_qam`C4!Dr`)IL_-|J~c!o6Y~;d3pcgdCD4` z60K3X)K@p(W{tt2ms6HdJ^-J1tjg?fm1lO918Rtj!GMXLb2yX_>Q*a_NwXU{m3qRH zU=279TvE_xX7_k7fh($q@E=pcB*;(#qa33kI_h*gT1d2c-f1d0{CL=b zgh~}e1F9SLrz1azdjFOU`?IJR4jSf1@vj>3#spE1#Fu$y^Ve1IDpFTj@G9z&%ivX{ zQ}efwbP&Ay-(U@XB$A3;!O79F3ZhJkUoh4|L=z+p2QI}gK{QgaNU-rG==Z9!RR7P8 z-yXd`j?(1meXP*`oxR!o&(_{vbNfaApQEfTe@`TMTjYlN1j8Otn1J9mgYe?6bpH~` z=gr4H6tD$ey{x4e8MR|$hzT?6hpUu^6F{4tsQha!WODr&M8C*QcQ7&GE`=ZG-e!jvep zFm1AFnE<-rQ3r#EB#BF7l^6?YO}ahJHt;FQ;OAoKe+Gq;qH-2l50Ogv*a^vi3#Dlc z_Ph>dMx?fHcC5h%kszG8J*?Ee0T6U3kFgxUM4)ny6F8qyImR)I301GskJlN-S^)vG za!KHnW(b=5(EIR7mq27$Kh`)dNf`I8{J;3};0ku~)d*c*6Cx94*! z>HBvutX;6LtQb|b!9O$Wld6=vw>SvIxzZvn8`){NB9jd35hZZ;kK>jjtRSl6^~mp} z)ZJ4$&QAF}Yr-UwWDG+x!r5soX6`SJBHzM7_7J(T6)x>Ov!wRn!XW4gp_P^-vu~gH zm79GUgd~Y$52tJVx`Nb^f=rKezwe+2WVo?h}=gmAO)~;({NR)<= z<=GA2WMt;}z8X@7usH=5G7U3>x&>~4ev(vU_=E9G>zf;v48fhJN^@o3jG9nz)4Z)i zU*tT2(M{_%fv8MqqKcxe9pn`c6BO?htEu%6Kmzq>Y9FmW}-!OU2G z$@ciU%S!t{lZ5t|K347j?QFMZ?|FSx_kq*Zx6oRuLS|^ z!{$2jQM>ZeM`4VnTg*Z^yXoGCgxWukPTRW&ufK)!!_)Tb=Idt7dzQS%s4~uFeRIQn zyJ_A!6`mm93WCDhSetJ}62dU^ZL5f0bo*gtrT+U2y{GiC>imDZIrIKU>!7vsvj6ui zWo7(VhHNguDJ)Z-e8`p&NmAG>ub*Dn3e+e!-xHn?n^5-#*6oecI@k*VCPX`>88XUE zSL<5lxb+z>T+sD-{j|u^+6wG1V}#C8>ClFK?xzJREKvaza-o-iy1&oI8A6$8xK(X$ z${NHBiQBSKB=u()eadhO>Xxl{<@cS6QE-DPEP;l!P-{01L$9e&6e zD^cDCl{``ttp=6a4|wG}^7zd^mW^^IruwYlzpc#Pxg=cmQHI|cW*#= zv(i$TEH`15Xk5FmK-FcX$-aW!5vawHE3}%(iH?PI*PbNzK zggX8-|J2*mWJ75BGA$MX&sEqp9fU_p-`&gNhKByLoZFB-m|wnyhb~Dc zVQyr3R8em|NM&qo0PK8iQyV+7@cHa2{zE?wPXT9{v4I56dM~v%8*&nA^Fl##Qd=Pv z%QJ0T8;vwa(%5(t?r*=<~ycx#wQy1K1j=)vbO}cS~)}WHLq_O}R8tk&iS> zQFk7VnYQtaW#XrA@N~P~?*9Gz?ti!2UHsoY*xCJQ=YIEocV~BZXXoIj?#_d~gYHkz z{T7p7_Y}r5{Zsd==UOE05ArZ6m1UMIX?iVygjpukC{CEQ0%NW^32MuS9Mc{ISy|dm zvJ6em66}F*^b%!e#$vW~gfcyta+#{BS^8e1KxQx^$kp6UIc>3=|AyLdC3`U0ZLvJB zzINlCxZ6t6B%0^eH9cpNjnIG}&gBT~7zqah2K59rO#EnIGKECRAs-dmEe^0mD`S8O z(E?CIn5ja;8;?Fnm7-~7j7!V7L~VMl2ry$@^nmFJmubvrC`U~Hrzs4^iJ~R(gt72u zxAi$f?JTFhc`kV35Nb{4gm&YdZnt$i{x8@62@?gHZ)E_k(fb{*82sbm^Jmde>5N&6DGa$l*W(Bi z!8F2zY0d@$4Oj&Ogq#_JDR60(*B^^nE|^6VueE64qq@pb(@3ZR6TLNWAgn<55x|?3 zfcYtoxUqWHgLd1&AslHoI|e&u7IKY4et}MVE8TT!pKFz%F(=H9%{CMsJ7*P2)ZBU? zOUA(-5csv0he*SEko3;a!?Z6Yg3^#FjZO36mvzzF_*HRAjcLuo5RTN>nH3l?LQBc2 z=?n!XR%vIYtP)txk!v;KDW)Drn#nJy>8-V*U~W>sX0(hvW216G@4>5=M=v)kW3<%+ zjk#b6VQk01r0?z*^q+;XL?Br^<4E#QH0H{1tB4mthC1`NmW_Haadz1;)Zx~HPyTI+ zgJRT!Arl6Di{QqhtRTIgL&~+fm^EL#cWwUlbj&S2w(A0htD8@oAA z;qnq~avs2+6ZrGGeT?w}zZA%#3SDWq5wMKc0M)+S1jvVCfLfwOb3WkGeU04WeI*cq z_9hVIh|3HA_e+PV+`8F@f=P)Yt&ejQoG5LZ{QdL6pZERuz`N>grc&&|l-Xp=<)~~e zzkAibk#v;U+=IW(N;TVt{(PktoSr_Jiv9pCi$Bw6%7q{+!DS)}r`yml0zLS6>1RD2 zRt8|3Y=yywaVPZKM1~xGs#bC$EAQ^#V3}ZGyH^A8hXHnAIEB%(6 zKbY--paq6(PQ7)z&P*tl276CCr8Jfaff@>#A{lK(Yu`X9n5PZnjCAbn_q}^?;yhr` z$WjOV^zp-^=a1tog#iv}ld*c{+*k!DJwi04%589Bw}B7K4Q3lqnnDK?K2rtoEW?yD zi(*!;p(l`lBoqRA<3A@c_S2+?&P+R|P83gp$r%)qON)}GW`eA{!QTs%NyV2T28>%aK*{^(wc*u`+h6TB=vij!t{<+93FW8q`#R=H^2TPf;VW zEY)nJq>1CO!gIQuRS2}z_Mm(4W;}yw#^0BQ_OHIV-b6z0=#Zk)`(@nqG-Yh&Tm&|A zVmUz2g{+gb4Tj4kOwTPrcaV`hh7@z5X5^)K4`D%1oLeT0g2IqkoM@Gy9b;i4??jZ{ zGbL%4raqoEr(Wve`TWIiJ6j%yhjWL-OYUcABp*wY!2VuvjcMie{Jk=86{=PRm3O2v z;~lAMcex+!FaK|QmdAgUW8Qf`MvOM@@8ptHXoO3F6|K7|KD`lw}XH( zUGjw@$R{XK(_TXFIzO+q9%-Z~j#XA`SO_tL-wP&OR*QDWa@T!B8)_jFH^9RFp4$Ws z3@~AZK`<(7m@*m$LyjW#W>4^plQFc)Z=sumnX`UJFV3hhSyhu`vK6njj)xHPTOLXk zO!;lswQ<{U+PpJG=$H6Xl$)q5R}!T)K60&g?j#VNraWxP8jUJ6?Z<8>!i(GmkYfa) zr_G)>I={N^2lfzzeGx>>W5PSVGR*HW*bdEcqp7tO`Lc z4D9bkdk+qG_v5wJ&z+K=r2vvedL0Z>Ow$I@Ygno)BJf!VEB^?0ml9}Q*`)Q?n_lYMCa$4$1$FJaeoTwym?QdSH20$~v>28RpKe)NWR z_uS~Y&j0gSx{T#taTsv@`QQDf|F_%SJ=neT|GvjVx~rKS&3C+7-q=~e#u?krTI&Os zX)mPepR;_em7!%Rv&;q2KFfUF2Dc8Eml16^vfR%6$Z&%A`Qc#~Uk~H_7V8FuB-x5R zcpW~0~51(G6>is&a{OZgyyl8?qk%$_1ME30i3TLr2r8 zb!=Y+BbCaphf(&r0w9W_x$V8J>Ag<>Q-+z62EXPuz;)+;I|qA<`oFhxr~lvOxtad6 zJU5-W5jb+fafbG*jKG(Ad^N=0zAHWDA8SA;oO2YLG9B*^5;A6!@w3~&-495W=$8QN z%j*uuZUg+6034t~oSudAgjEomZthjMWlo@RMj5<%tNy_9@Pe1qUE=M*8q^b>;KL+Qg|sieSR2amAsc{tewbCB z-_mX{Kj895xJ}qA6E`%&t<}xV6weQM+i;}`E-!nxhHu%Z0%_T(wivV=S;olTylv-G zGj4A~I~vm8q}RE!OTL?rnleYSUgxngwsSSJ@Xh!JfO4{g zxTlYwJ%4}t__yP;=@M2YTK4-@)GE{qKX_`*-(0zspmP?i{aKVaH1Ie>s0Q{_u;-B-ipj{`me> z3A|O%7vC~ii*FjN#aDtgT?q77Az99!XjSB<2X8lWC3rI1aK2D=MCM6~ zXK1HxOXToogqmXTPfV;A1rP145wQLHS8jd2K`&3QE+X{D;_4N`ypDAyI|H<=BJxC~ zXFiI#P|h}d#_1WC#l`1(6nQQ%Lur`^=C0A1!gDuZBQ!HPYD5efmp$mtUD1qP^kDzN zgS`jTHZ)#aza>nKEPW}(>{Kc1QsFK>uB}WntchU5V4~4(RNu?+!?m~@r2Go2?z;282mAN0 z)c#&SXjuB#!(&pv_R1lloi6|8FY>(tQ_H<{l}?QG?(T7wIbhQtrhbWStktA>Yr<^ zcw!QjV&{L>6^Z5gUtKi+CUab){|EQGi~4{6VE5oo|G&pm-T#C)TpD;?rLEUm535%` z`QvW=jhRdZ8u);ie^~`>S=i=oPi`tryYg0fqr6c;3p8%oU2!hK%w!V7v4vE*3yj>r zU`CFTBrF&hp5+3;r_{)lmG`>r*x#;nS0ux%{qx0Ak3N|ZpTYCi$Q9e+RLtB_nZGJp z(j!w(vag7naOO-_S@>5SiW;(K2?AbVQrJ+HQ)1|Db~>bIU<6_gL#1)zYAjtr!&5b_ z(MnF_Up-SQ_(V2G9}vmuudMNE$jd@Sz4;}3$>PwT5fV6 zeLbo#DVe(4x1QmfiQro#Tsbo)GzA=7vv2X5Kr0JMr@qvo$WsbNnjLCYAM`oJjLEd* ze+Y1)120sHaOzLh$eT9~Ig*N}D6*iOuF}Y&O#S`i^3Jf+sKqJ~UxZ=@a}&7;`C&Ca1f`HLK_2kJ+HzB?<|-9aNnbo$U)@l1Qp$wU6L$&QOO!tXL;V*x zvrOBloHKG4Uz;;3T@$Q6jG2J}qFk(~+42N)Q!^LKOqLpk>eN5QME9%GvIPYy#p((@ z8)k7SN~8&+{;jLc`pyz@3H_>|HLex1_T9B=qAb`dk8Md!!lbKtLcu4fohZ0_>3&T} zgpR$|lu|KMg}cQbGXCDUSJ%mv^ctHK#;U9-N>et!2u{}U^zV;%ycMk^CzR`j;Az{d zoHzR6Iye&){LP$Pda>l%*t$6W#p4tDyUIStZkDG0c6{y-9l~2@43x6QYL>fgs;t2p z(*BcHzx`0(e*6MC#2f*E#CMxxYje}ItU919{||&3bTUT$JHcJ`}+#&BO5 z7$n7DqR6Jt7nb@-MJB<*3~dZG>G*7Kx1(uvVnepW7akhF{U%B#+*Rz8J-Y|bnJk!q z*Ul1FCM*=sQTHtK=8NUIR-|OaEN3`rfvy_qZ5R}m$PCDNNQLnhSE!NaD6RCYX@HzT z9#u7)H7$?f;gIB7sL{x?g&+_zzBZ4R-EG|xy`fDNWR5UbL+OnCB1odOUJ|_Uo|ZtU z#Ay#Hd(vCE8GDKehs5asZA?uIp3k?;a2ddbbty{AhqK@e`F0Acfay`;Onu|W89uXf zZuX<7bPW=vHJV(>)Ib;&NOFEb-30g6TK#^1j@?>o^9kDM5zmgv+>o2}hReO(_m#c> zl?!6ThO_&J(5|D?-q?!C1kyVPn3mZ2T8Sdh!6HSWi&DnrkB=0f5o;G!?E+3AQwzJT{4Zr<88=&Wz!eb z8(*n4?yo8~_MT{tdZ=_(RZ;iH2mpseOe~+!np@4259QX^uem^dulA*TRP&{o zuwzw>#$;y6oAEWvDC@Em`=pRY!F>$pOcG1%e9x)7TP~;}I34m)=tHU;zb2^pF#Nnx zwI6yk>c+{#;-u}o3^?yBUbnLF~R?(F~T=-F_VYvly>3@|mIMQP^^+^LV znWi3d#Vh>3#j1+0^D(YF|KIKIFZzEE_U?ZF<-0uVkF{3%VM4NUqH&0tB4jv(jWetA z4gaeuXLSc9{6H13xhJw=%5;mr#|2qo+;3Yw6jL@cYpv;+3*6k@YetC(7Sc=aXdtq zFQpHB2%E3a*vPq1{;%t|1s`jLc0<^Vq_Qje`p>UsIYJdVZ8ZRZ`$619AoEV7A=lG| zIzuk7+3yrHHNoiEVg}JECWST#(XSMuG$*aCGaUPCR-fQyVWSs?5ObK9C9UrEB-%nt z|Gj$g0;gfRFbjQgT&EdzsAO2p0;@Yl=P@Q{$ zgAGQm%R&e^ghwi$H91-#0nrf}%cXbaJP~fZ!wKc2ccpf)LSwylThswOgykdFT9^L% z>FR;)WrtFW@k-m_Rv&%DX@Spj!JBHhFhO$=@k07TpKC`#^bFaM7G%*jEg5jc^;)YT z^AOP*6LG<%uYSn44bhRYOE6tI6G5TK>dHE`mri<>5}I!%kn?3Lv>YW+P;= z9=Z{AZl0Hgg+nOUVoA>D@GAN)>vPyHa)`V$;lB4b%HzVr1y+;^rVTgk8_g|7PgS|* zFAH0Vd5KZvu98AK{uy+h0FpuNK|(>;A-tAs!nklhf}5gA;1DdWjSD*|+!4xfIcitx zQJb-SRwNYX`JV<15}mevKfK@;x}}adgq|^DA760$h^CGtLU$?DQ>Xu!dJv6Kb=Zv; zi@LZPUe_N6r#y9sDH;>x69l}-F`+A3Rll5=m`nR`Rt?x+vWyC3$|MT^y zaV#{|T*Rv55fV^MBhmNaQ%B5)%@HuEd5^QOLnMuZ0h4pdLavgCj;k>pvJN@pVlEZC zO_=0E7Q=%Msc4z9%3Q($4?`9|NP<17ga*(ZY~rdKE6s*;DJ6>-Rm{mI7sw{rzfvxl zs`f{+Lt>_HguLc)-{%UZ2PpgzmpY}9VsgX-RvR_COw-0(W#yDYw#eE(#(i4*Wns%8437PT+ z0>?DaI#HckO&UQx9w4u*GC=iKzFR$%jw;2ps)5KtnKo+F_a?J5DhXJxd#}AoH|50& z+JAq*q9O0cLb4a>V~PE*x3_oD{06p6rLfmW3Hp8w(e@?3*#z+ztv zhrrvR3S;e4V!#~+iHHvE!MqLLGmp50HMQpeU&#haV20!$gXIvOs%24;iglI;isekqSh}YTuB-MEyTI*!ysN z;19zW>SKxigUUCj^uN_^Z}8t*${T~#yx-yPAK#Z@#18~?oyL#CBfjSu6Jan1Xf~J! z9>dhZrv_*Pj0s>9EkzVDxdn!X2Lnr{(dHCsK_X&79WXr+nn5kq<`GIu_KyxH5`*#& z(ykwfVa?$j97Klvlo<-PM5Du`1gqn^vcr-h)ohC>#>f@Qn8{HcT$uq5(JJy7z79(3dg|OT7pK@|10SDw#o?iX)8ka6}mbEzBor_>DFJ zMlrhqV;DrRT>--x4u=Kap0_UZ3x z@362N%!Vonf}mxxP}RA8*lM%w{F-I@8|B(8jp3T_MLhjr_b`$s=BTp!k;N*738dM? zlTZvPj}5`$DPgzZ8>qR{Q;kbwg+5@5;S_5)MXVO#4y{fkfW~&~^@NoamiSZ5ON)GA zgiIpX8gNvm*;BK^Jt>A{EK=#TrX&_}&dIaM3mGzkNlH@LH?w3qer=PqDQhffC1JCG z?+(`Hg(88EkN>rsjn*dqw~m7AUpTa0q>p9szh+|^|Fv5?jSc==N8v+o?efsx^pT`# zze7eQ3`DYG5F>FhBI7i=Qw0tabr1(~oah5MB{9HPu?TWC*UU zJ+`+do-3T9Lkf5=p-2=u+~$R>o5F~D7~~_R4i945jTkWmBoh5Tdd7eR3X|o{5vvCv zDV0{FkSpY|Tnb=xh%rZGJ^`54Plj%Bkbq2(SLkIOVDOfvTBv}6#|&dIFp5|&KK~U0 z8t4kZcy5eP1>U=u{DQXEtoYajKlApk_X0hvIkQWc6XA@zA09aS?1qldZOHV*gcuFW zs$=B{<`BBruBCRs5|;Rk4Z#<1`{HLF0V;Eyy|yZSlcjwAPu#obJPnrl|IOBJ+5T_W zo9+6>{;#7HuP4CKSG7^YyXG-ifDidz@Pqo)d%=Ze#B5h<|1sZ$DRL za)0lkQA8FB9tK)S{7!6y@Cf}xWh=-O_rfhuwo_fpf>>Ch5|anm5R!?41xes^fLX|D zs)WjZfl+mOymxn1!h6L3Y>|^a6<~yu2Gy#mG?Way#i@sx*)CL8D${IdZQ?W=M^SZG zQpVdY5a3EY$g3dT(!TR$Tqb}aTvdvk>zs*V@u;{4?rQPV$>rYZ;pOMOqr(q-7az}Z z3S!SsSm%qgPY0FRmWLlNPxg)v&QJID4`y2}+_o8=gG!accuW=0bP9EVnV_apZg!eR z(W!`dFz%4O2&Q1N@(UEo$tI$7$c_;jmGge(wAFnSny&(CixZaw!bDm$4YVz%TCxOqi+3yQRY2=-y8AX3PBG>!DJ z2%#+;357>ChK9Gt1!*T-CX$x>dTlfN)t2)4fAaC-;M~`@`dRx}G5@3B|LyEj+I6nK5Y?BaX#Q=I>!@gm-G}CAldERb9+;5>WL$(9`#1f53w4 z>9A`S!9?e#Q;eQ2GRLdMQYZagWkJ;|l*k2i$07v}Q7;PYnm{YCO2Nfa10ggCkXOf! zL*^F~=m;uPw~FA{VIo3hxZ|$V)3+;Hj*ammV9rT3AwSlUVF(@%!ONCg&-=M}8G-i| zDARkBHX?dG9&j2Fyiu4*32{WB2-M`+f?E?U8LJH`&Pxp&Y^>-1ZYkS;ccwpcC~#T+ zM{~yh@9u1G?tj-(rqa`_>*w(K0>5t>#XZLLGjT8ck|9H5imI(v(?B_V42UoLC50A& z0IYYhe`;!AslbY!7O2X;PzY$^W!@4%a^_yq(W2!@k`hXRtvQMTIOym4-tedoqpC8>|A%;lBW&N}Tdn z&_9+;iBty6)xCTF4n9Xrb_*3?Cq#Va2tS=2Jxn{*3;ZnJC%Dnf_6&6HIoClt3w*ozDZ_& zDw{%rcfNE}GdacA-B>VH{#CP%$SQM$keTe#eLDvO2s{bZR?$Nf?w&y!_)4kqBw z+~6F;#`t1h?j~$52WKn*pV*|)l`PR@Yb~7h08FPCW|bl9@tCh_18`kImz^t_zqIhw z;U^|oIolc?SQey`>#-r>D-B

      CwI#@+tzsxnhAGMF-YUuEY{RADDoJbLpN35p^oN zbo1EQw68>D-}cy^S8eMeAqo{wnqbYYHLTNIL#U~`wpPZSrjrW%CR1nV6P_^4k1qe3 zd7N`Eiv>v9?Q~_o*pxo=HBG|otIZO#44nb15~F619~6pKgIx_~>`y=)Gh&yYy{@bU z!(Lv8VtqcSLS4Qp^C}k+=K{<Sj*p{p``nj$RX{t_#gNIn9f+h^g+TFb9 z#T%TWVVVO?z$DQq8PKLPOb57=Z0k9O>9*IaY6(+c9SEaHkGVs_t|LLi^U~E%Ir-0} zEl(vG6PHnaYJx-)RgT6NKzwp=@!Q9_WVl0)56*tc zGTCevTiyZqWh}h3!!34O`71uD;MEv>`h6k#Fx3fHCJVsIVq5vn4!Ff$B%wdr_Wur# z_VXvlMbT{mZ}3u@eRWB*jQ*+oE!Yy5aXP#-+X6(#jnN^ELSEo&tIGdmnS1~5a{8X@ z2v~Oi-`L%rvj2_7?&kh)E#;y6f0zBaH2r%v6?7GI{@Nqo6f9Hs|HkqUY4WTYK+E*M zz1yC~e~soQ|7R^_uKwG9Y;a7I#i|d_SJd;Yxx*sl-Cd>dreLLWN2W07^m~M)dVdcv z3BOi4#q9eT!u$IQ$?yU;y5Fie=r^aE{N+N+AH(iE*vsA_taN_AtMH`U;iL)lbpJ=O zulp^W0UifY8ZuJJ-tRa9fLO`f=Whd|Z1?ZJ1`}A;|H}c30A4CzC+p1r+ilF||84xg zwG`aK=AwCK(^lO}Id3Bo(1>(?A|VenP;rTm5xyImyjiAWlE!^T-d=B!wGOZPzO(uNZ)+(}k2n9#Zjj~Pf!j$Q?y57^ zL%J-Q`aqvRH5=kyoM@=hF8)h46X2ff#B5xbxn9 h!2ic>@ODc zVQyr3R8em|NM&qo0PH+#Z{s+U{aL@F&S{``8!h<}Cp{3bz~$1JyqBCZ#bWVM50XVnD!Rupk=mP*guQwa==FNN z!{N~W@AZ1^|NUO?{j2`4H|X^a`-6V(Rj=QFKODS*-qWztgiL87U-iDbu6E;o5Fnfj zO*9o;`3^upG+`q00-`lTkBV-9QqwWT&<9C)5Tjg*7E+ZmGIcpg(1&v>mSW*uijpSC zHDNwp3B+K+;s( zq{|qAq$#6;?R5w-WnyZ&1dvCRBaDTFe`F(+95pH@7KZCs>s0yOuC%N;G%&Qv#J~u! z@`~{>jUh^*R$V3{p==p7iJW=+Ck+OBednd8;SOF1jQ*bxmZ5q&1F%m2@Avmx`hPI! z^>+IIIe;c4!b-IpRpADLYbh8*>1Y!9FtJJkO4u{n9SRKsS^(ur6UH2dTAlDfPE&o7 z5NZ^BCoga&#e{|kgaeu!tKvSQexsl$03--R#x+QcsM6BvMu( zVQiEo?{|3 z7W3j~$~4NNvX>U69}X45GwWHyEuq>fbsZz*vT8J5AQFTu z^&AJ_EgZ)f+*pjc(kzKt<>tdpHo`zNaJjAiJa^o^N*x$3OhJ)pP@3pW75;PEaLwzx zmeiQ2vA8xIAy=71n2HP{)IcC$nbIf=3ju_OaC+uAmjbjD*@&Tvh0qWfT7KRRL$GKg z6OpoMn=o!FOhu?Hbu;U&z^L_iq$ ze}j+)8aiVtO}25lEKXId+lNJ{Jb2}NrbYbGfzHg(k|RKtWS(_=UDTN=i-}SB6yW;+-n?XtVmeL zg578EZaC3&f?kLdn;MWHwp-|2qvV9O5H_0tt(pRq+D!;2k=^QkEScH{e>HTio@~)A zb}Udezqi&Tm+Wt-`Yl+LHt%3cpLrA1OETDOdDssqfpBG<)IvO2VSZ1YpWXfRzYZ5FT? zWRmKsMWGutU!{y{PbJhnEPsZ`u=tr43d{v7X5Zc@!&-MtIbrm7l#6UP^In$MnqqH`Lp{A}R4uI< zm1T*mkShk3nv*AJ{(^wpy{dZGxb^Avt!f}s_@K@GR{i9<&emPkhh5aISfnjl$kGA8 z?U3684jf6M`^+1np*?35-vByxKrx4xIw zc_q7XZ&vh@`+qCFlT_|90m&A?a3wLD$Lu!TYxS4-XIack=%n&fcy-I8jm;L@DF(nQnX zsEi@)`2V`^(6m|MyvS_Unf+R?Yxd6c0ObM8!iA&svV0W{YIvKy`6K9&ru@&(gtn;w z*2w>0f7rhNbI?0{zmxyxfV%t}r*>}YKU8yJt%=`I6Q~peLqZ|LKnv;H5RJt6z#qv7 znaUHOMZIXwbIm)W23q(dWLT&k8 ziB-@^E3?!DwZu-RO?ELRx=p6QD7_ea!>NW)Q(enx)wo+*cQuUb7_f+&a#2xT(ox7K z^)V=}mi_Yi>geqB>g&w>cvE=EOtItQDPA<-lj!za# zt(>+cUU5~TVGv9b%x3;VuxzJU>?~vK%pI>H*<&Z*2fZPxYDYW5EcP5Y00BBo<|sp8q< zzk2<_LHqvK!QfyQ|M@J?Qv1s<*cdHXcNCT!O>`%H!qS-R7v95(nMrx+CGNxBcZlryS`(UbOf`k_hH==3$i)%}*OGf1)E4kHbjbfWS9@1PR{>cTC&`VRTb!Iis4nU=BicO`FE4kG0xC5MK2N}Vn|Y| z>@9$tm%Nl$=z(IeS8?b~2Ht;aogP;?pX#jVkSV;9c3xeP@p1yK2J_TGCD-$JT)P2AydKX-J5 z)IL;SQfLtf=ELRjnN86|MyStfSk1kp6+1pJ-N}DoSStU;ntoeqV6FXsKWMN2-uHL* z|5@N6`7e)7*PihHe?LV1fx*bX7b8n(#D&Bssbih|9}EuL@Bj1qv_{G8 z6E*oHfZG^(exr->2vQQq5=_O_XpB#M*h!Fjy`-k z@sjX~>R2QHgWjOM|JxtD-}(Q~0`@g8$NASe6~F$a`DVypfvWZkCF@=*^c=^k2>T)- z+)~D>7hZIX_HC27-|!A@V;aOcnl?J8j(c7`v*J0cd0UNR|O zepI$8rle6iC?$qvRe7_d$TYqKg;>59lk?%m*S3MxlPfaGW7HgHZ?6cGDemby&IKaW zp3<`g8@1$TS1K=jCegk)si;QfIHpDA3zW6~gud5503m_nEz0s5QcmHtM%!_YZKSGg zWaWJsMK1H6w0%6nk|7M=*_IX$Yh9cEDI^@yn0d0oA9lSjtZ z>Z(1$ImfcQ@=KALamQV%iuAwPec|itYsWdQ%?3N68jKjHWj;{u(mL{FJMFw~PV}Gk zr;2J15zU_~vZgAZkHvFAE1n4gyrar2XP0!3%NuRo@:: + +# comma separated list of domains or ip addresses that will not use the proxy +noProxy: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local diff --git a/released/charts/fleet/fleet/0.3.200/templates/_helpers.tpl b/released/charts/fleet/fleet/0.3.200/templates/_helpers.tpl new file mode 100644 index 000000000..f652b5643 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.200/templates/_helpers.tpl @@ -0,0 +1,7 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.200/templates/configmap.yaml b/released/charts/fleet/fleet/0.3.200/templates/configmap.yaml new file mode 100644 index 000000000..c546c4b97 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.200/templates/configmap.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: fleet-controller +data: + config: | + { + "agentImage": "{{ template "system_default_registry" . }}{{.Values.agentImage.repository}}:{{.Values.agentImage.tag}}", + "agentImagePullPolicy": "{{ .Values.agentImage.imagePullPolicy }}", + "apiServerURL": "{{.Values.apiServerURL}}", + "apiServerCA": "{{b64enc .Values.apiServerCA}}", + "agentCheckinInterval": "{{.Values.agentCheckinInterval}}", + "ignoreClusterRegistrationLabels": {{.Values.ignoreClusterRegistrationLabels}}, + "bootstrap": { + "paths": "{{.Values.bootstrap.paths}}", + "repo": "{{.Values.bootstrap.repo}}", + "secret": "{{.Values.bootstrap.secret}}", + "branch": "{{.Values.bootstrap.branch}}", + "namespace": "{{.Values.bootstrap.namespace}}", + }, + "webhookReceiverURL": "{{.Values.webhookReceiverURL}}", + "githubURLPrefix": "{{.Values.githubURLPrefix}}" + } diff --git a/released/charts/fleet/fleet/0.3.200/templates/deployment.yaml b/released/charts/fleet/fleet/0.3.200/templates/deployment.yaml new file mode 100644 index 000000000..25c505ad8 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.200/templates/deployment.yaml @@ -0,0 +1,23 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: fleet-controller +spec: + selector: + matchLabels: + app: fleet-controller + template: + metadata: + labels: + app: fleet-controller + spec: + containers: + - env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' + name: fleet-controller + imagePullPolicy: "{{ .Values.image.imagePullPolicy }}" + serviceAccountName: fleet-controller diff --git a/released/charts/fleet/fleet/0.3.200/templates/rbac.yaml b/released/charts/fleet/fleet/0.3.200/templates/rbac.yaml new file mode 100644 index 000000000..59df51b1f --- /dev/null +++ b/released/charts/fleet/fleet/0.3.200/templates/rbac.yaml @@ -0,0 +1,106 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: fleet-controller +rules: +- apiGroups: + - gitjob.cattle.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - fleet.cattle.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - "" + resources: + - namespaces + - serviceaccounts + verbs: + - '*' +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + - roles + - rolebindings + verbs: + - '*' + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: fleet-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fleet-controller +subjects: +- kind: ServiceAccount + name: fleet-controller + namespace: {{.Release.Namespace}} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: fleet-controller +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - '*' + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: fleet-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: fleet-controller +subjects: +- kind: ServiceAccount + name: fleet-controller + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: fleet-controller-bootstrap +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: fleet-controller-bootstrap +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fleet-controller-bootstrap +subjects: +- kind: ServiceAccount + name: fleet-controller-bootstrap + namespace: {{.Release.Namespace}} diff --git a/released/charts/fleet/fleet/0.3.200/templates/serviceaccount.yaml b/released/charts/fleet/fleet/0.3.200/templates/serviceaccount.yaml new file mode 100644 index 000000000..bd99d9958 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.200/templates/serviceaccount.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fleet-controller + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fleet-controller-bootstrap diff --git a/released/charts/fleet/fleet/0.3.200/values.yaml b/released/charts/fleet/fleet/0.3.200/values.yaml new file mode 100644 index 000000000..fb3e231fc --- /dev/null +++ b/released/charts/fleet/fleet/0.3.200/values.yaml @@ -0,0 +1,38 @@ +image: + repository: rancher/fleet + tag: v0.3.2 + imagePullPolicy: IfNotPresent + +agentImage: + repository: rancher/fleet-agent + tag: v0.3.2 + imagePullPolicy: IfNotPresent + +# For cluster registration the public URL of the Kubernetes API server must be set here +# Example: https://example.com:6443 +apiServerURL: "" + +# For cluster registration the pem encoded value of the CA of the Kubernetes API server must be set here +# If left empty it is assumed this Kubernetes API TLS is signed by a well known CA. +apiServerCA: "" + +# A duration string for how often agents should report a heartbeat +agentCheckinInterval: "15m" + +# Whether you want to allow cluster upon registration to specify their labels. +ignoreClusterRegistrationLabels: false + +bootstrap: + # The namespace that will be autocreated and the local cluster will be registered in + namespace: fleet-local + # A repo to add at install time that will deploy to the local cluster. This allows + # one to fully bootstrap fleet, it's configuration and all it's downstream clusters + # in one shot. + repo: "" + secret: "" + branch: master + paths: "" + +global: + cattle: + systemDefaultRegistry: "" \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.300/Chart.yaml b/released/charts/fleet/fleet/0.3.300/Chart.yaml new file mode 100644 index 000000000..a6b88e2ff --- /dev/null +++ b/released/charts/fleet/fleet/0.3.300/Chart.yaml @@ -0,0 +1,15 @@ +annotations: + catalog.cattle.io/auto-install: fleet-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/experimental: "true" + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: fleet-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 + catalog.cattle.io/release-name: fleet +apiVersion: v2 +appVersion: 0.3.3 +description: Fleet Manager - GitOps at Scale +icon: https://charts.rancher.io/assets/logos/fleet.svg +name: fleet +version: 0.3.300 diff --git a/released/charts/fleet/fleet/0.3.300/charts/gitjob/.helmignore b/released/charts/fleet/fleet/0.3.300/charts/gitjob/.helmignore new file mode 100644 index 000000000..691fa13d6 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.300/charts/gitjob/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.300/charts/gitjob/Chart.yaml b/released/charts/fleet/fleet/0.3.300/charts/gitjob/Chart.yaml new file mode 100644 index 000000000..a1d0b9a8f --- /dev/null +++ b/released/charts/fleet/fleet/0.3.300/charts/gitjob/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v2 +appVersion: 0.1.12 +description: Controller that run jobs based on git events +name: gitjob +version: 0.1.12 diff --git a/released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/_helpers.tpl b/released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/_helpers.tpl new file mode 100644 index 000000000..f652b5643 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/_helpers.tpl @@ -0,0 +1,7 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/clusterrole.yaml b/released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/clusterrole.yaml new file mode 100644 index 000000000..bcad90164 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/clusterrole.yaml @@ -0,0 +1,38 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: gitjob +rules: + - apiGroups: + - "batch" + resources: + - 'jobs' + verbs: + - '*' + - apiGroups: + - "" + resources: + - 'pods' + verbs: + - 'list' + - 'get' + - 'watch' + - apiGroups: + - "" + resources: + - 'secrets' + verbs: + - '*' + - apiGroups: + - "" + resources: + - 'configmaps' + verbs: + - '*' + - apiGroups: + - "gitjob.cattle.io" + resources: + - "gitjobs" + - "gitjobs/status" + verbs: + - "*" \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/clusterrolebinding.yaml b/released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..0bf07c4ef --- /dev/null +++ b/released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: gitjob-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: gitjob +subjects: + - kind: ServiceAccount + name: gitjob + namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/deployment.yaml b/released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/deployment.yaml new file mode 100644 index 000000000..93b549432 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/deployment.yaml @@ -0,0 +1,34 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gitjob +spec: + selector: + matchLabels: + app: "gitjob" + template: + metadata: + labels: + app: "gitjob" + spec: + serviceAccountName: gitjob + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.gitjob.repository }}:{{ .Values.gitjob.tag }}" + name: gitjob + command: + - gitjob + - --tekton-image + - "{{ template "system_default_registry" . }}{{ .Values.tekton.repository }}:{{ .Values.tekton.tag }}" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +{{- if .Values.proxy }} + - name: HTTP_PROXY + value: {{ .Values.proxy }} + - name: HTTPS_PROXY + value: {{ .Values.proxy }} + - name: NO_PROXY + value: {{ .Values.noProxy }} +{{- end }} diff --git a/released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/service.yaml b/released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/service.yaml new file mode 100644 index 000000000..bf57c1b55 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: gitjob +spec: + ports: + - name: http-80 + port: 80 + protocol: TCP + targetPort: 8080 + selector: + app: "gitjob" \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/serviceaccount.yaml b/released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/serviceaccount.yaml new file mode 100644 index 000000000..5f8aecb04 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.300/charts/gitjob/templates/serviceaccount.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: gitjob diff --git a/released/charts/fleet/fleet/0.3.300/charts/gitjob/values.yaml b/released/charts/fleet/fleet/0.3.300/charts/gitjob/values.yaml new file mode 100644 index 000000000..650f62af2 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.300/charts/gitjob/values.yaml @@ -0,0 +1,17 @@ +gitjob: + repository: rancher/gitjob + tag: v0.1.12 + +tekton: + repository: rancher/tekton-utils + tag: v0.1.1 + +global: + cattle: + systemDefaultRegistry: "" + +# http[s] proxy server +# proxy: http://@:: + +# comma separated list of domains or ip addresses that will not use the proxy +noProxy: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local diff --git a/released/charts/fleet/fleet/0.3.300/templates/_helpers.tpl b/released/charts/fleet/fleet/0.3.300/templates/_helpers.tpl new file mode 100644 index 000000000..f652b5643 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.300/templates/_helpers.tpl @@ -0,0 +1,7 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.300/templates/configmap.yaml b/released/charts/fleet/fleet/0.3.300/templates/configmap.yaml new file mode 100644 index 000000000..c546c4b97 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.300/templates/configmap.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: fleet-controller +data: + config: | + { + "agentImage": "{{ template "system_default_registry" . }}{{.Values.agentImage.repository}}:{{.Values.agentImage.tag}}", + "agentImagePullPolicy": "{{ .Values.agentImage.imagePullPolicy }}", + "apiServerURL": "{{.Values.apiServerURL}}", + "apiServerCA": "{{b64enc .Values.apiServerCA}}", + "agentCheckinInterval": "{{.Values.agentCheckinInterval}}", + "ignoreClusterRegistrationLabels": {{.Values.ignoreClusterRegistrationLabels}}, + "bootstrap": { + "paths": "{{.Values.bootstrap.paths}}", + "repo": "{{.Values.bootstrap.repo}}", + "secret": "{{.Values.bootstrap.secret}}", + "branch": "{{.Values.bootstrap.branch}}", + "namespace": "{{.Values.bootstrap.namespace}}", + }, + "webhookReceiverURL": "{{.Values.webhookReceiverURL}}", + "githubURLPrefix": "{{.Values.githubURLPrefix}}" + } diff --git a/released/charts/fleet/fleet/0.3.300/templates/deployment.yaml b/released/charts/fleet/fleet/0.3.300/templates/deployment.yaml new file mode 100644 index 000000000..25c505ad8 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.300/templates/deployment.yaml @@ -0,0 +1,23 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: fleet-controller +spec: + selector: + matchLabels: + app: fleet-controller + template: + metadata: + labels: + app: fleet-controller + spec: + containers: + - env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' + name: fleet-controller + imagePullPolicy: "{{ .Values.image.imagePullPolicy }}" + serviceAccountName: fleet-controller diff --git a/released/charts/fleet/fleet/0.3.300/templates/rbac.yaml b/released/charts/fleet/fleet/0.3.300/templates/rbac.yaml new file mode 100644 index 000000000..59df51b1f --- /dev/null +++ b/released/charts/fleet/fleet/0.3.300/templates/rbac.yaml @@ -0,0 +1,106 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: fleet-controller +rules: +- apiGroups: + - gitjob.cattle.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - fleet.cattle.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - "" + resources: + - namespaces + - serviceaccounts + verbs: + - '*' +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + - roles + - rolebindings + verbs: + - '*' + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: fleet-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fleet-controller +subjects: +- kind: ServiceAccount + name: fleet-controller + namespace: {{.Release.Namespace}} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: fleet-controller +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - '*' + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: fleet-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: fleet-controller +subjects: +- kind: ServiceAccount + name: fleet-controller + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: fleet-controller-bootstrap +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: fleet-controller-bootstrap +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fleet-controller-bootstrap +subjects: +- kind: ServiceAccount + name: fleet-controller-bootstrap + namespace: {{.Release.Namespace}} diff --git a/released/charts/fleet/fleet/0.3.300/templates/serviceaccount.yaml b/released/charts/fleet/fleet/0.3.300/templates/serviceaccount.yaml new file mode 100644 index 000000000..bd99d9958 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.300/templates/serviceaccount.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fleet-controller + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fleet-controller-bootstrap diff --git a/released/charts/fleet/fleet/0.3.300/values.yaml b/released/charts/fleet/fleet/0.3.300/values.yaml new file mode 100644 index 000000000..36af75dc9 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.300/values.yaml @@ -0,0 +1,38 @@ +image: + repository: rancher/fleet + tag: v0.3.3 + imagePullPolicy: IfNotPresent + +agentImage: + repository: rancher/fleet-agent + tag: v0.3.3 + imagePullPolicy: IfNotPresent + +# For cluster registration the public URL of the Kubernetes API server must be set here +# Example: https://example.com:6443 +apiServerURL: "" + +# For cluster registration the pem encoded value of the CA of the Kubernetes API server must be set here +# If left empty it is assumed this Kubernetes API TLS is signed by a well known CA. +apiServerCA: "" + +# A duration string for how often agents should report a heartbeat +agentCheckinInterval: "15m" + +# Whether you want to allow cluster upon registration to specify their labels. +ignoreClusterRegistrationLabels: false + +bootstrap: + # The namespace that will be autocreated and the local cluster will be registered in + namespace: fleet-local + # A repo to add at install time that will deploy to the local cluster. This allows + # one to fully bootstrap fleet, it's configuration and all it's downstream clusters + # in one shot. + repo: "" + secret: "" + branch: master + paths: "" + +global: + cattle: + systemDefaultRegistry: "" \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.400/Chart.yaml b/released/charts/fleet/fleet/0.3.400/Chart.yaml new file mode 100755 index 000000000..b62e294de --- /dev/null +++ b/released/charts/fleet/fleet/0.3.400/Chart.yaml @@ -0,0 +1,15 @@ +annotations: + catalog.cattle.io/auto-install: fleet-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/experimental: "true" + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: fleet-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 + catalog.cattle.io/release-name: fleet +apiVersion: v2 +appVersion: 0.3.4 +description: Fleet Manager - GitOps at Scale +icon: https://charts.rancher.io/assets/logos/fleet.svg +name: fleet +version: 0.3.400 diff --git a/released/charts/fleet/fleet/0.3.400/charts/gitjob/.helmignore b/released/charts/fleet/fleet/0.3.400/charts/gitjob/.helmignore new file mode 100755 index 000000000..691fa13d6 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.400/charts/gitjob/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.400/charts/gitjob/Chart.yaml b/released/charts/fleet/fleet/0.3.400/charts/gitjob/Chart.yaml new file mode 100755 index 000000000..5724324d7 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.400/charts/gitjob/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v2 +appVersion: 0.1.13 +description: Controller that run jobs based on git events +name: gitjob +version: 0.1.13 diff --git a/released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/_helpers.tpl b/released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/_helpers.tpl new file mode 100755 index 000000000..f652b5643 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/_helpers.tpl @@ -0,0 +1,7 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/clusterrole.yaml b/released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/clusterrole.yaml new file mode 100755 index 000000000..bcad90164 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/clusterrole.yaml @@ -0,0 +1,38 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: gitjob +rules: + - apiGroups: + - "batch" + resources: + - 'jobs' + verbs: + - '*' + - apiGroups: + - "" + resources: + - 'pods' + verbs: + - 'list' + - 'get' + - 'watch' + - apiGroups: + - "" + resources: + - 'secrets' + verbs: + - '*' + - apiGroups: + - "" + resources: + - 'configmaps' + verbs: + - '*' + - apiGroups: + - "gitjob.cattle.io" + resources: + - "gitjobs" + - "gitjobs/status" + verbs: + - "*" \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/clusterrolebinding.yaml b/released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..0bf07c4ef --- /dev/null +++ b/released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: gitjob-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: gitjob +subjects: + - kind: ServiceAccount + name: gitjob + namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/deployment.yaml b/released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/deployment.yaml new file mode 100755 index 000000000..a12a30d92 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/deployment.yaml @@ -0,0 +1,42 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gitjob +spec: + selector: + matchLabels: + app: "gitjob" + template: + metadata: + labels: + app: "gitjob" + spec: + serviceAccountName: gitjob + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.gitjob.repository }}:{{ .Values.gitjob.tag }}" + name: gitjob + command: + - gitjob + - --tekton-image + - "{{ template "system_default_registry" . }}{{ .Values.tekton.repository }}:{{ .Values.tekton.tag }}" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- if .Values.proxy }} + - name: HTTP_PROXY + value: {{ .Values.proxy }} + - name: HTTPS_PROXY + value: {{ .Values.proxy }} + - name: NO_PROXY + value: {{ .Values.noProxy }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/service.yaml b/released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/service.yaml new file mode 100755 index 000000000..bf57c1b55 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: gitjob +spec: + ports: + - name: http-80 + port: 80 + protocol: TCP + targetPort: 8080 + selector: + app: "gitjob" \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/serviceaccount.yaml b/released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/serviceaccount.yaml new file mode 100755 index 000000000..5f8aecb04 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.400/charts/gitjob/templates/serviceaccount.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: gitjob diff --git a/released/charts/fleet/fleet/0.3.400/charts/gitjob/values.yaml b/released/charts/fleet/fleet/0.3.400/charts/gitjob/values.yaml new file mode 100755 index 000000000..051e88b83 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.400/charts/gitjob/values.yaml @@ -0,0 +1,26 @@ +gitjob: + repository: rancher/gitjob + tag: v0.1.13 + +tekton: + repository: rancher/tekton-utils + tag: v0.1.1 + +global: + cattle: + systemDefaultRegistry: "" + +# http[s] proxy server +# proxy: http://@:: + +# comma separated list of domains or ip addresses that will not use the proxy +noProxy: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local + +nodeSelector: + kubernetes.io/os: linux + +tolerations: + - key: cattle.io/os + operator: "Equal" + value: "linux" + effect: NoSchedule diff --git a/released/charts/fleet/fleet/0.3.400/templates/_helpers.tpl b/released/charts/fleet/fleet/0.3.400/templates/_helpers.tpl new file mode 100755 index 000000000..f652b5643 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.400/templates/_helpers.tpl @@ -0,0 +1,7 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.400/templates/configmap.yaml b/released/charts/fleet/fleet/0.3.400/templates/configmap.yaml new file mode 100755 index 000000000..c546c4b97 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.400/templates/configmap.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: fleet-controller +data: + config: | + { + "agentImage": "{{ template "system_default_registry" . }}{{.Values.agentImage.repository}}:{{.Values.agentImage.tag}}", + "agentImagePullPolicy": "{{ .Values.agentImage.imagePullPolicy }}", + "apiServerURL": "{{.Values.apiServerURL}}", + "apiServerCA": "{{b64enc .Values.apiServerCA}}", + "agentCheckinInterval": "{{.Values.agentCheckinInterval}}", + "ignoreClusterRegistrationLabels": {{.Values.ignoreClusterRegistrationLabels}}, + "bootstrap": { + "paths": "{{.Values.bootstrap.paths}}", + "repo": "{{.Values.bootstrap.repo}}", + "secret": "{{.Values.bootstrap.secret}}", + "branch": "{{.Values.bootstrap.branch}}", + "namespace": "{{.Values.bootstrap.namespace}}", + }, + "webhookReceiverURL": "{{.Values.webhookReceiverURL}}", + "githubURLPrefix": "{{.Values.githubURLPrefix}}" + } diff --git a/released/charts/fleet/fleet/0.3.400/templates/deployment.yaml b/released/charts/fleet/fleet/0.3.400/templates/deployment.yaml new file mode 100755 index 000000000..c64f94ddb --- /dev/null +++ b/released/charts/fleet/fleet/0.3.400/templates/deployment.yaml @@ -0,0 +1,31 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: fleet-controller +spec: + selector: + matchLabels: + app: fleet-controller + template: + metadata: + labels: + app: fleet-controller + spec: + containers: + - env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' + name: fleet-controller + imagePullPolicy: "{{ .Values.image.imagePullPolicy }}" + serviceAccountName: fleet-controller + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/released/charts/fleet/fleet/0.3.400/templates/rbac.yaml b/released/charts/fleet/fleet/0.3.400/templates/rbac.yaml new file mode 100755 index 000000000..59df51b1f --- /dev/null +++ b/released/charts/fleet/fleet/0.3.400/templates/rbac.yaml @@ -0,0 +1,106 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: fleet-controller +rules: +- apiGroups: + - gitjob.cattle.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - fleet.cattle.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - "" + resources: + - namespaces + - serviceaccounts + verbs: + - '*' +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + - roles + - rolebindings + verbs: + - '*' + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: fleet-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fleet-controller +subjects: +- kind: ServiceAccount + name: fleet-controller + namespace: {{.Release.Namespace}} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: fleet-controller +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - '*' + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: fleet-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: fleet-controller +subjects: +- kind: ServiceAccount + name: fleet-controller + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: fleet-controller-bootstrap +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: fleet-controller-bootstrap +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fleet-controller-bootstrap +subjects: +- kind: ServiceAccount + name: fleet-controller-bootstrap + namespace: {{.Release.Namespace}} diff --git a/released/charts/fleet/fleet/0.3.400/templates/serviceaccount.yaml b/released/charts/fleet/fleet/0.3.400/templates/serviceaccount.yaml new file mode 100755 index 000000000..bd99d9958 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.400/templates/serviceaccount.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fleet-controller + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fleet-controller-bootstrap diff --git a/released/charts/fleet/fleet/0.3.400/values.yaml b/released/charts/fleet/fleet/0.3.400/values.yaml new file mode 100755 index 000000000..726f35877 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.400/values.yaml @@ -0,0 +1,47 @@ +image: + repository: rancher/fleet + tag: v0.3.4 + imagePullPolicy: IfNotPresent + +agentImage: + repository: rancher/fleet-agent + tag: v0.3.4 + imagePullPolicy: IfNotPresent + +# For cluster registration the public URL of the Kubernetes API server must be set here +# Example: https://example.com:6443 +apiServerURL: "" + +# For cluster registration the pem encoded value of the CA of the Kubernetes API server must be set here +# If left empty it is assumed this Kubernetes API TLS is signed by a well known CA. +apiServerCA: "" + +# A duration string for how often agents should report a heartbeat +agentCheckinInterval: "15m" + +# Whether you want to allow cluster upon registration to specify their labels. +ignoreClusterRegistrationLabels: false + +bootstrap: + # The namespace that will be autocreated and the local cluster will be registered in + namespace: fleet-local + # A repo to add at install time that will deploy to the local cluster. This allows + # one to fully bootstrap fleet, it's configuration and all it's downstream clusters + # in one shot. + repo: "" + secret: "" + branch: master + paths: "" + +global: + cattle: + systemDefaultRegistry: "" + +nodeSelector: + kubernetes.io/os: linux + +tolerations: + - key: cattle.io/os + operator: "Equal" + value: "linux" + effect: NoSchedule \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.500/Chart.yaml b/released/charts/fleet/fleet/0.3.500/Chart.yaml new file mode 100755 index 000000000..6ab92a3d4 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.500/Chart.yaml @@ -0,0 +1,15 @@ +annotations: + catalog.cattle.io/auto-install: fleet-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/experimental: "true" + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: fleet-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 + catalog.cattle.io/release-name: fleet +apiVersion: v2 +appVersion: 0.3.5 +description: Fleet Manager - GitOps at Scale +icon: https://charts.rancher.io/assets/logos/fleet.svg +name: fleet +version: 0.3.500 diff --git a/released/charts/fleet/fleet/0.3.500/charts/gitjob/.helmignore b/released/charts/fleet/fleet/0.3.500/charts/gitjob/.helmignore new file mode 100755 index 000000000..691fa13d6 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.500/charts/gitjob/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.500/charts/gitjob/Chart.yaml b/released/charts/fleet/fleet/0.3.500/charts/gitjob/Chart.yaml new file mode 100755 index 000000000..62e1e0255 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.500/charts/gitjob/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v2 +appVersion: 0.1.15 +description: Controller that run jobs based on git events +name: gitjob +version: 0.1.15 diff --git a/released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/_helpers.tpl b/released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/_helpers.tpl new file mode 100755 index 000000000..f652b5643 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/_helpers.tpl @@ -0,0 +1,7 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/clusterrole.yaml b/released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/clusterrole.yaml new file mode 100755 index 000000000..bcad90164 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/clusterrole.yaml @@ -0,0 +1,38 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: gitjob +rules: + - apiGroups: + - "batch" + resources: + - 'jobs' + verbs: + - '*' + - apiGroups: + - "" + resources: + - 'pods' + verbs: + - 'list' + - 'get' + - 'watch' + - apiGroups: + - "" + resources: + - 'secrets' + verbs: + - '*' + - apiGroups: + - "" + resources: + - 'configmaps' + verbs: + - '*' + - apiGroups: + - "gitjob.cattle.io" + resources: + - "gitjobs" + - "gitjobs/status" + verbs: + - "*" \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/clusterrolebinding.yaml b/released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..0bf07c4ef --- /dev/null +++ b/released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: gitjob-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: gitjob +subjects: + - kind: ServiceAccount + name: gitjob + namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/deployment.yaml b/released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/deployment.yaml new file mode 100755 index 000000000..a12a30d92 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/deployment.yaml @@ -0,0 +1,42 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gitjob +spec: + selector: + matchLabels: + app: "gitjob" + template: + metadata: + labels: + app: "gitjob" + spec: + serviceAccountName: gitjob + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.gitjob.repository }}:{{ .Values.gitjob.tag }}" + name: gitjob + command: + - gitjob + - --tekton-image + - "{{ template "system_default_registry" . }}{{ .Values.tekton.repository }}:{{ .Values.tekton.tag }}" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- if .Values.proxy }} + - name: HTTP_PROXY + value: {{ .Values.proxy }} + - name: HTTPS_PROXY + value: {{ .Values.proxy }} + - name: NO_PROXY + value: {{ .Values.noProxy }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/service.yaml b/released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/service.yaml new file mode 100755 index 000000000..bf57c1b55 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: gitjob +spec: + ports: + - name: http-80 + port: 80 + protocol: TCP + targetPort: 8080 + selector: + app: "gitjob" \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/serviceaccount.yaml b/released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/serviceaccount.yaml new file mode 100755 index 000000000..5f8aecb04 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.500/charts/gitjob/templates/serviceaccount.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: gitjob diff --git a/released/charts/fleet/fleet/0.3.500/charts/gitjob/values.yaml b/released/charts/fleet/fleet/0.3.500/charts/gitjob/values.yaml new file mode 100755 index 000000000..90ca446a9 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.500/charts/gitjob/values.yaml @@ -0,0 +1,26 @@ +gitjob: + repository: rancher/gitjob + tag: v0.1.15 + +tekton: + repository: rancher/tekton-utils + tag: v0.1.1 + +global: + cattle: + systemDefaultRegistry: "" + +# http[s] proxy server +# proxy: http://@:: + +# comma separated list of domains or ip addresses that will not use the proxy +noProxy: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local + +nodeSelector: + kubernetes.io/os: linux + +tolerations: + - key: cattle.io/os + operator: "Equal" + value: "linux" + effect: NoSchedule diff --git a/released/charts/fleet/fleet/0.3.500/templates/_helpers.tpl b/released/charts/fleet/fleet/0.3.500/templates/_helpers.tpl new file mode 100755 index 000000000..f652b5643 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.500/templates/_helpers.tpl @@ -0,0 +1,7 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/released/charts/fleet/fleet/0.3.500/templates/configmap.yaml b/released/charts/fleet/fleet/0.3.500/templates/configmap.yaml new file mode 100755 index 000000000..c546c4b97 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.500/templates/configmap.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: fleet-controller +data: + config: | + { + "agentImage": "{{ template "system_default_registry" . }}{{.Values.agentImage.repository}}:{{.Values.agentImage.tag}}", + "agentImagePullPolicy": "{{ .Values.agentImage.imagePullPolicy }}", + "apiServerURL": "{{.Values.apiServerURL}}", + "apiServerCA": "{{b64enc .Values.apiServerCA}}", + "agentCheckinInterval": "{{.Values.agentCheckinInterval}}", + "ignoreClusterRegistrationLabels": {{.Values.ignoreClusterRegistrationLabels}}, + "bootstrap": { + "paths": "{{.Values.bootstrap.paths}}", + "repo": "{{.Values.bootstrap.repo}}", + "secret": "{{.Values.bootstrap.secret}}", + "branch": "{{.Values.bootstrap.branch}}", + "namespace": "{{.Values.bootstrap.namespace}}", + }, + "webhookReceiverURL": "{{.Values.webhookReceiverURL}}", + "githubURLPrefix": "{{.Values.githubURLPrefix}}" + } diff --git a/released/charts/fleet/fleet/0.3.500/templates/deployment.yaml b/released/charts/fleet/fleet/0.3.500/templates/deployment.yaml new file mode 100755 index 000000000..c64f94ddb --- /dev/null +++ b/released/charts/fleet/fleet/0.3.500/templates/deployment.yaml @@ -0,0 +1,31 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: fleet-controller +spec: + selector: + matchLabels: + app: fleet-controller + template: + metadata: + labels: + app: fleet-controller + spec: + containers: + - env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' + name: fleet-controller + imagePullPolicy: "{{ .Values.image.imagePullPolicy }}" + serviceAccountName: fleet-controller + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/released/charts/fleet/fleet/0.3.500/templates/rbac.yaml b/released/charts/fleet/fleet/0.3.500/templates/rbac.yaml new file mode 100755 index 000000000..59df51b1f --- /dev/null +++ b/released/charts/fleet/fleet/0.3.500/templates/rbac.yaml @@ -0,0 +1,106 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: fleet-controller +rules: +- apiGroups: + - gitjob.cattle.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - fleet.cattle.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - "" + resources: + - namespaces + - serviceaccounts + verbs: + - '*' +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + - roles + - rolebindings + verbs: + - '*' + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: fleet-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fleet-controller +subjects: +- kind: ServiceAccount + name: fleet-controller + namespace: {{.Release.Namespace}} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: fleet-controller +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - '*' + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: fleet-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: fleet-controller +subjects: +- kind: ServiceAccount + name: fleet-controller + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: fleet-controller-bootstrap +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: fleet-controller-bootstrap +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fleet-controller-bootstrap +subjects: +- kind: ServiceAccount + name: fleet-controller-bootstrap + namespace: {{.Release.Namespace}} diff --git a/released/charts/fleet/fleet/0.3.500/templates/serviceaccount.yaml b/released/charts/fleet/fleet/0.3.500/templates/serviceaccount.yaml new file mode 100755 index 000000000..bd99d9958 --- /dev/null +++ b/released/charts/fleet/fleet/0.3.500/templates/serviceaccount.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fleet-controller + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fleet-controller-bootstrap diff --git a/released/charts/fleet/fleet/0.3.500/values.yaml b/released/charts/fleet/fleet/0.3.500/values.yaml new file mode 100755 index 000000000..d81363b8f --- /dev/null +++ b/released/charts/fleet/fleet/0.3.500/values.yaml @@ -0,0 +1,47 @@ +image: + repository: rancher/fleet + tag: v0.3.5-rc5 + imagePullPolicy: IfNotPresent + +agentImage: + repository: rancher/fleet-agent + tag: v0.3.5-rc5 + imagePullPolicy: IfNotPresent + +# For cluster registration the public URL of the Kubernetes API server must be set here +# Example: https://example.com:6443 +apiServerURL: "" + +# For cluster registration the pem encoded value of the CA of the Kubernetes API server must be set here +# If left empty it is assumed this Kubernetes API TLS is signed by a well known CA. +apiServerCA: "" + +# A duration string for how often agents should report a heartbeat +agentCheckinInterval: "15m" + +# Whether you want to allow cluster upon registration to specify their labels. +ignoreClusterRegistrationLabels: false + +bootstrap: + # The namespace that will be autocreated and the local cluster will be registered in + namespace: fleet-local + # A repo to add at install time that will deploy to the local cluster. This allows + # one to fully bootstrap fleet, it's configuration and all it's downstream clusters + # in one shot. + repo: "" + secret: "" + branch: master + paths: "" + +global: + cattle: + systemDefaultRegistry: "" + +nodeSelector: + kubernetes.io/os: linux + +tolerations: + - key: cattle.io/os + operator: "Equal" + value: "linux" + effect: NoSchedule \ No newline at end of file diff --git a/released/charts/longhorn/longhorn-crd/1.0.200/Chart.yaml b/released/charts/longhorn/longhorn-crd/1.0.200/Chart.yaml new file mode 100644 index 000000000..7dc68d42b --- /dev/null +++ b/released/charts/longhorn/longhorn-crd/1.0.200/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: longhorn-system + catalog.cattle.io/release-name: longhorn-crd +apiVersion: v1 +description: Installs the CRDs for longhorn. +name: longhorn-crd +type: application +version: 1.0.200 diff --git a/released/charts/longhorn/longhorn-crd/1.0.200/README.md b/released/charts/longhorn/longhorn-crd/1.0.200/README.md new file mode 100644 index 000000000..3db83649d --- /dev/null +++ b/released/charts/longhorn/longhorn-crd/1.0.200/README.md @@ -0,0 +1,2 @@ +# longhorn-crd +A Rancher chart that installs the CRDs used by [longhorn](https://github.com/rancher/dev-charts/tree/master/packages/longhorn). diff --git a/released/charts/longhorn/longhorn-crd/1.0.200/templates/crds.yaml b/released/charts/longhorn/longhorn-crd/1.0.200/templates/crds.yaml new file mode 100644 index 000000000..e63cf8c72 --- /dev/null +++ b/released/charts/longhorn/longhorn-crd/1.0.200/templates/crds.yaml @@ -0,0 +1,172 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.0.2 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.0.2 + longhorn-manager: Engine + name: engines.longhorn.io +spec: + group: longhorn.io + names: + kind: Engine + listKind: EngineList + plural: engines + shortNames: + - lhe + singular: engine + scope: Namespaced + version: v1beta1 + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.0.2 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.0.2 + longhorn-manager: Replica + name: replicas.longhorn.io +spec: + group: longhorn.io + names: + kind: Replica + listKind: ReplicaList + plural: replicas + shortNames: + - lhr + singular: replica + scope: Namespaced + version: v1beta1 + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.0.2 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.0.2 + longhorn-manager: Setting + name: settings.longhorn.io +spec: + group: longhorn.io + names: + kind: Setting + listKind: SettingList + plural: settings + shortNames: + - lhs + singular: setting + scope: Namespaced + version: v1beta1 +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.0.2 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.0.2 + longhorn-manager: Volume + name: volumes.longhorn.io +spec: + group: longhorn.io + names: + kind: Volume + listKind: VolumeList + plural: volumes + shortNames: + - lhv + singular: volume + scope: Namespaced + version: v1beta1 + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.0.2 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.0.2 + longhorn-manager: EngineImage + name: engineimages.longhorn.io +spec: + group: longhorn.io + names: + kind: EngineImage + listKind: EngineImageList + plural: engineimages + shortNames: + - lhei + singular: engineimage + scope: Namespaced + version: v1beta1 + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.0.2 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.0.2 + longhorn-manager: Node + name: nodes.longhorn.io +spec: + group: longhorn.io + names: + kind: Node + listKind: NodeList + plural: nodes + shortNames: + - lhn + singular: node + scope: Namespaced + version: v1beta1 + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.0.2 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.0.2 + longhorn-manager: InstanceManager + name: instancemanagers.longhorn.io +spec: + group: longhorn.io + names: + kind: InstanceManager + listKind: InstanceManagerList + plural: instancemanagers + shortNames: + - lhim + singular: instancemanager + scope: Namespaced + version: v1beta1 + subresources: + status: {} diff --git a/released/charts/longhorn/longhorn-crd/1.0.201/Chart.yaml b/released/charts/longhorn/longhorn-crd/1.0.201/Chart.yaml new file mode 100644 index 000000000..ba1c26d89 --- /dev/null +++ b/released/charts/longhorn/longhorn-crd/1.0.201/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: longhorn-system + catalog.cattle.io/release-name: longhorn-crd +apiVersion: v1 +description: Installs the CRDs for longhorn. +name: longhorn-crd +type: application +version: 1.0.201 diff --git a/released/charts/longhorn/longhorn-crd/1.0.201/README.md b/released/charts/longhorn/longhorn-crd/1.0.201/README.md new file mode 100644 index 000000000..d9f7f14b3 --- /dev/null +++ b/released/charts/longhorn/longhorn-crd/1.0.201/README.md @@ -0,0 +1,2 @@ +# longhorn-crd +A Rancher chart that installs the CRDs used by longhorn. diff --git a/released/charts/longhorn/longhorn-crd/1.0.201/templates/crds.yaml b/released/charts/longhorn/longhorn-crd/1.0.201/templates/crds.yaml new file mode 100644 index 000000000..e63cf8c72 --- /dev/null +++ b/released/charts/longhorn/longhorn-crd/1.0.201/templates/crds.yaml @@ -0,0 +1,172 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.0.2 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.0.2 + longhorn-manager: Engine + name: engines.longhorn.io +spec: + group: longhorn.io + names: + kind: Engine + listKind: EngineList + plural: engines + shortNames: + - lhe + singular: engine + scope: Namespaced + version: v1beta1 + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.0.2 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.0.2 + longhorn-manager: Replica + name: replicas.longhorn.io +spec: + group: longhorn.io + names: + kind: Replica + listKind: ReplicaList + plural: replicas + shortNames: + - lhr + singular: replica + scope: Namespaced + version: v1beta1 + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.0.2 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.0.2 + longhorn-manager: Setting + name: settings.longhorn.io +spec: + group: longhorn.io + names: + kind: Setting + listKind: SettingList + plural: settings + shortNames: + - lhs + singular: setting + scope: Namespaced + version: v1beta1 +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.0.2 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.0.2 + longhorn-manager: Volume + name: volumes.longhorn.io +spec: + group: longhorn.io + names: + kind: Volume + listKind: VolumeList + plural: volumes + shortNames: + - lhv + singular: volume + scope: Namespaced + version: v1beta1 + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.0.2 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.0.2 + longhorn-manager: EngineImage + name: engineimages.longhorn.io +spec: + group: longhorn.io + names: + kind: EngineImage + listKind: EngineImageList + plural: engineimages + shortNames: + - lhei + singular: engineimage + scope: Namespaced + version: v1beta1 + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.0.2 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.0.2 + longhorn-manager: Node + name: nodes.longhorn.io +spec: + group: longhorn.io + names: + kind: Node + listKind: NodeList + plural: nodes + shortNames: + - lhn + singular: node + scope: Namespaced + version: v1beta1 + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.0.2 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.0.2 + longhorn-manager: InstanceManager + name: instancemanagers.longhorn.io +spec: + group: longhorn.io + names: + kind: InstanceManager + listKind: InstanceManagerList + plural: instancemanagers + shortNames: + - lhim + singular: instancemanager + scope: Namespaced + version: v1beta1 + subresources: + status: {} diff --git a/released/charts/longhorn/longhorn-crd/1.1.000/Chart.yaml b/released/charts/longhorn/longhorn-crd/1.1.000/Chart.yaml new file mode 100644 index 000000000..b9dba3761 --- /dev/null +++ b/released/charts/longhorn/longhorn-crd/1.1.000/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: longhorn-system + catalog.cattle.io/release-name: longhorn-crd +apiVersion: v1 +description: Installs the CRDs for longhorn. +name: longhorn-crd +type: application +version: 1.1.000 diff --git a/released/charts/longhorn/longhorn-crd/1.1.000/README.md b/released/charts/longhorn/longhorn-crd/1.1.000/README.md new file mode 100644 index 000000000..d9f7f14b3 --- /dev/null +++ b/released/charts/longhorn/longhorn-crd/1.1.000/README.md @@ -0,0 +1,2 @@ +# longhorn-crd +A Rancher chart that installs the CRDs used by longhorn. diff --git a/released/charts/longhorn/longhorn-crd/1.1.000/templates/crds.yaml b/released/charts/longhorn/longhorn-crd/1.1.000/templates/crds.yaml new file mode 100644 index 000000000..836264585 --- /dev/null +++ b/released/charts/longhorn/longhorn-crd/1.1.000/templates/crds.yaml @@ -0,0 +1,420 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.0 + longhorn-manager: Engine + name: engines.longhorn.io +spec: + group: longhorn.io + names: + kind: Engine + listKind: EngineList + plural: engines + shortNames: + - lhe + singular: engine + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: The current state of the engine + jsonPath: .status.currentState + - name: Node + type: string + description: The node that the engine is on + jsonPath: .spec.nodeID + - name: InstanceManager + type: string + description: The instance manager of the engine + jsonPath: .status.instanceManagerName + - name: Image + type: string + description: The current image of the engine + jsonPath: .status.currentImage + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.0 + longhorn-manager: Replica + name: replicas.longhorn.io +spec: + group: longhorn.io + names: + kind: Replica + listKind: ReplicaList + plural: replicas + shortNames: + - lhr + singular: replica + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: The current state of the replica + jsonPath: .status.currentState + - name: Node + type: string + description: The node that the replica is on + jsonPath: .spec.nodeID + - name: Disk + type: string + description: The disk that the replica is on + jsonPath: .spec.diskID + - name: InstanceManager + type: string + description: The instance manager of the replica + jsonPath: .status.instanceManagerName + - name: Image + type: string + description: The current image of the replica + jsonPath: .status.currentImage + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.0 + longhorn-manager: Setting + name: settings.longhorn.io +spec: + group: longhorn.io + names: + kind: Setting + listKind: SettingList + plural: settings + shortNames: + - lhs + singular: setting + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Value + type: string + description: The value of the setting + jsonPath: .value + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.0 + longhorn-manager: Volume + name: volumes.longhorn.io +spec: + group: longhorn.io + names: + kind: Volume + listKind: VolumeList + plural: volumes + shortNames: + - lhv + singular: volume + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: The state of the volume + jsonPath: .status.state + - name: Robustness + type: string + description: The robustness of the volume + jsonPath: .status.robustness + - name: Scheduled + type: string + description: The scheduled condition of the volume + jsonPath: .status.conditions['scheduled']['status'] + - name: Size + type: string + description: The size of the volume + jsonPath: .spec.size + - name: Node + type: string + description: The node that the volume is currently attaching to + jsonPath: .status.currentNodeID + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.0 + longhorn-manager: EngineImage + name: engineimages.longhorn.io +spec: + group: longhorn.io + names: + kind: EngineImage + listKind: EngineImageList + plural: engineimages + shortNames: + - lhei + singular: engineimage + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: State of the engine image + jsonPath: .status.state + - name: Image + type: string + description: The Longhorn engine image + jsonPath: .spec.image + - name: RefCount + type: integer + description: Number of volumes are using the engine image + jsonPath: .status.refCount + - name: BuildDate + type: date + description: The build date of the engine image + jsonPath: .status.buildDate + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.0 + longhorn-manager: Node + name: nodes.longhorn.io +spec: + group: longhorn.io + names: + kind: Node + listKind: NodeList + plural: nodes + shortNames: + - lhn + singular: node + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: Ready + type: string + description: Indicate whether the node is ready + jsonPath: .status.conditions['Ready']['status'] + - name: AllowScheduling + type: boolean + description: Indicate whether the user disabled/enabled replica scheduling for the node + jsonPath: .spec.allowScheduling + - name: Schedulable + type: string + description: Indicate whether Longhorn can schedule replicas on the node + jsonPath: .status.conditions['Schedulable']['status'] + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.0 + longhorn-manager: InstanceManager + name: instancemanagers.longhorn.io +spec: + group: longhorn.io + names: + kind: InstanceManager + listKind: InstanceManagerList + plural: instancemanagers + shortNames: + - lhim + singular: instancemanager + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: The state of the instance manager + jsonPath: .status.currentState + - name: Type + type: string + description: The type of the instance manager (engine or replica) + jsonPath: .spec.type + - name: Node + type: string + description: The node that the instance manager is running on + jsonPath: .spec.nodeID + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.0 + longhorn-manager: ShareManager + name: sharemanagers.longhorn.io +spec: + group: longhorn.io + names: + kind: ShareManager + listKind: ShareManagerList + plural: sharemanagers + shortNames: + - lhsm + singular: sharemanager + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: The state of the share manager + jsonPath: .status.state + - name: Node + type: string + description: The node that the share manager is owned by + jsonPath: .status.ownerID + - name: Age + type: date + jsonPath: .metadata.creationTimestamp diff --git a/released/charts/longhorn/longhorn-crd/1.1.001/Chart.yaml b/released/charts/longhorn/longhorn-crd/1.1.001/Chart.yaml new file mode 100755 index 000000000..2ce321e37 --- /dev/null +++ b/released/charts/longhorn/longhorn-crd/1.1.001/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: longhorn-system + catalog.cattle.io/release-name: longhorn-crd +apiVersion: v1 +description: Installs the CRDs for longhorn. +name: longhorn-crd +type: application +version: 1.1.001 diff --git a/released/charts/longhorn/longhorn-crd/1.1.001/README.md b/released/charts/longhorn/longhorn-crd/1.1.001/README.md new file mode 100755 index 000000000..d9f7f14b3 --- /dev/null +++ b/released/charts/longhorn/longhorn-crd/1.1.001/README.md @@ -0,0 +1,2 @@ +# longhorn-crd +A Rancher chart that installs the CRDs used by longhorn. diff --git a/released/charts/longhorn/longhorn-crd/1.1.001/templates/crds.yaml b/released/charts/longhorn/longhorn-crd/1.1.001/templates/crds.yaml new file mode 100755 index 000000000..836264585 --- /dev/null +++ b/released/charts/longhorn/longhorn-crd/1.1.001/templates/crds.yaml @@ -0,0 +1,420 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.0 + longhorn-manager: Engine + name: engines.longhorn.io +spec: + group: longhorn.io + names: + kind: Engine + listKind: EngineList + plural: engines + shortNames: + - lhe + singular: engine + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: The current state of the engine + jsonPath: .status.currentState + - name: Node + type: string + description: The node that the engine is on + jsonPath: .spec.nodeID + - name: InstanceManager + type: string + description: The instance manager of the engine + jsonPath: .status.instanceManagerName + - name: Image + type: string + description: The current image of the engine + jsonPath: .status.currentImage + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.0 + longhorn-manager: Replica + name: replicas.longhorn.io +spec: + group: longhorn.io + names: + kind: Replica + listKind: ReplicaList + plural: replicas + shortNames: + - lhr + singular: replica + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: The current state of the replica + jsonPath: .status.currentState + - name: Node + type: string + description: The node that the replica is on + jsonPath: .spec.nodeID + - name: Disk + type: string + description: The disk that the replica is on + jsonPath: .spec.diskID + - name: InstanceManager + type: string + description: The instance manager of the replica + jsonPath: .status.instanceManagerName + - name: Image + type: string + description: The current image of the replica + jsonPath: .status.currentImage + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.0 + longhorn-manager: Setting + name: settings.longhorn.io +spec: + group: longhorn.io + names: + kind: Setting + listKind: SettingList + plural: settings + shortNames: + - lhs + singular: setting + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Value + type: string + description: The value of the setting + jsonPath: .value + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.0 + longhorn-manager: Volume + name: volumes.longhorn.io +spec: + group: longhorn.io + names: + kind: Volume + listKind: VolumeList + plural: volumes + shortNames: + - lhv + singular: volume + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: The state of the volume + jsonPath: .status.state + - name: Robustness + type: string + description: The robustness of the volume + jsonPath: .status.robustness + - name: Scheduled + type: string + description: The scheduled condition of the volume + jsonPath: .status.conditions['scheduled']['status'] + - name: Size + type: string + description: The size of the volume + jsonPath: .spec.size + - name: Node + type: string + description: The node that the volume is currently attaching to + jsonPath: .status.currentNodeID + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.0 + longhorn-manager: EngineImage + name: engineimages.longhorn.io +spec: + group: longhorn.io + names: + kind: EngineImage + listKind: EngineImageList + plural: engineimages + shortNames: + - lhei + singular: engineimage + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: State of the engine image + jsonPath: .status.state + - name: Image + type: string + description: The Longhorn engine image + jsonPath: .spec.image + - name: RefCount + type: integer + description: Number of volumes are using the engine image + jsonPath: .status.refCount + - name: BuildDate + type: date + description: The build date of the engine image + jsonPath: .status.buildDate + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.0 + longhorn-manager: Node + name: nodes.longhorn.io +spec: + group: longhorn.io + names: + kind: Node + listKind: NodeList + plural: nodes + shortNames: + - lhn + singular: node + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: Ready + type: string + description: Indicate whether the node is ready + jsonPath: .status.conditions['Ready']['status'] + - name: AllowScheduling + type: boolean + description: Indicate whether the user disabled/enabled replica scheduling for the node + jsonPath: .spec.allowScheduling + - name: Schedulable + type: string + description: Indicate whether Longhorn can schedule replicas on the node + jsonPath: .status.conditions['Schedulable']['status'] + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.0 + longhorn-manager: InstanceManager + name: instancemanagers.longhorn.io +spec: + group: longhorn.io + names: + kind: InstanceManager + listKind: InstanceManagerList + plural: instancemanagers + shortNames: + - lhim + singular: instancemanager + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: The state of the instance manager + jsonPath: .status.currentState + - name: Type + type: string + description: The type of the instance manager (engine or replica) + jsonPath: .spec.type + - name: Node + type: string + description: The node that the instance manager is running on + jsonPath: .spec.nodeID + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.0 + longhorn-manager: ShareManager + name: sharemanagers.longhorn.io +spec: + group: longhorn.io + names: + kind: ShareManager + listKind: ShareManagerList + plural: sharemanagers + shortNames: + - lhsm + singular: sharemanager + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: The state of the share manager + jsonPath: .status.state + - name: Node + type: string + description: The node that the share manager is owned by + jsonPath: .status.ownerID + - name: Age + type: date + jsonPath: .metadata.creationTimestamp diff --git a/released/charts/longhorn/longhorn/1.0.200/.helmignore b/released/charts/longhorn/longhorn/1.0.200/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/released/charts/longhorn/longhorn/1.0.200/Chart.yaml b/released/charts/longhorn/longhorn/1.0.200/Chart.yaml new file mode 100644 index 000000000..915d207db --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/Chart.yaml @@ -0,0 +1,35 @@ +annotations: + catalog.cattle.io/auto-install: longhorn-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/namespace: longhorn-system + catalog.cattle.io/provides-gvr: longhorn.io/v1beta1 + catalog.cattle.io/release-name: longhorn + catalog.cattle.io/ui-component: longhorn + catalog.cattle.io/os: linux +apiVersion: v1 +appVersion: v1.0.2 +description: Longhorn is a distributed block storage system for Kubernetes. +home: https://github.com/longhorn/longhorn +icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/longhorn/icon/color/longhorn-icon-color.svg +keywords: +- longhorn +- storage +- distributed +- block +- device +- iscsi +kubeVersion: '>=v1.14.0-r0' +maintainers: +- email: maintainers@longhorn.io + name: Longhorn maintainers +- email: sheng@yasker.org + name: Sheng Yang +name: longhorn +sources: +- https://github.com/longhorn/longhorn +- https://github.com/longhorn/longhorn-engine +- https://github.com/longhorn/longhorn-instance-manager +- https://github.com/longhorn/longhorn-manager +- https://github.com/longhorn/longhorn-ui +- https://github.com/longhorn/longhorn-tests +version: 1.0.200 diff --git a/released/charts/longhorn/longhorn/1.0.200/README.md b/released/charts/longhorn/longhorn/1.0.200/README.md new file mode 100644 index 000000000..068bb5d66 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/README.md @@ -0,0 +1,49 @@ +# Rancher Longhorn Chart + +> **Important**: Please install Longhorn chart in `longhorn-system` namespace only. + +> **Warning**: Longhorn doesn't support downgrading from a higher version to a lower version. + +The following document pertains to running Longhorn from the Rancher 2.0 chart. + +## Source Code + +Longhorn is 100% open source software. Project source code is spread across a number of repos: + +1. Longhorn Engine -- Core controller/replica logic https://github.com/longhorn/longhorn-engine +2. Longhorn Instance Manager -- Controller/replica instance lifecycle management https://github.com/longhorn/longhorn-instance-manager +3. Longhorn Manager -- Longhorn orchestration, includes CSI driver for Kubernetes https://github.com/longhorn/longhorn-manager +4. Longhorn UI -- Dashboard https://github.com/longhorn/longhorn-ui + +## Prerequisites + +1. Rancher v2.1+ +2. Docker v1.13+ +3. Kubernetes v1.14+ +4. Make sure `curl`, `findmnt`, `grep`, `awk` and `blkid` has been installed in all nodes of the Kubernetes cluster. +5. Make sure `open-iscsi` has been installed in all nodes of the Kubernetes cluster. For GKE, recommended Ubuntu as guest OS image since it contains `open-iscsi` already. + +## Uninstallation + +1. To prevent damage to the Kubernetes cluster, we recommend deleting all Kubernetes workloads using Longhorn volumes (PersistentVolume, PersistentVolumeClaim, StorageClass, Deployment, StatefulSet, DaemonSet, etc). + +2. From Rancher UI, navigate to `Catalog Apps` tab and delete Longhorn app. + +## Troubleshooting + +### I deleted the Longhorn App from Rancher UI instead of following the uninstallation procedure + +Redeploy the (same version) Longhorn App. Follow the uninstallation procedure above. + +### Problems with CRDs + +If your CRD instances or the CRDs themselves can't be deleted for whatever reason, run the commands below to clean up. Caution: this will wipe all Longhorn state! + +``` +# Delete CRD instances and definitions +curl -s https://raw.githubusercontent.com/longhorn/longhorn/v0.8.1/scripts/cleanup.sh |bash -s v062 +curl -s https://raw.githubusercontent.com/longhorn/longhorn/v0.8.1/scripts/cleanup.sh |bash -s v070 +``` + +--- +Please see [link](https://github.com/longhorn/longhorn) for more information. diff --git a/released/charts/longhorn/longhorn/1.0.200/app-readme.md b/released/charts/longhorn/longhorn/1.0.200/app-readme.md new file mode 100644 index 000000000..cb23135ca --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/app-readme.md @@ -0,0 +1,11 @@ +# Longhorn + +Longhorn is a lightweight, reliable and easy to use distributed block storage system for Kubernetes. Once deployed, users can leverage persistent volumes provided by Longhorn. + +Longhorn creates a dedicated storage controller for each volume and synchronously replicates the volume across multiple replicas stored on multiple nodes. The storage controller and replicas are themselves orchestrated using Kubernetes. Longhorn supports snapshots, backups and even allows you to schedule recurring snapshots and backups! + +**Important**: Please install Longhorn chart in `longhorn-system` namespace only. + +**Warning**: Longhorn doesn't support downgrading from a higher version to a lower version. + +[Chart Documentation](https://github.com/longhorn/longhorn/blob/master/chart/README.md) diff --git a/released/charts/longhorn/longhorn/1.0.200/questions.yml b/released/charts/longhorn/longhorn/1.0.200/questions.yml new file mode 100644 index 000000000..26566901f --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/questions.yml @@ -0,0 +1,346 @@ +categories: +- storage +namespace: longhorn-system +questions: +- variable: image.defaultImage + default: "true" + description: "Use default Longhorn images" + label: Use Default Images + type: boolean + show_subquestion_if: false + group: "Longhorn Images" + subquestions: + - variable: image.longhorn.manager.repository + default: longhornio/longhorn-manager + description: "Specify Longhorn Manager Image Repository" + type: string + label: Longhorn Manager Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.manager.tag + default: v1.0.2 + description: "Specify Longhorn Manager Image Tag" + type: string + label: Longhorn Manager Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.engine.repository + default: longhornio/longhorn-engine + description: "Specify Longhorn Engine Image Repository" + type: string + label: Longhorn Engine Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.engine.tag + default: v1.0.2 + description: "Specify Longhorn Engine Image Tag" + type: string + label: Longhorn Engine Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.ui.repository + default: longhornio/longhorn-ui + description: "Specify Longhorn UI Image Repository" + type: string + label: Longhorn UI Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.ui.tag + default: v1.0.2 + description: "Specify Longhorn UI Image Tag" + type: string + label: Longhorn UI Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.instanceManager.repository + default: longhornio/longhorn-instance-manager + description: "Specify Longhorn Instance Manager Image Repository" + type: string + label: Longhorn Instance Manager Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.instanceManager.tag + default: v1_20200514 + description: "Specify Longhorn Instance Manager Image Tag" + type: string + label: Longhorn Instance Manager Image Tag + group: "Longhorn Images Settings" + - variable: image.csi.attacher.repository + default: longhornio/csi-attacher + description: "Specify CSI attacher image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Attacher Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.attacher.tag + default: v2.0.0 + description: "Specify CSI attacher image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Attacher Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.provisioner.repository + default: longhornio/csi-provisioner + description: "Specify CSI provisioner image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Provisioner Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.provisioner.tag + default: v1.4.0 + description: "Specify CSI provisioner image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Provisioner Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.nodeDriverRegistrar.repository + default: longhornio/csi-node-driver-registrar + description: "Specify CSI Node Driver Registrar image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Node Driver Registrar Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.nodeDriverRegistrar.tag + default: v1.2.0 + description: "Specify CSI Node Driver Registrar image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Node Driver Registrar Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.resizer.repository + default: longhornio/csi-resizer + description: "Specify CSI Driver Resizer image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Driver Resizer Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.resizer.tag + default: v0.3.0 + description: "Specify CSI Driver Resizer image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Driver Resizer Image Tag + group: "Longhorn CSI Driver Images" +- variable: privateRegistry.registryUrl + label: Private registry URL + description: "URL of private registry" + group: "Private Registry Settings" + type: string + default: "" +- variable: privateRegistry.registryUser + label: Private registry user + description: "User used to authenticate to private registry" + group: "Private Registry Settings" + type: string + default: "" +- variable: privateRegistry.registryPasswd + label: Private registry password + description: "Password used to authenticate to private registry" + group: "Private Registry Settings" + type: password + default: "" +- variable: longhorn.default_setting + default: "false" + description: "Customize the default settings before installing Longhorn for the first time. This option will only work if the cluster hasn't installed Longhorn." + label: "Customize Default Settings" + type: boolean + show_subquestion_if: true + group: "Longhorn Default Settings" + subquestions: + - variable: defaultSettings.registrySecret + label: Private registry secret + description: "The Kubernetes Secret name" + group: "Longhorn Default Settings" + type: string + default: "" + - variable: csi.kubeletRootDir + default: + description: "Specify kubelet root-dir. Leave blank to autodetect." + type: string + label: Kubelet Root Directory + group: "Longhorn CSI Driver Settings" + - variable: csi.attacherReplicaCount + type: int + default: + min: 1 + max: 10 + description: "Specify replica count of CSI Attacher. By default 3." + label: Longhorn CSI Attacher replica count + group: "Longhorn CSI Driver Settings" + - variable: csi.provisionerReplicaCount + type: int + default: + min: 1 + max: 10 + description: "Specify replica count of CSI Provisioner. By default 3." + label: Longhorn CSI Provisioner replica count + group: "Longhorn CSI Driver Settings" + - variable: persistence.defaultClass + default: "true" + description: "Set as default StorageClass" + group: "Longhorn CSI Driver Settings" + type: boolean + required: true + label: Default Storage Class + - variable: persistence.defaultClassReplicaCount + description: "Set replica count for default StorageClass" + group: "Longhorn CSI Driver Settings" + type: int + default: 3 + min: 1 + max: 10 + label: Default Storage Class Replica Count + - variable: defaultSettings.backupTarget + label: Backup Target + description: "The endpoint used to access the backupstore. NFS and S3 are supported." + group: "Longhorn Default Settings" + type: string + default: + - variable: defaultSettings.backupTargetCredentialSecret + label: Backup Target Credential Secret + description: "The name of the Kubernetes secret associated with the backup target." + group: "Longhorn Default Settings" + type: string + default: + - variable: defaultSettings.createDefaultDiskLabeledNodes + label: Create Default Disk on Labeled Nodes + description: 'Create default Disk automatically only on Nodes with the label "node.longhorn.io/create-default-disk=true" if no other disks exist. If disabled, the default disk will be created on all new nodes when each node is first added.' + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.defaultDataPath + label: Default Data Path + description: 'Default path to use for storing data on a host. By default "/var/lib/longhorn/"' + group: "Longhorn Default Settings" + type: string + default: "/var/lib/longhorn/" + - variable: defaultSettings.replicaSoftAntiAffinity + label: Replica Node Level Soft Anti-Affinity + description: 'Allow scheduling on nodes with existing healthy replicas of the same volume. By default false.' + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.storageOverProvisioningPercentage + label: Storage Over Provisioning Percentage + description: "The over-provisioning percentage defines how much storage can be allocated relative to the hard drive's capacity. By default 200." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 200 + - variable: defaultSettings.storageMinimalAvailablePercentage + label: Storage Minimal Available Percentage + description: "If the minimum available disk capacity exceeds the actual percentage of available disk capacity, the disk becomes unschedulable until more space is freed up. By default 25." + group: "Longhorn Default Settings" + type: int + min: 0 + max: 100 + default: 25 + - variable: defaultSettings.upgradeChecker + label: Enable Upgrade Checker + description: 'Upgrade Checker will check for new Longhorn version periodically. When there is a new version available, a notification will appear in the UI. By default true.' + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.defaultReplicaCount + label: Default Replica Count + description: "The default number of replicas when a volume is created from the Longhorn UI. For Kubernetes configuration, update the `numberOfReplicas` in the StorageClass. By default 3." + group: "Longhorn Default Settings" + type: int + min: 1 + max: 20 + default: 3 + - variable: defaultSettings.guaranteedEngineCPU + label: Guaranteed Engine CPU + description: 'Allow Longhorn Instance Managers to have guaranteed CPU allocation. The value is how many CPUs should be reserved for each Engine/Replica Instance Manager Pod created by Longhorn. For example, 0.1 means one-tenth of a CPU. This will help maintain engine stability during high node workload. It only applies to the Engine/Replica Manager Pods created after the setting took effect. +WARNING: After this setting is changed, all the instance managers on all the nodes will be automatically restarted. +WARNING: DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES. +By default 0.25.' + group: "Longhorn Default Settings" + type: float + default: 0.25 + - variable: defaultSettings.defaultLonghornStaticStorageClass + label: Default Longhorn Static StorageClass Name + description: "The 'storageClassName' is given to PVs and PVCs that are created for an existing Longhorn volume. The StorageClass name can also be used as a label, so it is possible to use a Longhorn StorageClass to bind a workload to an existing PV without creating a Kubernetes StorageClass object. By default 'longhorn-static'." + group: "Longhorn Default Settings" + type: string + default: "longhorn-static" + - variable: defaultSettings.backupstorePollInterval + label: Backupstore Poll Interval + description: "In seconds. The backupstore poll interval determines how often Longhorn checks the backupstore for new backups. Set to 0 to disable the polling. By default 300." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 300 + - variable: defaultSettings.taintToleration + label: Kubernetes Taint Toleration + description: 'To dedicate nodes to store Longhorn replicas and reject other general workloads, set tolerations for Longhorn and add taints for the storage nodes. All Longhorn volumes should be detached before modifying toleration settings. We recommend setting tolerations during Longhorn deployment because the Longhorn system cannot be operated during the update. Multiple tolerations can be set here, and these tolerations are separated by semicolon. For example, `key1=value1:NoSchedule; key2:NoExecute`. Because `kubernetes.io` is used as the key of all Kubernetes default tolerations, it should not be used in the toleration settings. +WARNING: DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES.' + group: "Longhorn Default Settings" + type: string + default: "" + - variable: defaultSettings.priorityClass + label: Priority Class + description: "The name of the Priority Class to set on the Longhorn workloads. This can help prevent Longhorn workloads from being evicted under Node Pressure. WARNING: DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES." + group: "Longhorn Default Settings" + type: string + default: "" + - variable: defaultSettings.autoSalvage + label: Automatic salvage + description: "If enabled, volumes will be automatically salvaged when all the replicas become faulty e.g. due to network disconnection. Longhorn will try to figure out which replica(s) are usable, then use them for the volume. By default true." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.disableSchedulingOnCordonedNode + label: Disable Scheduling On Cordoned Node + description: "Disable Longhorn manager to schedule replica on Kubernetes cordoned node. By default true." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.replicaZoneSoftAntiAffinity + label: Replica Zone Level Soft Anti-Affinity + description: "Allow scheduling new Replicas of Volume to the Nodes in the same Zone as existing healthy Replicas. Nodes don't belong to any Zone will be treated as in the same Zone. By default true." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.volumeAttachmentRecoveryPolicy + label: Volume Attachment Recovery Policy + description: "Defines the Longhorn action when a Volume is stuck with a Deployment Pod on a failed node. `wait` leads to the deletion of the volume attachment as soon as the pods deletion time has passed. `never` is the default Kubernetes behavior of never deleting volume attachments on terminating pods. `immediate` leads to the deletion of the volume attachment as soon as all workload pods are pending. By default wait." + group: "Longhorn Default Settings" + type: enum + options: + - "wait" + - "never" + - "immediate" + default: "wait" + - variable: defaultSettings.mkfsExt4Parameters + label: Custom mkfs.ext4 parameters + description: "Allows setting additional filesystem creation parameters for ext4. For older host kernels it might be necessary to disable the optional ext4 metadata_csum feature by specifying `-O ^64bit,^metadata_csum`." + group: "Longhorn Default Settings" + type: string +- variable: ingress.enabled + default: "false" + description: "Expose app using Layer 7 Load Balancer - ingress" + type: boolean + group: "Services and Load Balancing" + label: Expose app using Layer 7 Load Balancer + show_subquestion_if: true + subquestions: + - variable: ingress.host + default: "xip.io" + description: "layer 7 Load Balancer hostname" + type: hostname + required: true + label: Layer 7 Load Balancer Hostname +- variable: service.ui.type + default: "Rancher-Proxy" + description: "Define Longhorn UI service type" + type: enum + options: + - "ClusterIP" + - "NodePort" + - "LoadBalancer" + - "Rancher-Proxy" + label: Longhorn UI Service + show_if: "ingress.enabled=false" + group: "Services and Load Balancing" + show_subquestion_if: "NodePort" + subquestions: + - variable: service.ui.nodePort + default: "" + description: "NodePort port number(to set explicitly, choose port between 30000-32767)" + type: int + min: 30000 + max: 32767 + show_if: "service.ui.type=NodePort||service.ui.type=LoadBalancer" + label: UI Service NodePort number +- variable: enablePSP + default: "true" + description: "Setup a pod security policy for Longhorn workloads." + label: Pod Security Policy + type: boolean + group: "Other Settings" \ No newline at end of file diff --git a/released/charts/longhorn/longhorn/1.0.200/templates/NOTES.txt b/released/charts/longhorn/longhorn/1.0.200/templates/NOTES.txt new file mode 100644 index 000000000..cca7cd77b --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/templates/NOTES.txt @@ -0,0 +1,5 @@ +Longhorn is now installed on the cluster! + +Please wait a few minutes for other Longhorn components such as CSI deployments, Engine Images, and Instance Managers to be initialized. + +Visit our documentation at https://longhorn.io/docs/ diff --git a/released/charts/longhorn/longhorn/1.0.200/templates/_helpers.tpl b/released/charts/longhorn/longhorn/1.0.200/templates/_helpers.tpl new file mode 100644 index 000000000..5cac51cfa --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/templates/_helpers.tpl @@ -0,0 +1,47 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "longhorn.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "longhorn.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + +{{- define "longhorn.managerIP" -}} +{{- $fullname := (include "longhorn.fullname" .) -}} +{{- printf "http://%s-backend:9500" $fullname | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + +{{- define "secret" }} +{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.privateRegistry.registryUrl (printf "%s:%s" .Values.privateRegistry.registryUser .Values.privateRegistry.registryPasswd | b64enc) | b64enc }} +{{- end }} + +{{- /* +longhorn.labels generates the standard Helm labels. +*/ -}} +{{- define "longhorn.labels" -}} +app.kubernetes.io/name: {{ template "longhorn.name" . }} +helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/version: {{ .Chart.AppVersion }} +{{- end -}} + + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/longhorn/longhorn/1.0.200/templates/clusterrole.yaml b/released/charts/longhorn/longhorn/1.0.200/templates/clusterrole.yaml new file mode 100644 index 000000000..491c3e6a5 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/templates/clusterrole.yaml @@ -0,0 +1,40 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: longhorn-role + labels: {{- include "longhorn.labels" . | nindent 4 }} +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - "*" +- apiGroups: [""] + resources: ["pods", "events", "persistentvolumes", "persistentvolumeclaims","persistentvolumeclaims/status", "nodes", "proxy/nodes", "pods/log", "secrets", "services", "endpoints", "configmaps"] + verbs: ["*"] +- apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list"] +- apiGroups: ["apps"] + resources: ["daemonsets", "statefulsets", "deployments"] + verbs: ["*"] +- apiGroups: ["batch"] + resources: ["jobs", "cronjobs"] + verbs: ["*"] +- apiGroups: ["scheduling.k8s.io"] + resources: ["priorityclasses"] + verbs: ["watch", "list"] +- apiGroups: ["storage.k8s.io"] + resources: ["storageclasses", "volumeattachments", "csinodes", "csidrivers"] + verbs: ["*"] +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] +- apiGroups: ["longhorn.io"] + resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status"] + verbs: ["*"] +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["*"] diff --git a/released/charts/longhorn/longhorn/1.0.200/templates/clusterrolebinding.yaml b/released/charts/longhorn/longhorn/1.0.200/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..30c7fa78c --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/templates/clusterrolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: longhorn-bind + labels: {{- include "longhorn.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: longhorn-role +subjects: +- kind: ServiceAccount + name: longhorn-service-account + namespace: {{ .Release.Namespace }} diff --git a/released/charts/longhorn/longhorn/1.0.200/templates/daemonset-sa.yaml b/released/charts/longhorn/longhorn/1.0.200/templates/daemonset-sa.yaml new file mode 100644 index 000000000..1717aa4d9 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/templates/daemonset-sa.yaml @@ -0,0 +1,112 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-manager + name: longhorn-manager + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + app: longhorn-manager + template: + metadata: + labels: {{- include "longhorn.labels" . | nindent 8 }} + app: longhorn-manager + spec: + containers: + - name: longhorn-manager + image: {{ template "system_default_registry" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: IfNotPresent + securityContext: + privileged: true + command: + - longhorn-manager + - -d + - daemon + - --engine-image + - "{{ template "system_default_registry" . }}{{ .Values.image.longhorn.engine.repository }}:{{ .Values.image.longhorn.engine.tag }}" + - --instance-manager-image + - "{{ template "system_default_registry" . }}{{ .Values.image.longhorn.instanceManager.repository }}:{{ .Values.image.longhorn.instanceManager.tag }}" + - --manager-image + - "{{ template "system_default_registry" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}" + - --service-account + - longhorn-service-account + ports: + - containerPort: 9500 + name: manager + readinessProbe: + tcpSocket: + port: 9500 + volumeMounts: + - name: dev + mountPath: /host/dev/ + - name: proc + mountPath: /host/proc/ + - name: varrun + mountPath: /var/run/ + mountPropagation: Bidirectional + - name: longhorn + mountPath: /var/lib/longhorn/ + mountPropagation: Bidirectional + - name: longhorn-default-setting + mountPath: /var/lib/longhorn-setting/ + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: DEFAULT_SETTING_PATH + value: /var/lib/longhorn-setting/default-setting.yaml + volumes: + - name: dev + hostPath: + path: /dev/ + - name: proc + hostPath: + path: /proc/ + - name: varrun + hostPath: + path: /var/run/ + - name: longhorn + hostPath: + path: /var/lib/longhorn/ + - name: longhorn-default-setting + configMap: + name: longhorn-default-setting + {{- if .Values.defaultSettings.registrySecret }} + imagePullSecrets: + - name: {{ .Values.defaultSettings.registrySecret }} + {{- end }} + serviceAccountName: longhorn-service-account + updateStrategy: + rollingUpdate: + maxUnavailable: "100%" +--- +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-manager + name: longhorn-backend + namespace: {{ .Release.Namespace }} +spec: + type: {{ .Values.service.manager.type }} + sessionAffinity: ClientIP + selector: + app: longhorn-manager + ports: + - name: manager + port: 9500 + targetPort: manager + {{- if .Values.service.manager.nodePort }} + nodePort: {{ .Values.service.manager.nodePort }} + {{- end }} diff --git a/released/charts/longhorn/longhorn/1.0.200/templates/default-setting.yaml b/released/charts/longhorn/longhorn/1.0.200/templates/default-setting.yaml new file mode 100644 index 000000000..2eb10b4dc --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/templates/default-setting.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: longhorn-default-setting + namespace: {{ .Release.Namespace }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +data: + default-setting.yaml: |- + backup-target: {{ .Values.defaultSettings.backupTarget }} + backup-target-credential-secret: {{ .Values.defaultSettings.backupTargetCredentialSecret }} + create-default-disk-labeled-nodes: {{ .Values.defaultSettings.createDefaultDiskLabeledNodes }} + default-data-path: {{ .Values.defaultSettings.defaultDataPath }} + replica-soft-anti-affinity: {{ .Values.defaultSettings.replicaSoftAntiAffinity }} + storage-over-provisioning-percentage: {{ .Values.defaultSettings.storageOverProvisioningPercentage }} + storage-minimal-available-percentage: {{ .Values.defaultSettings.storageMinimalAvailablePercentage }} + upgrade-checker: {{ .Values.defaultSettings.upgradeChecker }} + default-replica-count: {{ .Values.defaultSettings.defaultReplicaCount }} + guaranteed-engine-cpu: {{ .Values.defaultSettings.guaranteedEngineCPU }} + default-longhorn-static-storage-class: {{ .Values.defaultSettings.defaultLonghornStaticStorageClass }} + backupstore-poll-interval: {{ .Values.defaultSettings.backupstorePollInterval }} + taint-toleration: {{ .Values.defaultSettings.taintToleration }} + priority-class: {{ .Values.defaultSettings.priorityClass }} + registry-secret: {{ .Values.defaultSettings.registrySecret }} + auto-salvage: {{ .Values.defaultSettings.autoSalvage }} + disable-scheduling-on-cordoned-node: {{ .Values.defaultSettings.disableSchedulingOnCordonedNode }} + replica-zone-soft-anti-affinity: {{ .Values.defaultSettings.replicaZoneSoftAntiAffinity }} + volume-attachment-recovery-policy: {{ .Values.defaultSettings.volumeAttachmentRecoveryPolicy }} + mkfs-ext4-parameters: {{ .Values.defaultSettings.mkfsExt4Parameters }} diff --git a/released/charts/longhorn/longhorn/1.0.200/templates/deployment-driver.yaml b/released/charts/longhorn/longhorn/1.0.200/templates/deployment-driver.yaml new file mode 100644 index 000000000..bee055d8e --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/templates/deployment-driver.yaml @@ -0,0 +1,84 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: longhorn-driver-deployer + namespace: {{ .Release.Namespace }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + app: longhorn-driver-deployer + template: + metadata: + labels: {{- include "longhorn.labels" . | nindent 8 }} + app: longhorn-driver-deployer + spec: + initContainers: + - name: wait-longhorn-manager + image: {{ template "system_default_registry" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" http://longhorn-backend:9500/v1) != "200" ]; do echo waiting; sleep 2; done'] + containers: + - name: longhorn-driver-deployer + image: {{ template "system_default_registry" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: IfNotPresent + command: + - longhorn-manager + - -d + - deploy-driver + - --manager-image + - "{{ template "system_default_registry" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}" + - --manager-url + - http://longhorn-backend:9500/v1 + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + {{- if .Values.csi.kubeletRootDir }} + - name: KUBELET_ROOT_DIR + value: {{ .Values.csi.kubeletRootDir }} + {{- end }} + {{- if and .Values.image.csi.attacher.repository .Values.image.csi.attacher.tag }} + - name: CSI_ATTACHER_IMAGE + value: "{{ template "system_default_registry" . }}{{ .Values.image.csi.attacher.repository }}:{{ .Values.image.csi.attacher.tag }}" + {{- end }} + {{- if and .Values.image.csi.provisioner.repository .Values.image.csi.provisioner.tag }} + - name: CSI_PROVISIONER_IMAGE + value: "{{ template "system_default_registry" . }}{{ .Values.image.csi.provisioner.repository }}:{{ .Values.image.csi.provisioner.tag }}" + {{- end }} + {{- if and .Values.image.csi.nodeDriverRegistrar.repository .Values.image.csi.nodeDriverRegistrar.tag }} + - name: CSI_NODE_DRIVER_REGISTRAR_IMAGE + value: "{{ template "system_default_registry" . }}{{ .Values.image.csi.nodeDriverRegistrar.repository }}:{{ .Values.image.csi.nodeDriverRegistrar.tag }}" + {{- end }} + {{- if and .Values.image.csi.resizer.repository .Values.image.csi.resizer.tag }} + - name: CSI_RESIZER_IMAGE + value: "{{ template "system_default_registry" . }}{{ .Values.image.csi.resizer.repository }}:{{ .Values.image.csi.resizer.tag }}" + {{- end }} + {{- if .Values.csi.attacherReplicaCount }} + - name: CSI_ATTACHER_REPLICA_COUNT + value: {{ .Values.csi.attacherReplicaCount | quote }} + {{- end }} + {{- if .Values.csi.provisionerReplicaCount }} + - name: CSI_PROVISIONER_REPLICA_COUNT + value: {{ .Values.csi.provisionerReplicaCount | quote }} + {{- end }} + {{- if .Values.csi.resizerReplicaCount }} + - name: CSI_RESIZER_REPLICA_COUNT + value: {{ .Values.csi.resizerReplicaCount | quote }} + {{- end }} + {{- if .Values.defaultSettings.registrySecret }} + imagePullSecrets: + - name: {{ .Values.defaultSettings.registrySecret }} + {{- end }} + serviceAccountName: longhorn-service-account + securityContext: + runAsUser: 0 diff --git a/released/charts/longhorn/longhorn/1.0.200/templates/deployment-ui.yaml b/released/charts/longhorn/longhorn/1.0.200/templates/deployment-ui.yaml new file mode 100644 index 000000000..0de0c9b3b --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/templates/deployment-ui.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-ui + name: longhorn-ui + namespace: {{ .Release.Namespace }} +spec: + replicas: 1 + selector: + matchLabels: + app: longhorn-ui + template: + metadata: + labels: {{- include "longhorn.labels" . | nindent 8 }} + app: longhorn-ui + spec: + containers: + - name: longhorn-ui + image: {{ template "system_default_registry" . }}{{ .Values.image.longhorn.ui.repository }}:{{ .Values.image.longhorn.ui.tag }} + imagePullPolicy: IfNotPresent + securityContext: + runAsUser: 0 + ports: + - containerPort: 8000 + name: http + env: + - name: LONGHORN_MANAGER_IP + value: "http://longhorn-backend:9500" + {{- if .Values.defaultSettings.registrySecret }} + imagePullSecrets: + - name: {{ .Values.defaultSettings.registrySecret }} + {{- end }} +--- +kind: Service +apiVersion: v1 +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-ui + {{- if eq .Values.service.ui.type "Rancher-Proxy" }} + kubernetes.io/cluster-service: "true" + {{- end }} + name: longhorn-frontend + namespace: {{ .Release.Namespace }} +spec: + {{- if eq .Values.service.ui.type "Rancher-Proxy" }} + type: ClusterIP + {{- else }} + type: {{ .Values.service.ui.type }} + {{- end }} + selector: + app: longhorn-ui + ports: + - name: http + port: 80 + targetPort: http + {{- if .Values.service.ui.nodePort }} + nodePort: {{ .Values.service.ui.nodePort }} + {{- else }} + nodePort: null + {{- end }} diff --git a/released/charts/longhorn/longhorn/1.0.200/templates/ingress.yaml b/released/charts/longhorn/longhorn/1.0.200/templates/ingress.yaml new file mode 100644 index 000000000..e3e9e3eea --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/templates/ingress.yaml @@ -0,0 +1,30 @@ +{{- if .Values.ingress.enabled }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: longhorn-ingress + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-ingress + annotations: + {{- if .Values.ingress.tls }} + ingress.kubernetes.io/secure-backends: "true" + {{- end }} + {{- range $key, $value := .Values.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + rules: + - host: {{ .Values.ingress.host }} + http: + paths: + - path: {{ default "" .Values.ingress.path }} + backend: + serviceName: longhorn-frontend + servicePort: 80 +{{- if .Values.ingress.tls }} + tls: + - hosts: + - {{ .Values.ingress.host }} + secretName: {{ .Values.ingress.tlsSecret }} +{{- end }} +{{- end }} diff --git a/released/charts/longhorn/longhorn/1.0.200/templates/postupgrade-job.yaml b/released/charts/longhorn/longhorn/1.0.200/templates/postupgrade-job.yaml new file mode 100644 index 000000000..1860be5fe --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/templates/postupgrade-job.yaml @@ -0,0 +1,35 @@ +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + "helm.sh/hook": post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation + name: longhorn-post-upgrade + namespace: {{ .Release.Namespace }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + activeDeadlineSeconds: 900 + backoffLimit: 1 + template: + metadata: + name: longhorn-post-upgrade + labels: {{- include "longhorn.labels" . | nindent 8 }} + spec: + containers: + - name: longhorn-post-upgrade + image: {{ template "system_default_registry" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: Always + command: + - longhorn-manager + - post-upgrade + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + restartPolicy: OnFailure + {{- if .Values.defaultSettings.registrySecret }} + imagePullSecrets: + - name: {{ .Values.defaultSettings.registrySecret }} + {{- end }} + serviceAccountName: longhorn-service-account diff --git a/released/charts/longhorn/longhorn/1.0.200/templates/psp.yaml b/released/charts/longhorn/longhorn/1.0.200/templates/psp.yaml new file mode 100644 index 000000000..66479b4fa --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/templates/psp.yaml @@ -0,0 +1,66 @@ +{{- if .Values.enablePSP }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: longhorn-psp + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + privileged: true + allowPrivilegeEscalation: true + requiredDropCapabilities: + - NET_RAW + allowedCapabilities: + - SYS_ADMIN + hostNetwork: false + hostIPC: false + hostPID: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + fsGroup: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - downwardAPI + - emptyDir + - secret + - projected + - hostPath +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: longhorn-psp-role + labels: {{- include "longhorn.labels" . | nindent 4 }} + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: + - policy + resources: + - podsecuritypolicies + verbs: + - use + resourceNames: + - longhorn-psp +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: longhorn-psp-binding + labels: {{- include "longhorn.labels" . | nindent 4 }} + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: longhorn-psp-role +subjects: +- kind: ServiceAccount + name: longhorn-service-account + namespace: {{ .Release.Namespace }} +- kind: ServiceAccount + name: default + namespace: {{ .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/released/charts/longhorn/longhorn/1.0.200/templates/registry-secret.yml b/released/charts/longhorn/longhorn/1.0.200/templates/registry-secret.yml new file mode 100644 index 000000000..eeb9a8f4a --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/templates/registry-secret.yml @@ -0,0 +1,10 @@ +{{- if .Values.defaultSettings.registrySecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.defaultSettings.registrySecret }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ template "secret" . }} +{{- end }} diff --git a/released/charts/longhorn/longhorn/1.0.200/templates/serviceaccount.yaml b/released/charts/longhorn/longhorn/1.0.200/templates/serviceaccount.yaml new file mode 100644 index 000000000..a2280b44f --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/templates/serviceaccount.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: longhorn-service-account + namespace: {{ .Release.Namespace }} + labels: {{- include "longhorn.labels" . | nindent 4 }} diff --git a/released/charts/longhorn/longhorn/1.0.200/templates/storageclass.yaml b/released/charts/longhorn/longhorn/1.0.200/templates/storageclass.yaml new file mode 100644 index 000000000..3fee340f4 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/templates/storageclass.yaml @@ -0,0 +1,14 @@ +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: longhorn + annotations: + storageclass.kubernetes.io/is-default-class: {{ .Values.persistence.defaultClass | quote }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +provisioner: driver.longhorn.io +allowVolumeExpansion: true +parameters: + numberOfReplicas: "{{ .Values.persistence.defaultClassReplicaCount }}" + staleReplicaTimeout: "30" + fromBackup: "" + baseImage: "" diff --git a/released/charts/longhorn/longhorn/1.0.200/templates/tls-secrets.yaml b/released/charts/longhorn/longhorn/1.0.200/templates/tls-secrets.yaml new file mode 100644 index 000000000..7a75df09c --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/templates/tls-secrets.yaml @@ -0,0 +1,15 @@ +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: longhorn + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +--- +{{- end }} +{{- end }} diff --git a/released/charts/longhorn/longhorn/1.0.200/templates/uninstall-job.yaml b/released/charts/longhorn/longhorn/1.0.200/templates/uninstall-job.yaml new file mode 100644 index 000000000..d32157145 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/templates/uninstall-job.yaml @@ -0,0 +1,36 @@ +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": hook-succeeded + name: longhorn-uninstall + namespace: {{ .Release.Namespace }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + activeDeadlineSeconds: 900 + backoffLimit: 1 + template: + metadata: + name: longhorn-uninstall + labels: {{- include "longhorn.labels" . | nindent 8 }} + spec: + containers: + - name: longhorn-uninstall + image: {{ template "system_default_registry" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: Always + command: + - longhorn-manager + - uninstall + - --force + env: + - name: LONGHORN_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + restartPolicy: OnFailure + {{- if .Values.defaultSettings.registrySecret }} + imagePullSecrets: + - name: {{ .Values.defaultSettings.registrySecret }} + {{- end }} + serviceAccountName: longhorn-service-account diff --git a/released/charts/longhorn/longhorn/1.0.200/templates/userroles.yaml b/released/charts/longhorn/longhorn/1.0.200/templates/userroles.yaml new file mode 100644 index 000000000..ba6d40643 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/templates/userroles.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "longhorn-admin" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: [ "longhorn.io" ] + resources: [ "volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status" ] + verbs: [ "*" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "longhorn-edit" + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: + - apiGroups: [ "longhorn.io" ] + resources: [ "volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status" ] + verbs: [ "*" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "longhorn-view" + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" +rules: + - apiGroups: [ "longhorn.io" ] + resources: [ "volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status" ] + verbs: [ "get", "list", "watch" ] diff --git a/released/charts/longhorn/longhorn/1.0.200/templates/validate-install-crd.yaml b/released/charts/longhorn/longhorn/1.0.200/templates/validate-install-crd.yaml new file mode 100644 index 000000000..4899b977c --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/templates/validate-install-crd.yaml @@ -0,0 +1,14 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "longhorn.io/v1beta1/Engine" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the longhorn-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/longhorn/longhorn/1.0.200/values.yaml b/released/charts/longhorn/longhorn/1.0.200/values.yaml new file mode 100644 index 000000000..a29b9497d --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.200/values.yaml @@ -0,0 +1,136 @@ +# Default values for longhorn. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +global: + cattle: + systemDefaultRegistry: "" + +image: + longhorn: + engine: + repository: rancher/longhornio-longhorn-engine + tag: v1.0.2 + manager: + repository: rancher/longhornio-longhorn-manager + tag: v1.0.2 + ui: + repository: rancher/longhornio-longhorn-ui + tag: v1.0.2 + instanceManager: + repository: rancher/longhornio-longhorn-instance-manager + tag: v1_20200514 + csi: + attacher: + repository: rancher/longhornio-csi-attacher + tag: v2.0.0 + provisioner: + repository: rancher/longhornio-csi-provisioner + tag: v1.4.0 + nodeDriverRegistrar: + repository: rancher/longhornio-csi-node-driver-registrar + tag: v1.2.0 + resizer: + repository: rancher/longhornio-csi-resizer + tag: v0.3.0 + pullPolicy: IfNotPresent + +service: + ui: + type: ClusterIP + nodePort: null + manager: + type: ClusterIP + nodePort: "" + +persistence: + defaultClass: true + defaultClassReplicaCount: 3 + +csi: + kubeletRootDir: ~ + attacherReplicaCount: ~ + provisionerReplicaCount: ~ + resizerReplicaCount: ~ + +defaultSettings: + backupTarget: ~ + backupTargetCredentialSecret: ~ + createDefaultDiskLabeledNodes: ~ + defaultDataPath: ~ + replicaSoftAntiAffinity: ~ + storageOverProvisioningPercentage: ~ + storageMinimalAvailablePercentage: ~ + upgradeChecker: ~ + defaultReplicaCount: ~ + guaranteedEngineCPU: ~ + defaultLonghornStaticStorageClass: ~ + backupstorePollInterval: ~ + taintToleration: ~ + priorityClass: ~ + registrySecret: ~ + autoSalvage: ~ + disableSchedulingOnCordonedNode: ~ + replicaZoneSoftAntiAffinity: ~ + volumeAttachmentRecoveryPolicy: ~ + mkfsExt4Parameters: ~ + +privateRegistry: + registryUrl: ~ + registryUser: ~ + registryPasswd: ~ + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + # + +ingress: + ## Set to true to enable ingress record generation + enabled: false + + + host: xip.io + + ## Set this to true in order to enable TLS on the ingress record + ## A side effect of this will be that the backend service will be connected at port 443 + tls: false + + ## If TLS is set to true, you must declare what secret will store the key/certificate for TLS + tlsSecret: longhorn.local-tls + + ## Ingress annotations done as key:value pairs + ## If you're using kube-lego, you will want to add: + ## kubernetes.io/tls-acme: true + ## + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/annotations.md + ## + ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set + annotations: + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: true + + secrets: + ## If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate should start with -----BEGIN CERTIFICATE----- or + ## -----BEGIN RSA PRIVATE KEY----- + ## + ## name should line up with a tlsSecret set further up + ## If you're using kube-lego, this is unneeded, as it will create the secret for you if it is not set + ## + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + # - name: longhorn.local-tls + # key: + # certificate: + +# Configure a pod security policy in the Longhorn namespace to allow privileged pods +enablePSP: true diff --git a/released/charts/longhorn/longhorn/1.0.201/.helmignore b/released/charts/longhorn/longhorn/1.0.201/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/released/charts/longhorn/longhorn/1.0.201/Chart.yaml b/released/charts/longhorn/longhorn/1.0.201/Chart.yaml new file mode 100644 index 000000000..7cf478dd8 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/Chart.yaml @@ -0,0 +1,36 @@ +annotations: + catalog.cattle.io/auto-install: longhorn-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Longhorn + catalog.cattle.io/namespace: longhorn-system + catalog.cattle.io/provides-gvr: longhorn.io/v1beta1 + catalog.cattle.io/release-name: longhorn + catalog.cattle.io/ui-component: longhorn + catalog.cattle.io/os: linux +apiVersion: v1 +appVersion: v1.0.2 +description: Longhorn is a distributed block storage system for Kubernetes. +home: https://github.com/longhorn/longhorn +icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/longhorn/icon/color/longhorn-icon-color.svg +keywords: +- longhorn +- storage +- distributed +- block +- device +- iscsi +kubeVersion: '>=v1.14.0-r0' +maintainers: +- email: maintainers@longhorn.io + name: Longhorn maintainers +- email: sheng@yasker.org + name: Sheng Yang +name: longhorn +sources: +- https://github.com/longhorn/longhorn +- https://github.com/longhorn/longhorn-engine +- https://github.com/longhorn/longhorn-instance-manager +- https://github.com/longhorn/longhorn-manager +- https://github.com/longhorn/longhorn-ui +- https://github.com/longhorn/longhorn-tests +version: 1.0.201 diff --git a/released/charts/longhorn/longhorn/1.0.201/README.md b/released/charts/longhorn/longhorn/1.0.201/README.md new file mode 100644 index 000000000..068bb5d66 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/README.md @@ -0,0 +1,49 @@ +# Rancher Longhorn Chart + +> **Important**: Please install Longhorn chart in `longhorn-system` namespace only. + +> **Warning**: Longhorn doesn't support downgrading from a higher version to a lower version. + +The following document pertains to running Longhorn from the Rancher 2.0 chart. + +## Source Code + +Longhorn is 100% open source software. Project source code is spread across a number of repos: + +1. Longhorn Engine -- Core controller/replica logic https://github.com/longhorn/longhorn-engine +2. Longhorn Instance Manager -- Controller/replica instance lifecycle management https://github.com/longhorn/longhorn-instance-manager +3. Longhorn Manager -- Longhorn orchestration, includes CSI driver for Kubernetes https://github.com/longhorn/longhorn-manager +4. Longhorn UI -- Dashboard https://github.com/longhorn/longhorn-ui + +## Prerequisites + +1. Rancher v2.1+ +2. Docker v1.13+ +3. Kubernetes v1.14+ +4. Make sure `curl`, `findmnt`, `grep`, `awk` and `blkid` has been installed in all nodes of the Kubernetes cluster. +5. Make sure `open-iscsi` has been installed in all nodes of the Kubernetes cluster. For GKE, recommended Ubuntu as guest OS image since it contains `open-iscsi` already. + +## Uninstallation + +1. To prevent damage to the Kubernetes cluster, we recommend deleting all Kubernetes workloads using Longhorn volumes (PersistentVolume, PersistentVolumeClaim, StorageClass, Deployment, StatefulSet, DaemonSet, etc). + +2. From Rancher UI, navigate to `Catalog Apps` tab and delete Longhorn app. + +## Troubleshooting + +### I deleted the Longhorn App from Rancher UI instead of following the uninstallation procedure + +Redeploy the (same version) Longhorn App. Follow the uninstallation procedure above. + +### Problems with CRDs + +If your CRD instances or the CRDs themselves can't be deleted for whatever reason, run the commands below to clean up. Caution: this will wipe all Longhorn state! + +``` +# Delete CRD instances and definitions +curl -s https://raw.githubusercontent.com/longhorn/longhorn/v0.8.1/scripts/cleanup.sh |bash -s v062 +curl -s https://raw.githubusercontent.com/longhorn/longhorn/v0.8.1/scripts/cleanup.sh |bash -s v070 +``` + +--- +Please see [link](https://github.com/longhorn/longhorn) for more information. diff --git a/released/charts/longhorn/longhorn/1.0.201/app-readme.md b/released/charts/longhorn/longhorn/1.0.201/app-readme.md new file mode 100644 index 000000000..cb23135ca --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/app-readme.md @@ -0,0 +1,11 @@ +# Longhorn + +Longhorn is a lightweight, reliable and easy to use distributed block storage system for Kubernetes. Once deployed, users can leverage persistent volumes provided by Longhorn. + +Longhorn creates a dedicated storage controller for each volume and synchronously replicates the volume across multiple replicas stored on multiple nodes. The storage controller and replicas are themselves orchestrated using Kubernetes. Longhorn supports snapshots, backups and even allows you to schedule recurring snapshots and backups! + +**Important**: Please install Longhorn chart in `longhorn-system` namespace only. + +**Warning**: Longhorn doesn't support downgrading from a higher version to a lower version. + +[Chart Documentation](https://github.com/longhorn/longhorn/blob/master/chart/README.md) diff --git a/released/charts/longhorn/longhorn/1.0.201/questions.yml b/released/charts/longhorn/longhorn/1.0.201/questions.yml new file mode 100644 index 000000000..26566901f --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/questions.yml @@ -0,0 +1,346 @@ +categories: +- storage +namespace: longhorn-system +questions: +- variable: image.defaultImage + default: "true" + description: "Use default Longhorn images" + label: Use Default Images + type: boolean + show_subquestion_if: false + group: "Longhorn Images" + subquestions: + - variable: image.longhorn.manager.repository + default: longhornio/longhorn-manager + description: "Specify Longhorn Manager Image Repository" + type: string + label: Longhorn Manager Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.manager.tag + default: v1.0.2 + description: "Specify Longhorn Manager Image Tag" + type: string + label: Longhorn Manager Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.engine.repository + default: longhornio/longhorn-engine + description: "Specify Longhorn Engine Image Repository" + type: string + label: Longhorn Engine Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.engine.tag + default: v1.0.2 + description: "Specify Longhorn Engine Image Tag" + type: string + label: Longhorn Engine Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.ui.repository + default: longhornio/longhorn-ui + description: "Specify Longhorn UI Image Repository" + type: string + label: Longhorn UI Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.ui.tag + default: v1.0.2 + description: "Specify Longhorn UI Image Tag" + type: string + label: Longhorn UI Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.instanceManager.repository + default: longhornio/longhorn-instance-manager + description: "Specify Longhorn Instance Manager Image Repository" + type: string + label: Longhorn Instance Manager Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.instanceManager.tag + default: v1_20200514 + description: "Specify Longhorn Instance Manager Image Tag" + type: string + label: Longhorn Instance Manager Image Tag + group: "Longhorn Images Settings" + - variable: image.csi.attacher.repository + default: longhornio/csi-attacher + description: "Specify CSI attacher image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Attacher Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.attacher.tag + default: v2.0.0 + description: "Specify CSI attacher image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Attacher Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.provisioner.repository + default: longhornio/csi-provisioner + description: "Specify CSI provisioner image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Provisioner Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.provisioner.tag + default: v1.4.0 + description: "Specify CSI provisioner image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Provisioner Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.nodeDriverRegistrar.repository + default: longhornio/csi-node-driver-registrar + description: "Specify CSI Node Driver Registrar image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Node Driver Registrar Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.nodeDriverRegistrar.tag + default: v1.2.0 + description: "Specify CSI Node Driver Registrar image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Node Driver Registrar Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.resizer.repository + default: longhornio/csi-resizer + description: "Specify CSI Driver Resizer image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Driver Resizer Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.resizer.tag + default: v0.3.0 + description: "Specify CSI Driver Resizer image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Driver Resizer Image Tag + group: "Longhorn CSI Driver Images" +- variable: privateRegistry.registryUrl + label: Private registry URL + description: "URL of private registry" + group: "Private Registry Settings" + type: string + default: "" +- variable: privateRegistry.registryUser + label: Private registry user + description: "User used to authenticate to private registry" + group: "Private Registry Settings" + type: string + default: "" +- variable: privateRegistry.registryPasswd + label: Private registry password + description: "Password used to authenticate to private registry" + group: "Private Registry Settings" + type: password + default: "" +- variable: longhorn.default_setting + default: "false" + description: "Customize the default settings before installing Longhorn for the first time. This option will only work if the cluster hasn't installed Longhorn." + label: "Customize Default Settings" + type: boolean + show_subquestion_if: true + group: "Longhorn Default Settings" + subquestions: + - variable: defaultSettings.registrySecret + label: Private registry secret + description: "The Kubernetes Secret name" + group: "Longhorn Default Settings" + type: string + default: "" + - variable: csi.kubeletRootDir + default: + description: "Specify kubelet root-dir. Leave blank to autodetect." + type: string + label: Kubelet Root Directory + group: "Longhorn CSI Driver Settings" + - variable: csi.attacherReplicaCount + type: int + default: + min: 1 + max: 10 + description: "Specify replica count of CSI Attacher. By default 3." + label: Longhorn CSI Attacher replica count + group: "Longhorn CSI Driver Settings" + - variable: csi.provisionerReplicaCount + type: int + default: + min: 1 + max: 10 + description: "Specify replica count of CSI Provisioner. By default 3." + label: Longhorn CSI Provisioner replica count + group: "Longhorn CSI Driver Settings" + - variable: persistence.defaultClass + default: "true" + description: "Set as default StorageClass" + group: "Longhorn CSI Driver Settings" + type: boolean + required: true + label: Default Storage Class + - variable: persistence.defaultClassReplicaCount + description: "Set replica count for default StorageClass" + group: "Longhorn CSI Driver Settings" + type: int + default: 3 + min: 1 + max: 10 + label: Default Storage Class Replica Count + - variable: defaultSettings.backupTarget + label: Backup Target + description: "The endpoint used to access the backupstore. NFS and S3 are supported." + group: "Longhorn Default Settings" + type: string + default: + - variable: defaultSettings.backupTargetCredentialSecret + label: Backup Target Credential Secret + description: "The name of the Kubernetes secret associated with the backup target." + group: "Longhorn Default Settings" + type: string + default: + - variable: defaultSettings.createDefaultDiskLabeledNodes + label: Create Default Disk on Labeled Nodes + description: 'Create default Disk automatically only on Nodes with the label "node.longhorn.io/create-default-disk=true" if no other disks exist. If disabled, the default disk will be created on all new nodes when each node is first added.' + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.defaultDataPath + label: Default Data Path + description: 'Default path to use for storing data on a host. By default "/var/lib/longhorn/"' + group: "Longhorn Default Settings" + type: string + default: "/var/lib/longhorn/" + - variable: defaultSettings.replicaSoftAntiAffinity + label: Replica Node Level Soft Anti-Affinity + description: 'Allow scheduling on nodes with existing healthy replicas of the same volume. By default false.' + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.storageOverProvisioningPercentage + label: Storage Over Provisioning Percentage + description: "The over-provisioning percentage defines how much storage can be allocated relative to the hard drive's capacity. By default 200." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 200 + - variable: defaultSettings.storageMinimalAvailablePercentage + label: Storage Minimal Available Percentage + description: "If the minimum available disk capacity exceeds the actual percentage of available disk capacity, the disk becomes unschedulable until more space is freed up. By default 25." + group: "Longhorn Default Settings" + type: int + min: 0 + max: 100 + default: 25 + - variable: defaultSettings.upgradeChecker + label: Enable Upgrade Checker + description: 'Upgrade Checker will check for new Longhorn version periodically. When there is a new version available, a notification will appear in the UI. By default true.' + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.defaultReplicaCount + label: Default Replica Count + description: "The default number of replicas when a volume is created from the Longhorn UI. For Kubernetes configuration, update the `numberOfReplicas` in the StorageClass. By default 3." + group: "Longhorn Default Settings" + type: int + min: 1 + max: 20 + default: 3 + - variable: defaultSettings.guaranteedEngineCPU + label: Guaranteed Engine CPU + description: 'Allow Longhorn Instance Managers to have guaranteed CPU allocation. The value is how many CPUs should be reserved for each Engine/Replica Instance Manager Pod created by Longhorn. For example, 0.1 means one-tenth of a CPU. This will help maintain engine stability during high node workload. It only applies to the Engine/Replica Manager Pods created after the setting took effect. +WARNING: After this setting is changed, all the instance managers on all the nodes will be automatically restarted. +WARNING: DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES. +By default 0.25.' + group: "Longhorn Default Settings" + type: float + default: 0.25 + - variable: defaultSettings.defaultLonghornStaticStorageClass + label: Default Longhorn Static StorageClass Name + description: "The 'storageClassName' is given to PVs and PVCs that are created for an existing Longhorn volume. The StorageClass name can also be used as a label, so it is possible to use a Longhorn StorageClass to bind a workload to an existing PV without creating a Kubernetes StorageClass object. By default 'longhorn-static'." + group: "Longhorn Default Settings" + type: string + default: "longhorn-static" + - variable: defaultSettings.backupstorePollInterval + label: Backupstore Poll Interval + description: "In seconds. The backupstore poll interval determines how often Longhorn checks the backupstore for new backups. Set to 0 to disable the polling. By default 300." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 300 + - variable: defaultSettings.taintToleration + label: Kubernetes Taint Toleration + description: 'To dedicate nodes to store Longhorn replicas and reject other general workloads, set tolerations for Longhorn and add taints for the storage nodes. All Longhorn volumes should be detached before modifying toleration settings. We recommend setting tolerations during Longhorn deployment because the Longhorn system cannot be operated during the update. Multiple tolerations can be set here, and these tolerations are separated by semicolon. For example, `key1=value1:NoSchedule; key2:NoExecute`. Because `kubernetes.io` is used as the key of all Kubernetes default tolerations, it should not be used in the toleration settings. +WARNING: DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES.' + group: "Longhorn Default Settings" + type: string + default: "" + - variable: defaultSettings.priorityClass + label: Priority Class + description: "The name of the Priority Class to set on the Longhorn workloads. This can help prevent Longhorn workloads from being evicted under Node Pressure. WARNING: DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES." + group: "Longhorn Default Settings" + type: string + default: "" + - variable: defaultSettings.autoSalvage + label: Automatic salvage + description: "If enabled, volumes will be automatically salvaged when all the replicas become faulty e.g. due to network disconnection. Longhorn will try to figure out which replica(s) are usable, then use them for the volume. By default true." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.disableSchedulingOnCordonedNode + label: Disable Scheduling On Cordoned Node + description: "Disable Longhorn manager to schedule replica on Kubernetes cordoned node. By default true." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.replicaZoneSoftAntiAffinity + label: Replica Zone Level Soft Anti-Affinity + description: "Allow scheduling new Replicas of Volume to the Nodes in the same Zone as existing healthy Replicas. Nodes don't belong to any Zone will be treated as in the same Zone. By default true." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.volumeAttachmentRecoveryPolicy + label: Volume Attachment Recovery Policy + description: "Defines the Longhorn action when a Volume is stuck with a Deployment Pod on a failed node. `wait` leads to the deletion of the volume attachment as soon as the pods deletion time has passed. `never` is the default Kubernetes behavior of never deleting volume attachments on terminating pods. `immediate` leads to the deletion of the volume attachment as soon as all workload pods are pending. By default wait." + group: "Longhorn Default Settings" + type: enum + options: + - "wait" + - "never" + - "immediate" + default: "wait" + - variable: defaultSettings.mkfsExt4Parameters + label: Custom mkfs.ext4 parameters + description: "Allows setting additional filesystem creation parameters for ext4. For older host kernels it might be necessary to disable the optional ext4 metadata_csum feature by specifying `-O ^64bit,^metadata_csum`." + group: "Longhorn Default Settings" + type: string +- variable: ingress.enabled + default: "false" + description: "Expose app using Layer 7 Load Balancer - ingress" + type: boolean + group: "Services and Load Balancing" + label: Expose app using Layer 7 Load Balancer + show_subquestion_if: true + subquestions: + - variable: ingress.host + default: "xip.io" + description: "layer 7 Load Balancer hostname" + type: hostname + required: true + label: Layer 7 Load Balancer Hostname +- variable: service.ui.type + default: "Rancher-Proxy" + description: "Define Longhorn UI service type" + type: enum + options: + - "ClusterIP" + - "NodePort" + - "LoadBalancer" + - "Rancher-Proxy" + label: Longhorn UI Service + show_if: "ingress.enabled=false" + group: "Services and Load Balancing" + show_subquestion_if: "NodePort" + subquestions: + - variable: service.ui.nodePort + default: "" + description: "NodePort port number(to set explicitly, choose port between 30000-32767)" + type: int + min: 30000 + max: 32767 + show_if: "service.ui.type=NodePort||service.ui.type=LoadBalancer" + label: UI Service NodePort number +- variable: enablePSP + default: "true" + description: "Setup a pod security policy for Longhorn workloads." + label: Pod Security Policy + type: boolean + group: "Other Settings" \ No newline at end of file diff --git a/released/charts/longhorn/longhorn/1.0.201/templates/NOTES.txt b/released/charts/longhorn/longhorn/1.0.201/templates/NOTES.txt new file mode 100644 index 000000000..cca7cd77b --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/templates/NOTES.txt @@ -0,0 +1,5 @@ +Longhorn is now installed on the cluster! + +Please wait a few minutes for other Longhorn components such as CSI deployments, Engine Images, and Instance Managers to be initialized. + +Visit our documentation at https://longhorn.io/docs/ diff --git a/released/charts/longhorn/longhorn/1.0.201/templates/_helpers.tpl b/released/charts/longhorn/longhorn/1.0.201/templates/_helpers.tpl new file mode 100644 index 000000000..5cac51cfa --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/templates/_helpers.tpl @@ -0,0 +1,47 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "longhorn.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "longhorn.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + +{{- define "longhorn.managerIP" -}} +{{- $fullname := (include "longhorn.fullname" .) -}} +{{- printf "http://%s-backend:9500" $fullname | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + +{{- define "secret" }} +{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.privateRegistry.registryUrl (printf "%s:%s" .Values.privateRegistry.registryUser .Values.privateRegistry.registryPasswd | b64enc) | b64enc }} +{{- end }} + +{{- /* +longhorn.labels generates the standard Helm labels. +*/ -}} +{{- define "longhorn.labels" -}} +app.kubernetes.io/name: {{ template "longhorn.name" . }} +helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/version: {{ .Chart.AppVersion }} +{{- end -}} + + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/longhorn/longhorn/1.0.201/templates/clusterrole.yaml b/released/charts/longhorn/longhorn/1.0.201/templates/clusterrole.yaml new file mode 100644 index 000000000..491c3e6a5 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/templates/clusterrole.yaml @@ -0,0 +1,40 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: longhorn-role + labels: {{- include "longhorn.labels" . | nindent 4 }} +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - "*" +- apiGroups: [""] + resources: ["pods", "events", "persistentvolumes", "persistentvolumeclaims","persistentvolumeclaims/status", "nodes", "proxy/nodes", "pods/log", "secrets", "services", "endpoints", "configmaps"] + verbs: ["*"] +- apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list"] +- apiGroups: ["apps"] + resources: ["daemonsets", "statefulsets", "deployments"] + verbs: ["*"] +- apiGroups: ["batch"] + resources: ["jobs", "cronjobs"] + verbs: ["*"] +- apiGroups: ["scheduling.k8s.io"] + resources: ["priorityclasses"] + verbs: ["watch", "list"] +- apiGroups: ["storage.k8s.io"] + resources: ["storageclasses", "volumeattachments", "csinodes", "csidrivers"] + verbs: ["*"] +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] +- apiGroups: ["longhorn.io"] + resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status"] + verbs: ["*"] +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["*"] diff --git a/released/charts/longhorn/longhorn/1.0.201/templates/clusterrolebinding.yaml b/released/charts/longhorn/longhorn/1.0.201/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..30c7fa78c --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/templates/clusterrolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: longhorn-bind + labels: {{- include "longhorn.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: longhorn-role +subjects: +- kind: ServiceAccount + name: longhorn-service-account + namespace: {{ .Release.Namespace }} diff --git a/released/charts/longhorn/longhorn/1.0.201/templates/daemonset-sa.yaml b/released/charts/longhorn/longhorn/1.0.201/templates/daemonset-sa.yaml new file mode 100644 index 000000000..1717aa4d9 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/templates/daemonset-sa.yaml @@ -0,0 +1,112 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-manager + name: longhorn-manager + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + app: longhorn-manager + template: + metadata: + labels: {{- include "longhorn.labels" . | nindent 8 }} + app: longhorn-manager + spec: + containers: + - name: longhorn-manager + image: {{ template "system_default_registry" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: IfNotPresent + securityContext: + privileged: true + command: + - longhorn-manager + - -d + - daemon + - --engine-image + - "{{ template "system_default_registry" . }}{{ .Values.image.longhorn.engine.repository }}:{{ .Values.image.longhorn.engine.tag }}" + - --instance-manager-image + - "{{ template "system_default_registry" . }}{{ .Values.image.longhorn.instanceManager.repository }}:{{ .Values.image.longhorn.instanceManager.tag }}" + - --manager-image + - "{{ template "system_default_registry" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}" + - --service-account + - longhorn-service-account + ports: + - containerPort: 9500 + name: manager + readinessProbe: + tcpSocket: + port: 9500 + volumeMounts: + - name: dev + mountPath: /host/dev/ + - name: proc + mountPath: /host/proc/ + - name: varrun + mountPath: /var/run/ + mountPropagation: Bidirectional + - name: longhorn + mountPath: /var/lib/longhorn/ + mountPropagation: Bidirectional + - name: longhorn-default-setting + mountPath: /var/lib/longhorn-setting/ + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: DEFAULT_SETTING_PATH + value: /var/lib/longhorn-setting/default-setting.yaml + volumes: + - name: dev + hostPath: + path: /dev/ + - name: proc + hostPath: + path: /proc/ + - name: varrun + hostPath: + path: /var/run/ + - name: longhorn + hostPath: + path: /var/lib/longhorn/ + - name: longhorn-default-setting + configMap: + name: longhorn-default-setting + {{- if .Values.defaultSettings.registrySecret }} + imagePullSecrets: + - name: {{ .Values.defaultSettings.registrySecret }} + {{- end }} + serviceAccountName: longhorn-service-account + updateStrategy: + rollingUpdate: + maxUnavailable: "100%" +--- +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-manager + name: longhorn-backend + namespace: {{ .Release.Namespace }} +spec: + type: {{ .Values.service.manager.type }} + sessionAffinity: ClientIP + selector: + app: longhorn-manager + ports: + - name: manager + port: 9500 + targetPort: manager + {{- if .Values.service.manager.nodePort }} + nodePort: {{ .Values.service.manager.nodePort }} + {{- end }} diff --git a/released/charts/longhorn/longhorn/1.0.201/templates/default-setting.yaml b/released/charts/longhorn/longhorn/1.0.201/templates/default-setting.yaml new file mode 100644 index 000000000..2eb10b4dc --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/templates/default-setting.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: longhorn-default-setting + namespace: {{ .Release.Namespace }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +data: + default-setting.yaml: |- + backup-target: {{ .Values.defaultSettings.backupTarget }} + backup-target-credential-secret: {{ .Values.defaultSettings.backupTargetCredentialSecret }} + create-default-disk-labeled-nodes: {{ .Values.defaultSettings.createDefaultDiskLabeledNodes }} + default-data-path: {{ .Values.defaultSettings.defaultDataPath }} + replica-soft-anti-affinity: {{ .Values.defaultSettings.replicaSoftAntiAffinity }} + storage-over-provisioning-percentage: {{ .Values.defaultSettings.storageOverProvisioningPercentage }} + storage-minimal-available-percentage: {{ .Values.defaultSettings.storageMinimalAvailablePercentage }} + upgrade-checker: {{ .Values.defaultSettings.upgradeChecker }} + default-replica-count: {{ .Values.defaultSettings.defaultReplicaCount }} + guaranteed-engine-cpu: {{ .Values.defaultSettings.guaranteedEngineCPU }} + default-longhorn-static-storage-class: {{ .Values.defaultSettings.defaultLonghornStaticStorageClass }} + backupstore-poll-interval: {{ .Values.defaultSettings.backupstorePollInterval }} + taint-toleration: {{ .Values.defaultSettings.taintToleration }} + priority-class: {{ .Values.defaultSettings.priorityClass }} + registry-secret: {{ .Values.defaultSettings.registrySecret }} + auto-salvage: {{ .Values.defaultSettings.autoSalvage }} + disable-scheduling-on-cordoned-node: {{ .Values.defaultSettings.disableSchedulingOnCordonedNode }} + replica-zone-soft-anti-affinity: {{ .Values.defaultSettings.replicaZoneSoftAntiAffinity }} + volume-attachment-recovery-policy: {{ .Values.defaultSettings.volumeAttachmentRecoveryPolicy }} + mkfs-ext4-parameters: {{ .Values.defaultSettings.mkfsExt4Parameters }} diff --git a/released/charts/longhorn/longhorn/1.0.201/templates/deployment-driver.yaml b/released/charts/longhorn/longhorn/1.0.201/templates/deployment-driver.yaml new file mode 100644 index 000000000..bee055d8e --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/templates/deployment-driver.yaml @@ -0,0 +1,84 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: longhorn-driver-deployer + namespace: {{ .Release.Namespace }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + app: longhorn-driver-deployer + template: + metadata: + labels: {{- include "longhorn.labels" . | nindent 8 }} + app: longhorn-driver-deployer + spec: + initContainers: + - name: wait-longhorn-manager + image: {{ template "system_default_registry" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" http://longhorn-backend:9500/v1) != "200" ]; do echo waiting; sleep 2; done'] + containers: + - name: longhorn-driver-deployer + image: {{ template "system_default_registry" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: IfNotPresent + command: + - longhorn-manager + - -d + - deploy-driver + - --manager-image + - "{{ template "system_default_registry" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}" + - --manager-url + - http://longhorn-backend:9500/v1 + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + {{- if .Values.csi.kubeletRootDir }} + - name: KUBELET_ROOT_DIR + value: {{ .Values.csi.kubeletRootDir }} + {{- end }} + {{- if and .Values.image.csi.attacher.repository .Values.image.csi.attacher.tag }} + - name: CSI_ATTACHER_IMAGE + value: "{{ template "system_default_registry" . }}{{ .Values.image.csi.attacher.repository }}:{{ .Values.image.csi.attacher.tag }}" + {{- end }} + {{- if and .Values.image.csi.provisioner.repository .Values.image.csi.provisioner.tag }} + - name: CSI_PROVISIONER_IMAGE + value: "{{ template "system_default_registry" . }}{{ .Values.image.csi.provisioner.repository }}:{{ .Values.image.csi.provisioner.tag }}" + {{- end }} + {{- if and .Values.image.csi.nodeDriverRegistrar.repository .Values.image.csi.nodeDriverRegistrar.tag }} + - name: CSI_NODE_DRIVER_REGISTRAR_IMAGE + value: "{{ template "system_default_registry" . }}{{ .Values.image.csi.nodeDriverRegistrar.repository }}:{{ .Values.image.csi.nodeDriverRegistrar.tag }}" + {{- end }} + {{- if and .Values.image.csi.resizer.repository .Values.image.csi.resizer.tag }} + - name: CSI_RESIZER_IMAGE + value: "{{ template "system_default_registry" . }}{{ .Values.image.csi.resizer.repository }}:{{ .Values.image.csi.resizer.tag }}" + {{- end }} + {{- if .Values.csi.attacherReplicaCount }} + - name: CSI_ATTACHER_REPLICA_COUNT + value: {{ .Values.csi.attacherReplicaCount | quote }} + {{- end }} + {{- if .Values.csi.provisionerReplicaCount }} + - name: CSI_PROVISIONER_REPLICA_COUNT + value: {{ .Values.csi.provisionerReplicaCount | quote }} + {{- end }} + {{- if .Values.csi.resizerReplicaCount }} + - name: CSI_RESIZER_REPLICA_COUNT + value: {{ .Values.csi.resizerReplicaCount | quote }} + {{- end }} + {{- if .Values.defaultSettings.registrySecret }} + imagePullSecrets: + - name: {{ .Values.defaultSettings.registrySecret }} + {{- end }} + serviceAccountName: longhorn-service-account + securityContext: + runAsUser: 0 diff --git a/released/charts/longhorn/longhorn/1.0.201/templates/deployment-ui.yaml b/released/charts/longhorn/longhorn/1.0.201/templates/deployment-ui.yaml new file mode 100644 index 000000000..0de0c9b3b --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/templates/deployment-ui.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-ui + name: longhorn-ui + namespace: {{ .Release.Namespace }} +spec: + replicas: 1 + selector: + matchLabels: + app: longhorn-ui + template: + metadata: + labels: {{- include "longhorn.labels" . | nindent 8 }} + app: longhorn-ui + spec: + containers: + - name: longhorn-ui + image: {{ template "system_default_registry" . }}{{ .Values.image.longhorn.ui.repository }}:{{ .Values.image.longhorn.ui.tag }} + imagePullPolicy: IfNotPresent + securityContext: + runAsUser: 0 + ports: + - containerPort: 8000 + name: http + env: + - name: LONGHORN_MANAGER_IP + value: "http://longhorn-backend:9500" + {{- if .Values.defaultSettings.registrySecret }} + imagePullSecrets: + - name: {{ .Values.defaultSettings.registrySecret }} + {{- end }} +--- +kind: Service +apiVersion: v1 +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-ui + {{- if eq .Values.service.ui.type "Rancher-Proxy" }} + kubernetes.io/cluster-service: "true" + {{- end }} + name: longhorn-frontend + namespace: {{ .Release.Namespace }} +spec: + {{- if eq .Values.service.ui.type "Rancher-Proxy" }} + type: ClusterIP + {{- else }} + type: {{ .Values.service.ui.type }} + {{- end }} + selector: + app: longhorn-ui + ports: + - name: http + port: 80 + targetPort: http + {{- if .Values.service.ui.nodePort }} + nodePort: {{ .Values.service.ui.nodePort }} + {{- else }} + nodePort: null + {{- end }} diff --git a/released/charts/longhorn/longhorn/1.0.201/templates/ingress.yaml b/released/charts/longhorn/longhorn/1.0.201/templates/ingress.yaml new file mode 100644 index 000000000..e3e9e3eea --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/templates/ingress.yaml @@ -0,0 +1,30 @@ +{{- if .Values.ingress.enabled }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: longhorn-ingress + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-ingress + annotations: + {{- if .Values.ingress.tls }} + ingress.kubernetes.io/secure-backends: "true" + {{- end }} + {{- range $key, $value := .Values.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + rules: + - host: {{ .Values.ingress.host }} + http: + paths: + - path: {{ default "" .Values.ingress.path }} + backend: + serviceName: longhorn-frontend + servicePort: 80 +{{- if .Values.ingress.tls }} + tls: + - hosts: + - {{ .Values.ingress.host }} + secretName: {{ .Values.ingress.tlsSecret }} +{{- end }} +{{- end }} diff --git a/released/charts/longhorn/longhorn/1.0.201/templates/postupgrade-job.yaml b/released/charts/longhorn/longhorn/1.0.201/templates/postupgrade-job.yaml new file mode 100644 index 000000000..1860be5fe --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/templates/postupgrade-job.yaml @@ -0,0 +1,35 @@ +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + "helm.sh/hook": post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation + name: longhorn-post-upgrade + namespace: {{ .Release.Namespace }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + activeDeadlineSeconds: 900 + backoffLimit: 1 + template: + metadata: + name: longhorn-post-upgrade + labels: {{- include "longhorn.labels" . | nindent 8 }} + spec: + containers: + - name: longhorn-post-upgrade + image: {{ template "system_default_registry" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: Always + command: + - longhorn-manager + - post-upgrade + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + restartPolicy: OnFailure + {{- if .Values.defaultSettings.registrySecret }} + imagePullSecrets: + - name: {{ .Values.defaultSettings.registrySecret }} + {{- end }} + serviceAccountName: longhorn-service-account diff --git a/released/charts/longhorn/longhorn/1.0.201/templates/psp.yaml b/released/charts/longhorn/longhorn/1.0.201/templates/psp.yaml new file mode 100644 index 000000000..66479b4fa --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/templates/psp.yaml @@ -0,0 +1,66 @@ +{{- if .Values.enablePSP }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: longhorn-psp + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + privileged: true + allowPrivilegeEscalation: true + requiredDropCapabilities: + - NET_RAW + allowedCapabilities: + - SYS_ADMIN + hostNetwork: false + hostIPC: false + hostPID: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + fsGroup: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - downwardAPI + - emptyDir + - secret + - projected + - hostPath +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: longhorn-psp-role + labels: {{- include "longhorn.labels" . | nindent 4 }} + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: + - policy + resources: + - podsecuritypolicies + verbs: + - use + resourceNames: + - longhorn-psp +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: longhorn-psp-binding + labels: {{- include "longhorn.labels" . | nindent 4 }} + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: longhorn-psp-role +subjects: +- kind: ServiceAccount + name: longhorn-service-account + namespace: {{ .Release.Namespace }} +- kind: ServiceAccount + name: default + namespace: {{ .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/released/charts/longhorn/longhorn/1.0.201/templates/registry-secret.yml b/released/charts/longhorn/longhorn/1.0.201/templates/registry-secret.yml new file mode 100644 index 000000000..eeb9a8f4a --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/templates/registry-secret.yml @@ -0,0 +1,10 @@ +{{- if .Values.defaultSettings.registrySecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.defaultSettings.registrySecret }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ template "secret" . }} +{{- end }} diff --git a/released/charts/longhorn/longhorn/1.0.201/templates/serviceaccount.yaml b/released/charts/longhorn/longhorn/1.0.201/templates/serviceaccount.yaml new file mode 100644 index 000000000..a2280b44f --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/templates/serviceaccount.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: longhorn-service-account + namespace: {{ .Release.Namespace }} + labels: {{- include "longhorn.labels" . | nindent 4 }} diff --git a/released/charts/longhorn/longhorn/1.0.201/templates/storageclass.yaml b/released/charts/longhorn/longhorn/1.0.201/templates/storageclass.yaml new file mode 100644 index 000000000..3fee340f4 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/templates/storageclass.yaml @@ -0,0 +1,14 @@ +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: longhorn + annotations: + storageclass.kubernetes.io/is-default-class: {{ .Values.persistence.defaultClass | quote }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +provisioner: driver.longhorn.io +allowVolumeExpansion: true +parameters: + numberOfReplicas: "{{ .Values.persistence.defaultClassReplicaCount }}" + staleReplicaTimeout: "30" + fromBackup: "" + baseImage: "" diff --git a/released/charts/longhorn/longhorn/1.0.201/templates/tls-secrets.yaml b/released/charts/longhorn/longhorn/1.0.201/templates/tls-secrets.yaml new file mode 100644 index 000000000..7a75df09c --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/templates/tls-secrets.yaml @@ -0,0 +1,15 @@ +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: longhorn + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +--- +{{- end }} +{{- end }} diff --git a/released/charts/longhorn/longhorn/1.0.201/templates/uninstall-job.yaml b/released/charts/longhorn/longhorn/1.0.201/templates/uninstall-job.yaml new file mode 100644 index 000000000..d32157145 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/templates/uninstall-job.yaml @@ -0,0 +1,36 @@ +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": hook-succeeded + name: longhorn-uninstall + namespace: {{ .Release.Namespace }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + activeDeadlineSeconds: 900 + backoffLimit: 1 + template: + metadata: + name: longhorn-uninstall + labels: {{- include "longhorn.labels" . | nindent 8 }} + spec: + containers: + - name: longhorn-uninstall + image: {{ template "system_default_registry" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: Always + command: + - longhorn-manager + - uninstall + - --force + env: + - name: LONGHORN_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + restartPolicy: OnFailure + {{- if .Values.defaultSettings.registrySecret }} + imagePullSecrets: + - name: {{ .Values.defaultSettings.registrySecret }} + {{- end }} + serviceAccountName: longhorn-service-account diff --git a/released/charts/longhorn/longhorn/1.0.201/templates/userroles.yaml b/released/charts/longhorn/longhorn/1.0.201/templates/userroles.yaml new file mode 100644 index 000000000..ba6d40643 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/templates/userroles.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "longhorn-admin" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: [ "longhorn.io" ] + resources: [ "volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status" ] + verbs: [ "*" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "longhorn-edit" + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: + - apiGroups: [ "longhorn.io" ] + resources: [ "volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status" ] + verbs: [ "*" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "longhorn-view" + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" +rules: + - apiGroups: [ "longhorn.io" ] + resources: [ "volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status" ] + verbs: [ "get", "list", "watch" ] diff --git a/released/charts/longhorn/longhorn/1.0.201/templates/validate-install-crd.yaml b/released/charts/longhorn/longhorn/1.0.201/templates/validate-install-crd.yaml new file mode 100644 index 000000000..4899b977c --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/templates/validate-install-crd.yaml @@ -0,0 +1,14 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "longhorn.io/v1beta1/Engine" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the longhorn-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/longhorn/longhorn/1.0.201/values.yaml b/released/charts/longhorn/longhorn/1.0.201/values.yaml new file mode 100644 index 000000000..a29b9497d --- /dev/null +++ b/released/charts/longhorn/longhorn/1.0.201/values.yaml @@ -0,0 +1,136 @@ +# Default values for longhorn. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +global: + cattle: + systemDefaultRegistry: "" + +image: + longhorn: + engine: + repository: rancher/longhornio-longhorn-engine + tag: v1.0.2 + manager: + repository: rancher/longhornio-longhorn-manager + tag: v1.0.2 + ui: + repository: rancher/longhornio-longhorn-ui + tag: v1.0.2 + instanceManager: + repository: rancher/longhornio-longhorn-instance-manager + tag: v1_20200514 + csi: + attacher: + repository: rancher/longhornio-csi-attacher + tag: v2.0.0 + provisioner: + repository: rancher/longhornio-csi-provisioner + tag: v1.4.0 + nodeDriverRegistrar: + repository: rancher/longhornio-csi-node-driver-registrar + tag: v1.2.0 + resizer: + repository: rancher/longhornio-csi-resizer + tag: v0.3.0 + pullPolicy: IfNotPresent + +service: + ui: + type: ClusterIP + nodePort: null + manager: + type: ClusterIP + nodePort: "" + +persistence: + defaultClass: true + defaultClassReplicaCount: 3 + +csi: + kubeletRootDir: ~ + attacherReplicaCount: ~ + provisionerReplicaCount: ~ + resizerReplicaCount: ~ + +defaultSettings: + backupTarget: ~ + backupTargetCredentialSecret: ~ + createDefaultDiskLabeledNodes: ~ + defaultDataPath: ~ + replicaSoftAntiAffinity: ~ + storageOverProvisioningPercentage: ~ + storageMinimalAvailablePercentage: ~ + upgradeChecker: ~ + defaultReplicaCount: ~ + guaranteedEngineCPU: ~ + defaultLonghornStaticStorageClass: ~ + backupstorePollInterval: ~ + taintToleration: ~ + priorityClass: ~ + registrySecret: ~ + autoSalvage: ~ + disableSchedulingOnCordonedNode: ~ + replicaZoneSoftAntiAffinity: ~ + volumeAttachmentRecoveryPolicy: ~ + mkfsExt4Parameters: ~ + +privateRegistry: + registryUrl: ~ + registryUser: ~ + registryPasswd: ~ + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + # + +ingress: + ## Set to true to enable ingress record generation + enabled: false + + + host: xip.io + + ## Set this to true in order to enable TLS on the ingress record + ## A side effect of this will be that the backend service will be connected at port 443 + tls: false + + ## If TLS is set to true, you must declare what secret will store the key/certificate for TLS + tlsSecret: longhorn.local-tls + + ## Ingress annotations done as key:value pairs + ## If you're using kube-lego, you will want to add: + ## kubernetes.io/tls-acme: true + ## + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/annotations.md + ## + ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set + annotations: + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: true + + secrets: + ## If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate should start with -----BEGIN CERTIFICATE----- or + ## -----BEGIN RSA PRIVATE KEY----- + ## + ## name should line up with a tlsSecret set further up + ## If you're using kube-lego, this is unneeded, as it will create the secret for you if it is not set + ## + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + # - name: longhorn.local-tls + # key: + # certificate: + +# Configure a pod security policy in the Longhorn namespace to allow privileged pods +enablePSP: true diff --git a/released/charts/longhorn/longhorn/1.1.000/.helmignore b/released/charts/longhorn/longhorn/1.1.000/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/released/charts/longhorn/longhorn/1.1.000/Chart.yaml b/released/charts/longhorn/longhorn/1.1.000/Chart.yaml new file mode 100644 index 000000000..2d86b61fe --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/Chart.yaml @@ -0,0 +1,37 @@ +annotations: + catalog.cattle.io/auto-install: longhorn-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Longhorn + catalog.cattle.io/namespace: longhorn-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: longhorn.io/v1beta1 + catalog.cattle.io/release-name: longhorn + catalog.cattle.io/ui-component: longhorn +apiVersion: v1 +appVersion: v1.1.0 +description: Longhorn is a distributed block storage system for Kubernetes. +home: https://github.com/longhorn/longhorn +icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/longhorn/icon/color/longhorn-icon-color.svg +keywords: +- longhorn +- storage +- distributed +- block +- device +- iscsi +kubeVersion: '>=v1.16.0-r0' +maintainers: +- email: maintainers@longhorn.io + name: Longhorn maintainers +- email: sheng@yasker.org + name: Sheng Yang +name: longhorn +sources: +- https://github.com/longhorn/longhorn +- https://github.com/longhorn/longhorn-engine +- https://github.com/longhorn/longhorn-instance-manager +- https://github.com/longhorn/longhorn-share-manager +- https://github.com/longhorn/longhorn-manager +- https://github.com/longhorn/longhorn-ui +- https://github.com/longhorn/longhorn-tests +version: 1.1.000 diff --git a/released/charts/longhorn/longhorn/1.1.000/README.md b/released/charts/longhorn/longhorn/1.1.000/README.md new file mode 100644 index 000000000..eae11ef6d --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/README.md @@ -0,0 +1,32 @@ +# Longhorn Chart + +> **Important**: Please install the Longhorn chart in the `longhorn-system` namespace only. + +> **Warning**: Longhorn doesn't support downgrading from a higher version to a lower version. + +## Source Code + +Longhorn is 100% open source software. Project source code is spread across a number of repos: + +1. Longhorn Engine -- Core controller/replica logic https://github.com/longhorn/longhorn-engine +2. Longhorn Instance Manager -- Controller/replica instance lifecycle management https://github.com/longhorn/longhorn-instance-manager +3. Longhorn Share Manager -- NFS provisioner that exposes Longhorn volumes as ReadWriteMany volumes. https://github.com/longhorn/longhorn-share-manager +4. Longhorn Manager -- Longhorn orchestration, includes CSI driver for Kubernetes https://github.com/longhorn/longhorn-manager +5. Longhorn UI -- Dashboard https://github.com/longhorn/longhorn-ui + +## Prerequisites + +1. Docker v1.13+ +2. Kubernetes v1.16+ +3. Make sure `curl`, `findmnt`, `grep`, `awk` and `blkid` has been installed in all nodes of the Kubernetes cluster. +4. Make sure `open-iscsi` has been installed in all nodes of the Kubernetes cluster. For GKE, recommended Ubuntu as guest OS image since it contains `open-iscsi` already. + +## Uninstallation + +To prevent damage to the Kubernetes cluster, we recommend deleting all Kubernetes workloads using Longhorn volumes (PersistentVolume, PersistentVolumeClaim, StorageClass, Deployment, StatefulSet, DaemonSet, etc). + +From Rancher Cluster Explorer UI, navigate to Apps page, delete app `longhorn` then app `longhorn-crd` in Installed Apps tab. + + +--- +Please see [link](https://github.com/longhorn/longhorn) for more information. diff --git a/released/charts/longhorn/longhorn/1.1.000/app-readme.md b/released/charts/longhorn/longhorn/1.1.000/app-readme.md new file mode 100644 index 000000000..cb23135ca --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/app-readme.md @@ -0,0 +1,11 @@ +# Longhorn + +Longhorn is a lightweight, reliable and easy to use distributed block storage system for Kubernetes. Once deployed, users can leverage persistent volumes provided by Longhorn. + +Longhorn creates a dedicated storage controller for each volume and synchronously replicates the volume across multiple replicas stored on multiple nodes. The storage controller and replicas are themselves orchestrated using Kubernetes. Longhorn supports snapshots, backups and even allows you to schedule recurring snapshots and backups! + +**Important**: Please install Longhorn chart in `longhorn-system` namespace only. + +**Warning**: Longhorn doesn't support downgrading from a higher version to a lower version. + +[Chart Documentation](https://github.com/longhorn/longhorn/blob/master/chart/README.md) diff --git a/released/charts/longhorn/longhorn/1.1.000/questions.yml b/released/charts/longhorn/longhorn/1.1.000/questions.yml new file mode 100644 index 000000000..f7ace54c7 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/questions.yml @@ -0,0 +1,512 @@ +categories: +- storage +namespace: longhorn-system +questions: +- variable: image.defaultImage + default: "true" + description: "Use default Longhorn images" + label: Use Default Images + type: boolean + show_subquestion_if: false + group: "Longhorn Images" + subquestions: + - variable: image.longhorn.manager.repository + default: rancher/longhornio-longhorn-manager + description: "Specify Longhorn Manager Image Repository" + type: string + label: Longhorn Manager Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.manager.tag + default: v1.1.0 + description: "Specify Longhorn Manager Image Tag" + type: string + label: Longhorn Manager Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.engine.repository + default: rancher/longhornio-longhorn-engine + description: "Specify Longhorn Engine Image Repository" + type: string + label: Longhorn Engine Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.engine.tag + default: v1.1.0 + description: "Specify Longhorn Engine Image Tag" + type: string + label: Longhorn Engine Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.ui.repository + default: rancher/longhornio-longhorn-ui + description: "Specify Longhorn UI Image Repository" + type: string + label: Longhorn UI Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.ui.tag + default: v1.1.0 + description: "Specify Longhorn UI Image Tag" + type: string + label: Longhorn UI Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.instanceManager.repository + default: rancher/longhornio-longhorn-instance-manager + description: "Specify Longhorn Instance Manager Image Repository" + type: string + label: Longhorn Instance Manager Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.instanceManager.tag + default: v1_20201216 + description: "Specify Longhorn Instance Manager Image Tag" + type: string + label: Longhorn Instance Manager Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.shareManager.repository + default: rancher/longhornio-longhorn-share-manager + description: "Specify Longhorn Share Manager Image Repository" + type: string + label: Longhorn Share Manager Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.shareManager.tag + default: v1_20201204 + description: "Specify Longhorn Share Manager Image Tag" + type: string + label: Longhorn Share Manager Image Tag + group: "Longhorn Images Settings" + - variable: image.csi.attacher.repository + default: rancher/longhornio-csi-attacher + description: "Specify CSI attacher image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Attacher Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.attacher.tag + default: v2.2.1-lh1 + description: "Specify CSI attacher image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Attacher Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.provisioner.repository + default: rancher/longhornio-csi-provisioner + description: "Specify CSI provisioner image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Provisioner Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.provisioner.tag + default: v1.6.0-lh1 + description: "Specify CSI provisioner image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Provisioner Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.nodeDriverRegistrar.repository + default: rancher/longhornio-csi-node-driver-registrar + description: "Specify CSI Node Driver Registrar image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Node Driver Registrar Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.nodeDriverRegistrar.tag + default: v1.2.0-lh1 + description: "Specify CSI Node Driver Registrar image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Node Driver Registrar Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.resizer.repository + default: rancher/longhornio-csi-resizer + description: "Specify CSI Driver Resizer image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Driver Resizer Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.resizer.tag + default: v0.5.1-lh1 + description: "Specify CSI Driver Resizer image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Driver Resizer Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.snapshotter.repository + default: rancher/longhornio-csi-snapshotter + description: "Specify CSI Driver Snapshotter image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Driver Snapshotter Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.snapshotter.tag + default: v2.1.1-lh1 + description: "Specify CSI Driver Snapshotter image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Driver Snapshotter Image Tag + group: "Longhorn CSI Driver Images" +- variable: privateRegistry.registryUrl + label: Private registry URL + description: "URL of private registry. Leave blank to apply system default registry." + group: "Private Registry Settings" + type: string + default: "" +- variable: privateRegistry.registryUser + label: Private registry user + description: "User used to authenticate to private registry" + group: "Private Registry Settings" + type: string + default: "" +- variable: privateRegistry.registryPasswd + label: Private registry password + description: "Password used to authenticate to private registry" + group: "Private Registry Settings" + type: password + default: "" +- variable: privateRegistry.registrySecret + label: Private registry secret name + description: "Longhorn will automatically generate a Kubernetes secret with this name and use it to pull images from your private registry." + group: "Private Registry Settings" + type: string + default: "" +- variable: longhorn.default_setting + default: "false" + description: "Customize the default settings before installing Longhorn for the first time. This option will only work if the cluster hasn't installed Longhorn." + label: "Customize Default Settings" + type: boolean + show_subquestion_if: true + group: "Longhorn Default Settings" + subquestions: + - variable: csi.kubeletRootDir + default: + description: "Specify kubelet root-dir. Leave blank to autodetect." + type: string + label: Kubelet Root Directory + group: "Longhorn CSI Driver Settings" + - variable: csi.attacherReplicaCount + type: int + default: 3 + min: 1 + max: 10 + description: "Specify replica count of CSI Attacher. By default 3." + label: Longhorn CSI Attacher replica count + group: "Longhorn CSI Driver Settings" + - variable: csi.provisionerReplicaCount + type: int + default: 3 + min: 1 + max: 10 + description: "Specify replica count of CSI Provisioner. By default 3." + label: Longhorn CSI Provisioner replica count + group: "Longhorn CSI Driver Settings" + - variable: csi.resizerReplicaCount + type: int + default: 3 + min: 1 + max: 10 + description: "Specify replica count of CSI Resizer. By default 3." + label: Longhorn CSI Resizer replica count + group: "Longhorn CSI Driver Settings" + - variable: csi.snapshotterReplicaCount + type: int + default: 3 + min: 1 + max: 10 + description: "Specify replica count of CSI Snapshotter. By default 3." + label: Longhorn CSI Snapshotter replica count + group: "Longhorn CSI Driver Settings" + - variable: defaultSettings.backupTarget + label: Backup Target + description: "The endpoint used to access the backupstore. NFS and S3 are supported." + group: "Longhorn Default Settings" + type: string + default: + - variable: defaultSettings.backupTargetCredentialSecret + label: Backup Target Credential Secret + description: "The name of the Kubernetes secret associated with the backup target." + group: "Longhorn Default Settings" + type: string + default: + - variable: defaultSettings.allowRecurringJobWhileVolumeDetached + label: Allow Recurring Job While Volume Is Detached + description: 'If this setting is enabled, Longhorn will automatically attaches the volume and takes snapshot/backup when it is the time to do recurring snapshot/backup. +Note that the volume is not ready for workload during the period when the volume was automatically attached. Workload will have to wait until the recurring job finishes.' + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.createDefaultDiskLabeledNodes + label: Create Default Disk on Labeled Nodes + description: 'Create default Disk automatically only on Nodes with the label "node.longhorn.io/create-default-disk=true" if no other disks exist. If disabled, the default disk will be created on all new nodes when each node is first added.' + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.defaultDataPath + label: Default Data Path + description: 'Default path to use for storing data on a host. By default "/var/lib/longhorn/"' + group: "Longhorn Default Settings" + type: string + default: "/var/lib/longhorn/" + - variable: defaultSettings.defaultDataLocality + label: Default Data Locality + description: 'We say a Longhorn volume has data locality if there is a local replica of the volume on the same node as the pod which is using the volume. +This setting specifies the default data locality when a volume is created from the Longhorn UI. For Kubernetes configuration, update the `dataLocality` in the StorageClass +The available modes are: +- **disabled**. This is the default option. There may or may not be a replica on the same node as the attached volume (workload) +- **best-effort**. This option instructs Longhorn to try to keep a replica on the same node as the attached volume (workload). Longhorn will not stop the volume, even if it cannot keep a replica local to the attached volume (workload) due to environment limitation, e.g. not enough disk space, incompatible disk tags, etc.' + group: "Longhorn Default Settings" + type: enum + options: + - "disabled" + - "best-effort" + default: "disabled" + - variable: defaultSettings.replicaSoftAntiAffinity + label: Replica Node Level Soft Anti-Affinity + description: 'Allow scheduling on nodes with existing healthy replicas of the same volume. By default false.' + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.storageOverProvisioningPercentage + label: Storage Over Provisioning Percentage + description: "The over-provisioning percentage defines how much storage can be allocated relative to the hard drive's capacity. By default 200." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 200 + - variable: defaultSettings.storageMinimalAvailablePercentage + label: Storage Minimal Available Percentage + description: "If the minimum available disk capacity exceeds the actual percentage of available disk capacity, the disk becomes unschedulable until more space is freed up. By default 25." + group: "Longhorn Default Settings" + type: int + min: 0 + max: 100 + default: 25 + - variable: defaultSettings.upgradeChecker + label: Enable Upgrade Checker + description: 'Upgrade Checker will check for new Longhorn version periodically. When there is a new version available, a notification will appear in the UI. By default true.' + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.defaultReplicaCount + label: Default Replica Count + description: "The default number of replicas when a volume is created from the Longhorn UI. For Kubernetes configuration, update the `numberOfReplicas` in the StorageClass. By default 3." + group: "Longhorn Default Settings" + type: int + min: 1 + max: 20 + default: 3 + - variable: defaultSettings.guaranteedEngineCPU + label: Guaranteed Engine CPU + description: "Allow Longhorn Instance Managers to have guaranteed CPU allocation. By default 0.25. The value is how many CPUs should be reserved for each Engine/Replica Instance Manager Pod created by Longhorn. For example, 0.1 means one-tenth of a CPU. This will help maintain engine stability during high node workload. It only applies to the Engine/Replica Instance Manager Pods created after the setting took effect. +In order to prevent unexpected volume crash, you can use the following formula to calculate an appropriate value for this setting: +'Guaranteed Engine CPU = The estimated max Longhorn volume/replica count on a node * 0.1'. +The result of above calculation doesn't mean that's the maximum CPU resources the Longhorn workloads require. To fully exploit the Longhorn volume I/O performance, you can allocate/guarantee more CPU resources via this setting. +If it's hard to estimate the volume/replica count now, you can leave it with the default value, or allocate 1/8 of total CPU of a node. Then you can tune it when there is no running workload using Longhorn volumes. +WARNING: After this setting is changed, all the instance managers on all the nodes will be automatically restarted +WARNING: DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES." + group: "Longhorn Default Settings" + type: float + default: 0.25 + - variable: defaultSettings.defaultLonghornStaticStorageClass + label: Default Longhorn Static StorageClass Name + description: "The 'storageClassName' is given to PVs and PVCs that are created for an existing Longhorn volume. The StorageClass name can also be used as a label, so it is possible to use a Longhorn StorageClass to bind a workload to an existing PV without creating a Kubernetes StorageClass object. By default 'longhorn-static'." + group: "Longhorn Default Settings" + type: string + default: "longhorn-static" + - variable: defaultSettings.backupstorePollInterval + label: Backupstore Poll Interval + description: "In seconds. The backupstore poll interval determines how often Longhorn checks the backupstore for new backups. Set to 0 to disable the polling. By default 300." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 300 + - variable: defaultSettings.taintToleration + label: Kubernetes Taint Toleration + description: "To dedicate nodes to store Longhorn replicas and reject other general workloads, set tolerations for Longhorn and add taints for the storage nodes. +All Longhorn volumes should be detached before modifying toleration settings. +We recommend setting tolerations during Longhorn deployment because the Longhorn system cannot be operated during the update. +Multiple tolerations can be set here, and these tolerations are separated by semicolon. For example: +* `key1=value1:NoSchedule; key2:NoExecute` +* `:` this toleration tolerates everything because an empty key with operator `Exists` matches all keys, values and effects +* `key1=value1:` this toleration has empty effect. It matches all effects with key `key1` +Because `kubernetes.io` is used as the key of all Kubernetes default tolerations, it should not be used in the toleration settings. +WARNING: DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES!" + group: "Longhorn Default Settings" + type: string + default: "" + - variable: defaultSettings.priorityClass + label: Priority Class + description: "The name of the Priority Class to set on the Longhorn workloads. This can help prevent Longhorn workloads from being evicted under Node Pressure. WARNING: DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES." + group: "Longhorn Default Settings" + type: string + default: "" + - variable: defaultSettings.autoSalvage + label: Automatic salvage + description: "If enabled, volumes will be automatically salvaged when all the replicas become faulty e.g. due to network disconnection. Longhorn will try to figure out which replica(s) are usable, then use them for the volume. By default true." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.autoDeletePodWhenVolumeDetachedUnexpectedly + label: Automatically Delete Workload Pod when The Volume Is Detached Unexpectedly + description: 'If enabled, Longhorn will automatically delete the workload pod that is managed by a controller (e.g. deployment, statefulset, daemonset, etc...) when Longhorn volume is detached unexpectedly (e.g. during Kubernetes upgrade, Docker reboot, or network disconnect). By deleting the pod, its controller restarts the pod and Kubernetes handles volume reattachment and remount. +If disabled, Longhorn will not delete the workload pod that is managed by a controller. You will have to manually restart the pod to reattach and remount the volume. +**Note:** This setting does not apply to the workload pods that do not have a controller. Longhorn never deletes them.' + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.disableSchedulingOnCordonedNode + label: Disable Scheduling On Cordoned Node + description: "Disable Longhorn manager to schedule replica on Kubernetes cordoned node. By default true." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.replicaZoneSoftAntiAffinity + label: Replica Zone Level Soft Anti-Affinity + description: "Allow scheduling new Replicas of Volume to the Nodes in the same Zone as existing healthy Replicas. Nodes don't belong to any Zone will be treated as in the same Zone. By default true." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.volumeAttachmentRecoveryPolicy + label: Volume Attachment Recovery Policy + description: "Defines the Longhorn action when a Volume is stuck with a Deployment Pod on a failed node. `wait` leads to the deletion of the volume attachment as soon as the pods deletion time has passed. `never` is the default Kubernetes behavior of never deleting volume attachments on terminating pods. `immediate` leads to the deletion of the volume attachment as soon as all workload pods are pending. By default wait." + group: "Longhorn Default Settings" + type: enum + options: + - "wait" + - "never" + - "immediate" + default: "wait" + - variable: defaultSettings.nodeDownPodDeletionPolicy + label: Pod Deletion Policy When Node is Down + description: "Defines the Longhorn action when a Volume is stuck with a StatefulSet/Deployment Pod on a node that is down. +- **do-nothing** is the default Kubernetes behavior of never force deleting StatefulSet/Deployment terminating pods. Since the pod on the node that is down isn't removed, Longhorn volumes are stuck on nodes that are down. +- **delete-statefulset-pod** Longhorn will force delete StatefulSet terminating pods on nodes that are down to release Longhorn volumes so that Kubernetes can spin up replacement pods. +- **delete-deployment-pod** Longhorn will force delete Deployment terminating pods on nodes that are down to release Longhorn volumes so that Kubernetes can spin up replacement pods. +- **delete-both-statefulset-and-deployment-pod** Longhorn will force delete StatefulSet/Deployment terminating pods on nodes that are down to release Longhorn volumes so that Kubernetes can spin up replacement pods." + group: "Longhorn Default Settings" + type: enum + options: + - "do-nothing" + - "delete-statefulset-pod" + - "delete-deployment-pod" + - "delete-both-statefulset-and-deployment-pod" + default: "do-nothing" + - variable: defaultSettings.allowNodeDrainWithLastHealthyReplica + label: Allow Node Drain with the Last Healthy Replica + description: "By default, Longhorn will block `kubectl drain` action on a node if the node contains the last healthy replica of a volume. +If this setting is enabled, Longhorn will **not** block `kubectl drain` action on a node even if the node contains the last healthy replica of a volume." + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.mkfsExt4Parameters + label: Custom mkfs.ext4 parameters + description: "Allows setting additional filesystem creation parameters for ext4. For older host kernels it might be necessary to disable the optional ext4 metadata_csum feature by specifying `-O ^64bit,^metadata_csum`." + group: "Longhorn Default Settings" + type: string + - variable: defaultSettings.disableReplicaRebuild + label: Disable Replica Rebuild + description: "This setting disable replica rebuild cross the whole cluster, eviction and data locality feature won't work if this setting is true. But doesn't have any impact to any current replica rebuild and restore disaster recovery volume." + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.replicaReplenishmentWaitInterval + label: Replica Replenishment Wait Interval + description: "In seconds. The interval determines how long Longhorn will wait at least in order to reuse the existing data on a failed replica rather than directly creating a new replica for a degraded volume. +Warning: This option works only when there is a failed replica in the volume. And this option may block the rebuilding for a while in the case." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 600 + - variable: defaultSettings.disableRevisionCounter + label: Disable Revision Counter + description: "This setting is only for volumes created by UI. By default, this is false meaning there will be a reivision counter file to track every write to the volume. During salvage recovering Longhorn will pick the repica with largest reivision counter as candidate to recover the whole volume. If revision counter is disabled, Longhorn will not track every write to the volume. During the salvage recovering, Longhorn will use the 'volume-head-xxx.img' file last modification time and file size to pick the replica candidate to recover the whole volume." + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.systemManagedPodsImagePullPolicy + label: System Managed Pod Image Pull Policy + description: "This setting defines the Image Pull Policy of Longhorn system managed pods, e.g. instance manager, engine image, CSI driver, etc. The new Image Pull Policy will only apply after the system managed pods restart." + group: "Longhorn Default Settings" + type: enum + options: + - "if-not-present" + - "always" + - "never" + default: "if-not-present" + - variable: defaultSettings.allowVolumeCreationWithDegradedAvailability + label: Allow Volume Creation with Degraded Availability + description: "This setting allows user to create and attach a volume that doesn't have all the replicas scheduled at the time of creation." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.autoCleanupSystemGeneratedSnapshot + label: Automatically Cleanup System Generated Snapshot + description: "This setting enables Longhorn to automatically cleanup the system generated snapshot after replica rebuild is done." + group: "Longhorn Default Settings" + type: boolean + default: "true" +- variable: persistence.defaultClass + default: "true" + description: "Set as default StorageClass for Longhorn" + label: Default Storage Class + group: "Longhorn Storage Class Settings" + required: true + type: boolean +- variable: persistence.reclaimPolicy + label: Storage Class Retain Policy + description: "Define reclaim policy (Retain or Delete)" + group: "Longhorn Storage Class Settings" + required: true + type: enum + options: + - "Delete" + - "Retain" + default: "Delete" +- variable: persistence.defaultClassReplicaCount + description: "Set replica count for Longhorn StorageClass" + label: Default Storage Class Replica Count + group: "Longhorn Storage Class Settings" + type: int + min: 1 + max: 10 + default: 3 +- variable: persistence.recurringJobs.enable + description: "Enable recurring job for Longhorn StorageClass" + group: "Longhorn Storage Class Settings" + label: Enable Storage Class Recurring Job + type: boolean + default: false + show_subquestion_if: true + subquestions: + - variable: persistence.recurringJobs.jobList + description: 'Recurring job list for Longhorn StorageClass. Please be careful of quotes of input. e.g., [{"name":"backup", "task":"backup", "cron":"*/2 * * * *", "retain":1,"labels": {"interval":"2m"}}]' + label: Storage Class Recurring Job List + group: "Longhorn Storage Class Settings" + type: string + default: +- variable: ingress.enabled + default: "false" + description: "Expose app using Layer 7 Load Balancer - ingress" + type: boolean + group: "Services and Load Balancing" + label: Expose app using Layer 7 Load Balancer + show_subquestion_if: true + subquestions: + - variable: ingress.host + default: "xip.io" + description: "layer 7 Load Balancer hostname" + type: hostname + required: true + label: Layer 7 Load Balancer Hostname +- variable: service.ui.type + default: "Rancher-Proxy" + description: "Define Longhorn UI service type" + type: enum + options: + - "ClusterIP" + - "NodePort" + - "LoadBalancer" + - "Rancher-Proxy" + label: Longhorn UI Service + show_if: "ingress.enabled=false" + group: "Services and Load Balancing" + show_subquestion_if: "NodePort" + subquestions: + - variable: service.ui.nodePort + default: "" + description: "NodePort port number(to set explicitly, choose port between 30000-32767)" + type: int + min: 30000 + max: 32767 + show_if: "service.ui.type=NodePort||service.ui.type=LoadBalancer" + label: UI Service NodePort number +- variable: enablePSP + default: "true" + description: "Setup a pod security policy for Longhorn workloads." + label: Pod Security Policy + type: boolean + group: "Other Settings" diff --git a/released/charts/longhorn/longhorn/1.1.000/templates/NOTES.txt b/released/charts/longhorn/longhorn/1.1.000/templates/NOTES.txt new file mode 100644 index 000000000..cca7cd77b --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/templates/NOTES.txt @@ -0,0 +1,5 @@ +Longhorn is now installed on the cluster! + +Please wait a few minutes for other Longhorn components such as CSI deployments, Engine Images, and Instance Managers to be initialized. + +Visit our documentation at https://longhorn.io/docs/ diff --git a/released/charts/longhorn/longhorn/1.1.000/templates/_helpers.tpl b/released/charts/longhorn/longhorn/1.1.000/templates/_helpers.tpl new file mode 100644 index 000000000..3fbc2ac02 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/templates/_helpers.tpl @@ -0,0 +1,66 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "longhorn.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "longhorn.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + +{{- define "longhorn.managerIP" -}} +{{- $fullname := (include "longhorn.fullname" .) -}} +{{- printf "http://%s-backend:9500" $fullname | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + +{{- define "secret" }} +{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.privateRegistry.registryUrl (printf "%s:%s" .Values.privateRegistry.registryUser .Values.privateRegistry.registryPasswd | b64enc) | b64enc }} +{{- end }} + +{{- /* +longhorn.labels generates the standard Helm labels. +*/ -}} +{{- define "longhorn.labels" -}} +app.kubernetes.io/name: {{ template "longhorn.name" . }} +helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/version: {{ .Chart.AppVersion }} +{{- end -}} + + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{- define "registry_url" -}} +{{- if .Values.privateRegistry.registryUrl -}} +{{- printf "%s/" .Values.privateRegistry.registryUrl -}} +{{- else -}} +{{ include "system_default_registry" . }} +{{- end -}} +{{- end -}} + +{{- /* + define the longhorn release namespace +*/ -}} +{{- define "release_namespace" -}} +{{- if .Values.namespaceOverride -}} +{{- .Values.namespaceOverride -}} +{{- else -}} +{{- .Release.Namespace -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/longhorn/longhorn/1.1.000/templates/clusterrole.yaml b/released/charts/longhorn/longhorn/1.1.000/templates/clusterrole.yaml new file mode 100644 index 000000000..c69761756 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/templates/clusterrole.yaml @@ -0,0 +1,47 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: longhorn-role + labels: {{- include "longhorn.labels" . | nindent 4 }} +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - "*" +- apiGroups: [""] + resources: ["pods", "events", "persistentvolumes", "persistentvolumeclaims","persistentvolumeclaims/status", "nodes", "proxy/nodes", "pods/log", "secrets", "services", "endpoints", "configmaps"] + verbs: ["*"] +- apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list"] +- apiGroups: ["apps"] + resources: ["daemonsets", "statefulsets", "deployments"] + verbs: ["*"] +- apiGroups: ["batch"] + resources: ["jobs", "cronjobs"] + verbs: ["*"] +- apiGroups: ["policy"] + resources: ["poddisruptionbudgets"] + verbs: ["*"] +- apiGroups: ["scheduling.k8s.io"] + resources: ["priorityclasses"] + verbs: ["watch", "list"] +- apiGroups: ["storage.k8s.io"] + resources: ["storageclasses", "volumeattachments", "csinodes", "csidrivers"] + verbs: ["*"] +- apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses", "volumesnapshots", "volumesnapshotcontents", "volumesnapshotcontents/status"] + verbs: ["*"] +- apiGroups: ["longhorn.io"] + resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status", + "sharemanagers", "sharemanagers/status"] + verbs: ["*"] +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["*"] +- apiGroups: ["metrics.k8s.io"] + resources: ["pods", "nodes"] + verbs: ["get", "list"] diff --git a/released/charts/longhorn/longhorn/1.1.000/templates/clusterrolebinding.yaml b/released/charts/longhorn/longhorn/1.1.000/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..66ac62f9b --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/templates/clusterrolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: longhorn-bind + labels: {{- include "longhorn.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: longhorn-role +subjects: +- kind: ServiceAccount + name: longhorn-service-account + namespace: {{ include "release_namespace" . }} diff --git a/released/charts/longhorn/longhorn/1.1.000/templates/daemonset-sa.yaml b/released/charts/longhorn/longhorn/1.1.000/templates/daemonset-sa.yaml new file mode 100644 index 000000000..e40793591 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/templates/daemonset-sa.yaml @@ -0,0 +1,114 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-manager + name: longhorn-manager + namespace: {{ include "release_namespace" . }} +spec: + selector: + matchLabels: + app: longhorn-manager + template: + metadata: + labels: {{- include "longhorn.labels" . | nindent 8 }} + app: longhorn-manager + spec: + containers: + - name: longhorn-manager + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: IfNotPresent + securityContext: + privileged: true + command: + - longhorn-manager + - -d + - daemon + - --engine-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.engine.repository }}:{{ .Values.image.longhorn.engine.tag }}" + - --instance-manager-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.instanceManager.repository }}:{{ .Values.image.longhorn.instanceManager.tag }}" + - --share-manager-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.shareManager.repository }}:{{ .Values.image.longhorn.shareManager.tag }}" + - --manager-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}" + - --service-account + - longhorn-service-account + ports: + - containerPort: 9500 + name: manager + readinessProbe: + tcpSocket: + port: 9500 + volumeMounts: + - name: dev + mountPath: /host/dev/ + - name: proc + mountPath: /host/proc/ + - name: varrun + mountPath: /var/run/ + mountPropagation: Bidirectional + - name: longhorn + mountPath: /var/lib/longhorn/ + mountPropagation: Bidirectional + - name: longhorn-default-setting + mountPath: /var/lib/longhorn-setting/ + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: DEFAULT_SETTING_PATH + value: /var/lib/longhorn-setting/default-setting.yaml + volumes: + - name: dev + hostPath: + path: /dev/ + - name: proc + hostPath: + path: /proc/ + - name: varrun + hostPath: + path: /var/run/ + - name: longhorn + hostPath: + path: /var/lib/longhorn/ + - name: longhorn-default-setting + configMap: + name: longhorn-default-setting + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + serviceAccountName: longhorn-service-account + updateStrategy: + rollingUpdate: + maxUnavailable: "100%" +--- +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-manager + name: longhorn-backend + namespace: {{ include "release_namespace" . }} +spec: + type: {{ .Values.service.manager.type }} + sessionAffinity: ClientIP + selector: + app: longhorn-manager + ports: + - name: manager + port: 9500 + targetPort: manager + {{- if .Values.service.manager.nodePort }} + nodePort: {{ .Values.service.manager.nodePort }} + {{- end }} diff --git a/released/charts/longhorn/longhorn/1.1.000/templates/default-setting.yaml b/released/charts/longhorn/longhorn/1.1.000/templates/default-setting.yaml new file mode 100644 index 000000000..14c264e27 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/templates/default-setting.yaml @@ -0,0 +1,38 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: longhorn-default-setting + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +data: + default-setting.yaml: |- + backup-target: {{ .Values.defaultSettings.backupTarget }} + backup-target-credential-secret: {{ .Values.defaultSettings.backupTargetCredentialSecret }} + allow-recurring-job-while-volume-detached: {{ .Values.defaultSettings.allowRecurringJobWhileVolumeDetached }} + create-default-disk-labeled-nodes: {{ .Values.defaultSettings.createDefaultDiskLabeledNodes }} + default-data-path: {{ .Values.defaultSettings.defaultDataPath }} + replica-soft-anti-affinity: {{ .Values.defaultSettings.replicaSoftAntiAffinity }} + storage-over-provisioning-percentage: {{ .Values.defaultSettings.storageOverProvisioningPercentage }} + storage-minimal-available-percentage: {{ .Values.defaultSettings.storageMinimalAvailablePercentage }} + upgrade-checker: {{ .Values.defaultSettings.upgradeChecker }} + default-replica-count: {{ .Values.defaultSettings.defaultReplicaCount }} + default-data-locality: {{ .Values.defaultSettings.defaultDataLocality }} + guaranteed-engine-cpu: {{ .Values.defaultSettings.guaranteedEngineCPU }} + default-longhorn-static-storage-class: {{ .Values.defaultSettings.defaultLonghornStaticStorageClass }} + backupstore-poll-interval: {{ .Values.defaultSettings.backupstorePollInterval }} + taint-toleration: {{ .Values.defaultSettings.taintToleration }} + priority-class: {{ .Values.defaultSettings.priorityClass }} + auto-salvage: {{ .Values.defaultSettings.autoSalvage }} + auto-delete-pod-when-volume-detached-unexpectedly: {{ .Values.defaultSettings.autoDeletePodWhenVolumeDetachedUnexpectedly }} + disable-scheduling-on-cordoned-node: {{ .Values.defaultSettings.disableSchedulingOnCordonedNode }} + replica-zone-soft-anti-affinity: {{ .Values.defaultSettings.replicaZoneSoftAntiAffinity }} + volume-attachment-recovery-policy: {{ .Values.defaultSettings.volumeAttachmentRecoveryPolicy }} + node-down-pod-deletion-policy: {{ .Values.defaultSettings.nodeDownPodDeletionPolicy }} + allow-node-drain-with-last-healthy-replica: {{ .Values.defaultSettings.allowNodeDrainWithLastHealthyReplica }} + mkfs-ext4-parameters: {{ .Values.defaultSettings.mkfsExt4Parameters }} + disable-replica-rebuild: {{ .Values.defaultSettings.disableReplicaRebuild }} + replica-replenishment-wait-interval: {{ .Values.defaultSettings.replicaReplenishmentWaitInterval }} + disable-revision-counter: {{ .Values.defaultSettings.disableRevisionCounter }} + system-managed-pods-image-pull-policy: {{ .Values.defaultSettings.systemManagedPodsImagePullPolicy }} + allow-volume-creation-with-degraded-availability: {{ .Values.defaultSettings.allowVolumeCreationWithDegradedAvailability }} + auto-cleanup-system-generated-snapshot: {{ .Values.defaultSettings.autoCleanupSystemGeneratedSnapshot }} diff --git a/released/charts/longhorn/longhorn/1.1.000/templates/deployment-driver.yaml b/released/charts/longhorn/longhorn/1.1.000/templates/deployment-driver.yaml new file mode 100644 index 000000000..c4b6e3587 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/templates/deployment-driver.yaml @@ -0,0 +1,93 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: longhorn-driver-deployer + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + app: longhorn-driver-deployer + template: + metadata: + labels: {{- include "longhorn.labels" . | nindent 8 }} + app: longhorn-driver-deployer + spec: + initContainers: + - name: wait-longhorn-manager + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" http://longhorn-backend:9500/v1) != "200" ]; do echo waiting; sleep 2; done'] + containers: + - name: longhorn-driver-deployer + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: IfNotPresent + command: + - longhorn-manager + - -d + - deploy-driver + - --manager-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}" + - --manager-url + - http://longhorn-backend:9500/v1 + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + {{- if .Values.csi.kubeletRootDir }} + - name: KUBELET_ROOT_DIR + value: {{ .Values.csi.kubeletRootDir }} + {{- end }} + {{- if and .Values.image.csi.attacher.repository .Values.image.csi.attacher.tag }} + - name: CSI_ATTACHER_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.attacher.repository }}:{{ .Values.image.csi.attacher.tag }}" + {{- end }} + {{- if and .Values.image.csi.provisioner.repository .Values.image.csi.provisioner.tag }} + - name: CSI_PROVISIONER_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.provisioner.repository }}:{{ .Values.image.csi.provisioner.tag }}" + {{- end }} + {{- if and .Values.image.csi.nodeDriverRegistrar.repository .Values.image.csi.nodeDriverRegistrar.tag }} + - name: CSI_NODE_DRIVER_REGISTRAR_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.nodeDriverRegistrar.repository }}:{{ .Values.image.csi.nodeDriverRegistrar.tag }}" + {{- end }} + {{- if and .Values.image.csi.resizer.repository .Values.image.csi.resizer.tag }} + - name: CSI_RESIZER_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.resizer.repository }}:{{ .Values.image.csi.resizer.tag }}" + {{- end }} + {{- if and .Values.image.csi.snapshotter.repository .Values.image.csi.snapshotter.tag }} + - name: CSI_SNAPSHOTTER_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.snapshotter.repository }}:{{ .Values.image.csi.snapshotter.tag }}" + {{- end }} + {{- if .Values.csi.attacherReplicaCount }} + - name: CSI_ATTACHER_REPLICA_COUNT + value: {{ .Values.csi.attacherReplicaCount | quote }} + {{- end }} + {{- if .Values.csi.provisionerReplicaCount }} + - name: CSI_PROVISIONER_REPLICA_COUNT + value: {{ .Values.csi.provisionerReplicaCount | quote }} + {{- end }} + {{- if .Values.csi.resizerReplicaCount }} + - name: CSI_RESIZER_REPLICA_COUNT + value: {{ .Values.csi.resizerReplicaCount | quote }} + {{- end }} + {{- if .Values.csi.snapshotterReplicaCount }} + - name: CSI_SNAPSHOTTER_REPLICA_COUNT + value: {{ .Values.csi.snapshotterReplicaCount | quote }} + {{- end }} + + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + serviceAccountName: longhorn-service-account + securityContext: + runAsUser: 0 diff --git a/released/charts/longhorn/longhorn/1.1.000/templates/deployment-ui.yaml b/released/charts/longhorn/longhorn/1.1.000/templates/deployment-ui.yaml new file mode 100644 index 000000000..da7c0ea5b --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/templates/deployment-ui.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-ui + name: longhorn-ui + namespace: {{ include "release_namespace" . }} +spec: + replicas: 1 + selector: + matchLabels: + app: longhorn-ui + template: + metadata: + labels: {{- include "longhorn.labels" . | nindent 8 }} + app: longhorn-ui + spec: + containers: + - name: longhorn-ui + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.ui.repository }}:{{ .Values.image.longhorn.ui.tag }} + imagePullPolicy: IfNotPresent + securityContext: + runAsUser: 0 + ports: + - containerPort: 8000 + name: http + env: + - name: LONGHORN_MANAGER_IP + value: "http://longhorn-backend:9500" + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} +--- +kind: Service +apiVersion: v1 +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-ui + {{- if eq .Values.service.ui.type "Rancher-Proxy" }} + kubernetes.io/cluster-service: "true" + {{- end }} + name: longhorn-frontend + namespace: {{ include "release_namespace" . }} +spec: + {{- if eq .Values.service.ui.type "Rancher-Proxy" }} + type: ClusterIP + {{- else }} + type: {{ .Values.service.ui.type }} + {{- end }} + selector: + app: longhorn-ui + ports: + - name: http + port: 80 + targetPort: http + {{- if .Values.service.ui.nodePort }} + nodePort: {{ .Values.service.ui.nodePort }} + {{- else }} + nodePort: null + {{- end }} diff --git a/released/charts/longhorn/longhorn/1.1.000/templates/ingress.yaml b/released/charts/longhorn/longhorn/1.1.000/templates/ingress.yaml new file mode 100644 index 000000000..5b3a40588 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/templates/ingress.yaml @@ -0,0 +1,31 @@ +{{- if .Values.ingress.enabled }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: longhorn-ingress + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-ingress + annotations: + {{- if .Values.ingress.tls }} + ingress.kubernetes.io/secure-backends: "true" + {{- end }} + {{- range $key, $value := .Values.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + rules: + - host: {{ .Values.ingress.host }} + http: + paths: + - path: {{ default "" .Values.ingress.path }} + backend: + serviceName: longhorn-frontend + servicePort: 80 +{{- if .Values.ingress.tls }} + tls: + - hosts: + - {{ .Values.ingress.host }} + secretName: {{ .Values.ingress.tlsSecret }} +{{- end }} +{{- end }} diff --git a/released/charts/longhorn/longhorn/1.1.000/templates/postupgrade-job.yaml b/released/charts/longhorn/longhorn/1.1.000/templates/postupgrade-job.yaml new file mode 100644 index 000000000..6b6a38591 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/templates/postupgrade-job.yaml @@ -0,0 +1,35 @@ +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + "helm.sh/hook": post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation + name: longhorn-post-upgrade + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + activeDeadlineSeconds: 900 + backoffLimit: 1 + template: + metadata: + name: longhorn-post-upgrade + labels: {{- include "longhorn.labels" . | nindent 8 }} + spec: + containers: + - name: longhorn-post-upgrade + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: IfNotPresent + command: + - longhorn-manager + - post-upgrade + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + restartPolicy: OnFailure + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + serviceAccountName: longhorn-service-account diff --git a/released/charts/longhorn/longhorn/1.1.000/templates/psp.yaml b/released/charts/longhorn/longhorn/1.1.000/templates/psp.yaml new file mode 100644 index 000000000..a2dfc05be --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/templates/psp.yaml @@ -0,0 +1,66 @@ +{{- if .Values.enablePSP }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: longhorn-psp + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + privileged: true + allowPrivilegeEscalation: true + requiredDropCapabilities: + - NET_RAW + allowedCapabilities: + - SYS_ADMIN + hostNetwork: false + hostIPC: false + hostPID: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + fsGroup: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - downwardAPI + - emptyDir + - secret + - projected + - hostPath +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: longhorn-psp-role + labels: {{- include "longhorn.labels" . | nindent 4 }} + namespace: {{ include "release_namespace" . }} +rules: +- apiGroups: + - policy + resources: + - podsecuritypolicies + verbs: + - use + resourceNames: + - longhorn-psp +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: longhorn-psp-binding + labels: {{- include "longhorn.labels" . | nindent 4 }} + namespace: {{ include "release_namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: longhorn-psp-role +subjects: +- kind: ServiceAccount + name: longhorn-service-account + namespace: {{ include "release_namespace" . }} +- kind: ServiceAccount + name: default + namespace: {{ include "release_namespace" . }} +{{- end }} diff --git a/released/charts/longhorn/longhorn/1.1.000/templates/registry-secret.yml b/released/charts/longhorn/longhorn/1.1.000/templates/registry-secret.yml new file mode 100644 index 000000000..1c7565fea --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/templates/registry-secret.yml @@ -0,0 +1,11 @@ +{{- if .Values.privateRegistry.registrySecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.privateRegistry.registrySecret }} + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ template "secret" . }} +{{- end }} \ No newline at end of file diff --git a/released/charts/longhorn/longhorn/1.1.000/templates/serviceaccount.yaml b/released/charts/longhorn/longhorn/1.1.000/templates/serviceaccount.yaml new file mode 100644 index 000000000..ad576c353 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/templates/serviceaccount.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: longhorn-service-account + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} diff --git a/released/charts/longhorn/longhorn/1.1.000/templates/storageclass.yaml b/released/charts/longhorn/longhorn/1.1.000/templates/storageclass.yaml new file mode 100644 index 000000000..dea6aafd4 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/templates/storageclass.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: longhorn-storageclass + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +data: + storageclass.yaml: | + kind: StorageClass + apiVersion: storage.k8s.io/v1 + metadata: + name: longhorn + annotations: + storageclass.kubernetes.io/is-default-class: {{ .Values.persistence.defaultClass | quote }} + provisioner: driver.longhorn.io + allowVolumeExpansion: true + reclaimPolicy: "{{ .Values.persistence.reclaimPolicy }}" + volumeBindingMode: Immediate + parameters: + numberOfReplicas: "{{ .Values.persistence.defaultClassReplicaCount }}" + staleReplicaTimeout: "30" + fromBackup: "" + baseImage: "" + {{- if .Values.persistence.recurringJobs.enable }} + recurringJobs: '{{ .Values.persistence.recurringJobs.jobList }}' + {{- end }} diff --git a/released/charts/longhorn/longhorn/1.1.000/templates/tls-secrets.yaml b/released/charts/longhorn/longhorn/1.1.000/templates/tls-secrets.yaml new file mode 100644 index 000000000..a7ebf13e0 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/templates/tls-secrets.yaml @@ -0,0 +1,16 @@ +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: longhorn + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +--- +{{- end }} +{{- end }} diff --git a/released/charts/longhorn/longhorn/1.1.000/templates/uninstall-job.yaml b/released/charts/longhorn/longhorn/1.1.000/templates/uninstall-job.yaml new file mode 100644 index 000000000..e7e9f1457 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/templates/uninstall-job.yaml @@ -0,0 +1,36 @@ +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": hook-succeeded + name: longhorn-uninstall + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + activeDeadlineSeconds: 900 + backoffLimit: 1 + template: + metadata: + name: longhorn-uninstall + labels: {{- include "longhorn.labels" . | nindent 8 }} + spec: + containers: + - name: longhorn-uninstall + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: IfNotPresent + command: + - longhorn-manager + - uninstall + - --force + env: + - name: LONGHORN_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + restartPolicy: OnFailure + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + serviceAccountName: longhorn-service-account diff --git a/released/charts/longhorn/longhorn/1.1.000/templates/userroles.yaml b/released/charts/longhorn/longhorn/1.1.000/templates/userroles.yaml new file mode 100644 index 000000000..37e8e3ddb --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/templates/userroles.yaml @@ -0,0 +1,38 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "longhorn-admin" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: [ "longhorn.io" ] + resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status", + "sharemanagers", "sharemanagers/status"] + verbs: [ "*" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "longhorn-edit" + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: + - apiGroups: [ "longhorn.io" ] + resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status", + "sharemanagers", "sharemanagers/status"] + verbs: [ "*" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "longhorn-view" + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" +rules: + - apiGroups: [ "longhorn.io" ] + resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status", + "sharemanagers", "sharemanagers/status"] + verbs: [ "get", "list", "watch" ] diff --git a/released/charts/longhorn/longhorn/1.1.000/templates/validate-install-crd.yaml b/released/charts/longhorn/longhorn/1.1.000/templates/validate-install-crd.yaml new file mode 100644 index 000000000..4899b977c --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/templates/validate-install-crd.yaml @@ -0,0 +1,14 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "longhorn.io/v1beta1/Engine" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the longhorn-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/longhorn/longhorn/1.1.000/values.yaml b/released/charts/longhorn/longhorn/1.1.000/values.yaml new file mode 100644 index 000000000..c1e38eed9 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.000/values.yaml @@ -0,0 +1,162 @@ +# Default values for longhorn. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +global: + cattle: + systemDefaultRegistry: "" + +image: + longhorn: + engine: + repository: rancher/longhornio-longhorn-engine + tag: v1.1.0 + manager: + repository: rancher/longhornio-longhorn-manager + tag: v1.1.0 + ui: + repository: rancher/longhornio-longhorn-ui + tag: v1.1.0 + instanceManager: + repository: rancher/longhornio-longhorn-instance-manager + tag: v1_20201216 + shareManager: + repository: rancher/longhornio-longhorn-share-manager + tag: v1_20201204 + csi: + attacher: + repository: rancher/longhornio-csi-attacher + tag: v2.2.1-lh1 + provisioner: + repository: rancher/longhornio-csi-provisioner + tag: v1.6.0-lh1 + nodeDriverRegistrar: + repository: rancher/longhornio-csi-node-driver-registrar + tag: v1.2.0-lh1 + resizer: + repository: rancher/longhornio-csi-resizer + tag: v0.5.1-lh1 + snapshotter: + repository: rancher/longhornio-csi-snapshotter + tag: v2.1.1-lh1 + pullPolicy: IfNotPresent + +service: + ui: + type: ClusterIP + nodePort: null + manager: + type: ClusterIP + nodePort: "" + +persistence: + defaultClass: true + defaultClassReplicaCount: 3 + reclaimPolicy: Delete + recurringJobs: + enable: false + jobList: [] + +csi: + kubeletRootDir: ~ + attacherReplicaCount: ~ + provisionerReplicaCount: ~ + resizerReplicaCount: ~ + snapshotterReplicaCount: ~ + +defaultSettings: + backupTarget: ~ + backupTargetCredentialSecret: ~ + allowRecurringJobWhileVolumeDetached: ~ + createDefaultDiskLabeledNodes: ~ + defaultDataPath: ~ + defaultDataLocality: ~ + replicaSoftAntiAffinity: ~ + storageOverProvisioningPercentage: ~ + storageMinimalAvailablePercentage: ~ + upgradeChecker: ~ + defaultReplicaCount: ~ + guaranteedEngineCPU: ~ + defaultLonghornStaticStorageClass: ~ + backupstorePollInterval: ~ + taintToleration: ~ + priorityClass: ~ + autoSalvage: ~ + autoDeletePodWhenVolumeDetachedUnexpectedly: ~ + disableSchedulingOnCordonedNode: ~ + replicaZoneSoftAntiAffinity: ~ + volumeAttachmentRecoveryPolicy: ~ + nodeDownPodDeletionPolicy: ~ + allowNodeDrainWithLastHealthyReplica: ~ + mkfsExt4Parameters: ~ + disableReplicaRebuild: ~ + replicaReplenishmentWaitInterval: ~ + disableRevisionCounter: ~ + systemManagedPodsImagePullPolicy: ~ + allowVolumeCreationWithDegradedAvailability: ~ + autoCleanupSystemGeneratedSnapshot: ~ + +privateRegistry: + registryUrl: ~ + registryUser: ~ + registryPasswd: ~ + registrySecret: ~ + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + # + +ingress: + ## Set to true to enable ingress record generation + enabled: false + + + host: xip.io + + ## Set this to true in order to enable TLS on the ingress record + ## A side effect of this will be that the backend service will be connected at port 443 + tls: false + + ## If TLS is set to true, you must declare what secret will store the key/certificate for TLS + tlsSecret: longhorn.local-tls + + ## Ingress annotations done as key:value pairs + ## If you're using kube-lego, you will want to add: + ## kubernetes.io/tls-acme: true + ## + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/annotations.md + ## + ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set + annotations: + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: true + + secrets: + ## If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate should start with -----BEGIN CERTIFICATE----- or + ## -----BEGIN RSA PRIVATE KEY----- + ## + ## name should line up with a tlsSecret set further up + ## If you're using kube-lego, this is unneeded, as it will create the secret for you if it is not set + ## + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + # - name: longhorn.local-tls + # key: + # certificate: + +# Configure a pod security policy in the Longhorn namespace to allow privileged pods +enablePSP: true + +## Specify override namespace, specifically this is useful for using longhorn as sub-chart +## and its release namespace is not the `longhorn-system` +namespaceOverride: "" diff --git a/released/charts/longhorn/longhorn/1.1.001/.helmignore b/released/charts/longhorn/longhorn/1.1.001/.helmignore new file mode 100755 index 000000000..f0c131944 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/released/charts/longhorn/longhorn/1.1.001/Chart.yaml b/released/charts/longhorn/longhorn/1.1.001/Chart.yaml new file mode 100755 index 000000000..733dfe1cb --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/Chart.yaml @@ -0,0 +1,37 @@ +annotations: + catalog.cattle.io/auto-install: longhorn-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Longhorn + catalog.cattle.io/namespace: longhorn-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: longhorn.io/v1beta1 + catalog.cattle.io/release-name: longhorn + catalog.cattle.io/ui-component: longhorn +apiVersion: v1 +appVersion: v1.1.0 +description: Longhorn is a distributed block storage system for Kubernetes. +home: https://github.com/longhorn/longhorn +icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/longhorn/icon/color/longhorn-icon-color.svg?sanitize=true +keywords: +- longhorn +- storage +- distributed +- block +- device +- iscsi +kubeVersion: '>=v1.16.0-r0' +maintainers: +- email: maintainers@longhorn.io + name: Longhorn maintainers +- email: sheng@yasker.org + name: Sheng Yang +name: longhorn +sources: +- https://github.com/longhorn/longhorn +- https://github.com/longhorn/longhorn-engine +- https://github.com/longhorn/longhorn-instance-manager +- https://github.com/longhorn/longhorn-share-manager +- https://github.com/longhorn/longhorn-manager +- https://github.com/longhorn/longhorn-ui +- https://github.com/longhorn/longhorn-tests +version: 1.1.001 diff --git a/released/charts/longhorn/longhorn/1.1.001/README.md b/released/charts/longhorn/longhorn/1.1.001/README.md new file mode 100755 index 000000000..eae11ef6d --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/README.md @@ -0,0 +1,32 @@ +# Longhorn Chart + +> **Important**: Please install the Longhorn chart in the `longhorn-system` namespace only. + +> **Warning**: Longhorn doesn't support downgrading from a higher version to a lower version. + +## Source Code + +Longhorn is 100% open source software. Project source code is spread across a number of repos: + +1. Longhorn Engine -- Core controller/replica logic https://github.com/longhorn/longhorn-engine +2. Longhorn Instance Manager -- Controller/replica instance lifecycle management https://github.com/longhorn/longhorn-instance-manager +3. Longhorn Share Manager -- NFS provisioner that exposes Longhorn volumes as ReadWriteMany volumes. https://github.com/longhorn/longhorn-share-manager +4. Longhorn Manager -- Longhorn orchestration, includes CSI driver for Kubernetes https://github.com/longhorn/longhorn-manager +5. Longhorn UI -- Dashboard https://github.com/longhorn/longhorn-ui + +## Prerequisites + +1. Docker v1.13+ +2. Kubernetes v1.16+ +3. Make sure `curl`, `findmnt`, `grep`, `awk` and `blkid` has been installed in all nodes of the Kubernetes cluster. +4. Make sure `open-iscsi` has been installed in all nodes of the Kubernetes cluster. For GKE, recommended Ubuntu as guest OS image since it contains `open-iscsi` already. + +## Uninstallation + +To prevent damage to the Kubernetes cluster, we recommend deleting all Kubernetes workloads using Longhorn volumes (PersistentVolume, PersistentVolumeClaim, StorageClass, Deployment, StatefulSet, DaemonSet, etc). + +From Rancher Cluster Explorer UI, navigate to Apps page, delete app `longhorn` then app `longhorn-crd` in Installed Apps tab. + + +--- +Please see [link](https://github.com/longhorn/longhorn) for more information. diff --git a/released/charts/longhorn/longhorn/1.1.001/app-readme.md b/released/charts/longhorn/longhorn/1.1.001/app-readme.md new file mode 100755 index 000000000..cb23135ca --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/app-readme.md @@ -0,0 +1,11 @@ +# Longhorn + +Longhorn is a lightweight, reliable and easy to use distributed block storage system for Kubernetes. Once deployed, users can leverage persistent volumes provided by Longhorn. + +Longhorn creates a dedicated storage controller for each volume and synchronously replicates the volume across multiple replicas stored on multiple nodes. The storage controller and replicas are themselves orchestrated using Kubernetes. Longhorn supports snapshots, backups and even allows you to schedule recurring snapshots and backups! + +**Important**: Please install Longhorn chart in `longhorn-system` namespace only. + +**Warning**: Longhorn doesn't support downgrading from a higher version to a lower version. + +[Chart Documentation](https://github.com/longhorn/longhorn/blob/master/chart/README.md) diff --git a/released/charts/longhorn/longhorn/1.1.001/questions.yml b/released/charts/longhorn/longhorn/1.1.001/questions.yml new file mode 100755 index 000000000..f7ace54c7 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/questions.yml @@ -0,0 +1,512 @@ +categories: +- storage +namespace: longhorn-system +questions: +- variable: image.defaultImage + default: "true" + description: "Use default Longhorn images" + label: Use Default Images + type: boolean + show_subquestion_if: false + group: "Longhorn Images" + subquestions: + - variable: image.longhorn.manager.repository + default: rancher/longhornio-longhorn-manager + description: "Specify Longhorn Manager Image Repository" + type: string + label: Longhorn Manager Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.manager.tag + default: v1.1.0 + description: "Specify Longhorn Manager Image Tag" + type: string + label: Longhorn Manager Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.engine.repository + default: rancher/longhornio-longhorn-engine + description: "Specify Longhorn Engine Image Repository" + type: string + label: Longhorn Engine Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.engine.tag + default: v1.1.0 + description: "Specify Longhorn Engine Image Tag" + type: string + label: Longhorn Engine Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.ui.repository + default: rancher/longhornio-longhorn-ui + description: "Specify Longhorn UI Image Repository" + type: string + label: Longhorn UI Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.ui.tag + default: v1.1.0 + description: "Specify Longhorn UI Image Tag" + type: string + label: Longhorn UI Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.instanceManager.repository + default: rancher/longhornio-longhorn-instance-manager + description: "Specify Longhorn Instance Manager Image Repository" + type: string + label: Longhorn Instance Manager Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.instanceManager.tag + default: v1_20201216 + description: "Specify Longhorn Instance Manager Image Tag" + type: string + label: Longhorn Instance Manager Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.shareManager.repository + default: rancher/longhornio-longhorn-share-manager + description: "Specify Longhorn Share Manager Image Repository" + type: string + label: Longhorn Share Manager Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.shareManager.tag + default: v1_20201204 + description: "Specify Longhorn Share Manager Image Tag" + type: string + label: Longhorn Share Manager Image Tag + group: "Longhorn Images Settings" + - variable: image.csi.attacher.repository + default: rancher/longhornio-csi-attacher + description: "Specify CSI attacher image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Attacher Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.attacher.tag + default: v2.2.1-lh1 + description: "Specify CSI attacher image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Attacher Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.provisioner.repository + default: rancher/longhornio-csi-provisioner + description: "Specify CSI provisioner image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Provisioner Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.provisioner.tag + default: v1.6.0-lh1 + description: "Specify CSI provisioner image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Provisioner Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.nodeDriverRegistrar.repository + default: rancher/longhornio-csi-node-driver-registrar + description: "Specify CSI Node Driver Registrar image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Node Driver Registrar Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.nodeDriverRegistrar.tag + default: v1.2.0-lh1 + description: "Specify CSI Node Driver Registrar image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Node Driver Registrar Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.resizer.repository + default: rancher/longhornio-csi-resizer + description: "Specify CSI Driver Resizer image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Driver Resizer Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.resizer.tag + default: v0.5.1-lh1 + description: "Specify CSI Driver Resizer image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Driver Resizer Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.snapshotter.repository + default: rancher/longhornio-csi-snapshotter + description: "Specify CSI Driver Snapshotter image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Driver Snapshotter Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.snapshotter.tag + default: v2.1.1-lh1 + description: "Specify CSI Driver Snapshotter image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Driver Snapshotter Image Tag + group: "Longhorn CSI Driver Images" +- variable: privateRegistry.registryUrl + label: Private registry URL + description: "URL of private registry. Leave blank to apply system default registry." + group: "Private Registry Settings" + type: string + default: "" +- variable: privateRegistry.registryUser + label: Private registry user + description: "User used to authenticate to private registry" + group: "Private Registry Settings" + type: string + default: "" +- variable: privateRegistry.registryPasswd + label: Private registry password + description: "Password used to authenticate to private registry" + group: "Private Registry Settings" + type: password + default: "" +- variable: privateRegistry.registrySecret + label: Private registry secret name + description: "Longhorn will automatically generate a Kubernetes secret with this name and use it to pull images from your private registry." + group: "Private Registry Settings" + type: string + default: "" +- variable: longhorn.default_setting + default: "false" + description: "Customize the default settings before installing Longhorn for the first time. This option will only work if the cluster hasn't installed Longhorn." + label: "Customize Default Settings" + type: boolean + show_subquestion_if: true + group: "Longhorn Default Settings" + subquestions: + - variable: csi.kubeletRootDir + default: + description: "Specify kubelet root-dir. Leave blank to autodetect." + type: string + label: Kubelet Root Directory + group: "Longhorn CSI Driver Settings" + - variable: csi.attacherReplicaCount + type: int + default: 3 + min: 1 + max: 10 + description: "Specify replica count of CSI Attacher. By default 3." + label: Longhorn CSI Attacher replica count + group: "Longhorn CSI Driver Settings" + - variable: csi.provisionerReplicaCount + type: int + default: 3 + min: 1 + max: 10 + description: "Specify replica count of CSI Provisioner. By default 3." + label: Longhorn CSI Provisioner replica count + group: "Longhorn CSI Driver Settings" + - variable: csi.resizerReplicaCount + type: int + default: 3 + min: 1 + max: 10 + description: "Specify replica count of CSI Resizer. By default 3." + label: Longhorn CSI Resizer replica count + group: "Longhorn CSI Driver Settings" + - variable: csi.snapshotterReplicaCount + type: int + default: 3 + min: 1 + max: 10 + description: "Specify replica count of CSI Snapshotter. By default 3." + label: Longhorn CSI Snapshotter replica count + group: "Longhorn CSI Driver Settings" + - variable: defaultSettings.backupTarget + label: Backup Target + description: "The endpoint used to access the backupstore. NFS and S3 are supported." + group: "Longhorn Default Settings" + type: string + default: + - variable: defaultSettings.backupTargetCredentialSecret + label: Backup Target Credential Secret + description: "The name of the Kubernetes secret associated with the backup target." + group: "Longhorn Default Settings" + type: string + default: + - variable: defaultSettings.allowRecurringJobWhileVolumeDetached + label: Allow Recurring Job While Volume Is Detached + description: 'If this setting is enabled, Longhorn will automatically attaches the volume and takes snapshot/backup when it is the time to do recurring snapshot/backup. +Note that the volume is not ready for workload during the period when the volume was automatically attached. Workload will have to wait until the recurring job finishes.' + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.createDefaultDiskLabeledNodes + label: Create Default Disk on Labeled Nodes + description: 'Create default Disk automatically only on Nodes with the label "node.longhorn.io/create-default-disk=true" if no other disks exist. If disabled, the default disk will be created on all new nodes when each node is first added.' + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.defaultDataPath + label: Default Data Path + description: 'Default path to use for storing data on a host. By default "/var/lib/longhorn/"' + group: "Longhorn Default Settings" + type: string + default: "/var/lib/longhorn/" + - variable: defaultSettings.defaultDataLocality + label: Default Data Locality + description: 'We say a Longhorn volume has data locality if there is a local replica of the volume on the same node as the pod which is using the volume. +This setting specifies the default data locality when a volume is created from the Longhorn UI. For Kubernetes configuration, update the `dataLocality` in the StorageClass +The available modes are: +- **disabled**. This is the default option. There may or may not be a replica on the same node as the attached volume (workload) +- **best-effort**. This option instructs Longhorn to try to keep a replica on the same node as the attached volume (workload). Longhorn will not stop the volume, even if it cannot keep a replica local to the attached volume (workload) due to environment limitation, e.g. not enough disk space, incompatible disk tags, etc.' + group: "Longhorn Default Settings" + type: enum + options: + - "disabled" + - "best-effort" + default: "disabled" + - variable: defaultSettings.replicaSoftAntiAffinity + label: Replica Node Level Soft Anti-Affinity + description: 'Allow scheduling on nodes with existing healthy replicas of the same volume. By default false.' + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.storageOverProvisioningPercentage + label: Storage Over Provisioning Percentage + description: "The over-provisioning percentage defines how much storage can be allocated relative to the hard drive's capacity. By default 200." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 200 + - variable: defaultSettings.storageMinimalAvailablePercentage + label: Storage Minimal Available Percentage + description: "If the minimum available disk capacity exceeds the actual percentage of available disk capacity, the disk becomes unschedulable until more space is freed up. By default 25." + group: "Longhorn Default Settings" + type: int + min: 0 + max: 100 + default: 25 + - variable: defaultSettings.upgradeChecker + label: Enable Upgrade Checker + description: 'Upgrade Checker will check for new Longhorn version periodically. When there is a new version available, a notification will appear in the UI. By default true.' + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.defaultReplicaCount + label: Default Replica Count + description: "The default number of replicas when a volume is created from the Longhorn UI. For Kubernetes configuration, update the `numberOfReplicas` in the StorageClass. By default 3." + group: "Longhorn Default Settings" + type: int + min: 1 + max: 20 + default: 3 + - variable: defaultSettings.guaranteedEngineCPU + label: Guaranteed Engine CPU + description: "Allow Longhorn Instance Managers to have guaranteed CPU allocation. By default 0.25. The value is how many CPUs should be reserved for each Engine/Replica Instance Manager Pod created by Longhorn. For example, 0.1 means one-tenth of a CPU. This will help maintain engine stability during high node workload. It only applies to the Engine/Replica Instance Manager Pods created after the setting took effect. +In order to prevent unexpected volume crash, you can use the following formula to calculate an appropriate value for this setting: +'Guaranteed Engine CPU = The estimated max Longhorn volume/replica count on a node * 0.1'. +The result of above calculation doesn't mean that's the maximum CPU resources the Longhorn workloads require. To fully exploit the Longhorn volume I/O performance, you can allocate/guarantee more CPU resources via this setting. +If it's hard to estimate the volume/replica count now, you can leave it with the default value, or allocate 1/8 of total CPU of a node. Then you can tune it when there is no running workload using Longhorn volumes. +WARNING: After this setting is changed, all the instance managers on all the nodes will be automatically restarted +WARNING: DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES." + group: "Longhorn Default Settings" + type: float + default: 0.25 + - variable: defaultSettings.defaultLonghornStaticStorageClass + label: Default Longhorn Static StorageClass Name + description: "The 'storageClassName' is given to PVs and PVCs that are created for an existing Longhorn volume. The StorageClass name can also be used as a label, so it is possible to use a Longhorn StorageClass to bind a workload to an existing PV without creating a Kubernetes StorageClass object. By default 'longhorn-static'." + group: "Longhorn Default Settings" + type: string + default: "longhorn-static" + - variable: defaultSettings.backupstorePollInterval + label: Backupstore Poll Interval + description: "In seconds. The backupstore poll interval determines how often Longhorn checks the backupstore for new backups. Set to 0 to disable the polling. By default 300." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 300 + - variable: defaultSettings.taintToleration + label: Kubernetes Taint Toleration + description: "To dedicate nodes to store Longhorn replicas and reject other general workloads, set tolerations for Longhorn and add taints for the storage nodes. +All Longhorn volumes should be detached before modifying toleration settings. +We recommend setting tolerations during Longhorn deployment because the Longhorn system cannot be operated during the update. +Multiple tolerations can be set here, and these tolerations are separated by semicolon. For example: +* `key1=value1:NoSchedule; key2:NoExecute` +* `:` this toleration tolerates everything because an empty key with operator `Exists` matches all keys, values and effects +* `key1=value1:` this toleration has empty effect. It matches all effects with key `key1` +Because `kubernetes.io` is used as the key of all Kubernetes default tolerations, it should not be used in the toleration settings. +WARNING: DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES!" + group: "Longhorn Default Settings" + type: string + default: "" + - variable: defaultSettings.priorityClass + label: Priority Class + description: "The name of the Priority Class to set on the Longhorn workloads. This can help prevent Longhorn workloads from being evicted under Node Pressure. WARNING: DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES." + group: "Longhorn Default Settings" + type: string + default: "" + - variable: defaultSettings.autoSalvage + label: Automatic salvage + description: "If enabled, volumes will be automatically salvaged when all the replicas become faulty e.g. due to network disconnection. Longhorn will try to figure out which replica(s) are usable, then use them for the volume. By default true." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.autoDeletePodWhenVolumeDetachedUnexpectedly + label: Automatically Delete Workload Pod when The Volume Is Detached Unexpectedly + description: 'If enabled, Longhorn will automatically delete the workload pod that is managed by a controller (e.g. deployment, statefulset, daemonset, etc...) when Longhorn volume is detached unexpectedly (e.g. during Kubernetes upgrade, Docker reboot, or network disconnect). By deleting the pod, its controller restarts the pod and Kubernetes handles volume reattachment and remount. +If disabled, Longhorn will not delete the workload pod that is managed by a controller. You will have to manually restart the pod to reattach and remount the volume. +**Note:** This setting does not apply to the workload pods that do not have a controller. Longhorn never deletes them.' + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.disableSchedulingOnCordonedNode + label: Disable Scheduling On Cordoned Node + description: "Disable Longhorn manager to schedule replica on Kubernetes cordoned node. By default true." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.replicaZoneSoftAntiAffinity + label: Replica Zone Level Soft Anti-Affinity + description: "Allow scheduling new Replicas of Volume to the Nodes in the same Zone as existing healthy Replicas. Nodes don't belong to any Zone will be treated as in the same Zone. By default true." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.volumeAttachmentRecoveryPolicy + label: Volume Attachment Recovery Policy + description: "Defines the Longhorn action when a Volume is stuck with a Deployment Pod on a failed node. `wait` leads to the deletion of the volume attachment as soon as the pods deletion time has passed. `never` is the default Kubernetes behavior of never deleting volume attachments on terminating pods. `immediate` leads to the deletion of the volume attachment as soon as all workload pods are pending. By default wait." + group: "Longhorn Default Settings" + type: enum + options: + - "wait" + - "never" + - "immediate" + default: "wait" + - variable: defaultSettings.nodeDownPodDeletionPolicy + label: Pod Deletion Policy When Node is Down + description: "Defines the Longhorn action when a Volume is stuck with a StatefulSet/Deployment Pod on a node that is down. +- **do-nothing** is the default Kubernetes behavior of never force deleting StatefulSet/Deployment terminating pods. Since the pod on the node that is down isn't removed, Longhorn volumes are stuck on nodes that are down. +- **delete-statefulset-pod** Longhorn will force delete StatefulSet terminating pods on nodes that are down to release Longhorn volumes so that Kubernetes can spin up replacement pods. +- **delete-deployment-pod** Longhorn will force delete Deployment terminating pods on nodes that are down to release Longhorn volumes so that Kubernetes can spin up replacement pods. +- **delete-both-statefulset-and-deployment-pod** Longhorn will force delete StatefulSet/Deployment terminating pods on nodes that are down to release Longhorn volumes so that Kubernetes can spin up replacement pods." + group: "Longhorn Default Settings" + type: enum + options: + - "do-nothing" + - "delete-statefulset-pod" + - "delete-deployment-pod" + - "delete-both-statefulset-and-deployment-pod" + default: "do-nothing" + - variable: defaultSettings.allowNodeDrainWithLastHealthyReplica + label: Allow Node Drain with the Last Healthy Replica + description: "By default, Longhorn will block `kubectl drain` action on a node if the node contains the last healthy replica of a volume. +If this setting is enabled, Longhorn will **not** block `kubectl drain` action on a node even if the node contains the last healthy replica of a volume." + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.mkfsExt4Parameters + label: Custom mkfs.ext4 parameters + description: "Allows setting additional filesystem creation parameters for ext4. For older host kernels it might be necessary to disable the optional ext4 metadata_csum feature by specifying `-O ^64bit,^metadata_csum`." + group: "Longhorn Default Settings" + type: string + - variable: defaultSettings.disableReplicaRebuild + label: Disable Replica Rebuild + description: "This setting disable replica rebuild cross the whole cluster, eviction and data locality feature won't work if this setting is true. But doesn't have any impact to any current replica rebuild and restore disaster recovery volume." + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.replicaReplenishmentWaitInterval + label: Replica Replenishment Wait Interval + description: "In seconds. The interval determines how long Longhorn will wait at least in order to reuse the existing data on a failed replica rather than directly creating a new replica for a degraded volume. +Warning: This option works only when there is a failed replica in the volume. And this option may block the rebuilding for a while in the case." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 600 + - variable: defaultSettings.disableRevisionCounter + label: Disable Revision Counter + description: "This setting is only for volumes created by UI. By default, this is false meaning there will be a reivision counter file to track every write to the volume. During salvage recovering Longhorn will pick the repica with largest reivision counter as candidate to recover the whole volume. If revision counter is disabled, Longhorn will not track every write to the volume. During the salvage recovering, Longhorn will use the 'volume-head-xxx.img' file last modification time and file size to pick the replica candidate to recover the whole volume." + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.systemManagedPodsImagePullPolicy + label: System Managed Pod Image Pull Policy + description: "This setting defines the Image Pull Policy of Longhorn system managed pods, e.g. instance manager, engine image, CSI driver, etc. The new Image Pull Policy will only apply after the system managed pods restart." + group: "Longhorn Default Settings" + type: enum + options: + - "if-not-present" + - "always" + - "never" + default: "if-not-present" + - variable: defaultSettings.allowVolumeCreationWithDegradedAvailability + label: Allow Volume Creation with Degraded Availability + description: "This setting allows user to create and attach a volume that doesn't have all the replicas scheduled at the time of creation." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.autoCleanupSystemGeneratedSnapshot + label: Automatically Cleanup System Generated Snapshot + description: "This setting enables Longhorn to automatically cleanup the system generated snapshot after replica rebuild is done." + group: "Longhorn Default Settings" + type: boolean + default: "true" +- variable: persistence.defaultClass + default: "true" + description: "Set as default StorageClass for Longhorn" + label: Default Storage Class + group: "Longhorn Storage Class Settings" + required: true + type: boolean +- variable: persistence.reclaimPolicy + label: Storage Class Retain Policy + description: "Define reclaim policy (Retain or Delete)" + group: "Longhorn Storage Class Settings" + required: true + type: enum + options: + - "Delete" + - "Retain" + default: "Delete" +- variable: persistence.defaultClassReplicaCount + description: "Set replica count for Longhorn StorageClass" + label: Default Storage Class Replica Count + group: "Longhorn Storage Class Settings" + type: int + min: 1 + max: 10 + default: 3 +- variable: persistence.recurringJobs.enable + description: "Enable recurring job for Longhorn StorageClass" + group: "Longhorn Storage Class Settings" + label: Enable Storage Class Recurring Job + type: boolean + default: false + show_subquestion_if: true + subquestions: + - variable: persistence.recurringJobs.jobList + description: 'Recurring job list for Longhorn StorageClass. Please be careful of quotes of input. e.g., [{"name":"backup", "task":"backup", "cron":"*/2 * * * *", "retain":1,"labels": {"interval":"2m"}}]' + label: Storage Class Recurring Job List + group: "Longhorn Storage Class Settings" + type: string + default: +- variable: ingress.enabled + default: "false" + description: "Expose app using Layer 7 Load Balancer - ingress" + type: boolean + group: "Services and Load Balancing" + label: Expose app using Layer 7 Load Balancer + show_subquestion_if: true + subquestions: + - variable: ingress.host + default: "xip.io" + description: "layer 7 Load Balancer hostname" + type: hostname + required: true + label: Layer 7 Load Balancer Hostname +- variable: service.ui.type + default: "Rancher-Proxy" + description: "Define Longhorn UI service type" + type: enum + options: + - "ClusterIP" + - "NodePort" + - "LoadBalancer" + - "Rancher-Proxy" + label: Longhorn UI Service + show_if: "ingress.enabled=false" + group: "Services and Load Balancing" + show_subquestion_if: "NodePort" + subquestions: + - variable: service.ui.nodePort + default: "" + description: "NodePort port number(to set explicitly, choose port between 30000-32767)" + type: int + min: 30000 + max: 32767 + show_if: "service.ui.type=NodePort||service.ui.type=LoadBalancer" + label: UI Service NodePort number +- variable: enablePSP + default: "true" + description: "Setup a pod security policy for Longhorn workloads." + label: Pod Security Policy + type: boolean + group: "Other Settings" diff --git a/released/charts/longhorn/longhorn/1.1.001/templates/NOTES.txt b/released/charts/longhorn/longhorn/1.1.001/templates/NOTES.txt new file mode 100755 index 000000000..cca7cd77b --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/templates/NOTES.txt @@ -0,0 +1,5 @@ +Longhorn is now installed on the cluster! + +Please wait a few minutes for other Longhorn components such as CSI deployments, Engine Images, and Instance Managers to be initialized. + +Visit our documentation at https://longhorn.io/docs/ diff --git a/released/charts/longhorn/longhorn/1.1.001/templates/_helpers.tpl b/released/charts/longhorn/longhorn/1.1.001/templates/_helpers.tpl new file mode 100755 index 000000000..3fbc2ac02 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/templates/_helpers.tpl @@ -0,0 +1,66 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "longhorn.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "longhorn.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + +{{- define "longhorn.managerIP" -}} +{{- $fullname := (include "longhorn.fullname" .) -}} +{{- printf "http://%s-backend:9500" $fullname | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + +{{- define "secret" }} +{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.privateRegistry.registryUrl (printf "%s:%s" .Values.privateRegistry.registryUser .Values.privateRegistry.registryPasswd | b64enc) | b64enc }} +{{- end }} + +{{- /* +longhorn.labels generates the standard Helm labels. +*/ -}} +{{- define "longhorn.labels" -}} +app.kubernetes.io/name: {{ template "longhorn.name" . }} +helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/version: {{ .Chart.AppVersion }} +{{- end -}} + + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{- define "registry_url" -}} +{{- if .Values.privateRegistry.registryUrl -}} +{{- printf "%s/" .Values.privateRegistry.registryUrl -}} +{{- else -}} +{{ include "system_default_registry" . }} +{{- end -}} +{{- end -}} + +{{- /* + define the longhorn release namespace +*/ -}} +{{- define "release_namespace" -}} +{{- if .Values.namespaceOverride -}} +{{- .Values.namespaceOverride -}} +{{- else -}} +{{- .Release.Namespace -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/longhorn/longhorn/1.1.001/templates/clusterrole.yaml b/released/charts/longhorn/longhorn/1.1.001/templates/clusterrole.yaml new file mode 100755 index 000000000..c69761756 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/templates/clusterrole.yaml @@ -0,0 +1,47 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: longhorn-role + labels: {{- include "longhorn.labels" . | nindent 4 }} +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - "*" +- apiGroups: [""] + resources: ["pods", "events", "persistentvolumes", "persistentvolumeclaims","persistentvolumeclaims/status", "nodes", "proxy/nodes", "pods/log", "secrets", "services", "endpoints", "configmaps"] + verbs: ["*"] +- apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list"] +- apiGroups: ["apps"] + resources: ["daemonsets", "statefulsets", "deployments"] + verbs: ["*"] +- apiGroups: ["batch"] + resources: ["jobs", "cronjobs"] + verbs: ["*"] +- apiGroups: ["policy"] + resources: ["poddisruptionbudgets"] + verbs: ["*"] +- apiGroups: ["scheduling.k8s.io"] + resources: ["priorityclasses"] + verbs: ["watch", "list"] +- apiGroups: ["storage.k8s.io"] + resources: ["storageclasses", "volumeattachments", "csinodes", "csidrivers"] + verbs: ["*"] +- apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses", "volumesnapshots", "volumesnapshotcontents", "volumesnapshotcontents/status"] + verbs: ["*"] +- apiGroups: ["longhorn.io"] + resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status", + "sharemanagers", "sharemanagers/status"] + verbs: ["*"] +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["*"] +- apiGroups: ["metrics.k8s.io"] + resources: ["pods", "nodes"] + verbs: ["get", "list"] diff --git a/released/charts/longhorn/longhorn/1.1.001/templates/clusterrolebinding.yaml b/released/charts/longhorn/longhorn/1.1.001/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..66ac62f9b --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/templates/clusterrolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: longhorn-bind + labels: {{- include "longhorn.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: longhorn-role +subjects: +- kind: ServiceAccount + name: longhorn-service-account + namespace: {{ include "release_namespace" . }} diff --git a/released/charts/longhorn/longhorn/1.1.001/templates/daemonset-sa.yaml b/released/charts/longhorn/longhorn/1.1.001/templates/daemonset-sa.yaml new file mode 100755 index 000000000..e40793591 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/templates/daemonset-sa.yaml @@ -0,0 +1,114 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-manager + name: longhorn-manager + namespace: {{ include "release_namespace" . }} +spec: + selector: + matchLabels: + app: longhorn-manager + template: + metadata: + labels: {{- include "longhorn.labels" . | nindent 8 }} + app: longhorn-manager + spec: + containers: + - name: longhorn-manager + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: IfNotPresent + securityContext: + privileged: true + command: + - longhorn-manager + - -d + - daemon + - --engine-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.engine.repository }}:{{ .Values.image.longhorn.engine.tag }}" + - --instance-manager-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.instanceManager.repository }}:{{ .Values.image.longhorn.instanceManager.tag }}" + - --share-manager-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.shareManager.repository }}:{{ .Values.image.longhorn.shareManager.tag }}" + - --manager-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}" + - --service-account + - longhorn-service-account + ports: + - containerPort: 9500 + name: manager + readinessProbe: + tcpSocket: + port: 9500 + volumeMounts: + - name: dev + mountPath: /host/dev/ + - name: proc + mountPath: /host/proc/ + - name: varrun + mountPath: /var/run/ + mountPropagation: Bidirectional + - name: longhorn + mountPath: /var/lib/longhorn/ + mountPropagation: Bidirectional + - name: longhorn-default-setting + mountPath: /var/lib/longhorn-setting/ + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: DEFAULT_SETTING_PATH + value: /var/lib/longhorn-setting/default-setting.yaml + volumes: + - name: dev + hostPath: + path: /dev/ + - name: proc + hostPath: + path: /proc/ + - name: varrun + hostPath: + path: /var/run/ + - name: longhorn + hostPath: + path: /var/lib/longhorn/ + - name: longhorn-default-setting + configMap: + name: longhorn-default-setting + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + serviceAccountName: longhorn-service-account + updateStrategy: + rollingUpdate: + maxUnavailable: "100%" +--- +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-manager + name: longhorn-backend + namespace: {{ include "release_namespace" . }} +spec: + type: {{ .Values.service.manager.type }} + sessionAffinity: ClientIP + selector: + app: longhorn-manager + ports: + - name: manager + port: 9500 + targetPort: manager + {{- if .Values.service.manager.nodePort }} + nodePort: {{ .Values.service.manager.nodePort }} + {{- end }} diff --git a/released/charts/longhorn/longhorn/1.1.001/templates/default-setting.yaml b/released/charts/longhorn/longhorn/1.1.001/templates/default-setting.yaml new file mode 100755 index 000000000..14c264e27 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/templates/default-setting.yaml @@ -0,0 +1,38 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: longhorn-default-setting + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +data: + default-setting.yaml: |- + backup-target: {{ .Values.defaultSettings.backupTarget }} + backup-target-credential-secret: {{ .Values.defaultSettings.backupTargetCredentialSecret }} + allow-recurring-job-while-volume-detached: {{ .Values.defaultSettings.allowRecurringJobWhileVolumeDetached }} + create-default-disk-labeled-nodes: {{ .Values.defaultSettings.createDefaultDiskLabeledNodes }} + default-data-path: {{ .Values.defaultSettings.defaultDataPath }} + replica-soft-anti-affinity: {{ .Values.defaultSettings.replicaSoftAntiAffinity }} + storage-over-provisioning-percentage: {{ .Values.defaultSettings.storageOverProvisioningPercentage }} + storage-minimal-available-percentage: {{ .Values.defaultSettings.storageMinimalAvailablePercentage }} + upgrade-checker: {{ .Values.defaultSettings.upgradeChecker }} + default-replica-count: {{ .Values.defaultSettings.defaultReplicaCount }} + default-data-locality: {{ .Values.defaultSettings.defaultDataLocality }} + guaranteed-engine-cpu: {{ .Values.defaultSettings.guaranteedEngineCPU }} + default-longhorn-static-storage-class: {{ .Values.defaultSettings.defaultLonghornStaticStorageClass }} + backupstore-poll-interval: {{ .Values.defaultSettings.backupstorePollInterval }} + taint-toleration: {{ .Values.defaultSettings.taintToleration }} + priority-class: {{ .Values.defaultSettings.priorityClass }} + auto-salvage: {{ .Values.defaultSettings.autoSalvage }} + auto-delete-pod-when-volume-detached-unexpectedly: {{ .Values.defaultSettings.autoDeletePodWhenVolumeDetachedUnexpectedly }} + disable-scheduling-on-cordoned-node: {{ .Values.defaultSettings.disableSchedulingOnCordonedNode }} + replica-zone-soft-anti-affinity: {{ .Values.defaultSettings.replicaZoneSoftAntiAffinity }} + volume-attachment-recovery-policy: {{ .Values.defaultSettings.volumeAttachmentRecoveryPolicy }} + node-down-pod-deletion-policy: {{ .Values.defaultSettings.nodeDownPodDeletionPolicy }} + allow-node-drain-with-last-healthy-replica: {{ .Values.defaultSettings.allowNodeDrainWithLastHealthyReplica }} + mkfs-ext4-parameters: {{ .Values.defaultSettings.mkfsExt4Parameters }} + disable-replica-rebuild: {{ .Values.defaultSettings.disableReplicaRebuild }} + replica-replenishment-wait-interval: {{ .Values.defaultSettings.replicaReplenishmentWaitInterval }} + disable-revision-counter: {{ .Values.defaultSettings.disableRevisionCounter }} + system-managed-pods-image-pull-policy: {{ .Values.defaultSettings.systemManagedPodsImagePullPolicy }} + allow-volume-creation-with-degraded-availability: {{ .Values.defaultSettings.allowVolumeCreationWithDegradedAvailability }} + auto-cleanup-system-generated-snapshot: {{ .Values.defaultSettings.autoCleanupSystemGeneratedSnapshot }} diff --git a/released/charts/longhorn/longhorn/1.1.001/templates/deployment-driver.yaml b/released/charts/longhorn/longhorn/1.1.001/templates/deployment-driver.yaml new file mode 100755 index 000000000..c4b6e3587 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/templates/deployment-driver.yaml @@ -0,0 +1,93 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: longhorn-driver-deployer + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + app: longhorn-driver-deployer + template: + metadata: + labels: {{- include "longhorn.labels" . | nindent 8 }} + app: longhorn-driver-deployer + spec: + initContainers: + - name: wait-longhorn-manager + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" http://longhorn-backend:9500/v1) != "200" ]; do echo waiting; sleep 2; done'] + containers: + - name: longhorn-driver-deployer + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: IfNotPresent + command: + - longhorn-manager + - -d + - deploy-driver + - --manager-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}" + - --manager-url + - http://longhorn-backend:9500/v1 + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + {{- if .Values.csi.kubeletRootDir }} + - name: KUBELET_ROOT_DIR + value: {{ .Values.csi.kubeletRootDir }} + {{- end }} + {{- if and .Values.image.csi.attacher.repository .Values.image.csi.attacher.tag }} + - name: CSI_ATTACHER_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.attacher.repository }}:{{ .Values.image.csi.attacher.tag }}" + {{- end }} + {{- if and .Values.image.csi.provisioner.repository .Values.image.csi.provisioner.tag }} + - name: CSI_PROVISIONER_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.provisioner.repository }}:{{ .Values.image.csi.provisioner.tag }}" + {{- end }} + {{- if and .Values.image.csi.nodeDriverRegistrar.repository .Values.image.csi.nodeDriverRegistrar.tag }} + - name: CSI_NODE_DRIVER_REGISTRAR_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.nodeDriverRegistrar.repository }}:{{ .Values.image.csi.nodeDriverRegistrar.tag }}" + {{- end }} + {{- if and .Values.image.csi.resizer.repository .Values.image.csi.resizer.tag }} + - name: CSI_RESIZER_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.resizer.repository }}:{{ .Values.image.csi.resizer.tag }}" + {{- end }} + {{- if and .Values.image.csi.snapshotter.repository .Values.image.csi.snapshotter.tag }} + - name: CSI_SNAPSHOTTER_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.snapshotter.repository }}:{{ .Values.image.csi.snapshotter.tag }}" + {{- end }} + {{- if .Values.csi.attacherReplicaCount }} + - name: CSI_ATTACHER_REPLICA_COUNT + value: {{ .Values.csi.attacherReplicaCount | quote }} + {{- end }} + {{- if .Values.csi.provisionerReplicaCount }} + - name: CSI_PROVISIONER_REPLICA_COUNT + value: {{ .Values.csi.provisionerReplicaCount | quote }} + {{- end }} + {{- if .Values.csi.resizerReplicaCount }} + - name: CSI_RESIZER_REPLICA_COUNT + value: {{ .Values.csi.resizerReplicaCount | quote }} + {{- end }} + {{- if .Values.csi.snapshotterReplicaCount }} + - name: CSI_SNAPSHOTTER_REPLICA_COUNT + value: {{ .Values.csi.snapshotterReplicaCount | quote }} + {{- end }} + + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + serviceAccountName: longhorn-service-account + securityContext: + runAsUser: 0 diff --git a/released/charts/longhorn/longhorn/1.1.001/templates/deployment-ui.yaml b/released/charts/longhorn/longhorn/1.1.001/templates/deployment-ui.yaml new file mode 100755 index 000000000..da7c0ea5b --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/templates/deployment-ui.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-ui + name: longhorn-ui + namespace: {{ include "release_namespace" . }} +spec: + replicas: 1 + selector: + matchLabels: + app: longhorn-ui + template: + metadata: + labels: {{- include "longhorn.labels" . | nindent 8 }} + app: longhorn-ui + spec: + containers: + - name: longhorn-ui + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.ui.repository }}:{{ .Values.image.longhorn.ui.tag }} + imagePullPolicy: IfNotPresent + securityContext: + runAsUser: 0 + ports: + - containerPort: 8000 + name: http + env: + - name: LONGHORN_MANAGER_IP + value: "http://longhorn-backend:9500" + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} +--- +kind: Service +apiVersion: v1 +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-ui + {{- if eq .Values.service.ui.type "Rancher-Proxy" }} + kubernetes.io/cluster-service: "true" + {{- end }} + name: longhorn-frontend + namespace: {{ include "release_namespace" . }} +spec: + {{- if eq .Values.service.ui.type "Rancher-Proxy" }} + type: ClusterIP + {{- else }} + type: {{ .Values.service.ui.type }} + {{- end }} + selector: + app: longhorn-ui + ports: + - name: http + port: 80 + targetPort: http + {{- if .Values.service.ui.nodePort }} + nodePort: {{ .Values.service.ui.nodePort }} + {{- else }} + nodePort: null + {{- end }} diff --git a/released/charts/longhorn/longhorn/1.1.001/templates/ingress.yaml b/released/charts/longhorn/longhorn/1.1.001/templates/ingress.yaml new file mode 100755 index 000000000..5b3a40588 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/templates/ingress.yaml @@ -0,0 +1,31 @@ +{{- if .Values.ingress.enabled }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: longhorn-ingress + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-ingress + annotations: + {{- if .Values.ingress.tls }} + ingress.kubernetes.io/secure-backends: "true" + {{- end }} + {{- range $key, $value := .Values.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + rules: + - host: {{ .Values.ingress.host }} + http: + paths: + - path: {{ default "" .Values.ingress.path }} + backend: + serviceName: longhorn-frontend + servicePort: 80 +{{- if .Values.ingress.tls }} + tls: + - hosts: + - {{ .Values.ingress.host }} + secretName: {{ .Values.ingress.tlsSecret }} +{{- end }} +{{- end }} diff --git a/released/charts/longhorn/longhorn/1.1.001/templates/postupgrade-job.yaml b/released/charts/longhorn/longhorn/1.1.001/templates/postupgrade-job.yaml new file mode 100755 index 000000000..6b6a38591 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/templates/postupgrade-job.yaml @@ -0,0 +1,35 @@ +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + "helm.sh/hook": post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation + name: longhorn-post-upgrade + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + activeDeadlineSeconds: 900 + backoffLimit: 1 + template: + metadata: + name: longhorn-post-upgrade + labels: {{- include "longhorn.labels" . | nindent 8 }} + spec: + containers: + - name: longhorn-post-upgrade + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: IfNotPresent + command: + - longhorn-manager + - post-upgrade + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + restartPolicy: OnFailure + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + serviceAccountName: longhorn-service-account diff --git a/released/charts/longhorn/longhorn/1.1.001/templates/psp.yaml b/released/charts/longhorn/longhorn/1.1.001/templates/psp.yaml new file mode 100755 index 000000000..a2dfc05be --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/templates/psp.yaml @@ -0,0 +1,66 @@ +{{- if .Values.enablePSP }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: longhorn-psp + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + privileged: true + allowPrivilegeEscalation: true + requiredDropCapabilities: + - NET_RAW + allowedCapabilities: + - SYS_ADMIN + hostNetwork: false + hostIPC: false + hostPID: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + fsGroup: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - downwardAPI + - emptyDir + - secret + - projected + - hostPath +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: longhorn-psp-role + labels: {{- include "longhorn.labels" . | nindent 4 }} + namespace: {{ include "release_namespace" . }} +rules: +- apiGroups: + - policy + resources: + - podsecuritypolicies + verbs: + - use + resourceNames: + - longhorn-psp +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: longhorn-psp-binding + labels: {{- include "longhorn.labels" . | nindent 4 }} + namespace: {{ include "release_namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: longhorn-psp-role +subjects: +- kind: ServiceAccount + name: longhorn-service-account + namespace: {{ include "release_namespace" . }} +- kind: ServiceAccount + name: default + namespace: {{ include "release_namespace" . }} +{{- end }} diff --git a/released/charts/longhorn/longhorn/1.1.001/templates/registry-secret.yml b/released/charts/longhorn/longhorn/1.1.001/templates/registry-secret.yml new file mode 100755 index 000000000..1c7565fea --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/templates/registry-secret.yml @@ -0,0 +1,11 @@ +{{- if .Values.privateRegistry.registrySecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.privateRegistry.registrySecret }} + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ template "secret" . }} +{{- end }} \ No newline at end of file diff --git a/released/charts/longhorn/longhorn/1.1.001/templates/serviceaccount.yaml b/released/charts/longhorn/longhorn/1.1.001/templates/serviceaccount.yaml new file mode 100755 index 000000000..ad576c353 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/templates/serviceaccount.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: longhorn-service-account + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} diff --git a/released/charts/longhorn/longhorn/1.1.001/templates/storageclass.yaml b/released/charts/longhorn/longhorn/1.1.001/templates/storageclass.yaml new file mode 100755 index 000000000..dea6aafd4 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/templates/storageclass.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: longhorn-storageclass + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +data: + storageclass.yaml: | + kind: StorageClass + apiVersion: storage.k8s.io/v1 + metadata: + name: longhorn + annotations: + storageclass.kubernetes.io/is-default-class: {{ .Values.persistence.defaultClass | quote }} + provisioner: driver.longhorn.io + allowVolumeExpansion: true + reclaimPolicy: "{{ .Values.persistence.reclaimPolicy }}" + volumeBindingMode: Immediate + parameters: + numberOfReplicas: "{{ .Values.persistence.defaultClassReplicaCount }}" + staleReplicaTimeout: "30" + fromBackup: "" + baseImage: "" + {{- if .Values.persistence.recurringJobs.enable }} + recurringJobs: '{{ .Values.persistence.recurringJobs.jobList }}' + {{- end }} diff --git a/released/charts/longhorn/longhorn/1.1.001/templates/tls-secrets.yaml b/released/charts/longhorn/longhorn/1.1.001/templates/tls-secrets.yaml new file mode 100755 index 000000000..a7ebf13e0 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/templates/tls-secrets.yaml @@ -0,0 +1,16 @@ +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: longhorn + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +--- +{{- end }} +{{- end }} diff --git a/released/charts/longhorn/longhorn/1.1.001/templates/uninstall-job.yaml b/released/charts/longhorn/longhorn/1.1.001/templates/uninstall-job.yaml new file mode 100755 index 000000000..e7e9f1457 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/templates/uninstall-job.yaml @@ -0,0 +1,36 @@ +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": hook-succeeded + name: longhorn-uninstall + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + activeDeadlineSeconds: 900 + backoffLimit: 1 + template: + metadata: + name: longhorn-uninstall + labels: {{- include "longhorn.labels" . | nindent 8 }} + spec: + containers: + - name: longhorn-uninstall + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: IfNotPresent + command: + - longhorn-manager + - uninstall + - --force + env: + - name: LONGHORN_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + restartPolicy: OnFailure + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + serviceAccountName: longhorn-service-account diff --git a/released/charts/longhorn/longhorn/1.1.001/templates/userroles.yaml b/released/charts/longhorn/longhorn/1.1.001/templates/userroles.yaml new file mode 100755 index 000000000..37e8e3ddb --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/templates/userroles.yaml @@ -0,0 +1,38 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "longhorn-admin" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: [ "longhorn.io" ] + resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status", + "sharemanagers", "sharemanagers/status"] + verbs: [ "*" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "longhorn-edit" + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: + - apiGroups: [ "longhorn.io" ] + resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status", + "sharemanagers", "sharemanagers/status"] + verbs: [ "*" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "longhorn-view" + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" +rules: + - apiGroups: [ "longhorn.io" ] + resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status", + "sharemanagers", "sharemanagers/status"] + verbs: [ "get", "list", "watch" ] diff --git a/released/charts/longhorn/longhorn/1.1.001/templates/validate-install-crd.yaml b/released/charts/longhorn/longhorn/1.1.001/templates/validate-install-crd.yaml new file mode 100755 index 000000000..a4be98416 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/templates/validate-install-crd.yaml @@ -0,0 +1,21 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "longhorn.io/v1beta1/Engine" false -}} +# {{- set $found "longhorn.io/v1beta1/Replica" false -}} +# {{- set $found "longhorn.io/v1beta1/Setting" false -}} +# {{- set $found "longhorn.io/v1beta1/Volume" false -}} +# {{- set $found "longhorn.io/v1beta1/EngineImage" false -}} +# {{- set $found "longhorn.io/v1beta1/Node" false -}} +# {{- set $found "longhorn.io/v1beta1/InstanceManager" false -}} +# {{- set $found "longhorn.io/v1beta1/ShareManager" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/longhorn/longhorn/1.1.001/values.yaml b/released/charts/longhorn/longhorn/1.1.001/values.yaml new file mode 100755 index 000000000..b1d0995d9 --- /dev/null +++ b/released/charts/longhorn/longhorn/1.1.001/values.yaml @@ -0,0 +1,162 @@ +# Default values for longhorn. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +global: + cattle: + systemDefaultRegistry: "" + +image: + longhorn: + engine: + repository: rancher/mirrored-longhornio-longhorn-engine + tag: v1.1.0 + manager: + repository: rancher/mirrored-longhornio-longhorn-manager + tag: v1.1.0 + ui: + repository: rancher/mirrored-longhornio-longhorn-ui + tag: v1.1.0 + instanceManager: + repository: rancher/mirrored-longhornio-longhorn-instance-manager + tag: v1_20201216 + shareManager: + repository: rancher/mirrored-longhornio-longhorn-share-manager + tag: v1_20201204 + csi: + attacher: + repository: rancher/mirrored-longhornio-csi-attacher + tag: v2.2.1-lh1 + provisioner: + repository: rancher/mirrored-longhornio-csi-provisioner + tag: v1.6.0-lh1 + nodeDriverRegistrar: + repository: rancher/mirrored-longhornio-csi-node-driver-registrar + tag: v1.2.0-lh1 + resizer: + repository: rancher/mirrored-longhornio-csi-resizer + tag: v0.5.1-lh1 + snapshotter: + repository: rancher/mirrored-longhornio-csi-snapshotter + tag: v2.1.1-lh1 + pullPolicy: IfNotPresent + +service: + ui: + type: ClusterIP + nodePort: null + manager: + type: ClusterIP + nodePort: "" + +persistence: + defaultClass: true + defaultClassReplicaCount: 3 + reclaimPolicy: Delete + recurringJobs: + enable: false + jobList: [] + +csi: + kubeletRootDir: ~ + attacherReplicaCount: ~ + provisionerReplicaCount: ~ + resizerReplicaCount: ~ + snapshotterReplicaCount: ~ + +defaultSettings: + backupTarget: ~ + backupTargetCredentialSecret: ~ + allowRecurringJobWhileVolumeDetached: ~ + createDefaultDiskLabeledNodes: ~ + defaultDataPath: ~ + defaultDataLocality: ~ + replicaSoftAntiAffinity: ~ + storageOverProvisioningPercentage: ~ + storageMinimalAvailablePercentage: ~ + upgradeChecker: ~ + defaultReplicaCount: ~ + guaranteedEngineCPU: ~ + defaultLonghornStaticStorageClass: ~ + backupstorePollInterval: ~ + taintToleration: ~ + priorityClass: ~ + autoSalvage: ~ + autoDeletePodWhenVolumeDetachedUnexpectedly: ~ + disableSchedulingOnCordonedNode: ~ + replicaZoneSoftAntiAffinity: ~ + volumeAttachmentRecoveryPolicy: ~ + nodeDownPodDeletionPolicy: ~ + allowNodeDrainWithLastHealthyReplica: ~ + mkfsExt4Parameters: ~ + disableReplicaRebuild: ~ + replicaReplenishmentWaitInterval: ~ + disableRevisionCounter: ~ + systemManagedPodsImagePullPolicy: ~ + allowVolumeCreationWithDegradedAvailability: ~ + autoCleanupSystemGeneratedSnapshot: ~ + +privateRegistry: + registryUrl: ~ + registryUser: ~ + registryPasswd: ~ + registrySecret: ~ + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + # + +ingress: + ## Set to true to enable ingress record generation + enabled: false + + + host: xip.io + + ## Set this to true in order to enable TLS on the ingress record + ## A side effect of this will be that the backend service will be connected at port 443 + tls: false + + ## If TLS is set to true, you must declare what secret will store the key/certificate for TLS + tlsSecret: longhorn.local-tls + + ## Ingress annotations done as key:value pairs + ## If you're using kube-lego, you will want to add: + ## kubernetes.io/tls-acme: true + ## + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/annotations.md + ## + ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set + annotations: + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: true + + secrets: + ## If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate should start with -----BEGIN CERTIFICATE----- or + ## -----BEGIN RSA PRIVATE KEY----- + ## + ## name should line up with a tlsSecret set further up + ## If you're using kube-lego, this is unneeded, as it will create the secret for you if it is not set + ## + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + # - name: longhorn.local-tls + # key: + # certificate: + +# Configure a pod security policy in the Longhorn namespace to allow privileged pods +enablePSP: true + +## Specify override namespace, specifically this is useful for using longhorn as sub-chart +## and its release namespace is not the `longhorn-system` +namespaceOverride: "" diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/Chart.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/Chart.yaml new file mode 100755 index 000000000..03fb6469b --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/Chart.yaml @@ -0,0 +1,21 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Alerting Drivers + catalog.cattle.io/os: linux + catalog.cattle.io/release-name: rancher-alerting-drivers +apiVersion: v2 +appVersion: 1.16.0 +dependencies: +- condition: prom2teams.enabled + name: prom2teams + repository: file://./charts/prom2teams +- condition: sachet.enabled + name: sachet + repository: file://./charts/sachet +description: The manager for third-party webhook receivers used in Prometheus Alertmanager +keywords: +- monitoring +- alertmanger +- webhook +name: rancher-alerting-drivers +version: 1.0.100 diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/app-readme.md b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/app-readme.md new file mode 100755 index 000000000..ea3f11801 --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/app-readme.md @@ -0,0 +1,11 @@ +# Rancher Alerting Drivers + +This chart installs one or more [Alertmanager Webhook Receiver Integrations](https://prometheus.io/docs/operating/integrations/#alertmanager-webhook-receiver) (i.e. Drivers). + +Those Drivers can be targeted by an existing deployment of Alertmanager to send alerts to notification mechanisms that are not natively supported. + +Currently, this chart supports the following Drivers: +- Microsoft Teams, based on [prom2teams](https://github.com/idealista/prom2teams) +- SMS, based on [Sachet](https://github.com/messagebird/sachet) + +After installing rancher-alerting-drivers, please refer to the upstream documentation for each Driver for configuration options. \ No newline at end of file diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/.helmignore b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/.helmignore new file mode 100755 index 000000000..50af03172 --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/Chart.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/Chart.yaml new file mode 100755 index 000000000..463385d4b --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.cattle.io/release-name: rancher-prom2teams +apiVersion: v1 +appVersion: 3.2.1 +description: A Helm chart for Prom2Teams based on the upstream https://github.com/idealista/prom2teams +name: prom2teams +version: 0.2.0 diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/files/teams.j2 b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/files/teams.j2 new file mode 100755 index 000000000..f1cf61d4e --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/files/teams.j2 @@ -0,0 +1,44 @@ +{%- set + theme_colors = { + 'resolved' : '2DC72D', + 'critical' : '8C1A1A', + 'severe' : '8C1A1A', + 'warning' : 'FF9A0B', + 'unknown' : 'CCCCCC' + } +-%} + +{ + "@type": "MessageCard", + "@context": "http://schema.org/extensions", + "themeColor": "{% if status=='resolved' %} {{ theme_colors.resolved }} {% else %} {{ theme_colors[msg_text.severity] }} {% endif %}", + "summary": "{% if status=='resolved' %}(Resolved) {% endif %}{{ msg_text.summary }}", + "title": "Prometheus alert {% if status=='resolved' %}(Resolved) {% elif status=='unknown' %} (status unknown) {% endif %}", + "sections": [{ + "activityTitle": "{{ msg_text.summary }}", + "facts": [{% if msg_text.name %}{ + "name": "Alert", + "value": "{{ msg_text.name }}" + },{% endif %}{% if msg_text.instance %}{ + "name": "In host", + "value": "{{ msg_text.instance }}" + },{% endif %}{% if msg_text.severity %}{ + "name": "Severity", + "value": "{{ msg_text.severity }}" + },{% endif %}{% if msg_text.description %}{ + "name": "Description", + "value": "{{ msg_text.description }}" + },{% endif %}{ + "name": "Status", + "value": "{{ msg_text.status }}" + }{% if msg_text.extra_labels %}{% for key in msg_text.extra_labels %},{ + "name": "{{ key }}", + "value": "{{ msg_text.extra_labels[key] }}" + }{% endfor %}{% endif %} + {% if msg_text.extra_annotations %}{% for key in msg_text.extra_annotations %},{ + "name": "{{ key }}", + "value": "{{ msg_text.extra_annotations[key] }}" + }{% endfor %}{% endif %}], + "markdown": true + }] +} diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/NOTES.txt b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/NOTES.txt new file mode 100755 index 000000000..a94c4132b --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/NOTES.txt @@ -0,0 +1,2 @@ +Prom2Teams has been installed. Check its status by running: + kubectl --namespace {{ .Release.Namespace }} get pods -l "app.kubernetes.io/instance={{ .Release.Name }}" diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/_helpers.tpl b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/_helpers.tpl new file mode 100755 index 000000000..ffc0fa356 --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/_helpers.tpl @@ -0,0 +1,73 @@ +{{/* vim: set filetype=mustache: */}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "prom2teams.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "prom2teams.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts +*/}} +{{- define "prom2teams.namespace" -}} +{{ default .Release.Namespace .Values.global.namespaceOverride }} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "prom2teams.labels" -}} +app.kubernetes.io/name: {{ include "prom2teams.name" . }} +helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +app.kubernetes.io/instance: {{ .Release.Name }} +release: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/configmap.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/configmap.yaml new file mode 100755 index 000000000..ccf38953e --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/configmap.yaml @@ -0,0 +1,39 @@ +{{- $valid := list "DEBUG" "INFO" "WARNING" "ERROR" "CRITICAL" -}} +{{- if not (has .Values.prom2teams.loglevel $valid) -}} +{{- fail "Invalid log level"}} +{{- end -}} +{{- if and .Values.prom2teams.connector (hasKey .Values.prom2teams.connectors "Connector") -}} +{{- fail "Invalid configuration: prom2teams.connectors can't have a connector named Connector when prom2teams.connector is set"}} +{{- end -}} +{{/* Create the configmap when the operation is helm install and the target configmap does not exist. */}} +{{- if not (lookup "v1" "ConfigMap" (include "prom2teams.namespace" . ) (include "prom2teams.fullname" .)) }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ include "prom2teams.namespace" . }} + name: {{ include "prom2teams.fullname" . }} + labels: {{ include "prom2teams.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": pre-install, pre-upgrade + "helm.sh/hook-weight": "3" + "helm.sh/resource-policy": keep +data: + config.ini: |- + [HTTP Server] + Host: {{ .Values.prom2teams.host }} + Port: {{ .Values.prom2teams.port }} + [Microsoft Teams] + {{- with .Values.prom2teams.connector }} + Connector: {{ . }} + {{- end }} + {{- range $key, $val := .Values.prom2teams.connectors }} + {{ $key }}: {{ $val }} + {{- end }} + [Group Alerts] + Field: {{ .Values.prom2teams.group_alerts_by }} + [Log] + Level: {{ .Values.prom2teams.loglevel }} + [Template] + Path: {{ .Values.prom2teams.templatepath }} + teams.j2: {{ .Files.Get "files/teams.j2" | quote }} + {{- end -}} diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/deployment.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/deployment.yaml new file mode 100755 index 000000000..c7149b9da --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/deployment.yaml @@ -0,0 +1,77 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "prom2teams.fullname" . }} + namespace: {{ include "prom2teams.namespace" . }} + labels: {{ include "prom2teams.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "prom2teams.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "prom2teams.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + spec: + serviceAccountName: {{ include "prom2teams.fullname" . }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: {{ toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: config + configMap: + name: {{ include "prom2teams.fullname" . }} + containers: + - name: {{ .Chart.Name }} + image: {{ include "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: 8089 + protocol: TCP + volumeMounts: + - name: config + mountPath: /opt/prom2teams/helmconfig/ + env: + - name: APP_CONFIG_FILE + value: {{ .Values.prom2teams.config | quote }} + - name: PROM2TEAMS_PORT + value: {{ .Values.prom2teams.port | quote }} + - name: PROM2TEAMS_HOST + value: {{ .Values.prom2teams.ip | quote }} + - name: PROM2TEAMS_CONNECTOR + value: {{ .Values.prom2teams.connector | quote }} + - name: PROM2TEAMS_GROUP_ALERTS_BY + value: {{ .Values.prom2teams.group_alerts_by | quote }} + resources: {{ toYaml .Values.resources | nindent 12 }} + {{- if .Values.securityContext.enabled }} + securityContext: + privileged: false + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + {{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} + {{- if .Values.nodeSelector }} + {{- toYaml .Values.nodeSelector | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: {{ toYaml . | nindent 8 }} + {{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} + {{- if .Values.tolerations }} + {{- toYaml .Values.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + runAsNonRoot: {{ if eq (int .Values.securityContext.runAsUser) 0 }}false{{ else }}true{{ end }} + runAsUser: {{ .Values.securityContext.runAsUser }} + runAsGroup: {{ .Values.securityContext.runAsGroup }} + fsGroup: {{ .Values.securityContext.fsGroup }} + {{- end }} + diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/psp.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/psp.yaml new file mode 100755 index 000000000..37f21f52a --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/psp.yaml @@ -0,0 +1,28 @@ +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "prom2teams.fullname" . }}-psp + labels: {{ include "prom2teams.labels" . | nindent 4 }} +spec: + privileged: false + allowPrivilegeEscalation: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'configMap' diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/role.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/role.yaml new file mode 100755 index 000000000..25391d588 --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/role.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "prom2teams.fullname" . }}-psp + namespace: {{ include "prom2teams.namespace" . }} + labels: {{ include "prom2teams.labels" . | nindent 4 }} +rules: + - apiGroups: + - policy + resourceNames: + - {{ include "prom2teams.fullname" . }}-psp + resources: + - podsecuritypolicies + verbs: + - use diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/rolebinding.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/rolebinding.yaml new file mode 100755 index 000000000..3ca8bc252 --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/rolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "prom2teams.fullname" . }}-psp + namespace: {{ include "prom2teams.namespace" . }} + labels: {{ include "prom2teams.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "prom2teams.fullname" . }}-psp +subjects: + - kind: ServiceAccount + name: {{ include "prom2teams.fullname" . }} diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/service-account.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/service-account.yaml new file mode 100755 index 000000000..a9572c5cd --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/service-account.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "prom2teams.fullname" . }} + namespace: {{ include "prom2teams.namespace" . }} + labels: {{ include "prom2teams.labels" . | nindent 4 }} diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/service.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/service.yaml new file mode 100755 index 000000000..cc95cad35 --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/templates/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "prom2teams.fullname" . }} + namespace: {{ include "prom2teams.namespace" . }} + labels: +{{ include "prom2teams.labels" . | indent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: 8089 + protocol: TCP + name: http + selector: + app.kubernetes.io/name: {{ include "prom2teams.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/values.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/values.yaml new file mode 100755 index 000000000..dcbbd8cfa --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/prom2teams/values.yaml @@ -0,0 +1,62 @@ +# Default values for prom2teams. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: + cattle: + systemDefaultRegistry: "" + namespaceOverride: "" + +nameOverride: "prom2teams" +fullnameOverride: "" + +replicaCount: 1 + +image: + repository: rancher/mirrored-idealista-prom2teams + tag: 3.2.1 + pullPolicy: IfNotPresent + +resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 200m + memory: 200Mi + +service: + type: ClusterIP + port: 8089 + +prom2teams: + host: 0.0.0.0 + port: 8089 + connector: the-connector-url + connectors: {} + # group_alerts_by can be one of + # ("name" | "description" | "instance" | "severity" | "status" | "summary" | "fingerprint" | "runbook_url") + group_alerts_by: + # loglevel can be one of (DEBUG | INFO | WARNING | ERROR | CRITICAL) + loglevel: INFO + templatepath: /opt/prom2teams/helmconfig/teams.j2 + config: /opt/prom2teams/helmconfig/config.ini + +# Security Context properties +securityContext: + # enabled is a flag to enable Security Context + enabled: true + # runAsUser is the user ID used to run the container + runAsUser: 65534 + # runAsGroup is the primary group ID used to run all processes within any container of the pod + runAsGroup: 65534 + # fsGroup is the group ID associated with the container + fsGroup: 65534 + # readOnlyRootFilesystem is a flag to enable readOnlyRootFilesystem for the Hazelcast security context + readOnlyRootFilesystem: true + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/.helmignore b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/Chart.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/Chart.yaml new file mode 100755 index 000000000..493bd9d9e --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/Chart.yaml @@ -0,0 +1,11 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.cattle.io/release-name: rancher-sachet +apiVersion: v2 +appVersion: 0.2.3 +description: A Helm chart for Sachet based on the upstream https://github.com/messagebird/sachet +name: sachet +type: application +version: 1.0.1 diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/files/template.tmpl b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/files/template.tmpl new file mode 100755 index 000000000..08f24e138 --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/files/template.tmpl @@ -0,0 +1 @@ +# reference: https://github.com/messagebird/sachet/blob/master/examples/telegram.tmpl diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/NOTES.txt b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/NOTES.txt new file mode 100755 index 000000000..247a91fc1 --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/NOTES.txt @@ -0,0 +1,3 @@ +rancher-sachet is now installed on the cluster! +Please refer to the upstream documentation for configuration options: +https://github.com/messagebird/sachet diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/_helpers.tpl b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/_helpers.tpl new file mode 100755 index 000000000..eaa61fee5 --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/_helpers.tpl @@ -0,0 +1,79 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts +*/}} +{{- define "sachet.namespace" -}} +{{ default .Release.Namespace .Values.global.namespaceOverride }} +{{- end }} + +{{/* +Expand the name of the chart. +*/}} +{{- define "sachet.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "sachet.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "sachet.labels" -}} +helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{ include "sachet.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "sachet.selectorLabels" -}} +app.kubernetes.io/name: {{ include "sachet.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + + diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/configmap-pre-install.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/configmap-pre-install.yaml new file mode 100755 index 000000000..8472914a9 --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/configmap-pre-install.yaml @@ -0,0 +1,21 @@ +{{/*This file is applied when the operation is helm install and the target confimap does not exist. */}} +{{- if not (lookup "v1" "ConfigMap" (include "sachet.namespace" . ) (include "sachet.fullname" .)) }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ include "sachet.namespace" . }} + name: {{ include "sachet.fullname" . }} + labels: {{ include "sachet.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": pre-install, pre-upgrade + "helm.sh/hook-weight": "3" + "helm.sh/resource-policy": keep +data: + config.yaml: |- + {{- with .Values.sachet.providers }} + providers: {{ toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.sachet.receivers }} + receivers: {{ toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/deployment.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/deployment.yaml new file mode 100755 index 000000000..17215eebd --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/deployment.yaml @@ -0,0 +1,75 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "sachet.fullname" . }} + namespace: {{ include "sachet.namespace" . }} + labels: {{ include "sachet.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: {{ include "sachet.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: {{ toYaml . | nindent 8 }} + {{- end }} + labels: {{ include "sachet.selectorLabels" . | nindent 8 }} + spec: + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} + {{- if .Values.nodeSelector }} + {{- toYaml .Values.nodeSelector | nindent 8 }} + {{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} + {{- if .Values.tolerations }} + {{- toYaml .Values.tolerations | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: {{ toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "sachet.fullname" . }} + {{- with .Values.podSecurityContext }} + securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + securityContext: {{ toYaml .Values.securityContext | nindent 12 }} + image: {{ include "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: 9876 + protocol: TCP + livenessProbe: + httpGet: + path: /-/live + port: http + readinessProbe: + httpGet: + path: /-/ready + port: http + volumeMounts: + - mountPath: /etc/sachet/ + name: config-volume + {{- with .Values.resources }} + resources: {{ toYaml .Values.resources | nindent 12 }} + {{- end }} + - name: config-reloader + securityContext: {{ toYaml .Values.securityContext | nindent 12 }} + image: {{ include "system_default_registry" . }}{{ .Values.configReloader.repository }}:{{ .Values.configReloader.tag }} + imagePullPolicy: {{ .Values.configReloader.pullPolicy }} + args: + - -volume-dir=/watch-config + - -webhook-method=POST + - -webhook-status-code=200 + - -webhook-url=http://127.0.0.1:{{ .Values.service.port }}/-/reload + volumeMounts: + - mountPath: /watch-config + name: config-volume + volumes: + - name: config-volume + configMap: + name: {{ include "sachet.fullname" . }} + defaultMode: 0777 diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/psp.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/psp.yaml new file mode 100755 index 000000000..1cc5b0895 --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/psp.yaml @@ -0,0 +1,28 @@ +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "sachet.fullname" . }}-psp + labels: {{ include "sachet.labels" . | nindent 4 }} +spec: + privileged: false + allowPrivilegeEscalation: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'configMap' diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/role.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/role.yaml new file mode 100755 index 000000000..05d4410e3 --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/role.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "sachet.fullname" . }}-psp + namespace: {{ include "sachet.namespace" . }} + labels: {{ include "sachet.labels" . | nindent 4 }} +rules: + - apiGroups: + - policy + resourceNames: + - {{ include "sachet.fullname" . }}-psp + resources: + - podsecuritypolicies + verbs: + - use diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/rolebinding.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/rolebinding.yaml new file mode 100755 index 000000000..174f0d9e8 --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/rolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "sachet.fullname" . }}-psp + namespace: {{ include "sachet.namespace" . }} + labels: {{ include "sachet.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "sachet.fullname" . }}-psp +subjects: + - kind: ServiceAccount + name: {{ include "sachet.fullname" . }} diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/service-account.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/service-account.yaml new file mode 100755 index 000000000..8833f1b3b --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/service-account.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "sachet.fullname" . }} + namespace: {{ include "sachet.namespace" . }} + labels: {{ include "sachet.labels" . | nindent 4 }} diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/service.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/service.yaml new file mode 100755 index 000000000..216e8322c --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/templates/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "sachet.fullname" . }} + namespace: {{ include "sachet.namespace" . }} + labels: {{ include "sachet.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + {{- if contains "NodePort" .Values.service.type }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + selector: {{ include "sachet.selectorLabels" . | nindent 4 }} diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/values.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/values.yaml new file mode 100755 index 000000000..b00cf0b18 --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/charts/sachet/values.yaml @@ -0,0 +1,63 @@ +# Default values for sachet. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: + cattle: + systemDefaultRegistry: "" + namespaceOverride: "" + +nameOverride: "sachet" +fullnameOverride: "" + +configReloader: + repository: rancher/mirrored-jimmidyson-configmap-reload + pullPolicy: IfNotPresent + tag: v0.4.0 + +sachet: + # reference: https://github.com/messagebird/sachet/blob/master/examples/config.yaml + providers: {} + + receivers: [] + +replicaCount: 1 + +image: + repository: rancher/mirrored-messagebird-sachet + pullPolicy: IfNotPresent + tag: 0.2.3 + +imagePullSecrets: [] + +podAnnotations: {} + +podSecurityContext: + +securityContext: + runAsUser: 1000 + runAsNonRoot: true + runAsGroup: 1000 + +service: + type: ClusterIP + port: 9876 + nodePort: 30001 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/questions.yml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/questions.yml new file mode 100755 index 000000000..741808c23 --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/questions.yml @@ -0,0 +1,14 @@ +categories: + - monitoring +namespace: cattle-monitoring-system +questions: + - variable: prom2teams.enabled + default: false + label: Enable Microsoft Teams + type: boolean + group: "General" + - variable: sachet.enabled + default: false + label: Enable SMS + type: boolean + group: "General" diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/templates/NOTES.txt b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/templates/NOTES.txt new file mode 100755 index 000000000..59c1415e0 --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/templates/NOTES.txt @@ -0,0 +1,2 @@ +rancher-alerting-drivers is now installed on the cluster! +Please refer to the upstream documentation for each Driver for configuration options. \ No newline at end of file diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/templates/_helpers.tpl b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/templates/_helpers.tpl new file mode 100755 index 000000000..e57f6ff74 --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/templates/_helpers.tpl @@ -0,0 +1,91 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "drivers.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "drivers.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "drivers.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "drivers.labels" -}} +helm.sh/chart: {{ include "drivers.chart" . }} +{{ include "drivers.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "drivers.selectorLabels" -}} +app.kubernetes.io/name: {{ include "drivers.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "drivers.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "drivers.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +https://github.com/helm/helm/issues/4535#issuecomment-477778391 +Usage: {{ include "call-nested" (list . "SUBCHART_NAME" "TEMPLATE") }} +e.g. {{ include "call-nested" (list . "grafana" "grafana.fullname") }} +*/}} +{{- define "call-nested" }} +{{- $dot := index . 0 }} +{{- $subchart := index . 1 | splitList "." }} +{{- $template := index . 2 }} +{{- $values := $dot.Values }} +{{- range $subchart }} +{{- $values = index $values . }} +{{- end }} +{{- include $template (dict "Chart" (dict "Name" (last $subchart)) "Values" $values "Release" $dot.Release "Capabilities" $dot.Capabilities) }} +{{- end }} + + +{{/* +Get the list of configMaps to be managed +*/}} +{{- define "drivers.configmapList" -}} +{{- if .Values.sachet.enabled -}} +- {{ include "call-nested" (list . "sachet" "sachet.fullname") }} +{{- end }} +{{- if .Values.prom2teams.enabled -}} +- {{ include "call-nested" (list . "prom2teams" "prom2teams.fullname") }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/templates/cluster-role.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/templates/cluster-role.yaml new file mode 100755 index 000000000..e3022a7ca --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/templates/cluster-role.yaml @@ -0,0 +1,50 @@ +{{- if and (not .Values.sachet.enabled) (not .Values.prom2teams.enabled) -}} +{{- fail "At least one Driver must be enabled to install the chart. " }} +{{- end -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "drivers.fullname" . }}-admin + labels: {{ include "drivers.labels" . | nindent 4 }} + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: + - "" + resources: + - configmaps + resourceNames: {{ include "drivers.configmapList" . | nindent 6 }} + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "drivers.fullname" . }}-edit + labels: {{ include "drivers.labels" . | nindent 4 }} + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: + - apiGroups: + - "" + resources: + - configmaps + resourceNames: {{ include "drivers.configmapList" . | nindent 6 }} + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "drivers.fullname" . }}-view + labels: {{ include "drivers.labels" . | nindent 4 }} + rbac.authorization.k8s.io/aggregate-to-view: "true" +rules: + - apiGroups: + - "" + resources: + - configmaps + resourceNames: {{ include "drivers.configmapList" . | nindent 6 }} + verbs: + - 'get' + - 'list' + - 'watch' diff --git a/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/values.yaml b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/values.yaml new file mode 100755 index 000000000..ff9ab90e0 --- /dev/null +++ b/released/charts/rancher-alerting-drivers/rancher-alerting-drivers/1.0.100/values.yaml @@ -0,0 +1,17 @@ +# Default values for rancher-alerting-driver. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: + cattle: + # the registry where all images will be pulled from + systemDefaultRegistry: "" + # set this value if you want the sub-charts to be installed into + # a namespace rather than where this chart is installed + namespaceOverride: "" + +prom2teams: + enabled: false + +sachet: + enabled: false diff --git a/released/charts/rancher-backup-crd/rancher-backup-crd/1.0.400/Chart.yaml b/released/charts/rancher-backup-crd/rancher-backup-crd/1.0.400/Chart.yaml new file mode 100755 index 000000000..dd3f43a33 --- /dev/null +++ b/released/charts/rancher-backup-crd/rancher-backup-crd/1.0.400/Chart.yaml @@ -0,0 +1,11 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-resources-system + catalog.cattle.io/release-name: rancher-backup-crd +apiVersion: v2 +appVersion: 1.0.4 +description: Installs the CRDs for rancher-backup. +name: rancher-backup-crd +type: application +version: 1.0.400 diff --git a/released/charts/rancher-backup-crd/rancher-backup-crd/1.0.400/README.md b/released/charts/rancher-backup-crd/rancher-backup-crd/1.0.400/README.md new file mode 100755 index 000000000..046410962 --- /dev/null +++ b/released/charts/rancher-backup-crd/rancher-backup-crd/1.0.400/README.md @@ -0,0 +1,3 @@ +# Rancher Backup CRD + +A Rancher chart that installs the CRDs used by `rancher-backup`. diff --git a/released/charts/rancher-backup-crd/rancher-backup-crd/1.0.400/templates/backup.yaml b/released/charts/rancher-backup-crd/rancher-backup-crd/1.0.400/templates/backup.yaml new file mode 100755 index 000000000..a4b9471c0 --- /dev/null +++ b/released/charts/rancher-backup-crd/rancher-backup-crd/1.0.400/templates/backup.yaml @@ -0,0 +1,119 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: backups.resources.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .status.storageLocation + name: Location + type: string + - JSONPath: .status.backupType + name: Type + type: string + - JSONPath: .status.filename + name: Latest-Backup + type: string + - JSONPath: .spec.resourceSetName + name: ResourceSet + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + group: resources.cattle.io + names: + kind: Backup + plural: backups + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + encryptionConfigSecretName: + description: Name of the Secret containing the encryption config + type: string + resourceSetName: + description: Name of the ResourceSet CR to use for backup + type: string + retentionCount: + minimum: 1 + type: integer + schedule: + description: Cron schedule for recurring backups + example: + Descriptors: '@midnight' + Standard crontab specs: 0 0 * * * + type: string + storageLocation: + nullable: true + properties: + s3: + nullable: true + properties: + bucketName: + type: string + credentialSecretName: + type: string + credentialSecretNamespace: + type: string + endpoint: + type: string + endpointCA: + type: string + folder: + type: string + insecureTLSSkipVerify: + type: boolean + region: + type: string + type: object + type: object + required: + - resourceSetName + type: object + status: + properties: + backupType: + type: string + conditions: + items: + properties: + lastTransitionTime: + type: string + lastUpdateTime: + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + nullable: true + type: array + filename: + type: string + lastSnapshotTs: + type: string + nextSnapshotAt: + type: string + observedGeneration: + type: integer + storageLocation: + type: string + summary: + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-backup-crd/rancher-backup-crd/1.0.400/templates/resourceset.yaml b/released/charts/rancher-backup-crd/rancher-backup-crd/1.0.400/templates/resourceset.yaml new file mode 100755 index 000000000..665ef786d --- /dev/null +++ b/released/charts/rancher-backup-crd/rancher-backup-crd/1.0.400/templates/resourceset.yaml @@ -0,0 +1,94 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: resourcesets.resources.cattle.io +spec: + group: resources.cattle.io + names: + kind: ResourceSet + plural: resourcesets + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + controllerReferences: + items: + properties: + apiVersion: + type: string + name: + type: string + namespace: + type: string + replicas: + type: integer + resource: + type: string + type: object + nullable: true + type: array + resourceSelectors: + items: + properties: + apiVersion: + type: string + kinds: + items: + type: string + nullable: true + type: array + kindsRegexp: + type: string + labelSelectors: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + type: string + nullable: true + type: object + type: object + namespaceRegexp: + type: string + namespaces: + items: + type: string + nullable: true + type: array + resourceNameRegexp: + type: string + resourceNames: + items: + type: string + nullable: true + type: array + type: object + nullable: true + required: + - apiVersion + type: array + required: + - resourceSelectors + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-backup-crd/rancher-backup-crd/1.0.400/templates/restore.yaml b/released/charts/rancher-backup-crd/rancher-backup-crd/1.0.400/templates/restore.yaml new file mode 100755 index 000000000..1ad7d1721 --- /dev/null +++ b/released/charts/rancher-backup-crd/rancher-backup-crd/1.0.400/templates/restore.yaml @@ -0,0 +1,102 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: restores.resources.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .status.backupSource + name: Backup-Source + type: string + - JSONPath: .spec.backupFilename + name: Backup-File + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + group: resources.cattle.io + names: + kind: Restore + plural: restores + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + backupFilename: + type: string + deleteTimeoutSeconds: + maximum: 10 + type: integer + encryptionConfigSecretName: + type: string + prune: + nullable: true + type: boolean + storageLocation: + nullable: true + properties: + s3: + nullable: true + properties: + bucketName: + type: string + credentialSecretName: + type: string + credentialSecretNamespace: + type: string + endpoint: + type: string + endpointCA: + type: string + folder: + type: string + insecureTLSSkipVerify: + type: boolean + region: + type: string + type: object + type: object + required: + - backupFilename + type: object + status: + properties: + backupSource: + type: string + conditions: + items: + properties: + lastTransitionTime: + type: string + lastUpdateTime: + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + nullable: true + type: array + observedGeneration: + type: integer + restoreCompletionTs: + type: string + summary: + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-backup/rancher-backup-crd/1.0.200/Chart.yaml b/released/charts/rancher-backup/rancher-backup-crd/1.0.200/Chart.yaml new file mode 100644 index 000000000..b09f805f1 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup-crd/1.0.200/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-resources-system + catalog.cattle.io/release-name: rancher-backup-crd +apiVersion: v1 +description: Installs the CRDs for rancher-backup. +name: rancher-backup-crd +type: application +version: 1.0.200 diff --git a/released/charts/rancher-backup/rancher-backup-crd/1.0.200/README.md b/released/charts/rancher-backup/rancher-backup-crd/1.0.200/README.md new file mode 100644 index 000000000..f7efdcc7f --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup-crd/1.0.200/README.md @@ -0,0 +1,2 @@ +# rancher-backup-crd +A Rancher chart that installs the CRDs used by [rancher-backup](https://github.com/rancher/dev-charts/tree/master/packages/rancher-backup). diff --git a/released/charts/rancher-backup/rancher-backup-crd/1.0.200/templates/backup.yaml b/released/charts/rancher-backup/rancher-backup-crd/1.0.200/templates/backup.yaml new file mode 100644 index 000000000..a4b9471c0 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup-crd/1.0.200/templates/backup.yaml @@ -0,0 +1,119 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: backups.resources.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .status.storageLocation + name: Location + type: string + - JSONPath: .status.backupType + name: Type + type: string + - JSONPath: .status.filename + name: Latest-Backup + type: string + - JSONPath: .spec.resourceSetName + name: ResourceSet + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + group: resources.cattle.io + names: + kind: Backup + plural: backups + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + encryptionConfigSecretName: + description: Name of the Secret containing the encryption config + type: string + resourceSetName: + description: Name of the ResourceSet CR to use for backup + type: string + retentionCount: + minimum: 1 + type: integer + schedule: + description: Cron schedule for recurring backups + example: + Descriptors: '@midnight' + Standard crontab specs: 0 0 * * * + type: string + storageLocation: + nullable: true + properties: + s3: + nullable: true + properties: + bucketName: + type: string + credentialSecretName: + type: string + credentialSecretNamespace: + type: string + endpoint: + type: string + endpointCA: + type: string + folder: + type: string + insecureTLSSkipVerify: + type: boolean + region: + type: string + type: object + type: object + required: + - resourceSetName + type: object + status: + properties: + backupType: + type: string + conditions: + items: + properties: + lastTransitionTime: + type: string + lastUpdateTime: + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + nullable: true + type: array + filename: + type: string + lastSnapshotTs: + type: string + nextSnapshotAt: + type: string + observedGeneration: + type: integer + storageLocation: + type: string + summary: + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-backup/rancher-backup-crd/1.0.200/templates/resourceset.yaml b/released/charts/rancher-backup/rancher-backup-crd/1.0.200/templates/resourceset.yaml new file mode 100644 index 000000000..665ef786d --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup-crd/1.0.200/templates/resourceset.yaml @@ -0,0 +1,94 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: resourcesets.resources.cattle.io +spec: + group: resources.cattle.io + names: + kind: ResourceSet + plural: resourcesets + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + controllerReferences: + items: + properties: + apiVersion: + type: string + name: + type: string + namespace: + type: string + replicas: + type: integer + resource: + type: string + type: object + nullable: true + type: array + resourceSelectors: + items: + properties: + apiVersion: + type: string + kinds: + items: + type: string + nullable: true + type: array + kindsRegexp: + type: string + labelSelectors: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + type: string + nullable: true + type: object + type: object + namespaceRegexp: + type: string + namespaces: + items: + type: string + nullable: true + type: array + resourceNameRegexp: + type: string + resourceNames: + items: + type: string + nullable: true + type: array + type: object + nullable: true + required: + - apiVersion + type: array + required: + - resourceSelectors + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-backup/rancher-backup-crd/1.0.200/templates/restore.yaml b/released/charts/rancher-backup/rancher-backup-crd/1.0.200/templates/restore.yaml new file mode 100644 index 000000000..1ad7d1721 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup-crd/1.0.200/templates/restore.yaml @@ -0,0 +1,102 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: restores.resources.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .status.backupSource + name: Backup-Source + type: string + - JSONPath: .spec.backupFilename + name: Backup-File + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + group: resources.cattle.io + names: + kind: Restore + plural: restores + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + backupFilename: + type: string + deleteTimeoutSeconds: + maximum: 10 + type: integer + encryptionConfigSecretName: + type: string + prune: + nullable: true + type: boolean + storageLocation: + nullable: true + properties: + s3: + nullable: true + properties: + bucketName: + type: string + credentialSecretName: + type: string + credentialSecretNamespace: + type: string + endpoint: + type: string + endpointCA: + type: string + folder: + type: string + insecureTLSSkipVerify: + type: boolean + region: + type: string + type: object + type: object + required: + - backupFilename + type: object + status: + properties: + backupSource: + type: string + conditions: + items: + properties: + lastTransitionTime: + type: string + lastUpdateTime: + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + nullable: true + type: array + observedGeneration: + type: integer + restoreCompletionTs: + type: string + summary: + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-backup/rancher-backup-crd/1.0.201/Chart.yaml b/released/charts/rancher-backup/rancher-backup-crd/1.0.201/Chart.yaml new file mode 100644 index 000000000..ebb25151d --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup-crd/1.0.201/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-resources-system + catalog.cattle.io/release-name: rancher-backup-crd +apiVersion: v1 +description: Installs the CRDs for rancher-backup. +name: rancher-backup-crd +type: application +version: 1.0.201 diff --git a/released/charts/rancher-backup/rancher-backup-crd/1.0.201/README.md b/released/charts/rancher-backup/rancher-backup-crd/1.0.201/README.md new file mode 100644 index 000000000..b8bbba6fd --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup-crd/1.0.201/README.md @@ -0,0 +1,2 @@ +# rancher-backup-crd +A Rancher chart that installs the CRDs used by rancher-backup. diff --git a/released/charts/rancher-backup/rancher-backup-crd/1.0.201/templates/backup.yaml b/released/charts/rancher-backup/rancher-backup-crd/1.0.201/templates/backup.yaml new file mode 100644 index 000000000..a4b9471c0 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup-crd/1.0.201/templates/backup.yaml @@ -0,0 +1,119 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: backups.resources.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .status.storageLocation + name: Location + type: string + - JSONPath: .status.backupType + name: Type + type: string + - JSONPath: .status.filename + name: Latest-Backup + type: string + - JSONPath: .spec.resourceSetName + name: ResourceSet + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + group: resources.cattle.io + names: + kind: Backup + plural: backups + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + encryptionConfigSecretName: + description: Name of the Secret containing the encryption config + type: string + resourceSetName: + description: Name of the ResourceSet CR to use for backup + type: string + retentionCount: + minimum: 1 + type: integer + schedule: + description: Cron schedule for recurring backups + example: + Descriptors: '@midnight' + Standard crontab specs: 0 0 * * * + type: string + storageLocation: + nullable: true + properties: + s3: + nullable: true + properties: + bucketName: + type: string + credentialSecretName: + type: string + credentialSecretNamespace: + type: string + endpoint: + type: string + endpointCA: + type: string + folder: + type: string + insecureTLSSkipVerify: + type: boolean + region: + type: string + type: object + type: object + required: + - resourceSetName + type: object + status: + properties: + backupType: + type: string + conditions: + items: + properties: + lastTransitionTime: + type: string + lastUpdateTime: + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + nullable: true + type: array + filename: + type: string + lastSnapshotTs: + type: string + nextSnapshotAt: + type: string + observedGeneration: + type: integer + storageLocation: + type: string + summary: + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-backup/rancher-backup-crd/1.0.201/templates/resourceset.yaml b/released/charts/rancher-backup/rancher-backup-crd/1.0.201/templates/resourceset.yaml new file mode 100644 index 000000000..665ef786d --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup-crd/1.0.201/templates/resourceset.yaml @@ -0,0 +1,94 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: resourcesets.resources.cattle.io +spec: + group: resources.cattle.io + names: + kind: ResourceSet + plural: resourcesets + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + controllerReferences: + items: + properties: + apiVersion: + type: string + name: + type: string + namespace: + type: string + replicas: + type: integer + resource: + type: string + type: object + nullable: true + type: array + resourceSelectors: + items: + properties: + apiVersion: + type: string + kinds: + items: + type: string + nullable: true + type: array + kindsRegexp: + type: string + labelSelectors: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + type: string + nullable: true + type: object + type: object + namespaceRegexp: + type: string + namespaces: + items: + type: string + nullable: true + type: array + resourceNameRegexp: + type: string + resourceNames: + items: + type: string + nullable: true + type: array + type: object + nullable: true + required: + - apiVersion + type: array + required: + - resourceSelectors + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-backup/rancher-backup-crd/1.0.201/templates/restore.yaml b/released/charts/rancher-backup/rancher-backup-crd/1.0.201/templates/restore.yaml new file mode 100644 index 000000000..1ad7d1721 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup-crd/1.0.201/templates/restore.yaml @@ -0,0 +1,102 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: restores.resources.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .status.backupSource + name: Backup-Source + type: string + - JSONPath: .spec.backupFilename + name: Backup-File + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + group: resources.cattle.io + names: + kind: Restore + plural: restores + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + backupFilename: + type: string + deleteTimeoutSeconds: + maximum: 10 + type: integer + encryptionConfigSecretName: + type: string + prune: + nullable: true + type: boolean + storageLocation: + nullable: true + properties: + s3: + nullable: true + properties: + bucketName: + type: string + credentialSecretName: + type: string + credentialSecretNamespace: + type: string + endpoint: + type: string + endpointCA: + type: string + folder: + type: string + insecureTLSSkipVerify: + type: boolean + region: + type: string + type: object + type: object + required: + - backupFilename + type: object + status: + properties: + backupSource: + type: string + conditions: + items: + properties: + lastTransitionTime: + type: string + lastUpdateTime: + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + nullable: true + type: array + observedGeneration: + type: integer + restoreCompletionTs: + type: string + summary: + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-backup/rancher-backup-crd/1.0.300/Chart.yaml b/released/charts/rancher-backup/rancher-backup-crd/1.0.300/Chart.yaml new file mode 100644 index 000000000..909e94ff1 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup-crd/1.0.300/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-resources-system + catalog.cattle.io/release-name: rancher-backup-crd +apiVersion: v1 +description: Installs the CRDs for rancher-backup. +name: rancher-backup-crd +type: application +version: 1.0.300 diff --git a/released/charts/rancher-backup/rancher-backup-crd/1.0.300/README.md b/released/charts/rancher-backup/rancher-backup-crd/1.0.300/README.md new file mode 100644 index 000000000..b8bbba6fd --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup-crd/1.0.300/README.md @@ -0,0 +1,2 @@ +# rancher-backup-crd +A Rancher chart that installs the CRDs used by rancher-backup. diff --git a/released/charts/rancher-backup/rancher-backup-crd/1.0.300/templates/backup.yaml b/released/charts/rancher-backup/rancher-backup-crd/1.0.300/templates/backup.yaml new file mode 100644 index 000000000..a4b9471c0 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup-crd/1.0.300/templates/backup.yaml @@ -0,0 +1,119 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: backups.resources.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .status.storageLocation + name: Location + type: string + - JSONPath: .status.backupType + name: Type + type: string + - JSONPath: .status.filename + name: Latest-Backup + type: string + - JSONPath: .spec.resourceSetName + name: ResourceSet + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + group: resources.cattle.io + names: + kind: Backup + plural: backups + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + encryptionConfigSecretName: + description: Name of the Secret containing the encryption config + type: string + resourceSetName: + description: Name of the ResourceSet CR to use for backup + type: string + retentionCount: + minimum: 1 + type: integer + schedule: + description: Cron schedule for recurring backups + example: + Descriptors: '@midnight' + Standard crontab specs: 0 0 * * * + type: string + storageLocation: + nullable: true + properties: + s3: + nullable: true + properties: + bucketName: + type: string + credentialSecretName: + type: string + credentialSecretNamespace: + type: string + endpoint: + type: string + endpointCA: + type: string + folder: + type: string + insecureTLSSkipVerify: + type: boolean + region: + type: string + type: object + type: object + required: + - resourceSetName + type: object + status: + properties: + backupType: + type: string + conditions: + items: + properties: + lastTransitionTime: + type: string + lastUpdateTime: + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + nullable: true + type: array + filename: + type: string + lastSnapshotTs: + type: string + nextSnapshotAt: + type: string + observedGeneration: + type: integer + storageLocation: + type: string + summary: + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-backup/rancher-backup-crd/1.0.300/templates/resourceset.yaml b/released/charts/rancher-backup/rancher-backup-crd/1.0.300/templates/resourceset.yaml new file mode 100644 index 000000000..665ef786d --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup-crd/1.0.300/templates/resourceset.yaml @@ -0,0 +1,94 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: resourcesets.resources.cattle.io +spec: + group: resources.cattle.io + names: + kind: ResourceSet + plural: resourcesets + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + controllerReferences: + items: + properties: + apiVersion: + type: string + name: + type: string + namespace: + type: string + replicas: + type: integer + resource: + type: string + type: object + nullable: true + type: array + resourceSelectors: + items: + properties: + apiVersion: + type: string + kinds: + items: + type: string + nullable: true + type: array + kindsRegexp: + type: string + labelSelectors: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + type: string + nullable: true + type: object + type: object + namespaceRegexp: + type: string + namespaces: + items: + type: string + nullable: true + type: array + resourceNameRegexp: + type: string + resourceNames: + items: + type: string + nullable: true + type: array + type: object + nullable: true + required: + - apiVersion + type: array + required: + - resourceSelectors + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-backup/rancher-backup-crd/1.0.300/templates/restore.yaml b/released/charts/rancher-backup/rancher-backup-crd/1.0.300/templates/restore.yaml new file mode 100644 index 000000000..1ad7d1721 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup-crd/1.0.300/templates/restore.yaml @@ -0,0 +1,102 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: restores.resources.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .status.backupSource + name: Backup-Source + type: string + - JSONPath: .spec.backupFilename + name: Backup-File + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + group: resources.cattle.io + names: + kind: Restore + plural: restores + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + backupFilename: + type: string + deleteTimeoutSeconds: + maximum: 10 + type: integer + encryptionConfigSecretName: + type: string + prune: + nullable: true + type: boolean + storageLocation: + nullable: true + properties: + s3: + nullable: true + properties: + bucketName: + type: string + credentialSecretName: + type: string + credentialSecretNamespace: + type: string + endpoint: + type: string + endpointCA: + type: string + folder: + type: string + insecureTLSSkipVerify: + type: boolean + region: + type: string + type: object + type: object + required: + - backupFilename + type: object + status: + properties: + backupSource: + type: string + conditions: + items: + properties: + lastTransitionTime: + type: string + lastUpdateTime: + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + nullable: true + type: array + observedGeneration: + type: integer + restoreCompletionTs: + type: string + summary: + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-backup/rancher-backup-crd/1.0.301/Chart.yaml b/released/charts/rancher-backup/rancher-backup-crd/1.0.301/Chart.yaml new file mode 100755 index 000000000..a05487e1f --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup-crd/1.0.301/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-resources-system + catalog.cattle.io/release-name: rancher-backup-crd +apiVersion: v1 +description: Installs the CRDs for rancher-backup. +name: rancher-backup-crd +type: application +version: 1.0.301 diff --git a/released/charts/rancher-backup/rancher-backup-crd/1.0.301/README.md b/released/charts/rancher-backup/rancher-backup-crd/1.0.301/README.md new file mode 100755 index 000000000..b8bbba6fd --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup-crd/1.0.301/README.md @@ -0,0 +1,2 @@ +# rancher-backup-crd +A Rancher chart that installs the CRDs used by rancher-backup. diff --git a/released/charts/rancher-backup/rancher-backup-crd/1.0.301/templates/backup.yaml b/released/charts/rancher-backup/rancher-backup-crd/1.0.301/templates/backup.yaml new file mode 100755 index 000000000..a4b9471c0 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup-crd/1.0.301/templates/backup.yaml @@ -0,0 +1,119 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: backups.resources.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .status.storageLocation + name: Location + type: string + - JSONPath: .status.backupType + name: Type + type: string + - JSONPath: .status.filename + name: Latest-Backup + type: string + - JSONPath: .spec.resourceSetName + name: ResourceSet + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + group: resources.cattle.io + names: + kind: Backup + plural: backups + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + encryptionConfigSecretName: + description: Name of the Secret containing the encryption config + type: string + resourceSetName: + description: Name of the ResourceSet CR to use for backup + type: string + retentionCount: + minimum: 1 + type: integer + schedule: + description: Cron schedule for recurring backups + example: + Descriptors: '@midnight' + Standard crontab specs: 0 0 * * * + type: string + storageLocation: + nullable: true + properties: + s3: + nullable: true + properties: + bucketName: + type: string + credentialSecretName: + type: string + credentialSecretNamespace: + type: string + endpoint: + type: string + endpointCA: + type: string + folder: + type: string + insecureTLSSkipVerify: + type: boolean + region: + type: string + type: object + type: object + required: + - resourceSetName + type: object + status: + properties: + backupType: + type: string + conditions: + items: + properties: + lastTransitionTime: + type: string + lastUpdateTime: + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + nullable: true + type: array + filename: + type: string + lastSnapshotTs: + type: string + nextSnapshotAt: + type: string + observedGeneration: + type: integer + storageLocation: + type: string + summary: + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-backup/rancher-backup-crd/1.0.301/templates/resourceset.yaml b/released/charts/rancher-backup/rancher-backup-crd/1.0.301/templates/resourceset.yaml new file mode 100755 index 000000000..665ef786d --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup-crd/1.0.301/templates/resourceset.yaml @@ -0,0 +1,94 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: resourcesets.resources.cattle.io +spec: + group: resources.cattle.io + names: + kind: ResourceSet + plural: resourcesets + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + controllerReferences: + items: + properties: + apiVersion: + type: string + name: + type: string + namespace: + type: string + replicas: + type: integer + resource: + type: string + type: object + nullable: true + type: array + resourceSelectors: + items: + properties: + apiVersion: + type: string + kinds: + items: + type: string + nullable: true + type: array + kindsRegexp: + type: string + labelSelectors: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + type: string + nullable: true + type: object + type: object + namespaceRegexp: + type: string + namespaces: + items: + type: string + nullable: true + type: array + resourceNameRegexp: + type: string + resourceNames: + items: + type: string + nullable: true + type: array + type: object + nullable: true + required: + - apiVersion + type: array + required: + - resourceSelectors + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-backup/rancher-backup-crd/1.0.301/templates/restore.yaml b/released/charts/rancher-backup/rancher-backup-crd/1.0.301/templates/restore.yaml new file mode 100755 index 000000000..1ad7d1721 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup-crd/1.0.301/templates/restore.yaml @@ -0,0 +1,102 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: restores.resources.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .status.backupSource + name: Backup-Source + type: string + - JSONPath: .spec.backupFilename + name: Backup-File + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + group: resources.cattle.io + names: + kind: Restore + plural: restores + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + backupFilename: + type: string + deleteTimeoutSeconds: + maximum: 10 + type: integer + encryptionConfigSecretName: + type: string + prune: + nullable: true + type: boolean + storageLocation: + nullable: true + properties: + s3: + nullable: true + properties: + bucketName: + type: string + credentialSecretName: + type: string + credentialSecretNamespace: + type: string + endpoint: + type: string + endpointCA: + type: string + folder: + type: string + insecureTLSSkipVerify: + type: boolean + region: + type: string + type: object + type: object + required: + - backupFilename + type: object + status: + properties: + backupSource: + type: string + conditions: + items: + properties: + lastTransitionTime: + type: string + lastUpdateTime: + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + nullable: true + type: array + observedGeneration: + type: integer + restoreCompletionTs: + type: string + summary: + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-backup/rancher-backup/1.0.200/Chart.yaml b/released/charts/rancher-backup/rancher-backup/1.0.200/Chart.yaml new file mode 100644 index 000000000..714ad0b16 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.200/Chart.yaml @@ -0,0 +1,19 @@ +annotations: + catalog.cattle.io/auto-install: rancher-backup-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/namespace: cattle-resources-system + catalog.cattle.io/provides-gvr: resources.cattle.io.resourceset/v1 + catalog.cattle.io/release-name: rancher-backup + catalog.cattle.io/scope: management + catalog.cattle.io/ui-component: rancher-backup + catalog.cattle.io/os: linux +apiVersion: v1 +appVersion: v1.0.2 +description: Provides ability to back up and restore the Rancher application running + on any Kubernetes cluster +icon: https://charts.rancher.io/assets/logos/backup-restore.svg +keywords: +- applications +- infrastructure +name: rancher-backup +version: 1.0.200 diff --git a/released/charts/rancher-backup/rancher-backup/1.0.200/README.md b/released/charts/rancher-backup/rancher-backup/1.0.200/README.md new file mode 100644 index 000000000..feb526977 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.200/README.md @@ -0,0 +1,69 @@ +# Rancher Backup + +This chart provides ability to back up and restore the Rancher application running on any Kubernetes cluster. + +Refer [this](https://github.com/rancher/backup-restore-operator) repository for implementation details. + +----- + +### Get Repo Info +``` +helm repo add rancher-chart https://charts.rancher.io +helm repo update +``` + +----- + +### Install Chart +``` +helm install rancher-backup-crd rancher-chart/rancher-backup-crd -n cattle-resources-system --create-namespace +helm install rancher-backup rancher-chart/rancher-backup -n cattle-resources-system +``` + +----- + +### Configuration +The following table lists the configurable parameters of the rancher-backup chart and their default values: + +| Parameter | Description | Default | +|----------|---------------|-------| +| image.repository | Container image repository | rancher/backup-restore-operator | +| image.tag | Container image tag | v0.1.0-rc1 | +| s3.enabled | Configure S3 compatible default storage location. Current version supports S3 and MinIO | false | +| s3.credentialSecretName | Name of the Secret containing S3 credentials. This is an optional field. Skip this field in order to use IAM Role authentication. The Secret must contain following two keys, `accessKey` and `secretKey` | "" | +| s3.credentialSecretNamespace | Namespace of the Secret containing S3 credentials | "" | +| s3.region | Region of the S3 Bucket (Required for S3, not valid for MinIO) | "" | +| s3.bucketName | Name of the Bucket | "" | +| s3.folder | Base folder within the Bucket (optional) | "" | +| s3.endpoint | Endpoint for the S3 storage provider | "" | +| s3.endpointCA | Base64 encoded CA cert for the S3 storage provider (optional) | "" | +| s3.insecureTLSSkipVerify | Skip SSL verification | false | +| persistence.enabled | Configure a Persistent Volume as the default storage location. It accepts either a StorageClass name to create a PVC, or directly accepts the PV to use. The Persistent Volume is mounted at `/var/lib/backups` in the operator pod | false | +| persistence.storageClass | StorageClass to use for dynamically provisioning the Persistent Volume, which will be used for storing backups | "" | +| persistence.volumeName | Persistent Volume to use for storing backups | "" | +| persistence.size | Requested size of the Persistent Volume (Applicable when using dynamic provisioning) | "" | +| nodeSelector | https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | {} | +| tolerations | https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration | [] | +| affinity | https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity | {} | + +----- + +### CRDs + +Refer [this](https://github.com/rancher/backup-restore-operator#crds) section for information on CRDs that this chart installs. Also refer [this](https://github.com/rancher/backup-restore-operator/tree/master/examples) folder containing sample manifests for the CRDs. + +----- +### Upgrading Chart +``` +helm upgrade rancher-backup-crd -n cattle-resources-system +helm upgrade rancher-backup -n cattle-resources-system +``` + +----- +### Uninstall Chart + +``` +helm uninstall rancher-backup -n cattle-resources-system +helm uninstall rancher-backup-crd -n cattle-resources-system +``` + diff --git a/released/charts/rancher-backup/rancher-backup/1.0.200/templates/_helpers.tpl b/released/charts/rancher-backup/rancher-backup/1.0.200/templates/_helpers.tpl new file mode 100644 index 000000000..411cfc63a --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.200/templates/_helpers.tpl @@ -0,0 +1,76 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "backupRestore.fullname" -}} +{{- .Chart.Name | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "backupRestore.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "backupRestore.labels" -}} +helm.sh/chart: {{ include "backupRestore.chart" . }} +{{ include "backupRestore.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "backupRestore.selectorLabels" -}} +app.kubernetes.io/name: {{ include "backupRestore.fullname" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +resources.cattle.io/operator: backup-restore +{{- end }} + + +{{/* +Create the name of the service account to use +*/}} +{{- define "backupRestore.serviceAccountName" -}} +{{ include "backupRestore.fullname" . }} +{{- end }} + + +{{- define "backupRestore.s3SecretName" -}} +{{- printf "%s-%s" .Chart.Name "s3" | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create PVC name using release and revision number. +*/}} +{{- define "backupRestore.pvcName" -}} +{{- printf "%s-%d" .Release.Name .Release.Revision }} +{{- end }} + diff --git a/released/charts/rancher-backup/rancher-backup/1.0.200/templates/clusterrolebinding.yaml b/released/charts/rancher-backup/rancher-backup/1.0.200/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..cf4abf670 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.200/templates/clusterrolebinding.yaml @@ -0,0 +1,14 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "backupRestore.fullname" . }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ include "backupRestore.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io diff --git a/released/charts/rancher-backup/rancher-backup/1.0.200/templates/deployment.yaml b/released/charts/rancher-backup/rancher-backup/1.0.200/templates/deployment.yaml new file mode 100644 index 000000000..776351ae5 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.200/templates/deployment.yaml @@ -0,0 +1,59 @@ +{{- if and .Values.s3.enabled .Values.persistence.enabled }} +{{- fail "\n\nCannot configure both s3 and PV for storing backups" }} +{{- end }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "backupRestore.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "backupRestore.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "backupRestore.selectorLabels" . | nindent 8 }} + annotations: + checksum/s3: {{ include (print $.Template.BasePath "/s3-secret.yaml") . | sha256sum }} + checksum/pvc: {{ include (print $.Template.BasePath "/pvc.yaml") . | sha256sum }} + spec: + serviceAccountName: {{ include "backupRestore.serviceAccountName" . }} + containers: + - name: {{ .Chart.Name }} + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: Always + env: + - name: CHART_NAMESPACE + value: {{ .Release.Namespace }} + {{- if .Values.s3.enabled }} + - name: DEFAULT_S3_BACKUP_STORAGE_LOCATION + value: {{ include "backupRestore.s3SecretName" . }} + {{- end }} + {{- if .Values.persistence.enabled }} + - name: DEFAULT_PERSISTENCE_ENABLED + value: "persistence-enabled" + volumeMounts: + - mountPath: "/var/lib/backups" + name: pv-storage + volumes: + - name: pv-storage + persistentVolumeClaim: + claimName: {{ include "backupRestore.pvcName" . }} + {{- end }} + nodeSelector: + kubernetes.io/os: linux + {{- with .Values.nodeSelector }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + tolerations: + {{- include "linux-node-tolerations" . | nindent 8}} + {{- with .Values.tolerations }} + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.200/templates/pvc.yaml b/released/charts/rancher-backup/rancher-backup/1.0.200/templates/pvc.yaml new file mode 100644 index 000000000..ff57e4dab --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.200/templates/pvc.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.persistence.enabled -}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "backupRestore.pvcName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +spec: + accessModes: + - ReadWriteOnce + resources: + {{- with .Values.persistence }} + requests: + storage: {{ .size | quote }} +{{- if .storageClass }} +{{- if (eq "-" .storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: {{ .storageClass | quote }} +{{- end }} +{{- end }} +{{- if .volumeName }} + volumeName: {{ .volumeName | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.200/templates/rancher-resourceset.yaml b/released/charts/rancher-backup/rancher-backup/1.0.200/templates/rancher-resourceset.yaml new file mode 100644 index 000000000..c04d9901c --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.200/templates/rancher-resourceset.yaml @@ -0,0 +1,62 @@ +apiVersion: resources.cattle.io/v1 +kind: ResourceSet +metadata: + name: rancher-resource-set +resourceSelectors: + - apiVersion: "v1" + kindsRegexp: "^namespaces$" + resourceNameRegexp: "^cattle-|^p-|^c-|^user-|^u-" + resourceNames: + - "local" + - apiVersion: "v1" + kindsRegexp: "^secrets$" + namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-" + labelSelectors: + matchExpressions: + - key: "owner" + operator: "NotIn" + values: ["helm"] + - apiVersion: "v1" + kindsRegexp: "^serviceaccounts$" + namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-" + - apiVersion: "v1" + kindsRegexp: "^configmaps$" + namespaces: + - "cattle-system" + - apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^roles$|^rolebindings$" + namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-" + - apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterrolebindings$" + resourceNameRegexp: "^cattle-|^clusterrolebinding-|^globaladmin-user-|^grb-u-" + resourceNames: + - "eks-operator" + - apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterroles$" + resourceNameRegexp: "^cattle-|^p-|^c-|^local-|^user-|^u-|^project-|^create-ns$" + resourceNames: + - "eks-operator" + - apiVersion: "apiextensions.k8s.io/v1beta1" + kindsRegexp: "." + resourceNameRegexp: "management.cattle.io$|project.cattle.io$|catalog.cattle.io$|eks.cattle.io$|resources.cattle.io$" + - apiVersion: "management.cattle.io/v3" + kindsRegexp: "." + - apiVersion: "project.cattle.io/v3" + kindsRegexp: "." + - apiVersion: "catalog.cattle.io/v1" + kindsRegexp: "^clusterrepos$" + - apiVersion: "resources.cattle.io/v1" + kindsRegexp: "^ResourceSet$" + - apiVersion: "eks.cattle.io/v1" + kindsRegexp: "." + - apiVersion: "apps/v1" + kindsRegexp: "^deployments$" + resourceNames: + - "eks-config-operator" + namespaces: + - "cattle-system" +controllerReferences: + - apiVersion: "apps/v1" + resource: "deployments" + name: "rancher" + namespace: "cattle-system" diff --git a/released/charts/rancher-backup/rancher-backup/1.0.200/templates/s3-secret.yaml b/released/charts/rancher-backup/rancher-backup/1.0.200/templates/s3-secret.yaml new file mode 100644 index 000000000..0401b554b --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.200/templates/s3-secret.yaml @@ -0,0 +1,31 @@ +{{- if .Values.s3.enabled -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "backupRestore.s3SecretName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +type: Opaque +stringData: + {{- with .Values.s3 }} + {{- if .credentialSecretName }} + credentialSecretName: {{ .credentialSecretName }} + credentialSecretNamespace: {{ required "When providing a Secret containing S3 credentials, a valid .Values.credentialSecretNamespace must be provided" .credentialSecretNamespace }} + {{- end }} + {{- if .region }} + region: {{ .region }} + {{- end }} + bucketName: {{ required "A valid .Values.bucketName is required for configuring S3 compatible storage as the default backup storage location" .bucketName }} + {{- if .folder }} + folder: {{ .folder }} + {{- end }} + endpoint: {{ required "A valid .Values.endpoint is required for configuring S3 compatible storage as the default backup storage location" .endpoint }} + {{- if .endpointCA }} + endpointCA: {{ .endpointCA }} + {{- end }} + {{- if .insecureTLSSkipVerify }} + insecureTLSSkipVerify: {{ .insecureTLSSkipVerify }} + {{- end }} + {{- end }} +{{ end }} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.200/templates/serviceaccount.yaml b/released/charts/rancher-backup/rancher-backup/1.0.200/templates/serviceaccount.yaml new file mode 100644 index 000000000..f333b746c --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.200/templates/serviceaccount.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "backupRestore.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.200/templates/validate-install-crd.yaml b/released/charts/rancher-backup/rancher-backup/1.0.200/templates/validate-install-crd.yaml new file mode 100644 index 000000000..8f04e51e8 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.200/templates/validate-install-crd.yaml @@ -0,0 +1,16 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "resources.cattle.io/v1/Backup" false -}} +# {{- set $found "resources.cattle.io/v1/ResourceSet" false -}} +# {{- set $found "resources.cattle.io/v1/Restore" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the rancher-backup-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.200/values.yaml b/released/charts/rancher-backup/rancher-backup/1.0.200/values.yaml new file mode 100644 index 000000000..dafb30b76 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.200/values.yaml @@ -0,0 +1,49 @@ +image: + repository: rancher/backup-restore-operator + tag: v1.0.2 + +## Default s3 bucket for storing all backup files created by the backup-restore-operator +s3: + enabled: false + ## credentialSecretName if set, should be the name of the Secret containing AWS credentials. + ## To use IAM Role, don't set this field + credentialSecretName: "" + credentialSecretNamespace: "" + region: "" + bucketName: "" + folder: "" + endpoint: "" + endpointCA: "" + insecureTLSSkipVerify: false + +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## If persistence is enabled, operator will create a PVC with mountPath /var/lib/backups +persistence: + enabled: false + + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack). + ## Refer https://kubernetes.io/docs/concepts/storage/persistent-volumes/#class-1 + ## + storageClass: "-" + + ## If you want to disable dynamic provisioning by setting storageClass to "-" above, + ## and want to target a particular PV, provide name of the target volume + volumeName: "" + + ## Only certain StorageClasses allow resizing PVs; Refer https://kubernetes.io/blog/2018/07/12/resizing-persistent-volumes-using-kubernetes/ + size: 2Gi + + +global: + cattle: + systemDefaultRegistry: "" + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.201/Chart.yaml b/released/charts/rancher-backup/rancher-backup/1.0.201/Chart.yaml new file mode 100644 index 000000000..c646351b1 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.201/Chart.yaml @@ -0,0 +1,20 @@ +annotations: + catalog.cattle.io/auto-install: rancher-backup-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Rancher Backups + catalog.cattle.io/namespace: cattle-resources-system + catalog.cattle.io/provides-gvr: resources.cattle.io.resourceset/v1 + catalog.cattle.io/release-name: rancher-backup + catalog.cattle.io/scope: management + catalog.cattle.io/ui-component: rancher-backup + catalog.cattle.io/os: linux +apiVersion: v1 +appVersion: v1.0.2 +description: Provides ability to back up and restore the Rancher application running + on any Kubernetes cluster +icon: https://charts.rancher.io/assets/logos/backup-restore.svg +keywords: +- applications +- infrastructure +name: rancher-backup +version: 1.0.201 diff --git a/released/charts/rancher-backup/rancher-backup/1.0.201/README.md b/released/charts/rancher-backup/rancher-backup/1.0.201/README.md new file mode 100644 index 000000000..feb526977 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.201/README.md @@ -0,0 +1,69 @@ +# Rancher Backup + +This chart provides ability to back up and restore the Rancher application running on any Kubernetes cluster. + +Refer [this](https://github.com/rancher/backup-restore-operator) repository for implementation details. + +----- + +### Get Repo Info +``` +helm repo add rancher-chart https://charts.rancher.io +helm repo update +``` + +----- + +### Install Chart +``` +helm install rancher-backup-crd rancher-chart/rancher-backup-crd -n cattle-resources-system --create-namespace +helm install rancher-backup rancher-chart/rancher-backup -n cattle-resources-system +``` + +----- + +### Configuration +The following table lists the configurable parameters of the rancher-backup chart and their default values: + +| Parameter | Description | Default | +|----------|---------------|-------| +| image.repository | Container image repository | rancher/backup-restore-operator | +| image.tag | Container image tag | v0.1.0-rc1 | +| s3.enabled | Configure S3 compatible default storage location. Current version supports S3 and MinIO | false | +| s3.credentialSecretName | Name of the Secret containing S3 credentials. This is an optional field. Skip this field in order to use IAM Role authentication. The Secret must contain following two keys, `accessKey` and `secretKey` | "" | +| s3.credentialSecretNamespace | Namespace of the Secret containing S3 credentials | "" | +| s3.region | Region of the S3 Bucket (Required for S3, not valid for MinIO) | "" | +| s3.bucketName | Name of the Bucket | "" | +| s3.folder | Base folder within the Bucket (optional) | "" | +| s3.endpoint | Endpoint for the S3 storage provider | "" | +| s3.endpointCA | Base64 encoded CA cert for the S3 storage provider (optional) | "" | +| s3.insecureTLSSkipVerify | Skip SSL verification | false | +| persistence.enabled | Configure a Persistent Volume as the default storage location. It accepts either a StorageClass name to create a PVC, or directly accepts the PV to use. The Persistent Volume is mounted at `/var/lib/backups` in the operator pod | false | +| persistence.storageClass | StorageClass to use for dynamically provisioning the Persistent Volume, which will be used for storing backups | "" | +| persistence.volumeName | Persistent Volume to use for storing backups | "" | +| persistence.size | Requested size of the Persistent Volume (Applicable when using dynamic provisioning) | "" | +| nodeSelector | https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | {} | +| tolerations | https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration | [] | +| affinity | https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity | {} | + +----- + +### CRDs + +Refer [this](https://github.com/rancher/backup-restore-operator#crds) section for information on CRDs that this chart installs. Also refer [this](https://github.com/rancher/backup-restore-operator/tree/master/examples) folder containing sample manifests for the CRDs. + +----- +### Upgrading Chart +``` +helm upgrade rancher-backup-crd -n cattle-resources-system +helm upgrade rancher-backup -n cattle-resources-system +``` + +----- +### Uninstall Chart + +``` +helm uninstall rancher-backup -n cattle-resources-system +helm uninstall rancher-backup-crd -n cattle-resources-system +``` + diff --git a/released/charts/rancher-backup/rancher-backup/1.0.201/app-readme.md b/released/charts/rancher-backup/rancher-backup/1.0.201/app-readme.md new file mode 100644 index 000000000..15a021cdb --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.201/app-readme.md @@ -0,0 +1,15 @@ +# Rancher Backup + +This chart enables ability to capture backups of the Rancher application and restore from these backups. This chart can be used to migrate Rancher from one Kubernetes cluster to a different Kubernetes cluster. + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/backups/v2.5/). + +This chart installs the following components: + +- [backup-restore-operator](https://github.com/rancher/backup-restore-operator) + - The operator handles backing up all Kubernetes resources and CRDs that Rancher creates and manages from the local cluster. It gathers these resources by querying the Kubernetes API server, packages all the resources to create a tarball file and saves it in the configured backup storage location. + - The operator can be configured to store backups in S3-compatible object stores such as AWS S3 and MinIO, and in persistent volumes. During deployment, you can create a default storage location, but there is always the option to override the default storage location with each backup, but will be limited to using an S3-compatible object store. + - It preserves the ownerReferences on all resources, hence maintaining dependencies between objects. + - This operator provides encryption support, to encrypt user specified resources before saving them in the backup file. It uses the same encryption configuration that is used to enable [Kubernetes Encryption at Rest](https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/). +- Backup - A backup is a CRD (`Backup`) that defines when to take backups, where to store the backup and what encryption to use (optional). Backups can be taken ad hoc or scheduled to be taken in intervals. +- Restore - A restore is a CRD (`Restore`) that defines which backup to use to restore the Rancher application to. diff --git a/released/charts/rancher-backup/rancher-backup/1.0.201/templates/_helpers.tpl b/released/charts/rancher-backup/rancher-backup/1.0.201/templates/_helpers.tpl new file mode 100644 index 000000000..411cfc63a --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.201/templates/_helpers.tpl @@ -0,0 +1,76 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "backupRestore.fullname" -}} +{{- .Chart.Name | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "backupRestore.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "backupRestore.labels" -}} +helm.sh/chart: {{ include "backupRestore.chart" . }} +{{ include "backupRestore.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "backupRestore.selectorLabels" -}} +app.kubernetes.io/name: {{ include "backupRestore.fullname" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +resources.cattle.io/operator: backup-restore +{{- end }} + + +{{/* +Create the name of the service account to use +*/}} +{{- define "backupRestore.serviceAccountName" -}} +{{ include "backupRestore.fullname" . }} +{{- end }} + + +{{- define "backupRestore.s3SecretName" -}} +{{- printf "%s-%s" .Chart.Name "s3" | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create PVC name using release and revision number. +*/}} +{{- define "backupRestore.pvcName" -}} +{{- printf "%s-%d" .Release.Name .Release.Revision }} +{{- end }} + diff --git a/released/charts/rancher-backup/rancher-backup/1.0.201/templates/clusterrolebinding.yaml b/released/charts/rancher-backup/rancher-backup/1.0.201/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..cf4abf670 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.201/templates/clusterrolebinding.yaml @@ -0,0 +1,14 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "backupRestore.fullname" . }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ include "backupRestore.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io diff --git a/released/charts/rancher-backup/rancher-backup/1.0.201/templates/deployment.yaml b/released/charts/rancher-backup/rancher-backup/1.0.201/templates/deployment.yaml new file mode 100644 index 000000000..776351ae5 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.201/templates/deployment.yaml @@ -0,0 +1,59 @@ +{{- if and .Values.s3.enabled .Values.persistence.enabled }} +{{- fail "\n\nCannot configure both s3 and PV for storing backups" }} +{{- end }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "backupRestore.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "backupRestore.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "backupRestore.selectorLabels" . | nindent 8 }} + annotations: + checksum/s3: {{ include (print $.Template.BasePath "/s3-secret.yaml") . | sha256sum }} + checksum/pvc: {{ include (print $.Template.BasePath "/pvc.yaml") . | sha256sum }} + spec: + serviceAccountName: {{ include "backupRestore.serviceAccountName" . }} + containers: + - name: {{ .Chart.Name }} + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: Always + env: + - name: CHART_NAMESPACE + value: {{ .Release.Namespace }} + {{- if .Values.s3.enabled }} + - name: DEFAULT_S3_BACKUP_STORAGE_LOCATION + value: {{ include "backupRestore.s3SecretName" . }} + {{- end }} + {{- if .Values.persistence.enabled }} + - name: DEFAULT_PERSISTENCE_ENABLED + value: "persistence-enabled" + volumeMounts: + - mountPath: "/var/lib/backups" + name: pv-storage + volumes: + - name: pv-storage + persistentVolumeClaim: + claimName: {{ include "backupRestore.pvcName" . }} + {{- end }} + nodeSelector: + kubernetes.io/os: linux + {{- with .Values.nodeSelector }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + tolerations: + {{- include "linux-node-tolerations" . | nindent 8}} + {{- with .Values.tolerations }} + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.201/templates/pvc.yaml b/released/charts/rancher-backup/rancher-backup/1.0.201/templates/pvc.yaml new file mode 100644 index 000000000..ff57e4dab --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.201/templates/pvc.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.persistence.enabled -}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "backupRestore.pvcName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +spec: + accessModes: + - ReadWriteOnce + resources: + {{- with .Values.persistence }} + requests: + storage: {{ .size | quote }} +{{- if .storageClass }} +{{- if (eq "-" .storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: {{ .storageClass | quote }} +{{- end }} +{{- end }} +{{- if .volumeName }} + volumeName: {{ .volumeName | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.201/templates/rancher-resourceset.yaml b/released/charts/rancher-backup/rancher-backup/1.0.201/templates/rancher-resourceset.yaml new file mode 100644 index 000000000..c04d9901c --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.201/templates/rancher-resourceset.yaml @@ -0,0 +1,62 @@ +apiVersion: resources.cattle.io/v1 +kind: ResourceSet +metadata: + name: rancher-resource-set +resourceSelectors: + - apiVersion: "v1" + kindsRegexp: "^namespaces$" + resourceNameRegexp: "^cattle-|^p-|^c-|^user-|^u-" + resourceNames: + - "local" + - apiVersion: "v1" + kindsRegexp: "^secrets$" + namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-" + labelSelectors: + matchExpressions: + - key: "owner" + operator: "NotIn" + values: ["helm"] + - apiVersion: "v1" + kindsRegexp: "^serviceaccounts$" + namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-" + - apiVersion: "v1" + kindsRegexp: "^configmaps$" + namespaces: + - "cattle-system" + - apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^roles$|^rolebindings$" + namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-" + - apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterrolebindings$" + resourceNameRegexp: "^cattle-|^clusterrolebinding-|^globaladmin-user-|^grb-u-" + resourceNames: + - "eks-operator" + - apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterroles$" + resourceNameRegexp: "^cattle-|^p-|^c-|^local-|^user-|^u-|^project-|^create-ns$" + resourceNames: + - "eks-operator" + - apiVersion: "apiextensions.k8s.io/v1beta1" + kindsRegexp: "." + resourceNameRegexp: "management.cattle.io$|project.cattle.io$|catalog.cattle.io$|eks.cattle.io$|resources.cattle.io$" + - apiVersion: "management.cattle.io/v3" + kindsRegexp: "." + - apiVersion: "project.cattle.io/v3" + kindsRegexp: "." + - apiVersion: "catalog.cattle.io/v1" + kindsRegexp: "^clusterrepos$" + - apiVersion: "resources.cattle.io/v1" + kindsRegexp: "^ResourceSet$" + - apiVersion: "eks.cattle.io/v1" + kindsRegexp: "." + - apiVersion: "apps/v1" + kindsRegexp: "^deployments$" + resourceNames: + - "eks-config-operator" + namespaces: + - "cattle-system" +controllerReferences: + - apiVersion: "apps/v1" + resource: "deployments" + name: "rancher" + namespace: "cattle-system" diff --git a/released/charts/rancher-backup/rancher-backup/1.0.201/templates/s3-secret.yaml b/released/charts/rancher-backup/rancher-backup/1.0.201/templates/s3-secret.yaml new file mode 100644 index 000000000..0401b554b --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.201/templates/s3-secret.yaml @@ -0,0 +1,31 @@ +{{- if .Values.s3.enabled -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "backupRestore.s3SecretName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +type: Opaque +stringData: + {{- with .Values.s3 }} + {{- if .credentialSecretName }} + credentialSecretName: {{ .credentialSecretName }} + credentialSecretNamespace: {{ required "When providing a Secret containing S3 credentials, a valid .Values.credentialSecretNamespace must be provided" .credentialSecretNamespace }} + {{- end }} + {{- if .region }} + region: {{ .region }} + {{- end }} + bucketName: {{ required "A valid .Values.bucketName is required for configuring S3 compatible storage as the default backup storage location" .bucketName }} + {{- if .folder }} + folder: {{ .folder }} + {{- end }} + endpoint: {{ required "A valid .Values.endpoint is required for configuring S3 compatible storage as the default backup storage location" .endpoint }} + {{- if .endpointCA }} + endpointCA: {{ .endpointCA }} + {{- end }} + {{- if .insecureTLSSkipVerify }} + insecureTLSSkipVerify: {{ .insecureTLSSkipVerify }} + {{- end }} + {{- end }} +{{ end }} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.201/templates/serviceaccount.yaml b/released/charts/rancher-backup/rancher-backup/1.0.201/templates/serviceaccount.yaml new file mode 100644 index 000000000..f333b746c --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.201/templates/serviceaccount.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "backupRestore.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.201/templates/validate-install-crd.yaml b/released/charts/rancher-backup/rancher-backup/1.0.201/templates/validate-install-crd.yaml new file mode 100644 index 000000000..8f04e51e8 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.201/templates/validate-install-crd.yaml @@ -0,0 +1,16 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "resources.cattle.io/v1/Backup" false -}} +# {{- set $found "resources.cattle.io/v1/ResourceSet" false -}} +# {{- set $found "resources.cattle.io/v1/Restore" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the rancher-backup-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.201/values.yaml b/released/charts/rancher-backup/rancher-backup/1.0.201/values.yaml new file mode 100644 index 000000000..dafb30b76 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.201/values.yaml @@ -0,0 +1,49 @@ +image: + repository: rancher/backup-restore-operator + tag: v1.0.2 + +## Default s3 bucket for storing all backup files created by the backup-restore-operator +s3: + enabled: false + ## credentialSecretName if set, should be the name of the Secret containing AWS credentials. + ## To use IAM Role, don't set this field + credentialSecretName: "" + credentialSecretNamespace: "" + region: "" + bucketName: "" + folder: "" + endpoint: "" + endpointCA: "" + insecureTLSSkipVerify: false + +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## If persistence is enabled, operator will create a PVC with mountPath /var/lib/backups +persistence: + enabled: false + + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack). + ## Refer https://kubernetes.io/docs/concepts/storage/persistent-volumes/#class-1 + ## + storageClass: "-" + + ## If you want to disable dynamic provisioning by setting storageClass to "-" above, + ## and want to target a particular PV, provide name of the target volume + volumeName: "" + + ## Only certain StorageClasses allow resizing PVs; Refer https://kubernetes.io/blog/2018/07/12/resizing-persistent-volumes-using-kubernetes/ + size: 2Gi + + +global: + cattle: + systemDefaultRegistry: "" + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.300/Chart.yaml b/released/charts/rancher-backup/rancher-backup/1.0.300/Chart.yaml new file mode 100644 index 000000000..404b29b06 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.300/Chart.yaml @@ -0,0 +1,20 @@ +annotations: + catalog.cattle.io/auto-install: rancher-backup-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Rancher Backups + catalog.cattle.io/namespace: cattle-resources-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: resources.cattle.io.resourceset/v1 + catalog.cattle.io/release-name: rancher-backup + catalog.cattle.io/scope: management + catalog.cattle.io/ui-component: rancher-backup +apiVersion: v1 +appVersion: v1.0.3 +description: Provides ability to back up and restore the Rancher application running + on any Kubernetes cluster +icon: https://charts.rancher.io/assets/logos/backup-restore.svg +keywords: +- applications +- infrastructure +name: rancher-backup +version: 1.0.300 diff --git a/released/charts/rancher-backup/rancher-backup/1.0.300/README.md b/released/charts/rancher-backup/rancher-backup/1.0.300/README.md new file mode 100644 index 000000000..feb526977 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.300/README.md @@ -0,0 +1,69 @@ +# Rancher Backup + +This chart provides ability to back up and restore the Rancher application running on any Kubernetes cluster. + +Refer [this](https://github.com/rancher/backup-restore-operator) repository for implementation details. + +----- + +### Get Repo Info +``` +helm repo add rancher-chart https://charts.rancher.io +helm repo update +``` + +----- + +### Install Chart +``` +helm install rancher-backup-crd rancher-chart/rancher-backup-crd -n cattle-resources-system --create-namespace +helm install rancher-backup rancher-chart/rancher-backup -n cattle-resources-system +``` + +----- + +### Configuration +The following table lists the configurable parameters of the rancher-backup chart and their default values: + +| Parameter | Description | Default | +|----------|---------------|-------| +| image.repository | Container image repository | rancher/backup-restore-operator | +| image.tag | Container image tag | v0.1.0-rc1 | +| s3.enabled | Configure S3 compatible default storage location. Current version supports S3 and MinIO | false | +| s3.credentialSecretName | Name of the Secret containing S3 credentials. This is an optional field. Skip this field in order to use IAM Role authentication. The Secret must contain following two keys, `accessKey` and `secretKey` | "" | +| s3.credentialSecretNamespace | Namespace of the Secret containing S3 credentials | "" | +| s3.region | Region of the S3 Bucket (Required for S3, not valid for MinIO) | "" | +| s3.bucketName | Name of the Bucket | "" | +| s3.folder | Base folder within the Bucket (optional) | "" | +| s3.endpoint | Endpoint for the S3 storage provider | "" | +| s3.endpointCA | Base64 encoded CA cert for the S3 storage provider (optional) | "" | +| s3.insecureTLSSkipVerify | Skip SSL verification | false | +| persistence.enabled | Configure a Persistent Volume as the default storage location. It accepts either a StorageClass name to create a PVC, or directly accepts the PV to use. The Persistent Volume is mounted at `/var/lib/backups` in the operator pod | false | +| persistence.storageClass | StorageClass to use for dynamically provisioning the Persistent Volume, which will be used for storing backups | "" | +| persistence.volumeName | Persistent Volume to use for storing backups | "" | +| persistence.size | Requested size of the Persistent Volume (Applicable when using dynamic provisioning) | "" | +| nodeSelector | https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | {} | +| tolerations | https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration | [] | +| affinity | https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity | {} | + +----- + +### CRDs + +Refer [this](https://github.com/rancher/backup-restore-operator#crds) section for information on CRDs that this chart installs. Also refer [this](https://github.com/rancher/backup-restore-operator/tree/master/examples) folder containing sample manifests for the CRDs. + +----- +### Upgrading Chart +``` +helm upgrade rancher-backup-crd -n cattle-resources-system +helm upgrade rancher-backup -n cattle-resources-system +``` + +----- +### Uninstall Chart + +``` +helm uninstall rancher-backup -n cattle-resources-system +helm uninstall rancher-backup-crd -n cattle-resources-system +``` + diff --git a/released/charts/rancher-backup/rancher-backup/1.0.300/app-readme.md b/released/charts/rancher-backup/rancher-backup/1.0.300/app-readme.md new file mode 100644 index 000000000..15a021cdb --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.300/app-readme.md @@ -0,0 +1,15 @@ +# Rancher Backup + +This chart enables ability to capture backups of the Rancher application and restore from these backups. This chart can be used to migrate Rancher from one Kubernetes cluster to a different Kubernetes cluster. + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/backups/v2.5/). + +This chart installs the following components: + +- [backup-restore-operator](https://github.com/rancher/backup-restore-operator) + - The operator handles backing up all Kubernetes resources and CRDs that Rancher creates and manages from the local cluster. It gathers these resources by querying the Kubernetes API server, packages all the resources to create a tarball file and saves it in the configured backup storage location. + - The operator can be configured to store backups in S3-compatible object stores such as AWS S3 and MinIO, and in persistent volumes. During deployment, you can create a default storage location, but there is always the option to override the default storage location with each backup, but will be limited to using an S3-compatible object store. + - It preserves the ownerReferences on all resources, hence maintaining dependencies between objects. + - This operator provides encryption support, to encrypt user specified resources before saving them in the backup file. It uses the same encryption configuration that is used to enable [Kubernetes Encryption at Rest](https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/). +- Backup - A backup is a CRD (`Backup`) that defines when to take backups, where to store the backup and what encryption to use (optional). Backups can be taken ad hoc or scheduled to be taken in intervals. +- Restore - A restore is a CRD (`Restore`) that defines which backup to use to restore the Rancher application to. diff --git a/released/charts/rancher-backup/rancher-backup/1.0.300/templates/_helpers.tpl b/released/charts/rancher-backup/rancher-backup/1.0.300/templates/_helpers.tpl new file mode 100644 index 000000000..411cfc63a --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.300/templates/_helpers.tpl @@ -0,0 +1,76 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "backupRestore.fullname" -}} +{{- .Chart.Name | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "backupRestore.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "backupRestore.labels" -}} +helm.sh/chart: {{ include "backupRestore.chart" . }} +{{ include "backupRestore.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "backupRestore.selectorLabels" -}} +app.kubernetes.io/name: {{ include "backupRestore.fullname" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +resources.cattle.io/operator: backup-restore +{{- end }} + + +{{/* +Create the name of the service account to use +*/}} +{{- define "backupRestore.serviceAccountName" -}} +{{ include "backupRestore.fullname" . }} +{{- end }} + + +{{- define "backupRestore.s3SecretName" -}} +{{- printf "%s-%s" .Chart.Name "s3" | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create PVC name using release and revision number. +*/}} +{{- define "backupRestore.pvcName" -}} +{{- printf "%s-%d" .Release.Name .Release.Revision }} +{{- end }} + diff --git a/released/charts/rancher-backup/rancher-backup/1.0.300/templates/clusterrolebinding.yaml b/released/charts/rancher-backup/rancher-backup/1.0.300/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..cf4abf670 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.300/templates/clusterrolebinding.yaml @@ -0,0 +1,14 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "backupRestore.fullname" . }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ include "backupRestore.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io diff --git a/released/charts/rancher-backup/rancher-backup/1.0.300/templates/deployment.yaml b/released/charts/rancher-backup/rancher-backup/1.0.300/templates/deployment.yaml new file mode 100644 index 000000000..776351ae5 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.300/templates/deployment.yaml @@ -0,0 +1,59 @@ +{{- if and .Values.s3.enabled .Values.persistence.enabled }} +{{- fail "\n\nCannot configure both s3 and PV for storing backups" }} +{{- end }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "backupRestore.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "backupRestore.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "backupRestore.selectorLabels" . | nindent 8 }} + annotations: + checksum/s3: {{ include (print $.Template.BasePath "/s3-secret.yaml") . | sha256sum }} + checksum/pvc: {{ include (print $.Template.BasePath "/pvc.yaml") . | sha256sum }} + spec: + serviceAccountName: {{ include "backupRestore.serviceAccountName" . }} + containers: + - name: {{ .Chart.Name }} + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: Always + env: + - name: CHART_NAMESPACE + value: {{ .Release.Namespace }} + {{- if .Values.s3.enabled }} + - name: DEFAULT_S3_BACKUP_STORAGE_LOCATION + value: {{ include "backupRestore.s3SecretName" . }} + {{- end }} + {{- if .Values.persistence.enabled }} + - name: DEFAULT_PERSISTENCE_ENABLED + value: "persistence-enabled" + volumeMounts: + - mountPath: "/var/lib/backups" + name: pv-storage + volumes: + - name: pv-storage + persistentVolumeClaim: + claimName: {{ include "backupRestore.pvcName" . }} + {{- end }} + nodeSelector: + kubernetes.io/os: linux + {{- with .Values.nodeSelector }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + tolerations: + {{- include "linux-node-tolerations" . | nindent 8}} + {{- with .Values.tolerations }} + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.300/templates/pvc.yaml b/released/charts/rancher-backup/rancher-backup/1.0.300/templates/pvc.yaml new file mode 100644 index 000000000..ff57e4dab --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.300/templates/pvc.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.persistence.enabled -}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "backupRestore.pvcName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +spec: + accessModes: + - ReadWriteOnce + resources: + {{- with .Values.persistence }} + requests: + storage: {{ .size | quote }} +{{- if .storageClass }} +{{- if (eq "-" .storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: {{ .storageClass | quote }} +{{- end }} +{{- end }} +{{- if .volumeName }} + volumeName: {{ .volumeName | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.300/templates/rancher-resourceset.yaml b/released/charts/rancher-backup/rancher-backup/1.0.300/templates/rancher-resourceset.yaml new file mode 100644 index 000000000..c04d9901c --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.300/templates/rancher-resourceset.yaml @@ -0,0 +1,62 @@ +apiVersion: resources.cattle.io/v1 +kind: ResourceSet +metadata: + name: rancher-resource-set +resourceSelectors: + - apiVersion: "v1" + kindsRegexp: "^namespaces$" + resourceNameRegexp: "^cattle-|^p-|^c-|^user-|^u-" + resourceNames: + - "local" + - apiVersion: "v1" + kindsRegexp: "^secrets$" + namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-" + labelSelectors: + matchExpressions: + - key: "owner" + operator: "NotIn" + values: ["helm"] + - apiVersion: "v1" + kindsRegexp: "^serviceaccounts$" + namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-" + - apiVersion: "v1" + kindsRegexp: "^configmaps$" + namespaces: + - "cattle-system" + - apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^roles$|^rolebindings$" + namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-" + - apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterrolebindings$" + resourceNameRegexp: "^cattle-|^clusterrolebinding-|^globaladmin-user-|^grb-u-" + resourceNames: + - "eks-operator" + - apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterroles$" + resourceNameRegexp: "^cattle-|^p-|^c-|^local-|^user-|^u-|^project-|^create-ns$" + resourceNames: + - "eks-operator" + - apiVersion: "apiextensions.k8s.io/v1beta1" + kindsRegexp: "." + resourceNameRegexp: "management.cattle.io$|project.cattle.io$|catalog.cattle.io$|eks.cattle.io$|resources.cattle.io$" + - apiVersion: "management.cattle.io/v3" + kindsRegexp: "." + - apiVersion: "project.cattle.io/v3" + kindsRegexp: "." + - apiVersion: "catalog.cattle.io/v1" + kindsRegexp: "^clusterrepos$" + - apiVersion: "resources.cattle.io/v1" + kindsRegexp: "^ResourceSet$" + - apiVersion: "eks.cattle.io/v1" + kindsRegexp: "." + - apiVersion: "apps/v1" + kindsRegexp: "^deployments$" + resourceNames: + - "eks-config-operator" + namespaces: + - "cattle-system" +controllerReferences: + - apiVersion: "apps/v1" + resource: "deployments" + name: "rancher" + namespace: "cattle-system" diff --git a/released/charts/rancher-backup/rancher-backup/1.0.300/templates/s3-secret.yaml b/released/charts/rancher-backup/rancher-backup/1.0.300/templates/s3-secret.yaml new file mode 100644 index 000000000..a07623d90 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.300/templates/s3-secret.yaml @@ -0,0 +1,31 @@ +{{- if .Values.s3.enabled -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "backupRestore.s3SecretName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +type: Opaque +stringData: + {{- with .Values.s3 }} + {{- if .credentialSecretName }} + credentialSecretName: {{ .credentialSecretName }} + credentialSecretNamespace: {{ required "When providing a Secret containing S3 credentials, a valid .Values.credentialSecretNamespace must be provided" .credentialSecretNamespace }} + {{- end }} + {{- if .region }} + region: {{ .region }} + {{- end }} + bucketName: {{ required "A valid .Values.bucketName is required for configuring S3 compatible storage as the default backup storage location" .bucketName }} + {{- if .folder }} + folder: {{ .folder }} + {{- end }} + endpoint: {{ required "A valid .Values.endpoint is required for configuring S3 compatible storage as the default backup storage location" .endpoint }} + {{- if .endpointCA }} + endpointCA: {{ .endpointCA }} + {{- end }} + {{- if .insecureTLSSkipVerify }} + insecureTLSSkipVerify: {{ .insecureTLSSkipVerify | quote }} + {{- end }} + {{- end }} +{{ end }} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.300/templates/serviceaccount.yaml b/released/charts/rancher-backup/rancher-backup/1.0.300/templates/serviceaccount.yaml new file mode 100644 index 000000000..f333b746c --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.300/templates/serviceaccount.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "backupRestore.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.300/templates/validate-install-crd.yaml b/released/charts/rancher-backup/rancher-backup/1.0.300/templates/validate-install-crd.yaml new file mode 100644 index 000000000..8f04e51e8 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.300/templates/validate-install-crd.yaml @@ -0,0 +1,16 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "resources.cattle.io/v1/Backup" false -}} +# {{- set $found "resources.cattle.io/v1/ResourceSet" false -}} +# {{- set $found "resources.cattle.io/v1/Restore" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the rancher-backup-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.300/values.yaml b/released/charts/rancher-backup/rancher-backup/1.0.300/values.yaml new file mode 100644 index 000000000..46d231fd2 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.300/values.yaml @@ -0,0 +1,49 @@ +image: + repository: rancher/backup-restore-operator + tag: v1.0.3 + +## Default s3 bucket for storing all backup files created by the backup-restore-operator +s3: + enabled: false + ## credentialSecretName if set, should be the name of the Secret containing AWS credentials. + ## To use IAM Role, don't set this field + credentialSecretName: "" + credentialSecretNamespace: "" + region: "" + bucketName: "" + folder: "" + endpoint: "" + endpointCA: "" + insecureTLSSkipVerify: false + +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## If persistence is enabled, operator will create a PVC with mountPath /var/lib/backups +persistence: + enabled: false + + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack). + ## Refer https://kubernetes.io/docs/concepts/storage/persistent-volumes/#class-1 + ## + storageClass: "-" + + ## If you want to disable dynamic provisioning by setting storageClass to "-" above, + ## and want to target a particular PV, provide name of the target volume + volumeName: "" + + ## Only certain StorageClasses allow resizing PVs; Refer https://kubernetes.io/blog/2018/07/12/resizing-persistent-volumes-using-kubernetes/ + size: 2Gi + + +global: + cattle: + systemDefaultRegistry: "" + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.301/Chart.yaml b/released/charts/rancher-backup/rancher-backup/1.0.301/Chart.yaml new file mode 100755 index 000000000..aa39ba99d --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.301/Chart.yaml @@ -0,0 +1,20 @@ +annotations: + catalog.cattle.io/auto-install: rancher-backup-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Rancher Backups + catalog.cattle.io/namespace: cattle-resources-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: resources.cattle.io.resourceset/v1 + catalog.cattle.io/release-name: rancher-backup + catalog.cattle.io/scope: management + catalog.cattle.io/ui-component: rancher-backup +apiVersion: v1 +appVersion: v1.0.3 +description: Provides ability to back up and restore the Rancher application running + on any Kubernetes cluster +icon: https://charts.rancher.io/assets/logos/backup-restore.svg +keywords: +- applications +- infrastructure +name: rancher-backup +version: 1.0.301 diff --git a/released/charts/rancher-backup/rancher-backup/1.0.301/README.md b/released/charts/rancher-backup/rancher-backup/1.0.301/README.md new file mode 100755 index 000000000..67f7cc4d9 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.301/README.md @@ -0,0 +1,69 @@ +# Rancher Backup + +This chart provides ability to back up and restore the Rancher application running on any Kubernetes cluster. + +Refer [this](https://github.com/rancher/backup-restore-operator) repository for implementation details. + +----- + +### Get Repo Info +``` +helm repo add rancher-chart https://charts.rancher.io +helm repo update +``` + +----- + +### Install Chart +``` +helm install rancher-backup-crd rancher-chart/rancher-backup-crd -n cattle-resources-system --create-namespace +helm install rancher-backup rancher-chart/rancher-backup -n cattle-resources-system +``` + +----- + +### Configuration +The following table lists the configurable parameters of the rancher-backup chart and their default values: + +| Parameter | Description | Default | +|----------|---------------|-------| +| image.repository | Container image repository | rancher/backup-restore-operator | +| image.tag | Container image tag | v0.1.0-rc1 | +| s3.enabled | Configure S3 compatible default storage location. Current version supports S3 and MinIO | false | +| s3.credentialSecretName | Name of the Secret containing S3 credentials. This is an optional field. Skip this field in order to use IAM Role authentication. The Secret must contain following two keys, `accessKey` and `secretKey` | "" | +| s3.credentialSecretNamespace | Namespace of the Secret containing S3 credentials. This can be any namespace. | "" | +| s3.region | Region of the S3 Bucket (Required for S3, not valid for MinIO) | "" | +| s3.bucketName | Name of the Bucket | "" | +| s3.folder | Base folder within the Bucket (optional) | "" | +| s3.endpoint | Endpoint for the S3 storage provider | "" | +| s3.endpointCA | Base64 encoded CA cert for the S3 storage provider (optional) | "" | +| s3.insecureTLSSkipVerify | Skip SSL verification | false | +| persistence.enabled | Configure a Persistent Volume as the default storage location. It accepts either a StorageClass name to create a PVC, or directly accepts the PV to use. The Persistent Volume is mounted at `/var/lib/backups` in the operator pod | false | +| persistence.storageClass | StorageClass to use for dynamically provisioning the Persistent Volume, which will be used for storing backups | "" | +| persistence.volumeName | Persistent Volume to use for storing backups | "" | +| persistence.size | Requested size of the Persistent Volume (Applicable when using dynamic provisioning) | "" | +| nodeSelector | https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | {} | +| tolerations | https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration | [] | +| affinity | https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity | {} | + +----- + +### CRDs + +Refer [this](https://github.com/rancher/backup-restore-operator#crds) section for information on CRDs that this chart installs. Also refer [this](https://github.com/rancher/backup-restore-operator/tree/master/examples) folder containing sample manifests for the CRDs. + +----- +### Upgrading Chart +``` +helm upgrade rancher-backup-crd -n cattle-resources-system +helm upgrade rancher-backup -n cattle-resources-system +``` + +----- +### Uninstall Chart + +``` +helm uninstall rancher-backup -n cattle-resources-system +helm uninstall rancher-backup-crd -n cattle-resources-system +``` + diff --git a/released/charts/rancher-backup/rancher-backup/1.0.301/app-readme.md b/released/charts/rancher-backup/rancher-backup/1.0.301/app-readme.md new file mode 100755 index 000000000..15a021cdb --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.301/app-readme.md @@ -0,0 +1,15 @@ +# Rancher Backup + +This chart enables ability to capture backups of the Rancher application and restore from these backups. This chart can be used to migrate Rancher from one Kubernetes cluster to a different Kubernetes cluster. + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/backups/v2.5/). + +This chart installs the following components: + +- [backup-restore-operator](https://github.com/rancher/backup-restore-operator) + - The operator handles backing up all Kubernetes resources and CRDs that Rancher creates and manages from the local cluster. It gathers these resources by querying the Kubernetes API server, packages all the resources to create a tarball file and saves it in the configured backup storage location. + - The operator can be configured to store backups in S3-compatible object stores such as AWS S3 and MinIO, and in persistent volumes. During deployment, you can create a default storage location, but there is always the option to override the default storage location with each backup, but will be limited to using an S3-compatible object store. + - It preserves the ownerReferences on all resources, hence maintaining dependencies between objects. + - This operator provides encryption support, to encrypt user specified resources before saving them in the backup file. It uses the same encryption configuration that is used to enable [Kubernetes Encryption at Rest](https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/). +- Backup - A backup is a CRD (`Backup`) that defines when to take backups, where to store the backup and what encryption to use (optional). Backups can be taken ad hoc or scheduled to be taken in intervals. +- Restore - A restore is a CRD (`Restore`) that defines which backup to use to restore the Rancher application to. diff --git a/released/charts/rancher-backup/rancher-backup/1.0.301/templates/_helpers.tpl b/released/charts/rancher-backup/rancher-backup/1.0.301/templates/_helpers.tpl new file mode 100755 index 000000000..411cfc63a --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.301/templates/_helpers.tpl @@ -0,0 +1,76 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "backupRestore.fullname" -}} +{{- .Chart.Name | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "backupRestore.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "backupRestore.labels" -}} +helm.sh/chart: {{ include "backupRestore.chart" . }} +{{ include "backupRestore.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "backupRestore.selectorLabels" -}} +app.kubernetes.io/name: {{ include "backupRestore.fullname" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +resources.cattle.io/operator: backup-restore +{{- end }} + + +{{/* +Create the name of the service account to use +*/}} +{{- define "backupRestore.serviceAccountName" -}} +{{ include "backupRestore.fullname" . }} +{{- end }} + + +{{- define "backupRestore.s3SecretName" -}} +{{- printf "%s-%s" .Chart.Name "s3" | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create PVC name using release and revision number. +*/}} +{{- define "backupRestore.pvcName" -}} +{{- printf "%s-%d" .Release.Name .Release.Revision }} +{{- end }} + diff --git a/released/charts/rancher-backup/rancher-backup/1.0.301/templates/clusterrolebinding.yaml b/released/charts/rancher-backup/rancher-backup/1.0.301/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..cf4abf670 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.301/templates/clusterrolebinding.yaml @@ -0,0 +1,14 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "backupRestore.fullname" . }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ include "backupRestore.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io diff --git a/released/charts/rancher-backup/rancher-backup/1.0.301/templates/deployment.yaml b/released/charts/rancher-backup/rancher-backup/1.0.301/templates/deployment.yaml new file mode 100755 index 000000000..776351ae5 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.301/templates/deployment.yaml @@ -0,0 +1,59 @@ +{{- if and .Values.s3.enabled .Values.persistence.enabled }} +{{- fail "\n\nCannot configure both s3 and PV for storing backups" }} +{{- end }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "backupRestore.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "backupRestore.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "backupRestore.selectorLabels" . | nindent 8 }} + annotations: + checksum/s3: {{ include (print $.Template.BasePath "/s3-secret.yaml") . | sha256sum }} + checksum/pvc: {{ include (print $.Template.BasePath "/pvc.yaml") . | sha256sum }} + spec: + serviceAccountName: {{ include "backupRestore.serviceAccountName" . }} + containers: + - name: {{ .Chart.Name }} + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: Always + env: + - name: CHART_NAMESPACE + value: {{ .Release.Namespace }} + {{- if .Values.s3.enabled }} + - name: DEFAULT_S3_BACKUP_STORAGE_LOCATION + value: {{ include "backupRestore.s3SecretName" . }} + {{- end }} + {{- if .Values.persistence.enabled }} + - name: DEFAULT_PERSISTENCE_ENABLED + value: "persistence-enabled" + volumeMounts: + - mountPath: "/var/lib/backups" + name: pv-storage + volumes: + - name: pv-storage + persistentVolumeClaim: + claimName: {{ include "backupRestore.pvcName" . }} + {{- end }} + nodeSelector: + kubernetes.io/os: linux + {{- with .Values.nodeSelector }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + tolerations: + {{- include "linux-node-tolerations" . | nindent 8}} + {{- with .Values.tolerations }} + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.301/templates/pvc.yaml b/released/charts/rancher-backup/rancher-backup/1.0.301/templates/pvc.yaml new file mode 100755 index 000000000..ff57e4dab --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.301/templates/pvc.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.persistence.enabled -}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "backupRestore.pvcName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +spec: + accessModes: + - ReadWriteOnce + resources: + {{- with .Values.persistence }} + requests: + storage: {{ .size | quote }} +{{- if .storageClass }} +{{- if (eq "-" .storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: {{ .storageClass | quote }} +{{- end }} +{{- end }} +{{- if .volumeName }} + volumeName: {{ .volumeName | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.301/templates/rancher-resourceset.yaml b/released/charts/rancher-backup/rancher-backup/1.0.301/templates/rancher-resourceset.yaml new file mode 100755 index 000000000..c04d9901c --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.301/templates/rancher-resourceset.yaml @@ -0,0 +1,62 @@ +apiVersion: resources.cattle.io/v1 +kind: ResourceSet +metadata: + name: rancher-resource-set +resourceSelectors: + - apiVersion: "v1" + kindsRegexp: "^namespaces$" + resourceNameRegexp: "^cattle-|^p-|^c-|^user-|^u-" + resourceNames: + - "local" + - apiVersion: "v1" + kindsRegexp: "^secrets$" + namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-" + labelSelectors: + matchExpressions: + - key: "owner" + operator: "NotIn" + values: ["helm"] + - apiVersion: "v1" + kindsRegexp: "^serviceaccounts$" + namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-" + - apiVersion: "v1" + kindsRegexp: "^configmaps$" + namespaces: + - "cattle-system" + - apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^roles$|^rolebindings$" + namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-" + - apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterrolebindings$" + resourceNameRegexp: "^cattle-|^clusterrolebinding-|^globaladmin-user-|^grb-u-" + resourceNames: + - "eks-operator" + - apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterroles$" + resourceNameRegexp: "^cattle-|^p-|^c-|^local-|^user-|^u-|^project-|^create-ns$" + resourceNames: + - "eks-operator" + - apiVersion: "apiextensions.k8s.io/v1beta1" + kindsRegexp: "." + resourceNameRegexp: "management.cattle.io$|project.cattle.io$|catalog.cattle.io$|eks.cattle.io$|resources.cattle.io$" + - apiVersion: "management.cattle.io/v3" + kindsRegexp: "." + - apiVersion: "project.cattle.io/v3" + kindsRegexp: "." + - apiVersion: "catalog.cattle.io/v1" + kindsRegexp: "^clusterrepos$" + - apiVersion: "resources.cattle.io/v1" + kindsRegexp: "^ResourceSet$" + - apiVersion: "eks.cattle.io/v1" + kindsRegexp: "." + - apiVersion: "apps/v1" + kindsRegexp: "^deployments$" + resourceNames: + - "eks-config-operator" + namespaces: + - "cattle-system" +controllerReferences: + - apiVersion: "apps/v1" + resource: "deployments" + name: "rancher" + namespace: "cattle-system" diff --git a/released/charts/rancher-backup/rancher-backup/1.0.301/templates/s3-secret.yaml b/released/charts/rancher-backup/rancher-backup/1.0.301/templates/s3-secret.yaml new file mode 100755 index 000000000..a07623d90 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.301/templates/s3-secret.yaml @@ -0,0 +1,31 @@ +{{- if .Values.s3.enabled -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "backupRestore.s3SecretName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +type: Opaque +stringData: + {{- with .Values.s3 }} + {{- if .credentialSecretName }} + credentialSecretName: {{ .credentialSecretName }} + credentialSecretNamespace: {{ required "When providing a Secret containing S3 credentials, a valid .Values.credentialSecretNamespace must be provided" .credentialSecretNamespace }} + {{- end }} + {{- if .region }} + region: {{ .region }} + {{- end }} + bucketName: {{ required "A valid .Values.bucketName is required for configuring S3 compatible storage as the default backup storage location" .bucketName }} + {{- if .folder }} + folder: {{ .folder }} + {{- end }} + endpoint: {{ required "A valid .Values.endpoint is required for configuring S3 compatible storage as the default backup storage location" .endpoint }} + {{- if .endpointCA }} + endpointCA: {{ .endpointCA }} + {{- end }} + {{- if .insecureTLSSkipVerify }} + insecureTLSSkipVerify: {{ .insecureTLSSkipVerify | quote }} + {{- end }} + {{- end }} +{{ end }} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.301/templates/serviceaccount.yaml b/released/charts/rancher-backup/rancher-backup/1.0.301/templates/serviceaccount.yaml new file mode 100755 index 000000000..f333b746c --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.301/templates/serviceaccount.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "backupRestore.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.301/templates/validate-install-crd.yaml b/released/charts/rancher-backup/rancher-backup/1.0.301/templates/validate-install-crd.yaml new file mode 100755 index 000000000..f63fd2e2e --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.301/templates/validate-install-crd.yaml @@ -0,0 +1,16 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "resources.cattle.io/v1/Backup" false -}} +# {{- set $found "resources.cattle.io/v1/ResourceSet" false -}} +# {{- set $found "resources.cattle.io/v1/Restore" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-backup/rancher-backup/1.0.301/values.yaml b/released/charts/rancher-backup/rancher-backup/1.0.301/values.yaml new file mode 100755 index 000000000..46d231fd2 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.301/values.yaml @@ -0,0 +1,49 @@ +image: + repository: rancher/backup-restore-operator + tag: v1.0.3 + +## Default s3 bucket for storing all backup files created by the backup-restore-operator +s3: + enabled: false + ## credentialSecretName if set, should be the name of the Secret containing AWS credentials. + ## To use IAM Role, don't set this field + credentialSecretName: "" + credentialSecretNamespace: "" + region: "" + bucketName: "" + folder: "" + endpoint: "" + endpointCA: "" + insecureTLSSkipVerify: false + +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## If persistence is enabled, operator will create a PVC with mountPath /var/lib/backups +persistence: + enabled: false + + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack). + ## Refer https://kubernetes.io/docs/concepts/storage/persistent-volumes/#class-1 + ## + storageClass: "-" + + ## If you want to disable dynamic provisioning by setting storageClass to "-" above, + ## and want to target a particular PV, provide name of the target volume + volumeName: "" + + ## Only certain StorageClasses allow resizing PVs; Refer https://kubernetes.io/blog/2018/07/12/resizing-persistent-volumes-using-kubernetes/ + size: 2Gi + + +global: + cattle: + systemDefaultRegistry: "" + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.400/Chart.yaml b/released/charts/rancher-backup/rancher-backup/1.0.400/Chart.yaml new file mode 100755 index 000000000..0cc5ada17 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.400/Chart.yaml @@ -0,0 +1,20 @@ +annotations: + catalog.cattle.io/auto-install: rancher-backup-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Rancher Backups + catalog.cattle.io/namespace: cattle-resources-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: resources.cattle.io.resourceset/v1 + catalog.cattle.io/release-name: rancher-backup + catalog.cattle.io/scope: management + catalog.cattle.io/ui-component: rancher-backup +apiVersion: v2 +appVersion: 1.0.4 +description: Provides ability to back up and restore the Rancher application running + on any Kubernetes cluster +icon: https://charts.rancher.io/assets/logos/backup-restore.svg +keywords: +- applications +- infrastructure +name: rancher-backup +version: 1.0.400 diff --git a/released/charts/rancher-backup/rancher-backup/1.0.400/README.md b/released/charts/rancher-backup/rancher-backup/1.0.400/README.md new file mode 100755 index 000000000..00fc96d92 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.400/README.md @@ -0,0 +1,69 @@ +# Rancher Backup + +This chart provides ability to back up and restore the Rancher application running on any Kubernetes cluster. + +Refer [this](https://github.com/rancher/backup-restore-operator) repository for implementation details. + +----- + +### Get Repo Info +```bash +helm repo add rancher-chart https://charts.rancher.io +helm repo update +``` + +----- + +### Install Chart +```bash +helm install rancher-backup-crd rancher-chart/rancher-backup-crd -n cattle-resources-system --create-namespace +helm install rancher-backup rancher-chart/rancher-backup -n cattle-resources-system +``` + +----- + +### Configuration +The following table lists the configurable parameters of the rancher-backup chart and their default values: + +| Parameter | Description | Default | +|----------|---------------|-------| +| image.repository | Container image repository | rancher/backup-restore-operator | +| image.tag | Container image tag | v0.1.0-rc1 | +| s3.enabled | Configure S3 compatible default storage location. Current version supports S3 and MinIO | false | +| s3.credentialSecretName | Name of the Secret containing S3 credentials. This is an optional field. Skip this field in order to use IAM Role authentication. The Secret must contain following two keys, `accessKey` and `secretKey` | "" | +| s3.credentialSecretNamespace | Namespace of the Secret containing S3 credentials. This can be any namespace. | "" | +| s3.region | Region of the S3 Bucket (Required for S3, not valid for MinIO) | "" | +| s3.bucketName | Name of the Bucket | "" | +| s3.folder | Base folder within the Bucket (optional) | "" | +| s3.endpoint | Endpoint for the S3 storage provider | "" | +| s3.endpointCA | Base64 encoded CA cert for the S3 storage provider (optional) | "" | +| s3.insecureTLSSkipVerify | Skip SSL verification | false | +| persistence.enabled | Configure a Persistent Volume as the default storage location. It accepts either a StorageClass name to create a PVC, or directly accepts the PV to use. The Persistent Volume is mounted at `/var/lib/backups` in the operator pod | false | +| persistence.storageClass | StorageClass to use for dynamically provisioning the Persistent Volume, which will be used for storing backups | "" | +| persistence.volumeName | Persistent Volume to use for storing backups | "" | +| persistence.size | Requested size of the Persistent Volume (Applicable when using dynamic provisioning) | "" | +| nodeSelector | https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | {} | +| tolerations | https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration | [] | +| affinity | https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity | {} | + +----- + +### CRDs + +Refer [this](https://github.com/rancher/backup-restore-operator#crds) section for information on CRDs that this chart installs. Also refer [this](https://github.com/rancher/backup-restore-operator/tree/master/examples) folder containing sample manifests for the CRDs. + +----- +### Upgrading Chart +```bash +helm upgrade rancher-backup-crd -n cattle-resources-system +helm upgrade rancher-backup -n cattle-resources-system +``` + +----- +### Uninstall Chart + +```bash +helm uninstall rancher-backup -n cattle-resources-system +helm uninstall rancher-backup-crd -n cattle-resources-system +``` + diff --git a/released/charts/rancher-backup/rancher-backup/1.0.400/app-readme.md b/released/charts/rancher-backup/rancher-backup/1.0.400/app-readme.md new file mode 100755 index 000000000..15a021cdb --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.400/app-readme.md @@ -0,0 +1,15 @@ +# Rancher Backup + +This chart enables ability to capture backups of the Rancher application and restore from these backups. This chart can be used to migrate Rancher from one Kubernetes cluster to a different Kubernetes cluster. + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/backups/v2.5/). + +This chart installs the following components: + +- [backup-restore-operator](https://github.com/rancher/backup-restore-operator) + - The operator handles backing up all Kubernetes resources and CRDs that Rancher creates and manages from the local cluster. It gathers these resources by querying the Kubernetes API server, packages all the resources to create a tarball file and saves it in the configured backup storage location. + - The operator can be configured to store backups in S3-compatible object stores such as AWS S3 and MinIO, and in persistent volumes. During deployment, you can create a default storage location, but there is always the option to override the default storage location with each backup, but will be limited to using an S3-compatible object store. + - It preserves the ownerReferences on all resources, hence maintaining dependencies between objects. + - This operator provides encryption support, to encrypt user specified resources before saving them in the backup file. It uses the same encryption configuration that is used to enable [Kubernetes Encryption at Rest](https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/). +- Backup - A backup is a CRD (`Backup`) that defines when to take backups, where to store the backup and what encryption to use (optional). Backups can be taken ad hoc or scheduled to be taken in intervals. +- Restore - A restore is a CRD (`Restore`) that defines which backup to use to restore the Rancher application to. diff --git a/released/charts/rancher-backup/rancher-backup/1.0.400/files/default-resourceset-contents/eks.yaml b/released/charts/rancher-backup/rancher-backup/1.0.400/files/default-resourceset-contents/eks.yaml new file mode 100755 index 000000000..59f47ce47 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.400/files/default-resourceset-contents/eks.yaml @@ -0,0 +1,17 @@ +- apiVersion: "eks.cattle.io/v1" + kindsRegexp: "." +- apiVersion: "apps/v1" + kindsRegexp: "^deployments$" + resourceNames: + - "eks-config-operator" +- apiVersion: "apiextensions.k8s.io/v1beta1" + kindsRegexp: "." + resourceNameRegexp: "eks.cattle.io$" +- apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterroles$" + resourceNames: + - "eks-operator" +- apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterrolebindings$" + resourceNames: + - "eks-operator" diff --git a/released/charts/rancher-backup/rancher-backup/1.0.400/files/default-resourceset-contents/fleet.yaml b/released/charts/rancher-backup/rancher-backup/1.0.400/files/default-resourceset-contents/fleet.yaml new file mode 100755 index 000000000..140a11978 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.400/files/default-resourceset-contents/fleet.yaml @@ -0,0 +1,49 @@ +- apiVersion: "v1" + kindsRegexp: "^namespaces$" + resourceNameRegexp: "^fleet-|^cluster-fleet-" +- apiVersion: "v1" + kindsRegexp: "^secrets$" + namespaceRegexp: "^fleet-|^cluster-fleet-" + labelSelectors: + matchExpressions: + - key: "owner" + operator: "NotIn" + values: ["helm"] + - key: "fleet.cattle.io/managed" + operator: "In" + values: ["true"] +- apiVersion: "v1" + kindsRegexp: "^serviceaccounts$" + namespaceRegexp: "^fleet-|^cluster-fleet-" +- apiVersion: "v1" + kindsRegexp: "^configmaps$" + namespaceRegexp: "^fleet-|^cluster-fleet-" +- apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^roles$|^rolebindings$" + namespaceRegexp: "^fleet-|^cluster-fleet-" +- apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterrolebindings$" + resourceNameRegexp: "^fleet-|^gitjob-" +- apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterroles$" + resourceNameRegexp: "^fleet-" + resourceNames: + - "gitjob" +- apiVersion: "apiextensions.k8s.io/v1beta1" + kindsRegexp: "." + resourceNameRegexp: "fleet.cattle.io$|gitjob.cattle.io$" +- apiVersion: "fleet.cattle.io/v1alpha1" + kindsRegexp: "." +- apiVersion: "gitjob.cattle.io/v1" + kindsRegexp: "." +- apiVersion: "apps/v1" + kindsRegexp: "^deployments$" + namespaceRegexp: "^fleet-|^cluster-fleet-" + resourceNameRegexp: "^fleet-" + resourceNames: + - "gitjob" +- apiVersion: "apps/v1" + kindsRegexp: "^services$" + namespaceRegexp: "^fleet-|^cluster-fleet-" + resourceNames: + - "gitjob" diff --git a/released/charts/rancher-backup/rancher-backup/1.0.400/files/default-resourceset-contents/gke.yaml b/released/charts/rancher-backup/rancher-backup/1.0.400/files/default-resourceset-contents/gke.yaml new file mode 100755 index 000000000..a77019235 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.400/files/default-resourceset-contents/gke.yaml @@ -0,0 +1,17 @@ +- apiVersion: "apiextensions.k8s.io/v1beta1" + kindsRegexp: "." + resourceNameRegexp: "gke.cattle.io$" +- apiVersion: "gke.cattle.io/v1" + kindsRegexp: "." +- apiVersion: "apps/v1" + kindsRegexp: "^deployments$" + resourceNames: + - "gke-config-operator" +- apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterroles$" + resourceNames: + - "gke-operator" +- apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterrolebindings$" + resourceNames: + - "gke-operator" diff --git a/released/charts/rancher-backup/rancher-backup/1.0.400/files/default-resourceset-contents/rancher-operator.yaml b/released/charts/rancher-backup/rancher-backup/1.0.400/files/default-resourceset-contents/rancher-operator.yaml new file mode 100755 index 000000000..3518fb5b7 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.400/files/default-resourceset-contents/rancher-operator.yaml @@ -0,0 +1,27 @@ +- apiVersion: "rancher.cattle.io/v1" + kindsRegexp: "." +- apiVersion: "apps/v1" + kindsRegexp: "^deployments$" + resourceNames: + - "rancher-operator" + namespaces: + - "rancher-operator-system" +- apiVersion: "v1" + kindsRegexp: "^serviceaccounts$" + namespaces: + - "rancher-operator-system" +- apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterrolebindings$" + resourceNames: + - "rancher-operator" +- apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterroles$" + resourceNames: + - "rancher-operator" +- apiVersion: "apiextensions.k8s.io/v1beta1" + kindsRegexp: "." + resourceNameRegexp: "rancher.cattle.io$" +- apiVersion: "v1" + kindsRegexp: "^namespaces$" + resourceNames: + - "rancher-operator-system" diff --git a/released/charts/rancher-backup/rancher-backup/1.0.400/files/default-resourceset-contents/rancher.yaml b/released/charts/rancher-backup/rancher-backup/1.0.400/files/default-resourceset-contents/rancher.yaml new file mode 100755 index 000000000..fdfc067f6 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.400/files/default-resourceset-contents/rancher.yaml @@ -0,0 +1,44 @@ +- apiVersion: "v1" + kindsRegexp: "^namespaces$" + resourceNameRegexp: "^cattle-|^p-|^c-|^user-|^u-" + resourceNames: + - "local" +- apiVersion: "apps/v1" + kindsRegexp: "^deployments$" + namespaces: + - "cattle-system" +- apiVersion: "v1" + kindsRegexp: "^secrets$" + namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-" + labelSelectors: + matchExpressions: + - key: "owner" + operator: "NotIn" + values: ["helm"] +- apiVersion: "v1" + kindsRegexp: "^serviceaccounts$" + namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-" +- apiVersion: "v1" + kindsRegexp: "^configmaps$" + namespaces: + - "cattle-system" +- apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^roles$|^rolebindings$" + namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-" +- apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterrolebindings$" + resourceNameRegexp: "^cattle-|^clusterrolebinding-|^globaladmin-user-|^grb-u-" +- apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterroles$" + resourceNameRegexp: "^cattle-|^p-|^c-|^local-|^user-|^u-|^project-|^create-ns$" +- apiVersion: "apiextensions.k8s.io/v1beta1" + kindsRegexp: "." + resourceNameRegexp: "management.cattle.io$|project.cattle.io$|catalog.cattle.io$|resources.cattle.io$" +- apiVersion: "management.cattle.io/v3" + kindsRegexp: "." +- apiVersion: "project.cattle.io/v3" + kindsRegexp: "." +- apiVersion: "catalog.cattle.io/v1" + kindsRegexp: "^clusterrepos$" +- apiVersion: "resources.cattle.io/v1" + kindsRegexp: "^ResourceSet$" diff --git a/released/charts/rancher-backup/rancher-backup/1.0.400/templates/_helpers.tpl b/released/charts/rancher-backup/rancher-backup/1.0.400/templates/_helpers.tpl new file mode 100755 index 000000000..411cfc63a --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.400/templates/_helpers.tpl @@ -0,0 +1,76 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "backupRestore.fullname" -}} +{{- .Chart.Name | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "backupRestore.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "backupRestore.labels" -}} +helm.sh/chart: {{ include "backupRestore.chart" . }} +{{ include "backupRestore.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "backupRestore.selectorLabels" -}} +app.kubernetes.io/name: {{ include "backupRestore.fullname" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +resources.cattle.io/operator: backup-restore +{{- end }} + + +{{/* +Create the name of the service account to use +*/}} +{{- define "backupRestore.serviceAccountName" -}} +{{ include "backupRestore.fullname" . }} +{{- end }} + + +{{- define "backupRestore.s3SecretName" -}} +{{- printf "%s-%s" .Chart.Name "s3" | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create PVC name using release and revision number. +*/}} +{{- define "backupRestore.pvcName" -}} +{{- printf "%s-%d" .Release.Name .Release.Revision }} +{{- end }} + diff --git a/released/charts/rancher-backup/rancher-backup/1.0.400/templates/clusterrolebinding.yaml b/released/charts/rancher-backup/rancher-backup/1.0.400/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..cf4abf670 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.400/templates/clusterrolebinding.yaml @@ -0,0 +1,14 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "backupRestore.fullname" . }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ include "backupRestore.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io diff --git a/released/charts/rancher-backup/rancher-backup/1.0.400/templates/deployment.yaml b/released/charts/rancher-backup/rancher-backup/1.0.400/templates/deployment.yaml new file mode 100755 index 000000000..776351ae5 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.400/templates/deployment.yaml @@ -0,0 +1,59 @@ +{{- if and .Values.s3.enabled .Values.persistence.enabled }} +{{- fail "\n\nCannot configure both s3 and PV for storing backups" }} +{{- end }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "backupRestore.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "backupRestore.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "backupRestore.selectorLabels" . | nindent 8 }} + annotations: + checksum/s3: {{ include (print $.Template.BasePath "/s3-secret.yaml") . | sha256sum }} + checksum/pvc: {{ include (print $.Template.BasePath "/pvc.yaml") . | sha256sum }} + spec: + serviceAccountName: {{ include "backupRestore.serviceAccountName" . }} + containers: + - name: {{ .Chart.Name }} + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: Always + env: + - name: CHART_NAMESPACE + value: {{ .Release.Namespace }} + {{- if .Values.s3.enabled }} + - name: DEFAULT_S3_BACKUP_STORAGE_LOCATION + value: {{ include "backupRestore.s3SecretName" . }} + {{- end }} + {{- if .Values.persistence.enabled }} + - name: DEFAULT_PERSISTENCE_ENABLED + value: "persistence-enabled" + volumeMounts: + - mountPath: "/var/lib/backups" + name: pv-storage + volumes: + - name: pv-storage + persistentVolumeClaim: + claimName: {{ include "backupRestore.pvcName" . }} + {{- end }} + nodeSelector: + kubernetes.io/os: linux + {{- with .Values.nodeSelector }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + tolerations: + {{- include "linux-node-tolerations" . | nindent 8}} + {{- with .Values.tolerations }} + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.400/templates/pvc.yaml b/released/charts/rancher-backup/rancher-backup/1.0.400/templates/pvc.yaml new file mode 100755 index 000000000..ff57e4dab --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.400/templates/pvc.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.persistence.enabled -}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "backupRestore.pvcName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +spec: + accessModes: + - ReadWriteOnce + resources: + {{- with .Values.persistence }} + requests: + storage: {{ .size | quote }} +{{- if .storageClass }} +{{- if (eq "-" .storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: {{ .storageClass | quote }} +{{- end }} +{{- end }} +{{- if .volumeName }} + volumeName: {{ .volumeName | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.400/templates/rancher-resourceset.yaml b/released/charts/rancher-backup/rancher-backup/1.0.400/templates/rancher-resourceset.yaml new file mode 100755 index 000000000..05add8824 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.400/templates/rancher-resourceset.yaml @@ -0,0 +1,13 @@ +apiVersion: resources.cattle.io/v1 +kind: ResourceSet +metadata: + name: rancher-resource-set +controllerReferences: + - apiVersion: "apps/v1" + resource: "deployments" + name: "rancher" + namespace: "cattle-system" +resourceSelectors: +{{- range $path, $_ := .Files.Glob "files/default-resourceset-contents/*.yaml" -}} + {{- $.Files.Get $path | nindent 2 -}} +{{- end -}} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.400/templates/s3-secret.yaml b/released/charts/rancher-backup/rancher-backup/1.0.400/templates/s3-secret.yaml new file mode 100755 index 000000000..a07623d90 --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.400/templates/s3-secret.yaml @@ -0,0 +1,31 @@ +{{- if .Values.s3.enabled -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "backupRestore.s3SecretName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +type: Opaque +stringData: + {{- with .Values.s3 }} + {{- if .credentialSecretName }} + credentialSecretName: {{ .credentialSecretName }} + credentialSecretNamespace: {{ required "When providing a Secret containing S3 credentials, a valid .Values.credentialSecretNamespace must be provided" .credentialSecretNamespace }} + {{- end }} + {{- if .region }} + region: {{ .region }} + {{- end }} + bucketName: {{ required "A valid .Values.bucketName is required for configuring S3 compatible storage as the default backup storage location" .bucketName }} + {{- if .folder }} + folder: {{ .folder }} + {{- end }} + endpoint: {{ required "A valid .Values.endpoint is required for configuring S3 compatible storage as the default backup storage location" .endpoint }} + {{- if .endpointCA }} + endpointCA: {{ .endpointCA }} + {{- end }} + {{- if .insecureTLSSkipVerify }} + insecureTLSSkipVerify: {{ .insecureTLSSkipVerify | quote }} + {{- end }} + {{- end }} +{{ end }} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.400/templates/serviceaccount.yaml b/released/charts/rancher-backup/rancher-backup/1.0.400/templates/serviceaccount.yaml new file mode 100755 index 000000000..f333b746c --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.400/templates/serviceaccount.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "backupRestore.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} diff --git a/released/charts/rancher-backup/rancher-backup/1.0.400/templates/validate-install-crd.yaml b/released/charts/rancher-backup/rancher-backup/1.0.400/templates/validate-install-crd.yaml new file mode 100755 index 000000000..f63fd2e2e --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.400/templates/validate-install-crd.yaml @@ -0,0 +1,16 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "resources.cattle.io/v1/Backup" false -}} +# {{- set $found "resources.cattle.io/v1/ResourceSet" false -}} +# {{- set $found "resources.cattle.io/v1/Restore" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-backup/rancher-backup/1.0.400/values.yaml b/released/charts/rancher-backup/rancher-backup/1.0.400/values.yaml new file mode 100755 index 000000000..d6bb015bc --- /dev/null +++ b/released/charts/rancher-backup/rancher-backup/1.0.400/values.yaml @@ -0,0 +1,49 @@ +image: + repository: rancher/backup-restore-operator + tag: v1.0.4-rc3 + +## Default s3 bucket for storing all backup files created by the backup-restore-operator +s3: + enabled: false + ## credentialSecretName if set, should be the name of the Secret containing AWS credentials. + ## To use IAM Role, don't set this field + credentialSecretName: "" + credentialSecretNamespace: "" + region: "" + bucketName: "" + folder: "" + endpoint: "" + endpointCA: "" + insecureTLSSkipVerify: false + +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## If persistence is enabled, operator will create a PVC with mountPath /var/lib/backups +persistence: + enabled: false + + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack). + ## Refer https://kubernetes.io/docs/concepts/storage/persistent-volumes/#class-1 + ## + storageClass: "-" + + ## If you want to disable dynamic provisioning by setting storageClass to "-" above, + ## and want to target a particular PV, provide name of the target volume + volumeName: "" + + ## Only certain StorageClasses allow resizing PVs; Refer https://kubernetes.io/blog/2018/07/12/resizing-persistent-volumes-using-kubernetes/ + size: 2Gi + + +global: + cattle: + systemDefaultRegistry: "" + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/Chart.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/Chart.yaml new file mode 100644 index 000000000..de2b2e1a4 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cis-operator-system + catalog.cattle.io/release-name: rancher-cis-benchmark-crd +apiVersion: v1 +description: Installs the CRDs for rancher-cis-benchmark. +name: rancher-cis-benchmark-crd +type: application +version: 1.0.100 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/README.md b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/README.md new file mode 100644 index 000000000..6c3044b1a --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/README.md @@ -0,0 +1,2 @@ +# rancher-cis-benchmark-crd +A Rancher chart that installs the CRDs used by [rancher-cis-benchmark](https://github.com/rancher/dev-charts/tree/master/packages/rancher-cis-benchmark). diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/templates/clusterscan.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/templates/clusterscan.yaml new file mode 100644 index 000000000..921430fb4 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/templates/clusterscan.yaml @@ -0,0 +1,112 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscans.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .status.lastRunScanProfileName + name: ClusterScanProfile + type: string + - JSONPath: .status.summary.total + name: Total + type: string + - JSONPath: .status.summary.pass + name: Pass + type: string + - JSONPath: .status.summary.fail + name: Fail + type: string + - JSONPath: .status.summary.skip + name: Skip + type: string + - JSONPath: .status.summary.notApplicable + name: Not Applicable + type: string + - JSONPath: .status.lastRunTimestamp + name: LastRunTimestamp + type: string + group: cis.cattle.io + names: + kind: ClusterScan + plural: clusterscans + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + scanProfileName: + nullable: true + type: string + type: object + status: + properties: + conditions: + items: + properties: + lastTransitionTime: + nullable: true + type: string + lastUpdateTime: + nullable: true + type: string + message: + nullable: true + type: string + reason: + nullable: true + type: string + status: + nullable: true + type: string + type: + nullable: true + type: string + type: object + nullable: true + type: array + display: + nullable: true + properties: + error: + type: boolean + message: + nullable: true + type: string + state: + nullable: true + type: string + transitioning: + type: boolean + type: object + lastRunScanProfileName: + nullable: true + type: string + lastRunTimestamp: + nullable: true + type: string + observedGeneration: + type: integer + summary: + nullable: true + properties: + fail: + type: integer + notApplicable: + type: integer + pass: + type: integer + skip: + type: integer + total: + type: integer + type: object + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/templates/clusterscanbenchmark.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/templates/clusterscanbenchmark.yaml new file mode 100644 index 000000000..4ad81c651 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/templates/clusterscanbenchmark.yaml @@ -0,0 +1,49 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscanbenchmarks.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.clusterProvider + name: ClusterProvider + type: string + - JSONPath: .spec.minKubernetesVersion + name: MinKubernetesVersion + type: string + - JSONPath: .spec.maxKubernetesVersion + name: MaxKubernetesVersion + type: string + group: cis.cattle.io + names: + kind: ClusterScanBenchmark + plural: clusterscanbenchmarks + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + clusterProvider: + nullable: true + type: string + customBenchmarkConfigMapName: + nullable: true + type: string + customBenchmarkConfigMapNameSpace: + nullable: true + type: string + maxKubernetesVersion: + nullable: true + type: string + minKubernetesVersion: + nullable: true + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/templates/clusterscanprofile.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/templates/clusterscanprofile.yaml new file mode 100644 index 000000000..21bb68396 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/templates/clusterscanprofile.yaml @@ -0,0 +1,37 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscanprofiles.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.benchmarkVersion + name: BenchmarkVersion + type: string + group: cis.cattle.io + names: + kind: ClusterScanProfile + plural: clusterscanprofiles + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + benchmarkVersion: + nullable: true + type: string + skipTests: + items: + nullable: true + type: string + nullable: true + type: array + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/templates/clusterscanreport.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/templates/clusterscanreport.yaml new file mode 100644 index 000000000..017020a95 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.100/templates/clusterscanreport.yaml @@ -0,0 +1,40 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscanreports.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.lastRunTimestamp + name: LastRunTimestamp + type: string + - JSONPath: .spec.benchmarkVersion + name: BenchmarkVersion + type: string + group: cis.cattle.io + names: + kind: ClusterScanReport + plural: clusterscanreports + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + benchmarkVersion: + nullable: true + type: string + lastRunTimestamp: + nullable: true + type: string + reportJSON: + nullable: true + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/Chart.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/Chart.yaml new file mode 100644 index 000000000..4f913ffe4 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cis-operator-system + catalog.cattle.io/release-name: rancher-cis-benchmark-crd +apiVersion: v1 +description: Installs the CRDs for rancher-cis-benchmark. +name: rancher-cis-benchmark-crd +type: application +version: 1.0.200 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/README.md b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/README.md new file mode 100644 index 000000000..f6d9ef621 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/README.md @@ -0,0 +1,2 @@ +# rancher-cis-benchmark-crd +A Rancher chart that installs the CRDs used by rancher-cis-benchmark. diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/templates/clusterscan.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/templates/clusterscan.yaml new file mode 100644 index 000000000..921430fb4 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/templates/clusterscan.yaml @@ -0,0 +1,112 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscans.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .status.lastRunScanProfileName + name: ClusterScanProfile + type: string + - JSONPath: .status.summary.total + name: Total + type: string + - JSONPath: .status.summary.pass + name: Pass + type: string + - JSONPath: .status.summary.fail + name: Fail + type: string + - JSONPath: .status.summary.skip + name: Skip + type: string + - JSONPath: .status.summary.notApplicable + name: Not Applicable + type: string + - JSONPath: .status.lastRunTimestamp + name: LastRunTimestamp + type: string + group: cis.cattle.io + names: + kind: ClusterScan + plural: clusterscans + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + scanProfileName: + nullable: true + type: string + type: object + status: + properties: + conditions: + items: + properties: + lastTransitionTime: + nullable: true + type: string + lastUpdateTime: + nullable: true + type: string + message: + nullable: true + type: string + reason: + nullable: true + type: string + status: + nullable: true + type: string + type: + nullable: true + type: string + type: object + nullable: true + type: array + display: + nullable: true + properties: + error: + type: boolean + message: + nullable: true + type: string + state: + nullable: true + type: string + transitioning: + type: boolean + type: object + lastRunScanProfileName: + nullable: true + type: string + lastRunTimestamp: + nullable: true + type: string + observedGeneration: + type: integer + summary: + nullable: true + properties: + fail: + type: integer + notApplicable: + type: integer + pass: + type: integer + skip: + type: integer + total: + type: integer + type: object + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/templates/clusterscanbenchmark.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/templates/clusterscanbenchmark.yaml new file mode 100644 index 000000000..4ad81c651 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/templates/clusterscanbenchmark.yaml @@ -0,0 +1,49 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscanbenchmarks.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.clusterProvider + name: ClusterProvider + type: string + - JSONPath: .spec.minKubernetesVersion + name: MinKubernetesVersion + type: string + - JSONPath: .spec.maxKubernetesVersion + name: MaxKubernetesVersion + type: string + group: cis.cattle.io + names: + kind: ClusterScanBenchmark + plural: clusterscanbenchmarks + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + clusterProvider: + nullable: true + type: string + customBenchmarkConfigMapName: + nullable: true + type: string + customBenchmarkConfigMapNameSpace: + nullable: true + type: string + maxKubernetesVersion: + nullable: true + type: string + minKubernetesVersion: + nullable: true + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/templates/clusterscanprofile.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/templates/clusterscanprofile.yaml new file mode 100644 index 000000000..21bb68396 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/templates/clusterscanprofile.yaml @@ -0,0 +1,37 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscanprofiles.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.benchmarkVersion + name: BenchmarkVersion + type: string + group: cis.cattle.io + names: + kind: ClusterScanProfile + plural: clusterscanprofiles + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + benchmarkVersion: + nullable: true + type: string + skipTests: + items: + nullable: true + type: string + nullable: true + type: array + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/templates/clusterscanreport.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/templates/clusterscanreport.yaml new file mode 100644 index 000000000..017020a95 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.200/templates/clusterscanreport.yaml @@ -0,0 +1,40 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscanreports.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.lastRunTimestamp + name: LastRunTimestamp + type: string + - JSONPath: .spec.benchmarkVersion + name: BenchmarkVersion + type: string + group: cis.cattle.io + names: + kind: ClusterScanReport + plural: clusterscanreports + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + benchmarkVersion: + nullable: true + type: string + lastRunTimestamp: + nullable: true + type: string + reportJSON: + nullable: true + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/Chart.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/Chart.yaml new file mode 100644 index 000000000..e5ad1ef62 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cis-operator-system + catalog.cattle.io/release-name: rancher-cis-benchmark-crd +apiVersion: v1 +description: Installs the CRDs for rancher-cis-benchmark. +name: rancher-cis-benchmark-crd +type: application +version: 1.0.300 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/README.md b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/README.md new file mode 100644 index 000000000..f6d9ef621 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/README.md @@ -0,0 +1,2 @@ +# rancher-cis-benchmark-crd +A Rancher chart that installs the CRDs used by rancher-cis-benchmark. diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/templates/clusterscan.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/templates/clusterscan.yaml new file mode 100644 index 000000000..beca6e1f8 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/templates/clusterscan.yaml @@ -0,0 +1,149 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscans.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .status.lastRunScanProfileName + name: ClusterScanProfile + type: string + - JSONPath: .status.summary.total + name: Total + type: string + - JSONPath: .status.summary.pass + name: Pass + type: string + - JSONPath: .status.summary.fail + name: Fail + type: string + - JSONPath: .status.summary.skip + name: Skip + type: string + - JSONPath: .status.summary.warn + name: Warn + type: string + - JSONPath: .status.summary.notApplicable + name: Not Applicable + type: string + - JSONPath: .status.lastRunTimestamp + name: LastRunTimestamp + type: string + - JSONPath: .spec.scheduledScanConfig.cronSchedule + name: CronSchedule + type: string + group: cis.cattle.io + names: + kind: ClusterScan + plural: clusterscans + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + scanProfileName: + nullable: true + type: string + scheduledScanConfig: + nullable: true + properties: + cronSchedule: + nullable: true + type: string + retentionCount: + type: integer + scanAlertRule: + nullable: true + properties: + alertOnComplete: + type: boolean + alertOnFailure: + type: boolean + type: object + type: object + scoreWarning: + enum: + - pass + - fail + nullable: true + type: string + type: object + status: + properties: + NextScanAt: + nullable: true + type: string + ScanAlertingRuleName: + nullable: true + type: string + conditions: + items: + properties: + lastTransitionTime: + nullable: true + type: string + lastUpdateTime: + nullable: true + type: string + message: + nullable: true + type: string + reason: + nullable: true + type: string + status: + nullable: true + type: string + type: + nullable: true + type: string + type: object + nullable: true + type: array + display: + nullable: true + properties: + error: + type: boolean + message: + nullable: true + type: string + state: + nullable: true + type: string + transitioning: + type: boolean + type: object + lastRunScanProfileName: + nullable: true + type: string + lastRunTimestamp: + nullable: true + type: string + observedGeneration: + type: integer + summary: + nullable: true + properties: + fail: + type: integer + notApplicable: + type: integer + pass: + type: integer + skip: + type: integer + total: + type: integer + warn: + type: integer + type: object + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/templates/clusterscanbenchmark.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/templates/clusterscanbenchmark.yaml new file mode 100644 index 000000000..aa6fc2218 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/templates/clusterscanbenchmark.yaml @@ -0,0 +1,55 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscanbenchmarks.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.clusterProvider + name: ClusterProvider + type: string + - JSONPath: .spec.minKubernetesVersion + name: MinKubernetesVersion + type: string + - JSONPath: .spec.maxKubernetesVersion + name: MaxKubernetesVersion + type: string + - JSONPath: .spec.customBenchmarkConfigMapName + name: customBenchmarkConfigMapName + type: string + - JSONPath: .spec.customBenchmarkConfigMapNamespace + name: customBenchmarkConfigMapNamespace + type: string + group: cis.cattle.io + names: + kind: ClusterScanBenchmark + plural: clusterscanbenchmarks + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + clusterProvider: + nullable: true + type: string + customBenchmarkConfigMapName: + nullable: true + type: string + customBenchmarkConfigMapNamespace: + nullable: true + type: string + maxKubernetesVersion: + nullable: true + type: string + minKubernetesVersion: + nullable: true + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/templates/clusterscanprofile.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/templates/clusterscanprofile.yaml new file mode 100644 index 000000000..21bb68396 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/templates/clusterscanprofile.yaml @@ -0,0 +1,37 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscanprofiles.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.benchmarkVersion + name: BenchmarkVersion + type: string + group: cis.cattle.io + names: + kind: ClusterScanProfile + plural: clusterscanprofiles + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + benchmarkVersion: + nullable: true + type: string + skipTests: + items: + nullable: true + type: string + nullable: true + type: array + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/templates/clusterscanreport.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/templates/clusterscanreport.yaml new file mode 100644 index 000000000..017020a95 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.300/templates/clusterscanreport.yaml @@ -0,0 +1,40 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscanreports.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.lastRunTimestamp + name: LastRunTimestamp + type: string + - JSONPath: .spec.benchmarkVersion + name: BenchmarkVersion + type: string + group: cis.cattle.io + names: + kind: ClusterScanReport + plural: clusterscanreports + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + benchmarkVersion: + nullable: true + type: string + lastRunTimestamp: + nullable: true + type: string + reportJSON: + nullable: true + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/Chart.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/Chart.yaml new file mode 100755 index 000000000..3edb07a29 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cis-operator-system + catalog.cattle.io/release-name: rancher-cis-benchmark-crd +apiVersion: v1 +description: Installs the CRDs for rancher-cis-benchmark. +name: rancher-cis-benchmark-crd +type: application +version: 1.0.301 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/README.md b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/README.md new file mode 100755 index 000000000..f6d9ef621 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/README.md @@ -0,0 +1,2 @@ +# rancher-cis-benchmark-crd +A Rancher chart that installs the CRDs used by rancher-cis-benchmark. diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/templates/clusterscan.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/templates/clusterscan.yaml new file mode 100755 index 000000000..beca6e1f8 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/templates/clusterscan.yaml @@ -0,0 +1,149 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscans.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .status.lastRunScanProfileName + name: ClusterScanProfile + type: string + - JSONPath: .status.summary.total + name: Total + type: string + - JSONPath: .status.summary.pass + name: Pass + type: string + - JSONPath: .status.summary.fail + name: Fail + type: string + - JSONPath: .status.summary.skip + name: Skip + type: string + - JSONPath: .status.summary.warn + name: Warn + type: string + - JSONPath: .status.summary.notApplicable + name: Not Applicable + type: string + - JSONPath: .status.lastRunTimestamp + name: LastRunTimestamp + type: string + - JSONPath: .spec.scheduledScanConfig.cronSchedule + name: CronSchedule + type: string + group: cis.cattle.io + names: + kind: ClusterScan + plural: clusterscans + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + scanProfileName: + nullable: true + type: string + scheduledScanConfig: + nullable: true + properties: + cronSchedule: + nullable: true + type: string + retentionCount: + type: integer + scanAlertRule: + nullable: true + properties: + alertOnComplete: + type: boolean + alertOnFailure: + type: boolean + type: object + type: object + scoreWarning: + enum: + - pass + - fail + nullable: true + type: string + type: object + status: + properties: + NextScanAt: + nullable: true + type: string + ScanAlertingRuleName: + nullable: true + type: string + conditions: + items: + properties: + lastTransitionTime: + nullable: true + type: string + lastUpdateTime: + nullable: true + type: string + message: + nullable: true + type: string + reason: + nullable: true + type: string + status: + nullable: true + type: string + type: + nullable: true + type: string + type: object + nullable: true + type: array + display: + nullable: true + properties: + error: + type: boolean + message: + nullable: true + type: string + state: + nullable: true + type: string + transitioning: + type: boolean + type: object + lastRunScanProfileName: + nullable: true + type: string + lastRunTimestamp: + nullable: true + type: string + observedGeneration: + type: integer + summary: + nullable: true + properties: + fail: + type: integer + notApplicable: + type: integer + pass: + type: integer + skip: + type: integer + total: + type: integer + warn: + type: integer + type: object + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/templates/clusterscanbenchmark.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/templates/clusterscanbenchmark.yaml new file mode 100755 index 000000000..aa6fc2218 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/templates/clusterscanbenchmark.yaml @@ -0,0 +1,55 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscanbenchmarks.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.clusterProvider + name: ClusterProvider + type: string + - JSONPath: .spec.minKubernetesVersion + name: MinKubernetesVersion + type: string + - JSONPath: .spec.maxKubernetesVersion + name: MaxKubernetesVersion + type: string + - JSONPath: .spec.customBenchmarkConfigMapName + name: customBenchmarkConfigMapName + type: string + - JSONPath: .spec.customBenchmarkConfigMapNamespace + name: customBenchmarkConfigMapNamespace + type: string + group: cis.cattle.io + names: + kind: ClusterScanBenchmark + plural: clusterscanbenchmarks + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + clusterProvider: + nullable: true + type: string + customBenchmarkConfigMapName: + nullable: true + type: string + customBenchmarkConfigMapNamespace: + nullable: true + type: string + maxKubernetesVersion: + nullable: true + type: string + minKubernetesVersion: + nullable: true + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/templates/clusterscanprofile.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/templates/clusterscanprofile.yaml new file mode 100755 index 000000000..21bb68396 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/templates/clusterscanprofile.yaml @@ -0,0 +1,37 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscanprofiles.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.benchmarkVersion + name: BenchmarkVersion + type: string + group: cis.cattle.io + names: + kind: ClusterScanProfile + plural: clusterscanprofiles + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + benchmarkVersion: + nullable: true + type: string + skipTests: + items: + nullable: true + type: string + nullable: true + type: array + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/templates/clusterscanreport.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/templates/clusterscanreport.yaml new file mode 100755 index 000000000..017020a95 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.301/templates/clusterscanreport.yaml @@ -0,0 +1,40 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscanreports.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.lastRunTimestamp + name: LastRunTimestamp + type: string + - JSONPath: .spec.benchmarkVersion + name: BenchmarkVersion + type: string + group: cis.cattle.io + names: + kind: ClusterScanReport + plural: clusterscanreports + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + benchmarkVersion: + nullable: true + type: string + lastRunTimestamp: + nullable: true + type: string + reportJSON: + nullable: true + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/Chart.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/Chart.yaml new file mode 100755 index 000000000..5d62a6b99 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cis-operator-system + catalog.cattle.io/release-name: rancher-cis-benchmark-crd +apiVersion: v1 +description: Installs the CRDs for rancher-cis-benchmark. +name: rancher-cis-benchmark-crd +type: application +version: 1.0.400 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/README.md b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/README.md new file mode 100755 index 000000000..f6d9ef621 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/README.md @@ -0,0 +1,2 @@ +# rancher-cis-benchmark-crd +A Rancher chart that installs the CRDs used by rancher-cis-benchmark. diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/templates/clusterscan.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/templates/clusterscan.yaml new file mode 100755 index 000000000..beca6e1f8 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/templates/clusterscan.yaml @@ -0,0 +1,149 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscans.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .status.lastRunScanProfileName + name: ClusterScanProfile + type: string + - JSONPath: .status.summary.total + name: Total + type: string + - JSONPath: .status.summary.pass + name: Pass + type: string + - JSONPath: .status.summary.fail + name: Fail + type: string + - JSONPath: .status.summary.skip + name: Skip + type: string + - JSONPath: .status.summary.warn + name: Warn + type: string + - JSONPath: .status.summary.notApplicable + name: Not Applicable + type: string + - JSONPath: .status.lastRunTimestamp + name: LastRunTimestamp + type: string + - JSONPath: .spec.scheduledScanConfig.cronSchedule + name: CronSchedule + type: string + group: cis.cattle.io + names: + kind: ClusterScan + plural: clusterscans + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + scanProfileName: + nullable: true + type: string + scheduledScanConfig: + nullable: true + properties: + cronSchedule: + nullable: true + type: string + retentionCount: + type: integer + scanAlertRule: + nullable: true + properties: + alertOnComplete: + type: boolean + alertOnFailure: + type: boolean + type: object + type: object + scoreWarning: + enum: + - pass + - fail + nullable: true + type: string + type: object + status: + properties: + NextScanAt: + nullable: true + type: string + ScanAlertingRuleName: + nullable: true + type: string + conditions: + items: + properties: + lastTransitionTime: + nullable: true + type: string + lastUpdateTime: + nullable: true + type: string + message: + nullable: true + type: string + reason: + nullable: true + type: string + status: + nullable: true + type: string + type: + nullable: true + type: string + type: object + nullable: true + type: array + display: + nullable: true + properties: + error: + type: boolean + message: + nullable: true + type: string + state: + nullable: true + type: string + transitioning: + type: boolean + type: object + lastRunScanProfileName: + nullable: true + type: string + lastRunTimestamp: + nullable: true + type: string + observedGeneration: + type: integer + summary: + nullable: true + properties: + fail: + type: integer + notApplicable: + type: integer + pass: + type: integer + skip: + type: integer + total: + type: integer + warn: + type: integer + type: object + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/templates/clusterscanbenchmark.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/templates/clusterscanbenchmark.yaml new file mode 100755 index 000000000..aa6fc2218 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/templates/clusterscanbenchmark.yaml @@ -0,0 +1,55 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscanbenchmarks.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.clusterProvider + name: ClusterProvider + type: string + - JSONPath: .spec.minKubernetesVersion + name: MinKubernetesVersion + type: string + - JSONPath: .spec.maxKubernetesVersion + name: MaxKubernetesVersion + type: string + - JSONPath: .spec.customBenchmarkConfigMapName + name: customBenchmarkConfigMapName + type: string + - JSONPath: .spec.customBenchmarkConfigMapNamespace + name: customBenchmarkConfigMapNamespace + type: string + group: cis.cattle.io + names: + kind: ClusterScanBenchmark + plural: clusterscanbenchmarks + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + clusterProvider: + nullable: true + type: string + customBenchmarkConfigMapName: + nullable: true + type: string + customBenchmarkConfigMapNamespace: + nullable: true + type: string + maxKubernetesVersion: + nullable: true + type: string + minKubernetesVersion: + nullable: true + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/templates/clusterscanprofile.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/templates/clusterscanprofile.yaml new file mode 100755 index 000000000..21bb68396 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/templates/clusterscanprofile.yaml @@ -0,0 +1,37 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscanprofiles.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.benchmarkVersion + name: BenchmarkVersion + type: string + group: cis.cattle.io + names: + kind: ClusterScanProfile + plural: clusterscanprofiles + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + benchmarkVersion: + nullable: true + type: string + skipTests: + items: + nullable: true + type: string + nullable: true + type: array + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/templates/clusterscanreport.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/templates/clusterscanreport.yaml new file mode 100755 index 000000000..017020a95 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400/templates/clusterscanreport.yaml @@ -0,0 +1,40 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscanreports.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.lastRunTimestamp + name: LastRunTimestamp + type: string + - JSONPath: .spec.benchmarkVersion + name: BenchmarkVersion + type: string + group: cis.cattle.io + names: + kind: ClusterScanReport + plural: clusterscanreports + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + benchmarkVersion: + nullable: true + type: string + lastRunTimestamp: + nullable: true + type: string + reportJSON: + nullable: true + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/Chart.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/Chart.yaml new file mode 100755 index 000000000..d20c8563b --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cis-operator-system + catalog.cattle.io/release-name: rancher-cis-benchmark-crd +apiVersion: v1 +description: Installs the CRDs for rancher-cis-benchmark. +name: rancher-cis-benchmark-crd +type: application +version: 1.0.402 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/README.md b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/README.md new file mode 100755 index 000000000..f6d9ef621 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/README.md @@ -0,0 +1,2 @@ +# rancher-cis-benchmark-crd +A Rancher chart that installs the CRDs used by rancher-cis-benchmark. diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/templates/clusterscan.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/templates/clusterscan.yaml new file mode 100755 index 000000000..beca6e1f8 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/templates/clusterscan.yaml @@ -0,0 +1,149 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscans.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .status.lastRunScanProfileName + name: ClusterScanProfile + type: string + - JSONPath: .status.summary.total + name: Total + type: string + - JSONPath: .status.summary.pass + name: Pass + type: string + - JSONPath: .status.summary.fail + name: Fail + type: string + - JSONPath: .status.summary.skip + name: Skip + type: string + - JSONPath: .status.summary.warn + name: Warn + type: string + - JSONPath: .status.summary.notApplicable + name: Not Applicable + type: string + - JSONPath: .status.lastRunTimestamp + name: LastRunTimestamp + type: string + - JSONPath: .spec.scheduledScanConfig.cronSchedule + name: CronSchedule + type: string + group: cis.cattle.io + names: + kind: ClusterScan + plural: clusterscans + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + scanProfileName: + nullable: true + type: string + scheduledScanConfig: + nullable: true + properties: + cronSchedule: + nullable: true + type: string + retentionCount: + type: integer + scanAlertRule: + nullable: true + properties: + alertOnComplete: + type: boolean + alertOnFailure: + type: boolean + type: object + type: object + scoreWarning: + enum: + - pass + - fail + nullable: true + type: string + type: object + status: + properties: + NextScanAt: + nullable: true + type: string + ScanAlertingRuleName: + nullable: true + type: string + conditions: + items: + properties: + lastTransitionTime: + nullable: true + type: string + lastUpdateTime: + nullable: true + type: string + message: + nullable: true + type: string + reason: + nullable: true + type: string + status: + nullable: true + type: string + type: + nullable: true + type: string + type: object + nullable: true + type: array + display: + nullable: true + properties: + error: + type: boolean + message: + nullable: true + type: string + state: + nullable: true + type: string + transitioning: + type: boolean + type: object + lastRunScanProfileName: + nullable: true + type: string + lastRunTimestamp: + nullable: true + type: string + observedGeneration: + type: integer + summary: + nullable: true + properties: + fail: + type: integer + notApplicable: + type: integer + pass: + type: integer + skip: + type: integer + total: + type: integer + warn: + type: integer + type: object + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/templates/clusterscanbenchmark.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/templates/clusterscanbenchmark.yaml new file mode 100755 index 000000000..aa6fc2218 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/templates/clusterscanbenchmark.yaml @@ -0,0 +1,55 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscanbenchmarks.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.clusterProvider + name: ClusterProvider + type: string + - JSONPath: .spec.minKubernetesVersion + name: MinKubernetesVersion + type: string + - JSONPath: .spec.maxKubernetesVersion + name: MaxKubernetesVersion + type: string + - JSONPath: .spec.customBenchmarkConfigMapName + name: customBenchmarkConfigMapName + type: string + - JSONPath: .spec.customBenchmarkConfigMapNamespace + name: customBenchmarkConfigMapNamespace + type: string + group: cis.cattle.io + names: + kind: ClusterScanBenchmark + plural: clusterscanbenchmarks + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + clusterProvider: + nullable: true + type: string + customBenchmarkConfigMapName: + nullable: true + type: string + customBenchmarkConfigMapNamespace: + nullable: true + type: string + maxKubernetesVersion: + nullable: true + type: string + minKubernetesVersion: + nullable: true + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/templates/clusterscanprofile.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/templates/clusterscanprofile.yaml new file mode 100755 index 000000000..21bb68396 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/templates/clusterscanprofile.yaml @@ -0,0 +1,37 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscanprofiles.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.benchmarkVersion + name: BenchmarkVersion + type: string + group: cis.cattle.io + names: + kind: ClusterScanProfile + plural: clusterscanprofiles + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + benchmarkVersion: + nullable: true + type: string + skipTests: + items: + nullable: true + type: string + nullable: true + type: array + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/templates/clusterscanreport.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/templates/clusterscanreport.yaml new file mode 100755 index 000000000..017020a95 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.402/templates/clusterscanreport.yaml @@ -0,0 +1,40 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterscanreports.cis.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.lastRunTimestamp + name: LastRunTimestamp + type: string + - JSONPath: .spec.benchmarkVersion + name: BenchmarkVersion + type: string + group: cis.cattle.io + names: + kind: ClusterScanReport + plural: clusterscanreports + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + benchmarkVersion: + nullable: true + type: string + lastRunTimestamp: + nullable: true + type: string + reportJSON: + nullable: true + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/Chart.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/Chart.yaml new file mode 100644 index 000000000..7ba2c55be --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/Chart.yaml @@ -0,0 +1,17 @@ +annotations: + catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/namespace: cis-operator-system + catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 + catalog.cattle.io/release-name: rancher-cis-benchmark + catalog.cattle.io/ui-component: rancher-cis-benchmark + catalog.cattle.io/os: linux +apiVersion: v1 +appVersion: v1.0.1 +description: The cis-operator enables running CIS benchmark security scans on a kubernetes + cluster +icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg +keywords: +- security +name: rancher-cis-benchmark +version: 1.0.100 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/README.md b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/README.md new file mode 100644 index 000000000..50beab58b --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/README.md @@ -0,0 +1,9 @@ +# Rancher CIS Benchmark Chart + +The cis-operator enables running CIS benchmark security scans on a kubernetes cluster and generate compliance reports that can be downloaded. + +# Installation + +``` +helm install rancher-cis-benchmark ./ --create-namespace -n cis-operator-system +``` diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/_helpers.tpl b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/_helpers.tpl new file mode 100644 index 000000000..67f4ce116 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/_helpers.tpl @@ -0,0 +1,23 @@ +{{/* Ensure namespace is set the same everywhere */}} +{{- define "cis.namespace" -}} + {{- .Release.Namespace | default "cis-operator-system" -}} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux_node_tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/benchmark-cis-1.5.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/benchmark-cis-1.5.yaml new file mode 100644 index 000000000..39e8b834a --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/benchmark-cis-1.5.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: cis-1.5 +spec: + clusterProvider: "" + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/benchmark-eks-1.0.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/benchmark-eks-1.0.yaml new file mode 100644 index 000000000..bd2e32cd3 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/benchmark-eks-1.0.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: eks-1.0 +spec: + clusterProvider: eks + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/benchmark-gke-1.0.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/benchmark-gke-1.0.yaml new file mode 100644 index 000000000..72122e8c5 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/benchmark-gke-1.0.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: gke-1.0 +spec: + clusterProvider: gke + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/benchmark-rke-cis-1.5-hardened.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/benchmark-rke-cis-1.5-hardened.yaml new file mode 100644 index 000000000..b5627f966 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/benchmark-rke-cis-1.5-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.5-hardened +spec: + clusterProvider: rke + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/benchmark-rke-cis-1.5-permissive.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/benchmark-rke-cis-1.5-permissive.yaml new file mode 100644 index 000000000..95f80c0f0 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/benchmark-rke-cis-1.5-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.5-permissive +spec: + clusterProvider: rke + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/cis-roles.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/cis-roles.yaml new file mode 100644 index 000000000..08af2b185 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/cis-roles.yaml @@ -0,0 +1,51 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + name: cis-admin + namespace: {{ template "cis.namespace" . }} +rules: + - apiGroups: + - cis.cattle.io + resources: + - clusterscanbenchmarks + - clusterscanprofiles + - clusterscans + - clusterscanreports + verbs: ["create", "update", "delete", "patch","get", "watch", "list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + namespace: {{ template "cis.namespace" . }} + name: cis-edit +rules: + - apiGroups: + - cis.cattle.io + resources: + - clusterscanbenchmarks + - clusterscanprofiles + - clusterscans + - clusterscanreports + verbs: ["create", "update", "delete", "patch","get", "watch", "list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + namespace: {{ template "cis.namespace" . }} + name: cis-view +rules: + - apiGroups: + - cis.cattle.io + resources: + - clusterscanbenchmarks + - clusterscanprofiles + - clusterscans + - clusterscanreports + verbs: ["get", "watch", "list"] \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/configmap.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/configmap.yaml new file mode 100644 index 000000000..7f14b1396 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/configmap.yaml @@ -0,0 +1,11 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: default-clusterscanprofiles + namespace: {{ template "cis.namespace" . }} +data: + # Default ClusterScanProfiles per cluster provider type + rke: "rke-profile-permissive" + eks: "eks-profile" + gke: "gke-profile" + default: "cis-1.5-profile" \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/deployment.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/deployment.yaml new file mode 100644 index 000000000..1f64ea5db --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/deployment.yaml @@ -0,0 +1,46 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cis-operator + namespace: {{ template "cis.namespace" . }} + labels: + cis.cattle.io/operator: cis-operator +spec: + selector: + matchLabels: + cis.cattle.io/operator: cis-operator + template: + metadata: + labels: + cis.cattle.io/operator: cis-operator + spec: + serviceAccountName: cis-operator-serviceaccount + containers: + - name: cis-operator + image: '{{ template "system_default_registry" . }}{{ .Values.image.cisoperator.repository }}:{{ .Values.image.cisoperator.tag }}' + imagePullPolicy: Always + env: + - name: SECURITY_SCAN_IMAGE + value: {{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }} + - name: SECURITY_SCAN_IMAGE_TAG + value: {{ .Values.image.securityScan.tag }} + - name: SONOBUOY_IMAGE + value: {{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }} + - name: SONOBUOY_IMAGE_TAG + value: {{ .Values.image.sonobuoy.tag }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + nodeSelector: + kubernetes.io/os: linux + {{- with .Values.nodeSelector }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + tolerations: + {{- include "linux_node_tolerations" . | nindent 8}} + {{- with .Values.tolerations }} + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/network_policy_allow_all.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/network_policy_allow_all.yaml new file mode 100644 index 000000000..6ed5d645e --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/network_policy_allow_all.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: default-allow-all + namespace: {{ template "cis.namespace" . }} +spec: + podSelector: {} + ingress: + - {} + egress: + - {} + policyTypes: + - Ingress + - Egress diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/patch_default_serviceaccount.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/patch_default_serviceaccount.yaml new file mode 100644 index 000000000..1efa3ed1c --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/patch_default_serviceaccount.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: patch-sa + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation +spec: + template: + spec: + serviceAccountName: cis-operator-serviceaccount + restartPolicy: Never + containers: + - name: sa + image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"] + args: ["-n", {{ template "cis.namespace" . }}] + backoffLimit: 1 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/rbac.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/rbac.yaml new file mode 100644 index 000000000..816991f23 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/rbac.yaml @@ -0,0 +1,43 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-operator-role +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-operator-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cis-operator-role +subjects: +- kind: ServiceAccount + name: cis-serviceaccount + namespace: {{ template "cis.namespace" . }} +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: cis-operator-installer +subjects: +- kind: ServiceAccount + name: cis-operator-serviceaccount + namespace: {{ template "cis.namespace" . }} +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/scanprofile-cis-1.5.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/scanprofile-cis-1.5.yml new file mode 100644 index 000000000..d69ae9dd5 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/scanprofile-cis-1.5.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: cis-1.5-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: cis-1.5 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/scanprofile-rke-hardened.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/scanprofile-rke-hardened.yml new file mode 100644 index 000000000..2a9819389 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/scanprofile-rke-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-hardened + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.5-hardened \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/scanprofile-rke-permissive.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/scanprofile-rke-permissive.yml new file mode 100644 index 000000000..01266cf06 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/scanprofile-rke-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-permissive + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.5-permissive diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/scanprofileeks.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/scanprofileeks.yml new file mode 100644 index 000000000..49c7e0246 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/scanprofileeks.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: eks-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: eks-1.0 \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/scanprofilegke.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/scanprofilegke.yml new file mode 100644 index 000000000..2ddd0686f --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/scanprofilegke.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: gke-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: gke-1.0 \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/serviceaccount.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/serviceaccount.yaml new file mode 100644 index 000000000..ec48ec622 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/serviceaccount.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{ template "cis.namespace" . }} + name: cis-operator-serviceaccount +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{ template "cis.namespace" . }} + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-serviceaccount diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/validate-install-crd.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/validate-install-crd.yaml new file mode 100644 index 000000000..bf516759a --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/templates/validate-install-crd.yaml @@ -0,0 +1,17 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "cis.cattle.io/v1/ClusterScan" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanBenchmark" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanProfile" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanReport" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the rancher-cis-benchmark-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/values.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/values.yaml new file mode 100644 index 000000000..c726c9bc4 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.100/values.yaml @@ -0,0 +1,39 @@ +# Default values for rancher-cis-benchmark. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +image: + cisoperator: + repository: rancher/cis-operator + tag: v1.0.1 + securityScan: + repository: rancher/security-scan + tag: v0.2.1 + sonobuoy: + repository: rancher/sonobuoy-sonobuoy + tag: v0.16.3 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +global: + cattle: + systemDefaultRegistry: "" + kubectl: + repository: rancher/kubectl + tag: v1.18.6 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/Chart.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/Chart.yaml new file mode 100644 index 000000000..f07e91e78 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/Chart.yaml @@ -0,0 +1,18 @@ +annotations: + catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: CIS Benchmark + catalog.cattle.io/namespace: cis-operator-system + catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 + catalog.cattle.io/release-name: rancher-cis-benchmark + catalog.cattle.io/ui-component: rancher-cis-benchmark + catalog.cattle.io/os: linux +apiVersion: v1 +appVersion: v1.0.2 +description: The cis-operator enables running CIS benchmark security scans on a kubernetes + cluster +icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg +keywords: +- security +name: rancher-cis-benchmark +version: 1.0.200 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/README.md b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/README.md new file mode 100644 index 000000000..50beab58b --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/README.md @@ -0,0 +1,9 @@ +# Rancher CIS Benchmark Chart + +The cis-operator enables running CIS benchmark security scans on a kubernetes cluster and generate compliance reports that can be downloaded. + +# Installation + +``` +helm install rancher-cis-benchmark ./ --create-namespace -n cis-operator-system +``` diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/app-readme.md b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/app-readme.md new file mode 100644 index 000000000..f170ba263 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/app-readme.md @@ -0,0 +1,12 @@ +# Rancher CIS Benchmarks + +This chart enables security scanning of the cluster using [CIS (Center for Internet Security) benchmarks](https://www.cisecurity.org/benchmark/kubernetes/). + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/cis-scans/v2.5/). + +This chart installs the following components: + +- [cis-operator](https://github.com/rancher/cis-operator) - The cis-operator handles launching the [kube-bench](https://github.com/aquasecurity/kube-bench) tool that runs a suite of CIS tests on the nodes of your Kubernetes cluster. After scans finish, the cis-operator generates a compliance report that can be downloaded. +- Scans - A scan is a CRD (`ClusterScan`) that defines when to trigger CIS scans on the cluster based on the defined profile. A report is created after the scan is completed. +- Profiles - A profile is a CRD (`ClusterScanProfile`) that defines the configuration for the CIS scan, which is the benchmark versions to use and any specific tests to skip in that benchmark. This chart installs a few default `ClusterScanProfile` custom resources with no skipped tests, which can immediately be used to launch CIS scans. +- Benchmark Versions - A benchmark version is a CRD (`ClusterScanBenchmark`) that defines the CIS benchmark version to run using kube-bench as well as the valid configuration parameters for that benchmark. This chart installs a few default `ClusterScanBenchmark` custom resources. diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/_helpers.tpl b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/_helpers.tpl new file mode 100644 index 000000000..67f4ce116 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/_helpers.tpl @@ -0,0 +1,23 @@ +{{/* Ensure namespace is set the same everywhere */}} +{{- define "cis.namespace" -}} + {{- .Release.Namespace | default "cis-operator-system" -}} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux_node_tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/benchmark-cis-1.5.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/benchmark-cis-1.5.yaml new file mode 100644 index 000000000..39e8b834a --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/benchmark-cis-1.5.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: cis-1.5 +spec: + clusterProvider: "" + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/benchmark-eks-1.0.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/benchmark-eks-1.0.yaml new file mode 100644 index 000000000..bd2e32cd3 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/benchmark-eks-1.0.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: eks-1.0 +spec: + clusterProvider: eks + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/benchmark-gke-1.0.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/benchmark-gke-1.0.yaml new file mode 100644 index 000000000..72122e8c5 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/benchmark-gke-1.0.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: gke-1.0 +spec: + clusterProvider: gke + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/benchmark-rke-cis-1.5-hardened.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/benchmark-rke-cis-1.5-hardened.yaml new file mode 100644 index 000000000..b5627f966 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/benchmark-rke-cis-1.5-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.5-hardened +spec: + clusterProvider: rke + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/benchmark-rke-cis-1.5-permissive.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/benchmark-rke-cis-1.5-permissive.yaml new file mode 100644 index 000000000..95f80c0f0 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/benchmark-rke-cis-1.5-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.5-permissive +spec: + clusterProvider: rke + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/cis-roles.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/cis-roles.yaml new file mode 100644 index 000000000..b8b3989dc --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/cis-roles.yaml @@ -0,0 +1,28 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cis-admin +rules: + - apiGroups: + - cis.cattle.io + resources: + - clusterscanbenchmarks + - clusterscanprofiles + - clusterscans + - clusterscanreports + verbs: ["create", "update", "delete", "patch","get", "watch", "list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cis-view +rules: + - apiGroups: + - cis.cattle.io + resources: + - clusterscanbenchmarks + - clusterscanprofiles + - clusterscans + - clusterscanreports + verbs: ["get", "watch", "list"] \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/configmap.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/configmap.yaml new file mode 100644 index 000000000..7f14b1396 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/configmap.yaml @@ -0,0 +1,11 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: default-clusterscanprofiles + namespace: {{ template "cis.namespace" . }} +data: + # Default ClusterScanProfiles per cluster provider type + rke: "rke-profile-permissive" + eks: "eks-profile" + gke: "gke-profile" + default: "cis-1.5-profile" \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/deployment.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/deployment.yaml new file mode 100644 index 000000000..1f64ea5db --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/deployment.yaml @@ -0,0 +1,46 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cis-operator + namespace: {{ template "cis.namespace" . }} + labels: + cis.cattle.io/operator: cis-operator +spec: + selector: + matchLabels: + cis.cattle.io/operator: cis-operator + template: + metadata: + labels: + cis.cattle.io/operator: cis-operator + spec: + serviceAccountName: cis-operator-serviceaccount + containers: + - name: cis-operator + image: '{{ template "system_default_registry" . }}{{ .Values.image.cisoperator.repository }}:{{ .Values.image.cisoperator.tag }}' + imagePullPolicy: Always + env: + - name: SECURITY_SCAN_IMAGE + value: {{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }} + - name: SECURITY_SCAN_IMAGE_TAG + value: {{ .Values.image.securityScan.tag }} + - name: SONOBUOY_IMAGE + value: {{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }} + - name: SONOBUOY_IMAGE_TAG + value: {{ .Values.image.sonobuoy.tag }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + nodeSelector: + kubernetes.io/os: linux + {{- with .Values.nodeSelector }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + tolerations: + {{- include "linux_node_tolerations" . | nindent 8}} + {{- with .Values.tolerations }} + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/network_policy_allow_all.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/network_policy_allow_all.yaml new file mode 100644 index 000000000..6ed5d645e --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/network_policy_allow_all.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: default-allow-all + namespace: {{ template "cis.namespace" . }} +spec: + podSelector: {} + ingress: + - {} + egress: + - {} + policyTypes: + - Ingress + - Egress diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/patch_default_serviceaccount.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/patch_default_serviceaccount.yaml new file mode 100644 index 000000000..1efa3ed1c --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/patch_default_serviceaccount.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: patch-sa + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation +spec: + template: + spec: + serviceAccountName: cis-operator-serviceaccount + restartPolicy: Never + containers: + - name: sa + image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"] + args: ["-n", {{ template "cis.namespace" . }}] + backoffLimit: 1 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/rbac.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/rbac.yaml new file mode 100644 index 000000000..816991f23 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/rbac.yaml @@ -0,0 +1,43 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-operator-role +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-operator-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cis-operator-role +subjects: +- kind: ServiceAccount + name: cis-serviceaccount + namespace: {{ template "cis.namespace" . }} +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: cis-operator-installer +subjects: +- kind: ServiceAccount + name: cis-operator-serviceaccount + namespace: {{ template "cis.namespace" . }} +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/scanprofile-cis-1.5.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/scanprofile-cis-1.5.yml new file mode 100644 index 000000000..d69ae9dd5 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/scanprofile-cis-1.5.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: cis-1.5-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: cis-1.5 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/scanprofile-rke-hardened.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/scanprofile-rke-hardened.yml new file mode 100644 index 000000000..2a9819389 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/scanprofile-rke-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-hardened + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.5-hardened \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/scanprofile-rke-permissive.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/scanprofile-rke-permissive.yml new file mode 100644 index 000000000..01266cf06 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/scanprofile-rke-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-permissive + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.5-permissive diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/scanprofileeks.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/scanprofileeks.yml new file mode 100644 index 000000000..49c7e0246 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/scanprofileeks.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: eks-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: eks-1.0 \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/scanprofilegke.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/scanprofilegke.yml new file mode 100644 index 000000000..2ddd0686f --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/scanprofilegke.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: gke-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: gke-1.0 \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/serviceaccount.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/serviceaccount.yaml new file mode 100644 index 000000000..ec48ec622 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/serviceaccount.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{ template "cis.namespace" . }} + name: cis-operator-serviceaccount +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{ template "cis.namespace" . }} + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-serviceaccount diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/validate-install-crd.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/validate-install-crd.yaml new file mode 100644 index 000000000..bf516759a --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/templates/validate-install-crd.yaml @@ -0,0 +1,17 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "cis.cattle.io/v1/ClusterScan" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanBenchmark" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanProfile" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanReport" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the rancher-cis-benchmark-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/values.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/values.yaml new file mode 100644 index 000000000..c726c9bc4 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.200/values.yaml @@ -0,0 +1,39 @@ +# Default values for rancher-cis-benchmark. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +image: + cisoperator: + repository: rancher/cis-operator + tag: v1.0.1 + securityScan: + repository: rancher/security-scan + tag: v0.2.1 + sonobuoy: + repository: rancher/sonobuoy-sonobuoy + tag: v0.16.3 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +global: + cattle: + systemDefaultRegistry: "" + kubectl: + repository: rancher/kubectl + tag: v1.18.6 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/Chart.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/Chart.yaml new file mode 100644 index 000000000..a55691657 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/Chart.yaml @@ -0,0 +1,18 @@ +annotations: + catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: CIS Benchmark + catalog.cattle.io/namespace: cis-operator-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 + catalog.cattle.io/release-name: rancher-cis-benchmark + catalog.cattle.io/ui-component: rancher-cis-benchmark +apiVersion: v1 +appVersion: v1.0.3 +description: The cis-operator enables running CIS benchmark security scans on a kubernetes + cluster +icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg +keywords: +- security +name: rancher-cis-benchmark +version: 1.0.300 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/README.md b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/README.md new file mode 100644 index 000000000..50beab58b --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/README.md @@ -0,0 +1,9 @@ +# Rancher CIS Benchmark Chart + +The cis-operator enables running CIS benchmark security scans on a kubernetes cluster and generate compliance reports that can be downloaded. + +# Installation + +``` +helm install rancher-cis-benchmark ./ --create-namespace -n cis-operator-system +``` diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/app-readme.md b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/app-readme.md new file mode 100644 index 000000000..5e495d605 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/app-readme.md @@ -0,0 +1,15 @@ +# Rancher CIS Benchmarks + +This chart enables security scanning of the cluster using [CIS (Center for Internet Security) benchmarks](https://www.cisecurity.org/benchmark/kubernetes/). + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/cis-scans/v2.5/). + +This chart installs the following components: + +- [cis-operator](https://github.com/rancher/cis-operator) - The cis-operator handles launching the [kube-bench](https://github.com/aquasecurity/kube-bench) tool that runs a suite of CIS tests on the nodes of your Kubernetes cluster. After scans finish, the cis-operator generates a compliance report that can be downloaded. +- Scans - A scan is a CRD (`ClusterScan`) that defines when to trigger CIS scans on the cluster based on the defined profile. A report is created after the scan is completed. +- Profiles - A profile is a CRD (`ClusterScanProfile`) that defines the configuration for the CIS scan, which is the benchmark versions to use and any specific tests to skip in that benchmark. This chart installs a few default `ClusterScanProfile` custom resources with no skipped tests, which can immediately be used to launch CIS scans. +- Benchmark Versions - A benchmark version is a CRD (`ClusterScanBenchmark`) that defines the CIS benchmark version to run using kube-bench as well as the valid configuration parameters for that benchmark. This chart installs a few default `ClusterScanBenchmark` custom resources. +- Alerting Resources - Rancher's CIS Benchmark application lets you run a cluster scan on a schedule, and send alerts when scans finish. + - If you want to enable alerts to be delivered when a cluster scan completes, you need to ensure that [Rancher's Monitoring and Alerting](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/) application is pre-installed and the [Receivers and Routes](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/configuration/#alertmanager-config) are configured to send out alerts. + - Additionally, you need to set `alerts: true` in the Values YAML while installing or upgrading this chart. diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/_helpers.tpl b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/_helpers.tpl new file mode 100644 index 000000000..67f4ce116 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/_helpers.tpl @@ -0,0 +1,23 @@ +{{/* Ensure namespace is set the same everywhere */}} +{{- define "cis.namespace" -}} + {{- .Release.Namespace | default "cis-operator-system" -}} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux_node_tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/alertingrule.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/alertingrule.yaml new file mode 100644 index 000000000..1787c88a0 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/alertingrule.yaml @@ -0,0 +1,14 @@ +{{- if .Values.alerts.enabled -}} +--- +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: rancher-cis-pod-monitor + namespace: {{ template "cis.namespace" . }} +spec: + selector: + matchLabels: + cis.cattle.io/operator: cis-operator + podMetricsEndpoints: + - port: cismetrics +{{- end }} diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-cis-1.5.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-cis-1.5.yaml new file mode 100644 index 000000000..39e8b834a --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-cis-1.5.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: cis-1.5 +spec: + clusterProvider: "" + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-cis-1.6.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-cis-1.6.yaml new file mode 100644 index 000000000..93ba064f4 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-cis-1.6.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: cis-1.6 +spec: + clusterProvider: "" + minKubernetesVersion: "1.16.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-eks-1.0.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-eks-1.0.yaml new file mode 100644 index 000000000..bd2e32cd3 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-eks-1.0.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: eks-1.0 +spec: + clusterProvider: eks + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-gke-1.0.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-gke-1.0.yaml new file mode 100644 index 000000000..72122e8c5 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-gke-1.0.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: gke-1.0 +spec: + clusterProvider: gke + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke-cis-1.5-hardened.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke-cis-1.5-hardened.yaml new file mode 100644 index 000000000..b5627f966 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke-cis-1.5-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.5-hardened +spec: + clusterProvider: rke + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke-cis-1.5-permissive.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke-cis-1.5-permissive.yaml new file mode 100644 index 000000000..95f80c0f0 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke-cis-1.5-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.5-permissive +spec: + clusterProvider: rke + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke-cis-1.6-hardened.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke-cis-1.6-hardened.yaml new file mode 100644 index 000000000..d75de8154 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke-cis-1.6-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.6-hardened +spec: + clusterProvider: rke + minKubernetesVersion: "1.16.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke-cis-1.6-permissive.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke-cis-1.6-permissive.yaml new file mode 100644 index 000000000..52428f4a7 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke-cis-1.6-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.6-permissive +spec: + clusterProvider: rke + minKubernetesVersion: "1.16.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke2-cis-1.5-hardened.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke2-cis-1.5-hardened.yaml new file mode 100644 index 000000000..3d83e9bd8 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke2-cis-1.5-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.5-hardened +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.18.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke2-cis-1.5-permissive.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke2-cis-1.5-permissive.yaml new file mode 100644 index 000000000..f66aa8f6e --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/benchmark-rke2-cis-1.5-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.5-permissive +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.18.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/cis-roles.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/cis-roles.yaml new file mode 100644 index 000000000..23c93dc65 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/cis-roles.yaml @@ -0,0 +1,49 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cis-admin +rules: + - apiGroups: + - cis.cattle.io + resources: + - clusterscanbenchmarks + - clusterscanprofiles + - clusterscans + - clusterscanreports + verbs: ["create", "update", "delete", "patch","get", "watch", "list"] + - apiGroups: + - catalog.cattle.io + resources: ["apps"] + resourceNames: ["rancher-cis-benchmark"] + verbs: ["get", "watch", "list"] + - apiGroups: + - "" + resources: + - configmaps + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cis-view +rules: + - apiGroups: + - cis.cattle.io + resources: + - clusterscanbenchmarks + - clusterscanprofiles + - clusterscans + - clusterscanreports + verbs: ["get", "watch", "list"] + - apiGroups: + - catalog.cattle.io + resources: ["apps"] + resourceNames: ["rancher-cis-benchmark"] + verbs: ["get", "watch", "list"] + - apiGroups: + - "" + resources: + - configmaps + verbs: ["get", "watch", "list"] diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/configmap.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/configmap.yaml new file mode 100644 index 000000000..16e43f576 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/configmap.yaml @@ -0,0 +1,14 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: default-clusterscanprofiles + namespace: {{ template "cis.namespace" . }} +data: + # Default ClusterScanProfiles per cluster provider type + rke: |- + <1.16.0: rke-profile-permissive-1.5 + >=1.16.0: rke-profile-permissive-1.6 + rke2: "rke2-cis-1.5-profile-permissive" + eks: "eks-profile" + gke: "gke-profile" + default: "cis-1.6-profile" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/deployment.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/deployment.yaml new file mode 100644 index 000000000..0d3c75e39 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/deployment.yaml @@ -0,0 +1,57 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cis-operator + namespace: {{ template "cis.namespace" . }} + labels: + cis.cattle.io/operator: cis-operator +spec: + selector: + matchLabels: + cis.cattle.io/operator: cis-operator + template: + metadata: + labels: + cis.cattle.io/operator: cis-operator + spec: + serviceAccountName: cis-operator-serviceaccount + containers: + - name: cis-operator + image: '{{ template "system_default_registry" . }}{{ .Values.image.cisoperator.repository }}:{{ .Values.image.cisoperator.tag }}' + imagePullPolicy: Always + ports: + - name: cismetrics + containerPort: {{ .Values.alerts.metricsPort }} + env: + - name: SECURITY_SCAN_IMAGE + value: {{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }} + - name: SECURITY_SCAN_IMAGE_TAG + value: {{ .Values.image.securityScan.tag }} + - name: SONOBUOY_IMAGE + value: {{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }} + - name: SONOBUOY_IMAGE_TAG + value: {{ .Values.image.sonobuoy.tag }} + - name: CIS_ALERTS_METRICS_PORT + value: '{{ .Values.alerts.metricsPort }}' + - name: CIS_ALERTS_SEVERITY + value: {{ .Values.alerts.severity }} + - name: CIS_ALERTS_ENABLED + value: {{ .Values.alerts.enabled | default "false" | quote }} + - name: CLUSTER_NAME + value: {{ .Values.global.cattle.clusterName }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + nodeSelector: + kubernetes.io/os: linux + {{- with .Values.nodeSelector }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + tolerations: + {{- include "linux_node_tolerations" . | nindent 8}} + {{- with .Values.tolerations }} + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/network_policy_allow_all.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/network_policy_allow_all.yaml new file mode 100644 index 000000000..6ed5d645e --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/network_policy_allow_all.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: default-allow-all + namespace: {{ template "cis.namespace" . }} +spec: + podSelector: {} + ingress: + - {} + egress: + - {} + policyTypes: + - Ingress + - Egress diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/patch_default_serviceaccount.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/patch_default_serviceaccount.yaml new file mode 100644 index 000000000..1efa3ed1c --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/patch_default_serviceaccount.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: patch-sa + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation +spec: + template: + spec: + serviceAccountName: cis-operator-serviceaccount + restartPolicy: Never + containers: + - name: sa + image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"] + args: ["-n", {{ template "cis.namespace" . }}] + backoffLimit: 1 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/rbac.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/rbac.yaml new file mode 100644 index 000000000..816991f23 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/rbac.yaml @@ -0,0 +1,43 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-operator-role +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-operator-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cis-operator-role +subjects: +- kind: ServiceAccount + name: cis-serviceaccount + namespace: {{ template "cis.namespace" . }} +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: cis-operator-installer +subjects: +- kind: ServiceAccount + name: cis-operator-serviceaccount + namespace: {{ template "cis.namespace" . }} +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-cis-1.5.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-cis-1.5.yml new file mode 100644 index 000000000..d69ae9dd5 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-cis-1.5.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: cis-1.5-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: cis-1.5 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-cis-1.6.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-cis-1.6.yaml new file mode 100644 index 000000000..8a8d8bf88 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-cis-1.6.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: cis-1.6-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: cis-1.6 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke-1.5-hardened.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke-1.5-hardened.yml new file mode 100644 index 000000000..4eabe158a --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke-1.5-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-hardened-1.5 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.5-hardened \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke-1.5-permissive.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke-1.5-permissive.yml new file mode 100644 index 000000000..1f78751d1 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke-1.5-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-permissive-1.5 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.5-permissive diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke-1.6-hardened.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke-1.6-hardened.yaml new file mode 100644 index 000000000..d38febd80 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke-1.6-hardened.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-hardened-1.6 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.6-hardened diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke-1.6-permissive.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke-1.6-permissive.yaml new file mode 100644 index 000000000..d31b5b0d2 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke-1.6-permissive.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-permissive-1.6 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.6-permissive diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke2-cis-1.5-hardened.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke2-cis-1.5-hardened.yml new file mode 100644 index 000000000..83eb3131e --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke2-cis-1.5-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke2-cis-1.5-profile-hardened + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke2-cis-1.5-hardened diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke2-cis-1.5-permissive.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke2-cis-1.5-permissive.yml new file mode 100644 index 000000000..40dc44bdf --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofile-rke2-cis-1.5-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke2-cis-1.5-profile-permissive + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke2-cis-1.5-permissive diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofileeks.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofileeks.yml new file mode 100644 index 000000000..49c7e0246 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofileeks.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: eks-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: eks-1.0 \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofilegke.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofilegke.yml new file mode 100644 index 000000000..2ddd0686f --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/scanprofilegke.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: gke-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: gke-1.0 \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/serviceaccount.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/serviceaccount.yaml new file mode 100644 index 000000000..ec48ec622 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/serviceaccount.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{ template "cis.namespace" . }} + name: cis-operator-serviceaccount +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{ template "cis.namespace" . }} + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-serviceaccount diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/validate-install-crd.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/validate-install-crd.yaml new file mode 100644 index 000000000..bf516759a --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/templates/validate-install-crd.yaml @@ -0,0 +1,17 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "cis.cattle.io/v1/ClusterScan" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanBenchmark" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanProfile" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanReport" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the rancher-cis-benchmark-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/values.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/values.yaml new file mode 100644 index 000000000..b75a7b6fc --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.300/values.yaml @@ -0,0 +1,45 @@ +# Default values for rancher-cis-benchmark. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +image: + cisoperator: + repository: rancher/cis-operator + tag: v1.0.3 + securityScan: + repository: rancher/security-scan + tag: v0.2.2 + sonobuoy: + repository: rancher/sonobuoy-sonobuoy + tag: v0.16.3 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +global: + cattle: + systemDefaultRegistry: "" + clusterName: "" + kubectl: + repository: rancher/kubectl + tag: v1.18.6 + +alerts: + enabled: false + severity: warning + metricsPort: 8080 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/Chart.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/Chart.yaml new file mode 100755 index 000000000..876903b86 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/Chart.yaml @@ -0,0 +1,18 @@ +annotations: + catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: CIS Benchmark + catalog.cattle.io/namespace: cis-operator-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 + catalog.cattle.io/release-name: rancher-cis-benchmark + catalog.cattle.io/ui-component: rancher-cis-benchmark +apiVersion: v1 +appVersion: v1.0.3 +description: The cis-operator enables running CIS benchmark security scans on a kubernetes + cluster +icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg +keywords: +- security +name: rancher-cis-benchmark +version: 1.0.301 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/README.md b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/README.md new file mode 100755 index 000000000..50beab58b --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/README.md @@ -0,0 +1,9 @@ +# Rancher CIS Benchmark Chart + +The cis-operator enables running CIS benchmark security scans on a kubernetes cluster and generate compliance reports that can be downloaded. + +# Installation + +``` +helm install rancher-cis-benchmark ./ --create-namespace -n cis-operator-system +``` diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/app-readme.md b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/app-readme.md new file mode 100755 index 000000000..5e495d605 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/app-readme.md @@ -0,0 +1,15 @@ +# Rancher CIS Benchmarks + +This chart enables security scanning of the cluster using [CIS (Center for Internet Security) benchmarks](https://www.cisecurity.org/benchmark/kubernetes/). + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/cis-scans/v2.5/). + +This chart installs the following components: + +- [cis-operator](https://github.com/rancher/cis-operator) - The cis-operator handles launching the [kube-bench](https://github.com/aquasecurity/kube-bench) tool that runs a suite of CIS tests on the nodes of your Kubernetes cluster. After scans finish, the cis-operator generates a compliance report that can be downloaded. +- Scans - A scan is a CRD (`ClusterScan`) that defines when to trigger CIS scans on the cluster based on the defined profile. A report is created after the scan is completed. +- Profiles - A profile is a CRD (`ClusterScanProfile`) that defines the configuration for the CIS scan, which is the benchmark versions to use and any specific tests to skip in that benchmark. This chart installs a few default `ClusterScanProfile` custom resources with no skipped tests, which can immediately be used to launch CIS scans. +- Benchmark Versions - A benchmark version is a CRD (`ClusterScanBenchmark`) that defines the CIS benchmark version to run using kube-bench as well as the valid configuration parameters for that benchmark. This chart installs a few default `ClusterScanBenchmark` custom resources. +- Alerting Resources - Rancher's CIS Benchmark application lets you run a cluster scan on a schedule, and send alerts when scans finish. + - If you want to enable alerts to be delivered when a cluster scan completes, you need to ensure that [Rancher's Monitoring and Alerting](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/) application is pre-installed and the [Receivers and Routes](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/configuration/#alertmanager-config) are configured to send out alerts. + - Additionally, you need to set `alerts: true` in the Values YAML while installing or upgrading this chart. diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/_helpers.tpl b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/_helpers.tpl new file mode 100755 index 000000000..67f4ce116 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/_helpers.tpl @@ -0,0 +1,23 @@ +{{/* Ensure namespace is set the same everywhere */}} +{{- define "cis.namespace" -}} + {{- .Release.Namespace | default "cis-operator-system" -}} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux_node_tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/alertingrule.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/alertingrule.yaml new file mode 100755 index 000000000..1787c88a0 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/alertingrule.yaml @@ -0,0 +1,14 @@ +{{- if .Values.alerts.enabled -}} +--- +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: rancher-cis-pod-monitor + namespace: {{ template "cis.namespace" . }} +spec: + selector: + matchLabels: + cis.cattle.io/operator: cis-operator + podMetricsEndpoints: + - port: cismetrics +{{- end }} diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-cis-1.5.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-cis-1.5.yaml new file mode 100755 index 000000000..39e8b834a --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-cis-1.5.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: cis-1.5 +spec: + clusterProvider: "" + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-cis-1.6.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-cis-1.6.yaml new file mode 100755 index 000000000..93ba064f4 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-cis-1.6.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: cis-1.6 +spec: + clusterProvider: "" + minKubernetesVersion: "1.16.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-eks-1.0.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-eks-1.0.yaml new file mode 100755 index 000000000..bd2e32cd3 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-eks-1.0.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: eks-1.0 +spec: + clusterProvider: eks + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-gke-1.0.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-gke-1.0.yaml new file mode 100755 index 000000000..72122e8c5 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-gke-1.0.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: gke-1.0 +spec: + clusterProvider: gke + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke-cis-1.5-hardened.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke-cis-1.5-hardened.yaml new file mode 100755 index 000000000..b5627f966 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke-cis-1.5-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.5-hardened +spec: + clusterProvider: rke + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke-cis-1.5-permissive.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke-cis-1.5-permissive.yaml new file mode 100755 index 000000000..95f80c0f0 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke-cis-1.5-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.5-permissive +spec: + clusterProvider: rke + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke-cis-1.6-hardened.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke-cis-1.6-hardened.yaml new file mode 100755 index 000000000..d75de8154 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke-cis-1.6-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.6-hardened +spec: + clusterProvider: rke + minKubernetesVersion: "1.16.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke-cis-1.6-permissive.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke-cis-1.6-permissive.yaml new file mode 100755 index 000000000..52428f4a7 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke-cis-1.6-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.6-permissive +spec: + clusterProvider: rke + minKubernetesVersion: "1.16.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke2-cis-1.5-hardened.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke2-cis-1.5-hardened.yaml new file mode 100755 index 000000000..3d83e9bd8 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke2-cis-1.5-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.5-hardened +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.18.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke2-cis-1.5-permissive.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke2-cis-1.5-permissive.yaml new file mode 100755 index 000000000..f66aa8f6e --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/benchmark-rke2-cis-1.5-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.5-permissive +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.18.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/cis-roles.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/cis-roles.yaml new file mode 100755 index 000000000..23c93dc65 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/cis-roles.yaml @@ -0,0 +1,49 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cis-admin +rules: + - apiGroups: + - cis.cattle.io + resources: + - clusterscanbenchmarks + - clusterscanprofiles + - clusterscans + - clusterscanreports + verbs: ["create", "update", "delete", "patch","get", "watch", "list"] + - apiGroups: + - catalog.cattle.io + resources: ["apps"] + resourceNames: ["rancher-cis-benchmark"] + verbs: ["get", "watch", "list"] + - apiGroups: + - "" + resources: + - configmaps + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cis-view +rules: + - apiGroups: + - cis.cattle.io + resources: + - clusterscanbenchmarks + - clusterscanprofiles + - clusterscans + - clusterscanreports + verbs: ["get", "watch", "list"] + - apiGroups: + - catalog.cattle.io + resources: ["apps"] + resourceNames: ["rancher-cis-benchmark"] + verbs: ["get", "watch", "list"] + - apiGroups: + - "" + resources: + - configmaps + verbs: ["get", "watch", "list"] diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/configmap.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/configmap.yaml new file mode 100755 index 000000000..16e43f576 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/configmap.yaml @@ -0,0 +1,14 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: default-clusterscanprofiles + namespace: {{ template "cis.namespace" . }} +data: + # Default ClusterScanProfiles per cluster provider type + rke: |- + <1.16.0: rke-profile-permissive-1.5 + >=1.16.0: rke-profile-permissive-1.6 + rke2: "rke2-cis-1.5-profile-permissive" + eks: "eks-profile" + gke: "gke-profile" + default: "cis-1.6-profile" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/deployment.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/deployment.yaml new file mode 100755 index 000000000..0d3c75e39 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/deployment.yaml @@ -0,0 +1,57 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cis-operator + namespace: {{ template "cis.namespace" . }} + labels: + cis.cattle.io/operator: cis-operator +spec: + selector: + matchLabels: + cis.cattle.io/operator: cis-operator + template: + metadata: + labels: + cis.cattle.io/operator: cis-operator + spec: + serviceAccountName: cis-operator-serviceaccount + containers: + - name: cis-operator + image: '{{ template "system_default_registry" . }}{{ .Values.image.cisoperator.repository }}:{{ .Values.image.cisoperator.tag }}' + imagePullPolicy: Always + ports: + - name: cismetrics + containerPort: {{ .Values.alerts.metricsPort }} + env: + - name: SECURITY_SCAN_IMAGE + value: {{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }} + - name: SECURITY_SCAN_IMAGE_TAG + value: {{ .Values.image.securityScan.tag }} + - name: SONOBUOY_IMAGE + value: {{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }} + - name: SONOBUOY_IMAGE_TAG + value: {{ .Values.image.sonobuoy.tag }} + - name: CIS_ALERTS_METRICS_PORT + value: '{{ .Values.alerts.metricsPort }}' + - name: CIS_ALERTS_SEVERITY + value: {{ .Values.alerts.severity }} + - name: CIS_ALERTS_ENABLED + value: {{ .Values.alerts.enabled | default "false" | quote }} + - name: CLUSTER_NAME + value: {{ .Values.global.cattle.clusterName }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + nodeSelector: + kubernetes.io/os: linux + {{- with .Values.nodeSelector }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + tolerations: + {{- include "linux_node_tolerations" . | nindent 8}} + {{- with .Values.tolerations }} + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/network_policy_allow_all.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/network_policy_allow_all.yaml new file mode 100755 index 000000000..6ed5d645e --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/network_policy_allow_all.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: default-allow-all + namespace: {{ template "cis.namespace" . }} +spec: + podSelector: {} + ingress: + - {} + egress: + - {} + policyTypes: + - Ingress + - Egress diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/patch_default_serviceaccount.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/patch_default_serviceaccount.yaml new file mode 100755 index 000000000..1efa3ed1c --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/patch_default_serviceaccount.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: patch-sa + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation +spec: + template: + spec: + serviceAccountName: cis-operator-serviceaccount + restartPolicy: Never + containers: + - name: sa + image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"] + args: ["-n", {{ template "cis.namespace" . }}] + backoffLimit: 1 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/rbac.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/rbac.yaml new file mode 100755 index 000000000..816991f23 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/rbac.yaml @@ -0,0 +1,43 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-operator-role +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-operator-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cis-operator-role +subjects: +- kind: ServiceAccount + name: cis-serviceaccount + namespace: {{ template "cis.namespace" . }} +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: cis-operator-installer +subjects: +- kind: ServiceAccount + name: cis-operator-serviceaccount + namespace: {{ template "cis.namespace" . }} +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-cis-1.5.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-cis-1.5.yml new file mode 100755 index 000000000..d69ae9dd5 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-cis-1.5.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: cis-1.5-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: cis-1.5 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-cis-1.6.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-cis-1.6.yaml new file mode 100755 index 000000000..8a8d8bf88 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-cis-1.6.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: cis-1.6-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: cis-1.6 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke-1.5-hardened.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke-1.5-hardened.yml new file mode 100755 index 000000000..4eabe158a --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke-1.5-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-hardened-1.5 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.5-hardened \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke-1.5-permissive.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke-1.5-permissive.yml new file mode 100755 index 000000000..1f78751d1 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke-1.5-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-permissive-1.5 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.5-permissive diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke-1.6-hardened.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke-1.6-hardened.yaml new file mode 100755 index 000000000..d38febd80 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke-1.6-hardened.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-hardened-1.6 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.6-hardened diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke-1.6-permissive.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke-1.6-permissive.yaml new file mode 100755 index 000000000..d31b5b0d2 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke-1.6-permissive.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-permissive-1.6 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.6-permissive diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke2-cis-1.5-hardened.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke2-cis-1.5-hardened.yml new file mode 100755 index 000000000..83eb3131e --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke2-cis-1.5-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke2-cis-1.5-profile-hardened + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke2-cis-1.5-hardened diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke2-cis-1.5-permissive.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke2-cis-1.5-permissive.yml new file mode 100755 index 000000000..40dc44bdf --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofile-rke2-cis-1.5-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke2-cis-1.5-profile-permissive + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke2-cis-1.5-permissive diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofileeks.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofileeks.yml new file mode 100755 index 000000000..49c7e0246 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofileeks.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: eks-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: eks-1.0 \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofilegke.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofilegke.yml new file mode 100755 index 000000000..2ddd0686f --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/scanprofilegke.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: gke-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: gke-1.0 \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/serviceaccount.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/serviceaccount.yaml new file mode 100755 index 000000000..ec48ec622 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/serviceaccount.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{ template "cis.namespace" . }} + name: cis-operator-serviceaccount +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{ template "cis.namespace" . }} + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-serviceaccount diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/validate-install-crd.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/validate-install-crd.yaml new file mode 100755 index 000000000..562295791 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/templates/validate-install-crd.yaml @@ -0,0 +1,17 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "cis.cattle.io/v1/ClusterScan" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanBenchmark" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanProfile" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanReport" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/values.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/values.yaml new file mode 100755 index 000000000..bfb6b96b2 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.301/values.yaml @@ -0,0 +1,45 @@ +# Default values for rancher-cis-benchmark. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +image: + cisoperator: + repository: rancher/cis-operator + tag: v1.0.3 + securityScan: + repository: rancher/security-scan + tag: v0.2.2 + sonobuoy: + repository: rancher/mirrored-sonobuoy-sonobuoy + tag: v0.16.3 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +global: + cattle: + systemDefaultRegistry: "" + clusterName: "" + kubectl: + repository: rancher/kubectl + tag: v1.18.6 + +alerts: + enabled: false + severity: warning + metricsPort: 8080 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/Chart.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/Chart.yaml new file mode 100755 index 000000000..2ca42fb2b --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/Chart.yaml @@ -0,0 +1,18 @@ +annotations: + catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: CIS Benchmark + catalog.cattle.io/namespace: cis-operator-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 + catalog.cattle.io/release-name: rancher-cis-benchmark + catalog.cattle.io/ui-component: rancher-cis-benchmark +apiVersion: v1 +appVersion: v1.0.4 +description: The cis-operator enables running CIS benchmark security scans on a kubernetes + cluster +icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg +keywords: +- security +name: rancher-cis-benchmark +version: 1.0.400 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/README.md b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/README.md new file mode 100755 index 000000000..50beab58b --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/README.md @@ -0,0 +1,9 @@ +# Rancher CIS Benchmark Chart + +The cis-operator enables running CIS benchmark security scans on a kubernetes cluster and generate compliance reports that can be downloaded. + +# Installation + +``` +helm install rancher-cis-benchmark ./ --create-namespace -n cis-operator-system +``` diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/app-readme.md b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/app-readme.md new file mode 100755 index 000000000..5e495d605 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/app-readme.md @@ -0,0 +1,15 @@ +# Rancher CIS Benchmarks + +This chart enables security scanning of the cluster using [CIS (Center for Internet Security) benchmarks](https://www.cisecurity.org/benchmark/kubernetes/). + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/cis-scans/v2.5/). + +This chart installs the following components: + +- [cis-operator](https://github.com/rancher/cis-operator) - The cis-operator handles launching the [kube-bench](https://github.com/aquasecurity/kube-bench) tool that runs a suite of CIS tests on the nodes of your Kubernetes cluster. After scans finish, the cis-operator generates a compliance report that can be downloaded. +- Scans - A scan is a CRD (`ClusterScan`) that defines when to trigger CIS scans on the cluster based on the defined profile. A report is created after the scan is completed. +- Profiles - A profile is a CRD (`ClusterScanProfile`) that defines the configuration for the CIS scan, which is the benchmark versions to use and any specific tests to skip in that benchmark. This chart installs a few default `ClusterScanProfile` custom resources with no skipped tests, which can immediately be used to launch CIS scans. +- Benchmark Versions - A benchmark version is a CRD (`ClusterScanBenchmark`) that defines the CIS benchmark version to run using kube-bench as well as the valid configuration parameters for that benchmark. This chart installs a few default `ClusterScanBenchmark` custom resources. +- Alerting Resources - Rancher's CIS Benchmark application lets you run a cluster scan on a schedule, and send alerts when scans finish. + - If you want to enable alerts to be delivered when a cluster scan completes, you need to ensure that [Rancher's Monitoring and Alerting](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/) application is pre-installed and the [Receivers and Routes](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/configuration/#alertmanager-config) are configured to send out alerts. + - Additionally, you need to set `alerts: true` in the Values YAML while installing or upgrading this chart. diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/_helpers.tpl b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/_helpers.tpl new file mode 100755 index 000000000..67f4ce116 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/_helpers.tpl @@ -0,0 +1,23 @@ +{{/* Ensure namespace is set the same everywhere */}} +{{- define "cis.namespace" -}} + {{- .Release.Namespace | default "cis-operator-system" -}} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux_node_tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/alertingrule.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/alertingrule.yaml new file mode 100755 index 000000000..1787c88a0 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/alertingrule.yaml @@ -0,0 +1,14 @@ +{{- if .Values.alerts.enabled -}} +--- +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: rancher-cis-pod-monitor + namespace: {{ template "cis.namespace" . }} +spec: + selector: + matchLabels: + cis.cattle.io/operator: cis-operator + podMetricsEndpoints: + - port: cismetrics +{{- end }} diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-cis-1.5.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-cis-1.5.yaml new file mode 100755 index 000000000..39e8b834a --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-cis-1.5.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: cis-1.5 +spec: + clusterProvider: "" + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-cis-1.6.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-cis-1.6.yaml new file mode 100755 index 000000000..93ba064f4 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-cis-1.6.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: cis-1.6 +spec: + clusterProvider: "" + minKubernetesVersion: "1.16.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-eks-1.0.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-eks-1.0.yaml new file mode 100755 index 000000000..bd2e32cd3 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-eks-1.0.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: eks-1.0 +spec: + clusterProvider: eks + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-gke-1.0.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-gke-1.0.yaml new file mode 100755 index 000000000..72122e8c5 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-gke-1.0.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: gke-1.0 +spec: + clusterProvider: gke + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke-cis-1.5-hardened.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke-cis-1.5-hardened.yaml new file mode 100755 index 000000000..b5627f966 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke-cis-1.5-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.5-hardened +spec: + clusterProvider: rke + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke-cis-1.5-permissive.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke-cis-1.5-permissive.yaml new file mode 100755 index 000000000..95f80c0f0 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke-cis-1.5-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.5-permissive +spec: + clusterProvider: rke + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke-cis-1.6-hardened.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke-cis-1.6-hardened.yaml new file mode 100755 index 000000000..d75de8154 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke-cis-1.6-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.6-hardened +spec: + clusterProvider: rke + minKubernetesVersion: "1.16.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke-cis-1.6-permissive.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke-cis-1.6-permissive.yaml new file mode 100755 index 000000000..52428f4a7 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke-cis-1.6-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.6-permissive +spec: + clusterProvider: rke + minKubernetesVersion: "1.16.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke2-cis-1.5-hardened.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke2-cis-1.5-hardened.yaml new file mode 100755 index 000000000..3d83e9bd8 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke2-cis-1.5-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.5-hardened +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.18.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke2-cis-1.5-permissive.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke2-cis-1.5-permissive.yaml new file mode 100755 index 000000000..f66aa8f6e --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke2-cis-1.5-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.5-permissive +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.18.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke2-cis-1.6-hardened.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke2-cis-1.6-hardened.yaml new file mode 100755 index 000000000..3593bf371 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke2-cis-1.6-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.6-hardened +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.20.5" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke2-cis-1.6-permissive.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke2-cis-1.6-permissive.yaml new file mode 100755 index 000000000..522f846ae --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-rke2-cis-1.6-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.6-permissive +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.20.5" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/cis-roles.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/cis-roles.yaml new file mode 100755 index 000000000..23c93dc65 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/cis-roles.yaml @@ -0,0 +1,49 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cis-admin +rules: + - apiGroups: + - cis.cattle.io + resources: + - clusterscanbenchmarks + - clusterscanprofiles + - clusterscans + - clusterscanreports + verbs: ["create", "update", "delete", "patch","get", "watch", "list"] + - apiGroups: + - catalog.cattle.io + resources: ["apps"] + resourceNames: ["rancher-cis-benchmark"] + verbs: ["get", "watch", "list"] + - apiGroups: + - "" + resources: + - configmaps + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cis-view +rules: + - apiGroups: + - cis.cattle.io + resources: + - clusterscanbenchmarks + - clusterscanprofiles + - clusterscans + - clusterscanreports + verbs: ["get", "watch", "list"] + - apiGroups: + - catalog.cattle.io + resources: ["apps"] + resourceNames: ["rancher-cis-benchmark"] + verbs: ["get", "watch", "list"] + - apiGroups: + - "" + resources: + - configmaps + verbs: ["get", "watch", "list"] diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/configmap.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/configmap.yaml new file mode 100755 index 000000000..9832ac285 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/configmap.yaml @@ -0,0 +1,16 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: default-clusterscanprofiles + namespace: {{ template "cis.namespace" . }} +data: + # Default ClusterScanProfiles per cluster provider type + rke: |- + <1.16.0: rke-profile-permissive-1.5 + >=1.16.0: rke-profile-permissive-1.6 + rke2: |- + <1.20.5: rke2-cis-1.5-profile-permissive + >=1.20.5: rke2-cis-1.6-profile-permissive + eks: "eks-profile" + gke: "gke-profile" + default: "cis-1.6-profile" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/deployment.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/deployment.yaml new file mode 100755 index 000000000..0d3c75e39 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/deployment.yaml @@ -0,0 +1,57 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cis-operator + namespace: {{ template "cis.namespace" . }} + labels: + cis.cattle.io/operator: cis-operator +spec: + selector: + matchLabels: + cis.cattle.io/operator: cis-operator + template: + metadata: + labels: + cis.cattle.io/operator: cis-operator + spec: + serviceAccountName: cis-operator-serviceaccount + containers: + - name: cis-operator + image: '{{ template "system_default_registry" . }}{{ .Values.image.cisoperator.repository }}:{{ .Values.image.cisoperator.tag }}' + imagePullPolicy: Always + ports: + - name: cismetrics + containerPort: {{ .Values.alerts.metricsPort }} + env: + - name: SECURITY_SCAN_IMAGE + value: {{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }} + - name: SECURITY_SCAN_IMAGE_TAG + value: {{ .Values.image.securityScan.tag }} + - name: SONOBUOY_IMAGE + value: {{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }} + - name: SONOBUOY_IMAGE_TAG + value: {{ .Values.image.sonobuoy.tag }} + - name: CIS_ALERTS_METRICS_PORT + value: '{{ .Values.alerts.metricsPort }}' + - name: CIS_ALERTS_SEVERITY + value: {{ .Values.alerts.severity }} + - name: CIS_ALERTS_ENABLED + value: {{ .Values.alerts.enabled | default "false" | quote }} + - name: CLUSTER_NAME + value: {{ .Values.global.cattle.clusterName }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + nodeSelector: + kubernetes.io/os: linux + {{- with .Values.nodeSelector }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + tolerations: + {{- include "linux_node_tolerations" . | nindent 8}} + {{- with .Values.tolerations }} + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/network_policy_allow_all.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/network_policy_allow_all.yaml new file mode 100755 index 000000000..6ed5d645e --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/network_policy_allow_all.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: default-allow-all + namespace: {{ template "cis.namespace" . }} +spec: + podSelector: {} + ingress: + - {} + egress: + - {} + policyTypes: + - Ingress + - Egress diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/patch_default_serviceaccount.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/patch_default_serviceaccount.yaml new file mode 100755 index 000000000..1efa3ed1c --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/patch_default_serviceaccount.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: patch-sa + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation +spec: + template: + spec: + serviceAccountName: cis-operator-serviceaccount + restartPolicy: Never + containers: + - name: sa + image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"] + args: ["-n", {{ template "cis.namespace" . }}] + backoffLimit: 1 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/rbac.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/rbac.yaml new file mode 100755 index 000000000..816991f23 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/rbac.yaml @@ -0,0 +1,43 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-operator-role +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-operator-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cis-operator-role +subjects: +- kind: ServiceAccount + name: cis-serviceaccount + namespace: {{ template "cis.namespace" . }} +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: cis-operator-installer +subjects: +- kind: ServiceAccount + name: cis-operator-serviceaccount + namespace: {{ template "cis.namespace" . }} +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-cis-1.5.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-cis-1.5.yml new file mode 100755 index 000000000..d69ae9dd5 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-cis-1.5.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: cis-1.5-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: cis-1.5 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-cis-1.6.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-cis-1.6.yaml new file mode 100755 index 000000000..8a8d8bf88 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-cis-1.6.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: cis-1.6-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: cis-1.6 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke-1.5-hardened.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke-1.5-hardened.yml new file mode 100755 index 000000000..4eabe158a --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke-1.5-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-hardened-1.5 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.5-hardened \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke-1.5-permissive.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke-1.5-permissive.yml new file mode 100755 index 000000000..1f78751d1 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke-1.5-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-permissive-1.5 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.5-permissive diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke-1.6-hardened.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke-1.6-hardened.yaml new file mode 100755 index 000000000..d38febd80 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke-1.6-hardened.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-hardened-1.6 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.6-hardened diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke-1.6-permissive.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke-1.6-permissive.yaml new file mode 100755 index 000000000..d31b5b0d2 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke-1.6-permissive.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-permissive-1.6 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.6-permissive diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke2-cis-1.5-hardened.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke2-cis-1.5-hardened.yml new file mode 100755 index 000000000..83eb3131e --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke2-cis-1.5-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke2-cis-1.5-profile-hardened + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke2-cis-1.5-hardened diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke2-cis-1.5-permissive.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke2-cis-1.5-permissive.yml new file mode 100755 index 000000000..40dc44bdf --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke2-cis-1.5-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke2-cis-1.5-profile-permissive + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke2-cis-1.5-permissive diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke2-cis-1.6-hardened.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke2-cis-1.6-hardened.yml new file mode 100755 index 000000000..c7ac7f949 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke2-cis-1.6-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke2-cis-1.6-profile-hardened + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke2-cis-1.6-hardened diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke2-cis-1.6-permissive.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke2-cis-1.6-permissive.yml new file mode 100755 index 000000000..96ca1345a --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-rke2-cis-1.6-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke2-cis-1.6-profile-permissive + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke2-cis-1.6-permissive diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofileeks.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofileeks.yml new file mode 100755 index 000000000..49c7e0246 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofileeks.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: eks-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: eks-1.0 \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofilegke.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofilegke.yml new file mode 100755 index 000000000..2ddd0686f --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofilegke.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: gke-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: gke-1.0 \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/serviceaccount.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/serviceaccount.yaml new file mode 100755 index 000000000..ec48ec622 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/serviceaccount.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{ template "cis.namespace" . }} + name: cis-operator-serviceaccount +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{ template "cis.namespace" . }} + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-serviceaccount diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/validate-install-crd.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/validate-install-crd.yaml new file mode 100755 index 000000000..562295791 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/validate-install-crd.yaml @@ -0,0 +1,17 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "cis.cattle.io/v1/ClusterScan" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanBenchmark" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanProfile" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanReport" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/values.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/values.yaml new file mode 100755 index 000000000..6246eb3b3 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/values.yaml @@ -0,0 +1,45 @@ +# Default values for rancher-cis-benchmark. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +image: + cisoperator: + repository: rancher/cis-operator + tag: v1.0.4-rc1 + securityScan: + repository: rancher/security-scan + tag: v0.2.3-rc2 + sonobuoy: + repository: rancher/mirrored-sonobuoy-sonobuoy + tag: v0.16.3 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +global: + cattle: + systemDefaultRegistry: "" + clusterName: "" + kubectl: + repository: rancher/kubectl + tag: v1.20.2 + +alerts: + enabled: false + severity: warning + metricsPort: 8080 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/Chart.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/Chart.yaml new file mode 100755 index 000000000..a5e64c864 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/Chart.yaml @@ -0,0 +1,18 @@ +annotations: + catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: CIS Benchmark + catalog.cattle.io/namespace: cis-operator-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 + catalog.cattle.io/release-name: rancher-cis-benchmark + catalog.cattle.io/ui-component: rancher-cis-benchmark +apiVersion: v1 +appVersion: v1.0.4 +description: The cis-operator enables running CIS benchmark security scans on a kubernetes + cluster +icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg +keywords: +- security +name: rancher-cis-benchmark +version: 1.0.402 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/README.md b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/README.md new file mode 100755 index 000000000..50beab58b --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/README.md @@ -0,0 +1,9 @@ +# Rancher CIS Benchmark Chart + +The cis-operator enables running CIS benchmark security scans on a kubernetes cluster and generate compliance reports that can be downloaded. + +# Installation + +``` +helm install rancher-cis-benchmark ./ --create-namespace -n cis-operator-system +``` diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/app-readme.md b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/app-readme.md new file mode 100755 index 000000000..5e495d605 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/app-readme.md @@ -0,0 +1,15 @@ +# Rancher CIS Benchmarks + +This chart enables security scanning of the cluster using [CIS (Center for Internet Security) benchmarks](https://www.cisecurity.org/benchmark/kubernetes/). + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/cis-scans/v2.5/). + +This chart installs the following components: + +- [cis-operator](https://github.com/rancher/cis-operator) - The cis-operator handles launching the [kube-bench](https://github.com/aquasecurity/kube-bench) tool that runs a suite of CIS tests on the nodes of your Kubernetes cluster. After scans finish, the cis-operator generates a compliance report that can be downloaded. +- Scans - A scan is a CRD (`ClusterScan`) that defines when to trigger CIS scans on the cluster based on the defined profile. A report is created after the scan is completed. +- Profiles - A profile is a CRD (`ClusterScanProfile`) that defines the configuration for the CIS scan, which is the benchmark versions to use and any specific tests to skip in that benchmark. This chart installs a few default `ClusterScanProfile` custom resources with no skipped tests, which can immediately be used to launch CIS scans. +- Benchmark Versions - A benchmark version is a CRD (`ClusterScanBenchmark`) that defines the CIS benchmark version to run using kube-bench as well as the valid configuration parameters for that benchmark. This chart installs a few default `ClusterScanBenchmark` custom resources. +- Alerting Resources - Rancher's CIS Benchmark application lets you run a cluster scan on a schedule, and send alerts when scans finish. + - If you want to enable alerts to be delivered when a cluster scan completes, you need to ensure that [Rancher's Monitoring and Alerting](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/) application is pre-installed and the [Receivers and Routes](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/configuration/#alertmanager-config) are configured to send out alerts. + - Additionally, you need to set `alerts: true` in the Values YAML while installing or upgrading this chart. diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/_helpers.tpl b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/_helpers.tpl new file mode 100755 index 000000000..67f4ce116 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/_helpers.tpl @@ -0,0 +1,23 @@ +{{/* Ensure namespace is set the same everywhere */}} +{{- define "cis.namespace" -}} + {{- .Release.Namespace | default "cis-operator-system" -}} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux_node_tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/alertingrule.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/alertingrule.yaml new file mode 100755 index 000000000..1787c88a0 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/alertingrule.yaml @@ -0,0 +1,14 @@ +{{- if .Values.alerts.enabled -}} +--- +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: rancher-cis-pod-monitor + namespace: {{ template "cis.namespace" . }} +spec: + selector: + matchLabels: + cis.cattle.io/operator: cis-operator + podMetricsEndpoints: + - port: cismetrics +{{- end }} diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-cis-1.5.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-cis-1.5.yaml new file mode 100755 index 000000000..39e8b834a --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-cis-1.5.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: cis-1.5 +spec: + clusterProvider: "" + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-cis-1.6.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-cis-1.6.yaml new file mode 100755 index 000000000..93ba064f4 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-cis-1.6.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: cis-1.6 +spec: + clusterProvider: "" + minKubernetesVersion: "1.16.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-eks-1.0.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-eks-1.0.yaml new file mode 100755 index 000000000..bd2e32cd3 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-eks-1.0.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: eks-1.0 +spec: + clusterProvider: eks + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-gke-1.0.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-gke-1.0.yaml new file mode 100755 index 000000000..72122e8c5 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-gke-1.0.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: gke-1.0 +spec: + clusterProvider: gke + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke-cis-1.5-hardened.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke-cis-1.5-hardened.yaml new file mode 100755 index 000000000..b5627f966 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke-cis-1.5-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.5-hardened +spec: + clusterProvider: rke + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke-cis-1.5-permissive.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke-cis-1.5-permissive.yaml new file mode 100755 index 000000000..95f80c0f0 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke-cis-1.5-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.5-permissive +spec: + clusterProvider: rke + minKubernetesVersion: "1.15.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke-cis-1.6-hardened.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke-cis-1.6-hardened.yaml new file mode 100755 index 000000000..d75de8154 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke-cis-1.6-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.6-hardened +spec: + clusterProvider: rke + minKubernetesVersion: "1.16.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke-cis-1.6-permissive.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke-cis-1.6-permissive.yaml new file mode 100755 index 000000000..52428f4a7 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke-cis-1.6-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.6-permissive +spec: + clusterProvider: rke + minKubernetesVersion: "1.16.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke2-cis-1.5-hardened.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke2-cis-1.5-hardened.yaml new file mode 100755 index 000000000..3d83e9bd8 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke2-cis-1.5-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.5-hardened +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.18.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke2-cis-1.5-permissive.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke2-cis-1.5-permissive.yaml new file mode 100755 index 000000000..f66aa8f6e --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke2-cis-1.5-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.5-permissive +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.18.0" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke2-cis-1.6-hardened.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke2-cis-1.6-hardened.yaml new file mode 100755 index 000000000..3593bf371 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke2-cis-1.6-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.6-hardened +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.20.5" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke2-cis-1.6-permissive.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke2-cis-1.6-permissive.yaml new file mode 100755 index 000000000..522f846ae --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/benchmark-rke2-cis-1.6-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.6-permissive +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.20.5" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/cis-roles.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/cis-roles.yaml new file mode 100755 index 000000000..23c93dc65 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/cis-roles.yaml @@ -0,0 +1,49 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cis-admin +rules: + - apiGroups: + - cis.cattle.io + resources: + - clusterscanbenchmarks + - clusterscanprofiles + - clusterscans + - clusterscanreports + verbs: ["create", "update", "delete", "patch","get", "watch", "list"] + - apiGroups: + - catalog.cattle.io + resources: ["apps"] + resourceNames: ["rancher-cis-benchmark"] + verbs: ["get", "watch", "list"] + - apiGroups: + - "" + resources: + - configmaps + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cis-view +rules: + - apiGroups: + - cis.cattle.io + resources: + - clusterscanbenchmarks + - clusterscanprofiles + - clusterscans + - clusterscanreports + verbs: ["get", "watch", "list"] + - apiGroups: + - catalog.cattle.io + resources: ["apps"] + resourceNames: ["rancher-cis-benchmark"] + verbs: ["get", "watch", "list"] + - apiGroups: + - "" + resources: + - configmaps + verbs: ["get", "watch", "list"] diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/configmap.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/configmap.yaml new file mode 100755 index 000000000..620d9abfa --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/configmap.yaml @@ -0,0 +1,16 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: default-clusterscanprofiles + namespace: {{ template "cis.namespace" . }} +data: + # Default ClusterScanProfiles per cluster provider type + rke: |- + <1.16.0: rke-profile-permissive-1.5 + >=1.16.0: rke-profile-permissive-1.6 + rke2: |- + <1.20.0: rke2-cis-1.5-profile-permissive + >=1.20.0: rke2-cis-1.6-profile-permissive + eks: "eks-profile" + gke: "gke-profile" + default: "cis-1.6-profile" diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/deployment.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/deployment.yaml new file mode 100755 index 000000000..0d3c75e39 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/deployment.yaml @@ -0,0 +1,57 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cis-operator + namespace: {{ template "cis.namespace" . }} + labels: + cis.cattle.io/operator: cis-operator +spec: + selector: + matchLabels: + cis.cattle.io/operator: cis-operator + template: + metadata: + labels: + cis.cattle.io/operator: cis-operator + spec: + serviceAccountName: cis-operator-serviceaccount + containers: + - name: cis-operator + image: '{{ template "system_default_registry" . }}{{ .Values.image.cisoperator.repository }}:{{ .Values.image.cisoperator.tag }}' + imagePullPolicy: Always + ports: + - name: cismetrics + containerPort: {{ .Values.alerts.metricsPort }} + env: + - name: SECURITY_SCAN_IMAGE + value: {{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }} + - name: SECURITY_SCAN_IMAGE_TAG + value: {{ .Values.image.securityScan.tag }} + - name: SONOBUOY_IMAGE + value: {{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }} + - name: SONOBUOY_IMAGE_TAG + value: {{ .Values.image.sonobuoy.tag }} + - name: CIS_ALERTS_METRICS_PORT + value: '{{ .Values.alerts.metricsPort }}' + - name: CIS_ALERTS_SEVERITY + value: {{ .Values.alerts.severity }} + - name: CIS_ALERTS_ENABLED + value: {{ .Values.alerts.enabled | default "false" | quote }} + - name: CLUSTER_NAME + value: {{ .Values.global.cattle.clusterName }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + nodeSelector: + kubernetes.io/os: linux + {{- with .Values.nodeSelector }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + tolerations: + {{- include "linux_node_tolerations" . | nindent 8}} + {{- with .Values.tolerations }} + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/network_policy_allow_all.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/network_policy_allow_all.yaml new file mode 100755 index 000000000..6ed5d645e --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/network_policy_allow_all.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: default-allow-all + namespace: {{ template "cis.namespace" . }} +spec: + podSelector: {} + ingress: + - {} + egress: + - {} + policyTypes: + - Ingress + - Egress diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/patch_default_serviceaccount.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/patch_default_serviceaccount.yaml new file mode 100755 index 000000000..1efa3ed1c --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/patch_default_serviceaccount.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: patch-sa + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation +spec: + template: + spec: + serviceAccountName: cis-operator-serviceaccount + restartPolicy: Never + containers: + - name: sa + image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"] + args: ["-n", {{ template "cis.namespace" . }}] + backoffLimit: 1 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/rbac.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/rbac.yaml new file mode 100755 index 000000000..816991f23 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/rbac.yaml @@ -0,0 +1,43 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-operator-role +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-operator-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cis-operator-role +subjects: +- kind: ServiceAccount + name: cis-serviceaccount + namespace: {{ template "cis.namespace" . }} +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: cis-operator-installer +subjects: +- kind: ServiceAccount + name: cis-operator-serviceaccount + namespace: {{ template "cis.namespace" . }} +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-cis-1.5.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-cis-1.5.yml new file mode 100755 index 000000000..d69ae9dd5 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-cis-1.5.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: cis-1.5-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: cis-1.5 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-cis-1.6.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-cis-1.6.yaml new file mode 100755 index 000000000..8a8d8bf88 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-cis-1.6.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: cis-1.6-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: cis-1.6 diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke-1.5-hardened.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke-1.5-hardened.yml new file mode 100755 index 000000000..4eabe158a --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke-1.5-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-hardened-1.5 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.5-hardened \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke-1.5-permissive.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke-1.5-permissive.yml new file mode 100755 index 000000000..1f78751d1 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke-1.5-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-permissive-1.5 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.5-permissive diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke-1.6-hardened.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke-1.6-hardened.yaml new file mode 100755 index 000000000..d38febd80 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke-1.6-hardened.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-hardened-1.6 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.6-hardened diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke-1.6-permissive.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke-1.6-permissive.yaml new file mode 100755 index 000000000..d31b5b0d2 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke-1.6-permissive.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-permissive-1.6 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.6-permissive diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke2-cis-1.5-hardened.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke2-cis-1.5-hardened.yml new file mode 100755 index 000000000..83eb3131e --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke2-cis-1.5-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke2-cis-1.5-profile-hardened + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke2-cis-1.5-hardened diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke2-cis-1.5-permissive.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke2-cis-1.5-permissive.yml new file mode 100755 index 000000000..40dc44bdf --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke2-cis-1.5-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke2-cis-1.5-profile-permissive + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke2-cis-1.5-permissive diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke2-cis-1.6-hardened.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke2-cis-1.6-hardened.yml new file mode 100755 index 000000000..c7ac7f949 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke2-cis-1.6-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke2-cis-1.6-profile-hardened + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke2-cis-1.6-hardened diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke2-cis-1.6-permissive.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke2-cis-1.6-permissive.yml new file mode 100755 index 000000000..96ca1345a --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofile-rke2-cis-1.6-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke2-cis-1.6-profile-permissive + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke2-cis-1.6-permissive diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofileeks.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofileeks.yml new file mode 100755 index 000000000..49c7e0246 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofileeks.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: eks-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: eks-1.0 \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofilegke.yml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofilegke.yml new file mode 100755 index 000000000..2ddd0686f --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/scanprofilegke.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: gke-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: gke-1.0 \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/serviceaccount.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/serviceaccount.yaml new file mode 100755 index 000000000..ec48ec622 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/serviceaccount.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{ template "cis.namespace" . }} + name: cis-operator-serviceaccount +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{ template "cis.namespace" . }} + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-serviceaccount diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/validate-install-crd.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/validate-install-crd.yaml new file mode 100755 index 000000000..562295791 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/templates/validate-install-crd.yaml @@ -0,0 +1,17 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "cis.cattle.io/v1/ClusterScan" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanBenchmark" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanProfile" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanReport" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/values.yaml b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/values.yaml new file mode 100755 index 000000000..ff4a49495 --- /dev/null +++ b/released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.402/values.yaml @@ -0,0 +1,45 @@ +# Default values for rancher-cis-benchmark. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +image: + cisoperator: + repository: rancher/cis-operator + tag: v1.0.4-rc1 + securityScan: + repository: rancher/security-scan + tag: v0.2.3-rc1 + sonobuoy: + repository: rancher/mirrored-sonobuoy-sonobuoy + tag: v0.16.3 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +global: + cattle: + systemDefaultRegistry: "" + clusterName: "" + kubectl: + repository: rancher/kubectl + tag: v1.20.2 + +alerts: + enabled: false + severity: warning + metricsPort: 8080 diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/.helmignore b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/Chart.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/Chart.yaml new file mode 100644 index 000000000..a6867f4ef --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/Chart.yaml @@ -0,0 +1,24 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: External IP Webhook + catalog.cattle.io/namespace: cattle-externalip-system + catalog.cattle.io/release-name: rancher-external-ip-webhook + catalog.cattle.io/ui-component: rancher-external-ip-webhook + catalog.cattle.io/os: linux +apiVersion: v1 +appVersion: v0.1.4 +description: | + Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554 +home: https://github.com/rancher/externalip-webhook +keywords: +- cve +- externalip +- webhook +- security +maintainers: +- email: raul@rancher.com + name: rawmind0 +name: rancher-external-ip-webhook +sources: +- https://github.com/rancher/externalip-webhook +version: 0.1.400 diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/README.md b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/README.md new file mode 100644 index 000000000..9223987da --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/README.md @@ -0,0 +1,70 @@ +# externalip-webhook + +## Chart Details + +This chart will create a deployment of `externalip-webhook` within your Kubernetes Cluster. It's required to mitigate k8s CVE-2020-8554. + +## Installing the Chart + +To install the chart with the release name `rancher-external-ip-webhook`: + + +```bash +$ helm repo add rancher-chart https://charts.rancher.io +$ helm repo update +$ helm install rancher-external-ip-webhook rancher-chart/rancher-external-ip-webhook --namespace cattle-externalip-system -f values.yaml +``` + +## Configuration + +The following table lists the configurable parameters of the externalip-webhook chart and their default values. + + +| Parameter | Description | Default | +| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- | +| `allowedExternalIPCidrs` | Set allowed external IP CIDRs separated by a comma | `""` | +| `certificates.caBundle` | If cert-manager integration is disabled, add here self signed ca.crt in base64 format | `""` | +| `certificates.certManager.enabled` | Enable cert manager integration. Cert manager should be already installed at the k8s cluster | `true` | +| `certificates.certManager.version` | Cert manager version to use | `""` | +| `certificates.secretName` | If cert-manager integration is disabled, upload certs data (ca.crt, tls.crt & tls.key) as k8s secretName in the namespace | `"webhook-server-cert"` | +| `global.systemDefaultRegistry` | Pull docker images from systemDefaultRegistry | `""` | +| `image.pullPolicy` | Webhook server docker pull policy | `"IfNotPresent"` | +| `image.pullSecrets` | Webhook server docker pull secret | `""` | +| `image.repository` | Webhook server docker image repository | `"rancher/externalip-webhook"` | +| `image.tag` | Webhook server docker image tag Defaults to | `".Chart.appVersion"` | +| `metrics.enabled` | Enable metrics endpoint | `false` | +| `metrics.port` | Webhook metrics pod port | `8443` | +| `metrics.prometheusExport` | Enable Prometheus export. Follow [exporting-metrics-for-prometheus](https://book.kubebuilder.io/reference/metrics.html#exporting-metrics-for-prometheus) to export the webhook metrics | `false` | +| `metrics.authProxy.enabled` | Enable auth proxy for metrics endpoint | `false` | +| `metrics.authProxy.port` | Webhook auth proxy pod port | `8080` | +| `metrics.authProxy.image.pullPolicy` | Webhook auth proxy docker pull policy | `"IfNotPresent"` | +| `metrics.authProxy.image.pullSecrets`| Webhook auth proxy docker pull secrets | `""` | +| `metrics.authProxy.image.repository` | Webhook auth proxy docker image repository | `"gcr.io/kubebuilder/kube-rbac-proxy"` | +| `metrics.authProxy.image.pullPolicy` | Webhook auth proxy docker image tag | `"v0.5.0"` | +| `metrics.authProxy.resources.limits.cpu` | Webhook auth proxy resource cpu limit | `"100m"` | +| `metrics.authProxy.resources.limits.memory` | Webhook auth proxy resource memory limit | `"30Mi"` | +| `metrics.authProxy.resources.requests.cpu` | Webhook auth proxy wesource cpu reservation | `"100m"` | +| `metrics.authProxy.resources.requests.memory` | Webhook auth proxy resource memory reservation | `"20Mi"` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `rbac.apiVersion` | Rbac API version to use | `"v1"` | +| `resources.limits.cpu` | Resource cpu limit | `"100m"` | +| `resources.limits.memory` | Resource memory limit | `"30Mi"` | +| `resources.requests.cpu` | Resource cpu reservation | `"100m"` | +| `resources.requests.memory` | Resource memory reservation | `"20Mi"` | +| `service.metricsPort` | Webhook metrics service port | `8443` | +| `service.webhookPort` | Webhook server service port | `443` | +| `serviceAccountName` | Webhook serviceAccountName. Just used if metrics.authProxy.enabled = false | `"default"` | +| `tolerations` | List of node taints to tolerate (requires Kubernetes >= 1.6) | `[]` | +| `webhookPort` | Webhook server pod port | `9443` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```bash +$ helm repo add rancher-chart https://charts.rancher.io +$ helm repo update +$ helm install rancher-external-ip-webhook rancher-chart/rancher-external-ip-webhook --namespace cattle-externalip-system -f values.yaml +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/app-README.md b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/app-README.md new file mode 100644 index 000000000..38c317119 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/app-README.md @@ -0,0 +1,9 @@ +# externalip-webhook + +This chart was created to mitigate [CVE-2020-8554](https://www.cvedetails.com/cve/CVE-2020-8554/) + +External IP Webhook is a validating k8s webhook which prevents services from using random external IPs. Cluster administrators +can specify list of CIDRs allowed to be used as external IP by specifying `allowed-external-ip-cidrs` parameter. +The webhook will only allow services which either don’t set external IP, or whose external IPs are within the range specified by the administrator. + +For more information, review the Helm README of this chart. diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/questions.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/questions.yaml new file mode 100644 index 000000000..8b0e19040 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/questions.yaml @@ -0,0 +1,7 @@ +questions: +# allowedExternalIPCidrs +- variable: allowedExternalIPCidrs + label: Allowed external IP cidrs + description: Set allowed external IP CIDRs separated by a comma + type: string + group: Configuration \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/NOTES.txt b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/NOTES.txt new file mode 100644 index 000000000..74271bdd5 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/NOTES.txt @@ -0,0 +1,3 @@ +To verify that externalip-webhook has started, run: + + kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "externalip-webhook.name" . }},release={{ .Release.Name }}" diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/_helpers.tpl b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/_helpers.tpl new file mode 100644 index 000000000..cc8a9a0d3 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/_helpers.tpl @@ -0,0 +1,50 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "externalip-webhook.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "externalip-webhook.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if ne $name .Release.Name -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s" $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* Generate basic labels */}} +{{- define "externalip-webhook.labels" }} +app: {{ template "externalip-webhook.name" . }} +heritage: {{.Release.Service }} +release: {{.Release.Name }} +{{- end }} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +kubernetes.io/os: linux +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/admissionregistration.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/admissionregistration.yaml new file mode 100644 index 000000000..d8152faa5 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/admissionregistration.yaml @@ -0,0 +1,30 @@ +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: +{{- if .Values.certificates.certManager.enabled }} + annotations: + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ template "externalip-webhook.fullname" . }}-server-cert +{{- end }} + creationTimestamp: null + name: {{ template "externalip-webhook.fullname" . }}-validating-webhook-configuration +webhooks: +- clientConfig: +{{- if not (.Values.certificates.certManager.enabled) }} + caBundle: {{ .Values.certificates.caBundle }} +{{- end }} + service: + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} + path: /validate-service + failurePolicy: Ignore + name: {{ template "externalip-webhook.fullname" . }}.{{ .Release.Namespace }}.svc + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - services \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/clusterrole.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/clusterrole.yaml new file mode 100644 index 000000000..46e18bf00 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/clusterrole.yaml @@ -0,0 +1,33 @@ +{{- if and (.Values.metrics.enabled) (.Values.metrics.authProxy.enabled) -}} +apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} +kind: ClusterRole +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} +kind: ClusterRole +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/clusterrolebinding.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..2fa40817f --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/clusterrolebinding.yaml @@ -0,0 +1,31 @@ +apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} +kind: ClusterRoleBinding +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-cluster-view +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view +subjects: +- kind: ServiceAccount + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} +{{- if and (.Values.metrics.enabled) (.Values.metrics.authProxy.enabled) }} +--- +apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} +kind: ClusterRoleBinding +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "externalip-webhook.fullname" . }}-proxy-role +subjects: +- kind: ServiceAccount + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/deployment.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/deployment.yaml new file mode 100644 index 000000000..c82754deb --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/deployment.yaml @@ -0,0 +1,107 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + seccomp.security.alpha.kubernetes.io/pod: runtime/default + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: {{ template "externalip-webhook.name" . }} + template: + metadata: + annotations: + seccomp.security.alpha.kubernetes.io/pod: runtime/default + labels: {{ include "externalip-webhook.labels" . | indent 8 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + spec: + containers: + {{- if and (.Values.metrics.enabled) (.Values.metrics.authProxy.enabled) }} + - name: {{ template "externalip-webhook.fullname" . }}-auth-proxy + args: + - --secure-listen-address=0.0.0.0:{{ .Values.metrics.port }} + - --upstream=http://127.0.0.1:{{ .Values.metrics.authProxy.port }}/ + - --logtostderr=true + - --v=10 + image: {{ template "system_default_registry" . }}{{ .Values.metrics.authProxy.image.repository}}:{{ .Values.metrics.authProxy.image.tag }} + imagePullPolicy: "{{ .Values.metrics.authProxy.image.pullPolicy }}" + ports: + - containerPort: {{ .Values.metrics.port }} + name: webhook-metrics + protocol: TCP + resources: +{{ toYaml .Values.metrics.authProxy.resources | indent 10 }} + readinessProbe: + tcpSocket: + port: webhook-metrics + initialDelaySeconds: 5 + periodSeconds: 10 + livenessProbe: + tcpSocket: + port: webhook-metrics + initialDelaySeconds: 5 + failureThreshold: 10 + periodSeconds: 30 + {{- end }} + - name: {{ template "externalip-webhook.fullname" . }} + image: {{ template "system_default_registry" . }}{{ .Values.image.repository}}:{{ default .Chart.AppVersion .Values.image.tag }} + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + command: + - /webhook + args: + - --webhook-port={{ .Values.webhookPort }} + {{- if .Values.allowedExternalIPCidrs }} + - --allowed-external-ip-cidrs={{ .Values.allowedExternalIPCidrs }} + {{- end }} + {{- if .Values.metrics.enabled }} + {{- if .Values.metrics.authProxy.enabled }} + - --metrics-addr=127.0.0.1:{{ .Values.metrics.authProxy.port }} + {{- else }} + - --metrics-addr=0.0.0.0:{{ .Values.metrics.port }} + {{- end }} + {{- end }} + ports: + - containerPort: {{ .Values.webhookPort }} + name: webhook-server + protocol: TCP + {{- if and (.Values.metrics.enabled) (not (.Values.metrics.authProxy.enabled)) }} + - containerPort: {{ .Values.metrics.port }} + name: webhook-metrics + protocol: TCP + {{- end }} + volumeMounts: + - name: server-cert + mountPath: /tmp/k8s-webhook-server/serving-certs + readOnly: true + resources: +{{ toYaml .Values.resources | indent 10 }} + readinessProbe: + tcpSocket: + port: webhook-server + initialDelaySeconds: 5 + failureThreshold: 10 + periodSeconds: 30 + livenessProbe: + tcpSocket: + port: webhook-server + initialDelaySeconds: 5 + failureThreshold: 10 + periodSeconds: 30 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} + {{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 6}} + {{- if .Values.tolerations }} +{{ toYaml .Values.tolerations | indent 6 }} + {{- end }} + serviceAccountName: {{ template "externalip-webhook.fullname" . }} + volumes: + - name: server-cert + secret: + defaultMode: 420 + secretName: {{ .Values.certificates.secretName }} diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/issuer.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/issuer.yaml new file mode 100644 index 000000000..ff1c2de10 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/issuer.yaml @@ -0,0 +1,52 @@ +{{- if .Values.certificates.certManager.enabled -}} + {{- $certmanagerVer := split "." .Values.certificates.certManager.version -}} + {{- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 1) (ge (int $certmanagerVer._1) 0)) }} +apiVersion: cert-manager.io/v1 + {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 16)) }} +apiVersion: cert-manager.io/v1beta1 + {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 11)) }} +apiVersion: cert-manager.io/v1alpha2 + {{- else if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (lt (int $certmanagerVer._1) 11)) }} +apiVersion: certmanager.k8s.io/v1alpha1 + {{- else }} +# Setting latest version as default +apiVersion: cert-manager.io/v1 + {{- end }} +kind: Certificate +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-server-cert + namespace: {{ .Release.Namespace }} +spec: + dnsNames: + - {{ template "externalip-webhook.fullname" . }}.{{ .Release.Namespace }}.svc + - {{ template "externalip-webhook.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local + issuerRef: + kind: Issuer + name: {{ template "externalip-webhook.fullname" . }}-issuer + secretName: {{ .Values.certificates.secretName }} +--- + {{- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 1) (ge (int $certmanagerVer._1) 0)) }} +apiVersion: cert-manager.io/v1 + {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 16)) }} +apiVersion: cert-manager.io/v1beta1 + {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 11)) }} +apiVersion: cert-manager.io/v1alpha2 + {{- else if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (lt (int $certmanagerVer._1) 11)) }} +apiVersion: certmanager.k8s.io/v1alpha1 + {{- else }} +# Setting latest version as default +apiVersion: cert-manager.io/v1 + {{- end }} +kind: Issuer +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-issuer + namespace: {{ .Release.Namespace }} +spec: + selfSigned: {} +{{- end -}} + + diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/service.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/service.yaml new file mode 100644 index 000000000..256add3e4 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/service.yaml @@ -0,0 +1,35 @@ +apiVersion: v1 +kind: Service +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + ports: + - name: webhook-server + port: {{ .Values.service.webhookPort }} + protocol: TCP + targetPort: {{ .Values.webhookPort }} + selector: + app: {{ template "externalip-webhook.name" . }} + type: "ClusterIP" +{{- if .Values.metrics.enabled }} +--- +apiVersion: v1 +kind: Service +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-metrics-service + namespace: {{ .Release.Namespace }} +spec: + ports: + - name: webhook-metrics + port: {{ .Values.service.metricsPort }} + protocol: TCP + targetPort: {{ .Values.metrics.port }} + selector: + app: {{ template "externalip-webhook.name" . }} + type: "ClusterIP" +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/serviceaccount.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/serviceaccount.yaml new file mode 100644 index 000000000..895df4f5b --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/serviceaccount.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/servicemonitor.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/servicemonitor.yaml new file mode 100644 index 000000000..c481ea31d --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/templates/servicemonitor.yaml @@ -0,0 +1,16 @@ +{{- if and (.Values.metrics.enabled) (.Values.metrics.prometheusExport) -}} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-monitor + namespace: {{ .Release.Namespace }} +spec: + endpoints: + - path: /metrics + port: https + selector: + matchLabels: + app: {{ template "externalip-webhook.name" . }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/admissionregistration_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/admissionregistration_test.yaml new file mode 100644 index 000000000..0660aa6e8 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/admissionregistration_test.yaml @@ -0,0 +1,32 @@ +suite: Test Admission Registration +templates: +- admissionregistration.yaml +tests: +- it: should render Admission Registration + asserts: + - equal: + path: apiVersion + value: admissionregistration.k8s.io/v1beta1 +- it: should render Admission Registration annotation and not caBundle if certificates.certManager.enabled = true + release: + name: rancher-externalip-webhook + namespace: test + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: metadata.annotations + value: + cert-manager.io/inject-ca-from: test/rancher-externalip-webhook-server-cert + - isNull: + path: webhooks[0].clientConfig.caBundle +- it: should render Admission Registration caBundle and not annotation if certificates.certManager.enabled = false + set: + certificates.caBundle: test + certificates.certManager.enabled: false + asserts: + - equal: + path: webhooks[0].clientConfig.caBundle + value: test + - isNull: + path: metadata.annotations diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/clusterrole_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/clusterrole_test.yaml new file mode 100644 index 000000000..9e563807b --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/clusterrole_test.yaml @@ -0,0 +1,37 @@ +suite: Test Cluster Roles +templates: +- clusterrole.yaml +tests: +- it: should not render Cluster Roles if metrics.enabled = false or metrics.authProxy.enabled = false + set: + metrics.enabled: false + metrics.authProxy.enabled: false + asserts: + - hasDocuments: + count: 0 + template: clusterrole.yaml +- it: should render Cluster Roles if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.authProxy.enabled: true + asserts: + - hasDocuments: + count: 2 + template: clusterrole.yaml +- it: should render Cluster Roles with default rbac api version if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.authProxy.enabled: true + asserts: + - equal: + path: apiVersion + value: rbac.authorization.k8s.io/v1 +- it: should render Cluster Roles with custom rbac api version if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.authProxy.enabled: true + rbac.apiVersion: v1beta + asserts: + - equal: + path: apiVersion + value: rbac.authorization.k8s.io/v1beta \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/clusterrolebinding_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/clusterrolebinding_test.yaml new file mode 100644 index 000000000..2129573a3 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/clusterrolebinding_test.yaml @@ -0,0 +1,42 @@ +suite: Test Cluster Role Bindings +templates: +- clusterrolebinding.yaml +tests: +- it: should render Cluster Role Bindings with default rbac api version + set: + rbac.apiVersion: v1 + asserts: + - equal: + path: apiVersion + value: rbac.authorization.k8s.io/v1 +- it: should render Cluster Role Bindings with custom rbac api version + set: + rbac.apiVersion: v1beta + asserts: + - equal: + path: apiVersion + value: rbac.authorization.k8s.io/v1beta +- it: should not render Cluster Role Binding proxy if metrics.enabled = false or metrics.authProxy.enabled = false + set: + metrics.enabled: false + metrics.authProxy.enabled: false + asserts: + - hasDocuments: + count: 1 + template: clusterrolebinding.yaml +- it: should render Cluster Role Bindings proxy if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.authProxy.enabled: true + asserts: + - hasDocuments: + count: 2 + template: clusterrolebinding.yaml +- it: should render Cluster Role Bindings with default rbac api version if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.authProxy.enabled: true + asserts: + - equal: + path: apiVersion + value: rbac.authorization.k8s.io/v1 \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/deployment_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/deployment_test.yaml new file mode 100644 index 000000000..50e3f9ec1 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/deployment_test.yaml @@ -0,0 +1,202 @@ +suite: Test Deployments +templates: +- deployment.yaml +tests: +- it: should render Deployment with allowed-external-ip-cidrs arg if allowedExternalIPCidrs is set + release: + name: rancher-externalip-webhook + set: + allowedExternalIPCidrs: "1,2" + asserts: + - equal: + path: spec.template.spec.containers[0].args[1] + value: --allowed-external-ip-cidrs=1,2 +- it: should render Deployment with default port, nodeSelector and tolerations if metrics.enabled = false and metrics.authProxy.enabled = false + release: + name: rancher-externalip-webhook + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 9443 + name: webhook-server + protocol: TCP + - equal: + path: spec.template.spec.tolerations[0] + value: + key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" + - equal: + path: spec.template.spec.nodeSelector + value: + kubernetes.io/os: linux +- it: should render Deployment with default port and custom nodeSelector and tolerations if metrics.enabled = false and metrics.authProxy.enabled = false + release: + name: rancher-externalip-webhook + set: + tolerations: + - key: "cattle.io/test" + value: "linux" + effect: "NoSchedule" + operator: "Equal" + nodeSelector: + kubernetes.io/test: linux + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 9443 + name: webhook-server + protocol: TCP + - equal: + path: spec.template.spec.tolerations[0] + value: + key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" + - equal: + path: spec.template.spec.tolerations[1] + value: + key: "cattle.io/test" + value: "linux" + effect: "NoSchedule" + operator: "Equal" + - equal: + path: spec.template.spec.nodeSelector + value: + kubernetes.io/os: linux + kubernetes.io/test: linux +- it: should render Deployment with custom port and image if metrics.enabled = false and metrics.authProxy.enabled = false + release: + name: rancher-externalip-webhook + set: + webhookPort: 9000 + image.repository: test + image.tag: dev-test + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[0].image + value: test:dev-test + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 9000 + name: webhook-server + protocol: TCP +- it: should render Deployment with default metrics port if metrics.enabled = true and metrics.authProxy.enabled = false + release: + name: rancher-externalip-webhook + set: + metrics.enabled: true + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 9443 + name: webhook-server + protocol: TCP + - equal: + path: spec.template.spec.containers[0].ports[1] + value: + containerPort: 8443 + name: webhook-metrics + protocol: TCP +- it: should render Deployment with custom metrics port if metrics.enabled = true and metrics.authProxy.enabled = false + release: + name: rancher-externalip-webhook + set: + metrics.enabled: true + metrics.port: 8000 + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 9443 + name: webhook-server + protocol: TCP + - equal: + path: spec.template.spec.containers[0].ports[1] + value: + containerPort: 8000 + name: webhook-metrics + protocol: TCP +- it: should render Deployment with default metrics port if metrics.enabled = true and metrics.authProxy.enabled = true + release: + name: rancher-externalip-webhook + set: + metrics.enabled: true + metrics.authProxy.enabled: true + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook-auth-proxy + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 8443 + name: webhook-metrics + protocol: TCP + - equal: + path: spec.template.spec.containers[1].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[1].ports[0] + value: + containerPort: 9443 + name: webhook-server + protocol: TCP +- it: should render Deployment with custom metrics port and image if metrics.enabled = true and metrics.authProxy.enabled = true + release: + name: rancher-externalip-webhook + set: + metrics.enabled: true + metrics.authProxy.enabled: true + metrics.port: 8000 + webhookPort: 9000 + image.repository: test + image.tag: dev-test + metrics.authProxy.image.repository: auth + metrics.authProxy.image.tag: auth-test + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook-auth-proxy + - equal: + path: spec.template.spec.containers[0].image + value: auth:auth-test + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 8000 + name: webhook-metrics + protocol: TCP + - equal: + path: spec.template.spec.containers[1].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[1].image + value: test:dev-test + - equal: + path: spec.template.spec.containers[1].ports[0] + value: + containerPort: 9000 + name: webhook-server + protocol: TCP \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/issuer_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/issuer_test.yaml new file mode 100644 index 000000000..eeeb660b2 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/issuer_test.yaml @@ -0,0 +1,106 @@ +suite: Test Issuers +templates: +- issuer.yaml +tests: +- it: should not render issuer if certificates.certManager.enabled = false + set: + certificates.certManager.enabled: false + asserts: + - hasDocuments: + count: 0 + template: issuer.yaml +- it: should render issuer if certificates.certManager.enabled = true + set: + certificates.certManager.enabled: true + asserts: + - hasDocuments: + count: 2 + template: issuer.yaml +- it: should set issuer apiVersion with default cert-manager + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 1.0.0 using capabilities + capabilities: + apiversions: + - cert-manager.io/v1 + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 0.16.0 using capabilities + capabilities: + apiversions: + - cert-manager.io/v1beta1 + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1beta1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 0.11.0 using capabilities + capabilities: + apiversions: + - cert-manager.io/v1alpha2 + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1alpha2 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager < 0.11.0 using capabilities + capabilities: + apiversions: + - certmanager.k8s.io/v1alpha1 + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: certmanager.k8s.io/v1alpha1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 1.0.0 using parameter + set: + certificates.certManager.version: 1.0.0 + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 0.16.0 using parameter + set: + certificates.certManager.version: 0.16.0 + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1beta1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 0.11.0 using parameter + set: + certificates.certManager.version: 0.11.0 + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1alpha2 + template: issuer.yaml +- it: should set letsEncrypt apiVersion with cert-manager < 0.11.0 using parameter + set: + certificates.certManager.version: 0.9.0 + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: certmanager.k8s.io/v1alpha1 + template: issuer.yaml diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/service_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/service_test.yaml new file mode 100644 index 000000000..a0ba4d352 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/service_test.yaml @@ -0,0 +1,69 @@ +suite: Test Services +templates: +- service.yaml +tests: +- it: should render webhook-server service with default webhookPort if metrics.enabled = false + set: + metrics.enabled: false + asserts: + - equal: + path: spec.ports[0] + value: + name: webhook-server + port: 443 + protocol: TCP + targetPort: 9443 +- it: should render webhook-server service with custom webhookPort if metrics.enabled = false + set: + metrics.enabled: false + webhookPort: 9000 + asserts: + - equal: + path: spec.ports[0] + value: + name: webhook-server + port: 443 + protocol: TCP + targetPort: 9000 +- it: should render webhook-server and webhook-metrics services with default webhookPort and metrics.port, if metrics.enabled = true + set: + metrics.enabled: true + asserts: + - equal: + path: spec.ports[0] + value: + name: webhook-server + port: 443 + protocol: TCP + targetPort: 9443 + documentIndex: 0 + - equal: + path: spec.ports[0] + value: + name: webhook-metrics + port: 8443 + protocol: TCP + targetPort: 8443 + documentIndex: 1 +- it: should render webhook-server and webhook-metrics services with custom webhookPort and metrics.port, if metrics.enabled = true + set: + metrics.enabled: true + metrics.port: 8000 + webhookPort: 9000 + asserts: + - equal: + path: spec.ports[0] + value: + name: webhook-server + port: 443 + protocol: TCP + targetPort: 9000 + documentIndex: 0 + - equal: + path: spec.ports[0] + value: + name: webhook-metrics + port: 8443 + protocol: TCP + targetPort: 8000 + documentIndex: 1 \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/serviceaccount_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/serviceaccount_test.yaml new file mode 100644 index 000000000..5aebbc74b --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/serviceaccount_test.yaml @@ -0,0 +1,9 @@ +suite: Test Service Accounts +templates: +- serviceaccount.yaml +tests: +- it: should render Service Account + asserts: + - hasDocuments: + count: 1 + template: serviceaccount.yaml diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/servicemonitor_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/servicemonitor_test.yaml new file mode 100644 index 000000000..21989265e --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/tests/servicemonitor_test.yaml @@ -0,0 +1,20 @@ +suite: Test Service Monitors +templates: +- servicemonitor.yaml +tests: +- it: should not render Service Monitor if metrics.enabled = false or metrics.prometheusExport = false + set: + metrics.enabled: false + metrics.prometheusExport: false + asserts: + - hasDocuments: + count: 0 + template: servicemonitor.yaml +- it: should render Service Account if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.prometheusExport: true + asserts: + - hasDocuments: + count: 1 + template: servicemonitor.yaml diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/values.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/values.yaml new file mode 100644 index 000000000..dc17e9796 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.400/values.yaml @@ -0,0 +1,67 @@ +## Allowed external IP cidrs +allowedExternalIPCidrs: "" +## Certificates generation for webhook +certificates: + certManager: + # Enable cert manager integration. Cert manager should be already installed at the k8s cluster + enabled: true + version: "" + # If cert-manager integration is disabled, add self signed ca.crt in base64 format + caBundle: "" + # If cert-manager integration is disabled, upload certs data (ca.crt, tls.crt and tls.key) as k8s secretName in the namespace + secretName: webhook-server-cert +## Details about the image to be pulled. +image: + pullPolicy: IfNotPresent + pullSecrets: [] + repository: rancher/externalip-webhook + tag: v0.1.4 +## Enabling metrics endpoint +# Webhook emits `webhook_failed_request_count` metrics whenever it rejects service creation or update operation +metrics: + enabled: false + port: 8443 + # Enable webhook metrics export to Prometheus + prometheusExport: false + # Webhook metrics auth proxy. This option is just available for amd64 arch + authProxy: + enabled: false + port: 8080 + image: + pullPolicy: IfNotPresent + pullSecrets: [] + repository: rancher/kube-rbac-proxy + tag: v0.5.0 + resources: + limits: + memory: 30Mi + cpu: 100m + requests: + memory: 20Mi + cpu: 100m +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## RBAC +rbac: + apiVersion: v1 +## CPU and Memory limit and request for externalip-webhook +resources: + limits: + memory: 30Mi + cpu: 100m + requests: + memory: 20Mi + cpu: 100m +service: + metricsPort: 8443 + webhookPort: 443 +## Webhook serviceAccountName. Just used if metrics.authProxy.enabled = false +serviceAccountName: default +## List of node taints to tolerate (requires Kubernetes >= 1.6) +tolerations: [] +## Webhook server pod port +webhookPort: 9443 +global: + systemDefaultRegistry: "" diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/.helmignore b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/Chart.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/Chart.yaml new file mode 100644 index 000000000..3143d5139 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/Chart.yaml @@ -0,0 +1,24 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: External IP Webhook + catalog.cattle.io/namespace: cattle-externalip-system + catalog.cattle.io/os: linux + catalog.cattle.io/release-name: rancher-external-ip-webhook + catalog.cattle.io/ui-component: rancher-external-ip-webhook +apiVersion: v1 +appVersion: v0.1.6 +description: | + Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554 +home: https://github.com/rancher/externalip-webhook +keywords: +- cve +- externalip +- webhook +- security +maintainers: +- email: raul@rancher.com + name: rawmind0 +name: rancher-external-ip-webhook +sources: +- https://github.com/rancher/externalip-webhook +version: 0.1.600 diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/README.md b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/README.md new file mode 100644 index 000000000..4890065a7 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/README.md @@ -0,0 +1,69 @@ +# externalip-webhook + +## Chart Details + +This chart will create a deployment of `externalip-webhook` within your Kubernetes Cluster. It's required to mitigate k8s CVE-2020-8554. + +## Installing the Chart + +To install the chart with the release name `rancher-external-ip-webhook`: + +```bash +$ helm repo add rancher-chart https://charts.rancher.io +$ helm repo update +$ helm install rancher-external-ip-webhook rancher-chart/rancher-external-ip-webhook --namespace cattle-externalip-system -f values.yaml +``` + +## Configuration + +The following table lists the configurable parameters of the externalip-webhook chart and their default values. + + +| Parameter | Description | Default | +| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- | +| `allowedExternalIPCidrs` | Set allowed external IP CIDRs separated by a comma | `""` | +| `certificates.caBundle` | If cert-manager integration is disabled, add here self signed ca.crt in base64 format | `""` | +| `certificates.certManager.enabled` | Enable cert manager integration. Cert manager should be already installed at the k8s cluster | `true` | +| `certificates.certManager.version` | Cert manager version to use | `""` | +| `certificates.secretName` | If cert-manager integration is disabled, upload certs data (ca.crt, tls.crt & tls.key) as k8s secretName in the namespace | `"webhook-server-cert"` | +| `global.systemDefaultRegistry` | Pull docker images from systemDefaultRegistry | `""` | +| `image.pullPolicy` | Webhook server docker pull policy | `"IfNotPresent"` | +| `image.pullSecrets` | Webhook server docker pull secret | `""` | +| `image.repository` | Webhook server docker image repository | `"rancher/externalip-webhook"` | +| `image.tag` | Webhook server docker image tag Defaults to | `".Chart.appVersion"` | +| `metrics.enabled` | Enable metrics endpoint | `false` | +| `metrics.port` | Webhook metrics pod port | `8443` | +| `metrics.prometheusExport` | Enable Prometheus export. Follow [exporting-metrics-for-prometheus](https://book.kubebuilder.io/reference/metrics.html#exporting-metrics-for-prometheus) to export the webhook metrics | `false` | +| `metrics.authProxy.enabled` | Enable auth proxy for metrics endpoint | `false` | +| `metrics.authProxy.port` | Webhook auth proxy pod port | `8080` | +| `metrics.authProxy.image.pullPolicy` | Webhook auth proxy docker pull policy | `"IfNotPresent"` | +| `metrics.authProxy.image.pullSecrets`| Webhook auth proxy docker pull secrets | `""` | +| `metrics.authProxy.image.repository` | Webhook auth proxy docker image repository | `"gcr.io/kubebuilder/kube-rbac-proxy"` | +| `metrics.authProxy.image.pullPolicy` | Webhook auth proxy docker image tag | `"v0.5.0"` | +| `metrics.authProxy.resources.limits.cpu` | Webhook auth proxy resource cpu limit | `"100m"` | +| `metrics.authProxy.resources.limits.memory` | Webhook auth proxy resource memory limit | `"30Mi"` | +| `metrics.authProxy.resources.requests.cpu` | Webhook auth proxy wesource cpu reservation | `"100m"` | +| `metrics.authProxy.resources.requests.memory` | Webhook auth proxy resource memory reservation | `"20Mi"` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `rbac.apiVersion` | Rbac API version to use | `"v1"` | +| `resources.limits.cpu` | Resource cpu limit | `"100m"` | +| `resources.limits.memory` | Resource memory limit | `"30Mi"` | +| `resources.requests.cpu` | Resource cpu reservation | `"100m"` | +| `resources.requests.memory` | Resource memory reservation | `"20Mi"` | +| `service.metricsPort` | Webhook metrics service port | `8443` | +| `service.webhookPort` | Webhook server service port | `443` | +| `serviceAccountName` | Webhook serviceAccountName. Just used if metrics.authProxy.enabled = false | `"default"` | +| `tolerations` | List of node taints to tolerate (requires Kubernetes >= 1.6) | `[]` | +| `webhookPort` | Webhook server pod port | `9443` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```bash +$ helm repo add rancher-chart https://charts.rancher.io +$ helm repo update +$ helm install rancher-external-ip-webhook rancher-chart/rancher-external-ip-webhook --namespace cattle-externalip-system -f values.yaml +``` + +> **Tip**: You can use the default [values.yaml](https://github.com/rancher/externalip-webhook/blob/master/chart/values.yaml) diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/app-README.md b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/app-README.md new file mode 100644 index 000000000..bd8acd382 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/app-README.md @@ -0,0 +1,12 @@ +# externalip-webhook + +This chart was created to mitigate [CVE-2020-8554](https://www.cvedetails.com/cve/CVE-2020-8554/) + +External IP Webhook is a validating k8s webhook which prevents services from using random external IPs. +Cluster administrators can specify list of CIDRs allowed to be used as external IP by specifying `allowed-external-ip-cidrs` parameter. The webhook will only allow services which either don’t set external IP, or whose external IPs are within the range specified by the administrator. + +External IP Webhook certificates are required. They can be generated in 2 ways: +* cert-manager: This is the default chart configuration. Cert manager should be already installed at the k8s cluster +* uploading certs: Disable `Cert Manager integration` and set `Secret name` and `CA Bundle` at `Certificates` section. + +For more information, review the Helm README of this chart. diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/questions.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/questions.yaml new file mode 100644 index 000000000..3ea9edd93 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/questions.yaml @@ -0,0 +1,26 @@ +questions: +# allowedExternalIPCidrs +- variable: allowedExternalIPCidrs + label: Allowed external IP cidrs + description: Set allowed external IP CIDRs separated by a comma + type: string + group: Configuration +- variable: certificates.certManager.enabled + default: true + description: Enable cert manager integration. Cert manager should be already installed + label: Enable Cert Manager integration + type: boolean + group: "Certificates" + show_subquestion_if: false + subquestions: + - variable: certificates.secretName + default: webhook-server-cert + description: Use certificates from secret. Secret should exists in the app namespace, with certs data (ca.crt, tls.crt & tls.key) + label: Secret name + type: string + required: true + - variable: certificates.caBundle + description: Use self signed CA Bundle. It should be provided in base64 format + label: CA Bundle + type: string + required: true diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/NOTES.txt b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/NOTES.txt new file mode 100644 index 000000000..74271bdd5 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/NOTES.txt @@ -0,0 +1,3 @@ +To verify that externalip-webhook has started, run: + + kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "externalip-webhook.name" . }},release={{ .Release.Name }}" diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/_helpers.tpl b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/_helpers.tpl new file mode 100644 index 000000000..cc8a9a0d3 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/_helpers.tpl @@ -0,0 +1,50 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "externalip-webhook.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "externalip-webhook.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if ne $name .Release.Name -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s" $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* Generate basic labels */}} +{{- define "externalip-webhook.labels" }} +app: {{ template "externalip-webhook.name" . }} +heritage: {{.Release.Service }} +release: {{.Release.Name }} +{{- end }} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +kubernetes.io/os: linux +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/admissionregistration.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/admissionregistration.yaml new file mode 100644 index 000000000..d8152faa5 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/admissionregistration.yaml @@ -0,0 +1,30 @@ +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: +{{- if .Values.certificates.certManager.enabled }} + annotations: + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ template "externalip-webhook.fullname" . }}-server-cert +{{- end }} + creationTimestamp: null + name: {{ template "externalip-webhook.fullname" . }}-validating-webhook-configuration +webhooks: +- clientConfig: +{{- if not (.Values.certificates.certManager.enabled) }} + caBundle: {{ .Values.certificates.caBundle }} +{{- end }} + service: + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} + path: /validate-service + failurePolicy: Ignore + name: {{ template "externalip-webhook.fullname" . }}.{{ .Release.Namespace }}.svc + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - services \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/clusterrole.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/clusterrole.yaml new file mode 100644 index 000000000..46e18bf00 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/clusterrole.yaml @@ -0,0 +1,33 @@ +{{- if and (.Values.metrics.enabled) (.Values.metrics.authProxy.enabled) -}} +apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} +kind: ClusterRole +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} +kind: ClusterRole +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/clusterrolebinding.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..2fa40817f --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/clusterrolebinding.yaml @@ -0,0 +1,31 @@ +apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} +kind: ClusterRoleBinding +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-cluster-view +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view +subjects: +- kind: ServiceAccount + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} +{{- if and (.Values.metrics.enabled) (.Values.metrics.authProxy.enabled) }} +--- +apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} +kind: ClusterRoleBinding +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "externalip-webhook.fullname" . }}-proxy-role +subjects: +- kind: ServiceAccount + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/deployment.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/deployment.yaml new file mode 100644 index 000000000..c82754deb --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/deployment.yaml @@ -0,0 +1,107 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + seccomp.security.alpha.kubernetes.io/pod: runtime/default + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: {{ template "externalip-webhook.name" . }} + template: + metadata: + annotations: + seccomp.security.alpha.kubernetes.io/pod: runtime/default + labels: {{ include "externalip-webhook.labels" . | indent 8 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + spec: + containers: + {{- if and (.Values.metrics.enabled) (.Values.metrics.authProxy.enabled) }} + - name: {{ template "externalip-webhook.fullname" . }}-auth-proxy + args: + - --secure-listen-address=0.0.0.0:{{ .Values.metrics.port }} + - --upstream=http://127.0.0.1:{{ .Values.metrics.authProxy.port }}/ + - --logtostderr=true + - --v=10 + image: {{ template "system_default_registry" . }}{{ .Values.metrics.authProxy.image.repository}}:{{ .Values.metrics.authProxy.image.tag }} + imagePullPolicy: "{{ .Values.metrics.authProxy.image.pullPolicy }}" + ports: + - containerPort: {{ .Values.metrics.port }} + name: webhook-metrics + protocol: TCP + resources: +{{ toYaml .Values.metrics.authProxy.resources | indent 10 }} + readinessProbe: + tcpSocket: + port: webhook-metrics + initialDelaySeconds: 5 + periodSeconds: 10 + livenessProbe: + tcpSocket: + port: webhook-metrics + initialDelaySeconds: 5 + failureThreshold: 10 + periodSeconds: 30 + {{- end }} + - name: {{ template "externalip-webhook.fullname" . }} + image: {{ template "system_default_registry" . }}{{ .Values.image.repository}}:{{ default .Chart.AppVersion .Values.image.tag }} + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + command: + - /webhook + args: + - --webhook-port={{ .Values.webhookPort }} + {{- if .Values.allowedExternalIPCidrs }} + - --allowed-external-ip-cidrs={{ .Values.allowedExternalIPCidrs }} + {{- end }} + {{- if .Values.metrics.enabled }} + {{- if .Values.metrics.authProxy.enabled }} + - --metrics-addr=127.0.0.1:{{ .Values.metrics.authProxy.port }} + {{- else }} + - --metrics-addr=0.0.0.0:{{ .Values.metrics.port }} + {{- end }} + {{- end }} + ports: + - containerPort: {{ .Values.webhookPort }} + name: webhook-server + protocol: TCP + {{- if and (.Values.metrics.enabled) (not (.Values.metrics.authProxy.enabled)) }} + - containerPort: {{ .Values.metrics.port }} + name: webhook-metrics + protocol: TCP + {{- end }} + volumeMounts: + - name: server-cert + mountPath: /tmp/k8s-webhook-server/serving-certs + readOnly: true + resources: +{{ toYaml .Values.resources | indent 10 }} + readinessProbe: + tcpSocket: + port: webhook-server + initialDelaySeconds: 5 + failureThreshold: 10 + periodSeconds: 30 + livenessProbe: + tcpSocket: + port: webhook-server + initialDelaySeconds: 5 + failureThreshold: 10 + periodSeconds: 30 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} + {{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 6}} + {{- if .Values.tolerations }} +{{ toYaml .Values.tolerations | indent 6 }} + {{- end }} + serviceAccountName: {{ template "externalip-webhook.fullname" . }} + volumes: + - name: server-cert + secret: + defaultMode: 420 + secretName: {{ .Values.certificates.secretName }} diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/issuer.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/issuer.yaml new file mode 100644 index 000000000..ff1c2de10 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/issuer.yaml @@ -0,0 +1,52 @@ +{{- if .Values.certificates.certManager.enabled -}} + {{- $certmanagerVer := split "." .Values.certificates.certManager.version -}} + {{- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 1) (ge (int $certmanagerVer._1) 0)) }} +apiVersion: cert-manager.io/v1 + {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 16)) }} +apiVersion: cert-manager.io/v1beta1 + {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 11)) }} +apiVersion: cert-manager.io/v1alpha2 + {{- else if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (lt (int $certmanagerVer._1) 11)) }} +apiVersion: certmanager.k8s.io/v1alpha1 + {{- else }} +# Setting latest version as default +apiVersion: cert-manager.io/v1 + {{- end }} +kind: Certificate +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-server-cert + namespace: {{ .Release.Namespace }} +spec: + dnsNames: + - {{ template "externalip-webhook.fullname" . }}.{{ .Release.Namespace }}.svc + - {{ template "externalip-webhook.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local + issuerRef: + kind: Issuer + name: {{ template "externalip-webhook.fullname" . }}-issuer + secretName: {{ .Values.certificates.secretName }} +--- + {{- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 1) (ge (int $certmanagerVer._1) 0)) }} +apiVersion: cert-manager.io/v1 + {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 16)) }} +apiVersion: cert-manager.io/v1beta1 + {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 11)) }} +apiVersion: cert-manager.io/v1alpha2 + {{- else if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (lt (int $certmanagerVer._1) 11)) }} +apiVersion: certmanager.k8s.io/v1alpha1 + {{- else }} +# Setting latest version as default +apiVersion: cert-manager.io/v1 + {{- end }} +kind: Issuer +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-issuer + namespace: {{ .Release.Namespace }} +spec: + selfSigned: {} +{{- end -}} + + diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/service.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/service.yaml new file mode 100644 index 000000000..256add3e4 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/service.yaml @@ -0,0 +1,35 @@ +apiVersion: v1 +kind: Service +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + ports: + - name: webhook-server + port: {{ .Values.service.webhookPort }} + protocol: TCP + targetPort: {{ .Values.webhookPort }} + selector: + app: {{ template "externalip-webhook.name" . }} + type: "ClusterIP" +{{- if .Values.metrics.enabled }} +--- +apiVersion: v1 +kind: Service +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-metrics-service + namespace: {{ .Release.Namespace }} +spec: + ports: + - name: webhook-metrics + port: {{ .Values.service.metricsPort }} + protocol: TCP + targetPort: {{ .Values.metrics.port }} + selector: + app: {{ template "externalip-webhook.name" . }} + type: "ClusterIP" +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/serviceaccount.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/serviceaccount.yaml new file mode 100644 index 000000000..895df4f5b --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/serviceaccount.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/servicemonitor.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/servicemonitor.yaml new file mode 100644 index 000000000..c481ea31d --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/templates/servicemonitor.yaml @@ -0,0 +1,16 @@ +{{- if and (.Values.metrics.enabled) (.Values.metrics.prometheusExport) -}} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-monitor + namespace: {{ .Release.Namespace }} +spec: + endpoints: + - path: /metrics + port: https + selector: + matchLabels: + app: {{ template "externalip-webhook.name" . }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/admissionregistration_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/admissionregistration_test.yaml new file mode 100644 index 000000000..0660aa6e8 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/admissionregistration_test.yaml @@ -0,0 +1,32 @@ +suite: Test Admission Registration +templates: +- admissionregistration.yaml +tests: +- it: should render Admission Registration + asserts: + - equal: + path: apiVersion + value: admissionregistration.k8s.io/v1beta1 +- it: should render Admission Registration annotation and not caBundle if certificates.certManager.enabled = true + release: + name: rancher-externalip-webhook + namespace: test + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: metadata.annotations + value: + cert-manager.io/inject-ca-from: test/rancher-externalip-webhook-server-cert + - isNull: + path: webhooks[0].clientConfig.caBundle +- it: should render Admission Registration caBundle and not annotation if certificates.certManager.enabled = false + set: + certificates.caBundle: test + certificates.certManager.enabled: false + asserts: + - equal: + path: webhooks[0].clientConfig.caBundle + value: test + - isNull: + path: metadata.annotations diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/clusterrole_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/clusterrole_test.yaml new file mode 100644 index 000000000..9e563807b --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/clusterrole_test.yaml @@ -0,0 +1,37 @@ +suite: Test Cluster Roles +templates: +- clusterrole.yaml +tests: +- it: should not render Cluster Roles if metrics.enabled = false or metrics.authProxy.enabled = false + set: + metrics.enabled: false + metrics.authProxy.enabled: false + asserts: + - hasDocuments: + count: 0 + template: clusterrole.yaml +- it: should render Cluster Roles if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.authProxy.enabled: true + asserts: + - hasDocuments: + count: 2 + template: clusterrole.yaml +- it: should render Cluster Roles with default rbac api version if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.authProxy.enabled: true + asserts: + - equal: + path: apiVersion + value: rbac.authorization.k8s.io/v1 +- it: should render Cluster Roles with custom rbac api version if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.authProxy.enabled: true + rbac.apiVersion: v1beta + asserts: + - equal: + path: apiVersion + value: rbac.authorization.k8s.io/v1beta \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/clusterrolebinding_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/clusterrolebinding_test.yaml new file mode 100644 index 000000000..2129573a3 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/clusterrolebinding_test.yaml @@ -0,0 +1,42 @@ +suite: Test Cluster Role Bindings +templates: +- clusterrolebinding.yaml +tests: +- it: should render Cluster Role Bindings with default rbac api version + set: + rbac.apiVersion: v1 + asserts: + - equal: + path: apiVersion + value: rbac.authorization.k8s.io/v1 +- it: should render Cluster Role Bindings with custom rbac api version + set: + rbac.apiVersion: v1beta + asserts: + - equal: + path: apiVersion + value: rbac.authorization.k8s.io/v1beta +- it: should not render Cluster Role Binding proxy if metrics.enabled = false or metrics.authProxy.enabled = false + set: + metrics.enabled: false + metrics.authProxy.enabled: false + asserts: + - hasDocuments: + count: 1 + template: clusterrolebinding.yaml +- it: should render Cluster Role Bindings proxy if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.authProxy.enabled: true + asserts: + - hasDocuments: + count: 2 + template: clusterrolebinding.yaml +- it: should render Cluster Role Bindings with default rbac api version if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.authProxy.enabled: true + asserts: + - equal: + path: apiVersion + value: rbac.authorization.k8s.io/v1 \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/deployment_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/deployment_test.yaml new file mode 100644 index 000000000..50e3f9ec1 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/deployment_test.yaml @@ -0,0 +1,202 @@ +suite: Test Deployments +templates: +- deployment.yaml +tests: +- it: should render Deployment with allowed-external-ip-cidrs arg if allowedExternalIPCidrs is set + release: + name: rancher-externalip-webhook + set: + allowedExternalIPCidrs: "1,2" + asserts: + - equal: + path: spec.template.spec.containers[0].args[1] + value: --allowed-external-ip-cidrs=1,2 +- it: should render Deployment with default port, nodeSelector and tolerations if metrics.enabled = false and metrics.authProxy.enabled = false + release: + name: rancher-externalip-webhook + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 9443 + name: webhook-server + protocol: TCP + - equal: + path: spec.template.spec.tolerations[0] + value: + key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" + - equal: + path: spec.template.spec.nodeSelector + value: + kubernetes.io/os: linux +- it: should render Deployment with default port and custom nodeSelector and tolerations if metrics.enabled = false and metrics.authProxy.enabled = false + release: + name: rancher-externalip-webhook + set: + tolerations: + - key: "cattle.io/test" + value: "linux" + effect: "NoSchedule" + operator: "Equal" + nodeSelector: + kubernetes.io/test: linux + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 9443 + name: webhook-server + protocol: TCP + - equal: + path: spec.template.spec.tolerations[0] + value: + key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" + - equal: + path: spec.template.spec.tolerations[1] + value: + key: "cattle.io/test" + value: "linux" + effect: "NoSchedule" + operator: "Equal" + - equal: + path: spec.template.spec.nodeSelector + value: + kubernetes.io/os: linux + kubernetes.io/test: linux +- it: should render Deployment with custom port and image if metrics.enabled = false and metrics.authProxy.enabled = false + release: + name: rancher-externalip-webhook + set: + webhookPort: 9000 + image.repository: test + image.tag: dev-test + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[0].image + value: test:dev-test + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 9000 + name: webhook-server + protocol: TCP +- it: should render Deployment with default metrics port if metrics.enabled = true and metrics.authProxy.enabled = false + release: + name: rancher-externalip-webhook + set: + metrics.enabled: true + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 9443 + name: webhook-server + protocol: TCP + - equal: + path: spec.template.spec.containers[0].ports[1] + value: + containerPort: 8443 + name: webhook-metrics + protocol: TCP +- it: should render Deployment with custom metrics port if metrics.enabled = true and metrics.authProxy.enabled = false + release: + name: rancher-externalip-webhook + set: + metrics.enabled: true + metrics.port: 8000 + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 9443 + name: webhook-server + protocol: TCP + - equal: + path: spec.template.spec.containers[0].ports[1] + value: + containerPort: 8000 + name: webhook-metrics + protocol: TCP +- it: should render Deployment with default metrics port if metrics.enabled = true and metrics.authProxy.enabled = true + release: + name: rancher-externalip-webhook + set: + metrics.enabled: true + metrics.authProxy.enabled: true + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook-auth-proxy + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 8443 + name: webhook-metrics + protocol: TCP + - equal: + path: spec.template.spec.containers[1].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[1].ports[0] + value: + containerPort: 9443 + name: webhook-server + protocol: TCP +- it: should render Deployment with custom metrics port and image if metrics.enabled = true and metrics.authProxy.enabled = true + release: + name: rancher-externalip-webhook + set: + metrics.enabled: true + metrics.authProxy.enabled: true + metrics.port: 8000 + webhookPort: 9000 + image.repository: test + image.tag: dev-test + metrics.authProxy.image.repository: auth + metrics.authProxy.image.tag: auth-test + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook-auth-proxy + - equal: + path: spec.template.spec.containers[0].image + value: auth:auth-test + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 8000 + name: webhook-metrics + protocol: TCP + - equal: + path: spec.template.spec.containers[1].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[1].image + value: test:dev-test + - equal: + path: spec.template.spec.containers[1].ports[0] + value: + containerPort: 9000 + name: webhook-server + protocol: TCP \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/issuer_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/issuer_test.yaml new file mode 100644 index 000000000..eeeb660b2 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/issuer_test.yaml @@ -0,0 +1,106 @@ +suite: Test Issuers +templates: +- issuer.yaml +tests: +- it: should not render issuer if certificates.certManager.enabled = false + set: + certificates.certManager.enabled: false + asserts: + - hasDocuments: + count: 0 + template: issuer.yaml +- it: should render issuer if certificates.certManager.enabled = true + set: + certificates.certManager.enabled: true + asserts: + - hasDocuments: + count: 2 + template: issuer.yaml +- it: should set issuer apiVersion with default cert-manager + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 1.0.0 using capabilities + capabilities: + apiversions: + - cert-manager.io/v1 + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 0.16.0 using capabilities + capabilities: + apiversions: + - cert-manager.io/v1beta1 + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1beta1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 0.11.0 using capabilities + capabilities: + apiversions: + - cert-manager.io/v1alpha2 + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1alpha2 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager < 0.11.0 using capabilities + capabilities: + apiversions: + - certmanager.k8s.io/v1alpha1 + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: certmanager.k8s.io/v1alpha1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 1.0.0 using parameter + set: + certificates.certManager.version: 1.0.0 + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 0.16.0 using parameter + set: + certificates.certManager.version: 0.16.0 + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1beta1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 0.11.0 using parameter + set: + certificates.certManager.version: 0.11.0 + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1alpha2 + template: issuer.yaml +- it: should set letsEncrypt apiVersion with cert-manager < 0.11.0 using parameter + set: + certificates.certManager.version: 0.9.0 + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: certmanager.k8s.io/v1alpha1 + template: issuer.yaml diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/service_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/service_test.yaml new file mode 100644 index 000000000..a0ba4d352 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/service_test.yaml @@ -0,0 +1,69 @@ +suite: Test Services +templates: +- service.yaml +tests: +- it: should render webhook-server service with default webhookPort if metrics.enabled = false + set: + metrics.enabled: false + asserts: + - equal: + path: spec.ports[0] + value: + name: webhook-server + port: 443 + protocol: TCP + targetPort: 9443 +- it: should render webhook-server service with custom webhookPort if metrics.enabled = false + set: + metrics.enabled: false + webhookPort: 9000 + asserts: + - equal: + path: spec.ports[0] + value: + name: webhook-server + port: 443 + protocol: TCP + targetPort: 9000 +- it: should render webhook-server and webhook-metrics services with default webhookPort and metrics.port, if metrics.enabled = true + set: + metrics.enabled: true + asserts: + - equal: + path: spec.ports[0] + value: + name: webhook-server + port: 443 + protocol: TCP + targetPort: 9443 + documentIndex: 0 + - equal: + path: spec.ports[0] + value: + name: webhook-metrics + port: 8443 + protocol: TCP + targetPort: 8443 + documentIndex: 1 +- it: should render webhook-server and webhook-metrics services with custom webhookPort and metrics.port, if metrics.enabled = true + set: + metrics.enabled: true + metrics.port: 8000 + webhookPort: 9000 + asserts: + - equal: + path: spec.ports[0] + value: + name: webhook-server + port: 443 + protocol: TCP + targetPort: 9000 + documentIndex: 0 + - equal: + path: spec.ports[0] + value: + name: webhook-metrics + port: 8443 + protocol: TCP + targetPort: 8000 + documentIndex: 1 \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/serviceaccount_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/serviceaccount_test.yaml new file mode 100644 index 000000000..5aebbc74b --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/serviceaccount_test.yaml @@ -0,0 +1,9 @@ +suite: Test Service Accounts +templates: +- serviceaccount.yaml +tests: +- it: should render Service Account + asserts: + - hasDocuments: + count: 1 + template: serviceaccount.yaml diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/servicemonitor_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/servicemonitor_test.yaml new file mode 100644 index 000000000..21989265e --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/tests/servicemonitor_test.yaml @@ -0,0 +1,20 @@ +suite: Test Service Monitors +templates: +- servicemonitor.yaml +tests: +- it: should not render Service Monitor if metrics.enabled = false or metrics.prometheusExport = false + set: + metrics.enabled: false + metrics.prometheusExport: false + asserts: + - hasDocuments: + count: 0 + template: servicemonitor.yaml +- it: should render Service Account if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.prometheusExport: true + asserts: + - hasDocuments: + count: 1 + template: servicemonitor.yaml diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/values.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/values.yaml new file mode 100644 index 000000000..19145a81b --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.600/values.yaml @@ -0,0 +1,67 @@ +## Allowed external IP cidrs +allowedExternalIPCidrs: "" +## Certificates generation for webhook +certificates: + certManager: + # Enable cert manager integration. Cert manager should be already installed at the k8s cluster + enabled: true + version: "" + # If cert-manager integration is disabled, add self signed ca.crt in base64 format + caBundle: "" + # If cert-manager integration is disabled, upload certs data (ca.crt, tls.crt and tls.key) as k8s secretName in the namespace + secretName: webhook-server-cert +## Details about the image to be pulled. +image: + pullPolicy: IfNotPresent + pullSecrets: [] + repository: rancher/externalip-webhook + tag: v0.1.6 +## Enabling metrics endpoint +# Webhook emits `webhook_failed_request_count` metrics whenever it rejects service creation or update operation +metrics: + enabled: false + port: 8443 + # Enable webhook metrics export to Prometheus + prometheusExport: false + # Webhook metrics auth proxy. This option is just available for amd64 arch + authProxy: + enabled: false + port: 8080 + image: + pullPolicy: IfNotPresent + pullSecrets: [] + repository: rancher/kube-rbac-proxy + tag: v0.5.0 + resources: + limits: + memory: 30Mi + cpu: 100m + requests: + memory: 20Mi + cpu: 100m +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## RBAC +rbac: + apiVersion: v1 +## CPU and Memory limit and request for externalip-webhook +resources: + limits: + memory: 30Mi + cpu: 100m + requests: + memory: 20Mi + cpu: 100m +service: + metricsPort: 8443 + webhookPort: 443 +## Webhook serviceAccountName. Just used if metrics.authProxy.enabled = false +serviceAccountName: default +## List of node taints to tolerate (requires Kubernetes >= 1.6) +tolerations: [] +## Webhook server pod port +webhookPort: 9443 +global: + systemDefaultRegistry: "" diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/.helmignore b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/.helmignore new file mode 100755 index 000000000..f0c131944 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/Chart.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/Chart.yaml new file mode 100755 index 000000000..aebc35572 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/Chart.yaml @@ -0,0 +1,24 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: External IP Webhook + catalog.cattle.io/namespace: cattle-externalip-system + catalog.cattle.io/os: linux + catalog.cattle.io/release-name: rancher-external-ip-webhook + catalog.cattle.io/ui-component: rancher-external-ip-webhook +apiVersion: v1 +appVersion: v0.1.6 +description: | + Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554 +home: https://github.com/rancher/externalip-webhook +keywords: +- cve +- externalip +- webhook +- security +maintainers: +- email: raul@rancher.com + name: rawmind0 +name: rancher-external-ip-webhook +sources: +- https://github.com/rancher/externalip-webhook +version: 0.1.601 diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/README.md b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/README.md new file mode 100755 index 000000000..4890065a7 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/README.md @@ -0,0 +1,69 @@ +# externalip-webhook + +## Chart Details + +This chart will create a deployment of `externalip-webhook` within your Kubernetes Cluster. It's required to mitigate k8s CVE-2020-8554. + +## Installing the Chart + +To install the chart with the release name `rancher-external-ip-webhook`: + +```bash +$ helm repo add rancher-chart https://charts.rancher.io +$ helm repo update +$ helm install rancher-external-ip-webhook rancher-chart/rancher-external-ip-webhook --namespace cattle-externalip-system -f values.yaml +``` + +## Configuration + +The following table lists the configurable parameters of the externalip-webhook chart and their default values. + + +| Parameter | Description | Default | +| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- | +| `allowedExternalIPCidrs` | Set allowed external IP CIDRs separated by a comma | `""` | +| `certificates.caBundle` | If cert-manager integration is disabled, add here self signed ca.crt in base64 format | `""` | +| `certificates.certManager.enabled` | Enable cert manager integration. Cert manager should be already installed at the k8s cluster | `true` | +| `certificates.certManager.version` | Cert manager version to use | `""` | +| `certificates.secretName` | If cert-manager integration is disabled, upload certs data (ca.crt, tls.crt & tls.key) as k8s secretName in the namespace | `"webhook-server-cert"` | +| `global.systemDefaultRegistry` | Pull docker images from systemDefaultRegistry | `""` | +| `image.pullPolicy` | Webhook server docker pull policy | `"IfNotPresent"` | +| `image.pullSecrets` | Webhook server docker pull secret | `""` | +| `image.repository` | Webhook server docker image repository | `"rancher/externalip-webhook"` | +| `image.tag` | Webhook server docker image tag Defaults to | `".Chart.appVersion"` | +| `metrics.enabled` | Enable metrics endpoint | `false` | +| `metrics.port` | Webhook metrics pod port | `8443` | +| `metrics.prometheusExport` | Enable Prometheus export. Follow [exporting-metrics-for-prometheus](https://book.kubebuilder.io/reference/metrics.html#exporting-metrics-for-prometheus) to export the webhook metrics | `false` | +| `metrics.authProxy.enabled` | Enable auth proxy for metrics endpoint | `false` | +| `metrics.authProxy.port` | Webhook auth proxy pod port | `8080` | +| `metrics.authProxy.image.pullPolicy` | Webhook auth proxy docker pull policy | `"IfNotPresent"` | +| `metrics.authProxy.image.pullSecrets`| Webhook auth proxy docker pull secrets | `""` | +| `metrics.authProxy.image.repository` | Webhook auth proxy docker image repository | `"gcr.io/kubebuilder/kube-rbac-proxy"` | +| `metrics.authProxy.image.pullPolicy` | Webhook auth proxy docker image tag | `"v0.5.0"` | +| `metrics.authProxy.resources.limits.cpu` | Webhook auth proxy resource cpu limit | `"100m"` | +| `metrics.authProxy.resources.limits.memory` | Webhook auth proxy resource memory limit | `"30Mi"` | +| `metrics.authProxy.resources.requests.cpu` | Webhook auth proxy wesource cpu reservation | `"100m"` | +| `metrics.authProxy.resources.requests.memory` | Webhook auth proxy resource memory reservation | `"20Mi"` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `rbac.apiVersion` | Rbac API version to use | `"v1"` | +| `resources.limits.cpu` | Resource cpu limit | `"100m"` | +| `resources.limits.memory` | Resource memory limit | `"30Mi"` | +| `resources.requests.cpu` | Resource cpu reservation | `"100m"` | +| `resources.requests.memory` | Resource memory reservation | `"20Mi"` | +| `service.metricsPort` | Webhook metrics service port | `8443` | +| `service.webhookPort` | Webhook server service port | `443` | +| `serviceAccountName` | Webhook serviceAccountName. Just used if metrics.authProxy.enabled = false | `"default"` | +| `tolerations` | List of node taints to tolerate (requires Kubernetes >= 1.6) | `[]` | +| `webhookPort` | Webhook server pod port | `9443` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```bash +$ helm repo add rancher-chart https://charts.rancher.io +$ helm repo update +$ helm install rancher-external-ip-webhook rancher-chart/rancher-external-ip-webhook --namespace cattle-externalip-system -f values.yaml +``` + +> **Tip**: You can use the default [values.yaml](https://github.com/rancher/externalip-webhook/blob/master/chart/values.yaml) diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/app-README.md b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/app-README.md new file mode 100755 index 000000000..bd8acd382 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/app-README.md @@ -0,0 +1,12 @@ +# externalip-webhook + +This chart was created to mitigate [CVE-2020-8554](https://www.cvedetails.com/cve/CVE-2020-8554/) + +External IP Webhook is a validating k8s webhook which prevents services from using random external IPs. +Cluster administrators can specify list of CIDRs allowed to be used as external IP by specifying `allowed-external-ip-cidrs` parameter. The webhook will only allow services which either don’t set external IP, or whose external IPs are within the range specified by the administrator. + +External IP Webhook certificates are required. They can be generated in 2 ways: +* cert-manager: This is the default chart configuration. Cert manager should be already installed at the k8s cluster +* uploading certs: Disable `Cert Manager integration` and set `Secret name` and `CA Bundle` at `Certificates` section. + +For more information, review the Helm README of this chart. diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/questions.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/questions.yaml new file mode 100755 index 000000000..3ea9edd93 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/questions.yaml @@ -0,0 +1,26 @@ +questions: +# allowedExternalIPCidrs +- variable: allowedExternalIPCidrs + label: Allowed external IP cidrs + description: Set allowed external IP CIDRs separated by a comma + type: string + group: Configuration +- variable: certificates.certManager.enabled + default: true + description: Enable cert manager integration. Cert manager should be already installed + label: Enable Cert Manager integration + type: boolean + group: "Certificates" + show_subquestion_if: false + subquestions: + - variable: certificates.secretName + default: webhook-server-cert + description: Use certificates from secret. Secret should exists in the app namespace, with certs data (ca.crt, tls.crt & tls.key) + label: Secret name + type: string + required: true + - variable: certificates.caBundle + description: Use self signed CA Bundle. It should be provided in base64 format + label: CA Bundle + type: string + required: true diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/NOTES.txt b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/NOTES.txt new file mode 100755 index 000000000..74271bdd5 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/NOTES.txt @@ -0,0 +1,3 @@ +To verify that externalip-webhook has started, run: + + kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "externalip-webhook.name" . }},release={{ .Release.Name }}" diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/_helpers.tpl b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/_helpers.tpl new file mode 100755 index 000000000..cc8a9a0d3 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/_helpers.tpl @@ -0,0 +1,50 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "externalip-webhook.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "externalip-webhook.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if ne $name .Release.Name -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s" $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* Generate basic labels */}} +{{- define "externalip-webhook.labels" }} +app: {{ template "externalip-webhook.name" . }} +heritage: {{.Release.Service }} +release: {{.Release.Name }} +{{- end }} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +kubernetes.io/os: linux +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/admissionregistration.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/admissionregistration.yaml new file mode 100755 index 000000000..d8152faa5 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/admissionregistration.yaml @@ -0,0 +1,30 @@ +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: +{{- if .Values.certificates.certManager.enabled }} + annotations: + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ template "externalip-webhook.fullname" . }}-server-cert +{{- end }} + creationTimestamp: null + name: {{ template "externalip-webhook.fullname" . }}-validating-webhook-configuration +webhooks: +- clientConfig: +{{- if not (.Values.certificates.certManager.enabled) }} + caBundle: {{ .Values.certificates.caBundle }} +{{- end }} + service: + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} + path: /validate-service + failurePolicy: Ignore + name: {{ template "externalip-webhook.fullname" . }}.{{ .Release.Namespace }}.svc + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - services \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/clusterrole.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/clusterrole.yaml new file mode 100755 index 000000000..46e18bf00 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/clusterrole.yaml @@ -0,0 +1,33 @@ +{{- if and (.Values.metrics.enabled) (.Values.metrics.authProxy.enabled) -}} +apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} +kind: ClusterRole +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} +kind: ClusterRole +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/clusterrolebinding.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..2fa40817f --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/clusterrolebinding.yaml @@ -0,0 +1,31 @@ +apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} +kind: ClusterRoleBinding +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-cluster-view +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view +subjects: +- kind: ServiceAccount + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} +{{- if and (.Values.metrics.enabled) (.Values.metrics.authProxy.enabled) }} +--- +apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} +kind: ClusterRoleBinding +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "externalip-webhook.fullname" . }}-proxy-role +subjects: +- kind: ServiceAccount + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/deployment.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/deployment.yaml new file mode 100755 index 000000000..c82754deb --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/deployment.yaml @@ -0,0 +1,107 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + seccomp.security.alpha.kubernetes.io/pod: runtime/default + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: {{ template "externalip-webhook.name" . }} + template: + metadata: + annotations: + seccomp.security.alpha.kubernetes.io/pod: runtime/default + labels: {{ include "externalip-webhook.labels" . | indent 8 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + spec: + containers: + {{- if and (.Values.metrics.enabled) (.Values.metrics.authProxy.enabled) }} + - name: {{ template "externalip-webhook.fullname" . }}-auth-proxy + args: + - --secure-listen-address=0.0.0.0:{{ .Values.metrics.port }} + - --upstream=http://127.0.0.1:{{ .Values.metrics.authProxy.port }}/ + - --logtostderr=true + - --v=10 + image: {{ template "system_default_registry" . }}{{ .Values.metrics.authProxy.image.repository}}:{{ .Values.metrics.authProxy.image.tag }} + imagePullPolicy: "{{ .Values.metrics.authProxy.image.pullPolicy }}" + ports: + - containerPort: {{ .Values.metrics.port }} + name: webhook-metrics + protocol: TCP + resources: +{{ toYaml .Values.metrics.authProxy.resources | indent 10 }} + readinessProbe: + tcpSocket: + port: webhook-metrics + initialDelaySeconds: 5 + periodSeconds: 10 + livenessProbe: + tcpSocket: + port: webhook-metrics + initialDelaySeconds: 5 + failureThreshold: 10 + periodSeconds: 30 + {{- end }} + - name: {{ template "externalip-webhook.fullname" . }} + image: {{ template "system_default_registry" . }}{{ .Values.image.repository}}:{{ default .Chart.AppVersion .Values.image.tag }} + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + command: + - /webhook + args: + - --webhook-port={{ .Values.webhookPort }} + {{- if .Values.allowedExternalIPCidrs }} + - --allowed-external-ip-cidrs={{ .Values.allowedExternalIPCidrs }} + {{- end }} + {{- if .Values.metrics.enabled }} + {{- if .Values.metrics.authProxy.enabled }} + - --metrics-addr=127.0.0.1:{{ .Values.metrics.authProxy.port }} + {{- else }} + - --metrics-addr=0.0.0.0:{{ .Values.metrics.port }} + {{- end }} + {{- end }} + ports: + - containerPort: {{ .Values.webhookPort }} + name: webhook-server + protocol: TCP + {{- if and (.Values.metrics.enabled) (not (.Values.metrics.authProxy.enabled)) }} + - containerPort: {{ .Values.metrics.port }} + name: webhook-metrics + protocol: TCP + {{- end }} + volumeMounts: + - name: server-cert + mountPath: /tmp/k8s-webhook-server/serving-certs + readOnly: true + resources: +{{ toYaml .Values.resources | indent 10 }} + readinessProbe: + tcpSocket: + port: webhook-server + initialDelaySeconds: 5 + failureThreshold: 10 + periodSeconds: 30 + livenessProbe: + tcpSocket: + port: webhook-server + initialDelaySeconds: 5 + failureThreshold: 10 + periodSeconds: 30 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} + {{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 6}} + {{- if .Values.tolerations }} +{{ toYaml .Values.tolerations | indent 6 }} + {{- end }} + serviceAccountName: {{ template "externalip-webhook.fullname" . }} + volumes: + - name: server-cert + secret: + defaultMode: 420 + secretName: {{ .Values.certificates.secretName }} diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/issuer.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/issuer.yaml new file mode 100755 index 000000000..ff1c2de10 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/issuer.yaml @@ -0,0 +1,52 @@ +{{- if .Values.certificates.certManager.enabled -}} + {{- $certmanagerVer := split "." .Values.certificates.certManager.version -}} + {{- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 1) (ge (int $certmanagerVer._1) 0)) }} +apiVersion: cert-manager.io/v1 + {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 16)) }} +apiVersion: cert-manager.io/v1beta1 + {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 11)) }} +apiVersion: cert-manager.io/v1alpha2 + {{- else if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (lt (int $certmanagerVer._1) 11)) }} +apiVersion: certmanager.k8s.io/v1alpha1 + {{- else }} +# Setting latest version as default +apiVersion: cert-manager.io/v1 + {{- end }} +kind: Certificate +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-server-cert + namespace: {{ .Release.Namespace }} +spec: + dnsNames: + - {{ template "externalip-webhook.fullname" . }}.{{ .Release.Namespace }}.svc + - {{ template "externalip-webhook.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local + issuerRef: + kind: Issuer + name: {{ template "externalip-webhook.fullname" . }}-issuer + secretName: {{ .Values.certificates.secretName }} +--- + {{- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 1) (ge (int $certmanagerVer._1) 0)) }} +apiVersion: cert-manager.io/v1 + {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 16)) }} +apiVersion: cert-manager.io/v1beta1 + {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 11)) }} +apiVersion: cert-manager.io/v1alpha2 + {{- else if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (lt (int $certmanagerVer._1) 11)) }} +apiVersion: certmanager.k8s.io/v1alpha1 + {{- else }} +# Setting latest version as default +apiVersion: cert-manager.io/v1 + {{- end }} +kind: Issuer +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-issuer + namespace: {{ .Release.Namespace }} +spec: + selfSigned: {} +{{- end -}} + + diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/service.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/service.yaml new file mode 100755 index 000000000..256add3e4 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/service.yaml @@ -0,0 +1,35 @@ +apiVersion: v1 +kind: Service +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + ports: + - name: webhook-server + port: {{ .Values.service.webhookPort }} + protocol: TCP + targetPort: {{ .Values.webhookPort }} + selector: + app: {{ template "externalip-webhook.name" . }} + type: "ClusterIP" +{{- if .Values.metrics.enabled }} +--- +apiVersion: v1 +kind: Service +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-metrics-service + namespace: {{ .Release.Namespace }} +spec: + ports: + - name: webhook-metrics + port: {{ .Values.service.metricsPort }} + protocol: TCP + targetPort: {{ .Values.metrics.port }} + selector: + app: {{ template "externalip-webhook.name" . }} + type: "ClusterIP" +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/serviceaccount.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/serviceaccount.yaml new file mode 100755 index 000000000..895df4f5b --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/serviceaccount.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/servicemonitor.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/servicemonitor.yaml new file mode 100755 index 000000000..c481ea31d --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/templates/servicemonitor.yaml @@ -0,0 +1,16 @@ +{{- if and (.Values.metrics.enabled) (.Values.metrics.prometheusExport) -}} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-monitor + namespace: {{ .Release.Namespace }} +spec: + endpoints: + - path: /metrics + port: https + selector: + matchLabels: + app: {{ template "externalip-webhook.name" . }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/admissionregistration_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/admissionregistration_test.yaml new file mode 100755 index 000000000..0660aa6e8 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/admissionregistration_test.yaml @@ -0,0 +1,32 @@ +suite: Test Admission Registration +templates: +- admissionregistration.yaml +tests: +- it: should render Admission Registration + asserts: + - equal: + path: apiVersion + value: admissionregistration.k8s.io/v1beta1 +- it: should render Admission Registration annotation and not caBundle if certificates.certManager.enabled = true + release: + name: rancher-externalip-webhook + namespace: test + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: metadata.annotations + value: + cert-manager.io/inject-ca-from: test/rancher-externalip-webhook-server-cert + - isNull: + path: webhooks[0].clientConfig.caBundle +- it: should render Admission Registration caBundle and not annotation if certificates.certManager.enabled = false + set: + certificates.caBundle: test + certificates.certManager.enabled: false + asserts: + - equal: + path: webhooks[0].clientConfig.caBundle + value: test + - isNull: + path: metadata.annotations diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/clusterrole_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/clusterrole_test.yaml new file mode 100755 index 000000000..9e563807b --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/clusterrole_test.yaml @@ -0,0 +1,37 @@ +suite: Test Cluster Roles +templates: +- clusterrole.yaml +tests: +- it: should not render Cluster Roles if metrics.enabled = false or metrics.authProxy.enabled = false + set: + metrics.enabled: false + metrics.authProxy.enabled: false + asserts: + - hasDocuments: + count: 0 + template: clusterrole.yaml +- it: should render Cluster Roles if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.authProxy.enabled: true + asserts: + - hasDocuments: + count: 2 + template: clusterrole.yaml +- it: should render Cluster Roles with default rbac api version if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.authProxy.enabled: true + asserts: + - equal: + path: apiVersion + value: rbac.authorization.k8s.io/v1 +- it: should render Cluster Roles with custom rbac api version if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.authProxy.enabled: true + rbac.apiVersion: v1beta + asserts: + - equal: + path: apiVersion + value: rbac.authorization.k8s.io/v1beta \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/clusterrolebinding_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/clusterrolebinding_test.yaml new file mode 100755 index 000000000..2129573a3 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/clusterrolebinding_test.yaml @@ -0,0 +1,42 @@ +suite: Test Cluster Role Bindings +templates: +- clusterrolebinding.yaml +tests: +- it: should render Cluster Role Bindings with default rbac api version + set: + rbac.apiVersion: v1 + asserts: + - equal: + path: apiVersion + value: rbac.authorization.k8s.io/v1 +- it: should render Cluster Role Bindings with custom rbac api version + set: + rbac.apiVersion: v1beta + asserts: + - equal: + path: apiVersion + value: rbac.authorization.k8s.io/v1beta +- it: should not render Cluster Role Binding proxy if metrics.enabled = false or metrics.authProxy.enabled = false + set: + metrics.enabled: false + metrics.authProxy.enabled: false + asserts: + - hasDocuments: + count: 1 + template: clusterrolebinding.yaml +- it: should render Cluster Role Bindings proxy if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.authProxy.enabled: true + asserts: + - hasDocuments: + count: 2 + template: clusterrolebinding.yaml +- it: should render Cluster Role Bindings with default rbac api version if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.authProxy.enabled: true + asserts: + - equal: + path: apiVersion + value: rbac.authorization.k8s.io/v1 \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/deployment_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/deployment_test.yaml new file mode 100755 index 000000000..50e3f9ec1 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/deployment_test.yaml @@ -0,0 +1,202 @@ +suite: Test Deployments +templates: +- deployment.yaml +tests: +- it: should render Deployment with allowed-external-ip-cidrs arg if allowedExternalIPCidrs is set + release: + name: rancher-externalip-webhook + set: + allowedExternalIPCidrs: "1,2" + asserts: + - equal: + path: spec.template.spec.containers[0].args[1] + value: --allowed-external-ip-cidrs=1,2 +- it: should render Deployment with default port, nodeSelector and tolerations if metrics.enabled = false and metrics.authProxy.enabled = false + release: + name: rancher-externalip-webhook + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 9443 + name: webhook-server + protocol: TCP + - equal: + path: spec.template.spec.tolerations[0] + value: + key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" + - equal: + path: spec.template.spec.nodeSelector + value: + kubernetes.io/os: linux +- it: should render Deployment with default port and custom nodeSelector and tolerations if metrics.enabled = false and metrics.authProxy.enabled = false + release: + name: rancher-externalip-webhook + set: + tolerations: + - key: "cattle.io/test" + value: "linux" + effect: "NoSchedule" + operator: "Equal" + nodeSelector: + kubernetes.io/test: linux + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 9443 + name: webhook-server + protocol: TCP + - equal: + path: spec.template.spec.tolerations[0] + value: + key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" + - equal: + path: spec.template.spec.tolerations[1] + value: + key: "cattle.io/test" + value: "linux" + effect: "NoSchedule" + operator: "Equal" + - equal: + path: spec.template.spec.nodeSelector + value: + kubernetes.io/os: linux + kubernetes.io/test: linux +- it: should render Deployment with custom port and image if metrics.enabled = false and metrics.authProxy.enabled = false + release: + name: rancher-externalip-webhook + set: + webhookPort: 9000 + image.repository: test + image.tag: dev-test + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[0].image + value: test:dev-test + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 9000 + name: webhook-server + protocol: TCP +- it: should render Deployment with default metrics port if metrics.enabled = true and metrics.authProxy.enabled = false + release: + name: rancher-externalip-webhook + set: + metrics.enabled: true + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 9443 + name: webhook-server + protocol: TCP + - equal: + path: spec.template.spec.containers[0].ports[1] + value: + containerPort: 8443 + name: webhook-metrics + protocol: TCP +- it: should render Deployment with custom metrics port if metrics.enabled = true and metrics.authProxy.enabled = false + release: + name: rancher-externalip-webhook + set: + metrics.enabled: true + metrics.port: 8000 + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 9443 + name: webhook-server + protocol: TCP + - equal: + path: spec.template.spec.containers[0].ports[1] + value: + containerPort: 8000 + name: webhook-metrics + protocol: TCP +- it: should render Deployment with default metrics port if metrics.enabled = true and metrics.authProxy.enabled = true + release: + name: rancher-externalip-webhook + set: + metrics.enabled: true + metrics.authProxy.enabled: true + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook-auth-proxy + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 8443 + name: webhook-metrics + protocol: TCP + - equal: + path: spec.template.spec.containers[1].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[1].ports[0] + value: + containerPort: 9443 + name: webhook-server + protocol: TCP +- it: should render Deployment with custom metrics port and image if metrics.enabled = true and metrics.authProxy.enabled = true + release: + name: rancher-externalip-webhook + set: + metrics.enabled: true + metrics.authProxy.enabled: true + metrics.port: 8000 + webhookPort: 9000 + image.repository: test + image.tag: dev-test + metrics.authProxy.image.repository: auth + metrics.authProxy.image.tag: auth-test + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook-auth-proxy + - equal: + path: spec.template.spec.containers[0].image + value: auth:auth-test + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 8000 + name: webhook-metrics + protocol: TCP + - equal: + path: spec.template.spec.containers[1].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[1].image + value: test:dev-test + - equal: + path: spec.template.spec.containers[1].ports[0] + value: + containerPort: 9000 + name: webhook-server + protocol: TCP \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/issuer_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/issuer_test.yaml new file mode 100755 index 000000000..eeeb660b2 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/issuer_test.yaml @@ -0,0 +1,106 @@ +suite: Test Issuers +templates: +- issuer.yaml +tests: +- it: should not render issuer if certificates.certManager.enabled = false + set: + certificates.certManager.enabled: false + asserts: + - hasDocuments: + count: 0 + template: issuer.yaml +- it: should render issuer if certificates.certManager.enabled = true + set: + certificates.certManager.enabled: true + asserts: + - hasDocuments: + count: 2 + template: issuer.yaml +- it: should set issuer apiVersion with default cert-manager + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 1.0.0 using capabilities + capabilities: + apiversions: + - cert-manager.io/v1 + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 0.16.0 using capabilities + capabilities: + apiversions: + - cert-manager.io/v1beta1 + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1beta1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 0.11.0 using capabilities + capabilities: + apiversions: + - cert-manager.io/v1alpha2 + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1alpha2 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager < 0.11.0 using capabilities + capabilities: + apiversions: + - certmanager.k8s.io/v1alpha1 + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: certmanager.k8s.io/v1alpha1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 1.0.0 using parameter + set: + certificates.certManager.version: 1.0.0 + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 0.16.0 using parameter + set: + certificates.certManager.version: 0.16.0 + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1beta1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 0.11.0 using parameter + set: + certificates.certManager.version: 0.11.0 + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1alpha2 + template: issuer.yaml +- it: should set letsEncrypt apiVersion with cert-manager < 0.11.0 using parameter + set: + certificates.certManager.version: 0.9.0 + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: certmanager.k8s.io/v1alpha1 + template: issuer.yaml diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/service_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/service_test.yaml new file mode 100755 index 000000000..a0ba4d352 --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/service_test.yaml @@ -0,0 +1,69 @@ +suite: Test Services +templates: +- service.yaml +tests: +- it: should render webhook-server service with default webhookPort if metrics.enabled = false + set: + metrics.enabled: false + asserts: + - equal: + path: spec.ports[0] + value: + name: webhook-server + port: 443 + protocol: TCP + targetPort: 9443 +- it: should render webhook-server service with custom webhookPort if metrics.enabled = false + set: + metrics.enabled: false + webhookPort: 9000 + asserts: + - equal: + path: spec.ports[0] + value: + name: webhook-server + port: 443 + protocol: TCP + targetPort: 9000 +- it: should render webhook-server and webhook-metrics services with default webhookPort and metrics.port, if metrics.enabled = true + set: + metrics.enabled: true + asserts: + - equal: + path: spec.ports[0] + value: + name: webhook-server + port: 443 + protocol: TCP + targetPort: 9443 + documentIndex: 0 + - equal: + path: spec.ports[0] + value: + name: webhook-metrics + port: 8443 + protocol: TCP + targetPort: 8443 + documentIndex: 1 +- it: should render webhook-server and webhook-metrics services with custom webhookPort and metrics.port, if metrics.enabled = true + set: + metrics.enabled: true + metrics.port: 8000 + webhookPort: 9000 + asserts: + - equal: + path: spec.ports[0] + value: + name: webhook-server + port: 443 + protocol: TCP + targetPort: 9000 + documentIndex: 0 + - equal: + path: spec.ports[0] + value: + name: webhook-metrics + port: 8443 + protocol: TCP + targetPort: 8000 + documentIndex: 1 \ No newline at end of file diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/serviceaccount_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/serviceaccount_test.yaml new file mode 100755 index 000000000..5aebbc74b --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/serviceaccount_test.yaml @@ -0,0 +1,9 @@ +suite: Test Service Accounts +templates: +- serviceaccount.yaml +tests: +- it: should render Service Account + asserts: + - hasDocuments: + count: 1 + template: serviceaccount.yaml diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/servicemonitor_test.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/servicemonitor_test.yaml new file mode 100755 index 000000000..21989265e --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/tests/servicemonitor_test.yaml @@ -0,0 +1,20 @@ +suite: Test Service Monitors +templates: +- servicemonitor.yaml +tests: +- it: should not render Service Monitor if metrics.enabled = false or metrics.prometheusExport = false + set: + metrics.enabled: false + metrics.prometheusExport: false + asserts: + - hasDocuments: + count: 0 + template: servicemonitor.yaml +- it: should render Service Account if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.prometheusExport: true + asserts: + - hasDocuments: + count: 1 + template: servicemonitor.yaml diff --git a/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/values.yaml b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/values.yaml new file mode 100755 index 000000000..832d2199e --- /dev/null +++ b/released/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/0.1.601/values.yaml @@ -0,0 +1,67 @@ +## Allowed external IP cidrs +allowedExternalIPCidrs: "" +## Certificates generation for webhook +certificates: + certManager: + # Enable cert manager integration. Cert manager should be already installed at the k8s cluster + enabled: true + version: "" + # If cert-manager integration is disabled, add self signed ca.crt in base64 format + caBundle: "" + # If cert-manager integration is disabled, upload certs data (ca.crt, tls.crt and tls.key) as k8s secretName in the namespace + secretName: webhook-server-cert +## Details about the image to be pulled. +image: + pullPolicy: IfNotPresent + pullSecrets: [] + repository: rancher/externalip-webhook + tag: v0.1.6 +## Enabling metrics endpoint +# Webhook emits `webhook_failed_request_count` metrics whenever it rejects service creation or update operation +metrics: + enabled: false + port: 8443 + # Enable webhook metrics export to Prometheus + prometheusExport: false + # Webhook metrics auth proxy. This option is just available for amd64 arch + authProxy: + enabled: false + port: 8080 + image: + pullPolicy: IfNotPresent + pullSecrets: [] + repository: rancher/mirrored-kube-rbac-proxy + tag: v0.5.0 + resources: + limits: + memory: 30Mi + cpu: 100m + requests: + memory: 20Mi + cpu: 100m +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## RBAC +rbac: + apiVersion: v1 +## CPU and Memory limit and request for externalip-webhook +resources: + limits: + memory: 30Mi + cpu: 100m + requests: + memory: 20Mi + cpu: 100m +service: + metricsPort: 8443 + webhookPort: 443 +## Webhook serviceAccountName. Just used if metrics.authProxy.enabled = false +serviceAccountName: default +## List of node taints to tolerate (requires Kubernetes >= 1.6) +tolerations: [] +## Webhook server pod port +webhookPort: 9443 +global: + systemDefaultRegistry: "" diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/Chart.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/Chart.yaml new file mode 100644 index 000000000..5ed89e38d --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/Chart.yaml @@ -0,0 +1,11 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/experimental: "true" + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-gatekeeper-system + catalog.cattle.io/release-name: rancher-gatekeeper-crd +apiVersion: v1 +description: Installs the CRDs for rancher-gatekeeper. +name: rancher-gatekeeper-crd +type: application +version: 3.1.100 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/README.md b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/README.md new file mode 100644 index 000000000..a499b53e7 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/README.md @@ -0,0 +1,2 @@ +# rancher-gatekeeper-crd +A Rancher chart that installs the CRDs used by [rancher-gatekeeper](https://github.com/rancher/dev-charts/tree/master/packages/rancher-gatekeeper). diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/templates/config-customresourcedefinition.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/templates/config-customresourcedefinition.yaml new file mode 100644 index 000000000..73ffbdc32 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/templates/config-customresourcedefinition.yaml @@ -0,0 +1,106 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" + name: configs.config.gatekeeper.sh +spec: + group: config.gatekeeper.sh + names: + kind: Config + listKind: ConfigList + plural: configs + shortNames: + - config + singular: config + scope: Namespaced + validation: + openAPIV3Schema: + description: Config is the Schema for the configs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConfigSpec defines the desired state of Config + properties: + match: + description: Configuration for namespace exclusion + items: + properties: + excludedNamespaces: + items: + type: string + type: array + processes: + items: + type: string + type: array + type: object + type: array + readiness: + description: Configuration for readiness tracker + properties: + statsEnabled: + type: boolean + type: object + sync: + description: Configuration for syncing k8s objects + properties: + syncOnly: + description: If non-empty, only entries on this list will be replicated into OPA + items: + properties: + group: + type: string + kind: + type: string + version: + type: string + type: object + type: array + type: object + validation: + description: Configuration for validation + properties: + traces: + description: List of requests to trace. Both "user" and "kinds" must be specified + items: + properties: + dump: + description: Also dump the state of OPA with the trace. Set to `All` to dump everything. + type: string + kind: + description: Only trace requests of the following GroupVersionKind + properties: + group: + type: string + kind: + type: string + version: + type: string + type: object + user: + description: Only trace requests from the specified user + type: string + type: object + type: array + type: object + type: object + status: + description: ConfigStatus defines the observed state of Config + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/templates/constraintpodstatus-customresourcedefinition.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/templates/constraintpodstatus-customresourcedefinition.yaml new file mode 100644 index 000000000..f8e552080 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/templates/constraintpodstatus-customresourcedefinition.yaml @@ -0,0 +1,68 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" + name: constraintpodstatuses.status.gatekeeper.sh +spec: + group: status.gatekeeper.sh + names: + kind: ConstraintPodStatus + listKind: ConstraintPodStatusList + plural: constraintpodstatuses + singular: constraintpodstatus + scope: Namespaced + validation: + openAPIV3Schema: + description: ConstraintPodStatus is the Schema for the constraintpodstatuses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: ConstraintPodStatusStatus defines the observed state of ConstraintPodStatus + properties: + constraintUID: + description: Storing the constraint UID allows us to detect drift, such as when a constraint has been recreated after its CRD was deleted out from under it, interrupting the watch + type: string + enforced: + type: boolean + errors: + items: + description: Error represents a single error caught while adding a constraint to OPA + properties: + code: + type: string + location: + type: string + message: + type: string + required: + - code + - message + type: object + type: array + id: + type: string + observedGeneration: + format: int64 + type: integer + operations: + items: + type: string + type: array + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/templates/constrainttemplate-customresourcedefinition.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/templates/constrainttemplate-customresourcedefinition.yaml new file mode 100644 index 000000000..ca171c738 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/templates/constrainttemplate-customresourcedefinition.yaml @@ -0,0 +1,99 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" + name: constrainttemplates.templates.gatekeeper.sh +spec: + group: templates.gatekeeper.sh + names: + kind: ConstraintTemplate + plural: constrainttemplates + shortNames: + - constraints + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + crd: + properties: + spec: + properties: + names: + properties: + kind: + type: string + shortNames: + items: + type: string + type: array + type: object + validation: + type: object + type: object + type: object + targets: + items: + properties: + libs: + items: + type: string + type: array + rego: + type: string + target: + type: string + type: object + type: array + type: object + status: + properties: + byPod: + items: + properties: + errors: + items: + properties: + code: + type: string + location: + type: string + message: + type: string + required: + - code + - message + type: object + type: array + id: + description: a unique identifier for the pod that wrote the status + type: string + observedGeneration: + format: int64 + type: integer + type: object + type: array + created: + type: boolean + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true + - name: v1alpha1 + served: true + storage: false diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/templates/constrainttemplatepodstatus-customresourcedefinition.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/templates/constrainttemplatepodstatus-customresourcedefinition.yaml new file mode 100644 index 000000000..804dca48c --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.100/templates/constrainttemplatepodstatus-customresourcedefinition.yaml @@ -0,0 +1,67 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" + name: constrainttemplatepodstatuses.status.gatekeeper.sh +spec: + group: status.gatekeeper.sh + names: + kind: ConstraintTemplatePodStatus + listKind: ConstraintTemplatePodStatusList + plural: constrainttemplatepodstatuses + singular: constrainttemplatepodstatus + scope: Namespaced + validation: + openAPIV3Schema: + description: ConstraintTemplatePodStatus is the Schema for the constrainttemplatepodstatuses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: ConstraintTemplatePodStatusStatus defines the observed state of ConstraintTemplatePodStatus + properties: + errors: + items: + description: CreateCRDError represents a single error caught during parsing, compiling, etc. + properties: + code: + type: string + location: + type: string + message: + type: string + required: + - code + - message + type: object + type: array + id: + description: 'Important: Run "make" to regenerate code after modifying this file' + type: string + observedGeneration: + format: int64 + type: integer + operations: + items: + type: string + type: array + templateUID: + description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. + type: string + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/Chart.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/Chart.yaml new file mode 100644 index 000000000..8d1a18729 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/Chart.yaml @@ -0,0 +1,11 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/experimental: "true" + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-gatekeeper-system + catalog.cattle.io/release-name: rancher-gatekeeper-crd +apiVersion: v1 +description: Installs the CRDs for rancher-gatekeeper. +name: rancher-gatekeeper-crd +type: application +version: 3.1.101 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/README.md b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/README.md new file mode 100644 index 000000000..26079c833 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/README.md @@ -0,0 +1,2 @@ +# rancher-gatekeeper-crd +A Rancher chart that installs the CRDs used by rancher-gatekeeper. diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/templates/config-customresourcedefinition.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/templates/config-customresourcedefinition.yaml new file mode 100644 index 000000000..73ffbdc32 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/templates/config-customresourcedefinition.yaml @@ -0,0 +1,106 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" + name: configs.config.gatekeeper.sh +spec: + group: config.gatekeeper.sh + names: + kind: Config + listKind: ConfigList + plural: configs + shortNames: + - config + singular: config + scope: Namespaced + validation: + openAPIV3Schema: + description: Config is the Schema for the configs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConfigSpec defines the desired state of Config + properties: + match: + description: Configuration for namespace exclusion + items: + properties: + excludedNamespaces: + items: + type: string + type: array + processes: + items: + type: string + type: array + type: object + type: array + readiness: + description: Configuration for readiness tracker + properties: + statsEnabled: + type: boolean + type: object + sync: + description: Configuration for syncing k8s objects + properties: + syncOnly: + description: If non-empty, only entries on this list will be replicated into OPA + items: + properties: + group: + type: string + kind: + type: string + version: + type: string + type: object + type: array + type: object + validation: + description: Configuration for validation + properties: + traces: + description: List of requests to trace. Both "user" and "kinds" must be specified + items: + properties: + dump: + description: Also dump the state of OPA with the trace. Set to `All` to dump everything. + type: string + kind: + description: Only trace requests of the following GroupVersionKind + properties: + group: + type: string + kind: + type: string + version: + type: string + type: object + user: + description: Only trace requests from the specified user + type: string + type: object + type: array + type: object + type: object + status: + description: ConfigStatus defines the observed state of Config + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/templates/constraintpodstatus-customresourcedefinition.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/templates/constraintpodstatus-customresourcedefinition.yaml new file mode 100644 index 000000000..f8e552080 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/templates/constraintpodstatus-customresourcedefinition.yaml @@ -0,0 +1,68 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" + name: constraintpodstatuses.status.gatekeeper.sh +spec: + group: status.gatekeeper.sh + names: + kind: ConstraintPodStatus + listKind: ConstraintPodStatusList + plural: constraintpodstatuses + singular: constraintpodstatus + scope: Namespaced + validation: + openAPIV3Schema: + description: ConstraintPodStatus is the Schema for the constraintpodstatuses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: ConstraintPodStatusStatus defines the observed state of ConstraintPodStatus + properties: + constraintUID: + description: Storing the constraint UID allows us to detect drift, such as when a constraint has been recreated after its CRD was deleted out from under it, interrupting the watch + type: string + enforced: + type: boolean + errors: + items: + description: Error represents a single error caught while adding a constraint to OPA + properties: + code: + type: string + location: + type: string + message: + type: string + required: + - code + - message + type: object + type: array + id: + type: string + observedGeneration: + format: int64 + type: integer + operations: + items: + type: string + type: array + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/templates/constrainttemplate-customresourcedefinition.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/templates/constrainttemplate-customresourcedefinition.yaml new file mode 100644 index 000000000..ca171c738 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/templates/constrainttemplate-customresourcedefinition.yaml @@ -0,0 +1,99 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" + name: constrainttemplates.templates.gatekeeper.sh +spec: + group: templates.gatekeeper.sh + names: + kind: ConstraintTemplate + plural: constrainttemplates + shortNames: + - constraints + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + crd: + properties: + spec: + properties: + names: + properties: + kind: + type: string + shortNames: + items: + type: string + type: array + type: object + validation: + type: object + type: object + type: object + targets: + items: + properties: + libs: + items: + type: string + type: array + rego: + type: string + target: + type: string + type: object + type: array + type: object + status: + properties: + byPod: + items: + properties: + errors: + items: + properties: + code: + type: string + location: + type: string + message: + type: string + required: + - code + - message + type: object + type: array + id: + description: a unique identifier for the pod that wrote the status + type: string + observedGeneration: + format: int64 + type: integer + type: object + type: array + created: + type: boolean + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true + - name: v1alpha1 + served: true + storage: false diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/templates/constrainttemplatepodstatus-customresourcedefinition.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/templates/constrainttemplatepodstatus-customresourcedefinition.yaml new file mode 100644 index 000000000..804dca48c --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.1.101/templates/constrainttemplatepodstatus-customresourcedefinition.yaml @@ -0,0 +1,67 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" + name: constrainttemplatepodstatuses.status.gatekeeper.sh +spec: + group: status.gatekeeper.sh + names: + kind: ConstraintTemplatePodStatus + listKind: ConstraintTemplatePodStatusList + plural: constrainttemplatepodstatuses + singular: constrainttemplatepodstatus + scope: Namespaced + validation: + openAPIV3Schema: + description: ConstraintTemplatePodStatus is the Schema for the constrainttemplatepodstatuses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: ConstraintTemplatePodStatusStatus defines the observed state of ConstraintTemplatePodStatus + properties: + errors: + items: + description: CreateCRDError represents a single error caught during parsing, compiling, etc. + properties: + code: + type: string + location: + type: string + message: + type: string + required: + - code + - message + type: object + type: array + id: + description: 'Important: Run "make" to regenerate code after modifying this file' + type: string + observedGeneration: + format: int64 + type: integer + operations: + items: + type: string + type: array + templateUID: + description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. + type: string + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/Chart.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/Chart.yaml new file mode 100644 index 000000000..0528569c7 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/Chart.yaml @@ -0,0 +1,11 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/experimental: "true" + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-gatekeeper-system + catalog.cattle.io/release-name: rancher-gatekeeper-crd +apiVersion: v1 +description: Installs the CRDs for rancher-gatekeeper. +name: rancher-gatekeeper-crd +type: application +version: 3.2.101 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/README.md b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/README.md new file mode 100644 index 000000000..26079c833 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/README.md @@ -0,0 +1,2 @@ +# rancher-gatekeeper-crd +A Rancher chart that installs the CRDs used by rancher-gatekeeper. diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/crd-manifest/config-customresourcedefinition.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/crd-manifest/config-customresourcedefinition.yaml new file mode 100644 index 000000000..73ffbdc32 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/crd-manifest/config-customresourcedefinition.yaml @@ -0,0 +1,106 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" + name: configs.config.gatekeeper.sh +spec: + group: config.gatekeeper.sh + names: + kind: Config + listKind: ConfigList + plural: configs + shortNames: + - config + singular: config + scope: Namespaced + validation: + openAPIV3Schema: + description: Config is the Schema for the configs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConfigSpec defines the desired state of Config + properties: + match: + description: Configuration for namespace exclusion + items: + properties: + excludedNamespaces: + items: + type: string + type: array + processes: + items: + type: string + type: array + type: object + type: array + readiness: + description: Configuration for readiness tracker + properties: + statsEnabled: + type: boolean + type: object + sync: + description: Configuration for syncing k8s objects + properties: + syncOnly: + description: If non-empty, only entries on this list will be replicated into OPA + items: + properties: + group: + type: string + kind: + type: string + version: + type: string + type: object + type: array + type: object + validation: + description: Configuration for validation + properties: + traces: + description: List of requests to trace. Both "user" and "kinds" must be specified + items: + properties: + dump: + description: Also dump the state of OPA with the trace. Set to `All` to dump everything. + type: string + kind: + description: Only trace requests of the following GroupVersionKind + properties: + group: + type: string + kind: + type: string + version: + type: string + type: object + user: + description: Only trace requests from the specified user + type: string + type: object + type: array + type: object + type: object + status: + description: ConfigStatus defines the observed state of Config + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/crd-manifest/constraintpodstatus-customresourcedefinition.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/crd-manifest/constraintpodstatus-customresourcedefinition.yaml new file mode 100644 index 000000000..f8e552080 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/crd-manifest/constraintpodstatus-customresourcedefinition.yaml @@ -0,0 +1,68 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" + name: constraintpodstatuses.status.gatekeeper.sh +spec: + group: status.gatekeeper.sh + names: + kind: ConstraintPodStatus + listKind: ConstraintPodStatusList + plural: constraintpodstatuses + singular: constraintpodstatus + scope: Namespaced + validation: + openAPIV3Schema: + description: ConstraintPodStatus is the Schema for the constraintpodstatuses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: ConstraintPodStatusStatus defines the observed state of ConstraintPodStatus + properties: + constraintUID: + description: Storing the constraint UID allows us to detect drift, such as when a constraint has been recreated after its CRD was deleted out from under it, interrupting the watch + type: string + enforced: + type: boolean + errors: + items: + description: Error represents a single error caught while adding a constraint to OPA + properties: + code: + type: string + location: + type: string + message: + type: string + required: + - code + - message + type: object + type: array + id: + type: string + observedGeneration: + format: int64 + type: integer + operations: + items: + type: string + type: array + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/crd-manifest/constrainttemplate-customresourcedefinition.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/crd-manifest/constrainttemplate-customresourcedefinition.yaml new file mode 100644 index 000000000..41daf22de --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/crd-manifest/constrainttemplate-customresourcedefinition.yaml @@ -0,0 +1,97 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" + name: constrainttemplates.templates.gatekeeper.sh +spec: + group: templates.gatekeeper.sh + names: + kind: ConstraintTemplate + plural: constrainttemplates + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + crd: + properties: + spec: + properties: + names: + properties: + kind: + type: string + shortNames: + items: + type: string + type: array + type: object + validation: + type: object + type: object + type: object + targets: + items: + properties: + libs: + items: + type: string + type: array + rego: + type: string + target: + type: string + type: object + type: array + type: object + status: + properties: + byPod: + items: + properties: + errors: + items: + properties: + code: + type: string + location: + type: string + message: + type: string + required: + - code + - message + type: object + type: array + id: + description: a unique identifier for the pod that wrote the status + type: string + observedGeneration: + format: int64 + type: integer + type: object + type: array + created: + type: boolean + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true + - name: v1alpha1 + served: true + storage: false diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml new file mode 100644 index 000000000..804dca48c --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml @@ -0,0 +1,67 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" + name: constrainttemplatepodstatuses.status.gatekeeper.sh +spec: + group: status.gatekeeper.sh + names: + kind: ConstraintTemplatePodStatus + listKind: ConstraintTemplatePodStatusList + plural: constrainttemplatepodstatuses + singular: constrainttemplatepodstatus + scope: Namespaced + validation: + openAPIV3Schema: + description: ConstraintTemplatePodStatus is the Schema for the constrainttemplatepodstatuses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: ConstraintTemplatePodStatusStatus defines the observed state of ConstraintTemplatePodStatus + properties: + errors: + items: + description: CreateCRDError represents a single error caught during parsing, compiling, etc. + properties: + code: + type: string + location: + type: string + message: + type: string + required: + - code + - message + type: object + type: array + id: + description: 'Important: Run "make" to regenerate code after modifying this file' + type: string + observedGeneration: + format: int64 + type: integer + operations: + items: + type: string + type: array + templateUID: + description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. + type: string + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/templates/_helpers.tpl b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/templates/_helpers.tpl new file mode 100644 index 000000000..39b26c195 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/templates/_helpers.tpl @@ -0,0 +1,7 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/templates/jobs.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/templates/jobs.yaml new file mode 100644 index 000000000..709005fd9 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/templates/jobs.yaml @@ -0,0 +1,92 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-create + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} + annotations: + "helm.sh/hook": post-install, post-upgrade, post-rollback + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + name: {{ .Chart.Name }}-create + labels: + app: {{ .Chart.Name }} + spec: + serviceAccountName: {{ .Chart.Name }}-manager + securityContext: + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: create-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - apply + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + restartPolicy: OnFailure + volumes: + - name: crd-manifest + configMap: + name: {{ .Chart.Name }}-manifest +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-delete + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + name: {{ .Chart.Name }}-delete + labels: + app: {{ .Chart.Name }} + spec: + serviceAccountName: {{ .Chart.Name }}-manager + securityContext: + runAsNonRoot: true + runAsUser: 1000 + initContainers: + - name: remove-finalizers + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - apply + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + containers: + - name: delete-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - delete + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + restartPolicy: OnFailure + volumes: + - name: crd-manifest + configMap: + name: {{ .Chart.Name }}-manifest diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/templates/manifest.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/templates/manifest.yaml new file mode 100644 index 000000000..31016b6ef --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/templates/manifest.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-manifest + namespace: {{ .Release.Namespace }} +data: + crd-manifest.yaml: | + {{- $currentScope := . -}} + {{- $crds := (.Files.Glob "crd-manifest/**.yaml") -}} + {{- range $path, $_ := $crds -}} + {{- with $currentScope -}} + {{ .Files.Get $path | nindent 4 }} + --- + {{- end -}}{{- end -}} diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/templates/rbac.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/templates/rbac.yaml new file mode 100644 index 000000000..bdda1ddad --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/templates/rbac.yaml @@ -0,0 +1,72 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Chart.Name }}-manager + labels: + app: {{ .Chart.Name }}-manager +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: ['create', 'get', 'patch', 'delete'] +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ .Chart.Name }}-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Chart.Name }}-manager + labels: + app: {{ .Chart.Name }}-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Chart.Name }}-manager +subjects: +- kind: ServiceAccount + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-manager +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-manager +spec: + privileged: false + allowPrivilegeEscalation: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'configMap' + - 'secret' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/values.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/values.yaml new file mode 100644 index 000000000..f65bba463 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.2.101/values.yaml @@ -0,0 +1,11 @@ +# Default values for rancher-gatekeeper-crd. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: + cattle: + systemDefaultRegistry: "" + +image: + repository: rancher/kubectl + tag: v1.18.6 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/Chart.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/Chart.yaml new file mode 100755 index 000000000..f8022e80b --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-gatekeeper-system + catalog.cattle.io/release-name: rancher-gatekeeper-crd +apiVersion: v1 +description: Installs the CRDs for rancher-gatekeeper. +name: rancher-gatekeeper-crd +type: application +version: 3.3.000 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/README.md b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/README.md new file mode 100755 index 000000000..26079c833 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/README.md @@ -0,0 +1,2 @@ +# rancher-gatekeeper-crd +A Rancher chart that installs the CRDs used by rancher-gatekeeper. diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/crd-manifest/config-customresourcedefinition.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/crd-manifest/config-customresourcedefinition.yaml new file mode 100755 index 000000000..73ffbdc32 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/crd-manifest/config-customresourcedefinition.yaml @@ -0,0 +1,106 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" + name: configs.config.gatekeeper.sh +spec: + group: config.gatekeeper.sh + names: + kind: Config + listKind: ConfigList + plural: configs + shortNames: + - config + singular: config + scope: Namespaced + validation: + openAPIV3Schema: + description: Config is the Schema for the configs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConfigSpec defines the desired state of Config + properties: + match: + description: Configuration for namespace exclusion + items: + properties: + excludedNamespaces: + items: + type: string + type: array + processes: + items: + type: string + type: array + type: object + type: array + readiness: + description: Configuration for readiness tracker + properties: + statsEnabled: + type: boolean + type: object + sync: + description: Configuration for syncing k8s objects + properties: + syncOnly: + description: If non-empty, only entries on this list will be replicated into OPA + items: + properties: + group: + type: string + kind: + type: string + version: + type: string + type: object + type: array + type: object + validation: + description: Configuration for validation + properties: + traces: + description: List of requests to trace. Both "user" and "kinds" must be specified + items: + properties: + dump: + description: Also dump the state of OPA with the trace. Set to `All` to dump everything. + type: string + kind: + description: Only trace requests of the following GroupVersionKind + properties: + group: + type: string + kind: + type: string + version: + type: string + type: object + user: + description: Only trace requests from the specified user + type: string + type: object + type: array + type: object + type: object + status: + description: ConfigStatus defines the observed state of Config + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/crd-manifest/constraintpodstatus-customresourcedefinition.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/crd-manifest/constraintpodstatus-customresourcedefinition.yaml new file mode 100755 index 000000000..f8e552080 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/crd-manifest/constraintpodstatus-customresourcedefinition.yaml @@ -0,0 +1,68 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" + name: constraintpodstatuses.status.gatekeeper.sh +spec: + group: status.gatekeeper.sh + names: + kind: ConstraintPodStatus + listKind: ConstraintPodStatusList + plural: constraintpodstatuses + singular: constraintpodstatus + scope: Namespaced + validation: + openAPIV3Schema: + description: ConstraintPodStatus is the Schema for the constraintpodstatuses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: ConstraintPodStatusStatus defines the observed state of ConstraintPodStatus + properties: + constraintUID: + description: Storing the constraint UID allows us to detect drift, such as when a constraint has been recreated after its CRD was deleted out from under it, interrupting the watch + type: string + enforced: + type: boolean + errors: + items: + description: Error represents a single error caught while adding a constraint to OPA + properties: + code: + type: string + location: + type: string + message: + type: string + required: + - code + - message + type: object + type: array + id: + type: string + observedGeneration: + format: int64 + type: integer + operations: + items: + type: string + type: array + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/crd-manifest/constrainttemplate-customresourcedefinition.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/crd-manifest/constrainttemplate-customresourcedefinition.yaml new file mode 100755 index 000000000..41daf22de --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/crd-manifest/constrainttemplate-customresourcedefinition.yaml @@ -0,0 +1,97 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" + name: constrainttemplates.templates.gatekeeper.sh +spec: + group: templates.gatekeeper.sh + names: + kind: ConstraintTemplate + plural: constrainttemplates + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + crd: + properties: + spec: + properties: + names: + properties: + kind: + type: string + shortNames: + items: + type: string + type: array + type: object + validation: + type: object + type: object + type: object + targets: + items: + properties: + libs: + items: + type: string + type: array + rego: + type: string + target: + type: string + type: object + type: array + type: object + status: + properties: + byPod: + items: + properties: + errors: + items: + properties: + code: + type: string + location: + type: string + message: + type: string + required: + - code + - message + type: object + type: array + id: + description: a unique identifier for the pod that wrote the status + type: string + observedGeneration: + format: int64 + type: integer + type: object + type: array + created: + type: boolean + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true + - name: v1alpha1 + served: true + storage: false diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml new file mode 100755 index 000000000..804dca48c --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml @@ -0,0 +1,67 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" + name: constrainttemplatepodstatuses.status.gatekeeper.sh +spec: + group: status.gatekeeper.sh + names: + kind: ConstraintTemplatePodStatus + listKind: ConstraintTemplatePodStatusList + plural: constrainttemplatepodstatuses + singular: constrainttemplatepodstatus + scope: Namespaced + validation: + openAPIV3Schema: + description: ConstraintTemplatePodStatus is the Schema for the constrainttemplatepodstatuses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: ConstraintTemplatePodStatusStatus defines the observed state of ConstraintTemplatePodStatus + properties: + errors: + items: + description: CreateCRDError represents a single error caught during parsing, compiling, etc. + properties: + code: + type: string + location: + type: string + message: + type: string + required: + - code + - message + type: object + type: array + id: + description: 'Important: Run "make" to regenerate code after modifying this file' + type: string + observedGeneration: + format: int64 + type: integer + operations: + items: + type: string + type: array + templateUID: + description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. + type: string + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/templates/_helpers.tpl b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/templates/_helpers.tpl new file mode 100755 index 000000000..39b26c195 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/templates/_helpers.tpl @@ -0,0 +1,7 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/templates/jobs.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/templates/jobs.yaml new file mode 100755 index 000000000..709005fd9 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/templates/jobs.yaml @@ -0,0 +1,92 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-create + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} + annotations: + "helm.sh/hook": post-install, post-upgrade, post-rollback + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + name: {{ .Chart.Name }}-create + labels: + app: {{ .Chart.Name }} + spec: + serviceAccountName: {{ .Chart.Name }}-manager + securityContext: + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: create-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - apply + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + restartPolicy: OnFailure + volumes: + - name: crd-manifest + configMap: + name: {{ .Chart.Name }}-manifest +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-delete + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + name: {{ .Chart.Name }}-delete + labels: + app: {{ .Chart.Name }} + spec: + serviceAccountName: {{ .Chart.Name }}-manager + securityContext: + runAsNonRoot: true + runAsUser: 1000 + initContainers: + - name: remove-finalizers + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - apply + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + containers: + - name: delete-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - delete + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + restartPolicy: OnFailure + volumes: + - name: crd-manifest + configMap: + name: {{ .Chart.Name }}-manifest diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/templates/manifest.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/templates/manifest.yaml new file mode 100755 index 000000000..31016b6ef --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/templates/manifest.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-manifest + namespace: {{ .Release.Namespace }} +data: + crd-manifest.yaml: | + {{- $currentScope := . -}} + {{- $crds := (.Files.Glob "crd-manifest/**.yaml") -}} + {{- range $path, $_ := $crds -}} + {{- with $currentScope -}} + {{ .Files.Get $path | nindent 4 }} + --- + {{- end -}}{{- end -}} diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/templates/rbac.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/templates/rbac.yaml new file mode 100755 index 000000000..bdda1ddad --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/templates/rbac.yaml @@ -0,0 +1,72 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Chart.Name }}-manager + labels: + app: {{ .Chart.Name }}-manager +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: ['create', 'get', 'patch', 'delete'] +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ .Chart.Name }}-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Chart.Name }}-manager + labels: + app: {{ .Chart.Name }}-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Chart.Name }}-manager +subjects: +- kind: ServiceAccount + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-manager +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-manager +spec: + privileged: false + allowPrivilegeEscalation: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'configMap' + - 'secret' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/values.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/values.yaml new file mode 100755 index 000000000..f65bba463 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.000/values.yaml @@ -0,0 +1,11 @@ +# Default values for rancher-gatekeeper-crd. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: + cattle: + systemDefaultRegistry: "" + +image: + repository: rancher/kubectl + tag: v1.18.6 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/Chart.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/Chart.yaml new file mode 100755 index 000000000..00336402c --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-gatekeeper-system + catalog.cattle.io/release-name: rancher-gatekeeper-crd +apiVersion: v1 +description: Installs the CRDs for rancher-gatekeeper. +name: rancher-gatekeeper-crd +type: application +version: 3.3.001 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/README.md b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/README.md new file mode 100755 index 000000000..26079c833 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/README.md @@ -0,0 +1,2 @@ +# rancher-gatekeeper-crd +A Rancher chart that installs the CRDs used by rancher-gatekeeper. diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/crd-manifest/config-customresourcedefinition.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/crd-manifest/config-customresourcedefinition.yaml new file mode 100755 index 000000000..73ffbdc32 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/crd-manifest/config-customresourcedefinition.yaml @@ -0,0 +1,106 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" + name: configs.config.gatekeeper.sh +spec: + group: config.gatekeeper.sh + names: + kind: Config + listKind: ConfigList + plural: configs + shortNames: + - config + singular: config + scope: Namespaced + validation: + openAPIV3Schema: + description: Config is the Schema for the configs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConfigSpec defines the desired state of Config + properties: + match: + description: Configuration for namespace exclusion + items: + properties: + excludedNamespaces: + items: + type: string + type: array + processes: + items: + type: string + type: array + type: object + type: array + readiness: + description: Configuration for readiness tracker + properties: + statsEnabled: + type: boolean + type: object + sync: + description: Configuration for syncing k8s objects + properties: + syncOnly: + description: If non-empty, only entries on this list will be replicated into OPA + items: + properties: + group: + type: string + kind: + type: string + version: + type: string + type: object + type: array + type: object + validation: + description: Configuration for validation + properties: + traces: + description: List of requests to trace. Both "user" and "kinds" must be specified + items: + properties: + dump: + description: Also dump the state of OPA with the trace. Set to `All` to dump everything. + type: string + kind: + description: Only trace requests of the following GroupVersionKind + properties: + group: + type: string + kind: + type: string + version: + type: string + type: object + user: + description: Only trace requests from the specified user + type: string + type: object + type: array + type: object + type: object + status: + description: ConfigStatus defines the observed state of Config + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/crd-manifest/constraintpodstatus-customresourcedefinition.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/crd-manifest/constraintpodstatus-customresourcedefinition.yaml new file mode 100755 index 000000000..f8e552080 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/crd-manifest/constraintpodstatus-customresourcedefinition.yaml @@ -0,0 +1,68 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" + name: constraintpodstatuses.status.gatekeeper.sh +spec: + group: status.gatekeeper.sh + names: + kind: ConstraintPodStatus + listKind: ConstraintPodStatusList + plural: constraintpodstatuses + singular: constraintpodstatus + scope: Namespaced + validation: + openAPIV3Schema: + description: ConstraintPodStatus is the Schema for the constraintpodstatuses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: ConstraintPodStatusStatus defines the observed state of ConstraintPodStatus + properties: + constraintUID: + description: Storing the constraint UID allows us to detect drift, such as when a constraint has been recreated after its CRD was deleted out from under it, interrupting the watch + type: string + enforced: + type: boolean + errors: + items: + description: Error represents a single error caught while adding a constraint to OPA + properties: + code: + type: string + location: + type: string + message: + type: string + required: + - code + - message + type: object + type: array + id: + type: string + observedGeneration: + format: int64 + type: integer + operations: + items: + type: string + type: array + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/crd-manifest/constrainttemplate-customresourcedefinition.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/crd-manifest/constrainttemplate-customresourcedefinition.yaml new file mode 100755 index 000000000..41daf22de --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/crd-manifest/constrainttemplate-customresourcedefinition.yaml @@ -0,0 +1,97 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" + name: constrainttemplates.templates.gatekeeper.sh +spec: + group: templates.gatekeeper.sh + names: + kind: ConstraintTemplate + plural: constrainttemplates + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + crd: + properties: + spec: + properties: + names: + properties: + kind: + type: string + shortNames: + items: + type: string + type: array + type: object + validation: + type: object + type: object + type: object + targets: + items: + properties: + libs: + items: + type: string + type: array + rego: + type: string + target: + type: string + type: object + type: array + type: object + status: + properties: + byPod: + items: + properties: + errors: + items: + properties: + code: + type: string + location: + type: string + message: + type: string + required: + - code + - message + type: object + type: array + id: + description: a unique identifier for the pod that wrote the status + type: string + observedGeneration: + format: int64 + type: integer + type: object + type: array + created: + type: boolean + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true + - name: v1alpha1 + served: true + storage: false diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml new file mode 100755 index 000000000..804dca48c --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml @@ -0,0 +1,67 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + gatekeeper.sh/system: "yes" + name: constrainttemplatepodstatuses.status.gatekeeper.sh +spec: + group: status.gatekeeper.sh + names: + kind: ConstraintTemplatePodStatus + listKind: ConstraintTemplatePodStatusList + plural: constrainttemplatepodstatuses + singular: constrainttemplatepodstatus + scope: Namespaced + validation: + openAPIV3Schema: + description: ConstraintTemplatePodStatus is the Schema for the constrainttemplatepodstatuses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: ConstraintTemplatePodStatusStatus defines the observed state of ConstraintTemplatePodStatus + properties: + errors: + items: + description: CreateCRDError represents a single error caught during parsing, compiling, etc. + properties: + code: + type: string + location: + type: string + message: + type: string + required: + - code + - message + type: object + type: array + id: + description: 'Important: Run "make" to regenerate code after modifying this file' + type: string + observedGeneration: + format: int64 + type: integer + operations: + items: + type: string + type: array + templateUID: + description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. + type: string + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/templates/_helpers.tpl b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/templates/_helpers.tpl new file mode 100755 index 000000000..39b26c195 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/templates/_helpers.tpl @@ -0,0 +1,7 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/templates/jobs.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/templates/jobs.yaml new file mode 100755 index 000000000..709005fd9 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/templates/jobs.yaml @@ -0,0 +1,92 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-create + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} + annotations: + "helm.sh/hook": post-install, post-upgrade, post-rollback + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + name: {{ .Chart.Name }}-create + labels: + app: {{ .Chart.Name }} + spec: + serviceAccountName: {{ .Chart.Name }}-manager + securityContext: + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: create-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - apply + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + restartPolicy: OnFailure + volumes: + - name: crd-manifest + configMap: + name: {{ .Chart.Name }}-manifest +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-delete + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + name: {{ .Chart.Name }}-delete + labels: + app: {{ .Chart.Name }} + spec: + serviceAccountName: {{ .Chart.Name }}-manager + securityContext: + runAsNonRoot: true + runAsUser: 1000 + initContainers: + - name: remove-finalizers + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - apply + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + containers: + - name: delete-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - delete + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + restartPolicy: OnFailure + volumes: + - name: crd-manifest + configMap: + name: {{ .Chart.Name }}-manifest diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/templates/manifest.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/templates/manifest.yaml new file mode 100755 index 000000000..31016b6ef --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/templates/manifest.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-manifest + namespace: {{ .Release.Namespace }} +data: + crd-manifest.yaml: | + {{- $currentScope := . -}} + {{- $crds := (.Files.Glob "crd-manifest/**.yaml") -}} + {{- range $path, $_ := $crds -}} + {{- with $currentScope -}} + {{ .Files.Get $path | nindent 4 }} + --- + {{- end -}}{{- end -}} diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/templates/rbac.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/templates/rbac.yaml new file mode 100755 index 000000000..bdda1ddad --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/templates/rbac.yaml @@ -0,0 +1,72 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Chart.Name }}-manager + labels: + app: {{ .Chart.Name }}-manager +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: ['create', 'get', 'patch', 'delete'] +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ .Chart.Name }}-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Chart.Name }}-manager + labels: + app: {{ .Chart.Name }}-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Chart.Name }}-manager +subjects: +- kind: ServiceAccount + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-manager +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-manager +spec: + privileged: false + allowPrivilegeEscalation: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'configMap' + - 'secret' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/values.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/values.yaml new file mode 100755 index 000000000..657ccacf8 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper-crd/3.3.001/values.yaml @@ -0,0 +1,11 @@ +# Default values for rancher-gatekeeper-crd. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: + cattle: + systemDefaultRegistry: "" + +image: + repository: rancher/kubectl + tag: v1.20.2 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/.helmignore b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/CHANGELOG.md b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/CHANGELOG.md new file mode 100644 index 000000000..c68d23c24 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/CHANGELOG.md @@ -0,0 +1,15 @@ +# Changelog +All notable changes from the upstream OPA Gatekeeper chart will be added to this file + +## [Package Version 00] - 2020-09-10 +### Added +- Enabled the CRD chart generator in `package.yaml` + +### Modified +- Updated namespace to `cattle-gatekeeper-system` +- Updated for Helm 3 compatibility + - Moved crds to `crds` directory + - Removed `crd-install` hooks and templates from crds + +### Removed +- Removed `gatekeeper-system-namespace.yaml` as Rancher handles namespaces for chart installation diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/Chart.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/Chart.yaml new file mode 100644 index 000000000..0d94d3278 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/Chart.yaml @@ -0,0 +1,21 @@ +annotations: + catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/experimental: "true" + catalog.cattle.io/namespace: cattle-gatekeeper-system + catalog.cattle.io/provides-gvr: config.gatekeeper.sh.config/v1alpha1 + catalog.cattle.io/release-name: rancher-gatekeeper + catalog.cattle.io/os: linux +apiVersion: v1 +appVersion: v3.1.1 +description: Modifies Open Policy Agent's upstream gatekeeper chart that provides + policy-based control for cloud native environments +home: https://github.com/open-policy-agent/gatekeeper +icon: https://charts.rancher.io/assets/logos/gatekeeper.svg +keywords: +- open policy agent +- security +name: rancher-gatekeeper +sources: +- https://github.com/open-policy-agent/gatekeeper.git +version: 3.1.100 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/README.md b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/README.md new file mode 100644 index 000000000..280a64565 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/README.md @@ -0,0 +1,33 @@ +# Gatekeeper Helm Chart + +## Parameters + +| Parameter | Description | Default | +| :------------------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------ | +| auditInterval | The frequency with which audit is run | `300` | +| constraintViolationsLimit | The maximum # of audit violations reported on a constraint | `20` | +| auditFromCache | Take the roster of resources to audit from the OPA cache | `false` | +| auditChunkSize | Chunk size for listing cluster resources for audit (alpha feature) | `0` | +| disableValidatingWebhook | Disable ValidatingWebhook | `false` | +| emitAdmissionEvents | Emit K8s events in gatekeeper namespace for admission violations (alpha feature) | `false` | +| emitAuditEvents | Emit K8s events in gatekeeper namespace for audit violations (alpha feature) | `false` | +| logLevel | Minimum log level | `INFO` | +| image.pullPolicy | The image pull policy | `IfNotPresent` | +| image.repository | Image repository | `openpolicyagent/gatekeeper` | +| image.release | The image release tag to use | Current release version: `v3.1.1` | +| resources | The resource request/limits for the container image | limits: 1 CPU, 512Mi, requests: 100mCPU, 256Mi | +| nodeSelector | The node selector to use for pod scheduling | `kubernetes.io/os: linux` | +| affinity | The node affinity to use for pod scheduling | `{}` | +| tolerations | The tolerations to use for pod scheduling | `[]` | +| replicas | The number of Gatekeeper replicas to deploy for the webhook | `1` | +| podAnnotations | The annotations to add to the Gatekeeper pods | `container.seccomp.security.alpha.kubernetes.io/manager: runtime/default` | +| customResourceDefinitions.create | Whether the release should install CRDs. Regardless of this value, Helm v3+ will install the CRDs if those are not present already. Use --skip-crds with helm install if you want to skip CRD creation | `true` | + +## Contributing Changes + +This Helm chart is autogenerated from the Gatekeeper static manifest. The +generator code lives under `cmd/build/helmify`. To make modifications to this +template, please edit `kustomization.yaml` and `replacements.go` under that +directory and then run `make manifests`. Your changes will show up in the +`manifest_staging` directory and will be promoted to the root `charts` directory +the next time a Gatekeeper release is cut. diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/_helpers.tpl b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/_helpers.tpl new file mode 100644 index 000000000..f5d0ab307 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/_helpers.tpl @@ -0,0 +1,52 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "gatekeeper.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "gatekeeper.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "gatekeeper.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "gatekeeper.labels" -}} +app.kubernetes.io/name: {{ include "gatekeeper.name" . }} +helm.sh/chart: {{ include "gatekeeper.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/allowedrepos.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/allowedrepos.yaml new file mode 100644 index 000000000..9abb84ecb --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/allowedrepos.yaml @@ -0,0 +1,35 @@ +apiVersion: templates.gatekeeper.sh/v1beta1 +kind: ConstraintTemplate +metadata: + name: k8sallowedrepos +spec: + crd: + spec: + names: + kind: K8sAllowedRepos + validation: + # Schema for the `parameters` field + openAPIV3Schema: + properties: + repos: + type: array + items: + type: string + targets: + - target: admission.k8s.gatekeeper.sh + rego: | + package k8sallowedrepos + + violation[{"msg": msg}] { + container := input.review.object.spec.containers[_] + satisfied := [good | repo = input.parameters.repos[_] ; good = startswith(container.image, repo)] + not any(satisfied) + msg := sprintf("container <%v> has an invalid image repo <%v>, allowed repos are %v", [container.name, container.image, input.parameters.repos]) + } + + violation[{"msg": msg}] { + container := input.review.object.spec.initContainers[_] + satisfied := [good | repo = input.parameters.repos[_] ; good = startswith(container.image, repo)] + not any(satisfied) + msg := sprintf("container <%v> has an invalid image repo <%v>, allowed repos are %v", [container.name, container.image, input.parameters.repos]) + } diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-admin-serviceaccount.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-admin-serviceaccount.yaml new file mode 100644 index 000000000..4b68998cb --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-admin-serviceaccount.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-admin + namespace: '{{ .Release.Namespace }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-audit-deployment.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-audit-deployment.yaml new file mode 100644 index 000000000..561ac5c6e --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-audit-deployment.yaml @@ -0,0 +1,96 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: audit + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-audit + namespace: '{{ .Release.Namespace }}' +spec: + replicas: 1 + selector: + matchLabels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: audit-controller + gatekeeper.sh/operation: audit + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + template: + metadata: + annotations: +{{- toYaml .Values.podAnnotations | trim | nindent 8 }} + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: audit-controller + gatekeeper.sh/operation: audit + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + spec: + containers: + - args: + - --audit-interval={{ .Values.auditInterval }} + - --log-level={{ .Values.logLevel }} + - --constraint-violations-limit={{ .Values.constraintViolationsLimit }} + - --audit-from-cache={{ .Values.auditFromCache }} + - --audit-chunk-size={{ .Values.auditChunkSize }} + - --emit-audit-events={{ .Values.emitAuditEvents }} + - --operation=audit + - --operation=status + - --logtostderr + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' + imagePullPolicy: '{{ .Values.image.pullPolicy }}' + livenessProbe: + httpGet: + path: /healthz + port: 9090 + name: manager + ports: + - containerPort: 8888 + name: metrics + protocol: TCP + - containerPort: 9090 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 9090 + resources: +{{ toYaml .Values.resources | indent 10 }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + runAsGroup: 999 + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} + serviceAccountName: gatekeeper-admin + terminationGracePeriodSeconds: 60 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-controller-manager-deployment.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-controller-manager-deployment.yaml new file mode 100644 index 000000000..06a54b686 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-controller-manager-deployment.yaml @@ -0,0 +1,117 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-controller-manager + namespace: '{{ .Release.Namespace }}' +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + template: + metadata: + annotations: +{{- toYaml .Values.podAnnotations | trim | nindent 8 }} + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: gatekeeper.sh/operation + operator: In + values: + - webhook + topologyKey: kubernetes.io/hostname + weight: 100 + containers: + - args: + - --port=8443 + - --logtostderr + - --emit-admission-events={{ .Values.emitAdmissionEvents }} + - --log-level={{ .Values.logLevel }} + - --exempt-namespace=gatekeeper-system + - --operation=webhook + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' + imagePullPolicy: '{{ .Values.image.pullPolicy }}' + livenessProbe: + httpGet: + path: /healthz + port: 9090 + name: manager + ports: + - containerPort: 8443 + name: webhook-server + protocol: TCP + - containerPort: 8888 + name: metrics + protocol: TCP + - containerPort: 9090 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 9090 + resources: +{{ toYaml .Values.resources | indent 10 }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + runAsGroup: 999 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /certs + name: cert + readOnly: true + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} + serviceAccountName: gatekeeper-admin + terminationGracePeriodSeconds: 60 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: gatekeeper-webhook-server-cert diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-manager-role-clusterrole.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-manager-role-clusterrole.yaml new file mode 100644 index 000000000..b03f23f63 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-manager-role-clusterrole.yaml @@ -0,0 +1,125 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-role +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - config.gatekeeper.sh + resources: + - configs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - config.gatekeeper.sh + resources: + - configs/status + verbs: + - get + - patch + - update +- apiGroups: + - constraints.gatekeeper.sh + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - policy + resources: + - podsecuritypolicies + verbs: + - use +- apiGroups: + - status.gatekeeper.sh + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - templates.gatekeeper.sh + resources: + - constrainttemplates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - templates.gatekeeper.sh + resources: + - constrainttemplates/finalizers + verbs: + - delete + - get + - patch + - update +- apiGroups: + - templates.gatekeeper.sh + resources: + - constrainttemplates/status + verbs: + - get + - patch + - update +- apiGroups: + - admissionregistration.k8s.io + resourceNames: + - gatekeeper-validating-webhook-configuration + resources: + - validatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-manager-role-role.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-manager-role-role.yaml new file mode 100644 index 000000000..73e2c5cf7 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-manager-role-role.yaml @@ -0,0 +1,32 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-role + namespace: '{{ .Release.Namespace }}' +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml new file mode 100644 index 000000000..22194d2ad --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: gatekeeper-manager-role +subjects: +- kind: ServiceAccount + name: gatekeeper-admin + namespace: '{{ .Release.Namespace }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-manager-rolebinding-rolebinding.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-manager-rolebinding-rolebinding.yaml new file mode 100644 index 000000000..4bf6087dc --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-manager-rolebinding-rolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-rolebinding + namespace: '{{ .Release.Namespace }}' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: gatekeeper-manager-role +subjects: +- kind: ServiceAccount + name: gatekeeper-admin + namespace: '{{ .Release.Namespace }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml new file mode 100644 index 000000000..f19216687 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml @@ -0,0 +1,58 @@ +{{- if not .Values.disableValidatingWebhook }} +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + creationTimestamp: null + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-validating-webhook-configuration +webhooks: +- clientConfig: + caBundle: Cg== + service: + name: gatekeeper-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /v1/admit + failurePolicy: Ignore + name: validation.gatekeeper.sh + namespaceSelector: + matchExpressions: + - key: admission.gatekeeper.sh/ignore + operator: DoesNotExist + rules: + - apiGroups: + - '*' + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - '*' + sideEffects: None + timeoutSeconds: 5 +- clientConfig: + caBundle: Cg== + service: + name: gatekeeper-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /v1/admitlabel + failurePolicy: Fail + name: check-ignore-label.gatekeeper.sh + rules: + - apiGroups: + - "" + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None + timeoutSeconds: 5 +{{- end }} diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-webhook-server-cert-secret.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-webhook-server-cert-secret.yaml new file mode 100644 index 000000000..bf89ae8b4 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-webhook-server-cert-secret.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Secret +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-webhook-server-cert + namespace: '{{ .Release.Namespace }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-webhook-service-service.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-webhook-service-service.yaml new file mode 100644 index 000000000..473bc4b25 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/gatekeeper-webhook-service-service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-webhook-service + namespace: '{{ .Release.Namespace }}' +spec: + ports: + - port: 443 + targetPort: 8443 + selector: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/requiredlabels.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/requiredlabels.yaml new file mode 100644 index 000000000..e93e6a0a7 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/requiredlabels.yaml @@ -0,0 +1,57 @@ +apiVersion: templates.gatekeeper.sh/v1beta1 +kind: ConstraintTemplate +metadata: + name: k8srequiredlabels +spec: + crd: + spec: + names: + kind: K8sRequiredLabels + validation: + # Schema for the `parameters` field + openAPIV3Schema: + properties: + message: + type: string + labels: + type: array + items: + type: object + properties: + key: + type: string + allowedRegex: + type: string + targets: + - target: admission.k8s.gatekeeper.sh + rego: | + package k8srequiredlabels + + get_message(parameters, _default) = msg { + not parameters.message + msg := _default + } + + get_message(parameters, _default) = msg { + msg := parameters.message + } + + violation[{"msg": msg, "details": {"missing_labels": missing}}] { + provided := {label | input.review.object.metadata.labels[label]} + required := {label | label := input.parameters.labels[_].key} + missing := required - provided + count(missing) > 0 + def_msg := sprintf("you must provide labels: %v", [missing]) + msg := get_message(input.parameters, def_msg) + } + + violation[{"msg": msg}] { + value := input.review.object.metadata.labels[key] + expected := input.parameters.labels[_] + expected.key == key + # do not match if allowedRegex is not defined, or is an empty string + expected.allowedRegex != "" + not re_match(expected.allowedRegex, value) + def_msg := sprintf("Label <%v: %v> does not satisfy allowed regex: %v", [key, value, expected.allowedRegex]) + msg := get_message(input.parameters, def_msg) + } diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/validate-install-crd.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/validate-install-crd.yaml new file mode 100644 index 000000000..10977fd7d --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/templates/validate-install-crd.yaml @@ -0,0 +1,17 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "config.gatekeeper.sh/v1alpha1/Config" false -}} +# {{- set $found "status.gatekeeper.sh/v1beta1/ConstraintPodStatus" false -}} +# {{- set $found "templates.gatekeeper.sh/v1beta1/ConstraintTemplate" false -}} +# {{- set $found "status.gatekeeper.sh/v1beta1/ConstraintTemplatePodStatus" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the rancher-gatekeeper-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/values.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/values.yaml new file mode 100644 index 000000000..2afac2bfe --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.100/values.yaml @@ -0,0 +1,31 @@ +replicas: 3 +auditInterval: 300 +constraintViolationsLimit: 20 +auditFromCache: false +disableValidatingWebhook: false +auditChunkSize: 0 +logLevel: INFO +emitAdmissionEvents: false +emitAuditEvents: false +image: + repository: rancher/openpolicyagent-gatekeeper + tag: v3.1.1 + pullPolicy: IfNotPresent +nodeSelector: { kubernetes.io/os: linux } +affinity: {} +tolerations: [] +podAnnotations: + { container.seccomp.security.alpha.kubernetes.io/manager: runtime/default } +resources: + limits: + cpu: 1000m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi +global: + cattle: + systemDefaultRegistry: "" + kubectl: + repository: rancher/kubectl + tag: v1.18.6 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/.helmignore b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/CHANGELOG.md b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/CHANGELOG.md new file mode 100644 index 000000000..c68d23c24 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/CHANGELOG.md @@ -0,0 +1,15 @@ +# Changelog +All notable changes from the upstream OPA Gatekeeper chart will be added to this file + +## [Package Version 00] - 2020-09-10 +### Added +- Enabled the CRD chart generator in `package.yaml` + +### Modified +- Updated namespace to `cattle-gatekeeper-system` +- Updated for Helm 3 compatibility + - Moved crds to `crds` directory + - Removed `crd-install` hooks and templates from crds + +### Removed +- Removed `gatekeeper-system-namespace.yaml` as Rancher handles namespaces for chart installation diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/Chart.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/Chart.yaml new file mode 100644 index 000000000..a77621b17 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/Chart.yaml @@ -0,0 +1,22 @@ +annotations: + catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: OPA Gatekeeper + catalog.cattle.io/experimental: "true" + catalog.cattle.io/namespace: cattle-gatekeeper-system + catalog.cattle.io/provides-gvr: config.gatekeeper.sh.config/v1alpha1 + catalog.cattle.io/release-name: rancher-gatekeeper + catalog.cattle.io/os: linux +apiVersion: v1 +appVersion: v3.1.1 +description: Modifies Open Policy Agent's upstream gatekeeper chart that provides + policy-based control for cloud native environments +home: https://github.com/open-policy-agent/gatekeeper +icon: https://charts.rancher.io/assets/logos/gatekeeper.svg +keywords: +- open policy agent +- security +name: rancher-gatekeeper +sources: +- https://github.com/open-policy-agent/gatekeeper.git +version: 3.1.101 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/README.md b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/README.md new file mode 100644 index 000000000..280a64565 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/README.md @@ -0,0 +1,33 @@ +# Gatekeeper Helm Chart + +## Parameters + +| Parameter | Description | Default | +| :------------------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------ | +| auditInterval | The frequency with which audit is run | `300` | +| constraintViolationsLimit | The maximum # of audit violations reported on a constraint | `20` | +| auditFromCache | Take the roster of resources to audit from the OPA cache | `false` | +| auditChunkSize | Chunk size for listing cluster resources for audit (alpha feature) | `0` | +| disableValidatingWebhook | Disable ValidatingWebhook | `false` | +| emitAdmissionEvents | Emit K8s events in gatekeeper namespace for admission violations (alpha feature) | `false` | +| emitAuditEvents | Emit K8s events in gatekeeper namespace for audit violations (alpha feature) | `false` | +| logLevel | Minimum log level | `INFO` | +| image.pullPolicy | The image pull policy | `IfNotPresent` | +| image.repository | Image repository | `openpolicyagent/gatekeeper` | +| image.release | The image release tag to use | Current release version: `v3.1.1` | +| resources | The resource request/limits for the container image | limits: 1 CPU, 512Mi, requests: 100mCPU, 256Mi | +| nodeSelector | The node selector to use for pod scheduling | `kubernetes.io/os: linux` | +| affinity | The node affinity to use for pod scheduling | `{}` | +| tolerations | The tolerations to use for pod scheduling | `[]` | +| replicas | The number of Gatekeeper replicas to deploy for the webhook | `1` | +| podAnnotations | The annotations to add to the Gatekeeper pods | `container.seccomp.security.alpha.kubernetes.io/manager: runtime/default` | +| customResourceDefinitions.create | Whether the release should install CRDs. Regardless of this value, Helm v3+ will install the CRDs if those are not present already. Use --skip-crds with helm install if you want to skip CRD creation | `true` | + +## Contributing Changes + +This Helm chart is autogenerated from the Gatekeeper static manifest. The +generator code lives under `cmd/build/helmify`. To make modifications to this +template, please edit `kustomization.yaml` and `replacements.go` under that +directory and then run `make manifests`. Your changes will show up in the +`manifest_staging` directory and will be promoted to the root `charts` directory +the next time a Gatekeeper release is cut. diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/app-readme.md b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/app-readme.md new file mode 100644 index 000000000..d44cf7b2b --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/app-readme.md @@ -0,0 +1,14 @@ +# Rancher OPA Gatekeeper + +This chart is based off of the upstream [OPA Gatekeeper](https://github.com/open-policy-agent/gatekeeper/tree/master/charts/gatekeeper) chart. + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/opa-gatekeper/). + +The chart installs the following components: + +- OPA Gatekeeper Controller-Manager - OPA Gatekeeper is a policy engine for providing policy based governance for Kubernetes clusters. The controller installs as a [validating admission controller webhook](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#validatingadmissionwebhook) on the cluster and intercepts all admission requests that create, update or delete a resource in the cluster. +- [Audit](https://github.com/open-policy-agent/gatekeeper#audit) - A periodic audit of the cluster resources against the enforced policies. Any existing resource that violates a policy will be recorded as violations. +- [Constraint Template](https://github.com/open-policy-agent/gatekeeper#constraint-templates) - A template is a CRD (`ConstraintTemplate`) that defines the schema and Rego logic of a policy to be applied to the cluster by Gatekeeper's admission controller webhook. This chart installs a few default `ConstraintTemplate` custom resources. +- [Constraint](https://github.com/open-policy-agent/gatekeeper#constraints) - A constraint is a custom resource that defines the scope of resources which a specific constraint template should apply to. The complete policy is defined by a combination of `ConstraintTemplates` (i.e. what the policy is) and `Constraints` (i.e. what resource to apply the policy to). + +For more information on how to configure the Helm chart, refer to the Helm README. diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/_helpers.tpl b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/_helpers.tpl new file mode 100644 index 000000000..f5d0ab307 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/_helpers.tpl @@ -0,0 +1,52 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "gatekeeper.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "gatekeeper.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "gatekeeper.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "gatekeeper.labels" -}} +app.kubernetes.io/name: {{ include "gatekeeper.name" . }} +helm.sh/chart: {{ include "gatekeeper.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/allowedrepos.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/allowedrepos.yaml new file mode 100644 index 000000000..9abb84ecb --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/allowedrepos.yaml @@ -0,0 +1,35 @@ +apiVersion: templates.gatekeeper.sh/v1beta1 +kind: ConstraintTemplate +metadata: + name: k8sallowedrepos +spec: + crd: + spec: + names: + kind: K8sAllowedRepos + validation: + # Schema for the `parameters` field + openAPIV3Schema: + properties: + repos: + type: array + items: + type: string + targets: + - target: admission.k8s.gatekeeper.sh + rego: | + package k8sallowedrepos + + violation[{"msg": msg}] { + container := input.review.object.spec.containers[_] + satisfied := [good | repo = input.parameters.repos[_] ; good = startswith(container.image, repo)] + not any(satisfied) + msg := sprintf("container <%v> has an invalid image repo <%v>, allowed repos are %v", [container.name, container.image, input.parameters.repos]) + } + + violation[{"msg": msg}] { + container := input.review.object.spec.initContainers[_] + satisfied := [good | repo = input.parameters.repos[_] ; good = startswith(container.image, repo)] + not any(satisfied) + msg := sprintf("container <%v> has an invalid image repo <%v>, allowed repos are %v", [container.name, container.image, input.parameters.repos]) + } diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-admin-serviceaccount.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-admin-serviceaccount.yaml new file mode 100644 index 000000000..4b68998cb --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-admin-serviceaccount.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-admin + namespace: '{{ .Release.Namespace }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-audit-deployment.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-audit-deployment.yaml new file mode 100644 index 000000000..561ac5c6e --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-audit-deployment.yaml @@ -0,0 +1,96 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: audit + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-audit + namespace: '{{ .Release.Namespace }}' +spec: + replicas: 1 + selector: + matchLabels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: audit-controller + gatekeeper.sh/operation: audit + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + template: + metadata: + annotations: +{{- toYaml .Values.podAnnotations | trim | nindent 8 }} + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: audit-controller + gatekeeper.sh/operation: audit + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + spec: + containers: + - args: + - --audit-interval={{ .Values.auditInterval }} + - --log-level={{ .Values.logLevel }} + - --constraint-violations-limit={{ .Values.constraintViolationsLimit }} + - --audit-from-cache={{ .Values.auditFromCache }} + - --audit-chunk-size={{ .Values.auditChunkSize }} + - --emit-audit-events={{ .Values.emitAuditEvents }} + - --operation=audit + - --operation=status + - --logtostderr + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' + imagePullPolicy: '{{ .Values.image.pullPolicy }}' + livenessProbe: + httpGet: + path: /healthz + port: 9090 + name: manager + ports: + - containerPort: 8888 + name: metrics + protocol: TCP + - containerPort: 9090 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 9090 + resources: +{{ toYaml .Values.resources | indent 10 }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + runAsGroup: 999 + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} + serviceAccountName: gatekeeper-admin + terminationGracePeriodSeconds: 60 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-controller-manager-deployment.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-controller-manager-deployment.yaml new file mode 100644 index 000000000..06a54b686 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-controller-manager-deployment.yaml @@ -0,0 +1,117 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-controller-manager + namespace: '{{ .Release.Namespace }}' +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + template: + metadata: + annotations: +{{- toYaml .Values.podAnnotations | trim | nindent 8 }} + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: gatekeeper.sh/operation + operator: In + values: + - webhook + topologyKey: kubernetes.io/hostname + weight: 100 + containers: + - args: + - --port=8443 + - --logtostderr + - --emit-admission-events={{ .Values.emitAdmissionEvents }} + - --log-level={{ .Values.logLevel }} + - --exempt-namespace=gatekeeper-system + - --operation=webhook + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' + imagePullPolicy: '{{ .Values.image.pullPolicy }}' + livenessProbe: + httpGet: + path: /healthz + port: 9090 + name: manager + ports: + - containerPort: 8443 + name: webhook-server + protocol: TCP + - containerPort: 8888 + name: metrics + protocol: TCP + - containerPort: 9090 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 9090 + resources: +{{ toYaml .Values.resources | indent 10 }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + runAsGroup: 999 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /certs + name: cert + readOnly: true + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} + serviceAccountName: gatekeeper-admin + terminationGracePeriodSeconds: 60 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: gatekeeper-webhook-server-cert diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-manager-role-clusterrole.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-manager-role-clusterrole.yaml new file mode 100644 index 000000000..b03f23f63 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-manager-role-clusterrole.yaml @@ -0,0 +1,125 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-role +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - config.gatekeeper.sh + resources: + - configs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - config.gatekeeper.sh + resources: + - configs/status + verbs: + - get + - patch + - update +- apiGroups: + - constraints.gatekeeper.sh + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - policy + resources: + - podsecuritypolicies + verbs: + - use +- apiGroups: + - status.gatekeeper.sh + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - templates.gatekeeper.sh + resources: + - constrainttemplates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - templates.gatekeeper.sh + resources: + - constrainttemplates/finalizers + verbs: + - delete + - get + - patch + - update +- apiGroups: + - templates.gatekeeper.sh + resources: + - constrainttemplates/status + verbs: + - get + - patch + - update +- apiGroups: + - admissionregistration.k8s.io + resourceNames: + - gatekeeper-validating-webhook-configuration + resources: + - validatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-manager-role-role.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-manager-role-role.yaml new file mode 100644 index 000000000..73e2c5cf7 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-manager-role-role.yaml @@ -0,0 +1,32 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-role + namespace: '{{ .Release.Namespace }}' +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml new file mode 100644 index 000000000..22194d2ad --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: gatekeeper-manager-role +subjects: +- kind: ServiceAccount + name: gatekeeper-admin + namespace: '{{ .Release.Namespace }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-manager-rolebinding-rolebinding.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-manager-rolebinding-rolebinding.yaml new file mode 100644 index 000000000..4bf6087dc --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-manager-rolebinding-rolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-rolebinding + namespace: '{{ .Release.Namespace }}' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: gatekeeper-manager-role +subjects: +- kind: ServiceAccount + name: gatekeeper-admin + namespace: '{{ .Release.Namespace }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml new file mode 100644 index 000000000..f19216687 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml @@ -0,0 +1,58 @@ +{{- if not .Values.disableValidatingWebhook }} +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + creationTimestamp: null + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-validating-webhook-configuration +webhooks: +- clientConfig: + caBundle: Cg== + service: + name: gatekeeper-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /v1/admit + failurePolicy: Ignore + name: validation.gatekeeper.sh + namespaceSelector: + matchExpressions: + - key: admission.gatekeeper.sh/ignore + operator: DoesNotExist + rules: + - apiGroups: + - '*' + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - '*' + sideEffects: None + timeoutSeconds: 5 +- clientConfig: + caBundle: Cg== + service: + name: gatekeeper-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /v1/admitlabel + failurePolicy: Fail + name: check-ignore-label.gatekeeper.sh + rules: + - apiGroups: + - "" + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None + timeoutSeconds: 5 +{{- end }} diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-webhook-server-cert-secret.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-webhook-server-cert-secret.yaml new file mode 100644 index 000000000..bf89ae8b4 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-webhook-server-cert-secret.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Secret +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-webhook-server-cert + namespace: '{{ .Release.Namespace }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-webhook-service-service.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-webhook-service-service.yaml new file mode 100644 index 000000000..473bc4b25 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/gatekeeper-webhook-service-service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-webhook-service + namespace: '{{ .Release.Namespace }}' +spec: + ports: + - port: 443 + targetPort: 8443 + selector: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/requiredlabels.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/requiredlabels.yaml new file mode 100644 index 000000000..e93e6a0a7 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/requiredlabels.yaml @@ -0,0 +1,57 @@ +apiVersion: templates.gatekeeper.sh/v1beta1 +kind: ConstraintTemplate +metadata: + name: k8srequiredlabels +spec: + crd: + spec: + names: + kind: K8sRequiredLabels + validation: + # Schema for the `parameters` field + openAPIV3Schema: + properties: + message: + type: string + labels: + type: array + items: + type: object + properties: + key: + type: string + allowedRegex: + type: string + targets: + - target: admission.k8s.gatekeeper.sh + rego: | + package k8srequiredlabels + + get_message(parameters, _default) = msg { + not parameters.message + msg := _default + } + + get_message(parameters, _default) = msg { + msg := parameters.message + } + + violation[{"msg": msg, "details": {"missing_labels": missing}}] { + provided := {label | input.review.object.metadata.labels[label]} + required := {label | label := input.parameters.labels[_].key} + missing := required - provided + count(missing) > 0 + def_msg := sprintf("you must provide labels: %v", [missing]) + msg := get_message(input.parameters, def_msg) + } + + violation[{"msg": msg}] { + value := input.review.object.metadata.labels[key] + expected := input.parameters.labels[_] + expected.key == key + # do not match if allowedRegex is not defined, or is an empty string + expected.allowedRegex != "" + not re_match(expected.allowedRegex, value) + def_msg := sprintf("Label <%v: %v> does not satisfy allowed regex: %v", [key, value, expected.allowedRegex]) + msg := get_message(input.parameters, def_msg) + } diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/validate-install-crd.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/validate-install-crd.yaml new file mode 100644 index 000000000..10977fd7d --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/templates/validate-install-crd.yaml @@ -0,0 +1,17 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "config.gatekeeper.sh/v1alpha1/Config" false -}} +# {{- set $found "status.gatekeeper.sh/v1beta1/ConstraintPodStatus" false -}} +# {{- set $found "templates.gatekeeper.sh/v1beta1/ConstraintTemplate" false -}} +# {{- set $found "status.gatekeeper.sh/v1beta1/ConstraintTemplatePodStatus" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the rancher-gatekeeper-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/values.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/values.yaml new file mode 100644 index 000000000..2afac2bfe --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.1.101/values.yaml @@ -0,0 +1,31 @@ +replicas: 3 +auditInterval: 300 +constraintViolationsLimit: 20 +auditFromCache: false +disableValidatingWebhook: false +auditChunkSize: 0 +logLevel: INFO +emitAdmissionEvents: false +emitAuditEvents: false +image: + repository: rancher/openpolicyagent-gatekeeper + tag: v3.1.1 + pullPolicy: IfNotPresent +nodeSelector: { kubernetes.io/os: linux } +affinity: {} +tolerations: [] +podAnnotations: + { container.seccomp.security.alpha.kubernetes.io/manager: runtime/default } +resources: + limits: + cpu: 1000m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi +global: + cattle: + systemDefaultRegistry: "" + kubectl: + repository: rancher/kubectl + tag: v1.18.6 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/.helmignore b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/CHANGELOG.md b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/CHANGELOG.md new file mode 100644 index 000000000..c68d23c24 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/CHANGELOG.md @@ -0,0 +1,15 @@ +# Changelog +All notable changes from the upstream OPA Gatekeeper chart will be added to this file + +## [Package Version 00] - 2020-09-10 +### Added +- Enabled the CRD chart generator in `package.yaml` + +### Modified +- Updated namespace to `cattle-gatekeeper-system` +- Updated for Helm 3 compatibility + - Moved crds to `crds` directory + - Removed `crd-install` hooks and templates from crds + +### Removed +- Removed `gatekeeper-system-namespace.yaml` as Rancher handles namespaces for chart installation diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/Chart.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/Chart.yaml new file mode 100644 index 000000000..b2d23d5b0 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: OPA Gatekeeper + catalog.cattle.io/experimental: "true" + catalog.cattle.io/namespace: cattle-gatekeeper-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: config.gatekeeper.sh.config/v1alpha1 + catalog.cattle.io/release-name: rancher-gatekeeper + catalog.cattle.io/ui-component: gatekeeper +apiVersion: v1 +appVersion: v3.2.1 +description: Modifies Open Policy Agent's upstream gatekeeper chart that provides + policy-based control for cloud native environments +home: https://github.com/open-policy-agent/gatekeeper +icon: https://charts.rancher.io/assets/logos/gatekeeper.svg +keywords: +- open policy agent +- security +name: rancher-gatekeeper +sources: +- https://github.com/open-policy-agent/gatekeeper.git +version: 3.2.101 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/README.md b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/README.md new file mode 100644 index 000000000..8a5157bf3 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/README.md @@ -0,0 +1,33 @@ +# Gatekeeper Helm Chart + +## Parameters + +| Parameter | Description | Default | +| :------------------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------ | +| auditInterval | The frequency with which audit is run | `300` | +| constraintViolationsLimit | The maximum # of audit violations reported on a constraint | `20` | +| auditFromCache | Take the roster of resources to audit from the OPA cache | `false` | +| auditChunkSize | Chunk size for listing cluster resources for audit (alpha feature) | `0` | +| disableValidatingWebhook | Disable ValidatingWebhook | `false` | +| emitAdmissionEvents | Emit K8s events in gatekeeper namespace for admission violations (alpha feature) | `false` | +| emitAuditEvents | Emit K8s events in gatekeeper namespace for audit violations (alpha feature) | `false` | +| logLevel | Minimum log level | `INFO` | +| image.pullPolicy | The image pull policy | `IfNotPresent` | +| image.repository | Image repository | `openpolicyagent/gatekeeper` | +| image.release | The image release tag to use | Current release version: `v3.2.1` | +| resources | The resource request/limits for the container image | limits: 1 CPU, 512Mi, requests: 100mCPU, 256Mi | +| nodeSelector | The node selector to use for pod scheduling | `kubernetes.io/os: linux` | +| affinity | The node affinity to use for pod scheduling | `{}` | +| tolerations | The tolerations to use for pod scheduling | `[]` | +| replicas | The number of Gatekeeper replicas to deploy for the webhook | `1` | +| podAnnotations | The annotations to add to the Gatekeeper pods | `container.seccomp.security.alpha.kubernetes.io/manager: runtime/default` | +| customResourceDefinitions.create | Whether the release should install CRDs. Regardless of this value, Helm v3+ will install the CRDs if those are not present already. Use --skip-crds with helm install if you want to skip CRD creation | `true` | + +## Contributing Changes + +This Helm chart is autogenerated from the Gatekeeper static manifest. The +generator code lives under `cmd/build/helmify`. To make modifications to this +template, please edit `kustomization.yaml` and `replacements.go` under that +directory and then run `make manifests`. Your changes will show up in the +`manifest_staging` directory and will be promoted to the root `charts` directory +the next time a Gatekeeper release is cut. diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/app-readme.md b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/app-readme.md new file mode 100644 index 000000000..d44cf7b2b --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/app-readme.md @@ -0,0 +1,14 @@ +# Rancher OPA Gatekeeper + +This chart is based off of the upstream [OPA Gatekeeper](https://github.com/open-policy-agent/gatekeeper/tree/master/charts/gatekeeper) chart. + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/opa-gatekeper/). + +The chart installs the following components: + +- OPA Gatekeeper Controller-Manager - OPA Gatekeeper is a policy engine for providing policy based governance for Kubernetes clusters. The controller installs as a [validating admission controller webhook](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#validatingadmissionwebhook) on the cluster and intercepts all admission requests that create, update or delete a resource in the cluster. +- [Audit](https://github.com/open-policy-agent/gatekeeper#audit) - A periodic audit of the cluster resources against the enforced policies. Any existing resource that violates a policy will be recorded as violations. +- [Constraint Template](https://github.com/open-policy-agent/gatekeeper#constraint-templates) - A template is a CRD (`ConstraintTemplate`) that defines the schema and Rego logic of a policy to be applied to the cluster by Gatekeeper's admission controller webhook. This chart installs a few default `ConstraintTemplate` custom resources. +- [Constraint](https://github.com/open-policy-agent/gatekeeper#constraints) - A constraint is a custom resource that defines the scope of resources which a specific constraint template should apply to. The complete policy is defined by a combination of `ConstraintTemplates` (i.e. what the policy is) and `Constraints` (i.e. what resource to apply the policy to). + +For more information on how to configure the Helm chart, refer to the Helm README. diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/_helpers.tpl b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/_helpers.tpl new file mode 100644 index 000000000..f5d0ab307 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/_helpers.tpl @@ -0,0 +1,52 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "gatekeeper.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "gatekeeper.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "gatekeeper.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "gatekeeper.labels" -}} +app.kubernetes.io/name: {{ include "gatekeeper.name" . }} +helm.sh/chart: {{ include "gatekeeper.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/allowedrepos.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/allowedrepos.yaml new file mode 100644 index 000000000..9abb84ecb --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/allowedrepos.yaml @@ -0,0 +1,35 @@ +apiVersion: templates.gatekeeper.sh/v1beta1 +kind: ConstraintTemplate +metadata: + name: k8sallowedrepos +spec: + crd: + spec: + names: + kind: K8sAllowedRepos + validation: + # Schema for the `parameters` field + openAPIV3Schema: + properties: + repos: + type: array + items: + type: string + targets: + - target: admission.k8s.gatekeeper.sh + rego: | + package k8sallowedrepos + + violation[{"msg": msg}] { + container := input.review.object.spec.containers[_] + satisfied := [good | repo = input.parameters.repos[_] ; good = startswith(container.image, repo)] + not any(satisfied) + msg := sprintf("container <%v> has an invalid image repo <%v>, allowed repos are %v", [container.name, container.image, input.parameters.repos]) + } + + violation[{"msg": msg}] { + container := input.review.object.spec.initContainers[_] + satisfied := [good | repo = input.parameters.repos[_] ; good = startswith(container.image, repo)] + not any(satisfied) + msg := sprintf("container <%v> has an invalid image repo <%v>, allowed repos are %v", [container.name, container.image, input.parameters.repos]) + } diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-admin-podsecuritypolicy.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-admin-podsecuritypolicy.yaml new file mode 100644 index 000000000..78f36ecfb --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-admin-podsecuritypolicy.yaml @@ -0,0 +1,35 @@ +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + annotations: + seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-admin +spec: + allowPrivilegeEscalation: false + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - projected + - secret + - downwardAPI diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-admin-serviceaccount.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-admin-serviceaccount.yaml new file mode 100644 index 000000000..4b68998cb --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-admin-serviceaccount.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-admin + namespace: '{{ .Release.Namespace }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-audit-deployment.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-audit-deployment.yaml new file mode 100644 index 000000000..d9ee16076 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-audit-deployment.yaml @@ -0,0 +1,96 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: audit + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-audit + namespace: '{{ .Release.Namespace }}' +spec: + replicas: 1 + selector: + matchLabels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: audit-controller + gatekeeper.sh/operation: audit + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + template: + metadata: + annotations: +{{- toYaml .Values.podAnnotations | trim | nindent 8 }} + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: audit-controller + gatekeeper.sh/operation: audit + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + spec: + containers: + - args: + - --audit-interval={{ .Values.auditInterval }} + - --log-level={{ .Values.logLevel }} + - --constraint-violations-limit={{ .Values.constraintViolationsLimit }} + - --audit-from-cache={{ .Values.auditFromCache }} + - --audit-chunk-size={{ .Values.auditChunkSize }} + - --emit-audit-events={{ .Values.emitAuditEvents }} + - --operation=audit + - --operation=status + - --logtostderr + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' + imagePullPolicy: '{{ .Values.image.pullPolicy }}' + livenessProbe: + httpGet: + path: /healthz + port: 9090 + name: manager + ports: + - containerPort: 8888 + name: metrics + protocol: TCP + - containerPort: 9090 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 9090 + resources: +{{ toYaml .Values.audit.resources | indent 10 }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + runAsGroup: 999 + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} + serviceAccountName: gatekeeper-admin + terminationGracePeriodSeconds: 60 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-controller-manager-deployment.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-controller-manager-deployment.yaml new file mode 100644 index 000000000..22ceed00a --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-controller-manager-deployment.yaml @@ -0,0 +1,117 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-controller-manager + namespace: '{{ .Release.Namespace }}' +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + template: + metadata: + annotations: +{{- toYaml .Values.podAnnotations | trim | nindent 8 }} + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: gatekeeper.sh/operation + operator: In + values: + - webhook + topologyKey: kubernetes.io/hostname + weight: 100 + containers: + - args: + - --port=8443 + - --logtostderr + - --emit-admission-events={{ .Values.emitAdmissionEvents }} + - --log-level={{ .Values.logLevel }} + - --exempt-namespace=gatekeeper-system + - --operation=webhook + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' + imagePullPolicy: '{{ .Values.image.pullPolicy }}' + livenessProbe: + httpGet: + path: /healthz + port: 9090 + name: manager + ports: + - containerPort: 8443 + name: webhook-server + protocol: TCP + - containerPort: 8888 + name: metrics + protocol: TCP + - containerPort: 9090 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 9090 + resources: +{{ toYaml .Values.controllerManager.resources | indent 10 }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + runAsGroup: 999 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /certs + name: cert + readOnly: true + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} + serviceAccountName: gatekeeper-admin + terminationGracePeriodSeconds: 60 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: gatekeeper-webhook-server-cert diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-manager-role-clusterrole.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-manager-role-clusterrole.yaml new file mode 100644 index 000000000..690aebcfd --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-manager-role-clusterrole.yaml @@ -0,0 +1,127 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-role +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - config.gatekeeper.sh + resources: + - configs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - config.gatekeeper.sh + resources: + - configs/status + verbs: + - get + - patch + - update +- apiGroups: + - constraints.gatekeeper.sh + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - policy + resourceNames: + - gatekeeper-admin + resources: + - podsecuritypolicies + verbs: + - use +- apiGroups: + - status.gatekeeper.sh + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - templates.gatekeeper.sh + resources: + - constrainttemplates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - templates.gatekeeper.sh + resources: + - constrainttemplates/finalizers + verbs: + - delete + - get + - patch + - update +- apiGroups: + - templates.gatekeeper.sh + resources: + - constrainttemplates/status + verbs: + - get + - patch + - update +- apiGroups: + - admissionregistration.k8s.io + resourceNames: + - gatekeeper-validating-webhook-configuration + resources: + - validatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-manager-role-role.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-manager-role-role.yaml new file mode 100644 index 000000000..73e2c5cf7 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-manager-role-role.yaml @@ -0,0 +1,32 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-role + namespace: '{{ .Release.Namespace }}' +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml new file mode 100644 index 000000000..22194d2ad --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: gatekeeper-manager-role +subjects: +- kind: ServiceAccount + name: gatekeeper-admin + namespace: '{{ .Release.Namespace }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-manager-rolebinding-rolebinding.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-manager-rolebinding-rolebinding.yaml new file mode 100644 index 000000000..4bf6087dc --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-manager-rolebinding-rolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-rolebinding + namespace: '{{ .Release.Namespace }}' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: gatekeeper-manager-role +subjects: +- kind: ServiceAccount + name: gatekeeper-admin + namespace: '{{ .Release.Namespace }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml new file mode 100644 index 000000000..dade6a945 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml @@ -0,0 +1,58 @@ +{{- if not .Values.disableValidatingWebhook }} +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + creationTimestamp: null + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-validating-webhook-configuration +webhooks: +- clientConfig: + caBundle: Cg== + service: + name: gatekeeper-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /v1/admit + failurePolicy: Ignore + name: validation.gatekeeper.sh + namespaceSelector: + matchExpressions: + - key: admission.gatekeeper.sh/ignore + operator: DoesNotExist + rules: + - apiGroups: + - '*' + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - '*' + sideEffects: None + timeoutSeconds: 3 +- clientConfig: + caBundle: Cg== + service: + name: gatekeeper-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /v1/admitlabel + failurePolicy: Fail + name: check-ignore-label.gatekeeper.sh + rules: + - apiGroups: + - "" + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None + timeoutSeconds: 3 +{{- end }} diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-webhook-server-cert-secret.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-webhook-server-cert-secret.yaml new file mode 100644 index 000000000..bf89ae8b4 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-webhook-server-cert-secret.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Secret +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-webhook-server-cert + namespace: '{{ .Release.Namespace }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-webhook-service-service.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-webhook-service-service.yaml new file mode 100644 index 000000000..473bc4b25 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/gatekeeper-webhook-service-service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-webhook-service + namespace: '{{ .Release.Namespace }}' +spec: + ports: + - port: 443 + targetPort: 8443 + selector: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/requiredlabels.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/requiredlabels.yaml new file mode 100644 index 000000000..e93e6a0a7 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/requiredlabels.yaml @@ -0,0 +1,57 @@ +apiVersion: templates.gatekeeper.sh/v1beta1 +kind: ConstraintTemplate +metadata: + name: k8srequiredlabels +spec: + crd: + spec: + names: + kind: K8sRequiredLabels + validation: + # Schema for the `parameters` field + openAPIV3Schema: + properties: + message: + type: string + labels: + type: array + items: + type: object + properties: + key: + type: string + allowedRegex: + type: string + targets: + - target: admission.k8s.gatekeeper.sh + rego: | + package k8srequiredlabels + + get_message(parameters, _default) = msg { + not parameters.message + msg := _default + } + + get_message(parameters, _default) = msg { + msg := parameters.message + } + + violation[{"msg": msg, "details": {"missing_labels": missing}}] { + provided := {label | input.review.object.metadata.labels[label]} + required := {label | label := input.parameters.labels[_].key} + missing := required - provided + count(missing) > 0 + def_msg := sprintf("you must provide labels: %v", [missing]) + msg := get_message(input.parameters, def_msg) + } + + violation[{"msg": msg}] { + value := input.review.object.metadata.labels[key] + expected := input.parameters.labels[_] + expected.key == key + # do not match if allowedRegex is not defined, or is an empty string + expected.allowedRegex != "" + not re_match(expected.allowedRegex, value) + def_msg := sprintf("Label <%v: %v> does not satisfy allowed regex: %v", [key, value, expected.allowedRegex]) + msg := get_message(input.parameters, def_msg) + } diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/validate-install-crd.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/validate-install-crd.yaml new file mode 100644 index 000000000..10977fd7d --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/templates/validate-install-crd.yaml @@ -0,0 +1,17 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "config.gatekeeper.sh/v1alpha1/Config" false -}} +# {{- set $found "status.gatekeeper.sh/v1beta1/ConstraintPodStatus" false -}} +# {{- set $found "templates.gatekeeper.sh/v1beta1/ConstraintTemplate" false -}} +# {{- set $found "status.gatekeeper.sh/v1beta1/ConstraintTemplatePodStatus" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the rancher-gatekeeper-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/values.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/values.yaml new file mode 100644 index 000000000..bec986402 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.2.101/values.yaml @@ -0,0 +1,40 @@ +replicas: 3 +auditInterval: 300 +constraintViolationsLimit: 20 +auditFromCache: false +disableValidatingWebhook: false +auditChunkSize: 0 +logLevel: INFO +emitAdmissionEvents: false +emitAuditEvents: false +image: + repository: rancher/openpolicyagent-gatekeeper + tag: v3.2.1 + pullPolicy: IfNotPresent +nodeSelector: { kubernetes.io/os: linux } +affinity: {} +tolerations: [] +podAnnotations: + { container.seccomp.security.alpha.kubernetes.io/manager: runtime/default } +controllerManager: + resources: + limits: + cpu: 1000m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi +audit: + resources: + limits: + cpu: 1000m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi +global: + cattle: + systemDefaultRegistry: "" + kubectl: + repository: rancher/kubectl + tag: v1.18.6 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/.helmignore b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/.helmignore new file mode 100755 index 000000000..f0c131944 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/CHANGELOG.md b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/CHANGELOG.md new file mode 100755 index 000000000..c68d23c24 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/CHANGELOG.md @@ -0,0 +1,15 @@ +# Changelog +All notable changes from the upstream OPA Gatekeeper chart will be added to this file + +## [Package Version 00] - 2020-09-10 +### Added +- Enabled the CRD chart generator in `package.yaml` + +### Modified +- Updated namespace to `cattle-gatekeeper-system` +- Updated for Helm 3 compatibility + - Moved crds to `crds` directory + - Removed `crd-install` hooks and templates from crds + +### Removed +- Removed `gatekeeper-system-namespace.yaml` as Rancher handles namespaces for chart installation diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/Chart.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/Chart.yaml new file mode 100755 index 000000000..6e7996477 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/Chart.yaml @@ -0,0 +1,22 @@ +annotations: + catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: OPA Gatekeeper + catalog.cattle.io/namespace: cattle-gatekeeper-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: config.gatekeeper.sh.config/v1alpha1 + catalog.cattle.io/release-name: rancher-gatekeeper + catalog.cattle.io/ui-component: gatekeeper +apiVersion: v1 +appVersion: v3.3.0 +description: Modifies Open Policy Agent's upstream gatekeeper chart that provides + policy-based control for cloud native environments +home: https://github.com/open-policy-agent/gatekeeper +icon: https://charts.rancher.io/assets/logos/gatekeeper.svg +keywords: +- open policy agent +- security +name: rancher-gatekeeper +sources: +- https://github.com/open-policy-agent/gatekeeper.git +version: 3.3.000 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/README.md b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/README.md new file mode 100755 index 000000000..45cf27c79 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/README.md @@ -0,0 +1,39 @@ +# Gatekeeper Helm Chart + +## Parameters + +| Parameter | Description | Default | +| :---------------------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------ | +| auditInterval | The frequency with which audit is run | `300` | +| constraintViolationsLimit | The maximum # of audit violations reported on a constraint | `20` | +| auditFromCache | Take the roster of resources to audit from the OPA cache | `false` | +| auditChunkSize | Chunk size for listing cluster resources for audit (alpha feature) | `0` | +| disableValidatingWebhook | Disable the validating webhook | `false` | +| validatingWebhookTimeoutSeconds | The timeout for the validating webhook in seconds | `3` | +| enableDeleteOperations | Enable validating webhook for delete operations | `false` | +| emitAdmissionEvents | Emit K8s events in gatekeeper namespace for admission violations (alpha feature) | `false` | +| emitAuditEvents | Emit K8s events in gatekeeper namespace for audit violations (alpha feature) | `false` | +| logLevel | Minimum log level | `INFO` | +| image.pullPolicy | The image pull policy | `IfNotPresent` | +| image.repository | Image repository | `openpolicyagent/gatekeeper` | +| image.release | The image release tag to use | Current release version: `v3.3.0` | +| image.pullSecrets | Specify an array of imagePullSecrets | `[]` | +| resources | The resource request/limits for the container image | limits: 1 CPU, 512Mi, requests: 100mCPU, 256Mi | +| nodeSelector | The node selector to use for pod scheduling | `kubernetes.io/os: linux` | +| affinity | The node affinity to use for pod scheduling | `{}` | +| tolerations | The tolerations to use for pod scheduling | `[]` | +| controllerManager.priorityClassName | Priority class name for controller manager | `system-cluster-critical` | +| audit.priorityClassName | Priority class name for audit controller | `system-cluster-critical` | +| replicas | The number of Gatekeeper replicas to deploy for the webhook | `1` | +| podAnnotations | The annotations to add to the Gatekeeper pods | `container.seccomp.security.alpha.kubernetes.io/manager: runtime/default` | +| secretAnnotations | The annotations to add to the Gatekeeper secrets | `{}` | +| customResourceDefinitions.create | Whether the release should install CRDs. Regardless of this value, Helm v3+ will install the CRDs if those are not present already. Use --skip-crds with helm install if you want to skip CRD creation | `true` | + +## Contributing Changes + +This Helm chart is autogenerated from the Gatekeeper static manifest. The +generator code lives under `cmd/build/helmify`. To make modifications to this +template, please edit `kustomization.yaml` and `replacements.go` under that +directory and then run `make manifests`. Your changes will show up in the +`manifest_staging` directory and will be promoted to the root `charts` directory +the next time a Gatekeeper release is cut. diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/app-readme.md b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/app-readme.md new file mode 100755 index 000000000..d44cf7b2b --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/app-readme.md @@ -0,0 +1,14 @@ +# Rancher OPA Gatekeeper + +This chart is based off of the upstream [OPA Gatekeeper](https://github.com/open-policy-agent/gatekeeper/tree/master/charts/gatekeeper) chart. + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/opa-gatekeper/). + +The chart installs the following components: + +- OPA Gatekeeper Controller-Manager - OPA Gatekeeper is a policy engine for providing policy based governance for Kubernetes clusters. The controller installs as a [validating admission controller webhook](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#validatingadmissionwebhook) on the cluster and intercepts all admission requests that create, update or delete a resource in the cluster. +- [Audit](https://github.com/open-policy-agent/gatekeeper#audit) - A periodic audit of the cluster resources against the enforced policies. Any existing resource that violates a policy will be recorded as violations. +- [Constraint Template](https://github.com/open-policy-agent/gatekeeper#constraint-templates) - A template is a CRD (`ConstraintTemplate`) that defines the schema and Rego logic of a policy to be applied to the cluster by Gatekeeper's admission controller webhook. This chart installs a few default `ConstraintTemplate` custom resources. +- [Constraint](https://github.com/open-policy-agent/gatekeeper#constraints) - A constraint is a custom resource that defines the scope of resources which a specific constraint template should apply to. The complete policy is defined by a combination of `ConstraintTemplates` (i.e. what the policy is) and `Constraints` (i.e. what resource to apply the policy to). + +For more information on how to configure the Helm chart, refer to the Helm README. diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/_helpers.tpl b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/_helpers.tpl new file mode 100755 index 000000000..f5d0ab307 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/_helpers.tpl @@ -0,0 +1,52 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "gatekeeper.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "gatekeeper.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "gatekeeper.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "gatekeeper.labels" -}} +app.kubernetes.io/name: {{ include "gatekeeper.name" . }} +helm.sh/chart: {{ include "gatekeeper.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/allowedrepos.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/allowedrepos.yaml new file mode 100755 index 000000000..9abb84ecb --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/allowedrepos.yaml @@ -0,0 +1,35 @@ +apiVersion: templates.gatekeeper.sh/v1beta1 +kind: ConstraintTemplate +metadata: + name: k8sallowedrepos +spec: + crd: + spec: + names: + kind: K8sAllowedRepos + validation: + # Schema for the `parameters` field + openAPIV3Schema: + properties: + repos: + type: array + items: + type: string + targets: + - target: admission.k8s.gatekeeper.sh + rego: | + package k8sallowedrepos + + violation[{"msg": msg}] { + container := input.review.object.spec.containers[_] + satisfied := [good | repo = input.parameters.repos[_] ; good = startswith(container.image, repo)] + not any(satisfied) + msg := sprintf("container <%v> has an invalid image repo <%v>, allowed repos are %v", [container.name, container.image, input.parameters.repos]) + } + + violation[{"msg": msg}] { + container := input.review.object.spec.initContainers[_] + satisfied := [good | repo = input.parameters.repos[_] ; good = startswith(container.image, repo)] + not any(satisfied) + msg := sprintf("container <%v> has an invalid image repo <%v>, allowed repos are %v", [container.name, container.image, input.parameters.repos]) + } diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-admin-podsecuritypolicy.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-admin-podsecuritypolicy.yaml new file mode 100755 index 000000000..78f36ecfb --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-admin-podsecuritypolicy.yaml @@ -0,0 +1,35 @@ +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + annotations: + seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-admin +spec: + allowPrivilegeEscalation: false + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - projected + - secret + - downwardAPI diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-admin-serviceaccount.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-admin-serviceaccount.yaml new file mode 100755 index 000000000..4b68998cb --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-admin-serviceaccount.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-admin + namespace: '{{ .Release.Namespace }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-audit-deployment.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-audit-deployment.yaml new file mode 100755 index 000000000..95ccaa767 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-audit-deployment.yaml @@ -0,0 +1,103 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: audit-controller + gatekeeper.sh/operation: audit + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-audit + namespace: '{{ .Release.Namespace }}' +spec: + replicas: 1 + selector: + matchLabels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: audit-controller + gatekeeper.sh/operation: audit + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + template: + metadata: + annotations: +{{- toYaml .Values.podAnnotations | trim | nindent 8 }} + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: audit-controller + gatekeeper.sh/operation: audit + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + spec: + automountServiceAccountToken: true + containers: + - args: + - --audit-interval={{ .Values.auditInterval }} + - --log-level={{ .Values.logLevel }} + - --constraint-violations-limit={{ .Values.constraintViolationsLimit }} + - --audit-from-cache={{ .Values.auditFromCache }} + - --audit-chunk-size={{ .Values.auditChunkSize }} + - --emit-audit-events={{ .Values.emitAuditEvents }} + - --operation=audit + - --operation=status + - --logtostderr + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' + imagePullPolicy: '{{ .Values.image.pullPolicy }}' + livenessProbe: + httpGet: + path: /healthz + port: 9090 + name: manager + ports: + - containerPort: 8888 + name: metrics + protocol: TCP + - containerPort: 9090 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 9090 + resources: +{{ toYaml .Values.audit.resources | indent 10 }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + readOnlyRootFilesystem: true + runAsGroup: 999 + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: +{{ toYaml .Values.audit.nodeSelector | indent 8 }} + affinity: +{{ toYaml .Values.audit.affinity | indent 8 }} + tolerations: +{{ toYaml .Values.audit.tolerations | indent 8 }} + imagePullSecrets: +{{ toYaml .Values.image.pullSecrets | indent 8 }} +{{- if .Values.audit.priorityClassName }} + priorityClassName: {{ .Values.audit.priorityClassName }} +{{- end }} + serviceAccountName: gatekeeper-admin + terminationGracePeriodSeconds: 60 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-controller-manager-deployment.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-controller-manager-deployment.yaml new file mode 100755 index 000000000..b050f3574 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-controller-manager-deployment.yaml @@ -0,0 +1,124 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-controller-manager + namespace: '{{ .Release.Namespace }}' +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + template: + metadata: + annotations: +{{- toYaml .Values.podAnnotations | trim | nindent 8 }} + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: gatekeeper.sh/operation + operator: In + values: + - webhook + topologyKey: kubernetes.io/hostname + weight: 100 + automountServiceAccountToken: true + containers: + - args: + - --port=8443 + - --logtostderr + - --emit-admission-events={{ .Values.emitAdmissionEvents }} + - --log-level={{ .Values.logLevel }} + - --exempt-namespace=gatekeeper-system + - --operation=webhook + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' + imagePullPolicy: '{{ .Values.image.pullPolicy }}' + livenessProbe: + httpGet: + path: /healthz + port: 9090 + name: manager + ports: + - containerPort: 8443 + name: webhook-server + protocol: TCP + - containerPort: 8888 + name: metrics + protocol: TCP + - containerPort: 9090 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 9090 + resources: +{{ toYaml .Values.controllerManager.resources | indent 10 }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + readOnlyRootFilesystem: true + runAsGroup: 999 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /certs + name: cert + readOnly: true + nodeSelector: +{{ toYaml .Values.controllerManager.nodeSelector | indent 8 }} + affinity: +{{ toYaml .Values.controllerManager.affinity | indent 8 }} + tolerations: +{{ toYaml .Values.controllerManager.tolerations | indent 8 }} + imagePullSecrets: +{{ toYaml .Values.image.pullSecrets | indent 8 }} +{{- if .Values.controllerManager.priorityClassName }} + priorityClassName: {{ .Values.controllerManager.priorityClassName }} +{{- end }} + serviceAccountName: gatekeeper-admin + terminationGracePeriodSeconds: 60 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: gatekeeper-webhook-server-cert diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-manager-role-clusterrole.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-manager-role-clusterrole.yaml new file mode 100755 index 000000000..05577fb22 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-manager-role-clusterrole.yaml @@ -0,0 +1,139 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-role +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - config.gatekeeper.sh + resources: + - configs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - config.gatekeeper.sh + resources: + - configs/status + verbs: + - get + - patch + - update +- apiGroups: + - constraints.gatekeeper.sh + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mutations.gatekeeper.sh + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - policy + resourceNames: + - gatekeeper-admin + resources: + - podsecuritypolicies + verbs: + - use +- apiGroups: + - status.gatekeeper.sh + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - templates.gatekeeper.sh + resources: + - constrainttemplates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - templates.gatekeeper.sh + resources: + - constrainttemplates/finalizers + verbs: + - delete + - get + - patch + - update +- apiGroups: + - templates.gatekeeper.sh + resources: + - constrainttemplates/status + verbs: + - get + - patch + - update +- apiGroups: + - admissionregistration.k8s.io + resourceNames: + - gatekeeper-validating-webhook-configuration + resources: + - validatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-manager-role-role.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-manager-role-role.yaml new file mode 100755 index 000000000..73e2c5cf7 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-manager-role-role.yaml @@ -0,0 +1,32 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-role + namespace: '{{ .Release.Namespace }}' +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml new file mode 100755 index 000000000..22194d2ad --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: gatekeeper-manager-role +subjects: +- kind: ServiceAccount + name: gatekeeper-admin + namespace: '{{ .Release.Namespace }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-manager-rolebinding-rolebinding.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-manager-rolebinding-rolebinding.yaml new file mode 100755 index 000000000..4bf6087dc --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-manager-rolebinding-rolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-rolebinding + namespace: '{{ .Release.Namespace }}' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: gatekeeper-manager-role +subjects: +- kind: ServiceAccount + name: gatekeeper-admin + namespace: '{{ .Release.Namespace }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml new file mode 100755 index 000000000..ba72d918e --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml @@ -0,0 +1,61 @@ +{{- if not .Values.disableValidatingWebhook }} +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + creationTimestamp: null + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-validating-webhook-configuration +webhooks: +- clientConfig: + caBundle: Cg== + service: + name: gatekeeper-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /v1/admit + failurePolicy: Ignore + name: validation.gatekeeper.sh + namespaceSelector: + matchExpressions: + - key: admission.gatekeeper.sh/ignore + operator: DoesNotExist + rules: + - apiGroups: + - '*' + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + {{- if .Values.enableDeleteOperations }} + - DELETE + {{- end}} + resources: + - '*' + sideEffects: None + timeoutSeconds: {{ .Values.validatingWebhookTimeoutSeconds }} +- clientConfig: + caBundle: Cg== + service: + name: gatekeeper-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /v1/admitlabel + failurePolicy: Fail + name: check-ignore-label.gatekeeper.sh + rules: + - apiGroups: + - "" + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None + timeoutSeconds: {{ .Values.validatingWebhookTimeoutSeconds }} +{{- end }} diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-webhook-server-cert-secret.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-webhook-server-cert-secret.yaml new file mode 100755 index 000000000..5438a377d --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-webhook-server-cert-secret.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Secret +metadata: + annotations: +{{- toYaml .Values.secretAnnotations | trim | nindent 4 }} + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-webhook-server-cert + namespace: '{{ .Release.Namespace }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-webhook-service-service.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-webhook-service-service.yaml new file mode 100755 index 000000000..473bc4b25 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/gatekeeper-webhook-service-service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-webhook-service + namespace: '{{ .Release.Namespace }}' +spec: + ports: + - port: 443 + targetPort: 8443 + selector: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/requiredlabels.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/requiredlabels.yaml new file mode 100755 index 000000000..e93e6a0a7 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/requiredlabels.yaml @@ -0,0 +1,57 @@ +apiVersion: templates.gatekeeper.sh/v1beta1 +kind: ConstraintTemplate +metadata: + name: k8srequiredlabels +spec: + crd: + spec: + names: + kind: K8sRequiredLabels + validation: + # Schema for the `parameters` field + openAPIV3Schema: + properties: + message: + type: string + labels: + type: array + items: + type: object + properties: + key: + type: string + allowedRegex: + type: string + targets: + - target: admission.k8s.gatekeeper.sh + rego: | + package k8srequiredlabels + + get_message(parameters, _default) = msg { + not parameters.message + msg := _default + } + + get_message(parameters, _default) = msg { + msg := parameters.message + } + + violation[{"msg": msg, "details": {"missing_labels": missing}}] { + provided := {label | input.review.object.metadata.labels[label]} + required := {label | label := input.parameters.labels[_].key} + missing := required - provided + count(missing) > 0 + def_msg := sprintf("you must provide labels: %v", [missing]) + msg := get_message(input.parameters, def_msg) + } + + violation[{"msg": msg}] { + value := input.review.object.metadata.labels[key] + expected := input.parameters.labels[_] + expected.key == key + # do not match if allowedRegex is not defined, or is an empty string + expected.allowedRegex != "" + not re_match(expected.allowedRegex, value) + def_msg := sprintf("Label <%v: %v> does not satisfy allowed regex: %v", [key, value, expected.allowedRegex]) + msg := get_message(input.parameters, def_msg) + } diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/validate-install-crd.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/validate-install-crd.yaml new file mode 100755 index 000000000..875d7af02 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/templates/validate-install-crd.yaml @@ -0,0 +1,17 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "config.gatekeeper.sh/v1alpha1/Config" false -}} +# {{- set $found "status.gatekeeper.sh/v1beta1/ConstraintPodStatus" false -}} +# {{- set $found "templates.gatekeeper.sh/v1beta1/ConstraintTemplate" false -}} +# {{- set $found "status.gatekeeper.sh/v1beta1/ConstraintTemplatePodStatus" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/values.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/values.yaml new file mode 100755 index 000000000..717517977 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.000/values.yaml @@ -0,0 +1,60 @@ +replicas: 3 +auditInterval: 300 +constraintViolationsLimit: 20 +auditFromCache: false +disableValidatingWebhook: false +validatingWebhookTimeoutSeconds: 3 +enableDeleteOperations: false +auditChunkSize: 0 +logLevel: INFO +emitAdmissionEvents: false +emitAuditEvents: false +image: + repository: rancher/mirrored-openpolicyagent-gatekeeper + tag: v3.3.0 + pullPolicy: IfNotPresent + pullSecrets: [] +podAnnotations: + { container.seccomp.security.alpha.kubernetes.io/manager: runtime/default } +secretAnnotations: {} +controllerManager: + priorityClassName: system-cluster-critical + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: gatekeeper.sh/operation + operator: In + values: + - webhook + topologyKey: kubernetes.io/hostname + weight: 100 + tolerations: [] + nodeSelector: { kubernetes.io/os: linux } + resources: + limits: + cpu: 1000m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi +audit: + priorityClassName: system-cluster-critical + affinity: {} + tolerations: [] + nodeSelector: { kubernetes.io/os: linux } + resources: + limits: + cpu: 1000m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi +global: + cattle: + systemDefaultRegistry: "" + kubectl: + repository: rancher/kubectl + tag: v1.18.6 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/.helmignore b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/.helmignore new file mode 100755 index 000000000..f0c131944 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/CHANGELOG.md b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/CHANGELOG.md new file mode 100755 index 000000000..c68d23c24 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/CHANGELOG.md @@ -0,0 +1,15 @@ +# Changelog +All notable changes from the upstream OPA Gatekeeper chart will be added to this file + +## [Package Version 00] - 2020-09-10 +### Added +- Enabled the CRD chart generator in `package.yaml` + +### Modified +- Updated namespace to `cattle-gatekeeper-system` +- Updated for Helm 3 compatibility + - Moved crds to `crds` directory + - Removed `crd-install` hooks and templates from crds + +### Removed +- Removed `gatekeeper-system-namespace.yaml` as Rancher handles namespaces for chart installation diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/Chart.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/Chart.yaml new file mode 100755 index 000000000..95989f1f6 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/Chart.yaml @@ -0,0 +1,22 @@ +annotations: + catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: OPA Gatekeeper + catalog.cattle.io/namespace: cattle-gatekeeper-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: config.gatekeeper.sh.config/v1alpha1 + catalog.cattle.io/release-name: rancher-gatekeeper + catalog.cattle.io/ui-component: gatekeeper +apiVersion: v1 +appVersion: v3.3.0 +description: Modifies Open Policy Agent's upstream gatekeeper chart that provides + policy-based control for cloud native environments +home: https://github.com/open-policy-agent/gatekeeper +icon: https://charts.rancher.io/assets/logos/gatekeeper.svg +keywords: +- open policy agent +- security +name: rancher-gatekeeper +sources: +- https://github.com/open-policy-agent/gatekeeper.git +version: 3.3.001 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/README.md b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/README.md new file mode 100755 index 000000000..45cf27c79 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/README.md @@ -0,0 +1,39 @@ +# Gatekeeper Helm Chart + +## Parameters + +| Parameter | Description | Default | +| :---------------------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------ | +| auditInterval | The frequency with which audit is run | `300` | +| constraintViolationsLimit | The maximum # of audit violations reported on a constraint | `20` | +| auditFromCache | Take the roster of resources to audit from the OPA cache | `false` | +| auditChunkSize | Chunk size for listing cluster resources for audit (alpha feature) | `0` | +| disableValidatingWebhook | Disable the validating webhook | `false` | +| validatingWebhookTimeoutSeconds | The timeout for the validating webhook in seconds | `3` | +| enableDeleteOperations | Enable validating webhook for delete operations | `false` | +| emitAdmissionEvents | Emit K8s events in gatekeeper namespace for admission violations (alpha feature) | `false` | +| emitAuditEvents | Emit K8s events in gatekeeper namespace for audit violations (alpha feature) | `false` | +| logLevel | Minimum log level | `INFO` | +| image.pullPolicy | The image pull policy | `IfNotPresent` | +| image.repository | Image repository | `openpolicyagent/gatekeeper` | +| image.release | The image release tag to use | Current release version: `v3.3.0` | +| image.pullSecrets | Specify an array of imagePullSecrets | `[]` | +| resources | The resource request/limits for the container image | limits: 1 CPU, 512Mi, requests: 100mCPU, 256Mi | +| nodeSelector | The node selector to use for pod scheduling | `kubernetes.io/os: linux` | +| affinity | The node affinity to use for pod scheduling | `{}` | +| tolerations | The tolerations to use for pod scheduling | `[]` | +| controllerManager.priorityClassName | Priority class name for controller manager | `system-cluster-critical` | +| audit.priorityClassName | Priority class name for audit controller | `system-cluster-critical` | +| replicas | The number of Gatekeeper replicas to deploy for the webhook | `1` | +| podAnnotations | The annotations to add to the Gatekeeper pods | `container.seccomp.security.alpha.kubernetes.io/manager: runtime/default` | +| secretAnnotations | The annotations to add to the Gatekeeper secrets | `{}` | +| customResourceDefinitions.create | Whether the release should install CRDs. Regardless of this value, Helm v3+ will install the CRDs if those are not present already. Use --skip-crds with helm install if you want to skip CRD creation | `true` | + +## Contributing Changes + +This Helm chart is autogenerated from the Gatekeeper static manifest. The +generator code lives under `cmd/build/helmify`. To make modifications to this +template, please edit `kustomization.yaml` and `replacements.go` under that +directory and then run `make manifests`. Your changes will show up in the +`manifest_staging` directory and will be promoted to the root `charts` directory +the next time a Gatekeeper release is cut. diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/app-readme.md b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/app-readme.md new file mode 100755 index 000000000..d44cf7b2b --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/app-readme.md @@ -0,0 +1,14 @@ +# Rancher OPA Gatekeeper + +This chart is based off of the upstream [OPA Gatekeeper](https://github.com/open-policy-agent/gatekeeper/tree/master/charts/gatekeeper) chart. + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/opa-gatekeper/). + +The chart installs the following components: + +- OPA Gatekeeper Controller-Manager - OPA Gatekeeper is a policy engine for providing policy based governance for Kubernetes clusters. The controller installs as a [validating admission controller webhook](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#validatingadmissionwebhook) on the cluster and intercepts all admission requests that create, update or delete a resource in the cluster. +- [Audit](https://github.com/open-policy-agent/gatekeeper#audit) - A periodic audit of the cluster resources against the enforced policies. Any existing resource that violates a policy will be recorded as violations. +- [Constraint Template](https://github.com/open-policy-agent/gatekeeper#constraint-templates) - A template is a CRD (`ConstraintTemplate`) that defines the schema and Rego logic of a policy to be applied to the cluster by Gatekeeper's admission controller webhook. This chart installs a few default `ConstraintTemplate` custom resources. +- [Constraint](https://github.com/open-policy-agent/gatekeeper#constraints) - A constraint is a custom resource that defines the scope of resources which a specific constraint template should apply to. The complete policy is defined by a combination of `ConstraintTemplates` (i.e. what the policy is) and `Constraints` (i.e. what resource to apply the policy to). + +For more information on how to configure the Helm chart, refer to the Helm README. diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/_helpers.tpl b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/_helpers.tpl new file mode 100755 index 000000000..f5d0ab307 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/_helpers.tpl @@ -0,0 +1,52 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "gatekeeper.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "gatekeeper.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "gatekeeper.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "gatekeeper.labels" -}} +app.kubernetes.io/name: {{ include "gatekeeper.name" . }} +helm.sh/chart: {{ include "gatekeeper.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/allowedrepos.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/allowedrepos.yaml new file mode 100755 index 000000000..9abb84ecb --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/allowedrepos.yaml @@ -0,0 +1,35 @@ +apiVersion: templates.gatekeeper.sh/v1beta1 +kind: ConstraintTemplate +metadata: + name: k8sallowedrepos +spec: + crd: + spec: + names: + kind: K8sAllowedRepos + validation: + # Schema for the `parameters` field + openAPIV3Schema: + properties: + repos: + type: array + items: + type: string + targets: + - target: admission.k8s.gatekeeper.sh + rego: | + package k8sallowedrepos + + violation[{"msg": msg}] { + container := input.review.object.spec.containers[_] + satisfied := [good | repo = input.parameters.repos[_] ; good = startswith(container.image, repo)] + not any(satisfied) + msg := sprintf("container <%v> has an invalid image repo <%v>, allowed repos are %v", [container.name, container.image, input.parameters.repos]) + } + + violation[{"msg": msg}] { + container := input.review.object.spec.initContainers[_] + satisfied := [good | repo = input.parameters.repos[_] ; good = startswith(container.image, repo)] + not any(satisfied) + msg := sprintf("container <%v> has an invalid image repo <%v>, allowed repos are %v", [container.name, container.image, input.parameters.repos]) + } diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-admin-podsecuritypolicy.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-admin-podsecuritypolicy.yaml new file mode 100755 index 000000000..78f36ecfb --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-admin-podsecuritypolicy.yaml @@ -0,0 +1,35 @@ +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + annotations: + seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-admin +spec: + allowPrivilegeEscalation: false + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - projected + - secret + - downwardAPI diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-admin-serviceaccount.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-admin-serviceaccount.yaml new file mode 100755 index 000000000..4b68998cb --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-admin-serviceaccount.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-admin + namespace: '{{ .Release.Namespace }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-audit-deployment.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-audit-deployment.yaml new file mode 100755 index 000000000..95ccaa767 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-audit-deployment.yaml @@ -0,0 +1,103 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: audit-controller + gatekeeper.sh/operation: audit + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-audit + namespace: '{{ .Release.Namespace }}' +spec: + replicas: 1 + selector: + matchLabels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: audit-controller + gatekeeper.sh/operation: audit + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + template: + metadata: + annotations: +{{- toYaml .Values.podAnnotations | trim | nindent 8 }} + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: audit-controller + gatekeeper.sh/operation: audit + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + spec: + automountServiceAccountToken: true + containers: + - args: + - --audit-interval={{ .Values.auditInterval }} + - --log-level={{ .Values.logLevel }} + - --constraint-violations-limit={{ .Values.constraintViolationsLimit }} + - --audit-from-cache={{ .Values.auditFromCache }} + - --audit-chunk-size={{ .Values.auditChunkSize }} + - --emit-audit-events={{ .Values.emitAuditEvents }} + - --operation=audit + - --operation=status + - --logtostderr + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' + imagePullPolicy: '{{ .Values.image.pullPolicy }}' + livenessProbe: + httpGet: + path: /healthz + port: 9090 + name: manager + ports: + - containerPort: 8888 + name: metrics + protocol: TCP + - containerPort: 9090 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 9090 + resources: +{{ toYaml .Values.audit.resources | indent 10 }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + readOnlyRootFilesystem: true + runAsGroup: 999 + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: +{{ toYaml .Values.audit.nodeSelector | indent 8 }} + affinity: +{{ toYaml .Values.audit.affinity | indent 8 }} + tolerations: +{{ toYaml .Values.audit.tolerations | indent 8 }} + imagePullSecrets: +{{ toYaml .Values.image.pullSecrets | indent 8 }} +{{- if .Values.audit.priorityClassName }} + priorityClassName: {{ .Values.audit.priorityClassName }} +{{- end }} + serviceAccountName: gatekeeper-admin + terminationGracePeriodSeconds: 60 diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-controller-manager-deployment.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-controller-manager-deployment.yaml new file mode 100755 index 000000000..b050f3574 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-controller-manager-deployment.yaml @@ -0,0 +1,124 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-controller-manager + namespace: '{{ .Release.Namespace }}' +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + template: + metadata: + annotations: +{{- toYaml .Values.podAnnotations | trim | nindent 8 }} + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: gatekeeper.sh/operation + operator: In + values: + - webhook + topologyKey: kubernetes.io/hostname + weight: 100 + automountServiceAccountToken: true + containers: + - args: + - --port=8443 + - --logtostderr + - --emit-admission-events={{ .Values.emitAdmissionEvents }} + - --log-level={{ .Values.logLevel }} + - --exempt-namespace=gatekeeper-system + - --operation=webhook + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' + imagePullPolicy: '{{ .Values.image.pullPolicy }}' + livenessProbe: + httpGet: + path: /healthz + port: 9090 + name: manager + ports: + - containerPort: 8443 + name: webhook-server + protocol: TCP + - containerPort: 8888 + name: metrics + protocol: TCP + - containerPort: 9090 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 9090 + resources: +{{ toYaml .Values.controllerManager.resources | indent 10 }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + readOnlyRootFilesystem: true + runAsGroup: 999 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /certs + name: cert + readOnly: true + nodeSelector: +{{ toYaml .Values.controllerManager.nodeSelector | indent 8 }} + affinity: +{{ toYaml .Values.controllerManager.affinity | indent 8 }} + tolerations: +{{ toYaml .Values.controllerManager.tolerations | indent 8 }} + imagePullSecrets: +{{ toYaml .Values.image.pullSecrets | indent 8 }} +{{- if .Values.controllerManager.priorityClassName }} + priorityClassName: {{ .Values.controllerManager.priorityClassName }} +{{- end }} + serviceAccountName: gatekeeper-admin + terminationGracePeriodSeconds: 60 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: gatekeeper-webhook-server-cert diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-manager-role-clusterrole.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-manager-role-clusterrole.yaml new file mode 100755 index 000000000..05577fb22 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-manager-role-clusterrole.yaml @@ -0,0 +1,139 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-role +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - config.gatekeeper.sh + resources: + - configs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - config.gatekeeper.sh + resources: + - configs/status + verbs: + - get + - patch + - update +- apiGroups: + - constraints.gatekeeper.sh + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mutations.gatekeeper.sh + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - policy + resourceNames: + - gatekeeper-admin + resources: + - podsecuritypolicies + verbs: + - use +- apiGroups: + - status.gatekeeper.sh + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - templates.gatekeeper.sh + resources: + - constrainttemplates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - templates.gatekeeper.sh + resources: + - constrainttemplates/finalizers + verbs: + - delete + - get + - patch + - update +- apiGroups: + - templates.gatekeeper.sh + resources: + - constrainttemplates/status + verbs: + - get + - patch + - update +- apiGroups: + - admissionregistration.k8s.io + resourceNames: + - gatekeeper-validating-webhook-configuration + resources: + - validatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-manager-role-role.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-manager-role-role.yaml new file mode 100755 index 000000000..73e2c5cf7 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-manager-role-role.yaml @@ -0,0 +1,32 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-role + namespace: '{{ .Release.Namespace }}' +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml new file mode 100755 index 000000000..22194d2ad --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: gatekeeper-manager-role +subjects: +- kind: ServiceAccount + name: gatekeeper-admin + namespace: '{{ .Release.Namespace }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-manager-rolebinding-rolebinding.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-manager-rolebinding-rolebinding.yaml new file mode 100755 index 000000000..4bf6087dc --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-manager-rolebinding-rolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-rolebinding + namespace: '{{ .Release.Namespace }}' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: gatekeeper-manager-role +subjects: +- kind: ServiceAccount + name: gatekeeper-admin + namespace: '{{ .Release.Namespace }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml new file mode 100755 index 000000000..ba72d918e --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml @@ -0,0 +1,61 @@ +{{- if not .Values.disableValidatingWebhook }} +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + creationTimestamp: null + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-validating-webhook-configuration +webhooks: +- clientConfig: + caBundle: Cg== + service: + name: gatekeeper-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /v1/admit + failurePolicy: Ignore + name: validation.gatekeeper.sh + namespaceSelector: + matchExpressions: + - key: admission.gatekeeper.sh/ignore + operator: DoesNotExist + rules: + - apiGroups: + - '*' + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + {{- if .Values.enableDeleteOperations }} + - DELETE + {{- end}} + resources: + - '*' + sideEffects: None + timeoutSeconds: {{ .Values.validatingWebhookTimeoutSeconds }} +- clientConfig: + caBundle: Cg== + service: + name: gatekeeper-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /v1/admitlabel + failurePolicy: Fail + name: check-ignore-label.gatekeeper.sh + rules: + - apiGroups: + - "" + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None + timeoutSeconds: {{ .Values.validatingWebhookTimeoutSeconds }} +{{- end }} diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-webhook-server-cert-secret.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-webhook-server-cert-secret.yaml new file mode 100755 index 000000000..5438a377d --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-webhook-server-cert-secret.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Secret +metadata: + annotations: +{{- toYaml .Values.secretAnnotations | trim | nindent 4 }} + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-webhook-server-cert + namespace: '{{ .Release.Namespace }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-webhook-service-service.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-webhook-service-service.yaml new file mode 100755 index 000000000..473bc4b25 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/gatekeeper-webhook-service-service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-webhook-service + namespace: '{{ .Release.Namespace }}' +spec: + ports: + - port: 443 + targetPort: 8443 + selector: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/requiredlabels.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/requiredlabels.yaml new file mode 100755 index 000000000..e93e6a0a7 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/requiredlabels.yaml @@ -0,0 +1,57 @@ +apiVersion: templates.gatekeeper.sh/v1beta1 +kind: ConstraintTemplate +metadata: + name: k8srequiredlabels +spec: + crd: + spec: + names: + kind: K8sRequiredLabels + validation: + # Schema for the `parameters` field + openAPIV3Schema: + properties: + message: + type: string + labels: + type: array + items: + type: object + properties: + key: + type: string + allowedRegex: + type: string + targets: + - target: admission.k8s.gatekeeper.sh + rego: | + package k8srequiredlabels + + get_message(parameters, _default) = msg { + not parameters.message + msg := _default + } + + get_message(parameters, _default) = msg { + msg := parameters.message + } + + violation[{"msg": msg, "details": {"missing_labels": missing}}] { + provided := {label | input.review.object.metadata.labels[label]} + required := {label | label := input.parameters.labels[_].key} + missing := required - provided + count(missing) > 0 + def_msg := sprintf("you must provide labels: %v", [missing]) + msg := get_message(input.parameters, def_msg) + } + + violation[{"msg": msg}] { + value := input.review.object.metadata.labels[key] + expected := input.parameters.labels[_] + expected.key == key + # do not match if allowedRegex is not defined, or is an empty string + expected.allowedRegex != "" + not re_match(expected.allowedRegex, value) + def_msg := sprintf("Label <%v: %v> does not satisfy allowed regex: %v", [key, value, expected.allowedRegex]) + msg := get_message(input.parameters, def_msg) + } diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/validate-install-crd.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/validate-install-crd.yaml new file mode 100755 index 000000000..875d7af02 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/templates/validate-install-crd.yaml @@ -0,0 +1,17 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "config.gatekeeper.sh/v1alpha1/Config" false -}} +# {{- set $found "status.gatekeeper.sh/v1beta1/ConstraintPodStatus" false -}} +# {{- set $found "templates.gatekeeper.sh/v1beta1/ConstraintTemplate" false -}} +# {{- set $found "status.gatekeeper.sh/v1beta1/ConstraintTemplatePodStatus" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/values.yaml b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/values.yaml new file mode 100755 index 000000000..899119fc6 --- /dev/null +++ b/released/charts/rancher-gatekeeper/rancher-gatekeeper/3.3.001/values.yaml @@ -0,0 +1,60 @@ +replicas: 3 +auditInterval: 300 +constraintViolationsLimit: 20 +auditFromCache: false +disableValidatingWebhook: false +validatingWebhookTimeoutSeconds: 3 +enableDeleteOperations: false +auditChunkSize: 0 +logLevel: INFO +emitAdmissionEvents: false +emitAuditEvents: false +image: + repository: rancher/mirrored-openpolicyagent-gatekeeper + tag: v3.3.0 + pullPolicy: IfNotPresent + pullSecrets: [] +podAnnotations: + { container.seccomp.security.alpha.kubernetes.io/manager: runtime/default } +secretAnnotations: {} +controllerManager: + priorityClassName: system-cluster-critical + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: gatekeeper.sh/operation + operator: In + values: + - webhook + topologyKey: kubernetes.io/hostname + weight: 100 + tolerations: [] + nodeSelector: { kubernetes.io/os: linux } + resources: + limits: + cpu: 1000m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi +audit: + priorityClassName: system-cluster-critical + affinity: {} + tolerations: [] + nodeSelector: { kubernetes.io/os: linux } + resources: + limits: + cpu: 1000m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi +global: + cattle: + systemDefaultRegistry: "" + kubectl: + repository: rancher/kubectl + tag: v1.20.2 diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/.helmignore b/released/charts/rancher-grafana/rancher-grafana/6.6.401/.helmignore new file mode 100755 index 000000000..8cade1318 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.vscode +.project +.idea/ +*.tmproj +OWNERS diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/Chart.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/Chart.yaml new file mode 100755 index 000000000..83ff41050 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/Chart.yaml @@ -0,0 +1,28 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-grafana +apiVersion: v2 +appVersion: 7.4.5 +description: The leading tool for querying and visualizing time series and metrics. +home: https://grafana.net +icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png +kubeVersion: ^1.8.0-0 +maintainers: +- email: zanhsieh@gmail.com + name: zanhsieh +- email: rluckie@cisco.com + name: rtluckie +- email: maor.friedman@redhat.com + name: maorfr +- email: miroslav.hadzhiev@gmail.com + name: Xtigyro +- email: mail@torstenwalter.de + name: torstenwalter +name: rancher-grafana +sources: +- https://github.com/grafana/grafana +type: application +version: 6.6.401 diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/README.md b/released/charts/rancher-grafana/rancher-grafana/6.6.401/README.md new file mode 100755 index 000000000..957f019ec --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/README.md @@ -0,0 +1,514 @@ +# Grafana Helm Chart + +* Installs the web dashboarding system [Grafana](http://grafana.org/) + +## Get Repo Info + +```console +helm repo add grafana https://grafana.github.io/helm-charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +helm install my-release grafana/grafana +``` + +## Uninstalling the Chart + +To uninstall/delete the my-release deployment: + +```console +helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Upgrading an existing Release to a new major version + +A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an +incompatible breaking change needing manual actions. + +### To 4.0.0 (And 3.12.1) + +This version requires Helm >= 2.12.0. + +### To 5.0.0 + +You have to add --force to your helm upgrade command as the labels of the chart have changed. + +### To 6.0.0 + +This version requires Helm >= 3.1.0. + +## Configuration + +| Parameter | Description | Default | +|-------------------------------------------|-----------------------------------------------|---------------------------------------------------------| +| `replicas` | Number of nodes | `1` | +| `podDisruptionBudget.minAvailable` | Pod disruption minimum available | `nil` | +| `podDisruptionBudget.maxUnavailable` | Pod disruption maximum unavailable | `nil` | +| `deploymentStrategy` | Deployment strategy | `{ "type": "RollingUpdate" }` | +| `livenessProbe` | Liveness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } "initialDelaySeconds": 60, "timeoutSeconds": 30, "failureThreshold": 10 }` | +| `readinessProbe` | Readiness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } }`| +| `securityContext` | Deployment securityContext | `{"runAsUser": 472, "runAsGroup": 472, "fsGroup": 472}` | +| `priorityClassName` | Name of Priority Class to assign pods | `nil` | +| `image.repository` | Image repository | `grafana/grafana` | +| `image.tag` | Image tag (`Must be >= 5.0.0`) | `7.4.5` | +| `image.sha` | Image sha (optional) | `2b56f6106ddc376bb46d974230d530754bf65a640dfbc5245191d72d3b49efc6` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Image pull secrets | `{}` | +| `service.type` | Kubernetes service type | `ClusterIP` | +| `service.port` | Kubernetes port where service is exposed | `80` | +| `service.portName` | Name of the port on the service | `service` | +| `service.targetPort` | Internal service is port | `3000` | +| `service.nodePort` | Kubernetes service nodePort | `nil` | +| `service.annotations` | Service annotations | `{}` | +| `service.labels` | Custom labels | `{}` | +| `service.clusterIP` | internal cluster service IP | `nil` | +| `service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `nil` | +| `service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to lb (if supported) | `[]` | +| `service.externalIPs` | service external IP addresses | `[]` | +| `extraExposePorts` | Additional service ports for sidecar containers| `[]` | +| `hostAliases` | adds rules to the pod's /etc/hosts | `[]` | +| `ingress.enabled` | Enables Ingress | `false` | +| `ingress.annotations` | Ingress annotations (values are templated) | `{}` | +| `ingress.labels` | Custom labels | `{}` | +| `ingress.path` | Ingress accepted path | `/` | +| `ingress.pathType` | Ingress type of path | `Prefix` | +| `ingress.hosts` | Ingress accepted hostnames | `["chart-example.local"]` | +| `ingress.extraPaths` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). | `[]` | +| `ingress.tls` | Ingress TLS configuration | `[]` | +| `resources` | CPU/Memory resource requests/limits | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Toleration labels for pod assignment | `[]` | +| `affinity` | Affinity settings for pod assignment | `{}` | +| `extraInitContainers` | Init containers to add to the grafana pod | `{}` | +| `extraContainers` | Sidecar containers to add to the grafana pod | `{}` | +| `extraContainerVolumes` | Volumes that can be mounted in sidecar containers | `[]` | +| `extraLabels` | Custom labels for all manifests | `{}` | +| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` | +| `persistence.enabled` | Use persistent volume to store data | `false` | +| `persistence.type` | Type of persistence (`pvc` or `statefulset`) | `pvc` | +| `persistence.size` | Size of persistent volume claim | `10Gi` | +| `persistence.existingClaim` | Use an existing PVC to persist data | `nil` | +| `persistence.storageClassName` | Type of persistent volume claim | `nil` | +| `persistence.accessModes` | Persistence access modes | `[ReadWriteOnce]` | +| `persistence.annotations` | PersistentVolumeClaim annotations | `{}` | +| `persistence.finalizers` | PersistentVolumeClaim finalizers | `[ "kubernetes.io/pvc-protection" ]` | +| `persistence.subPath` | Mount a sub dir of the persistent volume | `nil` | +| `persistence.inMemory.enabled` | If persistence is not enabled, whether to mount the local storage in-memory to improve performance | `false` | +| `persistence.inMemory.sizeLimit` | SizeLimit for the in-memory local storage | `nil` | +| `initChownData.enabled` | If false, don't reset data ownership at startup | true | +| `initChownData.image.repository` | init-chown-data container image repository | `busybox` | +| `initChownData.image.tag` | init-chown-data container image tag | `1.31.1` | +| `initChownData.image.sha` | init-chown-data container image sha (optional)| `""` | +| `initChownData.image.pullPolicy` | init-chown-data container image pull policy | `IfNotPresent` | +| `initChownData.resources` | init-chown-data pod resource requests & limits | `{}` | +| `schedulerName` | Alternate scheduler name | `nil` | +| `env` | Extra environment variables passed to pods | `{}` | +| `envValueFrom` | Environment variables from alternate sources. See the API docs on [EnvVarSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core) for format details. | `{}` | +| `envFromSecret` | Name of a Kubernetes secret (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `""` | +| `envRenderSecret` | Sensible environment variables passed to pods and stored as secret | `{}` | +| `extraSecretMounts` | Additional grafana server secret mounts | `[]` | +| `extraVolumeMounts` | Additional grafana server volume mounts | `[]` | +| `extraConfigmapMounts` | Additional grafana server configMap volume mounts | `[]` | +| `extraEmptyDirMounts` | Additional grafana server emptyDir volume mounts | `[]` | +| `plugins` | Plugins to be loaded along with Grafana | `[]` | +| `datasources` | Configure grafana datasources (passed through tpl) | `{}` | +| `notifiers` | Configure grafana notifiers | `{}` | +| `dashboardProviders` | Configure grafana dashboard providers | `{}` | +| `dashboards` | Dashboards to import | `{}` | +| `dashboardsConfigMaps` | ConfigMaps reference that contains dashboards | `{}` | +| `grafana.ini` | Grafana's primary configuration | `{}` | +| `ldap.enabled` | Enable LDAP authentication | `false` | +| `ldap.existingSecret` | The name of an existing secret containing the `ldap.toml` file, this must have the key `ldap-toml`. | `""` | +| `ldap.config` | Grafana's LDAP configuration | `""` | +| `annotations` | Deployment annotations | `{}` | +| `labels` | Deployment labels | `{}` | +| `podAnnotations` | Pod annotations | `{}` | +| `podLabels` | Pod labels | `{}` | +| `podPortName` | Name of the grafana port on the pod | `grafana` | +| `sidecar.image.repository` | Sidecar image repository | `quay.io/kiwigrid/k8s-sidecar` | +| `sidecar.image.tag` | Sidecar image tag | `1.10.7` | +| `sidecar.image.sha` | Sidecar image sha (optional) | `""` | +| `sidecar.imagePullPolicy` | Sidecar image pull policy | `IfNotPresent` | +| `sidecar.resources` | Sidecar resources | `{}` | +| `sidecar.enableUniqueFilenames` | Sets the kiwigrid/k8s-sidecar UNIQUE_FILENAMES environment variable | `false` | +| `sidecar.dashboards.enabled` | Enables the cluster wide search for dashboards and adds/updates/deletes them in grafana | `false` | +| `sidecar.dashboards.SCProvider` | Enables creation of sidecar provider | `true` | +| `sidecar.dashboards.provider.name` | Unique name of the grafana provider | `sidecarProvider` | +| `sidecar.dashboards.provider.orgid` | Id of the organisation, to which the dashboards should be added | `1` | +| `sidecar.dashboards.provider.folder` | Logical folder in which grafana groups dashboards | `""` | +| `sidecar.dashboards.provider.disableDelete` | Activate to avoid the deletion of imported dashboards | `false` | +| `sidecar.dashboards.provider.allowUiUpdates` | Allow updating provisioned dashboards from the UI | `false` | +| `sidecar.dashboards.provider.type` | Provider type | `file` | +| `sidecar.dashboards.provider.foldersFromFilesStructure` | Allow Grafana to replicate dashboard structure from filesystem. | `false` | +| `sidecar.dashboards.watchMethod` | Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. | `WATCH` | +| `sidecar.skipTlsVerify` | Set to true to skip tls verification for kube api calls | `nil` | +| `sidecar.dashboards.label` | Label that config maps with dashboards should have to be added | `grafana_dashboard` | +| `sidecar.dashboards.labelValue` | Label value that config maps with dashboards should have to be added | `nil` | +| `sidecar.dashboards.folder` | Folder in the pod that should hold the collected dashboards (unless `sidecar.dashboards.defaultFolderName` is set). This path will be mounted. | `/tmp/dashboards` | +| `sidecar.dashboards.folderAnnotation` | The annotation the sidecar will look for in configmaps to override the destination folder for files | `nil` | +| `sidecar.dashboards.defaultFolderName` | The default folder name, it will create a subfolder under the `sidecar.dashboards.folder` and put dashboards in there instead | `nil` | +| `sidecar.dashboards.searchNamespace` | If specified, the sidecar will search for dashboard config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` | +| `sidecar.datasources.enabled` | Enables the cluster wide search for datasources and adds/updates/deletes them in grafana |`false` | +| `sidecar.datasources.label` | Label that config maps with datasources should have to be added | `grafana_datasource` | +| `sidecar.datasources.labelValue` | Label value that config maps with datasources should have to be added | `nil` | +| `sidecar.datasources.searchNamespace` | If specified, the sidecar will search for datasources config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` | +| `sidecar.notifiers.enabled` | Enables the cluster wide search for notifiers and adds/updates/deletes them in grafana | `false` | +| `sidecar.notifiers.label` | Label that config maps with notifiers should have to be added | `grafana_notifier` | +| `sidecar.notifiers.searchNamespace` | If specified, the sidecar will search for notifiers config-maps (or secrets) inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` | +| `smtp.existingSecret` | The name of an existing secret containing the SMTP credentials. | `""` | +| `smtp.userKey` | The key in the existing SMTP secret containing the username. | `"user"` | +| `smtp.passwordKey` | The key in the existing SMTP secret containing the password. | `"password"` | +| `admin.existingSecret` | The name of an existing secret containing the admin credentials. | `""` | +| `admin.userKey` | The key in the existing admin secret containing the username. | `"admin-user"` | +| `admin.passwordKey` | The key in the existing admin secret containing the password. | `"admin-password"` | +| `serviceAccount.annotations` | ServiceAccount annotations | | +| `serviceAccount.create` | Create service account | `true` | +| `serviceAccount.name` | Service account name to use, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `` | +| `serviceAccount.nameTest` | Service account name to use for test, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `nil` | +| `rbac.create` | Create and use RBAC resources | `true` | +| `rbac.namespaced` | Creates Role and Rolebinding instead of the default ClusterRole and ClusteRoleBindings for the grafana instance | `false` | +| `rbac.useExistingRole` | Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to the rolename set here. | `nil` | +| `rbac.pspEnabled` | Create PodSecurityPolicy (with `rbac.create`, grant roles permissions as well) | `true` | +| `rbac.pspUseAppArmor` | Enforce AppArmor in created PodSecurityPolicy (requires `rbac.pspEnabled`) | `true` | +| `rbac.extraRoleRules` | Additional rules to add to the Role | [] | +| `rbac.extraClusterRoleRules` | Additional rules to add to the ClusterRole | [] | +| `command` | Define command to be executed by grafana container at startup | `nil` | +| `testFramework.enabled` | Whether to create test-related resources | `true` | +| `testFramework.image` | `test-framework` image repository. | `bats/bats` | +| `testFramework.tag` | `test-framework` image tag. | `v1.1.0` | +| `testFramework.imagePullPolicy` | `test-framework` image pull policy. | `IfNotPresent` | +| `testFramework.securityContext` | `test-framework` securityContext | `{}` | +| `downloadDashboards.env` | Environment variables to be passed to the `download-dashboards` container | `{}` | +| `downloadDashboards.envFromSecret` | Name of a Kubernetes secret (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `""` | +| `downloadDashboards.resources` | Resources of `download-dashboards` container | `{}` | +| `downloadDashboardsImage.repository` | Curl docker image repo | `curlimages/curl` | +| `downloadDashboardsImage.tag` | Curl docker image tag | `7.73.0` | +| `downloadDashboardsImage.sha` | Curl docker image sha (optional) | `""` | +| `downloadDashboardsImage.pullPolicy` | Curl docker image pull policy | `IfNotPresent` | +| `namespaceOverride` | Override the deployment namespace | `""` (`Release.Namespace`) | +| `serviceMonitor.enabled` | Use servicemonitor from prometheus operator | `false` | +| `serviceMonitor.namespace` | Namespace this servicemonitor is installed in | | +| `serviceMonitor.interval` | How frequently Prometheus should scrape | `1m` | +| `serviceMonitor.path` | Path to scrape | `/metrics` | +| `serviceMonitor.scheme` | Scheme to use for metrics scraping | `http` | +| `serviceMonitor.tlsConfig` | TLS configuration block for the endpoint | `{}` | +| `serviceMonitor.labels` | Labels for the servicemonitor passed to Prometheus Operator | `{}` | +| `serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `30s` | +| `serviceMonitor.relabelings` | MetricRelabelConfigs to apply to samples before ingestion. | `[]` | +| `revisionHistoryLimit` | Number of old ReplicaSets to retain | `10` | +| `imageRenderer.enabled` | Enable the image-renderer deployment & service | `false` | +| `imageRenderer.image.repository` | image-renderer Image repository | `grafana/grafana-image-renderer` | +| `imageRenderer.image.tag` | image-renderer Image tag | `latest` | +| `imageRenderer.image.sha` | image-renderer Image sha (optional) | `""` | +| `imageRenderer.image.pullPolicy` | image-renderer ImagePullPolicy | `Always` | +| `imageRenderer.env` | extra env-vars for image-renderer | `{}` | +| `imageRenderer.serviceAccountName` | image-renderer deployment serviceAccountName | `""` | +| `imageRenderer.securityContext` | image-renderer deployment securityContext | `{}` | +| `imageRenderer.hostAliases` | image-renderer deployment Host Aliases | `[]` | +| `imageRenderer.priorityClassName` | image-renderer deployment priority class | `''` | +| `imageRenderer.service.portName` | image-renderer service port name | `'http'` | +| `imageRenderer.service.port` | image-renderer service port used by both service and deployment | `8081` | +| `imageRenderer.grafanaSubPath` | Grafana sub path to use for image renderer callback url | `''` | +| `imageRenderer.podPortName` | name of the image-renderer port on the pod | `http` | +| `imageRenderer.revisionHistoryLimit` | number of image-renderer replica sets to keep | `10` | +| `imageRenderer.networkPolicy.limitIngress` | Enable a NetworkPolicy to limit inbound traffic from only the created grafana pods | `true` | +| `imageRenderer.networkPolicy.limitEgress` | Enable a NetworkPolicy to limit outbound traffic to only the created grafana pods | `false` | +| `imageRenderer.resources` | Set resource limits for image-renderer pdos | `{}` | + +### Example ingress with path + +With grafana 6.3 and above +```yaml +grafana.ini: + server: + domain: monitoring.example.com + root_url: "%(protocol)s://%(domain)s/grafana" + serve_from_sub_path: true +ingress: + enabled: true + hosts: + - "monitoring.example.com" + path: "/grafana" +``` + +### Example of extraVolumeMounts + +```yaml +- extraVolumeMounts: + - name: plugins + mountPath: /var/lib/grafana/plugins + subPath: configs/grafana/plugins + existingClaim: existing-grafana-claim + readOnly: false +``` + +## Import dashboards + +There are a few methods to import dashboards to Grafana. Below are some examples and explanations as to how to use each method: + +```yaml +dashboards: + default: + some-dashboard: + json: | + { + "annotations": + + ... + # Complete json file here + ... + + "title": "Some Dashboard", + "uid": "abcd1234", + "version": 1 + } + custom-dashboard: + # This is a path to a file inside the dashboards directory inside the chart directory + file: dashboards/custom-dashboard.json + prometheus-stats: + # Ref: https://grafana.com/dashboards/2 + gnetId: 2 + revision: 2 + datasource: Prometheus + local-dashboard: + url: https://raw.githubusercontent.com/user/repository/master/dashboards/dashboard.json +``` + +## BASE64 dashboards + +Dashboards could be stored on a server that does not return JSON directly and instead of it returns a Base64 encoded file (e.g. Gerrit) +A new parameter has been added to the url use case so if you specify a b64content value equals to true after the url entry a Base64 decoding is applied before save the file to disk. +If this entry is not set or is equals to false not decoding is applied to the file before saving it to disk. + +### Gerrit use case + +Gerrit API for download files has the following schema: where {project-name} and +{file-id} usually has '/' in their values and so they MUST be replaced by %2F so if project-name is user/repo, branch-id is master and file-id is equals to dir1/dir2/dashboard +the url value is + +## Sidecar for dashboards + +If the parameter `sidecar.dashboards.enabled` is set, a sidecar container is deployed in the grafana +pod. This container watches all configmaps (or secrets) in the cluster and filters out the ones with +a label as defined in `sidecar.dashboards.label`. The files defined in those configmaps are written +to a folder and accessed by grafana. Changes to the configmaps are monitored and the imported +dashboards are deleted/updated. + +A recommendation is to use one configmap per dashboard, as a reduction of multiple dashboards inside +one configmap is currently not properly mirrored in grafana. + +Example dashboard config: + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: sample-grafana-dashboard + labels: + grafana_dashboard: "1" +data: + k8s-dashboard.json: |- + [...] +``` + +## Sidecar for datasources + +If the parameter `sidecar.datasources.enabled` is set, an init container is deployed in the grafana +pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and +filters out the ones with a label as defined in `sidecar.datasources.label`. The files defined in +those secrets are written to a folder and accessed by grafana on startup. Using these yaml files, +the data sources in grafana can be imported. + +Secrets are recommended over configmaps for this usecase because datasources usually contain private +data like usernames and passwords. Secrets are the more appropriate cluster resource to manage those. + +Example values to add a datasource adapted from [Grafana](http://docs.grafana.org/administration/provisioning/#example-datasource-config-file): + +```yaml +datasources: + datasources.yaml: + apiVersion: 1 + datasources: + # name of the datasource. Required + - name: Graphite + # datasource type. Required + type: graphite + # access mode. proxy or direct (Server or Browser in the UI). Required + access: proxy + # org id. will default to orgId 1 if not specified + orgId: 1 + # url + url: http://localhost:8080 + # database password, if used + password: + # database user, if used + user: + # database name, if used + database: + # enable/disable basic auth + basicAuth: + # basic auth username + basicAuthUser: + # basic auth password + basicAuthPassword: + # enable/disable with credentials headers + withCredentials: + # mark as default datasource. Max one per org + isDefault: + # fields that will be converted to json and stored in json_data + jsonData: + graphiteVersion: "1.1" + tlsAuth: true + tlsAuthWithCACert: true + # json object of data that will be encrypted. + secureJsonData: + tlsCACert: "..." + tlsClientCert: "..." + tlsClientKey: "..." + version: 1 + # allow users to edit datasources from the UI. + editable: false +``` + +## Sidecar for notifiers + +If the parameter `sidecar.notifiers.enabled` is set, an init container is deployed in the grafana +pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and +filters out the ones with a label as defined in `sidecar.notifiers.label`. The files defined in +those secrets are written to a folder and accessed by grafana on startup. Using these yaml files, +the notification channels in grafana can be imported. The secrets must be created before +`helm install` so that the notifiers init container can list the secrets. + +Secrets are recommended over configmaps for this usecase because alert notification channels usually contain +private data like SMTP usernames and passwords. Secrets are the more appropriate cluster resource to manage those. + +Example datasource config adapted from [Grafana](https://grafana.com/docs/grafana/latest/administration/provisioning/#alert-notification-channels): + +```yaml +notifiers: + - name: notification-channel-1 + type: slack + uid: notifier1 + # either + org_id: 2 + # or + org_name: Main Org. + is_default: true + send_reminder: true + frequency: 1h + disable_resolve_message: false + # See `Supported Settings` section for settings supporter for each + # alert notification type. + settings: + recipient: 'XXX' + token: 'xoxb' + uploadImage: true + url: https://slack.com + +delete_notifiers: + - name: notification-channel-1 + uid: notifier1 + org_id: 2 + - name: notification-channel-2 + # default org_id: 1 +``` + +## How to serve Grafana with a path prefix (/grafana) + +In order to serve Grafana with a prefix (e.g., ), add the following to your values.yaml. + +```yaml +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.ingress.kubernetes.io/rewrite-target: /$1 + nginx.ingress.kubernetes.io/use-regex: "true" + + path: /grafana/?(.*) + hosts: + - k8s.example.dev + +grafana.ini: + server: + root_url: http://localhost:3000/grafana # this host can be localhost +``` + +## How to securely reference secrets in grafana.ini + +This example uses Grafana uses [file providers](https://grafana.com/docs/grafana/latest/administration/configuration/#file-provider) for secret values and the `extraSecretMounts` configuration flag (Additional grafana server secret mounts) to mount the secrets. + +In grafana.ini: + +```yaml +grafana.ini: + [auth.generic_oauth] + enabled = true + client_id = $__file{/etc/secrets/auth_generic_oauth/client_id} + client_secret = $__file{/etc/secrets/auth_generic_oauth/client_secret} +``` + +Existing secret, or created along with helm: + +```yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: auth-generic-oauth-secret +type: Opaque +stringData: + client_id: + client_secret: +``` + +Include in the `extraSecretMounts` configuration flag: + +```yaml +- extraSecretMounts: + - name: auth-generic-oauth-secret-mount + secretName: auth-generic-oauth-secret + defaultMode: 0440 + mountPath: /etc/secrets/auth_generic_oauth + readOnly: true +``` + +### extraSecretMounts using a Container Storage Interface (CSI) provider + +This example uses a CSI driver e.g. retrieving secrets using [Azure Key Vault Provider](https://github.com/Azure/secrets-store-csi-driver-provider-azure) + +```yaml +- extraSecretMounts: + - name: secrets-store-inline + mountPath: /run/secrets + readOnly: true + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: "my-provider" + nodePublishSecretRef: + name: akv-creds +``` + +## Image Renderer Plug-In + +This chart supports enabling [remote image rendering](https://github.com/grafana/grafana-image-renderer/blob/master/docs/remote_rendering_using_docker.md) + +```yaml +imageRenderer: + enabled: true +``` + +### Image Renderer NetworkPolicy + +By default the image-renderer pods will have a network policy which only allows ingress traffic from the created grafana instance diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/dashboards/custom-dashboard.json b/released/charts/rancher-grafana/rancher-grafana/6.6.401/dashboards/custom-dashboard.json new file mode 100755 index 000000000..9e26dfeeb --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/dashboards/custom-dashboard.json @@ -0,0 +1 @@ +{} \ No newline at end of file diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/NOTES.txt b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/NOTES.txt new file mode 100755 index 000000000..1fc8436d9 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/NOTES.txt @@ -0,0 +1,54 @@ +1. Get your '{{ .Values.adminUser }}' user password by running: + + kubectl get secret --namespace {{ template "grafana.namespace" . }} {{ template "grafana.fullname" . }} -o jsonpath="{.data.admin-password}" | base64 --decode ; echo + +2. The Grafana server can be accessed via port {{ .Values.service.port }} on the following DNS name from within your cluster: + + {{ template "grafana.fullname" . }}.{{ template "grafana.namespace" . }}.svc.cluster.local +{{ if .Values.ingress.enabled }} + If you bind grafana to 80, please update values in values.yaml and reinstall: + ``` + securityContext: + runAsUser: 0 + runAsGroup: 0 + fsGroup: 0 + + command: + - "setcap" + - "'cap_net_bind_service=+ep'" + - "/usr/sbin/grafana-server &&" + - "sh" + - "/run.sh" + ``` + Details refer to https://grafana.com/docs/installation/configuration/#http-port. + Or grafana would always crash. + + From outside the cluster, the server URL(s) are: +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{ else }} + Get the Grafana URL to visit by running these commands in the same shell: +{{ if contains "NodePort" .Values.service.type -}} + export NODE_PORT=$(kubectl get --namespace {{ template "grafana.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "grafana.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ template "grafana.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{ else if contains "LoadBalancer" .Values.service.type -}} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc --namespace {{ template "grafana.namespace" . }} -w {{ template "grafana.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ template "grafana.namespace" . }} {{ template "grafana.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + http://$SERVICE_IP:{{ .Values.service.port -}} +{{ else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ template "grafana.namespace" . }} -l "app.kubernetes.io/name={{ template "grafana.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + kubectl --namespace {{ template "grafana.namespace" . }} port-forward $POD_NAME 3000 +{{- end }} +{{- end }} + +3. Login with the password from step 1 and the username: {{ .Values.adminUser }} + +{{- if not .Values.persistence.enabled }} +################################################################################# +###### WARNING: Persistence is disabled!!! You will lose your data when ##### +###### the Grafana pod is terminated. ##### +################################################################################# +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/_helpers.tpl b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/_helpers.tpl new file mode 100755 index 000000000..76ad78876 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/_helpers.tpl @@ -0,0 +1,145 @@ +# Rancher +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "grafana.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "grafana.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "grafana.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account +*/}} +{{- define "grafana.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "grafana.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{- define "grafana.serviceAccountNameTest" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (print (include "grafana.fullname" .) "-test") .Values.serviceAccount.nameTest }} +{{- else -}} + {{ default "default" .Values.serviceAccount.nameTest }} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts +*/}} +{{- define "grafana.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "grafana.labels" -}} +helm.sh/chart: {{ include "grafana.chart" . }} +{{ include "grafana.selectorLabels" . }} +{{- if or .Chart.AppVersion .Values.image.tag }} +app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if .Values.extraLabels }} +{{ toYaml .Values.extraLabels }} +{{- end }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "grafana.selectorLabels" -}} +app.kubernetes.io/name: {{ include "grafana.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "grafana.imageRenderer.labels" -}} +helm.sh/chart: {{ include "grafana.chart" . }} +{{ include "grafana.imageRenderer.selectorLabels" . }} +{{- if or .Chart.AppVersion .Values.image.tag }} +app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels ImageRenderer +*/}} +{{- define "grafana.imageRenderer.selectorLabels" -}} +app.kubernetes.io/name: {{ include "grafana.name" . }}-image-renderer +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Return the appropriate apiVersion for rbac. +*/}} +{{- define "rbac.apiVersion" -}} +{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" }} +{{- print "rbac.authorization.k8s.io/v1" -}} +{{- else -}} +{{- print "rbac.authorization.k8s.io/v1beta1" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/_pod.tpl b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/_pod.tpl new file mode 100755 index 000000000..2ba9f115c --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/_pod.tpl @@ -0,0 +1,496 @@ +{{- define "grafana.pod" -}} +{{- if .Values.schedulerName }} +schedulerName: "{{ .Values.schedulerName }}" +{{- end }} +serviceAccountName: {{ template "grafana.serviceAccountName" . }} +{{- if .Values.securityContext }} +securityContext: +{{ toYaml .Values.securityContext | indent 2 }} +{{- end }} +{{- if .Values.hostAliases }} +hostAliases: +{{ toYaml .Values.hostAliases | indent 2 }} +{{- end }} +{{- if .Values.priorityClassName }} +priorityClassName: {{ .Values.priorityClassName }} +{{- end }} +{{- if ( or .Values.persistence.enabled .Values.dashboards .Values.sidecar.datasources.enabled .Values.sidecar.notifiers.enabled .Values.extraInitContainers) }} +initContainers: +{{- end }} +{{- if ( and .Values.persistence.enabled .Values.initChownData.enabled ) }} + - name: init-chown-data + {{- if .Values.initChownData.image.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.initChownData.image.repository }}:{{ .Values.initChownData.image.tag }}@sha256:{{ .Values.initChownData.image.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.initChownData.image.repository }}:{{ .Values.initChownData.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.initChownData.image.pullPolicy }} + securityContext: + runAsNonRoot: false + runAsUser: 0 + command: ["chown", "-R", "{{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.runAsGroup }}", "/var/lib/grafana"] + resources: +{{ toYaml .Values.initChownData.resources | indent 6 }} + volumeMounts: + - name: storage + mountPath: "/var/lib/grafana" +{{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} +{{- end }} +{{- end }} +{{- if .Values.dashboards }} + - name: download-dashboards + {{- if .Values.downloadDashboardsImage.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}@sha256:{{ .Values.downloadDashboardsImage.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.downloadDashboardsImage.pullPolicy }} + command: ["/bin/sh"] + args: [ "-c", "mkdir -p /var/lib/grafana/dashboards/default && /bin/sh /etc/grafana/download_dashboards.sh" ] + resources: +{{ toYaml .Values.downloadDashboards.resources | indent 6 }} + env: +{{- range $key, $value := .Values.downloadDashboards.env }} + - name: "{{ $key }}" + value: "{{ $value }}" +{{- end }} +{{- if .Values.downloadDashboards.envFromSecret }} + envFrom: + - secretRef: + name: {{ tpl .Values.downloadDashboards.envFromSecret . }} +{{- end }} + volumeMounts: + - name: config + mountPath: "/etc/grafana/download_dashboards.sh" + subPath: download_dashboards.sh + - name: storage + mountPath: "/var/lib/grafana" +{{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} +{{- end }} + {{- range .Values.extraSecretMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + readOnly: {{ .readOnly }} + {{- end }} +{{- end }} +{{- if .Values.sidecar.datasources.enabled }} + - name: {{ template "grafana.name" . }}-sc-datasources + {{- if .Values.sidecar.image.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} + {{- if .Values.sidecar.datasources.envFromSecret }} + envFrom: + - secretRef: + name: {{ tpl .Values.sidecar.datasources.envFromSecret . }} + {{- end }} + env: + - name: METHOD + value: LIST + - name: LABEL + value: "{{ .Values.sidecar.datasources.label }}" + {{- if .Values.sidecar.datasources.labelValue }} + - name: LABEL_VALUE + value: {{ quote .Values.sidecar.datasources.labelValue }} + {{- end }} + - name: FOLDER + value: "/etc/grafana/provisioning/datasources" + - name: RESOURCE + value: "both" + {{- if .Values.sidecar.enableUniqueFilenames }} + - name: UNIQUE_FILENAMES + value: "{{ .Values.sidecar.enableUniqueFilenames }}" + {{- end }} + {{- if .Values.sidecar.datasources.searchNamespace }} + - name: NAMESPACE + value: "{{ .Values.sidecar.datasources.searchNamespace }}" + {{- end }} + {{- if .Values.sidecar.skipTlsVerify }} + - name: SKIP_TLS_VERIFY + value: "{{ .Values.sidecar.skipTlsVerify }}" + {{- end }} + resources: +{{ toYaml .Values.sidecar.resources | indent 6 }} + volumeMounts: + - name: sc-datasources-volume + mountPath: "/etc/grafana/provisioning/datasources" +{{- end}} +{{- if .Values.sidecar.notifiers.enabled }} + - name: {{ template "grafana.name" . }}-sc-notifiers + {{- if .Values.sidecar.image.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} + env: + - name: METHOD + value: LIST + - name: LABEL + value: "{{ .Values.sidecar.notifiers.label }}" + - name: FOLDER + value: "/etc/grafana/provisioning/notifiers" + - name: RESOURCE + value: "both" + {{- if .Values.sidecar.enableUniqueFilenames }} + - name: UNIQUE_FILENAMES + value: "{{ .Values.sidecar.enableUniqueFilenames }}" + {{- end }} + {{- if .Values.sidecar.notifiers.searchNamespace }} + - name: NAMESPACE + value: "{{ .Values.sidecar.notifiers.searchNamespace }}" + {{- end }} + {{- if .Values.sidecar.skipTlsVerify }} + - name: SKIP_TLS_VERIFY + value: "{{ .Values.sidecar.skipTlsVerify }}" + {{- end }} + resources: +{{ toYaml .Values.sidecar.resources | indent 6 }} + volumeMounts: + - name: sc-notifiers-volume + mountPath: "/etc/grafana/provisioning/notifiers" +{{- end}} +{{- if .Values.extraInitContainers }} +{{ toYaml .Values.extraInitContainers | indent 2 }} +{{- end }} +{{- if .Values.image.pullSecrets }} +imagePullSecrets: +{{- range .Values.image.pullSecrets }} + - name: {{ . }} +{{- end}} +{{- end }} +containers: +{{- if .Values.sidecar.dashboards.enabled }} + - name: {{ template "grafana.name" . }}-sc-dashboard + {{- if .Values.sidecar.image.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} + env: + - name: METHOD + value: {{ .Values.sidecar.dashboards.watchMethod }} + - name: LABEL + value: "{{ .Values.sidecar.dashboards.label }}" + {{- if .Values.sidecar.dashboards.labelValue }} + - name: LABEL_VALUE + value: {{ quote .Values.sidecar.dashboards.labelValue }} + {{- end }} + - name: FOLDER + value: "{{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }}" + - name: RESOURCE + value: "both" + {{- if .Values.sidecar.enableUniqueFilenames }} + - name: UNIQUE_FILENAMES + value: "{{ .Values.sidecar.enableUniqueFilenames }}" + {{- end }} + {{- if .Values.sidecar.dashboards.searchNamespace }} + - name: NAMESPACE + value: "{{ .Values.sidecar.dashboards.searchNamespace }}" + {{- end }} + {{- if .Values.sidecar.skipTlsVerify }} + - name: SKIP_TLS_VERIFY + value: "{{ .Values.sidecar.skipTlsVerify }}" + {{- end }} + {{- if .Values.sidecar.dashboards.folderAnnotation }} + - name: FOLDER_ANNOTATION + value: "{{ .Values.sidecar.dashboards.folderAnnotation }}" + {{- end }} + resources: +{{ toYaml .Values.sidecar.resources | indent 6 }} + volumeMounts: + - name: sc-dashboard-volume + mountPath: {{ .Values.sidecar.dashboards.folder | quote }} +{{- end}} + - name: {{ .Chart.Name }} + {{- if .Values.image.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}@sha256:{{ .Values.image.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.command }} + command: + {{- range .Values.command }} + - {{ . }} + {{- end }} + {{- end}} +{{- if .Values.containerSecurityContext }} + securityContext: +{{- toYaml .Values.containerSecurityContext | nindent 6 }} +{{- end }} + volumeMounts: + - name: config + mountPath: "/etc/grafana/grafana.ini" + subPath: grafana.ini + {{- if .Values.ldap.enabled }} + - name: ldap + mountPath: "/etc/grafana/ldap.toml" + subPath: ldap.toml + {{- end }} + {{- range .Values.extraConfigmapMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath | default "" }} + readOnly: {{ .readOnly }} + {{- end }} + - name: storage + mountPath: "/var/lib/grafana" +{{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} +{{- end }} +{{- if .Values.dashboards }} +{{- range $provider, $dashboards := .Values.dashboards }} +{{- range $key, $value := $dashboards }} +{{- if (or (hasKey $value "json") (hasKey $value "file")) }} + - name: dashboards-{{ $provider }} + mountPath: "/var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json" + subPath: "{{ $key }}.json" +{{- end }} +{{- end }} +{{- end }} +{{- end -}} +{{- if .Values.dashboardsConfigMaps }} +{{- range (keys .Values.dashboardsConfigMaps | sortAlpha) }} + - name: dashboards-{{ . }} + mountPath: "/var/lib/grafana/dashboards/{{ . }}" +{{- end }} +{{- end }} +{{- if .Values.datasources }} + - name: config + mountPath: "/etc/grafana/provisioning/datasources/datasources.yaml" + subPath: datasources.yaml +{{- end }} +{{- if .Values.notifiers }} + - name: config + mountPath: "/etc/grafana/provisioning/notifiers/notifiers.yaml" + subPath: notifiers.yaml +{{- end }} +{{- if .Values.dashboardProviders }} + - name: config + mountPath: "/etc/grafana/provisioning/dashboards/dashboardproviders.yaml" + subPath: dashboardproviders.yaml +{{- end }} +{{- if .Values.sidecar.dashboards.enabled }} + - name: sc-dashboard-volume + mountPath: {{ .Values.sidecar.dashboards.folder | quote }} +{{ if .Values.sidecar.dashboards.SCProvider }} + - name: sc-dashboard-provider + mountPath: "/etc/grafana/provisioning/dashboards/sc-dashboardproviders.yaml" + subPath: provider.yaml +{{- end}} +{{- end}} +{{- if .Values.sidecar.datasources.enabled }} + - name: sc-datasources-volume + mountPath: "/etc/grafana/provisioning/datasources" +{{- end}} +{{- if .Values.sidecar.notifiers.enabled }} + - name: sc-notifiers-volume + mountPath: "/etc/grafana/provisioning/notifiers" +{{- end}} + {{- range .Values.extraSecretMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + readOnly: {{ .readOnly }} + subPath: {{ .subPath | default "" }} + {{- end }} + {{- range .Values.extraVolumeMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath | default "" }} + readOnly: {{ .readOnly }} + {{- end }} + {{- range .Values.extraEmptyDirMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + {{- end }} + ports: + - name: {{ .Values.service.portName }} + containerPort: {{ .Values.service.targetPort }} + protocol: TCP + - name: {{ .Values.podPortName }} + containerPort: 3000 + protocol: TCP + env: + {{- if not .Values.env.GF_SECURITY_ADMIN_USER }} + - name: GF_SECURITY_ADMIN_USER + valueFrom: + secretKeyRef: + name: {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }} + key: {{ .Values.admin.userKey | default "admin-user" }} + {{- end }} + {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) }} + - name: GF_SECURITY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }} + key: {{ .Values.admin.passwordKey | default "admin-password" }} + {{- end }} + {{- if .Values.plugins }} + - name: GF_INSTALL_PLUGINS + valueFrom: + configMapKeyRef: + name: {{ template "grafana.fullname" . }} + key: plugins + {{- end }} + {{- if .Values.smtp.existingSecret }} + - name: GF_SMTP_USER + valueFrom: + secretKeyRef: + name: {{ .Values.smtp.existingSecret }} + key: {{ .Values.smtp.userKey | default "user" }} + - name: GF_SMTP_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.smtp.existingSecret }} + key: {{ .Values.smtp.passwordKey | default "password" }} + {{- end }} + {{ if .Values.imageRenderer.enabled }} + - name: GF_RENDERING_SERVER_URL + value: http://{{ template "grafana.fullname" . }}-image-renderer.{{ template "grafana.namespace" . }}:{{ .Values.imageRenderer.service.port }}/render + - name: GF_RENDERING_CALLBACK_URL + value: http://{{ template "grafana.fullname" . }}.{{ template "grafana.namespace" . }}:{{ .Values.service.port }}/{{ .Values.imageRenderer.grafanaSubPath }} + {{ end }} + {{- range $key, $value := .Values.envValueFrom }} + - name: {{ $key | quote }} + valueFrom: +{{ toYaml $value | indent 10 }} + {{- end }} +{{- range $key, $value := .Values.env }} + - name: "{{ tpl $key $ }}" + value: "{{ tpl (print $value) $ }}" +{{- end }} + {{- if .Values.envFromSecret }} + envFrom: + - secretRef: + name: {{ tpl .Values.envFromSecret . }} + {{- end }} + {{- if .Values.envRenderSecret }} + envFrom: + - secretRef: + name: {{ template "grafana.fullname" . }}-env + {{- end }} + livenessProbe: +{{ toYaml .Values.livenessProbe | indent 6 }} + readinessProbe: +{{ toYaml .Values.readinessProbe | indent 6 }} + resources: +{{ toYaml .Values.resources | indent 6 }} +{{- with .Values.extraContainers }} +{{ tpl . $ | indent 2 }} +{{- end }} +nodeSelector: {{ include "linux-node-selector" . | nindent 2 }} +{{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 2 }} +{{- end }} +{{- with .Values.affinity }} +affinity: +{{ toYaml . | indent 2 }} +{{- end }} +tolerations: {{ include "linux-node-tolerations" . | nindent 2 }} +{{- if .Values.tolerations }} +{{ toYaml .Values.tolerations | indent 2 }} +{{- end }} +volumes: + - name: config + configMap: + name: {{ template "grafana.fullname" . }} +{{- range .Values.extraConfigmapMounts }} + - name: {{ .name }} + configMap: + name: {{ .configMap }} +{{- end }} + {{- if .Values.dashboards }} + {{- range (keys .Values.dashboards | sortAlpha) }} + - name: dashboards-{{ . }} + configMap: + name: {{ template "grafana.fullname" $ }}-dashboards-{{ . }} + {{- end }} + {{- end }} + {{- if .Values.dashboardsConfigMaps }} + {{ $root := . }} + {{- range $provider, $name := .Values.dashboardsConfigMaps }} + - name: dashboards-{{ $provider }} + configMap: + name: {{ tpl $name $root }} + {{- end }} + {{- end }} + {{- if .Values.ldap.enabled }} + - name: ldap + secret: + {{- if .Values.ldap.existingSecret }} + secretName: {{ .Values.ldap.existingSecret }} + {{- else }} + secretName: {{ template "grafana.fullname" . }} + {{- end }} + items: + - key: ldap-toml + path: ldap.toml + {{- end }} +{{- if and .Values.persistence.enabled (eq .Values.persistence.type "pvc") }} + - name: storage + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim | default (include "grafana.fullname" .) }} +{{- else if and .Values.persistence.enabled (eq .Values.persistence.type "statefulset") }} +# nothing +{{- else }} + - name: storage +{{- if .Values.persistence.inMemory.enabled }} + emptyDir: + medium: Memory +{{- if .Values.persistence.inMemory.sizeLimit }} + sizeLimit: {{ .Values.persistence.inMemory.sizeLimit }} +{{- end -}} +{{- else }} + emptyDir: {} +{{- end -}} +{{- end -}} +{{- if .Values.sidecar.dashboards.enabled }} + - name: sc-dashboard-volume + emptyDir: {} +{{- if .Values.sidecar.dashboards.SCProvider }} + - name: sc-dashboard-provider + configMap: + name: {{ template "grafana.fullname" . }}-config-dashboards +{{- end }} +{{- end }} +{{- if .Values.sidecar.datasources.enabled }} + - name: sc-datasources-volume + emptyDir: {} +{{- end -}} +{{- if .Values.sidecar.notifiers.enabled }} + - name: sc-notifiers-volume + emptyDir: {} +{{- end -}} +{{- range .Values.extraSecretMounts }} +{{- if .secretName }} + - name: {{ .name }} + secret: + secretName: {{ .secretName }} + defaultMode: {{ .defaultMode }} +{{- else if .projected }} + - name: {{ .name }} + projected: {{- toYaml .projected | nindent 6 }} +{{- else if .csi }} + - name: {{ .name }} + csi: {{- toYaml .csi | nindent 6 }} +{{- end }} +{{- end }} +{{- range .Values.extraVolumeMounts }} + - name: {{ .name }} + persistentVolumeClaim: + claimName: {{ .existingClaim }} +{{- end }} +{{- range .Values.extraEmptyDirMounts }} + - name: {{ .name }} + emptyDir: {} +{{- end -}} +{{- if .Values.extraContainerVolumes }} +{{ toYaml .Values.extraContainerVolumes | indent 2 }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/clusterrole.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/clusterrole.yaml new file mode 100755 index 000000000..f09e06563 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/clusterrole.yaml @@ -0,0 +1,25 @@ +{{- if and .Values.rbac.create (not .Values.rbac.namespaced) (not .Values.rbac.useExistingRole) }} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + name: {{ template "grafana.fullname" . }}-clusterrole +{{- if or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled .Values.rbac.extraClusterRoleRules) }} +rules: +{{- if or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled }} +- apiGroups: [""] # "" indicates the core API group + resources: ["configmaps", "secrets"] + verbs: ["get", "watch", "list"] +{{- end}} +{{- with .Values.rbac.extraClusterRoleRules }} +{{ toYaml . | indent 0 }} +{{- end}} +{{- else }} +rules: [] +{{- end}} +{{- end}} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/clusterrolebinding.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..4accbfac0 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/clusterrolebinding.yaml @@ -0,0 +1,24 @@ +{{- if and .Values.rbac.create (not .Values.rbac.namespaced) }} +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "grafana.fullname" . }}-clusterrolebinding + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +subjects: + - kind: ServiceAccount + name: {{ template "grafana.serviceAccountName" . }} + namespace: {{ template "grafana.namespace" . }} +roleRef: + kind: ClusterRole +{{- if (not .Values.rbac.useExistingRole) }} + name: {{ template "grafana.fullname" . }}-clusterrole +{{- else }} + name: {{ .Values.rbac.useExistingRole }} +{{- end }} + apiGroup: rbac.authorization.k8s.io +{{- end -}} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/configmap-dashboard-provider.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/configmap-dashboard-provider.yaml new file mode 100755 index 000000000..65d73858e --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/configmap-dashboard-provider.yaml @@ -0,0 +1,29 @@ +{{- if .Values.sidecar.dashboards.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + name: {{ template "grafana.fullname" . }}-config-dashboards + namespace: {{ template "grafana.namespace" . }} +data: + provider.yaml: |- + apiVersion: 1 + providers: + - name: '{{ .Values.sidecar.dashboards.provider.name }}' + orgId: {{ .Values.sidecar.dashboards.provider.orgid }} + {{- if not .Values.sidecar.dashboards.provider.foldersFromFilesStructure }} + folder: '{{ .Values.sidecar.dashboards.provider.folder }}' + {{- end}} + type: {{ .Values.sidecar.dashboards.provider.type }} + disableDeletion: {{ .Values.sidecar.dashboards.provider.disableDelete }} + allowUiUpdates: {{ .Values.sidecar.dashboards.provider.allowUiUpdates }} + updateIntervalSeconds: {{ .Values.sidecar.dashboards.provider.updateIntervalSeconds | default 30 }} + options: + foldersFromFilesStructure: {{ .Values.sidecar.dashboards.provider.foldersFromFilesStructure }} + path: {{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }} +{{- end}} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/configmap.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/configmap.yaml new file mode 100755 index 000000000..de32b7ab2 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/configmap.yaml @@ -0,0 +1,80 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +data: +{{- if .Values.plugins }} + plugins: {{ join "," .Values.plugins }} +{{- end }} + grafana.ini: | +{{- range $key, $value := index .Values "grafana.ini" }} + [{{ $key }}] + {{- range $elem, $elemVal := $value }} + {{- if kindIs "invalid" $elemVal }} + {{ $elem }} = + {{- else }} + {{ $elem }} = {{ tpl (toYaml $elemVal) $ }} + {{- end }} + {{- end }} +{{- end }} + +{{- if .Values.datasources }} +{{ $root := . }} + {{- range $key, $value := .Values.datasources }} + {{ $key }}: | +{{ tpl (toYaml $value | indent 4) $root }} + {{- end -}} +{{- end -}} + +{{- if .Values.notifiers }} + {{- range $key, $value := .Values.notifiers }} + {{ $key }}: | +{{ toYaml $value | indent 4 }} + {{- end -}} +{{- end -}} + +{{- if .Values.dashboardProviders }} + {{- range $key, $value := .Values.dashboardProviders }} + {{ $key }}: | +{{ toYaml $value | indent 4 }} + {{- end -}} +{{- end -}} + +{{- if .Values.dashboards }} + download_dashboards.sh: | + #!/usr/bin/env sh + set -euf + {{- if .Values.dashboardProviders }} + {{- range $key, $value := .Values.dashboardProviders }} + {{- range $value.providers }} + mkdir -p {{ .options.path }} + {{- end }} + {{- end }} + {{- end }} + + {{- range $provider, $dashboards := .Values.dashboards }} + {{- range $key, $value := $dashboards }} + {{- if (or (hasKey $value "gnetId") (hasKey $value "url")) }} + curl -skf \ + --connect-timeout 60 \ + --max-time 60 \ + {{- if not $value.b64content }} + -H "Accept: application/json" \ + {{- if $value.token }} + -H "Authorization: token {{ $value.token }}" \ + {{- end }} + -H "Content-Type: application/json;charset=UTF-8" \ + {{ end }} + {{- if $value.url -}}"{{ $value.url }}"{{- else -}}"https://grafana.com/api/dashboards/{{ $value.gnetId }}/revisions/{{- if $value.revision -}}{{ $value.revision }}{{- else -}}1{{- end -}}/download"{{- end -}}{{ if $value.datasource }} | sed '/-- .* --/! s/"datasource":.*,/"datasource": "{{ $value.datasource }}",/g'{{ end }}{{- if $value.b64content -}} | base64 -d {{- end -}} \ + > "/var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json" + {{- end -}} + {{- end }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/dashboards-json-configmap.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/dashboards-json-configmap.yaml new file mode 100755 index 000000000..59e0be641 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/dashboards-json-configmap.yaml @@ -0,0 +1,35 @@ +{{- if .Values.dashboards }} +{{ $files := .Files }} +{{- range $provider, $dashboards := .Values.dashboards }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "grafana.fullname" $ }}-dashboards-{{ $provider }} + namespace: {{ template "grafana.namespace" $ }} + labels: + {{- include "grafana.labels" $ | nindent 4 }} + dashboard-provider: {{ $provider }} +{{- if $dashboards }} +data: +{{- $dashboardFound := false }} +{{- range $key, $value := $dashboards }} +{{- if (or (hasKey $value "json") (hasKey $value "file")) }} +{{- $dashboardFound = true }} +{{ print $key | indent 2 }}.json: +{{- if hasKey $value "json" }} + |- +{{ $value.json | indent 6 }} +{{- end }} +{{- if hasKey $value "file" }} +{{ toYaml ( $files.Get $value.file ) | indent 4}} +{{- end }} +{{- end }} +{{- end }} +{{- if not $dashboardFound }} + {} +{{- end }} +{{- end }} +--- +{{- end }} + +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/deployment.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/deployment.yaml new file mode 100755 index 000000000..4d77794cd --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/deployment.yaml @@ -0,0 +1,48 @@ +{{ if (or (not .Values.persistence.enabled) (eq .Values.persistence.type "pvc")) }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- if .Values.labels }} +{{ toYaml .Values.labels | indent 4 }} +{{- end }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + replicas: {{ .Values.replicas }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 6 }} +{{- with .Values.deploymentStrategy }} + strategy: +{{ toYaml . | trim | indent 4 }} +{{- end }} + template: + metadata: + labels: + {{- include "grafana.selectorLabels" . | nindent 8 }} +{{- with .Values.podLabels }} +{{ toYaml . | indent 8 }} +{{- end }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }} + checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }} +{{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }} + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} +{{- end }} +{{- if .Values.envRenderSecret }} + checksum/secret-env: {{ include (print $.Template.BasePath "/secret-env.yaml") . | sha256sum }} +{{- end }} +{{- with .Values.podAnnotations }} +{{ toYaml . | indent 8 }} +{{- end }} + spec: + {{- include "grafana.pod" . | nindent 6 }} +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/headless-service.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/headless-service.yaml new file mode 100755 index 000000000..2fa816e04 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/headless-service.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "statefulset")}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "grafana.fullname" . }}-headless + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + clusterIP: None + selector: + {{- include "grafana.selectorLabels" . | nindent 4 }} + type: ClusterIP +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/image-renderer-deployment.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/image-renderer-deployment.yaml new file mode 100755 index 000000000..d17b9dfed --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/image-renderer-deployment.yaml @@ -0,0 +1,117 @@ +{{ if .Values.imageRenderer.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "grafana.fullname" . }}-image-renderer + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.imageRenderer.labels" . | nindent 4 }} +{{- if .Values.imageRenderer.labels }} +{{ toYaml .Values.imageRenderer.labels | indent 4 }} +{{- end }} +{{- with .Values.imageRenderer.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + replicas: {{ .Values.imageRenderer.replicas }} + revisionHistoryLimit: {{ .Values.imageRenderer.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }} +{{- with .Values.imageRenderer.deploymentStrategy }} + strategy: +{{ toYaml . | trim | indent 4 }} +{{- end }} + template: + metadata: + labels: + {{- include "grafana.imageRenderer.selectorLabels" . | nindent 8 }} +{{- with .Values.imageRenderer.podLabels }} +{{ toYaml . | indent 8 }} +{{- end }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} +{{- with .Values.imageRenderer.podAnnotations }} +{{ toYaml . | indent 8 }} +{{- end }} + spec: + + {{- if .Values.imageRenderer.schedulerName }} + schedulerName: "{{ .Values.imageRenderer.schedulerName }}" + {{- end }} + {{- if .Values.imageRenderer.serviceAccountName }} + serviceAccountName: "{{ .Values.imageRenderer.serviceAccountName }}" + {{- else }} + serviceAccountName: {{ template "grafana.serviceAccountName" . }} + {{- end }} + {{- if .Values.imageRenderer.securityContext }} + securityContext: + {{ toYaml .Values.imageRenderer.securityContext | indent 2 }} + {{- end }} + {{- if .Values.imageRenderer.hostAliases }} + hostAliases: + {{ toYaml .Values.imageRenderer.hostAliases | indent 2 }} + {{- end }} + {{- if .Values.imageRenderer.priorityClassName }} + priorityClassName: {{ .Values.imageRenderer.priorityClassName }} + {{- end }} + {{- if .Values.imageRenderer.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.imageRenderer.image.pullSecrets }} + - name: {{ . }} + {{- end}} + {{- end }} + containers: + - name: {{ .Chart.Name }}-image-renderer + {{- if .Values.imageRenderer.image.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}@sha256:{{ .Values.imageRenderer.image.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.imageRenderer.image.pullPolicy }} + {{- if .Values.imageRenderer.command }} + command: + {{- range .Values.imageRenderer.command }} + - {{ . }} + {{- end }} + {{- end}} + ports: + - name: {{ .Values.imageRenderer.service.portName }} + containerPort: {{ .Values.imageRenderer.service.port }} + protocol: TCP + env: + - name: HTTP_PORT + value: {{ .Values.imageRenderer.service.port | quote }} + {{- range $key, $value := .Values.imageRenderer.env }} + - name: {{ $key | quote }} + value: {{ $value | quote }} + {{- end }} + securityContext: + capabilities: + drop: ['all'] + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /tmp + name: image-renderer-tmpfs + {{- with .Values.imageRenderer.resources }} + resources: +{{ toYaml . | indent 12 }} + {{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} + {{- if .Values.imageRenderer.nodeSelector }} +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.imageRenderer.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} + {{- if .Values.imageRenderer.tolerations }} +{{ toYaml . | indent 8 }} + {{- end }} + volumes: + - name: image-renderer-tmpfs + emptyDir: {} +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/image-renderer-network-policy.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/image-renderer-network-policy.yaml new file mode 100755 index 000000000..f8ca73aab --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/image-renderer-network-policy.yaml @@ -0,0 +1,76 @@ +{{- if and (.Values.imageRenderer.enabled) (.Values.imageRenderer.networkPolicy.limitIngress) }} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "grafana.fullname" . }}-image-renderer-ingress + namespace: {{ template "grafana.namespace" . }} + annotations: + comment: Limit image-renderer ingress traffic from grafana +spec: + podSelector: + matchLabels: + {{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }} + {{- if .Values.imageRenderer.podLabels }} + {{ toYaml .Values.imageRenderer.podLabels | nindent 6 }} + {{- end }} + + policyTypes: + - Ingress + ingress: + - ports: + - port: {{ .Values.imageRenderer.service.port }} + protocol: TCP + from: + - namespaceSelector: + matchLabels: + name: {{ template "grafana.namespace" . }} + podSelector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 14 }} + {{- if .Values.podLabels }} + {{ toYaml .Values.podLabels | nindent 14 }} + {{- end }} +{{ end }} + +{{- if and (.Values.imageRenderer.enabled) (.Values.imageRenderer.networkPolicy.limitEgress) }} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "grafana.fullname" . }}-image-renderer-egress + namespace: {{ template "grafana.namespace" . }} + annotations: + comment: Limit image-renderer egress traffic to grafana +spec: + podSelector: + matchLabels: + {{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }} + {{- if .Values.imageRenderer.podLabels }} + {{ toYaml .Values.imageRenderer.podLabels | nindent 6 }} + {{- end }} + + policyTypes: + - Egress + egress: + # allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # talk only to grafana + - ports: + - port: {{ .Values.service.port }} + protocol: TCP + to: + - namespaceSelector: + matchLabels: + name: {{ template "grafana.namespace" . }} + podSelector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 14 }} + {{- if .Values.podLabels }} + {{ toYaml .Values.podLabels | nindent 14 }} + {{- end }} +{{ end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/image-renderer-service.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/image-renderer-service.yaml new file mode 100755 index 000000000..f5d3eb02f --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/image-renderer-service.yaml @@ -0,0 +1,28 @@ +{{ if .Values.imageRenderer.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "grafana.fullname" . }}-image-renderer + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.imageRenderer.labels" . | nindent 4 }} +{{- if .Values.imageRenderer.service.labels }} +{{ toYaml .Values.imageRenderer.service.labels | indent 4 }} +{{- end }} +{{- with .Values.imageRenderer.service.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + type: ClusterIP + {{- if .Values.imageRenderer.service.clusterIP }} + clusterIP: {{ .Values.imageRenderer.service.clusterIP }} + {{end}} + ports: + - name: {{ .Values.imageRenderer.service.portName }} + port: {{ .Values.imageRenderer.service.port }} + protocol: TCP + targetPort: {{ .Values.imageRenderer.service.targetPort }} + selector: + {{- include "grafana.imageRenderer.selectorLabels" . | nindent 4 }} +{{ end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/ingress.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/ingress.yaml new file mode 100755 index 000000000..44ebfc950 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/ingress.yaml @@ -0,0 +1,80 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "grafana.fullname" . -}} +{{- $servicePort := .Values.service.port -}} +{{- $ingressPath := .Values.ingress.path -}} +{{- $ingressPathType := .Values.ingress.pathType -}} +{{- $extraPaths := .Values.ingress.extraPaths -}} +{{- $newAPI := .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} +{{- if $newAPI -}} +apiVersion: networking.k8s.io/v1 +{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress" }} +apiVersion: networking.k8s.io/v1beta1 +{{- else }} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- if .Values.ingress.labels }} +{{ toYaml .Values.ingress.labels | indent 4 }} +{{- end }} + {{- if .Values.ingress.annotations }} + annotations: + {{- range $key, $value := .Values.ingress.annotations }} + {{ $key }}: {{ tpl $value $ | quote }} + {{- end }} + {{- end }} +spec: + {{- if .Values.ingress.ingressClassName }} + ingressClassName: {{ .Values.ingress.ingressClassName }} + {{- end -}} +{{- if .Values.ingress.tls }} + tls: +{{ tpl (toYaml .Values.ingress.tls) $ | indent 4 }} +{{- end }} + rules: + {{- if .Values.ingress.hosts }} + {{- range .Values.ingress.hosts }} + - host: {{ tpl . $}} + http: + paths: +{{ if $extraPaths }} +{{ toYaml $extraPaths | indent 10 }} +{{- end }} + - path: {{ $ingressPath }} + {{- if $newAPI }} + pathType: {{ $ingressPathType }} + {{- end }} + backend: + {{- if $newAPI }} + service: + name: {{ $fullName }} + port: + number: {{ $servicePort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $servicePort }} + {{- end }} + {{- end }} + {{- else }} + - http: + paths: + - backend: + {{- if $newAPI }} + service: + name: {{ $fullName }} + port: + number: {{ $servicePort }} + pathType: {{ $ingressPathType }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $servicePort }} + {{- end }} + {{- if $ingressPath }} + path: {{ $ingressPath }} + {{- end }} + {{- end -}} +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/nginx-config.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/nginx-config.yaml new file mode 100755 index 000000000..f847c51ce --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/nginx-config.yaml @@ -0,0 +1,75 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: grafana-nginx-proxy-config + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +data: + nginx.conf: |- + worker_processes auto; + error_log /dev/stdout warn; + pid /var/cache/nginx/nginx.pid; + + events { + worker_connections 1024; + } + + http { + include /etc/nginx/mime.types; + log_format main '[$time_local - $status] $remote_addr - $remote_user $request ($http_referer)'; + + proxy_connect_timeout 10; + proxy_read_timeout 180; + proxy_send_timeout 5; + proxy_buffering off; + proxy_cache_path /var/cache/nginx/cache levels=1:2 keys_zone=my_zone:100m inactive=1d max_size=10g; + + server { + listen 8080; + access_log off; + + gzip on; + gzip_min_length 1k; + gzip_comp_level 2; + gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript image/jpeg image/gif image/png; + gzip_vary on; + gzip_disable "MSIE [1-6]\."; + + proxy_set_header Host $host; + + location /api/dashboards { + proxy_pass http://localhost:3000; + } + + location /api/search { + proxy_pass http://localhost:3000; + + sub_filter_types application/json; + sub_filter_once off; + sub_filter '"url":"/d' '"url":"d'; + } + + location / { + proxy_cache my_zone; + proxy_cache_valid 200 302 1d; + proxy_cache_valid 301 30d; + proxy_cache_valid any 5m; + proxy_cache_bypass $http_cache_control; + add_header X-Proxy-Cache $upstream_cache_status; + add_header Cache-Control "public"; + + proxy_pass http://localhost:3000/; + + sub_filter_types text/html; + sub_filter_once off; + sub_filter '"appSubUrl":""' '"appSubUrl":"."'; + sub_filter '"url":"/' '"url":"./'; + sub_filter ':"/avatar/' ':"avatar/'; + + if ($request_filename ~ .*\.(?:js|css|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$) { + expires 90d; + } + } + } + } diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/poddisruptionbudget.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/poddisruptionbudget.yaml new file mode 100755 index 000000000..61813a436 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/poddisruptionbudget.yaml @@ -0,0 +1,22 @@ +{{- if .Values.podDisruptionBudget }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- if .Values.labels }} +{{ toYaml .Values.labels | indent 4 }} +{{- end }} +spec: +{{- if .Values.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} +{{- end }} +{{- if .Values.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} +{{- end }} + selector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 6 }} +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/podsecuritypolicy.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/podsecuritypolicy.yaml new file mode 100755 index 000000000..19da50791 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/podsecuritypolicy.yaml @@ -0,0 +1,49 @@ +{{- if .Values.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- if .Values.rbac.pspAnnotations }} + annotations: {{ toYaml .Values.rbac.pspAnnotations | nindent 4 }} +{{- end }} +spec: + privileged: false + allowPrivilegeEscalation: false + requiredDropCapabilities: + # Default set from Docker, without DAC_OVERRIDE or CHOWN + - FOWNER + - FSETID + - KILL + - SETGID + - SETUID + - SETPCAP + - NET_BIND_SERVICE + - NET_RAW + - SYS_CHROOT + - MKNOD + - AUDIT_WRITE + - SETFCAP + volumes: + - 'configMap' + - 'emptyDir' + - 'projected' + - 'csi' + - 'secret' + - 'downwardAPI' + - 'persistentVolumeClaim' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'RunAsAny' + fsGroup: + rule: 'RunAsAny' + readOnlyRootFilesystem: false +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/pvc.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/pvc.yaml new file mode 100755 index 000000000..8d93f5c23 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/pvc.yaml @@ -0,0 +1,33 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "pvc")}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} + {{- with .Values.persistence.annotations }} + annotations: +{{ toYaml . | indent 4 }} + {{- end }} + {{- with .Values.persistence.finalizers }} + finalizers: +{{ toYaml . | indent 4 }} + {{- end }} +spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- if .Values.persistence.storageClassName }} + storageClassName: {{ .Values.persistence.storageClassName }} + {{- end -}} + {{- with .Values.persistence.selectorLabels }} + selector: + matchLabels: +{{ toYaml . | indent 6 }} + {{- end }} +{{- end -}} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/role.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/role.yaml new file mode 100755 index 000000000..54c3fb0b2 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/role.yaml @@ -0,0 +1,32 @@ +{{- if and .Values.rbac.create (not .Values.rbac.useExistingRole) -}} +apiVersion: {{ template "rbac.apiVersion" . }} +kind: Role +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +{{- if or .Values.rbac.pspEnabled (and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled .Values.rbac.extraRoleRules))) }} +rules: +{{- if .Values.rbac.pspEnabled }} +- apiGroups: ['extensions'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: [{{ template "grafana.fullname" . }}] +{{- end }} +{{- if and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled) }} +- apiGroups: [""] # "" indicates the core API group + resources: ["configmaps", "secrets"] + verbs: ["get", "watch", "list"] +{{- end }} +{{- with .Values.rbac.extraRoleRules }} +{{ toYaml . | indent 0 }} +{{- end}} +{{- else }} +rules: [] +{{- end }} +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/rolebinding.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/rolebinding.yaml new file mode 100755 index 000000000..34f1ad6f8 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/rolebinding.yaml @@ -0,0 +1,25 @@ +{{- if .Values.rbac.create -}} +apiVersion: {{ template "rbac.apiVersion" . }} +kind: RoleBinding +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role +{{- if (not .Values.rbac.useExistingRole) }} + name: {{ template "grafana.fullname" . }} +{{- else }} + name: {{ .Values.rbac.useExistingRole }} +{{- end }} +subjects: +- kind: ServiceAccount + name: {{ template "grafana.serviceAccountName" . }} + namespace: {{ template "grafana.namespace" . }} +{{- end -}} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/secret-env.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/secret-env.yaml new file mode 100755 index 000000000..5c09313e6 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/secret-env.yaml @@ -0,0 +1,14 @@ +{{- if .Values.envRenderSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "grafana.fullname" . }}-env + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +type: Opaque +data: +{{- range $key, $val := .Values.envRenderSecret }} + {{ $key }}: {{ $val | b64enc | quote }} +{{- end -}} +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/secret.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/secret.yaml new file mode 100755 index 000000000..4fdd817da --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/secret.yaml @@ -0,0 +1,22 @@ +{{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +type: Opaque +data: + {{- if and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) }} + admin-user: {{ .Values.adminUser | b64enc | quote }} + {{- if .Values.adminPassword }} + admin-password: {{ .Values.adminPassword | b64enc | quote }} + {{- else }} + admin-password: {{ randAlphaNum 40 | b64enc | quote }} + {{- end }} + {{- end }} + {{- if not .Values.ldap.existingSecret }} + ldap-toml: {{ tpl .Values.ldap.config $ | b64enc | quote }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/service.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/service.yaml new file mode 100755 index 000000000..276456698 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/service.yaml @@ -0,0 +1,50 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- if .Values.service.labels }} +{{ toYaml .Values.service.labels | indent 4 }} +{{- end }} +{{- with .Values.service.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }} + type: ClusterIP + {{- if .Values.service.clusterIP }} + clusterIP: {{ .Values.service.clusterIP }} + {{end}} +{{- else if eq .Values.service.type "LoadBalancer" }} + type: {{ .Values.service.type }} + {{- if .Values.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- if .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }} + {{- end -}} +{{- else }} + type: {{ .Values.service.type }} +{{- end }} +{{- if .Values.service.externalIPs }} + externalIPs: +{{ toYaml .Values.service.externalIPs | indent 4 }} +{{- end }} + ports: + - name: {{ .Values.service.portName }} + port: {{ .Values.service.port }} + protocol: TCP + targetPort: {{ .Values.service.targetPort }} +{{ if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }} + nodePort: {{.Values.service.nodePort}} +{{ end }} + {{- if .Values.extraExposePorts }} + {{- tpl (toYaml .Values.extraExposePorts) . | indent 4 }} + {{- end }} + selector: + {{- include "grafana.selectorLabels" . | nindent 4 }} + diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/serviceaccount.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/serviceaccount.yaml new file mode 100755 index 000000000..7576eeef0 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.serviceAccount.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + name: {{ template "grafana.serviceAccountName" . }} + namespace: {{ template "grafana.namespace" . }} +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/servicemonitor.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/servicemonitor.yaml new file mode 100755 index 000000000..23288523f --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/servicemonitor.yaml @@ -0,0 +1,40 @@ +{{- if .Values.serviceMonitor.enabled }} +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "grafana.fullname" . }} + {{- if .Values.serviceMonitor.namespace }} + namespace: {{ .Values.serviceMonitor.namespace }} + {{- end }} + labels: + {{- include "grafana.labels" . | nindent 4 }} + {{- if .Values.serviceMonitor.labels }} + {{- toYaml .Values.serviceMonitor.labels | nindent 4 }} + {{- end }} +spec: + endpoints: + - interval: {{ .Values.serviceMonitor.interval }} + {{- if .Values.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }} + {{- end }} + honorLabels: true + port: {{ .Values.service.portName }} + path: {{ .Values.serviceMonitor.path }} + scheme: {{ .Values.serviceMonitor.scheme }} + {{- if .Values.serviceMonitor.tlsConfig }} + tlsConfig: + {{- toYaml .Values.serviceMonitor.tlsConfig | nindent 6 }} + {{- end }} + {{- if .Values.serviceMonitor.relabelings }} + relabelings: + {{- toYaml .Values.serviceMonitor.relabelings | nindent 4 }} + {{- end }} + jobLabel: "{{ .Release.Name }}" + selector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 8 }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/statefulset.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/statefulset.yaml new file mode 100755 index 000000000..b2b4616f3 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/statefulset.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "statefulset")}} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 6 }} + serviceName: {{ template "grafana.fullname" . }}-headless + template: + metadata: + labels: + {{- include "grafana.selectorLabels" . | nindent 8 }} +{{- with .Values.podLabels }} +{{ toYaml . | indent 8 }} +{{- end }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }} + checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }} + {{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }} + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} +{{- end }} +{{- with .Values.podAnnotations }} +{{ toYaml . | indent 8 }} +{{- end }} + spec: + {{- include "grafana.pod" . | nindent 6 }} + volumeClaimTemplates: + - metadata: + name: storage + spec: + accessModes: {{ .Values.persistence.accessModes }} + storageClassName: {{ .Values.persistence.storageClassName }} + resources: + requests: + storage: {{ .Values.persistence.size }} + {{- with .Values.persistence.selectorLabels }} + selector: + matchLabels: +{{ toYaml . | indent 10 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test-configmap.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test-configmap.yaml new file mode 100755 index 000000000..ff53aaf1b --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test-configmap.yaml @@ -0,0 +1,17 @@ +{{- if .Values.testFramework.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "grafana.fullname" . }}-test + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +data: + run.sh: |- + @test "Test Health" { + url="http://{{ template "grafana.fullname" . }}/api/health" + + code=$(wget --server-response --spider --timeout 10 --tries 1 ${url} 2>&1 | awk '/^ HTTP/{print $2}') + [ "$code" == "200" ] + } +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test-podsecuritypolicy.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test-podsecuritypolicy.yaml new file mode 100755 index 000000000..1acd65128 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test-podsecuritypolicy.yaml @@ -0,0 +1,30 @@ +{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "grafana.fullname" . }}-test + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +spec: + allowPrivilegeEscalation: true + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + fsGroup: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + runAsUser: + rule: RunAsAny + volumes: + - configMap + - downwardAPI + - emptyDir + - projected + - csi + - secret +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test-role.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test-role.yaml new file mode 100755 index 000000000..6b10677ae --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test-role.yaml @@ -0,0 +1,14 @@ +{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "grafana.fullname" . }}-test + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: [{{ template "grafana.fullname" . }}-test] +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test-rolebinding.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test-rolebinding.yaml new file mode 100755 index 000000000..58fa5e78b --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test-rolebinding.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "grafana.fullname" . }}-test + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "grafana.fullname" . }}-test +subjects: +- kind: ServiceAccount + name: {{ template "grafana.serviceAccountNameTest" . }} + namespace: {{ template "grafana.namespace" . }} +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test-serviceaccount.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test-serviceaccount.yaml new file mode 100755 index 000000000..5c3350733 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test-serviceaccount.yaml @@ -0,0 +1,9 @@ +{{- if and .Values.testFramework.enabled .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + {{- include "grafana.labels" . | nindent 4 }} + name: {{ template "grafana.serviceAccountNameTest" . }} + namespace: {{ template "grafana.namespace" . }} +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test.yaml new file mode 100755 index 000000000..cdc86e5f2 --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/templates/tests/test.yaml @@ -0,0 +1,48 @@ +{{- if .Values.testFramework.enabled }} +apiVersion: v1 +kind: Pod +metadata: + name: {{ template "grafana.fullname" . }}-test + labels: + {{- include "grafana.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test-success + namespace: {{ template "grafana.namespace" . }} +spec: + serviceAccountName: {{ template "grafana.serviceAccountNameTest" . }} + {{- if .Values.testFramework.securityContext }} + securityContext: {{ toYaml .Values.testFramework.securityContext | nindent 4 }} + {{- end }} + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.image.pullSecrets }} + - name: {{ . }} + {{- end}} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 4 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 4 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 4 }} + {{- end }} + containers: + - name: {{ .Release.Name }}-test + image: "{{ .Values.testFramework.image}}:{{ .Values.testFramework.tag }}" + imagePullPolicy: "{{ .Values.testFramework.imagePullPolicy}}" + command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"] + volumeMounts: + - mountPath: /tests + name: tests + readOnly: true + volumes: + - name: tests + configMap: + name: {{ template "grafana.fullname" . }}-test + restartPolicy: Never +{{- end }} diff --git a/released/charts/rancher-grafana/rancher-grafana/6.6.401/values.yaml b/released/charts/rancher-grafana/rancher-grafana/6.6.401/values.yaml new file mode 100755 index 000000000..9491c1a1f --- /dev/null +++ b/released/charts/rancher-grafana/rancher-grafana/6.6.401/values.yaml @@ -0,0 +1,732 @@ +global: + cattle: + systemDefaultRegistry: "" + +autoscaling: + enabled: false +rbac: + create: true + ## Use an existing ClusterRole/Role (depending on rbac.namespaced false/true) + # useExistingRole: name-of-some-(cluster)role + pspEnabled: true + pspAnnotations: {} + ## Specify pod annotations + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl + ## + # seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default' + # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + # apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default' + # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' + + namespaced: false + extraRoleRules: [] + # - apiGroups: [] + # resources: [] + # verbs: [] + extraClusterRoleRules: [] + # - apiGroups: [] + # resources: [] + # verbs: [] +serviceAccount: + create: true + name: + nameTest: +# annotations: +# eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here + +replicas: 1 + +## See `kubectl explain poddisruptionbudget.spec` for more +## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +podDisruptionBudget: {} +# minAvailable: 1 +# maxUnavailable: 1 + +## See `kubectl explain deployment.spec.strategy` for more +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy +deploymentStrategy: + type: RollingUpdate + +readinessProbe: + httpGet: + path: /api/health + port: 3000 + +livenessProbe: + httpGet: + path: /api/health + port: 3000 + initialDelaySeconds: 60 + timeoutSeconds: 30 + failureThreshold: 10 + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: "default-scheduler" + +image: + repository: rancher/mirrored-grafana-grafana + tag: 7.4.5 + sha: "" + pullPolicy: IfNotPresent + + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistrKeySecretName + +testFramework: + enabled: true + image: "rancher/mirrored-bats-bats" + tag: "v1.1.0" + imagePullPolicy: IfNotPresent + securityContext: + runAsNonRoot: true + runAsUser: 1000 + +securityContext: + runAsNonRoot: true + runAsUser: 472 + runAsGroup: 472 + fsGroup: 472 + +containerSecurityContext: + {} + +extraConfigmapMounts: [] + # - name: certs-configmap + # mountPath: /etc/grafana/ssl/ + # subPath: certificates.crt # (optional) + # configMap: certs-configmap + # readOnly: true + + +extraEmptyDirMounts: [] + # - name: provisioning-notifiers + # mountPath: /etc/grafana/provisioning/notifiers + + +# Apply extra labels to common labels. +extraLabels: {} + +## Assign a PriorityClassName to pods if set +# priorityClassName: + +downloadDashboardsImage: + repository: rancher/mirrored-curlimages-curl + tag: 7.73.0 + sha: "" + pullPolicy: IfNotPresent + +downloadDashboards: + env: {} + envFromSecret: "" + resources: {} + +## Pod Annotations +# podAnnotations: {} + +## Pod Labels +# podLabels: {} + +podPortName: grafana + +## Deployment annotations +# annotations: {} + +## Expose the grafana service to be accessed from outside the cluster (LoadBalancer service). +## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it. +## ref: http://kubernetes.io/docs/user-guide/services/ +## +service: + type: ClusterIP + port: 80 + targetPort: 3000 + # targetPort: 4181 To be used with a proxy extraContainer + annotations: {} + labels: {} + portName: service + +serviceMonitor: + ## If true, a ServiceMonitor CRD is created for a prometheus operator + ## https://github.com/coreos/prometheus-operator + ## + enabled: false + path: /metrics + # namespace: monitoring (defaults to use the namespace this chart is deployed to) + labels: {} + interval: 1m + scheme: http + tlsConfig: {} + scrapeTimeout: 30s + relabelings: [] + +extraExposePorts: [] + # - name: keycloak + # port: 8080 + # targetPort: 8080 + # type: ClusterIP + +# overrides pod.spec.hostAliases in the grafana deployment's pods +hostAliases: [] + # - ip: "1.2.3.4" + # hostnames: + # - "my.host.com" + +ingress: + enabled: false + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + # Values can be templated + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + labels: {} + path: / + + # pathType is only for k8s > 1.19 + pathType: Prefix + + hosts: + - chart-example.local + ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. + extraPaths: [] + # - path: /* + # backend: + # serviceName: ssl-redirect + # servicePort: use-annotation + ## Or for k8s > 1.19 + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: service + + + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi + +## Node labels for pod assignment +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +# +nodeSelector: {} + +## Tolerations for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] + +## Affinity for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} + +extraInitContainers: [] + +## Enable an Specify container in extraContainers. This is meant to allow adding an authentication proxy to a grafana pod +extraContainers: | +# - name: proxy +# image: quay.io/gambol99/keycloak-proxy:latest +# args: +# - -provider=github +# - -client-id= +# - -client-secret= +# - -github-org= +# - -email-domain=* +# - -cookie-secret= +# - -http-address=http://0.0.0.0:4181 +# - -upstream-url=http://127.0.0.1:3000 +# ports: +# - name: proxy-web +# containerPort: 4181 + +## Volumes that can be used in init containers that will not be mounted to deployment pods +extraContainerVolumes: [] +# - name: volume-from-secret +# secret: +# secretName: secret-to-mount +# - name: empty-dir-volume +# emptyDir: {} + +## Enable persistence using Persistent Volume Claims +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + type: pvc + enabled: false + # storageClassName: default + accessModes: + - ReadWriteOnce + size: 10Gi + # annotations: {} + finalizers: + - kubernetes.io/pvc-protection + # selectorLabels: {} + # subPath: "" + # existingClaim: + + ## If persistence is not enabled, this allows to mount the + ## local storage in-memory to improve performance + ## + inMemory: + enabled: false + ## The maximum usage on memory medium EmptyDir would be + ## the minimum value between the SizeLimit specified + ## here and the sum of memory limits of all containers in a pod + ## + # sizeLimit: 300Mi + +initChownData: + ## If false, data ownership will not be reset at startup + ## This allows the prometheus-server to be run with an arbitrary user + ## + enabled: true + + ## initChownData container image + ## + image: + repository: rancher/mirrored-library-busybox + tag: "1.31.1" + sha: "" + pullPolicy: IfNotPresent + + ## initChownData resource requests and limits + ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + +# Administrator credentials when not using an existing secret (see below) +adminUser: admin +# adminPassword: strongpassword + +# Use an existing secret for the admin user. +admin: + existingSecret: "" + userKey: admin-user + passwordKey: admin-password + +## Define command to be executed at startup by grafana container +## Needed if using `vault-env` to manage secrets (ref: https://banzaicloud.com/blog/inject-secrets-into-pods-vault/) +## Default is "run.sh" as defined in grafana's Dockerfile +# command: +# - "sh" +# - "/run.sh" + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +## Extra environment variables that will be pass onto deployment pods +## +## to provide grafana with access to CloudWatch on AWS EKS: +## 1. create an iam role of type "Web identity" with provider oidc.eks.* (note the provider for later) +## 2. edit the "Trust relationships" of the role, add a line inside the StringEquals clause using the +## same oidc eks provider as noted before (same as the existing line) +## also, replace NAMESPACE and prometheus-operator-grafana with the service account namespace and name +## +## "oidc.eks.us-east-1.amazonaws.com/id/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:sub": "system:serviceaccount:NAMESPACE:prometheus-operator-grafana", +## +## 3. attach a policy to the role, you can use a built in policy called CloudWatchReadOnlyAccess +## 4. use the following env: (replace 123456789000 and iam-role-name-here with your aws account number and role name) +## +## env: +## AWS_ROLE_ARN: arn:aws:iam::123456789000:role/iam-role-name-here +## AWS_WEB_IDENTITY_TOKEN_FILE: /var/run/secrets/eks.amazonaws.com/serviceaccount/token +## AWS_REGION: us-east-1 +## +## 5. uncomment the EKS section in extraSecretMounts: below +## 6. uncomment the annotation section in the serviceAccount: above +## make sure to replace arn:aws:iam::123456789000:role/iam-role-name-here with your role arn + +env: {} + +## "valueFrom" environment variable references that will be added to deployment pods +## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core +## Renders in container spec as: +## env: +## ... +## - name: +## valueFrom: +## +envValueFrom: {} + +## The name of a secret in the same kubernetes namespace which contain values to be added to the environment +## This can be useful for auth tokens, etc. Value is templated. +envFromSecret: "" + +## Sensible environment variables that will be rendered as new secret object +## This can be useful for auth tokens, etc +envRenderSecret: {} + +## Additional grafana server secret mounts +# Defines additional mounts with secrets. Secrets must be manually created in the namespace. +extraSecretMounts: [] + # - name: secret-files + # mountPath: /etc/secrets + # secretName: grafana-secret-files + # readOnly: true + # subPath: "" + # + # for AWS EKS (cloudwatch) use the following (see also instruction in env: above) + # - name: aws-iam-token + # mountPath: /var/run/secrets/eks.amazonaws.com/serviceaccount + # readOnly: true + # projected: + # defaultMode: 420 + # sources: + # - serviceAccountToken: + # audience: sts.amazonaws.com + # expirationSeconds: 86400 + # path: token + # + # for CSI e.g. Azure Key Vault use the following + # - name: secrets-store-inline + # mountPath: /run/secrets + # readOnly: true + # csi: + # driver: secrets-store.csi.k8s.io + # readOnly: true + # volumeAttributes: + # secretProviderClass: "akv-grafana-spc" + # nodePublishSecretRef: # Only required when using service principal mode + # name: grafana-akv-creds # Only required when using service principal mode + +## Additional grafana server volume mounts +# Defines additional volume mounts. +extraVolumeMounts: [] + # - name: extra-volume + # mountPath: /mnt/volume + # readOnly: true + # existingClaim: volume-claim + +## Pass the plugins you want installed as a list. +## +plugins: [] + # - digrich-bubblechart-panel + # - grafana-clock-panel + +## Configure grafana datasources +## ref: http://docs.grafana.org/administration/provisioning/#datasources +## +datasources: {} +# datasources.yaml: +# apiVersion: 1 +# datasources: +# - name: Prometheus +# type: prometheus +# url: http://prometheus-prometheus-server +# access: proxy +# isDefault: true +# - name: CloudWatch +# type: cloudwatch +# access: proxy +# uid: cloudwatch +# editable: false +# jsonData: +# authType: credentials +# defaultRegion: us-east-1 + +## Configure notifiers +## ref: http://docs.grafana.org/administration/provisioning/#alert-notification-channels +## +notifiers: {} +# notifiers.yaml: +# notifiers: +# - name: email-notifier +# type: email +# uid: email1 +# # either: +# org_id: 1 +# # or +# org_name: Main Org. +# is_default: true +# settings: +# addresses: an_email_address@example.com +# delete_notifiers: + +## Configure grafana dashboard providers +## ref: http://docs.grafana.org/administration/provisioning/#dashboards +## +## `path` must be /var/lib/grafana/dashboards/ +## +dashboardProviders: {} +# dashboardproviders.yaml: +# apiVersion: 1 +# providers: +# - name: 'default' +# orgId: 1 +# folder: '' +# type: file +# disableDeletion: false +# editable: true +# options: +# path: /var/lib/grafana/dashboards/default + +## Configure grafana dashboard to import +## NOTE: To use dashboards you must also enable/configure dashboardProviders +## ref: https://grafana.com/dashboards +## +## dashboards per provider, use provider name as key. +## +dashboards: {} + # default: + # some-dashboard: + # json: | + # $RAW_JSON + # custom-dashboard: + # file: dashboards/custom-dashboard.json + # prometheus-stats: + # gnetId: 2 + # revision: 2 + # datasource: Prometheus + # local-dashboard: + # url: https://example.com/repository/test.json + # token: '' + # local-dashboard-base64: + # url: https://example.com/repository/test-b64.json + # token: '' + # b64content: true + +## Reference to external ConfigMap per provider. Use provider name as key and ConfigMap name as value. +## A provider dashboards must be defined either by external ConfigMaps or in values.yaml, not in both. +## ConfigMap data example: +## +## data: +## example-dashboard.json: | +## RAW_JSON +## +dashboardsConfigMaps: {} +# default: "" + +## Grafana's primary configuration +## NOTE: values in map will be converted to ini format +## ref: http://docs.grafana.org/installation/configuration/ +## +grafana.ini: + paths: + data: /var/lib/grafana/data + logs: /var/log/grafana + plugins: /var/lib/grafana/plugins + provisioning: /etc/grafana/provisioning + analytics: + check_for_updates: true + log: + mode: console + grafana_net: + url: https://grafana.net +## grafana Authentication can be enabled with the following values on grafana.ini + # server: + # The full public facing url you use in browser, used for redirects and emails + # root_url: + # https://grafana.com/docs/grafana/latest/auth/github/#enable-github-in-grafana + # auth.github: + # enabled: false + # allow_sign_up: false + # scopes: user:email,read:org + # auth_url: https://github.com/login/oauth/authorize + # token_url: https://github.com/login/oauth/access_token + # api_url: https://api.github.com/user + # team_ids: + # allowed_organizations: + # client_id: + # client_secret: +## LDAP Authentication can be enabled with the following values on grafana.ini +## NOTE: Grafana will fail to start if the value for ldap.toml is invalid + # auth.ldap: + # enabled: true + # allow_sign_up: true + # config_file: /etc/grafana/ldap.toml + +## Grafana's LDAP configuration +## Templated by the template in _helpers.tpl +## NOTE: To enable the grafana.ini must be configured with auth.ldap.enabled +## ref: http://docs.grafana.org/installation/configuration/#auth-ldap +## ref: http://docs.grafana.org/installation/ldap/#configuration +ldap: + enabled: false + # `existingSecret` is a reference to an existing secret containing the ldap configuration + # for Grafana in a key `ldap-toml`. + existingSecret: "" + # `config` is the content of `ldap.toml` that will be stored in the created secret + config: "" + # config: |- + # verbose_logging = true + + # [[servers]] + # host = "my-ldap-server" + # port = 636 + # use_ssl = true + # start_tls = false + # ssl_skip_verify = false + # bind_dn = "uid=%s,ou=users,dc=myorg,dc=com" + +## Grafana's SMTP configuration +## NOTE: To enable, grafana.ini must be configured with smtp.enabled +## ref: http://docs.grafana.org/installation/configuration/#smtp +smtp: + # `existingSecret` is a reference to an existing secret containing the smtp configuration + # for Grafana. + existingSecret: "" + userKey: "user" + passwordKey: "password" + +## Sidecars that collect the configmaps with specified label and stores the included files them into the respective folders +## Requires at least Grafana 5 to work and can't be used together with parameters dashboardProviders, datasources and dashboards +sidecar: + image: + repository: rancher/mirrored-kiwigrid-k8s-sidecar + tag: 1.10.7 + sha: "" + imagePullPolicy: IfNotPresent + resources: {} +# limits: +# cpu: 100m +# memory: 100Mi +# requests: +# cpu: 50m +# memory: 50Mi + # skipTlsVerify Set to true to skip tls verification for kube api calls + # skipTlsVerify: true + enableUniqueFilenames: false + dashboards: + enabled: false + SCProvider: true + # label that the configmaps with dashboards are marked with + label: grafana_dashboard + # value of label that the configmaps with dashboards are set to + labelValue: null + # folder in the pod that should hold the collected dashboards (unless `defaultFolderName` is set) + folder: /tmp/dashboards + # The default folder name, it will create a subfolder under the `folder` and put dashboards in there instead + defaultFolderName: null + # If specified, the sidecar will search for dashboard config-maps inside this namespace. + # Otherwise the namespace in which the sidecar is running will be used. + # It's also possible to specify ALL to search in all namespaces + searchNamespace: null + # If specified, the sidecar will look for annotation with this name to create folder and put graph here. + # You can use this parameter together with `provider.foldersFromFilesStructure`to annotate configmaps and create folder structure. + folderAnnotation: null + # provider configuration that lets grafana manage the dashboards + provider: + # name of the provider, should be unique + name: sidecarProvider + # orgid as configured in grafana + orgid: 1 + # folder in which the dashboards should be imported in grafana + folder: '' + # type of the provider + type: file + # disableDelete to activate a import-only behaviour + disableDelete: false + # allow updating provisioned dashboards from the UI + allowUiUpdates: false + # allow Grafana to replicate dashboard structure from filesystem + foldersFromFilesStructure: false + datasources: + enabled: false + # label that the configmaps with datasources are marked with + label: grafana_datasource + # value of label that the configmaps with datasources are set to + labelValue: null + # If specified, the sidecar will search for datasource config-maps inside this namespace. + # Otherwise the namespace in which the sidecar is running will be used. + # It's also possible to specify ALL to search in all namespaces + searchNamespace: null + + ## The name of a secret in the same kubernetes namespace which contain values to be added to the environment + ## This can be useful for database passwords, etc. Value is templated. + envFromSecret: "" + notifiers: + enabled: false + # label that the configmaps with notifiers are marked with + label: grafana_notifier + # If specified, the sidecar will search for notifier config-maps inside this namespace. + # Otherwise the namespace in which the sidecar is running will be used. + # It's also possible to specify ALL to search in all namespaces + searchNamespace: null + +## Override the deployment namespace +## +namespaceOverride: "" + +## Number of old ReplicaSets to retain +## +revisionHistoryLimit: 10 + +## Add a seperate remote image renderer deployment/service +imageRenderer: + # Enable the image-renderer deployment & service + enabled: false + replicas: 1 + image: + # image-renderer Image repository + repository: rancher/mirrored-grafana-grafana-image-renderer + # image-renderer Image tag + tag: 2.0.1 + # image-renderer Image sha (optional) + sha: "" + # image-renderer ImagePullPolicy + pullPolicy: Always + # extra environment variables + env: + HTTP_HOST: "0.0.0.0" + # RENDERING_ARGS: --disable-gpu,--window-size=1280x758 + # RENDERING_MODE: clustered + # image-renderer deployment serviceAccount + serviceAccountName: "" + # image-renderer deployment securityContext + securityContext: {} + # image-renderer deployment Host Aliases + hostAliases: [] + # image-renderer deployment priority class + priorityClassName: '' + service: + # image-renderer service port name + portName: 'http' + # image-renderer service port used by both service and deployment + port: 8081 + targetPort: 8081 + # In case a sub_path is used this needs to be added to the image renderer callback + grafanaSubPath: "" + # name of the image-renderer port on the pod + podPortName: http + # number of image-renderer replica sets to keep + revisionHistoryLimit: 10 + networkPolicy: + # Enable a NetworkPolicy to limit inbound traffic to only the created grafana pods + limitIngress: true + # Enable a NetworkPolicy to limit outbound traffic to only the created grafana pods + limitEgress: false + resources: {} +# limits: +# cpu: 100m +# memory: 100Mi +# requests: +# cpu: 50m +# memory: 50Mi diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/Chart.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/Chart.yaml new file mode 100755 index 000000000..3f1c0a6b8 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/Chart.yaml @@ -0,0 +1,21 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.29.100 + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Istio + catalog.cattle.io/namespace: istio-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1 + catalog.cattle.io/release-name: rancher-istio + catalog.cattle.io/requests-cpu: 710m + catalog.cattle.io/requests-memory: 2314Mi + catalog.cattle.io/ui-component: istio +apiVersion: v1 +appVersion: 1.8.3 +description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ + for details. +icon: https://charts.rancher.io/assets/logos/istio.svg +keywords: +- networking +- infrastructure +name: rancher-istio +version: 1.8.301 diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/README.md b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/README.md new file mode 100755 index 000000000..199e45312 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/README.md @@ -0,0 +1,69 @@ +# Rancher Istio Installers + +A Rancher created chart that packages the istioctl binary to install via a helm chart. + +# Installation Requirements + +## Chart Dependencies +- rancher-kiali-server-crd chart + +# Uninstallation Requirements +To ensure rancher-istio uninstalls correctly, you must uninstall rancher-istio prior to uninstalling chart dependencies (see installation requirements for chart dependencies). This is because all definitions need to be available in order to properly build the rancher-istio objects for removal. + +If you remove dependent CRD charts prior to removing rancher-istio, you may encounter the following error:: + +`Error: uninstallation completed with 1 error(s): unable to build kubernetes objects for delete: unable to recognize "": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"` + +# Addons + +## Kiali + +Kiali allows you to view and manage your istio-based service mesh through an easy to use dashboard. + +#### Dependencies +- rancher-monitoring chart or other Prometheus installation + +This dependecy installs the required CRDs for installing Kiali. Since Kiali is bundled in with Istio in this chart, if you do not have these dependencies installed, your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` when installing Istio for a succesful installation. + +> **Note:** The following configuration options assume you have installed the dependecies for Kiali. Please ensure you have Promtheus in your cluster before proceeding. + +The Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. + +To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. + +1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. +1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. + +#### External Services + +##### Prometheus +The `kiali.external_services.prometheus` url is set in the values.yaml: +``` +http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} +``` +The url depends on the default values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` being set in your rancher-monitoring or other monitoring instance. + +##### Grafana +The `kiali.external_services.grafana` url is set in the values.yaml: +``` +http://{{ .Values.nameOverride }}-grafana.{{ .Values.namespaceOverride }}.svc:{{ grafana.service.port }} +``` +The url depends on the default values for `nameOverride`, `namespaceOverride`, and `grafana.service.port` being set in your rancher-monitoring or other monitoring instance. + +##### Tracing +The `kiali.external_services.tracing` url and `.Values.tracing.contextPath` is set in the rancher-istio values.yaml: +``` +http://tracing.{{ .Values.namespaceOverride }}.svc:{{ .Values.service.externalPort }}/{{ .Values.tracing.contextPath }} +``` +The url depends on the default values for `namespaceOverride`, and `.Values.service.externalPort` being set in your rancher-tracing or other tracing instance. + +## Jaeger + +Jaeger allows you to trace and monitor distributed microservices. + +> **Note:** This addon is using the all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io/docs/1.21/getting-started/) documentation to determine which installation you will need for your production needs. + +# Installation +``` +helm install rancher-istio . --create-namespace -n istio-system +``` \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/app-readme.md b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/app-readme.md new file mode 100755 index 000000000..0e42df083 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/app-readme.md @@ -0,0 +1,45 @@ +# Rancher Istio + +Our [Istio](https://istio.io/) installer wraps the istioctl binary commands in a handy helm chart, including an overlay file option to allow complex customization. It also includes: +* **[Kiali](https://kiali.io/)**: Used for graphing traffic flow throughout the mesh +* **[Jaeger](https://www.jaegertracing.io/)**: A quick start, all-in-one installation used for tracing distributed systemm. This is not production qualified, please refer to jaeger documentation to determine which installation you may need instead. + +### Dependencies + +**Rancher Monitoring or other Prometheus installation** + +The Prometheus CRDs are required for installing Kiali which is enabled by default. If you do not have Prometheus installed your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` to bypass this requirement. + +### Customization + +**Rancher Monitoring** + +The Rancher Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. + +To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. + +1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. +1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. + +**Custom Prometheus Installation with Kiali** + +To use a custom Monitoring installation, set the `kiali.external_services.prometheus` url in the values.yaml. This url depends on the values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` in your rancher-monitoring or other monitoring instance: +``` +http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} +``` +**Custom Grafana Installation with Kiali** + +To use a custom Grafana installation, set the `kiali.external_services.grafana` url in the values.yaml. This url depends on the values for `nameOverride`, `namespaceOverride`, and `granfa.service.port` in your rancher-monitoring or other grafana instance: +``` +http://{{ .Values.nameOverride }}-grafana.{{ .Values.namespaceOverride }}.svc:{{ grafana.service.port }} +``` +**Custom Tracing Installation with Kiali** + +To use a custom Tracing installation, set the `kiali.external_services.tracing` url and update the `.Values.tracing.contextPath` in the rancher-istio values.yaml. + +This url depends on the values for `namespaceOverride`, and `.Values.service.externalPort` in your rancher-tracing or other tracing instance.: +``` +http://tracing.{{ .Values.namespaceOverride }}.svc:{{ .Values.service.externalPort }}/{{ .Values.tracing.contextPath }} +``` + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/istio/v2.5/). diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/Chart.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/Chart.yaml new file mode 100755 index 000000000..3225c111e --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/Chart.yaml @@ -0,0 +1,31 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=match + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 + catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 + catalog.rancher.io/namespace: cattle-istio-system + catalog.rancher.io/release-name: rancher-kiali-server +apiVersion: v2 +appVersion: v1.29.0 +description: Kiali is an open source project for service mesh observability, refer + to https://www.kiali.io for details. This is installed as sub-chart with customized + values in Rancher's Istio. +home: https://github.com/kiali/kiali +icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png +keywords: +- istio +- kiali +- networking +- infrastructure +maintainers: +- email: kiali-users@googlegroups.com + name: Kiali + url: https://kiali.io +name: kiali +sources: +- https://github.com/kiali/kiali +- https://github.com/kiali/kiali-ui +- https://github.com/kiali/kiali-operator +- https://github.com/kiali/helm-charts +version: 1.29.1 diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/NOTES.txt b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/NOTES.txt new file mode 100755 index 000000000..751019401 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/NOTES.txt @@ -0,0 +1,5 @@ +Welcome to Kiali! For more details on Kiali, see: https://kiali.io + +The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon. + +(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}]) diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/_helpers.tpl b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/_helpers.tpl new file mode 100755 index 000000000..dd33bbe48 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/_helpers.tpl @@ -0,0 +1,192 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "kiali-server.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kiali-server.fullname" -}} +{{- if .Values.fullnameOverride }} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} + {{- $name := default .Chart.Name .Values.nameOverride }} + {{- printf "%s" $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kiali-server.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Identifies the log_level with the old verbose_mode and the new log_level considered. +*/}} +{{- define "kiali-server.logLevel" -}} +{{- if .Values.deployment.verbose_mode -}} +{{- .Values.deployment.verbose_mode -}} +{{- else -}} +{{- .Values.deployment.logger.log_level -}} +{{- end -}} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kiali-server.labels" -}} +helm.sh/chart: {{ include "kiali-server.chart" . }} +app: {{ include "kiali-server.name" . }} +{{ include "kiali-server.selectorLabels" . }} +version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/part-of: "kiali" +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kiali-server.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kiali-server.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Used to determine if a custom dashboard (defined in .Template.Name) should be deployed. +*/}} +{{- define "kiali-server.isDashboardEnabled" -}} +{{- if .Values.external_services.custom_dashboards.enabled }} + {{- $includere := "" }} + {{- range $_, $s := .Values.deployment.custom_dashboards.includes }} + {{- if $s }} + {{- if $includere }} + {{- $includere = printf "%s|^%s$" $includere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $includere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} + {{- end }} + {{- $excludere := "" }} + {{- range $_, $s := .Values.deployment.custom_dashboards.excludes }} + {{- if $s }} + {{- if $excludere }} + {{- $excludere = printf "%s|^%s$" $excludere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $excludere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} + {{- end }} + {{- if (and (mustRegexMatch (default "no-matches" $includere) (base .Template.Name)) (not (mustRegexMatch (default "no-matches" $excludere) (base .Template.Name)))) }} + {{- print "enabled" }} + {{- else }} + {{- print "" }} + {{- end }} +{{- else }} + {{- print "" }} +{{- end }} +{{- end }} + +{{/* +Determine the default login token signing key. +*/}} +{{- define "kiali-server.login_token.signing_key" -}} +{{- if .Values.login_token.signing_key }} + {{- .Values.login_token.signing_key }} +{{- else }} + {{- randAlphaNum 16 }} +{{- end }} +{{- end }} + +{{/* +Determine the default web root. +*/}} +{{- define "kiali-server.server.web_root" -}} +{{- if .Values.server.web_root }} + {{- .Values.server.web_root | trimSuffix "/" }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/" }} + {{- else }} + {{- "/kiali" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity cert file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.cert_file" -}} +{{- if hasKey .Values.identity "cert_file" }} + {{- .Values.identity.cert_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.crt" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity private key file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.private_key_file" -}} +{{- if hasKey .Values.identity "private_key_file" }} + {{- .Values.identity.private_key_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.key" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the istio namespace - default is where Kiali is installed. +*/}} +{{- define "kiali-server.istio_namespace" -}} +{{- if .Values.istio_namespace }} + {{- .Values.istio_namespace }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} + +{{/* +Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift. +*/}} +{{- define "kiali-server.auth.strategy" -}} +{{- if .Values.auth.strategy }} + {{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }} + {{- end }} + {{- .Values.auth.strategy }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- if not .Values.kiali_route_url }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }} + {{- end }} + {{- "openshift" }} + {{- else }} + {{- "token" }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/cabundle.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/cabundle.yaml new file mode 100755 index 000000000..7462b95a7 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/cabundle.yaml @@ -0,0 +1,13 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }}-cabundle + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + service.beta.openshift.io/inject-cabundle: "true" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/configmap.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/configmap.yaml new file mode 100755 index 000000000..b1bf53173 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/configmap.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + config.yaml: | + {{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}} + {{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }} + {{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}} + {{- $_ := set $cm.deployment "namespace" .Release.Namespace }} + {{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}} + {{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }} + {{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }} + {{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }} + {{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }} + {{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }} + {{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }} + {{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }} + {{- toYaml $cm | nindent 4 }} +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/envoy.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/envoy.yaml new file mode 100755 index 000000000..8d961b848 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/envoy.yaml @@ -0,0 +1,55 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: envoy + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Envoy Metrics +# discoverOn: "envoy_server_uptime" + items: + - chart: + name: "Pods uptime" + spans: 4 + metricName: "envoy_server_uptime" + dataType: "raw" + - chart: + name: "Allocated memory" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_allocated" + dataType: "raw" + min: 0 + - chart: + name: "Heap size" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_heap_size" + dataType: "raw" + min: 0 + - chart: + name: "Upstream active connections" + spans: 6 + metricName: "envoy_cluster_upstream_cx_active" + dataType: "raw" + - chart: + name: "Upstream total requests" + spans: 6 + metricName: "envoy_cluster_upstream_rq_total" + unit: "rps" + dataType: "rate" + - chart: + name: "Downstream active connections" + spans: 6 + metricName: "envoy_listener_downstream_cx_active" + dataType: "raw" + - chart: + name: "Downstream HTTP requests" + spans: 6 + metricName: "envoy_listener_http_downstream_rq" + unit: "rps" + dataType: "rate" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/go.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/go.yaml new file mode 100755 index 000000000..01ebed7b5 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/go.yaml @@ -0,0 +1,66 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: go + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Go Metrics + runtime: Go + discoverOn: "go_info" + items: + - chart: + name: "CPU ratio" + spans: 6 + metricName: "process_cpu_seconds_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "RSS Memory" + unit: "bytes" + spans: 6 + metricName: "process_resident_memory_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Goroutines" + spans: 6 + metricName: "go_goroutines" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Heap allocation rate" + unit: "bytes/s" + spans: 6 + metricName: "go_memstats_alloc_bytes_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "GC rate" + spans: 6 + metricName: "go_gc_duration_seconds_count" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Next GC" + unit: "bytes" + spans: 6 + metricName: "go_memstats_next_gc_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/kiali.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/kiali.yaml new file mode 100755 index 000000000..0d5b5caa2 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/kiali.yaml @@ -0,0 +1,43 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: kiali + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Kiali Internal Metrics + items: + - chart: + name: "API processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_api_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "route" + displayName: "Route" + - chart: + name: "Functions processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_go_function_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" + - chart: + name: "Failures" + spans: 12 + metricName: "kiali_go_function_failures_total" + dataType: "raw" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml new file mode 100755 index 000000000..e89e1200c --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml @@ -0,0 +1,42 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Pool Metrics + discoverOn: "jvm_buffer_total_capacity_bytes" + items: + - chart: + name: "Pool buffer memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer capacity" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_total_capacity_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer count" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_count" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml new file mode 100755 index 000000000..ab487dccc --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml @@ -0,0 +1,64 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live" + items: + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon" + dataType: "raw" + - chart: + name: "Loaded classes" + spans: 4 + metricName: "jvm_classes_loaded" + dataType: "raw" + + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml new file mode 100755 index 000000000..d7014951d --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.1-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live_threads" + items: + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live_threads" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon_threads" + dataType: "raw" + - chart: + name: "Threads states" + spans: 4 + metricName: "jvm_threads_states_threads" + dataType: "raw" + aggregations: + - label: "state" + displayName: "State" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/microprofile-1.1.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/microprofile-1.1.yaml new file mode 100755 index 000000000..c00446c10 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/microprofile-1.1.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-1.1 + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:thread_count" + items: + - chart: + name: "Current loaded classes" + spans: 6 + metricName: "base:classloader_current_loaded_class_count" + dataType: "raw" + - chart: + name: "Unloaded classes" + spans: 6 + metricName: "base:classloader_total_unloaded_class_count" + dataType: "raw" + - chart: + name: "Thread count" + spans: 4 + metricName: "base:thread_count" + dataType: "raw" + - chart: + name: "Thread max count" + spans: 4 + metricName: "base:thread_max_count" + dataType: "raw" + - chart: + name: "Thread daemon count" + spans: 4 + metricName: "base:thread_daemon_count" + dataType: "raw" + - chart: + name: "Committed heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_committed_heap_bytes" + dataType: "raw" + - chart: + name: "Max heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_max_heap_bytes" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_used_heap_bytes" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/microprofile-x.y.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/microprofile-x.y.yaml new file mode 100755 index 000000000..d15f527d9 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/microprofile-x.y.yaml @@ -0,0 +1,37 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-x.y + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:gc_complete_scavenger_count" + items: + - chart: + name: "Young GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_young_generation_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Young GC count" + spans: 3 + metricName: "base:gc_young_generation_scavenger_count" + dataType: "raw" + - chart: + name: "Total GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_complete_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Total GC count" + spans: 3 + metricName: "base:gc_complete_scavenger_count" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/nodejs.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/nodejs.yaml new file mode 100755 index 000000000..d772a16c0 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/nodejs.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: nodejs + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Node.js + title: Node.js Metrics + discoverOn: "nodejs_active_handles_total" + items: + - chart: + name: "Active handles" + spans: 4 + metricName: "nodejs_active_handles_total" + dataType: "raw" + - chart: + name: "Active requests" + spans: 4 + metricName: "nodejs_active_requests_total" + dataType: "raw" + - chart: + name: "Event loop lag" + unit: "seconds" + spans: 4 + metricName: "nodejs_eventloop_lag_seconds" + dataType: "raw" + - chart: + name: "Total heap size" + unit: "bytes" + spans: 12 + metricName: "nodejs_heap_space_size_total_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Used heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_used_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Available heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_available_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/quarkus.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/quarkus.yaml new file mode 100755 index 000000000..4fc3e9ac0 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/quarkus.yaml @@ -0,0 +1,32 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: quarkus + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Quarkus Metrics + runtime: Quarkus + items: + - chart: + name: "Thread count" + spans: 4 + metricName: "vendor:thread_count" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_heap_usage_bytes" + dataType: "raw" + - chart: + name: "Used non-heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_non_heap_usage_bytes" + dataType: "raw" + - include: "microprofile-x.y" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml new file mode 100755 index 000000000..2ff4ae576 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Pool Metrics + items: + - include: "micrometer-1.0.6-jvm-pool" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/springboot-jvm.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/springboot-jvm.yaml new file mode 100755 index 000000000..8bd43055b --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/springboot-jvm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Metrics + items: + - include: "micrometer-1.0.6-jvm" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/springboot-tomcat.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/springboot-tomcat.yaml new file mode 100755 index 000000000..4b27aee4f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/springboot-tomcat.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-tomcat + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: Tomcat Metrics + items: + - include: "tomcat" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/thorntail.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/thorntail.yaml new file mode 100755 index 000000000..513488df4 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/thorntail.yaml @@ -0,0 +1,21 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: thorntail + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Thorntail + title: Thorntail Metrics + discoverOn: "vendor:loaded_modules" + items: + - include: "microprofile-1.1" + - chart: + name: "Loaded modules" + spans: 6 + metricName: "vendor:loaded_modules" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/tomcat.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/tomcat.yaml new file mode 100755 index 000000000..28fd7f1cc --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/tomcat.yaml @@ -0,0 +1,66 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: tomcat + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Tomcat + title: Tomcat Metrics + discoverOn: "tomcat_sessions_created_total" + items: + - chart: + name: "Sessions created" + spans: 4 + metricName: "tomcat_sessions_created_total" + dataType: "raw" + - chart: + name: "Active sessions" + spans: 4 + metricName: "tomcat_sessions_active_current" + dataType: "raw" + - chart: + name: "Sessions rejected" + spans: 4 + metricName: "tomcat_sessions_rejected_total" + dataType: "raw" + + - chart: + name: "Bytes sent" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_sent_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Bytes received" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_received_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + + - chart: + name: "Global errors" + spans: 6 + metricName: "tomcat_global_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Servlet errors" + spans: 6 + metricName: "tomcat_servlet_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/vertx-client.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/vertx-client.yaml new file mode 100755 index 000000000..17392d87f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/vertx-client.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-client + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Client Metrics + discoverOn: "vertx_http_client_connections" + items: + - chart: + name: "Client response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_client_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_client_requestCount_total" + dataType: "rate" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client active connections" + spans: 6 + metricName: "vertx_http_client_connections" + dataType: "raw" + - chart: + name: "Client active websockets" + spans: 6 + metricName: "vertx_http_client_wsConnections" + dataType: "raw" + - chart: + name: "Client bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesSent" + dataType: "histogram" + - chart: + name: "Client bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/vertx-eventbus.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/vertx-eventbus.yaml new file mode 100755 index 000000000..fa659b55c --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/vertx-eventbus.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-eventbus + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Eventbus Metrics + discoverOn: "vertx_eventbus_handlers" + items: + - chart: + name: "Event bus handlers" + spans: 6 + metricName: "vertx_eventbus_handlers" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus pending messages" + spans: 6 + metricName: "vertx_eventbus_pending" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus processing time" + unit: "seconds" + spans: 6 + metricName: "vertx_eventbus_processingTime_seconds" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes read" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesRead" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes written" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesWritten" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/vertx-jvm.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/vertx-jvm.yaml new file mode 100755 index 000000000..ac03ea2e0 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/vertx-jvm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: JVM Metrics + items: + - include: "micrometer-1.1-jvm" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/vertx-pool.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/vertx-pool.yaml new file mode 100755 index 000000000..3715e9c10 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/vertx-pool.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Pools Metrics + discoverOn: "vertx_pool_ratio" + items: + - chart: + name: "Usage duration" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_usage_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Usage ratio" + spans: 6 + metricName: "vertx_pool_ratio" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Queue size" + spans: 6 + metricName: "vertx_pool_queue_size" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Time in queue" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_queue_delay_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Resources used" + spans: 6 + metricName: "vertx_pool_inUse" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/vertx-server.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/vertx-server.yaml new file mode 100755 index 000000000..686295468 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/dashboards/vertx-server.yaml @@ -0,0 +1,61 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-server + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Server Metrics + discoverOn: "vertx_http_server_connections" + items: + - chart: + name: "Server response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_server_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_server_requestCount_total" + dataType: "rate" + aggregations: + - label: "code" + displayName: "Error code" + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server active connections" + spans: 6 + metricName: "vertx_http_server_connections" + dataType: "raw" + - chart: + name: "Server active websockets" + spans: 6 + metricName: "vertx_http_server_wsConnections" + dataType: "raw" + - chart: + name: "Server bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesSent" + dataType: "histogram" + - chart: + name: "Server bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/deployment.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/deployment.yaml new file mode 100755 index 000000000..de5ae7ebe --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/deployment.yaml @@ -0,0 +1,174 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.deployment.replicas }} + selector: + matchLabels: + {{- include "kiali-server.selectorLabels" . | nindent 6 }} + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 8 }} + {{- if .Values.deployment.pod_labels }} + {{- toYaml .Values.deployment.pod_labels | nindent 8 }} + {{- end }} + annotations: + {{- if .Values.server.metrics_enabled }} + prometheus.io/scrape: "true" + prometheus.io/port: {{ .Values.server.metrics_port | quote }} + {{- else }} + prometheus.io/scrape: "false" + prometheus.io/port: null + {{- end }} + kiali.io/runtimes: go,kiali + {{- if .Values.deployment.pod_annotations }} + {{- toYaml .Values.deployment.pod_annotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "kiali-server.fullname" . }} + {{- if .Values.deployment.priority_class_name }} + priorityClassName: {{ .Values.deployment.priority_class_name | quote }} + {{- end }} + {{- if .Values.deployment.image_pull_secrets }} + imagePullSecrets: + {{- range .Values.deployment.image_pull_secrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}:{{ .Values.deployment.tag }}" + imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }} + name: {{ include "kiali-server.fullname" . }} + command: + - "/opt/kiali/kiali" + - "-config" + - "/kiali-configuration/config.yaml" + ports: + - name: api-port + containerPort: {{ .Values.server.port | default 20001 }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + containerPort: {{ .Values.server.metrics_port | default 9090 }} + {{- end }} + readinessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + livenessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + env: + - name: ACTIVE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LOG_LEVEL + value: "{{ include "kiali-server.logLevel" . }}" + - name: LOG_FORMAT + value: "{{ .Values.deployment.logger.log_format }}" + - name: LOG_TIME_FIELD_FORMAT + value: "{{ .Values.deployment.logger.time_field_format }}" + - name: LOG_SAMPLER_RATE + value: "{{ .Values.deployment.logger.sampler_rate }}" + volumeMounts: + {{- if .Values.web_root_override }} + - name: kiali-console + subPath: env.js + mountPath: /opt/kiali/console/env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + mountPath: "/kiali-configuration" + - name: {{ include "kiali-server.fullname" . }}-cert + mountPath: "/kiali-cert" + - name: {{ include "kiali-server.fullname" . }}-secret + mountPath: "/kiali-secret" + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + mountPath: "/kiali-cabundle" + {{- end }} + {{- if .Values.deployment.resources }} + resources: + {{- toYaml .Values.deployment.resources | nindent 10 }} + {{- end }} + volumes: + {{- if .Values.web_root_override }} + - name: kiali-console + configMap: + name: kiali-console + items: + - key: env.js + path: env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + configMap: + name: {{ include "kiali-server.fullname" . }} + - name: {{ include "kiali-server.fullname" . }}-cert + secret: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + secretName: {{ include "kiali-server.fullname" . }}-cert-secret + {{- else }} + secretName: istio.{{ include "kiali-server.fullname" . }}-service-account + {{- end }} + {{- if not (include "kiali-server.identity.cert_file" .) }} + optional: true + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-secret + secret: + secretName: {{ .Values.deployment.secret_name }} + optional: true + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + configMap: + name: {{ include "kiali-server.fullname" . }}-cabundle + {{- end }} + {{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.pod) (.Values.deployment.pod_anti)) }} + affinity: + {{- if .Values.deployment.affinity.node }} + nodeAffinity: + {{- toYaml .Values.deployment.affinity.node | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod }} + podAffinity: + {{- toYaml .Values.deployment.affinity.pod | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod_anti }} + podAntiAffinity: + {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }} + {{- end }} + {{- end }} + {{- if .Values.deployment.tolerations }} + tolerations: + {{- toYaml .Values.deployment.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.deployment.node_selector }} + nodeSelector: + {{- toYaml .Values.deployment.node_selector | nindent 8 }} + {{- end }} +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/hpa.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/hpa.yaml new file mode 100755 index 000000000..934c4c1e9 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/hpa.yaml @@ -0,0 +1,17 @@ +{{- if .Values.deployment.hpa.spec }} +--- +apiVersion: {{ .Values.deployment.hpa.api_version }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "kiali-server.fullname" . }} + {{- toYaml .Values.deployment.hpa.spec | nindent 2 }} +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/ingress.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/ingress.yaml new file mode 100755 index 000000000..e4c98db1b --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/ingress.yaml @@ -0,0 +1,40 @@ +{{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} +{{- if .Values.deployment.ingress_enabled }} +--- +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }} + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- else }} + # For ingress-nginx versions older than 0.20.0 use secure-backends. + # (see: https://github.com/kubernetes/ingress-nginx/issues/3416#issuecomment-438247948) + # For ingress-nginx versions 0.20.0 and later use backend-protocol. + {{- if (include "kiali-server.identity.cert_file" .) }} + nginx.ingress.kubernetes.io/secure-backends: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + {{- else }} + nginx.ingress.kubernetes.io/secure-backends: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + {{- end }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + rules: + - http: + paths: + - path: {{ include "kiali-server.server.web_root" . }} + backend: + serviceName: {{ include "kiali-server.fullname" . }} + servicePort: {{ .Values.server.port }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/oauth.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/oauth.yaml new file mode 100755 index 000000000..a178bb85e --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/oauth.yaml @@ -0,0 +1,17 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.kiali_route_url }} +--- +apiVersion: oauth.openshift.io/v1 +kind: OAuthClient +metadata: + name: {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +redirectURIs: +- {{ .Values.kiali_route_url }} +grantMethod: auto +allowAnyScope: true +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/psp.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/psp.yaml new file mode 100755 index 000000000..f891892cc --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/psp.yaml @@ -0,0 +1,67 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "kiali-server.fullname" . }}-psp +subjects: + - kind: ServiceAccount + name: kiali +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: + - policy + resourceNames: + - {{ include "kiali-server.fullname" . }}-psp + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - emptyDir + - projected + - secret + - downwardAPI + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/role-controlplane.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/role-controlplane.yaml new file mode 100755 index 000000000..a22c76756 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/role-controlplane.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - secrets + verbs: + - list +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/role-viewer.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/role-viewer.yaml new file mode 100755 index 000000000..a496c0828 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/role-viewer.yaml @@ -0,0 +1,96 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }}-viewer + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - pods/proxy + - replicationcontrollers + - services + verbs: + - get + - list + - watch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - get + - list + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - get + - list +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/role.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/role.yaml new file mode 100755 index 000000000..bd51e8d5e --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/role.yaml @@ -0,0 +1,107 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - pods/proxy + - replicationcontrollers + - services + verbs: + - get + - list + - patch + - watch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - patch + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - patch + - watch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - patch + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/rolebinding-controlplane.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/rolebinding-controlplane.yaml new file mode 100755 index 000000000..fcd8fd579 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/rolebinding-controlplane.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kiali-controlplane +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/rolebinding.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/rolebinding.yaml new file mode 100755 index 000000000..1eaabd65f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + {{- if .Values.deployment.view_only_mode }} + name: {{ include "kiali-server.fullname" . }}-viewer + {{- else }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/route.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/route.yaml new file mode 100755 index 000000000..27940dc96 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/route.yaml @@ -0,0 +1,30 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.deployment.ingress_enabled }} +# As of OpenShift 4.5, need to use --disable-openapi-validation when installing via Helm +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}} + annotations: + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + tls: + termination: reencrypt + insecureEdgeTerminationPolicy: Redirect + to: + kind: Service + targetPort: {{ .Values.server.port }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/service.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/service.yaml new file mode 100755 index 000000000..69dc395d1 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/service.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + service.beta.openshift.io/serving-cert-secret-name: {{ include "kiali-server.fullname" . }}-cert-secret + {{- end }} + kiali.io/api-spec: https://kiali.io/api + kiali.io/api-type: rest + {{- if .Values.deployment.service_annotations }} + {{- toYaml .Values.deployment.service_annotations | nindent 4 }} + {{- end }} +spec: + {{- if .Values.deployment.service_type }} + type: {{ .Values.deployment.service_type }} + {{- end }} + ports: + {{- if (include "kiali-server.identity.cert_file" .) }} + - name: tcp + {{- else }} + - name: http + {{- end }} + protocol: TCP + port: {{ .Values.server.port }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + protocol: TCP + port: {{ .Values.server.metrics_port }} + {{- end }} + selector: + {{- include "kiali-server.selectorLabels" . | nindent 4 }} + {{- if .Values.deployment.additional_service_yaml }} + {{- toYaml .Values.deployment.additional_service_yaml | nindent 2 }} + {{- end }} +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/serviceaccount.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/serviceaccount.yaml new file mode 100755 index 000000000..9151b6f6a --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/serviceaccount.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/validate-install-crd.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/validate-install-crd.yaml new file mode 100755 index 000000000..b42eeb266 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/validate-install-crd.yaml @@ -0,0 +1,14 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "monitoring.kiali.io/v1alpha1/MonitoringDashboard" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/web-root-configmap.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/web-root-configmap.yaml new file mode 100755 index 000000000..970d4e4f5 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/templates/web-root-configmap.yaml @@ -0,0 +1,12 @@ +{{- if .Values.web_root_override }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: kiali-console + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + env.js: | + window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:kiali:20001/proxy/kiali'; +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/values.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/values.yaml new file mode 100755 index 000000000..39255bc38 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/kiali/values.yaml @@ -0,0 +1,93 @@ +nameOverride: "kiali" +fullnameOverride: "kiali" + +# This is required for "openshift" auth strategy. +# You have to know ahead of time what your Route URL will be because +# right now the helm chart can't figure this out at runtime (it would +# need to wait for the Kiali Route to be deployed and for OpenShift +# to start it up). If someone knows how to update this helm chart to +# do this, a PR would be welcome. +kiali_route_url: "" + +# rancher specific override that allows proxy access to kiali url +web_root_override: true + +# +# Settings that mimic the Kiali CR which are placed in the ConfigMap. +# Note that only those values used by the Helm Chart will be here. +# + +istio_namespace: "" # default is where Kiali is installed + +auth: + openid: {} + openshift: {} + strategy: "" + +deployment: + # This only limits what Kiali will attempt to see, but Kiali Service Account has permissions to see everything. + # For more control over what the Kial Service Account can see, use the Kiali Operator + accessible_namespaces: + - "**" + additional_service_yaml: {} + affinity: + node: {} + pod: {} + pod_anti: {} + custom_dashboards: + excludes: [''] + includes: ['*'] + hpa: + api_version: "autoscaling/v2beta2" + spec: {} + repository: rancher/mirrored-kiali-kiali + image_pull_policy: "Always" + image_pull_secrets: [] + tag: v1.29.0 + ingress_enabled: true + logger: + log_format: "text" + log_level: "info" + time_field_format: "2006-01-02T15:04:05Z07:00" + sampler_rate: "1" + node_selector: {} + override_ingress_yaml: + metadata: {} + pod_annotations: {} + pod_labels: {} + priority_class_name: "" + replicas: 1 + resources: {} + secret_name: "kiali" + service_annotations: {} + service_type: "" + tolerations: [] + version_label: v1.29.0 + view_only_mode: false + +external_services: + custom_dashboards: + enabled: true + +identity: {} + #cert_file: + #private_key_file: + +login_token: + signing_key: "" + +server: + port: 20001 + metrics_enabled: true + metrics_port: 9090 + web_root: "" + +# Common settings used among istio subcharts. +global: + # Specify rancher clusterId of external tracing config + # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 + cattle: + systemDefaultRegistry: "" + clusterId: + rbac: + pspEnabled: false diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/.helmignore b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/Chart.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/Chart.yaml new file mode 100755 index 000000000..6e368616d --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/Chart.yaml @@ -0,0 +1,12 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: istio-system + catalog.rancher.io/release-name: rancher-tracing +apiVersion: v1 +appVersion: 1.20.0 +description: A quick start Jaeger Tracing installation using the all-in-one demo. + This is not production qualified. Refer to https://www.jaegertracing.io/ for details. +name: tracing +version: 1.20.1 diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/README.md b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/README.md new file mode 100755 index 000000000..25534c628 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/README.md @@ -0,0 +1,5 @@ +# Jaeger + +A Rancher chart based on the Jaeger all-in-one quick installation option. This chart will allow you to trace and monitor distributed microservices. + +> **Note:** The basic all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io) documentation to determine which installation you will need for your production needs. diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/_affinity.tpl b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/_affinity.tpl new file mode 100755 index 000000000..bf6a9aee5 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/_affinity.tpl @@ -0,0 +1,92 @@ +{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} +{{- define "nodeAffinity" }} + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + {{- include "nodeAffinityRequiredDuringScheduling" . }} + preferredDuringSchedulingIgnoredDuringExecution: + {{- include "nodeAffinityPreferredDuringScheduling" . }} +{{- end }} + +{{- define "nodeAffinityRequiredDuringScheduling" }} + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + {{- range $key, $val := .Values.global.arch }} + {{- if gt ($val | int) 0 }} + - {{ $key | quote }} + {{- end }} + {{- end }} + {{- $nodeSelector := default .Values.global.defaultNodeSelector .Values.nodeSelector -}} + {{- range $key, $val := $nodeSelector }} + - key: {{ $key }} + operator: In + values: + - {{ $val | quote }} + {{- end }} +{{- end }} + +{{- define "nodeAffinityPreferredDuringScheduling" }} + {{- range $key, $val := .Values.global.arch }} + {{- if gt ($val | int) 0 }} + - weight: {{ $val | int }} + preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - {{ $key | quote }} + {{- end }} + {{- end }} +{{- end }} + +{{- define "podAntiAffinity" }} +{{- if or .Values.podAntiAffinityLabelSelector .Values.podAntiAffinityTermLabelSelector}} + podAntiAffinity: + {{- if .Values.podAntiAffinityLabelSelector }} + requiredDuringSchedulingIgnoredDuringExecution: + {{- include "podAntiAffinityRequiredDuringScheduling" . }} + {{- end }} + {{- if or .Values.podAntiAffinityTermLabelSelector}} + preferredDuringSchedulingIgnoredDuringExecution: + {{- include "podAntiAffinityPreferredDuringScheduling" . }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "podAntiAffinityRequiredDuringScheduling" }} + {{- range $index, $item := .Values.podAntiAffinityLabelSelector }} + - labelSelector: + matchExpressions: + - key: {{ $item.key }} + operator: {{ $item.operator }} + {{- if $item.values }} + values: + {{- $vals := split "," $item.values }} + {{- range $i, $v := $vals }} + - {{ $v | quote }} + {{- end }} + {{- end }} + topologyKey: {{ $item.topologyKey }} + {{- end }} +{{- end }} + +{{- define "podAntiAffinityPreferredDuringScheduling" }} + {{- range $index, $item := .Values.podAntiAffinityTermLabelSelector }} + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: {{ $item.key }} + operator: {{ $item.operator }} + {{- if $item.values }} + values: + {{- $vals := split "," $item.values }} + {{- range $i, $v := $vals }} + - {{ $v | quote }} + {{- end }} + {{- end }} + topologyKey: {{ $item.topologyKey }} + weight: 100 + {{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/_helpers.tpl b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/_helpers.tpl new file mode 100755 index 000000000..56cfa7335 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "tracing.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "tracing.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/deployment.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/deployment.yaml new file mode 100755 index 000000000..25bb67fd3 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/deployment.yaml @@ -0,0 +1,86 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + selector: + matchLabels: + app: {{ .Values.provider }} + template: + metadata: + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + annotations: + sidecar.istio.io/inject: "false" + prometheus.io/scrape: "true" + prometheus.io/port: "14269" +{{- if .Values.jaeger.podAnnotations }} +{{ toYaml .Values.jaeger.podAnnotations | indent 8 }} +{{- end }} + spec: + containers: + - name: jaeger + image: "{{ template "system_default_registry" . }}{{ .Values.jaeger.repository }}:{{ .Values.jaeger.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + env: + {{- if eq .Values.jaeger.spanStorageType "badger" }} + - name: BADGER_EPHEMERAL + value: "false" + - name: SPAN_STORAGE_TYPE + value: "badger" + - name: BADGER_DIRECTORY_VALUE + value: "/badger/data" + - name: BADGER_DIRECTORY_KEY + value: "/badger/key" + {{- end }} + - name: COLLECTOR_ZIPKIN_HTTP_PORT + value: "9411" + - name: MEMORY_MAX_TRACES + value: "{{ .Values.jaeger.memory.max_traces }}" + - name: QUERY_BASE_PATH + value: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} + livenessProbe: + httpGet: + path: / + port: 14269 + readinessProbe: + httpGet: + path: / + port: 14269 +{{- if eq .Values.jaeger.spanStorageType "badger" }} + volumeMounts: + - name: data + mountPath: /badger +{{- end }} + resources: +{{- if .Values.jaeger.resources }} +{{ toYaml .Values.jaeger.resources | indent 12 }} +{{- else }} +{{ toYaml .Values.global.defaultResources | indent 12 }} +{{- end }} + affinity: + {{- include "nodeAffinity" . | indent 6 }} + {{- include "podAntiAffinity" . | indent 6 }} + {{- if .Values.global.rbac.pspEnabled }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + serviceAccountName: {{ include "tracing.fullname" . }} + {{- end }} +{{- if eq .Values.jaeger.spanStorageType "badger" }} + volumes: + - name: data +{{- if .Values.jaeger.persistentVolumeClaim.enabled }} + persistentVolumeClaim: + claimName: istio-jaeger-pvc +{{- else }} + emptyDir: {} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/psp.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/psp.yaml new file mode 100755 index 000000000..44b230492 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/psp.yaml @@ -0,0 +1,86 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "tracing.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ include "tracing.fullname" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +rules: +- apiGroups: + - policy + resourceNames: + - {{ include "tracing.fullname" . }} + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - emptyDir + - secret + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/pvc.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/pvc.yaml new file mode 100755 index 000000000..9b4c55e4f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/pvc.yaml @@ -0,0 +1,16 @@ +{{- if .Values.jaeger.persistentVolumeClaim.enabled }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: istio-jaeger-pvc + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} +spec: + storageClassName: {{ .Values.jaeger.storageClassName }} + accessModes: + - {{ .Values.jaeger.accessMode }} + resources: + requests: + storage: {{.Values.jaeger.persistentVolumeClaim.storage }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/service.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/service.yaml new file mode 100755 index 000000000..4210a9b5f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/templates/service.yaml @@ -0,0 +1,63 @@ +apiVersion: v1 +kind: Service +metadata: + name: tracing + namespace: {{ .Release.Namespace }} + annotations: + {{- range $key, $val := .Values.service.annotations }} + {{ $key }}: {{ $val | quote }} + {{- end }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + type: {{ .Values.service.type }} + ports: + - name: {{ .Values.service.name }} + port: {{ .Values.service.externalPort }} + protocol: TCP + targetPort: 16686 + selector: + app: {{ .Values.provider }} +--- +# Jaeger implements the Zipkin API. To support swapping out the tracing backend, we use a Service named Zipkin. +apiVersion: v1 +kind: Service +metadata: + name: zipkin + namespace: {{ .Release.Namespace }} + labels: + name: zipkin + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + ports: + - name: {{ .Values.service.name }} + port: {{ .Values.zipkin.queryPort }} + targetPort: {{ .Values.zipkin.queryPort }} + selector: + app: {{ .Values.provider }} +--- +apiVersion: v1 +kind: Service +metadata: + name: jaeger-collector + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + type: ClusterIP + ports: + - name: jaeger-collector-http + port: 14268 + targetPort: 14268 + protocol: TCP + - name: jaeger-collector-grpc + port: 14250 + targetPort: 14250 + protocol: TCP + selector: + app: {{ .Values.provider }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/values.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/values.yaml new file mode 100755 index 000000000..18ff81c3c --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/charts/tracing/values.yaml @@ -0,0 +1,44 @@ +provider: jaeger +contextPath: "" +nodeSelector: {} +podAntiAffinityLabelSelector: [] +podAntiAffinityTermLabelSelector: [] +nameOverride: "" +fullnameOverride: "" + +global: + cattle: + systemDefaultRegistry: "" + defaultResources: {} + imagePullPolicy: IfNotPresent + imagePullSecrets: [] + arch: + amd64: 2 + s390x: 2 + ppc64le: 2 + defaultNodeSelector: {} + rbac: + pspEnabled: false + +jaeger: + repository: rancher/mirrored-jaegertracing-all-in-one + tag: 1.20.0 + # spanStorageType value can be "memory" and "badger" for all-in-one image + spanStorageType: badger + resources: + requests: + cpu: 10m + persistentVolumeClaim: + enabled: false + storage: 5Gi + storageClassName: "" + accessMode: ReadWriteMany + memory: + max_traces: 50000 +zipkin: + queryPort: 9411 +service: + annotations: {} + name: http-query + type: ClusterIP + externalPort: 16686 diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/configs/istio-base.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/configs/istio-base.yaml new file mode 100755 index 000000000..c484f5988 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/configs/istio-base.yaml @@ -0,0 +1,85 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + addonComponents: + istiocoredns: + enabled: {{ .Values.istiocoredns.enabled }} + components: + base: + enabled: {{ .Values.base.enabled }} + cni: + enabled: {{ .Values.cni.enabled }} + egressGateways: + - enabled: {{ .Values.egressGateways.enabled }} + name: istio-egressgateway + ingressGateways: + - enabled: {{ .Values.ingressGateways.enabled }} + name: istio-ingressgateway + k8s: + service: + ports: + - name: status-port + port: 15021 + targetPort: 15021 + - name: http2 + port: 80 + targetPort: 8080 + nodePort: 31380 + - name: https + port: 443 + targetPort: 8443 + nodePort: 31390 + - name: tcp + port: 31400 + targetPort: 31400 + nodePort: 31400 + - name: tls + port: 15443 + targetPort: 15443 + istiodRemote: + enabled: {{ .Values.istiodRemote.enabled }} + pilot: + enabled: {{ .Values.pilot.enabled }} + hub: {{ .Values.systemDefaultRegistry | default "docker.io" }} + profile: default + tag: {{ .Values.tag }} + revision: {{ .Values.revision }} + meshConfig: + enablePrometheusMerge: {{ .Values.meshConfig.enablePrometheusMerge }} + values: + gateways: + istio-egressgateway: + name: istio-egressgateway + type: {{ .Values.egressGateways.type }} + istio-ingressgateway: + name: istio-ingressgateway + type: {{ .Values.ingressGateways.type }} + global: + istioNamespace: {{ template "istio.namespace" . }} + proxy: + image: {{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }} + proxy_init: + image: {{ template "system_default_registry" . }}{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }} + {{- if .Values.global.defaultPodDisruptionBudget.enabled }} + defaultPodDisruptionBudget: + enabled: {{ .Values.global.defaultPodDisruptionBudget.enabled }} + {{- end }} + istiocoredns: + coreDNSImage: {{ template "system_default_registry" . }}{{ .Values.istiocoredns.image.repository }} + coreDNSPluginImage: {{ template "system_default_registry" . }}{{ .Values.istiocoredns.pluginImage.repository }}:{{ .Values.istiocoredns.pluginImage.tag }} + coreDNSTag: {{ .Values.istiocoredns.image.tag }} + {{- if .Values.pilot.enabled }} + pilot: + image: {{ template "system_default_registry" . }}{{ .Values.pilot.repository }}:{{ .Values.pilot.tag }} + {{- end }} + telemetry: + enabled: {{ .Values.telemetry.enabled }} + v2: + enabled: {{ .Values.telemetry.v2.enabled }} + {{- if .Values.cni.enabled }} + cni: + image: {{ template "system_default_registry" . }}{{ .Values.cni.repository }}:{{ .Values.cni.tag }} + excludeNamespaces: + {{- toYaml .Values.cni.excludeNamespaces | nindent 8 }} + logLevel: {{ .Values.cni.logLevel }} + {{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/requirements.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/requirements.yaml new file mode 100755 index 000000000..b60745780 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/requirements.yaml @@ -0,0 +1,17 @@ +dependencies: +- name: kiali + version: "" + repository: file://./charts/kiali + condition: kiali.enabled + tags: [] + enabled: false + importvalues: [] + alias: "" +- name: tracing + version: "" + repository: file://./charts/tracing + condition: tracing.enabled + tags: [] + enabled: false + importvalues: [] + alias: "" diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/samples/overlay-example.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/samples/overlay-example.yaml new file mode 100755 index 000000000..5cf3cf3b0 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/samples/overlay-example.yaml @@ -0,0 +1,37 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + components: + ingressGateways: + - enabled: true + name: ilb-gateway + namespace: user-ingressgateway-ns + k8s: + resources: + requests: + cpu: 200m + service: + ports: + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns + port: 5353 + serviceAnnotations: + cloud.google.com/load-balancer-type: internal + - enabled: true + name: other-gateway + namespace: cattle-istio-system + k8s: + resources: + requests: + cpu: 200m + service: + ports: + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns + port: 5353 + serviceAnnotations: + cloud.google.com/load-balancer-type: internal diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/_helpers.tpl b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/_helpers.tpl new file mode 100755 index 000000000..3f7af953a --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/_helpers.tpl @@ -0,0 +1,12 @@ +{{/* Ensure namespace is set the same everywhere */}} +{{- define "istio.namespace" -}} + {{- .Release.Namespace | default "istio-system" -}} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/admin-role.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/admin-role.yaml new file mode 100755 index 000000000..ad1313c4f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/admin-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + name: istio-admin + namespace: {{ template "istio.namespace" . }} +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: + - '*' + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: + - '*' diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/base-config-map.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/base-config-map.yaml new file mode 100755 index 000000000..5323917bc --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/base-config-map.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-installer-base + namespace: {{ template "istio.namespace" . }} +data: +{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/clusterrole.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/clusterrole.yaml new file mode 100755 index 000000000..a93b3df95 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/clusterrole.yaml @@ -0,0 +1,120 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istio-installer +rules: +# istio groups +- apiGroups: + - authentication.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - config.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - install.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - rbac.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - security.istio.io + resources: + - '*' + verbs: + - '*' +# k8s groups +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions.apiextensions.k8s.io + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - apps + - extensions + resources: + - daemonsets + - deployments + - deployments/finalizers + - ingresses + - replicasets + - statefulsets + verbs: + - '*' +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - '*' +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - roles + - rolebindings + verbs: + - '*' +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - namespaces + - pods + - pods/exec + - persistentvolumeclaims + - secrets + - services + - serviceaccounts + verbs: + - '*' +- apiGroups: + - policy + resourceNames: + - istio-installer + resources: + - podsecuritypolicies + verbs: + - use diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/clusterrolebinding.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..9d74a0434 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: istio-installer +subjects: +- kind: ServiceAccount + name: istio-installer + namespace: {{ template "istio.namespace" . }} +roleRef: + kind: ClusterRole + name: istio-installer + apiGroup: rbac.authorization.k8s.io diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/edit-role.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/edit-role.yaml new file mode 100755 index 000000000..d1059d58d --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/edit-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + namespace: {{ template "istio.namespace" . }} + name: istio-edit +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: + - '*' + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: + - '*' diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/istio-cni-psp.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/istio-cni-psp.yaml new file mode 100755 index 000000000..5b94c8503 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/istio-cni-psp.yaml @@ -0,0 +1,51 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: psp-istio-cni + namespace: {{ template "istio.namespace" . }} +spec: + allowPrivilegeEscalation: true + fsGroup: + rule: RunAsAny + hostNetwork: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - secret + - configMap + - emptyDir + - hostPath +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: psp-istio-cni + namespace: {{ template "istio.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: psp-istio-cni +subjects: + - kind: ServiceAccount + name: istio-cni +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: psp-istio-cni + namespace: {{ template "istio.namespace" . }} +rules: +- apiGroups: + - policy + resourceNames: + - psp-istio-cni + resources: + - podsecuritypolicies + verbs: + - use +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/istio-install-job.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/istio-install-job.yaml new file mode 100755 index 000000000..9a13f5698 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/istio-install-job.yaml @@ -0,0 +1,50 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: istioctl-installer + namespace: {{ template "istio.namespace" . }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + backoffLimit: 1 + template: + spec: + containers: + - name: istioctl-installer + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} + env: + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: ISTIO_NAMESPACE + value: {{ template "istio.namespace" . }} + - name: FORCE_INSTALL + value: {{ .Values.forceInstall | default "false" | quote }} + command: ["/bin/sh","-c"] + args: ["/usr/local/app/scripts/run.sh"] + volumeMounts: + - name: config-volume + mountPath: /app/istio-base.yaml + subPath: istio-base.yaml + {{- if .Values.overlayFile }} + - name: overlay-volume + mountPath: /app/overlay-config.yaml + subPath: overlay-config.yaml + {{- end }} + volumes: + - name: config-volume + configMap: + name: istio-installer-base + {{- if .Values.overlayFile }} + - name: overlay-volume + configMap: + name: istio-installer-overlay + {{- end }} + serviceAccountName: istio-installer + {{- if .Values.global.rbac.pspEnabled }} + securityContext: + runAsUser: 101 + runAsGroup: 101 + {{- end }} + restartPolicy: Never diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/istio-install-psp.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/istio-install-psp.yaml new file mode 100755 index 000000000..f0b5ee565 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/istio-install-psp.yaml @@ -0,0 +1,30 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: istio-installer + namespace: {{ template "istio.namespace" . }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'configMap' + - 'secret' +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/istio-psp.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/istio-psp.yaml new file mode 100755 index 000000000..b3758b74f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/istio-psp.yaml @@ -0,0 +1,81 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: istio-psp + namespace: {{ template "istio.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: istio-psp +subjects: + - kind: ServiceAccount + name: istio-egressgateway-service-account + - kind: ServiceAccount + name: istio-ingressgateway-service-account + - kind: ServiceAccount + name: istio-mixer-service-account + - kind: ServiceAccount + name: istio-operator-authproxy + - kind: ServiceAccount + name: istiod-service-account + - kind: ServiceAccount + name: istio-sidecar-injector-service-account + - kind: ServiceAccount + name: istiocoredns-service-account + - kind: ServiceAccount + name: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: istio-psp + namespace: {{ template "istio.namespace" . }} +rules: +- apiGroups: + - policy + resourceNames: + - istio-psp + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: istio-psp + namespace: {{ template "istio.namespace" . }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - emptyDir + - projected + - secret + - downwardAPI + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/istio-uninstall-job.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/istio-uninstall-job.yaml new file mode 100755 index 000000000..a7f156325 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/istio-uninstall-job.yaml @@ -0,0 +1,45 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: istioctl-uninstaller + namespace: {{ template "istio.namespace" . }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + spec: + containers: + - name: istioctl-uninstaller + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} + env: + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: ISTIO_NAMESPACE + value: {{ template "istio.namespace" . }} + command: ["/bin/sh","-c"] + args: ["/usr/local/app/scripts/uninstall_istio_system.sh"] + volumeMounts: + - name: config-volume + mountPath: /app/istio-base.yaml + subPath: istio-base.yaml + {{- if .Values.overlayFile }} + - name: overlay-volume + mountPath: /app/overlay-config.yaml + subPath: overlay-config.yaml + {{ end }} + volumes: + - name: config-volume + configMap: + name: istio-installer-base + {{- if .Values.overlayFile }} + - name: overlay-volume + configMap: + name: istio-installer-overlay + {{ end }} + serviceAccountName: istio-installer + securityContext: + runAsUser: 101 + runAsGroup: 101 + restartPolicy: OnFailure diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/overlay-config-map.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/overlay-config-map.yaml new file mode 100755 index 000000000..287d26b2c --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/overlay-config-map.yaml @@ -0,0 +1,9 @@ +{{- if .Values.overlayFile }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-installer-overlay + namespace: {{ template "istio.namespace" . }} +data: + overlay-config.yaml: {{ toYaml .Values.overlayFile | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/service-monitors.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/service-monitors.yaml new file mode 100755 index 000000000..c3d60c4fc --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/service-monitors.yaml @@ -0,0 +1,51 @@ +{{- if .Values.kiali.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: envoy-stats-monitor + namespace: {{ template "istio.namespace" . }} + labels: + monitoring: istio-proxies +spec: + selector: + matchExpressions: + - {key: istio-prometheus-ignore, operator: DoesNotExist} + namespaceSelector: + any: true + jobLabel: envoy-stats + endpoints: + - path: /stats/prometheus + targetPort: 15090 + interval: 15s + relabelings: + - sourceLabels: [__meta_kubernetes_pod_container_port_name] + action: keep + regex: '.*-envoy-prom' + - action: labeldrop + regex: "__meta_kubernetes_pod_label_(.+)" + - sourceLabels: [__meta_kubernetes_namespace] + action: replace + targetLabel: namespace + - sourceLabels: [__meta_kubernetes_pod_name] + action: replace + targetLabel: pod_name +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: istio-component-monitor + namespace: {{ template "istio.namespace" . }} + labels: + monitoring: istio-components +spec: + jobLabel: istio + targetLabels: [app] + selector: + matchExpressions: + - {key: istio, operator: In, values: [pilot]} + namespaceSelector: + any: true + endpoints: + - port: http-monitoring + interval: 15s +{{- end -}} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/serviceaccount.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/serviceaccount.yaml new file mode 100755 index 000000000..82b6cbb7e --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: istio-installer + namespace: {{ template "istio.namespace" . }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/view-role.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/view-role.yaml new file mode 100755 index 000000000..5947d3eba --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/templates/view-role.yaml @@ -0,0 +1,41 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + namespace: {{ template "istio.namespace" . }} + name: istio-view +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: ["get", "watch", "list"] + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: ["get", "watch", "list"] diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/values.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/values.yaml new file mode 100755 index 000000000..94ab4b032 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.301/values.yaml @@ -0,0 +1,94 @@ +overlayFile: "" +tag: 1.8.3 +##Setting forceInstall: true will remove the check for istio version < 1.6.x and will not analyze your install cluster prior to install +forceInstall: false + +installer: + repository: rancher/istio-installer + tag: 1.8.3-rancher1 + +istiocoredns: + enabled: false + image: + repository: rancher/mirrored-coredns-coredns + tag: 1.6.2 + pluginImage: + repository: rancher/mirrored-istio-coredns-plugin + tag: 0.2-istio-1.1 + +base: + enabled: true + +cni: + enabled: false + repository: rancher/mirrored-istio-install-cni + tag: 1.8.3 + logLevel: info + excludeNamespaces: + - istio-system + - kube-system + +egressGateways: + enabled: false + type: NodePort + +ingressGateways: + enabled: true + type: NodePort + +istiodRemote: + enabled: false + +pilot: + enabled: true + repository: rancher/mirrored-istio-pilot + tag: 1.8.3 + +telemetry: + enabled: true + v2: + enabled: true + +global: + cattle: + systemDefaultRegistry: "" + proxy: + repository: rancher/mirrored-istio-proxyv2 + tag: 1.8.3 + proxy_init: + repository: rancher/mirrored-istio-proxyv2 + tag: 1.8.3 + defaultPodDisruptionBudget: + enabled: true + rbac: + pspEnabled: false + +# this can be removed in 1.7 as it is default +meshConfig: + enablePrometheusMerge: true + +# Kiali subchart from rancher-kiali-server +kiali: + enabled: true + auth: + strategy: anonymous + deployment: + ingress_enabled: false + repository: rancher/mirrored-kiali-kiali + tag: v1.29.0 + external_services: + prometheus: + custom_metrics_url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" + url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" + tracing: + in_cluster_url: "http://tracing.istio-system.svc:16686/jaeger" + grafana: + in_cluster_url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80" + url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80" + +tracing: + enabled: false + contextPath: "/jaeger" + jaeger: + repository: rancher/mirrored-jaegertracing-all-in-one + tag: 1.20.0 diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/Chart.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/Chart.yaml new file mode 100755 index 000000000..d420915c8 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/Chart.yaml @@ -0,0 +1,21 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.32.100 + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Istio + catalog.cattle.io/namespace: istio-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1 + catalog.cattle.io/release-name: rancher-istio + catalog.cattle.io/requests-cpu: 710m + catalog.cattle.io/requests-memory: 2314Mi + catalog.cattle.io/ui-component: istio +apiVersion: v1 +appVersion: 1.8.4 +description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ + for details. +icon: https://charts.rancher.io/assets/logos/istio.svg +keywords: +- networking +- infrastructure +name: rancher-istio +version: 1.8.400 diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/README.md b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/README.md new file mode 100755 index 000000000..199e45312 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/README.md @@ -0,0 +1,69 @@ +# Rancher Istio Installers + +A Rancher created chart that packages the istioctl binary to install via a helm chart. + +# Installation Requirements + +## Chart Dependencies +- rancher-kiali-server-crd chart + +# Uninstallation Requirements +To ensure rancher-istio uninstalls correctly, you must uninstall rancher-istio prior to uninstalling chart dependencies (see installation requirements for chart dependencies). This is because all definitions need to be available in order to properly build the rancher-istio objects for removal. + +If you remove dependent CRD charts prior to removing rancher-istio, you may encounter the following error:: + +`Error: uninstallation completed with 1 error(s): unable to build kubernetes objects for delete: unable to recognize "": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"` + +# Addons + +## Kiali + +Kiali allows you to view and manage your istio-based service mesh through an easy to use dashboard. + +#### Dependencies +- rancher-monitoring chart or other Prometheus installation + +This dependecy installs the required CRDs for installing Kiali. Since Kiali is bundled in with Istio in this chart, if you do not have these dependencies installed, your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` when installing Istio for a succesful installation. + +> **Note:** The following configuration options assume you have installed the dependecies for Kiali. Please ensure you have Promtheus in your cluster before proceeding. + +The Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. + +To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. + +1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. +1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. + +#### External Services + +##### Prometheus +The `kiali.external_services.prometheus` url is set in the values.yaml: +``` +http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} +``` +The url depends on the default values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` being set in your rancher-monitoring or other monitoring instance. + +##### Grafana +The `kiali.external_services.grafana` url is set in the values.yaml: +``` +http://{{ .Values.nameOverride }}-grafana.{{ .Values.namespaceOverride }}.svc:{{ grafana.service.port }} +``` +The url depends on the default values for `nameOverride`, `namespaceOverride`, and `grafana.service.port` being set in your rancher-monitoring or other monitoring instance. + +##### Tracing +The `kiali.external_services.tracing` url and `.Values.tracing.contextPath` is set in the rancher-istio values.yaml: +``` +http://tracing.{{ .Values.namespaceOverride }}.svc:{{ .Values.service.externalPort }}/{{ .Values.tracing.contextPath }} +``` +The url depends on the default values for `namespaceOverride`, and `.Values.service.externalPort` being set in your rancher-tracing or other tracing instance. + +## Jaeger + +Jaeger allows you to trace and monitor distributed microservices. + +> **Note:** This addon is using the all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io/docs/1.21/getting-started/) documentation to determine which installation you will need for your production needs. + +# Installation +``` +helm install rancher-istio . --create-namespace -n istio-system +``` \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/app-readme.md b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/app-readme.md new file mode 100755 index 000000000..0e42df083 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/app-readme.md @@ -0,0 +1,45 @@ +# Rancher Istio + +Our [Istio](https://istio.io/) installer wraps the istioctl binary commands in a handy helm chart, including an overlay file option to allow complex customization. It also includes: +* **[Kiali](https://kiali.io/)**: Used for graphing traffic flow throughout the mesh +* **[Jaeger](https://www.jaegertracing.io/)**: A quick start, all-in-one installation used for tracing distributed systemm. This is not production qualified, please refer to jaeger documentation to determine which installation you may need instead. + +### Dependencies + +**Rancher Monitoring or other Prometheus installation** + +The Prometheus CRDs are required for installing Kiali which is enabled by default. If you do not have Prometheus installed your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` to bypass this requirement. + +### Customization + +**Rancher Monitoring** + +The Rancher Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. + +To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. + +1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. +1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. + +**Custom Prometheus Installation with Kiali** + +To use a custom Monitoring installation, set the `kiali.external_services.prometheus` url in the values.yaml. This url depends on the values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` in your rancher-monitoring or other monitoring instance: +``` +http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} +``` +**Custom Grafana Installation with Kiali** + +To use a custom Grafana installation, set the `kiali.external_services.grafana` url in the values.yaml. This url depends on the values for `nameOverride`, `namespaceOverride`, and `granfa.service.port` in your rancher-monitoring or other grafana instance: +``` +http://{{ .Values.nameOverride }}-grafana.{{ .Values.namespaceOverride }}.svc:{{ grafana.service.port }} +``` +**Custom Tracing Installation with Kiali** + +To use a custom Tracing installation, set the `kiali.external_services.tracing` url and update the `.Values.tracing.contextPath` in the rancher-istio values.yaml. + +This url depends on the values for `namespaceOverride`, and `.Values.service.externalPort` in your rancher-tracing or other tracing instance.: +``` +http://tracing.{{ .Values.namespaceOverride }}.svc:{{ .Values.service.externalPort }}/{{ .Values.tracing.contextPath }} +``` + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/istio/v2.5/). diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/Chart.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/Chart.yaml new file mode 100755 index 000000000..9b6fdf385 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/Chart.yaml @@ -0,0 +1,31 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=match + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 + catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 + catalog.rancher.io/namespace: cattle-istio-system + catalog.rancher.io/release-name: rancher-kiali-server +apiVersion: v2 +appVersion: v1.32.0 +description: Kiali is an open source project for service mesh observability, refer + to https://www.kiali.io for details. This is installed as sub-chart with customized + values in Rancher's Istio. +home: https://github.com/kiali/kiali +icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png +keywords: +- istio +- kiali +- networking +- infrastructure +maintainers: +- email: kiali-users@googlegroups.com + name: Kiali + url: https://kiali.io +name: kiali +sources: +- https://github.com/kiali/kiali +- https://github.com/kiali/kiali-ui +- https://github.com/kiali/kiali-operator +- https://github.com/kiali/helm-charts +version: 1.32.1 diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/NOTES.txt b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/NOTES.txt new file mode 100755 index 000000000..751019401 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/NOTES.txt @@ -0,0 +1,5 @@ +Welcome to Kiali! For more details on Kiali, see: https://kiali.io + +The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon. + +(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}]) diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/_helpers.tpl b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/_helpers.tpl new file mode 100755 index 000000000..dd33bbe48 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/_helpers.tpl @@ -0,0 +1,192 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "kiali-server.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kiali-server.fullname" -}} +{{- if .Values.fullnameOverride }} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} + {{- $name := default .Chart.Name .Values.nameOverride }} + {{- printf "%s" $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kiali-server.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Identifies the log_level with the old verbose_mode and the new log_level considered. +*/}} +{{- define "kiali-server.logLevel" -}} +{{- if .Values.deployment.verbose_mode -}} +{{- .Values.deployment.verbose_mode -}} +{{- else -}} +{{- .Values.deployment.logger.log_level -}} +{{- end -}} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kiali-server.labels" -}} +helm.sh/chart: {{ include "kiali-server.chart" . }} +app: {{ include "kiali-server.name" . }} +{{ include "kiali-server.selectorLabels" . }} +version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/part-of: "kiali" +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kiali-server.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kiali-server.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Used to determine if a custom dashboard (defined in .Template.Name) should be deployed. +*/}} +{{- define "kiali-server.isDashboardEnabled" -}} +{{- if .Values.external_services.custom_dashboards.enabled }} + {{- $includere := "" }} + {{- range $_, $s := .Values.deployment.custom_dashboards.includes }} + {{- if $s }} + {{- if $includere }} + {{- $includere = printf "%s|^%s$" $includere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $includere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} + {{- end }} + {{- $excludere := "" }} + {{- range $_, $s := .Values.deployment.custom_dashboards.excludes }} + {{- if $s }} + {{- if $excludere }} + {{- $excludere = printf "%s|^%s$" $excludere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $excludere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} + {{- end }} + {{- if (and (mustRegexMatch (default "no-matches" $includere) (base .Template.Name)) (not (mustRegexMatch (default "no-matches" $excludere) (base .Template.Name)))) }} + {{- print "enabled" }} + {{- else }} + {{- print "" }} + {{- end }} +{{- else }} + {{- print "" }} +{{- end }} +{{- end }} + +{{/* +Determine the default login token signing key. +*/}} +{{- define "kiali-server.login_token.signing_key" -}} +{{- if .Values.login_token.signing_key }} + {{- .Values.login_token.signing_key }} +{{- else }} + {{- randAlphaNum 16 }} +{{- end }} +{{- end }} + +{{/* +Determine the default web root. +*/}} +{{- define "kiali-server.server.web_root" -}} +{{- if .Values.server.web_root }} + {{- .Values.server.web_root | trimSuffix "/" }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/" }} + {{- else }} + {{- "/kiali" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity cert file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.cert_file" -}} +{{- if hasKey .Values.identity "cert_file" }} + {{- .Values.identity.cert_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.crt" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity private key file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.private_key_file" -}} +{{- if hasKey .Values.identity "private_key_file" }} + {{- .Values.identity.private_key_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.key" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the istio namespace - default is where Kiali is installed. +*/}} +{{- define "kiali-server.istio_namespace" -}} +{{- if .Values.istio_namespace }} + {{- .Values.istio_namespace }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} + +{{/* +Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift. +*/}} +{{- define "kiali-server.auth.strategy" -}} +{{- if .Values.auth.strategy }} + {{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }} + {{- end }} + {{- .Values.auth.strategy }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- if not .Values.kiali_route_url }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }} + {{- end }} + {{- "openshift" }} + {{- else }} + {{- "token" }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/cabundle.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/cabundle.yaml new file mode 100755 index 000000000..7462b95a7 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/cabundle.yaml @@ -0,0 +1,13 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }}-cabundle + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + service.beta.openshift.io/inject-cabundle: "true" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/configmap.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/configmap.yaml new file mode 100755 index 000000000..b1bf53173 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/configmap.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + config.yaml: | + {{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}} + {{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }} + {{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}} + {{- $_ := set $cm.deployment "namespace" .Release.Namespace }} + {{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}} + {{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }} + {{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }} + {{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }} + {{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }} + {{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }} + {{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }} + {{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }} + {{- toYaml $cm | nindent 4 }} +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/envoy.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/envoy.yaml new file mode 100755 index 000000000..85b402017 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/envoy.yaml @@ -0,0 +1,56 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: envoy + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Envoy Metrics + discoverOn: "envoy_server_uptime" + items: + - chart: + name: "Pods uptime" + spans: 4 + metricName: "envoy_server_uptime" + dataType: "raw" + - chart: + name: "Allocated memory" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_allocated" + dataType: "raw" + min: 0 + - chart: + name: "Heap size" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_heap_size" + dataType: "raw" + min: 0 + - chart: + name: "Upstream active connections" + spans: 6 + metricName: "envoy_cluster_upstream_cx_active" + dataType: "raw" + - chart: + name: "Upstream total requests" + spans: 6 + metricName: "envoy_cluster_upstream_rq_total" + unit: "rps" + dataType: "rate" + - chart: + name: "Downstream active connections" + spans: 6 + metricName: "envoy_listener_downstream_cx_active" + dataType: "raw" + - chart: + name: "Downstream HTTP requests" + spans: 6 + metricName: "envoy_listener_http_downstream_rq" + unit: "rps" + dataType: "rate" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/go.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/go.yaml new file mode 100755 index 000000000..2d2f42a93 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/go.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: go + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Go Metrics + runtime: Go + discoverOn: "go_info" + items: + - chart: + name: "CPU ratio" + spans: 6 + metricName: "process_cpu_seconds_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "RSS Memory" + unit: "bytes" + spans: 6 + metricName: "process_resident_memory_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Goroutines" + spans: 6 + metricName: "go_goroutines" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Heap allocation rate" + unit: "bytes/s" + spans: 6 + metricName: "go_memstats_alloc_bytes_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "GC rate" + spans: 6 + metricName: "go_gc_duration_seconds_count" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Next GC" + unit: "bytes" + spans: 6 + metricName: "go_memstats_next_gc_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/kiali.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/kiali.yaml new file mode 100755 index 000000000..b1f011b4f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/kiali.yaml @@ -0,0 +1,44 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: kiali + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Kiali Internal Metrics + items: + - chart: + name: "API processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_api_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "route" + displayName: "Route" + - chart: + name: "Functions processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_go_function_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" + - chart: + name: "Failures" + spans: 12 + metricName: "kiali_go_function_failures_total" + dataType: "raw" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml new file mode 100755 index 000000000..2e1ed5cff --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml @@ -0,0 +1,43 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm-pool + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Pool Metrics + discoverOn: "jvm_buffer_total_capacity_bytes" + items: + - chart: + name: "Pool buffer memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer capacity" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_total_capacity_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer count" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_count" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml new file mode 100755 index 000000000..d64596882 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml @@ -0,0 +1,65 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live" + items: + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon" + dataType: "raw" + - chart: + name: "Loaded classes" + spans: 4 + metricName: "jvm_classes_loaded" + dataType: "raw" + + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml new file mode 100755 index 000000000..76e8d0a4a --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml @@ -0,0 +1,68 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.1-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live_threads" + items: + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live_threads" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon_threads" + dataType: "raw" + - chart: + name: "Threads states" + spans: 4 + metricName: "jvm_threads_states_threads" + dataType: "raw" + aggregations: + - label: "state" + displayName: "State" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/microprofile-1.1.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/microprofile-1.1.yaml new file mode 100755 index 000000000..1d4951196 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/microprofile-1.1.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-1.1 + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:thread_count" + items: + - chart: + name: "Current loaded classes" + spans: 6 + metricName: "base:classloader_current_loaded_class_count" + dataType: "raw" + - chart: + name: "Unloaded classes" + spans: 6 + metricName: "base:classloader_total_unloaded_class_count" + dataType: "raw" + - chart: + name: "Thread count" + spans: 4 + metricName: "base:thread_count" + dataType: "raw" + - chart: + name: "Thread max count" + spans: 4 + metricName: "base:thread_max_count" + dataType: "raw" + - chart: + name: "Thread daemon count" + spans: 4 + metricName: "base:thread_daemon_count" + dataType: "raw" + - chart: + name: "Committed heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_committed_heap_bytes" + dataType: "raw" + - chart: + name: "Max heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_max_heap_bytes" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_used_heap_bytes" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/microprofile-x.y.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/microprofile-x.y.yaml new file mode 100755 index 000000000..57ddc60ef --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/microprofile-x.y.yaml @@ -0,0 +1,38 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-x.y + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:gc_complete_scavenger_count" + items: + - chart: + name: "Young GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_young_generation_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Young GC count" + spans: 3 + metricName: "base:gc_young_generation_scavenger_count" + dataType: "raw" + - chart: + name: "Total GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_complete_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Total GC count" + spans: 3 + metricName: "base:gc_complete_scavenger_count" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/nodejs.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/nodejs.yaml new file mode 100755 index 000000000..1ffe0aa10 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/nodejs.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: nodejs + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Node.js + title: Node.js Metrics + discoverOn: "nodejs_active_handles_total" + items: + - chart: + name: "Active handles" + spans: 4 + metricName: "nodejs_active_handles_total" + dataType: "raw" + - chart: + name: "Active requests" + spans: 4 + metricName: "nodejs_active_requests_total" + dataType: "raw" + - chart: + name: "Event loop lag" + unit: "seconds" + spans: 4 + metricName: "nodejs_eventloop_lag_seconds" + dataType: "raw" + - chart: + name: "Total heap size" + unit: "bytes" + spans: 12 + metricName: "nodejs_heap_space_size_total_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Used heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_used_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Available heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_available_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/quarkus.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/quarkus.yaml new file mode 100755 index 000000000..cef5f3dce --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/quarkus.yaml @@ -0,0 +1,33 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: quarkus + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Quarkus Metrics + runtime: Quarkus + items: + - chart: + name: "Thread count" + spans: 4 + metricName: "vendor:thread_count" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_heap_usage_bytes" + dataType: "raw" + - chart: + name: "Used non-heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_non_heap_usage_bytes" + dataType: "raw" + - include: "microprofile-x.y" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml new file mode 100755 index 000000000..42d87d890 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm-pool + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Pool Metrics + items: + - include: "micrometer-1.0.6-jvm-pool" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/springboot-jvm.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/springboot-jvm.yaml new file mode 100755 index 000000000..ced3acdd9 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/springboot-jvm.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Metrics + items: + - include: "micrometer-1.0.6-jvm" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/springboot-tomcat.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/springboot-tomcat.yaml new file mode 100755 index 000000000..c07016aa2 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/springboot-tomcat.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-tomcat + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: Tomcat Metrics + items: + - include: "tomcat" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/thorntail.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/thorntail.yaml new file mode 100755 index 000000000..6bd85e6f5 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/thorntail.yaml @@ -0,0 +1,22 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: thorntail + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Thorntail + title: Thorntail Metrics + discoverOn: "vendor:loaded_modules" + items: + - include: "microprofile-1.1" + - chart: + name: "Loaded modules" + spans: 6 + metricName: "vendor:loaded_modules" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/tomcat.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/tomcat.yaml new file mode 100755 index 000000000..9a803342f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/tomcat.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: tomcat + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Tomcat + title: Tomcat Metrics + discoverOn: "tomcat_sessions_created_total" + items: + - chart: + name: "Sessions created" + spans: 4 + metricName: "tomcat_sessions_created_total" + dataType: "raw" + - chart: + name: "Active sessions" + spans: 4 + metricName: "tomcat_sessions_active_current" + dataType: "raw" + - chart: + name: "Sessions rejected" + spans: 4 + metricName: "tomcat_sessions_rejected_total" + dataType: "raw" + + - chart: + name: "Bytes sent" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_sent_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Bytes received" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_received_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + + - chart: + name: "Global errors" + spans: 6 + metricName: "tomcat_global_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Servlet errors" + spans: 6 + metricName: "tomcat_servlet_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/vertx-client.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/vertx-client.yaml new file mode 100755 index 000000000..2d591d6b0 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/vertx-client.yaml @@ -0,0 +1,60 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-client + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Client Metrics + discoverOn: "vertx_http_client_connections" + items: + - chart: + name: "Client response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_client_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_client_requestCount_total" + dataType: "rate" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client active connections" + spans: 6 + metricName: "vertx_http_client_connections" + dataType: "raw" + - chart: + name: "Client active websockets" + spans: 6 + metricName: "vertx_http_client_wsConnections" + dataType: "raw" + - chart: + name: "Client bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesSent" + dataType: "histogram" + - chart: + name: "Client bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/vertx-eventbus.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/vertx-eventbus.yaml new file mode 100755 index 000000000..65f9ee2ec --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/vertx-eventbus.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-eventbus + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Eventbus Metrics + discoverOn: "vertx_eventbus_handlers" + items: + - chart: + name: "Event bus handlers" + spans: 6 + metricName: "vertx_eventbus_handlers" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus pending messages" + spans: 6 + metricName: "vertx_eventbus_pending" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus processing time" + unit: "seconds" + spans: 6 + metricName: "vertx_eventbus_processingTime_seconds" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes read" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesRead" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes written" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesWritten" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/vertx-jvm.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/vertx-jvm.yaml new file mode 100755 index 000000000..2663186f3 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/vertx-jvm.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: JVM Metrics + items: + - include: "micrometer-1.1-jvm" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/vertx-pool.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/vertx-pool.yaml new file mode 100755 index 000000000..f6af921b3 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/vertx-pool.yaml @@ -0,0 +1,68 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-pool + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Pools Metrics + discoverOn: "vertx_pool_ratio" + items: + - chart: + name: "Usage duration" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_usage_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Usage ratio" + spans: 6 + metricName: "vertx_pool_ratio" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Queue size" + spans: 6 + metricName: "vertx_pool_queue_size" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Time in queue" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_queue_delay_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Resources used" + spans: 6 + metricName: "vertx_pool_inUse" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/vertx-server.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/vertx-server.yaml new file mode 100755 index 000000000..de6b89df9 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/dashboards/vertx-server.yaml @@ -0,0 +1,62 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-server + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Server Metrics + discoverOn: "vertx_http_server_connections" + items: + - chart: + name: "Server response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_server_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_server_requestCount_total" + dataType: "rate" + aggregations: + - label: "code" + displayName: "Error code" + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server active connections" + spans: 6 + metricName: "vertx_http_server_connections" + dataType: "raw" + - chart: + name: "Server active websockets" + spans: 6 + metricName: "vertx_http_server_wsConnections" + dataType: "raw" + - chart: + name: "Server bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesSent" + dataType: "histogram" + - chart: + name: "Server bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/deployment.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/deployment.yaml new file mode 100755 index 000000000..100c57922 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/deployment.yaml @@ -0,0 +1,174 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.deployment.replicas }} + selector: + matchLabels: + {{- include "kiali-server.selectorLabels" . | nindent 6 }} + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 8 }} + {{- if .Values.deployment.pod_labels }} + {{- toYaml .Values.deployment.pod_labels | nindent 8 }} + {{- end }} + annotations: + {{- if .Values.server.metrics_enabled }} + prometheus.io/scrape: "true" + prometheus.io/port: {{ .Values.server.metrics_port | quote }} + {{- else }} + prometheus.io/scrape: "false" + prometheus.io/port: "" + {{- end }} + kiali.io/runtimes: go,kiali + {{- if .Values.deployment.pod_annotations }} + {{- toYaml .Values.deployment.pod_annotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "kiali-server.fullname" . }} + {{- if .Values.deployment.priority_class_name }} + priorityClassName: {{ .Values.deployment.priority_class_name | quote }} + {{- end }} + {{- if .Values.deployment.image_pull_secrets }} + imagePullSecrets: + {{- range .Values.deployment.image_pull_secrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}:{{ .Values.deployment.tag }}" + imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }} + name: {{ include "kiali-server.fullname" . }} + command: + - "/opt/kiali/kiali" + - "-config" + - "/kiali-configuration/config.yaml" + ports: + - name: api-port + containerPort: {{ .Values.server.port | default 20001 }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + containerPort: {{ .Values.server.metrics_port | default 9090 }} + {{- end }} + readinessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + livenessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + env: + - name: ACTIVE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LOG_LEVEL + value: "{{ include "kiali-server.logLevel" . }}" + - name: LOG_FORMAT + value: "{{ .Values.deployment.logger.log_format }}" + - name: LOG_TIME_FIELD_FORMAT + value: "{{ .Values.deployment.logger.time_field_format }}" + - name: LOG_SAMPLER_RATE + value: "{{ .Values.deployment.logger.sampler_rate }}" + volumeMounts: + {{- if .Values.web_root_override }} + - name: kiali-console + subPath: env.js + mountPath: /opt/kiali/console/env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + mountPath: "/kiali-configuration" + - name: {{ include "kiali-server.fullname" . }}-cert + mountPath: "/kiali-cert" + - name: {{ include "kiali-server.fullname" . }}-secret + mountPath: "/kiali-secret" + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + mountPath: "/kiali-cabundle" + {{- end }} + {{- if .Values.deployment.resources }} + resources: + {{- toYaml .Values.deployment.resources | nindent 10 }} + {{- end }} + volumes: + {{- if .Values.web_root_override }} + - name: kiali-console + configMap: + name: kiali-console + items: + - key: env.js + path: env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + configMap: + name: {{ include "kiali-server.fullname" . }} + - name: {{ include "kiali-server.fullname" . }}-cert + secret: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + secretName: {{ include "kiali-server.fullname" . }}-cert-secret + {{- else }} + secretName: istio.{{ include "kiali-server.fullname" . }}-service-account + {{- end }} + {{- if not (include "kiali-server.identity.cert_file" .) }} + optional: true + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-secret + secret: + secretName: {{ .Values.deployment.secret_name }} + optional: true + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + configMap: + name: {{ include "kiali-server.fullname" . }}-cabundle + {{- end }} + {{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.pod) (.Values.deployment.pod_anti)) }} + affinity: + {{- if .Values.deployment.affinity.node }} + nodeAffinity: + {{- toYaml .Values.deployment.affinity.node | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod }} + podAffinity: + {{- toYaml .Values.deployment.affinity.pod | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod_anti }} + podAntiAffinity: + {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }} + {{- end }} + {{- end }} + {{- if .Values.deployment.tolerations }} + tolerations: + {{- toYaml .Values.deployment.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.deployment.node_selector }} + nodeSelector: + {{- toYaml .Values.deployment.node_selector | nindent 8 }} + {{- end }} +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/hpa.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/hpa.yaml new file mode 100755 index 000000000..934c4c1e9 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/hpa.yaml @@ -0,0 +1,17 @@ +{{- if .Values.deployment.hpa.spec }} +--- +apiVersion: {{ .Values.deployment.hpa.api_version }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "kiali-server.fullname" . }} + {{- toYaml .Values.deployment.hpa.spec | nindent 2 }} +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/ingress.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/ingress.yaml new file mode 100755 index 000000000..e4c98db1b --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/ingress.yaml @@ -0,0 +1,40 @@ +{{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} +{{- if .Values.deployment.ingress_enabled }} +--- +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }} + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- else }} + # For ingress-nginx versions older than 0.20.0 use secure-backends. + # (see: https://github.com/kubernetes/ingress-nginx/issues/3416#issuecomment-438247948) + # For ingress-nginx versions 0.20.0 and later use backend-protocol. + {{- if (include "kiali-server.identity.cert_file" .) }} + nginx.ingress.kubernetes.io/secure-backends: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + {{- else }} + nginx.ingress.kubernetes.io/secure-backends: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + {{- end }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + rules: + - http: + paths: + - path: {{ include "kiali-server.server.web_root" . }} + backend: + serviceName: {{ include "kiali-server.fullname" . }} + servicePort: {{ .Values.server.port }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/oauth.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/oauth.yaml new file mode 100755 index 000000000..a178bb85e --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/oauth.yaml @@ -0,0 +1,17 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.kiali_route_url }} +--- +apiVersion: oauth.openshift.io/v1 +kind: OAuthClient +metadata: + name: {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +redirectURIs: +- {{ .Values.kiali_route_url }} +grantMethod: auto +allowAnyScope: true +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/psp.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/psp.yaml new file mode 100755 index 000000000..f891892cc --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/psp.yaml @@ -0,0 +1,67 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "kiali-server.fullname" . }}-psp +subjects: + - kind: ServiceAccount + name: kiali +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: + - policy + resourceNames: + - {{ include "kiali-server.fullname" . }}-psp + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - emptyDir + - projected + - secret + - downwardAPI + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/role-controlplane.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/role-controlplane.yaml new file mode 100755 index 000000000..a22c76756 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/role-controlplane.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - secrets + verbs: + - list +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/role-viewer.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/role-viewer.yaml new file mode 100755 index 000000000..9fdd9fd1d --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/role-viewer.yaml @@ -0,0 +1,97 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }}-viewer + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - pods/proxy + - replicationcontrollers + - services + verbs: + - get + - list + - watch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - get + - list + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - get + - list +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/role.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/role.yaml new file mode 100755 index 000000000..8444bc753 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/role.yaml @@ -0,0 +1,108 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - pods/proxy + - replicationcontrollers + - services + verbs: + - get + - list + - patch + - watch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - patch + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - patch + - watch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - patch + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/rolebinding-controlplane.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/rolebinding-controlplane.yaml new file mode 100755 index 000000000..5a0015836 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/rolebinding-controlplane.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "kiali-server.fullname" . }}-controlplane +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/rolebinding.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/rolebinding.yaml new file mode 100755 index 000000000..1eaabd65f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + {{- if .Values.deployment.view_only_mode }} + name: {{ include "kiali-server.fullname" . }}-viewer + {{- else }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/route.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/route.yaml new file mode 100755 index 000000000..27940dc96 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/route.yaml @@ -0,0 +1,30 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.deployment.ingress_enabled }} +# As of OpenShift 4.5, need to use --disable-openapi-validation when installing via Helm +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}} + annotations: + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + tls: + termination: reencrypt + insecureEdgeTerminationPolicy: Redirect + to: + kind: Service + targetPort: {{ .Values.server.port }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/service.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/service.yaml new file mode 100755 index 000000000..9ccf4f388 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/service.yaml @@ -0,0 +1,47 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + service.beta.openshift.io/serving-cert-secret-name: {{ include "kiali-server.fullname" . }}-cert-secret + {{- end }} + kiali.io/api-spec: https://kiali.io/api + kiali.io/api-type: rest + {{- if and (not (empty .Values.server.web_fqdn)) (not (empty .Values.server.web_schema)) }} + {{- if empty .Values.server.web_port }} + kiali.io/external-url: {{ .Values.server.web_schema }}://{{ .Values.server.web_fqdn }}{{ default "" .Values.server.web_root }} + {{- else }} + kiali.io/external-url: {{ .Values.server.web_schema }}://{{ .Values.server.web_fqdn }}:{{ .Values.server.web_port }}{{(default "" .Values.server.web_root) }} + {{- end }} + {{- end }} + {{- if .Values.deployment.service_annotations }} + {{- toYaml .Values.deployment.service_annotations | nindent 4 }} + {{- end }} +spec: + {{- if .Values.deployment.service_type }} + type: {{ .Values.deployment.service_type }} + {{- end }} + ports: + {{- if (include "kiali-server.identity.cert_file" .) }} + - name: tcp + {{- else }} + - name: http + {{- end }} + protocol: TCP + port: {{ .Values.server.port }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + protocol: TCP + port: {{ .Values.server.metrics_port }} + {{- end }} + selector: + {{- include "kiali-server.selectorLabels" . | nindent 4 }} + {{- if .Values.deployment.additional_service_yaml }} + {{- toYaml .Values.deployment.additional_service_yaml | nindent 2 }} + {{- end }} +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/serviceaccount.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/serviceaccount.yaml new file mode 100755 index 000000000..9151b6f6a --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/serviceaccount.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/validate-install-crd.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/validate-install-crd.yaml new file mode 100755 index 000000000..b42eeb266 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/validate-install-crd.yaml @@ -0,0 +1,14 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "monitoring.kiali.io/v1alpha1/MonitoringDashboard" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/web-root-configmap.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/web-root-configmap.yaml new file mode 100755 index 000000000..970d4e4f5 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/templates/web-root-configmap.yaml @@ -0,0 +1,12 @@ +{{- if .Values.web_root_override }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: kiali-console + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + env.js: | + window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:kiali:20001/proxy/kiali'; +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/values.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/values.yaml new file mode 100755 index 000000000..aada4e09a --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/kiali/values.yaml @@ -0,0 +1,93 @@ +nameOverride: "kiali" +fullnameOverride: "kiali" + +# This is required for "openshift" auth strategy. +# You have to know ahead of time what your Route URL will be because +# right now the helm chart can't figure this out at runtime (it would +# need to wait for the Kiali Route to be deployed and for OpenShift +# to start it up). If someone knows how to update this helm chart to +# do this, a PR would be welcome. +kiali_route_url: "" + +# rancher specific override that allows proxy access to kiali url +web_root_override: true + +# +# Settings that mimic the Kiali CR which are placed in the ConfigMap. +# Note that only those values used by the Helm Chart will be here. +# + +istio_namespace: "" # default is where Kiali is installed + +auth: + openid: {} + openshift: {} + strategy: "" + +deployment: + # This only limits what Kiali will attempt to see, but Kiali Service Account has permissions to see everything. + # For more control over what the Kial Service Account can see, use the Kiali Operator + accessible_namespaces: + - "**" + additional_service_yaml: {} + affinity: + node: {} + pod: {} + pod_anti: {} + custom_dashboards: + excludes: [''] + includes: ['*'] + hpa: + api_version: "autoscaling/v2beta2" + spec: {} + repository: rancher/mirrored-kiali-kiali + image_pull_policy: "Always" + image_pull_secrets: [] + tag: v1.32.0 + ingress_enabled: true + logger: + log_format: "text" + log_level: "info" + time_field_format: "2006-01-02T15:04:05Z07:00" + sampler_rate: "1" + node_selector: {} + override_ingress_yaml: + metadata: {} + pod_annotations: {} + pod_labels: {} + priority_class_name: "" + replicas: 1 + resources: {} + secret_name: "kiali" + service_annotations: {} + service_type: "" + tolerations: [] + version_label: v1.32.0 + view_only_mode: false + +external_services: + custom_dashboards: + enabled: true + +identity: {} + #cert_file: + #private_key_file: + +login_token: + signing_key: "" + +server: + port: 20001 + metrics_enabled: true + metrics_port: 9090 + web_root: "" + +# Common settings used among istio subcharts. +global: + # Specify rancher clusterId of external tracing config + # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 + cattle: + systemDefaultRegistry: "" + clusterId: + rbac: + pspEnabled: false diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/.helmignore b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/Chart.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/Chart.yaml new file mode 100755 index 000000000..6e368616d --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/Chart.yaml @@ -0,0 +1,12 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: istio-system + catalog.rancher.io/release-name: rancher-tracing +apiVersion: v1 +appVersion: 1.20.0 +description: A quick start Jaeger Tracing installation using the all-in-one demo. + This is not production qualified. Refer to https://www.jaegertracing.io/ for details. +name: tracing +version: 1.20.1 diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/README.md b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/README.md new file mode 100755 index 000000000..25534c628 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/README.md @@ -0,0 +1,5 @@ +# Jaeger + +A Rancher chart based on the Jaeger all-in-one quick installation option. This chart will allow you to trace and monitor distributed microservices. + +> **Note:** The basic all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io) documentation to determine which installation you will need for your production needs. diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/_affinity.tpl b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/_affinity.tpl new file mode 100755 index 000000000..bf6a9aee5 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/_affinity.tpl @@ -0,0 +1,92 @@ +{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} +{{- define "nodeAffinity" }} + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + {{- include "nodeAffinityRequiredDuringScheduling" . }} + preferredDuringSchedulingIgnoredDuringExecution: + {{- include "nodeAffinityPreferredDuringScheduling" . }} +{{- end }} + +{{- define "nodeAffinityRequiredDuringScheduling" }} + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + {{- range $key, $val := .Values.global.arch }} + {{- if gt ($val | int) 0 }} + - {{ $key | quote }} + {{- end }} + {{- end }} + {{- $nodeSelector := default .Values.global.defaultNodeSelector .Values.nodeSelector -}} + {{- range $key, $val := $nodeSelector }} + - key: {{ $key }} + operator: In + values: + - {{ $val | quote }} + {{- end }} +{{- end }} + +{{- define "nodeAffinityPreferredDuringScheduling" }} + {{- range $key, $val := .Values.global.arch }} + {{- if gt ($val | int) 0 }} + - weight: {{ $val | int }} + preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - {{ $key | quote }} + {{- end }} + {{- end }} +{{- end }} + +{{- define "podAntiAffinity" }} +{{- if or .Values.podAntiAffinityLabelSelector .Values.podAntiAffinityTermLabelSelector}} + podAntiAffinity: + {{- if .Values.podAntiAffinityLabelSelector }} + requiredDuringSchedulingIgnoredDuringExecution: + {{- include "podAntiAffinityRequiredDuringScheduling" . }} + {{- end }} + {{- if or .Values.podAntiAffinityTermLabelSelector}} + preferredDuringSchedulingIgnoredDuringExecution: + {{- include "podAntiAffinityPreferredDuringScheduling" . }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "podAntiAffinityRequiredDuringScheduling" }} + {{- range $index, $item := .Values.podAntiAffinityLabelSelector }} + - labelSelector: + matchExpressions: + - key: {{ $item.key }} + operator: {{ $item.operator }} + {{- if $item.values }} + values: + {{- $vals := split "," $item.values }} + {{- range $i, $v := $vals }} + - {{ $v | quote }} + {{- end }} + {{- end }} + topologyKey: {{ $item.topologyKey }} + {{- end }} +{{- end }} + +{{- define "podAntiAffinityPreferredDuringScheduling" }} + {{- range $index, $item := .Values.podAntiAffinityTermLabelSelector }} + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: {{ $item.key }} + operator: {{ $item.operator }} + {{- if $item.values }} + values: + {{- $vals := split "," $item.values }} + {{- range $i, $v := $vals }} + - {{ $v | quote }} + {{- end }} + {{- end }} + topologyKey: {{ $item.topologyKey }} + weight: 100 + {{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/_helpers.tpl b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/_helpers.tpl new file mode 100755 index 000000000..56cfa7335 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "tracing.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "tracing.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/deployment.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/deployment.yaml new file mode 100755 index 000000000..25bb67fd3 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/deployment.yaml @@ -0,0 +1,86 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + selector: + matchLabels: + app: {{ .Values.provider }} + template: + metadata: + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + annotations: + sidecar.istio.io/inject: "false" + prometheus.io/scrape: "true" + prometheus.io/port: "14269" +{{- if .Values.jaeger.podAnnotations }} +{{ toYaml .Values.jaeger.podAnnotations | indent 8 }} +{{- end }} + spec: + containers: + - name: jaeger + image: "{{ template "system_default_registry" . }}{{ .Values.jaeger.repository }}:{{ .Values.jaeger.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + env: + {{- if eq .Values.jaeger.spanStorageType "badger" }} + - name: BADGER_EPHEMERAL + value: "false" + - name: SPAN_STORAGE_TYPE + value: "badger" + - name: BADGER_DIRECTORY_VALUE + value: "/badger/data" + - name: BADGER_DIRECTORY_KEY + value: "/badger/key" + {{- end }} + - name: COLLECTOR_ZIPKIN_HTTP_PORT + value: "9411" + - name: MEMORY_MAX_TRACES + value: "{{ .Values.jaeger.memory.max_traces }}" + - name: QUERY_BASE_PATH + value: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} + livenessProbe: + httpGet: + path: / + port: 14269 + readinessProbe: + httpGet: + path: / + port: 14269 +{{- if eq .Values.jaeger.spanStorageType "badger" }} + volumeMounts: + - name: data + mountPath: /badger +{{- end }} + resources: +{{- if .Values.jaeger.resources }} +{{ toYaml .Values.jaeger.resources | indent 12 }} +{{- else }} +{{ toYaml .Values.global.defaultResources | indent 12 }} +{{- end }} + affinity: + {{- include "nodeAffinity" . | indent 6 }} + {{- include "podAntiAffinity" . | indent 6 }} + {{- if .Values.global.rbac.pspEnabled }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + serviceAccountName: {{ include "tracing.fullname" . }} + {{- end }} +{{- if eq .Values.jaeger.spanStorageType "badger" }} + volumes: + - name: data +{{- if .Values.jaeger.persistentVolumeClaim.enabled }} + persistentVolumeClaim: + claimName: istio-jaeger-pvc +{{- else }} + emptyDir: {} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/psp.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/psp.yaml new file mode 100755 index 000000000..44b230492 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/psp.yaml @@ -0,0 +1,86 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "tracing.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ include "tracing.fullname" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +rules: +- apiGroups: + - policy + resourceNames: + - {{ include "tracing.fullname" . }} + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - emptyDir + - secret + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/pvc.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/pvc.yaml new file mode 100755 index 000000000..9b4c55e4f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/pvc.yaml @@ -0,0 +1,16 @@ +{{- if .Values.jaeger.persistentVolumeClaim.enabled }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: istio-jaeger-pvc + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} +spec: + storageClassName: {{ .Values.jaeger.storageClassName }} + accessModes: + - {{ .Values.jaeger.accessMode }} + resources: + requests: + storage: {{.Values.jaeger.persistentVolumeClaim.storage }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/service.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/service.yaml new file mode 100755 index 000000000..4210a9b5f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/templates/service.yaml @@ -0,0 +1,63 @@ +apiVersion: v1 +kind: Service +metadata: + name: tracing + namespace: {{ .Release.Namespace }} + annotations: + {{- range $key, $val := .Values.service.annotations }} + {{ $key }}: {{ $val | quote }} + {{- end }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + type: {{ .Values.service.type }} + ports: + - name: {{ .Values.service.name }} + port: {{ .Values.service.externalPort }} + protocol: TCP + targetPort: 16686 + selector: + app: {{ .Values.provider }} +--- +# Jaeger implements the Zipkin API. To support swapping out the tracing backend, we use a Service named Zipkin. +apiVersion: v1 +kind: Service +metadata: + name: zipkin + namespace: {{ .Release.Namespace }} + labels: + name: zipkin + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + ports: + - name: {{ .Values.service.name }} + port: {{ .Values.zipkin.queryPort }} + targetPort: {{ .Values.zipkin.queryPort }} + selector: + app: {{ .Values.provider }} +--- +apiVersion: v1 +kind: Service +metadata: + name: jaeger-collector + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + type: ClusterIP + ports: + - name: jaeger-collector-http + port: 14268 + targetPort: 14268 + protocol: TCP + - name: jaeger-collector-grpc + port: 14250 + targetPort: 14250 + protocol: TCP + selector: + app: {{ .Values.provider }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/values.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/values.yaml new file mode 100755 index 000000000..18ff81c3c --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/charts/tracing/values.yaml @@ -0,0 +1,44 @@ +provider: jaeger +contextPath: "" +nodeSelector: {} +podAntiAffinityLabelSelector: [] +podAntiAffinityTermLabelSelector: [] +nameOverride: "" +fullnameOverride: "" + +global: + cattle: + systemDefaultRegistry: "" + defaultResources: {} + imagePullPolicy: IfNotPresent + imagePullSecrets: [] + arch: + amd64: 2 + s390x: 2 + ppc64le: 2 + defaultNodeSelector: {} + rbac: + pspEnabled: false + +jaeger: + repository: rancher/mirrored-jaegertracing-all-in-one + tag: 1.20.0 + # spanStorageType value can be "memory" and "badger" for all-in-one image + spanStorageType: badger + resources: + requests: + cpu: 10m + persistentVolumeClaim: + enabled: false + storage: 5Gi + storageClassName: "" + accessMode: ReadWriteMany + memory: + max_traces: 50000 +zipkin: + queryPort: 9411 +service: + annotations: {} + name: http-query + type: ClusterIP + externalPort: 16686 diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/configs/istio-base.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/configs/istio-base.yaml new file mode 100755 index 000000000..7ff972e2d --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/configs/istio-base.yaml @@ -0,0 +1,89 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + addonComponents: + istiocoredns: + enabled: {{ .Values.istiocoredns.enabled }} + components: + base: + enabled: {{ .Values.base.enabled }} + cni: + enabled: {{ .Values.cni.enabled }} + egressGateways: + - enabled: {{ .Values.egressGateways.enabled }} + name: istio-egressgateway + ingressGateways: + - enabled: {{ .Values.ingressGateways.enabled }} + name: istio-ingressgateway + k8s: + service: + ports: + - name: status-port + port: 15021 + targetPort: 15021 + - name: http2 + port: 80 + targetPort: 8080 + nodePort: 31380 + - name: https + port: 443 + targetPort: 8443 + nodePort: 31390 + - name: tcp + port: 31400 + targetPort: 31400 + nodePort: 31400 + - name: tls + port: 15443 + targetPort: 15443 + istiodRemote: + enabled: {{ .Values.istiodRemote.enabled }} + pilot: + enabled: {{ .Values.pilot.enabled }} + hub: {{ .Values.systemDefaultRegistry | default "docker.io" }} + profile: default + tag: {{ .Values.tag }} + revision: {{ .Values.revision }} + meshConfig: + defaultConfig: + proxyMetadata: + {{- if .Values.dns.enabled }} + ISTIO_META_DNS_CAPTURE: "true" + {{- end }} + values: + gateways: + istio-egressgateway: + name: istio-egressgateway + type: {{ .Values.egressGateways.type }} + istio-ingressgateway: + name: istio-ingressgateway + type: {{ .Values.ingressGateways.type }} + global: + istioNamespace: {{ template "istio.namespace" . }} + proxy: + image: {{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }} + proxy_init: + image: {{ template "system_default_registry" . }}{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }} + {{- if .Values.global.defaultPodDisruptionBudget.enabled }} + defaultPodDisruptionBudget: + enabled: {{ .Values.global.defaultPodDisruptionBudget.enabled }} + {{- end }} + istiocoredns: + coreDNSImage: {{ template "system_default_registry" . }}{{ .Values.istiocoredns.image.repository }} + coreDNSPluginImage: {{ template "system_default_registry" . }}{{ .Values.istiocoredns.pluginImage.repository }}:{{ .Values.istiocoredns.pluginImage.tag }} + coreDNSTag: {{ .Values.istiocoredns.image.tag }} + {{- if .Values.pilot.enabled }} + pilot: + image: {{ template "system_default_registry" . }}{{ .Values.pilot.repository }}:{{ .Values.pilot.tag }} + {{- end }} + telemetry: + enabled: {{ .Values.telemetry.enabled }} + v2: + enabled: {{ .Values.telemetry.v2.enabled }} + {{- if .Values.cni.enabled }} + cni: + image: {{ template "system_default_registry" . }}{{ .Values.cni.repository }}:{{ .Values.cni.tag }} + excludeNamespaces: + {{- toYaml .Values.cni.excludeNamespaces | nindent 8 }} + logLevel: {{ .Values.cni.logLevel }} + {{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/requirements.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/requirements.yaml new file mode 100755 index 000000000..b60745780 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/requirements.yaml @@ -0,0 +1,17 @@ +dependencies: +- name: kiali + version: "" + repository: file://./charts/kiali + condition: kiali.enabled + tags: [] + enabled: false + importvalues: [] + alias: "" +- name: tracing + version: "" + repository: file://./charts/tracing + condition: tracing.enabled + tags: [] + enabled: false + importvalues: [] + alias: "" diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/samples/overlay-example.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/samples/overlay-example.yaml new file mode 100755 index 000000000..5cf3cf3b0 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/samples/overlay-example.yaml @@ -0,0 +1,37 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + components: + ingressGateways: + - enabled: true + name: ilb-gateway + namespace: user-ingressgateway-ns + k8s: + resources: + requests: + cpu: 200m + service: + ports: + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns + port: 5353 + serviceAnnotations: + cloud.google.com/load-balancer-type: internal + - enabled: true + name: other-gateway + namespace: cattle-istio-system + k8s: + resources: + requests: + cpu: 200m + service: + ports: + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns + port: 5353 + serviceAnnotations: + cloud.google.com/load-balancer-type: internal diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/_helpers.tpl b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/_helpers.tpl new file mode 100755 index 000000000..3f7af953a --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/_helpers.tpl @@ -0,0 +1,12 @@ +{{/* Ensure namespace is set the same everywhere */}} +{{- define "istio.namespace" -}} + {{- .Release.Namespace | default "istio-system" -}} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/admin-role.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/admin-role.yaml new file mode 100755 index 000000000..ad1313c4f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/admin-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + name: istio-admin + namespace: {{ template "istio.namespace" . }} +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: + - '*' + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: + - '*' diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/base-config-map.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/base-config-map.yaml new file mode 100755 index 000000000..5323917bc --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/base-config-map.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-installer-base + namespace: {{ template "istio.namespace" . }} +data: +{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/clusterrole.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/clusterrole.yaml new file mode 100755 index 000000000..a93b3df95 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/clusterrole.yaml @@ -0,0 +1,120 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istio-installer +rules: +# istio groups +- apiGroups: + - authentication.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - config.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - install.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - rbac.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - security.istio.io + resources: + - '*' + verbs: + - '*' +# k8s groups +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions.apiextensions.k8s.io + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - apps + - extensions + resources: + - daemonsets + - deployments + - deployments/finalizers + - ingresses + - replicasets + - statefulsets + verbs: + - '*' +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - '*' +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - roles + - rolebindings + verbs: + - '*' +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - namespaces + - pods + - pods/exec + - persistentvolumeclaims + - secrets + - services + - serviceaccounts + verbs: + - '*' +- apiGroups: + - policy + resourceNames: + - istio-installer + resources: + - podsecuritypolicies + verbs: + - use diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/clusterrolebinding.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..9d74a0434 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: istio-installer +subjects: +- kind: ServiceAccount + name: istio-installer + namespace: {{ template "istio.namespace" . }} +roleRef: + kind: ClusterRole + name: istio-installer + apiGroup: rbac.authorization.k8s.io diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/edit-role.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/edit-role.yaml new file mode 100755 index 000000000..d1059d58d --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/edit-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + namespace: {{ template "istio.namespace" . }} + name: istio-edit +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: + - '*' + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: + - '*' diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/istio-cni-psp.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/istio-cni-psp.yaml new file mode 100755 index 000000000..5b94c8503 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/istio-cni-psp.yaml @@ -0,0 +1,51 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: psp-istio-cni + namespace: {{ template "istio.namespace" . }} +spec: + allowPrivilegeEscalation: true + fsGroup: + rule: RunAsAny + hostNetwork: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - secret + - configMap + - emptyDir + - hostPath +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: psp-istio-cni + namespace: {{ template "istio.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: psp-istio-cni +subjects: + - kind: ServiceAccount + name: istio-cni +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: psp-istio-cni + namespace: {{ template "istio.namespace" . }} +rules: +- apiGroups: + - policy + resourceNames: + - psp-istio-cni + resources: + - podsecuritypolicies + verbs: + - use +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/istio-install-job.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/istio-install-job.yaml new file mode 100755 index 000000000..9a13f5698 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/istio-install-job.yaml @@ -0,0 +1,50 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: istioctl-installer + namespace: {{ template "istio.namespace" . }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + backoffLimit: 1 + template: + spec: + containers: + - name: istioctl-installer + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} + env: + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: ISTIO_NAMESPACE + value: {{ template "istio.namespace" . }} + - name: FORCE_INSTALL + value: {{ .Values.forceInstall | default "false" | quote }} + command: ["/bin/sh","-c"] + args: ["/usr/local/app/scripts/run.sh"] + volumeMounts: + - name: config-volume + mountPath: /app/istio-base.yaml + subPath: istio-base.yaml + {{- if .Values.overlayFile }} + - name: overlay-volume + mountPath: /app/overlay-config.yaml + subPath: overlay-config.yaml + {{- end }} + volumes: + - name: config-volume + configMap: + name: istio-installer-base + {{- if .Values.overlayFile }} + - name: overlay-volume + configMap: + name: istio-installer-overlay + {{- end }} + serviceAccountName: istio-installer + {{- if .Values.global.rbac.pspEnabled }} + securityContext: + runAsUser: 101 + runAsGroup: 101 + {{- end }} + restartPolicy: Never diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/istio-install-psp.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/istio-install-psp.yaml new file mode 100755 index 000000000..f0b5ee565 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/istio-install-psp.yaml @@ -0,0 +1,30 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: istio-installer + namespace: {{ template "istio.namespace" . }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'configMap' + - 'secret' +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/istio-psp.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/istio-psp.yaml new file mode 100755 index 000000000..b3758b74f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/istio-psp.yaml @@ -0,0 +1,81 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: istio-psp + namespace: {{ template "istio.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: istio-psp +subjects: + - kind: ServiceAccount + name: istio-egressgateway-service-account + - kind: ServiceAccount + name: istio-ingressgateway-service-account + - kind: ServiceAccount + name: istio-mixer-service-account + - kind: ServiceAccount + name: istio-operator-authproxy + - kind: ServiceAccount + name: istiod-service-account + - kind: ServiceAccount + name: istio-sidecar-injector-service-account + - kind: ServiceAccount + name: istiocoredns-service-account + - kind: ServiceAccount + name: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: istio-psp + namespace: {{ template "istio.namespace" . }} +rules: +- apiGroups: + - policy + resourceNames: + - istio-psp + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: istio-psp + namespace: {{ template "istio.namespace" . }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - emptyDir + - projected + - secret + - downwardAPI + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/istio-uninstall-job.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/istio-uninstall-job.yaml new file mode 100755 index 000000000..a7f156325 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/istio-uninstall-job.yaml @@ -0,0 +1,45 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: istioctl-uninstaller + namespace: {{ template "istio.namespace" . }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + spec: + containers: + - name: istioctl-uninstaller + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} + env: + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: ISTIO_NAMESPACE + value: {{ template "istio.namespace" . }} + command: ["/bin/sh","-c"] + args: ["/usr/local/app/scripts/uninstall_istio_system.sh"] + volumeMounts: + - name: config-volume + mountPath: /app/istio-base.yaml + subPath: istio-base.yaml + {{- if .Values.overlayFile }} + - name: overlay-volume + mountPath: /app/overlay-config.yaml + subPath: overlay-config.yaml + {{ end }} + volumes: + - name: config-volume + configMap: + name: istio-installer-base + {{- if .Values.overlayFile }} + - name: overlay-volume + configMap: + name: istio-installer-overlay + {{ end }} + serviceAccountName: istio-installer + securityContext: + runAsUser: 101 + runAsGroup: 101 + restartPolicy: OnFailure diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/overlay-config-map.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/overlay-config-map.yaml new file mode 100755 index 000000000..287d26b2c --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/overlay-config-map.yaml @@ -0,0 +1,9 @@ +{{- if .Values.overlayFile }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-installer-overlay + namespace: {{ template "istio.namespace" . }} +data: + overlay-config.yaml: {{ toYaml .Values.overlayFile | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/service-monitors.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/service-monitors.yaml new file mode 100755 index 000000000..c3d60c4fc --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/service-monitors.yaml @@ -0,0 +1,51 @@ +{{- if .Values.kiali.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: envoy-stats-monitor + namespace: {{ template "istio.namespace" . }} + labels: + monitoring: istio-proxies +spec: + selector: + matchExpressions: + - {key: istio-prometheus-ignore, operator: DoesNotExist} + namespaceSelector: + any: true + jobLabel: envoy-stats + endpoints: + - path: /stats/prometheus + targetPort: 15090 + interval: 15s + relabelings: + - sourceLabels: [__meta_kubernetes_pod_container_port_name] + action: keep + regex: '.*-envoy-prom' + - action: labeldrop + regex: "__meta_kubernetes_pod_label_(.+)" + - sourceLabels: [__meta_kubernetes_namespace] + action: replace + targetLabel: namespace + - sourceLabels: [__meta_kubernetes_pod_name] + action: replace + targetLabel: pod_name +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: istio-component-monitor + namespace: {{ template "istio.namespace" . }} + labels: + monitoring: istio-components +spec: + jobLabel: istio + targetLabels: [app] + selector: + matchExpressions: + - {key: istio, operator: In, values: [pilot]} + namespaceSelector: + any: true + endpoints: + - port: http-monitoring + interval: 15s +{{- end -}} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/serviceaccount.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/serviceaccount.yaml new file mode 100755 index 000000000..82b6cbb7e --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: istio-installer + namespace: {{ template "istio.namespace" . }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/view-role.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/view-role.yaml new file mode 100755 index 000000000..5947d3eba --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/templates/view-role.yaml @@ -0,0 +1,41 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + namespace: {{ template "istio.namespace" . }} + name: istio-view +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: ["get", "watch", "list"] + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: ["get", "watch", "list"] diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/values.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/values.yaml new file mode 100755 index 000000000..a641abdc1 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.400/values.yaml @@ -0,0 +1,95 @@ +overlayFile: "" +tag: 1.8.4 +##Setting forceInstall: true will remove the check for istio version < 1.6.x and will not analyze your install cluster prior to install +forceInstall: false + +installer: + repository: rancher/istio-installer + tag: 1.8.4-rancher1 + +##Deprecated as of 1.8, native support provided by enabling `dns.enabled=true` +istiocoredns: + enabled: false + image: + repository: rancher/mirrored-coredns-coredns + tag: 1.6.2 + pluginImage: + repository: rancher/mirrored-istio-coredns-plugin + tag: 0.2-istio-1.1 + +##Native support for dns added in 1.8 +dns: + enabled: false + +base: + enabled: true + +cni: + enabled: false + repository: rancher/mirrored-istio-install-cni + tag: 1.8.4 + logLevel: info + excludeNamespaces: + - istio-system + - kube-system + +egressGateways: + enabled: false + type: NodePort + +ingressGateways: + enabled: true + type: NodePort + +istiodRemote: + enabled: false + +pilot: + enabled: true + repository: rancher/mirrored-istio-pilot + tag: 1.8.4 + +telemetry: + enabled: true + v2: + enabled: true + +global: + cattle: + systemDefaultRegistry: "" + proxy: + repository: rancher/mirrored-istio-proxyv2 + tag: 1.8.4 + proxy_init: + repository: rancher/mirrored-istio-proxyv2 + tag: 1.8.4 + defaultPodDisruptionBudget: + enabled: true + rbac: + pspEnabled: false + +# Kiali subchart from rancher-kiali-server +kiali: + enabled: true + auth: + strategy: anonymous + deployment: + ingress_enabled: false + repository: rancher/mirrored-kiali-kiali + tag: v1.32.0 + external_services: + prometheus: + custom_metrics_url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" + url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" + tracing: + in_cluster_url: "http://tracing.istio-system.svc:16686/jaeger" + grafana: + in_cluster_url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80" + url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80" + +tracing: + enabled: false + contextPath: "/jaeger" + jaeger: + repository: rancher/mirrored-jaegertracing-all-in-one + tag: 1.20.0 diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/Chart.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/Chart.yaml new file mode 100755 index 000000000..487e7401a --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/Chart.yaml @@ -0,0 +1,21 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.32.100 + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Istio + catalog.cattle.io/namespace: istio-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1 + catalog.cattle.io/release-name: rancher-istio + catalog.cattle.io/requests-cpu: 710m + catalog.cattle.io/requests-memory: 2314Mi + catalog.cattle.io/ui-component: istio +apiVersion: v1 +appVersion: 1.8.5 +description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ + for details. +icon: https://charts.rancher.io/assets/logos/istio.svg +keywords: +- networking +- infrastructure +name: rancher-istio +version: 1.8.500 diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/README.md b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/README.md new file mode 100755 index 000000000..199e45312 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/README.md @@ -0,0 +1,69 @@ +# Rancher Istio Installers + +A Rancher created chart that packages the istioctl binary to install via a helm chart. + +# Installation Requirements + +## Chart Dependencies +- rancher-kiali-server-crd chart + +# Uninstallation Requirements +To ensure rancher-istio uninstalls correctly, you must uninstall rancher-istio prior to uninstalling chart dependencies (see installation requirements for chart dependencies). This is because all definitions need to be available in order to properly build the rancher-istio objects for removal. + +If you remove dependent CRD charts prior to removing rancher-istio, you may encounter the following error:: + +`Error: uninstallation completed with 1 error(s): unable to build kubernetes objects for delete: unable to recognize "": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"` + +# Addons + +## Kiali + +Kiali allows you to view and manage your istio-based service mesh through an easy to use dashboard. + +#### Dependencies +- rancher-monitoring chart or other Prometheus installation + +This dependecy installs the required CRDs for installing Kiali. Since Kiali is bundled in with Istio in this chart, if you do not have these dependencies installed, your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` when installing Istio for a succesful installation. + +> **Note:** The following configuration options assume you have installed the dependecies for Kiali. Please ensure you have Promtheus in your cluster before proceeding. + +The Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. + +To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. + +1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. +1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. + +#### External Services + +##### Prometheus +The `kiali.external_services.prometheus` url is set in the values.yaml: +``` +http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} +``` +The url depends on the default values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` being set in your rancher-monitoring or other monitoring instance. + +##### Grafana +The `kiali.external_services.grafana` url is set in the values.yaml: +``` +http://{{ .Values.nameOverride }}-grafana.{{ .Values.namespaceOverride }}.svc:{{ grafana.service.port }} +``` +The url depends on the default values for `nameOverride`, `namespaceOverride`, and `grafana.service.port` being set in your rancher-monitoring or other monitoring instance. + +##### Tracing +The `kiali.external_services.tracing` url and `.Values.tracing.contextPath` is set in the rancher-istio values.yaml: +``` +http://tracing.{{ .Values.namespaceOverride }}.svc:{{ .Values.service.externalPort }}/{{ .Values.tracing.contextPath }} +``` +The url depends on the default values for `namespaceOverride`, and `.Values.service.externalPort` being set in your rancher-tracing or other tracing instance. + +## Jaeger + +Jaeger allows you to trace and monitor distributed microservices. + +> **Note:** This addon is using the all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io/docs/1.21/getting-started/) documentation to determine which installation you will need for your production needs. + +# Installation +``` +helm install rancher-istio . --create-namespace -n istio-system +``` \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/app-readme.md b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/app-readme.md new file mode 100755 index 000000000..0e42df083 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/app-readme.md @@ -0,0 +1,45 @@ +# Rancher Istio + +Our [Istio](https://istio.io/) installer wraps the istioctl binary commands in a handy helm chart, including an overlay file option to allow complex customization. It also includes: +* **[Kiali](https://kiali.io/)**: Used for graphing traffic flow throughout the mesh +* **[Jaeger](https://www.jaegertracing.io/)**: A quick start, all-in-one installation used for tracing distributed systemm. This is not production qualified, please refer to jaeger documentation to determine which installation you may need instead. + +### Dependencies + +**Rancher Monitoring or other Prometheus installation** + +The Prometheus CRDs are required for installing Kiali which is enabled by default. If you do not have Prometheus installed your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` to bypass this requirement. + +### Customization + +**Rancher Monitoring** + +The Rancher Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. + +To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. + +1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. +1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. + +**Custom Prometheus Installation with Kiali** + +To use a custom Monitoring installation, set the `kiali.external_services.prometheus` url in the values.yaml. This url depends on the values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` in your rancher-monitoring or other monitoring instance: +``` +http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} +``` +**Custom Grafana Installation with Kiali** + +To use a custom Grafana installation, set the `kiali.external_services.grafana` url in the values.yaml. This url depends on the values for `nameOverride`, `namespaceOverride`, and `granfa.service.port` in your rancher-monitoring or other grafana instance: +``` +http://{{ .Values.nameOverride }}-grafana.{{ .Values.namespaceOverride }}.svc:{{ grafana.service.port }} +``` +**Custom Tracing Installation with Kiali** + +To use a custom Tracing installation, set the `kiali.external_services.tracing` url and update the `.Values.tracing.contextPath` in the rancher-istio values.yaml. + +This url depends on the values for `namespaceOverride`, and `.Values.service.externalPort` in your rancher-tracing or other tracing instance.: +``` +http://tracing.{{ .Values.namespaceOverride }}.svc:{{ .Values.service.externalPort }}/{{ .Values.tracing.contextPath }} +``` + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/istio/v2.5/). diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/Chart.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/Chart.yaml new file mode 100755 index 000000000..9b6fdf385 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/Chart.yaml @@ -0,0 +1,31 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=match + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 + catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 + catalog.rancher.io/namespace: cattle-istio-system + catalog.rancher.io/release-name: rancher-kiali-server +apiVersion: v2 +appVersion: v1.32.0 +description: Kiali is an open source project for service mesh observability, refer + to https://www.kiali.io for details. This is installed as sub-chart with customized + values in Rancher's Istio. +home: https://github.com/kiali/kiali +icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png +keywords: +- istio +- kiali +- networking +- infrastructure +maintainers: +- email: kiali-users@googlegroups.com + name: Kiali + url: https://kiali.io +name: kiali +sources: +- https://github.com/kiali/kiali +- https://github.com/kiali/kiali-ui +- https://github.com/kiali/kiali-operator +- https://github.com/kiali/helm-charts +version: 1.32.1 diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/NOTES.txt b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/NOTES.txt new file mode 100755 index 000000000..751019401 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/NOTES.txt @@ -0,0 +1,5 @@ +Welcome to Kiali! For more details on Kiali, see: https://kiali.io + +The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon. + +(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}]) diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/_helpers.tpl b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/_helpers.tpl new file mode 100755 index 000000000..dd33bbe48 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/_helpers.tpl @@ -0,0 +1,192 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "kiali-server.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kiali-server.fullname" -}} +{{- if .Values.fullnameOverride }} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} + {{- $name := default .Chart.Name .Values.nameOverride }} + {{- printf "%s" $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kiali-server.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Identifies the log_level with the old verbose_mode and the new log_level considered. +*/}} +{{- define "kiali-server.logLevel" -}} +{{- if .Values.deployment.verbose_mode -}} +{{- .Values.deployment.verbose_mode -}} +{{- else -}} +{{- .Values.deployment.logger.log_level -}} +{{- end -}} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kiali-server.labels" -}} +helm.sh/chart: {{ include "kiali-server.chart" . }} +app: {{ include "kiali-server.name" . }} +{{ include "kiali-server.selectorLabels" . }} +version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/part-of: "kiali" +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kiali-server.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kiali-server.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Used to determine if a custom dashboard (defined in .Template.Name) should be deployed. +*/}} +{{- define "kiali-server.isDashboardEnabled" -}} +{{- if .Values.external_services.custom_dashboards.enabled }} + {{- $includere := "" }} + {{- range $_, $s := .Values.deployment.custom_dashboards.includes }} + {{- if $s }} + {{- if $includere }} + {{- $includere = printf "%s|^%s$" $includere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $includere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} + {{- end }} + {{- $excludere := "" }} + {{- range $_, $s := .Values.deployment.custom_dashboards.excludes }} + {{- if $s }} + {{- if $excludere }} + {{- $excludere = printf "%s|^%s$" $excludere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $excludere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} + {{- end }} + {{- if (and (mustRegexMatch (default "no-matches" $includere) (base .Template.Name)) (not (mustRegexMatch (default "no-matches" $excludere) (base .Template.Name)))) }} + {{- print "enabled" }} + {{- else }} + {{- print "" }} + {{- end }} +{{- else }} + {{- print "" }} +{{- end }} +{{- end }} + +{{/* +Determine the default login token signing key. +*/}} +{{- define "kiali-server.login_token.signing_key" -}} +{{- if .Values.login_token.signing_key }} + {{- .Values.login_token.signing_key }} +{{- else }} + {{- randAlphaNum 16 }} +{{- end }} +{{- end }} + +{{/* +Determine the default web root. +*/}} +{{- define "kiali-server.server.web_root" -}} +{{- if .Values.server.web_root }} + {{- .Values.server.web_root | trimSuffix "/" }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/" }} + {{- else }} + {{- "/kiali" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity cert file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.cert_file" -}} +{{- if hasKey .Values.identity "cert_file" }} + {{- .Values.identity.cert_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.crt" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity private key file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.private_key_file" -}} +{{- if hasKey .Values.identity "private_key_file" }} + {{- .Values.identity.private_key_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.key" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the istio namespace - default is where Kiali is installed. +*/}} +{{- define "kiali-server.istio_namespace" -}} +{{- if .Values.istio_namespace }} + {{- .Values.istio_namespace }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} + +{{/* +Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift. +*/}} +{{- define "kiali-server.auth.strategy" -}} +{{- if .Values.auth.strategy }} + {{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }} + {{- end }} + {{- .Values.auth.strategy }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- if not .Values.kiali_route_url }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }} + {{- end }} + {{- "openshift" }} + {{- else }} + {{- "token" }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/cabundle.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/cabundle.yaml new file mode 100755 index 000000000..7462b95a7 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/cabundle.yaml @@ -0,0 +1,13 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }}-cabundle + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + service.beta.openshift.io/inject-cabundle: "true" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/configmap.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/configmap.yaml new file mode 100755 index 000000000..b1bf53173 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/configmap.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + config.yaml: | + {{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}} + {{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }} + {{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}} + {{- $_ := set $cm.deployment "namespace" .Release.Namespace }} + {{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}} + {{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }} + {{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }} + {{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }} + {{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }} + {{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }} + {{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }} + {{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }} + {{- toYaml $cm | nindent 4 }} +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/envoy.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/envoy.yaml new file mode 100755 index 000000000..85b402017 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/envoy.yaml @@ -0,0 +1,56 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: envoy + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Envoy Metrics + discoverOn: "envoy_server_uptime" + items: + - chart: + name: "Pods uptime" + spans: 4 + metricName: "envoy_server_uptime" + dataType: "raw" + - chart: + name: "Allocated memory" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_allocated" + dataType: "raw" + min: 0 + - chart: + name: "Heap size" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_heap_size" + dataType: "raw" + min: 0 + - chart: + name: "Upstream active connections" + spans: 6 + metricName: "envoy_cluster_upstream_cx_active" + dataType: "raw" + - chart: + name: "Upstream total requests" + spans: 6 + metricName: "envoy_cluster_upstream_rq_total" + unit: "rps" + dataType: "rate" + - chart: + name: "Downstream active connections" + spans: 6 + metricName: "envoy_listener_downstream_cx_active" + dataType: "raw" + - chart: + name: "Downstream HTTP requests" + spans: 6 + metricName: "envoy_listener_http_downstream_rq" + unit: "rps" + dataType: "rate" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/go.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/go.yaml new file mode 100755 index 000000000..2d2f42a93 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/go.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: go + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Go Metrics + runtime: Go + discoverOn: "go_info" + items: + - chart: + name: "CPU ratio" + spans: 6 + metricName: "process_cpu_seconds_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "RSS Memory" + unit: "bytes" + spans: 6 + metricName: "process_resident_memory_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Goroutines" + spans: 6 + metricName: "go_goroutines" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Heap allocation rate" + unit: "bytes/s" + spans: 6 + metricName: "go_memstats_alloc_bytes_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "GC rate" + spans: 6 + metricName: "go_gc_duration_seconds_count" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Next GC" + unit: "bytes" + spans: 6 + metricName: "go_memstats_next_gc_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/kiali.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/kiali.yaml new file mode 100755 index 000000000..b1f011b4f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/kiali.yaml @@ -0,0 +1,44 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: kiali + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Kiali Internal Metrics + items: + - chart: + name: "API processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_api_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "route" + displayName: "Route" + - chart: + name: "Functions processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_go_function_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" + - chart: + name: "Failures" + spans: 12 + metricName: "kiali_go_function_failures_total" + dataType: "raw" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml new file mode 100755 index 000000000..2e1ed5cff --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml @@ -0,0 +1,43 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm-pool + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Pool Metrics + discoverOn: "jvm_buffer_total_capacity_bytes" + items: + - chart: + name: "Pool buffer memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer capacity" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_total_capacity_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer count" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_count" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml new file mode 100755 index 000000000..d64596882 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml @@ -0,0 +1,65 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live" + items: + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon" + dataType: "raw" + - chart: + name: "Loaded classes" + spans: 4 + metricName: "jvm_classes_loaded" + dataType: "raw" + + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml new file mode 100755 index 000000000..76e8d0a4a --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml @@ -0,0 +1,68 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.1-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live_threads" + items: + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live_threads" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon_threads" + dataType: "raw" + - chart: + name: "Threads states" + spans: 4 + metricName: "jvm_threads_states_threads" + dataType: "raw" + aggregations: + - label: "state" + displayName: "State" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/microprofile-1.1.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/microprofile-1.1.yaml new file mode 100755 index 000000000..1d4951196 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/microprofile-1.1.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-1.1 + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:thread_count" + items: + - chart: + name: "Current loaded classes" + spans: 6 + metricName: "base:classloader_current_loaded_class_count" + dataType: "raw" + - chart: + name: "Unloaded classes" + spans: 6 + metricName: "base:classloader_total_unloaded_class_count" + dataType: "raw" + - chart: + name: "Thread count" + spans: 4 + metricName: "base:thread_count" + dataType: "raw" + - chart: + name: "Thread max count" + spans: 4 + metricName: "base:thread_max_count" + dataType: "raw" + - chart: + name: "Thread daemon count" + spans: 4 + metricName: "base:thread_daemon_count" + dataType: "raw" + - chart: + name: "Committed heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_committed_heap_bytes" + dataType: "raw" + - chart: + name: "Max heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_max_heap_bytes" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_used_heap_bytes" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/microprofile-x.y.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/microprofile-x.y.yaml new file mode 100755 index 000000000..57ddc60ef --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/microprofile-x.y.yaml @@ -0,0 +1,38 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-x.y + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:gc_complete_scavenger_count" + items: + - chart: + name: "Young GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_young_generation_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Young GC count" + spans: 3 + metricName: "base:gc_young_generation_scavenger_count" + dataType: "raw" + - chart: + name: "Total GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_complete_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Total GC count" + spans: 3 + metricName: "base:gc_complete_scavenger_count" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/nodejs.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/nodejs.yaml new file mode 100755 index 000000000..1ffe0aa10 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/nodejs.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: nodejs + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Node.js + title: Node.js Metrics + discoverOn: "nodejs_active_handles_total" + items: + - chart: + name: "Active handles" + spans: 4 + metricName: "nodejs_active_handles_total" + dataType: "raw" + - chart: + name: "Active requests" + spans: 4 + metricName: "nodejs_active_requests_total" + dataType: "raw" + - chart: + name: "Event loop lag" + unit: "seconds" + spans: 4 + metricName: "nodejs_eventloop_lag_seconds" + dataType: "raw" + - chart: + name: "Total heap size" + unit: "bytes" + spans: 12 + metricName: "nodejs_heap_space_size_total_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Used heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_used_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Available heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_available_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/quarkus.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/quarkus.yaml new file mode 100755 index 000000000..cef5f3dce --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/quarkus.yaml @@ -0,0 +1,33 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: quarkus + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Quarkus Metrics + runtime: Quarkus + items: + - chart: + name: "Thread count" + spans: 4 + metricName: "vendor:thread_count" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_heap_usage_bytes" + dataType: "raw" + - chart: + name: "Used non-heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_non_heap_usage_bytes" + dataType: "raw" + - include: "microprofile-x.y" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml new file mode 100755 index 000000000..42d87d890 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm-pool + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Pool Metrics + items: + - include: "micrometer-1.0.6-jvm-pool" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/springboot-jvm.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/springboot-jvm.yaml new file mode 100755 index 000000000..ced3acdd9 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/springboot-jvm.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Metrics + items: + - include: "micrometer-1.0.6-jvm" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/springboot-tomcat.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/springboot-tomcat.yaml new file mode 100755 index 000000000..c07016aa2 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/springboot-tomcat.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-tomcat + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: Tomcat Metrics + items: + - include: "tomcat" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/thorntail.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/thorntail.yaml new file mode 100755 index 000000000..6bd85e6f5 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/thorntail.yaml @@ -0,0 +1,22 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: thorntail + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Thorntail + title: Thorntail Metrics + discoverOn: "vendor:loaded_modules" + items: + - include: "microprofile-1.1" + - chart: + name: "Loaded modules" + spans: 6 + metricName: "vendor:loaded_modules" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/tomcat.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/tomcat.yaml new file mode 100755 index 000000000..9a803342f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/tomcat.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: tomcat + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Tomcat + title: Tomcat Metrics + discoverOn: "tomcat_sessions_created_total" + items: + - chart: + name: "Sessions created" + spans: 4 + metricName: "tomcat_sessions_created_total" + dataType: "raw" + - chart: + name: "Active sessions" + spans: 4 + metricName: "tomcat_sessions_active_current" + dataType: "raw" + - chart: + name: "Sessions rejected" + spans: 4 + metricName: "tomcat_sessions_rejected_total" + dataType: "raw" + + - chart: + name: "Bytes sent" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_sent_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Bytes received" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_received_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + + - chart: + name: "Global errors" + spans: 6 + metricName: "tomcat_global_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Servlet errors" + spans: 6 + metricName: "tomcat_servlet_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/vertx-client.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/vertx-client.yaml new file mode 100755 index 000000000..2d591d6b0 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/vertx-client.yaml @@ -0,0 +1,60 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-client + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Client Metrics + discoverOn: "vertx_http_client_connections" + items: + - chart: + name: "Client response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_client_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_client_requestCount_total" + dataType: "rate" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client active connections" + spans: 6 + metricName: "vertx_http_client_connections" + dataType: "raw" + - chart: + name: "Client active websockets" + spans: 6 + metricName: "vertx_http_client_wsConnections" + dataType: "raw" + - chart: + name: "Client bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesSent" + dataType: "histogram" + - chart: + name: "Client bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/vertx-eventbus.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/vertx-eventbus.yaml new file mode 100755 index 000000000..65f9ee2ec --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/vertx-eventbus.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-eventbus + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Eventbus Metrics + discoverOn: "vertx_eventbus_handlers" + items: + - chart: + name: "Event bus handlers" + spans: 6 + metricName: "vertx_eventbus_handlers" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus pending messages" + spans: 6 + metricName: "vertx_eventbus_pending" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus processing time" + unit: "seconds" + spans: 6 + metricName: "vertx_eventbus_processingTime_seconds" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes read" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesRead" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes written" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesWritten" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/vertx-jvm.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/vertx-jvm.yaml new file mode 100755 index 000000000..2663186f3 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/vertx-jvm.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: JVM Metrics + items: + - include: "micrometer-1.1-jvm" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/vertx-pool.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/vertx-pool.yaml new file mode 100755 index 000000000..f6af921b3 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/vertx-pool.yaml @@ -0,0 +1,68 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-pool + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Pools Metrics + discoverOn: "vertx_pool_ratio" + items: + - chart: + name: "Usage duration" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_usage_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Usage ratio" + spans: 6 + metricName: "vertx_pool_ratio" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Queue size" + spans: 6 + metricName: "vertx_pool_queue_size" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Time in queue" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_queue_delay_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Resources used" + spans: 6 + metricName: "vertx_pool_inUse" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/vertx-server.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/vertx-server.yaml new file mode 100755 index 000000000..de6b89df9 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/dashboards/vertx-server.yaml @@ -0,0 +1,62 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-server + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Server Metrics + discoverOn: "vertx_http_server_connections" + items: + - chart: + name: "Server response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_server_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_server_requestCount_total" + dataType: "rate" + aggregations: + - label: "code" + displayName: "Error code" + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server active connections" + spans: 6 + metricName: "vertx_http_server_connections" + dataType: "raw" + - chart: + name: "Server active websockets" + spans: 6 + metricName: "vertx_http_server_wsConnections" + dataType: "raw" + - chart: + name: "Server bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesSent" + dataType: "histogram" + - chart: + name: "Server bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/deployment.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/deployment.yaml new file mode 100755 index 000000000..100c57922 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/deployment.yaml @@ -0,0 +1,174 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.deployment.replicas }} + selector: + matchLabels: + {{- include "kiali-server.selectorLabels" . | nindent 6 }} + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 8 }} + {{- if .Values.deployment.pod_labels }} + {{- toYaml .Values.deployment.pod_labels | nindent 8 }} + {{- end }} + annotations: + {{- if .Values.server.metrics_enabled }} + prometheus.io/scrape: "true" + prometheus.io/port: {{ .Values.server.metrics_port | quote }} + {{- else }} + prometheus.io/scrape: "false" + prometheus.io/port: "" + {{- end }} + kiali.io/runtimes: go,kiali + {{- if .Values.deployment.pod_annotations }} + {{- toYaml .Values.deployment.pod_annotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "kiali-server.fullname" . }} + {{- if .Values.deployment.priority_class_name }} + priorityClassName: {{ .Values.deployment.priority_class_name | quote }} + {{- end }} + {{- if .Values.deployment.image_pull_secrets }} + imagePullSecrets: + {{- range .Values.deployment.image_pull_secrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}:{{ .Values.deployment.tag }}" + imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }} + name: {{ include "kiali-server.fullname" . }} + command: + - "/opt/kiali/kiali" + - "-config" + - "/kiali-configuration/config.yaml" + ports: + - name: api-port + containerPort: {{ .Values.server.port | default 20001 }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + containerPort: {{ .Values.server.metrics_port | default 9090 }} + {{- end }} + readinessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + livenessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + env: + - name: ACTIVE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LOG_LEVEL + value: "{{ include "kiali-server.logLevel" . }}" + - name: LOG_FORMAT + value: "{{ .Values.deployment.logger.log_format }}" + - name: LOG_TIME_FIELD_FORMAT + value: "{{ .Values.deployment.logger.time_field_format }}" + - name: LOG_SAMPLER_RATE + value: "{{ .Values.deployment.logger.sampler_rate }}" + volumeMounts: + {{- if .Values.web_root_override }} + - name: kiali-console + subPath: env.js + mountPath: /opt/kiali/console/env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + mountPath: "/kiali-configuration" + - name: {{ include "kiali-server.fullname" . }}-cert + mountPath: "/kiali-cert" + - name: {{ include "kiali-server.fullname" . }}-secret + mountPath: "/kiali-secret" + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + mountPath: "/kiali-cabundle" + {{- end }} + {{- if .Values.deployment.resources }} + resources: + {{- toYaml .Values.deployment.resources | nindent 10 }} + {{- end }} + volumes: + {{- if .Values.web_root_override }} + - name: kiali-console + configMap: + name: kiali-console + items: + - key: env.js + path: env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + configMap: + name: {{ include "kiali-server.fullname" . }} + - name: {{ include "kiali-server.fullname" . }}-cert + secret: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + secretName: {{ include "kiali-server.fullname" . }}-cert-secret + {{- else }} + secretName: istio.{{ include "kiali-server.fullname" . }}-service-account + {{- end }} + {{- if not (include "kiali-server.identity.cert_file" .) }} + optional: true + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-secret + secret: + secretName: {{ .Values.deployment.secret_name }} + optional: true + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + configMap: + name: {{ include "kiali-server.fullname" . }}-cabundle + {{- end }} + {{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.pod) (.Values.deployment.pod_anti)) }} + affinity: + {{- if .Values.deployment.affinity.node }} + nodeAffinity: + {{- toYaml .Values.deployment.affinity.node | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod }} + podAffinity: + {{- toYaml .Values.deployment.affinity.pod | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod_anti }} + podAntiAffinity: + {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }} + {{- end }} + {{- end }} + {{- if .Values.deployment.tolerations }} + tolerations: + {{- toYaml .Values.deployment.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.deployment.node_selector }} + nodeSelector: + {{- toYaml .Values.deployment.node_selector | nindent 8 }} + {{- end }} +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/hpa.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/hpa.yaml new file mode 100755 index 000000000..934c4c1e9 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/hpa.yaml @@ -0,0 +1,17 @@ +{{- if .Values.deployment.hpa.spec }} +--- +apiVersion: {{ .Values.deployment.hpa.api_version }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "kiali-server.fullname" . }} + {{- toYaml .Values.deployment.hpa.spec | nindent 2 }} +... +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/ingress.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/ingress.yaml new file mode 100755 index 000000000..e4c98db1b --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/ingress.yaml @@ -0,0 +1,40 @@ +{{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} +{{- if .Values.deployment.ingress_enabled }} +--- +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }} + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- else }} + # For ingress-nginx versions older than 0.20.0 use secure-backends. + # (see: https://github.com/kubernetes/ingress-nginx/issues/3416#issuecomment-438247948) + # For ingress-nginx versions 0.20.0 and later use backend-protocol. + {{- if (include "kiali-server.identity.cert_file" .) }} + nginx.ingress.kubernetes.io/secure-backends: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + {{- else }} + nginx.ingress.kubernetes.io/secure-backends: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + {{- end }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + rules: + - http: + paths: + - path: {{ include "kiali-server.server.web_root" . }} + backend: + serviceName: {{ include "kiali-server.fullname" . }} + servicePort: {{ .Values.server.port }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/oauth.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/oauth.yaml new file mode 100755 index 000000000..a178bb85e --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/oauth.yaml @@ -0,0 +1,17 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.kiali_route_url }} +--- +apiVersion: oauth.openshift.io/v1 +kind: OAuthClient +metadata: + name: {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +redirectURIs: +- {{ .Values.kiali_route_url }} +grantMethod: auto +allowAnyScope: true +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/psp.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/psp.yaml new file mode 100755 index 000000000..f891892cc --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/psp.yaml @@ -0,0 +1,67 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "kiali-server.fullname" . }}-psp +subjects: + - kind: ServiceAccount + name: kiali +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: + - policy + resourceNames: + - {{ include "kiali-server.fullname" . }}-psp + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - emptyDir + - projected + - secret + - downwardAPI + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/role-controlplane.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/role-controlplane.yaml new file mode 100755 index 000000000..a22c76756 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/role-controlplane.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - secrets + verbs: + - list +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/role-viewer.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/role-viewer.yaml new file mode 100755 index 000000000..9fdd9fd1d --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/role-viewer.yaml @@ -0,0 +1,97 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }}-viewer + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - pods/proxy + - replicationcontrollers + - services + verbs: + - get + - list + - watch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - get + - list + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - get + - list +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/role.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/role.yaml new file mode 100755 index 000000000..8444bc753 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/role.yaml @@ -0,0 +1,108 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - pods/proxy + - replicationcontrollers + - services + verbs: + - get + - list + - patch + - watch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - patch + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - patch + - watch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - patch + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/rolebinding-controlplane.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/rolebinding-controlplane.yaml new file mode 100755 index 000000000..5a0015836 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/rolebinding-controlplane.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "kiali-server.fullname" . }}-controlplane +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/rolebinding.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/rolebinding.yaml new file mode 100755 index 000000000..1eaabd65f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + {{- if .Values.deployment.view_only_mode }} + name: {{ include "kiali-server.fullname" . }}-viewer + {{- else }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/route.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/route.yaml new file mode 100755 index 000000000..27940dc96 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/route.yaml @@ -0,0 +1,30 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.deployment.ingress_enabled }} +# As of OpenShift 4.5, need to use --disable-openapi-validation when installing via Helm +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}} + annotations: + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + tls: + termination: reencrypt + insecureEdgeTerminationPolicy: Redirect + to: + kind: Service + targetPort: {{ .Values.server.port }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/service.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/service.yaml new file mode 100755 index 000000000..9ccf4f388 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/service.yaml @@ -0,0 +1,47 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + service.beta.openshift.io/serving-cert-secret-name: {{ include "kiali-server.fullname" . }}-cert-secret + {{- end }} + kiali.io/api-spec: https://kiali.io/api + kiali.io/api-type: rest + {{- if and (not (empty .Values.server.web_fqdn)) (not (empty .Values.server.web_schema)) }} + {{- if empty .Values.server.web_port }} + kiali.io/external-url: {{ .Values.server.web_schema }}://{{ .Values.server.web_fqdn }}{{ default "" .Values.server.web_root }} + {{- else }} + kiali.io/external-url: {{ .Values.server.web_schema }}://{{ .Values.server.web_fqdn }}:{{ .Values.server.web_port }}{{(default "" .Values.server.web_root) }} + {{- end }} + {{- end }} + {{- if .Values.deployment.service_annotations }} + {{- toYaml .Values.deployment.service_annotations | nindent 4 }} + {{- end }} +spec: + {{- if .Values.deployment.service_type }} + type: {{ .Values.deployment.service_type }} + {{- end }} + ports: + {{- if (include "kiali-server.identity.cert_file" .) }} + - name: tcp + {{- else }} + - name: http + {{- end }} + protocol: TCP + port: {{ .Values.server.port }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + protocol: TCP + port: {{ .Values.server.metrics_port }} + {{- end }} + selector: + {{- include "kiali-server.selectorLabels" . | nindent 4 }} + {{- if .Values.deployment.additional_service_yaml }} + {{- toYaml .Values.deployment.additional_service_yaml | nindent 2 }} + {{- end }} +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/serviceaccount.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/serviceaccount.yaml new file mode 100755 index 000000000..9151b6f6a --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/serviceaccount.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +... diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/validate-install-crd.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/validate-install-crd.yaml new file mode 100755 index 000000000..b42eeb266 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/validate-install-crd.yaml @@ -0,0 +1,14 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "monitoring.kiali.io/v1alpha1/MonitoringDashboard" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/web-root-configmap.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/web-root-configmap.yaml new file mode 100755 index 000000000..970d4e4f5 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/templates/web-root-configmap.yaml @@ -0,0 +1,12 @@ +{{- if .Values.web_root_override }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: kiali-console + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + env.js: | + window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:kiali:20001/proxy/kiali'; +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/values.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/values.yaml new file mode 100755 index 000000000..aada4e09a --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/kiali/values.yaml @@ -0,0 +1,93 @@ +nameOverride: "kiali" +fullnameOverride: "kiali" + +# This is required for "openshift" auth strategy. +# You have to know ahead of time what your Route URL will be because +# right now the helm chart can't figure this out at runtime (it would +# need to wait for the Kiali Route to be deployed and for OpenShift +# to start it up). If someone knows how to update this helm chart to +# do this, a PR would be welcome. +kiali_route_url: "" + +# rancher specific override that allows proxy access to kiali url +web_root_override: true + +# +# Settings that mimic the Kiali CR which are placed in the ConfigMap. +# Note that only those values used by the Helm Chart will be here. +# + +istio_namespace: "" # default is where Kiali is installed + +auth: + openid: {} + openshift: {} + strategy: "" + +deployment: + # This only limits what Kiali will attempt to see, but Kiali Service Account has permissions to see everything. + # For more control over what the Kial Service Account can see, use the Kiali Operator + accessible_namespaces: + - "**" + additional_service_yaml: {} + affinity: + node: {} + pod: {} + pod_anti: {} + custom_dashboards: + excludes: [''] + includes: ['*'] + hpa: + api_version: "autoscaling/v2beta2" + spec: {} + repository: rancher/mirrored-kiali-kiali + image_pull_policy: "Always" + image_pull_secrets: [] + tag: v1.32.0 + ingress_enabled: true + logger: + log_format: "text" + log_level: "info" + time_field_format: "2006-01-02T15:04:05Z07:00" + sampler_rate: "1" + node_selector: {} + override_ingress_yaml: + metadata: {} + pod_annotations: {} + pod_labels: {} + priority_class_name: "" + replicas: 1 + resources: {} + secret_name: "kiali" + service_annotations: {} + service_type: "" + tolerations: [] + version_label: v1.32.0 + view_only_mode: false + +external_services: + custom_dashboards: + enabled: true + +identity: {} + #cert_file: + #private_key_file: + +login_token: + signing_key: "" + +server: + port: 20001 + metrics_enabled: true + metrics_port: 9090 + web_root: "" + +# Common settings used among istio subcharts. +global: + # Specify rancher clusterId of external tracing config + # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 + cattle: + systemDefaultRegistry: "" + clusterId: + rbac: + pspEnabled: false diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/.helmignore b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/Chart.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/Chart.yaml new file mode 100755 index 000000000..6e368616d --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/Chart.yaml @@ -0,0 +1,12 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: istio-system + catalog.rancher.io/release-name: rancher-tracing +apiVersion: v1 +appVersion: 1.20.0 +description: A quick start Jaeger Tracing installation using the all-in-one demo. + This is not production qualified. Refer to https://www.jaegertracing.io/ for details. +name: tracing +version: 1.20.1 diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/README.md b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/README.md new file mode 100755 index 000000000..25534c628 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/README.md @@ -0,0 +1,5 @@ +# Jaeger + +A Rancher chart based on the Jaeger all-in-one quick installation option. This chart will allow you to trace and monitor distributed microservices. + +> **Note:** The basic all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io) documentation to determine which installation you will need for your production needs. diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/_affinity.tpl b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/_affinity.tpl new file mode 100755 index 000000000..bf6a9aee5 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/_affinity.tpl @@ -0,0 +1,92 @@ +{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} +{{- define "nodeAffinity" }} + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + {{- include "nodeAffinityRequiredDuringScheduling" . }} + preferredDuringSchedulingIgnoredDuringExecution: + {{- include "nodeAffinityPreferredDuringScheduling" . }} +{{- end }} + +{{- define "nodeAffinityRequiredDuringScheduling" }} + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + {{- range $key, $val := .Values.global.arch }} + {{- if gt ($val | int) 0 }} + - {{ $key | quote }} + {{- end }} + {{- end }} + {{- $nodeSelector := default .Values.global.defaultNodeSelector .Values.nodeSelector -}} + {{- range $key, $val := $nodeSelector }} + - key: {{ $key }} + operator: In + values: + - {{ $val | quote }} + {{- end }} +{{- end }} + +{{- define "nodeAffinityPreferredDuringScheduling" }} + {{- range $key, $val := .Values.global.arch }} + {{- if gt ($val | int) 0 }} + - weight: {{ $val | int }} + preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - {{ $key | quote }} + {{- end }} + {{- end }} +{{- end }} + +{{- define "podAntiAffinity" }} +{{- if or .Values.podAntiAffinityLabelSelector .Values.podAntiAffinityTermLabelSelector}} + podAntiAffinity: + {{- if .Values.podAntiAffinityLabelSelector }} + requiredDuringSchedulingIgnoredDuringExecution: + {{- include "podAntiAffinityRequiredDuringScheduling" . }} + {{- end }} + {{- if or .Values.podAntiAffinityTermLabelSelector}} + preferredDuringSchedulingIgnoredDuringExecution: + {{- include "podAntiAffinityPreferredDuringScheduling" . }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "podAntiAffinityRequiredDuringScheduling" }} + {{- range $index, $item := .Values.podAntiAffinityLabelSelector }} + - labelSelector: + matchExpressions: + - key: {{ $item.key }} + operator: {{ $item.operator }} + {{- if $item.values }} + values: + {{- $vals := split "," $item.values }} + {{- range $i, $v := $vals }} + - {{ $v | quote }} + {{- end }} + {{- end }} + topologyKey: {{ $item.topologyKey }} + {{- end }} +{{- end }} + +{{- define "podAntiAffinityPreferredDuringScheduling" }} + {{- range $index, $item := .Values.podAntiAffinityTermLabelSelector }} + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: {{ $item.key }} + operator: {{ $item.operator }} + {{- if $item.values }} + values: + {{- $vals := split "," $item.values }} + {{- range $i, $v := $vals }} + - {{ $v | quote }} + {{- end }} + {{- end }} + topologyKey: {{ $item.topologyKey }} + weight: 100 + {{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/_helpers.tpl b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/_helpers.tpl new file mode 100755 index 000000000..56cfa7335 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "tracing.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "tracing.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/deployment.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/deployment.yaml new file mode 100755 index 000000000..25bb67fd3 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/deployment.yaml @@ -0,0 +1,86 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + selector: + matchLabels: + app: {{ .Values.provider }} + template: + metadata: + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + annotations: + sidecar.istio.io/inject: "false" + prometheus.io/scrape: "true" + prometheus.io/port: "14269" +{{- if .Values.jaeger.podAnnotations }} +{{ toYaml .Values.jaeger.podAnnotations | indent 8 }} +{{- end }} + spec: + containers: + - name: jaeger + image: "{{ template "system_default_registry" . }}{{ .Values.jaeger.repository }}:{{ .Values.jaeger.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + env: + {{- if eq .Values.jaeger.spanStorageType "badger" }} + - name: BADGER_EPHEMERAL + value: "false" + - name: SPAN_STORAGE_TYPE + value: "badger" + - name: BADGER_DIRECTORY_VALUE + value: "/badger/data" + - name: BADGER_DIRECTORY_KEY + value: "/badger/key" + {{- end }} + - name: COLLECTOR_ZIPKIN_HTTP_PORT + value: "9411" + - name: MEMORY_MAX_TRACES + value: "{{ .Values.jaeger.memory.max_traces }}" + - name: QUERY_BASE_PATH + value: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} + livenessProbe: + httpGet: + path: / + port: 14269 + readinessProbe: + httpGet: + path: / + port: 14269 +{{- if eq .Values.jaeger.spanStorageType "badger" }} + volumeMounts: + - name: data + mountPath: /badger +{{- end }} + resources: +{{- if .Values.jaeger.resources }} +{{ toYaml .Values.jaeger.resources | indent 12 }} +{{- else }} +{{ toYaml .Values.global.defaultResources | indent 12 }} +{{- end }} + affinity: + {{- include "nodeAffinity" . | indent 6 }} + {{- include "podAntiAffinity" . | indent 6 }} + {{- if .Values.global.rbac.pspEnabled }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + serviceAccountName: {{ include "tracing.fullname" . }} + {{- end }} +{{- if eq .Values.jaeger.spanStorageType "badger" }} + volumes: + - name: data +{{- if .Values.jaeger.persistentVolumeClaim.enabled }} + persistentVolumeClaim: + claimName: istio-jaeger-pvc +{{- else }} + emptyDir: {} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/psp.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/psp.yaml new file mode 100755 index 000000000..44b230492 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/psp.yaml @@ -0,0 +1,86 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "tracing.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ include "tracing.fullname" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +rules: +- apiGroups: + - policy + resourceNames: + - {{ include "tracing.fullname" . }} + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - emptyDir + - secret + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/pvc.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/pvc.yaml new file mode 100755 index 000000000..9b4c55e4f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/pvc.yaml @@ -0,0 +1,16 @@ +{{- if .Values.jaeger.persistentVolumeClaim.enabled }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: istio-jaeger-pvc + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} +spec: + storageClassName: {{ .Values.jaeger.storageClassName }} + accessModes: + - {{ .Values.jaeger.accessMode }} + resources: + requests: + storage: {{.Values.jaeger.persistentVolumeClaim.storage }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/service.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/service.yaml new file mode 100755 index 000000000..4210a9b5f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/templates/service.yaml @@ -0,0 +1,63 @@ +apiVersion: v1 +kind: Service +metadata: + name: tracing + namespace: {{ .Release.Namespace }} + annotations: + {{- range $key, $val := .Values.service.annotations }} + {{ $key }}: {{ $val | quote }} + {{- end }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + type: {{ .Values.service.type }} + ports: + - name: {{ .Values.service.name }} + port: {{ .Values.service.externalPort }} + protocol: TCP + targetPort: 16686 + selector: + app: {{ .Values.provider }} +--- +# Jaeger implements the Zipkin API. To support swapping out the tracing backend, we use a Service named Zipkin. +apiVersion: v1 +kind: Service +metadata: + name: zipkin + namespace: {{ .Release.Namespace }} + labels: + name: zipkin + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + ports: + - name: {{ .Values.service.name }} + port: {{ .Values.zipkin.queryPort }} + targetPort: {{ .Values.zipkin.queryPort }} + selector: + app: {{ .Values.provider }} +--- +apiVersion: v1 +kind: Service +metadata: + name: jaeger-collector + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + type: ClusterIP + ports: + - name: jaeger-collector-http + port: 14268 + targetPort: 14268 + protocol: TCP + - name: jaeger-collector-grpc + port: 14250 + targetPort: 14250 + protocol: TCP + selector: + app: {{ .Values.provider }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/values.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/values.yaml new file mode 100755 index 000000000..18ff81c3c --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/charts/tracing/values.yaml @@ -0,0 +1,44 @@ +provider: jaeger +contextPath: "" +nodeSelector: {} +podAntiAffinityLabelSelector: [] +podAntiAffinityTermLabelSelector: [] +nameOverride: "" +fullnameOverride: "" + +global: + cattle: + systemDefaultRegistry: "" + defaultResources: {} + imagePullPolicy: IfNotPresent + imagePullSecrets: [] + arch: + amd64: 2 + s390x: 2 + ppc64le: 2 + defaultNodeSelector: {} + rbac: + pspEnabled: false + +jaeger: + repository: rancher/mirrored-jaegertracing-all-in-one + tag: 1.20.0 + # spanStorageType value can be "memory" and "badger" for all-in-one image + spanStorageType: badger + resources: + requests: + cpu: 10m + persistentVolumeClaim: + enabled: false + storage: 5Gi + storageClassName: "" + accessMode: ReadWriteMany + memory: + max_traces: 50000 +zipkin: + queryPort: 9411 +service: + annotations: {} + name: http-query + type: ClusterIP + externalPort: 16686 diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/configs/istio-base.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/configs/istio-base.yaml new file mode 100755 index 000000000..7ff972e2d --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/configs/istio-base.yaml @@ -0,0 +1,89 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + addonComponents: + istiocoredns: + enabled: {{ .Values.istiocoredns.enabled }} + components: + base: + enabled: {{ .Values.base.enabled }} + cni: + enabled: {{ .Values.cni.enabled }} + egressGateways: + - enabled: {{ .Values.egressGateways.enabled }} + name: istio-egressgateway + ingressGateways: + - enabled: {{ .Values.ingressGateways.enabled }} + name: istio-ingressgateway + k8s: + service: + ports: + - name: status-port + port: 15021 + targetPort: 15021 + - name: http2 + port: 80 + targetPort: 8080 + nodePort: 31380 + - name: https + port: 443 + targetPort: 8443 + nodePort: 31390 + - name: tcp + port: 31400 + targetPort: 31400 + nodePort: 31400 + - name: tls + port: 15443 + targetPort: 15443 + istiodRemote: + enabled: {{ .Values.istiodRemote.enabled }} + pilot: + enabled: {{ .Values.pilot.enabled }} + hub: {{ .Values.systemDefaultRegistry | default "docker.io" }} + profile: default + tag: {{ .Values.tag }} + revision: {{ .Values.revision }} + meshConfig: + defaultConfig: + proxyMetadata: + {{- if .Values.dns.enabled }} + ISTIO_META_DNS_CAPTURE: "true" + {{- end }} + values: + gateways: + istio-egressgateway: + name: istio-egressgateway + type: {{ .Values.egressGateways.type }} + istio-ingressgateway: + name: istio-ingressgateway + type: {{ .Values.ingressGateways.type }} + global: + istioNamespace: {{ template "istio.namespace" . }} + proxy: + image: {{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }} + proxy_init: + image: {{ template "system_default_registry" . }}{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }} + {{- if .Values.global.defaultPodDisruptionBudget.enabled }} + defaultPodDisruptionBudget: + enabled: {{ .Values.global.defaultPodDisruptionBudget.enabled }} + {{- end }} + istiocoredns: + coreDNSImage: {{ template "system_default_registry" . }}{{ .Values.istiocoredns.image.repository }} + coreDNSPluginImage: {{ template "system_default_registry" . }}{{ .Values.istiocoredns.pluginImage.repository }}:{{ .Values.istiocoredns.pluginImage.tag }} + coreDNSTag: {{ .Values.istiocoredns.image.tag }} + {{- if .Values.pilot.enabled }} + pilot: + image: {{ template "system_default_registry" . }}{{ .Values.pilot.repository }}:{{ .Values.pilot.tag }} + {{- end }} + telemetry: + enabled: {{ .Values.telemetry.enabled }} + v2: + enabled: {{ .Values.telemetry.v2.enabled }} + {{- if .Values.cni.enabled }} + cni: + image: {{ template "system_default_registry" . }}{{ .Values.cni.repository }}:{{ .Values.cni.tag }} + excludeNamespaces: + {{- toYaml .Values.cni.excludeNamespaces | nindent 8 }} + logLevel: {{ .Values.cni.logLevel }} + {{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/requirements.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/requirements.yaml new file mode 100755 index 000000000..b60745780 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/requirements.yaml @@ -0,0 +1,17 @@ +dependencies: +- name: kiali + version: "" + repository: file://./charts/kiali + condition: kiali.enabled + tags: [] + enabled: false + importvalues: [] + alias: "" +- name: tracing + version: "" + repository: file://./charts/tracing + condition: tracing.enabled + tags: [] + enabled: false + importvalues: [] + alias: "" diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/samples/overlay-example.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/samples/overlay-example.yaml new file mode 100755 index 000000000..5cf3cf3b0 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/samples/overlay-example.yaml @@ -0,0 +1,37 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + components: + ingressGateways: + - enabled: true + name: ilb-gateway + namespace: user-ingressgateway-ns + k8s: + resources: + requests: + cpu: 200m + service: + ports: + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns + port: 5353 + serviceAnnotations: + cloud.google.com/load-balancer-type: internal + - enabled: true + name: other-gateway + namespace: cattle-istio-system + k8s: + resources: + requests: + cpu: 200m + service: + ports: + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns + port: 5353 + serviceAnnotations: + cloud.google.com/load-balancer-type: internal diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/_helpers.tpl b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/_helpers.tpl new file mode 100755 index 000000000..3f7af953a --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/_helpers.tpl @@ -0,0 +1,12 @@ +{{/* Ensure namespace is set the same everywhere */}} +{{- define "istio.namespace" -}} + {{- .Release.Namespace | default "istio-system" -}} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/admin-role.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/admin-role.yaml new file mode 100755 index 000000000..ad1313c4f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/admin-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + name: istio-admin + namespace: {{ template "istio.namespace" . }} +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: + - '*' + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: + - '*' diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/base-config-map.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/base-config-map.yaml new file mode 100755 index 000000000..5323917bc --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/base-config-map.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-installer-base + namespace: {{ template "istio.namespace" . }} +data: +{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/clusterrole.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/clusterrole.yaml new file mode 100755 index 000000000..a93b3df95 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/clusterrole.yaml @@ -0,0 +1,120 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istio-installer +rules: +# istio groups +- apiGroups: + - authentication.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - config.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - install.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - rbac.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - security.istio.io + resources: + - '*' + verbs: + - '*' +# k8s groups +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions.apiextensions.k8s.io + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - apps + - extensions + resources: + - daemonsets + - deployments + - deployments/finalizers + - ingresses + - replicasets + - statefulsets + verbs: + - '*' +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - '*' +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - roles + - rolebindings + verbs: + - '*' +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - namespaces + - pods + - pods/exec + - persistentvolumeclaims + - secrets + - services + - serviceaccounts + verbs: + - '*' +- apiGroups: + - policy + resourceNames: + - istio-installer + resources: + - podsecuritypolicies + verbs: + - use diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/clusterrolebinding.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..9d74a0434 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: istio-installer +subjects: +- kind: ServiceAccount + name: istio-installer + namespace: {{ template "istio.namespace" . }} +roleRef: + kind: ClusterRole + name: istio-installer + apiGroup: rbac.authorization.k8s.io diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/edit-role.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/edit-role.yaml new file mode 100755 index 000000000..d1059d58d --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/edit-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + namespace: {{ template "istio.namespace" . }} + name: istio-edit +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: + - '*' + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: + - '*' diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/istio-cni-psp.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/istio-cni-psp.yaml new file mode 100755 index 000000000..5b94c8503 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/istio-cni-psp.yaml @@ -0,0 +1,51 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: psp-istio-cni + namespace: {{ template "istio.namespace" . }} +spec: + allowPrivilegeEscalation: true + fsGroup: + rule: RunAsAny + hostNetwork: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - secret + - configMap + - emptyDir + - hostPath +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: psp-istio-cni + namespace: {{ template "istio.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: psp-istio-cni +subjects: + - kind: ServiceAccount + name: istio-cni +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: psp-istio-cni + namespace: {{ template "istio.namespace" . }} +rules: +- apiGroups: + - policy + resourceNames: + - psp-istio-cni + resources: + - podsecuritypolicies + verbs: + - use +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/istio-install-job.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/istio-install-job.yaml new file mode 100755 index 000000000..9a13f5698 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/istio-install-job.yaml @@ -0,0 +1,50 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: istioctl-installer + namespace: {{ template "istio.namespace" . }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + backoffLimit: 1 + template: + spec: + containers: + - name: istioctl-installer + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} + env: + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: ISTIO_NAMESPACE + value: {{ template "istio.namespace" . }} + - name: FORCE_INSTALL + value: {{ .Values.forceInstall | default "false" | quote }} + command: ["/bin/sh","-c"] + args: ["/usr/local/app/scripts/run.sh"] + volumeMounts: + - name: config-volume + mountPath: /app/istio-base.yaml + subPath: istio-base.yaml + {{- if .Values.overlayFile }} + - name: overlay-volume + mountPath: /app/overlay-config.yaml + subPath: overlay-config.yaml + {{- end }} + volumes: + - name: config-volume + configMap: + name: istio-installer-base + {{- if .Values.overlayFile }} + - name: overlay-volume + configMap: + name: istio-installer-overlay + {{- end }} + serviceAccountName: istio-installer + {{- if .Values.global.rbac.pspEnabled }} + securityContext: + runAsUser: 101 + runAsGroup: 101 + {{- end }} + restartPolicy: Never diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/istio-install-psp.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/istio-install-psp.yaml new file mode 100755 index 000000000..f0b5ee565 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/istio-install-psp.yaml @@ -0,0 +1,30 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: istio-installer + namespace: {{ template "istio.namespace" . }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'configMap' + - 'secret' +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/istio-psp.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/istio-psp.yaml new file mode 100755 index 000000000..b3758b74f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/istio-psp.yaml @@ -0,0 +1,81 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: istio-psp + namespace: {{ template "istio.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: istio-psp +subjects: + - kind: ServiceAccount + name: istio-egressgateway-service-account + - kind: ServiceAccount + name: istio-ingressgateway-service-account + - kind: ServiceAccount + name: istio-mixer-service-account + - kind: ServiceAccount + name: istio-operator-authproxy + - kind: ServiceAccount + name: istiod-service-account + - kind: ServiceAccount + name: istio-sidecar-injector-service-account + - kind: ServiceAccount + name: istiocoredns-service-account + - kind: ServiceAccount + name: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: istio-psp + namespace: {{ template "istio.namespace" . }} +rules: +- apiGroups: + - policy + resourceNames: + - istio-psp + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: istio-psp + namespace: {{ template "istio.namespace" . }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - emptyDir + - projected + - secret + - downwardAPI + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/istio-uninstall-job.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/istio-uninstall-job.yaml new file mode 100755 index 000000000..a7f156325 --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/istio-uninstall-job.yaml @@ -0,0 +1,45 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: istioctl-uninstaller + namespace: {{ template "istio.namespace" . }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + spec: + containers: + - name: istioctl-uninstaller + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} + env: + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: ISTIO_NAMESPACE + value: {{ template "istio.namespace" . }} + command: ["/bin/sh","-c"] + args: ["/usr/local/app/scripts/uninstall_istio_system.sh"] + volumeMounts: + - name: config-volume + mountPath: /app/istio-base.yaml + subPath: istio-base.yaml + {{- if .Values.overlayFile }} + - name: overlay-volume + mountPath: /app/overlay-config.yaml + subPath: overlay-config.yaml + {{ end }} + volumes: + - name: config-volume + configMap: + name: istio-installer-base + {{- if .Values.overlayFile }} + - name: overlay-volume + configMap: + name: istio-installer-overlay + {{ end }} + serviceAccountName: istio-installer + securityContext: + runAsUser: 101 + runAsGroup: 101 + restartPolicy: OnFailure diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/overlay-config-map.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/overlay-config-map.yaml new file mode 100755 index 000000000..287d26b2c --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/overlay-config-map.yaml @@ -0,0 +1,9 @@ +{{- if .Values.overlayFile }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-installer-overlay + namespace: {{ template "istio.namespace" . }} +data: + overlay-config.yaml: {{ toYaml .Values.overlayFile | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/service-monitors.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/service-monitors.yaml new file mode 100755 index 000000000..c3d60c4fc --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/service-monitors.yaml @@ -0,0 +1,51 @@ +{{- if .Values.kiali.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: envoy-stats-monitor + namespace: {{ template "istio.namespace" . }} + labels: + monitoring: istio-proxies +spec: + selector: + matchExpressions: + - {key: istio-prometheus-ignore, operator: DoesNotExist} + namespaceSelector: + any: true + jobLabel: envoy-stats + endpoints: + - path: /stats/prometheus + targetPort: 15090 + interval: 15s + relabelings: + - sourceLabels: [__meta_kubernetes_pod_container_port_name] + action: keep + regex: '.*-envoy-prom' + - action: labeldrop + regex: "__meta_kubernetes_pod_label_(.+)" + - sourceLabels: [__meta_kubernetes_namespace] + action: replace + targetLabel: namespace + - sourceLabels: [__meta_kubernetes_pod_name] + action: replace + targetLabel: pod_name +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: istio-component-monitor + namespace: {{ template "istio.namespace" . }} + labels: + monitoring: istio-components +spec: + jobLabel: istio + targetLabels: [app] + selector: + matchExpressions: + - {key: istio, operator: In, values: [pilot]} + namespaceSelector: + any: true + endpoints: + - port: http-monitoring + interval: 15s +{{- end -}} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/serviceaccount.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/serviceaccount.yaml new file mode 100755 index 000000000..82b6cbb7e --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: istio-installer + namespace: {{ template "istio.namespace" . }} diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/view-role.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/view-role.yaml new file mode 100755 index 000000000..5947d3eba --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/templates/view-role.yaml @@ -0,0 +1,41 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + namespace: {{ template "istio.namespace" . }} + name: istio-view +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: ["get", "watch", "list"] + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: ["get", "watch", "list"] diff --git a/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/values.yaml b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/values.yaml new file mode 100755 index 000000000..90f3d026f --- /dev/null +++ b/released/charts/rancher-istio-1.8/rancher-istio/1.8.500/values.yaml @@ -0,0 +1,95 @@ +overlayFile: "" +tag: 1.8.5 +##Setting forceInstall: true will remove the check for istio version < 1.6.x and will not analyze your install cluster prior to install +forceInstall: false + +installer: + repository: rancher/istio-installer + tag: 1.8.5-rancher1 + +##Deprecated as of 1.8, native support provided by enabling `dns.enabled=true` +istiocoredns: + enabled: false + image: + repository: rancher/mirrored-coredns-coredns + tag: 1.6.2 + pluginImage: + repository: rancher/mirrored-istio-coredns-plugin + tag: 0.2-istio-1.1 + +##Native support for dns added in 1.8 +dns: + enabled: false + +base: + enabled: true + +cni: + enabled: false + repository: rancher/mirrored-istio-install-cni + tag: 1.8.5 + logLevel: info + excludeNamespaces: + - istio-system + - kube-system + +egressGateways: + enabled: false + type: NodePort + +ingressGateways: + enabled: true + type: NodePort + +istiodRemote: + enabled: false + +pilot: + enabled: true + repository: rancher/mirrored-istio-pilot + tag: 1.8.5 + +telemetry: + enabled: true + v2: + enabled: true + +global: + cattle: + systemDefaultRegistry: "" + proxy: + repository: rancher/mirrored-istio-proxyv2 + tag: 1.8.5 + proxy_init: + repository: rancher/mirrored-istio-proxyv2 + tag: 1.8.5 + defaultPodDisruptionBudget: + enabled: true + rbac: + pspEnabled: false + +# Kiali subchart from rancher-kiali-server +kiali: + enabled: true + auth: + strategy: anonymous + deployment: + ingress_enabled: false + repository: rancher/mirrored-kiali-kiali + tag: v1.32.0 + external_services: + prometheus: + custom_metrics_url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" + url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" + tracing: + in_cluster_url: "http://tracing.istio-system.svc:16686/jaeger" + grafana: + in_cluster_url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80" + url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80" + +tracing: + enabled: false + contextPath: "/jaeger" + jaeger: + repository: rancher/mirrored-jaegertracing-all-in-one + tag: 1.20.0 diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/Chart.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/Chart.yaml new file mode 100755 index 000000000..87fc3eb52 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/Chart.yaml @@ -0,0 +1,21 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.32.100 + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Istio + catalog.cattle.io/namespace: istio-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1 + catalog.cattle.io/release-name: rancher-istio + catalog.cattle.io/requests-cpu: 710m + catalog.cattle.io/requests-memory: 2314Mi + catalog.cattle.io/ui-component: istio +apiVersion: v1 +appVersion: 1.9.2 +description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ + for details. +icon: https://charts.rancher.io/assets/logos/istio.svg +keywords: +- networking +- infrastructure +name: rancher-istio +version: 1.9.200 diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/README.md b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/README.md new file mode 100755 index 000000000..199e45312 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/README.md @@ -0,0 +1,69 @@ +# Rancher Istio Installers + +A Rancher created chart that packages the istioctl binary to install via a helm chart. + +# Installation Requirements + +## Chart Dependencies +- rancher-kiali-server-crd chart + +# Uninstallation Requirements +To ensure rancher-istio uninstalls correctly, you must uninstall rancher-istio prior to uninstalling chart dependencies (see installation requirements for chart dependencies). This is because all definitions need to be available in order to properly build the rancher-istio objects for removal. + +If you remove dependent CRD charts prior to removing rancher-istio, you may encounter the following error:: + +`Error: uninstallation completed with 1 error(s): unable to build kubernetes objects for delete: unable to recognize "": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"` + +# Addons + +## Kiali + +Kiali allows you to view and manage your istio-based service mesh through an easy to use dashboard. + +#### Dependencies +- rancher-monitoring chart or other Prometheus installation + +This dependecy installs the required CRDs for installing Kiali. Since Kiali is bundled in with Istio in this chart, if you do not have these dependencies installed, your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` when installing Istio for a succesful installation. + +> **Note:** The following configuration options assume you have installed the dependecies for Kiali. Please ensure you have Promtheus in your cluster before proceeding. + +The Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. + +To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. + +1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. +1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. + +#### External Services + +##### Prometheus +The `kiali.external_services.prometheus` url is set in the values.yaml: +``` +http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} +``` +The url depends on the default values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` being set in your rancher-monitoring or other monitoring instance. + +##### Grafana +The `kiali.external_services.grafana` url is set in the values.yaml: +``` +http://{{ .Values.nameOverride }}-grafana.{{ .Values.namespaceOverride }}.svc:{{ grafana.service.port }} +``` +The url depends on the default values for `nameOverride`, `namespaceOverride`, and `grafana.service.port` being set in your rancher-monitoring or other monitoring instance. + +##### Tracing +The `kiali.external_services.tracing` url and `.Values.tracing.contextPath` is set in the rancher-istio values.yaml: +``` +http://tracing.{{ .Values.namespaceOverride }}.svc:{{ .Values.service.externalPort }}/{{ .Values.tracing.contextPath }} +``` +The url depends on the default values for `namespaceOverride`, and `.Values.service.externalPort` being set in your rancher-tracing or other tracing instance. + +## Jaeger + +Jaeger allows you to trace and monitor distributed microservices. + +> **Note:** This addon is using the all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io/docs/1.21/getting-started/) documentation to determine which installation you will need for your production needs. + +# Installation +``` +helm install rancher-istio . --create-namespace -n istio-system +``` \ No newline at end of file diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/app-readme.md b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/app-readme.md new file mode 100755 index 000000000..0e42df083 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/app-readme.md @@ -0,0 +1,45 @@ +# Rancher Istio + +Our [Istio](https://istio.io/) installer wraps the istioctl binary commands in a handy helm chart, including an overlay file option to allow complex customization. It also includes: +* **[Kiali](https://kiali.io/)**: Used for graphing traffic flow throughout the mesh +* **[Jaeger](https://www.jaegertracing.io/)**: A quick start, all-in-one installation used for tracing distributed systemm. This is not production qualified, please refer to jaeger documentation to determine which installation you may need instead. + +### Dependencies + +**Rancher Monitoring or other Prometheus installation** + +The Prometheus CRDs are required for installing Kiali which is enabled by default. If you do not have Prometheus installed your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` to bypass this requirement. + +### Customization + +**Rancher Monitoring** + +The Rancher Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. + +To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. + +1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. +1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. + +**Custom Prometheus Installation with Kiali** + +To use a custom Monitoring installation, set the `kiali.external_services.prometheus` url in the values.yaml. This url depends on the values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` in your rancher-monitoring or other monitoring instance: +``` +http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} +``` +**Custom Grafana Installation with Kiali** + +To use a custom Grafana installation, set the `kiali.external_services.grafana` url in the values.yaml. This url depends on the values for `nameOverride`, `namespaceOverride`, and `granfa.service.port` in your rancher-monitoring or other grafana instance: +``` +http://{{ .Values.nameOverride }}-grafana.{{ .Values.namespaceOverride }}.svc:{{ grafana.service.port }} +``` +**Custom Tracing Installation with Kiali** + +To use a custom Tracing installation, set the `kiali.external_services.tracing` url and update the `.Values.tracing.contextPath` in the rancher-istio values.yaml. + +This url depends on the values for `namespaceOverride`, and `.Values.service.externalPort` in your rancher-tracing or other tracing instance.: +``` +http://tracing.{{ .Values.namespaceOverride }}.svc:{{ .Values.service.externalPort }}/{{ .Values.tracing.contextPath }} +``` + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/istio/v2.5/). diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/Chart.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/Chart.yaml new file mode 100755 index 000000000..9b6fdf385 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/Chart.yaml @@ -0,0 +1,31 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=match + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 + catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 + catalog.rancher.io/namespace: cattle-istio-system + catalog.rancher.io/release-name: rancher-kiali-server +apiVersion: v2 +appVersion: v1.32.0 +description: Kiali is an open source project for service mesh observability, refer + to https://www.kiali.io for details. This is installed as sub-chart with customized + values in Rancher's Istio. +home: https://github.com/kiali/kiali +icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png +keywords: +- istio +- kiali +- networking +- infrastructure +maintainers: +- email: kiali-users@googlegroups.com + name: Kiali + url: https://kiali.io +name: kiali +sources: +- https://github.com/kiali/kiali +- https://github.com/kiali/kiali-ui +- https://github.com/kiali/kiali-operator +- https://github.com/kiali/helm-charts +version: 1.32.1 diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/NOTES.txt b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/NOTES.txt new file mode 100755 index 000000000..751019401 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/NOTES.txt @@ -0,0 +1,5 @@ +Welcome to Kiali! For more details on Kiali, see: https://kiali.io + +The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon. + +(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}]) diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/_helpers.tpl b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/_helpers.tpl new file mode 100755 index 000000000..dd33bbe48 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/_helpers.tpl @@ -0,0 +1,192 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "kiali-server.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kiali-server.fullname" -}} +{{- if .Values.fullnameOverride }} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} + {{- $name := default .Chart.Name .Values.nameOverride }} + {{- printf "%s" $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kiali-server.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Identifies the log_level with the old verbose_mode and the new log_level considered. +*/}} +{{- define "kiali-server.logLevel" -}} +{{- if .Values.deployment.verbose_mode -}} +{{- .Values.deployment.verbose_mode -}} +{{- else -}} +{{- .Values.deployment.logger.log_level -}} +{{- end -}} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kiali-server.labels" -}} +helm.sh/chart: {{ include "kiali-server.chart" . }} +app: {{ include "kiali-server.name" . }} +{{ include "kiali-server.selectorLabels" . }} +version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/part-of: "kiali" +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kiali-server.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kiali-server.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Used to determine if a custom dashboard (defined in .Template.Name) should be deployed. +*/}} +{{- define "kiali-server.isDashboardEnabled" -}} +{{- if .Values.external_services.custom_dashboards.enabled }} + {{- $includere := "" }} + {{- range $_, $s := .Values.deployment.custom_dashboards.includes }} + {{- if $s }} + {{- if $includere }} + {{- $includere = printf "%s|^%s$" $includere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $includere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} + {{- end }} + {{- $excludere := "" }} + {{- range $_, $s := .Values.deployment.custom_dashboards.excludes }} + {{- if $s }} + {{- if $excludere }} + {{- $excludere = printf "%s|^%s$" $excludere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $excludere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} + {{- end }} + {{- if (and (mustRegexMatch (default "no-matches" $includere) (base .Template.Name)) (not (mustRegexMatch (default "no-matches" $excludere) (base .Template.Name)))) }} + {{- print "enabled" }} + {{- else }} + {{- print "" }} + {{- end }} +{{- else }} + {{- print "" }} +{{- end }} +{{- end }} + +{{/* +Determine the default login token signing key. +*/}} +{{- define "kiali-server.login_token.signing_key" -}} +{{- if .Values.login_token.signing_key }} + {{- .Values.login_token.signing_key }} +{{- else }} + {{- randAlphaNum 16 }} +{{- end }} +{{- end }} + +{{/* +Determine the default web root. +*/}} +{{- define "kiali-server.server.web_root" -}} +{{- if .Values.server.web_root }} + {{- .Values.server.web_root | trimSuffix "/" }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/" }} + {{- else }} + {{- "/kiali" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity cert file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.cert_file" -}} +{{- if hasKey .Values.identity "cert_file" }} + {{- .Values.identity.cert_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.crt" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity private key file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.private_key_file" -}} +{{- if hasKey .Values.identity "private_key_file" }} + {{- .Values.identity.private_key_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.key" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the istio namespace - default is where Kiali is installed. +*/}} +{{- define "kiali-server.istio_namespace" -}} +{{- if .Values.istio_namespace }} + {{- .Values.istio_namespace }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} + +{{/* +Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift. +*/}} +{{- define "kiali-server.auth.strategy" -}} +{{- if .Values.auth.strategy }} + {{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }} + {{- end }} + {{- .Values.auth.strategy }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- if not .Values.kiali_route_url }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }} + {{- end }} + {{- "openshift" }} + {{- else }} + {{- "token" }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/cabundle.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/cabundle.yaml new file mode 100755 index 000000000..7462b95a7 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/cabundle.yaml @@ -0,0 +1,13 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }}-cabundle + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + service.beta.openshift.io/inject-cabundle: "true" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/configmap.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/configmap.yaml new file mode 100755 index 000000000..b1bf53173 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/configmap.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + config.yaml: | + {{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}} + {{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }} + {{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}} + {{- $_ := set $cm.deployment "namespace" .Release.Namespace }} + {{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}} + {{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }} + {{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }} + {{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }} + {{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }} + {{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }} + {{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }} + {{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }} + {{- toYaml $cm | nindent 4 }} +... diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/envoy.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/envoy.yaml new file mode 100755 index 000000000..85b402017 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/envoy.yaml @@ -0,0 +1,56 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: envoy + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Envoy Metrics + discoverOn: "envoy_server_uptime" + items: + - chart: + name: "Pods uptime" + spans: 4 + metricName: "envoy_server_uptime" + dataType: "raw" + - chart: + name: "Allocated memory" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_allocated" + dataType: "raw" + min: 0 + - chart: + name: "Heap size" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_heap_size" + dataType: "raw" + min: 0 + - chart: + name: "Upstream active connections" + spans: 6 + metricName: "envoy_cluster_upstream_cx_active" + dataType: "raw" + - chart: + name: "Upstream total requests" + spans: 6 + metricName: "envoy_cluster_upstream_rq_total" + unit: "rps" + dataType: "rate" + - chart: + name: "Downstream active connections" + spans: 6 + metricName: "envoy_listener_downstream_cx_active" + dataType: "raw" + - chart: + name: "Downstream HTTP requests" + spans: 6 + metricName: "envoy_listener_http_downstream_rq" + unit: "rps" + dataType: "rate" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/go.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/go.yaml new file mode 100755 index 000000000..2d2f42a93 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/go.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: go + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Go Metrics + runtime: Go + discoverOn: "go_info" + items: + - chart: + name: "CPU ratio" + spans: 6 + metricName: "process_cpu_seconds_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "RSS Memory" + unit: "bytes" + spans: 6 + metricName: "process_resident_memory_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Goroutines" + spans: 6 + metricName: "go_goroutines" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Heap allocation rate" + unit: "bytes/s" + spans: 6 + metricName: "go_memstats_alloc_bytes_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "GC rate" + spans: 6 + metricName: "go_gc_duration_seconds_count" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Next GC" + unit: "bytes" + spans: 6 + metricName: "go_memstats_next_gc_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/kiali.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/kiali.yaml new file mode 100755 index 000000000..b1f011b4f --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/kiali.yaml @@ -0,0 +1,44 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: kiali + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Kiali Internal Metrics + items: + - chart: + name: "API processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_api_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "route" + displayName: "Route" + - chart: + name: "Functions processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_go_function_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" + - chart: + name: "Failures" + spans: 12 + metricName: "kiali_go_function_failures_total" + dataType: "raw" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml new file mode 100755 index 000000000..2e1ed5cff --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml @@ -0,0 +1,43 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm-pool + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Pool Metrics + discoverOn: "jvm_buffer_total_capacity_bytes" + items: + - chart: + name: "Pool buffer memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer capacity" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_total_capacity_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer count" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_count" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml new file mode 100755 index 000000000..d64596882 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml @@ -0,0 +1,65 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live" + items: + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon" + dataType: "raw" + - chart: + name: "Loaded classes" + spans: 4 + metricName: "jvm_classes_loaded" + dataType: "raw" + + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml new file mode 100755 index 000000000..76e8d0a4a --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml @@ -0,0 +1,68 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.1-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live_threads" + items: + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live_threads" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon_threads" + dataType: "raw" + - chart: + name: "Threads states" + spans: 4 + metricName: "jvm_threads_states_threads" + dataType: "raw" + aggregations: + - label: "state" + displayName: "State" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/microprofile-1.1.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/microprofile-1.1.yaml new file mode 100755 index 000000000..1d4951196 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/microprofile-1.1.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-1.1 + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:thread_count" + items: + - chart: + name: "Current loaded classes" + spans: 6 + metricName: "base:classloader_current_loaded_class_count" + dataType: "raw" + - chart: + name: "Unloaded classes" + spans: 6 + metricName: "base:classloader_total_unloaded_class_count" + dataType: "raw" + - chart: + name: "Thread count" + spans: 4 + metricName: "base:thread_count" + dataType: "raw" + - chart: + name: "Thread max count" + spans: 4 + metricName: "base:thread_max_count" + dataType: "raw" + - chart: + name: "Thread daemon count" + spans: 4 + metricName: "base:thread_daemon_count" + dataType: "raw" + - chart: + name: "Committed heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_committed_heap_bytes" + dataType: "raw" + - chart: + name: "Max heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_max_heap_bytes" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_used_heap_bytes" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/microprofile-x.y.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/microprofile-x.y.yaml new file mode 100755 index 000000000..57ddc60ef --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/microprofile-x.y.yaml @@ -0,0 +1,38 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-x.y + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:gc_complete_scavenger_count" + items: + - chart: + name: "Young GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_young_generation_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Young GC count" + spans: 3 + metricName: "base:gc_young_generation_scavenger_count" + dataType: "raw" + - chart: + name: "Total GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_complete_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Total GC count" + spans: 3 + metricName: "base:gc_complete_scavenger_count" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/nodejs.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/nodejs.yaml new file mode 100755 index 000000000..1ffe0aa10 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/nodejs.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: nodejs + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Node.js + title: Node.js Metrics + discoverOn: "nodejs_active_handles_total" + items: + - chart: + name: "Active handles" + spans: 4 + metricName: "nodejs_active_handles_total" + dataType: "raw" + - chart: + name: "Active requests" + spans: 4 + metricName: "nodejs_active_requests_total" + dataType: "raw" + - chart: + name: "Event loop lag" + unit: "seconds" + spans: 4 + metricName: "nodejs_eventloop_lag_seconds" + dataType: "raw" + - chart: + name: "Total heap size" + unit: "bytes" + spans: 12 + metricName: "nodejs_heap_space_size_total_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Used heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_used_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Available heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_available_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/quarkus.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/quarkus.yaml new file mode 100755 index 000000000..cef5f3dce --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/quarkus.yaml @@ -0,0 +1,33 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: quarkus + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Quarkus Metrics + runtime: Quarkus + items: + - chart: + name: "Thread count" + spans: 4 + metricName: "vendor:thread_count" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_heap_usage_bytes" + dataType: "raw" + - chart: + name: "Used non-heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_non_heap_usage_bytes" + dataType: "raw" + - include: "microprofile-x.y" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml new file mode 100755 index 000000000..42d87d890 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm-pool + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Pool Metrics + items: + - include: "micrometer-1.0.6-jvm-pool" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/springboot-jvm.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/springboot-jvm.yaml new file mode 100755 index 000000000..ced3acdd9 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/springboot-jvm.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Metrics + items: + - include: "micrometer-1.0.6-jvm" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/springboot-tomcat.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/springboot-tomcat.yaml new file mode 100755 index 000000000..c07016aa2 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/springboot-tomcat.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-tomcat + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: Tomcat Metrics + items: + - include: "tomcat" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/thorntail.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/thorntail.yaml new file mode 100755 index 000000000..6bd85e6f5 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/thorntail.yaml @@ -0,0 +1,22 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: thorntail + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Thorntail + title: Thorntail Metrics + discoverOn: "vendor:loaded_modules" + items: + - include: "microprofile-1.1" + - chart: + name: "Loaded modules" + spans: 6 + metricName: "vendor:loaded_modules" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/tomcat.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/tomcat.yaml new file mode 100755 index 000000000..9a803342f --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/tomcat.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: tomcat + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Tomcat + title: Tomcat Metrics + discoverOn: "tomcat_sessions_created_total" + items: + - chart: + name: "Sessions created" + spans: 4 + metricName: "tomcat_sessions_created_total" + dataType: "raw" + - chart: + name: "Active sessions" + spans: 4 + metricName: "tomcat_sessions_active_current" + dataType: "raw" + - chart: + name: "Sessions rejected" + spans: 4 + metricName: "tomcat_sessions_rejected_total" + dataType: "raw" + + - chart: + name: "Bytes sent" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_sent_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Bytes received" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_received_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + + - chart: + name: "Global errors" + spans: 6 + metricName: "tomcat_global_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Servlet errors" + spans: 6 + metricName: "tomcat_servlet_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/vertx-client.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/vertx-client.yaml new file mode 100755 index 000000000..2d591d6b0 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/vertx-client.yaml @@ -0,0 +1,60 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-client + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Client Metrics + discoverOn: "vertx_http_client_connections" + items: + - chart: + name: "Client response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_client_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_client_requestCount_total" + dataType: "rate" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client active connections" + spans: 6 + metricName: "vertx_http_client_connections" + dataType: "raw" + - chart: + name: "Client active websockets" + spans: 6 + metricName: "vertx_http_client_wsConnections" + dataType: "raw" + - chart: + name: "Client bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesSent" + dataType: "histogram" + - chart: + name: "Client bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/vertx-eventbus.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/vertx-eventbus.yaml new file mode 100755 index 000000000..65f9ee2ec --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/vertx-eventbus.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-eventbus + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Eventbus Metrics + discoverOn: "vertx_eventbus_handlers" + items: + - chart: + name: "Event bus handlers" + spans: 6 + metricName: "vertx_eventbus_handlers" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus pending messages" + spans: 6 + metricName: "vertx_eventbus_pending" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus processing time" + unit: "seconds" + spans: 6 + metricName: "vertx_eventbus_processingTime_seconds" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes read" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesRead" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes written" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesWritten" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/vertx-jvm.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/vertx-jvm.yaml new file mode 100755 index 000000000..2663186f3 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/vertx-jvm.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: JVM Metrics + items: + - include: "micrometer-1.1-jvm" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/vertx-pool.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/vertx-pool.yaml new file mode 100755 index 000000000..f6af921b3 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/vertx-pool.yaml @@ -0,0 +1,68 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-pool + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Pools Metrics + discoverOn: "vertx_pool_ratio" + items: + - chart: + name: "Usage duration" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_usage_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Usage ratio" + spans: 6 + metricName: "vertx_pool_ratio" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Queue size" + spans: 6 + metricName: "vertx_pool_queue_size" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Time in queue" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_queue_delay_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Resources used" + spans: 6 + metricName: "vertx_pool_inUse" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/vertx-server.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/vertx-server.yaml new file mode 100755 index 000000000..de6b89df9 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/dashboards/vertx-server.yaml @@ -0,0 +1,62 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-server + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Server Metrics + discoverOn: "vertx_http_server_connections" + items: + - chart: + name: "Server response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_server_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_server_requestCount_total" + dataType: "rate" + aggregations: + - label: "code" + displayName: "Error code" + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server active connections" + spans: 6 + metricName: "vertx_http_server_connections" + dataType: "raw" + - chart: + name: "Server active websockets" + spans: 6 + metricName: "vertx_http_server_wsConnections" + dataType: "raw" + - chart: + name: "Server bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesSent" + dataType: "histogram" + - chart: + name: "Server bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/deployment.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/deployment.yaml new file mode 100755 index 000000000..100c57922 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/deployment.yaml @@ -0,0 +1,174 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.deployment.replicas }} + selector: + matchLabels: + {{- include "kiali-server.selectorLabels" . | nindent 6 }} + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 8 }} + {{- if .Values.deployment.pod_labels }} + {{- toYaml .Values.deployment.pod_labels | nindent 8 }} + {{- end }} + annotations: + {{- if .Values.server.metrics_enabled }} + prometheus.io/scrape: "true" + prometheus.io/port: {{ .Values.server.metrics_port | quote }} + {{- else }} + prometheus.io/scrape: "false" + prometheus.io/port: "" + {{- end }} + kiali.io/runtimes: go,kiali + {{- if .Values.deployment.pod_annotations }} + {{- toYaml .Values.deployment.pod_annotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "kiali-server.fullname" . }} + {{- if .Values.deployment.priority_class_name }} + priorityClassName: {{ .Values.deployment.priority_class_name | quote }} + {{- end }} + {{- if .Values.deployment.image_pull_secrets }} + imagePullSecrets: + {{- range .Values.deployment.image_pull_secrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}:{{ .Values.deployment.tag }}" + imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }} + name: {{ include "kiali-server.fullname" . }} + command: + - "/opt/kiali/kiali" + - "-config" + - "/kiali-configuration/config.yaml" + ports: + - name: api-port + containerPort: {{ .Values.server.port | default 20001 }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + containerPort: {{ .Values.server.metrics_port | default 9090 }} + {{- end }} + readinessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + livenessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + env: + - name: ACTIVE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LOG_LEVEL + value: "{{ include "kiali-server.logLevel" . }}" + - name: LOG_FORMAT + value: "{{ .Values.deployment.logger.log_format }}" + - name: LOG_TIME_FIELD_FORMAT + value: "{{ .Values.deployment.logger.time_field_format }}" + - name: LOG_SAMPLER_RATE + value: "{{ .Values.deployment.logger.sampler_rate }}" + volumeMounts: + {{- if .Values.web_root_override }} + - name: kiali-console + subPath: env.js + mountPath: /opt/kiali/console/env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + mountPath: "/kiali-configuration" + - name: {{ include "kiali-server.fullname" . }}-cert + mountPath: "/kiali-cert" + - name: {{ include "kiali-server.fullname" . }}-secret + mountPath: "/kiali-secret" + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + mountPath: "/kiali-cabundle" + {{- end }} + {{- if .Values.deployment.resources }} + resources: + {{- toYaml .Values.deployment.resources | nindent 10 }} + {{- end }} + volumes: + {{- if .Values.web_root_override }} + - name: kiali-console + configMap: + name: kiali-console + items: + - key: env.js + path: env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + configMap: + name: {{ include "kiali-server.fullname" . }} + - name: {{ include "kiali-server.fullname" . }}-cert + secret: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + secretName: {{ include "kiali-server.fullname" . }}-cert-secret + {{- else }} + secretName: istio.{{ include "kiali-server.fullname" . }}-service-account + {{- end }} + {{- if not (include "kiali-server.identity.cert_file" .) }} + optional: true + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-secret + secret: + secretName: {{ .Values.deployment.secret_name }} + optional: true + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + configMap: + name: {{ include "kiali-server.fullname" . }}-cabundle + {{- end }} + {{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.pod) (.Values.deployment.pod_anti)) }} + affinity: + {{- if .Values.deployment.affinity.node }} + nodeAffinity: + {{- toYaml .Values.deployment.affinity.node | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod }} + podAffinity: + {{- toYaml .Values.deployment.affinity.pod | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod_anti }} + podAntiAffinity: + {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }} + {{- end }} + {{- end }} + {{- if .Values.deployment.tolerations }} + tolerations: + {{- toYaml .Values.deployment.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.deployment.node_selector }} + nodeSelector: + {{- toYaml .Values.deployment.node_selector | nindent 8 }} + {{- end }} +... diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/hpa.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/hpa.yaml new file mode 100755 index 000000000..934c4c1e9 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/hpa.yaml @@ -0,0 +1,17 @@ +{{- if .Values.deployment.hpa.spec }} +--- +apiVersion: {{ .Values.deployment.hpa.api_version }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "kiali-server.fullname" . }} + {{- toYaml .Values.deployment.hpa.spec | nindent 2 }} +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/ingress.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/ingress.yaml new file mode 100755 index 000000000..e4c98db1b --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/ingress.yaml @@ -0,0 +1,40 @@ +{{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} +{{- if .Values.deployment.ingress_enabled }} +--- +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }} + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- else }} + # For ingress-nginx versions older than 0.20.0 use secure-backends. + # (see: https://github.com/kubernetes/ingress-nginx/issues/3416#issuecomment-438247948) + # For ingress-nginx versions 0.20.0 and later use backend-protocol. + {{- if (include "kiali-server.identity.cert_file" .) }} + nginx.ingress.kubernetes.io/secure-backends: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + {{- else }} + nginx.ingress.kubernetes.io/secure-backends: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + {{- end }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + rules: + - http: + paths: + - path: {{ include "kiali-server.server.web_root" . }} + backend: + serviceName: {{ include "kiali-server.fullname" . }} + servicePort: {{ .Values.server.port }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/oauth.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/oauth.yaml new file mode 100755 index 000000000..a178bb85e --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/oauth.yaml @@ -0,0 +1,17 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.kiali_route_url }} +--- +apiVersion: oauth.openshift.io/v1 +kind: OAuthClient +metadata: + name: {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +redirectURIs: +- {{ .Values.kiali_route_url }} +grantMethod: auto +allowAnyScope: true +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/psp.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/psp.yaml new file mode 100755 index 000000000..f891892cc --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/psp.yaml @@ -0,0 +1,67 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "kiali-server.fullname" . }}-psp +subjects: + - kind: ServiceAccount + name: kiali +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: + - policy + resourceNames: + - {{ include "kiali-server.fullname" . }}-psp + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - emptyDir + - projected + - secret + - downwardAPI + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/role-controlplane.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/role-controlplane.yaml new file mode 100755 index 000000000..a22c76756 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/role-controlplane.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - secrets + verbs: + - list +... diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/role-viewer.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/role-viewer.yaml new file mode 100755 index 000000000..9fdd9fd1d --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/role-viewer.yaml @@ -0,0 +1,97 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }}-viewer + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - pods/proxy + - replicationcontrollers + - services + verbs: + - get + - list + - watch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - get + - list + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - get + - list +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/role.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/role.yaml new file mode 100755 index 000000000..8444bc753 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/role.yaml @@ -0,0 +1,108 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - pods/proxy + - replicationcontrollers + - services + verbs: + - get + - list + - patch + - watch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - patch + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - patch + - watch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - patch + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/rolebinding-controlplane.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/rolebinding-controlplane.yaml new file mode 100755 index 000000000..5a0015836 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/rolebinding-controlplane.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "kiali-server.fullname" . }}-controlplane +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/rolebinding.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/rolebinding.yaml new file mode 100755 index 000000000..1eaabd65f --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + {{- if .Values.deployment.view_only_mode }} + name: {{ include "kiali-server.fullname" . }}-viewer + {{- else }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/route.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/route.yaml new file mode 100755 index 000000000..27940dc96 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/route.yaml @@ -0,0 +1,30 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.deployment.ingress_enabled }} +# As of OpenShift 4.5, need to use --disable-openapi-validation when installing via Helm +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}} + annotations: + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + tls: + termination: reencrypt + insecureEdgeTerminationPolicy: Redirect + to: + kind: Service + targetPort: {{ .Values.server.port }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/service.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/service.yaml new file mode 100755 index 000000000..9ccf4f388 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/service.yaml @@ -0,0 +1,47 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + service.beta.openshift.io/serving-cert-secret-name: {{ include "kiali-server.fullname" . }}-cert-secret + {{- end }} + kiali.io/api-spec: https://kiali.io/api + kiali.io/api-type: rest + {{- if and (not (empty .Values.server.web_fqdn)) (not (empty .Values.server.web_schema)) }} + {{- if empty .Values.server.web_port }} + kiali.io/external-url: {{ .Values.server.web_schema }}://{{ .Values.server.web_fqdn }}{{ default "" .Values.server.web_root }} + {{- else }} + kiali.io/external-url: {{ .Values.server.web_schema }}://{{ .Values.server.web_fqdn }}:{{ .Values.server.web_port }}{{(default "" .Values.server.web_root) }} + {{- end }} + {{- end }} + {{- if .Values.deployment.service_annotations }} + {{- toYaml .Values.deployment.service_annotations | nindent 4 }} + {{- end }} +spec: + {{- if .Values.deployment.service_type }} + type: {{ .Values.deployment.service_type }} + {{- end }} + ports: + {{- if (include "kiali-server.identity.cert_file" .) }} + - name: tcp + {{- else }} + - name: http + {{- end }} + protocol: TCP + port: {{ .Values.server.port }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + protocol: TCP + port: {{ .Values.server.metrics_port }} + {{- end }} + selector: + {{- include "kiali-server.selectorLabels" . | nindent 4 }} + {{- if .Values.deployment.additional_service_yaml }} + {{- toYaml .Values.deployment.additional_service_yaml | nindent 2 }} + {{- end }} +... diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/serviceaccount.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/serviceaccount.yaml new file mode 100755 index 000000000..9151b6f6a --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/serviceaccount.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +... diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/validate-install-crd.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/validate-install-crd.yaml new file mode 100755 index 000000000..b42eeb266 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/validate-install-crd.yaml @@ -0,0 +1,14 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "monitoring.kiali.io/v1alpha1/MonitoringDashboard" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/web-root-configmap.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/web-root-configmap.yaml new file mode 100755 index 000000000..970d4e4f5 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/templates/web-root-configmap.yaml @@ -0,0 +1,12 @@ +{{- if .Values.web_root_override }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: kiali-console + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + env.js: | + window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:kiali:20001/proxy/kiali'; +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/values.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/values.yaml new file mode 100755 index 000000000..aada4e09a --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/kiali/values.yaml @@ -0,0 +1,93 @@ +nameOverride: "kiali" +fullnameOverride: "kiali" + +# This is required for "openshift" auth strategy. +# You have to know ahead of time what your Route URL will be because +# right now the helm chart can't figure this out at runtime (it would +# need to wait for the Kiali Route to be deployed and for OpenShift +# to start it up). If someone knows how to update this helm chart to +# do this, a PR would be welcome. +kiali_route_url: "" + +# rancher specific override that allows proxy access to kiali url +web_root_override: true + +# +# Settings that mimic the Kiali CR which are placed in the ConfigMap. +# Note that only those values used by the Helm Chart will be here. +# + +istio_namespace: "" # default is where Kiali is installed + +auth: + openid: {} + openshift: {} + strategy: "" + +deployment: + # This only limits what Kiali will attempt to see, but Kiali Service Account has permissions to see everything. + # For more control over what the Kial Service Account can see, use the Kiali Operator + accessible_namespaces: + - "**" + additional_service_yaml: {} + affinity: + node: {} + pod: {} + pod_anti: {} + custom_dashboards: + excludes: [''] + includes: ['*'] + hpa: + api_version: "autoscaling/v2beta2" + spec: {} + repository: rancher/mirrored-kiali-kiali + image_pull_policy: "Always" + image_pull_secrets: [] + tag: v1.32.0 + ingress_enabled: true + logger: + log_format: "text" + log_level: "info" + time_field_format: "2006-01-02T15:04:05Z07:00" + sampler_rate: "1" + node_selector: {} + override_ingress_yaml: + metadata: {} + pod_annotations: {} + pod_labels: {} + priority_class_name: "" + replicas: 1 + resources: {} + secret_name: "kiali" + service_annotations: {} + service_type: "" + tolerations: [] + version_label: v1.32.0 + view_only_mode: false + +external_services: + custom_dashboards: + enabled: true + +identity: {} + #cert_file: + #private_key_file: + +login_token: + signing_key: "" + +server: + port: 20001 + metrics_enabled: true + metrics_port: 9090 + web_root: "" + +# Common settings used among istio subcharts. +global: + # Specify rancher clusterId of external tracing config + # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 + cattle: + systemDefaultRegistry: "" + clusterId: + rbac: + pspEnabled: false diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/.helmignore b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/Chart.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/Chart.yaml new file mode 100755 index 000000000..6e368616d --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/Chart.yaml @@ -0,0 +1,12 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: istio-system + catalog.rancher.io/release-name: rancher-tracing +apiVersion: v1 +appVersion: 1.20.0 +description: A quick start Jaeger Tracing installation using the all-in-one demo. + This is not production qualified. Refer to https://www.jaegertracing.io/ for details. +name: tracing +version: 1.20.1 diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/README.md b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/README.md new file mode 100755 index 000000000..25534c628 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/README.md @@ -0,0 +1,5 @@ +# Jaeger + +A Rancher chart based on the Jaeger all-in-one quick installation option. This chart will allow you to trace and monitor distributed microservices. + +> **Note:** The basic all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io) documentation to determine which installation you will need for your production needs. diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/_affinity.tpl b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/_affinity.tpl new file mode 100755 index 000000000..bf6a9aee5 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/_affinity.tpl @@ -0,0 +1,92 @@ +{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} +{{- define "nodeAffinity" }} + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + {{- include "nodeAffinityRequiredDuringScheduling" . }} + preferredDuringSchedulingIgnoredDuringExecution: + {{- include "nodeAffinityPreferredDuringScheduling" . }} +{{- end }} + +{{- define "nodeAffinityRequiredDuringScheduling" }} + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + {{- range $key, $val := .Values.global.arch }} + {{- if gt ($val | int) 0 }} + - {{ $key | quote }} + {{- end }} + {{- end }} + {{- $nodeSelector := default .Values.global.defaultNodeSelector .Values.nodeSelector -}} + {{- range $key, $val := $nodeSelector }} + - key: {{ $key }} + operator: In + values: + - {{ $val | quote }} + {{- end }} +{{- end }} + +{{- define "nodeAffinityPreferredDuringScheduling" }} + {{- range $key, $val := .Values.global.arch }} + {{- if gt ($val | int) 0 }} + - weight: {{ $val | int }} + preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - {{ $key | quote }} + {{- end }} + {{- end }} +{{- end }} + +{{- define "podAntiAffinity" }} +{{- if or .Values.podAntiAffinityLabelSelector .Values.podAntiAffinityTermLabelSelector}} + podAntiAffinity: + {{- if .Values.podAntiAffinityLabelSelector }} + requiredDuringSchedulingIgnoredDuringExecution: + {{- include "podAntiAffinityRequiredDuringScheduling" . }} + {{- end }} + {{- if or .Values.podAntiAffinityTermLabelSelector}} + preferredDuringSchedulingIgnoredDuringExecution: + {{- include "podAntiAffinityPreferredDuringScheduling" . }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "podAntiAffinityRequiredDuringScheduling" }} + {{- range $index, $item := .Values.podAntiAffinityLabelSelector }} + - labelSelector: + matchExpressions: + - key: {{ $item.key }} + operator: {{ $item.operator }} + {{- if $item.values }} + values: + {{- $vals := split "," $item.values }} + {{- range $i, $v := $vals }} + - {{ $v | quote }} + {{- end }} + {{- end }} + topologyKey: {{ $item.topologyKey }} + {{- end }} +{{- end }} + +{{- define "podAntiAffinityPreferredDuringScheduling" }} + {{- range $index, $item := .Values.podAntiAffinityTermLabelSelector }} + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: {{ $item.key }} + operator: {{ $item.operator }} + {{- if $item.values }} + values: + {{- $vals := split "," $item.values }} + {{- range $i, $v := $vals }} + - {{ $v | quote }} + {{- end }} + {{- end }} + topologyKey: {{ $item.topologyKey }} + weight: 100 + {{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/_helpers.tpl b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/_helpers.tpl new file mode 100755 index 000000000..56cfa7335 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "tracing.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "tracing.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/deployment.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/deployment.yaml new file mode 100755 index 000000000..25bb67fd3 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/deployment.yaml @@ -0,0 +1,86 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + selector: + matchLabels: + app: {{ .Values.provider }} + template: + metadata: + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + annotations: + sidecar.istio.io/inject: "false" + prometheus.io/scrape: "true" + prometheus.io/port: "14269" +{{- if .Values.jaeger.podAnnotations }} +{{ toYaml .Values.jaeger.podAnnotations | indent 8 }} +{{- end }} + spec: + containers: + - name: jaeger + image: "{{ template "system_default_registry" . }}{{ .Values.jaeger.repository }}:{{ .Values.jaeger.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + env: + {{- if eq .Values.jaeger.spanStorageType "badger" }} + - name: BADGER_EPHEMERAL + value: "false" + - name: SPAN_STORAGE_TYPE + value: "badger" + - name: BADGER_DIRECTORY_VALUE + value: "/badger/data" + - name: BADGER_DIRECTORY_KEY + value: "/badger/key" + {{- end }} + - name: COLLECTOR_ZIPKIN_HTTP_PORT + value: "9411" + - name: MEMORY_MAX_TRACES + value: "{{ .Values.jaeger.memory.max_traces }}" + - name: QUERY_BASE_PATH + value: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} + livenessProbe: + httpGet: + path: / + port: 14269 + readinessProbe: + httpGet: + path: / + port: 14269 +{{- if eq .Values.jaeger.spanStorageType "badger" }} + volumeMounts: + - name: data + mountPath: /badger +{{- end }} + resources: +{{- if .Values.jaeger.resources }} +{{ toYaml .Values.jaeger.resources | indent 12 }} +{{- else }} +{{ toYaml .Values.global.defaultResources | indent 12 }} +{{- end }} + affinity: + {{- include "nodeAffinity" . | indent 6 }} + {{- include "podAntiAffinity" . | indent 6 }} + {{- if .Values.global.rbac.pspEnabled }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + serviceAccountName: {{ include "tracing.fullname" . }} + {{- end }} +{{- if eq .Values.jaeger.spanStorageType "badger" }} + volumes: + - name: data +{{- if .Values.jaeger.persistentVolumeClaim.enabled }} + persistentVolumeClaim: + claimName: istio-jaeger-pvc +{{- else }} + emptyDir: {} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/psp.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/psp.yaml new file mode 100755 index 000000000..44b230492 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/psp.yaml @@ -0,0 +1,86 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "tracing.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ include "tracing.fullname" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +rules: +- apiGroups: + - policy + resourceNames: + - {{ include "tracing.fullname" . }} + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - emptyDir + - secret + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/pvc.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/pvc.yaml new file mode 100755 index 000000000..9b4c55e4f --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/pvc.yaml @@ -0,0 +1,16 @@ +{{- if .Values.jaeger.persistentVolumeClaim.enabled }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: istio-jaeger-pvc + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} +spec: + storageClassName: {{ .Values.jaeger.storageClassName }} + accessModes: + - {{ .Values.jaeger.accessMode }} + resources: + requests: + storage: {{.Values.jaeger.persistentVolumeClaim.storage }} +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/service.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/service.yaml new file mode 100755 index 000000000..4210a9b5f --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/templates/service.yaml @@ -0,0 +1,63 @@ +apiVersion: v1 +kind: Service +metadata: + name: tracing + namespace: {{ .Release.Namespace }} + annotations: + {{- range $key, $val := .Values.service.annotations }} + {{ $key }}: {{ $val | quote }} + {{- end }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + type: {{ .Values.service.type }} + ports: + - name: {{ .Values.service.name }} + port: {{ .Values.service.externalPort }} + protocol: TCP + targetPort: 16686 + selector: + app: {{ .Values.provider }} +--- +# Jaeger implements the Zipkin API. To support swapping out the tracing backend, we use a Service named Zipkin. +apiVersion: v1 +kind: Service +metadata: + name: zipkin + namespace: {{ .Release.Namespace }} + labels: + name: zipkin + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + ports: + - name: {{ .Values.service.name }} + port: {{ .Values.zipkin.queryPort }} + targetPort: {{ .Values.zipkin.queryPort }} + selector: + app: {{ .Values.provider }} +--- +apiVersion: v1 +kind: Service +metadata: + name: jaeger-collector + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + type: ClusterIP + ports: + - name: jaeger-collector-http + port: 14268 + targetPort: 14268 + protocol: TCP + - name: jaeger-collector-grpc + port: 14250 + targetPort: 14250 + protocol: TCP + selector: + app: {{ .Values.provider }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/values.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/values.yaml new file mode 100755 index 000000000..18ff81c3c --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/charts/tracing/values.yaml @@ -0,0 +1,44 @@ +provider: jaeger +contextPath: "" +nodeSelector: {} +podAntiAffinityLabelSelector: [] +podAntiAffinityTermLabelSelector: [] +nameOverride: "" +fullnameOverride: "" + +global: + cattle: + systemDefaultRegistry: "" + defaultResources: {} + imagePullPolicy: IfNotPresent + imagePullSecrets: [] + arch: + amd64: 2 + s390x: 2 + ppc64le: 2 + defaultNodeSelector: {} + rbac: + pspEnabled: false + +jaeger: + repository: rancher/mirrored-jaegertracing-all-in-one + tag: 1.20.0 + # spanStorageType value can be "memory" and "badger" for all-in-one image + spanStorageType: badger + resources: + requests: + cpu: 10m + persistentVolumeClaim: + enabled: false + storage: 5Gi + storageClassName: "" + accessMode: ReadWriteMany + memory: + max_traces: 50000 +zipkin: + queryPort: 9411 +service: + annotations: {} + name: http-query + type: ClusterIP + externalPort: 16686 diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/configs/istio-base.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/configs/istio-base.yaml new file mode 100755 index 000000000..7ff972e2d --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/configs/istio-base.yaml @@ -0,0 +1,89 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + addonComponents: + istiocoredns: + enabled: {{ .Values.istiocoredns.enabled }} + components: + base: + enabled: {{ .Values.base.enabled }} + cni: + enabled: {{ .Values.cni.enabled }} + egressGateways: + - enabled: {{ .Values.egressGateways.enabled }} + name: istio-egressgateway + ingressGateways: + - enabled: {{ .Values.ingressGateways.enabled }} + name: istio-ingressgateway + k8s: + service: + ports: + - name: status-port + port: 15021 + targetPort: 15021 + - name: http2 + port: 80 + targetPort: 8080 + nodePort: 31380 + - name: https + port: 443 + targetPort: 8443 + nodePort: 31390 + - name: tcp + port: 31400 + targetPort: 31400 + nodePort: 31400 + - name: tls + port: 15443 + targetPort: 15443 + istiodRemote: + enabled: {{ .Values.istiodRemote.enabled }} + pilot: + enabled: {{ .Values.pilot.enabled }} + hub: {{ .Values.systemDefaultRegistry | default "docker.io" }} + profile: default + tag: {{ .Values.tag }} + revision: {{ .Values.revision }} + meshConfig: + defaultConfig: + proxyMetadata: + {{- if .Values.dns.enabled }} + ISTIO_META_DNS_CAPTURE: "true" + {{- end }} + values: + gateways: + istio-egressgateway: + name: istio-egressgateway + type: {{ .Values.egressGateways.type }} + istio-ingressgateway: + name: istio-ingressgateway + type: {{ .Values.ingressGateways.type }} + global: + istioNamespace: {{ template "istio.namespace" . }} + proxy: + image: {{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }} + proxy_init: + image: {{ template "system_default_registry" . }}{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }} + {{- if .Values.global.defaultPodDisruptionBudget.enabled }} + defaultPodDisruptionBudget: + enabled: {{ .Values.global.defaultPodDisruptionBudget.enabled }} + {{- end }} + istiocoredns: + coreDNSImage: {{ template "system_default_registry" . }}{{ .Values.istiocoredns.image.repository }} + coreDNSPluginImage: {{ template "system_default_registry" . }}{{ .Values.istiocoredns.pluginImage.repository }}:{{ .Values.istiocoredns.pluginImage.tag }} + coreDNSTag: {{ .Values.istiocoredns.image.tag }} + {{- if .Values.pilot.enabled }} + pilot: + image: {{ template "system_default_registry" . }}{{ .Values.pilot.repository }}:{{ .Values.pilot.tag }} + {{- end }} + telemetry: + enabled: {{ .Values.telemetry.enabled }} + v2: + enabled: {{ .Values.telemetry.v2.enabled }} + {{- if .Values.cni.enabled }} + cni: + image: {{ template "system_default_registry" . }}{{ .Values.cni.repository }}:{{ .Values.cni.tag }} + excludeNamespaces: + {{- toYaml .Values.cni.excludeNamespaces | nindent 8 }} + logLevel: {{ .Values.cni.logLevel }} + {{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/requirements.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/requirements.yaml new file mode 100755 index 000000000..b60745780 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/requirements.yaml @@ -0,0 +1,17 @@ +dependencies: +- name: kiali + version: "" + repository: file://./charts/kiali + condition: kiali.enabled + tags: [] + enabled: false + importvalues: [] + alias: "" +- name: tracing + version: "" + repository: file://./charts/tracing + condition: tracing.enabled + tags: [] + enabled: false + importvalues: [] + alias: "" diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/samples/overlay-example.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/samples/overlay-example.yaml new file mode 100755 index 000000000..5cf3cf3b0 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/samples/overlay-example.yaml @@ -0,0 +1,37 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + components: + ingressGateways: + - enabled: true + name: ilb-gateway + namespace: user-ingressgateway-ns + k8s: + resources: + requests: + cpu: 200m + service: + ports: + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns + port: 5353 + serviceAnnotations: + cloud.google.com/load-balancer-type: internal + - enabled: true + name: other-gateway + namespace: cattle-istio-system + k8s: + resources: + requests: + cpu: 200m + service: + ports: + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns + port: 5353 + serviceAnnotations: + cloud.google.com/load-balancer-type: internal diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/_helpers.tpl b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/_helpers.tpl new file mode 100755 index 000000000..3f7af953a --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/_helpers.tpl @@ -0,0 +1,12 @@ +{{/* Ensure namespace is set the same everywhere */}} +{{- define "istio.namespace" -}} + {{- .Release.Namespace | default "istio-system" -}} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/admin-role.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/admin-role.yaml new file mode 100755 index 000000000..ad1313c4f --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/admin-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + name: istio-admin + namespace: {{ template "istio.namespace" . }} +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: + - '*' + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: + - '*' diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/base-config-map.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/base-config-map.yaml new file mode 100755 index 000000000..5323917bc --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/base-config-map.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-installer-base + namespace: {{ template "istio.namespace" . }} +data: +{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/clusterrole.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/clusterrole.yaml new file mode 100755 index 000000000..a93b3df95 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/clusterrole.yaml @@ -0,0 +1,120 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istio-installer +rules: +# istio groups +- apiGroups: + - authentication.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - config.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - install.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - rbac.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - security.istio.io + resources: + - '*' + verbs: + - '*' +# k8s groups +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions.apiextensions.k8s.io + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - apps + - extensions + resources: + - daemonsets + - deployments + - deployments/finalizers + - ingresses + - replicasets + - statefulsets + verbs: + - '*' +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - '*' +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - roles + - rolebindings + verbs: + - '*' +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - namespaces + - pods + - pods/exec + - persistentvolumeclaims + - secrets + - services + - serviceaccounts + verbs: + - '*' +- apiGroups: + - policy + resourceNames: + - istio-installer + resources: + - podsecuritypolicies + verbs: + - use diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/clusterrolebinding.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..9d74a0434 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: istio-installer +subjects: +- kind: ServiceAccount + name: istio-installer + namespace: {{ template "istio.namespace" . }} +roleRef: + kind: ClusterRole + name: istio-installer + apiGroup: rbac.authorization.k8s.io diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/edit-role.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/edit-role.yaml new file mode 100755 index 000000000..d1059d58d --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/edit-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + namespace: {{ template "istio.namespace" . }} + name: istio-edit +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: + - '*' + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: + - '*' diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/istio-cni-psp.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/istio-cni-psp.yaml new file mode 100755 index 000000000..5b94c8503 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/istio-cni-psp.yaml @@ -0,0 +1,51 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: psp-istio-cni + namespace: {{ template "istio.namespace" . }} +spec: + allowPrivilegeEscalation: true + fsGroup: + rule: RunAsAny + hostNetwork: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - secret + - configMap + - emptyDir + - hostPath +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: psp-istio-cni + namespace: {{ template "istio.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: psp-istio-cni +subjects: + - kind: ServiceAccount + name: istio-cni +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: psp-istio-cni + namespace: {{ template "istio.namespace" . }} +rules: +- apiGroups: + - policy + resourceNames: + - psp-istio-cni + resources: + - podsecuritypolicies + verbs: + - use +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/istio-install-job.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/istio-install-job.yaml new file mode 100755 index 000000000..9a13f5698 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/istio-install-job.yaml @@ -0,0 +1,50 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: istioctl-installer + namespace: {{ template "istio.namespace" . }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + backoffLimit: 1 + template: + spec: + containers: + - name: istioctl-installer + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} + env: + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: ISTIO_NAMESPACE + value: {{ template "istio.namespace" . }} + - name: FORCE_INSTALL + value: {{ .Values.forceInstall | default "false" | quote }} + command: ["/bin/sh","-c"] + args: ["/usr/local/app/scripts/run.sh"] + volumeMounts: + - name: config-volume + mountPath: /app/istio-base.yaml + subPath: istio-base.yaml + {{- if .Values.overlayFile }} + - name: overlay-volume + mountPath: /app/overlay-config.yaml + subPath: overlay-config.yaml + {{- end }} + volumes: + - name: config-volume + configMap: + name: istio-installer-base + {{- if .Values.overlayFile }} + - name: overlay-volume + configMap: + name: istio-installer-overlay + {{- end }} + serviceAccountName: istio-installer + {{- if .Values.global.rbac.pspEnabled }} + securityContext: + runAsUser: 101 + runAsGroup: 101 + {{- end }} + restartPolicy: Never diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/istio-install-psp.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/istio-install-psp.yaml new file mode 100755 index 000000000..f0b5ee565 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/istio-install-psp.yaml @@ -0,0 +1,30 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: istio-installer + namespace: {{ template "istio.namespace" . }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'configMap' + - 'secret' +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/istio-psp.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/istio-psp.yaml new file mode 100755 index 000000000..b3758b74f --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/istio-psp.yaml @@ -0,0 +1,81 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: istio-psp + namespace: {{ template "istio.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: istio-psp +subjects: + - kind: ServiceAccount + name: istio-egressgateway-service-account + - kind: ServiceAccount + name: istio-ingressgateway-service-account + - kind: ServiceAccount + name: istio-mixer-service-account + - kind: ServiceAccount + name: istio-operator-authproxy + - kind: ServiceAccount + name: istiod-service-account + - kind: ServiceAccount + name: istio-sidecar-injector-service-account + - kind: ServiceAccount + name: istiocoredns-service-account + - kind: ServiceAccount + name: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: istio-psp + namespace: {{ template "istio.namespace" . }} +rules: +- apiGroups: + - policy + resourceNames: + - istio-psp + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: istio-psp + namespace: {{ template "istio.namespace" . }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - emptyDir + - projected + - secret + - downwardAPI + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/istio-uninstall-job.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/istio-uninstall-job.yaml new file mode 100755 index 000000000..a7f156325 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/istio-uninstall-job.yaml @@ -0,0 +1,45 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: istioctl-uninstaller + namespace: {{ template "istio.namespace" . }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + spec: + containers: + - name: istioctl-uninstaller + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} + env: + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: ISTIO_NAMESPACE + value: {{ template "istio.namespace" . }} + command: ["/bin/sh","-c"] + args: ["/usr/local/app/scripts/uninstall_istio_system.sh"] + volumeMounts: + - name: config-volume + mountPath: /app/istio-base.yaml + subPath: istio-base.yaml + {{- if .Values.overlayFile }} + - name: overlay-volume + mountPath: /app/overlay-config.yaml + subPath: overlay-config.yaml + {{ end }} + volumes: + - name: config-volume + configMap: + name: istio-installer-base + {{- if .Values.overlayFile }} + - name: overlay-volume + configMap: + name: istio-installer-overlay + {{ end }} + serviceAccountName: istio-installer + securityContext: + runAsUser: 101 + runAsGroup: 101 + restartPolicy: OnFailure diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/overlay-config-map.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/overlay-config-map.yaml new file mode 100755 index 000000000..287d26b2c --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/overlay-config-map.yaml @@ -0,0 +1,9 @@ +{{- if .Values.overlayFile }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-installer-overlay + namespace: {{ template "istio.namespace" . }} +data: + overlay-config.yaml: {{ toYaml .Values.overlayFile | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/service-monitors.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/service-monitors.yaml new file mode 100755 index 000000000..c3d60c4fc --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/service-monitors.yaml @@ -0,0 +1,51 @@ +{{- if .Values.kiali.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: envoy-stats-monitor + namespace: {{ template "istio.namespace" . }} + labels: + monitoring: istio-proxies +spec: + selector: + matchExpressions: + - {key: istio-prometheus-ignore, operator: DoesNotExist} + namespaceSelector: + any: true + jobLabel: envoy-stats + endpoints: + - path: /stats/prometheus + targetPort: 15090 + interval: 15s + relabelings: + - sourceLabels: [__meta_kubernetes_pod_container_port_name] + action: keep + regex: '.*-envoy-prom' + - action: labeldrop + regex: "__meta_kubernetes_pod_label_(.+)" + - sourceLabels: [__meta_kubernetes_namespace] + action: replace + targetLabel: namespace + - sourceLabels: [__meta_kubernetes_pod_name] + action: replace + targetLabel: pod_name +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: istio-component-monitor + namespace: {{ template "istio.namespace" . }} + labels: + monitoring: istio-components +spec: + jobLabel: istio + targetLabels: [app] + selector: + matchExpressions: + - {key: istio, operator: In, values: [pilot]} + namespaceSelector: + any: true + endpoints: + - port: http-monitoring + interval: 15s +{{- end -}} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/serviceaccount.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/serviceaccount.yaml new file mode 100755 index 000000000..82b6cbb7e --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: istio-installer + namespace: {{ template "istio.namespace" . }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/view-role.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/view-role.yaml new file mode 100755 index 000000000..5947d3eba --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/templates/view-role.yaml @@ -0,0 +1,41 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + namespace: {{ template "istio.namespace" . }} + name: istio-view +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: ["get", "watch", "list"] + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: ["get", "watch", "list"] diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/values.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/values.yaml new file mode 100755 index 000000000..d4909e15a --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.200/values.yaml @@ -0,0 +1,95 @@ +overlayFile: "" +tag: 1.9.2 +##Setting forceInstall: true will remove the check for istio version < 1.6.x and will not analyze your install cluster prior to install +forceInstall: false + +installer: + repository: rancher/istio-installer + tag: 1.9.2-rancher1 + +##Deprecated as of 1.8, native support provided by enabling `dns.enabled=true` +istiocoredns: + enabled: false + image: + repository: rancher/mirrored-coredns-coredns + tag: 1.6.2 + pluginImage: + repository: rancher/mirrored-istio-coredns-plugin + tag: 0.2-istio-1.1 + +##Native support for dns added in 1.8 +dns: + enabled: false + +base: + enabled: true + +cni: + enabled: false + repository: rancher/mirrored-istio-install-cni + tag: 1.9.2 + logLevel: info + excludeNamespaces: + - istio-system + - kube-system + +egressGateways: + enabled: false + type: NodePort + +ingressGateways: + enabled: true + type: NodePort + +istiodRemote: + enabled: false + +pilot: + enabled: true + repository: rancher/mirrored-istio-pilot + tag: 1.9.2 + +telemetry: + enabled: true + v2: + enabled: true + +global: + cattle: + systemDefaultRegistry: "" + proxy: + repository: rancher/mirrored-istio-proxyv2 + tag: 1.9.2 + proxy_init: + repository: rancher/mirrored-istio-proxyv2 + tag: 1.9.2 + defaultPodDisruptionBudget: + enabled: true + rbac: + pspEnabled: false + +# Kiali subchart from rancher-kiali-server +kiali: + enabled: true + auth: + strategy: anonymous + deployment: + ingress_enabled: false + repository: rancher/mirrored-kiali-kiali + tag: v1.32.0 + external_services: + prometheus: + custom_metrics_url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" + url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" + tracing: + in_cluster_url: "http://tracing.istio-system.svc:16686/jaeger" + grafana: + in_cluster_url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80" + url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80" + +tracing: + enabled: false + contextPath: "/jaeger" + jaeger: + repository: rancher/mirrored-jaegertracing-all-in-one + tag: 1.20.0 diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/Chart.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/Chart.yaml new file mode 100755 index 000000000..cfd5826eb --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/Chart.yaml @@ -0,0 +1,21 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.32.100 + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Istio + catalog.cattle.io/namespace: istio-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1 + catalog.cattle.io/release-name: rancher-istio + catalog.cattle.io/requests-cpu: 710m + catalog.cattle.io/requests-memory: 2314Mi + catalog.cattle.io/ui-component: istio +apiVersion: v1 +appVersion: 1.9.3 +description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ + for details. +icon: https://charts.rancher.io/assets/logos/istio.svg +keywords: +- networking +- infrastructure +name: rancher-istio +version: 1.9.300 diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/README.md b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/README.md new file mode 100755 index 000000000..199e45312 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/README.md @@ -0,0 +1,69 @@ +# Rancher Istio Installers + +A Rancher created chart that packages the istioctl binary to install via a helm chart. + +# Installation Requirements + +## Chart Dependencies +- rancher-kiali-server-crd chart + +# Uninstallation Requirements +To ensure rancher-istio uninstalls correctly, you must uninstall rancher-istio prior to uninstalling chart dependencies (see installation requirements for chart dependencies). This is because all definitions need to be available in order to properly build the rancher-istio objects for removal. + +If you remove dependent CRD charts prior to removing rancher-istio, you may encounter the following error:: + +`Error: uninstallation completed with 1 error(s): unable to build kubernetes objects for delete: unable to recognize "": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"` + +# Addons + +## Kiali + +Kiali allows you to view and manage your istio-based service mesh through an easy to use dashboard. + +#### Dependencies +- rancher-monitoring chart or other Prometheus installation + +This dependecy installs the required CRDs for installing Kiali. Since Kiali is bundled in with Istio in this chart, if you do not have these dependencies installed, your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` when installing Istio for a succesful installation. + +> **Note:** The following configuration options assume you have installed the dependecies for Kiali. Please ensure you have Promtheus in your cluster before proceeding. + +The Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. + +To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. + +1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. +1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. + +#### External Services + +##### Prometheus +The `kiali.external_services.prometheus` url is set in the values.yaml: +``` +http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} +``` +The url depends on the default values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` being set in your rancher-monitoring or other monitoring instance. + +##### Grafana +The `kiali.external_services.grafana` url is set in the values.yaml: +``` +http://{{ .Values.nameOverride }}-grafana.{{ .Values.namespaceOverride }}.svc:{{ grafana.service.port }} +``` +The url depends on the default values for `nameOverride`, `namespaceOverride`, and `grafana.service.port` being set in your rancher-monitoring or other monitoring instance. + +##### Tracing +The `kiali.external_services.tracing` url and `.Values.tracing.contextPath` is set in the rancher-istio values.yaml: +``` +http://tracing.{{ .Values.namespaceOverride }}.svc:{{ .Values.service.externalPort }}/{{ .Values.tracing.contextPath }} +``` +The url depends on the default values for `namespaceOverride`, and `.Values.service.externalPort` being set in your rancher-tracing or other tracing instance. + +## Jaeger + +Jaeger allows you to trace and monitor distributed microservices. + +> **Note:** This addon is using the all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io/docs/1.21/getting-started/) documentation to determine which installation you will need for your production needs. + +# Installation +``` +helm install rancher-istio . --create-namespace -n istio-system +``` \ No newline at end of file diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/app-readme.md b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/app-readme.md new file mode 100755 index 000000000..0e42df083 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/app-readme.md @@ -0,0 +1,45 @@ +# Rancher Istio + +Our [Istio](https://istio.io/) installer wraps the istioctl binary commands in a handy helm chart, including an overlay file option to allow complex customization. It also includes: +* **[Kiali](https://kiali.io/)**: Used for graphing traffic flow throughout the mesh +* **[Jaeger](https://www.jaegertracing.io/)**: A quick start, all-in-one installation used for tracing distributed systemm. This is not production qualified, please refer to jaeger documentation to determine which installation you may need instead. + +### Dependencies + +**Rancher Monitoring or other Prometheus installation** + +The Prometheus CRDs are required for installing Kiali which is enabled by default. If you do not have Prometheus installed your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` to bypass this requirement. + +### Customization + +**Rancher Monitoring** + +The Rancher Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. + +To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. + +1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. +1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. + +**Custom Prometheus Installation with Kiali** + +To use a custom Monitoring installation, set the `kiali.external_services.prometheus` url in the values.yaml. This url depends on the values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` in your rancher-monitoring or other monitoring instance: +``` +http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} +``` +**Custom Grafana Installation with Kiali** + +To use a custom Grafana installation, set the `kiali.external_services.grafana` url in the values.yaml. This url depends on the values for `nameOverride`, `namespaceOverride`, and `granfa.service.port` in your rancher-monitoring or other grafana instance: +``` +http://{{ .Values.nameOverride }}-grafana.{{ .Values.namespaceOverride }}.svc:{{ grafana.service.port }} +``` +**Custom Tracing Installation with Kiali** + +To use a custom Tracing installation, set the `kiali.external_services.tracing` url and update the `.Values.tracing.contextPath` in the rancher-istio values.yaml. + +This url depends on the values for `namespaceOverride`, and `.Values.service.externalPort` in your rancher-tracing or other tracing instance.: +``` +http://tracing.{{ .Values.namespaceOverride }}.svc:{{ .Values.service.externalPort }}/{{ .Values.tracing.contextPath }} +``` + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/istio/v2.5/). diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/Chart.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/Chart.yaml new file mode 100755 index 000000000..9b6fdf385 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/Chart.yaml @@ -0,0 +1,31 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=match + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 + catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 + catalog.rancher.io/namespace: cattle-istio-system + catalog.rancher.io/release-name: rancher-kiali-server +apiVersion: v2 +appVersion: v1.32.0 +description: Kiali is an open source project for service mesh observability, refer + to https://www.kiali.io for details. This is installed as sub-chart with customized + values in Rancher's Istio. +home: https://github.com/kiali/kiali +icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png +keywords: +- istio +- kiali +- networking +- infrastructure +maintainers: +- email: kiali-users@googlegroups.com + name: Kiali + url: https://kiali.io +name: kiali +sources: +- https://github.com/kiali/kiali +- https://github.com/kiali/kiali-ui +- https://github.com/kiali/kiali-operator +- https://github.com/kiali/helm-charts +version: 1.32.1 diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/NOTES.txt b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/NOTES.txt new file mode 100755 index 000000000..751019401 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/NOTES.txt @@ -0,0 +1,5 @@ +Welcome to Kiali! For more details on Kiali, see: https://kiali.io + +The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon. + +(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}]) diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/_helpers.tpl b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/_helpers.tpl new file mode 100755 index 000000000..dd33bbe48 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/_helpers.tpl @@ -0,0 +1,192 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "kiali-server.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kiali-server.fullname" -}} +{{- if .Values.fullnameOverride }} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} + {{- $name := default .Chart.Name .Values.nameOverride }} + {{- printf "%s" $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kiali-server.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Identifies the log_level with the old verbose_mode and the new log_level considered. +*/}} +{{- define "kiali-server.logLevel" -}} +{{- if .Values.deployment.verbose_mode -}} +{{- .Values.deployment.verbose_mode -}} +{{- else -}} +{{- .Values.deployment.logger.log_level -}} +{{- end -}} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kiali-server.labels" -}} +helm.sh/chart: {{ include "kiali-server.chart" . }} +app: {{ include "kiali-server.name" . }} +{{ include "kiali-server.selectorLabels" . }} +version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/part-of: "kiali" +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kiali-server.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kiali-server.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Used to determine if a custom dashboard (defined in .Template.Name) should be deployed. +*/}} +{{- define "kiali-server.isDashboardEnabled" -}} +{{- if .Values.external_services.custom_dashboards.enabled }} + {{- $includere := "" }} + {{- range $_, $s := .Values.deployment.custom_dashboards.includes }} + {{- if $s }} + {{- if $includere }} + {{- $includere = printf "%s|^%s$" $includere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $includere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} + {{- end }} + {{- $excludere := "" }} + {{- range $_, $s := .Values.deployment.custom_dashboards.excludes }} + {{- if $s }} + {{- if $excludere }} + {{- $excludere = printf "%s|^%s$" $excludere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $excludere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} + {{- end }} + {{- if (and (mustRegexMatch (default "no-matches" $includere) (base .Template.Name)) (not (mustRegexMatch (default "no-matches" $excludere) (base .Template.Name)))) }} + {{- print "enabled" }} + {{- else }} + {{- print "" }} + {{- end }} +{{- else }} + {{- print "" }} +{{- end }} +{{- end }} + +{{/* +Determine the default login token signing key. +*/}} +{{- define "kiali-server.login_token.signing_key" -}} +{{- if .Values.login_token.signing_key }} + {{- .Values.login_token.signing_key }} +{{- else }} + {{- randAlphaNum 16 }} +{{- end }} +{{- end }} + +{{/* +Determine the default web root. +*/}} +{{- define "kiali-server.server.web_root" -}} +{{- if .Values.server.web_root }} + {{- .Values.server.web_root | trimSuffix "/" }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/" }} + {{- else }} + {{- "/kiali" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity cert file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.cert_file" -}} +{{- if hasKey .Values.identity "cert_file" }} + {{- .Values.identity.cert_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.crt" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity private key file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.private_key_file" -}} +{{- if hasKey .Values.identity "private_key_file" }} + {{- .Values.identity.private_key_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.key" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the istio namespace - default is where Kiali is installed. +*/}} +{{- define "kiali-server.istio_namespace" -}} +{{- if .Values.istio_namespace }} + {{- .Values.istio_namespace }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} + +{{/* +Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift. +*/}} +{{- define "kiali-server.auth.strategy" -}} +{{- if .Values.auth.strategy }} + {{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }} + {{- end }} + {{- .Values.auth.strategy }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- if not .Values.kiali_route_url }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }} + {{- end }} + {{- "openshift" }} + {{- else }} + {{- "token" }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/cabundle.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/cabundle.yaml new file mode 100755 index 000000000..7462b95a7 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/cabundle.yaml @@ -0,0 +1,13 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }}-cabundle + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + service.beta.openshift.io/inject-cabundle: "true" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/configmap.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/configmap.yaml new file mode 100755 index 000000000..b1bf53173 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/configmap.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + config.yaml: | + {{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}} + {{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }} + {{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}} + {{- $_ := set $cm.deployment "namespace" .Release.Namespace }} + {{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}} + {{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }} + {{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }} + {{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }} + {{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }} + {{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }} + {{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }} + {{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }} + {{- toYaml $cm | nindent 4 }} +... diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/envoy.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/envoy.yaml new file mode 100755 index 000000000..85b402017 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/envoy.yaml @@ -0,0 +1,56 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: envoy + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Envoy Metrics + discoverOn: "envoy_server_uptime" + items: + - chart: + name: "Pods uptime" + spans: 4 + metricName: "envoy_server_uptime" + dataType: "raw" + - chart: + name: "Allocated memory" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_allocated" + dataType: "raw" + min: 0 + - chart: + name: "Heap size" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_heap_size" + dataType: "raw" + min: 0 + - chart: + name: "Upstream active connections" + spans: 6 + metricName: "envoy_cluster_upstream_cx_active" + dataType: "raw" + - chart: + name: "Upstream total requests" + spans: 6 + metricName: "envoy_cluster_upstream_rq_total" + unit: "rps" + dataType: "rate" + - chart: + name: "Downstream active connections" + spans: 6 + metricName: "envoy_listener_downstream_cx_active" + dataType: "raw" + - chart: + name: "Downstream HTTP requests" + spans: 6 + metricName: "envoy_listener_http_downstream_rq" + unit: "rps" + dataType: "rate" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/go.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/go.yaml new file mode 100755 index 000000000..2d2f42a93 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/go.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: go + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Go Metrics + runtime: Go + discoverOn: "go_info" + items: + - chart: + name: "CPU ratio" + spans: 6 + metricName: "process_cpu_seconds_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "RSS Memory" + unit: "bytes" + spans: 6 + metricName: "process_resident_memory_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Goroutines" + spans: 6 + metricName: "go_goroutines" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Heap allocation rate" + unit: "bytes/s" + spans: 6 + metricName: "go_memstats_alloc_bytes_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "GC rate" + spans: 6 + metricName: "go_gc_duration_seconds_count" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Next GC" + unit: "bytes" + spans: 6 + metricName: "go_memstats_next_gc_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/kiali.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/kiali.yaml new file mode 100755 index 000000000..b1f011b4f --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/kiali.yaml @@ -0,0 +1,44 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: kiali + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Kiali Internal Metrics + items: + - chart: + name: "API processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_api_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "route" + displayName: "Route" + - chart: + name: "Functions processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_go_function_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" + - chart: + name: "Failures" + spans: 12 + metricName: "kiali_go_function_failures_total" + dataType: "raw" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml new file mode 100755 index 000000000..2e1ed5cff --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml @@ -0,0 +1,43 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm-pool + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Pool Metrics + discoverOn: "jvm_buffer_total_capacity_bytes" + items: + - chart: + name: "Pool buffer memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer capacity" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_total_capacity_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer count" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_count" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml new file mode 100755 index 000000000..d64596882 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml @@ -0,0 +1,65 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live" + items: + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon" + dataType: "raw" + - chart: + name: "Loaded classes" + spans: 4 + metricName: "jvm_classes_loaded" + dataType: "raw" + + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml new file mode 100755 index 000000000..76e8d0a4a --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml @@ -0,0 +1,68 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.1-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live_threads" + items: + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live_threads" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon_threads" + dataType: "raw" + - chart: + name: "Threads states" + spans: 4 + metricName: "jvm_threads_states_threads" + dataType: "raw" + aggregations: + - label: "state" + displayName: "State" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/microprofile-1.1.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/microprofile-1.1.yaml new file mode 100755 index 000000000..1d4951196 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/microprofile-1.1.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-1.1 + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:thread_count" + items: + - chart: + name: "Current loaded classes" + spans: 6 + metricName: "base:classloader_current_loaded_class_count" + dataType: "raw" + - chart: + name: "Unloaded classes" + spans: 6 + metricName: "base:classloader_total_unloaded_class_count" + dataType: "raw" + - chart: + name: "Thread count" + spans: 4 + metricName: "base:thread_count" + dataType: "raw" + - chart: + name: "Thread max count" + spans: 4 + metricName: "base:thread_max_count" + dataType: "raw" + - chart: + name: "Thread daemon count" + spans: 4 + metricName: "base:thread_daemon_count" + dataType: "raw" + - chart: + name: "Committed heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_committed_heap_bytes" + dataType: "raw" + - chart: + name: "Max heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_max_heap_bytes" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_used_heap_bytes" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/microprofile-x.y.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/microprofile-x.y.yaml new file mode 100755 index 000000000..57ddc60ef --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/microprofile-x.y.yaml @@ -0,0 +1,38 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-x.y + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:gc_complete_scavenger_count" + items: + - chart: + name: "Young GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_young_generation_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Young GC count" + spans: 3 + metricName: "base:gc_young_generation_scavenger_count" + dataType: "raw" + - chart: + name: "Total GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_complete_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Total GC count" + spans: 3 + metricName: "base:gc_complete_scavenger_count" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/nodejs.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/nodejs.yaml new file mode 100755 index 000000000..1ffe0aa10 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/nodejs.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: nodejs + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Node.js + title: Node.js Metrics + discoverOn: "nodejs_active_handles_total" + items: + - chart: + name: "Active handles" + spans: 4 + metricName: "nodejs_active_handles_total" + dataType: "raw" + - chart: + name: "Active requests" + spans: 4 + metricName: "nodejs_active_requests_total" + dataType: "raw" + - chart: + name: "Event loop lag" + unit: "seconds" + spans: 4 + metricName: "nodejs_eventloop_lag_seconds" + dataType: "raw" + - chart: + name: "Total heap size" + unit: "bytes" + spans: 12 + metricName: "nodejs_heap_space_size_total_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Used heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_used_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Available heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_available_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/quarkus.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/quarkus.yaml new file mode 100755 index 000000000..cef5f3dce --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/quarkus.yaml @@ -0,0 +1,33 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: quarkus + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Quarkus Metrics + runtime: Quarkus + items: + - chart: + name: "Thread count" + spans: 4 + metricName: "vendor:thread_count" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_heap_usage_bytes" + dataType: "raw" + - chart: + name: "Used non-heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_non_heap_usage_bytes" + dataType: "raw" + - include: "microprofile-x.y" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml new file mode 100755 index 000000000..42d87d890 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm-pool + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Pool Metrics + items: + - include: "micrometer-1.0.6-jvm-pool" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/springboot-jvm.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/springboot-jvm.yaml new file mode 100755 index 000000000..ced3acdd9 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/springboot-jvm.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Metrics + items: + - include: "micrometer-1.0.6-jvm" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/springboot-tomcat.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/springboot-tomcat.yaml new file mode 100755 index 000000000..c07016aa2 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/springboot-tomcat.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-tomcat + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: Tomcat Metrics + items: + - include: "tomcat" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/thorntail.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/thorntail.yaml new file mode 100755 index 000000000..6bd85e6f5 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/thorntail.yaml @@ -0,0 +1,22 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: thorntail + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Thorntail + title: Thorntail Metrics + discoverOn: "vendor:loaded_modules" + items: + - include: "microprofile-1.1" + - chart: + name: "Loaded modules" + spans: 6 + metricName: "vendor:loaded_modules" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/tomcat.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/tomcat.yaml new file mode 100755 index 000000000..9a803342f --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/tomcat.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: tomcat + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Tomcat + title: Tomcat Metrics + discoverOn: "tomcat_sessions_created_total" + items: + - chart: + name: "Sessions created" + spans: 4 + metricName: "tomcat_sessions_created_total" + dataType: "raw" + - chart: + name: "Active sessions" + spans: 4 + metricName: "tomcat_sessions_active_current" + dataType: "raw" + - chart: + name: "Sessions rejected" + spans: 4 + metricName: "tomcat_sessions_rejected_total" + dataType: "raw" + + - chart: + name: "Bytes sent" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_sent_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Bytes received" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_received_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + + - chart: + name: "Global errors" + spans: 6 + metricName: "tomcat_global_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Servlet errors" + spans: 6 + metricName: "tomcat_servlet_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/vertx-client.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/vertx-client.yaml new file mode 100755 index 000000000..2d591d6b0 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/vertx-client.yaml @@ -0,0 +1,60 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-client + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Client Metrics + discoverOn: "vertx_http_client_connections" + items: + - chart: + name: "Client response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_client_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_client_requestCount_total" + dataType: "rate" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client active connections" + spans: 6 + metricName: "vertx_http_client_connections" + dataType: "raw" + - chart: + name: "Client active websockets" + spans: 6 + metricName: "vertx_http_client_wsConnections" + dataType: "raw" + - chart: + name: "Client bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesSent" + dataType: "histogram" + - chart: + name: "Client bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/vertx-eventbus.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/vertx-eventbus.yaml new file mode 100755 index 000000000..65f9ee2ec --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/vertx-eventbus.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-eventbus + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Eventbus Metrics + discoverOn: "vertx_eventbus_handlers" + items: + - chart: + name: "Event bus handlers" + spans: 6 + metricName: "vertx_eventbus_handlers" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus pending messages" + spans: 6 + metricName: "vertx_eventbus_pending" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus processing time" + unit: "seconds" + spans: 6 + metricName: "vertx_eventbus_processingTime_seconds" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes read" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesRead" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes written" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesWritten" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/vertx-jvm.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/vertx-jvm.yaml new file mode 100755 index 000000000..2663186f3 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/vertx-jvm.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: JVM Metrics + items: + - include: "micrometer-1.1-jvm" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/vertx-pool.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/vertx-pool.yaml new file mode 100755 index 000000000..f6af921b3 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/vertx-pool.yaml @@ -0,0 +1,68 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-pool + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Pools Metrics + discoverOn: "vertx_pool_ratio" + items: + - chart: + name: "Usage duration" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_usage_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Usage ratio" + spans: 6 + metricName: "vertx_pool_ratio" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Queue size" + spans: 6 + metricName: "vertx_pool_queue_size" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Time in queue" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_queue_delay_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Resources used" + spans: 6 + metricName: "vertx_pool_inUse" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/vertx-server.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/vertx-server.yaml new file mode 100755 index 000000000..de6b89df9 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/dashboards/vertx-server.yaml @@ -0,0 +1,62 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-server + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Server Metrics + discoverOn: "vertx_http_server_connections" + items: + - chart: + name: "Server response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_server_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_server_requestCount_total" + dataType: "rate" + aggregations: + - label: "code" + displayName: "Error code" + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server active connections" + spans: 6 + metricName: "vertx_http_server_connections" + dataType: "raw" + - chart: + name: "Server active websockets" + spans: 6 + metricName: "vertx_http_server_wsConnections" + dataType: "raw" + - chart: + name: "Server bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesSent" + dataType: "histogram" + - chart: + name: "Server bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/deployment.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/deployment.yaml new file mode 100755 index 000000000..100c57922 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/deployment.yaml @@ -0,0 +1,174 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.deployment.replicas }} + selector: + matchLabels: + {{- include "kiali-server.selectorLabels" . | nindent 6 }} + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 8 }} + {{- if .Values.deployment.pod_labels }} + {{- toYaml .Values.deployment.pod_labels | nindent 8 }} + {{- end }} + annotations: + {{- if .Values.server.metrics_enabled }} + prometheus.io/scrape: "true" + prometheus.io/port: {{ .Values.server.metrics_port | quote }} + {{- else }} + prometheus.io/scrape: "false" + prometheus.io/port: "" + {{- end }} + kiali.io/runtimes: go,kiali + {{- if .Values.deployment.pod_annotations }} + {{- toYaml .Values.deployment.pod_annotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "kiali-server.fullname" . }} + {{- if .Values.deployment.priority_class_name }} + priorityClassName: {{ .Values.deployment.priority_class_name | quote }} + {{- end }} + {{- if .Values.deployment.image_pull_secrets }} + imagePullSecrets: + {{- range .Values.deployment.image_pull_secrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}:{{ .Values.deployment.tag }}" + imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }} + name: {{ include "kiali-server.fullname" . }} + command: + - "/opt/kiali/kiali" + - "-config" + - "/kiali-configuration/config.yaml" + ports: + - name: api-port + containerPort: {{ .Values.server.port | default 20001 }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + containerPort: {{ .Values.server.metrics_port | default 9090 }} + {{- end }} + readinessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + livenessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + env: + - name: ACTIVE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LOG_LEVEL + value: "{{ include "kiali-server.logLevel" . }}" + - name: LOG_FORMAT + value: "{{ .Values.deployment.logger.log_format }}" + - name: LOG_TIME_FIELD_FORMAT + value: "{{ .Values.deployment.logger.time_field_format }}" + - name: LOG_SAMPLER_RATE + value: "{{ .Values.deployment.logger.sampler_rate }}" + volumeMounts: + {{- if .Values.web_root_override }} + - name: kiali-console + subPath: env.js + mountPath: /opt/kiali/console/env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + mountPath: "/kiali-configuration" + - name: {{ include "kiali-server.fullname" . }}-cert + mountPath: "/kiali-cert" + - name: {{ include "kiali-server.fullname" . }}-secret + mountPath: "/kiali-secret" + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + mountPath: "/kiali-cabundle" + {{- end }} + {{- if .Values.deployment.resources }} + resources: + {{- toYaml .Values.deployment.resources | nindent 10 }} + {{- end }} + volumes: + {{- if .Values.web_root_override }} + - name: kiali-console + configMap: + name: kiali-console + items: + - key: env.js + path: env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + configMap: + name: {{ include "kiali-server.fullname" . }} + - name: {{ include "kiali-server.fullname" . }}-cert + secret: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + secretName: {{ include "kiali-server.fullname" . }}-cert-secret + {{- else }} + secretName: istio.{{ include "kiali-server.fullname" . }}-service-account + {{- end }} + {{- if not (include "kiali-server.identity.cert_file" .) }} + optional: true + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-secret + secret: + secretName: {{ .Values.deployment.secret_name }} + optional: true + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + configMap: + name: {{ include "kiali-server.fullname" . }}-cabundle + {{- end }} + {{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.pod) (.Values.deployment.pod_anti)) }} + affinity: + {{- if .Values.deployment.affinity.node }} + nodeAffinity: + {{- toYaml .Values.deployment.affinity.node | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod }} + podAffinity: + {{- toYaml .Values.deployment.affinity.pod | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod_anti }} + podAntiAffinity: + {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }} + {{- end }} + {{- end }} + {{- if .Values.deployment.tolerations }} + tolerations: + {{- toYaml .Values.deployment.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.deployment.node_selector }} + nodeSelector: + {{- toYaml .Values.deployment.node_selector | nindent 8 }} + {{- end }} +... diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/hpa.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/hpa.yaml new file mode 100755 index 000000000..934c4c1e9 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/hpa.yaml @@ -0,0 +1,17 @@ +{{- if .Values.deployment.hpa.spec }} +--- +apiVersion: {{ .Values.deployment.hpa.api_version }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "kiali-server.fullname" . }} + {{- toYaml .Values.deployment.hpa.spec | nindent 2 }} +... +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/ingress.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/ingress.yaml new file mode 100755 index 000000000..e4c98db1b --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/ingress.yaml @@ -0,0 +1,40 @@ +{{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} +{{- if .Values.deployment.ingress_enabled }} +--- +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }} + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- else }} + # For ingress-nginx versions older than 0.20.0 use secure-backends. + # (see: https://github.com/kubernetes/ingress-nginx/issues/3416#issuecomment-438247948) + # For ingress-nginx versions 0.20.0 and later use backend-protocol. + {{- if (include "kiali-server.identity.cert_file" .) }} + nginx.ingress.kubernetes.io/secure-backends: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + {{- else }} + nginx.ingress.kubernetes.io/secure-backends: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + {{- end }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + rules: + - http: + paths: + - path: {{ include "kiali-server.server.web_root" . }} + backend: + serviceName: {{ include "kiali-server.fullname" . }} + servicePort: {{ .Values.server.port }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/oauth.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/oauth.yaml new file mode 100755 index 000000000..a178bb85e --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/oauth.yaml @@ -0,0 +1,17 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.kiali_route_url }} +--- +apiVersion: oauth.openshift.io/v1 +kind: OAuthClient +metadata: + name: {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +redirectURIs: +- {{ .Values.kiali_route_url }} +grantMethod: auto +allowAnyScope: true +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/psp.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/psp.yaml new file mode 100755 index 000000000..f891892cc --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/psp.yaml @@ -0,0 +1,67 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "kiali-server.fullname" . }}-psp +subjects: + - kind: ServiceAccount + name: kiali +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: + - policy + resourceNames: + - {{ include "kiali-server.fullname" . }}-psp + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - emptyDir + - projected + - secret + - downwardAPI + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/role-controlplane.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/role-controlplane.yaml new file mode 100755 index 000000000..a22c76756 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/role-controlplane.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - secrets + verbs: + - list +... diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/role-viewer.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/role-viewer.yaml new file mode 100755 index 000000000..9fdd9fd1d --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/role-viewer.yaml @@ -0,0 +1,97 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }}-viewer + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - pods/proxy + - replicationcontrollers + - services + verbs: + - get + - list + - watch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - get + - list + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - get + - list +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/role.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/role.yaml new file mode 100755 index 000000000..8444bc753 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/role.yaml @@ -0,0 +1,108 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - pods/proxy + - replicationcontrollers + - services + verbs: + - get + - list + - patch + - watch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - patch + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - patch + - watch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - patch + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/rolebinding-controlplane.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/rolebinding-controlplane.yaml new file mode 100755 index 000000000..5a0015836 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/rolebinding-controlplane.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "kiali-server.fullname" . }}-controlplane +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/rolebinding.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/rolebinding.yaml new file mode 100755 index 000000000..1eaabd65f --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + {{- if .Values.deployment.view_only_mode }} + name: {{ include "kiali-server.fullname" . }}-viewer + {{- else }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/route.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/route.yaml new file mode 100755 index 000000000..27940dc96 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/route.yaml @@ -0,0 +1,30 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.deployment.ingress_enabled }} +# As of OpenShift 4.5, need to use --disable-openapi-validation when installing via Helm +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}} + annotations: + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + tls: + termination: reencrypt + insecureEdgeTerminationPolicy: Redirect + to: + kind: Service + targetPort: {{ .Values.server.port }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/service.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/service.yaml new file mode 100755 index 000000000..9ccf4f388 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/service.yaml @@ -0,0 +1,47 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + service.beta.openshift.io/serving-cert-secret-name: {{ include "kiali-server.fullname" . }}-cert-secret + {{- end }} + kiali.io/api-spec: https://kiali.io/api + kiali.io/api-type: rest + {{- if and (not (empty .Values.server.web_fqdn)) (not (empty .Values.server.web_schema)) }} + {{- if empty .Values.server.web_port }} + kiali.io/external-url: {{ .Values.server.web_schema }}://{{ .Values.server.web_fqdn }}{{ default "" .Values.server.web_root }} + {{- else }} + kiali.io/external-url: {{ .Values.server.web_schema }}://{{ .Values.server.web_fqdn }}:{{ .Values.server.web_port }}{{(default "" .Values.server.web_root) }} + {{- end }} + {{- end }} + {{- if .Values.deployment.service_annotations }} + {{- toYaml .Values.deployment.service_annotations | nindent 4 }} + {{- end }} +spec: + {{- if .Values.deployment.service_type }} + type: {{ .Values.deployment.service_type }} + {{- end }} + ports: + {{- if (include "kiali-server.identity.cert_file" .) }} + - name: tcp + {{- else }} + - name: http + {{- end }} + protocol: TCP + port: {{ .Values.server.port }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + protocol: TCP + port: {{ .Values.server.metrics_port }} + {{- end }} + selector: + {{- include "kiali-server.selectorLabels" . | nindent 4 }} + {{- if .Values.deployment.additional_service_yaml }} + {{- toYaml .Values.deployment.additional_service_yaml | nindent 2 }} + {{- end }} +... diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/serviceaccount.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/serviceaccount.yaml new file mode 100755 index 000000000..9151b6f6a --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/serviceaccount.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +... diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/validate-install-crd.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/validate-install-crd.yaml new file mode 100755 index 000000000..b42eeb266 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/validate-install-crd.yaml @@ -0,0 +1,14 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "monitoring.kiali.io/v1alpha1/MonitoringDashboard" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/web-root-configmap.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/web-root-configmap.yaml new file mode 100755 index 000000000..970d4e4f5 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/templates/web-root-configmap.yaml @@ -0,0 +1,12 @@ +{{- if .Values.web_root_override }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: kiali-console + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + env.js: | + window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:kiali:20001/proxy/kiali'; +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/values.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/values.yaml new file mode 100755 index 000000000..aada4e09a --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/kiali/values.yaml @@ -0,0 +1,93 @@ +nameOverride: "kiali" +fullnameOverride: "kiali" + +# This is required for "openshift" auth strategy. +# You have to know ahead of time what your Route URL will be because +# right now the helm chart can't figure this out at runtime (it would +# need to wait for the Kiali Route to be deployed and for OpenShift +# to start it up). If someone knows how to update this helm chart to +# do this, a PR would be welcome. +kiali_route_url: "" + +# rancher specific override that allows proxy access to kiali url +web_root_override: true + +# +# Settings that mimic the Kiali CR which are placed in the ConfigMap. +# Note that only those values used by the Helm Chart will be here. +# + +istio_namespace: "" # default is where Kiali is installed + +auth: + openid: {} + openshift: {} + strategy: "" + +deployment: + # This only limits what Kiali will attempt to see, but Kiali Service Account has permissions to see everything. + # For more control over what the Kial Service Account can see, use the Kiali Operator + accessible_namespaces: + - "**" + additional_service_yaml: {} + affinity: + node: {} + pod: {} + pod_anti: {} + custom_dashboards: + excludes: [''] + includes: ['*'] + hpa: + api_version: "autoscaling/v2beta2" + spec: {} + repository: rancher/mirrored-kiali-kiali + image_pull_policy: "Always" + image_pull_secrets: [] + tag: v1.32.0 + ingress_enabled: true + logger: + log_format: "text" + log_level: "info" + time_field_format: "2006-01-02T15:04:05Z07:00" + sampler_rate: "1" + node_selector: {} + override_ingress_yaml: + metadata: {} + pod_annotations: {} + pod_labels: {} + priority_class_name: "" + replicas: 1 + resources: {} + secret_name: "kiali" + service_annotations: {} + service_type: "" + tolerations: [] + version_label: v1.32.0 + view_only_mode: false + +external_services: + custom_dashboards: + enabled: true + +identity: {} + #cert_file: + #private_key_file: + +login_token: + signing_key: "" + +server: + port: 20001 + metrics_enabled: true + metrics_port: 9090 + web_root: "" + +# Common settings used among istio subcharts. +global: + # Specify rancher clusterId of external tracing config + # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 + cattle: + systemDefaultRegistry: "" + clusterId: + rbac: + pspEnabled: false diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/.helmignore b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/Chart.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/Chart.yaml new file mode 100755 index 000000000..6e368616d --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/Chart.yaml @@ -0,0 +1,12 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: istio-system + catalog.rancher.io/release-name: rancher-tracing +apiVersion: v1 +appVersion: 1.20.0 +description: A quick start Jaeger Tracing installation using the all-in-one demo. + This is not production qualified. Refer to https://www.jaegertracing.io/ for details. +name: tracing +version: 1.20.1 diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/README.md b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/README.md new file mode 100755 index 000000000..25534c628 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/README.md @@ -0,0 +1,5 @@ +# Jaeger + +A Rancher chart based on the Jaeger all-in-one quick installation option. This chart will allow you to trace and monitor distributed microservices. + +> **Note:** The basic all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io) documentation to determine which installation you will need for your production needs. diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/_affinity.tpl b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/_affinity.tpl new file mode 100755 index 000000000..bf6a9aee5 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/_affinity.tpl @@ -0,0 +1,92 @@ +{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} +{{- define "nodeAffinity" }} + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + {{- include "nodeAffinityRequiredDuringScheduling" . }} + preferredDuringSchedulingIgnoredDuringExecution: + {{- include "nodeAffinityPreferredDuringScheduling" . }} +{{- end }} + +{{- define "nodeAffinityRequiredDuringScheduling" }} + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + {{- range $key, $val := .Values.global.arch }} + {{- if gt ($val | int) 0 }} + - {{ $key | quote }} + {{- end }} + {{- end }} + {{- $nodeSelector := default .Values.global.defaultNodeSelector .Values.nodeSelector -}} + {{- range $key, $val := $nodeSelector }} + - key: {{ $key }} + operator: In + values: + - {{ $val | quote }} + {{- end }} +{{- end }} + +{{- define "nodeAffinityPreferredDuringScheduling" }} + {{- range $key, $val := .Values.global.arch }} + {{- if gt ($val | int) 0 }} + - weight: {{ $val | int }} + preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - {{ $key | quote }} + {{- end }} + {{- end }} +{{- end }} + +{{- define "podAntiAffinity" }} +{{- if or .Values.podAntiAffinityLabelSelector .Values.podAntiAffinityTermLabelSelector}} + podAntiAffinity: + {{- if .Values.podAntiAffinityLabelSelector }} + requiredDuringSchedulingIgnoredDuringExecution: + {{- include "podAntiAffinityRequiredDuringScheduling" . }} + {{- end }} + {{- if or .Values.podAntiAffinityTermLabelSelector}} + preferredDuringSchedulingIgnoredDuringExecution: + {{- include "podAntiAffinityPreferredDuringScheduling" . }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "podAntiAffinityRequiredDuringScheduling" }} + {{- range $index, $item := .Values.podAntiAffinityLabelSelector }} + - labelSelector: + matchExpressions: + - key: {{ $item.key }} + operator: {{ $item.operator }} + {{- if $item.values }} + values: + {{- $vals := split "," $item.values }} + {{- range $i, $v := $vals }} + - {{ $v | quote }} + {{- end }} + {{- end }} + topologyKey: {{ $item.topologyKey }} + {{- end }} +{{- end }} + +{{- define "podAntiAffinityPreferredDuringScheduling" }} + {{- range $index, $item := .Values.podAntiAffinityTermLabelSelector }} + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: {{ $item.key }} + operator: {{ $item.operator }} + {{- if $item.values }} + values: + {{- $vals := split "," $item.values }} + {{- range $i, $v := $vals }} + - {{ $v | quote }} + {{- end }} + {{- end }} + topologyKey: {{ $item.topologyKey }} + weight: 100 + {{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/_helpers.tpl b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/_helpers.tpl new file mode 100755 index 000000000..56cfa7335 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "tracing.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "tracing.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/deployment.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/deployment.yaml new file mode 100755 index 000000000..25bb67fd3 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/deployment.yaml @@ -0,0 +1,86 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + selector: + matchLabels: + app: {{ .Values.provider }} + template: + metadata: + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + annotations: + sidecar.istio.io/inject: "false" + prometheus.io/scrape: "true" + prometheus.io/port: "14269" +{{- if .Values.jaeger.podAnnotations }} +{{ toYaml .Values.jaeger.podAnnotations | indent 8 }} +{{- end }} + spec: + containers: + - name: jaeger + image: "{{ template "system_default_registry" . }}{{ .Values.jaeger.repository }}:{{ .Values.jaeger.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + env: + {{- if eq .Values.jaeger.spanStorageType "badger" }} + - name: BADGER_EPHEMERAL + value: "false" + - name: SPAN_STORAGE_TYPE + value: "badger" + - name: BADGER_DIRECTORY_VALUE + value: "/badger/data" + - name: BADGER_DIRECTORY_KEY + value: "/badger/key" + {{- end }} + - name: COLLECTOR_ZIPKIN_HTTP_PORT + value: "9411" + - name: MEMORY_MAX_TRACES + value: "{{ .Values.jaeger.memory.max_traces }}" + - name: QUERY_BASE_PATH + value: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} + livenessProbe: + httpGet: + path: / + port: 14269 + readinessProbe: + httpGet: + path: / + port: 14269 +{{- if eq .Values.jaeger.spanStorageType "badger" }} + volumeMounts: + - name: data + mountPath: /badger +{{- end }} + resources: +{{- if .Values.jaeger.resources }} +{{ toYaml .Values.jaeger.resources | indent 12 }} +{{- else }} +{{ toYaml .Values.global.defaultResources | indent 12 }} +{{- end }} + affinity: + {{- include "nodeAffinity" . | indent 6 }} + {{- include "podAntiAffinity" . | indent 6 }} + {{- if .Values.global.rbac.pspEnabled }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + serviceAccountName: {{ include "tracing.fullname" . }} + {{- end }} +{{- if eq .Values.jaeger.spanStorageType "badger" }} + volumes: + - name: data +{{- if .Values.jaeger.persistentVolumeClaim.enabled }} + persistentVolumeClaim: + claimName: istio-jaeger-pvc +{{- else }} + emptyDir: {} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/psp.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/psp.yaml new file mode 100755 index 000000000..44b230492 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/psp.yaml @@ -0,0 +1,86 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "tracing.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ include "tracing.fullname" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +rules: +- apiGroups: + - policy + resourceNames: + - {{ include "tracing.fullname" . }} + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - emptyDir + - secret + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/pvc.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/pvc.yaml new file mode 100755 index 000000000..9b4c55e4f --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/pvc.yaml @@ -0,0 +1,16 @@ +{{- if .Values.jaeger.persistentVolumeClaim.enabled }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: istio-jaeger-pvc + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} +spec: + storageClassName: {{ .Values.jaeger.storageClassName }} + accessModes: + - {{ .Values.jaeger.accessMode }} + resources: + requests: + storage: {{.Values.jaeger.persistentVolumeClaim.storage }} +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/service.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/service.yaml new file mode 100755 index 000000000..4210a9b5f --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/templates/service.yaml @@ -0,0 +1,63 @@ +apiVersion: v1 +kind: Service +metadata: + name: tracing + namespace: {{ .Release.Namespace }} + annotations: + {{- range $key, $val := .Values.service.annotations }} + {{ $key }}: {{ $val | quote }} + {{- end }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + type: {{ .Values.service.type }} + ports: + - name: {{ .Values.service.name }} + port: {{ .Values.service.externalPort }} + protocol: TCP + targetPort: 16686 + selector: + app: {{ .Values.provider }} +--- +# Jaeger implements the Zipkin API. To support swapping out the tracing backend, we use a Service named Zipkin. +apiVersion: v1 +kind: Service +metadata: + name: zipkin + namespace: {{ .Release.Namespace }} + labels: + name: zipkin + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + ports: + - name: {{ .Values.service.name }} + port: {{ .Values.zipkin.queryPort }} + targetPort: {{ .Values.zipkin.queryPort }} + selector: + app: {{ .Values.provider }} +--- +apiVersion: v1 +kind: Service +metadata: + name: jaeger-collector + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + type: ClusterIP + ports: + - name: jaeger-collector-http + port: 14268 + targetPort: 14268 + protocol: TCP + - name: jaeger-collector-grpc + port: 14250 + targetPort: 14250 + protocol: TCP + selector: + app: {{ .Values.provider }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/values.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/values.yaml new file mode 100755 index 000000000..18ff81c3c --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/charts/tracing/values.yaml @@ -0,0 +1,44 @@ +provider: jaeger +contextPath: "" +nodeSelector: {} +podAntiAffinityLabelSelector: [] +podAntiAffinityTermLabelSelector: [] +nameOverride: "" +fullnameOverride: "" + +global: + cattle: + systemDefaultRegistry: "" + defaultResources: {} + imagePullPolicy: IfNotPresent + imagePullSecrets: [] + arch: + amd64: 2 + s390x: 2 + ppc64le: 2 + defaultNodeSelector: {} + rbac: + pspEnabled: false + +jaeger: + repository: rancher/mirrored-jaegertracing-all-in-one + tag: 1.20.0 + # spanStorageType value can be "memory" and "badger" for all-in-one image + spanStorageType: badger + resources: + requests: + cpu: 10m + persistentVolumeClaim: + enabled: false + storage: 5Gi + storageClassName: "" + accessMode: ReadWriteMany + memory: + max_traces: 50000 +zipkin: + queryPort: 9411 +service: + annotations: {} + name: http-query + type: ClusterIP + externalPort: 16686 diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/configs/istio-base.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/configs/istio-base.yaml new file mode 100755 index 000000000..7ff972e2d --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/configs/istio-base.yaml @@ -0,0 +1,89 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + addonComponents: + istiocoredns: + enabled: {{ .Values.istiocoredns.enabled }} + components: + base: + enabled: {{ .Values.base.enabled }} + cni: + enabled: {{ .Values.cni.enabled }} + egressGateways: + - enabled: {{ .Values.egressGateways.enabled }} + name: istio-egressgateway + ingressGateways: + - enabled: {{ .Values.ingressGateways.enabled }} + name: istio-ingressgateway + k8s: + service: + ports: + - name: status-port + port: 15021 + targetPort: 15021 + - name: http2 + port: 80 + targetPort: 8080 + nodePort: 31380 + - name: https + port: 443 + targetPort: 8443 + nodePort: 31390 + - name: tcp + port: 31400 + targetPort: 31400 + nodePort: 31400 + - name: tls + port: 15443 + targetPort: 15443 + istiodRemote: + enabled: {{ .Values.istiodRemote.enabled }} + pilot: + enabled: {{ .Values.pilot.enabled }} + hub: {{ .Values.systemDefaultRegistry | default "docker.io" }} + profile: default + tag: {{ .Values.tag }} + revision: {{ .Values.revision }} + meshConfig: + defaultConfig: + proxyMetadata: + {{- if .Values.dns.enabled }} + ISTIO_META_DNS_CAPTURE: "true" + {{- end }} + values: + gateways: + istio-egressgateway: + name: istio-egressgateway + type: {{ .Values.egressGateways.type }} + istio-ingressgateway: + name: istio-ingressgateway + type: {{ .Values.ingressGateways.type }} + global: + istioNamespace: {{ template "istio.namespace" . }} + proxy: + image: {{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }} + proxy_init: + image: {{ template "system_default_registry" . }}{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }} + {{- if .Values.global.defaultPodDisruptionBudget.enabled }} + defaultPodDisruptionBudget: + enabled: {{ .Values.global.defaultPodDisruptionBudget.enabled }} + {{- end }} + istiocoredns: + coreDNSImage: {{ template "system_default_registry" . }}{{ .Values.istiocoredns.image.repository }} + coreDNSPluginImage: {{ template "system_default_registry" . }}{{ .Values.istiocoredns.pluginImage.repository }}:{{ .Values.istiocoredns.pluginImage.tag }} + coreDNSTag: {{ .Values.istiocoredns.image.tag }} + {{- if .Values.pilot.enabled }} + pilot: + image: {{ template "system_default_registry" . }}{{ .Values.pilot.repository }}:{{ .Values.pilot.tag }} + {{- end }} + telemetry: + enabled: {{ .Values.telemetry.enabled }} + v2: + enabled: {{ .Values.telemetry.v2.enabled }} + {{- if .Values.cni.enabled }} + cni: + image: {{ template "system_default_registry" . }}{{ .Values.cni.repository }}:{{ .Values.cni.tag }} + excludeNamespaces: + {{- toYaml .Values.cni.excludeNamespaces | nindent 8 }} + logLevel: {{ .Values.cni.logLevel }} + {{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/requirements.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/requirements.yaml new file mode 100755 index 000000000..b60745780 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/requirements.yaml @@ -0,0 +1,17 @@ +dependencies: +- name: kiali + version: "" + repository: file://./charts/kiali + condition: kiali.enabled + tags: [] + enabled: false + importvalues: [] + alias: "" +- name: tracing + version: "" + repository: file://./charts/tracing + condition: tracing.enabled + tags: [] + enabled: false + importvalues: [] + alias: "" diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/samples/overlay-example.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/samples/overlay-example.yaml new file mode 100755 index 000000000..5cf3cf3b0 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/samples/overlay-example.yaml @@ -0,0 +1,37 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + components: + ingressGateways: + - enabled: true + name: ilb-gateway + namespace: user-ingressgateway-ns + k8s: + resources: + requests: + cpu: 200m + service: + ports: + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns + port: 5353 + serviceAnnotations: + cloud.google.com/load-balancer-type: internal + - enabled: true + name: other-gateway + namespace: cattle-istio-system + k8s: + resources: + requests: + cpu: 200m + service: + ports: + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns + port: 5353 + serviceAnnotations: + cloud.google.com/load-balancer-type: internal diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/_helpers.tpl b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/_helpers.tpl new file mode 100755 index 000000000..3f7af953a --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/_helpers.tpl @@ -0,0 +1,12 @@ +{{/* Ensure namespace is set the same everywhere */}} +{{- define "istio.namespace" -}} + {{- .Release.Namespace | default "istio-system" -}} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/admin-role.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/admin-role.yaml new file mode 100755 index 000000000..ad1313c4f --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/admin-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + name: istio-admin + namespace: {{ template "istio.namespace" . }} +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: + - '*' + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: + - '*' diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/base-config-map.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/base-config-map.yaml new file mode 100755 index 000000000..5323917bc --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/base-config-map.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-installer-base + namespace: {{ template "istio.namespace" . }} +data: +{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/clusterrole.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/clusterrole.yaml new file mode 100755 index 000000000..a93b3df95 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/clusterrole.yaml @@ -0,0 +1,120 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istio-installer +rules: +# istio groups +- apiGroups: + - authentication.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - config.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - install.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - rbac.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - security.istio.io + resources: + - '*' + verbs: + - '*' +# k8s groups +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions.apiextensions.k8s.io + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - apps + - extensions + resources: + - daemonsets + - deployments + - deployments/finalizers + - ingresses + - replicasets + - statefulsets + verbs: + - '*' +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - '*' +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - roles + - rolebindings + verbs: + - '*' +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - namespaces + - pods + - pods/exec + - persistentvolumeclaims + - secrets + - services + - serviceaccounts + verbs: + - '*' +- apiGroups: + - policy + resourceNames: + - istio-installer + resources: + - podsecuritypolicies + verbs: + - use diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/clusterrolebinding.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..9d74a0434 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: istio-installer +subjects: +- kind: ServiceAccount + name: istio-installer + namespace: {{ template "istio.namespace" . }} +roleRef: + kind: ClusterRole + name: istio-installer + apiGroup: rbac.authorization.k8s.io diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/edit-role.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/edit-role.yaml new file mode 100755 index 000000000..d1059d58d --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/edit-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + namespace: {{ template "istio.namespace" . }} + name: istio-edit +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: + - '*' + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: + - '*' diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/istio-cni-psp.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/istio-cni-psp.yaml new file mode 100755 index 000000000..5b94c8503 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/istio-cni-psp.yaml @@ -0,0 +1,51 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: psp-istio-cni + namespace: {{ template "istio.namespace" . }} +spec: + allowPrivilegeEscalation: true + fsGroup: + rule: RunAsAny + hostNetwork: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - secret + - configMap + - emptyDir + - hostPath +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: psp-istio-cni + namespace: {{ template "istio.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: psp-istio-cni +subjects: + - kind: ServiceAccount + name: istio-cni +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: psp-istio-cni + namespace: {{ template "istio.namespace" . }} +rules: +- apiGroups: + - policy + resourceNames: + - psp-istio-cni + resources: + - podsecuritypolicies + verbs: + - use +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/istio-install-job.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/istio-install-job.yaml new file mode 100755 index 000000000..9a13f5698 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/istio-install-job.yaml @@ -0,0 +1,50 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: istioctl-installer + namespace: {{ template "istio.namespace" . }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + backoffLimit: 1 + template: + spec: + containers: + - name: istioctl-installer + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} + env: + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: ISTIO_NAMESPACE + value: {{ template "istio.namespace" . }} + - name: FORCE_INSTALL + value: {{ .Values.forceInstall | default "false" | quote }} + command: ["/bin/sh","-c"] + args: ["/usr/local/app/scripts/run.sh"] + volumeMounts: + - name: config-volume + mountPath: /app/istio-base.yaml + subPath: istio-base.yaml + {{- if .Values.overlayFile }} + - name: overlay-volume + mountPath: /app/overlay-config.yaml + subPath: overlay-config.yaml + {{- end }} + volumes: + - name: config-volume + configMap: + name: istio-installer-base + {{- if .Values.overlayFile }} + - name: overlay-volume + configMap: + name: istio-installer-overlay + {{- end }} + serviceAccountName: istio-installer + {{- if .Values.global.rbac.pspEnabled }} + securityContext: + runAsUser: 101 + runAsGroup: 101 + {{- end }} + restartPolicy: Never diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/istio-install-psp.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/istio-install-psp.yaml new file mode 100755 index 000000000..f0b5ee565 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/istio-install-psp.yaml @@ -0,0 +1,30 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: istio-installer + namespace: {{ template "istio.namespace" . }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'configMap' + - 'secret' +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/istio-psp.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/istio-psp.yaml new file mode 100755 index 000000000..b3758b74f --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/istio-psp.yaml @@ -0,0 +1,81 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: istio-psp + namespace: {{ template "istio.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: istio-psp +subjects: + - kind: ServiceAccount + name: istio-egressgateway-service-account + - kind: ServiceAccount + name: istio-ingressgateway-service-account + - kind: ServiceAccount + name: istio-mixer-service-account + - kind: ServiceAccount + name: istio-operator-authproxy + - kind: ServiceAccount + name: istiod-service-account + - kind: ServiceAccount + name: istio-sidecar-injector-service-account + - kind: ServiceAccount + name: istiocoredns-service-account + - kind: ServiceAccount + name: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: istio-psp + namespace: {{ template "istio.namespace" . }} +rules: +- apiGroups: + - policy + resourceNames: + - istio-psp + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: istio-psp + namespace: {{ template "istio.namespace" . }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - emptyDir + - projected + - secret + - downwardAPI + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/istio-uninstall-job.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/istio-uninstall-job.yaml new file mode 100755 index 000000000..a7f156325 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/istio-uninstall-job.yaml @@ -0,0 +1,45 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: istioctl-uninstaller + namespace: {{ template "istio.namespace" . }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + spec: + containers: + - name: istioctl-uninstaller + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} + env: + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: ISTIO_NAMESPACE + value: {{ template "istio.namespace" . }} + command: ["/bin/sh","-c"] + args: ["/usr/local/app/scripts/uninstall_istio_system.sh"] + volumeMounts: + - name: config-volume + mountPath: /app/istio-base.yaml + subPath: istio-base.yaml + {{- if .Values.overlayFile }} + - name: overlay-volume + mountPath: /app/overlay-config.yaml + subPath: overlay-config.yaml + {{ end }} + volumes: + - name: config-volume + configMap: + name: istio-installer-base + {{- if .Values.overlayFile }} + - name: overlay-volume + configMap: + name: istio-installer-overlay + {{ end }} + serviceAccountName: istio-installer + securityContext: + runAsUser: 101 + runAsGroup: 101 + restartPolicy: OnFailure diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/overlay-config-map.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/overlay-config-map.yaml new file mode 100755 index 000000000..287d26b2c --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/overlay-config-map.yaml @@ -0,0 +1,9 @@ +{{- if .Values.overlayFile }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-installer-overlay + namespace: {{ template "istio.namespace" . }} +data: + overlay-config.yaml: {{ toYaml .Values.overlayFile | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/service-monitors.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/service-monitors.yaml new file mode 100755 index 000000000..c3d60c4fc --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/service-monitors.yaml @@ -0,0 +1,51 @@ +{{- if .Values.kiali.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: envoy-stats-monitor + namespace: {{ template "istio.namespace" . }} + labels: + monitoring: istio-proxies +spec: + selector: + matchExpressions: + - {key: istio-prometheus-ignore, operator: DoesNotExist} + namespaceSelector: + any: true + jobLabel: envoy-stats + endpoints: + - path: /stats/prometheus + targetPort: 15090 + interval: 15s + relabelings: + - sourceLabels: [__meta_kubernetes_pod_container_port_name] + action: keep + regex: '.*-envoy-prom' + - action: labeldrop + regex: "__meta_kubernetes_pod_label_(.+)" + - sourceLabels: [__meta_kubernetes_namespace] + action: replace + targetLabel: namespace + - sourceLabels: [__meta_kubernetes_pod_name] + action: replace + targetLabel: pod_name +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: istio-component-monitor + namespace: {{ template "istio.namespace" . }} + labels: + monitoring: istio-components +spec: + jobLabel: istio + targetLabels: [app] + selector: + matchExpressions: + - {key: istio, operator: In, values: [pilot]} + namespaceSelector: + any: true + endpoints: + - port: http-monitoring + interval: 15s +{{- end -}} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/serviceaccount.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/serviceaccount.yaml new file mode 100755 index 000000000..82b6cbb7e --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: istio-installer + namespace: {{ template "istio.namespace" . }} diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/view-role.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/view-role.yaml new file mode 100755 index 000000000..5947d3eba --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/templates/view-role.yaml @@ -0,0 +1,41 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + namespace: {{ template "istio.namespace" . }} + name: istio-view +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: ["get", "watch", "list"] + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: ["get", "watch", "list"] diff --git a/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/values.yaml b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/values.yaml new file mode 100755 index 000000000..98320a858 --- /dev/null +++ b/released/charts/rancher-istio-1.9/rancher-istio/1.9.300/values.yaml @@ -0,0 +1,95 @@ +overlayFile: "" +tag: 1.9.3 +##Setting forceInstall: true will remove the check for istio version < 1.6.x and will not analyze your install cluster prior to install +forceInstall: false + +installer: + repository: rancher/istio-installer + tag: 1.9.3-rancher1 + +##Deprecated as of 1.8, native support provided by enabling `dns.enabled=true` +istiocoredns: + enabled: false + image: + repository: rancher/mirrored-coredns-coredns + tag: 1.6.2 + pluginImage: + repository: rancher/mirrored-istio-coredns-plugin + tag: 0.2-istio-1.1 + +##Native support for dns added in 1.8 +dns: + enabled: false + +base: + enabled: true + +cni: + enabled: false + repository: rancher/mirrored-istio-install-cni + tag: 1.9.3 + logLevel: info + excludeNamespaces: + - istio-system + - kube-system + +egressGateways: + enabled: false + type: NodePort + +ingressGateways: + enabled: true + type: NodePort + +istiodRemote: + enabled: false + +pilot: + enabled: true + repository: rancher/mirrored-istio-pilot + tag: 1.9.3 + +telemetry: + enabled: true + v2: + enabled: true + +global: + cattle: + systemDefaultRegistry: "" + proxy: + repository: rancher/mirrored-istio-proxyv2 + tag: 1.9.3 + proxy_init: + repository: rancher/mirrored-istio-proxyv2 + tag: 1.9.3 + defaultPodDisruptionBudget: + enabled: true + rbac: + pspEnabled: false + +# Kiali subchart from rancher-kiali-server +kiali: + enabled: true + auth: + strategy: anonymous + deployment: + ingress_enabled: false + repository: rancher/mirrored-kiali-kiali + tag: v1.32.0 + external_services: + prometheus: + custom_metrics_url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" + url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" + tracing: + in_cluster_url: "http://tracing.istio-system.svc:16686/jaeger" + grafana: + in_cluster_url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80" + url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80" + +tracing: + enabled: false + contextPath: "/jaeger" + jaeger: + repository: rancher/mirrored-jaegertracing-all-in-one + tag: 1.20.0 diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/Chart.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/Chart.yaml new file mode 100644 index 000000000..c4dbb210b --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/Chart.yaml @@ -0,0 +1,19 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.23.001 + catalog.cattle.io/certified: rancher + catalog.cattle.io/namespace: istio-system + catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1 + catalog.cattle.io/release-name: rancher-istio + catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 + catalog.cattle.io/ui-component: istio + catalog.cattle.io/os: linux +apiVersion: v1 +appVersion: 1.7.1 +description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ + for details. +icon: https://charts.rancher.io/assets/logos/istio.svg +keywords: +- networking +- infrastructure +name: rancher-istio +version: 1.7.100 diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/README.md b/released/charts/rancher-istio/rancher-istio/1.7.100/README.md new file mode 100644 index 000000000..d373dff8d --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/README.md @@ -0,0 +1,28 @@ +# Rancher Istio Installers + +A Rancher created chart that packages the istioctl binary to install via a helm chart. + +# Installation Requirements + +## Chart Dependencies +- rancher-kiali-server-crd chart +- rancher-monitoring chart or other monitoring installation + +### Kiali +The `kiali.external_services.prometheus` url is set in the values.yaml: +``` +http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} +``` +The url depends on the default values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` being set in your rancher-monitoring or other monitoring instance. + +The Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. + +To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. + +1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. +1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. + +# Installation +``` +helm install rancher-istio . --create-namespace -n istio-system +``` diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/Chart.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/Chart.yaml new file mode 100644 index 000000000..b1643d95c --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/Chart.yaml @@ -0,0 +1,31 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=match + catalog.cattle.io/hidden: "true" + catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 + catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 + catalog.rancher.io/namespace: cattle-istio-system + catalog.rancher.io/release-name: rancher-kiali-server + catalog.cattle.io/os: linux +apiVersion: v2 +appVersion: v1.23.0 +description: Kiali is an open source project for service mesh observability, refer + to https://www.kiali.io for details. This is installed as sub-chart with customized + values in Rancher's Istio. +home: https://github.com/kiali/kiali +icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png +keywords: +- istio +- kiali +- networking +- infrastructure +maintainers: +- email: kiali-users@googlegroups.com + name: Kiali + url: https://kiali.io +name: rancher-kiali-server +sources: +- https://github.com/kiali/kiali +- https://github.com/kiali/kiali-ui +- https://github.com/kiali/kiali-operator +- https://github.com/kiali/helm-charts +version: 1.23.0 diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/NOTES.txt b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/NOTES.txt new file mode 100644 index 000000000..751019401 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/NOTES.txt @@ -0,0 +1,5 @@ +Welcome to Kiali! For more details on Kiali, see: https://kiali.io + +The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon. + +(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}]) diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/_helpers.tpl b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/_helpers.tpl new file mode 100644 index 000000000..9dd3d7ff0 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/_helpers.tpl @@ -0,0 +1,176 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "kiali-server.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kiali-server.fullname" -}} +{{- if .Values.fullnameOverride }} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} + {{- $name := default .Chart.Name .Values.nameOverride }} + {{- printf "%s" $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kiali-server.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kiali-server.labels" -}} +helm.sh/chart: {{ include "kiali-server.chart" . }} +app: {{ include "kiali-server.name" . }} +{{ include "kiali-server.selectorLabels" . }} +version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kiali-server.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kiali-server.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Used to determine if a custom dashboard (defined in .Template.Name) should be deployed. +*/}} +{{- define "kiali-server.isDashboardEnabled" -}} +{{- $includere := "" }} +{{- range $_, $s := .Values.deployment.custom_dashboards.includes }} + {{- if $s }} + {{- if $includere }} + {{- $includere = printf "%s|^%s$" $includere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $includere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} +{{- end }} +{{- $excludere := "" }} +{{- range $_, $s := .Values.deployment.custom_dashboards.excludes }} + {{- if $s }} + {{- if $excludere }} + {{- $excludere = printf "%s|^%s$" $excludere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $excludere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} +{{- end }} +{{- if (and (mustRegexMatch (default "no-matches" $includere) (base .Template.Name)) (not (mustRegexMatch (default "no-matches" $excludere) (base .Template.Name)))) }} + {{- print "enabled" }} +{{- else }} + {{- print "" }} +{{- end }} +{{- end }} + +{{/* +Determine the default login token signing key. +*/}} +{{- define "kiali-server.login_token.signing_key" -}} +{{- if .Values.login_token.signing_key }} + {{- .Values.login_token.signing_key }} +{{- else }} + {{- randAlphaNum 16 }} +{{- end }} +{{- end }} + +{{/* +Determine the default web root. +*/}} +{{- define "kiali-server.server.web_root" -}} +{{- if .Values.server.web_root }} + {{- .Values.server.web_root | trimSuffix "/" }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/" }} + {{- else }} + {{- "/kiali" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity cert file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.cert_file" -}} +{{- if hasKey .Values.identity "cert_file" }} + {{- .Values.identity.cert_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.crt" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity private key file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.private_key_file" -}} +{{- if hasKey .Values.identity "private_key_file" }} + {{- .Values.identity.private_key_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.key" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the istio namespace - default is where Kiali is installed. +*/}} +{{- define "kiali-server.istio_namespace" -}} +{{- if .Values.istio_namespace }} + {{- .Values.istio_namespace }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} + +{{/* +Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift. +*/}} +{{- define "kiali-server.auth.strategy" -}} +{{- if .Values.auth.strategy }} + {{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }} + {{- end }} + {{- .Values.auth.strategy }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- if not .Values.kiali_route_url }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }} + {{- end }} + {{- "openshift" }} + {{- else }} + {{- "token" }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/cabundle.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/cabundle.yaml new file mode 100644 index 000000000..7462b95a7 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/cabundle.yaml @@ -0,0 +1,13 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }}-cabundle + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + service.beta.openshift.io/inject-cabundle: "true" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/configmap.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/configmap.yaml new file mode 100644 index 000000000..b1bf53173 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/configmap.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + config.yaml: | + {{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}} + {{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }} + {{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}} + {{- $_ := set $cm.deployment "namespace" .Release.Namespace }} + {{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}} + {{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }} + {{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }} + {{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }} + {{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }} + {{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }} + {{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }} + {{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }} + {{- toYaml $cm | nindent 4 }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/envoy.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/envoy.yaml new file mode 100644 index 000000000..8d961b848 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/envoy.yaml @@ -0,0 +1,55 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: envoy + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Envoy Metrics +# discoverOn: "envoy_server_uptime" + items: + - chart: + name: "Pods uptime" + spans: 4 + metricName: "envoy_server_uptime" + dataType: "raw" + - chart: + name: "Allocated memory" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_allocated" + dataType: "raw" + min: 0 + - chart: + name: "Heap size" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_heap_size" + dataType: "raw" + min: 0 + - chart: + name: "Upstream active connections" + spans: 6 + metricName: "envoy_cluster_upstream_cx_active" + dataType: "raw" + - chart: + name: "Upstream total requests" + spans: 6 + metricName: "envoy_cluster_upstream_rq_total" + unit: "rps" + dataType: "rate" + - chart: + name: "Downstream active connections" + spans: 6 + metricName: "envoy_listener_downstream_cx_active" + dataType: "raw" + - chart: + name: "Downstream HTTP requests" + spans: 6 + metricName: "envoy_listener_http_downstream_rq" + unit: "rps" + dataType: "rate" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/go.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/go.yaml new file mode 100644 index 000000000..01ebed7b5 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/go.yaml @@ -0,0 +1,66 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: go + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Go Metrics + runtime: Go + discoverOn: "go_info" + items: + - chart: + name: "CPU ratio" + spans: 6 + metricName: "process_cpu_seconds_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "RSS Memory" + unit: "bytes" + spans: 6 + metricName: "process_resident_memory_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Goroutines" + spans: 6 + metricName: "go_goroutines" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Heap allocation rate" + unit: "bytes/s" + spans: 6 + metricName: "go_memstats_alloc_bytes_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "GC rate" + spans: 6 + metricName: "go_gc_duration_seconds_count" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Next GC" + unit: "bytes" + spans: 6 + metricName: "go_memstats_next_gc_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/kiali.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/kiali.yaml new file mode 100644 index 000000000..0d5b5caa2 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/kiali.yaml @@ -0,0 +1,43 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: kiali + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Kiali Internal Metrics + items: + - chart: + name: "API processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_api_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "route" + displayName: "Route" + - chart: + name: "Functions processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_go_function_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" + - chart: + name: "Failures" + spans: 12 + metricName: "kiali_go_function_failures_total" + dataType: "raw" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml new file mode 100644 index 000000000..e89e1200c --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml @@ -0,0 +1,42 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Pool Metrics + discoverOn: "jvm_buffer_total_capacity_bytes" + items: + - chart: + name: "Pool buffer memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer capacity" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_total_capacity_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer count" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_count" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm.yaml new file mode 100644 index 000000000..ab487dccc --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm.yaml @@ -0,0 +1,64 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live" + items: + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon" + dataType: "raw" + - chart: + name: "Loaded classes" + spans: 4 + metricName: "jvm_classes_loaded" + dataType: "raw" + + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/micrometer-1.1-jvm.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/micrometer-1.1-jvm.yaml new file mode 100644 index 000000000..d7014951d --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/micrometer-1.1-jvm.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.1-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live_threads" + items: + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live_threads" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon_threads" + dataType: "raw" + - chart: + name: "Threads states" + spans: 4 + metricName: "jvm_threads_states_threads" + dataType: "raw" + aggregations: + - label: "state" + displayName: "State" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/microprofile-1.1.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/microprofile-1.1.yaml new file mode 100644 index 000000000..c00446c10 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/microprofile-1.1.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-1.1 + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:thread_count" + items: + - chart: + name: "Current loaded classes" + spans: 6 + metricName: "base:classloader_current_loaded_class_count" + dataType: "raw" + - chart: + name: "Unloaded classes" + spans: 6 + metricName: "base:classloader_total_unloaded_class_count" + dataType: "raw" + - chart: + name: "Thread count" + spans: 4 + metricName: "base:thread_count" + dataType: "raw" + - chart: + name: "Thread max count" + spans: 4 + metricName: "base:thread_max_count" + dataType: "raw" + - chart: + name: "Thread daemon count" + spans: 4 + metricName: "base:thread_daemon_count" + dataType: "raw" + - chart: + name: "Committed heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_committed_heap_bytes" + dataType: "raw" + - chart: + name: "Max heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_max_heap_bytes" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_used_heap_bytes" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/microprofile-x.y.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/microprofile-x.y.yaml new file mode 100644 index 000000000..d15f527d9 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/microprofile-x.y.yaml @@ -0,0 +1,37 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-x.y + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:gc_complete_scavenger_count" + items: + - chart: + name: "Young GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_young_generation_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Young GC count" + spans: 3 + metricName: "base:gc_young_generation_scavenger_count" + dataType: "raw" + - chart: + name: "Total GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_complete_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Total GC count" + spans: 3 + metricName: "base:gc_complete_scavenger_count" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/nodejs.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/nodejs.yaml new file mode 100644 index 000000000..d772a16c0 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/nodejs.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: nodejs + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Node.js + title: Node.js Metrics + discoverOn: "nodejs_active_handles_total" + items: + - chart: + name: "Active handles" + spans: 4 + metricName: "nodejs_active_handles_total" + dataType: "raw" + - chart: + name: "Active requests" + spans: 4 + metricName: "nodejs_active_requests_total" + dataType: "raw" + - chart: + name: "Event loop lag" + unit: "seconds" + spans: 4 + metricName: "nodejs_eventloop_lag_seconds" + dataType: "raw" + - chart: + name: "Total heap size" + unit: "bytes" + spans: 12 + metricName: "nodejs_heap_space_size_total_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Used heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_used_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Available heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_available_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/quarkus.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/quarkus.yaml new file mode 100644 index 000000000..4fc3e9ac0 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/quarkus.yaml @@ -0,0 +1,32 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: quarkus + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Quarkus Metrics + runtime: Quarkus + items: + - chart: + name: "Thread count" + spans: 4 + metricName: "vendor:thread_count" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_heap_usage_bytes" + dataType: "raw" + - chart: + name: "Used non-heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_non_heap_usage_bytes" + dataType: "raw" + - include: "microprofile-x.y" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/springboot-jvm-pool.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/springboot-jvm-pool.yaml new file mode 100644 index 000000000..2ff4ae576 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/springboot-jvm-pool.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Pool Metrics + items: + - include: "micrometer-1.0.6-jvm-pool" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/springboot-jvm.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/springboot-jvm.yaml new file mode 100644 index 000000000..8bd43055b --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/springboot-jvm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Metrics + items: + - include: "micrometer-1.0.6-jvm" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/springboot-tomcat.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/springboot-tomcat.yaml new file mode 100644 index 000000000..4b27aee4f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/springboot-tomcat.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-tomcat + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: Tomcat Metrics + items: + - include: "tomcat" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/thorntail.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/thorntail.yaml new file mode 100644 index 000000000..513488df4 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/thorntail.yaml @@ -0,0 +1,21 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: thorntail + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Thorntail + title: Thorntail Metrics + discoverOn: "vendor:loaded_modules" + items: + - include: "microprofile-1.1" + - chart: + name: "Loaded modules" + spans: 6 + metricName: "vendor:loaded_modules" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/tomcat.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/tomcat.yaml new file mode 100644 index 000000000..28fd7f1cc --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/tomcat.yaml @@ -0,0 +1,66 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: tomcat + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Tomcat + title: Tomcat Metrics + discoverOn: "tomcat_sessions_created_total" + items: + - chart: + name: "Sessions created" + spans: 4 + metricName: "tomcat_sessions_created_total" + dataType: "raw" + - chart: + name: "Active sessions" + spans: 4 + metricName: "tomcat_sessions_active_current" + dataType: "raw" + - chart: + name: "Sessions rejected" + spans: 4 + metricName: "tomcat_sessions_rejected_total" + dataType: "raw" + + - chart: + name: "Bytes sent" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_sent_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Bytes received" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_received_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + + - chart: + name: "Global errors" + spans: 6 + metricName: "tomcat_global_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Servlet errors" + spans: 6 + metricName: "tomcat_servlet_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/vertx-client.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/vertx-client.yaml new file mode 100644 index 000000000..17392d87f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/vertx-client.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-client + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Client Metrics + discoverOn: "vertx_http_client_connections" + items: + - chart: + name: "Client response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_client_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_client_requestCount_total" + dataType: "rate" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client active connections" + spans: 6 + metricName: "vertx_http_client_connections" + dataType: "raw" + - chart: + name: "Client active websockets" + spans: 6 + metricName: "vertx_http_client_wsConnections" + dataType: "raw" + - chart: + name: "Client bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesSent" + dataType: "histogram" + - chart: + name: "Client bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/vertx-eventbus.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/vertx-eventbus.yaml new file mode 100644 index 000000000..fa659b55c --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/vertx-eventbus.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-eventbus + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Eventbus Metrics + discoverOn: "vertx_eventbus_handlers" + items: + - chart: + name: "Event bus handlers" + spans: 6 + metricName: "vertx_eventbus_handlers" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus pending messages" + spans: 6 + metricName: "vertx_eventbus_pending" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus processing time" + unit: "seconds" + spans: 6 + metricName: "vertx_eventbus_processingTime_seconds" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes read" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesRead" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes written" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesWritten" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/vertx-jvm.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/vertx-jvm.yaml new file mode 100644 index 000000000..ac03ea2e0 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/vertx-jvm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: JVM Metrics + items: + - include: "micrometer-1.1-jvm" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/vertx-pool.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/vertx-pool.yaml new file mode 100644 index 000000000..3715e9c10 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/vertx-pool.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Pools Metrics + discoverOn: "vertx_pool_ratio" + items: + - chart: + name: "Usage duration" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_usage_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Usage ratio" + spans: 6 + metricName: "vertx_pool_ratio" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Queue size" + spans: 6 + metricName: "vertx_pool_queue_size" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Time in queue" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_queue_delay_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Resources used" + spans: 6 + metricName: "vertx_pool_inUse" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/vertx-server.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/vertx-server.yaml new file mode 100644 index 000000000..686295468 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/dashboards/vertx-server.yaml @@ -0,0 +1,61 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-server + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Server Metrics + discoverOn: "vertx_http_server_connections" + items: + - chart: + name: "Server response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_server_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_server_requestCount_total" + dataType: "rate" + aggregations: + - label: "code" + displayName: "Error code" + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server active connections" + spans: 6 + metricName: "vertx_http_server_connections" + dataType: "raw" + - chart: + name: "Server active websockets" + spans: 6 + metricName: "vertx_http_server_wsConnections" + dataType: "raw" + - chart: + name: "Server bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesSent" + dataType: "histogram" + - chart: + name: "Server bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/deployment.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/deployment.yaml new file mode 100644 index 000000000..6fab9ee49 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/deployment.yaml @@ -0,0 +1,165 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.deployment.replicas }} + selector: + matchLabels: + {{- include "kiali-server.selectorLabels" . | nindent 6 }} + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 8 }} + annotations: + {{- if .Values.server.metrics_enabled }} + prometheus.io/scrape: "true" + prometheus.io/port: {{ .Values.server.metrics_port | quote }} + {{- else }} + prometheus.io/scrape: "false" + prometheus.io/port: null + {{- end }} + kiali.io/runtimes: go,kiali + {{- if .Values.deployment.pod_annotations }} + {{- toYaml .Values.deployment.pod_annotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "kiali-server.fullname" . }} + {{- if .Values.deployment.priority_class_name }} + priorityClassName: {{ .Values.deployment.priority_class_name | quote }} + {{- end }} + {{- if .Values.deployment.image_pull_secrets }} + imagePullSecrets: + {{- range .Values.deployment.image_pull_secrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}:{{ .Values.deployment.tag }}" + imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }} + name: {{ include "kiali-server.fullname" . }} + command: + - "/opt/kiali/kiali" + - "-config" + - "/kiali-configuration/config.yaml" + - "-v" + - "{{ .Values.deployment.verbose_mode }}" + ports: + - name: api-port + containerPort: {{ .Values.server.port | default 20001 }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + containerPort: {{ .Values.server.metrics_port | default 9090 }} + {{- end }} + readinessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + livenessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + env: + - name: ACTIVE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + {{- if .Values.web_root_override }} + - name: kiali-console + subPath: env.js + mountPath: /opt/kiali/console/env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + mountPath: "/kiali-configuration" + - name: {{ include "kiali-server.fullname" . }}-cert + mountPath: "/kiali-cert" + - name: {{ include "kiali-server.fullname" . }}-secret + mountPath: "/kiali-secret" + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + mountPath: "/kiali-cabundle" + {{- end }} + {{- if .Values.deployment.resources }} + resources: + {{- toYaml .Values.deployment.resources | nindent 10 }} + {{- end }} + volumes: + {{- if .Values.web_root_override }} + - name: kiali-console + configMap: + name: kiali-console + items: + - key: env.js + path: env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + configMap: + name: {{ include "kiali-server.fullname" . }} + - name: {{ include "kiali-server.fullname" . }}-cert + secret: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + secretName: {{ include "kiali-server.fullname" . }}-cert-secret + {{- else }} + secretName: istio.{{ include "kiali-server.fullname" . }}-service-account + {{- end }} + {{- if not (include "kiali-server.identity.cert_file" .) }} + optional: true + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-secret + secret: + secretName: {{ .Values.deployment.secret_name }} + optional: true + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + configMap: + name: {{ include "kiali-server.fullname" . }}-cabundle + {{- end }} + {{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.pod) (.Values.deployment.pod_anti)) }} + affinity: + {{- if .Values.deployment.affinity.node }} + nodeAffinity: + {{- toYaml .Values.deployment.affinity.node | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod }} + podAffinity: + {{- toYaml .Values.deployment.affinity.pod | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod_anti }} + podAntiAffinity: + {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }} + {{- end }} + {{- end }} + {{- if .Values.deployment.tolerations }} + tolerations: + {{- toYaml .Values.deployment.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.deployment.node_selector }} + nodeSelector: + {{- toYaml .Values.deployment.node_selector | nindent 8 }} + {{- end }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/ingess.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/ingess.yaml new file mode 100644 index 000000000..5a427e896 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/ingess.yaml @@ -0,0 +1,40 @@ +{{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} +{{- if .Values.deployment.ingress_enabled }} +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }} + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- else }} + # For ingress-nginx versions older than 0.20.0 use secure-backends. + # (see: https://github.com/kubernetes/ingress-nginx/issues/3416#issuecomment-438247948) + # For ingress-nginx versions 0.20.0 and later use backend-protocol. + {{- if (include "kiali-server.identity.cert_file" .) }} + nginx.ingress.kubernetes.io/secure-backends: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + {{- else }} + nginx.ingress.kubernetes.io/secure-backends: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + {{- end }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + rules: + - http: + paths: + - path: {{ include "kiali-server.server.web_root" . }} + backend: + serviceName: {{ include "kiali-server.fullname" . }} + servicePort: {{ .Values.server.port }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/oauth.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/oauth.yaml new file mode 100644 index 000000000..a178bb85e --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/oauth.yaml @@ -0,0 +1,17 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.kiali_route_url }} +--- +apiVersion: oauth.openshift.io/v1 +kind: OAuthClient +metadata: + name: {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +redirectURIs: +- {{ .Values.kiali_route_url }} +grantMethod: auto +allowAnyScope: true +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/role-viewer.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/role-viewer.yaml new file mode 100644 index 000000000..790406017 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/role-viewer.yaml @@ -0,0 +1,101 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }}-viewer + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - replicationcontrollers + - services + verbs: + - get + - list + - watch +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - config.istio.io + - networking.istio.io + - authentication.istio.io + - rbac.istio.io + - security.istio.io + resources: ["*"] + verbs: + - get + - list + - watch +- apiGroups: ["authentication.maistra.io"] + resources: + - servicemeshpolicies + verbs: + - get + - list + - watch +- apiGroups: ["rbac.maistra.io"] + resources: + - servicemeshrbacconfigs + verbs: + - get + - list + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - get + - list +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/role.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/role.yaml new file mode 100644 index 000000000..34a47dd89 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/role.yaml @@ -0,0 +1,118 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - replicationcontrollers + - services + verbs: + - get + - list + - patch + - watch +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - patch + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - patch + - watch +- apiGroups: + - config.istio.io + - networking.istio.io + - authentication.istio.io + - rbac.istio.io + - security.istio.io + resources: ["*"] + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["authentication.maistra.io"] + resources: + - servicemeshpolicies + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["rbac.maistra.io"] + resources: + - servicemeshrbacconfigs + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - patch + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - create + - delete + - get + - list + - patch + - watch +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/rolebinding.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/rolebinding.yaml new file mode 100644 index 000000000..1eaabd65f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + {{- if .Values.deployment.view_only_mode }} + name: {{ include "kiali-server.fullname" . }}-viewer + {{- else }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/route.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/route.yaml new file mode 100644 index 000000000..27940dc96 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/route.yaml @@ -0,0 +1,30 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.deployment.ingress_enabled }} +# As of OpenShift 4.5, need to use --disable-openapi-validation when installing via Helm +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}} + annotations: + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + tls: + termination: reencrypt + insecureEdgeTerminationPolicy: Redirect + to: + kind: Service + targetPort: {{ .Values.server.port }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/service.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/service.yaml new file mode 100644 index 000000000..69dc395d1 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/service.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + service.beta.openshift.io/serving-cert-secret-name: {{ include "kiali-server.fullname" . }}-cert-secret + {{- end }} + kiali.io/api-spec: https://kiali.io/api + kiali.io/api-type: rest + {{- if .Values.deployment.service_annotations }} + {{- toYaml .Values.deployment.service_annotations | nindent 4 }} + {{- end }} +spec: + {{- if .Values.deployment.service_type }} + type: {{ .Values.deployment.service_type }} + {{- end }} + ports: + {{- if (include "kiali-server.identity.cert_file" .) }} + - name: tcp + {{- else }} + - name: http + {{- end }} + protocol: TCP + port: {{ .Values.server.port }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + protocol: TCP + port: {{ .Values.server.metrics_port }} + {{- end }} + selector: + {{- include "kiali-server.selectorLabels" . | nindent 4 }} + {{- if .Values.deployment.additional_service_yaml }} + {{- toYaml .Values.deployment.additional_service_yaml | nindent 2 }} + {{- end }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/serviceaccount.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/serviceaccount.yaml new file mode 100644 index 000000000..9151b6f6a --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/serviceaccount.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/validate-install-crd.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/validate-install-crd.yaml new file mode 100644 index 000000000..01d33e632 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/validate-install-crd.yaml @@ -0,0 +1,14 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "monitoring.kiali.io/v1alpha1/MonitoringDashboard" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the rancher-kiali-server-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/web-root-configmap.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/web-root-configmap.yaml new file mode 100644 index 000000000..0daa7bb23 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/templates/web-root-configmap.yaml @@ -0,0 +1,12 @@ +{{- if .Values.web_root_override }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: kiali-console + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + env.js: | + window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:rancher-istio-kiali:20001/proxy'; +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/values.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/values.yaml new file mode 100644 index 000000000..12ea7379d --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/charts/rancher-kiali-server/values.yaml @@ -0,0 +1,79 @@ +nameOverride: "kiali" +fullnameOverride: "kiali" + +# This is required for "openshift" auth strategy. +# You have to know ahead of time what your Route URL will be because +# right now the helm chart can't figure this out at runtime (it would +# need to wait for the Kiali Route to be deployed and for OpenShift +# to start it up). If someone knows how to update this helm chart to +# do this, a PR would be welcome. +kiali_route_url: "" + +# rancher specific override that allows proxy access to kiali url +web_root_override: true + +# +# Settings that mimic the Kiali CR which are placed in the ConfigMap. +# Note that only those values used by the Helm Chart will be here. +# + +istio_namespace: "" # default is where Kiali is installed + +auth: + openid: {} + openshift: {} + strategy: "" + +deployment: + # This only limits what Kiali will attempt to see, but Kiali Service Account has permissions to see everything. + # For more control over what the Kial Service Account can see, use the Kiali Operator + accessible_namespaces: + - "**" + additional_service_yaml: {} + affinity: + node: {} + pod: {} + pod_anti: {} + custom_dashboards: + excludes: [''] + includes: ['*'] + repository: rancher/kiali-kiali + image_pull_policy: "Always" + image_pull_secrets: [] + tag: v1.23.0 + ingress_enabled: true + node_selector: {} + override_ingress_yaml: + metadata: {} + pod_annotations: {} + priority_class_name: "" + replicas: 1 + resources: {} + secret_name: "kiali" + service_annotations: {} + service_type: "" + tolerations: [] + verbose_mode: "3" + version_label: v1.23.0 + view_only_mode: false + +identity: {} + #cert_file: + #private_key_file: + +login_token: + signing_key: "" + +server: + port: 20001 + metrics_enabled: true + metrics_port: 9090 + web_root: "" + +# Common settings used among istio subcharts. +global: + # Specify rancher clusterId of external tracing config + # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 + cattle: + systemDefaultRegistry: "" + clusterId: diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/configs/istio-base.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/configs/istio-base.yaml new file mode 100644 index 000000000..c66e769dd --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/configs/istio-base.yaml @@ -0,0 +1,99 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + addonComponents: + istiocoredns: + enabled: {{ .Values.istiocoredns.enabled }} + components: + base: + enabled: {{ .Values.base.enabled }} + cni: + enabled: {{ .Values.cni.enabled }} + egressGateways: + - enabled: {{ .Values.egressGateways.enabled }} + name: istio-egressgateway + ingressGateways: + - enabled: {{ .Values.ingressGateways.enabled }} + name: istio-ingressgateway + k8s: + service: + ports: + - name: status-port + port: 15021 + targetPort: 15021 + - name: http2 + port: 80 + targetPort: 8080 + nodePort: 31380 + - name: https + port: 443 + targetPort: 8443 + nodePort: 31390 + - name: tcp + port: 31400 + targetPort: 31400 + nodePort: 31400 + - name: tls + port: 15443 + targetPort: 15443 + istiodRemote: + enabled: {{ .Values.istiodRemote.enabled }} + pilot: + enabled: {{ .Values.pilot.enabled }} + policy: + enabled: {{ .Values.policy.enabled }} + telemetry: + enabled: {{ .Values.telemetry.v1.enabled }} + hub: {{ .Values.systemDefaultRegistry | default "docker.io" }} + profile: default + tag: {{ .Values.tag }} + revision: {{ .Values.revision }} + meshConfig: + enablePrometheusMerge: {{ .Values.meshConfig.enablePrometheusMerge }} + values: + gateways: + istio-egressgateway: + name: istio-egressgateway + type: {{ .Values.egressGateways.type }} + istio-ingressgateway: + name: istio-ingressgateway + type: {{ .Values.ingressGateways.type }} + global: + istioNamespace: {{ template "istio.namespace" . }} + proxy: + image: {{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }} + proxy_init: + image: {{ template "system_default_registry" . }}{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }} + {{- if .Values.global.defaultPodDisruptionBudget.enabled }} + defaultPodDisruptionBudget: + enabled: {{ .Values.global.defaultPodDisruptionBudget.enabled }} + {{- end }} + istiocoredns: + coreDNSImage: {{ template "system_default_registry" . }}{{ .Values.istiocoredns.image.repository }} + coreDNSPluginImage: {{ template "system_default_registry" . }}{{ .Values.istiocoredns.pluginImage.repository }}:{{ .Values.istiocoredns.pluginImage.tag }} + coreDNSTag: {{ .Values.istiocoredns.image.tag }} + {{- if or .Values.policy.enabled .Values.telemetry.v1.enabled }} + mixer: + {{- if .Values.policy.enabled }} + policy: + image: {{ template "system_default_registry" . }}{{ .Values.policy.repository }}:{{ .Values.policy.tag }} + {{- end }} + {{- if .Values.telemetry.v1.enabled }} + telemetry: + image: {{ template "system_default_registry" . }}{{ .Values.telemetry.v1.repository }}:{{ .Values.telemetry.v1.tag }} + {{- end }} + {{- end }} + {{- if .Values.pilot.enabled }} + pilot: + image: {{ template "system_default_registry" . }}{{ .Values.pilot.repository }}:{{ .Values.pilot.tag }} + {{- end }} + telemetry: + enabled: {{ .Values.telemetry.enabled }} + v1: + enabled: {{ .Values.telemetry.v1.enabled }} + v2: + enabled: {{ .Values.telemetry.v2.enabled }} + {{- if .Values.cni.enabled }} + cni: + image: {{ template "system_default_registry" . }}{{ .Values.cni.repository }}:{{ .Values.cni.tag }} + {{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/requirements.lock b/released/charts/rancher-istio/rancher-istio/1.7.100/requirements.lock new file mode 100644 index 000000000..40950318d --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/requirements.lock @@ -0,0 +1,6 @@ +dependencies: +- name: rancher-kiali-server + repository: file://../../rancher-kiali-server/charts + version: 1.23.0 +digest: sha256:33579a1f60d18cd1c2fd2e6e569018acdfe3c2459b9a1b77f341d53001512759 +generated: "2020-10-02T23:45:54.868279746Z" diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/requirements.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/requirements.yaml new file mode 100644 index 000000000..6c0a47abd --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/requirements.yaml @@ -0,0 +1,7 @@ +dependencies: + + - name: rancher-kiali-server + alias: kiali + condition: kiali.enabled + version: 1.23.0 + repository: file://../../rancher-kiali-server/charts diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/samples/overlay-example.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/samples/overlay-example.yaml new file mode 100644 index 000000000..5cf3cf3b0 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/samples/overlay-example.yaml @@ -0,0 +1,37 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + components: + ingressGateways: + - enabled: true + name: ilb-gateway + namespace: user-ingressgateway-ns + k8s: + resources: + requests: + cpu: 200m + service: + ports: + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns + port: 5353 + serviceAnnotations: + cloud.google.com/load-balancer-type: internal + - enabled: true + name: other-gateway + namespace: cattle-istio-system + k8s: + resources: + requests: + cpu: 200m + service: + ports: + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns + port: 5353 + serviceAnnotations: + cloud.google.com/load-balancer-type: internal diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/templates/_helpers.tpl b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/_helpers.tpl new file mode 100644 index 000000000..3f7af953a --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/_helpers.tpl @@ -0,0 +1,12 @@ +{{/* Ensure namespace is set the same everywhere */}} +{{- define "istio.namespace" -}} + {{- .Release.Namespace | default "istio-system" -}} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/templates/admin-role.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/admin-role.yaml new file mode 100644 index 000000000..ad1313c4f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/admin-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + name: istio-admin + namespace: {{ template "istio.namespace" . }} +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: + - '*' + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: + - '*' diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/templates/base-config-map.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/base-config-map.yaml new file mode 100644 index 000000000..5323917bc --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/base-config-map.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-installer-base + namespace: {{ template "istio.namespace" . }} +data: +{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/templates/clusterrole.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/clusterrole.yaml new file mode 100644 index 000000000..3e621d897 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/clusterrole.yaml @@ -0,0 +1,112 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istio-installer +rules: +# istio groups +- apiGroups: + - authentication.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - config.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - install.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - rbac.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - security.istio.io + resources: + - '*' + verbs: + - '*' +# k8s groups +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions.apiextensions.k8s.io + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - apps + - extensions + resources: + - daemonsets + - deployments + - deployments/finalizers + - ingresses + - replicasets + - statefulsets + verbs: + - '*' +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - '*' +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - roles + - rolebindings + verbs: + - '*' +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - namespaces + - pods + - pods/exec + - persistentvolumeclaims + - secrets + - services + - serviceaccounts + verbs: + - '*' diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/templates/clusterrolebinding.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..9d74a0434 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: istio-installer +subjects: +- kind: ServiceAccount + name: istio-installer + namespace: {{ template "istio.namespace" . }} +roleRef: + kind: ClusterRole + name: istio-installer + apiGroup: rbac.authorization.k8s.io diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/templates/edit-role.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/edit-role.yaml new file mode 100644 index 000000000..d1059d58d --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/edit-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + namespace: {{ template "istio.namespace" . }} + name: istio-edit +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: + - '*' + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: + - '*' diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/templates/istio-install-job.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/istio-install-job.yaml new file mode 100644 index 000000000..0e9c732e1 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/istio-install-job.yaml @@ -0,0 +1,45 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: istioctl-installer + namespace: {{ template "istio.namespace" . }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + backoffLimit: 1 + template: + spec: + containers: + - name: istioctl-installer + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} + env: + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: ISTIO_NAMESPACE + value: {{ template "istio.namespace" . }} + - name: FORCE_INSTALL + value: {{ .Values.forceInstall | default "false" | quote }} + command: ["/bin/sh","-c"] + args: ["/usr/local/app/scripts/run.sh"] + volumeMounts: + - name: config-volume + mountPath: /app/istio-base.yaml + subPath: istio-base.yaml + {{- if .Values.overlayFile }} + - name: overlay-volume + mountPath: /app/overlay-config.yaml + subPath: overlay-config.yaml + {{- end }} + volumes: + - name: config-volume + configMap: + name: istio-installer-base + {{- if .Values.overlayFile }} + - name: overlay-volume + configMap: + name: istio-installer-overlay + {{- end }} + serviceAccountName: istio-installer + restartPolicy: Never diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/templates/istio-uninstall-job.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/istio-uninstall-job.yaml new file mode 100644 index 000000000..b5946e55f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/istio-uninstall-job.yaml @@ -0,0 +1,42 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: istioctl-uninstaller + namespace: {{ template "istio.namespace" . }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + spec: + containers: + - name: istioctl-uninstaller + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} + env: + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: ISTIO_NAMESPACE + value: {{ template "istio.namespace" . }} + command: ["/bin/sh","-c"] + args: ["/usr/local/app/scripts/uninstall_istio_system.sh"] + volumeMounts: + - name: config-volume + mountPath: /app/istio-base.yaml + subPath: istio-base.yaml + {{- if .Values.overlayFile }} + - name: overlay-volume + mountPath: /app/overlay-config.yaml + subPath: overlay-config.yaml + {{ end }} + volumes: + - name: config-volume + configMap: + name: istio-installer-base + {{- if .Values.overlayFile }} + - name: overlay-volume + configMap: + name: istio-installer-overlay + {{ end }} + serviceAccountName: istio-installer + restartPolicy: OnFailure diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/templates/overlay-config-map.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/overlay-config-map.yaml new file mode 100644 index 000000000..287d26b2c --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/overlay-config-map.yaml @@ -0,0 +1,9 @@ +{{- if .Values.overlayFile }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-installer-overlay + namespace: {{ template "istio.namespace" . }} +data: + overlay-config.yaml: {{ toYaml .Values.overlayFile | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/templates/service-monitors.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/service-monitors.yaml new file mode 100644 index 000000000..c3d60c4fc --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/service-monitors.yaml @@ -0,0 +1,51 @@ +{{- if .Values.kiali.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: envoy-stats-monitor + namespace: {{ template "istio.namespace" . }} + labels: + monitoring: istio-proxies +spec: + selector: + matchExpressions: + - {key: istio-prometheus-ignore, operator: DoesNotExist} + namespaceSelector: + any: true + jobLabel: envoy-stats + endpoints: + - path: /stats/prometheus + targetPort: 15090 + interval: 15s + relabelings: + - sourceLabels: [__meta_kubernetes_pod_container_port_name] + action: keep + regex: '.*-envoy-prom' + - action: labeldrop + regex: "__meta_kubernetes_pod_label_(.+)" + - sourceLabels: [__meta_kubernetes_namespace] + action: replace + targetLabel: namespace + - sourceLabels: [__meta_kubernetes_pod_name] + action: replace + targetLabel: pod_name +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: istio-component-monitor + namespace: {{ template "istio.namespace" . }} + labels: + monitoring: istio-components +spec: + jobLabel: istio + targetLabels: [app] + selector: + matchExpressions: + - {key: istio, operator: In, values: [pilot]} + namespaceSelector: + any: true + endpoints: + - port: http-monitoring + interval: 15s +{{- end -}} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/templates/serviceaccount.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/serviceaccount.yaml new file mode 100644 index 000000000..82b6cbb7e --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: istio-installer + namespace: {{ template "istio.namespace" . }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/templates/view-role.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/view-role.yaml new file mode 100644 index 000000000..5947d3eba --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/templates/view-role.yaml @@ -0,0 +1,41 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + namespace: {{ template "istio.namespace" . }} + name: istio-view +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: ["get", "watch", "list"] + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: ["get", "watch", "list"] diff --git a/released/charts/rancher-istio/rancher-istio/1.7.100/values.yaml b/released/charts/rancher-istio/rancher-istio/1.7.100/values.yaml new file mode 100644 index 000000000..4647a6df0 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.100/values.yaml @@ -0,0 +1,95 @@ +overlayFile: "" +tag: 1.7.1 +forceInstall: false + +installer: + repository: rancher/istio-installer + tag: 1.7.1-rancher1 + +istiocoredns: + enabled: false + image: + repository: rancher/coredns-coredns + tag: 1.6.2 + pluginImage: + repository: rancher/istio-coredns-plugin + tag: 0.2-istio-1.1 + +base: + enabled: true + +cni: + enabled: false + repository: rancher/istio-install-cni + tag: 1.7.1 + +egressGateways: + enabled: false + type: NodePort + +ingressGateways: + enabled: true + type: NodePort + +istiodRemote: + enabled: false + +pilot: + enabled: true + repository: rancher/istio-pilot + tag: 1.7.1 + +#Mixer Policy is deprecated in 1.7.x, will not be supported in 1.8.x +policy: + enabled: false + repository: rancher/istio-mixer + tag: 1.7.1 + +telemetry: + enabled: true + #Telemetry v1 is deprecated in 1.7.x, will not be supported in 1.8.x + v1: + enabled: false + repository: rancher/istio-mixer + tag: 1.7.1 + v2: + enabled: true + +sidecarInjectorWebhook: + enableNamespacesByDefault: false + objectSelector: + enabled: true + autoInject: true + rewriteAppHTTPProbe: true + +global: + cattle: + systemDefaultRegistry: "" + proxy: + repository: rancher/istio-proxyv2 + tag: 1.7.1 + proxy_init: + repository: rancher/istio-proxyv2 + tag: 1.7.1 + defaultPodDisruptionBudget: + enabled: true + +# this can be removed in 1.7 as it is default +meshConfig: + enablePrometheusMerge: true + +# Kiali subchart from rancher-kiali-server +kiali: + enabled: true + auth: + strategy: anonymous + deployment: + ingress_enabled: false + repository: rancher/kiali-kiali + tag: v1.23.0 + external_services: + prometheus: + custom_metrics_url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" + url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" + tracing: + enabled: false diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/Chart.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/Chart.yaml new file mode 100644 index 000000000..61cd6d05b --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/Chart.yaml @@ -0,0 +1,19 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.24.001 + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Istio + catalog.cattle.io/namespace: istio-system + catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1 + catalog.cattle.io/release-name: rancher-istio + catalog.cattle.io/ui-component: istio + catalog.cattle.io/os: linux +apiVersion: v1 +appVersion: 1.7.3 +description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ + for details. +icon: https://charts.rancher.io/assets/logos/istio.svg +keywords: +- networking +- infrastructure +name: rancher-istio +version: 1.7.300 diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/README.md b/released/charts/rancher-istio/rancher-istio/1.7.300/README.md new file mode 100644 index 000000000..c90394f2e --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/README.md @@ -0,0 +1,36 @@ +# Rancher Istio Installers + +A Rancher created chart that packages the istioctl binary to install via a helm chart. + +# Installation Requirements + +## Chart Dependencies +- rancher-kiali-server-crd chart + + +## Kiali + +### Dependencies +- rancher-monitoring chart or other Prometheus installation + +This dependecy installs the required CRDs for installing Kiali. Since Kiali is bundled in with Istio in this chart, if you do not have these dependencies installed, your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` when installing Istio for a succesful installation. + +> **Note:** The following configuration options assume you have installed the dependecies for Kiali. Please ensure you have Promtheus in your cluster before proceeding. + +The `kiali.external_services.prometheus` url is set in the values.yaml: +``` +http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} +``` +The url depends on the default values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` being set in your rancher-monitoring or other monitoring instance. + +The Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. + +To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. + +1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. +1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. + +# Installation +``` +helm install rancher-istio . --create-namespace -n istio-system +``` diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/app-readme.md b/released/charts/rancher-istio/rancher-istio/1.7.300/app-readme.md new file mode 100644 index 000000000..e24468457 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/app-readme.md @@ -0,0 +1,30 @@ +# Rancher Istio + +Our [Istio](https://istio.io/) installer wraps the istioctl binary commands in a handy helm chart, including an overlay file option to allow complex customization. It also includes: +* **[Kiali](https://kiali.io/)**: Used for graphing traffic flow throughout the mesh + +### Dependencies + +**Rancher Monitoring or other Prometheus installation** + +The Prometheus CRDs are required for installing Kiali which is enabled by default. If you do not have Prometheus installed your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` to bypass this requirement. + +### Customization + +**Rancher Monitoring** + +The Rancher Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. + +To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. + +1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. +1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. + +**Custom Prometheus Installation with Kiali** + +To use a custom Monitoring installation, set the `kiali.external_services.prometheus` url in the values.yaml. This url depends on the values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port`: +``` +http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} +``` + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/istio/v2.5/). diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/Chart.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/Chart.yaml new file mode 100644 index 000000000..e4ab2a590 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/Chart.yaml @@ -0,0 +1,31 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=match + catalog.cattle.io/hidden: "true" + catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 + catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 + catalog.rancher.io/namespace: cattle-istio-system + catalog.rancher.io/release-name: rancher-kiali-server + catalog.cattle.io/os: linux +apiVersion: v2 +appVersion: v1.24.0 +description: Kiali is an open source project for service mesh observability, refer + to https://www.kiali.io for details. This is installed as sub-chart with customized + values in Rancher's Istio. +home: https://github.com/kiali/kiali +icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png +keywords: +- istio +- kiali +- networking +- infrastructure +maintainers: +- email: kiali-users@googlegroups.com + name: Kiali + url: https://kiali.io +name: rancher-kiali-server +sources: +- https://github.com/kiali/kiali +- https://github.com/kiali/kiali-ui +- https://github.com/kiali/kiali-operator +- https://github.com/kiali/helm-charts +version: 1.24.0 diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/NOTES.txt b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/NOTES.txt new file mode 100644 index 000000000..751019401 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/NOTES.txt @@ -0,0 +1,5 @@ +Welcome to Kiali! For more details on Kiali, see: https://kiali.io + +The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon. + +(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}]) diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/_helpers.tpl b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/_helpers.tpl new file mode 100644 index 000000000..9dd3d7ff0 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/_helpers.tpl @@ -0,0 +1,176 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "kiali-server.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kiali-server.fullname" -}} +{{- if .Values.fullnameOverride }} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} + {{- $name := default .Chart.Name .Values.nameOverride }} + {{- printf "%s" $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kiali-server.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kiali-server.labels" -}} +helm.sh/chart: {{ include "kiali-server.chart" . }} +app: {{ include "kiali-server.name" . }} +{{ include "kiali-server.selectorLabels" . }} +version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kiali-server.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kiali-server.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Used to determine if a custom dashboard (defined in .Template.Name) should be deployed. +*/}} +{{- define "kiali-server.isDashboardEnabled" -}} +{{- $includere := "" }} +{{- range $_, $s := .Values.deployment.custom_dashboards.includes }} + {{- if $s }} + {{- if $includere }} + {{- $includere = printf "%s|^%s$" $includere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $includere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} +{{- end }} +{{- $excludere := "" }} +{{- range $_, $s := .Values.deployment.custom_dashboards.excludes }} + {{- if $s }} + {{- if $excludere }} + {{- $excludere = printf "%s|^%s$" $excludere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $excludere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} +{{- end }} +{{- if (and (mustRegexMatch (default "no-matches" $includere) (base .Template.Name)) (not (mustRegexMatch (default "no-matches" $excludere) (base .Template.Name)))) }} + {{- print "enabled" }} +{{- else }} + {{- print "" }} +{{- end }} +{{- end }} + +{{/* +Determine the default login token signing key. +*/}} +{{- define "kiali-server.login_token.signing_key" -}} +{{- if .Values.login_token.signing_key }} + {{- .Values.login_token.signing_key }} +{{- else }} + {{- randAlphaNum 16 }} +{{- end }} +{{- end }} + +{{/* +Determine the default web root. +*/}} +{{- define "kiali-server.server.web_root" -}} +{{- if .Values.server.web_root }} + {{- .Values.server.web_root | trimSuffix "/" }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/" }} + {{- else }} + {{- "/kiali" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity cert file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.cert_file" -}} +{{- if hasKey .Values.identity "cert_file" }} + {{- .Values.identity.cert_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.crt" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity private key file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.private_key_file" -}} +{{- if hasKey .Values.identity "private_key_file" }} + {{- .Values.identity.private_key_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.key" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the istio namespace - default is where Kiali is installed. +*/}} +{{- define "kiali-server.istio_namespace" -}} +{{- if .Values.istio_namespace }} + {{- .Values.istio_namespace }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} + +{{/* +Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift. +*/}} +{{- define "kiali-server.auth.strategy" -}} +{{- if .Values.auth.strategy }} + {{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }} + {{- end }} + {{- .Values.auth.strategy }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- if not .Values.kiali_route_url }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }} + {{- end }} + {{- "openshift" }} + {{- else }} + {{- "token" }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/cabundle.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/cabundle.yaml new file mode 100644 index 000000000..7462b95a7 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/cabundle.yaml @@ -0,0 +1,13 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }}-cabundle + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + service.beta.openshift.io/inject-cabundle: "true" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/configmap.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/configmap.yaml new file mode 100644 index 000000000..b1bf53173 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/configmap.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + config.yaml: | + {{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}} + {{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }} + {{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}} + {{- $_ := set $cm.deployment "namespace" .Release.Namespace }} + {{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}} + {{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }} + {{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }} + {{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }} + {{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }} + {{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }} + {{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }} + {{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }} + {{- toYaml $cm | nindent 4 }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/envoy.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/envoy.yaml new file mode 100644 index 000000000..8d961b848 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/envoy.yaml @@ -0,0 +1,55 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: envoy + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Envoy Metrics +# discoverOn: "envoy_server_uptime" + items: + - chart: + name: "Pods uptime" + spans: 4 + metricName: "envoy_server_uptime" + dataType: "raw" + - chart: + name: "Allocated memory" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_allocated" + dataType: "raw" + min: 0 + - chart: + name: "Heap size" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_heap_size" + dataType: "raw" + min: 0 + - chart: + name: "Upstream active connections" + spans: 6 + metricName: "envoy_cluster_upstream_cx_active" + dataType: "raw" + - chart: + name: "Upstream total requests" + spans: 6 + metricName: "envoy_cluster_upstream_rq_total" + unit: "rps" + dataType: "rate" + - chart: + name: "Downstream active connections" + spans: 6 + metricName: "envoy_listener_downstream_cx_active" + dataType: "raw" + - chart: + name: "Downstream HTTP requests" + spans: 6 + metricName: "envoy_listener_http_downstream_rq" + unit: "rps" + dataType: "rate" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/go.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/go.yaml new file mode 100644 index 000000000..01ebed7b5 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/go.yaml @@ -0,0 +1,66 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: go + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Go Metrics + runtime: Go + discoverOn: "go_info" + items: + - chart: + name: "CPU ratio" + spans: 6 + metricName: "process_cpu_seconds_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "RSS Memory" + unit: "bytes" + spans: 6 + metricName: "process_resident_memory_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Goroutines" + spans: 6 + metricName: "go_goroutines" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Heap allocation rate" + unit: "bytes/s" + spans: 6 + metricName: "go_memstats_alloc_bytes_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "GC rate" + spans: 6 + metricName: "go_gc_duration_seconds_count" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Next GC" + unit: "bytes" + spans: 6 + metricName: "go_memstats_next_gc_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/kiali.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/kiali.yaml new file mode 100644 index 000000000..0d5b5caa2 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/kiali.yaml @@ -0,0 +1,43 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: kiali + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Kiali Internal Metrics + items: + - chart: + name: "API processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_api_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "route" + displayName: "Route" + - chart: + name: "Functions processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_go_function_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" + - chart: + name: "Failures" + spans: 12 + metricName: "kiali_go_function_failures_total" + dataType: "raw" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml new file mode 100644 index 000000000..e89e1200c --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml @@ -0,0 +1,42 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Pool Metrics + discoverOn: "jvm_buffer_total_capacity_bytes" + items: + - chart: + name: "Pool buffer memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer capacity" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_total_capacity_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer count" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_count" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm.yaml new file mode 100644 index 000000000..ab487dccc --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm.yaml @@ -0,0 +1,64 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live" + items: + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon" + dataType: "raw" + - chart: + name: "Loaded classes" + spans: 4 + metricName: "jvm_classes_loaded" + dataType: "raw" + + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/micrometer-1.1-jvm.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/micrometer-1.1-jvm.yaml new file mode 100644 index 000000000..d7014951d --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/micrometer-1.1-jvm.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.1-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live_threads" + items: + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live_threads" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon_threads" + dataType: "raw" + - chart: + name: "Threads states" + spans: 4 + metricName: "jvm_threads_states_threads" + dataType: "raw" + aggregations: + - label: "state" + displayName: "State" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/microprofile-1.1.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/microprofile-1.1.yaml new file mode 100644 index 000000000..c00446c10 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/microprofile-1.1.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-1.1 + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:thread_count" + items: + - chart: + name: "Current loaded classes" + spans: 6 + metricName: "base:classloader_current_loaded_class_count" + dataType: "raw" + - chart: + name: "Unloaded classes" + spans: 6 + metricName: "base:classloader_total_unloaded_class_count" + dataType: "raw" + - chart: + name: "Thread count" + spans: 4 + metricName: "base:thread_count" + dataType: "raw" + - chart: + name: "Thread max count" + spans: 4 + metricName: "base:thread_max_count" + dataType: "raw" + - chart: + name: "Thread daemon count" + spans: 4 + metricName: "base:thread_daemon_count" + dataType: "raw" + - chart: + name: "Committed heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_committed_heap_bytes" + dataType: "raw" + - chart: + name: "Max heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_max_heap_bytes" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_used_heap_bytes" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/microprofile-x.y.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/microprofile-x.y.yaml new file mode 100644 index 000000000..d15f527d9 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/microprofile-x.y.yaml @@ -0,0 +1,37 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-x.y + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:gc_complete_scavenger_count" + items: + - chart: + name: "Young GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_young_generation_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Young GC count" + spans: 3 + metricName: "base:gc_young_generation_scavenger_count" + dataType: "raw" + - chart: + name: "Total GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_complete_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Total GC count" + spans: 3 + metricName: "base:gc_complete_scavenger_count" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/nodejs.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/nodejs.yaml new file mode 100644 index 000000000..d772a16c0 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/nodejs.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: nodejs + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Node.js + title: Node.js Metrics + discoverOn: "nodejs_active_handles_total" + items: + - chart: + name: "Active handles" + spans: 4 + metricName: "nodejs_active_handles_total" + dataType: "raw" + - chart: + name: "Active requests" + spans: 4 + metricName: "nodejs_active_requests_total" + dataType: "raw" + - chart: + name: "Event loop lag" + unit: "seconds" + spans: 4 + metricName: "nodejs_eventloop_lag_seconds" + dataType: "raw" + - chart: + name: "Total heap size" + unit: "bytes" + spans: 12 + metricName: "nodejs_heap_space_size_total_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Used heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_used_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Available heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_available_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/quarkus.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/quarkus.yaml new file mode 100644 index 000000000..4fc3e9ac0 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/quarkus.yaml @@ -0,0 +1,32 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: quarkus + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Quarkus Metrics + runtime: Quarkus + items: + - chart: + name: "Thread count" + spans: 4 + metricName: "vendor:thread_count" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_heap_usage_bytes" + dataType: "raw" + - chart: + name: "Used non-heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_non_heap_usage_bytes" + dataType: "raw" + - include: "microprofile-x.y" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/springboot-jvm-pool.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/springboot-jvm-pool.yaml new file mode 100644 index 000000000..2ff4ae576 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/springboot-jvm-pool.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Pool Metrics + items: + - include: "micrometer-1.0.6-jvm-pool" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/springboot-jvm.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/springboot-jvm.yaml new file mode 100644 index 000000000..8bd43055b --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/springboot-jvm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Metrics + items: + - include: "micrometer-1.0.6-jvm" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/springboot-tomcat.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/springboot-tomcat.yaml new file mode 100644 index 000000000..4b27aee4f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/springboot-tomcat.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-tomcat + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: Tomcat Metrics + items: + - include: "tomcat" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/thorntail.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/thorntail.yaml new file mode 100644 index 000000000..513488df4 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/thorntail.yaml @@ -0,0 +1,21 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: thorntail + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Thorntail + title: Thorntail Metrics + discoverOn: "vendor:loaded_modules" + items: + - include: "microprofile-1.1" + - chart: + name: "Loaded modules" + spans: 6 + metricName: "vendor:loaded_modules" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/tomcat.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/tomcat.yaml new file mode 100644 index 000000000..28fd7f1cc --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/tomcat.yaml @@ -0,0 +1,66 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: tomcat + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Tomcat + title: Tomcat Metrics + discoverOn: "tomcat_sessions_created_total" + items: + - chart: + name: "Sessions created" + spans: 4 + metricName: "tomcat_sessions_created_total" + dataType: "raw" + - chart: + name: "Active sessions" + spans: 4 + metricName: "tomcat_sessions_active_current" + dataType: "raw" + - chart: + name: "Sessions rejected" + spans: 4 + metricName: "tomcat_sessions_rejected_total" + dataType: "raw" + + - chart: + name: "Bytes sent" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_sent_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Bytes received" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_received_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + + - chart: + name: "Global errors" + spans: 6 + metricName: "tomcat_global_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Servlet errors" + spans: 6 + metricName: "tomcat_servlet_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/vertx-client.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/vertx-client.yaml new file mode 100644 index 000000000..17392d87f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/vertx-client.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-client + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Client Metrics + discoverOn: "vertx_http_client_connections" + items: + - chart: + name: "Client response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_client_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_client_requestCount_total" + dataType: "rate" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client active connections" + spans: 6 + metricName: "vertx_http_client_connections" + dataType: "raw" + - chart: + name: "Client active websockets" + spans: 6 + metricName: "vertx_http_client_wsConnections" + dataType: "raw" + - chart: + name: "Client bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesSent" + dataType: "histogram" + - chart: + name: "Client bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/vertx-eventbus.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/vertx-eventbus.yaml new file mode 100644 index 000000000..fa659b55c --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/vertx-eventbus.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-eventbus + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Eventbus Metrics + discoverOn: "vertx_eventbus_handlers" + items: + - chart: + name: "Event bus handlers" + spans: 6 + metricName: "vertx_eventbus_handlers" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus pending messages" + spans: 6 + metricName: "vertx_eventbus_pending" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus processing time" + unit: "seconds" + spans: 6 + metricName: "vertx_eventbus_processingTime_seconds" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes read" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesRead" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes written" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesWritten" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/vertx-jvm.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/vertx-jvm.yaml new file mode 100644 index 000000000..ac03ea2e0 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/vertx-jvm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: JVM Metrics + items: + - include: "micrometer-1.1-jvm" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/vertx-pool.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/vertx-pool.yaml new file mode 100644 index 000000000..3715e9c10 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/vertx-pool.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Pools Metrics + discoverOn: "vertx_pool_ratio" + items: + - chart: + name: "Usage duration" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_usage_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Usage ratio" + spans: 6 + metricName: "vertx_pool_ratio" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Queue size" + spans: 6 + metricName: "vertx_pool_queue_size" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Time in queue" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_queue_delay_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Resources used" + spans: 6 + metricName: "vertx_pool_inUse" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/vertx-server.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/vertx-server.yaml new file mode 100644 index 000000000..686295468 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/dashboards/vertx-server.yaml @@ -0,0 +1,61 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-server + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Server Metrics + discoverOn: "vertx_http_server_connections" + items: + - chart: + name: "Server response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_server_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_server_requestCount_total" + dataType: "rate" + aggregations: + - label: "code" + displayName: "Error code" + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server active connections" + spans: 6 + metricName: "vertx_http_server_connections" + dataType: "raw" + - chart: + name: "Server active websockets" + spans: 6 + metricName: "vertx_http_server_wsConnections" + dataType: "raw" + - chart: + name: "Server bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesSent" + dataType: "histogram" + - chart: + name: "Server bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/deployment.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/deployment.yaml new file mode 100644 index 000000000..6fab9ee49 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/deployment.yaml @@ -0,0 +1,165 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.deployment.replicas }} + selector: + matchLabels: + {{- include "kiali-server.selectorLabels" . | nindent 6 }} + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 8 }} + annotations: + {{- if .Values.server.metrics_enabled }} + prometheus.io/scrape: "true" + prometheus.io/port: {{ .Values.server.metrics_port | quote }} + {{- else }} + prometheus.io/scrape: "false" + prometheus.io/port: null + {{- end }} + kiali.io/runtimes: go,kiali + {{- if .Values.deployment.pod_annotations }} + {{- toYaml .Values.deployment.pod_annotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "kiali-server.fullname" . }} + {{- if .Values.deployment.priority_class_name }} + priorityClassName: {{ .Values.deployment.priority_class_name | quote }} + {{- end }} + {{- if .Values.deployment.image_pull_secrets }} + imagePullSecrets: + {{- range .Values.deployment.image_pull_secrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}:{{ .Values.deployment.tag }}" + imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }} + name: {{ include "kiali-server.fullname" . }} + command: + - "/opt/kiali/kiali" + - "-config" + - "/kiali-configuration/config.yaml" + - "-v" + - "{{ .Values.deployment.verbose_mode }}" + ports: + - name: api-port + containerPort: {{ .Values.server.port | default 20001 }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + containerPort: {{ .Values.server.metrics_port | default 9090 }} + {{- end }} + readinessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + livenessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + env: + - name: ACTIVE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + {{- if .Values.web_root_override }} + - name: kiali-console + subPath: env.js + mountPath: /opt/kiali/console/env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + mountPath: "/kiali-configuration" + - name: {{ include "kiali-server.fullname" . }}-cert + mountPath: "/kiali-cert" + - name: {{ include "kiali-server.fullname" . }}-secret + mountPath: "/kiali-secret" + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + mountPath: "/kiali-cabundle" + {{- end }} + {{- if .Values.deployment.resources }} + resources: + {{- toYaml .Values.deployment.resources | nindent 10 }} + {{- end }} + volumes: + {{- if .Values.web_root_override }} + - name: kiali-console + configMap: + name: kiali-console + items: + - key: env.js + path: env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + configMap: + name: {{ include "kiali-server.fullname" . }} + - name: {{ include "kiali-server.fullname" . }}-cert + secret: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + secretName: {{ include "kiali-server.fullname" . }}-cert-secret + {{- else }} + secretName: istio.{{ include "kiali-server.fullname" . }}-service-account + {{- end }} + {{- if not (include "kiali-server.identity.cert_file" .) }} + optional: true + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-secret + secret: + secretName: {{ .Values.deployment.secret_name }} + optional: true + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + configMap: + name: {{ include "kiali-server.fullname" . }}-cabundle + {{- end }} + {{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.pod) (.Values.deployment.pod_anti)) }} + affinity: + {{- if .Values.deployment.affinity.node }} + nodeAffinity: + {{- toYaml .Values.deployment.affinity.node | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod }} + podAffinity: + {{- toYaml .Values.deployment.affinity.pod | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod_anti }} + podAntiAffinity: + {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }} + {{- end }} + {{- end }} + {{- if .Values.deployment.tolerations }} + tolerations: + {{- toYaml .Values.deployment.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.deployment.node_selector }} + nodeSelector: + {{- toYaml .Values.deployment.node_selector | nindent 8 }} + {{- end }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/ingess.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/ingess.yaml new file mode 100644 index 000000000..5a427e896 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/ingess.yaml @@ -0,0 +1,40 @@ +{{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} +{{- if .Values.deployment.ingress_enabled }} +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }} + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- else }} + # For ingress-nginx versions older than 0.20.0 use secure-backends. + # (see: https://github.com/kubernetes/ingress-nginx/issues/3416#issuecomment-438247948) + # For ingress-nginx versions 0.20.0 and later use backend-protocol. + {{- if (include "kiali-server.identity.cert_file" .) }} + nginx.ingress.kubernetes.io/secure-backends: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + {{- else }} + nginx.ingress.kubernetes.io/secure-backends: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + {{- end }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + rules: + - http: + paths: + - path: {{ include "kiali-server.server.web_root" . }} + backend: + serviceName: {{ include "kiali-server.fullname" . }} + servicePort: {{ .Values.server.port }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/oauth.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/oauth.yaml new file mode 100644 index 000000000..a178bb85e --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/oauth.yaml @@ -0,0 +1,17 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.kiali_route_url }} +--- +apiVersion: oauth.openshift.io/v1 +kind: OAuthClient +metadata: + name: {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +redirectURIs: +- {{ .Values.kiali_route_url }} +grantMethod: auto +allowAnyScope: true +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/role-viewer.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/role-viewer.yaml new file mode 100644 index 000000000..790406017 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/role-viewer.yaml @@ -0,0 +1,101 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }}-viewer + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - replicationcontrollers + - services + verbs: + - get + - list + - watch +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - config.istio.io + - networking.istio.io + - authentication.istio.io + - rbac.istio.io + - security.istio.io + resources: ["*"] + verbs: + - get + - list + - watch +- apiGroups: ["authentication.maistra.io"] + resources: + - servicemeshpolicies + verbs: + - get + - list + - watch +- apiGroups: ["rbac.maistra.io"] + resources: + - servicemeshrbacconfigs + verbs: + - get + - list + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - get + - list +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/role.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/role.yaml new file mode 100644 index 000000000..34a47dd89 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/role.yaml @@ -0,0 +1,118 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - replicationcontrollers + - services + verbs: + - get + - list + - patch + - watch +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - patch + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - patch + - watch +- apiGroups: + - config.istio.io + - networking.istio.io + - authentication.istio.io + - rbac.istio.io + - security.istio.io + resources: ["*"] + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["authentication.maistra.io"] + resources: + - servicemeshpolicies + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["rbac.maistra.io"] + resources: + - servicemeshrbacconfigs + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - patch + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - create + - delete + - get + - list + - patch + - watch +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/rolebinding.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/rolebinding.yaml new file mode 100644 index 000000000..1eaabd65f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + {{- if .Values.deployment.view_only_mode }} + name: {{ include "kiali-server.fullname" . }}-viewer + {{- else }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/route.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/route.yaml new file mode 100644 index 000000000..27940dc96 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/route.yaml @@ -0,0 +1,30 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.deployment.ingress_enabled }} +# As of OpenShift 4.5, need to use --disable-openapi-validation when installing via Helm +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}} + annotations: + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + tls: + termination: reencrypt + insecureEdgeTerminationPolicy: Redirect + to: + kind: Service + targetPort: {{ .Values.server.port }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/service.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/service.yaml new file mode 100644 index 000000000..69dc395d1 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/service.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + service.beta.openshift.io/serving-cert-secret-name: {{ include "kiali-server.fullname" . }}-cert-secret + {{- end }} + kiali.io/api-spec: https://kiali.io/api + kiali.io/api-type: rest + {{- if .Values.deployment.service_annotations }} + {{- toYaml .Values.deployment.service_annotations | nindent 4 }} + {{- end }} +spec: + {{- if .Values.deployment.service_type }} + type: {{ .Values.deployment.service_type }} + {{- end }} + ports: + {{- if (include "kiali-server.identity.cert_file" .) }} + - name: tcp + {{- else }} + - name: http + {{- end }} + protocol: TCP + port: {{ .Values.server.port }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + protocol: TCP + port: {{ .Values.server.metrics_port }} + {{- end }} + selector: + {{- include "kiali-server.selectorLabels" . | nindent 4 }} + {{- if .Values.deployment.additional_service_yaml }} + {{- toYaml .Values.deployment.additional_service_yaml | nindent 2 }} + {{- end }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/serviceaccount.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/serviceaccount.yaml new file mode 100644 index 000000000..9151b6f6a --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/serviceaccount.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/validate-install-crd.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/validate-install-crd.yaml new file mode 100644 index 000000000..01d33e632 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/validate-install-crd.yaml @@ -0,0 +1,14 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "monitoring.kiali.io/v1alpha1/MonitoringDashboard" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the rancher-kiali-server-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/web-root-configmap.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/web-root-configmap.yaml new file mode 100644 index 000000000..0daa7bb23 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/templates/web-root-configmap.yaml @@ -0,0 +1,12 @@ +{{- if .Values.web_root_override }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: kiali-console + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + env.js: | + window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:rancher-istio-kiali:20001/proxy'; +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/values.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/values.yaml new file mode 100644 index 000000000..fccc6d4ce --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/charts/rancher-kiali-server/values.yaml @@ -0,0 +1,79 @@ +nameOverride: "kiali" +fullnameOverride: "kiali" + +# This is required for "openshift" auth strategy. +# You have to know ahead of time what your Route URL will be because +# right now the helm chart can't figure this out at runtime (it would +# need to wait for the Kiali Route to be deployed and for OpenShift +# to start it up). If someone knows how to update this helm chart to +# do this, a PR would be welcome. +kiali_route_url: "" + +# rancher specific override that allows proxy access to kiali url +web_root_override: true + +# +# Settings that mimic the Kiali CR which are placed in the ConfigMap. +# Note that only those values used by the Helm Chart will be here. +# + +istio_namespace: "" # default is where Kiali is installed + +auth: + openid: {} + openshift: {} + strategy: "" + +deployment: + # This only limits what Kiali will attempt to see, but Kiali Service Account has permissions to see everything. + # For more control over what the Kial Service Account can see, use the Kiali Operator + accessible_namespaces: + - "**" + additional_service_yaml: {} + affinity: + node: {} + pod: {} + pod_anti: {} + custom_dashboards: + excludes: [''] + includes: ['*'] + repository: rancher/kiali-kiali + image_pull_policy: "Always" + image_pull_secrets: [] + tag: v1.24.0 + ingress_enabled: true + node_selector: {} + override_ingress_yaml: + metadata: {} + pod_annotations: {} + priority_class_name: "" + replicas: 1 + resources: {} + secret_name: "kiali" + service_annotations: {} + service_type: "" + tolerations: [] + verbose_mode: "3" + version_label: v1.24.0 + view_only_mode: false + +identity: {} + #cert_file: + #private_key_file: + +login_token: + signing_key: "" + +server: + port: 20001 + metrics_enabled: true + metrics_port: 9090 + web_root: "" + +# Common settings used among istio subcharts. +global: + # Specify rancher clusterId of external tracing config + # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 + cattle: + systemDefaultRegistry: "" + clusterId: diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/configs/istio-base.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/configs/istio-base.yaml new file mode 100644 index 000000000..c66e769dd --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/configs/istio-base.yaml @@ -0,0 +1,99 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + addonComponents: + istiocoredns: + enabled: {{ .Values.istiocoredns.enabled }} + components: + base: + enabled: {{ .Values.base.enabled }} + cni: + enabled: {{ .Values.cni.enabled }} + egressGateways: + - enabled: {{ .Values.egressGateways.enabled }} + name: istio-egressgateway + ingressGateways: + - enabled: {{ .Values.ingressGateways.enabled }} + name: istio-ingressgateway + k8s: + service: + ports: + - name: status-port + port: 15021 + targetPort: 15021 + - name: http2 + port: 80 + targetPort: 8080 + nodePort: 31380 + - name: https + port: 443 + targetPort: 8443 + nodePort: 31390 + - name: tcp + port: 31400 + targetPort: 31400 + nodePort: 31400 + - name: tls + port: 15443 + targetPort: 15443 + istiodRemote: + enabled: {{ .Values.istiodRemote.enabled }} + pilot: + enabled: {{ .Values.pilot.enabled }} + policy: + enabled: {{ .Values.policy.enabled }} + telemetry: + enabled: {{ .Values.telemetry.v1.enabled }} + hub: {{ .Values.systemDefaultRegistry | default "docker.io" }} + profile: default + tag: {{ .Values.tag }} + revision: {{ .Values.revision }} + meshConfig: + enablePrometheusMerge: {{ .Values.meshConfig.enablePrometheusMerge }} + values: + gateways: + istio-egressgateway: + name: istio-egressgateway + type: {{ .Values.egressGateways.type }} + istio-ingressgateway: + name: istio-ingressgateway + type: {{ .Values.ingressGateways.type }} + global: + istioNamespace: {{ template "istio.namespace" . }} + proxy: + image: {{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }} + proxy_init: + image: {{ template "system_default_registry" . }}{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }} + {{- if .Values.global.defaultPodDisruptionBudget.enabled }} + defaultPodDisruptionBudget: + enabled: {{ .Values.global.defaultPodDisruptionBudget.enabled }} + {{- end }} + istiocoredns: + coreDNSImage: {{ template "system_default_registry" . }}{{ .Values.istiocoredns.image.repository }} + coreDNSPluginImage: {{ template "system_default_registry" . }}{{ .Values.istiocoredns.pluginImage.repository }}:{{ .Values.istiocoredns.pluginImage.tag }} + coreDNSTag: {{ .Values.istiocoredns.image.tag }} + {{- if or .Values.policy.enabled .Values.telemetry.v1.enabled }} + mixer: + {{- if .Values.policy.enabled }} + policy: + image: {{ template "system_default_registry" . }}{{ .Values.policy.repository }}:{{ .Values.policy.tag }} + {{- end }} + {{- if .Values.telemetry.v1.enabled }} + telemetry: + image: {{ template "system_default_registry" . }}{{ .Values.telemetry.v1.repository }}:{{ .Values.telemetry.v1.tag }} + {{- end }} + {{- end }} + {{- if .Values.pilot.enabled }} + pilot: + image: {{ template "system_default_registry" . }}{{ .Values.pilot.repository }}:{{ .Values.pilot.tag }} + {{- end }} + telemetry: + enabled: {{ .Values.telemetry.enabled }} + v1: + enabled: {{ .Values.telemetry.v1.enabled }} + v2: + enabled: {{ .Values.telemetry.v2.enabled }} + {{- if .Values.cni.enabled }} + cni: + image: {{ template "system_default_registry" . }}{{ .Values.cni.repository }}:{{ .Values.cni.tag }} + {{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/requirements.lock b/released/charts/rancher-istio/rancher-istio/1.7.300/requirements.lock new file mode 100644 index 000000000..a48bab22b --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/requirements.lock @@ -0,0 +1,6 @@ +dependencies: +- name: rancher-kiali-server + repository: file://../../rancher-kiali-server/charts + version: 1.24.0 +digest: sha256:c7007a5ff0aa6a0d2db2a2c01e7cbf89c28b6337466e5942c32bc752d79dd98f +generated: "2020-11-10T00:01:51.992186001Z" diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/requirements.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/requirements.yaml new file mode 100644 index 000000000..1887bbf5a --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/requirements.yaml @@ -0,0 +1,7 @@ +dependencies: + + - name: rancher-kiali-server + alias: kiali + condition: kiali.enabled + version: 1.24.0 + repository: file://../../rancher-kiali-server/charts diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/samples/overlay-example.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/samples/overlay-example.yaml new file mode 100644 index 000000000..5cf3cf3b0 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/samples/overlay-example.yaml @@ -0,0 +1,37 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + components: + ingressGateways: + - enabled: true + name: ilb-gateway + namespace: user-ingressgateway-ns + k8s: + resources: + requests: + cpu: 200m + service: + ports: + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns + port: 5353 + serviceAnnotations: + cloud.google.com/load-balancer-type: internal + - enabled: true + name: other-gateway + namespace: cattle-istio-system + k8s: + resources: + requests: + cpu: 200m + service: + ports: + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns + port: 5353 + serviceAnnotations: + cloud.google.com/load-balancer-type: internal diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/templates/_helpers.tpl b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/_helpers.tpl new file mode 100644 index 000000000..3f7af953a --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/_helpers.tpl @@ -0,0 +1,12 @@ +{{/* Ensure namespace is set the same everywhere */}} +{{- define "istio.namespace" -}} + {{- .Release.Namespace | default "istio-system" -}} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/templates/admin-role.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/admin-role.yaml new file mode 100644 index 000000000..ad1313c4f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/admin-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + name: istio-admin + namespace: {{ template "istio.namespace" . }} +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: + - '*' + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: + - '*' diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/templates/base-config-map.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/base-config-map.yaml new file mode 100644 index 000000000..5323917bc --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/base-config-map.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-installer-base + namespace: {{ template "istio.namespace" . }} +data: +{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/templates/clusterrole.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/clusterrole.yaml new file mode 100644 index 000000000..3e621d897 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/clusterrole.yaml @@ -0,0 +1,112 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istio-installer +rules: +# istio groups +- apiGroups: + - authentication.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - config.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - install.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - rbac.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - security.istio.io + resources: + - '*' + verbs: + - '*' +# k8s groups +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions.apiextensions.k8s.io + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - apps + - extensions + resources: + - daemonsets + - deployments + - deployments/finalizers + - ingresses + - replicasets + - statefulsets + verbs: + - '*' +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - '*' +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - roles + - rolebindings + verbs: + - '*' +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - namespaces + - pods + - pods/exec + - persistentvolumeclaims + - secrets + - services + - serviceaccounts + verbs: + - '*' diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/templates/clusterrolebinding.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..9d74a0434 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: istio-installer +subjects: +- kind: ServiceAccount + name: istio-installer + namespace: {{ template "istio.namespace" . }} +roleRef: + kind: ClusterRole + name: istio-installer + apiGroup: rbac.authorization.k8s.io diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/templates/edit-role.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/edit-role.yaml new file mode 100644 index 000000000..d1059d58d --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/edit-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + namespace: {{ template "istio.namespace" . }} + name: istio-edit +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: + - '*' + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: + - '*' diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/templates/istio-install-job.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/istio-install-job.yaml new file mode 100644 index 000000000..0e9c732e1 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/istio-install-job.yaml @@ -0,0 +1,45 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: istioctl-installer + namespace: {{ template "istio.namespace" . }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + backoffLimit: 1 + template: + spec: + containers: + - name: istioctl-installer + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} + env: + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: ISTIO_NAMESPACE + value: {{ template "istio.namespace" . }} + - name: FORCE_INSTALL + value: {{ .Values.forceInstall | default "false" | quote }} + command: ["/bin/sh","-c"] + args: ["/usr/local/app/scripts/run.sh"] + volumeMounts: + - name: config-volume + mountPath: /app/istio-base.yaml + subPath: istio-base.yaml + {{- if .Values.overlayFile }} + - name: overlay-volume + mountPath: /app/overlay-config.yaml + subPath: overlay-config.yaml + {{- end }} + volumes: + - name: config-volume + configMap: + name: istio-installer-base + {{- if .Values.overlayFile }} + - name: overlay-volume + configMap: + name: istio-installer-overlay + {{- end }} + serviceAccountName: istio-installer + restartPolicy: Never diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/templates/istio-uninstall-job.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/istio-uninstall-job.yaml new file mode 100644 index 000000000..b5946e55f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/istio-uninstall-job.yaml @@ -0,0 +1,42 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: istioctl-uninstaller + namespace: {{ template "istio.namespace" . }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + spec: + containers: + - name: istioctl-uninstaller + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} + env: + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: ISTIO_NAMESPACE + value: {{ template "istio.namespace" . }} + command: ["/bin/sh","-c"] + args: ["/usr/local/app/scripts/uninstall_istio_system.sh"] + volumeMounts: + - name: config-volume + mountPath: /app/istio-base.yaml + subPath: istio-base.yaml + {{- if .Values.overlayFile }} + - name: overlay-volume + mountPath: /app/overlay-config.yaml + subPath: overlay-config.yaml + {{ end }} + volumes: + - name: config-volume + configMap: + name: istio-installer-base + {{- if .Values.overlayFile }} + - name: overlay-volume + configMap: + name: istio-installer-overlay + {{ end }} + serviceAccountName: istio-installer + restartPolicy: OnFailure diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/templates/overlay-config-map.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/overlay-config-map.yaml new file mode 100644 index 000000000..287d26b2c --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/overlay-config-map.yaml @@ -0,0 +1,9 @@ +{{- if .Values.overlayFile }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-installer-overlay + namespace: {{ template "istio.namespace" . }} +data: + overlay-config.yaml: {{ toYaml .Values.overlayFile | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/templates/service-monitors.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/service-monitors.yaml new file mode 100644 index 000000000..c3d60c4fc --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/service-monitors.yaml @@ -0,0 +1,51 @@ +{{- if .Values.kiali.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: envoy-stats-monitor + namespace: {{ template "istio.namespace" . }} + labels: + monitoring: istio-proxies +spec: + selector: + matchExpressions: + - {key: istio-prometheus-ignore, operator: DoesNotExist} + namespaceSelector: + any: true + jobLabel: envoy-stats + endpoints: + - path: /stats/prometheus + targetPort: 15090 + interval: 15s + relabelings: + - sourceLabels: [__meta_kubernetes_pod_container_port_name] + action: keep + regex: '.*-envoy-prom' + - action: labeldrop + regex: "__meta_kubernetes_pod_label_(.+)" + - sourceLabels: [__meta_kubernetes_namespace] + action: replace + targetLabel: namespace + - sourceLabels: [__meta_kubernetes_pod_name] + action: replace + targetLabel: pod_name +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: istio-component-monitor + namespace: {{ template "istio.namespace" . }} + labels: + monitoring: istio-components +spec: + jobLabel: istio + targetLabels: [app] + selector: + matchExpressions: + - {key: istio, operator: In, values: [pilot]} + namespaceSelector: + any: true + endpoints: + - port: http-monitoring + interval: 15s +{{- end -}} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/templates/serviceaccount.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/serviceaccount.yaml new file mode 100644 index 000000000..82b6cbb7e --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: istio-installer + namespace: {{ template "istio.namespace" . }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/templates/view-role.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/view-role.yaml new file mode 100644 index 000000000..5947d3eba --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/templates/view-role.yaml @@ -0,0 +1,41 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + namespace: {{ template "istio.namespace" . }} + name: istio-view +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: ["get", "watch", "list"] + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: ["get", "watch", "list"] diff --git a/released/charts/rancher-istio/rancher-istio/1.7.300/values.yaml b/released/charts/rancher-istio/rancher-istio/1.7.300/values.yaml new file mode 100644 index 000000000..9c301d889 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.300/values.yaml @@ -0,0 +1,96 @@ +overlayFile: "" +tag: 1.7.3 +##Setting forceInstall: true will remove the check for istio version < 1.6.x and will not analyze your install cluster prior to install +forceInstall: false + +installer: + repository: rancher/istio-installer + tag: 1.7.3-rancher2 + +istiocoredns: + enabled: false + image: + repository: rancher/coredns-coredns + tag: 1.6.2 + pluginImage: + repository: rancher/istio-coredns-plugin + tag: 0.2-istio-1.1 + +base: + enabled: true + +cni: + enabled: false + repository: rancher/istio-install-cni + tag: 1.7.3 + +egressGateways: + enabled: false + type: NodePort + +ingressGateways: + enabled: true + type: NodePort + +istiodRemote: + enabled: false + +pilot: + enabled: true + repository: rancher/istio-pilot + tag: 1.7.3 + +#Mixer Policy is deprecated in 1.7.x, will not be supported in 1.8.x +policy: + enabled: false + repository: rancher/istio-mixer + tag: 1.7.3 + +telemetry: + enabled: true + #Telemetry v1 is deprecated in 1.7.x, will not be supported in 1.8.x + v1: + enabled: false + repository: rancher/istio-mixer + tag: 1.7.3 + v2: + enabled: true + +sidecarInjectorWebhook: + enableNamespacesByDefault: false + objectSelector: + enabled: true + autoInject: true + rewriteAppHTTPProbe: true + +global: + cattle: + systemDefaultRegistry: "" + proxy: + repository: rancher/istio-proxyv2 + tag: 1.7.3 + proxy_init: + repository: rancher/istio-proxyv2 + tag: 1.7.3 + defaultPodDisruptionBudget: + enabled: true + +# this can be removed in 1.7 as it is default +meshConfig: + enablePrometheusMerge: true + +# Kiali subchart from rancher-kiali-server +kiali: + enabled: true + auth: + strategy: anonymous + deployment: + ingress_enabled: false + repository: rancher/kiali-kiali + tag: v1.24.0 + external_services: + prometheus: + custom_metrics_url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" + url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" + tracing: + enabled: false diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/Chart.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/Chart.yaml new file mode 100644 index 000000000..afa6127f8 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/Chart.yaml @@ -0,0 +1,19 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.24.003 + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Istio + catalog.cattle.io/namespace: istio-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1 + catalog.cattle.io/release-name: rancher-istio + catalog.cattle.io/ui-component: istio +apiVersion: v1 +appVersion: 1.7.3 +description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ + for details. +icon: https://charts.rancher.io/assets/logos/istio.svg +keywords: +- networking +- infrastructure +name: rancher-istio +version: 1.7.301 diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/README.md b/released/charts/rancher-istio/rancher-istio/1.7.301/README.md new file mode 100644 index 000000000..96634b713 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/README.md @@ -0,0 +1,46 @@ +# Rancher Istio Installers + +A Rancher created chart that packages the istioctl binary to install via a helm chart. + +# Installation Requirements + +## Chart Dependencies +- rancher-kiali-server-crd chart + + +# Addons + +## Kiali + +Kiali allows you to view and manage your istio-based service mesh through an easy to use dashboard. + +### Dependencies +- rancher-monitoring chart or other Prometheus installation + +This dependecy installs the required CRDs for installing Kiali. Since Kiali is bundled in with Istio in this chart, if you do not have these dependencies installed, your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` when installing Istio for a succesful installation. + +> **Note:** The following configuration options assume you have installed the dependecies for Kiali. Please ensure you have Promtheus in your cluster before proceeding. + +The `kiali.external_services.prometheus` url is set in the values.yaml: +``` +http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} +``` +The url depends on the default values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` being set in your rancher-monitoring or other monitoring instance. + +The Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. + +To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. + +1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. +1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. + +## Jaeger + +Jaeger allows you to trace and monitor distributed microservices. + +> **Note:** This addon is using the all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io/docs/1.21/getting-started/) documentation to determine which installation you will need for your production needs. + +# Installation +``` +helm install rancher-istio . --create-namespace -n istio-system +``` \ No newline at end of file diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/app-readme.md b/released/charts/rancher-istio/rancher-istio/1.7.301/app-readme.md new file mode 100644 index 000000000..6a99367cb --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/app-readme.md @@ -0,0 +1,31 @@ +# Rancher Istio + +Our [Istio](https://istio.io/) installer wraps the istioctl binary commands in a handy helm chart, including an overlay file option to allow complex customization. It also includes: +* **[Kiali](https://kiali.io/)**: Used for graphing traffic flow throughout the mesh +* **[Jaeger](https://www.jaegertracing.io/)**: A quick start, all-in-one installation used for tracing distributed systemm. This is not production qualified, please refer to jaeger documentation to determine which installation you may need instead. + +### Dependencies + +**Rancher Monitoring or other Prometheus installation** + +The Prometheus CRDs are required for installing Kiali which is enabled by default. If you do not have Prometheus installed your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` to bypass this requirement. + +### Customization + +**Rancher Monitoring** + +The Rancher Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. + +To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. + +1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. +1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. + +**Custom Prometheus Installation with Kiali** + +To use a custom Monitoring installation, set the `kiali.external_services.prometheus` url in the values.yaml. This url depends on the values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port`: +``` +http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} +``` + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/istio/v2.5/). diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/Chart.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/Chart.yaml new file mode 100644 index 000000000..f15dcf604 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/Chart.yaml @@ -0,0 +1,31 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=match + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 + catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 + catalog.rancher.io/namespace: cattle-istio-system + catalog.rancher.io/release-name: rancher-kiali-server +apiVersion: v2 +appVersion: v1.24.0 +description: Kiali is an open source project for service mesh observability, refer + to https://www.kiali.io for details. This is installed as sub-chart with customized + values in Rancher's Istio. +home: https://github.com/kiali/kiali +icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png +keywords: +- istio +- kiali +- networking +- infrastructure +maintainers: +- email: kiali-users@googlegroups.com + name: Kiali + url: https://kiali.io +name: rancher-kiali-server +sources: +- https://github.com/kiali/kiali +- https://github.com/kiali/kiali-ui +- https://github.com/kiali/kiali-operator +- https://github.com/kiali/helm-charts +version: 1.24.0 diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/NOTES.txt b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/NOTES.txt new file mode 100644 index 000000000..751019401 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/NOTES.txt @@ -0,0 +1,5 @@ +Welcome to Kiali! For more details on Kiali, see: https://kiali.io + +The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon. + +(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}]) diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/_helpers.tpl b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/_helpers.tpl new file mode 100644 index 000000000..9dd3d7ff0 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/_helpers.tpl @@ -0,0 +1,176 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "kiali-server.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kiali-server.fullname" -}} +{{- if .Values.fullnameOverride }} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} + {{- $name := default .Chart.Name .Values.nameOverride }} + {{- printf "%s" $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kiali-server.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kiali-server.labels" -}} +helm.sh/chart: {{ include "kiali-server.chart" . }} +app: {{ include "kiali-server.name" . }} +{{ include "kiali-server.selectorLabels" . }} +version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kiali-server.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kiali-server.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Used to determine if a custom dashboard (defined in .Template.Name) should be deployed. +*/}} +{{- define "kiali-server.isDashboardEnabled" -}} +{{- $includere := "" }} +{{- range $_, $s := .Values.deployment.custom_dashboards.includes }} + {{- if $s }} + {{- if $includere }} + {{- $includere = printf "%s|^%s$" $includere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $includere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} +{{- end }} +{{- $excludere := "" }} +{{- range $_, $s := .Values.deployment.custom_dashboards.excludes }} + {{- if $s }} + {{- if $excludere }} + {{- $excludere = printf "%s|^%s$" $excludere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $excludere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} +{{- end }} +{{- if (and (mustRegexMatch (default "no-matches" $includere) (base .Template.Name)) (not (mustRegexMatch (default "no-matches" $excludere) (base .Template.Name)))) }} + {{- print "enabled" }} +{{- else }} + {{- print "" }} +{{- end }} +{{- end }} + +{{/* +Determine the default login token signing key. +*/}} +{{- define "kiali-server.login_token.signing_key" -}} +{{- if .Values.login_token.signing_key }} + {{- .Values.login_token.signing_key }} +{{- else }} + {{- randAlphaNum 16 }} +{{- end }} +{{- end }} + +{{/* +Determine the default web root. +*/}} +{{- define "kiali-server.server.web_root" -}} +{{- if .Values.server.web_root }} + {{- .Values.server.web_root | trimSuffix "/" }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/" }} + {{- else }} + {{- "/kiali" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity cert file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.cert_file" -}} +{{- if hasKey .Values.identity "cert_file" }} + {{- .Values.identity.cert_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.crt" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity private key file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.private_key_file" -}} +{{- if hasKey .Values.identity "private_key_file" }} + {{- .Values.identity.private_key_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.key" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the istio namespace - default is where Kiali is installed. +*/}} +{{- define "kiali-server.istio_namespace" -}} +{{- if .Values.istio_namespace }} + {{- .Values.istio_namespace }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} + +{{/* +Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift. +*/}} +{{- define "kiali-server.auth.strategy" -}} +{{- if .Values.auth.strategy }} + {{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }} + {{- end }} + {{- .Values.auth.strategy }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- if not .Values.kiali_route_url }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }} + {{- end }} + {{- "openshift" }} + {{- else }} + {{- "token" }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/cabundle.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/cabundle.yaml new file mode 100644 index 000000000..7462b95a7 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/cabundle.yaml @@ -0,0 +1,13 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }}-cabundle + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + service.beta.openshift.io/inject-cabundle: "true" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/configmap.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/configmap.yaml new file mode 100644 index 000000000..b1bf53173 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/configmap.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + config.yaml: | + {{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}} + {{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }} + {{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}} + {{- $_ := set $cm.deployment "namespace" .Release.Namespace }} + {{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}} + {{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }} + {{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }} + {{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }} + {{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }} + {{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }} + {{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }} + {{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }} + {{- toYaml $cm | nindent 4 }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/envoy.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/envoy.yaml new file mode 100644 index 000000000..8d961b848 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/envoy.yaml @@ -0,0 +1,55 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: envoy + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Envoy Metrics +# discoverOn: "envoy_server_uptime" + items: + - chart: + name: "Pods uptime" + spans: 4 + metricName: "envoy_server_uptime" + dataType: "raw" + - chart: + name: "Allocated memory" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_allocated" + dataType: "raw" + min: 0 + - chart: + name: "Heap size" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_heap_size" + dataType: "raw" + min: 0 + - chart: + name: "Upstream active connections" + spans: 6 + metricName: "envoy_cluster_upstream_cx_active" + dataType: "raw" + - chart: + name: "Upstream total requests" + spans: 6 + metricName: "envoy_cluster_upstream_rq_total" + unit: "rps" + dataType: "rate" + - chart: + name: "Downstream active connections" + spans: 6 + metricName: "envoy_listener_downstream_cx_active" + dataType: "raw" + - chart: + name: "Downstream HTTP requests" + spans: 6 + metricName: "envoy_listener_http_downstream_rq" + unit: "rps" + dataType: "rate" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/go.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/go.yaml new file mode 100644 index 000000000..01ebed7b5 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/go.yaml @@ -0,0 +1,66 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: go + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Go Metrics + runtime: Go + discoverOn: "go_info" + items: + - chart: + name: "CPU ratio" + spans: 6 + metricName: "process_cpu_seconds_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "RSS Memory" + unit: "bytes" + spans: 6 + metricName: "process_resident_memory_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Goroutines" + spans: 6 + metricName: "go_goroutines" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Heap allocation rate" + unit: "bytes/s" + spans: 6 + metricName: "go_memstats_alloc_bytes_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "GC rate" + spans: 6 + metricName: "go_gc_duration_seconds_count" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Next GC" + unit: "bytes" + spans: 6 + metricName: "go_memstats_next_gc_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/kiali.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/kiali.yaml new file mode 100644 index 000000000..0d5b5caa2 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/kiali.yaml @@ -0,0 +1,43 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: kiali + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Kiali Internal Metrics + items: + - chart: + name: "API processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_api_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "route" + displayName: "Route" + - chart: + name: "Functions processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_go_function_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" + - chart: + name: "Failures" + spans: 12 + metricName: "kiali_go_function_failures_total" + dataType: "raw" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml new file mode 100644 index 000000000..e89e1200c --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml @@ -0,0 +1,42 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Pool Metrics + discoverOn: "jvm_buffer_total_capacity_bytes" + items: + - chart: + name: "Pool buffer memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer capacity" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_total_capacity_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer count" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_count" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm.yaml new file mode 100644 index 000000000..ab487dccc --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/micrometer-1.0.6-jvm.yaml @@ -0,0 +1,64 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live" + items: + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon" + dataType: "raw" + - chart: + name: "Loaded classes" + spans: 4 + metricName: "jvm_classes_loaded" + dataType: "raw" + + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/micrometer-1.1-jvm.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/micrometer-1.1-jvm.yaml new file mode 100644 index 000000000..d7014951d --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/micrometer-1.1-jvm.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.1-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live_threads" + items: + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live_threads" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon_threads" + dataType: "raw" + - chart: + name: "Threads states" + spans: 4 + metricName: "jvm_threads_states_threads" + dataType: "raw" + aggregations: + - label: "state" + displayName: "State" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/microprofile-1.1.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/microprofile-1.1.yaml new file mode 100644 index 000000000..c00446c10 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/microprofile-1.1.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-1.1 + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:thread_count" + items: + - chart: + name: "Current loaded classes" + spans: 6 + metricName: "base:classloader_current_loaded_class_count" + dataType: "raw" + - chart: + name: "Unloaded classes" + spans: 6 + metricName: "base:classloader_total_unloaded_class_count" + dataType: "raw" + - chart: + name: "Thread count" + spans: 4 + metricName: "base:thread_count" + dataType: "raw" + - chart: + name: "Thread max count" + spans: 4 + metricName: "base:thread_max_count" + dataType: "raw" + - chart: + name: "Thread daemon count" + spans: 4 + metricName: "base:thread_daemon_count" + dataType: "raw" + - chart: + name: "Committed heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_committed_heap_bytes" + dataType: "raw" + - chart: + name: "Max heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_max_heap_bytes" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_used_heap_bytes" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/microprofile-x.y.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/microprofile-x.y.yaml new file mode 100644 index 000000000..d15f527d9 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/microprofile-x.y.yaml @@ -0,0 +1,37 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-x.y + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:gc_complete_scavenger_count" + items: + - chart: + name: "Young GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_young_generation_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Young GC count" + spans: 3 + metricName: "base:gc_young_generation_scavenger_count" + dataType: "raw" + - chart: + name: "Total GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_complete_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Total GC count" + spans: 3 + metricName: "base:gc_complete_scavenger_count" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/nodejs.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/nodejs.yaml new file mode 100644 index 000000000..d772a16c0 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/nodejs.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: nodejs + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Node.js + title: Node.js Metrics + discoverOn: "nodejs_active_handles_total" + items: + - chart: + name: "Active handles" + spans: 4 + metricName: "nodejs_active_handles_total" + dataType: "raw" + - chart: + name: "Active requests" + spans: 4 + metricName: "nodejs_active_requests_total" + dataType: "raw" + - chart: + name: "Event loop lag" + unit: "seconds" + spans: 4 + metricName: "nodejs_eventloop_lag_seconds" + dataType: "raw" + - chart: + name: "Total heap size" + unit: "bytes" + spans: 12 + metricName: "nodejs_heap_space_size_total_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Used heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_used_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Available heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_available_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/quarkus.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/quarkus.yaml new file mode 100644 index 000000000..4fc3e9ac0 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/quarkus.yaml @@ -0,0 +1,32 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: quarkus + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Quarkus Metrics + runtime: Quarkus + items: + - chart: + name: "Thread count" + spans: 4 + metricName: "vendor:thread_count" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_heap_usage_bytes" + dataType: "raw" + - chart: + name: "Used non-heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_non_heap_usage_bytes" + dataType: "raw" + - include: "microprofile-x.y" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/springboot-jvm-pool.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/springboot-jvm-pool.yaml new file mode 100644 index 000000000..2ff4ae576 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/springboot-jvm-pool.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Pool Metrics + items: + - include: "micrometer-1.0.6-jvm-pool" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/springboot-jvm.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/springboot-jvm.yaml new file mode 100644 index 000000000..8bd43055b --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/springboot-jvm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Metrics + items: + - include: "micrometer-1.0.6-jvm" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/springboot-tomcat.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/springboot-tomcat.yaml new file mode 100644 index 000000000..4b27aee4f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/springboot-tomcat.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-tomcat + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: Tomcat Metrics + items: + - include: "tomcat" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/thorntail.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/thorntail.yaml new file mode 100644 index 000000000..513488df4 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/thorntail.yaml @@ -0,0 +1,21 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: thorntail + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Thorntail + title: Thorntail Metrics + discoverOn: "vendor:loaded_modules" + items: + - include: "microprofile-1.1" + - chart: + name: "Loaded modules" + spans: 6 + metricName: "vendor:loaded_modules" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/tomcat.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/tomcat.yaml new file mode 100644 index 000000000..28fd7f1cc --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/tomcat.yaml @@ -0,0 +1,66 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: tomcat + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Tomcat + title: Tomcat Metrics + discoverOn: "tomcat_sessions_created_total" + items: + - chart: + name: "Sessions created" + spans: 4 + metricName: "tomcat_sessions_created_total" + dataType: "raw" + - chart: + name: "Active sessions" + spans: 4 + metricName: "tomcat_sessions_active_current" + dataType: "raw" + - chart: + name: "Sessions rejected" + spans: 4 + metricName: "tomcat_sessions_rejected_total" + dataType: "raw" + + - chart: + name: "Bytes sent" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_sent_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Bytes received" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_received_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + + - chart: + name: "Global errors" + spans: 6 + metricName: "tomcat_global_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Servlet errors" + spans: 6 + metricName: "tomcat_servlet_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/vertx-client.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/vertx-client.yaml new file mode 100644 index 000000000..17392d87f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/vertx-client.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-client + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Client Metrics + discoverOn: "vertx_http_client_connections" + items: + - chart: + name: "Client response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_client_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_client_requestCount_total" + dataType: "rate" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client active connections" + spans: 6 + metricName: "vertx_http_client_connections" + dataType: "raw" + - chart: + name: "Client active websockets" + spans: 6 + metricName: "vertx_http_client_wsConnections" + dataType: "raw" + - chart: + name: "Client bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesSent" + dataType: "histogram" + - chart: + name: "Client bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/vertx-eventbus.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/vertx-eventbus.yaml new file mode 100644 index 000000000..fa659b55c --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/vertx-eventbus.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-eventbus + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Eventbus Metrics + discoverOn: "vertx_eventbus_handlers" + items: + - chart: + name: "Event bus handlers" + spans: 6 + metricName: "vertx_eventbus_handlers" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus pending messages" + spans: 6 + metricName: "vertx_eventbus_pending" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus processing time" + unit: "seconds" + spans: 6 + metricName: "vertx_eventbus_processingTime_seconds" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes read" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesRead" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes written" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesWritten" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/vertx-jvm.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/vertx-jvm.yaml new file mode 100644 index 000000000..ac03ea2e0 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/vertx-jvm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: JVM Metrics + items: + - include: "micrometer-1.1-jvm" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/vertx-pool.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/vertx-pool.yaml new file mode 100644 index 000000000..3715e9c10 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/vertx-pool.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Pools Metrics + discoverOn: "vertx_pool_ratio" + items: + - chart: + name: "Usage duration" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_usage_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Usage ratio" + spans: 6 + metricName: "vertx_pool_ratio" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Queue size" + spans: 6 + metricName: "vertx_pool_queue_size" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Time in queue" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_queue_delay_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Resources used" + spans: 6 + metricName: "vertx_pool_inUse" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/vertx-server.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/vertx-server.yaml new file mode 100644 index 000000000..686295468 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/dashboards/vertx-server.yaml @@ -0,0 +1,61 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-server + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Server Metrics + discoverOn: "vertx_http_server_connections" + items: + - chart: + name: "Server response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_server_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_server_requestCount_total" + dataType: "rate" + aggregations: + - label: "code" + displayName: "Error code" + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server active connections" + spans: 6 + metricName: "vertx_http_server_connections" + dataType: "raw" + - chart: + name: "Server active websockets" + spans: 6 + metricName: "vertx_http_server_wsConnections" + dataType: "raw" + - chart: + name: "Server bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesSent" + dataType: "histogram" + - chart: + name: "Server bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/deployment.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/deployment.yaml new file mode 100644 index 000000000..6fab9ee49 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/deployment.yaml @@ -0,0 +1,165 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.deployment.replicas }} + selector: + matchLabels: + {{- include "kiali-server.selectorLabels" . | nindent 6 }} + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 8 }} + annotations: + {{- if .Values.server.metrics_enabled }} + prometheus.io/scrape: "true" + prometheus.io/port: {{ .Values.server.metrics_port | quote }} + {{- else }} + prometheus.io/scrape: "false" + prometheus.io/port: null + {{- end }} + kiali.io/runtimes: go,kiali + {{- if .Values.deployment.pod_annotations }} + {{- toYaml .Values.deployment.pod_annotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "kiali-server.fullname" . }} + {{- if .Values.deployment.priority_class_name }} + priorityClassName: {{ .Values.deployment.priority_class_name | quote }} + {{- end }} + {{- if .Values.deployment.image_pull_secrets }} + imagePullSecrets: + {{- range .Values.deployment.image_pull_secrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}:{{ .Values.deployment.tag }}" + imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }} + name: {{ include "kiali-server.fullname" . }} + command: + - "/opt/kiali/kiali" + - "-config" + - "/kiali-configuration/config.yaml" + - "-v" + - "{{ .Values.deployment.verbose_mode }}" + ports: + - name: api-port + containerPort: {{ .Values.server.port | default 20001 }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + containerPort: {{ .Values.server.metrics_port | default 9090 }} + {{- end }} + readinessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + livenessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + env: + - name: ACTIVE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + {{- if .Values.web_root_override }} + - name: kiali-console + subPath: env.js + mountPath: /opt/kiali/console/env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + mountPath: "/kiali-configuration" + - name: {{ include "kiali-server.fullname" . }}-cert + mountPath: "/kiali-cert" + - name: {{ include "kiali-server.fullname" . }}-secret + mountPath: "/kiali-secret" + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + mountPath: "/kiali-cabundle" + {{- end }} + {{- if .Values.deployment.resources }} + resources: + {{- toYaml .Values.deployment.resources | nindent 10 }} + {{- end }} + volumes: + {{- if .Values.web_root_override }} + - name: kiali-console + configMap: + name: kiali-console + items: + - key: env.js + path: env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + configMap: + name: {{ include "kiali-server.fullname" . }} + - name: {{ include "kiali-server.fullname" . }}-cert + secret: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + secretName: {{ include "kiali-server.fullname" . }}-cert-secret + {{- else }} + secretName: istio.{{ include "kiali-server.fullname" . }}-service-account + {{- end }} + {{- if not (include "kiali-server.identity.cert_file" .) }} + optional: true + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-secret + secret: + secretName: {{ .Values.deployment.secret_name }} + optional: true + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + configMap: + name: {{ include "kiali-server.fullname" . }}-cabundle + {{- end }} + {{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.pod) (.Values.deployment.pod_anti)) }} + affinity: + {{- if .Values.deployment.affinity.node }} + nodeAffinity: + {{- toYaml .Values.deployment.affinity.node | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod }} + podAffinity: + {{- toYaml .Values.deployment.affinity.pod | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod_anti }} + podAntiAffinity: + {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }} + {{- end }} + {{- end }} + {{- if .Values.deployment.tolerations }} + tolerations: + {{- toYaml .Values.deployment.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.deployment.node_selector }} + nodeSelector: + {{- toYaml .Values.deployment.node_selector | nindent 8 }} + {{- end }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/ingess.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/ingess.yaml new file mode 100644 index 000000000..5a427e896 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/ingess.yaml @@ -0,0 +1,40 @@ +{{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} +{{- if .Values.deployment.ingress_enabled }} +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }} + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- else }} + # For ingress-nginx versions older than 0.20.0 use secure-backends. + # (see: https://github.com/kubernetes/ingress-nginx/issues/3416#issuecomment-438247948) + # For ingress-nginx versions 0.20.0 and later use backend-protocol. + {{- if (include "kiali-server.identity.cert_file" .) }} + nginx.ingress.kubernetes.io/secure-backends: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + {{- else }} + nginx.ingress.kubernetes.io/secure-backends: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + {{- end }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + rules: + - http: + paths: + - path: {{ include "kiali-server.server.web_root" . }} + backend: + serviceName: {{ include "kiali-server.fullname" . }} + servicePort: {{ .Values.server.port }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/oauth.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/oauth.yaml new file mode 100644 index 000000000..a178bb85e --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/oauth.yaml @@ -0,0 +1,17 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.kiali_route_url }} +--- +apiVersion: oauth.openshift.io/v1 +kind: OAuthClient +metadata: + name: {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +redirectURIs: +- {{ .Values.kiali_route_url }} +grantMethod: auto +allowAnyScope: true +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/role-viewer.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/role-viewer.yaml new file mode 100644 index 000000000..790406017 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/role-viewer.yaml @@ -0,0 +1,101 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }}-viewer + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - replicationcontrollers + - services + verbs: + - get + - list + - watch +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - config.istio.io + - networking.istio.io + - authentication.istio.io + - rbac.istio.io + - security.istio.io + resources: ["*"] + verbs: + - get + - list + - watch +- apiGroups: ["authentication.maistra.io"] + resources: + - servicemeshpolicies + verbs: + - get + - list + - watch +- apiGroups: ["rbac.maistra.io"] + resources: + - servicemeshrbacconfigs + verbs: + - get + - list + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - get + - list +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/role.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/role.yaml new file mode 100644 index 000000000..34a47dd89 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/role.yaml @@ -0,0 +1,118 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - replicationcontrollers + - services + verbs: + - get + - list + - patch + - watch +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - patch + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - patch + - watch +- apiGroups: + - config.istio.io + - networking.istio.io + - authentication.istio.io + - rbac.istio.io + - security.istio.io + resources: ["*"] + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["authentication.maistra.io"] + resources: + - servicemeshpolicies + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["rbac.maistra.io"] + resources: + - servicemeshrbacconfigs + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - patch + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - create + - delete + - get + - list + - patch + - watch +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/rolebinding.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/rolebinding.yaml new file mode 100644 index 000000000..1eaabd65f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + {{- if .Values.deployment.view_only_mode }} + name: {{ include "kiali-server.fullname" . }}-viewer + {{- else }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/route.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/route.yaml new file mode 100644 index 000000000..27940dc96 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/route.yaml @@ -0,0 +1,30 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.deployment.ingress_enabled }} +# As of OpenShift 4.5, need to use --disable-openapi-validation when installing via Helm +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}} + annotations: + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + tls: + termination: reencrypt + insecureEdgeTerminationPolicy: Redirect + to: + kind: Service + targetPort: {{ .Values.server.port }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/service.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/service.yaml new file mode 100644 index 000000000..69dc395d1 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/service.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + service.beta.openshift.io/serving-cert-secret-name: {{ include "kiali-server.fullname" . }}-cert-secret + {{- end }} + kiali.io/api-spec: https://kiali.io/api + kiali.io/api-type: rest + {{- if .Values.deployment.service_annotations }} + {{- toYaml .Values.deployment.service_annotations | nindent 4 }} + {{- end }} +spec: + {{- if .Values.deployment.service_type }} + type: {{ .Values.deployment.service_type }} + {{- end }} + ports: + {{- if (include "kiali-server.identity.cert_file" .) }} + - name: tcp + {{- else }} + - name: http + {{- end }} + protocol: TCP + port: {{ .Values.server.port }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + protocol: TCP + port: {{ .Values.server.metrics_port }} + {{- end }} + selector: + {{- include "kiali-server.selectorLabels" . | nindent 4 }} + {{- if .Values.deployment.additional_service_yaml }} + {{- toYaml .Values.deployment.additional_service_yaml | nindent 2 }} + {{- end }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/serviceaccount.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/serviceaccount.yaml new file mode 100644 index 000000000..9151b6f6a --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/serviceaccount.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/validate-install-crd.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/validate-install-crd.yaml new file mode 100644 index 000000000..01d33e632 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/validate-install-crd.yaml @@ -0,0 +1,14 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "monitoring.kiali.io/v1alpha1/MonitoringDashboard" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the rancher-kiali-server-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/web-root-configmap.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/web-root-configmap.yaml new file mode 100644 index 000000000..970d4e4f5 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/templates/web-root-configmap.yaml @@ -0,0 +1,12 @@ +{{- if .Values.web_root_override }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: kiali-console + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + env.js: | + window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:kiali:20001/proxy/kiali'; +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/values.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/values.yaml new file mode 100644 index 000000000..fccc6d4ce --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-kiali-server/values.yaml @@ -0,0 +1,79 @@ +nameOverride: "kiali" +fullnameOverride: "kiali" + +# This is required for "openshift" auth strategy. +# You have to know ahead of time what your Route URL will be because +# right now the helm chart can't figure this out at runtime (it would +# need to wait for the Kiali Route to be deployed and for OpenShift +# to start it up). If someone knows how to update this helm chart to +# do this, a PR would be welcome. +kiali_route_url: "" + +# rancher specific override that allows proxy access to kiali url +web_root_override: true + +# +# Settings that mimic the Kiali CR which are placed in the ConfigMap. +# Note that only those values used by the Helm Chart will be here. +# + +istio_namespace: "" # default is where Kiali is installed + +auth: + openid: {} + openshift: {} + strategy: "" + +deployment: + # This only limits what Kiali will attempt to see, but Kiali Service Account has permissions to see everything. + # For more control over what the Kial Service Account can see, use the Kiali Operator + accessible_namespaces: + - "**" + additional_service_yaml: {} + affinity: + node: {} + pod: {} + pod_anti: {} + custom_dashboards: + excludes: [''] + includes: ['*'] + repository: rancher/kiali-kiali + image_pull_policy: "Always" + image_pull_secrets: [] + tag: v1.24.0 + ingress_enabled: true + node_selector: {} + override_ingress_yaml: + metadata: {} + pod_annotations: {} + priority_class_name: "" + replicas: 1 + resources: {} + secret_name: "kiali" + service_annotations: {} + service_type: "" + tolerations: [] + verbose_mode: "3" + version_label: v1.24.0 + view_only_mode: false + +identity: {} + #cert_file: + #private_key_file: + +login_token: + signing_key: "" + +server: + port: 20001 + metrics_enabled: true + metrics_port: 9090 + web_root: "" + +# Common settings used among istio subcharts. +global: + # Specify rancher clusterId of external tracing config + # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 + cattle: + systemDefaultRegistry: "" + clusterId: diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/.helmignore b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/Chart.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/Chart.yaml new file mode 100644 index 000000000..0a3437798 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/Chart.yaml @@ -0,0 +1,12 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: istio-system + catalog.rancher.io/release-name: rancher-tracing +apiVersion: v1 +appVersion: 1.20.0 +description: A quick start Jaeger Tracing installation using the all-in-one demo. + This is not production qualified. Refer to https://www.jaegertracing.io/ for details. +name: rancher-tracing +version: 1.20.001 diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/README.md b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/README.md new file mode 100644 index 000000000..25534c628 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/README.md @@ -0,0 +1,5 @@ +# Jaeger + +A Rancher chart based on the Jaeger all-in-one quick installation option. This chart will allow you to trace and monitor distributed microservices. + +> **Note:** The basic all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io) documentation to determine which installation you will need for your production needs. diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/templates/_affinity.tpl b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/templates/_affinity.tpl new file mode 100644 index 000000000..bf6a9aee5 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/templates/_affinity.tpl @@ -0,0 +1,92 @@ +{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} +{{- define "nodeAffinity" }} + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + {{- include "nodeAffinityRequiredDuringScheduling" . }} + preferredDuringSchedulingIgnoredDuringExecution: + {{- include "nodeAffinityPreferredDuringScheduling" . }} +{{- end }} + +{{- define "nodeAffinityRequiredDuringScheduling" }} + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + {{- range $key, $val := .Values.global.arch }} + {{- if gt ($val | int) 0 }} + - {{ $key | quote }} + {{- end }} + {{- end }} + {{- $nodeSelector := default .Values.global.defaultNodeSelector .Values.nodeSelector -}} + {{- range $key, $val := $nodeSelector }} + - key: {{ $key }} + operator: In + values: + - {{ $val | quote }} + {{- end }} +{{- end }} + +{{- define "nodeAffinityPreferredDuringScheduling" }} + {{- range $key, $val := .Values.global.arch }} + {{- if gt ($val | int) 0 }} + - weight: {{ $val | int }} + preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - {{ $key | quote }} + {{- end }} + {{- end }} +{{- end }} + +{{- define "podAntiAffinity" }} +{{- if or .Values.podAntiAffinityLabelSelector .Values.podAntiAffinityTermLabelSelector}} + podAntiAffinity: + {{- if .Values.podAntiAffinityLabelSelector }} + requiredDuringSchedulingIgnoredDuringExecution: + {{- include "podAntiAffinityRequiredDuringScheduling" . }} + {{- end }} + {{- if or .Values.podAntiAffinityTermLabelSelector}} + preferredDuringSchedulingIgnoredDuringExecution: + {{- include "podAntiAffinityPreferredDuringScheduling" . }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "podAntiAffinityRequiredDuringScheduling" }} + {{- range $index, $item := .Values.podAntiAffinityLabelSelector }} + - labelSelector: + matchExpressions: + - key: {{ $item.key }} + operator: {{ $item.operator }} + {{- if $item.values }} + values: + {{- $vals := split "," $item.values }} + {{- range $i, $v := $vals }} + - {{ $v | quote }} + {{- end }} + {{- end }} + topologyKey: {{ $item.topologyKey }} + {{- end }} +{{- end }} + +{{- define "podAntiAffinityPreferredDuringScheduling" }} + {{- range $index, $item := .Values.podAntiAffinityTermLabelSelector }} + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: {{ $item.key }} + operator: {{ $item.operator }} + {{- if $item.values }} + values: + {{- $vals := split "," $item.values }} + {{- range $i, $v := $vals }} + - {{ $v | quote }} + {{- end }} + {{- end }} + topologyKey: {{ $item.topologyKey }} + weight: 100 + {{- end }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/templates/_helpers.tpl b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/templates/_helpers.tpl new file mode 100644 index 000000000..56cfa7335 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "tracing.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "tracing.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/templates/deployment.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/templates/deployment.yaml new file mode 100644 index 000000000..e7ecfadd8 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/templates/deployment.yaml @@ -0,0 +1,80 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + selector: + matchLabels: + app: {{ .Values.provider }} + template: + metadata: + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + annotations: + sidecar.istio.io/inject: "false" + prometheus.io/scrape: "true" + prometheus.io/port: "14269" +{{- if .Values.jaeger.podAnnotations }} +{{ toYaml .Values.jaeger.podAnnotations | indent 8 }} +{{- end }} + spec: + containers: + - name: jaeger + image: "{{ template "system_default_registry" . }}{{ .Values.jaeger.repository }}:{{ .Values.jaeger.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + env: + {{- if eq .Values.jaeger.spanStorageType "badger" }} + - name: BADGER_EPHEMERAL + value: "false" + - name: SPAN_STORAGE_TYPE + value: "badger" + - name: BADGER_DIRECTORY_VALUE + value: "/badger/data" + - name: BADGER_DIRECTORY_KEY + value: "/badger/key" + {{- end }} + - name: COLLECTOR_ZIPKIN_HTTP_PORT + value: "9411" + - name: MEMORY_MAX_TRACES + value: "{{ .Values.jaeger.memory.max_traces }}" + - name: QUERY_BASE_PATH + value: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} + livenessProbe: + httpGet: + path: / + port: 14269 + readinessProbe: + httpGet: + path: / + port: 14269 +{{- if eq .Values.jaeger.spanStorageType "badger" }} + volumeMounts: + - name: data + mountPath: /badger +{{- end }} + resources: +{{- if .Values.jaeger.resources }} +{{ toYaml .Values.jaeger.resources | indent 12 }} +{{- else }} +{{ toYaml .Values.global.defaultResources | indent 12 }} +{{- end }} + affinity: + {{- include "nodeAffinity" . | indent 6 }} + {{- include "podAntiAffinity" . | indent 6 }} +{{- if eq .Values.jaeger.spanStorageType "badger" }} + volumes: + - name: data +{{- if .Values.jaeger.persistentVolumeClaim.enabled }} + persistentVolumeClaim: + claimName: istio-jaeger-pvc +{{- else }} + emptyDir: {} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/templates/pvc.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/templates/pvc.yaml new file mode 100644 index 000000000..9b4c55e4f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/templates/pvc.yaml @@ -0,0 +1,16 @@ +{{- if .Values.jaeger.persistentVolumeClaim.enabled }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: istio-jaeger-pvc + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} +spec: + storageClassName: {{ .Values.jaeger.storageClassName }} + accessModes: + - {{ .Values.jaeger.accessMode }} + resources: + requests: + storage: {{.Values.jaeger.persistentVolumeClaim.storage }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/templates/service.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/templates/service.yaml new file mode 100644 index 000000000..4210a9b5f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/templates/service.yaml @@ -0,0 +1,63 @@ +apiVersion: v1 +kind: Service +metadata: + name: tracing + namespace: {{ .Release.Namespace }} + annotations: + {{- range $key, $val := .Values.service.annotations }} + {{ $key }}: {{ $val | quote }} + {{- end }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + type: {{ .Values.service.type }} + ports: + - name: {{ .Values.service.name }} + port: {{ .Values.service.externalPort }} + protocol: TCP + targetPort: 16686 + selector: + app: {{ .Values.provider }} +--- +# Jaeger implements the Zipkin API. To support swapping out the tracing backend, we use a Service named Zipkin. +apiVersion: v1 +kind: Service +metadata: + name: zipkin + namespace: {{ .Release.Namespace }} + labels: + name: zipkin + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + ports: + - name: {{ .Values.service.name }} + port: {{ .Values.zipkin.queryPort }} + targetPort: {{ .Values.zipkin.queryPort }} + selector: + app: {{ .Values.provider }} +--- +apiVersion: v1 +kind: Service +metadata: + name: jaeger-collector + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + type: ClusterIP + ports: + - name: jaeger-collector-http + port: 14268 + targetPort: 14268 + protocol: TCP + - name: jaeger-collector-grpc + port: 14250 + targetPort: 14250 + protocol: TCP + selector: + app: {{ .Values.provider }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/values.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/values.yaml new file mode 100644 index 000000000..0002f11f8 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/charts/rancher-tracing/values.yaml @@ -0,0 +1,42 @@ +provider: jaeger +contextPath: "" +nodeSelector: {} +podAntiAffinityLabelSelector: [] +podAntiAffinityTermLabelSelector: [] +nameOverride: "" +fullnameOverride: "" + +global: + cattle: + systemDefaultRegistry: "" + defaultResources: {} + imagePullPolicy: IfNotPresent + imagePullSecrets: [] + arch: + amd64: 2 + s390x: 2 + ppc64le: 2 + defaultNodeSelector: {} + +jaeger: + repository: rancher/jaegertracing-all-in-one + tag: 1.20.0 + # spanStorageType value can be "memory" and "badger" for all-in-one image + spanStorageType: badger + resources: + requests: + cpu: 10m + persistentVolumeClaim: + enabled: false + storage: 5Gi + storageClassName: "" + accessMode: ReadWriteMany + memory: + max_traces: 50000 +zipkin: + queryPort: 9411 +service: + annotations: {} + name: http-query + type: ClusterIP + externalPort: 16686 diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/configs/istio-base.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/configs/istio-base.yaml new file mode 100644 index 000000000..daf77f5c7 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/configs/istio-base.yaml @@ -0,0 +1,102 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + addonComponents: + istiocoredns: + enabled: {{ .Values.istiocoredns.enabled }} + components: + base: + enabled: {{ .Values.base.enabled }} + cni: + enabled: {{ .Values.cni.enabled }} + egressGateways: + - enabled: {{ .Values.egressGateways.enabled }} + name: istio-egressgateway + ingressGateways: + - enabled: {{ .Values.ingressGateways.enabled }} + name: istio-ingressgateway + k8s: + service: + ports: + - name: status-port + port: 15021 + targetPort: 15021 + - name: http2 + port: 80 + targetPort: 8080 + nodePort: 31380 + - name: https + port: 443 + targetPort: 8443 + nodePort: 31390 + - name: tcp + port: 31400 + targetPort: 31400 + nodePort: 31400 + - name: tls + port: 15443 + targetPort: 15443 + istiodRemote: + enabled: {{ .Values.istiodRemote.enabled }} + pilot: + enabled: {{ .Values.pilot.enabled }} + policy: + enabled: {{ .Values.policy.enabled }} + telemetry: + enabled: {{ .Values.telemetry.v1.enabled }} + hub: {{ .Values.systemDefaultRegistry | default "docker.io" }} + profile: default + tag: {{ .Values.tag }} + revision: {{ .Values.revision }} + meshConfig: + enablePrometheusMerge: {{ .Values.meshConfig.enablePrometheusMerge }} + values: + gateways: + istio-egressgateway: + name: istio-egressgateway + type: {{ .Values.egressGateways.type }} + istio-ingressgateway: + name: istio-ingressgateway + type: {{ .Values.ingressGateways.type }} + global: + istioNamespace: {{ template "istio.namespace" . }} + proxy: + image: {{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }} + proxy_init: + image: {{ template "system_default_registry" . }}{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }} + {{- if .Values.global.defaultPodDisruptionBudget.enabled }} + defaultPodDisruptionBudget: + enabled: {{ .Values.global.defaultPodDisruptionBudget.enabled }} + {{- end }} + istiocoredns: + coreDNSImage: {{ template "system_default_registry" . }}{{ .Values.istiocoredns.image.repository }} + coreDNSPluginImage: {{ template "system_default_registry" . }}{{ .Values.istiocoredns.pluginImage.repository }}:{{ .Values.istiocoredns.pluginImage.tag }} + coreDNSTag: {{ .Values.istiocoredns.image.tag }} + {{- if or .Values.policy.enabled .Values.telemetry.v1.enabled }} + mixer: + {{- if .Values.policy.enabled }} + policy: + image: {{ template "system_default_registry" . }}{{ .Values.policy.repository }}:{{ .Values.policy.tag }} + {{- end }} + {{- if .Values.telemetry.v1.enabled }} + telemetry: + image: {{ template "system_default_registry" . }}{{ .Values.telemetry.v1.repository }}:{{ .Values.telemetry.v1.tag }} + {{- end }} + {{- end }} + {{- if .Values.pilot.enabled }} + pilot: + image: {{ template "system_default_registry" . }}{{ .Values.pilot.repository }}:{{ .Values.pilot.tag }} + {{- end }} + telemetry: + enabled: {{ .Values.telemetry.enabled }} + v1: + enabled: {{ .Values.telemetry.v1.enabled }} + v2: + enabled: {{ .Values.telemetry.v2.enabled }} + {{- if .Values.cni.enabled }} + cni: + image: {{ template "system_default_registry" . }}{{ .Values.cni.repository }}:{{ .Values.cni.tag }} + excludeNamespaces: + {{- toYaml .Values.cni.excludeNamespaces | nindent 8 }} + logLevel: {{ .Values.cni.logLevel }} + {{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/requirements.lock b/released/charts/rancher-istio/rancher-istio/1.7.301/requirements.lock new file mode 100644 index 000000000..f47835c14 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/requirements.lock @@ -0,0 +1,9 @@ +dependencies: +- name: rancher-kiali-server + repository: file://../../rancher-kiali-server/charts + version: 1.24.0 +- name: rancher-tracing + repository: file://../../rancher-tracing/charts + version: 1.20.001 +digest: sha256:92116a2b3454607da3ef18e994de75a2b75db56c4dfc8baf9b76e839d007b1cc +generated: "2021-01-07T05:24:11.644300126Z" diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/requirements.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/requirements.yaml new file mode 100644 index 000000000..e0429b593 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/requirements.yaml @@ -0,0 +1,13 @@ +dependencies: + + - name: rancher-kiali-server + alias: kiali + condition: kiali.enabled + version: 1.24.0 + repository: file://../../rancher-kiali-server/charts + + - name: rancher-tracing + alias: tracing + condition: tracing.enabled + version: 1.20.001 + repository: file://../../rancher-tracing/charts diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/samples/overlay-example.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/samples/overlay-example.yaml new file mode 100644 index 000000000..5cf3cf3b0 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/samples/overlay-example.yaml @@ -0,0 +1,37 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + components: + ingressGateways: + - enabled: true + name: ilb-gateway + namespace: user-ingressgateway-ns + k8s: + resources: + requests: + cpu: 200m + service: + ports: + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns + port: 5353 + serviceAnnotations: + cloud.google.com/load-balancer-type: internal + - enabled: true + name: other-gateway + namespace: cattle-istio-system + k8s: + resources: + requests: + cpu: 200m + service: + ports: + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns + port: 5353 + serviceAnnotations: + cloud.google.com/load-balancer-type: internal diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/templates/_helpers.tpl b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/_helpers.tpl new file mode 100644 index 000000000..3f7af953a --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/_helpers.tpl @@ -0,0 +1,12 @@ +{{/* Ensure namespace is set the same everywhere */}} +{{- define "istio.namespace" -}} + {{- .Release.Namespace | default "istio-system" -}} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/templates/admin-role.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/admin-role.yaml new file mode 100644 index 000000000..ad1313c4f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/admin-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + name: istio-admin + namespace: {{ template "istio.namespace" . }} +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: + - '*' + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: + - '*' diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/templates/base-config-map.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/base-config-map.yaml new file mode 100644 index 000000000..5323917bc --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/base-config-map.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-installer-base + namespace: {{ template "istio.namespace" . }} +data: +{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/templates/clusterrole.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/clusterrole.yaml new file mode 100644 index 000000000..3e621d897 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/clusterrole.yaml @@ -0,0 +1,112 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istio-installer +rules: +# istio groups +- apiGroups: + - authentication.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - config.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - install.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - rbac.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - security.istio.io + resources: + - '*' + verbs: + - '*' +# k8s groups +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions.apiextensions.k8s.io + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - apps + - extensions + resources: + - daemonsets + - deployments + - deployments/finalizers + - ingresses + - replicasets + - statefulsets + verbs: + - '*' +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - '*' +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - roles + - rolebindings + verbs: + - '*' +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - namespaces + - pods + - pods/exec + - persistentvolumeclaims + - secrets + - services + - serviceaccounts + verbs: + - '*' diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/templates/clusterrolebinding.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..9d74a0434 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: istio-installer +subjects: +- kind: ServiceAccount + name: istio-installer + namespace: {{ template "istio.namespace" . }} +roleRef: + kind: ClusterRole + name: istio-installer + apiGroup: rbac.authorization.k8s.io diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/templates/edit-role.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/edit-role.yaml new file mode 100644 index 000000000..d1059d58d --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/edit-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + namespace: {{ template "istio.namespace" . }} + name: istio-edit +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: + - '*' + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: + - '*' diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/templates/istio-install-job.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/istio-install-job.yaml new file mode 100644 index 000000000..0e9c732e1 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/istio-install-job.yaml @@ -0,0 +1,45 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: istioctl-installer + namespace: {{ template "istio.namespace" . }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + backoffLimit: 1 + template: + spec: + containers: + - name: istioctl-installer + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} + env: + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: ISTIO_NAMESPACE + value: {{ template "istio.namespace" . }} + - name: FORCE_INSTALL + value: {{ .Values.forceInstall | default "false" | quote }} + command: ["/bin/sh","-c"] + args: ["/usr/local/app/scripts/run.sh"] + volumeMounts: + - name: config-volume + mountPath: /app/istio-base.yaml + subPath: istio-base.yaml + {{- if .Values.overlayFile }} + - name: overlay-volume + mountPath: /app/overlay-config.yaml + subPath: overlay-config.yaml + {{- end }} + volumes: + - name: config-volume + configMap: + name: istio-installer-base + {{- if .Values.overlayFile }} + - name: overlay-volume + configMap: + name: istio-installer-overlay + {{- end }} + serviceAccountName: istio-installer + restartPolicy: Never diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/templates/istio-uninstall-job.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/istio-uninstall-job.yaml new file mode 100644 index 000000000..b5946e55f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/istio-uninstall-job.yaml @@ -0,0 +1,42 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: istioctl-uninstaller + namespace: {{ template "istio.namespace" . }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + spec: + containers: + - name: istioctl-uninstaller + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} + env: + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: ISTIO_NAMESPACE + value: {{ template "istio.namespace" . }} + command: ["/bin/sh","-c"] + args: ["/usr/local/app/scripts/uninstall_istio_system.sh"] + volumeMounts: + - name: config-volume + mountPath: /app/istio-base.yaml + subPath: istio-base.yaml + {{- if .Values.overlayFile }} + - name: overlay-volume + mountPath: /app/overlay-config.yaml + subPath: overlay-config.yaml + {{ end }} + volumes: + - name: config-volume + configMap: + name: istio-installer-base + {{- if .Values.overlayFile }} + - name: overlay-volume + configMap: + name: istio-installer-overlay + {{ end }} + serviceAccountName: istio-installer + restartPolicy: OnFailure diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/templates/overlay-config-map.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/overlay-config-map.yaml new file mode 100644 index 000000000..287d26b2c --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/overlay-config-map.yaml @@ -0,0 +1,9 @@ +{{- if .Values.overlayFile }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-installer-overlay + namespace: {{ template "istio.namespace" . }} +data: + overlay-config.yaml: {{ toYaml .Values.overlayFile | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/templates/service-monitors.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/service-monitors.yaml new file mode 100644 index 000000000..c3d60c4fc --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/service-monitors.yaml @@ -0,0 +1,51 @@ +{{- if .Values.kiali.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: envoy-stats-monitor + namespace: {{ template "istio.namespace" . }} + labels: + monitoring: istio-proxies +spec: + selector: + matchExpressions: + - {key: istio-prometheus-ignore, operator: DoesNotExist} + namespaceSelector: + any: true + jobLabel: envoy-stats + endpoints: + - path: /stats/prometheus + targetPort: 15090 + interval: 15s + relabelings: + - sourceLabels: [__meta_kubernetes_pod_container_port_name] + action: keep + regex: '.*-envoy-prom' + - action: labeldrop + regex: "__meta_kubernetes_pod_label_(.+)" + - sourceLabels: [__meta_kubernetes_namespace] + action: replace + targetLabel: namespace + - sourceLabels: [__meta_kubernetes_pod_name] + action: replace + targetLabel: pod_name +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: istio-component-monitor + namespace: {{ template "istio.namespace" . }} + labels: + monitoring: istio-components +spec: + jobLabel: istio + targetLabels: [app] + selector: + matchExpressions: + - {key: istio, operator: In, values: [pilot]} + namespaceSelector: + any: true + endpoints: + - port: http-monitoring + interval: 15s +{{- end -}} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/templates/serviceaccount.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/serviceaccount.yaml new file mode 100644 index 000000000..82b6cbb7e --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: istio-installer + namespace: {{ template "istio.namespace" . }} diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/templates/view-role.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/view-role.yaml new file mode 100644 index 000000000..5947d3eba --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/templates/view-role.yaml @@ -0,0 +1,41 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + namespace: {{ template "istio.namespace" . }} + name: istio-view +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: ["get", "watch", "list"] + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: ["get", "watch", "list"] diff --git a/released/charts/rancher-istio/rancher-istio/1.7.301/values.yaml b/released/charts/rancher-istio/rancher-istio/1.7.301/values.yaml new file mode 100644 index 000000000..da4042282 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.7.301/values.yaml @@ -0,0 +1,106 @@ +overlayFile: "" +tag: 1.7.3 +##Setting forceInstall: true will remove the check for istio version < 1.6.x and will not analyze your install cluster prior to install +forceInstall: false + +installer: + repository: rancher/istio-installer + tag: 1.7.3-rancher2 + +istiocoredns: + enabled: false + image: + repository: rancher/coredns-coredns + tag: 1.6.2 + pluginImage: + repository: rancher/istio-coredns-plugin + tag: 0.2-istio-1.1 + +base: + enabled: true + +cni: + enabled: false + repository: rancher/istio-install-cni + tag: 1.7.3 + logLevel: info + excludeNamespaces: + - istio-system + - kube-system + +egressGateways: + enabled: false + type: NodePort + +ingressGateways: + enabled: true + type: NodePort + +istiodRemote: + enabled: false + +pilot: + enabled: true + repository: rancher/istio-pilot + tag: 1.7.3 + +#Mixer Policy is deprecated in 1.7.x, will not be supported in 1.8.x +policy: + enabled: false + repository: rancher/istio-mixer + tag: 1.7.3 + +telemetry: + enabled: true + #Telemetry v1 is deprecated in 1.7.x, will not be supported in 1.8.x + v1: + enabled: false + repository: rancher/istio-mixer + tag: 1.7.3 + v2: + enabled: true + +sidecarInjectorWebhook: + enableNamespacesByDefault: false + objectSelector: + enabled: true + autoInject: true + rewriteAppHTTPProbe: true + +global: + cattle: + systemDefaultRegistry: "" + proxy: + repository: rancher/istio-proxyv2 + tag: 1.7.3 + proxy_init: + repository: rancher/istio-proxyv2 + tag: 1.7.3 + defaultPodDisruptionBudget: + enabled: true + +# this can be removed in 1.7 as it is default +meshConfig: + enablePrometheusMerge: true + +# Kiali subchart from rancher-kiali-server +kiali: + enabled: true + auth: + strategy: anonymous + deployment: + ingress_enabled: false + repository: rancher/kiali-kiali + tag: v1.24.0 + external_services: + prometheus: + custom_metrics_url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" + url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" + tracing: + in_cluster_url: "http://tracing.istio-system.svc:16686" + +tracing: + enabled: false + jaeger: + repository: rancher/jaegertracing-all-in-one + tag: 1.20.0 diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/Chart.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/Chart.yaml new file mode 100755 index 000000000..8df587ad9 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/Chart.yaml @@ -0,0 +1,21 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.29.000 + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Istio + catalog.cattle.io/namespace: istio-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1 + catalog.cattle.io/release-name: rancher-istio + catalog.cattle.io/requests-cpu: 710m + catalog.cattle.io/requests-memory: 2314Mi + catalog.cattle.io/ui-component: istio +apiVersion: v1 +appVersion: 1.8.3 +description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ + for details. +icon: https://charts.rancher.io/assets/logos/istio.svg +keywords: +- networking +- infrastructure +name: rancher-istio +version: 1.8.300 diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/README.md b/released/charts/rancher-istio/rancher-istio/1.8.300/README.md new file mode 100755 index 000000000..199e45312 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/README.md @@ -0,0 +1,69 @@ +# Rancher Istio Installers + +A Rancher created chart that packages the istioctl binary to install via a helm chart. + +# Installation Requirements + +## Chart Dependencies +- rancher-kiali-server-crd chart + +# Uninstallation Requirements +To ensure rancher-istio uninstalls correctly, you must uninstall rancher-istio prior to uninstalling chart dependencies (see installation requirements for chart dependencies). This is because all definitions need to be available in order to properly build the rancher-istio objects for removal. + +If you remove dependent CRD charts prior to removing rancher-istio, you may encounter the following error:: + +`Error: uninstallation completed with 1 error(s): unable to build kubernetes objects for delete: unable to recognize "": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"` + +# Addons + +## Kiali + +Kiali allows you to view and manage your istio-based service mesh through an easy to use dashboard. + +#### Dependencies +- rancher-monitoring chart or other Prometheus installation + +This dependecy installs the required CRDs for installing Kiali. Since Kiali is bundled in with Istio in this chart, if you do not have these dependencies installed, your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` when installing Istio for a succesful installation. + +> **Note:** The following configuration options assume you have installed the dependecies for Kiali. Please ensure you have Promtheus in your cluster before proceeding. + +The Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. + +To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. + +1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. +1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. + +#### External Services + +##### Prometheus +The `kiali.external_services.prometheus` url is set in the values.yaml: +``` +http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} +``` +The url depends on the default values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` being set in your rancher-monitoring or other monitoring instance. + +##### Grafana +The `kiali.external_services.grafana` url is set in the values.yaml: +``` +http://{{ .Values.nameOverride }}-grafana.{{ .Values.namespaceOverride }}.svc:{{ grafana.service.port }} +``` +The url depends on the default values for `nameOverride`, `namespaceOverride`, and `grafana.service.port` being set in your rancher-monitoring or other monitoring instance. + +##### Tracing +The `kiali.external_services.tracing` url and `.Values.tracing.contextPath` is set in the rancher-istio values.yaml: +``` +http://tracing.{{ .Values.namespaceOverride }}.svc:{{ .Values.service.externalPort }}/{{ .Values.tracing.contextPath }} +``` +The url depends on the default values for `namespaceOverride`, and `.Values.service.externalPort` being set in your rancher-tracing or other tracing instance. + +## Jaeger + +Jaeger allows you to trace and monitor distributed microservices. + +> **Note:** This addon is using the all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io/docs/1.21/getting-started/) documentation to determine which installation you will need for your production needs. + +# Installation +``` +helm install rancher-istio . --create-namespace -n istio-system +``` \ No newline at end of file diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/app-readme.md b/released/charts/rancher-istio/rancher-istio/1.8.300/app-readme.md new file mode 100755 index 000000000..0e42df083 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/app-readme.md @@ -0,0 +1,45 @@ +# Rancher Istio + +Our [Istio](https://istio.io/) installer wraps the istioctl binary commands in a handy helm chart, including an overlay file option to allow complex customization. It also includes: +* **[Kiali](https://kiali.io/)**: Used for graphing traffic flow throughout the mesh +* **[Jaeger](https://www.jaegertracing.io/)**: A quick start, all-in-one installation used for tracing distributed systemm. This is not production qualified, please refer to jaeger documentation to determine which installation you may need instead. + +### Dependencies + +**Rancher Monitoring or other Prometheus installation** + +The Prometheus CRDs are required for installing Kiali which is enabled by default. If you do not have Prometheus installed your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` to bypass this requirement. + +### Customization + +**Rancher Monitoring** + +The Rancher Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. + +To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. + +1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. +1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. + +**Custom Prometheus Installation with Kiali** + +To use a custom Monitoring installation, set the `kiali.external_services.prometheus` url in the values.yaml. This url depends on the values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` in your rancher-monitoring or other monitoring instance: +``` +http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} +``` +**Custom Grafana Installation with Kiali** + +To use a custom Grafana installation, set the `kiali.external_services.grafana` url in the values.yaml. This url depends on the values for `nameOverride`, `namespaceOverride`, and `granfa.service.port` in your rancher-monitoring or other grafana instance: +``` +http://{{ .Values.nameOverride }}-grafana.{{ .Values.namespaceOverride }}.svc:{{ grafana.service.port }} +``` +**Custom Tracing Installation with Kiali** + +To use a custom Tracing installation, set the `kiali.external_services.tracing` url and update the `.Values.tracing.contextPath` in the rancher-istio values.yaml. + +This url depends on the values for `namespaceOverride`, and `.Values.service.externalPort` in your rancher-tracing or other tracing instance.: +``` +http://tracing.{{ .Values.namespaceOverride }}.svc:{{ .Values.service.externalPort }}/{{ .Values.tracing.contextPath }} +``` + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/istio/v2.5/). diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/Chart.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/Chart.yaml new file mode 100755 index 000000000..e08a9b65b --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/Chart.yaml @@ -0,0 +1,31 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=match + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 + catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 + catalog.rancher.io/namespace: cattle-istio-system + catalog.rancher.io/release-name: rancher-kiali-server +apiVersion: v2 +appVersion: v1.29.0 +description: Kiali is an open source project for service mesh observability, refer + to https://www.kiali.io for details. This is installed as sub-chart with customized + values in Rancher's Istio. +home: https://github.com/kiali/kiali +icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png +keywords: +- istio +- kiali +- networking +- infrastructure +maintainers: +- email: kiali-users@googlegroups.com + name: Kiali + url: https://kiali.io +name: kiali +sources: +- https://github.com/kiali/kiali +- https://github.com/kiali/kiali-ui +- https://github.com/kiali/kiali-operator +- https://github.com/kiali/helm-charts +version: 1.29.0 diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/NOTES.txt b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/NOTES.txt new file mode 100755 index 000000000..751019401 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/NOTES.txt @@ -0,0 +1,5 @@ +Welcome to Kiali! For more details on Kiali, see: https://kiali.io + +The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon. + +(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}]) diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/_helpers.tpl b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/_helpers.tpl new file mode 100755 index 000000000..dd33bbe48 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/_helpers.tpl @@ -0,0 +1,192 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "kiali-server.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kiali-server.fullname" -}} +{{- if .Values.fullnameOverride }} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} + {{- $name := default .Chart.Name .Values.nameOverride }} + {{- printf "%s" $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kiali-server.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Identifies the log_level with the old verbose_mode and the new log_level considered. +*/}} +{{- define "kiali-server.logLevel" -}} +{{- if .Values.deployment.verbose_mode -}} +{{- .Values.deployment.verbose_mode -}} +{{- else -}} +{{- .Values.deployment.logger.log_level -}} +{{- end -}} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kiali-server.labels" -}} +helm.sh/chart: {{ include "kiali-server.chart" . }} +app: {{ include "kiali-server.name" . }} +{{ include "kiali-server.selectorLabels" . }} +version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/part-of: "kiali" +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kiali-server.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kiali-server.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Used to determine if a custom dashboard (defined in .Template.Name) should be deployed. +*/}} +{{- define "kiali-server.isDashboardEnabled" -}} +{{- if .Values.external_services.custom_dashboards.enabled }} + {{- $includere := "" }} + {{- range $_, $s := .Values.deployment.custom_dashboards.includes }} + {{- if $s }} + {{- if $includere }} + {{- $includere = printf "%s|^%s$" $includere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $includere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} + {{- end }} + {{- $excludere := "" }} + {{- range $_, $s := .Values.deployment.custom_dashboards.excludes }} + {{- if $s }} + {{- if $excludere }} + {{- $excludere = printf "%s|^%s$" $excludere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $excludere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} + {{- end }} + {{- if (and (mustRegexMatch (default "no-matches" $includere) (base .Template.Name)) (not (mustRegexMatch (default "no-matches" $excludere) (base .Template.Name)))) }} + {{- print "enabled" }} + {{- else }} + {{- print "" }} + {{- end }} +{{- else }} + {{- print "" }} +{{- end }} +{{- end }} + +{{/* +Determine the default login token signing key. +*/}} +{{- define "kiali-server.login_token.signing_key" -}} +{{- if .Values.login_token.signing_key }} + {{- .Values.login_token.signing_key }} +{{- else }} + {{- randAlphaNum 16 }} +{{- end }} +{{- end }} + +{{/* +Determine the default web root. +*/}} +{{- define "kiali-server.server.web_root" -}} +{{- if .Values.server.web_root }} + {{- .Values.server.web_root | trimSuffix "/" }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/" }} + {{- else }} + {{- "/kiali" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity cert file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.cert_file" -}} +{{- if hasKey .Values.identity "cert_file" }} + {{- .Values.identity.cert_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.crt" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity private key file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.private_key_file" -}} +{{- if hasKey .Values.identity "private_key_file" }} + {{- .Values.identity.private_key_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.key" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the istio namespace - default is where Kiali is installed. +*/}} +{{- define "kiali-server.istio_namespace" -}} +{{- if .Values.istio_namespace }} + {{- .Values.istio_namespace }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} + +{{/* +Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift. +*/}} +{{- define "kiali-server.auth.strategy" -}} +{{- if .Values.auth.strategy }} + {{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }} + {{- end }} + {{- .Values.auth.strategy }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- if not .Values.kiali_route_url }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }} + {{- end }} + {{- "openshift" }} + {{- else }} + {{- "token" }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/cabundle.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/cabundle.yaml new file mode 100755 index 000000000..7462b95a7 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/cabundle.yaml @@ -0,0 +1,13 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }}-cabundle + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + service.beta.openshift.io/inject-cabundle: "true" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/configmap.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/configmap.yaml new file mode 100755 index 000000000..b1bf53173 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/configmap.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + config.yaml: | + {{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}} + {{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }} + {{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}} + {{- $_ := set $cm.deployment "namespace" .Release.Namespace }} + {{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}} + {{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }} + {{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }} + {{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }} + {{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }} + {{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }} + {{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }} + {{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }} + {{- toYaml $cm | nindent 4 }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/envoy.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/envoy.yaml new file mode 100755 index 000000000..8d961b848 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/envoy.yaml @@ -0,0 +1,55 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: envoy + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Envoy Metrics +# discoverOn: "envoy_server_uptime" + items: + - chart: + name: "Pods uptime" + spans: 4 + metricName: "envoy_server_uptime" + dataType: "raw" + - chart: + name: "Allocated memory" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_allocated" + dataType: "raw" + min: 0 + - chart: + name: "Heap size" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_heap_size" + dataType: "raw" + min: 0 + - chart: + name: "Upstream active connections" + spans: 6 + metricName: "envoy_cluster_upstream_cx_active" + dataType: "raw" + - chart: + name: "Upstream total requests" + spans: 6 + metricName: "envoy_cluster_upstream_rq_total" + unit: "rps" + dataType: "rate" + - chart: + name: "Downstream active connections" + spans: 6 + metricName: "envoy_listener_downstream_cx_active" + dataType: "raw" + - chart: + name: "Downstream HTTP requests" + spans: 6 + metricName: "envoy_listener_http_downstream_rq" + unit: "rps" + dataType: "rate" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/go.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/go.yaml new file mode 100755 index 000000000..01ebed7b5 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/go.yaml @@ -0,0 +1,66 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: go + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Go Metrics + runtime: Go + discoverOn: "go_info" + items: + - chart: + name: "CPU ratio" + spans: 6 + metricName: "process_cpu_seconds_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "RSS Memory" + unit: "bytes" + spans: 6 + metricName: "process_resident_memory_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Goroutines" + spans: 6 + metricName: "go_goroutines" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Heap allocation rate" + unit: "bytes/s" + spans: 6 + metricName: "go_memstats_alloc_bytes_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "GC rate" + spans: 6 + metricName: "go_gc_duration_seconds_count" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Next GC" + unit: "bytes" + spans: 6 + metricName: "go_memstats_next_gc_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/kiali.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/kiali.yaml new file mode 100755 index 000000000..0d5b5caa2 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/kiali.yaml @@ -0,0 +1,43 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: kiali + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Kiali Internal Metrics + items: + - chart: + name: "API processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_api_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "route" + displayName: "Route" + - chart: + name: "Functions processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_go_function_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" + - chart: + name: "Failures" + spans: 12 + metricName: "kiali_go_function_failures_total" + dataType: "raw" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml new file mode 100755 index 000000000..e89e1200c --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml @@ -0,0 +1,42 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Pool Metrics + discoverOn: "jvm_buffer_total_capacity_bytes" + items: + - chart: + name: "Pool buffer memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer capacity" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_total_capacity_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer count" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_count" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml new file mode 100755 index 000000000..ab487dccc --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml @@ -0,0 +1,64 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live" + items: + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon" + dataType: "raw" + - chart: + name: "Loaded classes" + spans: 4 + metricName: "jvm_classes_loaded" + dataType: "raw" + + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml new file mode 100755 index 000000000..d7014951d --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.1-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live_threads" + items: + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live_threads" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon_threads" + dataType: "raw" + - chart: + name: "Threads states" + spans: 4 + metricName: "jvm_threads_states_threads" + dataType: "raw" + aggregations: + - label: "state" + displayName: "State" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/microprofile-1.1.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/microprofile-1.1.yaml new file mode 100755 index 000000000..c00446c10 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/microprofile-1.1.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-1.1 + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:thread_count" + items: + - chart: + name: "Current loaded classes" + spans: 6 + metricName: "base:classloader_current_loaded_class_count" + dataType: "raw" + - chart: + name: "Unloaded classes" + spans: 6 + metricName: "base:classloader_total_unloaded_class_count" + dataType: "raw" + - chart: + name: "Thread count" + spans: 4 + metricName: "base:thread_count" + dataType: "raw" + - chart: + name: "Thread max count" + spans: 4 + metricName: "base:thread_max_count" + dataType: "raw" + - chart: + name: "Thread daemon count" + spans: 4 + metricName: "base:thread_daemon_count" + dataType: "raw" + - chart: + name: "Committed heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_committed_heap_bytes" + dataType: "raw" + - chart: + name: "Max heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_max_heap_bytes" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_used_heap_bytes" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/microprofile-x.y.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/microprofile-x.y.yaml new file mode 100755 index 000000000..d15f527d9 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/microprofile-x.y.yaml @@ -0,0 +1,37 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-x.y + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:gc_complete_scavenger_count" + items: + - chart: + name: "Young GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_young_generation_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Young GC count" + spans: 3 + metricName: "base:gc_young_generation_scavenger_count" + dataType: "raw" + - chart: + name: "Total GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_complete_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Total GC count" + spans: 3 + metricName: "base:gc_complete_scavenger_count" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/nodejs.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/nodejs.yaml new file mode 100755 index 000000000..d772a16c0 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/nodejs.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: nodejs + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Node.js + title: Node.js Metrics + discoverOn: "nodejs_active_handles_total" + items: + - chart: + name: "Active handles" + spans: 4 + metricName: "nodejs_active_handles_total" + dataType: "raw" + - chart: + name: "Active requests" + spans: 4 + metricName: "nodejs_active_requests_total" + dataType: "raw" + - chart: + name: "Event loop lag" + unit: "seconds" + spans: 4 + metricName: "nodejs_eventloop_lag_seconds" + dataType: "raw" + - chart: + name: "Total heap size" + unit: "bytes" + spans: 12 + metricName: "nodejs_heap_space_size_total_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Used heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_used_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Available heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_available_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/quarkus.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/quarkus.yaml new file mode 100755 index 000000000..4fc3e9ac0 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/quarkus.yaml @@ -0,0 +1,32 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: quarkus + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Quarkus Metrics + runtime: Quarkus + items: + - chart: + name: "Thread count" + spans: 4 + metricName: "vendor:thread_count" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_heap_usage_bytes" + dataType: "raw" + - chart: + name: "Used non-heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_non_heap_usage_bytes" + dataType: "raw" + - include: "microprofile-x.y" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml new file mode 100755 index 000000000..2ff4ae576 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Pool Metrics + items: + - include: "micrometer-1.0.6-jvm-pool" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/springboot-jvm.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/springboot-jvm.yaml new file mode 100755 index 000000000..8bd43055b --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/springboot-jvm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Metrics + items: + - include: "micrometer-1.0.6-jvm" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/springboot-tomcat.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/springboot-tomcat.yaml new file mode 100755 index 000000000..4b27aee4f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/springboot-tomcat.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-tomcat + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: Tomcat Metrics + items: + - include: "tomcat" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/thorntail.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/thorntail.yaml new file mode 100755 index 000000000..513488df4 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/thorntail.yaml @@ -0,0 +1,21 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: thorntail + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Thorntail + title: Thorntail Metrics + discoverOn: "vendor:loaded_modules" + items: + - include: "microprofile-1.1" + - chart: + name: "Loaded modules" + spans: 6 + metricName: "vendor:loaded_modules" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/tomcat.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/tomcat.yaml new file mode 100755 index 000000000..28fd7f1cc --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/tomcat.yaml @@ -0,0 +1,66 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: tomcat + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Tomcat + title: Tomcat Metrics + discoverOn: "tomcat_sessions_created_total" + items: + - chart: + name: "Sessions created" + spans: 4 + metricName: "tomcat_sessions_created_total" + dataType: "raw" + - chart: + name: "Active sessions" + spans: 4 + metricName: "tomcat_sessions_active_current" + dataType: "raw" + - chart: + name: "Sessions rejected" + spans: 4 + metricName: "tomcat_sessions_rejected_total" + dataType: "raw" + + - chart: + name: "Bytes sent" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_sent_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Bytes received" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_received_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + + - chart: + name: "Global errors" + spans: 6 + metricName: "tomcat_global_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Servlet errors" + spans: 6 + metricName: "tomcat_servlet_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/vertx-client.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/vertx-client.yaml new file mode 100755 index 000000000..17392d87f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/vertx-client.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-client + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Client Metrics + discoverOn: "vertx_http_client_connections" + items: + - chart: + name: "Client response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_client_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_client_requestCount_total" + dataType: "rate" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client active connections" + spans: 6 + metricName: "vertx_http_client_connections" + dataType: "raw" + - chart: + name: "Client active websockets" + spans: 6 + metricName: "vertx_http_client_wsConnections" + dataType: "raw" + - chart: + name: "Client bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesSent" + dataType: "histogram" + - chart: + name: "Client bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/vertx-eventbus.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/vertx-eventbus.yaml new file mode 100755 index 000000000..fa659b55c --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/vertx-eventbus.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-eventbus + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Eventbus Metrics + discoverOn: "vertx_eventbus_handlers" + items: + - chart: + name: "Event bus handlers" + spans: 6 + metricName: "vertx_eventbus_handlers" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus pending messages" + spans: 6 + metricName: "vertx_eventbus_pending" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus processing time" + unit: "seconds" + spans: 6 + metricName: "vertx_eventbus_processingTime_seconds" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes read" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesRead" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes written" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesWritten" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/vertx-jvm.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/vertx-jvm.yaml new file mode 100755 index 000000000..ac03ea2e0 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/vertx-jvm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: JVM Metrics + items: + - include: "micrometer-1.1-jvm" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/vertx-pool.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/vertx-pool.yaml new file mode 100755 index 000000000..3715e9c10 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/vertx-pool.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Pools Metrics + discoverOn: "vertx_pool_ratio" + items: + - chart: + name: "Usage duration" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_usage_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Usage ratio" + spans: 6 + metricName: "vertx_pool_ratio" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Queue size" + spans: 6 + metricName: "vertx_pool_queue_size" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Time in queue" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_queue_delay_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Resources used" + spans: 6 + metricName: "vertx_pool_inUse" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/vertx-server.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/vertx-server.yaml new file mode 100755 index 000000000..686295468 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/dashboards/vertx-server.yaml @@ -0,0 +1,61 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-server + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Server Metrics + discoverOn: "vertx_http_server_connections" + items: + - chart: + name: "Server response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_server_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_server_requestCount_total" + dataType: "rate" + aggregations: + - label: "code" + displayName: "Error code" + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server active connections" + spans: 6 + metricName: "vertx_http_server_connections" + dataType: "raw" + - chart: + name: "Server active websockets" + spans: 6 + metricName: "vertx_http_server_wsConnections" + dataType: "raw" + - chart: + name: "Server bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesSent" + dataType: "histogram" + - chart: + name: "Server bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/deployment.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/deployment.yaml new file mode 100755 index 000000000..de5ae7ebe --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/deployment.yaml @@ -0,0 +1,174 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.deployment.replicas }} + selector: + matchLabels: + {{- include "kiali-server.selectorLabels" . | nindent 6 }} + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 8 }} + {{- if .Values.deployment.pod_labels }} + {{- toYaml .Values.deployment.pod_labels | nindent 8 }} + {{- end }} + annotations: + {{- if .Values.server.metrics_enabled }} + prometheus.io/scrape: "true" + prometheus.io/port: {{ .Values.server.metrics_port | quote }} + {{- else }} + prometheus.io/scrape: "false" + prometheus.io/port: null + {{- end }} + kiali.io/runtimes: go,kiali + {{- if .Values.deployment.pod_annotations }} + {{- toYaml .Values.deployment.pod_annotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "kiali-server.fullname" . }} + {{- if .Values.deployment.priority_class_name }} + priorityClassName: {{ .Values.deployment.priority_class_name | quote }} + {{- end }} + {{- if .Values.deployment.image_pull_secrets }} + imagePullSecrets: + {{- range .Values.deployment.image_pull_secrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}:{{ .Values.deployment.tag }}" + imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }} + name: {{ include "kiali-server.fullname" . }} + command: + - "/opt/kiali/kiali" + - "-config" + - "/kiali-configuration/config.yaml" + ports: + - name: api-port + containerPort: {{ .Values.server.port | default 20001 }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + containerPort: {{ .Values.server.metrics_port | default 9090 }} + {{- end }} + readinessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + livenessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + env: + - name: ACTIVE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LOG_LEVEL + value: "{{ include "kiali-server.logLevel" . }}" + - name: LOG_FORMAT + value: "{{ .Values.deployment.logger.log_format }}" + - name: LOG_TIME_FIELD_FORMAT + value: "{{ .Values.deployment.logger.time_field_format }}" + - name: LOG_SAMPLER_RATE + value: "{{ .Values.deployment.logger.sampler_rate }}" + volumeMounts: + {{- if .Values.web_root_override }} + - name: kiali-console + subPath: env.js + mountPath: /opt/kiali/console/env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + mountPath: "/kiali-configuration" + - name: {{ include "kiali-server.fullname" . }}-cert + mountPath: "/kiali-cert" + - name: {{ include "kiali-server.fullname" . }}-secret + mountPath: "/kiali-secret" + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + mountPath: "/kiali-cabundle" + {{- end }} + {{- if .Values.deployment.resources }} + resources: + {{- toYaml .Values.deployment.resources | nindent 10 }} + {{- end }} + volumes: + {{- if .Values.web_root_override }} + - name: kiali-console + configMap: + name: kiali-console + items: + - key: env.js + path: env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + configMap: + name: {{ include "kiali-server.fullname" . }} + - name: {{ include "kiali-server.fullname" . }}-cert + secret: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + secretName: {{ include "kiali-server.fullname" . }}-cert-secret + {{- else }} + secretName: istio.{{ include "kiali-server.fullname" . }}-service-account + {{- end }} + {{- if not (include "kiali-server.identity.cert_file" .) }} + optional: true + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-secret + secret: + secretName: {{ .Values.deployment.secret_name }} + optional: true + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + configMap: + name: {{ include "kiali-server.fullname" . }}-cabundle + {{- end }} + {{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.pod) (.Values.deployment.pod_anti)) }} + affinity: + {{- if .Values.deployment.affinity.node }} + nodeAffinity: + {{- toYaml .Values.deployment.affinity.node | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod }} + podAffinity: + {{- toYaml .Values.deployment.affinity.pod | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod_anti }} + podAntiAffinity: + {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }} + {{- end }} + {{- end }} + {{- if .Values.deployment.tolerations }} + tolerations: + {{- toYaml .Values.deployment.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.deployment.node_selector }} + nodeSelector: + {{- toYaml .Values.deployment.node_selector | nindent 8 }} + {{- end }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/hpa.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/hpa.yaml new file mode 100755 index 000000000..934c4c1e9 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/hpa.yaml @@ -0,0 +1,17 @@ +{{- if .Values.deployment.hpa.spec }} +--- +apiVersion: {{ .Values.deployment.hpa.api_version }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "kiali-server.fullname" . }} + {{- toYaml .Values.deployment.hpa.spec | nindent 2 }} +... +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/ingress.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/ingress.yaml new file mode 100755 index 000000000..e4c98db1b --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/ingress.yaml @@ -0,0 +1,40 @@ +{{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} +{{- if .Values.deployment.ingress_enabled }} +--- +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }} + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- else }} + # For ingress-nginx versions older than 0.20.0 use secure-backends. + # (see: https://github.com/kubernetes/ingress-nginx/issues/3416#issuecomment-438247948) + # For ingress-nginx versions 0.20.0 and later use backend-protocol. + {{- if (include "kiali-server.identity.cert_file" .) }} + nginx.ingress.kubernetes.io/secure-backends: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + {{- else }} + nginx.ingress.kubernetes.io/secure-backends: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + {{- end }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + rules: + - http: + paths: + - path: {{ include "kiali-server.server.web_root" . }} + backend: + serviceName: {{ include "kiali-server.fullname" . }} + servicePort: {{ .Values.server.port }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/oauth.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/oauth.yaml new file mode 100755 index 000000000..a178bb85e --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/oauth.yaml @@ -0,0 +1,17 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.kiali_route_url }} +--- +apiVersion: oauth.openshift.io/v1 +kind: OAuthClient +metadata: + name: {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +redirectURIs: +- {{ .Values.kiali_route_url }} +grantMethod: auto +allowAnyScope: true +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/role-controlplane.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/role-controlplane.yaml new file mode 100755 index 000000000..a22c76756 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/role-controlplane.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - secrets + verbs: + - list +... diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/role-viewer.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/role-viewer.yaml new file mode 100755 index 000000000..a496c0828 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/role-viewer.yaml @@ -0,0 +1,96 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }}-viewer + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - pods/proxy + - replicationcontrollers + - services + verbs: + - get + - list + - watch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - get + - list + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - get + - list +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/role.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/role.yaml new file mode 100755 index 000000000..bd51e8d5e --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/role.yaml @@ -0,0 +1,107 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - pods/proxy + - replicationcontrollers + - services + verbs: + - get + - list + - patch + - watch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - patch + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - patch + - watch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - patch + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/rolebinding-controlplane.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/rolebinding-controlplane.yaml new file mode 100755 index 000000000..fcd8fd579 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/rolebinding-controlplane.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kiali-controlplane +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/rolebinding.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/rolebinding.yaml new file mode 100755 index 000000000..1eaabd65f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + {{- if .Values.deployment.view_only_mode }} + name: {{ include "kiali-server.fullname" . }}-viewer + {{- else }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/route.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/route.yaml new file mode 100755 index 000000000..27940dc96 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/route.yaml @@ -0,0 +1,30 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.deployment.ingress_enabled }} +# As of OpenShift 4.5, need to use --disable-openapi-validation when installing via Helm +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}} + annotations: + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + tls: + termination: reencrypt + insecureEdgeTerminationPolicy: Redirect + to: + kind: Service + targetPort: {{ .Values.server.port }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/service.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/service.yaml new file mode 100755 index 000000000..69dc395d1 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/service.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + service.beta.openshift.io/serving-cert-secret-name: {{ include "kiali-server.fullname" . }}-cert-secret + {{- end }} + kiali.io/api-spec: https://kiali.io/api + kiali.io/api-type: rest + {{- if .Values.deployment.service_annotations }} + {{- toYaml .Values.deployment.service_annotations | nindent 4 }} + {{- end }} +spec: + {{- if .Values.deployment.service_type }} + type: {{ .Values.deployment.service_type }} + {{- end }} + ports: + {{- if (include "kiali-server.identity.cert_file" .) }} + - name: tcp + {{- else }} + - name: http + {{- end }} + protocol: TCP + port: {{ .Values.server.port }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + protocol: TCP + port: {{ .Values.server.metrics_port }} + {{- end }} + selector: + {{- include "kiali-server.selectorLabels" . | nindent 4 }} + {{- if .Values.deployment.additional_service_yaml }} + {{- toYaml .Values.deployment.additional_service_yaml | nindent 2 }} + {{- end }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/serviceaccount.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/serviceaccount.yaml new file mode 100755 index 000000000..9151b6f6a --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/serviceaccount.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +... diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/validate-install-crd.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/validate-install-crd.yaml new file mode 100755 index 000000000..b42eeb266 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/validate-install-crd.yaml @@ -0,0 +1,14 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "monitoring.kiali.io/v1alpha1/MonitoringDashboard" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/web-root-configmap.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/web-root-configmap.yaml new file mode 100755 index 000000000..970d4e4f5 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/templates/web-root-configmap.yaml @@ -0,0 +1,12 @@ +{{- if .Values.web_root_override }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: kiali-console + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + env.js: | + window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:kiali:20001/proxy/kiali'; +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/values.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/values.yaml new file mode 100755 index 000000000..46d703c18 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/kiali/values.yaml @@ -0,0 +1,91 @@ +nameOverride: "kiali" +fullnameOverride: "kiali" + +# This is required for "openshift" auth strategy. +# You have to know ahead of time what your Route URL will be because +# right now the helm chart can't figure this out at runtime (it would +# need to wait for the Kiali Route to be deployed and for OpenShift +# to start it up). If someone knows how to update this helm chart to +# do this, a PR would be welcome. +kiali_route_url: "" + +# rancher specific override that allows proxy access to kiali url +web_root_override: true + +# +# Settings that mimic the Kiali CR which are placed in the ConfigMap. +# Note that only those values used by the Helm Chart will be here. +# + +istio_namespace: "" # default is where Kiali is installed + +auth: + openid: {} + openshift: {} + strategy: "" + +deployment: + # This only limits what Kiali will attempt to see, but Kiali Service Account has permissions to see everything. + # For more control over what the Kial Service Account can see, use the Kiali Operator + accessible_namespaces: + - "**" + additional_service_yaml: {} + affinity: + node: {} + pod: {} + pod_anti: {} + custom_dashboards: + excludes: [''] + includes: ['*'] + hpa: + api_version: "autoscaling/v2beta2" + spec: {} + repository: rancher/mirrored-kiali-kiali + image_pull_policy: "Always" + image_pull_secrets: [] + tag: v1.29.0 + ingress_enabled: true + logger: + log_format: "text" + log_level: "info" + time_field_format: "2006-01-02T15:04:05Z07:00" + sampler_rate: "1" + node_selector: {} + override_ingress_yaml: + metadata: {} + pod_annotations: {} + pod_labels: {} + priority_class_name: "" + replicas: 1 + resources: {} + secret_name: "kiali" + service_annotations: {} + service_type: "" + tolerations: [] + version_label: v1.29.0 + view_only_mode: false + +external_services: + custom_dashboards: + enabled: true + +identity: {} + #cert_file: + #private_key_file: + +login_token: + signing_key: "" + +server: + port: 20001 + metrics_enabled: true + metrics_port: 9090 + web_root: "" + +# Common settings used among istio subcharts. +global: + # Specify rancher clusterId of external tracing config + # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 + cattle: + systemDefaultRegistry: "" + clusterId: diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/.helmignore b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/Chart.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/Chart.yaml new file mode 100755 index 000000000..bae6dfa47 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/Chart.yaml @@ -0,0 +1,12 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: istio-system + catalog.rancher.io/release-name: rancher-tracing +apiVersion: v1 +appVersion: 1.20.0 +description: A quick start Jaeger Tracing installation using the all-in-one demo. + This is not production qualified. Refer to https://www.jaegertracing.io/ for details. +name: tracing +version: 1.20.0 diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/README.md b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/README.md new file mode 100755 index 000000000..25534c628 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/README.md @@ -0,0 +1,5 @@ +# Jaeger + +A Rancher chart based on the Jaeger all-in-one quick installation option. This chart will allow you to trace and monitor distributed microservices. + +> **Note:** The basic all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io) documentation to determine which installation you will need for your production needs. diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/templates/_affinity.tpl b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/templates/_affinity.tpl new file mode 100755 index 000000000..bf6a9aee5 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/templates/_affinity.tpl @@ -0,0 +1,92 @@ +{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} +{{- define "nodeAffinity" }} + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + {{- include "nodeAffinityRequiredDuringScheduling" . }} + preferredDuringSchedulingIgnoredDuringExecution: + {{- include "nodeAffinityPreferredDuringScheduling" . }} +{{- end }} + +{{- define "nodeAffinityRequiredDuringScheduling" }} + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + {{- range $key, $val := .Values.global.arch }} + {{- if gt ($val | int) 0 }} + - {{ $key | quote }} + {{- end }} + {{- end }} + {{- $nodeSelector := default .Values.global.defaultNodeSelector .Values.nodeSelector -}} + {{- range $key, $val := $nodeSelector }} + - key: {{ $key }} + operator: In + values: + - {{ $val | quote }} + {{- end }} +{{- end }} + +{{- define "nodeAffinityPreferredDuringScheduling" }} + {{- range $key, $val := .Values.global.arch }} + {{- if gt ($val | int) 0 }} + - weight: {{ $val | int }} + preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - {{ $key | quote }} + {{- end }} + {{- end }} +{{- end }} + +{{- define "podAntiAffinity" }} +{{- if or .Values.podAntiAffinityLabelSelector .Values.podAntiAffinityTermLabelSelector}} + podAntiAffinity: + {{- if .Values.podAntiAffinityLabelSelector }} + requiredDuringSchedulingIgnoredDuringExecution: + {{- include "podAntiAffinityRequiredDuringScheduling" . }} + {{- end }} + {{- if or .Values.podAntiAffinityTermLabelSelector}} + preferredDuringSchedulingIgnoredDuringExecution: + {{- include "podAntiAffinityPreferredDuringScheduling" . }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "podAntiAffinityRequiredDuringScheduling" }} + {{- range $index, $item := .Values.podAntiAffinityLabelSelector }} + - labelSelector: + matchExpressions: + - key: {{ $item.key }} + operator: {{ $item.operator }} + {{- if $item.values }} + values: + {{- $vals := split "," $item.values }} + {{- range $i, $v := $vals }} + - {{ $v | quote }} + {{- end }} + {{- end }} + topologyKey: {{ $item.topologyKey }} + {{- end }} +{{- end }} + +{{- define "podAntiAffinityPreferredDuringScheduling" }} + {{- range $index, $item := .Values.podAntiAffinityTermLabelSelector }} + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: {{ $item.key }} + operator: {{ $item.operator }} + {{- if $item.values }} + values: + {{- $vals := split "," $item.values }} + {{- range $i, $v := $vals }} + - {{ $v | quote }} + {{- end }} + {{- end }} + topologyKey: {{ $item.topologyKey }} + weight: 100 + {{- end }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/templates/_helpers.tpl b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/templates/_helpers.tpl new file mode 100755 index 000000000..56cfa7335 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "tracing.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "tracing.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/templates/deployment.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/templates/deployment.yaml new file mode 100755 index 000000000..e7ecfadd8 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/templates/deployment.yaml @@ -0,0 +1,80 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + selector: + matchLabels: + app: {{ .Values.provider }} + template: + metadata: + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + annotations: + sidecar.istio.io/inject: "false" + prometheus.io/scrape: "true" + prometheus.io/port: "14269" +{{- if .Values.jaeger.podAnnotations }} +{{ toYaml .Values.jaeger.podAnnotations | indent 8 }} +{{- end }} + spec: + containers: + - name: jaeger + image: "{{ template "system_default_registry" . }}{{ .Values.jaeger.repository }}:{{ .Values.jaeger.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + env: + {{- if eq .Values.jaeger.spanStorageType "badger" }} + - name: BADGER_EPHEMERAL + value: "false" + - name: SPAN_STORAGE_TYPE + value: "badger" + - name: BADGER_DIRECTORY_VALUE + value: "/badger/data" + - name: BADGER_DIRECTORY_KEY + value: "/badger/key" + {{- end }} + - name: COLLECTOR_ZIPKIN_HTTP_PORT + value: "9411" + - name: MEMORY_MAX_TRACES + value: "{{ .Values.jaeger.memory.max_traces }}" + - name: QUERY_BASE_PATH + value: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} + livenessProbe: + httpGet: + path: / + port: 14269 + readinessProbe: + httpGet: + path: / + port: 14269 +{{- if eq .Values.jaeger.spanStorageType "badger" }} + volumeMounts: + - name: data + mountPath: /badger +{{- end }} + resources: +{{- if .Values.jaeger.resources }} +{{ toYaml .Values.jaeger.resources | indent 12 }} +{{- else }} +{{ toYaml .Values.global.defaultResources | indent 12 }} +{{- end }} + affinity: + {{- include "nodeAffinity" . | indent 6 }} + {{- include "podAntiAffinity" . | indent 6 }} +{{- if eq .Values.jaeger.spanStorageType "badger" }} + volumes: + - name: data +{{- if .Values.jaeger.persistentVolumeClaim.enabled }} + persistentVolumeClaim: + claimName: istio-jaeger-pvc +{{- else }} + emptyDir: {} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/templates/pvc.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/templates/pvc.yaml new file mode 100755 index 000000000..9b4c55e4f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/templates/pvc.yaml @@ -0,0 +1,16 @@ +{{- if .Values.jaeger.persistentVolumeClaim.enabled }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: istio-jaeger-pvc + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} +spec: + storageClassName: {{ .Values.jaeger.storageClassName }} + accessModes: + - {{ .Values.jaeger.accessMode }} + resources: + requests: + storage: {{.Values.jaeger.persistentVolumeClaim.storage }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/templates/service.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/templates/service.yaml new file mode 100755 index 000000000..4210a9b5f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/templates/service.yaml @@ -0,0 +1,63 @@ +apiVersion: v1 +kind: Service +metadata: + name: tracing + namespace: {{ .Release.Namespace }} + annotations: + {{- range $key, $val := .Values.service.annotations }} + {{ $key }}: {{ $val | quote }} + {{- end }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + type: {{ .Values.service.type }} + ports: + - name: {{ .Values.service.name }} + port: {{ .Values.service.externalPort }} + protocol: TCP + targetPort: 16686 + selector: + app: {{ .Values.provider }} +--- +# Jaeger implements the Zipkin API. To support swapping out the tracing backend, we use a Service named Zipkin. +apiVersion: v1 +kind: Service +metadata: + name: zipkin + namespace: {{ .Release.Namespace }} + labels: + name: zipkin + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + ports: + - name: {{ .Values.service.name }} + port: {{ .Values.zipkin.queryPort }} + targetPort: {{ .Values.zipkin.queryPort }} + selector: + app: {{ .Values.provider }} +--- +apiVersion: v1 +kind: Service +metadata: + name: jaeger-collector + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + type: ClusterIP + ports: + - name: jaeger-collector-http + port: 14268 + targetPort: 14268 + protocol: TCP + - name: jaeger-collector-grpc + port: 14250 + targetPort: 14250 + protocol: TCP + selector: + app: {{ .Values.provider }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/values.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/values.yaml new file mode 100755 index 000000000..cae26c748 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/charts/tracing/values.yaml @@ -0,0 +1,42 @@ +provider: jaeger +contextPath: "" +nodeSelector: {} +podAntiAffinityLabelSelector: [] +podAntiAffinityTermLabelSelector: [] +nameOverride: "" +fullnameOverride: "" + +global: + cattle: + systemDefaultRegistry: "" + defaultResources: {} + imagePullPolicy: IfNotPresent + imagePullSecrets: [] + arch: + amd64: 2 + s390x: 2 + ppc64le: 2 + defaultNodeSelector: {} + +jaeger: + repository: rancher/mirrored-jaegertracing-all-in-one + tag: 1.20.0 + # spanStorageType value can be "memory" and "badger" for all-in-one image + spanStorageType: badger + resources: + requests: + cpu: 10m + persistentVolumeClaim: + enabled: false + storage: 5Gi + storageClassName: "" + accessMode: ReadWriteMany + memory: + max_traces: 50000 +zipkin: + queryPort: 9411 +service: + annotations: {} + name: http-query + type: ClusterIP + externalPort: 16686 diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/configs/istio-base.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/configs/istio-base.yaml new file mode 100755 index 000000000..c484f5988 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/configs/istio-base.yaml @@ -0,0 +1,85 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + addonComponents: + istiocoredns: + enabled: {{ .Values.istiocoredns.enabled }} + components: + base: + enabled: {{ .Values.base.enabled }} + cni: + enabled: {{ .Values.cni.enabled }} + egressGateways: + - enabled: {{ .Values.egressGateways.enabled }} + name: istio-egressgateway + ingressGateways: + - enabled: {{ .Values.ingressGateways.enabled }} + name: istio-ingressgateway + k8s: + service: + ports: + - name: status-port + port: 15021 + targetPort: 15021 + - name: http2 + port: 80 + targetPort: 8080 + nodePort: 31380 + - name: https + port: 443 + targetPort: 8443 + nodePort: 31390 + - name: tcp + port: 31400 + targetPort: 31400 + nodePort: 31400 + - name: tls + port: 15443 + targetPort: 15443 + istiodRemote: + enabled: {{ .Values.istiodRemote.enabled }} + pilot: + enabled: {{ .Values.pilot.enabled }} + hub: {{ .Values.systemDefaultRegistry | default "docker.io" }} + profile: default + tag: {{ .Values.tag }} + revision: {{ .Values.revision }} + meshConfig: + enablePrometheusMerge: {{ .Values.meshConfig.enablePrometheusMerge }} + values: + gateways: + istio-egressgateway: + name: istio-egressgateway + type: {{ .Values.egressGateways.type }} + istio-ingressgateway: + name: istio-ingressgateway + type: {{ .Values.ingressGateways.type }} + global: + istioNamespace: {{ template "istio.namespace" . }} + proxy: + image: {{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }} + proxy_init: + image: {{ template "system_default_registry" . }}{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }} + {{- if .Values.global.defaultPodDisruptionBudget.enabled }} + defaultPodDisruptionBudget: + enabled: {{ .Values.global.defaultPodDisruptionBudget.enabled }} + {{- end }} + istiocoredns: + coreDNSImage: {{ template "system_default_registry" . }}{{ .Values.istiocoredns.image.repository }} + coreDNSPluginImage: {{ template "system_default_registry" . }}{{ .Values.istiocoredns.pluginImage.repository }}:{{ .Values.istiocoredns.pluginImage.tag }} + coreDNSTag: {{ .Values.istiocoredns.image.tag }} + {{- if .Values.pilot.enabled }} + pilot: + image: {{ template "system_default_registry" . }}{{ .Values.pilot.repository }}:{{ .Values.pilot.tag }} + {{- end }} + telemetry: + enabled: {{ .Values.telemetry.enabled }} + v2: + enabled: {{ .Values.telemetry.v2.enabled }} + {{- if .Values.cni.enabled }} + cni: + image: {{ template "system_default_registry" . }}{{ .Values.cni.repository }}:{{ .Values.cni.tag }} + excludeNamespaces: + {{- toYaml .Values.cni.excludeNamespaces | nindent 8 }} + logLevel: {{ .Values.cni.logLevel }} + {{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/requirements.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/requirements.yaml new file mode 100755 index 000000000..b60745780 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/requirements.yaml @@ -0,0 +1,17 @@ +dependencies: +- name: kiali + version: "" + repository: file://./charts/kiali + condition: kiali.enabled + tags: [] + enabled: false + importvalues: [] + alias: "" +- name: tracing + version: "" + repository: file://./charts/tracing + condition: tracing.enabled + tags: [] + enabled: false + importvalues: [] + alias: "" diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/samples/overlay-example.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/samples/overlay-example.yaml new file mode 100755 index 000000000..5cf3cf3b0 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/samples/overlay-example.yaml @@ -0,0 +1,37 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + components: + ingressGateways: + - enabled: true + name: ilb-gateway + namespace: user-ingressgateway-ns + k8s: + resources: + requests: + cpu: 200m + service: + ports: + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns + port: 5353 + serviceAnnotations: + cloud.google.com/load-balancer-type: internal + - enabled: true + name: other-gateway + namespace: cattle-istio-system + k8s: + resources: + requests: + cpu: 200m + service: + ports: + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns + port: 5353 + serviceAnnotations: + cloud.google.com/load-balancer-type: internal diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/templates/_helpers.tpl b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/_helpers.tpl new file mode 100755 index 000000000..3f7af953a --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/_helpers.tpl @@ -0,0 +1,12 @@ +{{/* Ensure namespace is set the same everywhere */}} +{{- define "istio.namespace" -}} + {{- .Release.Namespace | default "istio-system" -}} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/templates/admin-role.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/admin-role.yaml new file mode 100755 index 000000000..ad1313c4f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/admin-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + name: istio-admin + namespace: {{ template "istio.namespace" . }} +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: + - '*' + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: + - '*' diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/templates/base-config-map.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/base-config-map.yaml new file mode 100755 index 000000000..5323917bc --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/base-config-map.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-installer-base + namespace: {{ template "istio.namespace" . }} +data: +{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/templates/clusterrole.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/clusterrole.yaml new file mode 100755 index 000000000..3e621d897 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/clusterrole.yaml @@ -0,0 +1,112 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istio-installer +rules: +# istio groups +- apiGroups: + - authentication.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - config.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - install.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - rbac.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - security.istio.io + resources: + - '*' + verbs: + - '*' +# k8s groups +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions.apiextensions.k8s.io + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - apps + - extensions + resources: + - daemonsets + - deployments + - deployments/finalizers + - ingresses + - replicasets + - statefulsets + verbs: + - '*' +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - '*' +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - roles + - rolebindings + verbs: + - '*' +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - namespaces + - pods + - pods/exec + - persistentvolumeclaims + - secrets + - services + - serviceaccounts + verbs: + - '*' diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/templates/clusterrolebinding.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..9d74a0434 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: istio-installer +subjects: +- kind: ServiceAccount + name: istio-installer + namespace: {{ template "istio.namespace" . }} +roleRef: + kind: ClusterRole + name: istio-installer + apiGroup: rbac.authorization.k8s.io diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/templates/edit-role.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/edit-role.yaml new file mode 100755 index 000000000..d1059d58d --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/edit-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + namespace: {{ template "istio.namespace" . }} + name: istio-edit +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: + - '*' + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: + - '*' diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/templates/istio-install-job.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/istio-install-job.yaml new file mode 100755 index 000000000..0e9c732e1 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/istio-install-job.yaml @@ -0,0 +1,45 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: istioctl-installer + namespace: {{ template "istio.namespace" . }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + backoffLimit: 1 + template: + spec: + containers: + - name: istioctl-installer + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} + env: + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: ISTIO_NAMESPACE + value: {{ template "istio.namespace" . }} + - name: FORCE_INSTALL + value: {{ .Values.forceInstall | default "false" | quote }} + command: ["/bin/sh","-c"] + args: ["/usr/local/app/scripts/run.sh"] + volumeMounts: + - name: config-volume + mountPath: /app/istio-base.yaml + subPath: istio-base.yaml + {{- if .Values.overlayFile }} + - name: overlay-volume + mountPath: /app/overlay-config.yaml + subPath: overlay-config.yaml + {{- end }} + volumes: + - name: config-volume + configMap: + name: istio-installer-base + {{- if .Values.overlayFile }} + - name: overlay-volume + configMap: + name: istio-installer-overlay + {{- end }} + serviceAccountName: istio-installer + restartPolicy: Never diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/templates/istio-uninstall-job.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/istio-uninstall-job.yaml new file mode 100755 index 000000000..b5946e55f --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/istio-uninstall-job.yaml @@ -0,0 +1,42 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: istioctl-uninstaller + namespace: {{ template "istio.namespace" . }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + spec: + containers: + - name: istioctl-uninstaller + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} + env: + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: ISTIO_NAMESPACE + value: {{ template "istio.namespace" . }} + command: ["/bin/sh","-c"] + args: ["/usr/local/app/scripts/uninstall_istio_system.sh"] + volumeMounts: + - name: config-volume + mountPath: /app/istio-base.yaml + subPath: istio-base.yaml + {{- if .Values.overlayFile }} + - name: overlay-volume + mountPath: /app/overlay-config.yaml + subPath: overlay-config.yaml + {{ end }} + volumes: + - name: config-volume + configMap: + name: istio-installer-base + {{- if .Values.overlayFile }} + - name: overlay-volume + configMap: + name: istio-installer-overlay + {{ end }} + serviceAccountName: istio-installer + restartPolicy: OnFailure diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/templates/overlay-config-map.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/overlay-config-map.yaml new file mode 100755 index 000000000..287d26b2c --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/overlay-config-map.yaml @@ -0,0 +1,9 @@ +{{- if .Values.overlayFile }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-installer-overlay + namespace: {{ template "istio.namespace" . }} +data: + overlay-config.yaml: {{ toYaml .Values.overlayFile | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/templates/service-monitors.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/service-monitors.yaml new file mode 100755 index 000000000..c3d60c4fc --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/service-monitors.yaml @@ -0,0 +1,51 @@ +{{- if .Values.kiali.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: envoy-stats-monitor + namespace: {{ template "istio.namespace" . }} + labels: + monitoring: istio-proxies +spec: + selector: + matchExpressions: + - {key: istio-prometheus-ignore, operator: DoesNotExist} + namespaceSelector: + any: true + jobLabel: envoy-stats + endpoints: + - path: /stats/prometheus + targetPort: 15090 + interval: 15s + relabelings: + - sourceLabels: [__meta_kubernetes_pod_container_port_name] + action: keep + regex: '.*-envoy-prom' + - action: labeldrop + regex: "__meta_kubernetes_pod_label_(.+)" + - sourceLabels: [__meta_kubernetes_namespace] + action: replace + targetLabel: namespace + - sourceLabels: [__meta_kubernetes_pod_name] + action: replace + targetLabel: pod_name +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: istio-component-monitor + namespace: {{ template "istio.namespace" . }} + labels: + monitoring: istio-components +spec: + jobLabel: istio + targetLabels: [app] + selector: + matchExpressions: + - {key: istio, operator: In, values: [pilot]} + namespaceSelector: + any: true + endpoints: + - port: http-monitoring + interval: 15s +{{- end -}} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/templates/serviceaccount.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/serviceaccount.yaml new file mode 100755 index 000000000..82b6cbb7e --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: istio-installer + namespace: {{ template "istio.namespace" . }} diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/templates/view-role.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/view-role.yaml new file mode 100755 index 000000000..5947d3eba --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/templates/view-role.yaml @@ -0,0 +1,41 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + namespace: {{ template "istio.namespace" . }} + name: istio-view +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: ["get", "watch", "list"] + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: ["get", "watch", "list"] diff --git a/released/charts/rancher-istio/rancher-istio/1.8.300/values.yaml b/released/charts/rancher-istio/rancher-istio/1.8.300/values.yaml new file mode 100755 index 000000000..653572f03 --- /dev/null +++ b/released/charts/rancher-istio/rancher-istio/1.8.300/values.yaml @@ -0,0 +1,92 @@ +overlayFile: "" +tag: 1.8.3 +##Setting forceInstall: true will remove the check for istio version < 1.6.x and will not analyze your install cluster prior to install +forceInstall: false + +installer: + repository: rancher/istio-installer + tag: 1.8.3-rancher1 + +istiocoredns: + enabled: false + image: + repository: rancher/mirrored-coredns-coredns + tag: 1.6.2 + pluginImage: + repository: rancher/mirrored-istio-coredns-plugin + tag: 0.2-istio-1.1 + +base: + enabled: true + +cni: + enabled: false + repository: rancher/mirrored-istio-install-cni + tag: 1.8.3 + logLevel: info + excludeNamespaces: + - istio-system + - kube-system + +egressGateways: + enabled: false + type: NodePort + +ingressGateways: + enabled: true + type: NodePort + +istiodRemote: + enabled: false + +pilot: + enabled: true + repository: rancher/mirrored-istio-pilot + tag: 1.8.3 + +telemetry: + enabled: true + v2: + enabled: true + +global: + cattle: + systemDefaultRegistry: "" + proxy: + repository: rancher/mirrored-istio-proxyv2 + tag: 1.8.3 + proxy_init: + repository: rancher/mirrored-istio-proxyv2 + tag: 1.8.3 + defaultPodDisruptionBudget: + enabled: true + +# this can be removed in 1.7 as it is default +meshConfig: + enablePrometheusMerge: true + +# Kiali subchart from rancher-kiali-server +kiali: + enabled: true + auth: + strategy: anonymous + deployment: + ingress_enabled: false + repository: rancher/mirrored-kiali-kiali + tag: v1.29.0 + external_services: + prometheus: + custom_metrics_url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" + url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" + tracing: + in_cluster_url: "http://tracing.istio-system.svc:16686/jaeger" + grafana: + in_cluster_url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80" + url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80" + +tracing: + enabled: false + contextPath: "/jaeger" + jaeger: + repository: rancher/mirrored-jaegertracing-all-in-one + tag: 1.20.0 diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.23.001/Chart.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.23.001/Chart.yaml new file mode 100644 index 000000000..445f3599d --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.23.001/Chart.yaml @@ -0,0 +1,7 @@ +annotations: + catalog.cattle.io/hidden: "true" +apiVersion: v2 +description: Installs the CRDs for rancher-kiali-server. +name: rancher-kiali-server-crd +type: application +version: 1.23.001 diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.23.001/README.md b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.23.001/README.md new file mode 100644 index 000000000..a5d564749 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.23.001/README.md @@ -0,0 +1,2 @@ +# rancher-kiali-server-crd +A Rancher chart that installs the CRDs used by [rancher-kiali-server](https://github.com/rancher/dev-charts/tree/master/packages/rancher-kiali-server). diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.23.001/templates/crds.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.23.001/templates/crds.yaml new file mode 100644 index 000000000..d14366ad5 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.23.001/templates/crds.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: monitoringdashboards.monitoring.kiali.io +spec: + group: monitoring.kiali.io + names: + kind: MonitoringDashboard + listKind: MonitoringDashboardList + plural: monitoringdashboards + singular: monitoringdashboard + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.001/Chart.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.001/Chart.yaml new file mode 100644 index 000000000..d3f2f682a --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.001/Chart.yaml @@ -0,0 +1,7 @@ +annotations: + catalog.cattle.io/hidden: "true" +apiVersion: v2 +description: Installs the CRDs for rancher-kiali-server. +name: rancher-kiali-server-crd +type: application +version: 1.24.001 diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.001/README.md b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.001/README.md new file mode 100644 index 000000000..3847c18a1 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.001/README.md @@ -0,0 +1,2 @@ +# rancher-kiali-server-crd +A Rancher chart that installs the CRDs used by rancher-kiali-server. diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.001/templates/crds.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.001/templates/crds.yaml new file mode 100644 index 000000000..d14366ad5 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.001/templates/crds.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: monitoringdashboards.monitoring.kiali.io +spec: + group: monitoring.kiali.io + names: + kind: MonitoringDashboard + listKind: MonitoringDashboardList + plural: monitoringdashboards + singular: monitoringdashboard + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.003/Chart.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.003/Chart.yaml new file mode 100644 index 000000000..e4dd7cdf5 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.003/Chart.yaml @@ -0,0 +1,7 @@ +annotations: + catalog.cattle.io/hidden: "true" +apiVersion: v2 +description: Installs the CRDs for rancher-kiali-server. +name: rancher-kiali-server-crd +type: application +version: 1.24.003 diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.003/README.md b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.003/README.md new file mode 100644 index 000000000..3847c18a1 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.003/README.md @@ -0,0 +1,2 @@ +# rancher-kiali-server-crd +A Rancher chart that installs the CRDs used by rancher-kiali-server. diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.003/templates/crds.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.003/templates/crds.yaml new file mode 100644 index 000000000..d14366ad5 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.24.003/templates/crds.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: monitoringdashboards.monitoring.kiali.io +spec: + group: monitoring.kiali.io + names: + kind: MonitoringDashboard + listKind: MonitoringDashboardList + plural: monitoringdashboards + singular: monitoringdashboard + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.000/Chart.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.000/Chart.yaml new file mode 100755 index 000000000..8dea63886 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.000/Chart.yaml @@ -0,0 +1,7 @@ +annotations: + catalog.cattle.io/hidden: "true" +apiVersion: v2 +description: Installs the CRDs for rancher-kiali-server. +name: rancher-kiali-server-crd +type: application +version: 1.29.000 diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.000/README.md b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.000/README.md new file mode 100755 index 000000000..3847c18a1 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.000/README.md @@ -0,0 +1,2 @@ +# rancher-kiali-server-crd +A Rancher chart that installs the CRDs used by rancher-kiali-server. diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.000/templates/crds.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.000/templates/crds.yaml new file mode 100755 index 000000000..d14366ad5 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.000/templates/crds.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: monitoringdashboards.monitoring.kiali.io +spec: + group: monitoring.kiali.io + names: + kind: MonitoringDashboard + listKind: MonitoringDashboardList + plural: monitoringdashboards + singular: monitoringdashboard + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.100/Chart.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.100/Chart.yaml new file mode 100755 index 000000000..d20de9142 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.100/Chart.yaml @@ -0,0 +1,7 @@ +annotations: + catalog.cattle.io/hidden: "true" +apiVersion: v2 +description: Installs the CRDs for rancher-kiali-server. +name: rancher-kiali-server-crd +type: application +version: 1.29.100 diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.100/README.md b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.100/README.md new file mode 100755 index 000000000..3847c18a1 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.100/README.md @@ -0,0 +1,2 @@ +# rancher-kiali-server-crd +A Rancher chart that installs the CRDs used by rancher-kiali-server. diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.100/templates/crds.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.100/templates/crds.yaml new file mode 100755 index 000000000..d14366ad5 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.29.100/templates/crds.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: monitoringdashboards.monitoring.kiali.io +spec: + group: monitoring.kiali.io + names: + kind: MonitoringDashboard + listKind: MonitoringDashboardList + plural: monitoringdashboards + singular: monitoringdashboard + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.32.100/Chart.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.32.100/Chart.yaml new file mode 100755 index 000000000..2ec92b491 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.32.100/Chart.yaml @@ -0,0 +1,7 @@ +annotations: + catalog.cattle.io/hidden: "true" +apiVersion: v2 +description: Installs the CRDs for rancher-kiali-server. +name: rancher-kiali-server-crd +type: application +version: 1.32.100 diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.32.100/README.md b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.32.100/README.md new file mode 100755 index 000000000..3847c18a1 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.32.100/README.md @@ -0,0 +1,2 @@ +# rancher-kiali-server-crd +A Rancher chart that installs the CRDs used by rancher-kiali-server. diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.32.100/templates/crds.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.32.100/templates/crds.yaml new file mode 100755 index 000000000..ae7c49349 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server-crd/1.32.100/templates/crds.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: monitoringdashboards.monitoring.kiali.io +spec: + group: monitoring.kiali.io + names: + kind: MonitoringDashboard + listKind: MonitoringDashboardList + plural: monitoringdashboards + singular: monitoringdashboard + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/Chart.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/Chart.yaml new file mode 100644 index 000000000..8083cf929 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/Chart.yaml @@ -0,0 +1,31 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=match + catalog.cattle.io/hidden: "true" + catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 + catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 + catalog.rancher.io/namespace: cattle-istio-system + catalog.rancher.io/release-name: rancher-kiali-server + catalog.cattle.io/os: linux +apiVersion: v2 +appVersion: v1.23.0 +description: Kiali is an open source project for service mesh observability, refer + to https://www.kiali.io for details. This is installed as sub-chart with customized + values in Rancher's Istio. +home: https://github.com/kiali/kiali +icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png +keywords: +- istio +- kiali +- networking +- infrastructure +maintainers: +- email: kiali-users@googlegroups.com + name: Kiali + url: https://kiali.io +name: rancher-kiali-server +sources: +- https://github.com/kiali/kiali +- https://github.com/kiali/kiali-ui +- https://github.com/kiali/kiali-operator +- https://github.com/kiali/helm-charts +version: 1.23.001 diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/NOTES.txt b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/NOTES.txt new file mode 100644 index 000000000..751019401 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/NOTES.txt @@ -0,0 +1,5 @@ +Welcome to Kiali! For more details on Kiali, see: https://kiali.io + +The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon. + +(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}]) diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/_helpers.tpl b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/_helpers.tpl new file mode 100644 index 000000000..9dd3d7ff0 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/_helpers.tpl @@ -0,0 +1,176 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "kiali-server.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kiali-server.fullname" -}} +{{- if .Values.fullnameOverride }} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} + {{- $name := default .Chart.Name .Values.nameOverride }} + {{- printf "%s" $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kiali-server.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kiali-server.labels" -}} +helm.sh/chart: {{ include "kiali-server.chart" . }} +app: {{ include "kiali-server.name" . }} +{{ include "kiali-server.selectorLabels" . }} +version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kiali-server.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kiali-server.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Used to determine if a custom dashboard (defined in .Template.Name) should be deployed. +*/}} +{{- define "kiali-server.isDashboardEnabled" -}} +{{- $includere := "" }} +{{- range $_, $s := .Values.deployment.custom_dashboards.includes }} + {{- if $s }} + {{- if $includere }} + {{- $includere = printf "%s|^%s$" $includere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $includere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} +{{- end }} +{{- $excludere := "" }} +{{- range $_, $s := .Values.deployment.custom_dashboards.excludes }} + {{- if $s }} + {{- if $excludere }} + {{- $excludere = printf "%s|^%s$" $excludere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $excludere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} +{{- end }} +{{- if (and (mustRegexMatch (default "no-matches" $includere) (base .Template.Name)) (not (mustRegexMatch (default "no-matches" $excludere) (base .Template.Name)))) }} + {{- print "enabled" }} +{{- else }} + {{- print "" }} +{{- end }} +{{- end }} + +{{/* +Determine the default login token signing key. +*/}} +{{- define "kiali-server.login_token.signing_key" -}} +{{- if .Values.login_token.signing_key }} + {{- .Values.login_token.signing_key }} +{{- else }} + {{- randAlphaNum 16 }} +{{- end }} +{{- end }} + +{{/* +Determine the default web root. +*/}} +{{- define "kiali-server.server.web_root" -}} +{{- if .Values.server.web_root }} + {{- .Values.server.web_root | trimSuffix "/" }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/" }} + {{- else }} + {{- "/kiali" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity cert file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.cert_file" -}} +{{- if hasKey .Values.identity "cert_file" }} + {{- .Values.identity.cert_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.crt" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity private key file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.private_key_file" -}} +{{- if hasKey .Values.identity "private_key_file" }} + {{- .Values.identity.private_key_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.key" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the istio namespace - default is where Kiali is installed. +*/}} +{{- define "kiali-server.istio_namespace" -}} +{{- if .Values.istio_namespace }} + {{- .Values.istio_namespace }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} + +{{/* +Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift. +*/}} +{{- define "kiali-server.auth.strategy" -}} +{{- if .Values.auth.strategy }} + {{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }} + {{- end }} + {{- .Values.auth.strategy }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- if not .Values.kiali_route_url }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }} + {{- end }} + {{- "openshift" }} + {{- else }} + {{- "token" }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/cabundle.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/cabundle.yaml new file mode 100644 index 000000000..7462b95a7 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/cabundle.yaml @@ -0,0 +1,13 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }}-cabundle + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + service.beta.openshift.io/inject-cabundle: "true" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/configmap.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/configmap.yaml new file mode 100644 index 000000000..b1bf53173 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/configmap.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + config.yaml: | + {{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}} + {{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }} + {{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}} + {{- $_ := set $cm.deployment "namespace" .Release.Namespace }} + {{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}} + {{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }} + {{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }} + {{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }} + {{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }} + {{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }} + {{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }} + {{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }} + {{- toYaml $cm | nindent 4 }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/envoy.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/envoy.yaml new file mode 100644 index 000000000..8d961b848 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/envoy.yaml @@ -0,0 +1,55 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: envoy + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Envoy Metrics +# discoverOn: "envoy_server_uptime" + items: + - chart: + name: "Pods uptime" + spans: 4 + metricName: "envoy_server_uptime" + dataType: "raw" + - chart: + name: "Allocated memory" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_allocated" + dataType: "raw" + min: 0 + - chart: + name: "Heap size" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_heap_size" + dataType: "raw" + min: 0 + - chart: + name: "Upstream active connections" + spans: 6 + metricName: "envoy_cluster_upstream_cx_active" + dataType: "raw" + - chart: + name: "Upstream total requests" + spans: 6 + metricName: "envoy_cluster_upstream_rq_total" + unit: "rps" + dataType: "rate" + - chart: + name: "Downstream active connections" + spans: 6 + metricName: "envoy_listener_downstream_cx_active" + dataType: "raw" + - chart: + name: "Downstream HTTP requests" + spans: 6 + metricName: "envoy_listener_http_downstream_rq" + unit: "rps" + dataType: "rate" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/go.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/go.yaml new file mode 100644 index 000000000..01ebed7b5 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/go.yaml @@ -0,0 +1,66 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: go + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Go Metrics + runtime: Go + discoverOn: "go_info" + items: + - chart: + name: "CPU ratio" + spans: 6 + metricName: "process_cpu_seconds_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "RSS Memory" + unit: "bytes" + spans: 6 + metricName: "process_resident_memory_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Goroutines" + spans: 6 + metricName: "go_goroutines" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Heap allocation rate" + unit: "bytes/s" + spans: 6 + metricName: "go_memstats_alloc_bytes_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "GC rate" + spans: 6 + metricName: "go_gc_duration_seconds_count" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Next GC" + unit: "bytes" + spans: 6 + metricName: "go_memstats_next_gc_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/kiali.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/kiali.yaml new file mode 100644 index 000000000..0d5b5caa2 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/kiali.yaml @@ -0,0 +1,43 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: kiali + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Kiali Internal Metrics + items: + - chart: + name: "API processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_api_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "route" + displayName: "Route" + - chart: + name: "Functions processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_go_function_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" + - chart: + name: "Failures" + spans: 12 + metricName: "kiali_go_function_failures_total" + dataType: "raw" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml new file mode 100644 index 000000000..e89e1200c --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml @@ -0,0 +1,42 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Pool Metrics + discoverOn: "jvm_buffer_total_capacity_bytes" + items: + - chart: + name: "Pool buffer memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer capacity" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_total_capacity_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer count" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_count" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/micrometer-1.0.6-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/micrometer-1.0.6-jvm.yaml new file mode 100644 index 000000000..ab487dccc --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/micrometer-1.0.6-jvm.yaml @@ -0,0 +1,64 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live" + items: + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon" + dataType: "raw" + - chart: + name: "Loaded classes" + spans: 4 + metricName: "jvm_classes_loaded" + dataType: "raw" + + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/micrometer-1.1-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/micrometer-1.1-jvm.yaml new file mode 100644 index 000000000..d7014951d --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/micrometer-1.1-jvm.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.1-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live_threads" + items: + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live_threads" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon_threads" + dataType: "raw" + - chart: + name: "Threads states" + spans: 4 + metricName: "jvm_threads_states_threads" + dataType: "raw" + aggregations: + - label: "state" + displayName: "State" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/microprofile-1.1.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/microprofile-1.1.yaml new file mode 100644 index 000000000..c00446c10 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/microprofile-1.1.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-1.1 + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:thread_count" + items: + - chart: + name: "Current loaded classes" + spans: 6 + metricName: "base:classloader_current_loaded_class_count" + dataType: "raw" + - chart: + name: "Unloaded classes" + spans: 6 + metricName: "base:classloader_total_unloaded_class_count" + dataType: "raw" + - chart: + name: "Thread count" + spans: 4 + metricName: "base:thread_count" + dataType: "raw" + - chart: + name: "Thread max count" + spans: 4 + metricName: "base:thread_max_count" + dataType: "raw" + - chart: + name: "Thread daemon count" + spans: 4 + metricName: "base:thread_daemon_count" + dataType: "raw" + - chart: + name: "Committed heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_committed_heap_bytes" + dataType: "raw" + - chart: + name: "Max heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_max_heap_bytes" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_used_heap_bytes" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/microprofile-x.y.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/microprofile-x.y.yaml new file mode 100644 index 000000000..d15f527d9 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/microprofile-x.y.yaml @@ -0,0 +1,37 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-x.y + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:gc_complete_scavenger_count" + items: + - chart: + name: "Young GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_young_generation_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Young GC count" + spans: 3 + metricName: "base:gc_young_generation_scavenger_count" + dataType: "raw" + - chart: + name: "Total GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_complete_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Total GC count" + spans: 3 + metricName: "base:gc_complete_scavenger_count" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/nodejs.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/nodejs.yaml new file mode 100644 index 000000000..d772a16c0 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/nodejs.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: nodejs + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Node.js + title: Node.js Metrics + discoverOn: "nodejs_active_handles_total" + items: + - chart: + name: "Active handles" + spans: 4 + metricName: "nodejs_active_handles_total" + dataType: "raw" + - chart: + name: "Active requests" + spans: 4 + metricName: "nodejs_active_requests_total" + dataType: "raw" + - chart: + name: "Event loop lag" + unit: "seconds" + spans: 4 + metricName: "nodejs_eventloop_lag_seconds" + dataType: "raw" + - chart: + name: "Total heap size" + unit: "bytes" + spans: 12 + metricName: "nodejs_heap_space_size_total_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Used heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_used_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Available heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_available_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/quarkus.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/quarkus.yaml new file mode 100644 index 000000000..4fc3e9ac0 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/quarkus.yaml @@ -0,0 +1,32 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: quarkus + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Quarkus Metrics + runtime: Quarkus + items: + - chart: + name: "Thread count" + spans: 4 + metricName: "vendor:thread_count" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_heap_usage_bytes" + dataType: "raw" + - chart: + name: "Used non-heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_non_heap_usage_bytes" + dataType: "raw" + - include: "microprofile-x.y" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/springboot-jvm-pool.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/springboot-jvm-pool.yaml new file mode 100644 index 000000000..2ff4ae576 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/springboot-jvm-pool.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Pool Metrics + items: + - include: "micrometer-1.0.6-jvm-pool" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/springboot-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/springboot-jvm.yaml new file mode 100644 index 000000000..8bd43055b --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/springboot-jvm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Metrics + items: + - include: "micrometer-1.0.6-jvm" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/springboot-tomcat.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/springboot-tomcat.yaml new file mode 100644 index 000000000..4b27aee4f --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/springboot-tomcat.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-tomcat + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: Tomcat Metrics + items: + - include: "tomcat" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/thorntail.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/thorntail.yaml new file mode 100644 index 000000000..513488df4 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/thorntail.yaml @@ -0,0 +1,21 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: thorntail + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Thorntail + title: Thorntail Metrics + discoverOn: "vendor:loaded_modules" + items: + - include: "microprofile-1.1" + - chart: + name: "Loaded modules" + spans: 6 + metricName: "vendor:loaded_modules" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/tomcat.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/tomcat.yaml new file mode 100644 index 000000000..28fd7f1cc --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/tomcat.yaml @@ -0,0 +1,66 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: tomcat + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Tomcat + title: Tomcat Metrics + discoverOn: "tomcat_sessions_created_total" + items: + - chart: + name: "Sessions created" + spans: 4 + metricName: "tomcat_sessions_created_total" + dataType: "raw" + - chart: + name: "Active sessions" + spans: 4 + metricName: "tomcat_sessions_active_current" + dataType: "raw" + - chart: + name: "Sessions rejected" + spans: 4 + metricName: "tomcat_sessions_rejected_total" + dataType: "raw" + + - chart: + name: "Bytes sent" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_sent_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Bytes received" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_received_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + + - chart: + name: "Global errors" + spans: 6 + metricName: "tomcat_global_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Servlet errors" + spans: 6 + metricName: "tomcat_servlet_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/vertx-client.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/vertx-client.yaml new file mode 100644 index 000000000..17392d87f --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/vertx-client.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-client + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Client Metrics + discoverOn: "vertx_http_client_connections" + items: + - chart: + name: "Client response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_client_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_client_requestCount_total" + dataType: "rate" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client active connections" + spans: 6 + metricName: "vertx_http_client_connections" + dataType: "raw" + - chart: + name: "Client active websockets" + spans: 6 + metricName: "vertx_http_client_wsConnections" + dataType: "raw" + - chart: + name: "Client bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesSent" + dataType: "histogram" + - chart: + name: "Client bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/vertx-eventbus.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/vertx-eventbus.yaml new file mode 100644 index 000000000..fa659b55c --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/vertx-eventbus.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-eventbus + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Eventbus Metrics + discoverOn: "vertx_eventbus_handlers" + items: + - chart: + name: "Event bus handlers" + spans: 6 + metricName: "vertx_eventbus_handlers" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus pending messages" + spans: 6 + metricName: "vertx_eventbus_pending" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus processing time" + unit: "seconds" + spans: 6 + metricName: "vertx_eventbus_processingTime_seconds" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes read" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesRead" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes written" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesWritten" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/vertx-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/vertx-jvm.yaml new file mode 100644 index 000000000..ac03ea2e0 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/vertx-jvm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: JVM Metrics + items: + - include: "micrometer-1.1-jvm" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/vertx-pool.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/vertx-pool.yaml new file mode 100644 index 000000000..3715e9c10 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/vertx-pool.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Pools Metrics + discoverOn: "vertx_pool_ratio" + items: + - chart: + name: "Usage duration" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_usage_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Usage ratio" + spans: 6 + metricName: "vertx_pool_ratio" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Queue size" + spans: 6 + metricName: "vertx_pool_queue_size" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Time in queue" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_queue_delay_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Resources used" + spans: 6 + metricName: "vertx_pool_inUse" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/vertx-server.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/vertx-server.yaml new file mode 100644 index 000000000..686295468 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/dashboards/vertx-server.yaml @@ -0,0 +1,61 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-server + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Server Metrics + discoverOn: "vertx_http_server_connections" + items: + - chart: + name: "Server response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_server_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_server_requestCount_total" + dataType: "rate" + aggregations: + - label: "code" + displayName: "Error code" + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server active connections" + spans: 6 + metricName: "vertx_http_server_connections" + dataType: "raw" + - chart: + name: "Server active websockets" + spans: 6 + metricName: "vertx_http_server_wsConnections" + dataType: "raw" + - chart: + name: "Server bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesSent" + dataType: "histogram" + - chart: + name: "Server bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/deployment.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/deployment.yaml new file mode 100644 index 000000000..6fab9ee49 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/deployment.yaml @@ -0,0 +1,165 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.deployment.replicas }} + selector: + matchLabels: + {{- include "kiali-server.selectorLabels" . | nindent 6 }} + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 8 }} + annotations: + {{- if .Values.server.metrics_enabled }} + prometheus.io/scrape: "true" + prometheus.io/port: {{ .Values.server.metrics_port | quote }} + {{- else }} + prometheus.io/scrape: "false" + prometheus.io/port: null + {{- end }} + kiali.io/runtimes: go,kiali + {{- if .Values.deployment.pod_annotations }} + {{- toYaml .Values.deployment.pod_annotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "kiali-server.fullname" . }} + {{- if .Values.deployment.priority_class_name }} + priorityClassName: {{ .Values.deployment.priority_class_name | quote }} + {{- end }} + {{- if .Values.deployment.image_pull_secrets }} + imagePullSecrets: + {{- range .Values.deployment.image_pull_secrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}:{{ .Values.deployment.tag }}" + imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }} + name: {{ include "kiali-server.fullname" . }} + command: + - "/opt/kiali/kiali" + - "-config" + - "/kiali-configuration/config.yaml" + - "-v" + - "{{ .Values.deployment.verbose_mode }}" + ports: + - name: api-port + containerPort: {{ .Values.server.port | default 20001 }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + containerPort: {{ .Values.server.metrics_port | default 9090 }} + {{- end }} + readinessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + livenessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + env: + - name: ACTIVE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + {{- if .Values.web_root_override }} + - name: kiali-console + subPath: env.js + mountPath: /opt/kiali/console/env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + mountPath: "/kiali-configuration" + - name: {{ include "kiali-server.fullname" . }}-cert + mountPath: "/kiali-cert" + - name: {{ include "kiali-server.fullname" . }}-secret + mountPath: "/kiali-secret" + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + mountPath: "/kiali-cabundle" + {{- end }} + {{- if .Values.deployment.resources }} + resources: + {{- toYaml .Values.deployment.resources | nindent 10 }} + {{- end }} + volumes: + {{- if .Values.web_root_override }} + - name: kiali-console + configMap: + name: kiali-console + items: + - key: env.js + path: env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + configMap: + name: {{ include "kiali-server.fullname" . }} + - name: {{ include "kiali-server.fullname" . }}-cert + secret: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + secretName: {{ include "kiali-server.fullname" . }}-cert-secret + {{- else }} + secretName: istio.{{ include "kiali-server.fullname" . }}-service-account + {{- end }} + {{- if not (include "kiali-server.identity.cert_file" .) }} + optional: true + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-secret + secret: + secretName: {{ .Values.deployment.secret_name }} + optional: true + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + configMap: + name: {{ include "kiali-server.fullname" . }}-cabundle + {{- end }} + {{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.pod) (.Values.deployment.pod_anti)) }} + affinity: + {{- if .Values.deployment.affinity.node }} + nodeAffinity: + {{- toYaml .Values.deployment.affinity.node | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod }} + podAffinity: + {{- toYaml .Values.deployment.affinity.pod | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod_anti }} + podAntiAffinity: + {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }} + {{- end }} + {{- end }} + {{- if .Values.deployment.tolerations }} + tolerations: + {{- toYaml .Values.deployment.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.deployment.node_selector }} + nodeSelector: + {{- toYaml .Values.deployment.node_selector | nindent 8 }} + {{- end }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/ingess.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/ingess.yaml new file mode 100644 index 000000000..5a427e896 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/ingess.yaml @@ -0,0 +1,40 @@ +{{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} +{{- if .Values.deployment.ingress_enabled }} +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }} + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- else }} + # For ingress-nginx versions older than 0.20.0 use secure-backends. + # (see: https://github.com/kubernetes/ingress-nginx/issues/3416#issuecomment-438247948) + # For ingress-nginx versions 0.20.0 and later use backend-protocol. + {{- if (include "kiali-server.identity.cert_file" .) }} + nginx.ingress.kubernetes.io/secure-backends: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + {{- else }} + nginx.ingress.kubernetes.io/secure-backends: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + {{- end }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + rules: + - http: + paths: + - path: {{ include "kiali-server.server.web_root" . }} + backend: + serviceName: {{ include "kiali-server.fullname" . }} + servicePort: {{ .Values.server.port }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/oauth.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/oauth.yaml new file mode 100644 index 000000000..a178bb85e --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/oauth.yaml @@ -0,0 +1,17 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.kiali_route_url }} +--- +apiVersion: oauth.openshift.io/v1 +kind: OAuthClient +metadata: + name: {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +redirectURIs: +- {{ .Values.kiali_route_url }} +grantMethod: auto +allowAnyScope: true +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/role-viewer.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/role-viewer.yaml new file mode 100644 index 000000000..790406017 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/role-viewer.yaml @@ -0,0 +1,101 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }}-viewer + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - replicationcontrollers + - services + verbs: + - get + - list + - watch +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - config.istio.io + - networking.istio.io + - authentication.istio.io + - rbac.istio.io + - security.istio.io + resources: ["*"] + verbs: + - get + - list + - watch +- apiGroups: ["authentication.maistra.io"] + resources: + - servicemeshpolicies + verbs: + - get + - list + - watch +- apiGroups: ["rbac.maistra.io"] + resources: + - servicemeshrbacconfigs + verbs: + - get + - list + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - get + - list +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/role.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/role.yaml new file mode 100644 index 000000000..34a47dd89 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/role.yaml @@ -0,0 +1,118 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - replicationcontrollers + - services + verbs: + - get + - list + - patch + - watch +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - patch + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - patch + - watch +- apiGroups: + - config.istio.io + - networking.istio.io + - authentication.istio.io + - rbac.istio.io + - security.istio.io + resources: ["*"] + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["authentication.maistra.io"] + resources: + - servicemeshpolicies + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["rbac.maistra.io"] + resources: + - servicemeshrbacconfigs + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - patch + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - create + - delete + - get + - list + - patch + - watch +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/rolebinding.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/rolebinding.yaml new file mode 100644 index 000000000..1eaabd65f --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + {{- if .Values.deployment.view_only_mode }} + name: {{ include "kiali-server.fullname" . }}-viewer + {{- else }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/route.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/route.yaml new file mode 100644 index 000000000..27940dc96 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/route.yaml @@ -0,0 +1,30 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.deployment.ingress_enabled }} +# As of OpenShift 4.5, need to use --disable-openapi-validation when installing via Helm +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}} + annotations: + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + tls: + termination: reencrypt + insecureEdgeTerminationPolicy: Redirect + to: + kind: Service + targetPort: {{ .Values.server.port }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/service.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/service.yaml new file mode 100644 index 000000000..69dc395d1 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/service.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + service.beta.openshift.io/serving-cert-secret-name: {{ include "kiali-server.fullname" . }}-cert-secret + {{- end }} + kiali.io/api-spec: https://kiali.io/api + kiali.io/api-type: rest + {{- if .Values.deployment.service_annotations }} + {{- toYaml .Values.deployment.service_annotations | nindent 4 }} + {{- end }} +spec: + {{- if .Values.deployment.service_type }} + type: {{ .Values.deployment.service_type }} + {{- end }} + ports: + {{- if (include "kiali-server.identity.cert_file" .) }} + - name: tcp + {{- else }} + - name: http + {{- end }} + protocol: TCP + port: {{ .Values.server.port }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + protocol: TCP + port: {{ .Values.server.metrics_port }} + {{- end }} + selector: + {{- include "kiali-server.selectorLabels" . | nindent 4 }} + {{- if .Values.deployment.additional_service_yaml }} + {{- toYaml .Values.deployment.additional_service_yaml | nindent 2 }} + {{- end }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/serviceaccount.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/serviceaccount.yaml new file mode 100644 index 000000000..9151b6f6a --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/serviceaccount.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/validate-install-crd.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/validate-install-crd.yaml new file mode 100644 index 000000000..01d33e632 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/validate-install-crd.yaml @@ -0,0 +1,14 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "monitoring.kiali.io/v1alpha1/MonitoringDashboard" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the rancher-kiali-server-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/web-root-configmap.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/web-root-configmap.yaml new file mode 100644 index 000000000..0daa7bb23 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/templates/web-root-configmap.yaml @@ -0,0 +1,12 @@ +{{- if .Values.web_root_override }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: kiali-console + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + env.js: | + window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:rancher-istio-kiali:20001/proxy'; +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/values.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/values.yaml new file mode 100644 index 000000000..12ea7379d --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.23.001/values.yaml @@ -0,0 +1,79 @@ +nameOverride: "kiali" +fullnameOverride: "kiali" + +# This is required for "openshift" auth strategy. +# You have to know ahead of time what your Route URL will be because +# right now the helm chart can't figure this out at runtime (it would +# need to wait for the Kiali Route to be deployed and for OpenShift +# to start it up). If someone knows how to update this helm chart to +# do this, a PR would be welcome. +kiali_route_url: "" + +# rancher specific override that allows proxy access to kiali url +web_root_override: true + +# +# Settings that mimic the Kiali CR which are placed in the ConfigMap. +# Note that only those values used by the Helm Chart will be here. +# + +istio_namespace: "" # default is where Kiali is installed + +auth: + openid: {} + openshift: {} + strategy: "" + +deployment: + # This only limits what Kiali will attempt to see, but Kiali Service Account has permissions to see everything. + # For more control over what the Kial Service Account can see, use the Kiali Operator + accessible_namespaces: + - "**" + additional_service_yaml: {} + affinity: + node: {} + pod: {} + pod_anti: {} + custom_dashboards: + excludes: [''] + includes: ['*'] + repository: rancher/kiali-kiali + image_pull_policy: "Always" + image_pull_secrets: [] + tag: v1.23.0 + ingress_enabled: true + node_selector: {} + override_ingress_yaml: + metadata: {} + pod_annotations: {} + priority_class_name: "" + replicas: 1 + resources: {} + secret_name: "kiali" + service_annotations: {} + service_type: "" + tolerations: [] + verbose_mode: "3" + version_label: v1.23.0 + view_only_mode: false + +identity: {} + #cert_file: + #private_key_file: + +login_token: + signing_key: "" + +server: + port: 20001 + metrics_enabled: true + metrics_port: 9090 + web_root: "" + +# Common settings used among istio subcharts. +global: + # Specify rancher clusterId of external tracing config + # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 + cattle: + systemDefaultRegistry: "" + clusterId: diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/Chart.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/Chart.yaml new file mode 100644 index 000000000..a94f55dbf --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/Chart.yaml @@ -0,0 +1,31 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=match + catalog.cattle.io/hidden: "true" + catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 + catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 + catalog.rancher.io/namespace: cattle-istio-system + catalog.rancher.io/release-name: rancher-kiali-server + catalog.cattle.io/os: linux +apiVersion: v2 +appVersion: v1.24.0 +description: Kiali is an open source project for service mesh observability, refer + to https://www.kiali.io for details. This is installed as sub-chart with customized + values in Rancher's Istio. +home: https://github.com/kiali/kiali +icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png +keywords: +- istio +- kiali +- networking +- infrastructure +maintainers: +- email: kiali-users@googlegroups.com + name: Kiali + url: https://kiali.io +name: rancher-kiali-server +sources: +- https://github.com/kiali/kiali +- https://github.com/kiali/kiali-ui +- https://github.com/kiali/kiali-operator +- https://github.com/kiali/helm-charts +version: 1.24.001 diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/NOTES.txt b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/NOTES.txt new file mode 100644 index 000000000..751019401 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/NOTES.txt @@ -0,0 +1,5 @@ +Welcome to Kiali! For more details on Kiali, see: https://kiali.io + +The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon. + +(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}]) diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/_helpers.tpl b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/_helpers.tpl new file mode 100644 index 000000000..9dd3d7ff0 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/_helpers.tpl @@ -0,0 +1,176 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "kiali-server.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kiali-server.fullname" -}} +{{- if .Values.fullnameOverride }} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} + {{- $name := default .Chart.Name .Values.nameOverride }} + {{- printf "%s" $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kiali-server.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kiali-server.labels" -}} +helm.sh/chart: {{ include "kiali-server.chart" . }} +app: {{ include "kiali-server.name" . }} +{{ include "kiali-server.selectorLabels" . }} +version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kiali-server.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kiali-server.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Used to determine if a custom dashboard (defined in .Template.Name) should be deployed. +*/}} +{{- define "kiali-server.isDashboardEnabled" -}} +{{- $includere := "" }} +{{- range $_, $s := .Values.deployment.custom_dashboards.includes }} + {{- if $s }} + {{- if $includere }} + {{- $includere = printf "%s|^%s$" $includere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $includere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} +{{- end }} +{{- $excludere := "" }} +{{- range $_, $s := .Values.deployment.custom_dashboards.excludes }} + {{- if $s }} + {{- if $excludere }} + {{- $excludere = printf "%s|^%s$" $excludere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $excludere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} +{{- end }} +{{- if (and (mustRegexMatch (default "no-matches" $includere) (base .Template.Name)) (not (mustRegexMatch (default "no-matches" $excludere) (base .Template.Name)))) }} + {{- print "enabled" }} +{{- else }} + {{- print "" }} +{{- end }} +{{- end }} + +{{/* +Determine the default login token signing key. +*/}} +{{- define "kiali-server.login_token.signing_key" -}} +{{- if .Values.login_token.signing_key }} + {{- .Values.login_token.signing_key }} +{{- else }} + {{- randAlphaNum 16 }} +{{- end }} +{{- end }} + +{{/* +Determine the default web root. +*/}} +{{- define "kiali-server.server.web_root" -}} +{{- if .Values.server.web_root }} + {{- .Values.server.web_root | trimSuffix "/" }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/" }} + {{- else }} + {{- "/kiali" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity cert file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.cert_file" -}} +{{- if hasKey .Values.identity "cert_file" }} + {{- .Values.identity.cert_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.crt" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity private key file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.private_key_file" -}} +{{- if hasKey .Values.identity "private_key_file" }} + {{- .Values.identity.private_key_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.key" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the istio namespace - default is where Kiali is installed. +*/}} +{{- define "kiali-server.istio_namespace" -}} +{{- if .Values.istio_namespace }} + {{- .Values.istio_namespace }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} + +{{/* +Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift. +*/}} +{{- define "kiali-server.auth.strategy" -}} +{{- if .Values.auth.strategy }} + {{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }} + {{- end }} + {{- .Values.auth.strategy }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- if not .Values.kiali_route_url }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }} + {{- end }} + {{- "openshift" }} + {{- else }} + {{- "token" }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/cabundle.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/cabundle.yaml new file mode 100644 index 000000000..7462b95a7 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/cabundle.yaml @@ -0,0 +1,13 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }}-cabundle + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + service.beta.openshift.io/inject-cabundle: "true" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/configmap.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/configmap.yaml new file mode 100644 index 000000000..b1bf53173 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/configmap.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + config.yaml: | + {{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}} + {{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }} + {{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}} + {{- $_ := set $cm.deployment "namespace" .Release.Namespace }} + {{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}} + {{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }} + {{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }} + {{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }} + {{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }} + {{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }} + {{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }} + {{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }} + {{- toYaml $cm | nindent 4 }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/envoy.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/envoy.yaml new file mode 100644 index 000000000..8d961b848 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/envoy.yaml @@ -0,0 +1,55 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: envoy + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Envoy Metrics +# discoverOn: "envoy_server_uptime" + items: + - chart: + name: "Pods uptime" + spans: 4 + metricName: "envoy_server_uptime" + dataType: "raw" + - chart: + name: "Allocated memory" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_allocated" + dataType: "raw" + min: 0 + - chart: + name: "Heap size" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_heap_size" + dataType: "raw" + min: 0 + - chart: + name: "Upstream active connections" + spans: 6 + metricName: "envoy_cluster_upstream_cx_active" + dataType: "raw" + - chart: + name: "Upstream total requests" + spans: 6 + metricName: "envoy_cluster_upstream_rq_total" + unit: "rps" + dataType: "rate" + - chart: + name: "Downstream active connections" + spans: 6 + metricName: "envoy_listener_downstream_cx_active" + dataType: "raw" + - chart: + name: "Downstream HTTP requests" + spans: 6 + metricName: "envoy_listener_http_downstream_rq" + unit: "rps" + dataType: "rate" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/go.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/go.yaml new file mode 100644 index 000000000..01ebed7b5 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/go.yaml @@ -0,0 +1,66 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: go + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Go Metrics + runtime: Go + discoverOn: "go_info" + items: + - chart: + name: "CPU ratio" + spans: 6 + metricName: "process_cpu_seconds_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "RSS Memory" + unit: "bytes" + spans: 6 + metricName: "process_resident_memory_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Goroutines" + spans: 6 + metricName: "go_goroutines" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Heap allocation rate" + unit: "bytes/s" + spans: 6 + metricName: "go_memstats_alloc_bytes_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "GC rate" + spans: 6 + metricName: "go_gc_duration_seconds_count" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Next GC" + unit: "bytes" + spans: 6 + metricName: "go_memstats_next_gc_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/kiali.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/kiali.yaml new file mode 100644 index 000000000..0d5b5caa2 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/kiali.yaml @@ -0,0 +1,43 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: kiali + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Kiali Internal Metrics + items: + - chart: + name: "API processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_api_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "route" + displayName: "Route" + - chart: + name: "Functions processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_go_function_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" + - chart: + name: "Failures" + spans: 12 + metricName: "kiali_go_function_failures_total" + dataType: "raw" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml new file mode 100644 index 000000000..e89e1200c --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml @@ -0,0 +1,42 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Pool Metrics + discoverOn: "jvm_buffer_total_capacity_bytes" + items: + - chart: + name: "Pool buffer memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer capacity" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_total_capacity_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer count" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_count" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/micrometer-1.0.6-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/micrometer-1.0.6-jvm.yaml new file mode 100644 index 000000000..ab487dccc --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/micrometer-1.0.6-jvm.yaml @@ -0,0 +1,64 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live" + items: + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon" + dataType: "raw" + - chart: + name: "Loaded classes" + spans: 4 + metricName: "jvm_classes_loaded" + dataType: "raw" + + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/micrometer-1.1-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/micrometer-1.1-jvm.yaml new file mode 100644 index 000000000..d7014951d --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/micrometer-1.1-jvm.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.1-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live_threads" + items: + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live_threads" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon_threads" + dataType: "raw" + - chart: + name: "Threads states" + spans: 4 + metricName: "jvm_threads_states_threads" + dataType: "raw" + aggregations: + - label: "state" + displayName: "State" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/microprofile-1.1.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/microprofile-1.1.yaml new file mode 100644 index 000000000..c00446c10 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/microprofile-1.1.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-1.1 + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:thread_count" + items: + - chart: + name: "Current loaded classes" + spans: 6 + metricName: "base:classloader_current_loaded_class_count" + dataType: "raw" + - chart: + name: "Unloaded classes" + spans: 6 + metricName: "base:classloader_total_unloaded_class_count" + dataType: "raw" + - chart: + name: "Thread count" + spans: 4 + metricName: "base:thread_count" + dataType: "raw" + - chart: + name: "Thread max count" + spans: 4 + metricName: "base:thread_max_count" + dataType: "raw" + - chart: + name: "Thread daemon count" + spans: 4 + metricName: "base:thread_daemon_count" + dataType: "raw" + - chart: + name: "Committed heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_committed_heap_bytes" + dataType: "raw" + - chart: + name: "Max heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_max_heap_bytes" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_used_heap_bytes" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/microprofile-x.y.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/microprofile-x.y.yaml new file mode 100644 index 000000000..d15f527d9 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/microprofile-x.y.yaml @@ -0,0 +1,37 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-x.y + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:gc_complete_scavenger_count" + items: + - chart: + name: "Young GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_young_generation_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Young GC count" + spans: 3 + metricName: "base:gc_young_generation_scavenger_count" + dataType: "raw" + - chart: + name: "Total GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_complete_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Total GC count" + spans: 3 + metricName: "base:gc_complete_scavenger_count" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/nodejs.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/nodejs.yaml new file mode 100644 index 000000000..d772a16c0 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/nodejs.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: nodejs + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Node.js + title: Node.js Metrics + discoverOn: "nodejs_active_handles_total" + items: + - chart: + name: "Active handles" + spans: 4 + metricName: "nodejs_active_handles_total" + dataType: "raw" + - chart: + name: "Active requests" + spans: 4 + metricName: "nodejs_active_requests_total" + dataType: "raw" + - chart: + name: "Event loop lag" + unit: "seconds" + spans: 4 + metricName: "nodejs_eventloop_lag_seconds" + dataType: "raw" + - chart: + name: "Total heap size" + unit: "bytes" + spans: 12 + metricName: "nodejs_heap_space_size_total_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Used heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_used_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Available heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_available_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/quarkus.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/quarkus.yaml new file mode 100644 index 000000000..4fc3e9ac0 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/quarkus.yaml @@ -0,0 +1,32 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: quarkus + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Quarkus Metrics + runtime: Quarkus + items: + - chart: + name: "Thread count" + spans: 4 + metricName: "vendor:thread_count" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_heap_usage_bytes" + dataType: "raw" + - chart: + name: "Used non-heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_non_heap_usage_bytes" + dataType: "raw" + - include: "microprofile-x.y" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/springboot-jvm-pool.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/springboot-jvm-pool.yaml new file mode 100644 index 000000000..2ff4ae576 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/springboot-jvm-pool.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Pool Metrics + items: + - include: "micrometer-1.0.6-jvm-pool" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/springboot-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/springboot-jvm.yaml new file mode 100644 index 000000000..8bd43055b --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/springboot-jvm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Metrics + items: + - include: "micrometer-1.0.6-jvm" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/springboot-tomcat.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/springboot-tomcat.yaml new file mode 100644 index 000000000..4b27aee4f --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/springboot-tomcat.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-tomcat + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: Tomcat Metrics + items: + - include: "tomcat" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/thorntail.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/thorntail.yaml new file mode 100644 index 000000000..513488df4 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/thorntail.yaml @@ -0,0 +1,21 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: thorntail + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Thorntail + title: Thorntail Metrics + discoverOn: "vendor:loaded_modules" + items: + - include: "microprofile-1.1" + - chart: + name: "Loaded modules" + spans: 6 + metricName: "vendor:loaded_modules" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/tomcat.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/tomcat.yaml new file mode 100644 index 000000000..28fd7f1cc --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/tomcat.yaml @@ -0,0 +1,66 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: tomcat + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Tomcat + title: Tomcat Metrics + discoverOn: "tomcat_sessions_created_total" + items: + - chart: + name: "Sessions created" + spans: 4 + metricName: "tomcat_sessions_created_total" + dataType: "raw" + - chart: + name: "Active sessions" + spans: 4 + metricName: "tomcat_sessions_active_current" + dataType: "raw" + - chart: + name: "Sessions rejected" + spans: 4 + metricName: "tomcat_sessions_rejected_total" + dataType: "raw" + + - chart: + name: "Bytes sent" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_sent_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Bytes received" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_received_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + + - chart: + name: "Global errors" + spans: 6 + metricName: "tomcat_global_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Servlet errors" + spans: 6 + metricName: "tomcat_servlet_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/vertx-client.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/vertx-client.yaml new file mode 100644 index 000000000..17392d87f --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/vertx-client.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-client + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Client Metrics + discoverOn: "vertx_http_client_connections" + items: + - chart: + name: "Client response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_client_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_client_requestCount_total" + dataType: "rate" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client active connections" + spans: 6 + metricName: "vertx_http_client_connections" + dataType: "raw" + - chart: + name: "Client active websockets" + spans: 6 + metricName: "vertx_http_client_wsConnections" + dataType: "raw" + - chart: + name: "Client bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesSent" + dataType: "histogram" + - chart: + name: "Client bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/vertx-eventbus.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/vertx-eventbus.yaml new file mode 100644 index 000000000..fa659b55c --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/vertx-eventbus.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-eventbus + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Eventbus Metrics + discoverOn: "vertx_eventbus_handlers" + items: + - chart: + name: "Event bus handlers" + spans: 6 + metricName: "vertx_eventbus_handlers" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus pending messages" + spans: 6 + metricName: "vertx_eventbus_pending" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus processing time" + unit: "seconds" + spans: 6 + metricName: "vertx_eventbus_processingTime_seconds" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes read" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesRead" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes written" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesWritten" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/vertx-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/vertx-jvm.yaml new file mode 100644 index 000000000..ac03ea2e0 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/vertx-jvm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: JVM Metrics + items: + - include: "micrometer-1.1-jvm" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/vertx-pool.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/vertx-pool.yaml new file mode 100644 index 000000000..3715e9c10 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/vertx-pool.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Pools Metrics + discoverOn: "vertx_pool_ratio" + items: + - chart: + name: "Usage duration" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_usage_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Usage ratio" + spans: 6 + metricName: "vertx_pool_ratio" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Queue size" + spans: 6 + metricName: "vertx_pool_queue_size" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Time in queue" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_queue_delay_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Resources used" + spans: 6 + metricName: "vertx_pool_inUse" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/vertx-server.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/vertx-server.yaml new file mode 100644 index 000000000..686295468 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/dashboards/vertx-server.yaml @@ -0,0 +1,61 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-server + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Server Metrics + discoverOn: "vertx_http_server_connections" + items: + - chart: + name: "Server response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_server_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_server_requestCount_total" + dataType: "rate" + aggregations: + - label: "code" + displayName: "Error code" + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server active connections" + spans: 6 + metricName: "vertx_http_server_connections" + dataType: "raw" + - chart: + name: "Server active websockets" + spans: 6 + metricName: "vertx_http_server_wsConnections" + dataType: "raw" + - chart: + name: "Server bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesSent" + dataType: "histogram" + - chart: + name: "Server bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/deployment.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/deployment.yaml new file mode 100644 index 000000000..6fab9ee49 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/deployment.yaml @@ -0,0 +1,165 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.deployment.replicas }} + selector: + matchLabels: + {{- include "kiali-server.selectorLabels" . | nindent 6 }} + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 8 }} + annotations: + {{- if .Values.server.metrics_enabled }} + prometheus.io/scrape: "true" + prometheus.io/port: {{ .Values.server.metrics_port | quote }} + {{- else }} + prometheus.io/scrape: "false" + prometheus.io/port: null + {{- end }} + kiali.io/runtimes: go,kiali + {{- if .Values.deployment.pod_annotations }} + {{- toYaml .Values.deployment.pod_annotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "kiali-server.fullname" . }} + {{- if .Values.deployment.priority_class_name }} + priorityClassName: {{ .Values.deployment.priority_class_name | quote }} + {{- end }} + {{- if .Values.deployment.image_pull_secrets }} + imagePullSecrets: + {{- range .Values.deployment.image_pull_secrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}:{{ .Values.deployment.tag }}" + imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }} + name: {{ include "kiali-server.fullname" . }} + command: + - "/opt/kiali/kiali" + - "-config" + - "/kiali-configuration/config.yaml" + - "-v" + - "{{ .Values.deployment.verbose_mode }}" + ports: + - name: api-port + containerPort: {{ .Values.server.port | default 20001 }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + containerPort: {{ .Values.server.metrics_port | default 9090 }} + {{- end }} + readinessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + livenessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + env: + - name: ACTIVE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + {{- if .Values.web_root_override }} + - name: kiali-console + subPath: env.js + mountPath: /opt/kiali/console/env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + mountPath: "/kiali-configuration" + - name: {{ include "kiali-server.fullname" . }}-cert + mountPath: "/kiali-cert" + - name: {{ include "kiali-server.fullname" . }}-secret + mountPath: "/kiali-secret" + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + mountPath: "/kiali-cabundle" + {{- end }} + {{- if .Values.deployment.resources }} + resources: + {{- toYaml .Values.deployment.resources | nindent 10 }} + {{- end }} + volumes: + {{- if .Values.web_root_override }} + - name: kiali-console + configMap: + name: kiali-console + items: + - key: env.js + path: env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + configMap: + name: {{ include "kiali-server.fullname" . }} + - name: {{ include "kiali-server.fullname" . }}-cert + secret: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + secretName: {{ include "kiali-server.fullname" . }}-cert-secret + {{- else }} + secretName: istio.{{ include "kiali-server.fullname" . }}-service-account + {{- end }} + {{- if not (include "kiali-server.identity.cert_file" .) }} + optional: true + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-secret + secret: + secretName: {{ .Values.deployment.secret_name }} + optional: true + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + configMap: + name: {{ include "kiali-server.fullname" . }}-cabundle + {{- end }} + {{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.pod) (.Values.deployment.pod_anti)) }} + affinity: + {{- if .Values.deployment.affinity.node }} + nodeAffinity: + {{- toYaml .Values.deployment.affinity.node | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod }} + podAffinity: + {{- toYaml .Values.deployment.affinity.pod | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod_anti }} + podAntiAffinity: + {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }} + {{- end }} + {{- end }} + {{- if .Values.deployment.tolerations }} + tolerations: + {{- toYaml .Values.deployment.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.deployment.node_selector }} + nodeSelector: + {{- toYaml .Values.deployment.node_selector | nindent 8 }} + {{- end }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/ingess.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/ingess.yaml new file mode 100644 index 000000000..5a427e896 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/ingess.yaml @@ -0,0 +1,40 @@ +{{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} +{{- if .Values.deployment.ingress_enabled }} +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }} + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- else }} + # For ingress-nginx versions older than 0.20.0 use secure-backends. + # (see: https://github.com/kubernetes/ingress-nginx/issues/3416#issuecomment-438247948) + # For ingress-nginx versions 0.20.0 and later use backend-protocol. + {{- if (include "kiali-server.identity.cert_file" .) }} + nginx.ingress.kubernetes.io/secure-backends: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + {{- else }} + nginx.ingress.kubernetes.io/secure-backends: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + {{- end }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + rules: + - http: + paths: + - path: {{ include "kiali-server.server.web_root" . }} + backend: + serviceName: {{ include "kiali-server.fullname" . }} + servicePort: {{ .Values.server.port }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/oauth.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/oauth.yaml new file mode 100644 index 000000000..a178bb85e --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/oauth.yaml @@ -0,0 +1,17 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.kiali_route_url }} +--- +apiVersion: oauth.openshift.io/v1 +kind: OAuthClient +metadata: + name: {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +redirectURIs: +- {{ .Values.kiali_route_url }} +grantMethod: auto +allowAnyScope: true +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/role-viewer.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/role-viewer.yaml new file mode 100644 index 000000000..790406017 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/role-viewer.yaml @@ -0,0 +1,101 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }}-viewer + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - replicationcontrollers + - services + verbs: + - get + - list + - watch +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - config.istio.io + - networking.istio.io + - authentication.istio.io + - rbac.istio.io + - security.istio.io + resources: ["*"] + verbs: + - get + - list + - watch +- apiGroups: ["authentication.maistra.io"] + resources: + - servicemeshpolicies + verbs: + - get + - list + - watch +- apiGroups: ["rbac.maistra.io"] + resources: + - servicemeshrbacconfigs + verbs: + - get + - list + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - get + - list +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/role.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/role.yaml new file mode 100644 index 000000000..34a47dd89 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/role.yaml @@ -0,0 +1,118 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - replicationcontrollers + - services + verbs: + - get + - list + - patch + - watch +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - patch + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - patch + - watch +- apiGroups: + - config.istio.io + - networking.istio.io + - authentication.istio.io + - rbac.istio.io + - security.istio.io + resources: ["*"] + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["authentication.maistra.io"] + resources: + - servicemeshpolicies + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["rbac.maistra.io"] + resources: + - servicemeshrbacconfigs + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - patch + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - create + - delete + - get + - list + - patch + - watch +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/rolebinding.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/rolebinding.yaml new file mode 100644 index 000000000..1eaabd65f --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + {{- if .Values.deployment.view_only_mode }} + name: {{ include "kiali-server.fullname" . }}-viewer + {{- else }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/route.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/route.yaml new file mode 100644 index 000000000..27940dc96 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/route.yaml @@ -0,0 +1,30 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.deployment.ingress_enabled }} +# As of OpenShift 4.5, need to use --disable-openapi-validation when installing via Helm +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}} + annotations: + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + tls: + termination: reencrypt + insecureEdgeTerminationPolicy: Redirect + to: + kind: Service + targetPort: {{ .Values.server.port }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/service.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/service.yaml new file mode 100644 index 000000000..69dc395d1 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/service.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + service.beta.openshift.io/serving-cert-secret-name: {{ include "kiali-server.fullname" . }}-cert-secret + {{- end }} + kiali.io/api-spec: https://kiali.io/api + kiali.io/api-type: rest + {{- if .Values.deployment.service_annotations }} + {{- toYaml .Values.deployment.service_annotations | nindent 4 }} + {{- end }} +spec: + {{- if .Values.deployment.service_type }} + type: {{ .Values.deployment.service_type }} + {{- end }} + ports: + {{- if (include "kiali-server.identity.cert_file" .) }} + - name: tcp + {{- else }} + - name: http + {{- end }} + protocol: TCP + port: {{ .Values.server.port }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + protocol: TCP + port: {{ .Values.server.metrics_port }} + {{- end }} + selector: + {{- include "kiali-server.selectorLabels" . | nindent 4 }} + {{- if .Values.deployment.additional_service_yaml }} + {{- toYaml .Values.deployment.additional_service_yaml | nindent 2 }} + {{- end }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/serviceaccount.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/serviceaccount.yaml new file mode 100644 index 000000000..9151b6f6a --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/serviceaccount.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/validate-install-crd.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/validate-install-crd.yaml new file mode 100644 index 000000000..01d33e632 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/validate-install-crd.yaml @@ -0,0 +1,14 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "monitoring.kiali.io/v1alpha1/MonitoringDashboard" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the rancher-kiali-server-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/web-root-configmap.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/web-root-configmap.yaml new file mode 100644 index 000000000..0daa7bb23 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/templates/web-root-configmap.yaml @@ -0,0 +1,12 @@ +{{- if .Values.web_root_override }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: kiali-console + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + env.js: | + window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:rancher-istio-kiali:20001/proxy'; +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/values.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/values.yaml new file mode 100644 index 000000000..fccc6d4ce --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.001/values.yaml @@ -0,0 +1,79 @@ +nameOverride: "kiali" +fullnameOverride: "kiali" + +# This is required for "openshift" auth strategy. +# You have to know ahead of time what your Route URL will be because +# right now the helm chart can't figure this out at runtime (it would +# need to wait for the Kiali Route to be deployed and for OpenShift +# to start it up). If someone knows how to update this helm chart to +# do this, a PR would be welcome. +kiali_route_url: "" + +# rancher specific override that allows proxy access to kiali url +web_root_override: true + +# +# Settings that mimic the Kiali CR which are placed in the ConfigMap. +# Note that only those values used by the Helm Chart will be here. +# + +istio_namespace: "" # default is where Kiali is installed + +auth: + openid: {} + openshift: {} + strategy: "" + +deployment: + # This only limits what Kiali will attempt to see, but Kiali Service Account has permissions to see everything. + # For more control over what the Kial Service Account can see, use the Kiali Operator + accessible_namespaces: + - "**" + additional_service_yaml: {} + affinity: + node: {} + pod: {} + pod_anti: {} + custom_dashboards: + excludes: [''] + includes: ['*'] + repository: rancher/kiali-kiali + image_pull_policy: "Always" + image_pull_secrets: [] + tag: v1.24.0 + ingress_enabled: true + node_selector: {} + override_ingress_yaml: + metadata: {} + pod_annotations: {} + priority_class_name: "" + replicas: 1 + resources: {} + secret_name: "kiali" + service_annotations: {} + service_type: "" + tolerations: [] + verbose_mode: "3" + version_label: v1.24.0 + view_only_mode: false + +identity: {} + #cert_file: + #private_key_file: + +login_token: + signing_key: "" + +server: + port: 20001 + metrics_enabled: true + metrics_port: 9090 + web_root: "" + +# Common settings used among istio subcharts. +global: + # Specify rancher clusterId of external tracing config + # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 + cattle: + systemDefaultRegistry: "" + clusterId: diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/Chart.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/Chart.yaml new file mode 100644 index 000000000..57e2d891d --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/Chart.yaml @@ -0,0 +1,31 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=match + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 + catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 + catalog.rancher.io/namespace: cattle-istio-system + catalog.rancher.io/release-name: rancher-kiali-server +apiVersion: v2 +appVersion: v1.24.0 +description: Kiali is an open source project for service mesh observability, refer + to https://www.kiali.io for details. This is installed as sub-chart with customized + values in Rancher's Istio. +home: https://github.com/kiali/kiali +icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png +keywords: +- istio +- kiali +- networking +- infrastructure +maintainers: +- email: kiali-users@googlegroups.com + name: Kiali + url: https://kiali.io +name: rancher-kiali-server +sources: +- https://github.com/kiali/kiali +- https://github.com/kiali/kiali-ui +- https://github.com/kiali/kiali-operator +- https://github.com/kiali/helm-charts +version: 1.24.003 diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/NOTES.txt b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/NOTES.txt new file mode 100644 index 000000000..751019401 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/NOTES.txt @@ -0,0 +1,5 @@ +Welcome to Kiali! For more details on Kiali, see: https://kiali.io + +The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon. + +(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}]) diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/_helpers.tpl b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/_helpers.tpl new file mode 100644 index 000000000..9dd3d7ff0 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/_helpers.tpl @@ -0,0 +1,176 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "kiali-server.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kiali-server.fullname" -}} +{{- if .Values.fullnameOverride }} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} + {{- $name := default .Chart.Name .Values.nameOverride }} + {{- printf "%s" $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kiali-server.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kiali-server.labels" -}} +helm.sh/chart: {{ include "kiali-server.chart" . }} +app: {{ include "kiali-server.name" . }} +{{ include "kiali-server.selectorLabels" . }} +version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kiali-server.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kiali-server.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Used to determine if a custom dashboard (defined in .Template.Name) should be deployed. +*/}} +{{- define "kiali-server.isDashboardEnabled" -}} +{{- $includere := "" }} +{{- range $_, $s := .Values.deployment.custom_dashboards.includes }} + {{- if $s }} + {{- if $includere }} + {{- $includere = printf "%s|^%s$" $includere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $includere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} +{{- end }} +{{- $excludere := "" }} +{{- range $_, $s := .Values.deployment.custom_dashboards.excludes }} + {{- if $s }} + {{- if $excludere }} + {{- $excludere = printf "%s|^%s$" $excludere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $excludere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} +{{- end }} +{{- if (and (mustRegexMatch (default "no-matches" $includere) (base .Template.Name)) (not (mustRegexMatch (default "no-matches" $excludere) (base .Template.Name)))) }} + {{- print "enabled" }} +{{- else }} + {{- print "" }} +{{- end }} +{{- end }} + +{{/* +Determine the default login token signing key. +*/}} +{{- define "kiali-server.login_token.signing_key" -}} +{{- if .Values.login_token.signing_key }} + {{- .Values.login_token.signing_key }} +{{- else }} + {{- randAlphaNum 16 }} +{{- end }} +{{- end }} + +{{/* +Determine the default web root. +*/}} +{{- define "kiali-server.server.web_root" -}} +{{- if .Values.server.web_root }} + {{- .Values.server.web_root | trimSuffix "/" }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/" }} + {{- else }} + {{- "/kiali" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity cert file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.cert_file" -}} +{{- if hasKey .Values.identity "cert_file" }} + {{- .Values.identity.cert_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.crt" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity private key file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.private_key_file" -}} +{{- if hasKey .Values.identity "private_key_file" }} + {{- .Values.identity.private_key_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.key" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the istio namespace - default is where Kiali is installed. +*/}} +{{- define "kiali-server.istio_namespace" -}} +{{- if .Values.istio_namespace }} + {{- .Values.istio_namespace }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} + +{{/* +Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift. +*/}} +{{- define "kiali-server.auth.strategy" -}} +{{- if .Values.auth.strategy }} + {{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }} + {{- end }} + {{- .Values.auth.strategy }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- if not .Values.kiali_route_url }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }} + {{- end }} + {{- "openshift" }} + {{- else }} + {{- "token" }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/cabundle.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/cabundle.yaml new file mode 100644 index 000000000..7462b95a7 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/cabundle.yaml @@ -0,0 +1,13 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }}-cabundle + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + service.beta.openshift.io/inject-cabundle: "true" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/configmap.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/configmap.yaml new file mode 100644 index 000000000..b1bf53173 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/configmap.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + config.yaml: | + {{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}} + {{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }} + {{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}} + {{- $_ := set $cm.deployment "namespace" .Release.Namespace }} + {{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}} + {{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }} + {{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }} + {{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }} + {{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }} + {{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }} + {{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }} + {{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }} + {{- toYaml $cm | nindent 4 }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/envoy.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/envoy.yaml new file mode 100644 index 000000000..8d961b848 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/envoy.yaml @@ -0,0 +1,55 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: envoy + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Envoy Metrics +# discoverOn: "envoy_server_uptime" + items: + - chart: + name: "Pods uptime" + spans: 4 + metricName: "envoy_server_uptime" + dataType: "raw" + - chart: + name: "Allocated memory" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_allocated" + dataType: "raw" + min: 0 + - chart: + name: "Heap size" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_heap_size" + dataType: "raw" + min: 0 + - chart: + name: "Upstream active connections" + spans: 6 + metricName: "envoy_cluster_upstream_cx_active" + dataType: "raw" + - chart: + name: "Upstream total requests" + spans: 6 + metricName: "envoy_cluster_upstream_rq_total" + unit: "rps" + dataType: "rate" + - chart: + name: "Downstream active connections" + spans: 6 + metricName: "envoy_listener_downstream_cx_active" + dataType: "raw" + - chart: + name: "Downstream HTTP requests" + spans: 6 + metricName: "envoy_listener_http_downstream_rq" + unit: "rps" + dataType: "rate" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/go.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/go.yaml new file mode 100644 index 000000000..01ebed7b5 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/go.yaml @@ -0,0 +1,66 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: go + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Go Metrics + runtime: Go + discoverOn: "go_info" + items: + - chart: + name: "CPU ratio" + spans: 6 + metricName: "process_cpu_seconds_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "RSS Memory" + unit: "bytes" + spans: 6 + metricName: "process_resident_memory_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Goroutines" + spans: 6 + metricName: "go_goroutines" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Heap allocation rate" + unit: "bytes/s" + spans: 6 + metricName: "go_memstats_alloc_bytes_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "GC rate" + spans: 6 + metricName: "go_gc_duration_seconds_count" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Next GC" + unit: "bytes" + spans: 6 + metricName: "go_memstats_next_gc_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/kiali.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/kiali.yaml new file mode 100644 index 000000000..0d5b5caa2 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/kiali.yaml @@ -0,0 +1,43 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: kiali + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Kiali Internal Metrics + items: + - chart: + name: "API processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_api_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "route" + displayName: "Route" + - chart: + name: "Functions processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_go_function_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" + - chart: + name: "Failures" + spans: 12 + metricName: "kiali_go_function_failures_total" + dataType: "raw" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml new file mode 100644 index 000000000..e89e1200c --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml @@ -0,0 +1,42 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Pool Metrics + discoverOn: "jvm_buffer_total_capacity_bytes" + items: + - chart: + name: "Pool buffer memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer capacity" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_total_capacity_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer count" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_count" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/micrometer-1.0.6-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/micrometer-1.0.6-jvm.yaml new file mode 100644 index 000000000..ab487dccc --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/micrometer-1.0.6-jvm.yaml @@ -0,0 +1,64 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live" + items: + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon" + dataType: "raw" + - chart: + name: "Loaded classes" + spans: 4 + metricName: "jvm_classes_loaded" + dataType: "raw" + + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/micrometer-1.1-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/micrometer-1.1-jvm.yaml new file mode 100644 index 000000000..d7014951d --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/micrometer-1.1-jvm.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.1-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live_threads" + items: + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live_threads" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon_threads" + dataType: "raw" + - chart: + name: "Threads states" + spans: 4 + metricName: "jvm_threads_states_threads" + dataType: "raw" + aggregations: + - label: "state" + displayName: "State" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/microprofile-1.1.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/microprofile-1.1.yaml new file mode 100644 index 000000000..c00446c10 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/microprofile-1.1.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-1.1 + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:thread_count" + items: + - chart: + name: "Current loaded classes" + spans: 6 + metricName: "base:classloader_current_loaded_class_count" + dataType: "raw" + - chart: + name: "Unloaded classes" + spans: 6 + metricName: "base:classloader_total_unloaded_class_count" + dataType: "raw" + - chart: + name: "Thread count" + spans: 4 + metricName: "base:thread_count" + dataType: "raw" + - chart: + name: "Thread max count" + spans: 4 + metricName: "base:thread_max_count" + dataType: "raw" + - chart: + name: "Thread daemon count" + spans: 4 + metricName: "base:thread_daemon_count" + dataType: "raw" + - chart: + name: "Committed heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_committed_heap_bytes" + dataType: "raw" + - chart: + name: "Max heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_max_heap_bytes" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_used_heap_bytes" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/microprofile-x.y.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/microprofile-x.y.yaml new file mode 100644 index 000000000..d15f527d9 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/microprofile-x.y.yaml @@ -0,0 +1,37 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-x.y + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:gc_complete_scavenger_count" + items: + - chart: + name: "Young GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_young_generation_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Young GC count" + spans: 3 + metricName: "base:gc_young_generation_scavenger_count" + dataType: "raw" + - chart: + name: "Total GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_complete_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Total GC count" + spans: 3 + metricName: "base:gc_complete_scavenger_count" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/nodejs.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/nodejs.yaml new file mode 100644 index 000000000..d772a16c0 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/nodejs.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: nodejs + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Node.js + title: Node.js Metrics + discoverOn: "nodejs_active_handles_total" + items: + - chart: + name: "Active handles" + spans: 4 + metricName: "nodejs_active_handles_total" + dataType: "raw" + - chart: + name: "Active requests" + spans: 4 + metricName: "nodejs_active_requests_total" + dataType: "raw" + - chart: + name: "Event loop lag" + unit: "seconds" + spans: 4 + metricName: "nodejs_eventloop_lag_seconds" + dataType: "raw" + - chart: + name: "Total heap size" + unit: "bytes" + spans: 12 + metricName: "nodejs_heap_space_size_total_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Used heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_used_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Available heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_available_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/quarkus.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/quarkus.yaml new file mode 100644 index 000000000..4fc3e9ac0 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/quarkus.yaml @@ -0,0 +1,32 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: quarkus + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Quarkus Metrics + runtime: Quarkus + items: + - chart: + name: "Thread count" + spans: 4 + metricName: "vendor:thread_count" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_heap_usage_bytes" + dataType: "raw" + - chart: + name: "Used non-heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_non_heap_usage_bytes" + dataType: "raw" + - include: "microprofile-x.y" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/springboot-jvm-pool.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/springboot-jvm-pool.yaml new file mode 100644 index 000000000..2ff4ae576 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/springboot-jvm-pool.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Pool Metrics + items: + - include: "micrometer-1.0.6-jvm-pool" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/springboot-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/springboot-jvm.yaml new file mode 100644 index 000000000..8bd43055b --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/springboot-jvm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Metrics + items: + - include: "micrometer-1.0.6-jvm" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/springboot-tomcat.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/springboot-tomcat.yaml new file mode 100644 index 000000000..4b27aee4f --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/springboot-tomcat.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-tomcat + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: Tomcat Metrics + items: + - include: "tomcat" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/thorntail.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/thorntail.yaml new file mode 100644 index 000000000..513488df4 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/thorntail.yaml @@ -0,0 +1,21 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: thorntail + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Thorntail + title: Thorntail Metrics + discoverOn: "vendor:loaded_modules" + items: + - include: "microprofile-1.1" + - chart: + name: "Loaded modules" + spans: 6 + metricName: "vendor:loaded_modules" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/tomcat.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/tomcat.yaml new file mode 100644 index 000000000..28fd7f1cc --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/tomcat.yaml @@ -0,0 +1,66 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: tomcat + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Tomcat + title: Tomcat Metrics + discoverOn: "tomcat_sessions_created_total" + items: + - chart: + name: "Sessions created" + spans: 4 + metricName: "tomcat_sessions_created_total" + dataType: "raw" + - chart: + name: "Active sessions" + spans: 4 + metricName: "tomcat_sessions_active_current" + dataType: "raw" + - chart: + name: "Sessions rejected" + spans: 4 + metricName: "tomcat_sessions_rejected_total" + dataType: "raw" + + - chart: + name: "Bytes sent" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_sent_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Bytes received" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_received_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + + - chart: + name: "Global errors" + spans: 6 + metricName: "tomcat_global_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Servlet errors" + spans: 6 + metricName: "tomcat_servlet_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/vertx-client.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/vertx-client.yaml new file mode 100644 index 000000000..17392d87f --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/vertx-client.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-client + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Client Metrics + discoverOn: "vertx_http_client_connections" + items: + - chart: + name: "Client response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_client_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_client_requestCount_total" + dataType: "rate" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client active connections" + spans: 6 + metricName: "vertx_http_client_connections" + dataType: "raw" + - chart: + name: "Client active websockets" + spans: 6 + metricName: "vertx_http_client_wsConnections" + dataType: "raw" + - chart: + name: "Client bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesSent" + dataType: "histogram" + - chart: + name: "Client bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/vertx-eventbus.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/vertx-eventbus.yaml new file mode 100644 index 000000000..fa659b55c --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/vertx-eventbus.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-eventbus + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Eventbus Metrics + discoverOn: "vertx_eventbus_handlers" + items: + - chart: + name: "Event bus handlers" + spans: 6 + metricName: "vertx_eventbus_handlers" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus pending messages" + spans: 6 + metricName: "vertx_eventbus_pending" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus processing time" + unit: "seconds" + spans: 6 + metricName: "vertx_eventbus_processingTime_seconds" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes read" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesRead" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes written" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesWritten" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/vertx-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/vertx-jvm.yaml new file mode 100644 index 000000000..ac03ea2e0 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/vertx-jvm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: JVM Metrics + items: + - include: "micrometer-1.1-jvm" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/vertx-pool.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/vertx-pool.yaml new file mode 100644 index 000000000..3715e9c10 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/vertx-pool.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Pools Metrics + discoverOn: "vertx_pool_ratio" + items: + - chart: + name: "Usage duration" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_usage_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Usage ratio" + spans: 6 + metricName: "vertx_pool_ratio" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Queue size" + spans: 6 + metricName: "vertx_pool_queue_size" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Time in queue" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_queue_delay_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Resources used" + spans: 6 + metricName: "vertx_pool_inUse" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/vertx-server.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/vertx-server.yaml new file mode 100644 index 000000000..686295468 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/dashboards/vertx-server.yaml @@ -0,0 +1,61 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-server + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Server Metrics + discoverOn: "vertx_http_server_connections" + items: + - chart: + name: "Server response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_server_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_server_requestCount_total" + dataType: "rate" + aggregations: + - label: "code" + displayName: "Error code" + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server active connections" + spans: 6 + metricName: "vertx_http_server_connections" + dataType: "raw" + - chart: + name: "Server active websockets" + spans: 6 + metricName: "vertx_http_server_wsConnections" + dataType: "raw" + - chart: + name: "Server bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesSent" + dataType: "histogram" + - chart: + name: "Server bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/deployment.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/deployment.yaml new file mode 100644 index 000000000..6fab9ee49 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/deployment.yaml @@ -0,0 +1,165 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.deployment.replicas }} + selector: + matchLabels: + {{- include "kiali-server.selectorLabels" . | nindent 6 }} + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 8 }} + annotations: + {{- if .Values.server.metrics_enabled }} + prometheus.io/scrape: "true" + prometheus.io/port: {{ .Values.server.metrics_port | quote }} + {{- else }} + prometheus.io/scrape: "false" + prometheus.io/port: null + {{- end }} + kiali.io/runtimes: go,kiali + {{- if .Values.deployment.pod_annotations }} + {{- toYaml .Values.deployment.pod_annotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "kiali-server.fullname" . }} + {{- if .Values.deployment.priority_class_name }} + priorityClassName: {{ .Values.deployment.priority_class_name | quote }} + {{- end }} + {{- if .Values.deployment.image_pull_secrets }} + imagePullSecrets: + {{- range .Values.deployment.image_pull_secrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}:{{ .Values.deployment.tag }}" + imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }} + name: {{ include "kiali-server.fullname" . }} + command: + - "/opt/kiali/kiali" + - "-config" + - "/kiali-configuration/config.yaml" + - "-v" + - "{{ .Values.deployment.verbose_mode }}" + ports: + - name: api-port + containerPort: {{ .Values.server.port | default 20001 }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + containerPort: {{ .Values.server.metrics_port | default 9090 }} + {{- end }} + readinessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + livenessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + env: + - name: ACTIVE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + {{- if .Values.web_root_override }} + - name: kiali-console + subPath: env.js + mountPath: /opt/kiali/console/env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + mountPath: "/kiali-configuration" + - name: {{ include "kiali-server.fullname" . }}-cert + mountPath: "/kiali-cert" + - name: {{ include "kiali-server.fullname" . }}-secret + mountPath: "/kiali-secret" + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + mountPath: "/kiali-cabundle" + {{- end }} + {{- if .Values.deployment.resources }} + resources: + {{- toYaml .Values.deployment.resources | nindent 10 }} + {{- end }} + volumes: + {{- if .Values.web_root_override }} + - name: kiali-console + configMap: + name: kiali-console + items: + - key: env.js + path: env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + configMap: + name: {{ include "kiali-server.fullname" . }} + - name: {{ include "kiali-server.fullname" . }}-cert + secret: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + secretName: {{ include "kiali-server.fullname" . }}-cert-secret + {{- else }} + secretName: istio.{{ include "kiali-server.fullname" . }}-service-account + {{- end }} + {{- if not (include "kiali-server.identity.cert_file" .) }} + optional: true + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-secret + secret: + secretName: {{ .Values.deployment.secret_name }} + optional: true + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + configMap: + name: {{ include "kiali-server.fullname" . }}-cabundle + {{- end }} + {{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.pod) (.Values.deployment.pod_anti)) }} + affinity: + {{- if .Values.deployment.affinity.node }} + nodeAffinity: + {{- toYaml .Values.deployment.affinity.node | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod }} + podAffinity: + {{- toYaml .Values.deployment.affinity.pod | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod_anti }} + podAntiAffinity: + {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }} + {{- end }} + {{- end }} + {{- if .Values.deployment.tolerations }} + tolerations: + {{- toYaml .Values.deployment.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.deployment.node_selector }} + nodeSelector: + {{- toYaml .Values.deployment.node_selector | nindent 8 }} + {{- end }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/ingess.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/ingess.yaml new file mode 100644 index 000000000..5a427e896 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/ingess.yaml @@ -0,0 +1,40 @@ +{{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} +{{- if .Values.deployment.ingress_enabled }} +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }} + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- else }} + # For ingress-nginx versions older than 0.20.0 use secure-backends. + # (see: https://github.com/kubernetes/ingress-nginx/issues/3416#issuecomment-438247948) + # For ingress-nginx versions 0.20.0 and later use backend-protocol. + {{- if (include "kiali-server.identity.cert_file" .) }} + nginx.ingress.kubernetes.io/secure-backends: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + {{- else }} + nginx.ingress.kubernetes.io/secure-backends: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + {{- end }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + rules: + - http: + paths: + - path: {{ include "kiali-server.server.web_root" . }} + backend: + serviceName: {{ include "kiali-server.fullname" . }} + servicePort: {{ .Values.server.port }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/oauth.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/oauth.yaml new file mode 100644 index 000000000..a178bb85e --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/oauth.yaml @@ -0,0 +1,17 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.kiali_route_url }} +--- +apiVersion: oauth.openshift.io/v1 +kind: OAuthClient +metadata: + name: {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +redirectURIs: +- {{ .Values.kiali_route_url }} +grantMethod: auto +allowAnyScope: true +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/role-viewer.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/role-viewer.yaml new file mode 100644 index 000000000..790406017 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/role-viewer.yaml @@ -0,0 +1,101 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }}-viewer + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - replicationcontrollers + - services + verbs: + - get + - list + - watch +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - config.istio.io + - networking.istio.io + - authentication.istio.io + - rbac.istio.io + - security.istio.io + resources: ["*"] + verbs: + - get + - list + - watch +- apiGroups: ["authentication.maistra.io"] + resources: + - servicemeshpolicies + verbs: + - get + - list + - watch +- apiGroups: ["rbac.maistra.io"] + resources: + - servicemeshrbacconfigs + verbs: + - get + - list + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - get + - list +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/role.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/role.yaml new file mode 100644 index 000000000..34a47dd89 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/role.yaml @@ -0,0 +1,118 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - replicationcontrollers + - services + verbs: + - get + - list + - patch + - watch +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - patch + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - patch + - watch +- apiGroups: + - config.istio.io + - networking.istio.io + - authentication.istio.io + - rbac.istio.io + - security.istio.io + resources: ["*"] + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["authentication.maistra.io"] + resources: + - servicemeshpolicies + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["rbac.maistra.io"] + resources: + - servicemeshrbacconfigs + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - patch + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - create + - delete + - get + - list + - patch + - watch +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/rolebinding.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/rolebinding.yaml new file mode 100644 index 000000000..1eaabd65f --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + {{- if .Values.deployment.view_only_mode }} + name: {{ include "kiali-server.fullname" . }}-viewer + {{- else }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/route.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/route.yaml new file mode 100644 index 000000000..27940dc96 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/route.yaml @@ -0,0 +1,30 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.deployment.ingress_enabled }} +# As of OpenShift 4.5, need to use --disable-openapi-validation when installing via Helm +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}} + annotations: + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + tls: + termination: reencrypt + insecureEdgeTerminationPolicy: Redirect + to: + kind: Service + targetPort: {{ .Values.server.port }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/service.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/service.yaml new file mode 100644 index 000000000..69dc395d1 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/service.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + service.beta.openshift.io/serving-cert-secret-name: {{ include "kiali-server.fullname" . }}-cert-secret + {{- end }} + kiali.io/api-spec: https://kiali.io/api + kiali.io/api-type: rest + {{- if .Values.deployment.service_annotations }} + {{- toYaml .Values.deployment.service_annotations | nindent 4 }} + {{- end }} +spec: + {{- if .Values.deployment.service_type }} + type: {{ .Values.deployment.service_type }} + {{- end }} + ports: + {{- if (include "kiali-server.identity.cert_file" .) }} + - name: tcp + {{- else }} + - name: http + {{- end }} + protocol: TCP + port: {{ .Values.server.port }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + protocol: TCP + port: {{ .Values.server.metrics_port }} + {{- end }} + selector: + {{- include "kiali-server.selectorLabels" . | nindent 4 }} + {{- if .Values.deployment.additional_service_yaml }} + {{- toYaml .Values.deployment.additional_service_yaml | nindent 2 }} + {{- end }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/serviceaccount.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/serviceaccount.yaml new file mode 100644 index 000000000..9151b6f6a --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/serviceaccount.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/validate-install-crd.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/validate-install-crd.yaml new file mode 100644 index 000000000..01d33e632 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/validate-install-crd.yaml @@ -0,0 +1,14 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "monitoring.kiali.io/v1alpha1/MonitoringDashboard" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the rancher-kiali-server-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/web-root-configmap.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/web-root-configmap.yaml new file mode 100644 index 000000000..970d4e4f5 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/templates/web-root-configmap.yaml @@ -0,0 +1,12 @@ +{{- if .Values.web_root_override }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: kiali-console + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + env.js: | + window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:kiali:20001/proxy/kiali'; +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/values.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/values.yaml new file mode 100644 index 000000000..fccc6d4ce --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.24.003/values.yaml @@ -0,0 +1,79 @@ +nameOverride: "kiali" +fullnameOverride: "kiali" + +# This is required for "openshift" auth strategy. +# You have to know ahead of time what your Route URL will be because +# right now the helm chart can't figure this out at runtime (it would +# need to wait for the Kiali Route to be deployed and for OpenShift +# to start it up). If someone knows how to update this helm chart to +# do this, a PR would be welcome. +kiali_route_url: "" + +# rancher specific override that allows proxy access to kiali url +web_root_override: true + +# +# Settings that mimic the Kiali CR which are placed in the ConfigMap. +# Note that only those values used by the Helm Chart will be here. +# + +istio_namespace: "" # default is where Kiali is installed + +auth: + openid: {} + openshift: {} + strategy: "" + +deployment: + # This only limits what Kiali will attempt to see, but Kiali Service Account has permissions to see everything. + # For more control over what the Kial Service Account can see, use the Kiali Operator + accessible_namespaces: + - "**" + additional_service_yaml: {} + affinity: + node: {} + pod: {} + pod_anti: {} + custom_dashboards: + excludes: [''] + includes: ['*'] + repository: rancher/kiali-kiali + image_pull_policy: "Always" + image_pull_secrets: [] + tag: v1.24.0 + ingress_enabled: true + node_selector: {} + override_ingress_yaml: + metadata: {} + pod_annotations: {} + priority_class_name: "" + replicas: 1 + resources: {} + secret_name: "kiali" + service_annotations: {} + service_type: "" + tolerations: [] + verbose_mode: "3" + version_label: v1.24.0 + view_only_mode: false + +identity: {} + #cert_file: + #private_key_file: + +login_token: + signing_key: "" + +server: + port: 20001 + metrics_enabled: true + metrics_port: 9090 + web_root: "" + +# Common settings used among istio subcharts. +global: + # Specify rancher clusterId of external tracing config + # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 + cattle: + systemDefaultRegistry: "" + clusterId: diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/Chart.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/Chart.yaml new file mode 100755 index 000000000..9ad884d7b --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/Chart.yaml @@ -0,0 +1,31 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=match + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 + catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 + catalog.rancher.io/namespace: cattle-istio-system + catalog.rancher.io/release-name: rancher-kiali-server +apiVersion: v2 +appVersion: v1.29.0 +description: Kiali is an open source project for service mesh observability, refer + to https://www.kiali.io for details. This is installed as sub-chart with customized + values in Rancher's Istio. +home: https://github.com/kiali/kiali +icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png +keywords: +- istio +- kiali +- networking +- infrastructure +maintainers: +- email: kiali-users@googlegroups.com + name: Kiali + url: https://kiali.io +name: rancher-kiali-server +sources: +- https://github.com/kiali/kiali +- https://github.com/kiali/kiali-ui +- https://github.com/kiali/kiali-operator +- https://github.com/kiali/helm-charts +version: 1.29.000 diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/NOTES.txt b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/NOTES.txt new file mode 100755 index 000000000..751019401 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/NOTES.txt @@ -0,0 +1,5 @@ +Welcome to Kiali! For more details on Kiali, see: https://kiali.io + +The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon. + +(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}]) diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/_helpers.tpl b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/_helpers.tpl new file mode 100755 index 000000000..dd33bbe48 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/_helpers.tpl @@ -0,0 +1,192 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "kiali-server.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kiali-server.fullname" -}} +{{- if .Values.fullnameOverride }} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} + {{- $name := default .Chart.Name .Values.nameOverride }} + {{- printf "%s" $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kiali-server.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Identifies the log_level with the old verbose_mode and the new log_level considered. +*/}} +{{- define "kiali-server.logLevel" -}} +{{- if .Values.deployment.verbose_mode -}} +{{- .Values.deployment.verbose_mode -}} +{{- else -}} +{{- .Values.deployment.logger.log_level -}} +{{- end -}} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kiali-server.labels" -}} +helm.sh/chart: {{ include "kiali-server.chart" . }} +app: {{ include "kiali-server.name" . }} +{{ include "kiali-server.selectorLabels" . }} +version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/part-of: "kiali" +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kiali-server.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kiali-server.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Used to determine if a custom dashboard (defined in .Template.Name) should be deployed. +*/}} +{{- define "kiali-server.isDashboardEnabled" -}} +{{- if .Values.external_services.custom_dashboards.enabled }} + {{- $includere := "" }} + {{- range $_, $s := .Values.deployment.custom_dashboards.includes }} + {{- if $s }} + {{- if $includere }} + {{- $includere = printf "%s|^%s$" $includere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $includere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} + {{- end }} + {{- $excludere := "" }} + {{- range $_, $s := .Values.deployment.custom_dashboards.excludes }} + {{- if $s }} + {{- if $excludere }} + {{- $excludere = printf "%s|^%s$" $excludere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $excludere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} + {{- end }} + {{- if (and (mustRegexMatch (default "no-matches" $includere) (base .Template.Name)) (not (mustRegexMatch (default "no-matches" $excludere) (base .Template.Name)))) }} + {{- print "enabled" }} + {{- else }} + {{- print "" }} + {{- end }} +{{- else }} + {{- print "" }} +{{- end }} +{{- end }} + +{{/* +Determine the default login token signing key. +*/}} +{{- define "kiali-server.login_token.signing_key" -}} +{{- if .Values.login_token.signing_key }} + {{- .Values.login_token.signing_key }} +{{- else }} + {{- randAlphaNum 16 }} +{{- end }} +{{- end }} + +{{/* +Determine the default web root. +*/}} +{{- define "kiali-server.server.web_root" -}} +{{- if .Values.server.web_root }} + {{- .Values.server.web_root | trimSuffix "/" }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/" }} + {{- else }} + {{- "/kiali" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity cert file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.cert_file" -}} +{{- if hasKey .Values.identity "cert_file" }} + {{- .Values.identity.cert_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.crt" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity private key file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.private_key_file" -}} +{{- if hasKey .Values.identity "private_key_file" }} + {{- .Values.identity.private_key_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.key" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the istio namespace - default is where Kiali is installed. +*/}} +{{- define "kiali-server.istio_namespace" -}} +{{- if .Values.istio_namespace }} + {{- .Values.istio_namespace }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} + +{{/* +Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift. +*/}} +{{- define "kiali-server.auth.strategy" -}} +{{- if .Values.auth.strategy }} + {{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }} + {{- end }} + {{- .Values.auth.strategy }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- if not .Values.kiali_route_url }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }} + {{- end }} + {{- "openshift" }} + {{- else }} + {{- "token" }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/cabundle.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/cabundle.yaml new file mode 100755 index 000000000..7462b95a7 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/cabundle.yaml @@ -0,0 +1,13 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }}-cabundle + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + service.beta.openshift.io/inject-cabundle: "true" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/configmap.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/configmap.yaml new file mode 100755 index 000000000..b1bf53173 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/configmap.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + config.yaml: | + {{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}} + {{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }} + {{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}} + {{- $_ := set $cm.deployment "namespace" .Release.Namespace }} + {{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}} + {{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }} + {{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }} + {{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }} + {{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }} + {{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }} + {{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }} + {{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }} + {{- toYaml $cm | nindent 4 }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/envoy.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/envoy.yaml new file mode 100755 index 000000000..8d961b848 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/envoy.yaml @@ -0,0 +1,55 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: envoy + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Envoy Metrics +# discoverOn: "envoy_server_uptime" + items: + - chart: + name: "Pods uptime" + spans: 4 + metricName: "envoy_server_uptime" + dataType: "raw" + - chart: + name: "Allocated memory" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_allocated" + dataType: "raw" + min: 0 + - chart: + name: "Heap size" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_heap_size" + dataType: "raw" + min: 0 + - chart: + name: "Upstream active connections" + spans: 6 + metricName: "envoy_cluster_upstream_cx_active" + dataType: "raw" + - chart: + name: "Upstream total requests" + spans: 6 + metricName: "envoy_cluster_upstream_rq_total" + unit: "rps" + dataType: "rate" + - chart: + name: "Downstream active connections" + spans: 6 + metricName: "envoy_listener_downstream_cx_active" + dataType: "raw" + - chart: + name: "Downstream HTTP requests" + spans: 6 + metricName: "envoy_listener_http_downstream_rq" + unit: "rps" + dataType: "rate" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/go.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/go.yaml new file mode 100755 index 000000000..01ebed7b5 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/go.yaml @@ -0,0 +1,66 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: go + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Go Metrics + runtime: Go + discoverOn: "go_info" + items: + - chart: + name: "CPU ratio" + spans: 6 + metricName: "process_cpu_seconds_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "RSS Memory" + unit: "bytes" + spans: 6 + metricName: "process_resident_memory_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Goroutines" + spans: 6 + metricName: "go_goroutines" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Heap allocation rate" + unit: "bytes/s" + spans: 6 + metricName: "go_memstats_alloc_bytes_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "GC rate" + spans: 6 + metricName: "go_gc_duration_seconds_count" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Next GC" + unit: "bytes" + spans: 6 + metricName: "go_memstats_next_gc_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/kiali.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/kiali.yaml new file mode 100755 index 000000000..0d5b5caa2 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/kiali.yaml @@ -0,0 +1,43 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: kiali + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Kiali Internal Metrics + items: + - chart: + name: "API processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_api_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "route" + displayName: "Route" + - chart: + name: "Functions processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_go_function_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" + - chart: + name: "Failures" + spans: 12 + metricName: "kiali_go_function_failures_total" + dataType: "raw" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml new file mode 100755 index 000000000..e89e1200c --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml @@ -0,0 +1,42 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Pool Metrics + discoverOn: "jvm_buffer_total_capacity_bytes" + items: + - chart: + name: "Pool buffer memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer capacity" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_total_capacity_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer count" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_count" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/micrometer-1.0.6-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/micrometer-1.0.6-jvm.yaml new file mode 100755 index 000000000..ab487dccc --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/micrometer-1.0.6-jvm.yaml @@ -0,0 +1,64 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live" + items: + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon" + dataType: "raw" + - chart: + name: "Loaded classes" + spans: 4 + metricName: "jvm_classes_loaded" + dataType: "raw" + + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/micrometer-1.1-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/micrometer-1.1-jvm.yaml new file mode 100755 index 000000000..d7014951d --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/micrometer-1.1-jvm.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.1-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live_threads" + items: + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live_threads" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon_threads" + dataType: "raw" + - chart: + name: "Threads states" + spans: 4 + metricName: "jvm_threads_states_threads" + dataType: "raw" + aggregations: + - label: "state" + displayName: "State" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/microprofile-1.1.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/microprofile-1.1.yaml new file mode 100755 index 000000000..c00446c10 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/microprofile-1.1.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-1.1 + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:thread_count" + items: + - chart: + name: "Current loaded classes" + spans: 6 + metricName: "base:classloader_current_loaded_class_count" + dataType: "raw" + - chart: + name: "Unloaded classes" + spans: 6 + metricName: "base:classloader_total_unloaded_class_count" + dataType: "raw" + - chart: + name: "Thread count" + spans: 4 + metricName: "base:thread_count" + dataType: "raw" + - chart: + name: "Thread max count" + spans: 4 + metricName: "base:thread_max_count" + dataType: "raw" + - chart: + name: "Thread daemon count" + spans: 4 + metricName: "base:thread_daemon_count" + dataType: "raw" + - chart: + name: "Committed heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_committed_heap_bytes" + dataType: "raw" + - chart: + name: "Max heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_max_heap_bytes" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_used_heap_bytes" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/microprofile-x.y.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/microprofile-x.y.yaml new file mode 100755 index 000000000..d15f527d9 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/microprofile-x.y.yaml @@ -0,0 +1,37 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-x.y + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:gc_complete_scavenger_count" + items: + - chart: + name: "Young GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_young_generation_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Young GC count" + spans: 3 + metricName: "base:gc_young_generation_scavenger_count" + dataType: "raw" + - chart: + name: "Total GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_complete_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Total GC count" + spans: 3 + metricName: "base:gc_complete_scavenger_count" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/nodejs.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/nodejs.yaml new file mode 100755 index 000000000..d772a16c0 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/nodejs.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: nodejs + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Node.js + title: Node.js Metrics + discoverOn: "nodejs_active_handles_total" + items: + - chart: + name: "Active handles" + spans: 4 + metricName: "nodejs_active_handles_total" + dataType: "raw" + - chart: + name: "Active requests" + spans: 4 + metricName: "nodejs_active_requests_total" + dataType: "raw" + - chart: + name: "Event loop lag" + unit: "seconds" + spans: 4 + metricName: "nodejs_eventloop_lag_seconds" + dataType: "raw" + - chart: + name: "Total heap size" + unit: "bytes" + spans: 12 + metricName: "nodejs_heap_space_size_total_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Used heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_used_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Available heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_available_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/quarkus.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/quarkus.yaml new file mode 100755 index 000000000..4fc3e9ac0 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/quarkus.yaml @@ -0,0 +1,32 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: quarkus + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Quarkus Metrics + runtime: Quarkus + items: + - chart: + name: "Thread count" + spans: 4 + metricName: "vendor:thread_count" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_heap_usage_bytes" + dataType: "raw" + - chart: + name: "Used non-heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_non_heap_usage_bytes" + dataType: "raw" + - include: "microprofile-x.y" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/springboot-jvm-pool.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/springboot-jvm-pool.yaml new file mode 100755 index 000000000..2ff4ae576 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/springboot-jvm-pool.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Pool Metrics + items: + - include: "micrometer-1.0.6-jvm-pool" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/springboot-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/springboot-jvm.yaml new file mode 100755 index 000000000..8bd43055b --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/springboot-jvm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Metrics + items: + - include: "micrometer-1.0.6-jvm" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/springboot-tomcat.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/springboot-tomcat.yaml new file mode 100755 index 000000000..4b27aee4f --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/springboot-tomcat.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-tomcat + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: Tomcat Metrics + items: + - include: "tomcat" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/thorntail.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/thorntail.yaml new file mode 100755 index 000000000..513488df4 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/thorntail.yaml @@ -0,0 +1,21 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: thorntail + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Thorntail + title: Thorntail Metrics + discoverOn: "vendor:loaded_modules" + items: + - include: "microprofile-1.1" + - chart: + name: "Loaded modules" + spans: 6 + metricName: "vendor:loaded_modules" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/tomcat.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/tomcat.yaml new file mode 100755 index 000000000..28fd7f1cc --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/tomcat.yaml @@ -0,0 +1,66 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: tomcat + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Tomcat + title: Tomcat Metrics + discoverOn: "tomcat_sessions_created_total" + items: + - chart: + name: "Sessions created" + spans: 4 + metricName: "tomcat_sessions_created_total" + dataType: "raw" + - chart: + name: "Active sessions" + spans: 4 + metricName: "tomcat_sessions_active_current" + dataType: "raw" + - chart: + name: "Sessions rejected" + spans: 4 + metricName: "tomcat_sessions_rejected_total" + dataType: "raw" + + - chart: + name: "Bytes sent" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_sent_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Bytes received" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_received_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + + - chart: + name: "Global errors" + spans: 6 + metricName: "tomcat_global_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Servlet errors" + spans: 6 + metricName: "tomcat_servlet_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/vertx-client.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/vertx-client.yaml new file mode 100755 index 000000000..17392d87f --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/vertx-client.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-client + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Client Metrics + discoverOn: "vertx_http_client_connections" + items: + - chart: + name: "Client response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_client_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_client_requestCount_total" + dataType: "rate" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client active connections" + spans: 6 + metricName: "vertx_http_client_connections" + dataType: "raw" + - chart: + name: "Client active websockets" + spans: 6 + metricName: "vertx_http_client_wsConnections" + dataType: "raw" + - chart: + name: "Client bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesSent" + dataType: "histogram" + - chart: + name: "Client bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/vertx-eventbus.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/vertx-eventbus.yaml new file mode 100755 index 000000000..fa659b55c --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/vertx-eventbus.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-eventbus + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Eventbus Metrics + discoverOn: "vertx_eventbus_handlers" + items: + - chart: + name: "Event bus handlers" + spans: 6 + metricName: "vertx_eventbus_handlers" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus pending messages" + spans: 6 + metricName: "vertx_eventbus_pending" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus processing time" + unit: "seconds" + spans: 6 + metricName: "vertx_eventbus_processingTime_seconds" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes read" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesRead" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes written" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesWritten" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/vertx-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/vertx-jvm.yaml new file mode 100755 index 000000000..ac03ea2e0 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/vertx-jvm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: JVM Metrics + items: + - include: "micrometer-1.1-jvm" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/vertx-pool.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/vertx-pool.yaml new file mode 100755 index 000000000..3715e9c10 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/vertx-pool.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Pools Metrics + discoverOn: "vertx_pool_ratio" + items: + - chart: + name: "Usage duration" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_usage_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Usage ratio" + spans: 6 + metricName: "vertx_pool_ratio" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Queue size" + spans: 6 + metricName: "vertx_pool_queue_size" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Time in queue" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_queue_delay_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Resources used" + spans: 6 + metricName: "vertx_pool_inUse" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/vertx-server.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/vertx-server.yaml new file mode 100755 index 000000000..686295468 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/dashboards/vertx-server.yaml @@ -0,0 +1,61 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-server + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Server Metrics + discoverOn: "vertx_http_server_connections" + items: + - chart: + name: "Server response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_server_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_server_requestCount_total" + dataType: "rate" + aggregations: + - label: "code" + displayName: "Error code" + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server active connections" + spans: 6 + metricName: "vertx_http_server_connections" + dataType: "raw" + - chart: + name: "Server active websockets" + spans: 6 + metricName: "vertx_http_server_wsConnections" + dataType: "raw" + - chart: + name: "Server bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesSent" + dataType: "histogram" + - chart: + name: "Server bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/deployment.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/deployment.yaml new file mode 100755 index 000000000..de5ae7ebe --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/deployment.yaml @@ -0,0 +1,174 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.deployment.replicas }} + selector: + matchLabels: + {{- include "kiali-server.selectorLabels" . | nindent 6 }} + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 8 }} + {{- if .Values.deployment.pod_labels }} + {{- toYaml .Values.deployment.pod_labels | nindent 8 }} + {{- end }} + annotations: + {{- if .Values.server.metrics_enabled }} + prometheus.io/scrape: "true" + prometheus.io/port: {{ .Values.server.metrics_port | quote }} + {{- else }} + prometheus.io/scrape: "false" + prometheus.io/port: null + {{- end }} + kiali.io/runtimes: go,kiali + {{- if .Values.deployment.pod_annotations }} + {{- toYaml .Values.deployment.pod_annotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "kiali-server.fullname" . }} + {{- if .Values.deployment.priority_class_name }} + priorityClassName: {{ .Values.deployment.priority_class_name | quote }} + {{- end }} + {{- if .Values.deployment.image_pull_secrets }} + imagePullSecrets: + {{- range .Values.deployment.image_pull_secrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}:{{ .Values.deployment.tag }}" + imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }} + name: {{ include "kiali-server.fullname" . }} + command: + - "/opt/kiali/kiali" + - "-config" + - "/kiali-configuration/config.yaml" + ports: + - name: api-port + containerPort: {{ .Values.server.port | default 20001 }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + containerPort: {{ .Values.server.metrics_port | default 9090 }} + {{- end }} + readinessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + livenessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + env: + - name: ACTIVE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LOG_LEVEL + value: "{{ include "kiali-server.logLevel" . }}" + - name: LOG_FORMAT + value: "{{ .Values.deployment.logger.log_format }}" + - name: LOG_TIME_FIELD_FORMAT + value: "{{ .Values.deployment.logger.time_field_format }}" + - name: LOG_SAMPLER_RATE + value: "{{ .Values.deployment.logger.sampler_rate }}" + volumeMounts: + {{- if .Values.web_root_override }} + - name: kiali-console + subPath: env.js + mountPath: /opt/kiali/console/env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + mountPath: "/kiali-configuration" + - name: {{ include "kiali-server.fullname" . }}-cert + mountPath: "/kiali-cert" + - name: {{ include "kiali-server.fullname" . }}-secret + mountPath: "/kiali-secret" + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + mountPath: "/kiali-cabundle" + {{- end }} + {{- if .Values.deployment.resources }} + resources: + {{- toYaml .Values.deployment.resources | nindent 10 }} + {{- end }} + volumes: + {{- if .Values.web_root_override }} + - name: kiali-console + configMap: + name: kiali-console + items: + - key: env.js + path: env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + configMap: + name: {{ include "kiali-server.fullname" . }} + - name: {{ include "kiali-server.fullname" . }}-cert + secret: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + secretName: {{ include "kiali-server.fullname" . }}-cert-secret + {{- else }} + secretName: istio.{{ include "kiali-server.fullname" . }}-service-account + {{- end }} + {{- if not (include "kiali-server.identity.cert_file" .) }} + optional: true + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-secret + secret: + secretName: {{ .Values.deployment.secret_name }} + optional: true + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + configMap: + name: {{ include "kiali-server.fullname" . }}-cabundle + {{- end }} + {{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.pod) (.Values.deployment.pod_anti)) }} + affinity: + {{- if .Values.deployment.affinity.node }} + nodeAffinity: + {{- toYaml .Values.deployment.affinity.node | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod }} + podAffinity: + {{- toYaml .Values.deployment.affinity.pod | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod_anti }} + podAntiAffinity: + {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }} + {{- end }} + {{- end }} + {{- if .Values.deployment.tolerations }} + tolerations: + {{- toYaml .Values.deployment.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.deployment.node_selector }} + nodeSelector: + {{- toYaml .Values.deployment.node_selector | nindent 8 }} + {{- end }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/hpa.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/hpa.yaml new file mode 100755 index 000000000..934c4c1e9 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/hpa.yaml @@ -0,0 +1,17 @@ +{{- if .Values.deployment.hpa.spec }} +--- +apiVersion: {{ .Values.deployment.hpa.api_version }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "kiali-server.fullname" . }} + {{- toYaml .Values.deployment.hpa.spec | nindent 2 }} +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/ingress.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/ingress.yaml new file mode 100755 index 000000000..e4c98db1b --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/ingress.yaml @@ -0,0 +1,40 @@ +{{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} +{{- if .Values.deployment.ingress_enabled }} +--- +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }} + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- else }} + # For ingress-nginx versions older than 0.20.0 use secure-backends. + # (see: https://github.com/kubernetes/ingress-nginx/issues/3416#issuecomment-438247948) + # For ingress-nginx versions 0.20.0 and later use backend-protocol. + {{- if (include "kiali-server.identity.cert_file" .) }} + nginx.ingress.kubernetes.io/secure-backends: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + {{- else }} + nginx.ingress.kubernetes.io/secure-backends: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + {{- end }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + rules: + - http: + paths: + - path: {{ include "kiali-server.server.web_root" . }} + backend: + serviceName: {{ include "kiali-server.fullname" . }} + servicePort: {{ .Values.server.port }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/oauth.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/oauth.yaml new file mode 100755 index 000000000..a178bb85e --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/oauth.yaml @@ -0,0 +1,17 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.kiali_route_url }} +--- +apiVersion: oauth.openshift.io/v1 +kind: OAuthClient +metadata: + name: {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +redirectURIs: +- {{ .Values.kiali_route_url }} +grantMethod: auto +allowAnyScope: true +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/role-controlplane.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/role-controlplane.yaml new file mode 100755 index 000000000..a22c76756 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/role-controlplane.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - secrets + verbs: + - list +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/role-viewer.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/role-viewer.yaml new file mode 100755 index 000000000..a496c0828 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/role-viewer.yaml @@ -0,0 +1,96 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }}-viewer + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - pods/proxy + - replicationcontrollers + - services + verbs: + - get + - list + - watch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - get + - list + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - get + - list +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/role.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/role.yaml new file mode 100755 index 000000000..bd51e8d5e --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/role.yaml @@ -0,0 +1,107 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - pods/proxy + - replicationcontrollers + - services + verbs: + - get + - list + - patch + - watch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - patch + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - patch + - watch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - patch + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/rolebinding-controlplane.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/rolebinding-controlplane.yaml new file mode 100755 index 000000000..fcd8fd579 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/rolebinding-controlplane.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kiali-controlplane +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/rolebinding.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/rolebinding.yaml new file mode 100755 index 000000000..1eaabd65f --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + {{- if .Values.deployment.view_only_mode }} + name: {{ include "kiali-server.fullname" . }}-viewer + {{- else }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/route.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/route.yaml new file mode 100755 index 000000000..27940dc96 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/route.yaml @@ -0,0 +1,30 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.deployment.ingress_enabled }} +# As of OpenShift 4.5, need to use --disable-openapi-validation when installing via Helm +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}} + annotations: + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + tls: + termination: reencrypt + insecureEdgeTerminationPolicy: Redirect + to: + kind: Service + targetPort: {{ .Values.server.port }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/service.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/service.yaml new file mode 100755 index 000000000..69dc395d1 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/service.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + service.beta.openshift.io/serving-cert-secret-name: {{ include "kiali-server.fullname" . }}-cert-secret + {{- end }} + kiali.io/api-spec: https://kiali.io/api + kiali.io/api-type: rest + {{- if .Values.deployment.service_annotations }} + {{- toYaml .Values.deployment.service_annotations | nindent 4 }} + {{- end }} +spec: + {{- if .Values.deployment.service_type }} + type: {{ .Values.deployment.service_type }} + {{- end }} + ports: + {{- if (include "kiali-server.identity.cert_file" .) }} + - name: tcp + {{- else }} + - name: http + {{- end }} + protocol: TCP + port: {{ .Values.server.port }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + protocol: TCP + port: {{ .Values.server.metrics_port }} + {{- end }} + selector: + {{- include "kiali-server.selectorLabels" . | nindent 4 }} + {{- if .Values.deployment.additional_service_yaml }} + {{- toYaml .Values.deployment.additional_service_yaml | nindent 2 }} + {{- end }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/serviceaccount.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/serviceaccount.yaml new file mode 100755 index 000000000..9151b6f6a --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/serviceaccount.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/validate-install-crd.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/validate-install-crd.yaml new file mode 100755 index 000000000..b42eeb266 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/validate-install-crd.yaml @@ -0,0 +1,14 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "monitoring.kiali.io/v1alpha1/MonitoringDashboard" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/web-root-configmap.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/web-root-configmap.yaml new file mode 100755 index 000000000..970d4e4f5 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/templates/web-root-configmap.yaml @@ -0,0 +1,12 @@ +{{- if .Values.web_root_override }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: kiali-console + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + env.js: | + window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:kiali:20001/proxy/kiali'; +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/values.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/values.yaml new file mode 100755 index 000000000..46d703c18 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.000/values.yaml @@ -0,0 +1,91 @@ +nameOverride: "kiali" +fullnameOverride: "kiali" + +# This is required for "openshift" auth strategy. +# You have to know ahead of time what your Route URL will be because +# right now the helm chart can't figure this out at runtime (it would +# need to wait for the Kiali Route to be deployed and for OpenShift +# to start it up). If someone knows how to update this helm chart to +# do this, a PR would be welcome. +kiali_route_url: "" + +# rancher specific override that allows proxy access to kiali url +web_root_override: true + +# +# Settings that mimic the Kiali CR which are placed in the ConfigMap. +# Note that only those values used by the Helm Chart will be here. +# + +istio_namespace: "" # default is where Kiali is installed + +auth: + openid: {} + openshift: {} + strategy: "" + +deployment: + # This only limits what Kiali will attempt to see, but Kiali Service Account has permissions to see everything. + # For more control over what the Kial Service Account can see, use the Kiali Operator + accessible_namespaces: + - "**" + additional_service_yaml: {} + affinity: + node: {} + pod: {} + pod_anti: {} + custom_dashboards: + excludes: [''] + includes: ['*'] + hpa: + api_version: "autoscaling/v2beta2" + spec: {} + repository: rancher/mirrored-kiali-kiali + image_pull_policy: "Always" + image_pull_secrets: [] + tag: v1.29.0 + ingress_enabled: true + logger: + log_format: "text" + log_level: "info" + time_field_format: "2006-01-02T15:04:05Z07:00" + sampler_rate: "1" + node_selector: {} + override_ingress_yaml: + metadata: {} + pod_annotations: {} + pod_labels: {} + priority_class_name: "" + replicas: 1 + resources: {} + secret_name: "kiali" + service_annotations: {} + service_type: "" + tolerations: [] + version_label: v1.29.0 + view_only_mode: false + +external_services: + custom_dashboards: + enabled: true + +identity: {} + #cert_file: + #private_key_file: + +login_token: + signing_key: "" + +server: + port: 20001 + metrics_enabled: true + metrics_port: 9090 + web_root: "" + +# Common settings used among istio subcharts. +global: + # Specify rancher clusterId of external tracing config + # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 + cattle: + systemDefaultRegistry: "" + clusterId: diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/Chart.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/Chart.yaml new file mode 100755 index 000000000..3d52d054c --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/Chart.yaml @@ -0,0 +1,31 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=match + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 + catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 + catalog.rancher.io/namespace: cattle-istio-system + catalog.rancher.io/release-name: rancher-kiali-server +apiVersion: v2 +appVersion: v1.29.0 +description: Kiali is an open source project for service mesh observability, refer + to https://www.kiali.io for details. This is installed as sub-chart with customized + values in Rancher's Istio. +home: https://github.com/kiali/kiali +icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png +keywords: +- istio +- kiali +- networking +- infrastructure +maintainers: +- email: kiali-users@googlegroups.com + name: Kiali + url: https://kiali.io +name: rancher-kiali-server +sources: +- https://github.com/kiali/kiali +- https://github.com/kiali/kiali-ui +- https://github.com/kiali/kiali-operator +- https://github.com/kiali/helm-charts +version: 1.29.100 diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/NOTES.txt b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/NOTES.txt new file mode 100755 index 000000000..751019401 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/NOTES.txt @@ -0,0 +1,5 @@ +Welcome to Kiali! For more details on Kiali, see: https://kiali.io + +The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon. + +(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}]) diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/_helpers.tpl b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/_helpers.tpl new file mode 100755 index 000000000..dd33bbe48 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/_helpers.tpl @@ -0,0 +1,192 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "kiali-server.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kiali-server.fullname" -}} +{{- if .Values.fullnameOverride }} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} + {{- $name := default .Chart.Name .Values.nameOverride }} + {{- printf "%s" $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kiali-server.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Identifies the log_level with the old verbose_mode and the new log_level considered. +*/}} +{{- define "kiali-server.logLevel" -}} +{{- if .Values.deployment.verbose_mode -}} +{{- .Values.deployment.verbose_mode -}} +{{- else -}} +{{- .Values.deployment.logger.log_level -}} +{{- end -}} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kiali-server.labels" -}} +helm.sh/chart: {{ include "kiali-server.chart" . }} +app: {{ include "kiali-server.name" . }} +{{ include "kiali-server.selectorLabels" . }} +version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/part-of: "kiali" +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kiali-server.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kiali-server.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Used to determine if a custom dashboard (defined in .Template.Name) should be deployed. +*/}} +{{- define "kiali-server.isDashboardEnabled" -}} +{{- if .Values.external_services.custom_dashboards.enabled }} + {{- $includere := "" }} + {{- range $_, $s := .Values.deployment.custom_dashboards.includes }} + {{- if $s }} + {{- if $includere }} + {{- $includere = printf "%s|^%s$" $includere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $includere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} + {{- end }} + {{- $excludere := "" }} + {{- range $_, $s := .Values.deployment.custom_dashboards.excludes }} + {{- if $s }} + {{- if $excludere }} + {{- $excludere = printf "%s|^%s$" $excludere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $excludere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} + {{- end }} + {{- if (and (mustRegexMatch (default "no-matches" $includere) (base .Template.Name)) (not (mustRegexMatch (default "no-matches" $excludere) (base .Template.Name)))) }} + {{- print "enabled" }} + {{- else }} + {{- print "" }} + {{- end }} +{{- else }} + {{- print "" }} +{{- end }} +{{- end }} + +{{/* +Determine the default login token signing key. +*/}} +{{- define "kiali-server.login_token.signing_key" -}} +{{- if .Values.login_token.signing_key }} + {{- .Values.login_token.signing_key }} +{{- else }} + {{- randAlphaNum 16 }} +{{- end }} +{{- end }} + +{{/* +Determine the default web root. +*/}} +{{- define "kiali-server.server.web_root" -}} +{{- if .Values.server.web_root }} + {{- .Values.server.web_root | trimSuffix "/" }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/" }} + {{- else }} + {{- "/kiali" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity cert file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.cert_file" -}} +{{- if hasKey .Values.identity "cert_file" }} + {{- .Values.identity.cert_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.crt" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity private key file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.private_key_file" -}} +{{- if hasKey .Values.identity "private_key_file" }} + {{- .Values.identity.private_key_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.key" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the istio namespace - default is where Kiali is installed. +*/}} +{{- define "kiali-server.istio_namespace" -}} +{{- if .Values.istio_namespace }} + {{- .Values.istio_namespace }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} + +{{/* +Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift. +*/}} +{{- define "kiali-server.auth.strategy" -}} +{{- if .Values.auth.strategy }} + {{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }} + {{- end }} + {{- .Values.auth.strategy }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- if not .Values.kiali_route_url }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }} + {{- end }} + {{- "openshift" }} + {{- else }} + {{- "token" }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/cabundle.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/cabundle.yaml new file mode 100755 index 000000000..7462b95a7 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/cabundle.yaml @@ -0,0 +1,13 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }}-cabundle + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + service.beta.openshift.io/inject-cabundle: "true" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/configmap.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/configmap.yaml new file mode 100755 index 000000000..b1bf53173 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/configmap.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + config.yaml: | + {{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}} + {{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }} + {{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}} + {{- $_ := set $cm.deployment "namespace" .Release.Namespace }} + {{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}} + {{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }} + {{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }} + {{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }} + {{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }} + {{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }} + {{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }} + {{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }} + {{- toYaml $cm | nindent 4 }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/envoy.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/envoy.yaml new file mode 100755 index 000000000..8d961b848 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/envoy.yaml @@ -0,0 +1,55 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: envoy + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Envoy Metrics +# discoverOn: "envoy_server_uptime" + items: + - chart: + name: "Pods uptime" + spans: 4 + metricName: "envoy_server_uptime" + dataType: "raw" + - chart: + name: "Allocated memory" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_allocated" + dataType: "raw" + min: 0 + - chart: + name: "Heap size" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_heap_size" + dataType: "raw" + min: 0 + - chart: + name: "Upstream active connections" + spans: 6 + metricName: "envoy_cluster_upstream_cx_active" + dataType: "raw" + - chart: + name: "Upstream total requests" + spans: 6 + metricName: "envoy_cluster_upstream_rq_total" + unit: "rps" + dataType: "rate" + - chart: + name: "Downstream active connections" + spans: 6 + metricName: "envoy_listener_downstream_cx_active" + dataType: "raw" + - chart: + name: "Downstream HTTP requests" + spans: 6 + metricName: "envoy_listener_http_downstream_rq" + unit: "rps" + dataType: "rate" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/go.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/go.yaml new file mode 100755 index 000000000..01ebed7b5 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/go.yaml @@ -0,0 +1,66 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: go + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Go Metrics + runtime: Go + discoverOn: "go_info" + items: + - chart: + name: "CPU ratio" + spans: 6 + metricName: "process_cpu_seconds_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "RSS Memory" + unit: "bytes" + spans: 6 + metricName: "process_resident_memory_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Goroutines" + spans: 6 + metricName: "go_goroutines" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Heap allocation rate" + unit: "bytes/s" + spans: 6 + metricName: "go_memstats_alloc_bytes_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "GC rate" + spans: 6 + metricName: "go_gc_duration_seconds_count" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Next GC" + unit: "bytes" + spans: 6 + metricName: "go_memstats_next_gc_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/kiali.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/kiali.yaml new file mode 100755 index 000000000..0d5b5caa2 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/kiali.yaml @@ -0,0 +1,43 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: kiali + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Kiali Internal Metrics + items: + - chart: + name: "API processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_api_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "route" + displayName: "Route" + - chart: + name: "Functions processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_go_function_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" + - chart: + name: "Failures" + spans: 12 + metricName: "kiali_go_function_failures_total" + dataType: "raw" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml new file mode 100755 index 000000000..e89e1200c --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml @@ -0,0 +1,42 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Pool Metrics + discoverOn: "jvm_buffer_total_capacity_bytes" + items: + - chart: + name: "Pool buffer memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer capacity" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_total_capacity_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer count" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_count" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/micrometer-1.0.6-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/micrometer-1.0.6-jvm.yaml new file mode 100755 index 000000000..ab487dccc --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/micrometer-1.0.6-jvm.yaml @@ -0,0 +1,64 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live" + items: + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon" + dataType: "raw" + - chart: + name: "Loaded classes" + spans: 4 + metricName: "jvm_classes_loaded" + dataType: "raw" + + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/micrometer-1.1-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/micrometer-1.1-jvm.yaml new file mode 100755 index 000000000..d7014951d --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/micrometer-1.1-jvm.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.1-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live_threads" + items: + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live_threads" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon_threads" + dataType: "raw" + - chart: + name: "Threads states" + spans: 4 + metricName: "jvm_threads_states_threads" + dataType: "raw" + aggregations: + - label: "state" + displayName: "State" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/microprofile-1.1.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/microprofile-1.1.yaml new file mode 100755 index 000000000..c00446c10 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/microprofile-1.1.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-1.1 + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:thread_count" + items: + - chart: + name: "Current loaded classes" + spans: 6 + metricName: "base:classloader_current_loaded_class_count" + dataType: "raw" + - chart: + name: "Unloaded classes" + spans: 6 + metricName: "base:classloader_total_unloaded_class_count" + dataType: "raw" + - chart: + name: "Thread count" + spans: 4 + metricName: "base:thread_count" + dataType: "raw" + - chart: + name: "Thread max count" + spans: 4 + metricName: "base:thread_max_count" + dataType: "raw" + - chart: + name: "Thread daemon count" + spans: 4 + metricName: "base:thread_daemon_count" + dataType: "raw" + - chart: + name: "Committed heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_committed_heap_bytes" + dataType: "raw" + - chart: + name: "Max heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_max_heap_bytes" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_used_heap_bytes" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/microprofile-x.y.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/microprofile-x.y.yaml new file mode 100755 index 000000000..d15f527d9 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/microprofile-x.y.yaml @@ -0,0 +1,37 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-x.y + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:gc_complete_scavenger_count" + items: + - chart: + name: "Young GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_young_generation_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Young GC count" + spans: 3 + metricName: "base:gc_young_generation_scavenger_count" + dataType: "raw" + - chart: + name: "Total GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_complete_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Total GC count" + spans: 3 + metricName: "base:gc_complete_scavenger_count" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/nodejs.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/nodejs.yaml new file mode 100755 index 000000000..d772a16c0 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/nodejs.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: nodejs + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Node.js + title: Node.js Metrics + discoverOn: "nodejs_active_handles_total" + items: + - chart: + name: "Active handles" + spans: 4 + metricName: "nodejs_active_handles_total" + dataType: "raw" + - chart: + name: "Active requests" + spans: 4 + metricName: "nodejs_active_requests_total" + dataType: "raw" + - chart: + name: "Event loop lag" + unit: "seconds" + spans: 4 + metricName: "nodejs_eventloop_lag_seconds" + dataType: "raw" + - chart: + name: "Total heap size" + unit: "bytes" + spans: 12 + metricName: "nodejs_heap_space_size_total_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Used heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_used_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Available heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_available_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/quarkus.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/quarkus.yaml new file mode 100755 index 000000000..4fc3e9ac0 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/quarkus.yaml @@ -0,0 +1,32 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: quarkus + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Quarkus Metrics + runtime: Quarkus + items: + - chart: + name: "Thread count" + spans: 4 + metricName: "vendor:thread_count" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_heap_usage_bytes" + dataType: "raw" + - chart: + name: "Used non-heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_non_heap_usage_bytes" + dataType: "raw" + - include: "microprofile-x.y" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/springboot-jvm-pool.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/springboot-jvm-pool.yaml new file mode 100755 index 000000000..2ff4ae576 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/springboot-jvm-pool.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Pool Metrics + items: + - include: "micrometer-1.0.6-jvm-pool" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/springboot-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/springboot-jvm.yaml new file mode 100755 index 000000000..8bd43055b --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/springboot-jvm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Metrics + items: + - include: "micrometer-1.0.6-jvm" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/springboot-tomcat.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/springboot-tomcat.yaml new file mode 100755 index 000000000..4b27aee4f --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/springboot-tomcat.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-tomcat + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: Tomcat Metrics + items: + - include: "tomcat" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/thorntail.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/thorntail.yaml new file mode 100755 index 000000000..513488df4 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/thorntail.yaml @@ -0,0 +1,21 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: thorntail + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Thorntail + title: Thorntail Metrics + discoverOn: "vendor:loaded_modules" + items: + - include: "microprofile-1.1" + - chart: + name: "Loaded modules" + spans: 6 + metricName: "vendor:loaded_modules" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/tomcat.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/tomcat.yaml new file mode 100755 index 000000000..28fd7f1cc --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/tomcat.yaml @@ -0,0 +1,66 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: tomcat + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Tomcat + title: Tomcat Metrics + discoverOn: "tomcat_sessions_created_total" + items: + - chart: + name: "Sessions created" + spans: 4 + metricName: "tomcat_sessions_created_total" + dataType: "raw" + - chart: + name: "Active sessions" + spans: 4 + metricName: "tomcat_sessions_active_current" + dataType: "raw" + - chart: + name: "Sessions rejected" + spans: 4 + metricName: "tomcat_sessions_rejected_total" + dataType: "raw" + + - chart: + name: "Bytes sent" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_sent_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Bytes received" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_received_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + + - chart: + name: "Global errors" + spans: 6 + metricName: "tomcat_global_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Servlet errors" + spans: 6 + metricName: "tomcat_servlet_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/vertx-client.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/vertx-client.yaml new file mode 100755 index 000000000..17392d87f --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/vertx-client.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-client + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Client Metrics + discoverOn: "vertx_http_client_connections" + items: + - chart: + name: "Client response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_client_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_client_requestCount_total" + dataType: "rate" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client active connections" + spans: 6 + metricName: "vertx_http_client_connections" + dataType: "raw" + - chart: + name: "Client active websockets" + spans: 6 + metricName: "vertx_http_client_wsConnections" + dataType: "raw" + - chart: + name: "Client bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesSent" + dataType: "histogram" + - chart: + name: "Client bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/vertx-eventbus.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/vertx-eventbus.yaml new file mode 100755 index 000000000..fa659b55c --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/vertx-eventbus.yaml @@ -0,0 +1,58 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-eventbus + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Eventbus Metrics + discoverOn: "vertx_eventbus_handlers" + items: + - chart: + name: "Event bus handlers" + spans: 6 + metricName: "vertx_eventbus_handlers" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus pending messages" + spans: 6 + metricName: "vertx_eventbus_pending" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus processing time" + unit: "seconds" + spans: 6 + metricName: "vertx_eventbus_processingTime_seconds" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes read" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesRead" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes written" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesWritten" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/vertx-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/vertx-jvm.yaml new file mode 100755 index 000000000..ac03ea2e0 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/vertx-jvm.yaml @@ -0,0 +1,15 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-jvm + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: JVM Metrics + items: + - include: "micrometer-1.1-jvm" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/vertx-pool.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/vertx-pool.yaml new file mode 100755 index 000000000..3715e9c10 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/vertx-pool.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-pool + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Pools Metrics + discoverOn: "vertx_pool_ratio" + items: + - chart: + name: "Usage duration" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_usage_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Usage ratio" + spans: 6 + metricName: "vertx_pool_ratio" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Queue size" + spans: 6 + metricName: "vertx_pool_queue_size" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Time in queue" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_queue_delay_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Resources used" + spans: 6 + metricName: "vertx_pool_inUse" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/vertx-server.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/vertx-server.yaml new file mode 100755 index 000000000..686295468 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/dashboards/vertx-server.yaml @@ -0,0 +1,61 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-server + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Server Metrics + discoverOn: "vertx_http_server_connections" + items: + - chart: + name: "Server response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_server_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_server_requestCount_total" + dataType: "rate" + aggregations: + - label: "code" + displayName: "Error code" + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server active connections" + spans: 6 + metricName: "vertx_http_server_connections" + dataType: "raw" + - chart: + name: "Server active websockets" + spans: 6 + metricName: "vertx_http_server_wsConnections" + dataType: "raw" + - chart: + name: "Server bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesSent" + dataType: "histogram" + - chart: + name: "Server bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/deployment.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/deployment.yaml new file mode 100755 index 000000000..de5ae7ebe --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/deployment.yaml @@ -0,0 +1,174 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.deployment.replicas }} + selector: + matchLabels: + {{- include "kiali-server.selectorLabels" . | nindent 6 }} + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 8 }} + {{- if .Values.deployment.pod_labels }} + {{- toYaml .Values.deployment.pod_labels | nindent 8 }} + {{- end }} + annotations: + {{- if .Values.server.metrics_enabled }} + prometheus.io/scrape: "true" + prometheus.io/port: {{ .Values.server.metrics_port | quote }} + {{- else }} + prometheus.io/scrape: "false" + prometheus.io/port: null + {{- end }} + kiali.io/runtimes: go,kiali + {{- if .Values.deployment.pod_annotations }} + {{- toYaml .Values.deployment.pod_annotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "kiali-server.fullname" . }} + {{- if .Values.deployment.priority_class_name }} + priorityClassName: {{ .Values.deployment.priority_class_name | quote }} + {{- end }} + {{- if .Values.deployment.image_pull_secrets }} + imagePullSecrets: + {{- range .Values.deployment.image_pull_secrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}:{{ .Values.deployment.tag }}" + imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }} + name: {{ include "kiali-server.fullname" . }} + command: + - "/opt/kiali/kiali" + - "-config" + - "/kiali-configuration/config.yaml" + ports: + - name: api-port + containerPort: {{ .Values.server.port | default 20001 }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + containerPort: {{ .Values.server.metrics_port | default 9090 }} + {{- end }} + readinessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + livenessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + env: + - name: ACTIVE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LOG_LEVEL + value: "{{ include "kiali-server.logLevel" . }}" + - name: LOG_FORMAT + value: "{{ .Values.deployment.logger.log_format }}" + - name: LOG_TIME_FIELD_FORMAT + value: "{{ .Values.deployment.logger.time_field_format }}" + - name: LOG_SAMPLER_RATE + value: "{{ .Values.deployment.logger.sampler_rate }}" + volumeMounts: + {{- if .Values.web_root_override }} + - name: kiali-console + subPath: env.js + mountPath: /opt/kiali/console/env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + mountPath: "/kiali-configuration" + - name: {{ include "kiali-server.fullname" . }}-cert + mountPath: "/kiali-cert" + - name: {{ include "kiali-server.fullname" . }}-secret + mountPath: "/kiali-secret" + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + mountPath: "/kiali-cabundle" + {{- end }} + {{- if .Values.deployment.resources }} + resources: + {{- toYaml .Values.deployment.resources | nindent 10 }} + {{- end }} + volumes: + {{- if .Values.web_root_override }} + - name: kiali-console + configMap: + name: kiali-console + items: + - key: env.js + path: env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + configMap: + name: {{ include "kiali-server.fullname" . }} + - name: {{ include "kiali-server.fullname" . }}-cert + secret: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + secretName: {{ include "kiali-server.fullname" . }}-cert-secret + {{- else }} + secretName: istio.{{ include "kiali-server.fullname" . }}-service-account + {{- end }} + {{- if not (include "kiali-server.identity.cert_file" .) }} + optional: true + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-secret + secret: + secretName: {{ .Values.deployment.secret_name }} + optional: true + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + configMap: + name: {{ include "kiali-server.fullname" . }}-cabundle + {{- end }} + {{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.pod) (.Values.deployment.pod_anti)) }} + affinity: + {{- if .Values.deployment.affinity.node }} + nodeAffinity: + {{- toYaml .Values.deployment.affinity.node | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod }} + podAffinity: + {{- toYaml .Values.deployment.affinity.pod | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod_anti }} + podAntiAffinity: + {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }} + {{- end }} + {{- end }} + {{- if .Values.deployment.tolerations }} + tolerations: + {{- toYaml .Values.deployment.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.deployment.node_selector }} + nodeSelector: + {{- toYaml .Values.deployment.node_selector | nindent 8 }} + {{- end }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/hpa.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/hpa.yaml new file mode 100755 index 000000000..934c4c1e9 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/hpa.yaml @@ -0,0 +1,17 @@ +{{- if .Values.deployment.hpa.spec }} +--- +apiVersion: {{ .Values.deployment.hpa.api_version }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "kiali-server.fullname" . }} + {{- toYaml .Values.deployment.hpa.spec | nindent 2 }} +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/ingress.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/ingress.yaml new file mode 100755 index 000000000..e4c98db1b --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/ingress.yaml @@ -0,0 +1,40 @@ +{{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} +{{- if .Values.deployment.ingress_enabled }} +--- +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }} + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- else }} + # For ingress-nginx versions older than 0.20.0 use secure-backends. + # (see: https://github.com/kubernetes/ingress-nginx/issues/3416#issuecomment-438247948) + # For ingress-nginx versions 0.20.0 and later use backend-protocol. + {{- if (include "kiali-server.identity.cert_file" .) }} + nginx.ingress.kubernetes.io/secure-backends: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + {{- else }} + nginx.ingress.kubernetes.io/secure-backends: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + {{- end }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + rules: + - http: + paths: + - path: {{ include "kiali-server.server.web_root" . }} + backend: + serviceName: {{ include "kiali-server.fullname" . }} + servicePort: {{ .Values.server.port }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/oauth.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/oauth.yaml new file mode 100755 index 000000000..a178bb85e --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/oauth.yaml @@ -0,0 +1,17 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.kiali_route_url }} +--- +apiVersion: oauth.openshift.io/v1 +kind: OAuthClient +metadata: + name: {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +redirectURIs: +- {{ .Values.kiali_route_url }} +grantMethod: auto +allowAnyScope: true +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/psp.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/psp.yaml new file mode 100755 index 000000000..f891892cc --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/psp.yaml @@ -0,0 +1,67 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "kiali-server.fullname" . }}-psp +subjects: + - kind: ServiceAccount + name: kiali +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: + - policy + resourceNames: + - {{ include "kiali-server.fullname" . }}-psp + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - emptyDir + - projected + - secret + - downwardAPI + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/role-controlplane.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/role-controlplane.yaml new file mode 100755 index 000000000..a22c76756 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/role-controlplane.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - secrets + verbs: + - list +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/role-viewer.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/role-viewer.yaml new file mode 100755 index 000000000..a496c0828 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/role-viewer.yaml @@ -0,0 +1,96 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }}-viewer + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - pods/proxy + - replicationcontrollers + - services + verbs: + - get + - list + - watch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - get + - list + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - get + - list +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/role.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/role.yaml new file mode 100755 index 000000000..bd51e8d5e --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/role.yaml @@ -0,0 +1,107 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - pods/proxy + - replicationcontrollers + - services + verbs: + - get + - list + - patch + - watch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - patch + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - patch + - watch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - patch + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/rolebinding-controlplane.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/rolebinding-controlplane.yaml new file mode 100755 index 000000000..fcd8fd579 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/rolebinding-controlplane.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kiali-controlplane +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/rolebinding.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/rolebinding.yaml new file mode 100755 index 000000000..1eaabd65f --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + {{- if .Values.deployment.view_only_mode }} + name: {{ include "kiali-server.fullname" . }}-viewer + {{- else }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/route.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/route.yaml new file mode 100755 index 000000000..27940dc96 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/route.yaml @@ -0,0 +1,30 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.deployment.ingress_enabled }} +# As of OpenShift 4.5, need to use --disable-openapi-validation when installing via Helm +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}} + annotations: + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + tls: + termination: reencrypt + insecureEdgeTerminationPolicy: Redirect + to: + kind: Service + targetPort: {{ .Values.server.port }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/service.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/service.yaml new file mode 100755 index 000000000..69dc395d1 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/service.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + service.beta.openshift.io/serving-cert-secret-name: {{ include "kiali-server.fullname" . }}-cert-secret + {{- end }} + kiali.io/api-spec: https://kiali.io/api + kiali.io/api-type: rest + {{- if .Values.deployment.service_annotations }} + {{- toYaml .Values.deployment.service_annotations | nindent 4 }} + {{- end }} +spec: + {{- if .Values.deployment.service_type }} + type: {{ .Values.deployment.service_type }} + {{- end }} + ports: + {{- if (include "kiali-server.identity.cert_file" .) }} + - name: tcp + {{- else }} + - name: http + {{- end }} + protocol: TCP + port: {{ .Values.server.port }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + protocol: TCP + port: {{ .Values.server.metrics_port }} + {{- end }} + selector: + {{- include "kiali-server.selectorLabels" . | nindent 4 }} + {{- if .Values.deployment.additional_service_yaml }} + {{- toYaml .Values.deployment.additional_service_yaml | nindent 2 }} + {{- end }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/serviceaccount.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/serviceaccount.yaml new file mode 100755 index 000000000..9151b6f6a --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/serviceaccount.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/validate-install-crd.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/validate-install-crd.yaml new file mode 100755 index 000000000..b42eeb266 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/validate-install-crd.yaml @@ -0,0 +1,14 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "monitoring.kiali.io/v1alpha1/MonitoringDashboard" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/web-root-configmap.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/web-root-configmap.yaml new file mode 100755 index 000000000..970d4e4f5 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/templates/web-root-configmap.yaml @@ -0,0 +1,12 @@ +{{- if .Values.web_root_override }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: kiali-console + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + env.js: | + window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:kiali:20001/proxy/kiali'; +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/values.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/values.yaml new file mode 100755 index 000000000..39255bc38 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.29.100/values.yaml @@ -0,0 +1,93 @@ +nameOverride: "kiali" +fullnameOverride: "kiali" + +# This is required for "openshift" auth strategy. +# You have to know ahead of time what your Route URL will be because +# right now the helm chart can't figure this out at runtime (it would +# need to wait for the Kiali Route to be deployed and for OpenShift +# to start it up). If someone knows how to update this helm chart to +# do this, a PR would be welcome. +kiali_route_url: "" + +# rancher specific override that allows proxy access to kiali url +web_root_override: true + +# +# Settings that mimic the Kiali CR which are placed in the ConfigMap. +# Note that only those values used by the Helm Chart will be here. +# + +istio_namespace: "" # default is where Kiali is installed + +auth: + openid: {} + openshift: {} + strategy: "" + +deployment: + # This only limits what Kiali will attempt to see, but Kiali Service Account has permissions to see everything. + # For more control over what the Kial Service Account can see, use the Kiali Operator + accessible_namespaces: + - "**" + additional_service_yaml: {} + affinity: + node: {} + pod: {} + pod_anti: {} + custom_dashboards: + excludes: [''] + includes: ['*'] + hpa: + api_version: "autoscaling/v2beta2" + spec: {} + repository: rancher/mirrored-kiali-kiali + image_pull_policy: "Always" + image_pull_secrets: [] + tag: v1.29.0 + ingress_enabled: true + logger: + log_format: "text" + log_level: "info" + time_field_format: "2006-01-02T15:04:05Z07:00" + sampler_rate: "1" + node_selector: {} + override_ingress_yaml: + metadata: {} + pod_annotations: {} + pod_labels: {} + priority_class_name: "" + replicas: 1 + resources: {} + secret_name: "kiali" + service_annotations: {} + service_type: "" + tolerations: [] + version_label: v1.29.0 + view_only_mode: false + +external_services: + custom_dashboards: + enabled: true + +identity: {} + #cert_file: + #private_key_file: + +login_token: + signing_key: "" + +server: + port: 20001 + metrics_enabled: true + metrics_port: 9090 + web_root: "" + +# Common settings used among istio subcharts. +global: + # Specify rancher clusterId of external tracing config + # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 + cattle: + systemDefaultRegistry: "" + clusterId: + rbac: + pspEnabled: false diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/Chart.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/Chart.yaml new file mode 100755 index 000000000..0216620e2 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/Chart.yaml @@ -0,0 +1,31 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=match + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 + catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 + catalog.rancher.io/namespace: cattle-istio-system + catalog.rancher.io/release-name: rancher-kiali-server +apiVersion: v2 +appVersion: v1.32.0 +description: Kiali is an open source project for service mesh observability, refer + to https://www.kiali.io for details. This is installed as sub-chart with customized + values in Rancher's Istio. +home: https://github.com/kiali/kiali +icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png +keywords: +- istio +- kiali +- networking +- infrastructure +maintainers: +- email: kiali-users@googlegroups.com + name: Kiali + url: https://kiali.io +name: rancher-kiali-server +sources: +- https://github.com/kiali/kiali +- https://github.com/kiali/kiali-ui +- https://github.com/kiali/kiali-operator +- https://github.com/kiali/helm-charts +version: 1.32.100 diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/NOTES.txt b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/NOTES.txt new file mode 100755 index 000000000..751019401 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/NOTES.txt @@ -0,0 +1,5 @@ +Welcome to Kiali! For more details on Kiali, see: https://kiali.io + +The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon. + +(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}]) diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/_helpers.tpl b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/_helpers.tpl new file mode 100755 index 000000000..dd33bbe48 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/_helpers.tpl @@ -0,0 +1,192 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "kiali-server.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kiali-server.fullname" -}} +{{- if .Values.fullnameOverride }} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} + {{- $name := default .Chart.Name .Values.nameOverride }} + {{- printf "%s" $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kiali-server.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Identifies the log_level with the old verbose_mode and the new log_level considered. +*/}} +{{- define "kiali-server.logLevel" -}} +{{- if .Values.deployment.verbose_mode -}} +{{- .Values.deployment.verbose_mode -}} +{{- else -}} +{{- .Values.deployment.logger.log_level -}} +{{- end -}} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kiali-server.labels" -}} +helm.sh/chart: {{ include "kiali-server.chart" . }} +app: {{ include "kiali-server.name" . }} +{{ include "kiali-server.selectorLabels" . }} +version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/part-of: "kiali" +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kiali-server.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kiali-server.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Used to determine if a custom dashboard (defined in .Template.Name) should be deployed. +*/}} +{{- define "kiali-server.isDashboardEnabled" -}} +{{- if .Values.external_services.custom_dashboards.enabled }} + {{- $includere := "" }} + {{- range $_, $s := .Values.deployment.custom_dashboards.includes }} + {{- if $s }} + {{- if $includere }} + {{- $includere = printf "%s|^%s$" $includere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $includere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} + {{- end }} + {{- $excludere := "" }} + {{- range $_, $s := .Values.deployment.custom_dashboards.excludes }} + {{- if $s }} + {{- if $excludere }} + {{- $excludere = printf "%s|^%s$" $excludere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $excludere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} + {{- end }} + {{- if (and (mustRegexMatch (default "no-matches" $includere) (base .Template.Name)) (not (mustRegexMatch (default "no-matches" $excludere) (base .Template.Name)))) }} + {{- print "enabled" }} + {{- else }} + {{- print "" }} + {{- end }} +{{- else }} + {{- print "" }} +{{- end }} +{{- end }} + +{{/* +Determine the default login token signing key. +*/}} +{{- define "kiali-server.login_token.signing_key" -}} +{{- if .Values.login_token.signing_key }} + {{- .Values.login_token.signing_key }} +{{- else }} + {{- randAlphaNum 16 }} +{{- end }} +{{- end }} + +{{/* +Determine the default web root. +*/}} +{{- define "kiali-server.server.web_root" -}} +{{- if .Values.server.web_root }} + {{- .Values.server.web_root | trimSuffix "/" }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/" }} + {{- else }} + {{- "/kiali" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity cert file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.cert_file" -}} +{{- if hasKey .Values.identity "cert_file" }} + {{- .Values.identity.cert_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.crt" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity private key file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.private_key_file" -}} +{{- if hasKey .Values.identity "private_key_file" }} + {{- .Values.identity.private_key_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.key" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the istio namespace - default is where Kiali is installed. +*/}} +{{- define "kiali-server.istio_namespace" -}} +{{- if .Values.istio_namespace }} + {{- .Values.istio_namespace }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} + +{{/* +Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift. +*/}} +{{- define "kiali-server.auth.strategy" -}} +{{- if .Values.auth.strategy }} + {{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }} + {{- end }} + {{- .Values.auth.strategy }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- if not .Values.kiali_route_url }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }} + {{- end }} + {{- "openshift" }} + {{- else }} + {{- "token" }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/cabundle.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/cabundle.yaml new file mode 100755 index 000000000..7462b95a7 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/cabundle.yaml @@ -0,0 +1,13 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }}-cabundle + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + service.beta.openshift.io/inject-cabundle: "true" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/configmap.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/configmap.yaml new file mode 100755 index 000000000..b1bf53173 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/configmap.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + config.yaml: | + {{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}} + {{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }} + {{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}} + {{- $_ := set $cm.deployment "namespace" .Release.Namespace }} + {{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}} + {{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }} + {{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }} + {{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }} + {{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }} + {{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }} + {{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }} + {{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }} + {{- toYaml $cm | nindent 4 }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/envoy.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/envoy.yaml new file mode 100755 index 000000000..85b402017 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/envoy.yaml @@ -0,0 +1,56 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: envoy + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Envoy Metrics + discoverOn: "envoy_server_uptime" + items: + - chart: + name: "Pods uptime" + spans: 4 + metricName: "envoy_server_uptime" + dataType: "raw" + - chart: + name: "Allocated memory" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_allocated" + dataType: "raw" + min: 0 + - chart: + name: "Heap size" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_heap_size" + dataType: "raw" + min: 0 + - chart: + name: "Upstream active connections" + spans: 6 + metricName: "envoy_cluster_upstream_cx_active" + dataType: "raw" + - chart: + name: "Upstream total requests" + spans: 6 + metricName: "envoy_cluster_upstream_rq_total" + unit: "rps" + dataType: "rate" + - chart: + name: "Downstream active connections" + spans: 6 + metricName: "envoy_listener_downstream_cx_active" + dataType: "raw" + - chart: + name: "Downstream HTTP requests" + spans: 6 + metricName: "envoy_listener_http_downstream_rq" + unit: "rps" + dataType: "rate" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/go.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/go.yaml new file mode 100755 index 000000000..2d2f42a93 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/go.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: go + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Go Metrics + runtime: Go + discoverOn: "go_info" + items: + - chart: + name: "CPU ratio" + spans: 6 + metricName: "process_cpu_seconds_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "RSS Memory" + unit: "bytes" + spans: 6 + metricName: "process_resident_memory_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Goroutines" + spans: 6 + metricName: "go_goroutines" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Heap allocation rate" + unit: "bytes/s" + spans: 6 + metricName: "go_memstats_alloc_bytes_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "GC rate" + spans: 6 + metricName: "go_gc_duration_seconds_count" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Next GC" + unit: "bytes" + spans: 6 + metricName: "go_memstats_next_gc_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/kiali.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/kiali.yaml new file mode 100755 index 000000000..b1f011b4f --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/kiali.yaml @@ -0,0 +1,44 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: kiali + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Kiali Internal Metrics + items: + - chart: + name: "API processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_api_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "route" + displayName: "Route" + - chart: + name: "Functions processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_go_function_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" + - chart: + name: "Failures" + spans: 12 + metricName: "kiali_go_function_failures_total" + dataType: "raw" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml new file mode 100755 index 000000000..2e1ed5cff --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml @@ -0,0 +1,43 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm-pool + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Pool Metrics + discoverOn: "jvm_buffer_total_capacity_bytes" + items: + - chart: + name: "Pool buffer memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer capacity" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_total_capacity_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer count" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_count" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/micrometer-1.0.6-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/micrometer-1.0.6-jvm.yaml new file mode 100755 index 000000000..d64596882 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/micrometer-1.0.6-jvm.yaml @@ -0,0 +1,65 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live" + items: + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon" + dataType: "raw" + - chart: + name: "Loaded classes" + spans: 4 + metricName: "jvm_classes_loaded" + dataType: "raw" + + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/micrometer-1.1-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/micrometer-1.1-jvm.yaml new file mode 100755 index 000000000..76e8d0a4a --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/micrometer-1.1-jvm.yaml @@ -0,0 +1,68 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: micrometer-1.1-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live_threads" + items: + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live_threads" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon_threads" + dataType: "raw" + - chart: + name: "Threads states" + spans: 4 + metricName: "jvm_threads_states_threads" + dataType: "raw" + aggregations: + - label: "state" + displayName: "State" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/microprofile-1.1.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/microprofile-1.1.yaml new file mode 100755 index 000000000..1d4951196 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/microprofile-1.1.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-1.1 + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:thread_count" + items: + - chart: + name: "Current loaded classes" + spans: 6 + metricName: "base:classloader_current_loaded_class_count" + dataType: "raw" + - chart: + name: "Unloaded classes" + spans: 6 + metricName: "base:classloader_total_unloaded_class_count" + dataType: "raw" + - chart: + name: "Thread count" + spans: 4 + metricName: "base:thread_count" + dataType: "raw" + - chart: + name: "Thread max count" + spans: 4 + metricName: "base:thread_max_count" + dataType: "raw" + - chart: + name: "Thread daemon count" + spans: 4 + metricName: "base:thread_daemon_count" + dataType: "raw" + - chart: + name: "Committed heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_committed_heap_bytes" + dataType: "raw" + - chart: + name: "Max heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_max_heap_bytes" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_used_heap_bytes" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/microprofile-x.y.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/microprofile-x.y.yaml new file mode 100755 index 000000000..57ddc60ef --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/microprofile-x.y.yaml @@ -0,0 +1,38 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: microprofile-x.y + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:gc_complete_scavenger_count" + items: + - chart: + name: "Young GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_young_generation_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Young GC count" + spans: 3 + metricName: "base:gc_young_generation_scavenger_count" + dataType: "raw" + - chart: + name: "Total GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_complete_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Total GC count" + spans: 3 + metricName: "base:gc_complete_scavenger_count" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/nodejs.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/nodejs.yaml new file mode 100755 index 000000000..1ffe0aa10 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/nodejs.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: nodejs + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Node.js + title: Node.js Metrics + discoverOn: "nodejs_active_handles_total" + items: + - chart: + name: "Active handles" + spans: 4 + metricName: "nodejs_active_handles_total" + dataType: "raw" + - chart: + name: "Active requests" + spans: 4 + metricName: "nodejs_active_requests_total" + dataType: "raw" + - chart: + name: "Event loop lag" + unit: "seconds" + spans: 4 + metricName: "nodejs_eventloop_lag_seconds" + dataType: "raw" + - chart: + name: "Total heap size" + unit: "bytes" + spans: 12 + metricName: "nodejs_heap_space_size_total_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Used heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_used_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Available heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_available_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/quarkus.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/quarkus.yaml new file mode 100755 index 000000000..cef5f3dce --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/quarkus.yaml @@ -0,0 +1,33 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: quarkus + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Quarkus Metrics + runtime: Quarkus + items: + - chart: + name: "Thread count" + spans: 4 + metricName: "vendor:thread_count" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_heap_usage_bytes" + dataType: "raw" + - chart: + name: "Used non-heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_non_heap_usage_bytes" + dataType: "raw" + - include: "microprofile-x.y" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/springboot-jvm-pool.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/springboot-jvm-pool.yaml new file mode 100755 index 000000000..42d87d890 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/springboot-jvm-pool.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm-pool + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Pool Metrics + items: + - include: "micrometer-1.0.6-jvm-pool" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/springboot-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/springboot-jvm.yaml new file mode 100755 index 000000000..ced3acdd9 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/springboot-jvm.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Metrics + items: + - include: "micrometer-1.0.6-jvm" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/springboot-tomcat.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/springboot-tomcat.yaml new file mode 100755 index 000000000..c07016aa2 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/springboot-tomcat.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: springboot-tomcat + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: Tomcat Metrics + items: + - include: "tomcat" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/thorntail.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/thorntail.yaml new file mode 100755 index 000000000..6bd85e6f5 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/thorntail.yaml @@ -0,0 +1,22 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: thorntail + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Thorntail + title: Thorntail Metrics + discoverOn: "vendor:loaded_modules" + items: + - include: "microprofile-1.1" + - chart: + name: "Loaded modules" + spans: 6 + metricName: "vendor:loaded_modules" + dataType: "raw" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/tomcat.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/tomcat.yaml new file mode 100755 index 000000000..9a803342f --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/tomcat.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: tomcat + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Tomcat + title: Tomcat Metrics + discoverOn: "tomcat_sessions_created_total" + items: + - chart: + name: "Sessions created" + spans: 4 + metricName: "tomcat_sessions_created_total" + dataType: "raw" + - chart: + name: "Active sessions" + spans: 4 + metricName: "tomcat_sessions_active_current" + dataType: "raw" + - chart: + name: "Sessions rejected" + spans: 4 + metricName: "tomcat_sessions_rejected_total" + dataType: "raw" + + - chart: + name: "Bytes sent" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_sent_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Bytes received" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_received_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + + - chart: + name: "Global errors" + spans: 6 + metricName: "tomcat_global_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Servlet errors" + spans: 6 + metricName: "tomcat_servlet_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/vertx-client.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/vertx-client.yaml new file mode 100755 index 000000000..2d591d6b0 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/vertx-client.yaml @@ -0,0 +1,60 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-client + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Client Metrics + discoverOn: "vertx_http_client_connections" + items: + - chart: + name: "Client response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_client_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_client_requestCount_total" + dataType: "rate" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client active connections" + spans: 6 + metricName: "vertx_http_client_connections" + dataType: "raw" + - chart: + name: "Client active websockets" + spans: 6 + metricName: "vertx_http_client_wsConnections" + dataType: "raw" + - chart: + name: "Client bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesSent" + dataType: "histogram" + - chart: + name: "Client bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/vertx-eventbus.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/vertx-eventbus.yaml new file mode 100755 index 000000000..65f9ee2ec --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/vertx-eventbus.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-eventbus + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Eventbus Metrics + discoverOn: "vertx_eventbus_handlers" + items: + - chart: + name: "Event bus handlers" + spans: 6 + metricName: "vertx_eventbus_handlers" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus pending messages" + spans: 6 + metricName: "vertx_eventbus_pending" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus processing time" + unit: "seconds" + spans: 6 + metricName: "vertx_eventbus_processingTime_seconds" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes read" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesRead" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes written" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesWritten" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/vertx-jvm.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/vertx-jvm.yaml new file mode 100755 index 000000000..2663186f3 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/vertx-jvm.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: JVM Metrics + items: + - include: "micrometer-1.1-jvm" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/vertx-pool.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/vertx-pool.yaml new file mode 100755 index 000000000..f6af921b3 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/vertx-pool.yaml @@ -0,0 +1,68 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-pool + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Pools Metrics + discoverOn: "vertx_pool_ratio" + items: + - chart: + name: "Usage duration" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_usage_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Usage ratio" + spans: 6 + metricName: "vertx_pool_ratio" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Queue size" + spans: 6 + metricName: "vertx_pool_queue_size" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Time in queue" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_queue_delay_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Resources used" + spans: 6 + metricName: "vertx_pool_inUse" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/vertx-server.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/vertx-server.yaml new file mode 100755 index 000000000..de6b89df9 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/dashboards/vertx-server.yaml @@ -0,0 +1,62 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: "monitoring.kiali.io/v1alpha1" +kind: MonitoringDashboard +metadata: + name: vertx-server + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Server Metrics + discoverOn: "vertx_http_server_connections" + items: + - chart: + name: "Server response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_server_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_server_requestCount_total" + dataType: "rate" + aggregations: + - label: "code" + displayName: "Error code" + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server active connections" + spans: 6 + metricName: "vertx_http_server_connections" + dataType: "raw" + - chart: + name: "Server active websockets" + spans: 6 + metricName: "vertx_http_server_wsConnections" + dataType: "raw" + - chart: + name: "Server bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesSent" + dataType: "histogram" + - chart: + name: "Server bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/deployment.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/deployment.yaml new file mode 100755 index 000000000..100c57922 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/deployment.yaml @@ -0,0 +1,174 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.deployment.replicas }} + selector: + matchLabels: + {{- include "kiali-server.selectorLabels" . | nindent 6 }} + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 8 }} + {{- if .Values.deployment.pod_labels }} + {{- toYaml .Values.deployment.pod_labels | nindent 8 }} + {{- end }} + annotations: + {{- if .Values.server.metrics_enabled }} + prometheus.io/scrape: "true" + prometheus.io/port: {{ .Values.server.metrics_port | quote }} + {{- else }} + prometheus.io/scrape: "false" + prometheus.io/port: "" + {{- end }} + kiali.io/runtimes: go,kiali + {{- if .Values.deployment.pod_annotations }} + {{- toYaml .Values.deployment.pod_annotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "kiali-server.fullname" . }} + {{- if .Values.deployment.priority_class_name }} + priorityClassName: {{ .Values.deployment.priority_class_name | quote }} + {{- end }} + {{- if .Values.deployment.image_pull_secrets }} + imagePullSecrets: + {{- range .Values.deployment.image_pull_secrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}:{{ .Values.deployment.tag }}" + imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }} + name: {{ include "kiali-server.fullname" . }} + command: + - "/opt/kiali/kiali" + - "-config" + - "/kiali-configuration/config.yaml" + ports: + - name: api-port + containerPort: {{ .Values.server.port | default 20001 }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + containerPort: {{ .Values.server.metrics_port | default 9090 }} + {{- end }} + readinessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + livenessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + env: + - name: ACTIVE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LOG_LEVEL + value: "{{ include "kiali-server.logLevel" . }}" + - name: LOG_FORMAT + value: "{{ .Values.deployment.logger.log_format }}" + - name: LOG_TIME_FIELD_FORMAT + value: "{{ .Values.deployment.logger.time_field_format }}" + - name: LOG_SAMPLER_RATE + value: "{{ .Values.deployment.logger.sampler_rate }}" + volumeMounts: + {{- if .Values.web_root_override }} + - name: kiali-console + subPath: env.js + mountPath: /opt/kiali/console/env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + mountPath: "/kiali-configuration" + - name: {{ include "kiali-server.fullname" . }}-cert + mountPath: "/kiali-cert" + - name: {{ include "kiali-server.fullname" . }}-secret + mountPath: "/kiali-secret" + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + mountPath: "/kiali-cabundle" + {{- end }} + {{- if .Values.deployment.resources }} + resources: + {{- toYaml .Values.deployment.resources | nindent 10 }} + {{- end }} + volumes: + {{- if .Values.web_root_override }} + - name: kiali-console + configMap: + name: kiali-console + items: + - key: env.js + path: env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + configMap: + name: {{ include "kiali-server.fullname" . }} + - name: {{ include "kiali-server.fullname" . }}-cert + secret: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + secretName: {{ include "kiali-server.fullname" . }}-cert-secret + {{- else }} + secretName: istio.{{ include "kiali-server.fullname" . }}-service-account + {{- end }} + {{- if not (include "kiali-server.identity.cert_file" .) }} + optional: true + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-secret + secret: + secretName: {{ .Values.deployment.secret_name }} + optional: true + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + configMap: + name: {{ include "kiali-server.fullname" . }}-cabundle + {{- end }} + {{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.pod) (.Values.deployment.pod_anti)) }} + affinity: + {{- if .Values.deployment.affinity.node }} + nodeAffinity: + {{- toYaml .Values.deployment.affinity.node | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod }} + podAffinity: + {{- toYaml .Values.deployment.affinity.pod | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod_anti }} + podAntiAffinity: + {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }} + {{- end }} + {{- end }} + {{- if .Values.deployment.tolerations }} + tolerations: + {{- toYaml .Values.deployment.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.deployment.node_selector }} + nodeSelector: + {{- toYaml .Values.deployment.node_selector | nindent 8 }} + {{- end }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/hpa.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/hpa.yaml new file mode 100755 index 000000000..934c4c1e9 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/hpa.yaml @@ -0,0 +1,17 @@ +{{- if .Values.deployment.hpa.spec }} +--- +apiVersion: {{ .Values.deployment.hpa.api_version }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "kiali-server.fullname" . }} + {{- toYaml .Values.deployment.hpa.spec | nindent 2 }} +... +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/ingress.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/ingress.yaml new file mode 100755 index 000000000..e4c98db1b --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/ingress.yaml @@ -0,0 +1,40 @@ +{{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} +{{- if .Values.deployment.ingress_enabled }} +--- +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }} + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- else }} + # For ingress-nginx versions older than 0.20.0 use secure-backends. + # (see: https://github.com/kubernetes/ingress-nginx/issues/3416#issuecomment-438247948) + # For ingress-nginx versions 0.20.0 and later use backend-protocol. + {{- if (include "kiali-server.identity.cert_file" .) }} + nginx.ingress.kubernetes.io/secure-backends: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + {{- else }} + nginx.ingress.kubernetes.io/secure-backends: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + {{- end }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + rules: + - http: + paths: + - path: {{ include "kiali-server.server.web_root" . }} + backend: + serviceName: {{ include "kiali-server.fullname" . }} + servicePort: {{ .Values.server.port }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/oauth.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/oauth.yaml new file mode 100755 index 000000000..a178bb85e --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/oauth.yaml @@ -0,0 +1,17 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.kiali_route_url }} +--- +apiVersion: oauth.openshift.io/v1 +kind: OAuthClient +metadata: + name: {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +redirectURIs: +- {{ .Values.kiali_route_url }} +grantMethod: auto +allowAnyScope: true +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/psp.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/psp.yaml new file mode 100755 index 000000000..f891892cc --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/psp.yaml @@ -0,0 +1,67 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "kiali-server.fullname" . }}-psp +subjects: + - kind: ServiceAccount + name: kiali +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: + - policy + resourceNames: + - {{ include "kiali-server.fullname" . }}-psp + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - emptyDir + - projected + - secret + - downwardAPI + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/role-controlplane.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/role-controlplane.yaml new file mode 100755 index 000000000..a22c76756 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/role-controlplane.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - secrets + verbs: + - list +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/role-viewer.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/role-viewer.yaml new file mode 100755 index 000000000..9fdd9fd1d --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/role-viewer.yaml @@ -0,0 +1,97 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }}-viewer + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - pods/proxy + - replicationcontrollers + - services + verbs: + - get + - list + - watch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - get + - list + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - get + - list +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/role.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/role.yaml new file mode 100755 index 000000000..8444bc753 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/role.yaml @@ -0,0 +1,108 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/log + - pods/proxy + - replicationcontrollers + - services + verbs: + - get + - list + - patch + - watch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - patch + - watch +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - patch + - watch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - patch + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/rolebinding-controlplane.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/rolebinding-controlplane.yaml new file mode 100755 index 000000000..5a0015836 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/rolebinding-controlplane.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "kiali-server.fullname" . }}-controlplane +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/rolebinding.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/rolebinding.yaml new file mode 100755 index 000000000..1eaabd65f --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + {{- if .Values.deployment.view_only_mode }} + name: {{ include "kiali-server.fullname" . }}-viewer + {{- else }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/route.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/route.yaml new file mode 100755 index 000000000..27940dc96 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/route.yaml @@ -0,0 +1,30 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.deployment.ingress_enabled }} +# As of OpenShift 4.5, need to use --disable-openapi-validation when installing via Helm +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}} + annotations: + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + tls: + termination: reencrypt + insecureEdgeTerminationPolicy: Redirect + to: + kind: Service + targetPort: {{ .Values.server.port }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/service.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/service.yaml new file mode 100755 index 000000000..9ccf4f388 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/service.yaml @@ -0,0 +1,47 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + service.beta.openshift.io/serving-cert-secret-name: {{ include "kiali-server.fullname" . }}-cert-secret + {{- end }} + kiali.io/api-spec: https://kiali.io/api + kiali.io/api-type: rest + {{- if and (not (empty .Values.server.web_fqdn)) (not (empty .Values.server.web_schema)) }} + {{- if empty .Values.server.web_port }} + kiali.io/external-url: {{ .Values.server.web_schema }}://{{ .Values.server.web_fqdn }}{{ default "" .Values.server.web_root }} + {{- else }} + kiali.io/external-url: {{ .Values.server.web_schema }}://{{ .Values.server.web_fqdn }}:{{ .Values.server.web_port }}{{(default "" .Values.server.web_root) }} + {{- end }} + {{- end }} + {{- if .Values.deployment.service_annotations }} + {{- toYaml .Values.deployment.service_annotations | nindent 4 }} + {{- end }} +spec: + {{- if .Values.deployment.service_type }} + type: {{ .Values.deployment.service_type }} + {{- end }} + ports: + {{- if (include "kiali-server.identity.cert_file" .) }} + - name: tcp + {{- else }} + - name: http + {{- end }} + protocol: TCP + port: {{ .Values.server.port }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + protocol: TCP + port: {{ .Values.server.metrics_port }} + {{- end }} + selector: + {{- include "kiali-server.selectorLabels" . | nindent 4 }} + {{- if .Values.deployment.additional_service_yaml }} + {{- toYaml .Values.deployment.additional_service_yaml | nindent 2 }} + {{- end }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/serviceaccount.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/serviceaccount.yaml new file mode 100755 index 000000000..9151b6f6a --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/serviceaccount.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +... diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/validate-install-crd.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/validate-install-crd.yaml new file mode 100755 index 000000000..b42eeb266 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/validate-install-crd.yaml @@ -0,0 +1,14 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "monitoring.kiali.io/v1alpha1/MonitoringDashboard" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/web-root-configmap.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/web-root-configmap.yaml new file mode 100755 index 000000000..970d4e4f5 --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/templates/web-root-configmap.yaml @@ -0,0 +1,12 @@ +{{- if .Values.web_root_override }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: kiali-console + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + env.js: | + window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:kiali:20001/proxy/kiali'; +{{- end }} diff --git a/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/values.yaml b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/values.yaml new file mode 100755 index 000000000..aada4e09a --- /dev/null +++ b/released/charts/rancher-kiali-server/rancher-kiali-server/1.32.100/values.yaml @@ -0,0 +1,93 @@ +nameOverride: "kiali" +fullnameOverride: "kiali" + +# This is required for "openshift" auth strategy. +# You have to know ahead of time what your Route URL will be because +# right now the helm chart can't figure this out at runtime (it would +# need to wait for the Kiali Route to be deployed and for OpenShift +# to start it up). If someone knows how to update this helm chart to +# do this, a PR would be welcome. +kiali_route_url: "" + +# rancher specific override that allows proxy access to kiali url +web_root_override: true + +# +# Settings that mimic the Kiali CR which are placed in the ConfigMap. +# Note that only those values used by the Helm Chart will be here. +# + +istio_namespace: "" # default is where Kiali is installed + +auth: + openid: {} + openshift: {} + strategy: "" + +deployment: + # This only limits what Kiali will attempt to see, but Kiali Service Account has permissions to see everything. + # For more control over what the Kial Service Account can see, use the Kiali Operator + accessible_namespaces: + - "**" + additional_service_yaml: {} + affinity: + node: {} + pod: {} + pod_anti: {} + custom_dashboards: + excludes: [''] + includes: ['*'] + hpa: + api_version: "autoscaling/v2beta2" + spec: {} + repository: rancher/mirrored-kiali-kiali + image_pull_policy: "Always" + image_pull_secrets: [] + tag: v1.32.0 + ingress_enabled: true + logger: + log_format: "text" + log_level: "info" + time_field_format: "2006-01-02T15:04:05Z07:00" + sampler_rate: "1" + node_selector: {} + override_ingress_yaml: + metadata: {} + pod_annotations: {} + pod_labels: {} + priority_class_name: "" + replicas: 1 + resources: {} + secret_name: "kiali" + service_annotations: {} + service_type: "" + tolerations: [] + version_label: v1.32.0 + view_only_mode: false + +external_services: + custom_dashboards: + enabled: true + +identity: {} + #cert_file: + #private_key_file: + +login_token: + signing_key: "" + +server: + port: 20001 + metrics_enabled: true + metrics_port: 9090 + web_root: "" + +# Common settings used among istio subcharts. +global: + # Specify rancher clusterId of external tracing config + # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 + cattle: + systemDefaultRegistry: "" + clusterId: + rbac: + pspEnabled: false diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/.helmignore b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/.helmignore new file mode 100755 index 000000000..f0c131944 --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/Chart.yaml b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/Chart.yaml new file mode 100755 index 000000000..aab9c879e --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/Chart.yaml @@ -0,0 +1,24 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-kube-state-metrics +apiVersion: v1 +appVersion: 1.9.8 +description: Install kube-state-metrics to generate and expose cluster-level metrics +home: https://github.com/kubernetes/kube-state-metrics/ +keywords: +- metric +- monitoring +- prometheus +- kubernetes +maintainers: +- email: tariq.ibrahim@mulesoft.com + name: tariq1890 +- email: manuel@rueg.eu + name: mrueg +name: rancher-kube-state-metrics +sources: +- https://github.com/kubernetes/kube-state-metrics/ +version: 2.13.101 diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/LICENSE b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/LICENSE new file mode 100755 index 000000000..393b7a33b --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright The Helm Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/OWNERS b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/OWNERS new file mode 100755 index 000000000..206b4fee7 --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/OWNERS @@ -0,0 +1,6 @@ +approvers: +- tariq1890 +- mrueg +reviewers: +- tariq1890 +- mrueg diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/README.md b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/README.md new file mode 100755 index 000000000..e93a3d252 --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/README.md @@ -0,0 +1,66 @@ +# kube-state-metrics Helm Chart + +Installs the [kube-state-metrics agent](https://github.com/kubernetes/kube-state-metrics). + +## Get Repo Info + +```console +helm repo add kube-state-metrics https://kubernetes.github.io/kube-state-metrics +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Install Chart + +```console +# Helm 3 +$ helm install [RELEASE_NAME] kube-state-metrics/kube-state-metrics [flags] + +# Helm 2 +$ helm install --name [RELEASE_NAME] kube-state-metrics/kube-state-metrics [flags] +``` + +_See [configuration](#configuration) below._ + +_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ + +## Uninstall Chart + +```console +# Helm 3 +$ helm uninstall [RELEASE_NAME] + +# Helm 2 +# helm delete --purge [RELEASE_NAME] +``` + +This removes all the Kubernetes components associated with the chart and deletes the release. + +_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ + +## Upgrading Chart + +```console +# Helm 3 or 2 +$ helm upgrade [RELEASE_NAME] kube-state-metrics/kube-state-metrics [flags] +``` + +_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ + +### From stable/kube-state-metrics + +You can upgrade in-place: + +1. [get repo info](#get-repo-info) +1. [upgrade](#upgrading-chart) your existing release name using the new chart repo + +## Configuration + +See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments: + +```console +helm show values kube-state-metrics/kube-state-metrics +``` + +You may also `helm show values` on this chart's [dependencies](#dependencies) for additional options. diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/NOTES.txt b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/NOTES.txt new file mode 100755 index 000000000..5a646e0cc --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/NOTES.txt @@ -0,0 +1,10 @@ +kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects. +The exposed metrics can be found here: +https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics + +The metrics are exported on the HTTP endpoint /metrics on the listening port. +In your case, {{ template "kube-state-metrics.fullname" . }}.{{ template "kube-state-metrics.namespace" . }}.svc.cluster.local:{{ .Values.service.port }}/metrics + +They are served either as plaintext or protobuf depending on the Accept header. +They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint. + diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/_helpers.tpl b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/_helpers.tpl new file mode 100755 index 000000000..4f76b188b --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/_helpers.tpl @@ -0,0 +1,76 @@ +# Rancher +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "kube-state-metrics.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kube-state-metrics.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "kube-state-metrics.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "kube-state-metrics.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts +*/}} +{{- define "kube-state-metrics.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/clusterrolebinding.yaml b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..af158c512 --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/clusterrolebinding.yaml @@ -0,0 +1,23 @@ +{{- if and .Values.rbac.create .Values.rbac.useClusterRole -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + name: {{ template "kube-state-metrics.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole +{{- if .Values.rbac.useExistingRole }} + name: {{ .Values.rbac.useExistingRole }} +{{- else }} + name: {{ template "kube-state-metrics.fullname" . }} +{{- end }} +subjects: +- kind: ServiceAccount + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +{{- end -}} diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/deployment.yaml b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/deployment.yaml new file mode 100755 index 000000000..4ab55291b --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/deployment.yaml @@ -0,0 +1,217 @@ +apiVersion: apps/v1 +{{- if .Values.autosharding.enabled }} +kind: StatefulSet +{{- else }} +kind: Deployment +{{- end }} +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/managed-by: "{{ .Release.Service }}" + app.kubernetes.io/version: "{{ .Chart.AppVersion }}" +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + replicas: {{ .Values.replicas }} +{{- if .Values.autosharding.enabled }} + serviceName: {{ template "kube-state-metrics.fullname" . }} + volumeClaimTemplates: [] +{{- end }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + app.kubernetes.io/instance: "{{ .Release.Name }}" +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 8 }} +{{- end }} +{{- if .Values.podAnnotations }} + annotations: +{{ toYaml .Values.podAnnotations | indent 8 }} +{{- end }} + spec: + hostNetwork: {{ .Values.hostNetwork }} + serviceAccountName: {{ template "kube-state-metrics.serviceAccountName" . }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + runAsGroup: {{ .Values.securityContext.runAsGroup }} + runAsUser: {{ .Values.securityContext.runAsUser }} + runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + containers: + - name: {{ .Chart.Name }} +{{- if .Values.autosharding.enabled }} + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +{{- end }} + args: +{{ if .Values.extraArgs }} + {{- range .Values.extraArgs }} + - {{ . }} + {{- end }} +{{ end }} +{{ if .Values.collectors.certificatesigningrequests }} + - --collectors=certificatesigningrequests +{{ end }} +{{ if .Values.collectors.configmaps }} + - --collectors=configmaps +{{ end }} +{{ if .Values.collectors.cronjobs }} + - --collectors=cronjobs +{{ end }} +{{ if .Values.collectors.daemonsets }} + - --collectors=daemonsets +{{ end }} +{{ if .Values.collectors.deployments }} + - --collectors=deployments +{{ end }} +{{ if .Values.collectors.endpoints }} + - --collectors=endpoints +{{ end }} +{{ if .Values.collectors.horizontalpodautoscalers }} + - --collectors=horizontalpodautoscalers +{{ end }} +{{ if .Values.collectors.ingresses }} + - --collectors=ingresses +{{ end }} +{{ if .Values.collectors.jobs }} + - --collectors=jobs +{{ end }} +{{ if .Values.collectors.limitranges }} + - --collectors=limitranges +{{ end }} +{{ if .Values.collectors.mutatingwebhookconfigurations }} + - --collectors=mutatingwebhookconfigurations +{{ end }} +{{ if .Values.collectors.namespaces }} + - --collectors=namespaces +{{ end }} +{{ if .Values.collectors.networkpolicies }} + - --collectors=networkpolicies +{{ end }} +{{ if .Values.collectors.nodes }} + - --collectors=nodes +{{ end }} +{{ if .Values.collectors.persistentvolumeclaims }} + - --collectors=persistentvolumeclaims +{{ end }} +{{ if .Values.collectors.persistentvolumes }} + - --collectors=persistentvolumes +{{ end }} +{{ if .Values.collectors.poddisruptionbudgets }} + - --collectors=poddisruptionbudgets +{{ end }} +{{ if .Values.collectors.pods }} + - --collectors=pods +{{ end }} +{{ if .Values.collectors.replicasets }} + - --collectors=replicasets +{{ end }} +{{ if .Values.collectors.replicationcontrollers }} + - --collectors=replicationcontrollers +{{ end }} +{{ if .Values.collectors.resourcequotas }} + - --collectors=resourcequotas +{{ end }} +{{ if .Values.collectors.secrets }} + - --collectors=secrets +{{ end }} +{{ if .Values.collectors.services }} + - --collectors=services +{{ end }} +{{ if .Values.collectors.statefulsets }} + - --collectors=statefulsets +{{ end }} +{{ if .Values.collectors.storageclasses }} + - --collectors=storageclasses +{{ end }} +{{ if .Values.collectors.validatingwebhookconfigurations }} + - --collectors=validatingwebhookconfigurations +{{ end }} +{{ if .Values.collectors.verticalpodautoscalers }} + - --collectors=verticalpodautoscalers +{{ end }} +{{ if .Values.collectors.volumeattachments }} + - --collectors=volumeattachments +{{ end }} +{{ if .Values.namespace }} + - --namespace={{ .Values.namespace | join "," }} +{{ end }} +{{ if .Values.autosharding.enabled }} + - --pod=$(POD_NAME) + - --pod-namespace=$(POD_NAMESPACE) +{{ end }} +{{ if .Values.kubeconfig.enabled }} + - --kubeconfig=/opt/k8s/.kube/config +{{ end }} +{{ if .Values.selfMonitor.telemetryHost }} + - --telemetry-host={{ .Values.selfMonitor.telemetryHost }} +{{ end }} + - --telemetry-port=8081 +{{- if .Values.kubeconfig.enabled }} + volumeMounts: + - name: kubeconfig + mountPath: /opt/k8s/.kube/ + readOnly: true +{{- end }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" + ports: + - containerPort: 8080 + livenessProbe: + httpGet: + path: /healthz + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: / + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 5 +{{- if .Values.resources }} + resources: +{{ toYaml .Values.resources | indent 10 }} +{{- end }} +{{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} +{{- end }} +{{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} +{{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.tolerations }} +{{ toYaml .Values.tolerations | indent 8 }} +{{- end }} +{{- if .Values.kubeconfig.enabled}} + volumes: + - name: kubeconfig + secret: + secretName: {{ template "kube-state-metrics.fullname" . }}-kubeconfig +{{- end }} diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/kubeconfig-secret.yaml b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/kubeconfig-secret.yaml new file mode 100755 index 000000000..a7800d7ad --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/kubeconfig-secret.yaml @@ -0,0 +1,15 @@ +{{- if .Values.kubeconfig.enabled -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "kube-state-metrics.fullname" . }}-kubeconfig + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/managed-by: "{{ .Release.Service }}" +type: Opaque +data: + config: '{{ .Values.kubeconfig.secret }}' +{{- end -}} diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/pdb.yaml b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/pdb.yaml new file mode 100755 index 000000000..d3ef8104e --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/pdb.yaml @@ -0,0 +1,20 @@ +{{- if .Values.podDisruptionBudget -}} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/managed-by: "{{ .Release.Service }}" +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} +{{ toYaml .Values.podDisruptionBudget | indent 2 }} +{{- end -}} diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/podsecuritypolicy.yaml b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/podsecuritypolicy.yaml new file mode 100755 index 000000000..e822ba0e7 --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/podsecuritypolicy.yaml @@ -0,0 +1,42 @@ +{{- if .Values.podSecurityPolicy.enabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Values.podSecurityPolicy.annotations }} + annotations: +{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} +{{- end }} +spec: + privileged: false + volumes: + - 'secret' +{{- if .Values.podSecurityPolicy.additionalVolumes }} +{{ toYaml .Values.podSecurityPolicy.additionalVolumes | indent 4 }} +{{- end }} + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/psp-clusterrole.yaml b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/psp-clusterrole.yaml new file mode 100755 index 000000000..217abc950 --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/psp-clusterrole.yaml @@ -0,0 +1,22 @@ +{{- if and .Values.podSecurityPolicy.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + name: psp-{{ template "kube-state-metrics.fullname" . }} +rules: +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }} +- apiGroups: ['policy'] +{{- else }} +- apiGroups: ['extensions'] +{{- end }} + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "kube-state-metrics.fullname" . }} +{{- end }} diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/psp-clusterrolebinding.yaml b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/psp-clusterrolebinding.yaml new file mode 100755 index 000000000..feb97f228 --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/psp-clusterrolebinding.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.podSecurityPolicy.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + name: psp-{{ template "kube-state-metrics.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: psp-{{ template "kube-state-metrics.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +{{- end }} diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/role.yaml b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/role.yaml new file mode 100755 index 000000000..6259d2f61 --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/role.yaml @@ -0,0 +1,192 @@ +{{- if and (eq $.Values.rbac.create true) (not .Values.rbac.useExistingRole) -}} +{{- if eq .Values.rbac.useClusterRole false }} +{{- range (split "," $.Values.namespace) }} +{{- end }} +{{- end -}} +--- +apiVersion: rbac.authorization.k8s.io/v1 +{{- if eq .Values.rbac.useClusterRole false }} +kind: Role +{{- else }} +kind: ClusterRole +{{- end }} +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" $ }} + helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version }} + app.kubernetes.io/managed-by: {{ $.Release.Service }} + app.kubernetes.io/instance: {{ $.Release.Name }} + name: {{ template "kube-state-metrics.fullname" $ }} +{{- if eq .Values.rbac.useClusterRole false }} + namespace: {{ . }} +{{- end }} +rules: +{{ if $.Values.collectors.certificatesigningrequests }} +- apiGroups: ["certificates.k8s.io"] + resources: + - certificatesigningrequests + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.configmaps }} +- apiGroups: [""] + resources: + - configmaps + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.cronjobs }} +- apiGroups: ["batch"] + resources: + - cronjobs + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.daemonsets }} +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.deployments }} +- apiGroups: ["extensions", "apps"] + resources: + - deployments + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.endpoints }} +- apiGroups: [""] + resources: + - endpoints + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.horizontalpodautoscalers }} +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.ingresses }} +- apiGroups: ["extensions", "networking.k8s.io"] + resources: + - ingresses + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.jobs }} +- apiGroups: ["batch"] + resources: + - jobs + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.limitranges }} +- apiGroups: [""] + resources: + - limitranges + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.mutatingwebhookconfigurations }} +- apiGroups: ["admissionregistration.k8s.io"] + resources: + - mutatingwebhookconfigurations + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.namespaces }} +- apiGroups: [""] + resources: + - namespaces + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.networkpolicies }} +- apiGroups: ["networking.k8s.io"] + resources: + - networkpolicies + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.nodes }} +- apiGroups: [""] + resources: + - nodes + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.persistentvolumeclaims }} +- apiGroups: [""] + resources: + - persistentvolumeclaims + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.persistentvolumes }} +- apiGroups: [""] + resources: + - persistentvolumes + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.poddisruptionbudgets }} +- apiGroups: ["policy"] + resources: + - poddisruptionbudgets + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.pods }} +- apiGroups: [""] + resources: + - pods + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.replicasets }} +- apiGroups: ["extensions", "apps"] + resources: + - replicasets + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.replicationcontrollers }} +- apiGroups: [""] + resources: + - replicationcontrollers + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.resourcequotas }} +- apiGroups: [""] + resources: + - resourcequotas + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.secrets }} +- apiGroups: [""] + resources: + - secrets + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.services }} +- apiGroups: [""] + resources: + - services + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.statefulsets }} +- apiGroups: ["apps"] + resources: + - statefulsets + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.storageclasses }} +- apiGroups: ["storage.k8s.io"] + resources: + - storageclasses + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.validatingwebhookconfigurations }} +- apiGroups: ["admissionregistration.k8s.io"] + resources: + - validatingwebhookconfigurations + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.volumeattachments }} +- apiGroups: ["storage.k8s.io"] + resources: + - volumeattachments + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.verticalpodautoscalers }} +- apiGroups: ["autoscaling.k8s.io"] + resources: + - verticalpodautoscalers + verbs: ["list", "watch"] +{{ end -}} +{{- end -}} diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/rolebinding.yaml b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/rolebinding.yaml new file mode 100755 index 000000000..732174a33 --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/rolebinding.yaml @@ -0,0 +1,27 @@ +{{- if and (eq .Values.rbac.create true) (eq .Values.rbac.useClusterRole false) -}} +{{- range (split "," $.Values.namespace) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" $ }} + helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version }} + app.kubernetes.io/managed-by: {{ $.Release.Service }} + app.kubernetes.io/instance: {{ $.Release.Name }} + name: {{ template "kube-state-metrics.fullname" $ }} + namespace: {{ . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role +{{- if (not $.Values.rbac.useExistingRole) }} + name: {{ template "kube-state-metrics.fullname" $ }} +{{- else }} + name: {{ $.Values.rbac.useExistingRole }} +{{- end }} +subjects: +- kind: ServiceAccount + name: {{ template "kube-state-metrics.fullname" $ }} + namespace: {{ template "kube-state-metrics.namespace" $ }} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/service.yaml b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/service.yaml new file mode 100755 index 000000000..4f8e4a497 --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/service.yaml @@ -0,0 +1,42 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/managed-by: "{{ .Release.Service }}" +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 4 }} +{{- end }} + annotations: + {{- if .Values.prometheusScrape }} + prometheus.io/scrape: '{{ .Values.prometheusScrape }}' + {{- end }} + {{- if .Values.service.annotations }} + {{- toYaml .Values.service.annotations | nindent 4 }} + {{- end }} +spec: + type: "{{ .Values.service.type }}" + ports: + - name: "http" + protocol: TCP + port: {{ .Values.service.port }} + {{- if .Values.service.nodePort }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + targetPort: 8080 + {{ if .Values.selfMonitor.enabled }} + - name: "metrics" + protocol: TCP + port: {{ .Values.selfMonitor.telemetryPort | default 8081 }} + targetPort: 8081 + {{ end }} +{{- if .Values.service.loadBalancerIP }} + loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" +{{- end }} + selector: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/serviceaccount.yaml b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/serviceaccount.yaml new file mode 100755 index 000000000..2e8a1ee38 --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/serviceaccount.yaml @@ -0,0 +1,18 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +{{- if .Values.serviceAccount.annotations }} + annotations: +{{ toYaml .Values.serviceAccount.annotations | indent 4 }} +{{- end }} +imagePullSecrets: +{{ toYaml .Values.serviceAccount.imagePullSecrets | indent 2 }} +{{- end -}} diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/servicemonitor.yaml b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/servicemonitor.yaml new file mode 100755 index 000000000..7d1cd7aa1 --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/servicemonitor.yaml @@ -0,0 +1,34 @@ +{{- if .Values.prometheus.monitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/managed-by: "{{ .Release.Service }}" + {{- if .Values.prometheus.monitor.additionalLabels }} +{{ toYaml .Values.prometheus.monitor.additionalLabels | indent 4 }} + {{- end }} +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + endpoints: + - port: http + {{- if .Values.prometheus.monitor.honorLabels }} + honorLabels: true + {{- end }} + {{ if .Values.selfMonitor.enabled }} + - port: metrics + {{- if .Values.prometheus.monitor.honorLabels }} + honorLabels: true + {{- end }} + {{ end }} +{{- end }} diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/stsdiscovery-role.yaml b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/stsdiscovery-role.yaml new file mode 100755 index 000000000..9770b0498 --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/stsdiscovery-role.yaml @@ -0,0 +1,29 @@ +{{- if and .Values.autosharding.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resourceNames: + - {{ template "kube-state-metrics.fullname" . }} + resources: + - statefulsets + verbs: + - get + - list + - watch +{{- end }} diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/stsdiscovery-rolebinding.yaml b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/stsdiscovery-rolebinding.yaml new file mode 100755 index 000000000..6a2e5bfe7 --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/templates/stsdiscovery-rolebinding.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.autosharding.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +{{- end }} diff --git a/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/values.yaml b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/values.yaml new file mode 100755 index 000000000..f64645690 --- /dev/null +++ b/released/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/2.13.101/values.yaml @@ -0,0 +1,184 @@ +global: + cattle: + systemDefaultRegistry: "" + +# Default values for kube-state-metrics. +prometheusScrape: true +image: + repository: rancher/mirrored-kube-state-metrics-kube-state-metrics + tag: v1.9.8 + pullPolicy: IfNotPresent + +imagePullSecrets: [] +# - name: "image-pull-secret" + +# If set to true, this will deploy kube-state-metrics as a StatefulSet and the data +# will be automatically sharded across <.Values.replicas> pods using the built-in +# autodiscovery feature: https://github.com/kubernetes/kube-state-metrics#automated-sharding +# This is an experimental feature and there are no stability guarantees. +autosharding: + enabled: false + +replicas: 1 + +# List of additional cli arguments to configure kube-state-metrics +# for example: --enable-gzip-encoding, --log-file, etc. +# all the possible args can be found here: https://github.com/kubernetes/kube-state-metrics/blob/master/docs/cli-arguments.md +extraArgs: [] + +service: + port: 8080 + # Default to clusterIP for backward compatibility + type: ClusterIP + nodePort: 0 + loadBalancerIP: "" + annotations: {} + +customLabels: {} + +hostNetwork: false + +rbac: + # If true, create & use RBAC resources + create: true + + # Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to it, rolename set here. + # useExistingRole: your-existing-role + + # If set to false - Run without Cluteradmin privs needed - ONLY works if namespace is also set (if useExistingRole is set this name is used as ClusterRole or Role to bind to) + useClusterRole: true + +serviceAccount: + # Specifies whether a ServiceAccount should be created, require rbac true + create: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: + # Reference to one or more secrets to be used when pulling images + # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + imagePullSecrets: [] + # ServiceAccount annotations. + # Use case: AWS EKS IAM roles for service accounts + # ref: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html + annotations: {} + +prometheus: + monitor: + enabled: false + additionalLabels: {} + namespace: "" + honorLabels: false + +## Specify if a Pod Security Policy for kube-state-metrics must be created +## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +## +podSecurityPolicy: + enabled: false + annotations: {} + ## Specify pod annotations + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl + ## + # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' + # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' + + additionalVolumes: [] + +securityContext: + enabled: true + runAsNonRoot: true + runAsGroup: 65534 + runAsUser: 65534 + fsGroup: 65534 + +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +nodeSelector: {} + +## Affinity settings for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ +affinity: {} + +## Tolerations for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +tolerations: [] + +# Annotations to be added to the pod +podAnnotations: {} + +## Assign a PriorityClassName to pods if set +# priorityClassName: "" + +# Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +podDisruptionBudget: {} + +# Available collectors for kube-state-metrics. By default all available +# collectors are enabled. +collectors: + certificatesigningrequests: true + configmaps: true + cronjobs: true + daemonsets: true + deployments: true + endpoints: true + horizontalpodautoscalers: true + ingresses: true + jobs: true + limitranges: true + mutatingwebhookconfigurations: true + namespaces: true + networkpolicies: true + nodes: true + persistentvolumeclaims: true + persistentvolumes: true + poddisruptionbudgets: true + pods: true + replicasets: true + replicationcontrollers: true + resourcequotas: true + secrets: true + services: true + statefulsets: true + storageclasses: true + validatingwebhookconfigurations: true + verticalpodautoscalers: false + volumeattachments: true + +# Enabling kubeconfig will pass the --kubeconfig argument to the container +kubeconfig: + enabled: false + # base64 encoded kube-config file + secret: + +# Namespace to be enabled for collecting resources. By default all namespaces are collected. +# namespace: "" + +## Override the deployment namespace +## +namespaceOverride: "" + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 64Mi + # requests: + # cpu: 10m + # memory: 32Mi + +## Provide a k8s version to define apiGroups for podSecurityPolicy Cluster Role. +## For example: kubeTargetVersionOverride: 1.14.9 +## +kubeTargetVersionOverride: "" + +# Enable self metrics configuration for service and Service Monitor +# Default values for telemetry configuration can be overriden +selfMonitor: + enabled: false + # telemetryHost: 0.0.0.0 + # telemetryPort: 8081 diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.6.000/Chart.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.6.000/Chart.yaml new file mode 100644 index 000000000..5da44c496 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.6.000/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-logging-system + catalog.cattle.io/release-name: rancher-logging-crd +apiVersion: v1 +description: Installs the CRDs for rancher-logging. +name: rancher-logging-crd +type: application +version: 3.6.000 diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.6.000/README.md b/released/charts/rancher-logging/rancher-logging-crd/3.6.000/README.md new file mode 100644 index 000000000..57b839d2b --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.6.000/README.md @@ -0,0 +1,2 @@ +# rancher-logging-crd +A Rancher chart that installs the CRDs used by [rancher-logging](https://github.com/rancher/dev-charts/tree/master/packages/rancher-logging). diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.6.000/templates/logging.banzaicloud.io_clusterflows.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.6.000/templates/logging.banzaicloud.io_clusterflows.yaml new file mode 100644 index 000000000..ce242e787 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.6.000/templates/logging.banzaicloud.io_clusterflows.yaml @@ -0,0 +1,552 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: clusterflows.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: ClusterFlow + listKind: ClusterFlowList + plural: clusterflows + singular: clusterflow + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + loggingRef: + type: string + match: + items: + properties: + exclude: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + namespaces: + items: + type: string + type: array + type: object + select: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + namespaces: + items: + type: string + type: array + type: object + type: object + type: array + outputRefs: + items: + type: string + type: array + selectors: + additionalProperties: + type: string + type: object + type: object + status: + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.6.000/templates/logging.banzaicloud.io_clusteroutputs.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.6.000/templates/logging.banzaicloud.io_clusteroutputs.yaml new file mode 100644 index 000000000..1eaeb2ebb --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.6.000/templates/logging.banzaicloud.io_clusteroutputs.yaml @@ -0,0 +1,4142 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: clusteroutputs.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: ClusterOutput + listKind: ClusterOutputList + plural: clusteroutputs + singular: clusteroutput + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + awsElasticsearch: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_arn: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_session_name: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_web_identity_token_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ecs_container_credentials_relative_uri: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + region: + type: string + secret_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + sts_credentials_region: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + flush_interval: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + include_tag_key: + type: boolean + logstash_format: + type: boolean + tag_key: + type: string + type: object + azurestorage: + properties: + auto_create_container: + type: boolean + azure_container: + type: string + azure_object_key_format: + type: string + azure_storage_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_account: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_type: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + type: string + path: + type: string + store_as: + type: string + required: + - azure_container + - azure_storage_access_key + - azure_storage_account + type: object + cloudwatch: + properties: + auto_create_stream: + type: boolean + aws_instance_profile_credentials_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sts_role_arn: + type: string + aws_sts_session_name: + type: string + aws_use_sts: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + concurrency: + type: integer + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + http_proxy: + type: string + include_time_key: + type: boolean + json_handler: + type: string + localtime: + type: boolean + log_group_aws_tags: + type: string + log_group_aws_tags_key: + type: string + log_group_name: + type: string + log_group_name_key: + type: string + log_rejected_request: + type: string + log_stream_name: + type: string + log_stream_name_key: + type: string + max_events_per_batch: + type: integer + max_message_length: + type: integer + message_keys: + type: string + put_log_events_disable_retry_limit: + type: boolean + put_log_events_retry_limit: + type: integer + put_log_events_retry_wait: + type: string + region: + type: string + remove_log_group_aws_tags_key: + type: string + remove_log_group_name_key: + type: string + remove_log_stream_name_key: + type: string + remove_retention_in_days: + type: string + retention_in_days: + type: string + retention_in_days_key: + type: string + use_tag_as_group: + type: boolean + use_tag_as_stream: + type: boolean + required: + - region + type: object + datadog: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_level: + type: string + dd_hostname: + type: string + dd_source: + type: string + dd_sourcecategory: + type: string + dd_tags: + type: string + host: + type: string + include_tag_key: + type: boolean + max_backoff: + type: string + max_retries: + type: string + no_ssl_validation: + type: boolean + port: + type: string + service: + type: string + ssl_port: + type: string + tag_key: + type: string + timestamp_key: + type: string + use_compression: + type: boolean + use_http: + type: boolean + use_json: + type: boolean + use_ssl: + type: boolean + required: + - api_key + type: object + elasticsearch: + properties: + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + content_type: + type: string + custom_headers: + type: string + customize_template: + type: string + default_elasticsearch_version: + type: string + deflector_alias: + type: string + enable_ilm: + type: boolean + exception_backup: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + host: + type: string + hosts: + type: string + http_backend: + type: string + id_key: + type: string + ignore_exceptions: + type: string + ilm_policy: + type: string + ilm_policy_id: + type: string + ilm_policy_overwrite: + type: boolean + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_prefix: + type: string + log_es_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_es_version: + type: string + max_retry_putting_template: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + rollover_index: + type: boolean + routing_key: + type: string + scheme: + type: string + sniffer_class_name: + type: string + ssl_max_version: + type: string + ssl_min_version: + type: string + ssl_verify: + type: boolean + ssl_version: + type: string + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_key: + type: string + target_type_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + type_name: + type: string + unrecoverable_error_types: + type: string + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_es_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + enabledNamespaces: + items: + type: string + type: array + file: + properties: + add_path_suffix: + type: boolean + append: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + path: + type: string + path_suffix: + type: string + symlink_path: + type: boolean + required: + - path + type: object + forward: + properties: + ack_response_timeout: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + connect_timeout: + type: integer + dns_round_robin: + type: boolean + expire_dns_cache: + type: integer + hard_timeout: + type: integer + heartbeat_interval: + type: integer + heartbeat_type: + type: string + ignore_network_errors_at_startup: + type: boolean + keepalive: + type: boolean + keepalive_timeout: + type: integer + phi_failure_detector: + type: boolean + phi_threshold: + type: integer + recover_wait: + type: integer + require_ack_response: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_timeout: + type: integer + servers: + items: + properties: + host: + type: string + name: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + shared_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + standby: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + weight: + type: integer + required: + - host + type: object + type: array + tls_allow_self_signed_cert: + type: boolean + tls_cert_logical_store_name: + type: string + tls_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_cert_thumbprint: + type: string + tls_cert_use_enterprise_store: + type: boolean + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_insecure_mode: + type: boolean + tls_verify_hostname: + type: boolean + tls_version: + type: string + verify_connection_at_startup: + type: boolean + required: + - servers + type: object + gcs: + properties: + acl: + type: string + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_retries: + type: integer + client_timeout: + type: integer + credentials_json: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + encryption_key: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + keyfile: + type: string + object_key_format: + type: string + object_metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + overwrite: + type: boolean + path: + type: string + project: + type: string + storage_class: + type: string + store_as: + type: string + transcoding: + type: boolean + required: + - bucket + - project + type: object + http: + properties: + auth: + properties: + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - password + - username + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + content_type: + type: string + endpoint: + type: string + error_response_as_unrecoverable: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + headers: + additionalProperties: + type: string + type: object + http_method: + type: string + json_array: + type: boolean + open_timeout: + type: integer + proxy: + type: string + read_timeout: + type: integer + retryable_response_codes: + items: + type: integer + type: array + ssl_timeout: + type: integer + tls_ca_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_verify_mode: + type: string + tls_version: + type: string + required: + - endpoint + type: object + kafka: + properties: + ack_timeout: + type: integer + brokers: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_codec: + type: string + default_message_key: + type: string + default_partition_key: + type: string + default_topic: + type: string + exclude_partion_key: + type: boolean + exclude_topic_key: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + get_kafka_client_log: + type: boolean + headers: + additionalProperties: + type: string + type: object + headers_from_record: + additionalProperties: + type: string + type: object + idempotent: + type: boolean + max_send_retries: + type: integer + message_key_key: + type: string + partition_key: + type: string + partition_key_key: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required_acks: + type: integer + sasl_over_ssl: + type: boolean + scram_mechanism: + type: string + ssl_ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_ca_certs_from_system: + type: boolean + ssl_client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_chain: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_verify_hostname: + type: boolean + topic_key: + type: string + use_default_for_unknown_topic: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - brokers + - format + type: object + kinesisStream: + properties: + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + aws_iam_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_ses_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + batch_request_max_count: + type: integer + batch_request_max_size: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + partition_key: + type: string + process_credentials: + properties: + process: + type: string + required: + - process + type: object + region: + type: string + reset_backoff_if_success: + type: boolean + retries_on_batch_request: + type: integer + stream_name: + type: string + required: + - stream_name + type: object + logdna: + properties: + api_key: + type: string + app: + type: string + buffer_chunk_limit: + type: string + hostname: + type: string + required: + - api_key + - hostname + type: object + loggingRef: + type: string + logz: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + port: + type: integer + token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + gzip: + type: boolean + http_idle_timeout: + type: integer + output_include_tags: + type: boolean + output_include_time: + type: boolean + retry_count: + type: integer + retry_sleep: + type: integer + required: + - endpoint + type: object + loki: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + configure_kubernetes_labels: + type: boolean + drop_single_key: + type: boolean + extra_labels: + additionalProperties: + type: string + type: object + extract_kubernetes_labels: + type: boolean + labels: + additionalProperties: + type: string + type: object + line_format: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + remove_keys: + items: + type: string + type: array + tenant: + type: string + url: + type: string + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + newrelic: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + base_uri: + type: string + license_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + nullout: + type: object + oss: + properties: + aaccess_key_secret: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_bucket: + type: boolean + check_object: + type: boolean + download_crc_enable: + type: boolean + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + index_format: + type: string + key_format: + type: string + open_timeout: + type: integer + oss_sdk_log_dir: + type: string + overwrite: + type: boolean + path: + type: string + read_timeout: + type: integer + store_as: + type: string + upload_crc_enable: + type: boolean + warn_for_delay: + type: string + required: + - aaccess_key_secret + - access_key_id + - bucket + - endpoint + type: object + redis: + properties: + allow_duplicate_key: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + db_number: + type: integer + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insert_key_prefix: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + strftime_format: + type: string + ttl: + type: integer + type: object + s3: + properties: + acl: + type: string + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + auto_create_bucket: + type: string + aws_iam_retries: + type: string + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_apikey_on_start: + type: string + check_bucket: + type: string + check_object: + type: string + compute_checksums: + type: string + enable_transfer_acceleration: + type: string + force_path_style: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + grant_full_control: + type: string + grant_read: + type: string + grant_read_acp: + type: string + grant_write_acp: + type: string + hex_random_length: + type: string + index_format: + type: string + instance_profile_credentials: + properties: + http_open_timeout: + type: string + http_read_timeout: + type: string + ip_address: + type: string + port: + type: string + retries: + type: string + type: object + overwrite: + type: string + path: + type: string + proxy_uri: + type: string + s3_bucket: + type: string + s3_endpoint: + type: string + s3_metadata: + type: string + s3_object_key_format: + type: string + s3_region: + type: string + shared_credentials: + properties: + path: + type: string + profile_name: + type: string + type: object + signature_version: + type: string + sse_customer_algorithm: + type: string + sse_customer_key: + type: string + sse_customer_key_md5: + type: string + ssekms_key_id: + type: string + ssl_verify_peer: + type: string + storage_class: + type: string + store_as: + type: string + use_bundled_cert: + type: string + use_server_side_encryption: + type: string + warn_for_delay: + type: string + required: + - s3_bucket + type: object + splunkHec: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_file: + type: string + ca_path: + type: string + client_cert: + type: string + client_key: + type: string + coerce_to_utf8: + type: boolean + data_type: + type: string + fields: + additionalProperties: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hec_host: + type: string + hec_port: + type: integer + hec_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + host: + type: string + host_key: + type: string + idle_timeout: + type: integer + index: + type: string + index_key: + type: string + insecure_ssl: + type: boolean + keep_keys: + type: boolean + metric_name_key: + type: string + metric_value_key: + type: string + metrics_from_event: + type: boolean + non_utf8_replacement_string: + type: string + open_timeout: + type: integer + protocol: + type: string + read_timeout: + type: integer + source: + type: string + source_key: + type: string + sourcetype: + type: string + sourcetype_key: + type: string + ssl_ciphers: + type: string + required: + - hec_host + - hec_token + type: object + sumologic: + properties: + add_timestamp: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compress: + type: boolean + compress_encoding: + type: string + custom_dimensions: + type: string + custom_fields: + items: + type: string + type: array + data_type: + type: string + delimiter: + type: string + disable_cookies: + type: boolean + endpoint: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + log_format: + type: string + log_key: + type: string + metric_data_format: + type: string + open_timeout: + type: integer + proxy_uri: + type: string + source_category: + type: string + source_host: + type: string + source_name: + type: string + source_name_key: + type: string + sumo_client: + type: string + timestamp_key: + type: string + verify_ssl: + type: boolean + required: + - endpoint + - source_name + type: object + type: object + status: + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.6.000/templates/logging.banzaicloud.io_flows.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.6.000/templates/logging.banzaicloud.io_flows.yaml new file mode 100644 index 000000000..fd4aaa812 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.6.000/templates/logging.banzaicloud.io_flows.yaml @@ -0,0 +1,548 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: flows.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Flow + listKind: FlowList + plural: flows + singular: flow + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + localOutputRefs: + items: + type: string + type: array + loggingRef: + type: string + match: + items: + properties: + exclude: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + type: object + select: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + outputRefs: + items: + type: string + type: array + selectors: + additionalProperties: + type: string + type: object + type: object + status: + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.6.000/templates/logging.banzaicloud.io_loggings.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.6.000/templates/logging.banzaicloud.io_loggings.yaml new file mode 100644 index 000000000..4600ae7b1 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.6.000/templates/logging.banzaicloud.io_loggings.yaml @@ -0,0 +1,2411 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: loggings.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Logging + listKind: LoggingList + plural: loggings + singular: logging + preserveUnknownFields: false + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + allowClusterResourcesFromAllNamespaces: + type: boolean + controlNamespace: + type: string + defaultFlow: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + outputRefs: + items: + type: string + type: array + type: object + enableRecreateWorkloadOnImmutableFieldChange: + type: boolean + flowConfigCheckDisabled: + type: boolean + flowConfigOverride: + type: string + fluentbit: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + bufferStorage: + properties: + storage.backlog.mem_limit: + type: string + storage.checksum: + type: string + storage.path: + type: string + storage.sync: + type: string + type: object + bufferStorageVolume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + customConfigSecret: + type: string + extraVolumeMounts: + items: + properties: + destination: + pattern: ^/.+$ + type: string + readOnly: + type: boolean + source: + pattern: ^/.+$ + type: string + required: + - destination + - source + type: object + type: array + filterAws: + properties: + Match: + type: string + imds_version: + type: string + type: object + filterKubernetes: + properties: + Annotations: + type: string + Buffer_Size: + type: string + Dummy_Meta: + type: string + K8S-Logging.Exclude: + type: string + K8S-Logging.Parser: + type: string + Keep_Log: + type: string + Kube_CA_File: + type: string + Kube_CA_Path: + type: string + Kube_Tag_Prefix: + type: string + Kube_Token_File: + type: string + Kube_URL: + type: string + Kube_meta_preload_cache_dir: + type: string + Labels: + type: string + Match: + type: string + Merge_Log: + type: string + Merge_Log_Key: + type: string + Merge_Log_Trim: + type: string + Merge_Parser: + type: string + Regex_Parser: + type: string + Use_Journal: + type: string + tls.debug: + type: string + tls.verify: + type: string + type: object + image: + properties: + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + inputTail: + properties: + Buffer_Chunk_Size: + type: string + Buffer_Max_Size: + type: string + DB: + type: string + DB_Sync: + type: string + Docker_Mode: + type: string + Docker_Mode_Flush: + type: string + Exclude_Path: + type: string + Ignore_Older: + type: string + Key: + type: string + Mem_Buf_Limit: + type: string + Multiline: + type: string + Multiline_Flush: + type: string + Parser: + type: string + Parser_Firstline: + type: string + Parser_N: + items: + type: string + type: array + Path: + type: string + Path_Key: + type: string + Refresh_Interval: + type: string + Rotate_Wait: + type: string + Skip_Long_Lines: + type: string + Tag: + type: string + Tag_Regex: + type: string + storage.type: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + livenessDefaultCheck: + type: boolean + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + metrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + type: object + timeout: + type: string + type: object + mountPath: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + parser: + type: string + podPriorityClassName: + type: string + position_db: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + positiondb: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + security: + properties: + podSecurityContext: + properties: + fsGroup: + format: int64 + type: integer + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + podSecurityPolicyCreate: + type: boolean + roleBasedAccessControlCreate: + type: boolean + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + type: object + targetHost: + type: string + targetPort: + format: int32 + type: integer + tls: + properties: + enabled: + type: boolean + secretName: + type: string + sharedKey: + type: string + required: + - enabled + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + type: object + fluentd: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + bufferStorageVolume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + configCheckAnnotations: + additionalProperties: + type: string + type: object + configReloaderImage: + properties: + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + disablePvc: + type: boolean + fluentLogDestination: + type: string + fluentOutLogrotate: + properties: + age: + type: string + enabled: + type: boolean + path: + type: string + size: + type: string + required: + - enabled + type: object + fluentdPvcSpec: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + image: + properties: + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + livenessDefaultCheck: + type: boolean + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + logLevel: + type: string + metrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + type: object + timeout: + type: string + type: object + nodeSelector: + additionalProperties: + type: string + type: object + podPriorityClassName: + type: string + port: + format: int32 + type: integer + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + scaling: + properties: + replicas: + type: integer + required: + - replicas + type: object + security: + properties: + podSecurityContext: + properties: + fsGroup: + format: int64 + type: integer + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + podSecurityPolicyCreate: + type: boolean + roleBasedAccessControlCreate: + type: boolean + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + type: object + tls: + properties: + enabled: + type: boolean + secretName: + type: string + sharedKey: + type: string + required: + - enabled + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumeModImage: + properties: + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + volumeMountChmod: + type: boolean + workers: + format: int32 + type: integer + type: object + loggingRef: + type: string + watchNamespaces: + items: + type: string + type: array + required: + - controlNamespace + type: object + status: + properties: + configCheckResults: + additionalProperties: + type: boolean + type: object + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.6.000/templates/logging.banzaicloud.io_outputs.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.6.000/templates/logging.banzaicloud.io_outputs.yaml new file mode 100644 index 000000000..cc5caa94d --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.6.000/templates/logging.banzaicloud.io_outputs.yaml @@ -0,0 +1,4136 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: outputs.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Output + listKind: OutputList + plural: outputs + singular: output + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + awsElasticsearch: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_arn: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_session_name: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_web_identity_token_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ecs_container_credentials_relative_uri: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + region: + type: string + secret_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + sts_credentials_region: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + flush_interval: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + include_tag_key: + type: boolean + logstash_format: + type: boolean + tag_key: + type: string + type: object + azurestorage: + properties: + auto_create_container: + type: boolean + azure_container: + type: string + azure_object_key_format: + type: string + azure_storage_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_account: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_type: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + type: string + path: + type: string + store_as: + type: string + required: + - azure_container + - azure_storage_access_key + - azure_storage_account + type: object + cloudwatch: + properties: + auto_create_stream: + type: boolean + aws_instance_profile_credentials_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sts_role_arn: + type: string + aws_sts_session_name: + type: string + aws_use_sts: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + concurrency: + type: integer + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + http_proxy: + type: string + include_time_key: + type: boolean + json_handler: + type: string + localtime: + type: boolean + log_group_aws_tags: + type: string + log_group_aws_tags_key: + type: string + log_group_name: + type: string + log_group_name_key: + type: string + log_rejected_request: + type: string + log_stream_name: + type: string + log_stream_name_key: + type: string + max_events_per_batch: + type: integer + max_message_length: + type: integer + message_keys: + type: string + put_log_events_disable_retry_limit: + type: boolean + put_log_events_retry_limit: + type: integer + put_log_events_retry_wait: + type: string + region: + type: string + remove_log_group_aws_tags_key: + type: string + remove_log_group_name_key: + type: string + remove_log_stream_name_key: + type: string + remove_retention_in_days: + type: string + retention_in_days: + type: string + retention_in_days_key: + type: string + use_tag_as_group: + type: boolean + use_tag_as_stream: + type: boolean + required: + - region + type: object + datadog: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_level: + type: string + dd_hostname: + type: string + dd_source: + type: string + dd_sourcecategory: + type: string + dd_tags: + type: string + host: + type: string + include_tag_key: + type: boolean + max_backoff: + type: string + max_retries: + type: string + no_ssl_validation: + type: boolean + port: + type: string + service: + type: string + ssl_port: + type: string + tag_key: + type: string + timestamp_key: + type: string + use_compression: + type: boolean + use_http: + type: boolean + use_json: + type: boolean + use_ssl: + type: boolean + required: + - api_key + type: object + elasticsearch: + properties: + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + content_type: + type: string + custom_headers: + type: string + customize_template: + type: string + default_elasticsearch_version: + type: string + deflector_alias: + type: string + enable_ilm: + type: boolean + exception_backup: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + host: + type: string + hosts: + type: string + http_backend: + type: string + id_key: + type: string + ignore_exceptions: + type: string + ilm_policy: + type: string + ilm_policy_id: + type: string + ilm_policy_overwrite: + type: boolean + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_prefix: + type: string + log_es_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_es_version: + type: string + max_retry_putting_template: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + rollover_index: + type: boolean + routing_key: + type: string + scheme: + type: string + sniffer_class_name: + type: string + ssl_max_version: + type: string + ssl_min_version: + type: string + ssl_verify: + type: boolean + ssl_version: + type: string + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_key: + type: string + target_type_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + type_name: + type: string + unrecoverable_error_types: + type: string + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_es_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + file: + properties: + add_path_suffix: + type: boolean + append: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + path: + type: string + path_suffix: + type: string + symlink_path: + type: boolean + required: + - path + type: object + forward: + properties: + ack_response_timeout: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + connect_timeout: + type: integer + dns_round_robin: + type: boolean + expire_dns_cache: + type: integer + hard_timeout: + type: integer + heartbeat_interval: + type: integer + heartbeat_type: + type: string + ignore_network_errors_at_startup: + type: boolean + keepalive: + type: boolean + keepalive_timeout: + type: integer + phi_failure_detector: + type: boolean + phi_threshold: + type: integer + recover_wait: + type: integer + require_ack_response: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_timeout: + type: integer + servers: + items: + properties: + host: + type: string + name: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + shared_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + standby: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + weight: + type: integer + required: + - host + type: object + type: array + tls_allow_self_signed_cert: + type: boolean + tls_cert_logical_store_name: + type: string + tls_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_cert_thumbprint: + type: string + tls_cert_use_enterprise_store: + type: boolean + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_insecure_mode: + type: boolean + tls_verify_hostname: + type: boolean + tls_version: + type: string + verify_connection_at_startup: + type: boolean + required: + - servers + type: object + gcs: + properties: + acl: + type: string + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_retries: + type: integer + client_timeout: + type: integer + credentials_json: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + encryption_key: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + keyfile: + type: string + object_key_format: + type: string + object_metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + overwrite: + type: boolean + path: + type: string + project: + type: string + storage_class: + type: string + store_as: + type: string + transcoding: + type: boolean + required: + - bucket + - project + type: object + http: + properties: + auth: + properties: + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - password + - username + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + content_type: + type: string + endpoint: + type: string + error_response_as_unrecoverable: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + headers: + additionalProperties: + type: string + type: object + http_method: + type: string + json_array: + type: boolean + open_timeout: + type: integer + proxy: + type: string + read_timeout: + type: integer + retryable_response_codes: + items: + type: integer + type: array + ssl_timeout: + type: integer + tls_ca_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_verify_mode: + type: string + tls_version: + type: string + required: + - endpoint + type: object + kafka: + properties: + ack_timeout: + type: integer + brokers: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_codec: + type: string + default_message_key: + type: string + default_partition_key: + type: string + default_topic: + type: string + exclude_partion_key: + type: boolean + exclude_topic_key: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + get_kafka_client_log: + type: boolean + headers: + additionalProperties: + type: string + type: object + headers_from_record: + additionalProperties: + type: string + type: object + idempotent: + type: boolean + max_send_retries: + type: integer + message_key_key: + type: string + partition_key: + type: string + partition_key_key: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required_acks: + type: integer + sasl_over_ssl: + type: boolean + scram_mechanism: + type: string + ssl_ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_ca_certs_from_system: + type: boolean + ssl_client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_chain: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_verify_hostname: + type: boolean + topic_key: + type: string + use_default_for_unknown_topic: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - brokers + - format + type: object + kinesisStream: + properties: + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + aws_iam_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_ses_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + batch_request_max_count: + type: integer + batch_request_max_size: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + partition_key: + type: string + process_credentials: + properties: + process: + type: string + required: + - process + type: object + region: + type: string + reset_backoff_if_success: + type: boolean + retries_on_batch_request: + type: integer + stream_name: + type: string + required: + - stream_name + type: object + logdna: + properties: + api_key: + type: string + app: + type: string + buffer_chunk_limit: + type: string + hostname: + type: string + required: + - api_key + - hostname + type: object + loggingRef: + type: string + logz: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + port: + type: integer + token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + gzip: + type: boolean + http_idle_timeout: + type: integer + output_include_tags: + type: boolean + output_include_time: + type: boolean + retry_count: + type: integer + retry_sleep: + type: integer + required: + - endpoint + type: object + loki: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + configure_kubernetes_labels: + type: boolean + drop_single_key: + type: boolean + extra_labels: + additionalProperties: + type: string + type: object + extract_kubernetes_labels: + type: boolean + labels: + additionalProperties: + type: string + type: object + line_format: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + remove_keys: + items: + type: string + type: array + tenant: + type: string + url: + type: string + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + newrelic: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + base_uri: + type: string + license_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + nullout: + type: object + oss: + properties: + aaccess_key_secret: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_bucket: + type: boolean + check_object: + type: boolean + download_crc_enable: + type: boolean + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + index_format: + type: string + key_format: + type: string + open_timeout: + type: integer + oss_sdk_log_dir: + type: string + overwrite: + type: boolean + path: + type: string + read_timeout: + type: integer + store_as: + type: string + upload_crc_enable: + type: boolean + warn_for_delay: + type: string + required: + - aaccess_key_secret + - access_key_id + - bucket + - endpoint + type: object + redis: + properties: + allow_duplicate_key: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + db_number: + type: integer + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insert_key_prefix: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + strftime_format: + type: string + ttl: + type: integer + type: object + s3: + properties: + acl: + type: string + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + auto_create_bucket: + type: string + aws_iam_retries: + type: string + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_apikey_on_start: + type: string + check_bucket: + type: string + check_object: + type: string + compute_checksums: + type: string + enable_transfer_acceleration: + type: string + force_path_style: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + grant_full_control: + type: string + grant_read: + type: string + grant_read_acp: + type: string + grant_write_acp: + type: string + hex_random_length: + type: string + index_format: + type: string + instance_profile_credentials: + properties: + http_open_timeout: + type: string + http_read_timeout: + type: string + ip_address: + type: string + port: + type: string + retries: + type: string + type: object + overwrite: + type: string + path: + type: string + proxy_uri: + type: string + s3_bucket: + type: string + s3_endpoint: + type: string + s3_metadata: + type: string + s3_object_key_format: + type: string + s3_region: + type: string + shared_credentials: + properties: + path: + type: string + profile_name: + type: string + type: object + signature_version: + type: string + sse_customer_algorithm: + type: string + sse_customer_key: + type: string + sse_customer_key_md5: + type: string + ssekms_key_id: + type: string + ssl_verify_peer: + type: string + storage_class: + type: string + store_as: + type: string + use_bundled_cert: + type: string + use_server_side_encryption: + type: string + warn_for_delay: + type: string + required: + - s3_bucket + type: object + splunkHec: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_file: + type: string + ca_path: + type: string + client_cert: + type: string + client_key: + type: string + coerce_to_utf8: + type: boolean + data_type: + type: string + fields: + additionalProperties: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hec_host: + type: string + hec_port: + type: integer + hec_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + host: + type: string + host_key: + type: string + idle_timeout: + type: integer + index: + type: string + index_key: + type: string + insecure_ssl: + type: boolean + keep_keys: + type: boolean + metric_name_key: + type: string + metric_value_key: + type: string + metrics_from_event: + type: boolean + non_utf8_replacement_string: + type: string + open_timeout: + type: integer + protocol: + type: string + read_timeout: + type: integer + source: + type: string + source_key: + type: string + sourcetype: + type: string + sourcetype_key: + type: string + ssl_ciphers: + type: string + required: + - hec_host + - hec_token + type: object + sumologic: + properties: + add_timestamp: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compress: + type: boolean + compress_encoding: + type: string + custom_dimensions: + type: string + custom_fields: + items: + type: string + type: array + data_type: + type: string + delimiter: + type: string + disable_cookies: + type: boolean + endpoint: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + log_format: + type: string + log_key: + type: string + metric_data_format: + type: string + open_timeout: + type: integer + proxy_uri: + type: string + source_category: + type: string + source_host: + type: string + source_name: + type: string + source_name_key: + type: string + sumo_client: + type: string + timestamp_key: + type: string + verify_ssl: + type: boolean + required: + - endpoint + - source_name + type: object + type: object + status: + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.6.001/Chart.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.6.001/Chart.yaml new file mode 100644 index 000000000..deb301813 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.6.001/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-logging-system + catalog.cattle.io/release-name: rancher-logging-crd +apiVersion: v1 +description: Installs the CRDs for rancher-logging. +name: rancher-logging-crd +type: application +version: 3.6.001 diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.6.001/README.md b/released/charts/rancher-logging/rancher-logging-crd/3.6.001/README.md new file mode 100644 index 000000000..d4beb54fa --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.6.001/README.md @@ -0,0 +1,2 @@ +# rancher-logging-crd +A Rancher chart that installs the CRDs used by rancher-logging. diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.6.001/templates/logging.banzaicloud.io_clusterflows.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.6.001/templates/logging.banzaicloud.io_clusterflows.yaml new file mode 100644 index 000000000..ce242e787 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.6.001/templates/logging.banzaicloud.io_clusterflows.yaml @@ -0,0 +1,552 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: clusterflows.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: ClusterFlow + listKind: ClusterFlowList + plural: clusterflows + singular: clusterflow + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + loggingRef: + type: string + match: + items: + properties: + exclude: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + namespaces: + items: + type: string + type: array + type: object + select: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + namespaces: + items: + type: string + type: array + type: object + type: object + type: array + outputRefs: + items: + type: string + type: array + selectors: + additionalProperties: + type: string + type: object + type: object + status: + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.6.001/templates/logging.banzaicloud.io_clusteroutputs.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.6.001/templates/logging.banzaicloud.io_clusteroutputs.yaml new file mode 100644 index 000000000..1eaeb2ebb --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.6.001/templates/logging.banzaicloud.io_clusteroutputs.yaml @@ -0,0 +1,4142 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: clusteroutputs.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: ClusterOutput + listKind: ClusterOutputList + plural: clusteroutputs + singular: clusteroutput + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + awsElasticsearch: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_arn: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_session_name: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_web_identity_token_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ecs_container_credentials_relative_uri: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + region: + type: string + secret_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + sts_credentials_region: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + flush_interval: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + include_tag_key: + type: boolean + logstash_format: + type: boolean + tag_key: + type: string + type: object + azurestorage: + properties: + auto_create_container: + type: boolean + azure_container: + type: string + azure_object_key_format: + type: string + azure_storage_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_account: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_type: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + type: string + path: + type: string + store_as: + type: string + required: + - azure_container + - azure_storage_access_key + - azure_storage_account + type: object + cloudwatch: + properties: + auto_create_stream: + type: boolean + aws_instance_profile_credentials_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sts_role_arn: + type: string + aws_sts_session_name: + type: string + aws_use_sts: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + concurrency: + type: integer + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + http_proxy: + type: string + include_time_key: + type: boolean + json_handler: + type: string + localtime: + type: boolean + log_group_aws_tags: + type: string + log_group_aws_tags_key: + type: string + log_group_name: + type: string + log_group_name_key: + type: string + log_rejected_request: + type: string + log_stream_name: + type: string + log_stream_name_key: + type: string + max_events_per_batch: + type: integer + max_message_length: + type: integer + message_keys: + type: string + put_log_events_disable_retry_limit: + type: boolean + put_log_events_retry_limit: + type: integer + put_log_events_retry_wait: + type: string + region: + type: string + remove_log_group_aws_tags_key: + type: string + remove_log_group_name_key: + type: string + remove_log_stream_name_key: + type: string + remove_retention_in_days: + type: string + retention_in_days: + type: string + retention_in_days_key: + type: string + use_tag_as_group: + type: boolean + use_tag_as_stream: + type: boolean + required: + - region + type: object + datadog: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_level: + type: string + dd_hostname: + type: string + dd_source: + type: string + dd_sourcecategory: + type: string + dd_tags: + type: string + host: + type: string + include_tag_key: + type: boolean + max_backoff: + type: string + max_retries: + type: string + no_ssl_validation: + type: boolean + port: + type: string + service: + type: string + ssl_port: + type: string + tag_key: + type: string + timestamp_key: + type: string + use_compression: + type: boolean + use_http: + type: boolean + use_json: + type: boolean + use_ssl: + type: boolean + required: + - api_key + type: object + elasticsearch: + properties: + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + content_type: + type: string + custom_headers: + type: string + customize_template: + type: string + default_elasticsearch_version: + type: string + deflector_alias: + type: string + enable_ilm: + type: boolean + exception_backup: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + host: + type: string + hosts: + type: string + http_backend: + type: string + id_key: + type: string + ignore_exceptions: + type: string + ilm_policy: + type: string + ilm_policy_id: + type: string + ilm_policy_overwrite: + type: boolean + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_prefix: + type: string + log_es_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_es_version: + type: string + max_retry_putting_template: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + rollover_index: + type: boolean + routing_key: + type: string + scheme: + type: string + sniffer_class_name: + type: string + ssl_max_version: + type: string + ssl_min_version: + type: string + ssl_verify: + type: boolean + ssl_version: + type: string + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_key: + type: string + target_type_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + type_name: + type: string + unrecoverable_error_types: + type: string + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_es_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + enabledNamespaces: + items: + type: string + type: array + file: + properties: + add_path_suffix: + type: boolean + append: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + path: + type: string + path_suffix: + type: string + symlink_path: + type: boolean + required: + - path + type: object + forward: + properties: + ack_response_timeout: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + connect_timeout: + type: integer + dns_round_robin: + type: boolean + expire_dns_cache: + type: integer + hard_timeout: + type: integer + heartbeat_interval: + type: integer + heartbeat_type: + type: string + ignore_network_errors_at_startup: + type: boolean + keepalive: + type: boolean + keepalive_timeout: + type: integer + phi_failure_detector: + type: boolean + phi_threshold: + type: integer + recover_wait: + type: integer + require_ack_response: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_timeout: + type: integer + servers: + items: + properties: + host: + type: string + name: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + shared_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + standby: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + weight: + type: integer + required: + - host + type: object + type: array + tls_allow_self_signed_cert: + type: boolean + tls_cert_logical_store_name: + type: string + tls_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_cert_thumbprint: + type: string + tls_cert_use_enterprise_store: + type: boolean + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_insecure_mode: + type: boolean + tls_verify_hostname: + type: boolean + tls_version: + type: string + verify_connection_at_startup: + type: boolean + required: + - servers + type: object + gcs: + properties: + acl: + type: string + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_retries: + type: integer + client_timeout: + type: integer + credentials_json: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + encryption_key: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + keyfile: + type: string + object_key_format: + type: string + object_metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + overwrite: + type: boolean + path: + type: string + project: + type: string + storage_class: + type: string + store_as: + type: string + transcoding: + type: boolean + required: + - bucket + - project + type: object + http: + properties: + auth: + properties: + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - password + - username + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + content_type: + type: string + endpoint: + type: string + error_response_as_unrecoverable: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + headers: + additionalProperties: + type: string + type: object + http_method: + type: string + json_array: + type: boolean + open_timeout: + type: integer + proxy: + type: string + read_timeout: + type: integer + retryable_response_codes: + items: + type: integer + type: array + ssl_timeout: + type: integer + tls_ca_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_verify_mode: + type: string + tls_version: + type: string + required: + - endpoint + type: object + kafka: + properties: + ack_timeout: + type: integer + brokers: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_codec: + type: string + default_message_key: + type: string + default_partition_key: + type: string + default_topic: + type: string + exclude_partion_key: + type: boolean + exclude_topic_key: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + get_kafka_client_log: + type: boolean + headers: + additionalProperties: + type: string + type: object + headers_from_record: + additionalProperties: + type: string + type: object + idempotent: + type: boolean + max_send_retries: + type: integer + message_key_key: + type: string + partition_key: + type: string + partition_key_key: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required_acks: + type: integer + sasl_over_ssl: + type: boolean + scram_mechanism: + type: string + ssl_ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_ca_certs_from_system: + type: boolean + ssl_client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_chain: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_verify_hostname: + type: boolean + topic_key: + type: string + use_default_for_unknown_topic: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - brokers + - format + type: object + kinesisStream: + properties: + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + aws_iam_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_ses_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + batch_request_max_count: + type: integer + batch_request_max_size: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + partition_key: + type: string + process_credentials: + properties: + process: + type: string + required: + - process + type: object + region: + type: string + reset_backoff_if_success: + type: boolean + retries_on_batch_request: + type: integer + stream_name: + type: string + required: + - stream_name + type: object + logdna: + properties: + api_key: + type: string + app: + type: string + buffer_chunk_limit: + type: string + hostname: + type: string + required: + - api_key + - hostname + type: object + loggingRef: + type: string + logz: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + port: + type: integer + token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + gzip: + type: boolean + http_idle_timeout: + type: integer + output_include_tags: + type: boolean + output_include_time: + type: boolean + retry_count: + type: integer + retry_sleep: + type: integer + required: + - endpoint + type: object + loki: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + configure_kubernetes_labels: + type: boolean + drop_single_key: + type: boolean + extra_labels: + additionalProperties: + type: string + type: object + extract_kubernetes_labels: + type: boolean + labels: + additionalProperties: + type: string + type: object + line_format: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + remove_keys: + items: + type: string + type: array + tenant: + type: string + url: + type: string + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + newrelic: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + base_uri: + type: string + license_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + nullout: + type: object + oss: + properties: + aaccess_key_secret: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_bucket: + type: boolean + check_object: + type: boolean + download_crc_enable: + type: boolean + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + index_format: + type: string + key_format: + type: string + open_timeout: + type: integer + oss_sdk_log_dir: + type: string + overwrite: + type: boolean + path: + type: string + read_timeout: + type: integer + store_as: + type: string + upload_crc_enable: + type: boolean + warn_for_delay: + type: string + required: + - aaccess_key_secret + - access_key_id + - bucket + - endpoint + type: object + redis: + properties: + allow_duplicate_key: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + db_number: + type: integer + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insert_key_prefix: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + strftime_format: + type: string + ttl: + type: integer + type: object + s3: + properties: + acl: + type: string + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + auto_create_bucket: + type: string + aws_iam_retries: + type: string + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_apikey_on_start: + type: string + check_bucket: + type: string + check_object: + type: string + compute_checksums: + type: string + enable_transfer_acceleration: + type: string + force_path_style: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + grant_full_control: + type: string + grant_read: + type: string + grant_read_acp: + type: string + grant_write_acp: + type: string + hex_random_length: + type: string + index_format: + type: string + instance_profile_credentials: + properties: + http_open_timeout: + type: string + http_read_timeout: + type: string + ip_address: + type: string + port: + type: string + retries: + type: string + type: object + overwrite: + type: string + path: + type: string + proxy_uri: + type: string + s3_bucket: + type: string + s3_endpoint: + type: string + s3_metadata: + type: string + s3_object_key_format: + type: string + s3_region: + type: string + shared_credentials: + properties: + path: + type: string + profile_name: + type: string + type: object + signature_version: + type: string + sse_customer_algorithm: + type: string + sse_customer_key: + type: string + sse_customer_key_md5: + type: string + ssekms_key_id: + type: string + ssl_verify_peer: + type: string + storage_class: + type: string + store_as: + type: string + use_bundled_cert: + type: string + use_server_side_encryption: + type: string + warn_for_delay: + type: string + required: + - s3_bucket + type: object + splunkHec: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_file: + type: string + ca_path: + type: string + client_cert: + type: string + client_key: + type: string + coerce_to_utf8: + type: boolean + data_type: + type: string + fields: + additionalProperties: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hec_host: + type: string + hec_port: + type: integer + hec_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + host: + type: string + host_key: + type: string + idle_timeout: + type: integer + index: + type: string + index_key: + type: string + insecure_ssl: + type: boolean + keep_keys: + type: boolean + metric_name_key: + type: string + metric_value_key: + type: string + metrics_from_event: + type: boolean + non_utf8_replacement_string: + type: string + open_timeout: + type: integer + protocol: + type: string + read_timeout: + type: integer + source: + type: string + source_key: + type: string + sourcetype: + type: string + sourcetype_key: + type: string + ssl_ciphers: + type: string + required: + - hec_host + - hec_token + type: object + sumologic: + properties: + add_timestamp: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compress: + type: boolean + compress_encoding: + type: string + custom_dimensions: + type: string + custom_fields: + items: + type: string + type: array + data_type: + type: string + delimiter: + type: string + disable_cookies: + type: boolean + endpoint: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + log_format: + type: string + log_key: + type: string + metric_data_format: + type: string + open_timeout: + type: integer + proxy_uri: + type: string + source_category: + type: string + source_host: + type: string + source_name: + type: string + source_name_key: + type: string + sumo_client: + type: string + timestamp_key: + type: string + verify_ssl: + type: boolean + required: + - endpoint + - source_name + type: object + type: object + status: + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.6.001/templates/logging.banzaicloud.io_flows.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.6.001/templates/logging.banzaicloud.io_flows.yaml new file mode 100644 index 000000000..fd4aaa812 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.6.001/templates/logging.banzaicloud.io_flows.yaml @@ -0,0 +1,548 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: flows.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Flow + listKind: FlowList + plural: flows + singular: flow + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + localOutputRefs: + items: + type: string + type: array + loggingRef: + type: string + match: + items: + properties: + exclude: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + type: object + select: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + outputRefs: + items: + type: string + type: array + selectors: + additionalProperties: + type: string + type: object + type: object + status: + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.6.001/templates/logging.banzaicloud.io_loggings.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.6.001/templates/logging.banzaicloud.io_loggings.yaml new file mode 100644 index 000000000..4600ae7b1 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.6.001/templates/logging.banzaicloud.io_loggings.yaml @@ -0,0 +1,2411 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: loggings.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Logging + listKind: LoggingList + plural: loggings + singular: logging + preserveUnknownFields: false + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + allowClusterResourcesFromAllNamespaces: + type: boolean + controlNamespace: + type: string + defaultFlow: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + outputRefs: + items: + type: string + type: array + type: object + enableRecreateWorkloadOnImmutableFieldChange: + type: boolean + flowConfigCheckDisabled: + type: boolean + flowConfigOverride: + type: string + fluentbit: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + bufferStorage: + properties: + storage.backlog.mem_limit: + type: string + storage.checksum: + type: string + storage.path: + type: string + storage.sync: + type: string + type: object + bufferStorageVolume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + customConfigSecret: + type: string + extraVolumeMounts: + items: + properties: + destination: + pattern: ^/.+$ + type: string + readOnly: + type: boolean + source: + pattern: ^/.+$ + type: string + required: + - destination + - source + type: object + type: array + filterAws: + properties: + Match: + type: string + imds_version: + type: string + type: object + filterKubernetes: + properties: + Annotations: + type: string + Buffer_Size: + type: string + Dummy_Meta: + type: string + K8S-Logging.Exclude: + type: string + K8S-Logging.Parser: + type: string + Keep_Log: + type: string + Kube_CA_File: + type: string + Kube_CA_Path: + type: string + Kube_Tag_Prefix: + type: string + Kube_Token_File: + type: string + Kube_URL: + type: string + Kube_meta_preload_cache_dir: + type: string + Labels: + type: string + Match: + type: string + Merge_Log: + type: string + Merge_Log_Key: + type: string + Merge_Log_Trim: + type: string + Merge_Parser: + type: string + Regex_Parser: + type: string + Use_Journal: + type: string + tls.debug: + type: string + tls.verify: + type: string + type: object + image: + properties: + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + inputTail: + properties: + Buffer_Chunk_Size: + type: string + Buffer_Max_Size: + type: string + DB: + type: string + DB_Sync: + type: string + Docker_Mode: + type: string + Docker_Mode_Flush: + type: string + Exclude_Path: + type: string + Ignore_Older: + type: string + Key: + type: string + Mem_Buf_Limit: + type: string + Multiline: + type: string + Multiline_Flush: + type: string + Parser: + type: string + Parser_Firstline: + type: string + Parser_N: + items: + type: string + type: array + Path: + type: string + Path_Key: + type: string + Refresh_Interval: + type: string + Rotate_Wait: + type: string + Skip_Long_Lines: + type: string + Tag: + type: string + Tag_Regex: + type: string + storage.type: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + livenessDefaultCheck: + type: boolean + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + metrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + type: object + timeout: + type: string + type: object + mountPath: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + parser: + type: string + podPriorityClassName: + type: string + position_db: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + positiondb: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + security: + properties: + podSecurityContext: + properties: + fsGroup: + format: int64 + type: integer + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + podSecurityPolicyCreate: + type: boolean + roleBasedAccessControlCreate: + type: boolean + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + type: object + targetHost: + type: string + targetPort: + format: int32 + type: integer + tls: + properties: + enabled: + type: boolean + secretName: + type: string + sharedKey: + type: string + required: + - enabled + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + type: object + fluentd: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + bufferStorageVolume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + configCheckAnnotations: + additionalProperties: + type: string + type: object + configReloaderImage: + properties: + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + disablePvc: + type: boolean + fluentLogDestination: + type: string + fluentOutLogrotate: + properties: + age: + type: string + enabled: + type: boolean + path: + type: string + size: + type: string + required: + - enabled + type: object + fluentdPvcSpec: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + image: + properties: + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + livenessDefaultCheck: + type: boolean + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + logLevel: + type: string + metrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + type: object + timeout: + type: string + type: object + nodeSelector: + additionalProperties: + type: string + type: object + podPriorityClassName: + type: string + port: + format: int32 + type: integer + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + scaling: + properties: + replicas: + type: integer + required: + - replicas + type: object + security: + properties: + podSecurityContext: + properties: + fsGroup: + format: int64 + type: integer + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + podSecurityPolicyCreate: + type: boolean + roleBasedAccessControlCreate: + type: boolean + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + type: object + tls: + properties: + enabled: + type: boolean + secretName: + type: string + sharedKey: + type: string + required: + - enabled + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumeModImage: + properties: + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + volumeMountChmod: + type: boolean + workers: + format: int32 + type: integer + type: object + loggingRef: + type: string + watchNamespaces: + items: + type: string + type: array + required: + - controlNamespace + type: object + status: + properties: + configCheckResults: + additionalProperties: + type: boolean + type: object + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.6.001/templates/logging.banzaicloud.io_outputs.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.6.001/templates/logging.banzaicloud.io_outputs.yaml new file mode 100644 index 000000000..cc5caa94d --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.6.001/templates/logging.banzaicloud.io_outputs.yaml @@ -0,0 +1,4136 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: outputs.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Output + listKind: OutputList + plural: outputs + singular: output + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + awsElasticsearch: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_arn: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_session_name: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_web_identity_token_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ecs_container_credentials_relative_uri: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + region: + type: string + secret_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + sts_credentials_region: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + flush_interval: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + include_tag_key: + type: boolean + logstash_format: + type: boolean + tag_key: + type: string + type: object + azurestorage: + properties: + auto_create_container: + type: boolean + azure_container: + type: string + azure_object_key_format: + type: string + azure_storage_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_account: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_type: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + type: string + path: + type: string + store_as: + type: string + required: + - azure_container + - azure_storage_access_key + - azure_storage_account + type: object + cloudwatch: + properties: + auto_create_stream: + type: boolean + aws_instance_profile_credentials_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sts_role_arn: + type: string + aws_sts_session_name: + type: string + aws_use_sts: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + concurrency: + type: integer + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + http_proxy: + type: string + include_time_key: + type: boolean + json_handler: + type: string + localtime: + type: boolean + log_group_aws_tags: + type: string + log_group_aws_tags_key: + type: string + log_group_name: + type: string + log_group_name_key: + type: string + log_rejected_request: + type: string + log_stream_name: + type: string + log_stream_name_key: + type: string + max_events_per_batch: + type: integer + max_message_length: + type: integer + message_keys: + type: string + put_log_events_disable_retry_limit: + type: boolean + put_log_events_retry_limit: + type: integer + put_log_events_retry_wait: + type: string + region: + type: string + remove_log_group_aws_tags_key: + type: string + remove_log_group_name_key: + type: string + remove_log_stream_name_key: + type: string + remove_retention_in_days: + type: string + retention_in_days: + type: string + retention_in_days_key: + type: string + use_tag_as_group: + type: boolean + use_tag_as_stream: + type: boolean + required: + - region + type: object + datadog: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_level: + type: string + dd_hostname: + type: string + dd_source: + type: string + dd_sourcecategory: + type: string + dd_tags: + type: string + host: + type: string + include_tag_key: + type: boolean + max_backoff: + type: string + max_retries: + type: string + no_ssl_validation: + type: boolean + port: + type: string + service: + type: string + ssl_port: + type: string + tag_key: + type: string + timestamp_key: + type: string + use_compression: + type: boolean + use_http: + type: boolean + use_json: + type: boolean + use_ssl: + type: boolean + required: + - api_key + type: object + elasticsearch: + properties: + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + content_type: + type: string + custom_headers: + type: string + customize_template: + type: string + default_elasticsearch_version: + type: string + deflector_alias: + type: string + enable_ilm: + type: boolean + exception_backup: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + host: + type: string + hosts: + type: string + http_backend: + type: string + id_key: + type: string + ignore_exceptions: + type: string + ilm_policy: + type: string + ilm_policy_id: + type: string + ilm_policy_overwrite: + type: boolean + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_prefix: + type: string + log_es_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_es_version: + type: string + max_retry_putting_template: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + rollover_index: + type: boolean + routing_key: + type: string + scheme: + type: string + sniffer_class_name: + type: string + ssl_max_version: + type: string + ssl_min_version: + type: string + ssl_verify: + type: boolean + ssl_version: + type: string + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_key: + type: string + target_type_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + type_name: + type: string + unrecoverable_error_types: + type: string + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_es_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + file: + properties: + add_path_suffix: + type: boolean + append: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + path: + type: string + path_suffix: + type: string + symlink_path: + type: boolean + required: + - path + type: object + forward: + properties: + ack_response_timeout: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + connect_timeout: + type: integer + dns_round_robin: + type: boolean + expire_dns_cache: + type: integer + hard_timeout: + type: integer + heartbeat_interval: + type: integer + heartbeat_type: + type: string + ignore_network_errors_at_startup: + type: boolean + keepalive: + type: boolean + keepalive_timeout: + type: integer + phi_failure_detector: + type: boolean + phi_threshold: + type: integer + recover_wait: + type: integer + require_ack_response: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_timeout: + type: integer + servers: + items: + properties: + host: + type: string + name: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + shared_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + standby: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + weight: + type: integer + required: + - host + type: object + type: array + tls_allow_self_signed_cert: + type: boolean + tls_cert_logical_store_name: + type: string + tls_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_cert_thumbprint: + type: string + tls_cert_use_enterprise_store: + type: boolean + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_insecure_mode: + type: boolean + tls_verify_hostname: + type: boolean + tls_version: + type: string + verify_connection_at_startup: + type: boolean + required: + - servers + type: object + gcs: + properties: + acl: + type: string + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_retries: + type: integer + client_timeout: + type: integer + credentials_json: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + encryption_key: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + keyfile: + type: string + object_key_format: + type: string + object_metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + overwrite: + type: boolean + path: + type: string + project: + type: string + storage_class: + type: string + store_as: + type: string + transcoding: + type: boolean + required: + - bucket + - project + type: object + http: + properties: + auth: + properties: + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - password + - username + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + content_type: + type: string + endpoint: + type: string + error_response_as_unrecoverable: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + headers: + additionalProperties: + type: string + type: object + http_method: + type: string + json_array: + type: boolean + open_timeout: + type: integer + proxy: + type: string + read_timeout: + type: integer + retryable_response_codes: + items: + type: integer + type: array + ssl_timeout: + type: integer + tls_ca_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_verify_mode: + type: string + tls_version: + type: string + required: + - endpoint + type: object + kafka: + properties: + ack_timeout: + type: integer + brokers: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_codec: + type: string + default_message_key: + type: string + default_partition_key: + type: string + default_topic: + type: string + exclude_partion_key: + type: boolean + exclude_topic_key: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + get_kafka_client_log: + type: boolean + headers: + additionalProperties: + type: string + type: object + headers_from_record: + additionalProperties: + type: string + type: object + idempotent: + type: boolean + max_send_retries: + type: integer + message_key_key: + type: string + partition_key: + type: string + partition_key_key: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required_acks: + type: integer + sasl_over_ssl: + type: boolean + scram_mechanism: + type: string + ssl_ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_ca_certs_from_system: + type: boolean + ssl_client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_chain: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_verify_hostname: + type: boolean + topic_key: + type: string + use_default_for_unknown_topic: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - brokers + - format + type: object + kinesisStream: + properties: + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + aws_iam_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_ses_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + batch_request_max_count: + type: integer + batch_request_max_size: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + partition_key: + type: string + process_credentials: + properties: + process: + type: string + required: + - process + type: object + region: + type: string + reset_backoff_if_success: + type: boolean + retries_on_batch_request: + type: integer + stream_name: + type: string + required: + - stream_name + type: object + logdna: + properties: + api_key: + type: string + app: + type: string + buffer_chunk_limit: + type: string + hostname: + type: string + required: + - api_key + - hostname + type: object + loggingRef: + type: string + logz: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + port: + type: integer + token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + gzip: + type: boolean + http_idle_timeout: + type: integer + output_include_tags: + type: boolean + output_include_time: + type: boolean + retry_count: + type: integer + retry_sleep: + type: integer + required: + - endpoint + type: object + loki: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + configure_kubernetes_labels: + type: boolean + drop_single_key: + type: boolean + extra_labels: + additionalProperties: + type: string + type: object + extract_kubernetes_labels: + type: boolean + labels: + additionalProperties: + type: string + type: object + line_format: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + remove_keys: + items: + type: string + type: array + tenant: + type: string + url: + type: string + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + newrelic: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + base_uri: + type: string + license_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + nullout: + type: object + oss: + properties: + aaccess_key_secret: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_bucket: + type: boolean + check_object: + type: boolean + download_crc_enable: + type: boolean + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + index_format: + type: string + key_format: + type: string + open_timeout: + type: integer + oss_sdk_log_dir: + type: string + overwrite: + type: boolean + path: + type: string + read_timeout: + type: integer + store_as: + type: string + upload_crc_enable: + type: boolean + warn_for_delay: + type: string + required: + - aaccess_key_secret + - access_key_id + - bucket + - endpoint + type: object + redis: + properties: + allow_duplicate_key: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + db_number: + type: integer + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insert_key_prefix: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + strftime_format: + type: string + ttl: + type: integer + type: object + s3: + properties: + acl: + type: string + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + auto_create_bucket: + type: string + aws_iam_retries: + type: string + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_apikey_on_start: + type: string + check_bucket: + type: string + check_object: + type: string + compute_checksums: + type: string + enable_transfer_acceleration: + type: string + force_path_style: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + grant_full_control: + type: string + grant_read: + type: string + grant_read_acp: + type: string + grant_write_acp: + type: string + hex_random_length: + type: string + index_format: + type: string + instance_profile_credentials: + properties: + http_open_timeout: + type: string + http_read_timeout: + type: string + ip_address: + type: string + port: + type: string + retries: + type: string + type: object + overwrite: + type: string + path: + type: string + proxy_uri: + type: string + s3_bucket: + type: string + s3_endpoint: + type: string + s3_metadata: + type: string + s3_object_key_format: + type: string + s3_region: + type: string + shared_credentials: + properties: + path: + type: string + profile_name: + type: string + type: object + signature_version: + type: string + sse_customer_algorithm: + type: string + sse_customer_key: + type: string + sse_customer_key_md5: + type: string + ssekms_key_id: + type: string + ssl_verify_peer: + type: string + storage_class: + type: string + store_as: + type: string + use_bundled_cert: + type: string + use_server_side_encryption: + type: string + warn_for_delay: + type: string + required: + - s3_bucket + type: object + splunkHec: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_file: + type: string + ca_path: + type: string + client_cert: + type: string + client_key: + type: string + coerce_to_utf8: + type: boolean + data_type: + type: string + fields: + additionalProperties: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hec_host: + type: string + hec_port: + type: integer + hec_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + host: + type: string + host_key: + type: string + idle_timeout: + type: integer + index: + type: string + index_key: + type: string + insecure_ssl: + type: boolean + keep_keys: + type: boolean + metric_name_key: + type: string + metric_value_key: + type: string + metrics_from_event: + type: boolean + non_utf8_replacement_string: + type: string + open_timeout: + type: integer + protocol: + type: string + read_timeout: + type: integer + source: + type: string + source_key: + type: string + sourcetype: + type: string + sourcetype_key: + type: string + ssl_ciphers: + type: string + required: + - hec_host + - hec_token + type: object + sumologic: + properties: + add_timestamp: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compress: + type: boolean + compress_encoding: + type: string + custom_dimensions: + type: string + custom_fields: + items: + type: string + type: array + data_type: + type: string + delimiter: + type: string + disable_cookies: + type: boolean + endpoint: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + log_format: + type: string + log_key: + type: string + metric_data_format: + type: string + open_timeout: + type: integer + proxy_uri: + type: string + source_category: + type: string + source_host: + type: string + source_name: + type: string + source_name_key: + type: string + sumo_client: + type: string + timestamp_key: + type: string + verify_ssl: + type: boolean + required: + - endpoint + - source_name + type: object + type: object + status: + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.8.201/Chart.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.8.201/Chart.yaml new file mode 100644 index 000000000..388f9665e --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.8.201/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-logging-system + catalog.cattle.io/release-name: rancher-logging-crd +apiVersion: v1 +description: Installs the CRDs for rancher-logging. +name: rancher-logging-crd +type: application +version: 3.8.201 diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.8.201/README.md b/released/charts/rancher-logging/rancher-logging-crd/3.8.201/README.md new file mode 100644 index 000000000..d4beb54fa --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.8.201/README.md @@ -0,0 +1,2 @@ +# rancher-logging-crd +A Rancher chart that installs the CRDs used by rancher-logging. diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.8.201/templates/logging.banzaicloud.io_clusterflows.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.8.201/templates/logging.banzaicloud.io_clusterflows.yaml new file mode 100644 index 000000000..4b462a388 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.8.201/templates/logging.banzaicloud.io_clusterflows.yaml @@ -0,0 +1,627 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: clusterflows.logging.banzaicloud.io +spec: + additionalPrinterColumns: + - JSONPath: .status.active + description: Is the flow active? + name: Active + type: boolean + - JSONPath: .status.problemsCount + description: Number of problems + name: Problems + type: integer + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: ClusterFlow + listKind: ClusterFlowList + plural: clusterflows + singular: clusterflow + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + loggingRef: + type: string + match: + items: + properties: + exclude: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + namespaces: + items: + type: string + type: array + type: object + select: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + namespaces: + items: + type: string + type: array + type: object + type: object + type: array + outputRefs: + items: + type: string + type: array + selectors: + additionalProperties: + type: string + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.8.201/templates/logging.banzaicloud.io_clusteroutputs.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.8.201/templates/logging.banzaicloud.io_clusteroutputs.yaml new file mode 100644 index 000000000..b46916c7e --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.8.201/templates/logging.banzaicloud.io_clusteroutputs.yaml @@ -0,0 +1,4531 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: clusteroutputs.logging.banzaicloud.io +spec: + additionalPrinterColumns: + - JSONPath: .status.active + description: Is the output active? + name: Active + type: boolean + - JSONPath: .status.problemsCount + description: Number of problems + name: Problems + type: integer + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: ClusterOutput + listKind: ClusterOutputList + plural: clusteroutputs + singular: clusteroutput + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + awsElasticsearch: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_arn: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_session_name: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_web_identity_token_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ecs_container_credentials_relative_uri: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + region: + type: string + secret_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + sts_credentials_region: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + flush_interval: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + include_tag_key: + type: boolean + logstash_format: + type: boolean + tag_key: + type: string + type: object + azurestorage: + properties: + auto_create_container: + type: boolean + azure_container: + type: string + azure_object_key_format: + type: string + azure_storage_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_account: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_type: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + type: string + path: + type: string + store_as: + type: string + required: + - azure_container + - azure_storage_access_key + - azure_storage_account + type: object + cloudwatch: + properties: + auto_create_stream: + type: boolean + aws_instance_profile_credentials_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sts_role_arn: + type: string + aws_sts_session_name: + type: string + aws_use_sts: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + concurrency: + type: integer + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + http_proxy: + type: string + include_time_key: + type: boolean + json_handler: + type: string + localtime: + type: boolean + log_group_aws_tags: + type: string + log_group_aws_tags_key: + type: string + log_group_name: + type: string + log_group_name_key: + type: string + log_rejected_request: + type: string + log_stream_name: + type: string + log_stream_name_key: + type: string + max_events_per_batch: + type: integer + max_message_length: + type: integer + message_keys: + type: string + put_log_events_disable_retry_limit: + type: boolean + put_log_events_retry_limit: + type: integer + put_log_events_retry_wait: + type: string + region: + type: string + remove_log_group_aws_tags_key: + type: string + remove_log_group_name_key: + type: string + remove_log_stream_name_key: + type: string + remove_retention_in_days: + type: string + retention_in_days: + type: string + retention_in_days_key: + type: string + use_tag_as_group: + type: boolean + use_tag_as_stream: + type: boolean + required: + - region + type: object + datadog: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_level: + type: string + dd_hostname: + type: string + dd_source: + type: string + dd_sourcecategory: + type: string + dd_tags: + type: string + host: + type: string + include_tag_key: + type: boolean + max_backoff: + type: string + max_retries: + type: string + no_ssl_validation: + type: boolean + port: + type: string + service: + type: string + ssl_port: + type: string + tag_key: + type: string + timestamp_key: + type: string + use_compression: + type: boolean + use_http: + type: boolean + use_json: + type: boolean + use_ssl: + type: boolean + required: + - api_key + type: object + elasticsearch: + properties: + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + content_type: + type: string + custom_headers: + type: string + customize_template: + type: string + default_elasticsearch_version: + type: string + deflector_alias: + type: string + enable_ilm: + type: boolean + exception_backup: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + host: + type: string + hosts: + type: string + http_backend: + type: string + id_key: + type: string + ignore_exceptions: + type: string + ilm_policy: + type: string + ilm_policy_id: + type: string + ilm_policy_overwrite: + type: boolean + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_prefix: + type: string + log_es_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_es_version: + type: string + max_retry_putting_template: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + rollover_index: + type: boolean + routing_key: + type: string + scheme: + type: string + sniffer_class_name: + type: string + ssl_max_version: + type: string + ssl_min_version: + type: string + ssl_verify: + type: boolean + ssl_version: + type: string + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_key: + type: string + target_type_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + type_name: + type: string + unrecoverable_error_types: + type: string + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_es_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + enabledNamespaces: + items: + type: string + type: array + file: + properties: + add_path_suffix: + type: boolean + append: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + path: + type: string + path_suffix: + type: string + symlink_path: + type: boolean + required: + - path + type: object + forward: + properties: + ack_response_timeout: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + connect_timeout: + type: integer + dns_round_robin: + type: boolean + expire_dns_cache: + type: integer + hard_timeout: + type: integer + heartbeat_interval: + type: integer + heartbeat_type: + type: string + ignore_network_errors_at_startup: + type: boolean + keepalive: + type: boolean + keepalive_timeout: + type: integer + phi_failure_detector: + type: boolean + phi_threshold: + type: integer + recover_wait: + type: integer + require_ack_response: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_timeout: + type: integer + servers: + items: + properties: + host: + type: string + name: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + shared_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + standby: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + weight: + type: integer + required: + - host + type: object + type: array + tls_allow_self_signed_cert: + type: boolean + tls_cert_logical_store_name: + type: string + tls_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_cert_thumbprint: + type: string + tls_cert_use_enterprise_store: + type: boolean + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_insecure_mode: + type: boolean + tls_verify_hostname: + type: boolean + tls_version: + type: string + verify_connection_at_startup: + type: boolean + required: + - servers + type: object + gcs: + properties: + acl: + type: string + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_retries: + type: integer + client_timeout: + type: integer + credentials_json: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + encryption_key: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + keyfile: + type: string + object_key_format: + type: string + object_metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + overwrite: + type: boolean + path: + type: string + project: + type: string + storage_class: + type: string + store_as: + type: string + transcoding: + type: boolean + required: + - bucket + - project + type: object + http: + properties: + auth: + properties: + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - password + - username + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + content_type: + type: string + endpoint: + type: string + error_response_as_unrecoverable: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + headers: + additionalProperties: + type: string + type: object + http_method: + type: string + json_array: + type: boolean + open_timeout: + type: integer + proxy: + type: string + read_timeout: + type: integer + retryable_response_codes: + items: + type: integer + type: array + ssl_timeout: + type: integer + tls_ca_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_verify_mode: + type: string + tls_version: + type: string + required: + - endpoint + type: object + kafka: + properties: + ack_timeout: + type: integer + brokers: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_codec: + type: string + default_message_key: + type: string + default_partition_key: + type: string + default_topic: + type: string + exclude_partion_key: + type: boolean + exclude_topic_key: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + get_kafka_client_log: + type: boolean + headers: + additionalProperties: + type: string + type: object + headers_from_record: + additionalProperties: + type: string + type: object + idempotent: + type: boolean + max_send_retries: + type: integer + message_key_key: + type: string + partition_key: + type: string + partition_key_key: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required_acks: + type: integer + sasl_over_ssl: + type: boolean + scram_mechanism: + type: string + ssl_ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_ca_certs_from_system: + type: boolean + ssl_client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_chain: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_verify_hostname: + type: boolean + topic_key: + type: string + use_default_for_unknown_topic: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - brokers + - format + type: object + kinesisStream: + properties: + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + aws_iam_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_ses_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + batch_request_max_count: + type: integer + batch_request_max_size: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + partition_key: + type: string + process_credentials: + properties: + process: + type: string + required: + - process + type: object + region: + type: string + reset_backoff_if_success: + type: boolean + retries_on_batch_request: + type: integer + stream_name: + type: string + required: + - stream_name + type: object + logdna: + properties: + api_key: + type: string + app: + type: string + buffer_chunk_limit: + type: string + hostname: + type: string + required: + - api_key + - hostname + type: object + loggingRef: + type: string + logz: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + port: + type: integer + token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + gzip: + type: boolean + http_idle_timeout: + type: integer + output_include_tags: + type: boolean + output_include_time: + type: boolean + retry_count: + type: integer + retry_sleep: + type: integer + required: + - endpoint + type: object + loki: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + configure_kubernetes_labels: + type: boolean + drop_single_key: + type: boolean + extra_labels: + additionalProperties: + type: string + type: object + extract_kubernetes_labels: + type: boolean + insecure_tls: + type: boolean + key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + labels: + additionalProperties: + type: string + type: object + line_format: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + remove_keys: + items: + type: string + type: array + tenant: + type: string + url: + type: string + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + newrelic: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + base_uri: + type: string + license_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + nullout: + type: object + oss: + properties: + aaccess_key_secret: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_bucket: + type: boolean + check_object: + type: boolean + download_crc_enable: + type: boolean + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + index_format: + type: string + key_format: + type: string + open_timeout: + type: integer + oss_sdk_log_dir: + type: string + overwrite: + type: boolean + path: + type: string + read_timeout: + type: integer + store_as: + type: string + upload_crc_enable: + type: boolean + warn_for_delay: + type: string + required: + - aaccess_key_secret + - access_key_id + - bucket + - endpoint + type: object + redis: + properties: + allow_duplicate_key: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + db_number: + type: integer + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insert_key_prefix: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + strftime_format: + type: string + ttl: + type: integer + type: object + s3: + properties: + acl: + type: string + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + auto_create_bucket: + type: string + aws_iam_retries: + type: string + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_apikey_on_start: + type: string + check_bucket: + type: string + check_object: + type: string + clustername: + type: string + compute_checksums: + type: string + enable_transfer_acceleration: + type: string + force_path_style: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + grant_full_control: + type: string + grant_read: + type: string + grant_read_acp: + type: string + grant_write_acp: + type: string + hex_random_length: + type: string + index_format: + type: string + instance_profile_credentials: + properties: + http_open_timeout: + type: string + http_read_timeout: + type: string + ip_address: + type: string + port: + type: string + retries: + type: string + type: object + oneeye_format: + type: boolean + overwrite: + type: string + path: + type: string + proxy_uri: + type: string + s3_bucket: + type: string + s3_endpoint: + type: string + s3_metadata: + type: string + s3_object_key_format: + type: string + s3_region: + type: string + shared_credentials: + properties: + path: + type: string + profile_name: + type: string + type: object + signature_version: + type: string + sse_customer_algorithm: + type: string + sse_customer_key: + type: string + sse_customer_key_md5: + type: string + ssekms_key_id: + type: string + ssl_verify_peer: + type: string + storage_class: + type: string + store_as: + type: string + use_bundled_cert: + type: string + use_server_side_encryption: + type: string + warn_for_delay: + type: string + required: + - s3_bucket + type: object + splunkHec: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + coerce_to_utf8: + type: boolean + data_type: + type: string + fields: + additionalProperties: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hec_host: + type: string + hec_port: + type: integer + hec_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + host: + type: string + host_key: + type: string + idle_timeout: + type: integer + index: + type: string + index_key: + type: string + insecure_ssl: + type: boolean + keep_keys: + type: boolean + metric_name_key: + type: string + metric_value_key: + type: string + metrics_from_event: + type: boolean + non_utf8_replacement_string: + type: string + open_timeout: + type: integer + protocol: + type: string + read_timeout: + type: integer + source: + type: string + source_key: + type: string + sourcetype: + type: string + sourcetype_key: + type: string + ssl_ciphers: + type: string + required: + - hec_host + - hec_token + type: object + sumologic: + properties: + add_timestamp: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compress: + type: boolean + compress_encoding: + type: string + custom_dimensions: + type: string + custom_fields: + items: + type: string + type: array + data_type: + type: string + delimiter: + type: string + disable_cookies: + type: boolean + endpoint: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + log_format: + type: string + log_key: + type: string + metric_data_format: + type: string + open_timeout: + type: integer + proxy_uri: + type: string + source_category: + type: string + source_host: + type: string + source_name: + type: string + source_name_key: + type: string + sumo_client: + type: string + timestamp_key: + type: string + verify_ssl: + type: boolean + required: + - endpoint + - source_name + type: object + syslog: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + app_name_field: + type: string + hostname_field: + type: string + log_field: + type: string + message_id_field: + type: string + proc_id_field: + type: string + rfc6587_message_size: + type: boolean + structured_data_field: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insecure: + type: boolean + port: + type: integer + transport: + type: string + trusted_ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - host + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.8.201/templates/logging.banzaicloud.io_flows.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.8.201/templates/logging.banzaicloud.io_flows.yaml new file mode 100644 index 000000000..394d91927 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.8.201/templates/logging.banzaicloud.io_flows.yaml @@ -0,0 +1,623 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: flows.logging.banzaicloud.io +spec: + additionalPrinterColumns: + - JSONPath: .status.active + description: Is the flow active? + name: Active + type: boolean + - JSONPath: .status.problemsCount + description: Number of problems + name: Problems + type: integer + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Flow + listKind: FlowList + plural: flows + singular: flow + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + localOutputRefs: + items: + type: string + type: array + loggingRef: + type: string + match: + items: + properties: + exclude: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + type: object + select: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + outputRefs: + items: + type: string + type: array + selectors: + additionalProperties: + type: string + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.8.201/templates/logging.banzaicloud.io_loggings.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.8.201/templates/logging.banzaicloud.io_loggings.yaml new file mode 100644 index 000000000..256cc738e --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.8.201/templates/logging.banzaicloud.io_loggings.yaml @@ -0,0 +1,2754 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: loggings.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Logging + listKind: LoggingList + plural: loggings + singular: logging + preserveUnknownFields: false + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + allowClusterResourcesFromAllNamespaces: + type: boolean + controlNamespace: + type: string + defaultFlow: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + outputRefs: + items: + type: string + type: array + type: object + enableRecreateWorkloadOnImmutableFieldChange: + type: boolean + flowConfigCheckDisabled: + type: boolean + flowConfigOverride: + type: string + fluentbit: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + bufferStorage: + properties: + storage.backlog.mem_limit: + type: string + storage.checksum: + type: string + storage.path: + type: string + storage.sync: + type: string + type: object + bufferStorageVolume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + coroStackSize: + format: int32 + type: integer + customConfigSecret: + type: string + enableUpstream: + type: boolean + extraVolumeMounts: + items: + properties: + destination: + pattern: ^/.+$ + type: string + readOnly: + type: boolean + source: + pattern: ^/.+$ + type: string + required: + - destination + - source + type: object + type: array + filterAws: + properties: + Match: + type: string + account_id: + type: boolean + ami_id: + type: boolean + az: + type: boolean + ec2_instance_id: + type: boolean + ec2_instance_type: + type: boolean + hostname: + type: boolean + imds_version: + type: string + private_ip: + type: boolean + vpc_id: + type: boolean + type: object + filterKubernetes: + properties: + Annotations: + type: string + Buffer_Size: + type: string + Dummy_Meta: + type: string + K8S-Logging.Exclude: + type: string + K8S-Logging.Parser: + type: string + Keep_Log: + type: string + Kube_CA_File: + type: string + Kube_CA_Path: + type: string + Kube_Tag_Prefix: + type: string + Kube_Token_File: + type: string + Kube_URL: + type: string + Kube_meta_preload_cache_dir: + type: string + Labels: + type: string + Match: + type: string + Merge_Log: + type: string + Merge_Log_Key: + type: string + Merge_Log_Trim: + type: string + Merge_Parser: + type: string + Regex_Parser: + type: string + Use_Journal: + type: string + tls.debug: + type: string + tls.verify: + type: string + type: object + flush: + format: int32 + type: integer + forwardOptions: + properties: + Require_ack_response: + type: boolean + Retry_Limit: + type: string + Send_options: + type: boolean + Tag: + type: string + Time_as_Integer: + type: boolean + type: object + grace: + format: int32 + type: integer + image: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + inputTail: + properties: + Buffer_Chunk_Size: + type: string + Buffer_Max_Size: + type: string + DB: + type: string + DB_Sync: + type: string + Docker_Mode: + type: string + Docker_Mode_Flush: + type: string + Exclude_Path: + type: string + Ignore_Older: + type: string + Key: + type: string + Mem_Buf_Limit: + type: string + Multiline: + type: string + Multiline_Flush: + type: string + Parser: + type: string + Parser_Firstline: + type: string + Parser_N: + items: + type: string + type: array + Path: + type: string + Path_Key: + type: string + Refresh_Interval: + type: string + Rotate_Wait: + type: string + Skip_Long_Lines: + type: string + Tag: + type: string + Tag_Regex: + type: string + storage.type: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + livenessDefaultCheck: + type: boolean + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + logLevel: + type: string + metrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + metricRelabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + relabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + type: object + timeout: + type: string + type: object + mountPath: + type: string + network: + properties: + connectTimeout: + format: int32 + type: integer + keepalive: + type: boolean + keepaliveIdleTimeout: + format: int32 + type: integer + keepaliveMaxRecycle: + format: int32 + type: integer + type: object + nodeSelector: + additionalProperties: + type: string + type: object + parser: + type: string + podPriorityClassName: + type: string + position_db: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + positiondb: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + security: + properties: + podSecurityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + podSecurityPolicyCreate: + type: boolean + roleBasedAccessControlCreate: + type: boolean + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + type: object + targetHost: + type: string + targetPort: + format: int32 + type: integer + tls: + properties: + enabled: + type: boolean + secretName: + type: string + sharedKey: + type: string + required: + - enabled + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + type: object + fluentd: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + bufferStorageVolume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + configCheckAnnotations: + additionalProperties: + type: string + type: object + configReloaderImage: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + disablePvc: + type: boolean + fluentLogDestination: + type: string + fluentOutLogrotate: + properties: + age: + type: string + enabled: + type: boolean + path: + type: string + size: + type: string + required: + - enabled + type: object + fluentdPvcSpec: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + forwardInputConfig: + properties: + add_tag_prefix: + type: string + bind: + type: string + chunk_size_limit: + type: string + chunk_size_warn_limit: + type: string + deny_keepalive: + type: boolean + linger_timeout: + type: integer + port: + type: string + resolve_hostname: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_keepalive_packet: + type: boolean + skip_invalid_event: + type: boolean + source_address_key: + type: string + sourceHostnameKey: + type: string + tag: + type: string + transport: + properties: + ca_cert_path: + type: string + ca_path: + type: string + ca_private_key_passphrase: + type: string + ca_private_key_path: + type: string + cert_path: + type: string + ciphers: + type: string + client_cert_auth: + type: boolean + insecure: + type: boolean + private_key_passphrase: + type: string + private_key_path: + type: string + protocol: + type: string + version: + type: string + type: object + type: object + ignoreRepeatedLogInterval: + type: string + ignoreSameLogInterval: + type: string + image: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + livenessDefaultCheck: + type: boolean + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + logLevel: + type: string + metrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + metricRelabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + relabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + type: object + timeout: + type: string + type: object + nodeSelector: + additionalProperties: + type: string + type: object + podPriorityClassName: + type: string + port: + format: int32 + type: integer + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + rootDir: + type: string + scaling: + properties: + podManagementPolicy: + type: string + replicas: + type: integer + type: object + security: + properties: + podSecurityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + podSecurityPolicyCreate: + type: boolean + roleBasedAccessControlCreate: + type: boolean + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + type: object + tls: + properties: + enabled: + type: boolean + secretName: + type: string + sharedKey: + type: string + required: + - enabled + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumeModImage: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + volumeMountChmod: + type: boolean + workers: + format: int32 + type: integer + type: object + loggingRef: + type: string + watchNamespaces: + items: + type: string + type: array + required: + - controlNamespace + type: object + status: + properties: + configCheckResults: + additionalProperties: + type: boolean + type: object + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.8.201/templates/logging.banzaicloud.io_outputs.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.8.201/templates/logging.banzaicloud.io_outputs.yaml new file mode 100644 index 000000000..01b84e408 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.8.201/templates/logging.banzaicloud.io_outputs.yaml @@ -0,0 +1,4525 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: outputs.logging.banzaicloud.io +spec: + additionalPrinterColumns: + - JSONPath: .status.active + description: Is the output active? + name: Active + type: boolean + - JSONPath: .status.problemsCount + description: Number of problems + name: Problems + type: integer + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Output + listKind: OutputList + plural: outputs + singular: output + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + awsElasticsearch: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_arn: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_session_name: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_web_identity_token_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ecs_container_credentials_relative_uri: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + region: + type: string + secret_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + sts_credentials_region: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + flush_interval: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + include_tag_key: + type: boolean + logstash_format: + type: boolean + tag_key: + type: string + type: object + azurestorage: + properties: + auto_create_container: + type: boolean + azure_container: + type: string + azure_object_key_format: + type: string + azure_storage_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_account: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_type: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + type: string + path: + type: string + store_as: + type: string + required: + - azure_container + - azure_storage_access_key + - azure_storage_account + type: object + cloudwatch: + properties: + auto_create_stream: + type: boolean + aws_instance_profile_credentials_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sts_role_arn: + type: string + aws_sts_session_name: + type: string + aws_use_sts: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + concurrency: + type: integer + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + http_proxy: + type: string + include_time_key: + type: boolean + json_handler: + type: string + localtime: + type: boolean + log_group_aws_tags: + type: string + log_group_aws_tags_key: + type: string + log_group_name: + type: string + log_group_name_key: + type: string + log_rejected_request: + type: string + log_stream_name: + type: string + log_stream_name_key: + type: string + max_events_per_batch: + type: integer + max_message_length: + type: integer + message_keys: + type: string + put_log_events_disable_retry_limit: + type: boolean + put_log_events_retry_limit: + type: integer + put_log_events_retry_wait: + type: string + region: + type: string + remove_log_group_aws_tags_key: + type: string + remove_log_group_name_key: + type: string + remove_log_stream_name_key: + type: string + remove_retention_in_days: + type: string + retention_in_days: + type: string + retention_in_days_key: + type: string + use_tag_as_group: + type: boolean + use_tag_as_stream: + type: boolean + required: + - region + type: object + datadog: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_level: + type: string + dd_hostname: + type: string + dd_source: + type: string + dd_sourcecategory: + type: string + dd_tags: + type: string + host: + type: string + include_tag_key: + type: boolean + max_backoff: + type: string + max_retries: + type: string + no_ssl_validation: + type: boolean + port: + type: string + service: + type: string + ssl_port: + type: string + tag_key: + type: string + timestamp_key: + type: string + use_compression: + type: boolean + use_http: + type: boolean + use_json: + type: boolean + use_ssl: + type: boolean + required: + - api_key + type: object + elasticsearch: + properties: + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + content_type: + type: string + custom_headers: + type: string + customize_template: + type: string + default_elasticsearch_version: + type: string + deflector_alias: + type: string + enable_ilm: + type: boolean + exception_backup: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + host: + type: string + hosts: + type: string + http_backend: + type: string + id_key: + type: string + ignore_exceptions: + type: string + ilm_policy: + type: string + ilm_policy_id: + type: string + ilm_policy_overwrite: + type: boolean + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_prefix: + type: string + log_es_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_es_version: + type: string + max_retry_putting_template: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + rollover_index: + type: boolean + routing_key: + type: string + scheme: + type: string + sniffer_class_name: + type: string + ssl_max_version: + type: string + ssl_min_version: + type: string + ssl_verify: + type: boolean + ssl_version: + type: string + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_key: + type: string + target_type_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + type_name: + type: string + unrecoverable_error_types: + type: string + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_es_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + file: + properties: + add_path_suffix: + type: boolean + append: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + path: + type: string + path_suffix: + type: string + symlink_path: + type: boolean + required: + - path + type: object + forward: + properties: + ack_response_timeout: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + connect_timeout: + type: integer + dns_round_robin: + type: boolean + expire_dns_cache: + type: integer + hard_timeout: + type: integer + heartbeat_interval: + type: integer + heartbeat_type: + type: string + ignore_network_errors_at_startup: + type: boolean + keepalive: + type: boolean + keepalive_timeout: + type: integer + phi_failure_detector: + type: boolean + phi_threshold: + type: integer + recover_wait: + type: integer + require_ack_response: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_timeout: + type: integer + servers: + items: + properties: + host: + type: string + name: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + shared_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + standby: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + weight: + type: integer + required: + - host + type: object + type: array + tls_allow_self_signed_cert: + type: boolean + tls_cert_logical_store_name: + type: string + tls_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_cert_thumbprint: + type: string + tls_cert_use_enterprise_store: + type: boolean + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_insecure_mode: + type: boolean + tls_verify_hostname: + type: boolean + tls_version: + type: string + verify_connection_at_startup: + type: boolean + required: + - servers + type: object + gcs: + properties: + acl: + type: string + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_retries: + type: integer + client_timeout: + type: integer + credentials_json: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + encryption_key: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + keyfile: + type: string + object_key_format: + type: string + object_metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + overwrite: + type: boolean + path: + type: string + project: + type: string + storage_class: + type: string + store_as: + type: string + transcoding: + type: boolean + required: + - bucket + - project + type: object + http: + properties: + auth: + properties: + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - password + - username + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + content_type: + type: string + endpoint: + type: string + error_response_as_unrecoverable: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + headers: + additionalProperties: + type: string + type: object + http_method: + type: string + json_array: + type: boolean + open_timeout: + type: integer + proxy: + type: string + read_timeout: + type: integer + retryable_response_codes: + items: + type: integer + type: array + ssl_timeout: + type: integer + tls_ca_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_verify_mode: + type: string + tls_version: + type: string + required: + - endpoint + type: object + kafka: + properties: + ack_timeout: + type: integer + brokers: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_codec: + type: string + default_message_key: + type: string + default_partition_key: + type: string + default_topic: + type: string + exclude_partion_key: + type: boolean + exclude_topic_key: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + get_kafka_client_log: + type: boolean + headers: + additionalProperties: + type: string + type: object + headers_from_record: + additionalProperties: + type: string + type: object + idempotent: + type: boolean + max_send_retries: + type: integer + message_key_key: + type: string + partition_key: + type: string + partition_key_key: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required_acks: + type: integer + sasl_over_ssl: + type: boolean + scram_mechanism: + type: string + ssl_ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_ca_certs_from_system: + type: boolean + ssl_client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_chain: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_verify_hostname: + type: boolean + topic_key: + type: string + use_default_for_unknown_topic: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - brokers + - format + type: object + kinesisStream: + properties: + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + aws_iam_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_ses_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + batch_request_max_count: + type: integer + batch_request_max_size: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + partition_key: + type: string + process_credentials: + properties: + process: + type: string + required: + - process + type: object + region: + type: string + reset_backoff_if_success: + type: boolean + retries_on_batch_request: + type: integer + stream_name: + type: string + required: + - stream_name + type: object + logdna: + properties: + api_key: + type: string + app: + type: string + buffer_chunk_limit: + type: string + hostname: + type: string + required: + - api_key + - hostname + type: object + loggingRef: + type: string + logz: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + port: + type: integer + token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + gzip: + type: boolean + http_idle_timeout: + type: integer + output_include_tags: + type: boolean + output_include_time: + type: boolean + retry_count: + type: integer + retry_sleep: + type: integer + required: + - endpoint + type: object + loki: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + configure_kubernetes_labels: + type: boolean + drop_single_key: + type: boolean + extra_labels: + additionalProperties: + type: string + type: object + extract_kubernetes_labels: + type: boolean + insecure_tls: + type: boolean + key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + labels: + additionalProperties: + type: string + type: object + line_format: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + remove_keys: + items: + type: string + type: array + tenant: + type: string + url: + type: string + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + newrelic: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + base_uri: + type: string + license_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + nullout: + type: object + oss: + properties: + aaccess_key_secret: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_bucket: + type: boolean + check_object: + type: boolean + download_crc_enable: + type: boolean + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + index_format: + type: string + key_format: + type: string + open_timeout: + type: integer + oss_sdk_log_dir: + type: string + overwrite: + type: boolean + path: + type: string + read_timeout: + type: integer + store_as: + type: string + upload_crc_enable: + type: boolean + warn_for_delay: + type: string + required: + - aaccess_key_secret + - access_key_id + - bucket + - endpoint + type: object + redis: + properties: + allow_duplicate_key: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + db_number: + type: integer + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insert_key_prefix: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + strftime_format: + type: string + ttl: + type: integer + type: object + s3: + properties: + acl: + type: string + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + auto_create_bucket: + type: string + aws_iam_retries: + type: string + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_apikey_on_start: + type: string + check_bucket: + type: string + check_object: + type: string + clustername: + type: string + compute_checksums: + type: string + enable_transfer_acceleration: + type: string + force_path_style: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + grant_full_control: + type: string + grant_read: + type: string + grant_read_acp: + type: string + grant_write_acp: + type: string + hex_random_length: + type: string + index_format: + type: string + instance_profile_credentials: + properties: + http_open_timeout: + type: string + http_read_timeout: + type: string + ip_address: + type: string + port: + type: string + retries: + type: string + type: object + oneeye_format: + type: boolean + overwrite: + type: string + path: + type: string + proxy_uri: + type: string + s3_bucket: + type: string + s3_endpoint: + type: string + s3_metadata: + type: string + s3_object_key_format: + type: string + s3_region: + type: string + shared_credentials: + properties: + path: + type: string + profile_name: + type: string + type: object + signature_version: + type: string + sse_customer_algorithm: + type: string + sse_customer_key: + type: string + sse_customer_key_md5: + type: string + ssekms_key_id: + type: string + ssl_verify_peer: + type: string + storage_class: + type: string + store_as: + type: string + use_bundled_cert: + type: string + use_server_side_encryption: + type: string + warn_for_delay: + type: string + required: + - s3_bucket + type: object + splunkHec: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + coerce_to_utf8: + type: boolean + data_type: + type: string + fields: + additionalProperties: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hec_host: + type: string + hec_port: + type: integer + hec_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + host: + type: string + host_key: + type: string + idle_timeout: + type: integer + index: + type: string + index_key: + type: string + insecure_ssl: + type: boolean + keep_keys: + type: boolean + metric_name_key: + type: string + metric_value_key: + type: string + metrics_from_event: + type: boolean + non_utf8_replacement_string: + type: string + open_timeout: + type: integer + protocol: + type: string + read_timeout: + type: integer + source: + type: string + source_key: + type: string + sourcetype: + type: string + sourcetype_key: + type: string + ssl_ciphers: + type: string + required: + - hec_host + - hec_token + type: object + sumologic: + properties: + add_timestamp: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compress: + type: boolean + compress_encoding: + type: string + custom_dimensions: + type: string + custom_fields: + items: + type: string + type: array + data_type: + type: string + delimiter: + type: string + disable_cookies: + type: boolean + endpoint: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + log_format: + type: string + log_key: + type: string + metric_data_format: + type: string + open_timeout: + type: integer + proxy_uri: + type: string + source_category: + type: string + source_host: + type: string + source_name: + type: string + source_name_key: + type: string + sumo_client: + type: string + timestamp_key: + type: string + verify_ssl: + type: boolean + required: + - endpoint + - source_name + type: object + syslog: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + app_name_field: + type: string + hostname_field: + type: string + log_field: + type: string + message_id_field: + type: string + proc_id_field: + type: string + rfc6587_message_size: + type: boolean + structured_data_field: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insecure: + type: boolean + port: + type: integer + transport: + type: string + trusted_ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - host + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.000/Chart.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.000/Chart.yaml new file mode 100755 index 000000000..d9ace18ce --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.000/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-logging-system + catalog.cattle.io/release-name: rancher-logging-crd +apiVersion: v1 +description: Installs the CRDs for rancher-logging. +name: rancher-logging-crd +type: application +version: 3.9.000 diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.000/README.md b/released/charts/rancher-logging/rancher-logging-crd/3.9.000/README.md new file mode 100755 index 000000000..d4beb54fa --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.000/README.md @@ -0,0 +1,2 @@ +# rancher-logging-crd +A Rancher chart that installs the CRDs used by rancher-logging. diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.000/templates/logging.banzaicloud.io_clusterflows.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.000/templates/logging.banzaicloud.io_clusterflows.yaml new file mode 100755 index 000000000..9fc6e22a5 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.000/templates/logging.banzaicloud.io_clusterflows.yaml @@ -0,0 +1,765 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: clusterflows.logging.banzaicloud.io +spec: + additionalPrinterColumns: + - JSONPath: .status.active + description: Is the flow active? + name: Active + type: boolean + - JSONPath: .status.problemsCount + description: Number of problems + name: Problems + type: integer + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: ClusterFlow + listKind: ClusterFlowList + plural: clusterflows + singular: clusterflow + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + loggingRef: + type: string + match: + items: + properties: + exclude: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + namespaces: + items: + type: string + type: array + type: object + select: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + namespaces: + items: + type: string + type: array + type: object + type: object + type: array + outputRefs: + items: + type: string + type: array + selectors: + additionalProperties: + type: string + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.000/templates/logging.banzaicloud.io_clusteroutputs.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.000/templates/logging.banzaicloud.io_clusteroutputs.yaml new file mode 100755 index 000000000..a82252ad9 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.000/templates/logging.banzaicloud.io_clusteroutputs.yaml @@ -0,0 +1,4563 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: clusteroutputs.logging.banzaicloud.io +spec: + additionalPrinterColumns: + - JSONPath: .status.active + description: Is the output active? + name: Active + type: boolean + - JSONPath: .status.problemsCount + description: Number of problems + name: Problems + type: integer + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: ClusterOutput + listKind: ClusterOutputList + plural: clusteroutputs + singular: clusteroutput + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + awsElasticsearch: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_arn: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_session_name: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_web_identity_token_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ecs_container_credentials_relative_uri: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + region: + type: string + secret_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + sts_credentials_region: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + flush_interval: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + include_tag_key: + type: boolean + logstash_format: + type: boolean + tag_key: + type: string + type: object + azurestorage: + properties: + auto_create_container: + type: boolean + azure_container: + type: string + azure_imds_api_version: + type: string + azure_object_key_format: + type: string + azure_storage_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_account: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_sas_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + type: string + path: + type: string + required: + - azure_container + - azure_storage_access_key + - azure_storage_account + - azure_storage_sas_token + type: object + cloudwatch: + properties: + auto_create_stream: + type: boolean + aws_instance_profile_credentials_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sts_role_arn: + type: string + aws_sts_session_name: + type: string + aws_use_sts: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + concurrency: + type: integer + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + http_proxy: + type: string + include_time_key: + type: boolean + json_handler: + type: string + localtime: + type: boolean + log_group_aws_tags: + type: string + log_group_aws_tags_key: + type: string + log_group_name: + type: string + log_group_name_key: + type: string + log_rejected_request: + type: string + log_stream_name: + type: string + log_stream_name_key: + type: string + max_events_per_batch: + type: integer + max_message_length: + type: integer + message_keys: + type: string + put_log_events_disable_retry_limit: + type: boolean + put_log_events_retry_limit: + type: integer + put_log_events_retry_wait: + type: string + region: + type: string + remove_log_group_aws_tags_key: + type: string + remove_log_group_name_key: + type: string + remove_log_stream_name_key: + type: string + remove_retention_in_days: + type: string + retention_in_days: + type: string + retention_in_days_key: + type: string + use_tag_as_group: + type: boolean + use_tag_as_stream: + type: boolean + required: + - region + type: object + datadog: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_level: + type: string + dd_hostname: + type: string + dd_source: + type: string + dd_sourcecategory: + type: string + dd_tags: + type: string + host: + type: string + include_tag_key: + type: boolean + max_backoff: + type: string + max_retries: + type: string + no_ssl_validation: + type: boolean + port: + type: string + service: + type: string + ssl_port: + type: string + tag_key: + type: string + timestamp_key: + type: string + use_compression: + type: boolean + use_http: + type: boolean + use_json: + type: boolean + use_ssl: + type: boolean + required: + - api_key + type: object + elasticsearch: + properties: + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + content_type: + type: string + custom_headers: + type: string + customize_template: + type: string + default_elasticsearch_version: + type: string + deflector_alias: + type: string + enable_ilm: + type: boolean + exception_backup: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + host: + type: string + hosts: + type: string + http_backend: + type: string + id_key: + type: string + ignore_exceptions: + type: string + ilm_policy: + type: string + ilm_policy_id: + type: string + ilm_policy_overwrite: + type: boolean + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_prefix: + type: string + log_es_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_es_version: + type: string + max_retry_putting_template: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + rollover_index: + type: boolean + routing_key: + type: string + scheme: + type: string + sniffer_class_name: + type: string + ssl_max_version: + type: string + ssl_min_version: + type: string + ssl_verify: + type: boolean + ssl_version: + type: string + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_key: + type: string + target_type_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + type_name: + type: string + unrecoverable_error_types: + type: string + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_es_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + enabledNamespaces: + items: + type: string + type: array + file: + properties: + add_path_suffix: + type: boolean + append: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + path: + type: string + path_suffix: + type: string + symlink_path: + type: boolean + required: + - path + type: object + forward: + properties: + ack_response_timeout: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + connect_timeout: + type: integer + dns_round_robin: + type: boolean + expire_dns_cache: + type: integer + hard_timeout: + type: integer + heartbeat_interval: + type: integer + heartbeat_type: + type: string + ignore_network_errors_at_startup: + type: boolean + keepalive: + type: boolean + keepalive_timeout: + type: integer + phi_failure_detector: + type: boolean + phi_threshold: + type: integer + recover_wait: + type: integer + require_ack_response: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_timeout: + type: integer + servers: + items: + properties: + host: + type: string + name: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + shared_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + standby: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + weight: + type: integer + required: + - host + type: object + type: array + tls_allow_self_signed_cert: + type: boolean + tls_cert_logical_store_name: + type: string + tls_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_cert_thumbprint: + type: string + tls_cert_use_enterprise_store: + type: boolean + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_insecure_mode: + type: boolean + tls_verify_hostname: + type: boolean + tls_version: + type: string + verify_connection_at_startup: + type: boolean + required: + - servers + type: object + gcs: + properties: + acl: + type: string + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_retries: + type: integer + client_timeout: + type: integer + credentials_json: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + encryption_key: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + keyfile: + type: string + object_key_format: + type: string + object_metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + overwrite: + type: boolean + path: + type: string + project: + type: string + storage_class: + type: string + store_as: + type: string + transcoding: + type: boolean + required: + - bucket + - project + type: object + http: + properties: + auth: + properties: + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - password + - username + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + content_type: + type: string + endpoint: + type: string + error_response_as_unrecoverable: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + headers: + additionalProperties: + type: string + type: object + http_method: + type: string + json_array: + type: boolean + open_timeout: + type: integer + proxy: + type: string + read_timeout: + type: integer + retryable_response_codes: + items: + type: integer + type: array + ssl_timeout: + type: integer + tls_ca_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_verify_mode: + type: string + tls_version: + type: string + required: + - endpoint + type: object + kafka: + properties: + ack_timeout: + type: integer + brokers: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_codec: + type: string + default_message_key: + type: string + default_partition_key: + type: string + default_topic: + type: string + exclude_partion_key: + type: boolean + exclude_topic_key: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + get_kafka_client_log: + type: boolean + headers: + additionalProperties: + type: string + type: object + headers_from_record: + additionalProperties: + type: string + type: object + idempotent: + type: boolean + max_send_retries: + type: integer + message_key_key: + type: string + partition_key: + type: string + partition_key_key: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required_acks: + type: integer + sasl_over_ssl: + type: boolean + scram_mechanism: + type: string + ssl_ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_ca_certs_from_system: + type: boolean + ssl_client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_chain: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_verify_hostname: + type: boolean + topic_key: + type: string + use_default_for_unknown_topic: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - brokers + - format + type: object + kinesisStream: + properties: + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + aws_iam_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_ses_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + batch_request_max_count: + type: integer + batch_request_max_size: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + partition_key: + type: string + process_credentials: + properties: + process: + type: string + required: + - process + type: object + region: + type: string + reset_backoff_if_success: + type: boolean + retries_on_batch_request: + type: integer + stream_name: + type: string + required: + - stream_name + type: object + logdna: + properties: + api_key: + type: string + app: + type: string + buffer_chunk_limit: + type: string + hostname: + type: string + required: + - api_key + - hostname + type: object + loggingRef: + type: string + logz: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + port: + type: integer + token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + gzip: + type: boolean + http_idle_timeout: + type: integer + output_include_tags: + type: boolean + output_include_time: + type: boolean + retry_count: + type: integer + retry_sleep: + type: integer + required: + - endpoint + type: object + loki: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + configure_kubernetes_labels: + type: boolean + drop_single_key: + type: boolean + extra_labels: + additionalProperties: + type: string + type: object + extract_kubernetes_labels: + type: boolean + insecure_tls: + type: boolean + key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + labels: + additionalProperties: + type: string + type: object + line_format: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + remove_keys: + items: + type: string + type: array + tenant: + type: string + url: + type: string + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + newrelic: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + base_uri: + type: string + license_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + nullout: + type: object + oss: + properties: + aaccess_key_secret: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_bucket: + type: boolean + check_object: + type: boolean + download_crc_enable: + type: boolean + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + index_format: + type: string + key_format: + type: string + open_timeout: + type: integer + oss_sdk_log_dir: + type: string + overwrite: + type: boolean + path: + type: string + read_timeout: + type: integer + store_as: + type: string + upload_crc_enable: + type: boolean + warn_for_delay: + type: string + required: + - aaccess_key_secret + - access_key_id + - bucket + - endpoint + type: object + redis: + properties: + allow_duplicate_key: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + db_number: + type: integer + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insert_key_prefix: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + strftime_format: + type: string + ttl: + type: integer + type: object + s3: + properties: + acl: + type: string + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + auto_create_bucket: + type: string + aws_iam_retries: + type: string + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_apikey_on_start: + type: string + check_bucket: + type: string + check_object: + type: string + clustername: + type: string + compute_checksums: + type: string + enable_transfer_acceleration: + type: string + force_path_style: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + grant_full_control: + type: string + grant_read: + type: string + grant_read_acp: + type: string + grant_write_acp: + type: string + hex_random_length: + type: string + index_format: + type: string + instance_profile_credentials: + properties: + http_open_timeout: + type: string + http_read_timeout: + type: string + ip_address: + type: string + port: + type: string + retries: + type: string + type: object + oneeye_format: + type: boolean + overwrite: + type: string + path: + type: string + proxy_uri: + type: string + s3_bucket: + type: string + s3_endpoint: + type: string + s3_metadata: + type: string + s3_object_key_format: + type: string + s3_region: + type: string + shared_credentials: + properties: + path: + type: string + profile_name: + type: string + type: object + signature_version: + type: string + sse_customer_algorithm: + type: string + sse_customer_key: + type: string + sse_customer_key_md5: + type: string + ssekms_key_id: + type: string + ssl_verify_peer: + type: string + storage_class: + type: string + store_as: + type: string + use_bundled_cert: + type: string + use_server_side_encryption: + type: string + warn_for_delay: + type: string + required: + - s3_bucket + type: object + splunkHec: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + coerce_to_utf8: + type: boolean + data_type: + type: string + fields: + additionalProperties: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hec_host: + type: string + hec_port: + type: integer + hec_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + host: + type: string + host_key: + type: string + idle_timeout: + type: integer + index: + type: string + index_key: + type: string + insecure_ssl: + type: boolean + keep_keys: + type: boolean + metric_name_key: + type: string + metric_value_key: + type: string + metrics_from_event: + type: boolean + non_utf8_replacement_string: + type: string + open_timeout: + type: integer + protocol: + type: string + read_timeout: + type: integer + source: + type: string + source_key: + type: string + sourcetype: + type: string + sourcetype_key: + type: string + ssl_ciphers: + type: string + required: + - hec_host + - hec_token + type: object + sumologic: + properties: + add_timestamp: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compress: + type: boolean + compress_encoding: + type: string + custom_dimensions: + type: string + custom_fields: + items: + type: string + type: array + data_type: + type: string + delimiter: + type: string + disable_cookies: + type: boolean + endpoint: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + log_format: + type: string + log_key: + type: string + metric_data_format: + type: string + open_timeout: + type: integer + proxy_uri: + type: string + source_category: + type: string + source_host: + type: string + source_name: + type: string + source_name_key: + type: string + sumo_client: + type: string + timestamp_key: + type: string + verify_ssl: + type: boolean + required: + - endpoint + - source_name + type: object + syslog: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + app_name_field: + type: string + hostname_field: + type: string + log_field: + type: string + message_id_field: + type: string + proc_id_field: + type: string + rfc6587_message_size: + type: boolean + structured_data_field: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insecure: + type: boolean + port: + type: integer + transport: + type: string + trusted_ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - host + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.000/templates/logging.banzaicloud.io_flows.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.000/templates/logging.banzaicloud.io_flows.yaml new file mode 100755 index 000000000..a01a1331d --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.000/templates/logging.banzaicloud.io_flows.yaml @@ -0,0 +1,761 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: flows.logging.banzaicloud.io +spec: + additionalPrinterColumns: + - JSONPath: .status.active + description: Is the flow active? + name: Active + type: boolean + - JSONPath: .status.problemsCount + description: Number of problems + name: Problems + type: integer + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Flow + listKind: FlowList + plural: flows + singular: flow + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + localOutputRefs: + items: + type: string + type: array + loggingRef: + type: string + match: + items: + properties: + exclude: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + type: object + select: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + outputRefs: + items: + type: string + type: array + selectors: + additionalProperties: + type: string + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.000/templates/logging.banzaicloud.io_loggings.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.000/templates/logging.banzaicloud.io_loggings.yaml new file mode 100755 index 000000000..d14c80e2c --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.000/templates/logging.banzaicloud.io_loggings.yaml @@ -0,0 +1,3536 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: loggings.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Logging + listKind: LoggingList + plural: loggings + singular: logging + preserveUnknownFields: false + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + allowClusterResourcesFromAllNamespaces: + type: boolean + controlNamespace: + type: string + defaultFlow: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + outputRefs: + items: + type: string + type: array + type: object + enableRecreateWorkloadOnImmutableFieldChange: + type: boolean + flowConfigCheckDisabled: + type: boolean + flowConfigOverride: + type: string + fluentbit: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + bufferStorage: + properties: + storage.backlog.mem_limit: + type: string + storage.checksum: + type: string + storage.path: + type: string + storage.sync: + type: string + type: object + bufferStorageVolume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + coroStackSize: + format: int32 + type: integer + customConfigSecret: + type: string + disableKubernetesFilter: + type: boolean + enableUpstream: + type: boolean + extraVolumeMounts: + items: + properties: + destination: + pattern: ^/.+$ + type: string + readOnly: + type: boolean + source: + pattern: ^/.+$ + type: string + required: + - destination + - source + type: object + type: array + filterAws: + properties: + Match: + type: string + account_id: + type: boolean + ami_id: + type: boolean + az: + type: boolean + ec2_instance_id: + type: boolean + ec2_instance_type: + type: boolean + hostname: + type: boolean + imds_version: + type: string + private_ip: + type: boolean + vpc_id: + type: boolean + type: object + filterKubernetes: + properties: + Annotations: + type: string + Buffer_Size: + type: string + Dummy_Meta: + type: string + K8S-Logging.Exclude: + type: string + K8S-Logging.Parser: + type: string + Keep_Log: + type: string + Kube_CA_File: + type: string + Kube_CA_Path: + type: string + Kube_Tag_Prefix: + type: string + Kube_Token_File: + type: string + Kube_URL: + type: string + Kube_meta_preload_cache_dir: + type: string + Labels: + type: string + Match: + type: string + Merge_Log: + type: string + Merge_Log_Key: + type: string + Merge_Log_Trim: + type: string + Merge_Parser: + type: string + Regex_Parser: + type: string + Use_Journal: + type: string + tls.debug: + type: string + tls.verify: + type: string + type: object + flush: + format: int32 + type: integer + forwardOptions: + properties: + Require_ack_response: + type: boolean + Retry_Limit: + type: string + Send_options: + type: boolean + Tag: + type: string + Time_as_Integer: + type: boolean + type: object + grace: + format: int32 + type: integer + image: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + inputTail: + properties: + Buffer_Chunk_Size: + type: string + Buffer_Max_Size: + type: string + DB: + type: string + DB_Sync: + type: string + Docker_Mode: + type: string + Docker_Mode_Flush: + type: string + Exclude_Path: + type: string + Ignore_Older: + type: string + Key: + type: string + Mem_Buf_Limit: + type: string + Multiline: + type: string + Multiline_Flush: + type: string + Parser: + type: string + Parser_Firstline: + type: string + Parser_N: + items: + type: string + type: array + Path: + type: string + Path_Key: + type: string + Refresh_Interval: + type: string + Rotate_Wait: + type: string + Skip_Long_Lines: + type: string + Tag: + type: string + Tag_Regex: + type: string + storage.type: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + livenessDefaultCheck: + type: boolean + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + logLevel: + type: string + metrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + metricRelabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + relabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + type: object + timeout: + type: string + type: object + mountPath: + type: string + network: + properties: + connectTimeout: + format: int32 + type: integer + keepalive: + type: boolean + keepaliveIdleTimeout: + format: int32 + type: integer + keepaliveMaxRecycle: + format: int32 + type: integer + type: object + nodeSelector: + additionalProperties: + type: string + type: object + parser: + type: string + podPriorityClassName: + type: string + position_db: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + positiondb: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + security: + properties: + podSecurityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + podSecurityPolicyCreate: + type: boolean + roleBasedAccessControlCreate: + type: boolean + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + type: object + targetHost: + type: string + targetPort: + format: int32 + type: integer + tls: + properties: + enabled: + type: boolean + secretName: + type: string + sharedKey: + type: string + required: + - enabled + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + type: object + fluentd: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + bufferStorageVolume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + configCheckAnnotations: + additionalProperties: + type: string + type: object + configReloaderImage: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + disablePvc: + type: boolean + fluentLogDestination: + type: string + fluentOutLogrotate: + properties: + age: + type: string + enabled: + type: boolean + path: + type: string + size: + type: string + required: + - enabled + type: object + fluentdPvcSpec: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + forwardInputConfig: + properties: + add_tag_prefix: + type: string + bind: + type: string + chunk_size_limit: + type: string + chunk_size_warn_limit: + type: string + deny_keepalive: + type: boolean + linger_timeout: + type: integer + port: + type: string + resolve_hostname: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_keepalive_packet: + type: boolean + skip_invalid_event: + type: boolean + source_address_key: + type: string + sourceHostnameKey: + type: string + tag: + type: string + transport: + properties: + ca_cert_path: + type: string + ca_path: + type: string + ca_private_key_passphrase: + type: string + ca_private_key_path: + type: string + cert_path: + type: string + ciphers: + type: string + client_cert_auth: + type: boolean + insecure: + type: boolean + private_key_passphrase: + type: string + private_key_path: + type: string + protocol: + type: string + version: + type: string + type: object + type: object + ignoreRepeatedLogInterval: + type: string + ignoreSameLogInterval: + type: string + image: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + livenessDefaultCheck: + type: boolean + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + logLevel: + type: string + metrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + metricRelabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + relabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + type: object + timeout: + type: string + type: object + nodeSelector: + additionalProperties: + type: string + type: object + podPriorityClassName: + type: string + port: + format: int32 + type: integer + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + rootDir: + type: string + scaling: + properties: + podManagementPolicy: + type: string + replicas: + type: integer + type: object + security: + properties: + podSecurityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + podSecurityPolicyCreate: + type: boolean + roleBasedAccessControlCreate: + type: boolean + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + type: object + tls: + properties: + enabled: + type: boolean + secretName: + type: string + sharedKey: + type: string + required: + - enabled + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumeModImage: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + volumeMountChmod: + type: boolean + workers: + format: int32 + type: integer + type: object + globalFilters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + loggingRef: + type: string + watchNamespaces: + items: + type: string + type: array + required: + - controlNamespace + type: object + status: + properties: + configCheckResults: + additionalProperties: + type: boolean + type: object + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.000/templates/logging.banzaicloud.io_outputs.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.000/templates/logging.banzaicloud.io_outputs.yaml new file mode 100755 index 000000000..b04c809ce --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.000/templates/logging.banzaicloud.io_outputs.yaml @@ -0,0 +1,4557 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: outputs.logging.banzaicloud.io +spec: + additionalPrinterColumns: + - JSONPath: .status.active + description: Is the output active? + name: Active + type: boolean + - JSONPath: .status.problemsCount + description: Number of problems + name: Problems + type: integer + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Output + listKind: OutputList + plural: outputs + singular: output + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + awsElasticsearch: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_arn: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_session_name: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_web_identity_token_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ecs_container_credentials_relative_uri: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + region: + type: string + secret_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + sts_credentials_region: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + flush_interval: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + include_tag_key: + type: boolean + logstash_format: + type: boolean + tag_key: + type: string + type: object + azurestorage: + properties: + auto_create_container: + type: boolean + azure_container: + type: string + azure_imds_api_version: + type: string + azure_object_key_format: + type: string + azure_storage_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_account: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_sas_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + type: string + path: + type: string + required: + - azure_container + - azure_storage_access_key + - azure_storage_account + - azure_storage_sas_token + type: object + cloudwatch: + properties: + auto_create_stream: + type: boolean + aws_instance_profile_credentials_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sts_role_arn: + type: string + aws_sts_session_name: + type: string + aws_use_sts: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + concurrency: + type: integer + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + http_proxy: + type: string + include_time_key: + type: boolean + json_handler: + type: string + localtime: + type: boolean + log_group_aws_tags: + type: string + log_group_aws_tags_key: + type: string + log_group_name: + type: string + log_group_name_key: + type: string + log_rejected_request: + type: string + log_stream_name: + type: string + log_stream_name_key: + type: string + max_events_per_batch: + type: integer + max_message_length: + type: integer + message_keys: + type: string + put_log_events_disable_retry_limit: + type: boolean + put_log_events_retry_limit: + type: integer + put_log_events_retry_wait: + type: string + region: + type: string + remove_log_group_aws_tags_key: + type: string + remove_log_group_name_key: + type: string + remove_log_stream_name_key: + type: string + remove_retention_in_days: + type: string + retention_in_days: + type: string + retention_in_days_key: + type: string + use_tag_as_group: + type: boolean + use_tag_as_stream: + type: boolean + required: + - region + type: object + datadog: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_level: + type: string + dd_hostname: + type: string + dd_source: + type: string + dd_sourcecategory: + type: string + dd_tags: + type: string + host: + type: string + include_tag_key: + type: boolean + max_backoff: + type: string + max_retries: + type: string + no_ssl_validation: + type: boolean + port: + type: string + service: + type: string + ssl_port: + type: string + tag_key: + type: string + timestamp_key: + type: string + use_compression: + type: boolean + use_http: + type: boolean + use_json: + type: boolean + use_ssl: + type: boolean + required: + - api_key + type: object + elasticsearch: + properties: + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + content_type: + type: string + custom_headers: + type: string + customize_template: + type: string + default_elasticsearch_version: + type: string + deflector_alias: + type: string + enable_ilm: + type: boolean + exception_backup: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + host: + type: string + hosts: + type: string + http_backend: + type: string + id_key: + type: string + ignore_exceptions: + type: string + ilm_policy: + type: string + ilm_policy_id: + type: string + ilm_policy_overwrite: + type: boolean + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_prefix: + type: string + log_es_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_es_version: + type: string + max_retry_putting_template: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + rollover_index: + type: boolean + routing_key: + type: string + scheme: + type: string + sniffer_class_name: + type: string + ssl_max_version: + type: string + ssl_min_version: + type: string + ssl_verify: + type: boolean + ssl_version: + type: string + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_key: + type: string + target_type_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + type_name: + type: string + unrecoverable_error_types: + type: string + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_es_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + file: + properties: + add_path_suffix: + type: boolean + append: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + path: + type: string + path_suffix: + type: string + symlink_path: + type: boolean + required: + - path + type: object + forward: + properties: + ack_response_timeout: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + connect_timeout: + type: integer + dns_round_robin: + type: boolean + expire_dns_cache: + type: integer + hard_timeout: + type: integer + heartbeat_interval: + type: integer + heartbeat_type: + type: string + ignore_network_errors_at_startup: + type: boolean + keepalive: + type: boolean + keepalive_timeout: + type: integer + phi_failure_detector: + type: boolean + phi_threshold: + type: integer + recover_wait: + type: integer + require_ack_response: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_timeout: + type: integer + servers: + items: + properties: + host: + type: string + name: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + shared_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + standby: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + weight: + type: integer + required: + - host + type: object + type: array + tls_allow_self_signed_cert: + type: boolean + tls_cert_logical_store_name: + type: string + tls_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_cert_thumbprint: + type: string + tls_cert_use_enterprise_store: + type: boolean + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_insecure_mode: + type: boolean + tls_verify_hostname: + type: boolean + tls_version: + type: string + verify_connection_at_startup: + type: boolean + required: + - servers + type: object + gcs: + properties: + acl: + type: string + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_retries: + type: integer + client_timeout: + type: integer + credentials_json: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + encryption_key: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + keyfile: + type: string + object_key_format: + type: string + object_metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + overwrite: + type: boolean + path: + type: string + project: + type: string + storage_class: + type: string + store_as: + type: string + transcoding: + type: boolean + required: + - bucket + - project + type: object + http: + properties: + auth: + properties: + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - password + - username + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + content_type: + type: string + endpoint: + type: string + error_response_as_unrecoverable: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + headers: + additionalProperties: + type: string + type: object + http_method: + type: string + json_array: + type: boolean + open_timeout: + type: integer + proxy: + type: string + read_timeout: + type: integer + retryable_response_codes: + items: + type: integer + type: array + ssl_timeout: + type: integer + tls_ca_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_verify_mode: + type: string + tls_version: + type: string + required: + - endpoint + type: object + kafka: + properties: + ack_timeout: + type: integer + brokers: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_codec: + type: string + default_message_key: + type: string + default_partition_key: + type: string + default_topic: + type: string + exclude_partion_key: + type: boolean + exclude_topic_key: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + get_kafka_client_log: + type: boolean + headers: + additionalProperties: + type: string + type: object + headers_from_record: + additionalProperties: + type: string + type: object + idempotent: + type: boolean + max_send_retries: + type: integer + message_key_key: + type: string + partition_key: + type: string + partition_key_key: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required_acks: + type: integer + sasl_over_ssl: + type: boolean + scram_mechanism: + type: string + ssl_ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_ca_certs_from_system: + type: boolean + ssl_client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_chain: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_verify_hostname: + type: boolean + topic_key: + type: string + use_default_for_unknown_topic: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - brokers + - format + type: object + kinesisStream: + properties: + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + aws_iam_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_ses_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + batch_request_max_count: + type: integer + batch_request_max_size: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + partition_key: + type: string + process_credentials: + properties: + process: + type: string + required: + - process + type: object + region: + type: string + reset_backoff_if_success: + type: boolean + retries_on_batch_request: + type: integer + stream_name: + type: string + required: + - stream_name + type: object + logdna: + properties: + api_key: + type: string + app: + type: string + buffer_chunk_limit: + type: string + hostname: + type: string + required: + - api_key + - hostname + type: object + loggingRef: + type: string + logz: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + port: + type: integer + token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + gzip: + type: boolean + http_idle_timeout: + type: integer + output_include_tags: + type: boolean + output_include_time: + type: boolean + retry_count: + type: integer + retry_sleep: + type: integer + required: + - endpoint + type: object + loki: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + configure_kubernetes_labels: + type: boolean + drop_single_key: + type: boolean + extra_labels: + additionalProperties: + type: string + type: object + extract_kubernetes_labels: + type: boolean + insecure_tls: + type: boolean + key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + labels: + additionalProperties: + type: string + type: object + line_format: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + remove_keys: + items: + type: string + type: array + tenant: + type: string + url: + type: string + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + newrelic: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + base_uri: + type: string + license_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + nullout: + type: object + oss: + properties: + aaccess_key_secret: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_bucket: + type: boolean + check_object: + type: boolean + download_crc_enable: + type: boolean + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + index_format: + type: string + key_format: + type: string + open_timeout: + type: integer + oss_sdk_log_dir: + type: string + overwrite: + type: boolean + path: + type: string + read_timeout: + type: integer + store_as: + type: string + upload_crc_enable: + type: boolean + warn_for_delay: + type: string + required: + - aaccess_key_secret + - access_key_id + - bucket + - endpoint + type: object + redis: + properties: + allow_duplicate_key: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + db_number: + type: integer + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insert_key_prefix: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + strftime_format: + type: string + ttl: + type: integer + type: object + s3: + properties: + acl: + type: string + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + auto_create_bucket: + type: string + aws_iam_retries: + type: string + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_apikey_on_start: + type: string + check_bucket: + type: string + check_object: + type: string + clustername: + type: string + compute_checksums: + type: string + enable_transfer_acceleration: + type: string + force_path_style: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + grant_full_control: + type: string + grant_read: + type: string + grant_read_acp: + type: string + grant_write_acp: + type: string + hex_random_length: + type: string + index_format: + type: string + instance_profile_credentials: + properties: + http_open_timeout: + type: string + http_read_timeout: + type: string + ip_address: + type: string + port: + type: string + retries: + type: string + type: object + oneeye_format: + type: boolean + overwrite: + type: string + path: + type: string + proxy_uri: + type: string + s3_bucket: + type: string + s3_endpoint: + type: string + s3_metadata: + type: string + s3_object_key_format: + type: string + s3_region: + type: string + shared_credentials: + properties: + path: + type: string + profile_name: + type: string + type: object + signature_version: + type: string + sse_customer_algorithm: + type: string + sse_customer_key: + type: string + sse_customer_key_md5: + type: string + ssekms_key_id: + type: string + ssl_verify_peer: + type: string + storage_class: + type: string + store_as: + type: string + use_bundled_cert: + type: string + use_server_side_encryption: + type: string + warn_for_delay: + type: string + required: + - s3_bucket + type: object + splunkHec: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + coerce_to_utf8: + type: boolean + data_type: + type: string + fields: + additionalProperties: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hec_host: + type: string + hec_port: + type: integer + hec_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + host: + type: string + host_key: + type: string + idle_timeout: + type: integer + index: + type: string + index_key: + type: string + insecure_ssl: + type: boolean + keep_keys: + type: boolean + metric_name_key: + type: string + metric_value_key: + type: string + metrics_from_event: + type: boolean + non_utf8_replacement_string: + type: string + open_timeout: + type: integer + protocol: + type: string + read_timeout: + type: integer + source: + type: string + source_key: + type: string + sourcetype: + type: string + sourcetype_key: + type: string + ssl_ciphers: + type: string + required: + - hec_host + - hec_token + type: object + sumologic: + properties: + add_timestamp: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compress: + type: boolean + compress_encoding: + type: string + custom_dimensions: + type: string + custom_fields: + items: + type: string + type: array + data_type: + type: string + delimiter: + type: string + disable_cookies: + type: boolean + endpoint: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + log_format: + type: string + log_key: + type: string + metric_data_format: + type: string + open_timeout: + type: integer + proxy_uri: + type: string + source_category: + type: string + source_host: + type: string + source_name: + type: string + source_name_key: + type: string + sumo_client: + type: string + timestamp_key: + type: string + verify_ssl: + type: boolean + required: + - endpoint + - source_name + type: object + syslog: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + app_name_field: + type: string + hostname_field: + type: string + log_field: + type: string + message_id_field: + type: string + proc_id_field: + type: string + rfc6587_message_size: + type: boolean + structured_data_field: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insecure: + type: boolean + port: + type: integer + transport: + type: string + trusted_ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - host + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.001/Chart.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.001/Chart.yaml new file mode 100755 index 000000000..35114d22f --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.001/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-logging-system + catalog.cattle.io/release-name: rancher-logging-crd +apiVersion: v1 +description: Installs the CRDs for rancher-logging. +name: rancher-logging-crd +type: application +version: 3.9.001 diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.001/README.md b/released/charts/rancher-logging/rancher-logging-crd/3.9.001/README.md new file mode 100755 index 000000000..d4beb54fa --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.001/README.md @@ -0,0 +1,2 @@ +# rancher-logging-crd +A Rancher chart that installs the CRDs used by rancher-logging. diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.001/templates/logging.banzaicloud.io_clusterflows.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.001/templates/logging.banzaicloud.io_clusterflows.yaml new file mode 100755 index 000000000..9fc6e22a5 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.001/templates/logging.banzaicloud.io_clusterflows.yaml @@ -0,0 +1,765 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: clusterflows.logging.banzaicloud.io +spec: + additionalPrinterColumns: + - JSONPath: .status.active + description: Is the flow active? + name: Active + type: boolean + - JSONPath: .status.problemsCount + description: Number of problems + name: Problems + type: integer + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: ClusterFlow + listKind: ClusterFlowList + plural: clusterflows + singular: clusterflow + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + loggingRef: + type: string + match: + items: + properties: + exclude: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + namespaces: + items: + type: string + type: array + type: object + select: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + namespaces: + items: + type: string + type: array + type: object + type: object + type: array + outputRefs: + items: + type: string + type: array + selectors: + additionalProperties: + type: string + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.001/templates/logging.banzaicloud.io_clusteroutputs.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.001/templates/logging.banzaicloud.io_clusteroutputs.yaml new file mode 100755 index 000000000..a82252ad9 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.001/templates/logging.banzaicloud.io_clusteroutputs.yaml @@ -0,0 +1,4563 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: clusteroutputs.logging.banzaicloud.io +spec: + additionalPrinterColumns: + - JSONPath: .status.active + description: Is the output active? + name: Active + type: boolean + - JSONPath: .status.problemsCount + description: Number of problems + name: Problems + type: integer + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: ClusterOutput + listKind: ClusterOutputList + plural: clusteroutputs + singular: clusteroutput + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + awsElasticsearch: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_arn: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_session_name: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_web_identity_token_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ecs_container_credentials_relative_uri: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + region: + type: string + secret_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + sts_credentials_region: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + flush_interval: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + include_tag_key: + type: boolean + logstash_format: + type: boolean + tag_key: + type: string + type: object + azurestorage: + properties: + auto_create_container: + type: boolean + azure_container: + type: string + azure_imds_api_version: + type: string + azure_object_key_format: + type: string + azure_storage_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_account: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_sas_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + type: string + path: + type: string + required: + - azure_container + - azure_storage_access_key + - azure_storage_account + - azure_storage_sas_token + type: object + cloudwatch: + properties: + auto_create_stream: + type: boolean + aws_instance_profile_credentials_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sts_role_arn: + type: string + aws_sts_session_name: + type: string + aws_use_sts: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + concurrency: + type: integer + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + http_proxy: + type: string + include_time_key: + type: boolean + json_handler: + type: string + localtime: + type: boolean + log_group_aws_tags: + type: string + log_group_aws_tags_key: + type: string + log_group_name: + type: string + log_group_name_key: + type: string + log_rejected_request: + type: string + log_stream_name: + type: string + log_stream_name_key: + type: string + max_events_per_batch: + type: integer + max_message_length: + type: integer + message_keys: + type: string + put_log_events_disable_retry_limit: + type: boolean + put_log_events_retry_limit: + type: integer + put_log_events_retry_wait: + type: string + region: + type: string + remove_log_group_aws_tags_key: + type: string + remove_log_group_name_key: + type: string + remove_log_stream_name_key: + type: string + remove_retention_in_days: + type: string + retention_in_days: + type: string + retention_in_days_key: + type: string + use_tag_as_group: + type: boolean + use_tag_as_stream: + type: boolean + required: + - region + type: object + datadog: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_level: + type: string + dd_hostname: + type: string + dd_source: + type: string + dd_sourcecategory: + type: string + dd_tags: + type: string + host: + type: string + include_tag_key: + type: boolean + max_backoff: + type: string + max_retries: + type: string + no_ssl_validation: + type: boolean + port: + type: string + service: + type: string + ssl_port: + type: string + tag_key: + type: string + timestamp_key: + type: string + use_compression: + type: boolean + use_http: + type: boolean + use_json: + type: boolean + use_ssl: + type: boolean + required: + - api_key + type: object + elasticsearch: + properties: + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + content_type: + type: string + custom_headers: + type: string + customize_template: + type: string + default_elasticsearch_version: + type: string + deflector_alias: + type: string + enable_ilm: + type: boolean + exception_backup: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + host: + type: string + hosts: + type: string + http_backend: + type: string + id_key: + type: string + ignore_exceptions: + type: string + ilm_policy: + type: string + ilm_policy_id: + type: string + ilm_policy_overwrite: + type: boolean + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_prefix: + type: string + log_es_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_es_version: + type: string + max_retry_putting_template: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + rollover_index: + type: boolean + routing_key: + type: string + scheme: + type: string + sniffer_class_name: + type: string + ssl_max_version: + type: string + ssl_min_version: + type: string + ssl_verify: + type: boolean + ssl_version: + type: string + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_key: + type: string + target_type_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + type_name: + type: string + unrecoverable_error_types: + type: string + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_es_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + enabledNamespaces: + items: + type: string + type: array + file: + properties: + add_path_suffix: + type: boolean + append: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + path: + type: string + path_suffix: + type: string + symlink_path: + type: boolean + required: + - path + type: object + forward: + properties: + ack_response_timeout: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + connect_timeout: + type: integer + dns_round_robin: + type: boolean + expire_dns_cache: + type: integer + hard_timeout: + type: integer + heartbeat_interval: + type: integer + heartbeat_type: + type: string + ignore_network_errors_at_startup: + type: boolean + keepalive: + type: boolean + keepalive_timeout: + type: integer + phi_failure_detector: + type: boolean + phi_threshold: + type: integer + recover_wait: + type: integer + require_ack_response: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_timeout: + type: integer + servers: + items: + properties: + host: + type: string + name: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + shared_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + standby: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + weight: + type: integer + required: + - host + type: object + type: array + tls_allow_self_signed_cert: + type: boolean + tls_cert_logical_store_name: + type: string + tls_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_cert_thumbprint: + type: string + tls_cert_use_enterprise_store: + type: boolean + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_insecure_mode: + type: boolean + tls_verify_hostname: + type: boolean + tls_version: + type: string + verify_connection_at_startup: + type: boolean + required: + - servers + type: object + gcs: + properties: + acl: + type: string + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_retries: + type: integer + client_timeout: + type: integer + credentials_json: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + encryption_key: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + keyfile: + type: string + object_key_format: + type: string + object_metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + overwrite: + type: boolean + path: + type: string + project: + type: string + storage_class: + type: string + store_as: + type: string + transcoding: + type: boolean + required: + - bucket + - project + type: object + http: + properties: + auth: + properties: + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - password + - username + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + content_type: + type: string + endpoint: + type: string + error_response_as_unrecoverable: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + headers: + additionalProperties: + type: string + type: object + http_method: + type: string + json_array: + type: boolean + open_timeout: + type: integer + proxy: + type: string + read_timeout: + type: integer + retryable_response_codes: + items: + type: integer + type: array + ssl_timeout: + type: integer + tls_ca_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_verify_mode: + type: string + tls_version: + type: string + required: + - endpoint + type: object + kafka: + properties: + ack_timeout: + type: integer + brokers: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_codec: + type: string + default_message_key: + type: string + default_partition_key: + type: string + default_topic: + type: string + exclude_partion_key: + type: boolean + exclude_topic_key: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + get_kafka_client_log: + type: boolean + headers: + additionalProperties: + type: string + type: object + headers_from_record: + additionalProperties: + type: string + type: object + idempotent: + type: boolean + max_send_retries: + type: integer + message_key_key: + type: string + partition_key: + type: string + partition_key_key: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required_acks: + type: integer + sasl_over_ssl: + type: boolean + scram_mechanism: + type: string + ssl_ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_ca_certs_from_system: + type: boolean + ssl_client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_chain: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_verify_hostname: + type: boolean + topic_key: + type: string + use_default_for_unknown_topic: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - brokers + - format + type: object + kinesisStream: + properties: + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + aws_iam_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_ses_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + batch_request_max_count: + type: integer + batch_request_max_size: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + partition_key: + type: string + process_credentials: + properties: + process: + type: string + required: + - process + type: object + region: + type: string + reset_backoff_if_success: + type: boolean + retries_on_batch_request: + type: integer + stream_name: + type: string + required: + - stream_name + type: object + logdna: + properties: + api_key: + type: string + app: + type: string + buffer_chunk_limit: + type: string + hostname: + type: string + required: + - api_key + - hostname + type: object + loggingRef: + type: string + logz: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + port: + type: integer + token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + gzip: + type: boolean + http_idle_timeout: + type: integer + output_include_tags: + type: boolean + output_include_time: + type: boolean + retry_count: + type: integer + retry_sleep: + type: integer + required: + - endpoint + type: object + loki: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + configure_kubernetes_labels: + type: boolean + drop_single_key: + type: boolean + extra_labels: + additionalProperties: + type: string + type: object + extract_kubernetes_labels: + type: boolean + insecure_tls: + type: boolean + key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + labels: + additionalProperties: + type: string + type: object + line_format: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + remove_keys: + items: + type: string + type: array + tenant: + type: string + url: + type: string + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + newrelic: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + base_uri: + type: string + license_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + nullout: + type: object + oss: + properties: + aaccess_key_secret: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_bucket: + type: boolean + check_object: + type: boolean + download_crc_enable: + type: boolean + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + index_format: + type: string + key_format: + type: string + open_timeout: + type: integer + oss_sdk_log_dir: + type: string + overwrite: + type: boolean + path: + type: string + read_timeout: + type: integer + store_as: + type: string + upload_crc_enable: + type: boolean + warn_for_delay: + type: string + required: + - aaccess_key_secret + - access_key_id + - bucket + - endpoint + type: object + redis: + properties: + allow_duplicate_key: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + db_number: + type: integer + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insert_key_prefix: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + strftime_format: + type: string + ttl: + type: integer + type: object + s3: + properties: + acl: + type: string + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + auto_create_bucket: + type: string + aws_iam_retries: + type: string + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_apikey_on_start: + type: string + check_bucket: + type: string + check_object: + type: string + clustername: + type: string + compute_checksums: + type: string + enable_transfer_acceleration: + type: string + force_path_style: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + grant_full_control: + type: string + grant_read: + type: string + grant_read_acp: + type: string + grant_write_acp: + type: string + hex_random_length: + type: string + index_format: + type: string + instance_profile_credentials: + properties: + http_open_timeout: + type: string + http_read_timeout: + type: string + ip_address: + type: string + port: + type: string + retries: + type: string + type: object + oneeye_format: + type: boolean + overwrite: + type: string + path: + type: string + proxy_uri: + type: string + s3_bucket: + type: string + s3_endpoint: + type: string + s3_metadata: + type: string + s3_object_key_format: + type: string + s3_region: + type: string + shared_credentials: + properties: + path: + type: string + profile_name: + type: string + type: object + signature_version: + type: string + sse_customer_algorithm: + type: string + sse_customer_key: + type: string + sse_customer_key_md5: + type: string + ssekms_key_id: + type: string + ssl_verify_peer: + type: string + storage_class: + type: string + store_as: + type: string + use_bundled_cert: + type: string + use_server_side_encryption: + type: string + warn_for_delay: + type: string + required: + - s3_bucket + type: object + splunkHec: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + coerce_to_utf8: + type: boolean + data_type: + type: string + fields: + additionalProperties: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hec_host: + type: string + hec_port: + type: integer + hec_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + host: + type: string + host_key: + type: string + idle_timeout: + type: integer + index: + type: string + index_key: + type: string + insecure_ssl: + type: boolean + keep_keys: + type: boolean + metric_name_key: + type: string + metric_value_key: + type: string + metrics_from_event: + type: boolean + non_utf8_replacement_string: + type: string + open_timeout: + type: integer + protocol: + type: string + read_timeout: + type: integer + source: + type: string + source_key: + type: string + sourcetype: + type: string + sourcetype_key: + type: string + ssl_ciphers: + type: string + required: + - hec_host + - hec_token + type: object + sumologic: + properties: + add_timestamp: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compress: + type: boolean + compress_encoding: + type: string + custom_dimensions: + type: string + custom_fields: + items: + type: string + type: array + data_type: + type: string + delimiter: + type: string + disable_cookies: + type: boolean + endpoint: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + log_format: + type: string + log_key: + type: string + metric_data_format: + type: string + open_timeout: + type: integer + proxy_uri: + type: string + source_category: + type: string + source_host: + type: string + source_name: + type: string + source_name_key: + type: string + sumo_client: + type: string + timestamp_key: + type: string + verify_ssl: + type: boolean + required: + - endpoint + - source_name + type: object + syslog: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + app_name_field: + type: string + hostname_field: + type: string + log_field: + type: string + message_id_field: + type: string + proc_id_field: + type: string + rfc6587_message_size: + type: boolean + structured_data_field: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insecure: + type: boolean + port: + type: integer + transport: + type: string + trusted_ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - host + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.001/templates/logging.banzaicloud.io_flows.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.001/templates/logging.banzaicloud.io_flows.yaml new file mode 100755 index 000000000..a01a1331d --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.001/templates/logging.banzaicloud.io_flows.yaml @@ -0,0 +1,761 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: flows.logging.banzaicloud.io +spec: + additionalPrinterColumns: + - JSONPath: .status.active + description: Is the flow active? + name: Active + type: boolean + - JSONPath: .status.problemsCount + description: Number of problems + name: Problems + type: integer + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Flow + listKind: FlowList + plural: flows + singular: flow + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + localOutputRefs: + items: + type: string + type: array + loggingRef: + type: string + match: + items: + properties: + exclude: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + type: object + select: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + outputRefs: + items: + type: string + type: array + selectors: + additionalProperties: + type: string + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.001/templates/logging.banzaicloud.io_loggings.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.001/templates/logging.banzaicloud.io_loggings.yaml new file mode 100755 index 000000000..d14c80e2c --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.001/templates/logging.banzaicloud.io_loggings.yaml @@ -0,0 +1,3536 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: loggings.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Logging + listKind: LoggingList + plural: loggings + singular: logging + preserveUnknownFields: false + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + allowClusterResourcesFromAllNamespaces: + type: boolean + controlNamespace: + type: string + defaultFlow: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + outputRefs: + items: + type: string + type: array + type: object + enableRecreateWorkloadOnImmutableFieldChange: + type: boolean + flowConfigCheckDisabled: + type: boolean + flowConfigOverride: + type: string + fluentbit: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + bufferStorage: + properties: + storage.backlog.mem_limit: + type: string + storage.checksum: + type: string + storage.path: + type: string + storage.sync: + type: string + type: object + bufferStorageVolume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + coroStackSize: + format: int32 + type: integer + customConfigSecret: + type: string + disableKubernetesFilter: + type: boolean + enableUpstream: + type: boolean + extraVolumeMounts: + items: + properties: + destination: + pattern: ^/.+$ + type: string + readOnly: + type: boolean + source: + pattern: ^/.+$ + type: string + required: + - destination + - source + type: object + type: array + filterAws: + properties: + Match: + type: string + account_id: + type: boolean + ami_id: + type: boolean + az: + type: boolean + ec2_instance_id: + type: boolean + ec2_instance_type: + type: boolean + hostname: + type: boolean + imds_version: + type: string + private_ip: + type: boolean + vpc_id: + type: boolean + type: object + filterKubernetes: + properties: + Annotations: + type: string + Buffer_Size: + type: string + Dummy_Meta: + type: string + K8S-Logging.Exclude: + type: string + K8S-Logging.Parser: + type: string + Keep_Log: + type: string + Kube_CA_File: + type: string + Kube_CA_Path: + type: string + Kube_Tag_Prefix: + type: string + Kube_Token_File: + type: string + Kube_URL: + type: string + Kube_meta_preload_cache_dir: + type: string + Labels: + type: string + Match: + type: string + Merge_Log: + type: string + Merge_Log_Key: + type: string + Merge_Log_Trim: + type: string + Merge_Parser: + type: string + Regex_Parser: + type: string + Use_Journal: + type: string + tls.debug: + type: string + tls.verify: + type: string + type: object + flush: + format: int32 + type: integer + forwardOptions: + properties: + Require_ack_response: + type: boolean + Retry_Limit: + type: string + Send_options: + type: boolean + Tag: + type: string + Time_as_Integer: + type: boolean + type: object + grace: + format: int32 + type: integer + image: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + inputTail: + properties: + Buffer_Chunk_Size: + type: string + Buffer_Max_Size: + type: string + DB: + type: string + DB_Sync: + type: string + Docker_Mode: + type: string + Docker_Mode_Flush: + type: string + Exclude_Path: + type: string + Ignore_Older: + type: string + Key: + type: string + Mem_Buf_Limit: + type: string + Multiline: + type: string + Multiline_Flush: + type: string + Parser: + type: string + Parser_Firstline: + type: string + Parser_N: + items: + type: string + type: array + Path: + type: string + Path_Key: + type: string + Refresh_Interval: + type: string + Rotate_Wait: + type: string + Skip_Long_Lines: + type: string + Tag: + type: string + Tag_Regex: + type: string + storage.type: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + livenessDefaultCheck: + type: boolean + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + logLevel: + type: string + metrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + metricRelabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + relabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + type: object + timeout: + type: string + type: object + mountPath: + type: string + network: + properties: + connectTimeout: + format: int32 + type: integer + keepalive: + type: boolean + keepaliveIdleTimeout: + format: int32 + type: integer + keepaliveMaxRecycle: + format: int32 + type: integer + type: object + nodeSelector: + additionalProperties: + type: string + type: object + parser: + type: string + podPriorityClassName: + type: string + position_db: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + positiondb: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + security: + properties: + podSecurityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + podSecurityPolicyCreate: + type: boolean + roleBasedAccessControlCreate: + type: boolean + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + type: object + targetHost: + type: string + targetPort: + format: int32 + type: integer + tls: + properties: + enabled: + type: boolean + secretName: + type: string + sharedKey: + type: string + required: + - enabled + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + type: object + fluentd: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + bufferStorageVolume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + configCheckAnnotations: + additionalProperties: + type: string + type: object + configReloaderImage: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + disablePvc: + type: boolean + fluentLogDestination: + type: string + fluentOutLogrotate: + properties: + age: + type: string + enabled: + type: boolean + path: + type: string + size: + type: string + required: + - enabled + type: object + fluentdPvcSpec: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + forwardInputConfig: + properties: + add_tag_prefix: + type: string + bind: + type: string + chunk_size_limit: + type: string + chunk_size_warn_limit: + type: string + deny_keepalive: + type: boolean + linger_timeout: + type: integer + port: + type: string + resolve_hostname: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_keepalive_packet: + type: boolean + skip_invalid_event: + type: boolean + source_address_key: + type: string + sourceHostnameKey: + type: string + tag: + type: string + transport: + properties: + ca_cert_path: + type: string + ca_path: + type: string + ca_private_key_passphrase: + type: string + ca_private_key_path: + type: string + cert_path: + type: string + ciphers: + type: string + client_cert_auth: + type: boolean + insecure: + type: boolean + private_key_passphrase: + type: string + private_key_path: + type: string + protocol: + type: string + version: + type: string + type: object + type: object + ignoreRepeatedLogInterval: + type: string + ignoreSameLogInterval: + type: string + image: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + livenessDefaultCheck: + type: boolean + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + logLevel: + type: string + metrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + metricRelabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + relabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + type: object + timeout: + type: string + type: object + nodeSelector: + additionalProperties: + type: string + type: object + podPriorityClassName: + type: string + port: + format: int32 + type: integer + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + rootDir: + type: string + scaling: + properties: + podManagementPolicy: + type: string + replicas: + type: integer + type: object + security: + properties: + podSecurityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + podSecurityPolicyCreate: + type: boolean + roleBasedAccessControlCreate: + type: boolean + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + type: object + tls: + properties: + enabled: + type: boolean + secretName: + type: string + sharedKey: + type: string + required: + - enabled + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumeModImage: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + volumeMountChmod: + type: boolean + workers: + format: int32 + type: integer + type: object + globalFilters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + loggingRef: + type: string + watchNamespaces: + items: + type: string + type: array + required: + - controlNamespace + type: object + status: + properties: + configCheckResults: + additionalProperties: + type: boolean + type: object + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.001/templates/logging.banzaicloud.io_outputs.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.001/templates/logging.banzaicloud.io_outputs.yaml new file mode 100755 index 000000000..b04c809ce --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.001/templates/logging.banzaicloud.io_outputs.yaml @@ -0,0 +1,4557 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: outputs.logging.banzaicloud.io +spec: + additionalPrinterColumns: + - JSONPath: .status.active + description: Is the output active? + name: Active + type: boolean + - JSONPath: .status.problemsCount + description: Number of problems + name: Problems + type: integer + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Output + listKind: OutputList + plural: outputs + singular: output + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + awsElasticsearch: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_arn: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_session_name: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_web_identity_token_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ecs_container_credentials_relative_uri: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + region: + type: string + secret_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + sts_credentials_region: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + flush_interval: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + include_tag_key: + type: boolean + logstash_format: + type: boolean + tag_key: + type: string + type: object + azurestorage: + properties: + auto_create_container: + type: boolean + azure_container: + type: string + azure_imds_api_version: + type: string + azure_object_key_format: + type: string + azure_storage_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_account: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_sas_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + type: string + path: + type: string + required: + - azure_container + - azure_storage_access_key + - azure_storage_account + - azure_storage_sas_token + type: object + cloudwatch: + properties: + auto_create_stream: + type: boolean + aws_instance_profile_credentials_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sts_role_arn: + type: string + aws_sts_session_name: + type: string + aws_use_sts: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + concurrency: + type: integer + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + http_proxy: + type: string + include_time_key: + type: boolean + json_handler: + type: string + localtime: + type: boolean + log_group_aws_tags: + type: string + log_group_aws_tags_key: + type: string + log_group_name: + type: string + log_group_name_key: + type: string + log_rejected_request: + type: string + log_stream_name: + type: string + log_stream_name_key: + type: string + max_events_per_batch: + type: integer + max_message_length: + type: integer + message_keys: + type: string + put_log_events_disable_retry_limit: + type: boolean + put_log_events_retry_limit: + type: integer + put_log_events_retry_wait: + type: string + region: + type: string + remove_log_group_aws_tags_key: + type: string + remove_log_group_name_key: + type: string + remove_log_stream_name_key: + type: string + remove_retention_in_days: + type: string + retention_in_days: + type: string + retention_in_days_key: + type: string + use_tag_as_group: + type: boolean + use_tag_as_stream: + type: boolean + required: + - region + type: object + datadog: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_level: + type: string + dd_hostname: + type: string + dd_source: + type: string + dd_sourcecategory: + type: string + dd_tags: + type: string + host: + type: string + include_tag_key: + type: boolean + max_backoff: + type: string + max_retries: + type: string + no_ssl_validation: + type: boolean + port: + type: string + service: + type: string + ssl_port: + type: string + tag_key: + type: string + timestamp_key: + type: string + use_compression: + type: boolean + use_http: + type: boolean + use_json: + type: boolean + use_ssl: + type: boolean + required: + - api_key + type: object + elasticsearch: + properties: + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + content_type: + type: string + custom_headers: + type: string + customize_template: + type: string + default_elasticsearch_version: + type: string + deflector_alias: + type: string + enable_ilm: + type: boolean + exception_backup: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + host: + type: string + hosts: + type: string + http_backend: + type: string + id_key: + type: string + ignore_exceptions: + type: string + ilm_policy: + type: string + ilm_policy_id: + type: string + ilm_policy_overwrite: + type: boolean + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_prefix: + type: string + log_es_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_es_version: + type: string + max_retry_putting_template: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + rollover_index: + type: boolean + routing_key: + type: string + scheme: + type: string + sniffer_class_name: + type: string + ssl_max_version: + type: string + ssl_min_version: + type: string + ssl_verify: + type: boolean + ssl_version: + type: string + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_key: + type: string + target_type_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + type_name: + type: string + unrecoverable_error_types: + type: string + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_es_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + file: + properties: + add_path_suffix: + type: boolean + append: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + path: + type: string + path_suffix: + type: string + symlink_path: + type: boolean + required: + - path + type: object + forward: + properties: + ack_response_timeout: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + connect_timeout: + type: integer + dns_round_robin: + type: boolean + expire_dns_cache: + type: integer + hard_timeout: + type: integer + heartbeat_interval: + type: integer + heartbeat_type: + type: string + ignore_network_errors_at_startup: + type: boolean + keepalive: + type: boolean + keepalive_timeout: + type: integer + phi_failure_detector: + type: boolean + phi_threshold: + type: integer + recover_wait: + type: integer + require_ack_response: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_timeout: + type: integer + servers: + items: + properties: + host: + type: string + name: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + shared_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + standby: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + weight: + type: integer + required: + - host + type: object + type: array + tls_allow_self_signed_cert: + type: boolean + tls_cert_logical_store_name: + type: string + tls_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_cert_thumbprint: + type: string + tls_cert_use_enterprise_store: + type: boolean + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_insecure_mode: + type: boolean + tls_verify_hostname: + type: boolean + tls_version: + type: string + verify_connection_at_startup: + type: boolean + required: + - servers + type: object + gcs: + properties: + acl: + type: string + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_retries: + type: integer + client_timeout: + type: integer + credentials_json: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + encryption_key: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + keyfile: + type: string + object_key_format: + type: string + object_metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + overwrite: + type: boolean + path: + type: string + project: + type: string + storage_class: + type: string + store_as: + type: string + transcoding: + type: boolean + required: + - bucket + - project + type: object + http: + properties: + auth: + properties: + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - password + - username + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + content_type: + type: string + endpoint: + type: string + error_response_as_unrecoverable: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + headers: + additionalProperties: + type: string + type: object + http_method: + type: string + json_array: + type: boolean + open_timeout: + type: integer + proxy: + type: string + read_timeout: + type: integer + retryable_response_codes: + items: + type: integer + type: array + ssl_timeout: + type: integer + tls_ca_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_verify_mode: + type: string + tls_version: + type: string + required: + - endpoint + type: object + kafka: + properties: + ack_timeout: + type: integer + brokers: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_codec: + type: string + default_message_key: + type: string + default_partition_key: + type: string + default_topic: + type: string + exclude_partion_key: + type: boolean + exclude_topic_key: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + get_kafka_client_log: + type: boolean + headers: + additionalProperties: + type: string + type: object + headers_from_record: + additionalProperties: + type: string + type: object + idempotent: + type: boolean + max_send_retries: + type: integer + message_key_key: + type: string + partition_key: + type: string + partition_key_key: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required_acks: + type: integer + sasl_over_ssl: + type: boolean + scram_mechanism: + type: string + ssl_ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_ca_certs_from_system: + type: boolean + ssl_client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_chain: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_verify_hostname: + type: boolean + topic_key: + type: string + use_default_for_unknown_topic: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - brokers + - format + type: object + kinesisStream: + properties: + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + aws_iam_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_ses_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + batch_request_max_count: + type: integer + batch_request_max_size: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + partition_key: + type: string + process_credentials: + properties: + process: + type: string + required: + - process + type: object + region: + type: string + reset_backoff_if_success: + type: boolean + retries_on_batch_request: + type: integer + stream_name: + type: string + required: + - stream_name + type: object + logdna: + properties: + api_key: + type: string + app: + type: string + buffer_chunk_limit: + type: string + hostname: + type: string + required: + - api_key + - hostname + type: object + loggingRef: + type: string + logz: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + port: + type: integer + token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + gzip: + type: boolean + http_idle_timeout: + type: integer + output_include_tags: + type: boolean + output_include_time: + type: boolean + retry_count: + type: integer + retry_sleep: + type: integer + required: + - endpoint + type: object + loki: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + configure_kubernetes_labels: + type: boolean + drop_single_key: + type: boolean + extra_labels: + additionalProperties: + type: string + type: object + extract_kubernetes_labels: + type: boolean + insecure_tls: + type: boolean + key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + labels: + additionalProperties: + type: string + type: object + line_format: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + remove_keys: + items: + type: string + type: array + tenant: + type: string + url: + type: string + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + newrelic: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + base_uri: + type: string + license_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + nullout: + type: object + oss: + properties: + aaccess_key_secret: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_bucket: + type: boolean + check_object: + type: boolean + download_crc_enable: + type: boolean + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + index_format: + type: string + key_format: + type: string + open_timeout: + type: integer + oss_sdk_log_dir: + type: string + overwrite: + type: boolean + path: + type: string + read_timeout: + type: integer + store_as: + type: string + upload_crc_enable: + type: boolean + warn_for_delay: + type: string + required: + - aaccess_key_secret + - access_key_id + - bucket + - endpoint + type: object + redis: + properties: + allow_duplicate_key: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + db_number: + type: integer + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insert_key_prefix: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + strftime_format: + type: string + ttl: + type: integer + type: object + s3: + properties: + acl: + type: string + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + auto_create_bucket: + type: string + aws_iam_retries: + type: string + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_apikey_on_start: + type: string + check_bucket: + type: string + check_object: + type: string + clustername: + type: string + compute_checksums: + type: string + enable_transfer_acceleration: + type: string + force_path_style: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + grant_full_control: + type: string + grant_read: + type: string + grant_read_acp: + type: string + grant_write_acp: + type: string + hex_random_length: + type: string + index_format: + type: string + instance_profile_credentials: + properties: + http_open_timeout: + type: string + http_read_timeout: + type: string + ip_address: + type: string + port: + type: string + retries: + type: string + type: object + oneeye_format: + type: boolean + overwrite: + type: string + path: + type: string + proxy_uri: + type: string + s3_bucket: + type: string + s3_endpoint: + type: string + s3_metadata: + type: string + s3_object_key_format: + type: string + s3_region: + type: string + shared_credentials: + properties: + path: + type: string + profile_name: + type: string + type: object + signature_version: + type: string + sse_customer_algorithm: + type: string + sse_customer_key: + type: string + sse_customer_key_md5: + type: string + ssekms_key_id: + type: string + ssl_verify_peer: + type: string + storage_class: + type: string + store_as: + type: string + use_bundled_cert: + type: string + use_server_side_encryption: + type: string + warn_for_delay: + type: string + required: + - s3_bucket + type: object + splunkHec: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + coerce_to_utf8: + type: boolean + data_type: + type: string + fields: + additionalProperties: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hec_host: + type: string + hec_port: + type: integer + hec_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + host: + type: string + host_key: + type: string + idle_timeout: + type: integer + index: + type: string + index_key: + type: string + insecure_ssl: + type: boolean + keep_keys: + type: boolean + metric_name_key: + type: string + metric_value_key: + type: string + metrics_from_event: + type: boolean + non_utf8_replacement_string: + type: string + open_timeout: + type: integer + protocol: + type: string + read_timeout: + type: integer + source: + type: string + source_key: + type: string + sourcetype: + type: string + sourcetype_key: + type: string + ssl_ciphers: + type: string + required: + - hec_host + - hec_token + type: object + sumologic: + properties: + add_timestamp: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compress: + type: boolean + compress_encoding: + type: string + custom_dimensions: + type: string + custom_fields: + items: + type: string + type: array + data_type: + type: string + delimiter: + type: string + disable_cookies: + type: boolean + endpoint: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + log_format: + type: string + log_key: + type: string + metric_data_format: + type: string + open_timeout: + type: integer + proxy_uri: + type: string + source_category: + type: string + source_host: + type: string + source_name: + type: string + source_name_key: + type: string + sumo_client: + type: string + timestamp_key: + type: string + verify_ssl: + type: boolean + required: + - endpoint + - source_name + type: object + syslog: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + app_name_field: + type: string + hostname_field: + type: string + log_field: + type: string + message_id_field: + type: string + proc_id_field: + type: string + rfc6587_message_size: + type: boolean + structured_data_field: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insecure: + type: boolean + port: + type: integer + transport: + type: string + trusted_ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - host + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.002/Chart.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.002/Chart.yaml new file mode 100755 index 000000000..f40269b60 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.002/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-logging-system + catalog.cattle.io/release-name: rancher-logging-crd +apiVersion: v1 +description: Installs the CRDs for rancher-logging. +name: rancher-logging-crd +type: application +version: 3.9.002 diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.002/README.md b/released/charts/rancher-logging/rancher-logging-crd/3.9.002/README.md new file mode 100755 index 000000000..d4beb54fa --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.002/README.md @@ -0,0 +1,2 @@ +# rancher-logging-crd +A Rancher chart that installs the CRDs used by rancher-logging. diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.002/templates/logging.banzaicloud.io_clusterflows.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.002/templates/logging.banzaicloud.io_clusterflows.yaml new file mode 100755 index 000000000..9fc6e22a5 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.002/templates/logging.banzaicloud.io_clusterflows.yaml @@ -0,0 +1,765 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: clusterflows.logging.banzaicloud.io +spec: + additionalPrinterColumns: + - JSONPath: .status.active + description: Is the flow active? + name: Active + type: boolean + - JSONPath: .status.problemsCount + description: Number of problems + name: Problems + type: integer + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: ClusterFlow + listKind: ClusterFlowList + plural: clusterflows + singular: clusterflow + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + loggingRef: + type: string + match: + items: + properties: + exclude: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + namespaces: + items: + type: string + type: array + type: object + select: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + namespaces: + items: + type: string + type: array + type: object + type: object + type: array + outputRefs: + items: + type: string + type: array + selectors: + additionalProperties: + type: string + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.002/templates/logging.banzaicloud.io_clusteroutputs.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.002/templates/logging.banzaicloud.io_clusteroutputs.yaml new file mode 100755 index 000000000..a82252ad9 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.002/templates/logging.banzaicloud.io_clusteroutputs.yaml @@ -0,0 +1,4563 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: clusteroutputs.logging.banzaicloud.io +spec: + additionalPrinterColumns: + - JSONPath: .status.active + description: Is the output active? + name: Active + type: boolean + - JSONPath: .status.problemsCount + description: Number of problems + name: Problems + type: integer + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: ClusterOutput + listKind: ClusterOutputList + plural: clusteroutputs + singular: clusteroutput + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + awsElasticsearch: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_arn: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_session_name: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_web_identity_token_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ecs_container_credentials_relative_uri: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + region: + type: string + secret_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + sts_credentials_region: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + flush_interval: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + include_tag_key: + type: boolean + logstash_format: + type: boolean + tag_key: + type: string + type: object + azurestorage: + properties: + auto_create_container: + type: boolean + azure_container: + type: string + azure_imds_api_version: + type: string + azure_object_key_format: + type: string + azure_storage_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_account: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_sas_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + type: string + path: + type: string + required: + - azure_container + - azure_storage_access_key + - azure_storage_account + - azure_storage_sas_token + type: object + cloudwatch: + properties: + auto_create_stream: + type: boolean + aws_instance_profile_credentials_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sts_role_arn: + type: string + aws_sts_session_name: + type: string + aws_use_sts: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + concurrency: + type: integer + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + http_proxy: + type: string + include_time_key: + type: boolean + json_handler: + type: string + localtime: + type: boolean + log_group_aws_tags: + type: string + log_group_aws_tags_key: + type: string + log_group_name: + type: string + log_group_name_key: + type: string + log_rejected_request: + type: string + log_stream_name: + type: string + log_stream_name_key: + type: string + max_events_per_batch: + type: integer + max_message_length: + type: integer + message_keys: + type: string + put_log_events_disable_retry_limit: + type: boolean + put_log_events_retry_limit: + type: integer + put_log_events_retry_wait: + type: string + region: + type: string + remove_log_group_aws_tags_key: + type: string + remove_log_group_name_key: + type: string + remove_log_stream_name_key: + type: string + remove_retention_in_days: + type: string + retention_in_days: + type: string + retention_in_days_key: + type: string + use_tag_as_group: + type: boolean + use_tag_as_stream: + type: boolean + required: + - region + type: object + datadog: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_level: + type: string + dd_hostname: + type: string + dd_source: + type: string + dd_sourcecategory: + type: string + dd_tags: + type: string + host: + type: string + include_tag_key: + type: boolean + max_backoff: + type: string + max_retries: + type: string + no_ssl_validation: + type: boolean + port: + type: string + service: + type: string + ssl_port: + type: string + tag_key: + type: string + timestamp_key: + type: string + use_compression: + type: boolean + use_http: + type: boolean + use_json: + type: boolean + use_ssl: + type: boolean + required: + - api_key + type: object + elasticsearch: + properties: + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + content_type: + type: string + custom_headers: + type: string + customize_template: + type: string + default_elasticsearch_version: + type: string + deflector_alias: + type: string + enable_ilm: + type: boolean + exception_backup: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + host: + type: string + hosts: + type: string + http_backend: + type: string + id_key: + type: string + ignore_exceptions: + type: string + ilm_policy: + type: string + ilm_policy_id: + type: string + ilm_policy_overwrite: + type: boolean + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_prefix: + type: string + log_es_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_es_version: + type: string + max_retry_putting_template: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + rollover_index: + type: boolean + routing_key: + type: string + scheme: + type: string + sniffer_class_name: + type: string + ssl_max_version: + type: string + ssl_min_version: + type: string + ssl_verify: + type: boolean + ssl_version: + type: string + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_key: + type: string + target_type_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + type_name: + type: string + unrecoverable_error_types: + type: string + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_es_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + enabledNamespaces: + items: + type: string + type: array + file: + properties: + add_path_suffix: + type: boolean + append: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + path: + type: string + path_suffix: + type: string + symlink_path: + type: boolean + required: + - path + type: object + forward: + properties: + ack_response_timeout: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + connect_timeout: + type: integer + dns_round_robin: + type: boolean + expire_dns_cache: + type: integer + hard_timeout: + type: integer + heartbeat_interval: + type: integer + heartbeat_type: + type: string + ignore_network_errors_at_startup: + type: boolean + keepalive: + type: boolean + keepalive_timeout: + type: integer + phi_failure_detector: + type: boolean + phi_threshold: + type: integer + recover_wait: + type: integer + require_ack_response: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_timeout: + type: integer + servers: + items: + properties: + host: + type: string + name: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + shared_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + standby: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + weight: + type: integer + required: + - host + type: object + type: array + tls_allow_self_signed_cert: + type: boolean + tls_cert_logical_store_name: + type: string + tls_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_cert_thumbprint: + type: string + tls_cert_use_enterprise_store: + type: boolean + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_insecure_mode: + type: boolean + tls_verify_hostname: + type: boolean + tls_version: + type: string + verify_connection_at_startup: + type: boolean + required: + - servers + type: object + gcs: + properties: + acl: + type: string + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_retries: + type: integer + client_timeout: + type: integer + credentials_json: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + encryption_key: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + keyfile: + type: string + object_key_format: + type: string + object_metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + overwrite: + type: boolean + path: + type: string + project: + type: string + storage_class: + type: string + store_as: + type: string + transcoding: + type: boolean + required: + - bucket + - project + type: object + http: + properties: + auth: + properties: + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - password + - username + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + content_type: + type: string + endpoint: + type: string + error_response_as_unrecoverable: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + headers: + additionalProperties: + type: string + type: object + http_method: + type: string + json_array: + type: boolean + open_timeout: + type: integer + proxy: + type: string + read_timeout: + type: integer + retryable_response_codes: + items: + type: integer + type: array + ssl_timeout: + type: integer + tls_ca_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_verify_mode: + type: string + tls_version: + type: string + required: + - endpoint + type: object + kafka: + properties: + ack_timeout: + type: integer + brokers: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_codec: + type: string + default_message_key: + type: string + default_partition_key: + type: string + default_topic: + type: string + exclude_partion_key: + type: boolean + exclude_topic_key: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + get_kafka_client_log: + type: boolean + headers: + additionalProperties: + type: string + type: object + headers_from_record: + additionalProperties: + type: string + type: object + idempotent: + type: boolean + max_send_retries: + type: integer + message_key_key: + type: string + partition_key: + type: string + partition_key_key: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required_acks: + type: integer + sasl_over_ssl: + type: boolean + scram_mechanism: + type: string + ssl_ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_ca_certs_from_system: + type: boolean + ssl_client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_chain: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_verify_hostname: + type: boolean + topic_key: + type: string + use_default_for_unknown_topic: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - brokers + - format + type: object + kinesisStream: + properties: + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + aws_iam_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_ses_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + batch_request_max_count: + type: integer + batch_request_max_size: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + partition_key: + type: string + process_credentials: + properties: + process: + type: string + required: + - process + type: object + region: + type: string + reset_backoff_if_success: + type: boolean + retries_on_batch_request: + type: integer + stream_name: + type: string + required: + - stream_name + type: object + logdna: + properties: + api_key: + type: string + app: + type: string + buffer_chunk_limit: + type: string + hostname: + type: string + required: + - api_key + - hostname + type: object + loggingRef: + type: string + logz: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + port: + type: integer + token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + gzip: + type: boolean + http_idle_timeout: + type: integer + output_include_tags: + type: boolean + output_include_time: + type: boolean + retry_count: + type: integer + retry_sleep: + type: integer + required: + - endpoint + type: object + loki: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + configure_kubernetes_labels: + type: boolean + drop_single_key: + type: boolean + extra_labels: + additionalProperties: + type: string + type: object + extract_kubernetes_labels: + type: boolean + insecure_tls: + type: boolean + key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + labels: + additionalProperties: + type: string + type: object + line_format: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + remove_keys: + items: + type: string + type: array + tenant: + type: string + url: + type: string + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + newrelic: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + base_uri: + type: string + license_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + nullout: + type: object + oss: + properties: + aaccess_key_secret: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_bucket: + type: boolean + check_object: + type: boolean + download_crc_enable: + type: boolean + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + index_format: + type: string + key_format: + type: string + open_timeout: + type: integer + oss_sdk_log_dir: + type: string + overwrite: + type: boolean + path: + type: string + read_timeout: + type: integer + store_as: + type: string + upload_crc_enable: + type: boolean + warn_for_delay: + type: string + required: + - aaccess_key_secret + - access_key_id + - bucket + - endpoint + type: object + redis: + properties: + allow_duplicate_key: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + db_number: + type: integer + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insert_key_prefix: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + strftime_format: + type: string + ttl: + type: integer + type: object + s3: + properties: + acl: + type: string + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + auto_create_bucket: + type: string + aws_iam_retries: + type: string + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_apikey_on_start: + type: string + check_bucket: + type: string + check_object: + type: string + clustername: + type: string + compute_checksums: + type: string + enable_transfer_acceleration: + type: string + force_path_style: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + grant_full_control: + type: string + grant_read: + type: string + grant_read_acp: + type: string + grant_write_acp: + type: string + hex_random_length: + type: string + index_format: + type: string + instance_profile_credentials: + properties: + http_open_timeout: + type: string + http_read_timeout: + type: string + ip_address: + type: string + port: + type: string + retries: + type: string + type: object + oneeye_format: + type: boolean + overwrite: + type: string + path: + type: string + proxy_uri: + type: string + s3_bucket: + type: string + s3_endpoint: + type: string + s3_metadata: + type: string + s3_object_key_format: + type: string + s3_region: + type: string + shared_credentials: + properties: + path: + type: string + profile_name: + type: string + type: object + signature_version: + type: string + sse_customer_algorithm: + type: string + sse_customer_key: + type: string + sse_customer_key_md5: + type: string + ssekms_key_id: + type: string + ssl_verify_peer: + type: string + storage_class: + type: string + store_as: + type: string + use_bundled_cert: + type: string + use_server_side_encryption: + type: string + warn_for_delay: + type: string + required: + - s3_bucket + type: object + splunkHec: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + coerce_to_utf8: + type: boolean + data_type: + type: string + fields: + additionalProperties: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hec_host: + type: string + hec_port: + type: integer + hec_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + host: + type: string + host_key: + type: string + idle_timeout: + type: integer + index: + type: string + index_key: + type: string + insecure_ssl: + type: boolean + keep_keys: + type: boolean + metric_name_key: + type: string + metric_value_key: + type: string + metrics_from_event: + type: boolean + non_utf8_replacement_string: + type: string + open_timeout: + type: integer + protocol: + type: string + read_timeout: + type: integer + source: + type: string + source_key: + type: string + sourcetype: + type: string + sourcetype_key: + type: string + ssl_ciphers: + type: string + required: + - hec_host + - hec_token + type: object + sumologic: + properties: + add_timestamp: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compress: + type: boolean + compress_encoding: + type: string + custom_dimensions: + type: string + custom_fields: + items: + type: string + type: array + data_type: + type: string + delimiter: + type: string + disable_cookies: + type: boolean + endpoint: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + log_format: + type: string + log_key: + type: string + metric_data_format: + type: string + open_timeout: + type: integer + proxy_uri: + type: string + source_category: + type: string + source_host: + type: string + source_name: + type: string + source_name_key: + type: string + sumo_client: + type: string + timestamp_key: + type: string + verify_ssl: + type: boolean + required: + - endpoint + - source_name + type: object + syslog: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + app_name_field: + type: string + hostname_field: + type: string + log_field: + type: string + message_id_field: + type: string + proc_id_field: + type: string + rfc6587_message_size: + type: boolean + structured_data_field: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insecure: + type: boolean + port: + type: integer + transport: + type: string + trusted_ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - host + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.002/templates/logging.banzaicloud.io_flows.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.002/templates/logging.banzaicloud.io_flows.yaml new file mode 100755 index 000000000..a01a1331d --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.002/templates/logging.banzaicloud.io_flows.yaml @@ -0,0 +1,761 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: flows.logging.banzaicloud.io +spec: + additionalPrinterColumns: + - JSONPath: .status.active + description: Is the flow active? + name: Active + type: boolean + - JSONPath: .status.problemsCount + description: Number of problems + name: Problems + type: integer + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Flow + listKind: FlowList + plural: flows + singular: flow + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + localOutputRefs: + items: + type: string + type: array + loggingRef: + type: string + match: + items: + properties: + exclude: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + type: object + select: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + outputRefs: + items: + type: string + type: array + selectors: + additionalProperties: + type: string + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.002/templates/logging.banzaicloud.io_loggings.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.002/templates/logging.banzaicloud.io_loggings.yaml new file mode 100755 index 000000000..d14c80e2c --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.002/templates/logging.banzaicloud.io_loggings.yaml @@ -0,0 +1,3536 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: loggings.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Logging + listKind: LoggingList + plural: loggings + singular: logging + preserveUnknownFields: false + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + allowClusterResourcesFromAllNamespaces: + type: boolean + controlNamespace: + type: string + defaultFlow: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + outputRefs: + items: + type: string + type: array + type: object + enableRecreateWorkloadOnImmutableFieldChange: + type: boolean + flowConfigCheckDisabled: + type: boolean + flowConfigOverride: + type: string + fluentbit: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + bufferStorage: + properties: + storage.backlog.mem_limit: + type: string + storage.checksum: + type: string + storage.path: + type: string + storage.sync: + type: string + type: object + bufferStorageVolume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + coroStackSize: + format: int32 + type: integer + customConfigSecret: + type: string + disableKubernetesFilter: + type: boolean + enableUpstream: + type: boolean + extraVolumeMounts: + items: + properties: + destination: + pattern: ^/.+$ + type: string + readOnly: + type: boolean + source: + pattern: ^/.+$ + type: string + required: + - destination + - source + type: object + type: array + filterAws: + properties: + Match: + type: string + account_id: + type: boolean + ami_id: + type: boolean + az: + type: boolean + ec2_instance_id: + type: boolean + ec2_instance_type: + type: boolean + hostname: + type: boolean + imds_version: + type: string + private_ip: + type: boolean + vpc_id: + type: boolean + type: object + filterKubernetes: + properties: + Annotations: + type: string + Buffer_Size: + type: string + Dummy_Meta: + type: string + K8S-Logging.Exclude: + type: string + K8S-Logging.Parser: + type: string + Keep_Log: + type: string + Kube_CA_File: + type: string + Kube_CA_Path: + type: string + Kube_Tag_Prefix: + type: string + Kube_Token_File: + type: string + Kube_URL: + type: string + Kube_meta_preload_cache_dir: + type: string + Labels: + type: string + Match: + type: string + Merge_Log: + type: string + Merge_Log_Key: + type: string + Merge_Log_Trim: + type: string + Merge_Parser: + type: string + Regex_Parser: + type: string + Use_Journal: + type: string + tls.debug: + type: string + tls.verify: + type: string + type: object + flush: + format: int32 + type: integer + forwardOptions: + properties: + Require_ack_response: + type: boolean + Retry_Limit: + type: string + Send_options: + type: boolean + Tag: + type: string + Time_as_Integer: + type: boolean + type: object + grace: + format: int32 + type: integer + image: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + inputTail: + properties: + Buffer_Chunk_Size: + type: string + Buffer_Max_Size: + type: string + DB: + type: string + DB_Sync: + type: string + Docker_Mode: + type: string + Docker_Mode_Flush: + type: string + Exclude_Path: + type: string + Ignore_Older: + type: string + Key: + type: string + Mem_Buf_Limit: + type: string + Multiline: + type: string + Multiline_Flush: + type: string + Parser: + type: string + Parser_Firstline: + type: string + Parser_N: + items: + type: string + type: array + Path: + type: string + Path_Key: + type: string + Refresh_Interval: + type: string + Rotate_Wait: + type: string + Skip_Long_Lines: + type: string + Tag: + type: string + Tag_Regex: + type: string + storage.type: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + livenessDefaultCheck: + type: boolean + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + logLevel: + type: string + metrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + metricRelabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + relabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + type: object + timeout: + type: string + type: object + mountPath: + type: string + network: + properties: + connectTimeout: + format: int32 + type: integer + keepalive: + type: boolean + keepaliveIdleTimeout: + format: int32 + type: integer + keepaliveMaxRecycle: + format: int32 + type: integer + type: object + nodeSelector: + additionalProperties: + type: string + type: object + parser: + type: string + podPriorityClassName: + type: string + position_db: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + positiondb: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + security: + properties: + podSecurityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + podSecurityPolicyCreate: + type: boolean + roleBasedAccessControlCreate: + type: boolean + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + type: object + targetHost: + type: string + targetPort: + format: int32 + type: integer + tls: + properties: + enabled: + type: boolean + secretName: + type: string + sharedKey: + type: string + required: + - enabled + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + type: object + fluentd: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + bufferStorageVolume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + configCheckAnnotations: + additionalProperties: + type: string + type: object + configReloaderImage: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + disablePvc: + type: boolean + fluentLogDestination: + type: string + fluentOutLogrotate: + properties: + age: + type: string + enabled: + type: boolean + path: + type: string + size: + type: string + required: + - enabled + type: object + fluentdPvcSpec: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + forwardInputConfig: + properties: + add_tag_prefix: + type: string + bind: + type: string + chunk_size_limit: + type: string + chunk_size_warn_limit: + type: string + deny_keepalive: + type: boolean + linger_timeout: + type: integer + port: + type: string + resolve_hostname: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_keepalive_packet: + type: boolean + skip_invalid_event: + type: boolean + source_address_key: + type: string + sourceHostnameKey: + type: string + tag: + type: string + transport: + properties: + ca_cert_path: + type: string + ca_path: + type: string + ca_private_key_passphrase: + type: string + ca_private_key_path: + type: string + cert_path: + type: string + ciphers: + type: string + client_cert_auth: + type: boolean + insecure: + type: boolean + private_key_passphrase: + type: string + private_key_path: + type: string + protocol: + type: string + version: + type: string + type: object + type: object + ignoreRepeatedLogInterval: + type: string + ignoreSameLogInterval: + type: string + image: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + livenessDefaultCheck: + type: boolean + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + logLevel: + type: string + metrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + metricRelabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + relabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + type: object + timeout: + type: string + type: object + nodeSelector: + additionalProperties: + type: string + type: object + podPriorityClassName: + type: string + port: + format: int32 + type: integer + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + rootDir: + type: string + scaling: + properties: + podManagementPolicy: + type: string + replicas: + type: integer + type: object + security: + properties: + podSecurityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + podSecurityPolicyCreate: + type: boolean + roleBasedAccessControlCreate: + type: boolean + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + type: object + tls: + properties: + enabled: + type: boolean + secretName: + type: string + sharedKey: + type: string + required: + - enabled + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumeModImage: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + volumeMountChmod: + type: boolean + workers: + format: int32 + type: integer + type: object + globalFilters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + loggingRef: + type: string + watchNamespaces: + items: + type: string + type: array + required: + - controlNamespace + type: object + status: + properties: + configCheckResults: + additionalProperties: + type: boolean + type: object + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.002/templates/logging.banzaicloud.io_outputs.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.002/templates/logging.banzaicloud.io_outputs.yaml new file mode 100755 index 000000000..b04c809ce --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.002/templates/logging.banzaicloud.io_outputs.yaml @@ -0,0 +1,4557 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: outputs.logging.banzaicloud.io +spec: + additionalPrinterColumns: + - JSONPath: .status.active + description: Is the output active? + name: Active + type: boolean + - JSONPath: .status.problemsCount + description: Number of problems + name: Problems + type: integer + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Output + listKind: OutputList + plural: outputs + singular: output + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + awsElasticsearch: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_arn: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_session_name: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_web_identity_token_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ecs_container_credentials_relative_uri: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + region: + type: string + secret_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + sts_credentials_region: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + flush_interval: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + include_tag_key: + type: boolean + logstash_format: + type: boolean + tag_key: + type: string + type: object + azurestorage: + properties: + auto_create_container: + type: boolean + azure_container: + type: string + azure_imds_api_version: + type: string + azure_object_key_format: + type: string + azure_storage_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_account: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_sas_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + type: string + path: + type: string + required: + - azure_container + - azure_storage_access_key + - azure_storage_account + - azure_storage_sas_token + type: object + cloudwatch: + properties: + auto_create_stream: + type: boolean + aws_instance_profile_credentials_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sts_role_arn: + type: string + aws_sts_session_name: + type: string + aws_use_sts: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + concurrency: + type: integer + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + http_proxy: + type: string + include_time_key: + type: boolean + json_handler: + type: string + localtime: + type: boolean + log_group_aws_tags: + type: string + log_group_aws_tags_key: + type: string + log_group_name: + type: string + log_group_name_key: + type: string + log_rejected_request: + type: string + log_stream_name: + type: string + log_stream_name_key: + type: string + max_events_per_batch: + type: integer + max_message_length: + type: integer + message_keys: + type: string + put_log_events_disable_retry_limit: + type: boolean + put_log_events_retry_limit: + type: integer + put_log_events_retry_wait: + type: string + region: + type: string + remove_log_group_aws_tags_key: + type: string + remove_log_group_name_key: + type: string + remove_log_stream_name_key: + type: string + remove_retention_in_days: + type: string + retention_in_days: + type: string + retention_in_days_key: + type: string + use_tag_as_group: + type: boolean + use_tag_as_stream: + type: boolean + required: + - region + type: object + datadog: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_level: + type: string + dd_hostname: + type: string + dd_source: + type: string + dd_sourcecategory: + type: string + dd_tags: + type: string + host: + type: string + include_tag_key: + type: boolean + max_backoff: + type: string + max_retries: + type: string + no_ssl_validation: + type: boolean + port: + type: string + service: + type: string + ssl_port: + type: string + tag_key: + type: string + timestamp_key: + type: string + use_compression: + type: boolean + use_http: + type: boolean + use_json: + type: boolean + use_ssl: + type: boolean + required: + - api_key + type: object + elasticsearch: + properties: + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + content_type: + type: string + custom_headers: + type: string + customize_template: + type: string + default_elasticsearch_version: + type: string + deflector_alias: + type: string + enable_ilm: + type: boolean + exception_backup: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + host: + type: string + hosts: + type: string + http_backend: + type: string + id_key: + type: string + ignore_exceptions: + type: string + ilm_policy: + type: string + ilm_policy_id: + type: string + ilm_policy_overwrite: + type: boolean + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_prefix: + type: string + log_es_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_es_version: + type: string + max_retry_putting_template: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + rollover_index: + type: boolean + routing_key: + type: string + scheme: + type: string + sniffer_class_name: + type: string + ssl_max_version: + type: string + ssl_min_version: + type: string + ssl_verify: + type: boolean + ssl_version: + type: string + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_key: + type: string + target_type_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + type_name: + type: string + unrecoverable_error_types: + type: string + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_es_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + file: + properties: + add_path_suffix: + type: boolean + append: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + path: + type: string + path_suffix: + type: string + symlink_path: + type: boolean + required: + - path + type: object + forward: + properties: + ack_response_timeout: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + connect_timeout: + type: integer + dns_round_robin: + type: boolean + expire_dns_cache: + type: integer + hard_timeout: + type: integer + heartbeat_interval: + type: integer + heartbeat_type: + type: string + ignore_network_errors_at_startup: + type: boolean + keepalive: + type: boolean + keepalive_timeout: + type: integer + phi_failure_detector: + type: boolean + phi_threshold: + type: integer + recover_wait: + type: integer + require_ack_response: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_timeout: + type: integer + servers: + items: + properties: + host: + type: string + name: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + shared_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + standby: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + weight: + type: integer + required: + - host + type: object + type: array + tls_allow_self_signed_cert: + type: boolean + tls_cert_logical_store_name: + type: string + tls_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_cert_thumbprint: + type: string + tls_cert_use_enterprise_store: + type: boolean + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_insecure_mode: + type: boolean + tls_verify_hostname: + type: boolean + tls_version: + type: string + verify_connection_at_startup: + type: boolean + required: + - servers + type: object + gcs: + properties: + acl: + type: string + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_retries: + type: integer + client_timeout: + type: integer + credentials_json: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + encryption_key: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + keyfile: + type: string + object_key_format: + type: string + object_metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + overwrite: + type: boolean + path: + type: string + project: + type: string + storage_class: + type: string + store_as: + type: string + transcoding: + type: boolean + required: + - bucket + - project + type: object + http: + properties: + auth: + properties: + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - password + - username + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + content_type: + type: string + endpoint: + type: string + error_response_as_unrecoverable: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + headers: + additionalProperties: + type: string + type: object + http_method: + type: string + json_array: + type: boolean + open_timeout: + type: integer + proxy: + type: string + read_timeout: + type: integer + retryable_response_codes: + items: + type: integer + type: array + ssl_timeout: + type: integer + tls_ca_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_verify_mode: + type: string + tls_version: + type: string + required: + - endpoint + type: object + kafka: + properties: + ack_timeout: + type: integer + brokers: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_codec: + type: string + default_message_key: + type: string + default_partition_key: + type: string + default_topic: + type: string + exclude_partion_key: + type: boolean + exclude_topic_key: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + get_kafka_client_log: + type: boolean + headers: + additionalProperties: + type: string + type: object + headers_from_record: + additionalProperties: + type: string + type: object + idempotent: + type: boolean + max_send_retries: + type: integer + message_key_key: + type: string + partition_key: + type: string + partition_key_key: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required_acks: + type: integer + sasl_over_ssl: + type: boolean + scram_mechanism: + type: string + ssl_ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_ca_certs_from_system: + type: boolean + ssl_client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_chain: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_verify_hostname: + type: boolean + topic_key: + type: string + use_default_for_unknown_topic: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - brokers + - format + type: object + kinesisStream: + properties: + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + aws_iam_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_ses_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + batch_request_max_count: + type: integer + batch_request_max_size: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + partition_key: + type: string + process_credentials: + properties: + process: + type: string + required: + - process + type: object + region: + type: string + reset_backoff_if_success: + type: boolean + retries_on_batch_request: + type: integer + stream_name: + type: string + required: + - stream_name + type: object + logdna: + properties: + api_key: + type: string + app: + type: string + buffer_chunk_limit: + type: string + hostname: + type: string + required: + - api_key + - hostname + type: object + loggingRef: + type: string + logz: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + port: + type: integer + token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + gzip: + type: boolean + http_idle_timeout: + type: integer + output_include_tags: + type: boolean + output_include_time: + type: boolean + retry_count: + type: integer + retry_sleep: + type: integer + required: + - endpoint + type: object + loki: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + configure_kubernetes_labels: + type: boolean + drop_single_key: + type: boolean + extra_labels: + additionalProperties: + type: string + type: object + extract_kubernetes_labels: + type: boolean + insecure_tls: + type: boolean + key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + labels: + additionalProperties: + type: string + type: object + line_format: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + remove_keys: + items: + type: string + type: array + tenant: + type: string + url: + type: string + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + newrelic: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + base_uri: + type: string + license_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + nullout: + type: object + oss: + properties: + aaccess_key_secret: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_bucket: + type: boolean + check_object: + type: boolean + download_crc_enable: + type: boolean + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + index_format: + type: string + key_format: + type: string + open_timeout: + type: integer + oss_sdk_log_dir: + type: string + overwrite: + type: boolean + path: + type: string + read_timeout: + type: integer + store_as: + type: string + upload_crc_enable: + type: boolean + warn_for_delay: + type: string + required: + - aaccess_key_secret + - access_key_id + - bucket + - endpoint + type: object + redis: + properties: + allow_duplicate_key: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + db_number: + type: integer + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insert_key_prefix: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + strftime_format: + type: string + ttl: + type: integer + type: object + s3: + properties: + acl: + type: string + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + auto_create_bucket: + type: string + aws_iam_retries: + type: string + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_apikey_on_start: + type: string + check_bucket: + type: string + check_object: + type: string + clustername: + type: string + compute_checksums: + type: string + enable_transfer_acceleration: + type: string + force_path_style: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + grant_full_control: + type: string + grant_read: + type: string + grant_read_acp: + type: string + grant_write_acp: + type: string + hex_random_length: + type: string + index_format: + type: string + instance_profile_credentials: + properties: + http_open_timeout: + type: string + http_read_timeout: + type: string + ip_address: + type: string + port: + type: string + retries: + type: string + type: object + oneeye_format: + type: boolean + overwrite: + type: string + path: + type: string + proxy_uri: + type: string + s3_bucket: + type: string + s3_endpoint: + type: string + s3_metadata: + type: string + s3_object_key_format: + type: string + s3_region: + type: string + shared_credentials: + properties: + path: + type: string + profile_name: + type: string + type: object + signature_version: + type: string + sse_customer_algorithm: + type: string + sse_customer_key: + type: string + sse_customer_key_md5: + type: string + ssekms_key_id: + type: string + ssl_verify_peer: + type: string + storage_class: + type: string + store_as: + type: string + use_bundled_cert: + type: string + use_server_side_encryption: + type: string + warn_for_delay: + type: string + required: + - s3_bucket + type: object + splunkHec: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + coerce_to_utf8: + type: boolean + data_type: + type: string + fields: + additionalProperties: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hec_host: + type: string + hec_port: + type: integer + hec_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + host: + type: string + host_key: + type: string + idle_timeout: + type: integer + index: + type: string + index_key: + type: string + insecure_ssl: + type: boolean + keep_keys: + type: boolean + metric_name_key: + type: string + metric_value_key: + type: string + metrics_from_event: + type: boolean + non_utf8_replacement_string: + type: string + open_timeout: + type: integer + protocol: + type: string + read_timeout: + type: integer + source: + type: string + source_key: + type: string + sourcetype: + type: string + sourcetype_key: + type: string + ssl_ciphers: + type: string + required: + - hec_host + - hec_token + type: object + sumologic: + properties: + add_timestamp: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compress: + type: boolean + compress_encoding: + type: string + custom_dimensions: + type: string + custom_fields: + items: + type: string + type: array + data_type: + type: string + delimiter: + type: string + disable_cookies: + type: boolean + endpoint: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + log_format: + type: string + log_key: + type: string + metric_data_format: + type: string + open_timeout: + type: integer + proxy_uri: + type: string + source_category: + type: string + source_host: + type: string + source_name: + type: string + source_name_key: + type: string + sumo_client: + type: string + timestamp_key: + type: string + verify_ssl: + type: boolean + required: + - endpoint + - source_name + type: object + syslog: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + app_name_field: + type: string + hostname_field: + type: string + log_field: + type: string + message_id_field: + type: string + proc_id_field: + type: string + rfc6587_message_size: + type: boolean + structured_data_field: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insecure: + type: boolean + port: + type: integer + transport: + type: string + trusted_ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - host + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.400/Chart.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.400/Chart.yaml new file mode 100755 index 000000000..012115ac4 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.400/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-logging-system + catalog.cattle.io/release-name: rancher-logging-crd +apiVersion: v1 +description: Installs the CRDs for rancher-logging. +name: rancher-logging-crd +type: application +version: 3.9.400 diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.400/README.md b/released/charts/rancher-logging/rancher-logging-crd/3.9.400/README.md new file mode 100755 index 000000000..d4beb54fa --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.400/README.md @@ -0,0 +1,2 @@ +# rancher-logging-crd +A Rancher chart that installs the CRDs used by rancher-logging. diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.400/templates/logging.banzaicloud.io_clusterflows.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.400/templates/logging.banzaicloud.io_clusterflows.yaml new file mode 100755 index 000000000..9fc6e22a5 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.400/templates/logging.banzaicloud.io_clusterflows.yaml @@ -0,0 +1,765 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: clusterflows.logging.banzaicloud.io +spec: + additionalPrinterColumns: + - JSONPath: .status.active + description: Is the flow active? + name: Active + type: boolean + - JSONPath: .status.problemsCount + description: Number of problems + name: Problems + type: integer + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: ClusterFlow + listKind: ClusterFlowList + plural: clusterflows + singular: clusterflow + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + loggingRef: + type: string + match: + items: + properties: + exclude: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + namespaces: + items: + type: string + type: array + type: object + select: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + namespaces: + items: + type: string + type: array + type: object + type: object + type: array + outputRefs: + items: + type: string + type: array + selectors: + additionalProperties: + type: string + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.400/templates/logging.banzaicloud.io_clusteroutputs.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.400/templates/logging.banzaicloud.io_clusteroutputs.yaml new file mode 100755 index 000000000..029e28ec8 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.400/templates/logging.banzaicloud.io_clusteroutputs.yaml @@ -0,0 +1,4721 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: clusteroutputs.logging.banzaicloud.io +spec: + additionalPrinterColumns: + - JSONPath: .status.active + description: Is the output active? + name: Active + type: boolean + - JSONPath: .status.problemsCount + description: Number of problems + name: Problems + type: integer + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: ClusterOutput + listKind: ClusterOutputList + plural: clusteroutputs + singular: clusteroutput + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + awsElasticsearch: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_arn: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_session_name: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_web_identity_token_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ecs_container_credentials_relative_uri: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + region: + type: string + secret_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + sts_credentials_region: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + flush_interval: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + include_tag_key: + type: boolean + logstash_format: + type: boolean + tag_key: + type: string + type: object + azurestorage: + properties: + auto_create_container: + type: boolean + azure_container: + type: string + azure_imds_api_version: + type: string + azure_object_key_format: + type: string + azure_storage_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_account: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_sas_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + type: string + path: + type: string + required: + - azure_container + - azure_storage_access_key + - azure_storage_account + - azure_storage_sas_token + type: object + cloudwatch: + properties: + auto_create_stream: + type: boolean + aws_instance_profile_credentials_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sts_role_arn: + type: string + aws_sts_session_name: + type: string + aws_use_sts: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + concurrency: + type: integer + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + http_proxy: + type: string + include_time_key: + type: boolean + json_handler: + type: string + localtime: + type: boolean + log_group_aws_tags: + type: string + log_group_aws_tags_key: + type: string + log_group_name: + type: string + log_group_name_key: + type: string + log_rejected_request: + type: string + log_stream_name: + type: string + log_stream_name_key: + type: string + max_events_per_batch: + type: integer + max_message_length: + type: integer + message_keys: + type: string + put_log_events_disable_retry_limit: + type: boolean + put_log_events_retry_limit: + type: integer + put_log_events_retry_wait: + type: string + region: + type: string + remove_log_group_aws_tags_key: + type: string + remove_log_group_name_key: + type: string + remove_log_stream_name_key: + type: string + remove_retention_in_days: + type: string + retention_in_days: + type: string + retention_in_days_key: + type: string + use_tag_as_group: + type: boolean + use_tag_as_stream: + type: boolean + required: + - region + type: object + datadog: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_level: + type: string + dd_hostname: + type: string + dd_source: + type: string + dd_sourcecategory: + type: string + dd_tags: + type: string + host: + type: string + include_tag_key: + type: boolean + max_backoff: + type: string + max_retries: + type: string + no_ssl_validation: + type: boolean + port: + type: string + service: + type: string + ssl_port: + type: string + tag_key: + type: string + timestamp_key: + type: string + use_compression: + type: boolean + use_http: + type: boolean + use_json: + type: boolean + use_ssl: + type: boolean + required: + - api_key + type: object + elasticsearch: + properties: + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + content_type: + type: string + custom_headers: + type: string + customize_template: + type: string + default_elasticsearch_version: + type: string + deflector_alias: + type: string + enable_ilm: + type: boolean + exception_backup: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + host: + type: string + hosts: + type: string + http_backend: + type: string + id_key: + type: string + ignore_exceptions: + type: string + ilm_policy: + type: string + ilm_policy_id: + type: string + ilm_policy_overwrite: + type: boolean + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_prefix: + type: string + log_es_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_es_version: + type: string + max_retry_putting_template: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + rollover_index: + type: boolean + routing_key: + type: string + scheme: + type: string + sniffer_class_name: + type: string + ssl_max_version: + type: string + ssl_min_version: + type: string + ssl_verify: + type: boolean + ssl_version: + type: string + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_key: + type: string + target_type_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + type_name: + type: string + unrecoverable_error_types: + type: string + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_es_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + enabledNamespaces: + items: + type: string + type: array + file: + properties: + add_path_suffix: + type: boolean + append: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + path: + type: string + path_suffix: + type: string + symlink_path: + type: boolean + required: + - path + type: object + forward: + properties: + ack_response_timeout: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + connect_timeout: + type: integer + dns_round_robin: + type: boolean + expire_dns_cache: + type: integer + hard_timeout: + type: integer + heartbeat_interval: + type: integer + heartbeat_type: + type: string + ignore_network_errors_at_startup: + type: boolean + keepalive: + type: boolean + keepalive_timeout: + type: integer + phi_failure_detector: + type: boolean + phi_threshold: + type: integer + recover_wait: + type: integer + require_ack_response: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_timeout: + type: integer + servers: + items: + properties: + host: + type: string + name: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + shared_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + standby: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + weight: + type: integer + required: + - host + type: object + type: array + tls_allow_self_signed_cert: + type: boolean + tls_cert_logical_store_name: + type: string + tls_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_cert_thumbprint: + type: string + tls_cert_use_enterprise_store: + type: boolean + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_insecure_mode: + type: boolean + tls_verify_hostname: + type: boolean + tls_version: + type: string + verify_connection_at_startup: + type: boolean + required: + - servers + type: object + gcs: + properties: + acl: + type: string + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_retries: + type: integer + client_timeout: + type: integer + credentials_json: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + encryption_key: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + keyfile: + type: string + object_key_format: + type: string + object_metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + overwrite: + type: boolean + path: + type: string + project: + type: string + storage_class: + type: string + store_as: + type: string + transcoding: + type: boolean + required: + - bucket + - project + type: object + gelf: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + host: + type: string + port: + type: integer + protocol: + type: string + tls: + type: boolean + tls_options: + additionalProperties: + type: string + type: object + required: + - host + - port + type: object + http: + properties: + auth: + properties: + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - password + - username + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + content_type: + type: string + endpoint: + type: string + error_response_as_unrecoverable: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + headers: + additionalProperties: + type: string + type: object + http_method: + type: string + json_array: + type: boolean + open_timeout: + type: integer + proxy: + type: string + read_timeout: + type: integer + retryable_response_codes: + items: + type: integer + type: array + ssl_timeout: + type: integer + tls_ca_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_verify_mode: + type: string + tls_version: + type: string + required: + - endpoint + type: object + kafka: + properties: + ack_timeout: + type: integer + brokers: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_codec: + type: string + default_message_key: + type: string + default_partition_key: + type: string + default_topic: + type: string + exclude_partion_key: + type: boolean + exclude_topic_key: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + get_kafka_client_log: + type: boolean + headers: + additionalProperties: + type: string + type: object + headers_from_record: + additionalProperties: + type: string + type: object + idempotent: + type: boolean + max_send_retries: + type: integer + message_key_key: + type: string + partition_key: + type: string + partition_key_key: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required_acks: + type: integer + sasl_over_ssl: + type: boolean + scram_mechanism: + type: string + ssl_ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_ca_certs_from_system: + type: boolean + ssl_client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_chain: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_verify_hostname: + type: boolean + topic_key: + type: string + use_default_for_unknown_topic: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - brokers + - format + type: object + kinesisStream: + properties: + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + aws_iam_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_ses_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + batch_request_max_count: + type: integer + batch_request_max_size: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + partition_key: + type: string + process_credentials: + properties: + process: + type: string + required: + - process + type: object + region: + type: string + reset_backoff_if_success: + type: boolean + retries_on_batch_request: + type: integer + stream_name: + type: string + required: + - stream_name + type: object + logdna: + properties: + api_key: + type: string + app: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + hostname: + type: string + ingester_domain: + type: string + ingester_endpoint: + type: string + request_timeout: + type: string + tags: + type: string + required: + - api_key + - hostname + type: object + loggingRef: + type: string + logz: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + port: + type: integer + token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + gzip: + type: boolean + http_idle_timeout: + type: integer + output_include_tags: + type: boolean + output_include_time: + type: boolean + retry_count: + type: integer + retry_sleep: + type: integer + required: + - endpoint + type: object + loki: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + configure_kubernetes_labels: + type: boolean + drop_single_key: + type: boolean + extra_labels: + additionalProperties: + type: string + type: object + extract_kubernetes_labels: + type: boolean + insecure_tls: + type: boolean + key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + labels: + additionalProperties: + type: string + type: object + line_format: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + remove_keys: + items: + type: string + type: array + tenant: + type: string + url: + type: string + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + newrelic: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + base_uri: + type: string + license_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + nullout: + type: object + oss: + properties: + aaccess_key_secret: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_bucket: + type: boolean + check_object: + type: boolean + download_crc_enable: + type: boolean + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + index_format: + type: string + key_format: + type: string + open_timeout: + type: integer + oss_sdk_log_dir: + type: string + overwrite: + type: boolean + path: + type: string + read_timeout: + type: integer + store_as: + type: string + upload_crc_enable: + type: boolean + warn_for_delay: + type: string + required: + - aaccess_key_secret + - access_key_id + - bucket + - endpoint + type: object + redis: + properties: + allow_duplicate_key: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + db_number: + type: integer + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insert_key_prefix: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + strftime_format: + type: string + ttl: + type: integer + type: object + s3: + properties: + acl: + type: string + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + auto_create_bucket: + type: string + aws_iam_retries: + type: string + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_apikey_on_start: + type: string + check_bucket: + type: string + check_object: + type: string + clustername: + type: string + compute_checksums: + type: string + enable_transfer_acceleration: + type: string + force_path_style: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + grant_full_control: + type: string + grant_read: + type: string + grant_read_acp: + type: string + grant_write_acp: + type: string + hex_random_length: + type: string + index_format: + type: string + instance_profile_credentials: + properties: + http_open_timeout: + type: string + http_read_timeout: + type: string + ip_address: + type: string + port: + type: string + retries: + type: string + type: object + oneeye_format: + type: boolean + overwrite: + type: string + path: + type: string + proxy_uri: + type: string + s3_bucket: + type: string + s3_endpoint: + type: string + s3_metadata: + type: string + s3_object_key_format: + type: string + s3_region: + type: string + shared_credentials: + properties: + path: + type: string + profile_name: + type: string + type: object + signature_version: + type: string + sse_customer_algorithm: + type: string + sse_customer_key: + type: string + sse_customer_key_md5: + type: string + ssekms_key_id: + type: string + ssl_verify_peer: + type: string + storage_class: + type: string + store_as: + type: string + use_bundled_cert: + type: string + use_server_side_encryption: + type: string + warn_for_delay: + type: string + required: + - s3_bucket + type: object + splunkHec: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + coerce_to_utf8: + type: boolean + data_type: + type: string + fields: + additionalProperties: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hec_host: + type: string + hec_port: + type: integer + hec_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + host: + type: string + host_key: + type: string + idle_timeout: + type: integer + index: + type: string + index_key: + type: string + insecure_ssl: + type: boolean + keep_keys: + type: boolean + metric_name_key: + type: string + metric_value_key: + type: string + metrics_from_event: + type: boolean + non_utf8_replacement_string: + type: string + open_timeout: + type: integer + protocol: + type: string + read_timeout: + type: integer + source: + type: string + source_key: + type: string + sourcetype: + type: string + sourcetype_key: + type: string + ssl_ciphers: + type: string + required: + - hec_host + - hec_token + type: object + sumologic: + properties: + add_timestamp: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compress: + type: boolean + compress_encoding: + type: string + custom_dimensions: + type: string + custom_fields: + items: + type: string + type: array + data_type: + type: string + delimiter: + type: string + disable_cookies: + type: boolean + endpoint: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + log_format: + type: string + log_key: + type: string + metric_data_format: + type: string + open_timeout: + type: integer + proxy_uri: + type: string + source_category: + type: string + source_host: + type: string + source_name: + type: string + source_name_key: + type: string + sumo_client: + type: string + timestamp_key: + type: string + verify_ssl: + type: boolean + required: + - endpoint + - source_name + type: object + syslog: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + app_name_field: + type: string + hostname_field: + type: string + log_field: + type: string + message_id_field: + type: string + proc_id_field: + type: string + rfc6587_message_size: + type: boolean + structured_data_field: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insecure: + type: boolean + port: + type: integer + transport: + type: string + trusted_ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - host + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.400/templates/logging.banzaicloud.io_flows.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.400/templates/logging.banzaicloud.io_flows.yaml new file mode 100755 index 000000000..a01a1331d --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.400/templates/logging.banzaicloud.io_flows.yaml @@ -0,0 +1,761 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: flows.logging.banzaicloud.io +spec: + additionalPrinterColumns: + - JSONPath: .status.active + description: Is the flow active? + name: Active + type: boolean + - JSONPath: .status.problemsCount + description: Number of problems + name: Problems + type: integer + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Flow + listKind: FlowList + plural: flows + singular: flow + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + localOutputRefs: + items: + type: string + type: array + loggingRef: + type: string + match: + items: + properties: + exclude: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + type: object + select: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + outputRefs: + items: + type: string + type: array + selectors: + additionalProperties: + type: string + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.400/templates/logging.banzaicloud.io_loggings.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.400/templates/logging.banzaicloud.io_loggings.yaml new file mode 100755 index 000000000..9d9c20fa1 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.400/templates/logging.banzaicloud.io_loggings.yaml @@ -0,0 +1,7095 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: loggings.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Logging + listKind: LoggingList + plural: loggings + singular: logging + preserveUnknownFields: false + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + allowClusterResourcesFromAllNamespaces: + type: boolean + controlNamespace: + type: string + defaultFlow: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + outputRefs: + items: + type: string + type: array + type: object + enableRecreateWorkloadOnImmutableFieldChange: + type: boolean + flowConfigCheckDisabled: + type: boolean + flowConfigOverride: + type: string + fluentbit: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + bufferStorage: + properties: + storage.backlog.mem_limit: + type: string + storage.checksum: + type: string + storage.path: + type: string + storage.sync: + type: string + type: object + bufferStorageVolume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + coroStackSize: + format: int32 + type: integer + customConfigSecret: + type: string + disableKubernetesFilter: + type: boolean + enableUpstream: + type: boolean + extraVolumeMounts: + items: + properties: + destination: + pattern: ^/.+$ + type: string + readOnly: + type: boolean + source: + pattern: ^/.+$ + type: string + required: + - destination + - source + type: object + type: array + filterAws: + properties: + Match: + type: string + account_id: + type: boolean + ami_id: + type: boolean + az: + type: boolean + ec2_instance_id: + type: boolean + ec2_instance_type: + type: boolean + hostname: + type: boolean + imds_version: + type: string + private_ip: + type: boolean + vpc_id: + type: boolean + type: object + filterKubernetes: + properties: + Annotations: + type: string + Buffer_Size: + type: string + Dummy_Meta: + type: string + K8S-Logging.Exclude: + type: string + K8S-Logging.Parser: + type: string + Keep_Log: + type: string + Kube_CA_File: + type: string + Kube_CA_Path: + type: string + Kube_Tag_Prefix: + type: string + Kube_Token_File: + type: string + Kube_URL: + type: string + Kube_meta_preload_cache_dir: + type: string + Labels: + type: string + Match: + type: string + Merge_Log: + type: string + Merge_Log_Key: + type: string + Merge_Log_Trim: + type: string + Merge_Parser: + type: string + Regex_Parser: + type: string + Use_Journal: + type: string + tls.debug: + type: string + tls.verify: + type: string + type: object + flush: + format: int32 + type: integer + forwardOptions: + properties: + Require_ack_response: + type: boolean + Retry_Limit: + type: string + Send_options: + type: boolean + Tag: + type: string + Time_as_Integer: + type: boolean + type: object + grace: + format: int32 + type: integer + image: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + inputTail: + properties: + Buffer_Chunk_Size: + type: string + Buffer_Max_Size: + type: string + DB: + type: string + DB_Sync: + type: string + Docker_Mode: + type: string + Docker_Mode_Flush: + type: string + Exclude_Path: + type: string + Ignore_Older: + type: string + Key: + type: string + Mem_Buf_Limit: + type: string + Multiline: + type: string + Multiline_Flush: + type: string + Parser: + type: string + Parser_Firstline: + type: string + Parser_N: + items: + type: string + type: array + Path: + type: string + Path_Key: + type: string + Refresh_Interval: + type: string + Rotate_Wait: + type: string + Skip_Long_Lines: + type: string + Tag: + type: string + Tag_Regex: + type: string + storage.type: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + livenessDefaultCheck: + type: boolean + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + logLevel: + type: string + metrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + metricRelabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + relabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + type: object + timeout: + type: string + type: object + mountPath: + type: string + network: + properties: + connectTimeout: + format: int32 + type: integer + keepalive: + type: boolean + keepaliveIdleTimeout: + format: int32 + type: integer + keepaliveMaxRecycle: + format: int32 + type: integer + type: object + nodeSelector: + additionalProperties: + type: string + type: object + parser: + type: string + podPriorityClassName: + type: string + position_db: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + positiondb: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + security: + properties: + podSecurityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + podSecurityPolicyCreate: + type: boolean + roleBasedAccessControlCreate: + type: boolean + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + type: object + targetHost: + type: string + targetPort: + format: int32 + type: integer + tls: + properties: + enabled: + type: boolean + secretName: + type: string + sharedKey: + type: string + required: + - enabled + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + type: object + fluentd: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + bufferStorageVolume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + configCheckAnnotations: + additionalProperties: + type: string + type: object + configReloaderImage: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + disablePvc: + type: boolean + fluentLogDestination: + type: string + fluentOutLogrotate: + properties: + age: + type: string + enabled: + type: boolean + path: + type: string + size: + type: string + required: + - enabled + type: object + fluentdPvcSpec: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + forwardInputConfig: + properties: + add_tag_prefix: + type: string + bind: + type: string + chunk_size_limit: + type: string + chunk_size_warn_limit: + type: string + deny_keepalive: + type: boolean + linger_timeout: + type: integer + port: + type: string + resolve_hostname: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_keepalive_packet: + type: boolean + skip_invalid_event: + type: boolean + source_address_key: + type: string + sourceHostnameKey: + type: string + tag: + type: string + transport: + properties: + ca_cert_path: + type: string + ca_path: + type: string + ca_private_key_passphrase: + type: string + ca_private_key_path: + type: string + cert_path: + type: string + ciphers: + type: string + client_cert_auth: + type: boolean + insecure: + type: boolean + private_key_passphrase: + type: string + private_key_path: + type: string + protocol: + type: string + version: + type: string + type: object + type: object + ignoreRepeatedLogInterval: + type: string + ignoreSameLogInterval: + type: string + image: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + livenessDefaultCheck: + type: boolean + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + logLevel: + type: string + metrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + metricRelabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + relabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + type: object + timeout: + type: string + type: object + nodeSelector: + additionalProperties: + type: string + type: object + podPriorityClassName: + type: string + port: + format: int32 + type: integer + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + rootDir: + type: string + scaling: + properties: + podManagementPolicy: + type: string + replicas: + type: integer + type: object + security: + properties: + podSecurityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + podSecurityPolicyCreate: + type: boolean + roleBasedAccessControlCreate: + type: boolean + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + type: object + tls: + properties: + enabled: + type: boolean + secretName: + type: string + sharedKey: + type: string + required: + - enabled + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumeModImage: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + volumeMountChmod: + type: boolean + workers: + format: int32 + type: integer + type: object + globalFilters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + loggingRef: + type: string + nodeAgents: + items: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + name: + type: string + nodeAgentFluentbit: + properties: + bufferStorage: + properties: + storage.backlog.mem_limit: + type: string + storage.checksum: + type: string + storage.path: + type: string + storage.sync: + type: string + type: object + bufferStorageVolume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + containersPath: + type: string + coroStackSize: + format: int32 + type: integer + customConfigSecret: + type: string + daemonSet: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + minReadySeconds: + format: int32 + type: integer + revisionHistoryLimit: + format: int32 + type: integer + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + type: boolean + containers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string + enableServiceLinks: + type: boolean + ephemeralContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + targetContainerName: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostname: + type: string + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + initContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + nodeName: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + overhead: + additionalProperties: + type: string + type: object + preemptionPolicy: + type: string + priority: + format: int32 + type: integer + priorityClassName: + type: string + readinessGates: + items: + properties: + conditionType: + type: string + required: + - conditionType + type: object + type: array + restartPolicy: + type: string + runtimeClassName: + type: string + schedulerName: + type: string + securityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccountName: + type: string + setHostnameAsFQDN: + type: boolean + shareProcessNamespace: + type: boolean + subdomain: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + maxSkew: + format: int32 + type: integer + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + ephemeral: + properties: + readOnly: + type: boolean + volumeClaimTemplate: + properties: + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + type: object + updateStrategy: + properties: + rollingUpdate: + properties: + maxUnavailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: + type: string + type: object + type: object + type: object + disableKubernetesFilter: + type: boolean + enableUpstream: + type: boolean + enabled: + type: boolean + extraVolumeMounts: + items: + properties: + destination: + pattern: ^/.+$ + type: string + readOnly: + type: boolean + source: + pattern: ^/.+$ + type: string + required: + - destination + - source + type: object + type: array + filterAws: + properties: + Match: + type: string + account_id: + type: boolean + ami_id: + type: boolean + az: + type: boolean + ec2_instance_id: + type: boolean + ec2_instance_type: + type: boolean + hostname: + type: boolean + imds_version: + type: string + private_ip: + type: boolean + vpc_id: + type: boolean + type: object + filterKubernetes: + properties: + Annotations: + type: string + Buffer_Size: + type: string + Dummy_Meta: + type: string + K8S-Logging.Exclude: + type: string + K8S-Logging.Parser: + type: string + Keep_Log: + type: string + Kube_CA_File: + type: string + Kube_CA_Path: + type: string + Kube_Tag_Prefix: + type: string + Kube_Token_File: + type: string + Kube_URL: + type: string + Kube_meta_preload_cache_dir: + type: string + Labels: + type: string + Match: + type: string + Merge_Log: + type: string + Merge_Log_Key: + type: string + Merge_Log_Trim: + type: string + Merge_Parser: + type: string + Regex_Parser: + type: string + Use_Journal: + type: string + tls.debug: + type: string + tls.verify: + type: string + type: object + flush: + format: int32 + type: integer + forwardOptions: + properties: + Require_ack_response: + type: boolean + Retry_Limit: + type: string + Send_options: + type: boolean + Tag: + type: string + Time_as_Integer: + type: boolean + type: object + grace: + format: int32 + type: integer + inputTail: + properties: + Buffer_Chunk_Size: + type: string + Buffer_Max_Size: + type: string + DB: + type: string + DB_Sync: + type: string + Docker_Mode: + type: string + Docker_Mode_Flush: + type: string + Exclude_Path: + type: string + Ignore_Older: + type: string + Key: + type: string + Mem_Buf_Limit: + type: string + Multiline: + type: string + Multiline_Flush: + type: string + Parser: + type: string + Parser_Firstline: + type: string + Parser_N: + items: + type: string + type: array + Path: + type: string + Path_Key: + type: string + Refresh_Interval: + type: string + Rotate_Wait: + type: string + Skip_Long_Lines: + type: string + Tag: + type: string + Tag_Regex: + type: string + storage.type: + type: string + type: object + livenessDefaultCheck: + type: boolean + logLevel: + type: string + metrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + metricRelabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + relabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + type: object + timeout: + type: string + type: object + metricsService: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + clusterIP: + type: string + externalIPs: + items: + type: string + type: array + externalName: + type: string + externalTrafficPolicy: + type: string + healthCheckNodePort: + format: int32 + type: integer + ipFamily: + type: string + loadBalancerIP: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + ports: + items: + properties: + appProtocol: + type: string + name: + type: string + nodePort: + format: int32 + type: integer + port: + format: int32 + type: integer + protocol: + type: string + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + publishNotReadyAddresses: + type: boolean + selector: + additionalProperties: + type: string + type: object + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + topologyKeys: + items: + type: string + type: array + type: + type: string + type: object + type: object + network: + properties: + connectTimeout: + format: int32 + type: integer + keepalive: + type: boolean + keepaliveIdleTimeout: + format: int32 + type: integer + keepaliveMaxRecycle: + format: int32 + type: integer + type: object + podPriorityClassName: + type: string + positiondb: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + security: + properties: + podSecurityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + podSecurityPolicyCreate: + type: boolean + roleBasedAccessControlCreate: + type: boolean + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + type: object + serviceAccount: + properties: + automountServiceAccountToken: + type: boolean + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + secrets: + items: + properties: + apiVersion: + type: string + fieldPath: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + resourceVersion: + type: string + uid: + type: string + type: object + type: array + type: object + targetHost: + type: string + targetPort: + format: int32 + type: integer + tls: + properties: + enabled: + type: boolean + secretName: + type: string + sharedKey: + type: string + required: + - enabled + type: object + varLogsPath: + type: string + type: object + profile: + type: string + type: object + type: array + watchNamespaces: + items: + type: string + type: array + required: + - controlNamespace + type: object + status: + properties: + configCheckResults: + additionalProperties: + type: boolean + type: object + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging-crd/3.9.400/templates/logging.banzaicloud.io_outputs.yaml b/released/charts/rancher-logging/rancher-logging-crd/3.9.400/templates/logging.banzaicloud.io_outputs.yaml new file mode 100755 index 000000000..85ee16497 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging-crd/3.9.400/templates/logging.banzaicloud.io_outputs.yaml @@ -0,0 +1,4715 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: outputs.logging.banzaicloud.io +spec: + additionalPrinterColumns: + - JSONPath: .status.active + description: Is the output active? + name: Active + type: boolean + - JSONPath: .status.problemsCount + description: Number of problems + name: Problems + type: integer + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Output + listKind: OutputList + plural: outputs + singular: output + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + awsElasticsearch: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_arn: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_session_name: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_web_identity_token_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ecs_container_credentials_relative_uri: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + region: + type: string + secret_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + sts_credentials_region: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + flush_interval: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + include_tag_key: + type: boolean + logstash_format: + type: boolean + tag_key: + type: string + type: object + azurestorage: + properties: + auto_create_container: + type: boolean + azure_container: + type: string + azure_imds_api_version: + type: string + azure_object_key_format: + type: string + azure_storage_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_account: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_sas_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + type: string + path: + type: string + required: + - azure_container + - azure_storage_access_key + - azure_storage_account + - azure_storage_sas_token + type: object + cloudwatch: + properties: + auto_create_stream: + type: boolean + aws_instance_profile_credentials_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sts_role_arn: + type: string + aws_sts_session_name: + type: string + aws_use_sts: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + concurrency: + type: integer + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + http_proxy: + type: string + include_time_key: + type: boolean + json_handler: + type: string + localtime: + type: boolean + log_group_aws_tags: + type: string + log_group_aws_tags_key: + type: string + log_group_name: + type: string + log_group_name_key: + type: string + log_rejected_request: + type: string + log_stream_name: + type: string + log_stream_name_key: + type: string + max_events_per_batch: + type: integer + max_message_length: + type: integer + message_keys: + type: string + put_log_events_disable_retry_limit: + type: boolean + put_log_events_retry_limit: + type: integer + put_log_events_retry_wait: + type: string + region: + type: string + remove_log_group_aws_tags_key: + type: string + remove_log_group_name_key: + type: string + remove_log_stream_name_key: + type: string + remove_retention_in_days: + type: string + retention_in_days: + type: string + retention_in_days_key: + type: string + use_tag_as_group: + type: boolean + use_tag_as_stream: + type: boolean + required: + - region + type: object + datadog: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_level: + type: string + dd_hostname: + type: string + dd_source: + type: string + dd_sourcecategory: + type: string + dd_tags: + type: string + host: + type: string + include_tag_key: + type: boolean + max_backoff: + type: string + max_retries: + type: string + no_ssl_validation: + type: boolean + port: + type: string + service: + type: string + ssl_port: + type: string + tag_key: + type: string + timestamp_key: + type: string + use_compression: + type: boolean + use_http: + type: boolean + use_json: + type: boolean + use_ssl: + type: boolean + required: + - api_key + type: object + elasticsearch: + properties: + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + content_type: + type: string + custom_headers: + type: string + customize_template: + type: string + default_elasticsearch_version: + type: string + deflector_alias: + type: string + enable_ilm: + type: boolean + exception_backup: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + host: + type: string + hosts: + type: string + http_backend: + type: string + id_key: + type: string + ignore_exceptions: + type: string + ilm_policy: + type: string + ilm_policy_id: + type: string + ilm_policy_overwrite: + type: boolean + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_prefix: + type: string + log_es_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_es_version: + type: string + max_retry_putting_template: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + rollover_index: + type: boolean + routing_key: + type: string + scheme: + type: string + sniffer_class_name: + type: string + ssl_max_version: + type: string + ssl_min_version: + type: string + ssl_verify: + type: boolean + ssl_version: + type: string + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_key: + type: string + target_type_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + type_name: + type: string + unrecoverable_error_types: + type: string + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_es_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + file: + properties: + add_path_suffix: + type: boolean + append: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + path: + type: string + path_suffix: + type: string + symlink_path: + type: boolean + required: + - path + type: object + forward: + properties: + ack_response_timeout: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + connect_timeout: + type: integer + dns_round_robin: + type: boolean + expire_dns_cache: + type: integer + hard_timeout: + type: integer + heartbeat_interval: + type: integer + heartbeat_type: + type: string + ignore_network_errors_at_startup: + type: boolean + keepalive: + type: boolean + keepalive_timeout: + type: integer + phi_failure_detector: + type: boolean + phi_threshold: + type: integer + recover_wait: + type: integer + require_ack_response: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_timeout: + type: integer + servers: + items: + properties: + host: + type: string + name: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + shared_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + standby: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + weight: + type: integer + required: + - host + type: object + type: array + tls_allow_self_signed_cert: + type: boolean + tls_cert_logical_store_name: + type: string + tls_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_cert_thumbprint: + type: string + tls_cert_use_enterprise_store: + type: boolean + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_insecure_mode: + type: boolean + tls_verify_hostname: + type: boolean + tls_version: + type: string + verify_connection_at_startup: + type: boolean + required: + - servers + type: object + gcs: + properties: + acl: + type: string + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_retries: + type: integer + client_timeout: + type: integer + credentials_json: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + encryption_key: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + keyfile: + type: string + object_key_format: + type: string + object_metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + overwrite: + type: boolean + path: + type: string + project: + type: string + storage_class: + type: string + store_as: + type: string + transcoding: + type: boolean + required: + - bucket + - project + type: object + gelf: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + host: + type: string + port: + type: integer + protocol: + type: string + tls: + type: boolean + tls_options: + additionalProperties: + type: string + type: object + required: + - host + - port + type: object + http: + properties: + auth: + properties: + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - password + - username + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + content_type: + type: string + endpoint: + type: string + error_response_as_unrecoverable: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + headers: + additionalProperties: + type: string + type: object + http_method: + type: string + json_array: + type: boolean + open_timeout: + type: integer + proxy: + type: string + read_timeout: + type: integer + retryable_response_codes: + items: + type: integer + type: array + ssl_timeout: + type: integer + tls_ca_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_verify_mode: + type: string + tls_version: + type: string + required: + - endpoint + type: object + kafka: + properties: + ack_timeout: + type: integer + brokers: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_codec: + type: string + default_message_key: + type: string + default_partition_key: + type: string + default_topic: + type: string + exclude_partion_key: + type: boolean + exclude_topic_key: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + get_kafka_client_log: + type: boolean + headers: + additionalProperties: + type: string + type: object + headers_from_record: + additionalProperties: + type: string + type: object + idempotent: + type: boolean + max_send_retries: + type: integer + message_key_key: + type: string + partition_key: + type: string + partition_key_key: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required_acks: + type: integer + sasl_over_ssl: + type: boolean + scram_mechanism: + type: string + ssl_ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_ca_certs_from_system: + type: boolean + ssl_client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_chain: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_verify_hostname: + type: boolean + topic_key: + type: string + use_default_for_unknown_topic: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - brokers + - format + type: object + kinesisStream: + properties: + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + aws_iam_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_ses_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + batch_request_max_count: + type: integer + batch_request_max_size: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + partition_key: + type: string + process_credentials: + properties: + process: + type: string + required: + - process + type: object + region: + type: string + reset_backoff_if_success: + type: boolean + retries_on_batch_request: + type: integer + stream_name: + type: string + required: + - stream_name + type: object + logdna: + properties: + api_key: + type: string + app: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + hostname: + type: string + ingester_domain: + type: string + ingester_endpoint: + type: string + request_timeout: + type: string + tags: + type: string + required: + - api_key + - hostname + type: object + loggingRef: + type: string + logz: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + port: + type: integer + token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + gzip: + type: boolean + http_idle_timeout: + type: integer + output_include_tags: + type: boolean + output_include_time: + type: boolean + retry_count: + type: integer + retry_sleep: + type: integer + required: + - endpoint + type: object + loki: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + configure_kubernetes_labels: + type: boolean + drop_single_key: + type: boolean + extra_labels: + additionalProperties: + type: string + type: object + extract_kubernetes_labels: + type: boolean + insecure_tls: + type: boolean + key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + labels: + additionalProperties: + type: string + type: object + line_format: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + remove_keys: + items: + type: string + type: array + tenant: + type: string + url: + type: string + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + newrelic: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + base_uri: + type: string + license_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + nullout: + type: object + oss: + properties: + aaccess_key_secret: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_bucket: + type: boolean + check_object: + type: boolean + download_crc_enable: + type: boolean + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + index_format: + type: string + key_format: + type: string + open_timeout: + type: integer + oss_sdk_log_dir: + type: string + overwrite: + type: boolean + path: + type: string + read_timeout: + type: integer + store_as: + type: string + upload_crc_enable: + type: boolean + warn_for_delay: + type: string + required: + - aaccess_key_secret + - access_key_id + - bucket + - endpoint + type: object + redis: + properties: + allow_duplicate_key: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + db_number: + type: integer + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insert_key_prefix: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + strftime_format: + type: string + ttl: + type: integer + type: object + s3: + properties: + acl: + type: string + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + auto_create_bucket: + type: string + aws_iam_retries: + type: string + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_apikey_on_start: + type: string + check_bucket: + type: string + check_object: + type: string + clustername: + type: string + compute_checksums: + type: string + enable_transfer_acceleration: + type: string + force_path_style: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + grant_full_control: + type: string + grant_read: + type: string + grant_read_acp: + type: string + grant_write_acp: + type: string + hex_random_length: + type: string + index_format: + type: string + instance_profile_credentials: + properties: + http_open_timeout: + type: string + http_read_timeout: + type: string + ip_address: + type: string + port: + type: string + retries: + type: string + type: object + oneeye_format: + type: boolean + overwrite: + type: string + path: + type: string + proxy_uri: + type: string + s3_bucket: + type: string + s3_endpoint: + type: string + s3_metadata: + type: string + s3_object_key_format: + type: string + s3_region: + type: string + shared_credentials: + properties: + path: + type: string + profile_name: + type: string + type: object + signature_version: + type: string + sse_customer_algorithm: + type: string + sse_customer_key: + type: string + sse_customer_key_md5: + type: string + ssekms_key_id: + type: string + ssl_verify_peer: + type: string + storage_class: + type: string + store_as: + type: string + use_bundled_cert: + type: string + use_server_side_encryption: + type: string + warn_for_delay: + type: string + required: + - s3_bucket + type: object + splunkHec: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + coerce_to_utf8: + type: boolean + data_type: + type: string + fields: + additionalProperties: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hec_host: + type: string + hec_port: + type: integer + hec_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + host: + type: string + host_key: + type: string + idle_timeout: + type: integer + index: + type: string + index_key: + type: string + insecure_ssl: + type: boolean + keep_keys: + type: boolean + metric_name_key: + type: string + metric_value_key: + type: string + metrics_from_event: + type: boolean + non_utf8_replacement_string: + type: string + open_timeout: + type: integer + protocol: + type: string + read_timeout: + type: integer + source: + type: string + source_key: + type: string + sourcetype: + type: string + sourcetype_key: + type: string + ssl_ciphers: + type: string + required: + - hec_host + - hec_token + type: object + sumologic: + properties: + add_timestamp: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compress: + type: boolean + compress_encoding: + type: string + custom_dimensions: + type: string + custom_fields: + items: + type: string + type: array + data_type: + type: string + delimiter: + type: string + disable_cookies: + type: boolean + endpoint: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + log_format: + type: string + log_key: + type: string + metric_data_format: + type: string + open_timeout: + type: integer + proxy_uri: + type: string + source_category: + type: string + source_host: + type: string + source_name: + type: string + source_name_key: + type: string + sumo_client: + type: string + timestamp_key: + type: string + verify_ssl: + type: boolean + required: + - endpoint + - source_name + type: object + syslog: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + app_name_field: + type: string + hostname_field: + type: string + log_field: + type: string + message_id_field: + type: string + proc_id_field: + type: string + rfc6587_message_size: + type: boolean + structured_data_field: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insecure: + type: boolean + port: + type: integer + transport: + type: string + trusted_ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - host + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/.helmignore b/released/charts/rancher-logging/rancher-logging/3.6.000/.helmignore new file mode 100644 index 000000000..50af03172 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/Chart.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/Chart.yaml new file mode 100644 index 000000000..5f76d4fba --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/Chart.yaml @@ -0,0 +1,19 @@ +annotations: + catalog.cattle.io/auto-install: rancher-logging-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/namespace: cattle-logging-system + catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 + catalog.cattle.io/release-name: rancher-logging + catalog.cattle.io/ui-component: logging + catalog.cattle.io/os: linux +apiVersion: v1 +appVersion: 3.6.0 +description: Collects and filter logs using highly configurable CRDs. Powered by + Banzai Cloud Logging Operator. +icon: https://charts.rancher.io/assets/logos/logging.svg +keywords: +- logging +- monitoring +- security +name: rancher-logging +version: 3.6.000 diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/README.md b/released/charts/rancher-logging/rancher-logging/3.6.000/README.md new file mode 100644 index 000000000..b7cfcfc76 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/README.md @@ -0,0 +1,129 @@ + +# Logging operator Chart + +[Logging operator](https://github.com/banzaicloud/logging-operator) Managed centralized logging component fluentd and fluent-bit instance on cluster. + +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator +``` + +## Introduction + +This chart bootstraps a [Logging Operator](https://github.com/banzaicloud/logging-operator) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Kubernetes 1.8+ with Beta APIs enabled + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +$ helm install --name my-release banzaicloud-stable/logging-operator +``` + +### CRDs +Use `createCustomResource=false` with Helm v3 to avoid trying to create CRDs from the `crds` folder and from templates at the same time. + +The command deploys **Logging operator** on the Kubernetes cluster with the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete my-release +``` + +The command removes all Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following tables lists the configurable parameters of the logging-operator chart and their default values. + +| Parameter | Description | Default | +| --------------------------------------------------- | ------------------------------------------------------ | ------------------------------ | +| `image.repository` | Container image repository | `banzaicloud/logging-operator` | +| `image.tag` | Container image tag | `3.6.0` | +| `image.pullPolicy` | Container pull policy | `IfNotPresent` | +| `nameOverride` | Override name of app | `` | +| `fullnameOverride` | Override full name of app | `` | +| `namespaceOverride` | Override namespace of app | `` | +| `watchNamespace` | Namespace to watch for LoggingOperator CRD | `` | +| `rbac.enabled` | Create rbac service account and roles | `true` | +| `rbac.psp.enabled` | Must be used with `rbac.enabled` true. If true, creates & uses RBAC resources required in the cluster with [Pod Security Policies](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) enabled. | `false` | +| `priorityClassName` | Operator priorityClassName | `{}` | +| `affinity` | Node Affinity | `{}` | +| `resources` | CPU/Memory resource requests/limits | `{}` | +| `tolerations` | Node Tolerations | `[]` | +| `nodeSelector` | Define which Nodes the Pods are scheduled on. | `{}` | +| `annotations` | Define annotations for logging-operator pods | `{}` | +| `podSecurityContext` | Pod SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{"runAsNonRoot": true, "runAsUser": 1000, "fsGroup": 2000}` | +| `securityContext` | Container SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{"allowPrivilegeEscalation": false, "readOnlyRootFilesystem": true}` | +| `createCustomResource` | Create CRDs. | `true` | +| `monitoring.serviceMonitor.enabled` | Create Prometheus Operator servicemonitor. | `false` | + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example: + +```bash +$ helm install --name my-release -f values.yaml banzaicloud-stable/logging-operator +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Installing Fluentd and Fluent-bit via logging + +The previous chart does **not** install `logging` resource to deploy Fluentd and Fluent-bit on cluster. To install them please use the [Logging Operator Logging](https://github.com/banzaicloud/logging-operator/tree/master/charts/logging-operator-logging) chart. + +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator-logging +``` + +## Configuration + +The following tables lists the configurable parameters of the logging-operator-logging chart and their default values. +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator-logging +``` + +## Configuration + +The following tables lists the configurable parameters of the logging-operator-logging chart and their default values. + +| Parameter | Description | Default | +| --------------------------------------------------- | ------------------------------------------------------ | ------------------------------ | +| `tls.enabled` | Enabled TLS communication between components | true | +| `tls.fluentdSecretName` | Specified secret name, which contain tls certs | This will overwrite automatic Helm certificate generation. | +| `tls.fluentbitSecretName` | Specified secret name, which contain tls certs | This will overwrite automatic Helm certificate generation. | +| `tls.sharedKey` | Shared key between nodes (fluentd-fluentbit) | [autogenerated] | +| `fluentbit.enabled` | Install fluent-bit | true | +| `fluentbit.namespace` | Specified fluentbit installation namespace | same as operator namespace | +| `fluentbit.image.tag` | Fluentbit container image tag | `1.5.4` | +| `fluentbit.image.repository` | Fluentbit container image repository | `fluent/fluent-bit` | +| `fluentbit.image.pullPolicy` | Fluentbit container pull policy | `IfNotPresent` | +| `fluentd.enabled` | Install fluentd | true | +| `fluentd.image.tag` | Fluentd container image tag | `v1.11.2-alpine-3` | +| `fluentd.image.repository` | Fluentd container image repository | `banzaicloud/fluentd` | +| `fluentd.image.pullPolicy` | Fluentd container pull policy | `IfNotPresent` | +| `fluentd.volumeModImage.tag` | Fluentd volumeModImage container image tag | `latest` | +| `fluentd.volumeModImage.repository` | Fluentd volumeModImage container image repository | `busybox` | +| `fluentd.volumeModImage.pullPolicy` | Fluentd volumeModImage container pull policy | `IfNotPresent` | +| `fluentd.configReloaderImage.tag` | Fluentd configReloaderImage container image tag | `v0.2.2` | +| `fluentd.configReloaderImage.repository` | Fluentd configReloaderImage container image repository | `jimmidyson/configmap-reload` | +| `fluentd.configReloaderImage.pullPolicy` | Fluentd configReloaderImage container pull policy | `IfNotPresent` | +| `fluentd.fluentdPvcSpec.accessModes` | Fluentd persistence volume access modes | `[ReadWriteOnce]` | +| `fluentd.fluentdPvcSpec.resources.requests.storage` | Fluentd persistence volume size | `21Gi` | +| `fluentd.fluentdPvcSpec.storageClassName` | Fluentd persistence volume storageclass | `"""` | diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/app-readme.md b/released/charts/rancher-logging/rancher-logging/3.6.000/app-readme.md new file mode 100644 index 000000000..7d5b9a50b --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/app-readme.md @@ -0,0 +1,3 @@ +Rancher Logging, powered by the [Bonzai Logging Operator](https://banzaicloud.com/docs/one-eye/logging-operator/), allows users to configure complex logging pipelines with a few simple resources. +To collect logs from a single namespace, users can create an [Output](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/output_types/) to define where logs are stored and a corresponding [Flow](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/flow_types/) to describe what logs to include and what outputs to send to. +To collect logs from the entire cluster, users can similarly create a [ClusterOutput](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/clusteroutput_types/) and a corresponding [ClusterFlow](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/clusterflow_types/). diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/NOTES.txt b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/NOTES.txt new file mode 100644 index 000000000..e69de29bb diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/_helpers.tpl b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/_helpers.tpl new file mode 100644 index 000000000..b2b289443 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/_helpers.tpl @@ -0,0 +1,66 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "logging-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "logging-operator.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Provides the namespace the chart will be installed in using the builtin .Release.Namespace, +or, if provided, a manually overwritten namespace value. +*/}} +{{- define "logging-operator.namespace" -}} +{{- if .Values.namespaceOverride -}} +{{ .Values.namespaceOverride -}} +{{- else -}} +{{ .Release.Namespace }} +{{- end -}} +{{- end -}} + + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "logging-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "logging-operator.labels" -}} +app.kubernetes.io/name: {{ include "logging-operator.name" . }} +helm.sh/chart: {{ include "logging-operator.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/clusterrole.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/clusterrole.yaml new file mode 100644 index 000000000..ed2e1e975 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/clusterrole.yaml @@ -0,0 +1,156 @@ +{{- if .Values.rbac.enabled }} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: {{ template "logging-operator.fullname" . }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - "" + resources: + - namespaces + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + - pods + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - daemonsets + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + - extensions + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - extensions + - policy + resources: + - podsecuritypolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - logging.banzaicloud.io + resources: + - clusterflows + - clusteroutputs + - flows + - loggings + - outputs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - logging.banzaicloud.io + resources: + - loggings/status + verbs: + - get + - patch + - update +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - rolebindings + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/clusterrolebinding.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..46bf11e8b --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/clusterrolebinding.yaml @@ -0,0 +1,21 @@ +{{- if .Values.rbac.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ template "logging-operator.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + helm.sh/chart: {{ include "logging-operator.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +subjects: + - kind: ServiceAccount + name: {{ template "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "logging-operator.fullname" . }} + + {{- end }} \ No newline at end of file diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/crds.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/crds.yaml new file mode 100644 index 000000000..f573652d0 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/crds.yaml @@ -0,0 +1,6 @@ +{{- if .Values.createCustomResource -}} +{{- range $path, $bytes := .Files.Glob "crds/*.yaml" }} +{{ $.Files.Get $path }} +--- +{{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/deployment.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/deployment.yaml new file mode 100644 index 000000000..3bd85416a --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/deployment.yaml @@ -0,0 +1,62 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + ports: + - name: http + containerPort: {{ .Values.http.port }} + + {{- if .Values.securityContext }} + securityContext: {{ toYaml .Values.securityContext | nindent 12 }} + {{- end }} + {{- if .Values.podSecurityContext }} + securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }} + {{- end }} + + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.rbac.enabled }} + serviceAccountName: {{ include "logging-operator.fullname" . }} + {{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/eks/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/eks/logging.yaml new file mode 100644 index 000000000..d47607bff --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/eks/logging.yaml @@ -0,0 +1,31 @@ +{{- if and .Values.additionalLoggingSources.eks.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-eks + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "eks" + Path: "/var/log/messages" + Parser: "syslog" + {{ with .Values.fluentbit_tolerations }} + tolerations: + {{ toYaml . | nindent 6 }} + {{ end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/k3s/logging-k3s-openrc.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/k3s/logging-k3s-openrc.yaml new file mode 100644 index 000000000..0418fad81 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/k3s/logging-k3s-openrc.yaml @@ -0,0 +1,34 @@ +{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "openrc")}} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-k3s + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "k3s" + Path: "/var/log/k3s.log" + extraVolumeMounts: + - source: "/var/log/" + destination: "/var/log" + readOnly: true + {{ with .Values.fluentbit_tolerations }} + tolerations: + {{ toYaml . | nindent 6 }} + {{ end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/k3s/logging-k3s-systemd.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/k3s/logging-k3s-systemd.yaml new file mode 100644 index 000000000..977db0518 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/k3s/logging-k3s-systemd.yaml @@ -0,0 +1,34 @@ +{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "systemd")}} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-k3s + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "k3s" + Path: "/var/log/syslog" + extraVolumeMounts: + - source: "/var/log/" + destination: "/var/log" + readOnly: true + {{ with .Values.fluentbit_tolerations }} + tolerations: + {{ toYaml . | nindent 6 }} + {{ end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke/logging-containers-rke.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke/logging-containers-rke.yaml new file mode 100644 index 000000000..0866b22c3 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke/logging-containers-rke.yaml @@ -0,0 +1,33 @@ +{{- if .Values.additionalLoggingSources.rke.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-rke-containers + namespace: {{ .Release.Namespace }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "rke" + Path: "/var/log/containers/*rke*.log" + extraVolumeMounts: + - source: "/var/log/containers/" + destination: "/var/log/containers/" + readOnly: true + {{ with .Values.fluentbit_tolerations }} + tolerations: + {{ toYaml . | nindent 6 }} + {{ end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- end }} + diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke/logging-rke.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke/logging-rke.yaml new file mode 100644 index 000000000..8e4b5c26f --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke/logging-rke.yaml @@ -0,0 +1,34 @@ +{{- if .Values.additionalLoggingSources.rke.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-rke + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "rke" + Path: "/rke/*.log" + extraVolumeMounts: + - source: "/var/lib/rancher/rke/log" + destination: "/rke" + readOnly: true + {{ with .Values.fluentbit_tolerations }} + tolerations: + {{ toYaml . | nindent 6 }} + {{ end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke2/configmap.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke2/configmap.yaml new file mode 100644 index 000000000..d8910122a --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke2/configmap.yaml @@ -0,0 +1,18 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-rke2 + labels: +{{ include "logging-operator.labels" . | indent 4 }} +data: + fluent-bit.conf: | + [INPUT] + Name systemd + Tag rke2 + Systemd_Filter _SYSTEMD_UNIT=rke2.service + + [OUTPUT] + Name file + Path /etc/rancher/logging/rke2.log +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke2/daemonset.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke2/daemonset.yaml new file mode 100644 index 000000000..20fc108bd --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke2/daemonset.yaml @@ -0,0 +1,33 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + selector: + matchLabels: + name: {{ .Release.Name }}-rke2-journald-aggregator + template: + metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" + labels: + name: {{ .Release.Name }}-rke2-journald-aggregator + spec: + containers: + - name: fluentd + image: "{{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}:{{ .Values.images.fluentbit.tag }}" + volumeMounts: + - mountPath: /etc/rancher/logging/logs/ + name: logdir + - mountPath: /fluent-bit/etc/ + name: config + volumes: + - name: logdir + hostPath: + path: /etc/rancher/logging/logs/ + - name: config + configMap: + name: "{{ .Release.Name }}-rke2" +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke2/logging-rke2-containers.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke2/logging-rke2-containers.yaml new file mode 100644 index 000000000..721c0a981 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke2/logging-rke2-containers.yaml @@ -0,0 +1,32 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-rke2-containers + namespace: {{ .Release.Namespace }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "rke2" + Path: "/var/log/containers/*rke*.log" + extraVolumeMounts: + - source: "/var/log/containers/" + destination: "/var/log/containers/" + readOnly: true + {{ with .Values.fluentbit_tolerations }} + tolerations: + {{ toYaml . | nindent 6 }} + {{ end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke2/logging-rke2-journald.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke2/logging-rke2-journald.yaml new file mode 100644 index 000000000..f39651d0b --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/rke2/logging-rke2-journald.yaml @@ -0,0 +1,32 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-rke2-journald + namespace: {{ .Release.Namespace }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "rke2" + Path: "/etc/rancher/logging/logs/*.log" + extraVolumeMounts: + - source: "/etc/rancher/logging/logs/" + destination: "/etc/rancher/logging/logs/" + readOnly: true + {{ with .Values.fluentbit_tolerations }} + tolerations: + {{ toYaml . | nindent 6 }} + {{ end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/root/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/root/logging.yaml new file mode 100644 index 000000000..ee2a85038 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/loggings/root/logging.yaml @@ -0,0 +1,25 @@ +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + {{ with .Values.fluentbit_tolerations }} + tolerations: + {{ toYaml . | nindent 6 }} + {{ end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/psp.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/psp.yaml new file mode 100644 index 000000000..91d1bb35e --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/psp.yaml @@ -0,0 +1,32 @@ +{{ if and .Values.rbac.enabled .Values.rbac.psp.enabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + creationTimestamp: null + name: psp.logging-operator + namespace: {{ include "logging-operator.namespace" . }} + annotations: + seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default' +spec: + readOnlyRootFilesystem: true + privileged: false + allowPrivilegeEscalation: false + runAsUser: + rule: MustRunAsNonRoot + fsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + supplementalGroups: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + volumes: + - secret + - configMap +{{ end }} \ No newline at end of file diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/service.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/service.yaml new file mode 100644 index 000000000..b4cb7d25a --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + type: ClusterIP + {{- with .Values.http.service.clusterIP }} + clusterIP: {{ . }} + {{- end }} + ports: + - port: {{ .Values.http.port }} + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/serviceMonitor.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/serviceMonitor.yaml new file mode 100644 index 000000000..0687b1ef9 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/serviceMonitor.yaml @@ -0,0 +1,19 @@ +{{ if .Values.monitoring.serviceMonitor.Enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + selector: + matchLabels: +{{ include "logging-operator.labels" . | indent 6 }} + endpoints: + - port: http + path: /metrics + namespaceSelector: + matchNames: + - {{ include "logging-operator.namespace" . }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/serviceaccount.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/serviceaccount.yaml new file mode 100644 index 000000000..3e87e7891 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.rbac.enabled }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + helm.sh/chart: {{ include "logging-operator.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/userroles.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/userroles.yaml new file mode 100644 index 000000000..f4136b09a --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/userroles.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "logging-admin" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: + - "logging.banzaicloud.io" + resources: + - flows + - outputs + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "logging-view" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: + - apiGroups: + - "logging.banzaicloud.io" + resources: + - flows + - outputs + - clusterflows + - clusteroutputs + verbs: + - get + - list + - watch diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/templates/validate-install-crd.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/validate-install-crd.yaml new file mode 100644 index 000000000..187b5a91e --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/templates/validate-install-crd.yaml @@ -0,0 +1,18 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/ClusterFlow" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/ClusterOutput" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Flow" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Logging" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Output" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the rancher-logging-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.000/values.yaml b/released/charts/rancher-logging/rancher-logging/3.6.000/values.yaml new file mode 100644 index 000000000..8b1eaecd4 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.000/values.yaml @@ -0,0 +1,118 @@ +# Default values for logging-operator. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: rancher/banzaicloud-logging-operator + tag: 3.6.0 + pullPolicy: IfNotPresent + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" +namespaceOverride: "" + +annotations: {} + +## Deploy CRDs used by Logging Operator. +## +createCustomResource: false + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +http: + # http listen port number + port: 8080 + # Service definition for query http service + service: + type: ClusterIP + clusterIP: None + # Annotations to query http service + annotations: {} + # Labels to query http service + labels: {} + +rbac: + enabled: true + psp: + enabled: false + +## SecurityContext holds pod-level security attributes and common container settings. +## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +podSecurityContext: {} +# runAsNonRoot: true +# runAsUser: 1000 +# fsGroup: 2000 +securityContext: {} +# allowPrivilegeEscalation: false +# readOnlyRootFilesystem: true + # capabilities: + # drop: ["ALL"] + +## Operator priorityClassName +## +priorityClassName: {} + +monitoring: + # Create a Prometheus Operator ServiceMonitor object + serviceMonitor: + enabled: true + +disablePvc: true + +additionalLoggingSources: + rke: + enabled: false + rke2: + enabled: false + k3s: + enabled: false + container_engine: "systemd" + eks: + enabled: false + +images: + config_reloader: + repository: rancher/jimmidyson-configmap-reload + tag: v0.2.2 + fluentbit: + repository: rancher/fluent-fluent-bit + tag: 1.5.4 + fluentd: + repository: rancher/banzaicloud-fluentd + tag: v1.11.2-alpine-2 + syslog_forwarder: + repository: rancher/fluent-bit-out-syslog + tag: 0.1.0 + +global: + cattle: + systemDefaultRegistry: "" + +fluentbit_tolerations: + - key: node-role.kubernetes.io/controlplane + value: "true" + effect: NoSchedule + - key: node-role.kubernetes.io/etcd + value: "true" + effect: NoExecute diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/.helmignore b/released/charts/rancher-logging/rancher-logging/3.6.001/.helmignore new file mode 100644 index 000000000..50af03172 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/Chart.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/Chart.yaml new file mode 100644 index 000000000..4282052dd --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/Chart.yaml @@ -0,0 +1,20 @@ +annotations: + catalog.cattle.io/auto-install: rancher-logging-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Logging + catalog.cattle.io/namespace: cattle-logging-system + catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 + catalog.cattle.io/release-name: rancher-logging + catalog.cattle.io/ui-component: logging + catalog.cattle.io/os: linux +apiVersion: v1 +appVersion: 3.6.0 +description: Collects and filter logs using highly configurable CRDs. Powered by + Banzai Cloud Logging Operator. +icon: https://charts.rancher.io/assets/logos/logging.svg +keywords: +- logging +- monitoring +- security +name: rancher-logging +version: 3.6.001 diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/README.md b/released/charts/rancher-logging/rancher-logging/3.6.001/README.md new file mode 100644 index 000000000..b7cfcfc76 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/README.md @@ -0,0 +1,129 @@ + +# Logging operator Chart + +[Logging operator](https://github.com/banzaicloud/logging-operator) Managed centralized logging component fluentd and fluent-bit instance on cluster. + +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator +``` + +## Introduction + +This chart bootstraps a [Logging Operator](https://github.com/banzaicloud/logging-operator) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Kubernetes 1.8+ with Beta APIs enabled + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +$ helm install --name my-release banzaicloud-stable/logging-operator +``` + +### CRDs +Use `createCustomResource=false` with Helm v3 to avoid trying to create CRDs from the `crds` folder and from templates at the same time. + +The command deploys **Logging operator** on the Kubernetes cluster with the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete my-release +``` + +The command removes all Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following tables lists the configurable parameters of the logging-operator chart and their default values. + +| Parameter | Description | Default | +| --------------------------------------------------- | ------------------------------------------------------ | ------------------------------ | +| `image.repository` | Container image repository | `banzaicloud/logging-operator` | +| `image.tag` | Container image tag | `3.6.0` | +| `image.pullPolicy` | Container pull policy | `IfNotPresent` | +| `nameOverride` | Override name of app | `` | +| `fullnameOverride` | Override full name of app | `` | +| `namespaceOverride` | Override namespace of app | `` | +| `watchNamespace` | Namespace to watch for LoggingOperator CRD | `` | +| `rbac.enabled` | Create rbac service account and roles | `true` | +| `rbac.psp.enabled` | Must be used with `rbac.enabled` true. If true, creates & uses RBAC resources required in the cluster with [Pod Security Policies](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) enabled. | `false` | +| `priorityClassName` | Operator priorityClassName | `{}` | +| `affinity` | Node Affinity | `{}` | +| `resources` | CPU/Memory resource requests/limits | `{}` | +| `tolerations` | Node Tolerations | `[]` | +| `nodeSelector` | Define which Nodes the Pods are scheduled on. | `{}` | +| `annotations` | Define annotations for logging-operator pods | `{}` | +| `podSecurityContext` | Pod SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{"runAsNonRoot": true, "runAsUser": 1000, "fsGroup": 2000}` | +| `securityContext` | Container SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{"allowPrivilegeEscalation": false, "readOnlyRootFilesystem": true}` | +| `createCustomResource` | Create CRDs. | `true` | +| `monitoring.serviceMonitor.enabled` | Create Prometheus Operator servicemonitor. | `false` | + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example: + +```bash +$ helm install --name my-release -f values.yaml banzaicloud-stable/logging-operator +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Installing Fluentd and Fluent-bit via logging + +The previous chart does **not** install `logging` resource to deploy Fluentd and Fluent-bit on cluster. To install them please use the [Logging Operator Logging](https://github.com/banzaicloud/logging-operator/tree/master/charts/logging-operator-logging) chart. + +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator-logging +``` + +## Configuration + +The following tables lists the configurable parameters of the logging-operator-logging chart and their default values. +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator-logging +``` + +## Configuration + +The following tables lists the configurable parameters of the logging-operator-logging chart and their default values. + +| Parameter | Description | Default | +| --------------------------------------------------- | ------------------------------------------------------ | ------------------------------ | +| `tls.enabled` | Enabled TLS communication between components | true | +| `tls.fluentdSecretName` | Specified secret name, which contain tls certs | This will overwrite automatic Helm certificate generation. | +| `tls.fluentbitSecretName` | Specified secret name, which contain tls certs | This will overwrite automatic Helm certificate generation. | +| `tls.sharedKey` | Shared key between nodes (fluentd-fluentbit) | [autogenerated] | +| `fluentbit.enabled` | Install fluent-bit | true | +| `fluentbit.namespace` | Specified fluentbit installation namespace | same as operator namespace | +| `fluentbit.image.tag` | Fluentbit container image tag | `1.5.4` | +| `fluentbit.image.repository` | Fluentbit container image repository | `fluent/fluent-bit` | +| `fluentbit.image.pullPolicy` | Fluentbit container pull policy | `IfNotPresent` | +| `fluentd.enabled` | Install fluentd | true | +| `fluentd.image.tag` | Fluentd container image tag | `v1.11.2-alpine-3` | +| `fluentd.image.repository` | Fluentd container image repository | `banzaicloud/fluentd` | +| `fluentd.image.pullPolicy` | Fluentd container pull policy | `IfNotPresent` | +| `fluentd.volumeModImage.tag` | Fluentd volumeModImage container image tag | `latest` | +| `fluentd.volumeModImage.repository` | Fluentd volumeModImage container image repository | `busybox` | +| `fluentd.volumeModImage.pullPolicy` | Fluentd volumeModImage container pull policy | `IfNotPresent` | +| `fluentd.configReloaderImage.tag` | Fluentd configReloaderImage container image tag | `v0.2.2` | +| `fluentd.configReloaderImage.repository` | Fluentd configReloaderImage container image repository | `jimmidyson/configmap-reload` | +| `fluentd.configReloaderImage.pullPolicy` | Fluentd configReloaderImage container pull policy | `IfNotPresent` | +| `fluentd.fluentdPvcSpec.accessModes` | Fluentd persistence volume access modes | `[ReadWriteOnce]` | +| `fluentd.fluentdPvcSpec.resources.requests.storage` | Fluentd persistence volume size | `21Gi` | +| `fluentd.fluentdPvcSpec.storageClassName` | Fluentd persistence volume storageclass | `"""` | diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/app-readme.md b/released/charts/rancher-logging/rancher-logging/3.6.001/app-readme.md new file mode 100644 index 000000000..8ecb81ec6 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/app-readme.md @@ -0,0 +1,21 @@ +# Rancher Logging + +This chart is based off of the upstream [Banzai Logging Operator](https://banzaicloud.com/docs/one-eye/logging-operator/) chart. The chart deploys a logging operator and CRDs, which allows users to configure complex logging pipelines with a few simple custom resources. There are two levels of logging, which allow you to collect all logs in a cluster or from a single namespace. + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/logging/v2.5/). + +## Namespace-level logging + +To collect logs from a single namespace, users create flows and these flows are connected to outputs or cluster outputs. + +## Cluster-level logging + +To collect logs from an entire cluster, users create cluster flows and cluster outputs. + +## CRDs +- [Cluster Flow](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/clusterflow_types/) - A cluster flow is a CRD (`ClusterFlow`) that defines what logs to collect from the entire cluster. The cluster flow must be deployed in the same namespace as the logging operator. +- [Cluster Output](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/clusteroutput_types/) - A cluster output is a CRD (`ClusterOutput`) that defines how to connect to logging providers so they can start collecting logs. The cluster output must be deployed in the same namespace as the logging operator. The convenience of using a cluster output is that either a cluster flow or flow can send logs to those providers without needing to define specific outputs in each namespace for each flow. +- [Flow](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/flow_types/) - A flow is a CRD (`Flow`) that defines what logs to collect from the namespace that it is deployed in. +- [Output](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/output_types/) - An output is a CRD (`Output`) that defines how to connect to logging providers so logs can be sent to the provider. + +For more information on how to configure the Helm chart, refer to the Helm README. diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/NOTES.txt b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/NOTES.txt new file mode 100644 index 000000000..e69de29bb diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/_helpers.tpl b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/_helpers.tpl new file mode 100644 index 000000000..b2b289443 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/_helpers.tpl @@ -0,0 +1,66 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "logging-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "logging-operator.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Provides the namespace the chart will be installed in using the builtin .Release.Namespace, +or, if provided, a manually overwritten namespace value. +*/}} +{{- define "logging-operator.namespace" -}} +{{- if .Values.namespaceOverride -}} +{{ .Values.namespaceOverride -}} +{{- else -}} +{{ .Release.Namespace }} +{{- end -}} +{{- end -}} + + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "logging-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "logging-operator.labels" -}} +app.kubernetes.io/name: {{ include "logging-operator.name" . }} +helm.sh/chart: {{ include "logging-operator.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/clusterrole.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/clusterrole.yaml new file mode 100644 index 000000000..ed2e1e975 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/clusterrole.yaml @@ -0,0 +1,156 @@ +{{- if .Values.rbac.enabled }} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: {{ template "logging-operator.fullname" . }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - "" + resources: + - namespaces + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + - pods + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - daemonsets + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + - extensions + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - extensions + - policy + resources: + - podsecuritypolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - logging.banzaicloud.io + resources: + - clusterflows + - clusteroutputs + - flows + - loggings + - outputs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - logging.banzaicloud.io + resources: + - loggings/status + verbs: + - get + - patch + - update +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - rolebindings + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/clusterrolebinding.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..46bf11e8b --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/clusterrolebinding.yaml @@ -0,0 +1,21 @@ +{{- if .Values.rbac.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ template "logging-operator.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + helm.sh/chart: {{ include "logging-operator.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +subjects: + - kind: ServiceAccount + name: {{ template "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "logging-operator.fullname" . }} + + {{- end }} \ No newline at end of file diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/crds.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/crds.yaml new file mode 100644 index 000000000..f573652d0 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/crds.yaml @@ -0,0 +1,6 @@ +{{- if .Values.createCustomResource -}} +{{- range $path, $bytes := .Files.Glob "crds/*.yaml" }} +{{ $.Files.Get $path }} +--- +{{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/deployment.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/deployment.yaml new file mode 100644 index 000000000..da93d4c29 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/deployment.yaml @@ -0,0 +1,62 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + ports: + - name: http + containerPort: {{ .Values.http.port }} + + {{- if .Values.securityContext }} + securityContext: {{ toYaml .Values.securityContext | nindent 12 }} + {{- end }} + {{- if .Values.podSecurityContext }} + securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }} + {{- end }} + + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.rbac.enabled }} + serviceAccountName: {{ include "logging-operator.fullname" . }} + {{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/eks/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/eks/logging.yaml new file mode 100644 index 000000000..6e3018ce1 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/eks/logging.yaml @@ -0,0 +1,44 @@ +{{- if and .Values.additionalLoggingSources.eks.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-eks + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "eks" + Path: "/var/log/messages" + Parser: "syslog" + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit_tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/k3s/logging-k3s-openrc.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/k3s/logging-k3s-openrc.yaml new file mode 100644 index 000000000..3d3b0a27b --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/k3s/logging-k3s-openrc.yaml @@ -0,0 +1,47 @@ +{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "openrc")}} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-k3s + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "k3s" + Path: "/var/log/k3s.log" + extraVolumeMounts: + - source: "/var/log/" + destination: "/var/log" + readOnly: true + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit_tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/k3s/logging-k3s-systemd.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/k3s/logging-k3s-systemd.yaml new file mode 100644 index 000000000..7df78e388 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/k3s/logging-k3s-systemd.yaml @@ -0,0 +1,47 @@ +{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "systemd")}} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-k3s + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "k3s" + Path: "/var/log/syslog" + extraVolumeMounts: + - source: "/var/log/" + destination: "/var/log" + readOnly: true + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit_tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke/configmap.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke/configmap.yaml new file mode 100644 index 000000000..2af01ac0c --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke/configmap.yaml @@ -0,0 +1,26 @@ +{{- if .Values.additionalLoggingSources.rke.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-rke + labels: +{{ include "logging-operator.labels" . | indent 4 }} +data: + fluent-bit.conf: | + [SERVICE] + Log_Level {{ .Values.additionalLoggingSources.rke.fluentbit.log_level }} + Parsers_File parsers.conf + + [INPUT] + Tag rke + Name tail + Path_Key filename + Parser json + DB /tail-db/tail-containers-state.db + Mem_Buf_Limit {{ .Values.additionalLoggingSources.rke.fluentbit.mem_buffer_limit }} + Path /var/lib/rancher/rke/log/*.log + + [OUTPUT] + Name file + Path /var/lib/rancher/logging/ +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke/daemonset.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke/daemonset.yaml new file mode 100644 index 000000000..5ed36a3b8 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke/daemonset.yaml @@ -0,0 +1,52 @@ +{{- if .Values.additionalLoggingSources.rke.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + selector: + matchLabels: + name: {{ .Release.Name }}-rke-aggregator + template: + metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" + labels: + name: {{ .Release.Name }}-rke-aggregator + spec: + containers: + - name: fluentbit + image: "{{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}:{{ .Values.images.fluentbit.tag }}" + volumeMounts: + - mountPath: /var/lib/rancher/rke/log/ + name: indir + - mountPath: /var/lib/rancher/logging/ + name: outdir + - mountPath: /var/lib/docker/containers/ + name: containers + - mountPath: /fluent-bit/etc/ + name: config + volumes: + - name: indir + hostPath: + path: /var/lib/rancher/rke/log/ + - name: outdir + hostPath: + path: /var/lib/rancher/logging/ + - name: containers + hostPath: + path: /var/lib/docker/containers/ + - name: config + configMap: + name: "{{ .Release.Name }}-rke" + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit_tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke/logging-rke.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke/logging-rke.yaml new file mode 100644 index 000000000..368544ed8 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke/logging-rke.yaml @@ -0,0 +1,48 @@ +{{- if .Values.additionalLoggingSources.rke.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-rke + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "rke" + Path: "/var/lib/rancher/logging/rke" + Parser: json + extraVolumeMounts: + - source: "/var/lib/rancher/logging/" + destination: "/var/lib/rancher/logging/" + readOnly: true + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit_tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke2/configmap.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke2/configmap.yaml new file mode 100644 index 000000000..d8910122a --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke2/configmap.yaml @@ -0,0 +1,18 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-rke2 + labels: +{{ include "logging-operator.labels" . | indent 4 }} +data: + fluent-bit.conf: | + [INPUT] + Name systemd + Tag rke2 + Systemd_Filter _SYSTEMD_UNIT=rke2.service + + [OUTPUT] + Name file + Path /etc/rancher/logging/rke2.log +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke2/daemonset.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke2/daemonset.yaml new file mode 100644 index 000000000..a2f763d63 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke2/daemonset.yaml @@ -0,0 +1,41 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + selector: + matchLabels: + name: {{ .Release.Name }}-rke2-journald-aggregator + template: + metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" + labels: + name: {{ .Release.Name }}-rke2-journald-aggregator + spec: + containers: + - name: fluentd + image: "{{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}:{{ .Values.images.fluentbit.tag }}" + volumeMounts: + - mountPath: /etc/rancher/logging/logs/ + name: logdir + - mountPath: /fluent-bit/etc/ + name: config + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + volumes: + - name: logdir + hostPath: + path: /etc/rancher/logging/logs/ + - name: config + configMap: + name: "{{ .Release.Name }}-rke2" +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke2/logging-rke2-containers.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke2/logging-rke2-containers.yaml new file mode 100644 index 000000000..8768f8479 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke2/logging-rke2-containers.yaml @@ -0,0 +1,45 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-rke2-containers + namespace: {{ .Release.Namespace }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "rke2" + Path: "/var/log/containers/*rke*.log" + extraVolumeMounts: + - source: "/var/log/containers/" + destination: "/var/log/containers/" + readOnly: true + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit_tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke2/logging-rke2-journald.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke2/logging-rke2-journald.yaml new file mode 100644 index 000000000..5a993f086 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/rke2/logging-rke2-journald.yaml @@ -0,0 +1,45 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-rke2-journald + namespace: {{ .Release.Namespace }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "rke2" + Path: "/etc/rancher/logging/logs/*.log" + extraVolumeMounts: + - source: "/etc/rancher/logging/logs/" + destination: "/etc/rancher/logging/logs/" + readOnly: true + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit_tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/root/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/root/logging.yaml new file mode 100644 index 000000000..b67c23d6c --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/loggings/root/logging.yaml @@ -0,0 +1,38 @@ +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit_tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/psp.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/psp.yaml new file mode 100644 index 000000000..91d1bb35e --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/psp.yaml @@ -0,0 +1,32 @@ +{{ if and .Values.rbac.enabled .Values.rbac.psp.enabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + creationTimestamp: null + name: psp.logging-operator + namespace: {{ include "logging-operator.namespace" . }} + annotations: + seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default' +spec: + readOnlyRootFilesystem: true + privileged: false + allowPrivilegeEscalation: false + runAsUser: + rule: MustRunAsNonRoot + fsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + supplementalGroups: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + volumes: + - secret + - configMap +{{ end }} \ No newline at end of file diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/service.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/service.yaml new file mode 100644 index 000000000..b4cb7d25a --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + type: ClusterIP + {{- with .Values.http.service.clusterIP }} + clusterIP: {{ . }} + {{- end }} + ports: + - port: {{ .Values.http.port }} + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/serviceMonitor.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/serviceMonitor.yaml new file mode 100644 index 000000000..0687b1ef9 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/serviceMonitor.yaml @@ -0,0 +1,19 @@ +{{ if .Values.monitoring.serviceMonitor.Enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + selector: + matchLabels: +{{ include "logging-operator.labels" . | indent 6 }} + endpoints: + - port: http + path: /metrics + namespaceSelector: + matchNames: + - {{ include "logging-operator.namespace" . }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/serviceaccount.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/serviceaccount.yaml new file mode 100644 index 000000000..3e87e7891 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.rbac.enabled }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + helm.sh/chart: {{ include "logging-operator.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/userroles.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/userroles.yaml new file mode 100644 index 000000000..f4136b09a --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/userroles.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "logging-admin" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: + - "logging.banzaicloud.io" + resources: + - flows + - outputs + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "logging-view" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: + - apiGroups: + - "logging.banzaicloud.io" + resources: + - flows + - outputs + - clusterflows + - clusteroutputs + verbs: + - get + - list + - watch diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/templates/validate-install-crd.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/validate-install-crd.yaml new file mode 100644 index 000000000..187b5a91e --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/templates/validate-install-crd.yaml @@ -0,0 +1,18 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/ClusterFlow" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/ClusterOutput" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Flow" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Logging" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Output" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the rancher-logging-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/rancher-logging/rancher-logging/3.6.001/values.yaml b/released/charts/rancher-logging/rancher-logging/3.6.001/values.yaml new file mode 100644 index 000000000..83bf9c254 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.6.001/values.yaml @@ -0,0 +1,129 @@ +# Default values for logging-operator. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: rancher/banzaicloud-logging-operator + tag: 3.6.0 + pullPolicy: IfNotPresent + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" +namespaceOverride: "" + +annotations: {} + +## Deploy CRDs used by Logging Operator. +## +createCustomResource: false + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: + kubernetes.io/os: linux + +tolerations: + - key: cattle.io/os + operator: "Equal" + value: "linux" + effect: NoSchedule + +affinity: {} + +http: + # http listen port number + port: 8080 + # Service definition for query http service + service: + type: ClusterIP + clusterIP: None + # Annotations to query http service + annotations: {} + # Labels to query http service + labels: {} + +rbac: + enabled: true + psp: + enabled: false + +## SecurityContext holds pod-level security attributes and common container settings. +## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +podSecurityContext: {} +# runAsNonRoot: true +# runAsUser: 1000 +# fsGroup: 2000 +securityContext: {} +# allowPrivilegeEscalation: false +# readOnlyRootFilesystem: true + # capabilities: + # drop: ["ALL"] + +## Operator priorityClassName +## +priorityClassName: {} + +monitoring: + # Create a Prometheus Operator ServiceMonitor object + serviceMonitor: + enabled: true + +disablePvc: true + +additionalLoggingSources: + rke: + enabled: false + fluentbit: + log_level: "info" + mem_buffer_limit: "5MB" + rke2: + enabled: false + k3s: + enabled: false + container_engine: "systemd" + eks: + enabled: false + +images: + config_reloader: + repository: rancher/jimmidyson-configmap-reload + tag: v0.2.2 + fluentbit: + repository: rancher/fluent-fluent-bit + tag: 1.5.4 + fluentbit_debug: + repository: rancher/fluent-fluent-bit + tag: 1.5.4-debug + fluentd: + repository: rancher/banzaicloud-fluentd + tag: v1.11.2-alpine-2 + syslog_forwarder: + repository: rancher/fluent-bit-out-syslog + tag: 0.1.0 + +fluentbit_tolerations: + - key: node-role.kubernetes.io/controlplane + value: "true" + effect: NoSchedule + - key: node-role.kubernetes.io/etcd + value: "true" + effect: NoExecute + +global: + cattle: + systemDefaultRegistry: "" diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/.helmignore b/released/charts/rancher-logging/rancher-logging/3.8.201/.helmignore new file mode 100644 index 000000000..50af03172 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/Chart.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/Chart.yaml new file mode 100644 index 000000000..9bda54202 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/Chart.yaml @@ -0,0 +1,20 @@ +annotations: + catalog.cattle.io/auto-install: rancher-logging-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Logging + catalog.cattle.io/namespace: cattle-logging-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 + catalog.cattle.io/release-name: rancher-logging + catalog.cattle.io/ui-component: logging +apiVersion: v1 +appVersion: 3.8.2 +description: Collects and filter logs using highly configurable CRDs. Powered by Banzai + Cloud Logging Operator. +icon: https://charts.rancher.io/assets/logos/logging.svg +keywords: +- logging +- monitoring +- security +name: rancher-logging +version: 3.8.201 diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/README.md b/released/charts/rancher-logging/rancher-logging/3.8.201/README.md new file mode 100644 index 000000000..01027a254 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/README.md @@ -0,0 +1,129 @@ + +# Logging operator Chart + +[Logging operator](https://github.com/banzaicloud/logging-operator) Managed centralized logging component fluentd and fluent-bit instance on cluster. + +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator +``` + +## Introduction + +This chart bootstraps a [Logging Operator](https://github.com/banzaicloud/logging-operator) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Kubernetes 1.8+ with Beta APIs enabled + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +$ helm install --name my-release banzaicloud-stable/logging-operator +``` + +### CRDs +Use `createCustomResource=false` with Helm v3 to avoid trying to create CRDs from the `crds` folder and from templates at the same time. + +The command deploys **Logging operator** on the Kubernetes cluster with the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete my-release +``` + +The command removes all Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following tables lists the configurable parameters of the logging-operator chart and their default values. + +| Parameter | Description | Default | +| --------------------------------------------------- | ------------------------------------------------------ | ------------------------------ | +| `image.repository` | Container image repository | `ghcr.io/banzaicloud/logging-operator` | +| `image.tag` | Container image tag | `3.8.2` | +| `image.pullPolicy` | Container pull policy | `IfNotPresent` | +| `nameOverride` | Override name of app | `` | +| `fullnameOverride` | Override full name of app | `` | +| `namespaceOverride` | Override namespace of app | `` | +| `watchNamespace` | Namespace to watch for LoggingOperator CRD | `` | +| `rbac.enabled` | Create rbac service account and roles | `true` | +| `rbac.psp.enabled` | Must be used with `rbac.enabled` true. If true, creates & uses RBAC resources required in the cluster with [Pod Security Policies](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) enabled. | `false` | +| `priorityClassName` | Operator priorityClassName | `{}` | +| `affinity` | Node Affinity | `{}` | +| `resources` | CPU/Memory resource requests/limits | `{}` | +| `tolerations` | Node Tolerations | `[]` | +| `nodeSelector` | Define which Nodes the Pods are scheduled on. | `{}` | +| `annotations` | Define annotations for logging-operator pods | `{}` | +| `podSecurityContext` | Pod SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{"runAsNonRoot": true, "runAsUser": 1000, "fsGroup": 2000}` | +| `securityContext` | Container SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{"allowPrivilegeEscalation": false, "readOnlyRootFilesystem": true}` | +| `createCustomResource` | Create CRDs. | `true` | +| `monitoring.serviceMonitor.enabled` | Create Prometheus Operator servicemonitor. | `false` | + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example: + +```bash +$ helm install --name my-release -f values.yaml banzaicloud-stable/logging-operator +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Installing Fluentd and Fluent-bit via logging + +The previous chart does **not** install `logging` resource to deploy Fluentd and Fluent-bit on cluster. To install them please use the [Logging Operator Logging](https://github.com/banzaicloud/logging-operator/tree/master/charts/logging-operator-logging) chart. + +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator-logging +``` + +## Configuration + +The following tables lists the configurable parameters of the logging-operator-logging chart and their default values. +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator-logging +``` + +## Configuration + +The following tables lists the configurable parameters of the logging-operator-logging chart and their default values. + +| Parameter | Description | Default | +| --------------------------------------------------- | ------------------------------------------------------ | ------------------------------ | +| `tls.enabled` | Enabled TLS communication between components | true | +| `tls.fluentdSecretName` | Specified secret name, which contain tls certs | This will overwrite automatic Helm certificate generation. | +| `tls.fluentbitSecretName` | Specified secret name, which contain tls certs | This will overwrite automatic Helm certificate generation. | +| `tls.sharedKey` | Shared key between nodes (fluentd-fluentbit) | [autogenerated] | +| `fluentbit.enabled` | Install fluent-bit | true | +| `fluentbit.namespace` | Specified fluentbit installation namespace | same as operator namespace | +| `fluentbit.image.tag` | Fluentbit container image tag | `1.6.4` | +| `fluentbit.image.repository` | Fluentbit container image repository | `fluent/fluent-bit` | +| `fluentbit.image.pullPolicy` | Fluentbit container pull policy | `IfNotPresent` | +| `fluentd.enabled` | Install fluentd | true | +| `fluentd.image.tag` | Fluentd container image tag | `v1.11.5-alpine-1` | +| `fluentd.image.repository` | Fluentd container image repository | `ghcr.io/banzaicloud/fluentd` | +| `fluentd.image.pullPolicy` | Fluentd container pull policy | `IfNotPresent` | +| `fluentd.volumeModImage.tag` | Fluentd volumeModImage container image tag | `latest` | +| `fluentd.volumeModImage.repository` | Fluentd volumeModImage container image repository | `busybox` | +| `fluentd.volumeModImage.pullPolicy` | Fluentd volumeModImage container pull policy | `IfNotPresent` | +| `fluentd.configReloaderImage.tag` | Fluentd configReloaderImage container image tag | `v0.2.2` | +| `fluentd.configReloaderImage.repository` | Fluentd configReloaderImage container image repository | `jimmidyson/configmap-reload` | +| `fluentd.configReloaderImage.pullPolicy` | Fluentd configReloaderImage container pull policy | `IfNotPresent` | +| `fluentd.fluentdPvcSpec.accessModes` | Fluentd persistence volume access modes | `[ReadWriteOnce]` | +| `fluentd.fluentdPvcSpec.resources.requests.storage` | Fluentd persistence volume size | `21Gi` | +| `fluentd.fluentdPvcSpec.storageClassName` | Fluentd persistence volume storageclass | `"""` | diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/app-readme.md b/released/charts/rancher-logging/rancher-logging/3.8.201/app-readme.md new file mode 100644 index 000000000..2de4ab4c5 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/app-readme.md @@ -0,0 +1,22 @@ +# Rancher Logging + +This chart is based off of the upstream [Banzai Logging Operator](https://banzaicloud.com/docs/one-eye/logging-operator/) chart. The chart deploys a logging operator and CRDs, which allows users to configure complex logging pipelines with a few simple custom resources. There are two levels of logging, which allow you to collect all logs in a cluster or from a single namespace. + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/logging/v2.5/). + +## Namespace-level logging + +To collect logs from a single namespace, users create flows and these flows are connected to outputs or cluster outputs. + +## Cluster-level logging + +To collect logs from an entire cluster, users create cluster flows and cluster outputs. + +## CRDs + +- [Cluster Flow](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/clusterflow_types/) - A cluster flow is a CRD (`ClusterFlow`) that defines what logs to collect from the entire cluster. The cluster flow must be deployed in the same namespace as the logging operator. +- [Cluster Output](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/clusteroutput_types/) - A cluster output is a CRD (`ClusterOutput`) that defines how to connect to logging providers so they can start collecting logs. The cluster output must be deployed in the same namespace as the logging operator. The convenience of using a cluster output is that either a cluster flow or flow can send logs to those providers without needing to define specific outputs in each namespace for each flow. +- [Flow](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/flow_types/) - A flow is a CRD (`Flow`) that defines what logs to collect from the namespace that it is deployed in. +- [Output](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/output_types/) - An output is a CRD (`Output`) that defines how to connect to logging providers so logs can be sent to the provider. + +For more information on how to configure the Helm chart, refer to the Helm README. diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/NOTES.txt b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/NOTES.txt new file mode 100644 index 000000000..e69de29bb diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/_helpers.tpl b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/_helpers.tpl new file mode 100644 index 000000000..b2b289443 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/_helpers.tpl @@ -0,0 +1,66 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "logging-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "logging-operator.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Provides the namespace the chart will be installed in using the builtin .Release.Namespace, +or, if provided, a manually overwritten namespace value. +*/}} +{{- define "logging-operator.namespace" -}} +{{- if .Values.namespaceOverride -}} +{{ .Values.namespaceOverride -}} +{{- else -}} +{{ .Release.Namespace }} +{{- end -}} +{{- end -}} + + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "logging-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "logging-operator.labels" -}} +app.kubernetes.io/name: {{ include "logging-operator.name" . }} +helm.sh/chart: {{ include "logging-operator.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/clusterrole.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/clusterrole.yaml new file mode 100644 index 000000000..b86030a00 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/clusterrole.yaml @@ -0,0 +1,161 @@ +{{- if .Values.rbac.enabled }} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: {{ template "logging-operator.fullname" . }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - "" + resources: + - namespaces + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + - pods + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - daemonsets + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + - extensions + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - extensions + - policy + resources: + - podsecuritypolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - use + - watch +- apiGroups: + - logging.banzaicloud.io + resources: + - clusterflows + - clusteroutputs + - flows + - loggings + - outputs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - logging.banzaicloud.io + resources: + - clusterflows/status + - clusteroutputs/status + - flows/status + - loggings/status + - outputs/status + verbs: + - get + - patch + - update +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - rolebindings + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/clusterrolebinding.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..46bf11e8b --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/clusterrolebinding.yaml @@ -0,0 +1,21 @@ +{{- if .Values.rbac.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ template "logging-operator.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + helm.sh/chart: {{ include "logging-operator.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +subjects: + - kind: ServiceAccount + name: {{ template "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "logging-operator.fullname" . }} + + {{- end }} \ No newline at end of file diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/crds.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/crds.yaml new file mode 100644 index 000000000..f573652d0 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/crds.yaml @@ -0,0 +1,6 @@ +{{- if .Values.createCustomResource -}} +{{- range $path, $bytes := .Files.Glob "crds/*.yaml" }} +{{ $.Files.Get $path }} +--- +{{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/deployment.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/deployment.yaml new file mode 100644 index 000000000..da93d4c29 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/deployment.yaml @@ -0,0 +1,62 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + ports: + - name: http + containerPort: {{ .Values.http.port }} + + {{- if .Values.securityContext }} + securityContext: {{ toYaml .Values.securityContext | nindent 12 }} + {{- end }} + {{- if .Values.podSecurityContext }} + securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }} + {{- end }} + + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.rbac.enabled }} + serviceAccountName: {{ include "logging-operator.fullname" . }} + {{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/aks/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/aks/logging.yaml new file mode 100644 index 000000000..83f2500db --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/aks/logging.yaml @@ -0,0 +1,39 @@ +{{- if .Values.additionalLoggingSources.aks.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-aks + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "aks" + Path: "/var/log/azure/kubelet-status.log" + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit_tolerations) }} + {{- with $total_tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/eks/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/eks/logging.yaml new file mode 100644 index 000000000..5cc886c6a --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/eks/logging.yaml @@ -0,0 +1,40 @@ +{{- if .Values.additionalLoggingSources.eks.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-eks + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "eks" + Path: "/var/log/messages" + Parser: "syslog" + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit_tolerations) }} + {{- with $total_tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/gke/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/gke/logging.yaml new file mode 100644 index 000000000..af618a44f --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/gke/logging.yaml @@ -0,0 +1,39 @@ +{{- if .Values.additionalLoggingSources.gke.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-gke + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "gke" + Path: "/var/log/kube-proxy.log" + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit_tolerations) }} + {{- with $total_tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/k3s/logging-k3s-openrc.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/k3s/logging-k3s-openrc.yaml new file mode 100644 index 000000000..3d3b0a27b --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/k3s/logging-k3s-openrc.yaml @@ -0,0 +1,47 @@ +{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "openrc")}} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-k3s + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "k3s" + Path: "/var/log/k3s.log" + extraVolumeMounts: + - source: "/var/log/" + destination: "/var/log" + readOnly: true + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit_tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/k3s/logging-k3s-systemd.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/k3s/logging-k3s-systemd.yaml new file mode 100644 index 000000000..7df78e388 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/k3s/logging-k3s-systemd.yaml @@ -0,0 +1,47 @@ +{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "systemd")}} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-k3s + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "k3s" + Path: "/var/log/syslog" + extraVolumeMounts: + - source: "/var/log/" + destination: "/var/log" + readOnly: true + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit_tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke/configmap.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke/configmap.yaml new file mode 100644 index 000000000..2af01ac0c --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke/configmap.yaml @@ -0,0 +1,26 @@ +{{- if .Values.additionalLoggingSources.rke.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-rke + labels: +{{ include "logging-operator.labels" . | indent 4 }} +data: + fluent-bit.conf: | + [SERVICE] + Log_Level {{ .Values.additionalLoggingSources.rke.fluentbit.log_level }} + Parsers_File parsers.conf + + [INPUT] + Tag rke + Name tail + Path_Key filename + Parser json + DB /tail-db/tail-containers-state.db + Mem_Buf_Limit {{ .Values.additionalLoggingSources.rke.fluentbit.mem_buffer_limit }} + Path /var/lib/rancher/rke/log/*.log + + [OUTPUT] + Name file + Path /var/lib/rancher/logging/ +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke/daemonset.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke/daemonset.yaml new file mode 100644 index 000000000..5ed36a3b8 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke/daemonset.yaml @@ -0,0 +1,52 @@ +{{- if .Values.additionalLoggingSources.rke.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + selector: + matchLabels: + name: {{ .Release.Name }}-rke-aggregator + template: + metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" + labels: + name: {{ .Release.Name }}-rke-aggregator + spec: + containers: + - name: fluentbit + image: "{{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}:{{ .Values.images.fluentbit.tag }}" + volumeMounts: + - mountPath: /var/lib/rancher/rke/log/ + name: indir + - mountPath: /var/lib/rancher/logging/ + name: outdir + - mountPath: /var/lib/docker/containers/ + name: containers + - mountPath: /fluent-bit/etc/ + name: config + volumes: + - name: indir + hostPath: + path: /var/lib/rancher/rke/log/ + - name: outdir + hostPath: + path: /var/lib/rancher/logging/ + - name: containers + hostPath: + path: /var/lib/docker/containers/ + - name: config + configMap: + name: "{{ .Release.Name }}-rke" + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit_tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke/logging-rke.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke/logging-rke.yaml new file mode 100644 index 000000000..368544ed8 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke/logging-rke.yaml @@ -0,0 +1,48 @@ +{{- if .Values.additionalLoggingSources.rke.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-rke + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "rke" + Path: "/var/lib/rancher/logging/rke" + Parser: json + extraVolumeMounts: + - source: "/var/lib/rancher/logging/" + destination: "/var/lib/rancher/logging/" + readOnly: true + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit_tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke2/configmap.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke2/configmap.yaml new file mode 100644 index 000000000..d8910122a --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke2/configmap.yaml @@ -0,0 +1,18 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-rke2 + labels: +{{ include "logging-operator.labels" . | indent 4 }} +data: + fluent-bit.conf: | + [INPUT] + Name systemd + Tag rke2 + Systemd_Filter _SYSTEMD_UNIT=rke2.service + + [OUTPUT] + Name file + Path /etc/rancher/logging/rke2.log +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke2/daemonset.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke2/daemonset.yaml new file mode 100644 index 000000000..a2f763d63 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke2/daemonset.yaml @@ -0,0 +1,41 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + selector: + matchLabels: + name: {{ .Release.Name }}-rke2-journald-aggregator + template: + metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" + labels: + name: {{ .Release.Name }}-rke2-journald-aggregator + spec: + containers: + - name: fluentd + image: "{{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}:{{ .Values.images.fluentbit.tag }}" + volumeMounts: + - mountPath: /etc/rancher/logging/logs/ + name: logdir + - mountPath: /fluent-bit/etc/ + name: config + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + volumes: + - name: logdir + hostPath: + path: /etc/rancher/logging/logs/ + - name: config + configMap: + name: "{{ .Release.Name }}-rke2" +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke2/logging-rke2-containers.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke2/logging-rke2-containers.yaml new file mode 100644 index 000000000..8768f8479 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke2/logging-rke2-containers.yaml @@ -0,0 +1,45 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-rke2-containers + namespace: {{ .Release.Namespace }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "rke2" + Path: "/var/log/containers/*rke*.log" + extraVolumeMounts: + - source: "/var/log/containers/" + destination: "/var/log/containers/" + readOnly: true + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit_tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke2/logging-rke2-journald.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke2/logging-rke2-journald.yaml new file mode 100644 index 000000000..5a993f086 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/rke2/logging-rke2-journald.yaml @@ -0,0 +1,45 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-rke2-journald + namespace: {{ .Release.Namespace }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "rke2" + Path: "/etc/rancher/logging/logs/*.log" + extraVolumeMounts: + - source: "/etc/rancher/logging/logs/" + destination: "/etc/rancher/logging/logs/" + readOnly: true + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit_tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/root/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/root/logging.yaml new file mode 100644 index 000000000..b67c23d6c --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/loggings/root/logging.yaml @@ -0,0 +1,38 @@ +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit_tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/psp.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/psp.yaml new file mode 100644 index 000000000..91d1bb35e --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/psp.yaml @@ -0,0 +1,32 @@ +{{ if and .Values.rbac.enabled .Values.rbac.psp.enabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + creationTimestamp: null + name: psp.logging-operator + namespace: {{ include "logging-operator.namespace" . }} + annotations: + seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default' +spec: + readOnlyRootFilesystem: true + privileged: false + allowPrivilegeEscalation: false + runAsUser: + rule: MustRunAsNonRoot + fsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + supplementalGroups: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + volumes: + - secret + - configMap +{{ end }} \ No newline at end of file diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/service.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/service.yaml new file mode 100644 index 000000000..f419ae2c4 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + type: ClusterIP + {{- with .Values.http.service.clusterIP }} + clusterIP: {{ . }} + {{- end }} + ports: + - port: {{ .Values.http.port }} + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/serviceMonitor.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/serviceMonitor.yaml new file mode 100644 index 000000000..529d0f051 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/serviceMonitor.yaml @@ -0,0 +1,19 @@ +{{ if .Values.monitoring.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + selector: + matchLabels: +{{ include "logging-operator.labels" . | indent 6 }} + endpoints: + - port: http + path: /metrics + namespaceSelector: + matchNames: + - {{ include "logging-operator.namespace" . }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/serviceaccount.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/serviceaccount.yaml new file mode 100644 index 000000000..3e87e7891 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.rbac.enabled }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + helm.sh/chart: {{ include "logging-operator.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/userroles.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/userroles.yaml new file mode 100644 index 000000000..f4136b09a --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/userroles.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "logging-admin" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: + - "logging.banzaicloud.io" + resources: + - flows + - outputs + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "logging-view" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: + - apiGroups: + - "logging.banzaicloud.io" + resources: + - flows + - outputs + - clusterflows + - clusteroutputs + verbs: + - get + - list + - watch diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/templates/validate-install-crd.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/validate-install-crd.yaml new file mode 100644 index 000000000..187b5a91e --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/templates/validate-install-crd.yaml @@ -0,0 +1,18 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/ClusterFlow" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/ClusterOutput" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Flow" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Logging" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Output" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the rancher-logging-crd chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} diff --git a/released/charts/rancher-logging/rancher-logging/3.8.201/values.yaml b/released/charts/rancher-logging/rancher-logging/3.8.201/values.yaml new file mode 100644 index 000000000..b36cf10a6 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.8.201/values.yaml @@ -0,0 +1,130 @@ +# Default values for logging-operator. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: rancher/banzaicloud-logging-operator + tag: 3.8.2 + pullPolicy: IfNotPresent + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" +namespaceOverride: "" + +annotations: {} + +## Deploy CRDs used by Logging Operator. +## +createCustomResource: false + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: + kubernetes.io/os: linux + +tolerations: + - key: cattle.io/os + operator: "Equal" + value: "linux" + effect: NoSchedule + +affinity: {} + +http: + # http listen port number + port: 8080 + # Service definition for query http service + service: + type: ClusterIP + clusterIP: None + # Annotations to query http service + annotations: {} + # Labels to query http service + labels: {} + +rbac: + enabled: true + psp: + enabled: false + +## SecurityContext holds pod-level security attributes and common container settings. +## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +podSecurityContext: {} +# runAsNonRoot: true +# runAsUser: 1000 +# fsGroup: 2000 +securityContext: {} +# allowPrivilegeEscalation: false +# readOnlyRootFilesystem: true + # capabilities: + # drop: ["ALL"] + +## Operator priorityClassName +## +priorityClassName: {} + +monitoring: + # Create a Prometheus Operator ServiceMonitor object + serviceMonitor: + enabled: false + +disablePvc: true + +additionalLoggingSources: + rke: + enabled: false + fluentbit: + log_level: "info" + mem_buffer_limit: "5MB" + rke2: + enabled: false + k3s: + enabled: false + container_engine: "systemd" + aks: + enabled: false + eks: + enabled: false + gke: + enabled: false + +images: + config_reloader: + repository: rancher/jimmidyson-configmap-reload + tag: v0.2.2 + fluentbit: + repository: rancher/fluent-fluent-bit + tag: 1.6.4 + fluentbit_debug: + repository: rancher/fluent-fluent-bit + tag: 1.6.4-debug + fluentd: + repository: rancher/banzaicloud-fluentd + tag: v1.11.5-alpine-1 + +fluentbit_tolerations: + - key: node-role.kubernetes.io/controlplane + value: "true" + effect: NoSchedule + - key: node-role.kubernetes.io/etcd + value: "true" + effect: NoExecute + +global: + cattle: + systemDefaultRegistry: "" diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/.helmignore b/released/charts/rancher-logging/rancher-logging/3.9.000/.helmignore new file mode 100755 index 000000000..50af03172 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/Chart.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/Chart.yaml new file mode 100755 index 000000000..3ce4441f5 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/Chart.yaml @@ -0,0 +1,20 @@ +annotations: + catalog.cattle.io/auto-install: rancher-logging-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Logging + catalog.cattle.io/namespace: cattle-logging-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 + catalog.cattle.io/release-name: rancher-logging + catalog.cattle.io/ui-component: logging +apiVersion: v1 +appVersion: 3.9.0 +description: Collects and filter logs using highly configurable CRDs. Powered by Banzai + Cloud Logging Operator. +icon: https://charts.rancher.io/assets/logos/logging.svg +keywords: +- logging +- monitoring +- security +name: rancher-logging +version: 3.9.000 diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/README.md b/released/charts/rancher-logging/rancher-logging/3.9.000/README.md new file mode 100755 index 000000000..783816749 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/README.md @@ -0,0 +1,129 @@ + +# Logging operator Chart + +[Logging operator](https://github.com/banzaicloud/logging-operator) Managed centralized logging component fluentd and fluent-bit instance on cluster. + +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator +``` + +## Introduction + +This chart bootstraps a [Logging Operator](https://github.com/banzaicloud/logging-operator) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Kubernetes 1.8+ with Beta APIs enabled + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +$ helm install --name my-release banzaicloud-stable/logging-operator +``` + +### CRDs +Use `createCustomResource=false` with Helm v3 to avoid trying to create CRDs from the `crds` folder and from templates at the same time. + +The command deploys **Logging operator** on the Kubernetes cluster with the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete my-release +``` + +The command removes all Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following tables lists the configurable parameters of the logging-operator chart and their default values. + +| Parameter | Description | Default | +| --------------------------------------------------- | ------------------------------------------------------ | ------------------------------ | +| `image.repository` | Container image repository | `ghcr.io/banzaicloud/logging-operator` | +| `image.tag` | Container image tag | `3.9.0` | +| `image.pullPolicy` | Container pull policy | `IfNotPresent` | +| `nameOverride` | Override name of app | `` | +| `fullnameOverride` | Override full name of app | `` | +| `namespaceOverride` | Override namespace of app | `` | +| `watchNamespace` | Namespace to watch for LoggingOperator CRD | `` | +| `rbac.enabled` | Create rbac service account and roles | `true` | +| `rbac.psp.enabled` | Must be used with `rbac.enabled` true. If true, creates & uses RBAC resources required in the cluster with [Pod Security Policies](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) enabled. | `false` | +| `priorityClassName` | Operator priorityClassName | `{}` | +| `affinity` | Node Affinity | `{}` | +| `resources` | CPU/Memory resource requests/limits | `{}` | +| `tolerations` | Node Tolerations | `[]` | +| `nodeSelector` | Define which Nodes the Pods are scheduled on. | `{}` | +| `annotations` | Define annotations for logging-operator pods | `{}` | +| `podSecurityContext` | Pod SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{"runAsNonRoot": true, "runAsUser": 1000, "fsGroup": 2000}` | +| `securityContext` | Container SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{"allowPrivilegeEscalation": false, "readOnlyRootFilesystem": true}` | +| `createCustomResource` | Create CRDs. | `true` | +| `monitoring.serviceMonitor.enabled` | Create Prometheus Operator servicemonitor. | `false` | + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example: + +```bash +$ helm install --name my-release -f values.yaml banzaicloud-stable/logging-operator +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Installing Fluentd and Fluent-bit via logging + +The previous chart does **not** install `logging` resource to deploy Fluentd and Fluent-bit on cluster. To install them please use the [Logging Operator Logging](https://github.com/banzaicloud/logging-operator/tree/master/charts/logging-operator-logging) chart. + +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator-logging +``` + +## Configuration + +The following tables lists the configurable parameters of the logging-operator-logging chart and their default values. +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator-logging +``` + +## Configuration + +The following tables lists the configurable parameters of the logging-operator-logging chart and their default values. + +| Parameter | Description | Default | +| --------------------------------------------------- | ------------------------------------------------------ | ------------------------------ | +| `tls.enabled` | Enabled TLS communication between components | true | +| `tls.fluentdSecretName` | Specified secret name, which contain tls certs | This will overwrite automatic Helm certificate generation. | +| `tls.fluentbitSecretName` | Specified secret name, which contain tls certs | This will overwrite automatic Helm certificate generation. | +| `tls.sharedKey` | Shared key between nodes (fluentd-fluentbit) | [autogenerated] | +| `fluentbit.enabled` | Install fluent-bit | true | +| `fluentbit.namespace` | Specified fluentbit installation namespace | same as operator namespace | +| `fluentbit.image.tag` | Fluentbit container image tag | `1.6.10` | +| `fluentbit.image.repository` | Fluentbit container image repository | `fluent/fluent-bit` | +| `fluentbit.image.pullPolicy` | Fluentbit container pull policy | `IfNotPresent` | +| `fluentd.enabled` | Install fluentd | true | +| `fluentd.image.tag` | Fluentd container image tag | `v1.11.5-alpine-9` | +| `fluentd.image.repository` | Fluentd container image repository | `ghcr.io/banzaicloud/fluentd` | +| `fluentd.image.pullPolicy` | Fluentd container pull policy | `IfNotPresent` | +| `fluentd.volumeModImage.tag` | Fluentd volumeModImage container image tag | `latest` | +| `fluentd.volumeModImage.repository` | Fluentd volumeModImage container image repository | `busybox` | +| `fluentd.volumeModImage.pullPolicy` | Fluentd volumeModImage container pull policy | `IfNotPresent` | +| `fluentd.configReloaderImage.tag` | Fluentd configReloaderImage container image tag | `v0.2.2` | +| `fluentd.configReloaderImage.repository` | Fluentd configReloaderImage container image repository | `jimmidyson/configmap-reload` | +| `fluentd.configReloaderImage.pullPolicy` | Fluentd configReloaderImage container pull policy | `IfNotPresent` | +| `fluentd.fluentdPvcSpec.accessModes` | Fluentd persistence volume access modes | `[ReadWriteOnce]` | +| `fluentd.fluentdPvcSpec.resources.requests.storage` | Fluentd persistence volume size | `21Gi` | +| `fluentd.fluentdPvcSpec.storageClassName` | Fluentd persistence volume storageclass | `"""` | diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/app-readme.md b/released/charts/rancher-logging/rancher-logging/3.9.000/app-readme.md new file mode 100755 index 000000000..2de4ab4c5 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/app-readme.md @@ -0,0 +1,22 @@ +# Rancher Logging + +This chart is based off of the upstream [Banzai Logging Operator](https://banzaicloud.com/docs/one-eye/logging-operator/) chart. The chart deploys a logging operator and CRDs, which allows users to configure complex logging pipelines with a few simple custom resources. There are two levels of logging, which allow you to collect all logs in a cluster or from a single namespace. + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/logging/v2.5/). + +## Namespace-level logging + +To collect logs from a single namespace, users create flows and these flows are connected to outputs or cluster outputs. + +## Cluster-level logging + +To collect logs from an entire cluster, users create cluster flows and cluster outputs. + +## CRDs + +- [Cluster Flow](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/clusterflow_types/) - A cluster flow is a CRD (`ClusterFlow`) that defines what logs to collect from the entire cluster. The cluster flow must be deployed in the same namespace as the logging operator. +- [Cluster Output](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/clusteroutput_types/) - A cluster output is a CRD (`ClusterOutput`) that defines how to connect to logging providers so they can start collecting logs. The cluster output must be deployed in the same namespace as the logging operator. The convenience of using a cluster output is that either a cluster flow or flow can send logs to those providers without needing to define specific outputs in each namespace for each flow. +- [Flow](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/flow_types/) - A flow is a CRD (`Flow`) that defines what logs to collect from the namespace that it is deployed in. +- [Output](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/output_types/) - An output is a CRD (`Output`) that defines how to connect to logging providers so logs can be sent to the provider. + +For more information on how to configure the Helm chart, refer to the Helm README. diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/NOTES.txt b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/NOTES.txt new file mode 100755 index 000000000..e69de29bb diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/_helpers.tpl b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/_helpers.tpl new file mode 100755 index 000000000..b2b289443 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/_helpers.tpl @@ -0,0 +1,66 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "logging-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "logging-operator.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Provides the namespace the chart will be installed in using the builtin .Release.Namespace, +or, if provided, a manually overwritten namespace value. +*/}} +{{- define "logging-operator.namespace" -}} +{{- if .Values.namespaceOverride -}} +{{ .Values.namespaceOverride -}} +{{- else -}} +{{ .Release.Namespace }} +{{- end -}} +{{- end -}} + + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "logging-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "logging-operator.labels" -}} +app.kubernetes.io/name: {{ include "logging-operator.name" . }} +helm.sh/chart: {{ include "logging-operator.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/clusterrole.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/clusterrole.yaml new file mode 100755 index 000000000..709eedb91 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/clusterrole.yaml @@ -0,0 +1,167 @@ +{{- if .Values.rbac.enabled }} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: {{ template "logging-operator.fullname" . }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - endpoints + - namespaces + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + - pods + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + - events.k8s.io + resources: + - events + verbs: + - create + - get + - list + - watch +- apiGroups: + - apps + resources: + - daemonsets + - replicasets + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + - extensions + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - extensions + - policy + resources: + - podsecuritypolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - use + - watch +- apiGroups: + - logging.banzaicloud.io + resources: + - clusterflows + - clusteroutputs + - flows + - loggings + - outputs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - logging.banzaicloud.io + resources: + - clusterflows/status + - clusteroutputs/status + - flows/status + - loggings/status + - outputs/status + verbs: + - get + - patch + - update +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - rolebindings + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/clusterrolebinding.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..89d17d094 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/clusterrolebinding.yaml @@ -0,0 +1,18 @@ +{{- if .Values.rbac.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "logging-operator.fullname" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +subjects: + - kind: ServiceAccount + name: {{ template "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "logging-operator.fullname" . }} + + {{- end }} \ No newline at end of file diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/crds.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/crds.yaml new file mode 100755 index 000000000..f573652d0 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/crds.yaml @@ -0,0 +1,6 @@ +{{- if .Values.createCustomResource -}} +{{- range $path, $bytes := .Files.Glob "crds/*.yaml" }} +{{ $.Files.Get $path }} +--- +{{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/deployment.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/deployment.yaml new file mode 100755 index 000000000..da93d4c29 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/deployment.yaml @@ -0,0 +1,62 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + ports: + - name: http + containerPort: {{ .Values.http.port }} + + {{- if .Values.securityContext }} + securityContext: {{ toYaml .Values.securityContext | nindent 12 }} + {{- end }} + {{- if .Values.podSecurityContext }} + securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }} + {{- end }} + + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.rbac.enabled }} + serviceAccountName: {{ include "logging-operator.fullname" . }} + {{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/aks/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/aks/logging.yaml new file mode 100755 index 000000000..c7f6ce7e5 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/aks/logging.yaml @@ -0,0 +1,55 @@ +{{- if .Values.additionalLoggingSources.aks.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-aks + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "aks" + Path: "/var/log/azure/kubelet-status.log" + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/eks/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/eks/logging.yaml new file mode 100755 index 000000000..30c22d82e --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/eks/logging.yaml @@ -0,0 +1,56 @@ +{{- if .Values.additionalLoggingSources.eks.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-eks + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "eks" + Path: "/var/log/messages" + Parser: "syslog" + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/gke/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/gke/logging.yaml new file mode 100755 index 000000000..a1f36c670 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/gke/logging.yaml @@ -0,0 +1,55 @@ +{{- if .Values.additionalLoggingSources.gke.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-gke + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "gke" + Path: "/var/log/kube-proxy.log" + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/k3s/logging-k3s-openrc.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/k3s/logging-k3s-openrc.yaml new file mode 100755 index 000000000..0143b6a89 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/k3s/logging-k3s-openrc.yaml @@ -0,0 +1,65 @@ +{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "openrc")}} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-k3s + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "k3s" + Path: "/var/log/k3s.log" + extraVolumeMounts: + - source: "/var/log/" + destination: "/var/log" + readOnly: true + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/k3s/logging-k3s-systemd.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/k3s/logging-k3s-systemd.yaml new file mode 100755 index 000000000..56aedb2d6 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/k3s/logging-k3s-systemd.yaml @@ -0,0 +1,65 @@ +{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "systemd")}} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-k3s + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "k3s" + Path: "/var/log/syslog" + extraVolumeMounts: + - source: "/var/log/" + destination: "/var/log" + readOnly: true + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke/configmap.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke/configmap.yaml new file mode 100755 index 000000000..2af01ac0c --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke/configmap.yaml @@ -0,0 +1,26 @@ +{{- if .Values.additionalLoggingSources.rke.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-rke + labels: +{{ include "logging-operator.labels" . | indent 4 }} +data: + fluent-bit.conf: | + [SERVICE] + Log_Level {{ .Values.additionalLoggingSources.rke.fluentbit.log_level }} + Parsers_File parsers.conf + + [INPUT] + Tag rke + Name tail + Path_Key filename + Parser json + DB /tail-db/tail-containers-state.db + Mem_Buf_Limit {{ .Values.additionalLoggingSources.rke.fluentbit.mem_buffer_limit }} + Path /var/lib/rancher/rke/log/*.log + + [OUTPUT] + Name file + Path /var/lib/rancher/logging/ +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke/daemonset.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke/daemonset.yaml new file mode 100755 index 000000000..3f41f7b0a --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke/daemonset.yaml @@ -0,0 +1,127 @@ +{{- if .Values.additionalLoggingSources.rke.enabled }} +{{- $containers := printf "%s/containers/" (default "/var/lib/docker" .Values.global.dockerRootDirectory) }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + selector: + matchLabels: + name: {{ .Release.Name }}-rke-aggregator + template: + metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" + labels: + name: {{ .Release.Name }}-rke-aggregator + spec: + containers: + - name: fluentbit + image: "{{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}:{{ .Values.images.fluentbit.tag }}" + volumeMounts: + - mountPath: /var/lib/rancher/rke/log/ + name: indir + - mountPath: /var/lib/rancher/logging/ + name: outdir + - mountPath: {{ $containers }} + name: containers + - mountPath: /tail-db + name: tail-db + - mountPath: /fluent-bit/etc/fluent-bit.conf + name: config + subPath: fluent-bit.conf + volumes: + - name: indir + hostPath: + path: /var/lib/rancher/rke/log/ + type: DirectoryOrCreate + - name: outdir + hostPath: + path: /var/lib/rancher/logging/ + type: DirectoryOrCreate + - name: containers + hostPath: + path: {{ $containers }} + type: DirectoryOrCreate + - name: tail-db + hostPath: + path: /var/lib/rancher/logging/tail-db/ + type: DirectoryOrCreate + - name: config + configMap: + name: "{{ .Release.Name }}-rke" + serviceAccountName: "{{ .Release.Name }}-rke-aggregator" + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" +{{- if .Values.global.psp.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: "{{ .Release.Name }}-rke-aggregator" +rules: + - apiGroups: + - policy + resourceNames: + - "{{ .Release.Name }}-rke-aggregator" + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "{{ .Release.Name }}-rke-aggregator" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: "{{ .Release.Name }}-rke-aggregator" +subjects: + - kind: ServiceAccount + name: "{{ .Release.Name }}-rke-aggregator" +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + allowPrivilegeEscalation: false + allowedHostPaths: + - pathPrefix: {{ $containers }} + readOnly: false + - pathPrefix: /var/lib/rancher/rke/log/ + readOnly: false + - pathPrefix: /var/lib/rancher/logging/ + readOnly: false + fsGroup: + rule: RunAsAny + readOnlyRootFilesystem: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - emptyDir + - secret + - hostPath +{{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke/logging-rke.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke/logging-rke.yaml new file mode 100755 index 000000000..d25c0047f --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke/logging-rke.yaml @@ -0,0 +1,70 @@ +{{- if .Values.additionalLoggingSources.rke.enabled }} +{{- $containers := printf "%s/containers/" (default "/var/lib/docker" .Values.global.dockerRootDirectory) }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-rke + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "rke" + Path: "/var/lib/rancher/logging/rke" + Parser: json + extraVolumeMounts: + - source: "/var/lib/rancher/logging/" + destination: "/var/lib/rancher/logging/" + readOnly: true + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- if .Values.global.dockerRootDirectory }} + mountPath: {{ $containers }} + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke2/configmap.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke2/configmap.yaml new file mode 100755 index 000000000..d8910122a --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke2/configmap.yaml @@ -0,0 +1,18 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-rke2 + labels: +{{ include "logging-operator.labels" . | indent 4 }} +data: + fluent-bit.conf: | + [INPUT] + Name systemd + Tag rke2 + Systemd_Filter _SYSTEMD_UNIT=rke2.service + + [OUTPUT] + Name file + Path /etc/rancher/logging/rke2.log +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke2/daemonset.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke2/daemonset.yaml new file mode 100755 index 000000000..2b4672811 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke2/daemonset.yaml @@ -0,0 +1,101 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + selector: + matchLabels: + name: {{ .Release.Name }}-rke2-journald-aggregator + template: + metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" + labels: + name: {{ .Release.Name }}-rke2-journald-aggregator + spec: + containers: + - name: fluentd + image: "{{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}:{{ .Values.images.fluentbit.tag }}" + volumeMounts: + - mountPath: /etc/rancher/logging/logs/ + name: logdir + - mountPath: /fluent-bit/etc/ + name: config + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: "{{ .Release.Name }}-rke2-journald-aggregator" + volumes: + - name: logdir + hostPath: + path: /etc/rancher/logging/logs/ + - name: config + configMap: + name: "{{ .Release.Name }}-rke2" +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +{{- if .Values.global.psp.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" +rules: + - apiGroups: + - policy + resourceNames: + - "{{ .Release.Name }}-rke2-journald-aggregator" + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: "{{ .Release.Name }}-rke2-journald-aggregator" +subjects: + - kind: ServiceAccount + name: "{{ .Release.Name }}-rke2-journald-aggregator" +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + allowPrivilegeEscalation: false + allowedHostPaths: + - pathPrefix: /etc/rancher/logging/logs + readOnly: false + fsGroup: + rule: RunAsAny + readOnlyRootFilesystem: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - emptyDir + - secret + - hostPath +{{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke2/logging-rke2-containers.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke2/logging-rke2-containers.yaml new file mode 100755 index 000000000..2bc1900ce --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke2/logging-rke2-containers.yaml @@ -0,0 +1,63 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-rke2-containers + namespace: {{ .Release.Namespace }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "rke2" + Path: "/var/log/containers/*rke*.log" + extraVolumeMounts: + - source: "/var/log/containers/" + destination: "/var/log/containers/" + readOnly: true + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke2/logging-rke2-journald.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke2/logging-rke2-journald.yaml new file mode 100755 index 000000000..72ac37bab --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/rke2/logging-rke2-journald.yaml @@ -0,0 +1,63 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-rke2-journald + namespace: {{ .Release.Namespace }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "rke2" + Path: "/etc/rancher/logging/logs/*.log" + extraVolumeMounts: + - source: "/etc/rancher/logging/logs/" + destination: "/etc/rancher/logging/logs/" + readOnly: true + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/root/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/root/logging.yaml new file mode 100755 index 000000000..09071405d --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/loggings/root/logging.yaml @@ -0,0 +1,64 @@ +{{- $containers := printf "%s/containers/" (default "/var/lib/docker" .Values.global.dockerRootDirectory) }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- if .Values.global.dockerRootDirectory }} + mountPath: {{ $containers }} + extraVolumeMounts: + - source: {{ $containers }} + destination: {{ $containers }} + readOnly: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/psp.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/psp.yaml new file mode 100755 index 000000000..d0eab300c --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/psp.yaml @@ -0,0 +1,33 @@ +{{ if and .Values.rbac.enabled .Values.rbac.psp.enabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: psp.logging-operator + namespace: {{ include "logging-operator.namespace" . }} + annotations: + seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default,runtime/default' + seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default' + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + readOnlyRootFilesystem: true + privileged: false + allowPrivilegeEscalation: false + runAsUser: + rule: MustRunAsNonRoot + fsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + supplementalGroups: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + volumes: + - secret + - configMap +{{ end }} \ No newline at end of file diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/service.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/service.yaml new file mode 100755 index 000000000..f419ae2c4 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + type: ClusterIP + {{- with .Values.http.service.clusterIP }} + clusterIP: {{ . }} + {{- end }} + ports: + - port: {{ .Values.http.port }} + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/serviceMonitor.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/serviceMonitor.yaml new file mode 100755 index 000000000..1bb762cde --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/serviceMonitor.yaml @@ -0,0 +1,30 @@ +{{ if .Values.monitoring.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +{{- with .Values.monitoring.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} +{{- end }} +spec: + selector: + matchLabels: +{{ include "logging-operator.labels" . | indent 6 }} + endpoints: + - port: http + path: /metrics + {{- with .Values.monitoring.serviceMonitor.metricsRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.monitoring.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 4 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "logging-operator.namespace" . }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/serviceaccount.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/serviceaccount.yaml new file mode 100755 index 000000000..cbb2a94b4 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/serviceaccount.yaml @@ -0,0 +1,10 @@ +{{- if .Values.rbac.enabled }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/userroles.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/userroles.yaml new file mode 100755 index 000000000..f4136b09a --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/userroles.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "logging-admin" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: + - "logging.banzaicloud.io" + resources: + - flows + - outputs + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "logging-view" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: + - apiGroups: + - "logging.banzaicloud.io" + resources: + - flows + - outputs + - clusterflows + - clusteroutputs + verbs: + - get + - list + - watch diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/validate-install-crd.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/validate-install-crd.yaml new file mode 100755 index 000000000..66e8725e5 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/validate-install-crd.yaml @@ -0,0 +1,18 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/ClusterFlow" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/ClusterOutput" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Flow" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Logging" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Output" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/templates/validate-install.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/validate-install.yaml new file mode 100755 index 000000000..bd624cc4b --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/templates/validate-install.yaml @@ -0,0 +1,5 @@ +#{{- if .Values.global.dockerRootDirectory }} +#{{- if or (hasSuffix "/containers" .Values.global.dockerRootDirectory) (hasSuffix "/" .Values.global.dockerRootDirectory) }} +#{{- required "global.dockerRootDirectory must not end with suffix: '/' or '/containers'" "" -}} +#{{- end }} +#{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.000/values.yaml b/released/charts/rancher-logging/rancher-logging/3.9.000/values.yaml new file mode 100755 index 000000000..e07558390 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.000/values.yaml @@ -0,0 +1,149 @@ +# Default values for logging-operator. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: rancher/mirrored-banzaicloud-logging-operator + tag: 3.9.0 + pullPolicy: IfNotPresent + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" +namespaceOverride: "" + +annotations: {} + +## Deploy CRDs used by Logging Operator. +## +createCustomResource: false + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: + kubernetes.io/os: linux + +tolerations: + - key: cattle.io/os + operator: "Equal" + value: "linux" + effect: NoSchedule + +affinity: {} + +http: + # http listen port number + port: 8080 + # Service definition for query http service + service: + type: ClusterIP + clusterIP: None + # Annotations to query http service + annotations: {} + # Labels to query http service + labels: {} + +# These "rbac" settings match the upstream defaults. For only using psp in the overlay files, which +# include the default Logging CRs created, see the "global.psp" setting. To enable psp for the entire +# chart, enable both "rbac.psp" and "global.psp" (this may require further changes to the chart). +rbac: + enabled: true + psp: + enabled: false + +## SecurityContext holds pod-level security attributes and common container settings. +## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +podSecurityContext: {} +# runAsNonRoot: true +# runAsUser: 1000 +# fsGroup: 2000 +securityContext: {} +# allowPrivilegeEscalation: false +# readOnlyRootFilesystem: true + # capabilities: + # drop: ["ALL"] + +## Operator priorityClassName +## +priorityClassName: {} + +monitoring: + # Create a Prometheus Operator ServiceMonitor object + serviceMonitor: + enabled: false + additionalLabels: {} + metricRelabelings: [] + relabelings: [] + +disablePvc: true + +additionalLoggingSources: + rke: + enabled: false + fluentbit: + log_level: "info" + mem_buffer_limit: "5MB" + rke2: + enabled: false + k3s: + enabled: false + container_engine: "systemd" + aks: + enabled: false + eks: + enabled: false + gke: + enabled: false + +images: + config_reloader: + repository: rancher/mirrored-jimmidyson-configmap-reload + tag: v0.4.0 + fluentbit: + repository: rancher/mirrored-fluent-fluent-bit + tag: 1.6.10 + fluentbit_debug: + repository: rancher/mirrored-fluent-fluent-bit + tag: 1.6.10-debug + fluentd: + repository: rancher/mirrored-banzaicloud-fluentd + tag: v1.11.5-alpine-9 + +# These "fluentd" and "fluentbit" settings apply to every Logging CR, including vendor Logging CRs +# enabled in "additionalLoggingSources". Changing these affects every Logging CR installed. +fluentd: + resources: {} +fluentbit: + resources: {} + tolerations: + - key: node-role.kubernetes.io/controlplane + value: "true" + effect: NoSchedule + - key: node-role.kubernetes.io/etcd + value: "true" + effect: NoExecute + +global: + cattle: + systemDefaultRegistry: "" + # Change the "dockerRootDirectory" if the default Docker directory has changed. + dockerRootDirectory: "" + # This psp setting differs from the upstream "rbac.psp" by only enabling psp settings for the + # overlay files, which include the Logging CRs created, whereas the upstream "rbac.psp" affects the + # logging operator. + psp: + enabled: true diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/.helmignore b/released/charts/rancher-logging/rancher-logging/3.9.001/.helmignore new file mode 100755 index 000000000..50af03172 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/Chart.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/Chart.yaml new file mode 100755 index 000000000..2a2b73974 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/Chart.yaml @@ -0,0 +1,20 @@ +annotations: + catalog.cattle.io/auto-install: rancher-logging-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Logging + catalog.cattle.io/namespace: cattle-logging-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 + catalog.cattle.io/release-name: rancher-logging + catalog.cattle.io/ui-component: logging +apiVersion: v1 +appVersion: 3.9.0 +description: Collects and filter logs using highly configurable CRDs. Powered by Banzai + Cloud Logging Operator. +icon: https://charts.rancher.io/assets/logos/logging.svg +keywords: +- logging +- monitoring +- security +name: rancher-logging +version: 3.9.001 diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/README.md b/released/charts/rancher-logging/rancher-logging/3.9.001/README.md new file mode 100755 index 000000000..783816749 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/README.md @@ -0,0 +1,129 @@ + +# Logging operator Chart + +[Logging operator](https://github.com/banzaicloud/logging-operator) Managed centralized logging component fluentd and fluent-bit instance on cluster. + +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator +``` + +## Introduction + +This chart bootstraps a [Logging Operator](https://github.com/banzaicloud/logging-operator) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Kubernetes 1.8+ with Beta APIs enabled + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +$ helm install --name my-release banzaicloud-stable/logging-operator +``` + +### CRDs +Use `createCustomResource=false` with Helm v3 to avoid trying to create CRDs from the `crds` folder and from templates at the same time. + +The command deploys **Logging operator** on the Kubernetes cluster with the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete my-release +``` + +The command removes all Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following tables lists the configurable parameters of the logging-operator chart and their default values. + +| Parameter | Description | Default | +| --------------------------------------------------- | ------------------------------------------------------ | ------------------------------ | +| `image.repository` | Container image repository | `ghcr.io/banzaicloud/logging-operator` | +| `image.tag` | Container image tag | `3.9.0` | +| `image.pullPolicy` | Container pull policy | `IfNotPresent` | +| `nameOverride` | Override name of app | `` | +| `fullnameOverride` | Override full name of app | `` | +| `namespaceOverride` | Override namespace of app | `` | +| `watchNamespace` | Namespace to watch for LoggingOperator CRD | `` | +| `rbac.enabled` | Create rbac service account and roles | `true` | +| `rbac.psp.enabled` | Must be used with `rbac.enabled` true. If true, creates & uses RBAC resources required in the cluster with [Pod Security Policies](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) enabled. | `false` | +| `priorityClassName` | Operator priorityClassName | `{}` | +| `affinity` | Node Affinity | `{}` | +| `resources` | CPU/Memory resource requests/limits | `{}` | +| `tolerations` | Node Tolerations | `[]` | +| `nodeSelector` | Define which Nodes the Pods are scheduled on. | `{}` | +| `annotations` | Define annotations for logging-operator pods | `{}` | +| `podSecurityContext` | Pod SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{"runAsNonRoot": true, "runAsUser": 1000, "fsGroup": 2000}` | +| `securityContext` | Container SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{"allowPrivilegeEscalation": false, "readOnlyRootFilesystem": true}` | +| `createCustomResource` | Create CRDs. | `true` | +| `monitoring.serviceMonitor.enabled` | Create Prometheus Operator servicemonitor. | `false` | + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example: + +```bash +$ helm install --name my-release -f values.yaml banzaicloud-stable/logging-operator +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Installing Fluentd and Fluent-bit via logging + +The previous chart does **not** install `logging` resource to deploy Fluentd and Fluent-bit on cluster. To install them please use the [Logging Operator Logging](https://github.com/banzaicloud/logging-operator/tree/master/charts/logging-operator-logging) chart. + +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator-logging +``` + +## Configuration + +The following tables lists the configurable parameters of the logging-operator-logging chart and their default values. +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator-logging +``` + +## Configuration + +The following tables lists the configurable parameters of the logging-operator-logging chart and their default values. + +| Parameter | Description | Default | +| --------------------------------------------------- | ------------------------------------------------------ | ------------------------------ | +| `tls.enabled` | Enabled TLS communication between components | true | +| `tls.fluentdSecretName` | Specified secret name, which contain tls certs | This will overwrite automatic Helm certificate generation. | +| `tls.fluentbitSecretName` | Specified secret name, which contain tls certs | This will overwrite automatic Helm certificate generation. | +| `tls.sharedKey` | Shared key between nodes (fluentd-fluentbit) | [autogenerated] | +| `fluentbit.enabled` | Install fluent-bit | true | +| `fluentbit.namespace` | Specified fluentbit installation namespace | same as operator namespace | +| `fluentbit.image.tag` | Fluentbit container image tag | `1.6.10` | +| `fluentbit.image.repository` | Fluentbit container image repository | `fluent/fluent-bit` | +| `fluentbit.image.pullPolicy` | Fluentbit container pull policy | `IfNotPresent` | +| `fluentd.enabled` | Install fluentd | true | +| `fluentd.image.tag` | Fluentd container image tag | `v1.11.5-alpine-9` | +| `fluentd.image.repository` | Fluentd container image repository | `ghcr.io/banzaicloud/fluentd` | +| `fluentd.image.pullPolicy` | Fluentd container pull policy | `IfNotPresent` | +| `fluentd.volumeModImage.tag` | Fluentd volumeModImage container image tag | `latest` | +| `fluentd.volumeModImage.repository` | Fluentd volumeModImage container image repository | `busybox` | +| `fluentd.volumeModImage.pullPolicy` | Fluentd volumeModImage container pull policy | `IfNotPresent` | +| `fluentd.configReloaderImage.tag` | Fluentd configReloaderImage container image tag | `v0.2.2` | +| `fluentd.configReloaderImage.repository` | Fluentd configReloaderImage container image repository | `jimmidyson/configmap-reload` | +| `fluentd.configReloaderImage.pullPolicy` | Fluentd configReloaderImage container pull policy | `IfNotPresent` | +| `fluentd.fluentdPvcSpec.accessModes` | Fluentd persistence volume access modes | `[ReadWriteOnce]` | +| `fluentd.fluentdPvcSpec.resources.requests.storage` | Fluentd persistence volume size | `21Gi` | +| `fluentd.fluentdPvcSpec.storageClassName` | Fluentd persistence volume storageclass | `"""` | diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/app-readme.md b/released/charts/rancher-logging/rancher-logging/3.9.001/app-readme.md new file mode 100755 index 000000000..2de4ab4c5 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/app-readme.md @@ -0,0 +1,22 @@ +# Rancher Logging + +This chart is based off of the upstream [Banzai Logging Operator](https://banzaicloud.com/docs/one-eye/logging-operator/) chart. The chart deploys a logging operator and CRDs, which allows users to configure complex logging pipelines with a few simple custom resources. There are two levels of logging, which allow you to collect all logs in a cluster or from a single namespace. + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/logging/v2.5/). + +## Namespace-level logging + +To collect logs from a single namespace, users create flows and these flows are connected to outputs or cluster outputs. + +## Cluster-level logging + +To collect logs from an entire cluster, users create cluster flows and cluster outputs. + +## CRDs + +- [Cluster Flow](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/clusterflow_types/) - A cluster flow is a CRD (`ClusterFlow`) that defines what logs to collect from the entire cluster. The cluster flow must be deployed in the same namespace as the logging operator. +- [Cluster Output](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/clusteroutput_types/) - A cluster output is a CRD (`ClusterOutput`) that defines how to connect to logging providers so they can start collecting logs. The cluster output must be deployed in the same namespace as the logging operator. The convenience of using a cluster output is that either a cluster flow or flow can send logs to those providers without needing to define specific outputs in each namespace for each flow. +- [Flow](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/flow_types/) - A flow is a CRD (`Flow`) that defines what logs to collect from the namespace that it is deployed in. +- [Output](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/output_types/) - An output is a CRD (`Output`) that defines how to connect to logging providers so logs can be sent to the provider. + +For more information on how to configure the Helm chart, refer to the Helm README. diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/NOTES.txt b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/NOTES.txt new file mode 100755 index 000000000..e69de29bb diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/_helpers.tpl b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/_helpers.tpl new file mode 100755 index 000000000..b2b289443 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/_helpers.tpl @@ -0,0 +1,66 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "logging-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "logging-operator.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Provides the namespace the chart will be installed in using the builtin .Release.Namespace, +or, if provided, a manually overwritten namespace value. +*/}} +{{- define "logging-operator.namespace" -}} +{{- if .Values.namespaceOverride -}} +{{ .Values.namespaceOverride -}} +{{- else -}} +{{ .Release.Namespace }} +{{- end -}} +{{- end -}} + + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "logging-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "logging-operator.labels" -}} +app.kubernetes.io/name: {{ include "logging-operator.name" . }} +helm.sh/chart: {{ include "logging-operator.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/clusterrole.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/clusterrole.yaml new file mode 100755 index 000000000..709eedb91 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/clusterrole.yaml @@ -0,0 +1,167 @@ +{{- if .Values.rbac.enabled }} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: {{ template "logging-operator.fullname" . }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - endpoints + - namespaces + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + - pods + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + - events.k8s.io + resources: + - events + verbs: + - create + - get + - list + - watch +- apiGroups: + - apps + resources: + - daemonsets + - replicasets + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + - extensions + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - extensions + - policy + resources: + - podsecuritypolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - use + - watch +- apiGroups: + - logging.banzaicloud.io + resources: + - clusterflows + - clusteroutputs + - flows + - loggings + - outputs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - logging.banzaicloud.io + resources: + - clusterflows/status + - clusteroutputs/status + - flows/status + - loggings/status + - outputs/status + verbs: + - get + - patch + - update +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - rolebindings + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/clusterrolebinding.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..89d17d094 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/clusterrolebinding.yaml @@ -0,0 +1,18 @@ +{{- if .Values.rbac.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "logging-operator.fullname" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +subjects: + - kind: ServiceAccount + name: {{ template "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "logging-operator.fullname" . }} + + {{- end }} \ No newline at end of file diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/crds.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/crds.yaml new file mode 100755 index 000000000..f573652d0 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/crds.yaml @@ -0,0 +1,6 @@ +{{- if .Values.createCustomResource -}} +{{- range $path, $bytes := .Files.Glob "crds/*.yaml" }} +{{ $.Files.Get $path }} +--- +{{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/deployment.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/deployment.yaml new file mode 100755 index 000000000..da93d4c29 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/deployment.yaml @@ -0,0 +1,62 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + ports: + - name: http + containerPort: {{ .Values.http.port }} + + {{- if .Values.securityContext }} + securityContext: {{ toYaml .Values.securityContext | nindent 12 }} + {{- end }} + {{- if .Values.podSecurityContext }} + securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }} + {{- end }} + + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.rbac.enabled }} + serviceAccountName: {{ include "logging-operator.fullname" . }} + {{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/aks/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/aks/logging.yaml new file mode 100755 index 000000000..c7f6ce7e5 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/aks/logging.yaml @@ -0,0 +1,55 @@ +{{- if .Values.additionalLoggingSources.aks.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-aks + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "aks" + Path: "/var/log/azure/kubelet-status.log" + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/eks/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/eks/logging.yaml new file mode 100755 index 000000000..30c22d82e --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/eks/logging.yaml @@ -0,0 +1,56 @@ +{{- if .Values.additionalLoggingSources.eks.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-eks + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "eks" + Path: "/var/log/messages" + Parser: "syslog" + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/gke/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/gke/logging.yaml new file mode 100755 index 000000000..a1f36c670 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/gke/logging.yaml @@ -0,0 +1,55 @@ +{{- if .Values.additionalLoggingSources.gke.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-gke + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "gke" + Path: "/var/log/kube-proxy.log" + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/k3s/logging-k3s-openrc.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/k3s/logging-k3s-openrc.yaml new file mode 100755 index 000000000..0143b6a89 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/k3s/logging-k3s-openrc.yaml @@ -0,0 +1,65 @@ +{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "openrc")}} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-k3s + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "k3s" + Path: "/var/log/k3s.log" + extraVolumeMounts: + - source: "/var/log/" + destination: "/var/log" + readOnly: true + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/k3s/logging-k3s-systemd.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/k3s/logging-k3s-systemd.yaml new file mode 100755 index 000000000..56aedb2d6 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/k3s/logging-k3s-systemd.yaml @@ -0,0 +1,65 @@ +{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "systemd")}} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-k3s + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "k3s" + Path: "/var/log/syslog" + extraVolumeMounts: + - source: "/var/log/" + destination: "/var/log" + readOnly: true + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/rke/configmap.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/rke/configmap.yaml new file mode 100755 index 000000000..ab91d93e2 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/rke/configmap.yaml @@ -0,0 +1,29 @@ +{{- if .Values.additionalLoggingSources.rke.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-rke + labels: +{{ include "logging-operator.labels" . | indent 4 }} +data: + fluent-bit.conf: | + [SERVICE] + Log_Level {{ .Values.additionalLoggingSources.rke.fluentbit.log_level }} + Parsers_File parsers.conf + + [INPUT] + Tag rke + Name tail + Path_Key filename + Parser docker + DB /tail-db/tail-containers-state.db + Mem_Buf_Limit {{ .Values.additionalLoggingSources.rke.fluentbit.mem_buffer_limit }} + Path /var/lib/rancher/rke/log/*.log + + [OUTPUT] + Name forward + Match * + Host {{ .Release.Name }}-fluentd.{{ .Release.Namespace }}.svc + Port 24240 + Retry_Limit False +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/rke/daemonset.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/rke/daemonset.yaml new file mode 100755 index 000000000..88c5bf31c --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/rke/daemonset.yaml @@ -0,0 +1,119 @@ +{{- if .Values.additionalLoggingSources.rke.enabled }} +{{- $containers := printf "%s/containers/" (default "/var/lib/docker" .Values.global.dockerRootDirectory) }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + selector: + matchLabels: + name: {{ .Release.Name }}-rke-aggregator + template: + metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" + labels: + name: {{ .Release.Name }}-rke-aggregator + spec: + containers: + - name: fluentbit + image: "{{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}:{{ .Values.images.fluentbit.tag }}" + volumeMounts: + - mountPath: /var/lib/rancher/rke/log/ + name: indir + - mountPath: {{ $containers }} + name: containers + - mountPath: /tail-db + name: positiondb + - mountPath: /fluent-bit/etc/fluent-bit.conf + name: config + subPath: fluent-bit.conf + volumes: + - name: indir + hostPath: + path: /var/lib/rancher/rke/log/ + type: DirectoryOrCreate + - name: containers + hostPath: + path: {{ $containers }} + type: DirectoryOrCreate + - name: positiondb + emptyDir: {} + - name: config + configMap: + name: "{{ .Release.Name }}-rke" + serviceAccountName: "{{ .Release.Name }}-rke-aggregator" + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" +{{- if .Values.global.psp.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: "{{ .Release.Name }}-rke-aggregator" +rules: + - apiGroups: + - policy + resourceNames: + - "{{ .Release.Name }}-rke-aggregator" + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "{{ .Release.Name }}-rke-aggregator" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: "{{ .Release.Name }}-rke-aggregator" +subjects: + - kind: ServiceAccount + name: "{{ .Release.Name }}-rke-aggregator" +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + allowPrivilegeEscalation: false + allowedHostPaths: + - pathPrefix: {{ $containers }} + readOnly: false + - pathPrefix: /var/lib/rancher/rke/log/ + readOnly: false + - pathPrefix: /var/lib/rancher/logging/ + readOnly: false + fsGroup: + rule: RunAsAny + readOnlyRootFilesystem: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - emptyDir + - secret + - hostPath +{{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/rke2/configmap.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/rke2/configmap.yaml new file mode 100755 index 000000000..86369d140 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/rke2/configmap.yaml @@ -0,0 +1,21 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-rke2 + labels: +{{ include "logging-operator.labels" . | indent 4 }} +data: + fluent-bit.conf: | + [INPUT] + Name systemd + Tag rke2 + Systemd_Filter _SYSTEMD_UNIT=rke2.service + + [OUTPUT] + Name forward + Match * + Host {{ .Release.Name }}-fluentd.{{ .Release.Namespace }}.svc + Port 24240 + Retry_Limit False +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/rke2/daemonset.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/rke2/daemonset.yaml new file mode 100755 index 000000000..3bf73f22f --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/rke2/daemonset.yaml @@ -0,0 +1,93 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + selector: + matchLabels: + name: {{ .Release.Name }}-rke2-journald-aggregator + template: + metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" + labels: + name: {{ .Release.Name }}-rke2-journald-aggregator + spec: + containers: + - name: fluentd + image: "{{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}:{{ .Values.images.fluentbit.tag }}" + volumeMounts: + - mountPath: /fluent-bit/etc/ + name: config + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: "{{ .Release.Name }}-rke2-journald-aggregator" + volumes: + - name: config + configMap: + name: "{{ .Release.Name }}-rke2" +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +{{- if .Values.global.psp.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" +rules: + - apiGroups: + - policy + resourceNames: + - "{{ .Release.Name }}-rke2-journald-aggregator" + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: "{{ .Release.Name }}-rke2-journald-aggregator" +subjects: + - kind: ServiceAccount + name: "{{ .Release.Name }}-rke2-journald-aggregator" +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + allowPrivilegeEscalation: false + fsGroup: + rule: RunAsAny + readOnlyRootFilesystem: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - emptyDir + - secret + - hostPath +{{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/rke2/logging-rke2-containers.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/rke2/logging-rke2-containers.yaml new file mode 100755 index 000000000..2bc1900ce --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/rke2/logging-rke2-containers.yaml @@ -0,0 +1,63 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-rke2-containers + namespace: {{ .Release.Namespace }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "rke2" + Path: "/var/log/containers/*rke*.log" + extraVolumeMounts: + - source: "/var/log/containers/" + destination: "/var/log/containers/" + readOnly: true + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/root/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/root/logging.yaml new file mode 100755 index 000000000..09071405d --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/loggings/root/logging.yaml @@ -0,0 +1,64 @@ +{{- $containers := printf "%s/containers/" (default "/var/lib/docker" .Values.global.dockerRootDirectory) }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- if .Values.global.dockerRootDirectory }} + mountPath: {{ $containers }} + extraVolumeMounts: + - source: {{ $containers }} + destination: {{ $containers }} + readOnly: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/psp.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/psp.yaml new file mode 100755 index 000000000..d0eab300c --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/psp.yaml @@ -0,0 +1,33 @@ +{{ if and .Values.rbac.enabled .Values.rbac.psp.enabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: psp.logging-operator + namespace: {{ include "logging-operator.namespace" . }} + annotations: + seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default,runtime/default' + seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default' + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + readOnlyRootFilesystem: true + privileged: false + allowPrivilegeEscalation: false + runAsUser: + rule: MustRunAsNonRoot + fsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + supplementalGroups: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + volumes: + - secret + - configMap +{{ end }} \ No newline at end of file diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/service.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/service.yaml new file mode 100755 index 000000000..f419ae2c4 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + type: ClusterIP + {{- with .Values.http.service.clusterIP }} + clusterIP: {{ . }} + {{- end }} + ports: + - port: {{ .Values.http.port }} + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/serviceMonitor.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/serviceMonitor.yaml new file mode 100755 index 000000000..1bb762cde --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/serviceMonitor.yaml @@ -0,0 +1,30 @@ +{{ if .Values.monitoring.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +{{- with .Values.monitoring.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} +{{- end }} +spec: + selector: + matchLabels: +{{ include "logging-operator.labels" . | indent 6 }} + endpoints: + - port: http + path: /metrics + {{- with .Values.monitoring.serviceMonitor.metricsRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.monitoring.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 4 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "logging-operator.namespace" . }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/serviceaccount.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/serviceaccount.yaml new file mode 100755 index 000000000..cbb2a94b4 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/serviceaccount.yaml @@ -0,0 +1,10 @@ +{{- if .Values.rbac.enabled }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/userroles.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/userroles.yaml new file mode 100755 index 000000000..f4136b09a --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/userroles.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "logging-admin" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: + - "logging.banzaicloud.io" + resources: + - flows + - outputs + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "logging-view" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: + - apiGroups: + - "logging.banzaicloud.io" + resources: + - flows + - outputs + - clusterflows + - clusteroutputs + verbs: + - get + - list + - watch diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/validate-install-crd.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/validate-install-crd.yaml new file mode 100755 index 000000000..66e8725e5 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/validate-install-crd.yaml @@ -0,0 +1,18 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/ClusterFlow" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/ClusterOutput" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Flow" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Logging" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Output" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/templates/validate-install.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/validate-install.yaml new file mode 100755 index 000000000..bd624cc4b --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/templates/validate-install.yaml @@ -0,0 +1,5 @@ +#{{- if .Values.global.dockerRootDirectory }} +#{{- if or (hasSuffix "/containers" .Values.global.dockerRootDirectory) (hasSuffix "/" .Values.global.dockerRootDirectory) }} +#{{- required "global.dockerRootDirectory must not end with suffix: '/' or '/containers'" "" -}} +#{{- end }} +#{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.001/values.yaml b/released/charts/rancher-logging/rancher-logging/3.9.001/values.yaml new file mode 100755 index 000000000..e07558390 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.001/values.yaml @@ -0,0 +1,149 @@ +# Default values for logging-operator. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: rancher/mirrored-banzaicloud-logging-operator + tag: 3.9.0 + pullPolicy: IfNotPresent + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" +namespaceOverride: "" + +annotations: {} + +## Deploy CRDs used by Logging Operator. +## +createCustomResource: false + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: + kubernetes.io/os: linux + +tolerations: + - key: cattle.io/os + operator: "Equal" + value: "linux" + effect: NoSchedule + +affinity: {} + +http: + # http listen port number + port: 8080 + # Service definition for query http service + service: + type: ClusterIP + clusterIP: None + # Annotations to query http service + annotations: {} + # Labels to query http service + labels: {} + +# These "rbac" settings match the upstream defaults. For only using psp in the overlay files, which +# include the default Logging CRs created, see the "global.psp" setting. To enable psp for the entire +# chart, enable both "rbac.psp" and "global.psp" (this may require further changes to the chart). +rbac: + enabled: true + psp: + enabled: false + +## SecurityContext holds pod-level security attributes and common container settings. +## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +podSecurityContext: {} +# runAsNonRoot: true +# runAsUser: 1000 +# fsGroup: 2000 +securityContext: {} +# allowPrivilegeEscalation: false +# readOnlyRootFilesystem: true + # capabilities: + # drop: ["ALL"] + +## Operator priorityClassName +## +priorityClassName: {} + +monitoring: + # Create a Prometheus Operator ServiceMonitor object + serviceMonitor: + enabled: false + additionalLabels: {} + metricRelabelings: [] + relabelings: [] + +disablePvc: true + +additionalLoggingSources: + rke: + enabled: false + fluentbit: + log_level: "info" + mem_buffer_limit: "5MB" + rke2: + enabled: false + k3s: + enabled: false + container_engine: "systemd" + aks: + enabled: false + eks: + enabled: false + gke: + enabled: false + +images: + config_reloader: + repository: rancher/mirrored-jimmidyson-configmap-reload + tag: v0.4.0 + fluentbit: + repository: rancher/mirrored-fluent-fluent-bit + tag: 1.6.10 + fluentbit_debug: + repository: rancher/mirrored-fluent-fluent-bit + tag: 1.6.10-debug + fluentd: + repository: rancher/mirrored-banzaicloud-fluentd + tag: v1.11.5-alpine-9 + +# These "fluentd" and "fluentbit" settings apply to every Logging CR, including vendor Logging CRs +# enabled in "additionalLoggingSources". Changing these affects every Logging CR installed. +fluentd: + resources: {} +fluentbit: + resources: {} + tolerations: + - key: node-role.kubernetes.io/controlplane + value: "true" + effect: NoSchedule + - key: node-role.kubernetes.io/etcd + value: "true" + effect: NoExecute + +global: + cattle: + systemDefaultRegistry: "" + # Change the "dockerRootDirectory" if the default Docker directory has changed. + dockerRootDirectory: "" + # This psp setting differs from the upstream "rbac.psp" by only enabling psp settings for the + # overlay files, which include the Logging CRs created, whereas the upstream "rbac.psp" affects the + # logging operator. + psp: + enabled: true diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/.helmignore b/released/charts/rancher-logging/rancher-logging/3.9.002/.helmignore new file mode 100755 index 000000000..50af03172 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/Chart.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/Chart.yaml new file mode 100755 index 000000000..d87e0ec48 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/Chart.yaml @@ -0,0 +1,20 @@ +annotations: + catalog.cattle.io/auto-install: rancher-logging-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Logging + catalog.cattle.io/namespace: cattle-logging-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 + catalog.cattle.io/release-name: rancher-logging + catalog.cattle.io/ui-component: logging +apiVersion: v1 +appVersion: 3.9.0 +description: Collects and filter logs using highly configurable CRDs. Powered by Banzai + Cloud Logging Operator. +icon: https://charts.rancher.io/assets/logos/logging.svg +keywords: +- logging +- monitoring +- security +name: rancher-logging +version: 3.9.002 diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/README.md b/released/charts/rancher-logging/rancher-logging/3.9.002/README.md new file mode 100755 index 000000000..ca7938e2a --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/README.md @@ -0,0 +1,130 @@ + +# Logging operator Chart + +[Logging operator](https://github.com/banzaicloud/logging-operator) Managed centralized logging component fluentd and fluent-bit instance on cluster. + +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator +``` + +## Introduction + +This chart bootstraps a [Logging Operator](https://github.com/banzaicloud/logging-operator) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Kubernetes 1.8+ with Beta APIs enabled + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +$ helm install --name my-release banzaicloud-stable/logging-operator +``` + +### CRDs +Use `createCustomResource=false` with Helm v3 to avoid trying to create CRDs from the `crds` folder and from templates at the same time. + +The command deploys **Logging operator** on the Kubernetes cluster with the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete my-release +``` + +The command removes all Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following tables lists the configurable parameters of the logging-operator chart and their default values. + +| Parameter | Description | Default | +| --------------------------------------------------- | ------------------------------------------------------ | ------------------------------ | +| `image.repository` | Container image repository | `ghcr.io/banzaicloud/logging-operator` | +| `image.tag` | Container image tag | `3.9.0` | +| `image.pullPolicy` | Container pull policy | `IfNotPresent` | +| `nameOverride` | Override name of app | `` | +| `fullnameOverride` | Override full name of app | `` | +| `namespaceOverride` | Override namespace of app | `` | +| `watchNamespace` | Namespace to watch for LoggingOperator CRD | `` | +| `rbac.enabled` | Create rbac service account and roles | `true` | +| `rbac.psp.enabled` | Must be used with `rbac.enabled` true. If true, creates & uses RBAC resources required in the cluster with [Pod Security Policies](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) enabled. | `false` | +| `priorityClassName` | Operator priorityClassName | `{}` | +| `affinity` | Node Affinity | `{}` | +| `resources` | CPU/Memory resource requests/limits | `{}` | +| `tolerations` | Node Tolerations | `[]` | +| `nodeSelector` | Define which Nodes the Pods are scheduled on. | `{}` | +| `annotations` | Define annotations for logging-operator pods | `{}` | +| `podSecurityContext` | Pod SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{"runAsNonRoot": true, "runAsUser": 1000, "fsGroup": 2000}` | +| `securityContext` | Container SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{"allowPrivilegeEscalation": false, "readOnlyRootFilesystem": true}` | +| `createCustomResource` | Create CRDs. | `true` | +| `monitoring.serviceMonitor.enabled` | Create Prometheus Operator servicemonitor. | `false` | +| `global.seLinux.enabled` | Add seLinuxOptions to Logging resources, requires the [rke2-selinux RPM](https://github.com/rancher/rke2-selinux/releases) | `false` | + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example: + +```bash +$ helm install --name my-release -f values.yaml banzaicloud-stable/logging-operator +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Installing Fluentd and Fluent-bit via logging + +The previous chart does **not** install `logging` resource to deploy Fluentd and Fluent-bit on cluster. To install them please use the [Logging Operator Logging](https://github.com/banzaicloud/logging-operator/tree/master/charts/logging-operator-logging) chart. + +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator-logging +``` + +## Configuration + +The following tables lists the configurable parameters of the logging-operator-logging chart and their default values. +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator-logging +``` + +## Configuration + +The following tables lists the configurable parameters of the logging-operator-logging chart and their default values. + +| Parameter | Description | Default | +| --------------------------------------------------- | ------------------------------------------------------ | ------------------------------ | +| `tls.enabled` | Enabled TLS communication between components | true | +| `tls.fluentdSecretName` | Specified secret name, which contain tls certs | This will overwrite automatic Helm certificate generation. | +| `tls.fluentbitSecretName` | Specified secret name, which contain tls certs | This will overwrite automatic Helm certificate generation. | +| `tls.sharedKey` | Shared key between nodes (fluentd-fluentbit) | [autogenerated] | +| `fluentbit.enabled` | Install fluent-bit | true | +| `fluentbit.namespace` | Specified fluentbit installation namespace | same as operator namespace | +| `fluentbit.image.tag` | Fluentbit container image tag | `1.6.10` | +| `fluentbit.image.repository` | Fluentbit container image repository | `fluent/fluent-bit` | +| `fluentbit.image.pullPolicy` | Fluentbit container pull policy | `IfNotPresent` | +| `fluentd.enabled` | Install fluentd | true | +| `fluentd.image.tag` | Fluentd container image tag | `v1.11.5-alpine-9` | +| `fluentd.image.repository` | Fluentd container image repository | `ghcr.io/banzaicloud/fluentd` | +| `fluentd.image.pullPolicy` | Fluentd container pull policy | `IfNotPresent` | +| `fluentd.volumeModImage.tag` | Fluentd volumeModImage container image tag | `latest` | +| `fluentd.volumeModImage.repository` | Fluentd volumeModImage container image repository | `busybox` | +| `fluentd.volumeModImage.pullPolicy` | Fluentd volumeModImage container pull policy | `IfNotPresent` | +| `fluentd.configReloaderImage.tag` | Fluentd configReloaderImage container image tag | `v0.2.2` | +| `fluentd.configReloaderImage.repository` | Fluentd configReloaderImage container image repository | `jimmidyson/configmap-reload` | +| `fluentd.configReloaderImage.pullPolicy` | Fluentd configReloaderImage container pull policy | `IfNotPresent` | +| `fluentd.fluentdPvcSpec.accessModes` | Fluentd persistence volume access modes | `[ReadWriteOnce]` | +| `fluentd.fluentdPvcSpec.resources.requests.storage` | Fluentd persistence volume size | `21Gi` | +| `fluentd.fluentdPvcSpec.storageClassName` | Fluentd persistence volume storageclass | `"""` | diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/app-readme.md b/released/charts/rancher-logging/rancher-logging/3.9.002/app-readme.md new file mode 100755 index 000000000..2de4ab4c5 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/app-readme.md @@ -0,0 +1,22 @@ +# Rancher Logging + +This chart is based off of the upstream [Banzai Logging Operator](https://banzaicloud.com/docs/one-eye/logging-operator/) chart. The chart deploys a logging operator and CRDs, which allows users to configure complex logging pipelines with a few simple custom resources. There are two levels of logging, which allow you to collect all logs in a cluster or from a single namespace. + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/logging/v2.5/). + +## Namespace-level logging + +To collect logs from a single namespace, users create flows and these flows are connected to outputs or cluster outputs. + +## Cluster-level logging + +To collect logs from an entire cluster, users create cluster flows and cluster outputs. + +## CRDs + +- [Cluster Flow](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/clusterflow_types/) - A cluster flow is a CRD (`ClusterFlow`) that defines what logs to collect from the entire cluster. The cluster flow must be deployed in the same namespace as the logging operator. +- [Cluster Output](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/clusteroutput_types/) - A cluster output is a CRD (`ClusterOutput`) that defines how to connect to logging providers so they can start collecting logs. The cluster output must be deployed in the same namespace as the logging operator. The convenience of using a cluster output is that either a cluster flow or flow can send logs to those providers without needing to define specific outputs in each namespace for each flow. +- [Flow](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/flow_types/) - A flow is a CRD (`Flow`) that defines what logs to collect from the namespace that it is deployed in. +- [Output](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/output_types/) - An output is a CRD (`Output`) that defines how to connect to logging providers so logs can be sent to the provider. + +For more information on how to configure the Helm chart, refer to the Helm README. diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/NOTES.txt b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/NOTES.txt new file mode 100755 index 000000000..e69de29bb diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/_helpers.tpl b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/_helpers.tpl new file mode 100755 index 000000000..b2b289443 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/_helpers.tpl @@ -0,0 +1,66 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "logging-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "logging-operator.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Provides the namespace the chart will be installed in using the builtin .Release.Namespace, +or, if provided, a manually overwritten namespace value. +*/}} +{{- define "logging-operator.namespace" -}} +{{- if .Values.namespaceOverride -}} +{{ .Values.namespaceOverride -}} +{{- else -}} +{{ .Release.Namespace }} +{{- end -}} +{{- end -}} + + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "logging-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "logging-operator.labels" -}} +app.kubernetes.io/name: {{ include "logging-operator.name" . }} +helm.sh/chart: {{ include "logging-operator.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/clusterrole.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/clusterrole.yaml new file mode 100755 index 000000000..709eedb91 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/clusterrole.yaml @@ -0,0 +1,167 @@ +{{- if .Values.rbac.enabled }} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: {{ template "logging-operator.fullname" . }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - endpoints + - namespaces + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + - pods + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + - events.k8s.io + resources: + - events + verbs: + - create + - get + - list + - watch +- apiGroups: + - apps + resources: + - daemonsets + - replicasets + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + - extensions + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - extensions + - policy + resources: + - podsecuritypolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - use + - watch +- apiGroups: + - logging.banzaicloud.io + resources: + - clusterflows + - clusteroutputs + - flows + - loggings + - outputs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - logging.banzaicloud.io + resources: + - clusterflows/status + - clusteroutputs/status + - flows/status + - loggings/status + - outputs/status + verbs: + - get + - patch + - update +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - rolebindings + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/clusterrolebinding.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..89d17d094 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/clusterrolebinding.yaml @@ -0,0 +1,18 @@ +{{- if .Values.rbac.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "logging-operator.fullname" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +subjects: + - kind: ServiceAccount + name: {{ template "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "logging-operator.fullname" . }} + + {{- end }} \ No newline at end of file diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/crds.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/crds.yaml new file mode 100755 index 000000000..f573652d0 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/crds.yaml @@ -0,0 +1,6 @@ +{{- if .Values.createCustomResource -}} +{{- range $path, $bytes := .Files.Glob "crds/*.yaml" }} +{{ $.Files.Get $path }} +--- +{{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/deployment.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/deployment.yaml new file mode 100755 index 000000000..da93d4c29 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/deployment.yaml @@ -0,0 +1,62 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + ports: + - name: http + containerPort: {{ .Values.http.port }} + + {{- if .Values.securityContext }} + securityContext: {{ toYaml .Values.securityContext | nindent 12 }} + {{- end }} + {{- if .Values.podSecurityContext }} + securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }} + {{- end }} + + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.rbac.enabled }} + serviceAccountName: {{ include "logging-operator.fullname" . }} + {{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/aks/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/aks/logging.yaml new file mode 100755 index 000000000..916f93b41 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/aks/logging.yaml @@ -0,0 +1,58 @@ +{{- if .Values.additionalLoggingSources.aks.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-aks + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "aks" + Path: "/var/log/azure/kubelet-status.log" + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.livenessProbe }} + livenessProbe: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/eks/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/eks/logging.yaml new file mode 100755 index 000000000..da4af2d9e --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/eks/logging.yaml @@ -0,0 +1,59 @@ +{{- if .Values.additionalLoggingSources.eks.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-eks + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "eks" + Path: "/var/log/messages" + Parser: "syslog" + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.livenessProbe }} + livenessProbe: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/gke/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/gke/logging.yaml new file mode 100755 index 000000000..3823127b2 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/gke/logging.yaml @@ -0,0 +1,58 @@ +{{- if .Values.additionalLoggingSources.gke.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-gke + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "gke" + Path: "/var/log/kube-proxy.log" + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.livenessProbe }} + livenessProbe: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/k3s/logging-k3s-openrc.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/k3s/logging-k3s-openrc.yaml new file mode 100755 index 000000000..cf5e988f3 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/k3s/logging-k3s-openrc.yaml @@ -0,0 +1,68 @@ +{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "openrc")}} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-k3s + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "k3s" + Path: "/var/log/k3s.log" + extraVolumeMounts: + - source: "/var/log/" + destination: "/var/log" + readOnly: true + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.livenessProbe }} + livenessProbe: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/k3s/logging-k3s-systemd.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/k3s/logging-k3s-systemd.yaml new file mode 100755 index 000000000..c4b3db0e7 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/k3s/logging-k3s-systemd.yaml @@ -0,0 +1,68 @@ +{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "systemd")}} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-k3s + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "k3s" + Path: "/var/log/syslog" + extraVolumeMounts: + - source: "/var/log/" + destination: "/var/log" + readOnly: true + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.livenessProbe }} + livenessProbe: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/rke/configmap.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/rke/configmap.yaml new file mode 100755 index 000000000..ab91d93e2 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/rke/configmap.yaml @@ -0,0 +1,29 @@ +{{- if .Values.additionalLoggingSources.rke.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-rke + labels: +{{ include "logging-operator.labels" . | indent 4 }} +data: + fluent-bit.conf: | + [SERVICE] + Log_Level {{ .Values.additionalLoggingSources.rke.fluentbit.log_level }} + Parsers_File parsers.conf + + [INPUT] + Tag rke + Name tail + Path_Key filename + Parser docker + DB /tail-db/tail-containers-state.db + Mem_Buf_Limit {{ .Values.additionalLoggingSources.rke.fluentbit.mem_buffer_limit }} + Path /var/lib/rancher/rke/log/*.log + + [OUTPUT] + Name forward + Match * + Host {{ .Release.Name }}-fluentd.{{ .Release.Namespace }}.svc + Port 24240 + Retry_Limit False +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/rke/daemonset.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/rke/daemonset.yaml new file mode 100755 index 000000000..840b3e722 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/rke/daemonset.yaml @@ -0,0 +1,124 @@ +{{- if .Values.additionalLoggingSources.rke.enabled }} +{{- $containers := printf "%s/containers/" (default "/var/lib/docker" .Values.global.dockerRootDirectory) }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + selector: + matchLabels: + name: {{ .Release.Name }}-rke-aggregator + template: + metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" + labels: + name: {{ .Release.Name }}-rke-aggregator + spec: + containers: + - name: fluentbit + image: "{{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}:{{ .Values.images.fluentbit.tag }}" + volumeMounts: + - mountPath: /var/lib/rancher/rke/log/ + name: indir + - mountPath: {{ $containers }} + name: containers + - mountPath: /tail-db + name: positiondb + - mountPath: /fluent-bit/etc/fluent-bit.conf + name: config + subPath: fluent-bit.conf + {{- if .Values.global.seLinux.enabled }} + securityContext: + seLinuxOptions: + type: rke_logreader_t + {{- end }} + volumes: + - name: indir + hostPath: + path: /var/lib/rancher/rke/log/ + type: DirectoryOrCreate + - name: containers + hostPath: + path: {{ $containers }} + type: DirectoryOrCreate + - name: positiondb + emptyDir: {} + - name: config + configMap: + name: "{{ .Release.Name }}-rke" + serviceAccountName: "{{ .Release.Name }}-rke-aggregator" + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" +{{- if .Values.global.psp.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: "{{ .Release.Name }}-rke-aggregator" +rules: + - apiGroups: + - policy + resourceNames: + - "{{ .Release.Name }}-rke-aggregator" + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "{{ .Release.Name }}-rke-aggregator" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: "{{ .Release.Name }}-rke-aggregator" +subjects: + - kind: ServiceAccount + name: "{{ .Release.Name }}-rke-aggregator" +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + allowPrivilegeEscalation: false + allowedHostPaths: + - pathPrefix: {{ $containers }} + readOnly: false + - pathPrefix: /var/lib/rancher/rke/log/ + readOnly: false + - pathPrefix: /var/lib/rancher/logging/ + readOnly: false + fsGroup: + rule: RunAsAny + readOnlyRootFilesystem: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - emptyDir + - secret + - hostPath +{{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/rke2/configmap.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/rke2/configmap.yaml new file mode 100755 index 000000000..86369d140 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/rke2/configmap.yaml @@ -0,0 +1,21 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-rke2 + labels: +{{ include "logging-operator.labels" . | indent 4 }} +data: + fluent-bit.conf: | + [INPUT] + Name systemd + Tag rke2 + Systemd_Filter _SYSTEMD_UNIT=rke2.service + + [OUTPUT] + Name forward + Match * + Host {{ .Release.Name }}-fluentd.{{ .Release.Namespace }}.svc + Port 24240 + Retry_Limit False +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/rke2/daemonset.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/rke2/daemonset.yaml new file mode 100755 index 000000000..580522259 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/rke2/daemonset.yaml @@ -0,0 +1,104 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + selector: + matchLabels: + name: {{ .Release.Name }}-rke2-journald-aggregator + template: + metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" + labels: + name: {{ .Release.Name }}-rke2-journald-aggregator + spec: + containers: + - name: fluentd + image: "{{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}:{{ .Values.images.fluentbit.tag }}" + {{- if .Values.global.seLinux.enabled }} + securityContext: + seLinuxOptions: + type: rke_logreader_t + {{- end }} + volumeMounts: + - mountPath: /fluent-bit/etc/ + name: config + - mountPath: /run/log/journal + name: journal + readOnly: true + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: "{{ .Release.Name }}-rke2-journald-aggregator" + volumes: + - name: config + configMap: + name: "{{ .Release.Name }}-rke2" + - name: journal + hostPath: + path: /run/log/journal +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +{{- if .Values.global.psp.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" +rules: + - apiGroups: + - policy + resourceNames: + - "{{ .Release.Name }}-rke2-journald-aggregator" + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: "{{ .Release.Name }}-rke2-journald-aggregator" +subjects: + - kind: ServiceAccount + name: "{{ .Release.Name }}-rke2-journald-aggregator" +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + allowPrivilegeEscalation: false + fsGroup: + rule: RunAsAny + readOnlyRootFilesystem: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - emptyDir + - secret + - hostPath +{{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/rke2/logging-rke2-containers.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/rke2/logging-rke2-containers.yaml new file mode 100755 index 000000000..7be4972e7 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/rke2/logging-rke2-containers.yaml @@ -0,0 +1,73 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-rke2-containers + namespace: {{ .Release.Namespace }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "rke2" + Path: "/var/log/containers/*rke*.log" + extraVolumeMounts: + - source: "/var/log/containers/" + destination: "/var/log/containers/" + readOnly: true + {{- if or .Values.global.psp.enabled .Values.global.seLinux.enabled }} + security: + {{- end }} + {{- if or .Values.global.psp.enabled }} + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- if .Values.global.seLinux.enabled }} + securityContext: + seLinuxOptions: + type: rke_logreader_t + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.livenessProbe }} + livenessProbe: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/root/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/root/logging.yaml new file mode 100755 index 000000000..b7581cad3 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/loggings/root/logging.yaml @@ -0,0 +1,74 @@ +{{- $containers := printf "%s/containers/" (default "/var/lib/docker" .Values.global.dockerRootDirectory) }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + {{- if or .Values.global.psp.enabled .Values.global.seLinux.enabled }} + security: + {{- end }} + {{- if .Values.global.psp.enabled }} + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- if .Values.global.seLinux.enabled }} + securityContext: + seLinuxOptions: + type: rke_logreader_t + {{- end }} + {{- if .Values.global.dockerRootDirectory }} + mountPath: {{ $containers }} + extraVolumeMounts: + - source: {{ $containers }} + destination: {{ $containers }} + readOnly: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.livenessProbe }} + livenessProbe: {{- toYaml . | nindent 6 }} + {{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/psp.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/psp.yaml new file mode 100755 index 000000000..d0eab300c --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/psp.yaml @@ -0,0 +1,33 @@ +{{ if and .Values.rbac.enabled .Values.rbac.psp.enabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: psp.logging-operator + namespace: {{ include "logging-operator.namespace" . }} + annotations: + seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default,runtime/default' + seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default' + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + readOnlyRootFilesystem: true + privileged: false + allowPrivilegeEscalation: false + runAsUser: + rule: MustRunAsNonRoot + fsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + supplementalGroups: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + volumes: + - secret + - configMap +{{ end }} \ No newline at end of file diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/service.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/service.yaml new file mode 100755 index 000000000..f419ae2c4 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + type: ClusterIP + {{- with .Values.http.service.clusterIP }} + clusterIP: {{ . }} + {{- end }} + ports: + - port: {{ .Values.http.port }} + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/serviceMonitor.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/serviceMonitor.yaml new file mode 100755 index 000000000..1bb762cde --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/serviceMonitor.yaml @@ -0,0 +1,30 @@ +{{ if .Values.monitoring.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +{{- with .Values.monitoring.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} +{{- end }} +spec: + selector: + matchLabels: +{{ include "logging-operator.labels" . | indent 6 }} + endpoints: + - port: http + path: /metrics + {{- with .Values.monitoring.serviceMonitor.metricsRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.monitoring.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 4 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "logging-operator.namespace" . }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/serviceaccount.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/serviceaccount.yaml new file mode 100755 index 000000000..cbb2a94b4 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/serviceaccount.yaml @@ -0,0 +1,10 @@ +{{- if .Values.rbac.enabled }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/userroles.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/userroles.yaml new file mode 100755 index 000000000..f4136b09a --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/userroles.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "logging-admin" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: + - "logging.banzaicloud.io" + resources: + - flows + - outputs + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "logging-view" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: + - apiGroups: + - "logging.banzaicloud.io" + resources: + - flows + - outputs + - clusterflows + - clusteroutputs + verbs: + - get + - list + - watch diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/validate-install-crd.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/validate-install-crd.yaml new file mode 100755 index 000000000..66e8725e5 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/validate-install-crd.yaml @@ -0,0 +1,18 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/ClusterFlow" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/ClusterOutput" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Flow" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Logging" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Output" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/templates/validate-install.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/validate-install.yaml new file mode 100755 index 000000000..bd624cc4b --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/templates/validate-install.yaml @@ -0,0 +1,5 @@ +#{{- if .Values.global.dockerRootDirectory }} +#{{- if or (hasSuffix "/containers" .Values.global.dockerRootDirectory) (hasSuffix "/" .Values.global.dockerRootDirectory) }} +#{{- required "global.dockerRootDirectory must not end with suffix: '/' or '/containers'" "" -}} +#{{- end }} +#{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.002/values.yaml b/released/charts/rancher-logging/rancher-logging/3.9.002/values.yaml new file mode 100755 index 000000000..fab44ef84 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.002/values.yaml @@ -0,0 +1,156 @@ +# Default values for logging-operator. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: rancher/mirrored-banzaicloud-logging-operator + tag: 3.9.0 + pullPolicy: IfNotPresent + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" +namespaceOverride: "" + +annotations: {} + +## Deploy CRDs used by Logging Operator. +## +createCustomResource: false + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: + kubernetes.io/os: linux + +tolerations: + - key: cattle.io/os + operator: "Equal" + value: "linux" + effect: NoSchedule + +affinity: {} + +http: + # http listen port number + port: 8080 + # Service definition for query http service + service: + type: ClusterIP + clusterIP: None + # Annotations to query http service + annotations: {} + # Labels to query http service + labels: {} + +# These "rbac" settings match the upstream defaults. For only using psp in the overlay files, which +# include the default Logging CRs created, see the "global.psp" setting. To enable psp for the entire +# chart, enable both "rbac.psp" and "global.psp" (this may require further changes to the chart). +rbac: + enabled: true + psp: + enabled: false + +## SecurityContext holds pod-level security attributes and common container settings. +## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +podSecurityContext: {} +# runAsNonRoot: true +# runAsUser: 1000 +# fsGroup: 2000 +securityContext: {} +# allowPrivilegeEscalation: false +# readOnlyRootFilesystem: true + # capabilities: + # drop: ["ALL"] + +## Operator priorityClassName +## +priorityClassName: {} + +monitoring: + # Create a Prometheus Operator ServiceMonitor object + serviceMonitor: + enabled: false + additionalLabels: {} + metricRelabelings: [] + relabelings: [] + +disablePvc: true + +additionalLoggingSources: + rke: + enabled: false + fluentbit: + log_level: "info" + mem_buffer_limit: "5MB" + rke2: + enabled: false + k3s: + enabled: false + container_engine: "systemd" + aks: + enabled: false + eks: + enabled: false + gke: + enabled: false + +images: + config_reloader: + repository: rancher/mirrored-jimmidyson-configmap-reload + tag: v0.4.0 + fluentbit: + repository: rancher/mirrored-fluent-fluent-bit + tag: 1.6.10 + fluentbit_debug: + repository: rancher/mirrored-fluent-fluent-bit + tag: 1.6.10-debug + fluentd: + repository: rancher/mirrored-banzaicloud-fluentd + tag: v1.11.5-alpine-9 + +# These "fluentd" and "fluentbit" settings apply to every Logging CR, including vendor Logging CRs +# enabled in "additionalLoggingSources". Changing these affects every Logging CR installed. +fluentd: + resources: {} + livenessProbe: + tcpSocket: + port: 24240 + initialDelaySeconds: 30 + periodSeconds: 15 +fluentbit: + resources: {} + tolerations: + - key: node-role.kubernetes.io/controlplane + value: "true" + effect: NoSchedule + - key: node-role.kubernetes.io/etcd + value: "true" + effect: NoExecute + +global: + cattle: + systemDefaultRegistry: "" + # Change the "dockerRootDirectory" if the default Docker directory has changed. + dockerRootDirectory: "" + # This psp setting differs from the upstream "rbac.psp" by only enabling psp settings for the + # overlay files, which include the Logging CRs created, whereas the upstream "rbac.psp" affects the + # logging operator. + psp: + enabled: true + seLinux: + enabled: false diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/.helmignore b/released/charts/rancher-logging/rancher-logging/3.9.400/.helmignore new file mode 100755 index 000000000..50af03172 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/Chart.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/Chart.yaml new file mode 100755 index 000000000..62a9a2fee --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/Chart.yaml @@ -0,0 +1,19 @@ +annotations: + catalog.cattle.io/auto-install: rancher-logging-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Logging + catalog.cattle.io/namespace: cattle-logging-system + catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 + catalog.cattle.io/release-name: rancher-logging + catalog.cattle.io/ui-component: logging +apiVersion: v1 +appVersion: 3.9.4 +description: Collects and filter logs using highly configurable CRDs. Powered by Banzai + Cloud Logging Operator. +icon: https://charts.rancher.io/assets/logos/logging.svg +keywords: +- logging +- monitoring +- security +name: rancher-logging +version: 3.9.400 diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/README.md b/released/charts/rancher-logging/rancher-logging/3.9.400/README.md new file mode 100755 index 000000000..e2080b743 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/README.md @@ -0,0 +1,131 @@ + +# Logging operator Chart + +[Logging operator](https://github.com/banzaicloud/logging-operator) Managed centralized logging component fluentd and fluent-bit instance on cluster. + +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator +``` + +## Introduction + +This chart bootstraps a [Logging Operator](https://github.com/banzaicloud/logging-operator) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Kubernetes 1.8+ with Beta APIs enabled + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +$ helm install --name my-release banzaicloud-stable/logging-operator +``` + +### CRDs +Use `createCustomResource=false` with Helm v3 to avoid trying to create CRDs from the `crds` folder and from templates at the same time. + +The command deploys **Logging operator** on the Kubernetes cluster with the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete my-release +``` + +The command removes all Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following tables lists the configurable parameters of the logging-operator chart and their default values. + +| Parameter | Description | Default | +| --------------------------------------------------- | ------------------------------------------------------ | ------------------------------ | +| `image.repository` | Container image repository | `ghcr.io/banzaicloud/logging-operator` | +| `image.tag` | Container image tag | `3.9.4` | +| `image.pullPolicy` | Container pull policy | `IfNotPresent` | +| `nameOverride` | Override name of app | `` | +| `fullnameOverride` | Override full name of app | `` | +| `namespaceOverride` | Override namespace of app | `` | +| `watchNamespace` | Namespace to watch for LoggingOperator CRD | `` | +| `rbac.enabled` | Create rbac service account and roles | `true` | +| `rbac.psp.enabled` | Must be used with `rbac.enabled` true. If true, creates & uses RBAC resources required in the cluster with [Pod Security Policies](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) enabled. | `false` | +| `priorityClassName` | Operator priorityClassName | `{}` | +| `affinity` | Node Affinity | `{}` | +| `resources` | CPU/Memory resource requests/limits | `{}` | +| `tolerations` | Node Tolerations | `[]` | +| `nodeSelector` | Define which Nodes the Pods are scheduled on. | `{}` | +| `podLabels` | Define custom labels for logging-operator pods | `{}` | +| `annotations` | Define annotations for logging-operator pods | `{}` | +| `podSecurityContext` | Pod SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{"runAsNonRoot": true, "runAsUser": 1000, "fsGroup": 2000}` | +| `securityContext` | Container SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{"allowPrivilegeEscalation": false, "readOnlyRootFilesystem": true}` | +| `createCustomResource` | Create CRDs. | `true` | +| `monitoring.serviceMonitor.enabled` | Create Prometheus Operator servicemonitor. | `false` | +| `global.seLinux.enabled` | Add seLinuxOptions to Logging resources, requires the [rke2-selinux RPM](https://github.com/rancher/rke2-selinux/releases) | `false` | + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example: + +```bash +$ helm install --name my-release -f values.yaml banzaicloud-stable/logging-operator +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Installing Fluentd and Fluent-bit via logging + +The previous chart does **not** install `logging` resource to deploy Fluentd and Fluent-bit on cluster. To install them please use the [Logging Operator Logging](https://github.com/banzaicloud/logging-operator/tree/master/charts/logging-operator-logging) chart. + +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator-logging +``` + +## Configuration + +The following tables lists the configurable parameters of the logging-operator-logging chart and their default values. +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator-logging +``` + +## Configuration + +The following tables lists the configurable parameters of the logging-operator-logging chart and their default values. + +| Parameter | Description | Default | +| --------------------------------------------------- | ------------------------------------------------------ | ------------------------------ | +| `tls.enabled` | Enabled TLS communication between components | true | +| `tls.fluentdSecretName` | Specified secret name, which contain tls certs | This will overwrite automatic Helm certificate generation. | +| `tls.fluentbitSecretName` | Specified secret name, which contain tls certs | This will overwrite automatic Helm certificate generation. | +| `tls.sharedKey` | Shared key between nodes (fluentd-fluentbit) | [autogenerated] | +| `fluentbit.enabled` | Install fluent-bit | true | +| `fluentbit.namespace` | Specified fluentbit installation namespace | same as operator namespace | +| `fluentbit.image.tag` | Fluentbit container image tag | `1.6.10` | +| `fluentbit.image.repository` | Fluentbit container image repository | `fluent/fluent-bit` | +| `fluentbit.image.pullPolicy` | Fluentbit container pull policy | `IfNotPresent` | +| `fluentd.enabled` | Install fluentd | true | +| `fluentd.image.tag` | Fluentd container image tag | `v1.11.5-alpine-12` | +| `fluentd.image.repository` | Fluentd container image repository | `ghcr.io/banzaicloud/fluentd` | +| `fluentd.image.pullPolicy` | Fluentd container pull policy | `IfNotPresent` | +| `fluentd.volumeModImage.tag` | Fluentd volumeModImage container image tag | `latest` | +| `fluentd.volumeModImage.repository` | Fluentd volumeModImage container image repository | `busybox` | +| `fluentd.volumeModImage.pullPolicy` | Fluentd volumeModImage container pull policy | `IfNotPresent` | +| `fluentd.configReloaderImage.tag` | Fluentd configReloaderImage container image tag | `v0.2.2` | +| `fluentd.configReloaderImage.repository` | Fluentd configReloaderImage container image repository | `jimmidyson/configmap-reload` | +| `fluentd.configReloaderImage.pullPolicy` | Fluentd configReloaderImage container pull policy | `IfNotPresent` | +| `fluentd.fluentdPvcSpec.accessModes` | Fluentd persistence volume access modes | `[ReadWriteOnce]` | +| `fluentd.fluentdPvcSpec.resources.requests.storage` | Fluentd persistence volume size | `21Gi` | +| `fluentd.fluentdPvcSpec.storageClassName` | Fluentd persistence volume storageclass | `"""` | diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/app-readme.md b/released/charts/rancher-logging/rancher-logging/3.9.400/app-readme.md new file mode 100755 index 000000000..2de4ab4c5 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/app-readme.md @@ -0,0 +1,22 @@ +# Rancher Logging + +This chart is based off of the upstream [Banzai Logging Operator](https://banzaicloud.com/docs/one-eye/logging-operator/) chart. The chart deploys a logging operator and CRDs, which allows users to configure complex logging pipelines with a few simple custom resources. There are two levels of logging, which allow you to collect all logs in a cluster or from a single namespace. + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/logging/v2.5/). + +## Namespace-level logging + +To collect logs from a single namespace, users create flows and these flows are connected to outputs or cluster outputs. + +## Cluster-level logging + +To collect logs from an entire cluster, users create cluster flows and cluster outputs. + +## CRDs + +- [Cluster Flow](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/clusterflow_types/) - A cluster flow is a CRD (`ClusterFlow`) that defines what logs to collect from the entire cluster. The cluster flow must be deployed in the same namespace as the logging operator. +- [Cluster Output](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/clusteroutput_types/) - A cluster output is a CRD (`ClusterOutput`) that defines how to connect to logging providers so they can start collecting logs. The cluster output must be deployed in the same namespace as the logging operator. The convenience of using a cluster output is that either a cluster flow or flow can send logs to those providers without needing to define specific outputs in each namespace for each flow. +- [Flow](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/flow_types/) - A flow is a CRD (`Flow`) that defines what logs to collect from the namespace that it is deployed in. +- [Output](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/output_types/) - An output is a CRD (`Output`) that defines how to connect to logging providers so logs can be sent to the provider. + +For more information on how to configure the Helm chart, refer to the Helm README. diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/NOTES.txt b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/NOTES.txt new file mode 100755 index 000000000..e69de29bb diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/_helpers.tpl b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/_helpers.tpl new file mode 100755 index 000000000..b2b289443 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/_helpers.tpl @@ -0,0 +1,66 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "logging-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "logging-operator.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Provides the namespace the chart will be installed in using the builtin .Release.Namespace, +or, if provided, a manually overwritten namespace value. +*/}} +{{- define "logging-operator.namespace" -}} +{{- if .Values.namespaceOverride -}} +{{ .Values.namespaceOverride -}} +{{- else -}} +{{ .Release.Namespace }} +{{- end -}} +{{- end -}} + + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "logging-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "logging-operator.labels" -}} +app.kubernetes.io/name: {{ include "logging-operator.name" . }} +helm.sh/chart: {{ include "logging-operator.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/clusterrole.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/clusterrole.yaml new file mode 100755 index 000000000..709eedb91 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/clusterrole.yaml @@ -0,0 +1,167 @@ +{{- if .Values.rbac.enabled }} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: {{ template "logging-operator.fullname" . }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - endpoints + - namespaces + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + - pods + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + - events.k8s.io + resources: + - events + verbs: + - create + - get + - list + - watch +- apiGroups: + - apps + resources: + - daemonsets + - replicasets + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + - extensions + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - extensions + - policy + resources: + - podsecuritypolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - use + - watch +- apiGroups: + - logging.banzaicloud.io + resources: + - clusterflows + - clusteroutputs + - flows + - loggings + - outputs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - logging.banzaicloud.io + resources: + - clusterflows/status + - clusteroutputs/status + - flows/status + - loggings/status + - outputs/status + verbs: + - get + - patch + - update +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - rolebindings + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/clusterrolebinding.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..89d17d094 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/clusterrolebinding.yaml @@ -0,0 +1,18 @@ +{{- if .Values.rbac.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "logging-operator.fullname" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +subjects: + - kind: ServiceAccount + name: {{ template "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "logging-operator.fullname" . }} + + {{- end }} \ No newline at end of file diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/crds.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/crds.yaml new file mode 100755 index 000000000..f573652d0 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/crds.yaml @@ -0,0 +1,6 @@ +{{- if .Values.createCustomResource -}} +{{- range $path, $bytes := .Files.Glob "crds/*.yaml" }} +{{ $.Files.Get $path }} +--- +{{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/deployment.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/deployment.yaml new file mode 100755 index 000000000..26d14cca2 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/deployment.yaml @@ -0,0 +1,68 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- with .Values.podLabels }} + {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" + args: {{ range .Values.extraArgs }} + - {{ . -}} + {{ end }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + ports: + - name: http + containerPort: {{ .Values.http.port }} + + {{- if .Values.securityContext }} + securityContext: {{ toYaml .Values.securityContext | nindent 12 }} + {{- end }} + {{- if .Values.podSecurityContext }} + securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }} + {{- end }} + + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.rbac.enabled }} + serviceAccountName: {{ include "logging-operator.fullname" . }} + {{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/aks/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/aks/logging.yaml new file mode 100755 index 000000000..916f93b41 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/aks/logging.yaml @@ -0,0 +1,58 @@ +{{- if .Values.additionalLoggingSources.aks.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-aks + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "aks" + Path: "/var/log/azure/kubelet-status.log" + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.livenessProbe }} + livenessProbe: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/eks/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/eks/logging.yaml new file mode 100755 index 000000000..da4af2d9e --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/eks/logging.yaml @@ -0,0 +1,59 @@ +{{- if .Values.additionalLoggingSources.eks.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-eks + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "eks" + Path: "/var/log/messages" + Parser: "syslog" + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.livenessProbe }} + livenessProbe: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/gke/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/gke/logging.yaml new file mode 100755 index 000000000..3823127b2 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/gke/logging.yaml @@ -0,0 +1,58 @@ +{{- if .Values.additionalLoggingSources.gke.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-gke + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "gke" + Path: "/var/log/kube-proxy.log" + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.livenessProbe }} + livenessProbe: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/k3s/logging-k3s-openrc.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/k3s/logging-k3s-openrc.yaml new file mode 100755 index 000000000..cf5e988f3 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/k3s/logging-k3s-openrc.yaml @@ -0,0 +1,68 @@ +{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "openrc")}} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-k3s + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "k3s" + Path: "/var/log/k3s.log" + extraVolumeMounts: + - source: "/var/log/" + destination: "/var/log" + readOnly: true + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.livenessProbe }} + livenessProbe: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/k3s/logging-k3s-systemd.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/k3s/logging-k3s-systemd.yaml new file mode 100755 index 000000000..c4b3db0e7 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/k3s/logging-k3s-systemd.yaml @@ -0,0 +1,68 @@ +{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "systemd")}} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-k3s + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "k3s" + Path: "/var/log/syslog" + extraVolumeMounts: + - source: "/var/log/" + destination: "/var/log" + readOnly: true + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.livenessProbe }} + livenessProbe: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/rke/configmap.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/rke/configmap.yaml new file mode 100755 index 000000000..ab91d93e2 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/rke/configmap.yaml @@ -0,0 +1,29 @@ +{{- if .Values.additionalLoggingSources.rke.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-rke + labels: +{{ include "logging-operator.labels" . | indent 4 }} +data: + fluent-bit.conf: | + [SERVICE] + Log_Level {{ .Values.additionalLoggingSources.rke.fluentbit.log_level }} + Parsers_File parsers.conf + + [INPUT] + Tag rke + Name tail + Path_Key filename + Parser docker + DB /tail-db/tail-containers-state.db + Mem_Buf_Limit {{ .Values.additionalLoggingSources.rke.fluentbit.mem_buffer_limit }} + Path /var/lib/rancher/rke/log/*.log + + [OUTPUT] + Name forward + Match * + Host {{ .Release.Name }}-fluentd.{{ .Release.Namespace }}.svc + Port 24240 + Retry_Limit False +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/rke/daemonset.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/rke/daemonset.yaml new file mode 100755 index 000000000..840b3e722 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/rke/daemonset.yaml @@ -0,0 +1,124 @@ +{{- if .Values.additionalLoggingSources.rke.enabled }} +{{- $containers := printf "%s/containers/" (default "/var/lib/docker" .Values.global.dockerRootDirectory) }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + selector: + matchLabels: + name: {{ .Release.Name }}-rke-aggregator + template: + metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" + labels: + name: {{ .Release.Name }}-rke-aggregator + spec: + containers: + - name: fluentbit + image: "{{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}:{{ .Values.images.fluentbit.tag }}" + volumeMounts: + - mountPath: /var/lib/rancher/rke/log/ + name: indir + - mountPath: {{ $containers }} + name: containers + - mountPath: /tail-db + name: positiondb + - mountPath: /fluent-bit/etc/fluent-bit.conf + name: config + subPath: fluent-bit.conf + {{- if .Values.global.seLinux.enabled }} + securityContext: + seLinuxOptions: + type: rke_logreader_t + {{- end }} + volumes: + - name: indir + hostPath: + path: /var/lib/rancher/rke/log/ + type: DirectoryOrCreate + - name: containers + hostPath: + path: {{ $containers }} + type: DirectoryOrCreate + - name: positiondb + emptyDir: {} + - name: config + configMap: + name: "{{ .Release.Name }}-rke" + serviceAccountName: "{{ .Release.Name }}-rke-aggregator" + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" +{{- if .Values.global.psp.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: "{{ .Release.Name }}-rke-aggregator" +rules: + - apiGroups: + - policy + resourceNames: + - "{{ .Release.Name }}-rke-aggregator" + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "{{ .Release.Name }}-rke-aggregator" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: "{{ .Release.Name }}-rke-aggregator" +subjects: + - kind: ServiceAccount + name: "{{ .Release.Name }}-rke-aggregator" +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + allowPrivilegeEscalation: false + allowedHostPaths: + - pathPrefix: {{ $containers }} + readOnly: false + - pathPrefix: /var/lib/rancher/rke/log/ + readOnly: false + - pathPrefix: /var/lib/rancher/logging/ + readOnly: false + fsGroup: + rule: RunAsAny + readOnlyRootFilesystem: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - emptyDir + - secret + - hostPath +{{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/rke2/configmap.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/rke2/configmap.yaml new file mode 100755 index 000000000..f1ba032d5 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/rke2/configmap.yaml @@ -0,0 +1,22 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-rke2 + labels: +{{ include "logging-operator.labels" . | indent 4 }} +data: + fluent-bit.conf: | + [INPUT] + Name systemd + Tag rke2 + Path {{ .Values.systemdLogPath | default "/var/log/journal" }} + Systemd_Filter _SYSTEMD_UNIT=rke2-server.service + + [OUTPUT] + Name forward + Match * + Host {{ .Release.Name }}-fluentd.{{ .Release.Namespace }}.svc + Port 24240 + Retry_Limit False +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/rke2/daemonset.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/rke2/daemonset.yaml new file mode 100755 index 000000000..f45b74b76 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/rke2/daemonset.yaml @@ -0,0 +1,110 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + selector: + matchLabels: + name: {{ .Release.Name }}-rke2-journald-aggregator + template: + metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" + labels: + name: {{ .Release.Name }}-rke2-journald-aggregator + spec: + containers: + - name: fluentd + image: "{{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}:{{ .Values.images.fluentbit.tag }}" + {{- if .Values.global.seLinux.enabled }} + securityContext: + seLinuxOptions: + type: rke_logreader_t + {{- end }} + volumeMounts: + - mountPath: /fluent-bit/etc/ + name: config + - mountPath: {{ .Values.systemdLogPath | default "/var/log/journal" }} + name: journal + readOnly: true + - mountPath: /etc/machine-id + name: machine-id + readOnly: true + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: "{{ .Release.Name }}-rke2-journald-aggregator" + volumes: + - name: config + configMap: + name: "{{ .Release.Name }}-rke2" + - name: journal + hostPath: + path: {{ .Values.systemdLogPath | default "/var/log/journal" }} + - name: machine-id + hostPath: + path: /etc/machine-id +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +{{- if .Values.global.psp.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" +rules: + - apiGroups: + - policy + resourceNames: + - "{{ .Release.Name }}-rke2-journald-aggregator" + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: "{{ .Release.Name }}-rke2-journald-aggregator" +subjects: + - kind: ServiceAccount + name: "{{ .Release.Name }}-rke2-journald-aggregator" +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + allowPrivilegeEscalation: false + fsGroup: + rule: RunAsAny + readOnlyRootFilesystem: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - emptyDir + - secret + - hostPath +{{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/rke2/logging-rke2-containers.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/rke2/logging-rke2-containers.yaml new file mode 100755 index 000000000..7be4972e7 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/rke2/logging-rke2-containers.yaml @@ -0,0 +1,73 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-rke2-containers + namespace: {{ .Release.Namespace }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "rke2" + Path: "/var/log/containers/*rke*.log" + extraVolumeMounts: + - source: "/var/log/containers/" + destination: "/var/log/containers/" + readOnly: true + {{- if or .Values.global.psp.enabled .Values.global.seLinux.enabled }} + security: + {{- end }} + {{- if or .Values.global.psp.enabled }} + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- if .Values.global.seLinux.enabled }} + securityContext: + seLinuxOptions: + type: rke_logreader_t + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.livenessProbe }} + livenessProbe: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/root/logging.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/root/logging.yaml new file mode 100755 index 000000000..797286d26 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/loggings/root/logging.yaml @@ -0,0 +1,111 @@ +{{- $containers := printf "%s/containers/" (default "/var/lib/docker" .Values.global.dockerRootDirectory) }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + {{- if .Values.global.cattle.windows.enabled }} + nodeAgents: + - name: win-agent + profile: windows + nodeAgentFluentbit: + daemonSet: + spec: + template: + spec: + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.images.nodeagent_fluentbit.repository }}:{{ .Values.images.nodeagent_fluentbit.tag }}" + name: fluent-bit + tls: + enabled: {{ .Values.nodeAgents.tls.enabled | default false }} + {{- if .Values.additionalLoggingSources.rke.enabled }} + - name: win-agent-rke + profile: windows + nodeAgentFluentbit: + filterKubernetes: + Kube_Tag_Prefix: "kuberentes.C.var.lib.rancher.rke.log." + inputTail: + Path: "C:\\var\\lib\\rancher\\rke\\log" + extraVolumeMounts: + - source: "/var/lib/rancher/rke/log" + destination: "/var/lib/rancher/rke/log" + readOnly: true + daemonSet: + spec: + template: + spec: + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.images.nodeagent_fluentbit.repository }}:{{ .Values.images.nodeagent_fluentbit.tag }}" + name: fluent-bit + tls: + enabled: {{ .Values.nodeAgents.tls.enabled | default false }} + {{- end }} + {{- end }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + {{- if or .Values.global.psp.enabled .Values.global.seLinux.enabled }} + security: + {{- end }} + {{- if .Values.global.psp.enabled }} + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- if .Values.global.seLinux.enabled }} + securityContext: + seLinuxOptions: + type: rke_logreader_t + {{- end }} + {{- if .Values.global.dockerRootDirectory }} + mountPath: {{ $containers }} + extraVolumeMounts: + - source: {{ $containers }} + destination: {{ $containers }} + readOnly: true + {{- end }} + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.livenessProbe }} + livenessProbe: {{- toYaml . | nindent 6 }} + {{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/psp.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/psp.yaml new file mode 100755 index 000000000..420067f59 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/psp.yaml @@ -0,0 +1,33 @@ +{{ if and .Values.rbac.enabled .Values.rbac.psp.enabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: psp.logging-operator + namespace: {{ include "logging-operator.namespace" . }} + annotations: + seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default' + seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default' + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + readOnlyRootFilesystem: true + privileged: false + allowPrivilegeEscalation: false + runAsUser: + rule: MustRunAsNonRoot + fsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + supplementalGroups: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + volumes: + - secret + - configMap +{{ end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/service.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/service.yaml new file mode 100755 index 000000000..f419ae2c4 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + type: ClusterIP + {{- with .Values.http.service.clusterIP }} + clusterIP: {{ . }} + {{- end }} + ports: + - port: {{ .Values.http.port }} + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/serviceMonitor.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/serviceMonitor.yaml new file mode 100755 index 000000000..1bb762cde --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/serviceMonitor.yaml @@ -0,0 +1,30 @@ +{{ if .Values.monitoring.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +{{- with .Values.monitoring.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} +{{- end }} +spec: + selector: + matchLabels: +{{ include "logging-operator.labels" . | indent 6 }} + endpoints: + - port: http + path: /metrics + {{- with .Values.monitoring.serviceMonitor.metricsRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.monitoring.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 4 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "logging-operator.namespace" . }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/serviceaccount.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/serviceaccount.yaml new file mode 100755 index 000000000..cbb2a94b4 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/serviceaccount.yaml @@ -0,0 +1,10 @@ +{{- if .Values.rbac.enabled }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/userroles.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/userroles.yaml new file mode 100755 index 000000000..f4136b09a --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/userroles.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "logging-admin" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: + - "logging.banzaicloud.io" + resources: + - flows + - outputs + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "logging-view" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: + - apiGroups: + - "logging.banzaicloud.io" + resources: + - flows + - outputs + - clusterflows + - clusteroutputs + verbs: + - get + - list + - watch diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/validate-install-crd.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/validate-install-crd.yaml new file mode 100755 index 000000000..66e8725e5 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/validate-install-crd.yaml @@ -0,0 +1,18 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/ClusterFlow" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/ClusterOutput" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Flow" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Logging" false -}} +# {{- set $found "logging.banzaicloud.io/v1beta1/Output" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/templates/validate-install.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/validate-install.yaml new file mode 100755 index 000000000..bd624cc4b --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/templates/validate-install.yaml @@ -0,0 +1,5 @@ +#{{- if .Values.global.dockerRootDirectory }} +#{{- if or (hasSuffix "/containers" .Values.global.dockerRootDirectory) (hasSuffix "/" .Values.global.dockerRootDirectory) }} +#{{- required "global.dockerRootDirectory must not end with suffix: '/' or '/containers'" "" -}} +#{{- end }} +#{{- end }} diff --git a/released/charts/rancher-logging/rancher-logging/3.9.400/values.yaml b/released/charts/rancher-logging/rancher-logging/3.9.400/values.yaml new file mode 100755 index 000000000..b97ff1831 --- /dev/null +++ b/released/charts/rancher-logging/rancher-logging/3.9.400/values.yaml @@ -0,0 +1,171 @@ +# Default values for logging-operator. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: rancher/mirrored-banzaicloud-logging-operator + tag: 3.9.4 + pullPolicy: IfNotPresent + +extraArgs: [] +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" +namespaceOverride: "" + +## Pod custom labels +## +podLabels: {} + +annotations: {} + +## Deploy CRDs used by Logging Operator. +## +createCustomResource: false + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: + kubernetes.io/os: linux + +tolerations: + - key: cattle.io/os + operator: "Equal" + value: "linux" + effect: NoSchedule + +affinity: {} + +http: + # http listen port number + port: 8080 + # Service definition for query http service + service: + type: ClusterIP + clusterIP: None + # Annotations to query http service + annotations: {} + # Labels to query http service + labels: {} + +# These "rbac" settings match the upstream defaults. For only using psp in the overlay files, which +# include the default Logging CRs created, see the "global.psp" setting. To enable psp for the entire +# chart, enable both "rbac.psp" and "global.psp" (this may require further changes to the chart). +rbac: + enabled: true + psp: + enabled: false + +## SecurityContext holds pod-level security attributes and common container settings. +## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +podSecurityContext: {} +# runAsNonRoot: true +# runAsUser: 1000 +# fsGroup: 2000 +securityContext: {} +# allowPrivilegeEscalation: false +# readOnlyRootFilesystem: true + # capabilities: + # drop: ["ALL"] + +## Operator priorityClassName +## +priorityClassName: {} + +monitoring: + # Create a Prometheus Operator ServiceMonitor object + serviceMonitor: + enabled: false + additionalLabels: {} + metricRelabelings: [] + relabelings: [] + +disablePvc: true + +systemdLogPath: "/var/log/journal" + +additionalLoggingSources: + rke: + enabled: false + fluentbit: + log_level: "info" + mem_buffer_limit: "5MB" + rke2: + enabled: false + k3s: + enabled: false + container_engine: "systemd" + aks: + enabled: false + eks: + enabled: false + gke: + enabled: false + +images: + config_reloader: + repository: rancher/mirrored-jimmidyson-configmap-reload + tag: v0.4.0 + fluentbit: + repository: rancher/mirrored-fluent-fluent-bit + tag: 1.6.10 + fluentbit_debug: + repository: rancher/mirrored-fluent-fluent-bit + tag: 1.6.10-debug + fluentd: + repository: rancher/mirrored-banzaicloud-fluentd + tag: v1.11.5-alpine-12 + nodeagent_fluentbit: + repository: rancher/fluent-bit + tag: 1.6.10 + +# These settings apply to every Logging CR, including vendor Logging CRs enabled in "additionalLoggingSources". +# Changing these affects every Logging CR installed. +nodeAgents: + tls: + enabled: false +fluentd: + resources: {} + livenessProbe: + tcpSocket: + port: 24240 + initialDelaySeconds: 30 + periodSeconds: 15 +fluentbit: + resources: {} + tolerations: + - key: node-role.kubernetes.io/controlplane + value: "true" + effect: NoSchedule + - key: node-role.kubernetes.io/etcd + value: "true" + effect: NoExecute + +global: + cattle: + systemDefaultRegistry: "" + windows: + enabled: false + # Change the "dockerRootDirectory" if the default Docker directory has changed. + dockerRootDirectory: "" + # This psp setting differs from the upstream "rbac.psp" by only enabling psp settings for the + # overlay files, which include the Logging CRs created, whereas the upstream "rbac.psp" affects the + # logging operator. + psp: + enabled: true + seLinux: + enabled: false diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/Chart.yaml new file mode 100755 index 000000000..2b548e860 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-monitoring-system + catalog.cattle.io/release-name: rancher-monitoring-crd +apiVersion: v1 +description: Installs the CRDs for rancher-monitoring. +name: rancher-monitoring-crd +type: application +version: 14.5.100 diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/README.md b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/README.md new file mode 100755 index 000000000..48d2a8621 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/README.md @@ -0,0 +1,2 @@ +# rancher-monitoring-crd +A Rancher chart that installs the CRDs used by rancher-monitoring. diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-alertmanagerconfigs.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-alertmanagerconfigs.yaml new file mode 100755 index 000000000..b2ed16186 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-alertmanagerconfigs.yaml @@ -0,0 +1,1869 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: alertmanagerconfigs.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: AlertmanagerConfig + listKind: AlertmanagerConfigList + plural: alertmanagerconfigs + singular: alertmanagerconfig + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: AlertmanagerConfig defines a namespaced AlertmanagerConfig to be aggregated across multiple namespaces configuring one Alertmanager cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AlertmanagerConfigSpec is a specification of the desired behavior of the Alertmanager configuration. By definition, the Alertmanager configuration only applies to alerts for which the `namespace` label is equal to the namespace of the AlertmanagerConfig resource. + properties: + inhibitRules: + description: List of inhibition rules. The rules will only apply to alerts matching the resource’s namespace. + items: + description: InhibitRule defines an inhibition rule that allows to mute alerts when other alerts are already firing. See https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule + properties: + equal: + description: Labels that must have an equal value in the source and target alert for the inhibition to take effect. + items: + type: string + type: array + sourceMatch: + description: Matchers for which one or more alerts have to exist for the inhibition to take effect. The operator enforces that the alert matches the resource’s namespace. + items: + description: Matcher defines how to match on alert's labels. + properties: + name: + description: Label to match. + minLength: 1 + type: string + regex: + description: Whether to match on equality (false) or regular-expression (true). + type: boolean + value: + description: Label value to match. + type: string + required: + - name + type: object + type: array + targetMatch: + description: Matchers that have to be fulfilled in the alerts to be muted. The operator enforces that the alert matches the resource’s namespace. + items: + description: Matcher defines how to match on alert's labels. + properties: + name: + description: Label to match. + minLength: 1 + type: string + regex: + description: Whether to match on equality (false) or regular-expression (true). + type: boolean + value: + description: Label value to match. + type: string + required: + - name + type: object + type: array + type: object + type: array + receivers: + description: List of receivers. + items: + description: Receiver defines one or more notification integrations. + properties: + emailConfigs: + description: List of Email configurations. + items: + description: EmailConfig configures notifications via Email. + properties: + authIdentity: + description: The identity to use for authentication. + type: string + authPassword: + description: The secret's key that contains the password to use for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + authSecret: + description: The secret's key that contains the CRAM-MD5 secret. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + authUsername: + description: The username to use for authentication. + type: string + from: + description: The sender address. + type: string + headers: + description: Further headers email header key/value pairs. Overrides any headers previously set by the notification implementation. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + hello: + description: The hostname to identify to the SMTP server. + type: string + html: + description: The HTML body of the email notification. + type: string + requireTLS: + description: The SMTP TLS requirement. Note that Go does not support unencrypted connections to remote SMTP endpoints. + type: boolean + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + smarthost: + description: The SMTP host through which emails are sent. + type: string + text: + description: The text body of the email notification. + type: string + tlsConfig: + description: TLS configuration + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + to: + description: The email address to send notifications to. + type: string + type: object + type: array + name: + description: Name of the receiver. Must be unique across all items from the list. + minLength: 1 + type: string + opsgenieConfigs: + description: List of OpsGenie configurations. + items: + description: OpsGenieConfig configures notifications via OpsGenie. See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config + properties: + apiKey: + description: The secret's key that contains the OpsGenie API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + apiURL: + description: The URL to send OpsGenie API requests to. + type: string + description: + description: Description of the incident. + type: string + details: + description: A set of arbitrary key/value pairs that provide further detail about the incident. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + httpConfig: + description: HTTP client configuration. + properties: + basicAuth: + description: BasicAuth for the client. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + message: + description: Alert text limited to 130 characters. + type: string + note: + description: Additional alert note. + type: string + priority: + description: Priority level of alert. Possible values are P1, P2, P3, P4, and P5. + type: string + responders: + description: List of responders responsible for notifications. + items: + description: OpsGenieConfigResponder defines a responder to an incident. One of `id`, `name` or `username` has to be defined. + properties: + id: + description: ID of the responder. + type: string + name: + description: Name of the responder. + type: string + type: + description: Type of responder. + minLength: 1 + type: string + username: + description: Username of the responder. + type: string + required: + - type + type: object + type: array + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + source: + description: Backlink to the sender of the notification. + type: string + tags: + description: Comma separated list of tags attached to the notifications. + type: string + type: object + type: array + pagerdutyConfigs: + description: List of PagerDuty configurations. + items: + description: PagerDutyConfig configures notifications via PagerDuty. See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config + properties: + class: + description: The class/type of the event. + type: string + client: + description: Client identification. + type: string + clientURL: + description: Backlink to the sender of notification. + type: string + component: + description: The part or component of the affected system that is broken. + type: string + description: + description: Description of the incident. + type: string + details: + description: Arbitrary key/value pairs that provide further detail about the incident. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + group: + description: A cluster or grouping of sources. + type: string + httpConfig: + description: HTTP client configuration. + properties: + basicAuth: + description: BasicAuth for the client. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + routingKey: + description: The secret's key that contains the PagerDuty integration key (when using Events API v2). Either this field or `serviceKey` needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + serviceKey: + description: The secret's key that contains the PagerDuty service key (when using integration type "Prometheus"). Either this field or `routingKey` needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + severity: + description: Severity of the incident. + type: string + url: + description: The URL to send requests to. + type: string + type: object + type: array + pushoverConfigs: + description: List of Pushover configurations. + items: + description: PushoverConfig configures notifications via Pushover. See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config + properties: + expire: + description: How long your notification will continue to be retried for, unless the user acknowledges the notification. + type: string + html: + description: Whether notification message is HTML or plain text. + type: boolean + httpConfig: + description: HTTP client configuration. + properties: + basicAuth: + description: BasicAuth for the client. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + message: + description: Notification message. + type: string + priority: + description: Priority, see https://pushover.net/api#priority + type: string + retry: + description: How often the Pushover servers will send the same notification to the user. Must be at least 30 seconds. + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + sound: + description: The name of one of the sounds supported by device clients to override the user's default sound choice + type: string + title: + description: Notification title. + type: string + token: + description: The secret's key that contains the registered application’s API token, see https://pushover.net/apps. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + url: + description: A supplementary URL shown alongside the message. + type: string + urlTitle: + description: A title for supplementary URL, otherwise just the URL is shown + type: string + userKey: + description: The secret's key that contains the recipient user’s user key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + type: array + slackConfigs: + description: List of Slack configurations. + items: + description: SlackConfig configures notifications via Slack. See https://prometheus.io/docs/alerting/latest/configuration/#slack_config + properties: + actions: + description: A list of Slack actions that are sent with each notification. + items: + description: SlackAction configures a single Slack action that is sent with each notification. See https://api.slack.com/docs/message-attachments#action_fields and https://api.slack.com/docs/message-buttons for more information. + properties: + confirm: + description: SlackConfirmationField protect users from destructive actions or particularly distinguished decisions by asking them to confirm their button click one more time. See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields for more information. + properties: + dismissText: + type: string + okText: + type: string + text: + minLength: 1 + type: string + title: + type: string + required: + - text + type: object + name: + type: string + style: + type: string + text: + minLength: 1 + type: string + type: + minLength: 1 + type: string + url: + type: string + value: + type: string + required: + - text + - type + type: object + type: array + apiURL: + description: The secret's key that contains the Slack webhook URL. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + callbackId: + type: string + channel: + description: The channel or user to send notifications to. + type: string + color: + type: string + fallback: + type: string + fields: + description: A list of Slack fields that are sent with each notification. + items: + description: SlackField configures a single Slack field that is sent with each notification. Each field must contain a title, value, and optionally, a boolean value to indicate if the field is short enough to be displayed next to other fields designated as short. See https://api.slack.com/docs/message-attachments#fields for more information. + properties: + short: + type: boolean + title: + minLength: 1 + type: string + value: + minLength: 1 + type: string + required: + - title + - value + type: object + type: array + footer: + type: string + httpConfig: + description: HTTP client configuration. + properties: + basicAuth: + description: BasicAuth for the client. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + iconEmoji: + type: string + iconURL: + type: string + imageURL: + type: string + linkNames: + type: boolean + mrkdwnIn: + items: + type: string + type: array + pretext: + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + shortFields: + type: boolean + text: + type: string + thumbURL: + type: string + title: + type: string + titleLink: + type: string + username: + type: string + type: object + type: array + victoropsConfigs: + description: List of VictorOps configurations. + items: + description: VictorOpsConfig configures notifications via VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config + properties: + apiKey: + description: The secret's key that contains the API key to use when talking to the VictorOps API. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + apiUrl: + description: The VictorOps API URL. + type: string + customFields: + description: Additional custom fields for notification. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + entityDisplayName: + description: Contains summary of the alerted problem. + type: string + httpConfig: + description: The HTTP client's configuration. + properties: + basicAuth: + description: BasicAuth for the client. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + messageType: + description: Describes the behavior of the alert (CRITICAL, WARNING, INFO). + type: string + monitoringTool: + description: The monitoring tool the state message is from. + type: string + routingKey: + description: A key used to map the alert to a team. + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + stateMessage: + description: Contains long explanation of the alerted problem. + type: string + type: object + type: array + webhookConfigs: + description: List of webhook configurations. + items: + description: WebhookConfig configures notifications via a generic receiver supporting the webhook payload. See https://prometheus.io/docs/alerting/latest/configuration/#webhook_config + properties: + httpConfig: + description: HTTP client configuration. + properties: + basicAuth: + description: BasicAuth for the client. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + maxAlerts: + description: Maximum number of alerts to be sent per webhook message. When 0, all alerts are included. + format: int32 + minimum: 0 + type: integer + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + url: + description: The URL to send HTTP POST requests to. `urlSecret` takes precedence over `url`. One of `urlSecret` and `url` should be defined. + type: string + urlSecret: + description: The secret's key that contains the webhook URL to send HTTP requests to. `urlSecret` takes precedence over `url`. One of `urlSecret` and `url` should be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + type: array + wechatConfigs: + description: List of WeChat configurations. + items: + description: WeChatConfig configures notifications via WeChat. See https://prometheus.io/docs/alerting/latest/configuration/#wechat_config + properties: + agentID: + type: string + apiSecret: + description: The secret's key that contains the WeChat API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + apiURL: + description: The WeChat API URL. + type: string + corpID: + description: The corp id for authentication. + type: string + httpConfig: + description: HTTP client configuration. + properties: + basicAuth: + description: BasicAuth for the client. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + message: + description: API request data as defined by the WeChat API. + type: string + messageType: + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + toParty: + type: string + toTag: + type: string + toUser: + type: string + type: object + type: array + required: + - name + type: object + type: array + route: + description: The Alertmanager route definition for alerts matching the resource’s namespace. If present, it will be added to the generated Alertmanager configuration as a first-level route. + properties: + continue: + description: Boolean indicating whether an alert should continue matching subsequent sibling nodes. It will always be overridden to true for the first-level route by the Prometheus operator. + type: boolean + groupBy: + description: List of labels to group by. + items: + type: string + type: array + groupInterval: + description: How long to wait before sending an updated notification. Must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours). + type: string + groupWait: + description: How long to wait before sending the initial notification. Must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours). + type: string + matchers: + description: 'List of matchers that the alert’s labels should match. For the first level route, the operator removes any existing equality and regexp matcher on the `namespace` label and adds a `namespace: ` matcher.' + items: + description: Matcher defines how to match on alert's labels. + properties: + name: + description: Label to match. + minLength: 1 + type: string + regex: + description: Whether to match on equality (false) or regular-expression (true). + type: boolean + value: + description: Label value to match. + type: string + required: + - name + type: object + type: array + receiver: + description: Name of the receiver for this route. If not empty, it should be listed in the `receivers` field. + type: string + repeatInterval: + description: How long to wait before repeating the last notification. Must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours). + type: string + routes: + description: Child routes. + items: + x-kubernetes-preserve-unknown-fields: true + type: array + type: object + type: object + required: + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-alertmanagers.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-alertmanagers.yaml new file mode 100755 index 000000000..724d488b0 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-alertmanagers.yaml @@ -0,0 +1,3218 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: alertmanagers.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: Alertmanager + listKind: AlertmanagerList + plural: alertmanagers + singular: alertmanager + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The version of Alertmanager + jsonPath: .spec.version + name: Version + type: string + - description: The desired replicas number of Alertmanagers + jsonPath: .spec.replicas + name: Replicas + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: Alertmanager describes an Alertmanager cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the Alertmanager cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + additionalPeers: + description: AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster. + items: + type: string + type: array + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are ORed. + items: + description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + alertmanagerConfigNamespaceSelector: + description: Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + alertmanagerConfigSelector: + description: AlertmanagerConfigs to be selected for to merge and configure Alertmanager with. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + baseImage: + description: 'Base image that is used to deploy pods, without tag. Deprecated: use ''image'' instead' + type: string + clusterAdvertiseAddress: + description: 'ClusterAdvertiseAddress is the explicit address to advertise in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. [1] RFC1918: https://tools.ietf.org/html/rfc1918' + type: string + clusterGossipInterval: + description: Interval between gossip attempts. + type: string + clusterPeerTimeout: + description: Timeout for cluster peering. + type: string + clusterPushpullInterval: + description: Interval between pushpull attempts. + type: string + configMaps: + description: ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. The ConfigMaps are mounted into /etc/alertmanager/configmaps/. + items: + type: string + type: array + configSecret: + description: ConfigSecret is the name of a Kubernetes Secret in the same namespace as the Alertmanager object, which contains configuration for this Alertmanager instance. Defaults to 'alertmanager-' The secret is mounted into /etc/alertmanager/config. + type: string + containers: + description: 'Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to an Alertmanager pod. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: `alertmanager` and `config-reloader`. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.' + items: + description: A single application container that you want to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. Cannot be updated. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + items: + description: ContainerPort represents a network port in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be used by the container. + items: + description: volumeDevice describes a mapping of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + externalUrl: + description: The external URL the Alertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if Alertmanager is not served from root of a DNS name. + type: string + forceEnableClusterMode: + description: ForceEnableClusterMode ensures Alertmanager does not deactivate the cluster mode when running with a single replica. Use case is e.g. spanning an Alertmanager cluster across Kubernetes clusters with a single replica in each. + type: boolean + image: + description: Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Alertmanager is being configured. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace to use for pulling prometheus and alertmanager images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the Alertmanager configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.' + items: + description: A single application container that you want to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. Cannot be updated. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + items: + description: ContainerPort represents a network port in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be used by the container. + items: + description: volumeDevice describes a mapping of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + listenLocal: + description: ListenLocal makes the Alertmanager server listen on loopback, so that it does not bind against the Pod IP. Note this is only for the Alertmanager UI, not the gossip communication. + type: boolean + logFormat: + description: Log format for Alertmanager to be configured with. + type: string + logLevel: + description: Log level for Alertmanager to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + paused: + description: If set to true all actions on the underlying managed objects are not goint to be performed, except for delete actions. + type: boolean + podMetadata: + description: PodMetadata configures Labels and Annotations which are propagated to the alertmanager pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + type: object + portName: + description: Port name used for the pods and governing service. This defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + replicas: + description: Size is the expected size of the alertmanager cluster. The controller will eventually make the size of the running cluster equal to the expected size. + format: int32 + type: integer + resources: + description: Define resources requests and limits for single Pods. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration Alertmanager shall retain data for. Default is '120h', and must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours). + type: string + routePrefix: + description: The route prefix Alertmanager registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with `kubectl proxy`. + type: string + secrets: + description: Secrets is a list of Secrets in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. The Secrets are mounted into /etc/alertmanager/secrets/. + items: + type: string + type: array + securityContext: + description: SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods. + type: string + sha: + description: 'SHA of Alertmanager container image to be deployed. Defaults to the value of `version`. Similar to a tag, but the SHA explicitly deploys an immutable container image. Version and Tag are ignored if SHA is set. Deprecated: use ''image'' instead. The image digest can be specified as part of the image URL.' + type: string + storage: + description: Storage is the definition of how storage will be used by the Alertmanager instances. + properties: + disableMountSubPath: + description: 'Deprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary. DisableMountSubPath allows to remove any subPath usage in volume mounts.' + type: boolean + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: EmbeddedMetadata contains metadata relevant to an EmbeddedResource. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + type: object + spec: + description: 'Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot - Beta) * An existing PVC (PersistentVolumeClaim) * An existing custom resource/object that implements data population (Alpha) In order to use VolumeSnapshot object types, the appropriate feature gate must be enabled (VolumeSnapshotDataSource or AnyVolumeDataSource) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the specified data source is not supported, the volume will not be created and the failure will be reported as an event. In the future, we plan to support more data source types and the behavior of the provisioner may change.' + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: VolumeName is the binding reference to the PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Represents the actual resources of the underlying volume. + type: object + conditions: + description: Current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about last transition. + type: string + reason: + description: Unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tag: + description: 'Tag of Alertmanager container image to be deployed. Defaults to the value of `version`. Version is ignored if Tag is set. Deprecated: use ''image'' instead. The image tag can be specified as part of the image URL.' + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: If specified, the pod's topology spread constraints. + items: + description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods may be unevenly distributed. It''s the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It''s a required field. Default value is 1 and 0 is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It''s considered as "Unsatisfiable" if and only if placing incoming pod on any topology violates "MaxSkew". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won''t make it *more* imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + version: + description: Version the cluster should be on. + type: string + volumeMounts: + description: VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the alertmanager container, that are generated as a result of StorageSpec objects. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + partition: + description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + description: FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + partition: + description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with other supported volume types + properties: + configMap: + description: information about the configMap data to project + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data to project + properties: + items: + description: Items is a list of DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken data to project + properties: + audience: + description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount user + type: string + volume: + description: Volume is a string that references an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the protection domain. + type: string + system: + description: The name of the storage system as configured in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + status: + description: 'Most recent observed status of the Alertmanager cluster. Read-only. Not included when requesting from the apiserver, only from the Prometheus Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) targeted by this Alertmanager cluster. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this Alertmanager cluster (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this Alertmanager cluster. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this Alertmanager cluster that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + served: true + storage: true + subresources: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-podmonitors.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-podmonitors.yaml new file mode 100755 index 000000000..d474a0c0d --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-podmonitors.yaml @@ -0,0 +1,358 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: podmonitors.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: PodMonitor + listKind: PodMonitorList + plural: podmonitors + singular: podmonitor + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: PodMonitor defines monitoring for a set of pods. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired Pod selection for target discovery by Prometheus. + properties: + jobLabel: + description: The label to use to retrieve the job name from. + type: string + namespaceSelector: + description: Selector to select which namespaces the Endpoints objects are discovered from. + properties: + any: + description: Boolean describing whether all namespaces are selected in contrast to a list restricting them. + type: boolean + matchNames: + description: List of namespace names. + items: + type: string + type: array + type: object + podMetricsEndpoints: + description: A list of endpoints allowed as part of this PodMonitor. + items: + description: PodMetricsEndpoint defines a scrapeable endpoint of a Kubernetes Pod serving Prometheus metrics. + properties: + basicAuth: + description: 'BasicAuth allow an endpoint to authenticate over basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint' + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenSecret: + description: Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the pod monitor and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + honorLabels: + description: HonorLabels chooses the metric's labels on collisions with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data. + type: boolean + interval: + description: Interval at which metrics should be scraped + type: string + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before ingestion. + items: + description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. + type: string + type: object + type: array + params: + additionalProperties: + items: + type: string + type: array + description: Optional HTTP URL parameters + type: object + path: + description: HTTP path to scrape for metrics. + type: string + port: + description: Name of the pod port this endpoint refers to. Mutually exclusive with targetPort. + type: string + proxyUrl: + description: ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint. + type: string + relabelings: + description: 'RelabelConfigs to apply to samples before ingestion. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. + type: string + type: object + type: array + scheme: + description: HTTP scheme to use for scraping. + type: string + scrapeTimeout: + description: Timeout after which the scrape is ended + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Deprecated: Use ''port'' instead.' + x-kubernetes-int-or-string: true + tlsConfig: + description: TLS configuration to use when scraping the endpoint. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + podTargetLabels: + description: PodTargetLabels transfers labels on the Kubernetes Pod onto the target. + items: + type: string + type: array + sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + format: int64 + type: integer + selector: + description: Selector to select Pod objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + targetLimit: + description: TargetLimit defines a limit on the number of scraped targets that will be accepted. + format: int64 + type: integer + required: + - podMetricsEndpoints + - selector + type: object + required: + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-probes.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-probes.yaml new file mode 100755 index 000000000..7fd658e14 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-probes.yaml @@ -0,0 +1,202 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: probes.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: Probe + listKind: ProbeList + plural: probes + singular: probe + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: Probe defines monitoring for a set of static targets or ingresses. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired Ingress selection for target discovery by Prometheus. + properties: + interval: + description: Interval at which targets are probed using the configured prober. If not specified Prometheus' global scrape interval is used. + type: string + jobName: + description: The job name assigned to scraped metrics by default. + type: string + module: + description: 'The module to use for probing specifying how to probe the target. Example module configuring in the blackbox exporter: https://github.com/prometheus/blackbox_exporter/blob/master/example.yml' + type: string + prober: + description: Specification for the prober to use for probing targets. The prober.URL parameter is required. Targets cannot be probed if left empty. + properties: + path: + description: Path to collect metrics from. Defaults to `/probe`. + type: string + scheme: + description: HTTP scheme to use for scraping. Defaults to `http`. + type: string + url: + description: Mandatory URL of the prober. + type: string + required: + - url + type: object + scrapeTimeout: + description: Timeout for scraping metrics from the Prometheus exporter. + type: string + targets: + description: Targets defines a set of static and/or dynamically discovered targets to be probed using the prober. + properties: + ingress: + description: Ingress defines the set of dynamically discovered ingress objects which hosts are considered for probing. + properties: + namespaceSelector: + description: Select Ingress objects by namespace. + properties: + any: + description: Boolean describing whether all namespaces are selected in contrast to a list restricting them. + type: boolean + matchNames: + description: List of namespace names. + items: + type: string + type: array + type: object + relabelingConfigs: + description: 'RelabelConfigs to apply to samples before ingestion. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. + type: string + type: object + type: array + selector: + description: Select Ingress objects by labels. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + type: object + staticConfig: + description: 'StaticConfig defines static targets which are considers for probing. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config.' + properties: + labels: + additionalProperties: + type: string + description: Labels assigned to all metrics scraped from the targets. + type: object + relabelingConfigs: + description: 'RelabelConfigs to apply to samples before ingestion. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. + type: string + type: object + type: array + static: + description: Targets is a list of URLs to probe using the configured prober. + items: + type: string + type: array + type: object + type: object + type: object + required: + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-prometheuses.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-prometheuses.yaml new file mode 100755 index 000000000..c3f13d981 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-prometheuses.yaml @@ -0,0 +1,4432 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: prometheuses.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: Prometheus + listKind: PrometheusList + plural: prometheuses + singular: prometheus + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The version of Prometheus + jsonPath: .spec.version + name: Version + type: string + - description: The desired replicas number of Prometheuses + jsonPath: .spec.replicas + name: Replicas + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: Prometheus defines a Prometheus deployment. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the Prometheus cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + additionalAlertManagerConfigs: + description: 'AdditionalAlertManagerConfigs allows specifying a key of a Secret containing additional Prometheus AlertManager configurations. AlertManager configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config. As AlertManager configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + additionalAlertRelabelConfigs: + description: 'AdditionalAlertRelabelConfigs allows specifying a key of a Secret containing additional Prometheus alert relabel configurations. Alert relabel configurations specified are appended to the configurations generated by the Prometheus Operator. Alert relabel configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs. As alert relabel configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel configs are going to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + additionalScrapeConfigs: + description: 'AdditionalScrapeConfigs allows specifying a key of a Secret containing additional Prometheus scrape configurations. Scrape configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. As scrape configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible scrape configs are going to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are ORed. + items: + description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + alerting: + description: Define details regarding alerting. + properties: + alertmanagers: + description: AlertmanagerEndpoints Prometheus should fire alerts against. + items: + description: AlertmanagerEndpoints defines a selection of a single Endpoints object containing alertmanager IPs to fire alerts against. + properties: + apiVersion: + description: Version of the Alertmanager API that Prometheus uses to send alerts. It can be "v1" or "v2". + type: string + bearerTokenFile: + description: BearerTokenFile to read from filesystem to use when authenticating to Alertmanager. + type: string + name: + description: Name of Endpoints object in Namespace. + type: string + namespace: + description: Namespace of Endpoints object. + type: string + pathPrefix: + description: Prefix for the HTTP path alerts are pushed to. + type: string + port: + anyOf: + - type: integer + - type: string + description: Port the Alertmanager API is exposed on. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use when firing alerts. + type: string + timeout: + description: Timeout is a per-target Alertmanager timeout when pushing alerts. + type: string + tlsConfig: + description: TLS Config to use for alertmanager connection. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - name + - namespace + - port + type: object + type: array + required: + - alertmanagers + type: object + allowOverlappingBlocks: + description: AllowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus. This is still experimental in Prometheus so it may change in any upcoming release. + type: boolean + apiserverConfig: + description: APIServerConfig allows specifying a host and auth methods to access apiserver. If left empty, Prometheus is assumed to run inside of the cluster and will discover API servers automatically and use the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. + properties: + basicAuth: + description: BasicAuth allow an endpoint to authenticate over basic authentication + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: Bearer token for accessing apiserver. + type: string + bearerTokenFile: + description: File to read bearer token for accessing apiserver. + type: string + host: + description: Host of apiserver. A valid string consisting of a hostname or IP followed by an optional port number + type: string + tlsConfig: + description: TLS Config to use for accessing apiserver. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + type: object + arbitraryFSAccessThroughSMs: + description: ArbitraryFSAccessThroughSMs configures whether configuration based on a service monitor can access arbitrary files on the file system of the Prometheus container e.g. bearer token files. + properties: + deny: + type: boolean + type: object + baseImage: + description: 'Base image to use for a Prometheus deployment. Deprecated: use ''image'' instead' + type: string + configMaps: + description: ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. The ConfigMaps are mounted into /etc/prometheus/configmaps/. + items: + type: string + type: array + containers: + description: 'Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to a Prometheus pod or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: `prometheus`, `config-reloader`, and `thanos-sidecar`. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.' + items: + description: A single application container that you want to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. Cannot be updated. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + items: + description: ContainerPort represents a network port in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be used by the container. + items: + description: volumeDevice describes a mapping of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + disableCompaction: + description: Disable prometheus compaction. + type: boolean + enableAdminAPI: + description: 'Enable access to prometheus web admin API. Defaults to the value of `false`. WARNING: Enabling the admin APIs enables mutating endpoints, to delete data, shutdown Prometheus, and more. Enabling this should be done with care and the user is advised to add additional authentication authorization via a proxy to ensure only clients authorized to perform these actions can do so. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis' + type: boolean + enforcedNamespaceLabel: + description: EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. The label value will always be the namespace of the object that is being created. + type: string + enforcedSampleLimit: + description: EnforcedSampleLimit defines global limit on number of scraped samples that will be accepted. This overrides any SampleLimit set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the SampleLimit to keep overall number of samples/series under the desired limit. Note that if SampleLimit is lower that value will be taken instead. + format: int64 + type: integer + enforcedTargetLimit: + description: EnforcedTargetLimit defines a global limit on the number of scraped targets. This overrides any TargetLimit set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the TargetLimit to keep overall number of targets under the desired limit. Note that if TargetLimit is higher that value will be taken instead. + format: int64 + type: integer + evaluationInterval: + description: Interval between consecutive evaluations. + type: string + externalLabels: + additionalProperties: + type: string + description: The labels to add to any time series or alerts when communicating with external systems (federation, remote storage, Alertmanager). + type: object + externalUrl: + description: The external URL the Prometheus instances will be available under. This is necessary to generate correct URLs. This is necessary if Prometheus is not served from root of a DNS name. + type: string + ignoreNamespaceSelectors: + description: IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector settings from the podmonitor and servicemonitor configs, and they will only discover endpoints within their current namespace. Defaults to false. + type: boolean + image: + description: Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Prometheus is being configured. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace to use for pulling prometheus and alertmanager images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.' + items: + description: A single application container that you want to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. Cannot be updated. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + items: + description: ContainerPort represents a network port in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be used by the container. + items: + description: volumeDevice describes a mapping of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + listenLocal: + description: ListenLocal makes the Prometheus server listen on loopback, so that it does not bind against the Pod IP. + type: boolean + logFormat: + description: Log format for Prometheus to be configured with. + type: string + logLevel: + description: Log level for Prometheus to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + overrideHonorLabels: + description: OverrideHonorLabels if set to true overrides all user configured honor_labels. If HonorLabels is set in ServiceMonitor or PodMonitor to true, this overrides honor_labels to false. + type: boolean + overrideHonorTimestamps: + description: OverrideHonorTimestamps allows to globally enforce honoring timestamps in all scrape configs. + type: boolean + paused: + description: When a Prometheus deployment is paused, no actions except for deletion will be performed on the underlying objects. + type: boolean + podMetadata: + description: PodMetadata configures Labels and Annotations which are propagated to the prometheus pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + type: object + podMonitorNamespaceSelector: + description: Namespace's labels to match for PodMonitor discovery. If nil, only check own namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + podMonitorSelector: + description: '*Experimental* PodMonitors to be selected for target discovery. *Deprecated:* if neither this nor serviceMonitorSelector are specified, configuration is unmanaged.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + portName: + description: Port name used for the pods and governing service. This defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + probeNamespaceSelector: + description: '*Experimental* Namespaces to be selected for Probe discovery. If nil, only check own namespace.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + probeSelector: + description: '*Experimental* Probes to be selected for target discovery.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + prometheusExternalLabelName: + description: Name of Prometheus external label used to denote Prometheus instance name. Defaults to the value of `prometheus`. External label will _not_ be added when value is set to empty string (`""`). + type: string + prometheusRulesExcludedFromEnforce: + description: PrometheusRulesExcludedFromEnforce - list of prometheus rules to be excluded from enforcing of adding namespace labels. Works only if enforcedNamespaceLabel set to true. Make sure both ruleNamespace and ruleName are set for each pair + items: + description: PrometheusRuleExcludeConfig enables users to configure excluded PrometheusRule names and their namespaces to be ignored while enforcing namespace label for alerts and metrics. + properties: + ruleName: + description: RuleNamespace - name of excluded rule + type: string + ruleNamespace: + description: RuleNamespace - namespace of excluded rule + type: string + required: + - ruleName + - ruleNamespace + type: object + type: array + query: + description: QuerySpec defines the query command line flags when starting Prometheus. + properties: + lookbackDelta: + description: The delta difference allowed for retrieving metrics during expression evaluations. + type: string + maxConcurrency: + description: Number of concurrent queries that can be run at once. + format: int32 + type: integer + maxSamples: + description: Maximum number of samples a single query can load into memory. Note that queries will fail if they would load more samples than this into memory, so this also limits the number of samples a query can return. + format: int32 + type: integer + timeout: + description: Maximum time a query may take before being aborted. + type: string + type: object + queryLogFile: + description: QueryLogFile specifies the file to which PromQL queries are logged. Note that this location must be writable, and can be persisted using an attached volume. Alternatively, the location can be set to a stdout location such as `/dev/stdout` to log querie information to the default Prometheus log stream. This is only available in versions of Prometheus >= 2.16.0. For more details, see the Prometheus docs (https://prometheus.io/docs/guides/query-log/) + type: string + remoteRead: + description: If specified, the remote_read spec. This is an experimental feature, it may change in any upcoming release in a breaking way. + items: + description: RemoteReadSpec defines the remote_read configuration for prometheus. + properties: + basicAuth: + description: BasicAuth for the URL. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: bearer token for remote read. + type: string + bearerTokenFile: + description: File to read bearer token for remote read. + type: string + name: + description: The name of the remote read queue, must be unique if specified. The name is used in metrics and logging in order to differentiate read configurations. Only valid in Prometheus versions 2.15.0 and newer. + type: string + proxyUrl: + description: Optional ProxyURL + type: string + readRecent: + description: Whether reads should be made for queries for time ranges that the local storage should have complete data for. + type: boolean + remoteTimeout: + description: Timeout for requests to the remote read endpoint. + type: string + requiredMatchers: + additionalProperties: + type: string + description: An optional list of equality matchers which have to be present in a selector to query the remote read endpoint. + type: object + tlsConfig: + description: TLS Config to use for remote read. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + url: + description: The URL of the endpoint to send samples to. + type: string + required: + - url + type: object + type: array + remoteWrite: + description: If specified, the remote_write spec. This is an experimental feature, it may change in any upcoming release in a breaking way. + items: + description: RemoteWriteSpec defines the remote_write configuration for prometheus. + properties: + basicAuth: + description: BasicAuth for the URL. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: File to read bearer token for remote write. + type: string + bearerTokenFile: + description: File to read bearer token for remote write. + type: string + headers: + additionalProperties: + type: string + description: Custom HTTP headers to be sent along with each remote write request. Be aware that headers that are set by Prometheus itself can't be overwritten. Only valid in Prometheus versions 2.25.0 and newer. + type: object + name: + description: The name of the remote write queue, must be unique if specified. The name is used in metrics and logging in order to differentiate queues. Only valid in Prometheus versions 2.15.0 and newer. + type: string + proxyUrl: + description: Optional ProxyURL + type: string + queueConfig: + description: QueueConfig allows tuning of the remote write queue parameters. + properties: + batchSendDeadline: + description: BatchSendDeadline is the maximum time a sample will wait in buffer. + type: string + capacity: + description: Capacity is the number of samples to buffer per shard before we start dropping them. + type: integer + maxBackoff: + description: MaxBackoff is the maximum retry delay. + type: string + maxRetries: + description: MaxRetries is the maximum number of times to retry a batch on recoverable errors. + type: integer + maxSamplesPerSend: + description: MaxSamplesPerSend is the maximum number of samples per send. + type: integer + maxShards: + description: MaxShards is the maximum number of shards, i.e. amount of concurrency. + type: integer + minBackoff: + description: MinBackoff is the initial retry delay. Gets doubled for every retry. + type: string + minShards: + description: MinShards is the minimum number of shards, i.e. amount of concurrency. + type: integer + type: object + remoteTimeout: + description: Timeout for requests to the remote write endpoint. + type: string + tlsConfig: + description: TLS Config to use for remote write. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + url: + description: The URL of the endpoint to send samples to. + type: string + writeRelabelConfigs: + description: The list of remote write relabel configurations. + items: + description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. + type: string + type: object + type: array + required: + - url + type: object + type: array + replicaExternalLabelName: + description: Name of Prometheus external label used to denote replica name. Defaults to the value of `prometheus_replica`. External label will _not_ be added when value is set to empty string (`""`). + type: string + replicas: + description: Number of replicas of each shard to deploy for a Prometheus deployment. Number of replicas multiplied by shards is the total number of Pods created. + format: int32 + type: integer + resources: + description: Define resources requests and limits for single Pods. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration Prometheus shall retain data for. Default is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` (milliseconds seconds minutes hours days weeks years). + type: string + retentionSize: + description: 'Maximum amount of disk space used by blocks. Supported units: B, KB, MB, GB, TB, PB, EB. Ex: `512MB`.' + type: string + routePrefix: + description: The route prefix Prometheus registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with `kubectl proxy`. + type: string + ruleNamespaceSelector: + description: Namespaces to be selected for PrometheusRules discovery. If unspecified, only the same namespace as the Prometheus object is in is used. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + ruleSelector: + description: A selector to select which PrometheusRules to mount for loading alerting/recording rules from. Until (excluding) Prometheus Operator v0.24.0 Prometheus Operator will migrate any legacy rule ConfigMaps to PrometheusRule custom resources selected by RuleSelector. Make sure it does not match any config maps that you do not want to be migrated. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + rules: + description: /--rules.*/ command-line arguments. + properties: + alert: + description: /--rules.alert.*/ command-line arguments + properties: + forGracePeriod: + description: Minimum duration between alert and restored 'for' state. This is maintained only for alerts with configured 'for' time greater than grace period. + type: string + forOutageTolerance: + description: Max time to tolerate prometheus outage for restoring 'for' state of alert. + type: string + resendDelay: + description: Minimum amount of time to wait before resending an alert to Alertmanager. + type: string + type: object + type: object + scrapeInterval: + description: Interval between consecutive scrapes. + type: string + scrapeTimeout: + description: Number of seconds to wait for target to respond before erroring. + type: string + secrets: + description: Secrets is a list of Secrets in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. The Secrets are mounted into /etc/prometheus/secrets/. + items: + type: string + type: array + securityContext: + description: SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods. + type: string + serviceMonitorNamespaceSelector: + description: Namespace's labels to match for ServiceMonitor discovery. If nil, only check own namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + serviceMonitorSelector: + description: ServiceMonitors to be selected for target discovery. *Deprecated:* if neither this nor podMonitorSelector are specified, configuration is unmanaged. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + sha: + description: 'SHA of Prometheus container image to be deployed. Defaults to the value of `version`. Similar to a tag, but the SHA explicitly deploys an immutable container image. Version and Tag are ignored if SHA is set. Deprecated: use ''image'' instead. The image digest can be specified as part of the image URL.' + type: string + shards: + description: 'EXPERIMENTAL: Number of shards to distribute targets onto. Number of replicas multiplied by shards is the total number of Pods created. Note that scaling down shards will not reshard data onto remaining instances, it must be manually moved. Increasing shards will not reshard data either but it will continue to be available from the same instances. To query globally use Thanos sidecar and Thanos querier or remote write data to a central location. Sharding is done on the content of the `__address__` target meta-label.' + format: int32 + type: integer + storage: + description: Storage spec to specify how storage shall be used. + properties: + disableMountSubPath: + description: 'Deprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary. DisableMountSubPath allows to remove any subPath usage in volume mounts.' + type: boolean + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: EmbeddedMetadata contains metadata relevant to an EmbeddedResource. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + type: object + spec: + description: 'Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot - Beta) * An existing PVC (PersistentVolumeClaim) * An existing custom resource/object that implements data population (Alpha) In order to use VolumeSnapshot object types, the appropriate feature gate must be enabled (VolumeSnapshotDataSource or AnyVolumeDataSource) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the specified data source is not supported, the volume will not be created and the failure will be reported as an event. In the future, we plan to support more data source types and the behavior of the provisioner may change.' + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: VolumeName is the binding reference to the PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Represents the actual resources of the underlying volume. + type: object + conditions: + description: Current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about last transition. + type: string + reason: + description: Unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tag: + description: 'Tag of Prometheus container image to be deployed. Defaults to the value of `version`. Version is ignored if Tag is set. Deprecated: use ''image'' instead. The image tag can be specified as part of the image URL.' + type: string + thanos: + description: "Thanos configuration allows configuring various aspects of a Prometheus server in a Thanos environment. \n This section is experimental, it may change significantly without deprecation notice in any release. \n This is experimental and may change significantly without backward compatibility in any release." + properties: + baseImage: + description: 'Thanos base image if other than default. Deprecated: use ''image'' instead' + type: string + grpcServerTlsConfig: + description: 'GRPCServerTLSConfig configures the gRPC server from which Thanos Querier reads recorded rule data. Note: Currently only the CAFile, CertFile, and KeyFile fields are supported. Maps to the ''--grpc-server-tls-*'' CLI args.' + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + image: + description: Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Thanos is being configured. + type: string + listenLocal: + description: ListenLocal makes the Thanos sidecar listen on loopback, so that it does not bind against the Pod IP. + type: boolean + logFormat: + description: LogFormat for Thanos sidecar to be configured with. + type: string + logLevel: + description: LogLevel for Thanos sidecar to be configured with. + type: string + minTime: + description: MinTime for Thanos sidecar to be configured with. Option can be a constant time in RFC3339 format or time duration relative to current time, such as -1d or 2h45m. Valid duration units are ms, s, m, h, d, w, y. + type: string + objectStorageConfig: + description: ObjectStorageConfig configures object storage in Thanos. Alternative to ObjectStorageConfigFile, and lower order priority. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + objectStorageConfigFile: + description: ObjectStorageConfigFile specifies the path of the object storage configuration file. When used alongside with ObjectStorageConfig, ObjectStorageConfigFile takes precedence. + type: string + resources: + description: Resources defines the resource requirements for the Thanos sidecar. If not provided, no requests/limits will be set + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + sha: + description: 'SHA of Thanos container image to be deployed. Defaults to the value of `version`. Similar to a tag, but the SHA explicitly deploys an immutable container image. Version and Tag are ignored if SHA is set. Deprecated: use ''image'' instead. The image digest can be specified as part of the image URL.' + type: string + tag: + description: 'Tag of Thanos sidecar container image to be deployed. Defaults to the value of `version`. Version is ignored if Tag is set. Deprecated: use ''image'' instead. The image tag can be specified as part of the image URL.' + type: string + tracingConfig: + description: TracingConfig configures tracing in Thanos. This is an experimental feature, it may change in any upcoming release in a breaking way. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + tracingConfigFile: + description: TracingConfig specifies the path of the tracing configuration file. When used alongside with TracingConfig, TracingConfigFile takes precedence. + type: string + version: + description: Version describes the version of Thanos to use. + type: string + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: If specified, the pod's topology spread constraints. + items: + description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods may be unevenly distributed. It''s the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It''s a required field. Default value is 1 and 0 is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It''s considered as "Unsatisfiable" if and only if placing incoming pod on any topology violates "MaxSkew". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won''t make it *more* imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + version: + description: Version of Prometheus to be deployed. + type: string + volumeMounts: + description: VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the prometheus container, that are generated as a result of StorageSpec objects. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + partition: + description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + description: FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + partition: + description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with other supported volume types + properties: + configMap: + description: information about the configMap data to project + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data to project + properties: + items: + description: Items is a list of DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken data to project + properties: + audience: + description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount user + type: string + volume: + description: Volume is a string that references an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the protection domain. + type: string + system: + description: The name of the storage system as configured in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + walCompression: + description: Enable compression of the write-ahead log using Snappy. This flag is only available in versions of Prometheus >= 2.11.0. + type: boolean + web: + description: WebSpec defines the web command line flags when starting Prometheus. + properties: + pageTitle: + description: The prometheus web page title + type: string + type: object + type: object + status: + description: 'Most recent observed status of the Prometheus cluster. Read-only. Not included when requesting from the apiserver, only from the Prometheus Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) targeted by this Prometheus deployment. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this Prometheus deployment (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this Prometheus deployment. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this Prometheus deployment that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + served: true + storage: true + subresources: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-prometheusrules.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-prometheusrules.yaml new file mode 100755 index 000000000..07a24df45 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-prometheusrules.yaml @@ -0,0 +1,90 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: prometheusrules.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: PrometheusRule + listKind: PrometheusRuleList + plural: prometheusrules + singular: prometheusrule + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: PrometheusRule defines recording and alerting rules for a Prometheus instance + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired alerting rule definitions for Prometheus. + properties: + groups: + description: Content of Prometheus rule file + items: + description: 'RuleGroup is a list of sequentially evaluated recording and alerting rules. Note: PartialResponseStrategy is only used by ThanosRuler and will be ignored by Prometheus instances. Valid values for this field are ''warn'' or ''abort''. More info: https://github.com/thanos-io/thanos/blob/master/docs/components/rule.md#partial-response' + properties: + interval: + type: string + name: + type: string + partial_response_strategy: + type: string + rules: + items: + description: Rule describes an alerting or recording rule. + properties: + alert: + type: string + annotations: + additionalProperties: + type: string + type: object + expr: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + for: + type: string + labels: + additionalProperties: + type: string + type: object + record: + type: string + required: + - expr + type: object + type: array + required: + - name + - rules + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-servicemonitors.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-servicemonitors.yaml new file mode 100755 index 000000000..9dee64ff9 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-servicemonitors.yaml @@ -0,0 +1,375 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: servicemonitors.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: ServiceMonitor + listKind: ServiceMonitorList + plural: servicemonitors + singular: servicemonitor + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: ServiceMonitor defines monitoring for a set of services. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired Service selection for target discovery by Prometheus. + properties: + endpoints: + description: A list of endpoints allowed as part of this ServiceMonitor. + items: + description: Endpoint defines a scrapeable endpoint serving Prometheus metrics. + properties: + basicAuth: + description: 'BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenFile: + description: File to read bearer token for scraping targets. + type: string + bearerTokenSecret: + description: Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the service monitor and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + honorLabels: + description: HonorLabels chooses the metric's labels on collisions with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data. + type: boolean + interval: + description: Interval at which metrics should be scraped + type: string + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before ingestion. + items: + description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. + type: string + type: object + type: array + params: + additionalProperties: + items: + type: string + type: array + description: Optional HTTP URL parameters + type: object + path: + description: HTTP path to scrape for metrics. + type: string + port: + description: Name of the service port this endpoint refers to. Mutually exclusive with targetPort. + type: string + proxyUrl: + description: ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint. + type: string + relabelings: + description: 'RelabelConfigs to apply to samples before scraping. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. + type: string + type: object + type: array + scheme: + description: HTTP scheme to use for scraping. + type: string + scrapeTimeout: + description: Timeout after which the scrape is ended + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: Name or number of the target port of the Pod behind the Service, the port must be specified with container port property. Mutually exclusive with port. + x-kubernetes-int-or-string: true + tlsConfig: + description: TLS configuration to use when scraping the endpoint + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + jobLabel: + description: The label to use to retrieve the job name from. + type: string + namespaceSelector: + description: Selector to select which namespaces the Endpoints objects are discovered from. + properties: + any: + description: Boolean describing whether all namespaces are selected in contrast to a list restricting them. + type: boolean + matchNames: + description: List of namespace names. + items: + type: string + type: array + type: object + podTargetLabels: + description: PodTargetLabels transfers labels on the Kubernetes Pod onto the target. + items: + type: string + type: array + sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + format: int64 + type: integer + selector: + description: Selector to select Endpoints objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + targetLabels: + description: TargetLabels transfers labels on the Kubernetes Service onto the target. + items: + type: string + type: array + targetLimit: + description: TargetLimit defines a limit on the number of scraped targets that will be accepted. + format: int64 + type: integer + required: + - endpoints + - selector + type: object + required: + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-thanosrulers.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-thanosrulers.yaml new file mode 100755 index 000000000..a470d4b9f --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/crd-manifest/crd-thanosrulers.yaml @@ -0,0 +1,3342 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: thanosrulers.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: ThanosRuler + listKind: ThanosRulerList + plural: thanosrulers + singular: thanosruler + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: ThanosRuler defines a ThanosRuler deployment. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the ThanosRuler cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are ORed. + items: + description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + alertDropLabels: + description: AlertDropLabels configure the label names which should be dropped in ThanosRuler alerts. If `labels` field is not provided, `thanos_ruler_replica` will be dropped in alerts by default. + items: + type: string + type: array + alertQueryUrl: + description: The external Query URL the Thanos Ruler will set in the 'Source' field of all alerts. Maps to the '--alert.query-url' CLI arg. + type: string + alertmanagersConfig: + description: Define configuration for connecting to alertmanager. Only available with thanos v0.10.0 and higher. Maps to the `alertmanagers.config` arg. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + alertmanagersUrl: + description: 'Define URLs to send alerts to Alertmanager. For Thanos v0.10.0 and higher, AlertManagersConfig should be used instead. Note: this field will be ignored if AlertManagersConfig is specified. Maps to the `alertmanagers.url` arg.' + items: + type: string + type: array + containers: + description: 'Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to a ThanosRuler pod or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: `thanos-ruler` and `config-reloader`. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.' + items: + description: A single application container that you want to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. Cannot be updated. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + items: + description: ContainerPort represents a network port in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be used by the container. + items: + description: volumeDevice describes a mapping of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + enforcedNamespaceLabel: + description: EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. The label value will always be the namespace of the object that is being created. + type: string + evaluationInterval: + description: Interval between consecutive evaluations. + type: string + externalPrefix: + description: The external URL the Thanos Ruler instances will be available under. This is necessary to generate correct URLs. This is necessary if Thanos Ruler is not served from root of a DNS name. + type: string + grpcServerTlsConfig: + description: 'GRPCServerTLSConfig configures the gRPC server from which Thanos Querier reads recorded rule data. Note: Currently only the CAFile, CertFile, and KeyFile fields are supported. Maps to the ''--grpc-server-tls-*'' CLI args.' + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + image: + description: Thanos container image URL. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace to use for pulling thanos images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the ThanosRuler configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.' + items: + description: A single application container that you want to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. Cannot be updated. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + items: + description: ContainerPort represents a network port in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be used by the container. + items: + description: volumeDevice describes a mapping of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: Labels configure the external label pairs to ThanosRuler. If not provided, default replica label `thanos_ruler_replica` will be added as a label and be dropped in alerts. + type: object + listenLocal: + description: ListenLocal makes the Thanos ruler listen on loopback, so that it does not bind against the Pod IP. + type: boolean + logFormat: + description: Log format for ThanosRuler to be configured with. + type: string + logLevel: + description: Log level for ThanosRuler to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + objectStorageConfig: + description: ObjectStorageConfig configures object storage in Thanos. Alternative to ObjectStorageConfigFile, and lower order priority. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + objectStorageConfigFile: + description: ObjectStorageConfigFile specifies the path of the object storage configuration file. When used alongside with ObjectStorageConfig, ObjectStorageConfigFile takes precedence. + type: string + paused: + description: When a ThanosRuler deployment is paused, no actions except for deletion will be performed on the underlying objects. + type: boolean + podMetadata: + description: PodMetadata contains Labels and Annotations gets propagated to the thanos ruler pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + type: object + portName: + description: Port name used for the pods and governing service. This defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + prometheusRulesExcludedFromEnforce: + description: PrometheusRulesExcludedFromEnforce - list of Prometheus rules to be excluded from enforcing of adding namespace labels. Works only if enforcedNamespaceLabel set to true. Make sure both ruleNamespace and ruleName are set for each pair + items: + description: PrometheusRuleExcludeConfig enables users to configure excluded PrometheusRule names and their namespaces to be ignored while enforcing namespace label for alerts and metrics. + properties: + ruleName: + description: RuleNamespace - name of excluded rule + type: string + ruleNamespace: + description: RuleNamespace - namespace of excluded rule + type: string + required: + - ruleName + - ruleNamespace + type: object + type: array + queryConfig: + description: Define configuration for connecting to thanos query instances. If this is defined, the QueryEndpoints field will be ignored. Maps to the `query.config` CLI argument. Only available with thanos v0.11.0 and higher. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + queryEndpoints: + description: QueryEndpoints defines Thanos querier endpoints from which to query metrics. Maps to the --query flag of thanos ruler. + items: + type: string + type: array + replicas: + description: Number of thanos ruler instances to deploy. + format: int32 + type: integer + resources: + description: Resources defines the resource requirements for single Pods. If not provided, no requests/limits will be set + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration ThanosRuler shall retain data for. Default is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` (milliseconds seconds minutes hours days weeks years). + type: string + routePrefix: + description: The route prefix ThanosRuler registers HTTP handlers for. This allows thanos UI to be served on a sub-path. + type: string + ruleNamespaceSelector: + description: Namespaces to be selected for Rules discovery. If unspecified, only the same namespace as the ThanosRuler object is in is used. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + ruleSelector: + description: A label selector to select which PrometheusRules to mount for alerting and recording. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + securityContext: + description: SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to use to run the Thanos Ruler Pods. + type: string + storage: + description: Storage spec to specify how storage shall be used. + properties: + disableMountSubPath: + description: 'Deprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary. DisableMountSubPath allows to remove any subPath usage in volume mounts.' + type: boolean + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: EmbeddedMetadata contains metadata relevant to an EmbeddedResource. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + type: object + spec: + description: 'Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot - Beta) * An existing PVC (PersistentVolumeClaim) * An existing custom resource/object that implements data population (Alpha) In order to use VolumeSnapshot object types, the appropriate feature gate must be enabled (VolumeSnapshotDataSource or AnyVolumeDataSource) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the specified data source is not supported, the volume will not be created and the failure will be reported as an event. In the future, we plan to support more data source types and the behavior of the provisioner may change.' + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: VolumeName is the binding reference to the PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Represents the actual resources of the underlying volume. + type: object + conditions: + description: Current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about last transition. + type: string + reason: + description: Unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: If specified, the pod's topology spread constraints. + items: + description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods may be unevenly distributed. It''s the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It''s a required field. Default value is 1 and 0 is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It''s considered as "Unsatisfiable" if and only if placing incoming pod on any topology violates "MaxSkew". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won''t make it *more* imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + tracingConfig: + description: TracingConfig configures tracing in Thanos. This is an experimental feature, it may change in any upcoming release in a breaking way. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + volumes: + description: Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + partition: + description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + description: FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + partition: + description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with other supported volume types + properties: + configMap: + description: information about the configMap data to project + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data to project + properties: + items: + description: Items is a list of DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken data to project + properties: + audience: + description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount user + type: string + volume: + description: Volume is a string that references an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the protection domain. + type: string + system: + description: The name of the storage system as configured in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + status: + description: 'Most recent observed status of the ThanosRuler cluster. Read-only. Not included when requesting from the apiserver, only from the ThanosRuler Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) targeted by this ThanosRuler deployment. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this ThanosRuler deployment (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this ThanosRuler deployment. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this ThanosRuler deployment that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/templates/_helpers.tpl new file mode 100755 index 000000000..2da79e70f --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/templates/_helpers.tpl @@ -0,0 +1,29 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/templates/jobs.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/templates/jobs.yaml new file mode 100755 index 000000000..d2aaa3b45 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/templates/jobs.yaml @@ -0,0 +1,110 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-create + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} + annotations: + "helm.sh/hook": post-install, post-upgrade, post-rollback + "helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded, hook-failed +spec: + template: + metadata: + name: {{ .Chart.Name }}-create + labels: + app: {{ .Chart.Name }} + spec: + serviceAccountName: {{ .Chart.Name }}-manager + securityContext: + runAsNonRoot: true + runAsUser: 1000 + initContainers: + - name: delete-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - delete + - --ignore-not-found=true + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + containers: + - name: create-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - apply + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + restartPolicy: OnFailure + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} + volumes: + - name: crd-manifest + configMap: + name: {{ .Chart.Name }}-manifest +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-delete + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded, hook-failed +spec: + template: + metadata: + name: {{ .Chart.Name }}-delete + labels: + app: {{ .Chart.Name }} + spec: + serviceAccountName: {{ .Chart.Name }}-manager + securityContext: + runAsNonRoot: true + runAsUser: 1000 + initContainers: + - name: remove-finalizers + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - apply + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + containers: + - name: delete-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - delete + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + restartPolicy: OnFailure + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} + volumes: + - name: crd-manifest + configMap: + name: {{ .Chart.Name }}-manifest diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/templates/manifest.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/templates/manifest.yaml new file mode 100755 index 000000000..31016b6ef --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/templates/manifest.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-manifest + namespace: {{ .Release.Namespace }} +data: + crd-manifest.yaml: | + {{- $currentScope := . -}} + {{- $crds := (.Files.Glob "crd-manifest/**.yaml") -}} + {{- range $path, $_ := $crds -}} + {{- with $currentScope -}} + {{ .Files.Get $path | nindent 4 }} + --- + {{- end -}}{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/templates/rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/templates/rbac.yaml new file mode 100755 index 000000000..bdda1ddad --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/templates/rbac.yaml @@ -0,0 +1,72 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Chart.Name }}-manager + labels: + app: {{ .Chart.Name }}-manager +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: ['create', 'get', 'patch', 'delete'] +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ .Chart.Name }}-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Chart.Name }}-manager + labels: + app: {{ .Chart.Name }}-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Chart.Name }}-manager +subjects: +- kind: ServiceAccount + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-manager +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-manager +spec: + privileged: false + allowPrivilegeEscalation: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'configMap' + - 'secret' diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/values.yaml new file mode 100755 index 000000000..22a8a1c38 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/14.5.100/values.yaml @@ -0,0 +1,11 @@ +# Default values for rancher-monitoring-crd. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: + cattle: + systemDefaultRegistry: "" + +image: + repository: rancher/kubectl + tag: v1.20.2 diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/Chart.yaml new file mode 100644 index 000000000..c358c7e34 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-monitoring-system + catalog.cattle.io/release-name: rancher-monitoring-crd +apiVersion: v1 +description: Installs the CRDs for rancher-monitoring. +name: rancher-monitoring-crd +type: application +version: 9.4.200 diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/README.md b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/README.md new file mode 100644 index 000000000..9bd9adadd --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/README.md @@ -0,0 +1,2 @@ +# rancher-monitoring-crd +A Rancher chart that installs the CRDs used by [rancher-monitoring](https://github.com/rancher/dev-charts/tree/master/packages/rancher-monitoring). diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-alertmanager.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-alertmanager.yaml new file mode 100644 index 000000000..98030b4f8 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-alertmanager.yaml @@ -0,0 +1,4500 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: alertmanagers.monitoring.coreos.com +spec: + additionalPrinterColumns: + - JSONPath: .spec.version + description: The version of Alertmanager + name: Version + type: string + - JSONPath: .spec.replicas + description: The desired replicas number of Alertmanagers + name: Replicas + type: integer + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: monitoring.coreos.com + names: + kind: Alertmanager + listKind: AlertmanagerList + plural: alertmanagers + singular: alertmanager + preserveUnknownFields: false + scope: Namespaced + subresources: {} + validation: + openAPIV3Schema: + description: Alertmanager describes an Alertmanager cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the Alertmanager + cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + additionalPeers: + description: AdditionalPeers allows injecting a set of additional Alertmanagers + to peer with to form a highly available cluster. + items: + type: string + type: array + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all + objects with implicit weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no objects (i.e. is also + a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The + terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may not + try to eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field + and adding "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + baseImage: + description: Base image that is used to deploy pods, without tag. + type: string + configMaps: + description: ConfigMaps is a list of ConfigMaps in the same namespace + as the Alertmanager object, which shall be mounted into the Alertmanager + Pods. The ConfigMaps are mounted into /etc/alertmanager/configmaps/. + items: + type: string + type: array + configSecret: + description: ConfigSecret is the name of a Kubernetes Secret in the + same namespace as the Alertmanager object, which contains configuration + for this Alertmanager instance. Defaults to 'alertmanager-' + The secret is mounted into /etc/alertmanager/config. + type: string + containers: + description: Containers allows injecting additional containers. This + is meant to allow adding an authentication proxy to an Alertmanager + pod. + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + externalUrl: + description: The external URL the Alertmanager instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Alertmanager is not served from root of a DNS name. + type: string + image: + description: Image if specified has precedence over baseImage, tag and + sha combinations. Specifying the version is still necessary to ensure + the Prometheus Operator knows what version of Alertmanager is being + configured. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace + to use for pulling prometheus and alertmanager images from registries + see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let + you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the Alertmanager configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart of + the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + Using initContainers for any use case other then secret fetching is + entirely outside the scope of what the maintainers will support and + by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + listenLocal: + description: ListenLocal makes the Alertmanager server listen on loopback, + so that it does not bind against the Pod IP. Note this is only for + the Alertmanager UI, not the gossip communication. + type: boolean + logFormat: + description: Log format for Alertmanager to be configured with. + type: string + logLevel: + description: Log level for Alertmanager to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + paused: + description: If set to true all actions on the underlaying managed objects + are not goint to be performed, except for delete actions. + type: boolean + podMetadata: + description: PodMetadata configures Labels and Annotations which are + propagated to the alertmanager pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + portName: + description: Port name used for the pods and governing service. This + defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + replicas: + description: Size is the expected size of the alertmanager cluster. + The controller will eventually make the size of the running cluster + equal to the expected size. + format: int32 + type: integer + resources: + description: Define resources requests and limits for single Pods. + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration Alertmanager shall retain data for. Default + is '120h', and must match the regular expression `[0-9]+(ms|s|m|h)` + (milliseconds seconds minutes hours). + type: string + routePrefix: + description: The route prefix Alertmanager registers HTTP handlers for. + This is useful, if using ExternalURL and a proxy is rewriting HTTP + routes of a request, and the actual ExternalURL is still true, but + the server serves requests under a different route prefix. For example + for use with `kubectl proxy`. + type: string + secrets: + description: Secrets is a list of Secrets in the same namespace as the + Alertmanager object, which shall be mounted into the Alertmanager + Pods. The Secrets are mounted into /etc/alertmanager/secrets/. + items: + type: string + type: array + securityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers + in a pod. Some volume types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n 1. The owning GID will + be the FSGroup 2. The setgid bit is set (new files created in + the volume will be owned by FSGroup) 3. The permission bits are + OR'd with rw-rw---- \n If unset, the Kubelet will not modify the + ownership and permissions of any volume." + format: int64 + type: integer + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux + context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in + each container, in addition to the container's primary GID. If + unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. This field is alpha-level and is only + honored by servers that enable the WindowsGMSA feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of + the container process. Defaults to the user specified in image + metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. This + field is beta-level and may be disabled with the WindowsRunAsUserName + feature flag. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to + use to run the Prometheus Pods. + type: string + sha: + description: SHA of Alertmanager container image to be deployed. Defaults + to the value of `version`. Similar to a tag, but the SHA explicitly + deploys an immutable container image. Version and Tag are ignored + if SHA is set. + type: string + storage: + description: Storage is the definition of how storage will be used by + the Alertmanager instances. + properties: + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus + StatefulSets. If specified, used in place of any volumeClaimTemplate. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. + The default is "" which means to use the node''s default medium. + Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. More + info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + type: object + spec: + description: 'Spec defines the desired characteristics of a + volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: This field requires the VolumeSnapshotDataSource + alpha feature gate to be enabled and currently VolumeSnapshot + is the only supported data source. If the provisioner + can support VolumeSnapshot data source, it will create + a new volume and data will be restored to the volume at + the same time. If the provisioner does not support VolumeSnapshot + data source, volume will not be created and the failure + will be reported as an event. In the future, we plan to + support more data source types and the behavior of the + provisioner may change. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, the + specified Kind must be in the core API group. For + any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for + binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not + included in claim spec. This is a beta feature. + type: string + volumeName: + description: VolumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + type: string + description: Represents the actual resources of the underlying + volume. + type: object + conditions: + description: Current Condition of persistent volume claim. + If underlying persistent volume is being resized then + the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details + about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned + from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details + about last transition. + type: string + reason: + description: Unique, this should be a short, machine + understandable string that gives the reason for + condition's last transition. If it reports "ResizeStarted" + that means the underlying persistent volume is being + resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is + a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tag: + description: Tag of Alertmanager container image to be deployed. Defaults + to the value of `version`. Version is ignored if Tag is set. + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the + toleration (which must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + version: + description: Version the cluster should be on. + type: string + volumeMounts: + description: VolumeMounts allows configuration of additional VolumeMounts + on the output StatefulSet definition. VolumeMounts specified will + be appended to other VolumeMounts in the alertmanager container, that + are generated as a result of StorageSpec objects. + items: + description: VolumeMount describes a mounting of a Volume within a + container. + properties: + mountPath: + description: Path within the container at which the volume should + be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated + from the host to container and the other way around. When not + set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's + volume should be mounted. Behaves similarly to SubPath but environment + variable references $(VAR_NAME) are expanded using the container's + environment. Defaults to "" (volume's root). SubPathExpr and + SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Volumes allows configuration of additional volumes on the + output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be + accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the default + is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in + AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks + per storage account Dedicated: single blob disk per storage + account Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage + Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than + the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring + for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication + secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted + on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected into + the volume as a file whose name is the key and content is + the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the + ConfigMap, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must + be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents storage + that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed to the + associated CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret + object containing sensitive information to pass to the CSI + driver to complete the CSI NodePublishVolume and NodeUnpublishVolume + calls. This field is optional, and may be empty if no secret + is required. If the secret object contains more than one + secret, all secret references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name + of the file to be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 encoded. The + first item of the relative path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares + a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this + directory. The default is "" which means to use the node''s + default medium. Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + fc: + description: FC represents a Fibre Channel resource that is attached + to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be + set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that + is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this + volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret + object containing sensitive information to pass to the plugin + scripts. This may be empty if no secret object is specified. + If the secret object contains more than one secret, all + secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a + kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name + on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used + to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision a + container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start + with '..'. If '.' is supplied, the volume directory will + be the git repository. Otherwise, if specified, the volume + will contain the git repository in the subdirectory with + the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host + that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path + is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to the + pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new iSCSI + interface : will be created + for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an + IP or ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within + the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be + mounted with read-only permissions. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference + to a PersistentVolumeClaim in the same namespace. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories within the + path are not affected by this setting. This might be in + conflict with other options that affect the file mode, like + fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: information about the configMap data to + project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced ConfigMap + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the ConfigMap, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data + to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults to + "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced Secret will + be projected into the volume as a file whose name + is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the Secret, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience of + the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account token. + As the token approaches expiration, the kubelet + volume plugin will proactively rotate the service + account token. The kubelet will start trying to + rotate the token if the token is older than 80 + percent of its time to live or if the token is + older than 24 hours.Defaults to 1 hour and must + be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount + point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that + shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to + be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for + the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with + Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should + be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the + protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO + system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected into the + volume as a file whose name is the key and content is the + value. If specified, the listed keys will be projected into + the specified paths, and unlisted keys will not be present. + If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be + defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to + use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within a + namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then the + Pod's namespace will be used. This allows the Kubernetes + name scoping to be mirrored within StorageOS for tighter + integration. Set VolumeName to any name to override the + default behaviour. Set to "default" if you are not using + namespaces within StorageOS. Namespaces that do not pre-exist + within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile + name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + status: + description: 'Most recent observed status of the Alertmanager cluster. Read-only. + Not included when requesting from the apiserver, only from the Prometheus + Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this Alertmanager cluster. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlaying managed + objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this Alertmanager + cluster (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this Alertmanager + cluster. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this Alertmanager + cluster that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-podmonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-podmonitor.yaml new file mode 100644 index 000000000..9cf3c42e4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-podmonitor.yaml @@ -0,0 +1,260 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: podmonitors.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: PodMonitor + listKind: PodMonitorList + plural: podmonitors + singular: podmonitor + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: PodMonitor defines monitoring for a set of pods. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired Pod selection for target discovery + by Prometheus. + properties: + jobLabel: + description: The label to use to retrieve the job name from. + type: string + namespaceSelector: + description: Selector to select which namespaces the Endpoints objects + are discovered from. + properties: + any: + description: Boolean describing whether all namespaces are selected + in contrast to a list restricting them. + type: boolean + matchNames: + description: List of namespace names. + items: + type: string + type: array + type: object + podMetricsEndpoints: + description: A list of endpoints allowed as part of this PodMonitor. + items: + description: PodMetricsEndpoint defines a scrapeable endpoint of a + Kubernetes Pod serving Prometheus metrics. + properties: + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + interval: + description: Interval at which metrics should be scraped + type: string + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before ingestion. + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + params: + additionalProperties: + items: + type: string + type: array + description: Optional HTTP URL parameters + type: object + path: + description: HTTP path to scrape for metrics. + type: string + port: + description: Name of the pod port this endpoint refers to. Mutually + exclusive with targetPort. + type: string + proxyUrl: + description: ProxyURL eg http://proxyserver:2195 Directs scrapes + to proxy through this endpoint. + type: string + relabelings: + description: 'RelabelConfigs to apply to samples before ingestion. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + scheme: + description: HTTP scheme to use for scraping. + type: string + scrapeTimeout: + description: Timeout after which the scrape is ended + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Deprecated: Use ''port'' instead.' + x-kubernetes-int-or-string: true + type: object + type: array + podTargetLabels: + description: PodTargetLabels transfers labels on the Kubernetes Pod + onto the target. + items: + type: string + type: array + sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped + samples that will be accepted. + format: int64 + type: integer + selector: + description: Selector to select Pod objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + required: + - podMetricsEndpoints + - selector + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-prometheus.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-prometheus.yaml new file mode 100644 index 000000000..704379fb2 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-prometheus.yaml @@ -0,0 +1,6002 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: prometheuses.monitoring.coreos.com +spec: + additionalPrinterColumns: + - JSONPath: .spec.version + description: The version of Prometheus + name: Version + type: string + - JSONPath: .spec.replicas + description: The desired replicas number of Prometheuses + name: Replicas + type: integer + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: monitoring.coreos.com + names: + kind: Prometheus + listKind: PrometheusList + plural: prometheuses + singular: prometheus + preserveUnknownFields: false + scope: Namespaced + subresources: {} + validation: + openAPIV3Schema: + description: Prometheus defines a Prometheus deployment. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the Prometheus cluster. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + additionalAlertManagerConfigs: + description: 'AdditionalAlertManagerConfigs allows specifying a key + of a Secret containing additional Prometheus AlertManager configurations. + AlertManager configurations specified are appended to the configurations + generated by the Prometheus Operator. Job configurations specified + must have the form as specified in the official Prometheus documentation: + https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config. + As AlertManager configs are appended, the user is responsible to make + sure it is valid. Note that using this feature may expose the possibility + to break upgrades of Prometheus. It is advised to review Prometheus + release notes to ensure that no incompatible AlertManager configs + are going to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + additionalAlertRelabelConfigs: + description: 'AdditionalAlertRelabelConfigs allows specifying a key + of a Secret containing additional Prometheus alert relabel configurations. + Alert relabel configurations specified are appended to the configurations + generated by the Prometheus Operator. Alert relabel configurations + specified must have the form as specified in the official Prometheus + documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs. + As alert relabel configs are appended, the user is responsible to + make sure it is valid. Note that using this feature may expose the + possibility to break upgrades of Prometheus. It is advised to review + Prometheus release notes to ensure that no incompatible alert relabel + configs are going to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + additionalScrapeConfigs: + description: 'AdditionalScrapeConfigs allows specifying a key of a Secret + containing additional Prometheus scrape configurations. Scrape configurations + specified are appended to the configurations generated by the Prometheus + Operator. Job configurations specified must have the form as specified + in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. + As scrape configs are appended, the user is responsible to make sure + it is valid. Note that using this feature may expose the possibility + to break upgrades of Prometheus. It is advised to review Prometheus + release notes to ensure that no incompatible scrape configs are going + to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all + objects with implicit weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no objects (i.e. is also + a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The + terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may not + try to eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field + and adding "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + alerting: + description: Define details regarding alerting. + properties: + alertmanagers: + description: AlertmanagerEndpoints Prometheus should fire alerts + against. + items: + description: AlertmanagerEndpoints defines a selection of a single + Endpoints object containing alertmanager IPs to fire alerts + against. + properties: + apiVersion: + description: Version of the Alertmanager API that Prometheus + uses to send alerts. It can be "v1" or "v2". + type: string + bearerTokenFile: + description: BearerTokenFile to read from filesystem to use + when authenticating to Alertmanager. + type: string + name: + description: Name of Endpoints object in Namespace. + type: string + namespace: + description: Namespace of Endpoints object. + type: string + pathPrefix: + description: Prefix for the HTTP path alerts are pushed to. + type: string + port: + anyOf: + - type: integer + - type: string + description: Port the Alertmanager API is exposed on. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use when firing alerts. + type: string + tlsConfig: + description: TLS Config to use for alertmanager connection. + properties: + ca: + description: Stuct containing the CA cert to use for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for + the targets. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - name + - namespace + - port + type: object + type: array + required: + - alertmanagers + type: object + apiserverConfig: + description: APIServerConfig allows specifying a host and auth methods + to access apiserver. If left empty, Prometheus is assumed to run inside + of the cluster and will discover API servers automatically and use + the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. + properties: + basicAuth: + description: BasicAuth allow an endpoint to authenticate over basic + authentication + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: Bearer token for accessing apiserver. + type: string + bearerTokenFile: + description: File to read bearer token for accessing apiserver. + type: string + host: + description: Host of apiserver. A valid string consisting of a hostname + or IP followed by an optional port number + type: string + tlsConfig: + description: TLS Config to use for accessing apiserver. + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container + for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + type: object + arbitraryFSAccessThroughSMs: + description: ArbitraryFSAccessThroughSMs configures whether configuration + based on a service monitor can access arbitrary files on the file + system of the Prometheus container e.g. bearer token files. + properties: + deny: + type: boolean + type: object + baseImage: + description: Base image to use for a Prometheus deployment. + type: string + configMaps: + description: ConfigMaps is a list of ConfigMaps in the same namespace + as the Prometheus object, which shall be mounted into the Prometheus + Pods. The ConfigMaps are mounted into /etc/prometheus/configmaps/. + items: + type: string + type: array + containers: + description: 'Containers allows injecting additional containers or modifying + operator generated containers. This can be used to allow adding an + authentication proxy to a Prometheus pod or to change the behavior + of an operator generated container. Containers described here modify + an operator generated container if they share the same name and modifications + are done via a strategic merge patch. The current container names + are: `prometheus`, `prometheus-config-reloader`, `rules-configmap-reloader`, + and `thanos-sidecar`. Overriding containers is entirely outside the + scope of what the maintainers will support and by doing so, you accept + that this behaviour may break at any time without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + disableCompaction: + description: Disable prometheus compaction. + type: boolean + enableAdminAPI: + description: 'Enable access to prometheus web admin API. Defaults to + the value of `false`. WARNING: Enabling the admin APIs enables mutating + endpoints, to delete data, shutdown Prometheus, and more. Enabling + this should be done with care and the user is advised to add additional + authentication authorization via a proxy to ensure only clients authorized + to perform these actions can do so. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis' + type: boolean + enforcedNamespaceLabel: + description: EnforcedNamespaceLabel enforces adding a namespace label + of origin for each alert and metric that is user created. The label + value will always be the namespace of the object that is being created. + type: string + evaluationInterval: + description: Interval between consecutive evaluations. + type: string + externalLabels: + additionalProperties: + type: string + description: The labels to add to any time series or alerts when communicating + with external systems (federation, remote storage, Alertmanager). + type: object + externalUrl: + description: The external URL the Prometheus instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Prometheus is not served from root of a DNS name. + type: string + ignoreNamespaceSelectors: + description: IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector + settings from the podmonitor and servicemonitor configs, and they + will only discover endpoints within their current namespace. Defaults + to false. + type: boolean + image: + description: Image if specified has precedence over baseImage, tag and + sha combinations. Specifying the version is still necessary to ensure + the Prometheus Operator knows what version of Prometheus is being + configured. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace + to use for pulling prometheus and alertmanager images from registries + see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let + you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the Prometheus configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart of + the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + Using initContainers for any use case other then secret fetching is + entirely outside the scope of what the maintainers will support and + by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + listenLocal: + description: ListenLocal makes the Prometheus server listen on loopback, + so that it does not bind against the Pod IP. + type: boolean + logFormat: + description: Log format for Prometheus to be configured with. + type: string + logLevel: + description: Log level for Prometheus to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + overrideHonorLabels: + description: OverrideHonorLabels if set to true overrides all user configured + honor_labels. If HonorLabels is set in ServiceMonitor or PodMonitor + to true, this overrides honor_labels to false. + type: boolean + overrideHonorTimestamps: + description: OverrideHonorTimestamps allows to globally enforce honoring + timestamps in all scrape configs. + type: boolean + paused: + description: When a Prometheus deployment is paused, no actions except + for deletion will be performed on the underlying objects. + type: boolean + podMetadata: + description: PodMetadata configures Labels and Annotations which are + propagated to the prometheus pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + podMonitorNamespaceSelector: + description: Namespaces to be selected for PodMonitor discovery. If + nil, only check own namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + podMonitorSelector: + description: '*Experimental* PodMonitors to be selected for target discovery.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + portName: + description: Port name used for the pods and governing service. This + defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + prometheusExternalLabelName: + description: Name of Prometheus external label used to denote Prometheus + instance name. Defaults to the value of `prometheus`. External label + will _not_ be added when value is set to empty string (`""`). + type: string + query: + description: QuerySpec defines the query command line flags when starting + Prometheus. + properties: + lookbackDelta: + description: The delta difference allowed for retrieving metrics + during expression evaluations. + type: string + maxConcurrency: + description: Number of concurrent queries that can be run at once. + format: int32 + type: integer + maxSamples: + description: Maximum number of samples a single query can load into + memory. Note that queries will fail if they would load more samples + than this into memory, so this also limits the number of samples + a query can return. + format: int32 + type: integer + timeout: + description: Maximum time a query may take before being aborted. + type: string + type: object + remoteRead: + description: If specified, the remote_read spec. This is an experimental + feature, it may change in any upcoming release in a breaking way. + items: + description: RemoteReadSpec defines the remote_read configuration + for prometheus. + properties: + basicAuth: + description: BasicAuth for the URL. + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: bearer token for remote read. + type: string + bearerTokenFile: + description: File to read bearer token for remote read. + type: string + proxyUrl: + description: Optional ProxyURL + type: string + readRecent: + description: Whether reads should be made for queries for time + ranges that the local storage should have complete data for. + type: boolean + remoteTimeout: + description: Timeout for requests to the remote read endpoint. + type: string + requiredMatchers: + additionalProperties: + type: string + description: An optional list of equality matchers which have + to be present in a selector to query the remote read endpoint. + type: object + tlsConfig: + description: TLS Config to use for remote read. + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + url: + description: The URL of the endpoint to send samples to. + type: string + required: + - url + type: object + type: array + remoteWrite: + description: If specified, the remote_write spec. This is an experimental + feature, it may change in any upcoming release in a breaking way. + items: + description: RemoteWriteSpec defines the remote_write configuration + for prometheus. + properties: + basicAuth: + description: BasicAuth for the URL. + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: File to read bearer token for remote write. + type: string + bearerTokenFile: + description: File to read bearer token for remote write. + type: string + proxyUrl: + description: Optional ProxyURL + type: string + queueConfig: + description: QueueConfig allows tuning of the remote write queue + parameters. + properties: + batchSendDeadline: + description: BatchSendDeadline is the maximum time a sample + will wait in buffer. + type: string + capacity: + description: Capacity is the number of samples to buffer per + shard before we start dropping them. + type: integer + maxBackoff: + description: MaxBackoff is the maximum retry delay. + type: string + maxRetries: + description: MaxRetries is the maximum number of times to + retry a batch on recoverable errors. + type: integer + maxSamplesPerSend: + description: MaxSamplesPerSend is the maximum number of samples + per send. + type: integer + maxShards: + description: MaxShards is the maximum number of shards, i.e. + amount of concurrency. + type: integer + minBackoff: + description: MinBackoff is the initial retry delay. Gets doubled + for every retry. + type: string + minShards: + description: MinShards is the minimum number of shards, i.e. + amount of concurrency. + type: integer + type: object + remoteTimeout: + description: Timeout for requests to the remote write endpoint. + type: string + tlsConfig: + description: TLS Config to use for remote write. + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + url: + description: The URL of the endpoint to send samples to. + type: string + writeRelabelConfigs: + description: The list of remote write relabel configurations. + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + required: + - url + type: object + type: array + replicaExternalLabelName: + description: Name of Prometheus external label used to denote replica + name. Defaults to the value of `prometheus_replica`. External label + will _not_ be added when value is set to empty string (`""`). + type: string + replicas: + description: Number of instances to deploy for a Prometheus deployment. + format: int32 + type: integer + resources: + description: Define resources requests and limits for single Pods. + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration Prometheus shall retain data for. Default + is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` + (milliseconds seconds minutes hours days weeks years). + type: string + retentionSize: + description: Maximum amount of disk space used by blocks. + type: string + routePrefix: + description: The route prefix Prometheus registers HTTP handlers for. + This is useful, if using ExternalURL and a proxy is rewriting HTTP + routes of a request, and the actual ExternalURL is still true, but + the server serves requests under a different route prefix. For example + for use with `kubectl proxy`. + type: string + ruleNamespaceSelector: + description: Namespaces to be selected for PrometheusRules discovery. + If unspecified, only the same namespace as the Prometheus object is + in is used. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + ruleSelector: + description: A selector to select which PrometheusRules to mount for + loading alerting rules from. Until (excluding) Prometheus Operator + v0.24.0 Prometheus Operator will migrate any legacy rule ConfigMaps + to PrometheusRule custom resources selected by RuleSelector. Make + sure it does not match any config maps that you do not want to be + migrated. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + rules: + description: /--rules.*/ command-line arguments. + properties: + alert: + description: /--rules.alert.*/ command-line arguments + properties: + forGracePeriod: + description: Minimum duration between alert and restored 'for' + state. This is maintained only for alerts with configured + 'for' time greater than grace period. + type: string + forOutageTolerance: + description: Max time to tolerate prometheus outage for restoring + 'for' state of alert. + type: string + resendDelay: + description: Minimum amount of time to wait before resending + an alert to Alertmanager. + type: string + type: object + type: object + scrapeInterval: + description: Interval between consecutive scrapes. + type: string + secrets: + description: Secrets is a list of Secrets in the same namespace as the + Prometheus object, which shall be mounted into the Prometheus Pods. + The Secrets are mounted into /etc/prometheus/secrets/. + items: + type: string + type: array + securityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers + in a pod. Some volume types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n 1. The owning GID will + be the FSGroup 2. The setgid bit is set (new files created in + the volume will be owned by FSGroup) 3. The permission bits are + OR'd with rw-rw---- \n If unset, the Kubelet will not modify the + ownership and permissions of any volume." + format: int64 + type: integer + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux + context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in + each container, in addition to the container's primary GID. If + unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. This field is alpha-level and is only + honored by servers that enable the WindowsGMSA feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of + the container process. Defaults to the user specified in image + metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. This + field is beta-level and may be disabled with the WindowsRunAsUserName + feature flag. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to + use to run the Prometheus Pods. + type: string + serviceMonitorNamespaceSelector: + description: Namespaces to be selected for ServiceMonitor discovery. + If nil, only check own namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + serviceMonitorSelector: + description: ServiceMonitors to be selected for target discovery. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + sha: + description: SHA of Prometheus container image to be deployed. Defaults + to the value of `version`. Similar to a tag, but the SHA explicitly + deploys an immutable container image. Version and Tag are ignored + if SHA is set. + type: string + storage: + description: Storage spec to specify how storage shall be used. + properties: + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus + StatefulSets. If specified, used in place of any volumeClaimTemplate. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. + The default is "" which means to use the node''s default medium. + Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. More + info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + type: object + spec: + description: 'Spec defines the desired characteristics of a + volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: This field requires the VolumeSnapshotDataSource + alpha feature gate to be enabled and currently VolumeSnapshot + is the only supported data source. If the provisioner + can support VolumeSnapshot data source, it will create + a new volume and data will be restored to the volume at + the same time. If the provisioner does not support VolumeSnapshot + data source, volume will not be created and the failure + will be reported as an event. In the future, we plan to + support more data source types and the behavior of the + provisioner may change. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, the + specified Kind must be in the core API group. For + any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for + binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not + included in claim spec. This is a beta feature. + type: string + volumeName: + description: VolumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + type: string + description: Represents the actual resources of the underlying + volume. + type: object + conditions: + description: Current Condition of persistent volume claim. + If underlying persistent volume is being resized then + the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details + about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned + from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details + about last transition. + type: string + reason: + description: Unique, this should be a short, machine + understandable string that gives the reason for + condition's last transition. If it reports "ResizeStarted" + that means the underlying persistent volume is being + resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is + a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tag: + description: Tag of Prometheus container image to be deployed. Defaults + to the value of `version`. Version is ignored if Tag is set. + type: string + thanos: + description: "Thanos configuration allows configuring various aspects + of a Prometheus server in a Thanos environment. \n This section is + experimental, it may change significantly without deprecation notice + in any release. \n This is experimental and may change significantly + without backward compatibility in any release." + properties: + baseImage: + description: Thanos base image if other than default. + type: string + grpcServerTlsConfig: + description: 'GRPCServerTLSConfig configures the gRPC server from + which Thanos Querier reads recorded rule data. Note: Currently + only the CAFile, CertFile, and KeyFile fields are supported. Maps + to the ''--grpc-server-tls-*'' CLI args.' + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container + for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + image: + description: Image if specified has precedence over baseImage, tag + and sha combinations. Specifying the version is still necessary + to ensure the Prometheus Operator knows what version of Thanos + is being configured. + type: string + listenLocal: + description: ListenLocal makes the Thanos sidecar listen on loopback, + so that it does not bind against the Pod IP. + type: boolean + objectStorageConfig: + description: ObjectStorageConfig configures object storage in Thanos. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + resources: + description: Resources defines the resource requirements for the + Thanos sidecar. If not provided, no requests/limits will be set + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + sha: + description: SHA of Thanos container image to be deployed. Defaults + to the value of `version`. Similar to a tag, but the SHA explicitly + deploys an immutable container image. Version and Tag are ignored + if SHA is set. + type: string + tag: + description: Tag of Thanos sidecar container image to be deployed. + Defaults to the value of `version`. Version is ignored if Tag + is set. + type: string + tracingConfig: + description: TracingConfig configures tracing in Thanos. This is + an experimental feature, it may change in any upcoming release + in a breaking way. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + version: + description: Version describes the version of Thanos to use. + type: string + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the + toleration (which must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + version: + description: Version of Prometheus to be deployed. + type: string + volumeMounts: + description: VolumeMounts allows configuration of additional VolumeMounts + on the output StatefulSet definition. VolumeMounts specified will + be appended to other VolumeMounts in the prometheus container, that + are generated as a result of StorageSpec objects. + items: + description: VolumeMount describes a mounting of a Volume within a + container. + properties: + mountPath: + description: Path within the container at which the volume should + be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated + from the host to container and the other way around. When not + set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's + volume should be mounted. Behaves similarly to SubPath but environment + variable references $(VAR_NAME) are expanded using the container's + environment. Defaults to "" (volume's root). SubPathExpr and + SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Volumes allows configuration of additional volumes on the + output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be + accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the default + is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in + AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks + per storage account Dedicated: single blob disk per storage + account Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage + Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than + the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring + for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication + secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted + on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected into + the volume as a file whose name is the key and content is + the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the + ConfigMap, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must + be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents storage + that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed to the + associated CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret + object containing sensitive information to pass to the CSI + driver to complete the CSI NodePublishVolume and NodeUnpublishVolume + calls. This field is optional, and may be empty if no secret + is required. If the secret object contains more than one + secret, all secret references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name + of the file to be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 encoded. The + first item of the relative path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares + a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this + directory. The default is "" which means to use the node''s + default medium. Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + fc: + description: FC represents a Fibre Channel resource that is attached + to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be + set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that + is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this + volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret + object containing sensitive information to pass to the plugin + scripts. This may be empty if no secret object is specified. + If the secret object contains more than one secret, all + secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a + kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name + on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used + to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision a + container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start + with '..'. If '.' is supplied, the volume directory will + be the git repository. Otherwise, if specified, the volume + will contain the git repository in the subdirectory with + the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host + that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path + is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to the + pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new iSCSI + interface : will be created + for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an + IP or ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within + the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be + mounted with read-only permissions. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference + to a PersistentVolumeClaim in the same namespace. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories within the + path are not affected by this setting. This might be in + conflict with other options that affect the file mode, like + fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: information about the configMap data to + project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced ConfigMap + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the ConfigMap, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data + to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults to + "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced Secret will + be projected into the volume as a file whose name + is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the Secret, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience of + the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account token. + As the token approaches expiration, the kubelet + volume plugin will proactively rotate the service + account token. The kubelet will start trying to + rotate the token if the token is older than 80 + percent of its time to live or if the token is + older than 24 hours.Defaults to 1 hour and must + be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount + point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that + shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to + be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for + the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with + Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should + be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the + protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO + system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected into the + volume as a file whose name is the key and content is the + value. If specified, the listed keys will be projected into + the specified paths, and unlisted keys will not be present. + If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be + defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to + use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within a + namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then the + Pod's namespace will be used. This allows the Kubernetes + name scoping to be mirrored within StorageOS for tighter + integration. Set VolumeName to any name to override the + default behaviour. Set to "default" if you are not using + namespaces within StorageOS. Namespaces that do not pre-exist + within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile + name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + walCompression: + description: Enable compression of the write-ahead log using Snappy. + This flag is only available in versions of Prometheus >= 2.11.0. + type: boolean + type: object + status: + description: 'Most recent observed status of the Prometheus cluster. Read-only. + Not included when requesting from the apiserver, only from the Prometheus + Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this Prometheus deployment. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlaying managed + objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this Prometheus + deployment (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this Prometheus + deployment. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this Prometheus + deployment that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-prometheusrules.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-prometheusrules.yaml new file mode 100644 index 000000000..5546de38e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-prometheusrules.yaml @@ -0,0 +1,91 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: prometheusrules.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: PrometheusRule + listKind: PrometheusRuleList + plural: prometheusrules + singular: prometheusrule + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: PrometheusRule defines alerting rules for a Prometheus instance + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired alerting rule definitions for Prometheus. + properties: + groups: + description: Content of Prometheus rule file + items: + description: 'RuleGroup is a list of sequentially evaluated recording + and alerting rules. Note: PartialResponseStrategy is only used by + ThanosRuler and will be ignored by Prometheus instances. Valid + values for this field are ''warn'' or ''abort''. More info: https://github.com/thanos-io/thanos/blob/master/docs/components/rule.md#partial-response' + properties: + interval: + type: string + name: + type: string + partial_response_strategy: + type: string + rules: + items: + description: Rule describes an alerting or recording rule. + properties: + alert: + type: string + annotations: + additionalProperties: + type: string + type: object + expr: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + for: + type: string + labels: + additionalProperties: + type: string + type: object + record: + type: string + required: + - expr + type: object + type: array + required: + - name + - rules + type: object + type: array + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-servicemonitor.yaml new file mode 100644 index 000000000..8f7a67c14 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-servicemonitor.yaml @@ -0,0 +1,459 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: servicemonitors.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: ServiceMonitor + listKind: ServiceMonitorList + plural: servicemonitors + singular: servicemonitor + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: ServiceMonitor defines monitoring for a set of services. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired Service selection for target discovery + by Prometheus. + properties: + endpoints: + description: A list of endpoints allowed as part of this ServiceMonitor. + items: + description: Endpoint defines a scrapeable endpoint serving Prometheus + metrics. + properties: + basicAuth: + description: 'BasicAuth allow an endpoint to authenticate over + basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenFile: + description: File to read bearer token for scraping targets. + type: string + bearerTokenSecret: + description: Secret to mount to read bearer token for scraping + targets. The secret needs to be in the same namespace as the + service monitor and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + interval: + description: Interval at which metrics should be scraped + type: string + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before ingestion. + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + params: + additionalProperties: + items: + type: string + type: array + description: Optional HTTP URL parameters + type: object + path: + description: HTTP path to scrape for metrics. + type: string + port: + description: Name of the service port this endpoint refers to. + Mutually exclusive with targetPort. + type: string + proxyUrl: + description: ProxyURL eg http://proxyserver:2195 Directs scrapes + to proxy through this endpoint. + type: string + relabelings: + description: 'RelabelConfigs to apply to samples before scraping. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + scheme: + description: HTTP scheme to use for scraping. + type: string + scrapeTimeout: + description: Timeout after which the scrape is ended + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: Name or number of the pod port this endpoint refers + to. Mutually exclusive with port. + x-kubernetes-int-or-string: true + tlsConfig: + description: TLS configuration to use when scraping the endpoint + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + jobLabel: + description: The label to use to retrieve the job name from. + type: string + namespaceSelector: + description: Selector to select which namespaces the Endpoints objects + are discovered from. + properties: + any: + description: Boolean describing whether all namespaces are selected + in contrast to a list restricting them. + type: boolean + matchNames: + description: List of namespace names. + items: + type: string + type: array + type: object + podTargetLabels: + description: PodTargetLabels transfers labels on the Kubernetes Pod + onto the target. + items: + type: string + type: array + sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped + samples that will be accepted. + format: int64 + type: integer + selector: + description: Selector to select Endpoints objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + targetLabels: + description: TargetLabels transfers labels on the Kubernetes Service + onto the target. + items: + type: string + type: array + required: + - endpoints + - selector + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-thanosrulers.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-thanosrulers.yaml new file mode 100644 index 000000000..82136d73e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/crd-manifest/crd-thanosrulers.yaml @@ -0,0 +1,4725 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: thanosrulers.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: ThanosRuler + listKind: ThanosRulerList + plural: thanosrulers + singular: thanosruler + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: ThanosRuler defines a ThanosRuler deployment. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the ThanosRuler cluster. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all + objects with implicit weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no objects (i.e. is also + a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The + terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may not + try to eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field + and adding "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + alertDropLabels: + description: AlertDropLabels configure the label names which should + be dropped in ThanosRuler alerts. If `labels` field is not provided, + `thanos_ruler_replica` will be dropped in alerts by default. + items: + type: string + type: array + alertQueryUrl: + description: The external Query URL the Thanos Ruler will set in the + 'Source' field of all alerts. Maps to the '--alert.query-url' CLI + arg. + type: string + alertmanagersConfig: + description: Define configuration for connecting to alertmanager. Only + available with thanos v0.10.0 and higher. Maps to the `alertmanagers.config` + arg. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + alertmanagersUrl: + description: 'Define URLs to send alerts to Alertmanager. For Thanos + v0.10.0 and higher, AlertManagersConfig should be used instead. Note: + this field will be ignored if AlertManagersConfig is specified. Maps + to the `alertmanagers.url` arg.' + items: + type: string + type: array + containers: + description: 'Containers allows injecting additional containers or modifying + operator generated containers. This can be used to allow adding an + authentication proxy to a ThanosRuler pod or to change the behavior + of an operator generated container. Containers described here modify + an operator generated container if they share the same name and modifications + are done via a strategic merge patch. The current container names + are: `thanos-ruler` and `rules-configmap-reloader`. Overriding containers + is entirely outside the scope of what the maintainers will support + and by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + enforcedNamespaceLabel: + description: EnforcedNamespaceLabel enforces adding a namespace label + of origin for each alert and metric that is user created. The label + value will always be the namespace of the object that is being created. + type: string + evaluationInterval: + description: Interval between consecutive evaluations. + type: string + externalPrefix: + description: The external URL the Thanos Ruler instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Thanos Ruler is not served from root of a DNS name. + type: string + grpcServerTlsConfig: + description: 'GRPCServerTLSConfig configures the gRPC server from which + Thanos Querier reads recorded rule data. Note: Currently only the + CAFile, CertFile, and KeyFile fields are supported. Maps to the ''--grpc-server-tls-*'' + CLI args.' + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must + be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container to + use for the targets. + type: string + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must + be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus container + for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container + for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + image: + description: Thanos container image URL. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace + to use for pulling thanos images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let + you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the ThanosRuler configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart of + the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + Using initContainers for any use case other then secret fetching is + entirely outside the scope of what the maintainers will support and + by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: Labels configure the external label pairs to ThanosRuler. + If not provided, default replica label `thanos_ruler_replica` will + be added as a label and be dropped in alerts. + type: object + listenLocal: + description: ListenLocal makes the Thanos ruler listen on loopback, + so that it does not bind against the Pod IP. + type: boolean + logFormat: + description: Log format for ThanosRuler to be configured with. + type: string + logLevel: + description: Log level for ThanosRuler to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + objectStorageConfig: + description: ObjectStorageConfig configures object storage in Thanos. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + paused: + description: When a ThanosRuler deployment is paused, no actions except + for deletion will be performed on the underlying objects. + type: boolean + podMetadata: + description: PodMetadata contains Labels and Annotations gets propagated + to the thanos ruler pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + portName: + description: Port name used for the pods and governing service. This + defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + queryConfig: + description: Define configuration for connecting to thanos query instances. + If this is defined, the QueryEndpoints field will be ignored. Maps + to the `query.config` CLI argument. Only available with thanos v0.11.0 + and higher. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + queryEndpoints: + description: QueryEndpoints defines Thanos querier endpoints from which + to query metrics. Maps to the --query flag of thanos ruler. + items: + type: string + type: array + replicas: + description: Number of thanos ruler instances to deploy. + format: int32 + type: integer + resources: + description: Resources defines the resource requirements for single + Pods. If not provided, no requests/limits will be set + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration ThanosRuler shall retain data for. Default + is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` + (milliseconds seconds minutes hours days weeks years). + type: string + routePrefix: + description: The route prefix ThanosRuler registers HTTP handlers for. + This allows thanos UI to be served on a sub-path. + type: string + ruleNamespaceSelector: + description: Namespaces to be selected for Rules discovery. If unspecified, + only the same namespace as the ThanosRuler object is in is used. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + ruleSelector: + description: A label selector to select which PrometheusRules to mount + for alerting and recording. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + securityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers + in a pod. Some volume types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n 1. The owning GID will + be the FSGroup 2. The setgid bit is set (new files created in + the volume will be owned by FSGroup) 3. The permission bits are + OR'd with rw-rw---- \n If unset, the Kubelet will not modify the + ownership and permissions of any volume." + format: int64 + type: integer + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux + context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in + each container, in addition to the container's primary GID. If + unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. This field is alpha-level and is only + honored by servers that enable the WindowsGMSA feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of + the container process. Defaults to the user specified in image + metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. This + field is beta-level and may be disabled with the WindowsRunAsUserName + feature flag. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to + use to run the Thanos Ruler Pods. + type: string + storage: + description: Storage spec to specify how storage shall be used. + properties: + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus + StatefulSets. If specified, used in place of any volumeClaimTemplate. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. + The default is "" which means to use the node''s default medium. + Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. More + info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + type: object + spec: + description: 'Spec defines the desired characteristics of a + volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: This field requires the VolumeSnapshotDataSource + alpha feature gate to be enabled and currently VolumeSnapshot + is the only supported data source. If the provisioner + can support VolumeSnapshot data source, it will create + a new volume and data will be restored to the volume at + the same time. If the provisioner does not support VolumeSnapshot + data source, volume will not be created and the failure + will be reported as an event. In the future, we plan to + support more data source types and the behavior of the + provisioner may change. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, the + specified Kind must be in the core API group. For + any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for + binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not + included in claim spec. This is a beta feature. + type: string + volumeName: + description: VolumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + type: string + description: Represents the actual resources of the underlying + volume. + type: object + conditions: + description: Current Condition of persistent volume claim. + If underlying persistent volume is being resized then + the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details + about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned + from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details + about last transition. + type: string + reason: + description: Unique, this should be a short, machine + understandable string that gives the reason for + condition's last transition. If it reports "ResizeStarted" + that means the underlying persistent volume is being + resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is + a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the + toleration (which must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + tracingConfig: + description: TracingConfig configures tracing in Thanos. This is an + experimental feature, it may change in any upcoming release in a breaking + way. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + volumes: + description: Volumes allows configuration of additional volumes on the + output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be + accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the default + is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in + AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks + per storage account Dedicated: single blob disk per storage + account Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage + Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than + the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring + for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication + secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted + on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected into + the volume as a file whose name is the key and content is + the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the + ConfigMap, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must + be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents storage + that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed to the + associated CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret + object containing sensitive information to pass to the CSI + driver to complete the CSI NodePublishVolume and NodeUnpublishVolume + calls. This field is optional, and may be empty if no secret + is required. If the secret object contains more than one + secret, all secret references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name + of the file to be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 encoded. The + first item of the relative path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares + a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this + directory. The default is "" which means to use the node''s + default medium. Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + fc: + description: FC represents a Fibre Channel resource that is attached + to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be + set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that + is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this + volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret + object containing sensitive information to pass to the plugin + scripts. This may be empty if no secret object is specified. + If the secret object contains more than one secret, all + secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a + kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name + on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used + to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision a + container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start + with '..'. If '.' is supplied, the volume directory will + be the git repository. Otherwise, if specified, the volume + will contain the git repository in the subdirectory with + the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host + that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path + is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to the + pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new iSCSI + interface : will be created + for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an + IP or ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within + the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be + mounted with read-only permissions. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference + to a PersistentVolumeClaim in the same namespace. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories within the + path are not affected by this setting. This might be in + conflict with other options that affect the file mode, like + fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: information about the configMap data to + project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced ConfigMap + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the ConfigMap, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data + to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults to + "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced Secret will + be projected into the volume as a file whose name + is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the Secret, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience of + the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account token. + As the token approaches expiration, the kubelet + volume plugin will proactively rotate the service + account token. The kubelet will start trying to + rotate the token if the token is older than 80 + percent of its time to live or if the token is + older than 24 hours.Defaults to 1 hour and must + be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount + point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that + shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to + be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for + the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with + Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should + be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the + protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO + system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected into the + volume as a file whose name is the key and content is the + value. If specified, the listed keys will be projected into + the specified paths, and unlisted keys will not be present. + If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be + defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to + use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within a + namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then the + Pod's namespace will be used. This allows the Kubernetes + name scoping to be mirrored within StorageOS for tighter + integration. Set VolumeName to any name to override the + default behaviour. Set to "default" if you are not using + namespaces within StorageOS. Namespaces that do not pre-exist + within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile + name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + status: + description: 'Most recent observed status of the ThanosRuler cluster. Read-only. + Not included when requesting from the apiserver, only from the ThanosRuler + Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this ThanosRuler deployment. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlying managed + objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this ThanosRuler + deployment (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this ThanosRuler + deployment. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this ThanosRuler + deployment that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/templates/_helpers.tpl new file mode 100644 index 000000000..39b26c195 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/templates/_helpers.tpl @@ -0,0 +1,7 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/templates/jobs.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/templates/jobs.yaml new file mode 100644 index 000000000..709005fd9 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/templates/jobs.yaml @@ -0,0 +1,92 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-create + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} + annotations: + "helm.sh/hook": post-install, post-upgrade, post-rollback + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + name: {{ .Chart.Name }}-create + labels: + app: {{ .Chart.Name }} + spec: + serviceAccountName: {{ .Chart.Name }}-manager + securityContext: + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: create-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - apply + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + restartPolicy: OnFailure + volumes: + - name: crd-manifest + configMap: + name: {{ .Chart.Name }}-manifest +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-delete + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + name: {{ .Chart.Name }}-delete + labels: + app: {{ .Chart.Name }} + spec: + serviceAccountName: {{ .Chart.Name }}-manager + securityContext: + runAsNonRoot: true + runAsUser: 1000 + initContainers: + - name: remove-finalizers + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - apply + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + containers: + - name: delete-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - delete + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + restartPolicy: OnFailure + volumes: + - name: crd-manifest + configMap: + name: {{ .Chart.Name }}-manifest diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/templates/manifest.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/templates/manifest.yaml new file mode 100644 index 000000000..31016b6ef --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/templates/manifest.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-manifest + namespace: {{ .Release.Namespace }} +data: + crd-manifest.yaml: | + {{- $currentScope := . -}} + {{- $crds := (.Files.Glob "crd-manifest/**.yaml") -}} + {{- range $path, $_ := $crds -}} + {{- with $currentScope -}} + {{ .Files.Get $path | nindent 4 }} + --- + {{- end -}}{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/templates/rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/templates/rbac.yaml new file mode 100644 index 000000000..658304418 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/templates/rbac.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Chart.Name }}-manager + labels: + app: {{ .Chart.Name }}-manager +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: ['create', 'get', 'patch', 'delete'] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Chart.Name }}-manager + labels: + app: {{ .Chart.Name }}-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Chart.Name }}-manager +subjects: +- kind: ServiceAccount + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-manager diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/values.yaml new file mode 100644 index 000000000..3aac0a046 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.200/values.yaml @@ -0,0 +1,11 @@ +# Default values for rancher-monitoring-crd. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: + cattle: + systemDefaultRegistry: "" + +image: + repository: rancher/kubectl + tag: v1.18.6 diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/Chart.yaml new file mode 100644 index 000000000..25940b84a --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-monitoring-system + catalog.cattle.io/release-name: rancher-monitoring-crd +apiVersion: v1 +description: Installs the CRDs for rancher-monitoring. +name: rancher-monitoring-crd +type: application +version: 9.4.201 diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/README.md b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/README.md new file mode 100644 index 000000000..48d2a8621 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/README.md @@ -0,0 +1,2 @@ +# rancher-monitoring-crd +A Rancher chart that installs the CRDs used by rancher-monitoring. diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-alertmanager.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-alertmanager.yaml new file mode 100644 index 000000000..98030b4f8 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-alertmanager.yaml @@ -0,0 +1,4500 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: alertmanagers.monitoring.coreos.com +spec: + additionalPrinterColumns: + - JSONPath: .spec.version + description: The version of Alertmanager + name: Version + type: string + - JSONPath: .spec.replicas + description: The desired replicas number of Alertmanagers + name: Replicas + type: integer + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: monitoring.coreos.com + names: + kind: Alertmanager + listKind: AlertmanagerList + plural: alertmanagers + singular: alertmanager + preserveUnknownFields: false + scope: Namespaced + subresources: {} + validation: + openAPIV3Schema: + description: Alertmanager describes an Alertmanager cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the Alertmanager + cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + additionalPeers: + description: AdditionalPeers allows injecting a set of additional Alertmanagers + to peer with to form a highly available cluster. + items: + type: string + type: array + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all + objects with implicit weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no objects (i.e. is also + a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The + terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may not + try to eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field + and adding "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + baseImage: + description: Base image that is used to deploy pods, without tag. + type: string + configMaps: + description: ConfigMaps is a list of ConfigMaps in the same namespace + as the Alertmanager object, which shall be mounted into the Alertmanager + Pods. The ConfigMaps are mounted into /etc/alertmanager/configmaps/. + items: + type: string + type: array + configSecret: + description: ConfigSecret is the name of a Kubernetes Secret in the + same namespace as the Alertmanager object, which contains configuration + for this Alertmanager instance. Defaults to 'alertmanager-' + The secret is mounted into /etc/alertmanager/config. + type: string + containers: + description: Containers allows injecting additional containers. This + is meant to allow adding an authentication proxy to an Alertmanager + pod. + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + externalUrl: + description: The external URL the Alertmanager instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Alertmanager is not served from root of a DNS name. + type: string + image: + description: Image if specified has precedence over baseImage, tag and + sha combinations. Specifying the version is still necessary to ensure + the Prometheus Operator knows what version of Alertmanager is being + configured. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace + to use for pulling prometheus and alertmanager images from registries + see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let + you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the Alertmanager configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart of + the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + Using initContainers for any use case other then secret fetching is + entirely outside the scope of what the maintainers will support and + by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + listenLocal: + description: ListenLocal makes the Alertmanager server listen on loopback, + so that it does not bind against the Pod IP. Note this is only for + the Alertmanager UI, not the gossip communication. + type: boolean + logFormat: + description: Log format for Alertmanager to be configured with. + type: string + logLevel: + description: Log level for Alertmanager to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + paused: + description: If set to true all actions on the underlaying managed objects + are not goint to be performed, except for delete actions. + type: boolean + podMetadata: + description: PodMetadata configures Labels and Annotations which are + propagated to the alertmanager pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + portName: + description: Port name used for the pods and governing service. This + defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + replicas: + description: Size is the expected size of the alertmanager cluster. + The controller will eventually make the size of the running cluster + equal to the expected size. + format: int32 + type: integer + resources: + description: Define resources requests and limits for single Pods. + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration Alertmanager shall retain data for. Default + is '120h', and must match the regular expression `[0-9]+(ms|s|m|h)` + (milliseconds seconds minutes hours). + type: string + routePrefix: + description: The route prefix Alertmanager registers HTTP handlers for. + This is useful, if using ExternalURL and a proxy is rewriting HTTP + routes of a request, and the actual ExternalURL is still true, but + the server serves requests under a different route prefix. For example + for use with `kubectl proxy`. + type: string + secrets: + description: Secrets is a list of Secrets in the same namespace as the + Alertmanager object, which shall be mounted into the Alertmanager + Pods. The Secrets are mounted into /etc/alertmanager/secrets/. + items: + type: string + type: array + securityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers + in a pod. Some volume types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n 1. The owning GID will + be the FSGroup 2. The setgid bit is set (new files created in + the volume will be owned by FSGroup) 3. The permission bits are + OR'd with rw-rw---- \n If unset, the Kubelet will not modify the + ownership and permissions of any volume." + format: int64 + type: integer + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux + context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in + each container, in addition to the container's primary GID. If + unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. This field is alpha-level and is only + honored by servers that enable the WindowsGMSA feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of + the container process. Defaults to the user specified in image + metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. This + field is beta-level and may be disabled with the WindowsRunAsUserName + feature flag. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to + use to run the Prometheus Pods. + type: string + sha: + description: SHA of Alertmanager container image to be deployed. Defaults + to the value of `version`. Similar to a tag, but the SHA explicitly + deploys an immutable container image. Version and Tag are ignored + if SHA is set. + type: string + storage: + description: Storage is the definition of how storage will be used by + the Alertmanager instances. + properties: + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus + StatefulSets. If specified, used in place of any volumeClaimTemplate. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. + The default is "" which means to use the node''s default medium. + Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. More + info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + type: object + spec: + description: 'Spec defines the desired characteristics of a + volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: This field requires the VolumeSnapshotDataSource + alpha feature gate to be enabled and currently VolumeSnapshot + is the only supported data source. If the provisioner + can support VolumeSnapshot data source, it will create + a new volume and data will be restored to the volume at + the same time. If the provisioner does not support VolumeSnapshot + data source, volume will not be created and the failure + will be reported as an event. In the future, we plan to + support more data source types and the behavior of the + provisioner may change. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, the + specified Kind must be in the core API group. For + any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for + binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not + included in claim spec. This is a beta feature. + type: string + volumeName: + description: VolumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + type: string + description: Represents the actual resources of the underlying + volume. + type: object + conditions: + description: Current Condition of persistent volume claim. + If underlying persistent volume is being resized then + the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details + about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned + from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details + about last transition. + type: string + reason: + description: Unique, this should be a short, machine + understandable string that gives the reason for + condition's last transition. If it reports "ResizeStarted" + that means the underlying persistent volume is being + resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is + a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tag: + description: Tag of Alertmanager container image to be deployed. Defaults + to the value of `version`. Version is ignored if Tag is set. + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the + toleration (which must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + version: + description: Version the cluster should be on. + type: string + volumeMounts: + description: VolumeMounts allows configuration of additional VolumeMounts + on the output StatefulSet definition. VolumeMounts specified will + be appended to other VolumeMounts in the alertmanager container, that + are generated as a result of StorageSpec objects. + items: + description: VolumeMount describes a mounting of a Volume within a + container. + properties: + mountPath: + description: Path within the container at which the volume should + be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated + from the host to container and the other way around. When not + set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's + volume should be mounted. Behaves similarly to SubPath but environment + variable references $(VAR_NAME) are expanded using the container's + environment. Defaults to "" (volume's root). SubPathExpr and + SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Volumes allows configuration of additional volumes on the + output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be + accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the default + is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in + AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks + per storage account Dedicated: single blob disk per storage + account Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage + Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than + the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring + for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication + secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted + on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected into + the volume as a file whose name is the key and content is + the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the + ConfigMap, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must + be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents storage + that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed to the + associated CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret + object containing sensitive information to pass to the CSI + driver to complete the CSI NodePublishVolume and NodeUnpublishVolume + calls. This field is optional, and may be empty if no secret + is required. If the secret object contains more than one + secret, all secret references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name + of the file to be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 encoded. The + first item of the relative path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares + a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this + directory. The default is "" which means to use the node''s + default medium. Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + fc: + description: FC represents a Fibre Channel resource that is attached + to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be + set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that + is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this + volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret + object containing sensitive information to pass to the plugin + scripts. This may be empty if no secret object is specified. + If the secret object contains more than one secret, all + secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a + kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name + on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used + to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision a + container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start + with '..'. If '.' is supplied, the volume directory will + be the git repository. Otherwise, if specified, the volume + will contain the git repository in the subdirectory with + the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host + that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path + is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to the + pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new iSCSI + interface : will be created + for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an + IP or ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within + the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be + mounted with read-only permissions. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference + to a PersistentVolumeClaim in the same namespace. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories within the + path are not affected by this setting. This might be in + conflict with other options that affect the file mode, like + fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: information about the configMap data to + project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced ConfigMap + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the ConfigMap, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data + to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults to + "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced Secret will + be projected into the volume as a file whose name + is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the Secret, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience of + the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account token. + As the token approaches expiration, the kubelet + volume plugin will proactively rotate the service + account token. The kubelet will start trying to + rotate the token if the token is older than 80 + percent of its time to live or if the token is + older than 24 hours.Defaults to 1 hour and must + be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount + point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that + shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to + be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for + the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with + Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should + be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the + protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO + system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected into the + volume as a file whose name is the key and content is the + value. If specified, the listed keys will be projected into + the specified paths, and unlisted keys will not be present. + If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be + defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to + use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within a + namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then the + Pod's namespace will be used. This allows the Kubernetes + name scoping to be mirrored within StorageOS for tighter + integration. Set VolumeName to any name to override the + default behaviour. Set to "default" if you are not using + namespaces within StorageOS. Namespaces that do not pre-exist + within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile + name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + status: + description: 'Most recent observed status of the Alertmanager cluster. Read-only. + Not included when requesting from the apiserver, only from the Prometheus + Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this Alertmanager cluster. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlaying managed + objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this Alertmanager + cluster (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this Alertmanager + cluster. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this Alertmanager + cluster that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-podmonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-podmonitor.yaml new file mode 100644 index 000000000..9cf3c42e4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-podmonitor.yaml @@ -0,0 +1,260 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: podmonitors.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: PodMonitor + listKind: PodMonitorList + plural: podmonitors + singular: podmonitor + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: PodMonitor defines monitoring for a set of pods. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired Pod selection for target discovery + by Prometheus. + properties: + jobLabel: + description: The label to use to retrieve the job name from. + type: string + namespaceSelector: + description: Selector to select which namespaces the Endpoints objects + are discovered from. + properties: + any: + description: Boolean describing whether all namespaces are selected + in contrast to a list restricting them. + type: boolean + matchNames: + description: List of namespace names. + items: + type: string + type: array + type: object + podMetricsEndpoints: + description: A list of endpoints allowed as part of this PodMonitor. + items: + description: PodMetricsEndpoint defines a scrapeable endpoint of a + Kubernetes Pod serving Prometheus metrics. + properties: + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + interval: + description: Interval at which metrics should be scraped + type: string + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before ingestion. + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + params: + additionalProperties: + items: + type: string + type: array + description: Optional HTTP URL parameters + type: object + path: + description: HTTP path to scrape for metrics. + type: string + port: + description: Name of the pod port this endpoint refers to. Mutually + exclusive with targetPort. + type: string + proxyUrl: + description: ProxyURL eg http://proxyserver:2195 Directs scrapes + to proxy through this endpoint. + type: string + relabelings: + description: 'RelabelConfigs to apply to samples before ingestion. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + scheme: + description: HTTP scheme to use for scraping. + type: string + scrapeTimeout: + description: Timeout after which the scrape is ended + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Deprecated: Use ''port'' instead.' + x-kubernetes-int-or-string: true + type: object + type: array + podTargetLabels: + description: PodTargetLabels transfers labels on the Kubernetes Pod + onto the target. + items: + type: string + type: array + sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped + samples that will be accepted. + format: int64 + type: integer + selector: + description: Selector to select Pod objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + required: + - podMetricsEndpoints + - selector + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-prometheus.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-prometheus.yaml new file mode 100644 index 000000000..704379fb2 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-prometheus.yaml @@ -0,0 +1,6002 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: prometheuses.monitoring.coreos.com +spec: + additionalPrinterColumns: + - JSONPath: .spec.version + description: The version of Prometheus + name: Version + type: string + - JSONPath: .spec.replicas + description: The desired replicas number of Prometheuses + name: Replicas + type: integer + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: monitoring.coreos.com + names: + kind: Prometheus + listKind: PrometheusList + plural: prometheuses + singular: prometheus + preserveUnknownFields: false + scope: Namespaced + subresources: {} + validation: + openAPIV3Schema: + description: Prometheus defines a Prometheus deployment. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the Prometheus cluster. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + additionalAlertManagerConfigs: + description: 'AdditionalAlertManagerConfigs allows specifying a key + of a Secret containing additional Prometheus AlertManager configurations. + AlertManager configurations specified are appended to the configurations + generated by the Prometheus Operator. Job configurations specified + must have the form as specified in the official Prometheus documentation: + https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config. + As AlertManager configs are appended, the user is responsible to make + sure it is valid. Note that using this feature may expose the possibility + to break upgrades of Prometheus. It is advised to review Prometheus + release notes to ensure that no incompatible AlertManager configs + are going to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + additionalAlertRelabelConfigs: + description: 'AdditionalAlertRelabelConfigs allows specifying a key + of a Secret containing additional Prometheus alert relabel configurations. + Alert relabel configurations specified are appended to the configurations + generated by the Prometheus Operator. Alert relabel configurations + specified must have the form as specified in the official Prometheus + documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs. + As alert relabel configs are appended, the user is responsible to + make sure it is valid. Note that using this feature may expose the + possibility to break upgrades of Prometheus. It is advised to review + Prometheus release notes to ensure that no incompatible alert relabel + configs are going to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + additionalScrapeConfigs: + description: 'AdditionalScrapeConfigs allows specifying a key of a Secret + containing additional Prometheus scrape configurations. Scrape configurations + specified are appended to the configurations generated by the Prometheus + Operator. Job configurations specified must have the form as specified + in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. + As scrape configs are appended, the user is responsible to make sure + it is valid. Note that using this feature may expose the possibility + to break upgrades of Prometheus. It is advised to review Prometheus + release notes to ensure that no incompatible scrape configs are going + to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all + objects with implicit weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no objects (i.e. is also + a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The + terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may not + try to eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field + and adding "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + alerting: + description: Define details regarding alerting. + properties: + alertmanagers: + description: AlertmanagerEndpoints Prometheus should fire alerts + against. + items: + description: AlertmanagerEndpoints defines a selection of a single + Endpoints object containing alertmanager IPs to fire alerts + against. + properties: + apiVersion: + description: Version of the Alertmanager API that Prometheus + uses to send alerts. It can be "v1" or "v2". + type: string + bearerTokenFile: + description: BearerTokenFile to read from filesystem to use + when authenticating to Alertmanager. + type: string + name: + description: Name of Endpoints object in Namespace. + type: string + namespace: + description: Namespace of Endpoints object. + type: string + pathPrefix: + description: Prefix for the HTTP path alerts are pushed to. + type: string + port: + anyOf: + - type: integer + - type: string + description: Port the Alertmanager API is exposed on. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use when firing alerts. + type: string + tlsConfig: + description: TLS Config to use for alertmanager connection. + properties: + ca: + description: Stuct containing the CA cert to use for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for + the targets. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - name + - namespace + - port + type: object + type: array + required: + - alertmanagers + type: object + apiserverConfig: + description: APIServerConfig allows specifying a host and auth methods + to access apiserver. If left empty, Prometheus is assumed to run inside + of the cluster and will discover API servers automatically and use + the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. + properties: + basicAuth: + description: BasicAuth allow an endpoint to authenticate over basic + authentication + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: Bearer token for accessing apiserver. + type: string + bearerTokenFile: + description: File to read bearer token for accessing apiserver. + type: string + host: + description: Host of apiserver. A valid string consisting of a hostname + or IP followed by an optional port number + type: string + tlsConfig: + description: TLS Config to use for accessing apiserver. + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container + for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + type: object + arbitraryFSAccessThroughSMs: + description: ArbitraryFSAccessThroughSMs configures whether configuration + based on a service monitor can access arbitrary files on the file + system of the Prometheus container e.g. bearer token files. + properties: + deny: + type: boolean + type: object + baseImage: + description: Base image to use for a Prometheus deployment. + type: string + configMaps: + description: ConfigMaps is a list of ConfigMaps in the same namespace + as the Prometheus object, which shall be mounted into the Prometheus + Pods. The ConfigMaps are mounted into /etc/prometheus/configmaps/. + items: + type: string + type: array + containers: + description: 'Containers allows injecting additional containers or modifying + operator generated containers. This can be used to allow adding an + authentication proxy to a Prometheus pod or to change the behavior + of an operator generated container. Containers described here modify + an operator generated container if they share the same name and modifications + are done via a strategic merge patch. The current container names + are: `prometheus`, `prometheus-config-reloader`, `rules-configmap-reloader`, + and `thanos-sidecar`. Overriding containers is entirely outside the + scope of what the maintainers will support and by doing so, you accept + that this behaviour may break at any time without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + disableCompaction: + description: Disable prometheus compaction. + type: boolean + enableAdminAPI: + description: 'Enable access to prometheus web admin API. Defaults to + the value of `false`. WARNING: Enabling the admin APIs enables mutating + endpoints, to delete data, shutdown Prometheus, and more. Enabling + this should be done with care and the user is advised to add additional + authentication authorization via a proxy to ensure only clients authorized + to perform these actions can do so. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis' + type: boolean + enforcedNamespaceLabel: + description: EnforcedNamespaceLabel enforces adding a namespace label + of origin for each alert and metric that is user created. The label + value will always be the namespace of the object that is being created. + type: string + evaluationInterval: + description: Interval between consecutive evaluations. + type: string + externalLabels: + additionalProperties: + type: string + description: The labels to add to any time series or alerts when communicating + with external systems (federation, remote storage, Alertmanager). + type: object + externalUrl: + description: The external URL the Prometheus instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Prometheus is not served from root of a DNS name. + type: string + ignoreNamespaceSelectors: + description: IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector + settings from the podmonitor and servicemonitor configs, and they + will only discover endpoints within their current namespace. Defaults + to false. + type: boolean + image: + description: Image if specified has precedence over baseImage, tag and + sha combinations. Specifying the version is still necessary to ensure + the Prometheus Operator knows what version of Prometheus is being + configured. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace + to use for pulling prometheus and alertmanager images from registries + see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let + you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the Prometheus configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart of + the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + Using initContainers for any use case other then secret fetching is + entirely outside the scope of what the maintainers will support and + by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + listenLocal: + description: ListenLocal makes the Prometheus server listen on loopback, + so that it does not bind against the Pod IP. + type: boolean + logFormat: + description: Log format for Prometheus to be configured with. + type: string + logLevel: + description: Log level for Prometheus to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + overrideHonorLabels: + description: OverrideHonorLabels if set to true overrides all user configured + honor_labels. If HonorLabels is set in ServiceMonitor or PodMonitor + to true, this overrides honor_labels to false. + type: boolean + overrideHonorTimestamps: + description: OverrideHonorTimestamps allows to globally enforce honoring + timestamps in all scrape configs. + type: boolean + paused: + description: When a Prometheus deployment is paused, no actions except + for deletion will be performed on the underlying objects. + type: boolean + podMetadata: + description: PodMetadata configures Labels and Annotations which are + propagated to the prometheus pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + podMonitorNamespaceSelector: + description: Namespaces to be selected for PodMonitor discovery. If + nil, only check own namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + podMonitorSelector: + description: '*Experimental* PodMonitors to be selected for target discovery.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + portName: + description: Port name used for the pods and governing service. This + defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + prometheusExternalLabelName: + description: Name of Prometheus external label used to denote Prometheus + instance name. Defaults to the value of `prometheus`. External label + will _not_ be added when value is set to empty string (`""`). + type: string + query: + description: QuerySpec defines the query command line flags when starting + Prometheus. + properties: + lookbackDelta: + description: The delta difference allowed for retrieving metrics + during expression evaluations. + type: string + maxConcurrency: + description: Number of concurrent queries that can be run at once. + format: int32 + type: integer + maxSamples: + description: Maximum number of samples a single query can load into + memory. Note that queries will fail if they would load more samples + than this into memory, so this also limits the number of samples + a query can return. + format: int32 + type: integer + timeout: + description: Maximum time a query may take before being aborted. + type: string + type: object + remoteRead: + description: If specified, the remote_read spec. This is an experimental + feature, it may change in any upcoming release in a breaking way. + items: + description: RemoteReadSpec defines the remote_read configuration + for prometheus. + properties: + basicAuth: + description: BasicAuth for the URL. + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: bearer token for remote read. + type: string + bearerTokenFile: + description: File to read bearer token for remote read. + type: string + proxyUrl: + description: Optional ProxyURL + type: string + readRecent: + description: Whether reads should be made for queries for time + ranges that the local storage should have complete data for. + type: boolean + remoteTimeout: + description: Timeout for requests to the remote read endpoint. + type: string + requiredMatchers: + additionalProperties: + type: string + description: An optional list of equality matchers which have + to be present in a selector to query the remote read endpoint. + type: object + tlsConfig: + description: TLS Config to use for remote read. + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + url: + description: The URL of the endpoint to send samples to. + type: string + required: + - url + type: object + type: array + remoteWrite: + description: If specified, the remote_write spec. This is an experimental + feature, it may change in any upcoming release in a breaking way. + items: + description: RemoteWriteSpec defines the remote_write configuration + for prometheus. + properties: + basicAuth: + description: BasicAuth for the URL. + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: File to read bearer token for remote write. + type: string + bearerTokenFile: + description: File to read bearer token for remote write. + type: string + proxyUrl: + description: Optional ProxyURL + type: string + queueConfig: + description: QueueConfig allows tuning of the remote write queue + parameters. + properties: + batchSendDeadline: + description: BatchSendDeadline is the maximum time a sample + will wait in buffer. + type: string + capacity: + description: Capacity is the number of samples to buffer per + shard before we start dropping them. + type: integer + maxBackoff: + description: MaxBackoff is the maximum retry delay. + type: string + maxRetries: + description: MaxRetries is the maximum number of times to + retry a batch on recoverable errors. + type: integer + maxSamplesPerSend: + description: MaxSamplesPerSend is the maximum number of samples + per send. + type: integer + maxShards: + description: MaxShards is the maximum number of shards, i.e. + amount of concurrency. + type: integer + minBackoff: + description: MinBackoff is the initial retry delay. Gets doubled + for every retry. + type: string + minShards: + description: MinShards is the minimum number of shards, i.e. + amount of concurrency. + type: integer + type: object + remoteTimeout: + description: Timeout for requests to the remote write endpoint. + type: string + tlsConfig: + description: TLS Config to use for remote write. + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + url: + description: The URL of the endpoint to send samples to. + type: string + writeRelabelConfigs: + description: The list of remote write relabel configurations. + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + required: + - url + type: object + type: array + replicaExternalLabelName: + description: Name of Prometheus external label used to denote replica + name. Defaults to the value of `prometheus_replica`. External label + will _not_ be added when value is set to empty string (`""`). + type: string + replicas: + description: Number of instances to deploy for a Prometheus deployment. + format: int32 + type: integer + resources: + description: Define resources requests and limits for single Pods. + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration Prometheus shall retain data for. Default + is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` + (milliseconds seconds minutes hours days weeks years). + type: string + retentionSize: + description: Maximum amount of disk space used by blocks. + type: string + routePrefix: + description: The route prefix Prometheus registers HTTP handlers for. + This is useful, if using ExternalURL and a proxy is rewriting HTTP + routes of a request, and the actual ExternalURL is still true, but + the server serves requests under a different route prefix. For example + for use with `kubectl proxy`. + type: string + ruleNamespaceSelector: + description: Namespaces to be selected for PrometheusRules discovery. + If unspecified, only the same namespace as the Prometheus object is + in is used. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + ruleSelector: + description: A selector to select which PrometheusRules to mount for + loading alerting rules from. Until (excluding) Prometheus Operator + v0.24.0 Prometheus Operator will migrate any legacy rule ConfigMaps + to PrometheusRule custom resources selected by RuleSelector. Make + sure it does not match any config maps that you do not want to be + migrated. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + rules: + description: /--rules.*/ command-line arguments. + properties: + alert: + description: /--rules.alert.*/ command-line arguments + properties: + forGracePeriod: + description: Minimum duration between alert and restored 'for' + state. This is maintained only for alerts with configured + 'for' time greater than grace period. + type: string + forOutageTolerance: + description: Max time to tolerate prometheus outage for restoring + 'for' state of alert. + type: string + resendDelay: + description: Minimum amount of time to wait before resending + an alert to Alertmanager. + type: string + type: object + type: object + scrapeInterval: + description: Interval between consecutive scrapes. + type: string + secrets: + description: Secrets is a list of Secrets in the same namespace as the + Prometheus object, which shall be mounted into the Prometheus Pods. + The Secrets are mounted into /etc/prometheus/secrets/. + items: + type: string + type: array + securityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers + in a pod. Some volume types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n 1. The owning GID will + be the FSGroup 2. The setgid bit is set (new files created in + the volume will be owned by FSGroup) 3. The permission bits are + OR'd with rw-rw---- \n If unset, the Kubelet will not modify the + ownership and permissions of any volume." + format: int64 + type: integer + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux + context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in + each container, in addition to the container's primary GID. If + unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. This field is alpha-level and is only + honored by servers that enable the WindowsGMSA feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of + the container process. Defaults to the user specified in image + metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. This + field is beta-level and may be disabled with the WindowsRunAsUserName + feature flag. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to + use to run the Prometheus Pods. + type: string + serviceMonitorNamespaceSelector: + description: Namespaces to be selected for ServiceMonitor discovery. + If nil, only check own namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + serviceMonitorSelector: + description: ServiceMonitors to be selected for target discovery. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + sha: + description: SHA of Prometheus container image to be deployed. Defaults + to the value of `version`. Similar to a tag, but the SHA explicitly + deploys an immutable container image. Version and Tag are ignored + if SHA is set. + type: string + storage: + description: Storage spec to specify how storage shall be used. + properties: + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus + StatefulSets. If specified, used in place of any volumeClaimTemplate. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. + The default is "" which means to use the node''s default medium. + Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. More + info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + type: object + spec: + description: 'Spec defines the desired characteristics of a + volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: This field requires the VolumeSnapshotDataSource + alpha feature gate to be enabled and currently VolumeSnapshot + is the only supported data source. If the provisioner + can support VolumeSnapshot data source, it will create + a new volume and data will be restored to the volume at + the same time. If the provisioner does not support VolumeSnapshot + data source, volume will not be created and the failure + will be reported as an event. In the future, we plan to + support more data source types and the behavior of the + provisioner may change. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, the + specified Kind must be in the core API group. For + any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for + binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not + included in claim spec. This is a beta feature. + type: string + volumeName: + description: VolumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + type: string + description: Represents the actual resources of the underlying + volume. + type: object + conditions: + description: Current Condition of persistent volume claim. + If underlying persistent volume is being resized then + the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details + about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned + from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details + about last transition. + type: string + reason: + description: Unique, this should be a short, machine + understandable string that gives the reason for + condition's last transition. If it reports "ResizeStarted" + that means the underlying persistent volume is being + resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is + a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tag: + description: Tag of Prometheus container image to be deployed. Defaults + to the value of `version`. Version is ignored if Tag is set. + type: string + thanos: + description: "Thanos configuration allows configuring various aspects + of a Prometheus server in a Thanos environment. \n This section is + experimental, it may change significantly without deprecation notice + in any release. \n This is experimental and may change significantly + without backward compatibility in any release." + properties: + baseImage: + description: Thanos base image if other than default. + type: string + grpcServerTlsConfig: + description: 'GRPCServerTLSConfig configures the gRPC server from + which Thanos Querier reads recorded rule data. Note: Currently + only the CAFile, CertFile, and KeyFile fields are supported. Maps + to the ''--grpc-server-tls-*'' CLI args.' + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container + for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + image: + description: Image if specified has precedence over baseImage, tag + and sha combinations. Specifying the version is still necessary + to ensure the Prometheus Operator knows what version of Thanos + is being configured. + type: string + listenLocal: + description: ListenLocal makes the Thanos sidecar listen on loopback, + so that it does not bind against the Pod IP. + type: boolean + objectStorageConfig: + description: ObjectStorageConfig configures object storage in Thanos. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + resources: + description: Resources defines the resource requirements for the + Thanos sidecar. If not provided, no requests/limits will be set + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + sha: + description: SHA of Thanos container image to be deployed. Defaults + to the value of `version`. Similar to a tag, but the SHA explicitly + deploys an immutable container image. Version and Tag are ignored + if SHA is set. + type: string + tag: + description: Tag of Thanos sidecar container image to be deployed. + Defaults to the value of `version`. Version is ignored if Tag + is set. + type: string + tracingConfig: + description: TracingConfig configures tracing in Thanos. This is + an experimental feature, it may change in any upcoming release + in a breaking way. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + version: + description: Version describes the version of Thanos to use. + type: string + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the + toleration (which must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + version: + description: Version of Prometheus to be deployed. + type: string + volumeMounts: + description: VolumeMounts allows configuration of additional VolumeMounts + on the output StatefulSet definition. VolumeMounts specified will + be appended to other VolumeMounts in the prometheus container, that + are generated as a result of StorageSpec objects. + items: + description: VolumeMount describes a mounting of a Volume within a + container. + properties: + mountPath: + description: Path within the container at which the volume should + be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated + from the host to container and the other way around. When not + set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's + volume should be mounted. Behaves similarly to SubPath but environment + variable references $(VAR_NAME) are expanded using the container's + environment. Defaults to "" (volume's root). SubPathExpr and + SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Volumes allows configuration of additional volumes on the + output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be + accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the default + is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in + AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks + per storage account Dedicated: single blob disk per storage + account Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage + Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than + the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring + for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication + secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted + on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected into + the volume as a file whose name is the key and content is + the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the + ConfigMap, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must + be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents storage + that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed to the + associated CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret + object containing sensitive information to pass to the CSI + driver to complete the CSI NodePublishVolume and NodeUnpublishVolume + calls. This field is optional, and may be empty if no secret + is required. If the secret object contains more than one + secret, all secret references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name + of the file to be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 encoded. The + first item of the relative path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares + a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this + directory. The default is "" which means to use the node''s + default medium. Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + fc: + description: FC represents a Fibre Channel resource that is attached + to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be + set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that + is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this + volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret + object containing sensitive information to pass to the plugin + scripts. This may be empty if no secret object is specified. + If the secret object contains more than one secret, all + secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a + kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name + on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used + to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision a + container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start + with '..'. If '.' is supplied, the volume directory will + be the git repository. Otherwise, if specified, the volume + will contain the git repository in the subdirectory with + the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host + that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path + is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to the + pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new iSCSI + interface : will be created + for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an + IP or ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within + the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be + mounted with read-only permissions. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference + to a PersistentVolumeClaim in the same namespace. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories within the + path are not affected by this setting. This might be in + conflict with other options that affect the file mode, like + fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: information about the configMap data to + project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced ConfigMap + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the ConfigMap, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data + to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults to + "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced Secret will + be projected into the volume as a file whose name + is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the Secret, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience of + the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account token. + As the token approaches expiration, the kubelet + volume plugin will proactively rotate the service + account token. The kubelet will start trying to + rotate the token if the token is older than 80 + percent of its time to live or if the token is + older than 24 hours.Defaults to 1 hour and must + be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount + point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that + shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to + be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for + the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with + Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should + be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the + protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO + system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected into the + volume as a file whose name is the key and content is the + value. If specified, the listed keys will be projected into + the specified paths, and unlisted keys will not be present. + If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be + defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to + use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within a + namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then the + Pod's namespace will be used. This allows the Kubernetes + name scoping to be mirrored within StorageOS for tighter + integration. Set VolumeName to any name to override the + default behaviour. Set to "default" if you are not using + namespaces within StorageOS. Namespaces that do not pre-exist + within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile + name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + walCompression: + description: Enable compression of the write-ahead log using Snappy. + This flag is only available in versions of Prometheus >= 2.11.0. + type: boolean + type: object + status: + description: 'Most recent observed status of the Prometheus cluster. Read-only. + Not included when requesting from the apiserver, only from the Prometheus + Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this Prometheus deployment. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlaying managed + objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this Prometheus + deployment (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this Prometheus + deployment. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this Prometheus + deployment that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-prometheusrules.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-prometheusrules.yaml new file mode 100644 index 000000000..5546de38e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-prometheusrules.yaml @@ -0,0 +1,91 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: prometheusrules.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: PrometheusRule + listKind: PrometheusRuleList + plural: prometheusrules + singular: prometheusrule + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: PrometheusRule defines alerting rules for a Prometheus instance + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired alerting rule definitions for Prometheus. + properties: + groups: + description: Content of Prometheus rule file + items: + description: 'RuleGroup is a list of sequentially evaluated recording + and alerting rules. Note: PartialResponseStrategy is only used by + ThanosRuler and will be ignored by Prometheus instances. Valid + values for this field are ''warn'' or ''abort''. More info: https://github.com/thanos-io/thanos/blob/master/docs/components/rule.md#partial-response' + properties: + interval: + type: string + name: + type: string + partial_response_strategy: + type: string + rules: + items: + description: Rule describes an alerting or recording rule. + properties: + alert: + type: string + annotations: + additionalProperties: + type: string + type: object + expr: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + for: + type: string + labels: + additionalProperties: + type: string + type: object + record: + type: string + required: + - expr + type: object + type: array + required: + - name + - rules + type: object + type: array + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-servicemonitor.yaml new file mode 100644 index 000000000..8f7a67c14 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-servicemonitor.yaml @@ -0,0 +1,459 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: servicemonitors.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: ServiceMonitor + listKind: ServiceMonitorList + plural: servicemonitors + singular: servicemonitor + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: ServiceMonitor defines monitoring for a set of services. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired Service selection for target discovery + by Prometheus. + properties: + endpoints: + description: A list of endpoints allowed as part of this ServiceMonitor. + items: + description: Endpoint defines a scrapeable endpoint serving Prometheus + metrics. + properties: + basicAuth: + description: 'BasicAuth allow an endpoint to authenticate over + basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenFile: + description: File to read bearer token for scraping targets. + type: string + bearerTokenSecret: + description: Secret to mount to read bearer token for scraping + targets. The secret needs to be in the same namespace as the + service monitor and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + interval: + description: Interval at which metrics should be scraped + type: string + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before ingestion. + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + params: + additionalProperties: + items: + type: string + type: array + description: Optional HTTP URL parameters + type: object + path: + description: HTTP path to scrape for metrics. + type: string + port: + description: Name of the service port this endpoint refers to. + Mutually exclusive with targetPort. + type: string + proxyUrl: + description: ProxyURL eg http://proxyserver:2195 Directs scrapes + to proxy through this endpoint. + type: string + relabelings: + description: 'RelabelConfigs to apply to samples before scraping. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + scheme: + description: HTTP scheme to use for scraping. + type: string + scrapeTimeout: + description: Timeout after which the scrape is ended + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: Name or number of the pod port this endpoint refers + to. Mutually exclusive with port. + x-kubernetes-int-or-string: true + tlsConfig: + description: TLS configuration to use when scraping the endpoint + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + jobLabel: + description: The label to use to retrieve the job name from. + type: string + namespaceSelector: + description: Selector to select which namespaces the Endpoints objects + are discovered from. + properties: + any: + description: Boolean describing whether all namespaces are selected + in contrast to a list restricting them. + type: boolean + matchNames: + description: List of namespace names. + items: + type: string + type: array + type: object + podTargetLabels: + description: PodTargetLabels transfers labels on the Kubernetes Pod + onto the target. + items: + type: string + type: array + sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped + samples that will be accepted. + format: int64 + type: integer + selector: + description: Selector to select Endpoints objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + targetLabels: + description: TargetLabels transfers labels on the Kubernetes Service + onto the target. + items: + type: string + type: array + required: + - endpoints + - selector + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-thanosrulers.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-thanosrulers.yaml new file mode 100644 index 000000000..82136d73e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/crd-manifest/crd-thanosrulers.yaml @@ -0,0 +1,4725 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: thanosrulers.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: ThanosRuler + listKind: ThanosRulerList + plural: thanosrulers + singular: thanosruler + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: ThanosRuler defines a ThanosRuler deployment. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the ThanosRuler cluster. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all + objects with implicit weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no objects (i.e. is also + a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The + terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may not + try to eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field + and adding "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + alertDropLabels: + description: AlertDropLabels configure the label names which should + be dropped in ThanosRuler alerts. If `labels` field is not provided, + `thanos_ruler_replica` will be dropped in alerts by default. + items: + type: string + type: array + alertQueryUrl: + description: The external Query URL the Thanos Ruler will set in the + 'Source' field of all alerts. Maps to the '--alert.query-url' CLI + arg. + type: string + alertmanagersConfig: + description: Define configuration for connecting to alertmanager. Only + available with thanos v0.10.0 and higher. Maps to the `alertmanagers.config` + arg. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + alertmanagersUrl: + description: 'Define URLs to send alerts to Alertmanager. For Thanos + v0.10.0 and higher, AlertManagersConfig should be used instead. Note: + this field will be ignored if AlertManagersConfig is specified. Maps + to the `alertmanagers.url` arg.' + items: + type: string + type: array + containers: + description: 'Containers allows injecting additional containers or modifying + operator generated containers. This can be used to allow adding an + authentication proxy to a ThanosRuler pod or to change the behavior + of an operator generated container. Containers described here modify + an operator generated container if they share the same name and modifications + are done via a strategic merge patch. The current container names + are: `thanos-ruler` and `rules-configmap-reloader`. Overriding containers + is entirely outside the scope of what the maintainers will support + and by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + enforcedNamespaceLabel: + description: EnforcedNamespaceLabel enforces adding a namespace label + of origin for each alert and metric that is user created. The label + value will always be the namespace of the object that is being created. + type: string + evaluationInterval: + description: Interval between consecutive evaluations. + type: string + externalPrefix: + description: The external URL the Thanos Ruler instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Thanos Ruler is not served from root of a DNS name. + type: string + grpcServerTlsConfig: + description: 'GRPCServerTLSConfig configures the gRPC server from which + Thanos Querier reads recorded rule data. Note: Currently only the + CAFile, CertFile, and KeyFile fields are supported. Maps to the ''--grpc-server-tls-*'' + CLI args.' + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must + be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container to + use for the targets. + type: string + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must + be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus container + for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container + for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + image: + description: Thanos container image URL. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace + to use for pulling thanos images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let + you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the ThanosRuler configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart of + the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + Using initContainers for any use case other then secret fetching is + entirely outside the scope of what the maintainers will support and + by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: Labels configure the external label pairs to ThanosRuler. + If not provided, default replica label `thanos_ruler_replica` will + be added as a label and be dropped in alerts. + type: object + listenLocal: + description: ListenLocal makes the Thanos ruler listen on loopback, + so that it does not bind against the Pod IP. + type: boolean + logFormat: + description: Log format for ThanosRuler to be configured with. + type: string + logLevel: + description: Log level for ThanosRuler to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + objectStorageConfig: + description: ObjectStorageConfig configures object storage in Thanos. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + paused: + description: When a ThanosRuler deployment is paused, no actions except + for deletion will be performed on the underlying objects. + type: boolean + podMetadata: + description: PodMetadata contains Labels and Annotations gets propagated + to the thanos ruler pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + portName: + description: Port name used for the pods and governing service. This + defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + queryConfig: + description: Define configuration for connecting to thanos query instances. + If this is defined, the QueryEndpoints field will be ignored. Maps + to the `query.config` CLI argument. Only available with thanos v0.11.0 + and higher. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + queryEndpoints: + description: QueryEndpoints defines Thanos querier endpoints from which + to query metrics. Maps to the --query flag of thanos ruler. + items: + type: string + type: array + replicas: + description: Number of thanos ruler instances to deploy. + format: int32 + type: integer + resources: + description: Resources defines the resource requirements for single + Pods. If not provided, no requests/limits will be set + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration ThanosRuler shall retain data for. Default + is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` + (milliseconds seconds minutes hours days weeks years). + type: string + routePrefix: + description: The route prefix ThanosRuler registers HTTP handlers for. + This allows thanos UI to be served on a sub-path. + type: string + ruleNamespaceSelector: + description: Namespaces to be selected for Rules discovery. If unspecified, + only the same namespace as the ThanosRuler object is in is used. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + ruleSelector: + description: A label selector to select which PrometheusRules to mount + for alerting and recording. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + securityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers + in a pod. Some volume types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n 1. The owning GID will + be the FSGroup 2. The setgid bit is set (new files created in + the volume will be owned by FSGroup) 3. The permission bits are + OR'd with rw-rw---- \n If unset, the Kubelet will not modify the + ownership and permissions of any volume." + format: int64 + type: integer + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux + context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in + each container, in addition to the container's primary GID. If + unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. This field is alpha-level and is only + honored by servers that enable the WindowsGMSA feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of + the container process. Defaults to the user specified in image + metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. This + field is beta-level and may be disabled with the WindowsRunAsUserName + feature flag. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to + use to run the Thanos Ruler Pods. + type: string + storage: + description: Storage spec to specify how storage shall be used. + properties: + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus + StatefulSets. If specified, used in place of any volumeClaimTemplate. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. + The default is "" which means to use the node''s default medium. + Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. More + info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + type: object + spec: + description: 'Spec defines the desired characteristics of a + volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: This field requires the VolumeSnapshotDataSource + alpha feature gate to be enabled and currently VolumeSnapshot + is the only supported data source. If the provisioner + can support VolumeSnapshot data source, it will create + a new volume and data will be restored to the volume at + the same time. If the provisioner does not support VolumeSnapshot + data source, volume will not be created and the failure + will be reported as an event. In the future, we plan to + support more data source types and the behavior of the + provisioner may change. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, the + specified Kind must be in the core API group. For + any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for + binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not + included in claim spec. This is a beta feature. + type: string + volumeName: + description: VolumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + type: string + description: Represents the actual resources of the underlying + volume. + type: object + conditions: + description: Current Condition of persistent volume claim. + If underlying persistent volume is being resized then + the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details + about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned + from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details + about last transition. + type: string + reason: + description: Unique, this should be a short, machine + understandable string that gives the reason for + condition's last transition. If it reports "ResizeStarted" + that means the underlying persistent volume is being + resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is + a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the + toleration (which must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + tracingConfig: + description: TracingConfig configures tracing in Thanos. This is an + experimental feature, it may change in any upcoming release in a breaking + way. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + volumes: + description: Volumes allows configuration of additional volumes on the + output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be + accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the default + is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in + AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks + per storage account Dedicated: single blob disk per storage + account Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage + Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than + the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring + for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication + secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted + on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected into + the volume as a file whose name is the key and content is + the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the + ConfigMap, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must + be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents storage + that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed to the + associated CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret + object containing sensitive information to pass to the CSI + driver to complete the CSI NodePublishVolume and NodeUnpublishVolume + calls. This field is optional, and may be empty if no secret + is required. If the secret object contains more than one + secret, all secret references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name + of the file to be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 encoded. The + first item of the relative path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares + a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this + directory. The default is "" which means to use the node''s + default medium. Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + fc: + description: FC represents a Fibre Channel resource that is attached + to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be + set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that + is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this + volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret + object containing sensitive information to pass to the plugin + scripts. This may be empty if no secret object is specified. + If the secret object contains more than one secret, all + secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a + kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name + on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used + to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision a + container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start + with '..'. If '.' is supplied, the volume directory will + be the git repository. Otherwise, if specified, the volume + will contain the git repository in the subdirectory with + the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host + that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path + is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to the + pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new iSCSI + interface : will be created + for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an + IP or ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within + the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be + mounted with read-only permissions. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference + to a PersistentVolumeClaim in the same namespace. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories within the + path are not affected by this setting. This might be in + conflict with other options that affect the file mode, like + fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: information about the configMap data to + project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced ConfigMap + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the ConfigMap, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data + to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults to + "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced Secret will + be projected into the volume as a file whose name + is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the Secret, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience of + the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account token. + As the token approaches expiration, the kubelet + volume plugin will proactively rotate the service + account token. The kubelet will start trying to + rotate the token if the token is older than 80 + percent of its time to live or if the token is + older than 24 hours.Defaults to 1 hour and must + be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount + point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that + shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to + be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for + the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with + Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should + be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the + protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO + system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected into the + volume as a file whose name is the key and content is the + value. If specified, the listed keys will be projected into + the specified paths, and unlisted keys will not be present. + If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be + defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to + use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within a + namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then the + Pod's namespace will be used. This allows the Kubernetes + name scoping to be mirrored within StorageOS for tighter + integration. Set VolumeName to any name to override the + default behaviour. Set to "default" if you are not using + namespaces within StorageOS. Namespaces that do not pre-exist + within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile + name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + status: + description: 'Most recent observed status of the ThanosRuler cluster. Read-only. + Not included when requesting from the apiserver, only from the ThanosRuler + Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this ThanosRuler deployment. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlying managed + objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this ThanosRuler + deployment (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this ThanosRuler + deployment. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this ThanosRuler + deployment that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/templates/_helpers.tpl new file mode 100644 index 000000000..39b26c195 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/templates/_helpers.tpl @@ -0,0 +1,7 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/templates/jobs.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/templates/jobs.yaml new file mode 100644 index 000000000..709005fd9 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/templates/jobs.yaml @@ -0,0 +1,92 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-create + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} + annotations: + "helm.sh/hook": post-install, post-upgrade, post-rollback + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + name: {{ .Chart.Name }}-create + labels: + app: {{ .Chart.Name }} + spec: + serviceAccountName: {{ .Chart.Name }}-manager + securityContext: + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: create-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - apply + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + restartPolicy: OnFailure + volumes: + - name: crd-manifest + configMap: + name: {{ .Chart.Name }}-manifest +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-delete + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + name: {{ .Chart.Name }}-delete + labels: + app: {{ .Chart.Name }} + spec: + serviceAccountName: {{ .Chart.Name }}-manager + securityContext: + runAsNonRoot: true + runAsUser: 1000 + initContainers: + - name: remove-finalizers + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - apply + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + containers: + - name: delete-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - delete + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + restartPolicy: OnFailure + volumes: + - name: crd-manifest + configMap: + name: {{ .Chart.Name }}-manifest diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/templates/manifest.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/templates/manifest.yaml new file mode 100644 index 000000000..31016b6ef --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/templates/manifest.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-manifest + namespace: {{ .Release.Namespace }} +data: + crd-manifest.yaml: | + {{- $currentScope := . -}} + {{- $crds := (.Files.Glob "crd-manifest/**.yaml") -}} + {{- range $path, $_ := $crds -}} + {{- with $currentScope -}} + {{ .Files.Get $path | nindent 4 }} + --- + {{- end -}}{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/templates/rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/templates/rbac.yaml new file mode 100644 index 000000000..658304418 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/templates/rbac.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Chart.Name }}-manager + labels: + app: {{ .Chart.Name }}-manager +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: ['create', 'get', 'patch', 'delete'] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Chart.Name }}-manager + labels: + app: {{ .Chart.Name }}-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Chart.Name }}-manager +subjects: +- kind: ServiceAccount + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-manager diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/values.yaml new file mode 100644 index 000000000..3aac0a046 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.201/values.yaml @@ -0,0 +1,11 @@ +# Default values for rancher-monitoring-crd. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: + cattle: + systemDefaultRegistry: "" + +image: + repository: rancher/kubectl + tag: v1.18.6 diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/Chart.yaml new file mode 100644 index 000000000..39cce3f87 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-monitoring-system + catalog.cattle.io/release-name: rancher-monitoring-crd +apiVersion: v1 +description: Installs the CRDs for rancher-monitoring. +name: rancher-monitoring-crd +type: application +version: 9.4.202 diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/README.md b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/README.md new file mode 100644 index 000000000..48d2a8621 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/README.md @@ -0,0 +1,2 @@ +# rancher-monitoring-crd +A Rancher chart that installs the CRDs used by rancher-monitoring. diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-alertmanager.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-alertmanager.yaml new file mode 100644 index 000000000..98030b4f8 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-alertmanager.yaml @@ -0,0 +1,4500 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: alertmanagers.monitoring.coreos.com +spec: + additionalPrinterColumns: + - JSONPath: .spec.version + description: The version of Alertmanager + name: Version + type: string + - JSONPath: .spec.replicas + description: The desired replicas number of Alertmanagers + name: Replicas + type: integer + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: monitoring.coreos.com + names: + kind: Alertmanager + listKind: AlertmanagerList + plural: alertmanagers + singular: alertmanager + preserveUnknownFields: false + scope: Namespaced + subresources: {} + validation: + openAPIV3Schema: + description: Alertmanager describes an Alertmanager cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the Alertmanager + cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + additionalPeers: + description: AdditionalPeers allows injecting a set of additional Alertmanagers + to peer with to form a highly available cluster. + items: + type: string + type: array + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all + objects with implicit weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no objects (i.e. is also + a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The + terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may not + try to eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field + and adding "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + baseImage: + description: Base image that is used to deploy pods, without tag. + type: string + configMaps: + description: ConfigMaps is a list of ConfigMaps in the same namespace + as the Alertmanager object, which shall be mounted into the Alertmanager + Pods. The ConfigMaps are mounted into /etc/alertmanager/configmaps/. + items: + type: string + type: array + configSecret: + description: ConfigSecret is the name of a Kubernetes Secret in the + same namespace as the Alertmanager object, which contains configuration + for this Alertmanager instance. Defaults to 'alertmanager-' + The secret is mounted into /etc/alertmanager/config. + type: string + containers: + description: Containers allows injecting additional containers. This + is meant to allow adding an authentication proxy to an Alertmanager + pod. + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + externalUrl: + description: The external URL the Alertmanager instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Alertmanager is not served from root of a DNS name. + type: string + image: + description: Image if specified has precedence over baseImage, tag and + sha combinations. Specifying the version is still necessary to ensure + the Prometheus Operator knows what version of Alertmanager is being + configured. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace + to use for pulling prometheus and alertmanager images from registries + see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let + you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the Alertmanager configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart of + the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + Using initContainers for any use case other then secret fetching is + entirely outside the scope of what the maintainers will support and + by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + listenLocal: + description: ListenLocal makes the Alertmanager server listen on loopback, + so that it does not bind against the Pod IP. Note this is only for + the Alertmanager UI, not the gossip communication. + type: boolean + logFormat: + description: Log format for Alertmanager to be configured with. + type: string + logLevel: + description: Log level for Alertmanager to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + paused: + description: If set to true all actions on the underlaying managed objects + are not goint to be performed, except for delete actions. + type: boolean + podMetadata: + description: PodMetadata configures Labels and Annotations which are + propagated to the alertmanager pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + portName: + description: Port name used for the pods and governing service. This + defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + replicas: + description: Size is the expected size of the alertmanager cluster. + The controller will eventually make the size of the running cluster + equal to the expected size. + format: int32 + type: integer + resources: + description: Define resources requests and limits for single Pods. + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration Alertmanager shall retain data for. Default + is '120h', and must match the regular expression `[0-9]+(ms|s|m|h)` + (milliseconds seconds minutes hours). + type: string + routePrefix: + description: The route prefix Alertmanager registers HTTP handlers for. + This is useful, if using ExternalURL and a proxy is rewriting HTTP + routes of a request, and the actual ExternalURL is still true, but + the server serves requests under a different route prefix. For example + for use with `kubectl proxy`. + type: string + secrets: + description: Secrets is a list of Secrets in the same namespace as the + Alertmanager object, which shall be mounted into the Alertmanager + Pods. The Secrets are mounted into /etc/alertmanager/secrets/. + items: + type: string + type: array + securityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers + in a pod. Some volume types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n 1. The owning GID will + be the FSGroup 2. The setgid bit is set (new files created in + the volume will be owned by FSGroup) 3. The permission bits are + OR'd with rw-rw---- \n If unset, the Kubelet will not modify the + ownership and permissions of any volume." + format: int64 + type: integer + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux + context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in + each container, in addition to the container's primary GID. If + unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. This field is alpha-level and is only + honored by servers that enable the WindowsGMSA feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of + the container process. Defaults to the user specified in image + metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. This + field is beta-level and may be disabled with the WindowsRunAsUserName + feature flag. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to + use to run the Prometheus Pods. + type: string + sha: + description: SHA of Alertmanager container image to be deployed. Defaults + to the value of `version`. Similar to a tag, but the SHA explicitly + deploys an immutable container image. Version and Tag are ignored + if SHA is set. + type: string + storage: + description: Storage is the definition of how storage will be used by + the Alertmanager instances. + properties: + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus + StatefulSets. If specified, used in place of any volumeClaimTemplate. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. + The default is "" which means to use the node''s default medium. + Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. More + info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + type: object + spec: + description: 'Spec defines the desired characteristics of a + volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: This field requires the VolumeSnapshotDataSource + alpha feature gate to be enabled and currently VolumeSnapshot + is the only supported data source. If the provisioner + can support VolumeSnapshot data source, it will create + a new volume and data will be restored to the volume at + the same time. If the provisioner does not support VolumeSnapshot + data source, volume will not be created and the failure + will be reported as an event. In the future, we plan to + support more data source types and the behavior of the + provisioner may change. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, the + specified Kind must be in the core API group. For + any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for + binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not + included in claim spec. This is a beta feature. + type: string + volumeName: + description: VolumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + type: string + description: Represents the actual resources of the underlying + volume. + type: object + conditions: + description: Current Condition of persistent volume claim. + If underlying persistent volume is being resized then + the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details + about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned + from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details + about last transition. + type: string + reason: + description: Unique, this should be a short, machine + understandable string that gives the reason for + condition's last transition. If it reports "ResizeStarted" + that means the underlying persistent volume is being + resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is + a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tag: + description: Tag of Alertmanager container image to be deployed. Defaults + to the value of `version`. Version is ignored if Tag is set. + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the + toleration (which must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + version: + description: Version the cluster should be on. + type: string + volumeMounts: + description: VolumeMounts allows configuration of additional VolumeMounts + on the output StatefulSet definition. VolumeMounts specified will + be appended to other VolumeMounts in the alertmanager container, that + are generated as a result of StorageSpec objects. + items: + description: VolumeMount describes a mounting of a Volume within a + container. + properties: + mountPath: + description: Path within the container at which the volume should + be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated + from the host to container and the other way around. When not + set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's + volume should be mounted. Behaves similarly to SubPath but environment + variable references $(VAR_NAME) are expanded using the container's + environment. Defaults to "" (volume's root). SubPathExpr and + SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Volumes allows configuration of additional volumes on the + output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be + accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the default + is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in + AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks + per storage account Dedicated: single blob disk per storage + account Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage + Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than + the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring + for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication + secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted + on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected into + the volume as a file whose name is the key and content is + the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the + ConfigMap, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must + be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents storage + that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed to the + associated CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret + object containing sensitive information to pass to the CSI + driver to complete the CSI NodePublishVolume and NodeUnpublishVolume + calls. This field is optional, and may be empty if no secret + is required. If the secret object contains more than one + secret, all secret references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name + of the file to be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 encoded. The + first item of the relative path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares + a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this + directory. The default is "" which means to use the node''s + default medium. Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + fc: + description: FC represents a Fibre Channel resource that is attached + to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be + set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that + is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this + volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret + object containing sensitive information to pass to the plugin + scripts. This may be empty if no secret object is specified. + If the secret object contains more than one secret, all + secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a + kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name + on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used + to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision a + container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start + with '..'. If '.' is supplied, the volume directory will + be the git repository. Otherwise, if specified, the volume + will contain the git repository in the subdirectory with + the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host + that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path + is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to the + pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new iSCSI + interface : will be created + for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an + IP or ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within + the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be + mounted with read-only permissions. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference + to a PersistentVolumeClaim in the same namespace. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories within the + path are not affected by this setting. This might be in + conflict with other options that affect the file mode, like + fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: information about the configMap data to + project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced ConfigMap + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the ConfigMap, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data + to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults to + "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced Secret will + be projected into the volume as a file whose name + is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the Secret, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience of + the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account token. + As the token approaches expiration, the kubelet + volume plugin will proactively rotate the service + account token. The kubelet will start trying to + rotate the token if the token is older than 80 + percent of its time to live or if the token is + older than 24 hours.Defaults to 1 hour and must + be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount + point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that + shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to + be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for + the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with + Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should + be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the + protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO + system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected into the + volume as a file whose name is the key and content is the + value. If specified, the listed keys will be projected into + the specified paths, and unlisted keys will not be present. + If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be + defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to + use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within a + namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then the + Pod's namespace will be used. This allows the Kubernetes + name scoping to be mirrored within StorageOS for tighter + integration. Set VolumeName to any name to override the + default behaviour. Set to "default" if you are not using + namespaces within StorageOS. Namespaces that do not pre-exist + within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile + name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + status: + description: 'Most recent observed status of the Alertmanager cluster. Read-only. + Not included when requesting from the apiserver, only from the Prometheus + Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this Alertmanager cluster. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlaying managed + objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this Alertmanager + cluster (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this Alertmanager + cluster. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this Alertmanager + cluster that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-podmonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-podmonitor.yaml new file mode 100644 index 000000000..9cf3c42e4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-podmonitor.yaml @@ -0,0 +1,260 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: podmonitors.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: PodMonitor + listKind: PodMonitorList + plural: podmonitors + singular: podmonitor + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: PodMonitor defines monitoring for a set of pods. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired Pod selection for target discovery + by Prometheus. + properties: + jobLabel: + description: The label to use to retrieve the job name from. + type: string + namespaceSelector: + description: Selector to select which namespaces the Endpoints objects + are discovered from. + properties: + any: + description: Boolean describing whether all namespaces are selected + in contrast to a list restricting them. + type: boolean + matchNames: + description: List of namespace names. + items: + type: string + type: array + type: object + podMetricsEndpoints: + description: A list of endpoints allowed as part of this PodMonitor. + items: + description: PodMetricsEndpoint defines a scrapeable endpoint of a + Kubernetes Pod serving Prometheus metrics. + properties: + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + interval: + description: Interval at which metrics should be scraped + type: string + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before ingestion. + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + params: + additionalProperties: + items: + type: string + type: array + description: Optional HTTP URL parameters + type: object + path: + description: HTTP path to scrape for metrics. + type: string + port: + description: Name of the pod port this endpoint refers to. Mutually + exclusive with targetPort. + type: string + proxyUrl: + description: ProxyURL eg http://proxyserver:2195 Directs scrapes + to proxy through this endpoint. + type: string + relabelings: + description: 'RelabelConfigs to apply to samples before ingestion. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + scheme: + description: HTTP scheme to use for scraping. + type: string + scrapeTimeout: + description: Timeout after which the scrape is ended + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Deprecated: Use ''port'' instead.' + x-kubernetes-int-or-string: true + type: object + type: array + podTargetLabels: + description: PodTargetLabels transfers labels on the Kubernetes Pod + onto the target. + items: + type: string + type: array + sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped + samples that will be accepted. + format: int64 + type: integer + selector: + description: Selector to select Pod objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + required: + - podMetricsEndpoints + - selector + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-prometheus.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-prometheus.yaml new file mode 100644 index 000000000..704379fb2 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-prometheus.yaml @@ -0,0 +1,6002 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: prometheuses.monitoring.coreos.com +spec: + additionalPrinterColumns: + - JSONPath: .spec.version + description: The version of Prometheus + name: Version + type: string + - JSONPath: .spec.replicas + description: The desired replicas number of Prometheuses + name: Replicas + type: integer + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: monitoring.coreos.com + names: + kind: Prometheus + listKind: PrometheusList + plural: prometheuses + singular: prometheus + preserveUnknownFields: false + scope: Namespaced + subresources: {} + validation: + openAPIV3Schema: + description: Prometheus defines a Prometheus deployment. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the Prometheus cluster. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + additionalAlertManagerConfigs: + description: 'AdditionalAlertManagerConfigs allows specifying a key + of a Secret containing additional Prometheus AlertManager configurations. + AlertManager configurations specified are appended to the configurations + generated by the Prometheus Operator. Job configurations specified + must have the form as specified in the official Prometheus documentation: + https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config. + As AlertManager configs are appended, the user is responsible to make + sure it is valid. Note that using this feature may expose the possibility + to break upgrades of Prometheus. It is advised to review Prometheus + release notes to ensure that no incompatible AlertManager configs + are going to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + additionalAlertRelabelConfigs: + description: 'AdditionalAlertRelabelConfigs allows specifying a key + of a Secret containing additional Prometheus alert relabel configurations. + Alert relabel configurations specified are appended to the configurations + generated by the Prometheus Operator. Alert relabel configurations + specified must have the form as specified in the official Prometheus + documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs. + As alert relabel configs are appended, the user is responsible to + make sure it is valid. Note that using this feature may expose the + possibility to break upgrades of Prometheus. It is advised to review + Prometheus release notes to ensure that no incompatible alert relabel + configs are going to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + additionalScrapeConfigs: + description: 'AdditionalScrapeConfigs allows specifying a key of a Secret + containing additional Prometheus scrape configurations. Scrape configurations + specified are appended to the configurations generated by the Prometheus + Operator. Job configurations specified must have the form as specified + in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. + As scrape configs are appended, the user is responsible to make sure + it is valid. Note that using this feature may expose the possibility + to break upgrades of Prometheus. It is advised to review Prometheus + release notes to ensure that no incompatible scrape configs are going + to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all + objects with implicit weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no objects (i.e. is also + a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The + terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may not + try to eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field + and adding "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + alerting: + description: Define details regarding alerting. + properties: + alertmanagers: + description: AlertmanagerEndpoints Prometheus should fire alerts + against. + items: + description: AlertmanagerEndpoints defines a selection of a single + Endpoints object containing alertmanager IPs to fire alerts + against. + properties: + apiVersion: + description: Version of the Alertmanager API that Prometheus + uses to send alerts. It can be "v1" or "v2". + type: string + bearerTokenFile: + description: BearerTokenFile to read from filesystem to use + when authenticating to Alertmanager. + type: string + name: + description: Name of Endpoints object in Namespace. + type: string + namespace: + description: Namespace of Endpoints object. + type: string + pathPrefix: + description: Prefix for the HTTP path alerts are pushed to. + type: string + port: + anyOf: + - type: integer + - type: string + description: Port the Alertmanager API is exposed on. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use when firing alerts. + type: string + tlsConfig: + description: TLS Config to use for alertmanager connection. + properties: + ca: + description: Stuct containing the CA cert to use for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for + the targets. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - name + - namespace + - port + type: object + type: array + required: + - alertmanagers + type: object + apiserverConfig: + description: APIServerConfig allows specifying a host and auth methods + to access apiserver. If left empty, Prometheus is assumed to run inside + of the cluster and will discover API servers automatically and use + the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. + properties: + basicAuth: + description: BasicAuth allow an endpoint to authenticate over basic + authentication + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: Bearer token for accessing apiserver. + type: string + bearerTokenFile: + description: File to read bearer token for accessing apiserver. + type: string + host: + description: Host of apiserver. A valid string consisting of a hostname + or IP followed by an optional port number + type: string + tlsConfig: + description: TLS Config to use for accessing apiserver. + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container + for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + type: object + arbitraryFSAccessThroughSMs: + description: ArbitraryFSAccessThroughSMs configures whether configuration + based on a service monitor can access arbitrary files on the file + system of the Prometheus container e.g. bearer token files. + properties: + deny: + type: boolean + type: object + baseImage: + description: Base image to use for a Prometheus deployment. + type: string + configMaps: + description: ConfigMaps is a list of ConfigMaps in the same namespace + as the Prometheus object, which shall be mounted into the Prometheus + Pods. The ConfigMaps are mounted into /etc/prometheus/configmaps/. + items: + type: string + type: array + containers: + description: 'Containers allows injecting additional containers or modifying + operator generated containers. This can be used to allow adding an + authentication proxy to a Prometheus pod or to change the behavior + of an operator generated container. Containers described here modify + an operator generated container if they share the same name and modifications + are done via a strategic merge patch. The current container names + are: `prometheus`, `prometheus-config-reloader`, `rules-configmap-reloader`, + and `thanos-sidecar`. Overriding containers is entirely outside the + scope of what the maintainers will support and by doing so, you accept + that this behaviour may break at any time without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + disableCompaction: + description: Disable prometheus compaction. + type: boolean + enableAdminAPI: + description: 'Enable access to prometheus web admin API. Defaults to + the value of `false`. WARNING: Enabling the admin APIs enables mutating + endpoints, to delete data, shutdown Prometheus, and more. Enabling + this should be done with care and the user is advised to add additional + authentication authorization via a proxy to ensure only clients authorized + to perform these actions can do so. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis' + type: boolean + enforcedNamespaceLabel: + description: EnforcedNamespaceLabel enforces adding a namespace label + of origin for each alert and metric that is user created. The label + value will always be the namespace of the object that is being created. + type: string + evaluationInterval: + description: Interval between consecutive evaluations. + type: string + externalLabels: + additionalProperties: + type: string + description: The labels to add to any time series or alerts when communicating + with external systems (federation, remote storage, Alertmanager). + type: object + externalUrl: + description: The external URL the Prometheus instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Prometheus is not served from root of a DNS name. + type: string + ignoreNamespaceSelectors: + description: IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector + settings from the podmonitor and servicemonitor configs, and they + will only discover endpoints within their current namespace. Defaults + to false. + type: boolean + image: + description: Image if specified has precedence over baseImage, tag and + sha combinations. Specifying the version is still necessary to ensure + the Prometheus Operator knows what version of Prometheus is being + configured. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace + to use for pulling prometheus and alertmanager images from registries + see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let + you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the Prometheus configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart of + the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + Using initContainers for any use case other then secret fetching is + entirely outside the scope of what the maintainers will support and + by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + listenLocal: + description: ListenLocal makes the Prometheus server listen on loopback, + so that it does not bind against the Pod IP. + type: boolean + logFormat: + description: Log format for Prometheus to be configured with. + type: string + logLevel: + description: Log level for Prometheus to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + overrideHonorLabels: + description: OverrideHonorLabels if set to true overrides all user configured + honor_labels. If HonorLabels is set in ServiceMonitor or PodMonitor + to true, this overrides honor_labels to false. + type: boolean + overrideHonorTimestamps: + description: OverrideHonorTimestamps allows to globally enforce honoring + timestamps in all scrape configs. + type: boolean + paused: + description: When a Prometheus deployment is paused, no actions except + for deletion will be performed on the underlying objects. + type: boolean + podMetadata: + description: PodMetadata configures Labels and Annotations which are + propagated to the prometheus pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + podMonitorNamespaceSelector: + description: Namespaces to be selected for PodMonitor discovery. If + nil, only check own namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + podMonitorSelector: + description: '*Experimental* PodMonitors to be selected for target discovery.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + portName: + description: Port name used for the pods and governing service. This + defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + prometheusExternalLabelName: + description: Name of Prometheus external label used to denote Prometheus + instance name. Defaults to the value of `prometheus`. External label + will _not_ be added when value is set to empty string (`""`). + type: string + query: + description: QuerySpec defines the query command line flags when starting + Prometheus. + properties: + lookbackDelta: + description: The delta difference allowed for retrieving metrics + during expression evaluations. + type: string + maxConcurrency: + description: Number of concurrent queries that can be run at once. + format: int32 + type: integer + maxSamples: + description: Maximum number of samples a single query can load into + memory. Note that queries will fail if they would load more samples + than this into memory, so this also limits the number of samples + a query can return. + format: int32 + type: integer + timeout: + description: Maximum time a query may take before being aborted. + type: string + type: object + remoteRead: + description: If specified, the remote_read spec. This is an experimental + feature, it may change in any upcoming release in a breaking way. + items: + description: RemoteReadSpec defines the remote_read configuration + for prometheus. + properties: + basicAuth: + description: BasicAuth for the URL. + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: bearer token for remote read. + type: string + bearerTokenFile: + description: File to read bearer token for remote read. + type: string + proxyUrl: + description: Optional ProxyURL + type: string + readRecent: + description: Whether reads should be made for queries for time + ranges that the local storage should have complete data for. + type: boolean + remoteTimeout: + description: Timeout for requests to the remote read endpoint. + type: string + requiredMatchers: + additionalProperties: + type: string + description: An optional list of equality matchers which have + to be present in a selector to query the remote read endpoint. + type: object + tlsConfig: + description: TLS Config to use for remote read. + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + url: + description: The URL of the endpoint to send samples to. + type: string + required: + - url + type: object + type: array + remoteWrite: + description: If specified, the remote_write spec. This is an experimental + feature, it may change in any upcoming release in a breaking way. + items: + description: RemoteWriteSpec defines the remote_write configuration + for prometheus. + properties: + basicAuth: + description: BasicAuth for the URL. + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: File to read bearer token for remote write. + type: string + bearerTokenFile: + description: File to read bearer token for remote write. + type: string + proxyUrl: + description: Optional ProxyURL + type: string + queueConfig: + description: QueueConfig allows tuning of the remote write queue + parameters. + properties: + batchSendDeadline: + description: BatchSendDeadline is the maximum time a sample + will wait in buffer. + type: string + capacity: + description: Capacity is the number of samples to buffer per + shard before we start dropping them. + type: integer + maxBackoff: + description: MaxBackoff is the maximum retry delay. + type: string + maxRetries: + description: MaxRetries is the maximum number of times to + retry a batch on recoverable errors. + type: integer + maxSamplesPerSend: + description: MaxSamplesPerSend is the maximum number of samples + per send. + type: integer + maxShards: + description: MaxShards is the maximum number of shards, i.e. + amount of concurrency. + type: integer + minBackoff: + description: MinBackoff is the initial retry delay. Gets doubled + for every retry. + type: string + minShards: + description: MinShards is the minimum number of shards, i.e. + amount of concurrency. + type: integer + type: object + remoteTimeout: + description: Timeout for requests to the remote write endpoint. + type: string + tlsConfig: + description: TLS Config to use for remote write. + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + url: + description: The URL of the endpoint to send samples to. + type: string + writeRelabelConfigs: + description: The list of remote write relabel configurations. + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + required: + - url + type: object + type: array + replicaExternalLabelName: + description: Name of Prometheus external label used to denote replica + name. Defaults to the value of `prometheus_replica`. External label + will _not_ be added when value is set to empty string (`""`). + type: string + replicas: + description: Number of instances to deploy for a Prometheus deployment. + format: int32 + type: integer + resources: + description: Define resources requests and limits for single Pods. + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration Prometheus shall retain data for. Default + is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` + (milliseconds seconds minutes hours days weeks years). + type: string + retentionSize: + description: Maximum amount of disk space used by blocks. + type: string + routePrefix: + description: The route prefix Prometheus registers HTTP handlers for. + This is useful, if using ExternalURL and a proxy is rewriting HTTP + routes of a request, and the actual ExternalURL is still true, but + the server serves requests under a different route prefix. For example + for use with `kubectl proxy`. + type: string + ruleNamespaceSelector: + description: Namespaces to be selected for PrometheusRules discovery. + If unspecified, only the same namespace as the Prometheus object is + in is used. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + ruleSelector: + description: A selector to select which PrometheusRules to mount for + loading alerting rules from. Until (excluding) Prometheus Operator + v0.24.0 Prometheus Operator will migrate any legacy rule ConfigMaps + to PrometheusRule custom resources selected by RuleSelector. Make + sure it does not match any config maps that you do not want to be + migrated. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + rules: + description: /--rules.*/ command-line arguments. + properties: + alert: + description: /--rules.alert.*/ command-line arguments + properties: + forGracePeriod: + description: Minimum duration between alert and restored 'for' + state. This is maintained only for alerts with configured + 'for' time greater than grace period. + type: string + forOutageTolerance: + description: Max time to tolerate prometheus outage for restoring + 'for' state of alert. + type: string + resendDelay: + description: Minimum amount of time to wait before resending + an alert to Alertmanager. + type: string + type: object + type: object + scrapeInterval: + description: Interval between consecutive scrapes. + type: string + secrets: + description: Secrets is a list of Secrets in the same namespace as the + Prometheus object, which shall be mounted into the Prometheus Pods. + The Secrets are mounted into /etc/prometheus/secrets/. + items: + type: string + type: array + securityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers + in a pod. Some volume types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n 1. The owning GID will + be the FSGroup 2. The setgid bit is set (new files created in + the volume will be owned by FSGroup) 3. The permission bits are + OR'd with rw-rw---- \n If unset, the Kubelet will not modify the + ownership and permissions of any volume." + format: int64 + type: integer + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux + context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in + each container, in addition to the container's primary GID. If + unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. This field is alpha-level and is only + honored by servers that enable the WindowsGMSA feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of + the container process. Defaults to the user specified in image + metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. This + field is beta-level and may be disabled with the WindowsRunAsUserName + feature flag. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to + use to run the Prometheus Pods. + type: string + serviceMonitorNamespaceSelector: + description: Namespaces to be selected for ServiceMonitor discovery. + If nil, only check own namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + serviceMonitorSelector: + description: ServiceMonitors to be selected for target discovery. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + sha: + description: SHA of Prometheus container image to be deployed. Defaults + to the value of `version`. Similar to a tag, but the SHA explicitly + deploys an immutable container image. Version and Tag are ignored + if SHA is set. + type: string + storage: + description: Storage spec to specify how storage shall be used. + properties: + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus + StatefulSets. If specified, used in place of any volumeClaimTemplate. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. + The default is "" which means to use the node''s default medium. + Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. More + info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + type: object + spec: + description: 'Spec defines the desired characteristics of a + volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: This field requires the VolumeSnapshotDataSource + alpha feature gate to be enabled and currently VolumeSnapshot + is the only supported data source. If the provisioner + can support VolumeSnapshot data source, it will create + a new volume and data will be restored to the volume at + the same time. If the provisioner does not support VolumeSnapshot + data source, volume will not be created and the failure + will be reported as an event. In the future, we plan to + support more data source types and the behavior of the + provisioner may change. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, the + specified Kind must be in the core API group. For + any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for + binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not + included in claim spec. This is a beta feature. + type: string + volumeName: + description: VolumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + type: string + description: Represents the actual resources of the underlying + volume. + type: object + conditions: + description: Current Condition of persistent volume claim. + If underlying persistent volume is being resized then + the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details + about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned + from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details + about last transition. + type: string + reason: + description: Unique, this should be a short, machine + understandable string that gives the reason for + condition's last transition. If it reports "ResizeStarted" + that means the underlying persistent volume is being + resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is + a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tag: + description: Tag of Prometheus container image to be deployed. Defaults + to the value of `version`. Version is ignored if Tag is set. + type: string + thanos: + description: "Thanos configuration allows configuring various aspects + of a Prometheus server in a Thanos environment. \n This section is + experimental, it may change significantly without deprecation notice + in any release. \n This is experimental and may change significantly + without backward compatibility in any release." + properties: + baseImage: + description: Thanos base image if other than default. + type: string + grpcServerTlsConfig: + description: 'GRPCServerTLSConfig configures the gRPC server from + which Thanos Querier reads recorded rule data. Note: Currently + only the CAFile, CertFile, and KeyFile fields are supported. Maps + to the ''--grpc-server-tls-*'' CLI args.' + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container + for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + image: + description: Image if specified has precedence over baseImage, tag + and sha combinations. Specifying the version is still necessary + to ensure the Prometheus Operator knows what version of Thanos + is being configured. + type: string + listenLocal: + description: ListenLocal makes the Thanos sidecar listen on loopback, + so that it does not bind against the Pod IP. + type: boolean + objectStorageConfig: + description: ObjectStorageConfig configures object storage in Thanos. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + resources: + description: Resources defines the resource requirements for the + Thanos sidecar. If not provided, no requests/limits will be set + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + sha: + description: SHA of Thanos container image to be deployed. Defaults + to the value of `version`. Similar to a tag, but the SHA explicitly + deploys an immutable container image. Version and Tag are ignored + if SHA is set. + type: string + tag: + description: Tag of Thanos sidecar container image to be deployed. + Defaults to the value of `version`. Version is ignored if Tag + is set. + type: string + tracingConfig: + description: TracingConfig configures tracing in Thanos. This is + an experimental feature, it may change in any upcoming release + in a breaking way. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + version: + description: Version describes the version of Thanos to use. + type: string + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the + toleration (which must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + version: + description: Version of Prometheus to be deployed. + type: string + volumeMounts: + description: VolumeMounts allows configuration of additional VolumeMounts + on the output StatefulSet definition. VolumeMounts specified will + be appended to other VolumeMounts in the prometheus container, that + are generated as a result of StorageSpec objects. + items: + description: VolumeMount describes a mounting of a Volume within a + container. + properties: + mountPath: + description: Path within the container at which the volume should + be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated + from the host to container and the other way around. When not + set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's + volume should be mounted. Behaves similarly to SubPath but environment + variable references $(VAR_NAME) are expanded using the container's + environment. Defaults to "" (volume's root). SubPathExpr and + SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Volumes allows configuration of additional volumes on the + output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be + accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the default + is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in + AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks + per storage account Dedicated: single blob disk per storage + account Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage + Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than + the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring + for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication + secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted + on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected into + the volume as a file whose name is the key and content is + the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the + ConfigMap, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must + be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents storage + that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed to the + associated CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret + object containing sensitive information to pass to the CSI + driver to complete the CSI NodePublishVolume and NodeUnpublishVolume + calls. This field is optional, and may be empty if no secret + is required. If the secret object contains more than one + secret, all secret references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name + of the file to be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 encoded. The + first item of the relative path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares + a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this + directory. The default is "" which means to use the node''s + default medium. Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + fc: + description: FC represents a Fibre Channel resource that is attached + to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be + set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that + is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this + volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret + object containing sensitive information to pass to the plugin + scripts. This may be empty if no secret object is specified. + If the secret object contains more than one secret, all + secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a + kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name + on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used + to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision a + container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start + with '..'. If '.' is supplied, the volume directory will + be the git repository. Otherwise, if specified, the volume + will contain the git repository in the subdirectory with + the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host + that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path + is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to the + pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new iSCSI + interface : will be created + for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an + IP or ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within + the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be + mounted with read-only permissions. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference + to a PersistentVolumeClaim in the same namespace. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories within the + path are not affected by this setting. This might be in + conflict with other options that affect the file mode, like + fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: information about the configMap data to + project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced ConfigMap + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the ConfigMap, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data + to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults to + "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced Secret will + be projected into the volume as a file whose name + is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the Secret, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience of + the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account token. + As the token approaches expiration, the kubelet + volume plugin will proactively rotate the service + account token. The kubelet will start trying to + rotate the token if the token is older than 80 + percent of its time to live or if the token is + older than 24 hours.Defaults to 1 hour and must + be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount + point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that + shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to + be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for + the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with + Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should + be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the + protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO + system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected into the + volume as a file whose name is the key and content is the + value. If specified, the listed keys will be projected into + the specified paths, and unlisted keys will not be present. + If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be + defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to + use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within a + namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then the + Pod's namespace will be used. This allows the Kubernetes + name scoping to be mirrored within StorageOS for tighter + integration. Set VolumeName to any name to override the + default behaviour. Set to "default" if you are not using + namespaces within StorageOS. Namespaces that do not pre-exist + within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile + name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + walCompression: + description: Enable compression of the write-ahead log using Snappy. + This flag is only available in versions of Prometheus >= 2.11.0. + type: boolean + type: object + status: + description: 'Most recent observed status of the Prometheus cluster. Read-only. + Not included when requesting from the apiserver, only from the Prometheus + Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this Prometheus deployment. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlaying managed + objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this Prometheus + deployment (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this Prometheus + deployment. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this Prometheus + deployment that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-prometheusrules.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-prometheusrules.yaml new file mode 100644 index 000000000..5546de38e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-prometheusrules.yaml @@ -0,0 +1,91 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: prometheusrules.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: PrometheusRule + listKind: PrometheusRuleList + plural: prometheusrules + singular: prometheusrule + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: PrometheusRule defines alerting rules for a Prometheus instance + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired alerting rule definitions for Prometheus. + properties: + groups: + description: Content of Prometheus rule file + items: + description: 'RuleGroup is a list of sequentially evaluated recording + and alerting rules. Note: PartialResponseStrategy is only used by + ThanosRuler and will be ignored by Prometheus instances. Valid + values for this field are ''warn'' or ''abort''. More info: https://github.com/thanos-io/thanos/blob/master/docs/components/rule.md#partial-response' + properties: + interval: + type: string + name: + type: string + partial_response_strategy: + type: string + rules: + items: + description: Rule describes an alerting or recording rule. + properties: + alert: + type: string + annotations: + additionalProperties: + type: string + type: object + expr: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + for: + type: string + labels: + additionalProperties: + type: string + type: object + record: + type: string + required: + - expr + type: object + type: array + required: + - name + - rules + type: object + type: array + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-servicemonitor.yaml new file mode 100644 index 000000000..8f7a67c14 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-servicemonitor.yaml @@ -0,0 +1,459 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: servicemonitors.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: ServiceMonitor + listKind: ServiceMonitorList + plural: servicemonitors + singular: servicemonitor + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: ServiceMonitor defines monitoring for a set of services. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired Service selection for target discovery + by Prometheus. + properties: + endpoints: + description: A list of endpoints allowed as part of this ServiceMonitor. + items: + description: Endpoint defines a scrapeable endpoint serving Prometheus + metrics. + properties: + basicAuth: + description: 'BasicAuth allow an endpoint to authenticate over + basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenFile: + description: File to read bearer token for scraping targets. + type: string + bearerTokenSecret: + description: Secret to mount to read bearer token for scraping + targets. The secret needs to be in the same namespace as the + service monitor and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + interval: + description: Interval at which metrics should be scraped + type: string + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before ingestion. + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + params: + additionalProperties: + items: + type: string + type: array + description: Optional HTTP URL parameters + type: object + path: + description: HTTP path to scrape for metrics. + type: string + port: + description: Name of the service port this endpoint refers to. + Mutually exclusive with targetPort. + type: string + proxyUrl: + description: ProxyURL eg http://proxyserver:2195 Directs scrapes + to proxy through this endpoint. + type: string + relabelings: + description: 'RelabelConfigs to apply to samples before scraping. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + scheme: + description: HTTP scheme to use for scraping. + type: string + scrapeTimeout: + description: Timeout after which the scrape is ended + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: Name or number of the pod port this endpoint refers + to. Mutually exclusive with port. + x-kubernetes-int-or-string: true + tlsConfig: + description: TLS configuration to use when scraping the endpoint + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + jobLabel: + description: The label to use to retrieve the job name from. + type: string + namespaceSelector: + description: Selector to select which namespaces the Endpoints objects + are discovered from. + properties: + any: + description: Boolean describing whether all namespaces are selected + in contrast to a list restricting them. + type: boolean + matchNames: + description: List of namespace names. + items: + type: string + type: array + type: object + podTargetLabels: + description: PodTargetLabels transfers labels on the Kubernetes Pod + onto the target. + items: + type: string + type: array + sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped + samples that will be accepted. + format: int64 + type: integer + selector: + description: Selector to select Endpoints objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + targetLabels: + description: TargetLabels transfers labels on the Kubernetes Service + onto the target. + items: + type: string + type: array + required: + - endpoints + - selector + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-thanosrulers.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-thanosrulers.yaml new file mode 100644 index 000000000..82136d73e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/crd-manifest/crd-thanosrulers.yaml @@ -0,0 +1,4725 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: thanosrulers.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: ThanosRuler + listKind: ThanosRulerList + plural: thanosrulers + singular: thanosruler + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: ThanosRuler defines a ThanosRuler deployment. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the ThanosRuler cluster. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all + objects with implicit weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no objects (i.e. is also + a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The + terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may not + try to eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field + and adding "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + alertDropLabels: + description: AlertDropLabels configure the label names which should + be dropped in ThanosRuler alerts. If `labels` field is not provided, + `thanos_ruler_replica` will be dropped in alerts by default. + items: + type: string + type: array + alertQueryUrl: + description: The external Query URL the Thanos Ruler will set in the + 'Source' field of all alerts. Maps to the '--alert.query-url' CLI + arg. + type: string + alertmanagersConfig: + description: Define configuration for connecting to alertmanager. Only + available with thanos v0.10.0 and higher. Maps to the `alertmanagers.config` + arg. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + alertmanagersUrl: + description: 'Define URLs to send alerts to Alertmanager. For Thanos + v0.10.0 and higher, AlertManagersConfig should be used instead. Note: + this field will be ignored if AlertManagersConfig is specified. Maps + to the `alertmanagers.url` arg.' + items: + type: string + type: array + containers: + description: 'Containers allows injecting additional containers or modifying + operator generated containers. This can be used to allow adding an + authentication proxy to a ThanosRuler pod or to change the behavior + of an operator generated container. Containers described here modify + an operator generated container if they share the same name and modifications + are done via a strategic merge patch. The current container names + are: `thanos-ruler` and `rules-configmap-reloader`. Overriding containers + is entirely outside the scope of what the maintainers will support + and by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + enforcedNamespaceLabel: + description: EnforcedNamespaceLabel enforces adding a namespace label + of origin for each alert and metric that is user created. The label + value will always be the namespace of the object that is being created. + type: string + evaluationInterval: + description: Interval between consecutive evaluations. + type: string + externalPrefix: + description: The external URL the Thanos Ruler instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Thanos Ruler is not served from root of a DNS name. + type: string + grpcServerTlsConfig: + description: 'GRPCServerTLSConfig configures the gRPC server from which + Thanos Querier reads recorded rule data. Note: Currently only the + CAFile, CertFile, and KeyFile fields are supported. Maps to the ''--grpc-server-tls-*'' + CLI args.' + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must + be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container to + use for the targets. + type: string + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must + be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus container + for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container + for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + image: + description: Thanos container image URL. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace + to use for pulling thanos images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let + you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the ThanosRuler configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart of + the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + Using initContainers for any use case other then secret fetching is + entirely outside the scope of what the maintainers will support and + by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: Labels configure the external label pairs to ThanosRuler. + If not provided, default replica label `thanos_ruler_replica` will + be added as a label and be dropped in alerts. + type: object + listenLocal: + description: ListenLocal makes the Thanos ruler listen on loopback, + so that it does not bind against the Pod IP. + type: boolean + logFormat: + description: Log format for ThanosRuler to be configured with. + type: string + logLevel: + description: Log level for ThanosRuler to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + objectStorageConfig: + description: ObjectStorageConfig configures object storage in Thanos. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + paused: + description: When a ThanosRuler deployment is paused, no actions except + for deletion will be performed on the underlying objects. + type: boolean + podMetadata: + description: PodMetadata contains Labels and Annotations gets propagated + to the thanos ruler pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + portName: + description: Port name used for the pods and governing service. This + defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + queryConfig: + description: Define configuration for connecting to thanos query instances. + If this is defined, the QueryEndpoints field will be ignored. Maps + to the `query.config` CLI argument. Only available with thanos v0.11.0 + and higher. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + queryEndpoints: + description: QueryEndpoints defines Thanos querier endpoints from which + to query metrics. Maps to the --query flag of thanos ruler. + items: + type: string + type: array + replicas: + description: Number of thanos ruler instances to deploy. + format: int32 + type: integer + resources: + description: Resources defines the resource requirements for single + Pods. If not provided, no requests/limits will be set + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration ThanosRuler shall retain data for. Default + is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` + (milliseconds seconds minutes hours days weeks years). + type: string + routePrefix: + description: The route prefix ThanosRuler registers HTTP handlers for. + This allows thanos UI to be served on a sub-path. + type: string + ruleNamespaceSelector: + description: Namespaces to be selected for Rules discovery. If unspecified, + only the same namespace as the ThanosRuler object is in is used. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + ruleSelector: + description: A label selector to select which PrometheusRules to mount + for alerting and recording. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + securityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers + in a pod. Some volume types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n 1. The owning GID will + be the FSGroup 2. The setgid bit is set (new files created in + the volume will be owned by FSGroup) 3. The permission bits are + OR'd with rw-rw---- \n If unset, the Kubelet will not modify the + ownership and permissions of any volume." + format: int64 + type: integer + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux + context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in + each container, in addition to the container's primary GID. If + unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. This field is alpha-level and is only + honored by servers that enable the WindowsGMSA feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of + the container process. Defaults to the user specified in image + metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. This + field is beta-level and may be disabled with the WindowsRunAsUserName + feature flag. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to + use to run the Thanos Ruler Pods. + type: string + storage: + description: Storage spec to specify how storage shall be used. + properties: + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus + StatefulSets. If specified, used in place of any volumeClaimTemplate. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. + The default is "" which means to use the node''s default medium. + Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. More + info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + type: object + spec: + description: 'Spec defines the desired characteristics of a + volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: This field requires the VolumeSnapshotDataSource + alpha feature gate to be enabled and currently VolumeSnapshot + is the only supported data source. If the provisioner + can support VolumeSnapshot data source, it will create + a new volume and data will be restored to the volume at + the same time. If the provisioner does not support VolumeSnapshot + data source, volume will not be created and the failure + will be reported as an event. In the future, we plan to + support more data source types and the behavior of the + provisioner may change. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, the + specified Kind must be in the core API group. For + any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for + binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not + included in claim spec. This is a beta feature. + type: string + volumeName: + description: VolumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + type: string + description: Represents the actual resources of the underlying + volume. + type: object + conditions: + description: Current Condition of persistent volume claim. + If underlying persistent volume is being resized then + the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details + about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned + from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details + about last transition. + type: string + reason: + description: Unique, this should be a short, machine + understandable string that gives the reason for + condition's last transition. If it reports "ResizeStarted" + that means the underlying persistent volume is being + resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is + a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the + toleration (which must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + tracingConfig: + description: TracingConfig configures tracing in Thanos. This is an + experimental feature, it may change in any upcoming release in a breaking + way. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + volumes: + description: Volumes allows configuration of additional volumes on the + output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be + accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the default + is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in + AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks + per storage account Dedicated: single blob disk per storage + account Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage + Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than + the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring + for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication + secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted + on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected into + the volume as a file whose name is the key and content is + the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the + ConfigMap, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must + be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents storage + that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed to the + associated CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret + object containing sensitive information to pass to the CSI + driver to complete the CSI NodePublishVolume and NodeUnpublishVolume + calls. This field is optional, and may be empty if no secret + is required. If the secret object contains more than one + secret, all secret references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name + of the file to be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 encoded. The + first item of the relative path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares + a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this + directory. The default is "" which means to use the node''s + default medium. Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + fc: + description: FC represents a Fibre Channel resource that is attached + to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be + set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that + is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this + volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret + object containing sensitive information to pass to the plugin + scripts. This may be empty if no secret object is specified. + If the secret object contains more than one secret, all + secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a + kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name + on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used + to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision a + container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start + with '..'. If '.' is supplied, the volume directory will + be the git repository. Otherwise, if specified, the volume + will contain the git repository in the subdirectory with + the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host + that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path + is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to the + pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new iSCSI + interface : will be created + for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an + IP or ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within + the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be + mounted with read-only permissions. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference + to a PersistentVolumeClaim in the same namespace. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories within the + path are not affected by this setting. This might be in + conflict with other options that affect the file mode, like + fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: information about the configMap data to + project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced ConfigMap + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the ConfigMap, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data + to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults to + "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced Secret will + be projected into the volume as a file whose name + is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the Secret, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience of + the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account token. + As the token approaches expiration, the kubelet + volume plugin will proactively rotate the service + account token. The kubelet will start trying to + rotate the token if the token is older than 80 + percent of its time to live or if the token is + older than 24 hours.Defaults to 1 hour and must + be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount + point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that + shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to + be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for + the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with + Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should + be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the + protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO + system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected into the + volume as a file whose name is the key and content is the + value. If specified, the listed keys will be projected into + the specified paths, and unlisted keys will not be present. + If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be + defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to + use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within a + namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then the + Pod's namespace will be used. This allows the Kubernetes + name scoping to be mirrored within StorageOS for tighter + integration. Set VolumeName to any name to override the + default behaviour. Set to "default" if you are not using + namespaces within StorageOS. Namespaces that do not pre-exist + within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile + name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + status: + description: 'Most recent observed status of the ThanosRuler cluster. Read-only. + Not included when requesting from the apiserver, only from the ThanosRuler + Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this ThanosRuler deployment. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlying managed + objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this ThanosRuler + deployment (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this ThanosRuler + deployment. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this ThanosRuler + deployment that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/templates/_helpers.tpl new file mode 100644 index 000000000..39b26c195 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/templates/_helpers.tpl @@ -0,0 +1,7 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/templates/jobs.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/templates/jobs.yaml new file mode 100644 index 000000000..709005fd9 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/templates/jobs.yaml @@ -0,0 +1,92 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-create + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} + annotations: + "helm.sh/hook": post-install, post-upgrade, post-rollback + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + name: {{ .Chart.Name }}-create + labels: + app: {{ .Chart.Name }} + spec: + serviceAccountName: {{ .Chart.Name }}-manager + securityContext: + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: create-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - apply + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + restartPolicy: OnFailure + volumes: + - name: crd-manifest + configMap: + name: {{ .Chart.Name }}-manifest +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-delete + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + name: {{ .Chart.Name }}-delete + labels: + app: {{ .Chart.Name }} + spec: + serviceAccountName: {{ .Chart.Name }}-manager + securityContext: + runAsNonRoot: true + runAsUser: 1000 + initContainers: + - name: remove-finalizers + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - apply + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + containers: + - name: delete-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - delete + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + restartPolicy: OnFailure + volumes: + - name: crd-manifest + configMap: + name: {{ .Chart.Name }}-manifest diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/templates/manifest.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/templates/manifest.yaml new file mode 100644 index 000000000..31016b6ef --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/templates/manifest.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-manifest + namespace: {{ .Release.Namespace }} +data: + crd-manifest.yaml: | + {{- $currentScope := . -}} + {{- $crds := (.Files.Glob "crd-manifest/**.yaml") -}} + {{- range $path, $_ := $crds -}} + {{- with $currentScope -}} + {{ .Files.Get $path | nindent 4 }} + --- + {{- end -}}{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/templates/rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/templates/rbac.yaml new file mode 100644 index 000000000..bdda1ddad --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/templates/rbac.yaml @@ -0,0 +1,72 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Chart.Name }}-manager + labels: + app: {{ .Chart.Name }}-manager +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: ['create', 'get', 'patch', 'delete'] +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ .Chart.Name }}-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Chart.Name }}-manager + labels: + app: {{ .Chart.Name }}-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Chart.Name }}-manager +subjects: +- kind: ServiceAccount + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-manager +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-manager +spec: + privileged: false + allowPrivilegeEscalation: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'configMap' + - 'secret' diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/values.yaml new file mode 100644 index 000000000..3aac0a046 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.202/values.yaml @@ -0,0 +1,11 @@ +# Default values for rancher-monitoring-crd. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: + cattle: + systemDefaultRegistry: "" + +image: + repository: rancher/kubectl + tag: v1.18.6 diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/Chart.yaml new file mode 100755 index 000000000..e13bacc12 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-monitoring-system + catalog.cattle.io/release-name: rancher-monitoring-crd +apiVersion: v1 +description: Installs the CRDs for rancher-monitoring. +name: rancher-monitoring-crd +type: application +version: 9.4.203 diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/README.md b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/README.md new file mode 100755 index 000000000..48d2a8621 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/README.md @@ -0,0 +1,2 @@ +# rancher-monitoring-crd +A Rancher chart that installs the CRDs used by rancher-monitoring. diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-alertmanager.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-alertmanager.yaml new file mode 100755 index 000000000..98030b4f8 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-alertmanager.yaml @@ -0,0 +1,4500 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: alertmanagers.monitoring.coreos.com +spec: + additionalPrinterColumns: + - JSONPath: .spec.version + description: The version of Alertmanager + name: Version + type: string + - JSONPath: .spec.replicas + description: The desired replicas number of Alertmanagers + name: Replicas + type: integer + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: monitoring.coreos.com + names: + kind: Alertmanager + listKind: AlertmanagerList + plural: alertmanagers + singular: alertmanager + preserveUnknownFields: false + scope: Namespaced + subresources: {} + validation: + openAPIV3Schema: + description: Alertmanager describes an Alertmanager cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the Alertmanager + cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + additionalPeers: + description: AdditionalPeers allows injecting a set of additional Alertmanagers + to peer with to form a highly available cluster. + items: + type: string + type: array + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all + objects with implicit weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no objects (i.e. is also + a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The + terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may not + try to eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field + and adding "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + baseImage: + description: Base image that is used to deploy pods, without tag. + type: string + configMaps: + description: ConfigMaps is a list of ConfigMaps in the same namespace + as the Alertmanager object, which shall be mounted into the Alertmanager + Pods. The ConfigMaps are mounted into /etc/alertmanager/configmaps/. + items: + type: string + type: array + configSecret: + description: ConfigSecret is the name of a Kubernetes Secret in the + same namespace as the Alertmanager object, which contains configuration + for this Alertmanager instance. Defaults to 'alertmanager-' + The secret is mounted into /etc/alertmanager/config. + type: string + containers: + description: Containers allows injecting additional containers. This + is meant to allow adding an authentication proxy to an Alertmanager + pod. + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + externalUrl: + description: The external URL the Alertmanager instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Alertmanager is not served from root of a DNS name. + type: string + image: + description: Image if specified has precedence over baseImage, tag and + sha combinations. Specifying the version is still necessary to ensure + the Prometheus Operator knows what version of Alertmanager is being + configured. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace + to use for pulling prometheus and alertmanager images from registries + see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let + you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the Alertmanager configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart of + the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + Using initContainers for any use case other then secret fetching is + entirely outside the scope of what the maintainers will support and + by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + listenLocal: + description: ListenLocal makes the Alertmanager server listen on loopback, + so that it does not bind against the Pod IP. Note this is only for + the Alertmanager UI, not the gossip communication. + type: boolean + logFormat: + description: Log format for Alertmanager to be configured with. + type: string + logLevel: + description: Log level for Alertmanager to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + paused: + description: If set to true all actions on the underlaying managed objects + are not goint to be performed, except for delete actions. + type: boolean + podMetadata: + description: PodMetadata configures Labels and Annotations which are + propagated to the alertmanager pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + portName: + description: Port name used for the pods and governing service. This + defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + replicas: + description: Size is the expected size of the alertmanager cluster. + The controller will eventually make the size of the running cluster + equal to the expected size. + format: int32 + type: integer + resources: + description: Define resources requests and limits for single Pods. + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration Alertmanager shall retain data for. Default + is '120h', and must match the regular expression `[0-9]+(ms|s|m|h)` + (milliseconds seconds minutes hours). + type: string + routePrefix: + description: The route prefix Alertmanager registers HTTP handlers for. + This is useful, if using ExternalURL and a proxy is rewriting HTTP + routes of a request, and the actual ExternalURL is still true, but + the server serves requests under a different route prefix. For example + for use with `kubectl proxy`. + type: string + secrets: + description: Secrets is a list of Secrets in the same namespace as the + Alertmanager object, which shall be mounted into the Alertmanager + Pods. The Secrets are mounted into /etc/alertmanager/secrets/. + items: + type: string + type: array + securityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers + in a pod. Some volume types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n 1. The owning GID will + be the FSGroup 2. The setgid bit is set (new files created in + the volume will be owned by FSGroup) 3. The permission bits are + OR'd with rw-rw---- \n If unset, the Kubelet will not modify the + ownership and permissions of any volume." + format: int64 + type: integer + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux + context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in + each container, in addition to the container's primary GID. If + unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. This field is alpha-level and is only + honored by servers that enable the WindowsGMSA feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of + the container process. Defaults to the user specified in image + metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. This + field is beta-level and may be disabled with the WindowsRunAsUserName + feature flag. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to + use to run the Prometheus Pods. + type: string + sha: + description: SHA of Alertmanager container image to be deployed. Defaults + to the value of `version`. Similar to a tag, but the SHA explicitly + deploys an immutable container image. Version and Tag are ignored + if SHA is set. + type: string + storage: + description: Storage is the definition of how storage will be used by + the Alertmanager instances. + properties: + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus + StatefulSets. If specified, used in place of any volumeClaimTemplate. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. + The default is "" which means to use the node''s default medium. + Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. More + info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + type: object + spec: + description: 'Spec defines the desired characteristics of a + volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: This field requires the VolumeSnapshotDataSource + alpha feature gate to be enabled and currently VolumeSnapshot + is the only supported data source. If the provisioner + can support VolumeSnapshot data source, it will create + a new volume and data will be restored to the volume at + the same time. If the provisioner does not support VolumeSnapshot + data source, volume will not be created and the failure + will be reported as an event. In the future, we plan to + support more data source types and the behavior of the + provisioner may change. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, the + specified Kind must be in the core API group. For + any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for + binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not + included in claim spec. This is a beta feature. + type: string + volumeName: + description: VolumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + type: string + description: Represents the actual resources of the underlying + volume. + type: object + conditions: + description: Current Condition of persistent volume claim. + If underlying persistent volume is being resized then + the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details + about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned + from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details + about last transition. + type: string + reason: + description: Unique, this should be a short, machine + understandable string that gives the reason for + condition's last transition. If it reports "ResizeStarted" + that means the underlying persistent volume is being + resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is + a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tag: + description: Tag of Alertmanager container image to be deployed. Defaults + to the value of `version`. Version is ignored if Tag is set. + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the + toleration (which must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + version: + description: Version the cluster should be on. + type: string + volumeMounts: + description: VolumeMounts allows configuration of additional VolumeMounts + on the output StatefulSet definition. VolumeMounts specified will + be appended to other VolumeMounts in the alertmanager container, that + are generated as a result of StorageSpec objects. + items: + description: VolumeMount describes a mounting of a Volume within a + container. + properties: + mountPath: + description: Path within the container at which the volume should + be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated + from the host to container and the other way around. When not + set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's + volume should be mounted. Behaves similarly to SubPath but environment + variable references $(VAR_NAME) are expanded using the container's + environment. Defaults to "" (volume's root). SubPathExpr and + SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Volumes allows configuration of additional volumes on the + output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be + accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the default + is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in + AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks + per storage account Dedicated: single blob disk per storage + account Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage + Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than + the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring + for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication + secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted + on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected into + the volume as a file whose name is the key and content is + the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the + ConfigMap, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must + be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents storage + that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed to the + associated CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret + object containing sensitive information to pass to the CSI + driver to complete the CSI NodePublishVolume and NodeUnpublishVolume + calls. This field is optional, and may be empty if no secret + is required. If the secret object contains more than one + secret, all secret references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name + of the file to be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 encoded. The + first item of the relative path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares + a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this + directory. The default is "" which means to use the node''s + default medium. Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + fc: + description: FC represents a Fibre Channel resource that is attached + to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be + set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that + is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this + volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret + object containing sensitive information to pass to the plugin + scripts. This may be empty if no secret object is specified. + If the secret object contains more than one secret, all + secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a + kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name + on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used + to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision a + container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start + with '..'. If '.' is supplied, the volume directory will + be the git repository. Otherwise, if specified, the volume + will contain the git repository in the subdirectory with + the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host + that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path + is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to the + pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new iSCSI + interface : will be created + for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an + IP or ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within + the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be + mounted with read-only permissions. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference + to a PersistentVolumeClaim in the same namespace. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories within the + path are not affected by this setting. This might be in + conflict with other options that affect the file mode, like + fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: information about the configMap data to + project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced ConfigMap + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the ConfigMap, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data + to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults to + "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced Secret will + be projected into the volume as a file whose name + is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the Secret, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience of + the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account token. + As the token approaches expiration, the kubelet + volume plugin will proactively rotate the service + account token. The kubelet will start trying to + rotate the token if the token is older than 80 + percent of its time to live or if the token is + older than 24 hours.Defaults to 1 hour and must + be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount + point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that + shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to + be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for + the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with + Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should + be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the + protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO + system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected into the + volume as a file whose name is the key and content is the + value. If specified, the listed keys will be projected into + the specified paths, and unlisted keys will not be present. + If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be + defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to + use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within a + namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then the + Pod's namespace will be used. This allows the Kubernetes + name scoping to be mirrored within StorageOS for tighter + integration. Set VolumeName to any name to override the + default behaviour. Set to "default" if you are not using + namespaces within StorageOS. Namespaces that do not pre-exist + within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile + name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + status: + description: 'Most recent observed status of the Alertmanager cluster. Read-only. + Not included when requesting from the apiserver, only from the Prometheus + Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this Alertmanager cluster. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlaying managed + objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this Alertmanager + cluster (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this Alertmanager + cluster. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this Alertmanager + cluster that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-podmonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-podmonitor.yaml new file mode 100755 index 000000000..9cf3c42e4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-podmonitor.yaml @@ -0,0 +1,260 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: podmonitors.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: PodMonitor + listKind: PodMonitorList + plural: podmonitors + singular: podmonitor + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: PodMonitor defines monitoring for a set of pods. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired Pod selection for target discovery + by Prometheus. + properties: + jobLabel: + description: The label to use to retrieve the job name from. + type: string + namespaceSelector: + description: Selector to select which namespaces the Endpoints objects + are discovered from. + properties: + any: + description: Boolean describing whether all namespaces are selected + in contrast to a list restricting them. + type: boolean + matchNames: + description: List of namespace names. + items: + type: string + type: array + type: object + podMetricsEndpoints: + description: A list of endpoints allowed as part of this PodMonitor. + items: + description: PodMetricsEndpoint defines a scrapeable endpoint of a + Kubernetes Pod serving Prometheus metrics. + properties: + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + interval: + description: Interval at which metrics should be scraped + type: string + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before ingestion. + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + params: + additionalProperties: + items: + type: string + type: array + description: Optional HTTP URL parameters + type: object + path: + description: HTTP path to scrape for metrics. + type: string + port: + description: Name of the pod port this endpoint refers to. Mutually + exclusive with targetPort. + type: string + proxyUrl: + description: ProxyURL eg http://proxyserver:2195 Directs scrapes + to proxy through this endpoint. + type: string + relabelings: + description: 'RelabelConfigs to apply to samples before ingestion. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + scheme: + description: HTTP scheme to use for scraping. + type: string + scrapeTimeout: + description: Timeout after which the scrape is ended + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Deprecated: Use ''port'' instead.' + x-kubernetes-int-or-string: true + type: object + type: array + podTargetLabels: + description: PodTargetLabels transfers labels on the Kubernetes Pod + onto the target. + items: + type: string + type: array + sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped + samples that will be accepted. + format: int64 + type: integer + selector: + description: Selector to select Pod objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + required: + - podMetricsEndpoints + - selector + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-prometheus.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-prometheus.yaml new file mode 100755 index 000000000..704379fb2 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-prometheus.yaml @@ -0,0 +1,6002 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: prometheuses.monitoring.coreos.com +spec: + additionalPrinterColumns: + - JSONPath: .spec.version + description: The version of Prometheus + name: Version + type: string + - JSONPath: .spec.replicas + description: The desired replicas number of Prometheuses + name: Replicas + type: integer + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: monitoring.coreos.com + names: + kind: Prometheus + listKind: PrometheusList + plural: prometheuses + singular: prometheus + preserveUnknownFields: false + scope: Namespaced + subresources: {} + validation: + openAPIV3Schema: + description: Prometheus defines a Prometheus deployment. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the Prometheus cluster. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + additionalAlertManagerConfigs: + description: 'AdditionalAlertManagerConfigs allows specifying a key + of a Secret containing additional Prometheus AlertManager configurations. + AlertManager configurations specified are appended to the configurations + generated by the Prometheus Operator. Job configurations specified + must have the form as specified in the official Prometheus documentation: + https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config. + As AlertManager configs are appended, the user is responsible to make + sure it is valid. Note that using this feature may expose the possibility + to break upgrades of Prometheus. It is advised to review Prometheus + release notes to ensure that no incompatible AlertManager configs + are going to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + additionalAlertRelabelConfigs: + description: 'AdditionalAlertRelabelConfigs allows specifying a key + of a Secret containing additional Prometheus alert relabel configurations. + Alert relabel configurations specified are appended to the configurations + generated by the Prometheus Operator. Alert relabel configurations + specified must have the form as specified in the official Prometheus + documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs. + As alert relabel configs are appended, the user is responsible to + make sure it is valid. Note that using this feature may expose the + possibility to break upgrades of Prometheus. It is advised to review + Prometheus release notes to ensure that no incompatible alert relabel + configs are going to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + additionalScrapeConfigs: + description: 'AdditionalScrapeConfigs allows specifying a key of a Secret + containing additional Prometheus scrape configurations. Scrape configurations + specified are appended to the configurations generated by the Prometheus + Operator. Job configurations specified must have the form as specified + in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. + As scrape configs are appended, the user is responsible to make sure + it is valid. Note that using this feature may expose the possibility + to break upgrades of Prometheus. It is advised to review Prometheus + release notes to ensure that no incompatible scrape configs are going + to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all + objects with implicit weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no objects (i.e. is also + a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The + terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may not + try to eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field + and adding "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + alerting: + description: Define details regarding alerting. + properties: + alertmanagers: + description: AlertmanagerEndpoints Prometheus should fire alerts + against. + items: + description: AlertmanagerEndpoints defines a selection of a single + Endpoints object containing alertmanager IPs to fire alerts + against. + properties: + apiVersion: + description: Version of the Alertmanager API that Prometheus + uses to send alerts. It can be "v1" or "v2". + type: string + bearerTokenFile: + description: BearerTokenFile to read from filesystem to use + when authenticating to Alertmanager. + type: string + name: + description: Name of Endpoints object in Namespace. + type: string + namespace: + description: Namespace of Endpoints object. + type: string + pathPrefix: + description: Prefix for the HTTP path alerts are pushed to. + type: string + port: + anyOf: + - type: integer + - type: string + description: Port the Alertmanager API is exposed on. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use when firing alerts. + type: string + tlsConfig: + description: TLS Config to use for alertmanager connection. + properties: + ca: + description: Stuct containing the CA cert to use for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for + the targets. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - name + - namespace + - port + type: object + type: array + required: + - alertmanagers + type: object + apiserverConfig: + description: APIServerConfig allows specifying a host and auth methods + to access apiserver. If left empty, Prometheus is assumed to run inside + of the cluster and will discover API servers automatically and use + the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. + properties: + basicAuth: + description: BasicAuth allow an endpoint to authenticate over basic + authentication + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: Bearer token for accessing apiserver. + type: string + bearerTokenFile: + description: File to read bearer token for accessing apiserver. + type: string + host: + description: Host of apiserver. A valid string consisting of a hostname + or IP followed by an optional port number + type: string + tlsConfig: + description: TLS Config to use for accessing apiserver. + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container + for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + type: object + arbitraryFSAccessThroughSMs: + description: ArbitraryFSAccessThroughSMs configures whether configuration + based on a service monitor can access arbitrary files on the file + system of the Prometheus container e.g. bearer token files. + properties: + deny: + type: boolean + type: object + baseImage: + description: Base image to use for a Prometheus deployment. + type: string + configMaps: + description: ConfigMaps is a list of ConfigMaps in the same namespace + as the Prometheus object, which shall be mounted into the Prometheus + Pods. The ConfigMaps are mounted into /etc/prometheus/configmaps/. + items: + type: string + type: array + containers: + description: 'Containers allows injecting additional containers or modifying + operator generated containers. This can be used to allow adding an + authentication proxy to a Prometheus pod or to change the behavior + of an operator generated container. Containers described here modify + an operator generated container if they share the same name and modifications + are done via a strategic merge patch. The current container names + are: `prometheus`, `prometheus-config-reloader`, `rules-configmap-reloader`, + and `thanos-sidecar`. Overriding containers is entirely outside the + scope of what the maintainers will support and by doing so, you accept + that this behaviour may break at any time without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + disableCompaction: + description: Disable prometheus compaction. + type: boolean + enableAdminAPI: + description: 'Enable access to prometheus web admin API. Defaults to + the value of `false`. WARNING: Enabling the admin APIs enables mutating + endpoints, to delete data, shutdown Prometheus, and more. Enabling + this should be done with care and the user is advised to add additional + authentication authorization via a proxy to ensure only clients authorized + to perform these actions can do so. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis' + type: boolean + enforcedNamespaceLabel: + description: EnforcedNamespaceLabel enforces adding a namespace label + of origin for each alert and metric that is user created. The label + value will always be the namespace of the object that is being created. + type: string + evaluationInterval: + description: Interval between consecutive evaluations. + type: string + externalLabels: + additionalProperties: + type: string + description: The labels to add to any time series or alerts when communicating + with external systems (federation, remote storage, Alertmanager). + type: object + externalUrl: + description: The external URL the Prometheus instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Prometheus is not served from root of a DNS name. + type: string + ignoreNamespaceSelectors: + description: IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector + settings from the podmonitor and servicemonitor configs, and they + will only discover endpoints within their current namespace. Defaults + to false. + type: boolean + image: + description: Image if specified has precedence over baseImage, tag and + sha combinations. Specifying the version is still necessary to ensure + the Prometheus Operator knows what version of Prometheus is being + configured. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace + to use for pulling prometheus and alertmanager images from registries + see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let + you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the Prometheus configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart of + the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + Using initContainers for any use case other then secret fetching is + entirely outside the scope of what the maintainers will support and + by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + listenLocal: + description: ListenLocal makes the Prometheus server listen on loopback, + so that it does not bind against the Pod IP. + type: boolean + logFormat: + description: Log format for Prometheus to be configured with. + type: string + logLevel: + description: Log level for Prometheus to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + overrideHonorLabels: + description: OverrideHonorLabels if set to true overrides all user configured + honor_labels. If HonorLabels is set in ServiceMonitor or PodMonitor + to true, this overrides honor_labels to false. + type: boolean + overrideHonorTimestamps: + description: OverrideHonorTimestamps allows to globally enforce honoring + timestamps in all scrape configs. + type: boolean + paused: + description: When a Prometheus deployment is paused, no actions except + for deletion will be performed on the underlying objects. + type: boolean + podMetadata: + description: PodMetadata configures Labels and Annotations which are + propagated to the prometheus pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + podMonitorNamespaceSelector: + description: Namespaces to be selected for PodMonitor discovery. If + nil, only check own namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + podMonitorSelector: + description: '*Experimental* PodMonitors to be selected for target discovery.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + portName: + description: Port name used for the pods and governing service. This + defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + prometheusExternalLabelName: + description: Name of Prometheus external label used to denote Prometheus + instance name. Defaults to the value of `prometheus`. External label + will _not_ be added when value is set to empty string (`""`). + type: string + query: + description: QuerySpec defines the query command line flags when starting + Prometheus. + properties: + lookbackDelta: + description: The delta difference allowed for retrieving metrics + during expression evaluations. + type: string + maxConcurrency: + description: Number of concurrent queries that can be run at once. + format: int32 + type: integer + maxSamples: + description: Maximum number of samples a single query can load into + memory. Note that queries will fail if they would load more samples + than this into memory, so this also limits the number of samples + a query can return. + format: int32 + type: integer + timeout: + description: Maximum time a query may take before being aborted. + type: string + type: object + remoteRead: + description: If specified, the remote_read spec. This is an experimental + feature, it may change in any upcoming release in a breaking way. + items: + description: RemoteReadSpec defines the remote_read configuration + for prometheus. + properties: + basicAuth: + description: BasicAuth for the URL. + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: bearer token for remote read. + type: string + bearerTokenFile: + description: File to read bearer token for remote read. + type: string + proxyUrl: + description: Optional ProxyURL + type: string + readRecent: + description: Whether reads should be made for queries for time + ranges that the local storage should have complete data for. + type: boolean + remoteTimeout: + description: Timeout for requests to the remote read endpoint. + type: string + requiredMatchers: + additionalProperties: + type: string + description: An optional list of equality matchers which have + to be present in a selector to query the remote read endpoint. + type: object + tlsConfig: + description: TLS Config to use for remote read. + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + url: + description: The URL of the endpoint to send samples to. + type: string + required: + - url + type: object + type: array + remoteWrite: + description: If specified, the remote_write spec. This is an experimental + feature, it may change in any upcoming release in a breaking way. + items: + description: RemoteWriteSpec defines the remote_write configuration + for prometheus. + properties: + basicAuth: + description: BasicAuth for the URL. + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: File to read bearer token for remote write. + type: string + bearerTokenFile: + description: File to read bearer token for remote write. + type: string + proxyUrl: + description: Optional ProxyURL + type: string + queueConfig: + description: QueueConfig allows tuning of the remote write queue + parameters. + properties: + batchSendDeadline: + description: BatchSendDeadline is the maximum time a sample + will wait in buffer. + type: string + capacity: + description: Capacity is the number of samples to buffer per + shard before we start dropping them. + type: integer + maxBackoff: + description: MaxBackoff is the maximum retry delay. + type: string + maxRetries: + description: MaxRetries is the maximum number of times to + retry a batch on recoverable errors. + type: integer + maxSamplesPerSend: + description: MaxSamplesPerSend is the maximum number of samples + per send. + type: integer + maxShards: + description: MaxShards is the maximum number of shards, i.e. + amount of concurrency. + type: integer + minBackoff: + description: MinBackoff is the initial retry delay. Gets doubled + for every retry. + type: string + minShards: + description: MinShards is the minimum number of shards, i.e. + amount of concurrency. + type: integer + type: object + remoteTimeout: + description: Timeout for requests to the remote write endpoint. + type: string + tlsConfig: + description: TLS Config to use for remote write. + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + url: + description: The URL of the endpoint to send samples to. + type: string + writeRelabelConfigs: + description: The list of remote write relabel configurations. + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + required: + - url + type: object + type: array + replicaExternalLabelName: + description: Name of Prometheus external label used to denote replica + name. Defaults to the value of `prometheus_replica`. External label + will _not_ be added when value is set to empty string (`""`). + type: string + replicas: + description: Number of instances to deploy for a Prometheus deployment. + format: int32 + type: integer + resources: + description: Define resources requests and limits for single Pods. + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration Prometheus shall retain data for. Default + is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` + (milliseconds seconds minutes hours days weeks years). + type: string + retentionSize: + description: Maximum amount of disk space used by blocks. + type: string + routePrefix: + description: The route prefix Prometheus registers HTTP handlers for. + This is useful, if using ExternalURL and a proxy is rewriting HTTP + routes of a request, and the actual ExternalURL is still true, but + the server serves requests under a different route prefix. For example + for use with `kubectl proxy`. + type: string + ruleNamespaceSelector: + description: Namespaces to be selected for PrometheusRules discovery. + If unspecified, only the same namespace as the Prometheus object is + in is used. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + ruleSelector: + description: A selector to select which PrometheusRules to mount for + loading alerting rules from. Until (excluding) Prometheus Operator + v0.24.0 Prometheus Operator will migrate any legacy rule ConfigMaps + to PrometheusRule custom resources selected by RuleSelector. Make + sure it does not match any config maps that you do not want to be + migrated. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + rules: + description: /--rules.*/ command-line arguments. + properties: + alert: + description: /--rules.alert.*/ command-line arguments + properties: + forGracePeriod: + description: Minimum duration between alert and restored 'for' + state. This is maintained only for alerts with configured + 'for' time greater than grace period. + type: string + forOutageTolerance: + description: Max time to tolerate prometheus outage for restoring + 'for' state of alert. + type: string + resendDelay: + description: Minimum amount of time to wait before resending + an alert to Alertmanager. + type: string + type: object + type: object + scrapeInterval: + description: Interval between consecutive scrapes. + type: string + secrets: + description: Secrets is a list of Secrets in the same namespace as the + Prometheus object, which shall be mounted into the Prometheus Pods. + The Secrets are mounted into /etc/prometheus/secrets/. + items: + type: string + type: array + securityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers + in a pod. Some volume types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n 1. The owning GID will + be the FSGroup 2. The setgid bit is set (new files created in + the volume will be owned by FSGroup) 3. The permission bits are + OR'd with rw-rw---- \n If unset, the Kubelet will not modify the + ownership and permissions of any volume." + format: int64 + type: integer + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux + context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in + each container, in addition to the container's primary GID. If + unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. This field is alpha-level and is only + honored by servers that enable the WindowsGMSA feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of + the container process. Defaults to the user specified in image + metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. This + field is beta-level and may be disabled with the WindowsRunAsUserName + feature flag. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to + use to run the Prometheus Pods. + type: string + serviceMonitorNamespaceSelector: + description: Namespaces to be selected for ServiceMonitor discovery. + If nil, only check own namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + serviceMonitorSelector: + description: ServiceMonitors to be selected for target discovery. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + sha: + description: SHA of Prometheus container image to be deployed. Defaults + to the value of `version`. Similar to a tag, but the SHA explicitly + deploys an immutable container image. Version and Tag are ignored + if SHA is set. + type: string + storage: + description: Storage spec to specify how storage shall be used. + properties: + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus + StatefulSets. If specified, used in place of any volumeClaimTemplate. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. + The default is "" which means to use the node''s default medium. + Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. More + info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + type: object + spec: + description: 'Spec defines the desired characteristics of a + volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: This field requires the VolumeSnapshotDataSource + alpha feature gate to be enabled and currently VolumeSnapshot + is the only supported data source. If the provisioner + can support VolumeSnapshot data source, it will create + a new volume and data will be restored to the volume at + the same time. If the provisioner does not support VolumeSnapshot + data source, volume will not be created and the failure + will be reported as an event. In the future, we plan to + support more data source types and the behavior of the + provisioner may change. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, the + specified Kind must be in the core API group. For + any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for + binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not + included in claim spec. This is a beta feature. + type: string + volumeName: + description: VolumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + type: string + description: Represents the actual resources of the underlying + volume. + type: object + conditions: + description: Current Condition of persistent volume claim. + If underlying persistent volume is being resized then + the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details + about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned + from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details + about last transition. + type: string + reason: + description: Unique, this should be a short, machine + understandable string that gives the reason for + condition's last transition. If it reports "ResizeStarted" + that means the underlying persistent volume is being + resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is + a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tag: + description: Tag of Prometheus container image to be deployed. Defaults + to the value of `version`. Version is ignored if Tag is set. + type: string + thanos: + description: "Thanos configuration allows configuring various aspects + of a Prometheus server in a Thanos environment. \n This section is + experimental, it may change significantly without deprecation notice + in any release. \n This is experimental and may change significantly + without backward compatibility in any release." + properties: + baseImage: + description: Thanos base image if other than default. + type: string + grpcServerTlsConfig: + description: 'GRPCServerTLSConfig configures the gRPC server from + which Thanos Querier reads recorded rule data. Note: Currently + only the CAFile, CertFile, and KeyFile fields are supported. Maps + to the ''--grpc-server-tls-*'' CLI args.' + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container + for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + image: + description: Image if specified has precedence over baseImage, tag + and sha combinations. Specifying the version is still necessary + to ensure the Prometheus Operator knows what version of Thanos + is being configured. + type: string + listenLocal: + description: ListenLocal makes the Thanos sidecar listen on loopback, + so that it does not bind against the Pod IP. + type: boolean + objectStorageConfig: + description: ObjectStorageConfig configures object storage in Thanos. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + resources: + description: Resources defines the resource requirements for the + Thanos sidecar. If not provided, no requests/limits will be set + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + sha: + description: SHA of Thanos container image to be deployed. Defaults + to the value of `version`. Similar to a tag, but the SHA explicitly + deploys an immutable container image. Version and Tag are ignored + if SHA is set. + type: string + tag: + description: Tag of Thanos sidecar container image to be deployed. + Defaults to the value of `version`. Version is ignored if Tag + is set. + type: string + tracingConfig: + description: TracingConfig configures tracing in Thanos. This is + an experimental feature, it may change in any upcoming release + in a breaking way. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + version: + description: Version describes the version of Thanos to use. + type: string + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the + toleration (which must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + version: + description: Version of Prometheus to be deployed. + type: string + volumeMounts: + description: VolumeMounts allows configuration of additional VolumeMounts + on the output StatefulSet definition. VolumeMounts specified will + be appended to other VolumeMounts in the prometheus container, that + are generated as a result of StorageSpec objects. + items: + description: VolumeMount describes a mounting of a Volume within a + container. + properties: + mountPath: + description: Path within the container at which the volume should + be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated + from the host to container and the other way around. When not + set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's + volume should be mounted. Behaves similarly to SubPath but environment + variable references $(VAR_NAME) are expanded using the container's + environment. Defaults to "" (volume's root). SubPathExpr and + SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Volumes allows configuration of additional volumes on the + output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be + accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the default + is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in + AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks + per storage account Dedicated: single blob disk per storage + account Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage + Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than + the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring + for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication + secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted + on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected into + the volume as a file whose name is the key and content is + the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the + ConfigMap, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must + be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents storage + that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed to the + associated CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret + object containing sensitive information to pass to the CSI + driver to complete the CSI NodePublishVolume and NodeUnpublishVolume + calls. This field is optional, and may be empty if no secret + is required. If the secret object contains more than one + secret, all secret references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name + of the file to be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 encoded. The + first item of the relative path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares + a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this + directory. The default is "" which means to use the node''s + default medium. Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + fc: + description: FC represents a Fibre Channel resource that is attached + to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be + set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that + is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this + volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret + object containing sensitive information to pass to the plugin + scripts. This may be empty if no secret object is specified. + If the secret object contains more than one secret, all + secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a + kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name + on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used + to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision a + container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start + with '..'. If '.' is supplied, the volume directory will + be the git repository. Otherwise, if specified, the volume + will contain the git repository in the subdirectory with + the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host + that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path + is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to the + pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new iSCSI + interface : will be created + for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an + IP or ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within + the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be + mounted with read-only permissions. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference + to a PersistentVolumeClaim in the same namespace. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories within the + path are not affected by this setting. This might be in + conflict with other options that affect the file mode, like + fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: information about the configMap data to + project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced ConfigMap + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the ConfigMap, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data + to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults to + "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced Secret will + be projected into the volume as a file whose name + is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the Secret, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience of + the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account token. + As the token approaches expiration, the kubelet + volume plugin will proactively rotate the service + account token. The kubelet will start trying to + rotate the token if the token is older than 80 + percent of its time to live or if the token is + older than 24 hours.Defaults to 1 hour and must + be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount + point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that + shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to + be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for + the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with + Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should + be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the + protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO + system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected into the + volume as a file whose name is the key and content is the + value. If specified, the listed keys will be projected into + the specified paths, and unlisted keys will not be present. + If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be + defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to + use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within a + namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then the + Pod's namespace will be used. This allows the Kubernetes + name scoping to be mirrored within StorageOS for tighter + integration. Set VolumeName to any name to override the + default behaviour. Set to "default" if you are not using + namespaces within StorageOS. Namespaces that do not pre-exist + within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile + name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + walCompression: + description: Enable compression of the write-ahead log using Snappy. + This flag is only available in versions of Prometheus >= 2.11.0. + type: boolean + type: object + status: + description: 'Most recent observed status of the Prometheus cluster. Read-only. + Not included when requesting from the apiserver, only from the Prometheus + Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this Prometheus deployment. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlaying managed + objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this Prometheus + deployment (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this Prometheus + deployment. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this Prometheus + deployment that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-prometheusrules.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-prometheusrules.yaml new file mode 100755 index 000000000..5546de38e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-prometheusrules.yaml @@ -0,0 +1,91 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: prometheusrules.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: PrometheusRule + listKind: PrometheusRuleList + plural: prometheusrules + singular: prometheusrule + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: PrometheusRule defines alerting rules for a Prometheus instance + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired alerting rule definitions for Prometheus. + properties: + groups: + description: Content of Prometheus rule file + items: + description: 'RuleGroup is a list of sequentially evaluated recording + and alerting rules. Note: PartialResponseStrategy is only used by + ThanosRuler and will be ignored by Prometheus instances. Valid + values for this field are ''warn'' or ''abort''. More info: https://github.com/thanos-io/thanos/blob/master/docs/components/rule.md#partial-response' + properties: + interval: + type: string + name: + type: string + partial_response_strategy: + type: string + rules: + items: + description: Rule describes an alerting or recording rule. + properties: + alert: + type: string + annotations: + additionalProperties: + type: string + type: object + expr: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + for: + type: string + labels: + additionalProperties: + type: string + type: object + record: + type: string + required: + - expr + type: object + type: array + required: + - name + - rules + type: object + type: array + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-servicemonitor.yaml new file mode 100755 index 000000000..8f7a67c14 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-servicemonitor.yaml @@ -0,0 +1,459 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: servicemonitors.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: ServiceMonitor + listKind: ServiceMonitorList + plural: servicemonitors + singular: servicemonitor + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: ServiceMonitor defines monitoring for a set of services. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired Service selection for target discovery + by Prometheus. + properties: + endpoints: + description: A list of endpoints allowed as part of this ServiceMonitor. + items: + description: Endpoint defines a scrapeable endpoint serving Prometheus + metrics. + properties: + basicAuth: + description: 'BasicAuth allow an endpoint to authenticate over + basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenFile: + description: File to read bearer token for scraping targets. + type: string + bearerTokenSecret: + description: Secret to mount to read bearer token for scraping + targets. The secret needs to be in the same namespace as the + service monitor and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + interval: + description: Interval at which metrics should be scraped + type: string + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before ingestion. + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + params: + additionalProperties: + items: + type: string + type: array + description: Optional HTTP URL parameters + type: object + path: + description: HTTP path to scrape for metrics. + type: string + port: + description: Name of the service port this endpoint refers to. + Mutually exclusive with targetPort. + type: string + proxyUrl: + description: ProxyURL eg http://proxyserver:2195 Directs scrapes + to proxy through this endpoint. + type: string + relabelings: + description: 'RelabelConfigs to apply to samples before scraping. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + scheme: + description: HTTP scheme to use for scraping. + type: string + scrapeTimeout: + description: Timeout after which the scrape is ended + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: Name or number of the pod port this endpoint refers + to. Mutually exclusive with port. + x-kubernetes-int-or-string: true + tlsConfig: + description: TLS configuration to use when scraping the endpoint + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + jobLabel: + description: The label to use to retrieve the job name from. + type: string + namespaceSelector: + description: Selector to select which namespaces the Endpoints objects + are discovered from. + properties: + any: + description: Boolean describing whether all namespaces are selected + in contrast to a list restricting them. + type: boolean + matchNames: + description: List of namespace names. + items: + type: string + type: array + type: object + podTargetLabels: + description: PodTargetLabels transfers labels on the Kubernetes Pod + onto the target. + items: + type: string + type: array + sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped + samples that will be accepted. + format: int64 + type: integer + selector: + description: Selector to select Endpoints objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + targetLabels: + description: TargetLabels transfers labels on the Kubernetes Service + onto the target. + items: + type: string + type: array + required: + - endpoints + - selector + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-thanosrulers.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-thanosrulers.yaml new file mode 100755 index 000000000..82136d73e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/crd-manifest/crd-thanosrulers.yaml @@ -0,0 +1,4725 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: thanosrulers.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: ThanosRuler + listKind: ThanosRulerList + plural: thanosrulers + singular: thanosruler + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: ThanosRuler defines a ThanosRuler deployment. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the ThanosRuler cluster. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all + objects with implicit weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no objects (i.e. is also + a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The + terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may not + try to eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field + and adding "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + alertDropLabels: + description: AlertDropLabels configure the label names which should + be dropped in ThanosRuler alerts. If `labels` field is not provided, + `thanos_ruler_replica` will be dropped in alerts by default. + items: + type: string + type: array + alertQueryUrl: + description: The external Query URL the Thanos Ruler will set in the + 'Source' field of all alerts. Maps to the '--alert.query-url' CLI + arg. + type: string + alertmanagersConfig: + description: Define configuration for connecting to alertmanager. Only + available with thanos v0.10.0 and higher. Maps to the `alertmanagers.config` + arg. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + alertmanagersUrl: + description: 'Define URLs to send alerts to Alertmanager. For Thanos + v0.10.0 and higher, AlertManagersConfig should be used instead. Note: + this field will be ignored if AlertManagersConfig is specified. Maps + to the `alertmanagers.url` arg.' + items: + type: string + type: array + containers: + description: 'Containers allows injecting additional containers or modifying + operator generated containers. This can be used to allow adding an + authentication proxy to a ThanosRuler pod or to change the behavior + of an operator generated container. Containers described here modify + an operator generated container if they share the same name and modifications + are done via a strategic merge patch. The current container names + are: `thanos-ruler` and `rules-configmap-reloader`. Overriding containers + is entirely outside the scope of what the maintainers will support + and by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + enforcedNamespaceLabel: + description: EnforcedNamespaceLabel enforces adding a namespace label + of origin for each alert and metric that is user created. The label + value will always be the namespace of the object that is being created. + type: string + evaluationInterval: + description: Interval between consecutive evaluations. + type: string + externalPrefix: + description: The external URL the Thanos Ruler instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Thanos Ruler is not served from root of a DNS name. + type: string + grpcServerTlsConfig: + description: 'GRPCServerTLSConfig configures the gRPC server from which + Thanos Querier reads recorded rule data. Note: Currently only the + CAFile, CertFile, and KeyFile fields are supported. Maps to the ''--grpc-server-tls-*'' + CLI args.' + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must + be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container to + use for the targets. + type: string + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must + be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus container + for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container + for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + image: + description: Thanos container image URL. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace + to use for pulling thanos images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let + you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the ThanosRuler configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart of + the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + Using initContainers for any use case other then secret fetching is + entirely outside the scope of what the maintainers will support and + by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: Labels configure the external label pairs to ThanosRuler. + If not provided, default replica label `thanos_ruler_replica` will + be added as a label and be dropped in alerts. + type: object + listenLocal: + description: ListenLocal makes the Thanos ruler listen on loopback, + so that it does not bind against the Pod IP. + type: boolean + logFormat: + description: Log format for ThanosRuler to be configured with. + type: string + logLevel: + description: Log level for ThanosRuler to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + objectStorageConfig: + description: ObjectStorageConfig configures object storage in Thanos. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + paused: + description: When a ThanosRuler deployment is paused, no actions except + for deletion will be performed on the underlying objects. + type: boolean + podMetadata: + description: PodMetadata contains Labels and Annotations gets propagated + to the thanos ruler pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + portName: + description: Port name used for the pods and governing service. This + defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + queryConfig: + description: Define configuration for connecting to thanos query instances. + If this is defined, the QueryEndpoints field will be ignored. Maps + to the `query.config` CLI argument. Only available with thanos v0.11.0 + and higher. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + queryEndpoints: + description: QueryEndpoints defines Thanos querier endpoints from which + to query metrics. Maps to the --query flag of thanos ruler. + items: + type: string + type: array + replicas: + description: Number of thanos ruler instances to deploy. + format: int32 + type: integer + resources: + description: Resources defines the resource requirements for single + Pods. If not provided, no requests/limits will be set + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration ThanosRuler shall retain data for. Default + is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` + (milliseconds seconds minutes hours days weeks years). + type: string + routePrefix: + description: The route prefix ThanosRuler registers HTTP handlers for. + This allows thanos UI to be served on a sub-path. + type: string + ruleNamespaceSelector: + description: Namespaces to be selected for Rules discovery. If unspecified, + only the same namespace as the ThanosRuler object is in is used. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + ruleSelector: + description: A label selector to select which PrometheusRules to mount + for alerting and recording. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + securityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers + in a pod. Some volume types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n 1. The owning GID will + be the FSGroup 2. The setgid bit is set (new files created in + the volume will be owned by FSGroup) 3. The permission bits are + OR'd with rw-rw---- \n If unset, the Kubelet will not modify the + ownership and permissions of any volume." + format: int64 + type: integer + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux + context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in + each container, in addition to the container's primary GID. If + unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. This field is alpha-level and is only + honored by servers that enable the WindowsGMSA feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of + the container process. Defaults to the user specified in image + metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. This + field is beta-level and may be disabled with the WindowsRunAsUserName + feature flag. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to + use to run the Thanos Ruler Pods. + type: string + storage: + description: Storage spec to specify how storage shall be used. + properties: + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus + StatefulSets. If specified, used in place of any volumeClaimTemplate. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. + The default is "" which means to use the node''s default medium. + Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. More + info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + type: object + spec: + description: 'Spec defines the desired characteristics of a + volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: This field requires the VolumeSnapshotDataSource + alpha feature gate to be enabled and currently VolumeSnapshot + is the only supported data source. If the provisioner + can support VolumeSnapshot data source, it will create + a new volume and data will be restored to the volume at + the same time. If the provisioner does not support VolumeSnapshot + data source, volume will not be created and the failure + will be reported as an event. In the future, we plan to + support more data source types and the behavior of the + provisioner may change. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, the + specified Kind must be in the core API group. For + any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for + binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not + included in claim spec. This is a beta feature. + type: string + volumeName: + description: VolumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + type: string + description: Represents the actual resources of the underlying + volume. + type: object + conditions: + description: Current Condition of persistent volume claim. + If underlying persistent volume is being resized then + the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details + about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned + from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details + about last transition. + type: string + reason: + description: Unique, this should be a short, machine + understandable string that gives the reason for + condition's last transition. If it reports "ResizeStarted" + that means the underlying persistent volume is being + resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is + a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the + toleration (which must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + tracingConfig: + description: TracingConfig configures tracing in Thanos. This is an + experimental feature, it may change in any upcoming release in a breaking + way. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + volumes: + description: Volumes allows configuration of additional volumes on the + output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be + accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the default + is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in + AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks + per storage account Dedicated: single blob disk per storage + account Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage + Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than + the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring + for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication + secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted + on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected into + the volume as a file whose name is the key and content is + the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the + ConfigMap, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must + be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents storage + that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed to the + associated CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret + object containing sensitive information to pass to the CSI + driver to complete the CSI NodePublishVolume and NodeUnpublishVolume + calls. This field is optional, and may be empty if no secret + is required. If the secret object contains more than one + secret, all secret references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name + of the file to be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 encoded. The + first item of the relative path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares + a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this + directory. The default is "" which means to use the node''s + default medium. Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + fc: + description: FC represents a Fibre Channel resource that is attached + to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be + set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that + is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this + volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret + object containing sensitive information to pass to the plugin + scripts. This may be empty if no secret object is specified. + If the secret object contains more than one secret, all + secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a + kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name + on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used + to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision a + container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start + with '..'. If '.' is supplied, the volume directory will + be the git repository. Otherwise, if specified, the volume + will contain the git repository in the subdirectory with + the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host + that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path + is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to the + pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new iSCSI + interface : will be created + for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an + IP or ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within + the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be + mounted with read-only permissions. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference + to a PersistentVolumeClaim in the same namespace. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories within the + path are not affected by this setting. This might be in + conflict with other options that affect the file mode, like + fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: information about the configMap data to + project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced ConfigMap + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the ConfigMap, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data + to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults to + "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced Secret will + be projected into the volume as a file whose name + is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the Secret, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience of + the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account token. + As the token approaches expiration, the kubelet + volume plugin will proactively rotate the service + account token. The kubelet will start trying to + rotate the token if the token is older than 80 + percent of its time to live or if the token is + older than 24 hours.Defaults to 1 hour and must + be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount + point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that + shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to + be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for + the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with + Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should + be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the + protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO + system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected into the + volume as a file whose name is the key and content is the + value. If specified, the listed keys will be projected into + the specified paths, and unlisted keys will not be present. + If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be + defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to + use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within a + namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then the + Pod's namespace will be used. This allows the Kubernetes + name scoping to be mirrored within StorageOS for tighter + integration. Set VolumeName to any name to override the + default behaviour. Set to "default" if you are not using + namespaces within StorageOS. Namespaces that do not pre-exist + within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile + name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + status: + description: 'Most recent observed status of the ThanosRuler cluster. Read-only. + Not included when requesting from the apiserver, only from the ThanosRuler + Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this ThanosRuler deployment. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlying managed + objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this ThanosRuler + deployment (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this ThanosRuler + deployment. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this ThanosRuler + deployment that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/templates/_helpers.tpl new file mode 100755 index 000000000..39b26c195 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/templates/_helpers.tpl @@ -0,0 +1,7 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/templates/jobs.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/templates/jobs.yaml new file mode 100755 index 000000000..709005fd9 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/templates/jobs.yaml @@ -0,0 +1,92 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-create + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} + annotations: + "helm.sh/hook": post-install, post-upgrade, post-rollback + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + name: {{ .Chart.Name }}-create + labels: + app: {{ .Chart.Name }} + spec: + serviceAccountName: {{ .Chart.Name }}-manager + securityContext: + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: create-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - apply + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + restartPolicy: OnFailure + volumes: + - name: crd-manifest + configMap: + name: {{ .Chart.Name }}-manifest +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-delete + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + name: {{ .Chart.Name }}-delete + labels: + app: {{ .Chart.Name }} + spec: + serviceAccountName: {{ .Chart.Name }}-manager + securityContext: + runAsNonRoot: true + runAsUser: 1000 + initContainers: + - name: remove-finalizers + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - apply + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + containers: + - name: delete-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - delete + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + restartPolicy: OnFailure + volumes: + - name: crd-manifest + configMap: + name: {{ .Chart.Name }}-manifest diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/templates/manifest.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/templates/manifest.yaml new file mode 100755 index 000000000..31016b6ef --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/templates/manifest.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-manifest + namespace: {{ .Release.Namespace }} +data: + crd-manifest.yaml: | + {{- $currentScope := . -}} + {{- $crds := (.Files.Glob "crd-manifest/**.yaml") -}} + {{- range $path, $_ := $crds -}} + {{- with $currentScope -}} + {{ .Files.Get $path | nindent 4 }} + --- + {{- end -}}{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/templates/rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/templates/rbac.yaml new file mode 100755 index 000000000..bdda1ddad --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/templates/rbac.yaml @@ -0,0 +1,72 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Chart.Name }}-manager + labels: + app: {{ .Chart.Name }}-manager +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: ['create', 'get', 'patch', 'delete'] +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ .Chart.Name }}-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Chart.Name }}-manager + labels: + app: {{ .Chart.Name }}-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Chart.Name }}-manager +subjects: +- kind: ServiceAccount + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-manager +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-manager +spec: + privileged: false + allowPrivilegeEscalation: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'configMap' + - 'secret' diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/values.yaml new file mode 100755 index 000000000..3aac0a046 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.203/values.yaml @@ -0,0 +1,11 @@ +# Default values for rancher-monitoring-crd. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: + cattle: + systemDefaultRegistry: "" + +image: + repository: rancher/kubectl + tag: v1.18.6 diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/Chart.yaml new file mode 100755 index 000000000..e300c144d --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-monitoring-system + catalog.cattle.io/release-name: rancher-monitoring-crd +apiVersion: v1 +description: Installs the CRDs for rancher-monitoring. +name: rancher-monitoring-crd +type: application +version: 9.4.204 diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/README.md b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/README.md new file mode 100755 index 000000000..48d2a8621 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/README.md @@ -0,0 +1,2 @@ +# rancher-monitoring-crd +A Rancher chart that installs the CRDs used by rancher-monitoring. diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-alertmanager.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-alertmanager.yaml new file mode 100755 index 000000000..98030b4f8 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-alertmanager.yaml @@ -0,0 +1,4500 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: alertmanagers.monitoring.coreos.com +spec: + additionalPrinterColumns: + - JSONPath: .spec.version + description: The version of Alertmanager + name: Version + type: string + - JSONPath: .spec.replicas + description: The desired replicas number of Alertmanagers + name: Replicas + type: integer + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: monitoring.coreos.com + names: + kind: Alertmanager + listKind: AlertmanagerList + plural: alertmanagers + singular: alertmanager + preserveUnknownFields: false + scope: Namespaced + subresources: {} + validation: + openAPIV3Schema: + description: Alertmanager describes an Alertmanager cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the Alertmanager + cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + additionalPeers: + description: AdditionalPeers allows injecting a set of additional Alertmanagers + to peer with to form a highly available cluster. + items: + type: string + type: array + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all + objects with implicit weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no objects (i.e. is also + a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The + terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may not + try to eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field + and adding "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + baseImage: + description: Base image that is used to deploy pods, without tag. + type: string + configMaps: + description: ConfigMaps is a list of ConfigMaps in the same namespace + as the Alertmanager object, which shall be mounted into the Alertmanager + Pods. The ConfigMaps are mounted into /etc/alertmanager/configmaps/. + items: + type: string + type: array + configSecret: + description: ConfigSecret is the name of a Kubernetes Secret in the + same namespace as the Alertmanager object, which contains configuration + for this Alertmanager instance. Defaults to 'alertmanager-' + The secret is mounted into /etc/alertmanager/config. + type: string + containers: + description: Containers allows injecting additional containers. This + is meant to allow adding an authentication proxy to an Alertmanager + pod. + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + externalUrl: + description: The external URL the Alertmanager instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Alertmanager is not served from root of a DNS name. + type: string + image: + description: Image if specified has precedence over baseImage, tag and + sha combinations. Specifying the version is still necessary to ensure + the Prometheus Operator knows what version of Alertmanager is being + configured. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace + to use for pulling prometheus and alertmanager images from registries + see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let + you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the Alertmanager configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart of + the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + Using initContainers for any use case other then secret fetching is + entirely outside the scope of what the maintainers will support and + by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + listenLocal: + description: ListenLocal makes the Alertmanager server listen on loopback, + so that it does not bind against the Pod IP. Note this is only for + the Alertmanager UI, not the gossip communication. + type: boolean + logFormat: + description: Log format for Alertmanager to be configured with. + type: string + logLevel: + description: Log level for Alertmanager to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + paused: + description: If set to true all actions on the underlaying managed objects + are not goint to be performed, except for delete actions. + type: boolean + podMetadata: + description: PodMetadata configures Labels and Annotations which are + propagated to the alertmanager pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + portName: + description: Port name used for the pods and governing service. This + defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + replicas: + description: Size is the expected size of the alertmanager cluster. + The controller will eventually make the size of the running cluster + equal to the expected size. + format: int32 + type: integer + resources: + description: Define resources requests and limits for single Pods. + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration Alertmanager shall retain data for. Default + is '120h', and must match the regular expression `[0-9]+(ms|s|m|h)` + (milliseconds seconds minutes hours). + type: string + routePrefix: + description: The route prefix Alertmanager registers HTTP handlers for. + This is useful, if using ExternalURL and a proxy is rewriting HTTP + routes of a request, and the actual ExternalURL is still true, but + the server serves requests under a different route prefix. For example + for use with `kubectl proxy`. + type: string + secrets: + description: Secrets is a list of Secrets in the same namespace as the + Alertmanager object, which shall be mounted into the Alertmanager + Pods. The Secrets are mounted into /etc/alertmanager/secrets/. + items: + type: string + type: array + securityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers + in a pod. Some volume types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n 1. The owning GID will + be the FSGroup 2. The setgid bit is set (new files created in + the volume will be owned by FSGroup) 3. The permission bits are + OR'd with rw-rw---- \n If unset, the Kubelet will not modify the + ownership and permissions of any volume." + format: int64 + type: integer + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux + context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in + each container, in addition to the container's primary GID. If + unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. This field is alpha-level and is only + honored by servers that enable the WindowsGMSA feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of + the container process. Defaults to the user specified in image + metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. This + field is beta-level and may be disabled with the WindowsRunAsUserName + feature flag. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to + use to run the Prometheus Pods. + type: string + sha: + description: SHA of Alertmanager container image to be deployed. Defaults + to the value of `version`. Similar to a tag, but the SHA explicitly + deploys an immutable container image. Version and Tag are ignored + if SHA is set. + type: string + storage: + description: Storage is the definition of how storage will be used by + the Alertmanager instances. + properties: + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus + StatefulSets. If specified, used in place of any volumeClaimTemplate. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. + The default is "" which means to use the node''s default medium. + Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. More + info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + type: object + spec: + description: 'Spec defines the desired characteristics of a + volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: This field requires the VolumeSnapshotDataSource + alpha feature gate to be enabled and currently VolumeSnapshot + is the only supported data source. If the provisioner + can support VolumeSnapshot data source, it will create + a new volume and data will be restored to the volume at + the same time. If the provisioner does not support VolumeSnapshot + data source, volume will not be created and the failure + will be reported as an event. In the future, we plan to + support more data source types and the behavior of the + provisioner may change. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, the + specified Kind must be in the core API group. For + any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for + binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not + included in claim spec. This is a beta feature. + type: string + volumeName: + description: VolumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + type: string + description: Represents the actual resources of the underlying + volume. + type: object + conditions: + description: Current Condition of persistent volume claim. + If underlying persistent volume is being resized then + the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details + about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned + from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details + about last transition. + type: string + reason: + description: Unique, this should be a short, machine + understandable string that gives the reason for + condition's last transition. If it reports "ResizeStarted" + that means the underlying persistent volume is being + resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is + a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tag: + description: Tag of Alertmanager container image to be deployed. Defaults + to the value of `version`. Version is ignored if Tag is set. + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the + toleration (which must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + version: + description: Version the cluster should be on. + type: string + volumeMounts: + description: VolumeMounts allows configuration of additional VolumeMounts + on the output StatefulSet definition. VolumeMounts specified will + be appended to other VolumeMounts in the alertmanager container, that + are generated as a result of StorageSpec objects. + items: + description: VolumeMount describes a mounting of a Volume within a + container. + properties: + mountPath: + description: Path within the container at which the volume should + be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated + from the host to container and the other way around. When not + set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's + volume should be mounted. Behaves similarly to SubPath but environment + variable references $(VAR_NAME) are expanded using the container's + environment. Defaults to "" (volume's root). SubPathExpr and + SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Volumes allows configuration of additional volumes on the + output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be + accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the default + is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in + AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks + per storage account Dedicated: single blob disk per storage + account Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage + Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than + the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring + for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication + secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted + on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected into + the volume as a file whose name is the key and content is + the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the + ConfigMap, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must + be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents storage + that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed to the + associated CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret + object containing sensitive information to pass to the CSI + driver to complete the CSI NodePublishVolume and NodeUnpublishVolume + calls. This field is optional, and may be empty if no secret + is required. If the secret object contains more than one + secret, all secret references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name + of the file to be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 encoded. The + first item of the relative path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares + a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this + directory. The default is "" which means to use the node''s + default medium. Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + fc: + description: FC represents a Fibre Channel resource that is attached + to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be + set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that + is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this + volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret + object containing sensitive information to pass to the plugin + scripts. This may be empty if no secret object is specified. + If the secret object contains more than one secret, all + secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a + kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name + on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used + to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision a + container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start + with '..'. If '.' is supplied, the volume directory will + be the git repository. Otherwise, if specified, the volume + will contain the git repository in the subdirectory with + the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host + that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path + is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to the + pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new iSCSI + interface : will be created + for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an + IP or ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within + the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be + mounted with read-only permissions. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference + to a PersistentVolumeClaim in the same namespace. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories within the + path are not affected by this setting. This might be in + conflict with other options that affect the file mode, like + fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: information about the configMap data to + project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced ConfigMap + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the ConfigMap, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data + to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults to + "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced Secret will + be projected into the volume as a file whose name + is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the Secret, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience of + the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account token. + As the token approaches expiration, the kubelet + volume plugin will proactively rotate the service + account token. The kubelet will start trying to + rotate the token if the token is older than 80 + percent of its time to live or if the token is + older than 24 hours.Defaults to 1 hour and must + be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount + point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that + shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to + be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for + the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with + Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should + be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the + protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO + system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected into the + volume as a file whose name is the key and content is the + value. If specified, the listed keys will be projected into + the specified paths, and unlisted keys will not be present. + If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be + defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to + use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within a + namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then the + Pod's namespace will be used. This allows the Kubernetes + name scoping to be mirrored within StorageOS for tighter + integration. Set VolumeName to any name to override the + default behaviour. Set to "default" if you are not using + namespaces within StorageOS. Namespaces that do not pre-exist + within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile + name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + status: + description: 'Most recent observed status of the Alertmanager cluster. Read-only. + Not included when requesting from the apiserver, only from the Prometheus + Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this Alertmanager cluster. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlaying managed + objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this Alertmanager + cluster (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this Alertmanager + cluster. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this Alertmanager + cluster that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-podmonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-podmonitor.yaml new file mode 100755 index 000000000..9cf3c42e4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-podmonitor.yaml @@ -0,0 +1,260 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: podmonitors.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: PodMonitor + listKind: PodMonitorList + plural: podmonitors + singular: podmonitor + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: PodMonitor defines monitoring for a set of pods. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired Pod selection for target discovery + by Prometheus. + properties: + jobLabel: + description: The label to use to retrieve the job name from. + type: string + namespaceSelector: + description: Selector to select which namespaces the Endpoints objects + are discovered from. + properties: + any: + description: Boolean describing whether all namespaces are selected + in contrast to a list restricting them. + type: boolean + matchNames: + description: List of namespace names. + items: + type: string + type: array + type: object + podMetricsEndpoints: + description: A list of endpoints allowed as part of this PodMonitor. + items: + description: PodMetricsEndpoint defines a scrapeable endpoint of a + Kubernetes Pod serving Prometheus metrics. + properties: + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + interval: + description: Interval at which metrics should be scraped + type: string + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before ingestion. + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + params: + additionalProperties: + items: + type: string + type: array + description: Optional HTTP URL parameters + type: object + path: + description: HTTP path to scrape for metrics. + type: string + port: + description: Name of the pod port this endpoint refers to. Mutually + exclusive with targetPort. + type: string + proxyUrl: + description: ProxyURL eg http://proxyserver:2195 Directs scrapes + to proxy through this endpoint. + type: string + relabelings: + description: 'RelabelConfigs to apply to samples before ingestion. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + scheme: + description: HTTP scheme to use for scraping. + type: string + scrapeTimeout: + description: Timeout after which the scrape is ended + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Deprecated: Use ''port'' instead.' + x-kubernetes-int-or-string: true + type: object + type: array + podTargetLabels: + description: PodTargetLabels transfers labels on the Kubernetes Pod + onto the target. + items: + type: string + type: array + sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped + samples that will be accepted. + format: int64 + type: integer + selector: + description: Selector to select Pod objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + required: + - podMetricsEndpoints + - selector + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-prometheus.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-prometheus.yaml new file mode 100755 index 000000000..704379fb2 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-prometheus.yaml @@ -0,0 +1,6002 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: prometheuses.monitoring.coreos.com +spec: + additionalPrinterColumns: + - JSONPath: .spec.version + description: The version of Prometheus + name: Version + type: string + - JSONPath: .spec.replicas + description: The desired replicas number of Prometheuses + name: Replicas + type: integer + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: monitoring.coreos.com + names: + kind: Prometheus + listKind: PrometheusList + plural: prometheuses + singular: prometheus + preserveUnknownFields: false + scope: Namespaced + subresources: {} + validation: + openAPIV3Schema: + description: Prometheus defines a Prometheus deployment. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the Prometheus cluster. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + additionalAlertManagerConfigs: + description: 'AdditionalAlertManagerConfigs allows specifying a key + of a Secret containing additional Prometheus AlertManager configurations. + AlertManager configurations specified are appended to the configurations + generated by the Prometheus Operator. Job configurations specified + must have the form as specified in the official Prometheus documentation: + https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config. + As AlertManager configs are appended, the user is responsible to make + sure it is valid. Note that using this feature may expose the possibility + to break upgrades of Prometheus. It is advised to review Prometheus + release notes to ensure that no incompatible AlertManager configs + are going to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + additionalAlertRelabelConfigs: + description: 'AdditionalAlertRelabelConfigs allows specifying a key + of a Secret containing additional Prometheus alert relabel configurations. + Alert relabel configurations specified are appended to the configurations + generated by the Prometheus Operator. Alert relabel configurations + specified must have the form as specified in the official Prometheus + documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs. + As alert relabel configs are appended, the user is responsible to + make sure it is valid. Note that using this feature may expose the + possibility to break upgrades of Prometheus. It is advised to review + Prometheus release notes to ensure that no incompatible alert relabel + configs are going to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + additionalScrapeConfigs: + description: 'AdditionalScrapeConfigs allows specifying a key of a Secret + containing additional Prometheus scrape configurations. Scrape configurations + specified are appended to the configurations generated by the Prometheus + Operator. Job configurations specified must have the form as specified + in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. + As scrape configs are appended, the user is responsible to make sure + it is valid. Note that using this feature may expose the possibility + to break upgrades of Prometheus. It is advised to review Prometheus + release notes to ensure that no incompatible scrape configs are going + to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all + objects with implicit weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no objects (i.e. is also + a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The + terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may not + try to eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field + and adding "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + alerting: + description: Define details regarding alerting. + properties: + alertmanagers: + description: AlertmanagerEndpoints Prometheus should fire alerts + against. + items: + description: AlertmanagerEndpoints defines a selection of a single + Endpoints object containing alertmanager IPs to fire alerts + against. + properties: + apiVersion: + description: Version of the Alertmanager API that Prometheus + uses to send alerts. It can be "v1" or "v2". + type: string + bearerTokenFile: + description: BearerTokenFile to read from filesystem to use + when authenticating to Alertmanager. + type: string + name: + description: Name of Endpoints object in Namespace. + type: string + namespace: + description: Namespace of Endpoints object. + type: string + pathPrefix: + description: Prefix for the HTTP path alerts are pushed to. + type: string + port: + anyOf: + - type: integer + - type: string + description: Port the Alertmanager API is exposed on. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use when firing alerts. + type: string + tlsConfig: + description: TLS Config to use for alertmanager connection. + properties: + ca: + description: Stuct containing the CA cert to use for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for + the targets. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - name + - namespace + - port + type: object + type: array + required: + - alertmanagers + type: object + apiserverConfig: + description: APIServerConfig allows specifying a host and auth methods + to access apiserver. If left empty, Prometheus is assumed to run inside + of the cluster and will discover API servers automatically and use + the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. + properties: + basicAuth: + description: BasicAuth allow an endpoint to authenticate over basic + authentication + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: Bearer token for accessing apiserver. + type: string + bearerTokenFile: + description: File to read bearer token for accessing apiserver. + type: string + host: + description: Host of apiserver. A valid string consisting of a hostname + or IP followed by an optional port number + type: string + tlsConfig: + description: TLS Config to use for accessing apiserver. + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container + for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + type: object + arbitraryFSAccessThroughSMs: + description: ArbitraryFSAccessThroughSMs configures whether configuration + based on a service monitor can access arbitrary files on the file + system of the Prometheus container e.g. bearer token files. + properties: + deny: + type: boolean + type: object + baseImage: + description: Base image to use for a Prometheus deployment. + type: string + configMaps: + description: ConfigMaps is a list of ConfigMaps in the same namespace + as the Prometheus object, which shall be mounted into the Prometheus + Pods. The ConfigMaps are mounted into /etc/prometheus/configmaps/. + items: + type: string + type: array + containers: + description: 'Containers allows injecting additional containers or modifying + operator generated containers. This can be used to allow adding an + authentication proxy to a Prometheus pod or to change the behavior + of an operator generated container. Containers described here modify + an operator generated container if they share the same name and modifications + are done via a strategic merge patch. The current container names + are: `prometheus`, `prometheus-config-reloader`, `rules-configmap-reloader`, + and `thanos-sidecar`. Overriding containers is entirely outside the + scope of what the maintainers will support and by doing so, you accept + that this behaviour may break at any time without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + disableCompaction: + description: Disable prometheus compaction. + type: boolean + enableAdminAPI: + description: 'Enable access to prometheus web admin API. Defaults to + the value of `false`. WARNING: Enabling the admin APIs enables mutating + endpoints, to delete data, shutdown Prometheus, and more. Enabling + this should be done with care and the user is advised to add additional + authentication authorization via a proxy to ensure only clients authorized + to perform these actions can do so. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis' + type: boolean + enforcedNamespaceLabel: + description: EnforcedNamespaceLabel enforces adding a namespace label + of origin for each alert and metric that is user created. The label + value will always be the namespace of the object that is being created. + type: string + evaluationInterval: + description: Interval between consecutive evaluations. + type: string + externalLabels: + additionalProperties: + type: string + description: The labels to add to any time series or alerts when communicating + with external systems (federation, remote storage, Alertmanager). + type: object + externalUrl: + description: The external URL the Prometheus instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Prometheus is not served from root of a DNS name. + type: string + ignoreNamespaceSelectors: + description: IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector + settings from the podmonitor and servicemonitor configs, and they + will only discover endpoints within their current namespace. Defaults + to false. + type: boolean + image: + description: Image if specified has precedence over baseImage, tag and + sha combinations. Specifying the version is still necessary to ensure + the Prometheus Operator knows what version of Prometheus is being + configured. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace + to use for pulling prometheus and alertmanager images from registries + see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let + you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the Prometheus configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart of + the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + Using initContainers for any use case other then secret fetching is + entirely outside the scope of what the maintainers will support and + by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + listenLocal: + description: ListenLocal makes the Prometheus server listen on loopback, + so that it does not bind against the Pod IP. + type: boolean + logFormat: + description: Log format for Prometheus to be configured with. + type: string + logLevel: + description: Log level for Prometheus to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + overrideHonorLabels: + description: OverrideHonorLabels if set to true overrides all user configured + honor_labels. If HonorLabels is set in ServiceMonitor or PodMonitor + to true, this overrides honor_labels to false. + type: boolean + overrideHonorTimestamps: + description: OverrideHonorTimestamps allows to globally enforce honoring + timestamps in all scrape configs. + type: boolean + paused: + description: When a Prometheus deployment is paused, no actions except + for deletion will be performed on the underlying objects. + type: boolean + podMetadata: + description: PodMetadata configures Labels and Annotations which are + propagated to the prometheus pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + podMonitorNamespaceSelector: + description: Namespaces to be selected for PodMonitor discovery. If + nil, only check own namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + podMonitorSelector: + description: '*Experimental* PodMonitors to be selected for target discovery.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + portName: + description: Port name used for the pods and governing service. This + defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + prometheusExternalLabelName: + description: Name of Prometheus external label used to denote Prometheus + instance name. Defaults to the value of `prometheus`. External label + will _not_ be added when value is set to empty string (`""`). + type: string + query: + description: QuerySpec defines the query command line flags when starting + Prometheus. + properties: + lookbackDelta: + description: The delta difference allowed for retrieving metrics + during expression evaluations. + type: string + maxConcurrency: + description: Number of concurrent queries that can be run at once. + format: int32 + type: integer + maxSamples: + description: Maximum number of samples a single query can load into + memory. Note that queries will fail if they would load more samples + than this into memory, so this also limits the number of samples + a query can return. + format: int32 + type: integer + timeout: + description: Maximum time a query may take before being aborted. + type: string + type: object + remoteRead: + description: If specified, the remote_read spec. This is an experimental + feature, it may change in any upcoming release in a breaking way. + items: + description: RemoteReadSpec defines the remote_read configuration + for prometheus. + properties: + basicAuth: + description: BasicAuth for the URL. + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: bearer token for remote read. + type: string + bearerTokenFile: + description: File to read bearer token for remote read. + type: string + proxyUrl: + description: Optional ProxyURL + type: string + readRecent: + description: Whether reads should be made for queries for time + ranges that the local storage should have complete data for. + type: boolean + remoteTimeout: + description: Timeout for requests to the remote read endpoint. + type: string + requiredMatchers: + additionalProperties: + type: string + description: An optional list of equality matchers which have + to be present in a selector to query the remote read endpoint. + type: object + tlsConfig: + description: TLS Config to use for remote read. + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + url: + description: The URL of the endpoint to send samples to. + type: string + required: + - url + type: object + type: array + remoteWrite: + description: If specified, the remote_write spec. This is an experimental + feature, it may change in any upcoming release in a breaking way. + items: + description: RemoteWriteSpec defines the remote_write configuration + for prometheus. + properties: + basicAuth: + description: BasicAuth for the URL. + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: File to read bearer token for remote write. + type: string + bearerTokenFile: + description: File to read bearer token for remote write. + type: string + proxyUrl: + description: Optional ProxyURL + type: string + queueConfig: + description: QueueConfig allows tuning of the remote write queue + parameters. + properties: + batchSendDeadline: + description: BatchSendDeadline is the maximum time a sample + will wait in buffer. + type: string + capacity: + description: Capacity is the number of samples to buffer per + shard before we start dropping them. + type: integer + maxBackoff: + description: MaxBackoff is the maximum retry delay. + type: string + maxRetries: + description: MaxRetries is the maximum number of times to + retry a batch on recoverable errors. + type: integer + maxSamplesPerSend: + description: MaxSamplesPerSend is the maximum number of samples + per send. + type: integer + maxShards: + description: MaxShards is the maximum number of shards, i.e. + amount of concurrency. + type: integer + minBackoff: + description: MinBackoff is the initial retry delay. Gets doubled + for every retry. + type: string + minShards: + description: MinShards is the minimum number of shards, i.e. + amount of concurrency. + type: integer + type: object + remoteTimeout: + description: Timeout for requests to the remote write endpoint. + type: string + tlsConfig: + description: TLS Config to use for remote write. + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + url: + description: The URL of the endpoint to send samples to. + type: string + writeRelabelConfigs: + description: The list of remote write relabel configurations. + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + required: + - url + type: object + type: array + replicaExternalLabelName: + description: Name of Prometheus external label used to denote replica + name. Defaults to the value of `prometheus_replica`. External label + will _not_ be added when value is set to empty string (`""`). + type: string + replicas: + description: Number of instances to deploy for a Prometheus deployment. + format: int32 + type: integer + resources: + description: Define resources requests and limits for single Pods. + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration Prometheus shall retain data for. Default + is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` + (milliseconds seconds minutes hours days weeks years). + type: string + retentionSize: + description: Maximum amount of disk space used by blocks. + type: string + routePrefix: + description: The route prefix Prometheus registers HTTP handlers for. + This is useful, if using ExternalURL and a proxy is rewriting HTTP + routes of a request, and the actual ExternalURL is still true, but + the server serves requests under a different route prefix. For example + for use with `kubectl proxy`. + type: string + ruleNamespaceSelector: + description: Namespaces to be selected for PrometheusRules discovery. + If unspecified, only the same namespace as the Prometheus object is + in is used. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + ruleSelector: + description: A selector to select which PrometheusRules to mount for + loading alerting rules from. Until (excluding) Prometheus Operator + v0.24.0 Prometheus Operator will migrate any legacy rule ConfigMaps + to PrometheusRule custom resources selected by RuleSelector. Make + sure it does not match any config maps that you do not want to be + migrated. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + rules: + description: /--rules.*/ command-line arguments. + properties: + alert: + description: /--rules.alert.*/ command-line arguments + properties: + forGracePeriod: + description: Minimum duration between alert and restored 'for' + state. This is maintained only for alerts with configured + 'for' time greater than grace period. + type: string + forOutageTolerance: + description: Max time to tolerate prometheus outage for restoring + 'for' state of alert. + type: string + resendDelay: + description: Minimum amount of time to wait before resending + an alert to Alertmanager. + type: string + type: object + type: object + scrapeInterval: + description: Interval between consecutive scrapes. + type: string + secrets: + description: Secrets is a list of Secrets in the same namespace as the + Prometheus object, which shall be mounted into the Prometheus Pods. + The Secrets are mounted into /etc/prometheus/secrets/. + items: + type: string + type: array + securityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers + in a pod. Some volume types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n 1. The owning GID will + be the FSGroup 2. The setgid bit is set (new files created in + the volume will be owned by FSGroup) 3. The permission bits are + OR'd with rw-rw---- \n If unset, the Kubelet will not modify the + ownership and permissions of any volume." + format: int64 + type: integer + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux + context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in + each container, in addition to the container's primary GID. If + unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. This field is alpha-level and is only + honored by servers that enable the WindowsGMSA feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of + the container process. Defaults to the user specified in image + metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. This + field is beta-level and may be disabled with the WindowsRunAsUserName + feature flag. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to + use to run the Prometheus Pods. + type: string + serviceMonitorNamespaceSelector: + description: Namespaces to be selected for ServiceMonitor discovery. + If nil, only check own namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + serviceMonitorSelector: + description: ServiceMonitors to be selected for target discovery. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + sha: + description: SHA of Prometheus container image to be deployed. Defaults + to the value of `version`. Similar to a tag, but the SHA explicitly + deploys an immutable container image. Version and Tag are ignored + if SHA is set. + type: string + storage: + description: Storage spec to specify how storage shall be used. + properties: + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus + StatefulSets. If specified, used in place of any volumeClaimTemplate. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. + The default is "" which means to use the node''s default medium. + Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. More + info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + type: object + spec: + description: 'Spec defines the desired characteristics of a + volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: This field requires the VolumeSnapshotDataSource + alpha feature gate to be enabled and currently VolumeSnapshot + is the only supported data source. If the provisioner + can support VolumeSnapshot data source, it will create + a new volume and data will be restored to the volume at + the same time. If the provisioner does not support VolumeSnapshot + data source, volume will not be created and the failure + will be reported as an event. In the future, we plan to + support more data source types and the behavior of the + provisioner may change. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, the + specified Kind must be in the core API group. For + any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for + binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not + included in claim spec. This is a beta feature. + type: string + volumeName: + description: VolumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + type: string + description: Represents the actual resources of the underlying + volume. + type: object + conditions: + description: Current Condition of persistent volume claim. + If underlying persistent volume is being resized then + the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details + about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned + from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details + about last transition. + type: string + reason: + description: Unique, this should be a short, machine + understandable string that gives the reason for + condition's last transition. If it reports "ResizeStarted" + that means the underlying persistent volume is being + resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is + a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tag: + description: Tag of Prometheus container image to be deployed. Defaults + to the value of `version`. Version is ignored if Tag is set. + type: string + thanos: + description: "Thanos configuration allows configuring various aspects + of a Prometheus server in a Thanos environment. \n This section is + experimental, it may change significantly without deprecation notice + in any release. \n This is experimental and may change significantly + without backward compatibility in any release." + properties: + baseImage: + description: Thanos base image if other than default. + type: string + grpcServerTlsConfig: + description: 'GRPCServerTLSConfig configures the gRPC server from + which Thanos Querier reads recorded rule data. Note: Currently + only the CAFile, CertFile, and KeyFile fields are supported. Maps + to the ''--grpc-server-tls-*'' CLI args.' + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container + for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + image: + description: Image if specified has precedence over baseImage, tag + and sha combinations. Specifying the version is still necessary + to ensure the Prometheus Operator knows what version of Thanos + is being configured. + type: string + listenLocal: + description: ListenLocal makes the Thanos sidecar listen on loopback, + so that it does not bind against the Pod IP. + type: boolean + objectStorageConfig: + description: ObjectStorageConfig configures object storage in Thanos. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + resources: + description: Resources defines the resource requirements for the + Thanos sidecar. If not provided, no requests/limits will be set + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + sha: + description: SHA of Thanos container image to be deployed. Defaults + to the value of `version`. Similar to a tag, but the SHA explicitly + deploys an immutable container image. Version and Tag are ignored + if SHA is set. + type: string + tag: + description: Tag of Thanos sidecar container image to be deployed. + Defaults to the value of `version`. Version is ignored if Tag + is set. + type: string + tracingConfig: + description: TracingConfig configures tracing in Thanos. This is + an experimental feature, it may change in any upcoming release + in a breaking way. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + version: + description: Version describes the version of Thanos to use. + type: string + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the + toleration (which must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + version: + description: Version of Prometheus to be deployed. + type: string + volumeMounts: + description: VolumeMounts allows configuration of additional VolumeMounts + on the output StatefulSet definition. VolumeMounts specified will + be appended to other VolumeMounts in the prometheus container, that + are generated as a result of StorageSpec objects. + items: + description: VolumeMount describes a mounting of a Volume within a + container. + properties: + mountPath: + description: Path within the container at which the volume should + be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated + from the host to container and the other way around. When not + set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false + or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's + volume should be mounted. Behaves similarly to SubPath but environment + variable references $(VAR_NAME) are expanded using the container's + environment. Defaults to "" (volume's root). SubPathExpr and + SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Volumes allows configuration of additional volumes on the + output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be + accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the default + is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in + AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks + per storage account Dedicated: single blob disk per storage + account Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage + Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than + the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring + for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication + secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted + on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected into + the volume as a file whose name is the key and content is + the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the + ConfigMap, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must + be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents storage + that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed to the + associated CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret + object containing sensitive information to pass to the CSI + driver to complete the CSI NodePublishVolume and NodeUnpublishVolume + calls. This field is optional, and may be empty if no secret + is required. If the secret object contains more than one + secret, all secret references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name + of the file to be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 encoded. The + first item of the relative path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares + a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this + directory. The default is "" which means to use the node''s + default medium. Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + fc: + description: FC represents a Fibre Channel resource that is attached + to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be + set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that + is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this + volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret + object containing sensitive information to pass to the plugin + scripts. This may be empty if no secret object is specified. + If the secret object contains more than one secret, all + secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a + kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name + on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used + to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision a + container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start + with '..'. If '.' is supplied, the volume directory will + be the git repository. Otherwise, if specified, the volume + will contain the git repository in the subdirectory with + the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host + that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path + is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to the + pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new iSCSI + interface : will be created + for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an + IP or ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within + the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be + mounted with read-only permissions. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference + to a PersistentVolumeClaim in the same namespace. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories within the + path are not affected by this setting. This might be in + conflict with other options that affect the file mode, like + fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: information about the configMap data to + project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced ConfigMap + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the ConfigMap, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data + to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults to + "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced Secret will + be projected into the volume as a file whose name + is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the Secret, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience of + the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account token. + As the token approaches expiration, the kubelet + volume plugin will proactively rotate the service + account token. The kubelet will start trying to + rotate the token if the token is older than 80 + percent of its time to live or if the token is + older than 24 hours.Defaults to 1 hour and must + be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount + point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that + shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to + be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for + the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with + Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should + be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the + protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO + system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected into the + volume as a file whose name is the key and content is the + value. If specified, the listed keys will be projected into + the specified paths, and unlisted keys will not be present. + If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be + defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to + use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within a + namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then the + Pod's namespace will be used. This allows the Kubernetes + name scoping to be mirrored within StorageOS for tighter + integration. Set VolumeName to any name to override the + default behaviour. Set to "default" if you are not using + namespaces within StorageOS. Namespaces that do not pre-exist + within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile + name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + walCompression: + description: Enable compression of the write-ahead log using Snappy. + This flag is only available in versions of Prometheus >= 2.11.0. + type: boolean + type: object + status: + description: 'Most recent observed status of the Prometheus cluster. Read-only. + Not included when requesting from the apiserver, only from the Prometheus + Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this Prometheus deployment. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlaying managed + objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this Prometheus + deployment (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this Prometheus + deployment. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this Prometheus + deployment that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-prometheusrules.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-prometheusrules.yaml new file mode 100755 index 000000000..5546de38e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-prometheusrules.yaml @@ -0,0 +1,91 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: prometheusrules.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: PrometheusRule + listKind: PrometheusRuleList + plural: prometheusrules + singular: prometheusrule + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: PrometheusRule defines alerting rules for a Prometheus instance + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired alerting rule definitions for Prometheus. + properties: + groups: + description: Content of Prometheus rule file + items: + description: 'RuleGroup is a list of sequentially evaluated recording + and alerting rules. Note: PartialResponseStrategy is only used by + ThanosRuler and will be ignored by Prometheus instances. Valid + values for this field are ''warn'' or ''abort''. More info: https://github.com/thanos-io/thanos/blob/master/docs/components/rule.md#partial-response' + properties: + interval: + type: string + name: + type: string + partial_response_strategy: + type: string + rules: + items: + description: Rule describes an alerting or recording rule. + properties: + alert: + type: string + annotations: + additionalProperties: + type: string + type: object + expr: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + for: + type: string + labels: + additionalProperties: + type: string + type: object + record: + type: string + required: + - expr + type: object + type: array + required: + - name + - rules + type: object + type: array + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-servicemonitor.yaml new file mode 100755 index 000000000..8f7a67c14 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-servicemonitor.yaml @@ -0,0 +1,459 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: servicemonitors.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: ServiceMonitor + listKind: ServiceMonitorList + plural: servicemonitors + singular: servicemonitor + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: ServiceMonitor defines monitoring for a set of services. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired Service selection for target discovery + by Prometheus. + properties: + endpoints: + description: A list of endpoints allowed as part of this ServiceMonitor. + items: + description: Endpoint defines a scrapeable endpoint serving Prometheus + metrics. + properties: + basicAuth: + description: 'BasicAuth allow an endpoint to authenticate over + basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenFile: + description: File to read bearer token for scraping targets. + type: string + bearerTokenSecret: + description: Secret to mount to read bearer token for scraping + targets. The secret needs to be in the same namespace as the + service monitor and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + interval: + description: Interval at which metrics should be scraped + type: string + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before ingestion. + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + params: + additionalProperties: + items: + type: string + type: array + description: Optional HTTP URL parameters + type: object + path: + description: HTTP path to scrape for metrics. + type: string + port: + description: Name of the service port this endpoint refers to. + Mutually exclusive with targetPort. + type: string + proxyUrl: + description: ProxyURL eg http://proxyserver:2195 Directs scrapes + to proxy through this endpoint. + type: string + relabelings: + description: 'RelabelConfigs to apply to samples before scraping. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It defines + ``-section of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. + Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + scheme: + description: HTTP scheme to use for scraping. + type: string + scrapeTimeout: + description: Timeout after which the scrape is ended + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: Name or number of the pod port this endpoint refers + to. Mutually exclusive with port. + x-kubernetes-int-or-string: true + tlsConfig: + description: TLS configuration to use when scraping the endpoint + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + jobLabel: + description: The label to use to retrieve the job name from. + type: string + namespaceSelector: + description: Selector to select which namespaces the Endpoints objects + are discovered from. + properties: + any: + description: Boolean describing whether all namespaces are selected + in contrast to a list restricting them. + type: boolean + matchNames: + description: List of namespace names. + items: + type: string + type: array + type: object + podTargetLabels: + description: PodTargetLabels transfers labels on the Kubernetes Pod + onto the target. + items: + type: string + type: array + sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped + samples that will be accepted. + format: int64 + type: integer + selector: + description: Selector to select Endpoints objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + targetLabels: + description: TargetLabels transfers labels on the Kubernetes Service + onto the target. + items: + type: string + type: array + required: + - endpoints + - selector + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-thanosrulers.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-thanosrulers.yaml new file mode 100755 index 000000000..82136d73e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/crd-manifest/crd-thanosrulers.yaml @@ -0,0 +1,4725 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.38/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: thanosrulers.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: ThanosRuler + listKind: ThanosRulerList + plural: thanosrulers + singular: thanosruler + preserveUnknownFields: false + scope: Namespaced + validation: + openAPIV3Schema: + description: ThanosRuler defines a ThanosRuler deployment. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the ThanosRuler cluster. + More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all + objects with implicit weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no objects (i.e. is also + a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The + terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may not + try to eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field + and adding "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + alertDropLabels: + description: AlertDropLabels configure the label names which should + be dropped in ThanosRuler alerts. If `labels` field is not provided, + `thanos_ruler_replica` will be dropped in alerts by default. + items: + type: string + type: array + alertQueryUrl: + description: The external Query URL the Thanos Ruler will set in the + 'Source' field of all alerts. Maps to the '--alert.query-url' CLI + arg. + type: string + alertmanagersConfig: + description: Define configuration for connecting to alertmanager. Only + available with thanos v0.10.0 and higher. Maps to the `alertmanagers.config` + arg. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + alertmanagersUrl: + description: 'Define URLs to send alerts to Alertmanager. For Thanos + v0.10.0 and higher, AlertManagersConfig should be used instead. Note: + this field will be ignored if AlertManagersConfig is specified. Maps + to the `alertmanagers.url` arg.' + items: + type: string + type: array + containers: + description: 'Containers allows injecting additional containers or modifying + operator generated containers. This can be used to allow adding an + authentication proxy to a ThanosRuler pod or to change the behavior + of an operator generated container. Containers described here modify + an operator generated container if they share the same name and modifications + are done via a strategic merge patch. The current container names + are: `thanos-ruler` and `rules-configmap-reloader`. Overriding containers + is entirely outside the scope of what the maintainers will support + and by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + enforcedNamespaceLabel: + description: EnforcedNamespaceLabel enforces adding a namespace label + of origin for each alert and metric that is user created. The label + value will always be the namespace of the object that is being created. + type: string + evaluationInterval: + description: Interval between consecutive evaluations. + type: string + externalPrefix: + description: The external URL the Thanos Ruler instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Thanos Ruler is not served from root of a DNS name. + type: string + grpcServerTlsConfig: + description: 'GRPCServerTLSConfig configures the gRPC server from which + Thanos Querier reads recorded rule data. Note: Currently only the + CAFile, CertFile, and KeyFile fields are supported. Maps to the ''--grpc-server-tls-*'' + CLI args.' + properties: + ca: + description: Stuct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must + be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container to + use for the targets. + type: string + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must + be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus container + for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container + for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + image: + description: Thanos container image URL. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace + to use for pulling thanos images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let + you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the ThanosRuler configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart of + the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + Using initContainers for any use case other then secret fetching is + entirely outside the scope of what the maintainers will support and + by doing so, you accept that this behaviour may break at any time + without notice.' + items: + description: A single application container that you want to run within + a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The + docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a + variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be a + C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in + response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed to + the handler. The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. Regardless + of the outcome of the handler, the container will eventually + terminate within the Pod''s termination grace period. Other + management of the container blocks until the hook completes + or until the termination grace period is reached. More info: + https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each + container in a pod must have a unique name (DNS_LABEL). Cannot + be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about the + network connections a container uses, but is primarily informational. + Not specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod must + have a unique name. Name for the port that can be referred + to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. Container + will be removed from service endpoints if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: + https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. This field is beta-level and may be + disabled with the WindowsRunAsUserName feature flag. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod will + be restarted, just as if the livenessProbe failed. This can + be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. This + cannot be updated. This is an alpha feature enabled by the StartupProbe + feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. + Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command + is simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit + status of 0 is treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to + be considered failed after having succeeded. Defaults to + 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header to + be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to + be considered successful after having failed. Defaults to + 1. Must be 1 for liveness and startup. Minimum value is + 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP + port. TCP hooks not yet supported TODO: implement a realistic + TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the + container. Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for + stdin in the container runtime. If this is not set, reads from + stdin in the container will always result in EOF. Default is + false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin + channel after it has been opened by a single attach. When stdin + is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container + start, is empty until the first client attaches to stdin, and + then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container + is restarted. If this flag is false, a container processes that + reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate + the container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other way + around. When not set, MountPropagationNone is used. This + field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might be + configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: Labels configure the external label pairs to ThanosRuler. + If not provided, default replica label `thanos_ruler_replica` will + be added as a label and be dropped in alerts. + type: object + listenLocal: + description: ListenLocal makes the Thanos ruler listen on loopback, + so that it does not bind against the Pod IP. + type: boolean + logFormat: + description: Log format for ThanosRuler to be configured with. + type: string + logLevel: + description: Log level for ThanosRuler to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + objectStorageConfig: + description: ObjectStorageConfig configures object storage in Thanos. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + paused: + description: When a ThanosRuler deployment is paused, no actions except + for deletion will be performed on the underlying objects. + type: boolean + podMetadata: + description: PodMetadata contains Labels and Annotations gets propagated + to the thanos ruler pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + portName: + description: Port name used for the pods and governing service. This + defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + queryConfig: + description: Define configuration for connecting to thanos query instances. + If this is defined, the QueryEndpoints field will be ignored. Maps + to the `query.config` CLI argument. Only available with thanos v0.11.0 + and higher. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + queryEndpoints: + description: QueryEndpoints defines Thanos querier endpoints from which + to query metrics. Maps to the --query flag of thanos ruler. + items: + type: string + type: array + replicas: + description: Number of thanos ruler instances to deploy. + format: int32 + type: integer + resources: + description: Resources defines the resource requirements for single + Pods. If not provided, no requests/limits will be set + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration ThanosRuler shall retain data for. Default + is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` + (milliseconds seconds minutes hours days weeks years). + type: string + routePrefix: + description: The route prefix ThanosRuler registers HTTP handlers for. + This allows thanos UI to be served on a sub-path. + type: string + ruleNamespaceSelector: + description: Namespaces to be selected for Rules discovery. If unspecified, + only the same namespace as the ThanosRuler object is in is used. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + ruleSelector: + description: A label selector to select which PrometheusRules to mount + for alerting and recording. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + securityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers + in a pod. Some volume types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n 1. The owning GID will + be the FSGroup 2. The setgid bit is set (new files created in + the volume will be owned by FSGroup) 3. The permission bits are + OR'd with rw-rw---- \n If unset, the Kubelet will not modify the + ownership and permissions of any volume." + format: int64 + type: integer + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux + context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in + each container, in addition to the container's primary GID. If + unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. This field is alpha-level and is only + honored by servers that enable the WindowsGMSA feature flag. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of + the container process. Defaults to the user specified in image + metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. This + field is beta-level and may be disabled with the WindowsRunAsUserName + feature flag. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to + use to run the Thanos Ruler Pods. + type: string + storage: + description: Storage spec to specify how storage shall be used. + properties: + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus + StatefulSets. If specified, used in place of any volumeClaimTemplate. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. + The default is "" which means to use the node''s default medium. + Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. The + default is nil which means that the limit is undefined. More + info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + type: object + spec: + description: 'Spec defines the desired characteristics of a + volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: This field requires the VolumeSnapshotDataSource + alpha feature gate to be enabled and currently VolumeSnapshot + is the only supported data source. If the provisioner + can support VolumeSnapshot data source, it will create + a new volume and data will be restored to the volume at + the same time. If the provisioner does not support VolumeSnapshot + data source, volume will not be created and the failure + will be reported as an event. In the future, we plan to + support more data source types and the behavior of the + provisioner may change. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, the + specified Kind must be in the core API group. For + any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for + binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not + included in claim spec. This is a beta feature. + type: string + volumeName: + description: VolumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + type: string + description: Represents the actual resources of the underlying + volume. + type: object + conditions: + description: Current Condition of persistent volume claim. + If underlying persistent volume is being resized then + the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details + about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned + from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details + about last transition. + type: string + reason: + description: Unique, this should be a short, machine + understandable string that gives the reason for + condition's last transition. If it reports "ResizeStarted" + that means the underlying persistent volume is being + resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is + a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the + toleration (which must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + tracingConfig: + description: TracingConfig configures tracing in Thanos. This is an + experimental feature, it may change in any upcoming release in a breaking + way. + properties: + key: + description: The key of the secret to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + volumes: + description: Volumes allows configuration of additional volumes on the + output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be + accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly + property in VolumeMounts to "true". If omitted, the default + is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in + AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks + per storage account Dedicated: single blob disk per storage + account Managed: azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage + Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than + the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring + for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication + secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted + on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced ConfigMap will be projected into + the volume as a file whose name is the key and content is + the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the + ConfigMap, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must + be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents storage + that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed to the + associated CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret + object containing sensitive information to pass to the CSI + driver to complete the CSI NodePublishVolume and NodeUnpublishVolume + calls. This field is optional, and may be empty if no secret + is required. If the secret object contains more than one + secret, all secret references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name + of the file to be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 encoded. The + first item of the relative path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of the + exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares + a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this + directory. The default is "" which means to use the node''s + default medium. Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required for this + EmptyDir volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified here + and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + fc: + description: FC represents a Fibre Channel resource that is attached + to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be + set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that + is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this + volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends on FlexVolume + script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret + object containing sensitive information to pass to the plugin + scripts. This may be empty if no secret object is specified. + If the secret object contains more than one secret, all + secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a + kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name + on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'The partition in the volume that you want to + mount. If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda is + "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used + to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision a + container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start + with '..'. If '.' is supplied, the volume directory will + be the git repository. Otherwise, if specified, the volume + will contain the git repository in the subdirectory with + the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host + that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path + is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to the + pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, new iSCSI + interface : will be created + for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either + an IP or ip_addr:port if the port is other than default + (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an + IP or ip_addr:port if the port is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within + the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be + mounted with read-only permissions. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference + to a PersistentVolumeClaim in the same namespace. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories within the + path are not affected by this setting. This might be in + conflict with other options that affect the file mode, like + fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: information about the configMap data to + project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced ConfigMap + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the ConfigMap, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data + to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults to + "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair + in the Data field of the referenced Secret will + be projected into the volume as a file whose name + is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the Secret, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on + this file, must be a value between 0 and + 0777. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended audience of + the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account token. + As the token approaches expiration, the kubelet + volume plugin will proactively rotate the service + account token. The kubelet will start trying to + rotate the token if the token is older than 80 + percent of its time to live or if the token is + older than 24 hours.Defaults to 1 hour and must + be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount + point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that + shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to + be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: Volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want + to mount. Tip: Ensure that the filesystem type is supported + by the host operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for + the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with + Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should + be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the + protection domain. + type: string + system: + description: The name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO + system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data + field of the referenced Secret will be projected into the + volume as a file whose name is the key and content is the + value. If specified, the listed keys will be projected into + the specified paths, and unlisted keys will not be present. + If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' path + or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, + the volume defaultMode will be used. This might be + in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the + key to. May not be an absolute path. May not contain + the path element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be + defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to + use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here + will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within a + namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then the + Pod's namespace will be used. This allows the Kubernetes + name scoping to be mirrored within StorageOS for tighter + integration. Set VolumeName to any name to override the + default behaviour. Set to "default" if you are not using + namespaces within StorageOS. Namespaces that do not pre-exist + within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem + type supported by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile + name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + status: + description: 'Most recent observed status of the ThanosRuler cluster. Read-only. + Not included when requesting from the apiserver, only from the ThanosRuler + Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this ThanosRuler deployment. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlying managed + objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this ThanosRuler + deployment (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this ThanosRuler + deployment. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this ThanosRuler + deployment that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/templates/_helpers.tpl new file mode 100755 index 000000000..2da79e70f --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/templates/_helpers.tpl @@ -0,0 +1,29 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/templates/jobs.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/templates/jobs.yaml new file mode 100755 index 000000000..006c5ffff --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/templates/jobs.yaml @@ -0,0 +1,96 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-create + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} + annotations: + "helm.sh/hook": post-install, post-upgrade, post-rollback + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + name: {{ .Chart.Name }}-create + labels: + app: {{ .Chart.Name }} + spec: + serviceAccountName: {{ .Chart.Name }}-manager + securityContext: + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: create-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - apply + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + restartPolicy: OnFailure + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} + volumes: + - name: crd-manifest + configMap: + name: {{ .Chart.Name }}-manifest +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-delete + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + name: {{ .Chart.Name }}-delete + labels: + app: {{ .Chart.Name }} + spec: + serviceAccountName: {{ .Chart.Name }}-manager + securityContext: + runAsNonRoot: true + runAsUser: 1000 + initContainers: + - name: remove-finalizers + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - apply + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + containers: + - name: delete-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - delete + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + restartPolicy: OnFailure + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} + volumes: + - name: crd-manifest + configMap: + name: {{ .Chart.Name }}-manifest diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/templates/manifest.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/templates/manifest.yaml new file mode 100755 index 000000000..31016b6ef --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/templates/manifest.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-manifest + namespace: {{ .Release.Namespace }} +data: + crd-manifest.yaml: | + {{- $currentScope := . -}} + {{- $crds := (.Files.Glob "crd-manifest/**.yaml") -}} + {{- range $path, $_ := $crds -}} + {{- with $currentScope -}} + {{ .Files.Get $path | nindent 4 }} + --- + {{- end -}}{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/templates/rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/templates/rbac.yaml new file mode 100755 index 000000000..bdda1ddad --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/templates/rbac.yaml @@ -0,0 +1,72 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Chart.Name }}-manager + labels: + app: {{ .Chart.Name }}-manager +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: ['create', 'get', 'patch', 'delete'] +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ .Chart.Name }}-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Chart.Name }}-manager + labels: + app: {{ .Chart.Name }}-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Chart.Name }}-manager +subjects: +- kind: ServiceAccount + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-manager +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-manager +spec: + privileged: false + allowPrivilegeEscalation: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'configMap' + - 'secret' diff --git a/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/values.yaml new file mode 100755 index 000000000..22a8a1c38 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring-crd/9.4.204/values.yaml @@ -0,0 +1,11 @@ +# Default values for rancher-monitoring-crd. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: + cattle: + systemDefaultRegistry: "" + +image: + repository: rancher/kubectl + tag: v1.20.2 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/.helmignore b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/.helmignore new file mode 100755 index 000000000..93bf1ec02 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/.helmignore @@ -0,0 +1,26 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +# helm/charts +OWNERS +hack/ +ci/ +kube-prometheus-*.tgz diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/CHANGELOG.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/CHANGELOG.md new file mode 100755 index 000000000..8178169b9 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/CHANGELOG.md @@ -0,0 +1,47 @@ +# Changelog +All notable changes from the upstream Prometheus Operator chart will be added to this file. + +## [Package Version 00] - 2020-07-19 +### Added +- Added [Prometheus Adapter](https://github.com/helm/charts/tree/master/stable/prometheus-adapter) as a dependency to the upstream Prometheus Operator chart to allow users to expose custom metrics from the default Prometheus instance deployed by this chart +- Remove `prometheus-operator/cleanup-crds.yaml` and `prometheus-operator/crds.yaml` from the Prometheus Operator upstream chart in favor of just using the CRD directory to install the CRDs. +- Added support for `rkeControllerManager`, `rkeScheduler`, `rkeProxy`, and `rkeEtcd` PushProx exporters for monitoring k8s components within RKE clusters +- Added support for a `k3sServer` PushProx exporter that monitors k3s server components (`kubeControllerManager`, `kubeScheduler`, and `kubeProxy`) within k3s clusters +- Added support for `kubeAdmControllerManager`, `kubeAdmScheduler`, `kubeAdmProxy`, and `kubeAdmEtcd` PushProx exporters for monitoring k8s components within kubeAdm clusters +- Added support for `rke2ControllerManager`, `rke2Scheduler`, `rke2Proxy`, and `rke2Etcd` PushProx exporters for monitoring k8s components within rke2 clusters +- Exposed `prometheus.prometheusSpec.ignoreNamespaceSelectors` on values.yaml and set it to `false` by default. This value instructs the default Prometheus server deployed with this chart to ignore the `namespaceSelector` field within any created ServiceMonitor or PodMonitor CRs that it selects. This prevents ServiceMonitors and PodMonitors from configuring the Prometheus scrape configuration to monitor resources outside the namespace that they are deployed in; if a user needs to have one ServiceMonitor / PodMonitor monitor resources within several namespaces (such as the resources that are used to monitor Istio in a default installation), they should not enable this option since it would require them to create one ServiceMonitor / PodMonitor CR per namespace that they would like to monitor. Relevant fields were also updated in the default README.md. +- Added `grafana.sidecar.dashboards.searchNamespace` to `values.yaml` with a default value of `cattle-dashboards`. The namespace provided should contain all ConfigMaps with the label `grafana_dashboard` and will be searched by the Grafana Dashboards sidecar for updates. The namespace specified is also created along with this deployment. All default dashboard ConfigMaps have been relocated from the deployment namespace to the namespace specified +- Added `monitoring-admin`, `monitoring-edit`, and `monitoring-view` default `ClusterRoles` to allow admins to assign roles to users to interact with Prometheus Operator CRs. These can be enabled by setting `.Values.global.rbac.userRoles.create` (default: `true`). In a typical RBAC setup, you might want to use a `ClusterRoleBinding` to bind these roles to a Subject to allow them to set up or view `ServiceMonitors` / `PodMonitors` / `PrometheusRules` and view `Prometheus` or `Alertmanager` CRs across the cluster. If `.Values.global.rbac.userRoles.aggregateRolesForRBAC` is enabled, these ClusterRoles will aggregate into the respective default ClusterRoles provided by Kubernetes +- Added `monitoring-config-admin`, `monitoring-config-edit` and `monitoring-config-view` default `Roles` to allow admins to assign roles to users to be able to edit / view `Secrets` and `ConfigMaps` within the `cattle-monitoring-system` namespace. These can be enabled by setting `.Values.global.rbac.userRoles.create` (default: `true`). In a typical RBAC setup, you might want to use a `RoleBinding` to bind these roles to a Subject within the `cattle-monitoring-system` namespace to allow them to modify Secrets / ConfigMaps tied to the deployment, such as your Alertmanager Config Secret. +- Added `monitoring-dashboard-admin`, `monitoring-dashboard-edit` and `monitoring-dashboard-view` default `Roles` to allow admins to assign roles to users to be able to edit / view `ConfigMaps` within the `cattle-dashboards` namespace. These can be enabled by setting `.Values.global.rbac.userRoles.create` (default: `true`) and deploying Grafana as part of this chart. In a typical RBAC setup, you might want to use a `RoleBinding` to bind these roles to a Subject within the `cattle-dashboards` namespace to allow them to create / modify ConfigMaps that contain the JSON used to persist Grafana Dashboards on the cluster. +- Added default resource limits for `Prometheus Operator`, `Prometheus`, `AlertManager`, `Grafana`, `kube-state-metrics`, `node-exporter` +- Added a default template `rancher_defaults.tmpl` to AlertManager that Rancher will offer to users in order to help configure the way alerts are rendered on a notifier. Also updated the default template deployed with this chart to reference that template and added an example of a Slack config using this template as a comment in the `values.yaml`. +- Added support for private registries via introducing a new field for `global.cattle.systemDefaultRegistry` that, if supplied, will automatically be prepended onto every image used by the chart. +- Added a default `nginx` proxy container deployed with Grafana whose config is set in the `ConfigMap` located in `charts/grafana/templates/nginx-config.yaml`. The purpose of this container is to make it possible to view Grafana's UI through a proxy that has a subpath (e.g. Rancher's proxy). This proxy container is set to listen on port `8080` (with a `portName` of `nginx-http` instead of the default `service`), which is also where the Grafana service will now point to, and will forward all requests to the Grafana container listening on the default port `3000`. +- Added a default `nginx` proxy container deployed with Prometheus whose config is set in the `ConfigMap` located in `templates/prometheus/nginx-config.yaml`. The purpose of this container is to make it possible to view Prometheus's UI through a proxy that has a subpath (e.g. Rancher's proxy). This proxy container is set to listen on port `8081` (with a `portName` of `nginx-http` instead of the default `web`), which is also where the Prometheus service will now point to, and will forward all requests to the Prometheus container listening on the default port `9090`. +- Added support for passing CIS Scans in a hardened cluster by introducing a Job that patches the default service account within the `cattle-monitoring-system` and `cattle-dashboards` namespaces on install or upgrade and adding a default allow all `NetworkPolicy` to the `cattle-monitoring-system` and `cattle-dashboards` namespaces. +### Modified +- Updated the chart name from `prometheus-operator` to `rancher-monitoring` and added the `io.rancher.certified: rancher` annotation to `Chart.yaml` +- Modified the default `node-exporter` port from `9100` to `9796` +- Modified the default `nameOverride` to `rancher-monitoring`. This change is necessary as the Prometheus Adapter's default URL (`http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc`) is based off of the value used here; if modified, the default Adapter URL must also be modified +- Modified the default `namespaceOverride` to `cattle-monitoring-system`. This change is necessary as the Prometheus Adapter's default URL (`http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc`) is based off of the value used here; if modified, the default Adapter URL must also be modified +- Configured some default values for `grafana.service` values and exposed them in the default README.md +- The default namespaces the following ServiceMonitors were changed from the deployment namespace to allow them to continue to monitor metrics when `prometheus.prometheusSpec.ignoreNamespaceSelectors` is enabled: + - `core-dns`: `kube-system` + - `api-server`: `default` + - `kube-controller-manager`: `kube-system` + - `kubelet`: `{{ .Values.kubelet.namespace }}` +- Disabled the following deployments by default (can be enabled if required): + - `AlertManager` + - `kube-controller-manager` metrics exporter + - `kube-etcd` metrics exporter + - `kube-scheduler` metrics exporter + - `kube-proxy` metrics exporter +- Updated default Grafana `deploymentStrategy` to `Recreate` to prevent deployments from being stuck on upgrade if a PV is attached to Grafana +- Modified the default `SelectorNilUsesHelmValues` to default to `false`. As a result, we look for all CRs with any labels in all namespaces by default rather than just the ones tagged with the label `release: rancher-monitoring`. +- Modified the default images used by the `rancher-monitoring` chart to point to Rancher mirrors of the original images from upstream. +- Modified the behavior of the chart to create the Alertmanager Config Secret via a pre-install hook instead of using the normal Helm lifecycle to manage the secret. The benefit of this approach is that all changes to the Config Secret done on a live cluster will never get overridden on a `helm upgrade` since the secret only gets created on a `helm install`. If you would like the secret to be cleaned up on an `helm uninstall`, enable `alertmanager.cleanupOnUninstall`; however, this is disabled by default to prevent the loss of alerting configuration on an uninstall. This secret will never be modified on a `helm upgrade`. +- Modified the default `securityContext` for `Pod` templates across the chart to `{"runAsNonRoot": "true", "runAsUser": "1000"}` and replaced `grafana.rbac.pspUseAppArmor` in favor of `grafana.rbac.pspAnnotations={}` in order to make it possible to deploy this chart on a hardened cluster which does not support Seccomp or AppArmor annotations in PSPs. Users can always choose to specify the annotations they want to use for the PSP directly as part of the values provided. +- Modified `.Values.prometheus.prometheusSpec.containers` to take in a string representing a template that should be rendered by Helm (via `tpl`) instead of allowing a user to provide YAML directly. +- Modified the default Grafana configuration to auto assign users who access Grafana to the Viewer role and enable anonymous access to Grafana dashboards by default. This default works well for a Rancher user who is accessing Grafana via the `kubectl proxy` on the Rancher Dashboard UI since anonymous users who enter via the proxy are authenticated by the k8s API Server, but you can / should modify this behavior if you plan on exposing Grafana in a way that does not require authentication (e.g. as a `NodePort` service). +- Modified the default Grafana configuration to add a default dashboard for Rancher on the Grafana home page. \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/CONTRIBUTING.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/CONTRIBUTING.md new file mode 100755 index 000000000..f6ce2a323 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/CONTRIBUTING.md @@ -0,0 +1,12 @@ +# Contributing Guidelines + +## How to contribute to this chart + +1. Fork this repository, develop and test your Chart. +1. Bump the chart version for every change. +1. Ensure PR title has the prefix `[kube-prometheus-stack]` +1. When making changes to rules or dashboards, see the README.md section on how to sync data from upstream repositories +1. Check the `hack/minikube` folder has scripts to set up minikube and components of this chart that will allow all components to be scraped. You can use this configuration when validating your changes. +1. Check for changes of RBAC rules. +1. Check for changes in CRD specs. +1. PR must pass the linter (`helm lint`) diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/Chart.yaml new file mode 100755 index 000000000..7568a480b --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/Chart.yaml @@ -0,0 +1,103 @@ +annotations: + artifacthub.io/links: | + - name: Chart Source + url: https://github.com/prometheus-community/helm-charts + - name: Upstream Project + url: https://github.com/prometheus-operator/kube-prometheus + artifacthub.io/operator: "true" + catalog.cattle.io/auto-install: rancher-monitoring-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Monitoring + catalog.cattle.io/namespace: cattle-monitoring-system + catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 + catalog.cattle.io/release-name: rancher-monitoring + catalog.cattle.io/requests-cpu: 4500m + catalog.cattle.io/requests-memory: 4000Mi + catalog.cattle.io/ui-component: monitoring +apiVersion: v2 +appVersion: 0.46.0 +dependencies: +- condition: grafana.enabled + name: grafana + repository: file://./charts/grafana +- condition: k3sServer.enabled + name: k3sServer + repository: file://./charts/k3sServer +- condition: kubeStateMetrics.enabled + name: kube-state-metrics + repository: file://./charts/kube-state-metrics +- condition: kubeAdmControllerManager.enabled + name: kubeAdmControllerManager + repository: file://./charts/kubeAdmControllerManager +- condition: kubeAdmEtcd.enabled + name: kubeAdmEtcd + repository: file://./charts/kubeAdmEtcd +- condition: kubeAdmProxy.enabled + name: kubeAdmProxy + repository: file://./charts/kubeAdmProxy +- condition: kubeAdmScheduler.enabled + name: kubeAdmScheduler + repository: file://./charts/kubeAdmScheduler +- condition: prometheus-adapter.enabled + name: prometheus-adapter + repository: file://./charts/prometheus-adapter +- condition: nodeExporter.enabled + name: prometheus-node-exporter + repository: file://./charts/prometheus-node-exporter +- condition: rke2ControllerManager.enabled + name: rke2ControllerManager + repository: file://./charts/rke2ControllerManager +- condition: rke2Etcd.enabled + name: rke2Etcd + repository: file://./charts/rke2Etcd +- condition: rke2Proxy.enabled + name: rke2Proxy + repository: file://./charts/rke2Proxy +- condition: rke2Scheduler.enabled + name: rke2Scheduler + repository: file://./charts/rke2Scheduler +- condition: rkeControllerManager.enabled + name: rkeControllerManager + repository: file://./charts/rkeControllerManager +- condition: rkeEtcd.enabled + name: rkeEtcd + repository: file://./charts/rkeEtcd +- condition: rkeProxy.enabled + name: rkeProxy + repository: file://./charts/rkeProxy +- condition: rkeScheduler.enabled + name: rkeScheduler + repository: file://./charts/rkeScheduler +- condition: global.cattle.windows.enabled + name: windowsExporter + repository: file://./charts/windowsExporter +description: Collects several related Helm charts, Grafana dashboards, and Prometheus + rules combined with documentation and scripts to provide easy to operate end-to-end + Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. +home: https://github.com/prometheus-operator/kube-prometheus +icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png +keywords: +- operator +- prometheus +- kube-prometheus +- monitoring +kubeVersion: '>=1.16.0-0' +maintainers: +- name: vsliouniaev +- name: bismarck +- email: gianrubio@gmail.com + name: gianrubio +- email: github.gkarthiks@gmail.com + name: gkarthiks +- email: scott@r6by.com + name: scottrigby +- email: miroslav.hadzhiev@gmail.com + name: Xtigyro +- email: arvind.iyengar@suse.com + name: Arvind +name: rancher-monitoring +sources: +- https://github.com/prometheus-community/helm-charts +- https://github.com/prometheus-operator/kube-prometheus +type: application +version: 14.5.100 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/README.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/README.md new file mode 100755 index 000000000..aa5d530f2 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/README.md @@ -0,0 +1,455 @@ +# kube-prometheus-stack + +Installs the [kube-prometheus stack](https://github.com/prometheus-operator/kube-prometheus), a collection of Kubernetes manifests, [Grafana](http://grafana.com/) dashboards, and [Prometheus rules](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/) combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with [Prometheus](https://prometheus.io/) using the [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator). + +See the [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus) README for details about components, dashboards, and alerts. + +_Note: This chart was formerly named `prometheus-operator` chart, now renamed to more clearly reflect that it installs the `kube-prometheus` project stack, within which Prometheus Operator is only one component._ + +## Prerequisites + +- Kubernetes 1.16+ +- Helm 3+ + +## Get Repo Info + +```console +helm repo add prometheus-community https://prometheus-community.github.io/helm-charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Install Chart + +```console +# Helm +$ helm install [RELEASE_NAME] prometheus-community/kube-prometheus-stack +``` + +_See [configuration](#configuration) below._ + +_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ + +## Dependencies + +By default this chart installs additional, dependent charts: + +- [kubernetes/kube-state-metrics](https://github.com/kubernetes/kube-state-metrics/tree/master/charts/kube-state-metrics) +- [prometheus-community/prometheus-node-exporter](https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-node-exporter) +- [grafana/grafana](https://github.com/grafana/helm-charts/tree/main/charts/grafana) + +To disable dependencies during installation, see [multiple releases](#multiple-releases) below. + +_See [helm dependency](https://helm.sh/docs/helm/helm_dependency/) for command documentation._ + +## Uninstall Chart + +```console +# Helm +$ helm uninstall [RELEASE_NAME] +``` + +This removes all the Kubernetes components associated with the chart and deletes the release. + +_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ + +CRDs created by this chart are not removed by default and should be manually cleaned up: + +```console +kubectl delete crd alertmanagerconfigs.monitoring.coreos.com +kubectl delete crd alertmanagers.monitoring.coreos.com +kubectl delete crd podmonitors.monitoring.coreos.com +kubectl delete crd probes.monitoring.coreos.com +kubectl delete crd prometheuses.monitoring.coreos.com +kubectl delete crd prometheusrules.monitoring.coreos.com +kubectl delete crd servicemonitors.monitoring.coreos.com +kubectl delete crd thanosrulers.monitoring.coreos.com +``` + +## Upgrading Chart + +```console +# Helm +$ helm upgrade [RELEASE_NAME] prometheus-community/kube-prometheus-stack +``` + +With Helm v3, CRDs created by this chart are not updated by default and should be manually updated. +Consult also the [Helm Documentation on CRDs](https://helm.sh/docs/chart_best_practices/custom_resource_definitions). + +_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ + +### Upgrading an existing Release to a new major version + +A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. + +### From 13.x to 14.x + +Version 14 upgrades prometheus-operator from 0.45.x to 0.46.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRDs manually before updating: + +```console +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +``` + +### From 12.x to 13.x + +Version 13 upgrades prometheus-operator from 0.44.x to 0.45.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRD manually before updating: + +```console +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.45.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.45.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.45.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +``` + +### From 11.x to 12.x + +The chart was migrated to support only helm v3 and later. + +### From 10.x to 11.x + +Version 11 upgrades prometheus-operator from 0.42.x to 0.43.x. Starting with 0.43.x an additional `AlertmanagerConfigs` CRD is introduced. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRD manually before updating: + +```console +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.43/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +``` + +Version 11 removes the deprecated tlsProxy via ghostunnel in favor of native TLS support the prometheus-operator gained with v0.39.0. + +### From 9.x to 10.x + +Version 10 upgrades prometheus-operator from 0.38.x to 0.42.x. Starting with 0.40.x an additional `Probes` CRD is introduced. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRD manually before updating: + +```console +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.42/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +``` + +### From 8.x to 9.x + +Version 9 of the helm chart removes the existing `additionalScrapeConfigsExternal` in favour of `additionalScrapeConfigsSecret`. This change lets users specify the secret name and secret key to use for the additional scrape configuration of prometheus. This is useful for users that have prometheus-operator as a subchart and also have a template that creates the additional scrape configuration. + +### From 7.x to 8.x + +Due to new template functions being used in the rules in version 8.x.x of the chart, an upgrade to Prometheus Operator and Prometheus is necessary in order to support them. First, upgrade to the latest version of 7.x.x + +```console +helm upgrade [RELEASE_NAME] prometheus-community/kube-prometheus-stack --version 7.5.0 +``` + +Then upgrade to 8.x.x + +```console +helm upgrade [RELEASE_NAME] prometheus-community/kube-prometheus-stack --version [8.x.x] +``` + +Minimal recommended Prometheus version for this chart release is `2.12.x` + +### From 6.x to 7.x + +Due to a change in grafana subchart, version 7.x.x now requires Helm >= 2.12.0. + +### From 5.x to 6.x + +Due to a change in deployment labels of kube-state-metrics, the upgrade requires `helm upgrade --force` in order to re-create the deployment. If this is not done an error will occur indicating that the deployment cannot be modified: + +```console +invalid: spec.selector: Invalid value: v1.LabelSelector{MatchLabels:map[string]string{"app.kubernetes.io/name":"kube-state-metrics"}, MatchExpressions:[]v1.LabelSelectorRequirement(nil)}: field is immutable +``` + +If this error has already been encountered, a `helm history` command can be used to determine which release has worked, then `helm rollback` to the release, then `helm upgrade --force` to this new one + +## Configuration + +See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments: + +```console +helm show values prometheus-community/kube-prometheus-stack +``` + +You may also run `helm show values` on this chart's [dependencies](#dependencies) for additional options. + +### Rancher Monitoring Configuration + +The following table shows values exposed by Rancher Monitoring's additions to the chart: + +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `nameOverride` | Provide a name that should be used instead of the chart name when naming all resources deployed by this chart |`"rancher-monitoring"`| +| `namespaceOverride` | Override the deployment namespace | `"cattle-monitoring-system"` | +| `global.rbac.userRoles.create` | Create default user ClusterRoles to allow users to interact with Prometheus CRs, ConfigMaps, and Secrets | `true` | +| `global.rbac.userRoles.aggregateToDefaultRoles` | Aggregate default user ClusterRoles into default k8s ClusterRoles | `true` | +| `prometheus-adapter.enabled` | Whether to install [prometheus-adapter](https://github.com/helm/charts/tree/master/stable/prometheus-adapter) within the cluster | `true` | +| `prometheus-adapter.prometheus.url` | A URL pointing to the Prometheus deployment within your cluster. The default value is set based on the assumption that you plan to deploy the default Prometheus instance from this chart where `.Values.namespaceOverride=cattle-monitoring-system` and `.Values.nameOverride=rancher-monitoring` | `http://rancher-monitoring-prometheus.cattle-monitoring-system.svc` | +| `prometheus-adapter.prometheus.port` | The port on the Prometheus deployment that Prometheus Adapter can make requests to | `9090` | +| `prometheus.prometheusSpec.ignoreNamespaceSelectors` | Ignore NamespaceSelector settings from the PodMonitor and ServiceMonitor configs. If true, PodMonitors and ServiceMonitors can only discover Pods and Services within the namespace they are deployed into | `false` | +| `alertmanager.secret.cleanupOnUninstall` | Whether or not to trigger a job to clean up the alertmanager config secret to be deleted on a `helm uninstall`. By default, this is disabled to prevent the loss of alerting configuration on an uninstall. | `false` | +| `alertmanager.secret.image.pullPolicy` | Image pull policy for job(s) related to alertmanager config secret's lifecycle | `IfNotPresent` | +| `alertmanager.secret.image.repository` | Repository to use for job(s) related to alertmanager config secret's lifecycle | `rancher/rancher-agent` | +| `alertmanager.secret.image.tag` | Tag to use for job(s) related to alertmanager config secret's lifecycle | `v2.4.8` | + +The following values are enabled for different distributions via [rancher-pushprox](https://github.com/rancher/dev-charts/tree/master/packages/rancher-pushprox). See the rancher-pushprox `README.md` for more information on what all values can be configured for the PushProxy chart. + +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `rkeControllerManager.enabled` | Create a PushProx installation for monitoring kube-controller-manager metrics in RKE clusters | `false` | +| `rkeScheduler.enabled` | Create a PushProx installation for monitoring kube-scheduler metrics in RKE clusters | `false` | +| `rkeProxy.enabled` | Create a PushProx installation for monitoring kube-proxy metrics in RKE clusters | `false` | +| `rkeEtcd.enabled` | Create a PushProx installation for monitoring etcd metrics in RKE clusters | `false` | +| `k3sServer.enabled` | Create a PushProx installation for monitoring k3s-server metrics (accounts for kube-controller-manager, kube-scheduler, and kube-proxy metrics) in k3s clusters | `false` | +| `kubeAdmControllerManager.enabled` | Create a PushProx installation for monitoring kube-controller-manager metrics in kubeAdm clusters | `false` | +| `kubeAdmScheduler.enabled` | Create a PushProx installation for monitoring kube-scheduler metrics in kubeAdm clusters | `false` | +| `kubeAdmProxy.enabled` | Create a PushProx installation for monitoring kube-proxy metrics in kubeAdm clusters | `false` | +| `kubeAdmEtcd.enabled` | Create a PushProx installation for monitoring etcd metrics in kubeAdm clusters | `false` | + + +### Multiple releases + +The same chart can be used to run multiple Prometheus instances in the same cluster if required. To achieve this, it is necessary to run only one instance of prometheus-operator and a pair of alertmanager pods for an HA configuration, while all other components need to be disabled. To disable a dependency during installation, set `kubeStateMetrics.enabled`, `nodeExporter.enabled` and `grafana.enabled` to `false`. + +## Work-Arounds for Known Issues + +### Running on private GKE clusters + +When Google configure the control plane for private clusters, they automatically configure VPC peering between your Kubernetes cluster’s network and a separate Google managed project. In order to restrict what Google are able to access within your cluster, the firewall rules configured restrict access to your Kubernetes pods. This means that in order to use the webhook component with a GKE private cluster, you must configure an additional firewall rule to allow the GKE control plane access to your webhook pod. + +You can read more information on how to add firewall rules for the GKE control plane nodes in the [GKE docs](https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#add_firewall_rules) + +Alternatively, you can disable the hooks by setting `prometheusOperator.admissionWebhooks.enabled=false`. + +## PrometheusRules Admission Webhooks + +With Prometheus Operator version 0.30+, the core Prometheus Operator pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent malformed rules from being added to the cluster. + +### How the Chart Configures the Hooks + +A validating and mutating webhook configuration requires the endpoint to which the request is sent to use TLS. It is possible to set up custom certificates to do this, but in most cases, a self-signed certificate is enough. The setup of this component requires some more complex orchestration when using helm. The steps are created to be idempotent and to allow turning the feature on and off without running into helm quirks. + +1. A pre-install hook provisions a certificate into the same namespace using a format compatible with provisioning using end-user certificates. If the certificate already exists, the hook exits. +2. The prometheus operator pod is configured to use a TLS proxy container, which will load that certificate. +3. Validating and Mutating webhook configurations are created in the cluster, with their failure mode set to Ignore. This allows rules to be created by the same chart at the same time, even though the webhook has not yet been fully set up - it does not have the correct CA field set. +4. A post-install hook reads the CA from the secret created by step 1 and patches the Validating and Mutating webhook configurations. This process will allow a custom CA provisioned by some other process to also be patched into the webhook configurations. The chosen failure policy is also patched into the webhook configurations + +### Alternatives + +It should be possible to use [jetstack/cert-manager](https://github.com/jetstack/cert-manager) if a more complete solution is required, but it has not been tested. + +You can enable automatic self-signed TLS certificate provisioning via cert-manager by setting the `prometheusOperator.admissionWebhooks.certManager.enabled` value to true. + +### Limitations + +Because the operator can only run as a single pod, there is potential for this component failure to cause rule deployment failure. Because this risk is outweighed by the benefit of having validation, the feature is enabled by default. + +## Developing Prometheus Rules and Grafana Dashboards + +This chart Grafana Dashboards and Prometheus Rules are just a copy from [prometheus-operator/prometheus-operator](https://github.com/prometheus-operator/prometheus-operator) and other sources, synced (with alterations) by scripts in [hack](hack) folder. In order to introduce any changes you need to first [add them to the original repo](https://github.com/prometheus-operator/kube-prometheus/blob/master/docs/developing-prometheus-rules-and-grafana-dashboards.md) and then sync there by scripts. + +## Further Information + +For more in-depth documentation of configuration options meanings, please see + +- [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator) +- [Prometheus](https://prometheus.io/docs/introduction/overview/) +- [Grafana](https://github.com/grafana/helm-charts/tree/main/charts/grafana#grafana-helm-chart) + +## prometheus.io/scrape + +The prometheus operator does not support annotation-based discovery of services, using the `PodMonitor` or `ServiceMonitor` CRD in its place as they provide far more configuration options. +For information on how to use PodMonitors/ServiceMonitors, please see the documentation on the `prometheus-operator/prometheus-operator` documentation here: + +- [ServiceMonitors](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/getting-started.md#include-servicemonitors) +- [PodMonitors](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/getting-started.md#include-podmonitors) +- [Running Exporters](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/running-exporters.md) + +By default, Prometheus discovers PodMonitors and ServiceMonitors within its namespace, that are labeled with the same release tag as the prometheus-operator release. +Sometimes, you may need to discover custom PodMonitors/ServiceMonitors, for example used to scrape data from third-party applications. +An easy way of doing this, without compromising the default PodMonitors/ServiceMonitors discovery, is allowing Prometheus to discover all PodMonitors/ServiceMonitors within its namespace, without applying label filtering. +To do so, you can set `prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues` and `prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues` to `false`. + +## Migrating from stable/prometheus-operator chart + +## Zero downtime + +Since `kube-prometheus-stack` is fully compatible with the `stable/prometheus-operator` chart, a migration without downtime can be achieved. +However, the old name prefix needs to be kept. If you want the new name please follow the step by step guide below (with downtime). + +You can override the name to achieve this: + +```console +helm upgrade prometheus-operator prometheus-community/kube-prometheus-stack -n monitoring --reuse-values --set nameOverride=prometheus-operator +``` + +**Note**: It is recommended to run this first with `--dry-run --debug`. + +## Redeploy with new name (downtime) + +If the **prometheus-operator** values are compatible with the new **kube-prometheus-stack** chart, please follow the below steps for migration: + +> The guide presumes that chart is deployed in `monitoring` namespace and the deployments are running there. If in other namespace, please replace the `monitoring` to the deployed namespace. + +1. Patch the PersistenceVolume created/used by the prometheus-operator chart to `Retain` claim policy: + + ```console + kubectl patch pv/ -p '{"spec":{"persistentVolumeReclaimPolicy":"Retain"}}' + ``` + + **Note:** To execute the above command, the user must have a cluster wide permission. Please refer [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) + +2. Uninstall the **prometheus-operator** release and delete the existing PersistentVolumeClaim, and verify PV become Released. + + ```console + helm uninstall prometheus-operator -n monitoring + kubectl delete pvc/ -n monitoring + ``` + + Additionally, you have to manually remove the remaining `prometheus-operator-kubelet` service. + + ```console + kubectl delete service/prometheus-operator-kubelet -n kube-system + ``` + + You can choose to remove all your existing CRDs (ServiceMonitors, Podmonitors, etc.) if you want to. + +3. Remove current `spec.claimRef` values to change the PV's status from Released to Available. + + ```console + kubectl patch pv/ --type json -p='[{"op": "remove", "path": "/spec/claimRef"}]' -n monitoring + ``` + +**Note:** To execute the above command, the user must have a cluster wide permission. Please refer to [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) + +After these steps, proceed to a fresh **kube-prometheus-stack** installation and make sure the current release of **kube-prometheus-stack** matching the `volumeClaimTemplate` values in the `values.yaml`. + +The binding is done via matching a specific amount of storage requested and with certain access modes. + +For example, if you had storage specified as this with **prometheus-operator**: + +```yaml +volumeClaimTemplate: + spec: + storageClassName: gp2 + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 50Gi +``` + +You have to specify matching `volumeClaimTemplate` with 50Gi storage and `ReadWriteOnce` access mode. + +Additionally, you should check the current AZ of your legacy installation's PV, and configure the fresh release to use the same AZ as the old one. If the pods are in a different AZ than the PV, the release will fail to bind the existing one, hence creating a new PV. + +This can be achieved either by specifying the labels through `values.yaml`, e.g. setting `prometheus.prometheusSpec.nodeSelector` to: + +```yaml +nodeSelector: + failure-domain.beta.kubernetes.io/zone: east-west-1a +``` + +or passing these values as `--set` overrides during installation. + +The new release should now re-attach your previously released PV with its content. + +## Migrating from coreos/prometheus-operator chart + +The multiple charts have been combined into a single chart that installs prometheus operator, prometheus, alertmanager, grafana as well as the multitude of exporters necessary to monitor a cluster. + +There is no simple and direct migration path between the charts as the changes are extensive and intended to make the chart easier to support. + +The capabilities of the old chart are all available in the new chart, including the ability to run multiple prometheus instances on a single cluster - you will need to disable the parts of the chart you do not wish to deploy. + +You can check out the tickets for this change [here](https://github.com/prometheus-operator/prometheus-operator/issues/592) and [here](https://github.com/helm/charts/pull/6765). + +### High-level overview of Changes + +#### Added dependencies + +The chart has added 3 [dependencies](#dependencies). + +- Node-Exporter, Kube-State-Metrics: These components are loaded as dependencies into the chart, and are relatively simple components +- Grafana: The Grafana chart is more feature-rich than this chart - it contains a sidecar that is able to load data sources and dashboards from configmaps deployed into the same cluster. For more information check out the [documentation for the chart](https://github.com/grafana/helm-charts/blob/main/charts/grafana/README.md) + +#### Kubelet Service + +Because the kubelet service has a new name in the chart, make sure to clean up the old kubelet service in the `kube-system` namespace to prevent counting container metrics twice. + +#### Persistent Volumes + +If you would like to keep the data of the current persistent volumes, it should be possible to attach existing volumes to new PVCs and PVs that are created using the conventions in the new chart. For example, in order to use an existing Azure disk for a helm release called `prometheus-migration` the following resources can be created: + +```yaml +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pvc-prometheus-migration-prometheus-0 +spec: + accessModes: + - ReadWriteOnce + azureDisk: + cachingMode: None + diskName: pvc-prometheus-migration-prometheus-0 + diskURI: /subscriptions/f5125d82-2622-4c50-8d25-3f7ba3e9ac4b/resourceGroups/sample-migration-resource-group/providers/Microsoft.Compute/disks/pvc-prometheus-migration-prometheus-0 + fsType: "" + kind: Managed + readOnly: false + capacity: + storage: 1Gi + persistentVolumeReclaimPolicy: Delete + storageClassName: prometheus + volumeMode: Filesystem +``` + +```yaml +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app: prometheus + prometheus: prometheus-migration-prometheus + name: prometheus-prometheus-migration-prometheus-db-prometheus-prometheus-migration-prometheus-0 + namespace: monitoring +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: prometheus + volumeMode: Filesystem + volumeName: pvc-prometheus-migration-prometheus-0 +``` + +The PVC will take ownership of the PV and when you create a release using a persistent volume claim template it will use the existing PVCs as they match the naming convention used by the chart. For other cloud providers similar approaches can be used. + +#### KubeProxy + +The metrics bind address of kube-proxy is default to `127.0.0.1:10249` that prometheus instances **cannot** access to. You should expose metrics by changing `metricsBindAddress` field value to `0.0.0.0:10249` if you want to collect them. + +Depending on the cluster, the relevant part `config.conf` will be in ConfigMap `kube-system/kube-proxy` or `kube-system/kube-proxy-config`. For example: + +```console +kubectl -n kube-system edit cm kube-proxy +``` + +```yaml +apiVersion: v1 +data: + config.conf: |- + apiVersion: kubeproxy.config.k8s.io/v1alpha1 + kind: KubeProxyConfiguration + # ... + # metricsBindAddress: 127.0.0.1:10249 + metricsBindAddress: 0.0.0.0:10249 + # ... + kubeconfig.conf: |- + # ... +kind: ConfigMap +metadata: + labels: + app: kube-proxy + name: kube-proxy + namespace: kube-system +``` diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/app-README.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/app-README.md new file mode 100755 index 000000000..af77e04ec --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/app-README.md @@ -0,0 +1,15 @@ +# Rancher Monitoring and Alerting + + This chart is based on the upstream [kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack) chart. The chart deploys [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator) and its CRDs along with [Grafana](https://github.com/grafana/helm-charts/tree/main/charts/grafana), [Prometheus Adapter](https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-adapter) and additional charts / Kubernetes manifests to gather metrics. It allows users to monitor their Kubernetes clusters, view metrics in Grafana dashboards, and set up alerts and notifications. + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/). + +The chart installs the following components: + +- [Prometheus Operator](https://github.com/coreos/prometheus-operator) - The operator provides easy monitoring definitions for Kubernetes services, manages [Prometheus](https://prometheus.io/) and [AlertManager](https://prometheus.io/docs/alerting/latest/alertmanager/) instances, and adds default scrape targets for some Kubernetes components. +- [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus/) - A collection of community-curated Kubernetes manifests, Grafana Dashboards, and PrometheusRules that deploy a default end-to-end cluster monitoring configuration. +- [Grafana](https://github.com/helm/charts/tree/master/stable/grafana) - Grafana allows a user to create / view dashboards based on the cluster metrics collected by Prometheus. +- [node-exporter](https://github.com/helm/charts/tree/master/stable/prometheus-node-exporter) / [kube-state-metrics](https://github.com/helm/charts/tree/master/stable/kube-state-metrics) / [rancher-pushprox](https://github.com/rancher/charts/tree/dev-v2.5/packages/rancher-pushprox/charts) - These charts monitor various Kubernetes components across different Kubernetes cluster types. +- [Prometheus Adapter](https://github.com/helm/charts/tree/master/stable/prometheus-adapter) - The adapter allows a user to expose custom metrics, resource metrics, and external metrics on the default [Prometheus](https://prometheus.io/) instance to the Kubernetes API Server. + +For more information, review the Helm README of this chart. diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/.helmignore b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/.helmignore new file mode 100755 index 000000000..8cade1318 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.vscode +.project +.idea/ +*.tmproj +OWNERS diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/Chart.yaml new file mode 100755 index 000000000..6f950a023 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/Chart.yaml @@ -0,0 +1,28 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-grafana +apiVersion: v2 +appVersion: 7.4.5 +description: The leading tool for querying and visualizing time series and metrics. +home: https://grafana.net +icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png +kubeVersion: ^1.8.0-0 +maintainers: +- email: zanhsieh@gmail.com + name: zanhsieh +- email: rluckie@cisco.com + name: rtluckie +- email: maor.friedman@redhat.com + name: maorfr +- email: miroslav.hadzhiev@gmail.com + name: Xtigyro +- email: mail@torstenwalter.de + name: torstenwalter +name: grafana +sources: +- https://github.com/grafana/grafana +type: application +version: 6.6.4 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/README.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/README.md new file mode 100755 index 000000000..957f019ec --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/README.md @@ -0,0 +1,514 @@ +# Grafana Helm Chart + +* Installs the web dashboarding system [Grafana](http://grafana.org/) + +## Get Repo Info + +```console +helm repo add grafana https://grafana.github.io/helm-charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +helm install my-release grafana/grafana +``` + +## Uninstalling the Chart + +To uninstall/delete the my-release deployment: + +```console +helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Upgrading an existing Release to a new major version + +A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an +incompatible breaking change needing manual actions. + +### To 4.0.0 (And 3.12.1) + +This version requires Helm >= 2.12.0. + +### To 5.0.0 + +You have to add --force to your helm upgrade command as the labels of the chart have changed. + +### To 6.0.0 + +This version requires Helm >= 3.1.0. + +## Configuration + +| Parameter | Description | Default | +|-------------------------------------------|-----------------------------------------------|---------------------------------------------------------| +| `replicas` | Number of nodes | `1` | +| `podDisruptionBudget.minAvailable` | Pod disruption minimum available | `nil` | +| `podDisruptionBudget.maxUnavailable` | Pod disruption maximum unavailable | `nil` | +| `deploymentStrategy` | Deployment strategy | `{ "type": "RollingUpdate" }` | +| `livenessProbe` | Liveness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } "initialDelaySeconds": 60, "timeoutSeconds": 30, "failureThreshold": 10 }` | +| `readinessProbe` | Readiness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } }`| +| `securityContext` | Deployment securityContext | `{"runAsUser": 472, "runAsGroup": 472, "fsGroup": 472}` | +| `priorityClassName` | Name of Priority Class to assign pods | `nil` | +| `image.repository` | Image repository | `grafana/grafana` | +| `image.tag` | Image tag (`Must be >= 5.0.0`) | `7.4.5` | +| `image.sha` | Image sha (optional) | `2b56f6106ddc376bb46d974230d530754bf65a640dfbc5245191d72d3b49efc6` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Image pull secrets | `{}` | +| `service.type` | Kubernetes service type | `ClusterIP` | +| `service.port` | Kubernetes port where service is exposed | `80` | +| `service.portName` | Name of the port on the service | `service` | +| `service.targetPort` | Internal service is port | `3000` | +| `service.nodePort` | Kubernetes service nodePort | `nil` | +| `service.annotations` | Service annotations | `{}` | +| `service.labels` | Custom labels | `{}` | +| `service.clusterIP` | internal cluster service IP | `nil` | +| `service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `nil` | +| `service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to lb (if supported) | `[]` | +| `service.externalIPs` | service external IP addresses | `[]` | +| `extraExposePorts` | Additional service ports for sidecar containers| `[]` | +| `hostAliases` | adds rules to the pod's /etc/hosts | `[]` | +| `ingress.enabled` | Enables Ingress | `false` | +| `ingress.annotations` | Ingress annotations (values are templated) | `{}` | +| `ingress.labels` | Custom labels | `{}` | +| `ingress.path` | Ingress accepted path | `/` | +| `ingress.pathType` | Ingress type of path | `Prefix` | +| `ingress.hosts` | Ingress accepted hostnames | `["chart-example.local"]` | +| `ingress.extraPaths` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). | `[]` | +| `ingress.tls` | Ingress TLS configuration | `[]` | +| `resources` | CPU/Memory resource requests/limits | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Toleration labels for pod assignment | `[]` | +| `affinity` | Affinity settings for pod assignment | `{}` | +| `extraInitContainers` | Init containers to add to the grafana pod | `{}` | +| `extraContainers` | Sidecar containers to add to the grafana pod | `{}` | +| `extraContainerVolumes` | Volumes that can be mounted in sidecar containers | `[]` | +| `extraLabels` | Custom labels for all manifests | `{}` | +| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` | +| `persistence.enabled` | Use persistent volume to store data | `false` | +| `persistence.type` | Type of persistence (`pvc` or `statefulset`) | `pvc` | +| `persistence.size` | Size of persistent volume claim | `10Gi` | +| `persistence.existingClaim` | Use an existing PVC to persist data | `nil` | +| `persistence.storageClassName` | Type of persistent volume claim | `nil` | +| `persistence.accessModes` | Persistence access modes | `[ReadWriteOnce]` | +| `persistence.annotations` | PersistentVolumeClaim annotations | `{}` | +| `persistence.finalizers` | PersistentVolumeClaim finalizers | `[ "kubernetes.io/pvc-protection" ]` | +| `persistence.subPath` | Mount a sub dir of the persistent volume | `nil` | +| `persistence.inMemory.enabled` | If persistence is not enabled, whether to mount the local storage in-memory to improve performance | `false` | +| `persistence.inMemory.sizeLimit` | SizeLimit for the in-memory local storage | `nil` | +| `initChownData.enabled` | If false, don't reset data ownership at startup | true | +| `initChownData.image.repository` | init-chown-data container image repository | `busybox` | +| `initChownData.image.tag` | init-chown-data container image tag | `1.31.1` | +| `initChownData.image.sha` | init-chown-data container image sha (optional)| `""` | +| `initChownData.image.pullPolicy` | init-chown-data container image pull policy | `IfNotPresent` | +| `initChownData.resources` | init-chown-data pod resource requests & limits | `{}` | +| `schedulerName` | Alternate scheduler name | `nil` | +| `env` | Extra environment variables passed to pods | `{}` | +| `envValueFrom` | Environment variables from alternate sources. See the API docs on [EnvVarSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core) for format details. | `{}` | +| `envFromSecret` | Name of a Kubernetes secret (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `""` | +| `envRenderSecret` | Sensible environment variables passed to pods and stored as secret | `{}` | +| `extraSecretMounts` | Additional grafana server secret mounts | `[]` | +| `extraVolumeMounts` | Additional grafana server volume mounts | `[]` | +| `extraConfigmapMounts` | Additional grafana server configMap volume mounts | `[]` | +| `extraEmptyDirMounts` | Additional grafana server emptyDir volume mounts | `[]` | +| `plugins` | Plugins to be loaded along with Grafana | `[]` | +| `datasources` | Configure grafana datasources (passed through tpl) | `{}` | +| `notifiers` | Configure grafana notifiers | `{}` | +| `dashboardProviders` | Configure grafana dashboard providers | `{}` | +| `dashboards` | Dashboards to import | `{}` | +| `dashboardsConfigMaps` | ConfigMaps reference that contains dashboards | `{}` | +| `grafana.ini` | Grafana's primary configuration | `{}` | +| `ldap.enabled` | Enable LDAP authentication | `false` | +| `ldap.existingSecret` | The name of an existing secret containing the `ldap.toml` file, this must have the key `ldap-toml`. | `""` | +| `ldap.config` | Grafana's LDAP configuration | `""` | +| `annotations` | Deployment annotations | `{}` | +| `labels` | Deployment labels | `{}` | +| `podAnnotations` | Pod annotations | `{}` | +| `podLabels` | Pod labels | `{}` | +| `podPortName` | Name of the grafana port on the pod | `grafana` | +| `sidecar.image.repository` | Sidecar image repository | `quay.io/kiwigrid/k8s-sidecar` | +| `sidecar.image.tag` | Sidecar image tag | `1.10.7` | +| `sidecar.image.sha` | Sidecar image sha (optional) | `""` | +| `sidecar.imagePullPolicy` | Sidecar image pull policy | `IfNotPresent` | +| `sidecar.resources` | Sidecar resources | `{}` | +| `sidecar.enableUniqueFilenames` | Sets the kiwigrid/k8s-sidecar UNIQUE_FILENAMES environment variable | `false` | +| `sidecar.dashboards.enabled` | Enables the cluster wide search for dashboards and adds/updates/deletes them in grafana | `false` | +| `sidecar.dashboards.SCProvider` | Enables creation of sidecar provider | `true` | +| `sidecar.dashboards.provider.name` | Unique name of the grafana provider | `sidecarProvider` | +| `sidecar.dashboards.provider.orgid` | Id of the organisation, to which the dashboards should be added | `1` | +| `sidecar.dashboards.provider.folder` | Logical folder in which grafana groups dashboards | `""` | +| `sidecar.dashboards.provider.disableDelete` | Activate to avoid the deletion of imported dashboards | `false` | +| `sidecar.dashboards.provider.allowUiUpdates` | Allow updating provisioned dashboards from the UI | `false` | +| `sidecar.dashboards.provider.type` | Provider type | `file` | +| `sidecar.dashboards.provider.foldersFromFilesStructure` | Allow Grafana to replicate dashboard structure from filesystem. | `false` | +| `sidecar.dashboards.watchMethod` | Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. | `WATCH` | +| `sidecar.skipTlsVerify` | Set to true to skip tls verification for kube api calls | `nil` | +| `sidecar.dashboards.label` | Label that config maps with dashboards should have to be added | `grafana_dashboard` | +| `sidecar.dashboards.labelValue` | Label value that config maps with dashboards should have to be added | `nil` | +| `sidecar.dashboards.folder` | Folder in the pod that should hold the collected dashboards (unless `sidecar.dashboards.defaultFolderName` is set). This path will be mounted. | `/tmp/dashboards` | +| `sidecar.dashboards.folderAnnotation` | The annotation the sidecar will look for in configmaps to override the destination folder for files | `nil` | +| `sidecar.dashboards.defaultFolderName` | The default folder name, it will create a subfolder under the `sidecar.dashboards.folder` and put dashboards in there instead | `nil` | +| `sidecar.dashboards.searchNamespace` | If specified, the sidecar will search for dashboard config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` | +| `sidecar.datasources.enabled` | Enables the cluster wide search for datasources and adds/updates/deletes them in grafana |`false` | +| `sidecar.datasources.label` | Label that config maps with datasources should have to be added | `grafana_datasource` | +| `sidecar.datasources.labelValue` | Label value that config maps with datasources should have to be added | `nil` | +| `sidecar.datasources.searchNamespace` | If specified, the sidecar will search for datasources config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` | +| `sidecar.notifiers.enabled` | Enables the cluster wide search for notifiers and adds/updates/deletes them in grafana | `false` | +| `sidecar.notifiers.label` | Label that config maps with notifiers should have to be added | `grafana_notifier` | +| `sidecar.notifiers.searchNamespace` | If specified, the sidecar will search for notifiers config-maps (or secrets) inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` | +| `smtp.existingSecret` | The name of an existing secret containing the SMTP credentials. | `""` | +| `smtp.userKey` | The key in the existing SMTP secret containing the username. | `"user"` | +| `smtp.passwordKey` | The key in the existing SMTP secret containing the password. | `"password"` | +| `admin.existingSecret` | The name of an existing secret containing the admin credentials. | `""` | +| `admin.userKey` | The key in the existing admin secret containing the username. | `"admin-user"` | +| `admin.passwordKey` | The key in the existing admin secret containing the password. | `"admin-password"` | +| `serviceAccount.annotations` | ServiceAccount annotations | | +| `serviceAccount.create` | Create service account | `true` | +| `serviceAccount.name` | Service account name to use, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `` | +| `serviceAccount.nameTest` | Service account name to use for test, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `nil` | +| `rbac.create` | Create and use RBAC resources | `true` | +| `rbac.namespaced` | Creates Role and Rolebinding instead of the default ClusterRole and ClusteRoleBindings for the grafana instance | `false` | +| `rbac.useExistingRole` | Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to the rolename set here. | `nil` | +| `rbac.pspEnabled` | Create PodSecurityPolicy (with `rbac.create`, grant roles permissions as well) | `true` | +| `rbac.pspUseAppArmor` | Enforce AppArmor in created PodSecurityPolicy (requires `rbac.pspEnabled`) | `true` | +| `rbac.extraRoleRules` | Additional rules to add to the Role | [] | +| `rbac.extraClusterRoleRules` | Additional rules to add to the ClusterRole | [] | +| `command` | Define command to be executed by grafana container at startup | `nil` | +| `testFramework.enabled` | Whether to create test-related resources | `true` | +| `testFramework.image` | `test-framework` image repository. | `bats/bats` | +| `testFramework.tag` | `test-framework` image tag. | `v1.1.0` | +| `testFramework.imagePullPolicy` | `test-framework` image pull policy. | `IfNotPresent` | +| `testFramework.securityContext` | `test-framework` securityContext | `{}` | +| `downloadDashboards.env` | Environment variables to be passed to the `download-dashboards` container | `{}` | +| `downloadDashboards.envFromSecret` | Name of a Kubernetes secret (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `""` | +| `downloadDashboards.resources` | Resources of `download-dashboards` container | `{}` | +| `downloadDashboardsImage.repository` | Curl docker image repo | `curlimages/curl` | +| `downloadDashboardsImage.tag` | Curl docker image tag | `7.73.0` | +| `downloadDashboardsImage.sha` | Curl docker image sha (optional) | `""` | +| `downloadDashboardsImage.pullPolicy` | Curl docker image pull policy | `IfNotPresent` | +| `namespaceOverride` | Override the deployment namespace | `""` (`Release.Namespace`) | +| `serviceMonitor.enabled` | Use servicemonitor from prometheus operator | `false` | +| `serviceMonitor.namespace` | Namespace this servicemonitor is installed in | | +| `serviceMonitor.interval` | How frequently Prometheus should scrape | `1m` | +| `serviceMonitor.path` | Path to scrape | `/metrics` | +| `serviceMonitor.scheme` | Scheme to use for metrics scraping | `http` | +| `serviceMonitor.tlsConfig` | TLS configuration block for the endpoint | `{}` | +| `serviceMonitor.labels` | Labels for the servicemonitor passed to Prometheus Operator | `{}` | +| `serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `30s` | +| `serviceMonitor.relabelings` | MetricRelabelConfigs to apply to samples before ingestion. | `[]` | +| `revisionHistoryLimit` | Number of old ReplicaSets to retain | `10` | +| `imageRenderer.enabled` | Enable the image-renderer deployment & service | `false` | +| `imageRenderer.image.repository` | image-renderer Image repository | `grafana/grafana-image-renderer` | +| `imageRenderer.image.tag` | image-renderer Image tag | `latest` | +| `imageRenderer.image.sha` | image-renderer Image sha (optional) | `""` | +| `imageRenderer.image.pullPolicy` | image-renderer ImagePullPolicy | `Always` | +| `imageRenderer.env` | extra env-vars for image-renderer | `{}` | +| `imageRenderer.serviceAccountName` | image-renderer deployment serviceAccountName | `""` | +| `imageRenderer.securityContext` | image-renderer deployment securityContext | `{}` | +| `imageRenderer.hostAliases` | image-renderer deployment Host Aliases | `[]` | +| `imageRenderer.priorityClassName` | image-renderer deployment priority class | `''` | +| `imageRenderer.service.portName` | image-renderer service port name | `'http'` | +| `imageRenderer.service.port` | image-renderer service port used by both service and deployment | `8081` | +| `imageRenderer.grafanaSubPath` | Grafana sub path to use for image renderer callback url | `''` | +| `imageRenderer.podPortName` | name of the image-renderer port on the pod | `http` | +| `imageRenderer.revisionHistoryLimit` | number of image-renderer replica sets to keep | `10` | +| `imageRenderer.networkPolicy.limitIngress` | Enable a NetworkPolicy to limit inbound traffic from only the created grafana pods | `true` | +| `imageRenderer.networkPolicy.limitEgress` | Enable a NetworkPolicy to limit outbound traffic to only the created grafana pods | `false` | +| `imageRenderer.resources` | Set resource limits for image-renderer pdos | `{}` | + +### Example ingress with path + +With grafana 6.3 and above +```yaml +grafana.ini: + server: + domain: monitoring.example.com + root_url: "%(protocol)s://%(domain)s/grafana" + serve_from_sub_path: true +ingress: + enabled: true + hosts: + - "monitoring.example.com" + path: "/grafana" +``` + +### Example of extraVolumeMounts + +```yaml +- extraVolumeMounts: + - name: plugins + mountPath: /var/lib/grafana/plugins + subPath: configs/grafana/plugins + existingClaim: existing-grafana-claim + readOnly: false +``` + +## Import dashboards + +There are a few methods to import dashboards to Grafana. Below are some examples and explanations as to how to use each method: + +```yaml +dashboards: + default: + some-dashboard: + json: | + { + "annotations": + + ... + # Complete json file here + ... + + "title": "Some Dashboard", + "uid": "abcd1234", + "version": 1 + } + custom-dashboard: + # This is a path to a file inside the dashboards directory inside the chart directory + file: dashboards/custom-dashboard.json + prometheus-stats: + # Ref: https://grafana.com/dashboards/2 + gnetId: 2 + revision: 2 + datasource: Prometheus + local-dashboard: + url: https://raw.githubusercontent.com/user/repository/master/dashboards/dashboard.json +``` + +## BASE64 dashboards + +Dashboards could be stored on a server that does not return JSON directly and instead of it returns a Base64 encoded file (e.g. Gerrit) +A new parameter has been added to the url use case so if you specify a b64content value equals to true after the url entry a Base64 decoding is applied before save the file to disk. +If this entry is not set or is equals to false not decoding is applied to the file before saving it to disk. + +### Gerrit use case + +Gerrit API for download files has the following schema: where {project-name} and +{file-id} usually has '/' in their values and so they MUST be replaced by %2F so if project-name is user/repo, branch-id is master and file-id is equals to dir1/dir2/dashboard +the url value is + +## Sidecar for dashboards + +If the parameter `sidecar.dashboards.enabled` is set, a sidecar container is deployed in the grafana +pod. This container watches all configmaps (or secrets) in the cluster and filters out the ones with +a label as defined in `sidecar.dashboards.label`. The files defined in those configmaps are written +to a folder and accessed by grafana. Changes to the configmaps are monitored and the imported +dashboards are deleted/updated. + +A recommendation is to use one configmap per dashboard, as a reduction of multiple dashboards inside +one configmap is currently not properly mirrored in grafana. + +Example dashboard config: + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: sample-grafana-dashboard + labels: + grafana_dashboard: "1" +data: + k8s-dashboard.json: |- + [...] +``` + +## Sidecar for datasources + +If the parameter `sidecar.datasources.enabled` is set, an init container is deployed in the grafana +pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and +filters out the ones with a label as defined in `sidecar.datasources.label`. The files defined in +those secrets are written to a folder and accessed by grafana on startup. Using these yaml files, +the data sources in grafana can be imported. + +Secrets are recommended over configmaps for this usecase because datasources usually contain private +data like usernames and passwords. Secrets are the more appropriate cluster resource to manage those. + +Example values to add a datasource adapted from [Grafana](http://docs.grafana.org/administration/provisioning/#example-datasource-config-file): + +```yaml +datasources: + datasources.yaml: + apiVersion: 1 + datasources: + # name of the datasource. Required + - name: Graphite + # datasource type. Required + type: graphite + # access mode. proxy or direct (Server or Browser in the UI). Required + access: proxy + # org id. will default to orgId 1 if not specified + orgId: 1 + # url + url: http://localhost:8080 + # database password, if used + password: + # database user, if used + user: + # database name, if used + database: + # enable/disable basic auth + basicAuth: + # basic auth username + basicAuthUser: + # basic auth password + basicAuthPassword: + # enable/disable with credentials headers + withCredentials: + # mark as default datasource. Max one per org + isDefault: + # fields that will be converted to json and stored in json_data + jsonData: + graphiteVersion: "1.1" + tlsAuth: true + tlsAuthWithCACert: true + # json object of data that will be encrypted. + secureJsonData: + tlsCACert: "..." + tlsClientCert: "..." + tlsClientKey: "..." + version: 1 + # allow users to edit datasources from the UI. + editable: false +``` + +## Sidecar for notifiers + +If the parameter `sidecar.notifiers.enabled` is set, an init container is deployed in the grafana +pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and +filters out the ones with a label as defined in `sidecar.notifiers.label`. The files defined in +those secrets are written to a folder and accessed by grafana on startup. Using these yaml files, +the notification channels in grafana can be imported. The secrets must be created before +`helm install` so that the notifiers init container can list the secrets. + +Secrets are recommended over configmaps for this usecase because alert notification channels usually contain +private data like SMTP usernames and passwords. Secrets are the more appropriate cluster resource to manage those. + +Example datasource config adapted from [Grafana](https://grafana.com/docs/grafana/latest/administration/provisioning/#alert-notification-channels): + +```yaml +notifiers: + - name: notification-channel-1 + type: slack + uid: notifier1 + # either + org_id: 2 + # or + org_name: Main Org. + is_default: true + send_reminder: true + frequency: 1h + disable_resolve_message: false + # See `Supported Settings` section for settings supporter for each + # alert notification type. + settings: + recipient: 'XXX' + token: 'xoxb' + uploadImage: true + url: https://slack.com + +delete_notifiers: + - name: notification-channel-1 + uid: notifier1 + org_id: 2 + - name: notification-channel-2 + # default org_id: 1 +``` + +## How to serve Grafana with a path prefix (/grafana) + +In order to serve Grafana with a prefix (e.g., ), add the following to your values.yaml. + +```yaml +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.ingress.kubernetes.io/rewrite-target: /$1 + nginx.ingress.kubernetes.io/use-regex: "true" + + path: /grafana/?(.*) + hosts: + - k8s.example.dev + +grafana.ini: + server: + root_url: http://localhost:3000/grafana # this host can be localhost +``` + +## How to securely reference secrets in grafana.ini + +This example uses Grafana uses [file providers](https://grafana.com/docs/grafana/latest/administration/configuration/#file-provider) for secret values and the `extraSecretMounts` configuration flag (Additional grafana server secret mounts) to mount the secrets. + +In grafana.ini: + +```yaml +grafana.ini: + [auth.generic_oauth] + enabled = true + client_id = $__file{/etc/secrets/auth_generic_oauth/client_id} + client_secret = $__file{/etc/secrets/auth_generic_oauth/client_secret} +``` + +Existing secret, or created along with helm: + +```yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: auth-generic-oauth-secret +type: Opaque +stringData: + client_id: + client_secret: +``` + +Include in the `extraSecretMounts` configuration flag: + +```yaml +- extraSecretMounts: + - name: auth-generic-oauth-secret-mount + secretName: auth-generic-oauth-secret + defaultMode: 0440 + mountPath: /etc/secrets/auth_generic_oauth + readOnly: true +``` + +### extraSecretMounts using a Container Storage Interface (CSI) provider + +This example uses a CSI driver e.g. retrieving secrets using [Azure Key Vault Provider](https://github.com/Azure/secrets-store-csi-driver-provider-azure) + +```yaml +- extraSecretMounts: + - name: secrets-store-inline + mountPath: /run/secrets + readOnly: true + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: "my-provider" + nodePublishSecretRef: + name: akv-creds +``` + +## Image Renderer Plug-In + +This chart supports enabling [remote image rendering](https://github.com/grafana/grafana-image-renderer/blob/master/docs/remote_rendering_using_docker.md) + +```yaml +imageRenderer: + enabled: true +``` + +### Image Renderer NetworkPolicy + +By default the image-renderer pods will have a network policy which only allows ingress traffic from the created grafana instance diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/dashboards/custom-dashboard.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/dashboards/custom-dashboard.json new file mode 100755 index 000000000..9e26dfeeb --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/dashboards/custom-dashboard.json @@ -0,0 +1 @@ +{} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/NOTES.txt b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/NOTES.txt new file mode 100755 index 000000000..1fc8436d9 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/NOTES.txt @@ -0,0 +1,54 @@ +1. Get your '{{ .Values.adminUser }}' user password by running: + + kubectl get secret --namespace {{ template "grafana.namespace" . }} {{ template "grafana.fullname" . }} -o jsonpath="{.data.admin-password}" | base64 --decode ; echo + +2. The Grafana server can be accessed via port {{ .Values.service.port }} on the following DNS name from within your cluster: + + {{ template "grafana.fullname" . }}.{{ template "grafana.namespace" . }}.svc.cluster.local +{{ if .Values.ingress.enabled }} + If you bind grafana to 80, please update values in values.yaml and reinstall: + ``` + securityContext: + runAsUser: 0 + runAsGroup: 0 + fsGroup: 0 + + command: + - "setcap" + - "'cap_net_bind_service=+ep'" + - "/usr/sbin/grafana-server &&" + - "sh" + - "/run.sh" + ``` + Details refer to https://grafana.com/docs/installation/configuration/#http-port. + Or grafana would always crash. + + From outside the cluster, the server URL(s) are: +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{ else }} + Get the Grafana URL to visit by running these commands in the same shell: +{{ if contains "NodePort" .Values.service.type -}} + export NODE_PORT=$(kubectl get --namespace {{ template "grafana.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "grafana.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ template "grafana.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{ else if contains "LoadBalancer" .Values.service.type -}} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc --namespace {{ template "grafana.namespace" . }} -w {{ template "grafana.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ template "grafana.namespace" . }} {{ template "grafana.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + http://$SERVICE_IP:{{ .Values.service.port -}} +{{ else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ template "grafana.namespace" . }} -l "app.kubernetes.io/name={{ template "grafana.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + kubectl --namespace {{ template "grafana.namespace" . }} port-forward $POD_NAME 3000 +{{- end }} +{{- end }} + +3. Login with the password from step 1 and the username: {{ .Values.adminUser }} + +{{- if not .Values.persistence.enabled }} +################################################################################# +###### WARNING: Persistence is disabled!!! You will lose your data when ##### +###### the Grafana pod is terminated. ##### +################################################################################# +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/_helpers.tpl new file mode 100755 index 000000000..76ad78876 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/_helpers.tpl @@ -0,0 +1,145 @@ +# Rancher +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "grafana.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "grafana.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "grafana.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account +*/}} +{{- define "grafana.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "grafana.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{- define "grafana.serviceAccountNameTest" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (print (include "grafana.fullname" .) "-test") .Values.serviceAccount.nameTest }} +{{- else -}} + {{ default "default" .Values.serviceAccount.nameTest }} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts +*/}} +{{- define "grafana.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "grafana.labels" -}} +helm.sh/chart: {{ include "grafana.chart" . }} +{{ include "grafana.selectorLabels" . }} +{{- if or .Chart.AppVersion .Values.image.tag }} +app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if .Values.extraLabels }} +{{ toYaml .Values.extraLabels }} +{{- end }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "grafana.selectorLabels" -}} +app.kubernetes.io/name: {{ include "grafana.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "grafana.imageRenderer.labels" -}} +helm.sh/chart: {{ include "grafana.chart" . }} +{{ include "grafana.imageRenderer.selectorLabels" . }} +{{- if or .Chart.AppVersion .Values.image.tag }} +app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels ImageRenderer +*/}} +{{- define "grafana.imageRenderer.selectorLabels" -}} +app.kubernetes.io/name: {{ include "grafana.name" . }}-image-renderer +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Return the appropriate apiVersion for rbac. +*/}} +{{- define "rbac.apiVersion" -}} +{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" }} +{{- print "rbac.authorization.k8s.io/v1" -}} +{{- else -}} +{{- print "rbac.authorization.k8s.io/v1beta1" -}} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/_pod.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/_pod.tpl new file mode 100755 index 000000000..2ba9f115c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/_pod.tpl @@ -0,0 +1,496 @@ +{{- define "grafana.pod" -}} +{{- if .Values.schedulerName }} +schedulerName: "{{ .Values.schedulerName }}" +{{- end }} +serviceAccountName: {{ template "grafana.serviceAccountName" . }} +{{- if .Values.securityContext }} +securityContext: +{{ toYaml .Values.securityContext | indent 2 }} +{{- end }} +{{- if .Values.hostAliases }} +hostAliases: +{{ toYaml .Values.hostAliases | indent 2 }} +{{- end }} +{{- if .Values.priorityClassName }} +priorityClassName: {{ .Values.priorityClassName }} +{{- end }} +{{- if ( or .Values.persistence.enabled .Values.dashboards .Values.sidecar.datasources.enabled .Values.sidecar.notifiers.enabled .Values.extraInitContainers) }} +initContainers: +{{- end }} +{{- if ( and .Values.persistence.enabled .Values.initChownData.enabled ) }} + - name: init-chown-data + {{- if .Values.initChownData.image.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.initChownData.image.repository }}:{{ .Values.initChownData.image.tag }}@sha256:{{ .Values.initChownData.image.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.initChownData.image.repository }}:{{ .Values.initChownData.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.initChownData.image.pullPolicy }} + securityContext: + runAsNonRoot: false + runAsUser: 0 + command: ["chown", "-R", "{{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.runAsGroup }}", "/var/lib/grafana"] + resources: +{{ toYaml .Values.initChownData.resources | indent 6 }} + volumeMounts: + - name: storage + mountPath: "/var/lib/grafana" +{{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} +{{- end }} +{{- end }} +{{- if .Values.dashboards }} + - name: download-dashboards + {{- if .Values.downloadDashboardsImage.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}@sha256:{{ .Values.downloadDashboardsImage.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.downloadDashboardsImage.pullPolicy }} + command: ["/bin/sh"] + args: [ "-c", "mkdir -p /var/lib/grafana/dashboards/default && /bin/sh /etc/grafana/download_dashboards.sh" ] + resources: +{{ toYaml .Values.downloadDashboards.resources | indent 6 }} + env: +{{- range $key, $value := .Values.downloadDashboards.env }} + - name: "{{ $key }}" + value: "{{ $value }}" +{{- end }} +{{- if .Values.downloadDashboards.envFromSecret }} + envFrom: + - secretRef: + name: {{ tpl .Values.downloadDashboards.envFromSecret . }} +{{- end }} + volumeMounts: + - name: config + mountPath: "/etc/grafana/download_dashboards.sh" + subPath: download_dashboards.sh + - name: storage + mountPath: "/var/lib/grafana" +{{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} +{{- end }} + {{- range .Values.extraSecretMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + readOnly: {{ .readOnly }} + {{- end }} +{{- end }} +{{- if .Values.sidecar.datasources.enabled }} + - name: {{ template "grafana.name" . }}-sc-datasources + {{- if .Values.sidecar.image.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} + {{- if .Values.sidecar.datasources.envFromSecret }} + envFrom: + - secretRef: + name: {{ tpl .Values.sidecar.datasources.envFromSecret . }} + {{- end }} + env: + - name: METHOD + value: LIST + - name: LABEL + value: "{{ .Values.sidecar.datasources.label }}" + {{- if .Values.sidecar.datasources.labelValue }} + - name: LABEL_VALUE + value: {{ quote .Values.sidecar.datasources.labelValue }} + {{- end }} + - name: FOLDER + value: "/etc/grafana/provisioning/datasources" + - name: RESOURCE + value: "both" + {{- if .Values.sidecar.enableUniqueFilenames }} + - name: UNIQUE_FILENAMES + value: "{{ .Values.sidecar.enableUniqueFilenames }}" + {{- end }} + {{- if .Values.sidecar.datasources.searchNamespace }} + - name: NAMESPACE + value: "{{ .Values.sidecar.datasources.searchNamespace }}" + {{- end }} + {{- if .Values.sidecar.skipTlsVerify }} + - name: SKIP_TLS_VERIFY + value: "{{ .Values.sidecar.skipTlsVerify }}" + {{- end }} + resources: +{{ toYaml .Values.sidecar.resources | indent 6 }} + volumeMounts: + - name: sc-datasources-volume + mountPath: "/etc/grafana/provisioning/datasources" +{{- end}} +{{- if .Values.sidecar.notifiers.enabled }} + - name: {{ template "grafana.name" . }}-sc-notifiers + {{- if .Values.sidecar.image.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} + env: + - name: METHOD + value: LIST + - name: LABEL + value: "{{ .Values.sidecar.notifiers.label }}" + - name: FOLDER + value: "/etc/grafana/provisioning/notifiers" + - name: RESOURCE + value: "both" + {{- if .Values.sidecar.enableUniqueFilenames }} + - name: UNIQUE_FILENAMES + value: "{{ .Values.sidecar.enableUniqueFilenames }}" + {{- end }} + {{- if .Values.sidecar.notifiers.searchNamespace }} + - name: NAMESPACE + value: "{{ .Values.sidecar.notifiers.searchNamespace }}" + {{- end }} + {{- if .Values.sidecar.skipTlsVerify }} + - name: SKIP_TLS_VERIFY + value: "{{ .Values.sidecar.skipTlsVerify }}" + {{- end }} + resources: +{{ toYaml .Values.sidecar.resources | indent 6 }} + volumeMounts: + - name: sc-notifiers-volume + mountPath: "/etc/grafana/provisioning/notifiers" +{{- end}} +{{- if .Values.extraInitContainers }} +{{ toYaml .Values.extraInitContainers | indent 2 }} +{{- end }} +{{- if .Values.image.pullSecrets }} +imagePullSecrets: +{{- range .Values.image.pullSecrets }} + - name: {{ . }} +{{- end}} +{{- end }} +containers: +{{- if .Values.sidecar.dashboards.enabled }} + - name: {{ template "grafana.name" . }}-sc-dashboard + {{- if .Values.sidecar.image.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} + env: + - name: METHOD + value: {{ .Values.sidecar.dashboards.watchMethod }} + - name: LABEL + value: "{{ .Values.sidecar.dashboards.label }}" + {{- if .Values.sidecar.dashboards.labelValue }} + - name: LABEL_VALUE + value: {{ quote .Values.sidecar.dashboards.labelValue }} + {{- end }} + - name: FOLDER + value: "{{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }}" + - name: RESOURCE + value: "both" + {{- if .Values.sidecar.enableUniqueFilenames }} + - name: UNIQUE_FILENAMES + value: "{{ .Values.sidecar.enableUniqueFilenames }}" + {{- end }} + {{- if .Values.sidecar.dashboards.searchNamespace }} + - name: NAMESPACE + value: "{{ .Values.sidecar.dashboards.searchNamespace }}" + {{- end }} + {{- if .Values.sidecar.skipTlsVerify }} + - name: SKIP_TLS_VERIFY + value: "{{ .Values.sidecar.skipTlsVerify }}" + {{- end }} + {{- if .Values.sidecar.dashboards.folderAnnotation }} + - name: FOLDER_ANNOTATION + value: "{{ .Values.sidecar.dashboards.folderAnnotation }}" + {{- end }} + resources: +{{ toYaml .Values.sidecar.resources | indent 6 }} + volumeMounts: + - name: sc-dashboard-volume + mountPath: {{ .Values.sidecar.dashboards.folder | quote }} +{{- end}} + - name: {{ .Chart.Name }} + {{- if .Values.image.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}@sha256:{{ .Values.image.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.command }} + command: + {{- range .Values.command }} + - {{ . }} + {{- end }} + {{- end}} +{{- if .Values.containerSecurityContext }} + securityContext: +{{- toYaml .Values.containerSecurityContext | nindent 6 }} +{{- end }} + volumeMounts: + - name: config + mountPath: "/etc/grafana/grafana.ini" + subPath: grafana.ini + {{- if .Values.ldap.enabled }} + - name: ldap + mountPath: "/etc/grafana/ldap.toml" + subPath: ldap.toml + {{- end }} + {{- range .Values.extraConfigmapMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath | default "" }} + readOnly: {{ .readOnly }} + {{- end }} + - name: storage + mountPath: "/var/lib/grafana" +{{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} +{{- end }} +{{- if .Values.dashboards }} +{{- range $provider, $dashboards := .Values.dashboards }} +{{- range $key, $value := $dashboards }} +{{- if (or (hasKey $value "json") (hasKey $value "file")) }} + - name: dashboards-{{ $provider }} + mountPath: "/var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json" + subPath: "{{ $key }}.json" +{{- end }} +{{- end }} +{{- end }} +{{- end -}} +{{- if .Values.dashboardsConfigMaps }} +{{- range (keys .Values.dashboardsConfigMaps | sortAlpha) }} + - name: dashboards-{{ . }} + mountPath: "/var/lib/grafana/dashboards/{{ . }}" +{{- end }} +{{- end }} +{{- if .Values.datasources }} + - name: config + mountPath: "/etc/grafana/provisioning/datasources/datasources.yaml" + subPath: datasources.yaml +{{- end }} +{{- if .Values.notifiers }} + - name: config + mountPath: "/etc/grafana/provisioning/notifiers/notifiers.yaml" + subPath: notifiers.yaml +{{- end }} +{{- if .Values.dashboardProviders }} + - name: config + mountPath: "/etc/grafana/provisioning/dashboards/dashboardproviders.yaml" + subPath: dashboardproviders.yaml +{{- end }} +{{- if .Values.sidecar.dashboards.enabled }} + - name: sc-dashboard-volume + mountPath: {{ .Values.sidecar.dashboards.folder | quote }} +{{ if .Values.sidecar.dashboards.SCProvider }} + - name: sc-dashboard-provider + mountPath: "/etc/grafana/provisioning/dashboards/sc-dashboardproviders.yaml" + subPath: provider.yaml +{{- end}} +{{- end}} +{{- if .Values.sidecar.datasources.enabled }} + - name: sc-datasources-volume + mountPath: "/etc/grafana/provisioning/datasources" +{{- end}} +{{- if .Values.sidecar.notifiers.enabled }} + - name: sc-notifiers-volume + mountPath: "/etc/grafana/provisioning/notifiers" +{{- end}} + {{- range .Values.extraSecretMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + readOnly: {{ .readOnly }} + subPath: {{ .subPath | default "" }} + {{- end }} + {{- range .Values.extraVolumeMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath | default "" }} + readOnly: {{ .readOnly }} + {{- end }} + {{- range .Values.extraEmptyDirMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + {{- end }} + ports: + - name: {{ .Values.service.portName }} + containerPort: {{ .Values.service.targetPort }} + protocol: TCP + - name: {{ .Values.podPortName }} + containerPort: 3000 + protocol: TCP + env: + {{- if not .Values.env.GF_SECURITY_ADMIN_USER }} + - name: GF_SECURITY_ADMIN_USER + valueFrom: + secretKeyRef: + name: {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }} + key: {{ .Values.admin.userKey | default "admin-user" }} + {{- end }} + {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) }} + - name: GF_SECURITY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }} + key: {{ .Values.admin.passwordKey | default "admin-password" }} + {{- end }} + {{- if .Values.plugins }} + - name: GF_INSTALL_PLUGINS + valueFrom: + configMapKeyRef: + name: {{ template "grafana.fullname" . }} + key: plugins + {{- end }} + {{- if .Values.smtp.existingSecret }} + - name: GF_SMTP_USER + valueFrom: + secretKeyRef: + name: {{ .Values.smtp.existingSecret }} + key: {{ .Values.smtp.userKey | default "user" }} + - name: GF_SMTP_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.smtp.existingSecret }} + key: {{ .Values.smtp.passwordKey | default "password" }} + {{- end }} + {{ if .Values.imageRenderer.enabled }} + - name: GF_RENDERING_SERVER_URL + value: http://{{ template "grafana.fullname" . }}-image-renderer.{{ template "grafana.namespace" . }}:{{ .Values.imageRenderer.service.port }}/render + - name: GF_RENDERING_CALLBACK_URL + value: http://{{ template "grafana.fullname" . }}.{{ template "grafana.namespace" . }}:{{ .Values.service.port }}/{{ .Values.imageRenderer.grafanaSubPath }} + {{ end }} + {{- range $key, $value := .Values.envValueFrom }} + - name: {{ $key | quote }} + valueFrom: +{{ toYaml $value | indent 10 }} + {{- end }} +{{- range $key, $value := .Values.env }} + - name: "{{ tpl $key $ }}" + value: "{{ tpl (print $value) $ }}" +{{- end }} + {{- if .Values.envFromSecret }} + envFrom: + - secretRef: + name: {{ tpl .Values.envFromSecret . }} + {{- end }} + {{- if .Values.envRenderSecret }} + envFrom: + - secretRef: + name: {{ template "grafana.fullname" . }}-env + {{- end }} + livenessProbe: +{{ toYaml .Values.livenessProbe | indent 6 }} + readinessProbe: +{{ toYaml .Values.readinessProbe | indent 6 }} + resources: +{{ toYaml .Values.resources | indent 6 }} +{{- with .Values.extraContainers }} +{{ tpl . $ | indent 2 }} +{{- end }} +nodeSelector: {{ include "linux-node-selector" . | nindent 2 }} +{{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 2 }} +{{- end }} +{{- with .Values.affinity }} +affinity: +{{ toYaml . | indent 2 }} +{{- end }} +tolerations: {{ include "linux-node-tolerations" . | nindent 2 }} +{{- if .Values.tolerations }} +{{ toYaml .Values.tolerations | indent 2 }} +{{- end }} +volumes: + - name: config + configMap: + name: {{ template "grafana.fullname" . }} +{{- range .Values.extraConfigmapMounts }} + - name: {{ .name }} + configMap: + name: {{ .configMap }} +{{- end }} + {{- if .Values.dashboards }} + {{- range (keys .Values.dashboards | sortAlpha) }} + - name: dashboards-{{ . }} + configMap: + name: {{ template "grafana.fullname" $ }}-dashboards-{{ . }} + {{- end }} + {{- end }} + {{- if .Values.dashboardsConfigMaps }} + {{ $root := . }} + {{- range $provider, $name := .Values.dashboardsConfigMaps }} + - name: dashboards-{{ $provider }} + configMap: + name: {{ tpl $name $root }} + {{- end }} + {{- end }} + {{- if .Values.ldap.enabled }} + - name: ldap + secret: + {{- if .Values.ldap.existingSecret }} + secretName: {{ .Values.ldap.existingSecret }} + {{- else }} + secretName: {{ template "grafana.fullname" . }} + {{- end }} + items: + - key: ldap-toml + path: ldap.toml + {{- end }} +{{- if and .Values.persistence.enabled (eq .Values.persistence.type "pvc") }} + - name: storage + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim | default (include "grafana.fullname" .) }} +{{- else if and .Values.persistence.enabled (eq .Values.persistence.type "statefulset") }} +# nothing +{{- else }} + - name: storage +{{- if .Values.persistence.inMemory.enabled }} + emptyDir: + medium: Memory +{{- if .Values.persistence.inMemory.sizeLimit }} + sizeLimit: {{ .Values.persistence.inMemory.sizeLimit }} +{{- end -}} +{{- else }} + emptyDir: {} +{{- end -}} +{{- end -}} +{{- if .Values.sidecar.dashboards.enabled }} + - name: sc-dashboard-volume + emptyDir: {} +{{- if .Values.sidecar.dashboards.SCProvider }} + - name: sc-dashboard-provider + configMap: + name: {{ template "grafana.fullname" . }}-config-dashboards +{{- end }} +{{- end }} +{{- if .Values.sidecar.datasources.enabled }} + - name: sc-datasources-volume + emptyDir: {} +{{- end -}} +{{- if .Values.sidecar.notifiers.enabled }} + - name: sc-notifiers-volume + emptyDir: {} +{{- end -}} +{{- range .Values.extraSecretMounts }} +{{- if .secretName }} + - name: {{ .name }} + secret: + secretName: {{ .secretName }} + defaultMode: {{ .defaultMode }} +{{- else if .projected }} + - name: {{ .name }} + projected: {{- toYaml .projected | nindent 6 }} +{{- else if .csi }} + - name: {{ .name }} + csi: {{- toYaml .csi | nindent 6 }} +{{- end }} +{{- end }} +{{- range .Values.extraVolumeMounts }} + - name: {{ .name }} + persistentVolumeClaim: + claimName: {{ .existingClaim }} +{{- end }} +{{- range .Values.extraEmptyDirMounts }} + - name: {{ .name }} + emptyDir: {} +{{- end -}} +{{- if .Values.extraContainerVolumes }} +{{ toYaml .Values.extraContainerVolumes | indent 2 }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/clusterrole.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/clusterrole.yaml new file mode 100755 index 000000000..f09e06563 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/clusterrole.yaml @@ -0,0 +1,25 @@ +{{- if and .Values.rbac.create (not .Values.rbac.namespaced) (not .Values.rbac.useExistingRole) }} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + name: {{ template "grafana.fullname" . }}-clusterrole +{{- if or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled .Values.rbac.extraClusterRoleRules) }} +rules: +{{- if or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled }} +- apiGroups: [""] # "" indicates the core API group + resources: ["configmaps", "secrets"] + verbs: ["get", "watch", "list"] +{{- end}} +{{- with .Values.rbac.extraClusterRoleRules }} +{{ toYaml . | indent 0 }} +{{- end}} +{{- else }} +rules: [] +{{- end}} +{{- end}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/clusterrolebinding.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..4accbfac0 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/clusterrolebinding.yaml @@ -0,0 +1,24 @@ +{{- if and .Values.rbac.create (not .Values.rbac.namespaced) }} +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "grafana.fullname" . }}-clusterrolebinding + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +subjects: + - kind: ServiceAccount + name: {{ template "grafana.serviceAccountName" . }} + namespace: {{ template "grafana.namespace" . }} +roleRef: + kind: ClusterRole +{{- if (not .Values.rbac.useExistingRole) }} + name: {{ template "grafana.fullname" . }}-clusterrole +{{- else }} + name: {{ .Values.rbac.useExistingRole }} +{{- end }} + apiGroup: rbac.authorization.k8s.io +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/configmap-dashboard-provider.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/configmap-dashboard-provider.yaml new file mode 100755 index 000000000..65d73858e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/configmap-dashboard-provider.yaml @@ -0,0 +1,29 @@ +{{- if .Values.sidecar.dashboards.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + name: {{ template "grafana.fullname" . }}-config-dashboards + namespace: {{ template "grafana.namespace" . }} +data: + provider.yaml: |- + apiVersion: 1 + providers: + - name: '{{ .Values.sidecar.dashboards.provider.name }}' + orgId: {{ .Values.sidecar.dashboards.provider.orgid }} + {{- if not .Values.sidecar.dashboards.provider.foldersFromFilesStructure }} + folder: '{{ .Values.sidecar.dashboards.provider.folder }}' + {{- end}} + type: {{ .Values.sidecar.dashboards.provider.type }} + disableDeletion: {{ .Values.sidecar.dashboards.provider.disableDelete }} + allowUiUpdates: {{ .Values.sidecar.dashboards.provider.allowUiUpdates }} + updateIntervalSeconds: {{ .Values.sidecar.dashboards.provider.updateIntervalSeconds | default 30 }} + options: + foldersFromFilesStructure: {{ .Values.sidecar.dashboards.provider.foldersFromFilesStructure }} + path: {{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }} +{{- end}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/configmap.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/configmap.yaml new file mode 100755 index 000000000..de32b7ab2 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/configmap.yaml @@ -0,0 +1,80 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +data: +{{- if .Values.plugins }} + plugins: {{ join "," .Values.plugins }} +{{- end }} + grafana.ini: | +{{- range $key, $value := index .Values "grafana.ini" }} + [{{ $key }}] + {{- range $elem, $elemVal := $value }} + {{- if kindIs "invalid" $elemVal }} + {{ $elem }} = + {{- else }} + {{ $elem }} = {{ tpl (toYaml $elemVal) $ }} + {{- end }} + {{- end }} +{{- end }} + +{{- if .Values.datasources }} +{{ $root := . }} + {{- range $key, $value := .Values.datasources }} + {{ $key }}: | +{{ tpl (toYaml $value | indent 4) $root }} + {{- end -}} +{{- end -}} + +{{- if .Values.notifiers }} + {{- range $key, $value := .Values.notifiers }} + {{ $key }}: | +{{ toYaml $value | indent 4 }} + {{- end -}} +{{- end -}} + +{{- if .Values.dashboardProviders }} + {{- range $key, $value := .Values.dashboardProviders }} + {{ $key }}: | +{{ toYaml $value | indent 4 }} + {{- end -}} +{{- end -}} + +{{- if .Values.dashboards }} + download_dashboards.sh: | + #!/usr/bin/env sh + set -euf + {{- if .Values.dashboardProviders }} + {{- range $key, $value := .Values.dashboardProviders }} + {{- range $value.providers }} + mkdir -p {{ .options.path }} + {{- end }} + {{- end }} + {{- end }} + + {{- range $provider, $dashboards := .Values.dashboards }} + {{- range $key, $value := $dashboards }} + {{- if (or (hasKey $value "gnetId") (hasKey $value "url")) }} + curl -skf \ + --connect-timeout 60 \ + --max-time 60 \ + {{- if not $value.b64content }} + -H "Accept: application/json" \ + {{- if $value.token }} + -H "Authorization: token {{ $value.token }}" \ + {{- end }} + -H "Content-Type: application/json;charset=UTF-8" \ + {{ end }} + {{- if $value.url -}}"{{ $value.url }}"{{- else -}}"https://grafana.com/api/dashboards/{{ $value.gnetId }}/revisions/{{- if $value.revision -}}{{ $value.revision }}{{- else -}}1{{- end -}}/download"{{- end -}}{{ if $value.datasource }} | sed '/-- .* --/! s/"datasource":.*,/"datasource": "{{ $value.datasource }}",/g'{{ end }}{{- if $value.b64content -}} | base64 -d {{- end -}} \ + > "/var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json" + {{- end -}} + {{- end }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/dashboards-json-configmap.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/dashboards-json-configmap.yaml new file mode 100755 index 000000000..59e0be641 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/dashboards-json-configmap.yaml @@ -0,0 +1,35 @@ +{{- if .Values.dashboards }} +{{ $files := .Files }} +{{- range $provider, $dashboards := .Values.dashboards }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "grafana.fullname" $ }}-dashboards-{{ $provider }} + namespace: {{ template "grafana.namespace" $ }} + labels: + {{- include "grafana.labels" $ | nindent 4 }} + dashboard-provider: {{ $provider }} +{{- if $dashboards }} +data: +{{- $dashboardFound := false }} +{{- range $key, $value := $dashboards }} +{{- if (or (hasKey $value "json") (hasKey $value "file")) }} +{{- $dashboardFound = true }} +{{ print $key | indent 2 }}.json: +{{- if hasKey $value "json" }} + |- +{{ $value.json | indent 6 }} +{{- end }} +{{- if hasKey $value "file" }} +{{ toYaml ( $files.Get $value.file ) | indent 4}} +{{- end }} +{{- end }} +{{- end }} +{{- if not $dashboardFound }} + {} +{{- end }} +{{- end }} +--- +{{- end }} + +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/deployment.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/deployment.yaml new file mode 100755 index 000000000..4d77794cd --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/deployment.yaml @@ -0,0 +1,48 @@ +{{ if (or (not .Values.persistence.enabled) (eq .Values.persistence.type "pvc")) }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- if .Values.labels }} +{{ toYaml .Values.labels | indent 4 }} +{{- end }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + replicas: {{ .Values.replicas }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 6 }} +{{- with .Values.deploymentStrategy }} + strategy: +{{ toYaml . | trim | indent 4 }} +{{- end }} + template: + metadata: + labels: + {{- include "grafana.selectorLabels" . | nindent 8 }} +{{- with .Values.podLabels }} +{{ toYaml . | indent 8 }} +{{- end }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }} + checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }} +{{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }} + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} +{{- end }} +{{- if .Values.envRenderSecret }} + checksum/secret-env: {{ include (print $.Template.BasePath "/secret-env.yaml") . | sha256sum }} +{{- end }} +{{- with .Values.podAnnotations }} +{{ toYaml . | indent 8 }} +{{- end }} + spec: + {{- include "grafana.pod" . | nindent 6 }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/headless-service.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/headless-service.yaml new file mode 100755 index 000000000..2fa816e04 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/headless-service.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "statefulset")}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "grafana.fullname" . }}-headless + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + clusterIP: None + selector: + {{- include "grafana.selectorLabels" . | nindent 4 }} + type: ClusterIP +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/image-renderer-deployment.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/image-renderer-deployment.yaml new file mode 100755 index 000000000..d17b9dfed --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/image-renderer-deployment.yaml @@ -0,0 +1,117 @@ +{{ if .Values.imageRenderer.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "grafana.fullname" . }}-image-renderer + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.imageRenderer.labels" . | nindent 4 }} +{{- if .Values.imageRenderer.labels }} +{{ toYaml .Values.imageRenderer.labels | indent 4 }} +{{- end }} +{{- with .Values.imageRenderer.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + replicas: {{ .Values.imageRenderer.replicas }} + revisionHistoryLimit: {{ .Values.imageRenderer.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }} +{{- with .Values.imageRenderer.deploymentStrategy }} + strategy: +{{ toYaml . | trim | indent 4 }} +{{- end }} + template: + metadata: + labels: + {{- include "grafana.imageRenderer.selectorLabels" . | nindent 8 }} +{{- with .Values.imageRenderer.podLabels }} +{{ toYaml . | indent 8 }} +{{- end }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} +{{- with .Values.imageRenderer.podAnnotations }} +{{ toYaml . | indent 8 }} +{{- end }} + spec: + + {{- if .Values.imageRenderer.schedulerName }} + schedulerName: "{{ .Values.imageRenderer.schedulerName }}" + {{- end }} + {{- if .Values.imageRenderer.serviceAccountName }} + serviceAccountName: "{{ .Values.imageRenderer.serviceAccountName }}" + {{- else }} + serviceAccountName: {{ template "grafana.serviceAccountName" . }} + {{- end }} + {{- if .Values.imageRenderer.securityContext }} + securityContext: + {{ toYaml .Values.imageRenderer.securityContext | indent 2 }} + {{- end }} + {{- if .Values.imageRenderer.hostAliases }} + hostAliases: + {{ toYaml .Values.imageRenderer.hostAliases | indent 2 }} + {{- end }} + {{- if .Values.imageRenderer.priorityClassName }} + priorityClassName: {{ .Values.imageRenderer.priorityClassName }} + {{- end }} + {{- if .Values.imageRenderer.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.imageRenderer.image.pullSecrets }} + - name: {{ . }} + {{- end}} + {{- end }} + containers: + - name: {{ .Chart.Name }}-image-renderer + {{- if .Values.imageRenderer.image.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}@sha256:{{ .Values.imageRenderer.image.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.imageRenderer.image.pullPolicy }} + {{- if .Values.imageRenderer.command }} + command: + {{- range .Values.imageRenderer.command }} + - {{ . }} + {{- end }} + {{- end}} + ports: + - name: {{ .Values.imageRenderer.service.portName }} + containerPort: {{ .Values.imageRenderer.service.port }} + protocol: TCP + env: + - name: HTTP_PORT + value: {{ .Values.imageRenderer.service.port | quote }} + {{- range $key, $value := .Values.imageRenderer.env }} + - name: {{ $key | quote }} + value: {{ $value | quote }} + {{- end }} + securityContext: + capabilities: + drop: ['all'] + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /tmp + name: image-renderer-tmpfs + {{- with .Values.imageRenderer.resources }} + resources: +{{ toYaml . | indent 12 }} + {{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} + {{- if .Values.imageRenderer.nodeSelector }} +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.imageRenderer.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} + {{- if .Values.imageRenderer.tolerations }} +{{ toYaml . | indent 8 }} + {{- end }} + volumes: + - name: image-renderer-tmpfs + emptyDir: {} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/image-renderer-network-policy.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/image-renderer-network-policy.yaml new file mode 100755 index 000000000..f8ca73aab --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/image-renderer-network-policy.yaml @@ -0,0 +1,76 @@ +{{- if and (.Values.imageRenderer.enabled) (.Values.imageRenderer.networkPolicy.limitIngress) }} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "grafana.fullname" . }}-image-renderer-ingress + namespace: {{ template "grafana.namespace" . }} + annotations: + comment: Limit image-renderer ingress traffic from grafana +spec: + podSelector: + matchLabels: + {{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }} + {{- if .Values.imageRenderer.podLabels }} + {{ toYaml .Values.imageRenderer.podLabels | nindent 6 }} + {{- end }} + + policyTypes: + - Ingress + ingress: + - ports: + - port: {{ .Values.imageRenderer.service.port }} + protocol: TCP + from: + - namespaceSelector: + matchLabels: + name: {{ template "grafana.namespace" . }} + podSelector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 14 }} + {{- if .Values.podLabels }} + {{ toYaml .Values.podLabels | nindent 14 }} + {{- end }} +{{ end }} + +{{- if and (.Values.imageRenderer.enabled) (.Values.imageRenderer.networkPolicy.limitEgress) }} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "grafana.fullname" . }}-image-renderer-egress + namespace: {{ template "grafana.namespace" . }} + annotations: + comment: Limit image-renderer egress traffic to grafana +spec: + podSelector: + matchLabels: + {{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }} + {{- if .Values.imageRenderer.podLabels }} + {{ toYaml .Values.imageRenderer.podLabels | nindent 6 }} + {{- end }} + + policyTypes: + - Egress + egress: + # allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # talk only to grafana + - ports: + - port: {{ .Values.service.port }} + protocol: TCP + to: + - namespaceSelector: + matchLabels: + name: {{ template "grafana.namespace" . }} + podSelector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 14 }} + {{- if .Values.podLabels }} + {{ toYaml .Values.podLabels | nindent 14 }} + {{- end }} +{{ end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/image-renderer-service.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/image-renderer-service.yaml new file mode 100755 index 000000000..f5d3eb02f --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/image-renderer-service.yaml @@ -0,0 +1,28 @@ +{{ if .Values.imageRenderer.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "grafana.fullname" . }}-image-renderer + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.imageRenderer.labels" . | nindent 4 }} +{{- if .Values.imageRenderer.service.labels }} +{{ toYaml .Values.imageRenderer.service.labels | indent 4 }} +{{- end }} +{{- with .Values.imageRenderer.service.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + type: ClusterIP + {{- if .Values.imageRenderer.service.clusterIP }} + clusterIP: {{ .Values.imageRenderer.service.clusterIP }} + {{end}} + ports: + - name: {{ .Values.imageRenderer.service.portName }} + port: {{ .Values.imageRenderer.service.port }} + protocol: TCP + targetPort: {{ .Values.imageRenderer.service.targetPort }} + selector: + {{- include "grafana.imageRenderer.selectorLabels" . | nindent 4 }} +{{ end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/ingress.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/ingress.yaml new file mode 100755 index 000000000..44ebfc950 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/ingress.yaml @@ -0,0 +1,80 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "grafana.fullname" . -}} +{{- $servicePort := .Values.service.port -}} +{{- $ingressPath := .Values.ingress.path -}} +{{- $ingressPathType := .Values.ingress.pathType -}} +{{- $extraPaths := .Values.ingress.extraPaths -}} +{{- $newAPI := .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} +{{- if $newAPI -}} +apiVersion: networking.k8s.io/v1 +{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress" }} +apiVersion: networking.k8s.io/v1beta1 +{{- else }} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- if .Values.ingress.labels }} +{{ toYaml .Values.ingress.labels | indent 4 }} +{{- end }} + {{- if .Values.ingress.annotations }} + annotations: + {{- range $key, $value := .Values.ingress.annotations }} + {{ $key }}: {{ tpl $value $ | quote }} + {{- end }} + {{- end }} +spec: + {{- if .Values.ingress.ingressClassName }} + ingressClassName: {{ .Values.ingress.ingressClassName }} + {{- end -}} +{{- if .Values.ingress.tls }} + tls: +{{ tpl (toYaml .Values.ingress.tls) $ | indent 4 }} +{{- end }} + rules: + {{- if .Values.ingress.hosts }} + {{- range .Values.ingress.hosts }} + - host: {{ tpl . $}} + http: + paths: +{{ if $extraPaths }} +{{ toYaml $extraPaths | indent 10 }} +{{- end }} + - path: {{ $ingressPath }} + {{- if $newAPI }} + pathType: {{ $ingressPathType }} + {{- end }} + backend: + {{- if $newAPI }} + service: + name: {{ $fullName }} + port: + number: {{ $servicePort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $servicePort }} + {{- end }} + {{- end }} + {{- else }} + - http: + paths: + - backend: + {{- if $newAPI }} + service: + name: {{ $fullName }} + port: + number: {{ $servicePort }} + pathType: {{ $ingressPathType }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $servicePort }} + {{- end }} + {{- if $ingressPath }} + path: {{ $ingressPath }} + {{- end }} + {{- end -}} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/nginx-config.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/nginx-config.yaml new file mode 100755 index 000000000..f847c51ce --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/nginx-config.yaml @@ -0,0 +1,75 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: grafana-nginx-proxy-config + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +data: + nginx.conf: |- + worker_processes auto; + error_log /dev/stdout warn; + pid /var/cache/nginx/nginx.pid; + + events { + worker_connections 1024; + } + + http { + include /etc/nginx/mime.types; + log_format main '[$time_local - $status] $remote_addr - $remote_user $request ($http_referer)'; + + proxy_connect_timeout 10; + proxy_read_timeout 180; + proxy_send_timeout 5; + proxy_buffering off; + proxy_cache_path /var/cache/nginx/cache levels=1:2 keys_zone=my_zone:100m inactive=1d max_size=10g; + + server { + listen 8080; + access_log off; + + gzip on; + gzip_min_length 1k; + gzip_comp_level 2; + gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript image/jpeg image/gif image/png; + gzip_vary on; + gzip_disable "MSIE [1-6]\."; + + proxy_set_header Host $host; + + location /api/dashboards { + proxy_pass http://localhost:3000; + } + + location /api/search { + proxy_pass http://localhost:3000; + + sub_filter_types application/json; + sub_filter_once off; + sub_filter '"url":"/d' '"url":"d'; + } + + location / { + proxy_cache my_zone; + proxy_cache_valid 200 302 1d; + proxy_cache_valid 301 30d; + proxy_cache_valid any 5m; + proxy_cache_bypass $http_cache_control; + add_header X-Proxy-Cache $upstream_cache_status; + add_header Cache-Control "public"; + + proxy_pass http://localhost:3000/; + + sub_filter_types text/html; + sub_filter_once off; + sub_filter '"appSubUrl":""' '"appSubUrl":"."'; + sub_filter '"url":"/' '"url":"./'; + sub_filter ':"/avatar/' ':"avatar/'; + + if ($request_filename ~ .*\.(?:js|css|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$) { + expires 90d; + } + } + } + } diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/poddisruptionbudget.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/poddisruptionbudget.yaml new file mode 100755 index 000000000..61813a436 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/poddisruptionbudget.yaml @@ -0,0 +1,22 @@ +{{- if .Values.podDisruptionBudget }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- if .Values.labels }} +{{ toYaml .Values.labels | indent 4 }} +{{- end }} +spec: +{{- if .Values.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} +{{- end }} +{{- if .Values.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} +{{- end }} + selector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 6 }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/podsecuritypolicy.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/podsecuritypolicy.yaml new file mode 100755 index 000000000..19da50791 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/podsecuritypolicy.yaml @@ -0,0 +1,49 @@ +{{- if .Values.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- if .Values.rbac.pspAnnotations }} + annotations: {{ toYaml .Values.rbac.pspAnnotations | nindent 4 }} +{{- end }} +spec: + privileged: false + allowPrivilegeEscalation: false + requiredDropCapabilities: + # Default set from Docker, without DAC_OVERRIDE or CHOWN + - FOWNER + - FSETID + - KILL + - SETGID + - SETUID + - SETPCAP + - NET_BIND_SERVICE + - NET_RAW + - SYS_CHROOT + - MKNOD + - AUDIT_WRITE + - SETFCAP + volumes: + - 'configMap' + - 'emptyDir' + - 'projected' + - 'csi' + - 'secret' + - 'downwardAPI' + - 'persistentVolumeClaim' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'RunAsAny' + fsGroup: + rule: 'RunAsAny' + readOnlyRootFilesystem: false +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/pvc.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/pvc.yaml new file mode 100755 index 000000000..8d93f5c23 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/pvc.yaml @@ -0,0 +1,33 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "pvc")}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} + {{- with .Values.persistence.annotations }} + annotations: +{{ toYaml . | indent 4 }} + {{- end }} + {{- with .Values.persistence.finalizers }} + finalizers: +{{ toYaml . | indent 4 }} + {{- end }} +spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- if .Values.persistence.storageClassName }} + storageClassName: {{ .Values.persistence.storageClassName }} + {{- end -}} + {{- with .Values.persistence.selectorLabels }} + selector: + matchLabels: +{{ toYaml . | indent 6 }} + {{- end }} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/role.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/role.yaml new file mode 100755 index 000000000..54c3fb0b2 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/role.yaml @@ -0,0 +1,32 @@ +{{- if and .Values.rbac.create (not .Values.rbac.useExistingRole) -}} +apiVersion: {{ template "rbac.apiVersion" . }} +kind: Role +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +{{- if or .Values.rbac.pspEnabled (and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled .Values.rbac.extraRoleRules))) }} +rules: +{{- if .Values.rbac.pspEnabled }} +- apiGroups: ['extensions'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: [{{ template "grafana.fullname" . }}] +{{- end }} +{{- if and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled) }} +- apiGroups: [""] # "" indicates the core API group + resources: ["configmaps", "secrets"] + verbs: ["get", "watch", "list"] +{{- end }} +{{- with .Values.rbac.extraRoleRules }} +{{ toYaml . | indent 0 }} +{{- end}} +{{- else }} +rules: [] +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/rolebinding.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/rolebinding.yaml new file mode 100755 index 000000000..34f1ad6f8 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/rolebinding.yaml @@ -0,0 +1,25 @@ +{{- if .Values.rbac.create -}} +apiVersion: {{ template "rbac.apiVersion" . }} +kind: RoleBinding +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role +{{- if (not .Values.rbac.useExistingRole) }} + name: {{ template "grafana.fullname" . }} +{{- else }} + name: {{ .Values.rbac.useExistingRole }} +{{- end }} +subjects: +- kind: ServiceAccount + name: {{ template "grafana.serviceAccountName" . }} + namespace: {{ template "grafana.namespace" . }} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/secret-env.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/secret-env.yaml new file mode 100755 index 000000000..5c09313e6 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/secret-env.yaml @@ -0,0 +1,14 @@ +{{- if .Values.envRenderSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "grafana.fullname" . }}-env + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +type: Opaque +data: +{{- range $key, $val := .Values.envRenderSecret }} + {{ $key }}: {{ $val | b64enc | quote }} +{{- end -}} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/secret.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/secret.yaml new file mode 100755 index 000000000..4fdd817da --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/secret.yaml @@ -0,0 +1,22 @@ +{{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +type: Opaque +data: + {{- if and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) }} + admin-user: {{ .Values.adminUser | b64enc | quote }} + {{- if .Values.adminPassword }} + admin-password: {{ .Values.adminPassword | b64enc | quote }} + {{- else }} + admin-password: {{ randAlphaNum 40 | b64enc | quote }} + {{- end }} + {{- end }} + {{- if not .Values.ldap.existingSecret }} + ldap-toml: {{ tpl .Values.ldap.config $ | b64enc | quote }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/service.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/service.yaml new file mode 100755 index 000000000..276456698 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/service.yaml @@ -0,0 +1,50 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- if .Values.service.labels }} +{{ toYaml .Values.service.labels | indent 4 }} +{{- end }} +{{- with .Values.service.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }} + type: ClusterIP + {{- if .Values.service.clusterIP }} + clusterIP: {{ .Values.service.clusterIP }} + {{end}} +{{- else if eq .Values.service.type "LoadBalancer" }} + type: {{ .Values.service.type }} + {{- if .Values.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- if .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }} + {{- end -}} +{{- else }} + type: {{ .Values.service.type }} +{{- end }} +{{- if .Values.service.externalIPs }} + externalIPs: +{{ toYaml .Values.service.externalIPs | indent 4 }} +{{- end }} + ports: + - name: {{ .Values.service.portName }} + port: {{ .Values.service.port }} + protocol: TCP + targetPort: {{ .Values.service.targetPort }} +{{ if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }} + nodePort: {{.Values.service.nodePort}} +{{ end }} + {{- if .Values.extraExposePorts }} + {{- tpl (toYaml .Values.extraExposePorts) . | indent 4 }} + {{- end }} + selector: + {{- include "grafana.selectorLabels" . | nindent 4 }} + diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/serviceaccount.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/serviceaccount.yaml new file mode 100755 index 000000000..7576eeef0 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.serviceAccount.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + name: {{ template "grafana.serviceAccountName" . }} + namespace: {{ template "grafana.namespace" . }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/servicemonitor.yaml new file mode 100755 index 000000000..23288523f --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/servicemonitor.yaml @@ -0,0 +1,40 @@ +{{- if .Values.serviceMonitor.enabled }} +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "grafana.fullname" . }} + {{- if .Values.serviceMonitor.namespace }} + namespace: {{ .Values.serviceMonitor.namespace }} + {{- end }} + labels: + {{- include "grafana.labels" . | nindent 4 }} + {{- if .Values.serviceMonitor.labels }} + {{- toYaml .Values.serviceMonitor.labels | nindent 4 }} + {{- end }} +spec: + endpoints: + - interval: {{ .Values.serviceMonitor.interval }} + {{- if .Values.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }} + {{- end }} + honorLabels: true + port: {{ .Values.service.portName }} + path: {{ .Values.serviceMonitor.path }} + scheme: {{ .Values.serviceMonitor.scheme }} + {{- if .Values.serviceMonitor.tlsConfig }} + tlsConfig: + {{- toYaml .Values.serviceMonitor.tlsConfig | nindent 6 }} + {{- end }} + {{- if .Values.serviceMonitor.relabelings }} + relabelings: + {{- toYaml .Values.serviceMonitor.relabelings | nindent 4 }} + {{- end }} + jobLabel: "{{ .Release.Name }}" + selector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 8 }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/statefulset.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/statefulset.yaml new file mode 100755 index 000000000..b2b4616f3 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/statefulset.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "statefulset")}} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 6 }} + serviceName: {{ template "grafana.fullname" . }}-headless + template: + metadata: + labels: + {{- include "grafana.selectorLabels" . | nindent 8 }} +{{- with .Values.podLabels }} +{{ toYaml . | indent 8 }} +{{- end }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }} + checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }} + {{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }} + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} +{{- end }} +{{- with .Values.podAnnotations }} +{{ toYaml . | indent 8 }} +{{- end }} + spec: + {{- include "grafana.pod" . | nindent 6 }} + volumeClaimTemplates: + - metadata: + name: storage + spec: + accessModes: {{ .Values.persistence.accessModes }} + storageClassName: {{ .Values.persistence.storageClassName }} + resources: + requests: + storage: {{ .Values.persistence.size }} + {{- with .Values.persistence.selectorLabels }} + selector: + matchLabels: +{{ toYaml . | indent 10 }} + {{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test-configmap.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test-configmap.yaml new file mode 100755 index 000000000..ff53aaf1b --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test-configmap.yaml @@ -0,0 +1,17 @@ +{{- if .Values.testFramework.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "grafana.fullname" . }}-test + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +data: + run.sh: |- + @test "Test Health" { + url="http://{{ template "grafana.fullname" . }}/api/health" + + code=$(wget --server-response --spider --timeout 10 --tries 1 ${url} 2>&1 | awk '/^ HTTP/{print $2}') + [ "$code" == "200" ] + } +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test-podsecuritypolicy.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test-podsecuritypolicy.yaml new file mode 100755 index 000000000..1acd65128 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test-podsecuritypolicy.yaml @@ -0,0 +1,30 @@ +{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "grafana.fullname" . }}-test + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +spec: + allowPrivilegeEscalation: true + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + fsGroup: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + runAsUser: + rule: RunAsAny + volumes: + - configMap + - downwardAPI + - emptyDir + - projected + - csi + - secret +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test-role.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test-role.yaml new file mode 100755 index 000000000..6b10677ae --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test-role.yaml @@ -0,0 +1,14 @@ +{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "grafana.fullname" . }}-test + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: [{{ template "grafana.fullname" . }}-test] +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test-rolebinding.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test-rolebinding.yaml new file mode 100755 index 000000000..58fa5e78b --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test-rolebinding.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "grafana.fullname" . }}-test + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "grafana.fullname" . }}-test +subjects: +- kind: ServiceAccount + name: {{ template "grafana.serviceAccountNameTest" . }} + namespace: {{ template "grafana.namespace" . }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test-serviceaccount.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test-serviceaccount.yaml new file mode 100755 index 000000000..5c3350733 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test-serviceaccount.yaml @@ -0,0 +1,9 @@ +{{- if and .Values.testFramework.enabled .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + {{- include "grafana.labels" . | nindent 4 }} + name: {{ template "grafana.serviceAccountNameTest" . }} + namespace: {{ template "grafana.namespace" . }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test.yaml new file mode 100755 index 000000000..cdc86e5f2 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/templates/tests/test.yaml @@ -0,0 +1,48 @@ +{{- if .Values.testFramework.enabled }} +apiVersion: v1 +kind: Pod +metadata: + name: {{ template "grafana.fullname" . }}-test + labels: + {{- include "grafana.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test-success + namespace: {{ template "grafana.namespace" . }} +spec: + serviceAccountName: {{ template "grafana.serviceAccountNameTest" . }} + {{- if .Values.testFramework.securityContext }} + securityContext: {{ toYaml .Values.testFramework.securityContext | nindent 4 }} + {{- end }} + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.image.pullSecrets }} + - name: {{ . }} + {{- end}} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 4 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 4 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 4 }} + {{- end }} + containers: + - name: {{ .Release.Name }}-test + image: "{{ .Values.testFramework.image}}:{{ .Values.testFramework.tag }}" + imagePullPolicy: "{{ .Values.testFramework.imagePullPolicy}}" + command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"] + volumeMounts: + - mountPath: /tests + name: tests + readOnly: true + volumes: + - name: tests + configMap: + name: {{ template "grafana.fullname" . }}-test + restartPolicy: Never +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/values.yaml new file mode 100755 index 000000000..9491c1a1f --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/grafana/values.yaml @@ -0,0 +1,732 @@ +global: + cattle: + systemDefaultRegistry: "" + +autoscaling: + enabled: false +rbac: + create: true + ## Use an existing ClusterRole/Role (depending on rbac.namespaced false/true) + # useExistingRole: name-of-some-(cluster)role + pspEnabled: true + pspAnnotations: {} + ## Specify pod annotations + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl + ## + # seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default' + # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + # apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default' + # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' + + namespaced: false + extraRoleRules: [] + # - apiGroups: [] + # resources: [] + # verbs: [] + extraClusterRoleRules: [] + # - apiGroups: [] + # resources: [] + # verbs: [] +serviceAccount: + create: true + name: + nameTest: +# annotations: +# eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here + +replicas: 1 + +## See `kubectl explain poddisruptionbudget.spec` for more +## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +podDisruptionBudget: {} +# minAvailable: 1 +# maxUnavailable: 1 + +## See `kubectl explain deployment.spec.strategy` for more +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy +deploymentStrategy: + type: RollingUpdate + +readinessProbe: + httpGet: + path: /api/health + port: 3000 + +livenessProbe: + httpGet: + path: /api/health + port: 3000 + initialDelaySeconds: 60 + timeoutSeconds: 30 + failureThreshold: 10 + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: "default-scheduler" + +image: + repository: rancher/mirrored-grafana-grafana + tag: 7.4.5 + sha: "" + pullPolicy: IfNotPresent + + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistrKeySecretName + +testFramework: + enabled: true + image: "rancher/mirrored-bats-bats" + tag: "v1.1.0" + imagePullPolicy: IfNotPresent + securityContext: + runAsNonRoot: true + runAsUser: 1000 + +securityContext: + runAsNonRoot: true + runAsUser: 472 + runAsGroup: 472 + fsGroup: 472 + +containerSecurityContext: + {} + +extraConfigmapMounts: [] + # - name: certs-configmap + # mountPath: /etc/grafana/ssl/ + # subPath: certificates.crt # (optional) + # configMap: certs-configmap + # readOnly: true + + +extraEmptyDirMounts: [] + # - name: provisioning-notifiers + # mountPath: /etc/grafana/provisioning/notifiers + + +# Apply extra labels to common labels. +extraLabels: {} + +## Assign a PriorityClassName to pods if set +# priorityClassName: + +downloadDashboardsImage: + repository: rancher/mirrored-curlimages-curl + tag: 7.73.0 + sha: "" + pullPolicy: IfNotPresent + +downloadDashboards: + env: {} + envFromSecret: "" + resources: {} + +## Pod Annotations +# podAnnotations: {} + +## Pod Labels +# podLabels: {} + +podPortName: grafana + +## Deployment annotations +# annotations: {} + +## Expose the grafana service to be accessed from outside the cluster (LoadBalancer service). +## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it. +## ref: http://kubernetes.io/docs/user-guide/services/ +## +service: + type: ClusterIP + port: 80 + targetPort: 3000 + # targetPort: 4181 To be used with a proxy extraContainer + annotations: {} + labels: {} + portName: service + +serviceMonitor: + ## If true, a ServiceMonitor CRD is created for a prometheus operator + ## https://github.com/coreos/prometheus-operator + ## + enabled: false + path: /metrics + # namespace: monitoring (defaults to use the namespace this chart is deployed to) + labels: {} + interval: 1m + scheme: http + tlsConfig: {} + scrapeTimeout: 30s + relabelings: [] + +extraExposePorts: [] + # - name: keycloak + # port: 8080 + # targetPort: 8080 + # type: ClusterIP + +# overrides pod.spec.hostAliases in the grafana deployment's pods +hostAliases: [] + # - ip: "1.2.3.4" + # hostnames: + # - "my.host.com" + +ingress: + enabled: false + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + # Values can be templated + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + labels: {} + path: / + + # pathType is only for k8s > 1.19 + pathType: Prefix + + hosts: + - chart-example.local + ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. + extraPaths: [] + # - path: /* + # backend: + # serviceName: ssl-redirect + # servicePort: use-annotation + ## Or for k8s > 1.19 + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: service + + + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi + +## Node labels for pod assignment +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +# +nodeSelector: {} + +## Tolerations for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] + +## Affinity for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} + +extraInitContainers: [] + +## Enable an Specify container in extraContainers. This is meant to allow adding an authentication proxy to a grafana pod +extraContainers: | +# - name: proxy +# image: quay.io/gambol99/keycloak-proxy:latest +# args: +# - -provider=github +# - -client-id= +# - -client-secret= +# - -github-org= +# - -email-domain=* +# - -cookie-secret= +# - -http-address=http://0.0.0.0:4181 +# - -upstream-url=http://127.0.0.1:3000 +# ports: +# - name: proxy-web +# containerPort: 4181 + +## Volumes that can be used in init containers that will not be mounted to deployment pods +extraContainerVolumes: [] +# - name: volume-from-secret +# secret: +# secretName: secret-to-mount +# - name: empty-dir-volume +# emptyDir: {} + +## Enable persistence using Persistent Volume Claims +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + type: pvc + enabled: false + # storageClassName: default + accessModes: + - ReadWriteOnce + size: 10Gi + # annotations: {} + finalizers: + - kubernetes.io/pvc-protection + # selectorLabels: {} + # subPath: "" + # existingClaim: + + ## If persistence is not enabled, this allows to mount the + ## local storage in-memory to improve performance + ## + inMemory: + enabled: false + ## The maximum usage on memory medium EmptyDir would be + ## the minimum value between the SizeLimit specified + ## here and the sum of memory limits of all containers in a pod + ## + # sizeLimit: 300Mi + +initChownData: + ## If false, data ownership will not be reset at startup + ## This allows the prometheus-server to be run with an arbitrary user + ## + enabled: true + + ## initChownData container image + ## + image: + repository: rancher/mirrored-library-busybox + tag: "1.31.1" + sha: "" + pullPolicy: IfNotPresent + + ## initChownData resource requests and limits + ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + +# Administrator credentials when not using an existing secret (see below) +adminUser: admin +# adminPassword: strongpassword + +# Use an existing secret for the admin user. +admin: + existingSecret: "" + userKey: admin-user + passwordKey: admin-password + +## Define command to be executed at startup by grafana container +## Needed if using `vault-env` to manage secrets (ref: https://banzaicloud.com/blog/inject-secrets-into-pods-vault/) +## Default is "run.sh" as defined in grafana's Dockerfile +# command: +# - "sh" +# - "/run.sh" + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +## Extra environment variables that will be pass onto deployment pods +## +## to provide grafana with access to CloudWatch on AWS EKS: +## 1. create an iam role of type "Web identity" with provider oidc.eks.* (note the provider for later) +## 2. edit the "Trust relationships" of the role, add a line inside the StringEquals clause using the +## same oidc eks provider as noted before (same as the existing line) +## also, replace NAMESPACE and prometheus-operator-grafana with the service account namespace and name +## +## "oidc.eks.us-east-1.amazonaws.com/id/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:sub": "system:serviceaccount:NAMESPACE:prometheus-operator-grafana", +## +## 3. attach a policy to the role, you can use a built in policy called CloudWatchReadOnlyAccess +## 4. use the following env: (replace 123456789000 and iam-role-name-here with your aws account number and role name) +## +## env: +## AWS_ROLE_ARN: arn:aws:iam::123456789000:role/iam-role-name-here +## AWS_WEB_IDENTITY_TOKEN_FILE: /var/run/secrets/eks.amazonaws.com/serviceaccount/token +## AWS_REGION: us-east-1 +## +## 5. uncomment the EKS section in extraSecretMounts: below +## 6. uncomment the annotation section in the serviceAccount: above +## make sure to replace arn:aws:iam::123456789000:role/iam-role-name-here with your role arn + +env: {} + +## "valueFrom" environment variable references that will be added to deployment pods +## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core +## Renders in container spec as: +## env: +## ... +## - name: +## valueFrom: +## +envValueFrom: {} + +## The name of a secret in the same kubernetes namespace which contain values to be added to the environment +## This can be useful for auth tokens, etc. Value is templated. +envFromSecret: "" + +## Sensible environment variables that will be rendered as new secret object +## This can be useful for auth tokens, etc +envRenderSecret: {} + +## Additional grafana server secret mounts +# Defines additional mounts with secrets. Secrets must be manually created in the namespace. +extraSecretMounts: [] + # - name: secret-files + # mountPath: /etc/secrets + # secretName: grafana-secret-files + # readOnly: true + # subPath: "" + # + # for AWS EKS (cloudwatch) use the following (see also instruction in env: above) + # - name: aws-iam-token + # mountPath: /var/run/secrets/eks.amazonaws.com/serviceaccount + # readOnly: true + # projected: + # defaultMode: 420 + # sources: + # - serviceAccountToken: + # audience: sts.amazonaws.com + # expirationSeconds: 86400 + # path: token + # + # for CSI e.g. Azure Key Vault use the following + # - name: secrets-store-inline + # mountPath: /run/secrets + # readOnly: true + # csi: + # driver: secrets-store.csi.k8s.io + # readOnly: true + # volumeAttributes: + # secretProviderClass: "akv-grafana-spc" + # nodePublishSecretRef: # Only required when using service principal mode + # name: grafana-akv-creds # Only required when using service principal mode + +## Additional grafana server volume mounts +# Defines additional volume mounts. +extraVolumeMounts: [] + # - name: extra-volume + # mountPath: /mnt/volume + # readOnly: true + # existingClaim: volume-claim + +## Pass the plugins you want installed as a list. +## +plugins: [] + # - digrich-bubblechart-panel + # - grafana-clock-panel + +## Configure grafana datasources +## ref: http://docs.grafana.org/administration/provisioning/#datasources +## +datasources: {} +# datasources.yaml: +# apiVersion: 1 +# datasources: +# - name: Prometheus +# type: prometheus +# url: http://prometheus-prometheus-server +# access: proxy +# isDefault: true +# - name: CloudWatch +# type: cloudwatch +# access: proxy +# uid: cloudwatch +# editable: false +# jsonData: +# authType: credentials +# defaultRegion: us-east-1 + +## Configure notifiers +## ref: http://docs.grafana.org/administration/provisioning/#alert-notification-channels +## +notifiers: {} +# notifiers.yaml: +# notifiers: +# - name: email-notifier +# type: email +# uid: email1 +# # either: +# org_id: 1 +# # or +# org_name: Main Org. +# is_default: true +# settings: +# addresses: an_email_address@example.com +# delete_notifiers: + +## Configure grafana dashboard providers +## ref: http://docs.grafana.org/administration/provisioning/#dashboards +## +## `path` must be /var/lib/grafana/dashboards/ +## +dashboardProviders: {} +# dashboardproviders.yaml: +# apiVersion: 1 +# providers: +# - name: 'default' +# orgId: 1 +# folder: '' +# type: file +# disableDeletion: false +# editable: true +# options: +# path: /var/lib/grafana/dashboards/default + +## Configure grafana dashboard to import +## NOTE: To use dashboards you must also enable/configure dashboardProviders +## ref: https://grafana.com/dashboards +## +## dashboards per provider, use provider name as key. +## +dashboards: {} + # default: + # some-dashboard: + # json: | + # $RAW_JSON + # custom-dashboard: + # file: dashboards/custom-dashboard.json + # prometheus-stats: + # gnetId: 2 + # revision: 2 + # datasource: Prometheus + # local-dashboard: + # url: https://example.com/repository/test.json + # token: '' + # local-dashboard-base64: + # url: https://example.com/repository/test-b64.json + # token: '' + # b64content: true + +## Reference to external ConfigMap per provider. Use provider name as key and ConfigMap name as value. +## A provider dashboards must be defined either by external ConfigMaps or in values.yaml, not in both. +## ConfigMap data example: +## +## data: +## example-dashboard.json: | +## RAW_JSON +## +dashboardsConfigMaps: {} +# default: "" + +## Grafana's primary configuration +## NOTE: values in map will be converted to ini format +## ref: http://docs.grafana.org/installation/configuration/ +## +grafana.ini: + paths: + data: /var/lib/grafana/data + logs: /var/log/grafana + plugins: /var/lib/grafana/plugins + provisioning: /etc/grafana/provisioning + analytics: + check_for_updates: true + log: + mode: console + grafana_net: + url: https://grafana.net +## grafana Authentication can be enabled with the following values on grafana.ini + # server: + # The full public facing url you use in browser, used for redirects and emails + # root_url: + # https://grafana.com/docs/grafana/latest/auth/github/#enable-github-in-grafana + # auth.github: + # enabled: false + # allow_sign_up: false + # scopes: user:email,read:org + # auth_url: https://github.com/login/oauth/authorize + # token_url: https://github.com/login/oauth/access_token + # api_url: https://api.github.com/user + # team_ids: + # allowed_organizations: + # client_id: + # client_secret: +## LDAP Authentication can be enabled with the following values on grafana.ini +## NOTE: Grafana will fail to start if the value for ldap.toml is invalid + # auth.ldap: + # enabled: true + # allow_sign_up: true + # config_file: /etc/grafana/ldap.toml + +## Grafana's LDAP configuration +## Templated by the template in _helpers.tpl +## NOTE: To enable the grafana.ini must be configured with auth.ldap.enabled +## ref: http://docs.grafana.org/installation/configuration/#auth-ldap +## ref: http://docs.grafana.org/installation/ldap/#configuration +ldap: + enabled: false + # `existingSecret` is a reference to an existing secret containing the ldap configuration + # for Grafana in a key `ldap-toml`. + existingSecret: "" + # `config` is the content of `ldap.toml` that will be stored in the created secret + config: "" + # config: |- + # verbose_logging = true + + # [[servers]] + # host = "my-ldap-server" + # port = 636 + # use_ssl = true + # start_tls = false + # ssl_skip_verify = false + # bind_dn = "uid=%s,ou=users,dc=myorg,dc=com" + +## Grafana's SMTP configuration +## NOTE: To enable, grafana.ini must be configured with smtp.enabled +## ref: http://docs.grafana.org/installation/configuration/#smtp +smtp: + # `existingSecret` is a reference to an existing secret containing the smtp configuration + # for Grafana. + existingSecret: "" + userKey: "user" + passwordKey: "password" + +## Sidecars that collect the configmaps with specified label and stores the included files them into the respective folders +## Requires at least Grafana 5 to work and can't be used together with parameters dashboardProviders, datasources and dashboards +sidecar: + image: + repository: rancher/mirrored-kiwigrid-k8s-sidecar + tag: 1.10.7 + sha: "" + imagePullPolicy: IfNotPresent + resources: {} +# limits: +# cpu: 100m +# memory: 100Mi +# requests: +# cpu: 50m +# memory: 50Mi + # skipTlsVerify Set to true to skip tls verification for kube api calls + # skipTlsVerify: true + enableUniqueFilenames: false + dashboards: + enabled: false + SCProvider: true + # label that the configmaps with dashboards are marked with + label: grafana_dashboard + # value of label that the configmaps with dashboards are set to + labelValue: null + # folder in the pod that should hold the collected dashboards (unless `defaultFolderName` is set) + folder: /tmp/dashboards + # The default folder name, it will create a subfolder under the `folder` and put dashboards in there instead + defaultFolderName: null + # If specified, the sidecar will search for dashboard config-maps inside this namespace. + # Otherwise the namespace in which the sidecar is running will be used. + # It's also possible to specify ALL to search in all namespaces + searchNamespace: null + # If specified, the sidecar will look for annotation with this name to create folder and put graph here. + # You can use this parameter together with `provider.foldersFromFilesStructure`to annotate configmaps and create folder structure. + folderAnnotation: null + # provider configuration that lets grafana manage the dashboards + provider: + # name of the provider, should be unique + name: sidecarProvider + # orgid as configured in grafana + orgid: 1 + # folder in which the dashboards should be imported in grafana + folder: '' + # type of the provider + type: file + # disableDelete to activate a import-only behaviour + disableDelete: false + # allow updating provisioned dashboards from the UI + allowUiUpdates: false + # allow Grafana to replicate dashboard structure from filesystem + foldersFromFilesStructure: false + datasources: + enabled: false + # label that the configmaps with datasources are marked with + label: grafana_datasource + # value of label that the configmaps with datasources are set to + labelValue: null + # If specified, the sidecar will search for datasource config-maps inside this namespace. + # Otherwise the namespace in which the sidecar is running will be used. + # It's also possible to specify ALL to search in all namespaces + searchNamespace: null + + ## The name of a secret in the same kubernetes namespace which contain values to be added to the environment + ## This can be useful for database passwords, etc. Value is templated. + envFromSecret: "" + notifiers: + enabled: false + # label that the configmaps with notifiers are marked with + label: grafana_notifier + # If specified, the sidecar will search for notifier config-maps inside this namespace. + # Otherwise the namespace in which the sidecar is running will be used. + # It's also possible to specify ALL to search in all namespaces + searchNamespace: null + +## Override the deployment namespace +## +namespaceOverride: "" + +## Number of old ReplicaSets to retain +## +revisionHistoryLimit: 10 + +## Add a seperate remote image renderer deployment/service +imageRenderer: + # Enable the image-renderer deployment & service + enabled: false + replicas: 1 + image: + # image-renderer Image repository + repository: rancher/mirrored-grafana-grafana-image-renderer + # image-renderer Image tag + tag: 2.0.1 + # image-renderer Image sha (optional) + sha: "" + # image-renderer ImagePullPolicy + pullPolicy: Always + # extra environment variables + env: + HTTP_HOST: "0.0.0.0" + # RENDERING_ARGS: --disable-gpu,--window-size=1280x758 + # RENDERING_MODE: clustered + # image-renderer deployment serviceAccount + serviceAccountName: "" + # image-renderer deployment securityContext + securityContext: {} + # image-renderer deployment Host Aliases + hostAliases: [] + # image-renderer deployment priority class + priorityClassName: '' + service: + # image-renderer service port name + portName: 'http' + # image-renderer service port used by both service and deployment + port: 8081 + targetPort: 8081 + # In case a sub_path is used this needs to be added to the image renderer callback + grafanaSubPath: "" + # name of the image-renderer port on the pod + podPortName: http + # number of image-renderer replica sets to keep + revisionHistoryLimit: 10 + networkPolicy: + # Enable a NetworkPolicy to limit inbound traffic to only the created grafana pods + limitIngress: true + # Enable a NetworkPolicy to limit outbound traffic to only the created grafana pods + limitEgress: false + resources: {} +# limits: +# cpu: 100m +# memory: 100Mi +# requests: +# cpu: 50m +# memory: 50Mi diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/.helmignore b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/Chart.yaml new file mode 100755 index 000000000..56ff36fc7 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: k3sServer +type: application +version: 0.1.3 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/README.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/README.md new file mode 100755 index 000000000..dcecc69da --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/README.md @@ -0,0 +1,54 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/_helpers.tpl new file mode 100755 index 000000000..f77b8edf4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/_helpers.tpl @@ -0,0 +1,87 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) .Release.Namespace (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/pushprox-clients-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/pushprox-clients-rbac.yaml new file mode 100755 index 000000000..95346dee6 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,74 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/pushprox-clients.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/pushprox-clients.yaml new file mode 100755 index 000000000..ed78792e5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/pushprox-clients.yaml @@ -0,0 +1,135 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/pushprox-proxy-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/pushprox-proxy-rbac.yaml new file mode 100755 index 000000000..a3509c160 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/pushprox-proxy.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/pushprox-proxy.yaml new file mode 100755 index 000000000..571e13138 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/pushprox-servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/pushprox-servicemonitor.yaml new file mode 100755 index 000000000..2f3d7e54c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,39 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: + - port: metrics + proxyUrl: {{ template "pushProxy.proxyUrl" . }} + {{- if .Values.clients.https.enabled }} + params: + _scheme: [https] + {{- end }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/values.yaml new file mode 100755 index 000000000..e1bcf79a5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/k3sServer/values.yaml @@ -0,0 +1,86 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher1-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher1-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/.helmignore b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/.helmignore new file mode 100755 index 000000000..f0c131944 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/Chart.yaml new file mode 100755 index 000000000..1e90053e9 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/Chart.yaml @@ -0,0 +1,24 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-kube-state-metrics +apiVersion: v1 +appVersion: 1.9.8 +description: Install kube-state-metrics to generate and expose cluster-level metrics +home: https://github.com/kubernetes/kube-state-metrics/ +keywords: +- metric +- monitoring +- prometheus +- kubernetes +maintainers: +- email: tariq.ibrahim@mulesoft.com + name: tariq1890 +- email: manuel@rueg.eu + name: mrueg +name: kube-state-metrics +sources: +- https://github.com/kubernetes/kube-state-metrics/ +version: 2.13.1 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/LICENSE b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/LICENSE new file mode 100755 index 000000000..393b7a33b --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright The Helm Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/README.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/README.md new file mode 100755 index 000000000..e93a3d252 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/README.md @@ -0,0 +1,66 @@ +# kube-state-metrics Helm Chart + +Installs the [kube-state-metrics agent](https://github.com/kubernetes/kube-state-metrics). + +## Get Repo Info + +```console +helm repo add kube-state-metrics https://kubernetes.github.io/kube-state-metrics +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Install Chart + +```console +# Helm 3 +$ helm install [RELEASE_NAME] kube-state-metrics/kube-state-metrics [flags] + +# Helm 2 +$ helm install --name [RELEASE_NAME] kube-state-metrics/kube-state-metrics [flags] +``` + +_See [configuration](#configuration) below._ + +_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ + +## Uninstall Chart + +```console +# Helm 3 +$ helm uninstall [RELEASE_NAME] + +# Helm 2 +# helm delete --purge [RELEASE_NAME] +``` + +This removes all the Kubernetes components associated with the chart and deletes the release. + +_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ + +## Upgrading Chart + +```console +# Helm 3 or 2 +$ helm upgrade [RELEASE_NAME] kube-state-metrics/kube-state-metrics [flags] +``` + +_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ + +### From stable/kube-state-metrics + +You can upgrade in-place: + +1. [get repo info](#get-repo-info) +1. [upgrade](#upgrading-chart) your existing release name using the new chart repo + +## Configuration + +See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments: + +```console +helm show values kube-state-metrics/kube-state-metrics +``` + +You may also `helm show values` on this chart's [dependencies](#dependencies) for additional options. diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/NOTES.txt b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/NOTES.txt new file mode 100755 index 000000000..5a646e0cc --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/NOTES.txt @@ -0,0 +1,10 @@ +kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects. +The exposed metrics can be found here: +https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics + +The metrics are exported on the HTTP endpoint /metrics on the listening port. +In your case, {{ template "kube-state-metrics.fullname" . }}.{{ template "kube-state-metrics.namespace" . }}.svc.cluster.local:{{ .Values.service.port }}/metrics + +They are served either as plaintext or protobuf depending on the Accept header. +They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint. + diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/_helpers.tpl new file mode 100755 index 000000000..4f76b188b --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/_helpers.tpl @@ -0,0 +1,76 @@ +# Rancher +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "kube-state-metrics.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kube-state-metrics.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "kube-state-metrics.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "kube-state-metrics.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts +*/}} +{{- define "kube-state-metrics.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/clusterrolebinding.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..af158c512 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/clusterrolebinding.yaml @@ -0,0 +1,23 @@ +{{- if and .Values.rbac.create .Values.rbac.useClusterRole -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + name: {{ template "kube-state-metrics.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole +{{- if .Values.rbac.useExistingRole }} + name: {{ .Values.rbac.useExistingRole }} +{{- else }} + name: {{ template "kube-state-metrics.fullname" . }} +{{- end }} +subjects: +- kind: ServiceAccount + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/deployment.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/deployment.yaml new file mode 100755 index 000000000..4ab55291b --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/deployment.yaml @@ -0,0 +1,217 @@ +apiVersion: apps/v1 +{{- if .Values.autosharding.enabled }} +kind: StatefulSet +{{- else }} +kind: Deployment +{{- end }} +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/managed-by: "{{ .Release.Service }}" + app.kubernetes.io/version: "{{ .Chart.AppVersion }}" +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + replicas: {{ .Values.replicas }} +{{- if .Values.autosharding.enabled }} + serviceName: {{ template "kube-state-metrics.fullname" . }} + volumeClaimTemplates: [] +{{- end }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + app.kubernetes.io/instance: "{{ .Release.Name }}" +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 8 }} +{{- end }} +{{- if .Values.podAnnotations }} + annotations: +{{ toYaml .Values.podAnnotations | indent 8 }} +{{- end }} + spec: + hostNetwork: {{ .Values.hostNetwork }} + serviceAccountName: {{ template "kube-state-metrics.serviceAccountName" . }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + runAsGroup: {{ .Values.securityContext.runAsGroup }} + runAsUser: {{ .Values.securityContext.runAsUser }} + runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + containers: + - name: {{ .Chart.Name }} +{{- if .Values.autosharding.enabled }} + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +{{- end }} + args: +{{ if .Values.extraArgs }} + {{- range .Values.extraArgs }} + - {{ . }} + {{- end }} +{{ end }} +{{ if .Values.collectors.certificatesigningrequests }} + - --collectors=certificatesigningrequests +{{ end }} +{{ if .Values.collectors.configmaps }} + - --collectors=configmaps +{{ end }} +{{ if .Values.collectors.cronjobs }} + - --collectors=cronjobs +{{ end }} +{{ if .Values.collectors.daemonsets }} + - --collectors=daemonsets +{{ end }} +{{ if .Values.collectors.deployments }} + - --collectors=deployments +{{ end }} +{{ if .Values.collectors.endpoints }} + - --collectors=endpoints +{{ end }} +{{ if .Values.collectors.horizontalpodautoscalers }} + - --collectors=horizontalpodautoscalers +{{ end }} +{{ if .Values.collectors.ingresses }} + - --collectors=ingresses +{{ end }} +{{ if .Values.collectors.jobs }} + - --collectors=jobs +{{ end }} +{{ if .Values.collectors.limitranges }} + - --collectors=limitranges +{{ end }} +{{ if .Values.collectors.mutatingwebhookconfigurations }} + - --collectors=mutatingwebhookconfigurations +{{ end }} +{{ if .Values.collectors.namespaces }} + - --collectors=namespaces +{{ end }} +{{ if .Values.collectors.networkpolicies }} + - --collectors=networkpolicies +{{ end }} +{{ if .Values.collectors.nodes }} + - --collectors=nodes +{{ end }} +{{ if .Values.collectors.persistentvolumeclaims }} + - --collectors=persistentvolumeclaims +{{ end }} +{{ if .Values.collectors.persistentvolumes }} + - --collectors=persistentvolumes +{{ end }} +{{ if .Values.collectors.poddisruptionbudgets }} + - --collectors=poddisruptionbudgets +{{ end }} +{{ if .Values.collectors.pods }} + - --collectors=pods +{{ end }} +{{ if .Values.collectors.replicasets }} + - --collectors=replicasets +{{ end }} +{{ if .Values.collectors.replicationcontrollers }} + - --collectors=replicationcontrollers +{{ end }} +{{ if .Values.collectors.resourcequotas }} + - --collectors=resourcequotas +{{ end }} +{{ if .Values.collectors.secrets }} + - --collectors=secrets +{{ end }} +{{ if .Values.collectors.services }} + - --collectors=services +{{ end }} +{{ if .Values.collectors.statefulsets }} + - --collectors=statefulsets +{{ end }} +{{ if .Values.collectors.storageclasses }} + - --collectors=storageclasses +{{ end }} +{{ if .Values.collectors.validatingwebhookconfigurations }} + - --collectors=validatingwebhookconfigurations +{{ end }} +{{ if .Values.collectors.verticalpodautoscalers }} + - --collectors=verticalpodautoscalers +{{ end }} +{{ if .Values.collectors.volumeattachments }} + - --collectors=volumeattachments +{{ end }} +{{ if .Values.namespace }} + - --namespace={{ .Values.namespace | join "," }} +{{ end }} +{{ if .Values.autosharding.enabled }} + - --pod=$(POD_NAME) + - --pod-namespace=$(POD_NAMESPACE) +{{ end }} +{{ if .Values.kubeconfig.enabled }} + - --kubeconfig=/opt/k8s/.kube/config +{{ end }} +{{ if .Values.selfMonitor.telemetryHost }} + - --telemetry-host={{ .Values.selfMonitor.telemetryHost }} +{{ end }} + - --telemetry-port=8081 +{{- if .Values.kubeconfig.enabled }} + volumeMounts: + - name: kubeconfig + mountPath: /opt/k8s/.kube/ + readOnly: true +{{- end }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" + ports: + - containerPort: 8080 + livenessProbe: + httpGet: + path: /healthz + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: / + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 5 +{{- if .Values.resources }} + resources: +{{ toYaml .Values.resources | indent 10 }} +{{- end }} +{{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} +{{- end }} +{{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} +{{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.tolerations }} +{{ toYaml .Values.tolerations | indent 8 }} +{{- end }} +{{- if .Values.kubeconfig.enabled}} + volumes: + - name: kubeconfig + secret: + secretName: {{ template "kube-state-metrics.fullname" . }}-kubeconfig +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/kubeconfig-secret.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/kubeconfig-secret.yaml new file mode 100755 index 000000000..a7800d7ad --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/kubeconfig-secret.yaml @@ -0,0 +1,15 @@ +{{- if .Values.kubeconfig.enabled -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "kube-state-metrics.fullname" . }}-kubeconfig + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/managed-by: "{{ .Release.Service }}" +type: Opaque +data: + config: '{{ .Values.kubeconfig.secret }}' +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/pdb.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/pdb.yaml new file mode 100755 index 000000000..d3ef8104e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/pdb.yaml @@ -0,0 +1,20 @@ +{{- if .Values.podDisruptionBudget -}} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/managed-by: "{{ .Release.Service }}" +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} +{{ toYaml .Values.podDisruptionBudget | indent 2 }} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/podsecuritypolicy.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/podsecuritypolicy.yaml new file mode 100755 index 000000000..e822ba0e7 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/podsecuritypolicy.yaml @@ -0,0 +1,42 @@ +{{- if .Values.podSecurityPolicy.enabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Values.podSecurityPolicy.annotations }} + annotations: +{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} +{{- end }} +spec: + privileged: false + volumes: + - 'secret' +{{- if .Values.podSecurityPolicy.additionalVolumes }} +{{ toYaml .Values.podSecurityPolicy.additionalVolumes | indent 4 }} +{{- end }} + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/psp-clusterrole.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/psp-clusterrole.yaml new file mode 100755 index 000000000..217abc950 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/psp-clusterrole.yaml @@ -0,0 +1,22 @@ +{{- if and .Values.podSecurityPolicy.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + name: psp-{{ template "kube-state-metrics.fullname" . }} +rules: +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }} +- apiGroups: ['policy'] +{{- else }} +- apiGroups: ['extensions'] +{{- end }} + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "kube-state-metrics.fullname" . }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml new file mode 100755 index 000000000..feb97f228 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.podSecurityPolicy.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + name: psp-{{ template "kube-state-metrics.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: psp-{{ template "kube-state-metrics.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/role.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/role.yaml new file mode 100755 index 000000000..6259d2f61 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/role.yaml @@ -0,0 +1,192 @@ +{{- if and (eq $.Values.rbac.create true) (not .Values.rbac.useExistingRole) -}} +{{- if eq .Values.rbac.useClusterRole false }} +{{- range (split "," $.Values.namespace) }} +{{- end }} +{{- end -}} +--- +apiVersion: rbac.authorization.k8s.io/v1 +{{- if eq .Values.rbac.useClusterRole false }} +kind: Role +{{- else }} +kind: ClusterRole +{{- end }} +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" $ }} + helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version }} + app.kubernetes.io/managed-by: {{ $.Release.Service }} + app.kubernetes.io/instance: {{ $.Release.Name }} + name: {{ template "kube-state-metrics.fullname" $ }} +{{- if eq .Values.rbac.useClusterRole false }} + namespace: {{ . }} +{{- end }} +rules: +{{ if $.Values.collectors.certificatesigningrequests }} +- apiGroups: ["certificates.k8s.io"] + resources: + - certificatesigningrequests + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.configmaps }} +- apiGroups: [""] + resources: + - configmaps + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.cronjobs }} +- apiGroups: ["batch"] + resources: + - cronjobs + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.daemonsets }} +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.deployments }} +- apiGroups: ["extensions", "apps"] + resources: + - deployments + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.endpoints }} +- apiGroups: [""] + resources: + - endpoints + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.horizontalpodautoscalers }} +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.ingresses }} +- apiGroups: ["extensions", "networking.k8s.io"] + resources: + - ingresses + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.jobs }} +- apiGroups: ["batch"] + resources: + - jobs + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.limitranges }} +- apiGroups: [""] + resources: + - limitranges + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.mutatingwebhookconfigurations }} +- apiGroups: ["admissionregistration.k8s.io"] + resources: + - mutatingwebhookconfigurations + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.namespaces }} +- apiGroups: [""] + resources: + - namespaces + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.networkpolicies }} +- apiGroups: ["networking.k8s.io"] + resources: + - networkpolicies + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.nodes }} +- apiGroups: [""] + resources: + - nodes + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.persistentvolumeclaims }} +- apiGroups: [""] + resources: + - persistentvolumeclaims + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.persistentvolumes }} +- apiGroups: [""] + resources: + - persistentvolumes + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.poddisruptionbudgets }} +- apiGroups: ["policy"] + resources: + - poddisruptionbudgets + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.pods }} +- apiGroups: [""] + resources: + - pods + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.replicasets }} +- apiGroups: ["extensions", "apps"] + resources: + - replicasets + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.replicationcontrollers }} +- apiGroups: [""] + resources: + - replicationcontrollers + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.resourcequotas }} +- apiGroups: [""] + resources: + - resourcequotas + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.secrets }} +- apiGroups: [""] + resources: + - secrets + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.services }} +- apiGroups: [""] + resources: + - services + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.statefulsets }} +- apiGroups: ["apps"] + resources: + - statefulsets + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.storageclasses }} +- apiGroups: ["storage.k8s.io"] + resources: + - storageclasses + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.validatingwebhookconfigurations }} +- apiGroups: ["admissionregistration.k8s.io"] + resources: + - validatingwebhookconfigurations + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.volumeattachments }} +- apiGroups: ["storage.k8s.io"] + resources: + - volumeattachments + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.verticalpodautoscalers }} +- apiGroups: ["autoscaling.k8s.io"] + resources: + - verticalpodautoscalers + verbs: ["list", "watch"] +{{ end -}} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/rolebinding.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/rolebinding.yaml new file mode 100755 index 000000000..732174a33 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/rolebinding.yaml @@ -0,0 +1,27 @@ +{{- if and (eq .Values.rbac.create true) (eq .Values.rbac.useClusterRole false) -}} +{{- range (split "," $.Values.namespace) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" $ }} + helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version }} + app.kubernetes.io/managed-by: {{ $.Release.Service }} + app.kubernetes.io/instance: {{ $.Release.Name }} + name: {{ template "kube-state-metrics.fullname" $ }} + namespace: {{ . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role +{{- if (not $.Values.rbac.useExistingRole) }} + name: {{ template "kube-state-metrics.fullname" $ }} +{{- else }} + name: {{ $.Values.rbac.useExistingRole }} +{{- end }} +subjects: +- kind: ServiceAccount + name: {{ template "kube-state-metrics.fullname" $ }} + namespace: {{ template "kube-state-metrics.namespace" $ }} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/service.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/service.yaml new file mode 100755 index 000000000..4f8e4a497 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/service.yaml @@ -0,0 +1,42 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/managed-by: "{{ .Release.Service }}" +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 4 }} +{{- end }} + annotations: + {{- if .Values.prometheusScrape }} + prometheus.io/scrape: '{{ .Values.prometheusScrape }}' + {{- end }} + {{- if .Values.service.annotations }} + {{- toYaml .Values.service.annotations | nindent 4 }} + {{- end }} +spec: + type: "{{ .Values.service.type }}" + ports: + - name: "http" + protocol: TCP + port: {{ .Values.service.port }} + {{- if .Values.service.nodePort }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + targetPort: 8080 + {{ if .Values.selfMonitor.enabled }} + - name: "metrics" + protocol: TCP + port: {{ .Values.selfMonitor.telemetryPort | default 8081 }} + targetPort: 8081 + {{ end }} +{{- if .Values.service.loadBalancerIP }} + loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" +{{- end }} + selector: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/serviceaccount.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/serviceaccount.yaml new file mode 100755 index 000000000..2e8a1ee38 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/serviceaccount.yaml @@ -0,0 +1,18 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +{{- if .Values.serviceAccount.annotations }} + annotations: +{{ toYaml .Values.serviceAccount.annotations | indent 4 }} +{{- end }} +imagePullSecrets: +{{ toYaml .Values.serviceAccount.imagePullSecrets | indent 2 }} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/servicemonitor.yaml new file mode 100755 index 000000000..7d1cd7aa1 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/servicemonitor.yaml @@ -0,0 +1,34 @@ +{{- if .Values.prometheus.monitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/managed-by: "{{ .Release.Service }}" + {{- if .Values.prometheus.monitor.additionalLabels }} +{{ toYaml .Values.prometheus.monitor.additionalLabels | indent 4 }} + {{- end }} +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + endpoints: + - port: http + {{- if .Values.prometheus.monitor.honorLabels }} + honorLabels: true + {{- end }} + {{ if .Values.selfMonitor.enabled }} + - port: metrics + {{- if .Values.prometheus.monitor.honorLabels }} + honorLabels: true + {{- end }} + {{ end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/stsdiscovery-role.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/stsdiscovery-role.yaml new file mode 100755 index 000000000..9770b0498 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/stsdiscovery-role.yaml @@ -0,0 +1,29 @@ +{{- if and .Values.autosharding.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resourceNames: + - {{ template "kube-state-metrics.fullname" . }} + resources: + - statefulsets + verbs: + - get + - list + - watch +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml new file mode 100755 index 000000000..6a2e5bfe7 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.autosharding.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/values.yaml new file mode 100755 index 000000000..f64645690 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kube-state-metrics/values.yaml @@ -0,0 +1,184 @@ +global: + cattle: + systemDefaultRegistry: "" + +# Default values for kube-state-metrics. +prometheusScrape: true +image: + repository: rancher/mirrored-kube-state-metrics-kube-state-metrics + tag: v1.9.8 + pullPolicy: IfNotPresent + +imagePullSecrets: [] +# - name: "image-pull-secret" + +# If set to true, this will deploy kube-state-metrics as a StatefulSet and the data +# will be automatically sharded across <.Values.replicas> pods using the built-in +# autodiscovery feature: https://github.com/kubernetes/kube-state-metrics#automated-sharding +# This is an experimental feature and there are no stability guarantees. +autosharding: + enabled: false + +replicas: 1 + +# List of additional cli arguments to configure kube-state-metrics +# for example: --enable-gzip-encoding, --log-file, etc. +# all the possible args can be found here: https://github.com/kubernetes/kube-state-metrics/blob/master/docs/cli-arguments.md +extraArgs: [] + +service: + port: 8080 + # Default to clusterIP for backward compatibility + type: ClusterIP + nodePort: 0 + loadBalancerIP: "" + annotations: {} + +customLabels: {} + +hostNetwork: false + +rbac: + # If true, create & use RBAC resources + create: true + + # Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to it, rolename set here. + # useExistingRole: your-existing-role + + # If set to false - Run without Cluteradmin privs needed - ONLY works if namespace is also set (if useExistingRole is set this name is used as ClusterRole or Role to bind to) + useClusterRole: true + +serviceAccount: + # Specifies whether a ServiceAccount should be created, require rbac true + create: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: + # Reference to one or more secrets to be used when pulling images + # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + imagePullSecrets: [] + # ServiceAccount annotations. + # Use case: AWS EKS IAM roles for service accounts + # ref: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html + annotations: {} + +prometheus: + monitor: + enabled: false + additionalLabels: {} + namespace: "" + honorLabels: false + +## Specify if a Pod Security Policy for kube-state-metrics must be created +## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +## +podSecurityPolicy: + enabled: false + annotations: {} + ## Specify pod annotations + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl + ## + # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' + # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' + + additionalVolumes: [] + +securityContext: + enabled: true + runAsNonRoot: true + runAsGroup: 65534 + runAsUser: 65534 + fsGroup: 65534 + +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +nodeSelector: {} + +## Affinity settings for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ +affinity: {} + +## Tolerations for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +tolerations: [] + +# Annotations to be added to the pod +podAnnotations: {} + +## Assign a PriorityClassName to pods if set +# priorityClassName: "" + +# Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +podDisruptionBudget: {} + +# Available collectors for kube-state-metrics. By default all available +# collectors are enabled. +collectors: + certificatesigningrequests: true + configmaps: true + cronjobs: true + daemonsets: true + deployments: true + endpoints: true + horizontalpodautoscalers: true + ingresses: true + jobs: true + limitranges: true + mutatingwebhookconfigurations: true + namespaces: true + networkpolicies: true + nodes: true + persistentvolumeclaims: true + persistentvolumes: true + poddisruptionbudgets: true + pods: true + replicasets: true + replicationcontrollers: true + resourcequotas: true + secrets: true + services: true + statefulsets: true + storageclasses: true + validatingwebhookconfigurations: true + verticalpodautoscalers: false + volumeattachments: true + +# Enabling kubeconfig will pass the --kubeconfig argument to the container +kubeconfig: + enabled: false + # base64 encoded kube-config file + secret: + +# Namespace to be enabled for collecting resources. By default all namespaces are collected. +# namespace: "" + +## Override the deployment namespace +## +namespaceOverride: "" + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 64Mi + # requests: + # cpu: 10m + # memory: 32Mi + +## Provide a k8s version to define apiGroups for podSecurityPolicy Cluster Role. +## For example: kubeTargetVersionOverride: 1.14.9 +## +kubeTargetVersionOverride: "" + +# Enable self metrics configuration for service and Service Monitor +# Default values for telemetry configuration can be overriden +selfMonitor: + enabled: false + # telemetryHost: 0.0.0.0 + # telemetryPort: 8081 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/.helmignore b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/Chart.yaml new file mode 100755 index 000000000..a82ef1d32 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: kubeAdmControllerManager +type: application +version: 0.1.3 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/README.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/README.md new file mode 100755 index 000000000..dcecc69da --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/README.md @@ -0,0 +1,54 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/_helpers.tpl new file mode 100755 index 000000000..f77b8edf4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/_helpers.tpl @@ -0,0 +1,87 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) .Release.Namespace (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/pushprox-clients-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/pushprox-clients-rbac.yaml new file mode 100755 index 000000000..95346dee6 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,74 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/pushprox-clients.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/pushprox-clients.yaml new file mode 100755 index 000000000..ed78792e5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/pushprox-clients.yaml @@ -0,0 +1,135 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/pushprox-proxy-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/pushprox-proxy-rbac.yaml new file mode 100755 index 000000000..a3509c160 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/pushprox-proxy.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/pushprox-proxy.yaml new file mode 100755 index 000000000..571e13138 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/pushprox-servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/pushprox-servicemonitor.yaml new file mode 100755 index 000000000..2f3d7e54c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,39 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: + - port: metrics + proxyUrl: {{ template "pushProxy.proxyUrl" . }} + {{- if .Values.clients.https.enabled }} + params: + _scheme: [https] + {{- end }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/values.yaml new file mode 100755 index 000000000..e1bcf79a5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmControllerManager/values.yaml @@ -0,0 +1,86 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher1-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher1-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/.helmignore b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/Chart.yaml new file mode 100755 index 000000000..bfb047ae6 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: kubeAdmEtcd +type: application +version: 0.1.3 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/README.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/README.md new file mode 100755 index 000000000..dcecc69da --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/README.md @@ -0,0 +1,54 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/_helpers.tpl new file mode 100755 index 000000000..f77b8edf4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/_helpers.tpl @@ -0,0 +1,87 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) .Release.Namespace (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/pushprox-clients-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/pushprox-clients-rbac.yaml new file mode 100755 index 000000000..95346dee6 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,74 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/pushprox-clients.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/pushprox-clients.yaml new file mode 100755 index 000000000..ed78792e5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/pushprox-clients.yaml @@ -0,0 +1,135 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/pushprox-proxy-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/pushprox-proxy-rbac.yaml new file mode 100755 index 000000000..a3509c160 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/pushprox-proxy.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/pushprox-proxy.yaml new file mode 100755 index 000000000..571e13138 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/pushprox-servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/pushprox-servicemonitor.yaml new file mode 100755 index 000000000..2f3d7e54c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,39 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: + - port: metrics + proxyUrl: {{ template "pushProxy.proxyUrl" . }} + {{- if .Values.clients.https.enabled }} + params: + _scheme: [https] + {{- end }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/values.yaml new file mode 100755 index 000000000..e1bcf79a5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmEtcd/values.yaml @@ -0,0 +1,86 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher1-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher1-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/.helmignore b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/Chart.yaml new file mode 100755 index 000000000..ffe9ae70c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: kubeAdmProxy +type: application +version: 0.1.3 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/README.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/README.md new file mode 100755 index 000000000..dcecc69da --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/README.md @@ -0,0 +1,54 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/_helpers.tpl new file mode 100755 index 000000000..f77b8edf4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/_helpers.tpl @@ -0,0 +1,87 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) .Release.Namespace (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/pushprox-clients-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/pushprox-clients-rbac.yaml new file mode 100755 index 000000000..95346dee6 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,74 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/pushprox-clients.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/pushprox-clients.yaml new file mode 100755 index 000000000..ed78792e5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/pushprox-clients.yaml @@ -0,0 +1,135 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/pushprox-proxy-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/pushprox-proxy-rbac.yaml new file mode 100755 index 000000000..a3509c160 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/pushprox-proxy.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/pushprox-proxy.yaml new file mode 100755 index 000000000..571e13138 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/pushprox-servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/pushprox-servicemonitor.yaml new file mode 100755 index 000000000..2f3d7e54c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,39 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: + - port: metrics + proxyUrl: {{ template "pushProxy.proxyUrl" . }} + {{- if .Values.clients.https.enabled }} + params: + _scheme: [https] + {{- end }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/values.yaml new file mode 100755 index 000000000..e1bcf79a5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmProxy/values.yaml @@ -0,0 +1,86 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher1-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher1-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/.helmignore b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/Chart.yaml new file mode 100755 index 000000000..794197de1 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: kubeAdmScheduler +type: application +version: 0.1.3 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/README.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/README.md new file mode 100755 index 000000000..dcecc69da --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/README.md @@ -0,0 +1,54 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/_helpers.tpl new file mode 100755 index 000000000..f77b8edf4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/_helpers.tpl @@ -0,0 +1,87 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) .Release.Namespace (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/pushprox-clients-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/pushprox-clients-rbac.yaml new file mode 100755 index 000000000..95346dee6 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,74 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/pushprox-clients.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/pushprox-clients.yaml new file mode 100755 index 000000000..ed78792e5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/pushprox-clients.yaml @@ -0,0 +1,135 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/pushprox-proxy-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/pushprox-proxy-rbac.yaml new file mode 100755 index 000000000..a3509c160 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/pushprox-proxy.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/pushprox-proxy.yaml new file mode 100755 index 000000000..571e13138 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/pushprox-servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/pushprox-servicemonitor.yaml new file mode 100755 index 000000000..2f3d7e54c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,39 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: + - port: metrics + proxyUrl: {{ template "pushProxy.proxyUrl" . }} + {{- if .Values.clients.https.enabled }} + params: + _scheme: [https] + {{- end }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/values.yaml new file mode 100755 index 000000000..e1bcf79a5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/kubeAdmScheduler/values.yaml @@ -0,0 +1,86 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher1-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher1-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/.helmignore b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/.helmignore new file mode 100755 index 000000000..f0c131944 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/Chart.yaml new file mode 100755 index 000000000..194f0877b --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/Chart.yaml @@ -0,0 +1,26 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-prometheus-adapter +apiVersion: v1 +appVersion: v0.8.3 +description: A Helm chart for k8s prometheus adapter +home: https://github.com/DirectXMan12/k8s-prometheus-adapter +keywords: +- hpa +- metrics +- prometheus +- adapter +maintainers: +- email: mattias.gees@jetstack.io + name: mattiasgees +- name: steven-sheehy +- email: hfernandez@mesosphere.com + name: hectorj2f +name: prometheus-adapter +sources: +- https://github.com/kubernetes/charts +- https://github.com/DirectXMan12/k8s-prometheus-adapter +version: 2.12.1 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/README.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/README.md new file mode 100755 index 000000000..1fe1fad66 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/README.md @@ -0,0 +1,147 @@ +# Prometheus Adapter + +Installs the [Prometheus Adapter](https://github.com/DirectXMan12/k8s-prometheus-adapter) for the Custom Metrics API. Custom metrics are used in Kubernetes by [Horizontal Pod Autoscalers](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) to scale workloads based upon your own metric pulled from an external metrics provider like Prometheus. This chart complements the [metrics-server](https://github.com/helm/charts/tree/master/stable/metrics-server) chart that provides resource only metrics. + +## Prerequisites + +Kubernetes 1.14+ + +## Get Repo Info + +```console +helm repo add prometheus-community https://prometheus-community.github.io/helm-charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Install Chart + +```console +# Helm 3 +$ helm install [RELEASE_NAME] prometheus-community/prometheus-adapter + +# Helm 2 +$ helm install --name [RELEASE_NAME] prometheus-community/prometheus-adapter +``` + +_See [configuration](#configuration) below._ + +_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ + +## Uninstall Chart + +```console +# Helm 3 +$ helm uninstall [RELEASE_NAME] + +# Helm 2 +# helm delete --purge [RELEASE_NAME] +``` + +This removes all the Kubernetes components associated with the chart and deletes the release. + +_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ + +## Upgrading Chart + +```console +# Helm 3 or 2 +$ helm upgrade [RELEASE_NAME] [CHART] --install +``` + +_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ + +## Configuration + +See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands: + +```console +# Helm 2 +$ helm inspect values prometheus-community/prometheus-adapter + +# Helm 3 +$ helm show values prometheus-community/prometheus-adapter +``` + +### Prometheus Service Endpoint + +To use the chart, ensure the `prometheus.url` and `prometheus.port` are configured with the correct Prometheus service endpoint. If Prometheus is exposed under HTTPS the host's CA Bundle must be exposed to the container using `extraVolumes` and `extraVolumeMounts`. + +### Adapter Rules + +Additionally, the chart comes with a set of default rules out of the box but they may pull in too many metrics or not map them correctly for your needs. Therefore, it is recommended to populate `rules.custom` with a list of rules (see the [config document](https://github.com/DirectXMan12/k8s-prometheus-adapter/blob/master/docs/config.md) for the proper format). + +### Horizontal Pod Autoscaler Metrics + +Finally, to configure your Horizontal Pod Autoscaler to use the custom metric, see the custom metrics section of the [HPA walkthrough](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/#autoscaling-on-multiple-metrics-and-custom-metrics). + +The Prometheus Adapter can serve three different [metrics APIs](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-metrics-apis): + +### Custom Metrics + +Enabling this option will cause custom metrics to be served at `/apis/custom.metrics.k8s.io/v1beta1`. Enabled by default when `rules.default` is true, but can be customized by populating `rules.custom`: + +```yaml +rules: + custom: + - seriesQuery: '{__name__=~"^some_metric_count$"}' + resources: + template: <<.Resource>> + name: + matches: "" + as: "my_custom_metric" + metricsQuery: sum(<<.Series>>{<<.LabelMatchers>>}) by (<<.GroupBy>>) +``` + +### External Metrics + +Enabling this option will cause external metrics to be served at `/apis/external.metrics.k8s.io/v1beta1`. Can be enabled by populating `rules.external`: + +```yaml +rules: + external: + - seriesQuery: '{__name__=~"^some_metric_count$"}' + resources: + template: <<.Resource>> + name: + matches: "" + as: "my_external_metric" + metricsQuery: sum(<<.Series>>{<<.LabelMatchers>>}) by (<<.GroupBy>>) +``` + +### Resource Metrics + +Enabling this option will cause resource metrics to be served at `/apis/metrics.k8s.io/v1beta1`. Resource metrics will allow pod CPU and Memory metrics to be used in [Horizontal Pod Autoscalers](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) as well as the `kubectl top` command. Can be enabled by populating `rules.resource`: + +```yaml +rules: + resource: + cpu: + containerQuery: sum(rate(container_cpu_usage_seconds_total{<<.LabelMatchers>>}[3m])) by (<<.GroupBy>>) + nodeQuery: sum(rate(container_cpu_usage_seconds_total{<<.LabelMatchers>>, id='/'}[3m])) by (<<.GroupBy>>) + resources: + overrides: + instance: + resource: node + namespace: + resource: namespace + pod: + resource: pod + containerLabel: container + memory: + containerQuery: sum(container_memory_working_set_bytes{<<.LabelMatchers>>}) by (<<.GroupBy>>) + nodeQuery: sum(container_memory_working_set_bytes{<<.LabelMatchers>>,id='/'}) by (<<.GroupBy>>) + resources: + overrides: + instance: + resource: node + namespace: + resource: namespace + pod: + resource: pod + containerLabel: container + window: 3m +``` + +**NOTE:** Setting a value for `rules.resource` will also deploy the resource metrics API service, providing the same functionality as [metrics-server](https://github.com/helm/charts/tree/master/stable/metrics-server). As such it is not possible to deploy them both in the same cluster. diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/NOTES.txt b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/NOTES.txt new file mode 100755 index 000000000..b7b9b9932 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/NOTES.txt @@ -0,0 +1,9 @@ +{{ template "k8s-prometheus-adapter.fullname" . }} has been deployed. +In a few minutes you should be able to list metrics using the following command(s): +{{ if .Values.rules.resource }} + kubectl get --raw /apis/metrics.k8s.io/v1beta1 +{{- end }} + kubectl get --raw /apis/custom.metrics.k8s.io/v1beta1 +{{ if .Values.rules.external }} + kubectl get --raw /apis/external.metrics.k8s.io/v1beta1 +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/_helpers.tpl new file mode 100755 index 000000000..35c38b621 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/_helpers.tpl @@ -0,0 +1,72 @@ +# Rancher +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "k8s-prometheus-adapter.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "k8s-prometheus-adapter.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "k8s-prometheus-adapter.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "k8s-prometheus-adapter.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "k8s-prometheus-adapter.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/certmanager.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/certmanager.yaml new file mode 100755 index 000000000..7999e3c21 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/certmanager.yaml @@ -0,0 +1,48 @@ +{{- if .Values.certManager.enabled -}} +--- +# Create a selfsigned Issuer, in order to create a root CA certificate for +# signing webhook serving certificates +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ template "k8s-prometheus-adapter.fullname" . }}-self-signed-issuer +spec: + selfSigned: {} +--- +# Generate a CA Certificate used to sign certificates for the webhook +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ template "k8s-prometheus-adapter.fullname" . }}-root-cert +spec: + secretName: {{ template "k8s-prometheus-adapter.fullname" . }}-root-cert + duration: {{ .Values.certManager.caCertDuration }} + issuerRef: + name: {{ template "k8s-prometheus-adapter.fullname" . }}-self-signed-issuer + commonName: "ca.webhook.prometheus-adapter" + isCA: true +--- +# Create an Issuer that uses the above generated CA certificate to issue certs +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ template "k8s-prometheus-adapter.fullname" . }}-root-issuer +spec: + ca: + secretName: {{ template "k8s-prometheus-adapter.fullname" . }}-root-cert +--- +# Finally, generate a serving certificate for the apiservices to use +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ template "k8s-prometheus-adapter.fullname" . }}-cert +spec: + secretName: {{ template "k8s-prometheus-adapter.fullname" . }} + duration: {{ .Values.certManager.certDuration }} + issuerRef: + name: {{ template "k8s-prometheus-adapter.fullname" . }}-root-issuer + dnsNames: + - {{ template "k8s-prometheus-adapter.fullname" . }} + - {{ template "k8s-prometheus-adapter.fullname" . }}.{{ .Release.Namespace }} + - {{ template "k8s-prometheus-adapter.fullname" . }}.{{ .Release.Namespace }}.svc +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/cluster-role-binding-auth-delegator.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/cluster-role-binding-auth-delegator.yaml new file mode 100755 index 000000000..2bc9eb740 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/cluster-role-binding-auth-delegator.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.name" . }}-system-auth-delegator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator +subjects: +- kind: ServiceAccount + name: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/cluster-role-binding-resource-reader.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/cluster-role-binding-resource-reader.yaml new file mode 100755 index 000000000..ec7e5e476 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/cluster-role-binding-resource-reader.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.name" . }}-resource-reader +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "k8s-prometheus-adapter.name" . }}-resource-reader +subjects: +- kind: ServiceAccount + name: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/cluster-role-resource-reader.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/cluster-role-resource-reader.yaml new file mode 100755 index 000000000..319460a33 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/cluster-role-resource-reader.yaml @@ -0,0 +1,23 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.name" . }}-resource-reader +rules: +- apiGroups: + - "" + resources: + - namespaces + - pods + - services + - configmaps + verbs: + - get + - list + - watch +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/configmap.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/configmap.yaml new file mode 100755 index 000000000..fbc155dc8 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/configmap.yaml @@ -0,0 +1,96 @@ +{{- if not .Values.rules.existing -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "k8s-prometheus-adapter.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + config.yaml: | +{{- if or .Values.rules.default .Values.rules.custom }} + rules: +{{- if .Values.rules.default }} + - seriesQuery: '{__name__=~"^container_.*",container!="POD",namespace!="",pod!=""}' + seriesFilters: [] + resources: + overrides: + namespace: + resource: namespace + pod: + resource: pod + name: + matches: ^container_(.*)_seconds_total$ + as: "" + metricsQuery: sum(rate(<<.Series>>{<<.LabelMatchers>>,container!="POD"}[5m])) + by (<<.GroupBy>>) + - seriesQuery: '{__name__=~"^container_.*",container!="POD",namespace!="",pod!=""}' + seriesFilters: + - isNot: ^container_.*_seconds_total$ + resources: + overrides: + namespace: + resource: namespace + pod: + resource: pod + name: + matches: ^container_(.*)_total$ + as: "" + metricsQuery: sum(rate(<<.Series>>{<<.LabelMatchers>>,container!="POD"}[5m])) + by (<<.GroupBy>>) + - seriesQuery: '{__name__=~"^container_.*",container!="POD",namespace!="",pod!=""}' + seriesFilters: + - isNot: ^container_.*_total$ + resources: + overrides: + namespace: + resource: namespace + pod: + resource: pod + name: + matches: ^container_(.*)$ + as: "" + metricsQuery: sum(<<.Series>>{<<.LabelMatchers>>,container!="POD"}) by (<<.GroupBy>>) + - seriesQuery: '{namespace!="",__name__!~"^container_.*"}' + seriesFilters: + - isNot: .*_total$ + resources: + template: <<.Resource>> + name: + matches: "" + as: "" + metricsQuery: sum(<<.Series>>{<<.LabelMatchers>>}) by (<<.GroupBy>>) + - seriesQuery: '{namespace!="",__name__!~"^container_.*"}' + seriesFilters: + - isNot: .*_seconds_total + resources: + template: <<.Resource>> + name: + matches: ^(.*)_total$ + as: "" + metricsQuery: sum(rate(<<.Series>>{<<.LabelMatchers>>}[5m])) by (<<.GroupBy>>) + - seriesQuery: '{namespace!="",__name__!~"^container_.*"}' + seriesFilters: [] + resources: + template: <<.Resource>> + name: + matches: ^(.*)_seconds_total$ + as: "" + metricsQuery: sum(rate(<<.Series>>{<<.LabelMatchers>>}[5m])) by (<<.GroupBy>>) +{{- end -}} +{{- if .Values.rules.custom }} +{{ toYaml .Values.rules.custom | indent 4 }} +{{- end -}} +{{- end -}} +{{- if .Values.rules.external }} + externalRules: +{{ toYaml .Values.rules.external | indent 4 }} +{{- end -}} +{{- if .Values.rules.resource }} + resourceRules: +{{ toYaml .Values.rules.resource | indent 6 }} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/custom-metrics-apiservice.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/custom-metrics-apiservice.yaml new file mode 100755 index 000000000..9bc1cbda1 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/custom-metrics-apiservice.yaml @@ -0,0 +1,32 @@ +{{- if or .Values.rules.default .Values.rules.custom }} +{{- if .Capabilities.APIVersions.Has "apiregistration.k8s.io/v1" }} +apiVersion: apiregistration.k8s.io/v1 +{{- else }} +apiVersion: apiregistration.k8s.io/v1beta1 +{{- end }} +kind: APIService +metadata: +{{- if .Values.certManager.enabled }} + annotations: + certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-root-cert" .Release.Namespace (include "k8s-prometheus-adapter.fullname" .) | quote }} + cert-manager.io/inject-ca-from: {{ printf "%s/%s-root-cert" .Release.Namespace (include "k8s-prometheus-adapter.fullname" .) | quote }} +{{- end }} + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: v1beta1.custom.metrics.k8s.io +spec: + service: + name: {{ template "k8s-prometheus-adapter.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + {{- if .Values.tls.enable }} + caBundle: {{ b64enc .Values.tls.ca }} + {{- end }} + group: custom.metrics.k8s.io + version: v1beta1 + insecureSkipTLSVerify: {{ if or .Values.tls.enable .Values.certManager.enabled }}false{{ else }}true{{ end }} + groupPriorityMinimum: 100 + versionPriority: 100 +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/custom-metrics-cluster-role-binding-hpa.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/custom-metrics-cluster-role-binding-hpa.yaml new file mode 100755 index 000000000..93ade6f8f --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/custom-metrics-cluster-role-binding-hpa.yaml @@ -0,0 +1,23 @@ +{{- /* +This if must be aligned with custom-metrics-cluster-role.yaml +as otherwise this binding will point to not existing role. +*/ -}} +{{- if and .Values.rbac.create (or .Values.rules.default .Values.rules.custom) -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.name" . }}-hpa-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "k8s-prometheus-adapter.name" . }}-server-resources +subjects: +- kind: ServiceAccount + name: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/custom-metrics-cluster-role.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/custom-metrics-cluster-role.yaml new file mode 100755 index 000000000..33daf7113 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/custom-metrics-cluster-role.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.rbac.create (or .Values.rules.default .Values.rules.custom) -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.name" . }}-server-resources +rules: +- apiGroups: + - custom.metrics.k8s.io + resources: ["*"] + verbs: ["*"] +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/deployment.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/deployment.yaml new file mode 100755 index 000000000..43fb65dc8 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/deployment.yaml @@ -0,0 +1,135 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: {{ template "k8s-prometheus-adapter.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + {{- with .Values.podLabels }} + {{- toYaml . | trim | nindent 8 }} + {{- end }} + name: {{ template "k8s-prometheus-adapter.name" . }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- with .Values.podAnnotations }} + {{- toYaml . | trim | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} + {{- if .Values.hostNetwork.enabled }} + hostNetwork: true + {{- end }} + {{- if .Values.dnsPolicy }} + dnsPolicy: {{ .Values.dnsPolicy }} + {{- end}} + containers: + - name: {{ .Chart.Name }} + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: + - /adapter + - --secure-port={{ .Values.listenPort }} + {{- if or .Values.tls.enable .Values.certManager.enabled }} + - --tls-cert-file=/var/run/serving-cert/tls.crt + - --tls-private-key-file=/var/run/serving-cert/tls.key + {{- end }} + - --cert-dir=/tmp/cert + - --logtostderr=true + - --prometheus-url={{ tpl .Values.prometheus.url . }}{{ if .Values.prometheus.port }}:{{ .Values.prometheus.port }}{{end}}{{ .Values.prometheus.path }} + - --metrics-relist-interval={{ .Values.metricsRelistInterval }} + - --v={{ .Values.logLevel }} + - --config=/etc/adapter/config.yaml + {{- if .Values.extraArguments }} + {{- toYaml .Values.extraArguments | trim | nindent 8 }} + {{- end }} + ports: + - containerPort: {{ .Values.listenPort }} + name: https + livenessProbe: + httpGet: + path: /healthz + port: https + scheme: HTTPS + initialDelaySeconds: 30 + readinessProbe: + httpGet: + path: /healthz + port: https + scheme: HTTPS + initialDelaySeconds: 30 + {{- if .Values.resources }} + resources: + {{- toYaml .Values.resources | nindent 10 }} + {{- end }} + {{- with .Values.dnsConfig }} + dnsConfig: + {{ toYaml . | indent 8 }} + {{- end }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ["all"] + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 10001 + volumeMounts: + {{- if .Values.extraVolumeMounts }} + {{ toYaml .Values.extraVolumeMounts | trim | nindent 8 }} + {{ end }} + - mountPath: /etc/adapter/ + name: config + readOnly: true + - mountPath: /tmp + name: tmp + {{- if or .Values.tls.enable .Values.certManager.enabled }} + - mountPath: /var/run/serving-cert + name: volume-serving-cert + readOnly: true + {{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.nodeSelector }} +{{- toYaml .Values.nodeSelector | nindent 8 }} +{{- end }} + affinity: + {{- toYaml .Values.affinity | nindent 8 }} + priorityClassName: {{ .Values.priorityClassName }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.tolerations }} +{{- toYaml .Values.tolerations | nindent 8 }} +{{- end }} + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.image.pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} + volumes: + {{- if .Values.extraVolumes }} + {{ toYaml .Values.extraVolumes | trim | nindent 6 }} + {{ end }} + - name: config + configMap: + name: {{ .Values.rules.existing | default (include "k8s-prometheus-adapter.fullname" . ) }} + - name: tmp + emptyDir: {} + {{- if or .Values.tls.enable .Values.certManager.enabled }} + - name: volume-serving-cert + secret: + secretName: {{ template "k8s-prometheus-adapter.fullname" . }} + {{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/external-metrics-apiservice.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/external-metrics-apiservice.yaml new file mode 100755 index 000000000..035f24694 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/external-metrics-apiservice.yaml @@ -0,0 +1,32 @@ +{{- if .Values.rules.external }} +{{- if .Capabilities.APIVersions.Has "apiregistration.k8s.io/v1" }} +apiVersion: apiregistration.k8s.io/v1 +{{- else }} +apiVersion: apiregistration.k8s.io/v1beta1 +{{- end }} +kind: APIService +metadata: +{{- if .Values.certManager.enabled }} + annotations: + certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-root-cert" .Release.Namespace (include "k8s-prometheus-adapter.fullname" .) | quote }} + cert-manager.io/inject-ca-from: {{ printf "%s/%s-root-cert" .Release.Namespace (include "k8s-prometheus-adapter.fullname" .) | quote }} +{{- end }} + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: v1beta1.external.metrics.k8s.io +spec: + service: + name: {{ template "k8s-prometheus-adapter.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + {{- if .Values.tls.enable }} + caBundle: {{ b64enc .Values.tls.ca }} + {{- end }} + group: external.metrics.k8s.io + version: v1beta1 + insecureSkipTLSVerify: {{ if or .Values.tls.enable .Values.certManager.enabled }}false{{ else }}true{{ end }} + groupPriorityMinimum: 100 + versionPriority: 100 +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/external-metrics-cluster-role-binding-hpa.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/external-metrics-cluster-role-binding-hpa.yaml new file mode 100755 index 000000000..0776029af --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/external-metrics-cluster-role-binding-hpa.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.rbac.create .Values.rules.external -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.name" . }}-hpa-controller-external-metrics +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "k8s-prometheus-adapter.name" . }}-external-metrics +subjects: +- kind: ServiceAccount + name: horizontal-pod-autoscaler + namespace: kube-system +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/external-metrics-cluster-role.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/external-metrics-cluster-role.yaml new file mode 100755 index 000000000..4adbd6537 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/external-metrics-cluster-role.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.rbac.create .Values.rules.external -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.name" . }}-external-metrics +rules: +- apiGroups: + - "external.metrics.k8s.io" + resources: + - "*" + verbs: + - list + - get + - watch +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/pdb.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/pdb.yaml new file mode 100755 index 000000000..b70309f6f --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/pdb.yaml @@ -0,0 +1,22 @@ +{{- if .Values.podDisruptionBudget.enabled }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "k8s-prometheus-adapter.fullname" . }} + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + {{- if .Values.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} + {{- end }} + {{- if .Values.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} + {{- end }} + selector: + matchLabels: + app: {{ template "k8s-prometheus-adapter.name" . }} + release: {{ .Release.Name }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/psp.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/psp.yaml new file mode 100755 index 000000000..a88c9c2f2 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/psp.yaml @@ -0,0 +1,68 @@ +{{- if .Values.psp.create -}} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "k8s-prometheus-adapter.fullname" . }} + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + {{- if .Values.hostNetwork.enabled }} + hostNetwork: true + {{- end }} + fsGroup: + rule: RunAsAny + runAsGroup: + rule: RunAsAny + runAsUser: + rule: MustRunAs + ranges: + - min: 1024 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - secret + - emptyDir + - configMap +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.name" . }}-psp +rules: +- apiGroups: + - 'policy' + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "k8s-prometheus-adapter.fullname" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.name" . }}-psp +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "k8s-prometheus-adapter.name" . }}-psp +subjects: +- kind: ServiceAccount + name: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/resource-metrics-apiservice.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/resource-metrics-apiservice.yaml new file mode 100755 index 000000000..ab75b2f6c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/resource-metrics-apiservice.yaml @@ -0,0 +1,32 @@ +{{- if .Values.rules.resource}} +{{- if .Capabilities.APIVersions.Has "apiregistration.k8s.io/v1" }} +apiVersion: apiregistration.k8s.io/v1 +{{- else }} +apiVersion: apiregistration.k8s.io/v1beta1 +{{- end }} +kind: APIService +metadata: +{{- if .Values.certManager.enabled }} + annotations: + certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-root-cert" .Release.Namespace (include "k8s-prometheus-adapter.fullname" .) | quote }} + cert-manager.io/inject-ca-from: {{ printf "%s/%s-root-cert" .Release.Namespace (include "k8s-prometheus-adapter.fullname" .) | quote }} +{{- end }} + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: v1beta1.metrics.k8s.io +spec: + service: + name: {{ template "k8s-prometheus-adapter.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + {{- if .Values.tls.enable }} + caBundle: {{ b64enc .Values.tls.ca }} + {{- end }} + group: metrics.k8s.io + version: v1beta1 + insecureSkipTLSVerify: {{ if or .Values.tls.enable .Values.certManager.enabled }}false{{ else }}true{{ end }} + groupPriorityMinimum: 100 + versionPriority: 100 +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/resource-metrics-cluster-role-binding.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/resource-metrics-cluster-role-binding.yaml new file mode 100755 index 000000000..0534af11e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/resource-metrics-cluster-role-binding.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.rbac.create .Values.rules.resource -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.name" . }}-hpa-controller-metrics +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "k8s-prometheus-adapter.name" . }}-metrics +subjects: +- kind: ServiceAccount + name: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/resource-metrics-cluster-role.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/resource-metrics-cluster-role.yaml new file mode 100755 index 000000000..01a307d69 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/resource-metrics-cluster-role.yaml @@ -0,0 +1,22 @@ +{{- if and .Values.rbac.create .Values.rules.resource -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.name" . }}-metrics +rules: +- apiGroups: + - "" + resources: + - pods + - nodes + - nodes/stats + verbs: + - get + - list + - watch +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/role-binding-auth-reader.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/role-binding-auth-reader.yaml new file mode 100755 index 000000000..60f18f2b3 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/role-binding-auth-reader.yaml @@ -0,0 +1,20 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.name" . }}-auth-reader + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader +subjects: +- kind: ServiceAccount + name: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/secret.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/secret.yaml new file mode 100755 index 000000000..38e7cb624 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/secret.yaml @@ -0,0 +1,15 @@ +{{- if .Values.tls.enable -}} +apiVersion: v1 +kind: Secret +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.fullname" . }} +type: kubernetes.io/tls +data: + tls.crt: {{ b64enc .Values.tls.certificate }} + tls.key: {{ b64enc .Values.tls.key }} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/service.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/service.yaml new file mode 100755 index 000000000..6bccda911 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/service.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: +{{ toYaml .Values.service.annotations | indent 4 }} + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + ports: + - port: {{ .Values.service.port }} + protocol: TCP + targetPort: https + selector: + app: {{ template "k8s-prometheus-adapter.name" . }} + release: {{ .Release.Name }} + type: {{ .Values.service.type }} + diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/serviceaccount.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/serviceaccount.yaml new file mode 100755 index 000000000..42ef0267e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/values.yaml new file mode 100755 index 000000000..d9108cb9a --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-adapter/values.yaml @@ -0,0 +1,180 @@ +# Default values for k8s-prometheus-adapter.. +global: + cattle: + systemDefaultRegistry: "" + +affinity: {} + +image: + repository: rancher/mirrored-directxman12-k8s-prometheus-adapter + tag: v0.8.3 + pullPolicy: IfNotPresent + +logLevel: 4 + +metricsRelistInterval: 1m + +listenPort: 6443 + +nodeSelector: {} + +priorityClassName: "" + +# Url to access prometheus +prometheus: + # Value is templated + url: http://prometheus.default.svc + port: 9090 + path: "" + +replicas: 1 + +rbac: + # Specifies whether RBAC resources should be created + create: true + +psp: + # Specifies whether PSP resources should be created + create: false + +serviceAccount: + # Specifies whether a service account should be created + create: true + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: +# Custom DNS configuration to be added to prometheus-adapter pods +dnsConfig: {} +# nameservers: +# - 1.2.3.4 +# searches: +# - ns1.svc.cluster-domain.example +# - my.dns.search.suffix +# options: +# - name: ndots +# value: "2" +# - name: edns0 +resources: {} + # requests: + # cpu: 100m + # memory: 128Mi + # limits: + # cpu: 100m + # memory: 128Mi + +rules: + default: true + custom: [] +# - seriesQuery: '{__name__=~"^some_metric_count$"}' +# resources: +# template: <<.Resource>> +# name: +# matches: "" +# as: "my_custom_metric" +# metricsQuery: sum(<<.Series>>{<<.LabelMatchers>>}) by (<<.GroupBy>>) + # Mounts a configMap with pre-generated rules for use. Overrides the + # default, custom, external and resource entries + existing: + external: [] +# - seriesQuery: '{__name__=~"^some_metric_count$"}' +# resources: +# template: <<.Resource>> +# name: +# matches: "" +# as: "my_external_metric" +# metricsQuery: sum(<<.Series>>{<<.LabelMatchers>>}) by (<<.GroupBy>>) + resource: {} +# cpu: +# containerQuery: sum(rate(container_cpu_usage_seconds_total{<<.LabelMatchers>>}[3m])) by (<<.GroupBy>>) +# nodeQuery: sum(rate(container_cpu_usage_seconds_total{<<.LabelMatchers>>, id='/'}[3m])) by (<<.GroupBy>>) +# resources: +# overrides: +# instance: +# resource: node +# namespace: +# resource: namespace +# pod: +# resource: pod +# containerLabel: container +# memory: +# containerQuery: sum(container_memory_working_set_bytes{<<.LabelMatchers>>}) by (<<.GroupBy>>) +# nodeQuery: sum(container_memory_working_set_bytes{<<.LabelMatchers>>,id='/'}) by (<<.GroupBy>>) +# resources: +# overrides: +# instance: +# resource: node +# namespace: +# resource: namespace +# pod: +# resource: pod +# containerLabel: container +# window: 3m + +service: + annotations: {} + port: 443 + type: ClusterIP + +tls: + enable: false + ca: |- + # Public CA file that signed the APIService + key: |- + # Private key of the APIService + certificate: |- + # Public key of the APIService + +# Any extra arguments +extraArguments: [] + # - --tls-private-key-file=/etc/tls/tls.key + # - --tls-cert-file=/etc/tls/tls.crt + +# Any extra volumes +extraVolumes: [] + # - name: example-name + # hostPath: + # path: /path/on/host + # type: DirectoryOrCreate + # - name: ssl-certs + # hostPath: + # path: /etc/ssl/certs/ca-bundle.crt + # type: File + +# Any extra volume mounts +extraVolumeMounts: [] + # - name: example-name + # mountPath: /path/in/container + # - name: ssl-certs + # mountPath: /etc/ssl/certs/ca-certificates.crt + # readOnly: true + +tolerations: [] + +# Labels added to the pod +podLabels: {} + +# Annotations added to the pod +podAnnotations: {} + +hostNetwork: + # Specifies if prometheus-adapter should be started in hostNetwork mode. + # + # You would require this enabled if you use alternate overlay networking for pods and + # API server unable to communicate with metrics-server. As an example, this is required + # if you use Weave network on EKS. See also dnsPolicy + enabled: false + +# When hostNetwork is enabled, you probably want to set this to ClusterFirstWithHostNet +# dnsPolicy: ClusterFirstWithHostNet + +podDisruptionBudget: + # Specifies if PodDisruptionBudget should be enabled + # When enabled, minAvailable or maxUnavailable should also be defined. + enabled: false + minAvailable: + maxUnavailable: 1 + +certManager: + enabled: false + caCertDuration: 43800h + certDuration: 8760h diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/.helmignore b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/.helmignore new file mode 100755 index 000000000..f0c131944 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/Chart.yaml new file mode 100755 index 000000000..887a6d5da --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-node-exporter +apiVersion: v1 +appVersion: 1.1.2 +description: A Helm chart for prometheus node-exporter +home: https://github.com/prometheus/node_exporter/ +keywords: +- node-exporter +- prometheus +- exporter +maintainers: +- email: gianrubio@gmail.com + name: gianrubio +- name: vsliouniaev +- name: bismarck +name: prometheus-node-exporter +sources: +- https://github.com/prometheus/node_exporter/ +version: 1.16.2 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/README.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/README.md new file mode 100755 index 000000000..babde05e0 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/README.md @@ -0,0 +1,63 @@ +# Prometheus Node Exporter + +Prometheus exporter for hardware and OS metrics exposed by *NIX kernels, written in Go with pluggable metric collectors. + +This chart bootstraps a prometheus [Node Exporter](http://github.com/prometheus/node_exporter) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Get Repo Info + +```console +helm repo add prometheus-community https://prometheus-community.github.io/helm-charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Install Chart + +```console +# Helm 3 +$ helm install [RELEASE_NAME] prometheus-community/prometheus-node-exporter + +# Helm 2 +$ helm install --name [RELEASE_NAME] prometheus-community/prometheus-node-exporter +``` + +_See [configuration](#configuration) below._ + +_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ + +## Uninstall Chart + +```console +# Helm 3 +$ helm uninstall [RELEASE_NAME] + +# Helm 2 +# helm delete --purge [RELEASE_NAME] +``` + +This removes all the Kubernetes components associated with the chart and deletes the release. + +_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ + +## Upgrading Chart + +```console +# Helm 3 or 2 +$ helm upgrade [RELEASE_NAME] [CHART] --install +``` + +_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ + +## Configuring + +See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands: + +```console +# Helm 2 +$ helm inspect values prometheus-community/prometheus-node-exporter + +# Helm 3 +$ helm show values prometheus-community/prometheus-node-exporter +``` diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/NOTES.txt b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/NOTES.txt new file mode 100755 index 000000000..dc272fa99 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/NOTES.txt @@ -0,0 +1,15 @@ +1. Get the application URL by running these commands: +{{- if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ template "prometheus-node-exporter.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus-node-exporter.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ template "prometheus-node-exporter.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ template "prometheus-node-exporter.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ template "prometheus-node-exporter.namespace" . }} {{ template "prometheus-node-exporter.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ template "prometheus-node-exporter.namespace" . }} -l "app={{ template "prometheus-node-exporter.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:9100 to use your application" + kubectl port-forward --namespace {{ template "prometheus-node-exporter.namespace" . }} $POD_NAME 9100 +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/_helpers.tpl new file mode 100755 index 000000000..9fd0d600b --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/_helpers.tpl @@ -0,0 +1,95 @@ +# Rancher +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "prometheus-node-exporter.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "prometheus-node-exporter.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* Generate basic labels */}} +{{- define "prometheus-node-exporter.labels" }} +app: {{ template "prometheus-node-exporter.name" . }} +heritage: {{.Release.Service }} +release: {{.Release.Name }} +chart: {{ template "prometheus-node-exporter.chart" . }} +{{- if .Values.podLabels}} +{{ toYaml .Values.podLabels }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "prometheus-node-exporter.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + +{{/* +Create the name of the service account to use +*/}} +{{- define "prometheus-node-exporter.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "prometheus-node-exporter.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts +*/}} +{{- define "prometheus-node-exporter.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/daemonset.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/daemonset.yaml new file mode 100755 index 000000000..a3a1bc885 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/daemonset.yaml @@ -0,0 +1,183 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "prometheus-node-exporter.fullname" . }} + namespace: {{ template "prometheus-node-exporter.namespace" . }} + labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }} +spec: + selector: + matchLabels: + app: {{ template "prometheus-node-exporter.name" . }} + release: {{ .Release.Name }} + {{- if .Values.updateStrategy }} + updateStrategy: +{{ toYaml .Values.updateStrategy | indent 4 }} + {{- end }} + template: + metadata: + labels: {{ include "prometheus-node-exporter.labels" . | indent 8 }} + {{- if .Values.podAnnotations }} + annotations: + {{- toYaml .Values.podAnnotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "prometheus-node-exporter.serviceAccountName" . }} +{{- if .Values.securityContext }} + securityContext: +{{ toYaml .Values.securityContext | indent 8 }} +{{- end }} +{{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} +{{- end }} + containers: + - name: node-exporter + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: + - --path.procfs=/host/proc + - --path.sysfs=/host/sys + {{- if .Values.hostRootFsMount }} + - --path.rootfs=/host/root + {{- end }} + - --web.listen-address=$(HOST_IP):{{ .Values.service.port }} +{{- if .Values.extraArgs }} +{{ toYaml .Values.extraArgs | indent 12 }} +{{- end }} + {{- with .Values.containerSecurityContext }} + securityContext: {{ toYaml . | nindent 12 }} + {{- end }} + env: + - name: HOST_IP + {{- if .Values.service.listenOnAllInterfaces }} + value: 0.0.0.0 + {{- else }} + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.service.port }} + protocol: TCP + livenessProbe: + httpGet: + path: / + port: {{ .Values.service.port }} + readinessProbe: + httpGet: + path: / + port: {{ .Values.service.port }} + resources: +{{ toYaml .Values.resources | indent 12 }} + volumeMounts: + - name: proc + mountPath: /host/proc + readOnly: true + - name: sys + mountPath: /host/sys + readOnly: true + {{- if .Values.hostRootFsMount }} + - name: root + mountPath: /host/root + mountPropagation: HostToContainer + readOnly: true + {{- end }} + {{- if .Values.extraHostVolumeMounts }} + {{- range $_, $mount := .Values.extraHostVolumeMounts }} + - name: {{ $mount.name }} + mountPath: {{ $mount.mountPath }} + readOnly: {{ $mount.readOnly }} + {{- if $mount.mountPropagation }} + mountPropagation: {{ $mount.mountPropagation }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.sidecarVolumeMount }} + {{- range $_, $mount := .Values.sidecarVolumeMount }} + - name: {{ $mount.name }} + mountPath: {{ $mount.mountPath }} + readOnly: true + {{- end }} + {{- end }} + {{- if .Values.configmaps }} + {{- range $_, $mount := .Values.configmaps }} + - name: {{ $mount.name }} + mountPath: {{ $mount.mountPath }} + {{- end }} + {{- if .Values.secrets }} + {{- range $_, $mount := .Values.secrets }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + {{- end }} + {{- end }} + {{- end }} +{{- if .Values.sidecars }} +{{ toYaml .Values.sidecars | indent 8 }} + {{- if .Values.sidecarVolumeMount }} + volumeMounts: + {{- range $_, $mount := .Values.sidecarVolumeMount }} + - name: {{ $mount.name }} + mountPath: {{ $mount.mountPath }} + readOnly: {{ $mount.readOnly }} + {{- end }} + {{- end }} +{{- end }} + hostNetwork: {{ .Values.hostNetwork }} + hostPID: true +{{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} +{{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- with .Values.dnsConfig }} + dnsConfig: +{{ toYaml . | indent 8 }} +{{- end }} +{{- if .Values.nodeSelector }} +{{- toYaml .Values.Selector | nindent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.tolerations }} +{{- toYaml .Values.tolerations | nindent 8 }} +{{- end }} + volumes: + - name: proc + hostPath: + path: /proc + - name: sys + hostPath: + path: /sys + {{- if .Values.hostRootFsMount }} + - name: root + hostPath: + path: / + {{- end }} + {{- if .Values.extraHostVolumeMounts }} + {{- range $_, $mount := .Values.extraHostVolumeMounts }} + - name: {{ $mount.name }} + hostPath: + path: {{ $mount.hostPath }} + {{- end }} + {{- end }} + {{- if .Values.sidecarVolumeMount }} + {{- range $_, $mount := .Values.sidecarVolumeMount }} + - name: {{ $mount.name }} + emptyDir: + medium: Memory + {{- end }} + {{- end }} + {{- if .Values.configmaps }} + {{- range $_, $mount := .Values.configmaps }} + - name: {{ $mount.name }} + configMap: + name: {{ $mount.name }} + {{- end }} + {{- end }} + {{- if .Values.secrets }} + {{- range $_, $mount := .Values.secrets }} + - name: {{ $mount.name }} + secret: + secretName: {{ $mount.name }} + {{- end }} + {{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/endpoints.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/endpoints.yaml new file mode 100755 index 000000000..8daaeaaff --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/endpoints.yaml @@ -0,0 +1,18 @@ +{{- if .Values.endpoints }} +apiVersion: v1 +kind: Endpoints +metadata: + name: {{ template "prometheus-node-exporter.fullname" . }} + namespace: {{ template "prometheus-node-exporter.namespace" . }} + labels: +{{ include "prometheus-node-exporter.labels" . | indent 4 }} +subsets: + - addresses: + {{- range .Values.endpoints }} + - ip: {{ . }} + {{- end }} + ports: + - name: metrics + port: 9100 + protocol: TCP +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/monitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/monitor.yaml new file mode 100755 index 000000000..2f7b6ae9e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/monitor.yaml @@ -0,0 +1,32 @@ +{{- if .Values.prometheus.monitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "prometheus-node-exporter.fullname" . }} + namespace: {{ template "prometheus-node-exporter.namespace" . }} + labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }} + {{- if .Values.prometheus.monitor.additionalLabels }} +{{ toYaml .Values.prometheus.monitor.additionalLabels | indent 4 }} + {{- end }} +spec: + selector: + matchLabels: + app: {{ template "prometheus-node-exporter.name" . }} + release: {{ .Release.Name }} + endpoints: + - port: metrics + scheme: {{ $.Values.prometheus.monitor.scheme }} + {{- if $.Values.prometheus.monitor.bearerTokenFile }} + bearerTokenFile: {{ $.Values.prometheus.monitor.bearerTokenFile }} + {{- end }} + {{- if $.Values.prometheus.monitor.tlsConfig }} + tlsConfig: {{ toYaml $.Values.prometheus.monitor.tlsConfig | nindent 8 }} + {{- end }} + {{- if .Values.prometheus.monitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.prometheus.monitor.scrapeTimeout }} + {{- end }} +{{- if .Values.prometheus.monitor.relabelings }} + relabelings: +{{ toYaml .Values.prometheus.monitor.relabelings | indent 6 }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml new file mode 100755 index 000000000..cb433369c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml @@ -0,0 +1,15 @@ +{{- if .Values.rbac.create }} +{{- if .Values.rbac.pspEnabled }} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: psp-{{ template "prometheus-node-exporter.fullname" . }} + labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }} +rules: +- apiGroups: ['extensions'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "prometheus-node-exporter.fullname" . }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/psp-clusterrolebinding.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/psp-clusterrolebinding.yaml new file mode 100755 index 000000000..d36d93ecf --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/psp-clusterrolebinding.yaml @@ -0,0 +1,17 @@ +{{- if .Values.rbac.create }} +{{- if .Values.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: psp-{{ template "prometheus-node-exporter.fullname" . }} + labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: psp-{{ template "prometheus-node-exporter.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "prometheus-node-exporter.fullname" . }} + namespace: {{ template "prometheus-node-exporter.namespace" . }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/psp.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/psp.yaml new file mode 100755 index 000000000..f00506c98 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/psp.yaml @@ -0,0 +1,52 @@ +{{- if .Values.rbac.create }} +{{- if .Values.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "prometheus-node-exporter.fullname" . }} + namespace: {{ template "prometheus-node-exporter.namespace" . }} + labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }} +spec: + privileged: false + # Required to prevent escalations to root. + # allowPrivilegeEscalation: false + # This is redundant with non-root + disallow privilege escalation, + # but we can provide it for defense in depth. + #requiredDropCapabilities: + # - ALL + # Allow core volume types. + volumes: + - 'configMap' + - 'emptyDir' + - 'projected' + - 'secret' + - 'downwardAPI' + - 'persistentVolumeClaim' + - 'hostPath' + hostNetwork: true + hostIPC: false + hostPID: true + hostPorts: + - min: 0 + max: 65535 + runAsUser: + # Permits the container to run with root privileges as well. + rule: 'RunAsAny' + seLinux: + # This policy assumes the nodes are using AppArmor rather than SELinux. + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 0 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/service.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/service.yaml new file mode 100755 index 000000000..b0a447fe3 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "prometheus-node-exporter.fullname" . }} + namespace: {{ template "prometheus-node-exporter.namespace" . }} +{{- if .Values.service.annotations }} + annotations: +{{ toYaml .Values.service.annotations | indent 4 }} +{{- end }} + labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + {{- if ( and (eq .Values.service.type "NodePort" ) (not (empty .Values.service.nodePort)) ) }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + targetPort: {{ .Values.service.targetPort }} + protocol: TCP + name: metrics + selector: + app: {{ template "prometheus-node-exporter.name" . }} + release: {{ .Release.Name }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/serviceaccount.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/serviceaccount.yaml new file mode 100755 index 000000000..07e9f0d94 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/templates/serviceaccount.yaml @@ -0,0 +1,18 @@ +{{- if .Values.rbac.create -}} +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "prometheus-node-exporter.serviceAccountName" . }} + namespace: {{ template "prometheus-node-exporter.namespace" . }} + labels: + app: {{ template "prometheus-node-exporter.name" . }} + chart: {{ template "prometheus-node-exporter.chart" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + annotations: +{{ toYaml .Values.serviceAccount.annotations | indent 4 }} +imagePullSecrets: +{{ toYaml .Values.serviceAccount.imagePullSecrets | indent 2 }} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/values.yaml new file mode 100755 index 000000000..47dedd4d2 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/prometheus-node-exporter/values.yaml @@ -0,0 +1,177 @@ +# Default values for prometheus-node-exporter. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: + cattle: + systemDefaultRegistry: "" + +image: + repository: rancher/mirrored-prometheus-node-exporter + tag: v1.1.2 + pullPolicy: IfNotPresent + +service: + type: ClusterIP + port: 9100 + targetPort: 9100 + nodePort: + listenOnAllInterfaces: true + annotations: + prometheus.io/scrape: "true" + +prometheus: + monitor: + enabled: false + additionalLabels: {} + namespace: "" + scheme: http + bearerTokenFile: + tlsConfig: {} + + relabelings: [] + scrapeTimeout: 10s + +## Customize the updateStrategy if set +updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 200m + # memory: 50Mi + # requests: + # cpu: 100m + # memory: 30Mi + +serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: + annotations: {} + imagePullSecrets: [] + +securityContext: + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + +containerSecurityContext: {} + # capabilities: + # add: + # - SYS_TIME + +rbac: + ## If true, create & use RBAC resources + ## + create: true + ## If true, create & use Pod Security Policy resources + ## https://kubernetes.io/docs/concepts/policy/pod-security-policy/ + pspEnabled: true + +# for deployments that have node_exporter deployed outside of the cluster, list +# their addresses here +endpoints: [] + +# Expose the service to the host network +hostNetwork: true + +## If true, node-exporter pods mounts host / at /host/root +## +hostRootFsMount: true + +## Assign a group of affinity scheduling rules +## +affinity: {} +# nodeAffinity: +# requiredDuringSchedulingIgnoredDuringExecution: +# nodeSelectorTerms: +# - matchFields: +# - key: metadata.name +# operator: In +# values: +# - target-host-name + +# Annotations to be added to node exporter pods +podAnnotations: + # Fix for very slow GKE cluster upgrades + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + +# Extra labels to be added to node exporter pods +podLabels: {} + +# Custom DNS configuration to be added to prometheus-node-exporter pods +dnsConfig: {} +# nameservers: +# - 1.2.3.4 +# searches: +# - ns1.svc.cluster-domain.example +# - my.dns.search.suffix +# options: +# - name: ndots +# value: "2" +# - name: edns0 + +## Assign a nodeSelector if operating a hybrid cluster +## +nodeSelector: {} +# beta.kubernetes.io/arch: amd64 +# beta.kubernetes.io/os: linux + +tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + +## Assign a PriorityClassName to pods if set +# priorityClassName: "" + +## Additional container arguments +## +extraArgs: [] +# - --collector.diskstats.ignored-devices=^(ram|loop|fd|(h|s|v)d[a-z]|nvme\\d+n\\d+p)\\d+$ +# - --collector.textfile.directory=/run/prometheus + +## Additional mounts from the host +## +extraHostVolumeMounts: [] +# - name: +# hostPath: +# mountPath: +# readOnly: true|false +# mountPropagation: None|HostToContainer|Bidirectional + +## Additional configmaps to be mounted. +## +configmaps: [] +# - name: +# mountPath: +secrets: [] +# - name: +# mountPath: +## Override the deployment namespace +## +namespaceOverride: "" + +## Additional containers for export metrics to text file +## +sidecars: [] +## - name: nvidia-dcgm-exporter +## image: nvidia/dcgm-exporter:1.4.3 + +## Volume for sidecar containers +## +sidecarVolumeMount: [] +## - name: collector-textfiles +## mountPath: /run/prometheus +## readOnly: false diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/.helmignore b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/Chart.yaml new file mode 100755 index 000000000..e5205567e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: rke2ControllerManager +type: application +version: 0.1.3 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/README.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/README.md new file mode 100755 index 000000000..dcecc69da --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/README.md @@ -0,0 +1,54 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/_helpers.tpl new file mode 100755 index 000000000..f77b8edf4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/_helpers.tpl @@ -0,0 +1,87 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) .Release.Namespace (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/pushprox-clients-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/pushprox-clients-rbac.yaml new file mode 100755 index 000000000..95346dee6 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,74 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/pushprox-clients.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/pushprox-clients.yaml new file mode 100755 index 000000000..ed78792e5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/pushprox-clients.yaml @@ -0,0 +1,135 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/pushprox-proxy-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/pushprox-proxy-rbac.yaml new file mode 100755 index 000000000..a3509c160 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/pushprox-proxy.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/pushprox-proxy.yaml new file mode 100755 index 000000000..571e13138 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/pushprox-servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/pushprox-servicemonitor.yaml new file mode 100755 index 000000000..2f3d7e54c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,39 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: + - port: metrics + proxyUrl: {{ template "pushProxy.proxyUrl" . }} + {{- if .Values.clients.https.enabled }} + params: + _scheme: [https] + {{- end }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/values.yaml new file mode 100755 index 000000000..e1bcf79a5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2ControllerManager/values.yaml @@ -0,0 +1,86 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher1-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher1-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/.helmignore b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/Chart.yaml new file mode 100755 index 000000000..7320aec04 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: rke2Etcd +type: application +version: 0.1.3 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/README.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/README.md new file mode 100755 index 000000000..dcecc69da --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/README.md @@ -0,0 +1,54 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/_helpers.tpl new file mode 100755 index 000000000..f77b8edf4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/_helpers.tpl @@ -0,0 +1,87 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) .Release.Namespace (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/pushprox-clients-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/pushprox-clients-rbac.yaml new file mode 100755 index 000000000..95346dee6 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,74 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/pushprox-clients.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/pushprox-clients.yaml new file mode 100755 index 000000000..ed78792e5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/pushprox-clients.yaml @@ -0,0 +1,135 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/pushprox-proxy-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/pushprox-proxy-rbac.yaml new file mode 100755 index 000000000..a3509c160 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/pushprox-proxy.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/pushprox-proxy.yaml new file mode 100755 index 000000000..571e13138 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/pushprox-servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/pushprox-servicemonitor.yaml new file mode 100755 index 000000000..2f3d7e54c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,39 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: + - port: metrics + proxyUrl: {{ template "pushProxy.proxyUrl" . }} + {{- if .Values.clients.https.enabled }} + params: + _scheme: [https] + {{- end }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/values.yaml new file mode 100755 index 000000000..e1bcf79a5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Etcd/values.yaml @@ -0,0 +1,86 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher1-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher1-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/.helmignore b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/Chart.yaml new file mode 100755 index 000000000..1e2201169 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: rke2Proxy +type: application +version: 0.1.3 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/README.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/README.md new file mode 100755 index 000000000..dcecc69da --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/README.md @@ -0,0 +1,54 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/_helpers.tpl new file mode 100755 index 000000000..f77b8edf4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/_helpers.tpl @@ -0,0 +1,87 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) .Release.Namespace (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/pushprox-clients-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/pushprox-clients-rbac.yaml new file mode 100755 index 000000000..95346dee6 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,74 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/pushprox-clients.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/pushprox-clients.yaml new file mode 100755 index 000000000..ed78792e5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/pushprox-clients.yaml @@ -0,0 +1,135 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/pushprox-proxy-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/pushprox-proxy-rbac.yaml new file mode 100755 index 000000000..a3509c160 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/pushprox-proxy.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/pushprox-proxy.yaml new file mode 100755 index 000000000..571e13138 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/pushprox-servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/pushprox-servicemonitor.yaml new file mode 100755 index 000000000..2f3d7e54c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,39 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: + - port: metrics + proxyUrl: {{ template "pushProxy.proxyUrl" . }} + {{- if .Values.clients.https.enabled }} + params: + _scheme: [https] + {{- end }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/values.yaml new file mode 100755 index 000000000..e1bcf79a5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Proxy/values.yaml @@ -0,0 +1,86 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher1-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher1-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/.helmignore b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/Chart.yaml new file mode 100755 index 000000000..4b076fb84 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: rke2Scheduler +type: application +version: 0.1.3 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/README.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/README.md new file mode 100755 index 000000000..dcecc69da --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/README.md @@ -0,0 +1,54 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/_helpers.tpl new file mode 100755 index 000000000..f77b8edf4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/_helpers.tpl @@ -0,0 +1,87 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) .Release.Namespace (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/pushprox-clients-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/pushprox-clients-rbac.yaml new file mode 100755 index 000000000..95346dee6 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,74 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/pushprox-clients.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/pushprox-clients.yaml new file mode 100755 index 000000000..ed78792e5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/pushprox-clients.yaml @@ -0,0 +1,135 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/pushprox-proxy-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/pushprox-proxy-rbac.yaml new file mode 100755 index 000000000..a3509c160 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/pushprox-proxy.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/pushprox-proxy.yaml new file mode 100755 index 000000000..571e13138 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/pushprox-servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/pushprox-servicemonitor.yaml new file mode 100755 index 000000000..2f3d7e54c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,39 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: + - port: metrics + proxyUrl: {{ template "pushProxy.proxyUrl" . }} + {{- if .Values.clients.https.enabled }} + params: + _scheme: [https] + {{- end }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/values.yaml new file mode 100755 index 000000000..e1bcf79a5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rke2Scheduler/values.yaml @@ -0,0 +1,86 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher1-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher1-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/.helmignore b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/Chart.yaml new file mode 100755 index 000000000..09ef21031 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: rkeControllerManager +type: application +version: 0.1.3 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/README.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/README.md new file mode 100755 index 000000000..dcecc69da --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/README.md @@ -0,0 +1,54 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/_helpers.tpl new file mode 100755 index 000000000..f77b8edf4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/_helpers.tpl @@ -0,0 +1,87 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) .Release.Namespace (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/pushprox-clients-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/pushprox-clients-rbac.yaml new file mode 100755 index 000000000..95346dee6 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,74 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/pushprox-clients.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/pushprox-clients.yaml new file mode 100755 index 000000000..ed78792e5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/pushprox-clients.yaml @@ -0,0 +1,135 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/pushprox-proxy-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/pushprox-proxy-rbac.yaml new file mode 100755 index 000000000..a3509c160 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/pushprox-proxy.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/pushprox-proxy.yaml new file mode 100755 index 000000000..571e13138 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/pushprox-servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/pushprox-servicemonitor.yaml new file mode 100755 index 000000000..2f3d7e54c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,39 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: + - port: metrics + proxyUrl: {{ template "pushProxy.proxyUrl" . }} + {{- if .Values.clients.https.enabled }} + params: + _scheme: [https] + {{- end }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/values.yaml new file mode 100755 index 000000000..e1bcf79a5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeControllerManager/values.yaml @@ -0,0 +1,86 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher1-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher1-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/.helmignore b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/Chart.yaml new file mode 100755 index 000000000..a4f4b02e4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: rkeEtcd +type: application +version: 0.1.3 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/README.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/README.md new file mode 100755 index 000000000..dcecc69da --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/README.md @@ -0,0 +1,54 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/_helpers.tpl new file mode 100755 index 000000000..f77b8edf4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/_helpers.tpl @@ -0,0 +1,87 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) .Release.Namespace (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/pushprox-clients-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/pushprox-clients-rbac.yaml new file mode 100755 index 000000000..95346dee6 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,74 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/pushprox-clients.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/pushprox-clients.yaml new file mode 100755 index 000000000..ed78792e5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/pushprox-clients.yaml @@ -0,0 +1,135 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/pushprox-proxy-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/pushprox-proxy-rbac.yaml new file mode 100755 index 000000000..a3509c160 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/pushprox-proxy.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/pushprox-proxy.yaml new file mode 100755 index 000000000..571e13138 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/pushprox-servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/pushprox-servicemonitor.yaml new file mode 100755 index 000000000..2f3d7e54c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,39 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: + - port: metrics + proxyUrl: {{ template "pushProxy.proxyUrl" . }} + {{- if .Values.clients.https.enabled }} + params: + _scheme: [https] + {{- end }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/values.yaml new file mode 100755 index 000000000..e1bcf79a5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeEtcd/values.yaml @@ -0,0 +1,86 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher1-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher1-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/.helmignore b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/Chart.yaml new file mode 100755 index 000000000..f86115b68 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: rkeProxy +type: application +version: 0.1.3 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/README.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/README.md new file mode 100755 index 000000000..dcecc69da --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/README.md @@ -0,0 +1,54 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/_helpers.tpl new file mode 100755 index 000000000..f77b8edf4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/_helpers.tpl @@ -0,0 +1,87 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) .Release.Namespace (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/pushprox-clients-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/pushprox-clients-rbac.yaml new file mode 100755 index 000000000..95346dee6 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,74 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/pushprox-clients.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/pushprox-clients.yaml new file mode 100755 index 000000000..ed78792e5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/pushprox-clients.yaml @@ -0,0 +1,135 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/pushprox-proxy-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/pushprox-proxy-rbac.yaml new file mode 100755 index 000000000..a3509c160 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/pushprox-proxy.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/pushprox-proxy.yaml new file mode 100755 index 000000000..571e13138 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/pushprox-servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/pushprox-servicemonitor.yaml new file mode 100755 index 000000000..2f3d7e54c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,39 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: + - port: metrics + proxyUrl: {{ template "pushProxy.proxyUrl" . }} + {{- if .Values.clients.https.enabled }} + params: + _scheme: [https] + {{- end }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/values.yaml new file mode 100755 index 000000000..e1bcf79a5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeProxy/values.yaml @@ -0,0 +1,86 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher1-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher1-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/.helmignore b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/Chart.yaml new file mode 100755 index 000000000..9b58f56a5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: rkeScheduler +type: application +version: 0.1.3 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/README.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/README.md new file mode 100755 index 000000000..dcecc69da --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/README.md @@ -0,0 +1,54 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/_helpers.tpl new file mode 100755 index 000000000..f77b8edf4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/_helpers.tpl @@ -0,0 +1,87 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) .Release.Namespace (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/pushprox-clients-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/pushprox-clients-rbac.yaml new file mode 100755 index 000000000..95346dee6 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,74 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/pushprox-clients.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/pushprox-clients.yaml new file mode 100755 index 000000000..ed78792e5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/pushprox-clients.yaml @@ -0,0 +1,135 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/pushprox-proxy-rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/pushprox-proxy-rbac.yaml new file mode 100755 index 000000000..a3509c160 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/pushprox-proxy.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/pushprox-proxy.yaml new file mode 100755 index 000000000..571e13138 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/pushprox-servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/pushprox-servicemonitor.yaml new file mode 100755 index 000000000..2f3d7e54c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,39 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: + - port: metrics + proxyUrl: {{ template "pushProxy.proxyUrl" . }} + {{- if .Values.clients.https.enabled }} + params: + _scheme: [https] + {{- end }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/values.yaml new file mode 100755 index 000000000..e1bcf79a5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/rkeScheduler/values.yaml @@ -0,0 +1,86 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher1-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher1-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/.helmignore b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/.helmignore new file mode 100755 index 000000000..0e8a0eb36 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/Chart.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/Chart.yaml new file mode 100755 index 000000000..fba9162f2 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/Chart.yaml @@ -0,0 +1,15 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: windows + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-windows-exporter +apiVersion: v1 +appVersion: 0.0.4 +description: Sets up monitoring metrics from Windows nodes via Prometheus windows-exporter +maintainers: +- email: arvind.iyengar@rancher.com + name: aiyengar2 +name: windowsExporter +type: application +version: 0.1.0 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/README.md b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/README.md new file mode 100755 index 000000000..6115b6f25 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/README.md @@ -0,0 +1,17 @@ +# rancher-windows-exporter + +A Rancher chart based on the [prometheus-community/windows-exporter](https://github.com/prometheus-community/windows_exporter) project (previously called wmi-exporter) that sets up a DaemonSet of clients that can scrape windows-exporter metrics from Windows nodes on a Kubernetes cluster. + +A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR and PrometheusRule CR are also created by this chart to collect metrics and add some recording rules to map `windows_` series with their OS-agnostic counterparts. + +## Node Requirements + +Since Windows does not support privileged pods, this chart expects a Named Pipe (`\\.\pipe\rancher_wins`) to exist on the Windows host that allows containers to communicate with the host. This is done by deploying a [rancher/wins](https://github.com/rancher/wins) server on the host. + +The image used by the chart, [windows_exporter-package](https://github.com/rancher/windows_exporter-package), is configured to create a wins client that communicates with the wins server, alongside a running copy of a particular version of [windows-exporter](https://github.com/prometheus-community/windows_exporter). Through the wins client and wins server, the windows-exporter is able to communicate directly with the Windows host to collect metrics and expose them. + +If the cluster you are installing this chart on is a custom cluster that was created via RKE1 with Windows Support enabled, your nodes should already have the wins server running; this should have been added as part of [the bootstrapping process for adding the Windows node onto your RKE1 cluster](https://github.com/rancher/rancher/blob/master/package/windows/bootstrap.ps1). + +## Configuration + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for an example of how this chart can be used. diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/scripts/check-wins-version.ps1 b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/scripts/check-wins-version.ps1 new file mode 100755 index 000000000..0e46f79d5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/scripts/check-wins-version.ps1 @@ -0,0 +1,20 @@ +$ErrorActionPreference = 'Stop' + +$winsPath = "C:\Windows\wins.exe" +$minWinsVersion = [System.Version]"0.1.0" + +function Get-Wins-Version +{ + $winsAppInfo = Invoke-Expression "& $winsPath cli app info | ConvertFrom-Json" + return [System.Version]($winsAppInfo.Server.Version.substring(1)) +} + +# Wait till the wins version installed is at least v0.1.0 +$winsVersion = Get-Wins-Version +while ($winsVersion -lt $minWinsVersion) { + Write-Host $('wins on host must be at least v{0}, found v{1}. Checking again in 10 seconds...' -f $minWinsVersion, $winsVersion) + Start-Sleep -s 10 + $winsVersion = Get-Wins-Version +} + +Write-Host $('Detected wins version on host is v{0}, which is >v{1}. Continuing with installation...' -f $winsVersion, $minWinsVersion) diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/scripts/copy-binary.ps1 b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/scripts/copy-binary.ps1 new file mode 100755 index 000000000..a9a28df96 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/scripts/copy-binary.ps1 @@ -0,0 +1,40 @@ +$ErrorActionPreference = 'Stop' + +function Create-Directory +{ + param ( + [parameter(Mandatory = $false, ValueFromPipeline = $true)] [string]$Path + ) + + if (Test-Path -Path $Path) { + if (-not (Test-Path -Path $Path -PathType Container)) { + # clean the same path file + Remove-Item -Recurse -Force -Path $Path -ErrorAction Ignore | Out-Null + } + + return + } + + New-Item -Force -ItemType Directory -Path $Path | Out-Null +} + +function Transfer-File +{ + param ( + [parameter(Mandatory = $true)] [string]$Src, + [parameter(Mandatory = $true)] [string]$Dst + ) + + if (Test-Path -PathType leaf -Path $Dst) { + $dstHasher = Get-FileHash -Path $Dst + $srcHasher = Get-FileHash -Path $Src + if ($dstHasher.Hash -eq $srcHasher.Hash) { + return + } + } + + $null = Copy-Item -Force -Path $Src -Destination $Dst +} + +Create-Directory -Path "c:\host\etc\windows-exporter" +Transfer-File -Src "c:\etc\windows-exporter\windows-exporter.exe" -Dst "c:\host\etc\windows-exporter\windows-exporter.exe" \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/scripts/proxy-entry.ps1 b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/scripts/proxy-entry.ps1 new file mode 100755 index 000000000..9d0581b66 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/scripts/proxy-entry.ps1 @@ -0,0 +1,11 @@ +# default +$listenPort = "9796" + +if ($env:LISTEN_PORT) { + $listenPort = $env:LISTEN_PORT +} + +# format "UDP:4789 TCP:8080" +$winsPublish = $('TCP:{0}' -f $listenPort) + +wins.exe cli proxy --publish $winsPublish diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/scripts/run.ps1 b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/scripts/run.ps1 new file mode 100755 index 000000000..aaabd626a --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/scripts/run.ps1 @@ -0,0 +1,44 @@ +$ErrorActionPreference = 'Stop' + +function Create-Directory +{ + param ( + [parameter(Mandatory = $false, ValueFromPipeline = $true)] [string]$Path + ) + + if (Test-Path -Path $Path) { + if (-not (Test-Path -Path $Path -PathType Container)) { + # clean the same path file + Remove-Item -Recurse -Force -Path $Path -ErrorAction Ignore | Out-Null + } + + return + } + + New-Item -Force -ItemType Directory -Path $Path | Out-Null +} + +function Transfer-File +{ + param ( + [parameter(Mandatory = $true)] [string]$Src, + [parameter(Mandatory = $true)] [string]$Dst + ) + + if (Test-Path -PathType leaf -Path $Dst) { + $dstHasher = Get-FileHash -Path $Dst + $srcHasher = Get-FileHash -Path $Src + if ($dstHasher.Hash -eq $srcHasher.Hash) { + return + } + } + + $null = Copy-Item -Force -Path $Src -Destination $Dst +} + +# Copy binary +Create-Directory -Path "c:\host\etc\windows-exporter" +Transfer-File -Src "c:\etc\windows-exporter\windows-exporter.exe" -Dst "c:\host\etc\windows-exporter\windows-exporter.exe" + +# Run wins +Invoke-Expression -Command c:\entry.ps1 diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/_helpers.tpl new file mode 100755 index 000000000..7365b52f5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/_helpers.tpl @@ -0,0 +1,64 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# General + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +The components in this chart create additional resources that expand the longest created name strings. +The longest name that gets created adds and extra 37 characters, so truncation should be 63-35=26. +*/}} +{{- define "windowsExporter.name" -}} +{{ printf "%s-windows-exporter" .Release.Name }} +{{- end -}} + +{{- define "windowsExporter.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride -}} +{{- end -}} + +{{- define "windowsExporter.labels" -}} +k8s-app: {{ template "windowsExporter.name" . }} +release: {{ .Release.Name }} +component: "windows-exporter" +provider: kubernetes +{{- end -}} + +# Client + +{{- define "windowsExporter.client.nodeSelector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: windows +{{- else -}} +kubernetes.io/os: windows +{{- end -}} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector }} +{{- end }} +{{- end -}} + +{{- define "windowsExporter.client.tolerations" -}} +{{- if .Values.clients.tolerations -}} +{{ toYaml .Values.clients.tolerations }} +{{- else -}} +- operator: Exists +{{- end -}} +{{- end -}} + +{{- define "windowsExporter.client.env" -}} +- name: LISTEN_PORT + value: {{ required "Need .Values.clients.port to figure out where to get metrics from" .Values.clients.port | quote }} +{{- if .Values.clients.enabledCollectors }} +- name: ENABLED_COLLECTORS + value: {{ .Values.clients.enabledCollectors | quote }} +{{- end }} +{{- if .Values.clients.env }} +{{ toYaml .Values.clients.env }} +{{- end }} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/configmap.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/configmap.yaml new file mode 100755 index 000000000..c17b108df --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/configmap.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "windowsExporter.name" . }}-scripts + namespace: {{ template "windowsExporter.namespace" . }} + labels: {{ include "windowsExporter.labels" . | nindent 4 }} +data: +{{ (.Files.Glob "scripts/*").AsConfig | indent 2 }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/daemonset.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/daemonset.yaml new file mode 100755 index 000000000..f0fdea634 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/daemonset.yaml @@ -0,0 +1,74 @@ +{{- if .Values.clients }}{{ if .Values.clients.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "windowsExporter.name" . }} + namespace: {{ template "windowsExporter.namespace" . }} + labels: {{ include "windowsExporter.labels" . | nindent 4 }} +spec: + selector: + matchLabels: {{ include "windowsExporter.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "windowsExporter.labels" . | nindent 8 }} + spec: + nodeSelector: {{ include "windowsExporter.client.nodeSelector" . | nindent 8 }} + tolerations: {{ include "windowsExporter.client.tolerations" . | nindent 8 }} + serviceAccountName: {{ template "windowsExporter.name" . }} + containers: + - name: exporter-node-proxy + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: ["pwsh", "-f", "c:/scripts/proxy-entry.ps1"] + ports: + - name: http + containerPort: {{ required "Need .Values.clients.port to figure out where to get metrics from" .Values.clients.port }} + env: {{ include "windowsExporter.client.env" . | nindent 10 }} +{{- if .Values.resources }} + resources: {{ toYaml .Values.clients.proxy.resources | nindent 10 }} +{{- end }} + volumeMounts: + - name: wins-pipe-proxy + mountPath: \\.\pipe\rancher_wins_proxy + - name: exporter-scripts + mountPath: c:/scripts/ + - name: exporter-node + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: ["pwsh", "-f", "c:/scripts/run.ps1"] +{{- if .Values.clients.args }} + args: {{ .Values.clients.args }} +{{- end }} + env: {{ include "windowsExporter.client.env" . | nindent 10 }} +{{- if .Values.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} +{{- end }} + volumeMounts: + - name: wins-pipe + mountPath: \\.\pipe\rancher_wins + - name: binary-host-path + mountPath: c:/host/etc/windows-exporter + - name: exporter-scripts + mountPath: c:/scripts/ + initContainers: + - name: check-wins-version + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: ["pwsh", "-f", "c:/scripts/check-wins-version.ps1"] + volumeMounts: + - name: wins-pipe + mountPath: \\.\pipe\rancher_wins + - name: exporter-scripts + mountPath: c:/scripts/ + volumes: + - name: wins-pipe + hostPath: + path: \\.\pipe\rancher_wins + - name: wins-pipe-proxy + hostPath: + path: \\.\pipe\rancher_wins_proxy + - name: binary-host-path + hostPath: + path: c:/etc/windows-exporter + type: DirectoryOrCreate + - name: exporter-scripts + configMap: + name: {{ template "windowsExporter.name" . }}-scripts +{{- end }}{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/rbac.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/rbac.yaml new file mode 100755 index 000000000..ebec8f235 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/rbac.yaml @@ -0,0 +1,78 @@ +{{- if .Values.clients }}{{ if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "windowsExporter.name" . }} + namespace: {{ template "windowsExporter.namespace" . }} + labels: {{ include "windowsExporter.labels" . | nindent 4 }} +rules: +- apiGroups: ['authentication.k8s.io'] + resources: ['tokenreviews'] + verbs: ['create'] +- apiGroups: ['authorization.k8s.io'] + resources: ['subjectaccessreviews'] + verbs: ['create'] +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: ['{{ template "windowsExporter.name" . }}'] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "windowsExporter.name" . }} + namespace: {{ template "windowsExporter.namespace" . }} + labels: {{ include "windowsExporter.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "windowsExporter.name" . }} +subjects: +- kind: ServiceAccount + name: {{ template "windowsExporter.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "windowsExporter.name" . }} + namespace: {{ template "windowsExporter.namespace" . }} + labels: {{ include "windowsExporter.labels" . | nindent 4 }} +{{- if .Values.clients.imagePullSecrets }} +imagePullSecrets: {{ toYaml .Values.clients.imagePullSecrets | nindent 2 }} +{{- end }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "windowsExporter.name" . }} + namespace: {{ template "windowsExporter.namespace" . }} + labels: {{ include "windowsExporter.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' + - 'hostPath' + allowedHostPaths: + - pathPrefix: \\.\pipe\rancher_wins + - pathPrefix: \\.\pipe\rancher_wins_proxy + - pathPrefix: c:/etc/windows-exporter +{{- end }}{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/service.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/service.yaml new file mode 100755 index 000000000..944150e5c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/service.yaml @@ -0,0 +1,15 @@ +{{- if and .Values.serviceMonitor .Values.clients }}{{- if and .Values.serviceMonitor.enabled .Values.clients.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "windowsExporter.name" . }} + namespace: {{ template "windowsExporter.namespace" . }} + labels: {{ include "windowsExporter.labels" . | nindent 4 }} +spec: + ports: + - name: windows-metrics + port: {{ required "Need .Values.clients.port to figure out where to get metrics from" .Values.clients.port }} + protocol: TCP + targetPort: {{ .Values.clients.port }} + selector: {{ include "windowsExporter.labels" . | nindent 4 }} +{{- end }}{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/servicemonitor.yaml new file mode 100755 index 000000000..a2c2f0b54 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/templates/servicemonitor.yaml @@ -0,0 +1,44 @@ +{{- if and .Values.serviceMonitor .Values.clients }}{{- if and .Values.serviceMonitor.enabled .Values.clients.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: {{ include "windowsExporter.labels" . | nindent 4 }} + name: {{ template "windowsExporter.name" . }} + namespace: {{ template "windowsExporter.namespace" . }} +spec: + selector: + matchLabels: {{ include "windowsExporter.labels" . | nindent 6 }} + namespaceSelector: + matchNames: + - {{ template "windowsExporter.namespace" . }} + jobLabel: component + podTargetLabels: + - component + endpoints: + - port: windows-metrics + metricRelabelings: + - sourceLabels: [__name__] + regex: 'wmi_(.*)' + replacement: 'windows_$1' + targetLabel: __name__ + - sourceLabels: [__name__] + regex: windows_mssql_transactions_active_total + replacement: 'windows_mssql_transactions_active' + targetLabel: __name__ + - sourceLabels: [volume, nic] + regex: (.*);(.*) + separator: '' + targetLabel: device + action: replace + replacement: $1$2 + - sourceLabels: [__name__] + regex: windows_cs_logical_processors + replacement: 'system' + targetLabel: mode + relabelings: + - separator: ':' + sourceLabels: + - __meta_kubernetes_pod_host_ip + - __meta_kubernetes_pod_container_port_number + targetLabel: instance +{{- end }}{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/values.yaml new file mode 100755 index 000000000..a75fbc34f --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/charts/windowsExporter/values.yaml @@ -0,0 +1,44 @@ +# Default values for rancher-windows-exporter. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +# Configure ServiceMonitor that monitors metrics +serviceMonitor: + enabled: true + +## Components scraping metrics from Windows nodes +## +clients: + enabled: true + + port: 9796 + image: + repository: rancher/windows_exporter-package + tag: v0.0.1 + + # Specify the IP addresses of nodes that you want to collect metrics from + endpoints: [] + + # Get more details on https://github.com/prometheus-community/windows_exporter + args: [] + env: {} + enabledCollectors: "net,os,service,system,cpu,cs,logical_disk,tcp,memory,container" + + # Resource limits + resources: {} + + # Options to select nodes to target for scraping Windows metrics + nodeSelector: {} # Note: {kubernetes.io/os: windows} is default and cannot be overridden + tolerations: [] # Note: if not specified, the default option is to use [{operator: Exists}] + + # Image Pull Secrets for the service account used by the clients + imagePullSecrets: {} + + proxy: + resources: {} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/ingress-nginx/nginx.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/ingress-nginx/nginx.json new file mode 100755 index 000000000..347c9eb05 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/ingress-nginx/nginx.json @@ -0,0 +1,1463 @@ +{ + "__inputs": [ + { + "name": "DS_PROMETHEUS", + "label": "Prometheus", + "description": "", + "type": "datasource", + "pluginId": "prometheus", + "pluginName": "Prometheus" + } + ], + "__requires": [ + { + "type": "grafana", + "id": "grafana", + "name": "Grafana", + "version": "5.2.1" + }, + { + "type": "datasource", + "id": "prometheus", + "name": "Prometheus", + "version": "5.0.0" + }, + { + "type": "panel", + "id": "singlestat", + "name": "Singlestat", + "version": "5.0.0" + } + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + }, + { + "datasource": "${DS_PROMETHEUS}", + "enable": true, + "expr": "sum(changes(nginx_ingress_controller_config_last_reload_successful_timestamp_seconds{instance!=\"unknown\",controller_class=~\"$controller_class\",namespace=~\"$namespace\"}[30s])) by (controller_class)", + "hide": false, + "iconColor": "rgba(255, 96, 96, 1)", + "limit": 100, + "name": "Config Reloads", + "showIn": 0, + "step": "30s", + "tagKeys": "controller_class", + "tags": [], + "titleFormat": "Config Reloaded", + "type": "tags" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "iteration": 1534359654832, + "links": [], + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "datasource": "${DS_PROMETHEUS}", + "format": "ops", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 6, + "x": 0, + "y": 0 + }, + "id": 20, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": true, + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "round(sum(irate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\"}[2m])), 0.001)", + "format": "time_series", + "intervalFactor": 1, + "refId": "A", + "step": 4 + } + ], + "thresholds": "", + "title": "Controller Request Volume", + "transparent": false, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "avg" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "datasource": "${DS_PROMETHEUS}", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 6, + "x": 6, + "y": 0 + }, + "id": 82, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": true, + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(avg_over_time(nginx_ingress_controller_nginx_process_connections{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",state=\"active\"}[2m]))", + "format": "time_series", + "instant": false, + "intervalFactor": 1, + "refId": "A", + "step": 4 + } + ], + "thresholds": "", + "title": "Controller Connections", + "transparent": false, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "avg" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "datasource": "${DS_PROMETHEUS}", + "format": "percentunit", + "gauge": { + "maxValue": 100, + "minValue": 80, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": false + }, + "gridPos": { + "h": 3, + "w": 6, + "x": 12, + "y": 0 + }, + "id": 21, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": true, + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(rate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\",status!~\"[4-5].*\"}[2m])) / sum(rate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\"}[2m]))", + "format": "time_series", + "intervalFactor": 1, + "refId": "A", + "step": 4 + } + ], + "thresholds": "95, 99, 99.5", + "title": "Controller Success Rate (non-4|5xx responses)", + "transparent": false, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "avg" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "datasource": "${DS_PROMETHEUS}", + "decimals": 0, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 18, + "y": 0 + }, + "id": 81, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": true, + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "avg(irate(nginx_ingress_controller_success{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\"}[1m])) * 60", + "format": "time_series", + "instant": false, + "intervalFactor": 1, + "refId": "A", + "step": 4 + } + ], + "thresholds": "", + "title": "Config Reloads", + "transparent": false, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "total" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "datasource": "${DS_PROMETHEUS}", + "decimals": 0, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 21, + "y": 0 + }, + "id": 83, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": true, + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "count(nginx_ingress_controller_config_last_reload_successful{controller_pod=~\"$controller\",controller_namespace=~\"$namespace\"} == 0)", + "format": "time_series", + "instant": true, + "intervalFactor": 1, + "refId": "A", + "step": 4 + } + ], + "thresholds": "", + "title": "Last Config Failed", + "transparent": false, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "avg" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "decimals": 2, + "editable": true, + "error": false, + "fill": 1, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 3 + }, + "height": "200px", + "id": 86, + "isNew": true, + "legend": { + "alignAsTable": true, + "avg": true, + "current": false, + "hideEmpty": false, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": 300, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "repeatDirection": "h", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "round(sum(irate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (ingress), 0.001)", + "format": "time_series", + "hide": false, + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ ingress }}", + "metric": "network", + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Ingress Request Volume", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 2, + "value_type": "cumulative" + }, + "transparent": false, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "reqps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "max - istio-proxy": "#890f02", + "max - master": "#bf1b00", + "max - prometheus": "#bf1b00" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "decimals": 2, + "editable": false, + "error": false, + "fill": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 3 + }, + "id": 87, + "isNew": true, + "legend": { + "alignAsTable": true, + "avg": true, + "current": false, + "hideEmpty": true, + "hideZero": false, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": 300, + "sort": "avg", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\",ingress=~\"$ingress\",status!~\"[4-5].*\"}[2m])) by (ingress) / sum(rate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (ingress)", + "format": "time_series", + "instant": false, + "interval": "10s", + "intervalFactor": 1, + "legendFormat": "{{ ingress }}", + "metric": "container_memory_usage:sort_desc", + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Ingress Success Rate (non-4|5xx responses)", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 1, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "decimals": 2, + "editable": true, + "error": false, + "fill": 1, + "grid": {}, + "gridPos": { + "h": 6, + "w": 8, + "x": 0, + "y": 10 + }, + "height": "200px", + "id": 32, + "isNew": true, + "legend": { + "alignAsTable": false, + "avg": true, + "current": true, + "max": false, + "min": false, + "rightSide": false, + "show": false, + "sideWidth": 200, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum (irate (nginx_ingress_controller_request_size_sum{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\"}[2m]))", + "format": "time_series", + "instant": false, + "interval": "10s", + "intervalFactor": 1, + "legendFormat": "Received", + "metric": "network", + "refId": "A", + "step": 10 + }, + { + "expr": "- sum (irate (nginx_ingress_controller_response_size_sum{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\"}[2m]))", + "format": "time_series", + "hide": false, + "interval": "10s", + "intervalFactor": 1, + "legendFormat": "Sent", + "metric": "network", + "refId": "B", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Network I/O pressure", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "transparent": false, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "max - istio-proxy": "#890f02", + "max - master": "#bf1b00", + "max - prometheus": "#bf1b00" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "decimals": 2, + "editable": false, + "error": false, + "fill": 0, + "grid": {}, + "gridPos": { + "h": 6, + "w": 8, + "x": 8, + "y": 10 + }, + "id": 77, + "isNew": true, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": false, + "min": false, + "rightSide": false, + "show": false, + "sideWidth": 200, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "avg(nginx_ingress_controller_nginx_process_resident_memory_bytes{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\"}) ", + "format": "time_series", + "instant": false, + "interval": "10s", + "intervalFactor": 1, + "legendFormat": "nginx", + "metric": "container_memory_usage:sort_desc", + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Average Memory Usage", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 2, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "max - istio-proxy": "#890f02", + "max - master": "#bf1b00" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "decimals": 3, + "editable": false, + "error": false, + "fill": 0, + "grid": {}, + "gridPos": { + "h": 6, + "w": 8, + "x": 16, + "y": 10 + }, + "height": "", + "id": 79, + "isNew": true, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": false, + "min": false, + "rightSide": false, + "show": false, + "sort": null, + "sortDesc": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "avg (rate (nginx_ingress_controller_nginx_process_cpu_seconds_total{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\"}[2m])) ", + "format": "time_series", + "interval": "10s", + "intervalFactor": 1, + "legendFormat": "nginx", + "metric": "container_cpu", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + { + "colorMode": "critical", + "fill": true, + "line": true, + "op": "gt" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "Average CPU Usage", + "tooltip": { + "msResolution": true, + "shared": true, + "sort": 2, + "value_type": "cumulative" + }, + "transparent": false, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "none", + "label": "cores", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "columns": [], + "datasource": "${DS_PROMETHEUS}", + "fontSize": "100%", + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 16 + }, + "hideTimeOverride": false, + "id": 75, + "links": [], + "pageSize": 7, + "repeat": null, + "repeatDirection": "h", + "scroll": true, + "showHeader": true, + "sort": { + "col": 1, + "desc": true + }, + "styles": [ + { + "alias": "Ingress", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "ingress", + "preserveFormat": false, + "sanitize": false, + "thresholds": [], + "type": "string", + "unit": "short" + }, + { + "alias": "Requests", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "Value #A", + "thresholds": [ + "" + ], + "type": "number", + "unit": "ops" + }, + { + "alias": "Errors", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "Value #B", + "thresholds": [], + "type": "number", + "unit": "ops" + }, + { + "alias": "P50 Latency", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "link": false, + "pattern": "Value #C", + "thresholds": [], + "type": "number", + "unit": "dtdurations" + }, + { + "alias": "P90 Latency", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "pattern": "Value #D", + "thresholds": [], + "type": "number", + "unit": "dtdurations" + }, + { + "alias": "P99 Latency", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "pattern": "Value #E", + "thresholds": [], + "type": "number", + "unit": "dtdurations" + }, + { + "alias": "IN", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "Value #F", + "thresholds": [ + "" + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "Time", + "thresholds": [], + "type": "hidden", + "unit": "short" + }, + { + "alias": "OUT", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "mappingType": 1, + "pattern": "Value #G", + "thresholds": [], + "type": "number", + "unit": "Bps" + } + ], + "targets": [ + { + "expr": "histogram_quantile(0.50, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (le, ingress))", + "format": "table", + "hide": false, + "instant": true, + "intervalFactor": 1, + "legendFormat": "{{ ingress }}", + "refId": "C" + }, + { + "expr": "histogram_quantile(0.90, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (le, ingress))", + "format": "table", + "hide": false, + "instant": true, + "intervalFactor": 1, + "legendFormat": "{{ ingress }}", + "refId": "D" + }, + { + "expr": "histogram_quantile(0.99, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (le, ingress))", + "format": "table", + "hide": false, + "instant": true, + "intervalFactor": 1, + "legendFormat": "{{ destination_service }}", + "refId": "E" + }, + { + "expr": "sum(irate(nginx_ingress_controller_request_size_sum{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (ingress)", + "format": "table", + "hide": false, + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ ingress }}", + "refId": "F" + }, + { + "expr": "sum(irate(nginx_ingress_controller_response_size_sum{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (ingress)", + "format": "table", + "instant": true, + "intervalFactor": 1, + "legendFormat": "{{ ingress }}", + "refId": "G" + } + ], + "timeFrom": null, + "title": "Ingress Percentile Response Times and Transfer Rates", + "transform": "table", + "transparent": false, + "type": "table" + }, + { + "columns": [ + { + "text": "Current", + "value": "current" + } + ], + "datasource": "${DS_PROMETHEUS}", + "fontSize": "100%", + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 24 + }, + "height": "1024", + "id": 85, + "links": [], + "pageSize": 7, + "scroll": true, + "showHeader": true, + "sort": { + "col": 1, + "desc": false + }, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "date" + }, + { + "alias": "TTL", + "colorMode": "cell", + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "pattern": "Current", + "thresholds": [ + "0", + "691200" + ], + "type": "number", + "unit": "s" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "decimals": 2, + "pattern": "/.*/", + "thresholds": [], + "type": "number", + "unit": "short" + } + ], + "targets": [ + { + "expr": "avg(nginx_ingress_controller_ssl_expire_time_seconds{kubernetes_pod_name=~\"$controller\",namespace=~\"$namespace\",ingress=~\"$ingress\"}) by (host) - time()", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{ host }}", + "metric": "gke_letsencrypt_cert_expiration", + "refId": "A", + "step": 1 + } + ], + "title": "Ingress Certificate Expiry", + "transform": "timeseries_aggregations", + "type": "table" + } + ], + "refresh": "5s", + "schemaVersion": 16, + "style": "dark", + "tags": [ + "nginx" + ], + "templating": { + "list": [ + { + "hide": 0, + "label": "datasource", + "name": "DS_PROMETHEUS", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": ".*", + "current": { + "text": "All", + "value": "$__all" + }, + "datasource": "${DS_PROMETHEUS}", + "hide": 0, + "includeAll": true, + "label": "Namespace", + "multi": false, + "name": "namespace", + "options": [], + "query": "label_values(nginx_ingress_controller_config_hash, controller_namespace)", + "refresh": 1, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": ".*", + "current": { + "text": "All", + "value": "$__all" + }, + "datasource": "${DS_PROMETHEUS}", + "hide": 0, + "includeAll": true, + "label": "Controller Class", + "multi": false, + "name": "controller_class", + "options": [], + "query": "label_values(nginx_ingress_controller_config_hash{namespace=~\"$namespace\"}, controller_class) ", + "refresh": 1, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": ".*", + "current": { + "text": "All", + "value": "$__all" + }, + "datasource": "${DS_PROMETHEUS}", + "hide": 0, + "includeAll": true, + "label": "Controller", + "multi": false, + "name": "controller", + "options": [], + "query": "label_values(nginx_ingress_controller_config_hash{namespace=~\"$namespace\",controller_class=~\"$controller_class\"}, controller_pod) ", + "refresh": 1, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": ".*", + "current": { + "tags": [], + "text": "All", + "value": "$__all" + }, + "datasource": "${DS_PROMETHEUS}", + "hide": 0, + "includeAll": true, + "label": "Ingress", + "multi": false, + "name": "ingress", + "options": [], + "query": "label_values(nginx_ingress_controller_requests{namespace=~\"$namespace\",controller_class=~\"$controller_class\",controller=~\"$controller\"}, ingress) ", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "2m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "browser", + "title": "NGINX / Ingress Controller", + "uid": "nginx", + "version": 1 +} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/ingress-nginx/request-handling-performance.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/ingress-nginx/request-handling-performance.json new file mode 100755 index 000000000..5635ae976 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/ingress-nginx/request-handling-performance.json @@ -0,0 +1,981 @@ +{ + "__inputs": [ + { + "name": "DS_PROMETHEUS", + "label": "Prometheus", + "description": "", + "type": "datasource", + "pluginId": "prometheus", + "pluginName": "Prometheus" + } + ], + "__requires": [ + { + "type": "grafana", + "id": "grafana", + "name": "Grafana", + "version": "6.6.0" + }, + { + "type": "panel", + "id": "graph", + "name": "Graph", + "version": "" + }, + { + "type": "datasource", + "id": "prometheus", + "name": "Prometheus", + "version": "1.0.0" + } + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "description": "", + "editable": true, + "gnetId": 9614, + "graphTooltip": 1, + "id": null, + "iteration": 1582146566338, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "description": "Total time taken for nginx and upstream servers to process a request and send a response", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 91, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(\n 0.5,\n sum by (le)(\n rate(\n nginx_ingress_controller_request_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", + "interval": "", + "legendFormat": ".5", + "refId": "D" + }, + { + "expr": "histogram_quantile(\n 0.95,\n sum by (le)(\n rate(\n nginx_ingress_controller_request_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", + "interval": "", + "legendFormat": ".95", + "refId": "B" + }, + { + "expr": "histogram_quantile(\n 0.99,\n sum by (le)(\n rate(\n nginx_ingress_controller_request_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", + "interval": "", + "legendFormat": ".99", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Total request handling time", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "description": "The time spent on receiving the response from the upstream server", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 0 + }, + "hiddenSeries": false, + "id": 94, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(\n 0.5,\n sum by (le)(\n rate(\n nginx_ingress_controller_response_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": ".5", + "refId": "D" + }, + { + "expr": "histogram_quantile(\n 0.95,\n sum by (le)(\n rate(\n nginx_ingress_controller_response_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", + "interval": "", + "legendFormat": ".95", + "refId": "B" + }, + { + "expr": "histogram_quantile(\n 0.99,\n sum by (le)(\n rate(\n nginx_ingress_controller_response_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", + "interval": "", + "legendFormat": ".99", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Upstream response time", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 8 + }, + "hiddenSeries": false, + "id": 93, + "legend": { + "alignAsTable": true, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": " sum by (path)(\n rate(\n nginx_ingress_controller_request_duration_seconds_count{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ path }}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Request volume by Path", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "reqps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "description": "For each path observed, its median upstream response time", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 8 + }, + "hiddenSeries": false, + "id": 98, + "legend": { + "alignAsTable": true, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(\n .5,\n sum by (le, path)(\n rate(\n nginx_ingress_controller_response_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ path }}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Median upstream response time by Path", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "description": "Percentage of 4xx and 5xx responses among all responses.", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 16 + }, + "hiddenSeries": false, + "id": 100, + "legend": { + "alignAsTable": true, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null as zero", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (path) (rate(nginx_ingress_controller_request_duration_seconds_count{\n ingress = \"$ingress\",\n status =~ \"[4-5].*\"\n}[1m])) / sum by (path) (rate(nginx_ingress_controller_request_duration_seconds_count{\n ingress = \"$ingress\",\n}[1m]))", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ path }}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Response error rate by Path", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "description": "For each path observed, the sum of upstream request time", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 16 + }, + "hiddenSeries": false, + "id": 102, + "legend": { + "alignAsTable": true, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (path) (rate(nginx_ingress_controller_response_duration_seconds_sum{ingress = \"$ingress\"}[1m]))", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ path }}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Upstream time consumed by Path", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 24 + }, + "hiddenSeries": false, + "id": 101, + "legend": { + "alignAsTable": true, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": " sum (\n rate(\n nginx_ingress_controller_request_duration_seconds_count{\n ingress =~ \"$ingress\",\n status =~\"[4-5].*\",\n }[1m]\n )\n ) by(path, status)\n", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ path }} {{ status }}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Response error volume by Path", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "reqps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 24 + }, + "hiddenSeries": false, + "id": 99, + "legend": { + "alignAsTable": true, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum (\n rate (\n nginx_ingress_controller_response_size_sum {\n ingress =~ \"$ingress\",\n }[1m]\n )\n) by (path) / sum (\n rate(\n nginx_ingress_controller_response_size_count {\n ingress =~ \"$ingress\",\n }[1m]\n )\n) by (path)\n", + "hide": false, + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ path }}", + "refId": "D" + }, + { + "expr": " sum (rate(nginx_ingress_controller_response_size_bucket{\n namespace =~ \"$namespace\",\n ingress =~ \"$ingress\",\n }[1m])) by (le)\n", + "hide": true, + "legendFormat": "{{le}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Average response size by Path", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "decbytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 32 + }, + "hiddenSeries": false, + "id": 96, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum (\n rate(\n nginx_ingress_controller_ingress_upstream_latency_seconds_sum {\n ingress =~ \"$ingress\",\n }[1m]\n)) / sum (\n rate(\n nginx_ingress_controller_ingress_upstream_latency_seconds_count {\n ingress =~ \"$ingress\",\n }[1m]\n )\n)\n", + "hide": false, + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "average", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Upstream service latency", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "refresh": "30s", + "schemaVersion": 22, + "style": "dark", + "tags": [ + "nginx" + ], + "templating": { + "list": [ + { + "hide": 0, + "label": "datasource", + "name": "DS_PROMETHEUS", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": ".*", + "current": {}, + "datasource": "${DS_PROMETHEUS}", + "definition": "label_values(nginx_ingress_controller_requests, ingress) ", + "hide": 0, + "includeAll": true, + "label": "Service Ingress", + "multi": false, + "name": "ingress", + "options": [], + "query": "label_values(nginx_ingress_controller_requests, ingress) ", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 2, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-15m", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "2m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "browser", + "title": "NGINX / Request Handling Performance", + "uid": "4GFbkOsZk", + "version": 1 + } diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/cluster/rancher-cluster-nodes.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/cluster/rancher-cluster-nodes.json new file mode 100755 index 000000000..b8c1ab7e6 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/cluster/rancher-cluster-nodes.json @@ -0,0 +1,776 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 28, + "links": [], + "panels": [ + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\",mode=\"idle\"}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "{{instance}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Load[5m] ({{instance}})" + }, + "properties": [] + } + ] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(node_load5 OR avg_over_time(windows_system_processor_queue_length[5m])) by (instance)", + "interval": "", + "legendFormat": "Load[5m] ({{instance}})", + "refId": "A" + }, + { + "expr": "sum(node_load1 OR avg_over_time(windows_system_processor_queue_length[1m])) by (instance)", + "interval": "", + "legendFormat": "Load[1m] ({{instance}})", + "refId": "B" + }, + { + "expr": "sum(node_load15 OR avg_over_time(windows_system_processor_queue_length[15m])) by (instance)", + "interval": "", + "legendFormat": "Load[15m] ({{instance}})", + "refId": "C" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Load Average", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - sum(node_memory_MemAvailable_bytes OR windows_os_physical_memory_free_bytes) by (instance) / sum(node_memory_MemTotal_bytes OR windows_cs_physical_memory_bytes) by (instance) ", + "interval": "", + "legendFormat": "{{instance}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - (sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"} OR windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) by (instance) / sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"} OR windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) by (instance))", + "interval": "", + "legendFormat": "{{instance}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(node_disk_read_bytes_total[$__rate_interval]) OR rate(windows_logical_disk_read_bytes_total[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Read ({{instance}})", + "refId": "A" + }, + { + "expr": "sum(rate(node_disk_written_bytes_total[$__rate_interval]) OR rate(windows_logical_disk_write_bytes_total[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Write ({{instance}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 7 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(node_network_receive_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance) OR sum(rate(windows_net_packets_received_errors{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Receive Errors ({{instance}})", + "refId": "A" + }, + { + "expr": "sum(rate(node_network_receive_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance) OR sum(rate(windows_net_packets_received_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Receive Total ({{instance}})", + "refId": "B" + }, + { + "expr": "sum(rate(node_network_transmit_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance) OR sum(rate(windows_net_packets_outbound_errors{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Transmit Errors ({{instance}})", + "refId": "C" + }, + { + "expr": "sum(rate(node_network_receive_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance) OR sum(rate(windows_net_packets_received_discarded{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Receive Dropped ({{instance}})", + "refId": "D" + }, + { + "expr": "sum(rate(node_network_transmit_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance) OR sum(rate(windows_net_packets_outbound_discarded{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Transmit Dropped ({{instance}})", + "refId": "E" + }, + { + "expr": "sum(rate(node_network_transmit_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance) OR sum(rate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Transmit Total ({{instance}})", + "refId": "F" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Traffic", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 14 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(node_network_transmit_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval]) OR rate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Transmit Total ({{instance}})", + "refId": "A" + }, + { + "expr": "sum(rate(node_network_receive_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval]) OR rate(windows_net_packets_received_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Receive Total ({{instance}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Cluster (Nodes)", + "uid": "rancher-cluster-nodes-1", + "version": 3 +} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/cluster/rancher-cluster.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/cluster/rancher-cluster.json new file mode 100755 index 000000000..29cc91675 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/cluster/rancher-cluster.json @@ -0,0 +1,759 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 28, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\",mode=\"idle\"}[$__rate_interval]))", + "legendFormat": "Total", + "interval": "", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Load[5m]" + }, + "properties": [] + } + ] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(node_load5 OR avg_over_time(windows_system_processor_queue_length[5m]))", + "interval": "", + "legendFormat": "Load[5m]", + "refId": "A" + }, + { + "expr": "sum(node_load1 OR avg_over_time(windows_system_processor_queue_length[1m]))", + "interval": "", + "legendFormat": "Load[1m]", + "refId": "B" + }, + { + "expr": "sum(node_load15 OR avg_over_time(windows_system_processor_queue_length[15m]))", + "interval": "", + "legendFormat": "Load[15m]", + "refId": "C" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Load Average", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - sum(node_memory_MemAvailable_bytes OR windows_os_physical_memory_free_bytes) / sum(node_memory_MemTotal_bytes OR windows_cs_physical_memory_bytes)", + "legendFormat": "Total", + "interval": "", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - (sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"} OR windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) / sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"} OR windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}))", + "legendFormat": "Total", + "interval": "", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(node_disk_read_bytes_total[$__rate_interval]) OR rate(windows_logical_disk_read_bytes_total[$__rate_interval]))", + "interval": "", + "legendFormat": "Read", + "refId": "A" + }, + { + "expr": "sum(rate(node_disk_written_bytes_total[$__rate_interval]) OR rate(windows_logical_disk_write_bytes_total[$__rate_interval]))", + "interval": "", + "legendFormat": "Write", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 7 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(rate(node_network_receive_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_received_errors{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) OR on() vector(0))", + "interval": "", + "legendFormat": "Receive Errors", + "refId": "A" + }, + { + "expr": "(sum(rate(node_network_receive_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_received_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) OR on() vector(0))", + "interval": "", + "legendFormat": "Receive Total", + "refId": "B" + }, + { + "expr": "(sum(rate(node_network_transmit_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_outbound_errors{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) OR on() vector(0))", + "interval": "", + "legendFormat": "Transmit Errors", + "refId": "C" + }, + { + "expr": "(sum(rate(node_network_receive_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_received_discarded{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) OR on() vector(0))", + "interval": "", + "legendFormat": "Receive Dropped", + "refId": "D" + }, + { + "expr": "(sum(rate(node_network_transmit_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_outbound_discarded{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) OR on() vector(0))", + "interval": "", + "legendFormat": "Transmit Dropped", + "refId": "E" + }, + { + "expr": "(sum(rate(node_network_transmit_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) OR on() vector(0))", + "interval": "", + "legendFormat": "Transmit Total", + "refId": "F" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Traffic", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 14 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(node_network_transmit_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval]) OR rate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval]))", + "interval": "", + "legendFormat": "Transmit Total", + "refId": "A" + }, + { + "expr": "sum(rate(node_network_receive_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval]) OR rate(windows_net_packets_received_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval]))", + "interval": "", + "legendFormat": "Receive Total", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Cluster", + "uid": "rancher-cluster-1", + "version": 3 +} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/etcd/etcd-metrics-detail.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/etcd/etcd-metrics-detail.json new file mode 100755 index 000000000..fbe71108e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/etcd/etcd-metrics-detail.json @@ -0,0 +1,662 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 32, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(etcd_network_client_grpc_received_bytes_total{job=\"kube-etcd\"}[5m])) by (instance)", + "interval": "", + "legendFormat": "Client traffic in({{instance}})", + "refId": "A" + }, + { + "expr": "sum(rate(etcd_network_client_grpc_sent_bytes_total{job=\"kube-etcd\"}[5m])) by (instance)", + "interval": "", + "legendFormat": "Client traffic out({{instance}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "GRPC Client Traffic", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "Kbits", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Load5({{instance}})" + }, + "properties": [] + } + ] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(etcd_debugging_mvcc_db_total_size_in_bytes) by (instance)", + "interval": "", + "legendFormat": "DB size({{instance}})", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "DB Size", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(grpc_server_started_total{grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"}) by (instance) - sum(grpc_server_handled_total{grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"}) by (instance)", + "interval": "", + "legendFormat": "Watch streams({{instance}})", + "refId": "A" + }, + { + "expr": "sum(grpc_server_started_total{grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"}) by (instance) - sum(grpc_server_handled_total{grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"}) by (instance)", + "interval": "", + "legendFormat": "Lease watch stream({{instance}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Active Streams", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(etcd_server_proposals_committed_total[5m])) by (instance)", + "interval": "", + "legendFormat": "Proposal commit rate({{instance}})", + "refId": "A" + }, + { + "expr": "sum(rate(etcd_server_proposals_applied_total[5m])) by (instance)", + "interval": "", + "legendFormat": "Proposal applied({{instance}})", + "refId": "B" + }, + { + "expr": "sum(rate(etcd_server_proposals_failed_total[5m])) by (instance)", + "interval": "", + "legendFormat": "Proposal failed({{instance}})", + "refId": "C" + }, + { + "expr": "sum(etcd_server_proposals_pending) by (instance)", + "interval": "", + "legendFormat": "Proposal pending({{instance}})", + "refId": "D" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Raft Proposals", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(grpc_server_started_total{grpc_type=\"unary\"}[5m])) by (instance)", + "interval": "", + "legendFormat": "Rpc rate({{instance}})", + "refId": "A" + }, + { + "expr": "sum(rate(grpc_server_handled_total{grpc_type=\"unary\",grpc_code!=\"OK\"}[5m])) by (instance)", + "interval": "", + "legendFormat": "Rpc failed rate ({{instance}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "RPC Rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 0, + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "decimals": null, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 7 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_wal_fsync_duration_seconds_bucket[5m])) by (instance, le))", + "interval": "", + "legendFormat": "WAL fsync({{instance}})", + "refId": "A" + }, + { + "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_backend_commit_duration_seconds_bucket[5m])) by (instance, le))", + "interval": "", + "legendFormat": "DB fsync({{instance}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk Sync Duration", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 2, + "format": "ms", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-5m", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Etcd Metrics Detail", + "uid": "rancher-etcd-detail-1", + "version": 5 + } \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/etcd/etcd-metrics-summary.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/etcd/etcd-metrics-summary.json new file mode 100755 index 000000000..7ff64ee5f --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/etcd/etcd-metrics-summary.json @@ -0,0 +1,662 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 33, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(etcd_network_client_grpc_received_bytes_total{job=\"kube-etcd\"}[5m]))", + "interval": "", + "legendFormat": "Client traffic in", + "refId": "A" + }, + { + "expr": "sum(rate(etcd_network_client_grpc_sent_bytes_total{job=\"kube-etcd\"}[5m]))", + "interval": "", + "legendFormat": "Client traffic out", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "GRPC Client Traffic", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "Kbits", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Load5({{instance}})" + }, + "properties": [] + } + ] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(etcd_debugging_mvcc_db_total_size_in_bytes)", + "interval": "", + "legendFormat": "DB size", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "DB Size", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(grpc_server_started_total{grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"}) - sum(grpc_server_handled_total{grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"})", + "interval": "", + "legendFormat": "Watch streams", + "refId": "A" + }, + { + "expr": "sum(grpc_server_started_total{grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"}) - sum(grpc_server_handled_total{grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"})", + "interval": "", + "legendFormat": "Lease watch stream", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Active Streams", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(etcd_server_proposals_committed_total[5m]))", + "interval": "", + "legendFormat": "Proposal commit rate", + "refId": "A" + }, + { + "expr": "sum(rate(etcd_server_proposals_applied_total[5m]))", + "interval": "", + "legendFormat": "Proposal applied", + "refId": "B" + }, + { + "expr": "sum(rate(etcd_server_proposals_failed_total[5m]))", + "interval": "", + "legendFormat": "Proposal failed", + "refId": "C" + }, + { + "expr": "sum(etcd_server_proposals_pending)", + "interval": "", + "legendFormat": "Proposal pending", + "refId": "D" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Raft Proposals", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(grpc_server_started_total{grpc_type=\"unary\"}[5m]))", + "interval": "", + "legendFormat": "Rpc rate", + "refId": "A" + }, + { + "expr": "sum(rate(grpc_server_handled_total{grpc_type=\"unary\",grpc_code!=\"OK\"}[5m]))", + "interval": "", + "legendFormat": "Rpc failed rate", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "RPC Rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 0, + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "decimals": null, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 7 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_wal_fsync_duration_seconds_bucket[5m])) by (instance, le))", + "interval": "", + "legendFormat": "WAL fsync", + "refId": "A" + }, + { + "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_backend_commit_duration_seconds_bucket[5m])) by (instance, le))", + "interval": "", + "legendFormat": "DB fsync", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk Sync Duration", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 2, + "format": "ms", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-5m", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Etcd Metrics Summary", + "uid": "rancher-etcd-summary-1", + "version": 4 + } \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/home/rancher-default-home-with-windows.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/home/rancher-default-home-with-windows.json new file mode 100755 index 000000000..4ff6e4e54 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/home/rancher-default-home-with-windows.json @@ -0,0 +1,1275 @@ +{ + "annotations": { + "list": [ + ] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 0, + "id": null, + "links": [], + "panels": [ + { + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 1, + "title": "", + "type": "welcome" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 5, + "w": 8, + "x": 0, + "y": 4 + }, + "height": "180px", + "id": 6, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "(1 - avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\",mode=\"idle\"}[5m]))) * 100", + "format": "time_series", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "65, 90", + "title": "CPU usage (5m avg)", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 5, + "w": 8, + "x": 8, + "y": 4 + }, + "height": "180px", + "id": 4, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "(1 - sum({__name__=~\"node_memory_MemAvailable_bytes|windows_os_physical_memory_free_bytes\"}) / sum({__name__=~\"node_memory_MemTotal_bytes|windows_cs_physical_memory_bytes\"})) * 100", + "format": "time_series", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "65, 90", + "title": "Memory usage", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 5, + "w": 8, + "x": 16, + "y": 4 + }, + "height": "180px", + "id": 7, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "(1 - ((sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"}) + (sum(windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) OR on() vector(0))) / (sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"}) + (sum(windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) OR on() vector(0))))) * 100", + "format": "time_series", + "interval": "10s", + "intervalFactor": 1, + "legendFormat": "", + "metric": "", + "refId": "A", + "step": 10 + } + ], + "thresholds": "65, 90", + "title": "Filesystem usage", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 0, + "y": 9 + }, + "height": "1px", + "id": 11, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": " cores", + "postfixFontSize": "30%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "(1 - (avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\",mode=\"idle\"}[5m])))) * sum(kube_node_status_allocatable_cpu_cores{})", + "format": "time_series", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "Used", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 4, + "y": 9 + }, + "height": "1px", + "id": 12, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": " cores", + "postfixFontSize": "30%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum (kube_node_status_allocatable_cpu_cores{})", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "Total", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "bytes", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 8, + "y": 9 + }, + "height": "1px", + "id": 9, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "20%", + "prefix": "", + "prefixFontSize": "20%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum({__name__=~\"node_memory_MemTotal_bytes|windows_cs_physical_memory_bytes\"}) - sum({__name__=~\"node_memory_MemAvailable_bytes|windows_os_physical_memory_free_bytes\"})", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "Used", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "bytes", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 12, + "y": 9 + }, + "height": "1px", + "id": 10, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum (kube_node_status_allocatable_memory_bytes{})", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "Total", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "bytes", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 16, + "y": 9 + }, + "height": "1px", + "id": 13, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"}) - sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"}) + (sum(windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) - sum(windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) OR on() vector(0))", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "Used", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "bytes", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 20, + "y": 9 + }, + "height": "1px", + "id": 14, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"}) + (sum(windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) OR on() vector(0))", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "Total", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 6, + "w": 8, + "x": 0, + "y": 12 + }, + "hiddenSeries": false, + "id": 2051, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1- (avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\",mode=\"idle\"}[5m])))", + "format": "time_series", + "hide": false, + "instant": false, + "intervalFactor": 1, + "legendFormat": "Cluster", + "refId": "A" + }, + { + "expr": "1- (avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\",mode=\"idle\"}[5m])) by (instance))", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "{{ node }}", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU usage (5m avg)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "percentunit", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 6, + "w": 8, + "x": 8, + "y": 12 + }, + "hiddenSeries": false, + "id": 2052, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "100 * (1 - sum({__name__=~\"node_memory_MemAvailable_bytes|windows_os_physical_memory_free_bytes\"}) / sum({__name__=~\"node_memory_MemTotal_bytes|windows_cs_physical_memory_bytes\"}))", + "format": "time_series", + "hide": false, + "instant": false, + "intervalFactor": 1, + "legendFormat": "Cluster", + "refId": "A" + }, + { + "expr": "100 * (1- sum({__name__=~\"node_memory_MemAvailable_bytes|windows_os_physical_memory_free_bytes\"}) by (instance) / sum({__name__=~\"node_memory_MemTotal_bytes|windows_cs_physical_memory_bytes\"}) by (instance))", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "{{ node }}", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "percent", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 6, + "w": 8, + "x": 16, + "y": 12 + }, + "hiddenSeries": false, + "id": 2053, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "((sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"}) + (sum(windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"} OR on() vector(0)))) / (sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"}) + (sum(windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) OR on() vector(0)))) * 100", + "legendFormat": "Cluster", + "refId": "A" + }, + { + "expr": "((sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"}) by (instance)) / sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"}) by (instance)) * 100", + "hide": false, + "legendFormat": "{{ instance }}", + "refId": "B" + }, + { + "expr": "((sum(windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) by (instance)) / sum(windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) by (instance)) * 100", + "hide": false, + "legendFormat": "{{ instance }}", + "refId": "C" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Filesystem usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "percent", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "folderId": 0, + "gridPos": { + "h": 15, + "w": 12, + "x": 0, + "y": 18 + }, + "headings": true, + "id": 3, + "limit": 30, + "links": [], + "query": "", + "recent": true, + "search": true, + "starred": false, + "tags": [], + "title": "Dashboards", + "type": "dashlist" + }, + { + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 18 + }, + "id": 2055, + "options": { + "content": "## About Rancher Monitoring\n\nRancher Monitoring is a Helm chart developed by Rancher that is powered by [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator). It is based on the upstream [kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack) Helm chart maintained by the Prometheus community.\n\nBy default, the chart deploys Grafana alongside a set of Grafana dashboards curated by the [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus) project.\n\nFor more information on how Rancher Monitoring differs from [kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack), please view the CHANGELOG.md of the rancher-monitoring chart located in the [rancher/charts](https://github.com/rancher/charts) repository.\n\nFor more information about how to configure Rancher Monitoring, please view the [Rancher docs](https://rancher.com/docs/rancher/v2.x/en/).\n\n", + "mode": "markdown" + }, + "pluginVersion": "7.1.0", + "timeFrom": null, + "timeShift": null, + "title": "", + "type": "text" + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": { + "hidden": true, + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ], + "type": "timepicker" + }, + "timezone": "browser", + "title": "Home", + "uid": "rancher-home-1", + "version": 5 +} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/home/rancher-default-home.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/home/rancher-default-home.json new file mode 100755 index 000000000..86829f012 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/home/rancher-default-home.json @@ -0,0 +1,1273 @@ +{ + "annotations": { + "list": [] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 0, + "id": null, + "links": [], + "panels": [ + { + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 1, + "title": "", + "type": "welcome" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 5, + "w": 8, + "x": 0, + "y": 4 + }, + "height": "180px", + "id": 6, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "(1 - (avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\",mode=\"idle\"}[5m])))) * 100", + "format": "time_series", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "65, 90", + "title": "CPU Utilization", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 5, + "w": 8, + "x": 8, + "y": 4 + }, + "height": "180px", + "id": 4, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "(1 - sum({__name__=~\"node_memory_MemAvailable_bytes|windows_os_physical_memory_free_bytes\"}) / sum({__name__=~\"node_memory_MemTotal_bytes|windows_cs_physical_memory_bytes\"})) * 100", + "format": "time_series", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "65, 90", + "title": "Memory Utilization", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 5, + "w": 8, + "x": 16, + "y": 4 + }, + "height": "180px", + "id": 7, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "1 - (((sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"}) OR on() vector(0)) + (sum(windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) OR on() vector(0))) / ((sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"}) OR on() vector(0)) + (sum(windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) OR on() vector(0))))", + "format": "time_series", + "interval": "10s", + "intervalFactor": 1, + "metric": "", + "refId": "A", + "step": 10 + } + ], + "thresholds": "65, 90", + "title": "Disk Utilization", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 0, + "y": 9 + }, + "height": "1px", + "id": 11, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": " cores", + "postfixFontSize": "30%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\",mode!=\"idle\"}[5m]))", + "format": "time_series", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "CPU Used", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 4, + "y": 9 + }, + "height": "1px", + "id": 12, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": " cores", + "postfixFontSize": "30%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(kube_node_status_allocatable_cpu_cores{})", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "CPU Total", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "bytes", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 8, + "y": 9 + }, + "height": "1px", + "id": 9, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "20%", + "prefix": "", + "prefixFontSize": "20%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum({__name__=~\"node_memory_MemTotal_bytes|windows_cs_physical_memory_bytes\"}) - sum({__name__=~\"node_memory_MemAvailable_bytes|windows_os_physical_memory_free_bytes\"})", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "Memory Used", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "bytes", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 12, + "y": 9 + }, + "height": "1px", + "id": 10, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum (kube_node_status_allocatable_memory_bytes{})", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "Memory Total", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "bytes", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 16, + "y": 9 + }, + "height": "1px", + "id": 13, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "(sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"}) - sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"}) OR on() vector(0)) + (sum(windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) - sum(windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) OR on() vector(0))", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "Disk Used", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "bytes", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 20, + "y": 9 + }, + "height": "1px", + "id": 14, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "(sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"}) OR on() vector(0)) + (sum(windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) OR on() vector(0))", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "Disk Total", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 6, + "w": 8, + "x": 0, + "y": 12 + }, + "hiddenSeries": false, + "id": 2051, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - (avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\",mode=\"idle\"}[$__rate_interval])))", + "format": "time_series", + "hide": false, + "instant": false, + "intervalFactor": 1, + "legendFormat": "Cluster", + "refId": "A" + }, + { + "expr": "1 - avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\", mode=\"idle\"}[$__rate_interval])) by (instance)", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "{{ instance }}", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "percentunit", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 6, + "w": 8, + "x": 8, + "y": 12 + }, + "hiddenSeries": false, + "id": 2052, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "100 * (1 - sum({__name__=~\"node_memory_MemAvailable_bytes|windows_os_physical_memory_free_bytes\"}) / sum({__name__=~\"node_memory_MemTotal_bytes|windows_cs_physical_memory_bytes\"}))", + "format": "time_series", + "hide": false, + "instant": false, + "intervalFactor": 1, + "legendFormat": "Cluster", + "refId": "A" + }, + { + "expr": "100 * (1- sum({__name__=~\"node_memory_MemAvailable_bytes|windows_os_physical_memory_free_bytes\"}) by (instance) / sum({__name__=~\"node_memory_MemTotal_bytes|windows_cs_physical_memory_bytes\"}) by (instance))", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "{{ instance }}", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "percent", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 6, + "w": 8, + "x": 16, + "y": 12 + }, + "hiddenSeries": false, + "id": 2053, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "(1 - ((sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"}) OR on() vector(0)) + (sum(windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"} OR on() vector(0)))) / ((sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"}) OR on() vector(0)) + (sum(windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) OR on() vector(0)))) * 100", + "legendFormat": "Cluster", + "refId": "A" + }, + { + "expr": "(1 - (sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"}) by (instance)) / sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"}) by (instance)) * 100", + "hide": false, + "legendFormat": "{{ instance }}", + "refId": "B" + }, + { + "expr": "(1 - (sum(windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) by (instance)) / sum(windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) by (instance)) * 100", + "hide": false, + "legendFormat": "{{ instance }}", + "refId": "C" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk Usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "percent", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "folderId": 0, + "gridPos": { + "h": 15, + "w": 12, + "x": 0, + "y": 18 + }, + "headings": true, + "id": 3, + "limit": 30, + "links": [], + "query": "", + "recent": true, + "search": true, + "starred": false, + "tags": [], + "title": "Dashboards", + "type": "dashlist" + }, + { + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 18 + }, + "id": 2055, + "options": { + "content": "## About Rancher Monitoring\n\nRancher Monitoring is a Helm chart developed by Rancher that is powered by [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator). It is based on the upstream [kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack) Helm chart maintained by the Prometheus community.\n\nBy default, the chart deploys Grafana alongside a set of Grafana dashboards curated by the [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus) project.\n\nFor more information on how Rancher Monitoring differs from [kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack), please view the CHANGELOG.md of the rancher-monitoring chart located in the [rancher/charts](https://github.com/rancher/charts) repository.\n\nFor more information about how to configure Rancher Monitoring, please view the [Rancher docs](https://rancher.com/docs/rancher/v2.x/en/).\n\n", + "mode": "markdown" + }, + "pluginVersion": "7.1.0", + "timeFrom": null, + "timeShift": null, + "title": "", + "type": "text" + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "hidden": true, + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ], + "type": "timepicker" + }, + "timezone": "browser", + "title": "Home", + "uid": "rancher-home-1", + "version": 5 +} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/kubernetes-components-metrics-detail.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/kubernetes-components-metrics-detail.json new file mode 100755 index 000000000..81f1618a7 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/kubernetes-components-metrics-detail.json @@ -0,0 +1,508 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 30, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(apiserver_request_total[5m])) by (instance, code)", + "interval": "", + "legendFormat": "{{code}}({{instance}})", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "API Server Request Rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 0, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Load5({{instance}})" + }, + "properties": [] + } + ] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"deployment\"}) by (instance, name)", + "interval": "", + "legendFormat": "Deployment depth({{instance}})", + "refId": "A" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"volumes\"}) by (instance, name)", + "interval": "", + "legendFormat": "Volumes depth({{instance}})", + "refId": "B" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"replicaset\"}) by (instance, name)", + "interval": "", + "legendFormat": "Replicaset depth({{instance}})", + "refId": "C" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"service\"}) by (instance, name)", + "interval": "", + "legendFormat": "Service depth({{instance}})", + "refId": "D" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"serviceaccount\"}) by (instance, name)", + "interval": "", + "legendFormat": "Serviceaccount depth({{instance}})", + "refId": "E" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"endpoint\"}) by (instance, name)", + "interval": "", + "legendFormat": "Endpoint depth({{instance}})", + "refId": "F" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"daemonset\"}) by (instance, name)", + "interval": "", + "legendFormat": "Daemonset depth({{instance}})", + "refId": "G" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"deployment\"}) by (instance, name)", + "interval": "", + "legendFormat": "Deployment depth({{instance}})", + "refId": "H" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"statefulset\"}) by (instance, name)", + "interval": "", + "legendFormat": "Statefulset depth({{instance}})", + "refId": "I" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"replicationmanager\"}) by (instance, name)", + "interval": "", + "legendFormat": "ReplicationManager depth({{instance}})", + "refId": "J" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Controller Manager Queue Depth", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(kube_pod_status_scheduled{condition=\"false\"})", + "interval": "", + "legendFormat": "Scheduling failed pods", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Scheduling Failed Pods", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"reading\"}) by (instance)", + "interval": "", + "legendFormat": "Reading({{instance}})", + "refId": "A" + }, + { + "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"waiting\"}) by (instance)", + "interval": "", + "legendFormat": "Waiting({{instance}})", + "refId": "B" + }, + { + "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"writing\"}) by (instance)", + "interval": "", + "legendFormat": "Writing({{instance}})", + "refId": "C" + }, + { + "expr": "sum(ceil(increase(nginx_ingress_controller_nginx_process_connections_total{state=\"accepted\"}[5m]))) by (instance)", + "interval": "", + "legendFormat": "Accepted({{instance}})", + "refId": "D" + }, + { + "expr": "sum(ceil(increase(nginx_ingress_controller_nginx_process_connections_total{state=\"handled\"}[5m]))) by (instance)", + "interval": "", + "legendFormat": "Handled({{instance}})", + "refId": "E" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Ingress Controller Connections", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-5m", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Kubernetes Components Metrics Detail", + "uid": "rancher-k8s-detail-1", + "version": 5 + } \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/kubernetes-components-metrics-summary.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/kubernetes-components-metrics-summary.json new file mode 100755 index 000000000..937341b48 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/kubernetes-components-metrics-summary.json @@ -0,0 +1,508 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 31, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(apiserver_request_total[5m])) by (instance)", + "interval": "", + "legendFormat": "{{code}}({{instance}})", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "API Server Request Rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 0, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Load5({{instance}})" + }, + "properties": [] + } + ] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"deployment\"}) by (name)", + "interval": "", + "legendFormat": "Deployment depth", + "refId": "A" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"volumes\"}) by (name)", + "interval": "", + "legendFormat": "Volumes depth", + "refId": "B" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"replicaset\"}) by (name)", + "interval": "", + "legendFormat": "Replicaset depth", + "refId": "C" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"service\"}) by (name)", + "interval": "", + "legendFormat": "Service depth", + "refId": "D" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"serviceaccount\"}) by (name)", + "interval": "", + "legendFormat": "Serviceaccount depth", + "refId": "E" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"endpoint\"}) by (name)", + "interval": "", + "legendFormat": "Endpoint depth", + "refId": "F" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"daemonset\"}) by (name)", + "interval": "", + "legendFormat": "Daemonset depth", + "refId": "G" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"deployment\"}) by (name)", + "interval": "", + "legendFormat": "Deployment depth", + "refId": "H" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"statefulset\"}) by (name)", + "interval": "", + "legendFormat": "Statefulset depth", + "refId": "I" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"replicationmanager\"}) by (name)", + "interval": "", + "legendFormat": "ReplicationManager depth({{instance}})", + "refId": "J" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Controller Manager Queue Depth", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(kube_pod_status_scheduled{condition=\"false\"})", + "interval": "", + "legendFormat": "Scheduling failed pods", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Scheduling Failed Pods", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"reading\"})", + "interval": "", + "legendFormat": "Reading", + "refId": "A" + }, + { + "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"waiting\"})", + "interval": "", + "legendFormat": "Waiting", + "refId": "B" + }, + { + "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"writing\"})", + "interval": "", + "legendFormat": "Writing", + "refId": "C" + }, + { + "expr": "sum(ceil(increase(nginx_ingress_controller_nginx_process_connections_total{state=\"accepted\"}[5m])))", + "interval": "", + "legendFormat": "Accepted", + "refId": "D" + }, + { + "expr": "sum(ceil(increase(nginx_ingress_controller_nginx_process_connections_total{state=\"handled\"}[5m])))", + "interval": "", + "legendFormat": "Handled", + "refId": "E" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Ingress Controller Connections", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-5m", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Kubernetes Components Metrics Summary", + "uid": "rancher-k8s-summary-1", + "version": 5 + } \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/rancher-etcd-nodes.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/rancher-etcd-nodes.json new file mode 100755 index 000000000..cdbc2c056 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/rancher-etcd-nodes.json @@ -0,0 +1,670 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 32, + "links": [], + "panels": [ + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(etcd_network_client_grpc_received_bytes_total{job=\"kube-etcd\"}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Client Traffic In ({{instance}})", + "refId": "A" + }, + { + "expr": "sum(rate(etcd_network_client_grpc_sent_bytes_total{job=\"kube-etcd\"}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Client Traffic Out ({{instance}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "GRPC Client Traffic", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "Kbits", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Load[5m]({{instance}})" + }, + "properties": [] + } + ] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(etcd_debugging_mvcc_db_total_size_in_bytes) by (instance)", + "interval": "", + "legendFormat": "DB Size ({{instance}})", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "DB Size", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(grpc_server_started_total{grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"}) by (instance) - sum(grpc_server_handled_total{grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"}) by (instance)", + "interval": "", + "legendFormat": "Watch Streams ({{instance}})", + "refId": "A" + }, + { + "expr": "sum(grpc_server_started_total{grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"}) by (instance) - sum(grpc_server_handled_total{grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"}) by (instance)", + "interval": "", + "legendFormat": "Lease Watch Stream ({{instance}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Active Streams", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(etcd_server_proposals_committed_total[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Proposal Committed ({{instance}})", + "refId": "A" + }, + { + "expr": "sum(rate(etcd_server_proposals_applied_total[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Proposal Applied ({{instance}})", + "refId": "B" + }, + { + "expr": "sum(rate(etcd_server_proposals_failed_total[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Proposal Failed ({{instance}})", + "refId": "C" + }, + { + "expr": "sum(etcd_server_proposals_pending) by (instance)", + "interval": "", + "legendFormat": "Proposal Pending ({{instance}})", + "refId": "D" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Raft Proposals", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(grpc_server_started_total{grpc_type=\"unary\"}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "RPC Rate ({{instance}})", + "refId": "A" + }, + { + "expr": "sum(rate(grpc_server_handled_total{grpc_type=\"unary\",grpc_code!=\"OK\"}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "RPC Failure Rate ({{instance}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "RPC Rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 0, + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "decimals": null, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 7 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_wal_fsync_duration_seconds_bucket[$__rate_interval])) by (instance, le))", + "interval": "", + "legendFormat": "WAL fsync ({{instance}})", + "refId": "A" + }, + { + "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_backend_commit_duration_seconds_bucket[$__rate_interval])) by (instance, le))", + "interval": "", + "legendFormat": "DB fsync ({{instance}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk Sync Duration", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 2, + "format": "ms", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / etcd (Nodes)", + "uid": "rancher-etcd-nodes-1", + "version": 5 +} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/rancher-etcd.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/rancher-etcd.json new file mode 100755 index 000000000..3610956db --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/rancher-etcd.json @@ -0,0 +1,652 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 33, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(etcd_network_client_grpc_received_bytes_total{job=\"kube-etcd\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Client Traffic In", + "refId": "A" + }, + { + "expr": "sum(rate(etcd_network_client_grpc_sent_bytes_total{job=\"kube-etcd\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Client Traffic Out", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "GRPC Client Traffic", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "Kbits", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [ + { + "properties": [] + } + ] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(etcd_debugging_mvcc_db_total_size_in_bytes)", + "interval": "", + "legendFormat": "DB Size", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "DB Size", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(grpc_server_started_total{grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"}) - sum(grpc_server_handled_total{grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"})", + "interval": "", + "legendFormat": "Watch Streams", + "refId": "A" + }, + { + "expr": "sum(grpc_server_started_total{grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"}) - sum(grpc_server_handled_total{grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"})", + "interval": "", + "legendFormat": "Lease Watch Stream", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Active Streams", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(etcd_server_proposals_committed_total[$__rate_interval]))", + "interval": "", + "legendFormat": "Proposal Committed", + "refId": "A" + }, + { + "expr": "sum(rate(etcd_server_proposals_applied_total[$__rate_interval]))", + "interval": "", + "legendFormat": "Proposal Applied", + "refId": "B" + }, + { + "expr": "sum(rate(etcd_server_proposals_failed_total[$__rate_interval]))", + "interval": "", + "legendFormat": "Proposal Failed", + "refId": "C" + }, + { + "expr": "sum(etcd_server_proposals_pending)", + "interval": "", + "legendFormat": "Proposal Pending", + "refId": "D" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Raft Proposals", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(grpc_server_started_total{grpc_type=\"unary\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "RPC Rate", + "refId": "A" + }, + { + "expr": "sum(rate(grpc_server_handled_total{grpc_type=\"unary\",grpc_code!=\"OK\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "RPC Failure Rate", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "RPC Rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 0, + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "decimals": null, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 7 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_wal_fsync_duration_seconds_bucket[$__rate_interval])) by (instance, le))", + "interval": "", + "legendFormat": "WAL fsync", + "refId": "A" + }, + { + "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_backend_commit_duration_seconds_bucket[$__rate_interval])) by (instance, le))", + "interval": "", + "legendFormat": "DB fsync", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk Sync Duration", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 2, + "format": "ms", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / etcd", + "uid": "rancher-etcd-1", + "version": 4 +} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/rancher-k8s-components-nodes.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/rancher-k8s-components-nodes.json new file mode 100755 index 000000000..9de59be49 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/rancher-k8s-components-nodes.json @@ -0,0 +1,510 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 30, + "links": [], + "panels": [ + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(apiserver_request_total[$__rate_interval])) by (instance, code)", + "interval": "", + "legendFormat": "{{code}}({{instance}})", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "API Server Request Rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 0, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Load[5m]({{instance}})" + }, + "properties": [] + } + ] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"deployment\"}) by (instance, name)", + "interval": "", + "legendFormat": "Deployment Depth ({{instance}})", + "refId": "A" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"volumes\"}) by (instance, name)", + "interval": "", + "legendFormat": "Volumes Depth ({{instance}})", + "refId": "B" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"replicaset\"}) by (instance, name)", + "interval": "", + "legendFormat": "ReplicaSet Depth ({{instance}})", + "refId": "C" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"service\"}) by (instance, name)", + "interval": "", + "legendFormat": "Service Depth ({{instance}})", + "refId": "D" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"serviceaccount\"}) by (instance, name)", + "interval": "", + "legendFormat": "ServiceAccount Depth ({{instance}})", + "refId": "E" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"endpoint\"}) by (instance, name)", + "interval": "", + "legendFormat": "Endpoint Depth ({{instance}})", + "refId": "F" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"daemonset\"}) by (instance, name)", + "interval": "", + "legendFormat": "DaemonSet Depth ({{instance}})", + "refId": "G" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"statefulset\"}) by (instance, name)", + "interval": "", + "legendFormat": "StatefulSet Depth ({{instance}})", + "refId": "H" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"replicationmanager\"}) by (instance, name)", + "interval": "", + "legendFormat": "ReplicationManager Depth ({{instance}})", + "refId": "I" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Controller Manager Queue Depth", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(kube_pod_status_scheduled{condition=\"false\"})", + "interval": "", + "legendFormat": "Failed To Schedule", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Pod Scheduling Status", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"reading\"}) by (instance)", + "interval": "", + "legendFormat": "Reading ({{instance}})", + "refId": "A" + }, + { + "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"waiting\"}) by (instance)", + "interval": "", + "legendFormat": "Waiting ({{instance}})", + "refId": "B" + }, + { + "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"writing\"}) by (instance)", + "interval": "", + "legendFormat": "Writing ({{instance}})", + "refId": "C" + }, + { + "expr": "sum(ceil(increase(nginx_ingress_controller_nginx_process_connections_total{state=\"accepted\"}[$__rate_interval]))) by (instance)", + "interval": "", + "legendFormat": "Accepted ({{instance}})", + "refId": "D" + }, + { + "expr": "sum(ceil(increase(nginx_ingress_controller_nginx_process_connections_total{state=\"handled\"}[$__rate_interval]))) by (instance)", + "interval": "", + "legendFormat": "Handled ({{instance}})", + "refId": "E" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Ingress Controller Connections", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Kubernetes Components (Nodes)", + "uid": "rancher-k8s-components-nodes-1", + "version": 5 +} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/rancher-k8s-components.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/rancher-k8s-components.json new file mode 100755 index 000000000..ddb0caca5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/k8s/rancher-k8s-components.json @@ -0,0 +1,502 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 31, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(apiserver_request_total[$__rate_interval])) by (code)", + "interval": "", + "legendFormat": "{{code}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "API Server Request Rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 0, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Load[5m]({{instance}})" + }, + "properties": [] + } + ] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"deployment\"}) by (name)", + "interval": "", + "legendFormat": "Deployment Depth", + "refId": "A" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"volumes\"}) by (name)", + "interval": "", + "legendFormat": "Volumes Depth", + "refId": "B" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"replicaset\"}) by (name)", + "interval": "", + "legendFormat": "Replicaset Depth", + "refId": "C" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"service\"}) by (name)", + "interval": "", + "legendFormat": "Service Depth", + "refId": "D" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"serviceaccount\"}) by (name)", + "interval": "", + "legendFormat": "ServiceAccount Depth", + "refId": "E" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"endpoint\"}) by (name)", + "interval": "", + "legendFormat": "Endpoint Depth", + "refId": "F" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"daemonset\"}) by (name)", + "interval": "", + "legendFormat": "DaemonSet Depth", + "refId": "G" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"statefulset\"}) by (name)", + "interval": "", + "legendFormat": "StatefulSet Depth", + "refId": "H" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"replicationmanager\"}) by (name)", + "interval": "", + "legendFormat": "ReplicationManager Depth", + "refId": "I" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Controller Manager Queue Depth", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(kube_pod_status_scheduled{condition=\"false\"})", + "interval": "", + "legendFormat": "Failed To Schedule", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Pod Scheduling Status", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"reading\"})", + "interval": "", + "legendFormat": "Reading", + "refId": "A" + }, + { + "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"waiting\"})", + "interval": "", + "legendFormat": "Waiting", + "refId": "B" + }, + { + "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"writing\"})", + "interval": "", + "legendFormat": "Writing", + "refId": "C" + }, + { + "expr": "sum(ceil(increase(nginx_ingress_controller_nginx_process_connections_total{state=\"accepted\"}[$__rate_interval])))", + "interval": "", + "legendFormat": "Accepted", + "refId": "D" + }, + { + "expr": "sum(ceil(increase(nginx_ingress_controller_nginx_process_connections_total{state=\"handled\"}[$__rate_interval])))", + "interval": "", + "legendFormat": "Handled", + "refId": "E" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Ingress Controller Connections", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Kubernetes Components", + "uid": "rancher-k8s-components-1", + "version": 5 +} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/linux/linux-metrics-detail.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/linux/linux-metrics-detail.json new file mode 100755 index 000000000..04c88d71c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/linux/linux-metrics-detail.json @@ -0,0 +1,768 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 28, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - (avg(irate(node_cpu_seconds_total{mode=\"idle\"}[$__rate_interval])) by (instance))", + "interval": "", + "legendFormat": "{{instance}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Load5({{instance}})" + }, + "properties": [] + } + ] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(node_load5) by (instance)", + "interval": "", + "legendFormat": "Load5({{instance}})", + "refId": "A" + }, + { + "expr": "sum(node_load1) by (instance)", + "interval": "", + "legendFormat": "Load1({{instance}})", + "refId": "B" + }, + { + "expr": "sum(node_load15) by (instance)", + "interval": "", + "legendFormat": "Load15({{instance}})", + "refId": "C" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Load Average", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - sum(node_memory_MemAvailable_bytes) by (instance) / sum(node_memory_MemTotal_bytes) by (instance)", + "interval": "", + "legendFormat": "{{instance}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - (sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"}) by (instance) / sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"}) by (instance))", + "interval": "", + "legendFormat": "{{instance}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(node_disk_read_bytes_total[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Read({{instance}})", + "refId": "A" + }, + { + "expr": "sum(irate(node_disk_written_bytes_total[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Write({{instance}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 7 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(node_network_receive_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Receive errors({{instance}})", + "refId": "A" + }, + { + "expr": "sum(irate(node_network_receive_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Receive packets({{instance}})", + "refId": "B" + }, + { + "expr": "sum(irate(node_network_transmit_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Transmit errors({{instance}})", + "refId": "C" + }, + { + "expr": "sum(irate(node_network_receive_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Receive dropped({{instance}})", + "refId": "D" + }, + { + "expr": "sum(irate(node_network_transmit_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Transmit dropped({{instance}})", + "refId": "E" + }, + { + "expr": "sum(irate(node_network_transmit_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Transmit packets({{instance}})", + "refId": "F" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Packets", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 14 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(node_network_transmit_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[5m])) by (instance)", + "interval": "", + "legendFormat": "Transmit({{instance}})", + "refId": "A" + }, + { + "expr": "sum(irate(node_network_receive_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[5m])) by (instance)", + "interval": "", + "legendFormat": "Receive({{instance}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-5m", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Linux / Cluster Metrics Detail", + "uid": "rancher-linux-detail-1", + "version": 3 + } \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/linux/linux-metrics-summary.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/linux/linux-metrics-summary.json new file mode 100755 index 000000000..e314a7a64 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/linux/linux-metrics-summary.json @@ -0,0 +1,768 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 29, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - (avg(irate(node_cpu_seconds_total{mode=\"idle\"}[$__rate_interval])))", + "interval": "", + "legendFormat": "CPU usage", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Load5({{instance}})" + }, + "properties": [] + } + ] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(node_load5) by (instance)", + "interval": "", + "legendFormat": "Load5({{instance}})", + "refId": "A" + }, + { + "expr": "sum(node_load1) by (instance)", + "interval": "", + "legendFormat": "Load1({{instance}})", + "refId": "B" + }, + { + "expr": "sum(node_load15) by (instance)", + "interval": "", + "legendFormat": "Load15({{instance}})", + "refId": "C" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Load Average", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - sum(node_memory_MemAvailable_bytes) / sum(node_memory_MemTotal_bytes)", + "interval": "", + "legendFormat": "Memory usage", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"}) / sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"})", + "interval": "", + "legendFormat": "Disk usage", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(node_disk_read_bytes_total[$__rate_interval]))", + "interval": "", + "legendFormat": "Read", + "refId": "A" + }, + { + "expr": "sum(irate(node_disk_written_bytes_total[$__rate_interval]))", + "interval": "", + "legendFormat": "Write", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 7 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(node_network_receive_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Receive errors", + "refId": "A" + }, + { + "expr": "sum(irate(node_network_receive_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Receive packets", + "refId": "B" + }, + { + "expr": "sum(irate(node_network_transmit_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Transmit errors", + "refId": "C" + }, + { + "expr": "sum(irate(node_network_receive_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Receive dropped", + "refId": "D" + }, + { + "expr": "sum(irate(node_network_transmit_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Transmit dropped", + "refId": "E" + }, + { + "expr": "sum(irate(node_network_transmit_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Transmit packets", + "refId": "F" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Packets", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 14 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(node_network_transmit_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Transmit", + "refId": "A" + }, + { + "expr": "sum(irate(node_network_receive_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Receive", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-5m", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Linux / Cluster Metrics Summary", + "uid": "rancher-linux-summary-1", + "version": 3 + } \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/nodes/rancher-node-detail.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/nodes/rancher-node-detail.json new file mode 100755 index 000000000..0b57efa2e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/nodes/rancher-node-detail.json @@ -0,0 +1,789 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 28, + "links": [], + "panels": [ + { + "aliasColors": { + "{{mode}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\", instance=\"$instance\"}[$__rate_interval])) by (mode)", + "interval": "", + "legendFormat": "{{mode}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Load[5m]" + }, + "properties": [] + } + ] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(node_load5{instance=~\"$instance\"} OR avg_over_time(windows_system_processor_queue_length{instance=~\"$instance\"}[5m]))", + "interval": "", + "legendFormat": "Load[5m]", + "refId": "A" + }, + { + "expr": "sum(node_load1{instance=~\"$instance\"} OR avg_over_time(windows_system_processor_queue_length{instance=~\"$instance\"}[1m]))", + "interval": "", + "legendFormat": "Load[1m]", + "refId": "B" + }, + { + "expr": "sum(node_load15{instance=~\"$instance\"} OR avg_over_time(windows_system_processor_queue_length{instance=~\"$instance\"}[15m]))", + "interval": "", + "legendFormat": "Load[15m]", + "refId": "C" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Load Average", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - (node_memory_MemAvailable_bytes{instance=~\"$instance\"} OR windows_os_physical_memory_free_bytes{instance=~\"$instance\"}) / (node_memory_MemTotal_bytes{instance=~\"$instance\"} OR windows_cs_physical_memory_bytes{instance=~\"$instance\"})", + "interval": "", + "legendFormat": "Total", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{device}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - (sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\", instance=~\"$instance\"} OR windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\", instance=~\"$instance\"}) by (device) / sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\", instance=~\"$instance\"} OR windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\", instance=~\"$instance\"}) by (device))", + "interval": "", + "legendFormat": "{{device}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{device}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(node_disk_read_bytes_total{instance=~\"$instance\"}[$__rate_interval]) OR rate(windows_logical_disk_read_bytes_total{instance=~\"$instance\"}[$__rate_interval])) by (device)", + "interval": "", + "legendFormat": "Read ({{device}})", + "refId": "A" + }, + { + "expr": "sum(rate(node_disk_written_bytes_total{instance=~\"$instance\"}[$__rate_interval]) OR rate(windows_logical_disk_write_bytes_total{instance=~\"$instance\"}[$__rate_interval])) by (device)", + "interval": "", + "legendFormat": "Write ({{device}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{device}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 7 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(node_network_receive_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) by (device) OR sum(rate(windows_net_packets_received_errors{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) by (device)", + "interval": "", + "legendFormat": "Receive Errors ({{device}})", + "refId": "A" + }, + { + "expr": "sum(rate(node_network_receive_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) by (device) OR sum(rate(windows_net_packets_received_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) by (device)", + "interval": "", + "legendFormat": "Receive Total ({{device}})", + "refId": "B" + }, + { + "expr": "sum(rate(node_network_transmit_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) by (device) OR sum(rate(windows_net_packets_outbound_errors{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) by (device)", + "interval": "", + "legendFormat": "Transmit Errors ({{device}})", + "refId": "C" + }, + { + "expr": "sum(rate(node_network_receive_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) by (device) OR sum(rate(windows_net_packets_received_discarded{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) by (device)", + "interval": "", + "legendFormat": "Receive Dropped ({{device}})", + "refId": "D" + }, + { + "expr": "sum(rate(node_network_transmit_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) by (device) OR sum(rate(windows_net_packets_outbound_discarded{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) by (device)", + "interval": "", + "legendFormat": "Transmit Dropped ({{device}})", + "refId": "E" + }, + { + "expr": "sum(rate(node_network_transmit_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) by (device) OR sum(rate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) by (device)", + "interval": "", + "legendFormat": "Transmit Total ({{device}})", + "refId": "F" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Traffic", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{device}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 14 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(node_network_transmit_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval]) OR rate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) by (device)", + "interval": "", + "legendFormat": "Transmit Total ({{device}})", + "refId": "A" + }, + { + "expr": "sum(rate(node_network_receive_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval]) OR rate(windows_net_packets_received_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) by (device)", + "interval": "", + "legendFormat": "Receive Total ({{device}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "allValue": null, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "instance", + "query": "label_values({__name__=~\"node_exporter_build_info|windows_exporter_build_info\"}, instance)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Node (Detail)", + "uid": "rancher-node-detail-1", + "version": 3 +} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/nodes/rancher-node.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/nodes/rancher-node.json new file mode 100755 index 000000000..7324c4164 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/nodes/rancher-node.json @@ -0,0 +1,776 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 28, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\", instance=\"$instance\", mode=\"idle\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Total", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Load[5m]" + }, + "properties": [] + } + ] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(node_load5{instance=~\"$instance\"} OR avg_over_time(windows_system_processor_queue_length{instance=~\"$instance\"}[5m]))", + "interval": "", + "legendFormat": "Load[5m]", + "refId": "A" + }, + { + "expr": "sum(node_load1{instance=~\"$instance\"} OR avg_over_time(windows_system_processor_queue_length{instance=~\"$instance\"}[1m]))", + "interval": "", + "legendFormat": "Load[1m]", + "refId": "B" + }, + { + "expr": "sum(node_load15{instance=~\"$instance\"} OR avg_over_time(windows_system_processor_queue_length{instance=~\"$instance\"}[15m]))", + "interval": "", + "legendFormat": "Load[15m]", + "refId": "C" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Load Average", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - sum(node_memory_MemAvailable_bytes{instance=~\"$instance\"} OR windows_os_physical_memory_free_bytes{instance=~\"$instance\"}) / sum(node_memory_MemTotal_bytes{instance=~\"$instance\"} OR windows_cs_physical_memory_bytes{instance=~\"$instance\"})", + "interval": "", + "legendFormat": "Total", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - (sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\", instance=~\"$instance\"} OR windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\", instance=~\"$instance\"}) / sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\", instance=~\"$instance\"} OR windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\", instance=~\"$instance\"}))", + "interval": "", + "legendFormat": "Total", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(node_disk_read_bytes_total{instance=~\"$instance\"}[$__rate_interval]) OR rate(windows_logical_disk_read_bytes_total{instance=~\"$instance\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Read", + "refId": "A" + }, + { + "expr": "sum(rate(node_disk_written_bytes_total{instance=~\"$instance\"}[$__rate_interval]) OR rate(windows_logical_disk_write_bytes_total{instance=~\"$instance\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Write", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 7 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(rate(node_network_receive_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_received_errors{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0))", + "interval": "", + "legendFormat": "Receive Errors", + "refId": "A" + }, + { + "expr": "(sum(rate(node_network_receive_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_received_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0))", + "interval": "", + "legendFormat": "Receive Total", + "refId": "B" + }, + { + "expr": "(sum(rate(node_network_transmit_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_outbound_errors{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0))", + "interval": "", + "legendFormat": "Transmit Errors", + "refId": "C" + }, + { + "expr": "(sum(rate(node_network_receive_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_received_discarded{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0))", + "interval": "", + "legendFormat": "Receive Dropped", + "refId": "D" + }, + { + "expr": "(sum(rate(node_network_transmit_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_outbound_discarded{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0))", + "interval": "", + "legendFormat": "Transmit Dropped", + "refId": "E" + }, + { + "expr": "(sum(rate(node_network_transmit_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0))", + "interval": "", + "legendFormat": "Transmit Total", + "refId": "F" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Traffic", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 14 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(node_network_transmit_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval]) OR rate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Transmit Total", + "refId": "A" + }, + { + "expr": "sum(rate(node_network_receive_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval]) OR rate(windows_net_packets_received_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Receive Total", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "allValue": null, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "instance", + "query": "label_values({__name__=~\"node_exporter_build_info|windows_exporter_build_info\"}, instance)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Node", + "uid": "rancher-node-1", + "version": 3 +} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/pods/rancher-pod-containers.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/pods/rancher-pod-containers.json new file mode 100755 index 000000000..b9e840977 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/pods/rancher-pod-containers.json @@ -0,0 +1,620 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 28, + "iteration": 1618265214337, + "links": [], + "panels": [ + { + "aliasColors": { + "{{container}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(container_cpu_cfs_throttled_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\", container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "CFS throttled ({{container}})", + "refId": "A" + }, + { + "expr": "sum(rate(container_cpu_system_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container) OR sum(rate(windows_container_cpu_usage_seconds_kernelmode{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "System ({{container}})", + "refId": "B" + }, + { + "expr": "sum(rate(container_cpu_usage_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container) OR sum(rate(windows_container_cpu_usage_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "Total ({{container}})", + "refId": "C" + }, + { + "expr": "sum(rate(container_cpu_user_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container) OR sum(rate(windows_container_cpu_usage_seconds_usermode{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "User ({{container}})", + "refId": "D" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "cpu", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{container}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(container_memory_working_set_bytes{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\", container!=\"\"} OR windows_container_memory_usage_commit_bytes{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\", container!=\"\"}) by (container)", + "interval": "", + "legendFormat": "({{container}})", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "kbytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{container}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(container_network_receive_packets_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container) OR sum(rate(windows_container_network_receive_packets_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "Receive Total ({{container}})", + "refId": "A" + }, + { + "expr": "sum(rate(container_network_transmit_packets_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container) OR sum(rate(windows_container_network_transmit_packets_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "Transmit Total ({{container}})", + "refId": "B" + }, + { + "expr": "sum(rate(container_network_receive_packets_dropped_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container) OR sum(rate(windows_container_network_receive_packets_dropped_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "Receive Dropped ({{container}})", + "refId": "C" + }, + { + "expr": "sum(rate(container_network_receive_errors_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "Receive Errors ({{container}})", + "refId": "D" + }, + { + "expr": "sum(rate(container_network_transmit_errors_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "Transmit Errors ({{container}})", + "refId": "E" + }, + { + "expr": "sum(rate(container_network_transmit_packets_dropped_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container) OR sum(rate(windows_container_network_transmit_packets_dropped_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "Transmit Dropped ({{container}})", + "refId": "F" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Traffic", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{container}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(container_network_receive_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container) OR sum(rate(windows_container_network_receive_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "Receive Total ({{container}})", + "refId": "A" + }, + { + "expr": "sum(rate(container_network_transmit_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container) OR sum(rate(windows_container_network_transmit_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "Transmit Total ({{container}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{container}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(container_fs_writes_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "Write ({{container}})", + "refId": "A" + }, + { + "expr": "sum(rate(container_fs_reads_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "Read ({{container}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "refresh": false, + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "allValue": null, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "namespace", + "query": "label_values({__name__=~\"container_.*|windows_container_.*\", namespace!=\"\"}, namespace)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "pod", + "query": "label_values({__name__=~\"container_.*|windows_container_.*\", namespace=\"$namespace\", pod!=\"\"}, pod)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Pod (Containers)", + "uid": "rancher-pod-containers-1", + "version": 8 +} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/pods/rancher-pod.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/pods/rancher-pod.json new file mode 100755 index 000000000..65b509243 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/pods/rancher-pod.json @@ -0,0 +1,620 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 28, + "iteration": 1618265214337, + "links": [], + "panels": [ + { + "aliasColors": { + "": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(container_cpu_cfs_throttled_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\", container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "CFS throttled", + "refId": "A" + }, + { + "expr": "sum(rate(container_cpu_system_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) OR sum(rate(windows_container_cpu_usage_seconds_kernelmode{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "System", + "refId": "B" + }, + { + "expr": "sum(rate(container_cpu_usage_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) OR sum(rate(windows_container_cpu_usage_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Total", + "refId": "C" + }, + { + "expr": "sum(rate(container_cpu_user_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) OR sum(rate(windows_container_cpu_usage_seconds_usermode{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "User", + "refId": "D" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "cpu", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(container_memory_working_set_bytes{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\", container!=\"\"} OR windows_container_memory_usage_commit_bytes{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\", container!=\"\"})", + "interval": "", + "legendFormat": "Total", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "kbytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(container_network_receive_packets_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) OR sum(rate(windows_container_network_receive_packets_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Receive Total", + "refId": "A" + }, + { + "expr": "sum(rate(container_network_transmit_packets_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) OR sum(rate(windows_container_network_transmit_packets_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Transmit Total", + "refId": "B" + }, + { + "expr": "sum(rate(container_network_receive_packets_dropped_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) OR sum(rate(windows_container_network_receive_packets_dropped_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Receive Dropped", + "refId": "C" + }, + { + "expr": "sum(rate(container_network_receive_errors_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Receive Errors", + "refId": "D" + }, + { + "expr": "sum(rate(container_network_transmit_errors_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Transmit Errors", + "refId": "E" + }, + { + "expr": "sum(rate(container_network_transmit_packets_dropped_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) OR sum(rate(windows_container_network_transmit_packets_dropped_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Transmit Dropped", + "refId": "F" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Traffic", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(container_network_receive_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) OR sum(rate(windows_container_network_receive_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Receive Total", + "refId": "A" + }, + { + "expr": "sum(rate(container_network_transmit_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) OR sum(rate(windows_container_network_transmit_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Transmit Total", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(container_fs_writes_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Write", + "refId": "A" + }, + { + "expr": "sum(rate(container_fs_reads_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Read", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "refresh": false, + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "allValue": null, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "namespace", + "query": "label_values({__name__=~\"container_.*|windows_container_.*\", namespace!=\"\"}, namespace)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "pod", + "query": "label_values({__name__=~\"container_.*|windows_container_.*\", namespace=\"$namespace\", pod!=\"\"}, pod)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Pod", + "uid": "rancher-pod-1", + "version": 8 +} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/rancher-default-home.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/rancher-default-home.json new file mode 100755 index 000000000..d2921bf86 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/rancher-default-home.json @@ -0,0 +1,1275 @@ +{ + "annotations": { + "list": [ + ] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 0, + "id": null, + "links": [], + "panels": [ + { + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 1, + "title": "", + "type": "welcome" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 5, + "w": 8, + "x": 0, + "y": 4 + }, + "height": "180px", + "id": 6, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "(1 - avg(irate(node_cpu_seconds_total{mode=\"idle\"}[5m]))) * 100", + "format": "time_series", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "65, 90", + "title": "CPU usage (5m avg)", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 5, + "w": 8, + "x": 8, + "y": 4 + }, + "height": "180px", + "id": 4, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "(1 - sum(node_memory_MemAvailable_bytes{})/ sum(node_memory_MemTotal_bytes{})) * 100", + "format": "time_series", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "65, 90", + "title": "Memory usage", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 5, + "w": 8, + "x": 16, + "y": 4 + }, + "height": "180px", + "id": 7, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "(sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"})\n - sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"})) / sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"}) * 100", + "format": "time_series", + "interval": "10s", + "intervalFactor": 1, + "legendFormat": "", + "metric": "", + "refId": "A", + "step": 10 + } + ], + "thresholds": "65, 90", + "title": "Filesystem usage", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 0, + "y": 9 + }, + "height": "1px", + "id": 11, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": " cores", + "postfixFontSize": "30%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "(1 - (avg(irate(node_cpu_seconds_total{mode=\"idle\"}[5m])))) * sum(kube_node_status_allocatable_cpu_cores{})", + "format": "time_series", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "Used", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 4, + "y": 9 + }, + "height": "1px", + "id": 12, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": " cores", + "postfixFontSize": "30%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum (kube_node_status_allocatable_cpu_cores{})", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "Total", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "bytes", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 8, + "y": 9 + }, + "height": "1px", + "id": 9, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "20%", + "prefix": "", + "prefixFontSize": "20%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(node_memory_MemTotal_bytes{device!~\"rootfs|HarddiskVolume.+\"}) - sum(node_memory_MemAvailable_bytes{device!~\"rootfs|HarddiskVolume.+\"})", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "Used", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "bytes", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 12, + "y": 9 + }, + "height": "1px", + "id": 10, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum (kube_node_status_allocatable_memory_bytes{})", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "Total", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "bytes", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 16, + "y": 9 + }, + "height": "1px", + "id": 13, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\",})\n - sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"})", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "Used", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "bytes", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 20, + "y": 9 + }, + "height": "1px", + "id": 14, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"})", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "Total", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 6, + "w": 8, + "x": 0, + "y": 12 + }, + "hiddenSeries": false, + "id": 2051, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1- (avg(irate(node_cpu_seconds_total{mode=\"idle\"}[5m])))", + "format": "time_series", + "hide": false, + "instant": false, + "intervalFactor": 1, + "legendFormat": "Cluster", + "refId": "A" + }, + { + "expr": "1- (avg(irate(node_cpu_seconds_total{mode=\"idle\"}[5m])) by (node))", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "{{ node }}", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU usage (5m avg)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "percentunit", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 6, + "w": 8, + "x": 8, + "y": 12 + }, + "hiddenSeries": false, + "id": 2052, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "100 * (1 - sum(node_memory_MemAvailable_bytes) / sum(node_memory_MemTotal_bytes))", + "format": "time_series", + "hide": false, + "instant": false, + "intervalFactor": 1, + "legendFormat": "Cluster", + "refId": "A" + }, + { + "expr": "100 * (1- sum(node_memory_MemAvailable_bytes) by (node) / sum(node_memory_MemTotal_bytes) by (node))", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "{{ node }}", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "percent", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 6, + "w": 8, + "x": 16, + "y": 12 + }, + "hiddenSeries": false, + "id": 2053, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"})\n - sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"})\n ) / sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"}) * 100 ", + "format": "time_series", + "hide": false, + "instant": false, + "intervalFactor": 1, + "legendFormat": "Cluster", + "refId": "A" + }, + { + "expr": "((sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"}) by (node) - sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"}) by (node)) / sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"}) by (node)) * 100\n", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "{{ node }}", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Filesystem usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "percent", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "folderId": 0, + "gridPos": { + "h": 15, + "w": 12, + "x": 0, + "y": 18 + }, + "headings": true, + "id": 3, + "limit": 30, + "links": [], + "query": "", + "recent": true, + "search": true, + "starred": false, + "tags": [], + "title": "Dashboards", + "type": "dashlist" + }, + { + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 18 + }, + "id": 2055, + "options": { + "content": "## About Rancher Monitoring\n\nRancher Monitoring is a Helm chart developed by Rancher that is powered by [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator). It is based on the upstream [kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack) Helm chart maintained by the Prometheus community.\n\nBy default, the chart deploys Grafana alongside a set of Grafana dashboards curated by the [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus) project.\n\nFor more information on how Rancher Monitoring differs from [kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack), please view the CHANGELOG.md of the rancher-monitoring chart located in the [rancher/charts](https://github.com/rancher/charts) repository.\n\nFor more information about how to configure Rancher Monitoring, please view the [Rancher docs](https://rancher.com/docs/rancher/v2.x/en/).\n\n", + "mode": "markdown" + }, + "pluginVersion": "7.1.0", + "timeFrom": null, + "timeShift": null, + "title": "", + "type": "text" + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": { + "hidden": true, + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ], + "type": "timepicker" + }, + "timezone": "browser", + "title": "Home", + "uid": "hjvnWYFMz", + "version": 5 +} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/windows/windows-metrics-detail.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/windows/windows-metrics-detail.json new file mode 100755 index 000000000..9d400c2c9 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/windows/windows-metrics-detail.json @@ -0,0 +1,768 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 28, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - (avg(irate(windows_cpu_time_total{mode=\"idle\"}[$__rate_interval])) by (instance))", + "interval": "", + "legendFormat": "{{instance}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Load5({{instance}})" + }, + "properties": [] + } + ] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(avg_over_time(windows_system_processor_queue_length[5m])) by (instance)", + "interval": "", + "legendFormat": "Load5({{instance}})", + "refId": "A" + }, + { + "expr": "sum(avg_over_time(windows_system_processor_queue_length[1m])) by (instance)", + "interval": "", + "legendFormat": "Load1({{instance}})", + "refId": "B" + }, + { + "expr": "sum(avg_over_time(windows_system_processor_queue_length[15m])) by (instance)", + "interval": "", + "legendFormat": "Load15({{instance}})", + "refId": "C" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Load Average", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - (sum(windows_os_physical_memory_free_bytes) by (instance) / sum(windows_cs_physical_memory_bytes) by (instance))", + "interval": "", + "legendFormat": "{{instance}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - (sum(windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) by (instance) / sum(windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) by (instance))", + "interval": "", + "legendFormat": "{{instance}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(windows_logical_disk_read_bytes_total[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Read({{instance}})", + "refId": "A" + }, + { + "expr": "sum(irate(windows_logical_disk_write_bytes_total[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Write({{instance}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 7 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(windows_net_packets_received_errors{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Receive errors({{instance}})", + "refId": "A" + }, + { + "expr": "sum(irate(windows_net_packets_received_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Receive packets({{instance}})", + "refId": "B" + }, + { + "expr": "sum(irate(windows_net_packets_outbound_errors{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Transmit errors({{instance}})", + "refId": "C" + }, + { + "expr": "sum(irate(windows_net_packets_received_discarded{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Receive dropped({{instance}})", + "refId": "D" + }, + { + "expr": "sum(irate(windows_net_packets_outbound_discarded{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Transmit dropped({{instance}})", + "refId": "E" + }, + { + "expr": "sum(irate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Transmit packets({{instance}})", + "refId": "F" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Packets", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 14 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Transmit({{instance}})", + "refId": "A" + }, + { + "expr": "sum(irate(windows_net_packets_received_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Receive({{instance}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-5m", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Windows / Cluster Metrics Detail", + "uid": "rancher-windows-detail-1", + "version": 3 + } \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/windows/windows-metrics-summary.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/windows/windows-metrics-summary.json new file mode 100755 index 000000000..d517eb389 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/windows/windows-metrics-summary.json @@ -0,0 +1,768 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 29, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - (avg(irate(windows_cpu_time_total{mode=\"idle\"}[$__rate_interval])))", + "interval": "", + "legendFormat": "CPU usage", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Load5({{instance}})" + }, + "properties": [] + } + ] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(avg_over_time(windows_system_processor_queue_length[5m])) by (instance)", + "interval": "", + "legendFormat": "Load5({{instance}})", + "refId": "A" + }, + { + "expr": "sum(avg_over_time(windows_system_processor_queue_length[1m])) by (instance)", + "interval": "", + "legendFormat": "Load1({{instance}})", + "refId": "B" + }, + { + "expr": "sum(avg_over_time(windows_system_processor_queue_length[15m])) by (instance)", + "interval": "", + "legendFormat": "Load15({{instance}})", + "refId": "C" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Load Average", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - sum(windows_os_physical_memory_free_bytes) / sum(windows_cs_physical_memory_bytes)", + "interval": "", + "legendFormat": "Memory usage", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - sum(windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) / sum(windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"})", + "interval": "", + "legendFormat": "Disk usage", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(windows_logical_disk_read_bytes_total[$__rate_interval]))", + "interval": "", + "legendFormat": "Read", + "refId": "A" + }, + { + "expr": "sum(irate(windows_logical_disk_write_bytes_total[$__rate_interval]))", + "interval": "", + "legendFormat": "Write", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 7 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(windows_net_packets_received_errors{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval]))", + "interval": "", + "legendFormat": "Receive errors", + "refId": "A" + }, + { + "expr": "sum(irate(windows_net_packets_received_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval]))", + "interval": "", + "legendFormat": "Receive packets", + "refId": "B" + }, + { + "expr": "sum(irate(windows_net_packets_outbound_errors{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval]))", + "interval": "", + "legendFormat": "Transmit errors", + "refId": "C" + }, + { + "expr": "sum(irate(windows_net_packets_received_discarded{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval]))", + "interval": "", + "legendFormat": "Receive dropped", + "refId": "D" + }, + { + "expr": "sum(irate(windows_net_packets_outbound_discarded{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval]))", + "interval": "", + "legendFormat": "Transmit dropped", + "refId": "E" + }, + { + "expr": "sum(irate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval]))", + "interval": "", + "legendFormat": "Transmit packets", + "refId": "F" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Packets", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 14 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval]))", + "interval": "", + "legendFormat": "Transmit", + "refId": "A" + }, + { + "expr": "sum(irate(windows_net_packets_received_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval]))", + "interval": "", + "legendFormat": "Receive", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-5m", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Windows / Cluster Metrics Summary", + "uid": "rancher-windows-summary-1", + "version": 3 + } \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/workloads/rancher-workload-pods.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/workloads/rancher-workload-pods.json new file mode 100755 index 000000000..52cc77ce0 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/workloads/rancher-workload-pods.json @@ -0,0 +1,636 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 28, + "iteration": 1618265214337, + "links": [], + "panels": [ + { + "aliasColors": { + "{{pod}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(rate(container_cpu_cfs_throttled_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "CFS throttled ({{pod}})", + "refId": "A" + }, + { + "expr": "(sum(rate(container_cpu_system_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_cpu_usage_seconds_kernelmode{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "System ({{pod}})", + "refId": "B" + }, + { + "expr": "(sum(rate(container_cpu_usage_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_cpu_usage_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "Total ({{pod}})", + "refId": "C" + }, + { + "expr": "(sum(rate(container_cpu_user_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_cpu_usage_seconds_usermode{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "User ({{pod}})", + "refId": "D" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "cpu", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{pod}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(container_memory_working_set_bytes{namespace=~\"$namespace\"} OR windows_container_memory_usage_commit_bytes{namespace=~\"$namespace\"}) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "({{pod}})", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "kbytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{pod}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(rate(container_network_receive_packets_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_network_receive_packets_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "Receive Total ({{pod}})", + "refId": "A" + }, + { + "expr": "(sum(rate(container_network_transmit_packets_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_network_transmit_packets_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "Transmit Total ({{pod}})", + "refId": "B" + }, + { + "expr": "(sum(rate(container_network_receive_packets_dropped_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_network_receive_packets_dropped_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "Receive Dropped ({{pod}})", + "refId": "C" + }, + { + "expr": "(sum(rate(container_network_receive_errors_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "Receive Errors ({{pod}})", + "refId": "D" + }, + { + "expr": "(sum(rate(container_network_transmit_errors_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "Transmit Errors ({{pod}})", + "refId": "E" + }, + { + "expr": "(sum(rate(container_network_transmit_packets_dropped_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_network_transmit_packets_dropped_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "Transmit Dropped ({{pod}})", + "refId": "F" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Traffic", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{pod}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(rate(container_network_receive_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_network_receive_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "Receive Total ({{pod}})", + "refId": "A" + }, + { + "expr": "(sum(rate(container_network_transmit_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_network_transmit_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "Transmit Total ({{pod}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{pod}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(rate(container_fs_writes_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "Write ({{pod}})", + "refId": "A" + }, + { + "expr": "(sum(rate(container_fs_reads_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "Read ({{pod}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "refresh": false, + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "allValue": null, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "namespace", + "query": "query_result(kube_pod_info{namespace!=\"\"} * on(pod) group_right(namespace, created_by_kind, created_by_name) count({__name__=~\"container_.*|windows_container_.*\", pod!=\"\"}) by (pod))", + "refresh": 2, + "regex": "/.*namespace=\"([^\"]*)\"/", + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "kind", + "query": "query_result(kube_pod_info{namespace=\"$namespace\", created_by_kind!=\"\"} * on(pod) group_right(namespace, created_by_kind, created_by_name) count({__name__=~\"container_.*|windows_container_.*\", pod!=\"\"}) by (pod))", + "refresh": 2, + "regex": "/.*created_by_kind=\"([^\"]*)\"/", + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "workload", + "query": "query_result(kube_pod_info{namespace=\"$namespace\", created_by_kind=\"$kind\", created_by_name!=\"\"} * on(pod) group_right(namespace, created_by_kind, created_by_name) count({__name__=~\"container_.*|windows_container_.*\", pod!=\"\"}) by (pod))", + "refresh": 2, + "regex": "/.*created_by_name=\"([^\"]*)\"/", + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Workload (Pods)", + "uid": "rancher-workload-pods-1", + "version": 8 +} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/workloads/rancher-workload.json b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/workloads/rancher-workload.json new file mode 100755 index 000000000..cb4bc5986 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/files/rancher/workloads/rancher-workload.json @@ -0,0 +1,636 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 28, + "iteration": 1618265214337, + "links": [], + "panels": [ + { + "aliasColors": { + "{{pod}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum((sum(rate(container_cpu_cfs_throttled_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "CFS throttled", + "refId": "A" + }, + { + "expr": "sum((sum(rate(container_cpu_system_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_cpu_usage_seconds_kernelmode{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "System", + "refId": "B" + }, + { + "expr": "sum((sum(rate(container_cpu_usage_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_cpu_usage_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "Total", + "refId": "C" + }, + { + "expr": "sum((sum(rate(container_cpu_user_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_cpu_usage_seconds_usermode{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "User", + "refId": "D" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "cpu", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{pod}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum((sum(container_memory_working_set_bytes{namespace=~\"$namespace\"} OR windows_container_memory_usage_commit_bytes{namespace=~\"$namespace\"}) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "Total", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "kbytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{pod}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum((sum(rate(container_network_receive_packets_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_network_receive_packets_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "Receive Total", + "refId": "A" + }, + { + "expr": "sum((sum(rate(container_network_transmit_packets_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_network_transmit_packets_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "Transmit Total", + "refId": "B" + }, + { + "expr": "sum((sum(rate(container_network_receive_packets_dropped_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_network_receive_packets_dropped_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "Receive Dropped", + "refId": "C" + }, + { + "expr": "sum((sum(rate(container_network_receive_errors_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "Receive Errors", + "refId": "D" + }, + { + "expr": "sum((sum(rate(container_network_transmit_errors_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "Transmit Errors", + "refId": "E" + }, + { + "expr": "sum((sum(rate(container_network_transmit_packets_dropped_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_network_transmit_packets_dropped_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "Transmit Dropped", + "refId": "F" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Traffic", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{pod}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum((sum(rate(container_network_receive_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_network_receive_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "Receive Total", + "refId": "A" + }, + { + "expr": "sum((sum(rate(container_network_transmit_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_network_transmit_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "Transmit Total", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{pod}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum((sum(rate(container_fs_writes_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "Write", + "refId": "A" + }, + { + "expr": "sum((sum(rate(container_fs_reads_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "Read", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "refresh": false, + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "allValue": null, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "namespace", + "query": "query_result(kube_pod_info{namespace!=\"\"} * on(pod) group_right(namespace, created_by_kind, created_by_name) count({__name__=~\"container_.*|windows_container_.*\", pod!=\"\"}) by (pod))", + "refresh": 2, + "regex": "/.*namespace=\"([^\"]*)\"/", + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "kind", + "query": "query_result(kube_pod_info{namespace=\"$namespace\", created_by_kind!=\"\"} * on(pod) group_right(namespace, created_by_kind, created_by_name) count({__name__=~\"container_.*|windows_container_.*\", pod!=\"\"}) by (pod))", + "refresh": 2, + "regex": "/.*created_by_kind=\"([^\"]*)\"/", + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "workload", + "query": "query_result(kube_pod_info{namespace=\"$namespace\", created_by_kind=\"$kind\", created_by_name!=\"\"} * on(pod) group_right(namespace, created_by_kind, created_by_name) count({__name__=~\"container_.*|windows_container_.*\", pod!=\"\"}) by (pod))", + "refresh": 2, + "regex": "/.*created_by_name=\"([^\"]*)\"/", + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Workload", + "uid": "rancher-workload-1", + "version": 8 +} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/NOTES.txt b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/NOTES.txt new file mode 100755 index 000000000..371f3ae39 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/NOTES.txt @@ -0,0 +1,4 @@ +{{ $.Chart.Name }} has been installed. Check its status by running: + kubectl --namespace {{ template "kube-prometheus-stack.namespace" . }} get pods -l "release={{ $.Release.Name }}" + +Visit https://github.com/prometheus-operator/kube-prometheus for instructions on how to create & configure Alertmanager and Prometheus instances using the Operator. diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/_helpers.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/_helpers.tpl new file mode 100755 index 000000000..123cbad6d --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/_helpers.tpl @@ -0,0 +1,200 @@ +# Rancher +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +{{/* +https://github.com/helm/helm/issues/4535#issuecomment-477778391 +Usage: {{ include "call-nested" (list . "SUBCHART_NAME" "TEMPLATE") }} +e.g. {{ include "call-nested" (list . "grafana" "grafana.fullname") }} +*/}} +{{- define "call-nested" }} +{{- $dot := index . 0 }} +{{- $subchart := index . 1 | splitList "." }} +{{- $template := index . 2 }} +{{- $values := $dot.Values }} +{{- range $subchart }} +{{- $values = index $values . }} +{{- end }} +{{- include $template (dict "Chart" (dict "Name" (last $subchart)) "Values" $values "Release" $dot.Release "Capabilities" $dot.Capabilities) }} +{{- end }} + +# Special Exporters +{{- define "exporter.kubeEtcd.enabled" -}} +{{- if or .Values.kubeEtcd.enabled .Values.rkeEtcd.enabled .Values.kubeAdmEtcd.enabled .Values.rke2Etcd.enabled -}} +"true" +{{- end -}} +{{- end }} + +{{- define "exporter.kubeControllerManager.enabled" -}} +{{- if or .Values.kubeControllerManager.enabled .Values.rkeControllerManager.enabled .Values.k3sServer.enabled .Values.kubeAdmControllerManager.enabled .Values.rke2ControllerManager.enabled -}} +"true" +{{- end -}} +{{- end }} + +{{- define "exporter.kubeScheduler.enabled" -}} +{{- if or .Values.kubeScheduler.enabled .Values.rkeScheduler.enabled .Values.k3sServer.enabled .Values.kubeAdmScheduler.enabled .Values.rke2Scheduler.enabled -}} +"true" +{{- end -}} +{{- end }} + +{{- define "exporter.kubeProxy.enabled" -}} +{{- if or .Values.kubeProxy.enabled .Values.rkeProxy.enabled .Values.k3sServer.enabled .Values.kubeAdmProxy.enabled .Values.rke2Proxy.enabled -}} +"true" +{{- end -}} +{{- end }} + +{{- define "exporter.kubeControllerManager.jobName" -}} +{{- if .Values.k3sServer.enabled -}} +k3s-server +{{- else -}} +kube-controller-manager +{{- end -}} +{{- end }} + +{{- define "exporter.kubeScheduler.jobName" -}} +{{- if .Values.k3sServer.enabled -}} +k3s-server +{{- else -}} +kube-scheduler +{{- end -}} +{{- end }} + +{{- define "exporter.kubeProxy.jobName" -}} +{{- if .Values.k3sServer.enabled -}} +k3s-server +{{- else -}} +kube-proxy +{{- end -}} +{{- end }} + +{{- define "kubelet.serviceMonitor.resourcePath" -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if not (eq .Values.kubelet.serviceMonitor.resourcePath "/metrics/resource/v1alpha1") -}} +{{ .Values.kubelet.serviceMonitor.resourcePath }} +{{- else if semverCompare ">=1.20.0-0" $kubeTargetVersion -}} +/metrics/resource +{{- else -}} +/metrics/resource/v1alpha1 +{{- end -}} +{{- end }} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# Prometheus Operator + +{{/* vim: set filetype=mustache: */}} +{{/* Expand the name of the chart. This is suffixed with -alertmanager, which means subtract 13 from longest 63 available */}} +{{- define "kube-prometheus-stack.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 50 | trimSuffix "-" -}} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +The components in this chart create additional resources that expand the longest created name strings. +The longest name that gets created adds and extra 37 characters, so truncation should be 63-35=26. +*/}} +{{- define "kube-prometheus-stack.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 26 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 26 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 26 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* Fullname suffixed with operator */}} +{{- define "kube-prometheus-stack.operator.fullname" -}} +{{- printf "%s-operator" (include "kube-prometheus-stack.fullname" .) -}} +{{- end }} + +{{/* Fullname suffixed with prometheus */}} +{{- define "kube-prometheus-stack.prometheus.fullname" -}} +{{- printf "%s-prometheus" (include "kube-prometheus-stack.fullname" .) -}} +{{- end }} + +{{/* Fullname suffixed with alertmanager */}} +{{- define "kube-prometheus-stack.alertmanager.fullname" -}} +{{- printf "%s-alertmanager" (include "kube-prometheus-stack.fullname" .) -}} +{{- end }} + +{{/* Create chart name and version as used by the chart label. */}} +{{- define "kube-prometheus-stack.chartref" -}} +{{- replace "+" "_" .Chart.Version | printf "%s-%s" .Chart.Name -}} +{{- end }} + +{{/* Generate basic labels */}} +{{- define "kube-prometheus-stack.labels" }} +chart: {{ template "kube-prometheus-stack.chartref" . }} +release: {{ $.Release.Name | quote }} +heritage: {{ $.Release.Service | quote }} +{{- if .Values.commonLabels}} +{{ toYaml .Values.commonLabels }} +{{- end }} +{{- end }} + +{{/* Create the name of kube-prometheus-stack service account to use */}} +{{- define "kube-prometheus-stack.operator.serviceAccountName" -}} +{{- if .Values.prometheusOperator.serviceAccount.create -}} + {{ default (include "kube-prometheus-stack.operator.fullname" .) .Values.prometheusOperator.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.prometheusOperator.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* Create the name of prometheus service account to use */}} +{{- define "kube-prometheus-stack.prometheus.serviceAccountName" -}} +{{- if .Values.prometheus.serviceAccount.create -}} + {{ default (include "kube-prometheus-stack.prometheus.fullname" .) .Values.prometheus.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.prometheus.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* Create the name of alertmanager service account to use */}} +{{- define "kube-prometheus-stack.alertmanager.serviceAccountName" -}} +{{- if .Values.alertmanager.serviceAccount.create -}} + {{ default (include "kube-prometheus-stack.alertmanager.fullname" .) .Values.alertmanager.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.alertmanager.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts +*/}} +{{- define "kube-prometheus-stack.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/alertmanager.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/alertmanager.yaml new file mode 100755 index 000000000..8967c86ff --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/alertmanager.yaml @@ -0,0 +1,147 @@ +{{- if .Values.alertmanager.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: Alertmanager +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: +{{- if .Values.alertmanager.alertmanagerSpec.image }} + image: {{ template "system_default_registry" . }}{{ .Values.alertmanager.alertmanagerSpec.image.repository }}:{{ .Values.alertmanager.alertmanagerSpec.image.tag }} + version: {{ .Values.alertmanager.alertmanagerSpec.image.tag }} + {{- if .Values.alertmanager.alertmanagerSpec.image.sha }} + sha: {{ .Values.alertmanager.alertmanagerSpec.image.sha }} + {{- end }} +{{- end }} + replicas: {{ .Values.alertmanager.alertmanagerSpec.replicas }} + listenLocal: {{ .Values.alertmanager.alertmanagerSpec.listenLocal }} + serviceAccountName: {{ template "kube-prometheus-stack.alertmanager.serviceAccountName" . }} +{{- if .Values.alertmanager.alertmanagerSpec.externalUrl }} + externalUrl: "{{ tpl .Values.alertmanager.alertmanagerSpec.externalUrl . }}" +{{- else if and .Values.alertmanager.ingress.enabled .Values.alertmanager.ingress.hosts }} + externalUrl: "http://{{ tpl (index .Values.alertmanager.ingress.hosts 0) . }}{{ .Values.alertmanager.alertmanagerSpec.routePrefix }}" +{{- else if not (or (kindIs "invalid" .Values.global.cattle.url) (kindIs "invalid" .Values.global.cattle.clusterId)) }} + externalUrl: "{{ .Values.global.cattle.url }}/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Values.namespaceOverride }}/services/http:{{ template "kube-prometheus-stack.fullname" . }}-alertmanager:{{ .Values.alertmanager.service.port }}/proxy" +{{- else }} + externalUrl: http://{{ template "kube-prometheus-stack.fullname" . }}-alertmanager.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.alertmanager.service.port }} +{{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 4 }} +{{- if .Values.alertmanager.alertmanagerSpec.nodeSelector }} +{{ toYaml .Values.alertmanager.alertmanagerSpec.nodeSelector | indent 4 }} +{{- end }} + paused: {{ .Values.alertmanager.alertmanagerSpec.paused }} + logFormat: {{ .Values.alertmanager.alertmanagerSpec.logFormat | quote }} + logLevel: {{ .Values.alertmanager.alertmanagerSpec.logLevel | quote }} + retention: {{ .Values.alertmanager.alertmanagerSpec.retention | quote }} +{{- if .Values.alertmanager.alertmanagerSpec.secrets }} + secrets: +{{ toYaml .Values.alertmanager.alertmanagerSpec.secrets | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.configSecret }} + configSecret: {{ .Values.alertmanager.alertmanagerSpec.configSecret }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.configMaps }} + configMaps: +{{ toYaml .Values.alertmanager.alertmanagerSpec.configMaps | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.alertmanagerConfigSelector }} + alertmanagerConfigSelector: +{{ toYaml .Values.alertmanager.alertmanagerSpec.alertmanagerConfigSelector | indent 4}} +{{ else }} + alertmanagerConfigSelector: {} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.alertmanagerConfigNamespaceSelector }} + alertmanagerConfigNamespaceSelector: +{{ toYaml .Values.alertmanager.alertmanagerSpec.alertmanagerConfigNamespaceSelector | indent 4}} +{{ else }} + alertmanagerConfigNamespaceSelector: {} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.resources }} + resources: +{{ toYaml .Values.alertmanager.alertmanagerSpec.resources | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.routePrefix }} + routePrefix: "{{ .Values.alertmanager.alertmanagerSpec.routePrefix }}" +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.securityContext }} + securityContext: +{{ toYaml .Values.alertmanager.alertmanagerSpec.securityContext | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.storage }} + storage: +{{ toYaml .Values.alertmanager.alertmanagerSpec.storage | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.podMetadata }} + podMetadata: +{{ toYaml .Values.alertmanager.alertmanagerSpec.podMetadata | indent 4 }} +{{- end }} +{{- if or .Values.alertmanager.alertmanagerSpec.podAntiAffinity .Values.alertmanager.alertmanagerSpec.affinity }} + affinity: +{{- if .Values.alertmanager.alertmanagerSpec.affinity }} +{{ toYaml .Values.alertmanager.alertmanagerSpec.affinity | indent 4 }} +{{- end }} +{{- if eq .Values.alertmanager.alertmanagerSpec.podAntiAffinity "hard" }} + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: {{ .Values.alertmanager.alertmanagerSpec.podAntiAffinityTopologyKey }} + labelSelector: + matchExpressions: + - {key: app, operator: In, values: [alertmanager]} + - {key: prometheus, operator: In, values: [{{ template "kube-prometheus-stack.fullname" . }}-alertmanager]} +{{- else if eq .Values.alertmanager.alertmanagerSpec.podAntiAffinity "soft" }} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + topologyKey: {{ .Values.alertmanager.alertmanagerSpec.podAntiAffinityTopologyKey }} + labelSelector: + matchExpressions: + - {key: app, operator: In, values: [alertmanager]} + - {key: prometheus, operator: In, values: [{{ template "kube-prometheus-stack.fullname" . }}-alertmanager]} +{{- end }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 4 }} +{{- if .Values.alertmanager.alertmanagerSpec.tolerations }} +{{ toYaml .Values.alertmanager.alertmanagerSpec.tolerations | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.topologySpreadConstraints }} + topologySpreadConstraints: +{{ toYaml .Values.alertmanager.alertmanagerSpec.topologySpreadConstraints | indent 4 }} +{{- end }} +{{- if .Values.global.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.global.imagePullSecrets | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.containers }} + containers: +{{ toYaml .Values.alertmanager.alertmanagerSpec.containers | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.initContainers }} + initContainers: +{{ toYaml .Values.alertmanager.alertmanagerSpec.initContainers | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.priorityClassName }} + priorityClassName: {{.Values.alertmanager.alertmanagerSpec.priorityClassName }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.additionalPeers }} + additionalPeers: +{{ toYaml .Values.alertmanager.alertmanagerSpec.additionalPeers | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.volumes }} + volumes: +{{ toYaml .Values.alertmanager.alertmanagerSpec.volumes | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.volumeMounts }} + volumeMounts: +{{ toYaml .Values.alertmanager.alertmanagerSpec.volumeMounts | indent 4 }} +{{- end }} + portName: {{ .Values.alertmanager.alertmanagerSpec.portName }} +{{- if .Values.alertmanager.alertmanagerSpec.clusterAdvertiseAddress }} + clusterAdvertiseAddress: {{ .Values.alertmanager.alertmanagerSpec.clusterAdvertiseAddress }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.forceEnableClusterMode }} + forceEnableClusterMode: {{ .Values.alertmanager.alertmanagerSpec.forceEnableClusterMode }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/cleanupSecret.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/cleanupSecret.yaml new file mode 100755 index 000000000..908955697 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/cleanupSecret.yaml @@ -0,0 +1,88 @@ +{{- if and (.Values.alertmanager.enabled) (not .Values.alertmanager.alertmanagerSpec.useExistingSecret) (.Values.alertmanager.secret.cleanupOnUninstall) }} +apiVersion: batch/v1 +kind: Job +metadata: + name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-post-delete + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: +{{ include "kube-prometheus-stack.labels" . | indent 4 }} + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-delete-policy": hook-succeeded, hook-failed + "helm.sh/hook-weight": "5" +spec: + template: + metadata: + name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-post-delete + labels: {{ include "kube-prometheus-stack.labels" . | nindent 8 }} + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager + spec: + serviceAccountName: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-post-delete +{{- if .Values.alertmanager.secret.securityContext }} + securityContext: +{{ toYaml .Values.alertmanager.secret.securityContext | indent 8 }} +{{- end }} + containers: + - name: delete-secret + image: {{ template "system_default_registry" . }}{{ .Values.alertmanager.secret.image.repository }}:{{ .Values.alertmanager.secret.image.tag }} + imagePullPolicy: {{ .Values.alertmanager.secret.image.pullPolicy }} + command: + - /bin/sh + - -c + - > + if kubectl get secret -n {{ template "kube-prometheus-stack.namespace" . }} alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-alertmanager > /dev/null 2>&1; then + kubectl delete secret -n {{ template "kube-prometheus-stack.namespace" . }} alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-alertmanager + fi; + restartPolicy: OnFailure + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-post-delete + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-delete-policy": hook-succeeded, hook-failed + "helm.sh/hook-weight": "3" +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: ['get', 'delete'] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-post-delete + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-delete-policy": hook-succeeded, hook-failed + "helm.sh/hook-weight": "3" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-post-delete +subjects: +- kind: ServiceAccount + name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-post-delete + namespace: {{ template "kube-prometheus-stack.namespace" . }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-post-delete + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-delete-policy": hook-succeeded, hook-failed + "helm.sh/hook-weight": "3" +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/ingress.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/ingress.yaml new file mode 100755 index 000000000..50fab1455 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/ingress.yaml @@ -0,0 +1,65 @@ +{{- if and .Values.alertmanager.enabled .Values.alertmanager.ingress.enabled }} +{{- $pathType := .Values.alertmanager.ingress.pathType | default "" }} +{{- $serviceName := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "alertmanager" }} +{{- $servicePort := .Values.alertmanager.service.port -}} +{{- $routePrefix := list .Values.alertmanager.alertmanagerSpec.routePrefix }} +{{- $paths := .Values.alertmanager.ingress.paths | default $routePrefix -}} +{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} +apiVersion: networking.k8s.io/v1beta1 +{{ else }} +apiVersion: extensions/v1beta1 +{{ end -}} +kind: Ingress +metadata: + name: {{ $serviceName }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} +{{- if .Values.alertmanager.ingress.annotations }} + annotations: +{{ toYaml .Values.alertmanager.ingress.annotations | indent 4 }} +{{- end }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager +{{- if .Values.alertmanager.ingress.labels }} +{{ toYaml .Values.alertmanager.ingress.labels | indent 4 }} +{{- end }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + {{- if or (.Capabilities.APIVersions.Has "networking.k8s.io/v1") (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1") }} + {{- if .Values.alertmanager.ingress.ingressClassName }} + ingressClassName: {{ .Values.alertmanager.ingress.ingressClassName }} + {{- end }} + {{- end }} + rules: + {{- if .Values.alertmanager.ingress.hosts }} + {{- range $host := .Values.alertmanager.ingress.hosts }} + - host: {{ tpl $host $ }} + http: + paths: + {{- range $p := $paths }} + - path: {{ tpl $p $ }} + {{- if $pathType }} + pathType: {{ $pathType }} + {{- end }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end -}} + {{- end -}} + {{- else }} + - http: + paths: + {{- range $p := $paths }} + - path: {{ tpl $p $ }} + {{- if $pathType }} + pathType: {{ $pathType }} + {{- end }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end -}} + {{- end -}} + {{- if .Values.alertmanager.ingress.tls }} + tls: +{{ tpl (toYaml .Values.alertmanager.ingress.tls | indent 4) . }} + {{- end -}} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/ingressperreplica.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/ingressperreplica.yaml new file mode 100755 index 000000000..3d673b2c8 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/ingressperreplica.yaml @@ -0,0 +1,62 @@ +{{- if and .Values.alertmanager.enabled .Values.alertmanager.servicePerReplica.enabled .Values.alertmanager.ingressPerReplica.enabled }} +{{- $pathType := .Values.alertmanager.ingressPerReplica.pathType | default "" }} +{{- $count := .Values.alertmanager.alertmanagerSpec.replicas | int -}} +{{- $servicePort := .Values.alertmanager.service.port -}} +{{- $ingressValues := .Values.alertmanager.ingressPerReplica -}} +apiVersion: v1 +kind: List +metadata: + name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-ingressperreplica + namespace: {{ template "kube-prometheus-stack.namespace" . }} +items: +{{ range $i, $e := until $count }} + - kind: Ingress + {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} + apiVersion: networking.k8s.io/v1beta1 + {{ else }} + apiVersion: extensions/v1beta1 + {{ end -}} + metadata: + name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-{{ $i }} + namespace: {{ template "kube-prometheus-stack.namespace" $ }} + labels: + app: {{ include "kube-prometheus-stack.name" $ }}-alertmanager +{{ include "kube-prometheus-stack.labels" $ | indent 8 }} + {{- if $ingressValues.labels }} +{{ toYaml $ingressValues.labels | indent 8 }} + {{- end }} + {{- if $ingressValues.annotations }} + annotations: +{{ toYaml $ingressValues.annotations | indent 8 }} + {{- end }} + spec: + {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1") ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1") }} + {{- if $ingressValues.ingressClassName }} + ingressClassName: {{ $ingressValues.ingressClassName }} + {{- end }} + {{- end }} + rules: + - host: {{ $ingressValues.hostPrefix }}-{{ $i }}.{{ $ingressValues.hostDomain }} + http: + paths: + {{- range $p := $ingressValues.paths }} + - path: {{ tpl $p $ }} + {{- if $pathType }} + pathType: {{ $pathType }} + {{- end }} + backend: + serviceName: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-{{ $i }} + servicePort: {{ $servicePort }} + {{- end -}} + {{- if or $ingressValues.tlsSecretName $ingressValues.tlsSecretPerReplica.enabled }} + tls: + - hosts: + - {{ $ingressValues.hostPrefix }}-{{ $i }}.{{ $ingressValues.hostDomain }} + {{- if $ingressValues.tlsSecretPerReplica.enabled }} + secretName: {{ $ingressValues.tlsSecretPerReplica.prefix }}-{{ $i }} + {{- else }} + secretName: {{ $ingressValues.tlsSecretName }} + {{- end }} + {{- end }} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/podDisruptionBudget.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/podDisruptionBudget.yaml new file mode 100755 index 000000000..1dbe809cd --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/podDisruptionBudget.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.alertmanager.enabled .Values.alertmanager.podDisruptionBudget.enabled }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + {{- if .Values.alertmanager.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.alertmanager.podDisruptionBudget.minAvailable }} + {{- end }} + {{- if .Values.alertmanager.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.alertmanager.podDisruptionBudget.maxUnavailable }} + {{- end }} + selector: + matchLabels: + app: alertmanager + alertmanager: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/psp-role.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/psp-role.yaml new file mode 100755 index 000000000..d64d1f813 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/psp-role.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.alertmanager.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +rules: +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }} +- apiGroups: ['policy'] +{{- else }} +- apiGroups: ['extensions'] +{{- end }} + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "kube-prometheus-stack.fullname" . }}-alertmanager +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/psp-rolebinding.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/psp-rolebinding.yaml new file mode 100755 index 000000000..9248cc8dd --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/psp-rolebinding.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.alertmanager.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager +subjects: + - kind: ServiceAccount + name: {{ template "kube-prometheus-stack.alertmanager.serviceAccountName" . }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/psp.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/psp.yaml new file mode 100755 index 000000000..6fa445009 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/psp.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.alertmanager.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager +{{- if .Values.global.rbac.pspAnnotations }} + annotations: +{{ toYaml .Values.global.rbac.pspAnnotations | indent 4 }} +{{- end }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + privileged: false + # Required to prevent escalations to root. + # allowPrivilegeEscalation: false + # This is redundant with non-root + disallow privilege escalation, + # but we can provide it for defense in depth. + #requiredDropCapabilities: + # - ALL + # Allow core volume types. + volumes: + - 'configMap' + - 'emptyDir' + - 'projected' + - 'secret' + - 'downwardAPI' + - 'persistentVolumeClaim' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + # Permits the container to run with root privileges as well. + rule: 'RunAsAny' + seLinux: + # This policy assumes the nodes are using AppArmor rather than SELinux. + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 0 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} + diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/secret.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/secret.yaml new file mode 100755 index 000000000..9d9bdabfa --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/secret.yaml @@ -0,0 +1,166 @@ +{{- if and (.Values.alertmanager.enabled) (not .Values.alertmanager.alertmanagerSpec.useExistingSecret) }} +{{- if .Release.IsInstall }} +{{- $secretName := (printf "alertmanager-%s-alertmanager" (include "kube-prometheus-stack.fullname" .)) }} +{{- if (lookup "v1" "Secret" (include "kube-prometheus-stack.namespace" .) $secretName) }} +{{- required (printf "Cannot overwrite existing secret %s in namespace %s." $secretName (include "kube-prometheus-stack.namespace" .)) "" }} +{{- end }}{{- end }} +apiVersion: v1 +kind: Secret +metadata: + name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install + namespace: {{ template "kube-prometheus-stack.namespace" . }} + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-delete-policy": hook-succeeded, hook-failed + "helm.sh/hook-weight": "3" +{{- if .Values.alertmanager.secret.annotations }} +{{ toYaml .Values.alertmanager.secret.annotations | indent 4 }} +{{- end }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +data: +{{- if .Values.alertmanager.tplConfig }} + alertmanager.yaml: {{ tpl (toYaml .Values.alertmanager.config) . | b64enc | quote }} +{{- else }} + alertmanager.yaml: {{ toYaml .Values.alertmanager.config | b64enc | quote }} +{{- end}} +{{- range $key, $val := .Values.alertmanager.templateFiles }} + {{ $key }}: {{ $val | b64enc | quote }} +{{- end }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: +{{ include "kube-prometheus-stack.labels" . | indent 4 }} + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-delete-policy": hook-succeeded, hook-failed + "helm.sh/hook-weight": "5" +spec: + template: + metadata: + name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install + labels: {{ include "kube-prometheus-stack.labels" . | nindent 8 }} + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager + spec: + serviceAccountName: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install +{{- if .Values.alertmanager.secret.securityContext }} + securityContext: +{{ toYaml .Values.alertmanager.secret.securityContext | indent 8 }} +{{- end }} + containers: + - name: copy-pre-install-secret + image: {{ template "system_default_registry" . }}{{ .Values.alertmanager.secret.image.repository }}:{{ .Values.alertmanager.secret.image.tag }} + imagePullPolicy: {{ .Values.alertmanager.secret.image.pullPolicy }} + command: + - /bin/sh + - -c + - > + if kubectl get secret -n {{ template "kube-prometheus-stack.namespace" . }} alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-alertmanager > /dev/null 2>&1; then + echo "Secret already exists" + exit 1 + fi; + kubectl patch secret -n {{ template "kube-prometheus-stack.namespace" . }} --dry-run -o yaml + alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install + -p '{{ printf "{\"metadata\":{\"name\": \"alertmanager-%s-alertmanager\"}}" (include "kube-prometheus-stack.fullname" .) }}' + | kubectl apply -f -; + kubectl annotate secret -n {{ template "kube-prometheus-stack.namespace" . }} + alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-alertmanager + helm.sh/hook- helm.sh/hook-delete-policy- helm.sh/hook-weight-; + restartPolicy: OnFailure + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-delete-policy": hook-succeeded, hook-failed + "helm.sh/hook-weight": "3" +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: ['create', 'get', 'patch'] +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-delete-policy": hook-succeeded, hook-failed + "helm.sh/hook-weight": "3" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install +subjects: +- kind: ServiceAccount + name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install + namespace: {{ template "kube-prometheus-stack.namespace" . }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-delete-policy": hook-succeeded, hook-failed + "helm.sh/hook-weight": "3" +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-pre-install + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-delete-policy": hook-succeeded, hook-failed + "helm.sh/hook-weight": "3" +spec: + privileged: false + allowPrivilegeEscalation: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/service.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/service.yaml new file mode 100755 index 000000000..bbcc60f2b --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/service.yaml @@ -0,0 +1,50 @@ +{{- if .Values.alertmanager.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager + self-monitor: {{ .Values.alertmanager.serviceMonitor.selfMonitor | quote }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.alertmanager.service.labels }} +{{ toYaml .Values.alertmanager.service.labels | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.service.annotations }} + annotations: +{{ toYaml .Values.alertmanager.service.annotations | indent 4 }} +{{- end }} +spec: +{{- if .Values.alertmanager.service.clusterIP }} + clusterIP: {{ .Values.alertmanager.service.clusterIP }} +{{- end }} +{{- if .Values.alertmanager.service.externalIPs }} + externalIPs: +{{ toYaml .Values.alertmanager.service.externalIPs | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.alertmanager.service.loadBalancerIP }} +{{- end }} +{{- if .Values.alertmanager.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range $cidr := .Values.alertmanager.service.loadBalancerSourceRanges }} + - {{ $cidr }} + {{- end }} +{{- end }} + ports: + - name: {{ .Values.alertmanager.alertmanagerSpec.portName }} + {{- if eq .Values.alertmanager.service.type "NodePort" }} + nodePort: {{ .Values.alertmanager.service.nodePort }} + {{- end }} + port: {{ .Values.alertmanager.service.port }} + targetPort: {{ .Values.alertmanager.service.targetPort }} + protocol: TCP +{{- if .Values.alertmanager.service.additionalPorts }} +{{ toYaml .Values.alertmanager.service.additionalPorts | indent 2 }} +{{- end }} + selector: + app: alertmanager + alertmanager: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager + type: "{{ .Values.alertmanager.service.type }}" +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/serviceaccount.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/serviceaccount.yaml new file mode 100755 index 000000000..c5e6e9228 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.alertmanager.enabled .Values.alertmanager.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kube-prometheus-stack.alertmanager.serviceAccountName" . }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.alertmanager.serviceAccount.annotations }} + annotations: +{{ toYaml .Values.alertmanager.serviceAccount.annotations | indent 4 }} +{{- end }} +imagePullSecrets: +{{ toYaml .Values.global.imagePullSecrets | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/servicemonitor.yaml new file mode 100755 index 000000000..a699accb8 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/servicemonitor.yaml @@ -0,0 +1,42 @@ +{{- if and .Values.alertmanager.enabled .Values.alertmanager.serviceMonitor.selfMonitor }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + selector: + matchLabels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager + release: {{ $.Release.Name | quote }} + self-monitor: "true" + namespaceSelector: + matchNames: + - {{ printf "%s" (include "kube-prometheus-stack.namespace" .) | quote }} + endpoints: + - port: {{ .Values.alertmanager.alertmanagerSpec.portName }} + {{- if .Values.alertmanager.serviceMonitor.interval }} + interval: {{ .Values.alertmanager.serviceMonitor.interval }} + {{- end }} + {{- if .Values.alertmanager.serviceMonitor.scheme }} + scheme: {{ .Values.alertmanager.serviceMonitor.scheme }} + {{- end }} + {{- if .Values.alertmanager.serviceMonitor.bearerTokenFile }} + bearerTokenFile: {{ .Values.alertmanager.serviceMonitor.bearerTokenFile }} + {{- end }} + {{- if .Values.alertmanager.serviceMonitor.tlsConfig }} + tlsConfig: {{ toYaml .Values.alertmanager.serviceMonitor.tlsConfig | nindent 6 }} + {{- end }} + path: "{{ trimSuffix "/" .Values.alertmanager.alertmanagerSpec.routePrefix }}/metrics" +{{- if .Values.alertmanager.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.alertmanager.serviceMonitor.metricRelabelings | indent 6) . }} +{{- end }} +{{- if .Values.alertmanager.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.alertmanager.serviceMonitor.relabelings | indent 6 }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/serviceperreplica.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/serviceperreplica.yaml new file mode 100755 index 000000000..0f12ae879 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/alertmanager/serviceperreplica.yaml @@ -0,0 +1,46 @@ +{{- if and .Values.alertmanager.enabled .Values.alertmanager.servicePerReplica.enabled }} +{{- $count := .Values.alertmanager.alertmanagerSpec.replicas | int -}} +{{- $serviceValues := .Values.alertmanager.servicePerReplica -}} +apiVersion: v1 +kind: List +metadata: + name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-serviceperreplica + namespace: {{ template "kube-prometheus-stack.namespace" . }} +items: +{{- range $i, $e := until $count }} + - apiVersion: v1 + kind: Service + metadata: + name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-{{ $i }} + namespace: {{ template "kube-prometheus-stack.namespace" $ }} + labels: + app: {{ include "kube-prometheus-stack.name" $ }}-alertmanager +{{ include "kube-prometheus-stack.labels" $ | indent 8 }} + {{- if $serviceValues.annotations }} + annotations: +{{ toYaml $serviceValues.annotations | indent 8 }} + {{- end }} + spec: + {{- if $serviceValues.clusterIP }} + clusterIP: {{ $serviceValues.clusterIP }} + {{- end }} + {{- if $serviceValues.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range $cidr := $serviceValues.loadBalancerSourceRanges }} + - {{ $cidr }} + {{- end }} + {{- end }} + ports: + - name: {{ $.Values.alertmanager.alertmanagerSpec.portName }} + {{- if eq $serviceValues.type "NodePort" }} + nodePort: {{ $serviceValues.nodePort }} + {{- end }} + port: {{ $serviceValues.port }} + targetPort: {{ $serviceValues.targetPort }} + selector: + app: alertmanager + alertmanager: {{ template "kube-prometheus-stack.fullname" $ }}-alertmanager + statefulset.kubernetes.io/pod-name: alertmanager-{{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-{{ $i }} + type: "{{ $serviceValues.type }}" +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/core-dns/service.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/core-dns/service.yaml new file mode 100755 index 000000000..f77db4199 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/core-dns/service.yaml @@ -0,0 +1,24 @@ +{{- if .Values.coreDns.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-coredns + labels: + app: {{ template "kube-prometheus-stack.name" . }}-coredns + jobLabel: coredns +{{ include "kube-prometheus-stack.labels" . | indent 4 }} + namespace: kube-system +spec: + clusterIP: None + ports: + - name: http-metrics + port: {{ .Values.coreDns.service.port }} + protocol: TCP + targetPort: {{ .Values.coreDns.service.targetPort }} + selector: + {{- if .Values.coreDns.service.selector }} +{{ toYaml .Values.coreDns.service.selector | indent 4 }} + {{- else}} + k8s-app: kube-dns + {{- end}} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/core-dns/servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/core-dns/servicemonitor.yaml new file mode 100755 index 000000000..f34549048 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/core-dns/servicemonitor.yaml @@ -0,0 +1,33 @@ +{{- if .Values.coreDns.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-coredns + namespace: "kube-system" + labels: + app: {{ template "kube-prometheus-stack.name" . }}-coredns +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + jobLabel: jobLabel + selector: + matchLabels: + app: {{ template "kube-prometheus-stack.name" . }}-coredns + release: {{ $.Release.Name | quote }} + namespaceSelector: + matchNames: + - "kube-system" + endpoints: + - port: http-metrics + {{- if .Values.coreDns.serviceMonitor.interval}} + interval: {{ .Values.coreDns.serviceMonitor.interval }} + {{- end }} + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token +{{- if .Values.coreDns.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.coreDns.serviceMonitor.metricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.coreDns.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.coreDns.serviceMonitor.relabelings | indent 4 }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-api-server/servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-api-server/servicemonitor.yaml new file mode 100755 index 000000000..b7ea3817c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-api-server/servicemonitor.yaml @@ -0,0 +1,36 @@ +{{- if .Values.kubeApiServer.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-apiserver + namespace: default + labels: + app: {{ template "kube-prometheus-stack.name" . }}-apiserver +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + endpoints: + - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + {{- if .Values.kubeApiServer.serviceMonitor.interval }} + interval: {{ .Values.kubeApiServer.serviceMonitor.interval }} + {{- end }} + port: https + scheme: https +{{- if .Values.kubeApiServer.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubeApiServer.serviceMonitor.metricRelabelings | indent 6) . }} +{{- end }} +{{- if .Values.kubeApiServer.relabelings }} + relabelings: +{{ toYaml .Values.kubeApiServer.relabelings | indent 6 }} +{{- end }} + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + serverName: {{ .Values.kubeApiServer.tlsConfig.serverName }} + insecureSkipVerify: {{ .Values.kubeApiServer.tlsConfig.insecureSkipVerify }} + jobLabel: {{ .Values.kubeApiServer.serviceMonitor.jobLabel }} + namespaceSelector: + matchNames: + - default + selector: +{{ toYaml .Values.kubeApiServer.serviceMonitor.selector | indent 4 }} +{{- end}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-controller-manager/endpoints.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-controller-manager/endpoints.yaml new file mode 100755 index 000000000..413193028 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-controller-manager/endpoints.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.endpoints }} +apiVersion: v1 +kind: Endpoints +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-controller-manager + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-controller-manager + k8s-app: kube-controller-manager +{{ include "kube-prometheus-stack.labels" . | indent 4 }} + namespace: kube-system +subsets: + - addresses: + {{- range .Values.kubeControllerManager.endpoints }} + - ip: {{ . }} + {{- end }} + ports: + - name: http-metrics + port: {{ .Values.kubeControllerManager.service.port }} + protocol: TCP +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-controller-manager/service.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-controller-manager/service.yaml new file mode 100755 index 000000000..d55ca2a10 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-controller-manager/service.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.service.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-controller-manager + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-controller-manager + jobLabel: kube-controller-manager +{{ include "kube-prometheus-stack.labels" . | indent 4 }} + namespace: kube-system +spec: + clusterIP: None + ports: + - name: http-metrics + port: {{ .Values.kubeControllerManager.service.port }} + protocol: TCP + targetPort: {{ .Values.kubeControllerManager.service.targetPort }} +{{- if .Values.kubeControllerManager.endpoints }}{{- else }} + selector: + {{- if .Values.kubeControllerManager.service.selector }} +{{ toYaml .Values.kubeControllerManager.service.selector | indent 4 }} + {{- else}} + component: kube-controller-manager + {{- end}} +{{- end }} + type: ClusterIP +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-controller-manager/servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-controller-manager/servicemonitor.yaml new file mode 100755 index 000000000..38e2b1970 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-controller-manager/servicemonitor.yaml @@ -0,0 +1,44 @@ +{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-controller-manager + namespace: "kube-system" + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-controller-manager +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + jobLabel: jobLabel + selector: + matchLabels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-controller-manager + release: {{ $.Release.Name | quote }} + namespaceSelector: + matchNames: + - "kube-system" + endpoints: + - port: http-metrics + {{- if .Values.kubeControllerManager.serviceMonitor.interval }} + interval: {{ .Values.kubeControllerManager.serviceMonitor.interval }} + {{- end }} + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + {{- if .Values.kubeControllerManager.serviceMonitor.https }} + scheme: https + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + {{- if .Values.kubeControllerManager.serviceMonitor.insecureSkipVerify }} + insecureSkipVerify: {{ .Values.kubeControllerManager.serviceMonitor.insecureSkipVerify }} + {{- end }} + {{- if .Values.kubeControllerManager.serviceMonitor.serverName }} + serverName: {{ .Values.kubeControllerManager.serviceMonitor.serverName }} + {{- end }} + {{- end }} +{{- if .Values.kubeControllerManager.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubeControllerManager.serviceMonitor.metricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.kubeControllerManager.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.kubeControllerManager.serviceMonitor.relabelings | indent 4 }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-dns/service.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-dns/service.yaml new file mode 100755 index 000000000..c7bf142d5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-dns/service.yaml @@ -0,0 +1,28 @@ +{{- if .Values.kubeDns.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-dns + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-dns + jobLabel: kube-dns +{{ include "kube-prometheus-stack.labels" . | indent 4 }} + namespace: kube-system +spec: + clusterIP: None + ports: + - name: http-metrics-dnsmasq + port: {{ .Values.kubeDns.service.dnsmasq.port }} + protocol: TCP + targetPort: {{ .Values.kubeDns.service.dnsmasq.targetPort }} + - name: http-metrics-skydns + port: {{ .Values.kubeDns.service.skydns.port }} + protocol: TCP + targetPort: {{ .Values.kubeDns.service.skydns.targetPort }} + selector: + {{- if .Values.kubeDns.service.selector }} +{{ toYaml .Values.kubeDns.service.selector | indent 4 }} + {{- else}} + k8s-app: kube-dns + {{- end}} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-dns/servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-dns/servicemonitor.yaml new file mode 100755 index 000000000..28d06ae83 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-dns/servicemonitor.yaml @@ -0,0 +1,46 @@ +{{- if .Values.kubeDns.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-dns + namespace: "kube-system" + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-dns +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + jobLabel: jobLabel + selector: + matchLabels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-dns + release: {{ $.Release.Name | quote }} + namespaceSelector: + matchNames: + - "kube-system" + endpoints: + - port: http-metrics-dnsmasq + {{- if .Values.kubeDns.serviceMonitor.interval }} + interval: {{ .Values.kubeDns.serviceMonitor.interval }} + {{- end }} + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token +{{- if .Values.kubeDns.serviceMonitor.dnsmasqMetricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubeDns.serviceMonitor.dnsmasqMetricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.kubeDns.serviceMonitor.dnsmasqRelabelings }} + relabelings: +{{ toYaml .Values.kubeDns.serviceMonitor.dnsmasqRelabelings | indent 4 }} +{{- end }} + - port: http-metrics-skydns + {{- if .Values.kubeDns.serviceMonitor.interval }} + interval: {{ .Values.kubeDns.serviceMonitor.interval }} + {{- end }} + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token +{{- if .Values.kubeDns.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubeDns.serviceMonitor.metricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.kubeDns.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.kubeDns.serviceMonitor.relabelings | indent 4 }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-etcd/endpoints.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-etcd/endpoints.yaml new file mode 100755 index 000000000..8f07a5cc2 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-etcd/endpoints.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.kubeEtcd.enabled .Values.kubeEtcd.endpoints }} +apiVersion: v1 +kind: Endpoints +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-etcd + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-etcd + k8s-app: etcd-server +{{ include "kube-prometheus-stack.labels" . | indent 4 }} + namespace: kube-system +subsets: + - addresses: + {{- range .Values.kubeEtcd.endpoints }} + - ip: {{ . }} + {{- end }} + ports: + - name: http-metrics + port: {{ .Values.kubeEtcd.service.port }} + protocol: TCP +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-etcd/service.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-etcd/service.yaml new file mode 100755 index 000000000..b2677e280 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-etcd/service.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.kubeEtcd.enabled .Values.kubeEtcd.service.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-etcd + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-etcd + jobLabel: kube-etcd +{{ include "kube-prometheus-stack.labels" . | indent 4 }} + namespace: kube-system +spec: + clusterIP: None + ports: + - name: http-metrics + port: {{ .Values.kubeEtcd.service.port }} + protocol: TCP + targetPort: {{ .Values.kubeEtcd.service.targetPort }} +{{- if .Values.kubeEtcd.endpoints }}{{- else }} + selector: + {{- if .Values.kubeEtcd.service.selector }} +{{ toYaml .Values.kubeEtcd.service.selector | indent 4 }} + {{- else}} + component: etcd + {{- end}} +{{- end }} + type: ClusterIP +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-etcd/servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-etcd/servicemonitor.yaml new file mode 100755 index 000000000..d5816f441 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-etcd/servicemonitor.yaml @@ -0,0 +1,50 @@ +{{- if and .Values.kubeEtcd.enabled .Values.kubeEtcd.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-etcd + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-etcd +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + jobLabel: jobLabel + selector: + matchLabels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-etcd + release: {{ $.Release.Name | quote }} + namespaceSelector: + matchNames: + - "kube-system" + endpoints: + - port: http-metrics + {{- if .Values.kubeEtcd.serviceMonitor.interval }} + interval: {{ .Values.kubeEtcd.serviceMonitor.interval }} + {{- end }} + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + {{- if eq .Values.kubeEtcd.serviceMonitor.scheme "https" }} + scheme: https + tlsConfig: + {{- if .Values.kubeEtcd.serviceMonitor.serverName }} + serverName: {{ .Values.kubeEtcd.serviceMonitor.serverName }} + {{- end }} + {{- if .Values.kubeEtcd.serviceMonitor.caFile }} + caFile: {{ .Values.kubeEtcd.serviceMonitor.caFile }} + {{- end }} + {{- if .Values.kubeEtcd.serviceMonitor.certFile }} + certFile: {{ .Values.kubeEtcd.serviceMonitor.certFile }} + {{- end }} + {{- if .Values.kubeEtcd.serviceMonitor.keyFile }} + keyFile: {{ .Values.kubeEtcd.serviceMonitor.keyFile }} + {{- end}} + insecureSkipVerify: {{ .Values.kubeEtcd.serviceMonitor.insecureSkipVerify }} + {{- end }} +{{- if .Values.kubeEtcd.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubeEtcd.serviceMonitor.metricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.kubeEtcd.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.kubeEtcd.serviceMonitor.relabelings | indent 4 }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-proxy/endpoints.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-proxy/endpoints.yaml new file mode 100755 index 000000000..2cb756d15 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-proxy/endpoints.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.kubeProxy.enabled .Values.kubeProxy.endpoints }} +apiVersion: v1 +kind: Endpoints +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-proxy + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-proxy + k8s-app: kube-proxy +{{ include "kube-prometheus-stack.labels" . | indent 4 }} + namespace: kube-system +subsets: + - addresses: + {{- range .Values.kubeProxy.endpoints }} + - ip: {{ . }} + {{- end }} + ports: + - name: http-metrics + port: {{ .Values.kubeProxy.service.port }} + protocol: TCP +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-proxy/service.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-proxy/service.yaml new file mode 100755 index 000000000..6a93319ef --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-proxy/service.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.kubeProxy.enabled .Values.kubeProxy.service.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-proxy + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-proxy + jobLabel: kube-proxy +{{ include "kube-prometheus-stack.labels" . | indent 4 }} + namespace: kube-system +spec: + clusterIP: None + ports: + - name: http-metrics + port: {{ .Values.kubeProxy.service.port }} + protocol: TCP + targetPort: {{ .Values.kubeProxy.service.targetPort }} +{{- if .Values.kubeProxy.endpoints }}{{- else }} + selector: + {{- if .Values.kubeProxy.service.selector }} +{{ toYaml .Values.kubeProxy.service.selector | indent 4 }} + {{- else}} + k8s-app: kube-proxy + {{- end}} +{{- end }} + type: ClusterIP +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-proxy/servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-proxy/servicemonitor.yaml new file mode 100755 index 000000000..ed1632682 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-proxy/servicemonitor.yaml @@ -0,0 +1,38 @@ +{{- if and .Values.kubeProxy.enabled .Values.kubeProxy.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-proxy + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-proxy +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + jobLabel: jobLabel + selector: + matchLabels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-proxy + release: {{ $.Release.Name | quote }} + namespaceSelector: + matchNames: + - "kube-system" + endpoints: + - port: http-metrics + {{- if .Values.kubeProxy.serviceMonitor.interval }} + interval: {{ .Values.kubeProxy.serviceMonitor.interval }} + {{- end }} + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + {{- if .Values.kubeProxy.serviceMonitor.https }} + scheme: https + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + {{- end}} +{{- if .Values.kubeProxy.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ toYaml .Values.kubeProxy.serviceMonitor.metricRelabelings | indent 4 }} +{{- end }} +{{- if .Values.kubeProxy.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.kubeProxy.serviceMonitor.relabelings | indent 4 }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-scheduler/endpoints.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-scheduler/endpoints.yaml new file mode 100755 index 000000000..f4ad60fd6 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-scheduler/endpoints.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.endpoints }} +apiVersion: v1 +kind: Endpoints +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-scheduler + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-scheduler + k8s-app: kube-scheduler +{{ include "kube-prometheus-stack.labels" . | indent 4 }} + namespace: kube-system +subsets: + - addresses: + {{- range .Values.kubeScheduler.endpoints }} + - ip: {{ . }} + {{- end }} + ports: + - name: http-metrics + port: {{ .Values.kubeScheduler.service.port }} + protocol: TCP +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-scheduler/service.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-scheduler/service.yaml new file mode 100755 index 000000000..7a9c53da0 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-scheduler/service.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.service.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-scheduler + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-scheduler + jobLabel: kube-scheduler +{{ include "kube-prometheus-stack.labels" . | indent 4 }} + namespace: kube-system +spec: + clusterIP: None + ports: + - name: http-metrics + port: {{ .Values.kubeScheduler.service.port}} + protocol: TCP + targetPort: {{ .Values.kubeScheduler.service.targetPort}} +{{- if .Values.kubeScheduler.endpoints }}{{- else }} + selector: + {{- if .Values.kubeScheduler.service.selector }} +{{ toYaml .Values.kubeScheduler.service.selector | indent 4 }} + {{- else}} + component: kube-scheduler + {{- end}} +{{- end }} + type: ClusterIP +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-scheduler/servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-scheduler/servicemonitor.yaml new file mode 100755 index 000000000..7caef4f58 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-scheduler/servicemonitor.yaml @@ -0,0 +1,44 @@ +{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-scheduler + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-scheduler +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + jobLabel: jobLabel + selector: + matchLabels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-scheduler + release: {{ $.Release.Name | quote }} + namespaceSelector: + matchNames: + - "kube-system" + endpoints: + - port: http-metrics + {{- if .Values.kubeScheduler.serviceMonitor.interval }} + interval: {{ .Values.kubeScheduler.serviceMonitor.interval }} + {{- end }} + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + {{- if .Values.kubeScheduler.serviceMonitor.https }} + scheme: https + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + {{- if .Values.kubeScheduler.serviceMonitor.insecureSkipVerify }} + insecureSkipVerify: {{ .Values.kubeScheduler.serviceMonitor.insecureSkipVerify }} + {{- end}} + {{- if .Values.kubeScheduler.serviceMonitor.serverName }} + serverName: {{ .Values.kubeScheduler.serviceMonitor.serverName }} + {{- end}} + {{- end}} +{{- if .Values.kubeScheduler.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubeScheduler.serviceMonitor.metricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.kubeScheduler.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.kubeScheduler.serviceMonitor.relabelings | indent 4 }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-state-metrics/serviceMonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-state-metrics/serviceMonitor.yaml new file mode 100755 index 000000000..5b723b214 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kube-state-metrics/serviceMonitor.yaml @@ -0,0 +1,34 @@ +{{- if .Values.kubeStateMetrics.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-state-metrics + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-state-metrics +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + jobLabel: app.kubernetes.io/name + endpoints: + - port: http + {{- if .Values.kubeStateMetrics.serviceMonitor.interval }} + interval: {{ .Values.kubeStateMetrics.serviceMonitor.interval }} + {{- end }} + honorLabels: true +{{- if .Values.kubeStateMetrics.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubeStateMetrics.serviceMonitor.metricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.kubeStateMetrics.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.kubeStateMetrics.serviceMonitor.relabelings | indent 4 }} +{{- end }} + selector: + matchLabels: +{{- if .Values.kubeStateMetrics.serviceMonitor.selectorOverride }} +{{ toYaml .Values.kubeStateMetrics.serviceMonitor.selectorOverride | indent 6 }} +{{ else }} + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: "{{ $.Release.Name }}" +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kubelet/servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kubelet/servicemonitor.yaml new file mode 100755 index 000000000..15811312c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/kubelet/servicemonitor.yaml @@ -0,0 +1,151 @@ +{{- if .Values.kubelet.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kubelet + namespace: {{ .Values.kubelet.namespace }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kubelet +{{- include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + endpoints: + {{- if .Values.kubelet.serviceMonitor.https }} + - port: https-metrics + scheme: https + {{- if .Values.kubelet.serviceMonitor.interval }} + interval: {{ .Values.kubelet.serviceMonitor.interval }} + {{- end }} + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + insecureSkipVerify: true + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + honorLabels: true +{{- if .Values.kubelet.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubelet.serviceMonitor.metricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.kubelet.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.kubelet.serviceMonitor.relabelings | indent 4 }} +{{- end }} +{{- if .Values.kubelet.serviceMonitor.cAdvisor }} + - port: https-metrics + scheme: https + path: /metrics/cadvisor + {{- if .Values.kubelet.serviceMonitor.interval }} + interval: {{ .Values.kubelet.serviceMonitor.interval }} + {{- end }} + {{- if .Values.kubelet.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.kubelet.serviceMonitor.scrapeTimeout }} + {{- end }} + honorLabels: true + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + insecureSkipVerify: true + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token +{{- if .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.kubelet.serviceMonitor.cAdvisorRelabelings }} + relabelings: +{{ toYaml .Values.kubelet.serviceMonitor.cAdvisorRelabelings | indent 4 }} +{{- end }} +{{- end }} +{{- if .Values.kubelet.serviceMonitor.probes }} + - port: https-metrics + scheme: https + path: /metrics/probes + {{- if .Values.kubelet.serviceMonitor.interval }} + interval: {{ .Values.kubelet.serviceMonitor.interval }} + {{- end }} + honorLabels: true + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + insecureSkipVerify: true + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token +{{- if .Values.kubelet.serviceMonitor.probesMetricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubelet.serviceMonitor.probesMetricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.kubelet.serviceMonitor.probesRelabelings }} + relabelings: +{{ toYaml .Values.kubelet.serviceMonitor.probesRelabelings | indent 4 }} +{{- end }} +{{- end }} +{{- if .Values.kubelet.serviceMonitor.resource }} + - port: https-metrics + scheme: https + path: {{ include "kubelet.serviceMonitor.resourcePath" . }} + {{- if .Values.kubelet.serviceMonitor.interval }} + interval: {{ .Values.kubelet.serviceMonitor.interval }} + {{- end }} + honorLabels: true + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + insecureSkipVerify: true + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token +{{- if .Values.kubelet.serviceMonitor.resourceMetricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubelet.serviceMonitor.resourceMetricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.kubelet.serviceMonitor.resourceRelabelings }} + relabelings: +{{ toYaml .Values.kubelet.serviceMonitor.resourceRelabelings | indent 4 }} +{{- end }} +{{- end }} + {{- else }} + - port: http-metrics + {{- if .Values.kubelet.serviceMonitor.interval }} + interval: {{ .Values.kubelet.serviceMonitor.interval }} + {{- end }} + honorLabels: true +{{- if .Values.kubelet.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubelet.serviceMonitor.metricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.kubelet.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.kubelet.serviceMonitor.relabelings | indent 4 }} +{{- end }} +{{- if .Values.kubelet.serviceMonitor.cAdvisor }} + - port: http-metrics + path: /metrics/cadvisor + {{- if .Values.kubelet.serviceMonitor.interval }} + interval: {{ .Values.kubelet.serviceMonitor.interval }} + {{- end }} + honorLabels: true +{{- if .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.kubelet.serviceMonitor.cAdvisorRelabelings }} + relabelings: +{{ toYaml .Values.kubelet.serviceMonitor.cAdvisorRelabelings | indent 4 }} +{{- end }} +{{- if .Values.kubelet.serviceMonitor.resource }} + - port: http-metrics + path: {{ include "kubelet.serviceMonitor.resourcePath" . }} + {{- if .Values.kubelet.serviceMonitor.interval }} + interval: {{ .Values.kubelet.serviceMonitor.interval }} + {{- end }} + honorLabels: true +{{- if .Values.kubelet.serviceMonitor.resourceMetricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubelet.serviceMonitor.resourceMetricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.kubelet.serviceMonitor.resourceRelabelings }} + relabelings: +{{ toYaml .Values.kubelet.serviceMonitor.resourceRelabelings | indent 4 }} +{{- end }} +{{- end }} +{{- end }} + {{- end }} + jobLabel: k8s-app + namespaceSelector: + matchNames: + - {{ .Values.kubelet.namespace }} + selector: + matchLabels: + k8s-app: kubelet +{{- end}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/node-exporter/servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/node-exporter/servicemonitor.yaml new file mode 100755 index 000000000..5ca5f1b75 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/exporters/node-exporter/servicemonitor.yaml @@ -0,0 +1,32 @@ +{{- if .Values.nodeExporter.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-node-exporter + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-node-exporter +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + jobLabel: {{ .Values.nodeExporter.jobLabel }} + selector: + matchLabels: + app: prometheus-node-exporter + release: {{ $.Release.Name }} + endpoints: + - port: metrics + {{- if .Values.nodeExporter.serviceMonitor.interval }} + interval: {{ .Values.nodeExporter.serviceMonitor.interval }} + {{- end }} + {{- if .Values.nodeExporter.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.nodeExporter.serviceMonitor.scrapeTimeout }} + {{- end }} +{{- if .Values.nodeExporter.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.nodeExporter.serviceMonitor.metricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.nodeExporter.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.nodeExporter.serviceMonitor.relabelings | indent 4 }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/configmap-dashboards.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/configmap-dashboards.yaml new file mode 100755 index 000000000..f11af8285 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/configmap-dashboards.yaml @@ -0,0 +1,24 @@ +{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +{{- $files := .Files.Glob "dashboards/*.json" }} +{{- if $files }} +apiVersion: v1 +kind: ConfigMapList +items: +{{- range $path, $fileContents := $files }} +{{- $dashboardName := regexReplaceAll "(^.*/)(.*)\\.json$" $path "${2}" }} +- apiVersion: v1 + kind: ConfigMap + metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) $dashboardName | trunc 63 | trimSuffix "-" }} + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 6 }} + data: + {{ $dashboardName }}.json: {{ $.Files.Get $path | toJson }} +{{- end }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/configmaps-datasources.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/configmaps-datasources.yaml new file mode 100755 index 000000000..c6700d84e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/configmaps-datasources.yaml @@ -0,0 +1,43 @@ +{{- if and .Values.grafana.enabled .Values.grafana.sidecar.datasources.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-grafana-datasource + namespace: {{ default .Values.grafana.sidecar.datasources.searchNamespace (include "kube-prometheus-stack.namespace" .) }} +{{- if .Values.grafana.sidecar.datasources.annotations }} + annotations: +{{ toYaml .Values.grafana.sidecar.datasources.annotations | indent 4 }} +{{- end }} + labels: + {{ $.Values.grafana.sidecar.datasources.label }}: "1" + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + datasource.yaml: |- + apiVersion: 1 + datasources: +{{- $scrapeInterval := .Values.grafana.sidecar.datasources.defaultDatasourceScrapeInterval | default .Values.prometheus.prometheusSpec.scrapeInterval | default "30s" }} +{{- if .Values.grafana.sidecar.datasources.defaultDatasourceEnabled }} + - name: Prometheus + type: prometheus + url: http://{{ template "kube-prometheus-stack.fullname" . }}-prometheus:{{ .Values.prometheus.service.port }}/{{ trimPrefix "/" .Values.prometheus.prometheusSpec.routePrefix }} + access: proxy + isDefault: true + jsonData: + timeInterval: {{ $scrapeInterval }} +{{- if .Values.grafana.sidecar.datasources.createPrometheusReplicasDatasources }} +{{- range until (int .Values.prometheus.prometheusSpec.replicas) }} + - name: Prometheus-{{ . }} + type: prometheus + url: http://prometheus-{{ template "kube-prometheus-stack.fullname" $ }}-prometheus-{{ . }}.prometheus-operated:9090/{{ trimPrefix "/" $.Values.prometheus.prometheusSpec.routePrefix }} + access: proxy + isDefault: false + jsonData: + timeInterval: {{ $scrapeInterval }} +{{- end }} +{{- end }} +{{- end }} +{{- if .Values.grafana.additionalDataSources }} +{{ tpl (toYaml .Values.grafana.additionalDataSources | indent 4) . }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/apiserver.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/apiserver.yaml new file mode 100755 index 000000000..efed40873 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/apiserver.yaml @@ -0,0 +1,1747 @@ +{{- /* +Generated from 'apiserver' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled .Values.kubeApiServer.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "apiserver" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + apiserver.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + + ] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "panels": [ + { + "content": "The SLO (service level objective) and other metrics displayed on this dashboard are for informational purposes only.", + "datasource": null, + "description": "The SLO (service level objective) and other metrics displayed on this dashboard are for informational purposes only.", + "gridPos": { + "h": 2, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 2, + "mode": "markdown", + "span": 12, + "title": "Notice", + "type": "text" + } + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "decimals": 3, + "description": "How many percent of requests (both read and write) in 30 days have been answered successfully and fast enough?", + "format": "percentunit", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 3, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 4, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "apiserver_request:availability30d{verb=\"all\", cluster=\"$cluster\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Availability (30d) > 99.000%", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "avg" + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "decimals": 3, + "description": "How much error budget is left looking at our 0.990% availability guarantees?", + "fill": 10, + "fillGradient": 0, + "gridPos": { + + }, + "id": 4, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 8, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "100 * (apiserver_request:availability30d{verb=\"all\", cluster=\"$cluster\"} - 0.990000)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "errorbudget", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "ErrorBudget (30d) > 99.000%", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "decimals": 3, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "decimals": 3, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "decimals": 3, + "description": "How many percent of read requests (LIST,GET) in 30 days have been answered successfully and fast enough?", + "format": "percentunit", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 5, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "apiserver_request:availability30d{verb=\"read\", cluster=\"$cluster\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Read Availability (30d)", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "avg" + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "How many read requests (LIST,GET) per second do the apiservers get by code?", + "fill": 10, + "fillGradient": 0, + "gridPos": { + + }, + "id": 6, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + { + "alias": "/2../i", + "color": "#56A64B" + }, + { + "alias": "/3../i", + "color": "#F2CC0C" + }, + { + "alias": "/4../i", + "color": "#3274D9" + }, + { + "alias": "/5../i", + "color": "#E02F44" + } + ], + "spaceLength": 10, + "span": 3, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (code) (code_resource:apiserver_request_total:rate5m{verb=\"read\", cluster=\"$cluster\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}} code {{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Read SLI - Requests", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "reqps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "reqps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "How many percent of read requests (LIST,GET) per second are returned with errors (5xx)?", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 7, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (resource) (code_resource:apiserver_request_total:rate5m{verb=\"read\",code=~\"5..\", cluster=\"$cluster\"}) / sum by (resource) (code_resource:apiserver_request_total:rate5m{verb=\"read\", cluster=\"$cluster\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}} resource {{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Read SLI - Errors", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "How many seconds is the 99th percentile for reading (LIST|GET) a given resource?", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 8, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "cluster_quantile:apiserver_request_duration_seconds:histogram_quantile{verb=\"read\", cluster=\"$cluster\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}} resource {{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Read SLI - Duration", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "decimals": 3, + "description": "How many percent of write requests (POST|PUT|PATCH|DELETE) in 30 days have been answered successfully and fast enough?", + "format": "percentunit", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 9, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "apiserver_request:availability30d{verb=\"write\", cluster=\"$cluster\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Write Availability (30d)", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "avg" + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "How many write requests (POST|PUT|PATCH|DELETE) per second do the apiservers get by code?", + "fill": 10, + "fillGradient": 0, + "gridPos": { + + }, + "id": 10, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + { + "alias": "/2../i", + "color": "#56A64B" + }, + { + "alias": "/3../i", + "color": "#F2CC0C" + }, + { + "alias": "/4../i", + "color": "#3274D9" + }, + { + "alias": "/5../i", + "color": "#E02F44" + } + ], + "spaceLength": 10, + "span": 3, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (code) (code_resource:apiserver_request_total:rate5m{verb=\"write\", cluster=\"$cluster\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}} code {{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Write SLI - Requests", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "reqps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "reqps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "How many percent of write requests (POST|PUT|PATCH|DELETE) per second are returned with errors (5xx)?", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 11, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (resource) (code_resource:apiserver_request_total:rate5m{verb=\"write\",code=~\"5..\", cluster=\"$cluster\"}) / sum by (resource) (code_resource:apiserver_request_total:rate5m{verb=\"write\", cluster=\"$cluster\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}} resource {{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Write SLI - Errors", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "How many seconds is the 99th percentile for writing (POST|PUT|PATCH|DELETE) a given resource?", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 12, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "cluster_quantile:apiserver_request_duration_seconds:histogram_quantile{verb=\"write\", cluster=\"$cluster\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}} resource {{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Write SLI - Duration", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 13, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": false, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(workqueue_adds_total{job=\"apiserver\", instance=~\"$instance\", cluster=\"$cluster\"}[5m])) by (instance, name)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}name{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Work Queue Add Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 14, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": false, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(workqueue_depth{job=\"apiserver\", instance=~\"$instance\", cluster=\"$cluster\"}[5m])) by (instance, name)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}name{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Work Queue Depth", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 15, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(workqueue_queue_duration_seconds_bucket{job=\"apiserver\", instance=~\"$instance\", cluster=\"$cluster\"}[5m])) by (instance, name, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}name{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Work Queue Latency", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 16, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "process_resident_memory_bytes{job=\"apiserver\",instance=~\"$instance\", cluster=\"$cluster\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 17, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(process_cpu_seconds_total{job=\"apiserver\",instance=~\"$instance\", cluster=\"$cluster\"}[5m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 18, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "go_goroutines{job=\"apiserver\",instance=~\"$instance\", cluster=\"$cluster\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Goroutines", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(apiserver_request_total, cluster)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "instance", + "options": [ + + ], + "query": "label_values(apiserver_request_total{job=\"apiserver\", cluster=\"$cluster\"}, instance)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / API server", + "uid": "09ec8aa1e996d6ffcd6817bbaff4db1b", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/cluster-total.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/cluster-total.yaml new file mode 100755 index 000000000..fde561c82 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/cluster-total.yaml @@ -0,0 +1,1882 @@ +{{- /* +Generated from 'cluster-total' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "cluster-total" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + cluster-total.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "panels": [ + { + "collapse": false, + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 2, + "panels": [ + + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Current Bandwidth", + "titleSize": "h6", + "type": "row" + }, + { + "aliasColors": { + + }, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 1 + }, + "id": 3, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Rate of Bytes Received", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 1 + }, + "id": 4, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Rate of Bytes Transmitted", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "columns": [ + { + "text": "Time", + "value": "Time" + }, + { + "text": "Value #A", + "value": "Value #A" + }, + { + "text": "Value #B", + "value": "Value #B" + }, + { + "text": "Value #C", + "value": "Value #C" + }, + { + "text": "Value #D", + "value": "Value #D" + }, + { + "text": "Value #E", + "value": "Value #E" + }, + { + "text": "Value #F", + "value": "Value #F" + }, + { + "text": "Value #G", + "value": "Value #G" + }, + { + "text": "Value #H", + "value": "Value #H" + }, + { + "text": "namespace", + "value": "namespace" + } + ], + "datasource": "$datasource", + "fill": 1, + "fontSize": "90%", + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 10 + }, + "id": 5, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null as zero", + "renderer": "flot", + "scroll": true, + "showHeader": true, + "sort": { + "col": 0, + "desc": false + }, + "spaceLength": 10, + "span": 24, + "styles": [ + { + "alias": "Time", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Time", + "thresholds": [ + + ], + "type": "hidden", + "unit": "short" + }, + { + "alias": "Current Bandwidth Received", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Current Bandwidth Transmitted", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Average Bandwidth Received", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Average Bandwidth Transmitted", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Rate of Received Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Received Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #G", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #H", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Namespace", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTooltip": "Drill down", + "linkUrl": "d/8b7a8b326d7a6f1f04244066368c67af/kubernetes-networking-namespace-pods?orgId=1&refresh=30s&var-namespace=$__cell", + "pattern": "namespace", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + }, + { + "expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "G", + "step": 10 + }, + { + "expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "H", + "step": 10 + } + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Status", + "type": "table" + }, + { + "collapse": true, + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 10 + }, + "id": 6, + "panels": [ + { + "aliasColors": { + + }, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 11 + }, + "id": 7, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Average Rate of Bytes Received", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 11 + }, + "id": 8, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Average Rate of Bytes Transmitted", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Average Bandwidth", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 11 + }, + "id": 9, + "panels": [ + + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Bandwidth History", + "titleSize": "h6", + "type": "row" + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 12 + }, + "id": 10, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": true, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Receive Bandwidth", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 21 + }, + "id": 11, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": true, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Transmit Bandwidth", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "collapse": true, + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 30 + }, + "id": 12, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 31 + }, + "id": 13, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": true, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 40 + }, + "id": 14, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": true, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Packets", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": true, + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 31 + }, + "id": 15, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 50 + }, + "id": 16, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": true, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets Dropped", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 59 + }, + "id": 17, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": true, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets Dropped", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 59 + }, + "id": 18, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": true, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [ + { + "targetBlank": true, + "title": "What is TCP Retransmit?", + "url": "https://accedian.com/enterprises/blog/network-packet-loss-retransmissions-and-duplicate-acknowledgements/" + } + ], + "minSpan": 24, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(rate(node_netstat_Tcp_RetransSegs{cluster=\"$cluster\"}[$interval:$resolution]) / rate(node_netstat_Tcp_OutSegs{cluster=\"$cluster\"}[$interval:$resolution])) by (instance))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of TCP Retransmits out of all sent segments", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 59 + }, + "id": 19, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": true, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [ + { + "targetBlank": true, + "title": "Why monitor SYN retransmits?", + "url": "https://github.com/prometheus/node_exporter/issues/1023#issuecomment-408128365" + } + ], + "minSpan": 24, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(rate(node_netstat_TcpExt_TCPSynRetrans{cluster=\"$cluster\"}[$interval:$resolution]) / rate(node_netstat_Tcp_RetransSegs{cluster=\"$cluster\"}[$interval:$resolution])) by (instance))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of TCP SYN Retransmits out of all retransmits", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Errors", + "titleSize": "h6", + "type": "row" + } + ], + "refresh": "10s", + "rows": [ + + ], + "schemaVersion": 18, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "5m", + "value": "5m" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "resolution", + "options": [ + { + "selected": false, + "text": "30s", + "value": "30s" + }, + { + "selected": true, + "text": "5m", + "value": "5m" + }, + { + "selected": false, + "text": "1h", + "value": "1h" + } + ], + "query": "30s,5m,1h", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "interval", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "5m", + "value": "5m" + }, + "datasource": "$datasource", + "hide": 2, + "includeAll": false, + "label": null, + "multi": false, + "name": "interval", + "options": [ + { + "selected": true, + "text": "4h", + "value": "4h" + } + ], + "query": "4h", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "interval", + "useTags": false + }, + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 1, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Networking / Cluster", + "uid": "ff635a025bcfea7bc3dd4f508990a3e9", + "version": 0 + } +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/controller-manager.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/controller-manager.yaml new file mode 100755 index 000000000..675cbe618 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/controller-manager.yaml @@ -0,0 +1,1153 @@ +{{- /* +Generated from 'controller-manager' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +{{- if (include "exporter.kubeControllerManager.enabled" .)}} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "controller-manager" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + controller-manager.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + + ] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 2, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 2, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(up{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Up", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "min" + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 3, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(workqueue_adds_total{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\"}[5m])) by (instance, name)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}name{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Work Queue Add Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 4, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(workqueue_depth{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\"}[5m])) by (instance, name)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}name{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Work Queue Depth", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 5, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(workqueue_queue_duration_seconds_bucket{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\"}[5m])) by (instance, name, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}name{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Work Queue Latency", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 6, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(rest_client_requests_total{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\",code=~\"2..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "2xx", + "refId": "A" + }, + { + "expr": "sum(rate(rest_client_requests_total{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\",code=~\"3..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "3xx", + "refId": "B" + }, + { + "expr": "sum(rate(rest_client_requests_total{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\",code=~\"4..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "4xx", + "refId": "C" + }, + { + "expr": "sum(rate(rest_client_requests_total{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\",code=~\"5..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "5xx", + "refId": "D" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Kube API Request Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 7, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 8, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\", verb=\"POST\"}[5m])) by (verb, url, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Post Request Latency 99th Quantile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 8, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\", verb=\"GET\"}[5m])) by (verb, url, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Get Request Latency 99th Quantile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 9, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "process_resident_memory_bytes{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\",instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 10, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(process_cpu_seconds_total{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\",instance=~\"$instance\"}[5m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 11, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "go_goroutines{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\",instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Goroutines", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "instance", + "options": [ + + ], + "query": "label_values(process_cpu_seconds_total{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\"}, instance)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Controller Manager", + "uid": "72e0e05bef5099e5f049b05fdc429ed4", + "version": 0 + } +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/etcd.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/etcd.yaml new file mode 100755 index 000000000..78f230581 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/etcd.yaml @@ -0,0 +1,1118 @@ +{{- /* +Generated from 'etcd' from https://raw.githubusercontent.com/etcd-io/website/master/content/docs/current/op-guide/grafana.json +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +{{- if (include "exporter.kubeEtcd.enabled" .)}} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "etcd" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + etcd.json: |- + { + "annotations": { + "list": [] + }, + "description": "etcd sample Grafana dashboard with Prometheus", + "editable": true, + "gnetId": null, + "hideControls": false, + "links": [], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "editable": true, + "height": "250px", + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "datasource": "$datasource", + "editable": true, + "error": false, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "id": 28, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "targets": [ + { + "expr": "sum(etcd_server_has_leader{job=\"$cluster\"})", + "intervalFactor": 2, + "legendFormat": "", + "metric": "etcd_server_has_leader", + "refId": "A", + "step": 20 + } + ], + "thresholds": "", + "title": "Up", + "type": "singlestat", + "valueFontSize": "200%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "avg" + }, + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fill": 0, + "id": 23, + "isNew": true, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 5, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(grpc_server_started_total{job=\"$cluster\",grpc_type=\"unary\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "RPC Rate", + "metric": "grpc_server_started_total", + "refId": "A", + "step": 2 + }, + { + "expr": "sum(rate(grpc_server_handled_total{job=\"$cluster\",grpc_type=\"unary\",grpc_code!=\"OK\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "RPC Failed Rate", + "metric": "grpc_server_handled_total", + "refId": "B", + "step": 2 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "RPC Rate", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fill": 0, + "id": 41, + "isNew": true, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(grpc_server_started_total{job=\"$cluster\",grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"}) - sum(grpc_server_handled_total{job=\"$cluster\",grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"})", + "intervalFactor": 2, + "legendFormat": "Watch Streams", + "metric": "grpc_server_handled_total", + "refId": "A", + "step": 4 + }, + { + "expr": "sum(grpc_server_started_total{job=\"$cluster\",grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"}) - sum(grpc_server_handled_total{job=\"$cluster\",grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"})", + "intervalFactor": 2, + "legendFormat": "Lease Streams", + "metric": "grpc_server_handled_total", + "refId": "B", + "step": 4 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Active Streams", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "showTitle": false, + "title": "Row" + }, + { + "collapse": false, + "editable": true, + "height": "250px", + "panels": [ + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "decimals": null, + "editable": true, + "error": false, + "fill": 0, + "grid": {}, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "etcd_mvcc_db_total_size_in_bytes{job=\"$cluster\"}", + "hide": false, + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} DB Size", + "metric": "", + "refId": "A", + "step": 4 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "DB Size", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fill": 0, + "grid": {}, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 1, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 4, + "stack": false, + "steppedLine": true, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_wal_fsync_duration_seconds_bucket{job=\"$cluster\"}[5m])) by (instance, le))", + "hide": false, + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} WAL fsync", + "metric": "etcd_disk_wal_fsync_duration_seconds_bucket", + "refId": "A", + "step": 4 + }, + { + "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_backend_commit_duration_seconds_bucket{job=\"$cluster\"}[5m])) by (instance, le))", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} DB fsync", + "metric": "etcd_disk_backend_commit_duration_seconds_bucket", + "refId": "B", + "step": 4 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Disk Sync Duration", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fill": 0, + "id": 29, + "isNew": true, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "process_resident_memory_bytes{job=\"$cluster\"}", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Resident Memory", + "metric": "process_resident_memory_bytes", + "refId": "A", + "step": 4 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Memory", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "title": "New row" + }, + { + "collapse": false, + "editable": true, + "height": "250px", + "panels": [ + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fill": 5, + "id": 22, + "isNew": true, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 3, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "rate(etcd_network_client_grpc_received_bytes_total{job=\"$cluster\"}[5m])", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Client Traffic In", + "metric": "etcd_network_client_grpc_received_bytes_total", + "refId": "A", + "step": 4 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Client Traffic In", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fill": 5, + "id": 21, + "isNew": true, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 3, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "rate(etcd_network_client_grpc_sent_bytes_total{job=\"$cluster\"}[5m])", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Client Traffic Out", + "metric": "etcd_network_client_grpc_sent_bytes_total", + "refId": "A", + "step": 4 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Client Traffic Out", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fill": 0, + "id": 20, + "isNew": true, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(etcd_network_peer_received_bytes_total{job=\"$cluster\"}[5m])) by (instance)", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Peer Traffic In", + "metric": "etcd_network_peer_received_bytes_total", + "refId": "A", + "step": 4 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Peer Traffic In", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "decimals": null, + "editable": true, + "error": false, + "fill": 0, + "grid": {}, + "id": 16, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(etcd_network_peer_sent_bytes_total{job=\"$cluster\"}[5m])) by (instance)", + "hide": false, + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Peer Traffic Out", + "metric": "etcd_network_peer_sent_bytes_total", + "refId": "A", + "step": 4 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Peer Traffic Out", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "Bps", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "title": "New row" + }, + { + "collapse": false, + "editable": true, + "height": "250px", + "panels": [ + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fill": 0, + "id": 40, + "isNew": true, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(etcd_server_proposals_failed_total{job=\"$cluster\"}[5m]))", + "intervalFactor": 2, + "legendFormat": "Proposal Failure Rate", + "metric": "etcd_server_proposals_failed_total", + "refId": "A", + "step": 2 + }, + { + "expr": "sum(etcd_server_proposals_pending{job=\"$cluster\"})", + "intervalFactor": 2, + "legendFormat": "Proposal Pending Total", + "metric": "etcd_server_proposals_pending", + "refId": "B", + "step": 2 + }, + { + "expr": "sum(rate(etcd_server_proposals_committed_total{job=\"$cluster\"}[5m]))", + "intervalFactor": 2, + "legendFormat": "Proposal Commit Rate", + "metric": "etcd_server_proposals_committed_total", + "refId": "C", + "step": 2 + }, + { + "expr": "sum(rate(etcd_server_proposals_applied_total{job=\"$cluster\"}[5m]))", + "intervalFactor": 2, + "legendFormat": "Proposal Apply Rate", + "refId": "D", + "step": 2 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Raft Proposals", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "decimals": 0, + "editable": true, + "error": false, + "fill": 0, + "id": 19, + "isNew": true, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "changes(etcd_server_leader_changes_seen_total{job=\"$cluster\"}[1d])", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Total Leader Elections Per Day", + "metric": "etcd_server_leader_changes_seen_total", + "refId": "A", + "step": 2 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Total Leader Elections Per Day", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "title": "New row" + } + ], + "schemaVersion": 13, + "sharedCrosshair": false, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "current": { + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": "prod", + "value": "prod" + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [], + "query": "label_values(etcd_server_has_leader, job)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-15m", + "to": "now" + }, + "timepicker": { + "now": true, + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "browser", + "title": "etcd", + "uid": "c2f4e12cdf69feb95caa41a5a1b423d9", + "version": 215 + } +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-coredns.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-coredns.yaml new file mode 100755 index 000000000..8e4eaec61 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-coredns.yaml @@ -0,0 +1,1529 @@ +{{- /* Added manually, can be changed in-place. */ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled .Values.coreDns.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-coredns" | trunc 63 | trimSuffix "-" }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + k8s-coredns.json: |- + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "description": "A dashboard for the CoreDNS DNS server with updated metrics for version 1.7.0+. Based on the CoreDNS dashboard by buhay.", + "editable": true, + "gnetId": 12539, + "graphTooltip": 0, + "iteration": 1603798405693, + "links": [ + { + "icon": "external link", + "tags": [], + "targetBlank": true, + "title": "CoreDNS.io", + "type": "link", + "url": "https://coredns.io" + } + ], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.2.0", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "total", + "yaxis": 2 + } + ], + "spaceLength": 10, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(coredns_dns_request_count_total{instance=~\"$instance\"}[5m])) by (proto) or\nsum(rate(coredns_dns_requests_total{instance=~\"$instance\"}[5m])) by (proto)", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{"{{proto}}"}}", + "refId": "A", + "step": 60 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Requests (total)", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "pps", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.2.0", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "total", + "yaxis": 2 + }, + { + "alias": "other", + "yaxis": 2 + } + ], + "spaceLength": 10, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(coredns_dns_request_type_count_total{instance=~\"$instance\"}[5m])) by (type) or \nsum(rate(coredns_dns_requests_total{instance=~\"$instance\"}[5m])) by (type)", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{"{{type}}"}}", + "refId": "A", + "step": 60 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Requests (by qtype)", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "pps", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.2.0", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "total", + "yaxis": 2 + } + ], + "spaceLength": 10, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(coredns_dns_request_count_total{instance=~\"$instance\"}[5m])) by (zone) or\nsum(rate(coredns_dns_requests_total{instance=~\"$instance\"}[5m])) by (zone)", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{"{{zone}}"}}", + "refId": "A", + "step": 60 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Requests (by zone)", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "pps", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.2.0", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "total", + "yaxis": 2 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(coredns_dns_request_do_count_total{instance=~\"$instance\"}[5m])) or\nsum(rate(coredns_dns_do_requests_total{instance=~\"$instance\"}[5m]))", + "interval": "", + "intervalFactor": 2, + "legendFormat": "DO", + "refId": "A", + "step": 40 + }, + { + "expr": "sum(rate(coredns_dns_request_count_total{instance=~\"$instance\"}[5m])) or\nsum(rate(coredns_dns_requests_total{instance=~\"$instance\"}[5m]))", + "interval": "", + "intervalFactor": 2, + "legendFormat": "total", + "refId": "B", + "step": 40 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Requests (DO bit)", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "pps", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 6, + "x": 12, + "y": 7 + }, + "hiddenSeries": false, + "id": 10, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.2.0", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "tcp:90", + "yaxis": 2 + }, + { + "alias": "tcp:99 ", + "yaxis": 2 + }, + { + "alias": "tcp:50", + "yaxis": 2 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(coredns_dns_request_size_bytes_bucket{instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto))", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{"{{proto}}"}}:99 ", + "refId": "A", + "step": 60 + }, + { + "expr": "histogram_quantile(0.90, sum(rate(coredns_dns_request_size_bytes_bucket{instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto))", + "intervalFactor": 2, + "legendFormat": "{{"{{proto}}"}}:90", + "refId": "B", + "step": 60 + }, + { + "expr": "histogram_quantile(0.50, sum(rate(coredns_dns_request_size_bytes_bucket{instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto))", + "intervalFactor": 2, + "legendFormat": "{{"{{proto}}"}}:50", + "refId": "C", + "step": 60 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Requests (size, udp)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 6, + "x": 18, + "y": 7 + }, + "hiddenSeries": false, + "id": 12, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.2.0", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "tcp:90", + "yaxis": 1 + }, + { + "alias": "tcp:99 ", + "yaxis": 1 + }, + { + "alias": "tcp:50", + "yaxis": 1 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(coredns_dns_request_size_bytes_bucket{instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto))", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{"{{proto}}"}}:99 ", + "refId": "A", + "step": 60 + }, + { + "expr": "histogram_quantile(0.90, sum(rate(coredns_dns_request_size_bytes_bucket{instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto))", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{"{{proto}}"}}:90", + "refId": "B", + "step": 60 + }, + { + "expr": "histogram_quantile(0.50, sum(rate(coredns_dns_request_size_bytes_bucket{instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto))", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{"{{proto}}"}}:50", + "refId": "C", + "step": 60 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Requests (size,tcp)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 14 + }, + "hiddenSeries": false, + "id": 14, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.2.0", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(coredns_dns_response_rcode_count_total{instance=~\"$instance\"}[5m])) by (rcode) or\nsum(rate(coredns_dns_responses_total{instance=~\"$instance\"}[5m])) by (rcode)", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{"{{rcode}}"}}", + "refId": "A", + "step": 40 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Responses (by rcode)", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "pps", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 14 + }, + "hiddenSeries": false, + "id": 32, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.2.0", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(coredns_dns_request_duration_seconds_bucket{instance=~\"$instance\"}[5m])) by (le, job))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "99%", + "refId": "A", + "step": 40 + }, + { + "expr": "histogram_quantile(0.90, sum(rate(coredns_dns_request_duration_seconds_bucket{instance=~\"$instance\"}[5m])) by (le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "90%", + "refId": "B", + "step": 40 + }, + { + "expr": "histogram_quantile(0.50, sum(rate(coredns_dns_request_duration_seconds_bucket{instance=~\"$instance\"}[5m])) by (le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "50%", + "refId": "C", + "step": 40 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Responses (duration)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 21 + }, + "hiddenSeries": false, + "id": 18, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.2.0", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "udp:50%", + "yaxis": 1 + }, + { + "alias": "tcp:50%", + "yaxis": 2 + }, + { + "alias": "tcp:90%", + "yaxis": 2 + }, + { + "alias": "tcp:99%", + "yaxis": 2 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(coredns_dns_response_size_bytes_bucket{instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto)) ", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{"{{proto}}"}}:99%", + "refId": "A", + "step": 40 + }, + { + "expr": "histogram_quantile(0.90, sum(rate(coredns_dns_response_size_bytes_bucket{instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto)) ", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{"{{proto}}"}}:90%", + "refId": "B", + "step": 40 + }, + { + "expr": "histogram_quantile(0.50, sum(rate(coredns_dns_response_size_bytes_bucket{instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto)) ", + "hide": false, + "intervalFactor": 2, + "legendFormat": "{{"{{proto}}"}}:50%", + "metric": "", + "refId": "C", + "step": 40 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Responses (size, udp)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 21 + }, + "hiddenSeries": false, + "id": 20, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.2.0", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "udp:50%", + "yaxis": 1 + }, + { + "alias": "tcp:50%", + "yaxis": 1 + }, + { + "alias": "tcp:90%", + "yaxis": 1 + }, + { + "alias": "tcp:99%", + "yaxis": 1 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(coredns_dns_response_size_bytes_bucket{instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto)) ", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{"{{proto}}"}}:99%", + "refId": "A", + "step": 40 + }, + { + "expr": "histogram_quantile(0.90, sum(rate(coredns_dns_response_size_bytes_bucket{instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto)) ", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{"{{proto}}"}}:90%", + "refId": "B", + "step": 40 + }, + { + "expr": "histogram_quantile(0.50, sum(rate(coredns_dns_response_size_bytes_bucket{instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le, proto)) ", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{"{{proto}}"}}:50%", + "metric": "", + "refId": "C", + "step": 40 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Responses (size, tcp)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 28 + }, + "hiddenSeries": false, + "id": 22, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.2.0", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(coredns_cache_size{instance=~\"$instance\"}) by (type) or\nsum(coredns_cache_entries{instance=~\"$instance\"}) by (type)", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{"{{type}}"}}", + "refId": "A", + "step": 40 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Cache (size)", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "decbytes", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 28 + }, + "hiddenSeries": false, + "id": 24, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.2.0", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "misses", + "yaxis": 2 + } + ], + "spaceLength": 10, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(coredns_cache_hits_total{instance=~\"$instance\"}[5m])) by (type)", + "hide": false, + "intervalFactor": 2, + "legendFormat": "hits:{{"{{type}}"}}", + "refId": "A", + "step": 40 + }, + { + "expr": "sum(rate(coredns_cache_misses_total{instance=~\"$instance\"}[5m])) by (type)", + "hide": false, + "intervalFactor": 2, + "legendFormat": "misses", + "refId": "B", + "step": 40 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Cache (hitrate)", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "pps", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "refresh": "10s", + "schemaVersion": 26, + "style": "dark", + "tags": [ + "dns", + "coredns" + ], + "templating": { + "list": [ + { + "current": { + "selected": true, + "text": "default", + "value": "default" + }, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "datasource", + "options": [], + "query": "prometheus", + "queryValue": "", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + }, + { + "allValue": ".*", + "current": { + "selected": true, + "text": "All", + "value": "$__all" + }, + "datasource": "$datasource", + "definition": "label_values(up{job=\"coredns\"}, instance)", + "hide": 0, + "includeAll": true, + "label": "Instance", + "multi": false, + "name": "instance", + "options": [], + "query": "label_values(up{job=\"coredns\"}, instance)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 3, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-3h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "utc", + "title": "CoreDNS", + "uid": "vkQ0UHxik", + "version": 2 + } +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml new file mode 100755 index 000000000..9639fc15c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml @@ -0,0 +1,2582 @@ +{{- /* +Generated from 'k8s-resources-cluster' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-cluster" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + k8s-resources-cluster.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "100px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 1, + "interval": "1m", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 2, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - avg(rate(node_cpu_seconds_total{mode=\"idle\", cluster=\"$cluster\"}[$__rate_interval]))", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "CPU Utilisation", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 2, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable_cpu_cores{cluster=\"$cluster\"})", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "CPU Requests Commitment", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 2, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable_cpu_cores{cluster=\"$cluster\"})", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "CPU Limits Commitment", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 2, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - sum(:node_memory_MemAvailable_bytes:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable_memory_bytes{cluster=\"$cluster\"})", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "Memory Utilisation", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 2, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable_memory_bytes{cluster=\"$cluster\"})", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "Memory Requests Commitment", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 2, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable_memory_bytes{cluster=\"$cluster\"})", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "Memory Limits Commitment", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Headlines", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Pods", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down to pods", + "linkUrl": "./d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell_1", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Workloads", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down to workloads", + "linkUrl": "./d/a87fb0d919ec0ea5f6543124e16c42a5/k8s-resources-workloads-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell_1", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "CPU Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #G", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Namespace", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down to pods", + "linkUrl": "./d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell", + "pattern": "namespace", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(kube_pod_owner{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "count(avg(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\"}) by (workload, namespace)) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace) / sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace) / sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "G", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Quota", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 9, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(container_memory_rss{cluster=\"$cluster\", container!=\"\"}) by (namespace)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Usage (w/o cache)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 10, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Pods", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down to pods", + "linkUrl": "./d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell_1", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Workloads", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down to workloads", + "linkUrl": "./d/a87fb0d919ec0ea5f6543124e16c42a5/k8s-resources-workloads-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell_1", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Memory Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #G", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Namespace", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down to pods", + "linkUrl": "./d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell", + "pattern": "namespace", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(kube_pod_owner{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "count(avg(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\"}) by (workload, namespace)) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(container_memory_rss{cluster=\"$cluster\", container!=\"\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(container_memory_rss{cluster=\"$cluster\", container!=\"\"}) by (namespace) / sum(kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + }, + { + "expr": "sum(container_memory_rss{cluster=\"$cluster\", container!=\"\"}) by (namespace) / sum(kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "G", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Requests by Namespace", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Requests", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 11, + "interval": "1m", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Current Receive Bandwidth", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Current Transmit Bandwidth", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Rate of Received Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Received Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Namespace", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down to pods", + "linkUrl": "./d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell", + "pattern": "namespace", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Network Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 12, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Receive Bandwidth", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 13, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Transmit Bandwidth", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 14, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Average Container Bandwidth by Namespace: Received", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 15, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Average Container Bandwidth by Namespace: Transmitted", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 16, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 17, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 18, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets Dropped", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 19, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets Dropped", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": null, + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(node_cpu_seconds_total, cluster)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Compute Resources / Cluster", + "uid": "efa86fd1d0c121a26444b636a3f509a8", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml new file mode 100755 index 000000000..40355c6b8 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml @@ -0,0 +1,2286 @@ +{{- /* +Generated from 'k8s-resources-namespace' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-namespace" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + k8s-resources-namespace.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "100px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) / sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"})", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "CPU Utilisation (from requests)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) / sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"})", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "CPU Utilisation (from limits)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) / sum(kube_pod_container_resource_requests_memory_bytes{namespace=\"$namespace\"})", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "Memory Utilization (from requests)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) / sum(kube_pod_container_resource_limits_memory_bytes{namespace=\"$namespace\"})", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "Memory Utilisation (from limits)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Headlines", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "quota - requests", + "color": "#F2495C", + "dashes": true, + "fill": 0, + "hideTooltip": true, + "legend": false, + "linewidth": 2, + "stack": false + }, + { + "alias": "quota - limits", + "color": "#FF9830", + "dashes": true, + "fill": 0, + "hideTooltip": true, + "legend": false, + "linewidth": 2, + "stack": false + } + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"requests.cpu\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "quota - requests", + "legendLink": null, + "step": 10 + }, + { + "expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"limits.cpu\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "quota - limits", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "CPU Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "CPU Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", + "pattern": "pod", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Quota", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "quota - requests", + "color": "#F2495C", + "dashes": true, + "fill": 0, + "hideTooltip": true, + "legend": false, + "linewidth": 2, + "stack": false + }, + { + "alias": "quota - limits", + "color": "#FF9830", + "dashes": true, + "fill": 0, + "hideTooltip": true, + "legend": false, + "linewidth": 2, + "stack": false + } + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"requests.memory\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "quota - requests", + "legendLink": null, + "step": 10 + }, + { + "expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"limits.memory\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "quota - limits", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Usage (w/o cache)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Memory Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Usage (RSS)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Usage (Cache)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #G", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Usage (Swap)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #H", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", + "pattern": "pod", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod) / sum(kube_pod_container_resource_requests_memory_bytes{namespace=\"$namespace\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod) / sum(kube_pod_container_resource_limits_memory_bytes{namespace=\"$namespace\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(container_memory_rss{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + }, + { + "expr": "sum(container_memory_cache{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "G", + "step": 10 + }, + { + "expr": "sum(container_memory_swap{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "H", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Quota", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 9, + "interval": "1m", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Current Receive Bandwidth", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Current Transmit Bandwidth", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Rate of Received Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Received Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down to pods", + "linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", + "pattern": "pod", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Network Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 10, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Receive Bandwidth", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 11, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Transmit Bandwidth", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 12, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 13, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 14, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets Dropped", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 15, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets Dropped", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": null, + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 1, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(kube_pod_info{cluster=\"$cluster\"}, namespace)", + "refresh": 1, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Compute Resources / Namespace (Pods)", + "uid": "85a562078cdf77779eaa1add43ccec1e", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-node.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-node.yaml new file mode 100755 index 000000000..ce6628ae5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-node.yaml @@ -0,0 +1,978 @@ +{{- /* +Generated from 'k8s-resources-node' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-node" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + k8s-resources-node.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "CPU Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "CPU Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "pod", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", node=~\"$node\"}) by (pod) / sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", node=~\"$node\"}) by (pod) / sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Quota", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\", container!=\"\"}) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Usage (w/o cache)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Memory Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Usage (RSS)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Usage (Cache)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #G", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Usage (Swap)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #H", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "pod", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod) / sum(kube_pod_container_resource_requests_memory_bytes{node=~\"$node\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod) / sum(kube_pod_container_resource_limits_memory_bytes{node=~\"$node\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_memory_rss{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_memory_cache{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "G", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_memory_swap{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "H", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Quota", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": null, + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 1, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": true, + "name": "node", + "options": [ + + ], + "query": "label_values(kube_pod_info{cluster=\"$cluster\"}, node)", + "refresh": 1, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Compute Resources / Node (Pods)", + "uid": "200ac8fdbfbb74b39aff88118e4d1c2c", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml new file mode 100755 index 000000000..6badcf173 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml @@ -0,0 +1,1772 @@ +{{- /* +Generated from 'k8s-resources-pod' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-pod" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + k8s-resources-pod.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "requests", + "color": "#F2495C", + "fill": 0, + "hideTooltip": true, + "legend": true, + "linewidth": 2, + "stack": false + }, + { + "alias": "limits", + "color": "#FF9830", + "fill": 0, + "hideTooltip": true, + "legend": true, + "linewidth": 2, + "stack": false + } + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{namespace=\"$namespace\", pod=\"$pod\", container!=\"POD\", cluster=\"$cluster\"}) by (container)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}container{{`}}`}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"})\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "requests", + "legendLink": null, + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"})\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "limits", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 2, + "legend": { + "avg": false, + "current": true, + "max": true, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(increase(container_cpu_cfs_throttled_periods_total{namespace=\"$namespace\", pod=\"$pod\", container!=\"POD\", container!=\"\", cluster=\"$cluster\"}[5m])) by (container) /sum(increase(container_cpu_cfs_periods_total{namespace=\"$namespace\", pod=\"$pod\", container!=\"POD\", container!=\"\", cluster=\"$cluster\"}[5m])) by (container)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}container{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + { + "colorMode": "critical", + "fill": true, + "line": true, + "op": "gt", + "value": 0.25, + "yaxis": "left" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Throttling", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Throttling", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "CPU Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "CPU Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Container", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "container", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"POD\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container) / sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container) / sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Quota", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "requests", + "color": "#F2495C", + "dashes": true, + "fill": 0, + "hideTooltip": true, + "legend": false, + "linewidth": 2, + "stack": false + }, + { + "alias": "limits", + "color": "#FF9830", + "dashes": true, + "fill": 0, + "hideTooltip": true, + "legend": false, + "linewidth": 2, + "stack": false + } + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"POD\", container!=\"\", image!=\"\"}) by (container)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}container{{`}}`}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"})\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "requests", + "legendLink": null, + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"})\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "limits", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Memory Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Usage (RSS)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Usage (Cache)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #G", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Usage (Swap)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #H", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Container", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "container", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"POD\", container!=\"\", image!=\"\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", image!=\"\"}) by (container) / sum(kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", image!=\"\"}) by (container) / sum(kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(container_memory_rss{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\", container != \"POD\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + }, + { + "expr": "sum(container_memory_cache{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\", container != \"POD\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "G", + "step": 10 + }, + { + "expr": "sum(container_memory_swap{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\", container != \"POD\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "H", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Quota", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 6, + "interval": "1m", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_bytes_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Receive Bandwidth", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 7, + "interval": "1m", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_bytes_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Transmit Bandwidth", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 8, + "interval": "1m", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_packets_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 9, + "interval": "1m", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_packets_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 10, + "interval": "1m", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_packets_dropped_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets Dropped", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 11, + "interval": "1m", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_packets_dropped_total{namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets Dropped", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": null, + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 1, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(kube_pod_info{cluster=\"$cluster\"}, namespace)", + "refresh": 1, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "pod", + "options": [ + + ], + "query": "label_values(kube_pod_info{cluster=\"$cluster\", namespace=\"$namespace\"}, pod)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Compute Resources / Pod", + "uid": "6581e46e4e5c7ba40a07646395ef7b23", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml new file mode 100755 index 000000000..931934f23 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml @@ -0,0 +1,2034 @@ +{{- /* +Generated from 'k8s-resources-workload' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-workload" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + k8s-resources-workload.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "CPU Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "CPU Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", + "pattern": "pod", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Quota", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Memory Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", + "pattern": "pod", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Quota", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 5, + "interval": "1m", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Current Receive Bandwidth", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Current Transmit Bandwidth", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Rate of Received Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Received Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", + "pattern": "pod", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Network Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Receive Bandwidth", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Transmit Bandwidth", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Average Container Bandwidth by Pod: Received", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 9, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Average Container Bandwidth by Pod: Transmitted", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 10, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 11, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 12, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets Dropped", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 13, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets Dropped", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": null, + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 1, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(kube_pod_info{cluster=\"$cluster\"}, namespace)", + "refresh": 1, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "workload", + "options": [ + + ], + "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\"}, workload)", + "refresh": 1, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "type", + "options": [ + + ], + "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\"}, workload_type)", + "refresh": 1, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Compute Resources / Workload", + "uid": "a164a7f0339f99e89cea5cb47e9be617", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml new file mode 100755 index 000000000..dd3b25065 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml @@ -0,0 +1,2195 @@ +{{- /* +Generated from 'k8s-resources-workloads-namespace' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-workloads-namespace" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + k8s-resources-workloads-namespace.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "quota - requests", + "color": "#F2495C", + "dashes": true, + "fill": 0, + "hideTooltip": true, + "legend": false, + "linewidth": 2, + "stack": false + }, + { + "alias": "quota - limits", + "color": "#FF9830", + "dashes": true, + "fill": 0, + "hideTooltip": true, + "legend": false, + "linewidth": 2, + "stack": false + } + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}workload{{`}}`}} - {{`{{`}}workload_type{{`}}`}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"requests.cpu\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "quota - requests", + "legendLink": null, + "step": 10 + }, + { + "expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"limits.cpu\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "quota - limits", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Running Pods", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "CPU Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Workload", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "./d/a164a7f0339f99e89cea5cb47e9be617/k8s-resources-workload?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-workload=$__cell&var-type=$__cell_2", + "pattern": "workload", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Workload Type", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "workload_type", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "count(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}) by (workload, workload_type)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Quota", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "quota - requests", + "color": "#F2495C", + "dashes": true, + "fill": 0, + "hideTooltip": true, + "legend": false, + "linewidth": 2, + "stack": false + }, + { + "alias": "quota - limits", + "color": "#FF9830", + "dashes": true, + "fill": 0, + "hideTooltip": true, + "legend": false, + "linewidth": 2, + "stack": false + } + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}workload{{`}}`}} - {{`{{`}}workload_type{{`}}`}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"requests.memory\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "quota - requests", + "legendLink": null, + "step": 10 + }, + { + "expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"limits.memory\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "quota - limits", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Running Pods", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Memory Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Workload", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "./d/a164a7f0339f99e89cea5cb47e9be617/k8s-resources-workload?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-workload=$__cell&var-type=$__cell_2", + "pattern": "workload", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Workload Type", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "workload_type", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "count(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}) by (workload, workload_type)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Quota", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 5, + "interval": "1m", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Current Receive Bandwidth", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Current Transmit Bandwidth", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Rate of Received Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Received Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Workload", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down to pods", + "linkUrl": "./d/a164a7f0339f99e89cea5cb47e9be617/k8s-resources-workload?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-workload=$__cell&var-type=$type", + "pattern": "workload", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Workload Type", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "workload_type", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Network Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Receive Bandwidth", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Transmit Bandwidth", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Average Container Bandwidth by Workload: Received", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 9, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Average Container Bandwidth by Workload: Transmitted", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 10, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 11, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 12, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets Dropped", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 13, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets Dropped", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "deployment", + "value": "deployment" + }, + "datasource": "$datasource", + "definition": "label_values(namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\", workload=~\".+\"}, workload_type)", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "type", + "options": [ + + ], + "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{namespace=~\"$namespace\", workload=~\".+\"}, workload_type)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": null, + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 1, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(kube_pod_info{cluster=\"$cluster\"}, namespace)", + "refresh": 1, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Compute Resources / Namespace (Workloads)", + "uid": "a87fb0d919ec0ea5f6543124e16c42a5", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/kubelet.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/kubelet.yaml new file mode 100755 index 000000000..f72ff5875 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/kubelet.yaml @@ -0,0 +1,2533 @@ +{{- /* +Generated from 'kubelet' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled .Values.kubelet.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "kubelet" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + kubelet.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + + ] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 2, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 2, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(up{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Up", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "min" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 3, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 2, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(kubelet_running_pods{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}) OR sum(kubelet_running_pod_count{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": "", + "title": "Running Pods", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "min" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 4, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 2, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(kubelet_running_containers{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}) OR sum(kubelet_running_container_count{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": "", + "title": "Running Container", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "min" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 5, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 2, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(volume_manager_total_volumes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\", state=\"actual_state_of_world\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": "", + "title": "Actual Volume Count", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "min" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 6, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 2, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(volume_manager_total_volumes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\",state=\"desired_state_of_world\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": "", + "title": "Desired Volume Count", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "min" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 7, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 2, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(rate(kubelet_node_config_error{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": "", + "title": "Config Error Count", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "min" + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 8, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(kubelet_runtime_operations_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (operation_type, instance)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_type{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Operation Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 9, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(kubelet_runtime_operations_errors_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, operation_type)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_type{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Operation Error Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 10, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(kubelet_runtime_operations_duration_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, operation_type, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_type{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Operation duration 99th quantile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 11, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(kubelet_pod_start_duration_seconds_count{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} pod", + "refId": "A" + }, + { + "expr": "sum(rate(kubelet_pod_worker_duration_seconds_count{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} worker", + "refId": "B" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Pod Start Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 12, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(kubelet_pod_start_duration_seconds_count{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} pod", + "refId": "A" + }, + { + "expr": "histogram_quantile(0.99, sum(rate(kubelet_pod_worker_duration_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} worker", + "refId": "B" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Pod Start Duration", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 13, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(storage_operation_duration_seconds_count{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, operation_name, volume_plugin)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_name{{`}}`}} {{`{{`}}volume_plugin{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Storage Operation Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 14, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(storage_operation_errors_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, operation_name, volume_plugin)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_name{{`}}`}} {{`{{`}}volume_plugin{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Storage Operation Error Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 15, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(storage_operation_duration_seconds_bucket{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[5m])) by (instance, operation_name, volume_plugin, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_name{{`}}`}} {{`{{`}}volume_plugin{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Storage Operation Duration 99th quantile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 16, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(kubelet_cgroup_manager_duration_seconds_count{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[5m])) by (instance, operation_type)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}operation_type{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Cgroup manager operation rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 17, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(kubelet_cgroup_manager_duration_seconds_bucket{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[5m])) by (instance, operation_type, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_type{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Cgroup manager 99th quantile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Pod lifecycle event generator", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 18, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(kubelet_pleg_relist_duration_seconds_count{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[5m])) by (instance)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "PLEG relist rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 19, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(kubelet_pleg_relist_interval_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "PLEG relist interval", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 20, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(kubelet_pleg_relist_duration_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "PLEG relist duration", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 21, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"2..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "2xx", + "refId": "A" + }, + { + "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"3..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "3xx", + "refId": "B" + }, + { + "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"4..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "4xx", + "refId": "C" + }, + { + "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"5..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "5xx", + "refId": "D" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "RPC Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 22, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[5m])) by (instance, verb, url, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Request duration 99th quantile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 23, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "process_resident_memory_bytes{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 24, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(process_cpu_seconds_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 25, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "go_goroutines{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Goroutines", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "instance", + "options": [ + + ], + "query": "label_values(kubelet_runtime_operations_total{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\"}, instance)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Kubelet", + "uid": "3138fa155d5915769fbded898ac09fd9", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/namespace-by-pod.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/namespace-by-pod.yaml new file mode 100755 index 000000000..20def0a8d --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/namespace-by-pod.yaml @@ -0,0 +1,1464 @@ +{{- /* +Generated from 'namespace-by-pod' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "namespace-by-pod" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + namespace-by-pod.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "panels": [ + { + "collapse": false, + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 2, + "panels": [ + + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Current Bandwidth", + "titleSize": "h6", + "type": "row" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "decimals": 0, + "format": "time_series", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 1 + }, + "height": 9, + "id": 3, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "minSpan": 12, + "nullPointMode": "connected", + "nullText": null, + "options": { + "fieldOptions": { + "calcs": [ + "last" + ], + "defaults": { + "max": 10000000000, + "min": 0, + "title": "$namespace", + "unit": "Bps" + }, + "mappings": [ + + ], + "override": { + + }, + "thresholds": [ + { + "color": "dark-green", + "index": 0, + "value": null + }, + { + "color": "dark-yellow", + "index": 1, + "value": 5000000000 + }, + { + "color": "dark-red", + "index": 2, + "value": 7000000000 + } + ], + "values": false + } + }, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 12, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution]))", + "format": "time_series", + "instant": null, + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "timeFrom": null, + "timeShift": null, + "title": "Current Rate of Bytes Received", + "type": "gauge", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "decimals": 0, + "format": "time_series", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 1 + }, + "height": 9, + "id": 4, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "minSpan": 12, + "nullPointMode": "connected", + "nullText": null, + "options": { + "fieldOptions": { + "calcs": [ + "last" + ], + "defaults": { + "max": 10000000000, + "min": 0, + "title": "$namespace", + "unit": "Bps" + }, + "mappings": [ + + ], + "override": { + + }, + "thresholds": [ + { + "color": "dark-green", + "index": 0, + "value": null + }, + { + "color": "dark-yellow", + "index": 1, + "value": 5000000000 + }, + { + "color": "dark-red", + "index": 2, + "value": 7000000000 + } + ], + "values": false + } + }, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 12, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution]))", + "format": "time_series", + "instant": null, + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "timeFrom": null, + "timeShift": null, + "title": "Current Rate of Bytes Transmitted", + "type": "gauge", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "columns": [ + { + "text": "Time", + "value": "Time" + }, + { + "text": "Value #A", + "value": "Value #A" + }, + { + "text": "Value #B", + "value": "Value #B" + }, + { + "text": "Value #C", + "value": "Value #C" + }, + { + "text": "Value #D", + "value": "Value #D" + }, + { + "text": "Value #E", + "value": "Value #E" + }, + { + "text": "Value #F", + "value": "Value #F" + }, + { + "text": "pod", + "value": "pod" + } + ], + "datasource": "$datasource", + "fill": 1, + "fontSize": "100%", + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 10 + }, + "id": 5, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null as zero", + "renderer": "flot", + "scroll": true, + "showHeader": true, + "sort": { + "col": 0, + "desc": false + }, + "spaceLength": 10, + "span": 24, + "styles": [ + { + "alias": "Time", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Time", + "thresholds": [ + + ], + "type": "hidden", + "unit": "short" + }, + { + "alias": "Bandwidth Received", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Bandwidth Transmitted", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Rate of Received Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Received Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTooltip": "Drill down", + "linkUrl": "d/7a18067ce943a40ae25454675c19ff5c/kubernetes-networking-pod?orgId=1&refresh=30s&var-namespace=$namespace&var-pod=$__cell", + "pattern": "pod", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + } + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Status", + "type": "table" + }, + { + "collapse": false, + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 19 + }, + "id": 6, + "panels": [ + + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Bandwidth", + "titleSize": "h6", + "type": "row" + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 20 + }, + "id": 7, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Receive Bandwidth", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 20 + }, + "id": 8, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Transmit Bandwidth", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "collapse": true, + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 29 + }, + "id": 9, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 30 + }, + "id": 10, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 30 + }, + "id": 11, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Packets", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": true, + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 30 + }, + "id": 12, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 40 + }, + "id": 13, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets Dropped", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 40 + }, + "id": 14, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets Dropped", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Errors", + "titleSize": "h6", + "type": "row" + } + ], + "refresh": "10s", + "rows": [ + + ], + "schemaVersion": 18, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 1, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": ".+", + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "kube-system", + "value": "kube-system" + }, + "datasource": "$datasource", + "definition": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "5m", + "value": "5m" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "resolution", + "options": [ + { + "selected": false, + "text": "30s", + "value": "30s" + }, + { + "selected": true, + "text": "5m", + "value": "5m" + }, + { + "selected": false, + "text": "1h", + "value": "1h" + } + ], + "query": "30s,5m,1h", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "interval", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "5m", + "value": "5m" + }, + "datasource": "$datasource", + "hide": 2, + "includeAll": false, + "label": null, + "multi": false, + "name": "interval", + "options": [ + { + "selected": true, + "text": "4h", + "value": "4h" + } + ], + "query": "4h", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "interval", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Networking / Namespace (Pods)", + "uid": "8b7a8b326d7a6f1f04244066368c67af", + "version": 0 + } +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/namespace-by-workload.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/namespace-by-workload.yaml new file mode 100755 index 000000000..adecffa09 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/namespace-by-workload.yaml @@ -0,0 +1,1736 @@ +{{- /* +Generated from 'namespace-by-workload' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "namespace-by-workload" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + namespace-by-workload.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "panels": [ + { + "collapse": false, + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 2, + "panels": [ + + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Current Bandwidth", + "titleSize": "h6", + "type": "row" + }, + { + "aliasColors": { + + }, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 1 + }, + "id": 3, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}} workload {{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Rate of Bytes Received", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 1 + }, + "id": 4, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}} workload {{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Rate of Bytes Transmitted", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "columns": [ + { + "text": "Time", + "value": "Time" + }, + { + "text": "Value #A", + "value": "Value #A" + }, + { + "text": "Value #B", + "value": "Value #B" + }, + { + "text": "Value #C", + "value": "Value #C" + }, + { + "text": "Value #D", + "value": "Value #D" + }, + { + "text": "Value #E", + "value": "Value #E" + }, + { + "text": "Value #F", + "value": "Value #F" + }, + { + "text": "Value #G", + "value": "Value #G" + }, + { + "text": "Value #H", + "value": "Value #H" + }, + { + "text": "workload", + "value": "workload" + } + ], + "datasource": "$datasource", + "fill": 1, + "fontSize": "90%", + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 10 + }, + "id": 5, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null as zero", + "renderer": "flot", + "scroll": true, + "showHeader": true, + "sort": { + "col": 0, + "desc": false + }, + "spaceLength": 10, + "span": 24, + "styles": [ + { + "alias": "Time", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Time", + "thresholds": [ + + ], + "type": "hidden", + "unit": "short" + }, + { + "alias": "Current Bandwidth Received", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Current Bandwidth Transmitted", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Average Bandwidth Received", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Average Bandwidth Transmitted", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Rate of Received Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Received Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #G", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #H", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Workload", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTooltip": "Drill down", + "linkUrl": "d/728bf77cc1166d2f3133bf25846876cc/kubernetes-networking-workload?orgId=1&refresh=30s&var-namespace=$namespace&var-type=$type&var-workload=$__cell", + "pattern": "workload", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + }, + { + "expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "G", + "step": 10 + }, + { + "expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "H", + "step": 10 + } + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Status", + "type": "table" + }, + { + "collapse": true, + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 19 + }, + "id": 6, + "panels": [ + { + "aliasColors": { + + }, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 20 + }, + "id": 7, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}} workload {{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Average Rate of Bytes Received", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 20 + }, + "id": 8, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}} workload {{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Average Rate of Bytes Transmitted", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Average Bandwidth", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 29 + }, + "id": 9, + "panels": [ + + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Bandwidth HIstory", + "titleSize": "h6", + "type": "row" + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 38 + }, + "id": 10, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Receive Bandwidth", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 38 + }, + "id": 11, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Transmit Bandwidth", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "collapse": true, + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 39 + }, + "id": 12, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 40 + }, + "id": 13, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 40 + }, + "id": 14, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Packets", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": true, + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 40 + }, + "id": 15, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 41 + }, + "id": 16, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets Dropped", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 41 + }, + "id": 17, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets Dropped", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Errors", + "titleSize": "h6", + "type": "row" + } + ], + "refresh": "10s", + "rows": [ + + ], + "schemaVersion": 18, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 1, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "kube-system", + "value": "kube-system" + }, + "datasource": "$datasource", + "definition": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "deployment", + "value": "deployment" + }, + "datasource": "$datasource", + "definition": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\"}, workload_type)", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "type", + "options": [ + + ], + "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\"}, workload_type)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "5m", + "value": "5m" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "resolution", + "options": [ + { + "selected": false, + "text": "30s", + "value": "30s" + }, + { + "selected": true, + "text": "5m", + "value": "5m" + }, + { + "selected": false, + "text": "1h", + "value": "1h" + } + ], + "query": "30s,5m,1h", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "interval", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "5m", + "value": "5m" + }, + "datasource": "$datasource", + "hide": 2, + "includeAll": false, + "label": null, + "multi": false, + "name": "interval", + "options": [ + { + "selected": true, + "text": "4h", + "value": "4h" + } + ], + "query": "4h", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "interval", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Networking / Namespace (Workload)", + "uid": "bbb2a765a623ae38130206c7d94a160f", + "version": 0 + } +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml new file mode 100755 index 000000000..7ef72f97a --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml @@ -0,0 +1,964 @@ +{{- /* +Generated from 'node-cluster-rsrc-use' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled .Values.nodeExporter.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "node-cluster-rsrc-use" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + node-cluster-rsrc-use.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(\n instance:node_cpu_utilisation:rate1m{job=\"node-exporter\"}\n*\n instance:node_num_cpu:sum{job=\"node-exporter\"}\n)\n/ scalar(sum(instance:node_num_cpu:sum{job=\"node-exporter\"}))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "legendLink": "/dashboard/file/node-rsrc-use.json", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Utilisation", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "instance:node_load1_per_cpu:ratio{job=\"node-exporter\"}\n/ scalar(count(instance:node_load1_per_cpu:ratio{job=\"node-exporter\"}))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "legendLink": "/dashboard/file/node-rsrc-use.json", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Saturation (load1 per CPU)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "instance:node_memory_utilisation:ratio{job=\"node-exporter\"}\n/ scalar(count(instance:node_memory_utilisation:ratio{job=\"node-exporter\"}))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "legendLink": "/dashboard/file/node-rsrc-use.json", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Utilisation", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "instance:node_vmstat_pgmajfault:rate1m{job=\"node-exporter\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "legendLink": "/dashboard/file/node-rsrc-use.json", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Saturation (Major Page Faults)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "rps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/ Receive/", + "stack": "A" + }, + { + "alias": "/ Transmit/", + "stack": "B", + "transform": "negative-Y" + } + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "instance:node_network_receive_bytes_excluding_lo:rate1m{job=\"node-exporter\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Receive", + "legendLink": "/dashboard/file/node-rsrc-use.json", + "step": 10 + }, + { + "expr": "instance:node_network_transmit_bytes_excluding_lo:rate1m{job=\"node-exporter\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Transmit", + "legendLink": "/dashboard/file/node-rsrc-use.json", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Net Utilisation (Bytes Receive/Transmit)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/ Receive/", + "stack": "A" + }, + { + "alias": "/ Transmit/", + "stack": "B", + "transform": "negative-Y" + } + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "instance:node_network_receive_drop_excluding_lo:rate1m{job=\"node-exporter\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Receive", + "legendLink": "/dashboard/file/node-rsrc-use.json", + "step": 10 + }, + { + "expr": "instance:node_network_transmit_drop_excluding_lo:rate1m{job=\"node-exporter\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Transmit", + "legendLink": "/dashboard/file/node-rsrc-use.json", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Net Saturation (Drops Receive/Transmit)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "rps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "instance_device:node_disk_io_time_seconds:rate1m{job=\"node-exporter\"}\n/ scalar(count(instance_device:node_disk_io_time_seconds:rate1m{job=\"node-exporter\"}))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}device{{`}}`}}", + "legendLink": "/dashboard/file/node-rsrc-use.json", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk IO Utilisation", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "instance_device:node_disk_io_time_weighted_seconds:rate1m{job=\"node-exporter\"}\n/ scalar(count(instance_device:node_disk_io_time_weighted_seconds:rate1m{job=\"node-exporter\"}))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}device{{`}}`}}", + "legendLink": "/dashboard/file/node-rsrc-use.json", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk IO Saturation", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Disk IO", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 9, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum without (device) (\n max without (fstype, mountpoint) (\n node_filesystem_size_bytes{job=\"node-exporter\", fstype!=\"\"} - node_filesystem_avail_bytes{job=\"node-exporter\", fstype!=\"\"}\n )\n) \n/ scalar(sum(max without (fstype, mountpoint) (node_filesystem_size_bytes{job=\"node-exporter\", fstype!=\"\"})))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "legendLink": "/dashboard/file/node-rsrc-use.json", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk Space Utilisation", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Disk Space", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "utc", + "title": "USE Method / Cluster", + "uid": "", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/node-rsrc-use.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/node-rsrc-use.yaml new file mode 100755 index 000000000..9defce091 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/node-rsrc-use.yaml @@ -0,0 +1,991 @@ +{{- /* +Generated from 'node-rsrc-use' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled .Values.nodeExporter.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "node-rsrc-use" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + node-rsrc-use.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "instance:node_cpu_utilisation:rate1m{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Utilisation", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Utilisation", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "instance:node_load1_per_cpu:ratio{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Saturation", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Saturation (Load1 per CPU)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "instance:node_memory_utilisation:ratio{job=\"node-exporter\", job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Memory", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Utilisation", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "instance:node_vmstat_pgmajfault:rate1m{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Major page faults", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Saturation (Major Page Faults)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Receive/", + "stack": "A" + }, + { + "alias": "/Transmit/", + "stack": "B", + "transform": "negative-Y" + } + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "instance:node_network_receive_bytes_excluding_lo:rate1m{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Receive", + "legendLink": null, + "step": 10 + }, + { + "expr": "instance:node_network_transmit_bytes_excluding_lo:rate1m{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Transmit", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Net Utilisation (Bytes Receive/Transmit)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Receive/", + "stack": "A" + }, + { + "alias": "/Transmit/", + "stack": "B", + "transform": "negative-Y" + } + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "instance:node_network_receive_drop_excluding_lo:rate1m{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Receive drops", + "legendLink": null, + "step": 10 + }, + { + "expr": "instance:node_network_transmit_drop_excluding_lo:rate1m{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Transmit drops", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Net Saturation (Drops Receive/Transmit)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "rps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Net", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "instance_device:node_disk_io_time_seconds:rate1m{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}device{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk IO Utilisation", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "instance_device:node_disk_io_time_weighted_seconds:rate1m{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}device{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk IO Saturation", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Disk IO", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 9, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 -\n(\n max without (mountpoint, fstype) (node_filesystem_avail_bytes{job=\"node-exporter\", fstype!=\"\", instance=\"$instance\"})\n/\n max without (mountpoint, fstype) (node_filesystem_size_bytes{job=\"node-exporter\", fstype!=\"\", instance=\"$instance\"})\n)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}device{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk Space Utilisation", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Disk Space", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": "prod", + "value": "prod" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "instance", + "multi": false, + "name": "instance", + "options": [ + + ], + "query": "label_values(up{job=\"node-exporter\"}, instance)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "utc", + "title": "USE Method / Node", + "uid": "", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/nodes.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/nodes.yaml new file mode 100755 index 000000000..8c67344c4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/nodes.yaml @@ -0,0 +1,997 @@ +{{- /* +Generated from 'nodes' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "nodes" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + nodes.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + + ] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "refresh": "", + "rows": [ + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 2, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(\n (1 - rate(node_cpu_seconds_total{job=\"node-exporter\", mode=\"idle\", instance=\"$instance\"}[$__interval]))\n/ ignoring(cpu) group_left\n count without (cpu)( node_cpu_seconds_total{job=\"node-exporter\", mode=\"idle\", instance=\"$instance\"})\n)\n", + "format": "time_series", + "interval": "1m", + "intervalFactor": 5, + "legendFormat": "{{`{{`}}cpu{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": 1, + "min": 0, + "show": true + }, + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": 1, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 0, + "fillGradient": 0, + "gridPos": { + + }, + "id": 3, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "node_load1{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "1m load average", + "refId": "A" + }, + { + "expr": "node_load5{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "5m load average", + "refId": "B" + }, + { + "expr": "node_load15{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "15m load average", + "refId": "C" + }, + { + "expr": "count(node_cpu_seconds_total{job=\"node-exporter\", instance=\"$instance\", mode=\"idle\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "logical cores", + "refId": "D" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Load Average", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 4, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 9, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(\n node_memory_MemTotal_bytes{job=\"node-exporter\", instance=\"$instance\"}\n-\n node_memory_MemFree_bytes{job=\"node-exporter\", instance=\"$instance\"}\n-\n node_memory_Buffers_bytes{job=\"node-exporter\", instance=\"$instance\"}\n-\n node_memory_Cached_bytes{job=\"node-exporter\", instance=\"$instance\"}\n)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "memory used", + "refId": "A" + }, + { + "expr": "node_memory_Buffers_bytes{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "memory buffers", + "refId": "B" + }, + { + "expr": "node_memory_Cached_bytes{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "memory cached", + "refId": "C" + }, + { + "expr": "node_memory_MemFree_bytes{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "memory free", + "refId": "D" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "$datasource", + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 5, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "100 -\n(\n avg(node_memory_MemAvailable_bytes{job=\"node-exporter\", instance=\"$instance\"})\n/\n avg(node_memory_MemTotal_bytes{job=\"node-exporter\", instance=\"$instance\"})\n* 100\n)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "80, 90", + "title": "Memory Usage", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 0, + "fillGradient": 0, + "gridPos": { + + }, + "id": 6, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + { + "alias": "/ read| written/", + "yaxis": 1 + }, + { + "alias": "/ io time/", + "yaxis": 2 + } + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(node_disk_read_bytes_total{job=\"node-exporter\", instance=\"$instance\", device=~\"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+\"}[$__interval])", + "format": "time_series", + "interval": "1m", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}device{{`}}`}} read", + "refId": "A" + }, + { + "expr": "rate(node_disk_written_bytes_total{job=\"node-exporter\", instance=\"$instance\", device=~\"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+\"}[$__interval])", + "format": "time_series", + "interval": "1m", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}device{{`}}`}} written", + "refId": "B" + }, + { + "expr": "rate(node_disk_io_time_seconds_total{job=\"node-exporter\", instance=\"$instance\", device=~\"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+\"}[$__interval])", + "format": "time_series", + "interval": "1m", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}device{{`}}`}} io time", + "refId": "C" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 7, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + { + "alias": "used", + "color": "#E0B400" + }, + { + "alias": "available", + "color": "#73BF69" + } + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(\n max by (device) (\n node_filesystem_size_bytes{job=\"node-exporter\", instance=\"$instance\", fstype!=\"\"}\n -\n node_filesystem_avail_bytes{job=\"node-exporter\", instance=\"$instance\", fstype!=\"\"}\n )\n)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "used", + "refId": "A" + }, + { + "expr": "sum(\n max by (device) (\n node_filesystem_avail_bytes{job=\"node-exporter\", instance=\"$instance\", fstype!=\"\"}\n )\n)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "available", + "refId": "B" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk Space Usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 0, + "fillGradient": 0, + "gridPos": { + + }, + "id": 8, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(node_network_receive_bytes_total{job=\"node-exporter\", instance=\"$instance\", device!=\"lo\"}[$__interval])", + "format": "time_series", + "interval": "1m", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}device{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Network Received", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 0, + "fillGradient": 0, + "gridPos": { + + }, + "id": 9, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(node_network_transmit_bytes_total{job=\"node-exporter\", instance=\"$instance\", device!=\"lo\"}[$__interval])", + "format": "time_series", + "interval": "1m", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}device{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Network Transmitted", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + + ], + "templating": { + "list": [ + { + "current": { + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "instance", + "options": [ + + ], + "query": "label_values(node_exporter_build_info{job=\"node-exporter\"}, instance)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "browser", + "title": "Nodes", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml new file mode 100755 index 000000000..180087aa3 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml @@ -0,0 +1,577 @@ +{{- /* +Generated from 'persistentvolumesusage' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "persistentvolumesusage" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + persistentvolumesusage.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + + ] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 2, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": true, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 9, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(\n sum without(instance, node) (kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n -\n sum without(instance, node) (kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n)\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "Used Space", + "refId": "A" + }, + { + "expr": "sum without(instance, node) (kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "Free Space", + "refId": "B" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Volume Space Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "$datasource", + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 3, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "max without(instance,node) (\n(\n kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n -\n kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n)\n/\nkubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n* 100)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "80, 90", + "title": "Volume Space Usage", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 4, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": true, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 9, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum without(instance, node) (kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "Used inodes", + "refId": "A" + }, + { + "expr": "(\n sum without(instance, node) (kubelet_volume_stats_inodes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n -\n sum without(instance, node) (kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n)\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": " Free inodes", + "refId": "B" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Volume inodes Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "none", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "none", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "$datasource", + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 5, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "max without(instance,node) (\nkubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n/\nkubelet_volume_stats_inodes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n* 100)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "80, 90", + "title": "Volume inodes Usage", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kubelet_volume_stats_capacity_bytes, cluster)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "Namespace", + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\"}, namespace)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "PersistentVolumeClaim", + "multi": false, + "name": "volume", + "options": [ + + ], + "query": "label_values(kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\"}, persistentvolumeclaim)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-7d", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Persistent Volumes", + "uid": "919b92a8e8041bd567af9edab12c840c", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/pod-total.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/pod-total.yaml new file mode 100755 index 000000000..1790df788 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/pod-total.yaml @@ -0,0 +1,1228 @@ +{{- /* +Generated from 'pod-total' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "pod-total" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + pod-total.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "panels": [ + { + "collapse": false, + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 2, + "panels": [ + + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Current Bandwidth", + "titleSize": "h6", + "type": "row" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "decimals": 0, + "format": "time_series", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 1 + }, + "height": 9, + "id": 3, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "minSpan": 12, + "nullPointMode": "connected", + "nullText": null, + "options": { + "fieldOptions": { + "calcs": [ + "last" + ], + "defaults": { + "max": 10000000000, + "min": 0, + "title": "$namespace: $pod", + "unit": "Bps" + }, + "mappings": [ + + ], + "override": { + + }, + "thresholds": [ + { + "color": "dark-green", + "index": 0, + "value": null + }, + { + "color": "dark-yellow", + "index": 1, + "value": 5000000000 + }, + { + "color": "dark-red", + "index": 2, + "value": 7000000000 + } + ], + "values": false + } + }, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 12, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution]))", + "format": "time_series", + "instant": null, + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "timeFrom": null, + "timeShift": null, + "title": "Current Rate of Bytes Received", + "type": "gauge", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "decimals": 0, + "format": "time_series", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 1 + }, + "height": 9, + "id": 4, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "minSpan": 12, + "nullPointMode": "connected", + "nullText": null, + "options": { + "fieldOptions": { + "calcs": [ + "last" + ], + "defaults": { + "max": 10000000000, + "min": 0, + "title": "$namespace: $pod", + "unit": "Bps" + }, + "mappings": [ + + ], + "override": { + + }, + "thresholds": [ + { + "color": "dark-green", + "index": 0, + "value": null + }, + { + "color": "dark-yellow", + "index": 1, + "value": 5000000000 + }, + { + "color": "dark-red", + "index": 2, + "value": 7000000000 + } + ], + "values": false + } + }, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 12, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution]))", + "format": "time_series", + "instant": null, + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "timeFrom": null, + "timeShift": null, + "title": "Current Rate of Bytes Transmitted", + "type": "gauge", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "collapse": false, + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 10 + }, + "id": 5, + "panels": [ + + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Bandwidth", + "titleSize": "h6", + "type": "row" + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 11 + }, + "id": 6, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Receive Bandwidth", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 11 + }, + "id": 7, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Transmit Bandwidth", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "collapse": true, + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 20 + }, + "id": 8, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 21 + }, + "id": 9, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 21 + }, + "id": 10, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Packets", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": true, + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 21 + }, + "id": 11, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 32 + }, + "id": 12, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets Dropped", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 32 + }, + "id": 13, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets Dropped", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Errors", + "titleSize": "h6", + "type": "row" + } + ], + "refresh": "10s", + "rows": [ + + ], + "schemaVersion": 18, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 1, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": ".+", + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "kube-system", + "value": "kube-system" + }, + "datasource": "$datasource", + "definition": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": ".+", + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "definition": "label_values(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}, pod)", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "pod", + "options": [ + + ], + "query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}, pod)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "5m", + "value": "5m" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "resolution", + "options": [ + { + "selected": false, + "text": "30s", + "value": "30s" + }, + { + "selected": true, + "text": "5m", + "value": "5m" + }, + { + "selected": false, + "text": "1h", + "value": "1h" + } + ], + "query": "30s,5m,1h", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "interval", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "5m", + "value": "5m" + }, + "datasource": "$datasource", + "hide": 2, + "includeAll": false, + "label": null, + "multi": false, + "name": "interval", + "options": [ + { + "selected": true, + "text": "4h", + "value": "4h" + } + ], + "query": "4h", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "interval", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Networking / Pod", + "uid": "7a18067ce943a40ae25454675c19ff5c", + "version": 0 + } +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml new file mode 100755 index 000000000..89c6c4be1 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml @@ -0,0 +1,1670 @@ +{{- /* +Generated from 'prometheus-remote-write' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled .Values.prometheus.prometheusSpec.remoteWriteDashboards }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "prometheus-remote-write" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + prometheus-remote-write.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "refresh": "60s", + "rows": [ + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 2, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "(\n prometheus_remote_storage_highest_timestamp_in_seconds{cluster=~\"$cluster\", instance=~\"$instance\"} \n- \n ignoring(remote_name, url) group_right(instance) (prometheus_remote_storage_queue_highest_sent_timestamp_seconds{cluster=~\"$cluster\", instance=~\"$instance\"} != 0)\n)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Highest Timestamp In vs. Highest Timestamp Sent", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 3, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "clamp_min(\n rate(prometheus_remote_storage_highest_timestamp_in_seconds{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) \n- \n ignoring (remote_name, url) group_right(instance) rate(prometheus_remote_storage_queue_highest_sent_timestamp_seconds{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])\n, 0)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate[5m]", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Timestamps", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 4, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(\n prometheus_remote_storage_samples_in_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])\n- \n ignoring(remote_name, url) group_right(instance) (rate(prometheus_remote_storage_succeeded_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]))\n- \n (rate(prometheus_remote_storage_dropped_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_dropped_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate, in vs. succeeded or dropped [5m]", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Samples", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 5, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "minSpan": 6, + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_remote_storage_shards{cluster=~\"$cluster\", instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Shards", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 6, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_remote_storage_shards_max{cluster=~\"$cluster\", instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Max Shards", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 7, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_remote_storage_shards_min{cluster=~\"$cluster\", instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Min Shards", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 8, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_remote_storage_shards_desired{cluster=~\"$cluster\", instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Desired Shards", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Shards", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 9, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_remote_storage_shard_capacity{cluster=~\"$cluster\", instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Shard Capacity", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 10, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_remote_storage_pending_samples{cluster=~\"$cluster\", instance=~\"$instance\"} or prometheus_remote_storage_samples_pending{cluster=~\"$cluster\", instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Pending Samples", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Shard Details", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 11, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_tsdb_wal_segment_current{cluster=~\"$cluster\", instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "TSDB Current Segment", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "none", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 12, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_wal_watcher_current_segment{cluster=~\"$cluster\", instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}consumer{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Remote Write Current Segment", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "none", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Segments", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 13, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_remote_storage_dropped_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_dropped_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Dropped Samples", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 14, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_remote_storage_failed_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_failed_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Failed Samples", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 15, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_remote_storage_retried_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_retried_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Retried Samples", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 16, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_remote_storage_enqueue_retries_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Enqueue Retries", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Misc. Rates", + "titleSize": "h6", + "type": "row" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "prometheus-mixin" + ], + "templating": { + "list": [ + { + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": { + "selected": true, + "text": "All", + "value": "$__all" + }, + "value": { + "selected": true, + "text": "All", + "value": "$__all" + } + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "instance", + "options": [ + + ], + "query": "label_values(prometheus_build_info, instance)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": { + "selected": true, + "text": "All", + "value": "$__all" + }, + "value": { + "selected": true, + "text": "All", + "value": "$__all" + } + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": true, + "label": null, + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_container_info{image=~\".*prometheus.*\"}, cluster)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "url", + "options": [ + + ], + "query": "label_values(prometheus_remote_storage_shards{cluster=~\"$cluster\", instance=~\"$instance\"}, url)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "browser", + "title": "Prometheus / Remote Write", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/prometheus.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/prometheus.yaml new file mode 100755 index 000000000..f3292faf2 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/prometheus.yaml @@ -0,0 +1,1227 @@ +{{- /* +Generated from 'prometheus' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "prometheus" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + prometheus.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "60s", + "rows": [ + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Count", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "hidden", + "unit": "short" + }, + { + "alias": "Uptime", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Instance", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "instance", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Job", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "job", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Version", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "version", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "count by (job, instance, version) (prometheus_build_info{job=~\"$job\", instance=~\"$instance\"})", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "max by (job, instance) (time() - process_start_time_seconds{job=~\"$job\", instance=~\"$instance\"})", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Prometheus Stats", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Prometheus Stats", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(prometheus_target_sync_length_seconds_sum{job=~\"$job\",instance=~\"$instance\"}[5m])) by (scrape_job) * 1e3", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}scrape_job{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Target Sync", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ms", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(prometheus_sd_discovered_targets{job=~\"$job\",instance=~\"$instance\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Targets", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Targets", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Discovery", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_target_interval_length_seconds_sum{job=~\"$job\",instance=~\"$instance\"}[5m]) / rate(prometheus_target_interval_length_seconds_count{job=~\"$job\",instance=~\"$instance\"}[5m]) * 1e3", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}interval{{`}}`}} configured", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Average Scrape Interval Duration", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ms", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job) (rate(prometheus_target_scrapes_exceeded_sample_limit_total[1m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "exceeded sample limit: {{`{{`}}job{{`}}`}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "sum by (job) (rate(prometheus_target_scrapes_sample_duplicate_timestamp_total[1m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "duplicate timestamp: {{`{{`}}job{{`}}`}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "sum by (job) (rate(prometheus_target_scrapes_sample_out_of_bounds_total[1m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "out of bounds: {{`{{`}}job{{`}}`}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "sum by (job) (rate(prometheus_target_scrapes_sample_out_of_order_total[1m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "out of order: {{`{{`}}job{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Scrape failures", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_tsdb_head_samples_appended_total{job=~\"$job\",instance=~\"$instance\"}[5m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}job{{`}}`}} {{`{{`}}instance{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Appended Samples", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Retrieval", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_tsdb_head_series{job=~\"$job\",instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}job{{`}}`}} {{`{{`}}instance{{`}}`}} head series", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Head Series", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_tsdb_head_chunks{job=~\"$job\",instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}job{{`}}`}} {{`{{`}}instance{{`}}`}} head chunks", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Head Chunks", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Storage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 9, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_engine_query_duration_seconds_count{job=~\"$job\",instance=~\"$instance\",slice=\"inner_eval\"}[5m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}job{{`}}`}} {{`{{`}}instance{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Query Rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 10, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "max by (slice) (prometheus_engine_query_duration_seconds{quantile=\"0.9\",job=~\"$job\",instance=~\"$instance\"}) * 1e3", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}slice{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Stage Duration", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ms", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Query", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "prometheus-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "selected": true, + "text": "All", + "value": "$__all" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": true, + "label": "job", + "multi": true, + "name": "job", + "options": [ + + ], + "query": "label_values(prometheus_build_info, job)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "selected": true, + "text": "All", + "value": "$__all" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": true, + "label": "instance", + "multi": true, + "name": "instance", + "options": [ + + ], + "query": "label_values(prometheus_build_info, instance)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "utc", + "title": "Prometheus / Overview", + "uid": "", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/proxy.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/proxy.yaml new file mode 100755 index 000000000..a7cecd5dd --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/proxy.yaml @@ -0,0 +1,1232 @@ +{{- /* +Generated from 'proxy' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +{{- if (include "exporter.kubeProxy.enabled" .)}} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "proxy" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + proxy.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + + ] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 2, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 2, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(up{job=\"{{ include "exporter.kubeProxy.jobName" . }}\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Up", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "min" + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 3, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 5, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(kubeproxy_sync_proxy_rules_duration_seconds_count{job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "rate", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rules Sync Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 4, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 5, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99,rate(kubeproxy_sync_proxy_rules_duration_seconds_bucket{job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rule Sync Latency 99th Quantile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 5, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(kubeproxy_network_programming_duration_seconds_count{job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "rate", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Network Programming Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 6, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(kubeproxy_network_programming_duration_seconds_bucket{job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\"}[5m])) by (instance, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Network Programming Latency 99th Quantile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 7, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(rest_client_requests_total{job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\",code=~\"2..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "2xx", + "refId": "A" + }, + { + "expr": "sum(rate(rest_client_requests_total{job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\",code=~\"3..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "3xx", + "refId": "B" + }, + { + "expr": "sum(rate(rest_client_requests_total{job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\",code=~\"4..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "4xx", + "refId": "C" + }, + { + "expr": "sum(rate(rest_client_requests_total{job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\",code=~\"5..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "5xx", + "refId": "D" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Kube API Request Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 8, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 8, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{job=\"{{ include "exporter.kubeProxy.jobName" . }}\",instance=~\"$instance\",verb=\"POST\"}[5m])) by (verb, url, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Post Request Latency 99th Quantile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 9, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\", verb=\"GET\"}[5m])) by (verb, url, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Get Request Latency 99th Quantile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 10, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "process_resident_memory_bytes{job=\"{{ include "exporter.kubeProxy.jobName" . }}\",instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 11, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(process_cpu_seconds_total{job=\"{{ include "exporter.kubeProxy.jobName" . }}\",instance=~\"$instance\"}[5m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 12, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "go_goroutines{job=\"{{ include "exporter.kubeProxy.jobName" . }}\",instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Goroutines", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "instance", + "options": [ + + ], + "query": "label_values(kubeproxy_network_programming_duration_seconds_bucket{job=\"{{ include "exporter.kubeProxy.jobName" . }}\"}, instance)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Proxy", + "uid": "632e265de029684c40b21cb76bca4f94", + "version": 0 + } +{{- end }}{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/scheduler.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/scheduler.yaml new file mode 100755 index 000000000..eba5d160c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/scheduler.yaml @@ -0,0 +1,1076 @@ +{{- /* +Generated from 'scheduler' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +{{- if (include "exporter.kubeScheduler.enabled" .)}} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "scheduler" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + scheduler.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + + ] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 2, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 2, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(up{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Up", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "min" + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 3, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 5, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(scheduler_e2e_scheduling_duration_seconds_count{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\"}[5m])) by (instance)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} e2e", + "refId": "A" + }, + { + "expr": "sum(rate(scheduler_binding_duration_seconds_count{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\"}[5m])) by (instance)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} binding", + "refId": "B" + }, + { + "expr": "sum(rate(scheduler_scheduling_algorithm_duration_seconds_count{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\"}[5m])) by (instance)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} scheduling algorithm", + "refId": "C" + }, + { + "expr": "sum(rate(scheduler_volume_scheduling_duration_seconds_count{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\"}[5m])) by (instance)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} volume", + "refId": "D" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Scheduling Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 4, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 5, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\",instance=~\"$instance\"}[5m])) by (instance, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} e2e", + "refId": "A" + }, + { + "expr": "histogram_quantile(0.99, sum(rate(scheduler_binding_duration_seconds_bucket{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\",instance=~\"$instance\"}[5m])) by (instance, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} binding", + "refId": "B" + }, + { + "expr": "histogram_quantile(0.99, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\",instance=~\"$instance\"}[5m])) by (instance, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} scheduling algorithm", + "refId": "C" + }, + { + "expr": "histogram_quantile(0.99, sum(rate(scheduler_volume_scheduling_duration_seconds_bucket{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\",instance=~\"$instance\"}[5m])) by (instance, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} volume", + "refId": "D" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Scheduling latency 99th Quantile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 5, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(rest_client_requests_total{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\",code=~\"2..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "2xx", + "refId": "A" + }, + { + "expr": "sum(rate(rest_client_requests_total{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\",code=~\"3..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "3xx", + "refId": "B" + }, + { + "expr": "sum(rate(rest_client_requests_total{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\",code=~\"4..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "4xx", + "refId": "C" + }, + { + "expr": "sum(rate(rest_client_requests_total{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\",code=~\"5..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "5xx", + "refId": "D" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Kube API Request Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 6, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 8, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\", verb=\"POST\"}[5m])) by (verb, url, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Post Request Latency 99th Quantile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 7, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\", verb=\"GET\"}[5m])) by (verb, url, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Get Request Latency 99th Quantile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 8, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "process_resident_memory_bytes{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 9, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(process_cpu_seconds_total{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\"}[5m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 10, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "go_goroutines{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\",instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Goroutines", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "instance", + "options": [ + + ], + "query": "label_values(process_cpu_seconds_total{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\"}, instance)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Scheduler", + "uid": "2e6b6a3b4bddf1427b3a55aa1311c656", + "version": 0 + } +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/statefulset.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/statefulset.yaml new file mode 100755 index 000000000..3512fada2 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/statefulset.yaml @@ -0,0 +1,928 @@ +{{- /* +Generated from 'statefulset' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "statefulset" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + statefulset.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + + ] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "refresh": "", + "rows": [ + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 2, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "cores", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 4, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", container!=\"\", namespace=\"$namespace\", pod=~\"$statefulset.*\"}[3m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "CPU", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 3, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "GB", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 4, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(container_memory_usage_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", container!=\"\", namespace=\"$namespace\", pod=~\"$statefulset.*\"}) / 1024^3", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Memory", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 4, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "Bps", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 4, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(rate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$statefulset.*\"}[3m])) + sum(rate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",pod=~\"$statefulset.*\"}[3m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Network", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "height": "100px", + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 5, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "max(kube_statefulset_replicas{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", statefulset=\"$statefulset\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Desired Replicas", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 6, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "min(kube_statefulset_status_replicas_current{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", statefulset=\"$statefulset\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Replicas of current version", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 7, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "max(kube_statefulset_status_observed_generation{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", statefulset=\"$statefulset\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Observed Generation", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 8, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "max(kube_statefulset_metadata_generation{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Metadata Generation", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 9, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "max(kube_statefulset_replicas{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "replicas specified", + "refId": "A" + }, + { + "expr": "max(kube_statefulset_status_replicas{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "replicas created", + "refId": "B" + }, + { + "expr": "min(kube_statefulset_status_replicas_ready{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "ready", + "refId": "C" + }, + { + "expr": "min(kube_statefulset_status_replicas_current{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "replicas of current version", + "refId": "D" + }, + { + "expr": "min(kube_statefulset_status_replicas_updated{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "updated", + "refId": "E" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Replicas", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_statefulset_metadata_generation, cluster)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "Namespace", + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(kube_statefulset_metadata_generation{job=\"kube-state-metrics\", cluster=\"$cluster\"}, namespace)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "Name", + "multi": false, + "name": "statefulset", + "options": [ + + ], + "query": "label_values(kube_statefulset_metadata_generation{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\"}, statefulset)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / StatefulSets", + "uid": "a31c1f46e6f727cb37c0d731a7245005", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/workload-total.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/workload-total.yaml new file mode 100755 index 000000000..cd4e2364d --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards-1.14/workload-total.yaml @@ -0,0 +1,1438 @@ +{{- /* +Generated from 'workload-total' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "workload-total" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + workload-total.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "panels": [ + { + "collapse": false, + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 2, + "panels": [ + + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Current Bandwidth", + "titleSize": "h6", + "type": "row" + }, + { + "aliasColors": { + + }, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 1 + }, + "id": 3, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}} pod {{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Rate of Bytes Received", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 1 + }, + "id": 4, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}} pod {{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Rate of Bytes Transmitted", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "collapse": true, + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 10 + }, + "id": 5, + "panels": [ + { + "aliasColors": { + + }, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 11 + }, + "id": 6, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}} pod {{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Average Rate of Bytes Received", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 11 + }, + "id": 7, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}} pod {{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Average Rate of Bytes Transmitted", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Average Bandwidth", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 11 + }, + "id": 8, + "panels": [ + + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Bandwidth HIstory", + "titleSize": "h6", + "type": "row" + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 12 + }, + "id": 9, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Receive Bandwidth", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 12 + }, + "id": 10, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Transmit Bandwidth", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "collapse": true, + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 21 + }, + "id": 11, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 22 + }, + "id": 12, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 22 + }, + "id": 13, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Packets", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": true, + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 22 + }, + "id": 14, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 23 + }, + "id": 15, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets Dropped", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 23 + }, + "id": 16, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets Dropped", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Errors", + "titleSize": "h6", + "type": "row" + } + ], + "refresh": "10s", + "rows": [ + + ], + "schemaVersion": 18, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 1, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": ".+", + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "kube-system", + "value": "kube-system" + }, + "datasource": "$datasource", + "definition": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "definition": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\"}, workload)", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "workload", + "options": [ + + ], + "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\"}, workload)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "deployment", + "value": "deployment" + }, + "datasource": "$datasource", + "definition": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\"}, workload_type)", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "type", + "options": [ + + ], + "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\"}, workload_type)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "5m", + "value": "5m" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "resolution", + "options": [ + { + "selected": false, + "text": "30s", + "value": "30s" + }, + { + "selected": true, + "text": "5m", + "value": "5m" + }, + { + "selected": false, + "text": "1h", + "value": "1h" + } + ], + "query": "30s,5m,1h", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "interval", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "5m", + "value": "5m" + }, + "datasource": "$datasource", + "hide": 2, + "includeAll": false, + "label": null, + "multi": false, + "name": "interval", + "options": [ + { + "selected": true, + "text": "4h", + "value": "4h" + } + ], + "query": "4h", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "interval", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Networking / Workload", + "uid": "728bf77cc1166d2f3133bf25846876cc", + "version": 0 + } +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/etcd.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/etcd.yaml new file mode 100755 index 000000000..ac54228e9 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/etcd.yaml @@ -0,0 +1,1118 @@ +{{- /* +Generated from 'etcd' from https://raw.githubusercontent.com/etcd-io/website/master/content/docs/current/op-guide/grafana.json +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +{{- if (include "exporter.kubeEtcd.enabled" .)}} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "etcd" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + etcd.json: |- + { + "annotations": { + "list": [] + }, + "description": "etcd sample Grafana dashboard with Prometheus", + "editable": true, + "gnetId": null, + "hideControls": false, + "links": [], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "editable": true, + "height": "250px", + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "datasource": "$datasource", + "editable": true, + "error": false, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "id": 28, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "targets": [ + { + "expr": "sum(etcd_server_has_leader{job=\"$cluster\"})", + "intervalFactor": 2, + "legendFormat": "", + "metric": "etcd_server_has_leader", + "refId": "A", + "step": 20 + } + ], + "thresholds": "", + "title": "Up", + "type": "singlestat", + "valueFontSize": "200%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "avg" + }, + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fill": 0, + "id": 23, + "isNew": true, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 5, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(grpc_server_started_total{job=\"$cluster\",grpc_type=\"unary\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "RPC Rate", + "metric": "grpc_server_started_total", + "refId": "A", + "step": 2 + }, + { + "expr": "sum(rate(grpc_server_handled_total{job=\"$cluster\",grpc_type=\"unary\",grpc_code!=\"OK\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "RPC Failed Rate", + "metric": "grpc_server_handled_total", + "refId": "B", + "step": 2 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "RPC Rate", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fill": 0, + "id": 41, + "isNew": true, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(grpc_server_started_total{job=\"$cluster\",grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"}) - sum(grpc_server_handled_total{job=\"$cluster\",grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"})", + "intervalFactor": 2, + "legendFormat": "Watch Streams", + "metric": "grpc_server_handled_total", + "refId": "A", + "step": 4 + }, + { + "expr": "sum(grpc_server_started_total{job=\"$cluster\",grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"}) - sum(grpc_server_handled_total{job=\"$cluster\",grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"})", + "intervalFactor": 2, + "legendFormat": "Lease Streams", + "metric": "grpc_server_handled_total", + "refId": "B", + "step": 4 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Active Streams", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "showTitle": false, + "title": "Row" + }, + { + "collapse": false, + "editable": true, + "height": "250px", + "panels": [ + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "decimals": null, + "editable": true, + "error": false, + "fill": 0, + "grid": {}, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "etcd_mvcc_db_total_size_in_bytes{job=\"$cluster\"}", + "hide": false, + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} DB Size", + "metric": "", + "refId": "A", + "step": 4 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "DB Size", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fill": 0, + "grid": {}, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 1, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 4, + "stack": false, + "steppedLine": true, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_wal_fsync_duration_seconds_bucket{job=\"$cluster\"}[5m])) by (instance, le))", + "hide": false, + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} WAL fsync", + "metric": "etcd_disk_wal_fsync_duration_seconds_bucket", + "refId": "A", + "step": 4 + }, + { + "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_backend_commit_duration_seconds_bucket{job=\"$cluster\"}[5m])) by (instance, le))", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} DB fsync", + "metric": "etcd_disk_backend_commit_duration_seconds_bucket", + "refId": "B", + "step": 4 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Disk Sync Duration", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fill": 0, + "id": 29, + "isNew": true, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "process_resident_memory_bytes{job=\"$cluster\"}", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Resident Memory", + "metric": "process_resident_memory_bytes", + "refId": "A", + "step": 4 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Memory", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "title": "New row" + }, + { + "collapse": false, + "editable": true, + "height": "250px", + "panels": [ + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fill": 5, + "id": 22, + "isNew": true, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 3, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "rate(etcd_network_client_grpc_received_bytes_total{job=\"$cluster\"}[5m])", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Client Traffic In", + "metric": "etcd_network_client_grpc_received_bytes_total", + "refId": "A", + "step": 4 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Client Traffic In", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fill": 5, + "id": 21, + "isNew": true, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 3, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "rate(etcd_network_client_grpc_sent_bytes_total{job=\"$cluster\"}[5m])", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Client Traffic Out", + "metric": "etcd_network_client_grpc_sent_bytes_total", + "refId": "A", + "step": 4 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Client Traffic Out", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fill": 0, + "id": 20, + "isNew": true, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(etcd_network_peer_received_bytes_total{job=\"$cluster\"}[5m])) by (instance)", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Peer Traffic In", + "metric": "etcd_network_peer_received_bytes_total", + "refId": "A", + "step": 4 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Peer Traffic In", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "decimals": null, + "editable": true, + "error": false, + "fill": 0, + "grid": {}, + "id": 16, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(etcd_network_peer_sent_bytes_total{job=\"$cluster\"}[5m])) by (instance)", + "hide": false, + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Peer Traffic Out", + "metric": "etcd_network_peer_sent_bytes_total", + "refId": "A", + "step": 4 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Peer Traffic Out", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "Bps", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "title": "New row" + }, + { + "collapse": false, + "editable": true, + "height": "250px", + "panels": [ + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fill": 0, + "id": 40, + "isNew": true, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(etcd_server_proposals_failed_total{job=\"$cluster\"}[5m]))", + "intervalFactor": 2, + "legendFormat": "Proposal Failure Rate", + "metric": "etcd_server_proposals_failed_total", + "refId": "A", + "step": 2 + }, + { + "expr": "sum(etcd_server_proposals_pending{job=\"$cluster\"})", + "intervalFactor": 2, + "legendFormat": "Proposal Pending Total", + "metric": "etcd_server_proposals_pending", + "refId": "B", + "step": 2 + }, + { + "expr": "sum(rate(etcd_server_proposals_committed_total{job=\"$cluster\"}[5m]))", + "intervalFactor": 2, + "legendFormat": "Proposal Commit Rate", + "metric": "etcd_server_proposals_committed_total", + "refId": "C", + "step": 2 + }, + { + "expr": "sum(rate(etcd_server_proposals_applied_total{job=\"$cluster\"}[5m]))", + "intervalFactor": 2, + "legendFormat": "Proposal Apply Rate", + "refId": "D", + "step": 2 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Raft Proposals", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "decimals": 0, + "editable": true, + "error": false, + "fill": 0, + "id": 19, + "isNew": true, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "changes(etcd_server_leader_changes_seen_total{job=\"$cluster\"}[1d])", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Total Leader Elections Per Day", + "metric": "etcd_server_leader_changes_seen_total", + "refId": "A", + "step": 2 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Total Leader Elections Per Day", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "title": "New row" + } + ], + "schemaVersion": 13, + "sharedCrosshair": false, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "current": { + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": "prod", + "value": "prod" + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [], + "query": "label_values(etcd_server_has_leader, job)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-15m", + "to": "now" + }, + "timepicker": { + "now": true, + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "browser", + "title": "etcd", + "uid": "c2f4e12cdf69feb95caa41a5a1b423d9", + "version": 215 + } +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-cluster-rsrc-use.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-cluster-rsrc-use.yaml new file mode 100755 index 000000000..2b8eac4df --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-cluster-rsrc-use.yaml @@ -0,0 +1,959 @@ +{{- /* +Generated from 'k8s-cluster-rsrc-use' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-cluster-rsrc-use" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + k8s-cluster-rsrc-use.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "node:cluster_cpu_utilisation:ratio{cluster=\"$cluster\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}node{{`}}`}}", + "legendLink": "./d/4ac4f123aae0ff6dbaf4f4f66120033b/k8s-node-rsrc-use", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Utilisation", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "node:node_cpu_saturation_load1:{cluster=\"$cluster\"} / scalar(sum(min(kube_pod_info{cluster=\"$cluster\"}) by (node)))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}node{{`}}`}}", + "legendLink": "./d/4ac4f123aae0ff6dbaf4f4f66120033b/k8s-node-rsrc-use", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Saturation (Load1)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "node:cluster_memory_utilisation:ratio{cluster=\"$cluster\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}node{{`}}`}}", + "legendLink": "./d/4ac4f123aae0ff6dbaf4f4f66120033b/k8s-node-rsrc-use", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Utilisation", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "node:node_memory_swap_io_bytes:sum_rate{cluster=\"$cluster\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}node{{`}}`}}", + "legendLink": "./d/4ac4f123aae0ff6dbaf4f4f66120033b/k8s-node-rsrc-use", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Saturation (Swap I/O)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "node:node_disk_utilisation:avg_irate{cluster=\"$cluster\"} / scalar(:kube_pod_info_node_count:{cluster=\"$cluster\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}node{{`}}`}}", + "legendLink": "./d/4ac4f123aae0ff6dbaf4f4f66120033b/k8s-node-rsrc-use", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk IO Utilisation", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "node:node_disk_saturation:avg_irate{cluster=\"$cluster\"} / scalar(:kube_pod_info_node_count:{cluster=\"$cluster\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}node{{`}}`}}", + "legendLink": "./d/4ac4f123aae0ff6dbaf4f4f66120033b/k8s-node-rsrc-use", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk IO Saturation", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Disk", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "node:node_net_utilisation:sum_irate{cluster=\"$cluster\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}node{{`}}`}}", + "legendLink": "./d/4ac4f123aae0ff6dbaf4f4f66120033b/k8s-node-rsrc-use", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Net Utilisation (Transmitted)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "node:node_net_saturation:sum_irate{cluster=\"$cluster\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}node{{`}}`}}", + "legendLink": "./d/4ac4f123aae0ff6dbaf4f4f66120033b/k8s-node-rsrc-use", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Net Saturation (Dropped)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 9, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(max(node_filesystem_size_bytes{fstype=~\"ext[234]|btrfs|xfs|zfs\", cluster=\"$cluster\"} - node_filesystem_avail_bytes{fstype=~\"ext[234]|btrfs|xfs|zfs\", cluster=\"$cluster\"}) by (device,pod,namespace)) by (pod,namespace)\n/ scalar(sum(max(node_filesystem_size_bytes{fstype=~\"ext[234]|btrfs|xfs|zfs\", cluster=\"$cluster\"}) by (device,pod,namespace)))\n* on (namespace, pod) group_left (node) node_namespace_pod:kube_pod_info:{cluster=\"$cluster\"}\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}node{{`}}`}}", + "legendLink": "./d/4ac4f123aae0ff6dbaf4f4f66120033b/k8s-node-rsrc-use", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk Capacity", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Storage", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": "prod", + "value": "prod" + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(:kube_pod_info_node_count:, cluster)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "Kubernetes / USE Method / Cluster", + "uid": "a6e7d1362e1ddbb79db21d5bb40d7137", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-node-rsrc-use.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-node-rsrc-use.yaml new file mode 100755 index 000000000..101252086 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-node-rsrc-use.yaml @@ -0,0 +1,986 @@ +{{- /* +Generated from 'k8s-node-rsrc-use' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-node-rsrc-use" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + k8s-node-rsrc-use.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "node:node_cpu_utilisation:avg1m{cluster=\"$cluster\", node=\"$node\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Utilisation", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Utilisation", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "node:node_cpu_saturation_load1:{cluster=\"$cluster\", node=\"$node\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Saturation", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Saturation (Load1)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "node:node_memory_utilisation:{cluster=\"$cluster\", node=\"$node\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Memory", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Utilisation", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "node:node_memory_swap_io_bytes:sum_rate{cluster=\"$cluster\", node=\"$node\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Swap IO", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Saturation (Swap I/O)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "node:node_disk_utilisation:avg_irate{cluster=\"$cluster\", node=\"$node\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Utilisation", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk IO Utilisation", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "node:node_disk_saturation:avg_irate{cluster=\"$cluster\", node=\"$node\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Saturation", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk IO Saturation", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Disk", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "node:node_net_utilisation:sum_irate{cluster=\"$cluster\", node=\"$node\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Utilisation", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Net Utilisation (Transmitted)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "node:node_net_saturation:sum_irate{cluster=\"$cluster\", node=\"$node\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Saturation", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Net Saturation (Dropped)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Net", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 9, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "node:node_filesystem_usage:{cluster=\"$cluster\"}\n* on (namespace, pod) group_left (node) node_namespace_pod:kube_pod_info:{cluster=\"$cluster\", node=\"$node\"}\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}device{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk Utilisation", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Disk", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": "prod", + "value": "prod" + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(:kube_pod_info_node_count:, cluster)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "prod", + "value": "prod" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "node", + "multi": false, + "name": "node", + "options": [ + + ], + "query": "label_values(kube_node_info{cluster=\"$cluster\"}, node)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "Kubernetes / USE Method / Node", + "uid": "4ac4f123aae0ff6dbaf4f4f66120033b", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-resources-cluster.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-resources-cluster.yaml new file mode 100755 index 000000000..e068214bc --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-resources-cluster.yaml @@ -0,0 +1,1479 @@ +{{- /* +Generated from 'k8s-resources-cluster' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-cluster" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + k8s-resources-cluster.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "100px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 2, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - avg(rate(node_cpu_seconds_total{mode=\"idle\", cluster=\"$cluster\"}[1m]))", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "CPU Utilisation", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 2, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\"}) / sum(node:node_num_cpu:sum{cluster=\"$cluster\"})", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "CPU Requests Commitment", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 2, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\"}) / sum(node:node_num_cpu:sum{cluster=\"$cluster\"})", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "CPU Limits Commitment", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 2, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - sum(:node_memory_MemFreeCachedBuffers_bytes:sum{cluster=\"$cluster\"}) / sum(:node_memory_MemTotal_bytes:sum{cluster=\"$cluster\"})", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "Memory Utilisation", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 2, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\"}) / sum(:node_memory_MemTotal_bytes:sum{cluster=\"$cluster\"})", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "Memory Requests Commitment", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 2, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\"}) / sum(:node_memory_MemTotal_bytes:sum{cluster=\"$cluster\"})", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "Memory Limits Commitment", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Headlines", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Pods", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "link": true, + "linkTooltip": "Drill down to pods", + "linkUrl": "./d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell_1", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Workloads", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "link": true, + "linkTooltip": "Drill down to workloads", + "linkUrl": "./d/a87fb0d919ec0ea5f6543124e16c42a5/k8s-resources-workloads-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell_1", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "CPU Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #G", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Namespace", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTooltip": "Drill down to pods", + "linkUrl": "./d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell", + "pattern": "namespace", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "count(mixin_pod_workload{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "count(avg(mixin_pod_workload{cluster=\"$cluster\"}) by (workload, namespace)) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace) / sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + }, + { + "expr": "sum(namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace) / sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "G", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Quota", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 9, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(container_memory_rss{cluster=\"$cluster\", container_name!=\"\"}) by (namespace)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Usage (w/o cache)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 10, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Pods", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "link": true, + "linkTooltip": "Drill down to pods", + "linkUrl": "./d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell_1", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Workloads", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "link": true, + "linkTooltip": "Drill down to workloads", + "linkUrl": "./d/a87fb0d919ec0ea5f6543124e16c42a5/k8s-resources-workloads-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell_1", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Memory Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #G", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Namespace", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTooltip": "Drill down to pods", + "linkUrl": "./d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell", + "pattern": "namespace", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "count(mixin_pod_workload{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "count(avg(mixin_pod_workload{cluster=\"$cluster\"}) by (workload, namespace)) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(container_memory_rss{cluster=\"$cluster\", container_name!=\"\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(container_memory_rss{cluster=\"$cluster\", container_name!=\"\"}) by (namespace) / sum(kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + }, + { + "expr": "sum(container_memory_rss{cluster=\"$cluster\", container_name!=\"\"}) by (namespace) / sum(kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "G", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Requests by Namespace", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Requests", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": "prod", + "value": "prod" + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(:kube_pod_info_node_count:, cluster)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "Kubernetes / Compute Resources / Cluster", + "uid": "efa86fd1d0c121a26444b636a3f509a8", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-resources-namespace.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-resources-namespace.yaml new file mode 100755 index 000000000..af3664731 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-resources-namespace.yaml @@ -0,0 +1,963 @@ +{{- /* +Generated from 'k8s-resources-namespace' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-namespace" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + k8s-resources-namespace.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod_name)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod_name{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "CPU Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "CPU Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTooltip": "Drill down", + "linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", + "pattern": "pod", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(label_replace(namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}, \"pod\", \"$1\", \"pod_name\", \"(.*)\")) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(label_replace(namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}, \"pod\", \"$1\", \"pod_name\", \"(.*)\")) by (pod) / sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(label_replace(namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}, \"pod\", \"$1\", \"pod_name\", \"(.*)\")) by (pod) / sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Quota", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(container_memory_usage_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container_name!=\"\"}) by (pod_name)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod_name{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Usage (w/o cache)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Memory Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Usage (RSS)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Usage (Cache)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #G", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Usage (Swap", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #H", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTooltip": "Drill down", + "linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", + "pattern": "pod", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(label_replace(container_memory_usage_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container_name!=\"\"}, \"pod\", \"$1\", \"pod_name\", \"(.*)\")) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(label_replace(container_memory_usage_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container_name!=\"\"}, \"pod\", \"$1\", \"pod_name\", \"(.*)\")) by (pod) / sum(kube_pod_container_resource_requests_memory_bytes{namespace=\"$namespace\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(label_replace(container_memory_usage_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container_name!=\"\"}, \"pod\", \"$1\", \"pod_name\", \"(.*)\")) by (pod) / sum(kube_pod_container_resource_limits_memory_bytes{namespace=\"$namespace\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(label_replace(container_memory_rss{cluster=\"$cluster\", namespace=\"$namespace\",container_name!=\"\"}, \"pod\", \"$1\", \"pod_name\", \"(.*)\")) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + }, + { + "expr": "sum(label_replace(container_memory_cache{cluster=\"$cluster\", namespace=\"$namespace\",container_name!=\"\"}, \"pod\", \"$1\", \"pod_name\", \"(.*)\")) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "G", + "step": 10 + }, + { + "expr": "sum(label_replace(container_memory_swap{cluster=\"$cluster\", namespace=\"$namespace\",container_name!=\"\"}, \"pod\", \"$1\", \"pod_name\", \"(.*)\")) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "H", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Quota", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": "prod", + "value": "prod" + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(:kube_pod_info_node_count:, cluster)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "prod", + "value": "prod" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "namespace", + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(kube_pod_info{cluster=\"$cluster\"}, namespace)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "Kubernetes / Compute Resources / Namespace (Pods)", + "uid": "85a562078cdf77779eaa1add43ccec1e", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-resources-pod.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-resources-pod.yaml new file mode 100755 index 000000000..536a2c704 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-resources-pod.yaml @@ -0,0 +1,1006 @@ +{{- /* +Generated from 'k8s-resources-pod' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-pod" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + k8s-resources-pod.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate{namespace=\"$namespace\", pod_name=\"$pod\", container_name!=\"POD\", cluster=\"$cluster\"}) by (container_name)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}container_name{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "CPU Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "CPU Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Container", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "container", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(label_replace(namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\", pod_name=\"$pod\", container_name!=\"POD\"}, \"container\", \"$1\", \"container_name\", \"(.*)\")) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(label_replace(namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\", pod_name=\"$pod\"}, \"container\", \"$1\", \"container_name\", \"(.*)\")) by (container) / sum(kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(label_replace(namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\", pod_name=\"$pod\"}, \"container\", \"$1\", \"container_name\", \"(.*)\")) by (container) / sum(kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Quota", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(container_memory_rss{cluster=\"$cluster\", namespace=\"$namespace\", pod_name=\"$pod\", container_name!=\"POD\", container_name!=\"\"}) by (container_name)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}container_name{{`}}`}} (RSS)", + "legendLink": null, + "step": 10 + }, + { + "expr": "sum(container_memory_cache{cluster=\"$cluster\", namespace=\"$namespace\", pod_name=\"$pod\", container_name!=\"POD\", container_name!=\"\"}) by (container_name)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}container_name{{`}}`}} (Cache)", + "legendLink": null, + "step": 10 + }, + { + "expr": "sum(container_memory_swap{cluster=\"$cluster\", namespace=\"$namespace\", pod_name=\"$pod\", container_name!=\"POD\", container_name!=\"\"}) by (container_name)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}container_name{{`}}`}} (Swap)", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Memory Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Usage (RSS)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Usage (Cache)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #G", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Usage (Swap", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #H", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Container", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "container", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(label_replace(container_memory_usage_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod_name=\"$pod\", container_name!=\"POD\", container_name!=\"\"}, \"container\", \"$1\", \"container_name\", \"(.*)\")) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(label_replace(container_memory_usage_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod_name=\"$pod\"}, \"container\", \"$1\", \"container_name\", \"(.*)\")) by (container) / sum(kube_pod_container_resource_requests_memory_bytes{namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(label_replace(container_memory_usage_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod_name=\"$pod\", container_name!=\"\"}, \"container\", \"$1\", \"container_name\", \"(.*)\")) by (container) / sum(kube_pod_container_resource_limits_memory_bytes{namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(label_replace(container_memory_rss{cluster=\"$cluster\", namespace=\"$namespace\", pod_name=\"$pod\", container_name != \"\", container_name != \"POD\"}, \"container\", \"$1\", \"container_name\", \"(.*)\")) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + }, + { + "expr": "sum(label_replace(container_memory_cache{cluster=\"$cluster\", namespace=\"$namespace\", pod_name=\"$pod\", container_name != \"\", container_name != \"POD\"}, \"container\", \"$1\", \"container_name\", \"(.*)\")) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "G", + "step": 10 + }, + { + "expr": "sum(label_replace(container_memory_swap{cluster=\"$cluster\", namespace=\"$namespace\", pod_name=\"$pod\", container_name != \"\", container_name != \"POD\"}, \"container\", \"$1\", \"container_name\", \"(.*)\")) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "H", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Quota", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": "prod", + "value": "prod" + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(:kube_pod_info_node_count:, cluster)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "prod", + "value": "prod" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "namespace", + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(kube_pod_info{cluster=\"$cluster\"}, namespace)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "prod", + "value": "prod" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "pod", + "multi": false, + "name": "pod", + "options": [ + + ], + "query": "label_values(kube_pod_info{cluster=\"$cluster\", namespace=\"$namespace\"}, pod)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "Kubernetes / Compute Resources / Pod", + "uid": "6581e46e4e5c7ba40a07646395ef7b23", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-resources-workload.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-resources-workload.yaml new file mode 100755 index 000000000..f5844b505 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-resources-workload.yaml @@ -0,0 +1,936 @@ +{{- /* +Generated from 'k8s-resources-workload' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-workload" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + k8s-resources-workload.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(\n label_replace(\n namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"},\n \"pod\", \"$1\", \"pod_name\", \"(.*)\"\n ) * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "CPU Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "CPU Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTooltip": "Drill down", + "linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", + "pattern": "pod", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(\n label_replace(\n namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"},\n \"pod\", \"$1\", \"pod_name\", \"(.*)\"\n ) * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(\n label_replace(\n namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"},\n \"pod\", \"$1\", \"pod_name\", \"(.*)\"\n ) * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(\n label_replace(\n namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"},\n \"pod\", \"$1\", \"pod_name\", \"(.*)\"\n ) * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Quota", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(\n label_replace(\n container_memory_usage_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container_name!=\"\"},\n \"pod\", \"$1\", \"pod_name\", \"(.*)\"\n ) * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n ) by (pod)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Memory Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTooltip": "Drill down", + "linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", + "pattern": "pod", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(\n label_replace(\n container_memory_usage_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container_name!=\"\"},\n \"pod\", \"$1\", \"pod_name\", \"(.*)\"\n ) * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n ) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(\n label_replace(\n container_memory_usage_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container_name!=\"\"},\n \"pod\", \"$1\", \"pod_name\", \"(.*)\"\n ) * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n ) by (pod)\n/sum(\n kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(\n label_replace(\n container_memory_usage_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container_name!=\"\"},\n \"pod\", \"$1\", \"pod_name\", \"(.*)\"\n ) * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n ) by (pod)\n/sum(\n kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Quota", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": "prod", + "value": "prod" + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(:kube_pod_info_node_count:, cluster)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "prod", + "value": "prod" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "namespace", + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(kube_pod_info{cluster=\"$cluster\"}, namespace)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "prod", + "value": "prod" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "workload", + "multi": false, + "name": "workload", + "options": [ + + ], + "query": "label_values(mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\"}, workload)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "prod", + "value": "prod" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "type", + "multi": false, + "name": "type", + "options": [ + + ], + "query": "label_values(mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\"}, workload_type)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "Kubernetes / Compute Resources / Workload", + "uid": "a164a7f0339f99e89cea5cb47e9be617", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-resources-workloads-namespace.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-resources-workloads-namespace.yaml new file mode 100755 index 000000000..8a8b5077b --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/k8s-resources-workloads-namespace.yaml @@ -0,0 +1,972 @@ +{{- /* +Generated from 'k8s-resources-workloads-namespace' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-workloads-namespace" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + k8s-resources-workloads-namespace.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(\n label_replace(\n namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"},\n \"pod\", \"$1\", \"pod_name\", \"(.*)\"\n ) * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\"}\n) by (workload, workload_type)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}workload{{`}}`}} - {{`{{`}}workload_type{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Running Pods", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "CPU Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Workload", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTooltip": "Drill down", + "linkUrl": "./d/a164a7f0339f99e89cea5cb47e9be617/k8s-resources-workload?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-workload=$__cell&var-type=$__cell_2", + "pattern": "workload", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Workload Type", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "workload_type", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "count(mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\"}) by (workload, workload_type)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(\n label_replace(\n namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"},\n \"pod\", \"$1\", \"pod_name\", \"(.*)\"\n ) * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(\n label_replace(\n namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"},\n \"pod\", \"$1\", \"pod_name\", \"(.*)\"\n ) * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(\n label_replace(\n namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"},\n \"pod\", \"$1\", \"pod_name\", \"(.*)\"\n ) * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Quota", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(\n label_replace(\n container_memory_usage_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container_name!=\"\"},\n \"pod\", \"$1\", \"pod_name\", \"(.*)\"\n ) * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\"}\n ) by (workload, workload_type)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}workload{{`}}`}} - {{`{{`}}workload_type{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Running Pods", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Memory Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Workload", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTooltip": "Drill down", + "linkUrl": "./d/a164a7f0339f99e89cea5cb47e9be617/k8s-resources-workload?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-workload=$__cell&var-type=$__cell_2", + "pattern": "workload", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Workload Type", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "workload_type", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "count(mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\"}) by (workload, workload_type)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(\n label_replace(\n container_memory_usage_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container_name!=\"\"},\n \"pod\", \"$1\", \"pod_name\", \"(.*)\"\n ) * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\"}\n ) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(\n label_replace(\n container_memory_usage_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container_name!=\"\"},\n \"pod\", \"$1\", \"pod_name\", \"(.*)\"\n ) * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\"}\n ) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(\n label_replace(\n container_memory_usage_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container_name!=\"\"},\n \"pod\", \"$1\", \"pod_name\", \"(.*)\"\n ) * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\"}\n ) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod) group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Quota", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": "prod", + "value": "prod" + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(:kube_pod_info_node_count:, cluster)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "prod", + "value": "prod" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "namespace", + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(kube_pod_info{cluster=\"$cluster\"}, namespace)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "Kubernetes / Compute Resources / Namespace (Workloads)", + "uid": "a87fb0d919ec0ea5f6543124e16c42a5", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/nodes.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/nodes.yaml new file mode 100755 index 000000000..17a97dae1 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/nodes.yaml @@ -0,0 +1,1383 @@ +{{- /* +Generated from 'nodes' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "nodes" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + nodes.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + + ] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "refresh": "", + "rows": [ + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + + }, + "id": 2, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "max(node_load1{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "load 1m", + "refId": "A" + }, + { + "expr": "max(node_load5{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "load 5m", + "refId": "B" + }, + { + "expr": "max(node_load15{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "load 15m", + "refId": "C" + }, + { + "expr": "count(node_cpu_seconds_total{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\", mode=\"user\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "logical cores", + "refId": "D" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "System load", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + + }, + "id": 3, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (cpu) (irate(node_cpu_seconds_total{cluster=\"$cluster\", job=\"node-exporter\", mode!=\"idle\", instance=\"$instance\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cpu{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Usage Per Core", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + + }, + "id": 4, + "legend": { + "alignAsTable": "true", + "avg": "true", + "current": "true", + "max": "false", + "min": "false", + "rightSide": "true", + "show": "true", + "total": "false", + "values": "true" + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 9, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "max (sum by (cpu) (irate(node_cpu_seconds_total{cluster=\"$cluster\", job=\"node-exporter\", mode!=\"idle\", instance=\"$instance\"}[2m])) ) * 100\n", + "format": "time_series", + "intervalFactor": 10, + "legendFormat": "{{`{{`}} cpu {{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Utilization", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percent", + "label": null, + "logBase": 1, + "max": 100, + "min": 0, + "show": true + }, + { + "format": "percent", + "label": null, + "logBase": 1, + "max": 100, + "min": 0, + "show": true + } + ] + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "$datasource", + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 5, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "avg(sum by (cpu) (irate(node_cpu_seconds_total{cluster=\"$cluster\", job=\"node-exporter\", mode!=\"idle\", instance=\"$instance\"}[2m]))) * 100\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "80, 90", + "title": "CPU Usage", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + + }, + "id": 6, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 9, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "max(\n node_memory_MemTotal_bytes{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"}\n - node_memory_MemFree_bytes{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"}\n - node_memory_Buffers_bytes{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"}\n - node_memory_Cached_bytes{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"}\n)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "memory used", + "refId": "A" + }, + { + "expr": "max(node_memory_Buffers_bytes{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "memory buffers", + "refId": "B" + }, + { + "expr": "max(node_memory_Cached_bytes{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "memory cached", + "refId": "C" + }, + { + "expr": "max(node_memory_MemFree_bytes{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "memory free", + "refId": "D" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "$datasource", + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 7, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "max(\n (\n (\n node_memory_MemTotal_bytes{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"}\n - node_memory_MemFree_bytes{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"}\n - node_memory_Buffers_bytes{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"}\n - node_memory_Cached_bytes{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"}\n )\n / node_memory_MemTotal_bytes{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"}\n ) * 100)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "80, 90", + "title": "Memory Usage", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + + }, + "id": 8, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + { + "alias": "read", + "yaxis": 1 + }, + { + "alias": "io time", + "yaxis": 2 + } + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "max(rate(node_disk_read_bytes_total{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"}[2m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "read", + "refId": "A" + }, + { + "expr": "max(rate(node_disk_written_bytes_total{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"}[2m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "written", + "refId": "B" + }, + { + "expr": "max(rate(node_disk_io_time_seconds_total{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"}[2m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "io time", + "refId": "C" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk I/O", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "ms", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + + }, + "id": 9, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "max by (namespace, pod, device) ((node_filesystem_size_bytes{cluster=\"$cluster\", fstype=~\"ext[234]|btrfs|xfs|zfs\", instance=\"$instance\", job=\"node-exporter\"} - node_filesystem_avail_bytes{cluster=\"$cluster\", fstype=~\"ext[234]|btrfs|xfs|zfs\", instance=\"$instance\", job=\"node-exporter\"}) / node_filesystem_size_bytes{cluster=\"$cluster\", fstype=~\"ext[234]|btrfs|xfs|zfs\", instance=\"$instance\", job=\"node-exporter\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "disk used", + "refId": "A" + }, + { + "expr": "max by (namespace, pod, device) (node_filesystem_avail_bytes{cluster=\"$cluster\", fstype=~\"ext[234]|btrfs|xfs|zfs\", instance=\"$instance\", job=\"node-exporter\"} / node_filesystem_size_bytes{cluster=\"$cluster\", fstype=~\"ext[234]|btrfs|xfs|zfs\", instance=\"$instance\", job=\"node-exporter\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "disk free", + "refId": "B" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk Space Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + + }, + "id": 10, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "max(rate(node_network_receive_bytes_total{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\", device!~\"lo\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}device{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Network Received", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + + }, + "id": 11, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "max(rate(node_network_transmit_bytes_total{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\", device!~\"lo\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}device{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Network Transmitted", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + + }, + "id": 12, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 9, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "max(\n node_filesystem_files{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"}\n - node_filesystem_files_free{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"}\n)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "inodes used", + "refId": "A" + }, + { + "expr": "max(node_filesystem_files_free{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "inodes free", + "refId": "B" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Inodes Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "$datasource", + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 13, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "max(\n (\n (\n node_filesystem_files{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"}\n - node_filesystem_files_free{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"}\n )\n / node_filesystem_files{cluster=\"$cluster\", job=\"node-exporter\", instance=\"$instance\"}\n ) * 100)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "80, 90", + "title": "Inodes Usage", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "instance", + "options": [ + + ], + "query": "label_values(node_boot_time_seconds{cluster=\"$cluster\", job=\"node-exporter\"}, instance)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "Kubernetes / Nodes", + "uid": "fa49a4706d07a042595b664c87fb33ea", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/persistentvolumesusage.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/persistentvolumesusage.yaml new file mode 100755 index 000000000..f6bc2955c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/persistentvolumesusage.yaml @@ -0,0 +1,573 @@ +{{- /* +Generated from 'persistentvolumesusage' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "persistentvolumesusage" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + persistentvolumesusage.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + + ] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "refresh": "", + "rows": [ + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + + }, + "id": 2, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": true, + "rightSide": false, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 9, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(\n sum without(instance, node) (kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n -\n sum without(instance, node) (kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"kubelet\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n)\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "Used Space", + "refId": "A" + }, + { + "expr": "sum without(instance, node) (kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"kubelet\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "Free Space", + "refId": "B" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Volume Space Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "$datasource", + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 3, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "(\n kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n -\n kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"kubelet\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n)\n/\nkubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n* 100\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "80, 90", + "title": "Volume Space Usage", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + + }, + "id": 4, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": true, + "rightSide": false, + "show": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 9, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum without(instance, node) (kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"kubelet\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "Used inodes", + "refId": "A" + }, + { + "expr": "(\n sum without(instance, node) (kubelet_volume_stats_inodes{cluster=\"$cluster\", job=\"kubelet\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n -\n sum without(instance, node) (kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"kubelet\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n)\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": " Free inodes", + "refId": "B" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Volume inodes Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "none", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "none", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "$datasource", + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 5, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"kubelet\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n/\nkubelet_volume_stats_inodes{cluster=\"$cluster\", job=\"kubelet\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"}\n* 100\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "80, 90", + "title": "Volume inodes Usage", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kubelet_volume_stats_capacity_bytes, cluster)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "Namespace", + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\"}, namespace)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "PersistentVolumeClaim", + "multi": false, + "name": "volume", + "options": [ + + ], + "query": "label_values(kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", namespace=\"$namespace\"}, persistentvolumeclaim)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-7d", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "Kubernetes / Persistent Volumes", + "uid": "919b92a8e8041bd567af9edab12c840c", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/pods.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/pods.yaml new file mode 100755 index 000000000..3b1e1539d --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/pods.yaml @@ -0,0 +1,680 @@ +{{- /* +Generated from 'pods' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "pods" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + pods.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "$datasource", + "enable": true, + "expr": "time() == BOOL timestamp(rate(kube_pod_container_status_restarts_total{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[2m]) > 0)", + "hide": false, + "iconColor": "rgba(215, 44, 44, 1)", + "name": "Restarts", + "showIn": 0, + "tags": [ + "restart" + ], + "type": "rows" + } + ] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "refresh": "", + "rows": [ + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + + }, + "id": 2, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum by(container_name) (container_memory_usage_bytes{job=\"kubelet\", cluster=\"$cluster\", namespace=\"$namespace\", pod_name=\"$pod\", container_name=~\"$container\", container_name!=\"POD\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Current: {{`{{`}} container_name {{`}}`}}", + "refId": "A" + }, + { + "expr": "sum by(container) (kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\", pod=\"$pod\", container=~\"$container\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Requested: {{`{{`}} container {{`}}`}}", + "refId": "B" + }, + { + "expr": "sum by(container) (kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\", pod=\"$pod\", container=~\"$container\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Limit: {{`{{`}} container {{`}}`}}", + "refId": "C" + }, + { + "expr": "sum by(container_name) (container_memory_cache{job=\"kubelet\", namespace=\"$namespace\", pod_name=~\"$pod\", container_name=~\"$container\", container_name!=\"POD\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Cache: {{`{{`}} container_name {{`}}`}}", + "refId": "D" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + + }, + "id": 3, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (container_name) (rate(container_cpu_usage_seconds_total{job=\"kubelet\", cluster=\"$cluster\", namespace=\"$namespace\", image!=\"\", pod_name=\"$pod\", container_name=~\"$container\", container_name!=\"POD\"}[1m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Current: {{`{{`}} container_name {{`}}`}}", + "refId": "A" + }, + { + "expr": "sum by(container) (kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\", pod=\"$pod\", container=~\"$container\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Requested: {{`{{`}} container {{`}}`}}", + "refId": "B" + }, + { + "expr": "sum by(container) (kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\", pod=\"$pod\", container=~\"$container\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Limit: {{`{{`}} container {{`}}`}}", + "refId": "C" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + + }, + "id": 4, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum by (pod_name) (rate(container_network_receive_bytes_total{job=\"kubelet\", cluster=\"$cluster\", namespace=\"$namespace\", pod_name=\"$pod\"}[1m])))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "RX: {{`{{`}} pod_name {{`}}`}}", + "refId": "A" + }, + { + "expr": "sort_desc(sum by (pod_name) (rate(container_network_transmit_bytes_total{job=\"kubelet\", cluster=\"$cluster\", namespace=\"$namespace\", pod_name=\"$pod\"}[1m])))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "TX: {{`{{`}} pod_name {{`}}`}}", + "refId": "B" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Network I/O", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + + }, + "id": 5, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "max by (container) (kube_pod_container_status_restarts_total{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container=~\"$container\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Restarts: {{`{{`}} container {{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Total Restarts Per Container", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "Namespace", + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(kube_pod_info{cluster=\"$cluster\"}, namespace)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "Pod", + "multi": false, + "name": "pod", + "options": [ + + ], + "query": "label_values(kube_pod_info{cluster=\"$cluster\", namespace=~\"$namespace\"}, pod)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": true, + "label": "Container", + "multi": false, + "name": "container", + "options": [ + + ], + "query": "label_values(kube_pod_container_info{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}, container)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "Kubernetes / Pods", + "uid": "ab4f13a9892a76a4d21ce8c2445bf4ea", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/statefulset.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/statefulset.yaml new file mode 100755 index 000000000..01dbf1265 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/dashboards/statefulset.yaml @@ -0,0 +1,926 @@ +{{- /* +Generated from 'statefulset' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "statefulset" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + statefulset.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + + ] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "refresh": "", + "rows": [ + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 2, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "cores", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 4, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubelet\", cluster=\"$cluster\", namespace=\"$namespace\", pod_name=~\"$statefulset.*\"}[3m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "CPU", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 3, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "GB", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 4, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(container_memory_usage_bytes{job=\"kubelet\", cluster=\"$cluster\", namespace=\"$namespace\", pod_name=~\"$statefulset.*\"}) / 1024^3", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Memory", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 4, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "Bps", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 4, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(rate(container_network_transmit_bytes_total{job=\"kubelet\", cluster=\"$cluster\", namespace=\"$namespace\", pod_name=~\"$statefulset.*\"}[3m])) + sum(rate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=\"$namespace\",pod_name=~\"$statefulset.*\"}[3m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Network", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "height": "100px", + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 5, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "max(kube_statefulset_replicas{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", statefulset=\"$statefulset\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Desired Replicas", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 6, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "min(kube_statefulset_status_replicas_current{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", statefulset=\"$statefulset\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Replicas of current version", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 7, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "max(kube_statefulset_status_observed_generation{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", statefulset=\"$statefulset\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Observed Generation", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 8, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "max(kube_statefulset_metadata_generation{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Metadata Generation", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "gridPos": { + + }, + "id": 9, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "max(kube_statefulset_replicas{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "replicas specified", + "refId": "A" + }, + { + "expr": "max(kube_statefulset_status_replicas{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "replicas created", + "refId": "B" + }, + { + "expr": "min(kube_statefulset_status_replicas_ready{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "ready", + "refId": "C" + }, + { + "expr": "min(kube_statefulset_status_replicas_current{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "replicas of current version", + "refId": "D" + }, + { + "expr": "min(kube_statefulset_status_replicas_updated{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "updated", + "refId": "E" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Replicas", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_statefulset_metadata_generation, cluster)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "Namespace", + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(kube_statefulset_metadata_generation{job=\"kube-state-metrics\"}, namespace)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "Name", + "multi": false, + "name": "statefulset", + "options": [ + + ], + "query": "label_values(kube_statefulset_metadata_generation{job=\"kube-state-metrics\", namespace=\"$namespace\"}, statefulset)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "Kubernetes / StatefulSets", + "uid": "a31c1f46e6f727cb37c0d731a7245005", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/namespaces.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/namespaces.yaml new file mode 100755 index 000000000..39ed210ed --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/namespaces.yaml @@ -0,0 +1,13 @@ +{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled (not .Values.grafana.defaultDashboards.useExistingNamespace) }} +apiVersion: v1 +kind: Namespace +metadata: + name: {{ .Values.grafana.defaultDashboards.namespace }} + labels: + name: {{ .Values.grafana.defaultDashboards.namespace }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} + annotations: +{{- if not .Values.grafana.defaultDashboards.cleanupOnUninstall }} + helm.sh/resource-policy: "keep" +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/servicemonitor.yaml new file mode 100755 index 000000000..1e839d707 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/grafana/servicemonitor.yaml @@ -0,0 +1,32 @@ +{{- if and .Values.grafana.enabled .Values.grafana.serviceMonitor.selfMonitor }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-grafana + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-grafana +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: {{ $.Release.Name | quote }} + namespaceSelector: + matchNames: + - {{ printf "%s" (include "kube-prometheus-stack.namespace" .) | quote }} + endpoints: + - port: {{ .Values.grafana.service.portName }} + {{- if .Values.grafana.serviceMonitor.interval }} + interval: {{ .Values.grafana.serviceMonitor.interval }} + {{- end }} + path: {{ .Values.grafana.serviceMonitor.path | quote }} +{{- if .Values.grafana.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.grafana.serviceMonitor.metricRelabelings | indent 6) . }} +{{- end }} +{{- if .Values.grafana.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.grafana.serviceMonitor.relabelings | indent 6 }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml new file mode 100755 index 000000000..249af770a --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml @@ -0,0 +1,33 @@ +{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + app: {{ template "kube-prometheus-stack.name" $ }}-admission +{{- include "kube-prometheus-stack.labels" $ | indent 4 }} +rules: + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - update +{{- if .Values.global.rbac.pspEnabled }} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }} + - apiGroups: ['policy'] +{{- else }} + - apiGroups: ['extensions'] +{{- end }} + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "kube-prometheus-stack.fullname" . }}-admission +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml new file mode 100755 index 000000000..31fd2def0 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + app: {{ template "kube-prometheus-stack.name" $ }}-admission +{{- include "kube-prometheus-stack.labels" $ | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-prometheus-stack.fullname" . }}-admission +subjects: + - kind: ServiceAccount + name: {{ template "kube-prometheus-stack.fullname" . }}-admission + namespace: {{ template "kube-prometheus-stack.namespace" . }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml new file mode 100755 index 000000000..e86610cb7 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml @@ -0,0 +1,65 @@ +{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission-create + namespace: {{ template "kube-prometheus-stack.namespace" . }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + app: {{ template "kube-prometheus-stack.name" $ }}-admission-create +{{- include "kube-prometheus-stack.labels" $ | indent 4 }} +spec: + {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }} + # Alpha feature since k8s 1.12 + ttlSecondsAfterFinished: 0 + {{- end }} + template: + metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission-create +{{- with .Values.prometheusOperator.admissionWebhooks.patch.podAnnotations }} + annotations: +{{ toYaml . | indent 8 }} +{{- end }} + labels: + app: {{ template "kube-prometheus-stack.name" $ }}-admission-create +{{- include "kube-prometheus-stack.labels" $ | indent 8 }} + spec: + {{- if .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }} + priorityClassName: {{ .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }} + {{- end }} + containers: + - name: create + {{- if .Values.prometheusOperator.admissionWebhooks.patch.image.sha }} + image: {{ template "system_default_registry" . }}{{ .Values.prometheusOperator.admissionWebhooks.patch.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.tag }}@sha256:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.sha }} + {{- else }} + image: {{ template "system_default_registry" . }}{{ .Values.prometheusOperator.admissionWebhooks.patch.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.tag }} + {{- end }} + imagePullPolicy: {{ .Values.prometheusOperator.admissionWebhooks.patch.image.pullPolicy }} + args: + - create + - --host={{ template "kube-prometheus-stack.operator.fullname" . }},{{ template "kube-prometheus-stack.operator.fullname" . }}.{{ template "kube-prometheus-stack.namespace" . }}.svc + - --namespace={{ template "kube-prometheus-stack.namespace" . }} + - --secret-name={{ template "kube-prometheus-stack.fullname" . }}-admission + resources: +{{ toYaml .Values.prometheusOperator.admissionWebhooks.patch.resources | indent 12 }} + restartPolicy: OnFailure + serviceAccountName: {{ template "kube-prometheus-stack.fullname" . }}-admission + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- with .Values.prometheusOperator.admissionWebhooks.patch.nodeSelector }} +{{ toYaml . | indent 8 }} +{{- end }} + {{- with .Values.prometheusOperator.admissionWebhooks.patch.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- with .Values.prometheusOperator.admissionWebhooks.patch.tolerations }} +{{ toYaml . | indent 8 }} +{{- end }} + securityContext: + runAsGroup: 2000 + runAsNonRoot: true + runAsUser: 2000 +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml new file mode 100755 index 000000000..c2742073f --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml @@ -0,0 +1,66 @@ +{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission-patch + namespace: {{ template "kube-prometheus-stack.namespace" . }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch +{{- include "kube-prometheus-stack.labels" $ | indent 4 }} +spec: + {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }} + # Alpha feature since k8s 1.12 + ttlSecondsAfterFinished: 0 + {{- end }} + template: + metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission-patch +{{- with .Values.prometheusOperator.admissionWebhooks.patch.podAnnotations }} + annotations: +{{ toYaml . | indent 8 }} +{{- end }} + labels: + app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch +{{- include "kube-prometheus-stack.labels" $ | indent 8 }} + spec: + {{- if .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }} + priorityClassName: {{ .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }} + {{- end }} + containers: + - name: patch + {{- if .Values.prometheusOperator.admissionWebhooks.patch.image.sha }} + image: {{ template "system_default_registry" . }}{{ .Values.prometheusOperator.admissionWebhooks.patch.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.tag }}@sha256:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.sha }} + {{- else }} + image: {{ template "system_default_registry" . }}{{ .Values.prometheusOperator.admissionWebhooks.patch.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.tag }} + {{- end }} + imagePullPolicy: {{ .Values.prometheusOperator.admissionWebhooks.patch.image.pullPolicy }} + args: + - patch + - --webhook-name={{ template "kube-prometheus-stack.fullname" . }}-admission + - --namespace={{ template "kube-prometheus-stack.namespace" . }} + - --secret-name={{ template "kube-prometheus-stack.fullname" . }}-admission + - --patch-failure-policy={{ .Values.prometheusOperator.admissionWebhooks.failurePolicy }} + resources: +{{ toYaml .Values.prometheusOperator.admissionWebhooks.patch.resources | indent 12 }} + restartPolicy: OnFailure + serviceAccountName: {{ template "kube-prometheus-stack.fullname" . }}-admission + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- with .Values.prometheusOperator.admissionWebhooks.patch.nodeSelector }} +{{ toYaml . | indent 8 }} +{{- end }} + {{- with .Values.prometheusOperator.admissionWebhooks.patch.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- with .Values.prometheusOperator.admissionWebhooks.patch.tolerations }} +{{ toYaml . | indent 8 }} +{{- end }} + securityContext: + runAsGroup: 2000 + runAsNonRoot: true + runAsUser: 2000 +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml new file mode 100755 index 000000000..5834c483c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml @@ -0,0 +1,54 @@ +{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + app: {{ template "kube-prometheus-stack.name" . }}-admission +{{- if .Values.global.rbac.pspAnnotations }} + annotations: +{{ toYaml .Values.global.rbac.pspAnnotations | indent 4 }} +{{- end }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + privileged: false + # Required to prevent escalations to root. + # allowPrivilegeEscalation: false + # This is redundant with non-root + disallow privilege escalation, + # but we can provide it for defense in depth. + #requiredDropCapabilities: + # - ALL + # Allow core volume types. + volumes: + - 'configMap' + - 'emptyDir' + - 'projected' + - 'secret' + - 'downwardAPI' + - 'persistentVolumeClaim' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + # Permits the container to run with root privileges as well. + rule: 'RunAsAny' + seLinux: + # This policy assumes the nodes are using AppArmor rather than SELinux. + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 0 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml new file mode 100755 index 000000000..d229f76ef --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission + namespace: {{ template "kube-prometheus-stack.namespace" . }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + app: {{ template "kube-prometheus-stack.name" $ }}-admission +{{- include "kube-prometheus-stack.labels" $ | indent 4 }} +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml new file mode 100755 index 000000000..f4b1fbf0e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission + namespace: {{ template "kube-prometheus-stack.namespace" . }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + app: {{ template "kube-prometheus-stack.name" $ }}-admission +{{- include "kube-prometheus-stack.labels" $ | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-prometheus-stack.fullname" . }}-admission +subjects: + - kind: ServiceAccount + name: {{ template "kube-prometheus-stack.fullname" . }}-admission + namespace: {{ template "kube-prometheus-stack.namespace" . }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml new file mode 100755 index 000000000..2048f049c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml @@ -0,0 +1,15 @@ +{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission + namespace: {{ template "kube-prometheus-stack.namespace" . }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + app: {{ template "kube-prometheus-stack.name" $ }}-admission +{{- include "kube-prometheus-stack.labels" $ | indent 4 }} +imagePullSecrets: +{{ toYaml .Values.global.imagePullSecrets | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml new file mode 100755 index 000000000..b67df54bf --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml @@ -0,0 +1,41 @@ +{{- if and .Values.prometheusOperator.admissionWebhooks.enabled }} +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission +{{- if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }} + annotations: + certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-root-cert" .Release.Namespace (include "kube-prometheus-stack.fullname" .) | quote }} + cert-manager.io/inject-ca-from: {{ printf "%s/%s-root-cert" .Release.Namespace (include "kube-prometheus-stack.fullname" .) | quote }} +{{- end }} + labels: + app: {{ template "kube-prometheus-stack.name" $ }}-admission +{{- include "kube-prometheus-stack.labels" $ | indent 4 }} +webhooks: + - name: prometheusrulemutate.monitoring.coreos.com + {{- if .Values.prometheusOperator.admissionWebhooks.patch.enabled }} + failurePolicy: Ignore + {{- else }} + failurePolicy: {{ .Values.prometheusOperator.admissionWebhooks.failurePolicy }} + {{- end }} + rules: + - apiGroups: + - monitoring.coreos.com + apiVersions: + - "*" + resources: + - prometheusrules + operations: + - CREATE + - UPDATE + clientConfig: + service: + namespace: {{ template "kube-prometheus-stack.namespace" . }} + name: {{ template "kube-prometheus-stack.operator.fullname" $ }} + path: /admission-prometheusrules/mutate + {{- if and .Values.prometheusOperator.admissionWebhooks.caBundle (not .Values.prometheusOperator.admissionWebhooks.patch.enabled) (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} + caBundle: {{ .Values.prometheusOperator.admissionWebhooks.caBundle }} + {{- end }} + admissionReviewVersions: ["v1", "v1beta1"] + sideEffects: None +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml new file mode 100755 index 000000000..249488e41 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml @@ -0,0 +1,41 @@ +{{- if and .Values.prometheusOperator.admissionWebhooks.enabled }} +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission +{{- if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }} + annotations: + certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-root-cert" .Release.Namespace (include "kube-prometheus-stack.fullname" .) | quote }} + cert-manager.io/inject-ca-from: {{ printf "%s/%s-root-cert" .Release.Namespace (include "kube-prometheus-stack.fullname" .) | quote }} +{{- end }} + labels: + app: {{ template "kube-prometheus-stack.name" $ }}-admission +{{- include "kube-prometheus-stack.labels" $ | indent 4 }} +webhooks: + - name: prometheusrulemutate.monitoring.coreos.com + {{- if .Values.prometheusOperator.admissionWebhooks.patch.enabled }} + failurePolicy: Ignore + {{- else }} + failurePolicy: {{ .Values.prometheusOperator.admissionWebhooks.failurePolicy }} + {{- end }} + rules: + - apiGroups: + - monitoring.coreos.com + apiVersions: + - "*" + resources: + - prometheusrules + operations: + - CREATE + - UPDATE + clientConfig: + service: + namespace: {{ template "kube-prometheus-stack.namespace" . }} + name: {{ template "kube-prometheus-stack.operator.fullname" $ }} + path: /admission-prometheusrules/validate + {{- if and .Values.prometheusOperator.admissionWebhooks.caBundle (not .Values.prometheusOperator.admissionWebhooks.patch.enabled) (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} + caBundle: {{ .Values.prometheusOperator.admissionWebhooks.caBundle }} + {{- end }} + admissionReviewVersions: ["v1", "v1beta1"] + sideEffects: None +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/certmanager.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/certmanager.yaml new file mode 100755 index 000000000..090e6a5bb --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/certmanager.yaml @@ -0,0 +1,57 @@ +{{- if .Values.prometheusOperator.admissionWebhooks.certManager.enabled -}} +{{- if not .Values.prometheusOperator.admissionWebhooks.certManager.issuerRef -}} +# Create a selfsigned Issuer, in order to create a root CA certificate for +# signing webhook serving certificates +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-self-signed-issuer + namespace: {{ template "kube-prometheus-stack.namespace" . }} +spec: + selfSigned: {} +--- +# Generate a CA Certificate used to sign certificates for the webhook +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-root-cert + namespace: {{ template "kube-prometheus-stack.namespace" . }} +spec: + secretName: {{ template "kube-prometheus-stack.fullname" . }}-root-cert + duration: 43800h # 5y + issuerRef: + name: {{ template "kube-prometheus-stack.fullname" . }}-self-signed-issuer + commonName: "ca.webhook.kube-prometheus-stack" + isCA: true +--- +# Create an Issuer that uses the above generated CA certificate to issue certs +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-root-issuer + namespace: {{ template "kube-prometheus-stack.namespace" . }} +spec: + ca: + secretName: {{ template "kube-prometheus-stack.fullname" . }}-root-cert +{{- end }} +--- +# generate a serving certificate for the apiservices to use +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission + namespace: {{ template "kube-prometheus-stack.namespace" . }} +spec: + secretName: {{ template "kube-prometheus-stack.fullname" . }}-admission + duration: 8760h # 1y + issuerRef: + {{- if .Values.prometheusOperator.admissionWebhooks.certManager.issuerRef }} + {{- toYaml .Values.prometheusOperator.admissionWebhooks.certManager.issuerRef | nindent 4 }} + {{- else }} + name: {{ template "kube-prometheus-stack.fullname" . }}-root-issuer + {{- end }} + dnsNames: + - {{ template "kube-prometheus-stack.operator.fullname" . }} + - {{ template "kube-prometheus-stack.operator.fullname" . }}.{{ template "kube-prometheus-stack.namespace" . }} + - {{ template "kube-prometheus-stack.operator.fullname" . }}.{{ template "kube-prometheus-stack.namespace" . }}.svc +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/clusterrole.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/clusterrole.yaml new file mode 100755 index 000000000..e5568534c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/clusterrole.yaml @@ -0,0 +1,80 @@ +{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-operator + labels: + app: {{ template "kube-prometheus-stack.name" . }}-operator +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +rules: +- apiGroups: + - monitoring.coreos.com + resources: + - alertmanagers + - alertmanagers/finalizers + - alertmanagerconfigs + - prometheuses + - prometheuses/finalizers + - thanosrulers + - thanosrulers/finalizers + - servicemonitors + - podmonitors + - probes + - prometheusrules + verbs: + - '*' +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - '*' +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - '*' +- apiGroups: + - "" + resources: + - pods + verbs: + - list + - delete +- apiGroups: + - "" + resources: + - services + - services/finalizers + - endpoints + verbs: + - get + - create + - update + - delete +- apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/clusterrolebinding.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/clusterrolebinding.yaml new file mode 100755 index 000000000..c9ab0ab87 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/clusterrolebinding.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-operator + labels: + app: {{ template "kube-prometheus-stack.name" . }}-operator +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-prometheus-stack.fullname" . }}-operator +subjects: +- kind: ServiceAccount + name: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/deployment.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/deployment.yaml new file mode 100755 index 000000000..6e72acfa0 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/deployment.yaml @@ -0,0 +1,145 @@ +{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }} +{{- if .Values.prometheusOperator.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-operator + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-operator +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ template "kube-prometheus-stack.name" . }}-operator + release: {{ $.Release.Name | quote }} + template: + metadata: + labels: + app: {{ template "kube-prometheus-stack.name" . }}-operator +{{ include "kube-prometheus-stack.labels" . | indent 8 }} +{{- if .Values.prometheusOperator.podLabels }} +{{ toYaml .Values.prometheusOperator.podLabels | indent 8 }} +{{- end }} +{{- if .Values.prometheusOperator.podAnnotations }} + annotations: +{{ toYaml .Values.prometheusOperator.podAnnotations | indent 8 }} +{{- end }} + spec: + {{- if .Values.prometheusOperator.priorityClassName }} + priorityClassName: {{ .Values.prometheusOperator.priorityClassName }} + {{- end }} + containers: + - name: {{ template "kube-prometheus-stack.name" . }} + {{- if .Values.prometheusOperator.image.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.prometheusOperator.image.repository }}:{{ .Values.prometheusOperator.image.tag }}@sha256:{{ .Values.prometheusOperator.image.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.prometheusOperator.image.repository }}:{{ .Values.prometheusOperator.image.tag }}" + {{- end }} + imagePullPolicy: "{{ .Values.prometheusOperator.image.pullPolicy }}" + args: + {{- if .Values.prometheusOperator.kubeletService.enabled }} + - --kubelet-service={{ .Values.prometheusOperator.kubeletService.namespace }}/{{ template "kube-prometheus-stack.fullname" . }}-kubelet + {{- end }} + {{- if .Values.prometheusOperator.logFormat }} + - --log-format={{ .Values.prometheusOperator.logFormat }} + {{- end }} + {{- if .Values.prometheusOperator.logLevel }} + - --log-level={{ .Values.prometheusOperator.logLevel }} + {{- end }} + {{- if .Values.prometheusOperator.denyNamespaces }} + - --deny-namespaces={{ .Values.prometheusOperator.denyNamespaces | join "," }} + {{- end }} + {{- with $.Values.prometheusOperator.namespaces }} + {{ $ns := .additional }} + {{- if .releaseNamespace }} + {{- $ns = append $ns $namespace }} + {{- end }} + - --namespaces={{ $ns | join "," }} + {{- end }} + - --localhost=127.0.0.1 + {{- if .Values.prometheusOperator.prometheusDefaultBaseImage }} + - --prometheus-default-base-image={{ .Values.prometheusOperator.prometheusDefaultBaseImage }} + {{- end }} + {{- if .Values.prometheusOperator.alertmanagerDefaultBaseImage }} + - --alertmanager-default-base-image={{ .Values.prometheusOperator.alertmanagerDefaultBaseImage }} + {{- end }} + {{- if .Values.prometheusOperator.prometheusConfigReloaderImage.sha }} + - --prometheus-config-reloader={{ template "system_default_registry" . }}{{ .Values.prometheusOperator.prometheusConfigReloaderImage.repository }}:{{ .Values.prometheusOperator.prometheusConfigReloaderImage.tag }}@sha256:{{ .Values.prometheusOperator.prometheusConfigReloaderImage.sha }} + {{- else }} + - --prometheus-config-reloader={{ template "system_default_registry" . }}{{ .Values.prometheusOperator.prometheusConfigReloaderImage.repository }}:{{ .Values.prometheusOperator.prometheusConfigReloaderImage.tag }} + {{- end }} + - --config-reloader-cpu={{ .Values.prometheusOperator.configReloaderCpu }} + - --config-reloader-memory={{ .Values.prometheusOperator.configReloaderMemory }} + {{- if .Values.prometheusOperator.alertmanagerInstanceNamespaces }} + - --alertmanager-instance-namespaces={{ .Values.prometheusOperator.alertmanagerInstanceNamespaces | join "," }} + {{- end }} + {{- if .Values.prometheusOperator.prometheusInstanceNamespaces }} + - --prometheus-instance-namespaces={{ .Values.prometheusOperator.prometheusInstanceNamespaces | join "," }} + {{- end }} + {{- if .Values.prometheusOperator.thanosRulerInstanceNamespaces }} + - --thanos-ruler-instance-namespaces={{ .Values.prometheusOperator.thanosRulerInstanceNamespaces | join "," }} + {{- end }} + {{- if .Values.prometheusOperator.secretFieldSelector }} + - --secret-field-selector={{ .Values.prometheusOperator.secretFieldSelector }} + {{- end }} + {{- if .Values.prometheusOperator.clusterDomain }} + - --cluster-domain={{ .Values.prometheusOperator.clusterDomain }} + {{- end }} + {{- if .Values.prometheusOperator.tls.enabled }} + - --web.enable-tls=true + - --web.cert-file=/cert/{{ if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}tls.crt{{ else }}cert{{ end }} + - --web.key-file=/cert/{{ if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}tls.key{{ else }}key{{ end }} + - --web.listen-address=:{{ .Values.prometheusOperator.tls.internalPort }} + - --web.tls-min-version={{ .Values.prometheusOperator.tls.tlsMinVersion }} + ports: + - containerPort: {{ .Values.prometheusOperator.tls.internalPort }} + name: https + {{- else }} + ports: + - containerPort: 8080 + name: http + {{- end }} + resources: +{{ toYaml .Values.prometheusOperator.resources | indent 12 }} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true +{{- if .Values.prometheusOperator.tls.enabled }} + volumeMounts: + - name: tls-secret + mountPath: /cert + readOnly: true + volumes: + - name: tls-secret + secret: + defaultMode: 420 + secretName: {{ template "kube-prometheus-stack.fullname" . }}-admission +{{- end }} + {{- with .Values.prometheusOperator.dnsConfig }} + dnsConfig: +{{ toYaml . | indent 8 }} + {{- end }} +{{- if .Values.prometheusOperator.securityContext }} + securityContext: +{{ toYaml .Values.prometheusOperator.securityContext | indent 8 }} +{{- end }} + serviceAccountName: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }} +{{- if .Values.prometheusOperator.hostNetwork }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet +{{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- with .Values.prometheusOperator.nodeSelector }} +{{ toYaml . | indent 8 }} +{{- end }} + {{- with .Values.prometheusOperator.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- with .Values.prometheusOperator.tolerations }} +{{ toYaml . | indent 8 }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/psp-clusterrole.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/psp-clusterrole.yaml new file mode 100755 index 000000000..d667d6275 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/psp-clusterrole.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-operator-psp + labels: + app: {{ template "kube-prometheus-stack.name" . }}-operator +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +rules: +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }} +- apiGroups: ['policy'] +{{- else }} +- apiGroups: ['extensions'] +{{- end }} + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "kube-prometheus-stack.fullname" . }}-operator +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/psp-clusterrolebinding.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/psp-clusterrolebinding.yaml new file mode 100755 index 000000000..c538cd173 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/psp-clusterrolebinding.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-operator-psp + labels: + app: {{ template "kube-prometheus-stack.name" . }}-operator +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-prometheus-stack.fullname" . }}-operator-psp +subjects: + - kind: ServiceAccount + name: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/psp.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/psp.yaml new file mode 100755 index 000000000..18d1d37df --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/psp.yaml @@ -0,0 +1,51 @@ +{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-operator + labels: + app: {{ template "kube-prometheus-stack.name" . }}-operator +{{- if .Values.global.rbac.pspAnnotations }} + annotations: +{{ toYaml .Values.global.rbac.pspAnnotations | indent 4 }} +{{- end }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + privileged: false + # Required to prevent escalations to root. + # allowPrivilegeEscalation: false + # This is redundant with non-root + disallow privilege escalation, + # but we can provide it for defense in depth. + #requiredDropCapabilities: + # - ALL + # Allow core volume types. + volumes: + - 'configMap' + - 'emptyDir' + - 'projected' + - 'secret' + - 'downwardAPI' + - 'persistentVolumeClaim' + hostNetwork: {{ .Values.prometheusOperator.hostNetwork }} + hostIPC: false + hostPID: false + runAsUser: + # Permits the container to run with root privileges as well. + rule: 'RunAsAny' + seLinux: + # This policy assumes the nodes are using AppArmor rather than SELinux. + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 0 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/service.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/service.yaml new file mode 100755 index 000000000..8ccb2bb2d --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/service.yaml @@ -0,0 +1,55 @@ +{{- if .Values.prometheusOperator.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-operator + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-operator +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.prometheusOperator.service.labels }} +{{ toYaml .Values.prometheusOperator.service.labels | indent 4 }} +{{- end }} +{{- if .Values.prometheusOperator.service.annotations }} + annotations: +{{ toYaml .Values.prometheusOperator.service.annotations | indent 4 }} +{{- end }} +spec: +{{- if .Values.prometheusOperator.service.clusterIP }} + clusterIP: {{ .Values.prometheusOperator.service.clusterIP }} +{{- end }} +{{- if .Values.prometheusOperator.service.externalIPs }} + externalIPs: +{{ toYaml .Values.prometheusOperator.service.externalIPs | indent 4 }} +{{- end }} +{{- if .Values.prometheusOperator.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.prometheusOperator.service.loadBalancerIP }} +{{- end }} +{{- if .Values.prometheusOperator.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range $cidr := .Values.prometheusOperator.service.loadBalancerSourceRanges }} + - {{ $cidr }} + {{- end }} +{{- end }} + ports: + {{- if not .Values.prometheusOperator.tls.enabled }} + - name: http + {{- if eq .Values.prometheusOperator.service.type "NodePort" }} + nodePort: {{ .Values.prometheusOperator.service.nodePort }} + {{- end }} + port: 8080 + targetPort: http + {{- end }} + {{- if .Values.prometheusOperator.tls.enabled }} + - name: https + {{- if eq .Values.prometheusOperator.service.type "NodePort"}} + nodePort: {{ .Values.prometheusOperator.service.nodePortTls }} + {{- end }} + port: 443 + targetPort: https + {{- end }} + selector: + app: {{ template "kube-prometheus-stack.name" . }}-operator + release: {{ $.Release.Name | quote }} + type: "{{ .Values.prometheusOperator.service.type }}" +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/serviceaccount.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/serviceaccount.yaml new file mode 100755 index 000000000..ab41797e3 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-operator +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +imagePullSecrets: +{{ toYaml .Values.global.imagePullSecrets | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/servicemonitor.yaml new file mode 100755 index 000000000..b7bd952bb --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus-operator/servicemonitor.yaml @@ -0,0 +1,44 @@ +{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.serviceMonitor.selfMonitor }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-operator + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-operator +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + endpoints: + {{- if .Values.prometheusOperator.tls.enabled }} + - port: https + scheme: https + tlsConfig: + serverName: {{ template "kube-prometheus-stack.operator.fullname" . }} + ca: + secret: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission + key: {{ if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}ca.crt{{ else }}ca{{ end }} + optional: false + {{- else }} + - port: http + {{- end }} + honorLabels: true + {{- if .Values.prometheusOperator.serviceMonitor.interval }} + interval: {{ .Values.prometheusOperator.serviceMonitor.interval }} + {{- end }} +{{- if .Values.prometheusOperator.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.prometheusOperator.serviceMonitor.metricRelabelings | indent 6) . }} +{{- end }} +{{- if .Values.prometheusOperator.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.prometheusOperator.serviceMonitor.relabelings | indent 6 }} +{{- end }} + selector: + matchLabels: + app: {{ template "kube-prometheus-stack.name" . }}-operator + release: {{ $.Release.Name | quote }} + namespaceSelector: + matchNames: + - {{ printf "%s" (include "kube-prometheus-stack.namespace" .) | quote }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/_rules.tpl b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/_rules.tpl new file mode 100755 index 000000000..83245c089 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/_rules.tpl @@ -0,0 +1,38 @@ +{{- /* +Generated file. Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- define "rules.names" }} +rules: + - "alertmanager.rules" + - "general.rules" + - "k8s.rules" + - "kube-apiserver.rules" + - "kube-apiserver-availability.rules" + - "kube-apiserver-error" + - "kube-apiserver-slos" + - "kube-prometheus-general.rules" + - "kube-prometheus-node-alerting.rules" + - "kube-prometheus-node-recording.rules" + - "kube-scheduler.rules" + - "kube-state-metrics" + - "kubelet.rules" + - "kubernetes-absent" + - "kubernetes-resources" + - "kubernetes-storage" + - "kubernetes-system" + - "kubernetes-system-apiserver" + - "kubernetes-system-kubelet" + - "kubernetes-system-controller-manager" + - "kubernetes-system-scheduler" + - "node-exporter.rules" + - "node-exporter" + - "node.rules" + - "node-network" + - "node-time" + - "prometheus-operator" + - "prometheus.rules" + - "prometheus" + - "kubernetes-apps" + - "etcd" +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/additionalAlertRelabelConfigs.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/additionalAlertRelabelConfigs.yaml new file mode 100755 index 000000000..bff930981 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/additionalAlertRelabelConfigs.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.prometheusSpec.additionalAlertRelabelConfigs }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-am-relabel-confg + namespace: {{ template "kube-prometheus-stack.namespace" . }} +{{- if .Values.prometheus.prometheusSpec.additionalPrometheusSecretsAnnotations }} + annotations: +{{ toYaml .Values.prometheus.prometheusSpec.additionalPrometheusSecretsAnnotations | indent 4 }} +{{- end }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus-am-relabel-confg +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +data: + additional-alert-relabel-configs.yaml: {{ toYaml .Values.prometheus.prometheusSpec.additionalAlertRelabelConfigs | b64enc | quote }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/additionalAlertmanagerConfigs.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/additionalAlertmanagerConfigs.yaml new file mode 100755 index 000000000..8aebc96c3 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/additionalAlertmanagerConfigs.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.prometheusSpec.additionalAlertManagerConfigs }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-am-confg + namespace: {{ template "kube-prometheus-stack.namespace" . }} +{{- if .Values.prometheus.prometheusSpec.additionalPrometheusSecretsAnnotations }} + annotations: +{{ toYaml .Values.prometheus.prometheusSpec.additionalPrometheusSecretsAnnotations | indent 4 }} +{{- end }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus-am-confg +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +data: + additional-alertmanager-configs.yaml: {{ toYaml .Values.prometheus.prometheusSpec.additionalAlertManagerConfigs | b64enc | quote }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/additionalPrometheusRules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/additionalPrometheusRules.yaml new file mode 100755 index 000000000..794e9ad27 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/additionalPrometheusRules.yaml @@ -0,0 +1,40 @@ +{{- if or .Values.additionalPrometheusRules .Values.additionalPrometheusRulesMap}} +apiVersion: v1 +kind: List +items: +{{- if .Values.additionalPrometheusRulesMap }} +{{- range $prometheusRuleName, $prometheusRule := .Values.additionalPrometheusRulesMap }} + - apiVersion: monitoring.coreos.com/v1 + kind: PrometheusRule + metadata: + name: {{ template "kube-prometheus-stack.name" $ }}-{{ $prometheusRuleName }} + namespace: {{ template "kube-prometheus-stack.namespace" $ }} + labels: + app: {{ template "kube-prometheus-stack.name" $ }} +{{ include "kube-prometheus-stack.labels" $ | indent 8 }} + {{- if $prometheusRule.additionalLabels }} +{{ toYaml $prometheusRule.additionalLabels | indent 8 }} + {{- end }} + spec: + groups: +{{ toYaml $prometheusRule.groups| indent 8 }} +{{- end }} +{{- else }} +{{- range .Values.additionalPrometheusRules }} + - apiVersion: monitoring.coreos.com/v1 + kind: PrometheusRule + metadata: + name: {{ template "kube-prometheus-stack.name" $ }}-{{ .name }} + namespace: {{ template "kube-prometheus-stack.namespace" $ }} + labels: + app: {{ template "kube-prometheus-stack.name" $ }} +{{ include "kube-prometheus-stack.labels" $ | indent 8 }} + {{- if .additionalLabels }} +{{ toYaml .additionalLabels | indent 8 }} + {{- end }} + spec: + groups: +{{ toYaml .groups| indent 8 }} +{{- end }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/additionalScrapeConfigs.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/additionalScrapeConfigs.yaml new file mode 100755 index 000000000..21d9429d8 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/additionalScrapeConfigs.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.prometheusSpec.additionalScrapeConfigs }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-scrape-confg + namespace: {{ template "kube-prometheus-stack.namespace" . }} +{{- if .Values.prometheus.prometheusSpec.additionalPrometheusSecretsAnnotations }} + annotations: +{{ toYaml .Values.prometheus.prometheusSpec.additionalPrometheusSecretsAnnotations | indent 4 }} +{{- end }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus-scrape-confg +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +data: + additional-scrape-configs.yaml: {{ tpl (toYaml .Values.prometheus.prometheusSpec.additionalScrapeConfigs) $ | b64enc | quote }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/clusterrole.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/clusterrole.yaml new file mode 100755 index 000000000..3585b5db1 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/clusterrole.yaml @@ -0,0 +1,30 @@ +{{- if and .Values.prometheus.enabled .Values.global.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +rules: +# This permission are not in the kube-prometheus repo +# they're grabbed from https://github.com/prometheus/prometheus/blob/master/documentation/examples/rbac-setup.yml +- apiGroups: [""] + resources: + - nodes + - nodes/metrics + - services + - endpoints + - pods + verbs: ["get", "list", "watch"] +- apiGroups: + - "networking.k8s.io" + resources: + - ingresses + verbs: ["get", "list", "watch"] +- nonResourceURLs: ["/metrics", "/metrics/cadvisor"] + verbs: ["get"] +{{- if .Values.prometheus.additionalRulesForClusterRole }} +{{ toYaml .Values.prometheus.additionalRulesForClusterRole | indent 0 }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/clusterrolebinding.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/clusterrolebinding.yaml new file mode 100755 index 000000000..9fc4f65da --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/clusterrolebinding.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.prometheus.enabled .Values.global.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus +subjects: + - kind: ServiceAccount + name: {{ template "kube-prometheus-stack.prometheus.serviceAccountName" . }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} +{{- end }} + diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/ingress.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/ingress.yaml new file mode 100755 index 000000000..4d45873a7 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/ingress.yaml @@ -0,0 +1,65 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.ingress.enabled }} +{{- $pathType := .Values.prometheus.ingress.pathType | default "" }} +{{- $serviceName := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus" }} +{{- $servicePort := .Values.prometheus.service.port -}} +{{- $routePrefix := list .Values.prometheus.prometheusSpec.routePrefix }} +{{- $paths := .Values.prometheus.ingress.paths | default $routePrefix -}} +{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} +apiVersion: networking.k8s.io/v1beta1 +{{ else }} +apiVersion: extensions/v1beta1 +{{ end -}} +kind: Ingress +metadata: +{{- if .Values.prometheus.ingress.annotations }} + annotations: +{{ toYaml .Values.prometheus.ingress.annotations | indent 4 }} +{{- end }} + name: {{ $serviceName }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.prometheus.ingress.labels }} +{{ toYaml .Values.prometheus.ingress.labels | indent 4 }} +{{- end }} +spec: + {{- if or (.Capabilities.APIVersions.Has "networking.k8s.io/v1") (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1") }} + {{- if .Values.prometheus.ingress.ingressClassName }} + ingressClassName: {{ .Values.prometheus.ingress.ingressClassName }} + {{- end }} + {{- end }} + rules: + {{- if .Values.prometheus.ingress.hosts }} + {{- range $host := .Values.prometheus.ingress.hosts }} + - host: {{ tpl $host $ }} + http: + paths: + {{- range $p := $paths }} + - path: {{ tpl $p $ }} + {{- if $pathType }} + pathType: {{ $pathType }} + {{- end }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end -}} + {{- end -}} + {{- else }} + - http: + paths: + {{- range $p := $paths }} + - path: {{ tpl $p $ }} + {{- if $pathType }} + pathType: {{ $pathType }} + {{- end }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end -}} + {{- end -}} + {{- if .Values.prometheus.ingress.tls }} + tls: +{{ tpl (toYaml .Values.prometheus.ingress.tls | indent 4) . }} + {{- end -}} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/ingressThanosSidecar.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/ingressThanosSidecar.yaml new file mode 100755 index 000000000..69de0f663 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/ingressThanosSidecar.yaml @@ -0,0 +1,64 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.thanosIngress.enabled }} +{{- $pathType := .Values.prometheus.thanosIngress.pathType | default "" }} +{{- $serviceName := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus" }} +{{- $thanosPort := .Values.prometheus.thanosIngress.servicePort -}} +{{- $routePrefix := list .Values.prometheus.prometheusSpec.routePrefix }} +{{- $paths := .Values.prometheus.thanosIngress.paths | default $routePrefix -}} +{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} +apiVersion: networking.k8s.io/v1beta1 +{{ else }} +apiVersion: extensions/v1beta1 +{{ end -}} +kind: Ingress +metadata: +{{- if .Values.prometheus.thanosIngress.annotations }} + annotations: +{{ toYaml .Values.prometheus.thanosIngress.annotations | indent 4 }} +{{- end }} + name: {{ template "kube-prometheus-stack.fullname" . }}-thanos-gateway + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.prometheus.thanosIngress.labels }} +{{ toYaml .Values.prometheus.thanosIngress.labels | indent 4 }} +{{- end }} +spec: + {{- if or (.Capabilities.APIVersions.Has "networking.k8s.io/v1") (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1") }} + {{- if .Values.prometheus.thanosIngress.ingressClassName }} + ingressClassName: {{ .Values.prometheus.thanosIngress.ingressClassName }} + {{- end }} + {{- end }} + rules: + {{- if .Values.prometheus.thanosIngress.hosts }} + {{- range $host := .Values.prometheus.thanosIngress.hosts }} + - host: {{ tpl $host $ }} + http: + paths: + {{- range $p := $paths }} + - path: {{ tpl $p $ }} + {{- if $pathType }} + pathType: {{ $pathType }} + {{- end }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $thanosPort }} + {{- end -}} + {{- end -}} + {{- else }} + - http: + paths: + {{- range $p := $paths }} + - path: {{ tpl $p $ }} + {{- if $pathType }} + pathType: {{ $pathType }} + {{- end }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $thanosPort }} + {{- end -}} + {{- end -}} + {{- if .Values.prometheus.thanosIngress.tls }} + tls: +{{ toYaml .Values.prometheus.thanosIngress.tls | indent 4 }} + {{- end -}} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/ingressperreplica.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/ingressperreplica.yaml new file mode 100755 index 000000000..33143775b --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/ingressperreplica.yaml @@ -0,0 +1,62 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.servicePerReplica.enabled .Values.prometheus.ingressPerReplica.enabled }} +{{- $pathType := .Values.prometheus.ingressPerReplica.pathType | default "" }} +{{- $count := .Values.prometheus.prometheusSpec.replicas | int -}} +{{- $servicePort := .Values.prometheus.servicePerReplica.port -}} +{{- $ingressValues := .Values.prometheus.ingressPerReplica -}} +apiVersion: v1 +kind: List +metadata: + name: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus-ingressperreplica + namespace: {{ template "kube-prometheus-stack.namespace" $ }} +items: +{{ range $i, $e := until $count }} + - kind: Ingress + {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} + apiVersion: networking.k8s.io/v1beta1 + {{ else }} + apiVersion: extensions/v1beta1 + {{ end -}} + metadata: + name: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus-{{ $i }} + namespace: {{ template "kube-prometheus-stack.namespace" $ }} + labels: + app: {{ include "kube-prometheus-stack.name" $ }}-prometheus +{{ include "kube-prometheus-stack.labels" $ | indent 8 }} + {{- if $ingressValues.labels }} +{{ toYaml $ingressValues.labels | indent 8 }} + {{- end }} + {{- if $ingressValues.annotations }} + annotations: +{{ toYaml $ingressValues.annotations | indent 8 }} + {{- end }} + spec: + {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1") ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1") }} + {{- if $ingressValues.ingressClassName }} + ingressClassName: {{ $ingressValues.ingressClassName }} + {{- end }} + {{- end }} + rules: + - host: {{ $ingressValues.hostPrefix }}-{{ $i }}.{{ $ingressValues.hostDomain }} + http: + paths: + {{- range $p := $ingressValues.paths }} + - path: {{ tpl $p $ }} + {{- if $pathType }} + pathType: {{ $pathType }} + {{- end }} + backend: + serviceName: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus-{{ $i }} + servicePort: {{ $servicePort }} + {{- end -}} + {{- if or $ingressValues.tlsSecretName $ingressValues.tlsSecretPerReplica.enabled }} + tls: + - hosts: + - {{ $ingressValues.hostPrefix }}-{{ $i }}.{{ $ingressValues.hostDomain }} + {{- if $ingressValues.tlsSecretPerReplica.enabled }} + secretName: {{ $ingressValues.tlsSecretPerReplica.prefix }}-{{ $i }} + {{- else }} + secretName: {{ $ingressValues.tlsSecretName }} + {{- end }} + {{- end }} +{{- end -}} +{{- end -}} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/nginx-config.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/nginx-config.yaml new file mode 100755 index 000000000..3f346ca4c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/nginx-config.yaml @@ -0,0 +1,66 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: prometheus-nginx-proxy-config + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.prometheus.annotations }} + annotations: +{{ toYaml .Values.prometheus.annotations | indent 4 }} +{{- end }} +data: + nginx.conf: |- + worker_processes auto; + error_log /dev/stdout warn; + pid /var/cache/nginx/nginx.pid; + + events { + worker_connections 1024; + } + + http { + include /etc/nginx/mime.types; + log_format main '[$time_local - $status] $remote_addr - $remote_user $request ($http_referer)'; + + proxy_connect_timeout 10; + proxy_read_timeout 180; + proxy_send_timeout 5; + proxy_buffering off; + proxy_cache_path /var/cache/nginx/cache levels=1:2 keys_zone=my_zone:100m inactive=1d max_size=10g; + + server { + listen 8081; + access_log off; + + gzip on; + gzip_min_length 1k; + gzip_comp_level 2; + gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript image/jpeg image/gif image/png; + gzip_vary on; + gzip_disable "MSIE [1-6]\."; + + proxy_set_header Host $host; + + location / { + proxy_cache my_zone; + proxy_cache_valid 200 302 1d; + proxy_cache_valid 301 30d; + proxy_cache_valid any 5m; + proxy_cache_bypass $http_cache_control; + add_header X-Proxy-Cache $upstream_cache_status; + add_header Cache-Control "public"; + + proxy_pass http://localhost:9090/; + + sub_filter_types text/html; + sub_filter_once off; + sub_filter 'var PATH_PREFIX = "";' 'var PATH_PREFIX = ".";'; + + if ($request_filename ~ .*\.(?:js|css|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$) { + expires 90d; + } + } + } + } diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/podDisruptionBudget.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/podDisruptionBudget.yaml new file mode 100755 index 000000000..573317a32 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/podDisruptionBudget.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.podDisruptionBudget.enabled }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + {{- if .Values.prometheus.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.prometheus.podDisruptionBudget.minAvailable }} + {{- end }} + {{- if .Values.prometheus.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.prometheus.podDisruptionBudget.maxUnavailable }} + {{- end }} + selector: + matchLabels: + app: prometheus + prometheus: {{ template "kube-prometheus-stack.fullname" . }}-prometheus +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/podmonitors.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/podmonitors.yaml new file mode 100755 index 000000000..95d568e13 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/podmonitors.yaml @@ -0,0 +1,37 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.additionalPodMonitors }} +apiVersion: v1 +kind: List +items: +{{- range .Values.prometheus.additionalPodMonitors }} + - apiVersion: monitoring.coreos.com/v1 + kind: PodMonitor + metadata: + name: {{ .name }} + namespace: {{ template "kube-prometheus-stack.namespace" $ }} + labels: + app: {{ template "kube-prometheus-stack.name" $ }}-prometheus +{{ include "kube-prometheus-stack.labels" $ | indent 8 }} + {{- if .additionalLabels }} +{{ toYaml .additionalLabels | indent 8 }} + {{- end }} + spec: + podMetricsEndpoints: +{{ toYaml .podMetricsEndpoints | indent 8 }} + {{- if .jobLabel }} + jobLabel: {{ .jobLabel }} + {{- end }} + {{- if .namespaceSelector }} + namespaceSelector: +{{ toYaml .namespaceSelector | indent 8 }} + {{- end }} + selector: +{{ toYaml .selector | indent 8 }} + {{- if .podTargetLabels }} + podTargetLabels: +{{ toYaml .podTargetLabels | indent 8 }} + {{- end }} + {{- if .sampleLimit }} + sampleLimit: {{ .sampleLimit }} + {{- end }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/prometheus.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/prometheus.yaml new file mode 100755 index 000000000..9c30c814c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/prometheus.yaml @@ -0,0 +1,319 @@ +{{- if .Values.prometheus.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: Prometheus +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.prometheus.annotations }} + annotations: +{{ toYaml .Values.prometheus.annotations | indent 4 }} +{{- end }} +spec: + alerting: + alertmanagers: +{{- if .Values.prometheus.prometheusSpec.alertingEndpoints }} +{{ toYaml .Values.prometheus.prometheusSpec.alertingEndpoints | indent 6 }} +{{- else if .Values.alertmanager.enabled }} + - namespace: {{ template "kube-prometheus-stack.namespace" . }} + name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager + port: {{ .Values.alertmanager.alertmanagerSpec.portName }} + {{- if .Values.alertmanager.alertmanagerSpec.routePrefix }} + pathPrefix: "{{ .Values.alertmanager.alertmanagerSpec.routePrefix }}" + {{- end }} + apiVersion: {{ .Values.alertmanager.apiVersion }} +{{- else }} + [] +{{- end }} +{{- if .Values.prometheus.prometheusSpec.apiserverConfig }} + apiserverConfig: +{{ toYaml .Values.prometheus.prometheusSpec.apiserverConfig | indent 4}} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.image }} + image: {{ template "system_default_registry" . }}{{ .Values.prometheus.prometheusSpec.image.repository }}:{{ .Values.prometheus.prometheusSpec.image.tag }} + version: {{ .Values.prometheus.prometheusSpec.image.tag }} + {{- if .Values.prometheus.prometheusSpec.image.sha }} + sha: {{ .Values.prometheus.prometheusSpec.image.sha }} + {{- end }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.externalLabels }} + externalLabels: +{{ tpl (toYaml .Values.prometheus.prometheusSpec.externalLabels | indent 4) . }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.prometheusExternalLabelNameClear }} + prometheusExternalLabelName: "" +{{- else if .Values.prometheus.prometheusSpec.prometheusExternalLabelName }} + prometheusExternalLabelName: "{{ .Values.prometheus.prometheusSpec.prometheusExternalLabelName }}" +{{- end }} +{{- if .Values.prometheus.prometheusSpec.replicaExternalLabelNameClear }} + replicaExternalLabelName: "" +{{- else if .Values.prometheus.prometheusSpec.replicaExternalLabelName }} + replicaExternalLabelName: "{{ .Values.prometheus.prometheusSpec.replicaExternalLabelName }}" +{{- end }} +{{- if .Values.prometheus.prometheusSpec.externalUrl }} + externalUrl: "{{ tpl .Values.prometheus.prometheusSpec.externalUrl . }}" +{{- else if and .Values.prometheus.ingress.enabled .Values.prometheus.ingress.hosts }} + externalUrl: "http://{{ tpl (index .Values.prometheus.ingress.hosts 0) . }}{{ .Values.prometheus.prometheusSpec.routePrefix }}" +{{- else if not (or (kindIs "invalid" .Values.global.cattle.url) (kindIs "invalid" .Values.global.cattle.clusterId)) }} + externalUrl: "{{ .Values.global.cattle.url }}/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Values.namespaceOverride }}/services/http:{{ template "kube-prometheus-stack.fullname" . }}-prometheus:{{ .Values.prometheus.service.port }}/proxy" +{{- else }} + externalUrl: http://{{ template "kube-prometheus-stack.fullname" . }}-prometheus.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.prometheus.service.port }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.ignoreNamespaceSelectors }} + ignoreNamespaceSelectors: {{ .Values.prometheus.prometheusSpec.ignoreNamespaceSelectors }} +{{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 4 }} +{{- if .Values.prometheus.prometheusSpec.nodeSelector }} +{{ toYaml .Values.prometheus.prometheusSpec.nodeSelector | indent 4 }} +{{- end }} + paused: {{ .Values.prometheus.prometheusSpec.paused }} + replicas: {{ .Values.prometheus.prometheusSpec.replicas }} + shards: {{ .Values.prometheus.prometheusSpec.shards }} + logLevel: {{ .Values.prometheus.prometheusSpec.logLevel }} + logFormat: {{ .Values.prometheus.prometheusSpec.logFormat }} + listenLocal: {{ .Values.prometheus.prometheusSpec.listenLocal }} + enableAdminAPI: {{ .Values.prometheus.prometheusSpec.enableAdminAPI }} +{{- if .Values.prometheus.prometheusSpec.scrapeInterval }} + scrapeInterval: {{ .Values.prometheus.prometheusSpec.scrapeInterval }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.scrapeTimeout }} + scrapeTimeout: {{ .Values.prometheus.prometheusSpec.scrapeTimeout }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.evaluationInterval }} + evaluationInterval: {{ .Values.prometheus.prometheusSpec.evaluationInterval }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.resources }} + resources: +{{ toYaml .Values.prometheus.prometheusSpec.resources | indent 4 }} +{{- end }} + retention: {{ .Values.prometheus.prometheusSpec.retention | quote }} +{{- if .Values.prometheus.prometheusSpec.retentionSize }} + retentionSize: {{ .Values.prometheus.prometheusSpec.retentionSize | quote }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.walCompression }} + walCompression: {{ .Values.prometheus.prometheusSpec.walCompression }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.routePrefix }} + routePrefix: {{ .Values.prometheus.prometheusSpec.routePrefix | quote }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.secrets }} + secrets: +{{ toYaml .Values.prometheus.prometheusSpec.secrets | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.configMaps }} + configMaps: +{{ toYaml .Values.prometheus.prometheusSpec.configMaps | indent 4 }} +{{- end }} + serviceAccountName: {{ template "kube-prometheus-stack.prometheus.serviceAccountName" . }} +{{- if .Values.prometheus.prometheusSpec.serviceMonitorSelector }} + serviceMonitorSelector: +{{ toYaml .Values.prometheus.prometheusSpec.serviceMonitorSelector | indent 4 }} +{{ else if .Values.prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues }} + serviceMonitorSelector: + matchLabels: + release: {{ $.Release.Name | quote }} +{{ else }} + serviceMonitorSelector: {} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.serviceMonitorNamespaceSelector }} + serviceMonitorNamespaceSelector: +{{ toYaml .Values.prometheus.prometheusSpec.serviceMonitorNamespaceSelector | indent 4 }} +{{ else }} + serviceMonitorNamespaceSelector: {} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.podMonitorSelector }} + podMonitorSelector: +{{ toYaml .Values.prometheus.prometheusSpec.podMonitorSelector | indent 4 }} +{{ else if .Values.prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues }} + podMonitorSelector: + matchLabels: + release: {{ $.Release.Name | quote }} +{{ else }} + podMonitorSelector: {} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.podMonitorNamespaceSelector }} + podMonitorNamespaceSelector: +{{ toYaml .Values.prometheus.prometheusSpec.podMonitorNamespaceSelector | indent 4 }} +{{ else }} + podMonitorNamespaceSelector: {} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.probeSelector }} + probeSelector: +{{ toYaml .Values.prometheus.prometheusSpec.probeSelector | indent 4 }} +{{ else if .Values.prometheus.prometheusSpec.probeSelectorNilUsesHelmValues }} + probeSelector: + matchLabels: + release: {{ $.Release.Name | quote }} +{{ else }} + probeSelector: {} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.probeNamespaceSelector }} + probeNamespaceSelector: +{{ toYaml .Values.prometheus.prometheusSpec.probeNamespaceSelector | indent 4 }} +{{ else }} + probeNamespaceSelector: {} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.remoteRead }} + remoteRead: +{{ toYaml .Values.prometheus.prometheusSpec.remoteRead | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.remoteWrite }} + remoteWrite: +{{ toYaml .Values.prometheus.prometheusSpec.remoteWrite | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.securityContext }} + securityContext: +{{ toYaml .Values.prometheus.prometheusSpec.securityContext | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.ruleNamespaceSelector }} + ruleNamespaceSelector: +{{ toYaml .Values.prometheus.prometheusSpec.ruleNamespaceSelector | indent 4 }} +{{ else }} + ruleNamespaceSelector: {} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.ruleSelector }} + ruleSelector: +{{ toYaml .Values.prometheus.prometheusSpec.ruleSelector | indent 4}} +{{- else if .Values.prometheus.prometheusSpec.ruleSelectorNilUsesHelmValues }} + ruleSelector: + matchLabels: + app: {{ template "kube-prometheus-stack.name" . }} + release: {{ $.Release.Name | quote }} +{{ else }} + ruleSelector: {} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.storageSpec }} + storage: +{{ toYaml .Values.prometheus.prometheusSpec.storageSpec | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.podMetadata }} + podMetadata: +{{ tpl (toYaml .Values.prometheus.prometheusSpec.podMetadata | indent 4) . }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.query }} + query: +{{ toYaml .Values.prometheus.prometheusSpec.query | indent 4}} +{{- end }} +{{- if or .Values.prometheus.prometheusSpec.podAntiAffinity .Values.prometheus.prometheusSpec.affinity }} + affinity: +{{- if .Values.prometheus.prometheusSpec.affinity }} +{{ toYaml .Values.prometheus.prometheusSpec.affinity | indent 4 }} +{{- end }} +{{- if eq .Values.prometheus.prometheusSpec.podAntiAffinity "hard" }} + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: {{ .Values.prometheus.prometheusSpec.podAntiAffinityTopologyKey }} + labelSelector: + matchExpressions: + - {key: app, operator: In, values: [prometheus]} + - {key: prometheus, operator: In, values: [{{ template "kube-prometheus-stack.fullname" . }}-prometheus]} +{{- else if eq .Values.prometheus.prometheusSpec.podAntiAffinity "soft" }} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + topologyKey: {{ .Values.prometheus.prometheusSpec.podAntiAffinityTopologyKey }} + labelSelector: + matchExpressions: + - {key: app, operator: In, values: [prometheus]} + - {key: prometheus, operator: In, values: [{{ template "kube-prometheus-stack.fullname" . }}-prometheus]} +{{- end }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 4 }} +{{- if .Values.prometheus.prometheusSpec.tolerations }} +{{ toYaml .Values.prometheus.prometheusSpec.tolerations | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.topologySpreadConstraints }} + topologySpreadConstraints: +{{ toYaml .Values.prometheus.prometheusSpec.topologySpreadConstraints | indent 4 }} +{{- end }} +{{- if .Values.global.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.global.imagePullSecrets | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.additionalScrapeConfigs }} + additionalScrapeConfigs: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-scrape-confg + key: additional-scrape-configs.yaml +{{- end }} +{{- if .Values.prometheus.prometheusSpec.additionalScrapeConfigsSecret.enabled }} + additionalScrapeConfigs: + name: {{ .Values.prometheus.prometheusSpec.additionalScrapeConfigsSecret.name }} + key: {{ .Values.prometheus.prometheusSpec.additionalScrapeConfigsSecret.key }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.additionalAlertManagerConfigs }} + additionalAlertManagerConfigs: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-am-confg + key: additional-alertmanager-configs.yaml +{{- end }} +{{- if .Values.prometheus.prometheusSpec.additionalAlertRelabelConfigs }} + additionalAlertRelabelConfigs: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-am-relabel-confg + key: additional-alert-relabel-configs.yaml +{{- end }} +{{- if .Values.prometheus.prometheusSpec.containers }} + containers: +{{ tpl .Values.prometheus.prometheusSpec.containers $ | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.initContainers }} + initContainers: +{{ toYaml .Values.prometheus.prometheusSpec.initContainers | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.priorityClassName }} + priorityClassName: {{ .Values.prometheus.prometheusSpec.priorityClassName }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.thanos }} + thanos: +{{ toYaml .Values.prometheus.prometheusSpec.thanos | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.disableCompaction }} + disableCompaction: {{ .Values.prometheus.prometheusSpec.disableCompaction }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.portName }} + portName: {{ .Values.prometheus.prometheusSpec.portName }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.volumes }} + volumes: +{{ toYaml .Values.prometheus.prometheusSpec.volumes | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.volumeMounts }} + volumeMounts: +{{ toYaml .Values.prometheus.prometheusSpec.volumeMounts | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.arbitraryFSAccessThroughSMs }} + arbitraryFSAccessThroughSMs: +{{ toYaml .Values.prometheus.prometheusSpec.arbitraryFSAccessThroughSMs | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.overrideHonorLabels }} + overrideHonorLabels: {{ .Values.prometheus.prometheusSpec.overrideHonorLabels }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.overrideHonorTimestamps }} + overrideHonorTimestamps: {{ .Values.prometheus.prometheusSpec.overrideHonorTimestamps }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.ignoreNamespaceSelectors }} + ignoreNamespaceSelectors: {{ .Values.prometheus.prometheusSpec.ignoreNamespaceSelectors }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.enforcedNamespaceLabel }} + enforcedNamespaceLabel: {{ .Values.prometheus.prometheusSpec.enforcedNamespaceLabel }} +{{- $prometheusDefaultRulesExcludedFromEnforce := (include "rules.names" .) | fromYaml }} + prometheusRulesExcludedFromEnforce: +{{- range $prometheusDefaultRulesExcludedFromEnforce.rules }} + - ruleNamespace: "{{ template "kube-prometheus-stack.namespace" $ }}" + ruleName: "{{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) . | trunc 63 | trimSuffix "-" }}" +{{- end }} +{{- if .Values.prometheus.prometheusSpec.prometheusRulesExcludedFromEnforce }} +{{ toYaml .Values.prometheus.prometheusSpec.prometheusRulesExcludedFromEnforce | indent 4 }} +{{- end }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.queryLogFile }} + queryLogFile: {{ .Values.prometheus.prometheusSpec.queryLogFile }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.enforcedSampleLimit }} + enforcedSampleLimit: {{ .Values.prometheus.prometheusSpec.enforcedSampleLimit }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.allowOverlappingBlocks }} + allowOverlappingBlocks: {{ .Values.prometheus.prometheusSpec.allowOverlappingBlocks }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/psp-clusterrole.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/psp-clusterrole.yaml new file mode 100755 index 000000000..a279fb241 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/psp-clusterrole.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-psp + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +rules: +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }} +- apiGroups: ['policy'] +{{- else }} +- apiGroups: ['extensions'] +{{- end }} + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "kube-prometheus-stack.fullname" . }}-prometheus +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/psp-clusterrolebinding.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/psp-clusterrolebinding.yaml new file mode 100755 index 000000000..27b73b74b --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/psp-clusterrolebinding.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-psp + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-psp +subjects: + - kind: ServiceAccount + name: {{ template "kube-prometheus-stack.prometheus.serviceAccountName" . }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} +{{- end }} + diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/psp.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/psp.yaml new file mode 100755 index 000000000..08da5e124 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/psp.yaml @@ -0,0 +1,62 @@ +{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus +{{- if .Values.global.rbac.pspAnnotations }} + annotations: +{{ toYaml .Values.global.rbac.pspAnnotations | indent 4 }} +{{- end }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + privileged: false + # Required to prevent escalations to root. + # allowPrivilegeEscalation: false + # This is redundant with non-root + disallow privilege escalation, + # but we can provide it for defense in depth. + #requiredDropCapabilities: + # - ALL + # Allow core volume types. + volumes: + - 'configMap' + - 'emptyDir' + - 'projected' + - 'secret' + - 'downwardAPI' + - 'persistentVolumeClaim' +{{- if .Values.prometheus.podSecurityPolicy.volumes }} +{{ toYaml .Values.prometheus.podSecurityPolicy.volumes | indent 4 }} +{{- end }} + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + # Permits the container to run with root privileges as well. + rule: 'RunAsAny' + seLinux: + # This policy assumes the nodes are using AppArmor rather than SELinux. + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 0 + max: 65535 + readOnlyRootFilesystem: false +{{- if .Values.prometheus.podSecurityPolicy.allowedCapabilities }} + allowedCapabilities: +{{ toYaml .Values.prometheus.podSecurityPolicy.allowedCapabilities | indent 4 }} +{{- end }} +{{- if .Values.prometheus.podSecurityPolicy.allowedHostPaths }} + allowedHostPaths: +{{ toYaml .Values.prometheus.podSecurityPolicy.allowedHostPaths | indent 4 }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/alertmanager.rules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/alertmanager.rules.yaml new file mode 100755 index 000000000..387a67715 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/alertmanager.rules.yaml @@ -0,0 +1,70 @@ +{{- /* +Generated from 'alertmanager.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.alertmanager }} +{{- $alertmanagerJob := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "alertmanager" }} +{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "alertmanager.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: alertmanager.rules + rules: + - alert: AlertmanagerConfigInconsistent + annotations: + message: 'The configuration of the instances of the Alertmanager cluster `{{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.service {{`}}`}}` are out of sync. + + {{`{{`}} range printf "alertmanager_config_hash{namespace=\"%s\",service=\"%s\"}" $labels.namespace $labels.service | query {{`}}`}} + + Configuration hash for pod {{`{{`}} .Labels.pod {{`}}`}} is "{{`{{`}} printf "%.f" .Value {{`}}`}}" + + {{`{{`}} end {{`}}`}} + + ' + expr: count by(namespace,service) (count_values by(namespace,service) ("config_hash", alertmanager_config_hash{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"})) != 1 + for: 5m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: AlertmanagerFailedReload + annotations: + message: Reloading Alertmanager's configuration has failed for {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod{{`}}`}}. + expr: alertmanager_config_last_reload_successful{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"} == 0 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: AlertmanagerMembersInconsistent + annotations: + message: Alertmanager has not found all other members of the cluster. + expr: |- + alertmanager_cluster_members{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"} + != on (service) GROUP_LEFT() + count by (service) (alertmanager_cluster_members{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}) + for: 5m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/etcd.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/etcd.yaml new file mode 100755 index 000000000..85287315c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/etcd.yaml @@ -0,0 +1,181 @@ +{{- /* +Generated from 'etcd' group from https://raw.githubusercontent.com/etcd-io/website/master/content/docs/v3.4.0/op-guide/etcd3_alert.rules.yml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.etcd }} +{{- if (include "exporter.kubeEtcd.enabled" .)}} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "etcd" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: etcd + rules: + - alert: etcdInsufficientMembers + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": insufficient members ({{`{{`}} $value {{`}}`}}).' + expr: sum(up{job=~".*etcd.*"} == bool 1) by (job) < ((count(up{job=~".*etcd.*"}) by (job) + 1) / 2) + for: 3m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdNoLeader + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": member {{`{{`}} $labels.instance {{`}}`}} has no leader.' + expr: etcd_server_has_leader{job=~".*etcd.*"} == 0 + for: 1m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHighNumberOfLeaderChanges + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": instance {{`{{`}} $labels.instance {{`}}`}} has seen {{`{{`}} $value {{`}}`}} leader changes within the last hour.' + expr: rate(etcd_server_leader_changes_seen_total{job=~".*etcd.*"}[15m]) > 3 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHighNumberOfFailedGRPCRequests + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": {{`{{`}} $value {{`}}`}}% of requests for {{`{{`}} $labels.grpc_method {{`}}`}} failed on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' + expr: |- + 100 * sum(rate(grpc_server_handled_total{job=~".*etcd.*", grpc_code!="OK"}[5m])) BY (job, instance, grpc_service, grpc_method) + / + sum(rate(grpc_server_handled_total{job=~".*etcd.*"}[5m])) BY (job, instance, grpc_service, grpc_method) + > 1 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHighNumberOfFailedGRPCRequests + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": {{`{{`}} $value {{`}}`}}% of requests for {{`{{`}} $labels.grpc_method {{`}}`}} failed on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' + expr: |- + 100 * sum(rate(grpc_server_handled_total{job=~".*etcd.*", grpc_code!="OK"}[5m])) BY (job, instance, grpc_service, grpc_method) + / + sum(rate(grpc_server_handled_total{job=~".*etcd.*"}[5m])) BY (job, instance, grpc_service, grpc_method) + > 5 + for: 5m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdGRPCRequestsSlow + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": gRPC requests to {{`{{`}} $labels.grpc_method {{`}}`}} are taking {{`{{`}} $value {{`}}`}}s on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' + expr: |- + histogram_quantile(0.99, sum(rate(grpc_server_handling_seconds_bucket{job=~".*etcd.*", grpc_type="unary"}[5m])) by (job, instance, grpc_service, grpc_method, le)) + > 0.15 + for: 10m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdMemberCommunicationSlow + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": member communication with {{`{{`}} $labels.To {{`}}`}} is taking {{`{{`}} $value {{`}}`}}s on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' + expr: |- + histogram_quantile(0.99, rate(etcd_network_peer_round_trip_time_seconds_bucket{job=~".*etcd.*"}[5m])) + > 0.15 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHighNumberOfFailedProposals + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": {{`{{`}} $value {{`}}`}} proposal failures within the last hour on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' + expr: rate(etcd_server_proposals_failed_total{job=~".*etcd.*"}[15m]) > 5 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHighFsyncDurations + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": 99th percentile fync durations are {{`{{`}} $value {{`}}`}}s on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' + expr: |- + histogram_quantile(0.99, rate(etcd_disk_wal_fsync_duration_seconds_bucket{job=~".*etcd.*"}[5m])) + > 0.5 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHighCommitDurations + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": 99th percentile commit durations {{`{{`}} $value {{`}}`}}s on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' + expr: |- + histogram_quantile(0.99, rate(etcd_disk_backend_commit_duration_seconds_bucket{job=~".*etcd.*"}[5m])) + > 0.25 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHighNumberOfFailedHTTPRequests + annotations: + message: '{{`{{`}} $value {{`}}`}}% of requests for {{`{{`}} $labels.method {{`}}`}} failed on etcd instance {{`{{`}} $labels.instance {{`}}`}}' + expr: |- + sum(rate(etcd_http_failed_total{job=~".*etcd.*", code!="404"}[5m])) BY (method) / sum(rate(etcd_http_received_total{job=~".*etcd.*"}[5m])) + BY (method) > 0.01 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHighNumberOfFailedHTTPRequests + annotations: + message: '{{`{{`}} $value {{`}}`}}% of requests for {{`{{`}} $labels.method {{`}}`}} failed on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' + expr: |- + sum(rate(etcd_http_failed_total{job=~".*etcd.*", code!="404"}[5m])) BY (method) / sum(rate(etcd_http_received_total{job=~".*etcd.*"}[5m])) + BY (method) > 0.05 + for: 10m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHTTPRequestsSlow + annotations: + message: etcd instance {{`{{`}} $labels.instance {{`}}`}} HTTP requests to {{`{{`}} $labels.method {{`}}`}} are slow. + expr: |- + histogram_quantile(0.99, rate(etcd_http_successful_duration_seconds_bucket[5m])) + > 0.15 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/general.rules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/general.rules.yaml new file mode 100755 index 000000000..80771f4f8 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/general.rules.yaml @@ -0,0 +1,56 @@ +{{- /* +Generated from 'general.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.general }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "general.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: general.rules + rules: + - alert: TargetDown + annotations: + message: '{{`{{`}} printf "%.4g" $value {{`}}`}}% of the {{`{{`}} $labels.job {{`}}`}}/{{`{{`}} $labels.service {{`}}`}} targets in {{`{{`}} $labels.namespace {{`}}`}} namespace are down.' + expr: 100 * (count(up == 0) BY (job, namespace, service) / count(up) BY (job, namespace, service)) > 10 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: Watchdog + annotations: + message: 'This is an alert meant to ensure that the entire alerting pipeline is functional. + + This alert is always firing, therefore it should always be firing in Alertmanager + + and always fire against a receiver. There are integrations with various notification + + mechanisms that send a notification when this alert is not firing. For example the + + "DeadMansSnitch" integration in PagerDuty. + + ' + expr: vector(1) + labels: + severity: none +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/k8s.rules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/k8s.rules.yaml new file mode 100755 index 000000000..19511e8fb --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/k8s.rules.yaml @@ -0,0 +1,117 @@ +{{- /* +Generated from 'k8s.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.k8s }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "k8s.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: k8s.rules + rules: + - expr: |- + sum by (cluster, namespace, pod, container) ( + rate(container_cpu_usage_seconds_total{job="kubelet", metrics_path="/metrics/cadvisor", image!="", container!="POD"}[5m]) + ) * on (cluster, namespace, pod) group_left(node) topk by (cluster, namespace, pod) ( + 1, max by(cluster, namespace, pod, node) (kube_pod_info{node!=""}) + ) + record: node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate + - expr: |- + container_memory_working_set_bytes{job="kubelet", metrics_path="/metrics/cadvisor", image!=""} + * on (namespace, pod) group_left(node) topk by(namespace, pod) (1, + max by(namespace, pod, node) (kube_pod_info{node!=""}) + ) + record: node_namespace_pod_container:container_memory_working_set_bytes + - expr: |- + container_memory_rss{job="kubelet", metrics_path="/metrics/cadvisor", image!=""} + * on (namespace, pod) group_left(node) topk by(namespace, pod) (1, + max by(namespace, pod, node) (kube_pod_info{node!=""}) + ) + record: node_namespace_pod_container:container_memory_rss + - expr: |- + container_memory_cache{job="kubelet", metrics_path="/metrics/cadvisor", image!=""} + * on (namespace, pod) group_left(node) topk by(namespace, pod) (1, + max by(namespace, pod, node) (kube_pod_info{node!=""}) + ) + record: node_namespace_pod_container:container_memory_cache + - expr: |- + container_memory_swap{job="kubelet", metrics_path="/metrics/cadvisor", image!=""} + * on (namespace, pod) group_left(node) topk by(namespace, pod) (1, + max by(namespace, pod, node) (kube_pod_info{node!=""}) + ) + record: node_namespace_pod_container:container_memory_swap + - expr: |- + sum by (namespace) ( + sum by (namespace, pod) ( + max by (namespace, pod, container) ( + kube_pod_container_resource_requests_memory_bytes{job="kube-state-metrics"} + ) * on(namespace, pod) group_left() max by (namespace, pod) ( + kube_pod_status_phase{phase=~"Pending|Running"} == 1 + ) + ) + ) + record: namespace:kube_pod_container_resource_requests_memory_bytes:sum + - expr: |- + sum by (namespace) ( + sum by (namespace, pod) ( + max by (namespace, pod, container) ( + kube_pod_container_resource_requests_cpu_cores{job="kube-state-metrics"} + ) * on(namespace, pod) group_left() max by (namespace, pod) ( + kube_pod_status_phase{phase=~"Pending|Running"} == 1 + ) + ) + ) + record: namespace:kube_pod_container_resource_requests_cpu_cores:sum + - expr: |- + max by (cluster, namespace, workload, pod) ( + label_replace( + label_replace( + kube_pod_owner{job="kube-state-metrics", owner_kind="ReplicaSet"}, + "replicaset", "$1", "owner_name", "(.*)" + ) * on(replicaset, namespace) group_left(owner_name) topk by(replicaset, namespace) ( + 1, max by (replicaset, namespace, owner_name) ( + kube_replicaset_owner{job="kube-state-metrics"} + ) + ), + "workload", "$1", "owner_name", "(.*)" + ) + ) + labels: + workload_type: deployment + record: namespace_workload_pod:kube_pod_owner:relabel + - expr: |- + max by (cluster, namespace, workload, pod) ( + label_replace( + kube_pod_owner{job="kube-state-metrics", owner_kind="DaemonSet"}, + "workload", "$1", "owner_name", "(.*)" + ) + ) + labels: + workload_type: daemonset + record: namespace_workload_pod:kube_pod_owner:relabel + - expr: |- + max by (cluster, namespace, workload, pod) ( + label_replace( + kube_pod_owner{job="kube-state-metrics", owner_kind="StatefulSet"}, + "workload", "$1", "owner_name", "(.*)" + ) + ) + labels: + workload_type: statefulset + record: namespace_workload_pod:kube_pod_owner:relabel +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml new file mode 100755 index 000000000..7b00b54a7 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml @@ -0,0 +1,160 @@ +{{- /* +Generated from 'kube-apiserver-availability.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.kubeApiServer.enabled .Values.defaultRules.rules.kubeApiserverAvailability }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-apiserver-availability.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - interval: 3m + name: kube-apiserver-availability.rules + rules: + - expr: |- + 1 - ( + ( + # write too slow + sum(increase(apiserver_request_duration_seconds_count{verb=~"POST|PUT|PATCH|DELETE"}[30d])) + - + sum(increase(apiserver_request_duration_seconds_bucket{verb=~"POST|PUT|PATCH|DELETE",le="1"}[30d])) + ) + + ( + # read too slow + sum(increase(apiserver_request_duration_seconds_count{verb=~"LIST|GET"}[30d])) + - + ( + ( + sum(increase(apiserver_request_duration_seconds_bucket{verb=~"LIST|GET",scope=~"resource|",le="0.1"}[30d])) + or + vector(0) + ) + + + sum(increase(apiserver_request_duration_seconds_bucket{verb=~"LIST|GET",scope="namespace",le="0.5"}[30d])) + + + sum(increase(apiserver_request_duration_seconds_bucket{verb=~"LIST|GET",scope="cluster",le="5"}[30d])) + ) + ) + + # errors + sum(code:apiserver_request_total:increase30d{code=~"5.."} or vector(0)) + ) + / + sum(code:apiserver_request_total:increase30d) + labels: + verb: all + record: apiserver_request:availability30d + - expr: |- + 1 - ( + sum(increase(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[30d])) + - + ( + # too slow + ( + sum(increase(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[30d])) + or + vector(0) + ) + + + sum(increase(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[30d])) + + + sum(increase(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[30d])) + ) + + + # errors + sum(code:apiserver_request_total:increase30d{verb="read",code=~"5.."} or vector(0)) + ) + / + sum(code:apiserver_request_total:increase30d{verb="read"}) + labels: + verb: read + record: apiserver_request:availability30d + - expr: |- + 1 - ( + ( + # too slow + sum(increase(apiserver_request_duration_seconds_count{verb=~"POST|PUT|PATCH|DELETE"}[30d])) + - + sum(increase(apiserver_request_duration_seconds_bucket{verb=~"POST|PUT|PATCH|DELETE",le="1"}[30d])) + ) + + + # errors + sum(code:apiserver_request_total:increase30d{verb="write",code=~"5.."} or vector(0)) + ) + / + sum(code:apiserver_request_total:increase30d{verb="write"}) + labels: + verb: write + record: apiserver_request:availability30d + - expr: avg_over_time(code_verb:apiserver_request_total:increase1h[30d]) * 24 * 30 + record: code_verb:apiserver_request_total:increase30d + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"2.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"2.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"2.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"2.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"2.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"2.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"3.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"3.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"3.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"3.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"3.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"3.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"4.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"4.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"4.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"4.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"4.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"4.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"5.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"5.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"5.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"5.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"5.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"5.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code) (code_verb:apiserver_request_total:increase30d{verb=~"LIST|GET"}) + labels: + verb: read + record: code:apiserver_request_total:increase30d + - expr: sum by (code) (code_verb:apiserver_request_total:increase30d{verb=~"POST|PUT|PATCH|DELETE"}) + labels: + verb: write + record: code:apiserver_request_total:increase30d +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-apiserver-slos.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-apiserver-slos.yaml new file mode 100755 index 000000000..0f44ccc10 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-apiserver-slos.yaml @@ -0,0 +1,95 @@ +{{- /* +Generated from 'kube-apiserver-slos' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.kubeApiServer.enabled .Values.defaultRules.rules.kubeApiserverSlos }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-apiserver-slos" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kube-apiserver-slos + rules: + - alert: KubeAPIErrorBudgetBurn + annotations: + description: The API server is burning too much error budget. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeapierrorbudgetburn + summary: The API server is burning too much error budget. + expr: |- + sum(apiserver_request:burnrate1h) > (14.40 * 0.01000) + and + sum(apiserver_request:burnrate5m) > (14.40 * 0.01000) + for: 2m + labels: + long: 1h + severity: critical + short: 5m +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeAPIErrorBudgetBurn + annotations: + description: The API server is burning too much error budget. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeapierrorbudgetburn + summary: The API server is burning too much error budget. + expr: |- + sum(apiserver_request:burnrate6h) > (6.00 * 0.01000) + and + sum(apiserver_request:burnrate30m) > (6.00 * 0.01000) + for: 15m + labels: + long: 6h + severity: critical + short: 30m +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeAPIErrorBudgetBurn + annotations: + description: The API server is burning too much error budget. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeapierrorbudgetburn + summary: The API server is burning too much error budget. + expr: |- + sum(apiserver_request:burnrate1d) > (3.00 * 0.01000) + and + sum(apiserver_request:burnrate2h) > (3.00 * 0.01000) + for: 1h + labels: + long: 1d + severity: warning + short: 2h +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeAPIErrorBudgetBurn + annotations: + description: The API server is burning too much error budget. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeapierrorbudgetburn + summary: The API server is burning too much error budget. + expr: |- + sum(apiserver_request:burnrate3d) > (1.00 * 0.01000) + and + sum(apiserver_request:burnrate6h) > (1.00 * 0.01000) + for: 3h + labels: + long: 3d + severity: warning + short: 6h +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-apiserver.rules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-apiserver.rules.yaml new file mode 100755 index 000000000..eddc1e40f --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-apiserver.rules.yaml @@ -0,0 +1,358 @@ +{{- /* +Generated from 'kube-apiserver.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.kubeApiServer.enabled .Values.defaultRules.rules.kubeApiserver }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-apiserver.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kube-apiserver.rules + rules: + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[1d])) + - + ( + ( + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[1d])) + or + vector(0) + ) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[1d])) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[1d])) + ) + ) + + + # errors + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[1d])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[1d])) + labels: + verb: read + record: apiserver_request:burnrate1d + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[1h])) + - + ( + ( + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[1h])) + or + vector(0) + ) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[1h])) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[1h])) + ) + ) + + + # errors + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[1h])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[1h])) + labels: + verb: read + record: apiserver_request:burnrate1h + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[2h])) + - + ( + ( + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[2h])) + or + vector(0) + ) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[2h])) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[2h])) + ) + ) + + + # errors + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[2h])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[2h])) + labels: + verb: read + record: apiserver_request:burnrate2h + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[30m])) + - + ( + ( + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[30m])) + or + vector(0) + ) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[30m])) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[30m])) + ) + ) + + + # errors + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[30m])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[30m])) + labels: + verb: read + record: apiserver_request:burnrate30m + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[3d])) + - + ( + ( + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[3d])) + or + vector(0) + ) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[3d])) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[3d])) + ) + ) + + + # errors + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[3d])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[3d])) + labels: + verb: read + record: apiserver_request:burnrate3d + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[5m])) + - + ( + ( + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[5m])) + or + vector(0) + ) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[5m])) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[5m])) + ) + ) + + + # errors + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[5m])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[5m])) + labels: + verb: read + record: apiserver_request:burnrate5m + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[6h])) + - + ( + ( + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[6h])) + or + vector(0) + ) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[6h])) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[6h])) + ) + ) + + + # errors + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[6h])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[6h])) + labels: + verb: read + record: apiserver_request:burnrate6h + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[1d])) + - + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[1d])) + ) + + + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[1d])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[1d])) + labels: + verb: write + record: apiserver_request:burnrate1d + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[1h])) + - + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[1h])) + ) + + + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[1h])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[1h])) + labels: + verb: write + record: apiserver_request:burnrate1h + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[2h])) + - + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[2h])) + ) + + + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[2h])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[2h])) + labels: + verb: write + record: apiserver_request:burnrate2h + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[30m])) + - + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[30m])) + ) + + + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[30m])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[30m])) + labels: + verb: write + record: apiserver_request:burnrate30m + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[3d])) + - + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[3d])) + ) + + + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[3d])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[3d])) + labels: + verb: write + record: apiserver_request:burnrate3d + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[5m])) + - + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[5m])) + ) + + + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[5m])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[5m])) + labels: + verb: write + record: apiserver_request:burnrate5m + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[6h])) + - + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[6h])) + ) + + + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[6h])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[6h])) + labels: + verb: write + record: apiserver_request:burnrate6h + - expr: sum by (code,resource) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[5m])) + labels: + verb: read + record: code_resource:apiserver_request_total:rate5m + - expr: sum by (code,resource) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[5m])) + labels: + verb: write + record: code_resource:apiserver_request_total:rate5m + - expr: histogram_quantile(0.99, sum by (le, resource) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET"}[5m]))) > 0 + labels: + quantile: '0.99' + verb: read + record: cluster_quantile:apiserver_request_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.99, sum by (le, resource) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[5m]))) > 0 + labels: + quantile: '0.99' + verb: write + record: cluster_quantile:apiserver_request_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.99, sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",subresource!="log",verb!~"LIST|WATCH|WATCHLIST|DELETECOLLECTION|PROXY|CONNECT"}[5m])) without(instance, pod)) + labels: + quantile: '0.99' + record: cluster_quantile:apiserver_request_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.9, sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",subresource!="log",verb!~"LIST|WATCH|WATCHLIST|DELETECOLLECTION|PROXY|CONNECT"}[5m])) without(instance, pod)) + labels: + quantile: '0.9' + record: cluster_quantile:apiserver_request_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.5, sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",subresource!="log",verb!~"LIST|WATCH|WATCHLIST|DELETECOLLECTION|PROXY|CONNECT"}[5m])) without(instance, pod)) + labels: + quantile: '0.5' + record: cluster_quantile:apiserver_request_duration_seconds:histogram_quantile +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-prometheus-general.rules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-prometheus-general.rules.yaml new file mode 100755 index 000000000..e54bee587 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-prometheus-general.rules.yaml @@ -0,0 +1,31 @@ +{{- /* +Generated from 'kube-prometheus-general.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubePrometheusGeneral }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-prometheus-general.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kube-prometheus-general.rules + rules: + - expr: count without(instance, pod, node) (up == 1) + record: count:up1 + - expr: count without(instance, pod, node) (up == 0) + record: count:up0 +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-prometheus-node-recording.rules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-prometheus-node-recording.rules.yaml new file mode 100755 index 000000000..27271f1b5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-prometheus-node-recording.rules.yaml @@ -0,0 +1,39 @@ +{{- /* +Generated from 'kube-prometheus-node-recording.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubePrometheusNodeRecording }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-prometheus-node-recording.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kube-prometheus-node-recording.rules + rules: + - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[3m])) BY (instance) + record: instance:node_cpu:rate:sum + - expr: sum(rate(node_network_receive_bytes_total[3m])) BY (instance) + record: instance:node_network_receive_bytes:rate:sum + - expr: sum(rate(node_network_transmit_bytes_total[3m])) BY (instance) + record: instance:node_network_transmit_bytes:rate:sum + - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[5m])) WITHOUT (cpu, mode) / ON(instance) GROUP_LEFT() count(sum(node_cpu_seconds_total) BY (instance, cpu)) BY (instance) + record: instance:node_cpu:ratio + - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[5m])) + record: cluster:node_cpu:sum_rate5m + - expr: cluster:node_cpu_seconds_total:rate5m / count(sum(node_cpu_seconds_total) BY (instance, cpu)) + record: cluster:node_cpu:ratio +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml new file mode 100755 index 000000000..3c0ff31b0 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml @@ -0,0 +1,65 @@ +{{- /* +Generated from 'kube-scheduler.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubeScheduler }} +{{- if (include "exporter.kubeScheduler.enabled" .)}} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-scheduler.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kube-scheduler.rules + rules: + - expr: histogram_quantile(0.99, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) + labels: + quantile: '0.99' + record: cluster_quantile:scheduler_e2e_scheduling_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.99, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) + labels: + quantile: '0.99' + record: cluster_quantile:scheduler_scheduling_algorithm_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.99, sum(rate(scheduler_binding_duration_seconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) + labels: + quantile: '0.99' + record: cluster_quantile:scheduler_binding_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.9, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) + labels: + quantile: '0.9' + record: cluster_quantile:scheduler_e2e_scheduling_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.9, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) + labels: + quantile: '0.9' + record: cluster_quantile:scheduler_scheduling_algorithm_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.9, sum(rate(scheduler_binding_duration_seconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) + labels: + quantile: '0.9' + record: cluster_quantile:scheduler_binding_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.5, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) + labels: + quantile: '0.5' + record: cluster_quantile:scheduler_e2e_scheduling_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.5, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) + labels: + quantile: '0.5' + record: cluster_quantile:scheduler_scheduling_algorithm_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.5, sum(rate(scheduler_binding_duration_seconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) + labels: + quantile: '0.5' + record: cluster_quantile:scheduler_binding_duration_seconds:histogram_quantile +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-state-metrics.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-state-metrics.yaml new file mode 100755 index 000000000..0fa5032ba --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kube-state-metrics.yaml @@ -0,0 +1,59 @@ +{{- /* +Generated from 'kube-state-metrics' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubeStateMetrics }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-state-metrics" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kube-state-metrics + rules: + - alert: KubeStateMetricsListErrors + annotations: + description: kube-state-metrics is experiencing errors at an elevated rate in list operations. This is likely causing it to not be able to expose metrics about Kubernetes objects correctly or at all. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubestatemetricslisterrors + summary: kube-state-metrics is experiencing errors in list operations. + expr: |- + (sum(rate(kube_state_metrics_list_total{job="kube-state-metrics",result="error"}[5m])) + / + sum(rate(kube_state_metrics_list_total{job="kube-state-metrics"}[5m]))) + > 0.01 + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeStateMetricsWatchErrors + annotations: + description: kube-state-metrics is experiencing errors at an elevated rate in watch operations. This is likely causing it to not be able to expose metrics about Kubernetes objects correctly or at all. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubestatemetricswatcherrors + summary: kube-state-metrics is experiencing errors in watch operations. + expr: |- + (sum(rate(kube_state_metrics_watch_total{job="kube-state-metrics",result="error"}[5m])) + / + sum(rate(kube_state_metrics_watch_total{job="kube-state-metrics"}[5m]))) + > 0.01 + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubelet.rules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubelet.rules.yaml new file mode 100755 index 000000000..8712b9ff5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubelet.rules.yaml @@ -0,0 +1,39 @@ +{{- /* +Generated from 'kubelet.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.kubelet.enabled .Values.defaultRules.rules.kubelet }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubelet.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kubelet.rules + rules: + - expr: histogram_quantile(0.99, sum(rate(kubelet_pleg_relist_duration_seconds_bucket[5m])) by (instance, le) * on(instance) group_left(node) kubelet_node_name{job="kubelet", metrics_path="/metrics"}) + labels: + quantile: '0.99' + record: node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.9, sum(rate(kubelet_pleg_relist_duration_seconds_bucket[5m])) by (instance, le) * on(instance) group_left(node) kubelet_node_name{job="kubelet", metrics_path="/metrics"}) + labels: + quantile: '0.9' + record: node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.5, sum(rate(kubelet_pleg_relist_duration_seconds_bucket[5m])) by (instance, le) * on(instance) group_left(node) kubelet_node_name{job="kubelet", metrics_path="/metrics"}) + labels: + quantile: '0.5' + record: node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-apps.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-apps.yaml new file mode 100755 index 000000000..198bbb845 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-apps.yaml @@ -0,0 +1,298 @@ +{{- /* +Generated from 'kubernetes-apps' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesApps }} +{{- $targetNamespace := .Values.defaultRules.appNamespacesTarget }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-apps" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kubernetes-apps + rules: + - alert: KubePodCrashLooping + annotations: + description: Pod {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}} ({{`{{`}} $labels.container {{`}}`}}) is restarting {{`{{`}} printf "%.2f" $value {{`}}`}} times / 10 minutes. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubepodcrashlooping + summary: Pod is crash looping. + expr: rate(kube_pod_container_status_restarts_total{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}[10m]) * 60 * 5 > 0 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubePodNotReady + annotations: + description: Pod {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}} has been in a non-ready state for longer than 15 minutes. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubepodnotready + summary: Pod has been in a non-ready state for more than 15 minutes. + expr: |- + sum by (namespace, pod) ( + max by(namespace, pod) ( + kube_pod_status_phase{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}", phase=~"Pending|Unknown"} + ) * on(namespace, pod) group_left(owner_kind) topk by(namespace, pod) ( + 1, max by(namespace, pod, owner_kind) (kube_pod_owner{owner_kind!="Job"}) + ) + ) > 0 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeDeploymentGenerationMismatch + annotations: + description: Deployment generation for {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.deployment {{`}}`}} does not match, this indicates that the Deployment has failed but has not been rolled back. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubedeploymentgenerationmismatch + summary: Deployment generation mismatch due to possible roll-back + expr: |- + kube_deployment_status_observed_generation{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + != + kube_deployment_metadata_generation{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeDeploymentReplicasMismatch + annotations: + description: Deployment {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.deployment {{`}}`}} has not matched the expected number of replicas for longer than 15 minutes. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubedeploymentreplicasmismatch + summary: Deployment has not matched the expected number of replicas. + expr: |- + ( + kube_deployment_spec_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + != + kube_deployment_status_replicas_available{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + ) and ( + changes(kube_deployment_status_replicas_updated{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}[5m]) + == + 0 + ) + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeStatefulSetReplicasMismatch + annotations: + description: StatefulSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.statefulset {{`}}`}} has not matched the expected number of replicas for longer than 15 minutes. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubestatefulsetreplicasmismatch + summary: Deployment has not matched the expected number of replicas. + expr: |- + ( + kube_statefulset_status_replicas_ready{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + != + kube_statefulset_status_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + ) and ( + changes(kube_statefulset_status_replicas_updated{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}[5m]) + == + 0 + ) + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeStatefulSetGenerationMismatch + annotations: + description: StatefulSet generation for {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.statefulset {{`}}`}} does not match, this indicates that the StatefulSet has failed but has not been rolled back. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubestatefulsetgenerationmismatch + summary: StatefulSet generation mismatch due to possible roll-back + expr: |- + kube_statefulset_status_observed_generation{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + != + kube_statefulset_metadata_generation{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeStatefulSetUpdateNotRolledOut + annotations: + description: StatefulSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.statefulset {{`}}`}} update has not been rolled out. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubestatefulsetupdatenotrolledout + summary: StatefulSet update has not been rolled out. + expr: |- + ( + max without (revision) ( + kube_statefulset_status_current_revision{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + unless + kube_statefulset_status_update_revision{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + ) + * + ( + kube_statefulset_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + != + kube_statefulset_status_replicas_updated{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + ) + ) and ( + changes(kube_statefulset_status_replicas_updated{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}[5m]) + == + 0 + ) + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeDaemonSetRolloutStuck + annotations: + description: DaemonSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.daemonset {{`}}`}} has not finished or progressed for at least 15 minutes. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubedaemonsetrolloutstuck + summary: DaemonSet rollout is stuck. + expr: |- + ( + ( + kube_daemonset_status_current_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + != + kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + ) or ( + kube_daemonset_status_number_misscheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + != + 0 + ) or ( + kube_daemonset_updated_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + != + kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + ) or ( + kube_daemonset_status_number_available{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + != + kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + ) + ) and ( + changes(kube_daemonset_updated_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}[5m]) + == + 0 + ) + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeContainerWaiting + annotations: + description: Pod {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}} container {{`{{`}} $labels.container{{`}}`}} has been in waiting state for longer than 1 hour. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubecontainerwaiting + summary: Pod container waiting longer than 1 hour + expr: sum by (namespace, pod, container) (kube_pod_container_status_waiting_reason{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}) > 0 + for: 1h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeDaemonSetNotScheduled + annotations: + description: '{{`{{`}} $value {{`}}`}} Pods of DaemonSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.daemonset {{`}}`}} are not scheduled.' + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubedaemonsetnotscheduled + summary: DaemonSet pods are not scheduled. + expr: |- + kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + - + kube_daemonset_status_current_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} > 0 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeDaemonSetMisScheduled + annotations: + description: '{{`{{`}} $value {{`}}`}} Pods of DaemonSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.daemonset {{`}}`}} are running where they are not supposed to run.' + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubedaemonsetmisscheduled + summary: DaemonSet pods are misscheduled. + expr: kube_daemonset_status_number_misscheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} > 0 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeJobCompletion + annotations: + description: Job {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.job_name {{`}}`}} is taking more than 12 hours to complete. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubejobcompletion + summary: Job did not complete in time + expr: kube_job_spec_completions{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} - kube_job_status_succeeded{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} > 0 + for: 12h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeJobFailed + annotations: + description: Job {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.job_name {{`}}`}} failed to complete. Removing failed job after investigation should clear this alert. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubejobfailed + summary: Job failed to complete. + expr: kube_job_failed{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} > 0 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeHpaReplicasMismatch + annotations: + description: HPA {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.hpa {{`}}`}} has not matched the desired number of replicas for longer than 15 minutes. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubehpareplicasmismatch + summary: HPA has not matched descired number of replicas. + expr: |- + (kube_hpa_status_desired_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + != + kube_hpa_status_current_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}) + and + (kube_hpa_status_current_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + > + kube_hpa_spec_min_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}) + and + (kube_hpa_status_current_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + < + kube_hpa_spec_max_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}) + and + changes(kube_hpa_status_current_replicas[15m]) == 0 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeHpaMaxedOut + annotations: + description: HPA {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.hpa {{`}}`}} has been running at max replicas for longer than 15 minutes. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubehpamaxedout + summary: HPA is running at max replicas + expr: |- + kube_hpa_status_current_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + == + kube_hpa_spec_max_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-resources.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-resources.yaml new file mode 100755 index 000000000..898f8eed2 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-resources.yaml @@ -0,0 +1,159 @@ +{{- /* +Generated from 'kubernetes-resources' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesResources }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-resources" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kubernetes-resources + rules: + - alert: KubeCPUOvercommit + annotations: + description: Cluster has overcommitted CPU resource requests for Pods and cannot tolerate node failure. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubecpuovercommit + summary: Cluster has overcommitted CPU resource requests. + expr: |- + sum(namespace:kube_pod_container_resource_requests_cpu_cores:sum{}) + / + sum(kube_node_status_allocatable_cpu_cores) + > + (count(kube_node_status_allocatable_cpu_cores)-1) / count(kube_node_status_allocatable_cpu_cores) + for: 5m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeMemoryOvercommit + annotations: + description: Cluster has overcommitted memory resource requests for Pods and cannot tolerate node failure. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubememoryovercommit + summary: Cluster has overcommitted memory resource requests. + expr: |- + sum(namespace:kube_pod_container_resource_requests_memory_bytes:sum{}) + / + sum(kube_node_status_allocatable_memory_bytes) + > + (count(kube_node_status_allocatable_memory_bytes)-1) + / + count(kube_node_status_allocatable_memory_bytes) + for: 5m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeCPUQuotaOvercommit + annotations: + description: Cluster has overcommitted CPU resource requests for Namespaces. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubecpuquotaovercommit + summary: Cluster has overcommitted CPU resource requests. + expr: |- + sum(kube_resourcequota{job="kube-state-metrics", type="hard", resource="cpu"}) + / + sum(kube_node_status_allocatable_cpu_cores) + > 1.5 + for: 5m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeMemoryQuotaOvercommit + annotations: + description: Cluster has overcommitted memory resource requests for Namespaces. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubememoryquotaovercommit + summary: Cluster has overcommitted memory resource requests. + expr: |- + sum(kube_resourcequota{job="kube-state-metrics", type="hard", resource="memory"}) + / + sum(kube_node_status_allocatable_memory_bytes{job="kube-state-metrics"}) + > 1.5 + for: 5m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeQuotaAlmostFull + annotations: + description: Namespace {{`{{`}} $labels.namespace {{`}}`}} is using {{`{{`}} $value | humanizePercentage {{`}}`}} of its {{`{{`}} $labels.resource {{`}}`}} quota. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubequotaalmostfull + summary: Namespace quota is going to be full. + expr: |- + kube_resourcequota{job="kube-state-metrics", type="used"} + / ignoring(instance, job, type) + (kube_resourcequota{job="kube-state-metrics", type="hard"} > 0) + > 0.9 < 1 + for: 15m + labels: + severity: info +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeQuotaFullyUsed + annotations: + description: Namespace {{`{{`}} $labels.namespace {{`}}`}} is using {{`{{`}} $value | humanizePercentage {{`}}`}} of its {{`{{`}} $labels.resource {{`}}`}} quota. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubequotafullyused + summary: Namespace quota is fully used. + expr: |- + kube_resourcequota{job="kube-state-metrics", type="used"} + / ignoring(instance, job, type) + (kube_resourcequota{job="kube-state-metrics", type="hard"} > 0) + == 1 + for: 15m + labels: + severity: info +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeQuotaExceeded + annotations: + description: Namespace {{`{{`}} $labels.namespace {{`}}`}} is using {{`{{`}} $value | humanizePercentage {{`}}`}} of its {{`{{`}} $labels.resource {{`}}`}} quota. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubequotaexceeded + summary: Namespace quota has exceeded the limits. + expr: |- + kube_resourcequota{job="kube-state-metrics", type="used"} + / ignoring(instance, job, type) + (kube_resourcequota{job="kube-state-metrics", type="hard"} > 0) + > 1 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: CPUThrottlingHigh + annotations: + description: '{{`{{`}} $value | humanizePercentage {{`}}`}} throttling of CPU in namespace {{`{{`}} $labels.namespace {{`}}`}} for container {{`{{`}} $labels.container {{`}}`}} in pod {{`{{`}} $labels.pod {{`}}`}}.' + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-cputhrottlinghigh + summary: Processes experience elevated CPU throttling. + expr: |- + sum(increase(container_cpu_cfs_throttled_periods_total{container!="", }[5m])) by (container, pod, namespace) + / + sum(increase(container_cpu_cfs_periods_total{}[5m])) by (container, pod, namespace) + > ( 25 / 100 ) + for: 15m + labels: + severity: info +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-storage.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-storage.yaml new file mode 100755 index 000000000..527e6e308 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-storage.yaml @@ -0,0 +1,75 @@ +{{- /* +Generated from 'kubernetes-storage' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesStorage }} +{{- $targetNamespace := .Values.defaultRules.appNamespacesTarget }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-storage" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kubernetes-storage + rules: + - alert: KubePersistentVolumeFillingUp + annotations: + description: The PersistentVolume claimed by {{`{{`}} $labels.persistentvolumeclaim {{`}}`}} in Namespace {{`{{`}} $labels.namespace {{`}}`}} is only {{`{{`}} $value | humanizePercentage {{`}}`}} free. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubepersistentvolumefillingup + summary: PersistentVolume is filling up. + expr: |- + kubelet_volume_stats_available_bytes{job="kubelet", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} + / + kubelet_volume_stats_capacity_bytes{job="kubelet", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} + < 0.03 + for: 1m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubePersistentVolumeFillingUp + annotations: + description: Based on recent sampling, the PersistentVolume claimed by {{`{{`}} $labels.persistentvolumeclaim {{`}}`}} in Namespace {{`{{`}} $labels.namespace {{`}}`}} is expected to fill up within four days. Currently {{`{{`}} $value | humanizePercentage {{`}}`}} is available. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubepersistentvolumefillingup + summary: PersistentVolume is filling up. + expr: |- + ( + kubelet_volume_stats_available_bytes{job="kubelet", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} + / + kubelet_volume_stats_capacity_bytes{job="kubelet", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} + ) < 0.15 + and + predict_linear(kubelet_volume_stats_available_bytes{job="kubelet", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"}[6h], 4 * 24 * 3600) < 0 + for: 1h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubePersistentVolumeErrors + annotations: + description: The persistent volume {{`{{`}} $labels.persistentvolume {{`}}`}} has status {{`{{`}} $labels.phase {{`}}`}}. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubepersistentvolumeerrors + summary: PersistentVolume is having issues with provisioning. + expr: kube_persistentvolume_status_phase{phase=~"Failed|Pending",job="kube-state-metrics"} > 0 + for: 5m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml new file mode 100755 index 000000000..2ed298b35 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml @@ -0,0 +1,98 @@ +{{- /* +Generated from 'kubernetes-system-apiserver' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesSystem }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-system-apiserver" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kubernetes-system-apiserver + rules: + - alert: KubeClientCertificateExpiration + annotations: + description: A client certificate used to authenticate to the apiserver is expiring in less than 7.0 days. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeclientcertificateexpiration + summary: Client certificate is about to expire. + expr: apiserver_client_certificate_expiration_seconds_count{job="apiserver"} > 0 and on(job) histogram_quantile(0.01, sum by (job, le) (rate(apiserver_client_certificate_expiration_seconds_bucket{job="apiserver"}[5m]))) < 604800 + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeClientCertificateExpiration + annotations: + description: A client certificate used to authenticate to the apiserver is expiring in less than 24.0 hours. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeclientcertificateexpiration + summary: Client certificate is about to expire. + expr: apiserver_client_certificate_expiration_seconds_count{job="apiserver"} > 0 and on(job) histogram_quantile(0.01, sum by (job, le) (rate(apiserver_client_certificate_expiration_seconds_bucket{job="apiserver"}[5m]))) < 86400 + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: AggregatedAPIErrors + annotations: + description: An aggregated API {{`{{`}} $labels.name {{`}}`}}/{{`{{`}} $labels.namespace {{`}}`}} has reported errors. It has appeared unavailable {{`{{`}} $value | humanize {{`}}`}} times averaged over the past 10m. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-aggregatedapierrors + summary: An aggregated API has reported errors. + expr: sum by(name, namespace)(increase(aggregator_unavailable_apiservice_count[10m])) > 4 + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: AggregatedAPIDown + annotations: + description: An aggregated API {{`{{`}} $labels.name {{`}}`}}/{{`{{`}} $labels.namespace {{`}}`}} has been only {{`{{`}} $value | humanize {{`}}`}}% available over the last 10m. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-aggregatedapidown + summary: An aggregated API is down. + expr: (1 - max by(name, namespace)(avg_over_time(aggregator_unavailable_apiservice[10m]))) * 100 < 85 + for: 5m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- if .Values.kubeApiServer.enabled }} + - alert: KubeAPIDown + annotations: + description: KubeAPI has disappeared from Prometheus target discovery. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeapidown + summary: Target disappeared from Prometheus target discovery. + expr: absent(up{job="apiserver"} == 1) + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} + - alert: KubeAPITerminatedRequests + annotations: + description: The apiserver has terminated {{`{{`}} $value | humanizePercentage {{`}}`}} of its incoming requests. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeapiterminatedrequests + summary: The apiserver has terminated {{`{{`}} $value | humanizePercentage {{`}}`}} of its incoming requests. + expr: sum(rate(apiserver_request_terminations_total{job="apiserver"}[10m])) / ( sum(rate(apiserver_request_total{job="apiserver"}[10m])) + sum(rate(apiserver_request_terminations_total{job="apiserver"}[10m])) ) > 0.20 + for: 5m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml new file mode 100755 index 000000000..bbb5f9e23 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml @@ -0,0 +1,43 @@ +{{- /* +Generated from 'kubernetes-system-controller-manager' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create }} +{{- if (include "exporter.kubeControllerManager.enabled" .)}} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-system-controller-manager" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kubernetes-system-controller-manager + rules: +{{- if (include "exporter.kubeControllerManager.enabled" .)}} + - alert: KubeControllerManagerDown + annotations: + description: KubeControllerManager has disappeared from Prometheus target discovery. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubecontrollermanagerdown + summary: Target disappeared from Prometheus target discovery. + expr: absent(up{job="{{ include "exporter.kubeControllerManager.jobName" . }}"} == 1) + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml new file mode 100755 index 000000000..4d536ec2d --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml @@ -0,0 +1,188 @@ +{{- /* +Generated from 'kubernetes-system-kubelet' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesSystem }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-system-kubelet" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kubernetes-system-kubelet + rules: + - alert: KubeNodeNotReady + annotations: + description: '{{`{{`}} $labels.node {{`}}`}} has been unready for more than 15 minutes.' + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubenodenotready + summary: Node is not ready. + expr: kube_node_status_condition{job="kube-state-metrics",condition="Ready",status="true"} == 0 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeNodeUnreachable + annotations: + description: '{{`{{`}} $labels.node {{`}}`}} is unreachable and some workloads may be rescheduled.' + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubenodeunreachable + summary: Node is unreachable. + expr: (kube_node_spec_taint{job="kube-state-metrics",key="node.kubernetes.io/unreachable",effect="NoSchedule"} unless ignoring(key,value) kube_node_spec_taint{job="kube-state-metrics",key=~"ToBeDeletedByClusterAutoscaler|cloud.google.com/impending-node-termination|aws-node-termination-handler/spot-itn"}) == 1 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeletTooManyPods + annotations: + description: Kubelet '{{`{{`}} $labels.node {{`}}`}}' is running at {{`{{`}} $value | humanizePercentage {{`}}`}} of its Pod capacity. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubelettoomanypods + summary: Kubelet is running at capacity. + expr: |- + count by(node) ( + (kube_pod_status_phase{job="kube-state-metrics",phase="Running"} == 1) * on(instance,pod,namespace,cluster) group_left(node) topk by(instance,pod,namespace,cluster) (1, kube_pod_info{job="kube-state-metrics"}) + ) + / + max by(node) ( + kube_node_status_capacity_pods{job="kube-state-metrics"} != 1 + ) > 0.95 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeNodeReadinessFlapping + annotations: + description: The readiness status of node {{`{{`}} $labels.node {{`}}`}} has changed {{`{{`}} $value {{`}}`}} times in the last 15 minutes. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubenodereadinessflapping + summary: Node readiness status is flapping. + expr: sum(changes(kube_node_status_condition{status="true",condition="Ready"}[15m])) by (node) > 2 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeletPlegDurationHigh + annotations: + description: The Kubelet Pod Lifecycle Event Generator has a 99th percentile duration of {{`{{`}} $value {{`}}`}} seconds on node {{`{{`}} $labels.node {{`}}`}}. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeletplegdurationhigh + summary: Kubelet Pod Lifecycle Event Generator is taking too long to relist. + expr: node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile{quantile="0.99"} >= 10 + for: 5m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeletPodStartUpLatencyHigh + annotations: + description: Kubelet Pod startup 99th percentile latency is {{`{{`}} $value {{`}}`}} seconds on node {{`{{`}} $labels.node {{`}}`}}. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeletpodstartuplatencyhigh + summary: Kubelet Pod startup latency is too high. + expr: histogram_quantile(0.99, sum(rate(kubelet_pod_worker_duration_seconds_bucket{job="kubelet", metrics_path="/metrics"}[5m])) by (instance, le)) * on(instance) group_left(node) kubelet_node_name{job="kubelet", metrics_path="/metrics"} > 60 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeletClientCertificateExpiration + annotations: + description: Client certificate for Kubelet on node {{`{{`}} $labels.node {{`}}`}} expires in {{`{{`}} $value | humanizeDuration {{`}}`}}. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeletclientcertificateexpiration + summary: Kubelet client certificate is about to expire. + expr: kubelet_certificate_manager_client_ttl_seconds < 604800 + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeletClientCertificateExpiration + annotations: + description: Client certificate for Kubelet on node {{`{{`}} $labels.node {{`}}`}} expires in {{`{{`}} $value | humanizeDuration {{`}}`}}. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeletclientcertificateexpiration + summary: Kubelet client certificate is about to expire. + expr: kubelet_certificate_manager_client_ttl_seconds < 86400 + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeletServerCertificateExpiration + annotations: + description: Server certificate for Kubelet on node {{`{{`}} $labels.node {{`}}`}} expires in {{`{{`}} $value | humanizeDuration {{`}}`}}. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeletservercertificateexpiration + summary: Kubelet server certificate is about to expire. + expr: kubelet_certificate_manager_server_ttl_seconds < 604800 + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeletServerCertificateExpiration + annotations: + description: Server certificate for Kubelet on node {{`{{`}} $labels.node {{`}}`}} expires in {{`{{`}} $value | humanizeDuration {{`}}`}}. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeletservercertificateexpiration + summary: Kubelet server certificate is about to expire. + expr: kubelet_certificate_manager_server_ttl_seconds < 86400 + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeletClientCertificateRenewalErrors + annotations: + description: Kubelet on node {{`{{`}} $labels.node {{`}}`}} has failed to renew its client certificate ({{`{{`}} $value | humanize {{`}}`}} errors in the last 5 minutes). + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeletclientcertificaterenewalerrors + summary: Kubelet has failed to renew its client certificate. + expr: increase(kubelet_certificate_manager_client_expiration_renew_errors[5m]) > 0 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeletServerCertificateRenewalErrors + annotations: + description: Kubelet on node {{`{{`}} $labels.node {{`}}`}} has failed to renew its server certificate ({{`{{`}} $value | humanize {{`}}`}} errors in the last 5 minutes). + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeletservercertificaterenewalerrors + summary: Kubelet has failed to renew its server certificate. + expr: increase(kubelet_server_expiration_renew_errors[5m]) > 0 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- if .Values.prometheusOperator.kubeletService.enabled }} + - alert: KubeletDown + annotations: + description: Kubelet has disappeared from Prometheus target discovery. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeletdown + summary: Target disappeared from Prometheus target discovery. + expr: absent(up{job="kubelet", metrics_path="/metrics"} == 1) + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml new file mode 100755 index 000000000..f4f5589f4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml @@ -0,0 +1,43 @@ +{{- /* +Generated from 'kubernetes-system-scheduler' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubeScheduler }} +{{- if (include "exporter.kubeScheduler.enabled" .)}} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-system-scheduler" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kubernetes-system-scheduler + rules: +{{- if (include "exporter.kubeScheduler.enabled" .)}} + - alert: KubeSchedulerDown + annotations: + description: KubeScheduler has disappeared from Prometheus target discovery. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeschedulerdown + summary: Target disappeared from Prometheus target discovery. + expr: absent(up{job="{{ include "exporter.kubeScheduler.jobName" . }}"} == 1) + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-system.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-system.yaml new file mode 100755 index 000000000..52230c62e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/kubernetes-system.yaml @@ -0,0 +1,55 @@ +{{- /* +Generated from 'kubernetes-system' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesSystem }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-system" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kubernetes-system + rules: + - alert: KubeVersionMismatch + annotations: + description: There are {{`{{`}} $value {{`}}`}} different semantic versions of Kubernetes components running. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeversionmismatch + summary: Different semantic versions of Kubernetes components running. + expr: count(count by (gitVersion) (label_replace(kubernetes_build_info{job!~"kube-dns|coredns"},"gitVersion","$1","gitVersion","(v[0-9]*.[0-9]*).*"))) > 1 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeClientErrors + annotations: + description: Kubernetes API server client '{{`{{`}} $labels.job {{`}}`}}/{{`{{`}} $labels.instance {{`}}`}}' is experiencing {{`{{`}} $value | humanizePercentage {{`}}`}} errors.' + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeclienterrors + summary: Kubernetes API server client is experiencing errors. + expr: |- + (sum(rate(rest_client_requests_total{code=~"5.."}[5m])) by (instance, job) + / + sum(rate(rest_client_requests_total[5m])) by (instance, job)) + > 0.01 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/node-exporter.rules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/node-exporter.rules.yaml new file mode 100755 index 000000000..ddb737647 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/node-exporter.rules.yaml @@ -0,0 +1,79 @@ +{{- /* +Generated from 'node-exporter.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/node-exporter-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.node }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "node-exporter.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: node-exporter.rules + rules: + - expr: |- + count without (cpu) ( + count without (mode) ( + node_cpu_seconds_total{job="node-exporter"} + ) + ) + record: instance:node_num_cpu:sum + - expr: |- + 1 - avg without (cpu, mode) ( + rate(node_cpu_seconds_total{job="node-exporter", mode="idle"}[1m]) + ) + record: instance:node_cpu_utilisation:rate1m + - expr: |- + ( + node_load1{job="node-exporter"} + / + instance:node_num_cpu:sum{job="node-exporter"} + ) + record: instance:node_load1_per_cpu:ratio + - expr: |- + 1 - ( + node_memory_MemAvailable_bytes{job="node-exporter"} + / + node_memory_MemTotal_bytes{job="node-exporter"} + ) + record: instance:node_memory_utilisation:ratio + - expr: rate(node_vmstat_pgmajfault{job="node-exporter"}[1m]) + record: instance:node_vmstat_pgmajfault:rate1m + - expr: rate(node_disk_io_time_seconds_total{job="node-exporter", device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"}[1m]) + record: instance_device:node_disk_io_time_seconds:rate1m + - expr: rate(node_disk_io_time_weighted_seconds_total{job="node-exporter", device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"}[1m]) + record: instance_device:node_disk_io_time_weighted_seconds:rate1m + - expr: |- + sum without (device) ( + rate(node_network_receive_bytes_total{job="node-exporter", device!="lo"}[1m]) + ) + record: instance:node_network_receive_bytes_excluding_lo:rate1m + - expr: |- + sum without (device) ( + rate(node_network_transmit_bytes_total{job="node-exporter", device!="lo"}[1m]) + ) + record: instance:node_network_transmit_bytes_excluding_lo:rate1m + - expr: |- + sum without (device) ( + rate(node_network_receive_drop_total{job="node-exporter", device!="lo"}[1m]) + ) + record: instance:node_network_receive_drop_excluding_lo:rate1m + - expr: |- + sum without (device) ( + rate(node_network_transmit_drop_total{job="node-exporter", device!="lo"}[1m]) + ) + record: instance:node_network_transmit_drop_excluding_lo:rate1m +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/node-exporter.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/node-exporter.yaml new file mode 100755 index 000000000..3be497c1f --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/node-exporter.yaml @@ -0,0 +1,262 @@ +{{- /* +Generated from 'node-exporter' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/node-exporter-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.node }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "node-exporter" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: node-exporter + rules: + - alert: NodeFilesystemSpaceFillingUp + annotations: + description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available space left and is filling up. + summary: Filesystem is predicted to run out of space within the next 24 hours. + expr: |- + ( + node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 40 + and + predict_linear(node_filesystem_avail_bytes{job="node-exporter",fstype!=""}[6h], 24*60*60) < 0 + and + node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 + ) + for: 1h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeFilesystemSpaceFillingUp + annotations: + description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available space left and is filling up fast. + summary: Filesystem is predicted to run out of space within the next 4 hours. + expr: |- + ( + node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 15 + and + predict_linear(node_filesystem_avail_bytes{job="node-exporter",fstype!=""}[6h], 4*60*60) < 0 + and + node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 + ) + for: 1h + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeFilesystemAlmostOutOfSpace + annotations: + description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available space left. + summary: Filesystem has less than 5% space left. + expr: |- + ( + node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 5 + and + node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 + ) + for: 1h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeFilesystemAlmostOutOfSpace + annotations: + description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available space left. + summary: Filesystem has less than 3% space left. + expr: |- + ( + node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 3 + and + node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 + ) + for: 1h + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeFilesystemFilesFillingUp + annotations: + description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available inodes left and is filling up. + summary: Filesystem is predicted to run out of inodes within the next 24 hours. + expr: |- + ( + node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 40 + and + predict_linear(node_filesystem_files_free{job="node-exporter",fstype!=""}[6h], 24*60*60) < 0 + and + node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 + ) + for: 1h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeFilesystemFilesFillingUp + annotations: + description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available inodes left and is filling up fast. + summary: Filesystem is predicted to run out of inodes within the next 4 hours. + expr: |- + ( + node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 20 + and + predict_linear(node_filesystem_files_free{job="node-exporter",fstype!=""}[6h], 4*60*60) < 0 + and + node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 + ) + for: 1h + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeFilesystemAlmostOutOfFiles + annotations: + description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available inodes left. + summary: Filesystem has less than 5% inodes left. + expr: |- + ( + node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 5 + and + node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 + ) + for: 1h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeFilesystemAlmostOutOfFiles + annotations: + description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available inodes left. + summary: Filesystem has less than 3% inodes left. + expr: |- + ( + node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 3 + and + node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 + ) + for: 1h + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeNetworkReceiveErrs + annotations: + description: '{{`{{`}} $labels.instance {{`}}`}} interface {{`{{`}} $labels.device {{`}}`}} has encountered {{`{{`}} printf "%.0f" $value {{`}}`}} receive errors in the last two minutes.' + summary: Network interface is reporting many receive errors. + expr: rate(node_network_receive_errs_total[2m]) / rate(node_network_receive_packets_total[2m]) > 0.01 + for: 1h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeNetworkTransmitErrs + annotations: + description: '{{`{{`}} $labels.instance {{`}}`}} interface {{`{{`}} $labels.device {{`}}`}} has encountered {{`{{`}} printf "%.0f" $value {{`}}`}} transmit errors in the last two minutes.' + summary: Network interface is reporting many transmit errors. + expr: rate(node_network_transmit_errs_total[2m]) / rate(node_network_transmit_packets_total[2m]) > 0.01 + for: 1h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeHighNumberConntrackEntriesUsed + annotations: + description: '{{`{{`}} $value | humanizePercentage {{`}}`}} of conntrack entries are used.' + summary: Number of conntrack are getting close to the limit. + expr: (node_nf_conntrack_entries / node_nf_conntrack_entries_limit) > 0.75 + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeTextFileCollectorScrapeError + annotations: + description: Node Exporter text file collector failed to scrape. + summary: Node Exporter text file collector failed to scrape. + expr: node_textfile_scrape_error{job="node-exporter"} == 1 + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeClockSkewDetected + annotations: + message: Clock on {{`{{`}} $labels.instance {{`}}`}} is out of sync by more than 300s. Ensure NTP is configured correctly on this host. + summary: Clock skew detected. + expr: |- + ( + node_timex_offset_seconds > 0.05 + and + deriv(node_timex_offset_seconds[5m]) >= 0 + ) + or + ( + node_timex_offset_seconds < -0.05 + and + deriv(node_timex_offset_seconds[5m]) <= 0 + ) + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeClockNotSynchronising + annotations: + message: Clock on {{`{{`}} $labels.instance {{`}}`}} is not synchronising. Ensure NTP is configured on this host. + summary: Clock not synchronising. + expr: |- + min_over_time(node_timex_sync_status[5m]) == 0 + and + node_timex_maxerror_seconds >= 16 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeRAIDDegraded + annotations: + description: RAID array '{{`{{`}} $labels.device {{`}}`}}' on {{`{{`}} $labels.instance {{`}}`}} is in degraded state due to one or more disks failures. Number of spare drives is insufficient to fix issue automatically. + summary: RAID Array is degraded + expr: node_md_disks_required - ignoring (state) (node_md_disks{state="active"}) > 0 + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeRAIDDiskFailure + annotations: + description: At least one device in RAID array on {{`{{`}} $labels.instance {{`}}`}} failed. Array '{{`{{`}} $labels.device {{`}}`}}' needs attention and possibly a disk swap. + summary: Failed device in RAID array + expr: node_md_disks{state="fail"} > 0 + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/node-network.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/node-network.yaml new file mode 100755 index 000000000..9a6955ae9 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/node-network.yaml @@ -0,0 +1,37 @@ +{{- /* +Generated from 'node-network' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.network }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "node-network" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: node-network + rules: + - alert: NodeNetworkInterfaceFlapping + annotations: + message: Network interface "{{`{{`}} $labels.device {{`}}`}}" changing it's up status often on node-exporter {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}}" + expr: changes(node_network_up{job="node-exporter",device!~"veth.+"}[2m]) > 2 + for: 2m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/node.rules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/node.rules.yaml new file mode 100755 index 000000000..c841e6f6e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/node.rules.yaml @@ -0,0 +1,51 @@ +{{- /* +Generated from 'node.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.node }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "node.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: node.rules + rules: + - expr: |- + topk by(namespace, pod) (1, + max by (node, namespace, pod) ( + label_replace(kube_pod_info{job="kube-state-metrics",node!=""}, "pod", "$1", "pod", "(.*)") + )) + record: 'node_namespace_pod:kube_pod_info:' + - expr: |- + count by (cluster, node) (sum by (node, cpu) ( + node_cpu_seconds_total{job="node-exporter"} + * on (namespace, pod) group_left(node) + node_namespace_pod:kube_pod_info: + )) + record: node:node_num_cpu:sum + - expr: |- + sum( + node_memory_MemAvailable_bytes{job="node-exporter"} or + ( + node_memory_Buffers_bytes{job="node-exporter"} + + node_memory_Cached_bytes{job="node-exporter"} + + node_memory_MemFree_bytes{job="node-exporter"} + + node_memory_Slab_bytes{job="node-exporter"} + ) + ) by (cluster) + record: :node_memory_MemAvailable_bytes:sum +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/prometheus-operator.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/prometheus-operator.yaml new file mode 100755 index 000000000..d1c1f6545 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/prometheus-operator.yaml @@ -0,0 +1,113 @@ +{{- /* +Generated from 'prometheus-operator' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.prometheusOperator }} +{{- $operatorJob := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "operator" }} +{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus-operator" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: prometheus-operator + rules: + - alert: PrometheusOperatorListErrors + annotations: + description: Errors while performing List operations in controller {{`{{`}}$labels.controller{{`}}`}} in {{`{{`}}$labels.namespace{{`}}`}} namespace. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusoperatorlisterrors + summary: Errors while performing list operations in controller. + expr: (sum by (controller,namespace) (rate(prometheus_operator_list_operations_failed_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[10m])) / sum by (controller,namespace) (rate(prometheus_operator_list_operations_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[10m]))) > 0.4 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusOperatorWatchErrors + annotations: + description: Errors while performing watch operations in controller {{`{{`}}$labels.controller{{`}}`}} in {{`{{`}}$labels.namespace{{`}}`}} namespace. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusoperatorwatcherrors + summary: Errors while performing watch operations in controller. + expr: (sum by (controller,namespace) (rate(prometheus_operator_watch_operations_failed_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[10m])) / sum by (controller,namespace) (rate(prometheus_operator_watch_operations_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[10m]))) > 0.4 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusOperatorSyncFailed + annotations: + description: Controller {{`{{`}} $labels.controller {{`}}`}} in {{`{{`}} $labels.namespace {{`}}`}} namespace fails to reconcile {{`{{`}} $value {{`}}`}} objects. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusoperatorsyncfailed + summary: Last controller reconciliation failed + expr: min_over_time(prometheus_operator_syncs{status="failed",job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]) > 0 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusOperatorReconcileErrors + annotations: + description: '{{`{{`}} $value | humanizePercentage {{`}}`}} of reconciling operations failed for {{`{{`}} $labels.controller {{`}}`}} controller in {{`{{`}} $labels.namespace {{`}}`}} namespace.' + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusoperatorreconcileerrors + summary: Errors while reconciling controller. + expr: (sum by (controller,namespace) (rate(prometheus_operator_reconcile_errors_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]))) / (sum by (controller,namespace) (rate(prometheus_operator_reconcile_operations_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]))) > 0.1 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusOperatorNodeLookupErrors + annotations: + description: Errors while reconciling Prometheus in {{`{{`}} $labels.namespace {{`}}`}} Namespace. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusoperatornodelookuperrors + summary: Errors while reconciling Prometheus. + expr: rate(prometheus_operator_node_address_lookup_errors_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]) > 0.1 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusOperatorNotReady + annotations: + description: Prometheus operator in {{`{{`}} $labels.namespace {{`}}`}} namespace isn't ready to reconcile {{`{{`}} $labels.controller {{`}}`}} resources. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusoperatornotready + summary: Prometheus operator not ready + expr: min by(namespace, controller) (max_over_time(prometheus_operator_ready{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]) == 0) + for: 5m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusOperatorRejectedResources + annotations: + description: Prometheus operator in {{`{{`}} $labels.namespace {{`}}`}} namespace rejected {{`{{`}} printf "%0.0f" $value {{`}}`}} {{`{{`}} $labels.controller {{`}}`}}/{{`{{`}} $labels.resource {{`}}`}} resources. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusoperatorrejectedresources + summary: Resources rejected by Prometheus operator + expr: min_over_time(prometheus_operator_managed_resources{state="rejected",job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]) > 0 + for: 5m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/prometheus.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/prometheus.yaml new file mode 100755 index 000000000..c9c805eea --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules-1.14/prometheus.yaml @@ -0,0 +1,258 @@ +{{- /* +Generated from 'prometheus' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.prometheus }} +{{- $prometheusJob := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus" }} +{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: prometheus + rules: + - alert: PrometheusBadConfig + annotations: + description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has failed to reload its configuration. + summary: Failed Prometheus configuration reload. + expr: |- + # Without max_over_time, failed scrapes could create false negatives, see + # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. + max_over_time(prometheus_config_last_reload_successful{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) == 0 + for: 10m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusNotificationQueueRunningFull + annotations: + description: Alert notification queue of Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} is running full. + summary: Prometheus alert notification queue predicted to run full in less than 30m. + expr: |- + # Without min_over_time, failed scrapes could create false negatives, see + # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. + ( + predict_linear(prometheus_notifications_queue_length{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m], 60 * 30) + > + min_over_time(prometheus_notifications_queue_capacity{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) + ) + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusErrorSendingAlertsToSomeAlertmanagers + annotations: + description: '{{`{{`}} printf "%.1f" $value {{`}}`}}% errors while sending alerts from Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} to Alertmanager {{`{{`}}$labels.alertmanager{{`}}`}}.' + summary: Prometheus has encountered more than 1% errors sending alerts to a specific Alertmanager. + expr: |- + ( + rate(prometheus_notifications_errors_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) + / + rate(prometheus_notifications_sent_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) + ) + * 100 + > 1 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusErrorSendingAlertsToAnyAlertmanager + annotations: + description: '{{`{{`}} printf "%.1f" $value {{`}}`}}% minimum errors while sending alerts from Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} to any Alertmanager.' + summary: Prometheus encounters more than 3% errors sending alerts to any Alertmanager. + expr: |- + min without(alertmanager) ( + rate(prometheus_notifications_errors_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) + / + rate(prometheus_notifications_sent_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) + ) + * 100 + > 3 + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusNotConnectedToAlertmanagers + annotations: + description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} is not connected to any Alertmanagers. + summary: Prometheus is not connected to any Alertmanagers. + expr: |- + # Without max_over_time, failed scrapes could create false negatives, see + # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. + max_over_time(prometheus_notifications_alertmanagers_discovered{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) < 1 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusTSDBReloadsFailing + annotations: + description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has detected {{`{{`}}$value | humanize{{`}}`}} reload failures over the last 3h. + summary: Prometheus has issues reloading blocks from disk. + expr: increase(prometheus_tsdb_reloads_failures_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[3h]) > 0 + for: 4h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusTSDBCompactionsFailing + annotations: + description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has detected {{`{{`}}$value | humanize{{`}}`}} compaction failures over the last 3h. + summary: Prometheus has issues compacting blocks. + expr: increase(prometheus_tsdb_compactions_failed_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[3h]) > 0 + for: 4h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusNotIngestingSamples + annotations: + description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} is not ingesting samples. + summary: Prometheus is not ingesting samples. + expr: rate(prometheus_tsdb_head_samples_appended_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) <= 0 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusDuplicateTimestamps + annotations: + description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} is dropping {{`{{`}} printf "%.4g" $value {{`}}`}} samples/s with different values but duplicated timestamp. + summary: Prometheus is dropping samples with duplicate timestamps. + expr: rate(prometheus_target_scrapes_sample_duplicate_timestamp_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusOutOfOrderTimestamps + annotations: + description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} is dropping {{`{{`}} printf "%.4g" $value {{`}}`}} samples/s with timestamps arriving out of order. + summary: Prometheus drops samples with out-of-order timestamps. + expr: rate(prometheus_target_scrapes_sample_out_of_order_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusRemoteStorageFailures + annotations: + description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} failed to send {{`{{`}} printf "%.1f" $value {{`}}`}}% of the samples to {{`{{`}} $labels.remote_name{{`}}`}}:{{`{{`}} $labels.url {{`}}`}} + summary: Prometheus fails to send samples to remote storage. + expr: |- + ( + rate(prometheus_remote_storage_failed_samples_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) + / + ( + rate(prometheus_remote_storage_failed_samples_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) + + + rate(prometheus_remote_storage_succeeded_samples_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) + ) + ) + * 100 + > 1 + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusRemoteWriteBehind + annotations: + description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} remote write is {{`{{`}} printf "%.1f" $value {{`}}`}}s behind for {{`{{`}} $labels.remote_name{{`}}`}}:{{`{{`}} $labels.url {{`}}`}}. + summary: Prometheus remote write is behind. + expr: |- + # Without max_over_time, failed scrapes could create false negatives, see + # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. + ( + max_over_time(prometheus_remote_storage_highest_timestamp_in_seconds{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) + - on(job, instance) group_right + max_over_time(prometheus_remote_storage_queue_highest_sent_timestamp_seconds{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) + ) + > 120 + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusRemoteWriteDesiredShards + annotations: + description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} remote write desired shards calculation wants to run {{`{{`}} $value {{`}}`}} shards for queue {{`{{`}} $labels.remote_name{{`}}`}}:{{`{{`}} $labels.url {{`}}`}}, which is more than the max of {{`{{`}} printf `prometheus_remote_storage_shards_max{instance="%s",job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}` $labels.instance | query | first | value {{`}}`}}. + summary: Prometheus remote write desired shards calculation wants to run more than configured max shards. + expr: |- + # Without max_over_time, failed scrapes could create false negatives, see + # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. + ( + max_over_time(prometheus_remote_storage_shards_desired{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) + > + max_over_time(prometheus_remote_storage_shards_max{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) + ) + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusRuleFailures + annotations: + description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has failed to evaluate {{`{{`}} printf "%.0f" $value {{`}}`}} rules in the last 5m. + summary: Prometheus is failing rule evaluations. + expr: increase(prometheus_rule_evaluation_failures_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0 + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusMissingRuleEvaluations + annotations: + description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has missed {{`{{`}} printf "%.0f" $value {{`}}`}} rule group evaluations in the last 5m. + summary: Prometheus is missing rule evaluations due to slow rule group evaluation. + expr: increase(prometheus_rule_group_iterations_missed_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusTargetLimitHit + annotations: + description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has dropped {{`{{`}} printf "%.0f" $value {{`}}`}} targets because the number of targets exceeded the configured target_limit. + summary: Prometheus has dropped targets because some scrape configs have exceeded the targets limit. + expr: increase(prometheus_target_scrape_pool_exceeded_target_limit_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/alertmanager.rules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/alertmanager.rules.yaml new file mode 100755 index 000000000..71159849c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/alertmanager.rules.yaml @@ -0,0 +1,63 @@ +{{- /* +Generated from 'alertmanager.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.alertmanager }} +{{- $operatorJob := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "operator" }} +{{- $alertmanagerJob := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "alertmanager" }} +{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "alertmanager.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: alertmanager.rules + rules: + - alert: AlertmanagerConfigInconsistent + annotations: + message: The configuration of the instances of the Alertmanager cluster `{{`{{`}}$labels.service{{`}}`}}` are out of sync. + expr: count_values("config_hash", alertmanager_config_hash{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}) BY (service) / ON(service) GROUP_LEFT() label_replace(max(prometheus_operator_spec_replicas{job="{{ $operatorJob }}",namespace="{{ $namespace }}",controller="alertmanager"}) by (name, job, namespace, controller), "service", "$1", "name", "(.*)") != 1 + for: 5m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: AlertmanagerFailedReload + annotations: + message: Reloading Alertmanager's configuration has failed for {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod{{`}}`}}. + expr: alertmanager_config_last_reload_successful{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"} == 0 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: AlertmanagerMembersInconsistent + annotations: + message: Alertmanager has not found all other members of the cluster. + expr: |- + alertmanager_cluster_members{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"} + != on (service) GROUP_LEFT() + count by (service) (alertmanager_cluster_members{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}) + for: 5m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/etcd.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/etcd.yaml new file mode 100755 index 000000000..048410bc3 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/etcd.yaml @@ -0,0 +1,181 @@ +{{- /* +Generated from 'etcd' group from https://raw.githubusercontent.com/etcd-io/website/master/content/docs/v3.4.0/op-guide/etcd3_alert.rules.yml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.etcd }} +{{- if (include "exporter.kubeEtcd.enabled" .)}} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "etcd" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: etcd + rules: + - alert: etcdInsufficientMembers + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": insufficient members ({{`{{`}} $value {{`}}`}}).' + expr: sum(up{job=~".*etcd.*"} == bool 1) by (job) < ((count(up{job=~".*etcd.*"}) by (job) + 1) / 2) + for: 3m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdNoLeader + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": member {{`{{`}} $labels.instance {{`}}`}} has no leader.' + expr: etcd_server_has_leader{job=~".*etcd.*"} == 0 + for: 1m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHighNumberOfLeaderChanges + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": instance {{`{{`}} $labels.instance {{`}}`}} has seen {{`{{`}} $value {{`}}`}} leader changes within the last hour.' + expr: rate(etcd_server_leader_changes_seen_total{job=~".*etcd.*"}[15m]) > 3 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHighNumberOfFailedGRPCRequests + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": {{`{{`}} $value {{`}}`}}% of requests for {{`{{`}} $labels.grpc_method {{`}}`}} failed on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' + expr: |- + 100 * sum(rate(grpc_server_handled_total{job=~".*etcd.*", grpc_code!="OK"}[5m])) BY (job, instance, grpc_service, grpc_method) + / + sum(rate(grpc_server_handled_total{job=~".*etcd.*"}[5m])) BY (job, instance, grpc_service, grpc_method) + > 1 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHighNumberOfFailedGRPCRequests + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": {{`{{`}} $value {{`}}`}}% of requests for {{`{{`}} $labels.grpc_method {{`}}`}} failed on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' + expr: |- + 100 * sum(rate(grpc_server_handled_total{job=~".*etcd.*", grpc_code!="OK"}[5m])) BY (job, instance, grpc_service, grpc_method) + / + sum(rate(grpc_server_handled_total{job=~".*etcd.*"}[5m])) BY (job, instance, grpc_service, grpc_method) + > 5 + for: 5m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdGRPCRequestsSlow + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": gRPC requests to {{`{{`}} $labels.grpc_method {{`}}`}} are taking {{`{{`}} $value {{`}}`}}s on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' + expr: |- + histogram_quantile(0.99, sum(rate(grpc_server_handling_seconds_bucket{job=~".*etcd.*", grpc_type="unary"}[5m])) by (job, instance, grpc_service, grpc_method, le)) + > 0.15 + for: 10m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdMemberCommunicationSlow + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": member communication with {{`{{`}} $labels.To {{`}}`}} is taking {{`{{`}} $value {{`}}`}}s on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' + expr: |- + histogram_quantile(0.99, rate(etcd_network_peer_round_trip_time_seconds_bucket{job=~".*etcd.*"}[5m])) + > 0.15 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHighNumberOfFailedProposals + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": {{`{{`}} $value {{`}}`}} proposal failures within the last hour on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' + expr: rate(etcd_server_proposals_failed_total{job=~".*etcd.*"}[15m]) > 5 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHighFsyncDurations + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": 99th percentile fync durations are {{`{{`}} $value {{`}}`}}s on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' + expr: |- + histogram_quantile(0.99, rate(etcd_disk_wal_fsync_duration_seconds_bucket{job=~".*etcd.*"}[5m])) + > 0.5 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHighCommitDurations + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": 99th percentile commit durations {{`{{`}} $value {{`}}`}}s on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' + expr: |- + histogram_quantile(0.99, rate(etcd_disk_backend_commit_duration_seconds_bucket{job=~".*etcd.*"}[5m])) + > 0.25 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHighNumberOfFailedHTTPRequests + annotations: + message: '{{`{{`}} $value {{`}}`}}% of requests for {{`{{`}} $labels.method {{`}}`}} failed on etcd instance {{`{{`}} $labels.instance {{`}}`}}' + expr: |- + sum(rate(etcd_http_failed_total{job=~".*etcd.*", code!="404"}[5m])) BY (method) / sum(rate(etcd_http_received_total{job=~".*etcd.*"}[5m])) + BY (method) > 0.01 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHighNumberOfFailedHTTPRequests + annotations: + message: '{{`{{`}} $value {{`}}`}}% of requests for {{`{{`}} $labels.method {{`}}`}} failed on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' + expr: |- + sum(rate(etcd_http_failed_total{job=~".*etcd.*", code!="404"}[5m])) BY (method) / sum(rate(etcd_http_received_total{job=~".*etcd.*"}[5m])) + BY (method) > 0.05 + for: 10m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHTTPRequestsSlow + annotations: + message: etcd instance {{`{{`}} $labels.instance {{`}}`}} HTTP requests to {{`{{`}} $labels.method {{`}}`}} are slow. + expr: |- + histogram_quantile(0.99, rate(etcd_http_successful_duration_seconds_bucket[5m])) + > 0.15 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/general.rules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/general.rules.yaml new file mode 100755 index 000000000..cde6feb5c --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/general.rules.yaml @@ -0,0 +1,56 @@ +{{- /* +Generated from 'general.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.general }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "general.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: general.rules + rules: + - alert: TargetDown + annotations: + message: '{{`{{`}} $value {{`}}`}}% of the {{`{{`}} $labels.job {{`}}`}} targets are down.' + expr: 100 * (count(up == 0) BY (job) / count(up) BY (job)) > 10 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: Watchdog + annotations: + message: 'This is an alert meant to ensure that the entire alerting pipeline is functional. + + This alert is always firing, therefore it should always be firing in Alertmanager + + and always fire against a receiver. There are integrations with various notification + + mechanisms that send a notification when this alert is not firing. For example the + + "DeadMansSnitch" integration in PagerDuty. + + ' + expr: vector(1) + labels: + severity: none +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/k8s.rules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/k8s.rules.yaml new file mode 100755 index 000000000..08aa7fe2b --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/k8s.rules.yaml @@ -0,0 +1,83 @@ +{{- /* +Generated from 'k8s.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.k8s }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "k8s.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: k8s.rules + rules: + - expr: sum(rate(container_cpu_usage_seconds_total{job="kubelet", image!="", container_name!=""}[5m])) by (namespace) + record: namespace:container_cpu_usage_seconds_total:sum_rate + - expr: sum(container_memory_usage_bytes{job="kubelet", image!="", container_name!=""}) by (namespace) + record: namespace:container_memory_usage_bytes:sum + - expr: |- + sum by (namespace, pod_name, container_name) ( + rate(container_cpu_usage_seconds_total{job="kubelet", image!="", container_name!=""}[5m]) + ) + record: namespace_pod_name_container_name:container_cpu_usage_seconds_total:sum_rate + - expr: |- + sum by(namespace) ( + kube_pod_container_resource_requests_memory_bytes{job="kube-state-metrics"} + * on (endpoint, instance, job, namespace, pod, service) + group_left(phase) (kube_pod_status_phase{phase=~"^(Pending|Running)$"} == 1) + ) + record: namespace_name:kube_pod_container_resource_requests_memory_bytes:sum + - expr: |- + sum by (namespace) ( + kube_pod_container_resource_requests_cpu_cores{job="kube-state-metrics"} + * on (endpoint, instance, job, namespace, pod, service) + group_left(phase) (kube_pod_status_phase{phase=~"^(Pending|Running)$"} == 1) + ) + record: namespace_name:kube_pod_container_resource_requests_cpu_cores:sum + - expr: |- + sum( + label_replace( + label_replace( + kube_pod_owner{job="kube-state-metrics", owner_kind="ReplicaSet"}, + "replicaset", "$1", "owner_name", "(.*)" + ) * on(replicaset, namespace) group_left(owner_name) kube_replicaset_owner{job="kube-state-metrics"}, + "workload", "$1", "owner_name", "(.*)" + ) + ) by (namespace, workload, pod) + labels: + workload_type: deployment + record: mixin_pod_workload + - expr: |- + sum( + label_replace( + kube_pod_owner{job="kube-state-metrics", owner_kind="DaemonSet"}, + "workload", "$1", "owner_name", "(.*)" + ) + ) by (namespace, workload, pod) + labels: + workload_type: daemonset + record: mixin_pod_workload + - expr: |- + sum( + label_replace( + kube_pod_owner{job="kube-state-metrics", owner_kind="StatefulSet"}, + "workload", "$1", "owner_name", "(.*)" + ) + ) by (namespace, workload, pod) + labels: + workload_type: statefulset + record: mixin_pod_workload +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kube-apiserver.rules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kube-apiserver.rules.yaml new file mode 100755 index 000000000..e3a929692 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kube-apiserver.rules.yaml @@ -0,0 +1,39 @@ +{{- /* +Generated from 'kube-apiserver.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.defaultRules.create .Values.kubeApiServer.enabled .Values.defaultRules.rules.kubeApiserver }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-apiserver.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kube-apiserver.rules + rules: + - expr: histogram_quantile(0.99, sum(rate(apiserver_request_latencies_bucket{job="apiserver"}[5m])) without(instance, pod)) / 1e+06 + labels: + quantile: '0.99' + record: cluster_quantile:apiserver_request_latencies:histogram_quantile + - expr: histogram_quantile(0.9, sum(rate(apiserver_request_latencies_bucket{job="apiserver"}[5m])) without(instance, pod)) / 1e+06 + labels: + quantile: '0.9' + record: cluster_quantile:apiserver_request_latencies:histogram_quantile + - expr: histogram_quantile(0.5, sum(rate(apiserver_request_latencies_bucket{job="apiserver"}[5m])) without(instance, pod)) / 1e+06 + labels: + quantile: '0.5' + record: cluster_quantile:apiserver_request_latencies:histogram_quantile +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kube-prometheus-node-alerting.rules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kube-prometheus-node-alerting.rules.yaml new file mode 100755 index 000000000..a8d5400cb --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kube-prometheus-node-alerting.rules.yaml @@ -0,0 +1,47 @@ +{{- /* +Generated from 'kube-prometheus-node-alerting.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubePrometheusNodeAlerting }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-prometheus-node-alerting.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kube-prometheus-node-alerting.rules + rules: + - alert: NodeDiskRunningFull + annotations: + message: Device {{`{{`}} $labels.device {{`}}`}} of node-exporter {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}} will be full within the next 24 hours. + expr: '(node:node_filesystem_usage: > 0.85) and (predict_linear(node:node_filesystem_avail:[6h], 3600 * 24) < 0)' + for: 30m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeDiskRunningFull + annotations: + message: Device {{`{{`}} $labels.device {{`}}`}} of node-exporter {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}} will be full within the next 2 hours. + expr: '(node:node_filesystem_usage: > 0.85) and (predict_linear(node:node_filesystem_avail:[30m], 3600 * 2) < 0)' + for: 10m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kube-prometheus-node-recording.rules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kube-prometheus-node-recording.rules.yaml new file mode 100755 index 000000000..87f072fd0 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kube-prometheus-node-recording.rules.yaml @@ -0,0 +1,41 @@ +{{- /* +Generated from 'kube-prometheus-node-recording.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubePrometheusNodeRecording }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-prometheus-node-recording.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kube-prometheus-node-recording.rules + rules: + - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait"}[3m])) BY (instance) + record: instance:node_cpu:rate:sum + - expr: sum((node_filesystem_size_bytes{mountpoint="/"} - node_filesystem_free_bytes{mountpoint="/"})) BY (instance) + record: instance:node_filesystem_usage:sum + - expr: sum(rate(node_network_receive_bytes_total[3m])) BY (instance) + record: instance:node_network_receive_bytes:rate:sum + - expr: sum(rate(node_network_transmit_bytes_total[3m])) BY (instance) + record: instance:node_network_transmit_bytes:rate:sum + - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait"}[5m])) WITHOUT (cpu, mode) / ON(instance) GROUP_LEFT() count(sum(node_cpu_seconds_total) BY (instance, cpu)) BY (instance) + record: instance:node_cpu:ratio + - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait"}[5m])) + record: cluster:node_cpu:sum_rate5m + - expr: cluster:node_cpu_seconds_total:rate5m / count(sum(node_cpu_seconds_total) BY (instance, cpu)) + record: cluster:node_cpu:ratio +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kube-scheduler.rules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kube-scheduler.rules.yaml new file mode 100755 index 000000000..e8de8ed6e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kube-scheduler.rules.yaml @@ -0,0 +1,65 @@ +{{- /* +Generated from 'kube-scheduler.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubeScheduler }} +{{- if (include "exporter.kubeScheduler.enabled" .)}} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-scheduler.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kube-scheduler.rules + rules: + - expr: histogram_quantile(0.99, sum(rate(scheduler_e2e_scheduling_latency_microseconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) / 1e+06 + labels: + quantile: '0.99' + record: cluster_quantile:scheduler_e2e_scheduling_latency:histogram_quantile + - expr: histogram_quantile(0.99, sum(rate(scheduler_scheduling_algorithm_latency_microseconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) / 1e+06 + labels: + quantile: '0.99' + record: cluster_quantile:scheduler_scheduling_algorithm_latency:histogram_quantile + - expr: histogram_quantile(0.99, sum(rate(scheduler_binding_latency_microseconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) / 1e+06 + labels: + quantile: '0.99' + record: cluster_quantile:scheduler_binding_latency:histogram_quantile + - expr: histogram_quantile(0.9, sum(rate(scheduler_e2e_scheduling_latency_microseconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) / 1e+06 + labels: + quantile: '0.9' + record: cluster_quantile:scheduler_e2e_scheduling_latency:histogram_quantile + - expr: histogram_quantile(0.9, sum(rate(scheduler_scheduling_algorithm_latency_microseconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) / 1e+06 + labels: + quantile: '0.9' + record: cluster_quantile:scheduler_scheduling_algorithm_latency:histogram_quantile + - expr: histogram_quantile(0.9, sum(rate(scheduler_binding_latency_microseconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) / 1e+06 + labels: + quantile: '0.9' + record: cluster_quantile:scheduler_binding_latency:histogram_quantile + - expr: histogram_quantile(0.5, sum(rate(scheduler_e2e_scheduling_latency_microseconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) / 1e+06 + labels: + quantile: '0.5' + record: cluster_quantile:scheduler_e2e_scheduling_latency:histogram_quantile + - expr: histogram_quantile(0.5, sum(rate(scheduler_scheduling_algorithm_latency_microseconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) / 1e+06 + labels: + quantile: '0.5' + record: cluster_quantile:scheduler_scheduling_algorithm_latency:histogram_quantile + - expr: histogram_quantile(0.5, sum(rate(scheduler_binding_latency_microseconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) / 1e+06 + labels: + quantile: '0.5' + record: cluster_quantile:scheduler_binding_latency:histogram_quantile +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kubernetes-absent.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kubernetes-absent.yaml new file mode 100755 index 000000000..85d27cc77 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kubernetes-absent.yaml @@ -0,0 +1,159 @@ +{{- /* +Generated from 'kubernetes-absent' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesAbsent }} +{{- $operatorJob := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "operator" }} +{{- $prometheusJob := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus" }} +{{- $alertmanagerJob := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "alertmanager" }} +{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-absent" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kubernetes-absent + rules: +{{- if .Values.alertmanager.enabled }} + - alert: AlertmanagerDown + annotations: + message: Alertmanager has disappeared from Prometheus target discovery. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-alertmanagerdown + expr: absent(up{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"} == 1) + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} +{{- if .Values.kubeDns.enabled }} + - alert: CoreDNSDown + annotations: + message: CoreDNS has disappeared from Prometheus target discovery. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-corednsdown + expr: absent(up{job="kube-dns"} == 1) + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} +{{- if .Values.kubeApiServer.enabled }} + - alert: KubeAPIDown + annotations: + message: KubeAPI has disappeared from Prometheus target discovery. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeapidown + expr: absent(up{job="apiserver"} == 1) + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} +{{- if (include "exporter.kubeControllerManager.enabled" .)}} + - alert: KubeControllerManagerDown + annotations: + message: KubeControllerManager has disappeared from Prometheus target discovery. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubecontrollermanagerdown + expr: absent(up{job="{{ include "exporter.kubeControllerManager.jobName" . }}"} == 1) + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} +{{- if (include "exporter.kubeScheduler.enabled" .)}} + - alert: KubeSchedulerDown + annotations: + message: KubeScheduler has disappeared from Prometheus target discovery. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeschedulerdown + expr: absent(up{job="{{ include "exporter.kubeScheduler.jobName" . }}"} == 1) + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} +{{- if .Values.kubeStateMetrics.enabled }} + - alert: KubeStateMetricsDown + annotations: + message: KubeStateMetrics has disappeared from Prometheus target discovery. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubestatemetricsdown + expr: absent(up{job="kube-state-metrics"} == 1) + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} +{{- if .Values.prometheusOperator.kubeletService.enabled }} + - alert: KubeletDown + annotations: + message: Kubelet has disappeared from Prometheus target discovery. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeletdown + expr: absent(up{job="kubelet"} == 1) + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} +{{- if .Values.nodeExporter.enabled }} + - alert: NodeExporterDown + annotations: + message: NodeExporter has disappeared from Prometheus target discovery. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-nodeexporterdown + expr: absent(up{job="node-exporter"} == 1) + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} + - alert: PrometheusDown + annotations: + message: Prometheus has disappeared from Prometheus target discovery. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusdown + expr: absent(up{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"} == 1) + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- if .Values.prometheusOperator.enabled }} + - alert: PrometheusOperatorDown + annotations: + message: PrometheusOperator has disappeared from Prometheus target discovery. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusoperatordown + expr: absent(up{job="{{ $operatorJob }}",namespace="{{ $namespace }}"} == 1) + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kubernetes-apps.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kubernetes-apps.yaml new file mode 100755 index 000000000..e7a41ca2a --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kubernetes-apps.yaml @@ -0,0 +1,200 @@ +{{- /* +Generated from 'kubernetes-apps' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesApps }} +{{- $targetNamespace := .Values.defaultRules.appNamespacesTarget }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-apps" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kubernetes-apps + rules: + - alert: KubePodCrashLooping + annotations: + message: Pod {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}} ({{`{{`}} $labels.container {{`}}`}}) is restarting {{`{{`}} printf "%.2f" $value {{`}}`}} times / 5 minutes. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubepodcrashlooping + expr: rate(kube_pod_container_status_restarts_total{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}[15m]) * 60 * 5 > 0 + for: 1h + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubePodNotReady + annotations: + message: Pod {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}} has been in a non-ready state for longer than an hour. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubepodnotready + expr: sum by (namespace, pod) (kube_pod_status_phase{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}", phase=~"Pending|Unknown"}) > 0 + for: 1h + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeDeploymentGenerationMismatch + annotations: + message: Deployment generation for {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.deployment {{`}}`}} does not match, this indicates that the Deployment has failed but has not been rolled back. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubedeploymentgenerationmismatch + expr: |- + kube_deployment_status_observed_generation{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + != + kube_deployment_metadata_generation{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeDeploymentReplicasMismatch + annotations: + message: Deployment {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.deployment {{`}}`}} has not matched the expected number of replicas for longer than an hour. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubedeploymentreplicasmismatch + expr: |- + kube_deployment_spec_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + != + kube_deployment_status_replicas_available{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + for: 1h + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeStatefulSetReplicasMismatch + annotations: + message: StatefulSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.statefulset {{`}}`}} has not matched the expected number of replicas for longer than 15 minutes. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubestatefulsetreplicasmismatch + expr: |- + kube_statefulset_status_replicas_ready{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + != + kube_statefulset_status_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeStatefulSetGenerationMismatch + annotations: + message: StatefulSet generation for {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.statefulset {{`}}`}} does not match, this indicates that the StatefulSet has failed but has not been rolled back. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubestatefulsetgenerationmismatch + expr: |- + kube_statefulset_status_observed_generation{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + != + kube_statefulset_metadata_generation{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeStatefulSetUpdateNotRolledOut + annotations: + message: StatefulSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.statefulset {{`}}`}} update has not been rolled out. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubestatefulsetupdatenotrolledout + expr: |- + max without (revision) ( + kube_statefulset_status_current_revision{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + unless + kube_statefulset_status_update_revision{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + ) + * + ( + kube_statefulset_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + != + kube_statefulset_status_replicas_updated{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + ) + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeDaemonSetRolloutStuck + annotations: + message: Only {{`{{`}} $value {{`}}`}}% of the desired Pods of DaemonSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.daemonset {{`}}`}} are scheduled and ready. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubedaemonsetrolloutstuck + expr: |- + kube_daemonset_status_number_ready{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + / + kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} * 100 < 100 + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeDaemonSetNotScheduled + annotations: + message: '{{`{{`}} $value {{`}}`}} Pods of DaemonSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.daemonset {{`}}`}} are not scheduled.' + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubedaemonsetnotscheduled + expr: |- + kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + - + kube_daemonset_status_current_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} > 0 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeDaemonSetMisScheduled + annotations: + message: '{{`{{`}} $value {{`}}`}} Pods of DaemonSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.daemonset {{`}}`}} are running where they are not supposed to run.' + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubedaemonsetmisscheduled + expr: kube_daemonset_status_number_misscheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} > 0 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeCronJobRunning + annotations: + message: CronJob {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.cronjob {{`}}`}} is taking more than 1h to complete. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubecronjobrunning + expr: time() - kube_cronjob_next_schedule_time{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} > 3600 + for: 1h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeJobCompletion + annotations: + message: Job {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.job_name {{`}}`}} is taking more than one hour to complete. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubejobcompletion + expr: kube_job_spec_completions{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} - kube_job_status_succeeded{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} > 0 + for: 1h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeJobFailed + annotations: + message: Job {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.job_name {{`}}`}} failed to complete. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubejobfailed + expr: kube_job_status_failed{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} > 0 + for: 1h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kubernetes-resources.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kubernetes-resources.yaml new file mode 100755 index 000000000..b34b442f3 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kubernetes-resources.yaml @@ -0,0 +1,121 @@ +{{- /* +Generated from 'kubernetes-resources' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesResources }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-resources" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kubernetes-resources + rules: + - alert: KubeCPUOvercommit + annotations: + message: Cluster has overcommitted CPU resource requests for Pods and cannot tolerate node failure. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubecpuovercommit + expr: |- + sum(namespace_name:kube_pod_container_resource_requests_cpu_cores:sum) + / + sum(node:node_num_cpu:sum) + > + (count(node:node_num_cpu:sum)-1) / count(node:node_num_cpu:sum) + for: 5m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeMemOvercommit + annotations: + message: Cluster has overcommitted memory resource requests for Pods and cannot tolerate node failure. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubememovercommit + expr: |- + sum(namespace_name:kube_pod_container_resource_requests_memory_bytes:sum) + / + sum(node_memory_MemTotal_bytes) + > + (count(node:node_num_cpu:sum)-1) + / + count(node:node_num_cpu:sum) + for: 5m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeCPUOvercommit + annotations: + message: Cluster has overcommitted CPU resource requests for Namespaces. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubecpuovercommit + expr: |- + sum(kube_resourcequota{job="kube-state-metrics", type="hard", resource="cpu"}) + / + sum(node:node_num_cpu:sum) + > 1.5 + for: 5m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeMemOvercommit + annotations: + message: Cluster has overcommitted memory resource requests for Namespaces. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubememovercommit + expr: |- + sum(kube_resourcequota{job="kube-state-metrics", type="hard", resource="memory"}) + / + sum(node_memory_MemTotal_bytes{job="node-exporter"}) + > 1.5 + for: 5m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeQuotaExceeded + annotations: + message: Namespace {{`{{`}} $labels.namespace {{`}}`}} is using {{`{{`}} printf "%0.0f" $value {{`}}`}}% of its {{`{{`}} $labels.resource {{`}}`}} quota. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubequotaexceeded + expr: |- + 100 * kube_resourcequota{job="kube-state-metrics", type="used"} + / ignoring(instance, job, type) + (kube_resourcequota{job="kube-state-metrics", type="hard"} > 0) + > 90 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: CPUThrottlingHigh + annotations: + message: '{{`{{`}} printf "%0.0f" $value {{`}}`}}% throttling of CPU in namespace {{`{{`}} $labels.namespace {{`}}`}} for container {{`{{`}} $labels.container_name {{`}}`}} in pod {{`{{`}} $labels.pod_name {{`}}`}}.' + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-cputhrottlinghigh + expr: |- + 100 * sum(increase(container_cpu_cfs_throttled_periods_total{container_name!="", }[5m])) by (container_name, pod_name, namespace) + / + sum(increase(container_cpu_cfs_periods_total{}[5m])) by (container_name, pod_name, namespace) + > 25 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kubernetes-storage.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kubernetes-storage.yaml new file mode 100755 index 000000000..6469fffc5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kubernetes-storage.yaml @@ -0,0 +1,72 @@ +{{- /* +Generated from 'kubernetes-storage' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesStorage }} +{{- $targetNamespace := .Values.defaultRules.appNamespacesTarget }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-storage" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kubernetes-storage + rules: + - alert: KubePersistentVolumeUsageCritical + annotations: + message: The PersistentVolume claimed by {{`{{`}} $labels.persistentvolumeclaim {{`}}`}} in Namespace {{`{{`}} $labels.namespace {{`}}`}} is only {{`{{`}} printf "%0.2f" $value {{`}}`}}% free. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubepersistentvolumeusagecritical + expr: |- + 100 * kubelet_volume_stats_available_bytes{job="kubelet", namespace=~"{{ $targetNamespace }}"} + / + kubelet_volume_stats_capacity_bytes{job="kubelet", namespace=~"{{ $targetNamespace }}"} + < 3 + for: 1m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubePersistentVolumeFullInFourDays + annotations: + message: Based on recent sampling, the PersistentVolume claimed by {{`{{`}} $labels.persistentvolumeclaim {{`}}`}} in Namespace {{`{{`}} $labels.namespace {{`}}`}} is expected to fill up within four days. Currently {{`{{`}} printf "%0.2f" $value {{`}}`}}% is available. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubepersistentvolumefullinfourdays + expr: |- + 100 * ( + kubelet_volume_stats_available_bytes{job="kubelet", namespace=~"{{ $targetNamespace }}"} + / + kubelet_volume_stats_capacity_bytes{job="kubelet", namespace=~"{{ $targetNamespace }}"} + ) < 15 + and + predict_linear(kubelet_volume_stats_available_bytes{job="kubelet", namespace=~"{{ $targetNamespace }}"}[6h], 4 * 24 * 3600) < 0 + for: 5m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubePersistentVolumeErrors + annotations: + message: The persistent volume {{`{{`}} $labels.persistentvolume {{`}}`}} has status {{`{{`}} $labels.phase {{`}}`}}. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubepersistentvolumeerrors + expr: kube_persistentvolume_status_phase{phase=~"Failed|Pending",job="kube-state-metrics"} > 0 + for: 5m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kubernetes-system.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kubernetes-system.yaml new file mode 100755 index 000000000..da232057b --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/kubernetes-system.yaml @@ -0,0 +1,184 @@ +{{- /* +Generated from 'kubernetes-system' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesSystem }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-system" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kubernetes-system + rules: + - alert: KubeNodeNotReady + annotations: + message: '{{`{{`}} $labels.node {{`}}`}} has been unready for more than an hour.' + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubenodenotready + expr: kube_node_status_condition{job="kube-state-metrics",condition="Ready",status="true"} == 0 + for: 1h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeVersionMismatch + annotations: + message: There are {{`{{`}} $value {{`}}`}} different semantic versions of Kubernetes components running. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeversionmismatch + expr: count(count by (gitVersion) (label_replace(kubernetes_build_info{job!~"kube-dns|coredns"},"gitVersion","$1","gitVersion","(v[0-9]*.[0-9]*.[0-9]*).*"))) > 1 + for: 1h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeClientErrors + annotations: + message: Kubernetes API server client '{{`{{`}} $labels.job {{`}}`}}/{{`{{`}} $labels.instance {{`}}`}}' is experiencing {{`{{`}} printf "%0.0f" $value {{`}}`}}% errors.' + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeclienterrors + expr: |- + (sum(rate(rest_client_requests_total{code=~"5.."}[5m])) by (instance, job) + / + sum(rate(rest_client_requests_total[5m])) by (instance, job)) + * 100 > 1 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeClientErrors + annotations: + message: Kubernetes API server client '{{`{{`}} $labels.job {{`}}`}}/{{`{{`}} $labels.instance {{`}}`}}' is experiencing {{`{{`}} printf "%0.0f" $value {{`}}`}} errors / second. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeclienterrors + expr: sum(rate(ksm_scrape_error_total{job="kube-state-metrics"}[5m])) by (instance, job) > 0.1 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeletTooManyPods + annotations: + message: Kubelet {{`{{`}} $labels.instance {{`}}`}} is running {{`{{`}} $value {{`}}`}} Pods, close to the limit of 110. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubelettoomanypods + expr: kubelet_running_pod_count{job="kubelet"} > 110 * 0.9 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeAPILatencyHigh + annotations: + message: The API server has a 99th percentile latency of {{`{{`}} $value {{`}}`}} seconds for {{`{{`}} $labels.verb {{`}}`}} {{`{{`}} $labels.resource {{`}}`}}. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeapilatencyhigh + expr: cluster_quantile:apiserver_request_latencies:histogram_quantile{job="apiserver",quantile="0.99",subresource!="log",verb!~"^(?:LIST|WATCH|WATCHLIST|PROXY|CONNECT)$"} > 1 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeAPILatencyHigh + annotations: + message: The API server has a 99th percentile latency of {{`{{`}} $value {{`}}`}} seconds for {{`{{`}} $labels.verb {{`}}`}} {{`{{`}} $labels.resource {{`}}`}}. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeapilatencyhigh + expr: cluster_quantile:apiserver_request_latencies:histogram_quantile{job="apiserver",quantile="0.99",subresource!="log",verb!~"^(?:LIST|WATCH|WATCHLIST|PROXY|CONNECT)$"} > 4 + for: 10m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeAPIErrorsHigh + annotations: + message: API server is returning errors for {{`{{`}} $value {{`}}`}}% of requests. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeapierrorshigh + expr: |- + sum(rate(apiserver_request_count{job="apiserver",code=~"^(?:5..)$"}[5m])) + / + sum(rate(apiserver_request_count{job="apiserver"}[5m])) * 100 > 3 + for: 10m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeAPIErrorsHigh + annotations: + message: API server is returning errors for {{`{{`}} $value {{`}}`}}% of requests. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeapierrorshigh + expr: |- + sum(rate(apiserver_request_count{job="apiserver",code=~"^(?:5..)$"}[5m])) + / + sum(rate(apiserver_request_count{job="apiserver"}[5m])) * 100 > 1 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeAPIErrorsHigh + annotations: + message: API server is returning errors for {{`{{`}} $value {{`}}`}}% of requests for {{`{{`}} $labels.verb {{`}}`}} {{`{{`}} $labels.resource {{`}}`}} {{`{{`}} $labels.subresource {{`}}`}}. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeapierrorshigh + expr: |- + sum(rate(apiserver_request_count{job="apiserver",code=~"^(?:5..)$"}[5m])) by (resource,subresource,verb) + / + sum(rate(apiserver_request_count{job="apiserver"}[5m])) by (resource,subresource,verb) * 100 > 10 + for: 10m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeAPIErrorsHigh + annotations: + message: API server is returning errors for {{`{{`}} $value {{`}}`}}% of requests for {{`{{`}} $labels.verb {{`}}`}} {{`{{`}} $labels.resource {{`}}`}} {{`{{`}} $labels.subresource {{`}}`}}. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeapierrorshigh + expr: |- + sum(rate(apiserver_request_count{job="apiserver",code=~"^(?:5..)$"}[5m])) by (resource,subresource,verb) + / + sum(rate(apiserver_request_count{job="apiserver"}[5m])) by (resource,subresource,verb) * 100 > 5 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeClientCertificateExpiration + annotations: + message: A client certificate used to authenticate to the apiserver is expiring in less than 7.0 days. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeclientcertificateexpiration + expr: apiserver_client_certificate_expiration_seconds_count{job="apiserver"} > 0 and histogram_quantile(0.01, sum by (job, le) (rate(apiserver_client_certificate_expiration_seconds_bucket{job="apiserver"}[5m]))) < 604800 + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeClientCertificateExpiration + annotations: + message: A client certificate used to authenticate to the apiserver is expiring in less than 24.0 hours. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeclientcertificateexpiration + expr: apiserver_client_certificate_expiration_seconds_count{job="apiserver"} > 0 and histogram_quantile(0.01, sum by (job, le) (rate(apiserver_client_certificate_expiration_seconds_bucket{job="apiserver"}[5m]))) < 86400 + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/node-network.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/node-network.yaml new file mode 100755 index 000000000..c75f1ae07 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/node-network.yaml @@ -0,0 +1,57 @@ +{{- /* +Generated from 'node-network' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.network }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "node-network" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: node-network + rules: + - alert: NetworkReceiveErrors + annotations: + message: Network interface "{{`{{`}} $labels.device {{`}}`}}" showing receive errors on node-exporter {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}}" + expr: rate(node_network_receive_errs_total{job="node-exporter",device!~"veth.+"}[2m]) > 0 + for: 2m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NetworkTransmitErrors + annotations: + message: Network interface "{{`{{`}} $labels.device {{`}}`}}" showing transmit errors on node-exporter {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}}" + expr: rate(node_network_transmit_errs_total{job="node-exporter",device!~"veth.+"}[2m]) > 0 + for: 2m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeNetworkInterfaceFlapping + annotations: + message: Network interface "{{`{{`}} $labels.device {{`}}`}}" changing it's up status often on node-exporter {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}}" + expr: changes(node_network_up{job="node-exporter",device!~"veth.+"}[2m]) > 2 + for: 2m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/node-time.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/node-time.yaml new file mode 100755 index 000000000..b7a2fc92f --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/node-time.yaml @@ -0,0 +1,37 @@ +{{- /* +Generated from 'node-time' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.time }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "node-time" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: node-time + rules: + - alert: ClockSkewDetected + annotations: + message: Clock skew detected on node-exporter {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}}. Ensure NTP is configured correctly on this host. + expr: abs(node_timex_offset_seconds{job="node-exporter"}) > 0.03 + for: 2m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/node.rules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/node.rules.yaml new file mode 100755 index 000000000..2bc7af3a9 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/node.rules.yaml @@ -0,0 +1,202 @@ +{{- /* +Generated from 'node.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.node }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "node.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: node.rules + rules: + - expr: sum(min(kube_pod_info) by (node)) + record: ':kube_pod_info_node_count:' + - expr: max(label_replace(kube_pod_info{job="kube-state-metrics"}, "pod", "$1", "pod", "(.*)")) by (node, namespace, pod) + record: 'node_namespace_pod:kube_pod_info:' + - expr: |- + count by (node) (sum by (node, cpu) ( + node_cpu_seconds_total{job="node-exporter"} + * on (namespace, pod) group_left(node) + node_namespace_pod:kube_pod_info: + )) + record: node:node_num_cpu:sum + - expr: 1 - avg(rate(node_cpu_seconds_total{job="node-exporter",mode="idle"}[1m])) + record: :node_cpu_utilisation:avg1m + - expr: |- + 1 - avg by (node) ( + rate(node_cpu_seconds_total{job="node-exporter",mode="idle"}[1m]) + * on (namespace, pod) group_left(node) + node_namespace_pod:kube_pod_info:) + record: node:node_cpu_utilisation:avg1m + - expr: |- + node:node_cpu_utilisation:avg1m + * + node:node_num_cpu:sum + / + scalar(sum(node:node_num_cpu:sum)) + record: node:cluster_cpu_utilisation:ratio + - expr: |- + sum(node_load1{job="node-exporter"}) + / + sum(node:node_num_cpu:sum) + record: ':node_cpu_saturation_load1:' + - expr: |- + sum by (node) ( + node_load1{job="node-exporter"} + * on (namespace, pod) group_left(node) + node_namespace_pod:kube_pod_info: + ) + / + node:node_num_cpu:sum + record: 'node:node_cpu_saturation_load1:' + - expr: |- + 1 - + sum(node_memory_MemFree_bytes{job="node-exporter"} + node_memory_Cached_bytes{job="node-exporter"} + node_memory_Buffers_bytes{job="node-exporter"}) + / + sum(node_memory_MemTotal_bytes{job="node-exporter"}) + record: ':node_memory_utilisation:' + - expr: sum(node_memory_MemFree_bytes{job="node-exporter"} + node_memory_Cached_bytes{job="node-exporter"} + node_memory_Buffers_bytes{job="node-exporter"}) + record: :node_memory_MemFreeCachedBuffers_bytes:sum + - expr: sum(node_memory_MemTotal_bytes{job="node-exporter"}) + record: :node_memory_MemTotal_bytes:sum + - expr: |- + sum by (node) ( + (node_memory_MemFree_bytes{job="node-exporter"} + node_memory_Cached_bytes{job="node-exporter"} + node_memory_Buffers_bytes{job="node-exporter"}) + * on (namespace, pod) group_left(node) + node_namespace_pod:kube_pod_info: + ) + record: node:node_memory_bytes_available:sum + - expr: |- + sum by (node) ( + node_memory_MemTotal_bytes{job="node-exporter"} + * on (namespace, pod) group_left(node) + node_namespace_pod:kube_pod_info: + ) + record: node:node_memory_bytes_total:sum + - expr: |- + (node:node_memory_bytes_total:sum - node:node_memory_bytes_available:sum) + / + node:node_memory_bytes_total:sum + record: node:node_memory_utilisation:ratio + - expr: |- + (node:node_memory_bytes_total:sum - node:node_memory_bytes_available:sum) + / + scalar(sum(node:node_memory_bytes_total:sum)) + record: node:cluster_memory_utilisation:ratio + - expr: |- + 1e3 * sum( + (rate(node_vmstat_pgpgin{job="node-exporter"}[1m]) + + rate(node_vmstat_pgpgout{job="node-exporter"}[1m])) + ) + record: :node_memory_swap_io_bytes:sum_rate + - expr: |- + 1 - + sum by (node) ( + (node_memory_MemFree_bytes{job="node-exporter"} + node_memory_Cached_bytes{job="node-exporter"} + node_memory_Buffers_bytes{job="node-exporter"}) + * on (namespace, pod) group_left(node) + node_namespace_pod:kube_pod_info: + ) + / + sum by (node) ( + node_memory_MemTotal_bytes{job="node-exporter"} + * on (namespace, pod) group_left(node) + node_namespace_pod:kube_pod_info: + ) + record: 'node:node_memory_utilisation:' + - expr: 1 - (node:node_memory_bytes_available:sum / node:node_memory_bytes_total:sum) + record: 'node:node_memory_utilisation_2:' + - expr: |- + 1e3 * sum by (node) ( + (rate(node_vmstat_pgpgin{job="node-exporter"}[1m]) + + rate(node_vmstat_pgpgout{job="node-exporter"}[1m])) + * on (namespace, pod) group_left(node) + node_namespace_pod:kube_pod_info: + ) + record: node:node_memory_swap_io_bytes:sum_rate + - expr: avg(irate(node_disk_io_time_seconds_total{job="node-exporter",device=~"nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+"}[1m])) + record: :node_disk_utilisation:avg_irate + - expr: |- + avg by (node) ( + irate(node_disk_io_time_seconds_total{job="node-exporter",device=~"nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+"}[1m]) + * on (namespace, pod) group_left(node) + node_namespace_pod:kube_pod_info: + ) + record: node:node_disk_utilisation:avg_irate + - expr: avg(irate(node_disk_io_time_weighted_seconds_total{job="node-exporter",device=~"nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+"}[1m])) + record: :node_disk_saturation:avg_irate + - expr: |- + avg by (node) ( + irate(node_disk_io_time_weighted_seconds_total{job="node-exporter",device=~"nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+"}[1m]) + * on (namespace, pod) group_left(node) + node_namespace_pod:kube_pod_info: + ) + record: node:node_disk_saturation:avg_irate + - expr: |- + max by (instance, namespace, pod, device) ((node_filesystem_size_bytes{fstype=~"ext[234]|btrfs|xfs|zfs"} + - node_filesystem_avail_bytes{fstype=~"ext[234]|btrfs|xfs|zfs"}) + / node_filesystem_size_bytes{fstype=~"ext[234]|btrfs|xfs|zfs"}) + record: 'node:node_filesystem_usage:' + - expr: max by (instance, namespace, pod, device) (node_filesystem_avail_bytes{fstype=~"ext[234]|btrfs|xfs|zfs"} / node_filesystem_size_bytes{fstype=~"ext[234]|btrfs|xfs|zfs"}) + record: 'node:node_filesystem_avail:' + - expr: |- + sum(irate(node_network_receive_bytes_total{job="node-exporter",device!~"veth.+"}[1m])) + + sum(irate(node_network_transmit_bytes_total{job="node-exporter",device!~"veth.+"}[1m])) + record: :node_net_utilisation:sum_irate + - expr: |- + sum by (node) ( + (irate(node_network_receive_bytes_total{job="node-exporter",device!~"veth.+"}[1m]) + + irate(node_network_transmit_bytes_total{job="node-exporter",device!~"veth.+"}[1m])) + * on (namespace, pod) group_left(node) + node_namespace_pod:kube_pod_info: + ) + record: node:node_net_utilisation:sum_irate + - expr: |- + sum(irate(node_network_receive_drop_total{job="node-exporter",device!~"veth.+"}[1m])) + + sum(irate(node_network_transmit_drop_total{job="node-exporter",device!~"veth.+"}[1m])) + record: :node_net_saturation:sum_irate + - expr: |- + sum by (node) ( + (irate(node_network_receive_drop_total{job="node-exporter",device!~"veth.+"}[1m]) + + irate(node_network_transmit_drop_total{job="node-exporter",device!~"veth.+"}[1m])) + * on (namespace, pod) group_left(node) + node_namespace_pod:kube_pod_info: + ) + record: node:node_net_saturation:sum_irate + - expr: |- + max( + max( + kube_pod_info{job="kube-state-metrics", host_ip!=""} + ) by (node, host_ip) + * on (host_ip) group_right (node) + label_replace( + (max(node_filesystem_files{job="node-exporter", mountpoint="/"}) by (instance)), "host_ip", "$1", "instance", "(.*):.*" + ) + ) by (node) + record: 'node:node_inodes_total:' + - expr: |- + max( + max( + kube_pod_info{job="kube-state-metrics", host_ip!=""} + ) by (node, host_ip) + * on (host_ip) group_right (node) + label_replace( + (max(node_filesystem_files_free{job="node-exporter", mountpoint="/"}) by (instance)), "host_ip", "$1", "instance", "(.*):.*" + ) + ) by (node) + record: 'node:node_inodes_free:' +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/prometheus-operator.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/prometheus-operator.yaml new file mode 100755 index 000000000..a8a8915b6 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/prometheus-operator.yaml @@ -0,0 +1,49 @@ +{{- /* +Generated from 'prometheus-operator' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.prometheusOperator }} +{{- $operatorJob := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "operator" }} +{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus-operator" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: prometheus-operator + rules: + - alert: PrometheusOperatorReconcileErrors + annotations: + message: Errors while reconciling {{`{{`}} $labels.controller {{`}}`}} in {{`{{`}} $labels.namespace {{`}}`}} Namespace. + expr: rate(prometheus_operator_reconcile_errors_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]) > 0.1 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusOperatorNodeLookupErrors + annotations: + message: Errors while reconciling Prometheus in {{`{{`}} $labels.namespace {{`}}`}} Namespace. + expr: rate(prometheus_operator_node_address_lookup_errors_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]) > 0.1 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/prometheus.rules.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/prometheus.rules.yaml new file mode 100755 index 000000000..0480c83b5 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/rules/prometheus.rules.yaml @@ -0,0 +1,139 @@ +{{- /* +Generated from 'prometheus.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/release-0.1/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.10.0-0" $kubeTargetVersion) (semverCompare "<1.14.0-0" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.prometheus }} +{{- $prometheusJob := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus" }} +{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: prometheus.rules + rules: + - alert: PrometheusConfigReloadFailed + annotations: + description: Reloading Prometheus' configuration has failed for {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} + summary: Reloading Prometheus' configuration failed + expr: prometheus_config_last_reload_successful{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"} == 0 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusNotificationQueueRunningFull + annotations: + description: Prometheus' alert notification queue is running full for {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}} $labels.pod{{`}}`}} + summary: Prometheus' alert notification queue is running full + expr: predict_linear(prometheus_notifications_queue_length{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m], 60 * 30) > prometheus_notifications_queue_capacity{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"} + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusErrorSendingAlerts + annotations: + description: Errors while sending alerts from Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}} $labels.pod{{`}}`}} to Alertmanager {{`{{`}}$labels.Alertmanager{{`}}`}} + summary: Errors while sending alert from Prometheus + expr: rate(prometheus_notifications_errors_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) / rate(prometheus_notifications_sent_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0.01 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusErrorSendingAlerts + annotations: + description: Errors while sending alerts from Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}} $labels.pod{{`}}`}} to Alertmanager {{`{{`}}$labels.Alertmanager{{`}}`}} + summary: Errors while sending alerts from Prometheus + expr: rate(prometheus_notifications_errors_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) / rate(prometheus_notifications_sent_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0.03 + for: 10m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusNotConnectedToAlertmanagers + annotations: + description: Prometheus {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod{{`}}`}} is not connected to any Alertmanagers + summary: Prometheus is not connected to any Alertmanagers + expr: prometheus_notifications_alertmanagers_discovered{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"} < 1 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusTSDBReloadsFailing + annotations: + description: '{{`{{`}}$labels.job{{`}}`}} at {{`{{`}}$labels.instance{{`}}`}} had {{`{{`}}$value | humanize{{`}}`}} reload failures over the last four hours.' + summary: Prometheus has issues reloading data blocks from disk + expr: increase(prometheus_tsdb_reloads_failures_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[2h]) > 0 + for: 12h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusTSDBCompactionsFailing + annotations: + description: '{{`{{`}}$labels.job{{`}}`}} at {{`{{`}}$labels.instance{{`}}`}} had {{`{{`}}$value | humanize{{`}}`}} compaction failures over the last four hours.' + summary: Prometheus has issues compacting sample blocks + expr: increase(prometheus_tsdb_compactions_failed_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[2h]) > 0 + for: 12h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusTSDBWALCorruptions + annotations: + description: '{{`{{`}}$labels.job{{`}}`}} at {{`{{`}}$labels.instance{{`}}`}} has a corrupted write-ahead log (WAL).' + summary: Prometheus write-ahead log is corrupted + expr: prometheus_tsdb_wal_corruptions_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"} > 0 + for: 4h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusNotIngestingSamples + annotations: + description: Prometheus {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod{{`}}`}} isn't ingesting samples. + summary: Prometheus isn't ingesting samples + expr: rate(prometheus_tsdb_head_samples_appended_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) <= 0 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusTargetScrapesDuplicate + annotations: + description: '{{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has many samples rejected due to duplicate timestamps but different values' + summary: Prometheus has many samples rejected + expr: increase(prometheus_target_scrapes_sample_duplicate_timestamp_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/service.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/service.yaml new file mode 100755 index 000000000..8676b81ea --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/service.yaml @@ -0,0 +1,60 @@ +{{- if .Values.prometheus.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus + self-monitor: {{ .Values.prometheus.serviceMonitor.selfMonitor | quote }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.prometheus.service.labels }} +{{ toYaml .Values.prometheus.service.labels | indent 4 }} +{{- end }} +{{- if .Values.prometheus.service.annotations }} + annotations: +{{ toYaml .Values.prometheus.service.annotations | indent 4 }} +{{- end }} +spec: +{{- if .Values.prometheus.service.clusterIP }} + clusterIP: {{ .Values.prometheus.service.clusterIP }} +{{- end }} +{{- if .Values.prometheus.service.externalIPs }} + externalIPs: +{{ toYaml .Values.prometheus.service.externalIPs | indent 4 }} +{{- end }} +{{- if .Values.prometheus.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.prometheus.service.loadBalancerIP }} +{{- end }} +{{- if .Values.prometheus.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range $cidr := .Values.prometheus.service.loadBalancerSourceRanges }} + - {{ $cidr }} + {{- end }} +{{- end }} + ports: + - name: {{ .Values.prometheus.prometheusSpec.portName }} + {{- if eq .Values.prometheus.service.type "NodePort" }} + nodePort: {{ .Values.prometheus.service.nodePort }} + {{- end }} + port: {{ .Values.prometheus.service.port }} + targetPort: {{ .Values.prometheus.service.targetPort }} + {{- if .Values.prometheus.thanosIngress.enabled }} + - name: grpc + {{- if eq .Values.prometheus.service.type "NodePort" }} + nodePort: {{ .Values.prometheus.thanosIngress.nodePort }} + {{- end }} + port: {{ .Values.prometheus.thanosIngress.servicePort }} + targetPort: {{ .Values.prometheus.thanosIngress.servicePort }} + {{- end }} +{{- if .Values.prometheus.service.additionalPorts }} +{{ toYaml .Values.prometheus.service.additionalPorts | indent 2 }} +{{- end }} + selector: + app: prometheus + prometheus: {{ template "kube-prometheus-stack.fullname" . }}-prometheus +{{- if .Values.prometheus.service.sessionAffinity }} + sessionAffinity: {{ .Values.prometheus.service.sessionAffinity }} +{{- end }} + type: "{{ .Values.prometheus.service.type }}" +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/serviceThanosSidecar.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/serviceThanosSidecar.yaml new file mode 100755 index 000000000..7c33379cb --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/serviceThanosSidecar.yaml @@ -0,0 +1,30 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.thanosService.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-thanos-discovery + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-thanos-discovery +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.prometheus.thanosService.labels }} +{{ toYaml .Values.prometheus.thanosService.labels | indent 4 }} +{{- end }} +{{- if .Values.prometheus.thanosService.annotations }} + annotations: +{{ toYaml .Values.prometheus.thanosService.annotations | indent 4 }} +{{- end }} +spec: + type: {{ .Values.prometheus.thanosService.type }} + clusterIP: {{ .Values.prometheus.thanosService.clusterIP }} + ports: + - name: {{ .Values.prometheus.thanosService.portName }} + port: {{ .Values.prometheus.thanosService.port }} + targetPort: {{ .Values.prometheus.thanosService.targetPort }} + {{- if eq .Values.prometheus.thanosService.type "NodePort" }} + nodePort: {{ .Values.prometheus.thanosService.nodePort }} + {{- end }} + selector: + app: prometheus + prometheus: {{ template "kube-prometheus-stack.fullname" . }}-prometheus +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/serviceaccount.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/serviceaccount.yaml new file mode 100755 index 000000000..862d5f8e4 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kube-prometheus-stack.prometheus.serviceAccountName" . }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.prometheus.serviceAccount.annotations }} + annotations: +{{ toYaml .Values.prometheus.serviceAccount.annotations | indent 4 }} +{{- end }} +imagePullSecrets: +{{ toYaml .Values.global.imagePullSecrets | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/servicemonitor.yaml new file mode 100755 index 000000000..356c013ff --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/servicemonitor.yaml @@ -0,0 +1,42 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.serviceMonitor.selfMonitor }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + selector: + matchLabels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus + release: {{ $.Release.Name | quote }} + self-monitor: "true" + namespaceSelector: + matchNames: + - {{ printf "%s" (include "kube-prometheus-stack.namespace" .) | quote }} + endpoints: + - port: {{ .Values.prometheus.prometheusSpec.portName }} + {{- if .Values.prometheus.serviceMonitor.interval }} + interval: {{ .Values.prometheus.serviceMonitor.interval }} + {{- end }} + {{- if .Values.prometheus.serviceMonitor.scheme }} + scheme: {{ .Values.prometheus.serviceMonitor.scheme }} + {{- end }} + {{- if .Values.prometheus.serviceMonitor.tlsConfig }} + tlsConfig: {{ toYaml .Values.prometheus.serviceMonitor.tlsConfig | nindent 6 }} + {{- end }} + {{- if .Values.prometheus.serviceMonitor.bearerTokenFile }} + bearerTokenFile: {{ .Values.prometheus.serviceMonitor.bearerTokenFile }} + {{- end }} + path: "{{ trimSuffix "/" .Values.prometheus.prometheusSpec.routePrefix }}/metrics" +{{- if .Values.prometheus.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.prometheus.serviceMonitor.metricRelabelings | indent 6) . }} +{{- end }} +{{- if .Values.prometheus.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.prometheus.serviceMonitor.relabelings | indent 6 }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/servicemonitors.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/servicemonitors.yaml new file mode 100755 index 000000000..a78d1cd00 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/servicemonitors.yaml @@ -0,0 +1,38 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.additionalServiceMonitors }} +apiVersion: v1 +kind: List +items: +{{- range .Values.prometheus.additionalServiceMonitors }} + - apiVersion: monitoring.coreos.com/v1 + kind: ServiceMonitor + metadata: + name: {{ .name }} + namespace: {{ template "kube-prometheus-stack.namespace" $ }} + labels: + app: {{ template "kube-prometheus-stack.name" $ }}-prometheus +{{ include "kube-prometheus-stack.labels" $ | indent 8 }} + {{- if .additionalLabels }} +{{ toYaml .additionalLabels | indent 8 }} + {{- end }} + spec: + endpoints: +{{ toYaml .endpoints | indent 8 }} + {{- if .jobLabel }} + jobLabel: {{ .jobLabel }} + {{- end }} + {{- if .namespaceSelector }} + namespaceSelector: +{{ toYaml .namespaceSelector | indent 8 }} + {{- end }} + selector: +{{ toYaml .selector | indent 8 }} + {{- if .targetLabels }} + targetLabels: +{{ toYaml .targetLabels | indent 8 }} + {{- end }} + {{- if .podTargetLabels }} + podTargetLabels: +{{ toYaml .podTargetLabels | indent 8 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/serviceperreplica.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/serviceperreplica.yaml new file mode 100755 index 000000000..1a5543362 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/prometheus/serviceperreplica.yaml @@ -0,0 +1,46 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.servicePerReplica.enabled }} +{{- $count := .Values.prometheus.prometheusSpec.replicas | int -}} +{{- $serviceValues := .Values.prometheus.servicePerReplica -}} +apiVersion: v1 +kind: List +metadata: + name: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus-serviceperreplica + namespace: {{ template "kube-prometheus-stack.namespace" . }} +items: +{{- range $i, $e := until $count }} + - apiVersion: v1 + kind: Service + metadata: + name: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus-{{ $i }} + namespace: {{ template "kube-prometheus-stack.namespace" $ }} + labels: + app: {{ include "kube-prometheus-stack.name" $ }}-prometheus +{{ include "kube-prometheus-stack.labels" $ | indent 8 }} + {{- if $serviceValues.annotations }} + annotations: +{{ toYaml $serviceValues.annotations | indent 8 }} + {{- end }} + spec: + {{- if $serviceValues.clusterIP }} + clusterIP: {{ $serviceValues.clusterIP }} + {{- end }} + {{- if $serviceValues.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range $cidr := $serviceValues.loadBalancerSourceRanges }} + - {{ $cidr }} + {{- end }} + {{- end }} + ports: + - name: {{ $.Values.prometheus.prometheusSpec.portName }} + {{- if eq $serviceValues.type "NodePort" }} + nodePort: {{ $serviceValues.nodePort }} + {{- end }} + port: {{ $serviceValues.port }} + targetPort: {{ $serviceValues.targetPort }} + selector: + app: prometheus + prometheus: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus + statefulset.kubernetes.io/pod-name: prometheus-{{ include "kube-prometheus-stack.fullname" $ }}-prometheus-{{ $i }} + type: "{{ $serviceValues.type }}" +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/clusterrole.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/clusterrole.yaml new file mode 100755 index 000000000..a115de7ca --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/clusterrole.yaml @@ -0,0 +1,131 @@ +{{- if and .Values.global.rbac.create .Values.global.rbac.userRoles.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: monitoring-admin + labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} + {{- if .Values.global.rbac.userRoles.aggregateToDefaultRoles }} + rbac.authorization.k8s.io/aggregate-to-admin: "true" + {{- end }} +rules: +- apiGroups: + - monitoring.coreos.com + resources: + - alertmanagers + - prometheuses + - prometheuses/finalizers + - alertmanagers/finalizers + verbs: + - 'get' + - 'list' + - 'watch' +- apiGroups: + - monitoring.coreos.com + resources: + - thanosrulers + - thanosrulers/finalizers + - servicemonitors + - podmonitors + - prometheusrules + - podmonitors + - probes + - probes/finalizers + - alertmanagerconfigs + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: monitoring-edit + labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} + {{- if .Values.global.rbac.userRoles.aggregateToDefaultRoles }} + rbac.authorization.k8s.io/aggregate-to-edit: "true" + {{- end }} +rules: +rules: +- apiGroups: + - monitoring.coreos.com + resources: + - alertmanagers + - prometheuses + - prometheuses/finalizers + - alertmanagers/finalizers + verbs: + - 'get' + - 'list' + - 'watch' +- apiGroups: + - monitoring.coreos.com + resources: + - thanosrulers + - thanosrulers/finalizers + - servicemonitors + - podmonitors + - prometheusrules + - podmonitors + - probes + - alertmanagerconfigs + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: monitoring-view + labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} + {{- if .Values.global.rbac.userRoles.aggregateToDefaultRoles }} + rbac.authorization.k8s.io/aggregate-to-view: "true" + {{- end }} +rules: +- apiGroups: + - monitoring.coreos.com + resources: + - alertmanagers + - prometheuses + - prometheuses/finalizers + - alertmanagers/finalizers + - thanosrulers + - thanosrulers/finalizers + - servicemonitors + - podmonitors + - prometheusrules + - podmonitors + - probes + - probes/finalizers + - alertmanagerconfigs + verbs: + - 'get' + - 'list' + - 'watch' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: monitoring-ui-view + labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - services/proxy + resourceNames: + - "http:{{ template "kube-prometheus-stack.fullname" . }}-prometheus:{{ .Values.prometheus.service.port }}" + - "https:{{ template "kube-prometheus-stack.fullname" . }}-prometheus:{{ .Values.prometheus.service.port }}" + - "http:{{ template "kube-prometheus-stack.fullname" . }}-alertmanager:{{ .Values.alertmanager.service.port }}" + - "https:{{ template "kube-prometheus-stack.fullname" . }}-alertmanager:{{ .Values.alertmanager.service.port }}" + - "http:{{ include "call-nested" (list . "grafana" "grafana.fullname") }}:{{ .Values.grafana.service.port }}" + - "https:{{ include "call-nested" (list . "grafana" "grafana.fullname") }}:{{ .Values.grafana.service.port }}" + verbs: + - 'get' +- apiGroups: + - "" + resourceNames: + - {{ template "kube-prometheus-stack.fullname" . }}-prometheus + - {{ template "kube-prometheus-stack.fullname" . }}-alertmanager + - {{ include "call-nested" (list . "grafana" "grafana.fullname") }} + resources: + - endpoints + verbs: + - list +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/config-role.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/config-role.yaml new file mode 100755 index 000000000..f48ffc827 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/config-role.yaml @@ -0,0 +1,48 @@ +{{- if and .Values.global.rbac.create .Values.global.rbac.userRoles.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: monitoring-config-admin + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: monitoring-config-edit + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: monitoring-config-view + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - 'get' + - 'list' + - 'watch' +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboard-role.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboard-role.yaml new file mode 100755 index 000000000..d2f81976a --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboard-role.yaml @@ -0,0 +1,47 @@ +{{- if and .Values.global.rbac.create .Values.global.rbac.userRoles.create .Values.grafana.enabled }} +{{- if .Values.grafana.defaultDashboardsEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: monitoring-dashboard-admin + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: monitoring-dashboard-edit + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: monitoring-dashboard-view + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - 'get' + - 'list' + - 'watch' +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/addons/ingress-nginx-dashboard.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/addons/ingress-nginx-dashboard.yaml new file mode 100755 index 000000000..20c57dd2a --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/addons/ingress-nginx-dashboard.yaml @@ -0,0 +1,18 @@ +# Source: +{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled .Values.ingressNginx.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "ingress-nginx" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: +{{ (.Files.Glob "files/ingress-nginx/*").AsConfig | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/cluster-dashboards.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/cluster-dashboards.yaml new file mode 100755 index 000000000..d73b25745 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/cluster-dashboards.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: rancher-default-dashboards-cluster + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: +{{ (.Files.Glob "files/rancher/cluster/*").AsConfig | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/default-dashboard.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/default-dashboard.yaml new file mode 100755 index 000000000..8865efa93 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/default-dashboard.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: rancher-default-dashboards-home + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: +{{ (.Files.Glob "files/rancher/home/*").AsConfig | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/etcd-dashboards.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/etcd-dashboards.yaml new file mode 100755 index 000000000..72bc8fdef --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/etcd-dashboards.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: rancher-default-dashboards-etcd + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: +{{ (.Files.Glob "files/rancher/etcd/*").AsConfig | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/k8s-dashboards.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/k8s-dashboards.yaml new file mode 100755 index 000000000..37afc6495 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/k8s-dashboards.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: rancher-default-dashboards-k8s + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: +{{ (.Files.Glob "files/rancher/k8s/*").AsConfig | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/linux-dashboards.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/linux-dashboards.yaml new file mode 100755 index 000000000..08c39d6a1 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/linux-dashboards.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: rancher-default-dashboards-linux + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: +{{ (.Files.Glob "files/rancher/linux/*").AsConfig | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/nodes-dashboards.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/nodes-dashboards.yaml new file mode 100755 index 000000000..172c36e9d --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/nodes-dashboards.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: rancher-default-dashboards-nodes + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: +{{ (.Files.Glob "files/rancher/nodes/*").AsConfig | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/pods-dashboards.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/pods-dashboards.yaml new file mode 100755 index 000000000..940f18869 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/pods-dashboards.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: rancher-default-dashboards-pods + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: +{{ (.Files.Glob "files/rancher/pods/*").AsConfig | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/windows-dashboards.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/windows-dashboards.yaml new file mode 100755 index 000000000..98c9e18d9 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/windows-dashboards.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled .Values.global.cattle.windows.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: rancher-default-dashboards-windows + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: +{{ (.Files.Glob "files/rancher/windows/*").AsConfig | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/workload-dashboards.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/workload-dashboards.yaml new file mode 100755 index 000000000..d146dacdd --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/dashboards/rancher/workload-dashboards.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: rancher-default-dashboards-workloads + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: +{{ (.Files.Glob "files/rancher/workloads/*").AsConfig | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/default-dashboard.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/default-dashboard.yaml new file mode 100755 index 000000000..faf6d3baf --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/default-dashboard.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "home" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: +{{ (.Files.Glob "files/rancher/*").AsConfig | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/exporters/ingress-nginx/service.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/exporters/ingress-nginx/service.yaml new file mode 100755 index 000000000..d256576ad --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/exporters/ingress-nginx/service.yaml @@ -0,0 +1,24 @@ +{{- if .Values.ingressNginx.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-ingress-nginx + labels: + app: {{ template "kube-prometheus-stack.name" . }}-ingress-nginx + jobLabel: ingress-nginx +{{ include "kube-prometheus-stack.labels" . | indent 4 }} + namespace: {{ .Values.ingressNginx.namespace }} +spec: + clusterIP: None + ports: + - name: http-metrics + port: {{ .Values.ingressNginx.service.port }} + protocol: TCP + targetPort: {{ .Values.ingressNginx.service.targetPort }} + selector: + {{- if .Values.ingressNginx.service.selector }} +{{ toYaml .Values.ingressNginx.service.selector | indent 4 }} + {{- else }} + app: ingress-nginx + {{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/exporters/ingress-nginx/servicemonitor.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/exporters/ingress-nginx/servicemonitor.yaml new file mode 100755 index 000000000..643778772 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/exporters/ingress-nginx/servicemonitor.yaml @@ -0,0 +1,33 @@ +{{- if .Values.ingressNginx.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-ingress-nginx + namespace: {{ .Values.ingressNginx.namespace }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-ingress-nginx +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + jobLabel: jobLabel + selector: + matchLabels: + app: {{ template "kube-prometheus-stack.name" . }}-ingress-nginx + release: {{ $.Release.Name | quote }} + namespaceSelector: + matchNames: + - {{ .Values.ingressNginx.namespace }} + endpoints: + - port: http-metrics + {{- if .Values.ingressNginx.serviceMonitor.interval}} + interval: {{ .Values.ingressNginx.serviceMonitor.interval }} + {{- end }} + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token +{{- if .Values.ingressNginx.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.ingressNginx.serviceMonitor.metricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.ingressNginx.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.ingressNginx.serviceMonitor.relabelings | indent 4 }} +{{- end }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/hardened.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/hardened.yaml new file mode 100755 index 000000000..f9bf57c7e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/hardened.yaml @@ -0,0 +1,124 @@ +{{- $namespaces := dict "_0" .Release.Namespace -}} +{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled (not .Values.grafana.defaultDashboards.useExistingNamespace) -}} +{{- $_ := set $namespaces "_1" .Values.grafana.defaultDashboards.namespace -}} +{{- end -}} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-patch-sa + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-patch-sa + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation +spec: + template: + metadata: + name: {{ .Chart.Name }}-patch-sa + labels: + app: {{ .Chart.Name }}-patch-sa + spec: + serviceAccountName: {{ .Chart.Name }}-patch-sa + securityContext: + runAsNonRoot: true + runAsUser: 1000 + restartPolicy: Never + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} + containers: + {{- range $_, $ns := $namespaces }} + - name: patch-sa-{{ $ns }} + image: {{ template "system_default_registry" $ }}{{ $.Values.global.kubectl.repository }}:{{ $.Values.global.kubectl.tag }} + imagePullPolicy: {{ $.Values.global.kubectl.pullPolicy }} + command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"] + args: ["-n", "{{ $ns }}"] + {{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Chart.Name }}-patch-sa + labels: + app: {{ .Chart.Name }}-patch-sa +rules: +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: ['get', 'patch'] +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ .Chart.Name }}-patch-sa +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Chart.Name }}-patch-sa + labels: + app: {{ .Chart.Name }}-patch-sa +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Chart.Name }}-patch-sa +subjects: +- kind: ServiceAccount + name: {{ .Chart.Name }}-patch-sa + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-patch-sa + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-patch-sa +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ .Chart.Name }}-patch-sa + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-patch-sa +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- range $_, $ns := $namespaces }} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: default-allow-all + namespace: {{ $ns }} +spec: + podSelector: {} + ingress: + - {} + egress: + - {} + policyTypes: + - Ingress + - Egress +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/ingress-nginx-dashboard.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/ingress-nginx-dashboard.yaml new file mode 100755 index 000000000..20c57dd2a --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/rancher-monitoring/ingress-nginx-dashboard.yaml @@ -0,0 +1,18 @@ +# Source: +{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled .Values.ingressNginx.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "ingress-nginx" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: +{{ (.Files.Glob "files/ingress-nginx/*").AsConfig | indent 2 }} +{{- end }} diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/validate-install-crd.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/validate-install-crd.yaml new file mode 100755 index 000000000..ac7921f58 --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/templates/validate-install-crd.yaml @@ -0,0 +1,21 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "monitoring.coreos.com/v1alpha1/AlertmanagerConfig" false -}} +# {{- set $found "monitoring.coreos.com/v1/Alertmanager" false -}} +# {{- set $found "monitoring.coreos.com/v1/PodMonitor" false -}} +# {{- set $found "monitoring.coreos.com/v1/Probe" false -}} +# {{- set $found "monitoring.coreos.com/v1/Prometheus" false -}} +# {{- set $found "monitoring.coreos.com/v1/PrometheusRule" false -}} +# {{- set $found "monitoring.coreos.com/v1/ServiceMonitor" false -}} +# {{- set $found "monitoring.coreos.com/v1/ThanosRuler" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/values.yaml b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/values.yaml new file mode 100755 index 000000000..924e4c67e --- /dev/null +++ b/released/charts/rancher-monitoring/rancher-monitoring/14.5.100/values.yaml @@ -0,0 +1,2954 @@ +# Default values for kube-prometheus-stack. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Rancher Monitoring Configuration + +## Configuration for prometheus-adapter +## ref: https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-adapter +## +prometheus-adapter: + enabled: true + prometheus: + # Change this if you change the namespaceOverride or nameOverride of prometheus-operator + url: http://rancher-monitoring-prometheus.cattle-monitoring-system.svc + port: 9090 + psp: + create: true + +## RKE PushProx Monitoring +## ref: https://github.com/rancher/charts/tree/dev-v2.5-source/packages/rancher-pushprox +## +rkeControllerManager: + enabled: false + metricsPort: 10252 + component: kube-controller-manager + clients: + port: 10011 + useLocalhost: true + nodeSelector: + node-role.kubernetes.io/controlplane: "true" + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + +rkeScheduler: + enabled: false + metricsPort: 10251 + component: kube-scheduler + clients: + port: 10012 + useLocalhost: true + nodeSelector: + node-role.kubernetes.io/controlplane: "true" + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + +rkeProxy: + enabled: false + metricsPort: 10249 + component: kube-proxy + clients: + port: 10013 + useLocalhost: true + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + +rkeEtcd: + enabled: false + metricsPort: 2379 + component: kube-etcd + clients: + port: 10014 + https: + enabled: true + certDir: /etc/kubernetes/ssl + certFile: kube-etcd-*.pem + keyFile: kube-etcd-*-key.pem + caCertFile: kube-ca.pem + nodeSelector: + node-role.kubernetes.io/etcd: "true" + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + +## k3s PushProx Monitoring +## ref: https://github.com/rancher/charts/tree/dev-v2.5-source/packages/rancher-pushprox +## +k3sServer: + enabled: false + metricsPort: 10249 + component: k3s-server + clients: + port: 10013 + useLocalhost: true + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + +## KubeADM PushProx Monitoring +## ref: https://github.com/rancher/charts/tree/dev-v2.5-source/packages/rancher-pushprox +## +kubeAdmControllerManager: + enabled: false + metricsPort: 10257 + component: kube-controller-manager + clients: + port: 10011 + useLocalhost: true + https: + enabled: true + useServiceAccountCredentials: true + insecureSkipVerify: true + nodeSelector: + node-role.kubernetes.io/master: "" + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + +kubeAdmScheduler: + enabled: false + metricsPort: 10259 + component: kube-scheduler + clients: + port: 10012 + useLocalhost: true + https: + enabled: true + useServiceAccountCredentials: true + insecureSkipVerify: true + nodeSelector: + node-role.kubernetes.io/master: "" + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + +kubeAdmProxy: + enabled: false + metricsPort: 10249 + component: kube-proxy + clients: + port: 10013 + useLocalhost: true + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + +kubeAdmEtcd: + enabled: false + metricsPort: 2381 + component: kube-etcd + clients: + port: 10014 + useLocalhost: true + nodeSelector: + node-role.kubernetes.io/master: "" + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + +## rke2 PushProx Monitoring +## ref: https://github.com/rancher/charts/tree/dev-v2.5-source/packages/rancher-pushprox +## +rke2ControllerManager: + enabled: false + metricsPort: 10252 + component: kube-controller-manager + clients: + port: 10011 + useLocalhost: true + nodeSelector: + node-role.kubernetes.io/master: "true" + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + +rke2Scheduler: + enabled: false + metricsPort: 10251 + component: kube-scheduler + clients: + port: 10012 + useLocalhost: true + nodeSelector: + node-role.kubernetes.io/master: "true" + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + +rke2Proxy: + enabled: false + metricsPort: 10249 + component: kube-proxy + clients: + port: 10013 + useLocalhost: true + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + +rke2Etcd: + enabled: false + metricsPort: 2381 + component: kube-etcd + clients: + port: 10014 + useLocalhost: true + nodeSelector: + node-role.kubernetes.io/etcd: "true" + tolerations: + - effect: "NoSchedule" + key: node-role.kubernetes.io/master + operator: "Equal" + +## Component scraping nginx-ingress-controller +## +ingressNginx: + enabled: false + + ## The namespace to search for your nginx-ingress-controller + ## + namespace: ingress-nginx + + service: + port: 9913 + targetPort: 10254 + # selector: + # app: ingress-nginx + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + +# Prometheus Operator Configuration + +## Provide a name in place of kube-prometheus-stack for `app:` labels +## NOTE: If you change this value, you must update the prometheus-adapter.prometheus.url +## +nameOverride: "rancher-monitoring" + +## Override the deployment namespace +## NOTE: If you change this value, you must update the prometheus-adapter.prometheus.url +## +namespaceOverride: "cattle-monitoring-system" + +## Provide a k8s version to auto dashboard import script example: kubeTargetVersionOverride: 1.16.6 +## +kubeTargetVersionOverride: "" + +## Provide a name to substitute for the full names of resources +## +fullnameOverride: "" + +## Labels to apply to all resources +## +commonLabels: {} +# scmhash: abc123 +# myLabel: aakkmd + +## Create default rules for monitoring the cluster +## +defaultRules: + create: true + rules: + alertmanager: true + etcd: true + general: true + k8s: true + kubeApiserver: true + kubeApiserverAvailability: true + kubeApiserverError: true + kubeApiserverSlos: true + kubelet: true + kubePrometheusGeneral: true + kubePrometheusNodeAlerting: true + kubePrometheusNodeRecording: true + kubernetesAbsent: true + kubernetesApps: true + kubernetesResources: true + kubernetesStorage: true + kubernetesSystem: true + kubeScheduler: true + kubeStateMetrics: true + network: true + node: true + prometheus: true + prometheusOperator: true + time: true + + ## Runbook url prefix for default rules + runbookUrl: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md# + ## Reduce app namespace alert scope + appNamespacesTarget: ".*" + + ## Labels for default rules + labels: {} + ## Annotations for default rules + annotations: {} + + ## Additional labels for PrometheusRule alerts + additionalRuleLabels: {} + +## Deprecated way to provide custom recording or alerting rules to be deployed into the cluster. +## +# additionalPrometheusRules: [] +# - name: my-rule-file +# groups: +# - name: my_group +# rules: +# - record: my_record +# expr: 100 * my_record + +## Provide custom recording or alerting rules to be deployed into the cluster. +## +additionalPrometheusRulesMap: {} +# rule-name: +# groups: +# - name: my_group +# rules: +# - record: my_record +# expr: 100 * my_record + +## +global: + cattle: + systemDefaultRegistry: "" + ## Windows Monitoring + ## ref: https://github.com/rancher/charts/tree/dev-v2.5-source/packages/rancher-windows-exporter + ## Runs https://github.com/prometheus-community/windows_exporter as a DaemonSet + ## Relies on the existence of a wins server of version v0.1.0+ on every Windows host to allow + ## windows_exporter to run as a host process that can publish host metrics to a port on the Pod + windows: + enabled: false + kubectl: + repository: rancher/kubectl + tag: v1.20.2 + pullPolicy: IfNotPresent + rbac: + ## Create RBAC resources for ServiceAccounts and users + ## + create: true + + userRoles: + ## Create default user ClusterRoles to allow users to interact with Prometheus CRs, ConfigMaps, and Secrets + create: true + ## Aggregate default user ClusterRoles into default k8s ClusterRoles + aggregateToDefaultRoles: true + + pspEnabled: true + pspAnnotations: {} + ## Specify pod annotations + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl + ## + # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' + # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' + + ## Reference to one or more secrets to be used when pulling images + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + imagePullSecrets: [] + # - name: "image-pull-secret" + +## Configuration for alertmanager +## ref: https://prometheus.io/docs/alerting/alertmanager/ +## +alertmanager: + + ## Deploy alertmanager + ## + enabled: true + + ## Api that prometheus will use to communicate with alertmanager. Possible values are v1, v2 + ## + apiVersion: v2 + + ## Service account for Alertmanager to use. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + create: true + name: "" + annotations: {} + + ## Configure pod disruption budgets for Alertmanager + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget + ## This configuration is immutable once created and will require the PDB to be deleted to be changed + ## https://github.com/kubernetes/kubernetes/issues/45398 + ## + podDisruptionBudget: + enabled: false + minAvailable: 1 + maxUnavailable: "" + + ## Alertmanager configuration directives + ## ref: https://prometheus.io/docs/alerting/configuration/#configuration-file + ## https://prometheus.io/webtools/alerting/routing-tree-editor/ + ## + ## Example Slack Config + ## config: + ## route: + ## group_by: ['job'] + ## group_wait: 30s + ## group_interval: 5m + ## repeat_interval: 3h + ## receiver: 'slack-notifications' + ## receivers: + ## - name: 'slack-notifications' + ## slack_configs: + ## - send_resolved: true + ## text: '{{ template "slack.rancher.text" . }}' + ## api_url: + ## templates: + ## - /etc/alertmanager/config/*.tmpl + config: + global: + resolve_timeout: 5m + route: + group_by: ['job'] + group_wait: 30s + group_interval: 5m + repeat_interval: 12h + receiver: 'null' + routes: + - match: + alertname: Watchdog + receiver: 'null' + receivers: + - name: 'null' + templates: + - '/etc/alertmanager/config/*.tmpl' + + ## Pass the Alertmanager configuration directives through Helm's templating + ## engine. If the Alertmanager configuration contains Alertmanager templates, + ## they'll need to be properly escaped so that they are not interpreted by + ## Helm + ## ref: https://helm.sh/docs/developing_charts/#using-the-tpl-function + ## https://prometheus.io/docs/alerting/configuration/#tmpl_string + ## https://prometheus.io/docs/alerting/notifications/ + ## https://prometheus.io/docs/alerting/notification_examples/ + tplConfig: false + + ## Alertmanager template files to format alerts + ## By default, templateFiles are placed in /etc/alertmanager/config/ and if + ## they have a .tmpl file suffix will be loaded. See config.templates above + ## to change, add other suffixes. If adding other suffixes, be sure to update + ## config.templates above to include those suffixes. + ## ref: https://prometheus.io/docs/alerting/notifications/ + ## https://prometheus.io/docs/alerting/notification_examples/ + ## + templateFiles: + rancher_defaults.tmpl: |- + {{- define "slack.rancher.text" -}} + {{ template "rancher.text_multiple" . }} + {{- end -}} + + {{- define "rancher.text_multiple" -}} + *[GROUP - Details]* + One or more alarms in this group have triggered a notification. + + {{- if gt (len .GroupLabels.Values) 0 }} + *Group Labels:* + {{- range .GroupLabels.SortedPairs }} + • *{{ .Name }}:* `{{ .Value }}` + {{- end }} + {{- end }} + {{- if .ExternalURL }} + *Link to AlertManager:* {{ .ExternalURL }} + {{- end }} + + {{- range .Alerts }} + {{ template "rancher.text_single" . }} + {{- end }} + {{- end -}} + + {{- define "rancher.text_single" -}} + {{- if .Labels.alertname }} + *[ALERT - {{ .Labels.alertname }}]* + {{- else }} + *[ALERT]* + {{- end }} + {{- if .Labels.severity }} + *Severity:* `{{ .Labels.severity }}` + {{- end }} + {{- if .Labels.cluster }} + *Cluster:* {{ .Labels.cluster }} + {{- end }} + {{- if .Annotations.summary }} + *Summary:* {{ .Annotations.summary }} + {{- end }} + {{- if .Annotations.message }} + *Message:* {{ .Annotations.message }} + {{- end }} + {{- if .Annotations.description }} + *Description:* {{ .Annotations.description }} + {{- end }} + {{- if .Annotations.runbook_url }} + *Runbook URL:* <{{ .Annotations.runbook_url }}|:spiral_note_pad:> + {{- end }} + {{- with .Labels }} + {{- with .Remove (stringSlice "alertname" "severity" "cluster") }} + {{- if gt (len .) 0 }} + *Additional Labels:* + {{- range .SortedPairs }} + • *{{ .Name }}:* `{{ .Value }}` + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- with .Annotations }} + {{- with .Remove (stringSlice "summary" "message" "description" "runbook_url") }} + {{- if gt (len .) 0 }} + *Additional Annotations:* + {{- range .SortedPairs }} + • *{{ .Name }}:* `{{ .Value }}` + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end -}} + + ingress: + enabled: false + + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + + annotations: {} + + labels: {} + + ## Hosts must be provided if Ingress is enabled. + ## + hosts: [] + # - alertmanager.domain.com + + ## Paths to use for ingress rules - one path should match the alertmanagerSpec.routePrefix + ## + paths: [] + # - / + + ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched) + ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types + # pathType: ImplementationSpecific + + ## TLS configuration for Alertmanager Ingress + ## Secret must be manually created in the namespace + ## + tls: [] + # - secretName: alertmanager-general-tls + # hosts: + # - alertmanager.example.com + + ## Configuration for Alertmanager secret + ## + secret: + + # Should the Alertmanager Config Secret be cleaned up on an uninstall? + # This is set to false by default to prevent the loss of alerting configuration on an uninstall + # Only used Alertmanager is deployed and alertmanager.alertmanagerSpec.useExistingSecret=false + # + cleanupOnUninstall: false + + # The image used to manage the Alertmanager Config Secret's lifecycle + # Only used Alertmanager is deployed and alertmanager.alertmanagerSpec.useExistingSecret=false + # + image: + repository: rancher/rancher-agent + tag: v2.5.7 + pullPolicy: IfNotPresent + + securityContext: + runAsNonRoot: true + runAsUser: 1000 + + annotations: {} + + ## Configuration for creating an Ingress that will map to each Alertmanager replica service + ## alertmanager.servicePerReplica must be enabled + ## + ingressPerReplica: + enabled: false + + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + + annotations: {} + labels: {} + + ## Final form of the hostname for each per replica ingress is + ## {{ ingressPerReplica.hostPrefix }}-{{ $replicaNumber }}.{{ ingressPerReplica.hostDomain }} + ## + ## Prefix for the per replica ingress that will have `-$replicaNumber` + ## appended to the end + hostPrefix: "" + ## Domain that will be used for the per replica ingress + hostDomain: "" + + ## Paths to use for ingress rules + ## + paths: [] + # - / + + ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched) + ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types + # pathType: ImplementationSpecific + + ## Secret name containing the TLS certificate for alertmanager per replica ingress + ## Secret must be manually created in the namespace + tlsSecretName: "" + + ## Separated secret for each per replica Ingress. Can be used together with cert-manager + ## + tlsSecretPerReplica: + enabled: false + ## Final form of the secret for each per replica ingress is + ## {{ tlsSecretPerReplica.prefix }}-{{ $replicaNumber }} + ## + prefix: "alertmanager" + + ## Configuration for Alertmanager service + ## + service: + annotations: {} + labels: {} + clusterIP: "" + + ## Port for Alertmanager Service to listen on + ## + port: 9093 + ## To be used with a proxy extraContainer port + ## + targetPort: 9093 + ## Port to expose on each node + ## Only used if service.type is 'NodePort' + ## + nodePort: 30903 + ## List of IP addresses at which the Prometheus server service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + + ## Additional ports to open for Alertmanager service + additionalPorts: [] + + externalIPs: [] + loadBalancerIP: "" + loadBalancerSourceRanges: [] + ## Service type + ## + type: ClusterIP + + ## Configuration for creating a separate Service for each statefulset Alertmanager replica + ## + servicePerReplica: + enabled: false + annotations: {} + + ## Port for Alertmanager Service per replica to listen on + ## + port: 9093 + + ## To be used with a proxy extraContainer port + targetPort: 9093 + + ## Port to expose on each node + ## Only used if servicePerReplica.type is 'NodePort' + ## + nodePort: 30904 + + ## Loadbalancer source IP ranges + ## Only used if servicePerReplica.type is "LoadBalancer" + loadBalancerSourceRanges: [] + ## Service type + ## + type: ClusterIP + + ## If true, create a serviceMonitor for alertmanager + ## + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + selfMonitor: true + + ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS. + scheme: "" + + ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS. + ## Of type: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig + tlsConfig: {} + + bearerTokenFile: "" + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + ## Settings affecting alertmanagerSpec + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#alertmanagerspec + ## + alertmanagerSpec: + ## Standard object’s metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata + ## Metadata Labels and Annotations gets propagated to the Alertmanager pods. + ## + podMetadata: {} + + ## Image of Alertmanager + ## + image: + repository: rancher/mirrored-prom-alertmanager + tag: v0.21.0 + sha: "" + + ## If true then the user will be responsible to provide a secret with alertmanager configuration + ## So when true the config part will be ignored (including templateFiles) and the one in the secret will be used + ## + useExistingSecret: false + + ## Secrets is a list of Secrets in the same namespace as the Alertmanager object, which shall be mounted into the + ## Alertmanager Pods. The Secrets are mounted into /etc/alertmanager/secrets/. + ## + secrets: [] + + ## ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. + ## The ConfigMaps are mounted into /etc/alertmanager/configmaps/. + ## + configMaps: [] + + ## ConfigSecret is the name of a Kubernetes Secret in the same namespace as the Alertmanager object, which contains configuration for + ## this Alertmanager instance. Defaults to 'alertmanager-' The secret is mounted into /etc/alertmanager/config. + ## + # configSecret: + + ## AlertmanagerConfigs to be selected to merge and configure Alertmanager with. + ## + alertmanagerConfigSelector: {} + ## Example which selects all alertmanagerConfig resources + ## with label "alertconfig" with values any of "example-config" or "example-config-2" + # alertmanagerConfigSelector: + # matchExpressions: + # - key: alertconfig + # operator: In + # values: + # - example-config + # - example-config-2 + # + ## Example which selects all alertmanagerConfig resources with label "role" set to "example-config" + # alertmanagerConfigSelector: + # matchLabels: + # role: example-config + + ## Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace. + ## + alertmanagerConfigNamespaceSelector: {} + ## Example which selects all namespaces + ## with label "alertmanagerconfig" with values any of "example-namespace" or "example-namespace-2" + # alertmanagerConfigNamespaceSelector: + # matchExpressions: + # - key: alertmanagerconfig + # operator: In + # values: + # - example-namespace + # - example-namespace-2 + + ## Example which selects all namespaces with label "alertmanagerconfig" set to "enabled" + # alertmanagerConfigNamespaceSelector: + # matchLabels: + # alertmanagerconfig: enabled + + ## Define Log Format + # Use logfmt (default) or json logging + logFormat: logfmt + + ## Log level for Alertmanager to be configured with. + ## + logLevel: info + + ## Size is the expected size of the alertmanager cluster. The controller will eventually make the size of the + ## running cluster equal to the expected size. + replicas: 1 + + ## Time duration Alertmanager shall retain data for. Default is '120h', and must match the regular expression + ## [0-9]+(ms|s|m|h) (milliseconds seconds minutes hours). + ## + retention: 120h + + ## Storage is the definition of how storage will be used by the Alertmanager instances. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/storage.md + ## + storage: {} + # volumeClaimTemplate: + # spec: + # storageClassName: gluster + # accessModes: ["ReadWriteOnce"] + # resources: + # requests: + # storage: 50Gi + # selector: {} + + + ## The external URL the Alertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if Alertmanager is not served from root of a DNS name. string false + ## + externalUrl: + + ## The route prefix Alertmanager registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, + ## but the server serves requests under a different route prefix. For example for use with kubectl proxy. + ## + routePrefix: / + + ## If set to true all actions on the underlying managed objects are not going to be performed, except for delete actions. + ## + paused: false + + ## Define which Nodes the Pods are scheduled on. + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Define resources requests and limits for single Pods. + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + limits: + memory: 500Mi + cpu: 1000m + requests: + memory: 100Mi + cpu: 100m + + ## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node. + ## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided. + ## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node. + ## The value "" will disable pod anti-affinity so that no anti-affinity rules will be configured. + ## + podAntiAffinity: "" + + ## If anti-affinity is enabled sets the topologyKey to use for anti-affinity. + ## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone + ## + podAntiAffinityTopologyKey: kubernetes.io/hostname + + ## Assign custom affinity rules to the alertmanager instance + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + affinity: {} + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/e2e-az-name + # operator: In + # values: + # - e2e-az1 + # - e2e-az2 + + ## If specified, the pod's tolerations. + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + + ## If specified, the pod's topology spread constraints. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + # labelSelector: + # matchLabels: + # app: alertmanager + + ## SecurityContext holds pod-level security attributes and common container settings. + ## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## + securityContext: + runAsGroup: 2000 + runAsNonRoot: true + runAsUser: 1000 + fsGroup: 2000 + + ## ListenLocal makes the Alertmanager server listen on loopback, so that it does not bind against the Pod IP. + ## Note this is only for the Alertmanager UI, not the gossip communication. + ## + listenLocal: false + + ## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to an Alertmanager pod. + ## + containers: [] + + # Additional volumes on the output StatefulSet definition. + volumes: [] + + # Additional VolumeMounts on the output StatefulSet definition. + volumeMounts: [] + + ## InitContainers allows injecting additional initContainers. This is meant to allow doing some changes + ## (permissions, dir tree) on mounted volumes before starting prometheus + initContainers: [] + + ## Priority class assigned to the Pods + ## + priorityClassName: "" + + ## AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster. + ## + additionalPeers: [] + + ## PortName to use for Alert Manager. + ## + portName: "web" + + ## ClusterAdvertiseAddress is the explicit address to advertise in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. [1] RFC1918: https://tools.ietf.org/html/rfc1918 + ## + clusterAdvertiseAddress: false + + ## ForceEnableClusterMode ensures Alertmanager does not deactivate the cluster mode when running with a single replica. + ## Use case is e.g. spanning an Alertmanager cluster across Kubernetes clusters with a single replica in each. + forceEnableClusterMode: false + + +## Using default values from https://github.com/grafana/helm-charts/blob/main/charts/grafana/values.yaml +## +grafana: + enabled: true + namespaceOverride: "" + + ## Grafana's primary configuration + ## NOTE: values in map will be converted to ini format + ## ref: http://docs.grafana.org/installation/configuration/ + ## + grafana.ini: + users: + auto_assign_org_role: Viewer + auth: + disable_login_form: false + auth.anonymous: + enabled: true + org_role: Viewer + auth.basic: + enabled: false + dashboards: + # Modify this value to change the default dashboard shown on the main Grafana page + default_home_dashboard_path: /tmp/dashboards/rancher-default-home.json + security: + # Required to embed dashboards in Rancher Cluster Overview Dashboard on Cluster Explorer + allow_embedding: true + + deploymentStrategy: + type: Recreate + + ## Deploy default dashboards. + ## + defaultDashboardsEnabled: true + + # Additional options for defaultDashboards + defaultDashboards: + # The default namespace to place defaultDashboards within + namespace: cattle-dashboards + # Whether to create the default namespace as a Helm managed namespace or use an existing namespace + # If false, the defaultDashboards.namespace will be created as a Helm managed namespace + useExistingNamespace: false + # Whether the Helm managed namespace created by this chart should be left behind on a Helm uninstall + # If you place other dashboards in this namespace, then they will be deleted on a helm uninstall + # Ignore if useExistingNamespace is true + cleanupOnUninstall: false + + adminPassword: prom-operator + + ingress: + ## If true, Grafana Ingress will be created + ## + enabled: false + + ## Annotations for Grafana Ingress + ## + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + + ## Labels to be added to the Ingress + ## + labels: {} + + ## Hostnames. + ## Must be provided if Ingress is enable. + ## + # hosts: + # - grafana.domain.com + hosts: [] + + ## Path for grafana ingress + path: / + + ## TLS configuration for grafana Ingress + ## Secret must be manually created in the namespace + ## + tls: [] + # - secretName: grafana-general-tls + # hosts: + # - grafana.example.com + + sidecar: + dashboards: + enabled: true + label: grafana_dashboard + searchNamespace: cattle-dashboards + + ## Annotations for Grafana dashboard configmaps + ## + annotations: {} + multicluster: false + datasources: + enabled: true + defaultDatasourceEnabled: true + + # If not defined, will use prometheus.prometheusSpec.scrapeInterval or its default + # defaultDatasourceScrapeInterval: 15s + + ## Annotations for Grafana datasource configmaps + ## + annotations: {} + + ## Create datasource for each Pod of Prometheus StatefulSet; + ## this uses headless service `prometheus-operated` which is + ## created by Prometheus Operator + ## ref: https://git.io/fjaBS + createPrometheusReplicasDatasources: false + label: grafana_datasource + + extraConfigmapMounts: [] + # - name: certs-configmap + # mountPath: /etc/grafana/ssl/ + # configMap: certs-configmap + # readOnly: true + + ## Configure additional grafana datasources (passed through tpl) + ## ref: http://docs.grafana.org/administration/provisioning/#datasources + additionalDataSources: [] + # - name: prometheus-sample + # access: proxy + # basicAuth: true + # basicAuthPassword: pass + # basicAuthUser: daco + # editable: false + # jsonData: + # tlsSkipVerify: true + # orgId: 1 + # type: prometheus + # url: https://{{ printf "%s-prometheus.svc" .Release.Name }}:9090 + # version: 1 + + ## Passed to grafana subchart and used by servicemonitor below + ## + service: + portName: nginx-http + ## Port for Grafana Service to listen on + ## + port: 80 + ## To be used with a proxy extraContainer port + ## + targetPort: 8080 + ## Port to expose on each node + ## Only used if service.type is 'NodePort' + ## + nodePort: 30950 + ## Service type + ## + type: ClusterIP + + proxy: + image: + repository: rancher/mirrored-library-nginx + tag: 1.19.2-alpine + + ## Enable an Specify container in extraContainers. This is meant to allow adding an authentication proxy to a grafana pod + extraContainers: | + - name: grafana-proxy + args: + - nginx + - -g + - daemon off; + - -c + - /nginx/nginx.conf + image: "{{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }}" + ports: + - containerPort: 8080 + name: nginx-http + protocol: TCP + volumeMounts: + - mountPath: /nginx + name: grafana-nginx + - mountPath: /var/cache/nginx + name: nginx-home + securityContext: + runAsUser: 101 + runAsGroup: 101 + + ## Volumes that can be used in containers + extraContainerVolumes: + - name: nginx-home + emptyDir: {} + - name: grafana-nginx + configMap: + name: grafana-nginx-proxy-config + items: + - key: nginx.conf + mode: 438 + path: nginx.conf + + ## If true, create a serviceMonitor for grafana + ## + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + selfMonitor: true + + # Path to use for scraping metrics. Might be different if server.root_url is set + # in grafana.ini + path: "/metrics" + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + resources: + limits: + memory: 200Mi + cpu: 200m + requests: + memory: 100Mi + cpu: 100m + +## Component scraping the kube api server +## +kubeApiServer: + enabled: true + tlsConfig: + serverName: kubernetes + insecureSkipVerify: false + + ## If your API endpoint address is not reachable (as in AKS) you can replace it with the kubernetes service + ## + relabelings: [] + # - sourceLabels: + # - __meta_kubernetes_namespace + # - __meta_kubernetes_service_name + # - __meta_kubernetes_endpoint_port_name + # action: keep + # regex: default;kubernetes;https + # - targetLabel: __address__ + # replacement: kubernetes.default.svc:443 + + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + jobLabel: component + selector: + matchLabels: + component: apiserver + provider: kubernetes + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + +## Component scraping the kubelet and kubelet-hosted cAdvisor +## +kubelet: + enabled: true + namespace: kube-system + + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + + ## Enable scraping the kubelet over https. For requirements to enable this see + ## https://github.com/prometheus-operator/prometheus-operator/issues/926 + ## + https: true + + ## Enable scraping /metrics/cadvisor from kubelet's service + ## + cAdvisor: true + + ## Enable scraping /metrics/probes from kubelet's service + ## + probes: true + + ## Enable scraping /metrics/resource from kubelet's service + ## This is disabled by default because container metrics are already exposed by cAdvisor + ## + resource: false + # From kubernetes 1.18, /metrics/resource/v1alpha1 renamed to /metrics/resource + resourcePath: "/metrics/resource/v1alpha1" + ## Metric relabellings to apply to samples before ingestion + ## + cAdvisorMetricRelabelings: [] + # - sourceLabels: [__name__, image] + # separator: ; + # regex: container_([a-z_]+); + # replacement: $1 + # action: drop + # - sourceLabels: [__name__] + # separator: ; + # regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s) + # replacement: $1 + # action: drop + + ## Metric relabellings to apply to samples before ingestion + ## + probesMetricRelabelings: [] + # - sourceLabels: [__name__, image] + # separator: ; + # regex: container_([a-z_]+); + # replacement: $1 + # action: drop + # - sourceLabels: [__name__] + # separator: ; + # regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s) + # replacement: $1 + # action: drop + + # relabel configs to apply to samples before ingestion. + # metrics_path is required to match upstream rules and charts + ## + cAdvisorRelabelings: + - sourceLabels: [__metrics_path__] + targetLabel: metrics_path + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + probesRelabelings: + - sourceLabels: [__metrics_path__] + targetLabel: metrics_path + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + resourceRelabelings: + - sourceLabels: [__metrics_path__] + targetLabel: metrics_path + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + metricRelabelings: [] + # - sourceLabels: [__name__, image] + # separator: ; + # regex: container_([a-z_]+); + # replacement: $1 + # action: drop + # - sourceLabels: [__name__] + # separator: ; + # regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s) + # replacement: $1 + # action: drop + + # relabel configs to apply to samples before ingestion. + # metrics_path is required to match upstream rules and charts + ## + relabelings: + - sourceLabels: [__metrics_path__] + targetLabel: metrics_path + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + +## Component scraping the kube controller manager +## +kubeControllerManager: + enabled: false + + ## If your kube controller manager is not deployed as a pod, specify IPs it can be found on + ## + endpoints: [] + # - 10.141.4.22 + # - 10.141.4.23 + # - 10.141.4.24 + + ## If using kubeControllerManager.endpoints only the port and targetPort are used + ## + service: + enabled: true + port: 10252 + targetPort: 10252 + # selector: + # component: kube-controller-manager + + serviceMonitor: + enabled: true + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + + ## Enable scraping kube-controller-manager over https. + ## Requires proper certs (not self-signed) and delegated authentication/authorization checks + ## + https: false + + # Skip TLS certificate validation when scraping + insecureSkipVerify: null + + # Name of the server to use when validating TLS certificate + serverName: null + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + +## Component scraping coreDns. Use either this or kubeDns +## +coreDns: + enabled: true + service: + port: 9153 + targetPort: 9153 + # selector: + # k8s-app: kube-dns + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + +## Component scraping kubeDns. Use either this or coreDns +## +kubeDns: + enabled: false + service: + dnsmasq: + port: 10054 + targetPort: 10054 + skydns: + port: 10055 + targetPort: 10055 + # selector: + # k8s-app: kube-dns + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + dnsmasqMetricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + dnsmasqRelabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + +## Component scraping etcd +## +kubeEtcd: + enabled: false + + ## If your etcd is not deployed as a pod, specify IPs it can be found on + ## + endpoints: [] + # - 10.141.4.22 + # - 10.141.4.23 + # - 10.141.4.24 + + ## Etcd service. If using kubeEtcd.endpoints only the port and targetPort are used + ## + service: + enabled: true + port: 2379 + targetPort: 2379 + # selector: + # component: etcd + + ## Configure secure access to the etcd cluster by loading a secret into prometheus and + ## specifying security configuration below. For example, with a secret named etcd-client-cert + ## + ## serviceMonitor: + ## scheme: https + ## insecureSkipVerify: false + ## serverName: localhost + ## caFile: /etc/prometheus/secrets/etcd-client-cert/etcd-ca + ## certFile: /etc/prometheus/secrets/etcd-client-cert/etcd-client + ## keyFile: /etc/prometheus/secrets/etcd-client-cert/etcd-client-key + ## + serviceMonitor: + enabled: true + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + scheme: http + insecureSkipVerify: false + serverName: "" + caFile: "" + certFile: "" + keyFile: "" + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + +## Component scraping kube scheduler +## +kubeScheduler: + enabled: false + + ## If your kube scheduler is not deployed as a pod, specify IPs it can be found on + ## + endpoints: [] + # - 10.141.4.22 + # - 10.141.4.23 + # - 10.141.4.24 + + ## If using kubeScheduler.endpoints only the port and targetPort are used + ## + service: + enabled: true + port: 10251 + targetPort: 10251 + # selector: + # component: kube-scheduler + + serviceMonitor: + enabled: true + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + ## Enable scraping kube-scheduler over https. + ## Requires proper certs (not self-signed) and delegated authentication/authorization checks + ## + https: false + + ## Skip TLS certificate validation when scraping + insecureSkipVerify: null + + ## Name of the server to use when validating TLS certificate + serverName: null + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + +## Component scraping kube proxy +## +kubeProxy: + enabled: false + + ## If your kube proxy is not deployed as a pod, specify IPs it can be found on + ## + endpoints: [] + # - 10.141.4.22 + # - 10.141.4.23 + # - 10.141.4.24 + + service: + enabled: true + port: 10249 + targetPort: 10249 + # selector: + # k8s-app: kube-proxy + + serviceMonitor: + enabled: true + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + + ## Enable scraping kube-proxy over https. + ## Requires proper certs (not self-signed) and delegated authentication/authorization checks + ## + https: false + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + +## Component scraping kube state metrics +## +kubeStateMetrics: + enabled: true + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + ## Override serviceMonitor selector + ## + selectorOverride: {} + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + +## Configuration for kube-state-metrics subchart +## +kube-state-metrics: + namespaceOverride: "" + rbac: + create: true + podSecurityPolicy: + enabled: true + resources: + limits: + cpu: 100m + memory: 200Mi + requests: + cpu: 100m + memory: 130Mi + +## Deploy node exporter as a daemonset to all nodes +## +nodeExporter: + enabled: true + + ## Use the value configured in prometheus-node-exporter.podLabels + ## + jobLabel: jobLabel + + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + + ## How long until a scrape request times out. If not set, the Prometheus default scape timeout is used. + ## + scrapeTimeout: "" + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - sourceLabels: [__name__] + # separator: ; + # regex: ^node_mountstats_nfs_(event|operations|transport)_.+ + # replacement: $1 + # action: drop + + ## relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + +## Configuration for prometheus-node-exporter subchart +## +prometheus-node-exporter: + namespaceOverride: "" + podLabels: + ## Add the 'node-exporter' label to be used by serviceMonitor to match standard common usage in rules and grafana dashboards + ## + jobLabel: node-exporter + extraArgs: + - --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/.+)($|/) + - --collector.filesystem.ignored-fs-types=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs)$ + service: + port: 9796 + targetPort: 9796 + resources: + limits: + cpu: 200m + memory: 50Mi + requests: + cpu: 100m + memory: 30Mi + +## Manages Prometheus and Alertmanager components +## +prometheusOperator: + enabled: true + + ## Prometheus-Operator v0.39.0 and later support TLS natively. + ## + tls: + enabled: true + # Value must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants + tlsMinVersion: VersionTLS13 + # The default webhook port is 10250 in order to work out-of-the-box in GKE private clusters and avoid adding firewall rules. + internalPort: 10250 + + ## Admission webhook support for PrometheusRules resources added in Prometheus Operator 0.30 can be enabled to prevent incorrectly formatted + ## rules from making their way into prometheus and potentially preventing the container from starting + admissionWebhooks: + failurePolicy: Fail + enabled: true + ## A PEM encoded CA bundle which will be used to validate the webhook's server certificate. + ## If unspecified, system trust roots on the apiserver are used. + caBundle: "" + ## If enabled, generate a self-signed certificate, then patch the webhook configurations with the generated data. + ## On chart upgrades (or if the secret exists) the cert will not be re-generated. You can use this to provide your own + ## certs ahead of time if you wish. + ## + patch: + enabled: true + image: + repository: rancher/mirrored-jettech-kube-webhook-certgen + tag: v1.5.0 + sha: "" + pullPolicy: IfNotPresent + resources: {} + ## Provide a priority class name to the webhook patching job + ## + priorityClassName: "" + podAnnotations: {} + nodeSelector: {} + affinity: {} + tolerations: [] + # Use certmanager to generate webhook certs + certManager: + enabled: false + # issuerRef: + # name: "issuer" + # kind: "ClusterIssuer" + + ## Namespaces to scope the interaction of the Prometheus Operator and the apiserver (allow list). + ## This is mutually exclusive with denyNamespaces. Setting this to an empty object will disable the configuration + ## + namespaces: {} + # releaseNamespace: true + # additional: + # - kube-system + + ## Namespaces not to scope the interaction of the Prometheus Operator (deny list). + ## + denyNamespaces: [] + + ## Filter namespaces to look for prometheus-operator custom resources + ## + alertmanagerInstanceNamespaces: [] + prometheusInstanceNamespaces: [] + thanosRulerInstanceNamespaces: [] + + ## The clusterDomain value will be added to the cluster.peer option of the alertmanager. + ## Without this specified option cluster.peer will have value alertmanager-monitoring-alertmanager-0.alertmanager-operated:9094 (default value) + ## With this specified option cluster.peer will have value alertmanager-monitoring-alertmanager-0.alertmanager-operated.namespace.svc.cluster-domain:9094 + ## + # clusterDomain: "cluster.local" + + ## Service account for Alertmanager to use. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + create: true + name: "" + + ## Configuration for Prometheus operator service + ## + service: + annotations: {} + labels: {} + clusterIP: "" + + ## Port to expose on each node + ## Only used if service.type is 'NodePort' + ## + nodePort: 30080 + + nodePortTls: 30443 + + ## Additional ports to open for Prometheus service + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services + ## + additionalPorts: [] + + ## Loadbalancer IP + ## Only use if service.type is "LoadBalancer" + ## + loadBalancerIP: "" + loadBalancerSourceRanges: [] + + ## Service type + ## NodePort, ClusterIP, LoadBalancer + ## + type: ClusterIP + + ## List of IP addresses at which the Prometheus server service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + + ## Labels to add to the operator pod + ## + podLabels: {} + + ## Annotations to add to the operator pod + ## + podAnnotations: {} + + ## Assign a PriorityClassName to pods if set + # priorityClassName: "" + + ## Define Log Format + # Use logfmt (default) or json logging + # logFormat: logfmt + + ## Decrease log verbosity to errors only + # logLevel: error + + ## If true, the operator will create and maintain a service for scraping kubelets + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/helm/prometheus-operator/README.md + ## + kubeletService: + enabled: true + namespace: kube-system + + ## Create a servicemonitor for the operator + ## + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + ## Scrape timeout. If not set, the Prometheus default scrape timeout is used. + scrapeTimeout: "" + selfMonitor: true + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + ## Resource limits & requests + ## + resources: + limits: + cpu: 200m + memory: 500Mi + requests: + cpu: 100m + memory: 100Mi + + # Required for use in managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico), + # because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working + ## + hostNetwork: false + + ## Define which Nodes the Pods are scheduled on. + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Tolerations for use with node taints + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + + ## Assign custom affinity rules to the prometheus operator + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + affinity: {} + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/e2e-az-name + # operator: In + # values: + # - e2e-az1 + # - e2e-az2 + dnsConfig: {} + # nameservers: + # - 1.2.3.4 + # searches: + # - ns1.svc.cluster-domain.example + # - my.dns.search.suffix + # options: + # - name: ndots + # value: "2" + # - name: edns0 + securityContext: + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + + ## Prometheus-operator image + ## + image: + repository: rancher/mirrored-prometheus-operator-prometheus-operator + tag: v0.46.0 + sha: "" + pullPolicy: IfNotPresent + + ## Prometheus image to use for prometheuses managed by the operator + ## + # prometheusDefaultBaseImage: quay.io/prometheus/prometheus + + ## Alertmanager image to use for alertmanagers managed by the operator + ## + # alertmanagerDefaultBaseImage: quay.io/prometheus/alertmanager + + ## Prometheus-config-reloader image to use for config and rule reloading + ## + prometheusConfigReloaderImage: + repository: rancher/mirrored-prometheus-operator-prometheus-config-reloader + tag: v0.46.0 + sha: "" + + ## Set the prometheus config reloader side-car CPU limit + ## + configReloaderCpu: 100m + + ## Set the prometheus config reloader side-car memory limit + ## + configReloaderMemory: 50Mi + + ## Set a Field Selector to filter watched secrets + ## + secretFieldSelector: "" + +## Deploy a Prometheus instance +## +prometheus: + + enabled: true + + ## Annotations for Prometheus + ## + annotations: {} + + ## Service account for Prometheuses to use. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + create: true + name: "" + + # Service for thanos service discovery on sidecar + # Enable this can make Thanos Query can use + # `--store=dnssrv+_grpc._tcp.${kube-prometheus-stack.fullname}-thanos-discovery.${namespace}.svc.cluster.local` to discovery + # Thanos sidecar on prometheus nodes + # (Please remember to change ${kube-prometheus-stack.fullname} and ${namespace}. Not just copy and paste!) + thanosService: + enabled: false + annotations: {} + labels: {} + portName: grpc + port: 10901 + targetPort: "grpc" + clusterIP: "None" + + ## Service type + ## + type: ClusterIP + + ## Port to expose on each node + ## + nodePort: 30901 + + ## Service type + ## + type: ClusterIP + + ## Port to expose on each node + ## + nodePort: 30901 + + ## Configuration for Prometheus service + ## + service: + annotations: {} + labels: {} + clusterIP: "" + + ## Port for Prometheus Service to listen on + ## + port: 9090 + + ## To be used with a proxy extraContainer port + targetPort: 8081 + + ## List of IP addresses at which the Prometheus server service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + + ## Port to expose on each node + ## Only used if service.type is 'NodePort' + ## + nodePort: 30090 + + ## Loadbalancer IP + ## Only use if service.type is "LoadBalancer" + loadBalancerIP: "" + loadBalancerSourceRanges: [] + ## Service type + ## + type: ClusterIP + + sessionAffinity: "" + + ## Configuration for creating a separate Service for each statefulset Prometheus replica + ## + servicePerReplica: + enabled: false + annotations: {} + + ## Port for Prometheus Service per replica to listen on + ## + port: 9090 + + ## To be used with a proxy extraContainer port + targetPort: 9090 + + ## Port to expose on each node + ## Only used if servicePerReplica.type is 'NodePort' + ## + nodePort: 30091 + + ## Loadbalancer source IP ranges + ## Only used if servicePerReplica.type is "LoadBalancer" + loadBalancerSourceRanges: [] + ## Service type + ## + type: ClusterIP + + ## Configure pod disruption budgets for Prometheus + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget + ## This configuration is immutable once created and will require the PDB to be deleted to be changed + ## https://github.com/kubernetes/kubernetes/issues/45398 + ## + podDisruptionBudget: + enabled: false + minAvailable: 1 + maxUnavailable: "" + + # Ingress exposes thanos sidecar outside the cluster + thanosIngress: + enabled: false + + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + + annotations: {} + labels: {} + servicePort: 10901 + + ## Port to expose on each node + ## Only used if service.type is 'NodePort' + ## + nodePort: 30901 + + ## Hosts must be provided if Ingress is enabled. + ## + hosts: [] + # - thanos-gateway.domain.com + + ## Paths to use for ingress rules + ## + paths: [] + # - / + + ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched) + ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types + # pathType: ImplementationSpecific + + ## TLS configuration for Thanos Ingress + ## Secret must be manually created in the namespace + ## + tls: [] + # - secretName: thanos-gateway-tls + # hosts: + # - thanos-gateway.domain.com + + ingress: + enabled: false + + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + + annotations: {} + labels: {} + + ## Hostnames. + ## Must be provided if Ingress is enabled. + ## + # hosts: + # - prometheus.domain.com + hosts: [] + + ## Paths to use for ingress rules - one path should match the prometheusSpec.routePrefix + ## + paths: [] + # - / + + ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched) + ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types + # pathType: ImplementationSpecific + + ## TLS configuration for Prometheus Ingress + ## Secret must be manually created in the namespace + ## + tls: [] + # - secretName: prometheus-general-tls + # hosts: + # - prometheus.example.com + + ## Configuration for creating an Ingress that will map to each Prometheus replica service + ## prometheus.servicePerReplica must be enabled + ## + ingressPerReplica: + enabled: false + + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + + annotations: {} + labels: {} + + ## Final form of the hostname for each per replica ingress is + ## {{ ingressPerReplica.hostPrefix }}-{{ $replicaNumber }}.{{ ingressPerReplica.hostDomain }} + ## + ## Prefix for the per replica ingress that will have `-$replicaNumber` + ## appended to the end + hostPrefix: "" + ## Domain that will be used for the per replica ingress + hostDomain: "" + + ## Paths to use for ingress rules + ## + paths: [] + # - / + + ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched) + ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types + # pathType: ImplementationSpecific + + ## Secret name containing the TLS certificate for Prometheus per replica ingress + ## Secret must be manually created in the namespace + tlsSecretName: "" + + ## Separated secret for each per replica Ingress. Can be used together with cert-manager + ## + tlsSecretPerReplica: + enabled: false + ## Final form of the secret for each per replica ingress is + ## {{ tlsSecretPerReplica.prefix }}-{{ $replicaNumber }} + ## + prefix: "prometheus" + + ## Configure additional options for default pod security policy for Prometheus + ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ + podSecurityPolicy: + allowedCapabilities: [] + allowedHostPaths: [] + volumes: [] + + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + selfMonitor: true + + ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS. + scheme: "" + + ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS. + ## Of type: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#tlsconfig + tlsConfig: {} + + bearerTokenFile: + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + ## Settings affecting prometheusSpec + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + prometheusSpec: + ## If true, pass --storage.tsdb.max-block-duration=2h to prometheus. This is already done if using Thanos + ## + disableCompaction: false + ## APIServerConfig + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#apiserverconfig + ## + apiserverConfig: {} + + ## Interval between consecutive scrapes. + ## Defaults to 30s. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/release-0.44/pkg/prometheus/promcfg.go#L180-L183 + ## + scrapeInterval: "" + + ## Number of seconds to wait for target to respond before erroring + ## + scrapeTimeout: "" + + ## Interval between consecutive evaluations. + ## + evaluationInterval: "" + + ## ListenLocal makes the Prometheus server listen on loopback, so that it does not bind against the Pod IP. + ## + listenLocal: false + + ## EnableAdminAPI enables Prometheus the administrative HTTP API which includes functionality such as deleting time series. + ## This is disabled by default. + ## ref: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis + ## + enableAdminAPI: false + + ## Image of Prometheus. + ## + image: + repository: rancher/mirrored-prometheus-prometheus + tag: v2.24.0 + sha: "" + + ## Tolerations for use with node taints + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + + ## If specified, the pod's topology spread constraints. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + # labelSelector: + # matchLabels: + # app: prometheus + + ## Alertmanagers to which alerts will be sent + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#alertmanagerendpoints + ## + ## Default configuration will connect to the alertmanager deployed as part of this release + ## + alertingEndpoints: [] + # - name: "" + # namespace: "" + # port: http + # scheme: http + # pathPrefix: "" + # tlsConfig: {} + # bearerTokenFile: "" + # apiVersion: v2 + + ## External labels to add to any time series or alerts when communicating with external systems + ## + externalLabels: {} + + ## Name of the external label used to denote replica name + ## + replicaExternalLabelName: "" + + ## If true, the Operator won't add the external label used to denote replica name + ## + replicaExternalLabelNameClear: false + + ## Name of the external label used to denote Prometheus instance name + ## + prometheusExternalLabelName: "" + + ## If true, the Operator won't add the external label used to denote Prometheus instance name + ## + prometheusExternalLabelNameClear: false + + ## External URL at which Prometheus will be reachable. + ## + externalUrl: "" + + ## Ignore NamespaceSelector settings from the PodMonitor and ServiceMonitor configs + ## If true, PodMonitors and ServiceMonitors can only discover Pods and Services within the namespace they are deployed into + ## + ignoreNamespaceSelectors: false + + ## Define which Nodes the Pods are scheduled on. + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Secrets is a list of Secrets in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. + ## The Secrets are mounted into /etc/prometheus/secrets/. Secrets changes after initial creation of a Prometheus object are not + ## reflected in the running Pods. To change the secrets mounted into the Prometheus Pods, the object must be deleted and recreated + ## with the new list of secrets. + ## + secrets: [] + + ## ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. + ## The ConfigMaps are mounted into /etc/prometheus/configmaps/. + ## + configMaps: [] + + ## QuerySpec defines the query command line flags when starting Prometheus. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#queryspec + ## + query: {} + + ## Namespaces to be selected for PrometheusRules discovery. + ## If nil, select own namespace. Namespaces to be selected for ServiceMonitor discovery. + ## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage + ## + ruleNamespaceSelector: {} + + ## If true, a nil or {} value for prometheus.prometheusSpec.ruleSelector will cause the + ## prometheus resource to be created with selectors based on values in the helm deployment, + ## which will also match the PrometheusRule resources created + ## + ruleSelectorNilUsesHelmValues: false + + ## PrometheusRules to be selected for target discovery. + ## If {}, select all PrometheusRules + ## + ruleSelector: {} + ## Example which select all PrometheusRules resources + ## with label "prometheus" with values any of "example-rules" or "example-rules-2" + # ruleSelector: + # matchExpressions: + # - key: prometheus + # operator: In + # values: + # - example-rules + # - example-rules-2 + # + ## Example which select all PrometheusRules resources with label "role" set to "example-rules" + # ruleSelector: + # matchLabels: + # role: example-rules + + ## If true, a nil or {} value for prometheus.prometheusSpec.serviceMonitorSelector will cause the + ## prometheus resource to be created with selectors based on values in the helm deployment, + ## which will also match the servicemonitors created + ## + serviceMonitorSelectorNilUsesHelmValues: false + + ## ServiceMonitors to be selected for target discovery. + ## If {}, select all ServiceMonitors + ## + serviceMonitorSelector: {} + ## Example which selects ServiceMonitors with label "prometheus" set to "somelabel" + # serviceMonitorSelector: + # matchLabels: + # prometheus: somelabel + + ## Namespaces to be selected for ServiceMonitor discovery. + ## + serviceMonitorNamespaceSelector: {} + ## Example which selects ServiceMonitors in namespaces with label "prometheus" set to "somelabel" + # serviceMonitorNamespaceSelector: + # matchLabels: + # prometheus: somelabel + + ## If true, a nil or {} value for prometheus.prometheusSpec.podMonitorSelector will cause the + ## prometheus resource to be created with selectors based on values in the helm deployment, + ## which will also match the podmonitors created + ## + podMonitorSelectorNilUsesHelmValues: false + + ## PodMonitors to be selected for target discovery. + ## If {}, select all PodMonitors + ## + podMonitorSelector: {} + ## Example which selects PodMonitors with label "prometheus" set to "somelabel" + # podMonitorSelector: + # matchLabels: + # prometheus: somelabel + + ## Namespaces to be selected for PodMonitor discovery. + ## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage + ## + podMonitorNamespaceSelector: {} + + ## If true, a nil or {} value for prometheus.prometheusSpec.probeSelector will cause the + ## prometheus resource to be created with selectors based on values in the helm deployment, + ## which will also match the probes created + ## + probeSelectorNilUsesHelmValues: true + + ## Probes to be selected for target discovery. + ## If {}, select all Probes + ## + probeSelector: {} + ## Example which selects Probes with label "prometheus" set to "somelabel" + # probeSelector: + # matchLabels: + # prometheus: somelabel + + ## Namespaces to be selected for Probe discovery. + ## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage + ## + probeNamespaceSelector: {} + + ## How long to retain metrics + ## + retention: 10d + + ## Maximum size of metrics + ## + retentionSize: "" + + ## Enable compression of the write-ahead log using Snappy. + ## + walCompression: false + + ## If true, the Operator won't process any Prometheus configuration changes + ## + paused: false + + ## Number of replicas of each shard to deploy for a Prometheus deployment. + ## Number of replicas multiplied by shards is the total number of Pods created. + ## + replicas: 1 + + ## EXPERIMENTAL: Number of shards to distribute targets onto. + ## Number of replicas multiplied by shards is the total number of Pods created. + ## Note that scaling down shards will not reshard data onto remaining instances, it must be manually moved. + ## Increasing shards will not reshard data either but it will continue to be available from the same instances. + ## To query globally use Thanos sidecar and Thanos querier or remote write data to a central location. + ## Sharding is done on the content of the `__address__` target meta-label. + ## + shards: 1 + + ## Log level for Prometheus be configured in + ## + logLevel: info + + ## Log format for Prometheus be configured in + ## + logFormat: logfmt + + ## Prefix used to register routes, overriding externalUrl route. + ## Useful for proxies that rewrite URLs. + ## + routePrefix: / + + ## Standard object’s metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata + ## Metadata Labels and Annotations gets propagated to the prometheus pods. + ## + podMetadata: {} + # labels: + # app: prometheus + # k8s-app: prometheus + + ## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node. + ## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided. + ## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node. + ## The value "" will disable pod anti-affinity so that no anti-affinity rules will be configured. + podAntiAffinity: "" + + ## If anti-affinity is enabled sets the topologyKey to use for anti-affinity. + ## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone + ## + podAntiAffinityTopologyKey: kubernetes.io/hostname + + ## Assign custom affinity rules to the prometheus instance + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + affinity: {} + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/e2e-az-name + # operator: In + # values: + # - e2e-az1 + # - e2e-az2 + + ## The remote_read spec configuration for Prometheus. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#remotereadspec + remoteRead: [] + # - url: http://remote1/read + + ## The remote_write spec configuration for Prometheus. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#remotewritespec + remoteWrite: [] + # - url: http://remote1/push + + ## Enable/Disable Grafana dashboards provisioning for prometheus remote write feature + remoteWriteDashboards: false + + ## Resource limits & requests + ## + resources: + limits: + memory: 1500Mi + cpu: 1000m + requests: + memory: 750Mi + cpu: 750m + + ## Prometheus StorageSpec for persistent data + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/storage.md + ## + storageSpec: {} + ## Using PersistentVolumeClaim + ## + # volumeClaimTemplate: + # spec: + # storageClassName: gluster + # accessModes: ["ReadWriteOnce"] + # resources: + # requests: + # storage: 50Gi + # selector: {} + + ## Using tmpfs volume + ## + # emptyDir: + # medium: Memory + + # Additional volumes on the output StatefulSet definition. + volumes: + - name: nginx-home + emptyDir: {} + - name: prometheus-nginx + configMap: + name: prometheus-nginx-proxy-config + defaultMode: 438 + + # Additional VolumeMounts on the output StatefulSet definition. + volumeMounts: [] + + ## AdditionalScrapeConfigs allows specifying additional Prometheus scrape configurations. Scrape configurations + ## are appended to the configurations generated by the Prometheus Operator. Job configurations must have the form + ## as specified in the official Prometheus documentation: + ## https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. As scrape configs are + ## appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility + ## to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible + ## scrape configs are going to break Prometheus after the upgrade. + ## + ## The scrape configuration example below will find master nodes, provided they have the name .*mst.*, relabel the + ## port to 2379 and allow etcd scraping provided it is running on all Kubernetes master nodes + ## + additionalScrapeConfigs: [] + # - job_name: kube-etcd + # kubernetes_sd_configs: + # - role: node + # scheme: https + # tls_config: + # ca_file: /etc/prometheus/secrets/etcd-client-cert/etcd-ca + # cert_file: /etc/prometheus/secrets/etcd-client-cert/etcd-client + # key_file: /etc/prometheus/secrets/etcd-client-cert/etcd-client-key + # relabel_configs: + # - action: labelmap + # regex: __meta_kubernetes_node_label_(.+) + # - source_labels: [__address__] + # action: replace + # targetLabel: __address__ + # regex: ([^:;]+):(\d+) + # replacement: ${1}:2379 + # - source_labels: [__meta_kubernetes_node_name] + # action: keep + # regex: .*mst.* + # - source_labels: [__meta_kubernetes_node_name] + # action: replace + # targetLabel: node + # regex: (.*) + # replacement: ${1} + # metric_relabel_configs: + # - regex: (kubernetes_io_hostname|failure_domain_beta_kubernetes_io_region|beta_kubernetes_io_os|beta_kubernetes_io_arch|beta_kubernetes_io_instance_type|failure_domain_beta_kubernetes_io_zone) + # action: labeldrop + + ## If additional scrape configurations are already deployed in a single secret file you can use this section. + ## Expected values are the secret name and key + ## Cannot be used with additionalScrapeConfigs + additionalScrapeConfigsSecret: {} + # enabled: false + # name: + # key: + + ## additionalPrometheusSecretsAnnotations allows to add annotations to the kubernetes secret. This can be useful + ## when deploying via spinnaker to disable versioning on the secret, strategy.spinnaker.io/versioned: 'false' + additionalPrometheusSecretsAnnotations: {} + + ## AdditionalAlertManagerConfigs allows for manual configuration of alertmanager jobs in the form as specified + ## in the official Prometheus documentation https://prometheus.io/docs/prometheus/latest/configuration/configuration/#. + ## AlertManager configurations specified are appended to the configurations generated by the Prometheus Operator. + ## As AlertManager configs are appended, the user is responsible to make sure it is valid. Note that using this + ## feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release + ## notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade. + ## + additionalAlertManagerConfigs: [] + # - consul_sd_configs: + # - server: consul.dev.test:8500 + # scheme: http + # datacenter: dev + # tag_separator: ',' + # services: + # - metrics-prometheus-alertmanager + + ## AdditionalAlertRelabelConfigs allows specifying Prometheus alert relabel configurations. Alert relabel configurations specified are appended + ## to the configurations generated by the Prometheus Operator. Alert relabel configurations specified must have the form as specified in the + ## official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs. + ## As alert relabel configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the + ## possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel + ## configs are going to break Prometheus after the upgrade. + ## + additionalAlertRelabelConfigs: [] + # - separator: ; + # regex: prometheus_replica + # replacement: $1 + # action: labeldrop + + ## SecurityContext holds pod-level security attributes and common container settings. + ## This defaults to non root user with uid 1000 and gid 2000. + ## https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md + ## + securityContext: + runAsGroup: 2000 + runAsNonRoot: true + runAsUser: 1000 + fsGroup: 2000 + + ## Priority class assigned to the Pods + ## + priorityClassName: "" + + ## Thanos configuration allows configuring various aspects of a Prometheus server in a Thanos environment. + ## This section is experimental, it may change significantly without deprecation notice in any release. + ## This is experimental and may change significantly without backward compatibility in any release. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#thanosspec + ## + thanos: {} + + proxy: + image: + repository: rancher/mirrored-library-nginx + tag: 1.19.2-alpine + + ## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to a Prometheus pod. + ## if using proxy extraContainer update targetPort with proxy container port + containers: | + - name: prometheus-proxy + args: + - nginx + - -g + - daemon off; + - -c + - /nginx/nginx.conf + image: "{{ template "system_default_registry" . }}{{ .Values.prometheus.prometheusSpec.proxy.image.repository }}:{{ .Values.prometheus.prometheusSpec.proxy.image.tag }}" + ports: + - containerPort: 8081 + name: nginx-http + protocol: TCP + volumeMounts: + - mountPath: /nginx + name: prometheus-nginx + - mountPath: /var/cache/nginx + name: nginx-home + securityContext: + runAsUser: 101 + runAsGroup: 101 + + ## InitContainers allows injecting additional initContainers. This is meant to allow doing some changes + ## (permissions, dir tree) on mounted volumes before starting prometheus + initContainers: [] + + ## PortName to use for Prometheus. + ## + portName: "nginx-http" + + ## ArbitraryFSAccessThroughSMs configures whether configuration based on a service monitor can access arbitrary files + ## on the file system of the Prometheus container e.g. bearer token files. + arbitraryFSAccessThroughSMs: false + + ## OverrideHonorLabels if set to true overrides all user configured honor_labels. If HonorLabels is set in ServiceMonitor + ## or PodMonitor to true, this overrides honor_labels to false. + overrideHonorLabels: false + + ## OverrideHonorTimestamps allows to globally enforce honoring timestamps in all scrape configs. + overrideHonorTimestamps: false + + ## IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector settings from the podmonitor and servicemonitor + ## configs, and they will only discover endpoints within their current namespace. Defaults to false. + ignoreNamespaceSelectors: false + + ## EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. + ## The label value will always be the namespace of the object that is being created. + ## Disabled by default + enforcedNamespaceLabel: "" + + ## PrometheusRulesExcludedFromEnforce - list of prometheus rules to be excluded from enforcing of adding namespace labels. + ## Works only if enforcedNamespaceLabel set to true. Make sure both ruleNamespace and ruleName are set for each pair + prometheusRulesExcludedFromEnforce: [] + + ## QueryLogFile specifies the file to which PromQL queries are logged. Note that this location must be writable, + ## and can be persisted using an attached volume. Alternatively, the location can be set to a stdout location such + ## as /dev/stdout to log querie information to the default Prometheus log stream. This is only available in versions + ## of Prometheus >= 2.16.0. For more details, see the Prometheus docs (https://prometheus.io/docs/guides/query-log/) + queryLogFile: false + + ## EnforcedSampleLimit defines global limit on number of scraped samples that will be accepted. This overrides any SampleLimit + ## set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the SampleLimit to keep overall + ## number of samples/series under the desired limit. Note that if SampleLimit is lower that value will be taken instead. + enforcedSampleLimit: false + + ## AllowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus. This is still experimental + ## in Prometheus so it may change in any upcoming release. + allowOverlappingBlocks: false + + additionalRulesForClusterRole: [] + # - apiGroups: [ "" ] + # resources: + # - nodes/proxy + # verbs: [ "get", "list", "watch" ] + + additionalServiceMonitors: [] + ## Name of the ServiceMonitor to create + ## + # - name: "" + + ## Additional labels to set used for the ServiceMonitorSelector. Together with standard labels from + ## the chart + ## + # additionalLabels: {} + + ## Service label for use in assembling a job name of the form

      M_$do6l8i>Zj2cR+Q>#39HE_PL}f z14l7nip#KSNa)%9nS2~Pn~pR_n}%$7!Uc>5ai-hv=Wcp3y=!J+v2}%V>{ulj5Z>`z zIi3&n=qgc}`%BI@sS?n5DZw;h}hhpAzq$g77 z#tFlvInzO}w-Jei4wf5-FlaIgnnnM(?wXYc-v>3w- zICcd9$y`>1@ks*+9Y{3qN_asv#nQawr2qhN2HMVfv#%gG_2CY}hDp%|k|+JGNFHIE)? zkpzj>+HuE66pa ze}nc+%lj|L^Sbhhs3u_HxiwQKBIh%&8Q3UV&ASUFRPY+3I0v!)DRMy8{2odU| z?V-)L#E8dhsfT1YwFy~Cf654zNDJ8!`Psg|Qci}eAr{H5Ho<3i#}ocB$5;r^ab$oI_@nN{!`V1ZGV- zjAUwI^4Jgl*?2wmoUVu@|6 zKVJZg_0V!=FxQQIDug1{K0%nMQeqMR82D;6iE=jNCv8zpEsZ0e$rZ6)wuU65@Tix3#QNbxNTbqPI zSbs|iC&JF4ms=NdGGhUbx9r$A7>KPH$%3|*h;%P-PVMVR+Q5`K)94l_F`6>Cib}wo zDFIse&-b=|(a~+FIp7L7F&iH-MGGc0c$`#bXJbR;$-y>g0U`sR2JCQ?T^4EdSGw=j z3|W{26bTi!Gyeyx&7{0zN&#%>;nV)l=eRS)yHvh;MxLH42^{kX?x}@pWHUd0Ct2!P zOF;`C|E*+{zl|*|E#{3aKTwxf?`y7T&C5EqDkR=uMFzpLCt!pko6%uzAdGwuNMIcq zN=_i$PCfxVn!jf`zz9{BYvmH;ZdX9G=_!jnHd0WiITy%f(s3LAI<;J#NjkSk7EE}S z1z=$=WB`^5(seF|t$0O?s9>1I#-fJ(M5QLFRCE4q&dsB(Giv`SrZyrCDtU0&RHe2A z;c-b-W*XWB+qSa{7uZu``i2Fp?z_!IX=#iu)szcdVDq(|v5vRaUp1pxv0-stcH4T>b-3wNoWyQlAd#$V+7&`t62P3by^k{Xlbc zExDKw>bMh&k~6F`gG(1*5G+geMpTNe%?SZ6#TJXKHPGIpt-6KF&7gMm-ZIOLkFJg_ zM({*(Z|M`Qs?|KKa3znV^K=0k3K7gKv6z+X@jBbWE|KW<`X5DmVjJ>9@32ex6LB*n zy7v%?#g@KY_jZ zvd0H~DiZo66m&09J9>4AY8C1iqcgS*!dl1x0*fSY7Wcaqo-q7Z$p#TJWGrVx5mom~ z_=l?_Rcwkmso8M%X7sMch+SITe&>mpl=s?j+Fp_`@~anN zHRUK}xiCn|&ntFXljSA1r)9fRvu7}4rQG25HlV^kN7L5@1pr|6XH~DXRPfi6laaTC z$Gb&kY2B4l81M9!&?ipWO>x_*#T9I=<56_J0NJhu79<)R8p_-}l>T6)SKMK_4L7vw zAkR2CNs-#r7TFDx25DMDh#!B(Z6SyFL5GNxJzrgn1$@TlS$pE||7oD;px4%=c6Q*0 zCqoxMUJ%!)G99;JPIBAqVd|sU!SMR#w=VXb-BFX_L zT@1@n85Sm5j2G`NXB2TFrA)KoF1__&S_d;rZCkKUa5JDTk&KTVPm!L+E|E7ARjD<{&ytk@S3Y&TzniV zxkR3_vyXXaD_{t(abOtgn*^8}8`JHnP_le%UJ?o4D(}Qe&J7{hLEaV(7A;SMo*`Mh4emEfxd?{VvOWN$0DXoaO^sMQy)DOW0m5MO4Qu|WkXG$TV#%evZxcf*A4SiguM zxOo`E$m1#RXBri!(KMlOH-Ecjyo29$t2pNgz7`sUxKuh^v5@~hM{yR`au}}Z3c{%6 zsLu^xGz(*RJ5R`tCVdNt!#aSh+IC!LY|VAx3Hodzqt;5^?HVq6pV0K7WsI z>Y0O%kJE}QGWVRirlMQAgQ(kLoK2V&{tJM%c7O6Op!5b}4NJCwM1^VMvW1ED zs_9$ZaAwaGiPagUq9n+>K3q_u*}g^@eIU_T$7I93g>y@@le{#URm!&ro?EGbt3RM1 zJS$6l|A&u->E~|YV}Lj6h4Ov?&9G@doVrYV*}_MLS7tBhHL4-2f0v%hZk9RNzJl3`)997P9xjUWaKoM`Z)-zq&q3d9|)S7*(Cga zlI)g+t5lePu?}5zrp*YcyKnRyGV64UNBTRahSUyt@JW=}s+`0ibOJZu-6swdPX%CO z8?+~Mof%zJcK#3!ty0^eOhTf>_!#g5wMYBqLG3aB{ZQs<0S3DDp_1ID0 zctCbA*|Ixh+CQG7BVVgF<|*B{oV2%g)S0I!Ib;uQsM%5~i)9o}v5j0lxvLJdcOM#5 z!Uih=ze-;T%$dDy#!LNjE18j|+GBlvopD0=3YfHN$A)qDZ+pqs`a$V~KuCj0JnH7; zNK^5J5QH3`=}&ymYA|%U8#Yi;p2fmm5PxeI1w7@sccvQlQuG@MiMGfJco#<>HwU+_ zrBP^KtF$K?o=c6hzotIE8o9g;fANF@N$_YjNToD0)hs>6ObC~$HOuNu1|lu8eoc4~ zLE4{BpRCOx;?nGXStmFNz|6VV8kp!}IR~eI-cUG%cE3N@aqziM!j(vXIR4pG@RKB| zr&ZY70RA(=N_BuP&LQG*3FI(W3p;da>Z+ojRElp9`z%l4T5I{S_BUs#p1=kn{rJ_u@kC{j(BtN&w^?$uihT>Iq#F z|DsJ9*(}1rA`u0O{T$UD2<`} zCSv(&pg_p8mXAb$(6K{AIJ5=j_&0-s0EO4jf*gTEUF-1YRQF8SDL%WWm8&PFc+Hn& zT@COoWEm1C2FDmcdwcWi{`)he;-$C*I1pangCz#sF{iZVHDfXA$q#t^fSZX;>&x58 zabaW9O<(pSk2TYKyW#iD_1A!=^0G8@Ih~5F3>=S{F>OE7A%6q<3*Ke8399_XO|?C9 za4Yh{F!(m{s$81D<-YD&^+?kvU!a)aAk&+cxJO93f&M&nYi@V3GdSss=f5TVgfG!O zN`6x&Sm$EZp*#4~DMVy2fueL$_K4shKz-l!}@mgv<1@$GXQPigsD|@9V1HwyJ>Jwo%nj<$DwCX^<)1< zCJbgNy?)V77lin>+xxQ-y|Vs-mDAe0m{_^PEg#U!K3(nF(G}(L(&^c=M7&gx6c`Fg zB2lnlP)!#_Z>FSMC;&UJ9})nb{p4wM3ujhx_E(4Q$&WXjk(c7D`Kezu(En}2by__q z^rvYvp3A<4Q|j!#c(vnzW4~Go#l?l2o{JVmH|sX(&Y|-_r`S)LlC_URncu?P|3M)B zvsbo*FKr~MzhBf(}QMgXYe-)Ueo!vpn z`<02^;SZ)Lp+8NnU4Y0Prh5m{AF3)}Euq0I)+W&O?`CGCH$v?xwbnjZ>MA2h)}R%2 zTrC&YS=bIU2ivirVj-~wG_3ogt~1vs>VT!u5S3XNT*VVlLQWj9f5f(IhxRiE!tc&c*E`9qAu zOw^7S{n1KSUxu-VkA;(Yk`3dvSU7W4g^v{kwW2=xp)4nGtERaO{w0~c< zA21-?DZ^2`WuNoI)8+()#Ef zm%OD=7c%&HZdJayj}8iW@8(s{>V}>}sOH8-SlyO|L#{sj2p>M%@W3>>2%9`p#cye48d5akB^1v)ai=d z@aYPk41NKmv0LQdujP8tp6}nr*L$~va!)tH%v>2>l($}(+>Y}YryQcf(YY>nZLSra zq{W6GruOcGg?po9+j1dT&U2f`93@Bkz#)Z{RcIZl-dFv62R+G2p)n*K`vB`JvagtP z?G+CpsLxn^n?+x+QRNYs068=+ct6J%*vtkdAINui9Ej45%`YGfmGRyvK83-`dbJwuBf?nuBRtj>DR25$^~-{qvsdI zw7{5e3UdWFNZ`Q~X4gX`rI6%!e$3zPwfDl%rMKA8jO6ZI6mqC3^e2 zXhcB3nkZ6qk0*Uy3Cc6pnXW zlx*w)v{_nRC2e0swPv$n8#8gwrFtxtvsofs1iE%mx7X&j{+o9KMfIGHg^9*o;vy=j z`0zfdPHJHg>)X_F$9!64zH*y(#m@_(o+5c+^8nN`LuJ>15Z8vd>};?x$fPgv1ke1w z_a1ruY%jSmBePl>W}*EIU8)8D#WeZCPgPVptvLuCD65y~xg>s0r2B88ChF}1L>TW< zd<~N6An8o};|N^Z=ep91k=c9kF}NE&USvvB1~ldOoOA+c&bJZLMN6z7Rip9IF zn34!E0{mIc@m+#P%aRdRc0EkOVMNIxrC!I)r1VDFY(nB#EsU`Rc#}y?I3cY9!$5{s zslLpg?JJT~A?QgUYz=Awe)OaTc90c7XC?$Wc_Qksrvbcgwwir_n#|YMK=%*x{55;s zb>Uuw!XV)+YX8 zz0k8`SprLI#4sX+e&kR2EMCwNxlz<;6}}?o``1h6+aDf|s$LT+2yv}QT>*DXVvGXz zO7@}|ObkBzSP+m0_##?GbA}OfR{iXLR8WLSiCq*Q>wJT`j-dpd-k2rYl2C(|!`&}) z7i57CIb+7KkQNHJJL5%{+THf1ik|lWP<2nim3+~{z>`TPw(S#}6Wg|J+qP}nb~14$ zwr$&(_{;q7y$|2R>C=1f>V7y?UDappwbpNv{c)72u;@k@@ROpkGHZ%4m$O>>FVpWC zvEiNS#w5v)o`b6^Zj8Cg4T%>2856;$Gb_B#me5VIB2Ey>c%9?&9NNU{za${wkyT5C zM+l?4&&wNh?ssTt9wv>6*ZZALNi!(0+K0TZi{x8uEhLpca%duAR4T zn0wjtL1VnXcGLRrDyMyjgIxwp_&|5lEaIrfv1=I!LEgQ-U3Z^TZEa{4tWxE_MzFm} zFnjuYM6x{>L;THh{us=B8}#2-wuM_!2|c=RZ};GVR{a%O%h@vtGN0ISJUxEjcQLXO zIWYu%A|svmr{3WP%y_F^-Pu3=_5RYs;gpNMqw%62(+MxGdgC`=$zYwu-Y!mi*+uJ$ z*hQFBE6DwNLEx2v!)ge9Dk&WeP}1M~rPqep0J)CFMK5+U{x~1j2Hhidr|$GWi~)Rw zjT0dUDTCm(L!dQ7rm^ho`hCG~jzhnh`U>dH*%T*ozfeK367kX8-3<$j1u^yd#MTOf zhKGzWVW(*-+9OlP-V`JDqTK~wAKF!=p_?V1LfTk}x)TG$H3k=bdhO;y}~%Vs%oDM73U-615n9!{87p8rN}M5pcD( z<`)*D0<&+eao+Qt+e`X#;rZ&Mc=p|}_%K#%RWOR6gy_MR!rN+zn*bnb1r5n>fISZ@ zX{gz4I4ROfBYKK~K>MpT+6sz#gCoYoN_<&M3DB<`&`Iz6qof&8*_yiQ2XNyf?O06W zZ}U%xF)hj}T;u+nw(p`r)9DMs)r#zCQnza3{B{GU@!8ysRqR)yHstu}&QS?)lRsR8(AGU#P*-JKmDyML&>gMjac9*t8|XZuBO*g_9Wt*Y&T zu({SK;V0_qVa9bYz1aF(JHqdl2DNMFOs!%zq}+eCpM`Rt(smsCFIiikc=1zKRG>AR zLucVX;L>55R8Hsl2w3PeM164?7Ha@UB$13#maBzFKo(iG#P5ihN%M|Ypjh2ex1z!k zROg{ox|D|~qNJShZlo9tE+i;h!+j!##gX%`4QrrhE8GTD8na}Q8XQ85n3B2(T2Gmz zr)5`{>G-3iDvz2bBNcN=u4WjUCeV>KNu_Aj3n>FQ3xDR45b0VvA-8AM%-J%BXUuSA z?~u07+2A{uT8=T%82T7wK+NIpZL>l`2{R?AR$@~1dD?7~28#hILemn}kFRRoYGMry zEhI0{C{&uX=v$X9kJD|sj+o+~GKHWkf|;(Ncv-TRGg_O%gzC8~q-SgHl9DllCE$L| zYr9xEVa55INb#!IDNJidhUR^hWH2>ixm@;F;Gb)$rM_xjIl8rvkVPa@<$y5xAwS>^ zO(9M0#-&<}x|zQQ#i1&P*Z&q+)ROP!n7UPd(O)_1^zF5XZAu|p?C4(Rh;g;+txs`^ z4oOe?W&*76VdX+&>epzW7*~tAs(bd7tv{4pxR?ErFMC>_SEmzN$T<9I{t6!7nILxvr{7$hW}swhDFOC{WYJYTNu`MTo#yS-eiYx{AXtK<7+`}IU;+wJ*rdA_{e^YS!#?(6<> z*;>2p^+k8^m{)tjPFZgDLRSm_x%9N>1K7{h;3GfXM+pv+XqXEU_3M;dNEjBvFfY7s zO)$?HC#@~@eRa)*o_i$FQwy}47fO;6`zY7NVovlk^|j-mFrN+Mrbsb_gvm6#GZ{kh zz7GY@DYYFH{*H5aGop^tt!5o-Dc18=r4>*pD{Ui`cA)66#JLKk)H^ijy(o=~Hb$6I zQ0+oLDtmH&xV&!SOF3|(zi{g^l%G_%eLs;AGW&~;sJ<*4AUx2#CR!Ce)*riF&EhEP-)}uE*d#z)x=NTdn?3LTdU|5*CcH=R?QRqKlfhn^ z!^Z)A=hlX>vjd1{R(&!%IKq8*_v`1mpHARi71X$vm6VS{(O=RWm2CB`3H;%Nlj_tU zCrAVx9ah%G)mu92JQ`1qdi8&{oA_d_n}fnVYNhe(s?b7bf0){k-z07L$I)635QOyu zPM{6q?|qlz&gDL$zTY=!<~l1T%tKh8<~cqG7osa2z_BuR--J9pv9a8JWHGz1TJ0MC zRJJq;@{MeHFRQIq82IbsJU*?>0di}uuCi6Y$Ey=`+ty?FD^}gQV-<~gQSLIifA)T2WvIsu}0OufU7zQHsX`Ug{oFn%wt!FW~E9IDYtziS3POU z-;8D2=$TT~;nR?cj4BQ$AR@nLOw4{Q9dA{aJE<{Q2wrE)!*(Xt!L#80k|Ni>$_T=2 zXT%_@o@*w)u>efi;7f8IUo`s8bG|D#3V8&r*8EDW=m9Gg zEXHfbEM??b6ziaNa-KvTif~f-wao9KSc$sED4NEYGw{NPj&lWEyAJgP|k-UfD3T)G2Rci_*sR(P-i=rj>9 z{RRM&;zZ0$Vsu^lat}^tkHEmzas6N0OMa8R1e6`Oor#avOtMaC-)X)|)C|zf*(^W8%4N_y9M}RR7a<-ym4Owovso+@Df% zC6P2N?`ZbtVSCd8q~~aP!jlANb+7?mphSu$MJ5?t>DP2+;PmXypNJO=?kf+_3r>@W z%byB?*dSnTRFdEEwROx#s#iO) z`W-CF+eKytY``Ef zD2p9+XTY#Oi?k|(1q?dl;MWkBR5D;;|uO9-5d}{Xz_gU*83zc z-@ZphR*s@I%pq~AQ9I3Qn=O-z*`8*bD`Vv5uWAA?*nz%_W`j_a1V3Q78%dy#%?at%C-n;G<94b9+OnC-SM~gIfOE zr8CQnj;zn-FV$U5FRt5szD*<2Zp)#$*2Jzrx_*hc-r>(QWu0Ek*$GHS4h+Y9=Rc6q zv(4R}qNGEp(L4qwgFKf2c@mHR5F>w%8g4@^hy9I#BnPZ@QE?={>lSp0PTw^8`c!>n zT4K8Ardq|8`M%ZE+9V6y&fU{~F?DrU*LJBFxD}qJR^MNq0H50%c? ztgJ%=K|a&JmfY->A)>Z@pTcWFv%Ju*;9Q1);!&S%epXz7c16eKD%X;-89!pajJ-0} z;H8&|Y<{*GrbWxn{QLe;B$Gg#YW!1(DQBq{v9RV|(SbPWGna~nf9$&roMhiYwA{^w zKBN_W`3NjS0PXOUO2!s2gF`=9ak<3A+2aeSfOw4~kwk|B#PfhGft{uXCHhNHHB@u` z3^(7o;QpLVF}dd3;yoe!1Sav(eOeXlwH^c|CA)cW_Vt5~+#nhkA(hJ0LesFk8HY39 zZeyX7JmewNlQQnNs>DVh@@n$)phK4-@)->D$u!jzBmYO)bp#q#<5w(csUP_l`Wax1 zf}O1knX~7V$CmPEdmf7tjml@?o@GWoj^UGoW?BVuQQEa#lcFM(JhD9XTm?)h~}>U$sb zmt@g3PSzJ<_SZZ{NNmQ}{n7e$_uH~<&-Uoo%hO}p*FF2ta>|z?@1)NnB;OU|J0>6P zcbs_wI$oJd68dv_a~Qh}gs&tH&b;JD;uZt(+Q4WE69nF%`o}?M=irD-&w_;O#!Hek zTAeJr#zA$X%kh3S%80da-J`pw!hE*2OK&zd0|a5QTBWBQtFmWmmQ}?oe8;NN`ncm< zxt5)0k>aR@O6hhd;OqG7DpP;)*N;qyo26J`QdX+cq?e3ucS(A%;5y7jtlqad`OX@6&!=@`yG z&T3jT#Y?Mx1o6qarig^2+_THNdCDrpD^W@2xhn7M2Zzg*@&rL5ovu7g2_{rqi(H~; zXxd8^AhsVcX%fBatCohqEvYr&t(+%qKp1;yXkM3j0m6-Ed%e`%q6P==J+Ux2txZRjt`S&(~Svurqm#L=#+85x1;c zn6G*2rg%Jb45f8nW@~FtPG%*dJ)Zxl26?)@T&|6*=^C!5CM}urUo_x8VfnYT$#a(2 zBe1POg?gdcfP&5rnGe+$=9Kb+^WJ&;rtU1=ujVpc0$Dp&7&?|*{vDLrT5vYHohbh! z_R$MxD8osBYtqc-xCXp7rjFa2rLo=&vbfnD&l$Z@&h0b4aSGQ@3wBq$BuKhb2L9qU1-J7nn|#3BrB~!!Nc4cYt&iuj)EN}y5l;`$asDoS z#*O<1%2niBLM(flb2g&r@_exTNAYOqYK?#75-vtF8V1@7K#&NKtdyGf7dlW#PI4Wn zeW?+kRdCs23eGmyGRP*HPc6;)%^BS=mR4mr06mKdf)GJY1r#osq9edOsSW$-5g++_ zTuGLq)XiMDndS{TAQ2TdFs*k*^4W(Xg1X{b23~baN?E?=5Yt(^1$h*N%^Ed{rWQOt zqigJ=LLq(5f;fD~9<(R&=Xps>ZzE?UeP}nid&~cU)szFHW7cm!p(;peQfIx53wCQA zL5sJ^&jdmNQN8+s1P@b}I++XLHCAHxK4aAMvJt@`ORSz@%#!bHHyYjIrT!)qmAlu} z?Ypiv_mv)F$N`W7%&V3PHI_)6axYtESVO3`DEp0`K3s)CZpJt7!+o)vRDR-tk@7=4O&5V;5>^S-6Ap6BUApCcoeG1&UKD#RCf(@X4bJ5d(#RW`?F;ED zt;Jn69qxO|Km7MU=JeCuxKg$v3?>e z9&nM2jy!y#ofWZfO~s0mvW#5?+p2|53|{*s0-$x4X?4xGM7W0NEy4xEL%zZN>1-zF z<~fkd6%*#u?(&e7b`gag3o35q)y@{t$zAYvy@nV=ZyVd4@)wc$QwX z@3i#0j{FWi_*>CfnQ6<}`z}fvEN>lVrMerg5VZ}!*1U?=iVa!8-rYhR#^aqVb9+up z8FhJ(y`;-i@3QqK`4nJH1O`E1>04B(;$Sg%*RY8N<1oaKQ%agS@)KwXfYe)u+KCOp zgn57uzHb#}7VKmA+c01}!b)87vmQ5JWnj_~5tHEZ6l@K-6+cED8v=(k=Nft(Yl!HZ zZYr#rWfD>U6C=NbVI2M6K{vh%5fbH+0%U@Nw=mmsJ;o5)@KOUDglf(pKzgbN968>; zG=*80{?6p?=+Tnb?RS5#0G)8#h9^uNmr-&QXk3VUG2Zp|uGg^~BX$cI6LVNMzNI1tWa0VUkL3B1-mL4WfibS2Yz(C<` z$c$k)n(7qXvZi<^8_yKw6p}<)Z$K(th;S@bQEVH6UEEWIbUWv? zatXWUS{6vk_x0VglMbb^HhzWx`k;^%+}2Y(k29gT^>WdzjP1-W4L-euI=KHR%p+i; zokHMu@TJK|mmcx{$$BEr&TqReDw-c%xXSoD!H+N8rb^sqI^NoMAkfXuBVY3M4uap& z_h=J^RK7@g0l#NEaU{xkxlrM1{k2m&-jOK-V#+_F61JO<`<#}8q5>B*Ssk2UkfnkZ zQ^S=%xff44C-83R;j2}9I72dcN9d6uFqIB{faDq!5q zd`ioW5Jti@-r`XoU59ltxhFIPLKb%Mn;5uR-dZoo0`-QJZ}DLm3u?aXOWGAreGyjD zYJmPkAsV&u2V6v^3c?~A<=F?o(96Z;i$F0h$nk^Kvdv`cxx$?4Y;ZRNll^Kc<)_BC zcIAO^Vh;nwItiXxeI`J1a&iT|2tt5#=IaR(3;Ux1eHp_YJeiDqbzdjPRlwb(GLqx73KdI&nLA%M}xNWyeLM zK)R}XA*o}n=7J)*WmTQDo^Zb7PhN>LW*NSb_E^AY!5H}18J!L~=%dCm@;ON%9KwNQ z*&9T3PHLiX&~j^ag+e;_)<3tBefWq~dH_Z1&&f`^OOns34)Yj3boOgiZ%^h3gEp{F z|0z}!u5p`@`$MAOf;ig4u-F`2q4eQ=OJjWjw|yG`8x1nG{c)(YrLQz|^Hpi*=3bqK}G zi@96_YeN4(wECQedwzw7pBQ3a7~j$Nv_R9v&jTliuO*#=9Pz$c zog)ijPK=K0@4pIA`>@@P8(wK?w1+ym{&mDqQ*7P&woe7`9c3Mi-L+#H>%XyH_QfuU zZ-{j!LdUB&z)KHAj{=Gbd#@(#zE1pG*p_*KA%OnxMrsTJj#=FHG6wI7(~}i74nwrq z_wJWDw@Env{#%PW_teP&Q>Saj0&%YhD+L~rjIg2UL0~=U!|u_2m|6gEiK8V3JReuc zDpv%N$ad2&C`4;gUpV9!zI(SQ4H*t)$6Rw9mR+C`x5lSNG%TkiNDU1)jnBJSXaKziFb#^{xTrp4P!v^ ziuA|E-x!j-V?g#W4T=4oI*s|?;dT@QQaAVa6a&)Mzm?A9R$#*rV3to-ckG`Phnw?lmBt z&7je6_nmj}jytV(z~O7wQ%t78Xfd(qn8Tn5F9O+xkb7@2>L5VXY}CFN4(Whi9nERx zo3%RMAK~G^Zet3 z28f{yQovMx6d>8vl9g5-KDR$n^m4SnF|Js^6_ogkbZP5{e8rV!b#qLqfY^=cBi*O@ zo!q2aI@91m(6I&47^KV&jl6NK5n&=AQe=*PS`4J>>zmL*ejIo zN$TkH1Gf+TB8d63iQJv&4(CPiYhuqT6B3u;e5<@-Qs<#vCo3^1c`Vyf?Og7A(_y=N zsMaqpf$caFz6ryuzNhZGJyN2)V9LVaVHXgoIa{Y3Pl$G$O^u6^7fr%IqCve@cW{i< zmB?974N`zxXW5mJ0RKa)&=JuRLX%Q?q}9|E);-O^J|#jZ2S6mNmVc10*61*~y1!aT zj_=l;X0~ZypkbT~Y|8!y_DObE_>51-+YLB2xA+aJoG@8A(W37pl&g5x>nPip^;G8e znoBlqFH*pVy@Yq{1Wvgpk|?M~srB^QFVsQRmf#n;L~F%71RR+S8P9;_013ySIfO|A zu0{xult2q3CE~<}p>r3LHBuN+75A{v#$HlGCW><|4e|51G)6K771WQ zY6?RnF*|~bP?#?tY5o{0S3d}Ze6;K~5=EYgh=qh`5Gbq{;b6rOgyq%`7@F-B zQ<`VOCP7WbHLy>xPodH(R=Fe=8a;823b-Z5@EjTu73phZ5$XFyFVeTdD-!V3L2Op2 z*LfYNalpyPyoHG4YIIOH5sLKC2rID{qF$@cS;lzcGGXzXrs1@qa<2Hq!Ns66eN`jnNrPX*x8rJ&V^HM&5IJ3&1PEVPG zFnOrfG%v6(`ERS$kJh<+vM|Dv7f-^mD_bzqMSQ14wpDS?kyH5i+`^y3#1}5yt%312 zwbxmu3|W&Q$u@Od(LACPbL9&OW~3|0<|Ux{;{8Qd-SD$tn3+^j(A>_}-daeM#?1m% z6qQ<%=$*ukTXB6Pl|=@C2@oU`MOtJrBF>&JR&uIGn866j96p0GpBAdLAt8kvG0VuN zfG{86Kb~Po@CcA`3<9X^n)7#6Rd-BANDh%VXVdpVvm}VhHB%u$^^;`>qwd8ieF!c1 z7m03S2qD%)T6*`HaRec&&OpDB6*q74r$kixIO>$fMCG3piZ*}Lipg1nQeL5}hi6gA zv#L(zzAFzq{sGRQ&Ei*c*p zwu2xe6M=+j5ELAjwu6ii0MndM^`O6C+IH&#wI6+rxgU++qPrgrFJ8&*>mrc%$3Rjt zXO0cMNC<((lE2>d2R9i8V&GUl6AsgyfP)>DFRB`RZ+zS|4Q8*>me4_hB*a07h@O&XiD2ASdivk6Pmr0k3nDwq=?!)lvzn z;Vjf@V?mX=KK_H<_5HG)bgcfz*7y^*&YSLf^R^%#pk9FT<@L(z2GRFsuQ7-Qt`MIe z<@P7V6=u#!bOmN`Ne+9Afa2HRXt`;5vooy18D=Qy&3!h9OVRvtZUKMmX~a3!UvZRS zq_@CU!_eB$xlROH)?a+h5Tg%j-%qUMIvv5K8f(Yw@cm)?pOgJl^*;26vk<|q7~BKY zU(C}{Z-qqdwAFbTiz>#_?LX;pU+Van#pp(@byEV3%Ghr zg=#OL72M6Z`;e38zbN0ttKf@rm$9q9>Op3e;2BlBB7Y*34fY^!HaW`iIAk<*CdRzp zv^|qNkZRSQ7=S;v6y{*;zSgG%j%pi>MMznxWHdSZbbzc{I0k*qSRUF|=Cr@U)lZHpYi>Ex&=*4E!dq1cB4EF2$&9W19b+ za1wC%+M{;XX#oY4d8e05XieGzx6b2=aOkoT-c2KmT_t~sLyK}8`gu5tr1ASCF{>V+ zeIG;MS!Q;UeV+6SJ27MHj>3QIXWQ$h`zv9_)gpGZdx^eNbUy+Zq~0W@tGsMaVnkLv zOKBG@3@}S#1vNi#S zvnGWZ-GRt`3`yhDTY{%XUHxvMZS(TULHyw*g?b%9p5nu;)Lx0S0BH4WcF93kUPsU$ zL0KJjCn&UT4puz)GYO^Ch?tV#Zje@$HF>wa>92zRdE&pQT0T^SI%Rji&2@nS33>#X z)o&V#N3E@D#;+1N`UM{r^35!i3E}C-c!MZ&^~0OhDLmMjM1$1Jw?Rh@S_2ExoUGJH zsK`gG-y;snHUxiBZ>dp714S$+DP%k}$8@~f7QkUrvolF=O5#lABUohBIRLz~34z_F zBu7Ewcf+Z?*}kubNAG`>by-xs0V|69_esS?3DTP6jhSR*SoKStDC~8V4&2}$Ks}2f z%=zs(>rwonQC5?4imEBH7R9m0!o^kykObRR@FvN`@)Gv@S;>g)qp02uB=Ms`Xf4aA zfbz0$sBf4z2We_6ftO>amzI##dIGyq^2Y zkvr!B7B5?7IPmWvEbF3;WvUY~?UQ{^b~S$Y+0sSL-J@*N<{98Ri;@BUVNJj*h`{mEQ2Rb7ARS)HUB_~IkZw6umF;=?x~7%~*J>}Y;PjTYn{Z*KBP>J#4KSZz zs<_vM{ef`ZNsq0Mw9aL15hzObO-Sj4-Ga6YdvwuNGYOS z%~HXX*r3z7I6=P(6Fqk=RvXMT$S2dXR=?;^L!OtJxb}C3$VFtU`|ifcR)-%4E>LCo zo0aM#+M0(!cJZ)gFu=8sdAxt;daVlijt;(DA6dQc=w?nm&?0R>CH=)?6WfJL@-l5@ zj3MyJOKdT%&z@0!e67}OA})cU{->eA*q{)4q<-o5=`v07VM&94Lm&--kiHqD9@`ITvaJ9WDPHMsas z51`1G@@`1jeeIrGr%JP-yhz^Ge?lJwFa5a)we|ZR;#?lCGScWusGh3c;@NT`2Nj z9$IST^9ybe1{WGeixI+ds(Uxzy@n6JmA;J2(d>c(jIx<;0xE?u1lI^-siV^OlS2_I!CDj22l%y3t z2l_gG&Ajh;$~9cE+U`0yB_I3BeJcN^gomx;c~PlaK!gVkKJ-XBCE5#*b^S)8o(<+j z6;8nqC9j03%uOoSgFOlf$pBixFvm*Eejr`xclz77iS$@q#4QFCs#n9(Y*cQ92xao^ z+=r9LY1%?sk&0bG{^Cl^CuGZ+PbIoO{@6&_I0C(^WmJQ@3>yfUvRLd_vyE85rC@Ob zbZ9!&>kN1Uxq81s3K@*XsA|=!U{$_da;;^DbubU95g3*OzQ`>2QouXT7Fx8^5arn~ zZ9m?{jDX9OZO@JjvwDyX>gIAL0@90{g(10xqhe9|o|sjp?0renNp4wEEfi#mADdXM zhWS}@6kNvbb7QarH>dzAHMkNukwoLTQA~wRwQFp$J$u|>a#6T0KUeL93%55P&emz1 z8}tqj@G+H6D$-8FQ?gVUJw&~2y$$nzo@pQn{0P20`ZdmWs}Uhw+Rg*$t`|(r#tA!- z0A)?pZ;uaYX)eFm+rO`jW)`xfXf#~pQc5mrn?^Y0QYEmNcppAWYYFkz?7l-$$y}-1 zuwps_k54ge+&bB~m1ti)mUWW{FYJ;`IN7+!FSX>r5bpVd%d-gEUBYH1Bf0dz!-sf* z28zj>dDdBE|2$}VRFg(TQW!*MugGxudIbMhS}|8(`{zo0Q^^Vqb#ew95u!~l=c!vk9*-9>#z|^ zL=fmhei)vO03gw<`j9-S(M4p*GvC57;d;p)B)jaG<(5h0g7uCgXfNnEWI2$p^jjR8 zddT(YI%s{=D^{OfSo%9uaraRqz}Tdph@A_Mhfgs=L?;(Jr+c&E!moH4s&|a_lP(ZV zCZKN02H2`65^jLjDg?f)_wA;>L56HNicoUX6i0wA3r1N5NYc~c=$9*!p}P^KyD*-x zPk|nG=>eYO>Y1#ykg!7th1f;;h+DsMP-raBEpdTD8ajV+^l-Pw-dNi-%V!VR1Ro=M zT(D4c9>l80^ z@~7<6C)Dc;<@^a0cLKf_!QG1<_@85DYjmZ*1$8MzJpX)Ts}B^0F$LxqH6=(?jUef6 zMbxvJVhd(6hpbQ!C7{|pQZEqeWa3s0C@-4_C`9sKB^2O5NifeQu+s|TyC+?nsEKwF z;vR8SVYZPLX1T+Bt{duwHiwm6{5AhkcAReN71-n#SoEQH5e4oP8dbU*gd$%rksYic zMcXx+4K8#=C$_=TQ&vqURAx;N9IbcHaH6=p9<6)SZV(yv#({}(Q=bVWpTRLJJwd1< zGc+0b%e8(#`!~Pe5`^(6nUP>mcpnLW_t&!T$9#{BeMB=I71{DJ+i}mvhZAt${jQ={ z2J`F0{{$Vb7BmaS2vh`}wr9X}TyGLI>w4{U3cptSF&V4|n!U^(xQVugo|4Zl-4;F# zR?0I`T#4Kp)fXi3qm%8x4V0 zEr!J*#mGsDFwvsQ0$CUm&E9;Z?3yOO%J66yI;a6fbwtGgxh<4f_vnn7lamg;L?<~~ zdg-ho-O9-~a00j{<_6_+YcQT7~O&m4e5!^LD>*Z5ae*irDCb4NnT%H$m3mBC{iNcE4o6;y)Mw|JQVJj>T|%>F7b++9#M8KwPO5k&!k0w2+?*GKbBIOyUy|pv3d8 zsm9d2(OPR9+~W)b&B$P?qhEc0rg%{zTMwpbE>H+J3kypBA8K*uget>5nwN!RH4Pti z>xZHK6Q47JU0LvI>(AnQmFpL~YT|jL)u)dCaK%gP|5(M?p|dFltV&VCN3$xp9?t(g zyTZ`@4_kcG{SRAQ1Nnz7@_c#bePfGj&v&XORd8H-)!nTcL($;_-9NFhWux5HCN$-{ zASNgnHkoco@n?pbu!!vpovxxF!8~=~C;pyTVE>?-hVuWatv_HVoRV+(&3)ly-%_E5z1i}U7Kn9?=U8L=$3J?}JEb))Y{@VcT4VEv zU5B-UPNb$;N%qsP+Gd*0`uLVM@<0J*&ZyZK9{4AJbOx{>=Cv`=ZdB2ns=)qVf=n7#>d^46BE1`+H zPkAw`{^5(c-LMx$x)qS$_~IWgOi|K5KQ8nVjfEJ#0~M+w>6FB_@=f6mZSF`@Y(M1j%?46G+z6Y+vl@t%wBtIMG5V%K4;+<3zmf2moLiJkyc6ByP8QA~6p(vic= zR3bLkY7{YYVWH%IKu~u3jszRU{SBj){aP2+ffhcJwn0#~F&uXr)1X4rAq!xYdr~E8_*^jNvWweRZfA(UiOCY!< zF4zL0MJO;sZ9~hM|9|*m2}SrF*pb5iH@+xMzke0tN$3+&7-k1~aR|p3=<7EK=kT*_ z$OnFd(8kYnHYdjH72n|LYf_vQ@#tea-sqm)2zXFcO6g3@0LTT{nVj)?nF?u9B`}5! zOph#;Lr3URl@tIvRjw<3W&LAe#6UXQff5ps%I4bB$@{f?_K~DDTU4vmrU)Pz4hai; zll*NGltB3nQcERHrm_sEE?LfjFe~W-_?YtSd;KJmSImGWM+72Yiq)(;K58CvU&T>` z*FZkR(Y>r;TuMNr=ZBRGi-tfaVNYQu7P?R!Ig8rxYzfMeOse-q!1;zor`La4(>GU_9&l~%P`ORF z2g&rqaBO2&Z=?ix+*^i!Bi*Vtax|HZ^gLacPprvQWX znzBw z2UR&#KiNH_w{EerAVxxd6O8dUJoWE&Yl(nD3SJGXXlrLRL0lxGMkLD=A`n}R{|H78 zBHMn(1N1tWn0PkBgGmhcZ++1%=YK3khPx6+&Hp19?eVaPZ6}I+SU$_Y=efV9vumT` z*>po?t)n{Y4Wl~$?-~=!@9F<;wa;7nJJU4^`cR-MLW1G0+(uRRSt{3hhVDcw=Gehe zZ@s1>NG_hKD)^VUokgMtccKTW>DzCPI#(ZF9_CwyR{0>_2)kz2cW$XZh9aTjr%HDQS0xyzYe#ajY86?+@P8sq4_( zj?iu(%Z((3jd?XeRq{s!`*_?un6w$+(~RBptm9wGT~}iElE$be>~nx&Eozn=pi2EDumXhvoN6S zXZ(jS=D?k;9_vDd-nirb%2)?#4S#E3ddS&dtV*wecr}5eK$WGd|q~6 zNu7j0z7a-^8O-UnT$gWzadX*EuJ}}4BjU%hx(fS%B`bp(VhGH6V8tKKdKT9=#mI!C zF(}Ub*NwJG<77+zN4Z#R=}=HWRw;#~rXp_x{7HYn7Bgbu!PEZc;}`aqvVk4R7`Gh> zJS!oVG}y%f8S*C6mGLx_zr<%sg^qeJf5vG|xne$;nv zJ}7W=u^7Zy$w|mfRRttjMK~Z%O%klV$+D}u2Qs4#+ys!mvBw$$!#Y>-X)|gDRj>b3 zS+dU3!>^{yOOJwwLzu^k#N7NFNIBg+*G^-qs7L_*dW3Fg5>b;eO{cq~rX)`&!N0e< z7l(MPfh&*Tn#w)T*{K18oj{99It6Wk{L#KgnXbz^>9i zm_~J^K{k_U!h^;+q7#K&=lhq7%k90e>ft-gfs=~MHv|<^%W|2Xd^3z+R|NOmSr5@8 zELfsBkIp%FK}4{On^o8--wb0s1I0k^&oV23diZAcc*HL0XLUw>6h%~9aGOs>T`~}B zQt22`$X7|DmdXsRP~}iWQ2@(rgi->2E#0W)ox=1r>R+{^q_+VVzzlRFjp{Uwof_B< z86rUEk7B~xe+*;QH^ay}wBq)UVH9zK=XmSh7k%Jydg6m2eg$%hArK9E! zl%by;XY5=fliTR#e+**{<0NCgc=6F0v+Up)h>K@{hMobl`tNUs(Fk*($mh_CPR4m^ zCBuE*rlryH@m|BOfeZ*pOvIF0@W@{c>C`H^Ki_Pz3S~7;uSk{%_z*0>zNaJhdUWsdLSLoT)YgQpdC=qY)KG+G8 z?h#8;`&(hW)7baQmhF-(AYc z+{QKSc7=gU;J*psOy5_e18l`@k^$ydklbnrLf?_pNX-%g0W-Yx%ubc!^aF+%XyYKt zU#AD9ou0=jik-CrWeuQ*baZsm4hqzf5?dJ8qJ7a03AO}I55YQPG{HXm%Rku}j|6JF zC)BZwCC7jL8)0;pR>YS4hcNaQxLDLWSqQ$yw}_y0c6Yogh*3fLT_Cx@CpdTbC6_c&5`BPhcQA3a}ZWwNsNM=`8~k*MzrZX^C*LW#L^W4F5A2v+ucfJ4(tl;|)gK zaFf>8zh;7J?tL}3w#Cred($A=4~KdIw#pO7HFgUUL|Pn| zP*ovyTkt8g9nKI2+&@y~@u#=GcLoKX;p0fJSUX@O(0`c#J6k~DtwIjlsl8x7JXIl{ zWWV=Q-z5zhN|*id*CXmdM88I{x>e4PW%48;QNw%8d;cWKKZVA*rU7ePgl;P?)pi>c zUj07v?+0Eabp?HhlGOdC9!6Ntk6Gner2VpP2P=xWx4yA0F5|Jfh95yX6QImvQi z#dyu(2<<;f?^bB}W0bOH^rr0S6vSRKXgimbv-zK!=U=zn>DJ7mpn}Cn5hjnU#?-ne zOh7+oUC|pRq&;evwppb^Q< z6LUutxD4P-z(rVSZv{}4m$sWj<6N;K^>Zoz;A-qfWwU{!c!RX%F16#}X=k~3^bZJP z0$QiMDvzIU~r-Xl-yBaj6I%cX+r0U-A6a`%WJYhNu)3>J zV{$$E|794rg3-VNE-#F{y@sSLTc^VaFmT>a9u1HMB;^mwXQwR%M?$M1x5IFPa3=Wg zf~xn-z8OZSdz06r$74X^vnK5AL(Im45z_TgA5+7B3}YX;we$y!P33m4X=w*0Vhnb{nYj1pTfhJLFb?cB7V)YLxEiA()^5FVtqpbCy(tNyg8 zxI0;BMe}i1o|h+xp3e;dfon}W-viED2he5;OFYD+@nnL8(c-_dQ=YjOdW3>S1~}SWvE^;RG+H=1cz;^M*P1cP z4QGGhtjp_>9i2YTwW+cFyi4g-r4BCRmtazyY(iDmHdSJ)<63l-R3AbC$^1(ZKQ2+c z$3WKl7$wUzX}>-DFEHQFaMywqm=|H+57;2 z&Zv8KYSDZzm=xmFt&bzQ;2N+vcmk$YtZP&^kP#Y1=dzVZo{36MBkM7!I1vATjNMa| zWKp{&>Pp+TZQHhO+qP}nW~H;zw(ZPH+jeLDXYbv8`sSRQ6*G7fF(TH8=l$NPlZr0O z(YFZ6OzSovyy&Xq%cN?x%Z_2B$A2d8_ban&Mek&@2lj06;rTD{zjj)dN4p#!@u=;% z=);=wBG6^oKd#@;GHSN$fjBVqwSSw#9T?3u*1H>RMf>X>UbnB~^FMxKaax>w_3&c!bHu(2K}U z|oK4JMWF>>>#di|891t)Y+@rp<+Rvdr%o`bfr@)CbnsZuodKk%seg%PQ&tRewTe(3g&m zlIDGW{qIhaxbC^RiIHXBZDDzya5Uk^+Dm7p--NLDn`v2MHM(3cG-k4Q1zHyuwbY7XY=ed8ArEV;rPa5fdWzqUO`XP z1xr}Og~E}p7;QN^+dFVHeJC|r2nrRaaAbi~lYED_7lsDsvPtrB`JanuG9p*Or{e7sRhlg%aM;mw{+JH8%Gf_Wf>kG1#nt$ zYNjY}DHAJG3Oj?MPi~oWL|C#s?bKGLnw5ijVq@`?4zNw&R<~Wm3vs^Poqt25-z<#i z|Jhw~p5oPl&dPWew#_EIbJ?-F+50IY-|}5?tax;}rCN)JX=1@cS9v^MlB)Z;xBAXl z;yz@FIp@Cv50O8C2bT|U36UkfIliykWc#Pok2wG~5;f4k#spdBt?IQp-YVTO)Fx>r zaP7Pm9ogA&BiINYhYEg{i4aF>N1rOZWfLf_L420nV&%CACza{C@0mg5$je3`Krd6|?v&dL7d#6QkQ#Ts@K0dScoG&!PqAcd0gNir}J3*gTjAlzQL76Qy!c!Mm=UPm@3A^K|$mXd~cY z7zdSZDy6j^Y#5Q<)0)BBAC5jAE>3=*S8rzvece0ym%*$BxPmZUQRd_(3XC)nl7?8D zE=727$BE5GLQT|G(OO&h2`8Qe!$=3Hr;q*ElBqBNPaU3lLH|42u#Nz`tv&AE{YK% zn;M)5)*?Xk90Gz?SxjGSItg??4DB*4vjfOO^_R^vvj8HY;L-4@()d0_y>tC1zfJ{d z-V;;J1A5ukj0v~xW@KikkdCRw^7*%q+Xfr6%v!b1fMqTU8YFf%{P)xS?5^7Bo2@Vg z9{YL0^LH`9FZ2QRpB*giYD^@SQ3A>^2?qWwcw$G-lug;4TsiyxqKueMrZ?B9GtP`c z-ZUzEksH{UNfK6WWAyXC$UIdPck#gjK*ggI_Vn>ue@lZdzK0_Un&QEZ{^Dc#!efS} zU5o7Z>s|mmhG@5hqs@Z;gFWxdykol(?N#r4zjrd|YFozPehPnSYLyL`x=c+VirG|j z`ho=LedGo<4*+FGW^q8n?iKXD#Jo1Vd`Y^s+_dT&!6%zk z$jJgHt!7O!F7uL_IigW-Or<(+tr$kHegod}g$4+_BWV`cF{_ZqKzm`mfXvH5X;SXS zp{d~xwm_N+pujk}i=#PMAQK52DLZmw})b`Gy(J6ne;b zAc=gV5m5?~|GrF7C?LdzIN|5g4FnvX`%0;n0qjT`$~pwvB9-sNERGL@0xqFjV5MQ- zm8$eQZ!u~nIgyLU{a5%w+J&RKp>O%q)jK?LOEQ_hncAb9KErnuFZw6>;KGoDo8GKG zJNTqTAp!_On`KHXuh&P7ZCZOGgeTrwKPiW4*cjFbgX}i8(!A9oh=;@oB!`B0vbihh z3u_l8%4vk+l1-{x!(Bzezbyq^z6da zO$0i_LX?>?#Ml5Z+-nd`kxC)LkWgss^o1OgWs6P|mTTz*YqHIfA9#pfBliC<|B%B0 zj3dR@<_s7`k6}!H#U4iHhL(z-0H35J z0-*s%BIo8PEg;+=P=7O`XsqG45*N)!?>P1^U`R?xMB)}n88hxC{irbqWUgsOESv_& z)h8WSIL@fpE2U(fMsjq3?YJU42BXz@m#jTw7u+slP#QEPOam%JgO)GwF#PKpODqhVmkq&yB5|J^X5iHLWsy9A%CI}momDw7?8nAbhD zpD)CR%W95V3B6#Q(J{?Pi$yde3(MBKD7$4efDMadw6!`qKyx{%p6yZ}1biWzPfyHe z5&oynYvi0c2-}``48x;k2||Rb282{iGjXUkJfXp zB@`@%LZ6zW<(gWnb?_WvoL3Um<6Mb5|C~(@PDq2!-lWI69gON+kJi<|J%M|Is_nb_f*zKgFOIy06t~I(rb5t|oMqI>-WatcF9kN+iLX~jlX(W zNDT^!j9n#@7t;KP%jcMPqFL!#L4^`kp{1e(E*h6mLag5Iht=WBP9tp6-Ayw|GP?~* zwT3EmnY2(^meuKHXCIdRM=~Vo2M5;$V@QT`0C&6Z|5Pv0xOfWzEo<7W#|*UY4+gNH|25m&{U_1IWq zvg>ZQ9Z7m(Q&5yJeF*vahsV!rHv>C=;4tD})6v#t1n)xHFyMe#y~AH`Yh&$~ZW+-_ zNk4QhJ$yE%&Vy0qmG_?uG9#Clt^Z!l+;e1VlNvRDKmO+yo-Wzpv+buI&}j~gDjzyO z)8R9IAgjl&c}81l;wO~VRd>V5fy=jn(ngPl-iB} z!KRlMt*IU4?Xq>ugT}TX;c0!pbGe1yfXK!{0W{>~oLhI=ojcW&OhIZ7XQ{s9E zo5wWUQmG2em@~;aP8|25)s|-O_Oce-tTFk_gC&3AK;|~kNJV0By>l6NN!i5C%=z4s zfB5fEHPAU7e#6&KGyuuBlFWRFdy2_42Wv*^-dI)*QU6`;h&IM?WektVLYd_KsieAY zf>`w+KJkAP*apiZ5VXKrM2sf@! z7j0nugLeBfobn*gng51%78Y|3-JVtm`G(AnHtkVoSIXtGFq)ySeT&xmwyJ^f?%6zYvq&B9?{y}@%9lB=N=^1?UfOCEI|2TVPfUpOM zQN=T3a?hatFl}EKk8g0v|2X^KNSs4R`?@&!mPQR>L^)E_ z?cd5;k9RsfxXA3x8G%u*@`Df5;Srv{GPjuoB~tEt)WTJSb60q}>vWR>WQATR0dfIC zfJE_C3=065iJ)kXHYk^1?c9s}FijPZJ!UdfqN`uJ7*;XBGfQo~s%B|*{4+e`g$|`p zx74h#3Da!9LYBo3C^VGyE9oS=3rJ>KuE@+;2ko|@yoBs-Ic-C~-`?5S4nCh-<&h+I zs`W*}b^_=>S@LcfR+rU1QFQy9rb&=3P20ZG=f-J}7aP-@UUuLwSY#Fyo$l8m>XZ2L z+o*56x<|8{nHJy8Q~n`)N^Xl5ezmSRKKNdWAi}%=FMPEXYJ}PvG&v^S@7|^9$UvAkMLJv@Xg|OwJfJHfnsN+fqcb)?M2PS zWs{dt7JQ1POXz2bTwuj81bC_mzL7v)YCCAIn?d2Um;xjT;_gtibyn~cl=?QFTWY~; z*os=2CK2#WXI50aO05d+)zjX%Rw=0=qXGLhDij{#1l&L_HHOUVoS~I<#X$QCg8(a* z!;E5QZ&qRi1@b{k?r2sW^eY5)kkY{vvImpMwsZnpF6)0^c}O&g?93pvD;>oun?v?6 z0)33Sm6J(eyEKdJJoWy$@0HuzQt2SZr*t%n;?DFxk9E!c@72e-vf6#DLxFaSy5et~(_gSn6e^B=}EPJoTVPpitJ*eZ~?I$HvN1K=Xarvk(%V6Uxv_ z5xQE|o}B@BYyn7=2v7f036=r@aB)W0@dk^|tn|a_sO+8~c~5d^5JSX_-j zAeD7uKkeEkn~LO=*O@N*Og@1^rqAQZ?}DXx@luz@aq3qtRll8>~i*wO`sF z$&F!o4{pR7rp|{|A~Mi~)Jiy`sh;e{;n=*x_yQk9$W-)CsqbHzot^+4sgjD%S4@@O zw}91jXvb=NTOTt&f5_?eba>-&7JhM-K+v27nr+T>aH-lqv*;^Zc&4Tn_IjkMz}{xc zK&u8547}x^-N;f;ZGA0P7PmF@%Yx@&jcKd4p(?{Y{+V-@mhbn-Y-nP6AbR(wwO-jE zHB8p_@pF3h8}ds@=RrKgWlsdlg71+Hb>&WYt<&Xv)5De;9~4K4X_p- zKRSTSAXMIXy!(3V3Wf21RqM&7l5Mn>Y9e-(V+y4`P=vOmDh^oe|D&8{MQuUK1I8T+ zXQ}!v3zd}MT)B~yd?<*~rtAj+XepHdpDZ&6vzwuUB&*CMrC*;4<7jd0sp5yk>>!ty zV(fU_!eCvOp!(=0C8`t-LshOBq_ePa8amFEYPi6$Js_HxS_Ibica~tfo#)q5KZBEzuKDecsJ>Cz{5Y(oe}$%HE-Wle3O~y*K6^2be^e+GaOoK z*PKMEci2Q>8dJNQylBY4{fy%8`9F=lw>TFd9+yc5DCfu6!+xdfjBBJ~3IT^2o!@7p zSaAkH5zV%ZVE}dc(l{D;pP)NgD^oN{_2N&C%^5*BUug2i_OG{h9Q)AM@zw?T`;!_? zM+`$uR=W`>ynL}#3)S346Z4t#9P$OL}1p_9X>HmJP6l#~yB7(%-sqIFdj|9|t zg6IGnYyZsoXY4+V*VDeb^d>D#)~hgEi6SR|inRkZkh15mj=Egg=IftN`(izytz)Lo zx*gV$wpm1UB9MiK&+|9?-oi+obG`?*KVys&prSME_eX64G^jH#&q8fg1Oq(mp+{6-C%&bl>jj{| zZeFs@dY${rP<(RDB+v7eJjng*A#s>IzvEGw{6$gXCwZEu__mv&_%;$}^PhEDvhVTF zRW7}s17DnR7e&bquae~Ve?RwszX}1G<~W!ljZp(^G{8=Tinj7Z$+G;=Uz3`i)q3HT zHoNAc3H2lrrLy>Ce*?~aPL_b=_+@oQ2#a4F9`~QEPGqMBv&kIkkO+|+p>y7OWDK%n zp>;k9`Jvqsq{PF>{3}AW6)aOurX{eo{HnV2sYnWS*q`z()IbH2bH+R?J2PEf>ld?c z=b4X;?E-tL)C^>7>plc*&(~Kn^Gc)0q z7kq+n5F&$EQZ$=WI-aZ7JEbS#O%W?=974bxQ6CeU1k;T{cIuFDF7|l8=IJF2sqTd9 zmn#d-Rg)?W-=*jR>B9?|5ln18NJ(k*s`OR#yzSY}bo9w$-Q;3o3gcnJHQM)8K(CUf`kWFd($Lw8XKg_;xOaI%+ z&fVEzeHQ`=&Lnx0^SOd@E!$hF(OMv>L+kcOvz}kG8nBUpH20^=k0#D3d#utlM+YS* z9DZgD2P2uP0%9-4ccWL*ez7!LXLhdFgl$9>uLz)A^fEV^8S%Jc zXw^mj_`haE@31u;CUBf4c3KKV078aS zLIzuT5*Pb{_OsyrHD^j&mS+K};9-%QtG}Yj42-wg`7&BcTh3Cl-Mkzx*?YuN3bQJ| zI4#X;JLnRV3;g?t!7XmM{={@5(MZF!G$cLVVldT^e(mBFA(u0j5wM5EMiE2BgtKF;7@zG{=Zc&7nQQUQ#Cb_f1;wFHshT|@A6*aNE zU~Cpb_U1J)4j1PCKs)SzK|5NJzW(0)db4jU`-$~F!LZCm8PvO5l1ImJdTZq<57A8h z;Xi0c1Ec$$@su^vpCz`I`Ia>j7znEqYz`04x!yWS57TX6Q zE7H8bQU%yKJuMbzpi~hFYo_#f05_>R@#Aau9xv7XOzRfuKhn;Ex7zUu;wERzhKfDu z*(SeRS=Kdth@@fkKhhqgDIWus;W~8{pXY*&;_6NVwmjO%DRdsFlC={V?5g<9RnjEG z)et~T9YoSRcjiPQGnjrF7oKe_hzymv>9QgcN!tRAyjemu?zDD5q~l8H7y3I?y1HAW zHNg$j(4H- zRCVkbi7gU+cB4=eq0Q+Ff~-d}f8_Ym_4AKU#a-Gf;1>ZcPKiJ2B5 zWyXEg3TjfYE3;j=M6*L*aZ-vd@cRe{i?Ie+!^ALv-tSd08Dc=;$$@yObJ_{NR$5YX zwQD1y6*pHxfTiaV7Q5K*EH^0`C1W*EzqjNR&=IymBE=vMf~p-YiPx55LY+@F8OFQj zUw?S=#E1>2DJP+inWAHtQ@iCliKns8;qa#$A3daF(QPEGn-wAd@d z4P*y3LF3_53Q5+Jd+H2Ijt;ZnRH%RB`scw`H#gP+8>d$1*C=wsA|^IQtxw8-8X8 zp@g`Cq;*eLlG)*gCWLEn=KT&DV7`aXJsgk*h}CbQO+w=iXI-7fo#1j zG{$JQZ_P|$6|3>vGw?dYxld2lTv*y^#3fB{{SvyYFE7IswY_U&Aapj6N*Fa*0j{1a zAxTuPdWB9nILt(YXFA1b1`uXjB;}ipE^|5lQ$%~Obf-)Hna38VT?t=$ZPj<+Rgixv zK-?!Ff;d=bnzZ#>MJ(*+?a-lx$wr=@VS=C?GpRi^WxB_N7tWlvK{uzp!*H*)xz3e6 z7ularR7|Gvgz+9-I1WU(_n=?hm@(HLaDpzT)HC=0)lN}q-6hGK&hTC7m+2G}}$>}UGpEgT- zZCqFfSl|SE%I&Lq$M|@%-fjc->Uh+R4vU~yNSqkE-sVQFK9F}Jd(R=NdWd9~8Bt5Pb#mYYHiCn5%^9Q7Xrf70pUtmn9fbElMl3d(~GMN6RJmYYZ;Y-P)ny;Im+52zBZU?=Yltekv}sH^M7 z0)^@r=wdB;Sm*Y(tOcIxEaMjHgqU)rMDBt2VLEOy%>_}V?wpub^NtT>&Yf~(`^0XP zXcy(;Q^8gGd(E}XrZC))K-IG*j$dbHaz8gCZqSQyS7W=J-|V&k@0F5pb zP>cF~?S=Ag&&nh`>d{>OqE$L-0iaEIF-^KPeS)3>U_uNO^@8Xzzyhyzr%S#qUX2(? zP*=>&unwm2@UO!=frAvyjC;}xw#v*}9M*=o#|Rz8o68+p>WR<1bvpPld zqr{NeEkjKwb4os+=9ls2`-OMLL25PncEnNenyM^9$m&^0GJ&4*;?_Wp5dxnJwhr)& z70<*40_u>76M7IUNDAiA$5>El|TDcxR-1+z>{D)Tv;Cp#m& zZ4F56Ji{R*x34nq6ZH!zABr$EyR0H&t(I6z6=VF(QT8XwqF>UTDK~~Qv!JAS`{0KS zqAIj{u;jkJ^~-Eyc_|ja0bNb03SY9{6oPye*e!@+3x^>|KG+d@dNAHmYES>C`*cWs zhxeV_yARfA4+=>y{iUDm7%Bi1N>oa9JCX}E$TzSiVty(Hwrq%I6lRTzZsql()w^6$ z%?f-6a}+TCCYCq15IJrG?y$Gpazrtcraa|zYn7s2YP2p~-Ed>woI17^ObsC`jo@srwm zXI_+3Vx3}}5uiMXJ+xPRp-~mt2}Dnkk>!!zs@rBke}z>XgFPFF89W~pB9XnzkwHkU z<|O29M{J-;Y*52jwg_oM*eddziFzI3J~mwl|SYCN3m#pb%}IFMbCOh38q;i1;>MF z;p9-*B!8`FC%R5Q8H-JFB}HQ;y|fXe1u%Vp)#e<}*WRZoPhLTkhili){?YD-YX>kt)GG=^_o4 zc~bz$m*b(Ge&qVHB`rZ>{W#oz4w`1AS<0Gs9bnK-BOw)lVzKD?=Ri~&VHd{dBb3z5 z@U#M}Bg?~FcU31lvBFVGG1Y~oZHvJpqN^ZoCB794YVNky*T79&*2X8+M4G#4_*QAN zOZcGJ_}4a2sD8Ny3bPcjg^i>2Z}o~+kB^V_YZ$qOw4O-0K1q55Y+jTu7BOmsmS<=j zUp^A=E0B^h^{`=?G}*v+8hVV}IBuXvC|Ax>RKIiR`0MmUVw5Gqdr7c2N5kjp&ApAV z9Gu)ZEwqhpT{NZN&kMh$_*Fdu{rx&I;UZu7H2=1XNoNqQl*yNNn?;JEyYn8K2U8?l zK$<|haECC;Od3I&U~ZX5YUdHI@I`UyBR+@b>0ylI4t7awLb-59cp=@V4|dJPl#V`9 zICi-)DjmEb12cj2J(ssrL6Pz0iiE-RN54fkhO=3IT)rB_HISqTV(RZ}q{JVMv62RX zlOUY$4>Dn*pV_-_GNqZP8NM0fp!EhW`$w8P=<7P%+T-9Rt=g53Q|R&i@}j*WVraG{6V?$%}H+H)z4iSZ{iNP9dz0wQm0^1I*N(6UQ-L;~^4b4*>P zRg^^~Q5AL*HALIk^krfy^THstG40@hgv%xO%Zj{t-&aF@=jKlXrtrk|ZlRA{rs0k8Y@qQpwcMHFf+n8$HVi?xV}4Wh)HJvmveR9Q1hJf*rhez)+xMq{a|%)=5+rORUj z=kY?&ZbucJG3zUNlR;H~H>U|Xq$c}HD?=Zp+&qC@86tAg6P?=O0aD0{JX6W3A#sdS z$wh*`OI&kQeo~HBJbe4pLU%qbPbkg8wKT| zbm#L#so=ahm4p_<>TGuH>ZG@$s-L4O*4eaZY8KfeqmS^o?nX|%kQNdcS87XYhrrTs zyB%%B>dAR8@hI!Cw0LSu$m*LJQMiT=JT%27?1ciJN^L_;Ru2qo85nH_MZ-vQEacd_ zX9H7S4Cu?KSt}8@N_Z3XVv&fep|6Bx=&>V7TPX&xl~OKS?|!P8+i>~N7+tq^UOqk$ zEed>A=)ptYcV1fK_lMti+%eXx-0RE~-^#c2_v_8fWmFy)4&TlV^?u?{w;~JF$hWP# zE(PhBrg8}}#g^n1t!)yYhHsg6wNbD%fULqes*V(+g2A9RgD>C zA|$BEghS($BN334WAIndrVYjTHI<0kg{pCNvB%HWN9|T3BM1}%$ej?w8^ekaKA3*p zrCD(ud%ywq`hKA>_1D4tz2bU}(Xf&#T~s?SKo_0AlqZ0B41ae^$aknE;~&4_oe*LI z??V<;T{z5|D9#7!97U!)Z=Ia5qBmF^fD%chDo5@xEy#7g0}bqbQiBH7xHW~p#l6;j zb_iv~@_a0o7oD7H(klyUNV?ksB4(?-ZSIuktoE6IZJg~!R}97wvn=quBYhc_ihUf5 z^PA07!fhSJV-GAn2_8i9xT2rarfjts(=;e23Klm;Zw2KB_aId&kD>j&Jw=LVp+ap- z3M0&zm+WAUrrC;ksp~UWBizF1PmeO9=%Er>%HrM1JZyA&0A7e5t*rCifgbRa$77^~ z2M5(ymM;Dt4_Pf1EOv4vVvXL6s-CCT*D}8|&T#ja_-fXygBFs5-eePpfNS4ip$i>^ zMUT5g#1?x)sl)x1-6Y;a`b|alTb>&pF5cpP>(Gkc;K8-Mm(I@%=zvgf5~j39^ER3K zPXhzvjMLLE3C=`fdxsO4ExLo6bB&2tW$GP_m!*a#I8Tqk8^C9K+GQ}VM88Fo|DM>C$=utVVQMnON? z8Mm32Dd`E2GHaKy39Mqvz|{xL$7WVVF4BMC|N1w`Sn(M!O%dnb!knG#`XqH$8q<&X zFZ%^9zaVW|mrm9bRKYUNa6!ce&t&ZI%1)7s&xTIfLWdyfn|{LY+me%W;=cIHv5fXm@ z(mn5+;RvtlV3d&i{oJWOel3^j!Nq7b7CfF_Gx<(=cCYnB@quV1{Kq*5d0{u^1vv% zP5IE|m&e@3dFb!u%2Y`v&BIUIEcF#S*%sPBkue-9r&N~sFPCJ~o=y0tiP&-qBP7f6 z%Vqq65P98x+M!W^4}B%uSoXkpC8-6ozh%1{@4wQPfo7C$@khXQ`1Yt&O~oy_mKlKQ zf(v?)08xq4ScbxDQ$Yk)ZTYit5mQ5_I0PIxCAT1Ol9oj0qZE67vrpMVrV8tX>~wW- z*!6&V1Y4;Vs#g1vF|#b^^znT3qFNDLjXGuZ)$dvA&>TgqvX5c^2WqYJGH@OEq6qVU zYN8Z)l0qqKSV4m%&lG?hc9DyXcO^QQ?OMv9uz@;bhl@46@GVrUDb}rcra{diaZ8#< z`)Hb1GxfcUy7f5%iC9MX;|%Mhl;+~8nK;8~;f*o2w*Cs?LR^63C(uys@$a~o)pu~0 zBY2r#%sbYtI56|V(pV`8GDGwg>+8-QZ#ni5AO*QixXQrgaL)iJ4d}P>A`R9CVmuKu z&-i99P#Ihg@EF9wS;yygxn%ECdxu5=*n}TQ%&bfB2>K0^0Dg9iN!Lh&g_(;7ea8rM}PG93^tH}i#MwD+b9m7F@^B`)J zW5`vCK1SZ>7;=~W&+^JnDcbD)6=lS|MI?h9qLilSA(8=9-A&#*BRD|<{l5+fKYysv zGeQvcI2sslQH-ypa(_8)gM2m{n8Q~GH-H0Ha*&sIownNyws{R=e|yNq+{ZUY^ zH%Zx|4_Qgrw-2&)k43M%)ZdAUzMG=iK-QE!Gn*u;?}k2{uJiMF(#jVe_ge53yju<} z>0BQS@c0HVTx!vG=h=TV028hiNhvWFNa8BQ2hU5x_w|TG*yOB#&0OJTszAgNb;6an49p90pRk1h>Dd%N--VfAzdQ{0jAMszBW{DK4hIHV4%FsU)(_j3~I^I z8%Lfi*|(t@F+t}ihv~*A(H2YznN>Vyn78XF-+ORW+vG>Cq&T9;pppsW}qenRAR9PD6+)DHqYG-k?bn2*@5u zUoD`-Ygu&Lx7@T`PY1uTa}JtHm{_HZ4BCG0Y;G=#Qw)s9baz3g>J$~QMO8pd-;)S^ zMUwB?2EfUUxcCri(D-k#KVBan1Rk~ddsR^?^2^V8UVv=XT?9(PDL)|5kr-!AJvd(U zq%XJOw&t@%9#POJHA26gwc>EU4mac7$t?l3(HIp)%i`CK9`aHo*?W*#K^~$@{uG?u zC}Q%?rem13ATp}`sROTB#Ps)jO0tKXf+{g=%Us(ic}4mnnRDw4AQ49-J>*Jwo3Og1 zzdkAvZFPnS?@ElZ-92qi(KJtg$lQ(#+j)$K4r2@|nCwKs<)z*3-rg^Vj3FD~=(FW1AJ6A%U`S)h3~I(t zcm0Z3(Kw5=^CVk4IDDKL-te+2wdJgBYqCcCjq*D!*(^ou4~cBF#n>dJ0=;#eS2>Pb z1mIW0yw*W7H+_xXu@3>;l~GyCoY*Qx(^NX^fL0w#*Kr~AQZC`>s3qdrIUZ8APcxRG z)aHC3oatq|oK|Uf`{1T!;{rotXT=MGLQROjDG0xtdLk>&Ux_xpG&%C#l5H7@mz z@BG7og|W~cW>zx z4EXTgL5ir{g8O#=9v7=C6suFy8;aXL!|lV3)BXIp*MJ26Ibt(GVd{YYB<}q|wCSVE z@Gv#p%k*-oPCsIlM6Mpb*$ov6_C|dqe$|jL477}iG?M%epQeH+5mDqOnc($>G%@cy z`6`{o2;q=0j>rQCEA5z%VJjeS-}uhc8j&kSrQRN~X&9NS%FY3=*ASbnH(b^ph;J3cV?1!$#j|W$sJGDD8e>b*6gdsBIjY z!y#|L3DtANLHkSerhx-0|NEf1*~`m$7h4Ts;KQbYsCdUM6QrcEO7cn}T~GXE(LZ*V6#DOaSeJVC=q`RU`7;#^9Ml;HRt*r$aC&bn{MI2n+J`EL(hwY@u6$V*+Q3oXAkle#F;<`&aRIK*>w0 znY3+*A=Xxs>dGIQ^USbp7>`613Q<3S)_ibQ@Cjr_%bL9Xzk;jmI|^B6VQ(l@_Lw&1 z4EG`MJ`YYR*H9Pmf?czX(w2fR(LpdeVT~v7<2#qXqf&H4PZ@fGOT6*Hy=b@=GcN{sr#un(kjuW-fASZY}1fWJ*@7!6uhH z1jL@)4I2q3h#(I0z#0n#6*o)+4pQ_KQb*G(>E!c1+Rq4xCIiK%Vi@NgCWHD^I~LBjI^jMg%VuHQ`gPBM%1Dx#D1#>%iG1+db$Let-|?vtIc=sNU*k3CW@ zlB~=c_uRwq0GrZ+;5nqJ^>6_;4nx;5GRPz7%-Q=&b^}Oj1ldP<+8N-m61mN*T6nXs zS3p3G3G>vkXkr-t0a|!22A_Z@x;k(8B3Wj@S!}aK3}67e4OtJwej`p>_qV0EW-gft z{_e3c%I4-pi(Wm{YSk6dE8Vru=L9Uk?U=;>mkAWsmNHJebkO$~sO#~mYA8h@nS6z>T?d7U!IqCbX1w{LoWTq!#{_MI-a&`Y zoyf1ChC5$sv82Fbh#^Ur&SSVxs*b_^AbPGynWDschu&jIkbOyT+BJ_QX=gU+f3Y14 z+~wlaapk*7{;5K5P$5b|H%$?xT0@x-dpf$?>FK(<`qDBr zwMfga-_H845NW0!a~-9b7?s|yBU7?d-Yn%vh%=HYr0PqlL#KPtB9|%`e&y@yTz~I< zXyw)`Ird40e9v2bskJP9gW2?$>(v-p9~ZZp(^$mbkBwQELa+`*OevF^^>A?zpxMzu z(5N|f%Rw3;rm6gM6;~!Ltid4;32BXL$p+3)!~zjenp=i;S;MNA;i{&e>ehJpUQS!* zdLm+n>2ug{BKJz0`okg-t=L#2YmA8)3Z)oU(g?4g{a>E!pYX@Ia(|mYKhfrf2KQ{BJbEud3q9mC@!eBeY(KFUoRBY%2)}Gg+y+X5>o;vM4 zo79({96`)xN5-OCo5G><)hE## zUb6Iy5kaJ;t;vN-7e;Y9OMC-6)H>yA>b#WFgkHTUvJN)(q#oa{zl?ca2H!;Yx#uXH zqO~{T9)5Oy`Jq{8+ zi1hlK!=Kq451BX>Hz3hTbfoZ=FLe&&D8FxB#ZG06wG3OTRA~PFRp23ckeMiKjmkZe zT-vsUpK7(mCM#9(izSFeT9VVh$|(t| zCZ8cOoze+U($0UV9k+vqPDWHRPHJy+y2>a~Zs~`bWMwf0UL{6Gnc1{Q6FV zcq0m|f020sfIN2*d7}v((hTf#;m^|6LDoA0({Qk>7zE7+zLC0eaNmuOXc)Rc8F7%` z-5_$TU^}|l1AM;-c%NbI41B!^L|gw!A-Ztm>tYznhgj!RLBDItCjI~$fx$;`b3B<~ z2$@^}tehak9kG*}M*$dD5leg^*Svw>V3*Mr4KOEVfStJAw$(a`j9Yg^5}EDRa+Ny$ zXCDHAHUG9B<9y5lQ+Q~{oj>VeH6>zQ-zI8U7Z!aef+Q+QVO-l2zvoe(L|AsvDg@?N zLGbE_f#03Wur&ube zs`*Zjl+~g?-`6LUeAQ%@nC2H~R%X@*fP9XFSz zfEE-oMfmh-UNe05C&(d~b#m~*MMKaE zW@~#vPtNQR_pA_2M}DRpW&ctTz?{B&&bmY;##HTMZlf;kBLe=IZ8dfP`d6r}TApOT zu?+RuYqqBU_Qxc9@T=7B*>I{W{V8VUZ(4W#f;){zOQxheQtcN2Ts>TC=3Qg2dQ>=l zY}J3?H+GK@L@NiZf|W+*pF;w*TaT?Pefy3$vMWF+%}$b5#aL~PA_Ae*MAtFFBbdi1 zAmUL1YG$T60aW|x3z(^BT9)x_HsndIQ^fT;jVN~>>!@#^7D;^TIV0 zhwhnFtk|$THs>TJ(}U|32C<>ZlKw>_1@K@nlx(SqkN;K`>xb$^f`8(e`1LnpF3y~f zvs)1)`&%`EFsA9XGT{9#Z7M3eTMn-G;yl=x#odU&LL*Z`w5w3|9+j1DU)CJg=w6Eq z8a(xAVF6d0B!NF&R`T>-uXc6oF=qJWnlT7Iacv6TLi!>4_q8l0Ab+0aA4YKO_dSqI zfvt6uOC+!SJr>dG4@C1`z*rtPXiD-T z*q9)sD52LO{jAHK+7RT4Efy4%REPUbyXU{+P2zZS-D!O6FEBAER8z7qw^Bz<2YT|A zUW0_sj|aTz8eb3J@9Qb3UC7Dl(z%I&LK_oaaMYm~4W-pW%eC|~25U-{IqD6>=QQKw z!nz+F0r!cr^q?i6nkQg+_&6#R4%y{b)7%egw`Ig%(56@D141 zb>SZrYaR6(NzKBDG|1TH%f_n~YNFOOirQpbof~1BD|4eGn0NdgV`a)5uf*^}*%|iZ zW)6;@yW$63tC0VKkj~?KT4nfQ4-g$H91_>10264*n!YFNU9-z67+o-eQ0s<*;?aCi z)w4ij_NCw)N@USy?Tk#m&bPV{qv~)lC`Qi^RY~^b_zz)9@3fB!uR_%3is#Mq<6kH&2h8t z+xZEZEA$Y`&|=7?fb{A{={*Rr>w6Cmp5=Z|UVmLUnxbN$xxTz8WCIh5am_vZQJ7RK zLRL-ieMW$L@MjZtpn#`4m`9u30_QiOb%Je=sEciGE5= z%Qi|~4bndu67S8D4HMlcDK&`=Nn5#NN!^^m`D+O~wVBy#*IZ!d`)+z~Ml zqIvYXWBxG%)y7Y(q|9*L8kKp*B3^IwzOQ@xbm#xT|F$JeMPm#{$_e7b{mOPDXDrX% zL5}+PvEF0LjWr*`;*6)QH+0TKezH4@BMRV+3d%yr^>%{awfXhwyLU$kJR_k0*nK7A zHMMsoeiwi{_}>6>U#}c?jjmB(D;LO>zn#Qt61>!Ar=>B|-hA54;?PxL6$4PD)pkrR z)sGJLhtS}0R>Q5N5`{eNz294eGE2U0B!6L2Ob6w_pN}H)jtTT^B@w`kSvykIz1cLT zP_tU0IV4Ln*MYJv>FDVd@1ib-kO_})8v$hnKcl&2e?4|SphQ}_db zPo>HPj%L_n7@#_wE~6a6f*W%R4XH_8+J!>IWcI2oV>ja zJRNPXEZaqxysQJ^H+EY=`Lr4w@yJDi+Ki57@a;`K)%2)QgY|_$$#ba4S=$*@e4wy2b+A3iyl*tQrBN_c5NF!6c;SKG zofIls4WzXXC4Dh2DpUZqzM>kSH3-{w}Bmn4-DkgcfBwu~? zDFZF=R1j009Mir*lrSFC`uAx!9CZh^n@UxdEz-gZoBvy;R>Nip;vr@_JpGqN0sV>~ zjuMKDEV}TUhA*-Z9kI6a z#Y^04-jF29!_4OkB=6|(6BREKyAX0OM8TBW#Z}3 zS1^ljWurMJqE7SBrzWElcy@aW<@+Rvoq zAwL}L6}e)8&@XQ3Mv_Lq`_1mqYr-Bqq+rM)dktYbOnN`XAQfy%Z|8>d0cz$XMC~xt zC;c`~Qf4rYqJJNsG30X;efI)nsKiTqCjo@`DVVb@Eyl~r{wW;Oq}u#-p#|J?x?HoU zc>8}oy%OYfOkEQ;iLY0#iC`M=^|i&r3!2nQpcdS$>thzxLHMA7S&6Z=Unbt zXHBmrn?kLvRul)gj9I3#LBHwH%tSjIbP()iIQCd; zHqGYFUY44RSdEufF}25smx@i5ut*qVZR~uQ-Xcw%A;8pL4!2Dka+^8l6t?LO^35W9 zc>7Ziu7Fr(ZXw(F{c)>;+8EqSbZ3#@l0?yER@-AiHJ&MoEcXTBcW4TX3zOl7RC>LI zA+;N!kTw<1kh^Tmi(}t_j$C?d4Cd+lT<_?+48A(XQI{%GEA?YC?`aZ5hS#asjwV*S z5EcoV+j;?-nrg?Sili`?|ZAmgpMNaH^Ax)E-Azf$XyN zX}&7EC>tQaFeob+qvU!}OQ`?MutX%`XO#{&g0pSpCqAPeB9N*8puu~|cz+R*Tan{t zjKg54Gtk=XnamnTV7vjLy-_396epP69Q*R=~FI4(ru|sQGxh*cA*+srT;V zXjOA1>jDPg1-!Pns#MZQzeT<~oV*EgIrnUlTR9=2s<9H%O^eiwwc-&EHbR0+Q9BpO z(`>Sqm#d0p_PRjwT*5za0)jw0Awbed^iGdQSu);EzBC&}$N+mVniH)Br325b7S*q4 z9}qPb--%YyMTLfuc7=_oD*nb(cjz=UCKiDvi8ot+#YKWR&~ou*bhe2ch-3jYuDg2D zX#o$#RMcuZ)GsP73S$wn3x0Z4h7zOTu;@}qx7GKB@=Al$)iIIAQB-1zI46B;;At3g zA>hVOlrzo3no*)2AeOaTn6p=S@ zo?WQK5h$MMdU%ivDE;Ri$<&ptqFL#s1fJp-8%>`k$ftYOWL7N;aPw;}C|K#WmqzZl z;_d^lR?9d6a&O=!!O*Fd&MBA%voq5KpfK-uIj;zvw5wZKkt50v+JF_Z@$XEpTnp*v z>seYn1?@leZ2gtU%0nY%YP7`*Q_E>_FwI=+xi2hTAz9~Ct(1w!vO{~LgD4w z4g_sLT%SK+YAx#@(7sosY;DE* zTFt%~j%l)I2>ODgZ!T2XY;1ejxpux|U9rv%v?bLvy7hv2v9!~ase)0u7r}$m5)a}Y z;hX*s`vr51)r@e&I!XAK?EOf!rWibEM6$fzm_vEXEkUcRIFv83(%pqH*ouoo-RztT zM8KUvlT#XUpB;BsCS@nlQ*(S)dTce4`{+d*R)ElxbbXZ@dspUA&(usrW?mnkrNdIp z#r^4W6{%Sdv!@Y8t#U@5rXAZ|XP+b%fLY~ZL!ggn+W(CKJIPnK)Rl>SZSEj>@7=O_yYeIFQ6IO)PS zsB!?=iZ2na)g^izk}b07jgsecfXzKV8`qT{5OBC4dI7SwEkNp8fc}zXDKR#43cjpe zC_5&g{n;4l2)cuaoy<@F=&Zq*Oc49bdb-S+R&C!3j1Pa`Us)#8$!)+X?8fpg1jxV;5n}uvuO`L<-je2-dJx?D zsv^L^tf+~$bbrU*D#s;stx+c(Gk9^5wo2qKIjMo6!aomUZwe9c-j`1Wk~H3Xm7wS1 z58JM9hf2T=+}w7BOk{wNm_iuR(EZcXod~LJi%w?m9f06)kVPicXN+ro}dgh=HTi}0OT9=B7m|^&nIykbCYY&`9m07KgC5-gbrg$rXF%n zn#4Jb()M;;uS0Nn1qwh;3)vhi$z>A3>g&{d7R*x&x*jcn;>|Lp^&q~mCBfz`8tyr-^vfdZVJ@L>-Ik;fXQk^ZJV7zSkP=L$> z+6}4Fz4HtdV77r6@<18a%OLGDK8P`b7yu}nmE;ESRGg|H$NTrGrKiluhYhxx9@1vt zYsg|p2P({l{XEs#MWsNuQB&=b5bOEQyCEQQ$f+@tX%(ENL!{0G=|j?Ou@?*K4615b zg-OQJ3#;YtVg1x7Z3Ai%B`X&__p%tVu&NaQoFLMBV4HZGE%iv-eGXxm`#-DLvd3hq z%;T1um{_lxzSS*Jr(oG*$mWJ)8tmsf;|7E3&S5Q1N|h043! za7d%X_J(u4%&>0A|32k%o!;@n&I`uEfhxcVOf4VqVSgkYQ4n&8q8ZoGb-LbG{iP$X z?G;ukCZF*F(i0LOfs7AdV&^`=CHzDssxWgZF7r(L#ET`h1s-G}$lzE?pdU1eRp{g$ z3yP)myHf04~0^-X4pfVg&GQq>Mf*pkH(P$Ro zR~Qu)1qRgV%M-Dfyb>9^aUTwupe|#XQIoyXCwHEd#zeiC6v)*p%Ytb0x7kDP{P|8f zly+@CzSlnzfEz%v;?A7v&AI=y)ufeaKsyvO?XDhj^xj7j!CeMoK9|gJ4_=-_J)Ked zxK8)ciwt&KYx3}~^p(Jz+1qBkG_SUj8EL9LzU;*uCxownNw0S37<2P+m29n_l)m|c z)StGqwx!9KK_G`W;`OZY5ct}LX~5mJg^KxJ!MgSj8k{*aLCNVv~-U^?MhycxQh{Co>zR8^r)RIZ3?+*!$I7Q6h{2 z{?!7dEE^og4wl*gWN+SMw0Sz~iO0bk}JWMH4%6@d8hq`qM&<|=ydRbv*C?BZMeUMzMv)W5XU zI`6Kb0Z2BsgEE9tnb)>V82RnoKrdPO<6fOW820W|6z7IrnSZ;%iR|-wA@&I0=M%*; z*a+qUT9eSCO&QfY*qtYj3L^T!?atBG38X%~PnJ=9wBnYlL7#xw$fkfc5Lue@sBI0E z<5%wDX%Ffxem_zJ&$IWU=k+w-kcLO4=v~xxK=hsoi-sDBLfy*(C^j~7w(W(LGO;N%y$JGl|1%g zvU8{GBs1|PaL7ySxDn5CU@R4w$rp$yt*N$t#6>lfG{l$$pN}{F%+#*n5a|`?F)ALi z^xfUGGk0V!ah}2HA@#0Io{VjF-J|M}qEEh1vB7?-H$BM!K5+}@dF**^d$}ha_Isstrb7%@mXVpNxpC!2vzL?23 zNUN{V3qAr?`J1Aym=8_z_*mG_o^$sq@9w%G(Bfj_fn)!6sHlTWsunJFb=R4~mzsjUeUPDUd+%QauRJ+%fcD_{uRJ}lp%gCp;XOT~ z!N_cSL-_)bM*a?rM(YDUTi24~0^2$V*w4PJIme1y1k%hdw){&URWo4L+XLgOZHysV zMb$NOr#}CihyC1ps6857EGVXghIRk1>&)eeJkb2`0NyDua*-=HOmYN42eAdyq4n5a zIrhsreycPg`+P*9>z#_&=!VBRuJBzoUvrEHCBBd|rYu8yMKtEzUis_rbS$>K2)m^! z%W|SGV_bm;c2Nhnyc&DSOqxcC@i;7|dK`O+EWCVcliR2jju+u6EAymxe0qurG7K{} zO%M*4=qc4J>^hNsh~RSwPt=J+p42c8dN3@82b5?t0KU+JTlOsMIGmP{p-DA6UC zA($kCtb0)SVGudfJm+VP-yv5(wgLdN{ER-mi?j5bV#>)gb_(u24zECA zFPEBEMuk>|!Ct!y!wj63I#3~DY`)fi7*xf_=5WNqud}7;KVFN(J^*27ELYsSo-Ht8 zW~69JRK$AwgiKnOrx}XpG>1aAE-l{=Xw!xLPA(1f3zN?0KnLmbWl_5B`4^bu7-y2kC9U@sj!cFbW@H3m#p7i)~65$@n> zOawAf2R0#R8xnPm4(uAEPs;cN8};(@PzT^GeA7L43awAgI)lFA)A?lJaK#sG^)tM9 zp7#0P)sX)AKE?F*M20kK40OhusMo_%HCDs-JJ8d8!%?oc6LxaC7`yG28!oq_JjN-9 zsBm=WJMJH)-@raqVyI|qgDA~4LBwF*_<~~Qs@g6d!l(Nh-oZW<8wRN0JN9I)HzCzhB{il%iAPj9%) zr&4+{9qcK@wzogs0z*L$<_d1m`rZ^?&r4#tfbwW_%HIprSLlm-S*jRRN`z7LA7PDd z0?Z5*4W@ACMcA>PH-`77Veq}WeJ9qdzO0IW-iatBn>I<3^Mw~4B<|%a!Ia8jwRZJj zyt_=L6BbF8==O)gl%U{W^58{wb`M_|=-r!S^}j08vTwdd6E2KxUq*axi@iZwP28B5 zrQ6E}XGZ^;&PF>0W;?4`&8HeA`fHDGFN!s_X=`_S6L6SL)+1+)&;CAudr!W+IujTk z?j=;UDicZG>OVZYByj5)j0OD%BQk!P|IY0xH6 z^ev-X2uNuprA8)6rHj(ZAl<%Y3-m6utxhmyY10P3Cdibj%R0uTli#QWiVkWeb4h_xBU7 zQb&b$e!vP!+U>OmpZn8ckEoXp7{*sf?e0jqaTrz%Mz?{!$`dz!r+R2WI$VQfEy@!} zkI>Y9r1^bi)%_DCvt^Nlr1uWMcZKcyiLK^|1u5`)n1sWKl0!QvkWNyGt#)bFR^FZ+a4VoFAPD%DJk6228ph7A2v z4lj^B0EpCa%5`JJB6r_pAwv@j9ie{XtInYbNaY$3+|@jplC_D4{$1$NZB#O&BT73UKs$<{eC98#h}tM?WEi^m$Jf(Nykig>>R*{6 zm@oXS`IkJly6DhPsAHhLyn|>pw>ucf18hG=MRSG`b2iAy-8jD>o&uXF4(7=^Vl_<# z8oeGtIN{wmUPAG;C?OzeEi;Rj zF_)`q>XoT|J~O6I%ZwuRz31@wm~cXMbq*&!EEoH*TsGFTdQg3e&OXrMhaU;fpOxCC&|^2_$@%>bj3IN=Mi!qeFamyOhCCd0GP zt|~zUWnrMtgzR1iK9HV+-CcwJYC$S@d8ve;3VJ>h+E_ zoVwE;O+dJ!rx~#lwNUXoF_Bs^b9s&rgFwlyXD}{iKqA*Awxk(+ztw6N(mrcP2e6Q6 zu*LzPMCWlyxLHXj%)M+BygS_5I{E&QZ>O;p%jQ}YGM0y;*fI2$0@6H6!Y}zHKB|v{ zhp+u57=rF0Glbm0)EazY_ff5|UB$0Q~j7SIz28@Ln zJ)iRD=xJYk=QfU-lb)84`|d^v6nvK}+>`&eS}fmPMZfmUS7zcbibEEzq+WFK&3V>1xYVPKM81l~cRRrN8NWi1=% zmiS*2am_AVxqyXsB%5?wrcA{g2UyXC@5X3x?_kw|dEfG5&aX$rCmDZcQqIo8T0{j4 zs)E1wuZ+lAgW^plo%&}8&`^`gUh3$6NtQ0!Et#IWku9a%IBd%n#X{;rIE{=aEgQ(7G5MLs3DwrTu&}{g>=RO@aaG zH&88s;zL4qB~vkRMUf#%xprLCI_{=tKEzC7rDWemuS4V(z#pW4tBnHWvhkQta8s$8 zT|RJ^DoJ@G_z_|?ojw0=n^D0}dbp&*MuP|`su@;3WQP0w(tLTGM2(iP_YrbcN?uAwH8rPM!m9AG@&6h&ur)9%T1-FTbC}5ExaAymZ1-diLU|4V3D+z10|+@`o}M zPUUsS^Yqdb;Y`Z0jAx}T?R~o8QOJqiOdq0$Y9Ujfsq?5~lW8Y2i~MLv`Jj3dAcA@l zT}*?IiqEQ#^ERJxyI6*Fyk+|hOFR)R&gO`fN33Z{l7#n&Ml;;_Hbe1-tNV2OX2}y( z&hm2Zc()5rN5Pk8=IpnWg=-!YexI$!1{R^W%(WiN4;-q4DZt7ec+ipI*@|#7O2i-0 zS0>-L7QIQOd2Wpc2UA2Ox9$uQ6OWXnv%f-)-NuT2KNROxYN{BC4>ViGbvtfv_ecNb zJQ2S?euJ%_@4Y3w?}Hs(@3;HNRJtCIr=g0}pXd9?ou1EgxF1nn-mAsCvZ8{co-XcJ zt&YTxVD6r(q4WgaNrj>^Vk((5NO88Q^_igfXpbLNMjC?JwTZWzA9F{Ccg%iRE7nbJ z1QH}g-}91g>u0Qz@?_NG)j~s#{`gg|Ts5fT(~6zVJMOOxZDqyqsV0F?->DStlZ>-( z)Bho?zH@UWcgHdK1(DWAB{!f z@da)gq$b<0%D#bKe-$UmPe*llK=H53K(`RfJ8V;K^q;;+jQEHwxH87j(^;=Kd!EqO zAL_Bd0jMWrM)*Vd+ZdWnZrfyY z(AgIRVjHiK$+~UvJb3+7>G5Hg{H2wHh}6~sOJeXSNrwW7%HO6c8YWHLYdDf_odskYF^u~5oaIePpU6AJPMGBUWvNjcdt^0Bc$I$?_0 zS(Ba%%{Yaj0SMEr^gosu+)*EnN@3c$BTO65U?CJkD9Mna-{=%E~s9`pdB zVw;%eDaF`E_0@!hszd|xzqYPbqrEB-k%z07?R%?+)7C+a%U(RQXlwgnM;4?bXg!Cd znQpVQnhKOB_r`CpZm5us&t8iVLR7O_Ixrt-*afs;_VpinqUb?fj)?CYIn#u*KC7uQvv zk?)1?I-{R8jJ24rlCO)A-)q2iv}Oo`-L#q`&;#RihXEnrekfEh`)vod$%oVA}mH00MZlD(~hW(Ri6M#j+eZhcNAXHDli35+Vb&+<-j zW60M&v?Pd?TZXQbNLv4`p?%a~XIaX}z>F9+-!sDtsaHGj3w|0zBkjH&dlSs-3z$nt zmIt}h${8}Q^0JBpkQ7yVXfNaY2gfZQoY&(g%^kOjp>AR(&sImS#P)Qzofh%e9|0Dl zX{uG{JB=wtG7;C%ourAvr5C>pZq_ulCSU}4ywHw@C-V|@B;O*i_GK#b`F_mXy@;>M z7uq+9{ebAYZYGQjHyuxO_KZRvn-?-nh`h-p>;!amP4lq8>*8*+Y4k3&m_=e)P}~SW z2lRD;=8-N**%?q)cOUZZxeTuWZ6 z_H4|*O3<1wSg`d&W)iQn78oT$=8p=P*u*MyrGS0krQdU#Zf%1V*u>z23UvHV+l{uL zC>$FQO$4-l9&tf!BB&POi3S4)^}}!|XI5jkMMI>_9KB+FXoAsZAfFQUJN~aJH?b=p ze463R-tP3Up7j;l7r47Uha z5y&O1cvTG+pnRB(K+xRnCAQm)aZKiM^lJar?Kkv~t`eEQ{wuBM$a&6>(lr>Zq4>!C zhotk#%dRx8KojqUlop7TS=wsnfzI3hw}|L;uxC-@>04TK_Io$1yEKP+AVSNxJGq(=+dF1A*oGq*JI;QQXGUO1 z^fV#{NI2e9NQ0f&7>LKfP7UQ${|iVnHGm}>q8}Qql^`|Rr}|5y;Xh>l|Iujrjn`c= z`Q2@IVSQljR>#=M!(al8&Snu~!{MMWlTO2-Z{n8gwMOOthl+B)_f8`lMA5A0o@0*rB?=%M2%W?N24``F4FU|*+66xPS*?g7I>JY) zLGs4qsM15F0E^!jVyY1F3rJ%WI9aCdVlU^HX>jnJhQ0cSJb(r%Q%hz(qcFv>*ogAwY( zjm&0j>lS4Gc9uP4*;^Oe5`#Z%`EzMeDvD?(wRk=3WPhl%c2{?49)sNnqa*b}))H#A z=M07UXM(*)a4aQJwlE4?#1L}?KB>jENz(T;8Qn-i%N3%?Ns*8YmN90{kQEGa>*7%m zbV7{gM%g7thKl0T(xObQjMPO3ow9nPOK+JGaSB8UsWOACGKEc9KdhkEOX%JwW*~TT z3w_+gDc9(zlcgsQ^m5#tfZG2*q#FBl@}m%UWD0;W5dVg${FHNN8k!M@!r-z*=PEJR z|8Ug|zVW6Z&prQdxN3RQZp!hoCkZ4fV>Z`rcfeF{jO~?psc~hth{%sw@H>7SzmJEq z*I~3V08zzpWF~mR)%-+~<7~Rn75l5&og2KMkb8b;PcG(O`{k;+=T!DxP>C&8zvDBU zp5wCH>l9SV`tZTB-N$&v7D)RdMe6oAgpwIA=T@3nikGO6m=)I#?+gN2K>)d)emTu# zod>O9DM<`*L2QifiJYEJZk_v8f|bNKi_3&cHyX2W!by3KTpm<1-yD@x_4x#1trpCm zbLCaHCYoHwJ?YzV0+Rt(Y*Zvjf>a0;77L>9g0f#6=H|y z9Hzg|HZr(8(CpmCtj_VG%5-4Hl<6N$wth3c3LM4^c#*5ki$)60WwkHc71;LJw2|tq zZr85pUAzA_wtGyv2S<@5hT1Gy0~tnM}7Yz2rGF%k`!7yxOs7i_JIq!!r4Ba2eK*Ej^T?Et;CxWAlW4 zWFVB!$PE78?<#Y$c!4p%5a{ztNw?1^_${}ICD0d-5(dTyjHuF9g$o5Ou+OuFz74gn zaTpJj9|YG{HCe6F%#;7s46$sxFrd15|l$=c{@(78N7BvrnXgq>0w+g zBA@?Yl{FFCTb4CcQ_EtPWxWP7?UiywJ(FGxoVz(K21D*h{p>9)>74Li3(Y=cenj!| z)eJJ@iSeeI+~5?Y>wi#&$b~jA1YY}fWmw1GM=<86-Map-E(Zn&2em*C3w%sbmVooF zQczQCKT?rO`bj@BkmFKq_-Jv4%L?7iU!8ScjS^Pn+K4rvb`LB_-AeT<`g@B98&dXt=7vA4e~^82K|{-MIQc#CU2d8H#zuUA6_t`M*ZPq=8G2GY*wyUnCkdCIOF7X$p|0JHF|i*zCT}hK5R$6KZsXY6F=KV4ZhQdH`xYRtPh?Qw8)=L5+B>||56{iwg`|V zo%>&w<@9JbJUiM|66M-HRtEMvl_Fj!hCY(^an>yqJ9D2LI$NMb>DEH7TT2II)-xAS zk8dW=`Q*YsQL-R;sHE8dHy}x4YuKgCShtU*`%`2qq?v399lULifJNzZQOMCKI_#YC zSE4K0`!jv2u01-iWK5J7Ch{YNN2yi(B5RG$P_)NxEbrOWZQ*~szS2pO>4ZD+Y=5cV z;lnDQ(8b-oc+zE#fCr8nwY}#gW&883>F4SCG?^w{hR$P7t*32wG!v2t)% z@pn(6V;Fl-&3;E_%xjIjEhdwJg@qcb9UWSoi>zzimBIB0Ne%DAPNO8(GtkrvQS`~w zx>MqW%_9FEvo08DUf#>YP=Nn(!rnxsee_hy*(l91%Jpr>*Nj1B6`?%?q%194bM%k- zy)o@=k{&h>*2nVS&6eKkbxr1lcO}(GdnCaSVRdh>vMi$c(mOl3^_#3iqBpmj-eX_c z(8yX<)fpZ&;}T4HwLwQ60DjE0hzuiDL!ZR29FqJJY|Idwr?io4P!Idd`>Ro}m1)oE zGUZNVB=-n3eRtlZv2BXz<-?7km-m6%itl)89k_`8t1S%!X}P!|k$_c)DS1<#ok9#8ZYME52bLUok2U(s8H&8VU9$nsMSx>pxixNvJXR3k-xiV(nc zM}`&9>tJ)$5tym9;NXh*gsMFfH{vMkzNj&alw|(x#X#MeA}>kjYjJC7>v%@%E$q7R zBK8qt&0d?uAvf5~ud`g5#E)*=#+5-X2PRiVB~eljjyy(1w%-MfD#mz34e<)tLiNtm z$LiA9ug_$rfu)V1fyQi^5owL@*n$x)ZN!Vgz#_*U_IXWqh6!ZMc8Zo*v1^oAskNSG zA=NSZZ*!0CP|jH_({0iO{$~sS)Z9t2u{*xeU)5q;L-=|1>dKr;M7*C|w24|{%c^dvD~NK0 z9Kbm>JzIrrFZFMoZd{`wSb8Y#q8htpTWW-L-w2`PYbb6v<%@6|P5a*whsk$?FLb-<5jmR)zHlya*c)P%l(RR{ zUu&4>@+xkUhV!EU-a_nmp*2)LIyNK0O96bk`pt$TTn8RDG^?iHsHFw-M(zIdo<0Rx z=9^P2j^zSR^GdPjUt_cqPwK`qT&^vnKc|Ye@ zH){QtR;0|6Kn5XG{TrP6r!mH7)~?LBXVI?g)bz>4)WO&iqaFd3tz*V^y;r86vi0%o z?>1y&t+eag$uWMs!b{-O{T^RANGfn_bZVq6z5LdUg*|GOn@Dv=CXP&HM)XFs1a{AM z5{Q%v@}VkK_ALu{K5^UnMDtQ2mbL>DrC><1B8pC?JEtuQ<7a7$Dt9YDVi6U94Px9= zC8S;FEp^9mjME^3qW{J*1(F`;Eu(A0;tsBf4rqvsg~zKD0&o7EU@|915n{yGQZdq~ z_296q9aNGSOEcCeARUN*I-B!hh%nKjtePhvjP=PbOzF1QDi|9nMn*G<#@&JaaiG?V zVUdoDAO6GG&o3~HNinJ}1d744%^%U=6Dj9$e7+urf}M#@^NfAR zrb%#eieQm0L6vY8o^KM5IJi%I-ars-D-F#g9wV|vs=6Fs?k4nXD=?~zRt;>wxDYrr z!C{SIDbs7KnXe*njx*1@x5bzuaW|+kGpj#4h+J^T7Q5PW(*7dLR(8nRbyUXin-25*U#RG~tOxHw~SuLYd-i zr?qjrn7Z=}gSLgp%wA)s*8YlK2aTd0!;jBbIhm`bv-(ZwF-?Em4AZ{+&(3l|Oz4LR01MgBf0Iasa7)sE>0#TMcRpxxrYwgf}RaI?b_{5j#@$o)G+h36-1| zkq~)f$99>$uD$s*0)$v>P*aS7RWGEax{L=E`y~u}dQ0KZ(Q_bKNOVsI=@u@tVkya% zyt!64pCT2LF&f}w88_0?Pi4n>??-9YFr*Y#9k=)lj##SQu`)NN)7mx3@ zxEaxoqwc)}kBeenU4FO)+}s)LT&ECh{Rp%m{a>ILqvS7rXi&N6O7Vn(P*5FEhBv+= zg1AOjYJ)obzC&pvt?lS{*Ri(P@90``L>|2}G5*}^r9UM3u?#941)+HK`+Nuh=s*IZ z3*0Iuu{M#_4+t{$g79FuAL|hP@nCO8(RYQaC!^=Y2wP#yy)QBs3_{SDJ8)Cy_M&9D zd)~7}xB{&8^JD1Flo?z^cu_3*v23|w`hP^zrmGCN`R|ZTAIQVeyB79|g&Wg9IiwGX zrVbcZ92nhLUebr}NU`xTY*B4@LWBllS;AXx1_)-9lQ=qUFJoScqZot5?5(1XScX5p zj0-K{J9DUfsQtR8R$!4o^mET-Z;CK!BnfS+79$9dk};AVArau(j*@MLv_ z9+7>12xQ*gRI%>u5P@^;?T~$Xmdd=o{Q2SiFa8Mf&Aq(=w(jqd`)_R966u?VKI#8F z8S91e={W*%1=8m^`HN#nipO^&n<9Y<+|Ax{QFK0h4HxY1kg2f_`Xndr95LsOOa2aD zJCT4Q@TErFo&quy?3WXN{qu*9V2_NLyZL_ypFu&nakpKp1bg5eT>qW<9k5*w3cC4U z7w}jM_Vd9ZZoeT-sh3qtDnR4aZB3ZGXwVd^dFfzmQr-jF6>IQr>U71>Vn|3SAVUM( zyg4tWG|l-~B|STS!j+9DqVaNwo!txw!p1^& zr7|hC7iU|ckf!07sMQE)oCm>u8gbA+5_S!g0Pmr4=F92-Veg&7D{I>L&2-YS-Rao2 zZQHhOyJOq7o$MGL+qP{x|9s!|y>rdX`5euAvTM~|tMY^>V8DsMN-sZi$lcM zI(0hSJKbPCAoQvp-Y(RiTjvfyANP+^#jn%wu}DHT!!6y_$C|(8)X99};D>e_>W+*B z8bqAi_JvEmL(8}IR0U54aSN2&@dInVK5gzNLFUZ#~to@IniWu7w;q-I` z_#~qWiiV~}25C4>~u~oaBn?I z$Oy};g~NX5M-y_P!Q;Fi3(mDL+FS3yn+$GZFj;BXFCQhYNbdBqRXs|;@O~zQKBN+a zSsox~wjCHc~8XG2XZ4*<|F**3a_R&WR$!K@+#(#<{-`)9nF4fc>)XGh? zJri4rJO(6^FTzR__scMB37`-jV;1K-i#oE6=XuNX5sY<37qI6nlBRQ#4MZOE37BSf zw|-ByHbU#lV!n1(qf*e!2A;H1GMV_Ae`Mms_Parg&)(^N%&{S*&lIq93#gtOdtOP^li^a6J#Rm5Jdn<=C90XR#wb zr(D(C0~bg!(>sDw-2Zv!lZ5-7z&?viGGeRyX?Jr{0*`)Gqn)BVv3Kssf0tNP7!Mmh zIDWX2W>SewE8GRjyki173hgt-&y>ebg8VbY0AP4hS!G2uuH)~nqcoa6HG#ODtA0Rc zTJpg8RV7epSkNlImy5#Or8nzenquLPnmz9OdUDVuu_c$H`e;KlDXYHZUsu?8n~=Gcm9oC6{x@g zgECAN(ESY=*{>S-rDqy{2LF`v>GF1S*yn9W$w3CjVm7YgBrKJs{UyiN z2VZ;kjaO|&Ki78SjXzl{3@jel?si)%JY24~Kkn&MejTIRMP3T;hL*N(OZUs=;cLQ_ z!*63&P)x^rgvmiM!7IGq;_8V~mibY_Ua22g0Dy~SqPWn&d6>~bG-=;l6p752(h&51 z^zp+i7G-i2(BrHZ+D_z!8{);4y=p?6041GR8al1VQ-n)|>DiUUj z=KXkX&HH6|@;2isSpM&*F8^yt_#ibiR2|N(x!oG8udpfsp6*M%za8ea!geF1Dal&H zQJi3}sE}{J8%GvZmVcFeke&01S-`uTWz=@#0O}r>$?|D3F7z>(k9aaJ^`TeYEOnSo zHcRyf(*A^ivs?YS2c`L|dnC{96 z2Yl$c@&(faNz)gIJdC7+&Ro6LC@v!LM4GMdi^=p&I6jm@^$=WGnHU`te__JX;1-@ehZV0 z8n^4qO`(CM=+$S+wTT(QCE68x!W5S1RtW2909dWPy{DiHTMj9X$@`?PaJ9z$XY=;g zRW=#;DT1p6-ngG-To({>0y~^cU zYD#mK6p2Kq2@_^_BF!&!B)F?l74WzD8yZ8cpDUXZ!pYf64D$`|J7ih=^?R*uns@l6 zb)0d^Yb_9)hhBs4E-x~aowxfMe50;fgZg{mi9j~Js6s{I5@~dka>Va0hB?sqJEw}^ z<4*fq8FqHB!#~z&qjWVgNG_}!7%gvHcb&shbO4kkNIDSdY!je^Ky>5WSbPcctUsoe zy5cxxf5H)m&tO(c0HruA7kkdvoZu|0TnC-l&zTIxfTL>~)6tOuJnHj9`CX zSCJI|Bo~r5R$`aR^1C*4N`m-J(I3wgt5a8MTTctl}9W{93jVa zb+zvDE{Ytm2^KBp9Y%@D7mqK3Jq2!PweOBycA2YQ0qWc#L~9M2Z&g$e5|T~%x=o;- zNTp9ch71|>Ig|5&vyCumW5kQNOxhkKPE2)ubwmA7yn9qj1-U^~6oO%yFQmc*t*%KK$ zy<}fTzDWHgnmh%SyQg?MWsPFY=6geC$hxhai?xNODW9Y1g$8u8PMRhl6>7~I;~1X&emw49M1wm7giQyrFbk^3*DU*w`)AGjEP zVcT4D;INjgY4al}aOyjiA^FZ4wd6w;-Wqb7LTpsYWv6JqIh33ZQB?xxw{G2}l8ADY z(edth-3*1YnG1g3R6vtO%jf=pTwKWfRJw0r^L_ptHg=1@j6WS{u2^zRiU>YlsdX0v zjxQ9Pj3E9;4M1&0(1j>r>5HR=-LSfwa>{q^{im-TZk&A^=-YTaqWrkV=@dwl7#y@lT!q`@=BjJxgH-(t0UjE z?!GLyVNe|D74gIeUC+Jx%!*l3!zj>S-qBT{_^gi(Q;-kOJd)@C#vO`Kzkc=(8p(Y; zy}hk<(>dcIF=3ze1Xd7Is^-JgI&@eqLtq>mcIOCCz|8gbaV@d(5Oe4NhNZPa6W7;i zhPQ-@-Z~1$taL-b#EXZaKkCpuRL|U>T}2d|vsZ0c+UOk?3e*Z00_yS`zxDhhV7fd# zY8g#Yank96R$2xlP|F_4r;bIfb6frLOZL7B75o?Y!t5w?n&n~K19`{9F}E9$(n9EG z4FrOVFjxt#neH&3Ar~!LrX?pPQb=)xZ|pQ{%KKgu1)lFxt<~XVl?u3Jg|x@wz;0&i zT|L9`Nt~{cfAzoei@OlI+9Rx)wtQh;=kX~el%mi2j$*{;f=F88_ZM77M!_7vS7NsW zi`w@ciny`4%mU7L{zG>0c)stlUnfsr=Kk81-svxd_WI=uGaIy1Y`aexEChAY)!72aR->t6=TWf>^0 z1n$3zOtUt0H+Lnel_L%xZwKzOhF$alCHtSZXkhhzz5$-(TCk7l^`P+>$hBP}fiyc} zO-4+63O7GXSxAtiw`?(dRI0Ad3z$hlPYw)xOWbxFq!g>7{(IfTpvYWwppTPqE13{h2q?zbY zh8tgmIkU+2;4xPyB$#J*fC*RIs=)SvJO1_8Z%Li8zz~nG>tc9l`tFNMvUcqyh9muK z(&h8rLdV3aO9)Qw%qogS5mz&R=-4R0R8y7hk92zgd&&WIVLto01Am34-({`zq@_Ld zgVQw5Q4=7Dlw}s}=|Iv%Sj=WmrF|<=%0}pLMLbLUKKsZ^)0){(qLi?!g4?P7&@C}f z=L`*H4|p-aiXqX|gBfpHU(glLzMM!O#vxT#7-QV0yVO&aRLE;jC#{9xgI+^=I`9SS zaEy%}Lq$(CgNiVIhby9$VN?mDH6mX+ac?4_wkvOJjJ|k;jGSSW2*WUdXB3Nl5XD_7 zJH=2sw%`(brg&&B6+4HxM4`W5`F8J<4!{=)KD6vtcumFr+3V9IoDD6+Y=kI79e6zN7fMNeUW|~9OO=~KX1(JW#OScx%PAKSG#ec zNe1lhBaWPNH5#M(1(t7WleHy2R}+?!hn8idx$~0l;hG`%4~do`_;uy=mkS^@gmq8R ztkM#RtkWs!DG%1Oei(1amqpK@$ppQ`c8Q!ou%G^fE{T-6*5^;t*n41Z$!l|v(qD$- zpI;8?(t++@s)Z|FklK7V)W}I3alieX^E8pt-tJJtPILK&Fa_aE>?j*BV%>>{{(__X*L#w9MwD^vVQ9Q+z4(vE zjmM8K$D+<+a}5h~9Zr0>UGT<4Q1_`6b<2zKbMLxQy(Y#R75H{-yhzELYlz(qtV}8}froi+-v=j86(_>#EmUv3Ba@vUUA!EhEAz1JuE`jEk8tL#vc@pJ# z4SBQ{gS3WaJ#OsC$Ki?0VEv(_W_i4{EBFba7KQH0?qnoH3w|!AU0rwTQ4sld(CIX1ke3PC8SE=+S9evXb*&fZ);6(ck4^X+x0fU35*(#M+h^-7 z9X_}nI?GPRI6LcIc(L*_J*Tdb{lz72X=D6^Ynx_h)T=9<>gjT#q>%byE^_ta!cA*N z^6D`svug>)_>yG$m2lF(^Nx9Azy7{P4FVDP3ay1ycOY>_uCZd77v!Y_Tg}0u)JMJT zSP0dSyJ!>bGQq4VJ;ACS`vO=@)>}9NJkvl-+NK8p!<%_`?_2niI}Gq}GNsZmuBWL= zDf6pWC=7q*|KnBTe(D#|IH-IOUk2(f`xI!R@XL6#1mj>I&5OkP!!wnFOyz!vmutiep7Mi#KRt?Y>6Jv*T|gcz z&0-N2IzV~uI2DD??gzQ1xQc=EQN00Mm~T}wl_3;jv)@?>lq94czk4~A;j=5pm@(*q z!2N<+oKh`VjTrIE=V5pU39a*&j(?1?aI37fDsU%Vh{wYyQiwi~FOvK&OJ>~q(Vf2q zy-DC}n<4$+AS1X)22FwI^2!r7Z$bO=iXi>?G2t@129YVkP-r?=ks=h}2p-w#{S3`WrEgiX z6{3lR$EF`TqzH0>JPur8Z=?OuYdtn3E~J^`$@A0y;RoCwNG3!_Y9<*yqX6iz(We@H z>{HCC;ggVz7$`aJzR8|i%{J1pX&3Rr8zM)c1kuk*%>>sp%qw6|tG3gqKisFYbY>v@mJb{_Zri&Eb^T zw>S1hzKas0<~6;wDmvy5Vu5fH%UFg-4JZh>nhYt5D0FGipP}h8C``xOqye)+$xtip zOl*wfsRXWSG&2L+1oLQA4=2~KmYyL$Gg*;si!^091$1!guP9$Pl@k@$5 zB&w2txK@fRerr{F&8})9q$}EiVe6dkl=wxbixoHgN>$bzc7v*RkUQZ6cbWyu5_FH- zNM7g*b&@0SdXb zHdw3cbtt)pe3QN_Sri3s0K%6&%%8WSfS?E1^EAk0#pS~#D}I+|Y}8}TKcS}MpL9t# zRqt(tlJ?|;;dPx?QK($M#agewO8efiw8;X)Nm>2Ll5JA%kH|2cm)^}pQ^%OXXXYGa zRY%JVc3rnGu~pX6uf|bpi33ctQMe}4@|5f(s4(`#B|NkcA7?zW5?<*h!?@?~aD(0- zDyLLhG+$meTxB>AtsIue@F63@BuS8^ zFU%#@c~va|{S36EHB#q%pPi)ISN@yV{j$+l?^&2rV&%H2k>XC0*^=l(pSjb=nyUjx zM?|C>swa;5F2u5nXh;XnR&F1Lo?pt~x_~3lHKzr0r<69A2V#n~&Tcou8n{tk?cG}t zG3O%tiz~5pf3Z$hc?4~rGu>D+oohY9)qtA!aLM>Y354TgvNU-tgTnVXS!1|guee0iRErIwP3n4aN)9k2D>*`0X^^d}8LJYnVmz^YQ`r6INY!i{|r! zneFQUCMY5~(gu>cnQ81^IDcZ^Lmj=YDMMhr+~60ZMr(WbSB7ZAoa5`uEPTrprL?u|z)|=ago@h{MBP@nK{gTYvp#Z&MHkL`KpY=9&%Ie%2q zk+%jG{|cVtoqs=fUk@f891va=fVhNoII%l%MoUR@1rN1*g7G33A-;|&dl@HPi?~to zbU3@XKef$L0rW1eJE*2a!6l&cN20*_uZmJ{g}k}mZtv>Dhs{f2XH>?oG?!zV^CObG z#~zj|r8rN1o!taeq}tM&?2ZnT<)s{GTP$PKOP;bDiWoX^Jtc=Vhe-t8EdzGV=`TM1yW z9lf7b-!)3nPtSVtS3l2`f2f-d6};6}DG6`Ppe!#R5mgXvaXWv7FlWCiy+c98_&e#^ zgI~d+uX87OQ?aE!IOO#z%YsLZnbuE6&A}NnqpKo2>~w%GxZ}@ttzhpq$T$W$*Ay8> zaaHVTpeNS|rPV6o3fAXBdWxoePyuP1GdzbE5#eu9u~j*~0S#I{wNa`FC3;QVk(h!^ zsD=IL(=3+Ao_|rtm!jd1WY<^;HqY0rxOh{mf93d-MUPIMS^Nqj_t5s)yL}Ezg*>+f zV!coD9cq&QnqLWNgu5M9+w|9EYV>GPetMF2-(8EZdN#dkzFJ#|?EbokBiZp0bi^Mi zp$K4dP>@HcbKbbXK1fUM?sTudZS=mGQtvG+JkWt2W*$=)PufH++N^%Hbl6_Ok?-O- zj&%-5a^8`HI0kY)IqkzntBcC2a8@UB^|S1l+9$TszY5IyIGDRAa^Km&?wYpp?&zuE z-O%}6TX==ST=0sEO36+cMVe<6M)t6xq=Es$JNm~9A-t0~MOnRGi+^8^#VWe1a*2I+yFC>EK)tn%Mw_p7}RFnM>um{iB=BrBe8qMtdIx*#lin0lt5C4D5-R~3R#DQm*Fn*W2?|$3nk-sCZ z6r^^UyyT-^S$awF@3eeGA}&@?7H9wum9>{-1?A&weD`6TNrjC50ChV zwZut+#PRlfAkkf%0y~wvpu!TVz4q)PrNm79nS_U1stWpc24}1`vk3^ErtI3rB+egQ zs_k4L!WVzaD6g**?Zz@Dkj*}s=$yUm9wmSdUNF&$PjPXLRYcGb6lY zj=VcELAnvSw|LU-k944Y_nq&cS zK9@Dg8GA=sqkiZTPIDCqJ4$jDefD*qRK75Kx=Lxtm~3D)pH<6nD5`3oWbne3B6lwS92dYe<4){2eriaCDz zoK0g2i+x08STScX03G02GZZ#8A0#6=0K|z3-Ji*%CML;BcjfYKDHSAsNTh6y`J?(< zl)c~>DG3w}?D9LM%n0gD?ks#d)oR_u8+#H^ELiOd=@D0nMu=`IY{DASe-8b9u0O~w z1ZGGG!+?N?p=dZZxgNDWj{ZJluT)K303S&4Ye)|pvy)L6luRU0-Ash%p2=Tn6x!R9M`hrJhq?n z%jak>8U1V_Bp)-o%pB;;4jG;b!XM|*zisONHj!Hn2-fwn$x`7~ri`mg+zm&}QxOsv z>gM>caOuj~R%Ts*<@m+n(DkEm9{@x6NFbW?F^stI!R4{7FDGGUCvmrRoMx=0U>cp76l3U$uCvm@Z|Wf)$1*%3QuK0A5r-%rEq{Be=!jjnYz5(?sw#(Q zjhprT*-XX0!m8WWZu%h6qeh=_%Lh;gSvXuz9W0M)xNYzvcjO!w*L7z_NXXJ3dIjQk zTB50`ROwHXY`pm)jgvY0yiGFAUy-mU)ReN}|KEcTa|zf;e;ebp`ME`Ydw|b~jpiF^ASW%J z@9FX4$P~=MM$EKT&ZCbTxwX+t2KtuofjWrZdzeR~j)?$yn)5{14Z3uMK0dWnh&u;x zc9<9LuDrG@xIt~>q?7HOYG|GWvmHtiX#2hv{wMArl7%Gpg)K1Tjbbo2vltrMUH?If zHXOXr@MTIhgEaqp!+dWJjyMi0frfRv1^axBEHco#K;Zxdp2mL|-HL zdtp4y?I*Xo=bIgDt+m=KHqkg7EsNIf=-ab{xLA3xtBXnlZ7rSnoS9R|@Qgl3H3X{E z9$%K;N|rQR-12a09GzYmw)ko!Y`Tx$34BDZy9ooQ+2qd`MyQ%u0eHR z4(W-I+`;rjH2V;ri@KoLzg{ItI-|ldCllkP0Zvrz-eHi zt&lJQaBUZo8}8Xq8sD$UZ2@qC^I+K~`hcej0j7wVqtb57M>J zui=gnBK@CO11TalMCqW|TFd^m)hd|O5_SP|tDlA!S*~AYQ*iP)(c;k00;?myo*>3l z02X3#B>2=4$p~UL{NVEN9Y;)UfJqfvXcl;tVz)xS6*4E4^}3=A ztrmD3@NSw<><4!v9C0!MTy&3GKcCQ!V9t_EYGQgf2y)QP~Hs zSDqLK2N)hiu2=FvI7f^|N|FGwW}Z2AC~s9NW)u*E7T`1nUW8Zh&vG?LJ-mRaMkb`X ze@Hk(1oSzfr#`n8OZ6w}rc$hy^OI@f5Tz0TU2vC%!<7#ppFLnVLGnpmVC0<`77rm;)UPzmx{7%x>P^=wUwD}f}PjgMEL1J7@ zOcXd4)UBL!Dxg}g6f=S6i4%;@qlC<>dPZc`Jb?{g<<8@!N>#5B4@1&uDhsj*aK#E) zMZmZ{I4Q?yNNvuum9rbdF|SN&9>i?J%T^T*@-+1OQn<7TN@8%o#L7wSH-*r{iU{eIA|k(M&}lp$h!Vuz7ohE^l3 zGA#xyAo=)?>cMi40|&zYCI>d-Tj?|B$;&;BR4CIw8teH&)iUR(n~2k|HToL@YHM_jmFS z0I(!(d7ff}VtbFg9#mw|ieS@#pCR>l7de@xE&CGqsM?&-+(Wz6;OU6kh2=je|L;GX zAFiA8AL4Jel|N$4pz@}h6SSeq*(=4&Z5gFyH?6|ENz0&T7FiI-qqIL(9@9(6RlLX_^1>5 zDbN}lz)m674muHo?Hu^Km`|g6 zF6h&0K40xUQm;+vxsZ44<0t0fT(m>!c%mDe`O+~Z^qf4BGDV^8VT_C-8Nc?%BlPEX$tS|& z6fwI{M72VPw1P#o0!1_6Cx}3knID0@>^foPxG!(t0wZiATd&ong7(G(tkVO5J64BSaj}@~v3rjmBk|_k^vT>_7mo&PZQY9)6 z0LHe3`TJM#)G2h;R!S10QqkyO-sN|>2)d<1qM|ri>#N<4|zwMddqk&{?yGV!qMbr9cSCAxc>6^Wg23`*)jc%->; zf2HdKGQD+w0$gAAm>XwE`l*ITXDbdK_bQJho=5#}I9zvMKUJFNZz&r~s!phyZJr~f za5~1)TN|4L7S#EOCFtiI$_r-cIR(kPRY-dT-rORpVb88{4NFs#s|aPVimb3^kL3$s z{Re^GK)o&nGJ(@XkiTsvaW51ZaKcApmitZIQWM1pRf&uHhl?~3Uwi>f1`q0H@%$kA zOyc9imbaw0Y44EHi@dL)1LD(cO=wMkjJ0F+7kS$sAJI6iNJb-fD3nYq`F$pU?93fG z-~B>puti9R28#ozJIipw6sd&8^mA|{hi><_gu2R?+2nGgxefkTh?H`DgKmaQsQ<4J zzut+@J{9B9zli@|#Q!hi{}=K9i}?RV{Qn~Ue-Zz`i2q;2|1aYI7xDl93Gs&(UY^L= zlN)kpU6DZf*)lZ*=Q#mtX$Bq86A6Lt|HIpPl~-afO&8Y#Hw&BYQW7hN-2`Cka!?Uo z%I1}P7`i{Wu*e&YJQ@Kc99=c8*YW&N9l%SeCY4IuY-NsJb!d;Aanm{iK|1~pcUUU| zW*OPPGl79SSqnpl#Yu$f3P%KUW{QqU&-|eVouu7qGJt9_a1uwo7flR4uwQpN2oWsz zszGu^EFU6g3Yt{$PR_QUz}?7@&s+r|$vt$3%(~}%xW0u?h8UsgM;n-`v1H4kS?~l+ z;;Ta8q10(sY8uAdA7LiE?{is5#M%v#sUTNOKIgn!Qdvy5=te?2MZ|Zz%=QO)q)om^z-fPU z66Yk&)Wmm1Ln)4-ljNf|!rOP&>zKd%1f@p=(i2VP@m9*lZZmPv0??lzl*H&S|JR{= z@8RpKEO>oy@x1R-_X%#gC0N0=yjtM$0dz;jE}I4WRIXIX4?X0w%I`|Sa`DEM~TkfrfuT*1<-dTqY? z>3GF5wlhn>XjMryVrL?!iy~q+6oC$NfiI(FkveyIaD9jAu-2c)ybJco@EP{3mXLZ6 zENRmy*w^R<#)wsksh^y4dEL;S?1+x%KCVzHpX}&?g^1RBz{D+dC^33o6eGzt!xL*b zB3;M;!9^@*xr~phf*d1|hlusncDx23d}N`4l>W|nxW}#NM;Vu_cZQwgycd!! zF&%Ypdyy*DHIY5|b|r?9jZ^fHKa?|9ImHCy3?T-+g0fLXMXye7Wb^-IpJpz45M-+= zZR&f$ZMCwIr;uPyG}+_3OayC#WYh|X;2#=MtY19BGa_IWbXL1t#dnOc!l)QWB}R|c zCn!(|=CsTv3G>O6BY)wrW!NwupnB}96(^jhEdX&T=YbKC^{WIeM`#yyoIn*!A%Z4g z451oS{DS}3b=J1Sy~umy+qD!s$xj0uPjz6tPhDSty4;&O{5SETo%gc;oq~qkkk9tl zVi;k{9cy2TV6{c70f+NTw0icK>pqn(-!GK-WGs#My*ekqqTyZkSvEJPeM?6$CDxz# zbiy=FqEpbTKn)h!t!`>};u*sIaRuhJaBLPrb$)&2t}oy{Cvn71JDydKkSN>5fLd{CbDC{DxHq@|>5E}%4SI@5=ZISl=+ zzA2#=p!*WOP!}!lB3Z1)vu}7+juY#)Rc>z${byZ{FDl>)*Jg)uW_!ycYd=2o;}Slj z0i&4VtSw3sP|cum%1n+ZE#vd)t26aA_Vwi3xjyPU>}&N^_agclGvs@&`>oS_cNlAk zT!TP-cvKAKcY zvYH^?pZ;Ta4?CgQ0$&wu7rw2+ih(!YdixPo2b7UfGYm;wuQ3VD(F;>4OInpR@`psm z(~dS6D?9n&=|R&3`m|2GfAA{xM!yNU;SrUjN-+Sq!nuDPiL~*8tOtWpM1xOisWcR^ z1iE(7c|tlsp*jMW-R;MXFPcJVG>YfYMP^=KcJ155UvWuE5gHyXSkFnWmO>kUQd!a3 zz6V+}NIH``{!tOV5sW+y(SC1n#{{m4crtYn>pYCAB9_769siIxsc7h_9=nGpDgg3e z)t8(h=viK{Bgq?3Afk>LCt=)wyoc3iME2qTcn`M&Z|+wU2^brseWqR8(%Bs5rFjT( z182WlKF1&EPh_8+iBsS4P`KU-$^Xg-%Y@R)q;+^`EZL;ho?qLjki;=YPccH!j7V48 z%9!jsQ^=Tyu4O3E+_LKpQai)Xc+9jkDw2;*da?8D=d~L3d*K*!bb!oo35y^nudW9v zO@S&~O(54BAFM7-35=0H&4MNXMGYUGOit~F7{h3@U(jwI!1mC4bpqdfTtZ_SYT^o? zvh{iv%rv!92|a9>+ib2Ib*VKPe>$j z^PBtmf1blBRMD4j%^`h7UQCv^T)Xaepzn|FPPKcuzdIR;S9)9$HC6R&7samWEMUw| zdRxf`WAnkvNXpm|3YX3(G(>48l${y)i?oQwqjx$GbA=639Ap3cXgoBTRVT?hSgLCH zc{=ObDGvSs%|aka?7vUshuzo+pGy#qii#oQ$@FL&lons~b*GN@-)<4{F!t z`5{?TlFK%)%#@hB7q99eb7(y{l-uzjhE(jM9hE5-tMy_^AnLrA%}9eAgY65sFn-@; zY~R0Yq={`+(8VxtZd!3`{tSedZLy*%f%k=;*vh@5xrV=+eAs^8{;W78*LkBdwv^Sa zeH>P3a^}}KD#n#Be5^&ez?*2fZLCgDpxN=liU6~K#a1_-z^y;3;(rS~ZScXTufMda ziJq+`KyEgve!wWk=r*ZCP3Q_&gIr3**3|}7l)%v5D?*K};=mx`s4G0`Uc^GGyLW&Z z#!#YSmIot@LnCy&yh8Qis3JYSyq!}5d1{?39bGllOrO~k>*Tag>GTP`Nr1lEsC8-2 z2OGEi8R^SkNsXJr(l2(H)|+b2Hw8myG(0^<1#r*3W!jpzE{y^-ft`Pv&{&~Y75~AH z)AL_`BV9C%fKsJ}FS@?R2-w#lu~qyz2c9{=gwgbFQ6iCdfib&FpO-Kzw>)eR5gW1;-=oY=xqfs zX_R>SYE@LUH-A!kCS#V-j~?$6jWk4XJ$$+pRM@VQqCxn62@Cg z+-w(n@YrDbqSZ+On{}upZLD;6awx@_#6V4(fO|~Ni2rDHew&ChKhZIeG|zlUT&5=2 zJM#XX^zatlCYoyEJ+u9ZZ3{(+UWX{G^w!R8U;FAN?_C$c{Oy1L;mOP#)Ujj?*ZtilW2Ud4cyE#~unvE-^24jj&!frR)n--~Pe4q4mU4jIsjgN4!=(=U*1s`U^-M0;joi7uV8?|< z$MO(@W0C5O$!h@e47cZ^bQf39!KtuXyhL(GPx&JtV96}vshONtT?e20@f~jZ$dvTy zngLYxEn+L`l$gjqbJEY=iWEN+Ffsi`Bn7uo5sBTW0I>w8<_%X_UPz8=;-Am~bm=X^ zEg>B{($}(J?*8W%%Ml^;o9=<-8z_qxA<=T55#nUgqMazE7o>J7mg$3lpy_9 z2x`W627B$vhNo~`9Ct{ugNE%FN<``m55vF0YdJZ6s~ANo`*dItk)2DP zY*?o}_IA3SGCinyCfyf}jm{7&NCBhLJ;)9@q6N{D06PMg`%QZApBjPQXOAIcuRwMZ z>(x%&0@2KWhwRsmcOM72w!)6qced2RongswDzmMXK;G!$p@q8Bxvre}nTCt4RsWqae>3;6;f+mnGPCWTHBs(w%@R>Ynt4Q-0oyfcY8g=fp$byzMNmO3 zhKZ>xk@#yAOw7i?LA;r&y|BxubgCl}=rHZGK@!7qm>pzITJyC~s&^;L%1j)2K%%rWBqZKbknnl9HlEr*DKv3f!dl3^ zF?i0%C}(Z1=mq(cc*fK}fzn{s)=<0kiQpmSCl|uzge2^CEw_KM#)b;-PTnfNEe3vP zUi;0=U^aPQ^>`lT9cx$oAH<|VLdv%Rls}7H(W-g&X=OJII_Ndi$Yz(y?9}@rr4{M5 zu4HzL;xv?j!v$TPN&SLtLCw(VfbxJg&;Rgkg*U$M54`>U&*E^M+NckC%5W02=o@p= zk+YjVY07l=&^&5}h>fg{K2_wiKC6sa5X3*qqfeNJG=MXGQ|g3SKs$bL7h_ z8Nx`?$Tf_cHGLPSe|Ujre{~K^#PiN2mf{35ZzwQBXci5tV%w~y(sKxFVB1UxyjpM^ zkM_vS#l|4hmQb4ePs#hgcDuR*v;Mrc{dNdpqR-SFZ zX-XBFJJW`=+X#(ckL|vsxrELB9OI(4$EDvNkkrgqSzk9bz^DW+XCbS+NQb zUTDgv8+x48X-)#_IX=ShRXQc*R6iqbqxVh&Y6GS>(ntZYf5CS9InOL z%?7qQzzvZ?q-V1Ieq@cQUXW%XQWTN*H7&SiD@Buy0nFhqfb|+$MtzY{wi2gGHbx?< zk{1~xf2vJtGqzf>MEy5XNqc31=ZB}fHf;UL{@Z`+FQ8vZ!tX^SaJYsC?eS;(55qzl zkW(9M(HLgqU=ftMSTBZVS%-vNV13)xLK={SvD7(e(vp!6;?7j0o{?LyGBkeyd*26f z{h1||D`;;X|46^gv7 z8S)NmEk!KC{oy-@2Tj3BE>gJEn=6Hr%j@m%(!{PA?i4F4Q|e9ILAbbsqw272Q#SNf zOETBHazXyQw;&t<u98~{9^BS$omEj&aViyH;M#|R>D&!jby?6ipU~qq?hF`Z3wmyn$`*{r!6#3whCn{A`svUBSV>bp3 z`=KV5p-y;L6f92%rbr31;59fAbc&LZHOt|E!q65{GFfHdSU2unhyk?4;E%Wy{a~a2 zT3Q(9Rk9`%6TWUQJbSVn62s^@G0}tVbbc0BP>2CrivK=CALVsMrQ*q-Gm$*#5yzZX zXBR)-_1^1@Feev3-jORVA41VCwkm1+en`m!rj$NAlVl^HVkX$uEEFNvLRv_tq1C9g zkQ3mE*(2zqWH{8N9x6nA4ZE$v_Vty#_ZpMBlic!oTW5O9PY3h17ZrJ=Uet)K-LxS0 zym(8lTbZ^odu8_{Ts9GT9;!xpg0(?a1M2>xE=8_C(`}J4`Ifw3pVc2;%*cz+E2;mH ztCf7=Gn?FOYrHmuaGMajB{QV@>6Pl`^-w+4!h1e}2g^o0l2oAU17hR|D@%bnDh{R_ z8~};f7Nyv78Sr3&WdpW=+hrPIae}Lm@}ywsB3rQcVG+g$buyUQ8r)+mFQ~G8GU9RLB6eaXVUtTjtcg%);VlGS2!Cx)hE9sqX(h@8e0UFn6f>0|fh#g_gea&rCWJJXFu4{Hb=`c6HANEd}_bG|8z5=Ti<`WdEPFKQvMEgzebB|Zt{&T5pYAbax8@OwuRN$ zd?#8*mm96IJ!KC40pABX1wR*9vfY>q?>1Bm9I~x41%4!0SiRD|bc? zp<5??Yhm6st@aB(J;RcE58;35Ta;P^qXE+v7rq4iG|%l%KB7CyGrHs%S9^Urzgl#H zCnZe4leYUv^`Y$#fPWTY_*x4W)Mhpa`De1_?-U!vTp3nXmf?)6lCfFa9^wi5Km9q~ z8dj_r_8Hq)$wrG|f0|YD%&ZnK>)i*mZ&vT>cdd_CGo7B}2eu~xB;HDtkomsLA50}M zTu3pyFlWgZ*p)G733TQYTOB)5pV$fm#=6l@kS>ws3J}F!GoG1_!I?8r&tG7w;sE#I z^ibcP7qw|8^QSg#gjn~&MSZ2qymGy?o3x~W>A>?-WfQJa+8q9R8~3@K{fng~g=xdUL3HW!$(8Y6hA78D@w9)qCnlNZYks z*k=z8-}=vBdop0qLKIczMpXm$9Xo#HVQG}7F|Mpeh-^j5$dcD(z_lV^^BKdL>EVK9 zjbC1Lfsm~_C9gsEc>SOM^M7t&?7kCNkk^0w!ygvp$`sMztge+x z<^Vc}4m7JGnff9ChJaD%FvzJ>*AfcwKCt~9m%gC9#?D<)<<8%4f%08ppRlyG!7Ko= zD8+x^V)NV!iD@Sdmqzh3nS1h9CJ>t$&y;KQV@;Ycj)4HLj6>~#2ey~}-g?yybNg=4 zmYTaI@=TTY=wh~U--(W*2s%k^L{1CK3DE;4yR~`Ntdoamy%Zh9j%2DbivvI`-Cri9 z31isO^1(ZHi{o98TRr3&h>P(vJ66|s(Oos#OrW1BKXlZt|{=54q3)(_E zjQ^e%ty(J(RV5%0Ms1pcuHnoOu?Yhr@+%Hv)|Idfc(RP(+d%4~US9%73>J{#84G7C z+(w)%H>-n`?Ln$7UT&SA2i0{uheeR2|1cRmGQxuo9x45UBSTZdsp||wvFxY^ZhF@>4TG*$Zq#`I-Sf;XB^w<^=#^TBe#9rfk;@w zh9X#kl%xCC-vJK3NRjvuWjo#qFL5OD2;Vs8;GEyjt-a6b5i-O$jWNOI*XZ?yN!8GN ztJh^i>U*4#H?C>sj~mjN5-VKhh0X&(kb$&8SKsC;QL5Ki5Hw`5e})8ER<{oHG`7X|P0#Ouu& zG&RlD4YP-ei52b(+T(n1Qc%0y#DVOoS>X~fFGdo)E}<;6C^JTYI{*`Ud@3E?z0d0I zO}ucKD_aN_qr&R!<&NsDK5ViE?rbJqfxxeyH^5ox1@lY2@Pl(K7^5rew~tPjvxo8l z*ZKMFNa{dW<*`q@TAUUldDH;QPKDC?6uX`m{^)P-cG1z_{sR2%;@K`?PG>DBKbF^_ zl;-GkRv_$%{g`-1A@d)8OwDdPYL0@ZmTwSFKh|L?<#@H%fwnpUymN`|0k;Ou#YDv- z7$W5HDtW8{0qQNV+wiwwvq_*Gp@394BXUKVjXUUuOJU^+v%!ycgl2`;kS9O`FaG=> zdgIpb0kVa1B-Db2Kw>kg*Br6?x1F4sSDWv=>FT;9(SO|QY9=@Rw&PS3LvN8@f;SJg z*t-_FETKOS+{{?cl9}y}C_iEZ70K}u;CKn(fA$eC0i11Gu2#yC>Hzm*AmFTm(z`vd z49-fe(pLleULXP~*tw%bCnu+;Cnx$gK~3DYxu5-rNSU!5CRMna_q67XJh-iW?6!5S z>uRqU!uJZYZgIqiQBby!JO5#?gV!FnCI??N)L`(uljmx%Sr)|~$Xn&|&^)2&HGFuQ zRqb2#!0DQ-S-lN!5n70Nxg%9ccq7kp%hvulr@HBn5dVoTy+~o>CzswC%c*m306use zZJhRP$u~*4K^t6qNq2QgI>>Xnp*)UtZ^Y*zq51&q3ihuUvU6P&29ljsJ>BKIC~)tT z2J2r+A6mOBnl)rpmjjPWyyg)}#2%@5#9d%M#RX+Rh;;E@(x~A5EA?zQg0La$iq*K@ zqFmYITkXZb^*HdbOnh`QA19-d$d=@^-Zy@KO>)|IWL89AmO!NVZI+3sG?*y_SNlAZb zIr%&?B?|tcRW2IVtPrQ`wrFrkSj&s8XDU2RhlkFrf_#Cg8*_GIwCPI ztNVgwpQDgOKERVbOIdx`hY}Gs@JMrqEn~HYoa07@6e#gx^4Dx^hI0kBsA!1Waum}b zLNmb)=1HJ}eMDVO8i)s!0A*{^U*iJwKr$r{`405dhVz;cOipcJLCOqRXq>PgfV`cUPD1kd{wf#q<>2G3!2o+aJ<+OBVQ_17 z;H&vLv1WZr6D;NKtU5*LS50yHR%kapa2!vfjjpM^=^l`;&u!i=+=}``eWa8PDFerF z)F!Aa5;=ySY|VfB^l{ox!@7$6;S082(*~_DUzxN%8;xLA_5L*q?Q^!P_S)+pVLS>q z{^V!Y`*x5HdVDB|Y7A=D)PFkmDJgS6c8n%u(J$OM_*Pm9C@iv}IcYF0 zd8i?8ePu(9kX@?XZG(i)}w*$!b0$LbW>(7=DXl3xJ|B8yOq~ zcquE*YUOUPYPz8X8K+rlR1VtKjC>J5&-OY(@EG z<3Uuz6Kg!1&7?o&^}mH)nip@-A4L7SP|wAR&l>cwV$z~+xoTHv9M?eWh|65RdnVo& zY9SnU9Vs&FpCfy7xVH|Qyz6S$u~F8X8EBv^0Sy9BJu(Zhb#2(3o3)>_C)Fo~~JDD_oto&FYf!jBQA?QKMnQlxrPP z-H9LtUHtF)Z7hdKOgMqA=bZ2a3uw5OO2)zKc)SdGL6;$N{k-%G5L(iP;)Vrs0J~m+ zmN#szmcq3bATPG%Vce1FKam|AVJfYwj8lWQ*9*gZi%RkUzv?}m^xJ<|L9}A7;^L=w ze|N4?elqFUDoNKP(L&cr9)oEP4}|ESv3rkl-9bP9v&9AU)Xh}?Q@58RE2BqS_wJ4H z0JNOQQxKkLYFu*B<*~p|C+gDc1ifyuDv0`YppbZ|tm@&9CKP`B*AI9@B^3MWy!#3-%VbLu5TqQXZ0_f=k+@{&omfGEv+|Z$nYZAlU_I5ie}PO zySuoRGC2D22S88wpTGU^t!FTwDpEbs-|>X^O_LOb)YwR=sLUg%xRzM!zu4aTK))5FzsO_U%FWxqBA(DCGz8=xo$=qik{)#L9`fp0Zczn zi}$;6c-DRlo&0rtD%8nbKCN%9#43SMqgrg^Vgo0fhe1sGGwj*s(ca#_nX3Oj8@7$= zfi3x>z;pzKqPJ>?UW7mA;3Vu^#h5&mu}z#Ij0RI#$UFaA3xqc(v#Ve}|F@gIpfUtz0% zy8RQ{2Fy&_Yq_sj!^-5q|J#Ary6YRBxPa7@V%$AoL_i$p5Z&%5vF@Hr?>{w3^TWtGh3b*s~qq1zO_c05Bow5Xz%jz{LeqJpIpUNXKD?{JGL@sNs5a1H?|r6xE} z(&Q7Fc7IooD}!H*kKI17Swf*utY@XeH4K&!djjB--?Li6R#8Y_wve1EMft5FpIGB+ z6l_v#2`;qxp36TSq5qcv!J@DXyzB&N(E7JVBJ{Mv7O?!bxM1ZnjONSSUBPrj|i8@-zh9;2;gQCxYoXLL_q8ki(qEQ4)uFk=>}0 z9{X{WR6j#9NFU%qj*{JkxRM7Lk)s61uqGRBItc!~*IV#p?JiRYe9 zna+l#I>17mAajtf+R}D)_^1=adYP*er6q4Zu^{tMLcG=PlYyiITcY`J+{b;9O}2!C zY@mG2p*B!b18$;(hJ$jTB+aTYSGFz5tl3e`GR)dB{Mr3h`aM(KXCvlpkcrWGG;G;9 z(xhz{Y?W1Dp5M0HW!2lEy^9*&$dh1S^)|%C7r7Vr&=CEse6i{l&XM?*)W_Gr{bmcM{e8{$$-v_U(dXk)C32{L#2 z7f1OOQ_R{?CdMw)VxnRYw}#=3mP%Z=!TQ*@4MlF^D1puxxRIZOvl?-8l!b5h(ZVuaEm)^cnUwe{=j zM#)v1imVo>15BgzYsRsf{99=pajl1z-#ImLonFwjF}z?qmBbZQhy{nSEBRaG;b ztq6D84LY#Otc;SW^Im{FQYyewuF#W;Evi|g!$wra|8T^LT!S0^_-&l&N9s(iX=&cjwe)ZnLPr!wL-z;bCb_M|-@ZpH*4F&g z&4K(*eg^h=>@As4EE`l1%p3IGw`fhvR;UIM?>ega58p>Gw^*e-Rvq6Bd{C>Z0?>1% zm8)GPly&R;z9c;8-9xIQ$Q`+|VF%u8Vzt{SZ8h@Tk9sVm#D-Ex)dk1kw}A@$*|Np9 ziODJdCp_6rCf6ShgGY@txWnaPv7-i`4r?DvVNFNo4NA*fTZ7t7n`Hzzhc7K#T**Lg zV8{-cbL~ZF(*3OS2Ys9G;dvoq^x>K;DQ^-ec;NBwbmFvJ0%gLwEgD)CrsbaY8d2)3 zb6v*R@l9d?EdYqUz_r0^^ZTT10I9zghiQdtY&uqwlJhspFO4&A_?yDM5hquT3)5Zh z1@4r|){qjHo?D=SYClJ_K! zW|oTrUPefn)<6saCh&;dy`_Zol4jh=BR?DG4izsk0Ef@)r%OMgp*J2FT1P0@CTi}R?|AO%F>xHiaUIrTe8ZYDNRD{JY zmzsP{!?fe=-^RA%AMkj`TxyuSc#xlq6aUluOL5G^ zpu16y&PbD;Wu#i2sj7Sx-LhsSZCD-6fOn2ERul?VgWaPGQmu@T$8XV7A*5G~#Ue;M zQ(nBKX1p`-^&)kHdFn~=dFIZin!m$)Gh zIGSZ#H>HayZifE+_8R>R5~qQz)~o@I?2@f9jb>7Ez@go0-5PNSML5%>mzP zYCfNvtLO7@g|qmE^V>W!J-K`SygZ-GfsDP#Y`lQ&WCI-zm4la*dFN);1#0Tgw;Rc& z^T-^|vI}R>c|>+{>jIe;X=vi%9J#3Mx7bMRh)lPM`EAibcQLtaDTj;AOA81^{=BuZ zY_y=%;cPWu4q8y8{}|aX^DH{w%sDcGLZh?HQgX}UgI8k$SL3tCoSd*=!~Hp9!U zyaS=6of4os-Lo38g#wQa=<0UCoZnsxdtPRY;ewx{f&6`?28HY&YvJIgA?vE~O@*Ux z|5<(e$qvci%?pMaxn1LOCRUsD@;lB}PYe1x^(oTP%(6qJ>qaIrbU50P&qrX{dk^EG zm9mn11rFoh`pj5Arq;U!$)=hf(o4}f>pK>Evm&AB{acxRW8d%EFkr;sqF@hDUwaM) zx?8pkQUql#3KfRF@+P}Ykb6=itR%1EFHM75T`kT@<4!hVMwbwfF8Z*_ZIGEoj)Qu zvaNFZb~P@0HVnJxkv8mY7<_>@xM@4PO;_RkMXd3fK(_iq;wR+lC4KPUt#HZsr?wz9 z%8HgZqz1c0W^8unzzq|Iepa-(bjg!a102Y#f|{+nNDXg6S2ABXKh+WYtK5WGEwz2X zx){`om$X^6i_?s)9R>MJ#cnj)vqixcXKO5)Ak^iiri->=H9yPAh7@Oosa6F=LY6Q_xo;7`%k8RMQ5@L{(JCw)k*Kr<~#d8Ig&GlOfJ6w{3?>aLrvYn id8)J|^~rx7%ds5Gu^h{@l>ZL^0RR7So~Eh*at;8O+t8o@ literal 0 HcmV?d00001 diff --git a/released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.204.tgz b/released/assets/rancher-monitoring/rancher-monitoring-crd-9.4.204.tgz new file mode 100755 index 0000000000000000000000000000000000000000..b1158d3faf42213570599441e52b7eb001a50750 GIT binary patch literal 114192 zcmb@tV{m3c*Y_Jtl8Noi#JG|xww;M>+qP{^Y-eKIwr!geJGpY^zMu0R)O$Xj{?NU; z>%VqY_pYw)y?$#GMt#Qs`%n1-fYBI;D>4{~%dkm%aIzXQt1=iXv07*2z2C7TLNER0#w$NnOy*V2X2@%)O71U05`V3%EFx7*QHHT8 zJ~U*AR`&8Tl|ap`v%vD&Qo>L9uk85TBYs?ujg1|D<#@lpb@+LGPK~is*7UrcKVDpe zt_~ktc6>jtdg2p#qqp7<*X1AWDCK@yIXQfhA!7>RS+-)lJwOqova-ZSS%}0)tR_ty zgaZanvW7|q=OhoTq<)S_XC*)uI=arjMCJh&aAQ^heS{SvB`fQ-jknxGXkx6HtJhHy z)+m?o8MnyN7IZ@ZjV@nQ<{y9@+?VG+v!N6b6sBXNnVC*9$BL|A8QrG@{guqFlIAJo zJP^@c>aVC@MsHIO6^VAb-sf8cpvJ5(Oc}@G=RvTy>93U?-zE=`-*d;x!Rr^!4EABx zltm6spw_k{3s6B?&s*?siZ*&REV&=2*Rv~AD)pb?+O$cJ{!921pk%3`u_$IqL$HM* zSvq5aLY0PeD?>u1Np-k^MT-2u!^2RND2W-1!^a5OBnX>$6m9dtb~VtdaJl4gcXtRr zXCA8ak2*zD_CY&G^T_jSv?zs#V0b?K1Y)sXwsg-MB~K>dfd%K+&|iYDPGgDTq?`W2curTY5sx=NjoTa2=;4aq zo+uyX0p>YU-vkD>sVowR-p9KZ9gJeX>dW^Q>NO%tozL7c(=1(inC|#x zNAE?ikZdIsaMzm{Jj+30t1~E1hfv!Y9Q6_Z9hceXp}(8SD8k#GA3vQTL@2?;3|VoD zGGRDFgh}qQLgbee)(LFX)y|ZnrE18_{!ZK#OU3ul9@$GhO3c&n9oROrl(}S*-;1h6 z5J*1f-A(+puUVqUNd($sTI}HO4U<5gGTE`dp&iEzg2lQeCd4T;EZj0nuS$(}!}Azv z=7~jQ(2eKYTjtmpczSm}ZuV_3{`AAc%xg5~nbjL4`(J+W>1bT8CISsu({x_oF-CmQ zf+R~2JGb8Y_M@DSJxDZ17xcB`_@vBP8}{Y*e#M@7w{zY7`gRfj4F9jLv*6&fST!c3G&46gyB!r z^YalD7cv9RQSHwGt^8jCeOw2#UiMUoEhw8W$+38mxD6}uzSwr~0=1~>3ihO>BlD7`yjUrf?TveHxcYauS9 zOzH0J@Nn?+r-Z?^XfZWQ*4;JDPW;$w3p;wrSjT);S z>ElQG^oUqez_GUjLD{M;crJ5HO8s~yP5L3g%gjwqZKRr{{-gaVaLK~_LznC#W~!gE ziJ_)UBS)3;zTeLxJ^hx$gTA|jXDm6)pypM}ZDPRI0hQcilLA_Lj6Zyr#I*nSPU>k* zI8Bv+C5a3?!JtAwj_lwr_0C*nW567<8It|FLfa(k%@t> z)nlP=5JT!HQs!8DHu$T5ade!IUv=39mhC1Ak zX#=MV)U%Uqz5dnB$BFyc6L)Lv2R&R3q5hyptnw6U*Ua!6=j4FWyGzA}v` z8}@ICF&P~`d=V?vekJ*-);06@WckjZ7nkspIf{)6Vjkc2d~y5px~se^E7a*9PDE!M zp}yXk!4C#hbU*e^IU1oIW=80&(B@)0Ysh{PJF0Ui>Tv62G`aOfGJ|7NLW8jB46?X|gQb#}G|&zqlq@D|}!P zP)jyqLuDRaR-ZoNqtc>=nExh7uOen{xbYTn9sk=JHgM;;@zZ8sQzVd!{yRI%$`g5_ zA)At!qjd7^jN1&(e+q*ZJ&#;S$`@67tHZY||>7yiq?un+h zG8_yfJ(PkqtqPXK?I5@5K|D~7nMS`N1%iyEZzJLzieD3im}tIu8wYs}d<^lQxRS#T zyPnUt4ea1a)|^bPw+JiRMV z2b}w+m~xLY%EaLYg44yAc&C%3(>3a~<-E-m4(#~k-;LiMujAH8Wg3E6yS`(n8eqgL zOIva;&ZsaA)Fx)MZWMvre($jp`0Q|qT=vKZEgA39K4h2MedSCQqaB&LISSi@NPKj>iN8_Y4OUCV_LR=!G&NUL~U~@H$F#{cZQCO|z(0 zm;TTaIXsIlo9c5hdB~&|AlRGpJfr33Igw3CB;_cY7(*+DOobiAlV1*EpY=*JwH)%rcoyOdzvh%O)QLReN^k{* z_+kc4GghSGfHD zNxbEu4H+jb9HE%kzieuSx$%Dm;OK`31{O+U38xuL(uSmwucSE6YJ{F)s30e1ZAeJY zf=cp&ng2xS3iXgurnVZwJkrD^WzF@z|&A+J?`b-$$2L_sCw(f`eEP|X3LCq+ctqO^hS?+8cll^ zDRtzxvo8+19chFTobZNzcEOd<>RSTFHyk9bU%L%u>g)$cx)&g_dLX*V5J0wyd9>7J z(D#5#m_549F%`jLW6h)l1Lh{d%&4}lTP@1t;>nCqUTjjH2%X9lg~k%-Q^qo8F^^!g z$*mK=Fo6TL&Q{a3!HS>gDv{L}?rA{;^?yZrj|fV?*I&i@qcPzUS`up8DxgT@#}sV- zoJN$l(Gtj-`K&a7(^}x5uZDfsV0=7h=@mkDxVKHoOgzg(0cB66D+2juXesRAZ&Klj zqjKqgY9wXGSe3Z^Ri(SFd!gGV46Ez7{?eyJV26S}VGklNy|uJ#&8acShN4(4Jo-%( zoWgC|q;DMiX7tHc2tUp*A|JDATwf8S7t0-t$RHOBmt`teHmJdzElrs&ggr=?L$z@ z#YsW3{J2cf9dGHKg#kPcm#;DztP)qb^rIB77qkpNeu4_2kMy@IkZtw3wxgZ1G<+&r zO4T&M=|YL%J$QN-zT#2csv!Mz-r?F>w%}UZ{3Hjf?eNw{DRO-qMa@6VsZwyMTaRxj z>75Xi#~hd#y7TvHh8B=rfqmigKDli(i|H3zXmE)b(Cs4tNAHyg+l|XpW7_*2Kv2&$ zPrJs-FIv7uchL#Jpxs;*j=?vc8BZ|lyI`rui0L|h3!vbkD=rDR*Nb#5Grn(2I94Qx zkNQ=872-$t?~Voy;w0zCDe7zCtt?;~$`2oMxeQ)r4uEJC{iQ;K3aT6EszOBb zC7Kump1}n(&|ygstNw@&BacfVYJq{wW@NcCj$HGK3v`*#z${U(1sgfqLstPxnGYJG z1TH(gp`g(Mheq)GDfz0BnB_}JV9&) z88D!s#$Q(n?%79W61F?ILx?JM}eF(jhh^kdtRype8NBRkpTZ)njZilt?-Oiq1&P_Qk^L+ih*4m^&; z9&jbawK#y;_SscAn}p0znOO~WdPcL@HANd|2J9*+eZ-PxH`Tg5ErA2ZUYSGfjz*gm znlC6$l=_9R!@F>Kuu;o-EfO|yflLFvc|RU-1G8;wJ4?9iswwnsd1_&Gtb~1#oovXW zqSz3~WB=t$sQ8X2KmDHRI>8UyAkDnfbgfK#AZ{ z-Cc~=bE-J>x*u3l{9--2t+{AcZl|N8*ucu76k*kq;6K#aGN}yU@ zB(wddjXQ6gP4zXBO~;aa zKL7YG;goTSow4&7C4q4MT<2IOff6i>q&mNE1U=Dg_A%vs&2jF?VKmr9%%Z{@t0d#c zT|{PcCk(ATE;-xVE$->hv&3phGZj;adnQb_h2t;puk66FF~oNBje%E3mAm~J&SNh; z_xjs!_?5$4{*$Gq!2eu7`NuG+ij_6!Jdo& z(PpArmMP`mY>Ab4BKE{!1-mBF)PQL(pUrMf8HA$L($Kgr2i<4QY`SPe6(nf8q1Ajz z^`2gwX=o9S^9`#){c-_EFchC`wAz_-kwFj|k8%_Y5(?L{h)5U_)A+_yFxb6g4zlo~ zZ21n?6CZKA&&C3#Br;G|l6it0WLslO^r0twtuUV4Tu{plQXz8B6gH_9$a7`WMwjBI z$xsLXHqe|^Zfe#Js0qorhB0q3qt{cuZ>4~Fw)U}a9QuVsHzY`1jVW_HP5!?i0H0f9A8g;GE?oU z+}T8;Nt^}cRY@#_0%qIOwRD2>=jF@+$0c!TB<$_Q2ZUBbGcy~yOqz*^MM8#HNW53%Jj$ZgEVaACl zR@pHqg23~`*3j%=2yWs{%CzzU;~)targwW>1f&MPRj0Ji(6h5#vT?rIQufgGxcsMN zd9Ro6oO*tfKHO6RKwtAo-dBsUT@e?Y)k~~D9)|9!T$QY{w1SVQkjW3BF3mKg{$dkT zMi2-7!dj5OTy3#3$mp84&y%mb2D54+uSbIY{*D8&#L(?!I~!9?>Rn?>dDSlN+HALa z%#$@3uZc8nFwu|5KNNdBm#~+OAw=VB`U)V;6Gt5|+_&8PX}<;dTY-?1H!k?O^;4$v zm*IcTDrw&iLA!z-eOACW1R>dzUhWDJb!KPpG7tLP%*|6mXhRG4Z@z6o<-hGz6USvE z`7<8Z-NUj!eO-j`x#B$YFW`)3$Gj0TKh#b9=AYdVeT#mPLjb#k4@3xEGwifu8-)?J zVcKNJI|w3;qe9V~>6o*bH0a2`7clZDc?~wWjbxLVp#w zcMsQ;#Z$SbTi~$l=Or4L+E=k@wR_E{xGm?~JV}RR3bVuS80Z27N$&|R;u(4%GWzka zm9FD=(jn}y`gcjL&?;QUI2F^386_MIhuk5>8rucGWk%Z8`U3by9*8x#K4t7Rfp1aMW{r-*rvlu}>|26UdN&d&8nZfzmZb_UWg?^3c(6ON5RTEogrs{T;xCM7zR|%WX8*75j_0uW%kWuj{EZRW2M(+r zpAnh&C+>gcvHz5QIpQzN{8Oc-sQ{hYskIfPNy4h-=_@PIB&TW(YYo}SdXZ`atyq6J zW83h2t$^FA(&(bJ`yuWOo7>oRjBSjXC6$Ns>!lk{KcVIu5rqU;R zwL#qv<8?7cj#=6$j19+9mfatE4{x>E_*rImC*H$J`l^}FHQ~eXmE8dFO!-kTjs@+x z;dNRk1|EAI7?W#0Y7#c`6KmP~!QLx(bQ>=|{9~ zFGP=&KTc6pvo3HREf9#9MOA-RUzyJ#n1Dotq;{AKo4|Ai9tg5T>9LWfL>z7jzCkkC|8WN_*bLU~P<2Z0oAbX^%pnPFiW40ZdGa2+V}mjI2nI!%8uWqk)qh8qeR ztioWu$;o?7y82CbC+L>}O?aUr5>3TA`)un98d6VM1fRyjz?2%&3=cJ0^18_l%D1D` zU%?GZcP3DqN!lFWF+~b$Vyn^ui3$4GfpU?wrIF~xePIu^#t6jd8^Hib0s%uX8@bv%$4U_? zoNb7Tx`dk2VN9X~UG-mEkmD!l?!5Y$s#)NYGmrRJ9hBoc_!WPo4d2ic9wOkfb8mSq?SIK?4N#zv-4<|Dg$b5db2AWnW!BoM^~gnR?p9~0cq)P;%KQFz7YKyW^S z*-gOFpGVd-17^VCGJAcGyUG1)%m1GU_5n!0bnMX?(A3t61Qu0e#?;-(SN5HeGD`awK@e9u`Wnj#dE8d(!W?lUa=ke5 zPxVQ)5Wc#QCS$1yg|nRI&Ih=<`bemT&+yVSe;m$0y3xLTyz5V1=Z?ZeCNLl!gfRHP zA-(E)V+!Vz?E%~ZG^;zKDd=xUERv3X{SC1gS1eopELrTDt|ymDFBlWSFFOtVfw_xn zeM|ps(~p`4eKRz+T{?-zYlhNl22-O`ZCYOc)siy3NZwGP7;uU*xSA||#{w)Y@64^+ z{;jT&uXe2i7ycS~QL8=#P3+%sqmZ5nWT&etu3>g~G>A)I%zMKCpJW9+xASY*?*@K~ z540?&R&mnGnf8I6I_dW|C*(}@CgHoR-xc(omoOs)fr1$V4FjzpZ(w#wxR?K*q?Il0 zF=xqMJ`9mlX6WU^;E|upycfz`pUme9J>V)V3xccL zA*vvR0EOl{dn{WH_*=7jBiB-`Dh2_N#D>3_!=Hng*&G#&k(zsfgMlQzE;KPXg*%P6 z@L}oro;%P?NcrU2}gbX{~rtGLwPjzfY9x~k_t=ng%x zLP?}yKYKSQBwTrXzPL(eY;GvIJ>`41WhZ0cNx}t1xyaB>wX|&?? z;*1+Fv1wwg&7O2RmN>#iK@=}0=9^|AbKRg&)5!XZY^^Lz#FW#UY%FB4p zzmjRf1b9bmp%5uFm?kw*d4;tLIBi2UOBSgCw7DBAkZYhwLiafY`8#{=pa-DYR$U^@ z+34Kke~eRxauAX2LCDs@Zy?sfJLG#zo(T}yrOhs7}r`zuX5U-ph5FZx)N1FuOgf+GaV7d z>^^zb3@cKl`oTDM!^*Ag&>IRVVm>A5I)vDqus3a!u*Lk%6awtxWTF)P1 zQgGUlTX#e|Q?va7`Fu3<##6nloJW-dyFIU$s$Qo23kVYD+YUJc<#FHktc@kSE;#EYXxsW-J;$}y_t>>*k-tCw=SMaH~%?&5P9RYWf5Y<~sOnJCSE zD+wQ6z*RDt%x5CMgLu-h^(d)E$zvBvV5&Q ze1|QE(Q;f3OEM|AR26#;I;6p(bL*RWWD9vMRZ+l z+;riel{u(|Hyr5*k5DGAG+L*j*vkwJI2tav2=vA%0|>n^)lxT1tGPo@l{g#i8@7EsAE^oLoogovO+wmb>}Uzqd}C-rf6hj7sN%Oxo{1{tcf%MAt4}P zyS5f{^RCc)SCgyp#KayCOb^a{EjGaIR~@h4)R}lbJT&r^ z=7-A)X@j&30SnVi>yXc*)@%BUyckzBSO3=yH)g4@uKnV_jVFsLJ6~blzb0<@9Ax*) z=+V6LXUr1f%!#?@a4r>xQOk}pKjuyBRq9trR~iv@qN=JG(-E+vly#LyOIBE z$M^6lUAf`flDJiEn|?u*L%Dj{-|F@iS=xu ziXdXsqezg4f~*h?z6EAOV{o16C%ng*Xcq|7lX-P&@jmwoQl zt8f&EFPrF;GW$pyRTM6qIYg+7$x?DFOxd>$u1GSx!QbQtygA#(CGc)5UkI&zD?^Ak?+|KFdW= zT2lH0X^=|wOEgXMWqp^fH0~D6_`E^8=33d;%6R&^8srTOlB(|+3;`mo#(GaA&t81a1EP{y$IB>^vh=n!%6_ZOy!9KASF*7K&I8yaR|LGPw_${P%PhTlk5H|{hQSvEv zm&BA?ULrQ1AGWJ5>d9Ym|B<@z?>_G!RlU6XaFw0Pf^{08_Lcj9EIL`lbxO!8Z>40PyNhU57;8pvh zIY)bM7O8#(5%S_&Tb7z-h>KJtWXoh=bHXJinn#OAyJ}q}0c?BIirnw6{-&}AtiLIU z9y3b|j}ElYAKQy6uY8z?%2Y`ti;p`Sj*TnQ<| zE#aO{H{_*&@^wg&!3}5s1bt_ zd9u}g)-b-bKCso*_Saeoy*3TxxXp^SO_9Q1^;BfYa_kjVbz6l5Un(4Et=MMBsJm-2 zF^GeAcOE;M>5F@Zt`0pin#p))8r_LYYR9$xuNwYOzZjL)=x_?hgIR1_Sr?DgZnFqv z@u6gNDDy9VW7jP9ui`__UB~e_$o*fw|J-8C{`-`F)?Xj$c8{=D`R!4b2}DwM(T=wQ zvp4G)-@frZcRF^M=Bshc;79@^+Chn6rA&;AbPQ(B?WLuFuKSI%{OGtgB*PEE=!)3e z7KV_>e5g!OUWnIuV2=@D$KDPhZnyxI z*lxyX5mf`he2Z*RPRqrA6W_@g~0@zEB((m@mcU{-zrBQSlHa{A+ zcmzwMN{Qgdp(JQynUJyCuVGJbQWQ)uA)Wf&qq$ICFKe-d zV?6m$)w+v=D#0eE6~4x(JKS(jS8Q7ZN`N(VZz?T$d;7)bKl52DW9*?Hh z9%owo+CE<|Kemokc2KYWD&fsVPrLVbcs!?IcD~^%&jZ1liExE~0gICC_gHw2O{81VS&pHg4LgzHBpR$=-2+~R>kbL_#@C# z7E7@eI5EU*z(P}4*D0htz|u2tSgphznOj1$0}0I5(+vyWNld01XR~KZ=x;PC#VPPC zk_R3xvgp<;zS6FUWe1yBC1B%KX%4-!TyVeyUToYQ!aPu*x>oY|n|GJN_6loK`)gdJf>rS!bPA&OnP{i0{-MCrQlA!(5xUg~w2 zKF?E$lh3saYKrPiNShZ@sQ2L{$c|f;QfSZ>#fgl7!QMyvHErgQt!$NPlnB3RGoS%9 zsV#AJE}k{HKjKl@ZSb7WeEKYBBYa(X9dVtpNhitD;mCxOqmb_UYZnCJMAjW$-In-6 zzxDW%6EZ;x_=7}IzmdC$Na_qs`%o*Urpw3(4)+WJj?H=Sw&1kRfit=%KBt?&CFKM7 zA;DyV@1iu~t~meSWKtDTFsY`;B~pvx$=NhKN%s}k!-9F#!mf{S7Erx8L$_(xKsR(!GeTw6BsSIe8>LuG8t8+R7*KYE@3~91ano+US z_d$jNhtL_;CdVr=Gl{{E=zq2|AcTuCBYG3OcgWSSJxI4Nq*!byty-svS^w?xryBL~ z=Z=j}nH>2g#wlb{6 zj`N%G2oH2Kw3*9}>NchK28Ii*5dtoKprh71Vf(BLD5~dOYD`ExI=yr_{vEnum8A)) zxZ$+@xS~lTFWG9$g_ZN8G|f3|p>=(IFZ{!;8ZkfQy=~d4Ae9A0JuEJUDU%M)4p)HHeiP|x_}fXyr)Gl$;_r8##?9YJ^eI#qD3WLZER;F3 zlHcO%u4n8-(n0Mxw8$DXn{0IObGR~fdY@Y{%zwF~g zSYIdXr*Y^7U?Y_uu0V9T_6{e3V$7t^2$kMOl6=38)8=~~qXC~rl3!`_{KXFg%*7AL zxf}nr;{cz@|CBp;CemkLJPD7(|MdS4sU6S%a(Zr?HQY|H#7%J7MR-Y8AJX8<)k0Kh z)?IcTq?K}xe^=#b&tlbJcKT+4h*QjrPzqlZ+$c80QUw0p@fP%ML4KCMl(d!sH;3(n z(BMH|fKp-{v05xHAGSjkk7oo2=A3C|DG{Qtd%g>8e1vNhI2sN6ApF{l5R4~Wc(fQx z&z1jnIcw-V;fX7Q+7|gI=>RNPOwv+jo`;c#Ce(a`5t>l|CtZaIfdC#s<`!k)noaec zTzn4S9kG56m8`KOU88UU^M{XUez$0?QK$bktQRzUL9g!Nwa`~2_C_;;vDGL|g zgux~lbFZ*n)Ay!+*Aa$b!i7&|+#(qG-*<-?f9~W3BkN}FIm;h$$0Ch6 z8;Y)yu|5Qy8=y!~tW7LZL?oiBp-?74rC4=9gAwVLcOR-FavwBWg~4^q_LCY3@9 zi3@~M`vG(e!)y@pnJ^RfwIgwQVTNLs%36oDxoWL!p|zWXs=4;IJ!Z+pCw4@mV=Hh; znTOW0Cfo8N?gg6Wun)uKF-n`73(7FI>-JX|$obnuagw9LpN@g>xXk@0#^Bp@AxMvQ zvY-QQCan#8RD@(PybKI;$u#vvzngv+@+d_gS4txns+7% zV=L`(SLUqaiI!iT)D?R$}1hO@2}g6jJp807Gc_~ zy4yqlf@`pr`}T9hI67H=-n0GutOTt?zJJ-kW6vxSrY!9}iFQXqJ=oZiO_AVD9+ZoB zM<#TCFRHN6+G-uOQ}7Av6g5=f_4$=J4u;4Dbm%kD*u1{A2l`V|e{XQI8EE`-damu9 z4D8{0J$@E{Q|);9gyr~pL}kLBz}?_%l(k4u7cG!nbk!=!@5+2DT?$4qt+jV^drn0f zi^ZQxctsuF#(ZrKvsWPC+BUI!ys9u@XS5E*;fz_qKo>!WKilQR=-g_UvNgUe?RLE z5!j$V41G+>eL)=E?P1h47O?yQ7O?-$JU3ecDH5o9Py85K?%G;F4atYemgmS!j@3Hykw?#WK<5IqVwhw}^N^b_ zG^@MmkL{i9CC&io6vv|JJSBhGRJz;?qcLMJq(KuSf{<(rr$bDU0 zuMG=Fi)<9ZyD25Ux9_E`w2%Jyo%(W|AF95nCbzBIav3#J$sAYT{17z~9f*|uxR>|q zv~-8*isOY;YaTO*LnB9iDMMm+SJE-6BG9x&y0SF^;zOCHoZ}EfkVc52();ab0@;jx zm+*Ajbzl>+lXbx4_(oFR?Dod)4-N+*AI9kQ(j^jzm)~CgS&h>%L8R4jqLq%MLNxdf7Mkh1d#>UvX&(J(z-mrI-Vdg<)E_nalltz8;0h!F1hWNJ z_mOvlIonkc$0XI|F@d7eR^`i2?zCz8(2%B~Gp=Iwi1w0Yj$jKtR>3Zfel;xPUb zPao%4T6t{yWd_3fdfW=mu<0J13CK{g;Y=DaqnJv@Vyr=GapCz^C+Q3KF$(mO-kgaL{$WGi)yUw>3%WW2CW_qZY(R(GFY5(YmEKx1=f>%0eY9pn_Lu%(x=8+ zw>Aoc=TMx+B8mUG(>^54M*H=mJB$4L4<$}~`rxZAsLTgOY#NGvC}z#46p7yI`fb+(Z{&$*5nN^8 z6ffKk2|Of?m5TM=r_d*oER(L-c)GIuAg+wpLwnVQRih5xNG#@kaopg*09Z|;2Ja>L zFYWzmb;Iif?I&>nzT-SWRAE84dS@$|SY2o6Gcj75j^H?XE+1?3Jd)mW^7002h2J8g z7KF>p5FUqyNYhGrpInr?SkXYq#;Jb4{ZImHd>cT{fvk?=IH(0!oV4;okuIb1b~vL- z0!Ta}{uBIJ;JLO%ssFRCh=$H7L}D#+&PxcfvapUMn>T|A#tSxXHKm6-m@o$u1OiIA zE2|C7{kfF+s^JhdHvBV+nqeOfQni^?4kf_5fLS%cI9nw|9PBRWGt% zPj?A^^AR(likMK1Ejb*JrBd)unqPT0kj=jotj*x7U|3$LntN?I^Y;F+^}oyD zpD~1@6sq7OH&se!8PdL)XL((8`CT22bc5%RDkgOv;pCQ$vhCQKGH(B<`Q<*$WW zN=C-9PO*k_6Aba;)J*CLwwhb&j-Ku&&zk>MCYYw#;{Qd;P01Bxyi;>b?+!k}Z(U$g zlTDhI7z$0DjXKTP%Li~BV;)`KNnq+tM*KUjmS+0?OUj?sSFIA1w`3O5QP5~s`k(w@umV9`mhEE1#NLqJ5NP_x0C_?BH3dnxH8u%L?5iiE9*0h0A z>c*T@ZDv+1eciXaZ}Wm-WZgRrvLj{(o0ovvhQRk>*#gTn4=7M5Paey0614$=~} z_kU4tfoKv~TE52=a-AgBEX}~nlI-;heP2FmzaYH6_B%*>3Fp#>pk>^sVxi&5pZ%mC zB^?_x1>(p3t^5MvH~$;nem*2aG7384B#;IXN)n>rL8k)$+~n?T#9Z7EtPoaDF!+Mk zO+0N^V|R0^ck!)qH)OwCAn9_oUi##-<<0L)evgO#RC@cGuBPvjvzeJd;D5dE)q&^x z>IOf0mOF&}Ijwql0Z^X07*bmUV7$+?|I1mRd>{vL#MFO`b}`6kP%pKACAF_;G#dky zSklc&G2N|s-M?vlz=J>Mj*ow9$uFcsKN{b@A8Vi7-lj35s@>H4ft@=wJ*;~Go?d)u zWj&;horULmhV83kzDlI3dU`bqOPeb=Npwt8Z6Y`J8XB^_Y#GtE3GDdM&$*^2qnI=7)>EZ%Xbv=Vc5Uw1Ak( zhkZOTI^zMQjQkJRUJL=kpuR;1uyXFzg}KalMsn=`57ve=^36iS%uCw6{}0!Ga=Au2 z^zLSmp-{a_sT70kP93DiO_`#YwPjbN{eys`Y*9q3Kp1*M}S`E!JaH z7U1ViCz^V28Jw_137UFjzzHo)dCM$d^;>gVBC_!qHrDH^DvX_2U|pL3?};O4#wJiCV%jy@Xx#+rv@-&UA8 z2d(3Pa%c&Czm!g2!PC)^ovY$TF|`<7MCeY`=CunM7KYI)rp-UHZa6uc3>(>gQ}nwu zO~op+*3!yHB~4KVlQ*F+V1t#78kjR~JrZ@7B4PXAF|QyGB%zMyK*LgWyeo^KsA}C$ zU@oL%WGpc!O>m{=L7eKtwtPX16|v2JQ8Xg#HhqD?8P1UzFz#858&+VFS*aaHLoY?v zqSUg6RRj->CPZ==l&_1I70x4Eh6D(U$_0lPiX~CVbVHjGJKa;{;b6|jV%qLRSUdV&ZrgV!`WrslsJUvoa zp7CLTwN>ydNWm1KU^qWe;mwAG2S1?@3)@s1T>T83is`y?9%XJ?Bo1;H_H#JB@_=q! zf#n&TnKujzZeAlE5GQNhLRu?3lI<?bobi~RfgRa{Qf4NQp zLok1Y48pcU?A>rNqlTur{|^EUUfGYqSds$zP5o?hAm7C-)P$S7D#zeD$uL$na!IPr zEXu+Obeh_$$is>hn{*K*{rwwdB8+YY%Q=6=*RBo+11;d_7y&5F_vIsL8)@9(D^)cq zLncMBXWDI{9$JgJ`qpjf4#lY=h53}%tC7Z?r~2K#G^7n4s{Bsn0wf>|hevzin>we? zi&xQ+^WWx|k;?%yUd4a0=ie{a|5DI@xbwz4mg1jo>+|)$H1vo3e{}CXP}7|MJo!MA z(M!Da?iJTf$qvFKbv1p%!=z?EtJxKtdy7pTyHX-jU;X)tmv9553Z0Ck8CLH#_5W&P zd!`Pr{r`+RwSNl|zi=VUZ9#CfI8|)XVlGIfJ7*PnJ~RBE$a8U7@Bc=g%LwKh2|tw+ z^Lgqzz$1{P+96^Sf1w)Pip5nS{nnF3IJ&6uWLTqJddOhN9q`5- zrg(>1?W36RH{_TxtVUo`fzBz=M?bQ^C%d%Ey{nJ1U|`JBqdDfx zQwLSaOx07@xUZ3SUGm8*a0kPH#v4^`pPoTqS8lbtf32_!6ifN&STN2Zb^4wvqB!*T zYSyY47BX}3H9u+VT!B^UyyD3Dy<5jWadm6^=ub0(LujWl-HkvmsTT?Y1HCzV<_|Gm zcs3U4m=rB{iJnUEpyJ9kA%|GbbLT1`Z}pJN$4H8Xv_Y5 zeht&Kd-{R#BwS8Isye@N;g_^uF!9#3u(arg$lYc;!Bl5v)CF-=Z>0rtvS$qZG^ccz zI8;%y(PhJ9y#b|8{^>nwENXCr^}?%WQs0;EYMHEI1*c*~gb#d@%!ja`!aKdPLRGJA z$d1Am|Vhv)S$4Cp{@ODan>`J7p-c8(qS+Mh$f97auodL#~sJpv;3-oQbz}a zL9$Y??CgRanUH%1U$eWMh#_X8HN2cV%!1{z=4l_u$1$$O0$qV{)UXiPy;5iT{}4}# zVp7eO{~=F`h&CHV0k>jvoSKnl61OxNoGEM^97vmvW9dv90+yAAT z&RxHVGy1>pGDMpHL!ZAWw7iR1bf-vBYgk&*x$pj zX8*@Xf2-{eW#hRSnJIcDsU8z5zX)<@KRQa z6($N($F9msAg`0wMIj74C!C?zAapgH13Lpq6d@?qC{N(~;_|6_;36%b(KQg=IqAo< zIoSa(P^PbldcOnG`Ut;KUf021K1TQe`RG2D1PV4)+4=!p63w#7%6^&Y(DO17@7N`M zl%;`bg{$`C&T^N0D9T;b1;oquA+}wRkv9z``B^B{9ks2hU2%goqbOh{vQVv;hzrUx zD1`|Q1{GTT3W7aK2mw@AEUsrHkg7T{r>#GX)>P2TFGsv}5#8C6&UP`)R0qJQPSvlG zWY+z(&caA*5Aq0mRYzXCDhg;i%$uC1ogRVmXbJ+T$xw-!*e1Bt&bvr+`!t0Ul)%?P zv=LB$22B-7XNa<@COJ6NdgJ+^o^Km*#F9J&(R8}YA}YZrr&PyN4LOToaCD*tf?mbQ zUG=T4UwkBWd;e4vXClvaMpNo_|GAjVYP`s``*Hku_|2|QR`w8WY?m?@{3qFPd$^{d za(`mdS9b8mrpnmo{5>z-#^`=XdSiDyWrUrG>h=pE8f26aC@!C;c7$n4G*x+@iqV)6 zp+Ll$f9b=`ypH_URq5tLas3NM(2j)Vmj4N9N zClWQ$(=?AToia~jfp7=FXe#~8LdN;IQErmbAuO`BEyV);HA#p98z?#mI8{|bkx-@( z)vL^cv_G14(ToB~cL14IrR}y@V_{MkDsa>oFomquMW+!jGjaHpDsD8QYh~|nT@#yJ zaR9a+uc=XwqcgP`+Wb00wlIjK=QI{jJW!F5B@SK)HFm`CFlPF`&Sc~od;pW!7>31vB|L%#3dW6P?^&rL~>b9In1&o4kI=_DrLukJCGPy8tTVVFU8V@NWUVAVY(n6U{*?+F7f zVHAjnlIhbKlDNqr%`ilW$_VFtt}~>1zs@4dxG^ZLEvhrdZd*+wJVp?~J?zj(BZgL$ zAv01854hNGXg7uIW#`RUd#B-4fL1V_A~~z?x7xfGGSZV#;?iM>AA05;7d0 za2Kf`XWfSx>G!!DXigI!zJ}8NCe;r_F_Pj&h)CI**NG zaLwVM-&lg^4$AHvIU{{!b-eaplRE_(<47m@D$Bs^OYq&I603*=NVUAE6kCwa$Y)?l zzOA_$6DcMdvoi>K8LegZniTmCr)?mhJiG$&7ANHM;Afw12sZM!=ZR|oVsam=JY$dv zgu^z;BwlEc^r}=sm}~;NJO-}r8~Tk$Yp!91o6M0s$@yM|l+QqD)z36#O8nSw>LKpO_T8|ilH6R9}EGBLoAP1>}U-)zL&+0I$!YYF}Upm=fR zdAn(b zS2R!amuO2eI#~c}vwT~Fvf3=ksod#%$A$a@+!5U_$t*iNfyss#aM;^c zWQM<%Tr*yE(>A0Xq=A&Zpz^P~9C4xN>~TES1KJv9=Der6OYXIW;#_kColzI~sO6c@ zIsf7l&F>{GF(e+HNg;;l1;(`A!V*f_Y~E#B&8m@~YBlk~((zS+;S9Fap}Bbw;q68n zOAzYCsrp11!3p{hxmi=mn>IDUm5~aU3Gv}A+oSb0Iw6`elM%=kS(wIoALVKY|0MWb zw^amq3*p_ooq$4*T49ACnOKn;zhG9DAff4s_>WV3B)5DDq9h?EO~0f#NQ4szL{8|u zJJ0;c`MN6SA0;LLsDoXXcvX^Bdec{LB*O5c<_5J@^y6gT+Pye^@#wmZe zi)5LR_@WQvma0Co(VMpwv%MC3-^_1|X+TNMNs=@Rad;ybQ+6-MDO&r1^CelJ2 z2>$Tj*UO^hf>0$zBMV9a-7&i9gRU@v>^Ne*OhO)PuL2><2r|Ga>*`V>WPjIEKg`$! z(+F?^2GVKRy$uF9OQ`5%IgXyQ;M02k@M-E3V^iWJ2tAb3pjQfASA2}0QC_-hjj)KTdu`DZH-gZr+WlA-0vQ1+8O zMw*Ktowh8uO%XEs2NVi0!SVjkD&LA7L$I6Zf+m#2!|lin{&104l}ZjV?aunEThMLR zU^*@X-4A(E@u|I0=s0RjqNb6J92rgmNGAc7g>=6v0djdO8xbXnE~DXE14&=UD0)gX zgsW){R7TU_+3`PJI*>T$yV;+kZpJMwY=r2PG0e;qbIJ7ebzT6_1y|I>5-eW}MyTf% zdkcDgE_{`GXTORM9JObY#IcpOV#7YAYuhkQcB6xFK#^TQ+Y^^%EL@#zU(bbMAr6w(F`o&Pti&6O#NTV{ zN47f=;!8)HY>5J7`5;?%G&!lgwW>u!>}YV*M$N`+Slm#7+UHwhKN2P7-=WJ&V*L#6 z3<4;p3~zd}5o#edzubOGsp0E#KYf$%SnYcEfn@)EL1avu%GBay{&#`6K2kWP?5agp z$cybsp%Q{%N`L?Q`kD?W5r-|4gINbc z-So-_uRfve+q_X&^o7{fFL=C#8mUW_wy3lK3RQt0-v5NiBWJ^*@^=H@OH-@?8Z&Yn zkN@ZobvjoM5O`4}^s?v!70{wL26I8dcZU_j z=NMXRa>*MY6d3}ADNKVC|IzdE?2b3lyfjVpD(JmpHgMNS3RlU6hES^OzjFp?+~3Mr=y1PY)xA`H8b7 z`WI>%8+dnp{Npt{W2JC50v{dwbM9=IG?+3YYVGVKgy3*{B)GN+fB?)Xo^wF;u6#IL z3-;kxk9K&_Fy0vx>W)gJ29h<@cz1~L_6MuK(eos^rNI~UMFnJ!tTMVjPtiTN3pin9 zA~2;YSS@IxFSxi_>&y1Js4*rCJ)%Vd?Ye~Y#buD8)+K=ppYCp22&TTQHm9rGb{#EF z!wlEN<_s+k0|bZjVo)G%PNCOi!{Jt}rHBgDq2X7%!;;k3pK^$*1~P4%q3%Ee@>;H{ z>@Y?Vs2VJ-{`NSThBsr|$2a%)DzqKU_NYA+JvatMIh2yE#;yh?>-@yd4aEJgUff@y z%&hDdGo`&j++QV~_tVnDF5Mk+>pwDhcWv<(4!ivAks~3U zrIGTI2F~H-V(lhN0TG=s_svV#H;oSkgUy!)lQ>S-QX9QGs|PKN`Rb*gYSoQvo! zRGsJlnCE-Z#Bel6xG-d*c*eB3b8k13rmb39Kx(J6K>M7D=)%!cvbIE-VGt(imYj^` z>x#2)7x$mGXE>;GmRbBBJ~ZwD=`>MjmTk@mZSOeTa#`r{5GQScF+m&JvLCfE(DPhY z*}QSw8It5piegnGwpCY~12ant+kYUB z@voyggvCj+yCM+Ve~q^<^H|spxvc%(@Sb~9zkr<&CwtgaVQUe zCUxi~{Kut}q&iNObhmQYxx}OiyWtEKoK|_=4$CHaq?#J}X4x*)5J2QGyD~$Pvk+}g zw7G#>INe096ypv3ARQ2CdeLCkmcZ!1%UZ5p870F|$gag8xEzfovfMFt0}?jSkyrko z*+Bp|ke?jB3sXQdQwf^gF*+i+Jo*hAd=24R6p*ujwCO zv8M21fOeZ#B9UP{E6ud4wE2w=;^nByw|elq2rSkFDPJd2IO9`Se{M(AP?{E4&fQ|* zn~jS1O694gwp)Q#IKTlhG+>|=&CxBHke2CuU(BZ7k(sI?dZFu}wv(YxdWw3B^A^R(#K zcOCb1Hk~%Hd#Pkgc{od(lSGr~ks)8TG94LkR)OsDpL0-VhvGwB%E-}n z*zd`%Wah_DJKq(!kxau}b5HxP_Ii+(uMwv!*YgjA&GaHh6nG74BXq9ehoO;VP%k>h zktfzV&TLMzq#y;<^(Daw+-RlT?pLVWNyBP;IW=%`4J_h2FjVVBa^y|iL=2o!-!ApHO`E3WjF&;?__*9kr>?TKT`J?ctc~1WOeK$I`RcAGP{8^7h z;@a`7L-lX^%?O7olBViU4Kt}DO?kLLQ97H)Yxgees&x*Tn7j-qv9%c(Y!&1G{4>WM~Ax08K9z60QQsUw=d zp{RK=xEKnP(tUT6mgE(|#viLVhnjf|k#Eacabra76TKidnMUz?8(X#Bi#r_Wc&}Wq zJ0i>UjR^@=^#zO=^!yG6@bZ>L_mZx0NI4;kU>cmD<+v97f#!%1-tFK%V~r4pDQRbI z6tURtg18_5ABOse?^&7T<~CR^cCW0Mic+v?(i*Gg$W+D%mH>WZ`dD}MV9df-X!B+X zx+vpJ)dQL+NN?IT0^76Dd3jk2e|bhbI$T|?qkfDX4CVlAI5#0;V}stBWfA9)KUDK3 zF>YW(BF2n4iCP(`zJQ$sHE^oceN74QcAfm|ioEJ|QaLPE^4B8|`2Dzsd=&r088LDb zf8^p<#l!9aix%-{XE&ujrtA-I>;QERsXi5%8uu773^-sbqkEAr0srn3J3dipZq1gv5$YYVV<^=`=HgUti@bjy&kd`Whedd%OOqmX%IaNq z!ALh}LpEsFyH=*-GJ9{U$+mG7^mMj;Ax&(!y&z$#&h_LMse8ek;#Bgv6}iGus+}nt zT6PTLJl9#_gq-IV3x9n_E#9c7_K@@LdY*zI7wuAW?Hb}iQ;6)U>UG3$+=v$NxPZ7- zm2F(*+*Gms1WP__OB?FPyj5pL&`7$@ zxa?MEe>lyyF9vI*w)ZPd>~Y?%86)UkNw9FmTWR+5hHLtc ztS+vr9Ku!HPqa*d62J(Z1De}&R6td_rPsA36@2|D<)DQLitJL(oYNN8Qb6ZXw^gSW zNUGyedXa`mO$IUFhS?-leGZd%18ZePmdh;6p9|FKw6v|x1p{t;T7s+`%?-M3+Qo1N zTXX@Qa8da=hseL+1pWFVcD*L9Pue^361O&6!9K^Ie_G!VzpM`s-erKW!@R@3B7EK@ zH*7^kFkVsMdcw#Q;uhixjQ?}fO>Lx(6u!N|7e8YHZTl%dY(lkUz`g@V8-&Smxib(j z_B>IOPoAwo8721uoL3tO1AIJW&v(Jc$;17hDO%{rNjA~?2h_Q zFWanM&6;uhsxDb;!Uh87R?wr$U~DvQw~Y?6c+sWpBoep#aW*|scH*)P?%*O|GSwhl zUH(k7na!=zo^+J`wrmGa`&X;v80A5T9|bRjwg)Dv{CQS|NKp@h6t;{`k#G!}KCepu z4TcR~b`?uohx|{FdBpvmBRT@M$X*z;{ItOA<_@QKAHTKGknAMh;lzKbsG!8lg=*<9 zlucRqS{?v-8O&T_ghE_xyS<%Z;6`!}NUi$DF$jx9b@)^aEV3PQSe{O?T-ZPdP4q0zP`(M?k0mr>< z6*S~V77>=Jz~18n(tuVtfBsxT13c6RwA1kh?s`U2klxN=g2+m$d1z97uo@i)Fm!R* z@_bXKbuSBYir9f`j4MU)vr(ZXSj^gXr^{ey+OHDWDxa#~7Riq7plIN;qS3;_me&fU zK*ZYYB5}A61YjhEXKv^QVO#vz1@dT@W@_XOJ+nNP$5T_+o5 zK0s2>?vu`A{w@gb+RC8Yd3ZMEed_*X5(A0%TXJ96d%wo?29h_RMzC;mUC!?~L12eTc?@Pf>>t2G~{ z#Z>RwW0-Chm^8PhqDawD3Ud4C zG{ujAkuo|l$sR>xQX|1%SF5ENL@Biw(_O378`3x8dS_k=rJ!ZD{@son<8@7ESAW-J z+^39=SRNHb_68eg-par+c9QPG@-6-&Z1TP`DSgWLMNP*v;FWeL^VaoQi-85UO1{An z-yEc(GI%4nvu8?PhOVTOF2J?6WcTLIpTKf{{@a)rd?OmQU!PeO+sJ9~<)adPb*d~K zy%xcR8wm?W3xDuOPp77ea7b7aLjtAxSRueRnh{H9njEm#ZIM|Tq<`0O6}qWCDl6EF zu3QodUYHKWh?bTyhSN${rtE2RimH&zcJUFAa<}^xC6wy`_3DKy#D$I^DEgK!0C_91 zqcCpza;=D-A7O9P67K#)kq>iS*3SR@kSGg@ZIOarUq-j~YQ<4=x?;=+)d=OwrL;hzPl8`-CvetH1sf9RA zY`i+yqFZLUC*x<7k^0r^U8KW%$LKYq*!s9}?Wi$oKM;a_rqw0w9Cc&(oxipKI*ouzPc&Koh(!0S`w*@J(ZB$puzdK{F*bd0=B zwTHBwTe{(nqT(IB6pYtlFM8YG9C(Tm)6N~1r0}k}i_CL6v>G<(_K3MVId9Oy12@83 zE~9d-UChlQp>#mYMck~+^0))t`&c&E%k5!ybjaNSq=ymHz=rZzWi_~p;cx~qQxKte z4x3?sH#puXSNtVDg!U=W{ki{W2E%b)>tSPzY+oHX^bRsc*;Izh*42k$wvOclwk%DC zMo8sRv(xOvfBh#r1QqP)MfUj``f?(fE@mhEO}D2Vv!_YxNdWb7LvcF%mYK!HbOjs#9FZ^EHi+@O-L?}4KI67()h+@4dJhen&pRtx@wJ*GvC#p zn^))SlBiz~Ff{dV!s;PxGu&-ay{O>DQ)8}?hPE3+rt<#U)^*~a>rITl?Y<=8_~kDU-!yyRXQNYREyyn48oQw;~Kyzg-xK zc?l`6SheYf;7sn_>CcW$bVL?Xc$tqGatKX{@}Sp>D?hB8;dtjWZwtW5TAZ$ayI0Zb z#)T!Ee8?c`2dFL&9OiPpuqD$tY;^_gxeWUd|yl*w%acZ8tG(Sw&!Dcw7?^Ca5ou z#0FO64b7=Vl(`VW?&2hP*4~2HKJZC;|2@E7O9OL#>nI2$Xw`>shO+KRXf^~xBESl+ zbcXGkxc4r1Bcm1P_d%ZDFkR0E2ps%X%(eWD4mvpH*_-s=X?J$oi$e$EbQl}JF={85 z>$4n0-n=KwTnVqpk?<`vS>_P*cdHy{&iEF5_9 z2QLT)?m5kn#`kzk)ZW}--pEd7q`M8Ty8o7lWFx&UwlM&xZTD)-6)L~mpLG@5LT}JI z54B$}7`{G58DoAq*6otu&hElsl`PT%QOiJfK8(ub`Et(GEAjgQV|>*f+Xz;fi< ziAt%f1S+%hyv}+GEw5z9-?*(-O4gEo1m3WDu##?!4Ep7*34_W((Qapc(gPu#FWx%u zQ`HVTQlrB+HxTMNEd4O2Xn>(!{##8X9nDY7-LZasy+;xvQ30|SK4jJbBG%l-u}`z& z4CJm|X`ztfYq;;;7RjP#2_JS{eu{V~_xaru-|sr=V8AcJ{WoyylDDef6l;S(o+HBxp%uRn|=0b{@ImOq!>A5L3sDdb&zC$;<@ ziXdg+wO7q3`TB@6UmL_hH zB+y6_mvDj!2(IKhgRq%C@KUc1rG*BCQD_2aW~8sq0hSHqqfxGgQJRfHf*n(KsD@4- zOS-w!zZI|p2XAlRk_bq|5#5*&y5|vkNAc8Htt6K;sinn;EDn2(zR)R;mH^)G zT^Pw+uFwq4-tXfi9Ca49FDNFLD2t1WAGX;Ww%KK;^Q*Qq;^9sc$g0#nSR0WfF}=+x znfF~#BAU5@Dts+)G#(JT+z06n)^pnoiLxV;UR8qG)m;Z^_!^hfAOAFVmEz3RL6=At z#jub6CXMa1uxqNU%Kcu5G!d-%AG)oR{JIn085#AjO>>mGH7jXM(FXte|sT6+b0n zuECt?a#MBbFu_v@fhyq9K=#`GE>m06hp7(L<%LMQ#bO7yOfw*)QNRUG)2)D4ine|{ z)mtW~UT)cKR(8BmPOAKytTy#NV;0q~**4KXk2ZW}Qy%BRBu5M>f1A?+UzL9x>f(C(~yI9}^on4@%PjR!PIS z#-lmCjK6DEwh$S^5ehiuK&z@Ke7s1H-_7zrqna3c;t)Z+l^J-l=4(*ScBTT57z3J< zIlAXLO5_Ak-d-{(dLZT-$BXKBbcAnPKx^Qup@q(9!G0_q7uJ{pvLkQ$`1X|iAak^T z?yJfj45O{*0Y#Q)Z9jld$eK}qndvZ+cnXU%o*b|1oQZtN(wd7XgwL+{&+kBk zB45diYVIImLL^}%=6|~Ra@f(4evir=!}5mvBdM2UmC&fvRwlfy{FTc`6|yDdN{Ajg zAnga>GAm{kb|fT%&}TcXiJGCF9{(eB@^mm-iLm&7cd)!DYmt20O7+pKsI3&cm`LKC z806VWvxStnc`R!9;LsFH&8BI{WeoSFBJ2veoN0QrVdB(T5V;rc@>gYVGAu}i?8;~t zgeuE3PdQDW6b)ME;>;?EYpJh6?{*vmbjgd}ue3J75}_%y6cv?MOiI)C`w*xjpSut$ z=gzXS?IFs8j7V<)6x(@QEE0|<3&*1dKRbZrcDO46`;$b}#e@i%+d5#dsdnvmYeRl) zv_&vt44!i`%jes*k!4fvg*Vx<)EHz9^_@2vili3ZSviE^*_ui>O+a%HV)( zr(W;rwaKzqzB{(LDN5UfEpwd+Nv{(z(t{+y*ke2setY|+8I`S8@F+a@95vo&oAmN7 zBV8^foLWD$W^P~r+649kx&*PUsgrr0UsA+r`?x+j`4IJz_Tch9Ey+DY$xum>bvH2` z7l?tSuwTDVzBF(KcWy`Ms#SpDTr1^b_FN+5Ng?baDOo{P#W4;#PdV5y!?<-wOeS}{2_LY{4Sm+hbQtr;N+!IOt;!}W6}kb26470;OA~;D!qGl zQMq%~ay-=~6cFCgRwa=Scsna-&r0~b_@cPIh(so2s7Kb4PWHe$ zky+>Av$8Fc0B~~hMCc#VtkUYY>&r6?_j*e1?NtkM?emvHp&$E`b^_L}{wfo?Oa7|X zTby<1ZVrk?=Yifx{!4o_C)Z3Ho&H8dBAQqZY=&@t;k9A(VtzI-p8_xU3XB| z5vSbQ_CQ(1%aX!xXIne{>^1%Fu~{9@nR&M$vdi&|b-*W4_G`|RB9xqwwgwG?MpSYF zNNuL7DWP5DA<*ojet*F@K|O~}>)WzaJdf`8sNZK8S=7P?jDW81&$gSBV?I}-1L+mO z!~pQmQ2`+`qw%MW!xN}gPTpX6y##xzw^~^0UC}^ny8F1xqzRq8WzX(VZl7*WVl*Fp zL$dsRHw|{^z8!8j#56%IAn9CAr17#Dgg!WWh%1r|mrh0g-*2GJncGvSiLAADD9!e) zfpp_y+Il&4OC5S7fA!>lH|}fPFQG$gf60qbKb<++wkYXLCaTYmC%@H`SW|5A$5{{N z=8gkwO#E7O9fYiQZJLS)Y$Mo}PI%hZ1_nmw6Oj9f%f};|3^@q))LW(JX3w4O0c>Im zkm`vvR4xVs_^Da+NQ-4jv=;CCJ6-e7X0Z$UO_H8NIij&vm|+?pNIoC9GiK%Dxx*93 zB2(W*D|ff6sLi3SME@-gSnh#jRR2jt*d({ZRInv)fs_%R-^uCJk&`6ao8OSG0(!dj zbb_cuzmyzdLZuDpjNPMFoBYd*FHnX`tM%zrs^%M}0W9#IF^)e8PRBc@_#RCJ&Ky|3 z7j8tyZkP@Y+p7m423LzU;jiYs?x-`iL|cH_yLZ$ly4OJfKMkQHp0JD(X!}z(E{jas zUnDJ{n8yx-9)%28A4e5;QL6bqD0XG_uR4P(2nAF}G+=?mAT2>p?NjqV%M#S0&vA5j*-1OR@P)r;liCYw;vzu^sm$@9X3KkP`qM#(RLM}}ftkqzKiFr%MtV7IAyLTjqkS80CP4xJZ&DD66C{G6^VS>}Q322>)!UcRgvNyq?uD25cR6{!=? ztZrmwH7D>M0qbv6^7c|x^yKoDxYglPUnTn2+yg^F$U-U7;Wbe{_8GStiOkepUO=k}JD%?{_-d^NnsX&*Y)4Z3Dp!dHLB8Qw)zb zfvP**t1MBzE09}@gdteJrHB(@SIEn)3ptrFzs6fm{2L7Tm1yz!)`!S+HxUkPt0vmO zq&eegXM17jQkcq$|Lie78o2LQ*MR8Q4&*#hC7hVe7r&wf7aBZH`jWG83Ch$^2b2Jj zfm0)OWbuBpH2N#u_o;Mg=y+t2ZKiYoTl4jVyi*E(EQpb_f$ztdbGiEzo<&B^F1sRF z2cg_Y6U{IN{#-T^RMEM-X0Cp#QAqCP)izD$4G8v!B5u*UwATfO2}f`f;i1K@@#=lC?lq&41kO@(VFMVW>xi2?#e}0lkVn zXyaKYm8>&JlYe*0#7iDLr8mFo3Iyx{4Jtb+TnZ@Y7N{p11#q=PycWEyPEW|FX z0<0oFJPu7pSO+qjHxW$4qEGEuH~>k>{D0QTod2jBW7<-s3ETN!p@XAW+F!cEp-zeG zKeUKv4X_-bg_HByy^;S8_Vf02H0*-FbhxnO_>dd87cL4{-nXFjprF#3%iohqOjROaZ7OE znSi;8+BJR;vp%=5IldjO5Y2srMSGyx&S{OSdL~n(huK(wT5g5ktlmu2*%f(?&S2Vq zEOijqQXDyrV=0_Qlq=PBh(Ip0{N*Zt8}6j<3kzlf0G{qn_bYGyF7|D~5>T&qA&}Ix zm8f{StFAYkThRH$LBy+`8V#yU?2}Z~y~gV8HKnLstzSvVy)um`AqNOFm&9E->{olj z^v|RjM9osQTxc}oI;s@-1LBt{z8!OWv{E{&N83B# z3MI<2F()4TX^L$DgIYOnomvSPoAkVfUe8T^Ri+RzIS{=-SvzsjBM$!yO8j%WR#QA0 z5c+r-yCFA?Ap26Yk`T0dU^M-!!qxiAGT_S}c6sK*jUoyLBb8lN|!TW53`tMQ3- zpXtRyLUaEO+9Yt!k7t>*zMi9~!~`~~%oFNH^<&w3;WUAD+I;k~JojKpxZYUmGCGZo zV>Lxw`pQBmpcd4mRy%Q#NiWs%RSDf%v?-^o9&L(Fy4*Dvbx>5>`&m9cF*R>=&O$K- z(=#GD24S(p6UeHg4 zukY!}tEP~g_;E;&?^z|HO%mraAF9ToMl5&WuSO6X@*?d}G<;@pR4-;xH&;fk$R&6L z^PofMKSQC$w_!w65|UA<6vKnE)HwcFePvcs~~zr$z7XIypL`x5=w%(QoE@$t+HRtfwg<@1 zq;eQxcvQ?1+&AclQ!a+-zF&=;QvjY$XEL7v1BbyaEm}SO?WU!mBAAQF8bP+ns;*?Q zH45GjXYFV^>0Idga(A`ArIQUj#Rgavx3t%$iI4}=h29kTcrK8)89?s#w`W@;i{nbo3Z*+p!BUItJAv+tjZ692Jw|60~T6dLnL&!R--#_0*U2M4TWt zr^xjk+cWYp6ez4LRWk(CPM?5g!L|x@_IIkYkR1kDaC=r1W&Qofo+FIKw79a!1F(B* zqd|8W@h;>8FcEqL$ciljJS|K(duzn?fXCOvb-CzXOUU;rTD96mNJXh8qp61#Gq-jA zWrkefbftPFazSsvU19qq%;F&oO0}k4xyV?a@xlKq+TA(4ZDor$jr|0Y z2?m~BB!m#lSg4SJe;?L^N|Mzmw+&beU||WY0c^Q>#XWDtB*dCYVsAQORQ6uPgfedtxFo z-pM~i%l>OW_D~v7%fX}WKCfgyf+c6#RA0{H+l?fxWF6|BX;Dw@Uwg-$gb1$MALet- zbC-~rdFInurHAVbPrZncu}e;Q{0qIr6{ogVXs*n2%tZ&HDh>3tiT3D9co#>PkK<>{(gd{c6^08e&r|g?UsE4H4g55X-C=lx@i3|18#n5SOLNB_ zBLWs`^-_9+!A6s8+q!VD;LhjKCuvKVxHNk}#tBUl5p&+Yh9$aK?!h7S8w!We-uLGQ z4nFq@N@)uCA%JW3pXRC|O}!8*AOP&mzGyD`FYNUSqA7t+Nn*Q-tE*sxoWyLNe`?)Z z<6U23IKq|oDW-m&Ut*In_obvbT4ZOQ_$|d3d2#&)pm2h(e1;ZrtlRs%KR21CZAzVixSWx^l81@3*1(X)F%c-NNzMS*2wMh3}l9Bq$r9>e^2gXmZy;g$z z+j@KjVc@q6EAWdMr!ZZTI}REKz@!6#q8jk%R}Y6rhv%RZj=z&hnQ8Qh_?U*pCFgd8 z7oq72ycQlTwQhlxn>*Rq0E7~MK5;9_KKD0o^gLl7oJ1<(n%ula{T2lR2iDfa;gxMS zd9B`S2vy4uEX`f3*qMf3eC9iR+?~bYo=b_vg>7BK!S7lIw!*^Iiw4N(V@L?WtfD^g z2C4p1$o_kc>VEhz&%CCZ?}ilTOO`eFxWotA`}h8w=61rT-LuGpgC7hqS?R$Y{~_!% zyjx^Y1&1w(q;LWc*ATe*2uh*UokvvaQWG%KCQn^bMLBx*tN%5%X8^MXVG7 z?3&&KQS$R)EW5UD#joufi4X{e^vY#htpM@uwC^V?V721~E7v`!oFZeBd(OX)eJ0{M51ufpoX@I-b_)q=y!i@7#0GS^W56@-QG99QeIyJCiOo^rLAzPSd7UT@3A^G_`$)eK%Je*};jM4wMF2EBiX}%D!_) zyC_bIlC_6Tna9l9|AsH&Yh1dW`*@(auXeJS2)Ch~FHgRLW)rsQTo;`Op`PnaAxW+^ z%;3{bGhVKgEa&nN!9tTgOo}2=CzW;M@inS;>W4=;X@|BOM+lhH@EKJ6%)_rE@(T3( z2|t=j-XaO_l_!cuW*Y_P2TB$zIw&qo5ArNiN3IKG=N9Nt{A7n2-nQ7$!oRtjYD(A( zr}lvI>$#T7QV+D*XGtAZ{R`7H=t@09+dk)dYW`s;)YHVaU6Wx_hxyh9+0ieAsVyg5 zdH^0jbRCL)?ST#A&_>sQqtdYW#SU4~E5s;>cN&BZ(h2z_iF+E34Z>bx<+zB&0r{`& zdwf0$Z&`u^wz|r8vOi}+0UpOEO=ml$P=Dl+k;JIx^t5J5fnGxS=GZklpO>BRoul=j zZ)WBST_qe-Ou7(kRQihsufPDYk|VhHZ4f*@mK7nE6`lyd3sZCrhCoz+TlON{RhTUS z9neYpp=g_-q+XcopO$nJQOWvm;UyO*a8e@Wk_Yt!o*wj7vDu>Y*LR7i&y!0nE|@j* zbqFh!oK#>HTpUe zr@5-6(N+5Aa$Dt{MrqrO$ewjAV&0RvYF%TFzZI&c0!6>4%XamqV%5qE&7~_LTVL;v zbt#H25%oq{=+W&c>ZlT-`=hE<3~H+W>vIEPcik?TJdy_hi050BpSuW4pKHX99AlfH z4#%PUk5~Y)jak3`YF~oC*duzAE@mxdLcI^zCcgi_-6g8Yc$f{Sea}{ zr&3hv{8-VFtfbB1D-3yazHTIu%bctNvzpp40{zDq+TSmf(X!?l+30QAC?b#`eYugb zoG8?#J7YI%yb;&vn=$rdN(v8(9<~GUv2EJeecBkK!$O`9jus=nc5COjQP&|CFKi02 zwQho!n~$|vo{-;j!LLpu>=caMLi9oV{2~w=h`u0QkL77~kPaJn#co|a42W72YlyxS zZs%%52s}~`I!a>`5(OIR`%9D_;oJ*!_4VUP&7V8pS$6RA z!7U;DSIzBT0Emv4f}|FlrG0>0>Ha+Dkz^94&&J8SNZ}zlY*Hz;4gN@`_wr=QMhFK7 z8Htp8KSoP`=_^-3ki`uG#i>*(jf+w6mSvU68ENKY)|qJkvM@+V$UlF2m3NuZ`ou3C zDQt(z(Ue^crurD&wq^#Oe$S*LkX00@SQ&z~(!ezTl~!tm_F6bcF3vHhcBp>+gcdrn zih2tjR-ZUF<^zh_mY56e*0w_T*+)^a0G_lf3M5VB;=J)l39D^#po^&q@^sQ0kSwu4 z0BHM^>|`4W3Q8o_0y5lEUsu#HOE_6bz5qfA6 zP0fX%xv)}rFOpfYQ&_;$o900y(pkjNUa)#i+y5K`?0-j!O=Vlzg^)JRlKRbwdB^Rd z5sKo{uJfcVhof@8x}*Iip1r9z8R(dy)HR--;JL8jx6n1qiY_oN|3bce(w8NQfuXF5B1RRzTVcJ_YZFxS>yJM zkF?$wi~@C22+K9ZOL>3U{&QU^j-c;iLPYv+a8ewfwsZM{SSF-|@0jpCKP~zxAZxGF z<&Z7JFp!s8O4Q@+&L1V7Pdx>mPsjaDe?2jlPnPaDyV3$?*EY-BOp3*h6O=bo5?r&C z^yS3qHnLk1Llijc%5Tih*xr8!I4e58g~n4GBf z)mROWflo6<=B483brp17f>trj=Dk(xYH7fP`q&-3u&Wfst7u+lWLmL|GobuWIn4k!ilDa59 z()lK9{d_4py>WA_C7}i_hkHQP9`H6Fa@MS25iKNcPu7d<*2C78R=!TA)OnH!sl|MZ5+sn8mtgRqt`Tj^~;i ze;r*W?3q$(*)Hw6pTvSgQ@S%JV^v*>afb>zi>0wGuf9hy!vB@&EK4*9Nybg>(b}ovwaAp4KgyKA!>oc`$7#*U~zpv)z0trJeWG&ZtmUi^AWj9N4$^k56fK-&~ z|5N~~_ot?jrgR~f)H>JH3f7<(wK~^Qh<2Tp+oISzh5`;$?BG^aM~)xX+C2H7)i|Q; zIC`c)7LqznW+oo`a7I_7CWoOKt!HO}5uGTmmxQAFgoPobl2JG+g&!xZp=+ zZFLA147FMB>|?c+pS7$>T!l+E0^V%q1l$#C>Ra-X_Ebdve>cMFu z6y?TTrg@-c+nLry6U?5{G%&WA-1Sv522|dy8L7&u+wXn-t=p5XrI0>1i+p?N3FJ4r zA0VQ)lWw%80HMK<@Jha2O{XcmYZHNWyHoV=lT_$rw3E)|+Yl{QfhXQI^jFYooTV06 zgd;zzONK`ZvL+mY=^;17+OX6b4BNnUlX!SIBz;SH3C@cC_!Ma#_F1FMH;zW4;HDLk z7!*X0gB?A;3gPT&Q+($!j-HdA9^?P&Mhg;rm#f^HtuVYOxXT?E(fXT+Y8Z;v|?|8u*5rnQ4y@6sn$o|L( z-%8h{hYT!c<2J4?7`oub@@g{7KmEiW?Y7vtIcF#voTWjIkLph; zsHqxzM)D_9k(9cJ`pUyfUT<=rpu%2D#>zJ0Z-2K#UPDoDb-?yqErl zOkY-AjH#=I1D#~+pn#A)Z~r8wa4KhTO~(8f>^ckX;$;pqu5jhc*lkJ(*^iu~74xgl zy@Art(t2H}soFaw351Oq)=9rJ#@@1Sa6ztE8HHD_Pwp(`>=N60dApi|ztJlrhDm3y zrVH(i2ImXx;iLIuVirTZx;v-pp&uG!p#Eif@(H@LMK;cj?$#iiTg&OleROv?4(r9H z?K%Tuv%1dk8VE2~aVwKi+x4!wb{}KV^7-|ItoWH|@b3hZx{@_dTp|&Wib}1(7?3-wr|dmb zsnV5BZfFBJYR2VSxSm7HRL7yE)C5dQr$(x`m_l)+G0sNAo%GLFbi#OuI#tf#Ywq`;I#&a73Ux$&al+F8h>#CS4J8c|@K_)8}#ugqNZ-m^=e)O}`Z zqX?l~_zA&@DQokSb!N%I+QlZqH(@_A^=0z1VR{HF8faAKp5ZE7u z5?@$al(%Y~7BaS&^MPo__*vU-0pA z&G(@(e=TfQ3)X|}t!p>`^R-<1f}VCLkxCrEueC>&(o3oUBqUhgiGM53^JvsLmVoSg z`2LX^f25&YSj#;29y12}rVy^c&#*h=`eg#Q(mt ztLgT7+nP|@@%=bodij37->}p3{Rs0TrWf-unNgUCO#OMbYj;I=t;W=C0UDghH?1IE zMoR7C4mt`gLhLaaoXQ67N1d_XX8r8=752^2Mj!+a9NP4oT~2r`SULB-ScDnU{h7Nm zDG@1VwKVcb9eCg{y;HL`vip4tWM*OIP==Pe?yHPCQLmPCrmeuRN2?*Sq_N;URDG-X zwj!XDxIQ|i!7Ftp#k;Z0Befo>dse$C?ZNJ3=Tnw^#VKLujx`BY2fao@S7^?n)AN}M zeC3VXrEaOE?jIzkuQ)cDeQawtc0%`v+1^O>#CZ+3pSzhgl89;=%f%!(B+$&wMRe-3 zp05}KL(yg}{zI5H&++WBV7KkQQ{V1Wds8UI{%@CNeRBKQ0{yqQsUZ!d_0;njXG#nB8YB_VWiS-0Oq{MNT`Ys;(94`WRvjT_w(ABNH3kl}mk=rHAO( z%_i}d?7B86t5VMD5pzlEIfe;T;&Njg8$Y(u7hsLz7VCw|hO*m0GC&`cj+dNm<73$E zrfb;e_KkQ>8%uB#8SC@6!y84D#4-qm;gh?NXR){vN-Q(sdhA3?i4E@{>K+2E#FS|f ztF_tlcu`fw8Pmkd-91r5+@$3nCbF#z(5aa4>ZIah6^YEWG+#P2v-W^#A9W?nT2q$L zZLKOScX9(fOK$s9`SwjVNM^@!Mp>-lO7dGO(n)K4DTtHH2ETdlS+n(wOZc+1Gko-O zUsf#R)HS7HO>xX%N;oVlhN5z+lrNZk+u4o=V@n}qCnqmx0s(kRbJG=CsRzJu_BGo2 zJNs@=X!jZ9F|>NqW&))wh!Wxa3luE!8csWU$aGeBDL??}c3j`3GB8zTz*BR&wL^LY z$;-QmyCHN>fhZ{v4TfbVl!wZdt(H=?7gRCOu~4?N>mc&0Z02#M->zRTLOa?1!Kgss zYo1RgF$FS%O$_K^PG4_cVR_!w#+D{>boe9}b(p%^$(1Wg9!e4lC(;E&PW zba!9;hOwI~w^|RD-#U#HOuwU2(oi-b?P9&xtIHjN?cl zEHQ8Y66YoXxRye>SRGW zxsBSRMyO6$8PcuiPRl>?Uik04t*{R$xrj&)2B+s4Fmp|Q;J6hb4FgM}?fydIq+H|u z2)>jmH^&Rl?*BthO3jq%9?2jA?gJ3fGE@)63Gb)c+lAAmnzWw|5 zaJc2P^j2rqs~YJR>+LKoUDY92S}iy5N*gt?+G0;ho%n*=2On))*Lfa;X3P&!w3v+z zC@?WXxU${7(ZlWZY4$3hhuxd`Bc`9+mK>O_k~8UEvJQoxl3%E-b^ir=Z9wJ>iA+o}wE zf4vxcYLt)8W?t;yX7{HiKoRC_;z(>0?ChR;J3DXp3VHh}nlDBOYR}E+UxRaV_ za4%*hYk}SVapMDL4E!v41N$3+|MFfL7pYyQV+M3Q8^q;S$$!9Blwo)J{TOaKe7O8F5SRcv8O^4W~l|JkR&c;I_s`8O? z8~76#Q>Wl~pRcjCUI}L+uDl(pbpC*e&V6WGe&K(fM z5R(RhsbKhQ$Yld-uMS@V-U^F+M^>a48QY_M6K73^BrgV=L_-|^`F1C$rZ}87zC8yK zUpb@oHJa@eUP?}(11K_xXega^2+7GM9k@9OBN-Snxu9gcGn?*Cm~+&a6{c^qRO1c( zv_yqJg0h~gyUKmhuVh{{6jNBz@@$&vhHb&KJ&W0;4BBrF7)9Fcd9|)Ju`7^nUNc{A z^Cp-#PO#+c`^Gbde|pae9I0zpj#`+>ENR_VApZ4YCI}B*k7xu$TYTCnv5fC9Iuc~{< zUWeAK^U8^5rN(8wazKfc#g%`(q|i|oYzwTe5Mutm10NLM0r-1&pfTo;zxBw|D@>2IU1xK=%6xd}P>zCE9uLB`DN+RYsEl5x;1zGE24 zGhKdKaG;wLRMb4U4M_Q(gnX0EyTMI=hfjZ7zz&E_eS17zx$S&@wCub*_0Rb=y>gkxfR8DqqB`rAZGAeEfZHm6yYkt|T5fNcKyS981tBO#HnoeH zDY>|fjh9${&CZmp>*S=!ngneSXG<zb0iTTQK&a_qL@^e6f7`=b1K?v_dXdt{xnIF{%x^I3M|FDO@<(dMu4EDb*bvJ8CRRVy6`Q^P*H6u_aNaft!>Y(As0BwN))-mBK-J3jhBK98NlSZZ%`H8rQFbCNNhF9T}9Ufyq4!=vZbbyrf7 zP8tYd)?u>5vvBO^!z{7;qTGA&a{V#>1eqLD9Il7%?@qVGJ1-xgEg3Ukf6E~nC(2`| zGF%VPAv_jl6NZ>ee-S@{a7S}K@oP?6+8r-~tdD8n_WkABSPHVV+ZoIzyI#co9^X7e z>!%aFFP@g7i#2x2%ZENW5$BRO4ns}Y$j{|v`7;^h%~J}&AxjSBkcqcyo_!kr7o2^y z^wT+3zi1l-P}DQ+C(&i5pX(piYQ}Y!yjL#EQ`|$|gO^he>ZS%y=*G=)&B8>Jm*Ow2 zN>jxw0)dn;QBmYg;5+4p>X=aPG=k!}(Avu-(oQeO?Ba!GlFhg_7>;hp08W6SpbCVP zM$_eQp1A@3Z^?%)Gnf8PUD0zf=9AGgA_6rd5z?Qawxm}G9Sjxy9YP58Eg9wc$O+Q> zZd3AfRNGZ1HYI&jx}c8ne+AVjRcgXG6DJ6f*swbr_5luFL}pN7E9agN^BaIO{Yz2k zSgCrnddrvf!6VAs?adZ6!OXY&J!u!~^gk=G7%ayLX@{J7 zcr~&l+F2PCx|3sVcXu74?uu>Z-GD#&WK=#j+nG1qxe-<^$}F_5pJPnih(rFYHmeNO zE2YHPL&&qN*2)7m&*a5}u2L~kN6&O~!VYd}SkclKu|sIvc2G$n>l~t_bg;53oKv>p zZlL<}upn`eud#t#Y!sc``*L_K8)_nCAzF%T@}VdEn$Nb)<8^r1 zOK%G3%|CeSt_9@N5+wl`$FO35E>r3HVG^tV4gVsIW5n~!eE zVF2P0kYt?SaMHr-*_!kJauU=U)adoz87Ed&tjy*5mr4a+85(E|bHeQHwwBj#A%{#S z@aF#HmunjpTx0ZjRfC@FH!f+gE9f>v&Q=($A6hND$IrqBI(*5753?sWA2Fd^PZFD5 zKD(~UA}0DDsK3-KH=tRuN}WdfgUZWfWazj6`%WLfI3+H(Yc$E~y9ZP*e}=3?GN#@B zv3yf$!;QRV3bIj;1*3u7xGl1LhIgcK5BXwPv57!bce69{rmcv>LOqd{DOSAg{XFO? zI%n+t3y<%E8&!xgRxPV&ma%T<4Ek7V7JVg~(YYChvxUDwZ*p!D}q9U}>k`>d|-=N1HBj_pBW z`8HZ&`7}miIot<+GYk|Xa1n+4-x{6>qjTtE++0ns3<4Qi^Yn} zI3XMuk_1jxY#R++Nc)ypJ*Vm=`9*4c<9t{P_TF=jC>2+I@2HH-n;klp_6Xsb67xota z174@Fjx8e}O}ro~;$E#@xdFw-6x+!@{Jj!#rE`XG`qPRCL~lKPLs@t(@Zjh&22ZoN zNcb%_HBO6&t=gO^p#)4T3i)e$fK;MPSP&PjY1pFl;FF+hNK`pAE_pljVg!CUGA{U( z=I;i6VekT@%E`eJu$asHuLd!mNui6Sml5>`2uw3z!orHpI3P(+)H^YC;ZfiBQTK`8 zmv4dx9egjFXAUb!OrdsK}S?M>v*UbMm z8mok~x;FG@v}JScKr1w~y*-Fb$xd-pa>V69Fv%A3piQu9&_xj!F|EyMVN1$eg|7r( z>)|aPl@~LFNtZX)8Ig|MWXYMT>KC@uQ^)FP=+rp)tKCmpOFlySmt>JFDxYso9hV$? z@^TDkz=VNo^6PHY;F-ImR8Jz=r%1sLswr3Ss!HC=9gm$6j= z4*k8KMSopw zD9)(A$9z59ybzLuJcrsegVI@^W*04X9dd=~a8gc~#dQA!^YPaQB?a$+h^`II;;27?eBOzk(b;b{5-BsQ1B zgmTI$oZNSQbh$E^CQxzx%NP?@(QhC6g_aENyfv@gzb@HyxeHbyPNdlbON+`XD=aJ- z=@NYq&h4n$yBeOh5!`wtKAhta+{lG}XkUIixCJfd-*|IAx7sO>XEy<$!GlE zr1b9t<(uz+OAw<-zuf(u(pNXDpWJ}rpW*)-jq^@;eThX}#{|7$9BF=15(V$$HlS1I z_`S_(L#`|qlUpY4-g34S8;_3)dBd0quU!16_MNAW=

    XgZMjw8X_uHwxqZ@EY}aPMPcVc*J~+yBrdvO}ZZStufzXjB|>S zKqRkzM#=Ib#*qiO^DrN_w+EHINZC_hLt=r3y+UR<&!3!rw9Wdr!~QuTJ>HA~H2 zTk!M|9b!LFvf0#UhV564C6eExI}Z+e%0||S#RN>}W~9D85OY0_hZ1~M#Jw(ulJc`} z*t-Z7uXS9E1ehGXjCo&Tnz0rxzR7CbY!DS&3|>F=+WgB`bLglwA3wQOvq39A4?vE% z+Z^^jd8>Uz?(8x|$GoH3t7fAVivTfx@;YG`AguH>emJcck)Fy}dwaW+ z zaK@#D;AgS(q*$v3mT{c^Z}?D)%&L4Wgzw2yFT46NlgxsotI4)0%?XT4Yu@qpG2J9% zNe7`6@R?<`=~y@ZY@hj*4asvpkZip3!}j8` zENo6u@&k8sI=XwO5yls0G<1#KRHhM?TRkIVua>WBKA!ydWrBco+4lkBm}Jp+tg_>G z_gbAn;OT?*OV3>){$oyy?qTmS7nt9MkNG(&rG|{a>mh?M^V6XY;r(+~#zm^Gp4lhT zX~!TYor*U^;oNfJk0?h_pnQrn4)UP4!yf5=jMELcK!K-JQufP>4=CTM_L76R2r${R z&0M2vqzQMXDFE+>L9CUXN= zeSf{4XXO$;G_Hcx_rL1)*{vMuz0)fW^RC=u?YEB{nA1HXzXF)|Eb{@KzYfTIe)&H4 zl7a_MLJXry0mvyntv83leICT~b#Nc@F@O>Nz<%Lm69C?taS%+l;wy?Pjf2CO32TE6#Zv}HOxj$ewoC3 zJNi&!BDXUEs}xI^xw-Wn5*}>ckY4ZzdGH3^CtBtXTBY{jvC$C9^rYGR@n&33y^ zfJk|baMc`l3e?yc>RL*UH+-a{PK*Cl+tQ@KfBZL&z# zOXc{oice@Kvv80u#K8$Hv|Wm4Sip?&IC_OO$R$q|kYRNpjQNh=)=wR)*vLy8naUlbi5Vp39h3TBYU?%=e3=u)Qfvx z8*4Q5WYeiZ>Pq4PNI8kDTSdGGQ_&B$Z`sSW>iRN` zM`R`PW!fs@uEVD&Ct0T@UZ-W}i$$*^Hg7?FsV=dVG6FplU&3%gWh@mx*!jqFpsJ7X zE#_U(R%_qO-sIeorSvyQf?>@d>6El068!Yq4Fd+FZi0K1-gkK3Kl~9C(9HX|T_Qsh zA8I)pxCvcgkwW0fg^arsx?f3pQ8>py%U%Jl5)NYzqf#f{7^_RCwj)vz66E?CR zGfp9y207w=ZboQ=>G{=wPHSPYxwBz?S`sOrinRSiow816Ly>SXT#ES#A&2W+T2&Rd zBY=fQN>|;9cy7H9me-?tWNsDHrkgFtgJNo3p8QZV>Fw(V)^*+*c5HIGe0S#j8yZzB zooN!#TakZ59R|Tl>9K_}AwAcC%xj+ykGgCC+xP5xVc-k12?x%j{Uds&0DdnuZ{flB z*g4eMcoWYgB{%`?j#+4O`V@MK$Uo`AA=*&)GrG1Uh@4do$_qkRZieVGG=I9tbqUi< zB>ZR!(+!xc@?cn~t}^#wxq&KcJ?1NU_ddH58kGRMHpJVqVFn_$i5(~qyo&J z`_4C`aUHiYA>orkErX{1pqQAE)af)q1mMrka(yjMCJv2K`i=~p{kGQ>Tm4d5w#tys z7C2vm^SxutD0fjx#P*#}ZJvsu#3s2Nr#LljRthH8mG}os1iAtRPtH&_&0sPzJcwcZ z<>e)AI%Jo4olSew<>?zR_L0>!JXe}b>%D0{d+jxZZH+`;=>vDY(!YYGo^~tlz>G;0 zXuE&2_aC12eB&o?C~UyTbb}1fb!`$%=iu$jCJ^ZL`jNJvt3a=(hCPM~c<72Zy*p3Y=tKL{_6sETPKlNegq{jgdV3ZOQbfuHzoP zd3rmL5y=U~1O3TM>Ewu~O9aM@DIc{DQqybWNnVz#x1&ppUSjat!-)$y< zVSJ@DC!8ZhW%Fw+>0K;8!P*gbk>%;8rhm2$%K4grF%un2{to7W}8x)hL4I?hnnxJ33Oqh$PZaD)+*u2 zQZv1ny>G&tt#^{Nv+n+ESYN*G;UJ;zrcKG4Gi%;XzIKm?Lo{`=`0A4{Wy-JLf#-Tz z2PgZ#%F8B_GZ#HMraOF-+=QOa*+pEIfr|KUsrgX+ZUEMq%^Yo>(GN@1iqmu(BO`W5 z4-xL;H(B_}#{h~j%CU=HilpfepRS}*5k;TRDzwpj4U!Cakbi>KQzjDuR$2Io9n|gs z1SGGrgNm~-kA~lBf(3+Mlh@{QILfj&^7$7+55NO*-_n+Ma1try>{h^d58&Xft)FpV zP|XIor89?Ru$M#!gX=e$N*ixQ)VP;vyb>Yu2|h1~hJk3?D>Mz!pHhi2s?U0#(kq8v zuRfCgK_Uuv<^g66_}->>3tr!H`~%^D{1nj_GA7e9Cg=sTCeIah-^NUyEllhc4fAz} z!Pdx8YM|Z?_I0o)=F1OuND`FYcW{+3;g|XA?IJT5#O28_e#18DubbZ+5(!~jfIkoV zMY!wLc5J>Rf#Yc%X6vEHMUey`b?>BZ-gkDcS|1^aBsuu*#`=T-;=ZvA%qmdzyjXpE zScvW8Yoh~b^Iui>Me~(ZErr1_V;n_20q-cbLHAuecx}e+svf^r&B7KsIjlzU9NbA5 zxY2_Y9t_zshns7os}z0xtx@it`rb7ExlM?Eln9pcx?Z~I%};yxs<{PBn*0UY57+F@ z6Md^-b>lTWAwb6^Tf=^E$YDt75XuM*yuT+pHlbr@2LBC@O+5j>%7OAPFO91pp7~kN z>RXlIzsumAxRqX=M{ww3B@kTADpL#sXe@!B5Pvv=W?M=^4*-r4OA}yBI)Sai0`sEEs=IuYlW_`d&4y-%rIYa};h+dmK41QnQ18V{rH|mph_=Yak zNDA#GsHS}O>bu5#_Rwx(9|n{d5+5MRa%%UYaei4m_bB6)8J>@6POuh4zuKwy6-ueme8N|L~QMV_@g-F#lnDz%C;7FS9P zvX9BkjTx#r3WcW#tpxE;nbFeZ8CD5~Z@05;Lgx>n%htyNon_pgeAs-Swo#ag$a8x< zmz=bCQpR26Rd~)FwLnEh(HVCNx2It+`4?J_ zyZb?G*H&<-po?~mbP&H}?Ju2SNvu8Z=F3I;4& z+kwU6l}j0C=dF&VCd-YFu8SgfpX@MgCCcNyf7jidF8hw-yXGn~lD{G9%d^jS08b>4#f~Ud1!gwvX1bLVIo_gmT-VZ zrnDo~9aRBu4${?`>77XZ77@l=-Nl@>%dALZ$fnFBhf8(_n_bri zq3uDmdEP}xM5<^+&1U$C3Xh5H(V%&m#$3UMq<+a_&3<8mfb7iZj(?(@eo3jI#Iufs=At+xFv@oFbx z(|QKya;CyK!XtRNL|!s-c{HpiZ@6~sim?NB^$EFjc2175$ch_*R2gwBUY{v@$>fzH zSx@Fu1Tk^3wMf_PcJ?cIaWmixLLcm7d6H3@sUqEi{@UXtbIrRl6K?6TcsMCP1o^4` z$?^XESeUT~TJCRDm;Qh@guTx@-XHoWF#0(K|A@ZOcXF`cLkO<>@?NSJOEELcMj0z& zu42K+-lr>Vjby_^5Oyt4U3ov{yf5tVfV7eV2#DHuwT8AHzhHO42~Y_2#g}X>hf%1G zr5gSRsr8r)kpAU`_@&`7S?OjF@hYkc*J6bPXF}jvJ_MfqQ8q_Ay*rZK$~nsWvtU$Z zm1ggI8sjZape^5c$}yW>S?W5nG+Jjr^Qn%)dF4~@Q9i%lsY6D~`nU+IE>!9tssb;j zA_@`lH}tr_ZC|DT*cK9(8t7*WK=ZmQdN$w;OqfkUbbCH*eeO^ zbA}k^>;}Y<5i%-CO8&k4L4k}pkI=j9K=k=wV$Zt-9rgwz5!51*Z}yj&gexug7Osko z$)mcJYeB4>&)ahtZCQ2O5oAv6cu+b##RIFcu1g5aH6;mu$nxXwbUDIuve^%p- zt*V5pz^e;NBdvTLSLWQcA(QPVjP3b8MzaAj70)WWLB%^P8R_P4(>)KAnamuWVDyKh zO-H_S@Z04#NOeeX!OjT4KxJLFu0%kFCA=d?YtwZ7cF-EB7(m|bXMtL3ApM~}dzaW4 zTdfQJsQxN4ZS`nxP==3OK!NgK|pb{_O-Z2q?OGeC!4Htb*TP z{Z~EexJSOv4ewlZydth1bQv?++uy0p`Y&$$fqhNAeeDFWr;ZVIK&y$pA+e?OoAxm0 znIF!%IoMQ&p=Q~+)aeYju6fq(5^S^zpq9d)N=_roz_Ieq?YH9?$D>+Eb z)qJ##8UdzJ5n!*5LZ^T1a6qyiiED{$^$i!QEOt;`?8B`ab0N8vSKRk;E%3$JOLq5` z)C`a*LXl!!^FX#x#>XTt3}WicbKGXRB8Zr!#zwK1$FT_HT1qTFrk|m|E!3CeqiP5# zAF5Tc;7~)wC@qmVoG3r++UnctH$q%BInu>Li{h;DcxEuc#-2Zem7vVGD&FVvI zmuO_s`K`M+X5v0Ode~Kmj0Tn2Z5|Lr;)(h z;jpP0Mx-rr?(-y06Uae=$k`WM4MN25eDO%%UlyjL9g#D`jTAV1g%o27Ipi7kDR(Lj z0wGM&A7mFpp7VS)vDgc`xD&5zi~jf`Hj>jGsY?P^ZgBC+q)e$3FWQ6>q9hA2&oNn2 z7a152n>)*H$m7I9WQ<=anVqN%U@gQk>pptl7=!yxMT~wjR;CV{eN<`5J}<16!PzmC z>r)WoXA9Ai-*&#eA;7=}hDZ;0#3C&+0AU*h8Wk7@xDMkrWW=? z(uE=iW0gQ&cGLsIeOSmD88mz$<})KOjOs8%>ccq3{U=FYW?FB-+CLfJ=~R8m>W9NF zp3#h_W@mS(uHPP#nO#SRy0O_aDf%bK*Q!lEz$|>9K*T^*t-ejT?&!b4Gx{a00J4HU z=%m&*i-ot)QjzSbGhF1udm+gKr&8L(0~ua^VXQcabphG?!04U@(@_ z)U=LD4xz>^G1=TuOB(f1U922C^Oyn(Szi&!DExMsx+uo&uA;}(5>2xi`Wfegh-{m4 zO`~Ox@uQJl1Lpi|tn?nb&0Ohxigs{!-j?ewrUlu@3$uwbnRbWqv>!7C$MfUP%s4RuV8K7Gw6ZxU|MU1Z5rG~8}UCfM(Ndg`oscM`M3 z%~gseZ^!dKSjR+O$MVWiVU{+TsOMaaWpTiDQPF~U-)$sv5Dfcg7#7F&HqDG^;eUe8 z)6YJkEI>iJ4W2tgt?}AS*wa9vo!i+N|H+i8_SInm-UwO0P~&&v){LA!GkVdQTYJAK z2e7kk=CPaY-ONH#T|&_sKmV?LrORis{THN zb@OZ_=f%{;lKDM+-*g4NT&4S+R8=*UD=`|WvW0-fq9gO-qB7Nhh3S^4%Dq^;E=z*{ zPF~nMA0+DbJ_FRbxxU&)SihAKRP5$qPo+KZTrT>3J6K}(0iLpNz*C6eR(~rC$DLrB zz^hCgQrFT!?cBj`QUyg7arij)Hfkg9M`5%&{D^YzbKGxBr-dvRAr$6H7K?AV!g63G zR5n8ib?aK7@EASB#z#ZN-4@&YFm1itCUuo^xqkCkSb5lYfVF@_0~w(K;xkG&@2S4p z;0rf&=$W@GhtD_;9N^>*;Qd_Z+-o5K7pM;d_HHvs0%JTrt^XqwS!SfcVN@R0te9HR zC4?#&xbY{5UhPMqYBzjVWY3|+c!`n5Evci~M(_cDC^8_2Pe!AGlvXfp;sp0_D}6|Opi`)0Wnhw;oO$vb#xuYH?b>rw>!r96vw=|J^rb0 zSU>l$Ut<&X&)^mV$cm1wL94~iFJ#imJvW2*7H>~{NqM6}V>H;O)lS-JlAgB3af8_0 zlD>@o-y=E^`p!pXntR&>*P5_8t;`o|$~!YmuZ)OPXPMwzI_HSKmbByNeF?`2eCj~b zy$AJt&=o_mp?W+1ibKDs=MOS`gK7#&<_1IO4MsdggOoy@2gZSTG$wru<6pN-kZ)o} zow&o!9c8_Ta`St!<7xKkWyEpcTwPqgxaifKw-x0X8Xy$UzGuGuZ8%I85OesF3o>!S zT_FNnv_W3rf>>~OUNg-zr2_Wkki;87$3$@ZzVx>f4?P;DAnkxJD+d;`e?o@BZDh{+ zW2km+J=ELnc8AD&Kez7r5kIJSe`g+LQxnKbqge5>(=YnVpPa>;m;|qUl|b)&JFyU2 zhWb-QZljDp?VHHc_UE0(&#jX4hE#5Ol_e~BzY>rOHBmtluiPr{8y`n{BWQRmgu^a^ zg1Yup%#lRQ^*(hs2jdUR%GFG+SNLVSm~Nz%!+8k(rsaOQJ**cn2vYbAXtFkYgZ;@m zW>Y>8Iz(My@ghn{|%E4*t#|;(45$VUH7aA(_x9t={ct_G)UbIFsxz?b1)E_i+09eKegsshxZTCLwcZ zfdBnecK0!X(@UldefXSI%V=rXjnA%Y?dZ2F|58lXH7>H#v=IwY#%9sT3gVC3e2cwb zd8PLGaCu83DgMWVr7}Y}IVDrrUfWtKzJ!F?!m>JKYG1h1?KL)w45zC{alhZWPobpR zB}9)OSeRoV*Z%2UNZ8SIJC1!v^72^v>)ACd*IIE!#9JLvc^B#9rNf zT|Hf%@BRwXP%Wps$|D85o-YD&LH1Sx{bvOu#ag-Ym**SLT{|;zAC1K~Iv-^|ayXv2 zA^slcqd6go)VC)+G%lKra7iAC;ZScHj zVx>{N&TigE9`zQ0ftbRy644Q#k>%#7Ybw_R*eKuN9$2c_G-`WBNO^Lr26z&!?s4=U zo0>P{Z21liB##LgZfB#|Z=zx;Ipb#DU0ls-jRh;2KCuLf132R6$Ul~cdwO|UAJtuS z(&V3e2cFNlycu}(M$1J#XZslCcjs-l%ib)UqhwL?Yjqpe7k#2VJZ9EpW<2yVErrrr zLbeXO4uaw%5JX!fl=eQ7jC3d3hkM7dTMDre{4YR;W5pUsc;FJH?J?y-j6frnF2DzR4EYl2LelIlnYe z)aZOUZ~GosMM#^hip}>RR43zxCEM+zv;&ty*telj!kDUi{Z6YdRr8?N^aiLq00X#$ zZ2nPUvV5BuU`4Ji84)wi`DiZyW+AQ-5DPuHFz;3WQ@2pC;$Yh1S|r}?ty3{tRbN|4 zHAqXWr*r=mUqBIk@o}z9C!V*m1HEdBGQFXC;Za2^&j=EE-8!A!XVj{!vr7vz9lZDT zawikFFR36wR+>-AAi)#D!``>8U;?l``#++>evpD_bKP~be&F-R!TCVDYCwp=>g|Zc z!*p%m$H-Z#Xj7I#+4I9UOY@q+-D|fhZ zY~+I$&;0VRAGz-WUGz5~<0ZKns_KO|p-}YObJUbK@_Ur45|~I+RRG}-&v+-l`2!7}bHY^nk{Wbulwl_b@y6RJn`z21dVC)=Ni;dVce9+FvfEObpD)(MV zHg;^{;TOV}5suOG-Lx8b=i1xe;NW-RL`X&RN@?;4$}@rzPf=Cj5>cZ9y3VZ7E2 zXcs=V&$4%fE&5{&9`#uxBU5+of>x&7P+_eQkCG6w#ulPrqs!!G!Io6Jq%+{lZ3y7* z0nEKX^vo^5t61O_M(o=>4cGMyyIX~V$VaKW?vr;D1el(FaFc`((;mS6)e)l6E}7=Z z3iBv2hf%K9g7#LIdAs|8uhN3^SuvDKC-ZBDPnnsZ@u8{UHB14ih$kyL_6)TkYeXSh z=ewVaDX*wK4R!2@=Mb^6f=iEj1B+x>dSJeaAFfoei%m%8qXoP;Y1ESfQHjP*qP|(> z(dlkMG1>ilSHzG|;j)eTewJkriAJVh7tz%l5Y3bfMm{y<@Kopl0m12L)G90o@vlM9 zRs)RcI0C!*#Tis*oaGxs0H!qh5j~1+`41sw-@fdH#NWJ7kkv?NGN@k#5~?*xg1w(a zpxf$b-p$dau(bLfQ(Xq3H$R8zrW+wHcChcqQCm4uAiqSPKez5zC0V zYOqRJ(I7S+!$Lc7+0ByzE4`Zx-3VO6A{ios^%GZxBfM)Sx?PaK! z7-P$F}p zRT^pG$t^V^eK%2JC@Qhf1OvRFPO#!FJ?9}eIGb?#LN)?@v?$8Rt!&Vr-B6WJXofmf z_EQYUL$fhM67wT+=8}>TfqlE1?k;emsm9hIV^&PHGes48 zyj7N3N^oFG=0dB>|7%A*Dn%Gda2)d07QsSOA6LE$l6_{KTqT{B8LY_b{KZO;kzD3G zsY2KgQ-`v^0|P=dEuL(_^G&964mHJqZ=|(2tI$DE=ANb>J++7-$#V!YA9aB6qCVF^ zKKy2rP%!3vq`S1{GEBykv)wl;g-Lee%ZxryPwf^mNLe~*A~*XfZxIHO5+btrm7fQb znYcaAzvP#ot}NKuDQ@T0t#EFBq@bsw1R85z8lg-2Xx%pj^Dei&hp(UZt8b$F=d|DV z<@_GJN&)md*$XIKT2CqL-O&%9hEGi@XSpnc&UTTqjuI{#cc1I8b^r-F2j?%UwhY0f zxKmp~nE?$4Eri~gbfS!IK^>j2m_JchI6_2x^dzs-1H9l18fQ<=AP>4*hI(n)D)aqk z6>J8z%W7YB6L(YKHET8gkZE@unpju6h|e@DXAcw;(z#aB?uW0brKA`RY)!dQK zx_j?MJ8x50yP=!_?gUGhQW|#_CfEnS+9p(0+{8x_o>Sf zRQFHGDc zVQyr3R8em|NM&qo0POwib{o0TC=BOsbQM^XvweuWN$TVoCX;U~vM2G5?a?RMllNJZ zi3aQjNsO9}o(5VrV{5JFHum55(w-}M7Yc_4`am`%N|tBTYt~ro1`35!p{h`a9H-HY zJcGetaIm)r{|*L&>c6`?dk4Q8?hWLB2fM?a-wlR) z&z|l64h=Tc{?e!50_VRQT)VAm=f02!rzsOyP?qx17D6}|bb=!>E5;#Z{e-6He1tx2 zA%swXQamRk1nUExvLcTNd_btklM$K;k?~Q#Kc!GTV)K5MvpEqnQt%*R^Ldd{vFOi8 zG7lmNgnMw`WnAP0&(U$tekPIV4x42p$Aabk^I}Yb@`oX=B-f%5{{nl%&G#&KAz-_ax_(r6Y7P z+`?IAe-6UkufpM0On8*jOu)M%mLwz+9C30%a-5)?Bv_Cb{hcIpq}JwB^tT*OaEeik z`E1N^9`mONr?Fh02&Ly zEZ(y`=A*3u8Pv7{4^Z*Fnu;`AKnVn)w-Q!VqYti>ZH#Q)9@#tW|`yw2%# zyeNy#Y0h|pFTxp)|1+cHqM?QVN6_gacd)|w1x@3SE=W4X`TynxCtig^_`cP;qdAaw z7`v;`^;NZ6m)nKewqJ*P;m%+;$fLpT*5^JYf4xrw|963tg76J8fJ^zmot=Z-;h@6* z?eFXk?)kslc(&1VGQmY6keYThVR@CZ23+9iJlxtwZ)cPv$`MBYb@=*KFk$%|3wdr% zXhLLx=OjvSPS6F;DIUv{Q7|+nD3f$QMl=-+Em)BwLFSn}a(TG5wT({HDs;FYbi~pL zofbKqp<7$q+x{EC(?Jo(I1?n7<#IB)5;NKtIU#*{aP;+yM)+Ixw~})vsqAk&LXxlC zLJn>tU}U!?-<(bf5-^4nISi81P_GEG9Nu>qB+n&-z;bw5{+^%)3cBU-$Z$m0_*LgX zZsQ(9eh~qvjOAj4z8-u%*g}ZT@sue1bCNMG>n!Yf(Vx>iXE}+3nC2uBALck6?gZyw z@t{6N0iMSPdjLw{=?Gm6!e`+?HCZIdF-vH)7@?PwH%uJogp*X*kEbNciQpsj@luW~ z&lE~gPOu<)#O2JN{Nn{WF8J&?XCGXSddZ?NUGbLyuqqjj&heCRJEB>^XIaiZ$VHH! zlOvXjTr!gRYnEhK)K+(dX>{?M&cq_R!0t~Db{fyhYbVC z4T$#f+xgXwpIr8fPGh(Cb;H=nrM+k$x7}sq_PM(JLPYWE9`EcvYw9o&QQY2NMXMCa z&`4BiJP;w0i{~^Sp*|5&zg!`G&J(A|w=^M6v%!-v1Cd=m=VVd)9GsJdQzXJiK9C68 zuj{N?3H%;er#nLTE$|qlgu$ILb*(QbBRTy@E95Br0-pdQP+NNlqt=E1n%{L`SIi z8F!(cu{BTKCPI4MQ}=#?mQB!a?O4~{?s~L;)x-yOIodbC0^WsHB5C;e(b>UhDL&n7~#>cIOKde(vHBel|k+xul<+FM&p`7CBZ<_&HgOR;_z=TnD))fY;@G076Pn3GhL3dS2p z(oInkG7vIY66GC>OPD_9uNpDat@ z#uq1vUpZp)IZIVZP;zb~9?fT%&qfH3qv6i();5|ipuh-We11NUl}a2mpeWWVe03Ks zv2`wsCF1%HS+=Fip2(td`*})KeVwhgB~C~#^r7tReYKzM&nZbsjuYq2`ByGa4%}Qu zl?dJT{_q0R1dnM##iFgui#%to08SHDZ8RaG@}{H$f2$+yeSgDZawxk`)9KPeCnREd zTrZ`_)8Uu{xo!HCWmSaLhZD0f8o!@~LDiD(?jr@VAF|0%=_O8YJr|h?T zcj>;RA86|FwHjhLkGC}@BrYN%H)cs4)v`xCVwuDrXW1L`i7OH^LcQ=wPj^Od@1_nU z<$i{uhoz}iV|mvUOIC8pQdDrk<|sGI4Y6DyD*sm7UR|^)f^V+coV_2)&5z@l$_8*! zE@MRr&<{UuZI`xK^F<(`1{0bP`5vKZ&I&1{Z<`a_6g-13=DnpL_IIGMhO+9<@*_gz zLzV-_fu1-8B(l?ljd3zkhCm|G_fYES(3h4cWJa}`ZDR=R{LpzfiD z;qa^QK)qRV6P1r~q;K*p-97p1;ZaG+VN!iH1qb7wf|HyhT^IiGZ>}_>m7g$6d)-#d zI*~=tk(x~?s?QSkUbi5aoOP1pNYqS(j!yVf&GNj)nKoq7_i9GR?4JZ0iNonMC)4G4 zz*;k(FIv)T~aM!L1o zR0wgB&2WX4hQ&nUA9m@)l?T@MRs9W4jsU<<${xN6SG^s=c?5} zw`%8>duKp{tpe~>YL=CdTRZv{{WmQEfr}~63$R~B<078QrCjaiI^D~QG>{UBoC?ZP zx4ZGUzs(hCmBJd915mcE8dpt$Jy7JWNXikN&kG@!29gv@cRhv^2bMxkeko|Kgv#UR zf3=)TLS!-ZOUb0MYGx_>=l)4KF9`4N?eBj5m6?r<#m_DBe+A^#l+=_a2+e7#MG+}l zDt+S|e|VST@@>zse%=D}2SM4x(2GWTvTRFwVEWtMPsNM@Jb0Sny(eSASmMCUSt0)o zBr6<{SaL*mscvth7fO;wrwNYE^_o*(RO=(tq=Z98B?7?rosAbG^uxoS+4$j))lcs+ z6(h7e;MEVnrCdn)YkyvT%SlGCa6azN+>a5VAVEIl644-Kf==|}Hn2 z%b7eqSt0Z!IP=>!xy>`%I<1X!I^3DrPj*JrB1sHO09ZJRLGZH}ZIuE8^jgj7KjpWW zP3_l4nBJOj7DQRX8{sa)t0v+Ya}GqT6D2@mma}3y10REj+%&4(C$_f{NvAX=A$mDk z1yi3zymG{uPCQlc#EdK+CJ9Q3C8}A@GLk0?M0kWV5+lykVJ*wTS(`GUWQZ&WVmw|b zU=rsBQZ^&WJmfP)#A0$m5|+_)dZsUxw!twW5Hk{pED0t>8iBHP6%AWT6aTP#B$|Dg#=zq}M$vZl)h_Di}n+ zrB)!-#OzFS+Z^`62z?6d-uw75kTM`mTL@rqdFhmOsHI!%Y+fXSW(iRQ(*sV@7=Sdk z*aF0D^vMr@JNfS2F$&OgA}~$(k5BBk?;Jq^Cpe!=p;l?cfwrL;z92~CbUG!uLMb4j%gfOd^ppGv&7#Z8pDM8Bcs2}iaYS1tYdIIbLw+NTlEXpWP!lnHW{;du0yRd|31ua`jcw-YjF7X&?0 z$MtC<#q^%t7(LW8E3=1sdJXj+H+0uh)GGZvv^wn-MD&&kXSY{skld?*?xU!;LJ#%y zV(p=xvy6JE=gjYw2i4WSen}(i(0rOsbHaI}*x#mq@$PSo-v9563$8B46+3-FV-m}e ze5sm1l$!=ZSK&XC6}65JUZcR*e8p^zX$mfyrmAB zDu95aay*?}Ohn@2p;Vqq)$8^q(D%)ONOZe)bnVZ|&}#P9jBTS1)$5jOyVT~%Un4y( z=v0k$O+-^L%@~XciV}iT5~CtR-~^6}RL2zf|7lRhn~oC!!hl?lXuPmDDc~$lE=URj z8cG-ky90ag=g&^15#7djX|hntZVy|^%bP-+#{PiSR!_kRm>o&d1O5A^RGH}uE!o*3 z`!0Q#+Q13U{*rwqO6RSR5e%sYRt)4rjuJW{(IQI7?e@rVeQUl-H1;=mYFyRKjp9zY z7k;JRwB9JfcXR1+#8S{BndXZ0kiTK+31h;$kAn~II8isIgI40zxW-`{%5{TNORhlr z2c_&BXL42uj%NPA<^+_)Mysu$d!wtr9FzP+mo+3nlR|sxp;|2qwkl$)eQKe{-%@!( zNhw-x47rpfDFBXJ_82;oIenm(N*f3tKi07dB@jg{(dA|E@gsVm0lX>ZW8iVa)_Tu@ zkekCuQ#ZKDx0ViIOx1u@IT;{r{uKDl{$xPmEF)>Gc9DdoLPjVusG6}C3)|aBBUA!6 zw_i(8vEWo?qx9}@EOk9yG@XR0()ui8tON&-ilGA6MAbX4R)nv51c`*7I>(LE*He<= z94e|)pm|m4%@m>|oZ8V9Y)Zt8yFT<^};?0_GXgAE3 zu6SGB5H_>W+^OkxJzz^xQr?%1y6k*)*npVu^4MROEN{5@GdF{Rp@eclfBQRD8s zYxy4Mei$w&5f}y|@^+U!uk*74wQOaV&|2QWaotVK0 z#Udl}P#Y6&m=(d*Xmm{=0_Tn64MlZ1jxj;x?D>1!~&zfH92C!m=}4$S+P$0bon7>@sn6P!kNKC7=)ps5on zX*k5Byz`X<#XNJ+wLod4`*kx z-r3oYMo9VnwY!+NbgtI&oCthYQq;4I#b*+CKQ6okNjY0-p53kff0#3~m`fB`YFS!)?`yP)|+o#t9o6^W5id z)U-a%XgH6z-DbIIb_>oh+eCyo3Ir&#r-lu zjEf?8tI=^GSg!9o`IpG;gmF1TcA`ctZwq_~j>ptw}$ z20fx_loVi0?cH}ihUt*CSxSt+VDTvBCwB;I>I7f=VdN4WJ1NmzntiF;kg||thu&aY zpw{$L&Cl@}R_M%GkqXD=+qCM{J(ddw^f0DfoL8#W%^tMTWZzq9+%Z`+O_ip_ejnZU zo9<>q|19G(BW}|jda9Pn9A}lzMixp#f3>(txs@tGLFa~VG)1o1d28!YQ^gug;F8)` zg{53bmL@c@z2G2w=&4a3!Vqzbf2Yy$2FBQjoqGCFh$luqD0c)MpMr*vBRY~Uk~$yO<&2n zBRC1lJxc#W%v6#O8HqsdmoK%P?GqsFRsrK!dNC^!0ZLn?d6?sKMT;Crrp3HSLF-}e zPRTC?POMhPMIqGO1#q-{goY)HPv->1W?lGV_Dp%2$pwVqyqU1vE(&1AhdYDWL*)zr zI+OAWAt%!!!8!P65Y8Pc`@f z8o_Yx9S_`iZD|F@Ho9O*F(*d}rt`P@@G0*vc*)Nor}|NXIaeyGsrKh9%it&?oWEu< z2rs=8g5!VYRFLn|i1dDR3R-s+w*`bu6kh+WgZlp9Z`5H+weK%58dgwv3(HnX`RLur zt0nVdr_kygP?5%JKdD=hl*k_89GGu)>m%e&%X1P537t2UrIXsVfD)JT3lgJA&gLj* zOeiw_{LLv4cV_OMde`@6opgB&@U;Fl9~ z0S0WFBw0!*;fQHgQR0#;| z$E`SQtms^ggTt4g0iM7Su|N?{y~|P?3q$RBDcs5x;%H0EVQN;HV$E1gJSH-Bqobl8 zXA{vwbAnTDEoYs!^hNv=xl2g?L@r36KDq!B@0nHONdXQq!^+y$VPmEYO$(gkR1i1~ zjirHynnr1c^LPnLl%prw;Uc~gLQQS<6#0%R2g;q*ro$K(r>ycp*)AC3Uvg{Y5RD{Ii04)>9;a=dVX-zvD$U3TUSEgwi-jb;O``7 z-rMxpPKIS-WEne0j;2X1w&w+yDyfx5)9FhkcdOSbCW_<$9e%?ldv8fT_m~mw3Gl+Q zqZL*qP*FlEu}5}Dfd3PCnlSa0VM1P}l~2m`tjY)lNC6wRyx;K-H1M9H@(6+(Ru(_x zZrqd3G`VG>Bu6g-3>gCqP;a)}7%Q$G62_=^P8L1eje5Wo^92TCgnICA`MNPwi=*gp zEgH~_B{7!+5GZlYSUeyslqQX+vrC1*K-SGp?qyIx`r9;i1lp9PikH)>Br!t;jp2j= zkW(6?oxxxb{{G3uFg#{)1vih|yQWj1^}~%6?0!XG(rV=amfa)3(|z5=_(Q#&cp$8N z3>QQYx(6iC20epj{OnZ{N*K$=I68l7sW%lUW<+t&V=9@_DVC(hFhc0%v7MebOqkf# z@)SuH*1o`N_1(*-08W0GGR|q{xP(@<=}Fm(DtBftuefr7=ZL018&!2_yl7|05fN-m6_H6b;i`y^bIM?;M^bP@inx~AT*;ex=Y=lr zh&dbp4rjV1&0Afn0 z*G&Q2n<5t(dj_2e=Aq=oD43sD_0Kk@l184UU{U2TIu|6@x_p{a?fFx=L>cvg)`S|% zkmb|9HmCEQbS=S$K{dr`N=HT=om;LN7lNIs#dpT?=~>PaGD6=|@?I+tQ-h?gb~a;ka%StEWmwEcs4wPOzeL8G`{_!7tQ7vtSt^%E zc^!EwaxBPH^F!*6_=Kp-VBe#@hBOb&gz8Vv?Uxr-PkS8CX?lz~e-DvW;9|yR1gKg( zyVufY7>og+U7*T9%F}%`7)m#Uv8h1xs77<(jtY~eaSee?j!-(K>4%o0BH;m!=4H5b zd*0b7TVo=LRY_(W&}uR41_EHuv)5gWyekUvnjNy)nT~Zg@~puv4aH&xqp53nc5Qk= zuCUCWHqOJ18D;C{y4ho!aj2MLa~hKfYh#D{#&04liMrp`0LxvgKXZcfX!fR-Ev*D@ ze885hnqeySqWDKL!puUC}PPNc15y=G)?9gwiRSq|3$7-t* z5m^p|^Q5nf*t^6w7&*c5cWJWlLaLNuKpfU?T3ZVoJ$*za4$)+CZ=5;B2S- zk?+u$B>q!?_wrlwHQ%BP`vFWxpEOgXsFEvR@5KaJOJ8yFVz;#m;7ZnTadB zj;%~W$2rayfy>T-oy;&CejV-vILRm|40RM1I0K}pX@Z)Sst}r1M)X?3tX)_ciyew* zC0IY%t2yS)o`s_&pE?0L+ztjPnA$&;wH{)V$)C#4k^Qp|71jSkNeJ~9HN>drM^u5R ze5-eRrI5f=ba`n)4a=44bj?mdWvwC`zp1jRkP3z= zSj3VMdV6%N->U0geVkbE?up@!BC3qNKf-RU3!L{O9L-2$eT^KO6U!YnDxxZ?rJ?^? ztC!?^wN$@{&gjdA$Z>g~j{c6}y~iNc@oBPZyU zs;PLNa=7&tsAq|BqxPt{=s7w(eu+pLXN;!8IMf)6l3em8aArTkpzb^T$LV7gP93La zP!ZL(tENxdD6rxHRbM-`m9tgegVmRiE4;Ut(v6u8Ms-%CCP05G zq5KJ$W8D>Rg`S=1p*%a=YFMI<#z#YyZ1iYv54=%6H?jPgjdeF{It4>Sy=(|@Sy|4V zIj?L625cgiyL`h1jpY&Stk&NWC0UQnhn&HOj^nO%@v37X32N?)(bVTb8gJyjYRPOPAG4NFHIMDy#N0~c`x(B}`T zc=vVMk$!~Ltf)I2-Ia$f-77E8^aOSVo#kw7E{B!^Rt39)H3we@z^169)Z0einrfQD z55wVCPwU|O7efe{JVZI1(je*AN_ovFR=?K{%6fXg_Gkp`?oI@vX*ymnr4uci_^A@! zx-l_UR5*L|0}lRk_TwKP|EV+666Y*ih0WS%=;Q}yBFfGRj;G{IFoBa#=6w&_;pQ7!)aN&HNccrAItp3)qyB9#TOvZ+#WQ$#dF zMaD%=@LU^(fe8)Vd^c@ocLi8ILX%)(8#M!us^W!P=*yFFoV{^BChnM+L*;%{+)-K1 zEZ@`5UpxKG?{|aV4J$M?j{jSkhyvuXE~!F&rArGyqjxETd~pPK7*Dme?E<|#=7?IA z^n?{@jI?nUG^(^3u8L(i2#0&aa4+21slC~)z1b@G}XT{E8lKc)DGLIQ-akyD)qLY>q@|;>WSLVTt_rlx9RASLN%EL%Fpbg%8lN?66?#KET{j`LDgp@I_C`%uNTJd^qgk3096+_p|OGj?&qdQt-8jvND>3_ zjdmJ#e6h40CBQPU(`mKYnv&Cj`rA+#UH_=~m8kAp$aBPU@;v1sxLy+q(a1ng#1xf% zp6cwAP^?L9)Vz@<{PI-TC%Vi3WEARRFA}+Hbm$mj=YVF@|w)@R?cQ>1}6PBwW ze-+cEd)iq|a93xog+xM{cufOa^3D4KoUCw%q&11NH5K$_H~DFU;@Zycv#)Eck$t&B zSc74%8vH8JK^xB6z%a5yCS=Tb0YMCn2bhjEq+)0p;*C?CN3TrkSNdW4js##x>P2^W zYD_zM8L>A89D*pJBo%>_Nt}Fg_0t9t6Y*$9q?BUK0=AbLVwhTve3P&UCo{%{`557E zX+pHQb=hAVw5p1vet~U$l8Y-rfENbJIaypCNN`RTcg7CPnW0wEwX~#nr$$3C6Jmba z@zpQvP~9^IzfHzq85>^4tT3ldnY+G|&d`f_aYqgx@3^u3*|3Um*r*~Lc2*IV1Ahmo zP@7_~oZUO554-_|;Jrrhp3vSfp;f*dn#dj-=a$t3)&?ZI3&gdV7Vgy<@bc|yeTf>G zJEAgaB!g-W?i2~UCoI<|ET6S=OPMkW&D>sF#!S9cnw@3W2KNfbFML&gImcaNh7ZLz z%25sU0=CYyW+nTdN3CIC5X#3`hb>XAU3Rf&Wnd|t=nG0!_ry}qn$jmm{jPi3R6T3j zY7BQ}jjb}w2*ea5ALI#1a&=hS1*!c;p$u$p`Ns=gw!X0yOYn}Xperg6ixX#=rmp8V zgts*9h8c_1GBR91=|^Gyx+}---`RVVuyl%wRL}%r14+*S5_C>DVuk34hODbo?KdK! zz`r%g_-~(tUCVOp-?06`Csl4GewI%7*&~R<`AK;cP?qvfBF8D0YvJ)(_{YxM+cS&4 zCvz=iu5HtK#ICK-GLmOEt=))+v5GSM(1Y<%#njNzcPb$YjN_}dyyGT8hYtA%#)Oi1 zl$LnYY9JPm2`x#7hlO!CKD6HH0SbbMC5q(_A?ZH2{e(INL;%Y+P}0aZ|L#AE$;GEE zXVE9V;GZsV-cRVbAG7G3DdYFBG!! ze-r*G8PY!eL!DnRYz;`k*F0>6fdIubui~w7>4@ zWe+c9OUGS`3Q1D@6d;;q<^BRUF=Uz#Fq?_QxgasFPbwOgaotX1RAjOIlM0TGPM$-k zU@mYj3g!Ozoe6VTZ`=tl@Mm-}2zS4R)F=w~qdayTlSIOg%Lo(oh(Xo@5*S4uNNAK~X z={gK$3^EWvBrFZy7_^pgHvk;Wx6<8V)8~JxF6-s2Lj#-P`xeurWhRwEMZbSq2DQho zi0*3io~nE~na#>z2HU%}+gesK}-{jtNJPSdOTdK9YQ(T=2(g z42VgX1ED`9^AlLmA^I=v&>c zE~448&{^JASg{#?CPI*C766;C#|`e^rX;lx%)ZzO%cvLr&RDTGs=GtIgXo_ohf(Io z0ZnzNOm{k=<8lH1%*Gak*_w@ULG?ElA2!C=t3{AkuWLb^>yd)DtPUDj0+?GKu}m@j zz%eVf#Hgs7HnPn|V7#2sBNd+}p5xtTgtuN&oL6Pu;io+S3T z;Yi+euGp1vrq+rw)evK9@Rbh3Y+k;V=Ihns@!}d65Vj$X3l%^0F6BkY9*{R4z6z4d=^af0UXAsg`Tgre0b<->bjgb-XT! zIIYI_X&J5SDRSE_n{5c{h0vFlFV~A63+$*7wHky=&U%lfm!ViS8>PyRw;2hoTd{6vlE2siKxM-oC?^6 z<+kT3a4#(8Y8``JPkS)#mIP;4NN={?oZbu?kVCKFp$n3aC6fbc4kCFQWi((Q=uBqt zr5c3F8>FgiGshI@dl{ojWsY&x{|OO%^NBuZBx$aA^5XFM>lZ3{7R;u`;nXGib-u7Y zxJMc76jwtgn&|Ybj5vBHtgyUvHDueQkosR%V^fBx zx|059?duDu0krMJ`0SeWVh~barT=mQt!M_1qer}mW(ae1_|H@H;vc7vl@y_q=p4Oy zS(b=!LL>J0DYP>t5tiV!=V6c~I3>2F@dDsQz-l_FDzuCu&y9zYeK>mg{6yt#t13py zBxRZ#GebIKT)a^{ntxobn|bWIdB>Do)R1!wLcCh>(9iP*_ezk5rs;&ZekvP4s-DKC zmc(YeC56p)Qv#dqCFyHA=3Qz~8(ypb4LO%og6sQyORMuOH3l@b8F3Ew_ji?ll^e*k z^0uC7#|eh2%5E8jPL*L%`Y1DFj&f?LVk%-eVQ!e{fVol6O)~A>ue46e)kn4JqFj-B zj=EF5Xt0Q$8^w-A9U|*lPssW6?r6h@wAq|i#h$e#M=)EKfkZ2EF8%my8 z{)AfP5hBNHDkz& z3Ge2B=oA(nqS_lU>qdsJg@pf7H8dR*jBBbGo0W{tSl5+v>#OIkrkOMHYWGn3a+v}* zQO)hyxY%KP7}qusjEHT_<}7i9zlQX#mECbna-ATgqD*j-Ts0+5S+O%RNc*hPsNT{p z@c>Xh&`TVAmyH?a6T*UF5=D5g9wGUfPK#8V;~&zFuT zLtdl-&Y(|Tt~L^6@wmTT`d$WDo*iY|s%hs=%y-G89MSo_fV?J1$`DpDEBPSM>S+-` zk;CVI)rL4K<8`cm>CCpOnFd8(*)R7`9Se4EfA{OJ92M(xi~L^!`PR)er|F>~!78T; zLUa7#U5d-Mz$n<}lOhVSLdZYWyd4y>yeEb=c7jhoM=P+GF5r zodiK=2IDq;*3xWXzGkmX@}&e9h=UFI22(7^d%SSdg4vyn#f-Z=uTBJ}giw#3$daDY zX;p?W?|Sf-(uDavUY;dv>FChwO|mm}>?5%x{QGi%VV0ukH@wv7C zD4RLWNEA9L^{=-yoHOl)7Djz(I8s(MiCk@glv)XApexzrRP`i)~gpVKV zScMXZT1M#dGWhrrJTJJe5cXWB_?GP#013Yuj(u7qx5i@*2&`*Ki z>`w+1&N7lZIUPwF+pVRVaj#D_LM3p+V=Y0&f>V`!k!T|%`Lqn5U`))6#aY#Tw6Y=F z(7o#B6bV0dwqegr-mREyBj7i$DZPzCbmZjz5o}5zdXiGQlU&$vgFZn}O;>kBFVCRxGg zXDkkE0&@MX-7y6Wu}FM`Gd!jV6|^+7_}q7&?RSzUHpSoHzCG4I+#P8yt^G9#OYtY0 z7Un0lWYnP{PkH5;Pr0BB&ELK{HP@x8DQ91lnPnP|PuDlwi;QX3d`x5IcCNL=Olm2&PfW^j4oqafgdhUx9w@ z6^pQB;m^(ecuf&(^>8R*EF0tK{3+s0afVc&m}z6(F->EHr}A|eIQ**S+G5A2n+?NFSTU5GZ_Sbc$Zo}$L5sOf z_6+({&7?uUZ?kGpPR&I)=wynj( zs<>KX!OYt#7v|Q$8U5ZQj=tC_>5#sT(uxDeS{A1ZmvSJM+sU5+Nj7FplElE)Fjreh z8B;c1d%ddbC*0UY#6!o3i6|y16U0hvC39jJCwTwDZKEcrdKRwMf8sq$9}3mwjW>Uk z5S&+OTld~JTz=P@F89$*cmA5#G>(N`eD6+Pl^3*5ONPwY#F=5!ntGR4*axs;D!ps0 zQ35xdDR}AWL)$nT<1{uGL*|v{sl?q&bs!1oer|47J=TyU)3tm(L5<88F(YP59~`d7F=$RazJp6 zO;e6rPj%1u4679aZrOUgs#RpC9ma>)HswHg72CpbhPH~j5|grxfGq1&P^?YlwWk)Y zV{5EAopF}KQ!3l?A_dJJV2a){-HfBU;wyWoP4`uUM!RS3^T7OxXceD9!+L!OaKESjf63HJVNo*3G}Su^SY0>; z<=7^2vrQ5_)u*HJ0B+!5Z=O#A)U?cNI|nao=Wgk*3Cx^cl}+y0hLkNrha9Ffd8(@+ z_C76VIa~p~LTKy2PYJovF)Cd;&EcT9d}W(i9_>X^C$_%aYYqi0M?-Q+A1`&B8{f-6 ztlq;FNqI6U1{EvkXsZIq-0LN6Dxq)YwXzYX@qH3v$H;W#4Ncy0!v9W^`S;31w{k93msP{sP`aq*1^4mNt~W^~ zDhF>HRwa`xc@Cvh)x@TRRStIU#~<*>rQ(fTjlO!X2V64EY=U}Pa~lAto?I3Ft6;}) z<{qAwTVG~Jt>wRpRBNoATaBh$O{QJEmVXU&3aP7)r8kHH!B zU{dDs`*ZDW>fdkN*$wM^sx|J@=ANwFu~p{w#&&EoeyjE_uOZmBPt8K(Y_1gTW|6ft zylS~QR>;W0?0C9%cKv)e0U@v^N|@4@PW(2*gpx1}6N%W+!0m0YCO z-bM`#-sBc?ME5(peaazOzIAN;K*3N>z{A>vPxbUn5P*oKBQzYuw(@KIfzFFL;`BeD zSz1=}l>Ub_1q_bZ-0&JkIrToLf&?lEPr|199_uv4S+?-RruR5GDy!FY`AalUSKax$fm&jl>{_*01RoKtYra#UmLv)vi*IGGfQ zp~xR7(I!4jR@T<%KKzTFx6w+SWz;ouy{ zAh6!fa+YBg*}CqonK^m}yQ4K!NA;dmC>ulvZ(z`E$Ejv4TH zHk|?JFS7(kzKWq-?aWoZu$Xwd5@TXT|{I;|`>60uc6OuoXg9L^= zx&RXInbnL#NDOB5HMVs$E(A&$nie?6sUTpxZ)|5h)HF&noX1O0q8vRjF05BVsHx4K z9}Ft1O^3M!PFdxHl5vc#y4={ISuuyHpjGD;LmYijrSY&lXO*T&u#6>ay7&iKxb{n4 zMgLw`hr`q6`$({-t{Kx)6MZhwR>xx^aOkUh|HIPiLFRViZHZFVo!8iwmKTZZIY?VS zKh#Yp-Q7jHyuiD6lV0s6ZMR2G=1h>YT=D@tBhgYz@Y_>zDzqe4R@13ooe&&*H?l>Z zC{#xMzA7^8%X&?{RA=Cw>n5O8>E}P?yOkZy3O=had;RB{#Qm)nGFK60xg_Pm;!AD1 zS;ZHk3BmFduHy6Df~s<7OT&dYESVQFq#88D3HnjS2|-S55E~q%8a$+|`E0*d@!9@h z-k_mGr^*NnbpJ3IBWYYK3|l44Gd5=`fB$vjK2 zAPyDarRAF%1r5cCTs2iraBd-$QSdd3!T7f)_ZiIjcWFd=Ke{C=vuG)dKPe^QG3}4g z{@`!a!LvzLDkI@38{;EwZV5KZ+|5_$m{z-XUdqbYkA@l=gJu7l) z9WUCVHHPT_uyM5_T-AXugRCXx1>36W4J~g9*h~yi*NnAjT+49FKRo?k+iJwl z)Y}jpR>lx++$_#|l$5+D*DnGq8lJI~Q;4$3!2S;LLW&3wcM8%|h3JhWFTi3cSrZI! zG@(IryfCh+N+H8J1zYrmX<9He&Ivv*1J?Q$WauR{hT{urC8!HZ-unzRnEObEQgJ6F z1w0MoM^h;&V?iDF@cLk&DWgi5R|vTgso~xj#ztZ3JBg{osJcX{V5v0*hjg2Y+ni8{ z$p%6oQTWHl4m3sm&yvz&UB_W?Gek6}fL32Tb9AS69j!+{{Co7LAOHAx^ypu) zgG1G3{p0X*$=ix6aE!37;$-ic&2Ls=~7+3&TKk z@TKg`2zj5hBzdMJ$+K~#Ym}YkWJ+23so@LbO>c1?&6?gDx$sOZvM%jP3HEWrfI?5b zBq34=FFA!q_CPTJ#<0J%%|aN-lPW14%xD7P%>7X3Tv2CPd#L1PH^okuDyF7}x!2C77*f;bYQA)n45?|g3t!qk z7FT6U@v@ceF>et|d66_SXMy&x8RT4+ajUZnT3(AaO?|6%s;BF1!_s&cdDgF+I_YB{5vy1?n!>deCE`?iF>?Fr7}UOy6TX1pNCHePPDc zRa1&`#)Miuz=sty2Hm5|Lq=n?GZ+lQsvhPBw8NevuqmvmAH`In<-V?mG4%qO4$I;b z4}|I2?~nZ~HR{f#JkpPupMIX=mwqXs z;~eLUAf3|mgRKJIn!|ATb+{AYB%>*Doe8*8iJz36+ufocE>(a@)F%q9i2v-K;(_z4&a8!@jS7JLtpSBFYl2+p%sl4N6 zkg&~QsEd0;7@%P4{7|6~V5o(guYrpJ>~ItrU~Vl zGEK=BJrttL%a0#XsEpvkB}Ra&2mBbILA2gwtU-ZH2q#jZ|wdN(P5LqG6sg9U&N`!Kep{2G%*BGJ7 zLT*4A5_3JLZtk&$W$%xGb=euM99y+v0w=10di0uo&0;b_d%IsXbo+Z}g4gc5UKg%M z(aV&Ij--ovMO(>N47?m?b5gOFLyt0&>+AyjDT-;1L{7+K*$v|)WoA_eC$YXu6$2(8 zm0IvxlNQI=r?mL)XS(PJ^~x;JG#+$fN6Y-PN2m_(7Yfq)KdYGFV{F$$Xrspte7= zu~HD~VF1zW&#Dfn6aNzYS&s2v9Q9_(G*Ie@a8F&o0R^%t;L^5}JJ%V=a`Yfg^TZgX z)%1Ec3^bTB!5Qd-cl6oZkJteydj_^fm@nfIfD~3)3J_7%zj)eizDss2i~)ONWV~Z^ zCQ-LF8r$h49oy*Gw(X>Yj&0jX$F^&f%wJ?D(?-gEDts!^jx)u_G4-Zkf3 zYp#V@tph5dW#e=uB4c&ZC9c*HtrxW1b~O9>)3PiIp@m++3lmNJSJqrO+@-9Rr`&+P zW&H%yB}jh}%=_WBEN)R=RB(w+S#~+7nas~lO93hR5g{AG3=-tY^_HqAoY)lIXmSx_ z9@Mio7*h<+=wqtp=k8?F=4$U&b(UT}4&H{nO6I4uD-e?^$H{RuC@9sip4bpZlU%bdk76Q@F-ZH$BeZ*8f~Ym}5|Dp8q@D`t8NwtT z=fNJnbGHOV@ClUy)H0jj@Zgt(t_ASYDwO`_qx_VS7-cz$Vz?#JQK3%#npxlt@Zla> zBfjRrmBIEJBW~zoBa;fQqm4$1rSA^Y0>>o^k4BigHx@bdYd2}lv5%n-m{X;I#+B%_ z`L`@S(|c-6r5mV3?56T9#4}WLM>-0Xb$HC>m`YROK zwR5O5+BPJ8^r$rP#K_Q_4UbG{Nm(`f)r{F6M{1J`87qqevfI`L{peOolijr2;E$W% zZ^EqKw*gMY5|`IteB-Ry&(Rd&FT36^&%+i}{Nb0)Og|BzpuN2AZVedAzIfJl`Chl} z?TCOpYxp;xwv4=MUM(*?tZS;2seBUbe28a9W6y-#$z}&oVy-7;SO@W< zVWpBk#1rB;MI~6!vPo$;i*%?taehUO?@69oM2iLn<`qfh$fHgH@dEoGV`fBjG|w^P z4?c}z0wJE7ggb-%;Zfw}?fsQ$?rJ%K)_?CF4Q?S~`A`9!eMIV~Au$?SMFzLyVML8tr3shZFvQbW-$yqs zD3OKkhnE#@w)6@%WrEnBb|S79PmxERyGSqM0?s8@M?F7HTc(PXM#B4tlb418LteYe z#zUVto9FKy5_(3d#}7JFn25kt}^0no#QOU%%?JcTV}48hJc(DCcoc zGUIo-ZsM@EmR0db8LV^z};SA2$BLf=Kr`X`|a&o(4hc5N@3IW;T4@u=pM zbP>VWg7n4ey!HGU?&Tao2Q1CNcT0x?_z=Ismaa}#KFQtkJJ&#U^B(Z!0Ho-H&WlR<1T-5JB_slcIU?04LTteNw-Yf`iQ2RtbA2Y-yS~Nt) za%)|^bx!R%$6FNTt$?r{c@L;myA-U%f8yiqP7?J0ni>b^Jc23$BY0iNHLQISn;1Y@ zt&iy`e^H>n_pfz&L1idZXW*4K>}eixqM5f$aq=RYYbOnXm@l- zMvG17*IHo6RFFIp!^sDLeoCE|`tw~tc84O)`8Bu{4Sl+OZ?pweYAhLG@n&DTbas2#UT0~nFZ{fjeofd`Y*m>Rd&8!#!d-gnSD zm4YhQu7T@)6JFMQb18OD?&@P<(|tP*%5ra^>nNQuY zRJ0f95EcAo2{HO`6#nBG@mX+;6pw$gd484}hZN8>+PGX7zEbyp!Otd+fQ=F6x4^n_ z#gFi7UqU6~=ZUk=J@0hO=&r80rPI?2q;Ixa`Es*UBc?;7@2i>Uw{&Nmv@#dE zMta)vSx$O;PRkI4elcX106G`#P0jaTT z-m)ram5Z@%$MM;bxXb@0lGbktVk<@{HMJ@X6=`KFFCtYs_ziM(>c2vGWp4epo-P0| zSnfLjar0ro>`Z^2Be1iPXRW&z*qv;KUCjnJFgZ!jaj4p^IuL#w3>vx8`_ndik(I!s zwOEJZ@2UA@+P#~BAiiZ3!!I8VyJt@8m0JUY>Ln(Y`9Leg+!gclXSr=Tohhfz z)>Xh$16Hip)NNCKZl(2S6L02KSyH!i5%Ub%Tb|D>zvjtDI+FjwU=P=sRB{qQ1h@3n zu9^A$xc|tT-TI>+H~(yFyScJ>M3`j+(r!R$R5mypI}!PJ9>U5xo;-|6ua%3gv}%pe zzk#QSt+Hws&-h>zqACVyH$4hlQPpL;UkaK*D7{d;x$>U4D?@O%yjm53J5?rhH#a)V zOZ9LF@G{V_`tX=b<^GOf{k1|N&iKeH+A8ME@fKi3j)B#D4p7pUS=Awl4Q2iLRoJj<#9=As^$m?89;XvC-5YvXUHQrJ^0@7aK{& z<53cFa z{zavpZ)-{=hXPm3!K@_Gft0E8;R$m_M2Lh*;XCSCmSpd3u_WHB8KifyhLb#bIa><6 zt^vlP1ul}P{4lJB_s96shlchFs`&DIwYIMX_C`zC(PoXD%{R#SkDe(_h>n`*+20?4 z9}6?n)#(znf~@8TJ}ta|mu*_+HjXaKgw-3PPsoG<2S*Uy;2EwAe0+(FbRlRa-=S`? zYkVc@B5>i3psdsp)a}F*JjTob*hZ(_sP~<}-)aOPu)iD0oJFH_9f|!w1?%V7e}PyO z{eb>x#=zRZ&EN60n=GP1)x$)0!$IwcFK?nNQ+}#t!Y|K>t=08?es?-3v9VYI+SLIk zr>PCV*)1g%RnF=$5X9kmJ8OC?vJ1vy6U?C3gG1*o6+m4fKsw4Ve?{N_HFvpIy8@(y zr5oqO8qPK~LKCD-so&*`S@VxtTuq3BUc_2#oU+_zqu(oheMVB!%||@VXQLSgE<&HH zbvf6zvu?ZpBY*IS-&YE{<+f)DGWHdhokK=073KB*OF$D$@Z~-&^+_vdlp%k6djHpH z9L-Uf0u7!eQ^wQ)KL4GeBjDc&r15l!SP2gA6VhYnSdMyX{qHJ_rCt<*kJXkr8Km=) zz73M9GfoAs??;PY< zearW$!Cs>nPioX#EnoRXi*ciVL;2uI^oxPGLA=YKF^FYTv7rbz-rW$}XWmBX@)x z>+`$F0iwCu-NrQ%j#Vs)XclJSD zWl0iOTqb;r&~r^lMrMTrfRSoC3z$%W&uD*pM)zR#lX@~meIxF+I?jAmWKH*utBCjc zjWW0UL6bMAaP;I&5jU+TCTbV$q&5O{Yl}iF*1`Fdx{LuMMPpQijC;BEul(YD{hOq6 zo|tmx%irQZ_UMy&9{=11G!cu=ofk=Lz!I11stpd6H=A+FCt;#>y8rmR;hK!uy`9eh z&FFmPJ@kwde7~B*OS7x{)bD_U0JGVOPvA`>!0QXho@4b7C?``eY@xgTSJPG2A#U{P z{e|GLa>;(OiBt}q`P(QFodE-I*lp4&bq+dKx^Gq*B-|-(3(R`4m3ze5^MG-jh0O1N z%9}pkE73*de|gpq`+A@o(-L0k1<{oPLN|Z(e)ss{1N26l{eG{-7wtO}hW=jBN#6}z zJW!}Ck)N@$ZOm?F15%s>WeN!G1Ogq|w3%>12LUVQ!>Oq`^BC{@`3Il`UuVOzWl7X( z93{Hg)q`u6pk-@oX<(|-#vWF!ScuJeBDg>fVUV zybliZ0k!k@{ftlxnTp*!K8=(`_>4H}2)P=i;FkG_7|1{f5iNNJW3~a(Ec0Lp5iX;+ zUKiYbGQ->&ZErZikr2UK*uVCF z8?t^&wgHizg_^heU~4ir%1-3~t%^$I7gAA>>0 z?{%?pd76W=_cY&$^Ps?-wXoGU=K8>1DBa+=2p#&0TK{idjOf?~IXK5oUeAo3N1UVXG7K1!CW(ytchb!Y+opjl+e zU_fxS=M>E4sgNLQGM0RQ0>j4}Z-BfwETUN0U10IApB03q>X~gIE9ilLDAu%IzN^-e zl)!Y|kl&1Jg6YTtlO?NQ5euZUyP9MY4b0;2wGMytxtS^hM|32}WwCPs8BP%@+GkCqmd`4m{WpQ5I8owP18=3WgsX<6g@J zgk^$*DL=_Cm=5E{8;?CnQ6U_9VD3r8Kt=BNo^UoenHE(t^TP-Qv|kQlffv}?@3lK; zhrOO?L%p7)kF~}BIj5#tag*!o@js%x8Hb^nX*CG;LqJZ8R3jH&Le{Szt+hZk{fl8* z@+DL6DF^@cdLOv&ZgtgiD7}@k=QwS^DZLN8qh>aA@OR|>tY4lp8dS%{%{uJF89i;S zN4S;8BP^Y4#T+#Y`m=HxdFVvia8PTLuTgqBk(&F`=mOu^eD%lqN$%9N=CXoA)=txN zAgye>!{)U_R$l^B1Bn< z9aw@b{GGn&Du>c7Dhf#*g(LlNI(~d(Tg8J-1i3$UAm=%rJiH;@2WwyHB10JU8-|rH zbR_z8tCT22I>eF83Y7E%n-a#yf3YGjQWHJ&Hla&BrpK1>0cmDsvL10XT#tRcpypRR zAKgtMpU7jt#1`u2pbJ%m=A#S__igqpkdNHgrIm3riZyZKMxhuTCrd;3lyWn z&To|%Wka4ab(@Ul)*-1o(@Aih%M6gt=%4lB-u-N32Zkk!8{)IuCj)0^>QaC{c6Cm( z!0nO7?`hEUmW9|$s&2WdWJ)e1MWZTJ$gM^&n9|ZLk6CHyLAjRwU^9* z=j&=&(iVzYwIVJ=7tSi0_#jFt96_G9ANp!btnXZDuUAF==&d1d2}71TjGA9^FJVaa z>X5eo?Fu3XIsVK3PesOVwwkya2nM!17D8ZK|=%eSCC4LuOpl@&b2Fif{P+j7)A*+5#?)jY{l(LIsY=)armEEjq) zjIG6fUek%V944`??J%V~Fx91b!N31^%d4Jh7u|QYs#|QTU$Z1prc~eSitFOyYlUU0 zeFw$kW#CXdMCd6Z=3D+;q}Hgvc%wn1{`5u<_{aKzfudFIDVD20+$bFTW1J%-d4JwiFK@sQd_ww-ZogS*~XI^8lhd8ao16~Wt-7xa;R zs_Y?|(bC#7tJz%9jWu5$Ul_;+8HTdcQ*XAd`j~8h`yAQ@V6!c#`Z+MnYxz~*>!b7K z->%)UR_xbq4^D5EGx^)!3i|hdO#NKryA4hWzB1^{!hr8$zz34$`AGL&EF$mBl%6<@O6_AzS@t}b zTZDF9Yg(5*dd5`^KR1x3CDwmmdtW3uF{c8G;8{v@4mDN?b@yL>ntVWHD4v&7U^Oqs zJ@M%qV__-dq+1w#AGR9&>?ydjdnBUntj_D|DJTu)v3N{TXybBjdF7T!Eo8nYs?DsQ z%iV*ycvReErP;zlD7$@34Xj@@t_k7&dziTwU`5BMNO`8bPb-u#@=k3CZgHXJ4$+ zhl1D?KYE%kc7In1)(anA1;`TVJs zTQLu-^GmLqc9H!33M$%_1!wyGx+3&LFRJV9G~=;%(PfY3-A^$U82a+H+xo!D*md0m zWVZzufEW9vHNQ!Ep4rQ%8@5v8klKb<<=438z?B>pN7(Cj-hAZ9o1(AmTGe?!!TjeT zs+bJpnzr}}X>lz9Fa50t9(v344Cu(WNAt1Uom~OAZ3J|C0d}i-SM!0bwb0hPP8@DL zZExuND|Yay@fDq3UTsOHwbkdkxC?T+^m@&ydFst2eK|ExC66H*nNg;4`Vzp{q5UB zg*c=Br&8JuNej`Ap5+85Dj6qmHxK&(;~YqF?dRr(-F;X-|OFxA_7=~=+9v< z=uMFRWt$G-C9&c7r>o`Fm%}K_E-Bm`_P4jV$2!EF2pK3sNE`>Zohja|3WBJr-c{2`P+`@CC9%iIbdxb z$hV2dEqD2`muD90zvwZP>1-jOwFIOG_Fhj3bnv6I2wbm3?zeF8>QbR+oO*`U@^{XM zzNu?Py;3(bveqcf#LP>suyXHfssjq3F9F&m4eaz&d;+d{x!wXDcxE#mfh^SiPXxdz zp)3xEaBl*>`r>#u5v8r;D@~o&)#7`^O=m7C-wj6P5uGyV5uI)}*$!@`)eKD8-$Ksy zHI{+J2=fz`BaGGHILj3_R8>%-j!ON)z2~74)$eN1hgo#qg70FKtd_|#t`dM71B2Br zu?_2sl*-^t0~^VpZN$e6nk$MtjYY%Sz(+Ca`qh14Lza)Gt`KOKHt<_yKtaF!>$N+! zm$;s8pf3X275H^~#kW~G2L$ZzeCw{{Z`}n<|Iue^vIL1uA-yNxY&YN7ikhqQa`J>c$Us$7Ij-Z7=Qe*(t-j9|*p-1~M_%?z zI>Ig5Ec-#9VYyARBNWg$D-GE7Rr}iH;cSZqI@2mde%&s~x)dVK0p776{ax{G&jj7} z)yV(eZ{p9xwnPDJ&LJmHZe4l z!#RLMX2VXHa81^`wgRn6gchEIWpCPSHY20ov$3){NamsnzhPD%z1M|rzxm8h0{{C5 zFq>_*{95}l>w5d-*LtrT^5sW?pV#Sd8%SV}emZ(O5BW}ZXL|{5Rpe)rZD0n|T83pk zd~PfHuET7+`uEO_yiHAH)aCB?BAzQfC%>MIOI5W!hcQz-)F<0Cg$}X4-0cSJmYvv( zCsxjPI3fU&>9IpUy|41rZylRp=>T}k*BJ|Rqg7Z;NnNZGp5AH}RNR5+^7tmYo23q6 zTDMr}Oi7nG4$Olw@;d7=I*9uU@yw3sv(eSVmCsMRt^%b=ladi$Q#%b;bu@9|COXvN zS9dF*o|gw2Tp`xPW>*lm>CB8ALr5zd!Z6Z0>x2Bfc*LW>rms`kUsreO;qFJCrSZ2; zT&3kXX&nbkYI-#)-iyiQzKs!=$tnIXJQpi&N$C-pn=04z)`7oO>o{6!GeBI|wTh(_ zd{(PE_`kMfKJ{W=w;Y38g>RbX?3b6FW-s(&m%C@mx9d85)g&GPLT-`JzX4M$0(gri z$2kkzIJ9SZ48J{Oj<|+@PM0yey=~!KeVlSDjDF-M4U;hntad|cn*i%oUVs8??Y;kD zM#99$yuEXa-fj#5UCS?T)BN7f>=ys_6)o*3WFv0e-bs)0l<)-yUGFN-`W^}D?6tDH(mgEN zRuHTlj6|WG;%oIM?WfMbNSOvh_E+Ma*~~(Yh_!PzyM#(Hv2S#vMp7g_%@|&Iz=pG@i^aNx|G8ubOq(q1(0sxQqg5M{V_x-Cr5Dbs- z@rV7A*PX*D8Y7Y-q*ySGq%G)ni*D@Ti}C;Dk%I*82t1nt9jMmxpkph~{1WaxaPotG zzb4KoM2-jh3U>F2W7xH%F)fZ+$dY7*&7_<_oNBw$nTX{6ZV0;$Lb^*xFjHb%tzZ-G zHk^HFrZTJ^ZQ+Zv&a`zz480ceK)^36ndC~&{%3Y{kCqa3Queq&Df}x>L9z}wsI?*W z-rEi6B>pF%9P^*pjoQ>@rAF3~sEVHj-Bf3!>21 z4*;p>OUOm(_SS;q4W03=PB=;W8o0m_~}Hr5;+ZvkXsQl;=fk1r*32vo?)hH~x6-kK>+FKUu!!cR>D( zU_s>Jgr+0q!XzW`;d}L*V>CmyHC>?K+&5-hoM*1)j43Z-;*3vpy^z-~B>Cgft@by} zYyQhMSN=1Xv;*LG1^95=WM6=eIyD1eQ1zbcP*S2v>9n9{Pxq8wHu-qEE}CXG&9<5? z7KTVF4rD;IgPh6W^Z9*v!RU!f?TNKmN8aBRHOnF01oeAE1%bxLbdGQ5e&e{n$C)`k zkdUAsK#2T6<}~BI{t-~8%1Rs?2Kr8cePXw;n+&}%#>&-$CtIF1oT!O%Q^cr~{v$<%qC}5UZIZGBmWbEsqlUy3svBZhh?gm zk(_b}fzibDS(x@@8ryZo>z5n`P+}botwDiCSGmMLZ+k@S*y$o6K~{e00bD2$eqeThXdsK|u-5K6zy`6Z$Hcti;ZO9}ujf7j z^+dbLcaiRdudG|Hs%_dd^O;PekWO5dmOl|pXyP0h^o+Qb&tlt^Y#(YaU#=}_Iy!&U zuNY(D;Fgq=v~`&|?Gw-WVX%t{SjCHxFA5bxSjEru{eIM*)?!NiCc%?0B&%kUhQ@`( z6Xh2YC`y(PBg~hfF(Y?bq&gPSr9n64P;PF2G?@thoM#gcAMVlj6ez4|(7&Hku&jP; zSvVD)fK|I)kdfz=AEGNSx1mp-9h4F4UV1*xQFN9+``|<~?jAZRp{tNTb53!taB#O4 z(+CYE8;E+nWUHuIF9=;rKgPAO>MpTT7z2i8KTsnZov3qIafM_c*+f)kD$V^nhakj5 ziq+3QGN5zHg5t;KWOkgmqLTB7;qTs+wZuQ_DP1mRKMzxu;JXZ*6!sUQo zo)(fieXUgFm@>68=eCIdA*a$k`k6&_L;JbzGTT*BYtBrHq`#_U+<85%68$%K%;drU z5@Hoc$-gkX;k@)xGFpLW;>1I97L7)rnL9epAs)f4z**Xn9G40> zGxjA#&cw=MN<+yet{P|Jg>wTAoRU*6Vtnmovo1uobLn;b zvjxLL)7Tf;n~WsuOiSX4>~pKMDkS`+>^7I2wkhM+c!9fduW$?C9iu_NS4v&%!{zW# zhWQ6Qxs!6Gqlbk<*tqcLNm+f~{eT0lVUGCKHXM3`7cBHF3psXv)I~KqE{k%?$Bv%&JsrMJFKRaZxt$h1Tj~!#Ju>_wRu$cJ!2 z#$Q&gj~!q3KcR0=W=3DNhkLPD)k&!#h{6m0QHwo(jMb;9$Yy6)be9m0@viv*Ro58+ zwcrbaztyN;X!@lc>(@CCrSrIkodB)?u-gdlA72T-!|m8lneG-;qfZ;JCP2_ zGB0Nc%mjd$Fm&hHMp-=`Y1?NUvmA3~EI%z^^b}lfvRWAnwG>bWEeBVzBx(UP3liR! z3ee%B%bFaT-j|+6*?Kl&`W=Y_2g;JqlyoerJ4nfqOZ^55`Vn*#OSx?(t5lj>$Q>-q zZ#)9D9?R0mRUqG+#M!~~wvqDiS8NTZ7lf=`0(SfNc^}DSY@&5@YX@uw)%TP`6Oysk4hL@(!?9=6dMq9 z$b=|#b`kAgLUlyQ4-i#;8E*`Qc8xZy!j2fk&FRd{}ST^Ed1{{4iV((u5+qgkP z>L07wLE#{sgoLiO-OFQUYVW18QR;863|ATZ#|?X0*r)OxD7WGD{p3i9b(X?|6)#k# z5!4!?5gRv3KU`Aa8KwNCgj3;U(X!W!G7k2lAwtQ4eA{%|-@cQ(yJn?duP@#)I{-xLUv1HKyGHBC+=%}&ygD}5 zW+H;tMq#5Mty>G%patqF=>ibt2LnHQ=V?G@&?INkJ+Npch@JM`-XKr2W04zHKGcCWtC&&au3 z1ZF!8Y}KPffhHplDZa$W+zt_4cR)PT*nu0Db4n1_rU&hqbi<{!kZ|-hO`hKx^)>`4 zBHmf!GwrP}i^jS$KFQ%jzWxI%@%bSOpJ|G*^a5f@O291|&O{m55j^f77#OF&YchJ} zn?LwVOKjdtZGIX>)W*ti_Y%`S-{D6GB5Gf;L%Jh0vG9jYEuUMT*ALbDQ=blMC@rr_ zCri5EQ-vcm2Yc-+f`*DkMHOSUQWx+BFyjyqt@AORVAZQJ*zsWsB+`54qf?{NQrII! ziAqifm~JB5zq~X^8O1!DvB>Q+s>Ab?F?_MyXQLhX0VFTUHkmEiAVgP~MAnI*V7yT7 z*708icWb*u4e)vO+k!@Qq)Cg-BlIZiVluF8#j+4>Cdr@WdzkT`D?(HEPFt3sHlW(- zULYWo+n_RlGmt-^Lk*J1;gBdYZtp)(CUK5ieAXFwC z1kzt69u7o)6;yr_Ff0wbTxZ#Eya1%%f#Pj=letKPm9(qze z8=ReqsMEXLI!=w#Gw9jc9_#5&SKFD2rpc^3``{58!Uz<(2<2`(do2DmjrOX7Z))ZC zWu71!y;#4)IDQ;@4kZfL0qW+?mW?hk=u~c zq7~X<407Piok*x-_cO5HJOTzmyzI zWoK8Py}MY%7R*8l`W0;-FD>y=_Nf%n&q4slG^h%0j6htwNb-AXRtDTklK1y-Ed;5+ zvC)Kv^9(^|Z<-?4uZy=z2qH^^Vls{PdKMx_@dIt}>;xg&qs+a{EkNBLa`XPhc5^nI z{R&iZ%ls;>u4v#$u)Z1b&}C+B8F>V^BA*|Ee92M8h`DN&WN}3;swH>LANTrOU<#sy zoSV%M1S+yszZBEwU;Dy<-KDj;A?hS9->U>W0Mw6m#$%HWH#HBTE18WrjTtXQEt>)N z3eQ7l8+~DP7CL6WcZ_!h&T?V+&AmxkzDj@0h%DtOim!Byj)eYI@{Ns`6WIo>1Xm?U zCAzWFCdO_h0}nRMs-F)HRmGO98bwv97yqE(e|PqF2?t0Si@k|dRpo{{ zogqf}oVD$Y2RA^HGs^R4QW)d#?B7yWQS;L^Wi{NcHo1Hb5So zN=My678W-dqt47omlh4?I$j$@$Yj85lnQUBoqAX;$dx+e$J#m{4MeDM*jr69)Jkz- z#;eFpF`)-GRWG7%`kEqFAMK9E`@BwZ^YU|Z`Gi)5o%w4@PUUL3F<3P_;CrCuu;@Sg z5=Gh5MMR=GMD@%gK5(43rYFV!Os5!44WdqNbVq|9$c~d5IO>B1cgo*<8l)O$KRWT? zB?b&bC!*&X2)(cLv4c;QNd(jVtkGxO;yF+fPu5k|UGc&q!IVzY?m#gCjEy3_!2!k; z$9@mQBRs@9ibLL)Da1*%$AzO`k^FiD+$A(n-&6AtKHaYr(Q8%rphF2wm36V34I#hJ zAUILWj>9s6%ciGyYg*{)YpMN@2wIvgd434KN@R{UU4x3=AxU-Td?v@q+J{jnQy?e* zbNAvd%v{iq+>}RHp4(=1+sNKSJ2d8oz3;s!ikA{j(f{92am(-=I3afS2HmTZ~OS$o?0s5t8l= zT_XNs+Z&_&Vy23A-g{^EugrU)A;Ll^#du05(J9LH#Uo+--Abyj_U5pq?!`RL)vj<* z*_IbuNtC3Cjy_aWdBmfNAsvGu1LWY0FonmNRZA=;k0D?6xiP4``lBl8y!DD|=Vo@U z``99Cw@$jAj@?+~x&TaO1wf+Hwv;EI?4@Ni*QR-Og=pJqcZ9$*jD2Vm_tMSJuhZ6^ ztJ`$VwZNm##H9yXMfV zLA_Tp*BO<7xj&I!ZtOFa*l21uv;|?i>a!{R5a+jJ;`X%C#o}ytY{GTbUqcLg&|^vS zMFG*E%xa2Y#$aQro*>M}TJ%CCM}Ba>VCjrP64%y{>#brR-C@%uIoC!%1;1sD;Clb} z9y+9Q9!>JVAfkW+ zr@RxUYh~vGFM}%rrUr9#{e_TRYS<2a|JQ!8X^?$+eJ*pq9%^M3-HVHk!^Ow9f-6YR z-V)(uTSNAyv)92&!Rn*;*8yo=2j63#mF^_`8Ao)qT1O58!ZvxR2YTT(Y*R-Iv#0t3 z!nv#n&S^um>tzqu8Mp}{F9ITukpz+j!kJ6}BJZJo*%^p!iI&QVv&h)JYD#usFjY?m zk`2PWjq6Nfck9zNg!(@JiS7ET4g)HBo`c^_WInp&)2HCF^m|Cb%C57yJr&M(ZFkYE zp_Z{32^T~bG7XNA%?qUDM5}sGHTCa9aW$Ve6aJ!QRL7kGK7D&ljEcq@qiMsy3x=)+ z=njLDEu7u1l0%H|Cw2=I=<-EQwor2&TN*!zjT`93z{(ywlScMEbQ(M(mO;%G=v1j$y?+jNoRItz7J7@DRg_8zR0LhU?_Alk7<#VU8fdz8~yKSFkX7T z&5%;p?QQ1Y{iPQvaNflXxj(&@C=awH(V`#$iABUVw!HD?i*~@E50aXZz`vFeS(SZVKW(;VFlgXCCC#I*%;K5APC01`mc=M9TaPvT*Y zwvI+6R_?k?QeWM{Htmm)8+g`ZL%e98gYm1c*rrjqhHoM~$={C=)0cbs$sVZ$9Vzsi zOJVa*9&f;`eK0u0nLB%hoY z;{KGRzaOb?QFUF|aqK-e{o=692&~A#c}F-SnoAf9NyHiS<6mYGodPnUBO|GGXE{1t zehg(=&qtL)2n#D&lmy*!?1z9b(0CTKRciTi``^T?5ApoyM&ipCio_h+vZLP9j5yVZ z;y=l!G#Y=Xnv;+C84c7Xo7-Oe2txlg?_U8K*gu{`_NT9Gf<(Vs22q=I$=Pf;&uAA& zk6V->zZK3#LeNp2CX8x3gp{cr=lE4Vw}?1_C*V5X>Ko)yWWY)~h@*B4S^vvIM2|~? z-Ppy=RW+HQ6i$9ReFAJ;%_h<&$ckmS#gd3Dhlc$JaEexc{Hwibt4tw5by~}eh4#7+ zu0S(R!2;v4^8Eg9n|n= z8r{N{c$Y;fhB_Oo67Q?7d0t*sK313dgj$}K_{>a5&34xq_4lKe`V@7&yuCN-Mn22( zk7|pnul8kr)#ybd<dqr*|vO*Y`=hrj( znE#k~a@@gkeHV-*iu~!kF?M_($;R8b`De`Bw59TK)|7QrpctzRKiK8wv?vkWZqD!b z%=!OeF@MDVH;Y-hrU|mbdwnv|Ofktu2)igX(V7&nxqN(G^89~s7rY$2Y<`gy5obX< zvXj{=p48@zwisSm@Qhzx0w^g&Cn{5~R)DJc2-10SmcY@pJVVqvuGb$a(&+=dFHXq1ZEs{SW> zYsgL>-r##=6y_b`YfN>-urC?t3!Tss?q4fsz(2@WhHM^s+16`N!TS*kTg@+8xVsq4N1ajj{I~nz zrf<=6A=^BqQ~3FfaURa^1QOl;l37$8g#^MOV&1{FwkvR`OXNr=K_NvrFoEqXAJhsd zKT=N$n8P_u7DPr?3xLgxb3!FZrF%{`oX~n#AJQITv-(6v+ig)jWbT<7dy9 z(|KCs$LJ>GDNQPj5v;j$AJN2Btd!qj=f0*;ky`yz0^TUi+ z9+^?jkTk*n>`LHuqB8G{e=N!dpW*+6Q%bLd?dKDG;q~}NPdP=2o)-eJ_W@8ydUDIi zz>6#!P)JZXupdc${(*n19;wV7V7#uv)|#IPmhnY}s{g#!6hWahVZ+emmVZeM@Yxr5 zhM?5N-GI_TXqJU~-`3A zzpI8j?FE&6iX&j;HR7s%dmL#{u=$f8eba?C|*1`ZBJ``SXoC=`! z>WW}{5Pe#nAoiGA)!_2tM+?uH;XweftU7?}Z1}@}VB7Bhf$hyxIAVW=ZE)M%?=f+I z!!``JA-HX%`x)C_KAd!)h<}(g@?Jg(Egu2Rb?-GkULc_LLqg;j-2T=*t&SZeA43>K zxC7c>5u6DmU;KgrEWf#Rd&B1=;w%)OefJs5x(BpQO9<8gz0dS~onfu%k^$?SXydU= zVW>Hd?B^($LInTG(I<;n1RA5#R`my*SpEl?oX1ZIqg;11e6qK0LF&-y@e!r7n3=E9k>ASitc0$>a5yIG6>d6ufEbB ziZ+N`c^li}&8-jA*A_TdFlORlpSb%ZHi3L}eo3nq0SqU{V2BZ=mn6d5JhRyGqL1L7 zV(IzxOr2Xf4HnbK|0?AcXCu)*D}*M$A@=+}zYVq5wqJ3;B}8{t^j&s|?{QhUa9DS0 z6`>IIC$3@A?tp&%4^=9P{|m243)8O{3w?XW(rDNQswVNZE5%UNsFod#f9C!xKAN`l#lK^nCXjjT5E6-@0 zF;(9Pz!0q`%3Yv2OI1$u)Cz=}?|xg7(R9UqsA0&ZSKwwlT~d{y$lke#*Csc(u`#-# z@75}-d}tUE#lWgMlh(6TVbpYAZ`EL`BObiUR7y7y&2}=;&>iQ*?QyV$UkDO9)GTHC z`9E<4=#JLWjnyi_+Bh&f&YcY3X{T<;mco9OhYqsjmWW#6e*|KZRl5s z-T7{ge+ac#=I4vPp}3E{+{JFEv;CZOK$kUFU^70<=wu4!7Mi$_`6x+l8sPxNP@e0V zaj+zE*c$E64cx~cRF(&q&;-DHD&sL0b|L)CHa^LT`hr9fkt`u*+E z7{9kEJ^|&?m}fXrc*xLay31*UI__#b<-X*D$u0B%%xFRz73$O(?lq%dqHmTIc0{~| zqc>NYGFK#JJ<%3yI+-j|79%58T@|6YR1YynVsd-$tAXPII-TS$&YGz|_EUHqZdi-$~C~;UVFOENoMiK&nd#e%CRLGl@{)|3lkb0L9f{Te!HpyF0<1;O_43 zPJ+9;1@|Dq-GjSJaCZyt?(#bMXXfUgJNMRoujp=|7N;~)*bZCWW->wNk@`%!nx#q`O38&` z8;p#e^h^DGvidQUVYuIRKP~d=&V8LtX_7tLA#YYI@Ezily;JAz>}qkiZ#$F^+r zlpFD0qI`JScsjsU+DV>n5BW*9Dj8nCw?v}1%oeciwP8d+*q6v~dW^kT%3#Og{IG1f zzb;vvp~+zf-}#Ft+$}nHfSJPXf^?P_*FhjMEU zx1UojWUO4AYP6FG9v<2oH=y4vjJmM@B#GyEwUG)%jRxc(Bp0;axCzdz7_WY~>5E4e zE=Gbt6AwgxghT&C{u9Cp1E60B)*=A$X%#_u<$D4VvY~+TS>;1`&5~GyJwTy996((t zf|GBOc8M22UMR+?YJ2U>_=6?N7+Vtkz5wAS5p;=(s+lr0gU#iKQ4k3ZRSlj?Uhq=xzFIZKpaZOc z=EmmH8aq&C2FFDORX9RX@Td~Q1UON}q`oFpH^dWd6*wbb_U6V8#cdT>52Ovut%P{E(wSbp9qsm#<@kI$z7m`)hGt!T~hUuE)~Lr__P)6YZcb2r9zkJJ@39yF3O^f z5in^%w&9I(2;1f#i<^I-zzDy0{q);UU7x9Pr#W^R#8dd9G)R?nddm)e0^jDZq4hvNuX zv2gj#4uY4+y831T`mM-HCYAcjVm=)26FiX zgtyu9oLrfJIB=Ke*ZU3M^G@Fl-+P4DiT9`g12V0x0Vrun&XxRCoiEvn3*_a7o|ofK z%2RZNLXE1C877h=6dKZF{ln@t5NmjIjy7={YGMNbv2VHzZ^h!f4@{f(88zi>q^Dby zYsM3wL$7p*Nmy<&Z>Gr=t$Jf2g3N-KcT|i#LdDEN^l@fZR#pcw*2D5arm|As+ukssw}PeJGs2BDjI%=AH=@mR;l|Vkf>Zg3 z&5_~T`165f)6LdU8ZSFL5V)|4>>O>T6SQyvqtMjjhOOG0+`VY=t@W(N`*C$pnA!K} z2W*tSw4;#2juBY}8{UGNo2=|qM zNw91zV9+4oREGqnHv_?u_WEH4u*Vb)arCJqXHf zp`xiQ$sQHq{*?uR+=nLgnbVA9>yEum4~rcKdW-7YnSY+&mp(hR>NuQe5WWG$t`SvW z1TdF-0R!WvbPhH!I}*D_c`%`-bmty#Zsf&aJ2u$Kba0kkp%^9o98=EMxs?eBusnYQ z)}(w|*K24V@`KH3xVXSfO}e}jbg$q=R(z0r8b3$OOH`m~ZY!XCL<9-t8bk|~Y)SDc z3skI%3X*SAYhrmw*=Ct`*^^X#MbzdXmzLa{itv|~M11glMeaBWh}$!)WS%3AH8vt% zxij|X2(>PZBC=KlUIvAsRBT^%GPj=*#7f*%IzlJG*#JLzL8&OK@6fypm#0Hq$zA$D z8qe`W%!bMHQpV+e#V^wR=O=`9{7`wHhaP3ht; zc^i4eXD*ECHaF-_5X}{`bRDRw>#iMtK zhv=Ra3D&a%XwB-BH$+{d>skB9CzmXo6YApd`;P>NJo=d|TD{#JS%qsMc4lN`p4x9BB30dvN_(UX* zXU}C|Chka$Wgzmvg=NGwjmu?AEuuT{@*lD=nW@krqhICqe;>s}$h)-ohAak+I$sWn z4)f)5BlW_%er|b|IvgW~N`5Y&8_+mcS|#=v4b!t(d{LOmL=TMies8piwc@rXoey(6 zXfT2iZ9@KNmIK}IjBg6Cq*4Pk|LQLRfY9pg!gPknL>uUD_r7lw{mn$@o&PV;i#qd<{V~ z*emLa03TIdJ#5Uf{k9MFCEI@J?xzKALk3%>8+!1ShW|yV@X!8gi=$Osuowf%)PtG}sh0ki*7*Qk6$jugsk z@`HCur#4{wLDLRCz~yS7+(@5+$G2%GXp5DP|G@3*t&-C;mfBj(ut#O4yfagF^Uh>#_L4B|qpO1nAzvMWyp8n(oF?KFa7}C~f8CkRywy+cD>BsS-+n@{ zZ^)SBv}jL-MyZ{W{1f?6eSdQl2FajMK+0jI!qPPZI^uC+4%FTJf9r@*5|giWIyakt zGb*mi{~sBZ5LPP7NyfcidNIGe=*BOF?W%Vei43P*l>XB0M4FYe7dcBITS}^rC~gXS zY7W}?sybPjU;xN5lKaq{@Cj&a3{3KW{n3 zL|Fp-iXS7-Wq9iypY_jHp?I$p3@|H^gdKVF}yQIw}yzMKT^k4_Y^!7!ce;)j|=Y3n7l1{T)@To;NSx%rtvp z{vAZa#(UoqNN;K3`3ADYt74}(rmvWcb5!<_n2y#~iLl?IK|5s~rKqPcMbe~GMS5A) z!NL0^D!yZb@_ddfkV@W*&0nD!gTii5L`$VVIg-Z{Ee*V`&o33PTNk-@=clDVj0rK6 zz)dI9J`2c@ES)cY4-4w;xS4@rm`zkFn%B_KI?(MaD2el)<23!%54Wn}7=PZn)~@xZ z((uG!9v0R|y%)vYD70bK>S{(mUH^rsgy0m*TxhIRjp25ehs2TUt%~y01mSi8|L7yM z=7Oa7bq4U1jLG4YC^Rnpda1tZyckv}GHOMM!;0G(lzkJeu?aT5yJS>(#x%n7cTN!S{m z`f9wLDTffFhS!%j*=|iXysdsq46~*UkrK6RKl@3R7mBuI7_mp{%w0ng84~iaTTCv| z@jdT}wp}P2bt`Vti#==QaH0+8P#-cdg@F&30cN6*60gOKQdqko+BEqh8ucmyO4K%E zIqPEb+@|=)ryudMMwh_veD$1Jnoew358iOc&G!MYO_*zGo{iYbH!e`$Q2BP>qlCk= zBjmZjpuiAsbRAP65O27xE(Cnh5N}FVfq5odkNwx(Jf4a}fOIBZSHSV*ut^|4)@kuA(YnEk7k&iOn2}EV z7*+*TJ+BCA;9VYeXJ_T{&S;Hlf)8R+@om+62&Sm;*D0#)DLDk3A}+SI>WoTquiVP2 zOm4lY?!XypJ`X^#t(*C)*k)z=0E#WB^Y3EI$*23P*!Dsn{Z(w`75D+gR(ST;p`M%~ zy6X8Do4JAdd_Feyad4;x_mo}tYhQt4NFG?``K_1n8JL0gHoW)Vfm8LhHNdZZ0peb@ z51=X2c=z?Ytq&Gl#R|g(wKpdEBxCD?#IZNr|7EGLs9|0aH=y^sL>*tmTz5oty_%{aKBr$G!a339cM+QS3f_TDaAlav_=7Kqh zNd$*T?jop{tId~bs|gdxM^T+^sKwpxrGhy=(2VZA1thidbex_D=YvESb42uB>Qinj z&VpBsqVJ!vHOq@EzY}L*LtlIjiu_J}SN)=>R|MXgnwIr)fcs&tHkJ8Oj5mBXzHSh z9V-LO%1tuhH#i&74!d*g%V!ATR;D}nraK!z*H(;AwYA@$hNhK|jheATmmBXQ5+9B0 z87u_`c1v6uagNJea;wri2112jtuuAl03ooL@;Nni=8^0i7(mx-2D;wf-0$`;Yrml!=e@jA0BolxxG)D)(-(+xB)d^bY0zcIQwdT zY)>>%`AJ*R0M>;3tKz$l{=MSEJt6-Mg+(}Xto_v~fLy!T;L~k;9wv^hN}^-0d9E9# zK^4c+Ya@kZ>RoSngZ>nk6Wba@ioHj;8wInYm`(JbQUw)~+O=BVlyCv5ite`KVT3oC z*n3K;@u)@+smv^%HPcNU5iq9X)sE|)mbq^{=q?kewelmoY%D*&O=<6-AP#nj1hU|5 zLEo0-i@>2=W+21+d;@<^5xcW~w4cT9A z8YA+r6LtSy@D+ru2()p>{V|_ArZ1+hF^4q1;zK+Ikj110%0$O(MK|+H$;J-(LqN;BCRhq6MkHt(ItvjSw3+=8{{{7|OoMW@2(U}KsmiDfQ(SGsB+fj`Ye=VJUblwt zI?-`yu`p zyN&)g!*z-w?II7*oi*Db*n8b_)HBqb;Ai@gG^hQJNcPkciCdAMw@x%TI*<&lZi`(i z(1X3Qn1F&|^n|ePbm=C8NIYRZ^s)cWZcJ1+PI?s4Rfjd!HRAH4+hBk156`B}+_*Mn z8AME-S@dRuSFb^Iz(C%H>ve9!9N*gifMl(iK-j0{<4}{_cx3wBaHt60D@KK^czeZx zr+Akvy;uRf8#Nk!?v!X8dY_AUgU8LR#|YfDqNSAA(B(ivWq&PRP8&t&t4J`!fWG{V zNuW3=OF5+n%v64MDH>QqmCSb*!LrYxHr!h!2!cYiCBza`5A}iip2qRI#|jtL`jpGF zRjua~vi-fZ@t@C{O6T)3n?96Pc1*zeDQI#n)y3`*nivbUa;B+<1x0SgIP zKy^D6dJ-%;6@KbE$t{4CF?XId;Pxzkb|#|fd()gqk1`i#%u-c2>$rr=6#|@vgkSfG zEQfL`VaY=!5)UGXm`*>jWL-gp^B)fU(+G@&Spi+x`A00=ZN*0d1h@sjyM9f~BcdBu z_JW8^f&(}w&-hVDmsCoG0V2N-C6)lZsO7h^-VaLAbtdn3-pT$`hJNb-u09OILEK=!1D_j5cV~9(Lagl)w~UnFs(^l0-7{_sCtAoX;|~k zSt@|nlkl`zvx#(ij7(KABeb!d3&KT_$S!~wtW{xo1o^2+x54Q=2j!~U%0?v3OS}%} zQH~Pfhg;lUEYFelRe&fq(h8Om#3!8Zns7WF(Mh>!yc3Y@n1!G9*;U*XxWsOq9XfGV zufEpll&yWkH)($6(nr8^eaBm{LIo^BzqSs0(~yOqBK+tS)Lutfxdr8k&xU8{TTXh? z2nVz@!@7(#9tHNm(IdKy=Be>URW%dv%litBgCf5W9Ar-*4`nWbGKF}6PM0bAA%#j3 z=}|+8T^DsUL_T;HhVb=;3ctRR3!7m$DV?3r4GW2j)PBv(l15K`=yo)JqAyjko=*iT z2E&nApDk)Y_yXW5!PBV2QlVn{OY}0gRW2e+*Un{Bl?D$?pl&Wz1dF_Fnf=BlB=rt_DjMC{)zB{GKk zrQ3K>FsPLOnBL{ESh#+V@4zL$#&@Xy%lIxCT#`a=fwcBjzP;zA`pfV_>QZvi#`MVy zj`kk8HSDNJYWPPU)Vz@fTUJQxTK9`3b=#v1T5ZbFA=}ZR0uERWE(TJZ(o|#cA8sYy zlYdSA-!1-Y^6!7p{7VpPo%?DXWt=JYc`^C!Htww+|6rZKdSm%%K|DE23)5qobGD;i zJ%5a_%v%zanO?rLbxuRS9@Ts9hK&#JNdGt})V|c))1;!IC0_9jPSu9Y7&>R4J+Kq= z8{WT0|2?YMw&!ZH=_n0R85X(!WwIENq=z{cw5rPfqZL>h{Cg`fS}FW@gUWB4t!Gi# zo9WQRD^lw(5RmjY5O6AdZ0B}0N}x5|nLzq{k>>2?<>7JlA4tIJFA~7mQ$t2CrS|dW ziw}SVbdLXzB*0jOKPo;-_!EVPg70PbP9LR4YzJHQ7!b=5GBIrOG3JN+XtzYgdNL~d z<91kNSn^+Ha_HRhDwpI=A%12whZH-q-j}=#MSq?n)Ez~7vTd-|Ay{wzwtSliuaR-_ z_BJ+4X|=NRAVDM+nyNAE%fJqnUL6=^2cc0QWivAdHJk-?!OPLV;)b)?Me#T8LU)px zTtjg67B?8peZ4gdQ=4$&ZbIHP)X0G%tL7qsgcgGQ5_2`(T5|3N0*OhYyg_M^2w>3k zQ1bJz|7WvG!2d3dZAK{~(%tMJw=`?giYTOTrXpf&TM z>qovV^awy=<4D49{zDmi0RCmOeMMuM#3XYc#dC7V_bKQeT)aL&XMPgX;xYS>Xf-JK zhccG_r!r=Uz@&8S!u~d)ZBi0nz(sb*F2y1gVv7b|Xch4E%VxXbMP70=S6j=v)P9XMncPiu6zjZ6`B208Txu0`*K8ZHHcm z_%6-#NN6iLt&Q4J9nqKT;YC#|ctUJ%qS^jOKIS0+sVTMCs)B<`60AO32smm)-$_V)vdM;Wy96b{gu()Rz~VQU1DFd)AVl`)b6XEyW2$@oAB}I>86na28+&sVo8kBwWUB=sB zMwxEF@-b*Jo7oCScYUC8djF+;z@lEQ#B)8qOY-eTLo|Q&_h`Og(Qv~qMpQiL@a7}< z*mn<*BIfp2l9f*8X9ICTSs%N<0LyO<0ND*6B}>l}^k1$l!NQ|NTcJbo8G2Ff;0}6b zQIZ1<(o-G+4W69@!xHrqy33^!aR_`W2LNYUhICH$R&bz)`cjtr1bx>#2n3D&mg;f; zSqp>1*F>C^w$mLKig-D^7XNQ2NwY|a_|XSl$eF+UG&>RVOp6&(?#8I0jtrpagOgdn z3vM{#0M;*N-Z*g}!1Lu7>(86nb;HqaPgn6pJnX>bjfW9lg|kgBg5Rpcbs};K2|==J zK65wFsm%AnG$h-+;(uM#24r8v8V!Z~_X(ySG08#I>IXIE z1O#|gfq{XUN+nZt%ZVw($l3b(4knkrjuW8!*Ks({+THEdjIXaUe-M+Ou@L5DLD}4Z z!n9OAF?`HxlY@0(;%7j&07PIgQN(gD?8V5Cy$cMmmr=-}NeHD!3atZ{E=ppxw(_zG z3s^`1%kIdU0oQ2(MFb@=C#zghlj=W)Y0gT!NyB0(oezcCnlh5xD+`%&^B9E63j(#q z2!tUYc=#;yP`@l=dz2{RD2-NVRbpVrOs>urVNj!&g7aOh_;5TzaIoWDn_Yq}vkBQ+ zq|HU%y&EmUj?`uGMnr9#A3dT;Fzx3c{p0*+&d(~0>2cj@rB?xqDc^~!GDvZ2TRwg) zgyL1TM-T%K$RC9r{NOaa2yILuUZtRxfO$VupGKm?hJ+%IjvL{-msDl)uA}v7mQu2G zue>fT$;IHWkPOTdIeMX9@;5=J&wRHqk=^VR`o?D3Sw7Nr^45fDDR5+rsD>107c!$` z4lAi)vhKF-1nWy0T>5~^l_mFlSliMp4Kash`A(m$`!!Ql8~S=q7dEv;JGDjnGlp8O z`;velI%-8KMceG^=ijsd!i)L8Xn_&@U$kH&VoF>8i!r_chs}S|1^i9_(ghCxp$nKF z{<|))_@^#FBNkX=V)sMV&zHf*=D%yS2| zpGaOOG9g7fV?h~?7fnWdV4w{Sptvk?>`g?bvHg2)=BUmG&1xx2=mp*-O z?T2F%P8EK-A6jpgga~xU4{5yL<9#W`@3vTuhiYw)v1^x zA8YSH4FREDoy2nPgRcXIZxrPJvt?#)-3N=@G-y@E&gZ|k1!u>YtH0X<@&fdf+x6hE zU=%Kv(LylAdG$~1`Z3~btvfF_6T=Y?% zEkBokIfqHR(iP*(zPA&pdl5V6Im=Yui=NaR;^Fp=$vL+JdNorT=W0p-8P!C_Ux%03IxEC{}2dt(-$fL0>LprASh+HiC4Oxw;^np{2nH)d>=PwtNx1@oGcc` z>0u5sNEfREZ`H+05Gu3YSMA(58)=_A<94PhC}!lrv_kC!*F#pxdb<$~mg0i_MPn4?!yktU;Uh z6`ox`TjH>IDsfA?e?BRGA`U7;xI_HTVR*-V0+j0A$n;UixmvDCJ{7-`o63ATvkbu} z96Qe@f-mSy8UAfWtn*X_X%<1x`Jy@wYXu7?LdA3F(i8KpF)#&>hi9;NjNl*S;Pb^V zaIQ{fNiS57tarbpi53J7j-0WRW|8{!&3fW+|-FVnmj~)be znvY(B@&4ZVtZ}&`P`S*mOo5zjl?KdQXDiD3H+kUv*#h7%*bCZv)Za6J#+%M&u@?rq zRDRX)}z2% zKch%D1}@seYx4BUg}JyUp;Dr_31A8VioY5u08@xM0x$)V#M$3Wfk5>)Qy?z+iz&cK z-U66HuF~&AiD>{YA|=7(DhaBT;&bo;zI$t>5Yfy*lq0U{Ng^ng(3F8GmL$hJZC+UJ z=PLQf+_gVjoFjX>@;|8z>^5$F=DhB#^IB>KQXz8Tz-;{ro*oe15rf)(TvO;rdml&p z5%UvFa<-?Ik3o9gYvvx3W@)<9V-yNlN@;$`rV>7P+wxLfvYlIfG!8-)-~85`_CU&! zC64XCysZ&`d0V^b_x1~Zn_Go?B%HX%!^m>0oT&cDkoo>W}Hf z`8U*mCi;Iy{h`j$l(2;gLAW)&h2rUsZzT$S|4fne`mY5{MZwjmBw_Y-bQ}B!)NgL`57h4OaIoM13Y$tJoYVH;m z^8+y7-^4G&?zeya%11IPdi}`amUYz2yFFfzf&g1*H@*U*&NBNFB zz-1fV$oC!nAE$b+Rm429?AWj2Mzi`}j9iz{82O*!ZCJXZJVb^9dY`~U+erybRVr}* z&GA~c*8levLPRl7VD5>q;hf#{S3(#8bsg-*nhJwje5IZV&|O|>#bB-pLPoM-vhL<<_cLvO z$@>LRf6Ds_qTr4JQJo$2kPU3rPsuqYuN6P}#8nm(jXhWF#tj^YO&Ob9YN1{E2IP$-E^W@*<{S%o+_tb?JBP#~|ng}C9t zx>wWak|!Q{e*Bx=6|OX&z4;&2Tf;xAQ{qM_1q#$#Fn(}UkW&0e9mgw*H%5;*?{j{E z;eb$yO_tGYYqKEp3qGXJ*O3&ZT!t{_6vprn%Ssr>usE&ex-Fk|66vH5W5kk;is{JA zHhENxs%W#>oDnLnd&eTG@21|Nd)Gc{I@5&knOW?tk`1fi;L^pn`+%W73oz7sz>=Hu z6n==KbQiwdB64K@r zjl_GqH^2%aNGp~;KoV7*v*?vFqwTd^rIoKaLMW?Uj<-)KrT*o9V!&%=#w^CpG=Tf2 zoDI2>oGz2BjC?&S`(Qd2kH3U?DxGa1K3R^RcOZ6A-dg6SVXyvsK^{LME7jrDk`pCI zM9TU4+5l9$kl+Euxls;#F*lQe@{s{y39b_d&!8f|Ril=&>jv-LPeAZN0KQx3Zsa2d zy*04!g0ABPSjqy#w&&rDm3#TC5)*`ho0im#K}b=B4hl?25i>7VRsFCuK5N6yV|2TT5YFYkx*w)ifuIekp#2i z$d6BF7TOCg0j=WZiuY>tZ#rUYV$8u`lSk298cB3F&(wBGf|zHkS*K}$=b{_nIM)u z%`Xku845Q7`_{%w#s7Rk`=qLr{g!qVDU|SJ-hm*y zHvY-z5G775<0s<8IZ<@q-tou8P$p|)ff+RSz7Vy(G3A-f8E8Jv20h~En+tRtf=;3N z%`wXaT|QYCH>W3NM@`bGy zNPo9?dT0&We7{dNANM3=uXK=q+F0^b?I+2c=ja49rtD1dC-OyvrYd3X=Cehf`ZK6g z5IoUDS^femVf>H}il0o;M*{INX7lHVU6JsJ1qjDAp(W z)eC(NVyQI8D<*xr3J-osczFnbXGY1qbDRtDpdZ1{!XfvWDqZ1Zgx)U_jjJtpf1 z7=l}GQ&6>Qa?QKw6ZN46{Z65~V~*h#^UhB?^zBX5Jc@$pv!yzETC0Y&wVhm6ABt5I z2ee{?DSecD@Tw^=+98EuI#SO<@OR@zsSxcVXS{J`q88?9Zw5+DGsr)Nbj<+HU{gZ4 zpaT1Ccx;neg-WEMrbuTc=2V1_HVLt&|;r-vsK;NNFvy>E?A5pa1F0n=hszyOxRC_`r^n5@mgVq{66g$Rc?pg&=6+ zFgx(;^=6k!_HiKnJgTuSgpXTpRA9D-9W=TWwq#PY|IhMrV-DOFu_7$(? zR`wOd-{!M}xW#R9uLQPyrj=7e!BAhY!gfSSk;@i zMW{~^@45XWiL&G6Fudg%yPn7{>vL?1l|KVx#YX+Q51Zc3*Zr6kTzsH*=!cC{WBXf~ zPS{n5QMEXUA2ztzVphzNr*&U;jeD-`NF>Ff8Zg#CF%M6|`@uaLUb;lNwWKZzK%^I+ zW-Oq~Y)MmlkWzcP(2`LDsAYuj9}27E-$DLbOC*OU#4yyLE9YR`tNwn!bkU2Tr~g%r zkp71yV!N*t7tCwCgUac!xZiq`2~d0FYWG+U>NngcR`0HvoRx=4HGfDi$OnWAT{)-+ zIpM~H2RVmP5dm@_9w0Z`#71zpZ02OEuuq^^Rq=3)dT}2Oc)Hwlk7i_<)&U;{CA!;j zW+s~wKDHs|)6<3zl)xvG_pC^NSAnn7rHsfDS@d|so* z*Rutk<3=78e8y^%UNC~=({dXA!Zq;qBOD>dqJu0*_M$M&9#Wv!MoT$=K3T#heqm|I zd-K^eg3Y(6E64YH^F`28HCJ# z%4ll5>oP?xn`qZzx1VrH{fI5KSqt4{lMCAV$SYfg)sq$n^e)yUv0{bzgK*bbiwX1k zTFEe^Z^pTSb^Isv)-UHUaC`3PWb!}7$FKRn#K+p!tbXa|PB!+Cj2!+8#$Stgxcyr< z_fZ}x1`v#sKS8J$&(O(;fg4ze>;q)S4_crrG!)6dO~b(lU%AOOkxoi`3NzuR^NSWQ>}+v6pn5e#xPR^7`Ic5{GYu6nCWYCiWlmdrs4aA6vAy$vahG4f@xwb*>C zaqgdQ-zR9oj0E`#R40!~GqVX)g}-0k6kE)J}8KD6^5wNAC)79*YDztZl3yzNJy@s8)MdK}PPW}j|{->#wn^?$jFlv_0tZ%GM1?$F+l3KP3R zi!+b%k6@z@{RY$f>-uD9d_)yV_*X$4Nga(uPr~heFsZoKw_inn?zg$I0 z2EScJep%SulLvGT;i1O*x!u^&7eP-dN+b~B3S++)miolf@CMdrIGpSJi3#~(1EKzp zgGNs!S;r5k{cD0~i{uR`-NkmtkyT`F*fjB?bNgA?u)c5y{v%=)5gLM=uV3qhz?{Pa z9}S2rAp#7}Mtw#S$omVLi{VJ*(r#ie0sFk^;GALw{bv2XvuA)Z+<6z&=j}5j!UmW{ zU>(55^O*hno*n|go*vU_)c;Dme=qzq?Jm`URdUOW`~Kh4?z@`5((bpPJK|NGE#}ky zm3D{uN80^bq95iKu%~AMkaph)u4E!m#^`qdCr&&K`pHE3{)Jlqc7S#!QLJzvbx~-E zgg)sBm1ZCjxuoWz@GLGn;xq)sKq>bAm#E0y89!@lOwRG;S+qF^)}S#T_Ughxmm$Pa zOa3Hdo)>S%YKuQ9YuZY%iIJ_ING_9L1&Jnf5MWhv5jvhK&jhCecd1yVR?uxRNQ|3YI-@o>AH2Evv67`k?p8ehyq5 z12xvgK3O9?Jm(^A#5$z(*gN51Yp|1-Vk6Grnc+nmDvHza4}mBYgUWs2F$z_KH95uP zbevCx8_y^(vD>rJ#-QYMfDj-5j)=z?_nH!Jc zMWj}84vcKuF_-~yfj1b?RNbj_M<(&nj6)at)8SD(yXAte4nY>_$L>T4cizo&J+WHuG6uU3o1yLrDVo|)_erGVH`ANWZN%Foau zF}fz@^6nbqw*QLb8t-9!C*r`?8em;Jr|&Rex!qXUOXZ-OOTNxgdlsoM9d2nAz#w#kl~R z7NL|=3hVJY;KSnX7^a`FFh7~qG)P&r=qaqjQ-hefApC=x(mmtb0`8zMg03Rrsrze5 z%)6I^lSOuApD!Pt(93?Pd+9cRXr-UU1kx#XF7N(Smaw{j&AxcdX+}9;E7GvL>R_=z zazg6UmAIO*{~8uvp=0IzM#G}58Vcl;AjuJCiV1lwp0Zd| zk4g>Jbx@QvlUiu$CyWbfYzoOI;J6HK5j9+qN$WN-<~biMx5<=}PS;C@nvqM*@pm(o$z{Dr&WU zTHZIe{Q6`2f9S-xhc!uyaY(DYpC<{r#Ig0DprV+l=rL&*K49Pnn)9K zEp;>pxoLDwU`&$y#Zu<1{kOZixT~L~A$mr!s_Ta!kuUKsIQGsm4jaJQK&!8;G)(?BHCUY9O=sNE(#<>zb_R%%Gq)p_d&?QToG`uz~9`>hD@aeAXPgO1^GcAUdF^_|Qycn5tZTzsFr zJMn#Xb%t4dchdBGt%^rE@ug+Wta%UCiPj~_2wX);UD=$s^@|$%5t|*u1z5g0w94OT z3aP{LYKqZ@uz8{X_D+tJ)o8qM>e7hiI?RL$oWyvcnU>waaUp**5}&O!FT|hDANXjR zhBV610=Zg+6YjeF0)h{-hsoIK_Xut~@uCDN*Zl&rmtw`u*r_rd@MxO(L@>$#-0}3j z_PJZ7MQa=Rdxpq|9aLqJQ5x@$Xxh;G zn2NN*miDXpMYi-AqsUAsg zyAxzQ&%|}_5#tyhZRbg3f;+KO`m@d>*Nb7Mv!%=iQ9aE}y>koBBjgNU6BbDP?t->t z-gilE3Gp0MB*jN8s?$e#+v}a32e-4AqO2vRt(T&rCYW*G5mgpEQ1C&4ZYG6cCWU4n z;37fWC)VN@9l*7Vgj5w8Hbt^-A)tQHRWTGxw^a)TMelME_(oRzV7eDlBle^4Az=$s zL7_(+V|-gZysyX_dHqO=k!?H2%O!Fu_l|TsDr~~8fBS=EIEsIzo#1SHy9-~}WVTl* zxvmQm!#`NeA*%P1$Qglv z2DO_@L19Y>_wrHt?Cxm3K*aK@uZ|xs23f_lR-iG3Tj*k#jG&cv%!aaB!i+yk;bfnK z8;N}0PHbi;VNZG;FeZWj&c)n0&DSj%@76qvGCcD1;`cfibX1Tm=w0qbkv%Z_GU=f# zx%vY|U)Wd*WWu@C8;ox+MGj9^kC`p1_~$6W`=TvjuFLZru~p}hxU$K!>LD6-J59Dk zhS(sF$f-}`%^?l2-SXz51S!vT#-yp~*eBkPDSS&51uT$JJ9GC{{J8h;XY82HCKreo@qd{lpyVzGyQtzgmW zUkD#1%e2)=T?V9s41f$wLxUQZpi=P;0b!Lr2pW{znv~yv2Cg320j>tB-b)w(okzug zDeEasDGpvXE4qI_2hr+Zh?t_`dqz62x&vtu5>R(E5>OXVKVGB2IVgP){8nb0U)IR? zP$jhsTm@9MmoWWMm1U8)Yeb3h9~+ErB^${yt#e?-c%$<*ib&4 zG+uu3v@K2<6irzRTrWG*sc4EKB%^8sbO3a4ye5GK)czm{bYlzV^zEAY(Kg>v7ivIx z<`J;9V456N7kY?4fP!7>ioPSf@%s?)sUPY_4u;;T{d_ZKTNb#*A!B=?(RMIM`?n8B zshT3K*Q2A2K#B~qv-@PIVatnf!44(vLtCKmoUz z@H38L#Re#=r6ukf41S64T$}9u!XLYBsjG-T2gQ$w9j<@!vtz*|!UGBViV7M88sy2- zlL^!V+*3j?!1?QzdEi5uF|v?Ml)(W9)k$(^fOiff%?p86sV} zidSHeqzt&a1EFk(N0HCOC^UNM>!y%*W#m&_nZ4-n;c%&HzOI+DYJ6=(d`2|owzAiW z75d}qClphjGiV*vwMcm$@7Xpq%P2w1@%%-$`k(aGd`EhlwJ0HsUOjX@UM zcq^=MQWz#r)MClx!_almDTCoSq=PeZN8~e-6qwc?hty^{F>&kvcFhB;l782E}6W2DjrwUzG{*GlN-cq&bMIXy6qoZTL%>d9hi zYoD{rTgrka90E?Yi=Fy~Ba@U`|-?&P3bnh%CrOy zR;Db#=>#q(y9Tge*Mjc!b!P?03|`>g0!iulBxJA1o5V$k zQe_mZQdZ|QFqobkW)@wL+36(e8Tnc5=VfLzem9vFsVW2z581BVMM)EfPh=p9ybA?B zt_%$Y{)!9@jQWxaYK2LuKXYa$D=7EkP)cJQA(d1=R5`T0y+erSEVIWWVZUt#6Yhjf zk|h+69-esqKrc2jnMKo02($3xz)qC?$Ur(v(>}lSny-VI>X%(!=SQzm1PTUcnX&LP z?XTR(?&+?V`IXE{)#;mdsZ(yz zNP--7%Uf8W}a8Ew*0MhxloGif?gcaAUIW*KeC=mHtq5 zQ?IXeC)=r-s6DuqgT)t|ra#qsmdGr=a1j`WXuDYHLE)U5wJ!AVB}GEGUt_e6*VX=D zmA!6SNbpTB9bw&@uz(}kOzLfiCCLo)tAfVOS;%9h&h~Ni^B|?JO2iUS+;SIJH+C<@v(90uEBZl)E@$Dz?w-D!TH?R>$ zuT)c{Mt&pbB&Neuo|pPG>a8vuf>uwl*uwMB5{z?iukJ|@t~=E9txqOIPM`E^l-&W; zEKe^Vfl?@pRDc;P6q(T2J!`_}fdnT<;sRC^81nO6(x9|2dSHF+Brl_m-oLEYcicx+ zvUP?y5hrarvG3NMOP}v>z3ZLQzvj=U2W{mDp9DV-Q<{klZ?0t+B;Mg>`$P=JvZg&h zgPzRn*cKg>dfQ2+c}I-%u;>0nTm+c9t7kx2Rcqv?*4BhDK&((e4( zZdy3e)BGl=QAtg_&{;cR;BH71U5!_EgmgK?bAC#^0=656N0m1Ms0j*>2?qDsNT<@h zGAGUyt_f?@!Qx~q7j=Ou%rGGsarPABv9}FhqJc~ zigR7pgmHIwhu{t&xLa^{cPF^JySqbhcXxLQ?(V@|rnA;rXYYN!nXjgXyZWVR;H`rG zbLn%>5oD{1EAV0zBk?pZuoRD&;jX~$xruzBzIM^hITBD&_ZPm+ynB(lX)6(sgA@9g z-7Q-o7fu>*vb|#nR~~;So!WKO!Goi`6=Eu0IE0@J0RGY)k~sZ3f5Y55HltQRa|}7~ zQxN}~RU|et45q;OcE<=_^EZ55!S%FZut%kGgT2(F)&(^Cif2SRC@oddvGEn6IYoL3 zFt3-7oY|+o>JpJyp{me;jvdU8?7=NmRGT?&ecBTY*1t8-QxfQTtje=r%`bYQ~wb37TqGt?HM{B)YFoNdIP7u!YYO`0j8cf>ZKL|CK> zK?*R1WTgzW*>KdVzM=1v=fgQk8||$DNnfE02nk~K(Y8=zE>l9$MSuwu2Ck14i*g`^ zGBV)Fe&|>;gp$$3)xl~CTFoaTwK;=p3Zn5rX$tlvBe_v6qvUUwt;{agkOw}DflRVo z;ggjOQg!t$gh@*^YtMJJlXyP8)cfHVQyRQ^zxH=qwyO7MXi4W{YR`LzeFVR}|1>{^ zq*!hgNLvPVwl3jlE&1DE(eC#FoM^_5+A*{)<=@dc%xaN&FynX zSiS~w=3efJhOAYoUbCuW&md`#M)iu)sSsWhiE{P*DqRl&OL*XkE~~2f6U_Etci2VV zzB9`7@xFZBcpj`GWMSm;+I_@=(~6?2;+@ySZVB^^XSD(rJr6xNDW#sdhD$%4^Qj0k zp}J8QXYJe3-Q$*58;9rTB?$Li*fD{7p%X1U!O1RUFDc+t2byakEImhI?sosf04e?n z-gbQQ5-P!Fly$>#3WV+5Iryg8m8hx+Bbz2VNRliEOy~g7g42`^WdPi?sqXV z-^M-U#c1m6{mdOu2Y(J^V$*?SF@*v7XJB`GM~B;22a!Pv0G(EHEry81m-P zt6Gtk*8A&wD%+ot&m4!51YYmm(?jz0>QcESK`O6{F9|j;8~p8v1=`qeh!tF4peoAS zvQwQb2^e(d8fJgmVTQA{`?}`DyBfyBBf%FUc5h)OB>EqyG!UeaNv&|0Y%|3BG2zV9 z^wouVbIGYT3!=$k0-u7MQj-BYnTnkHw?X3|cq7*0m7~X+hg^r(2>{B?GG;^_Ov5%0 z3(;V;Anu3cgnrpa5(&Uhndo3oO4_ns$2RyYW)WExa@jTe?ffXoo~CYo4)1Xn8>2rb~|B zrh~A(&fI5ri--tBu7CtQr&~ke2`h-v^H!VAwll6Ncv>UaQE9AN6X;70MoSDcYF!s-h3sSFwf+{4VOfmy zGGIC265>Uy@EP|8TRx!d&);1Js}j~veXVe@e!8S2Lk2!mjpMr^z+bxnZJ&DIfaf4^#lSNt9(!^9DTZ0d)BgESZbT zuP0s&(Cp|wr!h7;4tKC1RTOZzoK~RzX3T!4BaTIg{(u>;-dZAtDjx4=4{<@}o+kVO zgst|i4yY;?<`|%iI(|J939;MTJHnv-_ur(CdzdN!S1zj-L!bxS_a9;yl3+v&AN1_3TuT^yHj)8poYc8sof7DVrsARsUUY;;p6y+4tt zD4FyJTU#~+D)Or02oU3hbU*|#bUl1yw+sbRonVo^(Lf=Uwh>*b(!kkw14xTp_BhFY zpLXc$B!G=E4!mFD&Yt0Y-QE?sl|n4HO)}uWkMQRby>C;CUFGkb=7|97^-U-_V`8!k zJG)-%y;6zg2R@jls1IfVs!@Z z`US`p$n}&A=n94$_{v1&6vTCoDMKOqAS8{U$xQzUl)Ki~%`AlJ_xav5C0xD$xVWt- zlDMpsfSOGyW8guuq-`6&-?hc0YqjsS@AZNN&>p%Z$lhf5LeTZlrrx2?fmX zfL=Ihdy=#$hhqaw4W9RH-8dFvqy(HP_`Gq@X1WZOC{;FYHn*M_iz1pC?a*)Hon{HL zwC@9ffg<4|h3+D&^4G5VcFYvBl=^7oaZN+(kaSSg;q|#~wR>;z3$XyA5@qm*sEEb` zh>E0@oXNL5=}ivuhRnvuJFBSt$JRVjGYJiIRBDOS>kBaxcO)8G1{j3wiO`~vgG5V1 zks`I#Ar!jCk|-GNvS}}C7XvVo`-`g5WEFw- zS@})twffT@pTqI^Hlx_z!7<~toR-6<6{QaAC#AM)W$j z@RLXgssG?78|@q>i-A|cXH3-GGAk`fj4;p|hS6fFJIPu3>N93v*E&_0X}|6xZFUS+ z6?lc1rytr^fB9sUc6gYMUa@YD`44_Fob|wB#47?E=-2a>_I&Iz>7ylGRbt=V#p^1o z7Wg(GI{Os;!K~Qt6J{$Dcoi_O60vu7m>Mp@0SDSg7X#fVJb$ykm{^9BO;~hvtuine zb%IETDF)sAUj)S{sv_=hg5vQnf-*4#D12PuTgCC^{l>a!k>)_rc_~Pp0gBp>EBk*W zC@;Dis8-qpo*RNuudeH^0D>a^Mbf~8zqnc+WVysG*o(Um0X-3H(v16iVES)!imgcH z=tDutQrQ0!JE{M_U?*AI+9a+%KE7V*g)ZS$tB@&)E5*kXhNPSyzVDzZPSijOaCcF2Jn!-Cu#ICqV4ez4mA0@jVqG4N;dgybbkNFsEr3|J| zVTl~1CK9)G+mcmBj1?4K?IA`HWYGCHm`}(Ec7w}XzRZQzf6JPJ1RZ;mo1ofrOIYVe zfj+p+4(X7p5+tx~#tmLT-eQ6`oggtO@Y@_N3dV^d3F5m9are(mw6-#l8#iR05W|rl z7JBRB7S3{hMRJOcMv!lh?Nli9Ot5VI4B6xei~y`nTHsD@;0SW6@Gld$qE6hh`NMN= z9nZDeM>2!IF{X$(9y0avh#~7D4WCUE{R}M~`I_aQg}T_REW}G`{xST7%SQK`Gylk+ z5p++~aIj?(?eMLrCU3yFgy_ywg6^$Fy9>??Z6$oaT22)nsG`3rPJ$%`07cDRHA(LH9q9WN?f5G90ev@3kkt1n+oeUk z{oenYIH--Xq)L}v%^EGcComPQdewrpOje@f57eP02XV^zWL-tz54LUR(2Fme}m@!5@~Ymm@*-y)Bf#nPTwnH$8%L~#hE^)o~b|tYy&q%>44tRnjwqmT4-%- zajJ`P5BILy&3LN`vWs!t#`~@%`>v>iwv6>%Rw1+q>{NHG@;w8yPF)gJaT8G@YQ@S7 z=0jG^htkbcyvupKD-Etx8*{5Advy-Roh3=zlXacz*9L1jM1lAAy)_v2&^}to_Dhs7 zeDMI2DFs3Vd4aVL6|KIl0Gt@$`-5bxRU9V}Xa;y@w5s#hIk4l+(w@NZP38<86o?XE zJWqPnXUk0WNe2B#tUpcJ;@tuB0?@lU7mpG4NZ?XJSo65i?nOGYeUlW$)M8@TtueEG z*H5VqO$yZCfG=&6M+d%Ijt#sTGhcg4r#(5RNqM%PN*QUG7HLTp5$4JB4rmngO~(xj zpH2YSTWPj;gTPU*A2v)@`%G?uf$TdyS&`WX(xNB_zYo%7DOFRZBWQ$2Iy&2rxsPN$ z&7TTnsFv#@;|x4vis#N&qNN?lC)Z$JXWUZgNh%A})cydkNA|Qt*t|}m;2hK?siu}l zk@Ee1N!Q2P^J#{IPi)KEZWfHT_w4gR$(_NT*eJ8lX_C>w3ig}!I{ zul!hG%|GEStXbOUAru)TIq&jfI37s(Zxus%v~TA%4%p}4-q_f?*Lxu8rsf--O~PO6 z=Zob#(B5q4&e0dBp4=8O6FS99EHN?d!_^ggsN5C@4>eMP8e-6@xbdiv##Up zUUtqTYF-8RL8*g{Ar$mH>Ay(Q8$^?e*`TYtZ?1k}ac&Bo$yiEnSZxRl)5K0v%UTAn zpO>ULbMpzJ;eMnpITqT2q>u%BWA0H(d|r?ldqn{wrLS1^q&53Xk>SkTu)7L} z@ELKjyNY< zdp`XEiDaRkk2K5fn(p0r8KO@TCL$lA&(gb}^5`Qz1^eB0%{s&JbQMpkLqQeyYIUnQ z_Qj0wXu;8xkr-T#BO8uep|<8k+z0A+nw}%t*Vpjv4j=>lnr_AJG^)w7Wih@pP*$g4 zP+7j2Wvn2wULXDLF;*otbcJPZ)z1SEU=blMM8tJTbG6TI^9IJ%_&S>?Dpo=`)|G?VgzOis1XyC5G)#&LH)s|?$0Rh16F|(53jG@Xo?mmg zq!(W{EV;%>a~~!e&q_M?k;D1dL=5=X)KB@>_}A8SGsov1`ZnC@UTF!|b8JrR=s-!6 z!yHv0Tm|(8x>7Bp2@I>`@zi1^d|N5Lz#rl;F8Q`XOt4v;R6<9(h6|2C`1*t3N3tsa?=;J$Sxsa{;JZpRuoo3={w?x8z+*0hUMANz_jl<;!HGu# zWHqoCsMpy*a)GUO7tI7S6JMtjBaK-7iBPHcOEok`D8%vZIq6GSq4?b+b-nTkKK3(t zAYo>c#&TV#G?S%9_8JLt;Zr6AnHfC3?Yd-cIdZ*9|FwT^@BAY;@V(kh&xFl#-fuZr z*twoX^4ltWgP5@IsZbg(0hR<1NO}YOdIOY5Yt*E{4f>4J6riHQL^W7iY9B-=wK*dk zl*}@@7z%u^({jhz5m7ja;2`zxE39+e0TPCj6j5nZr2IOR`D@Gea{Q_Mz}Vw{xaYVm z{(4(-+OpPLprN&+Ma}8Xo@3NRKTZIexoa`|dtXa8_LPxl?l!TeSfd>$&5BfO}0 zATAxy#>(%Rh|A#a8DS!Y5=Hn0E{eeTBQbobOf7}&2km<0k`2~xj>o6dul*cyiK48! zV)I6K!fO-VERuRQSYv#cYN)%rx=@I_b)#aESbi;0-2+2!%sD@M_6BE%Ti`+hSxCfZ z>`vf~gKwhzTeLs5mS*eoS9oHqI>V#7@CF-LigepYAS!f;9y zv4>DMwkH{Tq=DF;HH@ryHh)R?r17EJhTMCMy;>`TL5x}N?~~de+Rk@a;=oQYgJBPk zhoUe2WO3o$U@k8VAj9#RbruGRIT*ouOEu{}PFhjxQYsaeP5P4MCoEMj^5c)yr!~T$ zgQUR9nu?TdCP-;9mXVG$wmN4~96%27OXt3~wE3mC^y-39GON0O2UlpU3W6fK&Sn~>jY z88`fG3AzPZiMcgfPcM%D&AD?kfRq2lx#bZiM8(_)p2BWymNGw2`+{#mzI3t|*?G9m>6PNFuZ1n8ppE-^JL-*7ZY{bhqymYO^YNN<(9 zZFlKUjtE=F&Y^0*Z2!v~WNA5dwx6hg-iaCj|HHl2Y{h4A9Ju@7nyv7pf(Z_t|Ki`t z2LQG*9G2Y=7Xxj(X|P1){vRyd`RI7$oX7HU;<$Uy1`v-p$HQ-y%_hF3f+2zfJDi>n z>$d#Zv-lyB)qH>7>j79+;=fFpK02d|Vfn;x&0wAh3h)Ry7K!1YVg{g59rO|5r(;m= zUC)^D;zj8R`UYpk7k)4mkfMZE6tUGMJIjbB%6}UhZ*sD`BtC>Tl4it36;|(esS)`I z>@pnLW8V>XJ&7?81ZB-f5Fi}`_2cMe$8n3^(-tGm6IwYq@nhF3(08lCWu~^#MBQzH zxAbp?((p%}`@v*fxj(e-!dBSd$=17g(7Qyp&=LbVd=$4FeAqxlvc2m?z@^He&~DON1d+U+0!QBm^_aFV>V{=g^P*Xa!qdR zMjQo7=;-I4OnH2STrQTdk(pI~-HvB|May!t5*{Y3@!3Z4BNh352b5|PAv6*-Yb}_RqM~N+5UP4Mt2}tUn%XBgBjowx+ z@9i)#*P0#mIT2xRrnD|-^9iH&u|oDlxOI^nuBA1Ot?OwO){1D+=~1QE_ml7l%qQj_ zub&$B6$u%;$=>9zJDyvfAjyeBz_decO}uF?zQt^~!@cqv??o&R6@(>>e6J#Fp=eBy z@X#&{ki^aD!jRwWX?CR*{&4q9l{_?#Qrig}AWb+5r`cFDRxr z2(XmcyY1wUESYjo#e4;X%%aXX{tlTXITrm1nU(zsnF)s!C6CWgF(*uq6tkZbY9#fE zqRyKpKH;p&*C_QgsE@|$sf0Afm zASql^HvuO!?|Re+s%)w5@?lujON`MbA3aX+MK|DlWMlprG3OZ)npq&Ul38w)>WO9Z zLaGIxE>6_<=}W#UX*8Yn#c}MBBF<-6jrF4gok%3yRo#-#dD3c<}xA|Y*fAZo^&--|?Uw(S+Pcgu8 zCvN)UP-csigUWk1A3@S%Yc(ggC5;1p9$bIFGhBF@!Ce#O)6e?_N>D6>hqA49BnBWrf}UH7m*;~9pUj|!5St`iU2*%I>i=4C#_ z1L#7;LR~WG!fv~y_>b#TiSF>rE2M>L;VVm%cS-kImEMnjRWjfUOvy{)3)OFarf2$m zhVC*TOf`6tsj(huvHTT0BOfz2R&Lev0BNoJ{d}{vRh=r1PXm9mYV3TmjJf^0%Hi63 z*@R9db$zpuarT9(F~P4g=9uJ)iQ9Kp&ks^Ol)J+{m*e7=Z@s5vK}5^E%9s^0)X1C8 zXI~O2{ZSXsZ0xvz18}j{7bJXpE9HJ5!rN3k_in2YXczDg6vxzj6IKlrGylumTk*{} z4iQ58QEXGoEq5Lup~_j`hh$f8`c|!Yrf&{UTM7J-ld>-Ku$5B8wg&$Bdkgqgc7D_4 z!ABP89T+fYqUF9Hz8|++FvrzC_77ya-GDd#cuSY(CE&~_VN0+ zY+tkLHmHhv5qWvD!1?}&GRx2LinWFs@lZh;(RAWravQg=jP7X}MBbA7c@56A)d<0N z@fGBmn23*vFNiF5t3q6RM7GUY@vZ)i@piw;?4a5?LwK97q5sY0;o1}pV%7{4ih~pi zs-$h(EI?uB!nsG#59I9^{ztYSgpw zrExF-%GwWvE@1ut8$JDO@N@q%deUqEGJ4d|BPFD)|7G+v<7N}G$xKSg=hk9%hXig> z2$<6&qoQC?VZ@!Hn~M$Z1@(@m3Ks;*Ckn6PI1n}vl~7LkpAJReepe7m7o7MSUUX`! zz9*p`^dmW6?yDo%FH38{%Z=yvZ1`zA0u|*Iv+YiN+Qn-7<717pAdFPD z1!2jW3q#-p<#F53SS_oOv)M+_r%#mv8@%|+RM8(oRwW-5?$6#*R&Ps zD*Mn13Od%BOd)$dCsK?90V`ErTJXy2ohzo&Ift{dUz#f0Jn}o%*p9l}YVzK8BrKz@ zZwFT*`{K6lI2M`YV5P;765)uSO$E&z*kw2e$PQ;?Bcmt0bMT@jbbQPRqO8i7PEgxZ zeD5zE?fRl#ik}?k+At{)UbK3R$MaS)0|($NBjF z_85lbZMSM+@412Zhpp-Jw;V7Dq?&1D(_{z*xZg}CM}P{ro~_plrZ5ucl^#4t*^67p zHtx|(YxEL_^KUZxZGTudX>9P(fDvACZJ+iREZ<71ZPjtzhx%|!-AeC7B zZ^#Jo4`gJ;85DDT1Ac|1N9LGolSPc>o>zW>|0`ft^Yp5#+>S!~Ce|8>L+>w28gP-p!kU_PLoi>yPp z_DpHih@4?VN4=8|nu4e;m9r5t{$sw7#_bOahsZxY{p6kKcs7FJc6h1o?K~4n zy4I&DhvhR)cM=>pq2h$bx6t)mAC(*KQ zVRLnj)O~yxjW8?E@Udm}FmAw@P~7$!ZLF|y&BF7Oy{!XQSh0jg> z{Ku?Y4FMXP!m8-c_{{H1`sxz0blbG~0ITp1qLkA93sH_+*H1(o{9RvwIH#s>nCN}- z;%=jRUVxlnfc9B%wutxVZ0mebc%uJp!TRKv=uwvly5t`l;gwT&En>AYGx%elOm(+Y z65e>u7yTr2PEf1YJ}y0EO=EVr-G2`5Mh#tuHvr!Yf{<0b<>?R)_Khh@eDlFCBfYTJp=h_*yjw zvsmj`H-oqKm-NurjXBJNFVT?jhnAdBtaEOVz&omeh!h-H9AImKUm)I&l2JuN0bsJa zq0oq&SV&oCAEmc6>GV9}S(mw^B>YGNiSLET0sh^90!@PJ$!KUM$E#9pmj#Lvmx~Ok zW&J*laE9}zw{QYtg@y2Kz5$y~wLasxR@)iQ^ggV&xQUe~o6eZ277vOS`Ssyi-r?}h zA?F40qPml!u(EW6g`8Uy$v{e8Ol8c@;>D#VG%3MPvqdT`P2^y0f$lludUoW6mCF&s zOU)B7LZ}JwT2p_xpPXZPXi|_f-6r5PH_{ zvW)dvMW=jSrf%%d^JmjTe4q057}xMW5o!rn7)>OtOM|bSo#6Mb!)u+7HEqefgQnDZ z5VqjGN&Joi!r0>5nTlO?M1qp3c?E#>FdVaw zAm!zg9R^Qk>UcMSoc#zID&caId}F=V$H1D7{GofEUSPMeA?2MQ*~Jzk9rl%$WZ=vA zA!W;LZ$oHzY{a(!Zf zjaiOR5AuP^rPdP0xUfiAas729oHWjwjE>*v;^pnW*KYkhhinw>xQVa&x~86o%gNEF zrq@nq+$jyy)e77*Gx!3c2c%b$?GC1Q?CM+$Tu`X8)PsqN z17$l=%k{)FASD;l!I<&>K|JQqMeeuE+JdKLXvzp%bzp{zK1=R!aC63pvZ9 zIWe|a3lWg6u@GNcc>395O_RLaLM1|)j_sn*+thu}bZf3=02FEQ}s%32B zm!+K;-$Um{yq)ZJ?X{Ck^r8u$c95fA1l<7AFp&ZTG`{C2qRYik%TGIhM-!r^V0+FqUEavxXY^`Jy(701{07>93_xUuObkK6J%yMLKh>EM9$9V?z=5 zEq>H*SV!R6N_4k%oKn0tijZd24KJ+t%$vkDPj@X*_oFOnwMkB+t-rO(G^S5gE0-Vf z+q{xqh90xl#+=fXd!A3Ja~C17s>1@rbo)RI^Rvw zGYz#(*;g{zir*94bvYd;Ho-7QQ&iG|PmO?f9l4QnsJY;J0cYcbK@_-M<1=HaqfQKw zrS4#b=w)09+{_aZ1)|4Gt!)M$B+i}tcBMRv{>C#9d2#gRMTwrej?b`Dp$?NyOR|`h zMXVyB2ygpvOJoHKI-^PCQ*Yht0 zF^c40AF6I(>Yh-pAii?-Hemv@_kx5S8-fLm-1g@$f~ z;QR(L8OG4xZ2qL*D$_4U1uLoL%WjY^A$>y%vK_pSkMOHmJTTq(c+ zRuChqpAKLJY=cSFT0Aj%Y4>8F8%;hjX0GwYZtDy3|+|lX}Gswo} z{$SA^Ss)M4VsJN#{-w^PVk(`rCnM{n$)<(#Pq0gKhA_Lq5=-b(8|DEtjE zufZEf#dLx6BHB16`jwRVoKPL>arFtRIiyo&>GF@HtduVED!$pp*V1lD)Mw?G^LbWZ z{68XH$HM<~PS_DBgb*FL%o;K-bk1&+XKJ`*tT0$@YtIrp{s%j_%x=i}_vXpP-sS%$ z*)`kPC2DJxu{<(JI}q*Q5lTBT6Pvr7Z$vtV(-lBBC#>5nM`~U^&CpNW8r#$*tS(ku z9rq_52=*@__m*%c_MeUisy3kGu`rVM0Lv+ux^gVSzfRLP&Al|7NwjBMUGT8Xiu*Hf zWNIAzxf=k)O}b}QzZbVkqiPb;O{im>X(dvl-o}F|5R>4JH=VQ z83~imq*Cv~o5R`s(Qw@{-9J#UTeAUpeAZ~}f8uejq95p)V|jF?jYsG=41^Jiq1l?J zX^KV-QRhLU;yCYsI>+0aBP-3z=Dy}%BJBo1>!qeDd=e@c22?`!1tdF<2hGtBAxF0S zOQyP6cco-Z1A2X#`J^WHC6Nf=IG%Y5GtG<`4YPYrCbWfX&<}evA?>qEh9jZONwN>J zm*-sKR=6FGiOhE=4E;T#`(RN#5RMeaGr3Ozy^a=DT42h@^<-D8sFEx%*=04(pQ|ur z@hHMM!cHG$H6(chmKpAr=;HaBue3g|$LP3*Q6)e!FsVdyRl4YJ&IJOap`sJiMA;mv z=zNJBk>j0RzdAY(bT)tdwrL$~4R>gopem>4=|pXscrJ5lqd&5$+&7|gsY>QlF6U5G zmQgYeO9=`VUlI`#OTdC2 z=(!Q3KtZ%V#rZ4G4hSXJk5_nILdzaC0QNbM_YAR>d+1^Ru39apVIj|IZF^MuQTnrL zVQ;V&iHFj_d@!kohg^4ck~(NHCCQ~|O6|0O{!v=>O5(`CZO;OB238%aOp@xJQ`H_n zr6n>&Ev+&=Y)q@4oL=7$OC#laq_DO_^$IiPHH>Crk+Zwzbno6z$-qcaR$M|F5V7M~f+qCFr}d=@V>0K^Fu(T z$IZsT5~ZD>#DMCkxD#1n(U*kt$?Q}#_sH@Nx9(-yxtV0}hGT3xa&Cg=d{u6EYwOkr zz7COY%%rbC{Ip;|HTdC7K>YORK!A?}+pp;xCMo29p8IAF&;$2)m+pMG*!FR?+Q4zW zgSm3?eKk7m^t&){ZR_keg3VxqyrX88S0v|bc$gN2FN$99S8uz zn(+0kY;jpHZ+)sFRowY$91v+mXha5^4;p@a$g&oK=z;4Q%iFaBgzR3)Fr+J(t1%eY zqLHE>1%_$lZX&e@#M@(UzkO+Nd(p@FE;4kj$@V3?+Phm_2zgH1T@V&1SdlhU4PCB0 zLep{)-1OOB--QZAVtqdZ;#pn{L~5Xf5e_s`0kD1M!E{3bAReCDw?sijRt6IrZX9hp2pzsQir;?g0K`VuLq36ZEfg^1zxTqoCag(6w=p@{#6 z|0agaZDY06m^+4t-;Li*$tBU&7U^K=<}#d8_sWL<8PY$Zh8>aK_hwB28E}yYT%gBb zVdV(qbg0_2ePJp25@2%QvJ2h<0z%h1Pid?DIr*PkVdXxMDRo^UX=kE9w+w-??Z)d< zHo=5>8%&hdx(pj5kSsA$aF*mcBCBc!1mL5CoYmkrQ)U*5RsD%M(C_pb)Opl!v)Up_ z*1<)v(DcE=ulnxAeZuj7xXlgyr3o|R-emq#%cgD?X}74Jo36W2{(*Q~&t2xGS%xHt4xA2@ciRmb z$O|Hvg1=l3)IZ~G<-0SNFb1Gv3PHTe3)p}2_p@dB1)3Ew=+Nmy`3=_SL5)iE;P{@;z8Nel9W>Rjg*jdHx$fiSxarb} zJkpkhtBr!cJ2Tv`rJH-@ZcP<}ywDvt5581x&NoN;moMXEpshb|3G{je`nR9AWV>Z) z;effrPId*g(J!|c26+gI$a$5g-JfpC>&WD&0qbfwQBqB}>{x#fOLhs^;E`m`ONB<4 zX9FHNCm%T`6z${1kNM=V32?zyV|e#BgzM$F<5N z#c=ZBGI*x^!ATkJy^peuM$)fH`=U(+0?PN<`%IqE3d-8Y!>q!pRKni|)Zri(alnDr4Wl zWVGLY*ASYlj@VQ$l?NLLv*-V+QsB?tL7Bi>`yf%g!fVr%Q7!X&QD9T_ll^l-LD~j8 zQ4D>R^6y*$ne!xBa+C31yKoN8-;gR&&b+*s-27nG)BFtK9Z(C|Ihz*EPxWRGZ#Xti zce_24N_)5JF!O$YOvzz`XKE?@m|lN&9Is%8ShAD_i7{?R^p@hQuIWC(Er09ejw_rW z3R3?|e)U!dzMfuBE8~28F7+J?&&dE2t-Y~i1eANTR3G7X$h)zFBwiNU5@UH%7-{4t z=P($>se~$Ru*J&a=FBq2*0k?0n#$We3Om+Rwl32x%!^Fc|H{wzPxu_drUCNvIR*qN zhE9tBsHJ$+GOxI$vg#m{=+b`pri$5=%g1dV$|$HmS;B&??3S7Nc}4Z9Nm=PP^y?tz zaC&QV2Al2JqKths;}O!u1ztEc3VtpU zcH-XQgpD9!_@~t?A5VwL!b##cf}=@lX?0{IjGYvaXQc^wL|~B3zX(>(B#_AF38}d+ zd(0KgZG##enDRkM!OBm1io}}FjTDM%RS(?6tGEd ziikn6;C4cVdWbxw9liWnt9aqG;F4j|&x*F<)=Kob&?9Y29SAZn4=6{_bD5TTuv&24*yUtVJ9 zpvYyYrG72mQ(_@X)l49q8_r)EEFA&!lu5%P-Yd_&R@TeK4Euo~n zIO8qGnH2Fs{r_3#y#UmCN37@l|0TITr>-X)!{$#=NagBemI?cBE6LbNT<}%L7JAak z5WCxynv%FP*I`oJn%~Kuzt*|VV;7ciC)5c)K1S_3$-5;g3BKjc8rF-%vLoLY-f1E= zRxw0zv@329sTSgRh=X?)&B$8<1l73?9!s~-$x_U;`>$ezD5%ri6fH-Tcp8dZYkqTT ztmI|iE|#}9@ACyquM#w~_w@K?+yW>7r*kklW&HFhxI5Dqg-LX~_o)AJ^mYg6H&a76 zq=jxKgI6@eh%z1MC$U zO?p{m8I|OHkZN04;!UExZ8eQA+Vq#I^GD=Opt~L{PN_OM^}1y-D2>rk9S^@Y_?Syu z!svLOg%1S1gWSoknpCnsmkk=nd#jIEe$fXH@u4XH@y1uuF!p}!Cag|5=+9pNqB+@Jox>Ig{9&K_1hRrv@{v4$}TV zO5T6%o8g;bB5c|Uy?f)E{%0CutTg>>GSe|G%c66(0bA!BCZyh8UHq?>XLU)Q5?m^m zL+lO>8RC08ui#1?uRfFYxK!LC3VCPw3itP2ojvLJifl_aAi2b9Ubj28Nr9A8K%q0i z#Xg9ErY<05v=2b+Y}o8D@KeKX2Gr-!nm{CuPF1EXEJEc}%q`H*Q(+63pT=4*Ff9%I zKVDnW@bV)3+Xsru?*qs7Y*h2zjKAFLCR&zIV)u?DZg~G`2H+C%vQACUHg9FOU7E{< z;d;@6?O3Hf{htDyU+i4^g7ow2I*Il}xPOU*aS1x%g$wdUaLA;~EJKFJ8L&d8Ln4#y*4P~J1z=dYdKi3b=z3Ck%Rjyvgeyr>^`rxya|N8Ef|6}gdErUxl$3d}c%%|rg+=>*d`(sQ_B9 zPmNP}nNeaPYkKySh>G1(Qhs)KEyP;sWCm_dQ?eiKeyUP)F;3=O@|52LBtRklefX@+nQJah=&m$hX2ieMgj{$kU@13hPp-=R-1h_wZ@ChzJjwy{o!tkH z$M4a2lwz1RRKp{wDLd_}B)Gm`@u@#}c2QqVPrVWjhO3Q%pXp8o&^Y&5`$WCtXI_^m z(4w2oBd6@LkD0t(%A(t%{%0Ol0|oBf4Zn102qo$}z@&jVrw40?MGv3K>crY+5@4v( zB&e%ln`KYTB2itoDiNin{<>R5$_X5CTIeT|lPR*NPsp#7B`z({5GmBC4u-U0gA@cG zf&uOVEv(<4=SfntBL^>7W?AnbLAS)$6D;%$%Z|6&Z3Byoki^|I-N|9wvOXUTN8^0f zaU^Fo;kkPWvWAcZcn@PrcbbH7F91!gKv7TG7r1loLXQK_X}`%3$$`hhr3Jg&yr>D* znoqgXr|dhdWgqcJ$z>m?2SWe%5RCbXupI~cjOj+r+31mvMV>=`#9`Zp=QOvs!Qf!%ApOgz|<+%*`2HQ+6io85nBV41$T z!cb;1zFcVgzRYB1s%pOIEKgi9w;<6^Jqceqw*Y?8`(qMcr>ZnboVD$^(^~bBQ*9X< zmP=pX^ha;s6fL>ha;fLqop_6Dq7WZ)#0<^n?iwIK zkl^m_?(QCF+=IKjI|K;!b@HxvueJ8K_8I&9IMnDL&+Iwr(R0vrU3cA8kKekH*`OB| z!J_E42YR+@FL{#vOL4fljK>dA$VUduNtc|HSvTDsqv<78wGan^kGMyNOln(`de>QxNTP__xQ4k*r7lKy7 zRxOCv)K92%`(>-j2F%!W`&w?`SWcGH{{1>0H7Vhr=_D9f63`sau13M4Ybl~uBIIM~ zU@HCycV0IpVEkw2UWqjz8`h+|og)Q4lyNoqEd_sZqSjba*c^0#9w+g# z;8=)AM24P3-X~ff$23(9hWOMpC*UMOygV*ylo$+Uf#QT>J8o1L>^L~j2q#5m?j53S za&$gW^8q#q(vm>~os|qp+Ha)aP!e_dm|Spp3?S`08#?Put#E|4y_^VL(_`MQ{s6?? z2K~Qn=qW}v53&F51Q~@VU#%OsVv417_HMBUcZW@Au9+``2{{KI6j}~oC0Ij!Im=KA z^f8bMPzvL^fHF;`JNQj-CE03S^0`8G27n6v55gR)B<>uVKXKdvn{zy%& zUy{}iP^~XeQt4MWzAObVRg*BTEco@O$?A~KHbB`VlS^%rb!8Pw;)@!pgqjQ3a1t!U zFz7pD7<~9gC}6lM*u>=l@Bsl7={f>+no6n?SQ%A5b*-#Tkfu&6bl~GZ;K9es7;=`- z4Re;1EORt-mblPzmhL7`nI~<0KTOh1+MI)@jmMQOoqzMGKWZ%JeDaCU@X-i&g6T^u zMDBzC6Wom8eQnG}ykJJ4H);fBG_EU9p{XQLaf1R@YX?=!;2J<9VC{Gg(5jyW)A}n8 zL;+eH(3RByErbuhk2qlqSSP8-%BzCAf$mN4g1f7A;LU=s0qBJw(+iOy5&py{MsUb> zX1_CtZY&A#Zt(7X29ia((l#PU1lV-F_NW^8H(G@XEmSJdo#+SMiGI+X=${WZLV34g z{a;Qg+UxeU-+;eixs!^G2Wp8Ihxs2`;>Aq7ly&Euub$^HF0yEw(8gd~GFX?6XjMhoh9l zcPWTJ1H4S8#Zm-De`)26U681m=>6{Z7)5~rtK~7H6s!oQ8Wu%^*~7C`d`x7Y7ICMy z+6B>j`R_uB-s19%p=0TFNEVGe_mPC-7A9;USZhdqP8Pd)ap%#kTQ+f4X~j#culu{5 zi0+OPF%P{3_JHJPvv(9n$|p)%bo=OXWsDF8jnkF{rO?#*wlwyxbImJN$LF!vcG_O; z)@6mNw}#FjE7i|ai|g#ix(HaljpqLb?}kN=|7xF7j{akx8i+09e;Z0boE0+9Itlj6 z$(G>h8Sy~qO+u6UR3j+%Fn2X%w^B5B-r#u9vT%X~YU^wH#Le>bpbBb&mmv$QMEob; zXLqaShZ~#8!rHg|ZbnIn)D8s=pPEnEK{IPH-7#RfWoq^pYhOBVWYC8~%3?1QGh4C( z8SxeWy=ZdKXVV=0uSJt656U(3AToQI*MJkUS5}3H6e2$k$J6% zFNHavd0lTjXgw%$+VoM?>Bck^TTFzqYG$88}YGWNG4U+@>{mH61f>a`AsiOOmd zMV}-7Jfss^10-d^p3#WbaAfO+mBfyhwO{3^f3oMi4k z?$4_jZWRS|)_g@CG^@_yRL_rU4QU9}g~*5r9pO=^X6#?lQ18PoE%1PURdUu>{$nM_ zs!|e%h`Ud(CEIh`ojs^S8uH>#3Fr228`Zx#?*%w{1(YX%)NSqBZju7FMuzJdQ7Yp; z26nP_gedv{f2xNQ>r3fWNFP@`r;qcYLH8|j&_Dd#B zcDx6=mtewD0NiZ2a$*T;#z-k=>DvKjTtaj|wa5hh-552?ve?faxBcX|zD`C2&P>rT zDOPHb@p?l-4?9s@lC6&zkC$B=(vpliEyWul59?uq;4ZwXv0Z6SI$C;Ii7KN; zNd(AfZ@3yZevO^lPHK)7+voA8RekGHh3m@=Rsr?(IGWFI<5b~e?G>Ia#x~nN6fs(L zF2-=hN@zH5TDr64z!hN|Dj4j=;_)T2?V6z5AbYUup`3$!{-+T>7uudr1$)ftk}x1z ztkZ~|v78Ow3-)IM8namE@*oMhqWX$jb_{~}`DZkUpQUGorcTIs4Sp8-JNpqkTzla7 z`g^wSIil0OB(V)fLxPWX*Lbo@5xEHf;V8*U^>OUOb|5FM-t$FZ+*~G>MrLbRI}9!j zW=~D{akIv7<9{W!WVMBE8(HlKM*RbqjY&jYLBo%t&P!}L!TVef3r=u0a=p1G7srIH z^O4&`=aN*i`idZT(HC}_{jH<*mDq_OKX4tnN&>jYl%7Euq}T^ZT^@=n{-m2= za;`8ZFkmA-@J>+8YE0*w&l^I??FHl3WcHD&%WT{tm)-b-RvkmvQP=VD1A_`wCqi-pe{AS-v*wK$4~CPGb(zq`$}bfnv7MD6*{A$^s^pz(Ni z-`J678uY%gPlr}oK5k*)yr?N`prpp-))i{-T+CIMl}{`Y4N+X`BND8ZDZh(1M zSWnIRwUcT=S&_vrmb&TX*GY93JD;aTMs~h^7q83OOb&YcqXulx63c~b;v-z6ZI6_Z zr<%EVRgcV)@^nDPZC#jDM53H2xfS;`#|qu|M3v~@{-pzM6{E+L?&KOS{egD&E|<$| zc{9(yX;YJ&KDll*yH)wKj|@eYb>8PU!`lOn#57A$T7j>sr85mj^^=5HS!XPuIqF}3 zpl(t>jmVFFoycidL9I4+bw^keePl6p71S3D24Pt|vNH8ogLZBi@7QtWFX?$p z`V42JWkS$%_xWa>2K=-<(NXhjuTjo%q*T#>tjfzkuzxXEHEddr;;>t@ zZT>_)hj?%p2Tf{@!Kp8FiTj} zFP!38${H|i|3RkHLd}Qi@mJ7r@_EkZJTxE9$Fr#TU_uovC_@;`@6UW^ZMEFZc&9ma zM{S;yR851QN-DhZ^;GIm7;Q51+{|EHXNH>OLh;qUH_iI2DHFAMND*4&vny!64Xl6> zVcc%F?U5pAW7OH>+x2?Wq*+@d_A70b=Idf0_H$b@z2k4q<>Wv0uham6pKZTs(YCq) z4MWVTw=!t2ojNL5?Xq{$y-A?U0)zJAj-0o;d3D=sDXr11Tgs(m)Z|xn4U7|&u6U1_ z*;X}7^Le4wI;}xWHvwFyX;c4kPq3(0DB>yqRTimPeQ8Jr;!{P!Zyxj|RCBIYNdruV zXY+ZL?HUAE)sN~Pr2lfsjFe%QEasvO=NUrxv8x|l+vj!0-y4N*8!xs#6|Sbn+KAV? zp})o38#O@TS%g6O2^=ki^VppGUfo0F7N}V^%93$c(X*7xYjFJiUUyoCXqq+WXS4fL zdt@Z!sEr55%&(kGdcJxLkJWCR`uvqu+Z&vGE04($tZdCuy)P%WraW#o?SAn5qGII5 z6KX0gI!AD-QAE0Xi3C{MihJE`KXV7B@~u1KY6;bnZnPH*8Z_|OsVk?JZMm@Xx?o-FYcKcb=Uw;ro#vzbZyw+DB}?OmJ&8XZmRqrUAT^Cv zlq^%1$WG%romzL{GO2=kREj$9%AwkAaFxLdjtjt)z?2R|07?rGrORGO0MH6dX$OIX zO}fm^P)DG&UAk2IOb?KvmGKEUOXmVq`4hA5Xu#P>!!kKtXc;I_$TEPQEM2Z-0h3$P zmGc57848s5w?b%*E5T?%{fSI$Fs(J5$}hfZ2p@daeAS$=C#{m+O&)IxgU+<%fvaR_ zmS+U~<~|J&_i6kUAnw!PfUe*L%!5k;)By9VP{1^D)fK{afQ~D%4lzjno&;UtqgOxc ztM^wNi2CSph*fi&0KP(jLY5(Cfv)tI9V6mH+tb6Z8nR=be}lw!ZAg!t2R*VHioX6X zRH8opSl1ie|6APKp+my?C+?;FPq=q${lCJ!)~O7fSlOvo6fIPhcjkgF#)FUKrKGZ? z40BX8jX`^9-E~P34QuZ#)}a5<7cO+9ikI@+3ilzNy$4cbegWLn8>aUC&3ina-_-%o z#s+(jLN`(!cm@z%=}zUVb;jts=B)3brSFG6F1$a} zK3x>OIQ-JSHq$Nex^ngf`|a#b&ZBsZ^1C3%^F_nPC+}%qKHLl(RR&G2L~zX74TtW=}f{b}7uCurZ>U^am>2>ZFXEY}$mf{py z*u09prNs{$IoY_MTSYn1?XL4vl!zlsWhYZU>w}OoaG=Vzog+auMt14$lH@VwkSxi= zt}P0KiN@}eve74cr?A$`PoO?;M<&zEhwf?D#@$#=^RV#~|BFv0Y~jv3Gcl*%c^<;( zxhx*Q``Hm^JAp){wqqj`TA}gB5i2oZ^X?SZqWHFHt|3F_B`g$F5m- z?1;fz1Qso^TdT1Y+5*yPVxm=0CBnNeN_S71g>6b*Bvmv;z`sNlj_5g8Ct#=an^vx* zCcPDDg?jl9R9s#%FT;lYQU2P4;ab`GsJ!k781!+o$_JM%w}df)+g!uOeo~1C;aY;1 ztzgf)M$9{xPWR!6;(-oLLvt}YJYBz58#H!`2-rYoE^cU#Y@!R($tp-7HUq|LBjyh% z8p^PW{x8T6Nk8A9UG1;6%`PLYQtT6g06O_VHh7)*Ok(4w76RhaFPtyqsHV?atNP4h0VJcf1e#cJuf z?weA-pSJ8wO6vf7UD4&wZ;1bgfEtGtz zQ)$%8C`;Lj>(!&kt9|C*$e!d*r{4igR}mU!+>5dWBGb9CvUmjmejq zqNyRmPD*`IJgQOYma(M&sFQ3&UEUJP9A8*rk{)$ylit)EcT^i9nK^V&h@KP8L#=4p8B=9fT!)}(T4XSqYUArw5Zs7qY2x7olw5iA2u+2TP?DH zeXxSBk10ks^2Z7q#;m&@?^%+^F;WNhjo%ykVu}fOQf^-h-}ISc(2i-VC*!{_gwb4* z)VwMifBh0Vyi-L(LKwJ8J4AnGB2sACPC(UFq8F=AMIvi5gTF9mhr%}W9l-ETWvD3 z(idSb^`Hm?)_X+D8?r@{+S4T4zld($>$zdvNxS4I&<$uWOeE^FOFSjnqfya0-d|!X+I3lT ziSQr5xehma2IplHZnr#tao)MM9-$!14w;&(ED5uXR#=|qVC2I^h1OLu@5(*HA2x|q z=jZM?Y8mR=Z(xe2TxKgkP@F>QsZx4jL$d<=GN%af#mo6LP4x+&KNrdRt}`iDy(OV5 z|NdF?Gl@i7fTw&xk+0x1zNRIKTw8*t{0Hdm0+&BY{Z{qGx+=FR z%+!+U)MKrCUVUso1y))(%Y=Ue7;3sMR{8=7`$#fo$ap*csqgH&_>0ilXGo=dPh68a zFlt{J_OxU{igc|A$W$Aw_E{6+$Hdm53k4px`j5+fh>HGj2Gg!2rQ^%D0-3w)2pupw zN%KpgGVD1TKUq@8DKNvsZhQu(xvhr{>II2*_-wQQ13kt@fk+! zHpd8s*NUU!6aktTjtoQC)a+QeJHUD9T&cCRLe=`%HYj7My%B{Rb{YxeIz601!@Z!B zz>Z=~X!s_^fo!m?=IhzSc4RbV^ml|KfgVi`VT!H^yAoxv{Ur*rHos8{zm>nZ*nbyKaUqwqvk$S`z&ItCh+cI z*J~E)E)EX7NPX-CwPriglSZEo5*;6vq43HGOOsJxU5(TpL4IF*O7jc02ssAb*|&jM z*=~b#+4AO$+c8wT=XAxz0`YO{RD0vnEw^7{q2I-kt|Bnz^niyhiP2BTgS_H*w<3=X z#ontIWu>Z?n-Ru)Gg*x#%HH}!(#J81Y9mDR#x4tTbGpj+4{kZ$71xm;e>3!<->TQw3D4^uLv+$Pv6J*bN`LTXGbLJ zT$3-I{BE*1TNao&_zLsLkZ70%|&hC`X-`8}8B8`_9% z`^qt1*g4PW)Z1By*E*klW_fA+dSCrK1)}~^-w1Cs{}sy|5r1Dm{Sw$ui`8{huX92j zWizCyz|jHcYiJJ`WHinIuwICOY5xw=w)WBQeZ^SJ%=Qy5Dl3#J=`;FqR$C`|Y9;Rkgpow|Cf+8|>a1O0uky1kCp02-@-Z0=qA7Ps` zL>!K%Fsn<9=JE6V-m2mygs^=i*u*NYI)o*h$roC&93A;VxD`0?@vT89zD{daNTXUU zla%GF*smT7-sEpa6Y;|76$GNjxY1;3<62iIJy%qzK8M1+R^h@iHR9gPzj{$xkF9Bs zk3IF{aOENk>w3JyHCVYzwSoc%0?=}qkj1&84`Oj}H)(2514kiUZAIbvRLi<6u3V6J zlD^#iPFU~_hltx$ABCl>yCx}e10eIXGX>sNbq!(gvHDt|F_+zE>ts=JzL7NTqVWo1EO&#X{~$RRSItE6qbiw$CM}M5BKy9biG1lZ zKL<_AhyCv4$|Bj02NNFIw+9mf(uu|%^DOHd3)B?H5U)I9( z?D!Yg)xwu)E}PGxFd@m(NhX-MFlYO|MArM@CH*>{t&(ZvENv*2f8J|9Gmd1J8@4xw zwOKUj$O3JA!eQGHoshtnPqfGp<^l6Fvf++xk)y5|*9L~FS_Fm&eh!o>w}du+Q5>)#HRi0p(oore6&}T z`v6R(US30_&qekXI~;D)CneqS-eg&~_Z=T>YQZ_D>=QA(EbDxHg8&_e%`4$V(@?u` z_vCNZWqdS7wc^rpS|H(S17o0v01In~NqYu8sonW?U~eHoR*VlVzg+uD0AIPk0cW-w zqt3yF_e0O*?9va<{G(i{F-eqzEVB=UYbU359_$M-24B3e_8)#Y4l$RLK-Slm@zgD8 z(6mx$adq2NrCW0`d?Yxja53Oqx9ept&>zMS`ju#8CDD~fP0Pxm zE+S{y&l}0QbZ1eqZ)OnsCm;G?NKL+h5o&3Go)jsCC^Bq4bT48?f)ak7I2s30sv!kh zTH&RHnUc{WnHc{$)z^luO`S#-aCo`kdO`Cz?sIrrclf->Gqp5ign=*)#a;~ASCrx@ z-?z^e5_xS3Wpr~6?LorU56XYp_`y&N9JND{SAFsbKh?oVV zH?w|HT!;6k^dW2FRbOA83y~9^9S&^vY1gtN6B>=+$lFgocKek$&ddT z{}jxFhs8sM`<+jTt2aWaYIrGWqm{qWEfHN(7II`W#hF(7;f#nL6(r zT3>t1<#%53dv4g`jdO>uL%nH~tA!4~D0aUU5Fo?}jz)ywC+kOZGQ+*dyf3$MK9d}1 z`bCVX@G5Vm`?67-ub5Zl{SB+zaH0_}VPwjwl3sGVCBNo=A*5@PcC12z_#EzMV1zxA zP<=Je&^@#UR?Vq!?J46_6}Uk~TdZzitvSFLfeLJ(2+DvCxag^g7Lh0}i;U@G3^rH= zHP{)Ai|Av6MhehW1tZZGLKJ99!1JL4ERmxF>a4-)CcuWU6u@I-5dfNiy2rZh8x53E zTNaWfsc}GDrQ`c>D8X}_e#&~RulTiin@gfX!1^+9x26D`OB-soO-*3E^amgF1wZo% zunEww$&y9*eeALB*k2RS0I*mDpq63^YjoK!qD)kLk$V$xyGNn4`@T_7`f-+d}`R_>ZtFY@b z#on-O6e9Q`dhB~$-Bw*fQsQzX=)jIGWBj zwsEHsjp&O?`jGAxbE;~|w$lA{n*~!XVX)jSlYuw?lF{lz*7G4Jyby}wr#^a_{hiW2 zRDe=iUhDrwN^A8erAlH=E|s z5JU}cLM923)D-b@GT|J3k3o}a3>P0kCY{y2nyzNQG-d+J@j6arGo8QR*f7b+Mj)?m zb)mYV4a#$0SO1acj`%a~{4>uD;@Hu6Y%r&%N#95wjN>**!0ZaX(^zX%c3GI^8${Eb?5wVEE=jn*Y3#D2_i6e2 zsKoK>b%!`~v5A1(SUoMz;r98`(PqOpZ=nHm^}!dL#EDW;5|*k7mG?`j;x_`~Oyz z19SeTDwnYSN0k$c8qfc&$^{Ajt19>LZ&fb6__r#DO7w54oXXkn7LFHDs*W?ea%-x# z8#?i~W{@WL)ZtQ9B=;3#LMxrg6QpPo?`#3HP7k^(#h$Uv=Y6i?rfM1a3>*@nWghi zd*c^0cSNkPiOY|1GY^8rrq$DYkSv#rh5Vmoxv#%vxxkHok>#xaO_oCi$#RA}NB=>V z%lRYAUCGYJe6O`mWo`90v3s2WLT;=g4!N4`FS_^0E^J~X& zWM|XHk86 zNjVApdJT1eTTHezCk_vxfzc_}v5IZEar=F`6Y&fR@0h+e37AI-monP?0um7V<# z$M1vDDqphH{y5r09QQWCmz)Xv4e>28`=e{gb04sfMcKSdmxgiOTYy-o6>M-=RLCJi zB~koKhD}8=af{q>Nw>@OlrE*qSEBcj>ES)20xigh0N4#X)GD?d0IWR^EaTJsS1O&a z71bthCrQQmT0alc+U5@8^fwyM5V{YxI}fnMubWZ}QbcL(r^wm-Td;{o>g= zSXyXE3-b07XN@w0qJ|{gD(Tt;)z!X~VI{RXS@Ew;vMbudw;Fu~a=WF zhx0$StFu?>f9x+FATMr;q`NPQizTag_FW+-@~3tW65YGP_%%8zWur9(ACo}ilvcxs zkWnrqeiw)bmX8a2nNoL6`}mQhlfBnY3$4#IxqlBcB>dV`%29B`5BLrwA^~++F=zi$fPBn9E4G=z`bOXcjG1q;&E);X$)^K(f{Kb1zs&x+2 zHn^nWlUgwyy9u=e(5dq6SA@H@UDmf)=D9bvXKKf72_4Se-d2>sRe#~v&DQzw;`~@i zoA#nzEb&YF*+qt2uT?f=lg1dHUWv?~_nERzag3a%@v2VK-^ZRe2b)&BZKlt@3t^6U z`tDJi^+VZ`GuW$s9T?W&hQvuc{ej85LR8^$GnVyvFrzj;(Yep~CdtHQX0Hz>3p$JF zeSVyyn-dQbyyxB6I#?nY%?=n%ew@4Kr({8GtxcbN-+XM&wzxYytZrSSpJCx7REP>V zH{7K?B_>_LIK|(fs(?@EJAKSI!gkd?C#9rS38?S$RG{AHNrjTWFH69CpT~}lrrJOw zAfn<#mM3)+cgqHeir%T!nq6ziX zcl5dhfh6=Hr8rBBx&&5THBxCw!(?E&EywreFH}^v*wgWS;10w^Fiq>SP3zZ)q`u@keFAN5B(ARbb-cXQN#Go<9W6#$*==PANtr z?fV{55weMh+tP5uDU z&!HI5wH@4sU{L{q9m_4*P|UU}YCSA-IBI>0C591JIzu^Xy~bkU+#ns%FJC7K(6)IF z=W!z;Esl?OA>uw1*P@ZIBn!#yKC^H$d<;nW~e+Zi|*TL9@JuI;+$n}jXbgj*{f+g{GY~R7&V))6k#n8`a_oRF3 z0Nw$&iR@Z^!5~wOan+`bO2}Yfk9z36*L`;aXa)NWvCBXOXhpF2u*(NAq$>aygHPgG z1lW~J2ftSVuKKht__bQ^jet$+u6_cnS)Ksez?>ltp(nq~faidk!=AW&&cUSsYk;Dp zbR&VC!dagIut>&O0G>Vq9zP7Lo&cN$!K7Oe08c)>EMQ;@mSB?;c;y1Tk_j>u*bNWx z8B&Epb%$dnxmL0g*!39#rRK5KP_fq3fH;T`FcL)AKD(C6F}hexTn5){fqn~J(da-| z#|waGaV5k9^d-_JKJcCe&gUZ1*FKUH{Lhh3)PT;JqD^>2feoL|g^11*T`LqoM~f=} zI5Q9C0|9^mAOk#8Aps8qfEHv}z@Ie_1L)bJ%`!gVmQOE-6MPf{85cNHrv$8ljw&D` z85IJDu@IUG*}yXt68P{H=tc~510(lw1ni`O8}Qh|pJT$XB3pPm6>kHE<^lkq_XGgF zCjjU@0d~j1c45LU*gT!22%hn`yl*kT3;q;$#Q#3igTTlNnYG*Kk7k$1N#^%JAMBkw zrqHQ~I#^$uV-q(s6eR1FJIie~H3Sqx`hmS0o`4e`;b>sZ@v2m6W;sVtVAq|Z)cWC_ zMFhNG3f(&~>J$zgMw3sGuZ)X1INzWHHi9lLTTW1!$pvGz*g0{7({qhf4IEfVbHSOy z(j<}&$6)qgF?%(c))t$-g_}!!3~5ZsL+6+^_HPSH4X}s*0KZwh^cct) zAZSg?^aL1OIRHrQWOCLUT1M+H%J{p*^wca?e$D{&TLfV#<+X z-n$)db=gXmX8b|W!dg-PrIROVmNdTtz+W+VT$NeYUUYtSCGeursLk}RqWN{o{KMs| zQFmX`;?rxa)||rM1%C2aWR&a|d2dEz$m!5t;P)9YK77}wmz%3cE_ZJ`bWbBaq#r|% zm|SO>rsbY;wmws>%cr1iodaR(CvAR0j{JNVmC8llvDXp-pRCM&)W@#6?Mguq&D=|f z@H9hQ`;Pn|hCE#*s6pw)fl zTaH*jb2!thW>U3-w5zZ?dqIl%#mrxd`PAQvxm#tz)gQ%tuI>M+V&1msT(sE1_t5FD zRWE_Shcvt{EuQ*N0tu4LA7TKFj5Wd4C9+WD-k)X{m=&McWRF&+lFBlzsU1K5yJU{} zXOufgGI#vnNahs(XUQBAzZZga0}*9vP4}FfuQ4Rl-J`00nXh{_<26nNK_9#EJw9lo zZlj0@`rgw)FMbh8 zXm^kw_u<_y4^Vz@q2|DEG+1?Qn3{G-n>Y4eCP#3#ECAzGp{kRalBaUApaQEAb-rBH zJR~A3wv$QgbT51HW>`GjG9=JmTwD^gaQv<_$u{oZCf~rtN@hXt&$@%yZ*0n^{vv5p7 zJTUR?dgp5Mc{figQzbINiFJf3h{oG=tBqM-k)|p8I0D|tKMA)j?7)6IP_LU!dSltk zY^Dggk~f(@i~qvakOA|SZU0(N%SIl8qssBJ9lBP8+*5H}FD>paxp9aJoWpMV4=wC_9~jH2^HEy3AksOS~4=$e%htjP4u z2W0TZ$!q!R{H70b+uc&!dtWhDQpD{j;5_5MwzDVqjWPGH{xTsTxBdQL@*&)P<ppY-R(^O3d*5yi;7Uh%zM&4&e9RGK~6Sy zDww#`+*(Ei{?a;?Jv{!RSg3d#&W;!{Y3qsE@a_h8!pef}G_y>n0!h3zI}Om`Mc68#CYV zn8cPKzq?c(C*5dF(wrNQnXu6=m6Guu6rEL?1ko8OQC`p27nzV8x%48Vsp{z2%VMz>s)S>whJWrb1cs{Q-}ko)V_BUyTU?xKwQRZ|2<3Zf(y)?Hg3J*~ z|89pU<|BOonnh$W)s4-FN5lBI;Moi3`b2qXngE$10nMQ+=efE2eScS~*fFOfePWwX z0VRjXsytZAJbI;NQgq7&I0zh!i>4)n?O|E)#Hwx>^Zg9ii%~>QjN&KF`=#$od)WzM zow4VbmGaB4R@U_70T0%yz7Ho#Mj>4cg+UJ|k$w8umGG$F)>a=*rkxACkiZ}f>|Fuu z1!UtGLflHcFMNeHI+^i^1!QZtI_uKmXYSle0sB}VgE<+x5`$>|%S~a+^eK(waXegJ z?7@fIO(>7wY)cyf(aOVA$={}+Jtc=_TnrCRxxP+CNNDNWc=m4@dgZ zl9|nfV(#6L41B6&IE}E`w2o$OiwY}i0j8^h4oRk9e0;oEP>47d_K>_52nNt+fX@Z^ zi8vA@#UL(D^?g^^rp_RZY(h;BT9#TGBuz(Fu*Q@${Bd2NCm!p;g-VesQh%V)rD``> z^cN|t!4k?-l2FlFg#{gBh$(r8p2)CZDVC=M+v_{Vj~P3Jl&zJT4KO7J`<8RG+%S1z%Df{upc)!i268*B(hy8ljZb($YV#9v@!@ zacT*q|NmH5ac1A82kHNWkw4}G`zX>|E*nAOKYPed5T{+pP833)V==uTLG!ikQH_p> z7V?Xfj1WJ@E&NB?IL*r`>h~Ki`c3=LE?w6|jL7d}Gww-&t|fpeuqjIipL^r5AJrPD zyHW9?gF^O>CPm=gpz|@hEe$f7oBs({yKWcs8qSmCuEG}Z;3^WGl;E?#$qRZ-Pk|t* z;d_ywG#td&5Ee+m&B9%L6man#QN8|#BqRjrYP<}1-_1G!63z;LRM<`(5>x{4ZZ@_w z99VCVX^V7EBc`{toP+HByM451MCjP)dxU=EHMO-?F2`LO+gPOuQeoPq=wj zd-STFJA2~44_EuvwBWt2jhkDwXMjfb#lX;D>kLV-x**{D&?Y2L$30I+V(h`(EE5wm z(-oGu_<~ZOn#m)K-nxh0`pD(sS9shMQ24piLf=pz*K~pvO zI&}h3^T(~l8SjsqcB<|st1lzv`=8rQNzfFUqwo|sa?Z)o1=g$u*UWv|K-Cr(h~ppc z1lBB-H+kV}@D1+U3|uS66nxslJz!cs*%CT%Y}x_WeA<&G0j~D&uKX~oAed{xcL2fM zxm>!GBgZR`?~I+#TA?l2X%%w2zBdJdJZzi92dk(q;dM#$M#LEzAD>31S zASad22v{Nr%xLrxX!v1NKwwrvpx|Bvp!p4EBU`Kl23){vm!4}GZ%2WB5SWdrLdEIDis7~X%MV179cR&2Z0$GRt=ZI%^g(8LRSptIKHK=85X6&XslbRp*YSX^8w6b!4Z4m9h6i+= znPZm3rdISUsjKHg#kB%cda*B>DYzheJ;z3A90YW;Nbpjc0 zkWIUnqqwiT3+-H7e+u8^+q>qePxKv^Lc*JpdY^E%>_R`j583#9h&_V1hY#h*gO4ym z!4+wNCW1>}(+PL5`Rs?mTw2<#W2}#JXkYU2M zd+(i4)6C(UA5z$rxxj<%19J3VR;5x?|9Hn1TpBefXi5xp8bE$Ys7dG#PlYH2<_xHr zNZY4ow;)#k5QwegX8Jf2lQv(IOz)`x$ubE`-0yZ%U-b z;xCwkw!%nu%v(Oe769Z|d#^gF$jc|ldmInGRHbQ|p0GwG%6rV`eSP$Drz;f}(^T}( zh@R8^r0OcWwzK2=t9GQsHiJ6*XZxtW?hw`6mp$gx-v%f@FEZw)XEHX+9OO0!LPk`` z7peD&_~inxbNl1s3u2;XyLR|lISx8t7 zR2E9oVQ4L2d&}L~bcnt9hx19VGT}ReGDHZY`^o0C=osb@$dX4IQkP_I9PjDxZ8o%r zwI$Iq9Bm}!#ahHJXguNt+Kmefuf6GPU4dPY-E^VXe^)p!TI0O+h+7U=(sCvfde$&T zz29>IDdgZNqjKg|FS=nKZydB)J;dqM1Mh#T3pph7 z@(A3#Y@x2L?dhE>ho_`8AK;arVT_F*c}Av;Z~u4iQwMf5;!&%nT{Of>(u(=*t)_@E zhG9;%#HCN_VFTk^GWUhwRf@Nu*l5UlFs@S|PvK=SXabx>3vsQn`jK}L#jh}`dRPn# z)J7WDg;xaz1!m&^KyoO5NY00%Tzm?4AV2tTk_+Pf2g%9A*31%n4+-jPE5aOS zVuut~e*Gz8!n(aX;d8yWvq~pxM#DNtf%%2EFYo>C3y<8#-*`u@>fHItcZWYDAQ{T= z7v4SBytnTuoPWn>v4oOIR#Ax5+`X3mOmyd6RR|Y4@O=xcvyg(lc$e2D1YgDBlu37G zue!#acgqe)!>J>}hORA2zI~nVxx+YkaInAGFqY^mUv;_V_;w0=7c~(*nd1@Ac6I>j zqj6vFV8hwuWB77A$u+w=vBJhnW4=Y9FU-~5{UKV&$prZ|4)JTX_WsefLK13nteJe9 zw1o0S!8b9fQnN~q6n%{Ia+pw`ld6c5h>)&B>|1=;`1x$`!_oJ5v4z-lgXc^Oy4_>aUOY>S9XJDkdv!Mn(e7{ zcCTA?w4p=j8my=;zGn`3n|9X>U6sYxham3%F|Va>jdElC>2ofFCg#9wlPN)HLb8L) z>3x(!_5CyKT~>B*x$%Yj(J_wQ87<9Cjr!8PX!WOaqTF@&u3OQ>j6&O1Jbkj>d!aU!f4?Cc1+=X*+HHFh~z+tt#xk#J7j z(U-QX&xD`rHsLF?kNR|eb!+>dT)jN7@^xQQr!V$lx2$eZl*?qFB$gKFC$hNoqA}}L z2u2r~N1P~uw&m*TONXL7xoVzlYJ(C`@X2xR^U0Y-l7K7>pM-=|)j>mjM^ZwENmAkm z4qLX_n--m86vDa&@V-7&ii{{y3L+TA3Zo1=Kn6NR2J{6DMgbvHL02AwLur<7K-=bEp4hQy{pf>5LqoLRJM%)FuhEv6{S^RN; z&4J(`X?f*6E|9~=9wpem7_b58EQSBQ0&F-J05;emHqdX)(6T=pfqBwWMMG~eQ4z0A2KPVBQeVKOLUGKtCW|rk4RgE9eJV@wWR1*>#H4773Px_hiZx76fQNbUVck zhTeD`y}vh$wEvp8u*7FPY4|3}(8MpvS4>$uIxgn*N zm1ypLJ#-Q~9dWuf7OJ~`J#={Tfu!kLB+;4o+_<=5mGi?V84h2Ya~U1GJ8a48MFJt^ zqw!ixB8sT&sC(~@j}_`R$lW05xi}9rvgLALeZjUibxC*Sa_=1LC%E@>#*}x=UR$xq z?f{8UimQMS%>s=8!%VdS)-(D_+A}N?r|lPe({O@3V{~%|MQcFMAMZmZ#DbL>16(xz z1*Av`ttWxB-+oQCZx#yZ;4rA3E^VAAka>6fmA!Ru~(`+;*6*4 z8Os{#Prkw~TXI~kd_K@|u*MPnW=}7#fU<2b>X6(rS*c|84~jncbQWOTujwo+jA-XT z9HXymz$hQWM@I%>C=ih8Jw#uZ!ITbStw16JYBW7Y;r5_afNNk-<^7ZiRYxm9G-x3I zJoZu63$;hA1Zj6YylQ0+1_+;LVh%JPegw6XCGh1>b84k-C;N= zlSnM)#_rds|1jsfV6)MN?SxH)`)N%9)hm%twcRQ&2$zLJI-ia|*~W%_-`-16BX@Eg z0n#SK&j8~i4-^41mY|2KMq(BwpVL;{!=?_44KQ3ZlKH#6$r(v52Mm4x#Q{PCb59GC z%(&&NtRIV10aFIjMWC@;*+ki+x7bLrpXIkCX5xq*+IwcW1;_oa&GcKURK&}c+fFm{ z?UQ&N{0vzwy2lM{G5^4x01{NU1y`0ypF~riB<+z*m_&@C3v;aAAKF-&4SoNYcpu{U zd&loiBuj;j{@-*4reLLTz2iA_nuaDmbI!IpKu6#`O%9e^K$ft}=ry!@nmtXeb=a2e z@TthaGaz}MNO^&dVIl!O7RunZR?v*wt0FzLM$Eh>wBtgV?p3Kb0K8Pt; zb@O^AAwPP@flPvw)36>$RSg4wIc5HOhpC3BHjMnyA;z0Rg1<&$2c3%7%RK{k3zl<& zhE1-=(94pW2Q~+mLUvQQ&XUXJZJA*PQUQrftA^O)RwHrNYt2DPBL93C(C*6)`1puV zQ~$vKB{N;~io4Sm^y>EtI}%KB_=^LQ5CH*_Ly-Tj3O~acAJ5uz)A@N1En!SGkuO{qa}khQ?jVUH<; z+^I=DBi*G)K@bj$2=d32ffNq{UO$7;3@J`ChL@BX*ruYUv6wQEk8tAzXI;oW+&->A zw_^$JP=}AC0Cw0xkN;Mjl>c@h0a4%Y**bR?0Q|#*xiRS~| z4OiaqP}#5cG-^xoa9+1AuJL?je7R1hrw-gh+=R1P(0agOO@2>vcs8#-w4W|%#huR> z3-3%Dix-_Z5T9u6SeK1Is?W>NG>$xc6Vw|W}AbF#DWY}i= z$+h6~fgD|wB@^?C0ta$h#|i=5Q%%hR*`w#j$S(pt2*d!fFWJhN)9q#m^u%Ko&ja+9 z)kB!`qoheduLkx3D7u~O`W=}(_n48Ijt9vpz)kbwArykI1NyuwMOfxT`j*af_c zFbc%l%k6$G;-7=O330)F0;cQueF>;=_YNvFHzecklRa#y=Q^Qf{br%`( zZLnd~5P+ORF3So)FWbZxP%hi-Mv>9EfFjqi;obm`wnL7(XEGu6bchK0xR!x1R44pg zLwwPb$_GJcmKc5IT*s#n9r!&#Y4_VE;B}_?0b+$_SE9t%gv zVaiZuaW2e2yOIw7rnntyg!ZW`?hUKXGGp8r^tD2H({cQLCIt-%oY$4WNx+KBtm7x@ z$uID0icK8VnRF*GV&L3p3M@8cVtfYZPHp;4wI8xR7V9#6>0*z59hHKcfV}LIR)3Bk zB%!0R+8IGi?DH2%iPeVP7wOFmlYUp?N=y4w5`Jhdc~hZu&~`A?oRr;7`(Ur@#coQT zhew|GqLkpV-P{~4h5fI*yvw%pcu*TbVn$bjcvjnHQG8le>h8fU$JeAJJN1uwq1gg6 zkDuPPHMFum{d}{T-%fM9g(XNNF^A_c^S93U2=+EdLY?e4xj49Z2z1r^-Ml_<(>HEw zow6!#I0B)xpKYCOU6up`)PJzKgBbh&x9OlkqJPtqC_he`-7YqBzElOxQf;-hS^aA? z=#PDxm1({xi+& z*aeOiNpTBO8-QQeG!Q#pApCrTERjUUOpeITuLC}h&c_VTpdma_iSC96k89o-h9p4} z=_bcbD~Vz%H)lK>Ew15DuKHBt9uVc;N$luhZy(?msK*FAO3yt0s(Lp|riGdYbL8BW za)N5o1>>%1AfNl@Y}gkfx4e?C*!OsHVmi1;7<}Ak?APAZ=SyV&UBg^@hb7K9(@zQI zY)m`$zD?tU@kJE=Xyb>URRlfuuW_rkkty^*bqeQGg|`^2()H*yCyM-}oQPy6BRZjK zhI*pzeC6yh+(f1?|BB^5f`;LY-_h8r$=BgiqRL5(4JhYP&EbFE*WU2|uj!~Z1m$#QtK=J{G-Y;?xbFDp{0fVnZ|!IW*iIQEwU zKCUN8rh-oESR;-EQehF2>z$IxxKz%{H)aiWYK89Jx3u4VQkhiGRR!LYtS`kBsfMK= zC(5T=3DYA=C9g=7v{1AzoBxJuX<|RK+%To$4Jqitad?5Q7hz1HqnX^Cfx1Q=nVT&h0OwB zOSi-z2f;fS*|`9s%M_Hgmn#%1R7&SHn#UnV%X5qj;e3>(2Fz~d-*I6bJZ>8esLf$= z%1a;5R4*(W`^m1#fjQbb9(&J^w*=uL7r+Rf)^H(Dr&;PWv&pZBXpa6Z*8nQ z0moHXGUb74lKCbWKln^1;Tz`>A00H_(lia$By^LtI`{)XkHktI z-?-PyAG0tn7ls5{#bAv|*1YE5>>i=+Ctm~MO&_}wpQNy1>9n|P)sUkTTJJ5$c-=G6 z6YbWE#=wdqej^j_0>+1kWdKc6JVmssM_zW7)2t%j`&m5W>sIl|rUSs{yVdA#o1D{4 zSl)Eyb-p9lJHmamuIq(yv0kc6pqJ;eT0OW2TVCR3Kc;m>-Lig^`|(#3HB)XYGgCbS zN9__`THV$k1OrkkUk`KIsv#iW_DV&u1gq&)3$l^$!pEz`GZN$_t~Fy2P0ZlFpAK3t zCR`_G65U6jYW66%?Adz>?2K6BP9yKPVYmsh%o7H?%#%P5);=UCr1uEaKIFB`12!}c zsKR~?fn3mG@oo+&YSkEmtqpNn5hyfWu@a3ObuAS$qW=xGx!9mOs63BoPDOmPw$8&4i#p;IcHXrg>0zcD+9gr*;f7l$ z$i`mv3oG?wJRh>3CYA5zt{>G#hSj*jslmG+sx8Xu@T4)3 zMJkp13#ag`0{aSnb&`6ZBd1K>7EH$Wd0V|egi z&E$_vmZvm{UyV@-Y;&T{ufNGz*e~-SXsP%d$F*lcp4FtCUoXp9IIi-rDNzV+3*)Wq z+2t+Xv~XoSso3nUOUqDqw`~hVm^e+^Ub#NrjguVt^Wr-)asbREa57Ue^kTl;nH+COyp3^&uVS0)iH4-m5~I)8FvrxxsQ`f~&) zr!=zvTIZyey)3<9XhH@CJ3d9nbE{Im=hrq-pN^S~o|Q~#n*;}bTQFfZCqAbE%SQEs!GdGeaj^l)9Y=T~%m-3xGlMOY zo0e_^Cf0vtY^JEbc)*^tUe)TV6`j4?1q9Z3@zc>APr9$~D$!#xE%Ua_CF`|vI(}d2 z`qw2%=c-;^`RpsZvSMDhP5oQe#Oy2U)qx~n0)9(Nv~UmGOTjdZK%(lX!j9JT*(qb8 zY9|5f{>HAk;Y}tQH~vU;{z4H z-z7EGNTrq7iY=+$`2Hgl+U4DS`N^k|1kZHDD&wew7 z{g_0uhDz&r-5bgnjD_+_VdC@Ji;_@YcZLE+amwffwJde~LX~8Nv$R3s8S+^EfaH~6 zMf8n}`?nh^$loFl#qdRRrJxL1pgnT(Ks_m+a6q6ygC>Bvv`JTBeM=O5k}d}zMj!(c zG#7VScqC#?d;~@&NPX}z%?I2HA0vk$y&=}9UZrP9SnCmSiPXmugmkl)c(%MDb4qne z6V04?{bo4*PT06u{INn3Q@8Fe5(GQTAIE{Tj%jn;#tOiY^#SV^ct zuak+eiyi2(OKNZ?yZui8S`Or=c*?|(kpQEP*F2facA>7FkfBoHpEM_dC^TWloH*?u zQ7JYf-m057mKdOykb40x!E-tpLw4l;7(zn-YnM_VT#C1N!QeKbf>TsBjLq8`+C&!m zewl}~+;2y57ee?&LN2;?ggT4EF^~*xVTf;k%5Apo^9zE>wr^aI4eHk!1EZc3 zGa2wMfpYv;f~ru3>BLWh=RvteVf6jmU!BukVlMP-+R2~XS=F%pAuX1ayNR#V_ycmHpwmxZnK=ueWpBSk-4T44hRP`#0{txTi2 zx)jU_HmLpAmNXRU`z#&$in(-2}8ZO0kk~(?97Y622mTdc z8EmrOHJOAiK2`5zaG{!M%5@3XV^1LBoL)q}kd+d#wvZ^n8a1XcB*Z3ppTX`b8T8Y5 z(wbCQ{DM`_V!|#T4pA4IDJnD{e?XR)kw?Cvj7R>vDmIgtH?k`ul>9>g_d$ks6u#?Z zw^Um2s}dG`u-^09zHZPmkHray*5n>bgUA+mynIS@waL+wz<#gng|kRx$1BhHu@Cz< z04&EbXVfY)%dn?%RuFGqc5JkPT@qzI9l0Nt_-nmEQG}}mN{&*E!NWj|Y}&kO&*=0e zkR~Rs=oVvk6H-g%$`u?_EA&W?v`bUH`3&x-tZ9qdxrTeEtk)7Br(F~bSFAdG zn1aCNiFpjBq`tt9O+UH*(R2-@(Vu3GV*>DnoF!Em5ap^efi{qp3B($SDjGkTn)4>= z9?+>;okwPwqN2Fq03@;fSm;+L#ixJyH(Uo>=WV%{^7rTF4fHZ7E)2}URcgi<-Kba# zRdhsU-&?kn6{+WN38=FlDn!Iz{_dVR6XmM^izBX8P>3`%j(cG~nDcUZE{DZB*s9{b zW99AWR%7@|rZVeYpdvIc&|RQ95$sK}je*zYM9T;38_CbPi8)n0`TMr~MAUHKK$ILwmsGYGn@*Rf%Q#(T^kjrM-j*nCB&<+_ZwPe(ZlQ%7*bTjY# zjKI27Th7*LP0{o!U%G_nEDgOu zfE8O96ukEQ7qI6$)aHr;p<4)zhEnrh(uyz64Z&td8WLIoa&L5;qABXf)8vz;ee_yG zzX0~>D|*2dD;G^|p_xomj+gGt=Bc%#N(WY_+4P@_s{uRI>1wS<*W@}y*!#gLwrpHI z_>pTkc~hPK7NZqk+iX`-WB`Z#p06OmKKeg>4n=4FDc-pMTfFgX&y+q;ISj!KSSdxk zr`dg9X_NB{Q>DM@@nFUBPxt&Ch{rRj7T47H7r*W=E3W^J5qIMK!H5Y@{(%uQ{u3hx z;{=q?HrMBT|G|jK12X@JH&_$@h&O(vR}hNqVMUYvmv|%KU*ZkJ*g%mJM85s1>dKP# z+sxiSM6ER4 zz7nzm(#hgm&StooT06fkkvT8#qo%J%Mvza@@RdoPo{fY2Kf`oZ129a&M{o%TGm5|Q zRn#DpqN9!4u>WbXeZBV!?s)GzM^kk7k+fT+Y?oA?{6*<@Br7SoE$S;2k=DDzRr8mI z{pI2yzCIe(cL>FC-Ql|xE$Zl$w4+%l zyI>5m4LCNi7$x_!-(OWYA?MAO%D5mJ#3~sZ@}q{me_(tqQ}OeN5PRY$?Y4z9P^!Jb z3mM&!>0=1%y11qjaBRg??`KC`^4@wOf8epl;*>Ir=3a7p2>s8zK&F)7KFke<+m<3O3!t21NSUYvK-fSHE$6gEz&=T|)UD}!wk$fEXm96RXAbh?osFbBVMVO2t&Z3H-ZONFW{?WI z_l~>DnKB(3isW>FAY}lER~2)iV}Lvr49HXZ(wR@SGUQ%bisU*=C;exDr;7nkn=NF1 z&s;5YBqH_d@w(w8M!Au|GN`Q?C&FMz`$v$%R};^}ZUz57z#<{2 z*W;~#cJp)Xs436*_OuqSR-;eh8d6QlywHa=krRF`P3ChIqqkDrtw-B+Z;LG(Vk)a{ zWj3fHi+1j;{5ab9)RefZRN{#~zj4Ns|2<$`BGCef=`e7rF+TOLe0ty69>6EIMTZDt1%)ezxjGigj>NxL+qsz5#fvXb&j zc6A&$0Ha3M2?Q7V*5U;*pKddY?gP0r<*)IxiHrN`2Jm?;$PaCe2Wp=COvg+}(ObDA zP-$%9^0VeRj8KmcZDp@Edy%Xe>*02B*o&1O6%s*<57HdIu6@Y&v6UEp+4kMCgmvT! zA7}G+5oo*r-XZTn%f#i|wKo+m&;?n0qHg&ep>;i{>Cja5ps8um%2{TX#?YQu^;S1F zK{hu*1}`5M>x2whA*ZAwaUnGPe?pgd^M8e|*Zv8--F?K_3u(^I5k5u8)<4sv2{Jim zL(Ffw2j6X(->U1Qj3^>yVQIX+y|^NHXZfV9F(=Jw?6Z&A=NvjG95tXnP0&@2o^kn{po=!7N)EFZOjAQz5q4EVam5DC>%MoN5@zZb8!|s8SZGjQ>DE z_o_xUPTGH^u??LndZi&;(Q2C7biHiuV+d9pKm-q!k5_Q^$Q{ehJCR)tVat|~P)<`d z_EkuRA`()&D#KMT{kA0`p)d$dnM?MYv~cD?Up$lrHxA$rx7YIE=&%kVIm$>p&ACCW z%4jy$$*1v_lu##)mXy$<%^m}BHPcB>Xk+Of%c!H70{nw^OHxATee}-!S@&>1@ur6+ zCi&1`yp(!BP~7bPSwAjs?=;SX5!Nw{p_)cp{v)N}cyi}%#(+|Np@YdRaQ3N;!#I$e z*4w8KO&oG0RY*b6?l(qTgl%up~>NF9G^FcsD; zW*vz>L}GmEWIDx2YCMX{a3*u{!r`>|NZHY>c$jq{?O0_z%BjP7fswNPML~a}{bj*? zVXKS6=nXD6rCFdBH)SOoxvauXt7}|dI)rCcR)Lb*mol<)acU(=4QBG{xDK+ys9gt{AB^t0b+SOUFjxkM`wwRs80xr<>(dX+#H;A+%88pvP# z8wG{hY!+c`bwC|NqOix&TpdIP#-a3TDTqMB!PRIE=hK6h^=g+(28aNW!=>~P<%r_l zcF`@_e2@N+r)sAxpP}h|dZOd@PLl8a95#82mzSMq|DkxdJ^f+-g&Z&WF{s42K z<5S#)Krjp+E|r;p{=ph4P+ZzJV{y0>q;|SX+5)9H5G6*Nz<|cR%I=? z5Fs5JE6#BkYFA2ubML&d4wgl?=4z)n%hl2ZO?zH%5FH<<&80P$z}geCTd==CZ#EmD zG&q_^;zOOnq5!SRU<~-Ej#}>&6JM3Ix9BA~h%5w(2O^vBhDZTpFw@jS!L0?Ai7TZ1 zM#*sskpsq0S=zET4CJHGRIy*RN@j|Dy!0(i$y%<7IFi4WfT!gU14Vg)nBk|7saLgb zn?>nGn(jd332)c4atY2whHjvj)#me~eU2*eVS&BpMRY-5imiMRJ)H<%Ue`|{s%}M$9_=%iFi8|vSEFvx zL_5aiViPLuf*%38oy5!E3>omS+mOt@X(o-xZ-{kYjzJW9Woo{|JNu=epM&X<19AEK zxfwcxwD1GNfpeHMpsw$ISk<7R#`;zgTH#rO>rpR%>{M7#5A#^5)Hu}Idw2Lelf4vB zoI?)qQc6VY{T5#VH&i6ePS^ysln%3ySAeNurB(2+q$~p0{IZ}Asr z>Tf`g=yW^BMtu!f`oKA~Ab(+ZT0dm!gG!o{Yfk-}LpGdq&w7_%7u7Y;_sXR{{x5&Z}SI4rd8QyV;(xh_KzdfEdbLniU8FNr!0t@oL#In6KANl8=}OxFxp|1 zs1yYV6UQqg&z0n^r+j{Emd5;RL{w+=w^FPH3IISZLj?fH0pZL93B*cpruu9$|HU6C z9h|}ia4~K0*U5DM=p#`sfJhE7_pLzx62vrnW8*21ArX;MSUnKobP@A)Oi|Pj4U6%N zVzog@THBUIOlK-=Q-O&1Uv;Yb#}rK8{@;d0kYr~M&zq(yWNqJsm!)qqtWBu}~{71h(AQFfv?6U1Fy#@kY<(k+x=C%`%xovS%s@ z5fL8=TGAld^JAp))e~JNr*}d0@8WaMux7C0tj<}dJk|DFo@iM@iBHzX8&%BPJedp5 zwOgH~MO%-W?l0P($Nd~s=fWne6cTWq#aui4El}tIhqO>46&`K?YQ%DW&Wq5 zW;JdHN>9$y5*&HTW`%*|x5NSJi_21^OLVEJLo@2te_C8?4#om&n18ppok~gAQAchG z9%&kI0Bd!wkA^SWxqU>Igmh_Q@{A(irOU$ns3hXw&@;*31FXcE5+zIjWqnkmEFG-9 z+06WB@N`^b{1ZIC@rg%;e8l1dwxz$2GJz|wL4SS+V&Z(u?yn?S6DHgsk1Q`QH}r6J z^OKE!O}Wc{eA(E$EOj->M6|tX;QEt1vu=c=Fzfx>+tG=}1?yMhA^sci3|LopCG`#8 zFo+BNp;(pfFlp=|3uGwju${j53oMU{2#54Z{I5Zj-JE6lK;|FTe;wlAE!JK z88@knS|*nc%qDj@*`5#`!WhXgrXvZfkJZV|7l{^uG%hU2-(sj5ic8ERT7joDQfn&^)2y=z=1;H5?c$8ix% zpEU-)V@Ca#{_(Bu>&rSt$v*r80xpql%M}5@SKT`Khk$n5{+oc7sQ8<}+g}Hze-Y3)ZU6$hWkDV)3Q+O3+nD6db-n4HcEAoAzJO!V61#DkjHAt# z_Wh&dHT+*XUR6NHn`^N6^FPLFnGpQQyTBPgiqHNm@?ds#ov=Y>d`Xt{#@(gBJ$WYR znc$!W^k70`C4~=_W4`I7~-2C<O022_Nb+3#YjE@=@Y!C+p6Lm&E^~@!iyFjGu^Y0QXKsLA{4@; zt7j6Y-=YvDMUM&Yw>qC(zReH-!Elr`xopu5ADq9n376w1@xO(#-W`|q*Y-C4}E4(V3NRs z+SudW3&=bD$(3?=^wI`fGadp3rVw=X6^IlcY=nH8fdJ&SP3JG75D?Ls+7wkz{ zVng^T(S5a|OAY9+FN8WEWpFkF@kPYRo1X zk?1Pi!J-L552MFgyXIB24l{!uq(>PIs09Y#ZzJ93LbToSuuI%7-?kP4+lKAI@Tryp z{+-BD2%(#er>n z+0F2AsL+iWkjxrT2H?Bdi3zh3$o5-_wUO#|DFP}GFStjW%~L}Nrn073VO4AjNvmYD zBD}kB%=}OF4nq-Y^rCxcCSHs_T!yj8&BGku)Eds_*F^kF$PiH(CP7S zqmhXhZ-|Fm2#8Ganpm|1ds)U z8uKA|1(x2#_u;11G=00JHAE@c!H5b*L+?X8ORV%JW21K+y4EvaN>C}Rv^v(Jh#<~x zA4(|fs8lMH7nIv1P>O1+igh{pyV26sopaZ`3}P&qa)WtmnHe zJCZi+ef->#S{oe?CSEM&`O!unK11`RA4KOv^|I$!8f`-@Z?O2wkERoYXF%hyt7?1< z-WcXM-&DYDtEhk`(dL0BC5M4C*nu)6J9P=N2`G41{)=)8zWa-EyVHQBe`3P{kxf#P zYmyegof`D36PJ0!X1fnm=q`EY14U)+(TSl~prIj($2m&^E9C{~0ommL=mC{Jz|C|0 z8b~Gmugcyk$WGS)gWWiS+x!{p$SG@DppNYb|wyo&FLBE{i%w#04rAD z_wRivVBZLj$2i?|UYntGgvGZ-nv5i!>rL39=Udo)J{;MxU5j$f_0X4%Q6=Rd_Ee=U zt}EC{WWAVS!tY8wbNROgd&Q?9OD!w-?jndcrm>Prr7ut8X=Rh$3ZxtFMzj@WE91Q) zqSzMf504I-2Wlf2M6!-9mkd1TqVA>Vnp*&0_FQfAU#!fRw9fxH{DP_PEIoMm($`LA zGat{A31-BI$kzp|91nwhNr+@Isc6$?NQ=p%4pK7r;-fCU9iACl%-74xp6_iQ-=EaP zPuZtlv@wRHvRT`thcG}&7rVPWgPA-8gcJ>7C2GmBS(CdnLa!S7ilyvey}+cYjGfZ< zRO6ht7CNOAnc+XWoyyL!9DO!aM434~R%BtlyR0{Ix|c<)h;-Xq*9|yN$eSDS4_35lWJD42QW(~rf`D(%R!gTy+-De1vkbXC$Bc_`s!)n>XNwZ4 zG=!%U3kl72o@gwUrj}rWO(D0Zk(#KAz6VOFx51X`uQYsek-e0NuW2&r;!ZO^mEgSA zXDHU*kc=v73kc8iuO?bj>*rY56G&_FgIM@+sfZDD{0s+EkV^&ZYl%*|6>AQ*eFfo6 zGsJtfBNqfsGe?L^Q$4x}9kBg$X~WI*95$%ZEfPl>BetQ_wa#L!yC)hQZ+Z^fCfJrZ zbw-r6Jss1}Jl=@c5HSdZ=p2!Fh0QkEw<0i3wp@sy6nHe31Rwe@)l~1_DlWoIv%CES zYEzKl!rHD@a8P$Hs+exbZ4~EK5psUeDQe3p9U?;JK=C8{y zx9X#GRvE^g*c%td@Q|UO65m;8AH>tK^%I3nXSmph1IvxKA~7O*2e_b*RNIyB*SX2j z2cV?U5*K6|+QQ4Eiz>NKsKfT+aPcwQo-cz1dR?I3%K{5T`b#z$%bKv!S{OYSJ9In- zF$1t|!bw#ck_^2TyY5==7qFkI5E>)GqQGDVz8OW3c9Kl!Qolfq`m|Gls=ejh@b}YT z3@PHpSggV0jShk)^C@5O*A3&VliOY?tMgVesh3Xu(3zWnPT)zGd+;D)vVj(Ry&@VE zJPA!i;5~LnhZ5Mzf5lhZx}B^p2H7+_0Hg4r3TYPF$*;y`L3T(zH76PcbC?$PAp>DS zu191+&I#q`$_cdvd&~yclU~FO<9u7DgF!5e`pFibZY`(D*ef1f1brkxlu$JD;?yKIXbBQzh1oB*eQq2Vc*%1fD09FXryP`CeQxxfd^kh4W+Ls% zg#5#S5B$L>S2H+z6-A0pgzD`+uinOK2BKE>>!@*DO+ECqd7Scx20!?xa@r0tt-bJJdrn=YR?RGms z0bC8arS@t~3w7*0?1pXoyK)g$#3vV{n>;eNTeux0g#cLWjJIb7+q`FHVc#d;1xT#C z(%Xq*W7=^A>Kyv|H@z^Jomhp=hnVXZ)iXW2*z)O^pB*)@fMqTHx7sw6IP_NCL6V@Q z8wPi8*`Q9Om|AfbjWoDRFAWq}tA5Fh6 zoD0zOp9gp0V@jK%i8?H2k6zh5JZl>#_x=xd?O`BpFrKcC2gK1*Rc{ z0ky{m%nxWy61dhI+NEvPmKyj5cDkVwWBOm07d28?;KY%4V+D%5%y-F+#s&JtpWqY> zE7Ch+i?w-<)ks;{t7coew#^e;l@-cfrn#Bpy)baDDp}|oK3mz*5cg;4>ONZ3c9{*m z6rE_UpPa-yX_ngMNnfOecLH`+eA*ToF?D5SPlRHXF5ljdMIRH#e!0wHdqMTB!BsAC zoEU^!8zO)B@x3BGYmPKOpAPFmrfpJuiQ_^oQ=WIsnCz+_JHTx3p(zx~VcM|`a_jc> ze?12%(ERHh(B$tw5@WanCS7iPzdF;4)?i(8v{?3wMf$d7Nzps4h~u-^_`XeSgQwh7 z^b^meax!b>L}OzUpNW0*wX?GmutWAd^|8vL)`9CrWUTwW?Ao^mY7QAv#FXGgVB$C8 zH6NM6i$M1V`coNekv$5+FCVCMX7Loum351${R^_keEXIkx&cD78Sm2%wuGVoJ`iY4 zM6~{OAix9v|9>D56g>be#?Y!ZldXvn(1a0O#V@MJB%!%0FRg&NfNrA4u3jzSh;*69 zKwfEOf+s=xa=(=W=9atoXFYS9k^)M@2R?$h;QR|e^NR{iP-BvW1T8g1>7V_~2&;%8 zF5>-Ij~+BoOdl^~8s)V0X4q+mxHL1L2Mtbu6G7H#>D(eo{UQ+@qV_ILA-T3k_5~&% zS-_kb=qn3lbu?Y&Ah@v%L8cvB-d^;w%}?Q7DDgWSD3QEYrq8>Xiwgx(V5g8s5sN1J zMi9S1p63LU@Un18dGIGcCJw>Dv7BcnhG{Q9cEBNE;?E%f9AP>fw4nd4hkq*;^=ti% zo$7m{n{MAshz@bSS%0JcV2hGl>^}|xdk+6N1c2lDb#Ye4uXxGle@~>P`#RdJkj2YH zLtM^)jxf(xdsV(8B^#1=EjfrFT|80H_Jf-Wg6Hx_f|VB(Q<7ZpA_Ny8P-H$o(-YSJUQW!_7=0H=P(XNG909^ z^kYi<35KsbRQMcz5eY^rfC^LQ%;NRkVv^TeMA!d^3r#*mavBknZRv=FH#!|_BSrIS zHpC#y$2Qw11hR!X=%T+`yN?=h?P)krzs7gy5T`67)yrTCnq&KOHCZ|$--Fx|LnvJo z`6!_}B6I&H_i$;+J@32y!Ovs-z0b?up)EJJFM1oM5R>@k5D8)CBHF2566lV~b9K`X z>dg2qVOqRJY|gP0BApub&#s@`3lg6pPtR7QeEue-ElxS=qY_&_CT6BKXjbJK&=7af zIx|!^yD1wp6565DQ*ULHth9LIb#`GL?mQZ*{HV4PD=}dgGDz(qoFO62pPe6md5LP)zV1Fyd-_ehJUp}P6xT^7F zMCUeQZJPQfhV5C5Zg=0u(*HB$F?w9cDAN%^{^}ShwQ??=>eeKqa*l^XSmo#r>3*DI z>ufIVInO-G?fP?k@kHRdO2=7hQyRJDSW!cidvNC`$K@zWYH;64fTSEEV99?Oy#4P6LSS(5w;M-BdkS!y1Ii&(ya*@hzXq5f8}r3XGNK)2L_ zd!RAd!!jGsSr@ziePFn(7P^SBt^z)r(hO7tcS7$T!kLZG-u>x?C+W$d>^qIN|CpO> zIKK355P=ls%ajxIBEw+Z976Z8qc~#{Rmgb$pLpn>G!b$fp zNb1$H`3_TV+OAqrePwbESZ4EO9-ekina4(a7b+@B)H$Y<{e430WqfyPXyMjGsI6uu zy~7x&1UB@HPWgiy^0I3>^--_N4SW|NFD_$r#MspnLXPH1H;bTV9G8VbPypE`NlXhT zin$lDw{}-7^^23$J~uY<-UP(MZ<>swq9!}#-eO@n@yZRikmdxKESlDtRB{N}q{B;(G4GG?Uiuuq?cidXuu&e3ZG2z{s zW5_~sG;g*k$n?QSy!-h=#2>Bt{TcQCr&IOyaw$%4wl~Yxy_Cb88iNI)jMaU4<4wWq zrOi+=jy<$%P;HU_^jMY?!Dh}oCOtl3V#+t6in};BWVxyC8s114n^TLDYYmSJD(8dV zhl@^!W+Hd)p%G0p;_^yI_fd(&{Z@~bga#?7QM3)n(L@P@mINj7_hrzwGIL`}H10+F zd}diVd<)IOlhux)Rf}my-y%s}upezOl+EIEjUp0hcsI=k!a8<#j7a@tcX8`mjbwuB zbl!u!$ePaA#?<<+#VKdgQ;bWAI@w^$I^Q8`c&PF8xOyHoFsGIE+qFsM^sn#!RXLDgzw;A#w1IQ2w& z!rB>g$_)kzl^Cv1MakKzMD=7tg1x^Ig}j>I-|&s5x9B6FW3-OKg$}{4DRxPTb8ijA z)m_haS+=mmtagfZbKC!{0=p@;bL54+MCSOazcQN|I5QGko#)O##@IrwcaJT}1Ph@S zdI^6iCZ%SNjtWISNbnVzol4DgAxBt2g#-%C1}2EmPywBfey>d{I0=dsV4yu&cADeQ zCiPD-jZ8eWQAU$o2>2_(Z>oT2l>frgIhN3nmm1}vELq0ADuF;Wup@yGr0l_h6FTJt z9TnAz_AX)uQUWu#k5C1oF2kzU`WDGXH6Y&0H%EtN|9dt`#k3$#Ye9rOoEU!*B#(jc z$nMJ>Rm$@(D`y~?TO9iPq+isNM3Ogu&aRThzF%*P2Ml6)8|f1a405-PUYPF6FsLGl zHwF#Wir8AqWf$|5_r9l_pTxHpWoZP{{e6e!(zt~_#N@a4tnAW_ewOZBVUyN1keS7+ z4oMvO&r2-n$m{zzOBs#fZ5o%u0u5p%31h{81AMMSXg2rE{JH#{Yr82gPbO^V zcCe#*Et9;kQk3GzwKX!Lae=uLe2=m0p7AWCnY(ZKaj>I<7sC9+0`4@wp_td56-JnU zXwa4~J><(Hkm%pUwdacYG4vSDw)JL}m;dMB+WPxQ{;I^i!SsIoxO=Z^VTGA%Xo!3f zpNYT#=zqD!qK$qiAB5~95*ETm&4fILe24o)`s9qAMSQtv>QSv^OpLe1gb-fN5V@mG zcfUwgTG{tfV!*fvxBZ@0Pq2!QK!R+A$jnLPJKj>6YPaUjlowI$w5M!8W}l7f&s4K)o#3H2Qrc`F@4rub0E5M9C?qVn&>vkD z?-T4!lknci(tFLjE{jZ?`w8oY9Ggi^>IhOS_X%%53>91@T*-XC_tmMifaJ$J4{lsQ z$-S@1U8S0e8Es-h*>8CT47{)7xD5nIS8*ZCm(OZQMsN4h4L>za=2%!JIMnh!$IQ+E z2UqR|#o|hFlS&ax{I-5|3E8$3-=*!L09#Hgy==0B`zl|FjWd8fMyO2Az?Qc*G2Oh3Bd;2N@_ zPKKu^O)OB`s^ZFL!aT>IB};YwrPF{Db;o9e`mS2yY=9 zBj}^t?;@>T}CQE&WV~dno+Cj^ACEnb{>SL(~USF4egnH^m+PDRw!vA1O`N3&L zwji=6&j@QLmT!406m#>vxAx8*>3ZqWWPLNWf&o+RFt|=wnGqA}M(q1QUK6Wqe0nO1 zrzkvf=r^U)$jv_&TJppLr&qU9mD&CrFbP?9WZ+Ak8p!Eq7!q^KO1F5Ky|v&c>qu|r z>N$auAesknwa>Pgq)pxJoZj;cLH%6>tWc&eIoSQR=Isc%3KmO*>sH;-T-`dL)&zkG zQ_~lFBis|X0r+is_I*OF*{6(%3*hgd4Fu5ibg}+wP*`9nV|sdq1Zzs0B#-x2>=Dyb z={AGm`_)?!La5~u@o(~eVg)(Q48LnLI-X4$;=RTAj6v*_L?5D$lSLSZof+?m%AT^f zB2EO*Q4H>*wgXN1@H@#7@tbp^tQ==X4lMXHo~S++gR+*Lc$dA%p3({T5u|=g<*UBs z9is25qJHsnh`$6qDv~g;wJt00ItQlRjA`ud$!|+s*_Pi(fx}^bM$AH6!g zpdpLy1@%=uRc}2P8DBA6^x<9+@FV_6gtH6>3pVeIOH@OaD=0?d19>xFm8?2$IP2hY zzVoTJJa?+sA0w{OR-nHRxj4{YB5*5l`&vNOqShh^6HC-tWPD!|*uZahNKFD>fM|D^ zQ~+KOTZ#0@LkOlrI@L zm+-MKnWzXG?QLW;dJBvw`uUrDP!Ug#?B?nx@HixX8)gdX` z=qrx94MpOlz38*`(q}Va*>m{3wZZd;B+}on0GrC;ch@jMGOO2O)pds5;+Q0#2!?~z zFmBG^_Scxrzjt$2-Wi^kIi7os89KnvjFBd_L#oR|hwo%#ey4V^I(TgI9ELCr6$+^=>bc2$ z>7JgK(EiEhyuEQ+m2p3aqTX@VpXUb;+abce z)PIvsR`SF#SOjw zU+EoQ4vx}MS31K%tSZ7PL3;;pundvcOxpCfCTmJnu)Q``_V=Wl+EhXy` znzLHf zbTf-}5Lk>#?4cOi6pfP?HFRl(oqx@Y$WLN%PuzCxo1RY68iUWxu1dFWB!58u;7RvzwU_1C6IIl(_M9i!He_VU?(ye%&hpi(ei>W9)cC3c3EZztX~f_6qm^TjRG$H0nXRC$9$MzloS8l>Tdm(T>8K$X+<2&H zoKzz=Ax{MDNT$a!=AQLC(~7(sGE@xqWd)BXfs43BfHhp4oe_@lau(5i#?|!J;u}=kFc?g$_M;{oe-Y@vuNDmQd z6nd*>U9ber#_J4j!!&KbqC9IJ{mqLLtZ>NKGjt247j`!$DDx%!3r1#73&LN~?Y# zaJR+iIX%opAC(6UVc4(GZPm|*E$dV11F!6Fa3wUS$W|~N7qTBWJQHJJ5dE1@j z=HTG;neg4pm^WsZ?uRPZOLRigZ|vx8xdEIP@A>nK+#p))LES_oK-`RP*ftP4@S?*x zIZWgL9eys*cDay{g805%QxOU}J&--Iucy&m4rV|6rx|T2=!o6<$h6EM$QD1AwSbS? zRXoAFhN3A`(3u3P=?SSNF_9H-Heg;#pLg>o*it6&KX~@Lb{@5GD#Ku~4Qa=)<`e9n277aP?*Q7#jxhAoFw-Dda>vsNGD{{NxSu`DM2qbGja8NE_xAJIm>j{5~6!= zq0f`ZdzI~;XF1jnOTkC2K8E|y5Y1H)oKa18G_XAi(2I*7)|u^lHEs$|%4W${qnO8pvSB<(a^e zyDo+cQ{L&E+QinV*L2mM>xzOA#I3muRthXWMSAdBepHUA22m8;tnzZa(Feul5v717 z$}EUlgu+jPpK`LiO%z}x&I+qCTR~1n!8~L$Z&{Z8V9leDRk@mwRJkyEGP{a?e;2i& zoC-YTJKg*fv5i_js#AzgcH3rCbU^2R5r{uk4WJXm9}IjRxW=*%ZfMuB5xpe@!mKL; z&8&M10$)K4iLEd6ywKf93vU3-aTLOcf;NnvqtFpXEkvOloDjvi>Ddg-RXe)szK&xp zplxj$gg|dqRq5~h#B%`YL7?AOFlSPR@R37`?Em z+-B7EqMToY=M)G(6l3VW&(jm*&o#6U{VI7qHKu=CtlF`o-%bnbrxJ4>9TS3AO9J!z z5^=IEe!GbD3yx4Xj{iUCqJeA8LEsk6>j9N!kX>8_x zP$abds9obPx^wQ6Sc*L5>!=iCK;>V;RO?F7X%!=w{rWA6gMs|hPkokYf%!#NC-6e$ zj1S;Fk&ztNrFuVSoZ+;H$wv2>vKh!3Ci{SAUn9urF{F#s-r0N_)i>=ZV_iM`+*~Fl z)%?rlhtufB*#IxSwdmln*PPZ%TvajRE4MYsTM!m z!>@*q&Nm}t_M%ZEU$A}ulG8jbd(YkpVxwrHLW$vVKV%sO`-J$U{||73X`EywT6!W>eMb%Plb3h?%u$bRGsKJjR{nJCUM zxJoFJZRM9?(^kFtxU~<3>*p?oueIGv&oPR`nTd2D2 zu=V%gd~PV2D=J!hnVZ%R+847 zgXgrkUHO*`7w+UolXsB~-XqwFLlmS3oHn+xJMBi}Wz%W8@>c{(d&rbZOpI!qNtqQ< zKLTy_XQ-7;!(~D)%HpYn6W*{5hvGME11vRNK#c5r1m&ODhOEdR*ha3bvQy?Wp(y@M zD-Nd{B@{el{CyU^{VX;-_&r&!(PTJ1@XGf)>aQ?dBNY2WSw_l{9A4v*kQuju9(}L< zz8T5MWutpdvLM?Ap`NJOUvLSn zKfks!ITZj?o2#BJp~bEzSyTqR-xo2UW+5t3uYkS7*yX?^)>}?FS9wwXR7|_r*%!#2vgG}4_`Rf&RtM9bJ^fY1K`^>8^D}_v^utA>v zDSUZ73fC@UKK&72##GY7V_r=sgoodM4jnuG!OH2TQgCSVZe>O*1-#mk)7f9Dhs^mV zgP~bh`Rg4^`B6twA5q}gf+h7+&z33x9r(u@77QJdIu(;0DoAbO%a_jXSDp)RUO`xl zeIb_O$S}I4CK!v-CHOn+vvb%D4krjO6c^ z_69Ei$0xpBvbIJm6WM(6*4NKJGm)Ybu%I`Zy9`_^X4};8Nsrmx=dC4^3s*^KF4rw1f!m zSBXONAgx02L`xe@xE~KB39zO0Cu*(%f}p7RjN-1T`GzV9sQHko`Rc?rSv=cwMxKzY zP!z+_KhqV8Nuwj8(W~DY15%N=+5_Lko{epNMf6hQgLLzbLOyFb1>-Z2f_L+l=yOuz ztEj-U+tJO3>W(!P=H8G5=W@`oBPZ_Z7Yi{ZL1%v>QIRVHtV7`T9;J$^A0Ah7i zFu|2r76{*lVZb^2e>{a1Fi8S}(E}0#O>F;6eC{=(3qW@c1m1`Mz0yX2FkaUD642hf z8G>dW?V924Q6(>fJy?*IHdWuQqXOS~kcy*lK#RWQJ^cB@SLk^?zj-K*n<}|ogbnA8 zqoe*KX@3!Om}n6F3^MSR@<%|01}d2TdMt|`M#a$)WF}YQ&rV+>OCk^&Qo%4^boO{( z^nEE8BASOl?)b>*iB13p2yHnLt#?#1JVt+b>MlsBrXZvy3mrivsbQ}k?zCFfmhvIu zlFOtgDT{Mw58MDhi58jzQ?It~3P>ZE!@MG>Lk88N&<-P*Iafp1DKW8eG&8p(2X4nP z@XP|q>06ri7N0La?AlnMK#+m|L*nvBLhKN>v0_MAey9;>uBUVRhBg~PZ=h$7c%RU^ z4H!TIxd7WK$O7NtRQM4vzy#{0p}B-csyvbCF9`5S?ws4Bhi=tE6bz!s{mENCG!Xfs zp(q6)0Og^-0}$*L)dL0rJfA;1HN-a=t1r1FLV+=KTm_oQF}K1o6BstNLHqs$x@E}u ziJ#DU!KNX;nY1soFQM>R85|n$E5g~RO}tc)0aIJ5h?UOSrWl7^YHgNwzmnQ-$jrdE zmc|kAf>Fz>m2UE<`K0p;fRl$prhgaPWen zd{mAh2b5%>2Y_!a2jE+4=k2XEU|$exoE!r`fCAzGz5{&X&f61Xa)^}`eWL&b=BCyQ zk(%dth7t@Uh7zk#3srI0mD^DfG=}|YeNm>jy#QX)jwoLO;HycnFO?4MLVgVVZA23c zehj@}U%hbNpR}$RK?1@%h6d^~op_R#&=pvMXlm@MT<{Z4L|H?V$e&-w~z?>sO3ceV2ECcsA<8)G- zqLib7Xw+qJP6sHqeF8;SMkFX`ibZ0S$Q{s`1Vv(4LcgUcsfzM+HzG2iSlwj%gY=a@ z$~bMsBW=MOB^G`lZ)7YGWD&FvWjGoll1lDdRwn=QBS6Jc5fbcpP3cM!Zt+FFG@DmP zt5>!5l)8F#g2XlfvDgj#uvCG`iGrcuV-Z&#rGHPo(&~)(TjvF{9k%j3jv~hvo2CZ% zrbBoOz(tMe!l99O$#=FG0SN81*wt$;6(2=N#FsQ3n2?1*RrpfF54f*@w|<9lpp9YgF}NSB7eR-`nw#O7o6#MDKUKJt{OU0*k;xKPTLq+nN4LeEvq;=8 zQj|1v6;9wx6SSzglG}ue_2%iOBFGqA>i?SpN)rd_NEHV27tL2722>;gd5_`#7Nyj^ z3t}nzouw>J=A~PxH18Qz0M|3#>n0aPWNm14u2^Pxt}!itP!vcvNxxxLX-}fHUutOm zMB0V_F733F^A=|07zRZynvJ$G(|SezN{-wj8iMdc@G>GIr3m54`ft34dvhPs(?;zN z!I=Iq{ciOBeVI*#=jVS9Nm}I#>c9M#WTeY^LwlG>E6EYVTs*J3t$~tJ?_ z**fdf-K6Zn=R#)2rC8$C-(Zi^Mm_(?K?peOcBNV0hhKvsti>*Zy*iP%_$-XE{GHaa z$fk1Zy&U&w51}NC_@psAKcgLl!QN#v3X#!*hJtq@;@Z#eYQ#sz$}Ebt$GVW8_81L+ zI&~+>xya`yDW9*Q(j3TSfFSvVq%tRuiuo|Bx_5U2zKj*A@o6Ttk9RCQxyRJ$_yy zQGMH=wIF(o3vcpV;+T_<)Slez7RdH&l{lmvrDXD-l>o0qVpWlOcnD>BNF)_~8NC2nEG!h2uvn+3D(R3*@gL zqSKaaMU1%7VX@J?xTYyY{_#u>{o_EiM*@iU;F*&O+ThDXP_p-+ZYd_aEsk!pzlp+y zA|tv-_dUKC5lmQuw?xF1{Y93?r>up*BG?5p(0~jz@!L*sbFXk3GEX{nn%e%rRfRJs zL7=c+wXx+fmbS3sGK15X&wNLocD`tP*=UqqAP-0=PeokD0@+_pfAYRhIsc(*1Ndl< ztNd8xVOz1(2us0>oy<-C@^Dnq&hg&cy3Hs0<+1%SeICh*TjW7gnskBoIv=+b#u>kh zRu^e_SjSXz%uVy*hv>KNsIgp=pjoHJs%hiWt_t{sYHRg1?fgCxj%y<^Z3ZN@A*;$; zeD?_GwMMt=)MQDM7OWZP*zO8Vh79^4#x~e`Q4t=AbYlgIgY5V1Wxd(#UK-OCW2ual zUXl1HH>upE{4+fFhx2D+qLqs255n%Z3vfX}Yn2m2youZPm_rJ?h-{9@hDCgXdCHq? z?1?AbObM?ePwU$+vo1b9rXdY~UR7`H zDjiW~|Iwp1pgnX$-i>R+Tj7S+2J+~uh(nU7kV*LCR`%LOZ^9iz!j~4&_;fQwM#BTN`4( zxr71*$;zjBFT48II8Ch@x^DnsyDG1*Sj)p@_Xjv@))n>~^m?`#Ihw=6gBuL0;tfK! zS*#ThXPBV2Bxjh?ZPy-f3B5Ke$uZVK2PaIyrr{+x;G83b4OXJc)V$Ebwjg8Q`abX~ zCUI9n+zf8G3h)V5#E3ODqoseEyHW!!>CJm4o70@fut{fcid4Hk7)GehfT;{(w&n#_ zYt`l*uj{1kC^DUC4pF&I0JHu+9N(4y1Cx416;lPvZrWu#|HmN2O3h_Mkw01;D90|c z$_6|>?!r?X^cMM@<>YBSWA!>&X4a(%0OY|M{(%q6ldvP5z@ML&t`O{kCTC4-r#ik# z2eaum)G0H30V2O~wKoZPa5EHgHSpAI63V2#Z!oUlM&B5k(^y6^l6I9vT@|MBt#UBv z6dA|q)T)g8+G;9~M=5l~vSG<2AtqeGCT>qCP~2oEuuM(G-cxKxuYC#ig-qg7fKJl9 z^`ogw#Rk|@Tr+|iF+-G3qia&)gUK)3q(bI*n08SGPP=rVC#}Kr2?n*rOLrka?krLE zkc<&`r2mTZli{b`{$lfL>fTOp?90M@0vgurtBUoo_*k>NP3vyUvMbM)DqD*7z*t*F zen@LUT($pe?wvV-pca&292RBr7l#gs01~8RwBxy}3q?`^Vf*P1M%QR1Mnk`LT8h8f zZr2DX$*E^|;(j;`22DpbAO`PEI0ZA00$wHPsVN7X7K=|F&>WQyJy{C5LNw7$=ur?I zluu>D>cNAWb0s0C9v1k6+&o+Gq+&yq89lFim*xsdSnR1)B>8d>k4$)DCLj$rUKWcMQb?1@VLI!l?;TwwLJh1Gil@D#S9^$>Nop}vJrgg|Fsd~EG zkx_cQDn0IrcI9+)0(!;Dg+;c`yV|}osi2O#R^?i^)NJB1BILTLOjdg%QY3U}OOT8EnGT>a|y(SW8jC1kUq8o9`srgchV|2#T=i@{mWWi^$T&1 zWHF8YA&{FvWw6UB47maybG8UoWP3XuOz$?)Bv=}<3R4BVhoY{Oq}Am35*TW^jt;QS zxwBv!)(aZaY^AEHVX2jhC!Yi(x|cZN^*#@4PTi#;g%@84YfN1jDc3R3?7ln|FY$!r zedqJX4W4m^jE}q{c>sQjwdB#po@fYzAkSo5!NQwUy4Ph|RUbSnmkOe#~H5r6o%kj=}%B^q7D`b>sJ0(JIrfOOce9|WqP3~kgJhah4_2H82(!@F5~{a)i`JM|6n!p_C>>N zmR3E6elCg7*OeqyC3;^XM?o_$SQhYGM%HBh6A>?>!u>~6%(D5dDQ1{3Soziz`;PHP zQ;b*ZpG`5pzgmvs<)cgYwvoc~YNYQx>@%+@<~e~SF_@MAmf) z+4vG%%@!rX-~TsfLsA0dY_0>LrN`s{77$nd77|^w9uVT$#<{&W3Le<$%lbZ^;;_F{ zFy_55Ev6iq`}Y;m_yg*Xl0rRMtVYkK)zvI!qE@PHRb_{KY@NFsxxz_*bjSSOyQpXZ z&Bm3OUkC8^4A2|F8ydr`N2@kIx#aRNqpKA@3k&Hnj)y3ObIf0sR(7`t>X`cczm(>R zU2-d9NHAt<=RB`W#BNCFgx8nWMuAWnwHaYdtAQaOLN15 zg|=C6TMC|Q> zhKVH#uIAFtN_M2FxX;%9g)MyvRT`g-l_}~l!BK&e2I*12bo)~CR_TV^Gs=Mha!(Z| zKVBu)si@`)JAFja!vrlwYx^k2r_7L`wOPCc8ruzm{iENg@1dM}6LezQhV__c=}6gt zGhvAXUDEizAO0lks6qO%ZR+66n7c_E{V0iKnghlxY;SSVQ^@nRn`AC*bEWEP+GN4f zxxz_(?SQ-b9poML`4-)B04Py79H+}z2^WU=jB`T34{fH&p9{5!v8Js8qQD=>*o}>%kw#`8mE#~S-K+ZosoW@OHoQ;R7y2QB=@-VtKRN)tpIZ}^Ko4VH<;uNg&I(pvn(0iRnnIiD6n4j? zgT9!F--fvA4E2$>E-SN>M|(F?prWaj`by%eE-eb#bsq~oX`nQbQ^R3Z7F%#%l1;X$ z*Mj*MP`5Xw?|KSuI?~yeKH*m(J~(tABdpw1I3IMRC7^0IR8K``Lg;EY)`Ox4v)y*G zzozwhn^uIbp*+qmaQ*^)wnA^V+|hs<`-E}UTup&wXFx)+(dHhf*Xf0ZD=C1vfS0QT zdow!s^XKM}Ci6GN3>xefg<~#22xI8^=KD(Wkv5@%0tf$>w#85nOCf(@wGBy@^Rb!k-C$I~8GCv59 z^(nsvtYR``yH+k+4FcMk&;(eX^r|XtZuSvP)hk#|>;0uC90|GYo^%xeC{>Nr^ zvwt_jl7kxf^Sf*0MiVRmS(2-H{1G75@Bl)!5w8$cZ~~Ww0)DSJ#DN9_zV$cDE%J*E z?2hUP>dx?Bl`;Y;SRZiz-CrH@-n5?E1#-t+Q$I!!(K->8QVm%Yb-*xlZr%grF>90{ zVa~GFWuRfXu}z@~3H;qDjV7|`zc1_c`94`9iM8|F1}m7MBWK5+JSdr6GEKJkai=bZ5o4bJu&j;K zUTCN3UNXtc^fj4x16nn^9nonIV99{d!nDRVLEsYH?)Am&LpbC|l<5Xz!`r=AOWyZUJMOyUc}l=Ph=_sIyYlSgAmH-t1s{1OFCVz` zUnYl!^cR(h9`uvoW3++n#*^}|)js~Xxp*SDhg@ysO#Y&Dj?i)9F6_GuESGN9Ee*S% zP}o$laYk4^`SIS`B-gHA%? z|1jcub592wVDSZHfl~syQsI`rCczo?d;n26zO1&U%NKNG*||ewuMo-?31kDT1Lz-j z0R3Y+U)vEVV@5Y>vN=dcLc!*xs9KzPKwSzIxOKrJU|9{-wpj`ZSe)s|P?vGn@L38r zQ;q0IM@D)T7Dc|DJ=}dm0J?z)fI|WfYINc)3K^>2-ys02zY&0pt0O9?Nom6t@_8#Q z?%x^~SAE$QsA1*&SwdsAJMFcMYx5<-ltO2L^!JFCgEG1#{crj^v^!a1CooXVUyR&C zY)a|e`vWv9YDubcZlo*iYPbno z-R+3RZdr7ejWgd^6lhItqnuR(psGqQe8(N-%o9<=kF~hd8344id?}KxVth>Jnk*mA z#+|reli#mWXyESt)~QWl1-XB^ptNQ$Evacm(@!>X7%B|M(>d6uf9O$?)fm3}QEK|B zf}0>^MSAp9*>&QeG!M&JuBj8PU{kBF%?~ES(|LrJDhyr@^D`<(hT)Tw`PySo!FRxH zT-=Vo-RRfcM+w4b)u0pgX(YMy3`rL=_`R*%6MepUNQ(vbKouZoO(r4LnUZa}T&Bu?gvNK}u zk-?DvqEU-}YgEil>aEO!0m1hsK#iKp{NL!eRF}!{p1vm~kc=lv=oRCQL;er+8@n`_ zW#Kpat*81=^qUzEO;l^zwMydgl zN7-f4HkTljw`##5#Z!Nvu*Fg#m?Mw7+@{Kc#3H(z_hnUR2qSMY*b-(Q!=&&>!|P zpMBjDMN{p^`~8WxD{Ql`msnHsvnTvEXmF@cdPQurLNjQsz#wyFiEwm;x9)atuLD4M*e&hi=>vwToGP4L73V*2Q zz7vMHCynDqXP%hh&^EFm{4Vmt-aJ}xySt#&9BEHB$Wxl|bR01#7eYOEMReKJ->6x~8i)u%m6hp$T697QCm zC|{&o8&|N|NZFf8HPL+1wXhxRG)Oks#&S2x`&e;w9)J+IrZEr#2WfzCUwebV!Poje zZgSL7?WB4H0_7b)hijwTmy__S4U&=%-$Na9!(z01W~F_$$J3@&nhR8D#$rSNPLjSV z|0zkyRn0y$r%=h{E107MQ)l6C+qJ+uBo6R>PD5-mRbTAk8&ck)of0L`?xR;sLZ@Q%%2d(xlp&miPGp)h)$ETpm+$z)GUj_mS8 zpFm)Y>|Y8-StOIP{82iq=l<`~*>QW(OT`KrZH|H*bHWTiX zuE?|?TKOOpXT4pr;yD>79+xr^6RirQ*z1RPJOpL)2?fUFYx653IqJJd;Uz~&Uj}%9 zowNA&A5Uw%=oZf-nzQ#ioErw;U?M>C+98+?f6g8<=bG*EzUJIWb>e)H zg(m|sHBJOa)mZktOgT8ZkW-zk_=vVU8G>!gQR!o5b}aWPtJq&5G-hL$;n~sjNCpu7 z*eHv%XTQ#XmPg{v(K8Nd{s=K-eqe3DLCL#qogp?jR#Oc&MG~-Mpk0ri@}+c&E>E$N zKH^(ibhO@XGwXc9iPM5auF5WEq&lkNud*WQp0#F1;|{3XYFecH|*FPbb1@47IEP9kTp*Ayq|`;ZXdyf z=gVuCg-)z>BI3(45NetIz-7oq0^M&@0zOYs_Kn+u+>!8cf52wq|^Q&K@! z>Kasr%~$SA;Ce#Sx~ha--h~|WU34RmDqCJR2=DMGjvsq^_78gufugJ+a7qxh9dWf- zM!sIyra{)OvPn6A+E0<+rLafTuH$5ika=i1c`kdF-S!b@dVor!Fm(8xAaXGd18o?I zYV|jG)!yMi1zEKxa$$CJ#XrT{EP@y6z;~pp(o-%c3rC4OXYDfh4%_$IzjO_33p{S^ zsj8Y)zAot5qY|wRUMf*m)dL^tyghmkd~|M60KD}|ea?p+1132BYu+y~&-m3SZn{>` zLM26y9os+r-Ab;%GpBCYH!c^~7%S%a(aHf!sZ(#IRN9kk6~#QY=3xuL&4*PJSS8XX za#GsM%h%7`8Llaz-dv(tcCMqglvZwgY+osZyMj3954VTM`MTm^>Ykt)CIAccWGlFp zFbfuuifE9IYMG7ku#E41OINJ#=E08&bJ35R`MYzz-VK&8Nj{C42`s=r@L#b7Up<6g zzYu|3jt_aCCcT1z3?Ri25x4^GcS83F@5`FB+)vLbBqXm zS1tnqjn3;}A~v;IC#1@yQcu_ecyBVP(X#+$orYLI@H3EzILA;1-AbWa#ONuIZKOG_ zerB#-u{n^pwJwHO`I63j$_tz~2@+DpdkK6ax9t_C(&$cf&`DvnjKLYGb z!sR@f^UtB$YPE-&ALcmTwd zEj+Hivx?~Ckf;ALl3H}L{KcV*D|zygYw(^sNgZ^TqEUT#h=dHkDG#-3$@{XV!~!is zDq;>cY8bbKonJXZy2S?QJC4PD%@#Cbd4UdXkZKv{Bc&pzN2Mp7q>GCRyM=qpxm{p@ z_G3JrBY`&Q47_=#lkxmBMRHc0&kMBagM3 z>ovw+(^m|qS672kjMt(mOYB&ldIQw2o6@|-Z^Kh)?=H^6jTb>{mFgUKq(t(xIe2#5 z+#;I0*Cy=6)hirXkGFEjBFf557yBjLlLs3{dI(i0H2eJBDr+uZDeBVgwhZSI5HtRBJr=bo|vcHpBod1HNcGt z_U)hLLVve8^?%Qy%_dmySV&Uk@fHfC-2V<(6t-*kQzX}=z4m%z7S&MyFc6zn{%Iio z*VL3bYW6=;Xt!{EeCl4GCQ|q-{^G{zl=>|Y_QUzkHZ?2Dwq5g!g0B=?@gB1zTi8Um@;rQII}DkDm}cH+Z+>ohA5 zZS+VZR{wwKw5~=0m46V65wY)my^%=eAJ!u9xOvT?z=oa_8KDQ=^Ew0}*t3k3Zj%cJ z{>`{xde&$9)N;o0Bd$)tpDr3Y z-gMf#l|H(uf9W)Wzv#3Opic9B(`mMU>a?QKzt?F*GXKuPnHpU^gvL_PpZ!Z5*H?IV|UcsGbJ5OtBamL9E^p zvew*@h)JtJWR&EQ^DYXGS^^U}W6mFLVRCbnQq{}}aUAq`1D;1|*a^qIuUX(0u-QZH z)pT(*Z#7HyVU^+{#Xf|O6rwi3FM4-plrtyosri%fejKE(=({>Raf{bc&TX-ad1`hr zXC)6{qY*2EcW9KFX|?^qO!jqlHBw`qUfbaY=w9X` zS~xIy5jy5eH2`f_Gk`W^-->;RwxJ$EfI%+~$mdUFcODuKJp!3b;0JIMiRFc;M_6PR zVd3F^=t&TS2`uo-glO0gOsZ2>Le|1egSt5yr9||0)xSFJHVWKc0MKJT0PySG?(40U zgAp{_F(zl>1GjAK0am$J?RiN%z1dh0C#VB&p96i&JlIT6dvV{>W$0CqdW}h2G8?AL zRX2+j0oc{1NtAie^Iv|Hgc#eNcOLJBj|1>C381%{XZqYPtyG@ZWRaird_BwkIWGa) z$;uUlsb`AW&+qyI{U3Y_zuJz5Jn+L55+gov1J62{yCf3)2+lDF!3wYf%$y?4M1d57 zC{B9;W&pr@Ix?>{!N?z`nV8S~@T@HylDXU+pT5f~fY#@^A)KQ~Q{v@qP64_`y#SlY zf(;O?zIK4kQ>0CKKo>|L@M~nc%eE94dAf!r;K2N>|aECPLEnbbpO-KY?5dB|{~ zI1|xO=ZW8t>$}?zkU9)+!1C2@cS6tapX#;>&O#m+m(1i5!DJtDI4<>|ogH)0?VY!% z)FFmD)`)ZhzGAT099W0^uweoZRdK!S@gEa3>*15;jrjAqsjaHoUwFJ@8Zq-cA{!C& zGPgsYP~RJCABo*9F(pIIki5ze^jfp0OKPy7T5*til0TpJCzTM+R2+toHcRs;^;O)0 z|CC`a2X(*}K;ig+8hu3F|5Rw=M}P~7am)FP?yQbM1ML{1h~$Y&mY6sMz$j1<$ASy~ zsbh7EEk{v1w|p>zrosMzC%N_5b1wn^t+=rM@CF^=*D&T(sknib5@k^oMoyQ<@vfns zqd4jWk+OwcWixQuf5RbCQ(c^6^%tRa(~;XUtbZC_l9OEiu2jFg7XCcFF~_vI4*Rt8 zQ}Ks#EX+G;#vv_x9H^FcT103ss--etuy@Ir+{8E~31*M|kwQa+~mn@I9o`kQ1pF4hv~!o6AhS+WO|5?ztB! zetfVn=ppq&pg*FZX8c}2t0QIzoPI*kNxl`! zg9jjtvr4&-NR3|K%X%IDGFwzX|4-4@3 z$zP@3S#b*2v2^-l6@rv-=+9M%{J1m&cCqE1!;(D}*wFbZ8%?zj(UlJBZM!U^Gzf;Z zomM)xRyzH{!{<+oOtq-jE2(uz-!^%^Z2}oc2>Hu9e~)3H`5SHMJzIl0D_taFOUTOb zJKWY9eG9j3W30rkA27BhsZ8F-kAp2?c&{YZ8d81;nqvaHPe7$ImSiw;?BIIFPC8D?*-X*RdZGeBGXu+V3HB zQLvuo{;7SJJI%{FngjF{;k#4*0!r3T{?$>;-Xs3!uEdG_M2)t3g;#HH&~VkXDxzu` za2nP0uj#i(YYy7Se@nkTsHj@`O$2%Xfqp$k<1Maw;c3gUOxl(w8j(HwDO}V%HWNsf zZ~F9a1||OCD&{9!I=rWi39mzyG<(avLy7*}lPFELU;J$Je|p-`9JJQ{O?uN z|1D2fn*LR>`DOIGVv~|kNc&c?iFf+9;M>AS?jIE!vCOxM&Hu{1F+crZb8og@yE9{9 zt~8EHg|8P62UAwMihEa+IOb$LFCow3v@17w7L?gH|2}^v^xHrj^mSI%(+#8Tz=|J4 zVbzBmP4x4-K|@CQ=$mL(%?_)lA@zLF3&OgG1w4M6j7HcjXS@7??z$~72c=b9d^)70 zH^ROs@bcgG&zSyw1T_dAxPM0b)zU}lKljfBl4sxc&+O&KBeMNuAyNL^KNEld4-auo zlPeggO}&BIbeS8C3G%l#?FeWw@?l2aiH->qdo)d_%NIm_(i;hPoZziO#(*;SsNAn#{sp+C##eP&s$!>N z?5H7f!HI+E6Y;3o<*tE}&g7Om)xfAUuwnxG`DMB=V2fqu0RDok_G;TjOZ1w~A~<0T zb-mIxiMxvJwJ9?Di`s~)`=|sb`(SOl|Eb#AUQtVLbsR2pYi*8kf;OMN9gf6#gIaD) z@z(h+GDr|#c_WOTGmORgg~Fh^p8GykL1`Hm+V7UK+|BQja>8v;@h@Ork3?HkJjGeG z=bWhulN_lIv*?Msu!o2Z4%8x&fa}9h$d;pdM+G*Dmk@dzwawB8Nah))pYJc;7s9T8 zX44n-p{?KBL|BT(^*AfLx_K&Q92qVj&f^5b(*0&@`|9QS`0FS7{ff|`?Q6RHaK*SO zXN+_qX`9MZDMiu#wEAvO>8Q$Xjc&J=yO#1Jw|~Xwz%?=JaA3hhvqZVVK`XtHHZe`^ zJWGWLG84yqn?}zRx`O5`D4Est+ta~hzGD~b&y!kX zkUD_63(5u1xc=%6tGXv)ua9T}N@$5J>)-F`d)XDhH?TEra5mww@ zn%=6hU)N)o1UdL~AuM)@#9!FM%Al%&jq6Pp@z$S!Fz0Mi8(ME8em4OLeVA#sLtY5; zmdhhJ3})}BQxJc)Z{1H3*4NlkwK?d*HT^&Q)kAJHjd5KmNq1yNeVO_V0d39SNbnY~ zdw&$8;q108eJRb<)((ki(#4DQR$zynTb3a`OPb+i9uL#x=1@;#Yg4U_1p?|5nzfko zhn-bG>vpK#NVSMos=W**N3C3BfYn;3qX5=7@bCb4$~Fz9#*j+`DZTawB>X!Jp1A%= zRaMkg4K<~kbnZghif45-1kl4U zP*z0^-zFpR=Y>1m8I0)Sa^P-lS<1;zl=BeIWmf@NfAI{ZgWMeV$yb}oC}3{p3b{k5mb$q zNS=b>DVF;*+sT6@Pc02o;5DM&h8?1Yr6RwWO0nTolzXuzt)VYNvlJL393%Jn3V8jFZ?zyXytA3`BJ$eKeM|ba5d&$}nujQL}=Cjt56kgI+_O9)?pAYXw zUww{SA6=I@esHzD->(pCSVW^sFy*Ijwm zwe@nc4(5w=CMO+F&%3iI$AB8$Ibz7nh7B(*e;l7QY1L@fwFgHf%D~23I@>q4u6+EN zgdu#?HE&@oa7<$n)Y<6+bIpwxiH$3nOWXHVB93YCF^%X{B+|VA$L9^*v2YGU0d>2t zAeRtpA(hrAcK5K@Oqa^w<742Ryq{)Vz6zZ&@cddxex8$v(aT>HdHl!?!)hZBCsQNu z@Ah*}Y9sMe8hF{)OlMS+_%?PbA#AV-4;XDG5Q|oDzeGW9rF9-yR=Bz-|Iz|y^mud| z0tkvcTf8)90*In|*Q3vlZFcKxIQP6bk;+ue0!LQm9JsssZr^Feaw6vJ-eKSrmgUgs zH#xt%H`S3)IkK=Kki*GyrNr%Zf`Mwj=ET@)xaPbc_qyez$WiWa9;@tRb(%+6XLVi|TNWmj8OmrWk{7(Tr#*K5RP zmAw6Qh4X=-S_1M@{}fKwWqjZ~y{J|``Y=pVDEuX;?f=KtSq0V6McW#8cY?c1aCdii z_XM}#Y+Ql|hhV|o-C+|XxVyW%v-jcrb??Kiy4C&ARlTaKs~=XcHO4pRzzWS9LgCs` zda9BLl|cB`>_8HkR=1A~n$ z+%aSYw;f`)q(2ATm@f4k`C9!b9)~4cO(4O1wX4o95zmCAhW+29RM?^3A)YcmFxbUK z1WHO3di4fMBS#}5#u{)J3bAEr|C=3^llc1pQ>G^>Wn3UhL2DOg^CE$MEiS%kS>J#9`q3)M&XYXIvZ z-AAq2e7hTkp4fMa!a|-Q=Jr1nc4~FW`u|Q+=<1_q|xxv3aw8WR|rj!f4@qaM#QD&w+2LGuGuv=Vw=8 z>Nd>=rvQ!h2hUF=Y^C?KF8k}HFE<*}1p$+wmi8vk9s%6>Ol zw>REe80a?N9(zlNxf8iM9Mib0<5IWwapm%aPaM?hW(d8*&j-<4vXP!eC(+xyxAQc& za#L@P0w*hb=)&_QR%UL+<^5x4=4n_qqClq|iMQOEcx57#&GZoxNZZ!_vgRaI6CVfb z@#GkSNyR#F2My>XnhkBQobsq53v+^AH9T$6ZcPa6-4YcL!U11Ay^Vq&hX-f2;35M+ zy@fMo&#fRA7jM32qGM;9k(=Q{B`@%zX=m;J_T|VRA=X4tyz+E%rRG$rFSx5Me4Zs=!#I#(Fz}tIhG6N3AR{PKWMDP+;aN zN4^yZJ#zR1_)ZodFMIL6^;gpzR9X_TAHgfat7bRx-kZ$HZ&8seZX{#e`h)zp(_o2%Vg}3JuDBTF&mQA8HF2pJ^l`5C(c01 z$+GNp;ijLRc+LPRzRNb#^B~nYeg=h`NRc?^E_;wwUh8MvStH>zNSwP)m*WTSMUHnV zM)oZXnzKI{AJBRw#DGIR0UslOOKuKmdyaL8>JXl<<6TvlU)j|$X3+-_5HS1=anTns zE)BOpsue1S2ViS;#>kz^@1Bpuo-`V-?<1uG&p1{F{-YQq@uXg(TWoZ*+u-``gf*bh z*Pdy1P*acYWazY+Uh49ZaCjE%lx1P7*P5$8Z7qVIgDE6=$5EMY^+85ViiUj#RtLDO z*MQf&ITpcDrwq7aFE}4B{lPM|iK1@Y@95Jm6!umJx;3CO=}_Dt$CEQ*smP>(!( zO&j`c+JAqHVIjF7+LM`TBmLrhrk5w#O7S8}T(l2X?@j%D5guyr7Vz2f?Y1}djVS#s z``1&C-8YqWI`5loyr=Tgp7(@|t8QEERZRLja9l$2EkNiCn&C@t9NoprRI!IoG;c>T z-H9pH7%4fNBgMUiMRQrZnOlcIuH^MdG_H5$T3xn3qKXPrD@vb8*?#Rllx95DrrLG} zqHgVSt_1hYYgEi4n`r|aew)^!-Y}`Oqu$qA^9|hXBx-5xZ(#agk6Uy`ZqdPvTE7C7 zd#Oy<)6*s|WnF==@mioLDdu`l-jyC^OlPi>kOul#PMeqY6>cYN(JMMYD!bMmu~xM8 zkA+};zz5i@tpmDJKk$~J8T>jN{Q$l`ZhHVb9(>yb#oP?1v4}FhI#u_g8Uns@@qUM7 zWT~}(8+xg0er?FBxZSD~8p}V!Lgpa>f8{$RquCQhOZe{#l;*zY8Cq2s3VT%$2@i&M z{Fbcuh+B1nTXt%{$3V~FPl`XFA0{l!Fk)}?1vQUphEUQfqJ zDj+GTFZ^~t7>tIEJxeaL4GEz;o%5P^m>3N5(H5AFoEa6+v%= zLtw*Uz&SvQL+NcxM1I}`H~F7SuzNk6;AEK{Vi7SDxF3)9_Y>EL^Wwrqah#-zmf~fS zE(_4D2g{>OMd-2e!(TT#3E~yO|Gt02;g~vMab)80zs@fC$mR5gMU7V!VH6`$&BIPCb2CrcS*3gw75o*rR^>pKS!+!Bc)3mHZC+7yCoU<&V&2 ze}z%CCTCs2t#?gr&>PbZ?Ia*pru-wX|G8}e+~Sm9g#p0U-kO|8Z(vqc7>l~b6f_m8_HnyDyCS|*-rBUh3BAG zhD+(mr-PLZCDg9a^{Y@l?Z`h*kKHZ6GeK7e8x~aM(*N_uNXX*jM+lfmoor0q(fYzE z1#fD|uI}GXc5OMvYb-5(7)Rdt7%L0F@RP>>X~eK2O7n~4Uu~@evnv(%st%Us8TDr2 zVCNm(VVp0Q&ldV1de)Em9|xQZaf(qB$v}0@@KU!7=E8d)7X=F15{Y-1My9)TQQ3en ze`HD4Ll&DCXiFXK{(g;fk}I8$w-)?O5})s<0DNQ;?ALx#VtsW&<~eZ0Udo545OM44 z7Ef;KgD5TE&H~G~;D#qC8g{f?#;leq%)gKf3&@IEO|QQCU108}#`lPdV>|8*{D#Jl z_Q~z$o^_u%=J@QNzWO%Bv`vlPgUy~z>!(kenwnChyno6TNL+DQD+{WNnOX$as)e~9 zMBzJFJ(#VIxrKshUbl8!Qr5v_H@nrK)^J3}OvsrE+pLYI7rXwStt^DW-veus-X)*nyml(&rBs7tOtq7P_eN6{CV z=3x`UW-rYns)9HI-`$MBFbZl<2DwV*3)(j}W2}}jF41Ge^9bopAq1zXCj;r)O*t;7 zNDSN>*VTl2Bkz+sd>%&i- z|Dc0JxR4~Bj;-Lz!Ki=S(+5kCKDH124vgd#@;8S*&nu z#UQ6hIcYpPmk)o2@w0(Y#VOc3{@PZQwbKbhtR0j$2IjeJec5WcwPLK{umi)WG8~|b7lp}AXGb(t5JCfb| zeT^z<5Z=%9T#-KfPbPc#iQdc!v*5Bgz9XZ3I zFe}Zl(D0!d*Q9(6`<%yM45kB#4JDkN;vQ9;LJV6RqG4p^?iCcbXd)`8%!%D07;##o zB&MR&XCl38B!hbo7Y>+o7kN4W7K-Xc@$=Pa{#GmGKu7;Ht`JE^-=e50{VR4Z+Up$# ziP2j~%`c-hi4<{S&yN7nFRTz9{VQL01t9^?o*+6mi^4%sV2`px7#$way#*rlACNb6 zc~UAC0R=k`rgCHpCC~;weuz-YE6jjuU{>@*SAg4Szi#<#>TL{OeIcLAWT0gqzL>n> zfnVr(zpov9MEtqgY!nn1FwkU$4q7t98ygcjE8qz@KP2_=o9_9 z1ZAFM*v0cUCl-`9Yq%(SLt9>Ki;Ym2V~SjeUXZ=#mzbMh1N_}h7{wC$D^t+ zNY_CwjFN$gyZ!u&JGb9ghS-wtp4d!!UdddLxGo}xGq3zs(Gx7y3J8~xVJMvme`;<6 zf;W@F7Z)D@y1ZlE(AnC&-!Hn8XQoGXj|=^GwIk%Fs8b&T;5(-7tUECHW#I=}@2{74 zrcBd-?g-7!yRu}t5p+?(5mcLUuuz=4vK1K&VB^_-*zrtyYfMuc>=pGwtiFWZiuit> z={~}k4QYKO`ghL?^fcICHvw)=wSBnTB1C~~#O@FTO8n)(9CXR8*?Rw)_+}Oh0~!h0 zJ0>iu!wmdUOr>Z?WWjuzt>?S9$^!d{M885Y>7WdL$2>zEvAFu)pEhGa+`+igs9ngT z(fxsMf4i+he9PqheFV@e_rXa{a|_^;+W>zR5^}l%FOM}gyzAboW6VwM=Hy*cWrCP; zdCCTxIYB{iza!dZVzOnS`zU*+%y7qm^LE)sOm# z|CLV6(Te6I|L)oJuM8mZz!Ut^oli} zLpIC!n!#UI)w|EI*W2bN zV#}I+l{|WWZTpFf#YK%eg&6982vY$<^bF~9<@$G_*C9H8w7ZzsyPJYz?M<1HEHf=| z&E_aD-t0N$B-pA(D;YhKI7NM&)g4ey(SuX>S!BoqlGRpP)hfL|IeL;DI9+rPmA#S`L2qd-vULYr>qsEvTpwe!$7%$4O0+9?%QTZV)13jww(g7YUh&b-2 z?0n9p_~LtoEW=DGN+0SMzX8M&0A%jA{`jfNsRPsp!G$4nx0|1}ykG5b%yhI>{T^`R zlh4h8v*}eGo8w%!==HF-s4FQ$-Z030%V186phq#x=U#i>b5Z5si zC&OsF;^t~6!69V!M(9opKrVcTKNwtPlNQs8J8cLtH3i;u(aP-l{tJQo^959e$qCB* zM)iLFu05o)oBF*zLJ9tz@yCqKyRkIEENV5iXRXIS>>oPBMfYzNWup!*%?q=tMuc_W zGKL!_@1qSEG6Y$zFd9z@Y zC(Ww#&&wT2IxrVnpq^LapZ&#OJa_i|_8E+W#l-D#b&j`1c}5j}k8igE3LfA6x_^Gv zd24X?OR>gM7RlWg!c->*?YlceH$&x=R)MEn%H`K=oz!hTTtt;Nd?GTh*MRNdZ{?gd^Mk~8{t{dA-W=c%Nk&M&rT)H1<%-|8|qDs zf%!mk=)c>h>mJ0F&2J&!wd2iZ2h z8D$y@Gg&HCqSIKy@DnjEtjhoELm`hDIQxFlSk2092~pi;z`1+sJ_3HU4e?iZhoi5q zn)=|dlW{1K;m{oY&{ma!XQ@VCA|pjh;-6t*L)R1YPXAi&rXUq@GpJJFk(B=kFoNwx};^t!P6!K1PWnbdta6C1_4Rrzr~m z4XOPaHa1-ndUk3-r?N3k?eFri?YIT7ju?Mgzm0B-5znJudo!Ff#<)jV0g;d9$Ck#s)~dVC7oYhc`rXPo zeW;q}PTyYwGbYfhoiR~$5iB_x+~<@x9j6_?7uFSGvPT9_YVCKgvJ|tbdPPFsC2wqj zKRl9TBnDD^jWNYDC#r3Jl=pl0*N&ZPYWWm*%Lq}`Ku%0gRI0O#0p7E%Jp7Od37? zc5Om7zB$|Y=e^bw-r;l4hx+UG^UpDT2wod&gnj9?UmCoe<)|al1tP^ZEdc{#R8e1g zXFtn>D_y`#X8yku!5@3(ejqQVsk8%t31b<052-h6&(&kVw!R-%e_h^!5YSMqyYHmV ziIHJgT6ZMG-7YsM(@DMO=Q~N)(^EJkRiCSLjV?rafuV?4EJQlSB6hgvKgy*eaY42L zi|?WM$WoAh`oc>hl}R{V;+CPzLY{miw*_~0_fVxV7=(XFQ)wmy+asWmKo8UCu4jm& zj7R-brjBBOL4d{ z!#;s9)z;wpz4edT!{khiF8kWeQxfU#_-kTuVoA z{3yIxgRm@f?jn45SUcjb5uMA#5?_VJRs?0l@}J?QThp{(wJu^bk$^D@i--_)pWD% zbmExWv3M*qjW51Yx#aI(MuxKB+Msq)p1v8m_vmx3yN z^X?SIlvfksT(UNHm!pYtVm1=`G8r5sM2T>0^OHfn9}u9cfB2x@>}*-AjbK0Zu01ez z1pEzwb2w`~rrqXs<6bVrPUvqVMC!|LSn;D0rO4GpgM(5p_XpUSx!+BDieSek;ucZc z_3)yL`X}Ok%t4BRBme0_TEG(rc{vxFg8jjldoTMBG3oezB%`m`_&-w}rxr!8q{jsj zrPji*U9pOAqqa4M>N!CA1#9i^_(pAVU%S>F5HLSSe9D12FmRj*dTw*wJ0u}+hs zKKEMS{RnPZ@|&Fz*xq3vc=pc2e1eI+_&r~SV z$AVj5Dg8ddt46X&jZvSD5j0$mUb z5&B_=X!l;*-IWMbw2~)w?={fb5*5ghbcC)7*-!5GBVuUZv&=s&?BJ0H#=v&r1$*>e ziud%1`Qt6cq#>?B+Z@gv4M1oTJyi2--Yfi#L@_ z3Uhn%xw^*@fo7I`a+B?i;H4naDiL`&m+(asz}x}A`1ysz>vN~L zZQU5an=OAsNp&8zcb(civ{6~*L+*kz*WcQONQ0mWmhI2t=w#!)pleX0HQ9Td7qEMQ zoxpb%Mgw(bN=;{~S@8_m`Vb%N4K5XwEknrYEt{+p!-jsX!+azt628_j!iplqIPwjz zYJQ-}kjRJrc{pH+y?4Z3*NTj1*8>6Chxh+F__qN$3VHncm3GWW%^(=Ao+MsZuXTlUuE&vx8J?*sILLnQgTxDt5Jc23~|cHSu0kjQ0nvKwEo@|-EXZw?$-2} z`9;C9tkx9Xf%03xC%|ZdXG-eHc5nmvB8<&O58&t9lFs8(lfzAAo+vI5HR@|Ac02Kb{C>aQakT5GfS#_ZzkK?#_oeeUN0=Mc zyarg8e0#C}0<#t%9D68fILb!Oi3O!EfBRzfXzZRfR#5wZ(zhRfT?56Z6pilM_K+J~8wj#3IZz-r6ZP4Ywed8kqVp+_4PTm2MGA`7bRWuYD5L zx{MqjwxVz(Q7Ch{%p{$#0kB3if6+KoYVtm86o#m`APFAQ!~z4BMOFR+h#w;zLFv^( z{5ND@C0Yx>jz%L{t`s7o7Y0#&u@h^F34UL0F$){|0(8zJt?p0F$--M846TmSDpJuh zj#+;~%iBG;T~VwL;jhgUVCUH%_NO1y=+?nc03pB?oR;Rle7Kchj=DUV&!CA;GhFLY zzCIYSrg_q;L4B2EMXAk)LvzayXWwtOCFQYNoZW=B28(mCX5)Su8j7sD?c>L{JjQ%f zHGJ5Y&LnTrCDUxM81X|?m2qdwT3KOYd1vbo5CYfL#I5kG-ee(42%LQAM)U)bpUP2` zH)R*$g#T5;Y7gqmKv=V=CO93^&#i;%a+`8hCKZz;DYxHt6- zJY2ZLo(Xnkx7+J&z1=?sQxq6(^e%iX&3}B3=`4AQJl{Bdf6_WaXZXGNROoH6_E|LF`RHv^T!-HikQ8Lgrt{pYU1Ev0~cBmz@5MB zdZvib3Z(a*Q7fpdP!~XQ>^ldGe!?|(Jb{D6$iCZLVFApm-Y9@7cowv^$&bS?)Z6pK z-pVPMVCC?TkAw)*V{ciAM^_W(r{dk?)Et$drXJ#n`|l?7vfdTXU&Btark<=JFZ_)a zJp5;{Tz~|07FSrmwP@bUshW| zCJ{obllHP$+M|&%5h*&^jn__r-7t5C3h{wRu%@4m`Lb@0A$qRdtHQxB(Xa zLUY#}CvyS1(#aJ9tHKo+>Z+X~RqP?{F68nbhgua_F`h8XCRLI9I2{?u5OV%`Al=Zt zQirR*BbGln@*aqQYWzm2Iz&l;?6^4KR)Bxyk#kO_wG_`AIcf&xz^f0%l*-6)fR84IsMrRfR$`^ifP=O@1=+pUIW*Y+(ujrqEUG2F(Nv$ zja7SRlRR(NW_F)g2}q*FmUqnI-w|GOhQE8C*)3cz`pKqVU|P?&;#OE;6fY+AES9xh zltO-(8f3u2iDiNSTm*Cv;6d|Bu=7EAA(#$f;|oMJF&k!=-9KWKk*54b)WAf0l6rQk%PBBq0UIA-6KkEqOKL(5 z7smL)*Jez6n4jL3+I?lCf^KX(OS<^IU2ooyk0`@uP$qwS!)U{J0+Hi{bVmdyFF8f# zS=ou5anW#FGkN)^&oAQ3rpW2Nh=*Moj3`rd7ZDN+7o`*lm9WrTzr$4LgEcK7m8ZTl zf^4Thz5kM3z-u+AH?>p_tcuaG@MIX!3mE{G?9)DY`fN+$_1utHl{vc#`Lu#2hvE0o zmS0zZNIVb?M&4;Bi>m*%i8B30rn>Fdm&U*=#|DUEAgsPfIY^$;lS zV7^5KgNIrx&!v*Y$KsK|o=z~cn&jZ+(Xu&f)y?Mqpi_EEl3Q+=Tec@Cs{Rj}hnGXW z5!365_B+Wvw}^UUk~iJwWtVnFnIqDQ;N$!g_&;Lnz*9ftr0*M>?F{^#OA8Lx+i^8u}sk+DMid*AjHTe?rD#fy{V8lW-7hV zW{UQ+P?qu>4(=eT3c&pL#_#Kc8EPc%wSv6nE-XZ|@3z~XW|l`>PlpuX!Q$dh6|{L& zwyY~_D-)y$J=hyD-`keH2FLK?=3eM2S(7GBxzjfhs+XHLmab?mbwGPE@a>s+&gj=~ zOnec*TLB06`)#W<0_%;E(my+L+V<#^2+V8|raUROPi{1)w<6Z0_ua7|9bLgojnFss zt~PFu*VghT_S16z7jl{1mUzQUpsA;-T_zo>b+J|yg$bo;45K|{F`!(};&ym}T{=R5 zS0&wJH~fk>iq~PTL#tcE`>jwznL5Ll%3T!~iKp32_?8~mIaPufP4u5mF%3=9y`!a7 z)cu@SkLUbdvh`=t5*+f0#X=iSKN}!htB$-f#2>i<)q)rsy9eRWgw$<|F`Us-uiC@V z?ywMuKuang z>E+M5Yosp3Upl&r!vK{6y^Y<;@z{8Ou=b4~Jq1;WXx>@8J4on6`4RH2j(|e$o*mxG zQP}(C^b5&W7E#=s3g^Wlkv^M)5+p(NF74J#jkjUi13uG4lTG`m-a!;Z8ZHoj`(&0a z6M5{m_<>w}162eAMJlvVF06Ck&OT6HKw=uLGDTQcvOm{MCEOLq$T34W3D$bO`mkN* z;Z^$x-eGoiuUIP1-1L=h((0bnc+(B75NhmIDR6X$Pav?nrtqhV#|K$hxmyu(?-qU( zSms+Mc@*i7SqvCi&+n}C#jZ)ZIg9DVR2gF!IYwz-k$n8&Wt>h8n`pRL3LH|Bigm zzW8KEMu{*SXpDwvGj2T#`D>yf5~j_DF*C=?*$C(=2(HmHe+D49V>LIGBqI31Z0~$? zdI~O?@$P+?7=sddV4Kaabo*xMK**jN1eJAbF*Ak6)%Fr1?1yA5W<%cQXo>ubDTL#= zi3eU_8sQ3l1!*qa{?EDQq1Ud0Z*o;@e3+I~iC*+W%4_9Kt{Yg&eVlhWOr=Q7AOVozh7sh-Mrc%SKgoHu6Rp%6s{U+yZU+ zv8r;r_2}cAtV|Q5UdslI$zLzOy}&PVw>j`qNV9VF^M7Rk;6JwhStT(t#GA0#2q%vc z{~DgBZ-=1#eMY>r28gNcl2RxJ&kd!Lh@>~y@lRa7R^&ExQh4%e7{LEZ=E(#5nL|f}IM2}-0W?GVdHScR4sXkS! z@6^MU<05EOe%c@Hw+JqwP*c9+|65fePws z8gZ*6!=k@7lXJDiU|b{EO)=2$o;o9VZ|Ar!4!rtTlN5}L)qx6SAKLdt5DFx+T|t62 zi^Sg>H{StHGN7m@3kq?mZoEtIA84pK z;asJ}kVUTYf==$~oZPb2;JtJNnI+lPc4?W+W58o0+!5)cGK7gmmnabW;;(mq1dnUF z-~bwNMqGU;ae3Z-PYPAYu5*5Xc!txcZ)Lr-jqI9P$^}9k{p$-4b!dJ7#4;JFxo>be zFbz#;0k6aU`-TfwY1WSS>VyCm6pHVjAa5tHMC+Jl8)C=kPHGaXAERw9);fVYI0pTC z$o53PTx!0xqW8~uDkKIh=>%HJ<8-+Y3%N=tGv#Wit5K1j75U|h zVX(Xq(!?|E7cqC{dtVyk9XgIwT*{xd<4FUyBuBqXo1Z2)_>a!t_l5>&V)YTG0OEJw z>qQfo?jVqfj?VjNga#m%EQDC)EOy@blRo6H7~xcO&iPD%mNeO`2kgXbUoI#mtkL#d zSAyAFnHbh%;3%}l2y>p5#oc$s@RP1vGM-(?KKCd1F#MdQigoy4)`8KFUWxg`e+^LH zyJ}T4d#Yx9CaIohFNnI2V09Uz0JKVCNS1c+&GGd!-wF7v^@XhUF69mEFVVW$yZE-0 z@pKisU+xz;GMC3+{d5iTLl4lve?^<(kI`VI0B7svqKdi+-zcHZGioxh;bBl4LPiu* z5oH-o$ep>G?=Y$BrNos3nlFg3Vq~?n)?!2R!4RDIJSUk7@v`gW-+=0RW`lZ(%2v|# zm6gQ4>TxsV!qZuGV{Z1W0meR&CUAJ>o1+%@jOo? zWifV_f_^&81;@zBXJgD9-!&m3(rNQBCOEw7-`i*(gf~WJr;4l4wj94|(EO;7B=A%+V?cF{vY`k||b+4t-M3c&DC7uBixO2lE7Y275{HvqsFYk_n&f-z=49zoq zu0~Ra6_d=2FZw`2yq0z&Z~8H}X22`Dwy9c)eL-sMSl{u%cIo1@3yRzube#o>3X!%x zf^~9{9(&0>>_M%E0QbXQvvT8>b=aWl9S|zPWyoy!k2gb$0fQ57($Wbmi-A}vLDDqB zA2vYkfwjc2CbsZ=sk|^t7X@~lCHxe0YsoRpvBbnU?;-ppjA_3v)`2G)Ug40eN2JDuh{-4M$0iF9LnQ zIQen}T8t2yKP+p=a#?d6TU;7#X%(?n#MdIdcfXzLP}U*`%1WsMoqn6LQPe`$+R}2t zU-in*?;Df97Tt+r4N^+=l8qX5gcgL&iSq3GAQM|9cnDilhlMGW*~*0rA}R%4D1W9> z5B;+xaguw=qN;&ifu(Tv=n|r{@w_$AhZoZ%iXf!m_KUeAiNqqc8Z5<8iJw}qB(!Ku5G%+iO>IkW0tbXz~zubnc;ig|Tyt=4H z3Dvm?v8Whe%^1S9H#@)2!nd(KSiX2A98lp|&WkGZc&*hqVsz#vCG@WN2Ji!Kjh^X} zvG#yo&v(!9UuvHNK%foq`_b7-XREX6Z(|Qqd6DRwVF7qwLr`17yQ^Nh=xxsO)THU? zK|2S4zKcR*l0)^{q)zH@c@Cx&VHwSYhSq12a4B9*>9;J#T?2~T+IZKoSU=%--}VMP zdox@^be$8iqc6?W-OkjGT0gh2q_Z(MPbhzquO~)rQ9dDP3lhXL?uENJr?vm={OMi$ zLnYBTg^uNEL-~@3m-eLydIzNgWkM=#96yhQx{+UJ57_5rCZ!B9HHBE@=g|M4e>2-k zHu&|e25R5!uQY*PqQ=RC@a2OwvBI1R1guO3aS0$*U5<5YxKJxo%9FO|G)GeD8v8hA zqqGUGbLmrO-e6Da+$ zfO`QQ*FgcSHkv)x)*j+SA9h87{K6a^prEYWMd&2i+Ed?(&bftwG}xvOfZuomUfU!Shjtu0CDKa~PsTLYzo*h4Rsc*&_~(fP2GUSW9}#aff4v2nA4Q;g)W65Q%qb!_y#gVY$-mYyei1$Y}0)F4YgI1!yp&w^Q#p8`Vi1mqVdVH z*K^7-xUkEeaK3}_#v(MM-b{}7($ZnQ{lAiQD+jN`ih&? z7{167gZ3%@kr(qzj(kuesv{1xPRNO%ne!Aw%Gg@b4s-$KH!Z;F8KB$Fr)F8U9>hzG zCR11h;{E>6dm#k-nn&$X3DJUNMgp7YK8Xy_KM}7|WwFESh=^`aUM+yB)keRn_obKr zy@+0zjKwoB!*Yi(6@{X+lR9`Ug8v1`{pqSE>&g36sGNu83B_|eoaJ#&I)~%lC75{x zA7W^pLAly6z1RO|Ibm8UP$K(i24bn5JRrIA3Ibz8bAxmd*?y`NBH~0r%PI6m>o1tr`wh8j}C)gjs8H{ZnEfCVCHAL)N|P9`Q5$ z#%G+Jajhj;0^6Lu1*gDeH~k>LoH3jjUS@WH{qbF-?yl}?@XxNP_~0srQzF!hcWrnO zI`9tpcBPw=))fr@drXs7PkfSb@=AuV7V&O z!7JGl`HD=%BTm$FKSEsJ;j{t+e;W{c;ZV6k5=E*$ez9kwxgqMaXs|C1tmst0cF}e1 zo-H!9UM%BbYyL{w-OM*And3r>=!$}DtjIcu($%inr%)5~TkW0}zP;DEpZL zH}kCj;Z(W(8lWl^q`Lkv>AU`j3(b+paGy1$0N zkl|4Hxuz)Qo%B7wqBr)SzuTel-3(2dY9;Tj^?iy_G2nkumlYTYdOtvZ z8Dn5k(g*al=U&H8a|1y5S$75bIf`2~L@LAgs8Pxr+N_W2bAuKCyLsR#q@}6Ovucx> zpxJn{?n}+mN;CVAR3?wkP3~Vtniuz zel?y(h1~BS9R}7Gl;0DXjwReZbM}WLE<>XK`rYijOliOt8hJ9yLl73O?d_+$OO;Si zc%)_3i=%|NG1L&^{%ZB|hee)R{QAntNTV%K0PV|K6tt(dIbEs=X9INqpngd}J{fD) zlPZTV-=a*1S(kyW_`cRHM1MzNm%{hCFa1LIOHC?6T)5jfTFGL)^e zcaN*nLm}5*$i*XpkX__H&6o>au@(;-prK3U0+US5!R3_!>=p3~kTF`qwyI?HB_d~o z?HEx#5S?R2>67+^{mhy0|OpAG$rb-NRr;ho!M2Vk&ukf7J*SR-LyWxQuvLs z*_{#n!jBT&(B8=ju3PY=-!mX_f_7Em4s?>vJ=q&I3eu>{22S{H6jeQjgO`l}rwF)* z!-p(xCr9t(tV6|9!oyg+u~i~~&qy!ed40RvP9bvJb+VR#lIl8+B^(B1go9kBlOT?g zaEXx(s}&;hZ+FMmQ~lgW+X^pYF69}tc?9LFu$fb6YzrsWAmN09Kv=dl4;J>JY4 zQ`y=4{n`-yA==#i)&rf9n|DFFExZA(lq}$dujZ*Z8qlY^OrAkGcHmYF(KL*YoU!ae z#cA#Xe@KdI0u*Wpgu}T8FcH$@bkx6zgV0^{rG);z{ZVwdC#8qi8aS=NcF%S2WnUUuG;VaTdqj>_#s z+}d$PiW=#?P1cm$*aeOL;89gF?9^TcE!n<EU^h+;Le+YE8V zn|!}X#q}o!vGZ*`o8M%Cq}r``9h^owp|DPNAzC>hRIU9D+X*K$n!v^1e+A!0Mdv_R!#-l7rcM;`7uU<9SH|1A%0 z_+wCf07Mo)T(}6@`kQPCcK@=}^z4%wAO!?K&w=>A3K3Z_yr4%liasSGN+%_)W1PlcDlErfW2RWvKs|$4DZC77Vm|dOZZ*gFKj5W?Ng0Jrf; zNMY;KW7oRAd6P7~haASVlEQ;GlqiptOvE}7g$`U(5)!sA4gZ%(+@UYCVTa=xAPsGT zH|e-WPq<@f%8&JhZ0Ui~MDP%sF?xovd_R{^5Lyaq`j0v355M}q%!!gz=rPJ<=xhaV z)CC60*FuTP|A#p#<`N%tarR|nMbKUy>sNX2SD_E%lRfv~bNHZpP5D=*y>|T0L$F3i zX}zdgYNj=Z^;z6ZO(-kS2zmj%p9|BWvBb|iX8lK;ypq`ZbsyGPDzzc~>EH|CCG58l z63eNgnd1Yz5Z%88E;{@l++@PrB~7A)6+;@;Vj!|~wG;4`1V?gx2iVtu`;!u9UP%8= z6IpWT_S3Xm4L!s24OCumJe4+Kz{6zK=t||}gBCxgMaJybjrcdKS5!2HAS&tS`{06W ziRoWWBcOgV&p%^iDZt|27A{Thm1Uo(%N#3V~>4^t*xg+ltK6+m1 z6wolIzPND5P{=*y?d|anq4mt#l?5P9&?$E!W36SZVLFY} zmm2MwyAK%c1Cx_&8~=ZdiH!N4Jc-vly2m=)2!7JvydrThA;s?3|Do$0qbq5nuHD$S zjgC9E(McyA+v?bMI<{@wHaoVB?j#-C+;#H2-}{|EXPkd~jM}O(>aM!iT-Th-80r0a zga>+M8Pi~ank)BBCz(+6{r?vA4qwul8o;OWzmbc(n|Fpw9IbY8W;k}sL44Inr<<0? zVtz#1q|ZT`FA=LCE?Q9KW+vyN#h7uG=G-b)eEYYz*PSch9h$nC9hfDXt2mFAtoij2 zYodnvnsehf$Vjf{K1IqQez`EuuTzsBSyVa8`nvtBr_dba(}f6Ss~DqtqM_wq9cA0^ zO~>`6(FWcs;cROz8No>@pD*%$JSigP)HPx|i)(+Q?YbHbV8v~KP=7#jD0#_?`^1lT zQQp4&Z(SRQ7qeMJYAZc9K~642d$9o?i5Jv1Px8dEK`He!;H|nIb^LglQix6L5%oyB zRH+{a|9h!bZCYLk*zKC_zwW;IDzXtOBi1qBn6F|YHm(eWP!mi7Mq{_&aNlup559x) zGum$rT+JBel+$y>1X}_nT5*WqDhh1MO-9mS!z+$%|B0Fh5}>gkh-pQ#ApOUj)Jw~A z-PNyMtkkS|V$QeQsJ}bbu)HY$4$(+!I~l}xBo|>^>wS!pD=>&ml8Pg@MEnnLlE>jCz`ywbVchX6 zv1Ww%Dm?yV;g8OX5Jk}eLtp@Sk8-g}=2B&Nz z0J!U)n`V%RsB#7WG?aaUUhqeqyRW}hF5b8AG|8mK7%DdD#8VldncsvSqrJsGe1G3_ z4jJLzTwm(^{sAXG+NZ<{dwV~f{|o)7(W3qa9i`I`&R59peNt`zNy@mxpirMJ$F;}e z-FQKUXAQ=JpyiLjy#J3aS$y1s-S;jSy~5u$%aD?94QWs-D1Zl8C{qT2l#81_t8==ODuaXN{C z0cUSMlr8(5!6Y6DcH_T3E1w{a_5S%#_vo#$W&WJEXe2K6YlL>qV5L+;${SSoB1 zo4w_p?Bd{!V73{y5im=hv*dqP$G72^Qs|x zD-8)BrYj3=T6n)qt<*QK)O@9VLX?mwb&-}|z}BinTEZ^1u^Kc}SbeU$%0!#PhE?(0 zv%@aGm8k}8A3))tS^AJKbn2u}S^0AhvuCBPFD=z_O!mTmm=@VkC->RjrkvLYH%Jt; z@Gu}LQ_!48s`KZETYNuPQpSVRLMyZwQ^G1!1|w%-MTac^6&oYU5WJ!Xo~jVa4|Orx z1;vQV;tsndg0h3{VIpSKd^T4pW^@z~10S*-_PDPH!9|1RMzR&GxaRqJ_^-oifm+Dm z3?v~YLKo_PpSF?vaxTygUr>K{JrX?V@&9|+(S!e1IEC=L{ri$zjhbsS2a0oSQFSk3 z*)80LMO7E5niP;^Qci@=KLdq1xQ++`fUGI-~hvxTT(tP=mwkN&!3R!_9Q`k zE{d(qYERU~1k%5~W*n@s38Im*^H1HIMK`To*!z&EF;B2f8>b-(`ZI;e0DK);vxu zRgrK$y9aB8M2{$Me1S~*&yv@tA)LOr#H7z2-J4eP@@CuWEkg_z)I zH`eST@bW>@7&qms21%hsy?S%X>ii#(ON9{#e zn9V6pUzNo>v|G^O$&<f<-e9ZeBo6|A>*genHD4zOMCajV`pVME`hhzw4-CsI0Drf$K$h_X+qobu$j<4L zyijxQQow<5(SPmyp7iqZp7h~@pBrE|gmKpaGmSmwq85P>=^}@~_+={%Gvs9{0w=K< z%TEt|nTtq<%+|ioW;m(~X6fN30b%nS`m5Cn^w$kr-2Ugw6R`i!k9ZKC0qyJm{JS@+ zfcb4_@M2LIckfqo{zH#?DkWu%c!5-% zlr7$Ed&{;8gxA&aoaRYyg$@%It<||Cu^NZn73^N8 zZzex>y2KF-GBzEptJ9zkxHRpZ{c1kHJ@CP8elmsoku7a?Mf3Chw)H!QKJ;pHyHID; z0*nn);sHQCq}?zBqw+1(*8{WB@pR!ID1}<+^|$dj;cRT~uHLs{WhSAF?W>>NnhoSp zs{!UOq^FfL^8VeQ*Y5EV65p>gD1pOx!CDc66JF$R$pLXx-L#eh=U|x#o~FpzKb;is zq-C=+Y9cXD*A2?Kk?UXnr`fZ2P%z8ahu{b&-NgRlwDk2u%rYCAaVLC)!q)Nnq7rOUq(9{>jq0@_P|()%}C&~A+Y z_A0=934WhEpKVQmLWNG;*76~B#1XTYGg}_K? zII!ul9sgG8nw)Aq1sl*MRv~PV$`9vOhmOv~O0erRFwlFyz1)XhV<)OZv?+)q{BS$?K8I#Qduk^G;n~ z8XStc`2Qec94$?hTc2Z$WJ2vmuNe`;xwr-LvWYmJ%q@4vfP@I0iz7gs=fpb)cQV-AkA~QdtJ&s zz~i;eX-&Y4?+PC7x2+ZOJ{8P7g^mX0e;cdejks1j&3ifwi-O=19XJSjPz?jrsZ)b6 zE-)@g`OtO2(T9lyWJrt>`0;xw?(?59pCEDsMi=-R>aQ+wx9Vv7Y>9~TbWlFbw|Tm_ zC1_BBXDWNFtQ5H7Fmz;#3Uh{7ctfrQ1J%@IwO~VyUVk-LdPP)_cEbWtX;a;peL(`M zgPz+F3LdTx_ckNh7oG85IQ+{J-1zX2Y$$g%D=H3KY&KW4j`(Fj(}B=d_L;r& z%caIAH)hMW!+CX0;+Ts!OHfUFY9IDg>9Wjm*V6jAHr1N}#xZ&*zh?!@_a~lDpO1h5 z5lQRgXBrE{8%wdH^=nJ1f$L&i(+|n0*+3gypOvAE* zEkJ4ClkYmFWmNeYY;Etc1Ie+2fiwDq5LKa9WmdnY%>q3e`P$dK^yE5PVF-?O2K+7( z70v+uUOzj`oqncDA>8|ijMPBSX@g~Lzb8yRPB~h9E&e8V58_hH;Js~h6&-~~RD!={ z*2bQ2vAT%#w$b?F!o0=9M|+r2wK!}oMihLMLiBVr1ZB|szMIAZxI06V$S_I{!R~zk z+gn7%6FiND&j^poc^%g)=%IF+<&bF5%m-1F`wQ&V7&AdT4y6I#G>9UU7LnHD10nxc zND&R|5tj?1oQfouvl>lk+af=tB8t7v@pjom4NmPiF0yogO?&(&s|^$KSL+Wv&uI{? zVfDdc^||J!yNf8AY#j4bG(~lF?vV7;JjRkE9|AMVhm^Y(GT=)SAq$H`(1ead6LaK@@4x zSx0(9O|z=mrPTR&QAOnvnIc)syLc;E0g30xJPFHwY=+v2xYSx$LB8V`(JLsh43aEO z2!Jt;DB_QCdU8J2G_@3;@^QsPe}_@hF&`hW0VOz( z*uo(S+4~Wz^Vig`v)^6B8N}cO_c|j%mB-(2iXdZT<`kV7@k|D{w9xMP=j&Wd9fL~f z;P@7pRYc-f=(ialhn?l@;<*c|hprtf_liitH`d&bnY$?(Tnx_rb{r;%bs#riRnyy&K+N-{-hSqWIw4z>{6ti zjmnYY$G+e6Nn$&3#v_gl>hZTZqjpNilP7uO#zQ7qf4{ENwwXzOqmmFQ_;Mtb?f(by zyyF_-1!bf8U*VFzv;wE(clN=W-`{<6>YP-7l_2ux!`j z9a=7NNPQr&7lASww1B|ImYfR>4xotrq#&_sONW&b|GoaGPOwMoArv_BN=Jp(Wywc; z$?S^OoOdP?D}cxQJIpm0&sDgNq}7gA*^)^E@X5~ijonAD#X|F@FeH2!n06BI3MW*+ z!9ScwWOP9B=~Ja7Ho` z^{j!DtZ}sc1N3>ke)hHHpAXI_X^Y(9_$|Pfxe$126P&1WX1Usgep*U>M4$SQB^W18 zESq#+r2yS+=T##2?@!rvP{(r5L#;D$T%_Isi*~<>3ce0m;t<|aPpt@ZZ|T|ATAG|* zecof={T+}`wO@8&gOu2SH>JMaL;ueN8WMnXpQ@B={a=QX zIjSgrF!ynbCdT6TjkJ@hR>Eq+HxSitfFzo_T{k=O&F7h_ly<49Z|k6}1HC4~Ik#7+ zMhA!0rBs0lucdGWpkssoM=ge(^&d#-9d`Oa-@NZCSIIp`bJ@uH*dXc5KPZZk9`iN9 zW}|P`npjAgP&+5ZxaJ(S(WqimUWL)k4Rq5dFnG^2R(@Qs*A#e+isH{Hh4GA>kNJRb zZupF(sTQ9NirrU06Z4AMN@eps46~ktqoHeWP>+Y>%j10uPp3pQ9eH z>>+n{Q4_N+Jri;LXPS5R->w87W%Q2ug^n1%ci6n!8+&s3L@?G`__@&2o#7(FB{G5i zUPwUxQM*yXc~F0y@`Z6?1nX?WjIzSt#`tiM<|BGsbeal9uxyOJnJjB;Z*W0l#=YwC z<7awry>ew-H&Ix|s}~Jc=;bkt@#Hkb4dwCEYf(Bz-%JSP8SBj~UkD8uUVFSVLVoAP z^{F0unA_$#F$t7;a1|=fHIX9$s?k@!VPkY0p~iu?@v3A1LbhoET9 zbz?TgpS`edNaDZH<(1xO3ZHmPm$%GWs=5RkJyo@ZjD=S2PAl<4{mBAAuW-r5&Ixr7Z9xFW>PD&Vm^H z2M+|4&P5|~-k-OXbO0v$1!_8qa*z>3c>?K z{%zX?F+9U(JiIrB?9WMB*lycmK~4n@UEf!qaC%cSr> z5N)suPNFz^DWiy&=AN3o7jEZGqBQ5+8}&8F&O=?-WIJf9^>~gD);@(5PMZdEykjG^ z>(4}=*3qIrSn8qT!JFpHSbv#I{n1SoG=1k;MFFp|5Wit;)(&FZ$RB<~JXMZDE-n-O zNO}X;`8dy?wrG)dxk5%GrNpnhxrbhJY-62+^U+9n+2N4UXd-4vd!cyTgSnUaNLh+( zapAhEPg6yL&-vhc@&ZJjP(CQ4Fv;&{S3>|)Xq8MNUXTFoD)!IO(lv3SWd=utFisG9 zN1ud5CRz1xhl!1SV6<5z%4^ z$5^i6vUBDruVfd;e^!FCvhD+w!@%Ef1I=g(JNHGlk*m9P zf3k&)+Hn_)LcyjX+6ab~kG7RT=sP~mDRg1IpuTE6U^2fiu{g!90=;8pk6 zKaKCG`%9qR`5UFK|E|SG(9vSM+N*ZS72(DQVxgyY&!x`%nNK9{<$Dh`O|`4S?tZgD zO1c)a8tP=#(# zQfU{1F4!gtjvFvbG6l}>`)UROFU~3&DkyLRW6v|8zHT^L3*h3T5GcH=Lmg%uuHIi zSuO(Kk@D_Npr-TEKm+&YB$P{kf&eScA$D(Pu|piJLX!2^=<-cm^ICit+hAzPzSC8X z2Pgjmlf}SGa96m^Z%EeM6!?3Ft}~5fU1SF_v1vy`)vd5c8Vn}&qkB@zU%LK&H?N3?6W!_v3E zV0M$Q)4CayLQ%ETHC6BJ+H(kHUA?(_ycJ`KObym2^#^7Yst!Ohc{tdz;QRi<*=zpm}F;&=xV z%AAjrBaX60nUHNAZ%38rP3wc1RB3xHcO~F!{Y$VOC!J5ddJS$S<8S-(-a%`ENuT$0 zWQsI|g-c#Hk3=B*JMhmiwnnlrOFOurkt8i znts_BH)EY6YQxBoq(NQNe!StVOx0|f<%7QQ0|8?Zb~}tia%2iDuS`Mm*Q~w=csm&r zE3K|=kX>YB!`Iy7YN<=sXbY}ymZFSnGK^~YQOaOZhC)Jfm3o1B{qqxGFSTF>d@yoaDI-q}kZ3kMdWDIxI8vP({9RIm+fV)0SogZN3BSKC*5)K{x zA2}!GqmMjB2i4&WTz?XhsGV@@_W4)+aZV&6T-oEo?H}C^i_wT5Ph${;t zg_dqnd|KhDDefRJ1j` zIp#3zA8Y;2u7p26WE4RE!?zC&bZm?#%E}+C@cgV$JXn8W_>))r5cjXN%~yDwki%Ji z30i3XdF1Q+xd^VP&62|GMc$mvS1i$3#(j?BOgZ}d&aU{zKS;J7?&9%JYr&uGu6=!$ z(G*aG+}#~fT66BE;nJQ${_a`b6whuTYkeSyR5olkilb#q==&WIJ1XO7mhGtz)s1QM6(=3mSi^HvE-)H?jsW^;>C0HY>jvXkL}-_kji><3 zr&Bg+G?2P?v%-*-3{nMY6fp?1cqQ5OBwCq;IP35~k2^fvQa&cW%b)e`n@@q#(*)09 z_}PktP!hLT6gyMX)#4{+837wp`S$zgc;`9|5EN+53RtfzkW9-PMG`QSk7nK-WY@i7CNbEFfk8% zmE?KM5;L$Rd>kz_dzqjEwpzW;p8j4?BM0(Z25p3@$>m+hF}O+K*t z^zf@@#Jtj*qRr~Ac>bBqaFaCUfCqy-<>_m+m`0wPE>4(``Av@;j*E+e^TRl7%2kDx zYTgo3Lj$Pq&-s--;sdZVFhAfZ3JCM?tepT)w~R%=6$g-W2*g-{_;UcAxfgR1h~A$< zo|2G-vj{9p-At|*5emVhmPmXU69giR^rNa4@D%(r;~_9JeC!KtZ-=)mr4qZRF{i`q z-?*WRKvy%)yv@uK7kQ= zU;FT*WK9b`?wgH&jo?~|dX5!e-->)-Jp79+g+Km4;~RqdCasn_-t`d1xYXc)%EO@Y z@3F)hQqUE`ACkw7j20J?^V9~)eFgcEHvALDxDv8B*scThR{1nMU%g|8e5Og-1AaGo0zuDd9r-Rv_o24s?&!WnP0 z@SAt997?}@@e8H51BIy7-X%tp+8oMu>7ppc8{8k*60ncmP>rVaDzk23;g_fo zG?)!N(VYkxn0&d%42X*$Id>T@0eAYvGi3H>EL{@{Bj%o85%;Onze1bq4KnbF^h%dm zF0Q9WR30ucv=?}V<4{-grrZzID{UW>p}{|cZg5FP8+zCLPbyTA$gvhzKbR1(D*2anHZm>)cqkprt!))^s^eQHW%c$jUMpQxcgX7M1MfKucb12- zJ3K|Hln8FR>0}@k3e-!Gv<3nty*#*M1URz!;D?_0iRZ;wC=(n4cY66%LIiPQj(LQA~>)=?*;8zXWM1w|<61tZ2pYnq|_CxolFCtR5=R@AXt5bF6BSF*oAsZGuX)Tj;b;#=_tMAI3NJ*o-jJRQk zL`+njkah9CO}^LEyBDNr>d5`*;)=VsEA2!N$Nkuj2js5`lDo0=m;lCIQl<} zx>fmRDTjEh?-Y_|5VX7kZzsCBq z{&`w2Sl*a>bsA5|@CJ@-?r=>E22dXDa$H%urBrE^kxh$vamMLYb!ygH;-EUT8?H&f z!$ETb@N?TjbG^r;$m?Q0IB7H}KKaM-1Fs6KmXJkt5rF&M@8W*F zGSKD(TIJ_kW7z>5=GKKbKA%-Lj7xyK6(E1H8@Q22f3RL<`{lhB<=wUFo!=H9TzE`V zy!Gz~(X~&p5O3~>J0QANxHU*jz3W05;OP98>93C~pYnMIk5*rA0j1O)fF)KLWoF_( z-oSm>HF|_Sb2<0fYZ|&B#aVH{`_)v`C<*ZW65FHSk5~#o*rJh5y9ql$;tn{P(mmn9fpF?6-7#8Z`q_5sXjix~t9?DPs^oEL2{=SWaE=$}WG9Z%0b$6s15-{=WVDuh=U_n5iCP zgsjNoPm#igY#WI>WS1q;-GYx;XOq0M(|E*2EwI=ylXE5BZ5!}uxQ2}_0*J^5=m;Nz z7$c@|_w&FIC=iNc@Th4`{5hjVr%noFVEb$L+_v=}i4%h7>6Kj5F=E*Y&hyVoHrsHw z5?ebOYjzL6>tqbUBoWD|*iBQCl=oLE0u3Vp?QO8SZOmHu)P}4(vouxP#zXEt{Njb_ zK*(mNrK`|Io`j0KTdTqgd5lGR@KYCr1IIMxwhx3tgid=y=bc5@8i=tF#nQA+!1J`W zJJMUB*VAd&AZ05JEnQvYUNqguU=Qx zY6$hOMh!3Q4)d(_&V|ZTN}l!JLu)a{s$t496;y&~$&!Bis$0Gk*X)T-ze%#Jh)cMo z8Z%ivvQk}{vax~ln8~dQM-a1&)HgNq;z`3>ELI&aXz&@ax#?XYb&6@{kGf;0S!drOb6kTJ@y@~!wU1(4j)s06FIEAXmdP`AZzYtR$;;BIA79AjBOvF{y6KPx-y;;K+NV5sG)!pU?kH&VWtY98 z#Ere#J;;Gv*v9M;sO4R@ylhtHvsOD(ea1{YotX=E;!u*YLK@?;P9Z+6(*5d##P|NE z3hfCVMc33LiD9o3w&N7DA85XHVZYZAyZPQa{?asibO*ww5zpTAf*E0ePK4&D8crez|z%a)Hojvk&fOT726wsYE8bOv#2{}{R zhbfLWGSMQU$x*VJgm3N!;))XRmR{JWO@3lr;Z7T@)Xt=foI{Hn*TR6p9om;rcVk6a zLxZg`o?nmtaIX7h|E84yWEt!H1Kwb<-~G#g-PtBOpl-oaBPzRhjPsr|3v*=`&1T9$ z9}1=6o<{iSJR@t9A8n6{Ow+L1kB$B5QWB0U= z?t3NcE3b$2!DzIUdQ(;zAye5pQ>j<`-97c}qj^k=VjQ2ga%5X?v-F=nBc?W-Ym75Qcd*p{5})#G{%{+Qh(cO!zSBNk z5#L7BIB9Ad(Yl!@zP5g_vlf~swF7qi#ldXLzrLUB!YAelAb;In;3shHK?`h;HnqN| z;a}cDWT#s~K4&0k6(t6X5#G0KyDyjiE%(DeQD#l}4!?Lks5$}VZDR!!OT=pk`S-?g zMe1hAlN0~qW<%^?Kl(#ZJhrao-voZ9e=VONy>ISzX49RP40bHQ9x!Fe?W;4N4}GD) z6)fKrdrl}QGyFNOCMXe4o3$Y$__SZMRuj2uv5X;`pDE%6`OBA<3c)PM?aVi>RpZ)c z-TKt^EA<0_^>4Pw)-(ctzt{)h(KiOfJ)*k3146k!9su^iS!7Wj6v+6nAG?RjzJ(fC zUapv#xj$2-W?c%;W`&8Sz?7Efvzf{l2J2mzTOow)QgKE`Xu=k7UedYdOvcR8Bobk8 zny|BsmRq^~`*ggwNQLr8@BO$YsO2CwcWI{w$C3=!|HMZ2{=zTIRdH1hW9M41(nMfJ zJss~7WMnqj_+9C(?Q$suMDMoh@EjR*#NEDtrpOQUi_1P*6Ox}v>+A?73L@UScp~vf zKg?pJ^UO2(X)y2)>B!g3MR_|ySp z7*4sj;nEb^$t@;_+)?ltSvsbA>#W|(rZ}-HeO$i>5^oJY0|4Is;7%1DBIC>Bbzxix zuh-+7oc!1b9d^KJ&n-ke=-cr-;$Z&og^J#lH?!ZRB50cAue7x~g>yO%^i{P}5*65+WB}!$@i+ z(9mP0SqPRcC9^2+OY)d%P#|E%WP8i^OK16~o+$($PBonly_B``W+5#VokZgU*{q1e z`A35wu512eY5)C80Gc{Z`X3kiAF7Ch$8nbWIz5}EdJb%*VovU$=n{>7zpJH=5%7nG z;`z0&8M?We38{#f9r;U~f5prGvL>AD%AA|XL`qqu5tyL&F@E8E%3AA6UnF$Z+5WA? z+d~}EKLzduNF*&L3Ez)k!zpV;Zhgn7;0k8SfG1wR7jf<-(;uwJ7Mn~iC%`WRZ@J2& z3QS*ZZFN3f-Ll~H8}`0A^2jFkmL}i+qfJiYoG1AR6xp@a16NNdod(aKKD7ZWe(@SF zl0#5m2H15F%|Q;4!>$t;;utSJ9ohLMoB65Liu}JwyR)}gHR4l=}IDjzEIP-;R_h38mAz|ZL1{dF}m9#)mc&?kT#Dq(Gq<6N%|L)+%3 zWySnXkxn7a(d;LS5jVfR?H>t$Nlaq9qzq5#nKhyjP$n5BY^ghqe~x#i+;hn$zd7z6 z__9{u@Z%r#t2#^8G(6_*8?{GF3MpcCOM~C?%BhaKtgd$ny6L#YN+R@a3_O~5!Sv6} ztSar}(T3QWyFfjjeM^4)w#&yxa)-hLL(7WOv@t5q@3YWR;O<#f@|lCH+me)r8Xc~@ z_IFvw7~d|lz=NF&`s<@@h^{{%D751Bn{$Yr%ve^zMmKyEw5Y~wraT}O3Nej1KJ-V& z*WgKa8jrJC*S{swQUNC#qU{y8FDZZQpVxaqsQ&ngy2=1c4)7S;+4X$o?b%EHLE71e z`v63-J`rS}-vi4Q$7gB)cR`rF=386!un_-0|FU;~$qE02?v_StsD4|kE`#9jwVTk{ z96vC0n*9CyPJ`1=)$Zz5-rXYs`I}wAyvOxg5NTBVps$V6yTMg{IpFT~_QwD5d7}(F z0b17ZS6hgVd)j=ri7_H-KK?|%;D&mh^w=_Fg!FpZ*CW_(uFuR<3%ZHEcJMAA758m( zSSnAQa3YVTKl}P3!lo0=jQ3%-Q%kUMDy>!$pp&2=i6oNGq}zxZ5kZ|FPPN{#F&%O} z+li6e3eoyuyznG?k;Z8*sUjEjQRX37dgitXqPH*Uxa*qvSGwk&qOy4~o-6Z#l-Fo<7#%rX!|@VZA^Y1=vZW z9iJh1V8jb~In`zgMwBX$ZLiF7e7CcO{rcOBnu0NSkiezXR3YFi?Uw*VO!>X%;IL@Q z*nd#W&BN%O9`Lr)mkbg6zk;a}c^t&Q$jx&{#4GCVCmj_skQQh}qgKS#qplJ&jJ3npE(XIj12&LaOeLmG^PFMa>{+H`T;ms5P zA;AAo>j3EU*G&A>l)V2(QVOF3YW@O%B?TaqR(2eeihjl5RIi_hOB`Jy#q&!r1FSTjG`!3z> zr$P>52HtuE3}65Q5J>`Yk^fk;E9j=#or%zmQ4fN z>Kp9Lf8FK%_`HKD&B{Ki@Z@{5huyZ$u8~4KHQk-=2&AhW%7_?pCaV9GKO@)}tDBQg zf4CU)Bzc%Wa~z6ZRG4q5RdixtmLDb(UqLCp;G))v=aos1z!9uUMM7LY-CbtKO)g}T z!5yC!OHEc}nQ=-gJ7Q7T>6z+zeK-&C{Rf>av9RTz@KiLBxvsh}rma;O5J}cKYA60W zf)ECet+=pK+_CB2*GN0r{CGn3YxvFo=G`1PewLjDdNu*vbD(d!q&o+yJ_*bXqdzDS zY)ZW$3B0$|{GV+l-|*d*`8>#fj^P~W3HrFa1eJMvrfvel;uD9<+}^T6fEe8A&(^rWbZ=w zOB0qhkiKlc_^xh7coe+BW-2b z%O)F19g)4Jf5#kVe*ap=CYRDP>MbkmG$v45Tx6Y-q<_L^rT%h=vdl1RZBf20Nhvok zq55%`#Jb#;^3&qMMy$$Q!zoPJfGcJJ65j}ZCnO@_bdn=?@|S8}5=6x-S1lm2nzI7B zQ!nd1=lRYX+&o`(;%LAqO`Ob)$t*HzJg8npMYd25ep#vuHJ{x4M8pEtG-pSnxwYM* zvD@~;It!KCa9<-jOjAAPtKt43TrV@;RC2CqewLi~RE7pjHT5R+Y4ah_U{gu&1R z%N;%!?Jp(Tulh1{2vQIGjvQSMmP8>wX1^Lo=Of3YEydW#eFtBjI-0+0fuq94$MtOT z+qr7zsB>$WWz=leH^iu6EegJmJ^L zR$IxvQHK@wFCi_$i&d}`mZ~$V!&I|h2lH{e#;6V>Q7vA5y`TQRm67={VLdIX=;v{T zRj__G<622K5pv$hINNk6m8p+X>!{D9eg4F$wMZU9Zz0w7q!ubW+>g}B1p3wHkzdeY z%=7nCh{uypL7LD%47h>nyXqtcqZ)2ZI+LT{m0HZWrcDxePB@k3jx@Bmt*7T49oz0V zNE0I2j&A%liH$V~43Gs}0h=e^F?2R=Kd6wIUD_rVm{s*cZkPxTdJe#M9_KXFEi_I| zQkHtZ*HLye%86ChUcJqtpghWwQtR^Pe1FfKPKtu`a~WMjrkn8UI1UG0retcn zu&8mfbR78mGvTvwN$;3R+LP8;f@sq&X3439F;Z7E7Oymt5nuRIlJZBy_+#l6G|7{OC3Q?aafVv?0aiD5*`=5Vrnz=Q|AWDTRO)o3e z4R5m)Q-mGoCWvRuU3ZAID)UODk_%4s_7nvL5d(c`N6xqYXAf^N z_K>Ipl6dtE7aSgw?Fd)dA;MQpD1ZSc!%*S#?0!%X1aL)6;`%?Oq4xohcQTQxfPvcB zh5gf=VM1^xk`1^oGd17V%Wdou_$f1B@$X}I%&BS&4Dk{8DEcsdp9P89w*kA8O>X`2 ztkhS`ie>GK%+74(tIGA-`7#9?MC3+VVAqiplZij3gXIv(Cx4qG$=A(txSY&N@|*np zX!$B(NBtKaML!Q8iI+uvD1LJZ=aAWO4FHGbxn+a;x62e&;v`E5=>q<^;k@=Xk>6qP zc1Z8PMmuj3_evzt&V4b97vUOoUHUq-cr##uqqjV@Hr|&8{w*TD9F+QU5bc=p>i+F; zxG~9Sa+Zf6_D@XLt7p?-t7%1^~O(BmIpr9^f1OHhi}mw7;+S{?sFIw(f7H($H`-GltOk zE{K9kfjKN5Pa%Ah0)JNPui{5|*4O60#qjFy;?;H6=k3|r1KP#wM5DsX=!=reXPeaR z8Y7VVm!r))`74XYsOe>wXdSfxJ_?T;pNx%rvLwWVKZYYQ*uZ=~>G3JiX{*|7WuC!C zhdd$M>j>&vyvUKBELF%t9Uu1iWMN|cT>jHQy}^(pP%8kVADWB%S0CF{AKpf0(o-Zt zY+>0|DU{CjMuxNf;ckH^=Q1`5adzvYZ*QOA#2@zpfX&fw`vSPfxb>MV1P)E3sXa&aEx6@8@|?~xf@B%Es23fc zl=N)-AG&1*J^cL!iMlVNu$3=6$IVAy?;9g>p;Xs|$+fH`)i+g2GB2H?C{zf(rO)3lB!wr~Geaq%QUv^Cg*9zZv&(2A4 zK7?bR`tINQdgG6pCV;3XT5&sd&~D;`U6QZe3QW^HG-}n=wQSK0TrvMtO*Ahhp>It3 z<~T&xH{q&FKnN#^{P&iDD3oS1@bt(p`L;X240`j+Wx50`$z#9$KLDmcS-&{Ku2+%i zh4E4$L4D$3-b(38l!Hx7Q4dhw2li{`!a{Pa+Q;?ZclmyhuhP zdW-7K`f`Dsvtged6_Ix-GSl&Ri6)_1=1{Xzoj$5}>s4OWYg~+Ox?91csdy{8r3lMz zERRvM()v>Dx3x`WSpKYfi*UF|RRK6;y+#`Qkxq#tOhXh5SY1<(6G(pNE#)RuT(J4=pqX zUm=~ZUOu^D>Z%$|qVxr!y1o!reaYwZy=&y#U?w?`hPpPRV13M~f5yr^)hG2n+Ap+u zQ}3hRLE+`Ci#qdeT6bd`i+uumySZ1AN|?5KJ^y+d!`mAYcxoZnDjLio-NW95yrUsu ziL64q#{$NGz~0rEvn2A1gp!qk6<5~|cIB`6X@~cGJj72AI}Ox5?lsWCVFPtq&yV-& zjf!Hu{o@Ae_MSJ;K}VH)_IyS;)y(06{(qJRKHdei6ldk+{(g2L*{c` zU$!;_A#)nnQEdww@8uhxxsF48`vOaR2L8Wg%B)9_0GdXS23Pg(u_%Jv1ocw6cM774 z8Ht&YBYInAx8}nu7Rd|x7c_s^`QL>yoK)9^_j9WPs@~vuiK!cLU=J{iGE$`;Sp9AL zq~aq>D=vw15o3N8(5Qk(jA#&?Dvl3Rt$6Z&w}HCdXARVS_FOUL?z0l_RubrpwXb?{ z+tbbU)VA?_ztoW7G{yAI`Lzms`;-Mq7*%Yb5Iwg9!pUt6Fg@*}Cc@X_r<7w!o<__k zmtLG)3gWTI7nhPr9DE3wPrmjou(ww&#t0gX10p0YY*4@?+@X&tJ+eJ05>%iOw?K25#*l0IjA z-ie>+VTzv-i^zS*o^!>@`x8E^{3@1pt9ZVQ>{%&!cDp;#^J@@2A+5bwD1h$o1ki6w z0PUhCdb-}xt&;JSsCbnO$t6@&0!bn+aS$*M1EA0rklu&8;&{InOX3Vk?pIMa8zQm8$MUsxLyMn&%a_+}Y<+K6pzt z^_9qMJ6jmqiEI`4+KFsCk!_C1mN#E*ZVl_~gtl)&Xxq8beRD$F0y~%y!)$27S0YyJ zOkuj-POjR?RSq0GxyrnoDOXj+Cu|^B?eFBOom{n(tG-6LYQsQ)#+Jhqz7oN0XAeU= zxvc_UJGpHqx6P5;dRzAG-=zWB$!$BiZ6~*V#gf*}M5gP_5VdeXu{gED(1$!x4l%FX z{^~v!lb=a6mXq?Siuy)oRa-{7*@ie$LTR>5ZADU{z#F=ymp^jsQ-%0~#4&&SFIr<( zNypml&EEd0?~~|4$JA8K2M7VZ&S8EWI&8WODZU=h;D?sls=tQ#cGedf&G<4W>j$jo z>RPY_#6n)H*teJ=%a9xDYpPyG$|>#RrJc^^NWtT3JtPj2F^x=)eAU8ntJ^v(Zs;_U zim(z<%t4~RRnIObkxw{*4Pg|p0+Z9BR=?!vy||xxWY!{w1n!l+DkdHi|7X1sm%p#P zmvz^UPb)LlCBw}o)UN~{=}k^ZJd4=ZOH5#{=Pd)`?3OEuwHxCO4W|goe>yC#jHM4B z1|L2Q?(P&=@W`%!Y|~r5AT` z%!=C^9;r}Ml#z`dR#9vAPLOi@IUDs9-!7wLmQq?J5v@=I;lhfNtf@b-@ef#(bX}Bf zfaS5JJ7DD}XW%QX{cJ2^qA1~kj$-C=oK}+-4(NE6v;g0JCfCH8E^1XB?L^?OKm@LG z;@^e{+}nx3XeRnRai>L?{C`C|4dv5mC<_uf@3fSA(NY{& z$x3;9r^S4uTFjSm(e{W1KH<$QcA$vo@e#V#2Xx{Ew#- zDPz%Zx5rdYl3~kZVLMLCHJK?_^=_|)UPB*4EQpU-gye*vBo>kr9HRGE$&fUidZ6qq z>d<3hm_$@g+Y=ImO&FnQOHN2T#58J~7nN=AxmZ!9C8m)cyMoLae%eb*;rNFsG6dRy zf)=fDz@`HI$ngkA7~z0LV?lj_FcL%}HcCJF=^8^`!m-TyEFxiPd>88Np_sEji6;Tz zSB#^Oae`>1_eshkh5re=sURcd)6s}IPYyCpLq^I1`2>keM!N(?zL{)Bx>&gG(`#1N}nO-S3bLmW{bU*R*%v}Ec3O3 z#e#qJz5(vO*`8tkN;jdp@Fpb08En0y?30`ZX7AxwY3t>UtS(6y2UyZ5zopb+zjAhg zyQ~Hc^ZxRg&px|p9=W=Kb;)Np^~z>q>Ro}=$7xJk6H7a^Qsk6gc4;-mq99*CEbP8T zck}vw@kKYx|2{1I?iOF{cZwwnnozIsyX$B3_lJuYr6^}x*ZY;AD0X^O?6e3)@1Xdi z5HoV@7sojZZcCZjYSd;o2$JFf1eKf?< zo3yXHwJRF=ee_>!SPO~7O55w#5K_JO(T5MHb*h9ZKoz>XYsRWtQ(#jB`qAaeNWD|y z0T^sV9~dQ$;{|QvC}I)>GgGCm1kaY3v?q*R)%z%BLN>uJ9|R5kD~ZP(`=ngF>63s+ z(u`R^J*COPOObdUAwKaNXh=qklP0|OIDvj^A|{^d+wuzyhl?BaEP)^OxT9YV0|;3F z;BUgOsYgyck0p_OyIiM&cnPO+daBgTTbcFFljuaeWzjifvS8MNPrnMnAG(sTgokM$R)3h;#d>zt8#6ZbXERp+e)v}%Cz6G#z(tN2 z-mxnZ{ma^h?&_Is1oN>_T{a_V!QwV8kx47HX0w^&3VevY7Ea`Zarzgmht}0I(V{Hl z6y^l$oCRc6jPoufL|dfHyF4C64WVnohYANz#za18 zpeNAmlRt9Jq4!TTXL#~Qu1R?B+eHLLC=pP|G^?KXPZB|LHG%PIfaZ*AGmQU0BcDd& zPl|XJkaIFpg)Oe;Kv_emOcqPPB$DBu#FH??x`8}(Z*L1KB0NQFp~KI<`xODz#M!>? z4vEAT=riVD7|PV_=JUgC_p6xGYZ{O-@iP~a2@~=ykvEKAkDk0qggke)uqQRO*ZoYRy+~gDeR&8JDhSo$O zjoefWA-?USqr<~}rT2}5UK?9#juY(v5(QH=upJlFOZ}&_i;vd*`eQw# zx|YW{VFGNy*WLC>K)4KXgvW%}_0nFoi8JOKoAkO3WX`9XHgKLOG_BQ$*?cz}%DV}U z7(h|cf@X@XQyk+V4XC6mP{l7FW~U}!l=IQe%%Iq^~b-2QcX{z4$k2@0tY3Rmb% zpH~~t(;qaUvpL_LJ^8eO^1R)(qjFav3 zv4H<~jyk~ybcUrQJQ7GUq-P!7Oh|-=2@QbwW9(hwF%hlWBlJ!Y zyAl-{mja0i2?C@Pd=x4n7Y_e839zKs1jSfRocB2LYmZPw#`-w%sZKpbd~`$Q1pTkQ z7E)3jViD9-AfcFW6wrvYYONO+mlu+8QhS6>Ss1bi{dRhRe9A?wHKwu+|7!4St>It1 z4gcB~lW|-9V}FY4sGT)5#Gcymz|*q!T}#}=weMO(d{z6dCBwM(-T%}cq2Dm4ED`AS zivEj^S$l-k(lMv1wO@XJ`||vvHo@LiyXMh$t$6zTT}zJts*uU< z^Ql<>?&0%R`k24|dk4qegTnehI6CU>*8hDxkI?Bv?X&?K*G_@}MGP{NsSQo3WZEYp z=eJVfC1du+8yW;?ND%gY;zM#h#VypjYSn6w9-;SVnv)Pul{90ddHu9CTH{ zn=3gf@v4>1pV=$Wh;cOFSLBpMlCvNn{Ee3G2Mu_C;Z2CI_ugFX3 z`2%#8h>7|F_~sIvcEDF9b&0up2Hs0Ci%28|>@74x=l^_(Jgu>aO3*MGT-G`C7x*`F6N@mg9!NNs%9AR`8d zMM%4;!%_kem6k(+8w^147^o#|mU>HzN;-+DS{^*{q?pAF3^Apw07RmU891VuYG4o* z;Ts@uFSP^5(GkAlo)`H=2)*Z|; z2zO{6$1zDuXyH#XJA2u20%C~-_d(S_IzkPeoRBG~Y$=9l^nc(C8dxxj2=RdrPw+JX z5wbAswma%_*9LEbToaB1*D$xy;GCHiP8G`d2Ozpy9o}PmMU4=^BZa}Yy z1A7adlYm^~NNQ>l=!S5Da3B~;V&C;Kv_m_8dGg}T%U0-T41civvHJj)jE**lXy9Qf1JcYI8z@3`2_@$2ngRpTxHadlYNtlp@A?gng|+YgS{4dtroAG#?-?BI{)G1RJEDJ4K!s53h8(v(T!Rp8fYat zl+PVu$U_?W3f+Qa!^G%9ALwN`vCCR*CrPY0G&s%<3Y>R<+GyZ#Ui~{~VicNob@lAi zK(#q=O{xRn{Mh46XwGJK$rgG&T7)?~9&@F{6ZrXxafPCRB5X4Y4Krq!1oV1JtEx$6 zmZiqT1ABp`om{R3BjF45^+_ zJDo_66KN)AkgeZ=-FIM9Hyq9ZOrLBGveo*qsD3qaUva4AU6SZAND5+IA zUB1^qcJrRHgd=wWn98QL7OEtul;>8`RQ9!+tg`Q)j=hqE^fUw1Ss)45gtnnGepn#Lrd-bTzPO{+=`Qb;nXD|I9r z80(<*Boi$e#sT2o?NwvN#&`gyXQPpNZ%LR&h;d)PnUElM;ztx#ZtxUg)u29?F&QNw zWC|-8SqUgy$wQ7L>WZN$!1EL+PDX^2D3yb49YwU-Vud3_ZgCg~AaY`K5n%7ifSOuA zsBo$Zgu!)930aobTzR(I4ia;Et*RTpJW2$*rdaKXocW2T`oSn7H%6%gQZP$V6LL$l z%NKh1=f=Hn00V0%wFsO!sM?D4zMDuEVyRYIFjb2_=GyF~P^@^$HQ`h3#iwc62)lZv zR#3!Un4o;EEy{eM2`$8WdhSIk|7*u zJSDAh%M$w&p$qP%T5}#BX0Vc>fC@<<2o1qM8;Wc7q_B3zDpnsX8OZZ2wC`(~ZOS)*zjXRx;bp_Q@uL@r$FJ8#0_nH3hTO zCWMoVC|#0vo_C&iX7No7=k@6H^#!`{a3r*y#fGHV%~f%)JTLt(Hq;XWu6QJGhO>h- zPO(c0svzyn6DwfLw{~%`41n{!-EK5s76u~-1_2u6{K^IvlN&+Of^(HON|@1#{;$p+ zs`p1#Sep*2ju5n=rhHU5a5hhXlCoAB)JZt(+kW3ht`3}_1!z#aNy2KZHBvFDpLaVQ4cPPJ=SOo|z#*~ur)CbstU`V2r4~g*JR$_&SCo)%PUI!fKo_R`Vj)U`!}ND*#1V6Fmz)3LclM0&(FzZ{4k6=kx$ z!Vc03gM$nS7m{O1#(K9JoD*vxP#Up5M#^Cf=x|6BB85!6E45MD-4Tv-&VB>2L`n>n zcgbw0GuhRDh#cX6j8ik|N1g=aAC>^$(%@G?#7`s$^~?j1sT!Fc6rwA|W)27u;~@@oI+K8oh&T1LY_6MzGQybl-T`P48PUuH zh2xkrti@k_lotf4%Zm}Y^3eG#BHA7i(CgHWV-foW-rH&y*cwt-?JBeHUlO zQ7D+^?ZCv!K=yzqH?ye)dbWs>h1F^$2{5J*BDA+TCow02L{e*7sm%_SyE!5rI=05) zRI`((iVqEB94P5A<2~5!{l?<}s2?Cl|9$f2=X8`a3Dhy7we)7flr~C4 zmR!m3q~9pHAsnpTT6ok;8b>UehAa`bTDE1nxtB`bDHb-Ra4KO@tMdq_`vDA9fkSQ6 zu3=wc3N{%NvWtuqVf1?2NNNQ~zrHpsFatOnF^LrQ+BUU41aqSBGf~s%xp||mo(Xhv z_8MuAtp*w<5?G`n+qRuvW4?zKlWtB_^U^rLz?4Azb_WGCbc2lrCtXI?2g88|yqLkJ z17@DVTjrB9#^u186!z922H!Q8WrzN1S}Z;ddTkpMrFF!3Oj_&se^&Yb{_^(S`RgBk zefRq9c3glL#eemBoudDL@91#n|9c@Fr1az)XBeXOIWnV@j;RKzX zBgjAmW>w82$cWye!Hkq`16B8TrKyJa%A`xP0v-g-tGzH|j}0V<7OYaWTgfMG?l`pt zP9qQbSmL}eoQ<6lq53_Y5bsKJM+g82X+#y6N-hc1F0Te5JWgY6E;Y^{wiw{e@o3DQ zood#kPj*tnp;K5(gxc}WZ=wG-d{J%8*2wK}9nj@Xq^H6XOq4-YD;vs)rEe89a9|5q zoKc2G;3lj@23_RrT-#7$Y$UJ%JblnpE#awOgT2oj4e{+g75qOX|84a#pZ_0rdq>@3 z{KtN8$N%r;d4wvNXRY>HD{7)LO($9^Ddx;%oeelP4+6_wM~-WkQsL={2q_xqy^(Qr zN2(vAL#dATa=csdOE*>oSW^a|qeoDtlTA9OgPL0TLP&1d+&ZO4cNi?+)3jZjMJgbm0tW)=>5wtH|~f z*w$(nW>4H+qE^jbV6X6r#552lwP?13HA+*fy+c~H+T~j&Nk2Vp;1bhM-ajUrm=jx~*>K@0uijAQCIhN7R~HU+uNJy}zTUudR6uUjB!A zeb7Mfl}IxrN=6ugwS_forzOUa`q$6OL=wZ`r|6j_3XH^il5jo~9i&b_bsZ zjD;vQ<(9ze3mb%|gy-51j*T%}=IK(zzE4$M95mACJ*f+czFIi%4P}(Q-`0s7EVr`f z^x>d3cT&A+zUW!)Lf_UaYV7Wgg}!W=x#_4)p}kt|9kVvxEFzK;fqWg)GHB>(}%_9sdjA&{2UvUhsoZt!5+LpW9Q9Np=H+-9Y)`L5^lzVj1Y%DLU3u^h{0B3+>{f=qhb{ltg-7jh_M>sT=1UZ91e; zN@&kox2@aUp?3q$I?aNUtWp<%I9ewifa@~l9tGO-J2@d?3%#OT$cEdtb{YT^s|ARS z)Bx4k27`f^)V8z!QL||~IBp%bI(F|PxuHJ$q#eJ9=FPVIhDJ2R0aA*37;1NR2cxb@ z+1b?0zN!#DP`Xp=cHj`kktU2|hcIyJ)fS<#^{6(~*+3ae6cK3M5>ASQX2SpY9yGL8 z$0ff*-OJI8UL5}{<6Ocw5v zgbK;{bdc_f#)HfT6!}CF9@2;yqk<(~)w)vTjl-h#_TVfChSFKe$UCq!#0 zO_ORoOR%=rLhl&p9Qv5U0H*e4a|wsB$AK}4_%-{F zuD!}ydy;9=sml|9-LKU?qBG2KsE7}JL@$UoY$`UVerXNhW9=hqst1|>HuJxrK*9O? zqvFrk`idwJHww-eW}D50Eja$^a8ecF5adG$H?Zj#s&nX|kAr&oe4{={AuD(|e?+MR z@k}?_k7!VzY2!Y%>z(Q!elRiP`&*=A=*hYODFWcTw`0w zpPVQUYkgk`tRvedJOB)VYdE-3!Wt}vy*M;vdeq0OHr(Fz>NdGzbl^|!&NwVY66ysA zD<*Ydaoxh^XPGk2-7y9oP1e{cP=zm}3Z2A#dzy9)9*Pnk@f8fZ!%#_67 zdh=0-busN8H+wb!kL8#I*nq+N&W&aIXu^_;U@Y(U{t>;_`FlzqZPc}sEzHT`qE~Y+ z$BW(pg_hNLLK?YrJmm`7mk-Vzd@4M4O&|qOuBdR=gPSm>oOVZ}!{j>xeB}H|jn{33 zTdA|e83*Z7Ef-G5W5N+ef3hLCny88>(Y_&W%Qgrw=k=;>CwWiNDD#`mUtCylW!=z! zbqOSZ*R*rt1&{#**{XLYcQ;4@f3o3IxP~v#aanB6(4Pp$<@qBTydJ$}@=W_WE(9iX z(NVyhXZL+Ln*Juh*c<%pTF2vMppqCE#XCIS797{T)bM{#*~lB7g=xS^BwPUr zkqQu!JxsJi%3AP5_!9OxK4oD#-jakc}W|3Uh7F*k7a?Iye$r}0X>=ea> z09J-X-VkDRzp~%g|NDRcKf+!$V`fs27=y!@0Zvb*pWbqfUgylYN@Ve*mIX`=2%RvY zLnbPuLIc${LP@VlFm0qEF?Pwq2_$1zBA4zfV<`4?s)c>H9D_x_Yec21_Iqaunsa9GA9Lb7 zPtRWnjZ3s%i00@dyYi#HKV@O(L_R8=qDS4XaaT=J?n5`6M2gW<^d&Kw`nco z)2v%-NVMdaDFHV8vyal#mtmrq7aY%8Zkz_+**QMcSBIpzU#q<)Bm<17|Bi`7qeStA z%s{El9i-TGF zJAENw7rm{%5U_LpS1HVJ`qyir-!YZejoJoTnJvI((=s~`i0u%OjM0ePAVEA9`J%Sp zLhoN&2fjz?rFx2y?YZ6~!$jt`?9=lXI-r$Pqx#{KH9zLCykO5H&#yV zRAD0Zk4(IE4accp2Do{pV`qk9^eH_YHRz+CEQtQy&lfH9IxmW3k%H!`5tC-ic(O6% zGow)|8ln*jnUbKDTH64%A{aFV9Yel=tftP&!;RwpN(71z_TK&B%dIlyHom@0T3dk$b0@2{4oKYlQNsztM#ez*r4T^hq459~ukyZ(i;~WU&np>H=EQ$Ok zoRzxMW4vofu21VDqA##(q!PM%Aw^5^op%%0PYyA6UD2GjmZr*m_wz+Dqo8F`u;2oQ zed9ov!O~Lv>9;&_znM$i`Pt0Na*cE?Qw{>Ln!b?v#O5{B2Vz#LRWoj)w(_jiihGVd z#`qh-8%aabKx)w=MGoUhPSc!V?Z-4FQhVWOY1}NKrV{ki2!HS|l=kXBPomQk8eZ*TX_;0S5_L012rt|tfk$I9Stq@PfYo&MX=Hfp$D*VIH%X9KnrCcsButn z1uwHgfB`pg&%E&tG&w3FPlDz zO98ZOR6KDv&V3=lYG)M<6l)WYAOym^wjJ%7Z*y+!u$@c@6lT{-+aWh?XyL~#1!X<5 z6Oa|wF`0RAw5Pj1vZxXgN_n8NyiHB*V`QB|rfLd|;wBnSSn(jATyFsC2#pYx0zn!q z#pbBAG0y^xFt^;cVnQKf$P5E(0@It*9o=cyUQT(kF`0Uooa8~Fx}x7cdT$R3>{-O} z;muX=+_mnvGOsZDdAD@E~`? z%|L9j=2D5rD9xr)K31|pXy`(HqoE>4}!n}@%VssL)|t#bLV1js8XdB5awz& zPMD~oQ=7v_v5xdSQ!^pwW~nsk0f=>}G~*{}Y}DqX#f}31&WctMLxKXeX+tsy^P$EHi}ba`_Czi8d=vI%41diUAWj&udlQXRw9bP%+6|PMvcz53>KL1)%Cl z>Rk~ja)CF|7@`I_*@&^i$%AMgKJRHkWOj?LM=%_0933AW?pZSr9Z#Bpl7EohyVaQW zMYvi&d6Zty;zp*wOR)ms9Z+I_zLS4Ti7IcIPnvdbX@Kdf2}j~hb0*%mck(!q!isk@ z4EHC9d{B0(V5PxkzPUFgFeiU@0c7pfnpOaZzOoE-I=Eiw4clk|O|DH-*bQgU>awvX zXuU??d#9OzNKc!=xB#5po@K#0%*1}@%E%DMqTpRx^qkQ0Lg`dCPjm0{+qylm1HjjD z8P6i)ff!C1C%;^n1EzQ8l3T#Jt8804QF?fv%UobAW0{}rPgy8vMVj8G$NfQyTjM@x z?h7>6WTtm187Tj$vsl|bE3crM6xZo>2l{Rb#c3e6f<`VyWhZt;mt4iYicQ(u65M>- z`OMvHiB{zT!yX)(QpC1S;m!caOI4% zR<3m`aI{-(Y0&AWvp`%^!-j^Q{dQ{f)!!;kfHPs)W04xEO{tpW=9-d?DAXvqNVp-- zCx0pA`%0nL8968JA-9KvppfP!-QNa!+Q3ceP zUr=$SbESLOo6u;iD)iA?7U`p0g_5@`^lt0?dj7hP+9DaIKCYrYI_&li{b#*q@2J;n z9(aeH<}<%{*xVl-5Ai;Ej=h6n+v4v>&XQQP1x%jPoBiG#s{(DK1aZ-RLp{y}8_Cuw z3*$tRwt_>nmxp^K-c4iDNAE5I8(4ry7MqGLFZj zkGen78gkZyp3-yT1(=4~IlYfwfHQq9t#%qDsh-mX;y9#+Wld3h0-0<1#r2(JUqF7-!-OGd^B%BO35=<1ZPo z#7F6>SArJ}Fi%~KGQO*tad&EPvNhV5*#qH1L+tyUh%Dw?pW`^$nw7%W?H#u|txl`k z?{<0z&yAo^sRn%aosP!-?z_whPA3I58=*d%&44i0NjO|KFMptsf1=^CSB>jvH3drt zAn900jK7vm2X6BGX&0tiO{aQtZhy)-B652HH6#ijnESfae+KD|%rwg49dj~A+r7!c z-j!eeW^Mr+goC-rIpaz1EM%cR-?PD- z*S*$ln?#PgVAIA2t8a(xy_Rbg%%zLXRPf9S*I()2a<=JyPl?^{T(^Vt@D0vNoQNo& zjA&%id_a^;HZ9p=$bbI|vT=XXaiV5+Rl8o%*&R3ORp_vA-MeJmT_ATcjlLICCp=7vs&HHIQmiTsn>6PN z4qmd`gJx_d3NWDh)K+gYm*?){Xno-dNrn8+vz%w56)^8=(>@l+|NHyB!-D*Oba2q! z$^ZB9xCe{K>#m&*I)Q+Fv1eywhj5)$O)= zX`g1Jo6&_0G+x;1Ve6<>IS|9}wmO7f>$ufTJ1cG%g|0?4ApLf`)l&bPv9-93cUmrb zc8%{E-!;B#e4CB?bWDWoBQe3f!=pZVJ|f+o-#a)Q`sC>7VEBBrPxkkFp1+R|yypkx z=y{hs!_T_iUI&lx!O?z~3_G2JZuj6h=^gfJV-mpyI({G3d!1gl+37aBhwnPi``vE8 z({1hdo*(Z&Z+4#bJDvI$E|T5rvq=7%;xO2>j|KAI;nDF?N&Y)J+R19!73d5L}glmh#c_}@Aoe`LN zWuV<8Ra=Df%p8BN45+PGhBTMTYm1$eYs&*(S=|ABc534- z17B2{*BU~x5oaJ(8M(GG1b#(&n{ky{EjYke7TNYFR%Rwnr2?$mW+ST2)p>|ps{r8E zxrb_WJ=RgIS%CDDFpa9LrmF(Im}EaS#jZoJmGt@v$aO7httQq_L91(%>TF8gDxq#J z|5xaLd3nCA?`+>h4_u)Cb&e1B3;N&j(cw=2yO*cnvxwt3{dwH#whn84mK9n@4h2Nt z&?Xtv$qW9S5I(hTL)TO!I53yQ&=A6TsR;qHz9Y2>Q|qf}fRBi*QBQTVI4M-&3d}Ui zb}|g8*QVjP9k4OGlpIGQ#+*d*@}SeXZNs=UDxQ8~CilqWzQ==0W0JQSzT26&}l#tP#jI!mNznTlY zgFF^_Bv#r91fjHJ<~IfL5>Dl`Y2H1;ag2G$_!gTK#Pe7fZ?naz@MHiDs(+B_p=ArU zz?r*nJsG%25dVxbB}2g7Abs@2XWkXuBmkZcPnK`a)Nq>Xqw3}?O0)KcL@oy%Pa?(G z*J!UAyi$9v|FWLs#bxx|{WKWx`x=D$e0`T@Fvb^i#VkVYpq zY+Zq?Ug6tcBkaDMIR@v-L45+**2tAJr2UKw3Vw6jjyk8B6E?B#`d zrRGFJoZUHtRJOnBYvgMj1RWy88D~S7It9y*MCw3>7|Tf?wQ)?_6M_Rd(Qg@-eYD@{ zbZWJLUXu;#BLt3{ICwzU({eNiihB{F@vuU?w0Q12$3hzSe)KI(S#Wx+bS z6q}q|1UXkIkk+_`>f--n@7>!Px3z`w_iuj+?J(UyU+fTWGtJ)9b0{z^rwqdjOndsw znI9;&lBhVAYdJ6}a6bF*(bC28ElvW%O!vmm(zlyxk3e@kuptYFJ=ASX<>aL3YSbt9T2EFoEZqD<|O;(=yb z5#mFvZfaTnoi4I-bT~0daRsW9M1~syU{1zisB)@#>d;de)*wK6E(3Nx z7@i?ys@`nKwYDJ(T;nSZkqlgb$kpM%6EdJYO(yN^mEao@V`cpY!OrE8tkVICoUOza7s{*&4f z$vE2O$1FN!EH(YB*Y7z=#CjI{s-kjbRjcCG%MJYk=(>K>w|_d0JQj3hg13;7#5xru zGwzcl<*tcepin##g-_(3CaG`OXU@a6D#FJ-Ss)h`(oa&fgjSeZhpVcvuRW>iI?SAZ zVYmwTgHfDL_GwZByB(|2l_vEh;SEEuE48yqKw5S=r-KM#bdpd8lcHTw!SA019ML}F zBz2ZhTrARcoPga#f^=ur(uXr`e}9~Wu*f+4nQi}<>)!f|`@h_`+yK{#xwQ`b+j|)^ zmj%dTg2k9vP~?hrL7AskmQgut;d9J_6PBdMxtpB~uxA4N;an%UqK5-%Oe=_t$x5u^ zG06Ct(%F*)GTa6mr(7qt)F#0zM+^r);1EYXNp$U1I0RUtokeLX8>mQ_xS|-S!;`Es zIwLANrv_#c6CE{9=H-JJw#hX?G|eA4)g&>Cnbp<~3vigIAKCG3pmFpu`U;Lpa346a z&sDM9?blnKR~>ZDOp+HBMqhf~YMLNvu!BmoVf-8AkJ!vD*Ks)Vv7EZ{C@|^!a52Ll z#8>0yD3Jjm0DwS$zbb+&$#&*)9MPvlNzACYkxb#dRO8%^(26>=x$S3TCk?c{#Y}9M zl&uyq1xZb>ao9zjk=U}}?r|p-jo@!Ott>uq8EI7<*1C;^9>m<5ta9WtKoh7|KGt%u%u8CSV16QVd)VT%aUxQkjH zZ^PU4wpxnnijsgmeOQa*x;2_We_}cXOB4;jJGW})me4P`%x~KBJ*Zr&qI`anskS{| zP~|R)1~mFqSuhQ`i+y0*#KLWr7QS3UjvSJ5_jTn`aFw667cw8qTQWKjGYPf0iV+hN z8UL9;IKm;blD|lg7wL*f!RM?$4rP1*!MRZFke7{Exu|HG;ptnSINR&#EFo9bm=iYxLeQVkx-hybG_Y(fhZ;8x^+B8=P{8_FJ z7AXf6v`qXiE}qVkBi@{uOz`TIJ7=MexVm7U=8~9ONo_&RQwVgLnl9j2$$lz=Bbb~% z_|Q!r7X;Y|u=rx^?Io}iQwFY-+=*+9md$11mS|Ks z(0I0~MnuJIP%)*0KuYxy9;ZVRrAkVm&P9j@s0m=q0;kY!7u`8I#`DtzR+hR@{4vH8 zfuR8&^;r1bcWq6$We|X_bQgpgI2ou#>LOQ%+ITI`JN?=ZDTz{-2CoZmy0_z3A8pf}hakw1>1i zPC{KSi^Tv8i9V?GPRt|Cy&*mI9%U1mF)lFWzvyUH5YyetS4Sg|B4ic0m3KkLxR!js z3I>?5pm2=k=T!9q3vDR_QwCmf1)Hd_B;l2R>p|rxpZwcRnG2oUtr2m9aRZvTvRzr7 zsC!Mu|H?&f;=h?u8aahGM!d;8RHpW`_%_?IXaJGoyt*ks^aKy z`X>=286y3ZZvhDPX@o=iC#bAs6Zt`@$UdngvJxbH2W?6ILx;lw9CZb!LDRh<-DP!kE@nlrPClhcS zEOD&zwhOK2fVGL7AThe45hpd=C_~y4ow~g-pY)hyfuvZY<85}ljts(;-76aW_1)us1J+Dlg$GktqMzFn3_{j=4UcdUAt=i>8`9VR`258-lq`+ z+Z?F`COv}4C*qFP^gnX%;JRR)hqCR`(T(F0Vl-N}}sa8EiJf1D#ZYqm>-L z(ZkW7n95{=;_lZA*`Q6M--)l!KJL;eWrEM(E;QU;RZxQ?E#;_{j3bW^TQbsUUxoYC zur7174=SWS4Fxq;{lteO1 zm>4bViM=}qd;%0XnHm^{%-t-!i!CAqSs!!-ycc&g1><%=82L>e%8HJ7i>N(-gOv4Z zWYUTk6x5|o60HExa&(K4)M}uLMhXJ*f(%|wSUrwZIKgQ+$`w&V{Y8abtQ;zo(0pxq zsG}%t=RQ^rANW8ir=kyLs z`Gy?pr@9)vjvx#QXalw5y^qX@JUOOEM9Cezk-MO@|~gS45T!E<`b_1WW9Xvd_1I%)d(pUWUetAcseD<%A@O=3*_TL0;L# zs=?6(z;mJA{ihbM`AiAH0tktFVU4|Rkt+>S776sBi{0c<5?ss@x{Pr;yflQjeT|cL zNP9*{msM#0Q^Nq*`d)4p_4P!9m+cw##Q@&0bxgU!I#@RLJK1y{+EXc$B6ZR7a(#-v@2MGUipsbz@ppPzK>V@d%v(Lh#02_E)&LCsOEOKEqboA;axZVk!dnoxi$y)rx+At)vPt9DU7}c zN(wEmu4PC#f=o`xG7(;bn?8+DkEKH|+g}0%kRF+UyLxq}Sl>339wfh5K#VMrWtL%X zeP_@Znx>Be#pC^G?y+$~M>v_}wMyCERyPM4p%IP^pAMm*6D1&}5mk9W8wtFf_n{#A z7bDO`X+*n9d#1#AfRifvm16iFvH{oM*}!tVM#yk-rP}I?V`#WKYo^$GfC3SRla%@j zGDx~{(PzoU7>wk&VN63dkVQriY&^@pt{T3GwB1{7v)H!(OG}0V@8%T_>JFq66Pi?3 zS%^h7bIb@W1X>-in-x5mj-DOmU|bWKSCEn62^i}Oye-e6-iia zvj~A9bDmgfilv}mkJb3WJ%FAriPl`v+I+2u8ttV#0yO?B^f{M#q46bTJ<7y;pb{;M zp_N=pXNVE)7jQ1x77If!A{rqKNBE^E?23uI^y*~ROFB+IfTMEIfclH|WdkttmwDk6 zPg!E+Y*ykMrM=Tj$@HLqLd17%_s%%E2-yG<1-#DGG6T0Y_V8ATwHQL$SQ7^`vTyP%hW);IKcGE=~a`f7o6NESqFZdOWFRn>K`;)@g9*u&F zAQGLAY4G|RzQ)F{A!PAd;J+SCSTYcQNIRR{<~VzMUa>g}>wRse#m-0R9%}rmBwQJAlOIqTuR#8{d(!Z2&R3;45TIwt@gq;jb;tT8+C<#;|MFbjl2MjBEFq$HO0S8!a&pO2tJL*4MIpgF%SXHo$@p1v1-savy!N`;JPj!Ko*okJaYMQ`XJp@Dn#io2?QrjuOvI$meHQ&34Z zSzVXxh4KbNMH8S*%eTHRO@@j#L$bzpslxWUQYDIgc^>j#kncu~phU4*y#z^dE z*tq&A7VGY6+#`ZLfJ|4s+>$x=M+VycPry4 zB%Gs5b<24JZ5`tgf!)tZy6V{CmUcRdZJ|QO2J1+=3L1gBHIpvKB;4WSo+>boAX(Xv zpiBAYQl_&Xr#5_YP!LL&rv%F(mtZyNjs!4={cOX_JTN-7Ab`RNPW&OPi%c>jC&Yyr zp;49)FXwO}8hri4|emu?$Yb`XG+ju^0GAxadq}<$&ls;Idy~|CkZX&zyXl0r*zEGm0ECt>e zwvH;U^f3|{dRsV|Bz8bSb6}lrnU>fwQa>rc)wQyn88 zSWZc*s7u>oMR_QS^Fgj}*{usH`+H=FuPGbrrgHUcq5;f07|FpsSgaR25o9sfrGWDN zp{fb>-qZK`0-ez+OD9o7tY)A~))_PlVbaAH*owO9zuI23r2UIdgK1)xNie#Td8a^E z{MVWQ!L7Yh*7qvnyRnWi4S?QC|Ino$DJ06j)zcjRL0|rPTU>q4y!2B#XCF=RKeszC z3-KR1n>(A&@gJVz>3HZz0$IKjw0wJuJn2m088bX|f4?jP<9Z=!zRZ(%#(z z$O#NrOxMkb%k6C@Kx!F*um0RZ9=gA;F4P}~p(v=zxD1q2F;0iCTeqG#fxNsq-hB(* zA*r1~t{V`a1qA&A5r4=WXT!^7zE)-)O7dsC<*q4~@(2qV%E7~f_xJZY6-6c-+&?~( zoR;k>2RK!xY7$X14APqgTOPmmJ)Is~`hwivBHA|qYo8u1&%6iMAC*BFvP^1TGG*x1 z`WlK=R!v|^EIo*&*#TxhAxb&{XXEANrGsjmd2R38b?c4tw^gtD*>49Vn98(JIze%g z`Z#W>U&}s@FCvm&fJjHp$?N}1;$>Z;J?2T9_h{74%z|K&|NeJfgbz(&ZLgROWS^v% zhCIs^RV&S(CZhq*0I^iyqccfF58p1;%QM#?)6Q#8U8nXDJ1KDj|78jVxJjgfWEm-z5Rn_ud1 zAfCGYAjmu`i0+L^xhqF0u5;E}Th5&-*Zu-Xy_scJmvggvc5wR3;aFfOkxRJ{la`}5@8K6p$OkOOZ1^UqI+ zS~!jiL4ri7*R}O!)wOapo#{zb^-g7yXb-{=+~2oq_m@sm3vHVnWzzr7J0g%I^jUI) zlK{QY$dX>?IpS;nbT&P7#0E6VRE~zt0$zfrBt{+MKra|EDW$35)f{M@_Q4E87qGmR zY?ff@u^-hULg?4s)8oVAAFZ74J{V9diAwOdzx@pe0bDFY#);&Xz(NH4MGz{qXde5Z zidi7dvXc>wz%Cn2dF&P+bJW&+era}o?q{C+pRM|xr;n!mzdKv&h5O&e#`gO2{qHHB z+uQcH=$ekYkaD$8Ln7$@>ybc@95Emc-&@KiZh8IBdnwwrwg zrGqEK$^wPfWJ;7YlAk-2CgaFQJDcz)9i5H)efkNt+^jLN>0C+k+TS{RT4iAr8{;sX zpg+bql)6M5OEWmn`IX4lp?oU(5ToFzM|?cyq?Be<-t8y}mA(hmX4kZws|9T8r7%ik_z8M8NVWc*!+XyE%42TPE!@GIFRQ2EkQPMcfI9GywpQ zPKyE0v;fLwanu9*WR-zz>hYs^bUDHT>PuP#3lVN(sS4~Bh?a!jDqT-M*l5He6=9`* zK=QjBjn2CXNPs&*X<;Z5q69$Y?_7mkIa19UNfGTMmT0=NYvO`uBBv1^5HH08QK5Vx zGr^~=i%M4Iu6Sfv9o(Tm#w;a;n^L(4sRj?+-b8kyv96+N71yLhvW_s*h~^?*+)5bC zU95!H?6z7_P2X1YfFD;-na|Dt&Bg!6ESQ(~|35Rt|K8f%DCvJ*KF9xllBa6v$1JEm zrEFJvu~3WATy6PNp=`_E%jJ`?TPwR;ag%UhLAd_E3tHDaw??XWF#2vP!v!6(H(Un0BJs$RVD0#p`Hc!T<8_^bybQpwa20;x z9$$QjwOCZg#?7r=KH(`DX@ArU9iUe(T>CJrXgjkAMfdmJhQjjb{ZEx*wV|+tx@87w zX@9?YV9| z(@J6dmE}MKDp0V7T1B_5)<opJA6j@{s1%olXzJF5P&}F5|HT!Vtf3dur>y&WTB{_w&i10-DPk3fHq2Zg z9l%F@lPwqcwk8@P4I!#Y$P8#J(~IhYUp?j0i#u8W;A|E&)HQ8G zWX)DdNi_Zn*28-${8vj zmn2VX_n9Cof^3kq7&*4qY%MXa5MV0hT46X<1!t82X96u9bMyY*DJCPUv;?oJn7?6I zJ?CNY3*y&Gj>EcGE_yq#y`i6vpns(!sFIU3D+Wxy-;#95f-=pS;|^gOob#-j-k9=K z7IWZAbKEI~OCIg${$4v;WO)BKJNaxW%_HANrZoI~_L<9w4p3Ns_RX{f$`%-=(t3>K*7E~xN$^~g3t*`{G3^D(iOmx}S@0>-g)za%e z4M}TtwT#@XVfXengSciTl<;jUqzd)hnHmRzrB*EHR;ft6I-u}pg$Ynq*ws8*SFXr} zPcMImI7`yqFdpJYY^9!BO*QG-)9puwkk=az?cBYiCl3$u_82OCrk28=$ z&nh`&xm{ycmN|PL7rH8BjI5}Y+tyOeD~<+;^gT4kB7%+)6wK>-gzpf znnF#KF<|Eem_dF9L5%YgP`MJ`o}WDKwwu~>^^8K5ioI0WMMbb5ec3Jwdd*sFUWLsz zf_CD)%Hs;IixxLpfs0IjsoFQf%FcSlAvP0GWmp!sQY@|}kGQp28DotnKcr`h(3 z!s>3uiH#?)qatcb~Q1vH)n|H)z`F=^ZuT!~X$6u*_ z&3S7l4z&*4sdb8)qEag}vRx(a3W88&B;J*LfJyja(f+uknJ5ddnmprH$RCy8A<9=P zzV=&%&0uQ;vSj%3&aRThOXwi+XxSanhQUr)Iv3AwkpJKj@)W0}KMpxb!%s__$b#fP*BQ>5dw8p+g24NLvZCj@L304`4RT@_>6@~oOkxIVL6LA`8mUhFp* z$=1p1rgk%v6t3>5%M+|35z2mNv_b8Vw~$Ls6tZ4a;Cm+FS{-!rZ0`I{o(YgD@mL)w zv(9v$1C(G-v%xDBoyvs$RYSQg^vo0gL4~DFSV%y=KWiTi@!vXI+r{{Ao1N{>bNq*= zcq-V3q=$VSf+!~(gbyYXP5{T~6^()}QgK92Sx6i^XE4;zIRoMD;$6Lx;bA(C4!$X9 zjf}>US*(;egV2PhxkHiKyj#^*uqa|_c5On)dQo$6+A3W%<~SF#O<{-4Y32x4DvQ-e zRsdW|a+YEHbQ}^HJ|Pi*b>{tjJhmz(K&j1pX*tW{`bV>M}ygpfhPLj+36JM|JL^UbN+`Xc^;kq{~%Y! zV#mNjWLK@lukIA#N{kodW&e+1z@L|NJD+ToNpsreAk7?bkA; ze-(zlBc6AbAT0XKo-EPpdu4E`WJt9j6he4Ckp{Xp> zIvUZFNwzp+b>lUqdzbkaXRMt|GLg%-Sd1Myt(AO!N7Gy})8dS+<*Q}Qu~=uC&&lPV z+^OtQZzT)S|GA_;&GG*?I@`tg|J&Qo{Qr|YbCC3T42|X`m=8HHBz)6suhb8K<#$FS z)LLs*mCT(OmMc;h-AyrJ5wLvH&1LY?h#D)M51Ap$$D*E=gk-cP|Mv?H!4pNBwHQ6G z_=xWB(QETd6s@+i(V1nYdpT5SkDHBjN}dwguq28={ku|Q8ML)(>x7Hq{ah&ZdXI-@ zAWIdBAl5)PA6Rux4znP!uIA?jlp|TOI;NWFQ!J*Xzd;hc9*x>0x<)G48Yd}o$+%x- z)-=uCV{vSh>O)O)NSjh7jGs6r)d}sz1)K0n%f^DCmfkjXHWafsmrWn?i*jLu%qlmt zK}6ESpu*8?oP?I2nLkcK6&Oeyb``BaUg&bxt-Q5i5ABgh($8@zw5BzZY$1^~_tv zjj7H%*7h@@4O`Yr>CK}WvGQi$-=jOkNr0Byu8X{Hk?XeqhIqS`m1%XoZ`blKEX&7y zW39FJVA-HDKOk#HUFcRPNeyg5q9)|~NAW?liBf6L{X45%zp7^*{@*eR6BF&udLL+# z|7>p;R(UbYFS3&U_rO8-(r^+-$%2B|wrGXQ` zT*j*U)rh)to$MSFUnsh!<$pVxJq`-m@NoB`Tmn9$$48 zUDqvL!oKRmZ7%w6QZUUY0BWHBo0}#2zwz?rv;EJLJd!sBD$$TJc6AmT;?*LR$8pTt zhScwy74(;oEER3bprrJs5DzahavNH}+O zoUrP|0m?*fLAyY`M!x{3__^3S zWp8(Q(nZHCA|-BaZmvfOE2N>uo^Jh_R{lFa^U!}94HClnoYo)B_y6@y(f?;-V|(M7 z{y)WYTTFNWSz*;Lu$fk24Gt)DO<{2P z5Jh=aS?jCqI=F{p+@m2)DdFDk$)P%Uxc3w0s1=d)h9y@t8f2E~J(A*1t0>T@Eh&h) z_9d|^kWVRzq>|AtsWfBq%sZ5@SD$$q?!UAEM5B0`Af!-c%H6)E@#!b$Y*q!eZRO1@ zbi4vt|3xw8O`XP49?Ui1r=jX94QsM>X62?JN4ay=Vrj^Dsx3Nh%Sj+|rL+zoiJx7R zkE%LM(>QO^D8Z)v+(ygIwf&(G_@^Wkkv$tz$=psa1VZXz|BC3i)!Cyc#&OMls3>Ye z-Q|c-b?gZ{wu4)Z4SOI@0b@>_)t`#8nebYgj z7WF@y8_)iKPxH*Jkyp#Ym5U)x*r$nWqDnoz*)Ku>2*ivs4id39$l6ndSjQ(plfwl6~CEI^ys#H8dhre-Y1; zU_vh7vM_C~;BOR?YZCI;o$dy@A`^b`CyU7I(FFeA?X0hl5RI^((rfa%6QB|PbiwJL zZjxk^j6#riWnI5o&xVT-_Qi6{)*Zlaz7GDRac*?cKXTtLMl`wzNi;}@ zsB=~L=Ce_J0V6^ig-@_l7y*)cTKp#5p&d2}pS{Baq5=t+I1P3HR zKQW%77lO~VN{LM%;6(+KP;26JQ!(ZeSHK9i+pvFtZQfj8x2E#Gu63E7Xn~fk3VhtV z=+iJIiJH8U9c^`C7Wu^96#36+84QQJt#+_%{tlKK##Av9xqbAbcFaGji(Opf5D4hT z`a0TN-$0$9spRH*2W_r57Q@j5ZI9|o^(GSEl90)FK8wFvq<+h;HRt+hPhTLg35V$@Ty$mNI6fQq-ou(` zEf-#Rt>vaAm8~eRU0b-@YU691;zShhw)Ee*q0v5C(dUq;2)W46|03_(|M6D-qx(C* z^Eto!Js#W%5_318{ku3C+)(z|zxf8DDi`%80fkMqpK|Hmu{C{M=VWzic412UT-Sd;#5V`r{yln7Wt`zo?B zCn@SDY=riie?^ituuWm(6z%WsUA+6{;Pmux{{XQB?fvxb*JGvoc=PVpW0kbSMQ_dy z&JXw1kDm{Zj?|xL2j@SU_h$#^@9iHad%Gv<*YUym#Se$a`xj>ir@tJkEWh&g>F%$( z%5P^Edq17Ndv~s0y#4w3oo;XU{r=(k#jmG_=LcC2Z)6WvWP9;p*~B$o)^BtuS@R-J z*zd$oNnqYcV@C5cU^meXPJ-Q&!>m$OY+UhGT+EK8CODfN@$&FwFaP4?aNnB0akR_d zbD|E%WGs%`3Kw>@u&Ll<2Vk8?&0OTo7b z(%oucpU>NWi)XI$|JtA1_UHf1;{Ul()cbA=zXU5G z%jYfKt+CriD0A6@R%q^PJL%I1hxAX9=svO+Gk2kR6RD?o%K}m|xTzdpRy;GL03(xW z_B2*5AUL0-$j@97Rr-bcq|x+Gl5f9w`Lzqn#`Z$Yd1jPRd|TgFW%arMEMIy@&-ctj z|K|?;uAZj*UuS)@NdLFDp7sAv@>E@eRP0~3K&hui@wM-R5K#87K({}K(f(~I{(A9B zy;6#`oP|`b2@3y+vE#F#@v9YK(b z$DHKa5Oh|Q_%Oq=`B*UlkAUPE5WHH#%ohreU%8wsX1&(uZl1vS&*IpBooC+jf3Cp) z>S?y9}V<>eS5nU|9NNUS^oDVPjldi8YgY>c|jj-nW6eANxXD*ei!3E z#>5J=R&*jOBqT3~&?q>ML7h9)+u0(KZ%d>8I!-q8@BjHFKu!GL&UP{W1Bis4_x}?- znY?1<>j<2)nir7d@%vFfX97OLqNh&F0 zNlp*NPcY{dk4I>0eOfcqQkFL?MzsudKJRkI zaVhj^?)|eKAoJ1xxx)UKr-A-&u9xyZZES3BJ=6cEcpg6l&zH61(ra{@C2yh3>@gd4 z#YYS7V+ZNAH0Qb>sWmqddRnV!1?-wC3+jvj#jrjlimNM`xI(g?6=ujzX;fYK_O>7= zrhQa9fFp*3A8?2xpCm0C$clclgiv)8Yc-~!$-k>?x2oE-XcSfT&Ol&)DlQGY+_C+& zD)2*Ni;WpR%$e4Ry?UE)U6OoCNfP1k@I(#8dNB=pyWW)W6){WFLNc=oa7C$nkc3!A zMW_rHlNC!?%6t}f(fQtqdY9s4K+==C2C~nJD2ROr>{RW#J!Sz!WoRkxsAls;s@UqP z74=cS6tL7)kZ{zkK$$)NQ_MINw(`r^Np|W=uQpkeJVp$$ukk|r{LJ+%!2e+>E}oqY zY?l9(^8fE_Jm3GH2s$8{R~QxuT%5~&jR~j6@9e* zztPz$#edn^-hSTyPw`am|F>$2t=zw^>*k0+wqQJ;C4_Ovxm6?$s-cB%lGDL6`>kqw z&Q>Q!6&_*&+yrZOA=PE8IqX9DntlovyCe!?MkAeTo<=E2u5maG54y~3&~rb*F*#RZ zT69cq`{lI0Dr*-a#SK}cIn6F)nsFNM1NPOSoQpRPf}Ij@`cM-BsHf4u%$D`4JLB}( ztxTUognnl|7`ROB=ADv|U`{+Wyw)r}wK$HaoJlP^;9nw}ukXz4kh5~H(kxH4B(1#d z7R<)_3!Hq<&;ObC{LjL7Kc@ZH=H_~*WdF7Gtp9(K=Sls4rp15HCki@KCC~mMI=jzd zL-ys<`;_CF&J%zCId{)VN# zYJ2t7dAe1&@;%s3PV$^NXTK_kznPu>?(fkvd--V3Jp5lO<_rFvIrT3*P4eHDFN^%& z*3Qdk`OlL)g}bnr+&2jxksFp=+2Wta&fE*kg6QoFMGa2Ik;jK7V(@Ts*`TxetA`O_5rnChz?um z^=s7HSYL0Uk1A$inQkt)|K|z?)nxzK*(vV-o$b!^{qIShiu+$R4fqNoM12W*VPYcG z#%5Bo%Bp})3q}d52;8IN_Ebj*vcFD^4`dar3`Jypw?Ztr$i!EIUsj|f_^o3t!4DH> z34Tdl`FA&+H1`#Q&|A{C~DLp6!30=J`_l|3MDoUxW-ijYqc}+GD$Qi+klVpG0HO) z)B2{k$D)*cO11Gt?qyZ*`RT1x#;L8%zdXVN;>F`Il)84M0fyHn+1qY)!r|)5dGD_r z3^T;HjaXo85Eb>d-aI67F7EefMAL~{N$S@_T1;6;65HO#dND`4K8sRJBZ%5tL|?&F zQ|}@10Q!|hXXVO(0{8db+5#yaDDzL#o|tqgu5WBPE1I?8v(X3(D)FJ!W^vl?;gq*~ zG=e``YpCTyKtpw^NPS%EqpB>W&u_&>vMdB#G!k!4z}8n*w5$gtriyQMlzStn&k44R zb&Q}pZ&NV`NlS=0P*RP!V{%QBub7KyKL0&IR_P#O30bg@CjNhWvl#zxeSPOS{@;^4 zOXvirDM=!ZQikL-qnja#P;X4bfJOrpWB&>d2=|;NbUvgUbWGrp%7-Kj(I8|!X>&-U z!5SFLr}UbDNxt^9_D{OBM1 zr;c-ZdFiu=vyeFAI6+i4ud|8kilQ7;Q{9Wc1ON)Gb7m?+Ol9#_k`M7yIkv!&jV?zM zSG~CG*7xtaP&zAI3(@rh*6pXJ|__k5+c00Bw4m z4X?8*@JG3UOQp@?a*cog8f}PT>sbriq6NqKjg8R|U&~NO`NKbB8Xqae<9!bQML}1a}RQ|Hl*k~QT&}CDq&daQy6BeK> zkuDn1h>pf1l%>=x!WGeQ5ynnZ;2lZ5ri)Y9lk6-7`MagwIs z?>P-FaZvt9(pDGUqL$#01(3GM=o)GX=DO8Io9pZA=pMCbL{o~xeG=ly8Sz;Z@KzV? ztgoS#G8fI>Zi=^kOv7yhEqD=u9JAbb$Al09QeH zRS#HxK@>z@HE^|zxm&A?wq9p zpbi`-oYO&sVis^4u!rm*DRWCm%(!6P>-LZ6=TH6djAY`Y%xw-Muf7S22+S$iXfm&#+(0N3qQnmipY zJ6_k+R_<)3S=E9tYV~lL2zv8@mxD_Xy4m4^7-u)Y6>AVFM+Aa;1qQBH>kr45j-D`O zeQ8oAxLE*Vy^uSFI?Nb?aVFn=Wc0u;MDX06;ce#psJu z=)`UiP{~mk5T!7^&l03kjah2Ig#iP&hK#4XA;p|D+?VeJZa8>>z?4aR z?eKj02jPoG12GZWz+f7$FYQb@I+RtKT1S`QMYAZ2sNkA`u4;H}y1H@=8d8K4V)TW< zDtb8m(r|rkbXCJ8?s*M-j=`7jlQ<=TR1ZyotNj3BjD`!=?et502`*6wY(Z+^`p^R5 zo=ZOAQ5*^y>Ep2V7@I*5krSK_>mbg6g`$8#*sXCwViE=7PjXF?35-GMvX!jSL+?51 zk3*^3)1PQGKp%X$Vw6}_3XgYxJwv-kKbQ{1^*Ui;ND?XQ=iPSu%5Xd`rvvT{XgVDC zJj&YmhPycIxoTvtZ)&#(V;YdQ`q0icPkTxAzv?{}aY?7{lpH?KkIwSwsww{7(0G;HEy78pslIIm(BC{_f7F{Sbkg3Gd? zX`07#Q*;*S9ypKMTxbRf^scruGLo|fxE_KpAPR>OP4^7&>j^onRLDqx;vykO1+hjBh(|(6o~|gMip$^f@@4Nx&Dv@r}>`}T%7(n4X!i#XC5wtGe5+1 zR4RYjS^tqf$~@ZP+lmd!d9>BSC%^0gzad+wn8yccs-}bzy3E5>n#U%5Jr-P6fTVJJ zcj&}gSL*&ds#iS<8gWW+@M}U-@-Fhp%mkwh*R%_Z1y}k@7EP*FB=kVKYQxp15f15} z)nva8uB=kA{N)GK%Ggf9YR1>T8z(F!z&*B5H44k?Yur1jy|dgQFg!&V@o^6YG%<3} z(sI*qJxGruj_e`3iS}`dr%~2Bbl8_cBGypAqUBUDheT~db|cQ6A&n7E5tyKkV{`{b zua5%P6m8QT5=C8Klyw0Za}Y{P;)3Ss4qf)fe9~i|77`X$!BwekYKAMtgIxK`j!o`$WoEI3B)s%k_ogmTmY<2I@0muhPbWIZ`FB#W3p;C|*W6lXM)LI$+ zP(C`k2G4*u2`jM>MYt*<>L+Z3aE3~`4m@;5q$%C*$sr1u&k>8zhXc`@5=K|aBE+E} z3bzx|Cy5~T?E#6z?T`ev$O6Z-eckaoFWXBby1vGV?AE>RxIRnBD%{liEE(Yx1ti5Z z)QHZ;r{lbu2trz}jFjSAnzw}$Bz-F3W&s*EQQ3GWt?ErF_%S7KOqr;U zgMgTek~Q}p+LJdHBa%dlqUd4RiEgJ}&q&0iU8xW31_3;jYF_`G?E;f3f^i7J*B#504Jlo{q~n1+-~!8UL38gb%pRO5KPG z5j72C)8Nt}rXB?>#SVt!0c{d3Nw`jAQMJ!PhQ&t1A&Ul5TB=Q`b@>O)qd4GZ5)|GU zYtl?EVpT>fdOr>mHXaO78i%Wk(Rw8&OlhA^72wpvWhz&ef6(z`4AW0kkl}jqc@@4? zWu!wC^GAoP31N3=-xLKWoKd|!!=u7w!gtouiL3xJr>T;G$uo#&2z&t7CE?P(12k%o zY~1Pnw#-qS&=F21Q-${rgv-uA-N@d6k?hg_?g_%7eP#+P1>rLfW)&pwra zwFV{318+i&YTc|K%fxgB%bABRu_m={C0sM8cpoas$%Q+gs&+nM!HgzGj|11yOem9Z z&8Q216u3^BEbCN1w&XrjYGh`1TK8h$n$r?D2ba=MOq1d0ezXRrN^Vm%j>{{0Lk9^B z+E=f*t2&xxC70ovVliBVD=)XHglpaFc%ALJML894O|cj*!qsFk{6PAZgX?69m2eTR zCNtp&N^&$@jT-I@E>m=R>kl;hQ*g=C`+Y?J7?U?NBygF&%)>=e>Bm*Ip3(c`!~ggG z;Ns2U(ZTWV+k>;p3-C+_dJe9Pd8%PBGV>>JDpMATH#8uK6P)-%kWyGY7&xQ_0dJ4N z;f1#?zrPWpk)bt3SnJ?A+tY0IWhGo7s}N^3>l-zwW~FoUm?q-|IGtL!Oh%E&CboA- zPO{;4a^$rH7RuVL8s&rFV#$D->AXXSfd+>q0~}EfSX&eP{>_m3(p}SYEn#uSwa<+0ntl38JYi2iC|q46UoHxW14G z@sN-h$mPzuxcIOr;Bae!Rxk4d<5x635BV=7q5VobA2={T)|!l^VZ#-TQ5u5JG41PH zpXlytEH-gWkq`d#^C|)A5DrXj1p^0+vALx8=>Uzy{T*;srZ3vt*`_mU>tC4C&4x}j zFy?5D1>+k-Y&5G2@M@S?DEGS0!Vp5q+kmf(qmXc3*`G3Wk(Ym>izwd^qew5-HlJBv>o&%PKBJtveUi9gReJDM2tg3=h2% zz~4|Vg$Y?sUUUA~JyDL5aRl-SJ$GX+Chjm@<_L$Jp_p;0nGjnM;GLk|qa*k!L8KAT z1=H2cJF$Q%Jnwia?3#e zms)T+lo`2sodj~W^_Gd>A7!;=P*tBo4XZ7KW`?z<3onSaYPvSpO3T2t*Vziw+C{$l zud?Vy>F1FspS?Xl5vN~3qLkv0doy1mGPuT^BtMhsM%NOqD>Bing@Fqos0L0nEQTV1 z62E2uEQ2e?oZqk{m4i7Y*Nf!kvX$Q!!zGJLc1*=yhP+;N?%RGF#{rqu7+j^K3M|I@OXscykqL_eV&-Z&IXLX`YKYELRxT zg7$>qE3-tdcg3N;L@m&77@VHvZs?Ni9VBPKrnAhXK8-g@!=7AseuN5QQr)qm%?rCe zuN#O)#$&h)t2&<$oM0(q3(%S@2vPIP8=V+TKlmW6*w;fDK~6UMK>>Vx1_8DRMUp+* z$-Z;ngfrSLK`~1^b%W2;k4+bGWE(753#yh9QQPvkVwQ?O0KPH|vP*u*Fe{tHT+&1* zot}|2mB0NtB&KmV=MjCQUQGhSJ<5Km;%L*p?2U^H*H0=RTvNki@+Ucd6kj^C8ct?- zE>`d+x-l$Pv!u^Hs?2*8F){ifqHWBUaFhXUBB7e7=w-tYQW9c1N8Bqyn$0!v`pI)e zdU+l1K1Y@Cka7C6sS0U9D22o5xjY<2FI-@TMk<9=SoxUH8zf7AA4}0!K+{C{nOJIs zkt-KP3A#F-))g)29n4eH_nOiC_DNZ-)9LYH%);O{)dfsFGags&aTj~lBZsr;vL(C9 z^~Ia*?W5YC-kXRgQ3=RUFc3o3*^zoY1Rg ztfeaHQ)SUF{bHTI*#{AYdARYuHCLsVeZqdzUmQMI%G*sYJ`h^D@9`IEI0hT0Mw)2J zo0Oh~(W0zcA?ciA$T*Q8?Qw0KSg+9s>Qz=%2aIm*a)Rx^sQ%s$d!Ym5y<6V`P7vVj z#l+&$p;B;a6GJfs3w1*Dllc*2obZ0w3q2QG>(C@Vhpp!FA0QR5W#%Tllaodsd4a^c z`9;unEbC^G22=frOydTMI*A}}Ev+szM>8yw#Z%7ZWM!0wRIJ@9z&bSG$r%zhBn%7h zwA*w_34Nn87sSv(#oA}-vE0O0vO_rysO3Q`l73c=51CpQKxTV{}E_FJK9SqD}3pX7PWSZ2T_C;G&p}-ZML6>&+4W(1#<#I4HF! zR%NHQ6<9QGzWM&FX?eYJ_^^U9$Zz~D1cA=mN9W$5&Is)I7Qv60P~8XGiaZIGP~i6m zDqK}o?xI)qjcW4+aLd^wVK<5+PD9MY_G3gRkj$g%kQ=qi(>mLQ1mCkqk_=Lm83uKW z*f)}b9AEEruVz(Eb?wbl-g0`_n54U-(dc`^oA6@yN6Wv3%58Ul6+L1o8=oFTxfHGDvXe}E)9Q5Ho6RCHm6h5E}&-eF0GA^VXyvGRz*j!ifs z%b=q9@{}#uNO~D#E(jL7Ior0Wz3gxk; z!EMNjv=7z>M&0^EJucZO3ohS2-W~m z4DglJ@a$DY~if@=_2utemG^=Sk3|8z%i) zWV~_6xuQMmyd0^cAm>&^DDS}7glFmAEg>AVK9k^VGCY>(nWJ%hgq{w~JmRojFJ}{o zeZSMSnn2^^{-pN0`+cJe;iTDa0N7|2e!6>~Y1aiS8Duh=&zxf04c@kUTmPMYM%3%> z3laT>$(OY*0UoRf77~Y0ADWUUv+byKpLQ&N#Rm5ISbx=y6m3XcHHDphs$8iOf@u@7 zW$tJ_3P%z}ehkz6Z99&&&}vrivM3rwine>uUk^l|<=u>tVR%&VBKD&)30kK^8wHBB zRAhn%(-*r2xa77nI;Kod=eaLr#=%Y5lQCduC6dAh7OI;lwEZ$^f`uKWQKKQJ;3#`g z;#SfFik!l^6d+=Uz_D*`KNDII?^-pzFBG9{5`>Q9`euikUQF(|(@J_W;fD~|!}bBE zCgipdqj=3bs2F`)4BSExeY&YR`jdAy^^*=N^;LY2Q>Jbra!!;uIb5M4`EI(kLEH~C zlP8v{D%eDW#8`u4Yp?YgF4?k;T}M}YaP^N}6wKz^n!@r>R6H<HMh>>oH+39(8AE$eL5p-9BVk64{fM6FF;&5y4ttQ=<~f z?saxNla+z9``apYWr?k#tf50xhrNSB=?}9leRSd3J>uLGp6B@c%fKWM|zYPUluqKMfOo91H8Gn#_@LWywjV?|{m(T9wlDA7xn z%9(ogm4d~&z-P)+`&P{6i7nyT@C`!G;aKXGPV4<1RvOS!{Xr)sB3To~J{j-J7YKPt ztwya>VySC}ggxke%Ex!iZHPr!_2ye0zPA$M`Yt8gcAy&xV55bUY}I$vcn*gPzuJmP zLRQouL(-*8UQl!`*1F-VYDhdc?XNVgpQb4jJAFYm_4*Mygk?46N0cy}zurJE_4s!b_@Lf|6 zSeh1MCFOyvrd&w~S{16}26+^LJ6{paEJnh4_QL|sW<}4}FO9yaP3|BBQyhc@u7WCP z0xz3ZWy(t`>P_)CQc%WY@nHG>B`d6n9-^Z=DtXZc689LXOIDdEZP^_WryBJ`VA zgWES_FTOrmz5MWOP0r>M5t|pCGPdQOJCm8U{DE;@sv+Nzp(c@byMK5Pqt;1iym=>G z`9qEWV`<2T8xmo^_iq_phkn)O4^`IYWejMYRTwr}S<#_eXD8Mv!!qMHC2tbpqJr#1 zrG=SuS6@>!FV5AfWX@KJ<~7zakYn;)T_YJH%Rl{Wd5hG-I&k|;F(;l$0a60*!vkF# zmg_uw>~ zz!d7TTe2PXAm|BCTUIGbx-+);4PEIdmhg+G9yqd>;5Crsx> z|Kv%_fO;11U&xxMZ(%AdZu=qZOGIEK=+IriXAOGSYheWUWru3W&!E((^K_laxBKn} z7RivCk;u*-#me)!tQb86Hi40LC9p@;PRo+u614&<6Do8(8)xXl^_~lo6F#``q^n|M zz{@(&S?M9*DwfZn_1e#WbKUNM&w}qqA$B@E0y|*{E@-+hnf+w67FLeOF=(OIlcu+Jn+2U{p-;3B3P;tpXaCr#6S(p1Da z7v|qzk@5B7$H`Tk?2xTOQK;4#4yOv6=Ugws09d4|(d3rRL z@|zT{n~9qnmsJ$4_#F*1@;LKQ8d&&E8FNA4?sNJTz-ft+@syek=<^0W19;k5SvUL7 zpd5ykHDAlO**T04b7w$>97B-U3Eu_y$G(9_i=V(U4^Plb_uA6$WQR-i7EGcNE)$5U zAxm7;UfFk+$Zt=T9Z)q<8XZM(a>#o~pmht^)KXYE3UtYNYLm0ZsCX#~4#UH~7P?S0 zmo3=v?tSAj%n2uT#UI++Z(F#S&+@Yu$TL`5Ny_UQWbSLCsfpjsj(j*LH_S=gK)3y2 zL6m?JG5I#}I|XDevBG9HSuYEo_{c_Yw$Nq&WFx}VpnCt+cs)R`=AOrodkaiH-l{nO zc2#zKXP}gqD&7wgTrqR8C8-S2|;R zo__c^-}&{fS*OH{E=jF(Ni8v-v+mb4!rpNI%@ldu5}z&6%3DbLNhPxZN@etLnOxJm zy@nYJ{2Ax(^BL`{@R~JpZxKCrb|)t%)y((X&$#i{eVXe|pL`;j*K~$znqIO}d@jpp zCm*%A4_hR%J~7uCC&yQ-Ap3=IU5ao_ZpqfrFl!im52tY{lMANwY#}yCxYW@76jZbK zzWQ9%yi7qmpTSfTVP>c-epfk^4Q?>Exq0|W%+^6}X5;0hGX$|n3J3DwjVdCdqOg0q zLRyu>gr+d<99cHB%C9$?=pPkWqD865Zy?wen8VJcOanz7LdoLcA>xY=7|aMcPb$Op zpfreiVnP$20!kV*iSZkM9GqMSJ7So6K=l%F!&y&H7doDdbQ`R-|Yl z4kk&fxx_@!BVD$w^oOHChM$b-IH^BED$%H7OejUH=8R-w7+4i|u`^cV_)zRkN*9WhS(laVLsdkI)-95M4>CjsWb?B3N3@BXA-{;iXgC)`XBgM-Sn#0cW z!6d@*y8~59aA9#sd(-6QMLP!Db9x3= z%36R#RQKkdObGFq{ry3a4xYGA@1UjGO2xMaKNLe~chc>3W;8uYa-*YZbg^wF=UBR1 z!pbXcTmfEqjppQnLU47T$&FXPgsDw_ACOhKduUdg{v`E3|RY?2-(g0I*SXCEY&U#t1eeE9AE}rpWj)^)@}?wsmm+Ih^DNXhn%y5C54TK^`bs|2 zE}=ygf?pkn53)oXb-nl)PfU`w_Uycm2~EYzlr>S(i!by81y|~L3$IZXzz6v8B$OKI zM?vdymDfy6*c~m}qo1qXu||?XiThtFgDJnX)=bObif0W>!x4xts_?k&}L;F&TY|1s~xvM81!Quz1CpN7W0Y zSw5=Ng~JAhp)f)^1;!CucWhhGKZ)hrexTo3 zTNe@f$th9NL17tZxO+0J5`l(WtTzXs4!byJvcTuK)gd83my&#+|Mn(PHwjq=jyLs} zp#I^6U2hMK8Th*N!-fGCISmSX5nCsILq-ypz$)5o+8%Cl@b=-{Xi28NG%WmD9ao&6TN_lK(;v z`<-`ql)e#W^F5dNF$};ro4l zV1FBcbK^c0K5nNRP=ElM8}+t;CQiFY zyC>A3MOuRi=1OhfnWY)3-Ab-#QaD+oeYE=lq8J+-t#x)qN7AP_5O@)JWa=taFh%uxwkYp3D~rnPH)`7`&*FLw_3Ats{v=po@OKgHIgJ>Uk4U_HSvz*(jy zP@>u_R`2nm&Py16F0HMtxFR1qwf-V3`#=EqE0GzwLMBWo7%q)$MT4DDhB1COu?qG*ZsLzFZG}6f1&hFrthqcZudUvU@JxZS|c=yFQg_D^3 zmzLsG!X@Q`mC#L%Y6COS!fsQU1VlvKy)D$*?oPqe_-NIHKyQ>ZeJ}NSkzVM^tGajGeo)u@lVC*F?dV=toU84y3wC%%8e!7 zYOFllJV(k{zl_P^#o1OX_&R(r<==!nD^8tsROwuS=~1sc$G3+fefqhnEpS?yB=}4s zQpGyVC{^HZDh?ZB$P2a^=%}M$=HR&0C|z}roVGV`vex_SVIbpMK|sXzYBS8;?iY0v z($N?1^W{0C_&K47_9Bj|?@P@MZfEj$hjm3=|5q{7@Sfgr-6VT9YIOQj{i`gjeB6_{?W4)v-NBi!I_o9$ ztb(J^n^+Xp#@u15bghfJ6H55h3cHJNSu?BJ$U+*0Eom;9u}?7rXmwDsmX@SI{$hf~ zqNhif*W-3?Yp3T+OTJPWbXz-Z%rsH7hF?=tQ*m+)lx~5%ke(pV8{0M2Z@QIAbnB2V zJ{O+e+o*#w4YUqj%b_=p1L0axsX0aB6gi3O{z>m76)7`u`eYz$Mc0^Y^xvMOk!_Q( zhX<^O2EXSjz^6$kXt7b`L*_8$)`!xHbDuz5T{|^4n!>(P2iMfVFeTn^gF~k@t>d6Q zg*A<2SakkDVPsa!bpYVcLuBhKZ3eQ<-}Lv1J~6$s#__vn$fo z0y@y5D#cMs&;$BeGweFW6LSt2J`qT`QEzzhHMefC02;eGA1VQl@RF@!x~#YjX{*)k z-G}S`J$;ITAC#(+YYewXY_IPT4#N;C2?@$_Ry)ceFN`(RRdYAtanw}>FR?i!5oT{& z-8CoG)<3F&;_1EG1aoH5=zDBE3MMKLW5M}9-hL#5by~U?UOvOSEA&l z-*-<$kpj&>mVSEd0ohv~_^&kvug1@dL>FJ(A+K_R3m|@I0Fuqs15v(*?LLspIgf)^ z#R9{Yv6Hfj8kj$lpb&D>+k$LD-ycre2$3H#7zwCUFPZSMgTQ$=0;t9bOys@T5QcM}n4I)NF2dDUGGhg9Fisqcd@{P35)4=U#fkp`fZwysq* z66kE`YJC|8_y&}TyFIY>>v7zBq1u88zFvNPq9b`1DY7i~SWYl(PTYWSx{%|)GVdO` z@Ljh`c+Qqz@GcQfOj!~m-p&=T!DF0*Bq)B9o`JZI`By%Y!hL}Z^#7};=*Lq4`6?3uT$*c>5= z6|%}s8mv>}?-t*T_k;Y>ZW=-AUE1#RT`)QRj8H#ny#f)!KJa*JHUn7uI6W-^M^f1o z&R=E|$yucHGEJOW$x#lYEZ>$r7$56zf^Aa5wMe@Tpb*6~i3Y^pkcX+INs45CwzO4&o?uokRN8$0%-7`weVLu9~JYF%3j zOL{Rm8w;KPOuuZ5kgEdkCWjD6F-Q;!a4-o3c zXm3=Hp6kXeWj`7}YB+42oHgfHwpB6Ue&$sYJ4mu4>!jfyrfjDnxEwQq_yK9Y8S+Ua zi-`j7>$^JZtv%0Zva2ZJCbjIXVRf7aF@f6Z4eGcDBRP{>I)8{eDe__ZMeFCmLCsvC z!;8Q#&?R@B4#A_Jn4&BkkKu7T?+3<#0XK{#IBUeTO#EYSk!41>DM!DQASvpBSQ9q^ zp+@>NhhPAjr0XNla96YXX?bx=;5D-bT;epd{{xCk!|r^=FJB$1EVHb_8-b7Jla=01 zM&W_v(KPWQv95Dm`;7o5#~aj+usI6pOdDQFI@JD`dN7+~q|FM7;w3kv;xzgjrT5hd zuo%m(mRh(*s=G+gGZc>C)rEperDR|mOug~6MK10?@-1%kiZQ>`$I*T}{J@7)JEqqZ z%urvdEu>C4R^;#a`Xrr3-ext-aKz;Bi0VW2){i{Hj(NHBr)XR^ zQUrsFU|w2+>*9{((c&vJ3ckYnkm~2HSV_%3NCq=7kqd65Qgr*I#JGw_IukA^8rGz_ zt!avPDZ3<5sUPh_!2IF(!c#J_$ean9J)mqWO&V21SO>$@B>I)3tQ^*|XxB<@2v= z3Hsukddg8{HvFt-d$Cg!A=rTR{ydRpU0Z5v@}0NSbQre$4}nObs-iH?n5?~;wXw`<+uJ|*=33<%4GC} zaE|DQ=%7)ICAS_j7j5`9BnzPh1xi26Q1fe~cL1svO8)AAqHvALw+XzyVRg}u79%4N zyv9s+Kh@syv8S4C`?PtKrbN%FklJQ`%Md{;msX%|_y4G_xEPDCLXqaqK%3TkCQTPo zWd*k(K&o{R5{A{@;cHHs%9b$YZusb*5FpCrg9}}YWQUP$Jycs5xVufz`e?}ZnwN^y ziZptaPe&i|s7R)2^+nwg+g(#H35Nk=FNQrGo>?mCRg+?==<&MTDT%$dg6;>+THt=o zEX~fx?#U^qw@loN2hsuiQQd(#(_L~Bw zp+)oO;vd4%1}jI*O``Q|-!#yTgd^^bw;m3+%41En(7(fd96LPN89*i+N~2^RRivo! z%<44?M<88%a7b(65+N|Upv+#?tn+3_wd5?XAy4~;D4fC~ga$sYIr;_VPIJQ(lW4=| zQdUn`v6oUd*ZwP_NwK5MAOVEk>DMNza|+lfS})tzTb=jz=ar+QUq5l$nIeDad!}bmhp5nz_)RYUn1JPBgZK zkAtI%xV`-~j~AAe@E5>Dcq$VLzr!}xnM#{(pQ zm)o;l)wdNqNcXYVZVd2_JV5=t8zz9{7U<;K@g)QB9@d8e@mJ2v?l>Uo+3p{Y?wU8X zKv(++`*AM$QeSmTe7isf-AZl$S8K9=v~){&ZUzJI5PGfH@Qs;yJ<7)ayEoswOq<^= z+tL4gX3J@7{orf;DuMw#x!ZdOUIP68)%dU3tTBcCHON((;P08qteWC#x>)-w$2UO3yhp2{qe@2M>?wj`3EcQ>q z*9&^#AJ$uzTf&xgUae!^*u?_n_v=F-J)Znqf8BBmj<4%*U~5c&sPYA^18Bqw`K`L< z13;Uk2k+E3`2lpbhkfX+{_WOZo&Ucn`hU^Aeu?!8(EW9PPKp=z)8roprO5&avT|Ri z^gz0Dn*cuYjCUIN)yx2#W`3O4!28#`5#%Z0?teGdda$P7d^ko#-^FX z9Pn|By!HL>Gr0?v68#fnSyPa|!J!KW^^fuX4S07SR$cc6jLFZ(|)SfG?kz0zKF$HWX8Cjz&dzZHHK-ih-UKJP5fg<-v5B0jA1Z2MLq zIx)7ak2W3vcuw6()(5`<{b~@o@9X98KaljV!OrZyHEIBM<1cE}e;Ah!AHn|5UVs13 zE$|=2)}sKbMnLWUU@H;QqXac@^6hVV?yyEj{_qAey?;DAaNTZ-2ec0Z*%y6FH++c@ zo-BY*zi0dJ^RY`6{Y&2uvVU;3Na241zH`p(C)ZapPhXys8oB#*iS13;Y~c96X7IN} zQ=dqH#-`tlO?p@_NZ3UFm%-YN?4bXgz#SiM2WXu3sEn40oo?3^yItHr%zNSP_dNA) z{taYZt?@s#nhJpI_|l7f=KB|~5ngm51A{{L&?W=8+I_jROCtHxAiG$p+5;cbMu%Xx@AD zCBt-2cnM(vo(^^jV~&8o5sdP;#|8P?s^?~C_&?oo4nD{sfBWq>{$kF5aLDGD09;lr z^b-;YZ5QtUH~4!C;xD(BI%cgte<@&!Z9Z$>7){_8UT@T(K z0AjfP%FvVkpR~Edefh1oZ!c3UfEO1RPTot(zhUD)6ZW5;=J$l}7JjLn0{TCl4$0Sw ze@_wRAmC;*-lkZJF`=4vA2nZ@ee~~i!pG*RssmA>q<}ESLXD|Qd!(N3yEd4=unm?bd+OEuB`ojOq zwA)~p-FMsn?CcM*{=a$VJ&7)nUqi0u19tr&H@5j| z4h6Iei2m#Ozbz&IXp@;JTux{wVd;C2YXSV*QKP>+rcTa!2v2UMhU-dJf)=YrBae$wn zU;GK_Z*Tt3P1GItrM?WNd%&~$o^Q-!!8ZS>@86rPIN&A7vHmwA&y@b$fVHi*WQ_vs z+=d9ZMDOp{sU(Ih0K@-NzkIR>+DbvY(4AAh0H}c1+*wZK`Lj9Ee*>?tmu<+Ue$`*Z z<;Nig9R5Uj^7GuMlk4gS#3ANwhZ zg8$l2)hq!EX8xQjK;?!nQcQ>iVEW%B{C6V#2kXDMv^~D~eu}gBpoVQH{EAuq>-lV_ zbQmDGmA40c8Ev7spNj3W(U+FYchnE*P3*R^P9D9)>yw2|WSIAQg&o=9b+rwE*Zrbh zq~Ok@Gq7|;3$sCX-8JYq2)ypAX_mG!H4*iQv4i3|dOA+!>J!wqTAi~*x=Jordb3Gt zQ{NY?C{3HCg)Qjxxg=!5doPh+^0ldJ3f*ISiIXXs8do$?-eYbDIlj6In6f{b=;OEwWPsl7?cfZ-B;;^*;7%Ai?nB z^~|0NmlUvOtOl(xtCg~|wZ+O^_S$gbrqYBuQugRi=x10Ry{;9Y3?z7SZxa&}Vg6HO zRLblU8z=spSImAa6w@B|%P&jto+6#fjwaMA7qo}1be~U$*xKqklvy;egBA2qJteja z3gQeCQ^UovTftUB&*=sO&AJ6Y$Ur9X8cjoIAIoPykYBQVv40#)%uuCluVdA50APl( z7Tq@DMA@!&mW@hG46tYV!LzC%Xs$1c&QCJIxsHBJneV58cl^}OD1^a;j`O8?bsX+% zt7Twd)Pkm{e!_VeLvra&ZZ^bKE+fvWC7_+69o44Q(P70HSVS`NpS&Sx1h!dPZw$ly zbh6&%oM_3RO`$z?De=i8tajjDo=*li(-5=Bgc4BNKbVsEG9G|yJsI4;$Y5oMxrp)r zhlJdU+Ub@ai?9&^P`P|ak||ihGE0C!-t#gH(OTy=?B~1F5y0g&1q%N0BioCcg3`JR zKR*+q;~n`%iEDT0^L;@XF|oi4q@5TneyqwwJeF_?SHxjmL}J<@RiHY= z>Y*-+@y3K5@p?>qO{43VWxqY96ZRS|0OS6(RJ; zIu50%PY=t}gUJ}|DHz4)Pp2HA)w;g7(KGj}COFFTO+QrB7R7r7l3i{lRA#G=czRE0 zaOl6|V91)?e?~4*#}Fv42TxIZ8_q&fOk_N7>pTW!O=s3 zwjWsmxv>#}%#7?yZ7k5H=kUCDHWfTl-a`e&1Q=w`12^v*XrqN3(~`|5RVGKuJN8dv zgo1UuQyQzh-wb%GYBS2P7N}B>nU)#QPf+_0A%(WY3eiardi35JZ(tj46uPnVhl5LH zxEGx@2xBohix5Cr&St4qRKUt; zOjFO71or0Ckq8rlj&fEts;N|PNb76YfKBaRXgHA6IDO*Rb2nwi$q7=9Bo~l-B3tkU zQ=Ou(<*Qmx0!tH9>z{pJj=x8)4}IDK<(v^9MLcyEY%`yN!VtUF6+e!jN|T&IQUkr8 zCHFAN(4=3k{YKcbpZZCaJ;&OeP?hs^QxM3l=pc*4T!KsJCzN-^E#)^zczD?_ZzT-C zQnRasbk(==NsW$Z;wSN_r8HJL?Kjn~ zLy=cH=md^q;B0RW-m-t3%VrJEwhiDT#JKPNR#0Gk40t&Z@n3_=(YQIlwOe_2_5>|a z!Ryi8W@g7r@U^Hfd71Ef5lL5Vt^^aXVa>+Avix+NFo>t}r%mEl#-|5o(Y|3gRX(|j z&eZ{FeG7 zTHLc=Q1W*24lT9dOK;fGT2Mt8w{$_L>Rz&}qqX?1CduUw-3h4D%_7gC7BZI?IK5Sn zmKNakpXud2M+m|!4m3F^vVgEvM!vfq@;AIwUPq;u(OG4atVRbs0b~V(gcEp>5@$i6BTGjk^ z#f_O$(bUXOUdSs<01`A6)PpY@;kwuBzS)-_wwGUnX|KtdmMd;@R?{hNl?q4$r@Ekw zacH4}=P2ROjoKM^{VdFOjIr0p2F;T~K18i(XzI%NlxkC!6~(yBu40%i!|7V3xF!_& z%nL)NCGBY8jhr+nv!ge&A6006dBQiwZ}V*Se2yvIwc$FjuC{z8LWBvr0BAJ;pM-4z z#ODWp{Ugx_2ULdoa7C|K4`NQR={x2d4|WVsrW@mh;3-uWdnLh=R)jmiswC?8yAg+C zB_ROwvgy$KI%~lt_!RTxV6A=eS{&^7vQxm`E4;KfmdMkH*MDf3kS1a|hBOINDK zF{E5El0ju$F>0&2Nl&ZG#Xs9a;_X?WO+$p)MFNtP{<#ci_nv>H>Ly(!EBEHz%LtSw}Eetiv+$gwPuVVn%@Z`;hEBj%=s z752x4xhhm7pCT)27=2>vZ&c(63L`tF@(kIw?}`qqIJYOYvzvy>O?9;#&umOaJ9|Uh zZM!-XVlIT0a~OT%e$5}zH0Em}b}cG%O4m!QR+~J92%!ti^i4RQsHeKc@VVSIfhRL6 z1Sl^QaCZu{IlSO>9D=R#hs&%734f~cl1q`x(VtB^cO=XQC*=P%5P_^xbfC)qA zYJtv26HDIiNh?QsCbi}q*oGS`s)wN`(wV$R@v%Z6*-pSaw@dl!L(bzSnIMU}6@KVO zy68gE9eH-*MBN^v68g8+ksqxcA&T#Xv2C*by3$Yy2UxLvl)B3vv~Dbac1kxHRb;4p zKE03r7TI;$$~jjOsVmwWcxWPbdSb^mL@tN%vNw0R^^o(R9vkkxu|jh+YJel+wf$&& zthJ_ms5vH+SLH1&?(>PI0sk&SR?~sVfZb0BULyxwny4B2wx)lu?_>`i>e_SAW~`y# zrJq+g`Rz7$_5PqOe_SA!B64;-C&Abiw_PKrOJRl1l%A9X&4nUMu^RhqlfoQDd5|%$ zqg*D^r5O~Xi6X04sP(}nkr17F{6;qlg)b2!t1{m=$|+}W>rBlp^V(|GvTWwiTBPhF z@kCiKzFfDlX2)AjAA>2D-L40=xnC`{ zBkHG?Qz69m^ds@ha}Z)&aNm!}Vigt0IQgOdpRfHi6fQhOfM(0-y#P0E;t+s_4+?jN zi-5u3Yy<5yuv80cTnbkGwbvlP(W@o2$jSTfDM#w&>(6mmG0_%gq00=ZaSu835ou-&fA zxk~J+!t=~PX02Sp21P)`)p6-3+b&fI;D>g=~YVXa49zTh9P4R5`?sZq$0f<(;9?r5`=4G!l9jzYvb$+z(MXjJ@O}s=Qz-pI8TWj3amcA{K=AKj8 zR6|=xO4fL7F`dP=P@;p;cE|X&%h-aI_^XS&dG?~4>s)4m?KS0os^HbYdHoDnN2A*9 zCVp>0QpBO{C@A0HCbrb=28?+h7+Y2&fyX_24`>T5 zASV<3&i6@T7+8!+*zVrtN%HDJT1dx6Y+hk~z@4?mK7+ z0T+d{9{A9R0I&@qV)=As@9WT+Dn8o8SJuT*?0|oHM?#+JZ&3|59@`1UB+_`tWFJYl zGp;VJJyZWQ?d_bpAK{(y*bJE}_F2cM=1sK;yI+w?JkdHn;~F7hv7*YR=B>KwF9M{L z7tH=vM`j|`l+n&IXI}o4pFgto+U8_?37muHD(<%$R59+4m9S z2*ppVh%2-d@~RSe4W^+}@I6N`j9?VP_ zKq9XO6?FcS_-gPr!27k0)>-fp3o>I6*j99S5#Z$)dO7Rl;zz$G#Hj(}=B0=T9C&kl z4ataq{Dza}2^*74h__^>YK&Z3bH4k{QjkCGwEk!0gliofeon%h>yvs$5d^3j2D4do z=j)!Bf}Sh>qltldt#^95D?!^g?MkWZU!DqdX72^)4uMGVmrb7qpi3VVS4sjLysPl^ zY1N=|KK0O36y5m2kH9@IUbY!-I9HJ)rhf9Mz?QtT+jy2<3BL68tgTCU0Sx1SSpn|8 zmz>U)r2V;;7ya%R;N=B$=r0}H$$-6h@wF9`)tU4WDP%04#Wu(2?>=sD_^;kcJ!e6Ltrn{6W(nP21S=Dy7<+Xm--k$2=SH* zeep#)_0!RCkR{8B<08(t9XZK-G>LB^%-jq~_W3kH%^C#(?g>r@+bf7;=yd2|vIm9c zkT-l|9^+yD)#xr5yi>``_95Cq(3>0L!H@SH8Mn(iEkOXl#Wr%*)lBY>q<={s_d9pT z#|n3EcFZls0a+3BE(sGMwvo`CqmMcim1;P-(gFj7@8Iq2OqId_!Q%qww|&fCIC0rnUnOOE#6mZybyx4yKQXQ+%XQ zLG>)w+kLv7Zc_CM94;-*rc8|oHR$12JOKu5)R#a=!0+Yrcz_@_;%oLuS|K0alnPb=LC{ zsNL2aTymX;b&8B=hDZt2RfGNqfOZ)HL4L z8*I(!@dt|FDDpNNC6Omrvq|>A7&h+OVZ(IzPlvwpIHchzn_+9Iz8mkI@%7K?o=NS< zHx$f%n(bk#uC6}rG54+-niVH~9d*RdXNTp{phJC=Q;x6N$!5y2`o?hyqjgSLPIxGs zCT50dO;<^Jt?;bAek(?n1FPzdbOdk}?R6N&F+#QzVL(-j<~QF%dP`vP@fI4~`A%mK zakz%JKJJ3RUqkoT)kK9kV|JDx=!&GM7RKaI zh>m6?B*$)~kwDL0`l&{>cou}HAexs(>L~&5W|uI^&n{_JrY^+Z+;auY6sxwWq76ox zVJv>Om@{JbA~>6dmx#rU=4*H0L~Ypv8V2oZl{;vs%GY?q82uF7r8?fJt->-1s~R?C zQyfrOlcew_^^af3gc2KbAo;1;GdcIWvq5>C$wi0_ttT@PMt+K(4rL3 z-golZWU1)6e!j)Z41uG1`;QIjDlMP!p*jOwUylh24|*p1js~6HLr0uK_9<(+ye#EO z>A?gl!hIq>0r#H43+!`do@*5`9@{13p2D)jh#5g3f@&B%_lx7?H2T!^6?1Jl#7zFl z<33egJn{Y+LR_l4p{&oSMD<5$%o~zMW703WUgT0wC>b!#N6_F=TN}hwq^0avtm~j! ztl!)T&NaDd6NUmG>B9OGD(Ey=!#ZdW_#Q>NVq3nH=_P%v9)dzip}B?}E`aR14}whH zc~J2^V-a2t0h9gCpJU@6h?F-0F=&1K92xrUTxD6)2N{M%%`(hiaGO+}8&S(FFVL`? zMNCr)HmoP>^EWOh{1o-(U5~M$pVUS$@b5Fy#IU2JnB*L$YAGbYKoVZcQ}%kXNae25 zkMwDMDeN7{=XyKbcR352(ab3jI?@N%x*zmj&<^$m4H7d)2}TqVS7^vxb|tl^g*qLS zCq??M53)(9+WE&JZIa29X)JHtd`JhY|5s8gW&$t{40JCv##Cx%XwUYq$&L0bI4qIi zUBa2rGkxJmrVk6@!P4_=k@`BS1VZzNqMLKR1lAKeDau4>Np3uhT`X220x2%{dkYb) zj@BLv7rb!sOWq-0tkmI~+;R!8gqY6TBl;s&r)Sw3y-Vy}0B-qf$ zvC<8!wOmn!PgPOGWUy96Ri*mC8)Eyht1sH9(1;(p?;(nhQk+pl$AsCe>? z6HDaj@T=WZU613q-qs{?Emnh-f2pwXD=T7ms6?eKcPVs~n+aAn^BhG?aD#0yW3xjo z|6V_95wuDR4wKLxy3hRo@OD>GaYoy|-~%MM1PJZ~cXtWy?(XjH?he5{xVvlN8r zxVuzW_TFdrzT=#}w?{wp3lGJpZ}6>xs>PiD`CAUzIONZg zy9E7yb?3Wj>QFu6?`&{+Cg$9w{p@P7*oL_5{=rRm;ujq%<_`3tul}`T5MuD+r2jAx zup@6OMi*{dvM+r`6+sKnmv0giypJ8hh_p?n?y)}F{pXr~vuI+hwRn7u(D4W8)IoK% zsNp|9@1FY{5A@*)WF)T^6F8OTNvHTn)@p&nEN!!3Iwk~M&d zxZ5KB4tM%a(CuQ>hCek;iG>*&N)dpI8}D~@?{4U^$+Q*@Ny&@|4Oez9+u+l3XQjS2 z40c`W@*N>gz0+hhV9J_Z9P_iy6vR^TakWFAIf>l5z>TX9cRqT7{in+{W&8nVj#e0N z!FL>XSZ@bnq>il|oMHRkT|%ibBO*Ml=uT&!)S9y$eM2mg0hp1hgCoa$pOmK?XBZTA z1RnZUmv^k-i#EPTLr$QiI!&-u6msrr5+k){plmYFR1)`eLJLXaNML>X5DPIy+)hfbX zThw&E1Uc&_vH-snqHHT2QC_rp6cS=VWY${u)?s#v^z_Q z7{qmhxFinLG)lV;_myyOdhB@hPDUhUqkVR@P;cygBG3m@BZ`|Iy04?m>CxVI_`()3 zn_cyBs>SVNBJcwMJbFu=0>U6Y1GZE?Pm1Zp^W$-7BIX|?>Lxv{Vi%`HeZgIY)8Sos zoU?wzu2tt>Q`1ni8X~|r!QPY0hq|hvuXOj7^i}p7W8YTlmIS6;5?g}Ko!L~3rgsyZ zoa>GZoJLul?JV~39G<)9;!s1ge{7(>fzv22CAYxVc14Fy;v$*@C;)a5pOKCP_Q~LND6N>a8>CyWzgJ8E1bB|hBm z1Eo{6(eI1Y;a{vIjbt{l6Y+u)ChZ&p*2@OFQ5TB*Uf+)!+%NzD&-eX~u#?ZuqDEzV zR2SYy)dmX}qJ8Gc<6t&ej*F=|;;$op3+OGll=qicbtcl^TcL4%r~pRcY$!q>OOg;t3ZM;G9B zP`RTVwcOmjS?8F?dB@H$R8izqz01pvP#GW5(FwLe8Ev7K5pDbJ;H8{EMXS6!q58!y zRQE!oke$Q_y(lCCsj4$_GUi7G=DaJOfg4$#L@{YtVHL69*oVM^4}}Dv7Z3i< z2T*rC45>?Oe@G{*&lC$o#RJK&etXbx>X_1FKFA>dam4+BFZg}2j}7-9ov`+SJf$VO zi=vI+9Sr+4vB`OHdQ_*@(u_NQ5Ld@Mb-hH0f-kHlz&86uSgEr){!p<`EOJ7^H6OMBubn@=&-Omw z7gC{(x>OR&!>R2=mz1x=&e~I^B4}|cO`U98P!pMdrkbvPdT8xuJBTXc23S|U0T|7Q zY&Vbz$%8^gkb8UiZ~XYtm)yYnoYqdCqj(d@wH(0%U33~=l{5*ZUXBzTjTa{$vc8Y(OGmfuY%O>UA!%U~gV1WqA4zq#0s%_{Cx zc+BFbZbAC}%w^RTvVTmH^jEff!I9=dnY1b$(!wch zgJK*LLBu>WC#lb}{W<7-fuX(e+&7d6sfPBTb8HJ`&P!OytHGtKJdVa>?(5EKDn|_} zQVt)gW<&+Wu@5u8@C@ z66J9fFme}3sc1;a^HcUNcqf&G0PCI1MKgl8lih$B6+SBJs`-dp@|OiX9sYT>G53RC zQM>@+{rc2S$kB3LwX!8eYk{}SksGrl@5c+qXGD}AvbmKQ;_QjYBGAYAoors|OLqn< zekn`8J3LjBk=-(oSmuh$q@t?rl%y5kmy+@P5{F+fHD(z#TFNtop6>3ISIF4uP-Sv0 zChALpH*-k>PHYtw9j1n|TdFW?I4n6Y1{ZuR<*wNP<+lZ`(On(c1+`3z#v_j@jH%qQ zMIDM4Wh@S@gTk@ygGd>l7PLht&kBogobU6I=8k#`qD8PUwj70!Va%ipG~HQ;<>)#h zuQX^)=3Zz~0ezL}RLX~zs*=#0fQ8$mu}hblQ`tlSn{I?NED5 znq^|*MuWgu8nHvoU&@-QcH!CX`jP->%Ha+&#~CVzh*!j1U3k_;2AQ{O3;FocngM&B zUBy$gz!q$v5IWVB7TTjso9MG015GrLya0L3&&xsNqrp{J^Md+{tz&e;CuzsFs?Gj@ zGoYme;V2{<{sfJN?dA~7hd?R!D2&%V)2Kdy9jUKJfxO0kX``qw@l#!I&-I}|pZSH9 zd?$+Hp=jI2!ByS(hhEP|akaz;PSP`IsAC?u61CP0yi5Uq3xS8|2)eY*N`?o(9b%V* zb!v^xa>o|~2qhpl$ZXfH0Wnyuq1S%y+PJ{5;dj0p;KQyf=ZBOP|13`n?lnEQ7#0S~ ziIU!yuD@nrSc2D{r*kom4L4y;p$7p&3(5@62bM|mfytqLK4Eys4i$rrZ(g5Aisu}J zGWrwo2}!rna~(&+Ed*d3f*2@*n<|0xhl+%DX!z?0NyI2^2=&rWFwu2&P2&v3T!r12 zfjk4Au;3!L$b3Sc7D20BPg_uQ0*-IZW1>-r zdttoKMMxy(30%jhVED3rT)kC(Rw9!tgSThjH}N&3eLNuDE;KHPeJW%po`ULQ$gj_y z2R&4`pCR;~x!3y7e}ck0C{1!5wVQAqI>Vewx>pbW+SBGclC@f3iUT9#A2s20#gP8Po4gt{7DA4&ir&A*um^mU* zgv1G7&{uZb4id-BzN-3YOHj->r=;eUE7j1Wq6fLbFxI|lG<*5}@P)~bIQ2&mvM@)u zfemf^?aa-imKL(B%(n1=T{g?)j`sPQzFI7VxZD!|QTJoT@J7du>l zngx8^v4q}|uhE;9)+rFOMx#gHr$bY=7)=F?PaU-Nw`WU2_32tBi`rQ#exEN%R*kHw z*T(PT4GX*5S_rT@^gtXH0+s26(k!LAlM}M~g&fn=7|KCMbJJU?_&Pha)8407+@(bw z6+Yj_P9U+X;@fy%Y(5`v&<*){ptiYUn_~lC_jX?{jX_Bc0xt*ZML(+z7(LdwQiKYb zlEl>tWo{L`6yQ#6f0!axt~lhodx6^`s;Y-0LskYCbfv z7SI&&i~k`1ZY|3j_q$V{_?xV@-vj11QcyD^u)F?Y{RVH(|4Df>-vd+B`J`K|aSPPT zfT6gB;`1I&6c*G!c%5hYU6Oi9w?~*i1jdPk9@Rtc#}6Qh#bNBvYI8vPKpSQMJ({b4 z^r3=u*nkfddpBnHrH3;&Tv?J34^CecBkMqj5jz}cXTwjwCT78Z&vp0#QUq<|8E)Q= znN8CiwZ<59!Zdkz=wUxx2!;m{UVs&5W^#Ib%owt39M~_wKkn+?P1s>?X`Vt6SFAy+($Dd0fZ^;a=hWIYag{ z;gluK;4Pw82DJ@BH$Ev&C!>eg%ZEgSqip8_tO{S9=_1^=0+~Z$;#L4F2Y&~Gii>Q=l)oW+< zqUzuK-Lz6|chypBR1Kl}N`!dFFl;v%B1{KSP)$DR$k&=+f|>wqH5xw}gG4Z&^ufjr zX=-(Tl^XB+{^^XT4v#uMZ2qmCS2Su%(>!mM83<>V@a0Czr#FFcOj7}zASq)i^Hy(4 zx64smBzS)k;9w%DAs2liBS#zEX~?+T*CFypw|e3 z%xSLpZ}}ga1YIx?@$Gq)YsBN`_wXH<2q7uUMwJfm2%j+fsyoF${K&&7X6zY zey*3Q-Q~#v;7xYas8;--77TXNg zi3yZ{q7J95qq`;6LVPruqkxQRr);cQ&282qC!WsGQNyiN^`kh7sa|GPwqcWA=7|n` z9GnotGhAhdGUZ2N>?&mZE&=Ttz|1L+xzs7X{6-ABdCLd%g}F^l))3t5PC^0&^bU-& zDckar@rJ$*^JN%Z!9$IKk0D<;Lr=-| zGHoW!frr2Wg;muVBN=+A9yg}bHUsmr`VMh*nxy{ODg63=(7$mjdHUNHdQtgN5X248 z4-*20P6o$tVxy~hmDn@;$WD>9pD74>sA=PbldjRYe`CePK-^5TmX)DUNyG+R(kl6z zT60T+ji%OEGuFmWH+Yxx1*+4m6-QH&5Rj034fz@BG-7lx3jY0=53Sur+R)kU6lXe!A z`#mP6yiS-A#uTpl5%*BUnE6M_<3hg@0|7AeuD~OP5X0+fl?QTV-6SXYXIv5U!>Yi$ z^P5eF zfAXD@p85-U-J6M|_eB3SNe_8QZn*xz(R4}jSebYpybyZ#W@OraFBc>cOaZ<7^);q5 z-jcRhuqEmqxbycFL|g5sx0jdu!6JeEPxQ%zxsZ+>0*CTcHL!9#B9_skC=b9OIqLZF z2@x~uG2s~o?&yXTAz=2^BT)=Gosr@EHC}HqsnS%&sQW$zc~FXSx@FMi63fDB$c8G$ z8@>MkiCw9@7$TH~$`2Npf@h)U+iHwR3?Y%5nuTYZg%Nx zNT@xYr3=?E9s}wXB{?g%WpJF8b;UPsY;$ImRn-^K6JP52bmBJ?{Kx}Z*GkxkWhGqa zH^@XRZ4#P7E;keA$oKQwzl(C!B*PYZ4?w%@WF(lE{WdUz0mGkSbOaDqX z(m(4)^ID5Lv16bzPU}PQW?t2(blD<}Dg{V99R)Dl(nr&y$pLqrouw7KX(pnhm2Fv& zboi^sbORgIPFuU2@D zOk93l_@+zhY)3GtCZ4SuyI`W8OHPsZ!l;2`&rWqE#|yNh1EMXuRl>PJl_Q3NMnemH zB|f;Z2>y{EI>AZ^$0{-`udIV?%{fjT$|R%?eag`CaJdaHBMMSoc1KYw=5O*TNoH1q zQA^tTsrW_j-F2ZGAE{gFtw*f`-LKQLmwD-U)TS{urGPyfD~8+d-Yb5?_AxQ-c||Yz zaxzEml*P^fU}hrmt%gS>JQ_`<`8cLBS;8VQ-ln2DEdehb^ZD#q(}c;Gx8mE0K<}b( zVp%v|rrUDePN9KD_i40EpZ z%2%ACSl1`on36)X?~*kSH#Z?1-;l|%ZqoiNE!EIdEtV%A(_Lv$(W)E!`Pe>x-Y9YD zNCcj`^r?;mgJ!l%LBq%1fseq4Jy#N-U1Y3|5plJ8d`sief~P9v8fv))b;yO%Y{IKP zt+h=J!F8Ioq?rw>r{wOafI?LAY9O`nnA<2dfKFJ)&P~f_BOFr`x#7bmPgqSThlMG9 zk9qJd2^>goJFx55di|z$9l<2D86If!b-lv8l=7o=w=mn7WC1`iv~$5mYS3sPP5n z`gOnVEkt!6rh2@8tyuCvA}nz6;P+ERA5w;N*&vlKQjT;^FP{via;OoM7>pDM z`lW=n4Qrf0qpBlB6-RX9iYnTXiEu7&hbwR5$o;EqGoK}EJ16*ZIfvmCif zJX}UdzCeUCO(l%n{?OtCETwf_!@U+4NPG2+-6Y)id-240dg&{Fht98`nu|sOT%Qs0 zPFuNxwZf)SaAqNSN%t--eO;=`RyB0VAImv?r}b9E-E`usFNcnr5?kB1ebZt zcMPij?7Xd1EM59~d(nN*lkTE>lw?UdieVBcwrl^+RvIVL$%RL3a-Y4cMwKB-oT&Tbp+n7I z#AF#O^~zjKL$<;1v_PH@6#uy8H;H*8z5p8r3;0~5rGj^Lvl%n`i)ln~bRi7%BUFLY zV9Z7;YbGDlu(sS1YTwYszo1jyY@r$Lf>|Ny<#xTSH7t3aHuXowN$SOSbT}fOKNH)J z%*@P40-Ge%2FaClDO| zD9I1J^ou?zuA@$V+Ytf#oS<&-$Bk%y0vBa{y3~XF2?Jj~#5f5ja+RFUN?EH|rhHP3 zw2H&MNp9nLg-(iI<*-KDI8P-BwQW)Hmpo-=h(?_(Me3hW0X14;O}N1oo3HiFg{x?Z z>r??vfAT`50Mr_-Kbmbbuc+poU_C$JON3})Nd{S?s9_3Yt7F5&AA8QX-^Ad*G_C4Q zya0m=h=KRUETXS=UJhu~CJtCIDTN-ghpz|S3jj&U3K=mXkFI5UrRR#IGG1!+^Gklae%_qruv9`WP$^_u zsxN$Qi3wFvcGeG?RC+BuOn>ccBBfF>Fovh2dtEy7k*W=Gf$9hql<@J!gI zIiKoL*541b-!geWSp>QCKCJ$(3IXE}NaEuWb!34EBcz4G>`u7yXlu?Vw@UC#~D}shvNC1HeB>(;wry>jLS;23eGu z{;<8Kj3@Cuas&VcGG*q?cvB5M4SbcH!gS9RL-w4*TAW4f>6m$AYW+25?BvEl8%&hY zfsstZAyqO}wik~4M)piMA-?VV`H>}RNEhgvpA2u>l9>$H*3TK~7VLpWgHX{=yKl%$ zl+BmsB(x$JW4$D1`!S*0ue^l`Xiy3ul8Z?y4Eyu!tHI3X>oau^hdYftN=o8tnViUv zcl=CSNBl;+GLtDZ2Ga3HhPuqv308zXBrv|KFX$63Wlt0$uf58nS@0aaNyNl@~>GqB@;C>S*yR3)rnl z7Ez5|Kkg+RKae3=IE`!uTlFc*$Wf)c!rjFjv&IGWt-D|dulpu|@7!1@CmGRGY177J z&ZFTczT%3Iny-U+A&tS|lN}0(@>-%d1XJ6gW}bm?p~5)>pH35%CT-$ywlL;nWZ>ld zfFt?QP~zF+*Y)#MY%f;36nX^DBSRq>^z~s=GZ>%LZ3yq!QEVT$@kW1TpUhT7?YM-J z;XwZS#aRJAwAouZ4^(%kL>g;I%^LIr`&u`^q}EI~BU)4VJV|hnJ(Mf!H*fetX_e0- z(mykbq_!`Mp2YBE<3SB4iEOuurhFf}h8Emkq99tSBaIs9-cbAWY00ac8OBTXPX^o( zAz(s_wW=~pq;W?Cj{o`^>s&zT5kR$kMr?U}ybWAxEo>G?WIj7? z$+(cZDQYI6QX$VqF^7WEibZ~^60T)@T_@Tm2xnAME|Kgz&!^6?ZF4oZx47WZvi3jx zlRwJ{&!>b!ghQYxFb0i(4D1Kfy(}l=mRE0!QK?-)SN|}ph>u)HWO}^+jnN=^Y$*+^ zF*7nu=_#xuZCFl!%_(sJ9=er$UDLiYh1!JYQAB7tVnC6|(5S^fXGt_nQUmw@gXD$6 zQ|&^?oUFxkf$8p4(!?7;FJZ2|;&j_`q!g|cR5p@^}o z`VlKJZKI%qR^pU7)uddSc=%WuOhi#{A6vJ#eji-*p-Xuq3^Y+^L}aeBBN2?~j5z}r z=}+LJh}Pgo$s>~t6BtBkp8kEqWau_;3*bQ=G;(}@JS!cFgBsMq#@yTUbE|7)oMeS3 z9rgDDwtKxcvoq2BmlkXYS%^)vA0}@5C$Arm@7juN6;cU3C*?F&)e9=d=<%48aQWIq z1L!Kxpd;CY_6$@xG}9pm!v`u!Nj3Gq7RB_q->o9Z<)yfr?Y+x8M>@*ACb%_qShaVe zzCV)B1lTO^A(yzcR39y??)Pxb)juoVB}kAAb#|_G2FbM1FbJrY{LhHj$-5ti%SQNf zRmadR;JURIxJ9u24*08kTqXf&If(T*ZnfNOUVvo3?KVIo|F9o!K=bgon*S4I0z$l2 zD}n3=zNi0!fq3}%hW;Par!K`0tEsm|9S}j$3*^Jc+j+kHC&%&+RpEbtW4NCI*|O?E z?_nTs1+uP6FAQ`|JEn434s>>8+}6Pxh4U$sQ&^+UWY-^l>bGN^2@BAcmu$I z78l{KFw((~z4!jFRqZGP+Vz3fV&m(30!>-{<^OeZs~=a(D+I z{Yy~c2EkYVc7NE%{7#wwrC+(*2R{(}2Tk@0cVPSvN26%_A3Th6hr`-9aN@skk>URD zjllmT!2Y^1pewUW6aVw_m)>N5pLeN9@vravx5a6nI&S6wA`AV1gLF^)_^YSzh`w(9 z_r-i&b6Okov!M}W9rXigM2Xj*{VbwTq^8Xi6qxR!Y$B zbI)6&3K2jrCee>e-E~;!hn}}yp3#DagF`OL76iV13VeF_V#7)`uVS6JO?mnS*)%A) zhz**%x8LGwDzD7d$2V-@xXUQ$NY4ZobFA$oYpV?HT+5~gZRsC2sndVcwEKEs1%6HW zUrZeIU-VDpN)@Cx23n4)`H`5W>d@MNY#S2B6B~ni7!hI`3^5+{b5lLz+ph#KD{64# za;1+;6nV^vWMxxd{0Mt@4zjQ%=NA6h%1ct3dz<^(A;zlW3so-w*@OMrvw-(?KO5IGPK$}*szv}M4Cr#WzU=Moi?1F zc+B7AGoubkjvFQX3mEWZrk+)M|I_#}!8mhlmW~ zyHzeTAr2g&s&7KUQM=lV-=+ljawZ7TaKmDL=P&0i2oKG%(mErrBTu&}kVaXG>ZrEE z{UIJZZr$CZ^OLe^mthQpke z`Qy)Qr-SGnrd@aXc{q^X@(IkINL*cKzyz;;FVO7uoKo=o?g*GlB0YW8M7ZE<5FA5~ z3)kx~>0do!|9M3Up4vB(PQbwuyXP{z|ytK-hTg$ENgK4wJ3=vsGy zE<$I^33y+<3 zrdtK^@nH-F1{YonU?7kCoqjgM{!A?T5T(cV=Lgo9d2X~Es%e@Ym>8`P3{u}SI&<`2 zd2W$_aqe?}mFiY9jeRLK-L&Aa+0R3N!@)@n1o3vQG5>j(8 zHKgCwagA1T4(Lwwtn9#tC8&MClXJY%-{lS4E(G}Ywj7D5b{8;@YeKwVFG<3y&KQ+u zm0oa!(ar<3nGSXh9lmNX=QL=KZmH*-Hd3tOY?humCLhu!s5@A%ICTYJLXmJUV(4h; zqy;8^opEgYmLYjtL>I48F^zz_brtF-AD{jd9O7Bd$`@<5`*kZz#w_lNt5WmT`RQ;q+a}m+ov_pXSv$7YyeVz)Q zqiXE7Y1P|1e~cDqd3VOHL?Rng9zTE82~6) zAIJVnt{xs`_jCGY^6!WTjoqmAArBXM=nW^Ii$TYaWaxvIFL8vtupTsW4(Pox%3c!0 zb`oR>rF|CC-){)1PoRq7op&O+m7#){4ZuYa(RYsm>GXw+yzgd{pA)}pPI~n|nm^5k zkU0>20}mIe2AB!kjz=W&63!N@j?CYsVwfysq;~E`eZt?SU%3ulX8V?Uzn@~WSPXf% zJ@OX7-insPg=aMJ4md-(vI78oT`h(#_t?Co5ne%MWpjDZIC@M15P+dpr@03KWb z#H7r?aDL@mWXyoT&C}ahpV3I4-nxK2(J8cWe5u-E!Hm1@?ABnDn{u9Bix0 zkW*JalJw0Pdp{_u|0t(!sbyMsqAHHRgTE8m} zKk7!o7e#KGUC+{${Vw}#=cd_=N};0W#W`l0#+BTJ_UE2+B}iFQ%Onb+?lAi1V~mq}MX zgY;CEW-ANLD1stZfl@wC8}e!Ox+iT#7zVmIoj4rNNB18V{33frBJWSkf3KN&!W;(r zv?39B#*M^uaD-Itl%3AFW6l1jH?#2%Z>BuxtIr%(MwErPAC?Wkborz(+LyFDL$K=8 z;-uy8T|T9Nm)NMgZkeI)PjfojWOHS&InM3bRNH=+2@cgPLMpi4-a0@1$WzFbovIju zrPGG^OQG@JhItTkh(yWen^8nz;LzL35bF_Zi5aE*pGuqIwMFqI4~k0wI*tJQM9RX4 zJPV%OpW^1YQ9ow2U6O-slN#Czwb(L>bc;hO-sU~cRbKGN z1z!*y9bXE4zE~Yg!-)j{Y(UN^VtsTz{~VfdI;=GN40rkw;sTo&;l5HW5eCP4ZgHH%{W8FCloB&Z{8L$HOXQvGioA4 zt`*V;mfh5n757hooj3Xr8IJ7L6yO>^)rubn{_Y!qK+U{EzgY{1YBhs&$wqWZ!}C!w zQ80K45Q3Tso5|gTB5X-$0m|--9_Ek2&M~cO-(DNBdl5I}b<>dR8$2&Yb8U<=*=1|$ zFjc(EZ`jh|G)+cBupZF>z?D-@ZrRiu-d!7f8}KUe4&c|_oTut1xjd{M`zDoa($Z&M z+3~uk&w0qQwWynqvRil}R-lzrSDm*2#4gDa68y_tmLA>m$k)PB|DaC6`2I zvFU5DGOmGIp-3sY%41GBp=*5Qq6i9ymRJeilpPPXmBASW=a&iplmmtL>j#P1CS*-= z5uo`R35Cd_tAo_mni$nQwdOEYryX8Z@qhyB;6kIod&7C+uZn185X=?HMm-zFDfDwMA^Xk%++4NUy265D#|R^MILE`c(i{cN3HFM|w5 zKla>tdR}wA9CBTOHIXvmYyPL!5Wd9ChEBh+4C~NqTNPUGhh{VHwY!^oJ&{IhM18S#VC}x> ztsaQF_#H>8!0Q!EjN@d>c%fXd>*@WtV{1~EZ%#f^KWQ(OLOsh8DPo#G=`?Wm7LGb6 zx40iZ8m>t}M>i|mFYsx=rv!Gj0Bu5eNms8*0I682edDZxocbGvyD|@gpIzYYB*aB&U1mzx!qE^R>r$)jxDGB(=2do z)B_3$iTN zu^LvDf6*Gp`QpyeWV`MAm}@V4ws3WL&9Q%-33z$jsp_DX5B?HU`)u7od77kI;=N*W zjmG;_NNTrxeigQ3_kn`}ZWun~B&dx>_551Ec>U?gb--o8$W>dcQENVcdOW3oHnY$*szMYZ+6M1B`Rr$(565<9i=>+?0$pIeSvIE>sr=m_8dh;xX@1tXKLsbh?4^ho-FLbS{}Luew11R!JaR@91gNq z@)^s1;`_5;rt;qbDEz{Qd2+AQ%yN$ylezDUOp{`D`uik4jxNBr8rPiPkZ_wK=tF~4 z8U#QtvVaEg6!RJI>Tqz)ZxS&r4NVB}IEUMi^qEW#OSHJFb6fv&*Ib zOEqIBHjt2v89zQfM~qGzm;^tIw$YYh#;&hNMj+1Rn0?h>6*$C!s(u? zjsGy)1&qRend>k5{dQ?ASVVqnXM3WzU|TgRFGFYG>>yNdtBW;Hdh&xOI=X8ZY}pG8-z0KEA;kb?^JS&$oT z|K5VJv}%4wB_J^R+#30+EsA_nVZY(jhnBkpi)PaZgxy)BhCp8svbP2%*>+s(`8FLq z@#80h^s0USb5QsjSX{n_{UyG#H!bi2k)?R|_m$#PU-G`0wnVk|UeSVfq0myPapMyM zzsx+%(1Q`VVFM+PP?Y2Zdfo3mH~}nECkM;V=QNa@mCc{E(Z|fTv{Eu-fs9VtrcmrG zny#5FpRlL=Vk3|E_X@ynK;=HFNk1w(#`8aaN}Lbrxm>C_eQcQfQ(I*dG9X?exX(Pm zfPTs8M(#`n4$n%|pVj*x$j{EL$BSW**|yT3AmBZB+vL1jDz5#KAwiPWl7a&8bblYT ztL=|=K0)-hZCQM>yCFNDd?U<19hhPGc#MM*`B<~} ze*yi4LhbiO8ezj!wv=i)a+mO>lT<^sd=eb*ZZ=Iy9|H5>b;DY>g3eDvW-G}NGu354 zrgmS-E0K{b!hwI*rRLRC3e7+-+xaS(%= z@BASpH5kJuAN;#^aPNK$eXo9?do9$S`il!gi<5<3hw~f}2OlxEBHk7Eb+8urzCG-; z+kXhnF(4u;U!8O(L_fIv(7xUU8eM8?AV4J*M$?fe8*_J7!OHMrRjatn6vHfY_;1dVv&7O%?G?Mr& z8J@f$)|&xWebJty(`9-21@aq1Hmp<|u@(`eAJ}J3)~+4(#qVv-C}x668S&^l30Vq< zWPI8lwzq=gJ#%QHZ#KkQaY2*B2EBj$q}$^bzhj|yjlmx+j!vY(=6)Zz5=s;$$$fAqDz{hz<^8dLE3U}#JzjI#yjPwdD1f$@mL=64B}YI&zJKK zw)@H=)y-{9AKV*HuC^kWR4uOtT_JapeqXJ;ka-oaPcD=^KdoRt-5O*_AIAd+^>R73 z@2Jy|#lx?P_#DkjDP8sj+-^#@YGf%>&32JDhgHrg%oL)lkDkNBhf!z_5W7isYfiqXEMra7_sO3lBw zl017|byzC1`ESq)(Yr8yyG7Kl>L}}zHvQSGDq?Gf)tbK_gq9WdBXo4S<}N+00CI9p z#6qwUxfFfTo_KXpJeqR{FKg4~F@tZz6d2cMA>E=J^&yi2m(e~4Wj&f)73sg07v^yH z^8Y+dYyU7OW2KlDo0mrP9l;pgly;lJ>e>{n&XQic_M9oMe;QHqs;D7OZgZ;w8Mucv!hpAkt)X*^(P`8HVjrvUcPc z3;t+ZnrfqQwR?q0Xj32!?;Ca&R;Vd-*7~B|5A1i42lfQjY+uyP(w9m&~Kjvnzb)d7ESbj5dd2&~dZ&&O`9GgnT@Km5jIG4xc zf({Mi__^U%KPrn%UdzK5_eZK)Rm&bl59L3v(zA;?%s^GCl~J<1)XC6G5f8alUuKUZ zdsyh<_%I4a-mBvHI!>3um$j@u%=;<_#^`ZN(*O}w!Qw$D^Gcu7gSY6_o^%CEeX&qI zY=h|Vu+Br$^O8fUsd&%Qx{SD4`|a#Y>GGT!(Lp&K;8jD`y!ESG9tn<;0uI_30G&TJfh1mk}qrjsnp5hv(KDE zJBRm$>k3B<4P|N`fp!L?;7x|S9+kjh{|h$uqbtJh9`GkZj>@}XzF;P(BR_}7K(FaS z7bTHB{=p8A?Uj5ma)g{uv$Owc$q1UoY>XCFnzBtuebAj@^Z( z=cX?`F`m_1djdmwib>a>HKAgBg|mUZC8K*W8=shP3MM^5DW4s^-S<&fFuJMhD3Vj- zk}b>dwizEPHU?}?`hT|do*d1-F%G$x(cLM?j{o?F$+O8*p(v@lIom{oFX>!w*%}); zM$3!eq6Y0Eifs+0c?vr8+s7-&H{=?R%#`a+x?(PmQelrs?xR*Muf$=TLox*k+BMKwEx8^#QN|D^rCDLuR2XvV4ER^As? zi)NeSNQPpv3^|l6E%l?Rnwrfp9e5qtL5GAZZQnq^3%$?<*H!n$kd9tD;xpIKfdpA{ z^FeCdKMsRh0;mutpt<%JQ-$+(7R6+q(=UZG!UM!NV1qMF#Q9TvMRA@g@$qqSB z5NWeQGDA!O_J<@gxglbiM>^AeDMjt=S}hG7Z`}B|tBvhH?>3Z*HzUdA+|TZkI%%GB zMoGI|b?u&2$b;6Jf3Q(AUw`eL@O~fKHF5+ESUy?hhlncg}`N zz%#!4+D)G^6)@%#aCK4%gX1`&%Hl))GqF{ zv!2fGU8~f-EMk=^WRkNKcbqAR>8xW6?s8Qkx-IrKgcxsad@#w>T;n|KPJtOiceBKx zdLs;DyqHNSn&d}LBo;k^w@ib5@HtIldO=p8t3Ng!TBisCShK#v_26}!u$T91DB5e$ z@24=D+7%T06{8en`>E9hid|};=ZnkQ%8-cfYexi2ZAh<2a9fEw6FoIiW4uGMeN$udnc7tPd&SQaLi=KY83`PaP~U5^!I|8YYCb^r~CXcI7hO`b|xiCt-zNC=6zG7&My+|vdyU(;9FY4=Ub+J zV^a10*NgGTYNZMtBc9j|`X3~7+m=_3j<^@@w!TB2FtLL}OAgOxSAKi~XD*?@2jusX zY#V=mYnA0DEt()=NyYRY%%3N>gI=!V{U$nE zr*n7dvx1-fCORgB?hCiD;aj`h)WTCN`jYCA_Jka|A_-l(-V!gdp?Hbbvs+Nt4_wZ8 zlPmRBvHdhPsxMaEtnn>pDr1sN_&G;66KkEK(^v>a)Z-oE-YL%~q#8&T23>T)IAMju zQwndz>CTzJC#^Lw=7pnLG$Lm%bT+VYhO4m=_dZhd$wGY_-}1_nz2wlL6liOUTDH{~ z0$MZ4TY)UR?eE*-e8NlEofZCyjgEcz(21uct6iJfmQYLPc|V@I!H{t4*u%onmE>VA zsfT{|t^>IhNak=1-iLd*Jw{$Tmnv%=;ExXJnBEDP@;Mo?rzF}S-5LWj7J5!BX*xmX zZ)iTw61>z0b{JAGf$fvyZ@{>Gy9gpl;?2*!!2)J*p_NL7%d86Jd6O&j1FjSU;Vit1 zOUd!RZdKf&y~}*WTBL*j0Mbx}_5J%h%jhwYGg=4Sn`hFiTZA1SO-l&+wZ(0dhGjd8 z^=Ztre9PR8th%eXWHnv&+ot$VImmn5rF{_823y~T^;I(me3~Bmv$UueP~^j6Z+~#% zYy{OODpvB=H0*x$6*^7aR1}_KHWXby|AYZUj@np*<^+r}U`Psuy8txEU}OX0hWm_* z+^Xb|e!zssw)V5(sH+Npw3s~i3@pC9Irn_O+t*d{jJLMM+OJIPbZm-AB4G8F7ThSk z-+9$Zr(klgqYm~2S5Y}nBAdX!qDn2whia0_w>amp#hT7|afpnH@?!&*Oxn8D|e+Byi?d@dQcba_jFc@ zIzTw5WdOc-=BDoGRHnjlM@isztIzV*0cQb1bmJS|fo)Y1!|`RB_Ar_6^|<$i&yzC} z`~rMWSI4Dv+f2fcyH8C0i12af}bsMk}&LA0EQHPI(@4AIxcrzCIU> zOG;tGsbM{7Gic?e9y(RDs!(Q62Ek$@iryYcQ>sLo9B8_+J%;VCzo&&v3n zG1tCGAq_uU%=j6#2?sV3D2Ysw6iKLIv-Q^j3$$sr9Cn zmTwGcxXZ#Z%gyn)3B;zqu4ws+Sjv3l9eqArD|L41twGD{u`T3Xi!!?k9OquOD>|{( zK5#@}H+(e~c*K|)zs=&wGf*ZY4jtYxIb9Hy0Jk8Ty&*1$tP5fhkOYe5bT11!P%a9b zZ(U*9z|Wc;w;|UT9xu!oiVnSvbAD*#`^U0t)^Os!udk8 zKdN<7&GMwV&LdtiTI*6#L;7E`Yk&vKCo}5~44kJ&4eje3~qn4N=&X(YTmCvKOuGQhaf@!nH-u0l7>kK19whE;_tU zR=qF#6RnF{Ifjjq@_m%GaM6T_b)TVJiwN*BknsMj`6NW#${zahpuzPkxff#qN_Cde z!6A;WYA;@)fK|iuL1Lx-It!NTqc0rhLNT`0j~V&-6l=wXHyf18c9m%ooTZ>SrZbJe z+WhF*#W;IQHiS>1vE&i`&dv%(2G15QuDDm2QcNasv333xu2-@G4yb*!FQYEvn1E0b zU*jpZlKq)>f09c@i5`DJMmeG!VY%*ANS<_El^CDqndm?e<}ldBvmw32IjZSq(w)m` zjoH75{p3vcIJeIe-N(P5ynrW7h#hpOJ4z*cwpvnXnqif|Ly&S77$%)3{rc9X6 zd2Mr>pX;G=CqYLeVV=`+!fFuP*Qqw}UMLr+U|M6uw1U=` z#GY}7@zh1vBoOlA5-?aJK-^>aOEktpYcM%k`y#Q=#L`q_+7cE?StZp}%oKx?nXdZU z)Pr>5_0&etdl{n?GP>$+;v@OeBW3B0Nl*6)#ORs)b=0qV~2!~rHpRkP!NNi&J-V}t&n?3k} znU-D0_I_*LFn4~$ATT{PeFskGDO{jwauDRAPM=pw_8hrr?`+u+Icc-WGAO%2wUZ%H z+{lHNUi8#`b$sRNPH4CB&`l2?6~S&au98YcU@5}NZd%+@X^MplIR_F-S=CWFx=4~IhoIAXnK^{JUUEM zI=#2R{CbCOn|cRw6nBh4XMT0f+`p%=wX5Wvb}n|j3txP*j+etQn>gXJ1C{8nqkb(C zYd+2Bpc)c5jXPX#n;yX5$T^T#Wk%Yp4}1HZ_uwswD-&BvZcJ)>4v@|^)eRT_js$c zMblZA^um1gR2#l8%+CZDMJ!ROdvhn?-Qu1X*W4!#}1VUVyYQ&_B+)=S(!Y#yZTaFKZOZgji1 zG5FX`D+!(F(CieNzLd4R%d!wbXm+YKvkV|HK+r~_5savp`SC!h@?v5(#GTFM zX;9GkTu?9Ixeq*luQr(yzW9L^B$Iz6{!PxCrh8wr$YNi*Mv7y|#FZYvecDMjU^I!8 zrKM9ofkF~JX#nxlw}~jzTDE@HA5-9f$1L$R`Jo-o?C%UUqrFg7`7qDv@C1@v`TH(o zf@-(tzjn^y7@hFAmY5Z_vu=xja8_^Jx(s(7trPO35)4;3a#`efe$&E=gGeyVN{is} zTy0v(0I%GgzQ`@nRtYTePRk5q(A7OH(J;noJw?U6w0{6W(D#MW;aQ%ciNKx5MXV*H zyTNUZYvO{3BQH~8Pkau(RnWaEll3drs(lW_jkXpQSmPp~O$vdjI^*P~PXF{|N$b!t zCHM(uGF**7Jv{OT2DJs&*i6k7nfdXe%$7k!W(>1j*l0C#CH#RN1tC8K(NK&q6n9qwfB4~W6`pfIG*ARzqMv-c;%^|KnzR?mr!;Xp|;zwn|v$B7PxfMNv zACTh4q$`o!u1uJ1;-v1(jPy#WA-~v0=9yZai z2Zl^9GR=7i1kD$HUA+ZckX-H=RH>i{ln_|LTQGFR#o}d*t9GAMQ=i#~u3KcAm#3;m z*?IIXUgSgD6=IBfUt(xSWt5g*7fh6>ehbBND}Es`FGXlHG>_w_IJm@0k;;Sh-r3d$ zucm%B$))FECK$Gb@24b<>d(n)ku0GkG0{E~JUBU|u#%sRt16oT%PM-uRy~vVH{QXQ z`?5VeI#zhl=}{J|v?vB0M&cgHRn1ZIsPLItqfyIJ1cEs#KR{l0%W&xA4}+O7qx;%j zo2JS`0@lHcW(1i_ik=w1HC4>7mJ?Yd+5jZ&=`HZjA#%_k^)Fv{Uhg#uDbmbebY@ z%|T1!S=%qT4&t(5vEeNn#tu;w#ooA}1=F|c%|l~PWQIBWCAat+%Oz(~lLf0S5K6j< zFiCnBgOfJWC*w*_^lioYOrryw$p?_dpsA#RH(BG=oaw9$gr;%PVH_2KJsP||JxT#L zq&Ozjn-0#cL(i{(#hj|3tE-ByXXxQSTmWDd>kLeb-wT+~0)}ti!6PuIbO6)Xt1E}c z*Pc7~wg8d4|7rI9oBjBWFF@kHHD3R|g7f-hc2?>K;KcG<)!hp``{$)@m=Ey@^ibLY z&J8lGLVM1K+~@ISTheB^200V*>H*bw8U_xj`+bB<>FyF|>u#nAoC6=3ww z0+Z}w8voy?C0hV^_jN$S1K=|x=2x5e&no(>Z2ymL_U}Ug)O;I5P#~*Fejz^+Tu|W1 z*X#OYV&LVD$9@a0{GvT};Kx;f8|Rl#m=f@1*nv2({kN+5GfChI|8Eoz4qI4n{3Jd%#oTyj73-+wAA$MX6aDyiusVF&mCqq6S=F}yQXPy@nt2iI z@V__xD@Hr4aZgOp#O3wB!Kjc|JOtQ-y(?usBi*BS0R{8E-Xm>>Tmud5<6hq zmx2JC2+R2$P=1QOkZc6%F?Eee2(xcuDyA+@z?j2$7ps6Z^Ns(K^MB9YzmZ)xaBdL+ U#&ZBR78U?lf^}1{;smk&2Zy+WV*mgE diff --git a/released/assets/rancher-monitoring/rancher-monitoring-9.4.203-rc04.tgz b/released/assets/rancher-monitoring/rancher-monitoring-9.4.203-rc04.tgz deleted file mode 100755 index ceebfbc56c2e69bc096739daa8384643db9c58f2..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 238352 zcmV)tK$pKCiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POwib{o0TC=BOsbQM^XvweuWN$TVoCX;U~vM2G5?a?RMllNJZ zi3aQjNsO9}o(5VrV{5JFHum55(w-}M7Yc_4`am`%N|tBTKWwoZC=^bGszM!doJKQ} z2XmHE!E%~T`$sdJi*SMG$?rDv3%^3 zBq5j+-I4lmwN(10AYAYu%8C)%+aC;?J7CMr$(-ej5!xFJ2Cr#j*@DVdma&wi!tKr$ z&gl0f=ai)*bTQn*S!RC@!riaJ;Z{s|l+#SWyCaq)BoZ8PazS#OpqwOFkQn`)By*%z z?o;%)98YkHQH=R)%y1s_rwFI9T)pM;%Zr3?6tVf3rX)u1shFXdMa7(?YS%#()iy_h zAw4CCV7`#Q)q*96q;VivK+<>%p??%(lBYyS&`H4s$(`P+MoKJD!R1>qBks%Z^hOA` zW=u}o6*m}-zpj!vpnXbtpFL+wgTkf6`(4nfx95)n5F{Ll;i+It=tQqP*$WAlMDN9 zO!*w=(fL+@$Q;vTgr*dyc`>H!e^2EL*}E;IOWSX5ap>ao9Oq(2&v{cV^R2AKBPPWE z&JV^5uOz(A>2$m(i_U4zc!Dp&8IJ!mqvWEYh5tv;=^}Tq!ubVF$I>q__<^?BS zg+uth)w-iO5PulEt5E$_wOW_kh1s@WhkN19U^mF4!QR&AK109cr-A>wz)3;)1{uJm z{NK*b!R~NS;s5q`c8B-;-)%hG=sB6-A`wVUJDRY(N;?BCaC9DSZKJm{$`R!VqyIX5 z{VJHSe2#@Y87DL$vcPi^B{(PO0_PNu<=H0~8WWUB${r({3WgS}$dMrPOdhH{+}hek zCu$WsTo5{9>4Z*;98Srtt?h094dCgZh+~`ylFM>AnOun(?Teg{zC0TG`b8uBt@>NZ zIg?cOHy$C$S8gE(w-GS1+mdfirvwQY!-*UQ$xEnL1X&L6y9<)%k_BKnyexlDPy>zJ z@_1x8glqh&bL6&hk0HN^093|uF+yJtz8-8LMCW))6#hBM7?*Vx_C)B0d0v#88cAT>hE=Rp&QJAjyO8}UW3`gg9O1K@- ztl+aOXCLGu$j`|UOGPeO#r!o+@wBoGCOF}89n6WyX~d6VScik1{T<1>mTW5Qwa9`B z<_eZ9lu(iiy?ioVe=r=X8Rz5`i*PbyT-Y^-P|9L*N+kEn@{tyxuz^F+P`Yz1G^mU8(;zN!YYxp z{G9CEqTsXhrAt0`+LrJ^%O|gO`c_O}DCc(q&I%QMvs*C91x#R@)LMBp3QncJ{v7&-Uk(q$J0Q z^XB|3mnR2qE~83>ZhL=tfoX!rG@)YAR^~;XvsM7739B}m5K(zkQh~qKk@mj7VKF(B z-KXhvX`vGmu{^GqQsn7y%z@lCeaf;b!s^3`Ss0C9PX){Ilr(>XO;!0+vK5v00t@n5 zof0l#C*nQJ&nu+f`RQD1G`;-JQr}XBpmVFEM`(K+ofPSqv2#@93CeOZp&ww$dW#rV zA{2YqV*XS1+r7JV-_j2>_4ry1F`UQS8WR#15s@3Sq>gIYBOb9#;*YcJjrqhC2^pbY z_@t*hqqlcc2a<9>L(#+1)T*((Yl;{Ppmtq~tKEzM6uAc~8Mf&XKMQ|M@pp zn$gNnn5DgLD`uU@BIroXCKT0Y345-*uZ(q%;Z6LoiWIG_M)cz$#`~H*%%hL(~LxPvOpP& z-Q80bIB|tvpKXj;#QPCTBa#W;&tTH~8H)o@AW^Xh^t)}GWjLR+e8XTli6lq9X{ZZs z*SA@12yG+XT4*YSILT(X!b-zpBJpv~GH$o4eJX{ZoUI-495qcQ2=$z!{TM5w& zZV7TsL??)Ok;Y6a1x{UGm^rdmsAw)y14?9 zub2vf`8iAoNDw5DQxP$3Qr4Fc0{|CfIlaJw1i2(XDE#i?AZQFf4}-VA*oP zNw|sGE#Gt1YM@)SbIZLmputuF_$oEaO31Ap{fhpZmVm&;l;;IlsG@NZPvugsc5|KX zV3}h|cGQkV^weilw_A!-)e+ zAt%2SG*?39@$Kx6q?{Lo_xJX9zy8Y1M#kdj7Wuyd@@h(I zN)v?UG}WSr6fKp$agIN{OL6(OXIMXPf%$`=>|y9dBRyHRB|R|xZSSXI#sD5X&G6on zv0yB5VCJll{|Ay44oECHBD++#x6unFNu$#QN9TIYsV}Pak!e!GA)^uj;QP+TixK+a z;m>UR@W<+>_n3+i+8yxf2jEgJr2Mr%FTdp^BUm^ecW3U$h)|FqA99IkkTO9hdhzmy z7Dru-TRaUtU0Mwx_p<5|AJt#0Wk7_|clQp&kGWHP0E! z5^DF^v zpP4*_N={l0CG_P?o}R1_dJ>%ZZJXTYnQfic#yK7C%i=O*jjpEa8oCm*G_taf~?!BG!o#ATi5XF`a=I!9#8uRSpu{ z+lZu7nvxK`oUDSW&mvwq;!G!=DtKZ>77vpIrNk1|EN2z)W#Oz% znNTuBmIE;!FBC9|a|0=xkz^k7nId8_xgZJ4XgWR9mrC2i2}G6zlOl~k*}95` zEv1Qn*gcYSaK?p{`2Vo`Voh)!1?XR+@|o5_0uYfUigcReq~VOP1VR#WU__Mxty%PJqTf<0kZNLfrnzkn`(T7V1$OU!{1`|XkftpJFu1&Q$~x52Ep|395<#!*Nm2MWSz9TI!ta5neT)Wf&z?XDtw$O?aR{9Rm4jy9 zgL2ApLE>XfbMC@H=zsqE|3yzeeng=ZkkIAj=n48s{)A@H<>gNm*m67@hPd*IPEh#b zgCKc|lXoYtJk(#&^jt1uSmov__=%j|wkl2|TMhjLKpb^iDU!6bu9GV-9RoFJ7zRB7 z_5kw6;)lamFHYW~0D9k0(phYPQNo+*S4%a|hXxPsX;dscIH&rhnf-d%pVnx?xR<#t zXywl633B_|P;v=)N2L?;Vm`-tr5Ea*UQ8=WcWh@)ILA|e)L*N24ed0P?%0mwOX#)r z-0?B2x7SjuW1CvFEg4F$O`~gnck*iV1pT?%s9){Vh-Wm%$yv$-Im>W7`pYUjK!n#z zp!wSgnX?Om9;xH{G?8L@&u)w!>Y0_X>& z)j;=A)LWs4dU~<;P|sOLJ=AmN_sWCnYG1#kk#%T3O{Y2Gyix3L)4zE4H%9OOcg6)* z7vqYZzMwIQl>j!3BMqkthVI>KHEDT(o5E5-o{T-!}jD)oDfUsA<)7r%er| z%Cy5X$7z9+WMLIRz)?A#PA(=Q@$pb9Po?U0dlTsU=0GI6T|2t=XJu$LduztFQHSbv zOSN5U^W?9Q9v5_~#=0h=DVSyq#sozP!6}JRks)yNMn$S)3jF^xDC14Xi2z|hu17Rp z*qan^2PYRK1py5ujDy{Qz4!BHr_zXSYE#>7+Ax>j|z-p_f-~`N$B|DJzDsT31ZRKAz7nPLR>%m3R0Asp@*zhFoseh|CFFK{_ z*o%ejZKM$@ft%Z}C8$_%sgGa?sfor1b9ak&DS3QD6 z!cU#!#_8)R$#4!8)hW=ts`O?G(GgDV=n6I^Vn%Ysz{&nN2F~uWr<$(riN;;gvgViJ zR$1|8%{R0gW=mJRt!@aLS!nLm^tv9fB`GQI%SK&xzB+6`On7P1vLBUW$ zxgheK^wy|xciy#pk8?i^7nBGLgAw^4a(ra20imKdlVBTkTmuJaNy7ReW1PrS8s;cv zvEhH56OB&HV1#0k5qYRRe8XZQfjo3uOZCeU+8um7u#LT_;P{{QlZq%v(BFYk5utJ}W8eS;pcsi94Y5V~Me%Oma^CR2`Im zKMJ2beqi6Ky{m1+B`68WsROO0$Pos&44{$~5vt*~YDF-o zrg!6njg5Kkb2lzpA7?b2$J=hR+%&s|YUq?3M&LBYd5qZjXA+73`S1VB<-)@;7C1z& z)znSc3Y+4786n0+5xmvtxDYJY_nm!Crvc8R85JZFMNTB*LBvuiwkt()ylvVyIKI}u zjrFjUS6vk#824m3%kUJ7lF#=}hK$8L^vQp0;CctkOOU$Rq-rTtl7dx|t_|}dXE4B3 zFl9iOouQ8Cf)Jl!k2}+JQT9Wz;9x~+M@tF~~=?*0s%&B;dp1=dM!KfM7fw+k>2IT{=a|^x z(wwh{dBUczWZe;*1mzy3{~=~7$%l+YAot6cTF&+fkanwpaV))<6^Q_)t5_k8lpmx4QKaa;N1viG+mCo66Ej?OH&I zOZf$f(IjVclrtt2nSTD}6o_&7dv&k+d*>3s*IB&Flab#~xKT6yYZcYNREp<0M}L3& z_884@8Yl7>Y(9f=!KHxmRN|}R^STBzaDSmib;?mr-scpUZ~&+*BvlXev^}*v3yvh+ z@t{$TxR9d_f~o1mxDcANv05O)?J`i4fiQ~c1pFz4*Wpl-cH@H!B)H((o?m-dDeV1S zU*18E98K`ciMap+woQ^OC6sW)G^;3aNfvSd)EFD)o?Dy6DFZ%ESviti9w#JzipYnE zWI}t}B}5Pd+UK0Hq$5?9O`l`x7=9x+mXfzwteQ2^7GhM&fGch99fcYAv#X6HsYq2D za_Vg{AE(mg%+8mb|Afw|_6ksDOg>Mv25u3XX9c*e=!W_}`SwT%(hZkJx+Yflz7Ex` z9*Fck9H>a&b(-T=95z;TuExRPOV9vM;D}hD2&dj2`tyd#aSc zio`ud6HJpLCxN!pXmC>d4@=3CPP{Eq8X>=?xwEu=Jmj2CQ{(ho89O~cxanB!y49^K zp>JD_pXU!3`^mA96SDNoSheGEtJF7XgNx00yWxTW*XMR}Tqe)H^4Op6y0GV2b$y12IB9 z_`iJJ7^=llbhs7`XvUJ5%K-?KxMnOK5Ee?4M%3A*LSP{4W+(SDs384q8ao1Q%2LJ4 zX;qS#p@PP6!T`uAjnU3vFbIGD35#Z^* z?qd9*-cCFaRz8LcA_(0B5@>^-K{I~#DhVZwWn&zjKeg1G3KTPDBKTH|tG;>@+tJ?IW>_wG3vzJ#~xxjNo)1Qs1 zx-?$2Gvo*h@~9N0@4PInjAC#hW>PLym}vf6mP>1@*Q$!hB$IGeM8`R0u+$?dxFJPc zOKq;?&AjtM7k9)w=h!O^GLK1fr-6%>LV;tt=_=1bu}aKN(at9bqZysfl7%CO*?!oN!NCXc=jjfXdmP8#{~lWZc^Vr{;Gc0>za`^pbIFkl3dx@roC^T}$U> z=yp@cNoD{sCDiMtfbC6@i;O*k&h_$8a$*$B&#U@p8&gRmPgAg{au}Tpl51T)O{w<$ zsa&Fr`ao+!jb+I4X68ZEJLDbwlLNEqlfi|J(H z1gHW}@-lY5SvX~|C_ZEFQ^VPV{gX-8li{gBQdc{hu{k-jbPYW6k|^ zr9f5+f95QeOQgJxJQX<>WUBcgbw_+c)Mc>mQC~xvhh{?cr|0&|i>jwRj^{Kz#+<*0 z$SQC#V>1F&EuP(LX)_GQ0MIT_WgzA0J{kV{$0Tx7}P z4jcxYC6o)zRRF=00ya&j{cQ*Smdggp;XO6OTNxiWPA2U4En{mE$ukL=K&$c{umgvZ z1F?}6+_%mVhk>SfUzIQv3;yc`NC98Q11_J?wgQbL_HLqs04}D2}&o|0TJ7TvKcxt1=QhXW|$Xa z;Au@LG1xMCx9P}tXiO6JzR{evWVhj54J67gh+v%bv46<)_yCZXdT=ZnB)XTVNo7!JP$!$*@uei-%t`l z{Y4Ei>iH2>AnKoqK5%BjX({h->ru!p}37QB06xTAAE`h3Iy) zJWrR6oLam3thEKHAam#DNvlR{s}aG;9+MH;+x^OUr+9Lw_!{QF8oPVTUvzKzdv`2< z;UubD?fMtH=5}_+xt)c(*&TDITfNb3y3ciPbAh?lLFv`nH9lZ+d=Sp4)>7L9Lm6#I zdZlVA-lrUHy#?x7V%(@bDlU4C4v$|VlExXMsW1*T#-b#bya}Ayk1(kF z4*zlbScOx^sTov6we70ulQs&hI6&3cPHp9EmG@xvCFBb4?WJ_1XL@zC7c^ZylgFW3 zys}Z96{!i(pGqiy0_IqE#ap3gXL=~l&bAtssH5@GP$e5Z+S>zfl+R5pe`aId4VzBE z5K%810$f&>b7#&gn}GqF$mK5Ia6w~v1Uswsw?v7TQ-g#k2}u7P%orCWM$ut>K{>M& zB2m#DTb27JRfvGs(`c+SrMurnBC|$$SQ3uid zdgs7JTmkg?gDT#Aopz)jVKpo24o7$8p-cD5%QHQJT|s9#8=K3arGQnzu3*i<*8#98 z>L~TL(YL0WrtrgX_|?-o`2NKZLM9JU4yQCo`n6JCGm6#kwS%&r-mg6x0lT{sfoPhJ z*GuU{%O-xRgtu-?j1?8m9{qrW|D65!$H#x_%(TQg%T{5tHX1tl!I_A%vx4I(ITK9a zePn zCgxDN9~F00mNU!u^z+wFKlA(Dpm)OxO^xIKRwkkVd8|vSP+#fN0?_DP${=4H!5zj^ zZEd?iFONB*RwX@QMH(Y*oCS?4t%j>&84kkX-Z0z?cXn!Tc583;N=%i{PGbi{+mJGY zR0hEM{;s_G0v{6XN8EgES0+vMuguD~+ZDCLHtLjM^^QutE$F%uu&H{Y_A}QJ&DCu> zdZbWICV{fFRG!>1Nr-Zz_pikI@+Zsbe{@jw8Hvt$gT(8Fu{%AdSuH@-1x{$Jpn&_i z=~1h$F)fnBKzyT}h8==Qkyln5zcAN_5bMvoD{T(5X^*_pLTrp3p-TzjKOb{F<8cimoY2MX;bE|@1!&IVqV;l!^b;rY=1VaA{;iV z2#1|jgyq2B0V>p{7%XS^4(S7LKp}Xq5xgg~H%w@iFNY?w$Huv3HG#DO$?gJiZKj2L zbq2hAyINnOM&^#FOd83cnu9w<0`CdS^$E*o?c7qPOhPla*OoDpFO_Cz*|ovF!to1V zm0!+r*O=i$@r`m+1HFK)Gp$+4{^wC^7#M`|G1g&Alxvq=>{%IDN+PMO}k;nVzrD67f||9n7{7IvHN%S9wjWDq9PSELD)djGk^r06OLFR zI-()#>QwuUNGR}cO)~!5Ct=sJ9Q!wHfAC3_TZx~g6Mpsx;&6Ua9tD)8{FBIW%H>*k zd=~z(^Y-@4qVLIE3z=)%bRMy5E3}N{*-dLV;$f_!3_tW>JXA3?bo8A{hyvsIYAx@$ zNzkD~{(&)}Bp#(D-n1Hs#bZKC(&1rY9F7mIcY1(=AYzGP`9ny$4{kr9P5}|XvJI3p z^3A{dk79E1Da%>(i7)u43!L{8I_}3TIwyHQ{Nv+C4?guDcY{3PfmmdOfAjB0xDaf@ zKaFWRnTxYI<{>F3wgpn#bjKl|1UBD|A~1v;h!c2Cy_`#&59`z$#}v)&3`FK zK|V?TKfw!yto&!fKV@97oP5f&=q#fdneb0W$1nd}@Cod~h)g)F%O=x~XI~%G#3%i7 z_3^b+KaBR*J-zJVrEKZAOHm<7ik|{Rv#i`-;3kGl^8scvkvJD5#`Q@>!!oYhX^e_2 zmVZ*g(b36s2o=l)&PAczAHOqU4(p9O;RXJTE(YQ5*N_@T;eM3Ij$@KY_;DFwq8>4* zd&~*`OM!DzWWjXCxG2(;B)Xc)&@v47!yWy`Bxq5;TGNywFWz&RUi2`YQwYO~-jnf+ zv2(5 z$LHEMmFDO@UNl{Yp^QNW0*HjA!5f3tGVTU|gZWmvJ8b&=Pt|3;oONhmGko7-nzYQM zQmE+nPs^b8*cH)Tjowq0FDJ8E8O&gNw|2brF*YD$2n=ME1K*{}x)~MOG{-UF=n=~i z_0mU@50nf3Sd9TO33DLyr(}Kt3pzyqrM;XBt{o4ZoIRi}V()FX2&IR>GlC(sl;nhD z!wXiR_ms~nf!IYfTNXOY+X^c-!_Pzr63qf&^YysF{o9nJ7J}IqJ7F31!rvJy_C|Gg zsCN+k)8sJ9{5YVg4wdOnCv;pcz@ORJf-qaNF)pb7#^S@q7<;t{^6GUhh;uzs@Rrp< z14{sN%OjR4rXM(F#g-Tqb<;++*$9l6GkT=r(LxY=yaJK?nJWARfHxdZk*%VSq8ltS(dTlMC^|k z#J9b|s6CQBc83T;LArzB%#ev+gri7uF^zd}3Qod?JZ)=7H!k06t|8E^_A572hw62s zoNQvV^xBie9yc7xo6Z%xGS1XmQKlMVObx!$VVKR!w-TM*fev8c#qw1Fha@g6BegN` zGH!Q{6mAl+2HInXrc?8-zdbJ!K?B*UnMz*v!U^&VagfTz=B43$dF+o;(;(GyZQ9gJ z>*ss**Sn6_1rev!_&zP8bv;FHyJfQtLA?hc(PM!fHKJAnF|hOj2U$2Ksl-Qg+@8NezfPKVQUqF{D{ zP(2Yf7?o22+pygBJO%EB#ayjpukpqn+Yv$V3yJo|O?t?}Qar*_KusuG3Vbp0TcAME6m@?r%=qe7}Zl zn-o(2%W7=O5LH*w|Ezs|0X2ZOofw~8lU@u$>Z|l$PM{Ud;BoYb7tsu1jt>8MieCKV z^s$m6bP}DTH!sT)5l(2t9zTV4#w5ZLy!Jc{vIM8ZwlrPNylqv*NSUNeb7N*mXN-$CibwO0%XKr4T{rKTl8YL0jzNf5D<1lJ-r!yd^3XJ$ z5Z6y-14z}=*wm8PY`3Ja*=|Z;v%MsJO~<@T4Qj({^}iwKl1gxWpKob(zNN;1rZywa z!T$cP@~?6OnO5G`GwnFRP*vG2qtK}`EJ`0`X3SAeEmcfKEGNtj6CE%&>bXg#z5A8c zNxAx{R$Y`UQqOS~buOqM1c}p@Y_hi`_%l%tmY9vlHsIFb9PfZ1<joF+fj_}uz-nFtjj!CW)gjAFXPLivp#3?Iw zMh0o0RT|Y>+9e*KD=xTlG}c;r!{()@MaY-O@?4z~zGllS*5n2jpXXYcu^7da=S8L* zAB%WOMC19=@np!0G{713$;;J7f-D~Qw@cs40L!zZY+E($+==-vnUo_spBIqV1W6gf zDrO}g1X?{U0w{9${IA*&M`gT@^)H>-RyEV0$SeEh{;6ZZ?(Oe>{gtC)eQuHeD@q zz?2Z`(GywHQ#!565awME-cp({zsJk7ge@H%dc8?@r}GMl-r`l6-khXAoszw^&oK%R zO9@P`$tOOy_8(<4rx}StC#C-NmWFet-O$3QFAYb^swR=EEs#iWE;9y-JBxfr_MI)xyic~lWhe2<~60aQHYM5+&_X%2}Dm)N_UbA8*b1i z2&(Doj%eHyEh~N*Zk6?JR(wOdVYYO=+v@s{%q+8#3{>S7FFzm4N_~a7q?0VCjk}S7 z7Vk>@rqv`X82yaJflWZJ-?clYfFTx%k8p;^G@*i)W)`3O?z8<)(!{3t``fq2`iHwC z&84-!CSfW5WYfa@q?U|2G~_9-Jo70Rl%e_CSEuH>R5j)7i!!rJ!}00*W_yuQjiaj< zPNltFDJe~~*s`IE_U9}r<|GyRrXi!@Jl+-wcT!1>L-LNaLa{D{<4Pr|y@i)RSFjm~#{aT(BIB@p(KB=lDY~PFQpv z#CivRvok}Ug?O1=5hppp@dCw?Bey&EEyyYEY-_92BR0>>IF`rQ_BJ{^eyQ?S9hE!p zHipgG-$rh`>KHJes@q=}^lof6SpeCf^gCQr6Bo&rc=3=`rC5v z1ki;*t{iW&yzW;A2d>`yq|!bU(Am2MlH7ZVc#*w~+X;tX)m&Tb_;j;jxCtwUlJl)u zG631F7&B-wx5=JCf2x@@==W__4T}6YiXS-3)SANy_+}Ux$@(*c#?)3n^pD#%r%vb^U}JyNGz`7%>sWBxQnFiLGQ#4C4gvU$|}51Xa(%)%s7o zXX!(sy1en`j}n6ODsAiD+lI^UTGQn|y6Mhe6Pw1du#4~A$*b~$)@jL*8JjpWY+6(A z@(TL^R!pULjWtT(hBE~(J$+~!XJeek=3>aa(wuy45X)M;p&AE2Hwe-eQyxLw9c71C z7FF(dRaJ}pwE%NHOOI$On0NF+-)dc}1=v~F9=R zsm6lK?NJU0uCZy#aqFq>8J}UbLclFsk5{#d?6kx95Zk642(MyWIL^>kQCDJ8wh@qJ zoeGMziM;mI!gXwoHK#Mqa(GH*TVAA~*#k_`Tc(?FR9Adu54GvOYS3u+%zYl1KM}3s zGiX>3(3HHl^P!vbS#|Z!yO20Cd9*9@>At_kDRr7%Ijf}=Ti@%ZO%3k%^#3oJS}80_ z2AQUMCjqMqr=T3$L~gc8f~Wd)G#b4#tCQ6ouNPbjxWAXLhKlsj=Z7CJ5KoDNizRlndnx|rRuV3SQ|H@AZI7rkPDpPit-i z0M(PL!haR)7|z_o({k&}?5MT;SCMLswR5Y{bgRjb|+}_xZZN_ia-sLp}+xDqh zXq?TJqTMXAmWEd?H^&MYS(qJ9*DvM#^M~e!PQuKJQ+IZIWh`E{wdy@seGob_nkfwma5t|!c!zicT=TwkD1>s59RNrHrrZ~$Mp4jvrCr4%V znl68d<|)e=Bq@n=->?ux{Vy}d~*&2gi}ES z>q8ph)W$Ib9?zyT0R3f_;K)}ol&hV&suva$Pgi2>ZPeM^<7^^&XijjdmxAAxwkLg( zd&RDMQl&=QtGvZ1;`rtcRLLX@>K72}+cs zC&q>KN(eQz+4F-zWwq%rx452`dCmglU}Gzpfm zgiRO!APd)i$*bt!>*{cL+I$}g_S7|FdTOH21={L(Oau;nb?<*zT0O|zPP{Eqs=D(U z+tTtPaXklV>*t5M>7={6NS7CQ_ioaw-K6dI$jO`ua+XUzfM+CHY6*UON=}8A#L8+q z)vFVNWA8?`$PuymQ?Iv?~4lr+l}vqglac6=tvhT$8xJ)k5Yf zqAZuBJXn0GO*gCfLNp;*p2Agpo?B2=?rdqe5Qio6LWWd>hB!e#$~Ym&i49_dgH(fu zlr^92*D5~SAIuvxl;~6$fr0KH27}}rOnL-z*^HZ81m%Sr?;DG>xv$hIQFKiKE?82` z$x(vo{4JSh2^Pem0=%?*Q=_1vIFYNS$_dUbq%sP=W-%E5_T)Z;IsYz=Nbg6tWMvjD zh4Ck)Bs`}55!xU8jXHQX$x3A;JY{2iq|GhCMwz?$3LVpG*Un2>8T-*tLu0V)zcy{+ zoYWi&D&bViD5~Q{TeQXy{U0{2R)niM@MVy-q`Y8THNBzbO(C01Xhi)U#qOH17L98e zZuy6&|7%-~*qM48qQlAmwfEG27#0gfg#XpR@gRaGfuIHzEXzA#M-hQ>L;=VicJ-+~OigvM}uL9GOJLCJfc zfd+FQ$xtfpgrtC{Vf<(+C1otA;~rig3^Zj_3G)geHzGCM8^hQrEPW?2br@BbC>1QV z#^8`{Q*oOU3NhJ02!wnLPfL$9FeR|d3S3CSCvz^sCr_<0wyRpx-oQJ%&%RbMi6HhW zZQ9IjHJ1>W+~{Q{!s>4a&huFujak$onk+;@tHEBg1~H$ zT`9pnZWvJLsh1=~3gIQE(8wMr2EZ8hm$q35BY9FKrGptwAe^}$>YOVpDJwO+_>d_* zwz)OVT~i-LtR)S$n|B)>sbF$`=!a%%x{T5)GbT6cc#9LAvSYQsq(Ev1%!&D1UgRiZ zr+OZG>Wcz2m8MZJt5HKQ&zuX25zlCv;&T8o@hy^n zW@CF_1)hv9H)xvd$`o#p8T_-0rKT8vu`Ao{d36t!yzHjf=~Bhi)G+tj*%U)++FZ?- zZjvE2t#;u{+sERnY$;y0vOVT4Vks|@M&>Ng9yTLgD2&NPDA(KQtNp>iq126b@CYRC zh@?V7h{=U_B2Ld7U$=)(AG*-A!EIH=rf0_Wk9 zuPuAUk#w#sfp%=RE|oTkqXwbXQt1XM5DaUTXK`sk)41OZF=(LzrBHPv#Go4$@J7L4 zbOY4D-w~CdF6|De<)ojLVYj-uo7P#lQ$MCBnz1B?%ez3`nBNfR4=A0Ff z%{nJ4aF^VX5IryjTL!&PYtEK#8#bx=iHI$?EZG# zwC4n;CYdRF52aPaA3wddj;<%mdGS?Pd2d}hc{fJlGYR3!Kzuq3I24ZR5&KGPN9fa* z;aAdX{3Dfj+zb-784PuCZwLbvOr0Mp6oNdp|Kt{loF9Dvp#BZz_OsvAgreTZk4WgN z1=Ld>e`lIdo+;Cme9=Q8y1e}O5rxVKE?i;+D7&LG;FXI6U0#mXt}gHtU0yoLxF9o) z(>XiBPVi7V;uQh3LjD1Rr?|!C>j!>`MV!#DBDl6Zj+l2A=oo7#Lxnh-Jt_k$v zIb+wQImh9d6X6H@I&Cxv57ApMV3kcut07HtX0Pr*JcB&CPS;({S%V+6iAt)(7AJ!R z=A6vOi3)1_GaD-fp&kYh&Hk+FfI9In!Jp+A|HV;nrc48+jtKYE^&3zin*uIvJGpb6 zfhyZSy<>3XZS=4i+nFR2+qP{^Y)&S&ZQHhO+qP}nMsJ?~zHe3w1slf#wn|Ml=SyxOkVK#sQ$)%g9)L*V?T6MY3+1k z(F)0D5qgDXEdr8EcrO3;bfX~5xP<9?@Om1SZF68<#dE^qU!29~Jj(mpOsk3U(mT_! zC3Pl|W>mlE2z^z*1@&k}iybX9)s1l%3)Y7XhXG=bDsO32`qS+2Dqk>e^0JJkc9a3w z-n;il7Dy9{j0QrRO6*QmdCZTAx;FIa4Br%kIcLaCU|3{B0vZaEl)wsjc|mTreKh&B zeNLG$n964kbJoj>@^E8Or?Y z`}UzE7_p<6Y3jriGps$IpdakQdr9e3owry>ec!s;d z64W8DTXEw(TD-HxujbykO*fk$vtYJk>hB7eac{fdn8z1e^l` zzP18(;9npHzWQuy8(eNX`fl}a*1m6M^_8-;pMNQed~fZpTd8or1o8Y=EZd9YffeRx zrl+5Sb6_DOQMtyJ6xv6^osw{jF8x81qFvKY2C@L+tP)lfXc+%^GB++!27m(;2nGii zqLo3BmPq(R3?~fA;sVT_4bT8;748bhb8~ZdNoII;Vd;El^!}8nuE=?PVv*_ab_xy5 zyI#>vOb$D6iJj6XjkOI*nBl^0n~BR)gCihkN+LckGlWRGdT#jsi+^)#3s?0S(6AM- z_3`C{J;TPOK&^jqFe1>PCS48WKOs#aL9QCZFT47i+#oPWLZa0Cd^C!@J-aIThy@LG z@dNbcr5en)(C+G{%F2;S!z5DzJ?zN;aPtCw&Zdw4Iw*8seq+q-%b;zjRCC&UbS7hG z0w(0HvuZl}MX-4d)lJYnN++JzeCS((v`ki_8s4Sdv8X9N;^189q(d7z-fHV+aazu! z>;f(l+I`(jz&uC?Y=gfV$G6DV^uuI1MVea&9exq#q3(DGtV^+U8FL1n;RO$>o7q1*Kv>m&@rE-gA zUt@6%8L8vk38bmZ^u!xP3v4QdJx<9=p#TbzVRXN~qt@@Q=N}2YO8Utqbm!m%#=+c0 zyzkB{d(oaE&l_!YU+9B>Mnhd!Ju12D(FK^D!^S2!LZB`m;7-7vzVD|PHZcPO^k*%w zaMyI<34OZP@2s+VuE;ioIIF(MPyMIGb3HR=14Bi{y3?e+DbwSS-RB_%zR2$vleFue zWarz#W^0pLGCNacP9Y6%t}#vdn#}Dp$NdfC4kU8-s^{BC;1p?c1GboQO3b$PJf?`m z+78EuRHS%}-~UN=Sn?6ZVVDIzL*9~S<$yewVmxB82>`~H<4~|`t^O*KjDdV9?uu-9 z8)HVwwLbmH_Z4^?nywad+9)f5T6ayV?>hm2-|q&EShpjIL47LcqxL!b5jCo z9mypT30J}8vM`zGX85U{@sYPBIU3jYg676w%N{jrR%9*DIo{Kho>214ci-&3OsWr8 zY_-Wko}4_Po_&2A^XYq4xT_(1t@9WPpuE95eQbR>u+vBmgk>m4>@YHq%&*c;o(EiB zK&RPOuas9=`Uk1>Jy(j$n=%!M%tFkbsyB6(+W1mGGafCxe6o3|DQ3R}?1P@?4;Cze zPvAP)=8*{2hiMhIjJd0qNf#aKokM%e{U)jJO}a(!I|01oep?Ja?UP;;EEa{zr!rQ>4e!REC!E-+XH3FcjfXRbZ4&E@l6KSl++=wnf$QU_`! zF)46ezP}HQvXYf@{M$+5&UDtwBh*U9Jsv#eSULJeWx;|~3{~aya%b&Qw-@X@v=@GE$bj*$o9S!)m+$Wv)oi22WeO;I`j*W|r6WaX;$&0^8co38 zRwuay*Tb!3>okh&0$RiI9Y0{FQpWbqM;*5=9PJA|MjJxDu$$5cif z*HAvf^kEV-(?9!p{m!)5UN4ZXL%zb1=L5eT?(MBtuby;Ve(L(%*Or9DY=RLNy$X0d zPt5t!I(!4=bcK&v4F+0m8h>pKAzXqj1M16*4vzyb;ReczxYZ5cU~CVo{f z*-I5wQ*61VwIVC1^mOqUzzcn1-FkAJS*fE^cRu_pgK=+2 zu50bEQBfM9VxXbHCGn(HmoEVshX(6`K$~~sQMZuI8xtvpjva??ejdc6sB&mVmmA-g z5)y{mMW(`2#jQr^|S{*r5LeChb8994i&)Xry(HEwKczkg`KbqO}Dhs}<$PW6eS zl$<26m3oY8u?BQJON}k%*)?b9SILdud|mEmdx^e`4TbBiN3B?XchTh2tMa#i_*d)P z zg5SJ!@rR2?_vJPj^5&qmj1V(}k_?}TVFI>j-s8RNvy^I4riC-@?zsgq_%*Ot*kc`SkyiQA(h@Mm0>a#t6GxdEOW>Zz}|7kP^PcSQ==Uw`4<%M2}) z>1z0MzFRuJ`K6%bB4iW-o9KX4Uwv?KF5%1H0ecO5UEcsUysj!+tOD@~I$*p4aY|I& z6t}*yh@V!EvD#jHw@nc35SV4@i;hQ~a<6GTHG16Pcv%X1%x^?&_D$N>+JL7wzeqde zQko0wPLtMm+&(gEidgJQ4Mz1YOvz)yoF|jWtQWD-8|R~rZ=`=Td2{*fLbvf43L;Qo zJApf>GN@Phmn*8;rZ$1@A6>Kw1r((tP^|?|@J;RQL?tI<$Z)+DbVHwRu z8i1a@Z+i9;U-;EhLP6QQ5mkoYw6~Y--{sEXMEp|Oxc^YGglhP~SCN5Ei>rHB#;Nm{ zn$+rEwD64M-S~oe7pC!C^_jH#LeT5pa7yZ^vB69Ei_LOoI$h*O`QIMsvuj1jm&IMA z0-@#b3)SxCyN>4_D++pYy=Ca$e+Je~Pv`*_ujC}gBvqqs5DrbhuHo+Sl2PBuD`fm~ zEsXDbq5pM zb>&P@Pm@ZILZ?a4Oj^>V`OyZRcbq~DXJEv#VxXs)-!5{`-Vk|c>I^&AsmcR{Trc%D zgy=a7Gm-)A6M$jkzqAYduBxMe4v(c*L~ibYE{`{WDxUbao;m31*xwP?S~I`nDCd6_ zt(}!eD+>fhAa4W`FtTo>O&U#H zSi0rgEE|sQ4%IUL)uJ0I&{f9jTP(^_xYsDRXz}K#v82V~8BJI^TP=fkF6WDgItF1N z0Qcf@C^I?tHbRpCFTB_zOQgi26cyd~dh?bdV5gVW5{es(G}Hk)+}A7L}Jlx0e<%BovWjNoCth(q0<@KLpQRqz$uy5DGCMY86G#-ZXHalf}JAQ4UifS6)vHl&g^KE$Wu= ztLvSGu5A}m1%jy5YRIBNOF6bJzu+Az@6Q~l{&s}&?BFDvyiCCn!zY1I@<0AobjS+V z3Oemd^LcIzHQR>bVBUZ0blKJH%=eWAM{cf1l6KKYg@3V)T4&JIoAp~E@LzN7tqRiF znXj&Xh3K#r{n%r)YvJo%Xcsq?qb@=O&5l1)l&^gKJj6}X^adm}nj7bXJ#B(SI`I0B z{bvY|>Sp-gF0)4VF>!d=WDy!|}!Xuh1^Hy<8 zPmY-qj|ZWRU++|-K?}%GhnR}!K^-?2l<@daBg%7S3Eu1vz`y4AP(1>;+QPGdfbx44S1X=37QqOiVi>4wk_J6$aDSAb@O zV?F4g;Hx36=pfmT%x~LT09=nbCW6x__21yTQt$kwTL5^M=j$_o70<=I&lLfP7zWp? z;zCKJ3H^A0fPzPDK1gAYPuCa5OLm+J>|V#Qqe90SgEix_ox=VN5`EFvNr;_ahWuTS@x_eY;f z%hhEL2-P{j78anV#{{E5M7(}!I$$rOV4vJzOD3?myQ%ZwELwz9+C4%On5SI*<0R7X3 zdd&VA;iH&X3rdtO^#y8SOp8@EI*5`aGxkk|H;r$YO!5~4f&)LjU7~(f8d``_mun2+ zK#7RFoxRgqQB^~<0xAhPhEFs3dzX3qESlVqL+DlRRbVY~Ig{G;XXk+D=We5+8qXa7 z8y|j?H}o?A+V;t1sNJccwtM6{okx=x*rjxPhsFkr4nJjuy%Bm8NK zelhq#_0ueyjC<^mT!15-ZOk}8$>jxHyS_nHPeT|>&PMs=VmY@0jv=odMZOuSX|>Jv zo_u5oQzk59FLrvN3<6_SnaC+CUJ94MG=eX7s_*0D;scupt=73z#g>kWz+y#ct%w#Z^%q`wt8Ke$!D zp4(j?;objzLhu~;SrkFr-MJ<*IP3l^bz!{B%kFnzWl>9Zz5Ht_n9)!&2!M+A37!1r zEAc1Dha73G{|5eBmm;_h=pD#r$FeYZ`u*h2*RYEeiC#i)TfN=cpe6@`J8J-H|6=|^ zQ`3g+Jfpd%pjW4Oe#{2Y@Is9XG@!BC@Km|n%xjAsasnfKR(Z-$JP$3_rbBTpJrbm)5kj zpY2R~CCA>X)|2~8&?3Zc!2uM`m+WYNqLu*koIevnjbMKoOycCd2jb)Kpj;tyEi%kG!$XiAzKxGQh z#=P3q0_aIPfqCPv;2Eyj5<~UFV@ONot(S=c2ff!!f;A%jYN+5Y*C8;JOs9LR@&M@y4mC|%|t7NF>SCh-pbC`-_fF{txQ>$0%=DFrWp^LSc zlJ2+tRLk6Dp@Qu9X>n&cXQ=iYqzru|@1g?m&BLoc z;Urj`^B|2U6*V(yHac$*Y;nB9sVuL=K8onZW^-ScI3-?9RVPi2OWa*({`Gi`Wtsjh z8)b5C-&RrqwqgW1s~r0YLS9_{wxwaD3@#tHr;Nl;IUbrh{U>59&|9F(`$h`+^2341 z9_vo!c@odRd>YyhO=_VmsmcQXmvHTPy9=pn2QUKON~g<8FL#Y$rkdSVwDESRKB%)x zc8$iz=Z@#+$<~+VcT87bg9l(o%gvhN`(X;qQ5QM6EqIzX#Hjizb}GmSfosU9+7S&7 zu`2`15&!u$-5{nbsa2O||GC^^n8XtedA>6kiN~Ko4 z^0(`uWQ>$r*GdbU9JkUII4;g}PW0}8iZO>5Co^xHKa3O>=x^GHzVt58^^?ARTGgTe zO)Whh_<%3f?59(}RmGij`t|H?ws4?F1~+?kO$z-V+=mr-%8RXn>W*x0cq31zP;8a+ zCSt2MK}8jNdZqZ9()E0NeALW@Pg-vBvlbRY;>Dg`H-36W+^*0UFW~+bvolzYx^flk zzJH+Mx6`o`L(Phi+aL~JPcD!G(z2*Gh}ZP{XRhC%ti71vxF_wyK-4#YkfjHJeyxMg z_s?i1A-;V!BC|V8gQrU?P^LoDttX#ANXu&PQ)iHm7hbNtqV=JKIfvF)TKhQfqb5>0 z#@zF#8YF*=@gP)Nr#l&~l_}`SY5MI-tHLv3jZbLvicJ@*7}ZfGOs3Im9h9EYl?X?q zy}?o|N(j4(p)GsnyIjMKq#SvKT<-bOuhDpo>vjs+sHWDnUP4q- z>TdJu^I}<9sVGIYySB4el^myOKxh$>i6l{kMFEiXWpW+R#f1;zGvv$r&*_VG4LH)q zUn}$8`U^FyDpeDrI&}xD^p`kNaH74FPka`kwY8mm zVlpP~sSGQt_Gx~xgGncU#(LJ2ysHjfVThs~i%Yxdu)@FqdbVHd1=7O=G6Zk50;X zy0G3ESNEFmEM~kZ6mm6SHU6jeM-SuZY=wM1LfjVGQZD9u=Ic*Qz1w=~E7?x3JsCe= zzEkt&gLre*V|`+_TGnC(xKQ`8_E)LU0@_${kqk|NnqmYPr7_&3FP-nNpdMrZEqn1{ z%^jUY%*r74Pya>Q<>unqEHzW?4O`iASVyaxyk-M2>9`)-i>#z(05+_~($-Def(k)j0}LXEEMVK;yi2 zh4W>lS>91ov*yvdwkIw(4floxmJaxf$ujFHfD2|<<$dQXpd2u={d1#@*>GDf1ms8p zSH8TOAnbRB2_HV3hS5fKVu$b3nT)KrchM!;tQJp5-Y*2lF>MR+GHjn$8O$%)wJta6 zpTp!wIH{o07=@~;G6$RC&X%fL2^+8y#7DrOzss`om@n0E{XY4(2RcvBm8VdlUC({) z0two2OgnF^)S^wg31%UTb!nZuqHMqp+?9^tfmTQ_71o6SNIAM3*oT4HU3%Za0T&wRhGX+yZeYM_re=`X>sWpT6m>H@k( z6u^BBq_*aB%~LV#v*pw5Q3L2mI-z<5FrNW!MR{O6`etzO^Tp83lKZ)6;j0sWSzLf| z3%81P=~K(O5YO+#6LzQu_E7g#VR2Ol+@v4ZTJ+uBX_gyW1$7WcjIr+4n6a(FyqUYN z$nAPlx36^ERt^E6X+rZ>zQ)0Hc>xpCx4Gy5pPMzW&mJwe^ybb?V>I*QYHViSas*O>lu|_}pso9SJ#*FZQEB&0E}~8Oc@X~K z)5?vrxX*umwe#V#Ildq;fNC$kfc;mROHelf+sxOEmFypQt`l4+RWu@7V5N zmzQ5|(ro=!Wv#72Pi`XarE_n#J~igVPN2roNaC&R-HgKh+}L0=f3&ggY3%FywpNH` zZ&o|sWouEg@7IXKW^?-LQe2{^HQWCkp;6Na*14n5(p@kqv$>gVZexIYneX3K=d}b@ zJ26cq>wey0y!3Q;qPzcMKX{T%+=*si5)@ofo$aCe;$C^}BzG0O^i;u>e}mYr#dCUY zlKr-qN=N;Yc)hGH2NWND5N3tduzL)~a z3;$W`KaeR-k2zrfPMR40^jJnc{-OTjM|3uS<9~*D`Q~rAXL$u&XwVJ=M$l4? z;)F)r#rP0_-;}_NB1?lyf;Z|3fp^kC*p5ea3;yR+BPWrz6+uV``(-fGs48Tj##$qxPOjrIoc-{QG9`rA>gxch10sLLhdd;4)GW?hP{IKk302ZnV z<8q*omxPm0x74$0oRM0t=VmV>y#;IuC91l7vU&8H+uR_%OHk7w*e2=DgrqHWyIg=x z#;y?mq!6V7Xg;%04oH-8+j8*j@Y$egmRp@nl-m&l>nQY+t);>WWL)^KSQR}Cw|qJ% zv9IrU*v?Nrd%5d-E7n&8mbisCJ2_v-)0cFrB%f?!5*Py_@RXle4M=N z!jUMf(TID_@;SSD;raZsd5X=frljG_)Bq*1mJFB#pFW@DRUC?G)@@L``D-rTvhw zj&m#&VrRj>+mob2d448E1nN94UPf;50aUVInrPbfw}D{n(+c}^ZylubPBYw;Tb&pH z!(=zIe5}RjE6-cfXL<%_c^gfJkqqH0^z0Xs6bL5sk-K*Qq7h;q+)WxwRb|JS#Q( zAYfqbPTG-23Sfe$+rt1CNw_k1CVhz0?HwlO9Dk)U;W_dweVB>YEh1UoxS&@hzKLin_DE9+ z4Y^GbDwEIhHvV+wsraRFP0E+vfhbO~p2iE^TRWx?Pj%(};u%F>$5 znAmI#tZ|$9ej!irok_7!cO_t}JqvO~vee^Jzaupr#`!U8iHL#SGjuBXJ~q>nr3bPvl^t4YwA zb6aXnBU|^D9?NVj*VfbAGN?!H;WMu+?X=sJN-aV5Xz3R@R4U{qJh&y8b0asK>==Wa zkQAsDADr@eeanbhexND76Svr26ja`p>mI0{KX6J-Y~R8&|=dPH^_K)vZ~vfxQ` z)5uMlQD6yV-Z8*Jx`~dgV=>2O9NuXj`R$?> zX(6h|B)C(w+S=zCE8m@?&=XXYH`}a5BPVT#M}gJEAUm!XdMKEg#nrg+Qb(YB@SHwx zpQrho=_#9k%n!r}ud7fu(&F(@(>6Vc8I2=-DQcelGprhap)xLLEjn996}5g^#`wu0 zOzK=ILXd_ff4*<-T#X%X<#oXsE*Tbius}6m9KWauD>^ar4 zdVhX#^8upaw*sehGEAgdlqG~f2d)5jIrkxu0IV-Ma4u_HiLdh_$Sm9Bg52(!Y@X%u z``2+nvwaC>!9yS5@6ojC?lkAqsR)&z?T<#iN5HF5(*XO@@dE}Q4(+Tt_oaPb6=trP zagI#i?a^1?O?vVP(Vx^!;@DhaFMu({dcu%th0M3ZuZ;`7wZ{&v%aR!tr~}xU{(cAa za{D()Ggr?wjtJQ5*K4f@?Gizb(-l4wqvp{;N3F$ug;8Gv(@d5l;Wn~ifVei+->slv zog0No6s0_P)TV&~%5xeF{dk~+KuU~M5-z*pYOj-i>6I+k6H4_oiFfiec{a`-Rgr2B z;O4bvlSPZU9RJQk|7|I!b(qGOsiAkhBM()zJz{mA7r z*al6XW%%OHV6%VEPY9d6cGbg|+ zQ_UHv95}m*7=ouG{S2ADxVyRlh+nt2F~;9)Z?@9^9Z$fDq*b~w6N;!zJT*O#3UBkV@QHYZlOVE1RbgnklqQ}Ug-}v;6sp6qd5FnSb~)6$TKBDIuF#< zYcL==G)kb%aBU#lb_82ZywOdNO-HWVt@vo~mI3?&22k5}YTNY_W_&1`TA4M2!$sDn zFNIwB6$mpW%Z6l_7WeE!jRmOb^vFb@p>YwQA=NP@3RRQbQ;J^`x)R}FF|C7snXm6b z2ksQl`lqKl%QRot_B5lkc)HftN4h*yR@cTNsp4ynUU>KhFgrz7g81vvZVNcZSss;; zjV)YWtguW`Na|nin*~*4%v-fpv|~x$)+|*fTN$c2qQF~Sl3!%u{uj#*nlil`SF!>n z@FG3>dU>7<|3en&y2Nr|77eionynD|R`4lDxwqbaLipyH*WlR~wiWBQV!5BFeEhG?7@09BhK%q76_TW$$Zg`!E=ioAobo zm@{YXSBVgJFQ{DWtO5*+XqylYUUcM?l7?}~cX`tY79T1_&6TdkNy+LFv%qN&J?;~{ z(q=@b@2!VI6ZKj2Niu$=+ZKfFEUwNDQYN+uUdGw@L;PxEI5JvyQSmasp;(t!o%Vni zwd!|mcS~@z(Gx;treWrNCw)icuMvXX*qxB!t?>PshM12e1EjIH$M>y}uCL!r1^ufa z!Oe%sSC2yA-depA2osz!IoQ zoTOsu@`NGhTxGT}TdtF2(}=c`;bS7_uE3R&W-G3K;iF!Yv6`=|5;iPvAmaH}$Nh&D zFKLFhRX228oRykkY<;&knrVrWvRuaaG^%^$L<;#e)}%AQ^~0ugV`)Jk38Ufnh;_~0 zn%8;!MALZ}Z{#&z_TTTTL#~IrhL@Q!2r->2M>HuxQVyp$7l&>)$Hg&F53`-0GbV`7 z(36{($X~I{<*m7vT$9Q~L?KFkUX!=81NP3-b+?DN`$?B3^R4uSwjXsQ0TwtAtWK-V zRymPk?=@B%6F#^fkArsEoWvWP&A1=7j`x#%JbYYDIfNgC5Cq9E5hl-B7n)bv;@yEK z!Fn&<1Pq)?DmlTe$DtOGgHO=0rmH!Dire9M||UfdPOr*`X%qoczx6*=~2J#nG#|!S=x>_ zErImBg^4bOkVNqB_uuhgjee<<_w{nF|1%3hdTJ>8;vxLVl`X(*7Cc}dCFY9;4T3P? z=s#h}4M*X8_3)Hq%I|w=%*8Ks@6)d;+$774Kt3m)}rR;P0USJ=}=2<-6GnH9m@(D_ZEtoy0C+ zp7!MWLKg3erN}(3KEM+SW1}FxjAv|b)2I+pjA>PeL+>{yfJVQ*EaA~o)X@y5BS1-{ z#MjUp|4x|~f=mmJpgC|v_~d|Uv=DaCoQwvOHJIbbkdNKuq~#8fE8x4|kZGS5`CgN>>qf=zfT$9g#>&#I}i4-5eDa4hnr$rQ;CLG>6<7e8dn)zyMir8vp z$!A^d34%~?dp4KFR9J8BhWo9AdKS{JuHCPV6`W;P42B3dA|8=Yn?2`P|D&UGFHbUM zvnb!Xy8gp+con)`B~w#{czAS)A1M3uR-oiEpCupf!F@0jy>6iuo84q{0M{i9xqlV) z)Zx>u!`>FG()DiTc%MZ=Kr@#ka?8v2*}Y|Irjxr>zq1SGwE~L5d>v=k%r3V{kv$mx zqc8fhsnnzB8S~!yEE^v(2xlWHWPaK$xspVDNO)E~;cU@B>^rJL43W%$x&l0q3l*2iubL~y8(e(*h382S4Gi;wbZ);)mQh9 z>fwt|pd^+6!3Hs^EC?M7O`voJI+}>l1eO*LSa6m6i)N8INCrHT&CGT{$|5p91dI;J zgn%eCjzG8Xz!cWXo;O(oq+zCAS6Gg5b*%-mUtR%;wDRGvG1teBVqJAW1*E%F1-h$} zh|o)20=By(u_e0Olx%KqicUh*s)=LL1IU%2^3H(r*;5M!?JxQngaGppt*o!#WXByk z+u2#*XPvq{#M>|HbK5oa+i0)t1hNL+1Zkb(18Q+o7=GxD4b;{ih$8@6tc>*d>6kS8T1UYrInJx3|eEEhEKMmQNvF&dWf+84yygCIH2@i7chjq$_tR!)$oJ9^4Mh^q4Ik&wi&x;Xuc&dQb2!zvZe5SOFAi-U8!)PL7YJ@ z9cNa{JY{dIcE^N(RvU$&YR4XdEzJoaRu_K`^J-)AdR0JIPH6i+$n-N6%$l0(JJzll zIBBnvZ%L6&$L(U7hgLE5t8$N`AOG11IT;^(XlHVGAgUyQ#7rUsTaRr0F$3^n8u#a1 zFGRe6pD%}cZ(=6L^X=`Ao_C`zQG=EReieEIJtO?JruDmausB_rw655uhejvd7txm) z=M}M*cfvuoyVgoM2L9R#g`a`wy7Vu*8}M`(Jn;nIS1JzxF>al|C5oNR8hL9!@~dIi zjxpnfK4WRciJ2B$Bl#_6bggs}<@_KKWGZy|Xs?WXB7$5mC+R8-R#~6w?QXOGOL&CH zz|N}bEc4?^{B>mDD?8D@byySSZv~waCwJE|4uc<9!9Z5czlIX~755eEoj=L6Tq^M! zTwQ@p2X#VKpol3P?_r)oa2*RZkSOOd+>PAzKX`EpSEABZ`>|L3qZ>?D=;Br$jY6Mb z++nU1vj`X}2z)bd_J^q&e7BJqY(k%s4fqSaPmU$uBvAWv&5FROtB4+UIF$)o1P1R_ zraIz)^%x~6Glyc=iIKFfgj2HYiCxx~fm5F3!0>M6Ps0C=@kC`w6^9XPV5(G5(fbV< z&X$Xs^sz_-&^1F6lBydLn9=WNb;> zvAKR8xRM~8^evXHuQP-0CNx6FK{t6_*`YVQ^I1vWkkNa|MfJ({2VmGM>PLS7W?i>Y z(U#3C0jE11P4Qxtq={yPjSN36A!|0#-BQMBa!kBAZ9Pz?@_*n(^#@)iz@Af9R<<-P zt=Gfa%#P9VqbJA61kJOslwvNIbk&%~bF{J7D@kcd)WW`XDez1~y}bam?{TG=FSAHl zRnRol%f&9RIk8GJoLrnF(I;6sIo;3Gh`2YepPv6bN~Y(`I46wq@QTob|2N2ZeqY-0 z`K56a=i}Rpp&BT5ofg(u<4KaUAJ5@PX6YKT+4%B$;pe7R_?dOU7 zDyUg5eyey4NmGo&K@0)WgD+N|+J8_-*|RT(QUXm083-a;JyB33!x;DnxcYyii}eM@ z=JWrcOZopsmut8NO2NdZ0-%mV*hf%dZC4S3p$Gh>NU6gGUxFN%vRHyuVLn6swx z?|MOEP(z?FrBu@TrF>!uO93U1l$(1A`b+tjk(gkF^lE~y;S8gPvI`P;Q}|v-Jhs5B zF+r(k$vZyuOK;RUnozG$F=8!}eje6+*NBis+17nBpT`UJW;q*1eTnM>)U7c%>8@;V zMiJtzvBDzPHr!LkmNcZzhdoS@@v_u2%yvzu?+$NAwI-fuqgtpML7!a7&VS8#h(D0v)z%Tx)|=zpl!W9sGs=io96*0e3a1Q z*crk_ad=Ffe~00U62u~ikvTItLFQmPOLv7xGt2v1hRa&fSru-bEor5 zofgj&-0Ix7s*c;T5QOAf@1K$GY<*ra5%z$r(z~++Gi;&MJbk%bfSvjYH_`XxvveVB zp>~ma^DaR-lz;umGo@l;u5q#aD{K%!gEga=_4Ce`fzhd?AZe6|AZY%Jk~IHCNz_)6 z%YnCywpd>9%n~3DY6@UmkX;%tAdZOqWngk*^Rrjk;XQ9)IS%g*lfgGsg`)y?$6G;t zGU4)HcfD5*K}fwNXP_-J5PyNPq84?)vTT7`M0p-zZsmVgn6Ov)XNBbz5-|~zrgxqZ z5c=LWz6$d0!CPDW$t&RnOoNboW6wYd76sr0O5@ri1Wak0v`TFFkrx_&mh0PpY6Xbx z=LcDWtkQUGfM>{U9T4G)Wc;sKouIx?$vBdk>GMyo08HkW%|*8e@{4Y6*{&T6bZE`2 zpyD=c;@{PuB-75u6FKL?M~33TZ6Y@rUn_55M6{lr9nk$##Pht4lRiiJn(>*@BD57~ zYPqKh`fy4L^fi{ne@z4_uOft0?${`OcIGSM6*i$go0bUmAr>muu@yVQUvkpS3lVJ- zlHNOO51qZ4hW)?7Y$~typS8y0yVs@av=vck@1NVGrWHk(v75gBNIE zrk0k|M}mrCkB@WK=aqIe6j(o!sMsPT1J9Fqc}0)NMCs*MlB$%jZ|tti)K#TJ1(l@3 zAMrm7tJV9^(XwMDkf=G#t&K}T*7{Q<9}2I7J*dJ+(@)G2w6p8ELr+*6ZY?D>9Ep~! zWa^rabJ1JKC_D6pS09$Jfk)g`bT@?i(GE52RE`r7pX-`- z>`V2nJ<8f^#bUx~j*vz5*;^Xk$8oMf%a)A{E01J){>vznRRzA7O+Bw1P2yJ_i4Xp# zsB7$EQP*Zheq5ZU<;lTBoBm;he`o ztl7bm`+4v5FwM)=lZnea_%h_TuR0Y?_L@tzMUw;W8%i{e_tr-?15qszo)j4K`#8sx zUJ?IvV)&se$FEm&h9YzHoRN5_6lT#>tX3WzI(>~CamhAqxP+{>o>v1334vM?FOOX~ z;mOiJg;X5XdbXQd`$}R>xAWS|9uvq1Fm23}#bE#c78Kq`O*saxMQ<($&u12r0RL4K zX1tgZz_EG+@$T$!C|EcKkoii0RT4)9iBkU$*4{Fxjx}o=MuR&9cL*-Qo!}0^-Q6X) zy99T4_u%gC?(Q1g_1nprGjq-}^GJR5?yh3@?%mb=Xy|pVOV<4-q42#2Kq$N{!Wufr z;_L2b|F6>O^}fLj3ju5%ie_)ouLbS~9u&{o;xGVS z%FYa0Ep^-nAHqk;bm|&?kf8z*#zR=VcT|W>&Ti~;bX)J!xY140YMM|ztj{aaMlwJqc zp|${YeoU~txJghe?#v6%pPC_>k0(^8MX@Ohh9|Ts8|S%lOTG*fL%RA}#;!r04yhqhCPq?q8`E7jt^~s<68;RkJw`hR*9!%pwQagm>#8DYO z6x;r+tkcxz0S$J7^nA(tK>K3_+Akd5_CQAl_yp-WML0);Y+U3o4jSXA1!2KrR$^(8 zR~t#9q|88eO$5`Y>K7nzvT{mC+g>=IlKUCpsj7i!kFjWF@|ejofw=oayW4|30Lt|R(q`^7!~>vQ)9^r>hyvp(8o25m9^$8< z17QQRlso}p)5wCdn0E6(oOisxxxEkIKU;6)ygz2zVni5H ztzzir2kWHHrj}kZ9=rH6`wA{ z?76-j0bb_5Res#o_Pfo!4uivtt^v_o?`^#~9gAKYad+GAWRDcA6}ts!=_31glbg@8u&mhR&1tmGo!8m}*yjL*W7u zZIBh^7^m+)JAUG=B%XV4kz5zHw{||n@22a$oHq|VAkdvN-aACy%>fQPowp3!L=yfC zH9qz^ry9y^Hg)O&A7s%jUQ_cyX!+S0Q%XWtHDhyedr`$MMhU2dD`^Uk=H(K*cWbtq zc#IB+(=u_U#;dEe9&}c94_qds7 zCtE%VFSpl$$EHc!QKeErB5hWv+bUD-e9}03HXcRuq)dDUGh*1fV`0H+3^SPm z&WJW0Ca0Za$oATo8u<|{*GGpbK99=!T8xYIaMNrsI&@8yCifK0Jz$Xu7bK6v`y2Wt z3eYr%8BiVqyr_H?g2}9gsK}HF3P!mlQP$L&a4uq|QMyg$BzbQk1v<#3DaWQP+@&c2 z4_t4d3sxw?_6(DO+pu|+g`j)Ri0wITwIjWtlo_78PC*bkbNFuh_A|V2v5P``&?GoB z;FCL~g1qt`<-0&x%7-iIOHT;>Ij--sK{mfnb%RuvS0?o@^|4__tSA@+-ZC>A_WQN} zfi|4>>Purvv*YQ3!ns9biil(GMlQvfBYld+9kcz1Cd<*9=S!3Nwj|aN7EsvPBx5>| z@lGz*{iW9=#z+EkZx4c^(L1^$G~@Dvg`#i@yGpA=KJVnVwuyzM6Jwjq$_T8pYwl@} zb`Im(z)%lvfsTIy<~G|u0CPi7pHT5{#GLj6xm=7sC-~GnHr239Hkuy#M~+4Fr_^$Q z{V9%jpH!~dOX-{T*Jv5ny;c-15;Ng#4o(kBT>vrl@&_>`q%auyafD%mt*pP)=VK)D zr?MpkN>r@h(D|vT&h#rX4XtcO3Ai8WV4Qo2EOaPM%WO6?e~*olBnQ0jMzvT8W^cF( zG4iT;A8LvXvE$-RvoQcWi#Pp=of}6~=u_eeV@jU7*}m3hm!%P7e{bgGJQkLbqdCyg z=%gQZ=h0myMzNg3?+{d#DETr6AgN{o{x2j|DeZY!=-OXMDlUWHB$c1J%6H=q)p#M{ z*|y0@;6>w1L?M2R2Dk+9(a? zC%0_pEJBVQT~sPx&!M(2F}2K1hJ8=%twQcE$G!JB6OQQu5cnBk!nxP6xhU?t_$!r{ zrFID;{1W1psMqUbQus*w*^e)n?kyL8SKDr+{tk`};#(#+v4Z#%aqBHt$a16K%vbKN zv!jR+F(sr(>cVsz<39b&^S?_caQ(zC@cadu5kksPXX}B-PHs$Jp*B2BFA! zFEUaf%KQNKpPYtnv3CY_kF*FqNwN;yY0(6yEsWH0IFx*Y^u2L#HU9DAw+@hgTd*zY zZIwYqyfQ)?*8s2KUC$6A$$!Gcxs3l1**Inan3yXJboe-jr+ZWYBE~;akc1x(#<#4a z-S$HS_mAg#LzD4P=BExeP-6wD3|6w#dSKlLE`oJ6*ZF~l0Fp-*;?bRzwM*>YouCpotgAn^yf$i$Iz*a_&NH&+Be+WXvmwXj{n}6y>L1Q1K z8-SWz`3Fs9e)o%}QY=II&xknk7a|t;3nD)ID6^olcd1%6v@gJ;;y7zod^ICH<-+g7&yV6WybNiO&`LuP>Ob`C6ik3Z&b@| zqz`k={IIg6j+ADK`mlS;gCdA^W`(&*e6V|fC;fM|xd4pe`?s5~Lzrx0bZ@yf*MlcN zzdr1>4k3Cxwrj(feNU-Y9>+nn!dzwS zH$Z6)a@Get$@Kuwbu`Z~XMLz^0q-Hev;4CsL=QA?YirP94B)Y^=Ne3|p=|gFMY#DO zenrz4zZ$g#AzxwYZmKz22Tkg5cH<}eGSf=`vhy_&MlJGu;} zDgvbX3wKs`mmdLcyldxVTH2&#kT$TNW7$@tuuRKm%@j3 zKc_Uue^v;iyA7F(y7f5+GH z&^JV6{jlBtWfdbBTV5TnH{8X}R=@tJ*wTJBaFd?q>Qu}oDJ;OMhsy>a#$4(;${AT8 zgBgX$_z*8#p9=M&M+wUi9ZD$YM~6uG;4fUSN?;@g?TQfc#dhXk+nm3)B++Lh(Gr1WWy(8G^HW{; z;|V5*rI?d2{|hz}!_V)GlmB@mHo2FoG>01@QE=s2;>77 zrWi!-7Y~M1@qggK68^=51^m>(4y~;EK||M(KWAJUH!4wptP--K5+XqXL+YqCpIKxS zgf=!LQ;zg;N7=)e*)BQX`7Tva)j)6!2A4@cf79aWQ&avREPT0s?3)gI{pZKQv{V0r zS$+KyeQBQRvDpF@tNHBDbE?q{US$!aa6@^mvuE>q-)5vor5GC?Yz(AXh7?a`lUxld z@0w#|-*!0`gX{bu?EJ6pK|uah>eK0_5MSd)VC*j<+^VUW%Txx4tF>@04xGG zwebNCj7&w#5&XX^Q}B_e`UihercQgNj;0R(L(Sj*UGtHA&;Uyd31$Cp+7!6LPe9F& z1=Rf9|621y6u=v9VXWLF+=q)kZl#R4TC?kE5IO}e#SsiYJxw0|zmldRpqc;l)f^Q6 zaLb7Dn53;t#)JspAc%ZmgGa?m`!ixdfHZ+Qwdtldi6D1t`a?+$4-@9EG#K(@#Q!U4 zii`d%I{=zfn3dH$Ui26VJ+zBo4vwU&JDtX{`jLxD2pth>I4-h`&hTBrG}{lBId8wJ z?g;0>7SRL_pWDl)tZq&>dqOlMsp)W6^gTB4Tz{i5Git73I_0yzhN*nsUpzI@zdbek zNClJRG>QVi?DH*VEVmQtsKqt;qyStp%qX0okA_x|+W01eBjjpw{hDh=U1KYF?ZR71 ziy0XRCCZs%ppNI8#yx+Z|32tn%5y(c02m}aZ8M+5qF$uhn|m}hUm~`c!jJ3Rr7Xv*KuVHlCy7 zrh+t_#h;*Yxd4wVY)Z~087_Q4O)H)cVe!aCT5nn89bEx)IZ?3oZf${c*=h^@Ra;sw z)`gm)&RU(OJ}{y+Wtg;PNDKL$Z0e&UU?)*-IXfTaM7PRIZgeHm;zb@2?z#Yq%OYMz zQ&Fj1$m3Rc=pXfeqtV&f1pz^W3DCG7ZTW;YQ=*q;W;TLs06KZU^ED|Wy9Nw=JsRv` zKa~*~+W9M`wlEgh$6BBB=m;>ymwFroGxktIN(H_Pe|-T5&fss|F0|;W5EGIrWt$a> z%5`L;@VFtzt?JXJ68t8yMU$NmC&?KW7bZG^w~{i1DL3-*zMXgR$&Q~)ZhuBek#Wrt zikgrzgF%6JI9`}rk5-$5LVNx^5lnrm+hE{7wEJ*jzCqD(*Wa=#!VI>#*uE0+(v;cOn&(AF!XO8YZ^a&>^7%5~8i51E{?_N?x| z;%+8Fd%Ac9+kMylsaU3|Qnn zQH{N{0PC-T9$sV3;8O?&+y#bT?{}Z&ohkL$O8o5VSI>D&;-1IX77Qw=R zp4kIJUx15pqbFbs>q^>|$3F;g6XM?q`2|4%s{wcTAravT9ScPLK9w6Rq^NWn(q^T_ zx%2PEeWj%o==z-J+6!USx~$CiaRVUxsdU7&%9p+Kc0TnF6VT4D+j8~xl~lrR>sj_n zBchu(i6J1Nn~xQ8z?Eb<`3E_b2OcWRusI?V ze!VFv7pt1aGi`Ud@yE;~Mk>eCYH{^%1T3`dNGdufV0YEFdMd2l$_IszIzz~Bm2e~t zyKt;w27!5&VHE^Avc@}7#{sv@m(Y^=yw_=aKVe%Aue&MN+!%NmIX8>=S|y;o$mzC& zRqHQpt;*~1SpDIpzxo~yXHTd_o{z3?@>Ph1}q{BS;0Gjr;vm*q6BjVk}!}m z^3)0_BdRPp%z#K2kGKl8h1D?S-B>M_b1;OEl<3B@A53VKRJ%q-4Cs1eMeF#K{vx5w z$>&%~JEYE`B2W?e>*&dGHl8;JAFk^A;}Y93EwW$Ut0 zeZqz4vR)#YgWVP`LxMW1(}R|3MB=o-S|k7%ON3VcG?r+r&|!=X|B(HsKQVd`zopUQX;M{4_egH&zw=H(ToT+!;B^FeH2@J=&h-C)kHEz zV@$}HiVC;$52Gx~s5&Ke8?}Jn;kx?~+J2BFb$fqzed|ktQs&em1D&e64r#ae>Q+34 z;+?1BT`ZgI4}YyCz@j1n@YlLLu9g4YUyJuoe{Jr|kb?z@ zIaKxmi(dzN77pALCPJ% zgV1s2A%lUWf`mZYg8MYg1rWzN{(EsOOx6RB6#Uy~$(yXV?VxM|;I5dPpFWJRpL2Pl zOLUq%yX>q(WH9H{efO)^)gv&J2h(*~NQ0}}c~sy2o;ZADA{Z>>rzC;Ai<3{iD>>N;1Jm6|*UjGj3dJ8tSYVMvT4rBS>9-B{Ps0kO*e}D% zO}gLc*U*0JC=quY2xz!*8~+K@FKDE8QNhn)CKuc^hY-aaEGkqK2(ZD`%|(&)*ONXZ zTck)so<9F)R1oz)8&=Xj15iN**I!WqVC{GSDtL`EmMD>sm;x8{W!NJ=kyv_{Q#&LO zAT9=Wx8#8E!~w(N%{riqGSnja_!JfwoE$10al>o+z;oyE1f}XhRgTBlAJ1bOwX;43 zC->rn^TEuiXO&PB-Ua?AnIDQ5B?TE`C{R~b9p^rTpnvCML+B#G|r`o zYgn7>i$1__8yK6*Wb?c&tqVnLzUclN7W5)9_es!Xj#ArfK}-Jl1q;duA+Myt`K;Xe z%UEJ)1^L#G$OkX{7Xh$9i0`Z$MGs%KfELv%Sxj84#r0vJ>ws?NlY1?L*LVP<(RxBP zwh{jeh(|b^daKDB!}dB16B<{dScrJ&{srgJ%R%+ORBxr~6nAU>KBw&_jm<><{{KSdxkdZw2++ z9f+HCoieFh7dHc;271(me$fU`@a>8>&XNd`O0!V__J1oor%2PEq1Qt{6^>of5EEL4{-PNc?OpWxaCx@Z-`zrlyma|J zV@0uE<5KskvV0d1rGuf8K;@ z#Q>sJU9%fn&SmrDe9q$QmMsVAA`3gWtFmo9aFGMGIkiiGw>cf>X#|pciC*YM-2E^Z zKF8JazAJ<>U{nbN)S(2o?|F4H-rfoPtbu;V9)$%*-Igh*pIVu|IxaXJBEgCn*A|22 zTit_(+n6)+8>Lko0(cr%p@RgZr9{R~wDk1moEZ$6ouWXXv%}LnT-@NoD(OZUC;Mg` z8U0e3*pv;zHK$yWX`SFy-O=k>Liamgc>i&FL=ak54}`Fhy0~+qFfa`*5xB;eDm)3l zL(FH0vDBzX$S4=^y))u(!5P1xM4+mKwtBwaYS z^MFA>WcJ|1D^8GhN@R0i03h+#x#rhW)dTwu|F`y^+}#&R$UvJ)C80|A&rpm`Js=b#`;fFCaugvt z7LNxoz8GFhUqlsQhMYvi%Uw3}TN!=&MmQgK{F=@0T&oiMSfR_jzFy@VXQMM_^fkLz z{Z1-n1>^OM;Z#7=cwUR&)`!ycT`H zr`2FwmbU2lYncEdE7|=IRU++BSZCO1VMc~F1tsnD@TivLR0o5BIcMV$6#O!ZX@0go z1Qgeg{rLN{7{5;rdK;RP(No51zT#nm?x@!eLKK1<8Aey$O1%_-(&%j z#Ghn=`1#+-0w}$|kp;qjbp|#gQr=#478WMKfT(-l_bhEYRu3k@_m+w@l`8lRJ>3HX ze;JSG!^67wCuW!1WzvU5Zv6C^g@fH*b{c?fhT8WCbG6m!+l+|6iwTd{hYfBI5Jo3q zLEhakN?P(%c*buO(LKeTJVwrky6l_>D$aI$5yI`7gMHE_TW|o)cdv0Ap9U-o`Q;x&Ze$zKf(liRRp-UU`i#Z+fIclCrQY2dA@AS+z zE^Hb}ZqHoe$D4Xdn=k*43pU$5yF7m50y(vBs^>H!VN|>0^r^^#s@g3}?mnJ6!7!1K zdCqUSDY7B%SctpwglNcMZi5GWot5ONIo{QwwshxG%dvC&EnKkr!gIGa!oEMw$A5ga zD*_|zL6m11MONZiSh%zcWIWZnX~)ZXp@ToA|vzy*<* z{(r>*U1Sgf&X+HW0r|p)QDc5@8Z*=3Gn2NCnV?za&UodzOf*TStZZ9nf<=e*~ z53cbdOqA9!G&$N}hFd>#?2H!9;M>l^gmgm*W88~d!-fCV$Exu^_*kO^U3+U;(m{FQ zLCT+U0k~kUQH}ZrlLG0#8d;Z-M=_M2oMj^1SXo6cH*7I#k5nkgp2EnlA>~ct5=wmh za8BTu^#cxQzRxaABgeR7?_m;;RDFk@c~yV^6~UQ(e3N6YUuyhk1jql+2oCMo^SqZq zw?pQ$=?uE7n5naQ1cJJWT5oRg^Wbq+DYKy7R8CuOmD~ULtXYgfyK6Tkd!|J+&t7hg@s-sK9l!7?n=w|!uAD4 zMf)QfKRwuL2)M8Kr4KCV*gCi@BGRBpVm?TeGUw%XMJ$ULjk2bpz? zUb&0iF}v9M^Qux%1xrFBk+y;3z_$`NR9@%84Od{+pXqip>%{dNM+(9 zAZ?)X6$eNC&m;t)=ZQaA-P$0P-q*|D(mjv!`*w&sW84N}R@^nfSn@npqjY|rpDbHD zxI;83Z7F7pn>i~&o;7ykF7#8kuw>Z`IHa4*a8@+9%bBo)uG+2@b5?}=6i1jrZpNHg zY1;*KDgeX-`=PoKpW;oiJ%?0auq?9*7?7`)FT(V_Sqz9EJijXXL|yGUQ5u*#prSv# zRB62i&?`JcOr;_|K_a^Ts_6ER0(F3j4vE|SH6F%?UZGUg@nIU$Kik!;Ay+L0=6jgi z;LY+d-+ zVvc3=cm(r*pDLgL_>zzkO)%fLNP*MJ9q{wHmX1%M1WpCNu`LECM^2FiDo2jS@ThZd zW?U#A1plYo{nR?~-I?c2aoC7;&xXx`m+@ouH{hZ#r&hF%tT0UAFdq2mt_%87z{+RD z%8sDa3?O#q;$$kDZ%(-WQfD4nVPuH3~X02~#m*iWW zDPvjuAyseKD7NKmp(!6or&f^ziq$Apd?kkpv4nmsR!ZQi0m87xeR(^-!mxQMe5=9C zL|rF1G9M+gp;+~Tq$-&XUgWcb)&CKQ4TNd=Wp~vp{=3~(|9g!*8bGo47W{`|?*SNm z38?l8=`mLSe;R&apT9QzU<`CiUvx;V^hp7IecYmps#i`5t`ZX&Z=JA8nD%Y@oVRqs z_L8-dVKkBhojtWryl>4>>TUuNBU^2R)RW)dV*f7jw`!CWxybP12=>Q87Wq_u4b`B2 z1!JM%mnx0~z?g|Exfb=%F)7Z^tYfR&JpgwsiE_C-U|vq!@`^w5wAky## z45WA9VOWrC8RQeGld!PBjXW*gB;VN(ETe}azlJBZR|Z9;qU#~dL{BY9u)larag|5qVe4*m(7z_rlz1%cVj!tPra z{yV;wd82w_CQm=E?H#tSCN_b@?$V$oC6r|YCfw0FD$n_=zCUgHD?n>ei*vnw8c4D?hCrTvxb9Ea>Ollu&zveSjfPQk?|b?Rt9kN>&66U{*zWNHsD_Z7)>R*T&GE}?`3;TB-9nSm~Z2q1ODB4 z3Rp0)WAjM(^3%CveZAUGii(+Y(<~>!EJoT*+;KF1Z^wdjpKMKb3_9;V(2C9M)_>*2gTIV@J}(4ao?*`IhW^a(l^hhRA<}bgLo5V8{(6K|r=^O!gzb-12<6K=k5= zhz##RK*6cdmtwDPv!&1FB)V!YrnOV#v)dK^4DxjyFD|p~8SS;iAU zo@)d`#LvV*c5e3&;Q_j6ZfB2WgG8AcT)gyl!SSt=L=ywDN3AxiWV+&g=eV~CyjD+H znuU|Q;gzjfxP$=azDxU8*EcM{AI{#)^xztl@jb5W z6J*zlwQ44j}znG!^Fw5c$;X2&n!tQm8Xe^b($k= z5{|GTh4)*^He@J%c@|iR#Wv+?#jHKm!JdkAIn1y1f=mlCMD0xwM;c&GEp));R1Xx9 zT1mLoNnI;ylsMT5!VnQ(M+{`nAnV3GkZ=;2N!e(Xr@M+xNomqjDr7fi!XG24;i_Ug zsIG~jcu8PN?|hQSDj>)dZQR}-?@xFGn!m}5 zK|jje5|EVHubYJ;_6%A}I9sZqru8{McBVyR+H9(g&5)=(2BLAMCA`om$pxLr z7hhg+qg6!8bxdvkn5Z@%y9~K06nJt9d)!{mCe%YNLNi{Fuc$v=ryp z_#uCJIiT9M!VlFa*ewWN%e1irwpwb*#Z-LpM5ja2O7rh)x4LS{bi-sz^lMM`3JZl6 zpr#wknMY?zf$2AKE)sj-Pr46`&O_8FzKLN+pmfQ?+nV<=P`Y2XrXnKLqmHdQy}_Y; zz@ex`*|##*JXX-Z1;g7#A3D22YUKpG(MA6bTW9&9jseJdxsEc{=$nbBZ;slZQhxq- zk?r}m2@^1%>lg3VS!nkV)7RqLyVOe}UM{cIsY9Scsm^yR?a)%=C(TV3o%-*R!bU3( zEON1`7MYgR=O`IL*kYgff7B)MIExy~P}9;^?;+q#f0py5LsRLV?+}(yvBd8}4eUhy zQ1BxSQBwCq^8jl={0sUY(}}=rq1s4R9NCA$;j~{iM5s1#-P>6#dAJg0@Lb>H>`mWncE4x zD@_4xr#ub3TamZsGT7!tcM^w_e9PPLiZN#Ph@y>n6_=5lE#|dr^}JTuG;i%v!l9!x zQ~<>VSfgIiQ#1&sbq>y7NBXk|f`xQ+jlT%cll4p*h<=Lag=b(i{Q5)@BX{RB=HB_+ z#)QqW??MkK)*R**Fr4$3TuE>Q69xARZ(*T75wjI`vU576l=suiXM=tNxtEb2o<>@1?L{+QS9#9mT5xd`C;u&A}5PI)X?` z2uEbY|7u3+gvkq5vWyg-o!!H&yFfJH}sAC=~lW7lt2Q+ z91YHKKTO~(N>x!}{>3x$Hc!RQnt4V+dW-e8K^gLRg;Woh-W(zu zD~4+l8_(fKk=TjXe19=sUl;#4M!GEA6SZqb%dzujKT7!zn(>4vT%S*WYgy@}&6-&i{o(~6XXnbFvZ6kG zykPdL@u)4G{3B@h!&vFHTz^K(@;|YLjQYQVcFrT;JMl~Plgr|-#9RN~co;y|NrxAU z+?iEUVeZLPlpD>*oTcXmbf6!zVC7^YJ8OIjz1{NO+nF-w;;571dPZHz?b%rvI3Ob< zzMm`h^0XJU0Yu$>KrGVP{;DF5$>{8l2OkEd$@YO8&gce)2IEMB-+k^8pbPS|!yuI> zM$~oC|f!O%d)x z-B|xh*xjMt#Jd27lzOHAJ6Qmvp%M+J_*(2jWY5v;u03p(pG? zq}XNm>btj&oXJoEUinWA@kpL}_(|4V^9uaQhme+wC~EsL(oC52%JfT=On`zY;wfP! z1aL==#dnZl+WxjyR#O?J)blI)FigdT9!#k2cFrFDp=@M-SOLi;dI^;y4egc!_z|M;gw|$dULcc{a z!sCb{X(ibPtkCfhOx4R{2NuUo=iYK;G7a7Q#>@7@cu@+MwKR(*X!nK7m)5$Qvd92U zG0*=o^uFf_2)zd@{GUZcKcHe@(?3K+HFJ>(Z4-2`9^|S?<2=Dp4ST!1cd?%Ps`D9{ z!DDsP+oaDGwPJr|3#I)qDA15g^0*3ruaQXL1ic;l=xK6LG$^ekQx8j6&X|jd@AC{_vn}E zlBP!B0$u+2w*wLL3Qe)62J>>yR^sRqgymHTClS+~$@b%jt5OoJC#+s8EsT?4gY!2@ zFEYrcK1tpwPUDWFrT{0o5~!{H-o!InUalbJYU$3bph-m3FT?Rxr(@!KRKcCq z?QOKJn!6#YPo#%^wrPR0YH-+eTw(b9@P+F$elXI*msvz#1VJ?1hc61#z6iaPx7-9d zV-ra;KpC+r$Oz+!BN<>vou>sN?5xg>S{{JkfP(#XF{FbLLhs2CIa)a3z=bSrF)h z&_Y1NJ*i*lp~a9Y;fBE*?+3#Jr`qsvMP04I+>>^Mx1j(^^o4Iky@AaI0sf|3OsI1P zO#wC<;N4`7Sqi$((&);Mv6cqeeQ3oPR-q_(u-sp*D;2=~(rp@KvQH`sN(HO5$fCU1 z0)kYSbV|+FyP{%AvEXD`tcZ=Uk2Vjg62*yf;7Swsxwk2hZNcRjw7*GfP$3RlQGW7d zVf^HJA?N|k#V|7M+xf#T>T_jC&_uex{oJ7Ah$dYrtj76%6RO97(er5wWG)m)LLS)Mw~ z9~Z;Bbes3hUemu{uM6g~JNvA+@_9W!9(ZN#^5%Ez+D8RH^%1LvP!Gf*Wq($rCLjB6ojh%e^x$2b|^|?X|J`;>M$W1Unr9nCR(rO>{;XYT%@%jB3X>jjIZZ zP87dd!jO^pwx1h+wNnzPr5B~RegqQw5(AHQDJf~k`DW6L{H*eVG#LfrG;5@`7vV)B zP|rQi=0-hUw5o9<)pBc@-}m9lOGY0;tlxO#d0?f`#qdpJ%+^MET@cb~PYS;kX;QRx zCUH;qi}g2kPa3o{_Bi1KQWbXz1DWw{b*Fq(>UN#W@&eFMYf>5&_l4r~vF*@#*(M${ z?Yw5$G)xatTlVYuiA8JEmwdtuvxhcAiHnZ3i%4`$plcoY^_;GW@NMpzJ0BVh72=Vb z!N5&!X5b7!w|wda0J!hT?GW|vL#o}xGHV)jLeKcHh}30aHc1N#t1Hc;f-<2#)y@RZA)nM?0~UCYMMMTzL-|s6@bK>8YT`3;Gy8HqH4!w^~-{JiTPBZb6<0t=XH(v#Q zlrErJ$5S;<%jdDLkF{n?`4};zaBU-ROBd;=oqQxTOy%_v6&vc{K$c3t)HWy5KX;~< zz-QhV+-F`99ZVt)+M20czz3w9E_MDMH6J9XdsLz)oBmsl4LK|hbj^j%W#BV%7CE+y z&5HyjSde_@CEYM>4wnbWxWf<>--7B{6Rp;i>1Z8CxOUoTtW#pEuY1V{O^v^lJ&<$fHuTALVn95=85ynLt3t3~1o zC0u)dx~JSTV7ykWn~O`Nvz4|AAuZK5&-V+xSu(cwL05PVUkR5v?sqW`QITvEMA=6S z@}G|~n%55xhbCt)h3!ix-H$RdwrFYZaivCVAD|5T8-=I1fXdLO;y$xI$f!uV!!|NH=i4smu!l#BPVIt`rX2P8F9j6O~T z`j8XfXdkO-w$oVkAZcQ?LZc)Tlx7h!OMF1G2Y#eDbLNxxBk2~OYMMXor19+lW&WM_ zRmSyTmNxn`kKxYsVtY;~?YI~%=^zDX6PFob^gMYF)J+{ZU=>5CX0@pS2)KOA-6{rk zUO#S+5BMtDti~#vk)~m_^(eG~_Ud^0y~ufkV^Q1=cms}cOgtMfy}|3f6yGcbEhwME z2L!Q9zL|LDd-%qZT-p_54GllNc)#xXALl3Vd6c<-%IqI~nRJmCTOC2x=F=AknQ&9DXtTjXyD-xn=HDio zZCeqF9GjEG3_Ks${n7R=-ZL%!Y6Q!;tw=Cz!68tkW?ZAK`m<8|X3#86va@mgHaIhQ z7%=$^nXWvJehqTJP^( zKqhF~62heqrvh1}OE8Dfz?x$rz?#6C<&LQ)S*6<$J{2s{73)u%9hC79tst!_GU7WO zt~uceq3J4z?}SqI3eTPkqhM^)`xRulZ3cygoo!1nHZtiv7OJsS>8e|EeUZ|TxH1Ny z$0-F~xx*y>NhQ5NlfaY8Ez$Hqu9tp5hpCWxBV#9Z0Av68g&H`DT?c(N&SaOEs^Lx7NuyEQ@ZIm+{MlIL(9s~J10 z$=xOAOgF!e3^hlNTB=BbxS{6z)IK20!&YQ7CJ=yTW$SzUse(GZta*b+)j=65a}R8# z;p@@&ppR6zE6qQZYanV;c-D$iDv-(H9Jm*{%=>VRhYV>pEppYq9Ii~6fYW@roOFi~ z9WGI_>`-r-I`c6zSMc8GCa*a{ zs}m@zN>Z%i90rwl*l_o=KHO%nfYC$GcEBvXc>+o7w&J&y<&I~^N3PThP$;dj?;l7> z2sVnyPw%i7atpOi*ttxP!0jS2BUbzXea7WC@ z9X6LBUImM}i^?Zn(S?R)YU(#bRWWrzs{Zvt{|PgIh86eFEMEFX!DU*kFgUdO3pwnd zOB#4xPu^u)LDBc)`xJaRdM)7&T|kMJEJVWuhW^`Ox$b_*x(R=8}Z zhf~62oNG>LjbCK#q&c@Hu(ww6bmvo?pp-lrmT_gZkfAv8&ZwO*OWNa(@1YSfr^+d3 zES0{arR||^sLT=(?}RY=SV?O^?&Zu7*qKDQ6}R>t-9>ktB{Ot*5fbd~ft?+u#Bjm4 za2)X@vTI_$%2`hfA3-z2!*jU3qxC+?gm4|HVQ6ACoOY6}}`Q4Mq#HiNBDK4*ok?F8RWA_)Gw^8?-mVMp|Lgm>{9NOokvc0{+ zQ$@jVF>@E%+t?_CFPnKYTMy0L1$xL@{=i!a17Ny2mM&JtW(X!Oo^c5SoOX6;Z!0ad+66p5F(en3A8Lxld!iQ3%dgoWlD#APipuR35?0oLaR`IVW$=-MBkDcxtk8xjhjq{d z^Ah{Benu3QflalOQ;`2Xm18<3ev})s2VdNhKh$ibeEhMw4H3js9{2yp**gF^`lx-P zZQI7QZF^eNHm7adw(ag|+qT_3jcMDq?VI_Z^L=}E?{3|#o2T9+l}b{T%3GBmpYYbi z6?)Oi5_?oHvQUg3rP8B-XIp5-)FvWFQRdNo=-4< za4UT22@D-KlDXC_DgMiU8$>)(1|(8Rz<$L_dhzb&;!a>#rK)e>?6@TW6eb!M9&^*= z)ZkNb8Edz=(9QP{+LfuNvCC3LOSb*Kw!*{5V>W}LbXF_gzrbmF;=S@wMaJC&p$6_! zTg__CQU@HwlZrCI_qGeo%0Phw!egU;rH%OD=M_#{+D1NU5TQE>+9YEH_I-k6}?`$BU4R29SJ(;6aESA5W+0K8_4gYM>Sy}byVxQEdFX2!ULinV^CT=o~WdJVzg2fW%n;B&Xy z5PU>~DxH=UBSUu4;|%gwoG$f<=19#OAlnQRPz?UD7wYV4c4_F%(V^I@{9O;+smltr zw((+Ub;Ppxjh%$`UHU zX0&zVaVmuE{WXZ)E4cU_>&*#nnChfaz#7 zf6RFDYvxaueNt6%SqvykO7TzB7;r8pnjIBT5W>sLPfypUtvAmyc;c6-uT8bxe(hNQ zxVWd2w<~$rk0i5Pq&G$ys5->*v+$>Y!+qDDS-1L&%{%d_4f*0bwTm#YS{L5_RfVC% zOcpOaStN>Y`%%lcKO#7(1q2xoY;AN@>%A)1ukGPN5E;En6M+WA0UsBepB;*WgTI^q zU^0n`a3pi4pyumoh104f5*p2U+F@(eYgVQQ*X&8ZktXoV-}wm4-&th|wZUd!Z%8VG zT@&;2dz}d;(v=d5t#mzbzW@CWB7{MLV(ogw;$A`!748V!yC^fGn4yQLI{S<*#ObMO z7|7{2L2W_pVA9;n${$Md96|#-SHvlXO(4t{j5-SJ(tzj_G<*=p;qqkmY66j};8f>6 z$@CqqIWtgB1K@wM%g@RXH>|(mTGu9`kD;b`VgBe(xT0mK-S;d=^%|!eam;>={d#x$ zJlLB$(&g{w68Lx=U+K8o%IXOO-v*pS^gx8iV0yrAJAt)8co=?1MS%N#;IO^0{8r)^ zep2v-eZvj#Eb%Hofj=3_9{W)2)IkuWdeH-X629s4nE#0Xmf*j~exJ~{DPJ7jp;S8cKt%-(K@p~A*0k`bu zATk1;ARN~~)!9Os4MN}5rt1hG1EVF@gI4%qlR#z^`0Tj1cbM9!&J#RMp+nNmcMco> z8oRHnPF9Tq_Nt;?D~YEXo*KbXuI}#-Xac(xrj4rXg3EWNOAUA6phGNkq<}qwKV~I@ zJ!YYs!@SYEPP)zQ=>Ut~CBzCTsIygLfMEgN#6pXv^TbA-Qcj&shp4TqV%T*C=h_La zTB+K)}(yA7+FXQYk^iy-I{HU`|?{^DkQOBf}AxcP#}<$3etP}D9f z-W_Z?2^@q)iaR5x`RE$+FLdq_AI7&V#Z}6l`HkL+LCG8>k%}tB08A*%jxS>RMBdv_@SaVG4PVy)H7+efI+WzX+nVr<27dh54Bgn0WQ6b?=EXXpaK z5Z*cXzBLx_76qyPc@;S5odCAK@~7XZhLGQn1#tTwP5rPpy2MSt+seo|SXbgp4mIwE zex#=kOOYDKb-zf=Nfy4!Zj}h&1qK)!?1eJ}Aso;L{wG=#Fk#vJ>XE@|vg#4rP|TJ9 zFc|rok&{Vqdp({hI#Cz45E0)3xPDtv zKS0i*?z#j4AGT!O>jD`D9af?Mj#8t9j^d!1MH|NT9H<-Vk{6M|&2(99bjdp0G=&GZ zvr$E|lXV9ElMG|qzK1Zz+D#;{O7$`=xWXq|hUL#jO#c~tP4v0=9>XO@WV08wlBRp8 zWAYC%i5kBSuoDA=)}-&sn~?8TKw5IG&9&-ebiqY{4|4EQe9FN~HXqfF!(FMeV(!l? zQ1Lss{*_u~$jeC1l!-2#itb^_U4&KSX5)72hd(K;kXwh<6B@Kd9&bdCjEaImg%N*> zZZ1Bw7u@$dO{5@5AxUHv$C0p+sFd}Rud#mXDr?xy2GYL&|RBDOSn+tIh4=fs51{j3wiLj#4gCt8s(IWNLVHCQi z(r6golxXs2rb%~wLmBZVO>h)Gm29V3#NAmMBp6T!0#hMtI&&{^DjaN6Zppe7En~2% zIZ;JCZCgTxs%jO7Pp28W`(oq!;&dLR=v)4p3i%bq!^R{9xHpKqzYIl$EhzQf1daSe z=}b{`{}4sC+%^qId%n^HuiV7ye@jq=I%bqMFIF2)dwmbb6WWc^u0mqR>$ok&Pb#Jnn9I&=85;SLC_X;T#1k z)v#QD>)9C*MvJ9*-$7=fZI1y;`bgj{1>w-90y>dp#7x`JU z^*&zdN3J-So)3p7zFU$yn91T2J0pZReC$8L z%;(awf_z}}7w?PEO&z(j5JQt*^3s%s@5tNoNKwX)_z>OGwSsv!ZCsHR#l1#YGnpdO zsxUkVQ*kVsBG5it2~VLN6r1bPh3H~`GZLDM;OlN<9`c_$cf6Ily0yl(2cIV^9{kc8 z{}8wzCe}jJTrNJWD;%P#G(=YxHBicXcQKp@lTRx#JX&=>WS#JDqs{+Ibhsj(12}a| z>Dff3MY~VX&NFM%t_ z2&?448g(#aN+@_r2&gJFC~cMub?`@7L<8>x1N@Z|hO2~@Zj)R0EGK_7Bo~iP-=2Y4 zVy_1>018m2T8Li9QjvI#hP6IEAH<+{*GUMW(o8B=$R6G`|@VL{QBT+y3OW2 zBE8OJ%*dP5W@d4}I819Ac*PiaY0Rq!*Z0ymq#nFE*n47CR6rjq&O5CJf<&TbRT>L$F62WY*N`Y!hGd9=(c(f&7+DnN7b*qvR_3F%M_alP& z#yU&dtK(eSNYk`POS*_KPl10>v!H(}enjMSf-p_DEZe71=%~*h8z!q`I=8?;?t`AR z$m|noQH)d27wNK$syWjMG}1Ezoy}qPGez%bu_7s|<+|uN1E09kxr>!pS!c@04Vd>C zuQYnH>O3`dzyTM5+-a$ZdA(x6IjC!LZ5@#k<;TO4uCKNC^E5Y)@RpC~Zaam)s(53# z=!V-z*d?WKXg&2?k%+;ZI@4a1(uh#A>tv$^wQ;I|qj*CUq+z-H)%bj^;U?|;5%y@KSn4UY25i$ljaimVx1(XV_`!3b8)}J z5+u*|!;+@4s*;x%8Y`bRe?-k(+4B?4+(pt3Z#p|4AQ98`JMXm61p~PyxF)fe3(JrQ ze`(%*=vP-7@ngHnBg*3vUu{5EDscFTHIf z-&s&2=*AHq@if~ouPQsM;yHE$uh%#*pNu=hXPb*T8c73bO8srpRMNC-J(>x*z`^iK zC1(+=StDyI#u`jMGTllwQWJJI#QA&au=`3SPSas(5v{f6Z{{L75ZD83NNo6#WX3zs zB5>#vRb%kF#Fwlw7?H&m1&u7XWs)I8aL@LlB~<)Ejadrzb37UCSXxWy^jz}q+=(-E z-cv!Wbfk&#bjJ2nULMKWXYN|u5DWZ^4gJKLh+GQ|-|H7rrl-PE>5HZc)w~VNk_`pb zob}9_ik?_@i=?huP9U?y%K1FX$Mg%)@kr$Camsu&gveFDrf0`S9QtpH+k-3!ZOf~M zhcj*4&0Pj)1IKwFn#Q0##+NmSq$(4z1rir4_D-6rOpA-{vyz|me~~M^;Vn?l6}hYh zNL#_iDpbw)oe~ymT2?Q`T0kXR2gd2(I_{VI`1+mu%kbbe2C*S&&Y4%pXFecmR#_*5 z9;<~{LcU4`6G(m3_`Ul7GpPExKGDb33SX#VnMPb-=Q(XIux~WD4@51pGV0W zTowQKCCN`%*I&-GEBz6^##*D2v1FF-*sd^hg8Ii{{bqHdq3beF(a$Lm{Yu%QJ$<3; z=!9Ffd=!Gboykw-Ee^)mbZ<~l(Y@`me$&vSWs)S<^G5=ekE0_=eJ-=flK50 zTQ}O-a>YJ1$24qZbTqx?4b7XVF<0h*N@CV}=7;o0frE zgIe4A*e@1c1b0koK5Fo`3T({oh(Uw3%(&rqVsaPRP<s#Ze);58VvuVj|~wNiqU|G(Eu&X zItf{Ll`+jUk(lHgk~-WJop0LxvYZhf8a9PIWLeIKDW%iYkQn?Jh`&aI6^?m!Utyg= z;_yTgG7$sXjP*GuC6RQlU(`V_{9`n>P_1ogbxE`BAgax%*@}Lb*;$`gx(fp3;ys8b z8$rzr`i7 z{9B`Y28Z97bBcTShGs@u;TWJyMdES~W^u>h4sgNky&+-8hG9v%ccuj?#hdy;-!pad z?NxoDkPw2^9L}{!nHxLhS4j~fnor{t?R(N_4zTOWoP`ZzQTN4S5JRhNOgbgI=~0xP z;sbc+n^Gkj!c9_9#%L)Tf8&;%1NGbjPuK~IPbU~9P_3j{Y>Q$)y&tQ67^xRaAX9`a zTP!9to+7~f5+u)9&?S9~OYiphLvu`;yoy&of0>eU!41B-U>@J_aw*IDqWY=Wi#U8m zywf6qeo5H=7MwmB-6wifZO=?TgJy+BhODLdWqRq=ZmcQ+DZ%=h4^Sit#^ad)+}US_ zrlGD=wM;}VnIg+yM7lxLL0|CCp4KRX4w51(YZ_9v*>_5dv9k=MvDI0Jl0ck5i=Nl* zdEL)#H_q2iY)OtF~nRm8zDQy~8IrdPBc%b`I75GJ8oRY%*FNL&1xhkoXq%KHQdv4*wMFvtg`7?yHY1WU3bhp=9;)pyMCl|$;x+4 zD>f&1c)P7J&uH-N=o%1i_^Mpv=m<4gI)8}GPVX8h$bNxKms0@JCt~z9;eXY>BV3B3 zIql4Ht!?H^5Rmd)Pkuf8HgZ%OV9m1ZRJ>0aGj=Kj&ErslW5Pj zrXXgG{bzCB=$~=$mmY-Gz{gxRd8v{%35zNjtZuuoE<1sj!3L{mw^S%umbY*I(%5iB z1BUw?*(MiP!pyy-SB&y+2Ol21o1vez-%%7wPN2r{;i3lzqRrbjEqLqBISGkqUc6FRHt9X-%p!C3uE$LXW9 zdy?u{9XG}Vb-#fa|F2eI#b2v1CVJcG>JkC^O6{CmrJMAL^fiF80UEWGu!I_$h%?^N zO%Zd7hLnmhQYkFE;$Z@sxn1nBU)?zFE8JT*#hUvL4c$aB?)bAixs#qcHUTG0fYrmQ z8EW=1FKq%q$6X$Z(2tzU-{Ahz@#$yHkbn7vuCPbO4o&&?vC8t0;WDBqZCsG&!)eHQ z*Y-m`uXnWXM37+#*oihJVFeL^vPX(aR#?h&`pI8EKC-XC$-~oSwjzxPx}DpDtDw0` z=x_RAcD|(?xxLdh(~qpfYJktV0@7xGDgkLT6up0^&BpD;qGB1YBRBhQ_)i}p-b!sR zNg6&ZsJzuUF{jvjQ zr-+GtmfJG;w@}%l+L^(7Y_jeEmm~hj?@;K=ReQwxp4xLSj z=|nQ@^lo)V5|TnR&U}2B?tO*_HcItd9thtFt+EBysZGn7fK)!PWv#~hKBnUKy@$DE zxY>Y=4I@B<(Yt0IK+dVX_9>4sSTa83qcG{z=;2Mi`&Zyd9>4-}#o!!-D;$Z<+~Dd- z+;{Tzlqw~m^x`l4(`EBCI-r`yAr(zftO(lG308P9N}?#L7AavxG;Ge+5Ak-*x!tLy z8MPvIZBk$l%)e3k>X|jZaQd8#x0^;7d=Vvnge*7D4O9|Vh+P&qfp44v6o>4RubY+D zuctho9!5J|4^W(3H;gI-k(Z5Z!d4@@1mR2=??XdK&wJrvzH&>1 zc0=!rH;E#SKh7tfH14xsMeNhb}KJu_YkZi5iLOPOAwfBS z2g0GbGpVD~a2KqB$q6tmdu6JfOoEBGO-7z|OBM%aanvM-qF>va#g^hG`+(E17dg${jj zsEM27i2)rzOrfx3XmE_OwAV5a`BNxhWX@|w2Yb^0{$-L8XpAjC+~-lKnV9HGLx{+B z;bCx}ZlsAEWDi2zOE`TPbI^+e=e=t!F9!JCnSlG>DP!8{lwB8hyyi;p!G5<%PC$fj+fYi1 zK>jZOcz_0Vw9o{2d{udW=49x zAmDFZ5utlz0%oQANL^8>`XeK2>l+aJd6co0=6v>q-g?suZKMspYs&#O=}1pn`$9VjFVV2PXc+ z&T-xI3ver~gdGkaC`57m%fBgFN7A|dH;XQ>(Oboy>bF)H%I&d<- z1;XCh8U6g&^jrRTCs9i$F#3;t+1;1d;`YA~WE(+2|6WowPq>)ae__ay2(y1B%#c$y zx`(QjF7W>|UUu2nr*QS3<_(Ky*WTw1i&6FKUI7gp*x}TKc#q}h9*%=(RqNfurf2`R zUSjr$VVC>V(vUBdFVAm5gqcpKg>?ud@S)4e-+Y|fBf98>taD@fNTfK4&D_hN1P)?6YKJYX4)xdVX+}=)9-jK#xjhULgIGc zx#^256W7C(<5e%2%yllMYn|JkoFSVMV!n7$cv9JS!BYO3H+mrdY2Jwamw96$^4GlS z&qiQ&3Sw-SiS%n#3(E1Rj^z>>-qI2GuCs2I7LLzKg}wE~Z-l%Mvdm49bxc%6(tqwJ ze(e9)M`dA!-y{o|o9LE5bG^zJB9T}Wyhwd|@?0*FfRLS5alJ}lej~*h5_ftBe)FV9 z=A3PpdyM0qQ+b8|Cu3Iq?~GaQKN+)I;aByfp8q*y7NwPvys$+O97FP8e*aF!obO_j z%Mgz+MeF25^d+$&w__$^8#lweo2ozD+4=!V0SF-eaO*KxDoc1;PdtXrpCFgc^~o$( zZVp7{A|wOP1rKmv)JU9< z7UY?b0!fjz5%upjC;XJ;`+1N*-(aSH#MpD{496Ftc!Zlv7q1Mcx2+iRL=XZIHi?ez%jH_^2M z3{W%LSSADLd}gExUT1<|XHuH^SKtOB&MsY@%Nzu#Wo!G>?~-p|6e_dHifjqVDlfoq zisU&Sf_i?gZ4aR!tY_+F>p&sA7mM5i0yBs zYu-(duZqs_*`GJBYS*}=s*!#0x zKwzG5t&E#NudfZ4e$aDH^qZuVWC{wi@_{Hla;9e4pYF7;j2%%G-lc%&8OU^+V@#I3 zAFF*7EFqugmP05xLV_#H#Qwbp)l=_&i!2W$8D4rCBpI0K6*nH>ff|Ri+6!*vy4S+Y zhI+}Am z@f>aGe5LGBNu9Go$xjuocl9+#&xEJxRG{0`o&9C*Y-(8GYo-?C2EG`fj&Oz1M6ybC zz^$V*4Co#(!a9i`{{Q6)j>6@);1uVeq!;jJ_~PtGSy zq1q1Vh0uf<{C!_plOilZ$O&KZVzOAWDkwVygxCGNfazZS%rg)M-X2zFMRd& zWe)9*0#=={pk!;`R$6_-HO)SQRhCb77`&LN6WoPz_9JPiM8-|>xog*bzpLvg?!9Jj z`|%p@m0$N$SZXmdoLOl(`*jrBv*EOEsR!t<K5}^j@Ca{i+@7O89EG4})6n@;TRO zt;GsN{;q7nXc$bB8VG83+s#_*B~>7WArB8I=_Q?k zBJ7CDa;%}XG}9fdWrjN@H2SeJ@gmYj*-Jh5Sa^#N0yPIjs|m~H;1hGUE5@V%hxO#Rtb_DI&2TTSQ~aOV6IZo16=->jmM;fpmqPhGC_oUOh4(k-;<2c zyyLK|#F18OzK6D6i?Oo zjcoS+p%*m#C1kjbEO|if2nz`9CV|=fh6Qe!h`fSn0h{T;8KwP#qmju)&o%A_15zhI zq~G6IpA$p zd^>7xBLX0f=*?#vF>&9_J8_K(AlX>(66?p8-eHi21bFh2;<5`%p}b;rMeSydR@e#; zm)WIxNZmw56nR<(FiLg?f`YU^f-~}HQnEj8+m1YeT>^G~WZPAW*HIJ{#7Z>pw~Z51 zAac63z0c?q{ek7K(L6MEPV-uCN0`>JcrfQS>J-+yIkC4q zODthFlsZdr+|sDfl>4PtwfuzN?w%}A^(@@)#T_cCBclW<+74Ez-mh!@+c`#}AoK+3rOlv&q}g-7?$j5tD?9_y zS0_Jyl$bwulQNt%$%E|^lF^4HkV`1nXxH=iFEZO@)(fBhrHgXPu&#vLf3}o(Ex{Ip zTAwld1Kpg?3HE)H2DYi50`vmPK#ZaU*N1BwnR+HvDv7V%d`y_Y{w;8WCj1q+-)h>u z4}iW0CI_q+4$G#7K|?n|aC1RShA-``vA);pk(W*v&*d#p4yg>>9f*{rcSdgs_uD4Y z4L;-$mXXDC%dh*w$qw&}8M2O<6lyJEf}w+}$#*T=`$&`vD`_?1_)qcCWg0CofLp3~ zX&VY_Naam9eE-#HFG=ZOF(%b`_20>_H5!R>*@46r++oKzI2mcXxZ|0(V~(r*FpQKL zdenzXAi8{eN%qF=5!Sh2crSaApU+*q@r9{_qRK>Q5c|A7>8q5CJh%V|^!BbUWo-Q? zy1qa?mLtt|oP+t{u}E8xz`%26r7W)uuJRD)|6sFP%%uLVM}g7oNwv4 zBSb5y?Cf}ckQlQtPmZy^Pjc;W3>@)2giQw|yUs*oC;l_pRS_b!r|$mLoB4Ixk8vML zae*@o{!|^9Zf{cFD`F`687i+S0AImznrJgsFD@R4+=hjxiS^X+jO5Dj+6C$v=etj> zWbUyc?EdC+by*z@)iC4znKPArxtpee+W)h9r1YB8cuzJTH9nW+&@Bl2a+xzt%Pnn9 zsABE%ktek#AmzZ`pdr^gQoCgTf2IdQPus0;|C6lj^Hlov|CW_4oU&?WaM#G$9hhM2 z_SP>+U|F1m_rJK! z5LW{i1?jR5$;}`CN6#bMxN8^C^O)!OqaH_Q_fMXx^9W4a`H7yYL2kNiMC`v&_>Al$ zQbc2R?+6B$kgF>!17fKR?Zny~{|W-s;o^SieciFMJvB3MjuN@p=rgsMH#*j_X#Q_v z5^DcNWn^0kLpx72?wI+G>ATd?(FZ3`?{IP@le_}Z7r9d(7;zGhz^D}D9wlnEzHq$N z1WivJ;;;V&bBoRXgSn^V#2fOjWV+G+g}FC2@)EvB0F>Hu*nDY%!ueR8OjUg!zjwN@ z(|0MFKl@JXSO`>i1B24lU^_c;iCe;B;bIUhhtQdS)Jv=3BOQf%OoYXe?`m9z z(|I4IPqKs}B#_JUk+&XEb`sSc+0i#m{4V&M4)F6FLh*B$vJM|v3|n1!3W_c=EUys! zMkRDFp?p*WLxUpO*<9A5>QCCIePp;#H;3mIEg#%51O_WH&re z<3>1qpmqK1=j7VY%LBTn%aos)6`ZEynf2wfb3FRvnKhavmVBm`WE7Tdj!pArnnUU3 z4*AqlowTeX?c|bPR>Ri2r}7=+<>~SVnbm~RlIyJt>n%k#KV`yc2Y-<#ZZW>T{kwt`>h3UcxO$eiM?X}q$c z4Tq);3)NW+^Iq*xu2R5;?Vg7w8nfj!gbox(idBH>j<0PD&pEQn=1}$p#~i3IJ!cW( zhiK0NIBC%%LJ+GbFfm(voP`|u$}c`9s(UOo_dA<9jl#SI@Wx|oIx=2@mV7l{cx&s{ zM_>C$9|me$AU|~|AUzf|Lm)pbY9PR6Y|DnVV{(z~?|r|_L3ZF?o3b4?wrc_2W(#;; z5AbK6UT-Fv8zMg{i>h9RI;87yljDb8hBjqCU6)K<L53KwIfVpaG>4^Z6HP< z#$O1G%`MP4Pb&hcVl>{l$!(ApGm;87)|^$DAE?^$z_lQ?^^~m|l3sy&MIumc;BLmy zor?R4Z8LS!GCB%Y?oh4FUp(7mns!6CauA1Vme6epR|J(;8=S1S3Zqk zY-#v*?`=m_U45WBxZ|QK@>@^+WH}<_4X+?#O+4=cbo7dJbez8fl~T7k{2;`eDvmeq zokT*X#icyvs1A`5kuo+T=5~WE|6OuZ8~Ffs6Q1%*&<=U=wGUk0M~NCl-iHNn#V_Qp z4?G4sMkC4rYX^K_stBC4WuN402Uu;Qn{}Wf4@oKD3OptNa_}oA9=zRt+mn_^*v8%E zLPl_3m_{}DfG4E`s!rd&%pQJd{1`?GZ+=_dEOKF68(PNOgA6M`NeEHwY$32|rpy^_ z2UI>t2w5x_ia{&(zGRs=mBJbh)WCg$zJYj3Bl@7s0k^T@k@^a#D~GGKSy7wyuV|$3Up8gqGx8(@+)Fk#W^O80 ziOzW|DhkZ#ts-_7qKKEBzkx9vFPkTUzX`I;Ouj1Ca`{c_Cud)Ai-pp+cK4meB?46p z05gSsR5WFuBA7&wFX1n^%|%%2JMsT!3#c``7l|PJN#VE7;JaZ=XD62>ai|G$!S63n%47kv|0um{ zxaoJr2E^p+%P_sZl%*CM5ru4w&T4-{g~nhw8gEUEFPi5M2aO>Yn!!0;i>gAt-V9BD zOHaD@65_*%g_VRBwM;<#BtY?@;embnM?*bjnW@B*Q62gi+BTB5VeP)Q+W+G%pDa{U z+s4yV$Tt7kew>wzBPy7Q1?gnSMr}3_$t;0-M)0({QQ*?@acVTp$6Go-f0$FYuz#A% zTRtsD)sQ(&ZcAEcNnY1Thr31gs`anxuThZXPd+*cnx#XjpRUJSABWnVpH`$1C#D5I zBCF>n)^ttB&Q143-_Ck^-Yd<+0F2i6@K4E4lVqk=9ZwWD+BI)LE!aKyLuO0;;OZcp zG>e^n0wj--=;&q~CJgXY<%PB>IdEmw_jOXnh-BTrUVfmv^VI*)U!hkVp&LLJXsv+< zl9=aDQ|wD|sG_UOI=yqdH=I>m5tCgzPS+rdH8snyp8z=P@tpB4=jD4bJ@#Qq+Q@-= zRuhTy;yl;o!$M2)W2WK32B_m_1?grCBj6K0R6-NPf||%lkM&u4A7R^%@DMpV>v{@8jsdSzV1>`^p|k|V z=41cQ#oqG0W?liwrM)abRim+3z)1^_Y{j0bfCMG1vaYFq*hNe%Nr4M%thveckoXYV zNQMy?RYYUlwN~^qsM~OKkA3Hd+es{dXS3!b2$76|`g8WNEmeihp zzoh-A=qeJhEh1|taUt*@onB-<>=oF=7uHv~^S64pIqbqx-o$#5r>ClYX9f2pVzIDw6R zX)0~4WzVX!l9h8^EN^c< z9&%&yJ(;kC-F!cW=m&lcw3AyhDd&7F={H9B)c8&PQ5!HIkf_4-NvN!O@cGA} z(t7FWfUfnN?vzd=&~@*vO`hDI-%%QTy};=r&f*>rMQHNteYo0esp0q86hssL?aH$F z@AdcBh8y0OBY^3>H5Hmpd@Qi~;RD!>t6iJIhxHRxw1^le53mvQJWngkPt|RPELlf$ z&2_WD8t>OzjkGokgR||_kJF8Hu9rLdl}ZAK_~}s1xg3$zo1bWE`l! z9zvB&=4dQJm#M0WHq5e$QRUfPeh}5V#TIp>=uER>9tDRsF` zh_IC3y%*8wcER#@QAepPkk~Yck9CDK?5cRJr#qqRJ}I|O9A!zQymZe=DIJ=b!ZhaF zDHeMqBLK{+0|vzP1(0nsp?x7cWr9(NQP6*eMTVNt+Y?(SF7IkZc-#;~N$i=CjlWnt z8!RD+Ha2lvHk=o*2gcZ3!YRUOlo88d{IHsb1*d zB3}USRi=gm9Pqu$#O7eVL2-xjGtxkQ(14+814^qeEC)#x)`n>XYh^{B+?jodcVZYs&a!I|*^GDyS!zs3*^DU|y9CXB zq0B-hS^q>oz$CzOQc0D&py`0m0~<&ZuJRcK*zpok0H!2CoV`lWKhq^66K#ah2t-i! z@B9YePa;!c!9#3?ZZ#KkO8G@Zk5~!~7>T#hV)WzHGV`74(`RT|uK>1@iNPMg3cgtU z53&FO_oWDLC{zANUhH+)DL+ZbFI(tl!{nA9r>GyolCm)-BTKhRuND{l%RE6FkVoKz zz@_bYKelN(ZxMm*Z20X?sWJT=3;Y|7d!>^o{v;IFBKK0=Fs==|WAMopBU!xcFv4A@ zP1q2-p#)vV845)R-tS^`jVkK0$@BXmCX0K2J$>?zH@q`^~}@CacXz$r$?T#keJ%c)>qo0l;H4%X|F*_X!c>C<;kM7?s^!aP0A z;i4KpDOggD9H~C!cFI;6t#&QBQr=4!sth$3#V_}^kcb52DCw08KsVr{>0w70uwvNz z?IQdv8!WkXX5>54pVLkbl|732W@wrlT7FI6v512LQ?=J`G#LpA2&xK>b+a0kA{^qc z7{7{Ik}~Q5a`N;0Z)%(>)Ie8JR|isj!t95|zRK?{Y2M6+ivQIth`Wx{t&7PQ@j1NB zO?4T$?BpH{73aHqPBxB>iH(hg1lyx;zWDSvMy`-L{PQ?If$H1S-^rHMrh8;^^A+hM zImuk6AhtP??epQq*%-D5*TKdU!J7p0@gh_7M{x!wUPmQEZ53GKSO-am43pV|MmVnI zwC?NnxoA)SxEbdr`nY+?ncAZIYFBNf0CtYR338Abnja4z{}Hjhi~oc`c~ zg1rc{Cs?P_OJgyzLY=Ciq`4MTjk$2{HOszjqt#@}TV0ncxI5o#MOs%P^-|E43T-R? z(g9*a^o7~jRY+GT^zQ=*ch&Cr}J?xp!HLJxhWV-UKU||8UD_YQC$RS8+)Bne$Vq-JtfqU?i~-2f(Cv z!MkzfD$LT_ZS%|d(yR7RWsSD;tE=Zmo@N>s^Uw>cauaAy%YOD1GbAqOzt-&QXo!C> z9BFBk9=2xCw1GEw|2lF#@hfKYK30&aNC5Vp6N@W{tP&y{N!I$k54#7+TGn5_-80SDUiRGEakv2YeTtUQln+@crx`G z2Iy$H@*3$|=37(#6s@jZkq=Z?wi(bi!w$7*fFf#N zA%ek0po6hN4eJjPei6|d$b$${<}f)*5Ucj}gAcvMwBl^^+`wSRqjtAS^|ar#Yb(IV zRy}8TpUPWKdl}pSZ^oxa--;)g>$MJDTs73wg^GTTxyN31|M4{Tk`4L`F*)q&M~(UR zp|EATx!zZv;tl=@Q|(vWWpeEo(zyWG8zNot3ex{W+gkv|v99aFgS!Wpkl^kT+#xsw zcXta;AY_mPm*5gyf(Hri?(PuW3GU9{khRX<>zsXV-TJF8UqMy(bXPJnH8tP!KGsg` zJSFme=2ITC4Df7Mq5gi%wuLo_px&9~~^&4Ah- zDfGF{&A_Jp>$9K6&_9W0C@ijJnAnC-IvEO#`hFF-#FrY6OqGn;>}85*+$ZqRv0_tnCA)U&?iz@@Yl3&*vsZD`&1bBd;PY3aM`s-3S6$J7DduW>Te zp&L5~!f)xhOG7%`$OQ_0WayV}6mW+VF20?@pXk!2{}!6IJgV#ZzQ-eIC>+TpO+`%j zv7;;>kw^aPRk-sv*b;}c>5=ziZzP45e456WE5md(il*!{oZ24s4-A^1Wms=mJJtD>uSJ)yP*-OV?zCh`XDiu zBdW$vd##C1%R|iha5-!7*gV{I-<*aPkY9K&SPE}Z5%0T0;3K8tWC2rwX1k?aTAtAo zv4Wf=d^6%&f=@?`oK8Hz|1*WIuK*R!)uzyAGg1Jk>Fc0HLmDC3B$-R-G(lSn57Wnt zkr=u|ukIOJ2s3<(PLD9AQ%Y_jK@bNW8`2&{`g2sqH!2Y#4l*Cha$7lljI5)Q4#nW} zu-T6zAGQu$m}<+<3RpwvOYU3nL>#Gl^N7_hILfxzGi~^5C?b>90^gWX(-DEC0<`t>SpnX`k0_1AO}KoMI(f z9&k$@VjggdYDKoPN~gNEhk`)8C0|Tju0Z5Sz)IE;D%Vt2mBRT}0xqv*=Y%$Onx}^x972Q~ zEMQEZ1)L4D%9iPx>9cPz(q|_}_Ao|le8@-WM{EutlLn)#W)41qD*z)8_boX38(1U6 z39ch42ekw7dGRnocGPhi@xvN1L_!SE zLB)U8>1$B2wcnIFs2JE<0Ox9v(m7-bGQQJ7G~`ZKwf}CYuWY;iEmYcB3*|eg4Cf2; zyi#x>e02$1QNadCHgPKN(0pP1<$l;oYJ7ggrdDHse^FQmHj?r8F_Ovg zF-jIK^9(-ZfV39TxkFkJzQev=unPmIki(zH14t-7-62_i@A37}hXP53`*XNr@cXzB zS8q^p0NzN#q&>q&F`Q?&+DoncB{%@`NiYQq&cu4CpyByD z#mjDwyP2FLo2El6EK}J!ZyI@5i*3yHUAiY>jHbLrG?zR=zPhD>-8Q^dl^?~2y7$NfU0zbuQm>}#kTK9Uk4Yp^{}2z;SuV42X^pV#Lelo+ zp`W6S*v>!6jt+l;tLLML7kSE!v}@_)x|=K?ae2Lx*f*C(m>|hAgf~!c=d$HuE9%~B zFJTxZP|29nX~ejaeZvY;qf6<^u!>}@%RRa9xpAFVUEo()+%K?ynP6p!{Sl8Ji0k6# zO}aC0q9^kmzAXMHdRI-bB%(VcNjTNlol$%^%Fge;y1sLkSd*Ge`(z>w3yAQC&qakt z6v#;oHyS@1_QU58&ybSc?OK?)*^cjC)YZ6699}YoqlO=~ZjTTxt6xi&u!d1rvHtp( z5gu0E@4o?jTI&A|;2-}~s$}g~yTz#wU;PJdvRF2|Ps0EEV(=himc#Qt%iQcR@6)eO z|I-tHKL5uPuMsvwozy>~kND(?AO1gpdx2^I+|RD1z=O5MU-B@9OJs(J;1hopG8rt6 z<)~(3%?#~p)vGH0|EsMMB!39J{-&M!`%7r>{E$DlU4N1Rqi^`Kzq5|4CRHuVr7nYI z!{Ohus)M!GV-IpyM!6#dh0N$_>Q^)q0-XX)>8RK-(EAoI6#VB7Eh(46v5PN6r1PPm zC=N5p{1e0UpgS60^CiJDQ}tZU|IWLt8jQ1~Ex4n#f^Jn#a1Nk5Iy=1|&`hGS%;6K26Xfh*N z{k*{oYG|Z0#yN|=}j(~>jZ!Ps=mnLx+YC)hP%h$)V4_<>FaeOThYV7nFn;({@ zVd>BfC|XB{eRM)e;UaFB66IsWc`PbIU8C3O}&0;fCyR+s;nL zTgvc$Gcq$EN|(i=JHj-A2P_Roh%nQ)9R6KIyUGS-#O7r+7@(m1Y@ZGl+(?alX5g1S zQsZ+rMkHRJlv{sibz~La#pycdaAzl{raZ$=~c$Q-b!*X&!a}dLb&C zktF&`aQC`Bim0;|v^04WF7Yc7CgOY3O{sg2u9iiuC8eya5Q<74Hb6__Wt}HI|tNiVKtvd-|!FyE)|B@t`d4Lyy%N?5VEYC@`>LZ5n>q&_*hWzGG0SvZ6&GvBxy zxx--!ya_pf6v{sHrN6V4vq5j(Vb&6=?mdZY`ydBOyylmP7FHe7+Uqz&cw?;>Hd1)+ zD3B%`*AmuWG4*qNN{j!UPmSN&^J3on$(64CQsC#%&`9-CYR$o0#h?W*dgzs+AvncrQ+u)m^eEXu?*&UvR9loWn8$SGq_Gii(!Qg>X78ml2-c0|Cr z)$cyNS&drqXwvn)3;%n#pUq*C>X;)<{aqq21zeBGYAq%0_y2e+J=*BR;bHzQwc1{oh_VUcJnQ)wi z?d!O+e5TdcO{wZH>tvrUOsv>+N&KE>ygCHQ7AgUNy#D%4mw1-}=9l~nmV1eJc9*dQ z7?#$DwEN);Z+N^WDelR}r~;;rVGfdK_yl%e5+kGbZeL}(F}t~bJDhz+yd1;LLy5bO zOgA(r6H@K$>w}ixy4a;fAC^5Yes8sBh!cG`8$K_r>>S+vsleMUtk3Xbm?K;M_V-Yo zwlXOo12C=5hD*GD75EPJd(U_)E#C>dwfmM|TfsVg^+C1oS+wL$@k1$I-iNHH{P)DF z%@-@nmP2&Dlol$ii?(yyr`v<08LMH^l+<{h=@3>VA5@@)dDAZ^N6gWN#(sO*47Q-V#S4L zgvFVfW$Nwdhl^o(^NQ*jU$O`9AEDCrFMYv{-D^kE{!X1b+qS@7Ui@zL%VZG)hrwk` zz(ML*$J`eb6}9GLS8z9UW6gnkPurCL-rSe@(zM{sIXuxa755~IX=u?hc>?541v}~? zv|9r@HL5X1?e~fKSJ(-`z!+pn1zEd*91?|20}Ubo#uFQ?&=$ zg2Z*Xuifbm!R?53FaUn0y^tCuu32ZG&@Nj1_>UYd+eqBy4hu`+^bF&Y%8|`E3LUB} z&=SlJKgP312e6~$-ODXL*x8Z^r`R5vX}$be(P>^~6v2yUT;-fxFGpgmVvD9VyUIp4 z+izD{910gwc^R1gEm67gL$GVA_WC6emKK4B#33rAREa$o%DoZ)9V{3Zgl zlml6Z>YM`mL-$i($te~Nv`3cnSlOr~QF4Cz+KZq=scy?v$O{hVZ_Yy)BW~%3?C$ut zJU2sk*?vPcxEVCg=}#X=AvvANCj4l$vuB_!ilVdl5c3g!ig34Mx@i#|0qr_f*H+L& z!!57TV8O6bl3>x?aKX?pPOah~(ve<@F*q9IDGcpZL@i}_bA&=QQ`qj^l8(c}Gm;#> z7i4;s=j0bpgu?;#)naP|b@S!iP-lQ?yU$B30(So$(fL}QQfDD>T^GFguQ<(=e742DQUxOqZim#PpYzcaCXMxr+9c!v{Rlc`{$# ztExjSQXKtWSom}Zqz-;M^sKtOUAn!MmX4L(yqyu&SIwHWEG@3cv?@&Jd}}^X_T%2H zMFsGwB-~8>z}YJ|l!b{bh=!GdkxIdWkkUoTwz}j10Y@-WVNBo&`uyC_?;&#Rm~y7( z8bQneBm?Jb?t=6Gtkc)veCu|Vlse=DL|`T901qmMX`4cRt84sr17>Iks{yd@Cjk3? zB0etw_Wi8m)Zzze0kBUCMhk#_g#hd;3_*h^#`%6s{!`07O%F7+`U|4eEFTIG89c3_ z5Kw6eipDLd2mpRXprTqNFaZ3@cwHfC>;!8BmLrkVr-3^ffjb%@pBHdPV@a5vOAqJ_ z5m-q&LO(Q>2N(44j$Ce!&kZFfAX;&@P~kach~aU7{VDsz4 zO*Y8)gw5k!Y)tIXBmjQsGIbaJPv)4f&*qrjyn2c73U&i}z#PN!#~jn=s5sbPpdHBr zV=S@}qsVNevK_c1W*9T}W93?@Vm$N_1~K^9Q|ik03^fg~1^`iLDE+WhSyK44B#6(V zI42`9PVue(?vK$ZR8p}*IZqPSm64dUL;Pvy$J&ozd(uUdaYl}8y^o{VtS}Y7iX3n%T)pMWN=A!XbG2-c|qjj7WQk}FaB+ObcCI3M(I)yVl`ok@ zH^HBLg1pDqfM|Nu`(g|Ij!YU-cr1=yiJ;-FEQ%0%0{${r0=|yS?XpOF@0qC?CC31p zyvjTzkf!$Xaw4L>WOpa%#8Umf#=Ib3)qROuO<;fSba$h=vkb6yZ;J05@~gS+t1NK1 zL`2-~cGI?pzt8oWW5aE(i&T0z%Ql>Je>^a=`8y8f7UlM>wh zw*qA6tF8*ahE-+}k2@ni!B(p8-J7#c{Uj+*KUkslGgY_z{jb%yen5mN;Nu0Mc#Zr0 zp^e9Pu&7b!h}f(}-22b*ut~n#{CbN{`fs2z_Al1>(+Y{l=4|$p3~&1hPkskNpr_df zuRqlS{aDUZwv)U85vq+L0-;T8{^ZvXat%NhTTQH`SXhrI z-2*YuKQne}5=Jo)#JVhtL&q6=16gTfo7Ri{Wd5612m2=IRm8kM*-DOJFapX*AP;mH zH5&9P^t{FTn{YSLS-dwfx@f3lXhDKTWn2H7)0>3eOI?N}(S>rRPT;D_PitI*OCYRg zvDfcMN0c8dlcG_(&_2@M8r`m<@Y|8_pB^F;-r{UGt_>?zOqDStgqiEQ&qf_Xp+d$9NRr*)Kjo`&JmssQ z<0GRU97G-o7) zxiOP#EjemH2^Ew(4kSNY@JXAIK8)ne-JxgSWoU$ZqrGkdoH@5V^9}1=?~E6VO4-Ob z!$POZc}X5WVzk><_no{!?Fi%*>wo*xJnm2#UWL#`m`XMvfdYUhssu1Qf39&>)%yA{aUw0TS zKP-AD@5Ew-FZOxjK|E$2O{sDd2AmfbkY~E2g_b29KOVc+oGlPL{VDeFol<6N4|4s- zt0RDsI{!VjL2+~3?eiPeSNgw5sf7WBJXHOq#-)pt7-? zB9r9sGn?ef>ZqM3Qfg)^2Qxi_#T{lN>1#KYCKItvv)LDgFd2DbxYTysl^p`d*d8>}Strfur0$MimwXVz5lnr4RHB>)z^-7T_62|VOWAhi26h)sDMT#E` z%&9fZFWbCiV&`DI-F1A4nE>u1~K;P>Q1U#^?F zz0}Lsz`hW!{j~gn3$(MsE$Vmr8B|A2SHVsLzJc?FM;~B+NF%gX=%}_-G{oTX^~>b9 zR(O%6Zip8`y2o)%S2VES;2*3oW&ZM>b`12^qx?lNeL@`U?Hcs^czz|U`v(mn8r17A z>eZRFRs15FGWv~I7D9N=N-6hWs(w&Jck115ALXvSLeh?IlTEdlj${-Q=Yp@7KA#rL zgPBp4M434sEwk3!hw@V88dC%k4D?o%A71zEOa4H|Ym}{#*~W&nfMMa+%r>4Te|e3NyEDyos+25LdlnZh3wm?zt0k;NA9%|JI$R1k-)tG+U9uv; zBX9f~3%i;v(|ajqL@KX!DV>7=B7Qizu+4erik_m2lkzf&iic3s1~a3U`joGS08}<> zTIK;`l;x%AGt&S#(WK;9fPZB$f|R2#9;mC1#OyK2^1wGK&+n9q>@{nWk-PY+pBQq7 z+Udu|noT=YpD^(9rL7+Z+K}W#iAFJHT-?m0^w+`!^IY=)NwR zg*2mcIq-{v$8OhTUI5$xa%NI&ft3lFm|PRaeswgE%1tygAO4KF55Gl$u4s`rzl5h# z3}(wFfRfMOr|%syFAfhB*#dhWvZp-{b+Ip3beNseN1yJfS>I1N_Y5W{Duh!6U-HyE z#)IxUjMany7l7_BnDZzE$XxY--{_^QVP2H_^pKc@=!`kXMg-bSLW^pz?41yH)vxL+Al>8cB9&oO)Q2EYfdV*izpzvj(*IFps z#&~M&)#T^UlkZfgF?fedx&yX*@A8f#Y?vZ=w%eTU717UR9PhCCZ)YnIc)ZqTh4sww zGGt9mh>|I*QX}>XM<*vW9}C>VC9}4M>le1N?cIuv>GU_=!3r2TEuAg@@eMfNK=-L( z|5M`T9uA$t(oHtt&<)hk^tJy&ea?fe^(Of_7CoN6;pqxYz~xtXWyjeSZa-cFc{Hbw zByI|I<_lB{O|$$g^_%Y>&w@O>#&`w1eFwVno?~HIUfz{-Mp#P)kyo7Vx6-x2cl*vz zYn6>~$*|qY-L;Fs3*rH`;-#NYw&KEn*^2iE6fOEsvpD$|gIwu~XVHjpB|T&Q8i9vS z_2KPDg;HlJC(11H)SRK8LIc4vVF;Pe%@z6?X?Q0!a@?4DH(3cIps+mAk-!rnQu)#_ ziPSZBu9&c|qO<4Ar1z0mWH_F79wmgVw068$t2GSPzP0c?zF1@LSxi&bTie_!O|0^P zT-a&2C09jj0=lN}7@B*{DG8<{%P`W&n0X(4K6;501Ej&+*EspWxgQo1OW|C~`#EuA zXIj)AxWumpY@G4XFR@m>COt*d95THIl(r1xiq2cJnDB!p`o@nf6p)h41`c3F*GMiQH#Zrk zKgu>X;>l+V!`4r&v$`7W*}v*4h<`SrB0DF5KhMlnvM28=ZF4*NMWhOdc17s`(l%(6 zgwOJxC(RQd34ushHdZZ(JF|fVs%%phJfdGfB<#nQl6M=TjvS-7Vu^AILiaVQ2ynhW zItI~+pR_XGYBJcpDo`&R0zD_fHl+4HxrsC6)Wb8&WVwV<`(*adbC$Mqcc(k_mxEmF|A@FXBk?^A}H2m*pwHIEOq&Zjcjs}bl-@s2#R zE9@W1s7wWC@h`(~x2R%?3b7!5I4%?IJkIthjt){q-xr*{X)0R9V2>wPm1$~A;Qp?+ znCC9-&HZVS%~1Me!`n{9;q8DQllEYe`|+rI(*5x$w@8z@?3Rd%T!+$(QGk$3+ea_&AcVR#s60iD7mRS}?-0m;hVWg_D)mExs+GWUWsB_j zA=YKJc}NxQ1kKK&+L_~R>qV8;gqlyY3sW8`-Ziwxm(Kij99OGvFcYN{>fbL+3Oe8C z$bH;pvagEZnByjEmLn})i5&faIZ(Xt^O#Xh`6l#(!4mZW@eEh_)U?4;&yrawae4zL zMFO{Uerrb=23CODl3z+zt!p?do20#{8S0UawgqHK6RfDDG?cnN9f9T0aKN+L$+u?kQ5NWCu7YutkL*xVX;pCtFJ~*9#yy zIc{;UC#a(P&T6QV%-Yb$>R=UrGvJ(3@|(RH9qghgAffLbtR#xZ4|kd3VJ5P#Ucnpt zL60SJ6KiB8)tpH~$IhiLCa>AaAI3g=Zc(&pW)Spsk}L#?+>nN12`k9b05dL38d!@-?KNcSH%nret&|CdSW~`q; zqq99m(eQ&XRg};jxe37bb`v`=?8Fqt=oAQeBIW2@_k7JE=sQ8J4|{zgq(-Vw;_Kzn z879=!&{?i}ed5X}W)^^1&CaW|i0DTJCadCCU!0o^loy@o4dUvKZTaLG1F|>0v9P>{ zgq?lJc8{nZ*7WI8e$TL7h?3i+&BS|RV2T{r^ufmnN5>sHC~uU=O@&8f4)LJ0ltWWf z-fS%%`Vq(uKRpMV>P?Na^qnN4XH^ov76$Y-bM_XEveHy2}JQS#v&~ zM^8zCk^xHCSEj*|4+UgWuJ8YdX3*uE7go+916&dv;@ftTBOkv4b3{}Iw%2xi-u&ww zug|c8iVKb_sou=*eo_&-7EE+GUs4EYSCPBFp#Rbi&@t4pS%Yt4A~*26f>mLWT|^wrGIM`c1`| z)krvMRY2h|MD;jCw~U6&pmK44kclb`*am?GG^=a{DhHY1N`ZPxV0r}LNVSC!ggEIy zCJ;T0@z`nIHyU=)5WQ+vu#q-lSeo?kClb_e5-UfO6DC2!Ls*chs@N?R6dho5nS6+0 z$W&cY2)=q8K2KElDlq1ejT-3b9AlwC0*nw6*tHSN$)AZ0whV!X7%xCHn8P$``I!S) zry<4}BSC;mI(PCNC=W(41T+Dery9pWJT~_$ga>J+N|_C8`_fw@gwZ$-3e2kj4^meJ zEytllwJ_wsf{{ROKG2|p51{z<$#?NRAjz47Zwz0p6{T7&xIuh_=ne^YP7 zvzI@)S}Vh~*d0MKekm~5^b}oB#Z+?)&L`Kbz6HD zd6iqIzov4raQa>Un#z6Q`m@ueOa5!8i`)F)cDgYE|2~ylAN_Ltu+T{~BmebLkku>f zUmM*Wpa^L2n;M&l2anaaRG|3ifo3Nf>o-s)CuftIa-rb4MP=gb>hh~!{W=C8(rE4G z-*>p2FaEj1rNqW`?jnj{ZYL&$i>5@^h2Y@DbPX4?yT)Fanexj6anh{P_3sg9_M6U@$iW4Ca21{Ta*| z{ymtpEe@T39?W6a{J$N{3Az1iFt@}1G?+79@8Ao58qDE|{o7!U-RbYaoX7KEt}W{y zgSi6YC(~|opnvsKfX--&xy;!oUSKRYti5Hm`;)7;s1l)F9knbzl`73WF+cJUt8M2D zbjxmO4;FAiE1{`?+inBe54^+fp@8-SL*G`2BwH&up!#6vuj+%`yg7*0UrBf0)I#)d zt6viyy)iZN5B=dcHSObrinWfeof2##8T@T$a9M zVcds4d2~qt_pBw*as>C3n)9+0FmNR4$eqC`nPE{X3fiec`Wuj{&zRh#saYtig=h!v zP8P5UNlf?X;W2HW00s_6uW^oS3!&&%v2jZ}4_$T=iVE~k7Am&h@X91K8gam6?%`=N z$2*_0-lgK?s%Tg(ZbPt?RPX-F2yk%(M<-o{UhBHLrnXmLuIjnVIt(k-?B(f1pLD-s zL$5CV&Q;@9(SQQG)bZt-(h9z11)T`Bb%mK`*&%@=){XnFCsT5uqL+DI@vW25rXP2L z2bq>PH!>6-<#V1~^g4?lsdE5^TAsCcsNMs^$&BH}QP1U``TMl4Ur6^Eq7tjjx-}7s zH-bBB=QdL(%(tzVd%|W|=XRNB%VGyuRu^^`<=X*gkJnq}Sfdf6%_mM~sIf2cYg9IO z_o`(!I+HKAKaz7TbH7o5505T5=?RYxJ3oV(eoM?zBQH?*I~y4D`5QPXx#Po6`#^wJ z=26-zVPAk&!r)e(#(bY;BF>-3d||Lxy4M2O6a=9IrSk!3fC50T*-lq4^W`U^ngh~2 zf5MM{L;&N1cm8vnhMizgu?cQ0iVXHZ%w&0{3(eQ^;AA{H-9G869jW0eO;5T+l4OmE zFn$+Wh#NdVb;S~V4==OJvDR~Iv#W`k^@;b9`wJ?pj$*M(PTxC>naPIB^7y<(K3$h! zCO^pla{9jI77dGB7K|u;ERpE3K!xPXExHqVfPb4lSemQ~{eIT;y$8Z-rdOh}&d4+= z^Jic?!;CwKl>q&!NATr4n}@f$h}KV2J+aMlkJqPH*0S{UrEO1RKbsfD*FI z$l}>4j{X9cI#e@7)=;HwJY|_^SwZKV_w;u=~;e+N5BB^_1%7FpiE2Y6+8CKD4#`pZ*biypAYlcD{ zN4shhu-lRql+7QGM*~R|aU z-_{0ZQGW)7j#0`d{9hAbDXC`jI)u(@fOpme_9S{+ua^2vWM;O%mqK=~4~;Zu`Iu1L z^QCw_%9)-NCNw_u6p=aP)08GOmUTrUaZzoIKI-#!A1e1173UbUsop{_3&^6`G$z|L zZs1D`dDt^^Amkw_;=WHI?vsait~$X>QU-a;;`_s&)M0@e{u4GS-#w~fmzas9ZIGQ!bGtr zwiUOdMhpSouW&Nb;6DT<68F>BSikss7({3U zLP##OelENd&Ll4ec+IxqB42eDlA2){;k+_qnWpTZ=hRhuWmZ-yQy8Jihb(dlknlY# z0~E0s@7Iohzlwm6+Y2FB;@8+cy-tIPpZFw5j5^+av6TAJWa)K82F0UFto^Q*?z_i# z+sQX+!9)3M(-VysatnQU;tc8`(54`5C~c;x*#o>z>AtxLAGRZoqw}I6SGaN2chfC1 zEi*DMRlMmXacxz`GE_%gN0&uIT1G9L*)=|`KCSV)CdhidP0dTf;rYhP!)5;a)BASl z`|zXT^Elt&M#F(u+|}#MqT9q2EF|edhJxZu-xzYQA__VVnI~?BcPnGUI#9k_ty=0t zrD{nA9XMRx9JHPBVEo{P8C`+Afb}_u7tm=&jU*)H5<2jOjI0Msh#atif5F6nY9SoA z5QPqkXdDz^22c__84~K%N{B!UosCc0ZuTlW)DlK_!||SQ92UyR72m7$_o@)= zdLqac4KV~G-08VV8!&LQ38q3uOSggPbx_r8DNAQ!Rw&jXvj!DYsB(?NJ==_rd-9Nn@c6g zE5-w2@L`b)XbIE=;RSW2M-Fk+$Z}MSA^GRbcbFEpsTVpv5Zi&cL;&Uln%{|YQU!s3N@E&ZCnL+L4?^Ks1Si_lh8rHb0P(v zlMwKnzzuJ}cS3(F0Vn_^K<51LBemU{+noEKiTJ*Om^Q^9;ddGhTa5jSj&ovqYC2NRK90!COC7cuL_0AcFOvJ{C& zTpPtuL6J85EVrv)PC*HgrBV!p-$FA770YOux$&c=An?THvSpnA_ksAA#29--*9BP9 zIIOvK-tQgTil1Ab>YK9@V-T=(Dg;nt?uoky6Wfu^l{inr6;Dpgt=9)lhP71mm&;75 zmh~+^AtmxneyRNOsz7zo`L*D20yg?*2oGF0;YKZA@DBEAE;M}wnvFyM07@R5K1eM%IkCJ@aAiq%J!nVVjIM8)EWVz6*l_AufS@E)#EsvbJUz7B(#x zAQ*qIa9{JgAT^ab&2=)uGdD@g)Q&4WR-yi)q3OoYMtyOqG{(Ss* zp5JrxZS^g5Vg$=`io21(m2L=-;*J?)x;5{o{>K#lQ!T?@+Waax!2!tPMCKt5x1Ten zrCd?PL$~vgMW=jfh%k#=0lL%->Yf=n0Z(`d zTGM{|6#JB~0$I7+m=fh1T46t2>Nn*7&hwwS{0%2^p5R0se#SrG1mbfBP;=mV&Hn|Q zu#Emc!wH|TCphutA8?}L{{$zbFw=w>2F;!#f5b4hci2o~`hxx=oVbJr;DpB!?!OWJ zhW}3V`(w2Vl{6tx@%>MtfA5*-SNu*VGde@L7W_BSPf7k4(Z8qMq;XForgNEt?e?)M zs2AnOrgK@_Q0R<`*taHU(kD}RaK*0~qz&Co-DtmIOeOt4aDui#hxHULm#w9`^zj)^ zn8GUj{^Fr!4c{_KKvaA=I9eBor+OM0RY%E5i%z_WwagvZ? z0#5{;!5d2Iy@1uqjc7yz5BW+J4_eEbNNjYa+vsPzBu+Q)3zx#Tuh1=r$GPDrL_!36 zBj%#GgW%|PLVq*t8IaT`W*^Dz?$7B&F?T~d-DbUysXAZH`pURz+m9wlFrFz|UVC60 zM{`ht;?o;va;&w~kYCay>9hU4Zd3u+elhEER2hLq{?s3REt@uiXl-I9ohZ<8Oi46m zJWKM;&KVy$iDk)~h5-W9H$oxQ)k_2={JkJ+_qFlxn2*-{70Jkqy2ZVZf1??L|Ac1# zmNfqxnwfHakmxtBGWi~U_U%cwfM5P3TWGK9dzcC`bVqr2 z>$0bM`iy7LC;to2yq9>wGvpeiWW(?C&k%*5@XU8LcIan3^Xm!EFc&#L;~5yfxEd7} z7L!U>MK#*QrVCLuJ>Mc~eNHO6<_UfSxcB)&i(>Ed*O?$zF+-4U2%vK#y%eAUECU%0 zvbx?f4jvTz{pJDOqe5z*+2ggu_toQ$gAxZv!;l@=@-YgsE9h{RwNV>cAkpntx2T-! zEYvjoUxfAI`&Qmh+$Qr_Ql+|ZmmNZ%)~wZ1gh}`gW=ONPSc)u>X za~8vgM=~9=AGOEfG+8B6_0o+-Hiw{*Zitvw-KkmJ(|o$^%@1vKf{lLG42U;073<794_mzRDQyQ8`F!<*Ar)AafTh(1&TQE^eIZT2W4ujKXr1R@LU+>xMw#q6-4CLP(!#=E--`?wj z#S(R{3Ma^{;KEKp@sQy_w2{oJaCud>L&^BTc6zcAWwqv2IN@qdH01kVnlk9!#a`N+ z^tfelqRr?bBMQ)s9RuN}I9|@dJ#Gu}#kIln^{RuYjqZrP#FHx3v)Vy9j9wJvuzwV3= ztFSn}W>xPcYnR)H;rqo*$Yfy5ek8t$H=BXl%|f}GqCXovi0_NMC| z93059$g&Ncqob8C%80ceeBv)tQY5u&0x*G7%T?2HsnL?4VSU+Pc!tPPa-Kb z&g1waDm4P=YWL$=-Xegmzv>uK>ja%mEX4?EtD|@Ll$uOr! zcFxnf!25YD+O>=5cFrF5S21lwXubZ;q>f!RGCAb#loHe~>_npwWS%EO-Yv4C8w5qV zozOxpWFD_IVuK`vE7YDI?p{eOKB9x$`$LeMc`?)h>@SoWLWj%O2+Id@D+gQPdH_ke zK^+WXw=8JB!$0Us>vEVwDXss>0A83hymU*0?>6>jR1Qj7ISh0g6JzkB$0AKX@emQ( zD1gjs@W)g1py5b&6xu){2lq|;_6kzv3kyA z0&}PPi??M-^EbE|;uF*Z>|LW26x21fw9vkb61tq^_y$b!{JgPk^nXjy(brh;L90%yZ;ibUyGT|;dEIFkl<1NTJ~ zA}#~qtOWpP;BJTr;64(4G?GII5&)d>p}GU$ECK*$*lVC3h)6*aQuS|PP?YLekd*4! zE$aXY)eDeN(OhuRFR7cRpR>1q_`@BmJKtWv?6kd;Cme1ZL3eK`A`Z2v?!d<&x2Qd1 zGyQTB=3CR`2V=TM5oW{9jxJrCg%d{PI3e^=SU@JI>?w!K^^hsnDphSzco!!WAy!7j zrz?*%a7V;2X4Rwpl&ore`_UIA_(`txFP(P2sb93xPkdT67+5M}Od3#DUXXLp(8m$X z3?pu&TteQVAHB$yuowYtA7Jh``yVj(;rcHyr{wuhFxQu7`%f@u z_6+8hq{0{;dt?dz4a{vw413F~0>a#PRj?lWhW;mF3oXOL66(1h7x}5;-X8UCpJgxo zCb@ijIkEe4E!rzqA(4YpU?qX%*K;9ul6=~p;>tg=Q;mpT|6Pdvp1Jmfx!O;ydSTz~ zwfF)0=u@r2%0C3#o@SRbeBNXG$qQH&)+Cn-X$jqp-j90-tS?t?)BZsWbxi(?82Y*> zxkUaXf7<%rL{{{@QM2|dJxf4BdY zlR1UNAdT`6|33+!>h}OBw~zJ=}fKx8kKjq(Y5`}G>KSg_ee2VsZ7i{3*;1=M22~jT} zd$47d$rQ+%%FJ4}eg|$<%39g99S#NJW=mhh@`Fnwb6(dQs6w$%^ z2HlD*M;zM|ju>O2@OY(d%)}7E?|zFM{d~GQeafq>V|Q=e5G*%S&W1H;CX3DqPOaPg zSk+-tjC&H^-G*I)(k$~aoxQ_pIGN(V!F{Nxo4KSRY!0y{u46ZN(-+I#nJvL=nH+ra zb<7|yO+1E+z_l_P&5i9XZ_nDk?L8{VZ(jG|>l?2i81HDFd#le5v+A=acw}n5475tc zZe{0H{?}ei=wt;IXB)lVM+s8IZ1Mv?Dml3G$4asbMvK1nP0#3usjFM1BN2Z`)Xs)I zPUBrteSKNpHQgc^R8cuKJ=c9V7o?jfqxKoYg$Q5r^#+9&vF8HW#J+%_$imjv=db_ii?b!cc9cv=M*_=0qhFYQ(7CRrZzYZQ+s=(&SKk+Sj< zxhNdn)Tf31m{0!E0(MopU1MBt8o_vhhx|f@uX;Po{0EsSt3mm!It1lAB`8W!aPI|D z^f^Q{aERSv0`3Jx??^#JGZ>U>?ve|c)dvkQj^V?)bLxXqA^4K1pxj}P_EwH$0+IHyqa(L%GZJXZchguJfhqZwzE1B?==i&+9;3!5-PBA}FAA7MXhgMSRY>wG8nL{ zLWEY`U)Er6#D2pk8$0TIY7 zLkAqEt`{HTg9LYB_L(!c1*$8i1w3Hz^2s$(LiynE5SSfnVZdKM$AHMT-nt@4^o{3A zibd~?ld(rMg5)5RLPt!zL|_vf6VaJ-3P8E^uj1yLFykaZ)LdNOTt?T&-f@!+g$?ns ze8V`zubK8HOZODI1RvniT%s?yRmxY$`CMWVz}pX$@!pYj$SMX9CGDS{lBvL4&Kp9i zJ|*L#eqphj$wpX)f0NxCo^JrBk=f8pOuC`q?9E6?ZR${pFo5MNCj@BZC`Y8=>pQ;> zFsB+|g9?Q(C^TT=q-#}$LN;1xL23}Ci1dmF8L9?c!*?GQD0fzj@K3BuRy5F7?OAIs z`E@%!PU)FKKQ5zGxOUm|dCPIj))pvl&_uwMO%*l&Qm7v!9G0*rqku{!L=-6<%R_Xx zi$V9>l0Z1m4X7vy18Rer5eHO1@MVDy(9uI74gNpc-ZH4p2Hn!$xCVE32<~pd-GY12 z;O;I7?(XjHuECw)7TjHe%eTqfefsTldghz?F+WljvMW?U?S!?Sd#!b$0rI*@$gv>y zBvTF0iqAe)%g*}`Jb_tO3}+Jvpe>=WZ!-O~jRb@Vd4=^F_qyn-BvXQy`Iq{h2PL|e zS-~P%l90Ua&TYwZTzmWfz13xkL^k^OR?V8*<2y_`UZX1?G8RqT20{h`)keW zU=I-z!Qi$w*03s8h)G8X(lD|V{lHa*t&B!o1jOhj*)$aW3-4VAlBLpG-vzsgDR>Ed z&sa9SmZ6F7jI*sSU>~Bpk;QTa$`Wo7qnb`%tGiL!m~GJ+mzfka7eeHTNCfT>4H)=Z zD23g44}3L{&!!Pfv^F~*e#Fb!7cg*EbpZ9FRg>2*CoDjIC;BvY4bD zfsU}?gm6dGj?*5=mU~I?pdagM8P`W{HTd4Lm-M0sPCNLC5230>*oqo3v zX6?an8~6cVuvw2gU_L-a6VZ88k~m_d=})R544YtK?CK87+5h|6KJ)_HD(0%51iuIj z;RGkZ&X!Z11YD$wdc#&hsC_P(;5#bbAua;xBtQ%_T-zE%--wvJd&n)euzTo8V}0ae zw-7ORvr!QI!U4v+*Nr(_-gpV;21eiP+afAt9sQNIJM8{&%XA9m_v@WgM({n25lB00s34jPvNr zXw)Fc-)D&GN#of)dm!C!I6qm%p9Q*nz8N?NpqfGu>wByCq3)w>RfxSXrrU0_JCnz$ajg&tDmxlWiWw zhRr*$r#y@xDYLi4&f0M=WOLSavirH_3>Rb!EE$TiOQI!6-&@ZelvPjW z0g2V-N5rO-kl=MG=vQ57c;K&&!ya(fs$6hZ#IN2h@p*1^kZpviRkc>li0M^k$5?bWI|(CeMeY2V_qCB39NxYejRxcw|{;Vt1xN_sN8dfpv} zSUo8w0%s{I6NxG%vvuQVAkla=qlx3fUJedpgYpTH> zt&6sj{&fQv{hYM>L&!xLDVlxJp`1)z85&HNraP8BRC|WG;9Igdi#+9!7Yrnb(-KYq zU}FJ26-=M82P-=l+z@~TmMGoAl-=ZR2)O67isJ)3XLb{1e=TnOl-&h)3-|{yFy?@X z$?;FuX|95(XBjju6>beA#zG?QWyxY#$hRHnhuz9XNJ(u<=2M}uXi#iGeSahmK-ep? z>=)lt2ki`91(^g(~o~q1Fgdg9>-_q znSj(lta^0XB=meX9UwJu(c1OO-F;k2vD%R76&gql8joRw4L+{WKXH-IZ436DIV%i~& zn_9V!i}-d6-aK%6Go#_iFtkFwV|6xcS;RGd{-t=Q;M>|L6+0+!Fw4vdGpFotaZ3ND z_c-MeU4l8hX?n4${eLVu>;L+zF6sZfLH4han8J48?S*$aLDPi%gRB-Q%c&n} zsV+}c5|I{TD(EY8`Jo+a(d7aaz@({h^8{BqzXP0*tBWSsoiiBiuU%%-EeuUBe4hhSDK)I$6c znB!&*GJe;PW{9pb-Q&G>&mc8b6NTg`>TegC1=-1g_#IaGKoHmyMM zBlw@k&H;hHj-9l2;;m>vi_8mzRNpx^LSO@-C&D$p1XqpyIb-=E4_nAmnG_t9h#Z2t z-)4~om_9J3ijP-dxT7QDnKy(YNzq2QEAW1lMln?wHT)SRsTnY+c0a`{G`Mz#%+1fm zCA20~oea8rZa?;mapDOx^Kr}*{kE~MQ0U?G-ELRc4HgBS*Un6)SA0U4 z{>yHIiJnB)1MRjM*(5ha3E6y78_Bs-!@c2i1kOa;H24Zu7Tfof70b9R2G}}I+diW%fA4w?_9?X{}; z-VqOMo8MBnRjza--_k8^?==mAxHzHD&Y6L07;yG{M;uUh#Yj{*!1R^&# zvNyde?z&xL!|~Ps^9N))Nmutm)kA zzMFkQUW%Wx*C7uLv9YK+JXZ^_<3lRPY`5nPwuMltR`@AL?P`m* z-sf5&lle6py$(W2=$8^HT3sev*9&Hf*n?JXGWsLXgv@^{nq0e*Q$8+fQu6(->*B|m z@ez={%M2(=2hT(mYXg6Q&}i_wLq!aNmD`h^c-eKCo=AWE4MO2w^kUA--xOL(*);aM z(|`1ZdG-wg&c7Ym9ee!aBYEbRU2CRmm83<5Peg3yx}W&eXs9Gz^dNR06h|3Uv(uR0 z27^i|m!>95Xf(I%z)hld_qtDz<4$6h@-7Bdmif?}^{PF5*T7B);Ntb~k{bZdQCpzS zh`Vq-XG{x7i+tT@HH6NHJxp-g)ZG_M;%(C3qg;m3Fi)_0ZfoRLg5pm-A|xJL&Tl@# zo2=8osDUT_Opw878-l!7=Vw73=H;9!Pr{EenDvBKK*f$~U-Dzcfke&n;Ia z?!QTK+>U&TccVJ<`KFaHrvSQS6e-0X)k5m;kt2%>$Gjrz{omIMKu<9^Oy?JV70PKO zz?&g2jkzuVgF0Kr0c=^d9S#KphPcM1eI>1g&j%i$Vm`x9mSvBa{sjM15!wD_S!Y z{zd{WHygu8Kxs}F)%GLA=7wToZKwXK4341htMfj*OIBKuDF)a1o$Y$x&V9bmPXRuj zn%4ci>5#eM0)1II^N+Yqo|CUOQBgj%dX8_YJ18F0ECF5Kz#VU%x(xiq5kk*N?@LF{ zdWqo8_;CJUSIEl#SL1w|u27RA7kvdgp_4?LXbz?@QyKM8a5NHKgl;>HADy`$0* zMu*-iLj;-XKwC6?@jznX<>KmK~t?@@-o@Da7i}yqC0F_vBXu? zx-Z>@?jD;??Y)?huZAn*tm6JwXfAbgXO*~Kr{UhU*Wp>B48+ck7CUPHkUx^S6dwMa z&Q`fg+Z9>2%$CmlWBsm@!Ftqz{8gZrk5A=LCv(@uRkfq7?pdfh)Wu1)C9jUQRkRkAG=~Z?m{Ib4^oFmkS0$yaCSGMFDlyr1p({uhL0$T%UE=C@t~Q9zMSg}*OS!v^ zj|E91fXY~DdTIKma>o+mgi+d2hMMwf)dU^Q7Ei4#bBUXz&qrHmEG=$_7RI&9P9bxZ zlI4zk25$APhdRN(6<@6p2Wv+_JY(L>0!pNh0O9)pMrAYrqlo}mH^8?>!?&iyL01qf zO$4jt98VD57t5@F?bm0pzM-Tb;qcW@>OEJ90#GzWORG$ab`ge*Dz82MTJ}Gc_V`MF zn54cMMI6*WV27`=st9=-P49ui;7l znnrMk!5TX#4d~TKV75(GR0R#ec4DjM6xW5tVL4K|;LM{1i@^p~NPIY`$xRSr_(>Ud{YoS7gB>RNF%)$I{BVc7|I~>M(mtQuxQpT2j+}ZJ>#2E z=xZ5v%8EPe8vh$@uFkaz7JZ{ zWzu4@-u?<2@OEq!zM7y&|00u;5BDR|(HxP<{c$(&w zM{nt~Wv0ktOTshKPX9+0aPQQ?Th_GrMNjm+FXv*U_VHUUuBI-PMv)rpmso1m05~Bw zan&#wQfxDbCO;x;a0axJjA=?|?j+BNpcDbA%|q0m97 zA>hOW(-*-t$DPyVbgH5un15Qnk}N;@jvnz<0Rm_)@k;w#XpWsTK+ccgF|S|FL+f4soc~oBjGFM7}_;t|@kD7u3_9HviM!Kw=H;#RQEVi0ahLw4-NDAN$St z!rFj^MJd&mtm%h-Vjo^9C0mk^H2v2MhjHq*;qFW&AA@8UT_m~FutE{a(Z5zWRHaJo z%4L*%{x%u5lT-CxPE3bkYKVO$t;5Mhc;sp`=YJ%H=sLKFFokl1wha7vIpFH;^gT=O zcclC&izoL{nGR zqegVu%8ySt3~SGbJtp3T-^3+ob~!iX0pz8v(IB6FFzkYdlu0( z6C@El_@4Y2RF}o&HjWaB+kvOYMJQu$4H0{&D$GrU{r9dApLFO=r~tX3?X=tEP)S#G z$UrRu)WDF&-Ik1$j258oYa=+9DBF8KLW2R9h5N%JC5V_!ER4sTQ#2^ShP9xQ2n;d> z=fUfkKE*e9LTT;L+@J~*G{K1XO8cOp;$$N`LE|VAK=;8kP7gWYol_{W{vSt)&zSxd zC06D76D1xd=W_iMCAR-Jdu{kndmZ$Cgl>iYU)bx~|9^YkKE^uqzqi+b9~*%2@LVuQ zm!_Lo-{rpEcD|XU$j;Zzky_u*Uv-k_s^iMO91mxyMW5PZ?=>rfS+Iadu zM#Ff3qhVKq%zszb$acf%8P1e7iKKexINY;?VgNI>3T0&6?2| zyCAx)$P9BCBsRAfq#q)>hf%N|5Zu;TzjZd@4EclD*qe%VF#iWJrB7fygS+jHnLX$3Q&u@t1q>ihn1UcJr zaip_!yrmMC*DhQLuQZPn#O;h)GG_p$P2T>8FW(}lYDyHm+n7v5s1TkFDGOXu&Q&I! zNrHe?Pk)cdUP4x97`?Bun;L1R8U7ouI_)?eVg!M)tkBW|?4vwn9l~8X9Ql}@zkX@! z7k9jNaYxbAvdwmMD&&)zaLKBmiI^)Rk zjtE0ig&$HRXYt$zIoF(AJ@PV`pm+!KOfZ~AwG&K{Yt;-(Y`Tf>7kMxNrf?eg{O04i z*4t30D1mSg_G!%d(j{ww-mN*ryh{01JFY`V*nio;e2R@_G}DtX31aX5bi`_iQke_Dgcn;@QgX9e$b_ zLsAvUgt8VLz!We6NH<0UOiV@k)uFGcARf@FflMtKWQYrzwzzr#z5=FVYny_>0h*oV zJJzpLbFOY`7j-^GlcG%5^NE2psq;6xKl{O6MB8|c@P~pIWD7iL4wj~%z3fFA|{{nZ!Q3|EyR)T;T}5JKP|530D3IGC6H3<D~Zgm<#x!0L}|n}RP88hae`DS-U;qz;XQFqIYPVSb_$ISCf#k=pFt zV)Q0aO{euSH{@-zte~j_)fAmJD&XBBt&qE?1s7D1fhz0aT*ssS}=((Kmj666r#|Tv1C-G&KF+yc^ zfncLj_*W_BNpd6`;K=mXCqiawasFfxl4=tCET-jHmeey#mNJBsCb8SHS^+(BxZ0@> zl6F`)F+-O4ozw#J zMO~N-S#|*a?Y_4PTR?r(OcXPrh_ch&fb4SmscAv-R zli6DCmiQxD>4u zBQYB$_j;!IdhVr;G67i4bT_r}6E`?Yz?C^^yj|2@2yvMT40YQ+?Y1^!EBp_c9o-IK zMqf{_kN3Hr&EUE%OKMy&>uAR-@U12OX1mV>eyq5%ULK=Bp#MLbcI1ppA%!GKp+wC6p1< zA!d*fE1N`&!@yTd+6ha^n+bH=Jq*1X%olY*D2l=u9V*>R7^aRNP#dSB*-1%3PTEaN zDJo~4Lf=}kuV3b6#nvhCWHp0^%bB9as7;nhNC>DU$QL2_cMd`WVejx?4U)*0anS%#FPWw92Nq?PdwlzH^y9dU|@ z`y0a&G&@_vUmLjGe%7X^QPQ=VP3<2^N`GU^F|SQ67i!37W4WRpwqQP@mb5hKGaj~N z9;wY|H=7RU^xqt#qCqsRLC}jqMhi!$jvdFMkqRL&uW&_}hpkriZ2&Dthhb8uVajiOS|29q{IhCj@9<9hJ4bz~UpVjnxF_S{q8-K{s$D6IHZ?}%Oo3yWs|)sJx&8WlSFlQK%&cVVlU}B+c2NGcW0_s{f}}BDe#RUq!{Z0H zX^VZOs0{}rt!)v+B~F*&uujOE$z@Q&$0PomyOy~R+WTQcXS>{0OcF-*4fy*s;jSq; zBy?Ka2M6MLnxd_FenkPZQ#+~zcIb-%5vaUzFpn?ro`C8E}cuoI9l7ask z-~_VPcMah8{+rNRZ$flNJl{>C0>~eq{HkCV5#j^&c@)sA@qr~=2eZd^#<`oD zLC-5zGB`MoILt9*CS&(z5=*nDBc46+xsX6wcnL>QA7Z#t2HBs^#dwgs0QM38X#c<+eH5D`M?QO8(`r$4R9WKT zSst&vt?qU{k#c1=sr`H;B=#^9XU#M4q%aA`3jb&_Nca^Ju2Y#qw@$VkAV#0*_mcA zBd%Om9tx(u{z1Wz{Xo3 zO`2Z>mzx%y;?EgnXLwKVcDoAACf-&~ohMs6{(b*(nUBxof9^jvH~wq?@#p>l?k>C! z>Ki9=FCt_H!XU>f6MEbQH9T|^F9kHJ)u;nc-F7vw%6jVFPKv1ar^(u|_7~kad`S}< zNbA5D6}+17DF{lYjArYxltD74TkpYmfPLwU9<=I>x%f%g9|-wX1m9mQ9tzaX--`7L zZ?G*y+5i7^`!S!!z|_CuIKYOdm@NYR$4u}^h9i~CM9?&F{83I!@d@O}nXUWW^3g+2YNp5`R?EjFeV8gb>tQp#1?ae1iVRlO z_-vr~<$1jUZRms(Byb_81nM6-=)ON!-Z9m0{~-r`K*S}WoqqI=LTbqom(LQ_!vD4b z9D=NWGQr?J9ez`~vjQ@XCx^abU#>72W=6}Q_iSvOA;6r2IcHE4#+8M15{+2)f*%c5 zNVTKD@4zNh5Bx0%O>*v+cN{KadSUvZ!KB1i+Cn{DlSb(*ZT>uNlH&1y9+c z#OJ$%x+XN80}f(G-Wces`@S22GIq~suw8;4nPq~$8UY;tksJYw&}|LzVp%8C>C>oh z)3Rq^hF=o>wR54Mp$_DG`K;2V19H{au@Z7eXJ_KG<9|fK69biQiYVl?6j%MTEf(z2 zlwhTQ05p!{THAU@87AR29fD+|C1J#&`0c4Z9Ia!XD&!}1?b9Xk`A>e|@W-}YlT+z< zy}wF?LDp zoAmKRbj+vvp%He#co;^=!mnt>wb~>V&p^f?sdz1XW)vBcmX*lqa&%Uu7*6cZFP-S0 zeul_yvs$h4Y_N8l`Oa*Ca?)8*_nTc`3|&^Q;XejSN0V(|!uqLxugyoD+VsK&ZHI6@ z=65}&!}x;77>YpNM4V;oc)8~l!@v!CUvP@wT~+SntM`$-yGrSZqPMD`XgqYK%k{cb zYU&kFv?7dbgUUYA9*)Qwk;oc^Tu|G$xdjx7!%FIdoz9l~v-2gh&Gij6V~p&Ddg=8EM^Y=o_h>v+W6AbzzR5{kU9}R(D{xfhx zRSNj&*M=%n!za3plm%fZ^1N8F{g#C8Xp}Y=a%B0Z(FT@Tn+cR`k^wTn;dX_@sx~6I zSHDws9s_~`fxZC1G;vzsP!emin7|97$WJgl)r1PaA4rmfn1H?&K=2#`R5rU>3A2I+ zf?$O&iZ2eJK^r7HkzED9cunF7w`Sq{;!y_xI8M?8I`Smcv;;#*)C8=uS(kzieTddV zewZL_0=}2HM`RrN@r+AxmsA2h5ujUqQIMF4cC&m z3F#q_bPhnebcY^c79kb?(ticrg8oq~)5M*8V8;c0^SOQPXtBau!X12R(uGJ&<2Bq@ zNBKDHT)u3nvNg6hX2Zd?6v9%pw=^aX7ZV-G1Y;{WmE?5Oerto=9vs^pW;vXAVlpR# zQfz0#`Z%)&7=R<8(kmp(JU5U8UKwt2=s)DEb{;$kK%q(dc91QYYjBF_SZgr;>l^%CSUzSy?)3mF@Q|_vzrl*UxmO-nu~DG79~9 z$L-9UZl2>*eVx@SjEB#wHcy&wy3l#NUl)^k#HU$ka$w=Qj!QC0>Q|MXw+LZKx-C@0 zbP6tHY%uSa;_|OzN$HuKiH6RR^4yKv$yHGmij(|&HBlaU3q?QV_(zQ?oD7jztX6-q zBY#0imAgB;f*Cu3L6(hTp>D~xT$M9of>}276Hng6euPa`9X+D!uEITODR4?IG$Xik zKa!te-G8euk2G_-E6+5;Pf1)l#6M5T_!YCXB)pg5UcZG2i4w+l{mY5Y*;>3a*lW28 zhY&i96?H3H!ZVj}&*VOc(~hKo@MguzuS(O9ni7cY4zA{k3mi@y@3^(R`)V&h9Tj#f z%1Ji9glL5*KAL^{1z60A#*SlSq41Cwi&rF9L9=1|<R$;EB!y-l1z8^F8DKjb5~ZXfqNqy3B9TlGmJx$pB>S-MJZYhsUmqzn>*(sta8md1 zXs6$H>z$Ultul{FX6DK2=1JfYb+%{=D0MuuBqIqip-B;*n3!yh3uKBuoXq6c^0(IG zV8(NKISwoZM+z8pZ6b$|cI2!JQYnSUKh#HA+azfsDFiL5*PHZ~p(D|r3>UF#DeGv5 zQg>s<4 z@koQBfF|2q6I(ilK+ea4dM1sAUn!DHD6q{z8!WJIh4=M&*D-&h^Aj%&d%n z-W1n|o~pz-){7SFgvo}HT}`ozK%Gh_iKg{^O>Vahhc%Ndi;Uu((n|i;NvGFW(iKEZ zLScG%Bz_UIUmWYxp|YuHq!2^3Bk?UZP?3A`Iz#7N?SqTwhugoc z0)kb+L>``W-jFZRu0jM&v$}d4D&YcsqZ|o0NV~1DQ&yjbgm3m}Am9^RF$cmYzTfn(xfYdJLHum4kBYwuvkxh<&3GF(D#18Qp8%2O z#UPQYaRP3fuxG7oLIuCB1Eqj3m4mBGKCNNX=(zj!*>6PgJ-2b&Tq);a32d#m2=Wu4 z=09qjqqBF5yZjJ$JJ;d8%F2s*OT%%y*q}oKHTvm=2%qAt+5}atEY=aGZ}!ot$?cd$%G3Wz&=K_xmeIufzpjf&*vv;7f=b$h?hOv67FUpA^6idrn~nVw2# zY3Wt?ogXQT79U9DD1-xl=>L@d`P`6eqYvL)#^l?NNR22mW`F5b3TAKBmLt66x^Y!x zjxT|+M7jcg)I=y?b4#sejlH@wmw*HOYfHwY2{ct0o!_*Jy1c*5C zJLNlncBk0LV3+glDe`yaf#-i5=|N#iDybyTm0^OC23IHPMqzsDMgd8Lt_Mqm7Po!V z0L&Xj*b6pgX({nt4qful;<)C44FUa)vr>&^B%-c<3~3Jxo*=};Xa(ILB_lGiREX^(mCn{*WjJ-Py@ zHfVGF6M)`WbS_9*Z3I>fuUmGP9K>1^pJT4o3s?WM-7$dOxB$#@1R2b-H2;_AVtst8 zR%W}%NdSjD@NM+1sAv*3vlrdeSDp|(OVe21?-X9JLE##AVmB`*S=Rc$@~q2|APe>!e>R3OxOAgC+)o zVpDJ8DXf(Lp4o59Tm~T8g8U7xPbgw8@eEdse2Tr9@KQCTnn6JjIORoR9e;toN@_3E zOTspVWQ6vSr~h~j$w($w#TpGg=4`M9fezXHd!2r3&GBpOn8GkoWglASh8$g_LLg1e zkJ5oS>erkxXW^iBCmLEX>^x(+_FUMGsf7C6>Ui?9kyZiWQWHc2aub1@-`!uie+Y>} zwa@o7gVKLpCF5mY;RFlCShfBtnwH_E*^@FLu11@;2{k_}L*RM=gwpbZz zN(}rUH26Z1!+Y*kW;ACTJ`BeJtJ@@A=6Y0y!$Lj7Hy@OCN`PA@q#3Ksw4c*f=P0!@ z>3>V4nIFcr6=rG%@rOsU&uJpj0uSfLfs5D2$Nw$^4CM-{(~%v*+6dwCi}eedHw@-{eoAJywn+f%uXQ)C2c~s2^Xl*RA0^=WsrA z!32E~3>;4(lWDX(YcPFuj(bw%(ynLdB{rMz{_4RQEmF@nb`T8CY*=YBpnVP`Yn3*F z_G?Al;W5$2@cnsIA-mqs{(uT3YtiG8MDH9%*$aWO=F)#6r3MWF??J$^Ti8_tVk)GU zM7v^~$$|i=DoE@#fPf#DiCK z1qsI@HSkY`ccPblsVIn5nuL`)$_0X&18%{#bWrRD_z2;E`@NkZ^X8+Lsox8^pn&_m zTvi#4a%n~GNA+yL{a)xF!bzOchmx4}9O4a@Bf+KyM3}X9=#-LWBh=J<9p6!+AyQwAlQ(NDZf!rxY+HB0JV%oSS;nK#KFpm){ zT4WDZiw?)E{7I-@;_+O8lCxpbDpSMSny+FLGdmQyeg2eId_Px<O@pXH@aJMek&S7p!6kRkYzPyP)<56NN!?@*LVXccvj)?=E~iPeUt_K^ebO zuN6eZDfNpf!e%3~yn#htBYO--RK=4#+4^G;VM}H8xCtY*WKy`1j~cETg}K>yD~M_# zL&!$?taT$60_XLejRKu}C)a8>Y{B`4*ldBbXfdB8WK|#Qpi4?bTjnlV84E9=iXJ$E z)kkrv3Hp{H`e1`q^uUScg`@<_ugTi%`9;2bN-`XDx931nCkW;KenF1B%SlF)%l@^k zX}O;DRb1ZsIqHn*^_;--xuS>zWZuhU<0QvKFr`?vKH;#)s7IBJu5Fp$VqjY?W^{0N zfWEe+Sj~c6;5@5Ht(`PNB!qd zA7OPp`nI=BE@E8wr*o;h)C;BHwSzflkZ7rq@SE~><&D^%oGqtkBF`*c-vD~n*Ie3Q$ z!GRvI2I}w4dLdfwDJvZlfN>Z1BPZ)3}7KaZteI0T}`hfC~z z37hp2QSA=K4@?AGFQnH<8k8Brvpn1)CdW7VBOTbL$Byy{F>_peB77_(caQZZoyDnn zy3bil+sMw_y3A z`Sxwj@!!Z{a3ubv#>$O|<%8~;CR8IC)5YqVclF_J@4f!4K`G%B7<%!RL_WrjLrJS8 z3H$uBp;BV-8J^nm59c4vz(hUMdX7GvSPJgmUi|i;z1*LTR&Rw&I?ZG^4PUH98!XY@ zzx-y5KDK`?82NQ+PSvfp%Z}o+{7lS4Eo%^w(};>P4O&^@73u9lUS9!+Qo>3s%i|3~ zv;1jO!;qWmJ>)$V(^w*e85BPTrnRL_#Uh&6tW!dqY(>)7m1E7Ip;}!+lH=cI_2(K@ zG)<$5>P~aoVmJ-ddV1PAl*>!IC`@-iAbOmOeYB=}E*A6!NeNO7vhg&oZkujautxXz5fLsQ|lkwrH@Qp~m!`RLFO zp}(|(b47{uxz>STXX@;?d}OMmzK^G(E@{$2yi8OgjwOFD_aY6~s>INy36!fkLqd>f zpplEz3X+Y2?y`&4q9NzGbNj|tD&npjW%iyQNGW`Tu~=Bzvq6y`DWpSb5mSmJA$Kd- zv+5#6I~+TJiQs|6T65s}pMajXv*9r|gYK zm*r6)@@LXn_0lbm;rv~6oMz4nc5YoaW(X3<{M6nexCI$$X9lq_+-eNJm3LL1dpDt7 zVd`_tNt(q6!`7}EQyN3lEmQlIRu_BIJ|vFMB9L}08iz<60cZCIi$5}v0xtuli=3ZC zmSGkzyCaJjKu=u1#mi4es@-8lWqe0|eh|ObnPlaNfT)AqnpNx4q>*nue|7e3&54dS zbzN{oa$l-D`+-|exZMwyj}oUJoS>`30DAO*IbWo>DeLutO*gDcr@xYSv9rVUOw}lA zpVN&7rgmAZsmM}UGIKOYSaLK_Uwhh1U%Q0tyRc-!Y!qL1S*j}Vn{Gh&=bK*BsFGMY zE?(XNDUGS#dL!yvP!?^UMysO*JS^q7(unP#V`74RvJ_$%ei61H={vnL#Y3$zhSF<9 zY4izgL3qJ)&^f%6^gaD%1X!v23DO8=xgG(cgWh<244KZEbl78Sur!zEi;BD<(j9^$ z)g1!-FE9+Xpquuh7(81&7RJ{Ac~{48%dOWLUF{U0N=pV-o}7T7j$FNE4S!IoZub#g zyS;UKI3g5z5p`=*FBp2OQ?uha>WacT`CZ5|zYAH{e+k*x(RU%6!1uTt^TUBWTA)LG zzixvd1{EcdE@O#}o9jx&5^;bG(gmVi*HF?V2}Cv5Bj5=cHSq)jVk88(dDIutT3%PNz~>IxuyUHrer{^-wg69N4~$NZ7McL6x2h{A>a=PQO%j zIMsq!+TS&6a=eF;u-)Eg5<0G00-egPx#n7`mSXBU3Wft8Q zdmI?*e#stz8G3a4i&%*=7A3{XqujWDWJHViDC%`Hj63Ss^B(&OpvbL9x?}ek-IPQ6 zs;sb~Sh@&Pc+VxQ|BrnA(f2N2jSp0+lyStldkobJ*;~rw=W|uI|D|5(-_@)AUcs_W zm?3u0<#TD9Uf6G0o_P-0^({I1tnz@Efe`iv3;Nr4Q0$L{f`NN?Z}uWOBilqC2h9p( z>bzQ}-j2_!JWNse*WhU#6Vr#&7x&GkUHsS|+I0M{HRxGX`jtaw22QO|k@vC>9T7Ws z|C?mZj`^o#E!o3ntw@}+c$%hyie+>gUYjEQ1YE^5ThpJMn|o(ZtR9yL$j)frUl+T~ z@-6>ex<*FHb9)SV1_P0>A^n+d=dBn#O{9ADynj8&Li%8*P*0dmc*F86{Cq4TC2-KR z0;<1qIHJ=|V3YL&T(b zttbr>)losS1+lT&zwc}%P;%#?Qm2~?bP5`jmCSp^CEtm#4pZKO?b0L@&HIL*qAwRX zrnjt8WM`&W_w_?w8Hy@q=FP5^f#8XHKd;pI1@R=+ zZGYyXs0mKo=}Ykw4qg(weD6D4Xi?3IE0&w-(^DmK5U1b>Q45MJ+HuVM2{y=WF0WK1Sw4r$j`y9aYUfp#TAE zIM}kJl>{sU1+}=~F9WA^vCnEJEl%!nqamH7BY3@JNBsrVY`h0$FZ3y||3kWNpQ`+k zuIrA7A91FP7^nX!T`{))lCHZk{#J)~L|awom0fT+??Q40%T zcanwtHXMf<#jbdkrz3)iRLM{*bbNh3MMD6}0gZ}pTL!k$qk+VEfg!%|vSg2kJHQZb zx#eBB3c&?|H&WjlUN3x!zkfZ$c~<;^jWXyxOO(D8V2(6cc*-3(QmzwV+qBJp_U!&4 z&oxmWy`_>X;x*h>PrdKhy=EB&)! z#alk!EQL@@2}orw;0(M^mj`@q7anj&_hOg<+MSSnAyHd4r*o)n6HqIY;6A89mS}?w(_LxE; zn4_D3jymeiYjvY`Rc_hVHxDs_ljkd0`6(5})xyoUUXS~oi|jgYw5@S!ZQnGgDiia0PE0s1JpC@?$HEfyc< zNPX=^Hjgmi6BZJb_WEc_{UzdMvXv>I5C4bz7Cj$7)GAlHY1zFir8;&AVUyWDtHiQzX~`YA+}30Z}+uFJ~iVcpm($FqXKT81%L; zVTd9dDm1Rs|7)!RCq)Uf=f!hP&EGK_YN)p%XzO5n&eU zyADF9$|H##STQn~RDzDev8nm{uT4c1clWcc+-wCp{R1F(h4iSrVIH5u=2ekqeq z8-yNd?Ox4>=FWS%m`4=P3CFV@f>cV=Z7onb>Ks)vq&DcVTN-iXR~Rl;m-Z5PZ?59* z$vALAVGz=GI?;DdV#`GOEo*?sEz}@wLtF-`eyOSXqN#7?+tA8(7s{Z6|KTq5N5_`g z(ZD(Sn+IgMBJMaDeW+;V*}&!JV@KEJo~mJsI@1psdE2PG+~f!Zn)pvnll9jc&d&pv zZEJ7i8HKQ14DDAQXEYseD@W?$s-~N-=Vy{daCbfeeQJ(xF5EwCcR92lKB#%)F1h<^ zbrQZLo?BioeGluvL{9=GM~D@(J~!VlSAPj1|s!;<>H zM{21uU0@^BlwhWzvcl`}fESQ>H>s{#N4T!FY?P3EX_NA`KJC_Cd#oh)fkgZONPEkuIM=Lew{Uk0?(PuW-CcuAaCd@Ra1ZY89^46T0fKviySsix_U_%g z-|jx&dC&R5r~y>f0LD|ryw|+uT%}dsXu^YNrFJ5}bZuvQx=e(+xP2<%FDkKCv^OgC z*;1NFLfx(}q01o;)xr1Y;G|12B5~=<7#->hqnFhqrYfVy$FUdT=K4ZW=kK#&Y0%+Z z=c^nlzV!0uI7vWOe#W>#Lo z>FtYQD47ojv`K97E9Bg*DiG6U{G!Vfxek~;QcZTNX*Q3BAZ`$*BP~%QvEDUjbdqmT zK6r$Bow(fzZmwc)w4&Bu%H$5|`*DJ2BKw?^iCS0;sFSsbIS{QW;^Qt|%;#bDasBp{ z6VkcGVD&`D$0PTp^z+3uY=Z*z3}>byNx4;)cnLO@)~AP@HAw7)BhT4ExD%I(oB@Y` zHhfYl0sfrLuLql;iG$$M6#Q<$WZ|B1bQAT?i&K}D0ippzw` zlVEfrWbClVy}tp9t%^r;;8nm_3Yjq1Z3;areL}xz(DKdHenS3KsO zk?Q?IfUWchp+WBi7+mo5 za?KK<*l4?UUuadg*6{PX3ar`%!M(wy^J3|AmQPf{lQT&Su{-KXA!eUO55z75ur{d# zSW9_^cLzHg*xZOh_=EkzQfYH0n7FD@iaR zHTR)M>PD-av4?eqR-jiGHAr#W?49@J|s;+y> zi@g3Ijoot^v)u;iEbkOhHItwfJHWV#pr)gT32!Fb!pA58 z_H!h0@1@}*9Ht_^z4>`1W?ukdO!lez~>bO zT(`gt?7M%)pbCL7>BvAc>D+?AR}(?L(-V4L=xw2a*Oy+clnf{Q{L|>!A01)bTol)_ z9!Z>wj#b}GwL4&8co*&n=KPFN6#RTav-(nCB)ypu5fkg4g`9v<26vML549(hOlUfP zJ^_0Phy2_NOJ-z126fHef~Y~cf+)o}*ipusb$|9@m{hi*YF@!YgBgihQwNnyxugE; zdjGAF2Ky zo`>);4{dgpY#DiIquvAhvQ5#5{a4I5)rXNe4-@6{!^jx2s1x39qCCtn0y)vdvmNz_ zl6;S)A5%q%1@ws+tcOncak->|i8t`1M7BrurMt({#Z}rvpx74dz9=@t7GZ2fKBHEe z2bREyW51h~)eQ}pZQ`Q(?y`-X^pbZ|W}y{ih{T$qA*o}V(3DuygfqubmPiPK;Vyd+ ziMme(LT-5STpNA`k*eqQXBE5WZ>2S^vA~SuVZ5{xHLJ+$dpp#ka4W3Ho<*67r?Qs% z%mO5i-O9}fv4@#XMI~%F2udeD$+jYW$bq;y=V~ki2(4(t{k{Y}ckCqo7OR8OhU8|q z`qCuUu0Jr-IH6QY&C33VBK*VjB0C3(Hsz@38?k6K8_Ri}BNyWQr;u_cjNeX8GO5ef z6Q7fH4*LVT@yC&Yk|_QOe`iwFDgObOM!obwN_MVe7l(~f#kqZR=a0KU zv!*JUliO&ixxeGo=i_ELm!JVvG)=JW87M_kxzOPPRD?CdgJ0kFce|Kz1UTnH7 zy@(>A>B0g@gra?@QhpI`WK$|X2z9Mu-j%TxIie!=`a!3&N~KsYu8cZC-{!}+nA4sP z9fdT8fJuoi_r66MSzWD6k8b$CvO5zB^ET#~Rq;*EvTu=fdjXIp7M8ngB z+izH@Zh*KdI4Vp4{`-xp(P|QlpUSRNb_MuhJhcms>7IH+CG8dpp@(e8FqkanGD4Ee zy$KCpfOHhgr{BLH=hDo39knoKwvf7@>BE5sBx)k|P4_U(tK`LTukS`zZ7=E0s1!zM?UbJ0$(Qizu%|+aJxEj^D*5wkWEnZpn#Nb zO+c@|kV@WUiQmeRnT_RrkV<~GqpP-oH?lECmSi|ffv0fhCHBXYJctuCnjlnUhYlT2 zMO#_2eFs9ZJ)!XOGR`TQ0D=0oZzB6;Go4v%T@x+0grD0KcJY+5L5yaG81}QL-#|df ziy%zO^ZQdFDX>>)DNZX>LCwxeH|sqP*R#qY3~r9lLmn>`hXl~v_+AdFm>*!A&+qw; zl^(#PeTSkRl#3Lb-FSypq@Pq3cAwnF-1m65TcGdtA?fR%dXvp37-*dWDP79Gi}y-p zHdrw6xG7Vni1I2+yjU;(icjl{anOMpc>nVAATl%fo5E2Rtlu{ndO<_KZ-CF!c{@2Z ztyjMc&(6A{+t(3eh5J7#Mq1`?gg4rP;*_%kS7&&&e>=uNnE;$+l7jy%e+1mAqk^5S z#xd(++%XiM%$Z=Mrd~SezX05xc(>7NgwT0Q0=gmNlmZYyt&!mpCMF@34mXA?IfSWX z^-sPa)$F#By;DresOZ8Cwp$y=&^L637G9?4BbJ{Vdu*!B8@YNJcTt5_N2sw(h~25c zL7}Bq@Etf0g-bXi0Zku7C0^ilCS2g93G3OZB{hB+vnJ3t@&UA|Z z6ErwmzziHbdX8qf6-W{5rc*wvG{B^0=9I0`UO6>gI&wDQ6 z?#ouBGcR)HpZECK(`x7KownU^PN@X&5=qqCexxWrhirP{{E!K;h?B$?c(MIB&(7HV zL;+!kP+^4UYyeSwVu0u>6reW#9bh9mk{Zyb3mHlYKn5W?i1R z6j*qnH+VrPfErYJMiEpwgL2WkU=M9akzKwT5wZkY(cxL~+-dA%$zA8r2ZHW!h>w04 z!09?IsQOAF@cN(yULQGjSRIt8Dp)%0ek*A4Y{a+96%a%Cu{=a>2;@Y!z^RJp35$Jj zAng$%D9a7>mq5`;fGHHbo^V>H!u|F$PlE0)t`jogoJ$z60pxf5IX5dTb0(d-BmH^_ z2}6L>`z?;-{a>;Ai#&*aPsl_9f<8FXg1}}*p3o43wLmvSxhhH_ui+p8%_$USv-O)hHA^MU`0h}kA z$pwTP)Hx%uR%!2!qukKNW>x{P_KJYr>0bVDdt}7Ntnyz~AHKd?N&_H$$X2BtA zE6hOR8*qhcijib@v>!f41io+NJwpFG)S69RVgrd)s0H8^U9%Y-xnH*60HnL3GkpsD zSA_+POEIo*c|I*o!iW83ctr0Q%SH*V^^H5$G!LnnO7iN(DgqVopK3R6@lEY+NObW= zO2L=G-elt(WsjKWqpIVs#F(~;USXDi0M~S*a9lRUqt6l#Q7LnUW90yS4bjo>R5T=+ zzjQ*9pxNq54E%s-4(c)Ib|7cq0=elssj5+GMR-LWqtVs}3FV^mM)cua>rGY6gdRYf zn=0QA;l?hs@`dl}?96JFJR{Z|&O_QJfiwjE+=tU}x>BRHdX2#&4M6)N7)v^WTuIlAH&16)j52_VpdB=iiD=gW z?aGuQR+XsqqMsi{Dse%UKvGdRNQC9Ag%t>;rm&DCl(ZHS5YQf~9L~xnHRyS>7KKn* z5JT6}V;N02TnFVzK3UsG%y*!6UVO0&p+aYhxK3&kG)C7pMi{70 z8;rOS`6m`ULi<$_*h?8W(^|z*fGweQWcwem;E1xRsUofKPmM3j8=A^7@E5cfZ$OZZ z1+1~we*%LYRj@^Rssmb9`ET3xDGU`~_=kCqO-y~5)i&xKJeNg-xXig%1MN=GQWnuj z(g@5{9fcN~GZ)e&Ckfzyjgw9Ic(TE~@#}KsCf7?`+q*!_N9}DL!(d0&1F#U|UZB#p z+S9Av>{|A4sD4cT)P3UUiaRr(?<0R7a7%Ze(L}qOZbasC9HSQYu|^b95Q;y!gCg1S z6w+7h7h?HT$$hA2SM8tWb15TIobX^IB+n^Ki*+r@#^DsV`QMt&CBmJZZbX)Qr-IjS znDR+cha!8^utPd1Nk>ZJ{r=agkqVbIxh}$o^jLBwtUqaa*^9f8PiCcDD*jD=PF2P>4| z5C(^&A76ko*uH@nVA14KH^1D-VZKbcgHY}TN+vka*oT{+$_40^PuP-(fD5Zm*iGlk^d=eBOS^3eDS3FBo>A0Otq zKOpB@&;9+SAEAr4ehZyl5O4th`?-(Id0Gs8IP@YP`jromYP4;;N(!=Uh4FOg# zILa5Q9ZeeeI-gNt#7#lMx?Ua*tH)yq(@)p)Utdl;cdrArdSdyL;-MR*J4zv}gz-aa z!Y6w#F4VD;SP7Ck>EgC)^7*Jg7_y1j9y#Ndhti5{)1@aiC6zja%5^Nns?!Q5*5MrS zNf3|*xH0JQnH8a8pF+6kZk^Gp(^5p#MO1&IuZ{g4x4WQ1-MTknX9YyG7G|%?S&QMU z^+_dy_{>18kQ(GWAK3C(QRotiI~CXXZiEeUIq0q~zHhr{e7;cm)IFv{p-H3QSgP75 zJ8t6nU1l3t5LhD(JDmMMbKkLcB(Mt+4;j`=LQUd(5V2Lq55>Ft8I-mlmUmG0c&_}$ z*h!fP$nv>3{m7*A$K@QczKoT6-wynDclnF%<1w6)rd(Btu`SINeb&u(v>W|LYB z6K#`f6rBS`T~aOIa82;^ciJrRDj|Hy4chXPU9CPdC*XtUHUZ3JP7Qe! zQ@Cm%Ziaul@$(8+$BMPKIq@x5?3e3QU?$(hEEwr(w0xS|V`rbuXXF_3q3Fh}GF&Du zIhc*-U4|?N6elU2lE}|$Al6tgsKBO=Xyw?eEM~U)r8nYoB+4=TEXo{|!^o(?sG$x? z0X6$M*}ao2icHy~5aHA1((+6If{;lG20dwJJh|I)cL}&TLOxpjAch~SfPKwCl3h5n zdNJ9dP!F~mrTa5&SvT?n1hXfA8IG!n&?vylHq~B&$aJx88GByGUzFPSp^+6!2gRc!F=9dZs&1E7(9s0rZj0rp>28c>*}EY7CB$aX=`a3JB}_@m7R^0=I?F+v zec0d&m%1$Wr4lAjlgC|jr%i$Q_K-!of(}@*2f_lL*{+_#_DiP;0|7dcrzEyoz_}pNU3M6Hf{xMZ<0dlrYY@r-4ABgzv|x#!q7xxry?lf; zN*O^$8FM9!cs3@Y*c2e=0RddLm4@Q^)ZDL26@jUHN|?nj|HD2&0wkJWmlM{u-6f!4 z9uN;p1wsZQIpPh7|B)vx6we2<*zW`>bq)YXF1?fFF2^wdNC9D%__`l&ck^f^`c2=v z>XTu`!NL&m*bpmVL}r1$qX({6hBbJ93-V4bf+n1r+*%eJ`w0crfz>`f-TTC`bjI+f za{3#EI1u_SR^~{!f?9B{HTF6i1uQSSmd;lg9oY&5n`o}WS+K%SGn>H(qG^pgPL&!$ zklIffP#BMtqpGC}TgdB$FOY)`k`1PctG4=rVnk7j>rejGSkr3}I!coDzJm;PI#Unxj#-T;fbyXnK;e+vs%hk#YIsJx+#1vs^Jg+Q^o~-$9_}4hYNKg5;yN;jF|gl!>-und1cic)uGs9)191z%AJNWqvc@ z5WgAl?tf#z=ZwPrn){O2>XReA*IHXItFS)|a5F-J9br<@iDi5(+s_N1rFzT9*d^NJ zH~V7C;B;LYDyix1No(oJjx>@Nu4L=0X+zbjf00n^jcxtzSBD}X3cO1kk_G-s230MD zBxSs3IA5S|kqv_mrVMJ`cSX^bvIu$g6+(z*KN46lM*rd8-*M{{NJe66{=NbJ?C0aMXsl>%L6%TiFy!|VL zUY3SoUGKW>edQS71oHPZ(!~`tKVPmP<5S$lpDNMne_-P$x^$bO=}T-_p1}6<*Iy$) zErWh!1wv6P-)9WNTnQwL>L@!V7Q-d3lXpc%j>3oaiMLy9-ZX|mJ54&bLg_#JYdlO5 z>(6*tV_@KLtnn}K-*U0@=R8LxFecV;@D^V`xt_^>i?3U_w5^^D|9!?deXKc0z{0Wi z*wN9!6sviZdRt{x>%?;*7LoT{cJ9waQbUFq{*nJdX#5Q6T!7-gOc|{vT+e}`(XrWF zKS<<9#`ENjJyDpsXUY@`%*O$p@yM37FDNFeVS@je3-3?PB>m5$#{Y$A#FP1_Xxtu) z2&MDc;bRWVdBIIcfmJ+&e{`4BrJ;t=@Ec@AGk`FBdd za(ta~(0ESt(Em0Ssz;h{(br%&(5x!nm9yU5Ar}7{&etTr>BKeVCYmaeBHGccT4(^} z-Ec@Q@{%VWN29GHoM2bT>-|wvT-~sJxXjl`pN}};2VbH2Q+%z+v;}J^FvlJ)6vKmK zl1>h=ZV??g*ycCn=DSDJG$D1Eim=n|CLwzx zj5&zQ@dyVd6UO z;*b(E0+O%S5A`&%OLt$V4}UQ*xTYnwlv zvufQqOrUt`V_}3n7xed?$o_$qaGl*+>ZX8uFM=Ty`mayh!!HA=vd3d%gZDro5_h z(1cl!FxSBsCj%$eD+RRN{z83-fX9IBMB< z0w71tIM`BsuIF)E+>q8}+uwnh7$<|HYCx%PLF^qmf|TvelM8-&Pco2>F!X(_x0(99 z^o{<7CNQDBXZlq#s8e)RGB|*7Vw;Mids`4HGk9cUU)4ka3*#buEn4=WuY{F3tE*8ag?)M{sT}vzSs~rd<}iHHFk9YMIwcOY{RW z(Zv;cg~=27RV|1CW~2&EQ>`JRKh9jgd|NiPXC@C!6G4~N zQ)A>1Edv8dGXaQaOdWHxZI4SEH_IzJE9wKUG1=KKOK6bzL;ka0>d1C%R3X2>2~TV{ zyIHOgy_$daLcljm!o0Hw{!&Z^aY$IJ7p|_3Mxo(GOi#@0iJH+Er`f4(RzZ3 zZT>VM;FTyU-wdk4sgjj@rqXdUKN;Cy@w58**7^7$MX%X>yZgBZ5nD}dZW62Snr3V! z=o7pR0khTZN^PjD8z2da4L|ds#b_W<-;)1>yK)YZ%Z+D#-sE(=9GLS7So3*-dB*#S+&5qj-4kB=NW@+g zaEE9oDeNvweJ(EUtmawNY0H!|ZsNfNwq(VW;}0UI5B_cvmO48Zq!KuTj0CCVmKFzt zo5#gf0Y_sD3zdF+643v?3ucl>h^R!hq8pJAhLa^eob#R;ok8^b%wTf%ryy!HYZziy z0J|HQ^$8hMKx`^7kxwwDM!cg;6EwEw-URdW^^ElA^M}O={8L{dz%9rL*vdLv5Uf4n&le+okdtJMjBW7dYVr?A zD~!ja?srop8&F7HN$^asEWgltpAG>#tJq+~49FOzm-Gn&pF?m|3fc z9}(TuE28@ZXgWcf`4ph-wQu>DR@CdPv6MD2p`3ubcnE`>fITj>vlAf4AWLBN#kt`1 z913-`<_h=rDnn+EhC6i~gF-2FrJ zySM|AcX4Fq9#?5BBHH=?XcutBeQOus-=9}N%uDQcm#Uhra~yh;u_eRjx;fqNX{l6qs>D`MkXX1_frr?VQf)gEIQADw>33pc z1uH3k;s8asZ6}Pw@QLt7S=8!jU1|svYG_$hw|0qQh3=Qtz3<+HYE^^D*cZ#ibYuM4 zpF$Poygx5>rWbSjNPN|!&EWi`*(NBo>`*3Tc-3X!J+b0P3-2ftZb|3kZI>}{f6zEj zKnHe5amA$PaP*IzCV%B~NlTtnWu6VlAn3Or{4Gam_Jg;E?Zge^_!}4#{Ec#detdwW zKAN#AABdAT#ZD@fJ3075uaN9fAlGm;tgE6>8AvZKk#5O#33}etUmN+;!>50(`Y&_5 zxLCo}x%BTLMoiq_);MT<*C6K{mm)58X&fb7V(B91iL2!9-4Lk#7SyzvLiHH(-E{~UoMR%Y!0qtuyraTRBX{o(UDd&S$T zSpOZOslp9lQK6F8$V0qgO$YoHY2Z8{bez9T&*GO0t zIhqw~&F_GlW-0Rftd&JdNe~k~+**L;yq4AVl|&$J2rZ9#8OY`- zE_PKgQ_dho+az8){VRQTiJV$FU#xasIFOyGhveo^D^oJo>)IrlG?w+91YSv)Yv7kV z_7+3jr#o(Z=h2Fbus`x=VO;IeA`DI%FQk|{SYX(tu{7%Jpv}R0@PQ)uD09A z!?Qn>s2sHk2pQK%L-T~POlDnNxeUbx}S!fL2(sr#XH%35}oL!S}xv|4iCurZDHaic>uH=s$9d?hq)1eb%wuWHGb6>hELB!ebql?kTGM{)1zaUYdf`J*O zuB>=!Q%aS3L2QCJcCB2r@$hdxD6uU0Ek){knUwF4_o1I}Nl z(W~q*N%)meUx-q`d&q#IjH2gLye>10dRK|Yy1M2mv^KN54$zKVQt@arX43gg3`-x@ z4WrPP(G1Hm^OY6UidW2dlg3NA7Zyeqv}haJWOa-K1}F zmA@5m=PH1Hxb)AO1q(s6IVq`^FHZ!yJC-=iJUl#pf69MC=IUmN+D0qC(F^s7e}wGD z)e_b7?Xy8M;AaHKGh_snoM96)-S@z_%jEKeKyJ1%dqAiR0@*Y*!RiG#6c9l zvvI)?7RvBF2J^+ zhPte%Fo0(HOMfTm7GpK%C`_!rOdY|H{!R~=hJY6M^Us6%c#tD~3NNFYSE-D&bBHD> zWO(qfB!VwsG447m@WCAM;JD4^Zf=wJ8*-R_12U3m{YUvm1V9ut2+-oP4klttKIw`= zJxAsPzlC6on!Mr zh{C(uOz)TQZ$zl9fae`(kcWMKKcB=t?PG_}AP|#HhdI^tF@6uoIsAg&K=<1lDAocV z{vpL6>gdm zGpMI9?-Lw~(27QR@~hHXAA-|A?CT^_@q$k1f5s`O{%oO$U;Q24Q+T-k5@!RC&9NP}x{CTI3iL9(tE%>f6HVzZ-IvO%!}incLK zAcpBm{H6GZec@E3qZ(FbMYj7MT3$}aT$}c6f+@$7$Z&N-vv~O z4u6{=zN`K1G^6VsG$?OMQl`U?&QQ2r4=0`I^8Pct2c_^wcn@OzcX;pOX{7yM!h1)1 z$_n+Rx=yw8pCc~_t14K3S5S$O`uaLlXy>qxkV#~{S1mHh7l{rTZ00#az&HDN%}v?M zz|Z|{;Xo_N+bdx{HF8w;_-|Hp+Uwz3uNNq*r?BYsW~4L&6>bxnZW#D+Z8zzd{j!u= zUyemXg&t3=X1vlKq-djU&93^N0OMP7FXMH(ZcKh+<#%#V+*e?Ym8aumYWUwp8?(-% z+9sGG$`uh}cmd-BF-NaJpVWUZoM_br2KOv<>htNFxE^zle+i;a{pm*cr(s9@cB4_H z{?~5w3~5Ay?iH?u#D+Xw0G8WJLv%8-)_(Z;jEC>?^0?`hX^PioOnH$)aI z2mYt>soMW*`P5jB$(gY*XC^za3iIM&?}w$1;?C6+wizk+OXzd31X*;#&$qIP7S)}{ zzn4uEsQmY`2{W8LSN7i%M2`sI1hLn*l?48Z??=VI8PRA!BRb$hsLR1Kg6tK;(>9Y~ z%Q5dXlqG~I%)_Bn8Updba#?ccNi2#)t+6?XYF+x%!%$6R#kY^i;lE{?Wve!Nlo3n7 zpE7Nvg??6t~gN}hWUXgjXZ(#3o3HwBaP^SXRCYHAx{NH4n zWpk87!9Qgh_rJ(A6rfB4d6Q{tf627;|18s(lm3!v1!KL=P3F;KSz{!ttwD~Fz2_`< z+P`Z8_L4qqqg_zRgq2I8IoacfsP0rfO3)>$kNs{5IB|Jg@BlR!VW^ZQcDNpCF|!T~ z@y@P0|72}M1(!FZRMqdDpjDOtL9L9F7}glPOVlu-RakI)+h2fyUdzzt0mie9(7x%V z+ck*lD=#7>jrGfMD|{TAw2_RvfIs<=w=r3RDSHBpD{tOmIB$g~bMhsMHIAaE7L(wTJY+XOd=ZL1g9yo=^aWU92jL*U8tYAmp|GdfH?Ev)KIw0R7z;0DisQ zd%p2oZ!s{q2=BS)y&GbYd)1nkgw~yn1967h^YPu&bCtmmyxoWdtTv&vg4tH*t&6Yd zVYZ!5HhZJDy4XqR!1Z-OrMas{p8h&~hOR|&^m8Q&JypitT`iZp_GA@0a|1bPfn6H| zGvAi(_@j7gnuh{?21+#3%SwFaR7w!SVRB+v7OXz&6`)0WR?83zq6n7b>YL*VFNolm zb^?|I3B1+9-oJ#jOrQsA*gG|h{na3pHx6Pu{m}!pnZDmDG)9qSk*b3MfoNp~3KXz@3KCOVCQhk6;b+c zyilfEUlFHU3))>0=5T=T+4#dx;^s6x<~PmztpPgr`33FXZWH4`J+wvb_O;<%47IW0 zwJ~NutRuRh+M_A5to>|06LzzE-`kThze%{|J5@+mYQ*o#R~{1e%zb%~(kys*vIl&f zgi7%qVrvjzl?$N~4CAf=HPbAbg*RcAabddLrgni&&z{T=bjh1(315??4;2TISmyIo ztC{C>(ShB&`Wt4lRvpm#kK~tr+*`h-`6-nHX!{4zL1|G#1X5j(>^o&p*X7)KLsjwe z3Fn7=LJz2s<$id<3PExyeVg0^%mOqY3_^m1`tRig#4^>yV87v!%=Bgr3~d*33-+IU znd%QWd`Md26IZdQyavzo*eDbC1(Wj1=6nt9QO3Ad&&&cPLY_}W#Dw)Snns~#i~CqO z6AXFVC_a0>+7p!gktV}l8(GH|Wprey=y5er&MnhiTd2kf>`T>fJ@5Vkb=x4@Xv+B2 zqWZXVX0v6=;b(|WTKs7GYIdKY+WUps&KXKn;6^u^AH^nqCsU=yWdTGDg747>gB5 zWUPz{8}DHJkB$i2BjDZ$tzn{_RHMRs?OAf*hHn2CE3%2puFCMtAl#2cp9$X*)3pKGJ)R3Hj77_L()ipoXNd=|p$KG!P z8&ixo0YcPJ@cSmko-R30mt}b0)3T)VXt*xe-VN8vqI{!BFI5vVoLyx8Qt)=#$ z@aXvy17ic~}T$E7Umi~p$J2Qu@9F4kx#_0n>1oQt ziiy9sN~jh1pI<*&BeE0|y`ExAi`!h0qaf>tjw!UDlu=QExzR7mUf7_|7N26bkz?K_BrrB{hU9SY@5K@n zFkk4?J&#jOiiV#{1R0j3iBsQv?*gAc`_MM)Ob1MU_e%8D{Igd=L?z+>OF!y=pDBKJ zX`o!_G;g=e-+7;8#7I)-gpr<@LZkGGARX!aH&jxxlR~r->3zOkKaHYQX~BDI1ag-t zly74~k09p^VVs*;F%Uun`s<<*jVA1JBGVaxz?Iw?jq=*X<0^bEOKBhHw1R%+%48H? z6-1;Oa^5i$XUO9&6ia>bcD7(+pmKWHi~Nd$@7w1?s%HC$@Lomfaqq^pH2#k~4VvQb zJPnHhz8coQ&JS~*!A1Kpe-{4Hgr+6n;oui}FJ_o?Dj6QTxYu0%BHh6VT*h4;H}!tQ zlG#{?W}A19!`3cttIKGjaymjs{t91d2bn^NkwJ|(FsHh4;fogAC4-)ACv{8$7M;LeEb z76{?N?@0@crhHS2hsTGWD_?=s$pxi)fY;8HON&VoA6Q@s*>@= zr&69vWEZ+aWS8h@#5lE3NEPQN_QBRys1BE~*w3yHsd0RUTv1US!57kaG!5Py1Cf$Z zUua#Yvdwa#xNrk;^4?-Ot;RncVqb+V(j<>~579Gb7FMQWpQM8SO3ClS5tP2Kl7VO8 zNCnM)eZQ0A4$sCO_#{dH+^kEW^bDJ3SooEU{RrPw9&fD6ws_AFgH?^-a!O9lv7$J~ zGqLy+jly}wM@U(P<2}tn%or@Z0VQ5r4D8A>cdz?!KVgFTjG!uR@Ot;VVo_C%tovbX zE83eNLO%U9)i2NbB<@^l+n;g|oP?cr1EtH#BIU|H;Zd;(o93$t-(-Qie#&I~jy`Tw zSnp59Z7Usvh*4P<&MIPJ_SxBSHvdS*D@nfzZHAxwqbfmosY^-81C!D=aUOR_2#wnp zt&q>oy&t?esXDlYcvdi=f)DV~%Xo=YQA6VSQpY~yagx>C22L&))3%H7UcP_og3##g z(kr;xeSs4KJqezYe_rn4xPf&DzF}Pw$>xDtU-+~2?N;UamFYPme2X{5a6srLa3ZtQ zG4E~#`;1mxR3G^>V|co23JCnQ%tOo*QrWjRr8<>OQ}GFyoX!s>@S^48>#~Htblh{? zAMXAfyA4cGudls$a*Of1#Xc-|6;EGmIxWH!pq2rrG6Ggo2mSSG5X@GWsu1+^(CT_~ zGd|HjX@Nm?l;yl^V~V-7nR4MIv)mCAPnGt4bZX*j(l0K{VrpcLV&IOILz{FP%?Y2% zjianqek39>%soe6v_>ZxaUCghSZ^y0kb^olW~|>AjyCJ9SarD1YdKVfwW@g#G?0|I zTw4J%+4gj!Q~=YKY<9RYSYI8K)cq?uK~ujmK&lD4-`FIYi0SV{JLr2bbN1I`)b~6J z&6>W@Sd$-Q!T0D!@9KX+=X`x~^L0+T?7{S_Y=>*~+dAj1!HLs{4yb=vQrDr?bP!ug zTBXr+j1ncM{1`-D!X`_Tgz6BcJ zXsS=bHu24+3}m*TIGUPvCmY)X)>lVjqmCX<>dKs0N4zVMJ_t2bAY;3M5EsaZKx`f$xj!%DYMi6<7tUoEFu)sNUfe+af| zJ1Yex%H?hhzS7=B&|=Cc*UxIGgMg>Q;Eo@xRaHe@omW-5$>K_(xtK91OCg0)5xem( z1(n5s8J}iR6BGqspxG(yQLnWwr;2G#Nd(;q2W4T>@M|#=e_pu58N-ONtkMLsjbD!U zG0#IOm)%~{z@zv!UyV;!yOtZ{`p=)ad?CJ#XK9ww9RlANv~N9?DHlySkka>37Fw9q>Ws{msn+e2Ht6*0l&LL<&tCLnR-o3KQ)zDYIqRs=VgexVB_JHk@UO zWU8d4O~IVFGJg}hvK8rZc+|{EWs~@iRp$5rzLPm=%gTbBjc0Z^Em|q>&ig))UL4Q( zzzSLQwm7aFUXMa*{6TeIERH{lcdKqYDk# z^a=Llz+&kYui>yvR8}qedD#W8UqK}%rXdYW3-{XLnT!P{wf9x%%c+z1G}<}Q4Di8o zos50Qwte3El|2iY{y3;(&8 zO5|P~wPecz-6^(<&+~Qt0lIGVy{EY^J*CjVxP@WZoD?$SDmTniUFDY?7u0(BfXE+B zJ7mzt04+wLLvlc6GSL|-73G1pgpg^^oKoy{eRM$lx61sSf-9T+uT}X(*EhDAcHgm1 zmU&2hDf5*Mzz589$7jX!SKt&>3e6LyaH5Myz#3fM_scXzQ*>D$np@(_RpwLYUws$N zPht3F(DYIyjMwx+@!E3wQuI+3)}44);?Nmr17ym7P&jm^p z)!>kG$U|#TNb1*|gQD_7)b)OUSo6|5tqDOBYB21d&L;j>1<{1P|&@hs*VMxqT~^rjVuL0fb& zOc!DWALqhUwaSWU_ry&#D65m>xdLhoKT&uwc;!Nrj?s*fFMoYU^DEGx^RvC3ZL1Az zE`qGGhku4b)wM%dR9!~Z59^`Buze?Hfqh?y{O^fyJ)p{PsqN~YraOn?QYNUkl-wDF zN-~%lbto{HHswbPqyzSD3KT>-Gt!65rbC@+@=SU+sQo-;epp06+ZAfmDbjXWmS0DU zCAprnZIzi4Vs;&(($DjFf3a6sXZu7+(UTePa``Kdv0qz&h48u=|a`qq5|b3xq95PF+uF+*d^xl;TjBtFXhiOj(ISPeO(qUa@<4B z$WyLi!QNU50l6j$U^W>oU8(flj`espvE)T{pOe{#eE1H`lE1fqHA%U5H5f4aaVn)l zf-4^`D$E!9RfuNh0#+dCs(sdr~4E3s-*r8UuPAR zM;9zw+}&M+I|O$pI6;GJaCdhL?hxGFgS)#0cXx;2@Xg`Bbv@(d=y~UgBJQ`3#Om7(KExkw%}VT-Gs6 zVH5rY6)-z?QlFk+&4r_IyqUSWm?L|iEB1teKg*)31Cu-n?A}-kvjO3SrQw(F+rz3x zpwg1CgRmAMZe@$9_nssUUgL@!QC%5}8L~%Fo*v<0g7KUKaE@0;DiyfdZk}JWnVzXs zRg|-k+}v+M(SC@=IT}{f2&HJ3Uy4Gmcv5t}f!!S<-oy-b$~I8yUowcSgroUk z^>w7d;5$;$Hcv+n5khl;>#-o1o|8L~)#L6`bYS%-pRP#H7H+{>h-UYb;5zIuJP%M# z;--^336+SV@397$=C&NP!ZqU0fBS+4m<3w-}X$m$vn6WbO>ce`{}iKqJ$#Y{vP9DQt!R^ek+$|X*f7o z%N}fsT-p0mVy7B%w)l`80A8?rd7hPGObpd86{JgQ@?-J^TRskjoJ;LvKl6vBMl#SG z`@ri$mYCx8Dv^!B=2Y-cxi9#~lX=5r{Z;&#>23%c!+U9p_#T<(76J(#8qS zR|?CJ8ICxsIv@lRi^}LPNhSY+-a_P<*_18{68OFix5fLDhUk zy`Dz37elS5j1%fO%$UpHF>Jec{Bcl=5oVPYOkY1)!^e7F3y>mfx*Kv%e71jhGyp7( zKZJeO>_7ZtQe(7aVS?Oq1^W-sZg9@=p(SB(0Bxf^#E zCjUe@rRrax7H^;)!vsJbx=8nqfa!e*hDi3>c#BNj$9oac*jy z9^6rlP_`K6q^@x=v+XrpS(-6Q?YAke(lSzXtQc&FIO{RV|TIKL;BC^WoeDHh3Sm-VLGK?j|ok zL_tdET)a#4ERbe*{vJGvXTV3_yavdAzfJE2Xf!SMZbw2x^b6p~-+e780~1Dt$c<|k z;0i)MQxF!Xge!^))feI(r0aogBKn5lKdZ%Y-G4<|b*L&ER^Z#Q_HvY4akp&%&+P~@ z`6_z}APp<&eE2iWjDvCm$T3PKNM0yJZ48KVY3F+1)FFbf>6Rj?eB_(`rF2W|9*RN} zBj8}(LPUsX0u-?9DDP_^PBxs*vyby zZl^0^LqZe#n_eJgz!blDCP)>5jSYK`CS5P1=biVA@<0dAiOrsEf)uZ@0s$q}_}Zi8 zY`dlF=4w<`72r2GNuP}a?T-E$H_QNW6O~^0gK{;1_5Q{N&*|4Fi^_r=Bpk)NN&K;_8w&F}G&nW&F;+Y5cVbLyoE{EE81=A#OPK zt&TJCp5IIh?0GIYB2=6TAv_DP#PqxDu0v+dPn+$v{VijI4aV$x0T5PFB zbDT-*AMj1n=k#W+aLJ~GEYRu1*jmQuL$CHCuX=lqBg|4tpzyC zlqT(_U?%dp(JjC8^)wb(5&ujwDm0eEe=o}|A&R6=c}$8H+xWtjekeVR;LCGu@@V`e z^QXqIv#+r^9}29ZT<4lWS`_SfE;vy?Iroe56hsQgSGBW?6cQ#Qb9iv)=-=1w@WJ*c+xbipfU%1Ez)qP}V6kdd`GhFaUk01tJ43qH*&JGUge1^0?Y@DtI zCJarxW&3*|)RW~jLgVRv>Bb*)qc)Z>On?5OB?leRbQgg&;Jf$%e#25LonU@sLX=lnH=ZI$@x~|(x$c8p>No;`uk{7S zi}zFbEcq`9KZ`0XD|MZkhB3nEFWF$|FqYf8NVv8NCv=@Nrq5;;|-+)-*`C6D_17ZIA+N|ZC z>A8!_;A4XX(QbmAH&@WHrWfxq0Nhtz68TZxzi6`eyn8{Hx*e;~B*c^I^N%9`EC&Rl zoE1z-q5LbYlw$sH zzm1Os-iX=GKPWcLjy~X!TC@Gm7XM}#4Fwtv+CRZBszdklE2osRAT(w?%hdAPUt@xP zM4(+IpSDrx0fjt3nbx~E8BSO*q3ESttX8NHmT!TgI6WO`P+qVFI1hRZia_}B7%##^ zMOOeGiID9zurl7*@UD5Mf;K<1mz{e>nE_(R;VPGHtTa_Z(4pOWSRd1sQMlUT%picr zx=!aE^kIk-=!wR7W)L*>VHrL6mmv>LrgGdz_^tKe3Cd8EqZ|>5J%V`CHcuq8M(a0& zte#VHs)ZvYk!*PSaXWwbg@UmT=Ph~Uj8^gY=b)`Jo+bchRc6&xRbLj$Jh`1Aqk64$ zT-EaV{xUmqB$pMIB*Y1IJ&%354B9oc}#avomb?d3irKRt6vQb|q;AVUU zXz9}C%YWPl-vntCsCP1Mbo~j8wl-iyFv&2+Hk>C%d$Z<{5o4(utE6{H;1Kq-SFu4l zLk&zhV3H#9O;T}$jNGRq$K%r(Z5a`%L{jKvV^RVjBgr~99tYUT627T7->zRnq=^rS;fNtEr8i(1shw^A z6Nq(qMaNs%+X_Yab*t$daex+r+U?V@lKEhMr_vEPUnh!|g1u`^5xCfq{SMWiSkb06(U-bM z26Qy_!uG12Wn4!A`-p_rt%kh7vM^!m!DxTGH8^2mZ@u~yk7DgA@_F!{SiL{^{+j4v zF5(Q|Hsv<&Lb9=8={~yYt=I{5ZJYjKYQoqM9MxBG_!ej&9K|By4_37+;-{iIvn&&3 z7<^E^Vp5as)Siiv{~nu$(8Dib*yN*X9?+!T{tZqBs-aLj4b!0T`+K6QuO=DyS0Yi~ zwJ$*$%AyXO!Ea%IATLyxxe6%?J%s&jN22FkwCIm2E9c)AG{T88Ey%aCq4wKQ&Nm&s zHPhzYL0RNY{*EE{(N_ub4`}UXf3ijoB;L2Tn$D&6gT(Wdg#Ij&-Zb^n;5A)Y`|&dl zbqivQV(-Zkbt)bW$so+Dq2ZBiKLh(R{L7lY$kU~}R#wETBOcbmhX?fB0Z(XX4Jt{d zScWtIMbQaJFw#7d3dX+c_E+VV=~uY~n+r``wlXm){VIr58%y6-+OGn*^@ntQNcxQq zs~QGN`rRf>Tmk%m)E^|!)VmsHZbmikjg4C_gL9?1S+wOtzG*a>xp=WQza@S;xT%VV zUbS!YV)0L;ycA7qDP3Qbmu--IJd4#dSaHfjn*q#J#MFY!Px`i=v$2!B;)mVWf#5!_ z;O9mX#s;@YCB3%v1_!knHt`vAju3Pmjn!TFU*l60fM)iGQgNWRj+|&0`^A8;23~9P ztRBZ?S;8~HDW$*1Xy_5*jHCx>PD^CI5iO?&$4?M=n6S3+=pRLO*Ti>>kUX03A23rN z`9TzLUk2`au56Ps0v+kYJ{U=%R?xj?iP^ubAaV72=fr8O%x+>f=rHIxh+XCgJ?GOG z+n2Yk$(1>UwmjRUUS#{r1Nwl0%#aP98`H1rSAfZ2Pz^y+erFlY#X@QYf~uSbPig0+b|}jLj3AKK?;VORUT!ZVC|HQ5pxTcY-OU~BFCxx zQgA2FY=Dc&Z6b|}hF{pHw3yrz=tED+8GE|zpx^i}m=xxPKD@{@|4a2q9|B9X*9aW9 zuSEOP;d_?v^e*iBsM!VCeDVHd1h8fRt{w|Hz}C3x^}E6FhyRaUqO;EEIjwjezDBM&QK-t_=3D>=aCc%#`%ZW_W_ zVJ&P<h0y2N*p!LO4c7_Gpha z!6;CnhgmRu#r<(3`~!mrF>PobSi8I)S3EO%nXSExt3knavuw}L-~Xg+rycX){2~9@ zez=}$HP=F7R?s?FI!cRW#{m#`Qe0tW7_&glKr0(pId3VmY)H1C3&G66v{xID1{dCX zeDwqCjg}3ysmyLy=H523ehEZ-MEIdhf{0?FyMv%GKAV%SHLFGw$ddS%blj&fg`j6d z|FfK0Z4n3=I3sh*GU%)*z)C&w-!CmJ0&!oFKInYd6Qbs3!YYxxV;Y~FA^kQy!XOk- z#C)w!HokicVhblBC2D6)kWY6_cxi8a)$L6tx6)h@g&KqpjFxwgC#OdZglDB#eeIY1RHM0!xwX38vhPhr$6q;>v8x~ z?liT%emCFtxy({-t8$f%ce7s?F5C4NG+Ru?!Ef;zWI=M+g=Va-AJ#aGCpm*uYYMRP zX@+rWS3xtTYcWU8xDri#dU-D`*UYYL-n3SR->m($M68qq`A2Nuzw1b!Y3p_wnfo zeZ*@2^N18Tr4y@L(=inhu3+a2L6HU4Y$K3<4*D0nKi%^N_l12?;k_TTCx#QPR3b-M z030g#Vig}JX*vJy2S)1pI+{hc`mxfNd$|X|>ygwnY}Exc(>D(?q6dz5PRp8r=G%i6 z|EyU~CLw(@QuN#HPq62_vjfd0u-l8t&46z1e?^Y@i=r?x9W@X)pY!%AG;)Nl5{v+! z=w^+a8TY!gHcdDB*;{U7X@zYd9JPSc^{TvlATrZ><0h_q`aVc^SGGMiJ|*9=p!i?^ zj46Rt%$j4_!_7B~L8ctm%vxO*3JogN(eQFHdo071#n{G4i^8=`#Q_u_|~ zh?KX;1B^5&sBl0C8b{`_42iVWW&I-qQfV?q3(TTht(`D@<51cQNvx zm^H@U%te?|>2}42Z?>ku)@eYlNY64U?WSbBl>Z0TvYT|JHg4zja{67lEm=f{(uaaF z3EgIhjdI58LL=fS?}rAjHf! z3Q`Lq8HxnjdiEcYjX_IQn7?pxZFd>7-M`tXg;a;f~llaG82FGt?KSi?6u^X0_(hLy-QD}c7#wkSS4)ks@YvsK_JSUOf z3?UItFq1K}4xDGw9*bH+6AZe+;XI8yHH9%pm}hiShOm&ESxh(mg+fL@`VANA?d>R9 z_E!VNZ4cE=jC_#SxOBkiTzIZjSE_nV>bRwEMTlgj$GumH#!zkEY2xc(QZ!{YDe&&# z_A0uy)2e>;0!!28@A_rxF>z9FB;5f!BprSJ#SS}Y$RmL7hg^vx=#Km3sSlGJeaMRP z6}j{)7n8-$q;fp{hr|IN~R}bDZIj)En(KkL~`J#2-XjErf0~o^}KKT#L?{HUle0Gt% z8cm}B<~l=~5}PNO{r11qxu`{nzVw2ucLe7O^})4Y39Jm*|1qiGXGvTHoYXjo#|j=| zpk`toQAlra81&-^p;mpHC72k=kRuXvweCQu*?;;x$2p4kV_ySf*TG&W{yrytJ;_x( za7w00fHldd8Kycn)DyhL)-&D@?I~_T9~AZ;#_0{L0f!C`TE!sjMe@R8cX2O?iaZ%Q zkZqynh)w$jc7(uDyc*d*L}IK{oJ8KPM%!ef_WNuYdhkf1zYV24EECJBCo4C1aXxZ+ z)+tlf!Fddmo*)PVaX3q?Z4tU#%6mmPx;&-(FC0pPwo5+voLQtBK~NDF?mcAlzbe-4 zD+p0SHA?kY^(E4CW5OH#U&y~0b%L}H=(&^ggLJXVVkyM$OpOb@^nQ+lZ0(g>W~6ex zZb_ZdsSVXpKX8@4y#q#oB|B)pPT1zY$L4S>5{N)=NB*$i7h8%(ynV4;7TYkf*$VU7 zn2(RcOM$*>G#36+sEPVU`v-c3LcB$-+ND>*U4=+StTN3Tb(gt&B^D+7S(gK~TY{x6 zNYH{B=25B45bd*^{`LWYy6c~sRf$wDG0nOPHvgz)14LR(GW2?-!_7 z-D4QA*+BclRzZj9H#AeR^ghoWF?68=xlPGI%-t!ABk#1uN83?cY6)9V)_#>=7M9>XsGStd0n6=|T10WmwtC*+uJ_fkr_#~s^|NYVFJ&{&4h9}J_~I5> zGt81}S6!l|$ttXUbxnv@>#9mX&vVYw!Uv#H0|*l%hmXC-1&a~_T`4ru04n_E8L0ZI zr{v22R&bNEOW5>UP&(^0LZhK-Hqq_m|gk!3$xz%}l zBQf8u@;w{=I;BUokV#A*E|~$BV30EoJC*+OJ>BauWFP}VsKQD-vsJF=(PfOR8ukuh zwxr`AVAwGFT5ho81R^{g({u7Gin740j|mjQ+bHqHmjDM0dlU7<;@NyM0d(CNX^Qr^ zc7%Rwnm#EBkwB=nHW@>Q?f){GG1+!L6e!$beXp{3%6ECS;*)j`=oU0E8R_Pjh|?=M zjk9#&0#K<>7juywfaJUPUD_k?IGs1T`|=PR-j==U`NgCXR$YedMvsuNiN}#@!@2+7 zwNlb2KJ zG`+9#;u1p>%ZnO`BpZSb+OnPT%_bw3yj={sr11x*oxh}f{*Z$>M2H3WvmkTyb4~NP2 z>+DDe`#;BdaeM3w@0Y4PfI$w9ntB7ZfY)g%kp07-=VasoQ1SOz*#iEgl*#}s)GpR2 ze~x)RhLG^r$Mjy6dAD>DCa_F{=ti;qVV1bwSZAiVa^BM#DW z63CeBmyjnl;p3(pD z$1UD0%~kAHKgH6ofA)~IXHXj>ldY!otyXbdSAu-)`NN8c6u|xgSg?L({lW({fKT=+ z4Je_tbAo9@<~c&{i1(Vf_e02hPBqkXs(b*{tsJC6sFWFxK843zDlcBVrD!$bJDDb* zv60k9E&wTJ;J|Ld;Neg7)qj#-PSV7Y_A!x#NDqT71qYiwBRS@)s?~m--)%)=kQiheu2-Ul2v6LtHJ%E z{2Fj(GmXERIB%do45YsWkaMY@fbejow~xRf49!|N9F;(C<)>+VuO9q z?!@~i&`D2eU$y2jG1&-K%u2k?9hZe43|*Z+<~QR$V1yzKud&$cx{|oLu~kt}TWD{e z3O;5J(^m5-Vv1C9kO}bmIAg}`sVB8-D6Us(U_1@}jyQ{jbmi81qey*n{&zlc5)-|J2UmH6e4VDHI=8s(N@5s`E{Qd6mNa{RH zmnll3KQI%vUO+g7C2c%nT;Xr%{0($T+ZSFcW}n+D6EmylL;EN+-Mx(T)HxA(C(Lqg!B~(c}T*a@UkW6EpgUNLo#RN7+ttg+l*axOWCYOOK`5ImOzf#4&Wmq3H zj&kU+Y^?gc4piv3=tFsk{8FoBZPD`(S&&!T!Cf;eCk#YVGRXEZG8GyLT z4MjDeUvNwb2YINeeefr{1P;1Y5!8q4v`?F7C#7*^QrUG!ru#S}Z}I30*)*k!f=YD6 zOujNz;(IoHq*Y&%wLL8x2+ zq$shmiMKtUO3-H-wkM`E==06m?Do=|0sn(R$)16&cdw(x$zv)8DEsVv`caWjQ7b|= z-hFlXlE*grre){UE$jV&%%?jS{eEHbbPt(aF}}1wO(`*wd})%lKJAt0$P*RO6|A85 zFtvJe98&}SSk#_pK9PF|Jj_O>4;&AY&?ruHEzkEDZGH!?(HJg?F9WW(O{TQ^iR0i6 z^4lgsf^0l7ot;1Y6cb&r1l+Wt4X_2S)T=@&0B&-F8DY@XQdToz#x}&?FC?<5YnMRY zS|b>$tV>)9DSsnmAdtq6+S0nPLE$m2xgHuD7%TZV;U`@bymN|5xH%+;9qL#YxDiu> zo2Wyen1gRWjZfeh_L3c6OyaX-y6U!O7h0b^dXwu>f+cEl1beDrw^BzN}Bxn6fP_9AsD4%nH79 zFW-=_$2g~Z(A*b11VtXD+tMZk&AfnL)v%bNed(W;W)<3@ z{&8#y{a>Qzv-qc?B~IA^0nqgE6MED$4zoD(@%{(t!UFHv0Yidz%FyP z+HjLgGJoyEXQT7SeQYUMBi7ZynKIrCC5sSc3(fsu0jFR!Ct6xFh_3FCTqpv|385H| zpf%q9kR!P|9lJE+B87G6o$uG%ZIla*4Ty}~+-lFj0_Lxq|$nRT(Xpfg$F&q4qvyV2e zAlx5i8$xa?(TLxmd{N%y7WrPv+y_vo3a`6SwZExr6qfH|y#LTh#gfEg{Ro<$rw+>6 z_$;N;Gco4JF|8YW)?V!(B&;qX5$D=C5Agja)w2UNV2v}q4$smkbSowO(cXQgd-o9~ zuSE45tsG~xk^K;g&xH^tDb|oyz=M!t$DExrabNu>X}C)3d4bq@MJKp)M9E=tNsf_- zMU8NR=1LRoUWjJDWt}bajUF~(;gdYEdg4+dS;HvPcN31|Q_WZap$5X94A`Gnp$GPN zEjEVzZTIQo00j6=n7}4c!x&<40L@_$1=cb&Yg@`{6OgHnUqKZSZCyHDr4ia~brD(g zIV)w)jdk!(s-sW)Q)-?oGRtsty^~BB*57>CxPoR2DaA;hEve|1kK}1rNFBAGa8ULg z1ufx?Z$~FTm)JZ+8yXUU8M~N5o$C`UrF*&2%va+SEk0rvdAr5e>o9>-4?8IfhM$+}31TByl*!>0(bxqgFN1M((c6|;AsYD>)2_u8 zipD}))^WEGDXb44!bH(oA+QV7IM%LSHDfv091Fxv&L%sa-0XEQK~K z+vHO7G2xvU%}f#VWKj{1hD5k@IQS9XAPqx|I5CdyNSIk7#4i1Bn$H>XW}y*#49-P2 zKSp?ue_Z-D%1`qOzPWTez?L?K5+&6Up`0<`q3cFAc`1wVR3HkM;v_}mr#hR(Gb{O}lZjer zBb?^<613>_DX2`}$Z;)9Is%RMwXvHg-O4e6a5_ze_%#jJs{&oy1pGMl8Lmo_x`S(DH zH-t6lDh83n_%PmBwfu~IyMgx!Tt!s?LUM}xj-8(#UWho0@VE+t8O^G0evqqMAj}2plQh|^DC444{e2wtPGv%Cn=85=* z5-)lnmyc_phZy(ws39hzQCWv~Cc&${bkugo4w?YCIB4diZ2MT`!P={=LTNayMsC9@ zDV_xt{Tz(<-yJ-T@CNmO9=jEjOT{xJ*T{u3aUDif5+kng12NHh>g_j!kNI_NZsGMU zrAo|85n7_sC~GjbNDfLZZVchCg*jScXR8LUY#g#8 z3^B1utx=+~EFfsKHJ1eE($7URRvYT$oelUF_+0&&Q7#?6rFwgfe(q*2p~VQc#2lsp za;r%^YX7d|MJ0N9`_MQDh!CulpB~;O1z=bxRR?>F5iMh}0-0FpP`b~;@VjZR{0e^k zSr-x|pcA`cthHL;3f|I7^b(#^cQX)ErRocvzR6MuBh%U+lX@A=06P3 z3r;4|UHI>@2GZnhdoST3=j3+zQC>e+5nVcU2b^u}(Z{0X2$~@7h%5)}xhd}$5RIc} zMEL?i3l~JZX|w9FuBosJoZbmBsDAV|RIX-L9)${IOdkxY=tcNxCDitPr!b_7fBddj zIjZHlELj^qSGeSnb{gg0uE84cpHZ{j3Gx6vEFT}2_Kf-uT{og$1INM!O4~i&Pj~-1 z?`7`3MGG(S&aU5$_#VU!w7(}@5Bm8%YBSHIyom22Cpe{g20aB)u`6CilZ}foS*8{= zJQeUXIS4AutD!F=-1@jitNz?LcU+iAY0`qMT=A-th2>i=qdN7av@HDoo=UqGeWQr0 z0<{|^@s86bUAETepoY&9;@vo@zM($o-Q*l}Q6OO1c5Uah-O4sbLkw3sYi2>+VA|d3 z7C(8U6@v-69f-~eE+9-3|Eb$9n-9rt`yq{7bRfh};Nuz@ipmx*KUvnY>?{9vgP>*Y zKVbc+j23fx5h5ub|5CwmtA0&n9F!|!a3NI8xzgoVD|`|bxiM6Zis&Yis8iu8{1A

  • #3}!9#QTzSQamz*f-tv7LM_83~FD2j@uVCb+(C5tW%lXv_P8QF4 zU|B$LahjaK4rgJ%x3kmh?ew>{ccUrn=Xr7k?8N}6OBg6<@T&t?7*rt*U4$3|mnWPa z_Q6tQf@?(OEqB`7BK?8b{8&DXCn`ceE4kg<(N!YKzWmtP&nlk`;m zIfiV)5DQThyb`a4!g{Hyl@J=Hc?07MOgH(?sFf+5%w^2Q7hatLCj)TBo_ZfDy&*%ZDiWs3h-Y`V<$^t%?KH=MOYuGEK;yA;z$^SR%hp&FuJWTn1U`B~YqNnG^wg*4+u^yiwGXr(+bSL3S9C)(<`jVm-ATvwOu-U0?v zIoPsrtgf~5CV)MMo;!wedws0~l<(>u&$k((-V1eJ&1BKowUQ3E_d#+I61kXi0DLho zDaJY<>mpHltR(d!&QnyEH=@3pwFc=axj2_iN{8}ln(z*Mx`=wFN%ChMnHq!SH>~Ts zdBT1%&@k7!kF;iTLWB8qm!43R>ggeh3 zJohukHT?hPZk_)Jnc#u{{~SMS!C_qDNh_Qnb8_$M&C(IMsVdQmR@TI7&n9K~cRYg*Tg&}#mbYYxSYcOd+|B^zZ}Ew|1UKCUg+8Gugsu%;`4S)WX=|{u)zgO8Ge-@wro%YsdCI3(RDUgJR^Zz-1 z)~d>P7Oq!TUb(VNm9Y+%lJ4iR*C6Z073R8`mG-$?CsQg8v|bY$UCxG#ISU07hus&^ z#N)18c>?km62KGc3&y)w)6g=8p`~~nYcjfbwFhuU$4SzN0k__J<)ToU8zg0%0*b}G zY*so9?M7{DSrGv6oV>}(WY1MeUB)CDj*}d2544&zr$G|8#|?^O0VbImlF}k)?>YP& zuA~vg=1Wc#PoVEsrb1y%6lzMRVM8NF*a534aRFxd&^yk|Hael?SciE+J|;zq@$JB; zJNVI#+M9o7l=u>s40%^HKQ zveKlIx=pHOzgLztZjqqacEi!42soe);_^H5&SEe=ii$HP3v`3y|4y(GoG)BBgqwn! z-7_y6Cxnt6AG|eMe{5X5W|ilPcG;q?@2x2j4@9?aaUdLT)hX5t*YkXeW{~YR^Ddn_8YiK;)4OFd2+KFZ3IYX-i={@ zQjDG!j}TbgHGLN9GesZ|e{2@MYf;EHT>^`YQ}Yt1)A%M=PLXryn7;>TM?i((%uQ$c zuzKkDB+>npQv$yt(9C#qls83@^;1$PnkWFqZ%(H$q7TY5v#kEo8L+QiIn(mGg(D+} zI;4A93CSUo-63&moFH)0Y2G z)Zd!b?*=1ggPVWk>b-C98HS8xG_$#15yBy|laD+F$j(J}bpJM&hX&o;%dO$|cs(j| zyX#M|J1a`hkQU_7eZ)tBGk##IgmL^6s!7>LWo2bw9x&F*V+~JyOd%8(?WhxN1>xU< zi%zr|ZKAetKwie8n=dIO8a2r02KQo?chGO7jGuN)Y-j2y4!jUP(OVN;;ID;7n8q8_Vfh?6s z%@G<_*nsCc_e)#`@f2*1qrcCStEz{;V?u1q^alVr0t=6w(vYV!_BI#uA;-&KBtZl3 z9%vlBrHd4aN$sn?{YSY>6n~AIV%eWraLRD-!Sr;OHJ-o zT<|W6Q_=gbgBZJv7*8FUx!9Uf(O z&L~dEuEZO{j@J3m4ROlg`t(9f}GG*xUp0ik@@05V{0M-{1mh zMCUKBQNc`)ioJ0>eaGQHKk`4ntj5!6WCcfcmR{XktuNl{$Blq`d-)zihYIqEfA?c` z#3NfC>+vKVt$*B;JUzHZfVCtAFgohe@mf(fkP$5M;EIzr0uzfFCoueI!$i74d(5ib zHMgP!6>E;E0n8&Gr;|kV42rziJIeMF!>$2<7*LD~Zj(tu+Ix*^n4!75kpjYg6MJ#s zQchM3y*nUNUi!013{B_h%j6W5Dk2!;ZZz`)l%%6YYKs%%4c7X$zYzLkDJAStf9i7& z?=WdfMluJ*Z7N`RH**G63D0Hy62``Hj;3O-uEQwMVZ_Fw-H7w~H_TKGsY+vJH!AUY za?N^~Y@C!OWT}GRh(DwZG@7BeIjwr|p}Sf)d8~E~WR;{B9|Dt8qC(GXssQ+Mbza!T zYL_RyIFsIo;DBkb%2H%8_wr!YQ_j!LlX`Fj_khh=#|l(UoA^PJ^(_L+r0IN{X^JsU zS@Rtp|{{u(+;VdDiGbh9RyZRUR<-On}{!xYewZJ;O z?JOVB3Q@KYimazISj&Xu;E;?+*(ps1*0*PsBqEv%%5%Aii()qB14t*v#5B5*!ix(J zNInp&NGExxJ2$J!7uVz`pH%I&humP{!c^8;u4$~a&vqQwePnfnVV+|5|gA(4m2_z&hoRy7aRD&-$G{M1I2+Obc~ggr+h)Olkzbv@$;v|xf4>$OTet~< zIWm8_lKx$QQHMA^>+r=AP?a$einsCbzTmjP@|VwW;0l|h$(VARxrdCC#+zFGm70q=91ol?VuGLpT*LY`ir3gmd1^QAmn#jyVg6P{!RVF`!RMxms zXSRFf^A;7_bXcC)miKT?3bhI!%^8whUvjs|OZ6-^RnxpB5GJM44aPonE3VygT+WEF z{FrVrwVMx#xuupJtXALh7Bk!`B*&K-^syvlWXJD0`@d1y6J~bn>xIf)uewfc4%d{v z{3IA#t)Vjqs85QyOTzF;FnGza?-!F74$6Y|>#8A>uZ#jEPUe*>N*R>>jrFsE*Dh33 z%w33d;pB%Sg+|=Rm|!jivqA1Bt_E0!F%Be#kM~sUj?Nsl|C0aU^&l0AIAXh`NS5Iw@p}3TCSPezKH9L8=ytW7!mD1N; zH(?v8sD8-u^KhS>TO`a3!52#W2njA_hS<2-s zlbDrwiM(xm6SK!&x^3IZ_lF0;G)ZVxdP#YSIzW>B>aJk_^`HM6SDRA7%1#!^G$tQ1 z0gg9wpiW4XP~TDKBFlox0ptbb3(BS=*`y>HJD9F*uA%BA z5WmFMGfv`()|hhO)9|dzq(@oa43239Al#J7@=9d@OrK}h6w_2$eVGTfm(r4V+1tSi z{0a&HAF*l=4>_u97sZ*OpHgM5l)0*ph`4P?!8?5K$D#E{*=!)*OvFJtE>8)jc22~Q znq7t^rthHj2^Ia;0GJa6hP@WoS622%WF|zH?9tVR$&#c;mMoAk@4~A9VF`*!K7nN_ zNGbjUFO)g8UpPll?9Aj+=EM)7M***?X!acQkb1Fg2Y>cZB)-Vffy!ubfTQ5=nwCy- zI3YfB21!ZA7@!wl3ZMU-oxE5xer1PMMWTrgG(v!81l$XZ^`$pM;zj0JrN$;7o9^)r zM}(SkV9j0=&>gM_g;4_iJDnk2unJ06mlMqB_&ydNQdzr7(J{9en4GZ~1QkqyLM%TU zpGa<{9_2i}n`W5cBc(&~K0qSvDdwxHGx{IOq^+HHyR+_77p6)?XPpgVWvtcGJGxrR zUdT!Q#Oo6EDFq#1cq*$%7Vn^a$%D_z4zfKhV5T~VjR%@XqxdODng4{gBwo{VII5lm%6eQ1@B&|1K*kuPu3Q#yWS(1;LyFY(UqHm3>*@;==Nr)*j{@iH;T(Zix0XV zqP(wHexP?g@W=D2@~PVcEcWJ~H-ux(n@bG?sSr~nc~`+@B&mq;hNFuDty@E4ca2kI zmmC4e!$5d7PjKnF9H@l-yBghbJfbjxfwF12Nki=vtaeH?F*_sdBU`pjvUheb`a3Vl zeqbS^n+lx(=nu=@x{71tmqBh`X6~6_3|r~R)WD`6n^*PiH^-ED!DU5CQ#nuqYbC>+ zc(Q?TmWf1(I0U!rI71E^#o7%LD@LawCLcvJx&4w8wPQ&Wwn$NJE~iY2vg>9p6q(P# z6d9hg_rNY-t&LJ9P0Rs@D3B8X_gW^?!egBH45b6$f{0#G(jc+1o9m1=)fB6*ON?}lSBob+*Qyzg(SFJGYC&44p<}z9OpnnSMOwU zTa5f6TdBJ};$4$?W2%n`u|wk0Lr}s4jDhJ$=^A^kGWT4ip0rkK^)x`8YLOWwQFP!& zSv(L2ItxpL^yzyaxnD0tZhtp@UT(vjW#HeCA;#?+gG{8QZrC8ETrG!>^I`Q!tFn8J zK1TeF=t-H5lMSqCg@aR39#_&tKN++%U7N}Xmg`(-z#&&~?m#vm6Hh>{`>dA}qFEZWA(TPaO3YYIV1I)J`*a>( zCjD52OLHoXu@&`q?8*uoI>KqOvlhD%tSHUYy%r&oNa-Yv-m-aYXXpA?b8H-h47f~nu70v94J@BTU+Er|gI z%J=S!V`M2;)oC^wP<>rTjMgGm2^Vaa@&hOkg7l~R_abn7zsacnnCa?=}S zJ+(!WT4`W*)Ae^F0vy6Rgra|Ss!T=W0WVRBw>vJ3ptD^GMwG8+IW6KVt3>m%ZiIlz zwU}B;y5m{g#kmiais&D)5lmUdQzXfaGAk{+{eGVd!-;h>DRvk=Dlm6QYyG+$JvRx; zTGI`%jX6xy2Zue~*<{hgB-Ba+*c{Ly`xvQH$Q5pZ%@SoJjkWrq_>*)=908Qa6lqi$ z0m&TJFVL)1r*W>-wqZk~08wFnBCm?<=x#fEIr(TK#oLzLl8(41cDZJeqK4g zmzi`Jd#0qKB4(J_ACm`x*gC__h_0JWJrbGQKz}xzhZ~+E2u#8Qny@Q^?$X9Kcz zn#1ASMm1Ab>@{P#tW5jon!>Mi!q48}2HlCUlI5Xj?L6;DV#2vSx*ow~*w}r#yR)up9^j3`5%NEQ z-rYFo1KxRRvt}xGyOHT{&8kp%2esH*?BpLItAfQsLcLoyNOcvGNjwyr_?{+$b0US2 zc7vFXC3OowDBB2FCfIBsrL;$4`O^bn`&%)2|7a{*lteSV(uFNjK$x>?Dt5yeSX>r; z0?Rc6kUpd!IFeJ5*+{uSlwECEbPg@sFLVicgE7`w_q|K4u&++ijoCkaoO|bA>uRwh z!0(bSQIO#PM*sF$3`}oXBgqdTF_Lv4b{|Lv$oViE+*^V9H!Rvma9~Is9M` zDCmSuxws^6ZZNuj^WD*_y`WXhddA1KXr1n~J3E7Cov^dp>4e+;oz3vsptBQhoj&cw zTgmgdzujx;`hA^evuV*PX!D%W^gRg7&_JuK>*U{2& zpB8VgrZCghRkoeczObv}fS#c85%cKn1;hYS?G-q3z#;GwO3IwQp#60U52lqZJxcnc zI32Td`d;vYoatB0X9uIWC}gb-Xz-d(2Jg#Pm`9Im&XAexMksZFqkDM8;jRok@Y0om z1LsfoRpT03EVb>fTlPUOyg}=^(0Q2p1G)$c;yTHkZMPEnMcIxkEdPU#U61RCf?EGIa+qPx)@?K=UvFXcD>uU zIbBUS37kHHWPl9t*x8naL{EvDGmE|8Lny?}HpT9!w@6x^KO@!NMLQl%&*HX2{0-jt zp}^Q+Er_B>eyi^qoIW38sAW?-Z#TW3X;m8L!tWVCvonjyy0d~xrfZLctU4P&tNm-| z(EL6BG}V9n_RZU)S6_bj_SKuO?3Hk#N$Ov6XEBsLDACky#lb7@ih>dV=9>Zp|5 z%q$669#}&}ZC_4E?mRpS%CsD@oXYBH%pe_f=hU9*;lyCNDxoJ6B) zPB0;MXtb}GBgn>Ob=0Q*jhQ=Yh0y<$bP*&2Qvztk1TW52t zv-42@?Q{Gz>_0~h-(vyjh4+7_v)kU>s@?ya5A~lv%g>sL>Xu+}6Kq?(Pfhs;)az5x z`;b-dsO`k!3E1ET>W|>A#(FiVHP_1siN0#{>4Gst2Ib!+G8m$dJ)MOXJ{1;B%lsQ42D_+U# zJ0(zIR&I|;HJ_`*X3HkJ#NZW;O(-iQbjmE zq*ViHc&9_MyeVTnC*&I&jZ)4(W>>upk`D{=z?glL_2bc5R+I*%0*V$?BfskUDDyM) zo>Y?B$)FTw=u|IYx_?$kejNzTWs^-nYyeZe;? zZnlNx7P8&2kS1Jx{`z(P+pZs}be38>Qpr@;PPHa;)@^Iiy8T*H#xVcuXWZF(+B9K| z@}ECnrb$dP1c)jL#~*YNevtxPE$Ge(zHJr7$Z3LVb7$D_Ni-!5Iw|FntJ>=j9y(3> z@qyn-KQ?b~g0tB9uaB!hk1?;tXCl=m)yVCRhRHJWdpa6o9N2&H`m?R_oMb4=(ekIC z@>0C^48wQg?6A-IV-E6Uz<%|G*D#$Fuw8j_e4b9fPxAEi>Xvs0uc)!f{wg?9%@niT zPBjtIyWYAF8?pHcAX{N5!Wvuz9b zpv9Xvcl)l{z`2ZU=XWOj{1%t+S0j|amh{v4JUFCTKpCtc3Ft_#gMFsIU~IKxO6{Omln&Q{M~XUccShf+yoEY5-5-^Yih5)!Tjw zc$-Vi$z|wxN8wn~mV#u-t%$lXXFJ#Dffr`uoP9pe=Fed=fde&ip1?M`e<3$FO<9DV z_k5p2S12lFUYnO#5M$oU<55-}bd;2pCzc9)T?g8GkC7JplEHalqa!W&T4}}PX}?zx zxovtiomK(n7e~f%v+3=zdOf4Z)-4G+IH)Yr-o z=~z2}zd4;^599fPVyHU?7j|`!m@tu=eW#X-3jgY)xpVB0?$h*rI`Q~g=`k7))&!D- zBdMoTC(eM-9?lV%$x4Q4fMKp>1&ZZQ8?1+Md1O-H$+H;38%>y73joaEEB4!{>0$$#H#; z|8N_g&>MYjD2Vwx6sV~!|7u?b=r)=Y#}Pbn8X&M-Xo6@IT_EBIOjxcpCXylM*}f79 zOdKwSt7tMvNegbk_9nO`p200aPZn65u-=6j>I~gwhZYkVft%{9DLB@H%WufH^p8h$ zmC@p27s?XVsrx4@@F62sZUO<~&ec1lt2qTi+%=dM)0Z{n4?Ntj91H{7v6P>~6gJN3 zu?>z~;n!yyDF7d&&wet+;6B=P_-7E30txP+P@b&;35fG?mfv%?@BlgT`|kCsF!-(5 zhPGuHEz%Dnatf}n(u7RO0MG`{J<+|r;L(#uH|s?Z!RZA$ff<}rT6=nDd(_3XUG|c4 zsUCBT0UIZ_OQq?Qfu94$Fz2yG{S{KphUp}E4>=N;dXQHAOTlK!2RW#7$S&9QOOeeAA%E`f`ojB56_@a}-UI>jfxig%fX+}hR8 z^xtGGMgliTi+sjq6?(J5P(!2ls~fZA^x*h}PKE?`x`Q6j5hkrDti`whc61(`hk9Fg z4RtHp1xT?>bR$LLq$K;8bhN?Yi!UohSR`#1$)p1wW+D6M{wk5(+dEs&pXqJ@@GlJT zUlQ=VB{iiaKk(^X~tJOuL>f&E@6DOG(-79B~io0eZjotZJ} zkA9l_yG(jzmW`Y~fjuj!I3BRVAqJmhxj|Lv>!sw>I3A%&gK>`E@aTIwB=(c+SpbOd zJLv(d^zPA5S?|%0)mN8s3e57>W>I}XT*?K?Upr&_4)`@d6zApEnftPzq$EK;DiF{R z4h$!p!$b4Pz$ncM1E%nh`AI8C&=WDE*!>0Hz6pK_b|yvzx-lj z#a5}aNO;Z&TdW3A@bTj#_d_6LC*+p(SB6Z|oQ3c##DoNY)5gZ_&6yK98+i1aL2o^Y zN@%?jIGYEnZa8UPN}9_F-kz|fvI)-q&fDDPot?X_jeFYeoS9cQ4CT@ zo&HJdhO_29{Q=(%vY~m~*r$gR4no)#-U=_Xyu1;I>Xp6}C4iPWWfsJM{YQlkie?(> zjgz&T?2ZfiG|3bED^4e|!Tn)C;v*+PM~^gkAfJz}f~4r9pMOwff!1BUGIiQ%vp_KC zl!M$E!rVa0ywaRD71)UwmDVV{lB#l+(^079kgug-3u)rNY#rbpoN%?)f7yC@!|pr^ z(7MCNC!&L-PGEjaI`ukfxFc*`=v1UPNd-#X-}I{ZH1nWaK>?*$U-9l_Vs;|jc0uRB z#O~qGFTaE+17elgMgkaq{OGiGsHNNNM03$F!Sp%@I!v83jyR_ichD#AzCQZ)yF)nM zFQ~?A@#7Qo?psGth({oiNZJM9W{9>)T2C%BhrCSSu3+TDl%58|GI%@!;Uc1Ve^wGn zt;6+T)1BE9Y9V^0y(bQ#!>)4D%zM2YWBQlDVVr`*@AMM{|Mj2$U+@H0HbMajUhO>z zy7(sz3x9VjedBsIEOF%#OeWH*@mQtO1^t_Ja*k+BSgxkvC%C)wK5+)|p2<9^qas)e zQ#d8j96Y%->S(WF!!pPQm|0bnmEiqGC24V?r)(7W_<*>6+F{jx)x@ zUqgS@U-PquaT;1LInKZ-fai|o6vk^9Z_Zasjwz~bWGKBcRo4#35XSs#bx{Aa4|~Nl z&EwGtG)PXS@nG+7*TF#|yr4kyyQ5^B0qK0q*Y)uT#q?EkFjnEN5X^*M1&3DG8>VY0 zYL$NO+fqJ@iRfo0oXb7pMRH98%desw1z0#iR`|_9BlyeN-&-%Lt9|`Ft*k@yVaX^f zL6g`|&l>bEp8baYrr2gI#uCDpBvb4h9 z>e@EyP`zpK*vbs^Uwg7H!7;COO+@29bq!F1h561fsn@hx_4ogjt~4@EGT9S8I_a|S zR$5rbz`RbZ?Dn8dopgDW_s?Ch8uq~VFD2g%&+iMXG82PVtx&UfzSbyNAZfHs?p7Y) znuT-=@_ybKIgxG6rbMqcv9x20A{7mmCvz=|^j?h~=unAzBpq%x*)QH?lcOvvJ$oFz z_^wFUV!An(cs1fU9YZb=V91rt3NVhRxGM=}uk#ib=8j5Y)oOF^l_Jda<}k^Rq^*(w zA%%LBgn-$Ga}}}GInANRUr|PLl%h4`6OsbrxG5_HPG;)NAvIK5dw|=h233TeFtLP7 zC4?q_k`CU?#y#S3qq*O`AVRK}kx)0X1a;9p4%5DZpo88bKwyRym)2YcITXH!V zbII^9#;||}90tgCuGX&wpqTFXV^w-DaV;%-y9k}6trC5fIxEq|oL>Z61>+Ux z8^(>M3o+h&u7phy&E1;SWiMDuN>+@$Y;T#9&zB8}39k-)yhQK7+E8j4#Dubx;4RQZ zSAwG&&Aes!9>+e+br3mq8qnuFJ}?PK@k4JX$v5b*)*XR`gq72yWfR^bbgR-P_C`xh z>inp@no=6-N9bmTojh_!o5({{!av_MgMEX=5CJP*9cunJw4s(xktoL{L~3W7^s9x< zAg%pf=aOI((YG|^e`_rf)lZmCJ#wJWUmaSafJuJ8j7OMaPWQ9=m=hZwQHB^xOsvfp z7s}fRN_KgmII_fbXfy3{HYmt*9hc(@FaK|SLK=>mE6Hs1oEJq+l zQqQHC^Vt?!mo~*kWX-rUCiip1-C!*ik2i?PHnc~%n2jixC&L6TnMX)_P96_ptmgq! z|6u*vKTNa12Xmi)Kt%fBoZ9v1&yP%Rj6mvV{qE!hzdJekQH7L0-g%1ooXOQj#=M3n zmZD-I)DwiAK>E=_%#;cD_AFus<*)q5D_ zRaXT_&OKy@a542zJVtGYUH!uYiPa#VRu9I|e3<}@{_NUbJvf`P+|P43Fov4*2%siYlRf&unTnZSKZFSg~ z!5O1_nd9oMqk7*SBA$@?MaPZv%BOX22l16`c?ecGo{Bn@^(gk|=sv&iX*SHy@H<#j z!4AE|Ol|!Lf3khkOT&Cc%1jF*Op;#CEhei?ZaI15;!)GUDkNl^_BCLVt2xs2Ty%du z^0cRqq%f<(ztrk@3!`pf$DUf0Qi7p1^_y&n**(Xx2uHzp1!^vbr{gksEDXvzn%aLV z(4);H1A`_*c7;K%Y{*^g$(Ig0I1ISrN|T3Y&z1@khS!4}`uYaH-J=V@p3(H@M7I*y zTi65?_wk{K*FFK#Y9eo$&PebwlL*q)vckbs_HlaB5w+B;noJXnQ#8sP7lcTd3Swk2 z`?BTiQ^2T!;)O3=pK*X0B9NpV&2obj#Dljxn`e(Ur0#H0I+g?AEoPW_9K$jas^hF9 zzS|6+|M=&}%Xrcq^BW zHCq&xjR~C3ouvFj3FEVE+$8$JyHziR{_2lT!%95>bwc#(0@$z|1NzP;6$nsnR6>4< zzcBK_+q1+7_h@NeurFo{ZLzA^WWeW%jUirvE;ja*wwNyTUNp5$PixiymXh)d)O2Fn z-8{=mCett891}5){>bLkKRUX9UsZv@XZ}3Nkfvd46^#J8_+uQ--`~DH49?(iVF7qP zd!7pmGues zYmwLw+l?PO7IBL6D$@|eQoJIrC`YwxBQ+^7_{^hBTdB;bm#JbIvu3dJ9uqlm6PyOC zSbt}gO2`(*Vb&Q-?C($TlqC5RD)xlbM;Zj>WoEQ@D7V4bUWs@tXO0JR0u*ls@;Tq%)9l7k~s`Khc8Jw*shX%vC1eTIz3F+Ya?7hKcwu*kwV9zva@Z66`*F zwJ#r41xde0r^0kWVO>}w;U(R>%&;J)swhn*`K)ST3z<2n+QVRr8=f@Da;9X-aGWM z*$l(PU>mbXj)IAi?Zu2dlo-?Cw^uB8^J7khf*hd3Z@6UdZIX{YW<&x2UK)0^!m5Ov z9Hf$Rq?3g4&!MLP;~$$H_Kc)jmpq)T_;^jn@1k49qUUb7ymqYlY1Ajz+ zd~(r_;L51L=5c#>j0H5|w|(y0+l)od9puoxM{v52m+|@Fr>9;QMm{FH5M}Hk3A91a zAdH`}Ac0t%O?z?we8W)hw6yiUxt7!rbrGd9Lcyy;vpsLJQZrWLEdr9Sx)pe%e)npF zy2BSkjPaa0k)Ty2`pC|r%AFaTm6TmZ_0mtOp|(DYW``VM0k6u^hRkDY_JxUOsGTeY z65+qG-K3^*t*VG*5Kl#Pn5P+`dLIS1fQhSB;v#S6-51i_5%ZjD&-!5=Ce4#3E*gab z$79pgnUi8Q(UT%ECs+wG9iG8%Svkz)iEx06{o(z2W;r=bxHm10EVTvm%H5u;d&Ona zg9&1!@^>Tx4Jygxk#SqH>b*$kwW{}SJpxK4AvJ4P>ggq$5*Dc&gH*SDgq&DPUguT) z^O~ko65!JbIZ`={4)iK2e7GR(q}70xPnp+8p}bQ+0H1 zxN6Lvbi&AY0v(=U=B&No`!u-}1p=bIHWrTV1UQv+a)Lm5CTnOJ#Xxtj#@Vc>`KLIv zYVJT$FD}yl0@oH>Q^zF02wrCc%y92H^QAKNVJ=Dst@wNRxraD3t#z?$RFO$5N) zXRnv>?XD=qYwpK-G99OGd}*D)4Gl%_ZCp()V(+@M2|`}ukUebNhfn5w5L{H7YUkRO`@hf$ru#c&NcLF0VZ2AVvR!PE2XLpsEsQ2 zie{u~3g&cc>)PqQ7C!y*1_0V_HJgy_#dtX(PX{c7qa`^O4~pZY{EO{^DDez^%FdE_ zFv2sT-ecXG@;n)IMT_S89xDFzu9}iE+ICgFJ(7XbpW-i%r3v@rWU&&p&I@NVJkQA* z25CE7BK3#jMSV@Fn`#+Z(1)`K&C;(hmXihTkdG?b&y)ixicw3N7+d1JK5PMICzFcJ z{^788!x}CW!DA_uqw(eCbhN$%he3A+q!QrEOLw@K^|)}KWDuhxBd1Lg-T`3;X+XIL&x_Ww+jOsn2(rt#dxT{< zAK7P{<|4YghwQUW+udjIklitZ-N2h~s_BH6aFH3My&U9&(B)#tJ*FMCpGTcA9!*oy z6Y_R5=|>4uQDZ`7=%Of zEBofbHFEkF`?_y_ZPADPf2#W{Z+K;cRX=|U<@nQF11Fk1i(|b_{9qBWv5C5f?5^Nh zo6`uk1m0?5VMI`8YGw;6C`#DWbe5=(JS($)22|ng!J$0Wa_O^)+r4{HxT_dc*4|%X z_p6IIZ}qVlc;oj1TsGDlZ;t+{qETx5k43A5&ly#}r^$$o!Kp!xcxp8uHPn*N{FEy- z5Mjs5E2^F&yi^qt-HF<3bkWLr)wxZ>6!6J0IEhBIhK=|$ri7>4ThE+l%!)hBSA6km zk+ZKrS0U36e!dTWzQ3lQFWp2Hi>`0aRikXjG0Kujwxg!psv)<@jO!S2iKmqm^o+Y2 z@x|4Pr>Q8XO*x@y+EBPjbMB9d11H55fBDALfam3wBT%mi82T+ z84aINN0J;_61uY=$E4-k|HttfRLIQ3Nhkbj&pVTS{Q}+$zL0xbTDE58|R#%ZH~?o`&x-reXKRwd8Vw0 zDH0fU18IWOy!YF_pHrKHgMUl0pgz8gcf$p z4VUd!FTN!@)~1dwZ!P#rKNAX%Im9>W-M22in)uT=#2_ zM$qYAia<1N$Loc3V$LDnVBu{!CdP;gCy(F7;m;>O{(0SPvzTca*DcBSGhDd?F$n-(Ropkwg`BhMK!csCtp7XyqQp-C_?gX+TLkH@^Z zjedVJj&n91*2G;Cy;L4n#a)%f%<=>M{O?Xb^M}(Qr{Nk+jT81}%TACywoGAAU+FTZ zL)E+3lwKHJ3JbI$PPSLUtHS~nE~1h?&1RE9AU;_%C~Gxb6-#?FYHzor?WohKJ=v-~ z*|v~!s7~VqBQp?tKeFGinC+~^i$X^ve7MuP%xjNtBv#l7!4mgL>P!2E^{EU?-@8gqr`LZDh0)!w zivK36`#I#f4^w_IDI$uvPEyJ}MtY)*sVuzXT9eeQNp03Zlb*MCwrV8FJZz#!=g$hP zDf#eXQbXo@HAY|9h>BG>1| z`PIPIKDJ-&%=v2P;jld%w%_hyb56oy736=5?UI=;ttR-b?%Es@Nk!p>2F|H2?+bAF z!EZ=fLzs<+pf9`Ot9umJI$KYl*H|O-@ET!_mYE^8e!eU^h`+4K2ZIyROfkJHN?E9Z zUy@>oQ)emhjwezz&zA7B;g^2=0Qrx4NgX!SqqDI2c?SeT*dL_;dWbTKt_luPyKUA8 zok74tDaE)2tObi4G4v}(z8PWoADVsjWk1F|UE*bJ=WB9RRe_WTvH2dJ-KqzApuLtE3LhwN&_&{hsF`?yH z4k5CK8q;z;fi-!^ehb94nHFx>8F2gbdVLA6%&$xZ7m`8VgWnVhd>|}$CoI3}lCoaZs(L0CM%LJv82-B+X;Y1?nfFC|3%^*g*+nRoAO_Ors4k+*+90IF zjZzyr-1y5&Xg1cJMN%PoEl5_Tugv45xIPcf-@l!}wd zX>szH(rErFWML&?aIb?3$q4S8{yhe*io;kGUAnp%1 zx$q;ek4KzJLz3=PG81UvtMR-mv>b32;jDZHtk`KuLkK!u^7XJsYrkJ5S`H)ZhC)0GAz!TN+X_yW z%oHGT3?v%*#7VF;bQ`m5Ob7TYCR08*dO;b20e$mw#^I0OYIei=;7)phzhXs{t>;t` zg<(Iy+(rhZa#S4J#1i#HLD#05DE?y>=gDju4$(R?n@p0CwB~v&?Pw?J$P+Ec!hg-J zMan~&v^l1R=>7l@xFE$=(mTUC;>Bz_)$}1w@*O(MHa#_G;(|lokm4tR)!9^SfoAY^ zD&3|N$@R{Q&E+8&93~kQvNev+#U(X`eT=V~tYCoWRBwRtUP<@r$7<7UP@m{V^=bF6?q$69cOB4Fz8}?#=63W7HgLSN&{qc z0^d&9sTuGXNGc{Se~i^Ry&91Tma8e&c?}XRk3)$*k>?3b*HQ3q65Kp1B;L@e&_i0H z?9$YRVD&?cS)oXmiNz^WQYOIwgz$`zxhy) zLnpF1F8l*=&5@`c3Vuc@KDAKM)KB&~k$jl$F4BAv@8BjgUFeByO#UhFFp+dqBE4Fg zcz#^V)Lc&oyka!Y!~oEi7X56>EI#qa%!H^yy6OCyk^>sk96aW1G?+VRos${bgf%m% zhmyQU8+Ljjae%|r&Eb-5ViW!ErDV%iGIj3QAlEXQH zoHnzSDhb1C$gsa+l*INHtM(XY>@LwtP+0_Lhcro1-0vgL(pc;Uj-{;i-BK9a=fWd| zGOEclD$n=%aidhMnOIim7l1u%xPb4w4(zqbq;8Z-sv(gSrUddHzD01hHYHtwm#~-9 z3n45p-`W~@)wGvR2d+g{Ly6D9Ty65KwKfI`G!1c7-O9qw!pY=IS&uBTc_lVq9r~-( zv`Do&nx?+e&1<>(_%2DgD6KTF?}kmuwGp`E+F=_qck#S_PqlD))}q8A=2Hc$24Z3e z2%o|OsuytN$Egc8mY7tF4n!ZQAYA5C?tO6@Mmqq0G@DjOaBW651#3Jo*;ma8=d5GY zmz6Ia2GdD(xl|9;8&SI9!U?g-y>0GOVp_1k1>rGy@yyS-z1CdC>=rf5)|zXW(Ezyg z+#jX^>>+PMN(~Ukvz%Q7v6c~r2YUT~|X#RD1)AC|VaEA+vi?LkP zP*{xexEk@$FXl#8Bq}!3bVJ;|UJU_NuT@j4RD(#}RHp`?*Q(Uu!+AAo)|M--)Sx81 z)BGC>E78;+iYhHpRH-q2sVRH2yR);!(Nu2Q(#q3%IUOhUDYsowg-(@WVKtQQn4^ZFBd240^W zQKMIjr}0xd9;bsVF-5x4($|wS1c7b(p0>HxgAmfp!jt*EgN<0vt(K z*UX^45fxAt?}v(`WtAKVykA~!`Ot*i>da(Oee^~`sWuWB}yiZjclo(Ue$*YL(7LWT)ey(P||9BxW#EeZ-OQ8Va>m zPRC)AOR0~F#=t38)l>rInv*f50?u3z^)sCkucKQcoL!9@pa&Bi$Y)cIWt<_8#gwJPk_~J|Pt>N0$1Nlp8)bcP5+B!Qg_g6{p zy1ldY{F&jcvcU@j{Fem$+`}|ZC;Li*xjG8EHN5|B65FT5D3~f)jKWkfV3HMD>}7r^_?x(70?f*wkCK( zbf>?JuiOG(<|N1ES>dv}QqqehO^=>nOHZ?OU9B(A2Kbo@e)%(AT<>e)>ZEtuWOqAn zQL@e7+J>5KPWhgt%C^nlW9TfKB(%L+8GLMfJM1u6`6U9e6{}b!r|J8ZW$t%8A%NyYY)HtQim$SP8f}Xj~_#5@+axw&1?*J z0X&T6e)odV9h!J21m$_^PmL)}P}z+*i!YL(8~Vd`wJW$*lZjKEF_{d^(c)oT8;Jm9 zJ69fS0Vt+B{@53Z?u8^D+l&b6KBnGe)rio_ft&~KZ4W0FF>{XLs#}JenQRsCn{i5x zQ4}0F<$TI)m{39_)~v&9Oa?)pAn?%D6VZ4k=3x9H*edw07~e2%G+l`A=5zUFs%U1( zKviz>D(z)ctFKT?9I~7ymBy5GcDLd;jk=ioXrU&;loFR`D|2H_$lEFz9K_SOmyQ5l z>r3%#8#w119yQ&>-`~DHlt0`Psg`LUCkYk1rqWB7QHC!KyyZFAK1I`AFor{@Hc=kR zITyBAOvCl*hFg2dPBnJb%aAgET$GefMQphzYx;|Bl%UbY&me+FTQ zu@2;4UkrK?NS`4L*FO&ja)Q6;oCTiuw=I|$kFd7tRWLw~+??FEB&WE$Ev}^)7pv=N zuQAkMAHL#JR0sCteU4=_PPTn_T)qbMRrUDe0xH$+CFNz3P^G?ttb`X5Vs7Opp_%yX zRa1oA!oCtT@G;lx^=F?q_W2Fz*S^6NPw2|8M(~;<*y!PcQI<`6asPY+4j^-eX$iY3 z9=W{~t@Fbe?GkEF4_+O5AdT#p)tGjUy~k*W2^RswKfQ1ia(H$M=EBtJCd1}Z4bdM}k#s6)Ysr1g(bEh-wb1D^KC1qQWAYMcMj~ zS(2l=3UR5mhG!?FDTIhQ-e!5zuPzQ*-2C#;J`-?VzzS8V_bTbqy+t;-PSk!@i&inq zvYday%~-DGJQOU$Tk}#NYFlws5b3tbS3zFY+!f^cJdXvYI*z`Ft}sTmctqhADjJ!1 zh0j8e9FRuSJ2!!!Af%9p2 zKAe|WGcupBB@9KHlIo?W7~?65VvfR!>(HvFrnAntJXXh+&nBeMBS_J*%fmPttK!-j zid#Mps7gIGQV&()Zn@U4fza1a_ufh*YsW?wDr!9ljM`Gkqy_>%YnIk_PexK zJIuXCY<+Q8FNGLa1G%JMK1#+KKVCnon%|&nb2Bl68gsm}k^CJ`JySJQ4DzC*rz5OW zD1u&G5JeZ?S3Q9k7!z1!*M=bgbl_-gxI8k)ROs)%6JGC=5VJ-)kvHk+yCNz64g-GA z?zfeDsftz&xWOu@W`z6Yqro?%5|xX09#ob|MxKLJsX}aQUv{x`Kc#?2E}1uS75V&J z795#oAcCu+unnoJRm2MaQP@$=+=J6_>x+D(MgFTuwd%<{*CBeYJG2Ye;kVr;2C=Jfhc%WOD|-4&5B*uyEj_Ldb1!=R>FWA_WsTA;c)G=dZu z&DNl|E6}%8JHhDt5r)239cg-%43ut1He5cPoMv8M9HD>1&g#+o!aI}Gi7MvuWSCNA z7INeR`9I^NdQ?iss>b-WIT=8ePG=*f$nVocJgM@8HXK!PzVPq33GTTrNt#@brT72( z&;MN@=Eam2DtOJt?bEDL(sg` z#1NVbM(hGlrH*e-hWxFGA}Fz&6AwgA+pr4Lm~&LuLouh0p23`G>D5uak1CXn@_aWi z=q3la^Uk>t0KhU0O?)V-5j8a#@pz^%0qHN%)b6VoEVgH^>LnW_o~}gQZ1`>lLVjAV z!rsLbK?Q#-aU*?#PE1Mu1Q&_?ccej3US>u!PU$W()z_HO1K3IUB^b`)9Hy9%%f7nI zdY}nNXMk7>K!UHIXn5+a0BRa@)lc*^t!;-IeZ(hrH6-3F_}PT_$>;YM{%j3+4OTGhtbJHZSD)amSpItlA>8v=bFng^R zLgK!zCBJ2&j3|j0i!Zgwu*??*ryv6X38}*K!gN*T&K9Nuaab}h9Y{4Hh?CI6<^aJT z&HG^ze^e8L*e{>%)INkq;|2{S@HpiAMY?}l3^bslCr=r;Y{sWU0&8$9TIz^4_LVvo zMAsGIA{))n=o+Wvw+Rq^3>3Dfy|4~%yb98bla*@7v2Si8t_}DaZHa((t9Z_6&%Xr% zy!xZtva*YY!uXqF36GACnO(k49XOk0C7b1rU5gLI%aUA^3%By1<5BIpcd>J^pWrl7 zKV|>1j)^9vY8*i&L#j=T+Pj*Ui7^WPHS1MBBvT!QFyL1xFPKqvHmS7~W^hUMQ-4MS z7iWwkU4tP;z6h`#}O(G*jdYf2e3Gjh8N3Uqo; zDW?<_nu>xqNM4A=Vp)?MaD>pnH&+^=$_g2{Imre6N{2=r0nqhxn}gPO91C92VDSJb zoJvp^X>#c^(B$re3?*|X$%Nok#t$e(F@j;1vM|p8IRmiWnAV1&^kc*L zGOD6zT4GSHXl$r(CUcvoDdk%uA&@F7Y}i0FawRZmMUf-XlW|c-Pd1DXwyRo`AYd#a z%K3&UuPRjlHIC^v%8gc1t=0e>>Y@H&lP9?_d7M}C+4XL*pR(QwJ5f>6HL6ys6v1(I zE(U^-71oN405*6zs22nc)P+iVa69P7C#U2(72KxSr|AVAOFy?P_^CYsC#V43q3Wly zv$XB?b+c~s)L9SFovyzXpHj^^Csc6xWP_1J1P&Rtg@Ce}!U&EZ|c&?L!}?qqyurlyN1ExR$f8O7(s&aoe>`3nV7vtUj> zUu(!=V&rPqgdr1;(%4V8iqmzn?eWYbPkk{XO{ES>ZZ*90c;{TCu=H>#O@Ni4BtxpV zxnL((xtHv!ZUp2#pA4@e^Bpoo(jFJ!5v{0fv&b)etEH8Us?6g%eH4R*No5WEC=z6L29w`tlYn5klX+hJve;Q&ihYDDs>XQ(I z<*0zS3JTFDpa%YlsN`~)A9rdu{lsS5(iV%OOzSM%v7fIqILk%@GTw!3%Qb=XamjW? zDgPyf!E8kyjS%qdDPk}y*wi!u88a&xdx#I4r32DEaz!!tqXU1K9zLOV*i!^Hr7ZO` zlpc(3$=5(62zlHWz!Pqm#A^;@sr-veJ~Z$>)lMzUo8b{9@<^ zkrathS=3zaC47^ZbLlggT%>t6!R7NeRv2?Ky8%z0r?kSO4LtdHq{R&%r$zZSCRiB? z_Z*X<12dW@oUaQ{Bqa@;kS~Lr(^`zBJBH-Szh;bH+&{mR5_WX3nV8HO=aX9_ILT7g zwVaL$q%_7C71fewdmM{#$q4NhPKETWRFK&~*^GAz1;QvQ>>dZUd$6yr` zqKHKySmi*!6QPeM?2(dRtp-u>@gua1*!RtG_^bK;;dG>goy86Kdhf=cV+FjAAD#MI zRBXnXoLONfRcK&-c%^CPpKy$2W4{I@N@DrpBuT2-6g3)3M~o zz_h;<8IxKihkUUYR1moVWU96GB6Z7&HK4t}0wz*t@7lHH0~0zq4ERTI7R_0E!S>d( zhG~EAZ19ceE_mSv61{>}OOmeCYdV*F4Tyz9&&i6LT<{oZx)cm3HiAJ4>|CBC>o^UK zjnZ9}R3s*3sp7ZfgHlUXtCeolEoDxm{#2R*1+hnrE`LW;pF9misVUY($26pD`(S7X1oNzIE_HKgc8M|QUjE5qwC zr~IO2h|DBHNr#|V;0%@r6XVuf8CG26mm78JkLM;s_D03L32ur#PN@K^b)HPzveT7} zUDRDs-=5~240bq^;KoG1i(X3IE_-SX9yE1slb~&F7EZU6ABK{EQoTsBXprXFaSg9@ zHD#VdTU7d*pEa$iFHeJKd%8vXv!>o{?hEZ(`ahHjV+RNOWQ*|{xPJuwxVjycUf6)@ z=T=~n#m)gziZt@8B5=@@X=f6nm0T{p(`y+wc|O0YiInmnXFbOG4(t3c`0&{`38LkO|U*N z!l95rawfzzJcY8a)f1mE|(!ZM> z{u_U`wzhYI_SVy#&E3xSZhI@(?6jYDI)4Z@?_+}3{mf8K2T%stWRfQFARZTu?V#D| z>4JWEE`j;?ck(kx$bvWNW9H!%WeT`FE9zuI%i_AK=6V20NVj?ssay3h%Z8%_(-RVv zg6}UhU0Nr47PYrmnzT}w1qtnbIr~aC4e2yD!ETYzLyVV6Mq`1+9kU&^+fm1iIb>J; zIYY?X>wDdacB96L03J=}PvMrUwjFJnvGm+xJOXOuDkG7LW2+TK_+Pbct3Hv<2o~s} z^M}qKI)CW=lXN~vF*ElbrX%a@?Cw3^jGyhq&*PoV=UdNr`n|Xf(notIPWsPIcTd|p z?VYE|VDK~^?6#BB3)BS$*J8=l?YDe`<~_T5rC6`|>y{-{urQs?lU?W4*FGoQb zTEW;eY!gH2@JG-~|2#5{*}xsJ`Wd9(5VKjaGsYJL;gNV|2#l*ME8nL;kCv5(E5l3S zn4-*QeRkACm)`8s>dAutVdKvIQeEg~;&?Eq8+~EC*b>K|_SfFs>wgxWf7gMtb^9^! z-0$qnKmT}M;Qa4`(D!tEcN5Nk2mbg&uycRYod5Gre*PEkze-}o9X9_Dx7z=$-OY#n z{~SLH_rHmh-eQcK@BjAJPWxg1KgZ9){TDsR-A?~)_P_nKv;DCDpW|oY{x`h5%^0^h z|Lv{L!~TDcpN0ERks7E37D*uN=Y!}f9*=G|#x?R^dv|lYBLD4lHg_N7zt8cr_RB9J zdR`C9;PD7#zQ?01JD*KK{OZO12%WeADSjq9VRZhCVvH`@tHG+&@;;)J!>jn;`g*V# zgdabyV3Ef#_|s`N15s)3i(ruUOXmeT6v)d}i*+EnUJK?wugrcDbDi9w;ZVk$4|L~Pmw<(;KfG1~hfqBzp#K&cJ zTv8NCv@Y%bSOLmwf`Ktke+j&w_ZLI;r<0A~Ps#ff%YFkYNuM4>kCXo}O=xN!B${$8 zSUu9;4vt<(Q3Len#X6OT90n#-jw?vi=pqt7c3rW>2C2OXUZa;09fxb@=>G9*p8tjP z|KuzgVUDJ#oZgV+dq0cme;c^{c7^_TcDLIP^#61GtOZAm0V{}+?BlZ_4h7Lw&YcF6 z3`bcn9!34QEJsPiUrN=mBl*sJHU$JLPlMHeDO#(y>OhZ-`#T&hj9tNS*_W!Y@MfcG z49dy)vg{8c$-cZ(7tMdldZ_zvq(F6$u@O8C*?*SDRHlb)0ev%osf>OH zl)Go(Ok&>KV#Phf!y%IMU|DO*i+~`uo&*=^c#oJtv>9Wfp)W8G0*2u21y5Sk5wrrT zjaC(tS4|uunVmABTE*=2G<~nRdc5Qk8^+fk6C4+_UYW-ra{wzrj-!|fJ}JszcPof5 z;&eoLZDe@6j`K}ab{#d-vuiQag~gWNa>no^_<*eLq#x{T(y!_Gn4k|d1W=WIe~h%vJH6-Cl)ny7qv76jb4ywQSdO@g5J>Ql#pCMfKfP00Yw%ETTclH zKosB?xD+w3Dh5*6Xp!BmaBJs_&Th1_B*x&}C-Y99zBGuUZRR#mOzP||z$87cBzV*G zQSM$ASsggd4s$QQ-POSAJ-so2mI)011w?DVHy(GXJ{wp;k1ZtH@|CP-g?y+vV_7nw z?HhL2nU1zv4IWDg>Fbe11m`M2m>JRzUliUKjBWv52pjpS+xR{y*jte&ju;r;*Fd-L|T zjU;h+|IVjCIG)FnLrFYDDb_^!J&tToyyHV_$(!9Lo0kKTAc-*vaBxUgV&}8JRehlw zXq*HoN(Oev5y?h(byanBb#)!g7z3*zzIvp^t)0W)nV%Ha?y*NaP^2Jyv~>%6BcPrX z@#=^sg-#vcupNZF`Y0|s{vBc#AZP_AP&*(Q5tL>;m{)2Ulc+T142@kOzrw!uzvg1D zZD6PvN+Y62LNv|M2&2Dw;9Xg1!n%1zdr8&Vq7L5a-`r;#DZY!r8h`~Z{qt6V zMzXU{Hzq`4plZb`9c#j;7r87q1;wrGup1pr`6 zUVTxOH=@gfaJ{lIMHO@VEpe)1j(>FGF_MYj6&;o0XD_#v2B|TnmCi+KokZAO8)i53 z6!iaD$pxf>|JR_`_37x% zk@tmqin*l2`*JNhQfsbYFG*P7#T=!ApSSkmz++=rW?&p56uiKUuLQLxih!;PAnl{r zfsM9BvUAySVlZ>Rg!79ez%&$|y}yTpL`T~EL%U3$T@{`v$<8;1NP$x<>mAR#CFu*9 zYCY$Ao-c;K80C-AkDK$lbRI1Q2FoVHUgOzf3W1=$S``41LWaK?<&-g!C-Nfwd^Q}m z0FG7#E|xKfzn@4XR0v-woyB0I$$v<0N6C13pgm>9cu^`33cd0CL9P6wCWnx|!LkUW zahwB{_~C?DOO|u=(J4rvWamOq9qm$y8MChxg4s(#>&4+L3Zkb4F5U8T*E{gtKGpO; zzmx))=l^+pl+gc<`i=kRMxM(0Uuv4kxcVm)z1OxMd}9N5kp(UM4oh}Tsw)-IE>VbR zHB2T8g_enr&@_b|CHlUS^7ts~W3FguWp%Vim6gaxk@)*Qf+pHH<2kns)qI}#IlVV& z=Zi`qDhip@ulQEeAqR~o)`|v-Qf(oT;=iY;1_?D(L)b_|m0(Q1sE1V=Q&!HUp8V_% z5K1|7XVjaL&r|MEX`TsIk^Qcu{9jrgt1eJt2gp7DANOPO|G3+2;=ecYta|=Gx4id^ zA$Vi%hd}N7C#OY}US4M%`8kMO8Q387{gkc}fZ*#!#ulWtFciKkj>+S_#KKtFm(oI>0b}No zJ@!Z}N7*r$wTO0*Jq6{9MBM_x{Ey0;h7>emy=Z{4wlxsY4xTMqkLM;!iJ zavWtYd_KA^mWkKptjx*wQY8(I4x=o>gpJUUzFJ9+i2i(50l>F{{U|>g#+zZ;p+thU z8buevD9#yz~EIFBbpP@Amu0jsCZZr?UPRlarYx z4O2}5v;t_&cRqXOf|MtjuB?fr+b>gRANj&-D!3AnlcFuuHi&w2r0gKIU1dcmu70P* z2_8*L@!#AVNwOv97NHa`em1U-4lQRC_bGfxQoZ<7RQ@mh&~SfJLAm>GGn-`VT5bdbP% z#KJ(znPIy3$4hr^k8U6T7P&4a+gP6h%OS}FcssrWiSQoU)tJ{;BfY{5AOA)(hh9Mg ze13f#`WE?;zbV`Y_EvKY`FcgZ@)VW-w8$9Ulgp-n$&vquy?!U2|K<3o$^X8QN2`{f z@p6C~0W2*sZ9Tw;;BJ+!_b2Rs#kF~@{V%Sg3tWqWp(n=YJ%WrI*ZXLBL+BC2r*HYp zJQD^ktv-s1nKzufQ$v0Z#@6+LAB?g1?TzUo5Qu<@*5#70`!3yauWd|pZwCNjh_K4yTQ7N+eO zkAHm>Ks%V@$ebH^JwS5N{$@P#tOaQDLs0xZ{GNRz6{R0x1{jPA-Fbwd3_WXNd6u{P z_;0+v3t?bBi6M@F$f8fT^Eagx=se?C6KwT;tQl5NNj4j(jjqB8fP&$+@*`D~Wq=_; zhNSpd7OlwN1}V?&pLS1rSd+>h{_Z-~>Ef3B_oUnDEPw=9_WRm8?P9s)Peb4S9scf2 z1v*&0XF+6A^Tu+bp|Q?uRPYvS`uKjtcLaX%>-2Yfsm#v#oATRmVLQXQzszgXA9?mNP`>`OC;dQP9bu(yxdkj= z@`Kcn6vRFF*V3A@Kc^rb=wC}`8iNfebDK8ZvF(%Sb9h>BE?&Jbe(mlZ{q}$REeU6w zg@WM>xD810GZqSagyq7dR=5aAsPchCDurjncZ~jj(>EKEEN}2#54Np7x?+#>TJ}3# z_+M@_th6*(q_w)bU1E`QgDy+@9ZSm~zXEHT<3T+Cvv*E5oij4cN1$~EurL>_6Dk$* z`XKM_u|yL_YZ+bv2ejn35^z&^4Jy-44i1PMLb9AZ?L6%q{7o+X=7(3qi9LrC593wB zQnO&8OipU$IwMOhB`yCPefJpH%Q$~_`SbAn{fn2c{>L~qTCKl5)_xCc^;m%l(`9ji zh&@}x+vQJV|H=RD@BF`$fBBzbHGKZpa{3v0{WEa+XW;M8_Q?GVdiv+-@1OnaDgN*G z&x_^ZXLmY<|6PB+v91=ok9HMCG%$AG_V_Ag&r_9aqRR^Y*B7>T+_hfxwLC@jfA|4t zSZM}xThY(0c>mGd<6`+od&W*w- zb_GYWZYzGJlG+jvCEQFSzYy7Il$IM?AJU6x$sJnQtp>NS3m^7z=`suVMsic!epA(30I5AyFv~# z)_!7Zlp*A6m~u961>74pm=_fsL4v(g!@C;=lRhQ&KblDR!X8^Avv3q}p8nSx#Or?^ z4|+}f??#@=`d>ge;nf{!fpqi?B~S%V7EK%02vtCG^}-w#t-M~Qj=zF-mflej9j)X= z9UW|M3UAz)w_C4~skkYqmuX+BLpxJDF0G@bzWy*ZHA$3wC5l?v85iNQ653kw#YShl zv!|r~w~qL)!(O8P=W(~!*#9>2tRem@{eZTSV6lA5pah0$BV=G^hMOg(l2F^$8EuwW zhN~F69x2ggg@Vmg{S$W=9x=3%C6j7(MXZ^0NM#ewQJMK0VoPhH;i^Z&DJw)$ba^Wg z`=)JJAnYw|s8WG<>93Xyyc5bc*Vu&m8yf?^7l%T@4g30r&t2lqq9|&r9;xV(97aW- zRD0EEmlWPy4HKUfEt4Q4rfJr-Kr~}y7!qYF?Zp|z_2Sq7m6FCq(2U|KKk7Fl+I28b zP~BJ2v$qZ=(6fFah$$lZq;)K+>t>mNHU^C>XG;yDkC{vh)NB;~yLt-8e?%HkX%~QO z{U2+6CGP(R$Bq4WBTxGIUJ@}SvN=YfX-y`_?Q$*VdJPG(1M)FENFjHAmK`}BW5;@V zA+q`8nLBek&?IZa-6t)RcVY|NTbV)VQoHnW>XIr9 zB5@U_fL)os^=iQ@T|_LFT5=J2t56nGG6-5nTpuO$EgkP#LzTQf0&^M}VvA33-=CTE zJ@}*4fa1mU>{W%pz~jHCBs4P&^}BM65bJMcK8QZPkbA}ze>S&FmewSr6|CNtRy0-` zv&eA866j`*kw~CX2ySNJ%0g6HlL}Z$>neAkLiow(y&7^jV}9`FDwo3-Eb;8J41;4o z`w=t@Z7Ejaxa(&zKQ9$R=0eXC(BiuKl;2Tjx41ZrZ(iztqd+48Q&m0PFRyT%WF{OI z>3k~fH&X|6b5ZGnXE9`yNc**@$j<1z3b2^^NKMcve^X9iD}817B`mR0;<#vfaMD5&@h%50reSy7C;<#R8&`Lq*r8n5BAuImbcwsxw z&R-SmMSZChYxpD2Tw1S`H0kPh1z|{bR7vW>yCFGesURi4FNzv%ht+mVUN`fL8fRZ> z`9!^BtR2q+rU;7bl%l=JxKeUv?DY%#cPj<~epMC<(v3d%OJSI9%sFOIz@3SmW(-69 zt{_y&jw%s9e(00FD2g7bi#VCefBTn-|spNyrE ztVmYKkdWN{m6~Sda#5-2@YRh~|65twX#0<2rG)OS@A0iY|KMBx&(?gwF66W4fEENz zMU-OIOq46-lo5p6%r*!)YGaE995C9bjMnbOnzT(s+xXR;KXEa zX)Vi)~x}vh?Nlvdh#+ zW=gRiH{FTh zPpN}aS4;f8JnUQlt}yY|%=E^>qcZkuq>ubNv^{J5Jj7f4i_y#)hgdG_6|w8FuU~uu z8BPxQ;&wG~m+su1-u}b7EnHVm0pK#~K)yO8SLLc8p^rwKNJ1qVOLdzQU$5wIAj`{Y z#PHookVlLq$wyUz8aI|bodqXGx6_d>o5upzmbZ|Rwl3mjkS~LP*(9u+h}G{C19y(q z=_8*E>5Fp0PVT9w;AJUQ$rb52Oz}dttHi(6fs@w3>XKh7(M2q)Qlf8cy;F21;TE+U z8y(v=J007$I<{@wcG59BwrzE6+qS>&Wbb{>IRC|eR~J=d)J?s$)|$_nldGulp3F25 zcfL*8xMu9m)}W#hjVr!sF~B^b#yJf=wgOzbo~xF-SSS0^crP`3>qO$h&6QD7>YedG zY@wJVE`ha&s-5I#r3ZntSqXFFaTQ0o^K{js>Go!-8=V~CLt|!(v1j7XRA0a;|bITqQV_{fi)&dAG7{04q}`+))9YE*>}93Z9m+AxnZ4*112OPh-}yBL;Kr zmS@{;xc74bzQiq|x;gCn0$vxm5=h~WYGBk;D%`p*kI~MY$|`V&K%?R-T0#EPzIG#e z#UH;fd<5u^rf~GCUyd8gyt|_P@oU*Ow4+xEd69c<@l)4-O5e(0DCvo*Y03X*?=RN? znv{Sn8C#m&Rb)pWJxoRz`uO8NeUZ!7-iDJ$z(OXPpr6(AaD#U!)i^TY)4o`yRTZ<0m0nuOipcw$}qx1vZ35#x4m@(%cO1@uu zc&G_-DyZbL-E;*aK@Oy-?&-t<`Gv^E6IwaxqaMzJ4=)GXLt$EQw(<{c8pxbGuP%BQ z*-RPHbgPbpN#RjAVe|fK^l(OE9G5zTsdW-}{ggc~#H z0zs?ko}9~%1+tv9vN@v$^~?>ZAO1>TwN_UOK2DFl*Gk_ViLHar>Y@L}n94Mus2qr+ zg3LDQNl6#DT*GT85(l03Q<^bK>N!jO0*`_<{8E5;_bV9kXQa=dwSH2bARq~7gpT=k z0JTNa^A_#M)#z(%=?VWwJl23jL9qk`3cQcasLyCD3*Npzd}DOh={!?ILvR7Mi8wJH zFy7z4h-9{h!BQ|TzH>T5m;c#6AUZ%0v!&D)ur}|dwM=D1c8i?w=-q=6GWoSJ%&U&p zwDitkdXI{mrfC-GV>TZPuyB+?c?(e!fh^277F4OUZTcbesvks-O&|D0{S%);oOCoh zjGO*_k(ML>fcs|cgJ`>#(w56~{4$l$Zv!b=O6g6(!>hJ)hmV(<4{GA8pI8lm<_UWb zJZ)Ry;paUM_!PK&5&|GEGw%#Nq)q}+Uj$}sci_|8j{V_A`vyXv0=mBZnIm?9_%HE) z-godkX?K99*rdZIqB7#6POEuTJN{#(#pmk~y}ILVJSz!c!PT{L-trZ4N$q1h#kn5v zPeZ?IPE}yr{wWaQvq5Fv>(Z>UcbCt;g@U0Qos2zk=6_d=EBsFtr{>uFAm>xhM{w5;KlLpGJ==sB=BM?R zX7Y;48|Q3LIM3Q#>?P(>k@9N@W{kKsnxV<_lHnlU5I7#%OMkN!VDnj)R7v zl^#Xh{7w7O-V|M!d#{>(l`5B%D-E52HLNepq~r~byh99vM4T;Sw5dC(Y1^EOJK9bv zg|$#cFJM#Xy5(kkh-tPYcSBiij_pB9^`mEPc(0X%6VtFzsHWNP?qc{I;OnGxPw(sD z8_*4UwEkhou$BvGd#tqv6nQ~oo{V3N-pn$BI*f$v#PNB-I^dgx2WK|YPO|oyx|cZ428Gb~uED!Z9y#{8-p+pT(~B^3 z3LjD!7Kcu8JdKe%y&gd_JEg1-C&1ZB{GoqI9VCfcFUQ>uxA$`rI}=H7LT7{7nunP( zzb>vi^2ops6B?ic#RirkX?M^r(@wevdxqe)YhJ6LERdJz=y+gSP%^YNJt{AHN%utK zOYh{*f4l>70?|5StKb8g|22sVxvc3UqLL96Z~QXS&eDC?_@FT-(?-iY=ybbdGSt{^ z$#knB>jp^cC=-1hV$#paE7#BN^&<4$3!P>Ig5zJ(9Qw0N&q=^cZ=Yh27hb~>h=k7v z%?c6k{E{U~;LE#7Mw&f281nce?DRd}fzl{A?esN{zQ4EIOyAm7Qr z`K~I*m`@(D*@Ln_$iA+T?H!K{!_RBHYwkI5wMG=p@j4x%$n69iQcltE^X;j~3VEM- zX*_3WCWC@NMEy&>T>7Y5`VN-L#a05#34J>o;>1OG2YNHTSH)M^{_n;kGOVsNuQ7bf5A9JSRf* ziUqDv=H5RGP=qTMunAp%`JZsw0WXlUK7g^jPdh*=)F9j2V}UfBs`e-Snd;u4V{QA- zpP3sKdQX);uWI`D=DZmD{xtz%7ESavNE6*aftXQ$qL(?RGqD3)b7J(RUH+{o85rLsuP7>Y4X?*D(`#8@&bo3-v|`_kGx;V7V#6aqO$l;oDtH ze5$^iV9~Lct!-b82i;bdyKIL9diV)mYsN%IYhZiGv9;#JQ|*|D58U*RibY6qBbhDx z)I$?^gJ|t)VS-rkKwrXF|KrZ+7uezDVt&r(@(P)<_+Ia3DO|v<{It8AOsD+-29#FK z0d{QXa&I~!bGLPagTm5_6G7o$o(Xoe6TF_IDYhq?{dljg-FZH8y5(iSr|k;Akg?x# zwzGo=j|B-tjNyXr@hHfj(X|?xrKZ_Nj2yd3mNcXp7%+!4fv*(^{nxH7A~A6H6$}ry<}JFEDGt4wi@ED z%b8Bdaic#w3l9|`EtqN|LKi^ZzJ>&I{p>!7cEamAITzCVRC%vea|7DoT6~DC<#1*g zR5Jp4fFVHO{ji5@bzc9ycw1Yb&FvlPu0@eP!7xsMnr-jRNFVUqkSJPuv zJs(^cu?xe(Lazjvmx3Q(*4Hw}yF^_kf1sm#EK$t#wK2yvMDpDePc-_9$PU<^7%THu z1|caRP{s7y%O+b!b?!&W?*MAD*LXhGBV2U%YG~hT1+FiB?u8PXk1VR+z#GEnkI0Xm zX{BVKHJL&bfQZVa=~3idpO5f#j!gb^(OG=RX>o6_JG9+NKWM@%wo!GX{wSEWr8sxvks>8Y$vqzNJQ`(w zKXl|D#F=yl1^=p!rQB&VY_s~j)th~y88#zksrzq)ph#YtigR%b-1(Nl_A_Xa_(zV% z!8sUq4^3hJ&&h6X+wyuhYR?`Y%Vx;KCLwap-BG5IvvP-3hN>g0c*2HuvO21K$b(`4 zU6XL-uB9kRW(*}O*mZK@@2Uwr?IFm#XSsOfBN%h^LLCf2BX-qkVpOT4xKENZOU~A8 zOXf=18GUGvD6RoE+1^I@@Ph0;@j99KfWN8GRhjO39=R8~nul&N8UH>9@I~~VV*lV& zNb+9=A?>PMG2)tvQ3{n@W~zF#%;kI(bP;1%e)d&d(Tb;ry^S%`ncA9@phOCgB*NGqKp7GF6WS#V?(Z|qF6TeC zr|p{fZ03?k`*<~Vo^P*;>H6D}HwvzG`8(>B?nf5pPvc@n@m&~7X%p+NVRFFH+6CK+ zai(%~^fvC;1s-MC;{Gf#y*-GL^-OjFq}{cAECGnkuW+L~cN>9oX1Q5ZxUGzbJ?gBd zsKZE=V+YfLzT;Q8V6jASCX10zo^|w`QBB%_zyZwQHXi8>=w>EUE2$7#$x#w(KK67O z#SV3SZqd-U0stCUv-5l#3edAH`{3ACO<$lShQ#EFUa{TaG$==#=cKz3Nteqgy~OPsgC9QyJ-TK8%G zImW#0-vNVD(%vOaV5)z?j5tD(6tM!(AD)(KO7ks)PD~HYfr<4%7pCHxuAvOlILWeX z-`75~&7k;vM<#}+8abtkNy742Y>BhSxx29XTy+o)ni52$BO6}`F*&}njT+N?aAc$P zwL;9vWdq)G@9zY1jr;Ar3zhW%pv0rVTIWrLA%8-5yf1$;1@TXX?Aa;Md@hj1AGacF zQCJhQCNS$zCEU|*v1VU_KdlMsRn)9?GR;qj9Qq4f>Vk!F38I%M%``N+qLMJ*QJ>5Z z|NV{{i03rV=`_x(+DAFVV`iqB&lF9)m8l;yLeBPtd|zjNJeI!eS_LDI<@azFgk`7- z;an9#k4Y=Q%fnd06u230IV9+B6$ujXac^@O6-m@_8KYu9M8g$6@n8Wz4Iy+Ba}RUO zcVh^W&vpo88vX;M25gfU9@5xfy3WOuR)$uEA<=+^8ADUkUy(NST5`bliTp5oZ0d?%c;bm?bq6ZNe5rKwbBY zS%vQQ$3&aoHW2D(81iSy0w%)pdqY$RbH_)pcWcLraO;3f8&b#I*-@f=Z_1g4bW`!V zQnlz8Q}%AO0@)<4`NuGPVNWU|T{{OBr`v4EN@4x1n9xgZ0Ha*D-YdNSu%gnx*_>0I z+o;n&Kgz^0Nxrmb8ByuyzjqfgG9cuG50uk|T-sxUC0jWrJcxYawx)T09x*e; zH<6*4eu8t4xv(Xr%T3*gH(`Cw#vFxK1smBk{8luAQb=_oQoux4>tGM{6j~d#QMF>> z>$wRsTNp91b7ZNyz6h|*@#?aHvb4~Zy5%&DjByWqy&b^j_YyM> zc)0Z68VvcecUU|Gu8k$90;$ALM*!dRWve=%u0u@{ah$A+4y@{*d(jY!!VO_>L!T1% z=K*LNrWiCHOQzxpgt7d-9Is=e*PB@vumo|QoUby44be#A*1E!?f~Cf=OEl*DACadq zcH!{ehwc2^V8P0c7;*gCfo-8vzgcD(rJGjwJ7CP>90vuJ`-RZf#G73GYCMw6Dfg zkX!(2mwB|SkWH(%&y>4I>0AflT^(+)&UfuFD+nE5>iD}3DCF)KhWTo>Gr9m-rEpa8jx@w>IGzp1Rh$-_Wp z$FIjyMkPt|gsJCd6nQT44#5vu z&ShW@MbF|N1PB#$`Qj`4L z)Slk@O>Z}&%0zsHx1pcW|2M;1YB7)ngO9qLK*n)^^IV>JXtmh_KnJGw=Um+bYRCqe zzd=aQ>0UBl@=S<@4bpE23Fdbqv(PKyOYD0aB^a;pps<+9Kzj(Y{3GcJ(F+{Bn%05g z;zE?Lu+!P=GrOxtjpZW0o#9R*sn7d1sVDzug^o7fZ>LgHMFV*b10iCTsnq=t_*I{| z_zB}%J3%Kg#d{$cXW{^XLnix>v!Ptc(c&ipMXB24C-uaH!%q;n$56G{r{b5&yWAP> z+iKj*+D@b#$)F~5aOoS0*TBoci-Vz!ZoDSTDOaYpW;?Ycqf5{>S zX=dcT@mhj zm5eDLIM@qaq9>#X9Wtx8pDU2o!1aO=nyZNQ@L>)z zO+BQ~L%5LGug`y_FS3s3_T$K?Krw!y&0$I>{7+b)rEVZK++aV99|8s>j-6a_dIl3R zSP$&dln-6;j_e7SV(ty}%pEJmFSf}+8L+_*Oup9~omhwYz?rbG?(0VwfTGk^N?nM|e#50{y zQp~QOC_e(QhfnCL`9l&jE(*mfE4s4DBv)Ldk_*+aGdrzTFzgr_I7xboSGn5)GHI8^ z?d9a^IfX2ed5TB8KF=oJ{I&WmbY{%50N(suxYKlSo8Np<_+R+rJ zbZW85&VH~yQc-=>6zOy8qld>>n z?MAEha?XR<7VzW(b5*7thh}U%22NtWE9Dl1>k)3zX;MZ(Xy6T(XzB$oCRPYdB+31oSq@H|QltGYffRxn8~NiJ9rd zd={u3E3k;sZJRU_bZ2$%><|1Am?guy6wjF!x8Fm25jUi$ywBm(e@KY-JNWE^?uz3rJ|00 zM}pR!J#IV1!)VDtOd2A66*5f{@${vk^6Ud8nZR^FHJcZqa_vwvG2l!^^Op?#qR&9V z2m}=Sh>s|#NUM3f!IPabhDVSGjuSIoRf-qZ1kU()mlF3J`z&fnON{iXl?@kmeYiu7 zaK$!v==w~0`pJ>YK1S2#JNl;TJ&aheB3P{q>yi3~0q&LIiJ}r+=DY>|sn=swqN)Cg zMHv`*JI^rE>TF}5S0^$=wNh-#nTDo6eY7pO#5lj==`<>TUt@2O4*6e7dEy=c*b__E zdiCxasqKd+zN1e8i^a(u?T4-}W`NG0* zD4upRbn;Y2wXXBY;|drg)Nb6GQ42VbL3N0EX?^s4g>BMCpG-RlU$p)cMqI=P#-FTC zosj-K4_08aw}GbV$qDh}9PbPe=px@q;s1>aQ12_58T@TL(n51VXa)Ck{gPU;A8IQP+-J`nDpK+?6b^iit8c?o&Fxa3SYKT1w0=p`7x;Sm~kMW^H-f3Vm{Z%9}wi4Ga$ z{GA>gsF2^WDMb912Gp1hG$#-Pd46$s8}rhTdEZLYr6q^_Ib5n_WS+- z2;hhBz6>6g+QFgSSdU^8k)^wwiz-xZ%#_$U3pwKt*bh6Um}>TKGu8yb6ic=wQ*dM@ z<88G2u$+3Yp07q%TgXO>Exes0#2+4|2gX&B!zfKjklY$WBz7K|)?^~ae+g(%<D7dMG2=#aJ9X%G)bNN?ugD|2C~GPq91Kf;!xFfUIh)?by||&m)W_2cIA1g9 zZDh3jF*l{}4o6W|2?Xd_sreAwQv$1rj{DDS@K0m6Ep*+?S;}jDXpHN_v$o zEQ2Z#4!O5%ZMDo95sR%PeQNmq@@xPWQ_QfD$__`5*f%*|I&-nztZ? zVFLN*k3MueIesbxmU(^ICoz^M;2FpRR<<48^WT9_JX=Bsz}Cbv!7qE^(-FivM{pe$ zDC+%k^NJ@Dd`&TuG+LyKCgl}Kv7;1iY!e>ejLjopirss-?C25rQ=6<})@~k`-bg^2Mt}n;;6Bt6NG~acbWVfcLeVRF9};IvjRb@NU|$_a|}@NFY{VA0^}Ch7gVn+3eYc{zZJ!-#V_I*tn_%kU>A{C(sRUj&$`Mc z%ACwN5^C1)=@`EO6>Gv{CCT`NwHWF74kJOG8dG|^h=U*Yrhuz(r8u> z!;Z$tx;@I!g*h{5>SxnX;cqnYa7e!%33v!lCjM3L1|0+b6;F1FD)L(Ur>h3+MH3Tc zRihkOpvpn?4<~-8Td86X-pja$nq?ED(|fkXc^@u?IYOq+Wy6yx3oj59uxO`=A%Rxl z7^6u9*uW-@ES*G_Vn`0?cYDt}cq^lzj=NPM=FQQbm{6MoHKvb3A3zQdfw%lY7 zueTm(e<)QCq=Mbj0b$1iq0<8ylWitB@Hft?HLsE52!Xc!qmZP{F-`ZLVIEtRD2PZ!vF`Z4)&*c9gZ+;UV(0P-_nl*ij>mM`-S8E@#W=)KO0%U z*Tb{D5$^#(SU*3)GhC->Zhm1EW>K&=>v}CtHlVCR)c9ItwZk^Sh$Klt?-A1rqn=At zPs{`($_0I-wam)5a3a*$gfQQ;bLTg9r*6de!o=qDksaX&3t-R~N@lEDZdS>-J z8e!{PN@!43GY0H$M4yyau142=In_&E47EC9{Ue;hW1>$E5C8GswDs4Dd4j4c z%JLzeZ+Y>k0R686`TuCB`{TF32{IRFQXBb@pKT#xC)iE4y(hdawq*sRbcI|*e6tTq zDEm|jvP%4!Rhv2);TONtA}Xf@+J2Q1L`1E61pQ$AvN<@(ef{)KJb+=7Cx6H%M%TK_ ztY-$3Lq8^;nEDaVMGbC9>Y)s6S+LtaKQ{NA8dqb);+9&V$U_GvF120o<5GKZB?Y0rJ+MEBpp*OpL+aR*;i1XOGU}%6bF=j7)kgY6exuf1(8MTvzBQnNhxG zYI8e-A}h+U-9t0PWrB`LGNvmMbe!ePx8^AF=y*xg$3CQ_>upW=^BQ{*?nzZ&`0+v3 z4@C06H8F4(D{rG_E;kmIH*;FnBVblHfxS6E_xtyy;iD7%T;1F+Ss+E;%ueq|9`MWO z`TA-D%RId^o;q)FpK$heROBdru;H`dWyKIdxbv|(vmjPI?_XyKx867I_z)!lEaFX0i^dyC;LkKJE9a3u9S7^zPsq0 zSBQHxh8hn=s(9-;4u72F@wbud3^ z24hf~Ib0zbMzFg?DfdJm(Phh9WSD3A|u^EoIX+(4cxgua_oMS*HFYAIlE-XI?B}V z)eg)_(8XrDeM^`{(|a#D(}PCw+a$NpdhqNB4cx&#{w|sU0xtC}?!LPEA1Xb77s512 zY83#_46t+O>S_O}7x^2``QyoY?vEz?%a15_XEe%>XiR+L_=4oM^X|?gpPw*jpuC5` z+}Zu{ZokO&VH2(jWvoYdg1~d~cJHU=&ct zb%eO5PyR$v+^Q5`(z&*__3}d56}@v?+x1L~8qP1`Kby=6yft;qm{1O`)i>M{H0PPO zY|MmYEc;vc8whKpC`B%UrH@cf=NQN_03{_N()(kueCfZ|dN z1U{t_7T4o9>>y*cADvAn!(g6L;1H^k19Iv6)L2&))sp5yqZJ6qk+k?r9p`PlRfayS zb3M{aIz7=yX~N8d{U*V)7*s;1m_S&oa)h2EZ%=lx&pyM7Fl2)<8dLgiy?ub2kg+79 zJ6P1vx~0$)q&`J>kBJcXvp4cyO>yxT(7V@T-Tm(H6gc`-43zj@>^l7>m*y{l*|V|t zJJi7MWXjj=9gboBI`^U{0mW*4Mb0T3rhiS;JqC_N?q{sUTxUk(qbU&^Erv|_@Y zm~xSFJHtwMJZojTx5B(AnnTL%!O>l&u)9SXSjz)Xc555#BKkB5bb^2ISra?uW2F_t ziJ`7Y21A zx$|1-pTEFL*&)J*liS(gNu&2Bof3rE;qi7hgW+hI54Qh=bxUJg9Rzg(rI#TV=>Z0R z%Ir%|8;T}8>9KMj8qh=IFq)4~*nZRCYhBN3%1V$jLj|TKqsj?~RZBRgLMe3zWw$Y){ zo?D~`5q2lB1!Lzk@a7to2NViQlgCZ!Zew&S%W^f|ix2L)!Fr!z@4DGzDc$=|GsAx* zU;T)>{iS{qAT8==H}LMx&fep^h|(9ZzY)cy%!`q7z%Z0EBS;t0eeBh-uEGbTYl2!T z3w!sM2p=7P_YbB7n3E|4e%5~fa7q5MKrE$$q}`*3zoRf5ysI-7mHmRFPcKYV2wdl0 zP&PVZ=O_)gGL}x@e)7XvdE#oIE-!f6x#rc;B${<`prjh3P7dd$!W%u#C6!M|4V#bs@2&^O z*QTHr_FvNR7W1?)G8?*ce0OZwGd!<@2x1x^#yr?xeGjZFwRtxzo+9qV z{6Q6D06nkeRYFJ+!4y+3o{OyaT8YM;^*RY&7Oz(Y;NJzId~}7Fi4sQF==u;I1UqDu z3v8G3H+Xt&+Kkl1H$(Cr;lX|Gd)(pvIr8d~v{+4^?yY2Xn6G~^dDU(ekqp=Tjiv8V z8-NsU;LTn=u@;0GQw2ijXf({ESzy;EQTXWH>&)Pw`~k2&vCQHN3o&-Z07WwcyJ#L8 zeAymhjB|@B22|l?5BQv$)(R==AZl)LttrtbfF}DCHjao%8D)OPz`t6?5PAF;h=KpK z5Wz$Q&@lc8QO@w#Yxh>6$I5xOEj*32C3=N+F=c!#!Z1;s!uk`V^8>Qg_4r$;W^Rft zDvvm%5X>gHj-zw7LBcHf`rUtCe{nsab?0ii)8xPXw5&U+q6ADH9!WVxdT<%t#s8{x z_gRfS^Y1=5paj^HDfGYZz{TPX*D8Hl(Z0#O+4aPxbCzH3PID06bAw6!Z$+A(q@fieS#6e40GqHvwZQ=`N`^U%%L z?P!@irZ|@ti}KQn4EdE67&W1fLcDyXmaqOXbrFr^oYadjMnpUUuM{2Ft}4ja{GgzQp?fCDi|q|FZ+=D2MW)^WN$>^SxOIMcd`h&sFCO}@jwKTT zNh~(8L2$tZ5!;Ejo&DBFMEtT({-^-J`Hw~;b3FeE@BjlY5JQ6r(3PcUEQTpiZT6xx zltzU0p@^1t%O4ea*rvDY6)^829ucuK(As73fe2mx2;JOdQxcQ2u`|+@9pXCj!H$!~ zke>(9+5c_@&(a^oYy31hYheq$ATDr=n#7pyKLnzB-6ML9=NO+mJg&6QF|=%Jyhx(D z9>Pq@s$zXD8YUU`h~fTeXHe%ZHnI|p6R4R}l%#jp5T-SJEe;zID+A~t?A8NfqF9-i z=pq2Iw^+vHLHbApo=jw0BxY#5wt@3ukqB=xWenK$YPANe->8I_n0Pn&R0^JT0WE>! zU`R=@dZ{gIy;GO!dxwSm-`H_?JAqfo%DHs;P_*|7Jj5xBhqa7Q510>vg?IxnBH3w5 zJ!h&g0t@9J7;#hv*kP+fqIn{#vsS~9M2G`b1KdmbsV$RLm2iB1H>0=AyU>WkRIU_q zd?n43MMXYkxH=?CP~|tMp~wGn65TF-EoF_uHVsaoLocYuF(-ODao1nM4;ZsQ~BC zUZ@-)Qs9kJZ6t7gEcpmnGTT-U;8@<-zt$(O{=}msfb$9%zp*K@)@IGEAIr-8Szlcn3HJA!z1| zHSb>H85_0(ch+Tm(t9^qg#@NYw%+P8imOv|5t}cBCu8 z(-)cJ2z8}$*$HgwTa8Wj@EH1+0{pHNj^7kY9G$^zPdbj>t&i! z6gf!u2VJV|#6sqe*iYH588NRF>qma3xhu_r7n{KCrFZ`uB31v*l(-0f-fm-x+08aylno3ixZokEfoJG#*{d0z!ZOQPS%` ztclVPccLovaaIB7>3Bc>M|$8>j6h_LxT4OYu&`$TPBwtv1}Pnuv&0%&yf+4zbl83s zZ-i}XG_jAh`iu7Zdau7LyhtNjMFF;}Q#1e_mrqk+Tzu^Hoz5Qi#9*mku#r;5f!@5IR@0G$|}I_USX^$I02XFYcxJ3nD9c}~_ZB3ht*V>E&7Ct^(v4~lGvqNbX5XsR0CQmm^cwnXubj$Fum zqazrUi1xOs#z~_)MyXPyH_#3Hx9BpGZ;bS5%|?8}d5r!H(d~wHgh)lk`<7`4hhgQg zO#4(CZhPjJ9?Q*B2u;sdq57}9F2xli27GPjEz7)QE&Ue+S6cy1E9<(#j8b!Fky zK*MHuWX?xw|4wJmFSTH`9K&_QCs!?aj$^mYszx>Yc7QYU0e9fP&k=Ny<&W=nSAsw5ISKJ-h zq6IT71iT=ZgzcB`TXn~H?}Yl}H-6IL`j4U5iKM}pt6TaoL<_k-C&_}5S%8!Qi;;xl znw+m8^>xTNTv*+lP#MGsJ+D^uKMYAmk$7b;EXa=1N($Ad1A9Z&-FbF`LFhJIC-RSH ziuzWYEX0gdb6beKvBoHrKLB+e0(Gq<0j4QwsJpzGJhh@R8%s01zPHTdn#&zF7alr` z7s`}StbJ|4FRITr6nR|shNeZQi=~*BHM0oefLs-~_n)`5CAiuugfJ z?pwhibtcrHxrbMgN9hzQnPrOAlTv%P_-CpY`&WLDR&jm_GMMa}(l}f$HBx4b0)?71 zAb?WiwBhr5|Nh|(`t>_LtT9hO;5%4n_$YcgUH>DeJ}Y0oC0ZRPRczP{X(RV{S#^!w zqwYZ`!r_lOJpnttUNB-HV7~!|TQwmmPeUvtpyVpv04>zs11D$(-8RRUVgK~NE3)=m ze~y^Rk?(T+d~mOyd6F-}fc?o4EwoO*i~s|lRBBKRk~p2{&yoU>gx{0M(;}Z#mnfKm zhQy2T2+aZU7wY4qnknN}Sy7_n0?WU=oisWw5tAnlhO7TE>+(DDBA1?x4xZz*?k{y^ z3)J|WdXrr685* zV6~*^?;A+f^yn>wnqt&80!>8MXmwGFt6mPq!iE=nY9RxAEh2RAq1DjpC~zCdSK%KJ zRixiHZ)SYo-G-purTmDlj+p+%t(5P6M4v+t# zQIo#yxt&Enk~e-7WuSt1U0|QKXGr`Zcfmi^^oiZ~i@~fK;P~=NCB>*zjDy zX4gIcdcbrEybMilgea~=lcj#gYz(>4@LX6N#%A00=-&JQj21#-UqaPv;~{+&t4;5- z)Ean+It_nE<&>tTdao6QF8)XA!NEM?8VFetfScN0W)OyhTGqF#f2z>j{TJyc^2jt& zLD4m0`Ih_Za^T!XHDap$)=C}P@9lSWdDg{<^w9{34jgANX@vNYpKI+<>xh78hjeI%X6eMmpl;}d{?0wb*9@2>0r7B1DrsNw5R|(90To%?&f~j{&_-_FU)$KnE z8{7=HlW?cQ>=g)N&{bbEJAb~}8bc-jT;2cWz~(I8YWt{$z0rfkXldUU%ouZ-*r&J> z$mmnJ^vd=tJKm9aqdknRj8ClO8n#qz5_ev<)C~novX}>UN76x0_Ntwq*U3-U98iLzNG^-fo7hl-8q9qMzIZL8HFK9 zU;gg@PfFQAv)M;`@tWw=7w53Vlu@Z{5X;SV++A5-Yzc^#n2rEr}hHYSJ0Y8OB5eg0&I@^SP&4)r;#( z^_kp{u+C*?v7PZOyNr^nur>>+Y)&(_s|`SEYOoCdZ^%>t4$4GrG(pBZXVNHXmO_$S zdJUuhxURFvgeTl|Gg6huj2=?`p*YfSW`Owb186S)E-Py9jB0_do#D zOJONx?3EUy!}=>{7t6^Y>^=os6|s5AVyB|wti`Fu<+30kG=l*1%E|j2-x`1@XK?$@@E;I73lSF>FULy*AcBkiqazS2 zBWarcV?=5sjmwi7VcWx-SJD1|_*CnE@F_n25Gd@W0lsWXt35y}R@@kGjWyhwVz5oI z!hBb(raH}<8taVNQ2D?pxtme`3+{kOfR3vS7KHM(FBDuZgvZ5Y*xy6<3n@bYJY_IJ z=dd(2Zx6X^*)39L53)d@S?ose(JP6ZkQ|*-fgHp)Ue(4ze^mncCpgqzK@ej1M<2_M zq&so3^E$)Z!ARF|HB=~;dRGIlb&yugRe-*JBc%qWb!f5oH(uoj{a?JQ?SFVx_>XVA zN^0^ycohkE654`-TsuzqYJIKTjGIW(`bsV{eCvPkD#ZC`tSa2}_~;SUEaL&!aJzh? zw6-hd-Iv&Ohx}&#%#41VGP;*-FQko2yoEa^!R&Z51{}fcCocIHPwY)v7`3;=Bj(f6 zw{nS?{kFKJ*X)&d)mdPXJ-k=o$sv%J`x1Ho-M{yH%#P=&{0NK~`R|xLH5CY>gugB^ zr=e*9QrD1#OZ2sgN+t@IFz@ZR(y-jqX$y_%SvqBTB$TU8N?$^#M#}Lqj-S^)Jv6PF zFq$TCZ?o@A(@Qsv5@{^DuSvRutMX}GG*6iO(_LtN-9Z=!B_N}mTYB;)JUaCM0l`2% zzv+SgM(0@=f99=4Rh>VLJ=R#VJAAzU?0HbHbkM>`l#Z3Q7>}L=ivt_B!OoXACRe zo=e3D6c~4+H->c1Lv%H1Yc`Q=Ni9VPT94I()wsxT(qmMh<|L_~Tk z9Tom7v_k7WEz$5Y6bU2qnU5TQ)Kka5u`fI%*T$Hj1n}|^C_FVBC=F$%LA3O&u}#W? z(_&MkFFed(8B|()qTg8*;Zob#dM=gYI@rXAcpNr8nPp`x`9p%H;oNej!E7adZ5u~u zis(zhC_ln;jG$oJ3I7Idt^b6Eq1*m&n}> z@cuLBR_xcP>8FY$Iii?`$br!n=yc6d4Q9eL&LHte2Y z_kLM+FQ71iYVKI5Ljb2&lJIrvM8t~10n)LNpRFmC>f)hl?J9f9YsyD2#u2{6>kU>` z-+!nns3#)c<;C-#-jhRykEgGkn$+t%F9M<|?}&!+((9r*J5UNIZp5tQ!ad7oRvgUs zeK?!5j!=SL&E3&QChyVZRAp8XPbiT)@W)r|bmr>~wv<;Ggo-n~AUAP$x0To&5W}aC6xuyf-;#nU z;?$X0Xd9u;hvsq#`q1hGqJp-9og{}u&qGp?F|aOS=kNo7`ff-x_T1%C30=~LkvYf zL(xwytWj4D_6Qg6!rZ=z*GfGjaOqJmEbuK~e;q zzju;o6nb;fYbL)SoW1~48kY`Z_!N0xj&*di#WrUkKQxQ-gCze_KRhaLJp|X@-(D^4QZHz;U9LwhJjee+tyg-#2kk~As zVMu3rSNxESgT8C$>{QuFTb8ZFo#sBsP3IG4&PQUU0-^7#R|F6)v2?1zA0E&eG zaJFH|-LpaiSW{!m-0T&`Z#?ZEsHeR`WrBOf*`Dex`578nH^b%JnxeCSonBR1%EA~W zV4PdK#uK#m#0@=jYZB}@q!bVz13%HzKT(X>*R8ezi?c&L4!U27Sy=K zo)2A&p@FAA4dm$m{lk8&{!_m<7#ubF|0bRc{Xd1q&1s-H4O9*Y#-1)XCrJROREiQ! zx42wX#!_j{4-feKkV13$G*OMY6?61Ins1uVeWe%s8y5#Kku+XL0zA`+(=e$k}1upMGi8!p}P&~_&79}Z2H&MPRg zY7A}CU!r*Z;}hj&YA_?gz9)~Bu_U*mz+HZXu6Lxoic8F!zSC{1o-<^8>`}?VNZTrY zy@W(V&mw{|HXUKOLtY82J#MONi+Q$<7PM}`e;##P(TAP=C%Y}lp(ZhPVH_lY;fN|S z(lHPfA62mn!ip6frL!I_Lv^YYy~|M8IVBeY{B4h`l+9BrLO0@-nsXMB*Xd8Ok7 zUp=AkhYJMs1SXV*1!TYYunTM9dbh(j*5cW!Q>2xZ^)Q7#v<96!FCS+T5)Ebx=N1^E06CEXV-cMzZQ<&k)JkfRxOQ7_oT%bNwjQfr_Z8y6Y!|%)%l@H zI_ikL{jN3+3qy; z%A;{(5ojy|D>;J6>CML0d(K_kcGfPk7Mj!d13i5gA%509B5}=6xt?0kn>Kqqw_0uf z!M!o<0P_fna?HXXKXz@wzdzyKpWtALnhkAzA1>kOybRmMf?Q7?81LRnVH5H}fECWef%RjmQ>AyC z73gleHBU4)C_AP^W5NhS9AThhINnYj_k_M7>Is%aOCC%V56y9=#8XH7N1hvCuK(X* z;{NZb+imp!O*}>8KN@AfQTA6-_9-`A5N6s&4PW8*MxB4a>byef)VnlkJ-)I11y&<2 zWXrx3wR%&Ny+s+8Vew&*>d3gJBN6NNKLm^r1;8b=7JU&qDQ^o$FsadryCRvQPiB zyZ@xMOY2IP4fW7oS0HlF<~E>|RHeyG=cI(wFp4}oe?_WYlPgc`Myg0ttiHF%c*mPO z#(O|OJAiFDBPBg^B76QhCWUhXfGT1qTBk)SHM25j(3x2>f|A*F#Sz29q>}U%V2Xc- zxR?_mZuj`O(f>E`WZC~?G;WRn%@Lq@8mMPW`+_o0!DLX+IJa%%=^(xq znghZEJ|M)2oo3%psWqU+Tl@u}rMWVduZ4ai#^TydGHDM{!>MD4Xx(bVKUbhzy?%9Z z`T6fJENSV+EVPYn63XvWjedPre%D)(j@}C2= z6l|3RqH-8e;nJ1MSb0Eokhr>!txt%05W7`K40m!BdJaO;9dGyYpWVOZp8y%3`@H-$ z6S~vopMYmemj7%M%YRny@}F(>^6%Zh<(~u@pL@LgbrZVF<)4ISJC=WM6U)C>@AB_$ z_ww&|7WZ!bYhcFb9t!~NjP6nbXaL#{5fB4xO)@|kr3N9;@1&+}*bXUh|4aZ$kny?C zGGNP007-bZL;`HW1kkV71km4Z6Tsm9=>SQP@wvy#UpJweRTwqyAZHnIN?>fQba z+r9fA-9HmR5@dYt@$%PA=q{Ik5}xf?{zscI0UXt90yx@26Tta9nCMrL{M8_S>TH#R0h!?%TM+mv3k+$$R%m;mb2SZjANffZPS^tZ%>cEn}Tu2tLTalH4>aaqLu*2T?2vz&9E)jfBps|;lQQ-@%@nJt z#aOazrBc-}ruM}W|$c9>!~sep43(b)yqgFtAUnw!P3iq`LzrBZ9$l^`w(Gj3w1+k|Zw&n_mipArE7s2?(y2%v z*%Mf+!UBoHZ3oI-dtnvf)UicM zLH*fst{2w+cb~nhG5qV}KiBxrC-U!jv4{Vf_nHbkqnPf8t0H>57qO3?|9H}@_%pS$vXct8aD_3 z=HOpB^*7_8tvuc{*qU?wLq69tA}0^@EFmU`u?DBL&!wiyb5;a3em2}sc-$rc()9?2tt$59uzZxdLOfab4IJYJNks4HN;+#Ma zt*N{WVs|2@O$KCRgiF~hw=lh11wjDJ(zC|)2)7~-?l6FXW;=Jnz(zZs?T`xaj`b-p zK#!QYq35U8flu78L~soWPSP(%+7myxU7~TX^~E?yyzSe+XWYyvFF!H5pcDLH9CidW zfO-isHt8Xt$TGd16#zw-{5GKF$x#RXe-{Q#8#6u#?wH6@xwAPvmHOP3j{)6T;bXwp zz0QmYC_wjavE8e+)*WnUt!?d6gQXGJBXgd$)}GB5t{=P$gLf0M>>j{sTg$RC37%ke zxD#K(lYU|0G~j~|E5~$S<~|=P8Wvs?3-|983*VOm1@lRHPaS4oc-eK% z72ZvjGf%Q&(<;JPj8oU41~u@hl`P>Rk)dxs5@tGPLdBeW{<~KaFFu%I3_)rrW7Ys4>Vd znX~adXgQj@zJ(_l!gw}NN2MgA;AALXAM)w3jYs#}kn}|I^6VcEsuS}PPEfeb zp1Jcm$(4UG^2{X)f00c;pOn~s%GgX9NeZ&gr!NLLg)#eHw}Z28s=E`Vibp6l3tQMc!ktch-XzC1_Lsw2h&Q>2#1{GVSo4A$8`agp)M<(&XBJt8@kbU-UBbKu>|s^tiJpvJ2_G zfpg-&j{AqP_^*ENsB_%-|8C+*@&C=BapMi#cmr1s2aEXXf?9*N%=tHi?;BU(2kHu( zLGy2@;*oR=#x;62w_%_&_-s$?5s(NDBQ{N{S4e|;1_w&)!5BqdkTWpKF*5|ZIRX8W z9XSP9s4rPK7>OWrBy;NVe#aP_w|-4(6QYI!DZyyPr%6?!D8(RsV<^2cjNZvk_x%O6 zb|Su9X9s@U)#q{SbfX-)(5ej>NT$y%28KSzqsW%~gK^Y3{JxWxGB-!X-c~m0!9Jkg zwKj~hGNXKdbXb5-^hWz<)2U}oQ2~2){_2HXdM}4L9K#f^8t|?@R5T+>G#N=sEVR^u z34Jn?rE!Uu^uj>KjIcBF+7bp#RIq^O0&bdJqG@)5ws3BnHPGN_5E~&HaL0^oXJ$Yd zmtI(*9(0R?;CF~-G#|5&RZ?Yu1j*LKxDob%rb^92IeGgIwrxlI`|ggg+VT!uZx}k_ z%5BIv1VE?!%aXiCVY4MAiNYYy-J624V_ocVWsxvt`8G0P`_*1W;-NV*+z%G(Amcbf z4>QbSqOFDbNlQuddMX{|bIHlqJHHZqs+{fz^~`I+|Hk`&I#*3ZWWP zH=8)~yr+u&=X<|M*5ByKw*Ped{eCYN|9y1akK@c zu^V&FLpA4c3MY*>LZzoCKonfCwrQr;VTc-&F4HFBer^Sr)z$(w8TrGd8O%;w2khg) z$Q)nWzKiJq?FDp#u3c?I^bQ}--#r&~9`Gm{sh>=l;W+{$mdgbW^VAM;9?IlmX%9)= zDOwCdQhG^g2?;_?HpIKYO?1Br+BL|)G{|=;)raUYNbcTtfuEKivnH#~u-oRRfmGbk zZg+5gL-=B7I}`U0{F3-h~X6BsFsy^#sWiUxm4oD{~Oe`78i1SU|D*vb>F zs9arD7-}}D3VU}Fq^xxOe8-N4h!qS-G|+5rGM(ZrQ}_Jn5hRQz!HZq-+EG5ARt(3e zl?K)x!>UrVfKi|DViqgzrU0G`Ep@pWE@!51{Xzc4N{FB=g7E+RK6KFJraJLSV11+i zluqE%NO}-dN2LW1ZFfoXZ6>(DPZqWLWObS+Dl1q%LNkAI8iS#T5ky5y#!nKy+#3Ko zm2ho?{654}_-X4s^kt9C3y_&#+OZB>9{tfL0=4z1i~rJ>$=MY??d(6+ zL=}kPt9fR&zrr+tEhCJ&Btq1OB_tG8AN2HFpc3pRKB!D%z;A8Q%A6cwVouC~O(F^K z@(@iBK{_!$TDLTQRg$>-wtFCT-)dWvi8TsNTW{S9HXWc+=nyAid+HD|yaPS8iC^EY zQ67XpTbJ%n)^l7=*7&E}GkUyv76z_A!pVOg&E0UkKXu*d+#;ghUM#5vhXm~HL2KZ9 zLebCWji2~(4;IH5Iy&%|Zm?$u4%%p|$LaoqF8xc_ePcSe=kBy{p%cZghHQ2RO zI~}tU@%Yg;nl7WGFgqP*++5_nxYKP%Cu4F$k!syZo?qn(tNaoqfrg~yWVFH|Gt8#O zx3Za%<^p&+s8w8|RJI-9*;2)g(CgddZ$?Fm49?kkn;KQf#|dVS(t6knOHJk>ZFcnv zS22%?iUH{=iPc5Q*Z`GXExGG``L!!~c@X}HRZ3ckkg!hA=hpOjNMjSwoxU&`xtKx` z@)}NBquUW|b1$w@VPeNWP&$xkrt$P?Ff*1^4B;_q%mzf#r;?IKyR+(5IqXrd^jZQ| zIFPdlD^jKh9u#uI-WcL5L(iJqelX;(ijua;V3I%hAEzx?n@=$SR`K{z<0+rs3PNsH!;01oJJ63%I#xCw111wlYk&>5r&GHL^So<40y4qbw@Am34K zv%Call`x*Xi($oQOYANfLloPpG@BBKMci-~9TEh_QDsdzcFu|pf$y00WuF0XL8BQm z0}Y^AsXzl{!8;5zfZ_834GLiYD~mr^(f$js0QqwQ0dn#`9334V#q7VGGhUafzqnEdIVEdVkhoxXg@P#q;Z&_Om7!YZ^@ zAb!C7cYQ^bEuqQQ%)~#D1Oc$0VYXXXYrY9G3SMs$!_Qr_H!zRI%M>7EVF?9RoM7UH z9!;rYoQ0kTqn2I?Fo58@yIc`*OXXdy4tagt;R+#j74}og#KlTEY#d#z0)+7di_bhU z`bQn54#Y~Se|4+5M9vZ1k0RbPC`$5|scINzrsU*XcrmaJ6H^=H6#x@G@IqpXckV@z1z`7iVQulbSTdv9#|vn$v1#s!i9WS;-Kok91w8$bW| zkDBxUMjq+p$d}aAGbg5FChB+d?->g`=N#a_h-`@Rc}$$V&PZz4H|8>N=!#B0@j-kz z*^W$aU+|f~?}H#7&1Csm%hBx-9NlK_qR3$_=Y){~d-{1pl?03&j|y~2UgLIK++Rw( zb7Hi*EioWF?hwge>InG=UfW~Cl{iX1ilKmW1Q$14#voPp|K%euF)ii~CN5hNK3gZ^ zYxn`LbKsj_#W%mPzl29~3pVzExImm36Laoc;)f}m=w6NCYX_Jk`qnd-vrE^V2lf(v z>xduhL{qdcAw0kSCcavl4$fJID1sJ#$GOuul2~Wt*NJV-$8`B9)17_(n%oZB^)r^FwmiWeH)!KU|M70Ct!dWlA49v|Q)t)0cHciuX@}hm z4(b1(JH-+Iw{|MGwIYj{icb(5_QE7w+f#m!R!(BZM4!@PYFn5X^sj}9^lq_hQFYc+ zGn`sU02k&bPUUVV&cO@Y;XlTI@@MXi22aSYGtYuw=i}E@9%^tVw|ZmZMW)aCsz17DzqNGu(#TZu^@6%^T+*fA zP5Ujm1QT3FwlbIlJ;`GZP3uz-TWALR8HdVZ#njF{dOeZXc~9*;bsYm!K8K}z?gC2v zBxkk|z2wI??wE{^RY!=0qm^ifbwhL%S-O4z+D}s4vL9Z$PHChE2c^^dh~|Lg5<|<&8A^OYYLv-F5FZDOepNHXEa2hswjyzrd>2+EQz*@N!JHaP(CGMJg)U;r>P&k*nh zLH-Lip)|Q771Ol$i~-TaM^>qG6Qkw$-3P=D0zmr*bJ}~4#byk>ZDNM0AEEf335opF zc~+h}j6!ef__USAbNQ?h3{fJb8ciFP>1`|qN8E!77TOIhG%&>Oxgl15c2h&FUwj0H z7#Lz;h$WeJ-4LVkugnCCPn>y!=Pyc2Q`e8%BC=Czr==th*fx8^x`dl&V3mPY27a?# zJ-}Q`p2^I$&Y<-0ruNz)*lS>~fxUMB?6uSgqfzSo$bqwvjA(3x@ypWx_P-yE!1tqZ z_}6!K;5cshiAU+Q{?A9_`te7P6`C{ra)r^b%O-_AMr~m^O)Iqpw&M&>u;+Z6ey~~y z56cn1yCci<+qBEU`i%44mh~xl4dy3%vwh~L=X>}zY)_?Gd3(mED6T>`tl~(=_7qy4 zouWwyrss~Do`{`9TWf&!zyN(%1}JqH?yt6VOKm)ADproiuxB%WWV4Fq4vD@lxA%6f z!Ohuo5=-twSe~klt+&dQ0_zQ|H?ZFFFYlZ6R(^Iv>#fK;V7-C$mU|A?+m2gr^d^v- zm|r_-SFuHEFs#6^0>dg_kJPYYPI|Dc3eRLQbgNrdM_^dp2g9n?r0TA2QdP2oNwpIu zl`1MuZ|zen22ZP~dt$SJFO1~_lMPI^Ts^>Ki=W9%wxav$#x`50Xi9+5c3+J)2%~#& zMq7;^tZ+l|y)mo66~^;{T?KYkt{z}l#m}U6m1uv$4eY93@fp}vU{`@%m1Np&yXuA; z0iLdTd%`_2+`u2k@`2q3c3Z9v~b zxpsJ*7(-u*OnGhxLiK0RBcy-8-XxkDl~on`4$HFXSU2l1M=D*Ksj0PCDlU@^oyx=4 zf$g}o<4YEYTK$*3F-?wR?R2HJoVt#Kz4v@ijc7cW5zw^`itXUrrmHozKTjm`FyS`w zTcQkQZ(L9EMsex~o6q80Yzm}JmG%o2-=Uy%_Ts{II9KafITbx#(R9ffDfUE+Ll(2; zgjlKkjC@+cVXMc3<_zda-dYC3nNnY9$xKD7x&WuHr115v55$8~81^Vk-tXefKk-#CHw| zGQOX>W1;D;e*|oL%|J;Ohf{i+u2@2beo)ariEuniY#-Ni+|RDFv(SI2uJ2p0 zoa1+!wVV|P^n%TNH#YOOTAE-lgT4Gvp z_3-yn?Fu$G*xcKDGA}P|z31~HKmz+~8R;BESkGwZaKySsJXazc{Er?Wl+7WOnuDAH zrQ8Zi$%RS^?QK9Y4;01h#zos>BD!$EgkA%1&=K8JQrSx_jVO60M+caggWg1F#WG+} zLIv*Jr99cQN{@wB?H@}VTva%f2>lTU0hKR?*bYWh;TvM^aVaXY1Sdk79*gZ0f<@1L zqCQIyGZC2-tFlYw?+J$~8L5mYrFGw*mb~w1Z8``)z+3MT>CQZcp53x;$@<{CRtk(wTltCwlg{g}!IsI48o^ zLB2;miqUcrMgg|x=s$G-vYE@rz)sx<$)9t&Sbf!=k`|h*g<+eNh}(19_1f_RVcC!K zy+WxY@_*iTTC-g9)33B>AHTdpF@rv3gh{t9X8u)(UI+Hr_H1O&d?G0b1CrhkafJMF z`pQY?7$O+oj%U$AaD{_e%w*ROu~@pWtN(2k_f0$y=*o>iO=1l#mZy42+i z_MezA{-&_zMUuxTzzaX5rC!PV&t|ibc46cb2BCs%Nl2>wS#8dL5+cVRnw*mFUHGfG5h|7Imly! zBqX0$cEVy7El898*y?UdC!;mmCCgaiAh z&wOgedEj4!IS)+6@!$D5+-EGAayO>GfA;?U>$h+I%-(!Xx%+@Uy59Tp#YEV1(Dn6K zkhURJwMsjdDmazL`IjT^mJ9qDZe7{)na(#X%Nq3ii2ghr4A@Vr%m1dSZ*@DU(>pw{ z2HpOk(?eGGu-8BQ3R#bqawljA<@`5=vLZWiM5YvRP zA~7}%p-t7|lm=>{zmP{hM$iQ6(<&0s#+$5elRcRPctVYs4imp$htAVuTSjArEX zdQ*{0)S(f7nv1`^U`dJ_?wN@6+3Ub3uz>;Oc|+*!Aq0`)5L2$X;J)F7xe#aq&4dQl!&kTwy;N|z?mS4 zzv2fKBD!EavV&H(M4aX;lg4Y%S-{4t>;r4p0U4i*Z4Zrh@Nkv4Nw&M!2DhO*vwjmA z9?)%d-6pg;cD>s)?F}$JZap>C|5L(j*u#!C`2VVY{jX0R7WMz&;1KZttt2|-9;L!2 zM8oIEaYqp{&MYDfe#R`4rJAE)1cbVjR6z@lmIhE1JG?P86=1(}fBB2i$X|NV zTfL7GaJ&rM=<1k;n_foQ*Mp_^B7Ez6Kl^@E3TtPtK9J9`Q(lv!D+7A0WDvb$9XLd9 zG0}eUD;mp6<1B-;b(GWi0kn_Ko)Z3Lvo6oZ*GagT8Fyb&Z<92M(qCtx!0z0hlwA|? zhM{;CodtM8v~F-^phqMpEuv)4QpwQR_a)tw z+&%=Iy#ecn*=tOD%#}-t(xES5U^k=Eo|94pS{~Zht!2fqENyC<} z*wdUF;(&kh=WHDRUiQQZgD%=-$rfi8OSZc87J6zs+j7d5Tgsz)dh(w)IN)>75 zdC5Co5_uLT!i<~OR1E)6FqTQ}m~|BpDT|qK<-M2ng_w$O+E0XNK{b%7{IT?-SUaSh z^S)XYrbv>Sn6#t?8SiL}jIT+X_G{Xn@Ak*Vj}l4C51kmsaVBS z6)k3HKk|PiBDs0VDZ>pObG9$};_7P~RO=a(Yp7MZKv*q7o$j3mzT2dw|5LxNne(CO zTLCrtzcc7o{C|T%2lW4Kq!skPY8{Tb=Gd7f6cx1CnHa6tGyj}#q~`SPC#~N@-!pPz zCeBl`A2Mjk81Rj~_`waMJ(qAOlPxI_p|bWVFXWhS9p$Wb7Ssfo4yl`YZ`qI5-HD*9NU&Rz!CY9VPd%;p`Cew|k zj(W_Dn@5k!)&GmSrMwXu^w_WN{QYt~b}x}(8i^!c&l*zMHxDivV+t7&aM~)Tl`w<&2vAN=$Z0My!bFuIgcKD@Ocy8IW4igARu6c5?>L-Vbw{ zJ9}C{y(9zs1hE0$vFrQ@=rlx`vR~gX@Te8|%LvCgGQBz)QO_uC(B)P9%njqMI`L9i zgKp)aVOgh9W6K@cVb;&7dB#n-r5Cv~Is+q}7R04JmX8u$F>7Vb(-^HqA+P?xJt_`d z^5I;a-=1{<^8Ypx6X@_S~kiSLBE1j&T^J43;e`5zOLx3^s66 zWADUAo*&VZ4k|AxNzh&FQQL7sl{GMc&}q8@+pPY_0kKu^*fpT-T*!xHH! zw8Op49pl)Zl7IG|w6hRpN_NWbA&7Mwi>^)_Q^)qgK6huNu|)0si;%`dt=Dc!pJ=5@ zNy&u@Ips`M_5C#tTIG=Db+A z@3{Ru7C#qOmJHZKZdzfT6#LSxSXD}n51=G5p@na^f{D__j8^^~W#|;U)TqP$Z6Iq@z9iqZ%OwdQ} zJX(8(7RzAahd3k|W>>AsIrnu(awjx690e{r&U2fpE<2|?8)|xJY&9c$N6+o<_9ZU` z=fJ1$=;jZr@~U!IR(hhh;6>$lUI7h}z@Fd~arQ1fW%R8dk^UED7oV}qYAWR6`1o04 zSUy$PcS$JF~)&8X;FK*O(aAL#qqkNi)`(d@Fo^L?9COUd!0+xN?ZEQl&n~;U1 zl5tYN!_pnytJ$BjySz(eikrO!l;UfpD}=WT#+IWgqL)|%=zQrANlb6)n&C0MOUb9Z zl#xw9+A<&->gdS&8s#M^nkDx2k*A0~l1wT5?Tyg|7bE?rIj^D?pg_Hq%Wj#N_KY+j*VU|Rzl3GPE*tv6NordLVnOnIgv zkzKT2p;KPFUZUQBnM?05e}eYcV(lW63wV<1&;hH%-CDj(UvYJ{Wk&Fd9IUu`Pe3WV zhp$2!+uW~ccfI7=ee))Foth9{}K zRwJ^7-0Jn=h?FW^tEQBRmt-nh3rz)ekX^MJ_fC-*)}>)xT9Rpv>(aK9Tb%yk`}e0$ zU%xtq73rAt0j@}^ur#bl%QM1?G^|MHsbED~k~CJNRay;Jq-6!{$ci+zIbcberCVE) z{+Zf&)pcoDjV>lwjfT}|T?i(|R#HGk@D9Czz$akIAvW6-XM0ydM7`GMS7=1cp)FZv z9>6j)EHjIXfMsSWx&~r?v(>k`htybIBQDCFQ^!@w6;KiW-vPOs97zt-p z>@~0Ax837o>-hGn*l%9NUiYwna&&uDJZN6US627iet$zquwlT15;VpE4>dCD&f^`z z<(wJ<`_vM6%zvCEm%0oq2+h|;aZK4embNUw#KJh|_y=Qq~f(5L0pI3fYO9XIfH z=&U5?93S*>gaAj&z{3u@aHBXXpO7D1UOv|Hd~DqDaR`nNaD0f10LO=va+@3v>;3BPBi*FkfOc0yyDa!0ux^PEu&yZGGS=Pk zc<~z6W|VgUccEL;1c>)G5iduwA>Bbv*YJ;y2#AfDksU?r2Mh_*P2~&&|HUw{jVA7A z?4^o+JD{#=hbTZ@MhQ?Cpl*p0pl*?5SDMh^w z$no4t{ktFEpZ@jk1Nr}p)8p^{I(hZOtJ7Do0X!ysfE&P%R0OaAT$&L!fWrpxJQZvJ zmn7H#E@{{U*#OQgkR5iOZJCQqZwL6lnb`+hz+nqGYylS#u5pQ26JYJwhH&L4V6~W0 z!fG+B7MCcuX|-5JOcU$~haKV7D#DKNI}ck}!;Ww@-rA)=dDs%(Fj9e|KG+iup$g)( zHK7Wyf0-xP6TX2yl?!HYf1q`{KbkK!@7NCUjuN|qCj@~f1Uw;C%5Cz5Y!Uw4`ndTu zZPrde=q>LNzdzU)BK2>Ge_@xnh!D`PD8Vjq*d<;|zEj-_7)l3@;>r;oA$tRrfgV3=9vK^L@IkyMN&a zp9t(G(8P9}kT3Xt`Q4}BIz{FbV7ne^n>S($&5x2lq{#a}2lL+^KW3}V3GGuvp}-C; z4<{8*5IIU-&~^Y!ZvfK?i=m$=kD(V1vEB&V0ZK0t0!kO9TSn>rZie=5>rydvCoB=~ zI4JA`Cs6HHzId9MlQF-Ks#{l~0KVEGVUXfLKr&(Z4fb zuo`r`Z?%q&o+1HCjIm-VZug8^s2fC&PtgoN1_&un4*){`Kv>ZmT>*$J5(0=6C5Zb~ z5<}c?9rYIUXHy7Sc?xmAx!x%fL)`B}L-eYJ8(89Hl(732P<@H=0it?UEXdA)`bFT= zOXld2Po)36=xmPXesFbmeih+R0Mwh|^xXyGfVmZxQMzTE&BPaA z!?j{<=u@6x$#%B^-XQ=y0C?ge0N_a}0pJx$b_L+Eh1mqyfO$0C zSD1JF?gLteRHy*bD-Z(G6D0`CttE!A+*<0p?ohyZJB{(40mcK2CoTdoo|F*}!X5M}PY@_8q+B&nHvKEt zD@Hh);<^0`4np46{E0clP`ct3bL`+#?qkFznpEY8@o9OE0}n?yH0SOm;RxXuBRpTs zYQZC2CMw0K zh3AIPF4$3M3W>#H{ISHrmBAy)<~W+-rOdFPrWdu2e+5DL0e zGTioT_DeiMicZWkMWgX+>LW=8Tw)RvONbch4t_DKLCYy;BzJ4bzBeZ<>DH8$uux4= zH|HN#=`(Jy>`N}5Oc9H0$tlNUvRerHIFT(|_12GxS&;X6y5E@G@^9Edcw(XoV&d*a8P zx#;PE@M%ZqO+9g|HF{~pzdS-mRbx_;;xBX3U zDemr2pcHp^cbDQ&+}+(>iWGNur?|Vj7k77i(sRyN=DGL&_#-6mN#+9sldQehYp=bE z@9D^F3%PSOgw1_|mzlM?W4Fn1k$zC;DLd`kPoQ(*^<+SD%5nJoT=tR-N}^cAPJhsG zAnMKUE5SAJncY$j)Wg!lc~v4?!_-+b!~12nZc4iH6?Q!6qQ3IHD6kE)S>b`V1`KEF?BUtG$ICFBYnak-T-1{SMyg$ni1A!p8dy7d&+%-=FmWl$qM zN$T2*S*{PxK53-B`~NtCvI>tHKNaz?R;rNoc0Er?0j0`IrOM0Ls*%Eq59b}w@}T6s zeua)IY-H>1!=Q(Wh`!vMdLXz4gM#{eosc{|2S1(it?U?5KM<6$)bw=HuJO z{vkg2QZ&&*_C0-8%D-wwiTmfz{4L)(Mp$}^BHm(G=c@Mn${RD!KjyBS`q(KJd1s30o0G8mtze-aQ_0DdbYO?7G${K> zO+l7Kj-ji)f#h|5>SfRKJv7?O=2UiLDS~GvkF}vZL>N*jBB>$?IbmCBkJRza*$Apa zTC_pX5-RU#l??X{k1hzknn>^~4(ZOx)GH_RVd|H$_kDu&5!1$jzBLn8CimNvslPTlCib8<%M0H5W1=mSO{4bF`EsF^9`wxyv*u+QD3A;6Iw{N`6HIJL^=6hhcOX zOYe>L$kZL*XgbV$AwR}1Hw;eyaEGIlJ2EDWNU?5_^oKP*bM-b^G>4^^9TBw^%3nrY5~cQkRr>)SJ)?lE``T5ee4E}QO)43zQy#QK2H z_1Sb?CWKJDT$u=%)nWb+j-T7Xw&^Xmc#QaT9hylxGVXPxpr-$=ExojlA#VKAM*Q!_ zd}6BKk^TpCX2^3c8SesKEBWHjk*|6L=lMgOaUmDp+;Q&hPbG0wPY7q-n*dqd>2(P-5CF?GJ3q&K>d z9%H%T@O?U21v@vci&eTku?QQ#pHCh?^gBH8bM`~jQg(W&lNPY2nYi`4xBwD!Fr%40 z@tWWjukGZZ*umlUd}tgHXHh`nyai2V>o^3v611wdEC6!?Kgm_mq^1E$QfnKW=tDm2 zc{9MxA+YJimOdGhgCVKAgsc#)lW;*H`Zni;cREj0gZop_tm&{EzNqDTOMNyTo4mAq zK)XnyyV1&UTy8{7!J1zd^jF#@Z^G!OHEQ>5?E>_%*u4%u`)EFVC z^QnLkhVd%P)TXX!O^HdpP`u*+v%Z%N2VZh#wfsPfSf%|H;@?W%y_WfX^fH zA)4KrKbJ}7nx-GF3kFp)$(TWEF2Q&Q;)tZD2BG&+WH1ldRQMJR{9!piG;L zX!-GBCb9I96F3Ofh^c73xP6Dlvw$K<-~PEA9w45B0)C`izF-u@nj7- zy-0wO-Fk(dd)UMkP7n=OjKZ6EqpNh46V`8iW;+8(lY#iwrH&)yjiIg2;> zwsm|8^j2CncE9vZFF&a`3K1sk*I=EeLwmnN;nB8be4T|98y!e@bU0s*5)vc4J*q{t zEZ_EB9(POGq*wK4G7$;fV#O%Xa>ivMZi>*6wZ$zf?zZwgvEIQ^K+N1(zr$PPh*sI) zw8gV&+QEv}EkWtIqOmt;_ZEp;IJ906mNgrIYMtHfxENSjM^$I9ZQVNp4XK`s=ZnRz z3ka!RJBsxCb`5(C#rS;-4`ZHklnE-@poG|msLli`#-IgN2CS&&uO|b)7xPj%0@N|>Fi7Ka0RK5ytMpf(`6yCZFX&Do#&G@|v21pi zBYS_E7!7CvJ=mKDKiHFi^}D$qF)N!GZFA8wI-l;QZS#`fz+saE5wm>JaKptUrG}Z_ zmHq{)2KvF14R*Oe5kvh9hh_AF*x&Yz>pMJ(6mU~w)%oRN+jy-ZQe_lidNY%B!oNVw z7Kvpv!9HXGWk%I@Ftl<5#Al7s$Fw5J62d1C^B#0*=f|>;g#w6kJCvGjeQ7#Qv}(n} ziuE|bQ^xuXyvMG}T(#JH<^53aQ7J5-G0$VyLQW087}|g)+PjHK%?qJ%*5<+4ojs&M z(lx7b_M+!0=4<;PS;!9_JcXtU4PUXPx5yT?BwdgAn~L`;=+7TE$KT#2^Xlq^rQhyT zdiAeOLZa=-8rI{5@GhuM-%@Wd-OW4@l0y)|UwXo9xB^Xdzi$0v>#FrNwh1@hv@ZkI zD{qc{fi*+~3`l+k3>3oX0TVaOHBlptrDPn~K=I(%ok`j6nN8?HY8eGVYIDK)8-uZY zEooUmG(c*}Q9x>O0kxALL%`P#6~g#_0a-TJym9|>gl$d%7C%o78EYAUuF>NGS<=Q399*&7_S3$y|rd04l8|^eLtB2M#^0-UfK@RSEeBGR|0>t3S!7uEh%^+7Z-l(XSK@q{}dMCvV0$m zt-m)NPkW%koLEXEp#pRy(2ydaL-yC&$pUC!4FV4$u#cE+6yt{aA`wY*=8)y0@VXTB z4xn{wv3Is=+S93Ij3|_E>J1Q3lJ%s&6{3)#2pN)4g!dFf3_Lu#C?%d zc(ud6)PS-XU@iN?7iSl_3@j_2B~!WMf}>jf{wgc@eog+XtY{#Yrf<;eD1-U&3^+Fk zhpF;xomhVYS3)e*Az$@MbvMGW9M4bKtaBb;3&25DFyZVHmR3Z*GajNJJX}js>LxQh zA7~Gt%(Mo8nok=h8tra)37bYwiYF0#*Y0U%c9gj8Qu2}z7Xw((J@AR6z zSDt=)`k?7wERKqPdosY*zjg3DqVu}1B$|&T*TQFkgqq}R=IiqEr03*rdii06kMJC@ zF%2Lf%yjX1`jVw22I5kw`=5e?Mtn6EbQM>|PH)0%GU~PKj^b>oz`ysNta`BVd(+X# zYl{t(?7yoHyeEM3uWBdb$?q(i)n6>8E=ZqmZ0Ys*D!zWK)^fJXUQ`DR@%_8zAh>^7 zuZnfT#pjJ~#a{dpbvw#Ixz~@3X4YTa+ufvYuJhgWJqtE^qiSP3L6o+VD z$(hU$+#(ZYoj9&_V=3cT4W@?! z-tyclJ_<)_nx*idPl+ctSvw;TMq#DYB5n+rzO{;v@{UgKfmM%{z>kW%ax(SC$1&w& zjc*BQ+)x14q$Qd?i1&aI)Bbz`-p8GN`pH94(bt$71$PWr8m0se6 zyQ^ZJnPR@t0jcaKoV^@7cF|{nO3kILdxP$@EO90ckDbQ9WPFcpabbe1kXd6Vbcql> z+VLzRrBDiHY-fn$*axEN3t}HO>HgGR~9Ucdxn04?gfcO*g zPp#P$95u7e%GtMNa|C0Q3U{vDnOh<WTr`3R;v#;&3ghqojo_OWnAL|i=U6s zLKCzS_2Y&dzV)%Z>0Jj`Qw>$I2wk!WRZxwPvnZ#cPQJxlIJWrec#EyybAn=75c{+c z)2IMlTZOPd6*pr++xpCut6{f4DXk`qoS~$S5PKZ)(VoP%8LC- z*6jmf?K>n$R~QJ0Wr+SK5F#~L5a3sjOQIN8z#S3rE;I5gg_T{`sTsPodDudaOoh_~C;qloj8qE+Z(4zD*d0tiToA}B}z zNS7stuidLvb+eqeHm>Fom?o96X`rgndeffi-maMAxhRM#NVzgh(`e`>akZilxGTiv z2+n1=rNo|MkTK40^zQZ!5VesDKxKBDFHK(m<IVH1)4~g2rB>XC-jsQ5X$A{^@R@9 z31m+SCYxImf8>HQGI42OyXQgB6C-j6iDlh?h|y{Z&16&kf}#&U0@!%yYnqnuz#G$( zb&MI`3PDM8e-WhzFY?D9(^=2JFOQV9GJt;QLV^@x&jS%+A9t_2L;F5lb-)Y9fX!Vr z5u$yKlehVHW5ucBk#X|HVw1dSg>y6t(zI;ABua{|iHWsAitfS0a-jvMu8f`;TiQ1V z5hZv65X7j+pW`cdfeWirG2mEsrK*TT4Lt>pr0I=FgjRtd_!IV?xy$xwjk&A3Mp0vj zxBsV?hs#5-`BCG`X<%sb(LyUe{F#yZK}H*{v*+jY1Q-3LkX%vpF*~$o(zL7YHatD1 zgWh`%esELC)^D^BSzwQNtS#5;eMeJ%1vcP1A(5cJ5KdMU-Dq?|Xx9c{bwX6Gk_-;g zQFPajD$chGm-cGFI)jZ)r|uC6fKaBJpdQ^9S3$D;)jdKGIq@8{%RpaB;d2-TQC)6} zEoi^-YG^!SY=~2Uc-=l*F9pTJ5P?if1#Ohr#x~c5%g7W@p-^{}cC`&*zE_)}D&bO7 zkYZN{#EYu+W~th98dkIatbTVFZ6_2MW`*?@YtqS4>FgT3P(#RmPEf0==i1sM~nH3P~Rm z0+e!X8e7gtuS!}i4PR`b_v3PADE)Rhk2{K6{yL?os*Pyh^q-TKrdkV&@{9Z z!tpbQ>OF%zS348hx3~O{^`zcwb$xS!qs=s)D|X=q`%U(gv(06{!do<=`c-g4%P1=C zn&`a0+#cY;X5E+DmlfdM7ER(I4>01OkENoiAm`X$-+R5U$Gd?=O=fx5@_M=)VT@%@ zrY`sW(-ihsn7+H)P>VH%4OPzg-Ie~5DMiG~fVf&y5ZcQM@HSknTb*n0I$!leP5Xl+ z5j^RjJ=S55i*3l+PPNt^FfIT8QR>EW*@vyJ<2>1m%Pt(pmjGErjdlcLAWIEw4NK*! zgDRpAK5%2MM)M#BIR;vCt0wm180Op_M3ZrnuE^c%7$Pdk1qBr2@NX)MJ>tHb{0;j< z-HTZK7M`tzx`dK`~X%-XK^U+S$q_&$*p2dcGUiUf--ulM`&W)q^4{745&4^P!f9iYeuwFShA>i} zPN^U0Bzlc1hVp1mW)5V_)poc(@RaEAna}*ayha8AmH$J*m!YKoq+tiDz&Uknd*yEq zD$Z@3e1a5+Lj5Xch!^TT_&mT_>|{xI>fj=Z6VbcS32pW-`55{~J`z}<`HbR|{)BFR zLz*1^Y3S2Y4Hg;c!&`*fWSshgxOid*_Kh!EbC>T%TsmWpf}jE8{!lULZ~cf)SY^;t zUi(sWH0t@Y505lA(EE~ouam9DH>^`Xd%-Y%Rj1j`D)`Xh`$fVDhmbI1)cP>4M~&D( zZ=vW@?2woFKBF!NgLH>-DOP+3?y>+4s$B)rYPab#>#!)zsFXg$m(a+_fuToE=1znt z?YE#`Q#hz|!=J2xT2c#vN`?mPO+<$De~8KYGvtBqgB3wSGgg7qKIEu^MdU5%`Ia+c zM$x&vbV&kXwnJ!!+!!&;;YQ1@FwDAn+-OeNM^J`5(jWDha0^Xg`*BVtYjI>hv3;WN z#m1p8gJ&%JzluK!Wsi9yQt7@KU$>e-_G2@sV2&1pf86N&U~=Bb!PSG1u~tT_#DY(t zY7*5J{0rxDsK9I|SWEIqbI)`b3K5udU4g-veJr&osduE6Uz_^0omB2bdP!FbS*f?~ zEj-Y#6IeQ564<9uLA*lnBOC52q;95!@FOv$@LlozesZxNQ3s{)C;0n}(p+&0sa>Th z@_#W>Xx2!g7}67GZ`K!=RL71nnYkTzXc`sY#Y!QFb$-oWtnz4`GUQ0?)tVi1=%+HO z)rled``ZI?CKXF9;-9O@5=Aawg1Ayq+jIoA#c({bEFk0K3TYJiY@g=n7je0W^tdzz zlTG5;tJO80#AA|R^+*I7NK!yvo>NI<$@cPpmvT%K_0@Cj5un{M3Q214CCq8}jYy@N zj#Y_U$?qp9$B>Msu#@z^$R^|;z6Ya!YBpQ@<^LNisNSC@dT|dX_30vh2!4;u5<^9C z$Y}(>k7casvNu#+8+KDW^HeLBbhFK;Hhj)fQws^cSmA4)x%?MgNrU~$AU~xh!Xr}r zMsd$`o7K{xkjOPTxJ?j3WU%$JIDtU2N9G;muPmB=qGL5g0<5~l&ZkbH_NUyWAKYBI zD>XOes$7Zzx=JatntPpte2e7n%?@*AZ}K{e6<5L#p%3 zAlzs=Afe(v*rl$UkT%;PzGIM-icFoEFi*> zYsg$mN~S>8toh3AIK{;to?%mDS9;TO&`D>N1X1PbCez=U#b8ac5sA$@jmm^6-upGx z)bQ_o3CyR-?2il5sWLGu4X9J9T_HLHEudEC5^ILli3`>#B0FK|fEdIt0B7l*qQZw$ zc0!OpSQG9d>mQ(wUx8r)7o&NIH*{iaf7}QHaXSJrd>+?$}gi` zoSHQ%E1Z%>##*HiSInV!c^mYq4Wx9Hu?HL_C7Q3?q?Hkfbc)AgZc(mRcxRxiIKYem z-Hy^>E!6uA$~$wjIpW_OoKf;uiS9!8ByesWmjQA~A%s=l;<#eSfTUmEg1 zU*Cenz9R;Twa1-)hR=kr?uh(U?XCGtQT_h4XNFcME94zKA5mOa6h^!=-aM{j%l9f# zPb9y}kgFW@t^w&axTfRBw|W&lpF4aB-}{0@M5ME_9#?0`)1s8jt+qo;W(Syn>N@Ge zE9svIwLY9A=~7uvS`}z>Hhj((Iy#l;ahpqc8H%)mN&#+Dw)AoYg*yqEc%eGKUI^aCmSLPJVW7Jos3fboN`hTi+q0(fm|5<9!aLy+ zngk2A9GWG*q8ov4*%~Hp*@A^=0ig)awaj&>5G^mqC=ikj@4#^-VbPQyZ|8##Mg6|G z&%dcOA?vwmvRY$c|&K>0YQ~LrfjCgC`Z`&tH15wKY$+7})s+$YkasH8GS+V@}^5Yp@@1y)Q zB>GL)(DxlWn~(nkU#JY^4e)#r2J)PY%KriUp#$Eq+`+dduhtMNCnl;$@HX(qM<+&>@MCp&KY{VL_%k<7ZqO5e?tUW!-=&po ziu{$Ty(-ex+>g9DRm3eY_8<$!XN(JYVvywb_I;I1^nDE{Yx93ynz07`5REWyjc+T= z=o~Rb0enn5>RxSLwIP~fE1H2JRr5n5$tP}^2Wb92)A0>LfVgZr*^)D>1bY+$c?Wq_ zp#r@AVM1PIUhBdLA4fxLS-;!>#ry?)J#?b3 z9Vu~@cNFN$GUfO5C?k|tufyFe5cx5ev&pUYmFY=ym?soVMJ=Zl zqvc^V;lBGb76~eef5F&^0geoPB1mK%{G--`Az0droyd|g0}cF366uXZ$ktLU%N1*?{NFy;%I#E2U1W?9OqTFM!3V0+Bp{V(Rp_o zMIFxBy(bcoJDLEUIdFZ#$2OasUXgxP&x!d&osyKR z=_q0Egs=z|CjpaDKpg2B|c&0^sVnh_eN_`v3t1`;vfiW1bBx=_|YsdsMCnyJZvDOD>CD-qCfs zX^OAuV`z$6MI4{ach>wPI#W0Aslw9rF`fDYR@#);%QXg`TV8!eCgWOEZf6)K#kfIN zi@yd8a;E3*DN>d|DD)@)CB9>q37&>WO^<_3PbcV~D4|KwVv$7*Nl;(mdR9Wef_?fA znL#)F@PCjQEjg=7*OMCwtc-?$KVSx(*G~U)tOH zkM_=d6vk>XG(vT&C;ZLf=5RWR>C7Kl4%FTbjsK_i?)mvgdou)8Z@}T!N_Q^!LDY20u(S2%Vf1RLT{zh6 zvTB83TXUZoI>g8qI{96)S)&N~FNw`#$cV%ddT@Pgb&R!Pg`tQ3^5xI@MeXW>v2?YagNxA zF@K*%7&B((XnLq9DqcN`^+7<$%#B8KA=kSRiFWvaYbPpHC%dCGn($580q+2TXF}$( zCbMi~AP&yy!X8XUk)0)v$J6=#4ee)~zp*Moqdc`tb$$AG{Nd=EaVxvYL6bz?YgTIZ z7*2z>_<7YG#qG6b$*5gVlx9^|Lf9#{jv{Khrcno)Oo0}4>2rHQx-j1TX_yn|4c-dF z!j&%a>8U8 zlHAar@#>$K%S&PW6(RV-cB!%R9=K0M^I_@@b0Swh6IOgKc|I&&DgK;cTC8c6i~dG- zJn?K=L^dL^w9c|EaS9^QR$p|(fJ}UNd8!MP>Wt_8>rDuSbj;wS7^s|w* z+ymDqQ?iVaxZahJ#DtPGKSIvM+!9?~Lt;X=&nAB;3sHu^72b{nK;S|#s01V*@5q%2 zNSW<1=l-~!mV~9|42)z6By%5Ka*C7c;dY9X#6gx+$qUip3VCI4m*4<-8+#HsgsO~C z906{cFvuLWN#$Kc6h)EPXx++7%OO{(EWBET^b1*nc&f&5lQN`jI| zVh^&Lj|O6o68{2fKP2w9y%q(sS1ky#mpcA9GXvRToFQZiqn5)t_fiLpn$frI>thZ-CE zWuH((H^P2%DW}d}FSu*}2dAU(l9Cse5G}JVgas*=u#ckdShzSF-n6)_TSm#uJHjdg zjfiM3t@W}AlTYEHb4Z&485bR^Uv`yAS!(WBM5!T3WN{G-K^{(?St7f!+M1ADA@KzN zQ59LL%|;3(hDz#4ed!Gtrj{gmp5pphMGEo)Gh`j}mZ;Oxrr+5QxlBj-=nJM|)HLWPnSA=T z(^U&1Oz9^_O5h7G0z3?sEP8!26!IeimsO5iC!nNOGdV}3?3mX8ZOwXB^_jbiS{gUw z3u=-whb3jt)-JjE~w`FgU2d5+?HzW_0Gy% z_cBAyd(BKzN`F)c1?vwJE@YWjp@1Ss7#r`)(@E46*Rtr0nV;@WhES+-fQj;I45BbI77;rfBYG2fM-nYoE;e&*G-L4t||B2)+WHBSq0Y5iU*_M)NO`YXb$5 z$5s$j8aHjY4K|d4S_CQ(EFF6a9FbfO<2#K{@UyU$7c*iRFFgx(wfveXKXCa9RDbSB zv{tbRQ`lv!98?>NFn6#hihZMwp%ouK-!6#LL@j@6h>LP;*DPhw++%>2SV@DUm_Go^ z$8J2M?rYd^ulfqtnxJHTsyRHM1AL1iiEjhEH3+kbyiJ1KfgMB5Ar|vdK+aVWd6^b} zV35kr;DDae<%dALurxV>UMI%^uAz3b6gF9uA$EO=hB~hun<~l6P9HG`f-G+}Yco1` zWVdi)gQKC-F&+-%+fLU)FVgr8~wg(Pd32U-Y_+tEI>A=ebpTj zYONVD#ywMlF29vm}GL^qoo=_kr^M%7gt3&y!H>70wAmaeSjK-h03L@(g zxabX-0?7vOgZU0%0N|SmD&>cS1aXGlY53uNaU=#_thB)9hKd^2?ixq6$~@p3RU-`S znv86myyS0tqv}*4P8mqn$LHH|12tUS8%(6UBGjVl7Kqjw=`HYkaOhJ}tfgY_*82n& z31>?{^W0k7paWF>=9w}31Z^C?IKqQjD}26fOyB&WifoVrchoT;SY=-U9mqdAqzdb& zs`s4OXa`a+8ndYXMrI|Wegpd3b`g8w(|U^`ZW_QW!fYYD{>7dvo4~BhQjvd!!<>Hw zI+m5liho7$m`iA-$$i0DQ_OcI$Z<2rxt9hFU^O}fVpUWCwgOq-{AlB?zf@()uER|$f1|7 zbe>?l@IzW6kV9J1pN6yqp1WcnGS))U7tpg^h}T^XX`xdIiv};I zCfWUjKPvJnegMuq4gYRcujU~;Yp+@WgK2P;Vr!w-kV4KJa*I|N4jDNX7{7aCr3qZO z)044NGh0nEWb7I2M~6;Zq6kiQrs#k7Kge&cuIOksVF3ZieiDV2{RCK6?K_j zTgS|YnO;6JwZoWPdT>PT~na7A^H$E7^7r+*qZ}5>@N0kozbI{{@;m!1m>4_UdGPrDeZre^ZjPSyWuZ>?LBqxtBr_@niyIeqCS-Tn)k(q|uhYY4 zuOGUu#zUx=1@tQd2TL(hvzo;xTgNIM^A*0DJ@oDcSD32<0wR4MT*DE0=k;wclys57y zK<7ltexuaqbcb3EjOBItmyrSLJT?-H zjyzOw`T0kW3M(qi?cU=omMFBDGz(e-E*53Z2?!U(de~52_5O@bsBj0$ zA@0i+Bn=JgEw@_$1Wc77aBE3=DfgMCdrdMjJr+CC)SN_voCA7r1LR1uwN!dlue z_xoYf`Ju|14Q}A#HB$QVH1f2`2)RypaoGyi%^u$_+c#ndb`O!k*8icFMr_o7upB-h zzqzqvRcEOte^_Z`$Sxk=$``q~>cO|Z0iM>62?&6b!GBRp`+@%tYH4`YyY>OcW6muc zUzi2^xsbkR^D;ytR0udG;hF;GhB;+*+jmJN!kq$~k2rv`I%Z&Y$U$=W2}}IP17nX= zq+n8_;OaI^rYA+ejBL7>_1t|z#*wkI@sB%64dfAfv^n%ZeDVtbL;GKM5c>S#S|6PNVyZoyLmu&*p;8&3U;8VSS;ZuX}p88N&*na{6EdNI!0B4B| zw>j2sz}>yW9Po&@Gb0N_a8av2yq5XP&70tNu| zkE0nINjcV0VOL}2MnJ=h<=h^1fZs(OvuaT8W3Lspmh%`2BV))qV;&!GDVJVy!;lgv1%heNnr5wYAJ#SUKSi zFWK_gqeDHPIcFAIq6v+&zz7Zm{GEq*%Mo3I8dIII{kIbJ;wk#E>K)M@EJ;H_X@+hC zR9$*LnH>;&@hCsGo=b(TNpOHnu97=WCCc7v9>-Sq{kyUWusB*Zn zae0)XG)NE<0jrxCdNYxMZ?J>Edg-O+bDkv zc+S6#!MNr=of_J4A&k|btU`JyE+BpM7hVs>h4!4AZ9sZ-?IgXOGiEtfy&l)2bqrKRwf?{H%D+2qq7n4b88R4uV!75+*P`)|4@UjqL*)6Z|Fpb%Qwf!MXku z2$B^VlCf9hy-zlG5VRcewP-^T(q-H)XWy8a835s4D1dNY@q&c6lzY9xN?&;DoyVXqAk6D ze_`1<>=k9;Y4~vtWh$VKSL1xVP5||2%Ho-*+rGo|5qK$#JDat`$=L{4+jex)i2mh zchM;aM02hR4j=td^PZ}mvyZ>-P0&3{gvO)&iy$Ek@wkb@PnlSK*8A28wmxko^Gx+d zPk>I?|IIR8lJkfI3C{0KA06&cza^XpdHrxFCGV;!*l4)3?PLN`**#ddPu(K&UM1OA zd?c{p$Z=?nJTD&-p}RLpC7Vt!+*+m_02lQRpm@A2eXHA-$Ub=7$U)Mrnb1l42$|5A z!oHLwQd?mla>CM0^O?|;mzap4)dLQnrXe?-LVK)QND0QaC_v3=L>~xV$gZa;DeKF+ z$pK$s+*WXsg+ac;fPW1;vz1WJJXie$s{n@NOY(I$v(*cs`;0UPylGO%@x}Khhl8KT z;qp6McS$s^H>bl}9Truz=OoMp4ddJOp3l%nWtH2@a@DSnuRNQdyd1P{&V^4P&#tei zh?&LI=Tl-iRQ?$&-~8V(VA|A1GeJ_5AYUau1HJ;ZN63Ap%oLt&kNn-btHGKjzM*Ut z?l()E+*AWRjHISQT&o{X{4>T`8L+00^sW3%%$M(wHhBMHlK=gegvcw( zE|RDqGU@&YUa^wiC6LuN+tzcYE|;XChe<0!uM2AiH#}y1qCOKIT>RFqQUG00z(q26HFMlM zOiX+_EGotS)<3TwIkFm=i`gl2?keVF`pf|+vj&)A88ur&DPOkItDCiy)O+HcjMvkN zH5w+Hk?T6OL;a?mf`g23e=T%3)m%|`b1L^Rh<@^sq^8RNLDwjrrToiBSo@9t`5zyl z{A&a?ol?Z2Ti6*R#^>Q<1~Gag->+k`%L^1KB!3Ti_BA4u0@-VqA4GCB(`I;~yFdQd zAeewdiUsseKjOI{yvQQPAi6*P@>y~i`iO4L zIA{N3C0y7d_WWZd1XNaa`rlqE^3RQn= zc^iNAEc&BguKySP0*rrI63N)u_G3A`hsq$Rbyw|NeENsyu>B|(`9`buIUzX@J30~u>pVxF+^R%OzY@#jwbr|PO?!r)36VvSKEoQwqpQ(>#rXiEZ zbml6tg3mvZMV=;wp3eS*U$@0d(XnjKG9HI+NSV`CHo#GthRN_adwhg8J%$kR@Un;G zbVQZdgy#rl{^oh)rBE-yIUr@M1MZ0R#Cnm5b4Yi7Upn z5W)9}uXPXkQDYWgwFwn!l^P|H@?@AjqYco4|G~lYYuGK{{uOSt`5Qx{Oi{6R$p5#^ zA5%f2wm2iEoyqC<;v=68`Lv292=sGt<>?FJy^>C8o!PN#4pPwv18k~aY~Q~F z-VKi+jrklhDcC63T&~jT)-`V1i$EMi(yh`CSuWU((ioNdzUR%9WoFw!1W6fjMx14D z!UJQ7fMAUi7yk8Rcem199OxXlQs)rEg-;G96Q20Rmk~EbgF;kxMdnkp)8@G9GhnP! zTo>|ivLet>$W3?gcS4R6`=gXjcDP6Kl+%bJ!T9m=mJ@Pe#`tIUa?7L-s7ei%lFg-VN<6YSWz8EcsdsUby_DBDk(;@ZtZ3D@ znL}{_{ASzZFrB_it|x89zR<8oJK0l8P-)pGG|ZtL?taO*v@ltd_wV6}OR#{nb1C%J>c>F?AVLwNK&yyZFtuPJ{9QavpK+uZQIu&bYi3+AnEE8Kf+@3r#Ihx3YbcBy$kL zF29p#UA7m;FTIXk>&Mi1<+nS9WObne&sq^*x&hcQxt%$i+f%Qn1!lga&@a1Co^sA znsUFhsHcR}`pw5%%B&}0)X4|8q~+u`X)dvNe@W8is^OklwM;Q@S?(Q?2Ntn1X57;<{irmDR*~58v6QwR$`N2qP?T=`)`&-=PR~5x-ny3_ zzMEjL1mu#J9!BK8n?jjg7sRhbk36stet*spdoL7PN3ih-)9-mXc;m~$$uLMCd8Z(~ z2raFv=13(RpXFCmHd?|S$wWmuKas1nA&bFA7v2ez(^!W zrdt-HRHZ5Zo(K9fRtb`xZRe6-99^6w*__N_az)<-pIX#~5x+C06B*|qb=Hhp?umNB1-0ZcZvMcpaybt3K)|!=)pq z5A7gE|NbG+hbhSVd{=)JAihAhq9iJ{6Q}|gV#cc1249;Ijod1`aP#BFfyACgUG8}I z8{AHbpH>>Gs||3`Rv*Db$OFot0LeAbXvva>Jf$RRxyJ%#q{Ak~|T#AL<`3CQNd2=WV;s#T@hCZMXgz_1LD*RQ6@+oVyM(gw%8HV%ckS zU_Ibnz{l2={unQ65Q@|}Q(|iyI>h9c;)y$|dvTA?OZTqFf!jgn@0-!ghw@9{s&c>7 zie(eH##4yl+t=ykW#}@s4+lJ*orMnEeN{I%YPq0@8m<~YkPO`%FGi47xZ~4A2ne&r zM4jF_8CgADC#r7(1-vrtEg)^0vV8NZ*dbUm|=ue>UWo@ec$?hnMZsP8)CnA1s$*z~m@V!aiK$_>fX3%Z4- z;Er1R9vwlFB5EEM@d9#JuP%7bh0QX8JJbWM>$D^krbwui2G@nF;)^YDHM}#@2P6Z) zFp!3++MFWn}}| z*aIzfzA2uJ_PuBSVRKd6n(<%0m=@D3>K#yQQDn~LWNVgYpJ`@DS?rQhxB%&R-`a2C zyk(bsd+Fk>B7wXW|Feuwptk^K$OjroTm%%D*aHy=40K=*JgQgw05aGv8=5#g3p@-I zk!aez!@({T3S-izyBfS7{ySkn{rAveN~K^w&UK9<@2vk1uWG8Bi&T@Drt zmx;sB7Wj$Y+P~p=hnsX?KvDwGn4EGAT0&b`AI#s+;h<8Q<9=|4>?GfosG z56$u)!f=pNSo64EG~KoNv{5n9q;Y-1dB^nC`~go{ogODbJ}`++*%pC8dZI`@S-p^xthP9VqDK zTvpSi+?jp$@PuR!^tCU?WgBHYuJC|eJP#QFUqde%+ZAPf#%n~sQIue9{Q*fpZQ5j* zSPqP+b;fGJFM!QM-H5x;v@*Q6_0<4JGx_~feSoV&4|m0_tdMs-Ln0{9)9XUk*0$P z&5svrnNYaB#gI1@D{|*`A$PPx&}E3oCN#9c>;GfmP%BG=o@c7xya{)Ra1&K-Hl5B3 zH`m8Rdp>N~7}?8OBF>--q8e;HaHpA1E|01RdLVR)i3-aUnQG!HW-LS39TWHJG>4)B z8_#|Hcf!)X+Drfy46yY)VfM;Pn!DGXwz;D40g^zS%?3J+}{7WxYT zrTU^v5)O;i$7h7luj0RNd?}|z4NWFM9AYd^zCSlT=zHwqt%o>S*gkcA_OfF=Ld;2o zi2CHr-E+G+-@A=p^e`I8h4Mq{83cewmh?YMsNiL|?6{B$5*7c9>uLF~VN2N(iMhYs zcSFs~m(SW*1&gqEI|z*)NE}Hw|F+c({Li+US))GA`v1xigv-Cz=(jCi`GwVNoCca< z{rZ0%xs;3e&val(OxgO7iZr1eDG5MdjrV`=tI-C2azyrN0*qYpLb$_hHWjpF?K6Ka z;%^fzVjM@D!#`k>`86Z=>x%42G5mj|2}=KmG@(J<fksHcRu8~G?JS@1;m z{ixhMq-vQm1!lRTezUld#?4&SJ>@GhEvK6%*Y_3%bkyj( z3e}qU80B}dE&$Ao3g4JW?H^kyy(6_5>ZK)QQcxp1&ST>gEcSxKF89Z4`HYu9MhnX*ZY zt`@$zSr&X^B@FBTX2EP81@mWu3nJj3{n3YJo(ky7rs(@0qnCD`p>~=^rX8iiGj890 zmabAu5lo6=kM z`NRzUv5r7syo^F#>ul=CZ<^r2>3EFq*kc$A7`8H2Np51)9y~7U+=FBumOibJ>z_=z zw2Su4xuBY+I=0${!V{bDz*j+erz*-%*G>jYG`Cfi^{6~RZ12?wG2!?G75V+302K56 zSYV>7=|nqFtkjSssWHz8{QmF&3V0SVx%y-2Bj!_m1ceF?OYo~fQ|tvX zzjh4&#?ko7HRN-~zsD2(liy7t{dJpH`^(F&j(N0~Di+z~Qp0>;iD8t0U}nZ-x?-{} zEG(UDTcUtJu97O_NZ*F4+hVMp7!AP^8HN;1f(nl#HE@tm(1+FYRj_=;VGc@i#Oa%y zO!0njZyhMkg8-?3gs(2~P0k%0$PO4Wh=G>yu8vepe;b8~Hu`H>-3sjtpRm)- zoTBn|5Tfy1T#G27m{7C;)T40C5~R|3Ona_}h@)J7ALY#ei;Z%;7s2qEBjV6)?035n zOfLNHjxwbx75?+%gWsBtQ@0h}YMV$sIH$|w#IauNShRP!ey|fP>Sb@DNMW#1>#=@w}rk#^6-I8SmP0Rts&qO;@5H_lg#=R{U6hSvehg@U~Aj%=(SIgBBTo{#AXW?!6E_{(HIQWkbnhj zEI*0{Y@7?c?}Y#iBBl@tgbcioLJl%aHn9yPhNTKh=kV`){Qz?z{+5DF@+}1&EGldm z3eAS4OfAUx+_dd>(55Nfi|DhXIkkWH*BY$elOE5%B&~4_93m(2saF z^wE*q8>Ank`Ud>^Cm47gaGr2?-oZ$Boi#-IjARns`pL|-QL9HU5(OC*&CCTEzhffM zxXDSx#iC?WBG8h_o+P7KGw6r%LM0(dRmCdWy(?bTnXo4W7@d_M8;l{ajYlfnhNHk5 zjAKWeY1HNPYWKDoI*NL&GulU@$N7o0ke%m7v?Dg5Nj$`^tz^WmrIT<-Ja!fxB-*N= zp}dV7Jg_07AeecLZ}ApxKT~dg=qH|X84L(R4Woua4V#$_32nMx76t9IKjX8KAnXVr zr0?J+8Wb%YCm3w|;32&^$%y$!e56q!zmZE@M|@zNcB%Q<$!sA#h7lnR7&IGIbGLG~ zVXz~iA18$0I2~ng9`4iuf06Krxl%DkARH|52AU$_+Y{mgKG?SD>Xu%c1>zY52{lk< zFGyvia_O8wO#I3BKt|qqMHTRJ-`%naEXFi0>W1DiM>XQx`_;g&zPMZbeOkxH@kMJ{ zscG|z$Y0?_YfD2T_RPRVYhfdihgVJIs)Ie>dXRZ3XzUPpk8_Ko))G}n+{G^2#Uj@L zpA*V8ry3jz5y{ZFXpR*a{I7{$@QKAKNQuQYM9y?%5{H_}%;JZdHisD&WTeiADG_+c z+<@Jso#m1)p`BeT5f7q&A{Ux0jb;r+aQ6|rr=XCyr=SnVg$+mG13oQ)LoEKo{Rk4T zv&?W@1b#Xd;C)CxgYhc=j_1z(j)l@dYCQI2Jmvu2ha5xmXIMlJi(Yqlp9+iWS5Eez<)HFs{N?pU@3I!<`I1{Qq zL!~4t+90Ug2&_b#a*5$xBpYt;CDsq@Gu@ioXS|QskIjOtmO1+@HCQEQ9f-z*SZyJmGX@ zb9qcWUhB19TRN&bk2b1Az4o&fFgR^Ien6c3gogHxkg*+0T_cv6+niArw9(x+bAbNw zG1-O+;wPD@9VSO!N4M)A^Ar}(5XL+uhdG_*OTqJT&ka zD{|AhnOK%1)8JE1-?N!)aIM)`UA|C_|8}IWqd@;qL8EuJ9G9oN5}-pM+e(X^K0fxO zx!tma2BYm2-{tparsw`7=iRcZ?|&{Q@wT|Pp*k6RvFRPTEb#2zCpDDt>XqcQu9*0{ zbcS)8(C=-5XlZ5Q^HW0;WdvNDx72>f*%p+o#Yj;*s4vpHHnKWSO~ zUuSIsc|Pz7y1gjgu{vX)mONG4-754d?(yzj{HHI_zxi)$RN@tHYXg$GM%0@$2FnJe>eTQ|iFDwRPOGb_OuK#VC&ZCI)L2 zZZx5G+9XE6Yke&9(?`Sx4sx5`d;_rVL^JV8Z87clwK&D*N^3=`H8}WPl~{lI-nPht z^Cj|L)IX<+@bNM5$%BG*C#aZZX)*YVuJ*sCgtaV(Z>fBd?vSSVzyDalyAD{*QeLzc z8e(`{@SqM;z;&l>uYc5q?`7Y~8WfbA(EuQnV@JTB!? zaezZ5Nb{Zv0JaiZ^0gCtlsAfGQ=t!=hbC)JXQrT`>N1JfzMU#HnNdwgIU;1txaHW0 zZ6!IIZ9@CpVa&QUI1o|52lUUhP_$?O;V=VUhWg@V*XFji*Q*AvLQWy6XuKUSPuFA@$}U%D5eZ}-Eo z_A$(~_e+uO{bP|O34Rpmmv$7DUTiw)#43BXzT{pM-wOCckQ z+@@h?XwVC}4{uZ!s22d<%J9I}koA)z29=kmgHihkqMh?lR*&gZQHE`zIub*(N5;(% z|C(wZeq?g8uc`@~aK{mT0_Ue8Q=v9#J3elFuoe>HWEJ^$qQk@(vonwQyHx}D`JJ## zB;3WE*i@7<*kyRZh+$b{9y4PVgT{1n_x&HmKp|M~yHF@%{eKnY16lN0)D1d4(tJ|T zG)Mgc$I;NNY_2j!{@C?Azula`REz*0!xQm9xfeguKruI1sfnZw8kDxcw8;x8J7DrY zeqxr`6JQ5Mw`X!=m*~Wd4n|NIQD#_8ql?6h?M7GjDLvP+)OmN zgL{G&4Ev)ViG@A`wBbMfBuRPBq<>PBD%<&kxh&lwfI^V9L(9(9s`3eCNY=%Yxx0C` zFaca{hMKw6)vlrRt(ArLJBDsn`H4zlDRfk7cMF)(Yt}bUWGI7)Y+>Y3La|P=;M3C%;LE*UmMCBXl9Nd2sjN=rRX0*`v$oZ`WOgX7D}A?M`Ly^$hE3 z*SI(jDx#~EdI@B&mb5fDX)GDkRizDX)CrAA5-}JIX5i*LwA{A1Ep16>^OfeBB$uUV z1(;afq0X`6BY9i2Dz*BogXNQ{u&|`_xf{v~29rtQcXH78Skd=al=p4vrEAS4 zm_&4D$84s4KK5It;aL>c^;>)3U~45c-NgaZzsk6yWGUW)BBp53FwbU6_C@lF`c0Dv zBl>k$6b(T_`}^#bZT*?(Kvy&H?m>|=tKTE1k5{pX>DmVm69^;PeRTw#evQIBtRx=6 zmYgE$s7LkGAwRi`m;PGN30ZtVxI(nd&$G7RwC<~IorCxkzS&QSo3roiDIE^VEdI(@ ztlH3QKQS2Aefo<2M1yb&CC2;MCkZz}9vBD+gfQU4j%Cx%u%GfFOy1Pu*59Nr+`7d1 z-k2p#U{a#~;AOLsbNEIVZ?T;7NW>{P+HmE8hl}XLs3czU_I16=Q57Ru5u<#4x1|dq ze;p(mClN>C6vuGXGb-+wpV4zj5&;8>K3b$u!X)!{!#s9Y&P`PyI^pE3wqdfVAHGT| zsY^_3E;a#UE{2X`BB4smZZ2j=PD*2=)*nMvHhz(btmereyR&mtsfrp0sYTmLmE&zXrQ})#8b|dx^TCLS9^;kV0-aAjV9j7earB z0&JfoPtqsuv=TDsC>jFGKSM!>Ps_KaC_yzGbPS$c(!_5;QgZN!l)tKm4WB&`-h#&A z@)VOirpzV=NM&Hg5yh;nJ;f%})p7VrOARZyZM?gKG$vR{LR|4Z8tPev$?3J9Vq%`pwlkN3TVC-U~8EGRLX?^z^WnW>b}l zOY0Dlgv(8?VLf;^)Fv*zF{DxDK&;wseD=Obv`+WCunJm%9N>SWfah56YIHw@MODh5 zh~-f+g?OTt$pYC0gV}<4h2ofQMNb{@s7bbZPK(dHp%TI;bN7yfY`IJTb^@;hfQCgV8+}RLs-clNL8u!Uw<~55IJBK$tzz~wQSF|MOD7Cv9sTIk_IZHe=dc@$!|^I zjp)`rgQf)8#@hDiTC};K$x>fr0?m%Ej;}`ZbmhuvDCm)zkeZaAU%HFvk%!g7DpKBa z-oF&hYCHG0mb51hBo3&!kw7pW?Fe3yjWIFZN)j7=e{$!Xb|1DK)03SYvK`~Io_62# zY&EH8F)S+XPRydt|vtQR2jqefI2E2Knvv>vBmGo5NXKaB_CYbO`tI!K~@HLza*cMc$3AnJwk}6oI@U2rm zF0+R}YedJC$#r@`w2)iU)VCar-E606o!wuja%^G;(jsC9jlq`PfmrjN#Oy^*Vh6Hh z5u>ZYql`$g7T-v4B-sdPBSwqMWD1=&K_t229DVT}`P>ItNbbpqNu0HW#q@<@BDxcB zkhw|j$x*}(ZG;ay(4Z!elSs)BVMOjLsQL6Tn7NJbpA7FIyW>#?Jlt=Pd?jm1UnOp1 zcX0<^SfGP%YJ+a@oW%Y)_s|5qD!)g|gycv1uFv{j_pIy#w)?9`6o{ZD4hRpJ3&as@ zcZv+EzYU`QArR>A8B~8rFc6DSFYyhybU?(uZ z%AiJ9K}UU{Mp>zlV@R>$(ZLRsR9^J~i;fs=Yom<|)K!QG)Ky1Hz(gV?Vl0sm(kB!m z@QddEv2UefUD@|-6;*NmY%JjMW|-fN-AS|_o6_p4fJtQnoHgDXe(Du2nZBo3u{IMr z#9UDs2fIJ=M7AYPm(94I8S>=!BWpTVZrpN5rp>EMDNcE+OF}oene{C>v8YK3(y(LU zH<*F${b{U?qth=qQ1Letg)Lt9cx+9orThi2G;N3#d{z@G9dw|PP!{k4Q+8yA`36WC zWSMYQlTNk85Auw{9O0T_w9@uM99&hm=}_NfBe#%DFeuS-#u<=uQEZ5&z{=QQa}f$S z$C-DogclDoxXc463+(4LZsLKN{MtlL&}{Z zb8In}c>QRGaSd6tdf$<5df?~}&-V1M2CBR$;lE{Yq#_^Lj-CX5u;vt@msw@Ow33-{e&kw(zK zfI`={uB|wjjbwQ zm;Z{<-~1_jLZ^SEatMm{+xkV)pqCA*#mzb33q5U%y3X20<(z|VjKg<~{Zg9two>^A zyVG)mbu~SPgzG^?-8DPUj6$EdpS;6%Wt!GC!Iitu&l}WdFAl8RId=_Thc@1x?E)W} z|Ez29UAxK+5}&;Z_0Tj;)G#}Xcw6nhscFzF%0QYPI4SUc7_F1N*GL-~|MK>K%v!g7 z2s#g~RXfDx7}|;GEAJJ22(L}6-sYeT7tG!17ddPE2FE0pon_+WZi$8PWvfNQs;#XN z$I+%4fuJ%%Z?TdQh*3x^$sX{6_xp5`xb*{qu@h>F07i%yL7V z6|1H^oJ7{W93+4ih3Krxw83x0D4SDQsOV@X4U+V)VbpfZrDAVmuoTfV?!~oIoey;4 zUoX)VAFJ&ND&KpcDI?a;W1%nWefd3ytEEVNagi8!eDJWI_(CCLM9=RnKGLXT3$()6 z@`b_O%)#)n{;SscmH1?0axamKKY&&NX9Q;i9T}rvAJkjoeKg=`Rkfi@RaGXbrjh*z zOWouXwe}Xmyx{DESt-vuwmc8zqS5s|+e8Q-k0*h0Znt4q8c^kI=r*yloZbn-Uwr!V zaR{K67Di-OayW9H1UNvMfNp-!R!p<_#V?1p8mS5;NEtLw8U=G6R$DXe{%4VMb@R8# zA({QB$eD2*8OP~0JT3Tlk;9Dn?;;1P7mAsmg)D$w>;~gm(iW_V6XM7`MS*{Y-F!fT zF5h;)@-{G~8zYx;9xGAj8~b6c?SpJ#=N_xM;?*DxDpNlhZaW@r6DCJ{95u9vE||_J zrw}HP{Y0LI?g@t-h#;La&w~<%o`HpJOIdKFGyF;|DE3 zY`XIB$UI#XZ--KR*XJUt^E&3211Dpn4R3;{MjCWEZ;s9iSqn9n;BF+f@r)?cbg4;T zF;JO~>cYw?ZeF{wj%11^Me>PWR++Pte=9zehibt2Rpja}jEz}^;k$-W>-L0feIN)( zNe43N1sQwdhEJc!sPZfj-iFAx1ZyBRXs-@t>h(vmjy(*#(%gGPntp|fbHv#4*a^j!yx^t_AnZKz9$984akN@m}GEohuAN&j=)M1oO+n{2dmh!hQign z8X(Ltu6*ib^Y3s!uxi%mER08!`NBUz zS%;+0g^|VDgHqbvV!<%iyKF#xYJFI44P?J1#;Vm`LZ}NzXk%{UP)H~`Fb$QsK#u}5 zur*&&Ik`9%E3Xp947+jw6*wbZM>S`Q?W^{E-4*(J6RQ*0u2Z$;6I6@i50a$De1K`%8|5M2^77ctsdPr1oXQ!y5NRa#`#nF0i^p z-W?@A_VelSY`H!UO#O5tJ|3u&2o;wX9avAwS@VMEcX(WisTE7ld!`O=aZfZ|^2;{* zFX38Z{X3~u+zl%io7uSP4>Il!Cc22LB(tHlI9l#dn?_!Ku)3=iqS`$m!_61CGj(Vt zgvT&uC?>A?QD6yzye*qRC8lbdeoU322mE@2nt4K(q96p&hGeP z9UwxJn^_1t7EHBG~)!1`)O~!cmwHD<%D^Qg27qIDPI$bQT1K5oB(_3 z2&4N5l&LXGombISFh3(q>FgW-H2zFb%L}6c9F}9pVG_|PMNC`d^!KGkvP`8IIGk+n z%Jvh@ap0V9muS+hmtMu(g7{caW`+@FpNUt=Z@4<#m+#hoj=y;Ef+$_cZg7}E0t>H! z3TdW7i|~be+A0OWdtRdFU5X&ZUV-5Z;TI;y@NL=Z4(;YM z{`H2{YC0=t**r((R(;t-#%kscG}s*msX0?7d;E>a(+kLxT97e97pVhq9cSS~z;*c1 z4jVZkH{g+WO%qA_Cn~~#%CCXS55uQH`{ip9du7*7<2ODM5m-UW$3V*cwjTyUz>`wg zB^2CPH`+kL&N-yi8syJu%%AWM^;HO8vPx2*M)t*^M$#t0(WYF!Eulq$J4j`9%ue4G zuog213^@s)ZD8?utqbJ6)_%mUS?p< z7~MK=}_5r3* znHy=!^UhGB;@k%M7W9(sYXjmE%zu^Gc6%jL>j`C1nYfmwQ@QebHqaF633Inp^oL=$ z(y!$YvXUL4QfZxlA@7%zvc_FAb<2`L#Rc@$+Sy3Jq4n*88{g|x0uZ)l;q@@R+wvz? zwkDG-#T0GyzKYGLam=N(3~|u%*_-lP>VpQH&|$w!zCS{4Zhe~K8Q-e#nA=YjFLYnr za6YR(%5DeGdil9~XhG-ks{_n+n8`Q*@Ge@Q2~eo!GUC zO?&TYPZW|FMlwU1;rFJur|^Iw(+C-faw1%9fykdBr{~3R?>6Rbi=C}(SpsIN3?WRN z=CBBVP6RzIO}m1VWy~2=f_gqw&vK?&l$ZH;VnQdFV5#NJ{`n|8v{V& z$WH;Ie2Wm^FI$h17x%8kix-G;!^7O%R>-YC1&gFt3?Ey+qnbIHf$AG87+l3YY&U>D ze`x2WAdHV5tAp`4)IB~_ zd@DRGO81fj9yq=C$D@{-y%vJ)QiRbjUHP=xs4W;)c5Zpse`y8n54ZO=Nvu#tK2xL3 zH5~j;xPJ#IzZ3rV0Sffr07ZZIn-i8vQSdd_a|L*xF3$>_BZ|_WyI^SBrY%d_q-#Fe z`LE9+=r4AL!zCk!U@aTv?5p9^%8LO~eR1o9jX)%x>e-lr9^$tp?svF9~IxGhxow-l}dbXYoet?!5Cb4u%lxGlZx| zm8+iT)O7LD+09~!v*s>v5(1n;6Ui3P{UU#iCBkYGh2y`hG;dB08tyWw;KetUTY}8q zbOd{drxEH;fAmk9G@Qh2e?gH&r&BG5VFlXn`` zD>VE#w;dg0)1_^MV8#-vSb?%18!a|G90_T(o*;&LBWeBkxMmi3uO@zP*R(b{$N;^R z&4A3rt)3h%6Y$8PoG-Wy(3i~H#VXjxg4NstgeQ%h&1=Wnu5{PcnndyBq^d^dvXk~c zn$E)%Dui(?)EbQ&*YW`c&!G+s?)R+?*yMT}5dQV?c|Iid`a<<%zYxgr?z;Lsa(O+h z3iTOM-CKTv7kM8lp7Z#0H+0BK{!vngahOYZFJEu(4w~kbynsW$Bu)Oc$!r$+elC(Iv))d zNx7c1E;-rO+|Svc-TuV#aTZPgs8ux-WqCJbcj+8{Cbwp~>{v_POv(A+qivX&tu83I zY$`~Zl+!LRSaZ3caLK1sGT{xr_d}WwD@u~?y(uzQH4GBPNd3ClEJ!g;y6H;!(6@g^ z)Djv5qC`ugyZ6IPQas|`O#lZcCrjoVm8(5|SZU>+c-Tt%POQ3D0_g>^niw+JE&Tx| zrMaabWeJs+pg3=TZfs%g%E~F{XS!zcy}bD2CFCAVK#(dr>O=dr^wJ9}y5FpUUacsq zJa6?kRuM^2j?t8U66>MeFKPkolH8a61c}w_1P5;{c!c!)VWH$rarVdS zk`4ALQWWdCXr&)+c&HgDONdgf)JVVzk-ubZrt~LwW-QG3&tw^LmDqL6Ao~Jtnj9sO ze`U+Q&UU1V!HJ7q8vOu0%6DS1N^KEF>f`)_=JPFt9j`QMUc@WZCI(}YpB}h4Or{lZ zZX_OqL4!`;jA>yd_8nxj8-1UH^k#NNf`Tv+X)-R*7kbvb@YfnI3*U^Ih3hcN*|^I> zVNaBhhM^V59IjxC$^6spW}Nafy2BOZUIT;8CLUWSdY$(@f#$VP;8hgjxKIU7OD{x) z_40jgV1&v;#YKe55vSx@N(I_r+2A6~gT85ayH%T$%Jw0NeHFhw&2DIJpgi;N;Th@H zEgNKba&7^`wFU~6+Sc<12u>#g1XAJLdcj=b#0AMS4T{VK- zhi|k^Juq< z%(MNBOy-e4aRei+uaA4#jVrZ6dyfilWPidJOpg2XPRaBlj^^vmfP%s^JLMoTH`MH^ z8wxOk?2DZ9fEaJW=pLyX<~hZ1*|j<0*n^irzd)5Q8`3gO!}&_Em{50wUBsSR#46{W zlPb2DQ{ZQYo4xKo>3*H1_zm2<&nv$|iSdE##rMw!pc7eph>#Q7mGN1IheR%)urB@# zOeqfrVbp2zmUnpsBJ&2yIV_cSKmIe09dDn*{Sd!o?Ok{=jEy?)mZSMLe9wAh!~LWC zq>HQ8=X?T&Pt#BRopwfKN084h1V=>lt7_@_r$Z*@KGX;;#sAN_mXKTj1D z+|bz4unzYFcp{am@ITZJB_fb^$MyS-s%9?%FAYgx_=)0lfu1;_@;2~5Q0>v(n3v)0 z)WQ+%(&|W@=qRN2G$nPU_A+|48b}|!=R@xZFhC)@N3oZ*BK)GES;CP}=*ZSJhDB~` zsuACgc2nZ5q?tMmxKiqYiH>+9GMZ^9KI7nTe-{A*dZDGm9oek$_o#%qI@=u4+V0e$ zlV*|0%)XIGi6o%WLM08BISVIo5uG(!1_FL1iC8L1TQWfmiR_AA z3h-W5^R|368#19IdEFNzp3!6UiLho0#F(NC+0>C@!sX3IQU)JH4I~1lD}6W@LX!Om zoGX?hEpQy~K-ca$+$8A|z)a+k8`HvS1eqboZUT9c8z`WV8zx~$Rz!@&YQmP>#A@1W z+hoX6WrM!K6rzb#77(StWCI>WlzRqIfC|h>S*bo9#dlc$4xi{(?(zcuS$SA(dG2n^ zNQedaL-PL$wZh>`)KG}{DXo4hw(V;?EDyNouzY3p)B4%LpN8|_zVmHsi!^y0rD^Z5 zZv1y}x&9xLUkaN_8e8!VxWVA;S_`~)9Ddd_a#(0SNy_bp(LTMZmE&51;YrShwTgn# z$w+6Kx!E1=46B(=>onuqnK-%!7M7tX!5DR*GQ{oxS!z;^_mpR3MYXx0iZWoX_2PJz zp~e2I2muXs5=?i(nnX9~A9M)L0gemd` zAagCqU*;;Wx+scRhSOm^;qjaB!~Hdf*-!%FNphi%F&>n-BRAg4UCWne;AJ2=SQSZH zk=oSMKqTZ%Z|YSG2(8In`@>Dw=4KB z+6M^6eGwjV5wpib1_3cuC9|i{b$wxq|LrJ_yvv)WXFbv2y5(qzMKEX~RsZT#I`w|z zUXvwWTep>9)x>KR;=XReXY*=`acVodG)MZ!^ZJxx?gUi;&*om$v>!b%qDaX-#{z0- zN17n^BZmU#$!`WHW@Q0!DKW0Q>-b(@DJGGK4yVBt&rZ5 zjl8Z~&AN5;RrMBERkcs7LervyAKwcOQJ-(@15Ru4;&HBZrq+vP+eV0ge*Ik2Kwv;? z*S=5J))^d62*=sutinc!eZbGNME4(lD>uI4>)BX=+%;_fQmX}3b^k-Hh8F#!Rx^JC zeDO2idwK8hKIFdtu2zr60BZH{uUf5c(OkftjbT4;uZ@4eUDy2h*{F($Cg{61n&Is~ zY!w@^Sa-Sx6leOL@USwUDr!4Mxvttmi3S%6aa$qLN3pZ9f9SH$yBGgw>2`dLiTdNf zTfj-{cyf(d{siMSyI!w*PwACtpE%72!Jw9V^Q(@%v<$G*uik0tjWSFw$ECWX(OCzM zZ+azrSU_A}o790mRW4GVPNM6HR@9#xO!?OzPQ>L1KB&{$$$!1^?xufv z<9+~dT*P8I6SW|+>{;RI`eG;}yXu7eKn)6dHLhj=4g#f$J$R$xjw%EAuAoNS8A{|&0-Yp)BL4xP$a@)T zg4aBc+tFmP=v6s=N2jP&OXY0OW$~JgEzWq>nWBRP;~;~c{8pLCH|`qiL)z0_gTm6} zOh(-77gxxR&6eo0sJ;V*L^5SSg+vB7t{WC9C?v?(6-9P;xJ|DNDVd7In#TzkAMGp@Y}G*OoDR%e*kTA;h{9Wy3x_$WwEExmKWAK z(WJDbNhM&@8$noeQ}J43*L5ZyPgPmzkP(z&e!{}(i*!gF8dF}RR;vHN-cvc63=2y< zowd_`On0 zuxS4*;$^&kGak`fe#UA`-+O}6M@KO>?Wi#{^&)1LNW)Y%F?~}fnF0)BjG?oL>ds3% z3i~zJg9idfzjO7|dD>qAKoVHK5ts?;EIDs>&DS3Ivt2?5TK$D#(nne;$*j+83WnKE zYk0oH+wC|~pelVHzP27A$uE~>e%Fnf^a*ukrtOqiORetX5uqQh0{}64oN;;w)`WZ2 z0B~V&mE>`Kj#%iibK?{pwRjOg#OO0K^K47`p%lZWEvk-y#zJnrSf0HfOTe187* zo{HRqCT8H2Njj(*GX>Cp{}3{TU@dvD@1Wz(Ak!1_CsI}!B0Hy8ZuBF!Hx|(ydcE0PnC_D%tYa*^CsiyZ^)U;!Os?}dChm-YV#2`K7%UX!+T^|quB|rmop0n4glZj!paGqda=S)n-hCT zUq3C8Rm&kGWzw!s6=ro5#cI->-UMfw!8l3ia=v}1r%`WEAz1oQBhPK##H>QCLkJ)R z{AZbgi&J@?g{Va)9L?q0th4&SSW{RdQZtIsI8{wTswBbwf&$(lcHl^VL4jbfR~9&P zU=>{OnNT?_pzJ3nqMIA3HC9-MY@_&GRFq9VSgP7!PEb+K|94U#UG5)J00DT4??g`ucC522A#X65={9CWNgc_{Qq)E~0ls7|G97jM}k zzWWUd%t3(u`E?z2bLIZSW&O+@uz!#HI>Fz4uHyS!{%C#CE^H423GMtJK!BuwfdJFL zh1~|#>F#4)0fI+R;lJ5)Pm5+cq=up#>|@sS36?{d4et1DBXnt_``^<_8!7&}b96RsKq@R@vtAdclfcQN|Hz#bEO*c~)nbF>8@v5>9=FKeZ? z2Ta?3**Bw0d*qd#e)-Rbe&Jv`pVxB^)Ua31=)QQLd*4QABtpD#5QWZGv65OkNC~*b z3E;E}gqBVa;3ofD?R+zYik525gbe?gz9i4*>HU{&=Kt?(GunT!%|KY8W3=o5xVazH z{xF$xE>MC37v?Qm7)*yWgy3tjetT}r68uY~(v6wS762$%!y}fgKXxLh0 zgGr9avIM|3*Z1SzhjCLhlrO(QO10k)Cdr@}ZPWNc(HCQ3Wd zMgrP#lbdkzZ8U*Ah+6|M(P_LzU+s{`9f{|cZC)I05=)0(bxAulE~m<~%U227xa=rT zhNw@RD~1CSPw|waCQykQOMx(J8B4MMld`~0hU6v{5_n0-`bY%wV=bB()uH%fkc3X( z7pT@WD&1^+Gxf`hB`Qa&k6-7-hLrCQj3b(5<$KfV!W!ae}jR!48YmiXn5*(E{WV8WKn%OIc z4i*wqX(ck#1Pn+Spe;)-YzZnuhHVB{xIdK9Sh7Dw3m4;<`N^o!|<)x)_1C@{nE2XnrB-HQ&VrP-V(DBNG$vSu{lJXD< z1yC^s?39QcB<>LylJbg5wZ1S!r^TX$y*-MUDbc0S3TP!2`&2#LpS8thOUqk;jR00E z0}}7Q;;K5CyqYRl3^bB!Zr2teyUIP^cUksGfvoirxpw(P`!j_*eh0ETI3qh=v+Z7{ z2xHU4k+U%LS>FG~4u zoUaDd)lr-f4{r^@(k?$8438kuSXz0Q5+>)eBz$QYBNS1WA{3)1kn@vj_ZN#WtAg_+ z4QU)o%KDq3((_0eW(qd_bfa(!tp@!DORKk_j~IXGM;?tlQRD7j7{jJ&0Hum!u3c$R z#d12}XlNV)#@nZ{Kg#TlW}Xj4S!#4RSdJ>f>y^6?%Ogc+d%Xekn|HarjM@hD=TRv^utV-LqD{Y&V zwr!i0wpr=SO53(=R-#fJdCs}_-G1G#NBJHn)Gef_4>l>j;?~!1=V}APjlW6h=Y}~7PZcRb>WpU zj6Lj{e;8#u^kuzD9K44BL!K%m_J*fUXcXqy~HB1f?2imB~p^^;8yg_ zKT0LJPKr~U(d4d#v-T{n(5kKcg3*S)?=0T4APxzY#{?Xe2R59sry&jpm8Us=JH3@k zKZ9Ip|F`rV4Ug|JNhr`Ak1O{S>J*_AV5XjJhCfND>9@Eopt+P-Fpr87?*q@jeIn%6 zCQo)U+m4xD5{$RigqL5o%95(^0Moi_Ak5mE|4MYpB}Cqz515>bvd4%9uZk0WehmbE z0+zIQLH0kk0af6!qmXHl6F@`6i(n6cM2O!&EUTUv`Pw+{+YK7J3yz4##Zxx`8VXa6 zUyn9~p9)DeoK~lG#2gyL?AW&(Fob{(h%fZdUoYoXNx@~q#tQ@7*n#AT2OAC=4%gRt zAb>f21`Yw=&*Wr?DMG3*{7B(FccHg7;YWx&&%$o+@@*3t9GCLy%p*6idE<0|V<#|f z??~DFK}U!e0vY`T6E>Z4m@s77eXjF|vs~@I-P14!Eu%Mr!`#8n54&K*nMb{VqhZsg z&R`C*CX+o%0rirBc$wyA*lxv9)Q&Z`bT|FEofET_){4ZY7KaK(DTgWbEO!A93_6Kr zcf2x7<3&(3TrOKN$*$be=l%V%(&un6WG-T~28Jc~Hj!$*(6o>hHDb|nNgayTI>R(J z`eyNj5?-qCN;G;CY?xD6Qj@Hp&nY_v$GOMz95wcd`F98$u^fALGczMvDlO&mb^rss zh~4+J9gemCaI|X={a+mIWPF$ZcC;(^u?)+MB9S>Jr=Uq6_8M0!!%H8IS|BF2A`qpI z>DL5DiH5Aso2B!Rs&xa>W0adD>Bv-V^0*&wxhx-#kO%Mlx%|CV4_ge-=FLhyw`tvo z(vJH9#zk+^;M9uX%)paz@V!zm>CCF7aB+w!R2ODq8XC^IuzK+I!s-_MiTzR);QOIP zQrwBs4-D&dca(w#`{S_zq_A@AgGofv(4&-TC`q}4Nx6m&($FNvsY(F>$-qkf`_c0( z=%v@_yRGREX*&&T*nCe2H-OZI$FEsIn)NGQd<_N+KVP4py$9^c!Yds1PT`TeLhGfli<_V}m=W zT;U8#1-YC=S+ulGIzZmpQob=(o;469k4k7kU9c2~6p_g)9NwiRNeNZ$0^c#}? zH2Xf2aWA;BOoysI7XD>`1e;`-gsLji2nG^q0&St#mq-bhaIpAuk2os=F9Eg5vKke+YY5YR{=Ny}N&8BGs8bA|PANbCIZuREDV|*U=>s8E)Vh@(T9@ z+WleZ$d;8vhS3>9{cYON$d(GYxPp}nx_J?~tN@F?CcvWqlf+zfIwIE@V9`HY6gcAy zSOi$~tDrOi7JbWkWtpw=plw!~7X;nZX02}>zWB&i0DF9oSQTl2C|D#E2J$%*G|6%m z@iMGPE#SXhAGv1`hGe<4tnC*R2CveZ7rEY-u`(M> z13Vw3fudK>idCeT(O8S4z(ag*<6p%}jGS!_HOI8e1}zTozSs(;<9JC9Ph))rW7MWd z5(2B_U>FSIFz84@+4D5Xv5AcRUMHu0A6@}@o+u-Ej-w+5iHR09Usv{edoGUHyL zpOvwo?!Mx^ahy#(**F#roVl0+njT2~9zp@S#yh!KiKfwd#EB4tmKceF^?TY!pCR1D zHQ`2e3m)~V-C|Hdl)zNMe>&?c(sbUD2RD4x+3XiHM^5dU_cukL@k&!PC}v|`Wd zIxIomm-cxt9}ZGY7?d~@buSuIbGQ-}-kn-1#Gjx4Fd5hf9Zq$TkOuy3J_icjQphuS zZcJKLJX}Yt?9TAv!#cz7ta5I{Z{$9Hd|?mV6u5|%Tf;nc2UMNIBq+KeF9q~^I6 zSYkhurR~`EFO^+Qbr@6}ls8X=@5mjo*QT_MAHb#+s!_G;U3FfS(TInY`BWe1t# zxi-KxI(iM%QpgDj-zy))Dl-isKd`OS6axH2N**1rT^zl?P0=SnOgrc=rwq3 zf?z}v0>jp$>xGQIw<}Gh@0#%D%fY&T=!&K-`fR{4Q?e_1vVQ+py@}0dV7#<`K(H;& z=z|mg=u+_U0(p$Bh#P=_=e}X0<4e0cK~GW(+whN z`9HZqv^p964N__#W8KhCqHI&4gfEcUfDrR0qqg~kZ_6C-XKH^FbNAU!?1G?j`EgxodcBLoxkDc;m5+Bf%TLltAtaY2tKCEEn1Dp>sGqGb z_&eR)o4SlSE(C-~%)Mv@9*LXqFEB{2>q3#ljtq1Eg$iXzxZoI+4f)Ea*9xv5H^A^} zv6aYhVu=5A*s)yx>97|=X`H&o+D`)lwLQU|y-ji5Xqo|p_FZG<`?LIqA?@cZF?0RJ zBtx7^y$J;XkNKvYu#5@F;E#SxvW};vnM;xJ$X;M3?yEUKE&5)%e4zJTrk)+ocN+Y= zHVAUW*?RHCWoWQh&=<}h6tQ8?)5;8%)jftThhLjwSupT!VK}UJxg6X3n_^0l+q9&R zF>SFZe9v^X&EEuPLc;&Do_98&&YtLI#`(Mi{rqu+Df%OCbnD(n@1ksFP11eM1u;@6 z9PgG5l#VkA)tOI{^b9S%$Oi$kbB=CRt^tnw3mr-H%N(pk0q-tCN_a(3$5Y_+mOKq-Y!p+S{tD3Dx#p9t!-Mi}67`A)?3>$q&)~Vl zglE^xF98 z7J7>54Y~tYrhTW%}dFtXK{%l-74?Wp>*3hW|mNP9#}aL?Mwuf zYh>VG)H>Sn)QXRuN0a7iq|&*pM3OKqrweA-PTG_yyLw{%>+}cqU{I{bv;@F{p{Qc9 zkdr!qV{$#ha*+f_U`QxLlY0^^BX;J9?#*jfHf84>sMwqBc z$b_XaN`$0S6p#{4c$VJ{>Ic#x!p0v^(?x4W#N1M7pr(+rzm6bf6Z3fT@QiWqK<{X{ zhz6NKP3r{Tt&>5;w*Lj%Tdfa`Z``RY|{@eB(XwMh&N`m%Aw-vJU_;-)|JMfkJ#NL8) z#}O+g@WSz1H8{1LNb|sB_n~!JXpKKDPC}L&q7?{Xi#|hyS|eCwTk7NL5)1_~;g{>? zKC#FBnpy4b2pnN3l=nEVCVWvW?q|d04`}h2TDAUa;Bhos$tQ$mJWVgi^SGV?&0nBR ztJL4v|KOnfVQ4m9$2lQH&5)pyctewgTG9@+pSPnKWNyBwgJ_frS z01oF8d4se~ub4-`X=?;NqYAbo2PgXq$f_1#z)%5tAmg=Rr>B#Zz+SJJ0xdoL^iJ7+ zvFl^g0V3}&bViUCY8rPGehmC z>rW$f4^t>rr$&T1mZt{P3380Cp3fst)9rKl+`vvObfv=&|LmySS4YsVXJ&`E*P;ma zVIIioI%tdUA_5`XTB&$Ki5aMFv8ab%ymeSrkoYJ)qQ4&!gw)AW9}tfV-jCI)AkcZS zQ+ZktzlECx5-#<_5oX^SBwq>*8eshqZ)SIV!vJI~MMmUAu z02i5*^$6;oLiv$G8{8{YH~0&&2f8u15x+yY>uQN#pvFQ$Tw8vc$nD!=#3i0{b81{rOmvVD)!c=R5p1- zV&sxhTF0S>ro*6o$EIOQ1wRC*^M3$uz*RUg>O)g$5mn|=lAbgz z=VuSKtQCcw)#2#Oek{)+9ty&RHcOi;Oq_^<4J#{K~ z@DjNHgR^i4`-b1^B?HQ(58n)$*w9C#2mc6UH%sh|BeP{s`wssI7Ay=3X^xgiV7ySo zFYQYitU%>;b{&=joIUz4a~c)s86&m>qiG`!>@Xrg5l3VK?i%eF?ux^|tFI~=TUOCx ziHDo@h4B)H5G(EKke4*T9qbP3FqIM!X`FBr+qCGxA9*4)8EL{yi4S7p>}k-Bk~rU8 zLy#rsTa-Cps>fPjxVf%axH-X$R~uTvvo_oV1B>3El^awheemp3)X}$e5pM8fPDT5(X ztj)64^M&tpp6Exn3xX3SU8;^NH5{p_kgTaCjTvKe5svQ8X>?Prw)8g>F(^V#j-xQe zooGl`KMPPpQFXE$q@0}dE0_Tvm@Ib$I5=$*td<~~$*)pQj&w8g0}~o}Enj*LEn&6G zU5>ww|CxYJZ#UftOv9*A3?i4(34-i5FM*lXyEaEV2{O~m7Z%WU86@_5at^)(!jpD_ z7^axP_M7x`qI7|{SG|JkZYj~Zh16e1?Ylmkt1JVfaTyBNxbELjM}jHb-&(wnox#2p{(c zJP>}_@NPu^EdaEv>x-n0AK}&+{7eqp4{@#b3h2Jcjb+iNq0wKxU1QDsiLFCP@Fd+} z#3TY5EBBjcNjDPkGozE2UAulH4;9=GW6X}oFZNRXK4EVFir33m$VS~jYP5}C51cOe}) z9?KHKkC`r1{5h3JqjOVzYMEJ&AT7pf8Shh8nmuN_p!>gcTDU4+$rGDk{37ZFIfv)) zyhc2ctGOxdN+&MWBhzYw@dew=rU)g$beQRsI_;FWMLS6a7=!lR>!rD)N;GVYNI>SK z%{3xS0(8wm>PRC5oVhd2IjM@?&rm2mMZP`*s+IBoP-*RpOIdtXyvcWh%+mVxq5ZRJ z=2A_8BLEAzK-&o}zR~DQ761|v!7v#fJRjGxu|Yk(at4GGc%SaxqaZN$sa3xSd)38d zbO%-aAEx$X<`k1ue?_}BSmsUsiFR-M{8zNwo4gS-mc}~`Db{MOC2F&h1dAAIBiFe0 z5w*qfhp?>~1{OvucQ^W`tZ&!wrKr1Ba0dW8MKh764&|0suRGWaoeRKD6*R!<0O$Xs z;rf;TrQzl`D~~c}I#6kiB+F`fw32tN*BPtH0a6pUW1UTznh=M{e@VC*&|S2#MRA3} zxqQ__x7G0bI*E@hYpHsRCTdfKYMvJdC6mTU{P>r%%09n-Nv9nU$33YThbLk@r^=Jq z_i}DUD|lpWKC543W}lW|X3aJ93_OXI{COT|EpMbB{3H6Q*OL5v9{A77c?=^Gw%k|h zZ@sn!s8SPnFkjblx7-M@Y`g~)ZRfwCRMV7RZx1-lF)uSt%1`lC3F}&)bu@FEc>4yy z{Y#K{Hax^@!v^}+PHcmZ?=*SV=8A>q^aUap@9gF8NeDAQgqsWk2t#HexcWH88drHi zWh`+Pc*QMq4#78#Eu7C%F%7RNo3OK(t%0Ugc9~1$7iH#-E!fWdquFNdg2TevVgGf> z9j-dD&V+yC-~%AR-H0JkM_h?HWX(8MSof4?Qa0}3kGO`_pd=Pt6kHvCC4X%z`!70Mp|H5aKTR3~{S_R6}f8ewW$FDLA5?ZNdD01x?z1 zh%4rQ7W5h6wh;KwLi!Km|YiRXhn$ZkPEQKQk4R|2ED6vQ#+FpoHc#ze^IHRk^c^C8>j9Ld=}9gfFk;L@B#|%CZ4SkbVcN82tBWZY`S08 z*BhY7w~8}!J-UzpP6mjcYn`DatBWxq%w2?e@HDOZi}WdWYXtst<6ue?1B!EkjkyPD z7dAk#b)Ab<(LrEW;q~<@uuP#t>3L#i15sksoB0X{Bq8iHp1esQw=z$2u`Zo!) zBqUq~;=yT?d~cK;_168^tuJyD#TM#f2d%G11MW4^j+A*d45^5-hL&6iKLtc>d6DAq z|2+3V^nr;LNg-~SAK>ysR(>Ck0s7*BZV2wCY;?*uUryc}m`GXq z%Kcmer_dwhYVrehW4Ho#oTz-`CRYtlbzl03F&QCjkuX(xXo~iBlvBn1b15oQ8@E-Z+ zCjT`0X~#-kJFhXavtHVnJRT>@+J`dJU~;ad)O`(8{SZr1e)yMxPf!_P;A{Le@KIut zSG+ciHHcF=P{zU#`+90bD1GAs=~Xn96~1gfT9h%(m&%8T+|tbTlL`NZjVY{biD*)k zbauvIe1JY0ac>H(;jZQ!h(AyS<_@@1?f{F3M8dp911AHBi(rT4J|L(--`|}R4ex{- zy9v?KQTCnD(rwSknSSUQ1=ViDBmyL<-CKaZIL4-$<_l@B@u@=kcPB+_Z?tu=XnB0Q zfcta0(z0=;6GcyV{2VN{pmb5}D@Jc~oa>kpkMZKmS7u{WSM!^sY3O&?vYbJX64q8f zJsn6U#*WNuXzc=~oET|z23gl|V0Hj(fsN?Oud42<_OEL{bYO(b$d)SmC{{K0Uw&bb z<=ZHj7qUkNK^%OBY!v?`T(0aORvZ?N>p2GUspSagaXPN?Z_2U>`OpasNEl~}Y3E09 zER4|G8dZHUZY@*|fVVmb6@LOJkH)+*#eIQu2aEX|Zl+clnu8}xwO#4lvW1cB= z6gXK}nlowjy+7(SNB!_mp0RTKzckC5#yF(A8WZrl8h~c`(H4huSJRx}o7G6A|IP}~ zEXTX(cw&C03j0AXw`ci955*Tl-*C)&{SoHsb#NABa>F}mI=U6qJnxPr{c60!*zif; zT30YxPK+0So0-VcTQP8{H@~%f3fEzvk$>17<88ML5x&UP{_ciz!bc#Foh3#URHj>^ zyz5_x$Q$=FrXkuap?WItJ>(9Q;2RaGNOMc2)iUiQd^?wi{S0lkc(lz;bo&6TGOx$r z*%>yyL)7C8V>ZBe5M$4i&LR^=o@lDHH&Vz6E=M+yDA_;-*eFln;07 zu~~ejXmfVg#<;iY2sIy^MZjnLK^r$|#czg(S$ySa3%^rjsYJp3VGQLEs6|!9RIB^k zi&_?~4_XwJ5lacK`)4Db7v0P)$XE$9HP8Du)6dUW$xw}4TnJcA&1|W;ai?e}6!bka zva(W9aB=L$|OSosugr5c@y8?Xuz zMSoq@S^btd^?ET!P!y3W?1R%vah2yON2RC%0AEDHiG(A>l{r zDKp4^w1N#lt>)w#MHrRMy6be+pCMMO?#rcwkp}?qpyc6|x?GKK1hGFQVeE1vrY8s! zsKjpAk>+eLS+CG>DFRE42IK4ck+L+XNm#OgJ+83u?J;oF9!6xI5;1(#o>-0k=AB*^ zLVBT2>r-X}g4SLGBEt@Gp80%+>_1)K@-{#G8#&-ipD)s(UdhUaZ8g>(HT!;jXt7;# zWB-0T&)w^AWfJC14SWNtBZVb}y|RJvp!~{%ia@@<6L_?fHO@m{5)vOCAMVP*-IhSI z7<@$N{=Dt(PCi#qL1}DkYHTWfNSi*63(@^fQFv0jnIEOmnYPewDOsAf@IyRWqZ4=P z6kZiV`Z$?gaV}`HgWx)9QxF08@Z{1Z+h%j$Fx%$s&IwjMPcwt=vcH*mF+M4tF7YNP!!PrOO$HrD@=b_%VZ&9Vl<{~0VOlf7f%d|wNl*6NL-hFOXc*Uec z4z_)Br4^QI1Kd1LfQZNjK4ZUKP5!rB32i=8-d#cz+XY_0Pt5cu7Rt8 z7F7FK9{~InBj5=Df8_&02sg5B@?#8K&`1jI2}la9l|)qZL}JRi649l23ePCe`L~U^ zx3D4y0I_itIe7>s|F*PDu@uj>4>^UDMvt5(Hj6%Hm`5^f7y!vi2SBoz0FW%>m|-t~ z2K%fT=S~MM7#4eM#TN0OVD`$=^IK zUc1I{ko>jJO#^te`1%b4svFs_hS2ZZW>qv6U??oWP=SD&qxuZXj@oldYiE1YC=g!vE$hprrpaK1h4S8$CL89NYA@5Ug;&afD9Dm1fj()+;W51O5%Nr#*mG4Ghx9#g2XOgZ zk6B&~!HH2UW|JBvsjLQ>QWUgBbCY<*5z-vYS=^B`se6549VpbQzY!Tj*sVzAO#)QJ zd;2-6L!zm2b6>t<-P2S!f(Mu^`}I2gnWeECPl^|SE!+esut|!O>z0XA_&);CDL}6Z z7++Rcx3*R^d!UZ`pqpOpc(>os5LAobp)t#)9J{}xv*VYtF&g{}8wQ`Qa`sEAtuzTj zvtbijguCyemURYUoeMYNQX&f8^E@+d`_K|ylvrQmw?g-WOt*{mMHEJnby(WGzbE0{ zcK&gd&^?M8hCa{WYOiNXfWOfWkBZe%(~QQ$Ipunr*}sWl7aD&P!vrpO6=hADd?3K& zJ^ni|?3e7{lI`iir)0YZZm;0^zXQV@zf=D!vd=V{gRn)W^jUB|u?v}vb&;e(Sj2xD z%9!w$+EmDMSZO2_P8N*mBh~6`d5}N!64z0fni^!ce#>_hY-CfB8w#BBshPW&n-n;6 zU6}g}^RtVc+pYfx8rf4>dttG7-dY`jNbWCem>q(`zp-H`_W#C)u{vf=xqfE(zis@V zX5kXZgD58tvyuzJX8z-QiFWQ|#K~VI7p(l;^tHGD5AC+4?eBOLW-=fi<$VjE1JG_$ z|GRd3+G3@L9aUR=s9qI}Td^~)&K zeBl3whD?Am{cjpF+Q26bnf(E@iw+Rx_ZLrOp(5XEr_7VNdm|RIz%-f z;i$G(>@9~Pl%ExGhs>n_F*g_T--Rf5mFM4LZW?H^#+I=BO#B8E#89eoGY=O1r-fK% z@h?2`z^c73;m=;&G=Hl5Arbde)@%={%Bk6B+n64bBU4uQ+o*PD{w>OV`leWYOXKOi z|70V(Dp_ya{&L-cH*oUH@df`yKll8pMv^}~k{uN9b(|BUuKPErAiP^yu? zs9}?KG9x%$`se?mh6(;d4Ks$WlYYBoynL=8ZfjQG(U^xxL-}^->6L2C;&4Lf*r&6( z8$H)gMq)-?6!cZZxzDUJXV7L8EQ)YsGI`mtE5;Do@H&B1)}_4jEG=P~2HBuxKI01= z?Rzfle4}v?b+zM4BQc#YE|yJ_x={A0|qTH#%i*{4faU<QN3~{h9KN zqFyS}oJX?4o*Ra#Lt^@6=}z{9<$4j?dXK9%du)6l2|4s~Y6Nb#Lj1d1h0LawffLHhpqTvErW!K~!ExTdV^L1oZ@-+C8^~bBpW~rT4 zd$5uXBBv$ajm}Ic9mv0X!F!>B=^qX1fhs?nN7SAMsQ7=?yk1A4qqlNCch)>qi>cf7pmCcku~7&ygQE38P2fw|7ftgdp;k# znw*G4lv=k-CE_9a6R-6mQ@fz?^Yj8uD|{O>Bpyz+fCCcQpE7h_5$Kj zD&bYy$gu0a`d|~(JsIZ!yp0C*cjvO8o;3lnqxl>6@G^BgX6=hbXzLI~4e^DY-Yh&U z$OLH{ZSmK`Xvwr>b(Sw$a^H+iN#vxA7l|GxV>-CCaKrgGII$o}z3K9wdj>&`OFc+nieMq?nlR zNv~+Nq#%P|h(W|ORv7d}yc&dB!U8qWX^N{a7m;Z-cJks!V}+)ne`+2UVqi<=GHkfz z;}T|lxuFwlCvizlsDx-gN4SCgeOu1{@3n2CVe}N(OjE zzzq*}Bf>p9IFAm`FWkKqpTZM5l|bGrM3yvXg1gO9Fv+}SruydF+%GP8($F5#*A*=0cfwr57gzF1+WKd+3kaO zxowLovg@C_V7mClW{LO+vbw+CvO7>|g6bGigzgPTVFm}$kodP%TCfNbzjdS_SDj8J zZQa zwZ#jvA@#Gv335FmHDf&4+gk6+nrHD}6y03d<2bW56!62lcDw@ZxFy5vv{c#Pnp^2A zNTt?y^lk8z6c{qwH_hpn_{4vTBV7=$ep4b@{gyBfesROQj&y6$;QrI(B}`;gg2W=@#TS(zU%5m>1L& zK$N)#d@Vqp{!5fubBDT+f?O2S4qT>_3|p2}MOypRWKsw|H5s{2O@`X#5SAP%pSp!#CczIXqAK~MKZG#m)3ylAl~ zGTlN$85qo8C@)(`#lW$$4`=5azwLJ`kRVc)+9CG7nFRBs2Vra{^GQO-wwZuH!+GDhtj@F$|7>EGX`8ITF_IU zfJGH{Vb4;P5bOk$YTI*py}`LeG^!L(CuoFNL)$hFG+XOAHB)z3M%p&hGB!drVbSjB ztm&YIb5uJt0=J(OadvG@yD`>AH&TRC$)d+roFEgP1vaU8zKK%cvGi<8t?K zJcfz7)BTmi{Jo}TTTu@=e%1&t-3QA}5-YwaH=W9d!zN+D;22DHZsLAp`6sSRiDa^Z zD;u$8cl4edRgQs%YR#PB{axXbQI2Y)Z!=B%!fB(makE^TYR$sQinVd0tmZ~yO`J30 z)yF~+eV;M-2^P`$$=!DUNpmCzI^n=1R4Nw;Gwrge{fni87#VMd02ovit z3-Z`|_T|vXDM$*!Lw1Z&eDaS3XE%cH3eH8JzR@&idi^%re`cRx%zh#(;~=S$CW(?P z=*&&uRQI4y)M)-;bbEAcftuc|jlr95tTrx^wae!8j#m^0&PtbA=6E49Jhs~+IAA0- z?{;x;4`1EGBE@O~;giHShD#C()v<^5vY#3`ox_DZv+(|$Ik^;Kq8XCQDJOOR!C@Kq zG0x2ByqMuMkHeAs;%;-|^CyB+Dn_p;=x&f8a$&@^RbTRqjOqYYaWvh-f_idB{N*?h zv*qZR1TJLrIGUN4WN%v@%}!Poq+F+=6E?rWi;^|^vIIV}lrhyj8jE{I|5aEuiY;NO zmnsbj$|hUv^xC&Z%Jr z_;(R!-|nl$|p@sE@M_fxIteKb+vx6H5CmO`wSQ%&3i5f5)c5fl^(O_4t|fsvTBxIU3A!9DV6GAv0{=N{p1?dw>`yi)pOyD3i)1KVT=c}mtyE4*vZ6g)8kc?V#%q^c_%R?rn z1}%vxaKN%OnYx9KBjt-~Ti>(4FLH6?I*E`CfY+NlUEnpZl265LaCwGsEixOk%1)KP zev9sE&5D_G+1C;($8TET(Qxqe5MT@naM&LgGl|n8xyzc;C|Ofo$WFTg$F@he_>Qo& z5;xXN{V_41IH72p8J2s=ZK9E&nDm(CYm<;CtW>h9mT%ZluF12=!XBu(Gf#^J>{p~rN&!IZ(= z1aiZq(54mDyt;A&o{J4Kkwm{46jCR6e_I^3+A6l>RZStH&K2v7Di>?Cq6k-P&wkq) ze=m6m8a-*CO(V>p|2f>(aSMN~aH?7;jV7T#77Fc(QLc_&+V|xS+2k&`I>!13P0R!3 zv!jQYn)u642j{}m&SHj=Dk{EM{%X-hgO^I3=iFV*hJ+{6Hd6QZal~?UC*h;8$zqis zkd8l_JN#=Q4H&o&QHuz6#$jH3+JKJ=7oM0mu);??czeM5RIVN|f{)8I!d#OngA6-8T^nEs%Ds=vox0IG}>Ux z3Sc@LBswA)UG>Q@5-NwJE9-#-%T2|g%QAYDI{=qSW&kq2oHO(m?C9%TPk%v4-7J)M zhNj4sU-q9E;VFn9qmxe6f_TuU4e_(8sT|k2j`j^ftE&Z~CQF3fH*R+u6C`d=*08LM zK(~+gbS>=uOI?6D^^k~99+Z6Id$4ZD8^K%u3KS0=c#!@An$EVphG55>i_Ed?b<4V~ zk|v_Gg}xN38gMZSNCPD|0R(2`%tlDs_4Ev$ct=A<)|y_*;!0@L|r<+ce{cC0raK@IK^l zml*{*5x>AY39`WZ0W8snP@ZStYdJp8@~K%;?E+#gV1fwT`yLpUkuJ6aG{o3*=X8p! ze`UlUW%Fl=9Xf_R&fL{^`q_aDR$vciR+-VWFAb9Dk%U;lX2y9c?g#WwZ;^5^BFqsvY)FEhUNL=ditjTqTTZXIy?q=MGlLM_rzn5d@(w3{; z3s08FvNYi1W&x;aIVa%ziZ7cd_-e=UV7azaf;qSNz`q%#1ibzJq)-4Bj!rm-J;e=v zQ@{#t2&#Yh!@LCAQLvQP+rGqk1oTVm3z!#q+vVC17io86#GPRT+Y7)GzQxgNk}C zM_y|T!i5AKJ=6e{5~aa#`EX0!wa`}~ zL074ewRCA8S#gP(aM9vYRv+hRG8NElswet1713W$XAB{7X){We)|_|7nh%HSp{y-a z&dKmrW*d`_4aS~o;G0Q63EwxR8?~@)QL%^8Xx|wQ+qbbuw$Rnnlab84ooQhJ+C;qljLOSI0&qCGqKZ+XjBAD z>}38mv72di6H{|r!q~FWGW?Fr!>HNY-qcR<*p??kgxwZyDBeu2wE<3Vk>E%fo@yO^<$NXBl6;I_e#^Q*dq_;84@DDSxmO_J~B zh$wdT^ZhX^0>yndUH&YlcVg@{`|BWwWbuuA12$(44k~Px;q@of=sJBDy z2IfA>D(a{VrykZLeimGGu+2Erp68RM}bHk#@a6%F#pThC$j=>2hW9u<@=H%!?;JI%d2 zqENY2*y~N_TG|Zipozg%o-GuKUecA_+8z}sP*yUG-X4gjsiJF%s2Ta6=w0p3|Ows*xFMalDFQu)32EJxfc0L z9Yb*zqsn%CAM*^h+R0@j*I{U8e30XQ%xx|)Rc56oYx{D|FK{c0EJ=c0nBdiK+#Z4~ zg(4A`N7Fn9Y`{!Q@|(41Uwd8I#YA*a(*|1%KB%^8DRRvgMMXfqDsTYee-20fMXO-A z9iofzU>>$~^&Q8=b+4qp;^0RL4d&nKk1V`Y({OAY@SEJA;qW^U!P8oom5K;m$6~0m z1;Jw_Y=DI5N4Unl!4|Ehyj4e}5flz;psJzGBIt0YTi+8TRu#}DLD1D0N5>zEz9d{- zVfk8SWx;dhtC{dK`_FyPK@yz%oJxv3s7KE+mrXzaSUcgcE}>x)SyvotGL18tz5}?z zyRTP&tPBpPM~|vTznX15XF8WzkC>(aW|Q$zUpA)XR}OEz4}I^xswDo2M)mHFXVJ+v z_puxyl$?i8sdf$Zcz(-97S60ifam5v_hg!yMit z8ITGWs%K44m!xDfd_ltbfq39ksOF71SP6_AYWxS@JRCQ7r6z}dWZmb-Gc`0hMwar` z{`1SIu9^rv%(b7s;S5d5yqZ_6crUJFdxo(r950Xkhmzm`1>~f$d}pwYG*m}QJAY}1 zq+);Z&T==qxixjyyjG2eP0O9iy#nw(FG+?^GB+6b+0XSci;j#vaju=q?Qqm$dF@}n zl@>z2`VwK|cd|6yL#EToJ<35}_HqEOjzgW$GTpQf&3Pzg+0|uk?Gqb&nx^AvM@-C| z-~-o2X4%#6B9goyO7zi9i6Kln&jQp5cFph`)>oS`^hnhs3oLSBxhCtBw^v$!^Yqj8 zMgmw$(#rDCw{it|t@cf%@y1b@%qv}$r*l&T5PlZDQt$KI(aTx^s@uict$ak(%MvP` zGO|QbRKYben09Ze_sndC=ncN)@8|Pzs(Bu>C75SN3(Zg%wNtCJ5s^5x7&(lI!0wad zh{imM2VoUhPrIDu1d*+UhxVZzn)8Tux0F$Q_oO`Co8se%7lpWs&k;k~R(G~6-3c^) z=VZ@?2FbBZ!S}Do8Vtjp@(Y6Ay5Fq{*PTf9`ZRv-7gpSd={ZcQc!pJE+5T4dF;GB{ zbxww@3OTdF{+J_`Rp1bzKS3(UdGdo*8D2k10u}=XMy(Zfccw~Fi?UI1M^|)AyYYh0 zr+PGMtN3Y%{uT!kK3)f5MSO7DjnOMf5JxNWXOAnI7{rJHOSl^gWH9cl6hjEj63`&h zGx#9V4rmWny*%>gL$?f3#Lxy+%a16vAv|c7!zx_6D6A-OB<6t-@!pRt^_DF-(Dj;l zaTPNdI#E>2XyG9uS@ES@s0tC zT-uy9Bd8p2%nz8#Ck>R-+a<`&6b?{wlM5t31k3*jhAYl~5kY~N9_9U+qm_03Dks!n zL;Ha+>X~8|_EU;H(1pVMPQFL@hDvr-U+iD0E%&#{BED#_<1nFk{CUr!79s3PV0Y)g|hStowZjvp7L z&PY)!S!dOZ6D#?K9@n-P&^Q3up!u#Is@lVM*n_wUivYVBy)$pacjK-N;Nq^z0Cfx2 zcmw0DK!6e<2;gb-^r_YX+oRRAlg9M2r5iU=UnWROG&M^ume)y=aXjM1l;8TAsf;Di`Q3yOHRNo7?y}#;F4qlSm4sj6^DUc|8m0UQYaU{ z+lH99+hzv5wmkq#-xd6KQ+os5Io-xajl6uT-Ii1JGw)+!>CU@Vq=S-wLBGMWwG-ag z)m48i4)j(N=Z9st-8r$)V^t)@VzBpngffBk>f0Lm?pH z5w-YvtYxG6^#BLj4g`Yex5Odow;Y3D=?cOzbOd;;ZD?SIq+VX8k`Gi+~YFig6F? zF?>#%Nn3qB(M^U(>pfAcN8?Bc@Ex~v>H|YjaI<3?WKP$nx=tE5AR}2VJmfY%;GIja6V^$328NdOMViDq`)L9?SlWW6ouLds)uqKvA~XLY z#;L0r2owFIIj+7`D6X*y+o3GtV0z(LB+9<|f<4-ka4(-8!MO__I5Iv!pJt*E4m^?ykk5xH}YgcXxLvZpB@SJH_4IDems>PH~sQyXiSI_spH# z$@^)C0LczJBx|kTv)11$X1u9=Jw4qv{bY(&dgd{J-J3vWV;w9Y{7upz;FpB4hW-sR zK&e}mXxl4`^$c^xCzV!mp>wt$k_p#g>0ObVAC~iIr{}Wxzi9c4uv{WG12Qo?X<{i zT1|x4(Ha5awD|HZK~=J}df=!@yH~NO-!bAW>1ur?O{b{WCeg;ZW<5}O<9uEfgDG&b z^^Mtr1g6Z7X8H_N2mX3@%0OVL4P0PgWK|QX)Xkz}Q~*9_Wg1g9^A48ccvgTaF?4|} z5#xLe{&x`e(8HeOz}9R2;bpvrrfh9Mdc?xjJ|Hp{pjT+waVmdVE(#`U5+|`r8z318Ldq$miJsl*rfDu|oWCU#|&zE^!-B?t(0S>0$43}{X z#Q5{l4_@|bcp?*1&>7^;G93t+Ls2qq2CiuWM~3m`iHxanrf6cI@lZ(vfE+n+vYMuB z@tE-0ede@AuB`v3R+7ysg$wTTS$yTZm9xj*rt0dsQ>z})=@%~F_CVCw!e#>`w7SXN-uj-v`5m{KQo9Hrmzcx{Mpk|ILI z5`KldPZX>+9ldf&veW$!qv2cdx6!Z^1sIJ3*U%X=ccDF`Fef~ttkSw+IbJqo(8 z?x}}UbM|zVLVT-?Cc7@?M5-o(* zpu!LE8TTLUy3v;VQ^xuaBVm6xx^b}1-bKU6U-cXnTE{{`>SA%fJ%XNh07D(*_fcrz z#>&=B|2=!NIUX!@!OSEbz_$(!WyPEo@|Y1xY_P8fHG0}E{U<&~O%3{pkNL^Im|3Ze z;QS*#Mq|Ty0)3hp>g1ZGJl(K%kG(TnNzPA6{StjI)=zkeSm=5NiGzWD)(`)-}-+8AF~+sLB|G6yOOsxFXhi zt)4T`HpMcpgqlEXpH|J*ERfTIQX^Qc7pp7eR=aSoIdRk2+Q95ORl= zBFm0M-56biG7cNsV<6xnU|A_x5Lr(K4jbf8GJ=B*FUF79;)dH_6#+Vm=HRzuyQPS4 z6Odhnf71r%aO9w4uF-%^s68(6&tgS7px3x2ge^5)?yjmxlr1%~yDvReGwZ)$$|w|d zDGI;&{bqjKts6qyzN8o);dn_l` zdBY96t-$REq6|`8528$E3*YJR4UyzFDHP|H)}$G$5i%JHm^ZA_Q&bLlFBoF09=5B* z$@QlT#1jlqdcck(0(w>{Kk$}PR}mt7)=21aK}|H1MlXYei>0*^qNlyMWqXWO`EBcq zpq{zDOTKIeM(13PX^5~wrhg5>r`U#HBy2t4kiT(3l=XH8izx=eH;8}M`4)}l& zZmpS0uZdLlE&A@U$3&>T=PIvtRuhRQSl8EV~616QNaiVaYpR$!-i`AV4e1MUppH4JFr zmM}VgTi-R~J;?8ClCBR{)Xa%b)rpjqd-BNF*o4N=WQ4~2LqS#@P|K>BL{0QaoIjq9 z;*%qLHTIdGCVa35lqZF^)+YXnF~43|tHv$8G};8^*lA zU5#{-^C1sKj48rThz+LC75g^^03A}8ALH$wus0j6X8mH@)VQ=E=h`!u z07E||m7H=C^dQGdG^Y0>aUf2hH+-W95&^H4yEJ2?)gFt(ElUC;{}NGe$cDVAAIVGp zN@gfv)Mz5*uMoBoWiRP2MRZKI5^^;NC&n&)jdBM{VZ;+}5f;c7qC6Wr=_<(BMcJ^8uv_gsviqJ!b+t;hg&1V)Lv_S_)-n(Vvu951=deYwaX$i^!1M0^NHt}s zVpG<8+B+F7kO0G?O%A({sN2jmqbJT>q2GSodi6&fGN8PHDut1l*ek}5R^#yof6rBrJw}-gxU`sJ~WhTz>yl51rl`f5GxeSzE8dTI?HP94GBcSnfz&zPmKYV@ z*{wp_FLH9(GA8=0r)v$r>A&L5 za?GY1Y1EE`ju2_3LaQ71l6q7VBoTpa|t@ULo35a-Y_9v!Nt1>Y!50;{^_*SiWzbNL3 zB2--@Vvx)hHgeF!vn-Lv_VlKC%j=fP6`IRBZ%f2Wg?5Y@p9=H)%65Cr@FOZRoUH+a){1>N1jiqm%zAFiewD~ z$wBGho+w>K#0Sw&U+u{~bdL%<&vgw{pdKZ3{Y&45IywTPW;EeE0%2k_0T%*6Vp&)c zNoX;589pCV2%>?jS@fq`*V*gK;@e;H>Qjz#2uz^Qd*hH}58ZjHfku{agjm>Oad{w1 zUXO8Bzb4-w)OHo#&eV4A-@lARmLGl(1^Fav>QwM{HeA)MB&=k*Uq4xxBXu5~YtMEj zcgesx!SZgl%(wLEI-Zl~=#Vd__7Kf#%ICIMF2Cgv*_1(Oqu%T@wXBcDtJ)QU=ZvGE z9A8N~L~EyjdjOReo8^mTf;S5quD#-BWc!tPFLyv%S1O%xyZo~#s<30p%%fS~Bff$!p))8eZ2;)-$Ay=w8TVljc8*V4K| zl7jCz44(}~x`atA3% zI6(EU9@U{>K$=&r-2AvP1ry1ST;UOWBFsL!)Xs22Ys)Ffl@{uCAR8!ih!Q6v)!xN>nEy0!yOqo}BON0ng zp#cjo_NMjvgqRxxpOioDH2j9ZO;;u&+IwfCQ7y-z;M6u6#kZ5qpm4Z}{je#msw8|9 zzh8&9ey=rjI+Z@{yRwfAf5eSpX~X(&2f|Odm>J51mus&0AuAR z7;>JTHY!kHvUJY_>}2Fv;30TEN=9zl+b_AVM6e=;#!4Yu{hz0fUmJwoi;(Powa}?H zX7&F($Vs<~yW-4C%$Qd8Om}zC{|R5475%MK76Z=o?M_f!F^tJb00xqM(%14vMi=yQ z>%d(edJ-W7QqQX|mbr%z%rzP~aq2Y&8!2#W0#LMLa^&DiImU@(XPRK~}T z$SR+Y;vrDHH4Q*a8PsYy!|ZcAq_6T=Wa=Wy$wGjxp5Lu4RNFMIF7~QE)X#GB9>YV> z=2)l}bDiH~DfW~g&zI;hjO@63 zp44E%;&u-*slYwu;y&@j0mAsur7mj`yGb|dm%=UoLrHV1sjc4B&~^lwiy<>x>>>U* z!Q}ye`q1|jA?h@t@qQh}nT}l)Sp~JOEq;|D$KRvs9yy| zwxne9Mtb8=DLF`sax!M(2>J?fhz2+*5}AshgBorc$E3>bHA_SrJf5^MhNy2^_vX?$ zpjGHMrDQ98lv8!zk~v#cKc#?Qk9aX~-bscuQ%&B^aQ3Pg{nSD~P|0r_C8|6zugQ>R zuaef~f3KhQ=7Mh|MwF3l>Q^#K>{XAgD&%iEGcq!OG{om1x>&r!M=EoC-qf5~+iS2m z`*|>j_;R^OGse%IdfXnq64G@-b2Ea+#kmap1GtQ}_aqBMOG->Z%1E?qY&c$r+flci zOG8Fie^HigeLl}Hhx?QOMQarbW&j3x*d-Dj5ZX4VX81RNl%wlc09lDh!Y#mn9}Cr~ z`rhEAP)p9~SAI^XW??4r?H3e$s@?}1jn=x+l0_{ZWZwFo7S!n-OZ41iAw8T&bp$Fai{G)gt4;=E*XnQS5!hG zE@zS4uV}ALi^m9v>n&!$ulnRjv*qmm@3Jl+D*RMS&=@7%vN1FMnLxk5^eK?!?Z#z+ zAV2%&WDCOw`=d{6LTLF#!dZj6pXpNrX?35wn(1f>06tD|?$Mx^-{4~xd2-=h-v}Qh zkUhWx4 z^HQ23%Ociy)g%OKi$4NsQvzpP%A_i8TF-Polie{3Sk}*(nn;7c^-?}JWMAsaNzrEq zY6EWTvh9-eTL=0DA+>nmt=we~6dVwV0|$wshhB{j1>NmJ*xKbHF96pV0CQpkc)zP3 z@As*^J)GFGFDAD9q&Cin`W8Yb=9o)dYDx7fwceksMu`R!abU^y+knE@%fJ`fx0JO@ zc8AO(p&D6#q>-6{Y#3ExG(o)d&WF_M@0VfF_eH2oXx+u6+tA_Rs5xly&EsP=Ej`%@ zTa(rht!_tS$(`q>O35 z8Y(8fD;Y688H0GD&l{uC**zW{tQLAW!Pl|8ZOLqk#k;b1XXpM@TqE>E(ZE~+i}D%U z(4@kuMbB3?`-99dg*>$Xjm(^Z)rL?fX!B$SvUfgvZSL%(#M{Y`+Kdf2wi)j&vr7y# zzkdr{x*ycXt(9ZjB7C`5ym!94tv)ZDufj*CaExz{mPbaODjWG4M&X4jW%odj+uE1_ z{&mLd^>amnvcciBUCV^~0~b%zk}dXTMa8l+*P5z^4d$wh`2Lx$%^8uxx z&Jc3SN?wPe%Sg_;2`Rye8LLA!d7H*23HXEy_ih{^%v!OMY$PZimLa~f7 z{qvd@bxxSiUMU+h@+cXOFmLyLVofq!Wh~_--@)5^{j02pPSK(zceA%;Q$^A|Zbq{i z{@}SruVL)>CptvezUDvfn8SYh>`cwmNko5smYM`k6C$ z;Bq2nXFCgCw}8lr*!{@i>wo+&o_qDYzU_bT+#dLCztL;iUeAA}^@sf*NqptsNqkX+ zj_^L`b8r-Z`x*T=?q}E%MWKv)8Wi`#7&rYKvzI)D&I61$q`ptxW~K}|TqC;);Zblp zrgA#!9AHQSrfQRkV0ysd2V@y~hG3<8l0aWspTF=M?Cn628QdE&-5avplBc|e?SP3G zlTI^aNcYGogUNrN`TqjBTRyQ3?oCe5k~7)05V{EuSEhg(v=T&4WaT+gp#3+=9p^5* zulipkx6TL2eV+W;I|;!2#B%?O`HB4Fi5vctCoT?X)@se_+%chJ)GY|iubG&WI{hnt z&-iEj{>izR%10K=(sqW_vO9T3sF?lsBYtn0`xC!A3ix=YFMM#@-AR9Q+Ynr`=xM(|4ec^gV6hPx?M#9Tan?x8nMD`Yuv*^LP3V z-FWo+N$LD)bZw4-3*!kGM23bF zUxsi0@KS3DFa$1Sev~|rKnX(iJ7h%DBMAOYNErz|p7prB0N;6x7P~1794R`i~jJG-RdsQR*6i^5(oyPlDACA1G3-ZES zUErb?KuVmThKC75O>M#l-oU3X`_ost{cQ= z-d4AweDZ$YedqIl@caFG<7M+pJ8<;{6A0!5E6A9z%B(8+r#LdL`3f2ylN{_-d}4pg zc0Xo;0EQV)%P(J&5ogP9?M5c)sh+TDq^=kIOem|oL6gX?EvGA&_z;K%V4Xg5wWHB8 z(MM}f9Lnm2&b8hv(?;}dCDbaBcaC!x;4M9k>hDNdboW7$cQ&LwqCK@fj8X=5TM@h% zIL-P5{HEqA`9slKY4U!9mlp8e6ve74YfY}(MiRSfEp4-hF#1)gzS?mZq0=ASrH3|d zXwo^;{+MK)VTHBcfgNu37RPOU)&8=#l-`Y1?Ybtjdf3``v;j8|(@vDaiJnjS>fPH0 zi+2PTsDFT_^I&~ota#F`wZC9~5Qrf1u+24C??=rv+M628^GP0bP0IhKSj{_|=!<(8 z&3rV5!(AUsE+C>=YxqI*l79#1+&URE&%s@?va#2%d4{T3=`1>;QNMPaYRdVX0`M_e zJm+EBrDaLO^KgEnUka#pVwrIh9m5iapv=sA4YgFLakqa(His+g4IF9?{&aULHI1$+ zpTnhi_RVXy#3@J!ci@5g_XhhUwPUol_=NHu3W_U&wr9Cjl3VELFN>mfnDW z)dJM+>s;}dsfO+!S*3Ncxw;GB7S$%Kd&-?1jy343oM zBhyiKe*yF5hf6lD(gwQ~v~3M59%YIcUK%e`$|a3MmX#RFcf|)O_*1~T)zT=O$5BK? zrs(2u0mWC=N691=UDDrD=2E0W$Yh$lk*`ZE*Nfy%iPH-!OH|Ic%Pf(6GH>4Gp^rN4 zzqO~PSpTg@yD`vD!28W!`f_?O>iwCz)n#}yAnx+>bLSJmWx56_*iY_NHbS1LhDhhcm43? zw859I@)JVL2WR1Tv5jrPd^}A$eyJ}M*645WQ>>O%Esn(BkJ@>f;eLg7_iZWMO`YVS z3@sK}WIsyT?WYJ`m(CI?0%A=3h zG`iUArjqz9;U(L(g3aAyd$YOtiuGW!+sOGK0*XIUV>cqs?#B7Yng6D7mG(xt8 zRZe8O!Xi=ZiMRU5B)h@@4T}iW;cUp73o;-y^dO+mBcIj4!__EPRq|JW%RiHWmZvNt zs3QZbu0ZJ~Ca;g$$zT})O1?0S>xP93{F zkrDuRU--b?WoT4D&;Md*N>L_`?SuJ9aI{5Ou^)`H4ISG*ii{^vkb>A<$9j|PVN$-M z3~0MqtDHb_erX`P68a*nyCsQARK-{n{d}fXr2AWO;6wgN!+N0(I;rHHAZX_SqIb&-<$)vtPr9J(3Ku2wb87Q7C#eYCdDeN7?^ zGaUcyGnV}6Gn&J4X27q5S1hD3=G8Jfahb^;_MNmWgc&(&uGgJAS1n>^{D7-kwfTh> z;Weg$9NM7N8vdYF;cx_mV zP81CcNe$Fl)sl+@#E3r-TEGeZZq{$ zN#UOOl`Kh1w)2_!`t?8Dgd!LI`zA!^`sw2)O&EpjMDFg>|Vy@+$e9y#T z?GckmCJd*lBcrn$JwddjaLo4mUn~lv>%XxmM*opTv7K%CU{MZ2S-&Ns#0_vM(N|pH zdDnmc;^yZWP1mD;6t%%IOEQy(FyAs6_F4#d4vseANIyUW9|bRdXyD_&H1NL=6lA-9 zAt=hsVt@y}2iUQCMpcry~RUi)j@8{|>z~XZl{!)FJg98oNP#e-m`mI7Ejb zlUUDp9J&?6*QHi!-gRuOEiif$&y!S*T;v~}rxJPqi3Ic)iA?_V7cCn#hddb11U~wU zVlR2Qr%w?xh7me3jG_*}&%A{hfRhj|ryBTC=de@KXBy<+-vZxL+^1_98^o2c5Q16+ zg+O~MlS3csKkhhwiJ@9eRbR`zf%_T8Bo3ref^vl@A8lV1ZTx9xcOoXHRgp{Ng%mV2 z*872cJ9tPB>?-Q&1jLL>v+pk2H&^E16Dd^N#^AP6|LcfHS78e z(}T^><_0lF7@6RyZ;u3*x7i<{&t)0s$qQvlThvxgv()6-3_H%=ossf6oMH<@>_ZV} zO=|=92lJ^FKSrtk&D0kyrW(Fw7&n0d?Fj!0py&zYH4F># zxFT|S_Z6m1FY(s56UduZtzhZ*Oz7_B2?o|PeZG0aXDOZW!(N27*H(7Cl;A5+B<*$} zsPNN};{A^vncW1vbEL%v`3giXkSt#W4s>N1F_Z5((E0_!x(a7KQ0pixh|{LX5khlE z_%}?4wh`CeP6uvynOU?0E5AoqepIdgM`18LrM?Y%AWi@HB2>FAv?eu~`?gf#M-^Ys zZQw~vV3t+M-+N?6x$Dy@LO<^O1-$v^jvGvcy~B*Ycj@0Mam@f#VAA_8lz&??qKyHT z2hDbI%`TMu1{5_cva5#-AJ0&a={3ovsUV^Zp}u}$NhQEh!0O-?Q1gwtDoNd4N8LMc7phd?o;Bn zG!I4R(9~(T`R+;>i+r5G_k<^Q1W{;ie&qsHMagoteX5jsBM)Dgh;m5Z%o2TcEs9bR za_nq{OX5zHEKCx*YlnOZPChJ^kTinpa*<(Kw}qTYbDA^mZx^j zbru;d6JJTq*@*d^z3)sSsZt#FBN%Gsj-`qp@1hAiz;>w!Lm2ywqrtiW|SI4pACydH3zG320SeM7r!b@l#Oz3eJ$e9XLBy8 z2SGqW(>(C4ud`aVV&9+*+yX(UR)vUb^=hixNHCWke z%u!B_5Azq-lW~q__oaxYy7P56^MCkIe^ST)NLOd__9)Gq!uiPA+YKt~Vl-yOGZZwU z8KNj)?EQ^qAHJYQBYk1yJy`=NtYuz47_X;>zMCTbAQh~WI(*`fR$;!!Y?(Oq0kZ@A zFAj&NuO*CHjz5zmt=f@g>t^T3sDp&{7~fL1kAlA#eba9Lg?-aIMt1ElA6Y$uPI@@d z1Dgm1zD|j4YsNI3v4EDTZXB+;tL7?2ifbSCCdERO+t>Cel6WCJfh}5kJNn}gHR+b> zWJJ9M!+QA9_@~*tkM{is>D6A+o;dty9`lhvtDO| zk6O`n^TIQacF+QDMIhblEZrN#?TDtHLc8XqB#6->X8$-`pFA#^DrASuL<^8(5Cltr zlS2RTJ%bNvkFVr6I5MoOBNsUG{!!i4g+4*=V-l%bngYim$n ztN+n#v4hdXwX;fmTIcZ3BI0b9n~!r1P%3lGdlep89=S&{OsMOephor&M*7da7OSA1 zOUK(Am-)_2&9+%^G!OYU+!PhEi?yx&!~~9Tb~WiuVtSn^P>^)39lv2JqyEVXU;8UC zvpQ}ybB1T+pmNBt*PZwMX(LkNGt`EH4U3&rMH{)8TkH;8QRJGbC(WNaA^qk#zFR7q z-`O0VKLb2V>z{KIS}u#vFd7fjz{ZSDe`~aOk@@dIPJz}O%5%MX5FeQEbn1eaN5Zq0 z5$5zhgg42jZM(;+UDDKn!*SC+FU!bwW1cqhGCg5LQsUb`kT3=gfY}M}EgnXT|3mCp zLjA4IR>v|{Kh&AFL_g!d)ENfPJ~;XIEbtqSH$gVTR|nzUl9_+bOoX0K=lw9HbwK$~p( z{qr*V&9tOU(g!CT8K}kT-Q$YHT04v zx<>9>3)JrtR0HFWLSp-WEF^ZQtp6z_f;zlXk @7wT$maz2|Acwd4%;OPW*PvLer z6pE$BdCIB=X>*fVj(tRvn};8=Okn;`G|Aaj_EGUTLMbr1&SJ%4jsh3E&*{$!cAU&PZ8s8^}#gScp z2URyrtfEQAwMy_Q{0u;-N+b#blo2zJFaKFa1m6IZ5w8=|yqyb`7Je?{5T8!fGfOZs zd*hvb4_DZtmyDow5f~teGdX@pxn9&Gx4Y0jJ3<|I<&sL$7nZAZ<=?Guus8?r}~*O#m9X{17~(ry93k*-}?G7GxIvg z_Ooo467Ec(yxjEt5MlJvR6q$>))3s*0wA{6YzqX&Tw|P}md|S-w!aPXlxNHV34Y2? zK&0C9gA6V+%&RR9g^^wMkng*y0?sX}Hbsa8fA9CTM_0(3B{6)_hBh!=ZRR6{dGpnW z{>D|dr>(k9VoE&`qoWuAfjW3YiT*CxL4VAhQq~cAGkry_{N-XKJ?4GAYPL8UcBXdr z$TN2)+ckW=C1~b>0O%`_SM`hZrA^=!jI=yDMs3{XhWFui*7DNzo8Sd@k19GSyCF7q zGxA}BT~}0!#7}Q0_X>SW(H3|D!z1~6f6$u8<&Y%FSQEdKnMi30KoN7cKq7lWmdcU2 zB26?VpEY^HziYWp&z>5ddGan^#Z()=8KdMHk&$5kY?0>pj_D(jwHEF4&-rbxFRqo z7aYt$Ez>-Z-MYkLWpI5;Q4$jq0FuSungf=_k4V^>s}ZlIkj1}i`pNrjw3ZdC0^is< z8Wi}3*gokp3v4LT^yy7<_0TtQ-Q6Yp`-6WX047lPOD1R}fV^O^-$O$7CkX*$S7OoO zb-%7rAkSQ?MfnhplCX6E-{e;)=z>tZ|THHUpwn>!0f! zE^9xCA3~O(^Uxm!XmrwV1D2|<_GK54?E{zgo)(d$O4MSK?z>Iltb)i=kVCWu)+*a3tUed2Mnp84X`lri;T!mfgITy#nP&D z^=w_*>#6no1!HqDjd(LjX08|PHc#3+#B^UphDRrV)t%NQIflzsM0=mPcv4JU!nI8_ ztm9<3lnc}h{h*-NqkMlTVt8hN#$Po4b~w|%xm+;zZsW?ej_OJI-ZX#GNc8^TtsVEe z89@T){*&l}eeX9L1_k)ui>TJbLq|Q_nc$BL6JAje>ngJi(x)%-{D1*k%d{ib3pV34 zCY>LX!b1CPiA3t)L1KGPxv+kBa1GY!ug5M~L|QOqOh-?-U9CQ1^yD0p`E1uMe%vOU ze%@L_ur&FydR}$wLm6~oHtX69Hq-RBPhxM;FcW!n*t8OBMOPXIZ_UHbTRUV7o#Hn^ zn4YD#yS8Vd;bv2KPTKZ)XdV)(#-G4i&f$m6RK}FCv1oD9SdcWYJrb`b6CEZSB5gG? z>OxiO-Lz5ChuqeZG<-_k+J9Yq-gofRQd3!~|JLk;LteoIdD17w?Dz0dG@Lhn56F|3 z>Bm1;vDwkRrwTVzZ`e^t{4tWIFqg_oe?berOco7!VrCg=s1~Rn(M$>3k~Cf#u5Oj+ zS}R@|$LKMLk19g#=Q7lwfGu5)9;t&LsDtfQf$F5wl4cIB5z$)5Rm^n*itgfyAwuiP zUU7LWi6|a~DE^6D#*{y+{b`Hi$J5{^RxCWFM>%=M=x5>iTpZ5n0zfF1au9S<_jGAu z+y1^ucKZ9>I|2LaBmpuwPsZ4hDOK;ETq#m?|JET9fX+s!27ZaH!-22OnZ>Jf3I#C0oLLj}MI#pFn7@iK_lnWi)bZ!kvB%W; zK3{#5C-Z<((7&zFFvP#9qo#)4((s%5jsd0aqxp_8#R&(d$rh^ios;ab%wac5^;Fv6W^V9<9Bnc{ugu?$Xw z*9>LRos~O*8S=mpjyUK%6Jcn0akC7vu@tr?W2v)c$_}M^Zu9L^Tw#=!WWfso%dmTi z_S{94f$NSVRF9cTC*7ABUPcy0cUw;&?qt%FB~9_Ot&-AfN{UvjW0S)thn))(=WrUe zD(LeQaTRz2FwBB}wyW;7j?AFQ{nfzjt%*bz%V!5nl~&$E)HAh$dvlgn!Y=rhAbXg? z8%T_$Kf8IVa$UGSWwPp8tPBk!Fre2i?3HH0wIuoHV)RFMz#CIza5ids<fdq65G$!q#zU%X_!Ukq-t#l z+M5f{ot6dCb|`%HrRtF%dON7bYN!(8g`ZWZ!gK9h{IEi%7xK;M%M*3Wc*OQsm*dBA zHQ`^%T}Q<09%~1QsJR$p6HzoZ#q|>$dXDl)aqF z^u(w`WCLLw_XxPZFeXLH$VgK1jn$9Ei3Fph#e(h<2NDGVzFUX{Ye583hwhT>D(;r# zuK)`Q^te=^tAR?)K{b=a$38D zdwe(;_mV$bHa}Xg^tTeDW?%k*zQ6d|*rSt@ExckCeE+@~~S~Zx~y&KR- zS=c~*Clnohr&2XZyP zzSH{0EA6f@>hN8bfH!SPc%=y3>lcFr2bl{C2Z`RN&rzJc;o`c$ikARr*EWp++O-&P zfOhQ!)&FO^b}{S=+9~N}HjNEjsg8&+ZePu@XBPAeR91?<4;PUTa-<~64}L%sK$0=6 zcMLCux?BSKZOk+~B4olk7Yt2W9Mj?ys~#&ZSq?j@B$Jj$v|xA$swg23fD_eDZ*)>V`F0e74Ta;j}K2SL$SU|-AkJ#1zKkGi9ZL} z52zQ>;xdT#_ixSQYZ8|A2RcQkT)|I=dee&1%q$uXw2F$4Te?? zH&{enR-!rx#e^eg#{8+@C@(_A9M!TH|8%NyDZsXQ?P6!!YEvq-$RM$cxN+;v;_iwH zNA*k{1Yb)5kagpekAuG|3ceC)@mo5R)2iq=Q+;)tlnOOv?A(!=lEu=ZjYk`6o@J7d zLb8#2E+0;EQRMl{K1O#`n6SgL>~2=VZMW<@5xwO-=ToN? zONsNd%P>!e-F38#e@C3ND?zx8xZrYg0O^{P#L|2~!nzE}Fn%J{O@#>lGBI(s+B`Yj zkIQj4Uix6`qZLJrA&Hx-yn02&pkd9Q`#7uEn*RdRs= z)lBhQbI7STV%xK&7Df8TBsCh=ZH)SRJVy1yVy85%11z@sL!BC`9B3Z(+9nz-Ls*j0 z5-}qghHfxz=Xzt`To1F>pP?U)_>W%9NoD~G^qnS+t)|=>i$jD~PpV~opjmJx)J0>( zep3=)`kcs-kL6>;(Hh*WZT)@3)kgvKcUKc@yS{MetLw6t#aPN|lfw*G$EP0|a1f2_ zr!5r*tF}#5Aroq zS}Opvjs*A&5vUZzG7i0jm({ym-)QnljC*r(KixB7jPO0|<-#p{dEDYa&aHyAg@&8m zMi~eG+~)iK@2ifO$m_(U;krgh&*M+39oVuK;|6oaxV<+7X`QI30y1Af>_T@*&DfdE znnu?Mv6=t5{3EKXk0Ofyp9dX{BK{h5bj)b&%px$M@6j`C+21SUBboeZ5q;IiF42!{ zVS-{HjdKP*emgMZnK~xc%1Q1M{evymebnqXiKI(EPo~l)`bRlN7x#ZS?G(koo%UT0 zz-iy0iv8uZV>tiKX?Ofbr%j^qXZnZU5&QaoIBn$P(;s;e3|Jm{>=U=4x5YxvcaFro zj-N@mlEUx0P08JHSDuxQK6pBmG@jpo^eQMG-FiP z&SZ6AmPj}bslFyrilQ@;ZZ~tX7|(QrgbKxX6=fvz5Gvcx=k};Me$Q`bZ3Jyacx`R{ z=ZXH;f46a$N&s!#X&0@?T&4Z0N&ll#UFR1CC+2q!!q@4n3(i^mgEh=cuXA*cl!@oM z6nhcAfxXJ~XV4$bv3XGDO6S za3BXFCC`N*C2s`^Q$YbmDa(f-EmUAF1B<~DGqmE=$B4lqtf?m?tO*I~JAfMcXx-i_ zT`2fV#J%0gDB=R~j#|B@y$VwDX4#{@E86kV*dW`11JOAl`JTe#Do3}x1^%Yz*YRxy za#q1uZa@H^yUSKc-s6xL1uBM>$IPz01({1!YuGKOUVi`?Yw*IyI`H?Vvoe6B-YKMbdPlEYtE- zSWYZRIJvxt8w=%p$=Eov!I)D3WUoli_ZoL0QZjFtNMXF@_5N3VMUSgHHkQCDP3l zw$hpy#dpt)HJ}BHR&Sl93rZTm#I=`rjlTuyZpLwMu2H-n)>|&J1~r##PDqV);7)kh zl@11fobF`z44Qen7~_v6BpZ_NIVD+8F$P#umdVc^7wE6HcQ(L%|0uM4r<&@y#tT@i z=JeUpNY|6icqVi7veXteHW0RblyE^(DY<+Jtpq6z&~&^8iKu<;J+h;(Us9fhiP7OQ zN~`(Ca8nh=GWWT={f8rzeU{^XQEQtSgAU8kgF|b3;4!gRihXPLAcH~v9-?uNxjW*o zg+NM(<+a25C)W-g?-VASy%!D>x(B+d(yVPh@s zZ|>d7@2<~E2gR{17S-vFd{HgQ5HEhpkFN?p`MOY-r;}hS=*QMdKGB~q+^ zw0DV*56m7ka#G43DMX(hScz zgV*;A!os!6-cwGlGEy*h_i1q3>%_h-ay09ftnyEae0+Mgm ztL@9M5JVyqk+HnOEMI;(?&+#(036lor_sdxCD4iN+BcT=Vq!%4d|BiK&Ms>l_Y<@U z^_N6N(AuK%G+q+|Fn~Sq>vRHxS!qN#9082q%%Pizvch*(u!R_v-0r6YP8R2eneGY9%$tyst6G6fYww0lWyehzdRo zKWtFC_8YS1j!hllnJDjzTjY_&6t7f}_~195AfQlLJ&W`kaRGk@1rP-dk>4YSX`rXd z)FXr=m8<>t)PQwiME#QFfNvRN^+bM)=RpJEf8JkaEkSTeX9;D0+rHdhSRK<(kV%iA zo(|{$No5P+w$kozK<1TZvfA>pFJ`bf0Q^-gc|z8UJ~52=L2_ObL2Bp8jQBNQIiTC` zNMtn7>v3d+^>OCnF}!BIelRMoTQ4q)Wv_A~BUIg}SBok{-~+gWy~>#^ zQO)rcgt)_5crvOaMWOgPbB%+kf$S@*QkH@2ic;bSPmS8+*b*h;9t4($H))YrYPfQL~C_Vm))W6a-$*Ciwuj{;9D2_hmiutSy2IHVx^hE zu8x(`uNBn6B&L6*nb9Q~6WEkd0n9=s;RmvU=`lLPqf_bo5}m?plcIIuG@9M!uY zk8h5zk~LGGTJ}?)-NOEc9+%xbz$H`o2%L$v0`ca@J&@x;2+U7ECGn&=1wlnqF~3cm z0OmM=GUccpQ)~U(NO})Nadku8^7`R^&11m#AQuU8p*}X_K&(E;=1xQ%K~5zk9T)Li zA`L)LeGP?I&kbJ5HMb9i7c@;V2$)L(?(-i=IyX~|EeEIlDlP%M%iE5BS%Aj{^|<)#>(p_BrrrZZ2#*Pk57+D$`$l%dnaGWzK?#v$7Oc z`t6Hc#u9UQX4!2PaB+CGM{pU-xd9?0x~~#CtFIDJnG_k20z0Tek{diwA&5A5>=->z znVa(K(Gd8T-?sARRp;P9iicI8sp-pr^BG<09wpzhaWWvqW(Y;)Gp0Z9fE4FpbQ^EtoSQXB>5|RRbVl57dxo= zD-H#HRSumtVAZQqN-%*cI-G!1@792Sg6M+x!1y|)fdTzm0*Nl_-YBvXKE5`!=G9MKp{gBG9WRA4U!M@21FmM$`F5&!-W5hKDftL%+LGVXxB=|xaN+< zYN8>9BNv14JL?N~3IDU#9<}947@axd6=2d(&L7DhT1Bze+~$igOvhG|&I^&Z-l=-LE}SLn3gsK*4qBkioR?pAn+(Ky0q zVvWY=RvKsN4C1eq?&F#_;h$DIZ8|;wGVr@53RQ%+X2!w5;;?mpE0E%?Z^c`ES*?QV zx>nIdQspzTxJdtqmOV+%eY$5CQa@ZEHD#mzk%^#VZH&^-T|lD%`@iKdAaAk%BUo1Z zPrqqSM*M4WbRD3kjfehjKEoQ_}@TRdr0v4I9t>4k}Zdza|oC< zNf&cA2;NH(=g8&>@qaR1DNEr;t`zpKdGnR; z+t7b~cmJ2{g7fXy{mXYpiKTb&UuZWlp5c`d+k+9u9aZ{6*v_AXslgOWhGLhpZ$I=> zDx1*ArhnV8_4%MeR@U@?Z8*o%EY~al-Ebc6|7kecx)m%C0M0uFE{MNr3~L#&DT8(a zlJ|+FH*4dkxSFTtiRNQX2=XtqHlcVV(J=<+2|6e7JHlAlpPtt2mKFbZ?gYwBOeUL^ z62A!o;Uv%Z&-#GqlvX%5fah-MzdUy`OF#eRxhp~lLOeFi8%5X2XY~4$!%*`#he6>V zISigR?VaB(^w6clN~MBFT=6nu3_$TqhypZ5CHq&gP{ey}fdMHDGqlqPpzk8^0lh%K z*UodYKdssD+;igeaNb5`_*GM|N%tL?Bm?+@L6A`C+gJ!!A@n;`=o^5Pg47;7!7pOsF?lVQ(~%f(yJmIsqV37`~)NW80WD z=EpDKz^-C`E@-Y|MVPK)hsx-k1@@a^X_%+Y-o47<<-&J0e*&BeAax%Nq%Ygd!owXD zWOGOY=^d_0MUG2NzEos>@PB-_q2oQWxE){r)T|>EKKgzs*Qjb7<5_`$i(svS%Txb; z@fzYJ!^NRkrWU8owJ+V+yv4U8Q@pcqyb^)Cxj$ zwI#Gw?ot)vmWKID{hppe)(lcd`Bzyb5VD#p!oD|g%JWf_n_F1d>*dDdv;iFyrxQxu zR|u!<45~YWX(u}(NU;01c8nyK2n6FXDfpAN#3`olI?*gMmYb7z?QVMR zT5+Q=nvStFg<6gd90I!Ru;UKlTX#$NrGAhHZHp--S8QC{-+~m>ZsOcGW2#RShaJ{S znHVxbAQ*o%E`U4bfo+Os(cC_c-tg`689Vx5r)o=f{gD1dN!5O0Af7K6?s-tS?bLsb zcsF=eIyTn1N_hUfcqSO}0DsnI{5bqz{CFStn7SppKtJ#pysvqPIc+AnsK@`Y<3aW8 zef^$0C4Pyqzg^P+DU%Y9xl*?3y0*baIS373qRLKLWeBwutAmWF6UpGvuTzsEuWVer z=oMp~lc#gM7mN~5!uF|2+joV}p3VEb=vsG>p|ngF#tCDAcH_@sw<4qTTSZP?7oI@+ z8(qY8tkoHgx{BC$K=$4EAPLtIaKoM6gl69;UyDGX-4+qq;}5;s%=TohMFIvc)7AZ^ zUW9hqtR=EQIaJ_%6Y$H7n?_pub_z(!2|1t%qA!k=#xr#aerOxXXkbk#7;UKQ7OQ1F zitoeNX`G0IidhuAMSsP=YBj*%?+h^bUjW4avbF@g_l3rd#UJs%ECUe#FO5Hj?3>ZS zc2>I9qc4!gwJ5mBh9A5DOXLGI{?5?E>?O@qdKWsMh6qJ1hz|30dX)Uez>QqiuDB@~ zpanHy*g7~`>(@_#UCRiWWVoR;fq5gLQcBU;iksSCYsV{1x_~$MAr4JU0ydupK;iSN zzrW{GhB;5pffh5Pv!+g6ZaS(EpY^&obuR%H1gin)`%wKRTeg5oDAO)6_B0WVaBcki zC`?{h=B+;>ON%aFpXmcTBiOLmkSJY->VJPJ^@zqPn^LC!zGo}51^dQ`xC#$H}7se9hq zr{8M)o`Vn*82Em70xzY+U!niN<_Rx8Q7 z$Xy1afqc2$h*PJ-b8!BH3bJ~_BNmjDzTO7E?Ua$h39{zUMq)p9*0h+e=bf_<(&W9%2k{~SfIR?>@?`ZJ1hK^v1-jlVX8|@9TRhKn4l;RNesv@%O?ev^m;K7H za_0Ws#=t3f|4%}s!3sVo69Ib}ARL=8IPt0g3q=uCHY8yPCbmeQ2^@N(Pigg~Gt|F= z%J>E$@n3>ULGP>xoLboBy(}ezaEbAmnnvU9UL(~@&|uuEcMXIY*?13OdZ6rn(|l4u zg!Pg4^`Ll4!}wPqc55_ttE~wF4Q%EVod7v4^TC4vDHLDYgMGdTDfIl`@GF~Zzr!cB zat{11Z{v3K42#HW@d9>BDc5$oF00r4cCB444bOI~uriS{N z;hDM&|4jB@U~ErYbNYAg=JyX5{BLo%?0lI+6oWSZ2;AKKbHKmwKM(i;fty*5vb6u{ zq@!EE^a`qcJprnN;QAi{SRbF~on9{MO?B*R-S1R#+4p5xxRQlrUszC_Ee9Eu?!KN zUL|vT`n%*1c#U&ggBxM&R^UI^F-+);(HqM*K#6Ty^VfV+q)exy-);A`3GsJcOM9|* zF$$S`2cMotY|{jv`=R3q%4Wi1*fz`9{`EIr#;XIxMsdl8bFU?2OMDH4|9JFQ&%I~l zw24x7qk$X8+Ojv!=P6Qe-CAE^?^`1l2SI%<2M9iY1`=R6y4v?YJH-en-}t9azL-T> zN_4$k&mK}DRkt&It+B)Gb)awN_;sg6OOboAK9p@ z9TR3;FNm;~A?ihh+$YJxh#j18;YB+`CO&R%nlHk^DD=#MNr>pj9-EJiV6fLs$$ppG zTGL&eX&Z%9F~QI36%!~i2FafCPl#mexman*5!^PYVjS!dz*B${({GFp`H%>p6=6yP zm2H;CnW2)Vqm!eC+#}VZ6<((JC8nk`^bR$8-@>s)$O=k?JC;!8BG5-L2oP|w4vRW% zm1mNpqmCwnT_T`SQEJf}%~My8riya&Xc{6+3a@8KdJt%^nG>>B5FeVz97^a!tnKLa zApV@1x!@nl@<~Ib!&Tw#n%JC}1qAF9=mi9n(2Qqx1*OCN)bUwhJX^hXN?jDu2f?`A zQ(PeU%xDqYP-On6$*ZKqeheagS1xOl!7|Z^ws%wX6~U~xCB3gs)^-t2^)kF)Y(zWs zOVWv->)AiTR(I^b2lixhF6O1^qdVbtqAdoI!l+9vpn)rI3iy42l1IwVeG))RG%gYq z$nE=DH2&y%sW^^@4+G<#zy>EUQ_Vk99y5CLnCVd-4Mc)LU4yTm$Ko;|h^;>$*tlRd zAQ;qq@vRm--{&qs{THR3ezSt0a9TN}JVpKl%x!>JTFZWu2pCH#5kFWU6cn=D8xe?PJ+%lw_sssvjS<|w ze2e4oTgPmkF0pqz*7Kzpm=G73&}tU@>h>m~-5s4+=uh$A8_cvX?z7^z=NS*twx!{1 zQMRSmO~n_@}2}Z5{;EXLR5~o5D?*a zXPaMvg`!@tYvtT7kYI~iNioKdNHNNbtVuDbJFJ!w@GxInK8vRg_<@hHL8ee7!7`yZ zm=QsySSm<%?o}I_-iPpc5n*ii9@e9gj}d9dtUKfOo8QdMmcvL?+)3jnfO}1_vHho6 zTpVA8XWUA2QQ3EzLPN4i38?dgxdUCl+z}B-)+_AiO?<5P_7ZRStn=WE5%{)4c}}fC z1=s(idUE3~Q8T;!B&)JHACMoL8>;64%zAsWPa&nwCfY@=UDb(5vz2E8ISRs! z=m(+ZquK>)>(7bBIdzZOAqm(Hr!}-tMyL}4592557^bsC8bqbq^ZB7jk5iBY5vrx_ zQ({9s~l6l6gb(VCOOXVL>a z_lJT7y_(WXa8(#s79ai&+Jg#m`KhKpv}(3=!VX#`K#yyh(9|gq{ESAL5T-_IWED=u z0^ouoF3E7;vZj5aAj|Sm+4bR1z$=gyq57g$^b`%m`uNDh*-d4D5NID3J0QkNB8vxg z^DDVspe6ObYeS1I89KQ*qa_hYfgii#6Ga_fIDE`Sh)#=ZCe&?aSlL=tt|Y^Qjqvvd z@5)LXO0Dw6CFA~vmQ~Ji;;uJ@Oh%#;dQedj=uF&Oh(KKky__r|Fj=*lXfO9{;yxY7 zL{*HE{nofBq)u*oX=QL()u~oift{VqQJ+h*I#&$TVONyl1_!6g_aQ?wX}=3}1Rst) z+|Mp!DPYb}npMsMG0Box^Ln;iT;c9f?rBl3^9aw{I7XfOJJDt`Q}dZ_J7ps{Im_6k zqPERk$Z2tb^%8!eMmb)IOR?($_gN(c-~;ITIc!YX2NUr|qx>R~@^*WKdkeE5vF(q@ zR|!jJMfG6P0GtJ9S-)J8h~2~kuq*KReg+HGn_#_v7_p6pprwfa+M1j#k^QEZEn;oW zyPiOqOQ2iI@8Sg*q64!1&K}G`doBZNt{CI|ytPs!3rchD&x`6@UBU%}r|jdA@-403lQ_8@Y9QJ@FQa#bx1idd(UupF zFk;zGLb!?*|6x7a&sq0+f1+_@Cj?Xvg*kB`#S19l-6sEC!1a`&D0oMH(4R?rHn$7v zwRP{TJ_)4I54@a3Soa)721~PlGhQyrHmGNi#Fm!DKKEZmU?53R{#(FRt4NvBe(HEJhOHNK4eqky}R{AU3V(f?-w zcNYW{@H#2cy*j)MxmcQEVu#&~l&<#wj|$$I2|9hSJ#5t>J~+hANW75zHIt(o`B|5s z(}mkYSo2B=%(!hEEaI(1keHaoM=)SYlEX<*G+^{RgbbTr=7@wz z)z>k?GT#gNOeYYBGa6mr?3oJAWEdiph(-1GAn?jnJ@$y+dgGSDa0S!n+hsFO3t>>6qnCwopZ&Z zGu*dree6TDqskj=ZiE#=DasKWK0`C6eOnjU?Zde=v28bWRegg*%45w#6{$AjiN&0K z)Z0Dq=a*r^Zpt^(`}%f{qx=t!Mp;`mgt;higC{oi;29}T`N+On+qS3sb{}Xc$w(|p z-EVN}JJNz(y&82F8PWo^j~Sjj+x%{C_-`O&58FJC&8W97`icIvSo11*(vao!9bv8! z0jK0VmuV%_Bf3PN^qo08K_z^{RdgZ_%%5lN;aO;nJZ@1Wfa4nAT(qG%; znFuu*GzY0_$VRF!oiG7i8}XhQ){VyLv_l|ZPH0aKLBB%ob;b^hZ9PV(8qpWD=chyh z?%v(F#F_#N^|`QkR+}zH*}x|c8ht{(B3CLM#?P;yTVG0d*7P+uk~ky@a!j)lX{JHr zB3<=4eckz*Zd2%KDF=SvAe9rvbAd3}Uu`VQQ6wbGy;$!@soml@dieWBvUaZxqNi#x z;y~N?ktyk1fpz55eSq3h!Ygr&aRLB!00a7p&6 z2(1S%Qaq$n(_n<6+9Nj%%1ZpTe4`+O&&9=;$^dx>AxIG6EKW5J+;*2Dp^AE6;_^D^ zV7MbVTQ8RTs=-ghJ2`8J7Cm7jny+h1@gtS1I$%RS?aMU&_TATY0+SBUFH>K%G$|aJ z3cxV+_D|-|G*5@8<`@S{I34bd$PxiX78xW(iPUIte=Nsqj3W56~%{v$^A5 zRlKq}f8pd_zFvU$mXvIGN}kOdY)-_W z>k>K3QuCBRPKu~{SX>{~$Hw&%g0QLDBY35Y>W+p@vw!L|lDhWExU`|P0=hFr*vjuk zT)FS5^fHANT?$3z`APi5|J|2f=hOdz51n}JQ)!xK{Zk#+N>}H?XC)8p!pHQJra<^r zXSb~J6P_As<|E{x+x}a_XVP5$dyRM}>?@(EkikjosGUBvw56>GZtieC4WBEbuUB6t zV(sg3)44DBypCnB1u(+r^XH`Rbs_$%b#wb*i`b2bF~_xCnoTqNwG&$_C~Manky?c3 z@;mY*{jWe%Z+V^*Z)K^D;?r9;$SmnKuQQkfRg@b(U_l zG8bKMzvr$??;_{8mhC4BI+qCXy?o1Q=KLvYhuobvx?`qzM@l#N%}1tFap7OT0z;RS z5x+?-pj@%44FGP9QlHf8gAzp_P#YSywcVF^%7XpYSv^yTBP4w?FC1$16s??jz^XWV(Wt57w4u(HJzX_Ppp{w0BGbZE zOktO9D^5vcAGC|~l(id@R0v%sLYN-1X|?2ddfMaOQXEocI`ijo!j`VByBQ+ZB!yXj zqj=2G>itK_DX(|1i>4RX7^{A&4Y~W%}2?rtK_AR0wVJk zR1mx1Zj{_jl-wDWzl(4jWEW|1c$#3YNZA`bgW|H>%dnvCv-XGt;b9?7? zWw^eKS^Bnb|G31gEZS8Roam996Z#E5RBA>Zcmh@FK7-tnjD_!KQD!rn_dTc;5SyKp z&KGh7SDF1jdEnWL=o+O@Gi;Asc?DIutoOTWLq9_GT|U!Yq*6Os9#^I@d>&n6wmXpf z5dW=7TNWLf->??l`IVjfrQ*lSAo%k!pI9{)4DRj_c$BWzJsTCf{EW^RB73sewI3tThvWHtGrDyPS!U!ylFasK%m>M%ns#9pIP3a zZXY*#HG(29aJP!okBkS#cOmiD+W=3C`e_*< z&yE~MRl!D~uktefNXj|Yl&aNHyz*Yg&9o~zz!p7o&UPkDPv{FJlwM_{+#ExT`l@yk zKiKNa<<2g?=c*@+3sDt?YT4^iAu-7$fSqyvi``+at=@KOI*h_)2WBYe>DpTn;h3Cg zxSG-oc$lp&lNW6`AI+zSb5^9)&z>}g!h!LQU_9ytwlhvgitCQyxiM}KYnfB?Sk63m zLA*$mG=Ynt?b!@^@2D29Z5LC<-rA<`SJ`4!GE&S*DFJuBqEw`qqj}j)=u`mSER_cO zbtnSn!3E%RT-gF00bdixhu27iq4_T;1asI~Y{T=adiE);-nRJbTmy@pxc$3MLSx6* z?*9mzO$&z<|XIPx(w9i1~B2x*Aa zP)KQ4>`cQa*dl#Gf=5_9q!|((`6evFGG={Z?qK=K!{_Q){6c#L9>(sGdGbAtU_BRVUN^hO0{=qdm$O#44<4NHNO%y8My$b558Rkzw+ZQH+ddba5UI z552N(OI)Q-Ae1(o8cnjyvJD7VJVr9=5*AM#)?w|&QmtvGmnjCcf5-Ekvit{ zV`p0WFkRssIkmp1rq>OGw&wbXc`lREr#7~tic0PlWD}+_lc0;alRU^vXDt8Jtv4M? zR$iA>=r|f#oG6?M@zqffo8O9o4K=KIdBLx7skXl(R1MER&&)5&D7@wM-|6K-9^W=UEX(fR%LD+C&rg`;u|a z9It%>W9*LfKw8T%Gb7`;l>y1pVdJ5jtBJwk(1G-?yeqeZq)QO2{ctop(5wpo$d*UV85WDBAcJ8sW? zLmE*luSFSUAT4J2!(Ux5ji=>X+0@(VXUkqf->YE!ivIS8sxN^4kXu31IeDvU=&T%m zQCV@hgO8ezfADi*kVXqkR>Z77G z(^Lw%OQhh)mVer^V4JUbdV2Nl4!WQuVZ0ZctJ_fMjyB^!$Q(J*!E(2lzJyGsa2v6=&QuPk(!DYhuu*8Nb!p>{mnx$J6;9n0DH9)hvs%DfTb@43WFK z{7+Z)yK--A?zi=NsqY^@*~$K^Pqejt!De(`I-3BkAcxPTPQG$OD8O(MBFB$ibr#{x zXM~XOX+GF>sQlX~-b{iUBX^y}(myl!P<>{L%#z?awF7saNoSchbp(>r?+{?*3OG}A z(YOk_0O0d4g=%j{`nS=!!#w8}xr-NAFBlR(a=gW7p8L)M*c?}HVG8E6@7Q+STCSs> zGF^9}gsQYeaXFsYlbNwAQ<=RnM3Le^q#~9+ypJ`$M$mj_EZ-!}sV%6=o0!;s{W;;q z`PT_=XrDD21B8=vhxMEPI?=r}6Y^y-R{)`yY`buGoc<{^r3Xzk{QwuX;l01=L~$;2 z{FGE%Zpzd~7#@am3s6+px9x9KUSiZ7S%NYWBZMd^hbw{pXxs>Cu-mrK(x9RZ-Q5ga z#j}i#LW)Yqh5VoFM1+Y6l#3Fgp>CcP>(m`F>#lL(fj0Vm%2qK3teP!Ce%Zqyvm-Vw zC!zI=;>TbpGeM|7bcK0S#jfzDae8s~SEugLweWheT}OaIk2suz!q-CV8s76q2eW@qx(=aS<*M_gsQp)#FE@ZmpB z&NXGl2+y;sVg2^)90Y?Bn_=&n`h@6RExb%ijAg%vnIL0|ZH1vliXOnhc6myGPzyI? zg3PuqVEGxJp{|~*89yl2rW(2>og7(r8PSdqe`;sf!Ds%W$(Bf|apfOKI-oEBJ{tN~ zG`?2V5GIY7Z1YmaN)i#2(4#iMRi*z^LOjne(vyZpc8-_i2a!dneU7XFVBw?4?Rw=J z+5*)eLKS~=&%6B2H2Um-iu`RO`mq6;>OouGi&u3qDt z5oisCo$W$4lpA*8RMA-u52^9h z8#Xo;_v&5nsf^zm_b-7uMftT=iB=n>r25q={clURBjHR?fyX*pvNdnA+z4{iUrHP~ z=}1mM(xmt(3M_G)E{&`A$p@SY)gI$;<`yuoJ*YO>q<@D)0G%d?M;3*Zzg2-T{o<*~ z54`~StvCtoqx)ONP_kE<$X<^TSnINirA0($UxSE8OlqBYItU6Snz+nnsj`AZ`+21PZc@`XY zyCKM5bkL7FXjl1kmBZJe3qgOobmk^RmD;USGYuH1`xI(c z+u`S%^n~<88^)_@3xpK+e{{eWZx9{08|foStxKi%lt0h-`6YdNclgesi#mPU0#mX2 zf<1AfLuK{W(2l1IDd*7w*8IRl^>nZ!1NC0>`0$4bkT>46DMvQwhH-Dn_WStn&8Ieq z@W`vleL~0Uo;0#=91413Pu#^a#<>@zjx<*ga9mt1q-pV$U(SX8Cs!Lx04dalP_ z_hG+{F$>@jMrpdUv_NzocFS&V%ivJaBYI@5OxNhd=j3%}nDG^5)pLQH4gEST9sMBy8-8vamh@mww52(#|O;gEZN zf~Vj2pYs>69qdYEXM$Uy{qEjBzK6X${)cpo%a3qMDX)gr5a3(54q8s2^ z`H@a%Ds4ztVYS2#PU4g0k3_~{W<+qPNt>i!sOcX?6Ts5R(8^}WX2W@$ce#$eQ>BNN zioj_0XPy(H@adz|HLpP|>nw-;aMQILQtSk53cp!_pLo68^IcyZi4L)3Gu!}w#6{GE zUHh*?z49c!=Pn}Ebd{_}T~J85j0(wn%MFl96AU>2n&vU!a#Q|AEEoalXYsly!4-NP z@tO_2$p$Q%R6`E}2ZmLyj$WTZYN$;B4tQHJuZ; z(5gs;G!DHTQv>9=vfBu$YDi^}6C(uCp&Ml279fZmDJ~{scO#KM%tz|5G|_yQ{Kbg9 zbicdnB|CIzd+%Jae#_z=E~TsvsWlh{11!3iieVLWzPdjTK!3W7PBX_jmVh0b`c z|LVcNCIC~$bIq|17l5%*mWe961_RFkJ84+qHB>IjlLY*5BCQiNBo9SWI~>IgRI(g} z9$ln}9wzbTnssGz;W$7Ns{mosn}Rf!IFPrWk-psF=00$zqL$f$SZKH-Fgz8Q#qau_@g7I3cY zF8noAb8WsP2D}wdTDP4TB$G)2jDx%kX{P~yhh-zS6}-jFX{VhP|J^!+Z_HYB$MMIG zmHBG`e_oT*T=7crHHPeO?y=5d;7e92D&%mZFr@IqQF62jCb5R9erA#IzrFj14Qm3M1D>geq15*O?F4!#te5uHo?^>*B1*E>&lwhit#NU=I_P^ zonw}_wo7<-yahT_S!IvPPi)p^2}Y&gA#!~+@V8mE7=#06agcE$Zx0|18Pfj%^j)0j zG-enr_ULZ^<_Q`Rrs77#VXB~2KTrCz?_Fu24*tCO@ypkz{?=H5_42aZiE3qwPp3-- zfvzw&3)JttJ7q$PAIS1N-1*cUorBIFaU@k3GR6}{-E~BXbF=3r-DvvPMmr(bDFr}G zKLxeMN$7Aorr~Hy$>-n3@1CecwQoQt^l2&I(nj!l*X?5Ts2+k7#}vjt5^(ha=YB^sG*{b;|Yp02)m6 zs${?^qERS50}!g=Bsls%ges&Uznx7VyZ5CW7$J9hV*OIDMV_uv28O|fb*)p|VSr*myLzHKQ6z7So&I)UT z)QnsoD`&leZcF8ecP-kItkqmSmt7L=S33dy1phjWwCRz(x3Nab$?*e&k!PXHvxu!^=|;xW%lrrgS^lC4G4!Hv^4zC zBO7!t=im5g7Av5zTjSO?`xh_IOR`(!E3|50gu!i*eQI~2&Q!iBa&+6KueMXM42y<# z-yV{*CsMKY!XF1o(Z=bA|M4%#&Bt-6;+n1#2sn)O*i+Hr^R@*COAJw};Zv$%ErxaA zsRMrr+tt}1S#Ca(xdjnCSxD`ypVOl*1UI18Kf~S*#sTrs1I|Zq-e7vdfQ8TcuXn9J zgI>NZ@@|fa4WdnCI$oEEb%D1v|Eqx{NUiaoy+zFN1FFn}%8ICgt&k{v=%6J`InrrI zA*}o9L|!fJ`5UbGzx*TN0s#D^k0x^vYJdupf52h*)$?x71rsPE^x+ZHc$no|u(fIU zSti=aC&WR3{cYj5o1adp!!E{^eXlK1m}Pj+6cmALb3v%b>?DK}1&`4tQ6o~@|2B|l zy5akE9GvO4`0fT5eJJK3d1KB7LS!X1oCQWgB&;GzFllE_h#39^vcp^zekEDxhGO-u zmMU!#Rzv^*s3M&&g?~&WrN*HE6Uj?3J8^&4)4bg_t=0OoIEz+7ks{*C4^1eXXx&0z ztxtH%%|gaM?Svz0%sU&Pov32N3u7fG_@IQZLmM?j;NBE9)4gDBZ0K=?-X}cOCvIa` z6B~PBzLXL#9v-~;D8&X_mCLs5ghj!SuaWHz$!!0aGjjR?YhNryv*QCwp6~dooZ(K3 za`fA2;!9PbjiQGggflc51S%2CTdO{#StE8+x$07WZ6774vhx1ecY*fyP2})JVCeak z-@su73S(90qapQIY3%44vBrzW>?MX=>qjvz>lJ$tHPXp9+2lH@<+q9Jck3(8HnRlo z4zC{{Heo-awd7$Aa-!JApJ4@sZYg2kK)2|-wQQg-^3qa6**7aXu+{5Ntx>XiHc|)% z2pGm(>r{)I`^T%CyQCiX@JG@)JxX{;Z^ARSy=>0JI^ym6$cQ0-u6FTko5$cxzH#)@ zvAr;B93~BDtb8s_MVd@UjZGeH4q&=4Ci<}GKv!vhor?ryy4U|ID_Q6u z*cNy^*gGdqL}7D!D@^LD5f5gEY=-^yh4U!*>ArS+8F)ZU#C$-k9P&nuA-_S)f{ZXmWkh0ns$bTELY{QqcuCVWyf#FTKB?&>cRJ86M&RMdrob zY@HVBaFP;Tl`>fDIZ~KAer*6MQ9QzTj)t-AL@(q^*}VYZe>Un%SvH=$LKk&t`~q3C zpoDTcRX&-pL}>gTq`X4<;t+u|<0Y~!q+LAI?0&z*iCu^*^bN{hQ99Y{QeJ2Z0jqX- zct`XBD3$A<`Uq7IjyWn+fl*%uq?$VjGn_9w+>B5)>&`t2Dh z-)t#90VV4IZY#wyO49q{8A>QgL!91>{0rIC16a4_3~Y6QwK(saZ384zK8)2EdK< zQeFCCKqEqDTDzbsZM3(cPfCp_ZuQ#yVpWO*62{QbYxe0c=yosC(Tw%^a5!iy_=#+- zIRm94Y?EM*%IbZjig9P&gn3oTSG0M%){N6=+Lu!3>d(5MNij;TQjl?10?3JcYhq%; z$l$2%D6S0?`J^D{Zpa<+4u%HuN?5B@`B z{W0n|Z@_V;yt%?S&OIe68>8AKPUphNbq=9vZq3p*W?JLZ=XDLrzNEf7GX4Al{hydn)^EyQHG_Z<(6bWCB8ZQ=JOxKg0Q`&pn;weaFNeCZ?O-QS&p`1jHiy| z$IAD1Tp4~F)a11qY}f8_1esQaTR1K!F4=a(NeMkPjxERaOeH|>r_{m2rX3}~coVI4 zT(A#qvN7+(3&cnh={02;)&aOKz?Ydh?ZYkybfV5@UMWP= zw;F>2XdzqUCeeeS?3b%rD&p)=5g*?hz?{8kLta77f-=`LuHDU7O34Qbe9IwYK$cMU z<$Ki4xnZ7=#DJxKfO8{_fV*)af-MDCaMlp@p!&Ufks$RiqCq2`3hUzbEmrbd;7zbV zEq?iptrjw$)8C902@x=x7=Ltmw10$Q@45JUG*D+>b?^%$xDF%R_XwaesGSYbw?N;9 za2(*%PEZA^2jr-7W-}_BD$s%?Wnq@KZBw-UdBE?7j?(u`x1_+z2|n)@V;w5#ePRLI zpXUxA4Y@HhkLNjRO=TtFojY~4g;dkP$`?(Cyh=M|l>AQTR`JvoByUcTc*W=_03b{p zgrJK`=xN73k;;lfThv=NdX?#raW7ca#mODYo-w=T<>3RitXS0${fmWE44U6Xy#K!5 z$(vQif%~DT9Mg|?)(QXPuE+Wwl4almK@>Hn%XjKabCTHuAHif3Bqr%YKPU*}}goGo?@hcsVkUsw3llF(o;RJaGO*cN}O%L zic3s7{wfetIZCrTl3sZ^6`en4Phu&+4(Cks+T#J zYeIY%dTy)nwrVSHE*WbsesS8CQ>^HVGUYkcV5U^@9)Bc{nNP^l`5)FY|NpXC0RYukY&=at&gz$@Y3;9$}A4>=Gr;Yj^!en#hwL@aCgi~PpTooLC#JsFD;lie!cForzPx{2pEK)kh(QA7 z%mbC{KW85^n9H*(%>k!b{Wu`SF^Ii)ks{zFZkLVeG9rL9ogncHBGFkwxJ!w*#Sn?G zUATa_FK2ejU%f?Hn)1c<6G%G$<1U*^aq{UMzYh5NL-BqQbJKSco8N5nBvmWLJ$mv+ zz0b>i%nNhE*;lGn7*o^PaTj$uX2ejmlZrID1awg61rw8rB^5sltMBIsei84eJqOF5KnD%c|3nAoihs}nKjc5q!357=bYLg@ z|B4R6LaO??t!*0q=?_2rfBM6JkN#WU;~@h4;S!w4N_nzDf`X~- zwPce!LD>~j)4)#fX)Uokp>0HVIID#6ibcj#FdJoC<2ivFv=5aD{_Rko+r&B1PE+Os zh3lTOFz?er#A@5kZTsXm$rkIku_i+Kl6l_H02$P*gKm_lzTAcOF5$ATsS^UvExKst z_v!*QNo#-P<4L0e+1kB&AroheU+FsR+AjtVbZ7pFuI*I(eK|}(NvSu$JF}#?2ork0 zo4b3uBp52FCbLm?B!B~{`bul`LJ{oGvIuPd);n0xCpUi9x5PmpG_?fK0H+#Q=FhvS z1O|vI0HA%Lfo1kgtdD4aG^|_CdQheRh5@18<>M9;XKXR5F?dfG`ST5Fj<HS-rfA$-IFpq^ z!ihOtpcXYAX0Cp9CPSTWQIX%rUWVk{S8t-;!T#}eWZiA3k&QvQ+aCzA_41MU2b{Dr z8F!&jwH1Q2a?7H$I^Eb64vkm``D1qDq+{>+Fp!dykseU_ksNQA45Wb^6%=w#MYhM# zvEW)WvJ44tO}?n-ha7u}9#(mOz=;!-mz;nvlvg+Mx8OW#6ao~%VFsmDX$ClD-cbTV zoL&Z{mW+>qlO{S*Q;wuR3Es`u_Y*Ff* zbhbgLX?mz6C(y3SAL_3_baMTjd{YDv3Znm4D4_ij3ONOP{}c*f0HHv}Qauk43QpfK zzaJBl?L{6CbvRZyJW+HQ@6Kp;VbyF+kyC%C&? zaCdiicXxLQ!6mr6ySuyfZeCg6yVm;tUHh-1x=;FqF6!Z$_dUinQx@J4^*tuag?B`K z_G9|jDmGgth7yKN(rT5a3u9W+I7NXnF5sLHX3PgUj4uQ+@3lt1tHGM46qpp6YywI& zzWtdLK1|=T|F21bKVf??^slTCvj@xyUu`DpL45wm3O=jvS)t~StPt`)Spm^V9C_b4 z-dC`{?zILobYA78EfR!gI5qw>*3!@H$M;|6c)TB>nLm4pebXL#3#nfzmUb?ED&I~a z=BV~JMz3wGg+3xiF49WR7P7bEzLm@CWG2zJFjUX*~0c#pu;I$^P{6SLLrb=Fe z4x99=E}Ly}3M0qmEx~dRoZTb_*Q+SOu*n((9I`ijdlQp1k${PHMoRI?&k$p1-s9G6 zTCt5wv7KqQ>Nzk~4S7rKn0!5zjr>}@oyO(YuM>q9^@v$T%+j*LN*k+e&x+WxrIag+ z^?}Cbc-gm`@1Fxt1Xb|ky$ayH?FYrzH7N;&Jf+fOHdo<7TJicrNX?Rwv6tj}OeYVn z8J?%A$42d#>Cm_uf{Ogw7cpt=SkZ3|Ox}_8HW9bYe<16>_iMO8Z$VZ*HXpl5?brqN zScY?{E@XV1Da1Lwnh;Fl{!%XUFxoGkhU4EQ2x+p~RCv~!`=9K3pl&zE^go#d?g=;^ z!afgs5XON22G{?d9O6%SxZY4*|0)Pn^{T!)8&9ZyDw7&8rcJ3(nodh&eK*hY|6!hmYvhMizDJAdbYArL zp&=Q``_OPs^gqorm?9kOs_NiCLNv0CIWKT!787w2;+-#TAL=4L>sNxs_!HJt_U8fe z`4S0IMtq8v$-Wrl7AB&Q%|czqP^08J#VO{Ob8J`o>$_@Tokyk8MSs~HoNK|`gx@{7 zaT{{MvO=bOPv{JSa-f&Nz3VX*pyoiFf10oH9tT{5Ci{`hsDVG&zI0o3SSF;u^r0 zAj5Imr&n$7J?yASlYP+l>!f}i3-K_mk?Dlixy>90M!C}bs*1B?ROWL!z#H% zJdCyG-)CgqD{|IZW41wvA=P!3B_&PktLN=eB!fhlPm5Q5ch=O)enI;v1FbA)pp|tY zMuy-#E7yqNjJ)>qcmrnOb#%O?oV4?`)6qx0Rk|%4v5U%gdBksnc~GngH@Ro8lZx*{ zvHm^?QxnE#Cx~Gvg!EFJ4@FQ?!vk06Z>%sxn3cA7#Vou7Q<_xLvA^%Yl;!)4{2 zzoY)>PojGe+ML3^j#GfjfM-Ab%x=(lzXtLgbKcCe1*;ti&li8xWCVYEn;Ubm#NvQ^ zDGzk>F6B2ZTA1(iH~L?>97uwo<;$u;yA}LPpyan9bxmUx5en6$9y~3~;E1{x$oq>a z;O4Fte2Fc~p{x+r49Qsn8c{n-cUo|5%;04!jutT$!qok)_>5cNCQuqbHik5n#`E-O z1UJFk^}^{@5|ts2G_cbJN5kOHX9`r#CK3=-I`9i>ltLn)5>(OyjXaHaQA}co9=8#3 zHU;ZjIhTNnI)6wtimt^TpGum(qJINU*qkF`Q=J(^`FHcs1xE2Ea^_c`?~4_@wl9h6 z-Y4v`J(TuNqX+~Nid+Z4oAJV-8WNi$ppfrBG=9p=By z2do~$c|IT0L!Vq!MO^^093Q0Igk~%&*awZod1Q<{=iPT5&{3W@Bo^udthmIj0=Z+f zD>~fvE7k{V^5&Fgp^q-&tn$X5muzT;l25`g&e^FdCOIwE!UbKAc z7`307)RR#h+y03LC9UHL^V$=l5JRFwJ|Q6^6lmxRRQkZA$R?F!#3O$Cx-}xV`Z%PU zJzy?F1M|k6>AwaO(7?Pw-<)WmW2Z}XKN^hBtDyLOrOeD$>^bX=J6jlYl%$%IWs(t!-~V5*{v$_F}eDtZ5#6IZk) zVGz1A^t1P8S3`}SIx{>TI0R-O4{-v}q8C)NoFU~@^q9LGiN#jo|3G$BQSR%?q^XUd zT(&2vWXjyy?xdbzVP3i3)qL%15{D{LuHwU6CRmxM?)~d()^n zyDYz}F8|tWRa~MtAoxdosJQ~h2ey;(v8tBYe_J&2mHxeGMBkOxMq8?9q9T$Fc}w_) zlP~V+a{a{xLOj)~D<}!Vr+_NpP%}@!(J7xW}PxzIK}@r!T5RMkHEkRri-$fo9s>=_$dCU z`yaCi6knY!Katzqu^y)uie2e@R8Cx;gDWOwZI8(>3+bRZGZB%C4kh~wl;Lu))AFz_ zIzPeF2YTZ+YX1#p#CEpp<|bWt>4Bp}i5`${2d;)ie#xT#xoVX9W7P=ZF8N?N^pC)> z7jS$QKB|dL51XAR+li*IblH3vrm=0WdvgBwC}O9_^L-Q%=kYoGFVjtt0Nc{E<$V&7 zEUR(TBbZ^85#LUz=qH6=r2pIRPg7ku^4(OY@o?h%zmFnZ*&quCJKj0Qp$IEI{$eUk zRvS;kt1eF0bLY9>)*G(nl=j>(!UMUXgk=Pgff;DnxfPRGvNZ@3P@pO+qpouJN`;S=!WrS;ICD?EfAsV{QxEDAkONsk?U|0p44g&@T z{;V&;db7bn&;L->RhHjXb!xdkRCOnkV?k9wuLtB`s(J?XpQ`#0qTcHx*Urjy5_MUl znofWA0ac=`l=zt1m%eT9*BX1@)>Q`aIP_rXX@2kkKUJxo$M)dRdh%j)Xz@r!!4AnU zC+IgcAlM^uWEcCPk_v~PqK74Ge9|orpjXNd1$?{|XTDhNBgIB5n1f}@4^*V{e-kOJ zrft1DpCI;4C}nQM9?6Gzs}e z6ws?phPR}=tG@rz^lX@CD;-c+G0K65l zS^`DOf$*{L%#;1(95L`wIChUf=RN0o<)Mmh#hLyiI z;bwSbrN*)U!BBzg*+s;Y;VNM?6Q4$uiBD zl+uexWd}j|UhQSS>>g|Ha6x!&LAXNm3+|Tg>&iT4ZV17LMCfj}3ypQ+?2ezYsFMP9 zIxF4G=i!h1F5Q=#^V!8018Q2}px@+)Vn8qu=A|Y7pjhR%(dour#|MBgD;@j3k%Oa4 zO8GpGpM9I1h|z`p_&8?ac5gcD4nSr_v`M2%jlwEOo+TM&DW1BhSAGM6Ugtz##k48S z&XHe3xVg*HIM>ykCW@FzJz`p+%J?D^LU)z1RPEDG@UyaLDIiZGUBSW6kwlFW$>KpV z8~E*WO3upAw`Bhe_%LQ3+HYG9jPSmqt+00eVPbM!yqP~%TYcNG4_0Yksddgeq@t~N zu_(cuKvZzj1k0xY(M7Hlenm61>)mjK%O%kDF~rY7=ifu{Z)P5H=^?U{{zgb^Nppr(J-==tW>G+u~G}-@+52dky|51Ft?8hWFn%qIq zq341u&Oo>=W`7_TL$dL>kK%ZQSf6U$5C5ZVYl@>~RoXLsJt#iRWQL6pu?9KHKvjg- zRy9GGCyNl{toz_QJ;*7xFBm^5K&hY~@IQ?rTh$hKsc%wQ<`}v{HpZ>_gd>0?cHdUZf?x_k*F9iBIcfAQL}}fW_A5M+jay!`=@yg{5GY062R8)-`2H!%BHa>-yR`U9f40)EnzSm0;GFy<^tQ+h0^ zJ@Y%xdLun~5^tVs3fBFYGEi*^yd2JdIO|mvD4|`dpZu)ZU}0_#P`@4&U9WW zyur}uPS8@F)9neC1BtWZ5G(eydm0`C;_nPGKxs5&W=9<`Hxr{yf_fVfU7Sc|?C zvQ6JKg;u~QGhNe7!OsWA4&5foYMUm zy=DQ@s9S2FM$isVN|nrV4l`&hYxeoXae!(0JvKv!ytT~ZzTC|ld|lYo#@z()oK_!s z3K2uKiZTx{G-Trz%eR@ey_%*IrR~ElV^V>%VZEH+*ZeXqT!*w2Fr*O8*Z&zIO*os< z3%l5N6?n~=DI$lETk-vN<2yT~o=sQgD7SM=WGtdb$poU3yD61!f`y=ba<-tn3OROa zx0uP~SEcN=CZp(gUv*=Q4{6U`XW5ZWH2g~zxKh?LRcpJF5-!cK32d8JG#1eM#Zq*+ zLdbCAjj<%F$kPXY(978??Dfh@hF#?K2K{G*q>Wbo2C3g z;6Sw^uYQ7@Ta3stO3&U?W6ic)8ItMiVDo8!daL`+k^DvKY;r9_3 zpdv@GO`5{rp)Oc;8}M*uIo8KY>CIYh4=2e2BtL)PDLgjDTFbQVcs+xuyj903ML|>9 z(&dl3HB?GC*LTWkZ1#m8B`@9293=-1>)J{h&7``x6X4dea`JyaGn7ieIeQ7+Exx{@ z8!BG7w({n2;%jC5pc?C!T!2NyLefl-nJj>6XV);;Ew-VJIMW@oNS%~(IWG#nEe;wW zas2$fGAQGlBza;R&^1hA8{fD(D$Qfy`W*(;tK~+Sm%g@Q5AWH)o{GY-3p$hhvr?W( z3{?XVGDC5u)XOY63x{aW^}0{s{>02}nAeL?8Qh+@dyCx`wxDD^@M` zATPHrhayR|B(&NoKWl_-*KtyZm}@YwHuSCdHfBybsuq9A*;RqjG%h8k`0}2S=>t^L z&8smL(JKkrjv<7AwUEURAz;sjg|R-G_8C7)ef*5hHgFf}8N^uAs6Sifo(N-frS%JX zmp(GcD&3o_;ixL3bk6jDE7~v}S9w2y%rz5S0FNM#8iQj!|8WEnD0VD#UuLY%(3)g}VTl^X?IOQUWdNY+G@I!TBGnSF$$o)9~ z2D{|Y9-57qx`~K-xaJcCxeFFOYP-u}3k(Kr?(1v7B3(pe4rXdDJ1N9d2k2vVI%kO# zr#bfC3?KgWKBL*O^58Ad>39qK^&5fQysUx$+$>$G*@c`2o zJ=uls-@YR9Uz0K(lN6&fc#6bcZs}7K_(4E54UjCM=Dd9`j@ec@Pg2V3wsw3V ziIkZIE#BqxxkhUQDDnPEQO-pXZ90d z%LWMV+-FuC$djl7q@9e@TE>*k;%a2(iGt)^!6R_8rLT-+0iepRJnfQBNc7GkcxuTE zvKwV9Lix%<)GPr`-+$&%to#I$&%gq$)7AbTDi!wIPf=@+kNVm4xm7W%a~8)u|#MuYP+8%Ma^(C>Pb9h4u5)Qs`+~2ay5LMCAvQ< zX+XX&Q-`?=x^0I}stkwhso~64M+qkl+jSnq*05!n8#)E4EFV|xxrdx-`ADv_eLfBM zg4s^ouYFObnyEi~U&Ki-(}5l1b2sWz60yzqbz?6 zf(}Km{F`2n%F*W!ecgVv!8P&H6m)Zq+Jv2@dBWZSAQV}OC^{9@3BwvZzalpiT6=68 zt3$QtO)=WK0Q17e#934VWy*Sj2$~fE%4k6y-|-r)XbB$*d{;M zb9ge#^fkd}<03e`n4`;TS5JVVNq9yIW8~aE`Aw+pL~)d$(|<69nmL1=DLtzb%2vvR z_rU;bphO01h=ue~6aB3QJA+jPHS@4OOxtU=t&%3NQYc~%|BI^2tfx_wbAc#iB@o{7 zln;vZN*F2$UjQly{_G6?>@z+VKkKX?JS_12*S9I4ovq+zLFa!>1N!E!Gw1v*uiKYD zicBiz08eHm>QX1pYPw74=I0xpE7BvO>u@x_tH6z;)6E^$BxWwltlz;G;CtgYIYBFz zo5YoriLXBuyQ(Gmu)CQbSAI;Ovn@a^i{biP9KBqM=oLE6h1_3?!LU0SKhX14H40)T zF&cZvGJ4()-;bmTZ6&ULYlxMvHB?>uSjWx}SKLjo463uQSS?nLbW4Er(fG&%xm|Jn zI9KXQcPZM|fy)%hbOI(-jvaV$vv*d32jRJt1%FluiEL26%Z^`Q)6lZ`c|EmF1YLPW z3SNtCdGS{6q5m0maf|n`DXsrc9a@vtV5u~f78K5XZ?&;l<(ebjJp!K?2URdkHA?u# z0MombDvcSl#JG4VQ`bQ%L#G4DoIvI{jV;TPkEaj`PBl7n_lU1EvgfllWHToQDWXO( z)?Fl#rwU7)QyLh@PfpAaL90X**f-+5Cry!*Q-#@AwAYudS!}X)=asa!vnddf zA+cRe^I|-klnGaRWHI{LS-M!R*re*j**5g5Saq7Jf7SED$`B3N@vbOiM%=M*uq>_0 zS?ppzz%>QQmH+nkglAf~M9#KMM>E12x8-J?i&at?NnOD1 z4Jc8xcoX4a?{(9F(N7v4bSs%scKU_q_~UDTe~INa{+gnBw3!`c#@05p)Xun7QL_uL;~oyO3Cn)_r!dGhypegjj443ypA31_gV@02r|`-Im1wLK4! zHvK@L?EVP$%)M^rn)HWKMRhBwI(OA{*q|9pq3w>TrMwY=iD z4*hlPZLXl%(;1Qao#OR6 z6G6NQjSI>S)ClB8#x+OUN|`Mm6st(8`~ysDn>hf%Vo?Q4Qv*r(5Nrl`#J{Z#G}VT! zXG1AawSE1%vtkY7Z7m57n2)eCOSzAod^VVDu$tjM2iXQMmqivDt1x3;)b>%~l0Ue_)H1oAo_g@!S1-wmL+Tf%A6% zD_LzcV{V)OD_QAjLAAhSQW$S)-S}|u)X8Y*F9J8gFLky3|L&(Va2CC8>WGZIEtb%o zdCo4&eUjQ)L{&8){ znfx`I;eV#98T@~yD?R+b(p8hW6EIy#Dg2SH0-8Mk-_n&0jmV$rs_66oC0!w|nthO? zR4mXLef`%WIONYoZ~;^lDyba;IwkMgcjn1%@#kXZ*1GV@R# z-a(tG@1-9){H5A*?Tl5;lPDFvt~ETRFI3pgy2`7mlZaG;9Re%^`xJ@|-n9P6yxKon z`~o)JB@qgy?I5Dm43xCwe>E6lHv5v8ElF$uAz6-_LNEQb8{{{v#@j-x>RaF?=9uu6 z=Hy?3cc~4L_-p(Yy{*Tw4y`#39DGS^8mczqA@A#XJogbib&a-= zlWan-y~}thBCBAq#S{1!KK{P^aC7^K7u+SrXb?Fw;8=))8fDakI*!djLyDNkwu4Jc z_SLbW0JoT7U+z|`3!*~%r!^bknIk|BX=TW3qvaB zuo#4bEA4;BwyWzn_CAG-7rtZTDf{xvZrRy|9-C&*9uE+-C51!euJsw~p2t@UDXh!q z!$cXhRsiVD5Rx7U*XQh{f^HC3Vz`eJ6ecPy;0K?=)-%y=<%VPQCitoy}5aSG&n+&k2>|Vw$OF4Bb+v%|J;LiIsL<^4C{@~VI3+{RQRwkfp z@;HYR-<2zSULX;=4Mz;;#+3~Ci?rd~bs5W@sakt6liZLEaJAf!E!3dzN;$&XlP~Ow z`A|c!iGA)&pZWn}__G<8~ zKWEYJ*uVE6#f&zmtoO?!0-E%b=|C7idiQ}$*nk|wviTxp4}uGOQ>*6< z@$;S&IA1rjOu_20utZI_Ru)+@C|rkMZfmrLua(q16i>BX#BW(hkt@ye8YdM7;#wuAZfh$>D0BJ@jw%OhcxesF15$7J}=dI}10(|uk+>u6k2(rby0EK%>QA8M1 zx1Ty^)%@BIvyO2s{iCwokAE2K(x(22Rh6=T3pT)JV50&#vKI@JkNZa?x>&en0rO8J zTNla5INM|QO2Jv&ImrF#B7lz<3yWw%FXY4gLAmz;%*SVs0tXkWFZ=La(FyrMu1`n6 z0sX~DLMZ&WMoFd{w;cp9!8F<8-r(mPwc-c|F(dCuY6L#kT@IFYFTY-;$dA7n+O}^{ zHwx7xz;gs^I{9lJXCEt3f8sxQ!kf5l|FM8)Pc>}JGSN_3k*2G>>EDX{`j-@Q`==BG z`s=@>7-ygqGxz;niZS>@igCoAAwEqcNhX&h9^>qPug8jGBheJs==y2msg8~lCW)o| zWX{Nci|EG!UrGKrL|X-vVOoJQjH$h0FzFj{@;>J$u|bA#k~^&dFGi02`G0m}6|D7} zkw5Gmh{beBM*>n_Yj)iF25t&~km$eau@tcR#N!B-&v}+R%yF0d*&836vqk`I+w5fL z6a(tL52&X?D1*Qqi@s^}puOaJ`xSNS6gTK6I|hoGWy zNoKTKP>zgr%_$$gh`LRk1s)!QyG4VlEIWAZhdD3LY@c>|{EmU-H~<{r+a->OJ7mvr z!gc461Ft(Mdb=|{j$6S@yJmU_+r1};(8^;A|ly0_4`Zg0PVu4 zrByJ}ir42{lC-T+&h#_N#oEuk9)l3~<*dZ2MH_G?3J9$Xmwr=m`L|LQQO*aLi|06c z2g_9AB1w3FHAnz6ea~syK`P8M2<(gI$MzU}Xoz{(52&_PBKD+b7W%UMSyx$!w4gX) z(k{Gh(ROY~TGD(5RQRshWjHsyRm4JYH)^Igyk78dH?@kOToX-rRz;Amr-z573%3Wp z?d#MB&aTZO&LY$Y7OY%tV71hCuN&+_ON#hV!&MY2K^IxS@12D(F3mrglsB~^nv-h2 z4PGkFlWr+BeB)*#a}Ed zJ!b7z$sxfeKA#dNQ^sgMS5cu^;xvD^@X^y!={7PICo9$EBo_l$W=17YNLp{aIJxn= z;=(B|!?Qx(-@ZI7CAfZxA}uxp{$)HGAu&I6g`^GkRK#TYSf@klSv>%vJP zdMWSMED(V4`UhwDF5J4e;pWv#MsWSNSEDzpn8$>G1X@5EMKkZ*yZ3YqKvLCKMeB>` z`bCGv@^QOQVK2z$2ae`SvW2TD1$F}+tArmTBqA1xVa_rw9FBsOw0m+}JbKy(AJuL7 zodLa6zu*VosRP*$9wudsayH~wKj=oKx__;Z@_fWMow^^VieUD>i&pPp`@WOpwx1;A zM&dR=vx%&U*RsOV!nkDA$*|DH6o^bw)K{%{`*Ed>tzdOYpx0TfB@{#2glC5QR9y%~ zoW}s8A|RU)I2A_muO$agg^77+2d-<4FSzCLpw>)eMU1iPA#uPtD}gP{q;@OR>UupI z69WY8s`02JODmrU3oc~Gqee`&LVvF#Jd+iUnyFN)GX5AYU1cTLvfD8=lr!p%!l?b9 zlCClJ|19Z()ck)h>8g16yQHh``R|f0nLkRp;tt}m^``2QeP zgsGWLvGv#+vYhWYu4dnkeDE^k1HYeZCWGA=R=&pT*7Q9&E`0wW#V&w*g z-R1TeD+lttm%}g}!o`qkelmaGL8;d&`fTT_%q~B|b?YSR@+fCE>{5P(lI(z^%l%qk4<+B6t zv=S|yCDNTcm6~JppwOd#w2*xV9T0AxeG~7pP3f<17C$bQf`rcJn&TEgh~IahH_4jh zE{UgFUYuAEOMGeX1zG}8%8q`)?hnJfx$E~3Kl$?kGJ}%$86!sZE0y4?Vf#Mh`tVTY zN#><73vQoaR&)d@(Ie%O$FsT87QlG>Ti3h~!(&Rw8z>2MoCJ(^xHFA#7#myUiFsjz3DKO+ z3nmPZL*O}dC%{_A(4$uZ432r6Qfx@RCOX-5^tj4(lc^?5Uv7`PS17?vgp8+M9(FhC zLyBE}Jih$)y{5b`6iojrVgE5^pfvUEI@8cIu2;Db~E>Prb(o9XAB>*3Q`7 zK{dVR&FRA1Kwg6uy3(Lzb`>wo=hJDBJ3@QlhddH;0(OWg0L<-i1}tVlwB)311_n#hDob47&bSL%FlXUKk@^mQz_EsGdZ~SSyCV5_TtK#eD_cO-*Kqzg}HuQtI`|EhBwrO*|vw$72xDWq?+zs zX_BL`u&j>GpRzW#usEGb7ZB!`23!5AiQb&XLLNVan3r?LehebjVzbG?u3evNISFahHOl8ic+}Oe!E=_i){pyu z#GVB@2vg@YN4LRa7g0DkmD%cg==PHV0(-njX2a>oKn5i(r3WcS3~o!G=4XSe!n|3W zVgY-RZtNGk*TOIdC$qMq@d3sKX?SL%+!}cd^_8EIA?hnLnxAzy*y~^hlJJ<`7L= zNEMOxd8a}%52!89x|iun^6V*!fG(NUAY86EXY!yBbg4B9;Ab)JNDC;WO;v$ZEUH)G zFq)C`63+yCgwIik?b`v495&poA0Csf_*Lj3c$FSqKZL9CxLzM;dEmO5jP0xpG{wwE z=`g}+L%#K!B_w9>s$_45b@m@eF#crRH%)J@_>@Uu8CQ}a-W;+~W~NWrZpyIFa1`Ks6Td24Z$Fd||gyKyX$z6-8# zMJPM**x$WHZ@O*0VN->viB{@MqsM$*8RH2e;<811Dpb}vi?^!wQ8?niL58j42KCmEW#LX%)Lmw|qOYn!^hIiYs;*eg1VU^+5rH z69FW9GKW>aUs#H=S^{!8Wg(6+j?fc{`X3ywly0@x*M`K= z{(|A6-r(M`2?NiI>!nASEFz(a=67T41QVK?2YJn<&5<3hrR`XNuS6*<)2ww!sH*FA zmMtywYnB!)b+kT?RA>a}Rl2lkLP005apc%D(w-K{waU4$)g+Zsr-Z7~nP#aDq%s17 z6YvTT-K55|un)I6V2StAhB4xB2I2--b80y}Uq{bM4@IEInZd$GnnB!ytwQy*?&Iyh1z8*~jg-Tf>W0dg zbb0N&tlA;=SW{mqSr88HSYQFSLYw;XmizjN#0NZ|bP=&C$Ipzo>RV4^3!u~&wmG?W z?^x#`cS&mX{CSISb};(ZP61s0IWfRYUs@73+9koJB3{WRW?cK?cs(+&8#MacNJU5Vozw`}#dg(=5auHWN1+Z?p^yYQ0<24GX$fcBgldcX5 z*m74xs@C7Tyk_tUwAPmJxA-k3A55b5nWuq>DsUn;r(_O9h(38BNFb?xbb()VO5t>{ zQCeav_K0$tfnha`!SQ$UHnz}>pjXl`ZVzEU908VpI0iQFIJ#TMpc6{#jyRIsRmN!; zB|CKBoz*Ozq^M9v4~T&TC^l&bpZ8&urixDtrZVW1x#37^y;F>~Uy}San85eY)vs07 zhf(+#lg+c8!T1e*EKFxZw=-uKL%Xjwp}byWg#wR8*pwF!Hx?yOLW`P)gsI+- zOyB(XW&x}(+}7xCfE(Hz!1-y#D?mvu@f1LF7Gn3yH-AcGCiDD(rX%+av0h{d@gN)* zPIc&GS0r(nsYu((@v6%i;OM}!CjJrtc|o58SY1;+_EMHpat0V7f_eIVsO80VY$t*) z>bj6vfv}N}4x&I&(eT)clYdJi9-8spgE;E?z8X|C^})QDs)Km}^In^Q#{V%Cym(XV z2ZQor@b?GS&%VDT6NV)RnHQF0Q0X3UJJTNpAUk9D!f+p`KJ>i#<&@xpO`)N4St3Ng zeNJsM-*^}p)7~~HM6Daf>!FZ~j@T%I^OD*|z()yn^6e|>Zl?G4)EbaO@g>LU1> zTTD1IE~1Ns4?m3cWx;x^ti!fYdIw2`MC0lSnmJx`g3&fzEm2{uYf z+MaL)!PpcXkm1US!?E^ZUCmLh7dk&a1DTtZjce}O8%|0(^B8h-geP>Zt80+Q+ApIS zfA1L7W_Z>yh!Kd*Nux_9rRD{*A&d+BjZ@;sAqWCwIM zaxq3&TbD5C-J-7vj1#bWEKJ(FewETO-CPz51{?4?If3XJIyYm^h|~;61v)b_*`@7Z z1k$sQ)j?vLBeKtQP|s`8IaO$Q-XfEYTKL&Niy^ve_JsRfZ714=mw9^0B~6Ek&bz(Kp$Uw zA@ABP0fyuO6fEGLP?TU1frdyjHv_s~6Gy(4rv!|vo8sQhk1b%z>1As_5aN8$>syVW zANQeuJ-_4Ye*3YX-O_kHaOm}<(}w$kN;!Mbp$4fpmbXG1S(|HJDJ5eqzx;gP9T3lV zjC!@8;XmaS=lE7Ga@-+0;o1}?K_Rfrt4lA?;_H}6EQDOwexomW>8dW7Le!cR$&wjR zdDG0m}jG)}jVbVo0DZlHNK9BY-`9i|l=VmNB$V9zov$g3=x z7IM)os*AC6nT9HCrL7XRmcgAA_3;PXUOJ8Oq7;@d#t6`{!VqhlRymKclHip;tE&|C z)Dt1vttwa3ND`Jw#0LNv4jO}dc8tM}h5>D-Yinw6+TTmK7VUXwH{VJxyhIpG(?mEAHc|v>+^cc-al)N*t-Hf$x@-cy zS$!HW^cLm?e=R?!{+H4BFyJFN$*^I?AK63Kc8dR)lKlt;F+c@n?0DM z$Z&>b`vkfd_J=YGWPB;M-171Ams*XdD6dPteUgJ0O0pclbDQPVo0-?Mj+-PvS(cmd zReIuqy8`d~IDq1SCMCTwUVCXj_XsZ1vGFrB8|kN{yB#_D20caWj7*V~^4B<|n!!jBZDbn6UO}iGe2$ zvy-N>`l1L8o>KRATN9q&8_*ta_`WM)sd}6cD*tKCR(HUFoM{d@{vLhpaaOKa2*(8TN zktFwZf}(@1m<$HT1p=s1+*_ByU`h-GcJPdq;Hw>B5_1$cy!!|pb;s+-lXwe|C%YC(r#cL{otsFac%!Ms zY1cc{jzv+O>jtPj0DS!cJ6C(%l{z3vup@j!A4hlZZ6Rjj?)%)h@JQ z-psnZG|w6-mEXo;VKof_ZE>-Hd)JoZ2P+D4xal{u#jbo*&e}O84Hy+00+^j=w?qP3W3On(0Yu<3T$VRWYtQ(0(Dzs)u9~Jv zyHkLZjSb=(FG&Bke89Mt6E?t%cvp7{0EsE_5|#wb@axne{~Gv{@SUB7FtJJ?xy}LV znkmYu%7AU?ZHuhh;0oZ`m{t#1KIU=+bW{<&4f|aJD!)p4j$W=Fb9L^A>z8%tEb5xW zSfJy$-7M|)14ObQ3T}9i0WbrAr8hU?-LM?Mz1YLN>1L3#b-8qSuQ>jz6OWW1ZC}r@ zzlJ|Tr<%9+!Iz;r&x2Y`mN%oQet=3ppcNoz^tS3uTTXXcI+F!h)v_|;0+f+C?0Fr` zFWxqf&;gELJ92@a*)+Gz2?)ZRQ~!9o?`37w(UJ*JjAy@&5_8a*?NeF3%qS~8&VGBr zHOIv&-}gc;KmkB91=ZQCp7M;pouA&%U3Y}a*}PruSvTwhT;G)COiutcnBz>ZcB5WS zqkyXXnH<10?SnH%KVtHaH>dmgM;;})Z(}^Eto1wN&Eh(d*I8E`75jj*Bi%Zsi$s?NQXtNZ1% z#pCxTUar?`S8d2Yw{ajmG@gN}(CarTPVw=xN1Tt4?aQwpa|;dx+`jAe>lfM<*kHZ4 zLDQYry9H1`x%Bz(rSU?Qr1UF%n7w@<$5fi*2iG5QHNfyTbCtjojN#ek?<-hr{8Y=g zW|QG42opYi+ssr#px~~g{lpqkT@w%RJc3{;%ZOZ@_P4O$x^Ts}EIdmv-M}uSgN^&8 zB+M`(NDJQ5AiFUo=JD3Cw+RTky7ppmc(Xdcn|st&l0!_x-hcdB^tg%j=6dMy7PsDM zkka4&Qg*e-%`#VD1i*ftrwoRG%kDd;j7Zp=kZe->6_|X|nC5cwn=G=Z0t|=0s@(-G zc&GwtMPS{5pT!;1-P)s`k4HbljP%5xp@VR01pXGr1670|6>CvyECUU5?g;}cP~;ki z5S8U4S3c<_Ypq@Xmvom44AxUVv^3mw?qxgK^5N)(AonlT0sHRA632CT3A`RuFa0a~ zUI~8M@v+w(Ez6P%UU#q?hfgoS{~&H}q|#5jxR=8mxd^`8`boBq>R7=xJ0${|ti9>! zIJNUWQF|f30^*&padT$a26{kM?Nb|SLeasPg8leFaPRIO6gb1ku|`bT$TVxBXG#Uq zxAaplf0#2Dgex@?5^8Bf_?91&3Tp?we&ykDM{O`pAlh5yzOr}USS~5!gq4z-9iBtw zA2UmOy3wWz9U|pLe?51Ei@otOa;gAmiVju-q_aSK5hdf zzXqjm(%R>Vz{s$E+0jyGo|9Xvx}5GXC5nK&-zzZ>q@ z?l~}%{vBmk>Nuhlw5nXJY=YTlhf>=n;6S!j^!~(;CBWc7a}9&9AgQnk6T%Z7nu`Kb z+k!U9+DaMSHiDuBEBU%)NDO3FcEi9M1M5pwn~0EYRozOF6sIqG(wQ-M5V$LvdJYB{ z6HVSRujodc)<%@m?>TjqsxynQz5D71rG#pRi%hFwL(uZv?aDyv^iU6{NJ5I5AhzV7 z8o!Qq?BBwGw>xnhAV>)l)LP#b`?0Y#gJ4^CyhV9vzTsr^>(M+%9%)Pm0%=PT&W?? zIXN}P-K{SlztEJCe-aD1ep!ja8GD6uWXRXh>U))*T5#@K##!tqq(7YdO(0bUX);cw zEDy^d*V7-**d{H1W{O+$p{9a<2cujHcH~J<9fDUoEaE0fV~-PHrs9>f3@Eq)+}t^} zm_0`&#JlbT+El!b>&!*>S()caFSm-GkHXuL1f4wN&WZ4rH(Gi;ITn8{xN@tv@fD zJ$exv;Jlr`xpzwT={HfPRv@Wh0Dh`@U3|SIg6QIW@-a7Vwq4Y%_BL{EUba2I@MSJg z`xq@*NPFd(o_eQY@mqO^lpFW8Y9Czd2+)=^0{Cdu%?@}L6N>~mJ$)uC0;jkJ?^u`b zo)cR;$EORDb{<<0Z+dQj?XHW$TU}mad9g`=xb9Gp`;c_#<>WT_GR|?~`JTn-(dvIN zjaEHS^3ZZwyP~g^Iml>bMM)l}v6;hZKBsAgU7Pxt38>{T|N7b(l!IJJ>knfRgzB4> zT=~eIUD)hQ?Tnte^>{Qtg_D@io0*rD8oD!uvnNkB57weYSu|w((4oh~oAT1JF1ZRg zcbvZhhz$|EtiK-mFt{YRZEe#t{ubZ8Qz|1ED+me;fE$HW#}H#QV;imD9P7{12+_!~ zurRP4b1f}Vd<*X%^S$YaCHVF8^<3&+$IAoI7#o`h807&kwK`2W^i%dwTfo>#z(O&n z*0dRXDHk)+xRp>lj#Sp(8v$qygZ%P;yT6+Pj*ITp04=exT|clT+Za-JgYxbJ)*id- zKJ84j*&A*<+n82u(p1h$98;K%tZRmiW{=#5%}m#)6f7bZ4@7PWY;f zapjItdUA&mq5u;7Jh_ijOve;hx-Btk0D)|YQp{OlVYoEh-BdrVqZH|vGw7d4Grae$ zU|=*J9@mR8oP8g_)$6rzczQ2)iR-%jemWxd+u$mGfD1I+;L^V2u7!f{>kRfgsMFpe zU`HZ-QpRbK!_O3;&by-3X|jF6|m_a~xI`nha8(Mt?9< z{Vu-cpM)(-1i9xva>1TE08U|diUicm0m}1dwgG47eNN<{yp)+_Hbu`9 z{N5@fa*;F)7j=`C9VYiMawr$(Ct(n+%GO?41ZCexDp4hf+ z+s||Ie&?$?b$)jL=<4dOuDyF*YpweqyAU%ZNKM!9K=`{z89%2$Aa-w9A@yj{a?|~B z%2fq>k42XKi$MwYT@>naaa5u?Leh2Qz|Vz0?X=;v%S&2yuR|gBluWF&`3bg}VWK?5 zT+wKn;Z#ev(j0m2%z|yLoWytesJP|BV|COR_7)AT(zy!0^|Hip%ZcpROTsJaMy8-S zN?|HcXDT!-$49{P|GCMWpybcqR`0rF;4c;Hd;gbG5M=uCc};eRcx6!f(T?in_>E%L zsIj^4@RG9~%ZIa$rA~KB)aKgK#i~)|8em<_bMmM40??~Ks4RI7XwQ`b#G|b_1JcUI zezm$np(lo=XnF38fEK8`zZN&w!R)Gn`xZ-Sk8ix#)#^DuRw*>~)~V6~)ZmqlP|wN9 z^WVPwy|%uRzh3&b-vJI36m-IPifmjQo|d78%dkGguts>LX4avgMJ?3C5nin84_|hr&aF~4tzp^*A^%fCQbU=KjE!#0jz5_o$+f_$3O%r`(E?Y05a*>{V z8YbioXno!nb)8|5TG4ZX)2j#v+66tVa^=7kds(3Stj-Rwrr31U|G28uRQSSdU1neP z^Xu&m5^Zi~hDLLhewu7^M8e7V-yq7*vl?tT#hzkPN90|SohtVj_#AnokioR7H>ua> zQVJ8(>AAl#N|gSlj%>@Moc`H;uZe>;+kTX>?}Y@)5os0R#5AjFiB|k(d*Zp-Q;baA zaaC(pzdjq7(}%9DPK_&-@=Pfo%@Z?dL>*zGH3e=tx}G9IRxJKih)z5mdZX(qT|M}p zhZgV=c!QU+!YNw=n->(${oS9RmrsDSwwy(Wi*vfeTw`M2@&*aq0|6mB@jf}m;EspRB_5U( z$nX;01SnBodX8p8j><&#jOR?oSU9 zX^R~J=-wzifRmZEK?PB**9x5}OoSE+@jhwSBkzQ73R=X8Xkx)%=8diYySng*A`Pp}lzB)0|=5$Q}fPEh-W3z@(kS?@GxGdrLd=5{>$r3pFi zmNR8^F&nKUcTlLJ6|moYf!02NYF1m6#LU@*+@(KDFd9(Ab7^0%SPn45opl~IJgJ8DJm5y>6n;S~J@X&Dtk@GHP zKK&0Wqw*05MW(frI3e>4oKl==*H2m@jdtag9auI1=P4Ip! zfW$U$^tQJ)Uu!UsZ(9@pt%!suZA`wVd1&dBXK2p1rj@&1_`Lj7LxW6nT3eJ4{M_>u zy=rfF>aIk=&)mAQ8(8-)liWg}I=YGq4tjT) z5B`-BYY-FE!*+asL*sLqF?K|eXI_x}!_W#||I(ue&)QG+GdC(Pu`bnRJVamkTcyW8OIo9xvdN$YhZER`Q0A5}J6n93I4=O5Sg`F6OKeyoeT|Td|jKZ~@zQ`pV zQ->G|_6q#O#Vzx;0bX)>9Szp7TvmSd&i%cVABrQH4@xi^qdeDEk)z%C%gIj?u}2bS z#E=yuN87k5{&+XFf8;YPl^p|^tX=S@hd2Ke!2&}4wwa&*m6mi4Sw{YW2OJIv5Wqo) zW+0!fHU|XZUCmxQ%Pv#+z-f!h$fYmH&Z?m?GWlX-VfPjr8dp7K59O)wnK>6s(ND%h zWb`h6fgy~p+>V)D&=Jbv*y#G!j+7%9yMJMXhL%kM8Fm2ft*vR1z&hu;X<%LAZ>8s6 zi48}y<9=tyFt8z1v4h31s?}NUW{flo%kMhX_+T{*G25N^$Bou7Ngo@vYNn*CGb znCJ0Yc%n?^&~{hoL3%08$!pH$L$H`Lo_b3S?b8n03&+|ly@?5`wpN8mJ~hGO&4lY~ z7>+mZ=bQO0&Aelr zsWXl9z;T>=jI?j2^il{^SogoVa`CnS_+ywMe%yFRfM&KG`$|i0XU}JBUt#35PkBIx z`oDi>w!s3XmoUO2pq#fpWw7C_j2iv25|BXU_(_ zZ0)ZcwsQ$t93*HnLLF{hEQ)YI!Uq|_pS4gEyr$Mg$38wMd@zSq794XE0Tv{h4EDc5 z$Ig5+GX1Wv48j0X3%{_Vw*={B)yFhez`yrWIp|+IVMI3X-`Z6g01kYw?goB6Xm*Go z{s|UyBI+_IK%cMC10w2*EAjd9D3%*@`ycH`U~R*bQ@lI=?k}GMeNtTJE`NlewI)MH zJXTcX*sF$6*32g$%%QsYTBD0-KT^hU*>3|aThH|Ztv|YxEtdteJ2QF}3&6fr*Uz=& z%Ez<}pr^mTJ6{UWGY4qJF_aHfib4!fcwR)R&>o*AeHoHsikvfwNS!c8bo2{c#FV?R z0Olyw7mplF9oElD=_?SS05KlfVnYuZOceGx5enNlATU|n(mdoRmG;w$x?0rhp&NL9 zk0iOVpGW`M6+@F?duT+v8H&P8+sWq?i2h$)9TVsaL*L3bX*tzBo3G_uTTYJs#t;T+ zjxCoXOK;3etE-o_uvZ!bk?K-lxQb~y1k~Jr!Md=t0yp=Pj>6m4)}QCOwKa)KHlBY3 zPYR;Ps5Sm_`ZtWx&{}oN1$Gpj&jsnk9!*Kx6BB~NJCie?OEaH^YxuV!5Wx;vKEKB- zan6_kxu17#)N2`6Q>eF99^DY&v<1J<0xqJZyV;m3^utQW#VT`Z?WKy%rIt@n-KhHp z*!__Qul)`)fE>YN0E-0W2{$2kBUDlnAB8VLPX+vzyoqBQXYHD_t2+|oN42HoKLm)} zC%RdDiNmH98%f|>wPj^d_hr$FlJG>>ZZn`Q=JO3Te7Whjg#x$kO``<%patGs`(!55 ztXG`1%otCSJg4+rkPfPcc6CW!`|3-_%(9!#;>(0k2|wg?PBXCZ8{mORBJ{c}?^x60h;l6W#0HWAz51kiRgibRUXJ#L>>G zm+JG{7dwDi1J77;Fkd$Wwp35Oot>Q*pG0&tbiKd{HV7UxS~5niossSxfsR`$!LKq( z7Dh|IIKbz^Y$ufYBP>~kKJNjv=Q_f(HyKsHS1z5{0Hea@e5!w0*^ z>iwPt6&WBqv0dSPK#=1}B3_W|;V7v|q)$vRV_;vXzIXt;q-2~9M6pniIU^popfL4-`BzaI)7cE!Io3dW6tsvb12zdV zPOEf!pr8sUf8Hono!kD#iGCR&h&44#huBlF4f^7Yk>kM*_ulR4qc~T8P9RFbL9bfe zh{;ISuFfO8*OVUdlgIu*(t^oH-`SY+7jgER)Epo8JkK%S;Q5U<77zPlk@JSb>AOxt>+;teC3U|sicmd#U;3+ zuE0^5?ccfJLlBv(Eq7gWY9$?Laa|M#)`Kz35XJym2!Ql$ZUcCRPP;B>L1eY80PMZH z65)Xxw*}l7ZB4rd^96HE_&*6`84E}2_bI*w8>m?Ca`9smOU}RCU#fEH+Eo-r50+{a zgyiTeJlCXgzIgnp_s?F_(Pdq-Op|| zof#o8xusBfFqdRP-~oEDaye_p>rHveN&&k3FC9xs-{aB*DLlwrJKvT^2N97jr zsYFBj-h61ps1*2jA?(0GOjk>FQuJTnV6lKJoY(m|(8b?@DGh+u4e{RVKYKxNdF=rH zwX=41^%;1@@FeFv{teY1PIgw2El1~m3mKa-8$wvWsQ7;)97M$bpiiO@@P5h#Gscj? zC)@pHrWx4z4U{s!&uSDn!;EZwF4V|=z1=)B18%$kH@)hGKxW#7c4{Fe=gV)e$MrWU zQn8)_vh-+meD?Z+FeTmfuG|@X1D|t6WSgg%t7kv&P8OFUkyC|strwJ!F#;uQ1{Bs_ zsKA`Fl>R|kt7x#~RhAS9m(?>}&pXRy2c$nTC+%1rL9e|AJbtY!fy330tTsN54i0}D zr7I5R76bi5K*0RZ&Z&7Kq0$9J^zwsDp?XKcu(z3>v&(#sI_3-jXT!QxWC+|E)ZwtN zJtVaoMc4}4I&-70Qmwelr>NkpLFj-D1L08kLYhk)EFo!7JQc$}|7S+LPxoQ>@{5#T z%cJ>S81IbdTd##1DT50-ytj zSx`lCM0lso3@BC3k98kecb>hhK3$J^Q) zPL&dtF#ZoT&FagW5ewVX5S1c?<13??=2VfP+yOAO%TMgWyvN5MA>X3l%KmV6NsC z@$41jurW7<4!GhY+THO0^9K^Ce|4gHfzGxjoiOE#?VZe7dW)@`-Fn@gvYh|1z5;SF z#pd>U&E>*hJgIa6y}dtv@W}vsgRZ}Kt`v~Zy@K6wgKu-lp>LZpC%zrSwMr*^8JrOo z!ucc2*L}g=`#<>jcm=E`EcWZLV#S1s`SZRM2x6=JC$@pXTu_$mT#_pyZtPLuF4#dP zN+y42)Vfr#p@PcL_~ydO(562z*Uvn_3&nF1z?L(i22#laT{#oT=kwrm>X1TI=p*@s+D=tUef>l96Rk6Svt=+SYC!T} zf8QAS6=fUSR}4xLR=HB*$@RN6gf$2Wj5+`!hM|=}9IMaCaYBl7s>OQqkN}noDKF&H z4fYs@a?tDfVgcdeg>rpr7BnnlNJ2^xni~8w9EsP9?V5nNiUgD zbrsEvyEXkn3M433_f*MxrvDC7?;-=~ZnY;r#>}Ng&Oso4Ce<1-U<`+RYWzyGiwv(@5;zB++kgx+2k8F7Kgh^Zg5S&!gJ%#D`3nu z{VK)}8??4$88O&x7I0-dI#LJF4&2H7r+OCvI}ufjN#Bnt^;58)MZ`K@5YNgRtvtj5 z#28-woI*Oz!=KKIhtOS4pqvvzZu<|+g0xb%+tVbDLmu3tL2m~M&7QJhJXAdaRJ2-1ZinlJlnkoF1O*?n$( zIn?E3eb0UeQ$wjF?}m1`e!tk&y%YhO+RUN3cwfC4c-w>xRK0n52V+itfJ6R#0*NlSZXGlV^#q?R?E)v<5!adX zXW(J-yO>jyN}#Vedmmpfy#qVRsk<0~@OyKm3iyy!;u=Rnn|{DAN}+8>Hv?(KqWjOk z9!c3asZaMOujxu@m8HA_8mO|?Er(HI90sVB-q|b>8c#TC@Y-Y1M~aJCWq+!lUq@v+N78-BU@;GFy_4Peb+nX*5&gn^=DD=@^Ec;d5Ym%FJ%dv- z=2SMJy#9;sA$k}}%*;n?oowax_9RRe+-GWfWvzMUcWn^%CVoQ>Oljbb-^cq&D-&Yx zS87f>%hj(iy&?)+r~I)TI+>s7(4dN=aWH?NbW_kZTY^pLN=l*4h9@$FcEN(MOo|h| zWS(KFs=B4*n=<|EooK`#0sl*A^Vw%4+*KKs7 zIPbHNt8>8AE~dzBL7^#`JCRZ%I7AzJBxzzr#0Qp~=u{ErFAToKtW0M@NYSl}4)#dL z#czDwZkO6EC&fy>XVx}jld5`bYpB7ft?cOrYqVJO%**7*Zykzei>{mlVLEpUqVX>N zZW!J#%0%(vJ<@S=XKSlGoN|wPdY6mw*?oT?6->4k^q+2&1vTYXG(UF^%X`KKsRABB zudZBpSdJnQ^&0H_3El|&-fE8epz?0G&uYe~VEUZutV}`_o+mN-*sjM@jSv5D<+GV+ zRX1UQTrL7jCr*`AEFpX@oBF$sxXUyvQLLoLp!x=%Ih2wvRN=!ewil>`KlT7b;X>fn zXDqpemK9=hgJV^6LH}G2jkJglR;-iUW!;34M66au&|Qr}<{gF@8cozjMXg&V5*?&)9=d#vb#>@ad0VX2x6 zeuA88(d+fpgmw3Fp3Q(3UF8|U_L<{Xo+uo_>M8VPrIX;TM1V2w~L*AvN zds*%|^ineF=dJcUBu@d`Gj+e20{+GIMes5&0?KfL|7)tU%#oh(*#WXRUYE-FQ2jHv zHkT|8a@^uq;_RIbIk!Cr+~XTyB@$bkdz{##yv5yRO18DjgYtt{Hy5^#wm{U9-UbcQ_%AkZ_CUh?ka9);q@?zd4m0L8Zq#h=XY~8#I-y zs^^W;H&%d*x)x`B8baAcUqe7EHPmF8L<~9PLnsTi7B3v{GBbRQ`A`aZVT3O6-&mP#3#&4HO%Hk_2neB#s+HzVATr=z^i z4mmO58+Hgh?O6Vqt>{z5OHzORwU#9wf|;=VL7Qd<_y{+4r%~*#EV2P?ELaL8JO%|z zPDG)eudF`S2$ZD5Gow*{cAxacIs%ycoHdDA@X~8^)7eeyVqR~d(HceuCCNP2-=%E{ zyr9B?S3b+lwx2USH~zES0Uar@jTU-7n#M2g?39e~3UhPzV@5!3ucvu($;ay4w!B?; z@NvM{*^iZFyP!H*mEdRd-~dz&c9*-l(b5*iBML}ftrVX<)k}YyHUEoI=H~aZ8(?ee zhR%n7P4Qx;zlq)QSHF4;uD$-)ISnX<`~6q^T%wQN|LT7MyFxr03|mJE>$Oaw~~sP{S_ zs>y1zLfF{G@1sG^_5F*H-x&@Cp!IrU#kOCa{QEniH;T&X1|6%$) z=77$~Isa8G&O-SEmqgoUDZWB$Ng!hkv#x*Jizq{E$!>c`iBwfoEKcK+B6{qp-=sZ^ zK1+dYe?7ql&Y%&UsGrL1LJK>4lUGJn4uRh8I~pJ5+S*FB-&%)kytVCK%kMSZ9I|w7 zx0d*xMkgllLru;Q)w+YBn)x7=O0*MBhfsx_O{E5;NnVm@{a4ykalwbQ7hIejH3vz^zh(uB_h8bvamjCr|ifI@89c|gZ#gU zSH@01ZNX3Cx0*+3e;0M6!Vf%mw3<(lZeh3;rO2KE8u0pBOPk0M)apgqvHC_WVMNC% zcz)sMCC4H15Zvk93lMxNg+=!iX?7n34R@y+@&ND&(TWURQ6&yA%V{UP91lc((7KoX zw%BcYKlE583?4&d;gVZEf$jcDR&u9mFdf;GbN5_2{KMOCq$!vKl)QJsKIa`H8Zr>v>0leKLneRJo&x#osPHF9g^>+D8gb8pXkm3>KP7S>*NV?LM1vT2Z{tq z{$O1HFYIQW&x%z14a%epC9z2yyp4{uXzw$@#0xiW+QaXf2R{^3@bBTAC+jJe`8bPF zy*V_I`3?4*sxp$|s3YIrIv5a)k#aUZ(%ugIGY`eDI8!%z3pOW-6jh|;QQ%fiw>V%Y zCnxAzlFUq$jx{mxra~L;+aXPoC)KXam{{Rfp2Y5<=yPu5K;#9`zRdNdXjN1EedV?$Q87f=D^48)oc=lz~-WT_%^#3GC8YsWXjp=jpGiXC#fyG4hsT$d4?jmqts~#p*TEzSpAvbC?iuX$-6~^d?X=EpziS%8wa2Me` z$AA7e-;aBE%mnu_H4w9+mou~kF%KqDaI&QV15DIXQM-rnhwd?3(PZTprk(qddo=Ah zA^Dr`6rQu*D|m)-p?_n%5aXx*TsS~0ix)$00-zm53H4TpM6aA`y2a{Sal@N0i_|}S z7hMXyk$+m7TN!Y1lCtazh%);S@dt*;0pah@ugSTC=w>-|tz!l;)3^oe`j)nGP~lOE zIIsIrCFDi=X(?%Dcffvk7B;bOooq+(7`VE2MR-~DpB+OI5LdNH2-BXQf((y2y8Zl< z09H~k;t+9sW-4{S)uPze#&5%R6d(H$gh}))jxG)O0+rHXGwh*fnh`fKQmvTLU4zff zPQSl%{$T4jOrksvBqHAzx_R#4ixU9YT=#hi<*_)(ocqJC_hKi^$ezEZ%)g7}#=OmL zb4*Nbq;H8Fp-2A|q{=DQiLoX4T6{nC)GUE*6w2hKaVv>F&MJupym-NU^yYl!TrtG~ zc8~yYsWW}R+Bhf%sNL;;IOFeO*P0Ag<%XVNgN0zSM+f9gRXU_U$ds6+s8-%JUv$bS>G6op8 z@Hp>2afUxd(V*?lNf78q&9uEF@Sb~UU(=w4p3%Wq*11Aj8re$QSg8+F@EU*7x!7x} zz{~UHSn6-|r?+HqXMAS`9OX#M{c4g6<+_0rO@J~(pwq0}y8opc5g+hHI&v5Ihq=D& zC#um!IkamXC)^kp+*mP@L4%6)^A91%qCuqjhc z0i?UO`F3>G?HYJpr8)J6VNO2&c$dNUH)1wsCF80A9LD5zfKB$icT#=SrryGkt17nu zzwKP_z0IGknTc({G5Ect^=lb1mU57H>lfGSqtT!ho2`+zye>rQrSI2w<^TNbeewA% z^5z|U8e9OKpMZG=R|Yy8y*>PXlV&`hd9YL&p5VHo-&cJ}dcFY|xBc{IkHh9N|9dVpv^P>$np0#;-Lw z=&m~k86}jAW!x(=&h2|oPoJp_YSmNo}JS z-KoQs%CZTk{pCA81P9Bv_!lE@Q#2JntLV*76OHS?3`kL-`B&EGbnBwgOD88-P$?= zHu_$J?rcvRO4W#mSU&!K{d!yifcD^t1=X9^-&eQG7+}U^Z*L0lEL8-Y;ftazz|2lr8Wt`eISW0fC`LMTky@wvHvhqdavJ%2t z&u})vb)V?{M~pqzRD4R4>J<|qDCBFsE|80hlBmYu@@k5vM%BfdsvqTQO78guZE{)U z`U~zriJxuv+;M!&YKCp2A-^9FR)3`*Ic$b^MKL^Lmydk}fYE&(pMW#e)VQJGnLM!k z)5(Pnu`5i+q2q%&S^*E&A=c7phi^VT>m8p?afE@Pu*n;# z##-tNQH*=hnBS@AVZBch59>f3732oQ9z$<=PWb@q4nC!xpHnr%;Z`fXiP=-LBgerD z1+8Pg$pWc-tGts89U4TA#J*8`9c8t#I1$%w(mxN6(tA2zk4DJkS}dn7d={qo!KK%I zxv8+wW(uLwE}^y&d9xP1CmS7zfI4apoA_3>pJDiCvhbu_@YS*P_xWLduKDgHIY>r! z?7xkwbb)tT6j2oHlqY^PaY-<+sAH<_^H6i2mBQ;7uQhCPbGj5(ofUQ6Fb|U#JYGPG z4rKI{Dn??=A~;IiD>I%un=A`k0lIBN^jEV3NAtUbnFBrsj8M5otC`q`?2}>%xGyaZ zfEM-C92d{|0Tdi}NAN`yC5zW2x#8KQvLEvRW`2t4P^p6L5eE@|8QBz5Gn_5@T}@@e4F%=SAhc6W=(bNZt$9$q{`Iu7?n8}B=IL6X2qkPJD;f@#@ATH ze%f5H&bDr5A5lJOc&WAkA@wz&3~=Uagb4WL^bL&tK1-kUL%XwAX`8cs7kydXA60sU zM7hTOskd%?wuP4Vf#_j@XzKaIh{_pX{x8HhK;W+7OZ^VeH|4|MZp-1u-y~?#X5L}# zzR2@WTw}s&Fmb2xGO7=WmrmAAtz1e2J+L<9zV}h}8Tg~y_46bpS=8pQ(ginByOUr~ zE(lQ^UBk$`WBJeHV&KVl6fMNca%ACN{X5aq+uGZh6Ag5$Yy2;z_zCbn(Q&)#+wNDN zvNR4{w4vu;4sP_1yh(P*+PEO_GsRFGh^>Ap>wt?G%_f% z-`fq7CzRLVU?bN4;M-q5wsrG7^EI9N#b!o1F?WBBJjOz`@zJO!m*H1zy_DFIy z%)}U`_+)YkE(9C2iGV+O5at=Ywqx$g^{5ALFO`SHJe;n~?BXeEl|eTbwYmUcK$v=1 zvCzb-^||#~wdGP|JW?49gsuz^k1LdpB>1l6L!7pxQGtia94UJmDa!~L{-|!e zya%+T7O~8I?FpVU?SE^@T)z&Ve%_&uVe(x05PKpd~nulNaf}}<0x%%xlVTM zWcK58NPF(7%wTeHqIiU?BihDtPC8uKkh+*wC2a&Kc&#IaGE)Moh8KkzCp`gbtA9TE zgmq9fDS=OJi7);i8{bQ29v#iaClVdf{T)t_ckwmmigkZ&*Q5-v{Yy!)C(M+l8@Q!7 z1l-=((OLKoD*3?G|H*gYelcJ&QaU~N(4It+YWBQ9|M0+2@B$Zrw^J=0e!!XV8Bk; z9Jvv9UR@3Kn1u<(l1~Fx08>0LhvPpd`0i~0ZDrn%D|_$S|K(H~%Nq$3!-r>XL;J+o z-x1>An2XTX*I@Ka{b1PVow86aCy8`4FDfQfydq)GX9BlFQ5*1=#apP=7#}oVt}8kw z!l`#QkRVj{;S_8Lv}W!je=0=P;c1s;BJZGBuJ-fjpvqnT&?AILieU4T&W#PC4K?nB z_@8P-Z@pX3?pIgKZYKL4>p(1MlxAQ^l2TIW`{ycLxw%@+X zd7dWgr;dXDAb+8sub_}Yn2hIaWv{#G|CF$pYaHaykm(9vF&s7oc(=QajVyT}qJx0E zre~ou5#%b0z07}{B6^Dd@!zmzd)zY#RANA(;B*z^3}sleZ_3Nd$?JP}0UdN=4qO@s z`1uTn>SJ@ni@Tf}#QGI&0U0i5d++;BD}sQdd2`J>a{&Q2@61{ATNaD2Ed*QgdpkW3 zpa6-N3I`xk1z-!N+Yqz9{)@<210}Q)9XHFb&W1^zqxO>Qwb#J*vyh$Kt z5~VN~i_8nXGl&)QpE#8fo)~BnkUp*Sstn}qb@uy)jQoJrm`lqk&MaOh-k#i3hn0xO z`k1ZxP|^fwbl_-n-@Ow8q@@&zdwpRFe{2p52Ho*ep_R>G(a~~-a=z8zTr|1J3Mpu# zTYFOH{PoYyzqch~(>*Ll1+)tK;o|VtWFyg?LfL?;x8J*oOY=zZmDEXP#fgdRsob*N5h*AE7@o}7S8TIwH9cr z)Z7%w6s1i7iB@#WZIAjWD`uZ-iM{B*Ct+*1<1rim`Ocu+h@Q@1*(W_gK2(;5k~1u~ zM)9>cLeg$xPWtGHm`)D(c4Q1whbP{oJ*Gb8Cou=*(1zHWsN8DporSk>5>7SA&oMzf+IDVrx-loCtcA@+CYfzA~@KMm3Bq`L05hvlZ#C zd|Gc@WEPiU8e96Vjvqk)$B#}x-gAd{n%GI_4S?Md(DXv}qBIbcdvR@Weffw8wWH_O zyRqf!=H~VsmNp=C_0+-FnZ~!%-YxgiFRmixI5DJN82-~pMWv~AU#Ww;-G^YXR2bE8 zBRM8uZGKp8&}9tVa1SHmm1)T1OJ6!E>MoH{O8N?}U^7F$kzIE1*PBPgMrzW6*Qu5V zNkL^S7GyvtNsVS9w0zYEiW>v-6Kd^E%LPetm<9?3n>5bv#$aqmh`$mR4L!knSUlc@ zImoZyNiUV4r=uw7sbORkKb|M1+vM^nbyTK9BDlJ7ErW)iocdAmei3OX8tiz>IbAbs zV)2+F2Gf3r{mP)(d~TCs-z!-;`up!&+~g~(=mCc1w6aR`heLL}TC>RmZpTm|Zj%wB zLt^)^tsrUK4op5!eWS$=lWV2^9VIxNAD@*spwlOWIjUm2Trjd5DWC8c@SYZrze?=hWjGpCa z!GZ2gYh>x&NUBw?eAg%6K(_u_!!P)L6iv|mDdOr;RkhMyL*$U#JZ1uiSR}oHA8l+&{q*?ap@%1!E(op;gxmEr3Vn%F; zme+I9^_z;iyb_(HY|zb!$9;5zx#66tDPqd9^jkNk4yZ_M+VzB#3O1CG#!0H^Mb?-6 zoHr(RzpSp%hU|nqQ3-Wr2muM}js~e@x1jJ~VAU5#SIqA;84@rBA8@@Hf=VK};T!B@ zN)`-0X}F~wh}F)}hrW{SNTA@lk>g&v!5VyHin;5Q*OFy8VQ2v76=?&e-f5 zB>*GC#FRayrz!S-Wi+m!@y6YK!X>?wD;;bf1O;b$d?{7F8V$f=v3K`aX8tLFS#Rcq zNY=DxXo+OIWDst}c1NoY0h%KmgA|=M7c9`7u8+jX%y%LIVSz%JSf``%5ngxq^DD8R z?%t2C{{miL$D^DDFPgw1vBH0D3sA}R!}!b-9jj+#RRNVaPwGMY_3>t8(7_QJ=b>#@ zA%#c3PBEK~OXnz;CC==inZBz{`2)5VZQ=HMwY*s}*Gn8XP=mfVSpO0LZ%2z3 z&8{y278R&5NrR){UL$KM(qX+1IYOizWS;cJ-{n$d`W5w3W#zs8-T9>UxJq$dKh_Y& z+}&gTwV<1E6sz*-d(2!G%4sf(l&NixS{rihbUR82$pvs;Rg_4^n7)$B#WspU00+uM zPZrR%kTm_cl-x!q)67>;5XsuLW|3+;LMIyi;)?|P$kjA(o!b8U0m9nP za^A6l3li5MlZg8Xgcv=W4bfwUiat~xyBStG<|>pRs(Eu6>7ncoy*v}w^>Kb^xnnp0 zxRYzm#^7=OLR8QCtwt(D`542THcL22t^p%EyxF?OlJ;E?k_Zz?Ds&KYfwWb3DR#>^ z7B?zdJ3lUZz`g%6CaLISSJM1Z$7JaO`h_f6eJqQhTCQcttV zOV}K9%}~2q7-<((LJZ;~8!0rMEsNWnD3=aNQ7~_#w-sk(tljt9e2(ImTXj~1MhM-u z1P9MAuU#zLfwRW8D`a17wM3GD@Z*B?GwZA8Bf!BgX?UC!ZY*V7uUU5RZdpG~& z!STS*gr~ZrZN%1(_tWyo!PJELK4L@DS56|kqwU^X_BfMo2${uV|3LG&TlmPi`La1S zrqx9Kt58S1KD-%6XCu()UaJJy>BKq_%I)&Gdp})@YLo|Un-8?#E6FIuhZ4&YN>IzF zlkV!%Y)`ld4nnb_fhUZ{pAQ`HfhDp)BhZdCFtXio~?`1F}`c@di83ln$zzw3enRJv8Sj1#S-`SR*%cn$L|j`Sc&$ z$O|cMGsEGFgXDHVrwuL|PRyS*kFq6RcZ}`@*}D$-;di#1)rnnLO?CLgz&NK6N0-BV z6?_1Bme3Cbx*;2AF)+Gwp6V4ibtrh_@h?S8kd?p@vbY5=%!?Q}S!Qldx90S7)vnR( zr<@UjQBqO(Jmz&nbV5*@!mRQbXc`Wb19z$i$M+HsEv_wh`I_%a7btLE;=`DD8T*?iEcL%#bKiArY%T)zX)a z?#u7z`=KZ`47QxAggGVcs2b{?Ho>Uj8a|5O?Y%L7ka#B(7DbhrE|H>`V}`i*t>_yh zBM{-|oArTnQ1j)Dnljoo2?IO`-a<^*op+3XP){qCdDvq8u25v8aRoJ# zUzNR?pl1}X>cp((6Gm#sm?tjdi{|{mN$9;JC1A-73sgIaTT2QHJrg{mnjD0-b3+vp z@ehJ#!YB1(3)D%t?KYEQGMHD2B^7oPhlR}j=`@X^_P%7BT1`9hcd2Pft3@6b&hRdR0`qy<98eAbB-ab-1EwV%Pb^@65Zo+w47f{B_@ z_1L&Gq7J8CW%E3H$1(4~w}z@OVXkwDN~O9&2c0ceGiG3mYnbqsMx?+vLQr z7#0S1Frs~(#`>cgo3)63kBDpMo8sp4pTbo{%+t6vh~VhYfsw3(>q>9!Gpd?8ZK#p<7IFt0aNcO=H)`B?k%Cxa1A)@Q^ z>sccZp9G%veA`gkgugm>af!PY?=()e#_uAj2Uv~5{KI#jWUEkR`Dj*fNZQI_fOdm? zCxn83*At8f_J-OEpytaIi_W5cQ)#jU|JNrs*twVK|D23XYs1;{-KTF1&q`P@c0U+J zS_px7YjB;87ibz+AF|RpDv+rd*DsT+gMFXNFPvF5@_HvM#{jN{5ytRzl{JJ`dq-+R zihsj(T9F-=W+Yv#n~A_gnkm=__%Lw((OXA;%lb>Jk^508y=W zjM**w%T1_1d59k+NB7@4^lBY_ZS}~!2TAoiO3`*7=xf31_E%cM#8x^vB$?<+A#&q2 zvy22LIRU4>i&H9s?4q6C_&8Si#k^ag-%dmkB0vqN9X=VBN!nTY59ih8yXEJ4E*Y!r zwx-#R)G?{Ku1w3-yYsfVdC@QApY-6({g%d2>w1t}f|-bdTufgL^c@eA#czm9k}bs? z$;vu^?^SPBjk6za$9qPGJRE=b_SI`HKi!X9kZ<^anh*wiNHD(|@?;;1{+NeGC?h>? zgQ5Ed^j)f*Y;d)t10j6y4sLY ztY5Z-0epW^7k~d!)-tq;Q3PYcuPwzYr>8oLcf;|3Y5BxJ8r5?Y{QV-YqBnSRyb{aH z1qb){^c^{P(p2aomA>ngw@c5CCb5RIOz z0_A<{2uhZ?cXC#!dyDREXz>y@VmKy2Ob5>ZHMo8PG^Gq@nQ{B-Z%`U0^6*&zpAmM@ z+^F~MGq@AoMw5h;=!TH)xD3_u9I&~?vz*>nDy`de{6k|3Pl?$Je|n9mNKBXmSzmR@ z;Wz@W(YuRcnGWsIpK{SQjf>DBmj?go=N)$O_0h)>f;D0)h%m5?i>Bfv1(%y;gKfx} zEcQ1EtjVkiFSjuG{{WLfY`=kY8N}y6t`AxBk5AD7Hy8xtO?1Wj<5S*zQ>74SQVZ(f z9O=_}H0z%uo`-aO-Vpd>--6nS7mNbgh=gG+*38BS!EPV}30yKVfUydF~us*m8vgdH=xxrr7g=-7+L6fXJ~^ zO{YH?c6&R!_Dd0J9z!jw$0A`JPokLmR*_5vZK^aIUzFO{_ACAsm?C)AT$8f|MNc%hC!U!u# zd85&_<}iSr0V@)|HJ*h&`>(T~UyF$VVvk$K&>?!V8qW3)z!XBqu8&z{hJ4DOx@{2D z|B8HOyxBOSoC{Nx8(`$%nc@1jk0)}=xcLT{sUZqbse2pD)XkuS=|jaxaZgbOtdBE} zl-&|PKP4!r7T#*~hAyB-s?dlIFb}mt{M?G97YLz_MqOU?q1`ySu?vN_Qx-%l~e7w{kG#cUodJL11fRH_SavvH-0v(_UAKh~eM()Hp zWPg_H4D&o(5fDDt9jEiVNb^IfLOyl+JY`PQ`JMmO@`j%}1i$k;{)c{xVgFu)^R+=x zDkN1Gu;*^Sh~1OU6LGhMzK$ZAAo|hLnB1~g@6O)hqQoo+sNY6C-5+~DirF`N!4Xwk zV~Z(V@j2fj1Xy5U&kwBPZU_G9>8;a{tAsBks9rQ=*fF4mUF-1@8|I$T8XvAkRuBz`o15wT8o;Q}93?l0KHu$hY@v(+wnF%|-(_cX117jPMM< zff<3ZZ18i1+nW&^NP%fA9d8@6*&s72H(vsjV7%}G$>+9t()QLk|)I3jttK~`T35V2e`#}~daaql)nWf}3?oO9EDyRS|G?F4~!`^ce@C_rzY z>*kWYlcnH2nBSCVXqTA;)4w!hm>x017`sK^%fjE0k4Jbl@s7Mcv;CDuky0W61$yV>OaWz`XQAoBtO^;3{#&p;k zhJS2C`Qsze3|}AXw<%~7C;TAJXj&)cmU-oT<`aSc8hib~Zf**4|wC$oF zK=;o*r9R$(-|8{%>lF$TKZjSG&Un$eyiCyKHi89l9=hvZ?lQLxCvbQhBEV!UJL2yI z%DlNG?y#`EDH7>J_T<0+`@f$^-Y@vz0)2k+G5FY*&t_B9Ymy~}b>vt|bD99UvTJaj z`@HT%W=xzpSA`JdWXeNdHtecH;U|89L~277L`{%Rx)R|z;@MNVrZ?flfMYZqa+|>H zhN2BB)VH{n5{AOKFO zPMINl1gH!H-}gYMaVAk_J*akhSpY|Thx+d$DdqDoqsGoX{qxL!ue-gT|5cRo`8N*2 zIs1U|*x%jFoBy4I9=wG4-`n2r?e2GXaQ=6 zBO@5#A^RQ8TTrqW<_1$c0w8~B*^p!e=>`!8)2>AwZsQC88MdSmeoH*t07=S0@1iAw zga^P0PL~PsHX6iZ0*L=G(Sve8XglNS$VqT&B3I^V7@#OlX0yQOa|`H>;G3UR2Paw> z;0{?fI60&mUf+$YVHeJPOgldZylnJR@WfpRci_`PneF*?$lm`-J-6_Zg3`9@XH0tr z8P9-q?aSYp?ph1Mw7n@awiHQ9;=kzTdDz%U2n`Li>HsM!qMMElA%o%=!phC$a5}kKY9HvJi(;!B+ zke$Hp6dg45!!z*+=Y;DkU?HGgFAw#Fv*8RqAH*wIuzi|3#O1H9P)Q4c3iAkzTxTqF z`KSdrWGDeO8e{L;U7$T9)tKjupSxq{_Kb(DI%NC!Cgv8<>fsJPyo8~LxqCZ;m5M=> zU<$Tr4n!I!C!MWgi;>+~6LsYun(gWHuh1Bvx(>5KqOX z*A+olCC?8WBW=`o$ONAvxe|FnibLUC9kPRVx4nlF>c|18WD%^~OAeXoCeq+E|7YRr zGQQRJaxg++=-l$qa>AqSOllzcS(ngv=A~@VF+g~`YGZ2bJ~&~NO0JNm$xYHSY$b!xH6?HgY6Z|*IBi38tgSWa?T+6+DktSQGGeHUB!Pg4$glRFSL zW#!Yn0cT0KI-x+A`A5;~z<(12rW%hP(}fnSUfe|)jWe4X4R;TE@&QqC`Q+04*=S^C zOfb#>uG$*7zznyPhFOfPX#|c5k|nboMdOaBqV2x{0@segj1R&X-fCAXQCa0($m>v> zf79m*CWlA)^gW7eB>{gKbshE;76h z|C_%yLO~y@yC`gw9atOyI2k?gl;T!60U1g|giDfFK6E(%CxSK%7gr8XUm7{wW$R6% z^l;P)V*xMb08oXRxZ-*$xTKR)-IxbI)E+@R=%h3aBo70no%Le-RLLfQc(u~vxq$^t zeqx9p`ixfCG~`)HRsmc+dTJh?xXR7PyWQ`)>}??9Drt2wT1eQrKoiAw;qVegO^`0HSc}{kU;^08O$H{Ws<8ahv56`iTT5QZx6hs}v ze&1?h(sao}3zkDTk8wJnjw;jLhq0&PWLCDCb_6TZ>2lu#^X@ecHj^VI{qcaDqa%yu z)`fEw(H>MjRYb!CaihhLlP4&fCTt(v+W~Cq4-KMZavk7Gz~APq8&4DK2ew=w{5m7t zy_^$8we->0b0RlN+$0-J>l11aHH^vz?e(T)JlfZW(CtBH#dsXGoB{D>{OTaN@c9x--W+74MCS|l#T=Q+ zrC-d<$XJeiiYN2!=r2Y~7Fc(ZX0)YfM`_fJIT2`oD@MQXfJp2Q^<)SDVoOJ3V6eEw zRI&zNRd~aqk!X;4g_a6i;@+A=vxcSx6(vYDfV_j8QEb=;6x8KO?nrzD#$h@mMrp!- zPAF+OJn4P+%EL!8T5grbV3{sAn#aj`j7Dwr_vC%MdjjK~mXYZc3PbCRj zE2)FjJcfxHwsbCWI#!I-;+)_hZzFScFBJt2gcy4K_RfaP9!_XEe(bg66GTk@&BrDq zqqjm=(_|)BSfnl1l2NXo@$*hT9*_l7 z%NssRJmLFIJ>{)hL3s7-&p*HU>p8~k|6aayCm<%bxR2_yZxx^*_~5xoKsetm7$T&d z&jj}ZtSA28A@UQl-fRjYmg`Jfz@^H1-QEG!?9zQ`LmpIeC)$J7x^esBInxuV85f%J ztSscj%6LhGDAPU;ZJ3O7$R>(W;`s8v!{yComN(7+@zs3 z^m>qeFeg)0A4-FVhBTn1bkXvpv=TleL*)I2y0Y!RdR&p3I?Q!8WOYqnkO7&aBt_3A z=Ra&OW8^f9%&VGHm8pg8bi(E$;`xSk7%1M9NDGk@?p|lQlnRGQV!J^gm*+QZ_r3?K z4mbduj}*tsg(y3@s z7UJi0;)?;+I%?J?NAXx#yL+I08Jh0DqdZ-zKYK@RjKGG&+XeViy z0TXYAi-T{=j1ZzvBNvVEU~z0VNNLDbH1sD*z4%{cg$(N|4E!r)t=!m1rJxsJWlRbl zcoWC3&A}7NpX9sf7Sg9CFmB$2N_4z7TeCm&DIq6HjIfb2!oBEX$Zfi;<2!M<$5 zu4_l5X2J^fO66U9PS- zH-zAt*D|wlGdt&x%8Qr)uN<|L&?}6|VwsB@L~i^cx2-h@Cd#+43J$RX*MRZAcsPU& zn=APxNFjGQnHs6djEcdaQ<5+*Ap=sdJ zU8FBrrG&=~c_wKd3FSyqvCJsY0tkN*EY^6?=5jUpq)L&x-LNt{6ZzmbS%uk;t?4(1 z1YP;X*K!Ad8u&F5*_qW~R!n)^kQ6K;PG7VT*>mYEmL}Ho+-;;%G^aGsf(0Z)^Bldi zKtO8E4gOKy^<)4^sKXN)cQIiV(=TU_kyS-}sudn4`KeSxva{(=o%nIbdYSnNiFh!A z>E=;jNac)Fi+C)Nk{AO%+@M6KLu!%ZG@8)2iJ9dU4RnW?-)t}fW~dJfm+Ks+j_;1e zdmVcQP6qJ?`!38joMgP~c~jbe8m1SXPbZBGs2Dt8YWo# z)N|9W)!=4RjIFG1JIaZN+J#B5v(^~uo0Ww|uE2mFM^f8+i*eLWC&nlmR^irwaZy>m zwFiyfsqsR)ZhF#{kEDISk_@%^x2h3@=F6m|zZ%AbvA>curSZHvkc6a;tH$xq37>QE z>@Q{jE51%r7V&wDJe4AP(Z#MJSs)j)!7g}gI7xU@QKbwE+&@bkXtciPn9ZbyU5?I(VXNbM$nbm{ZA}kf7oddyxpPl8Tw&jXLEbw0Nr>$ILnA*QDkYPqPDW znbCfP^j$WaDjF7X=|8`Hafr7=+?id4mq7AL^FsMIgj1wqO<8*EQ~X_a;3P5gMo;Me zD93+`&`|jbiD?3=4lG&QnsF@&8nLzLBuquu;sdDTYsmrq=FQPB=NP(3UPNa^tKxMl z$CTP&*-@o97&B57e`3dq;?HuUMd9m=cu^ZR*^Uw(A4Yg6R5+TLCV;j26#b|^%vOJY z*M!TA=u5@{@J8oR50GU*5z5F`XDx#^iCS69fXAL!jpQ5Rj)|2&(#?!DCMk@R13868 z(KU@p#CSM&!~A!PBz<_+58_c!gKT28I}(ql z2hAv8@T@=f25`U(usuetLOPB#6&Ej$d$7e-=O}c^yFL-<5ZQ)^-x+H!C;VO6;}X75 z+|;9pjvpqkBs^bRu5FOCC!*RNiVl+sW`0!TP@LmM(m7f$nXjTjFvY2&a0P_=777-J zRU!wYZ775g~X_*Nb*NsGIU^h6tPIE^{yhp@G)RgVdJNJEh#hHs^o z1F1fuF4Z2mHO@!w7%xBC@pNo)MI2Yt8Uja1yM0TBNLtm%ZOuabU_jEQJ&4?M*x^_BVbAn!47`2+ zo|E0^S7`%JCLGVunuTUbh{n?Lg{;AzvHhKW@c?%Jc@&K$Si!L3ZaT;OxzCI_VQ7kR zj;VFeDXs2p;w>iYIUoAiIY^+-{upfqvu6~qVrw{fHo1j0fq!uG8f$a#jC9$Yf?Dre zl@>eCnzw{?j({5Y&*AbGB!VkmkhyD5-Iws3c*(mGosrIr?;$UzdFI|^C_z46G9r+S zjv+&}@CEMqgYis;MOA4jg_0L4P4S-d+7%*a#Cd9wRtS2=i2JeHYy$xF!)K4_iSCQN8Zo9kJ zP25D5nO3K)gKYDlq`{BA+}qyf20}>-A>Lvy)nIR1+#p)HvFA;Lora`NJHD0P`5vJ4 zBdh^#HmCNz9aB1klrwgAEN9NJE8h^yO+_F{uFFIqOAJ{gwm4_ZvGrj(T%!Pfxr~(7 z`T47<7pY}QB&%*{?stLo(=~EUb3rDF>ml=DnF?g?CvCI-Ozo4F=Z2=3W5%A-8Y3NiZ$?{3R2SDUd@$s;P@v#Q^60|A zIMnpzu&73r%`5>$;^<4@RR2k!I#O2c`8OGUS!we^>Oc3flhoPdkTf0NWTefdr zO(sv7_=jT?nu)^iqKl!b;Yls)jLIpQ3fgrLzGyF2v-lJKT73W4q5pRN zx9SmrO6Y&DyW2~||2gRH?5^qmDoT?6XC|M-Mb~PzEc$QcV&k5ubhTpyxHkc11iG(4 ziW}nS$VE?cyNbqZDqXFObx6#AXsH&txC);-qpm!*3hU?eBTz=xoZn{*r-7%E)@h&H z{Be+Vs$p-r?aC$zU*7z_GFw|CkGBYZ5K0evrM2U(y=lm8>3}Vpr)hCI{bsdKHJp)U z1Jggb;`EtNisz8Ae+K=RTz+ig2bgJNp#o}wBk3~9ui-HZ(MvNK1jb(~U`^C^5+8%$ z^E*>JB1JB;)N5|(s|NX_AHz&_upn>19_9{*K6had0EAE(Dhr{dS^7jMshIC=g2{OrY>zn>hxFdn}-`b9SR$JzPuPj7zy z`K@^H>Tj=qmhg_=JwJJS{>z(_w=Z-LKk^=gx2}|ypQ!LjPvjHnN~|7;+=%W_J>fUz z>L&&Yx&bll==4N4QVzo0^@H3p@GaUrymn)Xo~337AO8RCy?J{Z$FVPb{>G>1fJ{g_ z8i3#`Gf{46iMIJf3ty3rPaZ{=8UjOdEC2(~0F-Ev_p`rU)%!9V0D+Q?IVUnP(@XVM zU0q%EtK*ZW=8Kc#XWIBlj4CEqOu(9F?KQkT9Nwv%dZG?pKvxZs``q&}V78E5-XjY$125n(y2`i4%xK5=&TH0z$Smm}L z_BJ?-lBT+CLuT9D!1}Z6aBFvu7N=^}s!*!r0Ng8rx>fq~*CHY7dM*cR6HoP-!uBLs|!6H6Zi zc=}(BcsFmEjQ1y%r}I>5>##u?A62vi6vQjoV)&Ce@!ZX7%m4}-Ojb`Z@Ijt7Oj83I zF%j^2vj$$HLzo=d+S`UX*S=I71C_N1Ywxp+?+6t$l=K`xq^gdXT51EW5ebn(&UIJO|7TiG_RsDeER^R zJNy9vA5Ev_#&q_KdhVXPX&M&bU;QjnQv~osTpNVt#`={%b@qR7k2-CQKaOkGQL_K< z?soRA{eNd~XSx3`VAAnaN5z$>JixO^V zL7?m`s_f%cqyrML;NEbR|D^c|`EkpH?7MGLj>ZriC<&Bp1Df&QNYuSf8jUR$vsn0s zaVRM69V~(LZ{m>oEan&;03pfHav*;8@|3w{=qUQwryS0XbyS5$wyN}2E4!gm8Y`K@ zL^C~}AXvbCYxX;|`r}LVg9ook>3A|u$m7jNWQ2G4%=IDCuo5)%2i#KAhA=%D(=9 zelcPHLwF0o|5V~=VXME-iQVu>##o@#{PghjC zbNiOtJ5Bck59c732CWNP56&-RZME~z;e3!JK0adiW!Di*3N{V76KY1904EM8#!Y7} zq0%@Iltv$MZM}T;?CAXD)$6k-tLr*fsm)F-R)Ns|h`#)0^KEO$iK5&>0LNEZnj0>u z$0rt{P;@pkxiQUwlmd3n1eh_$wSss2$9+@KLz$Zx=~YhE!K&;@In>6u=s`h>$A?xwc(NsM@3>rJt^VesS8{o01HxK|a)2YFjo zpsjdg8pvoEP2!&f*7`ho^$fw(tLf@SbHnU0zz6qf^@I~v#cmRr^Ml*E@R6- zoQ#vd;rA#_lN9i64EE6OMK|qi+ygr~%E5;$?I`YfSP4R~bwj#z*s5UvwrJwNHCPol z5kM?|5@HW0iIO>Fff_Q>p^JdkanJI=jxKYEj^OnH;uEWB5D(bqoc&E)gC|$#47Uz` zL0l8E_GT4Agr4K!ke+r{nOyOftftW*8Ak|<3h(((Jm9Z#C=jx~3Z$GfteJFUjkk#~ zd|T0oa~_10li1n(n~@64%d8}j>amq9qny)CwreK3m|Rj)Fff_+B$tWfMd$ee@lkZlffNK=h>3gW$I35US%zXY)#S2S1w0 zK}OVN+`RY$(Z~KKzjBx~Iq#5u`St3zcx1G0_&4L*Io;yU`_b@P7M!z+un8vty~X)YHP;CJ)I>G2VH(+T$8{nvqS$^nk*dNlHEaGs*79J-;9y5cRV(~bezrhJ^YEQA5t0J@$FNE>Y zvNAAl@RU_ZnhcM!spqOWKib6;1Q+4;c+j7AX3!aSI=T1>=R|YOdeLgGl}#x%qgw6U z#55h{6I9%SD|?DciGJq{O`BB!D#0$xw@kNySe)iT?{r>H;mbgr&`1f)1Pn6sdwM7 z|GMW}_Crf<^LgsX|3b-F*94@@{&%ypY1@D7Zg-aQ{~{ji;@`eF2)Mdp6|`2UPC0nu z%ILaEOXko5WqRp&EwLa6MLL;SMfmik)xHMG9-yVW%d`$pj`^u4YyB8z zq&Z~19N^7t+O#xngXY|nx=vlspo}Dpltb3J?7(%*X!l#qsJ?$_18C93MTXE;ngZM2 zoWhHZa6}u}^~Wle+#iuu2EXf>3r<;h2M4+6Pu727Y|MvE`w)S`SHo^X9dw1)9$nN}`>pp*Q z`LE9SpO2CrK*QIqqgejm-rw1__5VA2yG#6^g*>nYuy8PzD@EXne@3`X6oicUn+#AS zCvDSkTw^=lVYdqb^5mxJ%Cc_4rZQzQAY2R!BvyxIl;nzHb}lK(Y!!RgfEabykHd`F z(`r9`wdkp<)-X!r1Su0ir6G;;(zpcnW^rp+*Gs19uJgV*q{VQphn(~_lF?f0fb3rOe! zTBaS^34H)`X94etQtt_wR56=9(Hl2<{L+Rv(r}1y7RFv49JJV_E>#Y{($*r6!m1xa zWMEdEU-`56&19_VG~Q&aXn^nl%c;P^P`9)5WY1)(`(AC?8l{R?ai&GMes>G5cfB6gHg_*IJ1X<^r z`w+xhudr&}78NdC4A)(*`0|uWbE>r{R!UQ;!J2ZJVrl#vE7_9U%6N#h1M#qs3f<=N z3xC2do^y%GZ7SuQXxZ+tKrKT{Yos*?KFgna8Wl?#l89d(J!U>nEfVewCR<{g86X0H z3g_(MzoM%7%2Q^kxs1t7mdjy%G=2uYIs?(Qd8kpyiNiRN!Pz*>E_Wi5p&o~a5URrJ_%eGdiUDoTP(^o&e=I~>BX%NCx zB+i+h-atg|n*HhJ@&EVJ5kf?OweM+_ZpbTIr^wKvS6Hl8=mnQhr0(R<(-|cL<(6ER zPBUhdL)q!Sj!(|do}Zro`{?!Y_y4IvpIu@OMTJ|iC~Inw+2C{mOIp7B<WhYI?j%_a?9OZ{3oFig$UfgU<>xdr{6wji%0DQ672 ze7=ar*GbRiIW^7@vcQ^qRdHdTAymsBZ0FOpG;=%46hc#a;@N-g4ec(jG` z#~gLPT1a(|!dLt1U&I*m-h?&Lh=8xd*_X{IrV@6#;owOQTEVKinL8|!D?C3?)}I~|AVrGw5w^N@ z9h@nP)8COSNymr%(REnbTdgU3sYR^2tD>o;0xUb!RAp;`PF%TSR>hr4wZTg6@!wQ7#ijs$GTuTazZgNO`GR zGmdzqp?NmMsu_{XY=PS_EAt0Mgh%T1PVz!2j>GgS8r$wCbcT+TZqh#>XHQS^s~#o2 zlk!>-0V%&^O})g|VL8(NPp3z(-Ol!>GtckFvvH$t*RsGpuJhBJC zI}=`RH71rz@QOx35OV%o~$)5YPotE^RxmZ36%WVYd8vnOwm3OdZ%kFDOf0GD=oC z1ZVLP(~obWAvlPp$wlN-KpP1>%4d*{;=&Tl6y72V6ySM^Z|62f=-aHjR~R1j;V!sf zHOc|3RuSSD66n8kqCJ$B8D3t3IX;Sz;_qq88YlfIRnF_$&x$2#Q8GQ}Zn>$5X;ytB zsiOnU6NB@sZ^=(qdt5_)%MU>3etCK*kM^lV^E6#Yt-@N&Dbc55FKM8uZexXz)ig;M zxQ2)OYl_h!2ks~@wxY_ipi2Nx0qbML)orn>-*dAK1ls)rJR|33!c|_CdB##%gVPE@2Fk#xlLhX1}Bbhv{p;J#iC1AM% zaC)B4F+O$As!GcB%5DYuy1lx+Ut%Pir>`rlrjiyeZ>uvImd%9JZ^aw<3VA^#5|&7N z;py*6%C$V|>MU+^C08QEryk2ArRqqV5+EbH$Og|zS}275p%78(;6Dh3;oR}x_V--; zx9uhV!y+Cp{_`mt=&vS-pMeCy=4cT_nU$t`%w~~sZn2wnBLhu*F+wnCK^hjJ@uYbF|bO4)d|*yBQJQ%X5n&r(=E z_#RL@40MV7*V);%@qhPrwl|mZ-y$B5`bdufZCnmpadeT}@qi(0W?GI18 z;#^BFq85eNYd?1kXRWtcC}*JA4CFkw2**(Lmk{9CH`4h%V#)o}g*i4-KJ+^MTu&YT zKT3MNI7=rZSW6d^9v!ht`#>50r|jP3|J$3Ly}c#>U&LdZtR%f>a)`gfA;zmrji+NE z_gjf&&NhG(H{aK&Jt)!|lxYjRsNkOdYz^Y!p$Ln~=-1!a)^(-X^Ur$T+~LQchM`rx z@vfWzr-*`s#Q@m(b8UR4IBV=#bv*Q%`8_>#_&-Fsp?hQ&)KmnQ@qa4sTk`+@c4ry? zZy`_B>*L&TqWX={Mx9GoYg?I*@;MN5^a1vfd7nbqhGHmYUnaw7PP!XcQM}}^f54}f z{D0G}efI}X8UNqi^5DPkF8Ti=o`v#%G&9QM`zJm-gsh_OL9qdQrIwvEi^drC@8~1YGjAPbC-k9~@DjD4vpL3k=_Q$Uk{V;O1BP zPUEy`X8HEvM^DTOGobNh6*+MFrP-b9IsW%UujqQu6!sq>i^foWD=6Xro4bzwf1jQS zmi&JakN74TJvUyQyY-%I`jY566Ihot$a=}T#_2n~wpfZP?humLR}MRAH= z05}qo&l}~)_SW{(pa=EABlaI!1R~K0w>IhL0Uzma@fY~MvbU%_Nm58Fz_<)3?Q6Db;X;-%q zQA(6f(>!I_f-}@D+A04Aq6M8xPkuW4K6u>JDDb$=a$2x;_xH-(7vJCues>RFA#Q7S z(3a?O-DJ?FTbm7?#R^~@OUr1d5kp~tuX?58J(R8T$+sNhlULr+mY)o5($rouV?$nu z;-SFM@95I%k+pUZkk&VJeA<5^S-YvyG!I(eJThNsp3i1s%}4F4HQAMBgR~J1u-c0- zi}rR%(9;0 z+-RcgTo9I& zy|j!z-MYgxBK>#}k7&&wPnOn_2ZD3)!+_2L%3@Q#T zpD8RAo@omP7*jQKo1^zO`Np&GY8;>&ag4Tt7y*8aSVLpCZlY zw(C_nDygBWyLe7{!oSp*8&=6p{ztP?A$f^aFgSpxo)b+g?sftLoU6LtDkQ-`|Q=(aZo z2SAhXmmV(jx#hol_kUov4**m3E&$5!{~Y~)XJ={uv5?2&h8~QvoSQ%RJf)2uLnvG1 z6#+AKdo>DwokZGwfvu;r0O?$`HeE-{wJ@Md+1rVzWaZ&ofyu)jdaymul>UDg;QTYZ zs>TP(?7upD9sB-&e{XsJw~)tU|23Qc-*;?gOy>qTmD?Ski(j7o?&RVZDnfAlJ+H+C zdWuhFicp__LRWE6N!Mv}T8~E}T>}e7`71V$`rSWu_1=M$eufcxgbMStR*;ZkYf+g4G#o8W|yTdHj)NRS)zpkg&`Cqwj z&6EFcZ*SW2|K85l^8CM$=Zo?G3rC}@t@H~#<>^=CNB+6||KKJk?uMD6N)<0ZtIstN zmpzrij&=V_k(LvsjUqgKgT5&!eC+M_QPO+vbK+Os{MhPdR=qJif+ortyYI8ffLlHr zie7#bv)Vf2&1`)aW)TMQXJG*u1$!n z*i%?8Et(CQTtU8oFJ7`4yl!OzS^7d!@&F*|>^d|TcI7E1R&(xLr)7JW;EnQz6RqJY z1$#-kz}0%Cx>r}8r<2E(Yi2(wcr0fx_R4hl(rPMp`nta-U${>7YkKP6|I~K@E<6A4 z?K=3s+e`iLVjgwVyY55|^Ksy*;)T_TN4CKT@y3HN%JD>PU`Ek%zp#4v%c}h7ZVxg> zT%wg>>D*XqKV=xu)V&#V>@P6+2@h+f7c4?uxrNKr`4uRvTu)(?=k+lD%S*cB?`#$o zQxvkKWHRz;AmVwr5l5JyR9^dM-R$b{|6&m{zm78gzq@PUKWuk8OZ=b3Jo(;2Ot@VI zlVIlZ@_j6k6{mHOnYXv0C&-c&tEdL!UaiTvS6v(kLfkVCvlP&&60R9$-zc*L_2K(u zLKi;m&dZQ9w94*91&&4K@#}q5JOKkz5uKW!uUMc!EtUp)fJkRdU%jHE?t+H$V}UQ8 zux}=;osV4e2)53rYwL$d`ZB=_vY}~N+_H0n*q}?4)eVe0=Vc6nz;VL-q7N!{_&*qx zvVZ4l|3#19j{bLR$^RGgSo|Lb_xqIcL@F%3*D-+okUdFnO7jh2}+cakHt+`j{_B1_OPttgNi~f@z$3ppPykymyprpm6 zcyWsI;teq4+z}loCcknG5WYT9Z^dE6!~@F7Y({@DXzVsys6U$m7G2MzEobMaR92Zld%H76Yc+ z|0^H;@F}zZ-rw&y_}{xb%l&^5&rJLOj5sl3$t)f$hAva&HwSPGfkOTXq>v{1GW{5Z z{qc2^eBvx%lJ=hezi=M2me*if30O6DAlB1krM0bY>-i+{U z7)Z#5&L;dwV|w83kkwC=gnP2}kH2(ibHWer$y)pW67u8O*-85oKZ$MKuWj(k-jL=h zRM;d>o{;9&=4O*Hw(3(QO}YMSLBW-+|DD}!TmQ4QwT%C_kjG>H;pYKg5JFr{n>IrV z{~bcO&GbyU{%e^6m+5~u?fbv&&D|yb<6@rL>mQ9+N7?9zzprB@JTC*`hY%bVWYNo- zHgB`uB@0|W{%1=5KT3K+*~H=j73~6L{NM5a+wSb|FYSL9^32Tt@2f?JI_0y4=|#RC zwl6W!0l(rTjc?+9bQK+C-LQ}RUaFNw;u~!*-qz7~*GV>h8I7SI&6md~Pt6x6$IsM@ z%ZzO=NG^n>qua=2c$ggyZ&54!JRVLy=6#)vM*Rq2GQvI&+2>D~!k=KKk@MY9lS#E0 z{sN4<4`JFnJUPbS7#8@4H| zE#!G9`Ty(L0eE0lBM2(fv#qhsZtZQuh;}MJnj%shWtfr&JeALzwMiBkWgu+O0Yi zu6>P=do|#^{ z6S{-;;hL(Y>=a{B`1o)nGI^RSDqcEuVbhXd|hS3#Hc5u;*F5{2%1c7!`f7)mf zFw-H)5OV@aWE7>ahND)a_3ZTgl+MqH7Qt~c|NZoo^x`yYw65ZD8~~s`1VLqdEQ^rg1XK z$nmoyS}#|1G+J>l3fn9>ebs2)WN`o9{u*>0HP-*@qr+z}j#`6W-8zcbe`jlZ---XZ zv$?rk|BHB5+>NPmNM5sd9Hkm!MfB*xl&{~2ZSL*547@=X@#F&IZtw!zBGCrjJHs*H z%kz!(nX$2kHMUi;sRA*f4$#gq$y$xZF+i*K`x$v-H>{9YKIzA46t%CegAp*iw%~lu zTG#+)$xR;|+OW0VZ~;#~u))YZu0e8$Q`GXVWt9J+Iv5+7Mpxk3oH7n*_d|;u(vD7( zK|~9nJm=L2>`9Z<+l(&dYY8P-CJz#xd_!CvzF;eyJbg_l4-flUB9tIKMlyZN^t_Xl zLEBTQC>${Wa9U~_cQbNHDA?oFB4F-BY=K48UnjT-OGQH3GF(AEQ6$wz>dTx+I2GN_t1IcBI1J(LmkOv zoB?z*CmlwFtVgY@7Aq1eeHV?py?3(g7^WGel}f+>HO(g3Mln4&HL+}@2EqjZDbdGK zg3Cw|(b?K>ZPNeiI8*>yaDd$?X(_2y^gkGdostRmJc#8Pl0vi4t&;9lxWSTlc;!I1 z=XVvlR$pbwU_|$4Imy9?pB76DbsxEjL)rrtOgwKQos@$(!;m{r-ynP+2_yjc{jSZc zepk|5STSHHCzcppjUj99dfbXyglR3wJ38|~2N#{bk3s5>FK=ndjWccH!b0SHhqi>R z>7HVFp=5fOux$C%d7~{fuydY(`FOjKD;DP15Z5Mj)vT;=yUGbOA7|vMb%E<8qjC|> zut=_1Z15-q#qAgZWN}h$*2UKzkK{oalK|qrVftMlV1@iZCwv5tO;MnT3NPQ%%6UhLA!6h%%9E(jx55eG>)PqK=<*EPh5Vi z_YQ<1v>5ULGz|C6ZaBh~N)t$a9}Rn)daZZ(#W6&Op?#`%il3knUj}L&&|_R0Y2C}B z%#0=%ly_X)a!UX=-SK7I6(iLm$CtcXT!#>k0oJz?!7%zwL^9}1@XUE+45hXWUxzo0 zPxa&O7>|^Ae5AyGyS?|V-3}P)pVB_GMMPU*<0CkgNC6@x7DxM1ELy?l0?lDXv6lOL zwyU<#9mx&TaDPwFhTWEsCi_V@?CU-=EHifQ{eAPDnqcn~)x00s#A!CI)=jeLIg|<` z3@t=;Q%ElR;S~%mn<8wqH2o9pX}X$l2j}Z4;~P3#WA8YtdWS!xTmcolL#qOd3SX-22}BWEUeMZhOp*1%!0L=Db{l!PHy9ZVmukkcY(R*euF$`b>Jmj6B)s(ulY zjgX7zD_*@oJtBPVX!RbR92a+&N0zD3Nxe8jesg;ITsjnT?5yJIU|^rcDb#VONsOGU zsG*0G&IJf4lVPvL6hx@`q5nm1EfLU)8I+(*H3Y#d9zPY%Zcu0p6F(V&$3p^oAPhSc zfpiz9w@f*MA!3lh56Ka?IT6K**h<<0YDu{Tr5!94lf{?0D*=uq(b&6kRj&XLf)qHQ zseCX+pCGjan8%o_x9B+{r*}UKk?*71A{xPK|Dj3jhEL0SGJN2^lvnzkPs{sx7XB^c zXL!D##Q~PDJ?Y2^MSr@tiq`#DS?TaMUj;*iUmFWS$JkWa?(dYRIh$f}xCPznKB!2a zD23*H^OhIEwlt44BgHPx+_jwv8H=gCFl7?8Pa1-`I0N$-Xw^$+LS6Df9d|Kg6l1DA zc21QdKdt}q=HpF+l&kW;jXm5!&1AW{Ns+T-+!UiQKVFIO4~dKrJO2k14k}m2T?o$Ut_mOjT0XMU<$2=*1UchPYwOQG6bwy z2k8BGcZ=+QHu?Sk*8a{O-v4*DI{!m1kigR zgMqr>mhQRIq!D$EvU2K&eTeCEfQ?3dGS$ z>gr>eHY}pk;Uc0_c5kP%_wBcxt#7~G+U#~OL;7rQhL3lni()KMzaH6@xZ36vplx&%EbDsWJ-5%v+`A_YYbl|>%WDw)Qe6UwzdD0`=q zA!-B0-5zhK6w86;H0cvM5r&b-gtaJ*{@Bvz%5pZKR#e}Dq$qC)B2$&v=B+nSWN;Q~ zq7)q9Q?PRA-!>YK;vFm-!alc)8uvMpIWtt^^Y%5$sVP9DG#j`~s;IL0B?WEJMnk5i zMaaKpS=a&Es?asqSh{Gw5{Da_8uNf`?QegpH!ZRiw^#}%EiH25eSI9~`^(KVDHCmW_!hN=?8dHF@j{@`wdjRW-|mPqI6WJqVgBPQ)J z%?IZ!d@B9)`ne_8^Hv-XS9d4}Lem(6(s-27Q)!NtP#t>E;(UdivT036W{~ulN-#EW zO@UvsxuIlrem}^PP1qSoDsma&umZD3gfhq|{SasL5EH@Dp=)|L>G#nYiD@HoR`UKS z)DqE-0goQKK5n&Rka4U!K7s5~x5$d+*>O!X_9Q4Y^<4Tak_u8PX;1 zP$tv+@_IOz<3-czDk>Z4VLBdHP&r~XMJm^N%`VU@VhOIc(k%ZOs;`q2FQjpTv01Kk zeo~zV-32-;_cBS>Ju>_zrV8To9_oP;D%zdmEMj^@p-zg2&dz6Ol*Im;GN=~hvp^NU zcgSRwP>HOQYv1H=rRrjv1W@(bR6m#wB%khCB6gd|wAW0p05@B!|M<=$Dnbi4}H}(Jk~w zc3fO@KfXxm90)EZ+3f|I)AE`-t!=Q4Z6KQ|*uvIhwHtu%K2I(*C8%7-BpHS`=TeI3}HFB z7}eBT^rm?g!Cq})T2DXL6@h*}>yS?e-BTJLxrpZJgFhGdgzfv>@)@x>LskWktu`rD z2$^;0?1sz-UgY81C16ELQA4;?TMioH#q(GbfF5gp;1KhBA#}*v3%VLG`5Jo*_|FoX zHz0!;9M>Act9=lDJRp0!yW6{dK$BUD6Og{IlLU`dOd+SbLW3@WqShD)$=a+uRvZc? zvh|t(K3Nklgp~}uKy^se`;oumoB(cDPtfy;g`yD#3(c3H$5YBrWi7+b#=_7Hj@!~M zA`@x?P=mlUt3tO0i0qAHp#FMj`DFQg-e)fI|4jI=o$b!fu8se-y}k7RT*xyg`QMD* zD|J!x+=$IwcrBR=^D^bG4D3-| zdd{G_ffi8EH1$wU>QN`auTQFir#H+5RzDZ` zzmL;w{4?Efe`HyB!qPY(WrDjK-9bel@M&66i#`zXP*pul+&SmhTjwdifn+s#E^}FI z4y7a{W*i7J8H)oU>lbQ4`N9qTA@cL2dTxFKZkeI&R6&uMJWQ{QU=KlX`D<_ZWObce zw{IBVP&*j_IQ#1Q$?I4D`=4`qt~HbJ^KB6JdMTuO_4>?AfHGPD>->o;jEM&7cUO3o zE-q5lRSozVGI7syNrAp8>A2}D(CQG+`p|F4^v(kE>9?RSJ{I+CPT8i^TQ$9Vvt!dG zQUn=I65L>#smUu-ZRi!_)mQ*B_LKHam_k$$9oBivA87& zZs8V_!_dWjy1~ue08LtXcpQJ34B?Dw>^Jfwp4CZ*3XAq6o6`Xmo0StshjoPDkB~9w zA%LfN^guiAM4DoyNVTe-R=+;W-Q`tIwa0fh3n%HkJJRr0aW-$b)WkkiafjxyZ<}|e zZjLFkEk$kNoNwD z+DLPo1c1myE(xMck)}%}oqrjylmNusYkF3sNl9lzt4GpXry8q~<+bQ-t<@fbd+9h4WHbfo>-iP#JpZ zbf()=I@<-X0&`446RB0ZCMZ~Yd3N~vhodun_I5{}Oim7RcjvaSdp$^cWM^lmFnuoR z()Wu|Zgo2nF5mg-wzJsj%c#yzp5Nc0)8o$QvOYg7?R7V!Cs%3DSIOa(lgt(96+mpA zu;o_>{MT{QRlcm?B3Y^q2CcbIGBQ|Eb>h^dnvphcI^`qHW?t2)dwMv}-jl{$ULvho z;SyQvC}0iBbY*(Z32u*0S+wsEQCTQf)__=HElD+Cn_Q8=YA0|4K^E6gR~9xdovITq zZjAJ98evrrb30U_L&U8Yw@rg*d5QG3KC|8bn3ynm*FYuqUt8NdTekhz{`NBd%R(OO zv~D_fxYs~_G$Q*pNKK{|LmWbnE87T#7gFVp2yc6=x0$#==At2b zmsG#ape-IJ-Gol9v!_gdJH|P6BIxlEU=I6~-Le!u>OQmW|Lo9G<`G`9|8H+?Iq~0? z`2P!fJeqRmm4Yg1ZSyg3VoJ0U~Vwe8-L_iI|tj3{K8Gs z5247-J)IX^SlQQAmRRB<;Z(OF@#L*+LE_-$RJI>+bCy|;RIuDIFUDrM0Al2om~H5Z z>Kkpa+_Rf(c!#9^RiB-&!bRWw1iCMP_2i0kqmeeR%H%oafNqL&jDh(!?4X3$HaERe=I3lmGVY`0rc$JInZwi+NTAzIg*zBi)GkYP6S+kv!{?lXLP8!3%XLlyj;evlcma^LU0nbX9S~(1SA`;_ zrxHzAJtqfG$hz8<&cuevUu7hU0jtEfk0hz3-;xywP#^hQL0C4)x|2^KM|-N-*znC< zCnHOv%~JQ)M5YzvCq`b&$MIzToVDoxyHGKI?os-4cS|maZ1|?oI$TnET1U*uWG#-T z%%(VRhUxk&d!0(@_Rm=$yIu{nJHg^iN+(Ts{%usA_NJl-Qoetj1@xR*Lob(?&{$F} z;&KyAS2+JGbQhPp7SUU#m{p~-9GQ3OzOt10eg^DS-Mf22fD6vxX^ZH-99=()Z0zg9 zlIw_k4z01@sXBcA`+vUtH&Ot3a6XqBk@|5!OXR=J-Mt-4{@dH#TH-%0#uPL&z03h(gE z%j5qg??J23&mNHvX*>oqf_O-NNO*Lf{^aTk0VG*&(oOnImkhAbX9}|aB1y*CI1NVt zJ*|lwZwz8t7=daV@`j1H2l3NX7#>-W;V!r#p;%QEq&FZ6sqh7`DYmlf4Z$uc=Nr=h zq%5M}57C&sjz$SN9$qGm#=Cd#y2&sDWFg3h2!15&^>o=oqEbs?!}qbp8w`=!X-NTF zyjrP~QI8%mpvFey9D^{(Zw~S8Uee9*2mW&oiP|ivg19Q`>7n6T=h!$Na+To0z-ZhG zlNYxes|0I}dCE7hkDebLo-#}Bx87Fg@}Gt%b;~X_V4f~B6|VJDSI3}zyS`%l-XQdZ zmVAI7(0Y|qQrfXRU4_2=X&6`T-O143zgmy2u#`P|D5dAlAQ(;3E4#;7AK(&9qd{^5 zxZSi&D_oTp3pC8Kq#MfsJq#*VMww)FF|=KNGHw~2Cdn@CHkqqzMGsz{LDabb z1bGy345s5LaxG;LIcBP&V0t|Cu3r6_LjJ2A2WGQ&{FlAm{oQ5!mqk2NjDPJoFeUQ; z-tMlW|J&bN%Kr;_yzyW1hW@j~fstU=UMOoyjm2XHn01FoA{b5jeSzY0eEBjNpQLmf zfjch|;{meVjv@*2gTN9zh(re=7<7{t{t7C^7hvCmme8+;hyDKXkQQ(mqAe3QlnaN$ zWXuiDgh>tWLPQ%uM3@88gyc;`FXvw&HD7xyqbCLdJs89+uCz2Xbf7?++}|CvFEkCH z(<4$i+WcYdXYn9PCS$PS%b1kGWdIgsfSnUg#}H8G>K1NEvuNBf->P1GouGX16FXec zYW3g3GVIDY;zzCxt8FWESgGG0*6Ns81LVir>OyJ>3Lx>_B4^gnp*{ZrF|Zc{7tyYlb&* znhXaVDxL~C{TS>Muxv@nBa%(J*HHb7co@T(QO3;aB`Ul)Z;6&|GUTF?8MX*Z2bC91 z683(Xuo&+Hs6Ylrc*KJhf@sbJtVv4y?;;JcZ!Y1Ox~95%t;Guk$od2P8(g6$2V`q= zbHINOXlbzKb~j(dyoD@kgpr}+X4r-d4HFxSiCKf`n0sVwFgmDK$8(MQ^+c=yJ0nI_d|Q3^g^;u8Yrg2MfK08=tPu#X6< zA`D~k%Gydo=(!G72AFgn51o%pMzG6eWwZS=fDS}G40QUT+7<;&T8{_F#()@dtN~}e zLI2S*usA3%aCG@{(3@Kwc(%3a~w24Z{&cRnN?poTPDroTpEP zDzq%1odL}k`}PW0RhUV5gfd!+6eqOMwsi1N4T1AFf-XNyxd^dB7`B+y(6)MU_8vgG zXye#q4SEr*sO-uAT~EWoT|Y@icbC1p_3OLr?q;L+CJcUidpEopMF0J7@2^AnXS4zT zu6hawR*JG@PecfMf;ev46|mI`^v}1#Rmo-mh~vL?YysXRasT`Gfq--T2by)H~@c_fAeo9y1*S1-n3k4G78zv7Yy|dXr}te+a{aFzPt!Ws(CqWfcm6aBlMxBB9~Got_s@-vT#~uJRmPx`f0J7VT=ij z&A8G4-rfyUPQ5lXR08Y8VbJSd4V37=f}P6UD_DxQk>a4!+G%YgNo?F1<_D`pBTcJX zn;#Ala$*KzVrHBM9Tvixpexp#VAJ8D&w9RRCjC!|-@kZD&i@@a^IQIZot>rq&q5y8 zfkzx$2aELa&r>)Ep}gEPC$EHxo;rEib>9`!S+Kn4>~p&?`*VDsN;CTE=6+D+Zi(D` z%45n{)Mp0NWueWv1%BX%Kd91QhMq!IZmBO!cchAC6nYWbWoSASqYI>BrP?U!#mE7) z-3zrpA7uT{#Q%GU^G@Z>;vJxv|93ijyAJ=~+1_9B|3y6W0P+9onD>{!Gc7h`sb4XP zt$cO4j+Lumo0!VWyhgu1HhHbiV2x9~O6I7{Sx%d;nz=ph?T%lv5$Zq(Ho%ZyTnA4=A)?V3~h&X;)2>;CdhyUr8s7Rkw@u9!@Bc{6AMYhQp6^dJ*-FS93YP$R&0 z+Vv-+O_QnU-%g?r(M5~hJ_TIKsf9$)8^@=d^v|}2T55Ita;W+&=T2wKJE-s&;HE_| z@D4u^RC+Je%t|B-P`^$=Tc~TNsir1(x2b$DN{HW zk6bT~>%HhUbxmnE+~>#7o_>524e7i&Nt27nBnMRdKSX1@PZ$Jc+kTrzl#R5{bRY4; z>y#cE?)28dC5-8<^7|o3;gN6*_98a5K>mfUD}wAu0IFzv<$FqYljLBU!sA=~wl373 zK?)~i_52Z8MFPOJw^kv6k`Y-6C>ptwRcoF~Dqp(kRa;eZ@y^!}+IXW-rGd?(Mc2{V zB<1J!F8pa;>parYOV%B#@)AD(ICw0-BtWG)d*4G_anYya5UIAmv zQ;mhLl~a}IBs6sqSxdpS^y)nG)9GppB|CR#^}%9G3BgF~-#-iU>q+ZwlQVCTRaQt5 z^(vo8RRN-_7`3Z-SUh8X^@`KbkZKs+U8Z#Lhyge~uVQz-SasnpmTR!fdg ztad==Z2ql@X%W~Eu7Z&EZt#x(xNjnL5Icu^F|KkN4_0NjE7T%m1fM5i@4K)Mrm$(z zDAEU({Q)^1lRYtF!{W|gT3-MJubF4q>3FV{VLnZHwLF)5VKm?dcpusZwAlxn#5H=P zi-ypiYz_QrG$)ofYry9C%^MoM#}P|(6Qvh40X%QkD0?t+%7_?tJdBF1ou~Q8OzU54 z3NzaO?QGlff2Y$~;=eBBnF&IBafTl`cZi{FSYQ|x_-@JFd?pJpj^J}OHerr)z8gI$ zQfb$PLA8r7-Y@HD=dd3A>MvY7o^6nIaFJR^or{xN9FjIR$cCw4%)O5kA9GcHIZ)z7 z_nE$XO#9Z;FA9@;+ggQuk(HG_I=X< z7g(_eoFqNrWzNhezo1jaoF)8G8sEhI=t@WLSRt?b~3NPY*JdPs)4-t^V=g;xaL#!7(!bFg2IDuqP zh;jEHkTrQpx+dO;i(vVJ1Fc3q`6k1SO8)F6ABLb+Jv=#9nP5JGZ7IKlf7%b@f&40N z&EbXX?9bjEpFC9^ZW?^>-}*sq5YyoiwyA^gBLi^QZRnT|_;rPxL@A(fFc<^rdkr&S zGGwEOBPfRrflWR{{XV-Z0sYhgS$hq|9u9BU@EG(Q9Lq%oI5*fj1Xw=kZ>)@6N&zen z1H3pKjSkZRV6KG-%`v{F6XEm-%gV27G8*+G1gqIe74m(O zUc@~Fv*Cyv*j7YT5LZD~XIkAUz%>?HsjxBvu#WG+`xgz-#q{`sJh`TOX4?NN#(^r? z|93WbT>szB^8B}u=hLV5H{>R!6BnAIku-y*FVF`i z_$iZPLRkk$5Vz#lN!SNqq8=Rguqmy^&k-vf(~qGJXjVopqHYMcdl_wuj(&V2(bCeLYJd^F-&=@GA-1eL}>1w;zSDz@j~N%djY=#*WrA|Y=w5W4{lHMNB2NbvpCG4 z?Ebgo=>K;*J4^hRg*@}r{})>OIfjDYvDxw^ngLSkI8J~t1T1JA*!em}kTW-h@*>cD zb7thdPFGejQ+C#z?6SUU{pTP3$>;xIydHq(K@{-asea^F_LRzhJ9hksUHZq8|1aVx zjQ{#=Yu}9jDk6Qka|6!J0#zL~F)SFI08|e8(M{BsVoq*!ScRMHn}0@#SoRYBkW<$V z6srZc_lJu8g_8KsFr_?goU~{{$+s`#$q?dJUMDIsohR|Ht@t7huj9c#2Vg6nT#k+K zvY4dv_}fjDYY+}6QU9OmB)V!v6Pa=VFL=ONx1}YaW=ncW#+%)0J#KY&3fXb3^Iix`Fmc5q3Kfgq;q>vz9S!duW-FidmLbdhvvRFA`} zB62-c0|MpD& z#z_WozCoYMBLL);a7RufyoP=U7LxDaFUU?MKT1Cs++aZjbbKW2rb(9Ry#gMzEpqg~ zCr7W3UmU$WJAAHDjYf8rC`YPw54o~jY&D`UoiJpQGi8>ClJR)+@n$8WO{z7g#N6C> zMIn`R>wx-Hf4Z+mGpCwG5N5U-Wf|{ytU)b`6CfoZ$L0h-(j(4*{r~|a=1#R{@mrej zj{M96*CnZlNjTvl#Ppb973w@H}{<$C-E;%lti53;wC@_MXW@1jmJlI;Rb)l z14`a<2@2&Av6G`EW}WKwa_jEs7S)ApyDGn~J5}m)zLD*RQ?RY)&1=V(M=i}3p|V`W zVmYD)h&B-xFEfwj;XO$L8lL!)^9D%(oqKG;w>0LMLv?<4s~JLb=|})zqBX|Nz9*sd zYlyP*=xY_xhxw#v#|TL^y6n(S;(jtkRIk5dGatJy?0*PvGm(8mQC)jp8zBS=#lAbj z?tm3#T^@K~wr3j7XHw0bL~^LcZ{+xy#3;LzE*-N`jWJs*k?o~gg^6{`@K8M$QFTsK zgMX8!h&uuw=1%k!R6CI>3bN7@7&o;QAvOtSLy?t5->f2-`luep{Yo@*s&&-fvV4?k z2!zU|YmDFy91!V6fqKfPKIapV##J)Wy-^0yjmBe)lQj?8>r<^E8kgpy=SB?_d9Hn3 zlV6*maf-8+$|2B*>8P&1H$IEAbb@-)?LJ&qlS3U7EGJQ96z<0h=&_nTqI+SE;X6>WA%X%@f04fJwFH zw=pBxGf^!qhx4)pJg z+n`#ee&D_?zbK)N}Q;qu>^TGEQU{I~4e$dr8n1En3y!sGbTqnuBKqyS5 z)CC|Ey%`48{?t=7W3E&?{a#4*4E;VE)k&`>&nFjnKC$)JI@O-kQxZNa)irh*)O>sa zyNtLz&J|S+sTU7HXCJ%gWL_Nplq@TMSO{%rjGg3Yy)kzv&!6uh;G_a`F zQ$O6iz6twruSixks4huerx~+R4ceq`?y1r0Yk%s+b3P_dgk!)#^6D2%s_oQ^ltYw# zNQ>KX=U?7&Yb~(jH%zwpMKAX;e8GxA{q~70og^dBd?&seoLQ_|B-QGg)G{o(BZu;n zv?7ALW&ki0FiBZrlP^$|sIb)qNDqbxqcvy>{k2QAJX_fXvD+kuvGL)WRxg+~&#AP+ z*>y7M_kdJ!RbEI49XH@ga8;#1N$7^_Ggr-{`Z^gVsn34vj{FFpxPz7G?b)CDGsM9) zDad+9B>0J`>C<{>N~)X9cVzvY1Do=0!%YlS!yud?sy%n5E1=$@`u*cfLKtzYM23$q z{OD>@T`}?3=(w_c=JM3?|53;fwdw%BpWWSj|3C1T>1^-s?Qd=E@9b@Y|KIjj=YPoV zXKJ(Y{K5TyYK{L5gMp~)0AB3>)uAsP|Igjd690Q4&x&*}VuOnkpF8xehHZn)@sQCN z^8j&jg&)oV;ggCx(F7i!D+mj71s><^C<|)0__w$7igJ6nDjU|07fVCZ1}sx zO5tj!e=xNfgI$Kwz^`^3#6wyllq5vcTXIPSzezfUU;GNEDCz~mXQQED!l{59eWY@G z%z&FkHKKL!R|-07^pFEs?^|*;3F#1yBk=jvJwafc`N2W}AU8xi4@jrc;NtB;Lm(J| zD+J<#i&+LI4G~=u=Nfq5Vq8Sp%n|KXMuLo&Btua)^f*LNrXCIR_=L`crWOB*e7bKm zbTDeRB8Mz_I-g~z;W#_>EszQ$VBkk zh9g6gDs>vOGQyJ?I+Vj2g`#oAW>`iVU8?D><~TUu^%4*`!t8z47HSK+%#&Uq%?R7L z==u6j;~Q8J!pEyki}!L492&E~v^m2%?I*ykKp51+pHIorzfQ^V;R^z&K#VNMc*XgLkX!rH@{+@6CrYVEPi#Kq@%(6|zgMj-&~&$Uqc z0=VRS%e>9H<32BvM-kxlv_#@o*dJYoEwc)4Z+?;{U_;GfT9UPI*6NhO;as&c4j`sO z_dQ+R{F^9Gbf_v2qKs52FQp5LZhor3hQ27cJw7srhGpPvOe)TP(dPMOGK6>l=1UF~ zhSteO@CW(o(o6#jqS$b^%8~(Q5-@IpSY0eI9&KB@q1zBM)aNSG!K_X<><~0 zl3t9WC#}V?J4Zg-C~qFy_2~Qww0P3`F4((hH#~N&f@|DnPsQ0iy@@+-s@=%7E>J_(olrNM)p?amP_2fHg3#Y|n@!Ofn1k$8S zzA-A+tdQipLK`2MO4-z?SEj*=dJiTc@|WM#BKNcQ#bY<1e^fuTTW|ZFb*HR-)-P}6 z>r6;b@;AG8R4=qEJ?*7_VjG>M7Tvv0Kxh@-IIwNB*ddYjDWI)@n1;8T*Knrd z0Vy&JO_b0xx3#9`D6ipKLegT1!ejh*u!-!_g!t@rQrD$1$RPg2@{ z7bzRUOHiAysjgmY@j}7$p2x51jwbZ{y16-EKL@ld&|~cFyoh=GI7c&*TdB9VXlj@e zCp@55Xz254yEz=Zj4m#=Kg+3-pLq!&iMF7??`g8=V@MBS94*d!y#R=Pot@UVFyRUk z(TS(&f2P#`n)g^G8o@IB-@R=I|9fk98UJS?j~$#N_a@l}`&ARB#ngOw$hAYi@{8Cq ztZQmD z_Qm|xWlStWgklGYU4wKl?oLgWqDV3HD_qjC`e)H7%2V=xkTvV7%0vN-M`peQ3_NeBhaK|5u8R3f3Sc_8;5(oBMYB_wBtU{{KQAeNU%*R0bzF zi+}sDAYlRXgPt;&P@((e*JpB`=u3Zj8hp6Zpf$LaBqQrb;$8Jp!)FzDfUeVx2M=kGqUqn?a0Gtt6)r+&Hli=J!vq#<^ zYmLakKhvjyemh-|QzdgUvuo_Kya@PZXO&mwWx096+_-s;&c(ifl^H!3uUh4~8Lj$= z0xWaF^*P+VI>TX4G`vy6DoQ$1c8{4y7wRy<$t-;4)QUiiloJK!QN!dXk?Ds{$H0_sXkQAqN#z zBU4o^RzUj{70T1tMfywBV0Q}2RH-Tws^j7mm8+6fELcI;6cj5HRV*|YS*Da$NHk0?8F69m2wNV%99_SXr~4vHGMA+wsoX_D4lk~ zlht)0e{a~|wAxiFl+rh}YDFgL;vjsdG>YvYKTbZT15gKBrl~*Y=4I!?m4Y2*or1Nv zOZWE&&Swa4Bs5j<7*WrmweoOvqB{z)ryt)$Ln=v~q{&63pE=+P{)cF69z#ZW{%BuE zVSjx6oB7Et8|*>jaUAxaMg8#hG@^8X+2pR40IbE6$=LG^E;r)ZlzkSG?9klO7*Ice zOQScBHbv!-ij>Y~vEIh^s8Mw}zBZl;o!nK`MZ$tyQxplCa!)lfb=Bf^D|uCgVLR`s z#>iE*D$N#M)ubD!dn(fN&SlWD$pr+`#eNTnVL8f`>Da6(?+9m_5`Pd&g=y{odKcAU zAj9 zRevVjr2i$k201)A#-xC9LKn3F6Um6g*11R~V+8;!kV_IK{)y8@^EO! zODYET2msX_H0mPbv@iO}1!b7vPRD$!UmqPldvVkn^j3Iv5|RjMko2aEo|Hu`L}GtD zJ3EoSA*3ym@~^COz-kt9wHn7m@On%UNaRt?jjvU6uWMyD^iamU23!548}@aDoE{aK zCT{BuzQvZ}(Dg_ZGn|@?(3)cw&JP?E(`1}nOfJE@HNvBtXfu`3qtTd-P1vIqtMYny z4bL3vFEB1oHW{c2ObE_+O!ufusEED~d5GGS&A2#|ut0P&qSq;Y2O2`XkZwPQtwoGZ ztMR)Q+UNL8EB|MsfKNDtswq4RlZT(MYduJ*CFXZv)fAW2R=A;DT{>`XG(9Z~e zOdX6k8^MyQc|HQ44%8V3WYzKbCI?R>R6y%#IAY*#F(nB$Zl0+1LoCya(arT8*A&`W zG@vh^0&k}LzWEPuJ>P9@2AfSEB{W~4yxtGUn>BWZTzhMnj9Y2w_Cuu&(0hw?;_^$w zO@N|IS47&vHNg3z^a08TJa5(}S%fb|P6k(mTBn+Q{yWnP%}f73ga0RG_M0~Urw4!~ z|6j!O0Q&!>;{V|{9lmqu92c1(0s(5*#?1S@mq~t#Z$P={WCib`xo}vA0K*8!Aq4&l zhcEo&11PwDZ#?>QKC|J!RJ#Kx^Z(zr{r|T1_jZ=}&kK2U{%wP|EEV{_KR-Ro$qER} z1v6nl-=gOz9*01B@UtiOKCOJm->zjD?rXLK;h(H%xO{rgi0+hi0Q+?K9>6Us?ADPl^Bk=Fax6?f<{KvpoMT z}UHD|qShwb_>DI2)n@}vAo_(ZfuAH+H zqxpDFO^xONIwLvCGql=_P)?#VR-EfS>e3;;(v{#NDc7fTMhca)Y1ue&_e4LToWbC5-x+k@a$w&?h;)wK4o>fPw}+7vhHv^A98F@;&??S$|Hs4C%^3e-YsZcM(Ai$< z{}%E1FAKQyU7jY;z9H@T z_BV~Ak0TKg8(5I=;lb(BYVdS{2y&Ir&jXc^8z(C!uEXs}v*SC6l``y-y>0w69-K}t zFXNA-88jV{jgk74?OUO&1NiMN`E^2t$IBR^b&p2ah*sn0h?S1%$500}C?gk9H-ym7 zSu!wOov`VMd&#_nP~9kEN5&ahzqrM2dG_)Y(t@W77$9u48poGZRK@Lr6~Ym4c%U^N ziFqu;jAP(rjN=Bxb84&fvf5h$cXtpUW#@`Cxd|%uK3H&zAFJ3B!}`2rfHgX0r?67Y z4OY@>ysb^(h_boyC29US3;vuntExVb4hCi*n39 zMh?$xF1=WBfae-HWi Io&fkO0IaG-SpWb4 diff --git a/released/assets/rancher-monitoring/rancher-monitoring-9.4.202.tgz b/released/assets/rancher-monitoring/rancher-monitoring-9.4.202.tgz deleted file mode 100644 index 341338acc932100a80d7322d953acb58f06ef83a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 221279 zcmV(vK}Vv% znLR$)B1l3KB9dSOpkyWXeET)d-+8qCB(tt{0YHkn*h#vjFJCMHg{oCmt5&W1%HwhW zEXl)BHcrbdPsgXNKiv1v`uh6Qt*wCm-QK2u*E^g1ulxk5dvkN<{%>{GpVIzsJ>7b`{6`}r5&|3NZI#)D+s zPm^M2DG0(~9FLNn;C$LkLYQ-zgrlU)(|!RjgWw{`i!>YW1fA$v)ZV0Lc{0fgM4qdi z;H)es#ZIf$KZ|p~p0i{)ii)!qbkrLrEo$D+#)Gt^PH>PT9OD%a5hY`6H*nyXJRdkw`XVYGkW-Wv=WQeN};+QXG z$Oh<6^Y|nl$38Gy(RMU@W#p5^hS$bAa`VCf(oSki(utl%?N6{G^>Le^Q?fFd7H9Cq zd+H?~rf~u9&Xc`tT;|zunB=cudZ$&`*Q2K0JV}QMfF4EoUv+?1Gqg=(-2&btcsZC3 zKPjAMj9b8W0FSOdA#BwDE#P`t_6MI3EbRWKP@QiSM@fG1>9*1gaAU}T8tx88pY3eS z8t;~HfATX@9p{#Ce$unzj&V!)KINHlhPcIP?tD(NT_5Z=5PuHB-MI_p?tE&}-MKC8 z?tEh6-Epz-*JgwNWq%svzrDZhzW(Orx8HpejqYb(=F5Mb&8O|niu||U-r9VS|31gh zO0ahpk57|fcDl4X9D=|@qFT_Wr$ulA?0x|3elVRBWuC;N;J^p~!FQ7+j{$1}I^@A+ z3LW&4ARY{oK~QG!U0M)%h?bUCR)Tj2asM1BdGMAAO0d5EBT%Cb?02~SG;BYIMk~QC ze!Ud(zwnJ6ZkOeaA0Hc8iUk&sU`S#STGIkJlh!CMpsh-tb*W`Fh>IW&jQo4W053FA zXc-TO*<~;-U?%t{ilqgt8ekKwmq^TZ@dn9BJRO#9m+2Tl8~5?uWSCvSRC`yvU^E6S zz+p1VE|Q?@z@7;lt^P2H$J0sJ&j+ld=?3w5Fr%$)V*qNJo0&LIG93pe@dZ53PJ*9c zUNBjp4)pcj;fr99=1Ctf0GvKe1~y+_7LnP%Vmd+TIXHoix=qqpca5H#J5>IrTMK@t zSqZD(4G!Q|!8d`b0SfBa60hL=87yEnnq*^CUja(Ol8%GJzrPIn!zp4!(Fj@`bPeC$ zFbqsAE_Ij!S^S`&w(eMuyU1QOPLLEG&J1Z*_>iZ$s&Hb*bK&gHV%l{SmqB)(dCTc= zfwx~$>Es%48yPv-;!btXJJn6^+zmwR!G-T79a8U>hBEMK;a*aMfhf zvPcI!MKePN4<20waqbYybo}QaJ%MwJBsdr+$$;qaSqu~tu%J5amOJbE(6Vj?%sG#T zc62z@#k7BhR|P_4KOm?OplQKZo%Xq3zyy(Y#%7;|IMU2l*LW_)SvH0Jg4;G=4w!d4 zo6zzAp@o^lo?KEZQOM($BOHsj_S$Lg9R?Fzn}((2euwFK;=mrkjWbLx;&I8?1j~}Z zsDRlS+zkW5CYYFu!iO(+U%Yw=e4-`zUDa9QUiRZW8pOp}FN^UKDv~(wpPAFurK97V zsxBkGT{=EKZ~=Auaaj(N(00~EM0F7bPVz-c1c=ubFs_VoBj8@zBkX$>PYOL+Nid9i z$<+x)KIFcP@nOy(9rr2Mk=FI&^pr?a4)fta7{zWOf5BT?Jlgl#Y=)JI@l3 z;gm)@k1x{XvTMNY?lIXt%!WzPwG0z=NGCNe3Lt4gjt%f{!%C%N_%803yeLhK3Q#Rt zU}U)BG47H`k+?}fluIN--RLbN*6A?o#ltA?#r+5eA&??o|8DSDAl?bOK%$fGY833_ z;VrKwX&*?z;a9tR*ynVz7F=c1V3eMo0cdzg7-(c2oXLKbf{Z&pr78E|cU*30WTqJh zN7LRRmJ?fYy{8dX)&P6n2p_H@0uK)e$yVr&ZoSyBh4gRAi88}ad}XGiZENG#U{Cvh^w73hj~@L1jy zQ3-Eo?cGs%RSvl=Q~K=W1fMGk!(wImfS;Tt!-)|GnA^XMfxE{J3*xDB)X3xjQido3 zJTfvUIr2jeC+f1H2H<%DRGt7x$=LA0`VAs2YpmcvB=2K*Oe`m0(lG9y3#dl>0bSZp zQG`zt*UH33$S!Q~n0#&{jmg5_peEpxWIfpW0$sw)}O5d2^D##iw{vQ z>XNX-lSD0Nm!!ue9`M90%6ALq4!a;xUY@0J&8cK@d6vkr()E|7j02E`2rzNZex9Yy?cASamd~+P{-nm)$QCr+E^HW zcbIdT^yXnrMJ;s~#BsV>7C#PoHnk=>ewp9b9lZh>POJ6HFM%@9?%2V{kD;S@uC$_^ za+*fPMISh7fTS1WjSLKx9%NRE(LIfamh_+_nfjVHcL9{Z8=(n@jyl}`BZ~{O7tI5S zS8gU2{_C#ao^rB4s{lA(bt!zjQHjc(tuOKPBw~~x;bWG16~=kvJa>o;Hb2Rbd>}=s zD(gvs%bT)*X0Rd!0mV+oQ&&T544ZIUjBjT~v1+0n@(Bq6si0{%7#H0gl~@?3^nE-@ zLpG3L3t0p6mcHm46H}-ft{I)-vtd%=YX^hmsl_C~AfzZS(t@R9f0^w97LLg$cw7;w z0k1@LKUg)h^~AO7CSexbb9>eg60(lXZBiH$+x&LKel)bPcZE(;nZd4IgrgE}iR6@T ztL|Z<3Iddf*^K0^7~x?r!G$c!DM(mw9q8>yCY^(~#Fmt0OqzG-Mh2ZpuKrSZi2q?? z)TAGBnEhWB0bi%X?~A1PTQVH+&J&PEj5LNkkTsEW1ECzA1FHmLd6u2Cr5Mc#hhj%S zLmSx@S=0 zU^sPo5thq`Zh+P{(nkzYSFNljbH*q?2dB^~;|plO{5l*GbW2g>?uuQ{0tbyi9zR8O zrrLv?&tw_8q?AXcm}|AOeXx3v975oGG$5b>Sce{KFKcRO?8eR>MB+&D-S~Uc^3SmF zmpG+0UM#dqDIIih+Bw~XxM)g1wF&l)`{Y}E87Kpe@Cz~pXBC~xwP^`w;y%d3{b`<- zSLkh!yf3?=LCb(b8i~-ecqn#ue_76_vy^hKnzM`PlVzWKCixlTcTwl{HE~ zEY}S(m@b-^Re%CKMh^)TMHE1XA1C^CaCA^a!S|%G!>cSFUdC5AScW1pTByia$dtwX zmTk(8vKH5#n7*R}aTFR}`Fh|)c_20Lcspw}(6d<#BTzC8FKNYaK~SRx=m%Q_lgCJhy5(eu+@qyEvEKdSaX{ElkO%*<`|4XW%b5u3C{cVz z2vp9g=AX5tmuDGDqrg9#uY@MOO%q`0NZZZKBOmE_oQ3T zwZX7HXSj{5;gNd{9e#EX_5=3VS_^v9l1L(YT5zHE`@Q3Mix#}a`!=qwD$B@=`h>KlUh>ca zPI5fVPSvymjgTTM6WYXqqu1@1BUB|eeqPsnH8umD3W(5E$di9%dT(rO#EP9@mJX)z zy9{;@HgWpC@vYooMR=derxOk&*+YRDJuB6B51^rof-ZB$vbBcGkTuu`E~=oU zNN%LPbgUxTAnQ+2YGndVPM5CR6lKhUdnS}`1&a9 z+v;y@ZbuW?&-3I8*oy&BmoQM!;8zE(FsMQrx(G1>E>Ac;?1QoFq8O$bkdrvMFwc5v zF^cp4IXp<;XcN= zhX3E(TJKc(|Ba{Z2mb$a{Hz$U(sH20=j@6eZ)wSx_An^S*wa`DH8ErFD%S1QoTR7D5=IhrO{V0A2$k@h1;go}x%dd{&aeAWu9H(r;5DQTh?2FezVZBt< zN(c?pyn*orrki|c)XJ2OXENsE3$IRrl+ZDt&txJ&=*h(HVwPE2 z)U{QK(86cF@*Thx2D{KX$(DpzCxJO@VILKCKm(hO%36c-Z&lW$Pz}*9vQpow{H*NQ zBrbaTLYnbB`g2W8v{D|Jt8vxl6K!?e#ub_luB%ISZvg|T9Bf%QR@d5j6TqHB&mBX# zy}nif%6D~-=i3ZX?}a+A=C)|;T1ki7`yjapiCj!L0KS-&CS#S4b&)7NR+4%V=P9bo z8&O})T7&e2T%5}$r9*i&Nq7f7T|_<8B>A(BOpQVEYu5GMJYl~W=mT#iMXHLo;6kLz z1lf!I#90?>J(zKsAYg>`_#tVNm?^HrG5pTO;0FGmvi7kD&;5*X4gbHsUFZKdAN2p9 z=Vv82h)X?p?iUIwUt$C0fzaidgO0qzu2Dp~(RK$JYO+QDXYiMz-p_f9{;v=+(n5U#zdJ+|v6Zn5G zK8OF8Bl!LQg{E(X{_ekc2?I{VKoJ4Q6}Pw@Jc4!((OmlOhu1F;kCx7$`_@uFZ7o&B z82Ik==Uj+i-ONh++^v&56$e_a35_miL&luBf{DZKi)i9;*R4DO`3ni)G4%!G-K%M6 z5yQ|zJdQOP-MiWYIHRK^X~ckA@4a$SD9sI$GEM=-;$Ai_9fo$TwzaGX0CJRu*GBE|T2;L{!aXh-e!FBm1hf+a)V6%9GW zly;(a=ZoO+zPd-!!@uC;O*lYBg3gcV)_p>W6JC(7Pn>7d@!-eDE7&+Z!975%WMMBv z9oOnA0rgE%28YQc3-*C8URvsQyKqK|Y?v&OR~}{oB$t&YmDFu=4g0;aq;XwNY5NU_ zh9Z=JCy2Q3%sY#&`Z>`6x~}nm$JhuC6Rr{hNs-L%0he78s>nVN-h!;~%5N{Po9$<%&_o}Cr)XdYmM_xCE}4$j?KPXXiF zC6#sytm+FV3Hj2}SB{UVqj}b&XqA?0CVN{c@-pk!W=iq*qziDyn5B%ktKxR1k^{$9 zz4GaO>7JLC-el_I8@L(ag8}Dsa#I+s1xQrhjbMLL43!r54_Mq4eHQ97MIaA(V^8%;SI3ib0k#p#nnFnZxK!f4TO{V#2_0aK2qRS|!Y<)$bY4B!fYKkK3 zr=&eJF8_?*oI7DiACzZiS^cFmU|+j(rsZ`DM-~nBKKD`(lJ_P1KH}6o=Wk+nj1w*N zJf+Zb>xI7KEx$U5%3}6&_sRgtveETu{#V45E&ieCx;2I04MxlcH~+|0a^K)Hj1S3Z zW;4GcghON}hj@yHor&z|>uoL%jj*|wTf^<~dQ{|g*Pmc_R+Nh&Ey#QOkdFeV_rSae zqxdJ(iLyh=($cOxV62tL8jJXt;w3KHQ7766!oLO=ooGE;N7dkfT#7{zUsC)tx;bOi zE}mEb49Q^+j>b9Z-nlwa)eAmmmz{DcJT#f1f8; zRd;^JUf7t{4*+tc6COLIAy204S}wLi4vxP_f(AxC(4cus7b)zL+E*RsInF3sJj(WrQJnZ(2`+>kt@EL4;(@`-Ylig# zreN)0{upxX;#8i5PE4Mga&Z5|#C+k+Pf>43iZLuuGW+!VKzf9FvgU!wrwewU+{)cx zE}tJr#~1N19qbStiVBI&+yU{5o^xyv`u|4X;sR*+<}a^Mn@o?2ol!h_$FV*?@;|>U z$CC+#@-pA0e$&f4%k{-u{pm%#@w@ZIES)l1WeU+S` z21Nv8+>K^_fHHElNJnu@yunJ}_7_5bETx1!>QCM8;T>j3$w=m)AWa1f?`BSyDzUh% zOu|4oPRLa3)D;#5dWYD+vm0?f|AA@AC{Yz$M)_2i)9F$opOn-*DuQ>eFa-jV`zNzQ z&ZQ-@5kk@6mQ~r5H=dIT>q-!sLT9L{1%Pj__x8w2(kA4Uz=mb}5FErgoE+3iegNs* z_}kN8ECGCgRw4cb@^9$>MGY#+H$EVJCcS9P>_#ORPp(-nZH<$kgv?U#8}WyfZbsAb zHs??eK6IDs_KoGPfvl3@;zM8(NL1*V%?kiuF3*a;U2IF>R4NwFzFZZYEI+D!zZO`Bx1HugS|LgeLSgiD25V`L92}An zDHWwjxBBL+k}*URKY9K&aZyZ1d;sahm;gpMEO>sE0ZIO0wdN%6bZ4ee`SO~CLroc4 zzHCZ1081&xn}$FtXGLd?M~Pe(*^&u`UVh-TUKxi+&)yAM$GRsBUBDE5?dG!jAZe+p zU@V^YBrX6Z z{}>noja?)9KWpl6aody^F!KJ%>#RKBSodpzv2~jem_zfIE9u__81;VBvkqS@096?i zp?DLY-WMDfooF+9h67jFB+a~(+cZ67i8QWr14_x+n=)gB;pjK>`$J#9hO20%=O3`Q zYGbXw3cAJ>qbn6J>i*7`n!ZG4CK5#7rlm5;7^IBGm3pq-BcC^~&Zfii#I}})Yf`9{ z^Jq?omYpLCQNK7QP=wP+-mbaMU zMj;8k%%G1Y`yzXJ&)EO9%APQ@TVF3!?s}zkYIC@z^5rMN*lNL?89;qf%v}(MPlCY< zj(xwFJa~E}}4ZL=tnquxkqzfk*94R#7J_Z1D-Iq1; zHE}h-GK}#SF?_tIVs~`rs3i|3ahe+*Mp1BrydJ3<#=+lqeYS?Ozz$ink`Zg>*ecP| zp?sDwO$50bioN1#GYrM0)V^vc@~x@JtL3#tz^IhI?z-98NJaHSmY;{aW>x3=x% z?ZI9!NfKI>UQ%A74v=KOy5HA-|JVP<)uz0!vXezJiOFG1faA>^sK*gy&v(?h$g-ev z0C@rVf>P&5>L|$y)F6Sf4*3MI@{%+vk^;f-4yJ3HSg1M)#4oY+jFNb)1*IJLG#2YJ z=}}5IgJW9m2REg%yix`LbLH7J#hg@DU*@g045`^=SYoaYTAxtSZv}uk zR$$mgadl~FcSvSJ^uHcnt(lZadSuB03G*(zau1fEm`oE`lY*4uKk!1CQ~RZJ1jWuw z{$ozC5PB5wnu=!6F%PNB+Gg;Dha&MsmJU=#g997|f72XvlCTN!nbSo|=EVSA_EPx# zZ|vm7n(-?;tSS;sD4-DnH2vRBV5~2_DH1O-&nh)G$=7s`w>bRM)c$Jrnt<+bMJQ$x z=-4H^IvbvmLMlbh~IE>2LRVs|RmA~YS#UQ9)z7t~k+4w|qEA=Sn>D?s5Y#u2c zlJ@};X-_dA0K-#R zMY4DY6&2hGnm5@M#$s%mlc1jBREe58#R+znmfDf>2#k1`Gsw~VdPGx0%o)^bbm=(uokcM3*6#pl*DdDv0vEtH zY& zXcTMLNURv1gqUd*&E)n=&dQGUOV}bsg}9uWD9WyzxlkBBM^0pT&fWvNfQ2)NnEOu1T)73ah1kyd5*9DR)V8_|<89VKg6zzPSa z3Ouf)iGDI@X}Us-DoWtYjmr@Vk}v1*Gf!JO<;eE)%kQDUnTumg-dfPjjrMLK=ZI9FFx`8bpBw0q2nx=M-Z$EiaSw)TvtR z$ZQ8A#6vZmOJHq%4mVx2MCn{4!)$_IJJ&oj4~V?=#3vFO!Kb#NC}PD2R=NTxs73 zju@>KsS>WvF0}?wR#q{Yh2M9mWGbZwOX(J2@Z;ESn9-&;%zA2zB(>7O?56AQMg%y7 zbqGcO>Xej^OE-m9zEzs3uR?;A} z;0WIVt5t|zKE5(!%QzJY2U3A=jV?H?tEx6M3DAHWC^oKX`5?sl5LcueFqz(h-7!be zV@`g+&_R|;9o97?0^rRFoume3)f29|RtDGC0%bZY*O@yZWbzhUZ3TqX8rUP3@i|HH z!ayYh+09_unbpaYacs6PnSbc!7clbdVy{vZr4a~P*x5SVCP8LqaJw4rK*C`G0bqFc+H&|^RU@9XXULG znw;WvyF|er*0uAlqG>`a;dx$Td%#@0LN3$d%(|R9b~9l6v5eQ0<+3vEpKHFp(g{C% zhZ}S!!b+BhqP6wBBUuP%_UL*9lVM}~>GsyDs(FAn4u{D91bTPlocDO=sm+Qh&+SI0 zzcH&q;T_asW4@Drgsciy1_||UStHd|NG9=6Y~nkb_05SCM%oQxI@ZrE{GeAJUYy}cc>q-~4NC9Eas;SrwXJBzz^a(823_$vj>fcCCMP?)A z0#SCgWzjjbY`@SY7twZqNqe$`=|M zdhm8n?$c?@xl{7cz ze(P3j-PWS4o}mmgM@Ny7qf&C?JRJ{qoGsuTSb~vaT;&~8s$g=_51T-6AFeN9h#!@f zArFjK=oNu~hQVPH4}QqgGWl*yg=Au!^9z_V*UIe2lsFDQ*Z~SUW>YRM$?F@8uHSrr zxW5y$ifPaIxE8IGt#)T?@T?PdwmY40v%j?-J{xql!i|%sy?7&e9``qUEnUBF@@zUO zS_N&MGn&2!ff*WTNtL{4y-G1FXLeFXdq9P!Wr7u7&fz**819qe&D8{Ey1dM`Gujt+ zRUFV0R6b(Tyq$m;Kq|BXM-DgyUP25mgvL8T`Iwj!CTB>C_7ROsj{WF+bVr=lY@lO zv(sXsS>@}zEF|i?mde_!yd_XvDL-|v& zG3q^NNGwxyDPBlvDmD5=E-0bnUOiQZj*Gt}dT|Bj)Fa~synJq4j4a*7Zrq!ioNPt< zk~c@5`C}KRr6o@FBu<&0xu}$Q znz}R3Vh@wb-tM3|| zJ|APKWm7wEH@%)|RT}2P?-@X|GxN#1vw}*dYmbDiIvYT%{c9)8{3rWqs{i=i>o7Z#*{Pgl<|#sR_|@(nui}h0cugO^pad`61h$Xd z`6sbd;2u&^gWxg8?c!hE)d%wanSUDSzbTh~UnSsfT>q`JzR~GC)PMUNKMniOfyDP% z0DA8I-|1|(x3+8d|3>HG{{I|5D<;re;>S(=ZS_7iFC!%Ss^F&!#t<14i5EzARLw~xA$iq=AlMGLf?E}%UZids^uJVpijs|Z zP3=%ljwMf3B~lXGmn4RUh2*|Ia@DWqG+1V7e3d zlhQM&B1)M%Qe}8T-`(mJB768;6hWCrt2~_;NCaoIq-I06|o{(AJA%o zEWOnsO@OI*JtJTo8x2#=US@Zr4MGyD0f2}5HtWa3v#cl$ss$8ls4fDkDWts7(0fuz zi6?_nkfKut9rg#>=C%|(YW5NeHiK5LvzPCaJ_rEI(z{bg{Uy0BFV{cOQ1&_BEV;QF z7F)=6!$O*1_u1>$`KMh!QV1=ycBIg$uAS;!W~|%BymkAvri@7fuAgyd<7v}`F-O4c z`7*6yk|97;NjnjtBrjj209OmTb3%7pMKN@mpwitLHhdCINdHbMz2vI)I)sN#lYYGC zchZl|+neAlcK++*D$rxh%JG>DBKhL{$1U%dKkt2`r>%3`$q>8HFD zuRX)?ow!Qua`u_MJQ=W8e&IDt#|3Oxo*bR0lebBpo?PAX?%)+Q7TsS3N2+;d7Tc*N zLVDL*_hEzPZP35kweIBqS>$Se*2D)ca<$(B3;0{W5~StlN#`>PKAqpYgrDEy68>t0^4F4nI==@RdA-PS?S_Lav~vw6HX_GArtuIdWMejh zx?b_X&q8?cwx-@SQ>dMsbBmr62rC!G~nsjG(EH0PK` z%IoR?VRj7(&1n|brY`^FKziCsfOKY>^vbGZ)^N4|q9g7ULk!d`8>Ax&TVqqHao3@p zc@yWSNhy9bcHnl@-j23aIGNFCxe5j6qsIV_UV-r^rOo?>USc_oSuc-D6RX1(;tP8n@4;w@2zj+4PPMRppgsD=N>OM2s$B=j4MGQt$lfI^H%s{LWBcD?_9s zqoWT3PR7{7Yydzp)N_Mtz&c1wm`KgOSBpl4e|3`NIVMZ@Y5G1Ldwi|*7>x!i0!hMg z*prD9r9fy8=MOHDCGt`;nc52`A#k*#C(AM!Io?eZ7~1npO?OSeZF74Ykjo#rWJy9Q zO(|lu37G`tZnBJe2#pDhgTrr=CRURE>;&(A1R4VuF+1Unt|$ULL~|ZKhjUJD?>qd5 z+whp)=yO9s%-^9vO>OyC`!YbM)0{Yt;EB@!f#ot4M5E{e5ierGa;;F2oMM*lE0Ms& zT~oMw{RslJ+mBSpA)hkQ%__?9bS zw767;vP5<2{>jRN$cUAjK!CV&?GNc{MtKo;4JO6pWli}54|gjE!@zbV#p^Huj&pi! zgF{#N_1Q)W-v{ZlpG?reOPdb=3_?;M!95hpvlSo#aX!lOd+rtUQ#a9 zV~!DIqr`TpG@bJIbGR91OxBpeLTceKog`m=@_55DPidpj#9eSF`88Wn#u&h35-x?f z6(*96;!H#8F4SbLxe%(>lI#k-K5%W@K!9;Ul&~&K2iO;bzC6SE!R6Cx8lQ%o6?$*9 z+z(rHJ-8g7tmg|ZE8`6!bMQ5_a>-57S_py-yT}4@xagZ4Z(cEo;6MZMobn78?X}>d zql0?B^&J^isBR$1<7ruT-Q3q4Sr^^M?%L-P_87{jW^W7c4ruUIAij!snT6ci)z9?b zartU@R z*24>sVwu=TisMO1_A$w9gM$}eRZ6%>(l3%p2RzJN_RsxQ;=(t#Hl9Dz-2mWU7~sDm z;CV}GN|OM+Zg({XAD9w;7Qg>~9NVYM%KCW-<}U*K!%#}A`j*T)l3q70zX&@sW7Hr0 zH1~Iz^vWz7I(-6rR#Is_V1+{rUCDBTs?gU<$;fduM3n~P9KYewcXUYXC)u$85Z`y) z16JwXqo1Yk(-u%Z)SlWj{$tf_zjUpdlO> zPFIJA=8=I>niU34rKfX0gENb7kENuNGszG$F%FKA$s1lcjEQbSP$utTl8=7*#YUPf zQ)iLzoDsHI4x-@W$4BmmK*)~CUF$ClnIuUI;aQ034F0N(jfb2wCvrCM=r@DjdJ>h; zdMR)=4_4i9(!7*3mt(v=VM}Eboc*1(xy?H}b6XqtwB0!~ugs2O#G|qV1cjp*q<}pA zlhzGq&3pO-z8hqx=51r29!@w2VOw}ByvXwMMjWUE`$CieTIQ6O5X1c+6*?%IX{a|& z^=@)Q&gs*nUhuCtox~dVhvAHmob(<&(%^x7KD-K&qK_c~L6HSowe`wWd8f?+!JHEo za%Tv011a+gd)h=|$6{1kq2Nra=~+&Op%zoVmWIuxiT}2-hkJ0$wO;>i; z4j&(j4w5>7`7!C#>!jh1uvMi~k=`VcD0P3+tK!qlgKh-{lp=-2>ywGuv2fc3odXm3 zhd;mk5~2)m2AXb<#NEj85D^pS=6#@VoC1;CR2F z3bDnHPt3dT96=!-fXAtk1%#%7Qf`u@J z6B^CHlUt*X_8K-UgKU7gfV{PMxBKnO!#99jIQxc{4zdwMKqDHyueNI559z+Z06EM8 z<@R$V4|VtJZM!!ZLeoXLBZzVb25{%v&~i@qj!GvgrlS$2^YUiF&jgvSX}#b$BTO51 z>aY4Me%3HfL+b^{893$h+_9XpdJW^v_-es1MYW9#r8lPP+Tj?&n187b>VNiOrwYm>qT|7ufM02b!a{;8Rax+ z68q^{gZ{;{-_YL_291S)$uQnaG}*@hS8|_+aMC7A4hB}iqW^^I_~1)G(RuAbwqF=DTh8Btny@4uREJi?9Cy3AdPi(&7YN}74}xw zwo!-bO^e4?W|;rlk#z}ZS(Us{!!7_@3-p1t$6La7Exqir(3@&MN? zq+8DS^UlbLcxyH#dX`VW z)T1N>%r=~I1 z_II62f=y%J(t-i4l|)oOVLI{1fj-|qutWh<1b-C|F+rW~XZ10sMLeWrGM1QFn=dYu zw-J;ob5C((f$Pxb>D4~XQNm=0$;otxELzj8SV7@i+-!@XuY05yK;_%wat(>^h{X@*7`|BPXJ_boM<7sxp z^%2y7M&==^;*peV)dQ_^L*ajebLX6s4)oR{Cr1t|!s+0SPZogiM-C>Stm0VAK#ZiG zOEYJ~Ewrj_ii^maac4~K=a9R>N-iF65R+|ahcY=EQ7%tT6S!m^A?-PSJczLx2u%Hh z^=tny$p#4S4>SEDZ;ncf(I)X)0e@iBgPeEg#dDSy246!RIAtBs6V5sxiJ z#WJeL2s?rFqlK6$6Yj~MtBdlVkE186e=<+`?23;#c7;7T-%u>Wi2RZN)Hcs`)#bhM zr=gmXT4b20WJQEps#~k>wL(ffNzqZ)tBI?_E(JAk?13pk`onmEtcL~CsieB5pp1f7 znmzs+pW>EH4C8`m^512-*gIQAdK$)g|12$Gv}v9o;GvWJ8z-UTD~zw?Z}lEVdDT?` zl5-ClYvWTbk606vsoJ_v{s-Excd_h~)D28Q#Z$NN=RnS*Duw`qGJ*MO=Jkn*!4QtN<{;*)Jj|A7?8&DiNh{7BYqG^smBB&q z*eRspnmJ8HD^jb8oM7OvVw1aaH7$a#^iXj`G9?X#IWrH(O*JOt2A2XxWm{V|W^hL6 zUgo%Z>!{wh2Z$%6e$jE`yz*(?+d+IKTONWHj;EpyWj%`hIl9m9dzuaNGyD!#WUxao zFjHH7!k=v4^wKb2kuuZ52$Q6jb4$@`lUq*SxOmhwunGy;rhN^VWO|M?lNa4zk38+^ zBPr{u@GrDF-omI`*pa6erR-s7P5m}I#YCW^ScIeC`vNtWrzfK_cq|OcDw^7VD$t|N zH3TV%n*SjLur;9q#z!=-B~|-v?f)Hi_)F-#fQ;{v(@172wLtp$kbRwZ-1ufCE*?2SjjQiM;(ptvR61VFg!J%XvhTB5gDk<9c|?%<7FKGtke zST-hbK6g_3pGp{?ZR4ik58f?%3HX@%o5}ar8$vr~c8={rjp43_kPcNrp5HTdQaU(8V9)aQ^n@%|UPmhYQQc^Wjs7 z0ck)kSwncaaDnS5LuQM>r1{U2OV~;nYB+o#$ZO!m3z{VpDaeG6#liGHuKQT0PxbVqZL*q>>&H&$}5gIt1?1iz@4>cJnwiH8U;imQI4HCl%MFPmx9^Q7n-S_pVd|Juim8Co1ghwI1yT>EfkSMgW!N^855JSS6NB@`(9D#NW?TMEYRT3~CaCy-ULtUQ2A07B3`s0&} zb_7>O1vZb{yJIY%3BT=g-`-}-bM7FA?j3^DeY}Xz2R}XWx-jxF*@Y-$4@sa6dIn+q zj0FkA;%w53`{!$hdZ(qW7S5HZPEi+8DkBu^ADHcVot2u&8gCJheATVM8}zGpd(smNsM_TeB}rJVotfDUb;N zjqS!YjcZj!B!hS=qJuom2-W*2xCKmHtr8b`Gw;5T=8l->Tzl3J^B`%SG;z@=6gVE6 zuFjkktBIZzi8;YKlIiIg?3R_oOr8h_xY!@wpJ$en!-RX&(#TSoFt6P0xw=fhAc~Z4UkJ zs5&|~Ts3A-I%ecMh7ON0bJkAqHcc)?fq-bQjfJB-22Ld%A0v>S$r@TlG0@$sQ8q1V z{wWTvnmJI^i;J{B$F;?l-!Ta=f>+r9vpd+lR1`pNGvzDd*c?&7h+mGCvnRJFEpI#l zjMT~UXUAtC6C9gwkI`ER1k`dgX<1;5m!EtT;ztqcE)hkn74oP=HN~m$Lu?v8OxOnO z2h!JoE+XAfdG*4)d07pxj|Zc4jA4hDlu(5XGbaE4QpM5PwMOeQsNbJKQ1*-RbRP}= z(JS@rHI*Jcs?nUUqr#*KtPzpPodBaB-_K}T4vR4Ek8GB8bKjZdTBuSQI6iR=V9oI7 zCIVpYvsa7wc2^YQHTPpZnT}I8zO+u@hK8c|Hm;_8;kmO3LSEyLecHGWpUf9qhFi=H zTi2oDfi3mIcV-;?Cc-jgv$k|-Pp!Nz5;Vb@L`^%AF(|a1Yv|V;Otxgi8imYPN>v+B z8&&KT%}CP}%<0zFwbOkqeEQ`L0JPm|HX+-K@p3|*4p<0BOL8P06h}$-V?W%fvBm*Zu#a|ss6Yj^!VkK&w7tUsQ zo|82U(ssB+>JP<>`ifFF)iSc64`&gYrC(w!CkxsEA62xUDF;#%!-$-@&=PyaB>daaeRum^b09G zYO*y9i-y$TBoF7O`vcDTLEbcUg?lxW@$uBnM)%7v$QO>wlVJJZ+>$p~LT4Fcwx~j} ziG7k%IwWFi2Aj5%N`Nmf-Qi-|;~IaGL5z-!oHj{#2ZSA@0p%V%FIvlP)4duZ$S&jV z5thY#WS^~@i|Fnivd`9Scb~yScFPQQ18=^GrW0PkMP``xa*z)~my03yn0C~D9(BTa zI7vxQ$lJ}NA0jwf>kFehEdQ|B~$xoeh9PR|e zAUrj{vTq(-BPV~hulwfL7JbP7r>ep7hF3ON_VcGujz7&caIDF*IM&<54;B#{o2ZM( z?h2l@8I52|;H@SWMg(=HX11V$qJ&LNXNmgAvoh;vKo#EX9mrEHwmu!Z-MbfsyNW?& z?fn&Yzq*L?Rv$}=H-0a`Wh1@uX6Ty`~p_Y8+ zr(CIl2s>V0QS}_*rK*VNPSjqb^H$EQ?QI&SfKQIWNi?E0Y{Z`tB|P2Sc;-A~R@`a6 zYM5g<)-b4} zkSnv#ZY6^r3wF$Is8c@1>(FgpIj9as3IY1F?d8wJ6U$UQ3_U)Ur93`fYCus((IdSg z_q?;YNwFutHnIFE>&Y}s@dPEJUhM<2QQEx|)VK8(V$DxC@mEddrOej3&5MQfz-@0g1g5);zf;dS6eyx=^472*nv%4~J z-LE_vL8p5m0@1V`ujbN;8Had{g}23+7$YhiKYka7KOg`2#j4w8KGQPDv&nVP+!zcg zb#PqvC&yFFo^xDgWjy?#&!+?bIe7vc6QTP6T+K1Y4j#vFUa?7gy;!~3bnbH-8TlVJ z@mJc!JINE~mM+Kw$&SD5O2t`H&@+EJDN0~LN8$@co-<_dZaT~^1{gg;lVD;7)rH3& zk9l(&{r+Se=WINziMu9xsXVNTyDIaUpDY@bwHmI9rM(`tH`~!>)alfo zY}B4?T1Yumr*VRj8Hl|f+3#1(cGluWp(7GL+-$A0B~pD$nSHuaQ9H0{`Py=-zfq}o z2Dq*Ste+n8c`hV>IUCV~#|-N5BxDCm4&cUk9}b%LO=2zlGt1MTC58G~(m(f3zev1Z z(mK=_*3wbI#L@xxLQ&^BBbj<#*NA!Mwa3>IE9`_|iTfn=rG3NtREDMRT_vZ}>%WG= z=Em+=k2YH8c8w_n<&!x zvjXeN2t685HLl+R{dqVd4@X3fLE{mTbD^9}^@ylrk#|M_yGL>H59Jn3@#L*ddE#H> z`n)*58ra&$_N%QKUu``cwui&^+dXW~NtmyK{HNG1nd!o6g5T<{%^;Cf6kcfHjOy~f z0EZv^hNLxw*?0*0vKzj-M{%vQ@$`9(H8Kyc5!Ps#8Di__%c6t$%bI*JI3djx)4QUS zg&O!JDTX+8mJ;uHELHPt2|pWt>BkR{|EQPLVNE?c3!9&JKrn>;VG5v!D3j=_;2^cz zW`)oh1T2(Nj9b7;FwYS~zjEZ8A%_2<*;iloW6aYfUep<^rjr5=!qJNt8l?P_29vFjvO~zmz8*Woo=xt*w z)n9kz_}~AAE+6l@G4r`+6=Az}>DZ@>s0i)C{|2bgEXAPR-QSQt@DnHmA2fmwg!U5? zT8`xqB72}QE!PuRlZWiLKwO(?;bxryw@niRsrA}0X84dbJM+v24+_WMIadCDuDg|{dLGO-;;M#%z$S)PG1-5OnA)8E1wiS= zlC6Y8y9}~VY(6O|>qV`qXJT$-jg5)nzw41U)ySGzU$i&yizS;~gi;A&AZ?E7BD$;% zLQ32ywV}g}zr2*T^@GhU0a{8*lL634ubhtEfN#obspCelNQ_3x1=u(W{q47M?fxyh z42BudzbV{{LsWcmPqG6+nPTu`HZ2zf1HZ*@;EP5excfKU;@2Qyck&$jPdfe-lZr>F zI3AxA$B!xf<_C@_z{C?D$~+zyhzqO7(H9FJZ_h3Ify~VybF&VeN9<-bnn&`?p*06_ zcfiSoA9;N|;#3-vbf=P;Km%Wm=Ut)YI3&{_ITIrBu%39Q)%+_S6KY9^2gQ;E9PgUw z^e_m+KKc?N%O9O!O$Q45iKOyFNN5|fH1g$twjK|Xix03+{SVOY1IAVl(;lYDI8X9c z^u_AqKYeJeF4pr&5n}!T==CwC-8v~g^wROks5~B}MgK#eD#(9eM22^Rq&MY%FD51Z zQ;sI^_X(_JzZ`xzn*#C-d+=lgG-#T9K>mLiUoo)wKX^644Bg3xe9}Ljq>}`msE!|h zy(&)V6!zf-;boI+$J6KAHStLvUVnXc>X*^hO>ZxAd9g2D;Zjs8iQ-rO5SF#@5nNNp zG+$t*0EuHD(aH`yS>tG9Z=1;=m@Bs3!`#Hq}J&k7=AI(@A)W){*IWoD8Kk*JEi%TTw@zXgL=C zYi2D{9?GQ6F*QVY2Y|o@DYlZ{8P*Xmrjv=L4{?(3&{?+WsW}rD9P)+~KLM=Hx@rqF zgRfKRHXTc@cV28R55eFt$)J#}QG6~gsVVGZeAQ$H13agC1C;klx>r9|n{I=;qitrD zU95Bdfu}53EQx@1`M!ofXKWzrQRMlWO<^CqlDVtMTjT0D6H|jh7uz$|6*jb3yBts& zAfprbZp=>2fX6^mF>(20tj_7xh)l3tO|i;rkZ5@vO7w|5PiVT1g8z`<=4m1EhE9bZ z(h_BtrZxntA7ac3MY>EZPLYx_2?i+qG8{C|d5N;T6VQAHeo6o<`ez|A^|D-KZ3Fnt zhk6`3k1Ca=hu`R(3s}nF=wN}+(E0H%+MyR znMysBH@j+bYNe>POiFsx1Cq^r(34U>}` z&I#nSnXObw7*<1u{S~7mwzpWd$2enmiI#%OA~-vwNs8irA9VmELsWv%a)!q`3+ z9wC%bO`cJCzRQmrrDDy*vOK#0>_Ni?eBX6ouT3U(qf}B2iKH+kkoWKng0rzM=?c7r zy_{YMVS)M9*1)T#y>L2kEwUO)d=BPnlV`1!5lEnEh@4pm@#3uK)xlf5{!2%bA$K=H`JLC3Ba}~2&)G%9Vu3<(4 z;L>w{mrniHPB`U(3 z4ArPrtg930=|hgM2L+-MXeHZPC+dF~{fr)qTWWi5Y^QqrCZCe(WV(KlDBBWBz-s^qaq921am#wbRIK8BgMZPq^G=y~-CuStL z{II`1v6@aj3XxIp-gt!U!`}XjLoUu%)rZ(hWWtTznHS=ixb$QeBVheDGbBl|y zT+~oljPke|@z5{kMph&$Hq&%N+`V260adS6Q>#>iNZnMY2A|ie)ZoKeHELECE3VX_ zB)rr78wxAY)E|l}El^acF@32id$YZ@wZYL;Zraky(|S1_C-o_}T~dWkm0@8ul0^0%HDV;swh_tHB$xUO46fv62g510uY1Z7G2@z90Ka3g=Yp{ zpBz%7{rS`QDIJZ{!4-0~{mQWZJfz;YQ|;SdME+VnP4YU-QlT4(DxN?)2gB=|&UgV1 zrK@XZP~V6ODD(G2#nG}#4g_8^AuM4K_TxO*JNTY2On=1{+&#C3;SIaydvjjzuhem1 zODzedn_FJagzhgbveXGB$0<1F7VhP?UKfQKy(;V-$PKnpiEfLPH#*I*~-Hdu7C&Ee12}N!= z@-;Yl56I_5OJeoeL0aU~3CA){2d7Edc)u)oGXQUh&f!CKk9KZ~L9ex9!zsfU?+!aQ z4=pkkRh9J)0$RdAw4@3p0SXF6`-NU&dE%fiH8CnIUabs1GQJ&l7_9sff!K;wtdf)T{oPQ*xzj!o zV$@N?k+Q1g;A#kBRS(WWSL(uD!$OSBu2L-$BAi%k6R%CGVpiiFd@HM4ps9L^ndK2| zQBo-zdkd~(2Ks)TqG_0Fu!^^UmI1d6k;{yv29dRgUw)}W6=5fgM#0CAAvF1ubntpQ zg1Z17Ml-*ALFf)myc2@*JoTr>lqRU`Mx4bLNze`bVY}KDT&v00sm_>;2j*z;Fs_Y6 z0J5Dck2MDr(;a{8i$wQAl8#3i!=9 zCC4ZV_MCD)Wplem`- z0bc7%@oO76XB!?h-NfJCyg86R+!LvmX&)yE6}zU=OP5iGFAcoqIoLi$(_JuvL#Q@U z9?CfvwpdKV_34INd&y2UcGb&}GJ9NyCIGoP3fCTTPptiWWP>Q>Iw z^qT1p1<9!yifnt3Mq_rOvI_OeR0i|BH8moT> zVTiE~M5dJ#yUAq>|)4+nCBzwDd^p7*ycm>3VSw(3u9er)L9bkvqnM4y=+7^5pxc|5V`PGHEF>;aK7aDy_lO^Uh`tY% z^dfvmkKITLTxQ3M(0R%VeOnqiXvm62?LaE5N~uAW^U|kP=F9y8*6^)Xe!l2f@*`F# z(HA(Lu<`iHB^c;)s+)gClvrJskh0LxP>WW;j*^Ymu5asV2{#K-;(?>mAx0}?Wnu(1 z%abU-M9*KkW7OnR&wJIxMqFm&Ml9Cxy0yApDsqga&*FYXhHgd-JA{5GyQsAB3)fzU829YB_l2{n{+9KMo ziiXb$3SFagYjCOdDT5CC*x9BWQCHQl;9pndif8B%#uj=v9?h*bwOXp2oBH}Kbdk;V z_A?+hdHgvFC+3ZbCBk!H9`afgcs%Ta#5L}WgR<6SW^ipYhERaDtXK6DoV3I5BxX!p z2=BvLi8Ukh30uNYq$#OhdWtcgqA2Dlthf%XdTKiBjLTznZ25Fd3O#}pExSC7qp>Qk zouRnp^MI<m96CSq>=1ie5xcUV?(@&MrOvR|?y7ZF zYkAW&MZW!+{$I$;qKt@qF&rv}pEz8)1#xYMc-T&c@u}R78r0jsxPE#*i9i!k*G!Hc z*6v*!i%HC!U}aN;wUV-{$RUU0bhsv;VMwms<>;E;D}=V*`B9R5(lxT-ntC}fm(PBe z_G*W@*NCkz?&_rw<7yz6^vg%dSmVd*M^*D1bZu@XW>8~}cQ%s0`o8@E?U8<;*=e4YxkeM_S~+id3tf%rhOLXSzeXaLs=kN-?P0 zucfz$Imoxmfnm~yFyN;=LXPPEn>{{uN#-9NlL-*!36d6iph%)f zU(ZB2g;0anULTl`U&Zg!(R36P>CdEDn)l@qv}sEHiy5wj*HGouWuBHv$a!@zV4TfY zN8@-hx$?xO%XqkFKd-6q=V+cVpBOq^AlKvwcfRgcByMk6kuVHunl*O6@T>)@n?oZ= zfzfOYdbz8_-fd)1MqSII!>c4Wil)A32>^~DkTH|(q)y)V2oIi09tE>BKV zs?0);d?5d4oK%lW=~&emzcwcWsM5)Fs1*5qnusS=p3sJ)D$W=F9XG)p*Ck1l>#_9y z-~aW$3&gyb(n1BV*tmU?HA=dUkFcnb%Pa59QOs=Gn<61<4RC2&MS2>>dH)Px?3b`? zcoH#$=7JHsz*DK?o0B1bYoZ8B?B>J+k<&J;!X)M#)%8%!iKAyQCt7-SRPVzIWurXb z4Gg-;0q(qWE(8FuOhXeNifTknO-4MPDNI26OEk6nDh7+~nX7uq28pLDQ8ydDn}Lv@ zl*_Pp@mNs7A4}XwpP&;{l0U&kBL5v}5R{jh(Tr2Ni%j)3X7m7d5`GCzr*RHbOvq(l zU1mMd1f(-StT`aT*H1J&^;Q5ijk)Y6dYaU>Lyf=Vtnz|o9Mx6ZgB>Zx>_YQu%!(36 zzborAjQ1>Sn#ydF0VTNldvfKvEqNdM=3L2eCtmyT(VFYMw5AE=LUA_k0YXQu`^ z9SfrC3UHAPr)YGI)6ts*h&~1i+tXfHhc{jY>BY%Pb;_}CZX>P@_zG=_fOgAx&S=lS z0|LDKqua8wi-yAZn_>x%j*ppLzDXT8n`9-M<&Is8_r%MRT$2m8@}T2U?YeidbFrV` zG*Ulh|FMpVCZ%c|K_x?~O^n*Rnw5z$3jRIoRX-$C9fdI9S12!-QFS({wG?J>N%d2I zMgtdTj3eWX{I&ec)BkIQSL~RdMsT6~Ye*J11GB6W%X^5w0eR6B6PRmC88kC;y9)|* zdQT~*6cw6^g4al1h{a-AlN@k_(7-oW8llPx8Mryg1^r5gMjZjr^>dqp)^{8W_Gz$q z02EFosEahY^ciS!_d$k|xszl}a4O@68G=U>SQjTMyuKL0X_m4u&j2|Cu-%x}hN1Lh z!}v0)qG(!TP_AffsBk88nRf{+!~ij4p^csZyS1P#=MN_ucR=*Pz=!>d27u;G8&BdJgjpv2# zd|e0Y@w@-r`SXuotnNJiUjqk*s;l}h?TUHw$x100kV{xH34ZlzQCDUS6=5 zl#v=h@?$-=T8(qp)rW~S(qMCVS1>e5GNn5iADXG@JW9)MOm0T;8L@Nh$7=pUfz&LR zlh4;0a+nyo+BIRw#G^F!)2-rkoostN^T<| z>TNFA$yM$pyQ*sedCw=OSCRP+86s(q3-E|m;8A7$=FM>iV@kf$Tv#Hnu%{?SaHM5L zz(mh6*CQFOL1V9?07jP^)FBsT3h$8_{EG{vP>jDC%yws9Jwuk4y)Sm!s+gJvF1&H> ziy_r9ujfnelOfen7vW21uf=WI(s&+bd(0cg=S+u<%vmUbH9OKM8YCAH;@i$MkmVgp z-RK7&ki^|jFrsG%=)i?{Bc2{RA#RV>9=W}V!);Z?CRQ>xU7L&9vre_d9nKay-9^O@ zDglpH;M|?_cE(w8B%NDJpbHLLmr9$&Q3dFFsq`Kx5G`w!XK`sk)4G2eVlaaWSfT2Z z5QD|2fVTYB&AZX4}#h^P^1bEZmWwuQNEyh66I*g>1_;f%9?6 zc10=wC56FkMIMb1@a-vLFe}*9GzJ+nD;ax;51Xa~(mirTG5Dhcf0!OVp?26)1U98C z^)r+rSnlI`ic&90Y1=kG@w(8N{qexBK*Kf{d!?h3whQ9Sk!F|Fn)Cbk^{FM79=7wcsbtn%Z9}>zO?mgUqMJ>-Cz-vealf9Q z&qBKsd{|O8Wn9g6MBkf5icJYZY3?my7=)+JADs9AFY7(AK|Gp?|2`B zWlV@77KLD$1O1MLJ|442N`AE*M8U_8&@y7*H^T6N48E0~4g`HHPf%)N;rkRI^^^~6Stjzk^a3^@PcVM2gjpY>;Bz1?O*b~hAvm?t{ z8^qbp>V~-=V_nF83`b-}Hv(%mO3bSnw*dZll)YVjA@m*J$bIWn6XKZ~uM!|k6QE5; zk{<)p{!(O2YLy)F#ZFK`U7-+f_3@FxuK?>|#o+PU{ z4ULV`U6oWMCSq49p=Zuc5UTUwSMn7ag__O99 zWogAJN&!q#GU^REh3!vSkM)AG3?z~Lg})&!;$OqR;2Qtc(Q1N3zztGIa$9r51-Q$m z^hzsE@mpsh?dnmTPacn~)vHVuD_spk)+_j}=#AzqfJCi&r(I=!T2V;>ecy8Pm+?gbCv-&oM&P!65$t z%c(JxHdvB=V`Rkv>m8CO5zWUtnI<=Z&3h)U)6UjVj3upIb)HErwL$G1YLiEHw+$=9 z>oKGJqGgE8Btl7tpjhAxmIq_w)>|1?T;vxUb>ffbCPVf{#k>h_iak!L0IPMLjNP)+ zm5g1~T~Xhj=9~<6IFsPUM8At(O5HAdY7HJVb#9ZOZLAkgx0D}-l7LdZNU~^<=Gk!# zuXHtGoQ~oZlm~oYCjec{=fW0tuCWO|$Xr9#cwolqdN4Tl}I*Jeom1Pp+;36Kh$Bxj*Y|j=suzVs3n; zH{7@6HSOQEZla8Z?^*chjdRT#o}ti{7N*+q9Kp3S{@P4dE0dV`o%*~KxyXErK7%G$ z9~j|KNFX^A;-L0U5#nm{@_C70(c^7W)|RobqwECh*KidRlX2spm7`E>X<#QlZCbx< zAh(rwTeyhwir@R0n*Q+c^BemSMPMlCgL&h`^&U69h%n>gUB_5oU*F!`4DjEl+uQW- zdWZkUpN);qM$q1Py1n&u>*@N_cCg-QKiz2mAy~hU310UzMd2Gj8D!&en#6;6R5Z4O zW+x|e`r)|*=HK7R&mbYQ+_;bFgqQTD=bEdiXbCOf>gtb`xX}GvL>Sc@6=$u2s$F2j z$Au<5>qO6@_U2NPUJ3IUq2(@TZ|A1|o#rN7EfR``5ic-q$S}BLwxf1C>Xot$V;)+iX!~4+O}2id_8iP=b`h5 z&L28|==?rAAEcOEdj~U$b+)#5lIJH$yEEu)ZuJJq_V#A)`N>8C_kMq{5pVXNZzkK% z+sU)|S-ag?2Wq^zz0pp3>+75C_U7}Xv(;HL4mKb^b=EuUVY?HyH{W#HJ6r2Jn;X&7 zXU{h~+Z$V*|7ZDu$-K!=1OKNs#-jE5yEiY7qVj!tw=u5a|JJuQwrl*~_Vxq+_c?yB zhDNl9r#K>o(8rI#S&W9MWX$ovLoA{c?42e3^8kYfkt@VB3RfC~f>JZ`i~VvKgrSvo zJ!>^Flny5Zz4Xr`)0nN+0qc}Oqzy4e6?<5GNe~{2yM@5GytMQ-1q!vOkXspEs=*Xx zKJByj9s22Jmsa@|{0|#U?$_T!-x0?xL4D&3N@PO`uD?q2^h_x!tFnXTK8f#-f} zYxeoa^MdF9X=h`7V{;46f9L7;#vg*M`q;KJ5SJ z_?f%^O{DY|W87^2w_*P`;h%^7{~SMa_g_>acRT&J+5h&_PWxg1KgZA9{cm`An=x*2 z{@b0W5BvW)e&+5!gj@iQ6!qVs1IICRlo4wj`r_aWsGUdI1cSA+E+ z{P=MRD>sJ0pH8wVh)O$O27|O;Ixo;mKwd6etOL<4PqKm}xQlkn6}gt##(L8(tl9jw z9XOdc@7Mt*+`eTezNg(SJK~AMz+`AL;^Q(q zDk(H1T9tNxtN`UT!Dtt!zXaaT`ir6Z)A3sHr{sN#wY&k9q)!i`$H_lT6PlU_iRKXt zmJju}y~7t$sQ{gHvH0Wx$94&oMnxSqTmq1C|gY*>Pu1a0#NToI8yW zIUQ!bco_BLvK%H6e<`KF4&^)Z*#r=*JPDTnt!ORZsslYT?(cB4FdzkEU|*`j!kdk% zF(}dE%d$U+B=LebpDZ^JRoj^t`FZnm{9t!5n)OY`dx2vvBPCpJoD$AxCiEB$kY_`n z;}QwJ$W&&2L|VYG_gLJLxB>;gFZ<+Teix8F|v?Oi5( zK;c&lOxA1Y0@VEC+DXpruj9YDUo`(I>!I$ykpk60#zycoWT#jjQ<)yJ1@z4Trrh}* zQ0|_AGud`;ixu|_563;uf@P&C*#UysdJWOmBLUlr4nlk~kN;PEm>tQiM>%vxMbdu1Mj%+cOpZ%|C{o)l%Uy%EG0 zaXO@AH8Q+i$Jr(-yN;T^*|nJI!eYzsI1P9bd_Y!r+z+DP30M9>Gz;c~-fww^5Q zvDqm$L!3-8lmg3%N-~PcgjOe7`XS-YsXfgKR|;)*T(yB>(j32DT2ts_DBiH-imRdG zu&|FMXT^)xN7$Ca+TcE2jh6OLY~BOxM1nJf(-n7T>$6L~-!WDsL*ND4H)ovUJ{zMy zAt$d;URjN8PV}8ES3~Z=iA4?FMXfhMqZcGv6g-T!pf~h6Wf|8GU=&V0K;go{#!~_U z5C!-Jt}o21iqR1^1Y~<7+}QfEvmGrhh%q?#@vPIQFAbt-o0$z1lRDdTFiDRq3Enh) zl)D#2RtHYA!`zE+cQvqjPj3vMWdg&01JT;=jmKT6&jwb|V+)D4d@bu)As=eaSduk`HlpLP|#zPsk^?qUeff(W%ild2(WBBMDf7O^NyrPVO(@;G< z&f#vH!#DpwdvD&}wvi+b@89_p2*>kSawv(1D8-s6zsHg7iFbTxEqSy1Wb<+$5+pGu z0S*qyO6+|0x2i961C5g)MajVKI3n5TuCA)CuCA_wc}`(L9(%;2KMKM}Teq+`0_sT- zua0O^=+yBI+d;^ykK&@^-yx>foLJ&3(3!;=34u0a)PDKW`Oi zBpWP;;v+lMBS#hUF&J9xk5<)wQ^mW6V3LGfjY^W>EKR5S=%W?iS_;)onc66#2>sP) zqU;3)sgm)|3Uo=?l_bh!ja!X2g?mh+&Nt6U?h0bymK1wd0h`2;u}Vf`ixys3006e+ z)fbg+Bf2~Y*DD+IPBBN|5~nKW_(vxmBboSJ(NQUW_HtWkkQ!53>0G4NNrc_CVRl1L zLI0nXTtLd-|Mv#nL397ViKi(2)gq_moB(p}|NDoXUhMwo=x}h{-2ZIiVS*RWH5v^d zZskoX2kc%NKF%jRN*x5LxwQYAM}(x^N`LdwcE%^MR5IW2LUQO;OFFzS7nmaj#ZmmMbtGxtk4zeoa19S(NbWr6fx{Io&u&224+ypA9J89uP`B-6?{}5wjm80cGaF?AlR*9ZBwH9N3+~IM)I?M1OIcE9 zyqY#(%0{Y(Wkf@8UY$pMh_9&eCbxZJ57Un{cg^un<{a}Jco)Py>pjVME|D&!g**es z%p-g3kywthV=!wG?I3#!$`^@Z1cLb=l{XD3Xu`-7br$I3XtdtCV+#`;x74>B_O*^U z{I}#d%3Sz-bX_bHugj^HlkKJQ7#bZ$S%e82p&@;>k{l8J`7Eu!Zw32NI&+LS!&*X# zoNG0TE~FVX*64_d$wnTq;h?Dg7ppwAQ0ma-=z@9Y|HED^{-@vV4|A%UcQFki+sZs)se&|GO>P%Mp4?Pr@-S+RS`wagD-ovBX%Q){mGhd9dHv>$G%` zz4)@1PcW#evAO9A)E+*Spp90Gv$pd&hz5|Ky9@^EI7fmC*!VDk(MstZ? zK?8h#eH{80`I5gW+z0kna}4=y{aUEUYT2ui&F+T4RWZbykN6Q;Rk03sM z%V*}9FmP!}QB=&l;oO}X@^dh@t`GcRj1_HfOwXZhm-g65KJluTtQILW{u`}DVqFuz z??1TFhJgfNIu=W$+J%)($6%#lFhi?&gVTeJX9XiR(!yR?#NOib`lv9GA=c(G1N^iw zZO3^0>!SeL!5l~C+`#Jrl8g2??0`?{RlI_U{vVNBLrpWSrf~% zyxqrt<3(Et1M^7?aRfvbeY%~$DXl=~8ONGntM6mYuq;Zl*+6Y{6;1#Y47ZgZsYEOT z3<)wM6~(e>MgBHO&29g*d(y)~Q~vOG*Rf6)x8%Pk-A-o#B*0qU*VbtlYao9b`u6Ye zcV{Zl!HPHwB9lTkmJV@%Zckk%8|J!d# zIO8l73}?V?K#HHS`qv|@0VcJ=ML%VS_b(QSkoL2;`yJwbF%52k!d~xtuugyxnP}8 zsgTzPd3TQ`nlM_+@CrDfCBKz`o5E{QnRaq;K;#gT<>YDSY3JZ?ay>Ucyc$mIIh=SH zuM(D;1q)?zQY+UPS!#V~`RC}n$G~33`LoNPhv)BKynOXP#;MV2{q3>#dtj@_3RIXb ziwi{T*&^O9e;WHw{%?Qh|DF8H{|u|)^S_qU&&cbafy+Mwe}A?|?q|@`KTm)E>|amu zf4_fTEDt}s(<%J#`tyx-wb*^Mt1zO0vHP~iS1Eg*s$3IYR`9>Ru)X81^`fukDXRa& z4?xRuet-PQ^Z)1{$Mb&;I!*rn%{-Ou|C}M>ULWiV?JY|}5eru@6_ekJes0D4C)bvl z4k7eDRJfAJe%0_Esm@o{8=Llos#uyc3dag<^I4d2l;PzV)wHaO`#+n$(Q>Q+b!>EQ z6h^TtIFfZ+@hg?omUt-PW*Yg0$VQ{IWPyX* z{DO$O6{*L#v`*9!m&BojE;_{nVvmJl@UE9~zx25RA^-+XlrIfK;;9rS)3i>wT14Iz za+tC96I-JUAz#Ckvw17v-mt;EsNe_^?426k-6)v!DXIU_M8X&L*czFIqk!}DzusUF z_x~OAoA}?2JeBpofN;XAJJJH_=ow0&3Z5*QHmnhHrgmIfM@xPEVQOlUDEUehwX!oV!eu42wd9M9 z&UR-{N&Rmf@n46%ME%d>ZojerZRA-){8#z`Z6m>A`IbQm4An-+z|0IcOH3u9wyiVT zEU^q%F?KytqRk2go2mLI?k+rHXeCP~)#{2^GwG1ZCY+-(^Ebqn)g-v%2e8mGm7iQu>mS2jf%xPqZEk410 ze`eD6;Ez%RiWk$fR}}&SkN=*M(9AH@@5(VktiP4{Ao}=1?ipA7+1xT&T9b@cuzFis z(O7BBBEuC+pqn{HB7sIBxS4?~3sGrJDqtzCtK5MK;U}Z_YRKV?`N5m3Tn=Bb#IwsX z437QmN6;{|rC5dIuAjyHyi^F83q4Oji|guBen*|%;^HvAd8zx20*wSrRrPegyuxvk znQ&O7^QpAoOdZh8MWqX##gI`V?bo6rJEQX|z+&nnH9@2NO*w(B^p)Y4u*6D<3f|UHeC~CAFR@*Ik-OMj) zoPDX~6ZMj@c03E1A}Fp?iuNMoO39hA*Dvhftr!IORaq!VH~QQ!g<-le=a@kOcP4h4 zF%0#)f>0$pszm(wp-=jvD0-wW;$$id4mA-oPGld-@geUal?w~QGUB1^44mk5If$fw zGL}ZNB3U6rLUQ+4YMPbHMWv?0S2tGuZ)Itt?LUr{61um($G7(UgKzmiTk{3Gkk6h2 zS`ai9QHoVFQLdCzMlk-Ux*X*05_*$v%tWJANR%8=Ppd+3R7Jwl9cwu<`F**mYWiJ) z6O+BAaiI?G`Z!S2`|5~K;k=9nRY_5b;wr%;#(%ZMvV-2_q=gAW%!=mn|lK9m2p24&FF)MQ` z^p>1c^{HrPkaD3?te>O|)Bu?x{L0_6RhOCyK$UlEc-fp<_%~Y#^ox=!KH zE>k0!DaC%2lhM4V)#3VgXz^QMcvw8++yJwS$4I9aAksBV~lwKCG zPi5{ur4CA6E%EpAuy6gl!o*uM(;Ewq%Gj@wKJxF-_N?*q5O47>Ml)+1V!5nW#IDD_ ze(?!pI635t+tt8bx^s7W`w#23a9uqGfXk=@`Rb5dm8*h;J{oZ%36*Fp)oo6Ey`sN? zEHA4O!*?e^9x;|AA5{fv+*tN>7MvK}PDi?I9t&Js-axSz6=6pldx_gR=-aS z+&NaKk9;zuFUko!xu>Fnm!(uCSET1K#S7W468}~QPFe@6OMa<*-BWZW4bv##*tTtF zV%x^V&cse8#*S@Gl8K#6Y}>YN+uA4Z_urrU?p|xJwHsCSRFyb(ZG~(^*J1S3SX?rs zwe-GhOe@)Nb3oaY;sO7hDtNX?+myB{dpQ!#;8Dj}yt7kXT!^N#TMlvM`eG{ybCA5Ry}wMur+iD~n-*h7gW^(XBGG{(iz z0z7flD@6;|mhVS^%$XK|!}2=&GI9Q9nI3zi2XMz_`vg=0o3EuHd>l zmLwG;;h>PpN}N_cq8gq|dOgeQeZ1p>E;+2~x7~@np2M%0kU`;c{Ze4%&7`%?@XwwO zx8vPF;;Yp#XM$dDtt?7QC5Ia%anNu-HAuQ8O*%{W%Wz*QC1W7KU9aqkS&-+pyVIW8 z0O;iCv*7Rn&{AB8KE6ehPHmp_W2BpI}UqPm}&_ugvI zX`-;DtqZAOv7acz$7Z{MJ$IH}u$h*fP1sF(U(9cbWLoodn}v6-*M-mbwAw&V##ca` z_w9#6&{S>&aD7CL_e-gKQ)(QZnaDnkIOzzzi+3*8tb86}><#vv&rMU?dxpd?^?Rez zV1_1l$t{saxW^oM)-V{sPE;UHe7jZvmhKtjzyyvmBqy5_SbnHfggXF*&S=y86<$bd} z(=k1=Hud=sJuF@g6kd4yBJSUyo+Mf89bmIPR@V_`Gjhrbl?s*Z!WG|bT;5%Rk1Kw~ zFQ@}u6aBTt$Yy;i#%KIcQ6UK_E5N8Tz)u^%UQz+jHIDcD7vE?m0qw|@c;4fRzbxbh zCK!&>DYubwCo^6N`a zYEIPtt@y{DcUW8lJb)Puhsl)nnqDtaR)%lw-hs zgYJ1Dez4a#N)cc`PK9w-#4-IJAmtSxd%X*r$!QXZ5gQN!e-7&T4m3jP2J#4Aa6Wc( z-Klp0XIaG~N5fO2V-IVDl)8ZN3Nnk0uzu}{PVQBtkWjjYf1fhd|5CUlbjt|bVx2`e z=*^a(Ii}|ba+@RkIBZv~vGP*OyN8FQ8JJ2qcM|SAFRJp590SVdG-YOyD18wVJ*mHL zUq7{PN`5))l`#S3+9ZlMNOR$>C!GzCaa-3Um3w&}_}>C}^@aY~vs80ROQw0*t?QsI zE2frNBuDn(o4%(EU_?4O;?I7`yXkY0I(R6Wyr0&V6xAP(jIJ@2}gBSwK+v&Pl) z{{^Zkhus;aWP^A(-3;cH|6o5BdW#rvk;M+DJN9%xY@&$DT)_l95#lnZNDyXxl0)@ zcf(=0J6Rv*&Z}xqt>Sm`rKVorD)uKOEnPdc(rSpZ z7qB5@&1xeq*ep|;x2~i*%Wl7^^1-t@tlQernR!qoM9W;avk-n8_%bfr)%|kt3Uq@W zuD#zjuI2&S9cixu#h%ew#-qMhUSKnrF7Ukiwr`65=D~Yu7}t6IVKD6oqyI=}b-KFz zw2@%~br1pDj_dP`y)Q5h56)tulW5~Jc_($02?}B8U4?&q$D8dem)pns(GWpD-v z9&LjhLo`p@DfxirevacoE@}CQsij56nLZD-vUc9q-)qjwwa~HjJKt>o8mMozV!qLo zcl%0hD-nMgU^dLkDKpIM_9F7#4VhvCf)iZO9spRUW~E@JwoWi9@~>bC#lq$SXGBQ0 zx#WrC1#+&FkYntj^arLUuOe^ZhS)bw0tzDs@vo)HrgaeW#7 z^%z?RCKHH;OhL3h1GDy9KC8XI)4~o1Wxy|?1QgpKE@171(PSmi%l;FSec5ZjdUQkM zvE1;mzxpjvXuk{v=mNg)L{9rj-@lAL9@+!K2%Rzerc9we! zXMbF~Bcs0oEdG}&!fygP^gq==?{MgfgON{i-f{>YUI3gjaD4x_+I@ddUDu1vgFF=0< zSZITkUJ}$WH~cs^f&%*7AM~u4-kqUx7HGe(d~YkUskm#eWi~9o0D@=KNxlP`CA_=N zsl2@05#jI*5+$J+HrCyJY(&mhnNvOJm)~w1+P5z++@E+E5xLtVo`j4J+`U|okp6ybekHquc+27 zm&D+oo_gT35}X#O0c%lFj)9Nty55y`Hwx9$r23?08fUEf{rM49$?oI4Z6#fqNtO(E z*O7^0n7N%TWLS#e2hZr>o^P#}03YJMt37!`FtytjHBYcTx|KWM3Jx>=W@Tfrw=eWB z;5ha^sszzQ6aaV#?{}>@qW_-#2s_Uouprk#+9KWYJKnPX_pr(zuBYz_`~ejZS`kSg za`byflw2!K7WOBvA3yMi9u=d9`CtZMzt}Rv<<5^+QiIIDs>b z@=8D=*b{-*N6RPO^%LS=^EZg0O%6X6-uAfF7IgWcPJ-=<#SFVKo9 zlc^{fK&ND#TPc&wx8YJE7#OlfIQ;@pu?Wb zEO0;AKKWB})lg+Mj%BbnMU?q#zEiZJqOd?psCfWpR`B0L_I6{1&$a!!6-5{C--2Oq z0j~krEU&3>tyo_Ej%F6kD>>!W3a3ww^eI;xsXWo*m4kM6p4xxXr@4-Gwge8Gm;^!ueg4miHH`k}pNy1jBA2(hA6tdh& z9H3RRgpp$jiE{c6b7hl%CTBPV^vBB}w*V$mdq|_+<*XQ|JH!)2gHh%JAVk9wlRt)r zB577!vd35TchpZ$v8a}v`L5I3Jc8Y5(d2(%($S$~xZ-4G8wo-b0*J?{Y>4J5r?2NA zN~}^Ip{MR{yDZ6U8!&FCs3?th{v7vH@Y61x@KGDFs7dLDX{ICpx}4a=Fh@)DXFz?* zHzf)xMkq>?1(K|psoIhN^2Zgw{r7L^K7!Y5d9k$%=Z!%|%9$|ZqugSGGV?$Va#I6t zMz&5lGaH~3WkEhTYE--HR;hfYz%Tnros|Dn$tUf}7wx9kNwW2F)NID9k%z&qj{LSq zB>c5jS)q;$`%}CqOD|-JIMxnu0A^6>v55;4vWvBZ55u$K7An-3nEeTW|}W&$k{f_#JGHG%QQ zom5pixYmVy#(R!R37S0{{jZhpZDarx<+MOlkGs#qvOZqZawo1jt@sp~NADlg+*UM` zYDib7HsM3eSiU`djFigm65i>AH>Bu%zIpV*APhmTc!X_CbJ{>Rzqjv^7lWF$)2uGI zr*Hp2ybb|g@FAkG?PWS!L(k-9SuME#<&iSOSL~$}VKJxv)|e zp#=b0iJKxG*PamaAD4}e%Cqy5WY*w{Y)Cq61pOMe*?4DD1ZOmiIM%Qc7~2zWe{(_D zIO6pr*itk_Bb4;B<8kpz?$^Zl9SdpG-#(H{c_214J>_yzm9pDMI<+@yk6%g~=M~w& z%Np!y;M_Gr#(Vc9f9o?KaAp$I$OTes9dn0o2yHJv_FkG0JD{UF%nuRAW_|-q@I_ac zR2E(j;*RoZ3#^tO%u0GPCxl=VL#}L?S9mp@TPJtqS-3&9fPv41TOyWrNcU^e?}#T* z$#Z14MpeG54u;kkx^g{y=r&d{v|9h!w50<4_RiQ=;DizhaO4pUIUVW(_L54{7BO$Q zttR+2?85M3r=&hME(CJ$0(6aik9e8hH~7Bu4@Sd*5$J6^Anefocwl}sy0@a~5eOpd zx$46_-LnLV(4LcnYek~Py`buz_*v`{566M@cj zQ{-_^Jh;tA5zT)X)5-Lv@~bg^aYjVKmDqDPrm-{z8*8cW(Y`sD5GAd#7Ch_p=8Ti3 z54D45=M4>+^r6$*HjmH}J-QAzk95lWOJ5pF)Ef!M{5y^5nP4kf0}i>g6`0azpCmtC z!Z?#VbQ941do8e6$50~yMbaJMc&+iQbE4q^yDY-R+sQw7`sW9sLPV-MUwKL?Fa+J_ z*6Nq`zHPUM$U<|SG3D|R*f3JYjSf3j8_mfU`b<&TGCW|n8iy_tw+%fD-T>7XeQ#le ztWZd9P$E#Gjbf@EEUCxJapR4QE!bFzFn{^laX6s~v~vcVEK>7Gdapjuc}ndOs+I28 zf1)$f(;g+4^2)-SmwtdJ4*p)4gjdQ<7}kL=R4wvWIbIxht5HLzjWnr_xvnTx0+*UV za^ZX6+LUZGv?^c5C4;CL+Bxqr+$Q7YSwp`+$U*u!6j+@{Q}z!TSWvM62@ zcE;1OkpzLcpQT6bc8kr!3gcb=e##NFL#GVf=!=XE)tJVsQ|cKJqsV7#BV@WrIDYeh zN01%-$^B*txrfE+FeuzkGiwrcPL{?qga|GJ39ax8o6%hVynRX~GO?E$M3zx8;5^Vn z=&~2j)YEv7U+Ip@Epb4>Y(b{;?>#L{piz^DFw8`TL6+q&SYKk4BNMjr(2DnNoomZl z!Q@7-61hjB>IFpRh2BoX(x7(jQm=u{?hqX)-$rJ20krEuQO2NVF!-OkkJnXp1d~Z$ z>QBHRF^k>@0MApm!Sl%pivjTXq;z`)$a#D44kXRPpEoppqc?pc|BG#~*qO)W8X-!S z-W4$Izb}4*gvc9HWen==H9qBxyIH6f-@MX@g8kE!(x*p5G-4_pDdhO-WrFQ<)n-}$ z=wJ_pYy7y4etizN$bHTsLZU!lr;D(8MEH8CW?OE{a{lG_j3~6$883qMqiq0BG>Wkc zq_L`P)DS#kCzL2)gerfa-m()e-#=AIMqEx03Kg?M4oo+DhQT>Vyv56}55||5atOm= zb4S2dzZw4*%!6)Q9RqYHnEZ-kmcRzT17aZIo-vDi7H#zw5-<)|>#T@DelE#ep$txn z-Z_kkN<5B7Qrt>%n{uK@C#GVC!wn2^%F3^1nm98q)_cF9i-HZULUiwV$@yx_#L2tZ z3)E_R<*N@ta&SW~A1S)*L`3FND-wN3#XXR8s7m7A5Vdqoy}6H##N7KP0TC=QNeWCt z7CADV_J-U|cqK9zw(q&cVPTj9bq5s>i;fI^iZa+KADai*qN!CnhKF2`t$~4-C^y_( zQr7RHQ1Ijg{~n96JO7L|dcUiAIJdTv$c7mJ=28a=4;Eong+Z;?a}?#LP88%0o=6{< zh^&(V4*Ed~@FbU~eiG-Us=W4>^~$Pfjtr(ahE~pHuCT74?lg>f_E`#WSRC=$bUhJA zD=flM_G0cu{zYs+Ol^+P$x)}YmmB%FVIs)&VooQOp-o}D$JQ?=RhYR|#YW4lfUlAN zi_>8d%~yy4R2qI7B{=oE&jc0W95tO3RC3(Z9;YH~@FdM6lLWlg*cxS^?_=OvC7N)$ zttnka-Xxrzi6Df?Tp$0g`OH+LABHfk(hvlOcYe({zB3^wyqm37wfilC^! zK})Yvq3o1O(EFE^@g#zw7N`fMqnGeJ%Sar~Uy6!w9xGAJLaZEK0WDrB>Xppzy zU+qwe!J7fw%-HZDUYSE7Hb=Z0>=26QaN;UBNRl_Er8FasHe{UxKAtEy3Z?c(x}=}x zywd@9K0+R`e`s6NwTTSqbed7=L&uBG=k;!8Y#9+?y=t>b*#@&emN*lD6E0c6-_=^a ze?@;=RI3-9!WevE`)UW9K^;jI9`{im3dbTq=OM|s+r4`g*}t;wfhr@ zN-jBuQ}PeCQOf+*q$a{TVX%sjp(LK!jn0P+{~7L;LMt_sCrM*1eawqhyHgqA4>CX_ zXlV6F8a<$g&7t%2@Q^^HtynGtqq1*g<7a!7qfNpf>?`HqQZM9$dM&4yjdkQ8tmxkj zQjVp4CCw?|IGp5uprYYi5<1XxgXd!CqZ=wrDl7)LOqGoRWTyBnQ^M?HHtjYFK*plt zO(5cTmm=NbM8S31VR|mk6KIl7608jGHx0*Uu6{p0EOOct9m8vN%3@ZIwsnxER?K&r z^2(jkmfmnE-HLx0=_B6O@<_YOY3CYD)+eKHUGJEkvtkoXu*x!GBDu&WpdMxky$CBJ zaw<^e(JA0)8xYee1sIvi5OVer3E`pGy9Xj|F8}8w~|MObY_9 zhp+ed`}$`Fzy?+8arHu_gsk456RR^uDGxEhq)yq@SweO_u&@p-msF>>Cv3_vvUWsV zO$IBA3XS8Wkp)ia`2@b9Lgni(Qm|9MH^a6RTosC}lLf4tlZ81pu@rFg#aci`*@s2H zIpSZlI_=eqsMGb_33Y5o4MS*C1>@-O0I+5fU@q?z!lYHj>GHV#>naZ#`_PWA0*F)M zqZX3n@IXVRDqdSY!VHwYv8GDXb9+$T990%_X`-(rBTIwuUE4|kZ49|5L;fp;mHX*g z72#C|zUq{kW0kAXp!ZYa2F_s(4`QQ6Vx)wQ3YjrN}s{JQEz2V9L zA5^Oqvcr8FYY6&*le!G<6c>JL+MBsLB0U=+wb91YJ3?=S`v>yMVv^eQs zCr=F66&Int)LontT&nw1xRI=dYjefN=`^v|q$+6%5s%@TOL58&7Yla2DJ=QFVFUc6aQ?1|1

    @0 z)OHYkdFxv}{z3Nk&YWOxZ$f_dV~(lvIZ@lpa}DsPXWEzDyk+MH&93)DYS&vhrsl%I z&oAkMo7bh+k5AFA0WxfFFX`f?tZ|vHNBr;_4FFXQX?8=BH7(6aAn2qzSFpgTDb?5# z*N;L<`*RbUm41?iGRoYpT%NuXt7hVnsjQoiYUk)BhT;|Wj+S=o)2_7@)w2~vE^D|+ z1i)`Z1#)=){RItgK~n&2GlsPsx@Ad!65-Zw;R<_2J*q6r zIix{8e_d!Zm`T+B7p=Lo18jK(azpQv;r93@;h7w^UP6i8OvQ6VP2xc9PX)-_)}*S| z=gKc?Y1Yr!>UE_KKc*OYb-w}B5m`WZP%zH zE7s?1yFM4CG_sp<5vS2&XbgwOLCg!&n=m{9rz_Vp;F$=y9}fBhL5sp8w@B9M7Ugz5p#a6Tri-y z(eR&6kv4TOlFgT%WGu%>RJ5>S2}a#+w;Cb9=&3!>+Vqqu@Bf+jA8jxaMDzF$N8_V| zHvYplQhxk3bMD64SmFOa-XD(({{M&jt^e;f(oSN7(~c|h*2Ki~pI>CcLyw-gT!emc zc>I9{UgHWB;;~2Q2VmJnz79#GwRzk6C!~!a-Ztz9X;s@r&L}TpGo~ zF2my!L=~MytZQ`3md7=WgfYKjM!kg-`re#dGr6OP>tL7*4m&~RIbkv0muBR><2h)2 z=T0ejbJ|Ad9xu}qty=7f-U_$a#8l3q^XuHtiE00WUNHQ82O97wDvxG(|D2@Wp2C_Q zhd{q+XmZ-j(9Hd9O6qS72^75?Cj2uYRuJ=J-MRce=gtw3HTv$oBfBUR$$B+9y2}Ap z$sW$8VOKhuw*;2!p+!+eI1xoVsL82`04(|DKfoYep37%7WN}y`i_T`y=!AUmPo;wb zaIo|}5$wyo#W~jaiJwAHkKmmj;>GhR57dI+Cgi)pcLQGVR60TN8;uS(-60 zp~#a}C@nutI5v1+a-!~czdh!8mimTBdX(qwkQbU)1F%RbXhQOHQPh2BPVwG;bv2h4 z5Zy<=DMU_Mpu_<-c9{hN=i~=DOLuk(hw|6HYcuq-kXP2#xjKPi3!P~k$w_I6J4orq zi_r-09E)QuKKbNq=Gc2sHuPb(`H=V(MVK2xwy>XIM; zOK$_S)ZgGVJ2RggIS3c zSd<{B0bFp#1<`>%Bwd*gGVEd+g8&IHxOjx0$M0Wu1^7_~{F{AN*>b{C7t{lUQB;Ys zvJoh~DX%Hka1pVJbLd4V?HHnXnevd@Q+j!OiV#GoJqR;Ur$CW1fYPjET9ujvHiyA}8guT4<0F zE7zHoU}c z#_>Q}XIHlltbRb?$i#UnLcL-09;kaZ1r;^F>r`8?E-|oOlAiIdsF;*XYD)F4v$UEh zgmu0^DI2#M2Us09BNM(Rr`kFZH{0K>3HMN-1$(!^hn=yMxI(8!rHr?L7w9LX4^#^s zi|PG8En>p&NQm#fX4Luoxrd10$EW7THf=jq%YVF|x*0p*s`wwHQSSc#Xm~Ifw(@@) z2`9g{0F)V{NKXn0;FT*%zCp3{oP0CA$35)idt&enmhn#v1JdOok@h&>bcJvs->3pK z5|uH(*X!wmrq^q;Cl8{nCF-3pegJ)P+tnJx$Pl6&ii&e0@H>%#1o(YKUQ5kMiI_GRn&q;i zPV_f}WbRpRNBe>fl}IF;i#!mceOS(LzxDom(E5*1n$rFH$h=Sx==>(kutGe zNXzm?D2*h712mH4-3#H@N#SR7r26f*ZobW9?EtP&Cq13ZVw)bqXqj1RCG%IEZKc#3 zjgseVW7L7x#@f*AqiHiaqv_f$X``p# z+SkX8TT)(#7y}>HScEg}ChLE-{`cYI*_%@%x{DsHW31Z$N&g>x|2G=6@gKL6R@#3z zU;uWaN9CeICDVSN9H`35D!)ieQim1sH+y2Fm@?_QVNjcE<^GNt;>B;^j&0+B<>!J ze-(F!@$-U)Q&ol=zWGNH)scS$SLtTJ@8a zQgnsiC(c4EpxgkvCBltnzR-5_*yB0on`VKpQLD^ETV0j7_Wsy+fL_egB6jc_-pV7flYya6w+K_H1G`K`-Gwr$Kp@N|wPE~_9uV4kb0PRs^x#Ora!oiLDT!c=>Iit@BeNi zt+fBkjou^re-DoG@Bg6xcl-YDR?-UlPks%|9}&p&$nukd`qrFH92G1xj5o21%QtUC z=*|^Yd6@^;)XVFLM|SMq^gdfl-Lc%Hzhw3N#{l%32?MZ7|34Ux3+KP%R{!5h68Asw z>S(D5$Yg3y66EiJ$mr4XEmSEZwCktB*Qb#=7+Wj3bsYK_=s-ALkZ*0@x}l-^@!R^~_}x`%Yv9;FOJ{JMVe_PVZg6V_Ah#`ntT@drxAal&)Aja{+h!oQ-p_2P2r*V ztokNz4P87Z-_ScA&m4F{!pvawjQ%Gn!n>BiBzcjjd!jz^*g6<;Xznn4!O|edBB;Oq zhGb5_p%hauaMGE0B13z2K|RlDaHd|_LH)~9&*b$|wfw(;jSwCP8&UAM{(t*N2L=28 zaM;TKt)$PN`+H>JfKG{19d%Oln)`l^WC6yQki9|R=o$EeaTE+nqwTHGxWquH~_;XeQ9%unOl%()}oUJ6XjL4jxza7DF&)`ok6 zL6JnPaeT`T+b}x+rUE)IA7LBV9R{+&GVy5;=Fc@L_n#pa9AZ(euXhyn!W4*tj>u3g=XtxQ& zRectWcq|_HVac44j~HrC8;jAFYmj(vFMW-98ar+TIT3Ni3xp_K(PBT>>PvW%XYnXOG3lt>Gq;NWyok@iv& zbMs)GUQ1hE6{F~UEIv!U3YY}%5@H9se+RYUqPvdB5@EoEEwcu)%JsR&?Jy5Bdai5m zY-;ROd?cv%A_x=#OJOaPX(_$jrd9a@(%g^orqBnOQsrQzM6bLgS28I?BqBowG`EJUnX0e;cXB_}}b5!T7iS zU)xD_SrocV`ZE#_jwCr{Rh zYYu5h_Vq(6l|)P~fu0w{(V6ME3dJ+5+yxS=kX^?-&TzNCFvGs< zO#3R7ypjo-q9K2;;TPt6Jd55%q4|@105bL>&239PWm63}jTvTB7CD}DRI5`#dB!Ea zaQyTs@*~sLBiZ9o6pXE9M&wyZAgA3lw=@v`ZW{B0hYcxdKvKCR5L87NsKb&tBDI2N zm4(h~&_?FvfJfw6yE(_&I=_~@OSx%8b8kj8K{#JkLtKB3L#vo(Hwi7)n4eY$Fxw1I zW!h=O_I~ZDrv8_NSXk!_XqEmq8sy{uj^V#n|Jz2|fc}>Y8_YT7l$PBI>Q?A_J$2*M z54%~tuTVp&Vcj~fG6;FLRL#_y?yQQm+o%({de`2g6++C^k`Yl3z9v zAhuFlEyRi~s;GL{*hPsNsqmj;u2579+M(Q__A^x!1@ZJTYyeCN!ct&<9Myv+FLb11 zQ4TNteF@C;Q7C*KsS*&VB^{lPCBvVm#kJ2wBN>=MO)B@Qh|&mbf!@7kw5bJp3GsVn z^umyuyXH_^bRv6i7j*)(xapm0DG)bpvVBT4@daPt39gvB1{Q z|Hen{`|n#xPoV!v{%IA!Ke_@4sJ8lFtN*q7U#tJM>35oH-v55c@!!hxzr$kum+_#D z|FV_TME?Uu*y0^9Xsy-V9#?k*5?ASN&{>A?@)y6lsZ!UfTCJ+ps#;&Us#Q1sk9Glk z)cXY%1Xv#Gnt)c>e+I+6{pV;jYS;g*qz3+rj8;d{IdLNcjIf= zb#(=iO0VzMShZEe1- V&9_Z$YSSa7{|E0#17QFP0RS*w*=PU& diff --git a/released/assets/rancher-logging/rancher-logging-3.8.001.tgz b/released/assets/rancher-logging/rancher-logging-3.8.001.tgz deleted file mode 100644 index 703abfc3332b153511ea2747278457249881413a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 8651 zcmV;+AvE3}iwFSMFx_7O1MNL)bK^FW`*rmzaB}uC_Kv8BEjy*FY}LH7H?{L{*-o}n zt|^-$A(=5natTtlGn4!6*Nq1Wz9dSPO7Qm7HNdA5$Da?)ks~aBE&Ky6Q+Uzefh0j+GPAdUh)nDim$NG zip=C=KtnU~L!;$b*wjrF1#HyqTF54tA$!PY0%J5{U1-d-*W)2_`;|ahfeg+DyQ2#)AwG#_0)^z50vu!AEsI-1U5LM#?0PO8%y~AQSayw z`Ty`3w}6uY=?!}Q!{dhk?;`DyGcf}a&f2=TaTwtXoWO@M@H3nElL`D!q8m!$fJHDv zX5>=vi~_It^h|LHor?mO>)O7>y1?o>^nofK(eY)q?!IW$AQ#YzXy2xR>puWvQ=EgS z(wx^J7kf_bZXD}|zy{>sAcTNNq$%Nh!=3pUW z!F2FvB&5ubLyIzw48Snq|LD#qE}c`CAt@xZO!MTyk44*@A!DXs#Eu8e$W4R*@{gknjuOOD>VX zDftz5PDn2^y7Pf?-=&@!0{lMg?nCQ)d*p*cro;Q1uG&*M@~5Wn6LsN{K4E{KK2o$B$z$8BSeavSPUtgC7;CLkpvVVeQ!=- z>+zr<@D(AmnI(PYeWJj!AlJ+eq%Z$+>?zD>H7BAQ9~NEOP2_k0k$9Ba*bWpCR3a>( z7D(e(vJ{~!)CA6!b^{oa$ilYx=x=OI6c$5%5v)G@Q@nX4htp6SDBgh$PTS&q^-3n{ zqh=`YD~>TtIT+?hjBq->%lD6TSHyb%OWm2+X|;_c`Qhx%i`Vbp7>%_3M^1V9-?)LH zccvapp^de%ME>s$2gh0YzkhOaIBewqU8Fs7YDTb+c$|rffd|G)fycy-%l8Q2p||D~ zWZ~8x;b#LD2Z0aAf5Kq0xMb@3W5U%uTpkXo3tVRoT*(CKI?V?`3jla@DtOYf0630w z53HC=;s3R7kdL1G0KAIVM3hK?iVR?oM$348esvBkmjZ}a{%i&SetLCIY$s$bW9md* z{;xp4WsH9fyZm33aWn1WKk6%+d)*Y!82T3ns5qglbzrc&0RA1DxA1Q?gU|m5MSn6w z$B!9#`}z$u2>kXJ;L|Mwn6B9s4S7On+l%e@u(l|KJe*&#(X9 z@Tgh;yGSs%-{p_i+y>BUUFLsC#Uxm3H}RNDNSee{5RmrCd(#8f0VgbwRzlNtex-II z+9Y~U5cXpDV+;Ky|J)g)yoP#ZE*5*qA%-8#BKLpnaMWsDUtf<+cGLQX;I0LnC-8}B z+eE{u10Yc0sW88d$G}-=L|I4bFmobb23Q=}aAH(hQqNrizR+_-jidS&`t94Xg*-2# zS{eI(#DFFN%7&NKI+WU^7NYG8>FJ}o;qqTeR|T|8?+wS_PtFkH%z=X6B}#s2ryPdUkcRX>vBMky*aC4nZISei@BS`0`%93H$&1ss49=rSD_hcq(^9o7 zryQK;6_KMv3B;k`SE*g+l0CVeJ#=Kob#W>vC>^efCu!ML22bh$euP@rLU-_rtB1~{ zcIf+w=|bxQK`t`S4{;YY=e}c;D14A7EU9-uVCnJX8V?WGaHeu?DzsVRCprsY{{#xc z@gO-$M$QbCL*lqNn_+3C8ap`1FVlkqoB&u?8xJ+q2{Ga5Va9Hhngwu%iWBK&Chya; zz0CK0RM+z@+;vzaPPTy=0-6z5z2Uh=o>7w12A~_Gu3wFdXpB#UA3djPD#Yrit__11 zi8G5n?%JF$P61gbEiQ&tr(sBE{v1gSGexJBVodN0W4`5>krGqVSt-WAZ6pSk9f4<+w0A5vAGPdEgwi(p;|1MLF$!3)0#;whd#Q?!ncAyzJ;R0#@^->M zJeNWVBma#x7&&|S;#F$)B3!NuQ-yX$e7HRIZE`Mc_Js2ThiZ1GjFc%BMN z@BsJ&(wBtLk$L+{Kr|$&q;1QY!9$L@O&k6>F<_4%Zr44pijnG=;v@46U8 zusVcnR2wHrql>g=?TXizpO#|e0q}E*1_a!LYXW{PEGNPMjOYn*4pxV-a5C$L+Odn~ zbI-_NRA(Ngj#)JkN-@&vaz~r7DLGD_j*0Zny`O{ejGr?05X1) z(j8loiXUOQ-Y=vrKV_gRXHljs2&ljVfHE$`7baITAGnS&`EW!pn+3M zYGqAaHwr23&P;4p`biebD0RDXdHPDUnu$lI(r#{5&(TQ~#Y^-Z4ei#aU85_irz?tF zw&EcX0KX9x$i=&Ju5*k%#}d}hF^%ph^>kIEUJ*CAMUWLn(r^M2K}e%|#~%*=Ty9i0 z>T;nfKk6%2MoUN_^(@;b0i?ILRIWXn@ISubXQUGZ)hP@oRWl4V$;nr{A4m+hD zRhs1-(!ig;F0>h}Bx?VQ);!q(w!8wlr4Pw)d;E~_Ob%Nop~QZs;w7RcaiI360%Wdh zQdR5E$}ehb)@^L{x>9F8rWkp3)jRr#Ce<@G0!;^%t;o$HCQFT$*@8KYYU@+KNbv#j zuvXEhLUVoN*f^?epcJDTy5~h0Ez~_H&2`h^&a_gBQ4I}mIYu=!y!G_Da&fG}ZSynR zu2Dx;tUt5u`m-pdk-ge1;xwA~jeg%4c1$;bdYyi*wGxzSnJ}tRT4KVeFkMI#v=&P+ zt7R}K!>pFUV6_P~_uY5~$3y$=(s4{N%2rxBn$R4#-c}y!7h$w$7;9scA53U&9J7b9 ze_w&pB8(OdUk!}P2XVDg6N2vD5DR>Mde zI%w_}XEt-}2j+WSQF&(K)hq;XT?3_Z7`rb5aD_;M$GxO za>Ib;2K|3JMcUNCNH$+;$ykh$sAyru5{%mIb~QqP(NlY%HR&l+-v2Z4KiXg&p?Ik)m&0LY!CMKT${2~(?Jv!oY z5&FfU`2!2Q#vLd`vq$I%?PcV1D+fjfKt}@j`hd4o6Bc8%S|IX(h+)1$$B7Z?w_02h z!blXUFq8xY(2pOTg871=M5p2-5R%G2Bccl~vWZjpS?HhGh+KYZ>3%yS(r&l%&OAJ` z;7`MITY3-;^7%Ke-hC}B6Wr;O`(%tCN}?+4?X}7*V$!IF^pRo;hfByF`8V1uVmRxf zVIGx=c-;@0M`{cE(?g=9_m1qM5G3o>Xz4Bo zSS4$mO~bCVG;awk*FlY1oa5s`5|6B8}mRd_-#bK>wVYb1<$1u6u;5vaMc~oBcKSJ zW;hgSS%uQ_(}-h(_a#T_e)ro`o@c3Vh@?k(-X3|Oc{RWkDFsbPel3c+@60jY+pn(X z@&cm!=r@JPNez@RU}KkAAaG88kgIfWuV9qF@m-stpM|`#uI%arhAni)aU>U|CGH@l z2QNk=ymKtfT72=z)y%Q?pls;FYRAPX7Fq1r+}(hKo5B}#H8B2qFz*|u1&@ut3XJz~ zwoXPRHn7AoATrr4>n0xD9qdYiWzkIlIa$#`gwqq|zV0v~$*FSDVM6#zV3u^45dIP^ zRt~Mo7eS2&f-dz%NJbKPof(*82N;w?lLc#sKD2zp6SZ1=3KHg+)!_6DHzO3 zw7{YSK?&fBPh4Of=tI($`M|@j#xXFE@QSlX_<8vLWm|wBRKUMIWR)!^Q|gL(fH1Nu zF;+GLHE*kG(#l_^75xt3bsvfKnBo zYUEQe+Kgw^pdGU9u3DyMA}0Kfg!tZBjXIw{cMuW$_|&tpNxM$f{2%Y9ZblEdEdIw}kh}js z=pXg_4gcRo!o{y`0A2!3))9|1tO4aK>y<7cQF0f?%qva>J{s+gyM*qK)qziLq5U^Bs zd!3B`*Dkk7BLm~DD^90d9zNq3&1Fkj^f!a$I(QO-Y@9146_xdyXekA#1s*(RQURJ?z^yEN(r-N2o1V6FM z!4+R3~@DQ&P|YFeqgTAP}pOaszMSEC^U_hecZSv<%Nhb@L`QjIMZ&j|5wX@A3k2ZIX9yF=+QF9vh$zx|IyEXgMJhL zaVKf1{&xc^fTjB1VLvbb_xp|fzmt@EX(Xez{o3XJqH96I)U#W=n(B$)fj~lYLqK6b zWM-JRCSWM-ZI##{_X{(e(&#j+=S9KPk9^B_N95wwsoE)ZIVF2G*@TF{s(Am@6SYZO zNelG9V)k=`>*Mx-rTU+fqrCmEchuPbc9NC|pIlF??-9I!8Ams8RQ^?5k-hznvyWu= zkPP<>CQfDt;ksq0aNz*AkIY#xA|C7*`reYBP?v2kVeC@=q!b{>U52Cyt<8N=^iyPq zB(58be-(F!@$;O9V^xMLzWGNH)scS$Ud{ia2b{3b$=A#}Di8pECBikP1=fje6N(j&N6x1Cn;(ui)h;>#%p0z zVG{uqm@aG=gDf$Ek-Z1H;TkDJFj1v$AE68$Fhgi`=ZCjwpcm`3h#mX}Icx{Rm%~k5 zFDsdbFxR94B9Ou5Hiufw7NS`G0ALAENgwfHdWL*Gg=eKdN~q#XT4cM_UZ*QvTs(1E zkMv&(MOFXwyh6PaCRON8p%bMJCdEEv!!~W7ww2ppC3#Vf8pHmWOam=nWE4uMpElZ+ zoD!&7{zDIAj=`ff0L#w*hsSyS&tTYV^glaE8m7^WNC zn7PF$eWXr99|Ii-#|!eU?OV4rR6l-O9~{5CN^K1s8x_H&o{I~wu?Ff6taklz+2vUM z+N}`GL8c$^=OfOvTe_|EE^b*Vk%#`^n&{0>CjFLjgPEE4BXT?(9u6T3-;8uAsz6Ow zKQ}xYE`5hL+jU?Z&W&(ntjrT)r$BMKc7+wPrKUOFVk|(ugBlz}rTd=Q3!4Yq7KMK;LQIYrZ z9|fbTAL4$F@k$GAV7xeeD>rGTm4pGmG1VCr5)72JoQRmFIDsZD>w+DLD-0b?fU;6o*WhQ z|NTM3|96r;f9@WTxdSpKE_IYi(QEGe8IlDi#)uqr`Ej#*(0X$p$ae&iXX?^-N?Nj9 zM??UsK4*8*VmwBbesLjj9oOP+i5ShEMUD^oM`v~(PbSViX?Id!Y7GiRlYlF#4b(O~ z5DbbWVvXZlcG!l|`ZpEOdHD$2!0s^M4VH;dgD`)Vc}A6Y9ALQei61oOwJO zKX9VF{&0?Ek*T08zi+hOPO|UU%G(C&%@dyIL?TGNdd7{%=t|xNtV82eucAn!DR=TA z&5|;e1!~b=Z9;t4=l#G50H_>X8GC+LboT!=uz)sPgDsGK&f^@MNK-1u`R1(kHTro|%=cEg9rUb0Og1a#4}? zQWA6ZV4Yq|U0&5h(dV)FEafVgBzTt)JJ9|+hz(cmby$`N115BtHIP-V&mFFZd7RR7 zU4`eW%1$+p1od77fg)fjthrJxrI*{ZDqnz``%zvM`Y2VZ9E_Ccm6zm77KMl^WXPa= zrO|{+W>&Yo7Jv*xYcFO>%l7|T{=d>IWnFdfvh)Ao8!KRiBc^5(Djw+$P~`#1d&pHAPeROlq$N%tc7z+ zzkl=8OXm-fYWRO(WXDH2fvoQTfewI;|Hm#;jqx{cAL#?M#`yPf|8K^B`>DqGPjBh& z$A8$2|4vek@uyF+{!g0m-$kl1{HM&QqA#K2Xpwmx)!jv#Qxjw=i|Q&2gAnyb0;aM|EqdH!oY#A@cmruts)hI5?r|! zFt0AdX;yIcEH@Z!C{&Dmn&3mN7IW`BBu`d}YfkC&3hRg5(;i9BM&FaI@P`=|RT44z z1bSW&M;E5!DiklUavMmjLiU~VIOFZ^+zh*}Gw!NqArw!@6b<=%Ex$0|<5~1R3eBJ7 z1F*3dX>Ob9DXVJ0Y0N;IvdHnIqiUTB$}=|ch2_@g$d61{f0Y7F(J;1_8Ifltf!y}f z+|oxa_S2X@JZw-&1Cq)mf#52_z#W&w5vmnDuPk)l3TY5=2WJgCT#cDo@&Z}Nr;toY{1Lpzd=52)Qt6-7bxJ_uI;rWj!PREkr z&(q?@XQGh|%%CQfJ5@wk32cGhokg^%1$qJTJ7x63l-vf(LSDS&)#Tmg*+ao!a{gE| z6m?0U`K<=>ZluTGS*j`jB_R~IApiA`j`R1whwxt`|Lr1eK>kakA0;|0*T_IxgT#`2XPOuyFtTq>2Bxo3vd+PGiK`h!Ll; zZ8Wxx#dPkVp+ZY0otBY|w!jRZ(s>P7R)__-hWvNj>o@Y>F47aoe{%jb0^lEA00dMU z`LB`x8u_o0|C;nWO*QX-KgRsG)c$vTnD_rZ8upv`PdiC<{Xbw5?C|~oxoTE>hk7-`wf>-)zqR+ur}p>hr((YaCK81-LZgS3hFbNCJ%{&`1J*JV~H#{BJD) z+@SLdYznYN)O7(_=Ks;_=lB1U!C|BS-$`2G{^ww~0pQYUR#O!C^X}zHt^8(=p(65k z7~wAy*CkhQ%BTcX>7`MlM&q}!Y8#D=@wLhrwZ^*f+i22Lq`LCoV*q1}uCimQ>Q=(TRrO@mKyh}G|22k*s}w^sbrdP# zm&KvoRu02fS5^?IG<;W`{X8v|3FB4TdU+@>j(=%5uSc|B8HBDt=!G%emJi})L%P8^ z>Q5yV)!qLe698<<{@*((_){Nl~~*H=G&czf|ZClnJebZ#stRT&rL4PoS~NAat*^uMX( zP>UNZlmAanj`I57<6a~G?fr_qw{T2lbW=p^#Ah%;wS(f0RW5W9;5&O diff --git a/released/assets/rancher-logging/rancher-logging-3.8.201.tgz b/released/assets/rancher-logging/rancher-logging-3.8.201.tgz deleted file mode 100644 index 18f274e7c38847fbccb07ef4332f4e18a9431453..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 8816 zcmV-$B9Gl4iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKDHbKADkXn#HYEB4C$?uq?H)Wdet(VgCz)Jf0HoIE^s+B2O@ z$A-w2gc>AR0FG%8nXGcfoZ@=HK{~ZjU9e*=8(!U0WgTdgN{@`dh9DD=)`$J)MNu?s< zoBo~qst@ifDI|`$B8u`@jy!;XD8l&E4~S9>ead?zRlG}MsR&~usIf~o5aIU`QNgUS zZGb}23B@pP*jO#3GGS!VjY)(fcw<2~*3>m*LINCty_q8-7gAx=*oey!FdCT1BnGLVYT-50 zZC)9Bf8c%TMe`Rbb@@LhEJb<03Sfi$KR!Ad)aC!t@$;She~hvRFL6RrrohfTOt{FF zX_x1#e-A#)s01p3z%MV}zUfZ5h=@{X1PR>H^Jqk-s5Ozmgi9?V7P&y^m85dFj-v;l$TX9W07=T& zDQ7fTjNtX;9apCUCC18iahfuAj)6cWNAU4iBYED>Q3x912s#~ak}|e*GuJmWVSHf(Eu_*4*=4D^x90@{iNcdqDjuDo3%xQyK7B29&4LfDUGy252}y z&2%>?d^_)iNe(pDs7jO&%t##Azd}h6X$(9DjOSGFIKo&-xTb0bjA}J!VCSej1(^mj z-Thk{)2nohKD?f2&VZ1^HHj-DDK$%DJ6dIsn{dYXwbiP7TD|KkB>XLv=6R$$h%rDZ ziC8=};};llGkSy|6>I@xK@4psT4DaZAobsU2Q;F}SVemP5G3gc2K|2It|N>LZw`jv zy`^r5zo#hMw(w#e;yG%?&4q5FNg-m?>!M<`c#1R4E}4neg)3ZS_K&UV0RUtRVFaC5 zzo&$C%w4mpN6;~_>@A#3Fi<0S$IpWqhABhOBa;b@saja})mq+;LjM9rrNS5zE)>LR zG&W|Oz8b-I{qOpw;yH@BW}XlYAj)IIN57{i78Z)MH9W|EjSMzwk>ChUtbz6V)Z7cQ zD~)7~=H4E>C{~$fkw(w}^|ff*z9C~|>zXlB!46-HNuZI#Sj(|+1WKg3Rw5INbN;}s z(mg$XYr>rHSm7rHGtNQ@2@ksr=g4vs2Z&OFj#K3prRHfK>xHNYjZuI^rD!~rS~l3l z=T@`9KISn9&Xrl5c9Eqt)Lhm#;HET$VZYz^|8_7R_@_Lq;q^C*@t)?^Nny@ac`xLF z>?tCzWG^!sv8#uYW7*4wV{YLm)zgwJS?bQva}TtHcp=~M_>6Pq$eG>!Nun^zq_1yH z=(P4A;ro~^bca7uhIV_9&*UBiBq3wU zsG^uJ*ii6f1Rpyu-n{AjYGySP)Q||u4JM38`Hn*{3jVE#MO);DNxY;1Q}B zrm_I+*3Dbn2Ke|l3{y^HDp&Me3(gWooJ`M@lV;wPx@jX=R6)2A+^bI*qzXN6 z%J`Tt=j%|+@rva+X9}O;luD%u)am@y_nP(nUv8ZD-o5|u>fBeK)Sdg-u>Ui^tNXv> z=l$c|{_io$>iNHzAxlt5UnO^R1#FoA!{Ko^b>Tt1u(q_*1s*Hxxtn7q4)9&(3>LT zjRuk=W(dCbFSO82eWm-*!;vt?fTR*Z@(AIdxw^3fpHS4sJrQX4h-miKW>@`Wyf8$0 z`R-iT)ti02mEHHf*AsBwVGG0=K5i3j?@I=2y7)(v325G|0k6)iN9BsGiJ zhEe|f6KEW;G+Zr=eNFQjvdEV+8`Ig)%n`}7TkhAeaU9sbt4piIN0xdo@|adLtUTzW zK`k}8f!|ZEDlF3oB_c7IV%QxosyJots^!Tjh;H`;7fzC02)8R}ToiU!k;U~IcM}bq z)$7~}Kt-T+)(fRg`hT_k=bUh6!*#cC&_?_3`BBaOdwzV_-`RhUQEGfF#w75a<3ukG zuiNcbqS2-TN!5%C`iI&1`&ZxD1v~JrXdLFg+%wM5i%^k}C}Q^8T6j|)f1nXcMWSQ` zamttnkjtx#`_@`EM)-)7p$RFIgc_Hjb3k;AFDiHCn|rzIMw&}$!#*Bp#WBw67|mjS zhRD$UoT4&+8I|@&;&L6jkS1Z);M&}5g$m9wUeR@{_PK7gLy38aHE2sHZ-JfO?ipXd znsb&$7%)O3+f%~BjCw|Lk|5xz9ZG)h;YmsoGlw;_LxK^HC1%(tqHvNj`52SzFzNz+ zQW)zs(uAOi1x72U{yq_^;L(K`)ioDaG@iP3x{Mu-rvjyXgz2l{mYDEt0~_)%^Zc7C z^gdBbTo8pmg8fSgMgdy4RtU z%;j&|+J6qK+nRwJ^FN;-R_(vxpnrV0v;Q8WY_R{fG5>5@KmFAve% zDE}Szyc))B_r1;iuiyJNw`s9Em8ppcXW=zNT=)2eHNgz*TM-nXlux^na?T@Ut#8io z3?~|?OfatD4G&;>XK*W=J%B=fed(q1mnduGzXddnT+=%+eABVsHTX8GfXX(`6idkz zsaYkv@>pf{`Y$%Eca;Jg{eRD%*ZqHoN4xy*M=53FjwFdJ+;}hZ`ENGeR$B{8hQ@8p zjKbzy+bj!)_;3R>4l!16WNfDd1D8t9Xh5VjvNB7zlzDFZlBHx^0CTG8P08fEAEWa& zren4y9b%=)C}pm?tNX(8b|$VC<0dIJqjD)5w?u*JnKN5-Q^kKF5i|1`yNUd+3_4R0 zCS%J@u6i8W&79Z{K%#87o@{KjW|+Hvl;ZxvUBm6QKr^t~owKomS_keB<#-Nv&6`xe(+rG3D zmrpvC8Wy*=(b`+^&}OUPu6$JK;R|@dTIhd#c>VvpuK$PqUHtD+N?ZMpkE;K1r~e;X z|Kn=?AEA^QUh!O*L%MnlJ2PNs2JFm$zm6HuLjO;%@PYOJ;Mvmt|Jm;R-=mba`hR+b zkEs8rSGd#v53B#DSGY?5>z#i$5&Y9)x9i`j`<=S~3#t31(n9}V9p)F^t3#=UYAk{+ zOo2`LAA@1t|9{wjw#)x`l;ZS1iNnn{z|~>l19*bJw`)*;!4GsS|8({r-i)|9+_@1R z*o?S3TzIgC>4#}+r9D%#q;bvU-_H8 z{*5dZhvb9WE8F+6vs%7ZtEJUk--GS4eLuVG-LJOX!v1sb=WA~O-opMHKHug4KT7!m z_FwjX$DINA7dHTlaM8~G+u46R`)_Ce?aIGfX<`3~E9~X3(78HROqhr9gGM=AFp|7*vF4X2!A)2ZRk3N6qj z)2YCzmh_$KetoG$wtep8Tkeg=cGoJPQr8<#+HN%nfVKm%b?e7?x4^o57#q z9$ca56?4%HuXw%&rqjud0GggvTNjp54^_~s8A_|Ln$T(Okxa)HVlxCgcMU98r~iyg zi&_PKvc=5WFGjtj!Yup6dvTJz6s_9x(qwJbbt50N?YePZTXnyIaoQrV%on#Bd}a>b zmIzfg3bOq{6^Hd=wNr9OJd|S(pp|p)mdAY?4)Z_gVd<@0GcE1EY(u8afUPaSjq#ts zpl<&?Kicj8AEn%b{r3QI8?np(edxH2SdstRpam*b?NOlIkI+7@(*SsVoM&x=UEpWi zK6ZhhUEpUI_}P_eX=ncp?-T&qVE^@>FQ5N9e!jE+9;Iwy{|z4^05p8)2v9BLvK$a_ z=}7B?GQ<4wxvhTjBW23QRxZweIsfqL?aPaw-o5_ty&+WgW$F70N}vjwtg@kreB4P0 zw_X2t2>@(Z|HGrhrS<=8Fx;*G$0+x){_h?D7%dvA6#!b(@; z9r|Ax5LhDgTF><6NxWZo^RV-uwW(>V|4R2m%&SkrE**>t#_E!2o z+g-Hu1#F7{_6JMn|DF$b`G1d6{+;!I#%4S1e+%uua^tkE{$B}br4`Vk#m*Mk*#bLT z;NQ#^*p>gh(#HPdT;1sfpqt}A!+QMZa2Nl5obs@C+%AdlUJSpTakMjzcE-^o8%JMS zGCxjPt^X5wtHb^cWrO}791Uvc{|Cp~y*)U>7{A7_1Wt~Y!4+SwwQiC#&XxIyw$TN-(^=oew5Of$9wM5 zSHJS_e%phpCoGi;#p~1ZUZnbI-;C9Rtg1yKzqB@Q!@i^Rf#I&XSpC`H%<>jfRQ3bI zrB4tif-4?yHi8c)r1fzdUZwOfPC%xWKDYcws4)p0pl>? z)CFEM4U+2xmjWB15;Umfz@0B+Vz&}b6>UYG|2Ut=t`udX{3rH{^A9Nh`_KFJ_>bNJ z?BxGrlv@5z#rgC3v)Ao*n~(ZA$^OD}N3&!veAtg6+V9ISo*|2TIqL;8;_Ug=O--FU z7}d>fA`+7+hTZX^+RD-VUS;;`^`A-z) zq-w?m{lhp7{j2Y!4FP8-eC?L_jI$>1K)ygo7}2;>Tb!%GXNT0VtGI1Df{qd?c07?X zbk-3`XxVe9Z*`hO);7;fpiN>c)t@kaE%Pg$sw7qRdX8dT27J(2l706_o;k(qd!f!2 z4RxQlX@?kX5nYk&d{5PYrxVY9<^3KAomDTcpP8ba}6Brf7ST_(` zeDkGTHp&0v!BYOu;CT1_-$yBX&H$V$c)~D-Cyeu}G=a`KY1e^HNz!$oqyO#iLm#@I zKYM#NUuDA6IE2yn5Yj-E9!ON#!xaJ}3nTViCqFWN-Lc`TJHdHxq{f{f-5C{^K6NJ; ztHxpCX5gQYgp4VpilX#ioW6DnOqOcW3CxK6CoZxspD2E=1dXTQ@4I?`t6^2CqSZkO zo;F2SU0JNYy?6@W;wLJV$y;(TD;Pb&-}5SFXcbHZ{+?2SA#~2NUngfTB@lrSQ7JXO z;M5q(;3O8P8A46KX(dgB1g7hifM->%f=KmcW9SwK(|D%*WI3-G6Xa3J_ z%%(m4Uv??yajyV0CV|#?6UtC}2fn;cyaRtsuDk6$^J$2rXX^?6o9EAEz(eePMY5p2{?A^$c=`5~ABFeW$NKd@JnYx~e}lv0qn-Wt zD8<{$GP)u2YQc%tfS&iU{@~XqGo=za>h-2n&C;=n^^|OsUfn;o4{xn23j&OlAdLQj zVU}hN0gnq1{hv^bJn!=Ia!lmR`_?$^ObRWK zFoY6LU8%^JA!L{rp0=)0^s-`P1w5(%OB1~V%5G(5#WMJ%k!#cps;^@uc$fxS=6T+S z+`xb_=SnI;5(xxyQop}FsY6T{UqqUoJk~J(nGe-MtBl^Kd_N;9q|#bH2p|6+vZ(0X z`9k+I9RSuf>89aSps~s%RVY2L3q_AG@W1W# zSxOlw#+0*uP~%O3%V^PcH!hc1A%oKGn#x7pZ6sI@4Wa~gsY3o|-yGab>Is}sQ^GnmUjgz^$5oP{VX=bJ~_{u_ug^`ypM z(FlFbKB!ksq-)#hmT+)TU#15KngMj%(tKo7ofFgL8oD&N)aGORpu6~3x%cany~_1I zNHpwh+$+)mONby5Dir#XCp=NV7-15E&}8bSuq! ziRYJDz_lr=+i5M+P+-L8n$(O{Xq5>j2}DXBP@*z3rQk|C2h21mF{d5WNts}_&k1LY zUzb|ZszgdYF^}u)SwcX~kcxaN=Qf7pc{k8lPBYNWk5{w;c!@F)G%<6& zx#3HPO}T=11KsTl+^SWZh6bZcbL^pXK;m*00m?%?$zE+@&zY3YZER?GIh_SUZ{ydA z@yjx1icDLev=TG5^dieum>v4x`NNf6l`u+D#%wD0mbB6hU6Ob!j9yRPadj$CVyu?C zG8k#W{(g=^&=6aa=?1a}R)_EjkR)l<@N#_@2BR#fxdm1wjCAYvXtl#AkCwJasYWAv zV($Jhy3TV|G~ibAb_2!HJ;kjbA0}L6hU@#>ZasT>3yjJk@78=|KY3zeDBuz$z-3Ap z!E6GjO${%VNY@Ozz^HWCq7@&#O{LO0H>Q>6+^rzlijI>(I+8d@osbtT5t+9c<+hSBY0N55MN23p=(}ZmsUVi*_BSz)3 zf~|$XOPtUc;d(}cnL*E*bEiDCZfP0JFiaVSpe^e%Ms4`0IIYy4Mh>G=TO%l!EXYKo zxGhFWahyvlcKpZzV}`DH2%dz5SNdx?Rzv>WI=o zsm{m=)J}e`sxyK?zu$if9e0GPGlF5i-~a5aJGmtlYqr#5lhX`&)v>aUJ6ER1-*{Nf z(I*>w(>{6w0dj4tH_(2eLk+x*8OsgUV+QY3@CelmQ(3442gHH(OKRxG^IkB8A~xP_ zws;BzetGfsjd2{?ZLdr)pcCrkfZdLn>8b6J-S#*Ud`?5Hu4fuVZ69poQ1BxcfS*W| zFx=3H~T?T>+f z?i5w%jzpWS{!?ekx|jEYViE!rCDd+g{P&tN27HdpXkdNdx(S`=fg(&X z#>}%^LwZcr*M+v65rN@9vE|P02F^_bxWYv~-LcsuJaN<3%_*^8Y4}m2=5WC9*Coit z*Ob2{s5MvKWU9FwV{12*HvCv%6t{KnlxH+=UWpNud{EVfCM-f^5wxsUtYOsJpL*lW z2aQLtjX(7UE(iWI|7g9tqK;7u-}5?**7~0F?n+;-xZH?Q3lDEIMlC$N?fkmgYm>H+ zwsp=9TeNWv+jDlV>L<}LKrJT7Y>EX zwV1UE7&KwlDqyf3LuKEM314rV#{#2jqm8q91D7UxyK+;%4x@F`*czkyWZuB#IF*Yr z|Fi<7br`Liz7`lYPvUm7*6_--RZ~~tqk5xtQ>PbQ-yg1yfo;TS#nf$wQEBRK;PN*b zMKoMU9v2^9?Amv;UADkz#niRMXld%Un>F|MbRK98?~@=vDc@@AXQ^ROfpwfnn)#(MDXzkV-3RU+{KzB%|;w} zj9pwTJIH#OGt}guIZv=la?Ab2#eR>(_5et>{Wk#$38^$mXuQZhGd>oEpK=fhO_0$T zrHy72nBX-?sw+WY0ux0b+#n;+g!9xj2ZnQG#_Q&wRl0`-Pi^0fVW3Q28RJt4GzOB# z(7CXwegq_qr>vA`;d|bXTtJjXZbW1^!90c;zt)g5cl88`N(DXzffE$^2~P!l)C4Zb z@78uf`s||&^P&H#hjIRKhWXGx?(JJIbe?O`HDfI~>WguiF|8QGQ#S=J>CqhD%>0is zzc$kn#~3IKE%xR>r>0F#CVR^z)Y+TuaEbwAMMa*qP(vx}pg^s;%d?jzsr94l8-8T` z`nJ3sh*0L|w@N2lFVrGI+1rOMyr>|immV=0El(~>$KWpaZKNqQfnEvM`oavo#CCa( zX_X9aVU;_HT+)bLXGOY)@vame6(Y+{<|4>grj9+7cAxaIv(ZQ)`>26N7K=KS+~RQ@ zr+?6PJul8pdkIgj8v1 zO{x>g-Cu(}#$nDAYQ`m&hN(p!PZh+7p-WG;RLX*vLB1Ag3`l}mX&4hO>@D4wnf-fP z6HAMsz6iGG{sM2)h#DG}Cdv%p9@%!8U*iTwy%UF;vAXE7-i6s2F6MW$0x8s@Zf8B; mTGf^`N&di{1={Tpc4b#~Wmo=!<$nSI0RR6vQ^9Wl3IPByXp%Gl diff --git a/released/assets/rancher-logging/rancher-logging-3.9.000-rc00.tgz b/released/assets/rancher-logging/rancher-logging-3.9.000-rc00.tgz deleted file mode 100755 index 957fd54465db8a7cba2520a30921e01b97a0269a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9164 zcmV;-BQx9|iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBxliN13@BX{|6n!;0ckMYA^_W*yw{okTvAx$7Kc;4!Y;Czx zGZ5L5kO2t>05w)(-_L#u4?aXu5;ZR;yF|G>A_+7ajYi{#Zh#ad4rVC2j8CUDp7u^> zL@0kjBKDViOZ|Soe|&go{`UL*>fgceWcZiCVZVRaAD$eZ^#9Ty91ago{sR5`V_|(t zr6S@l{X5rHZQP$EkvQgxD9U3w@&E#&2;);fAWAXxDesX~@h**}B8-ioqAuM)gx^I( z1+&_+0SZMY6vMn=ZMKlggpoxzCJ~O{jU`>1Q|FKg32+4VX3mIQNQF^tAudP2XqWg!;W5T4uihgG{RxGnJRZS(;E^QBFAw~``+YA&83>vvbL*5dhJlhm;t(d3DHNKL zgjCXa3Nt#Lu>}M?p3rG3$e1CVp1+VjobekJ7{Yh~-( zRWqd$IqLNSZ6>7eT4?k{N>sAP_>`OfjTq&8>RsdFhKo>+yl&pUE<`-0iVJ%oF-Qef z3$I>o^QE@;`&|+A``*_cIsYE1YX9eir6})r0@z~zPx?pws{KDaIcn|yW28NJffJH4 z1-9p5!bLVryF4HLd+=dKB~S?j{`LIro9={*h$w}|;GoX%0s}?_!kh@IZHxrPVT_Py z%Mb#M6^8{+1t^RXMiffl^8_Z02IQ2d+WZYXk49vQdL|N>aH&niA~y)Vl2z_jdGr7j znP&D8AW0cJOOVSHf>Eu_*K*;T8$x90@{iNe!VDjuDqFVFom|mx2^x^eHYX*cIZb-b;l2WlWwyjl$xd~^C-`H7oPfzbU3kiQo zrFkCd3StaUN+K4|O#1~!+_WAcNCjKKSP&zdiJmb3R*3pT$6IT0F&>R+kK-b>SKp8UC?Z zJph1gAdH~%^4FBGj=5__^$0qKmc50O2?lBe@AyS9!!Tv&d1Nx7F;xqzzIv9otM7gbM|68jTH%(^n(-w*PJ4WV}Ez*UA&3Aw+p>^yt?V#lljNHirk>Dyhwy7918Eo^#m;{-6kF!uK&-=n7v^hIV<7 z_v9V~Bq3wUsG^t;*ii6f1Rp!k-@NJkY8Ep?kGuQ}wQz$SPW1|EO&e7<#)+aN| z=_jIc&kL#4bkF92laE)TYG12Z9(pcURbdKJB-?3E=Z(ry2fxHXDxz1l=Jf*R=rB<0j{hVCi zfjHi!@bvcmU=fgA@0;;`DUfjzqSLcF==BSYA{s6vkGr-^M3Sy8X3e<9Uh}?xXuwy6 zfjWXVOV|AwQ&o@|_{aWWiOgk)<8*olVqHTZCmF6MRmPYubE$y?e=zWmx`ZV(#_r!e zZ>gouV0UtHcYq`bqZSKm;9+cc1_MvepTW(H1~Y@J*$r7puxK!Zn;FL7+%7t=#%vCx z5utL(bi-2?0;AWcYtXoCY7tJE2R#wbF%G#XRb2vN=RdrBrY96bzpk)>?aommdX5y0 zp|j3VbTophYOIzHN`y`c&{zR2H1jyu6LVQMG!9rA>Z?`mGqndA8`2wCfgfWdpi--z zSy5?P6>bbRk}J%ZI$U>Ps9RS-WjQX>u&ygOLw|Wv)pkU1mN4P~O@Ym{(ao%24LEB+ z990lDBKqez5np? z!dIWvo$J`*|1rOp{Xa)1!`A=vC~1BFU(S#vD5S5FJGuh5^#8%hVYUB{j}H#p{(p@0 z`|rJdnA2#a7oNtKrx)bkMOrMu3`elv`|`!pxxAO365~diA;cs?;1lahF@VH#`MTBv zfY4cSBI-gN=oZU*yz;G#p8h+9`UCz`!S72Ht9V2svfXnb^< zdB^Q`8E0P0LNs)ei?!;~%=4_x&`9=77L>j*?HGO6yn9Q0<|46F{BtWWTR7)+>F&-9 zCW6Ll0-gVo-T#uE3N>5rE(*8qw^hV57hBB7jPV^8qbBd|99e2qZKHNN(>SF}(Ri6l zL*tpp#WO84hswieKp-Nqbqw=4iW@ooy*Q`OqO*6 zS}$Y+W^G1GjU-8BIbg%6zyI!5Q0tAcuVp?%7Wr~!W4c?4IU$*HtMwW+jssiw^3W>j zk(J)_Jf>YwD-Zf=QY%G1!>=h|fhB|1*=&@y&HwB1pL4>S)#ly8!CUa(;h=v~!G9-5?f##~ zNfkX7V-on8Yef%;ZnwL%8^vTGshV*?e>3h6|N2`yUabIuuh5h@ZAMU10C z8*j?v4>UrlNR*5qP8st6a(k6&-$rC(jE_henk^+Hp(bSDVq?bBRD|-(z1(3b&84(q zUk~)eG0yUsnZ^7Jk)iuJMP>dnD(#QN?RDxxnuJ+_8*{S}D;S3fr?Ik}KHcL3Zji7xi5y6_~=56 z>V}JJ8c)~u6^*9?rF;b4sqmJVogOt~fQMNS(PW|b$(nVUuVt}*FJX;&DmE9&@(rG< zBz1~dJakm;MUmxUrG1;G^z`6K>snNPvXV7xU-{ljxf%<((wvn>6meNU-~zey10Jom z!I?jo`{8A~c1B$*UJc2{G!An$DBX84f)Cm7ORl4mmV4MH{ zp9q zCfht`m~`v^=N9*x*ypVn11KFy*y?a`PBpuL;SA4lqM6Djgbm{L09F@Qx8m6YDD3ve z@h`%A+6TUE{11oK^FPOf;h-J=kC7_lziu;f?o$$GcgZ&iQL|_8&3K_u!st8j%?3OF zAB>NoqqU~DZ}g^Py=(AImI0M5oEer9erTb@S4!*0f3ecMs}~xasB8|KKt8#TvYowoXOwoXyQ}-+@-}>0WMMX?XHqWh#xF@=`OK+Jx~Ss+ zA`vtF7`u-AwoE#kBFt7b*SYpdX$o7}m0eU^w_*GD?FCDdQ*9%w2a1XcSB@I()Z9{? zrG3aHBHdy%mgAG9PIN4cptA%L*M_#V29!i%3j4)2S@`m0wDMSyDSY|Tsn&T`I)JrO zrZ}Co%NOy+f+zzFkGgVaG@%cGLg-cN|qj!Bz(qQ95ky-XZFqU7Ym@v zY?U;xa$I4Vm({ZjzgL@7Ex*2DH5yqS0W0S)iqZ|(s42c#LF-3F`FvARfA!SUtwzJD znQ_OLN;W1t&~$Hgls5bp)vW9SzGY1tmf%^xl^3k+xUih$Yv>f$m!& z!EN}jf6}k|e}?@Q|2;~oDBrqW^gg+kWu+{`#`@qu{+Wf_Yf zbm0!Umf4i;&S>=JMCgIuBfq5r&6z-ks%wKTKI7Alw_>a|>Px{+e)1w?s&qD_)QsCv zTQa9+6QbgZu*yjK{wky;A_TNv2Fz!nC!X_wRh|4py)f$`tb%Koom|DeTxkCB>AMEp0s z#uooQEdHBb<2w9zosO}a2>xlYtJhC!$^F5-jnrDW*TTIP?zM2QO?OHS@Za@8e$l-? zka|*$MX&=D+=l-Sj;rzCgTbJE|Iec&H?xyC+&&*)9~3^oC-`f#0@e2?LdWV)=jp@4 z$m@gFjrhPY^7>${8&UVZ!;b*?NeS|kIfwk#95v3!bRm1?by2d|OBSM3G>0U_ zuiu^h_@Q9t1DV2dvLdm`h-oP)LRqOoHM{%)7scZVWvHcH;i*jF7s=!N@r&;(wL?$W z&<)4-Z*k<*90EZ<9Oq@BRXqlfi9U&1x~f4?<}v^S4w2d=T5%l-ul{xjT2C*>aA~D*r^c!O&enKR$t?= z1J~u3A#8q8KyG`z!s6Zi1p#Zl3@h&nSamIwUmGy5aSvqtmlot}CjxKTl-nlLIHY0+ zV!6GqBgRwJj9SQpYZSerFY4(P&o|I?b8;<#x@XI!3uM$o74#}VX&qM+I;}jC>DW@N zr(pZ8M&+vVpK)nfTcV%r(6jc7p)aT~!+!BzoMvybT&{Vgvv#VwRu7t1UE8mXs^6kG zO&M6#i(555gM+sf!m=6#+4^9ahs|cSQ(Epnl;aGbk@M`9uY0I@nahK|EMq6vM??IV zEyy$s*ckzCjsF}Cs`&5Zq{V-alI{WjJwV(>wEMpwI&LG@?EkKr1(vefqky>|p?O@V zhVbS%&&C3`4*ZCF-J-scS{wLj13zuxrw#o4kyA7LH@s5-Xbb-9pA1&c{~fpczaJ;< zFl`PWA^QLFxL_Y3hoLHMT*6Vw?^#;0ps@r+M5yY?%N^k$y(W^a*&b*@Ed z0C$UAOD@LR+Uwnnu-4Uhhx*qB1XcvS(KEfh6YtmEJnZ~uEgG86|0M_Tu(UCx5gOR$ z{~fN(|AzjlI~;ve;5aFS*?tBC~COetq7% zxNL{_>$BZJu65eBPTSUL+d6IkL(;AAU$(kz=nLA4|Bi;$^PeZ}{?Erre`NfZsacEu zZh`*RE}VD8e`^V?MS%@Uv{mdMLd6Y}@; z`FrbYIp+QeW!+H;Mz&88e zub%%K93Kzc_dh;Ls@=zZ;kGZ=uJLyG=%a~Y9QJtBb`mwv62(Ea**$6(Io-J)Gb(xlT zwvr^NOfU_4r}8oQRT?ywio|ux=05^ZZPSCKt@i&dkM+9lF4Mp^`+wZ8zW=R1Z1?{? zPO|tvvsjVsY#LAfO82k9{iOl{7s&PUKI&B`5=Z3EI-jig0oIGD6lgTW$}9dFkHBFi z#?jy)!>%oGP6v#`gi{yd&E~3n26CINBUFM0vflZzzR|AOIhyKeJk6VJpOhZlmnUXD zGh&qs(YXG@+WK>Kx>)TNyOwhZU?-*gV>p4f+J6!RJdJPl-nT4mvH$(UL3RI6YyTfB zRYD6(&Yv$|yl%H!f7H`i_UBeR>MeWWUH(Ix_OCw(zhYWH{!@uUaE8s!cx+1B@ZZY! z9|kAG_Wbwbr1Ic4gP){o#s&S&`1}0pZ>0?ZXD7VvlK7mnI`2R}?noHXxZ^D!TU<{* zJEVwR#ckOUbd*T3rF z-tVl~zWWo;oZ`*BNN0zFy3X5_!;q>+?+xQxwX$5!0xhbmrH>0w+xY2O!Kh(;v zPwVafoG=<{B`|&=#=3#n;hR6@v^DjPvU>fzBpt z*MUyS(siJt|2=&QedvDq;_ca;Bom&-A&kC*kOr#sK%&YXt}z%{7_sLndBylm$3~v+ zMCZM+8h4^}XI9+ysXNhF*A5f%0{@gGWK0=V6s7LTraFJE{MDYuy zm($=sb@~2U;c6+1o(@X%G=yGvWx4w1@)>-CpQu!3N0Fns#L*M{HP2$2w#13RUsEbD zgwA>P>-7AE1R@Y3Dy5beoEe`rIEw{ph7fQeP$oPMHS4G6FCdr^pGbI@wJEXty9(h`!i$_oyJ_?z16X8{eLv9oc|si9v-&%|54H&oDro^#1a$- z+wpKS!x+XXWoFDIB)B#^x4b?0pvQ`Uykp*!y2keRvyOi^|R}dPLK+kv+%20ayzPw4ieSb`@ zy?tLriMRj%y*>De2+C6luV1{Bo}UQ*3kJ&bX^5m}^9lZo=g(!pL+t&DP-b=fpTB(m z;_XX63h%Lw&EtPKJUOZE|2jDC58Cnn7|Gkqc63ALEQ3=$2YTMe>Vu!3%#=#xsMniP zHA}}P)>FbLy{g;oDZC{ynPLb5#!3)If5R}_W)1<55*}l$vW>N78(Q(29moRGz~gM; z=X>7X9w_#ILNW5ZtE;Oqku&cb(6g4=+zKQNp~O>HDl%pW8RtdFyKAO;xdgHT9xV|| z6TJe;Ze_4ymHbM}HEV{|*Rc{jOapE6JnuseF<{KOl1h+70)brA?{6>a5EI51k(MWq zHO(LLrdn!Ct@kN^nh6zBY4H!j$Nz^cDk|5__T}tpHU~gt`qOp8nLvZeBvmLquM0(u zFz~>Z9>&6zSZyyCv-JSBL5TzE%KT zw$vY4SLecXyA0h9w$$#F_CZ(iap~UAPxh9spMpfA&c?kW4Y7m>5}`t&FNuPH#4yI3 zHii(UX6fMi#a3n%;m4S+Q-w5p)C-ZJLMyjYzn64=RRvs`BD?L@vJ3@Ae6B^!*pjR= z!z6)7$pcDM22%>Hw0*!#fs%6CMxB-gX6u}A#`ukCq*gjvl3p%eZKz73O zC>>q6S|@;VQ%|#3+t?Ezr4tof3SLcTfzZqNO=kS6%$Xw71}v@ROs%}gbRB00{@?xn z+Nw$%B`ITeEBB7F(gocn@kSiIp1kAgOrXSAtyX0?(uV#09EG4EHWbrm$O_mwginAZ zNuz>So2xJ!WkJmyxGHg^OE+h$8Ao}vv^h%^8QBwa_s7vqzG*@eZq#p|p*Xsyxb@@1 zgo_NgzRz*%`HNd{R1SGJ)+77L8xunTw^0JzP6=a}P2jYy;FS{ThGrKWl@41p(xbPj zRC>-$Wj0q;TBa-Z;q}D)c;-Nfg#WEeNI3ug`DqcODZFjeB8esV@bQd?ke%!RV-IKs zGG!HI_Cg-WUclo36D51@ph&{QZgyg#>+U_x0HW_i<>1vOQ6++MP2-diDYcq3Qt(V+ zR!VOvc=h|2P4o>%WHO;KRZR?JLHHdH5uUq}yA*7~QQoUNO(thQ_TFNor?srSQ3{kw z_RQBhYt*|bN2Q~AO?h%M`cOLO*RXp>oQjaZ8)8ut0!aD9qm~MaVIWs4ptnGE{=q&=sXIs61_KP{x(A&CW zxduIE^v(p2P|Yxv#gyQPII@0e8v5*c&zV9I8}Bw-JOcv%dj9r}aU9!auS_tY6YA`M zU5=UVsjQLR@;DKEPD4Fi&oqh3I@m^{;1w5upGcH2+{Mk&on*_w1&MZWS^Zzw-~T|9 z{rwUAi>HRuRN|7y;A4sK&reDhPph7tS0%sRtHQ50rzA5;c5R#poE!JLUD<{lCG79V zTlsAZ}E4uvb(+PT3=B!Uy)*R$3-H1hL>(5^@leX#^;#E zG_cXnF{&HHxa?{y7c|=|Hc-wua)FZzb0oRh^2gA>a1&MNPBWXO{xgSU-OHOnF$n>R z5^JAr{P%`327HdpXkdNdx(J=}%^VR}r}pNnldBLc%8u;I$? zGhCPgaE*(+yJNFRc;dRPn@i&9Qo)a!HOB*nKd(?WzNY+TJB_vSb2c@XV{FZu(nKE% zj^d{7opO)n#g}3PB_GssK@%1svItr(XRL74*q{2@!3WJpu!}$SGh7Y)V}G#4jap@? zf%AD2OBOo}&gX-e!*7?2Se{nA@sqhYiZOg3VPsY_3LyjKba2 z$jE3u@CO6`s7qKvW9aC{R$xQKLY?ZhDk`FDQJy zwfhQ=mJ4m|#LsYLqPA-n^P4!@)P0RPs&?XMxEiN&G3KAvu(XMzP2Jakqxw$Vt=DQ^ zVz#d9mh`AvXj9kevDWv8{;*N6)p4|@>vrR))ODZX>K7VCG+am?7a!g1+P9@u$66gn zYr3u}M=M>oTd%plXY)YM>^=zsl=7`cJu3wZjuI4-N`-NNPN%>Ygvj8fm4a6v&yj@x z)G+RS9AMSGyNRRR8SZD^Y+oua$P}+Ob0q0+Yv+m2a5WtKgKi1ytl`L2UmL;L%#ke^ z=z=vIbvm6*w%6@ZtnU9KiB>ieMtFaF0JrS_J?tMIR`>rNAGYuRd6cvV=T-yq7rT}> zsZj}IA~6I$nPjepG?7XmiQwb+1`WXay=xUmiuE}27`wPwb&&KjXPDW8jb4A@O4Gky&Fi{FIYOXo8H!C~Y*8zyxnVQk@9`qfyO}c7%CTbs}})D<0&h}*?rG@#RWu} z=Uzm15yWGd@f%G!b5~A~s8rxH5I8}hpYT+`M=jt&{BCR)qR(E+KOg#^dKl*~=bsP# zqux{Nh0J5^UDMW*qqb<5Y15iEJab*(HockSdzt@9=GUfM;ur&kq2=Bj=+m;v#bj@} z4ORALGoE6=SW%Hjtt%{L6%?%1S9$)zY-;@I>V{X0-`rNW0};yn{7&g)VPzw*@u?BP2+!+qf_h4?QKQ zOq@EKmhiIp90zw4pe4!UImXmX?R?@kR-+FFz4j^ysI;U42K*9kS_5=+h0 zCXc5IV#LsGPqk9Yf>%L47HJGff?25<6E5s6U6<+odm9rggP}SIcGv!bZ&QdG8J0TA zG~gc9c2!^F8b!U6hMKmz=%GgAwug)U-9CX7)1oeCJ)e52EzKnP19ukWPjs54O>JsZ Wo7&Vg{Z9Y@0RR8razJtb6afHgtTfI5 diff --git a/released/assets/rancher-logging/rancher-logging-3.9.000-rc01.tgz b/released/assets/rancher-logging/rancher-logging-3.9.000-rc01.tgz deleted file mode 100755 index 1b468ea36d5bbc2e6c57d08245025445ef0876cb..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 10148 zcmV;VCtKJbiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKDHbK5qv==bZ#zhbZ4bDQ`?)WeVT)1BU#)Jf0DG!KuR_M1+o zV?*RhLQMiJ0LoFD+`s(}9(;-!+#78`~AcI@$tdY(|_~_hr`3;e?b54P*`13 zsfhST|JHrg2ltf}!WdUXQO@MZ0|KZa30gk{v%n^|bsW5JA#N`Mg%F+*w zZxg}iG(_2*&cz5EIDbsopM(YxPeY$_KZsJPP)s6z-J1`_sK}rZn7{~$L^qNeu^L;X zv>Wg^;S8C|yZ1;!e?cKBXCs&oJdz~&&jbHoe%}jG27)HaJUZb~gn^PkSO^muDHIx# zgj7;Cg&CdBq6Gw;P3SZgWE>%!oIRI5obqcF7{Yh~KbQe~04I9P*(AW*1O-uC_#O>( zS2Lv&IqLNSEhePzMrim%N>s8J@hLa|H)NFasdt5oYc4`L^1Au>x)5_l6&Lo0#2^(^ zExcyB%`0Q?_q!tK54_L4a{eBrF8}8wN>Sde0@xt`pY{)**5&`vV7Qb24^j5uIZj9# zDX=pS6E3o4+U5D`--CBEDuGHM@awbJueuX1VxklpfrGlja||LP5avWsEn_4o4r7Ew zONJ0AQydmN6`(LqBBD_Go+mJgXh2SQs>R>H^Jq+_s5Ozmgi9?V7P&y^m85dFj-v;l z$TX9W07)7}r#zy;VgxTIZ@4-YD3K}G#c3Kv=NJf7as=;xGm_`+9EG4Ej-b==CTSEc zJFwVafp!25tN=vqNg(8Oa_#v z(tr+ToCat(K+SYFD11BbB$6B`)2K?65X=Y*?7u=u5Ge!B0NI=h&SGRr!ZlShh^SU` z26m3h6Od^z)7`(Oj9#T<^x@@1a|VPQt_iD*q|_{BcC^YMH{nsludPr?- zH1A{G0mA^LBx3Qzj9*~P&FB$=R749H3u0(9(F*h1g4Eyo4rol3v5NKpAV|^?4Ep`p z{f;p!M<`c#21wT{07`3s<>pdz z0|3Yt!U#Gq{zysGF;C5^9zn;zvX5{w!9b1R4L=WN7^V?=9+^xiqiSKwnib70*%3HS>gM08!2iAN`S{SXe01*6<+vYhG|%?nS+UAAi!_1;sINua_7xdpw60lXD%jzRF$pws$g~^_N1#Ni zYb7$VI9Ffj)qd_Qm=n$veo!#uQ79qdVK>4#M!AIpL@7bXsd8&lvovRV9V$W@3XrH2 zWmBm|gI#-WF&pF=XCOFNW^LLvmeNo&S>J%0(h!FIe&7G+{(Rt{^00>2Kdo5V)66<4 zthp-dg*=cwMdX$2Wi}&r^-yvwd)aWzBmAIxT9746-5GN3fff+Y?gXP&%U8G(n@N-+Q)8-Z4S-my^;4o|Morph5uaX| zH8Fw?WfPt~k1@U&r;`ba3nO?(&^dbjL&tVGym_Bj2l6%u=RALbY)Y9HrIwjO{hnOi z0yy5L@$}~NU=1L<-8bv|LSV#6h>p*iEU({b9MfI8LXx0M<1Ca**L_P-PR-RW1#1;134=QI|vsW!U|f z=T%1P1a>DUcLzw4MAVwX+U_v2JF@~$&Yr;aj0Q7fR!7%lA;B7hAzaUpf%CfPy4qxO zHX0Esx0tSZ8if$iE7Uz`vutV&oH7nt56_W>T$H*l*rVdJkPRX9J1X^h1ajx}pnKqOKQ5x!B%h+dZ50n|uYfyoonITYV zR8K6aG^`pn#x#;k$e2FdbYQ4QS2N0TvrJocUBM&tt4dYN5y7J*BF>&EOfxNXGbz|$ zo3#LrDhOKveenTi(a6bKZON z_T7tfUwu%w?qh@h$NXLO{~SF%INbSv9-^$C|BD$$2@2_}R7RM@k|SjnYPk8G`Tq8!dEGU+F&da3qW|AgM%jqY@sC7ltU$-<<2Z+Io-)29JI3oPPxI*q);b~BALuVq0RI?2gecWLHzR#s?5`$!g$zA@t%ecyh1OL*oau~7UoOE23v z$F=fwYXlQPnVLZ7KVeiTsZ5OI((#Si$>(X+C$OG`#eBo`ml%O&%)7bG^`jy9t<)jKO0rOe0nZx@nc^9vjd%r z&P_y?^#fWjWD8_%MGK82No_x1!>E7#<+f0(g|V+`KEo*X<;=!(H#BoZGVPZ8HEhfR z+jn(omH5a~?^zzxZibZyeKn}1CLiICl&cEMG(w39BU22!<3$yx%w4@a83obpZs@{E zvJ2t%Lye2V?x(W2e&ar>fwOv@8v&>Yw9a~=v`PQ3w*Qb!;~5yi!llO%(tQ!M7P_mWTTi0Bvmsm=%2>_;a`1c7wo{hqAbi~IcGdVFGfW| zqKNS{XyHvcdq-oGip0qXSQFLFjHjSwKW~pj6zVfrBb`278X*f%RC<3#7zy)&Y z2RvRLgA;$Q_Wjd#rAA#zUTu<%DGPHpC_Q&_tX?B~b*DoqS>B)9jMzb)43cjD|IFIGCir(A!_ynz8NnRN*H|) zzR9rj|108S=xDC#?Hj)7SnnEqlT|=v8)t&0WIyaoiO*D4um57Fd0Q#4G5&kJRBGa7RguSI33`GE1j)^2GKfOUd{E z=2WB0s&#o(w+*zcg0enr0=aS@WvRXSWRx=3-LJdC@+Np%%fe)(XH+g_fkGETZd##L5Os}$4m3bZ$>^NKRx272Wf);+GDaQoF0 zme-EW9658x<6hneqO~J<+aO$TT0*>hsI%0tc)ZT|_>8N$o!zwsQ*VZUTgI;R@YVS- zTiAbi@Alu}VA=jV+Sz{(QQE3cd{FxjclO_X+kd#){)+j;f4^rCd&FK|Bp#3+!!kzthzxLns z3Rl^GSLqnLiQpd=U%l5)v+doPduyTX%)Ontw=?&4=HAy;TG)SA2lr zQ*eX*ci6Az{|*lZ!(IOGgA^wT2n#o>zpI172lxp8XxE^Afg*G)|8ySTzZrRTuyZ5c zvl)4Hu+ojFXFsf$2ha<#o}r$R!I=D$3mTu6c#xeRk1nO|yJK zx~;9Hs;PB%mg-t)U#g|*sC=*X>h^u?tk#{?dPi1kE9Scc+jaYXzG4e@S8h{oVE?=O zuiI|`Zeaf(40qpud64oM?Emck^xX#FZ@vL2rwi=t|DFB6v;TMY|IYs3+5fxp<&+lo zzqrC)eud&qGC(%i|AWKhqk8_w(c$j?{|6~;%@eUY|D(A1$1urjlC-qWg~{@`mEE0n zQhfTyXqpjxG!pLp`HQn(UY@-8EjJin@#)1Y^GUX>v@xedCGekr!m7}ES(2>0_>o5F z^p1UE5VB`v-@klw`t!R2nRjFg)nZ9viy>2`C_%}eX;>j`lLe*5#g3Wb+xsEM>qFPUKco2tl`@;|>P^&aH^@$q2k{U!f%D_ac$ zpzT0x-TE~yTVP$j3}yXAA-U}J3W<073qn?UnU?MfS#~XzuML?uxQ8zkzYuBCyOCHyV6q4&IaqRW=H;{XrFn^5KR}LY$1y8)6EIc%GG(p+hQ8- zg1Xncb}IeV?|;qJeC-0&d)Dbgg%GE&UCtvHHT^c0{?^owk+BY+H4-)s?=jAl3+vx+G~X&KBF?HiTz)~zf0b-8u+C3yQfjc^2KDSIZL zG5eK=wcmFyzAWF|T;eOr(hsZNrb!ZEj7*WJys(!lmTaDGq1^1}DdI#eo*U~U`{0cE zGt$9_y13K_rE?&xr6=xJ>+eO-TA-!&f5?x&i^%t z=t@<46-4ewZlBlD0C;_#$Jz#epTrMwr$-dmLfa*N>=HkAi66Vfk1xge+?CH>+S&iZ zTP1*Ou>bo{m*aoO!(INzgOn|-l;M3OfDG?D1EiL6v78X#($Uu^WeoGz=eGLAk2F#? zx8mab*YkHTUO&J1`OV9B-y1?XXZ4*WC7=qLtn#7Be7KbeZ@d0)lK`+`{T~evmiGV0 z2TynF{~^jy_qZSHhw)^jxF6jht^{}Pw{;w1O9+nOUwAu}B*#8|o?bq*rJv`{|_J0pj?qdIU zKLOw}o3#uE|BsI54p$w+FD3fyi!0o};iX(9Fq_WjH`o1Jg=~j+8?#*lZWpxO1#Ndh z+g;H1evITB*?-was%0!-qy0BHtl$6i^mzCErw1utvi+B_+0OdAf%Ui2&$+Grw-V4w zE3ie2oh`Vt1$VaK&KBI+f}hzIY-9g%u5R@Ks7?0Y@Nnt-?}xkmuZJo3Ysc*laomyN z_k{`28ai8>KRW|wXW;A%oSlKwrk~HPA^+ZGwf(2r_eP)lTq+yvzrj)c{`bLgzrVZx z>p_Y(xT@E`8`+h~t#tzJPO^10%(|hsWHqif3G;eZFL(fiF|Nu&O=1x6IPo*t>ys#% z5&tS3qhP4eq-Z%cb1L|RMrgAY;ahi8f_wQyq)gEmv)|vg2k%mXO5o+F4fs1Ti#Oy4 zC0Q<0SW97Ao8;7(RrETQ%A^Fn;Y|0|oVt|Pvd;*cV#)CsQ#OJ@?kJ4OhY=hf9UUBP zOh&o|+_foCmBiCh0#h~7>94<>!us4Rdb_e({<{R;JJ11}UY!To&J4ir6koat@!ZPdUf`G4H6-~Zkp4tDncgA{B3XAlTF#w zuTB37yT8;R-~zey10MJ4io^l=TJ_12mt!@VN^xBStnANd@OK>6A~-D$GHyEp=Tboy zCY-YD>_$@6K<;c*j7rczHoJCK585?5L(@HF(|p+WP3gs5`I%NDBbKoct@}T0>_2Cx z^W|x&oIl!%DZdOC*GBnI?7^OUl>hz1K|TJrlm8D@njF__jsdnmx>#}Mf6=1-^Dn~B zSXQt9RH6_(!ggnT)|E~6-@$S1{LkR&a2Nl7n6l*wR=1g6b<{UocO;A{>v+{`3s!^A z&SPR%aoctT9VJp+cO2Lp_-#&EXgu1h>rWznE%RSIRY|Irj`teC`^zU%?~Xikir05S zoh=&bK5xZ&-Tc@Jc^E_cFe5 zsmp(VhEYtXj0?Q8J~r+DkA}7T9|wnrM?3rfLCPMS5~WZu35tWAc(|S+gK^#2ug5;TWzhmSGc7erkf4BwGW0$F`T51U;sU)rIN@>38T@i`4j~oN^QTnx%>OO= zo3rU&V>H|Np!__=O0{ zQwcAhzmT4v2>v?;%JXT6q-X01{=4VTWxzx1eMMGgef^)kc=r7D3qKC;u#ffYe>i;l zw4VQUa6IVm*8f8kZ!gQ}hs;?9Ct3%3-uwEC-yY4BO5~{5n^HAP$0pWOvQc_*`%Qr*X%(SkOt1Oji2v%dwZaw{}YOl=UrZ2 zj)|Ok-+Uso&n5)FCDjU&NZ8oN1Up!)f1D8& zQfciUg!liAQCxJchwaPR<4gxYZ06HV!>K@Hl}V~ldR`Zb9%0~r_n%g>|A30Xv(uLn zoL|||rDS(u#&Yj?)pj$KGEnqSVN()}Hw7-^Mb|yJTxNv~O1En&7j?Ipygg%KdOu5q z%fRGYpQKXp_{_O7zBg9trA1H^4(111i;_8~At!GQlK)NXY|ARA#0WTxsVZ zG7U=1X$N&uCYbGW!lQ^^n?Y)(lO^iqH8O2+Ac3GSMh*i&5#Ys#fgyp+Pe*VN@0su2orf=bIKE-oLi~_zB-ilH^h( zu+V#tTT<(0MU$!{N@tupBPUQh`H`s32nPLr{|R*5>8H*JhW&p3le6yRmQ<|SQV&f| zGvrk#!aD9qm>z%QIWtF}Z0t?@=nVwOwXNPj`-KiQ@HS>FH&~Auyi>trR5MIvp%NSr z2i7mCp^u*TEK(?#@oq|4)T&k0~+aJ4G{z|->8QQsb^IrWN z-P}>U!QZi?-OXvY^A)x86{$#Wxk-eN@WLfhzk79Ve2yujfsKBSQC%alva7M&(4<$a zft+FF0w?F@NOHUFkAZ*g6jkU>Gn=jc6KBb~%ez5E5&{$@)IQqy?=_7g;Byq$f+_@( zDjpL>1M36VP3S}q6k&=CGtY7j=`mGb7us@01cpCh%bndvI5!R83K#iwGqXu}F}C^`kQ%G#w7& zFj_Z#tud-k;zzg~r*bjoA6B5W4x@F`*8-#FN!)JM8t#l+HFXs}syA9Ub$YG!{h>c> zHET^6t(dy)Fe**mN4Wf*#xV^SlC$EY+g*D(U45-JVYFiE+G4acb=%FF`}cGnXwB{u zb7kFYZS^cQEHFw?NGcVw03A<(Z3wZkmzEk{zCS|}{#%=IZ&`qK_wG83a%Z@od9!_~ zxFA!!T#u2Yf3DOMAK`L1_%FI4tg`|m*L`CIV?9Q;VW1l}VASb!*2!L%qgc=XBZ+1< z62^FUIe;7Te-HbIhxPp5;Zsm`)3@~5>jcBka&@M zWcJt*e#k*2G{J~6ls1}4V1m~msjdWpaZDG1P=ky>6V6fB93q@!WV|j8TBUnf@YMDl zMHncPR}}H71j>NqF;p&WsuuxC*)%G}*?rIZkqd}3&%KE4CWteb@oNn^b5~A~s8rw+ z5I8}h-|$qxdrjbi{BCU*q|ZLeFdzCKddTvRGt7tnQSY(!Lgumdt{H2|QCp15jA_Lf zp13J+NpI%(Ugm$2`EN5VjA5WKwAh;ieVR5ond~E%P-P#s!-)YhMMWO9uA!85P@vY_ z<=JzS)cD@@4L?Tw`lh@ch*0L|cSmO$5CAQ0R469^t3#;5o?2-oTIxE8cW_MlesEI5)8H*rOnL74R(p}QW&PF4J z?5hSESuE;Qa*M}toc=SH1vUgDBuK8uxG)h9trAp5PF+n?xJo{U!7T}BL2@=nMvZFc z6PJuj8pdkIgj8v1O{x>g-Mh^yroa=Kzr+3lE2K)cu_@I9O$I;>8 z?*5+#DSLSgu9U8@bbU^C^3TYzU!T2x)wQxkTW=E@p|0>;??eT{oCs>8mx`M#2O_1B zw~A}~SQJMbe9se@L^L2LJY{MG1JBF9Vo?4tK%2~I&)x5Da+y7V!VfZnvIE0)ahgVv zjX%i|y#LKB=k1Q5)A8!byyoFjKCOA`mG7K}zdjlB@wv@RFo!-&PUd*Av{UlEy*;lf zBPP3N*(+|%&~O3v;NJ+TOi2_iKw!Y*SZjO6jViDze31uvi+oOFfa~oGnWH`EO!QO+ zoXLRlR2tC1j8muO%|=gJn^9MeBnQegsuIoSkOk;Ai4sI=Gz_vi6`aK;nrXIH5mhQe z13O3M3CL9Mmn6KVj9#TbaB>Y|5VOuV`}fq+XH|gNljW;?0&~4IdTMp z;dig88=`e6wQJ#3K8s+uru;ny&68f1OKM-6Gh7Ci{>$VBATu}l0ZZdC3U?vx2)^ro z*Ebd2EnU{kFc%Y=+5IC$v9M5FzLU9g(EMd@Qdzz_w{jis8_w)kC-&f3Dc4Z(X3*7J z*)1pQw(gF^)y>=mIcE4`Ow8SgE-X~sUoPG4;`s}=cJ}s`Qsrhm3MC{wbQ{Sm+YN|P zf{s(=mP%kx1{ZEoiArw-Y_f@25^jwd>=|buI9F!LSk_NzXp#U8xG4=y0-*oT{rSK@ zUCN{Ur^R?r^U!3}keQOF>nS3yWG^@3x_T%%mdnX|TD~l&Z5n#+xjWol8lxlUUioHs zGXVW4yTsiL!jsL=Hr*M&xA7+WJqSuyS7gg56g(Nh`_8jhuR6b(SzVpKZN^)FXxXPo z6tsX{4j^gF0<7L!3Vdvid*^G!J#Ssh@pryI@y#Wmo?G S<^Kl&0RR7hYASXBG64WKx#?>F diff --git a/released/assets/rancher-logging/rancher-logging-3.9.000-rc02.tgz b/released/assets/rancher-logging/rancher-logging-3.9.000-rc02.tgz deleted file mode 100755 index 94af34a826554bd0ecb63776e1f1932c114d968a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9539 zcmV-JCA``niwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBvliRkk@A>!gQ}om1zGKg|sAaYsy~?X{#?HB}c$u1Ua_W>T zH3N|?2^o@L08nEk_WSIwuy7SAQL{PDCCcTINTAVZ0Np<{8W1Ouw?N(x*nCc-`QUUx zxO7(}4E}a+X*e7Xj}H&^-{Ejr{W}_;jQ=(|91f30-np)7(fX`5(E>d441yg{qI5| zy+v(V54of>ihfqGHk(gH9FSE%A|X!TwIN-bQ{@mb@o)m>VaAA935j8CAtoje&?xy> z`!?omNqrRk`I1k-l5?jd`khcOV2STi=6XRQB=T9nZU)QI6eSte65|*k5olXd5ms%9 zg!Vla#w@}}X4N|+ravPWltmL*jvNxl+1CU2AMVicQFxrjQa?InL4ckVKq4PzG?2&@ zB>{<`(Hs_Zz6e&}v1mr;2`AG4;q?54aN&&IAV(jjEBIbF*a0|IZB9D@-o?m?WZZSA zr>a^=8H>qa;3+jBT-!oDPJ}=y1_7Hh{l6BYSk9emT-`A4i;2_E+SiAWMN~3wz6kUZ zPUXs}m)o+`_TjM4z2VsT(lh6;k*fNCNrD8${ThHR`v2r)cv98>N5f&K{~sgm!3&&` zB#>Zw9%hWE)3ndB*}n(x7gPWhK;Ylc-@NY67!Qe*s1**X3@^|N2uD~FPL+-kAQ?;% zVx<{;ppj&-VhIO{VH^;N!gU;uaX>wC$`YmiMvg;6GDl^JIL1sU6|u?`!l0m)`&Awt z07>Sleguef;1@J!h5# z!P>*j{*<0NMI#D-e0H2YC5|{?E3IfD5k|?bYt_9y$KyyOo+d)F@Eiq8xH4}u5(rfC zF%Jw~fIavZLLw3p1S{a^u`tBQhloifZ4skKXDje+mu984WsnR4BufOTx{|1_^jIW3 z$`YYTdkaQA)FVJHR5i$5)9)k@3}~cS6)3=4kjOKCxfH;Y2v`IdEh%SFh>;X1iIuahad@M@+;2KWqaNK|S`p;!``)=JIXj0FL^F;;a?nRk_i z_`fDXzYkRf5qc;D;j3r5{TxH4TaVx+JXpb$6D^yWGMInQMg4cz5)G-;sAvxWyf~S_ zXgCb*_YgxpHb>)c-%#7c-x3sUOE?kp@dB0MW?U6fqTms#c~Jr_j%0xvE-6Io!!@o_ z{A02@008Mkm_YC4ZwU!{`l+7P6X#+1F%>!KPw?&R}ORykDR|= zdLU3r8qEc0plhZ^EF?z~rZY{r@B`z(qF`k~S1e+nkPKL7bioFnYm%1_Di{-aKGa61cI5Gp1Ze@u(z;ky5(;1SC&XlVTAY0cS6) zO4(DLW$@N1izI%Ouwa2NAZC6)z$FG59s?pJr_)4Q4WcF>i9 zCF+Ppz!{TTlNgPVP+v`np(Zz{K8%OMq5B{E%aMD={0d+HVL0AXQ)`xE&+;@={3r)X?Z#`>>CWE+rOuvcKPk$1~^_(86M>FwH z&XRbd8{vq0YDDR&GftN@z&XAY9tntn?Y4Ew)Diz(6s%N*Kd3>X*D_g8?tw>QGNl2P z6f^DOa~4nFL+|GF6HvJVnnNMi@ymr{>spgHL%=9hX-OrS@j8B3ps z7+y}3*$nxmHWL%*9liO!XQ~|EzRv3daTkWOF@K5CoJLCVo5AF(_vHEx#PKeL=eO?% z1J{gmLeK9@jsYV++HqEg6Mv;)Nd1*yQQwpaN!&NZjLlI%aXEAkHBziFP)E>Y>Dxb3 zDswU;_t+hk$Xxn3P3CtX*4G3wl72I(A|SSz3k@8(qmg^mCqYaj?Ek}YN-ebtyO)W( z2PBRIYJj^kI9hk-CdryEy$A?y$SN~YaI?S&tdB_LRRGf>O2TD^?`~KU_z=)*R5d6N zIk%Rrz=J{!ON@NRi`FnljpskUe5MSFre9ZBuQ9AwhYu_%8bPl~QS=nttB%+V0~FAg z5ztC8k4uFjin1~0Tzy;TJ{|TzBTae(EAUgK1ypF&Gb1WRtHO;2a$=1cU5D)s^i}IB z5HbUi3WN4J3(zeaRi#Hb3*vxS^pyiirF2s*Sc4>65J&0xt%$z-h+ZPmaSZS&3|fV* zGFawQrH2K~I19_@OanNBm!>O&&U8YqcQlW`SyP)L6gmt8CO_ zBq>KbL2BWewf+X@n|DT++XeeM&Z&?}8}xd&cZOB{KiT4Z@b=yNmlv-5DDUiJ*y8`u zpUeKAqm$7|=l^+()ZG7<3k+i9!jI}9!Ug(U?IYfnfWpepHWonWx~<;h|o8Pi3)f! zU1_1bczdDpDl;Ks^q#uTs~OncAw$GMb?Zbk&!~hO8U!#!<1*AfI>o%@cDsyIuVpS8 zI?Kdbb!ldK8Z)$#eIRm5-{^KszH8sT1wJ#87%J|$k(Vi)@mhMiGlMawk(@#AKSlpP zMXy55)Vs@oYx-;k;+frB%;t>t9p|$q>+KAzDWGZ`NGj7bp@F1PnM+OMnZx)qB{K_j z{bxWRB$06pD+qJLsgxKMs?}ht?L^f@YDdwU58P(jnxWJaHEn`T@+{5l!jw@O$?gxT z>5_Wda}jI*L7P_V?7hZ;QXI$Tv)z(~Pikovs0Q@@s|UTy-fdKt@vIpyWD90ZMnjFn zaRp(UZPY*h$Y5)eGIo{B7Z`-DSeQNCEyb*mbh-6<^)QY+Q+Ii46~>W~-t%lvyPj6I z>8nVs75N0eB}|rvOf8j=L}ZSBf4VC3l)9_eJ0lmmLED#BlU;I)w`(Vbbjm81wu86ezr)em{_n|A7yt7(sWOiBf;IJ4s0q>U z_e;?zIs-}Mf^qu0_9(d5-qg$$C8vQ`|Obf)CXK*B!wMDH6qim8<}Yhkd}05+gO;>KN8x1>r`K+!sS7KKc-$ykY#BM)StLqS2hA z5RWi+D!j!y(xYY$FhAXw(^=?!vSz%{jV#v364t1vJh)I4AFxEmi5-afOH0*!$+JAH zv~Satftox?U5kou*0QGUD?VE*SEC`@Put?<7cO1E7GZ1ex0oE(?&|9CV!IqdNN zW27zk|8DUAdoylItAJZz{VY1m+31@{eIhP=0vh=kNjOx+MWW+W(%?DGq+S0%H@H`C zuHA|;fWnc4tqvFKR5J@07T`I~6jP}|*dSg9V103QE1n&ITyJlj|J=W)IPh)re>|?9 z|2ZCw4!ZgO7^yP<>w=LppAy#r8{fo4E}p?R)0IR4lkdRQF>CHW12%=88a0D`J#Ko& zy9VE+8Bm(SsbVSMhYm`7q0~J8^OfdZwZPW>-{Up^-@$R`|9g~FH0~shMQ+DmWc^=n zzne|nnw7k*jl8SjkI}P7NwinTYyqT5r*QJb)FleR_+Wy)ZJer&OuFkvOB0pN+a{11 z_emNon{`GZa@~HrFD`Gxr$H7v&O4QIAsW9Rf%2JClT=a3{!PL__hV!`^4lWm)I{i5 zDBHQ_O~Hh%1v=*y*Tq2pvAtlyIMp_?dY~w;aP6qkPR%XUSqSYd5b5W$vA923=tRrH z1bQWq*toT&MnFL%y0Du^p2FwPleO29%;EFrUbW7%!U3$cGWqGOGPfm%N1lq(%I0r+ zwken1Xk4ZiGcGHXQjsmBj7u*H5o*6odlC$qOmB6lg_2b)(I?kp4K~&X4BZn%v;psLTh&-OFp?cv zhRP|8+nZeBW_6UUZ>o04eBG!P3mKbi*o)#sz9%$DS$wYw_sF$KO}0JuFjx|;ja1v+3dnY~HI=SNWmDs?thLOEk+NGj0aB3c?WnEs_l;zd1eZk{GWkx8I*&+rQe$GC=1&W~T6~|; z)>f*f0^6>liE1)U#|><6HRvUCz6H##}$@ZV#kwpMd~jgN@`=GWNazlX(t^J{Fvf7i(r`!Q!9SAPMopBlLL z2lqBo>)>7o_d2-O!M!hS(|1WN@Za@8_N9M)Ae2#!xVHlo+=BlOhvVx0@4;x;-T(6_ z$?5?T`P+@(^+E0fe1gBVD^R_X5PD|(^qxLEjJ!VR+=vehBd-q{-H599GyI4jB_}`Y zbI5P>QR9?MAJQwY^OAWinU6x!$X=M5Wys&BSEp92%Ad-zwMD8*UiXJoH&XkvB2_Ep z2gR$q*U_QY4z=DJYHcQ_G_?U!ytM6~{U}s!^U@$$arpxc(ApgHL^EX0$bNYB_UxzkIWzCc9LmXv z#3U`IQj&xQg$m{3@<&|duV*wsCG84NMGC(P7GKQ({zBj@@M7`py6 zEBgk+%kPufb#;wCO_u&+AA3i#bm?@JP1m!T5U zF14hJ@h@r~Tk8Mpp411>|HsGU;hO$G?EF8ElI}tOSFVlGBjp0?ZjI?RSb;v7&pFPO zrtg*gHEShO_en2vxoo|*WupNqRK4}4m7N*^(6%8aZ}l3N9k?!DhO+shkWBYFxyHNu z1tE=IrnS35)?G`*YeSYb?xB?bg7>4*5IAL3ZkkLZpYk1uW%|C37)xY3YCiL>kq`2| zsHc~|-$2vaB% zt9I=-Dt6%A{sM)$xxa9ucj-F%{6;I?p!9v~fm^u`tLZ}f!o}X{#q_t7M)Q@u?Syi> zTWw3%*|w@^r%QcXQLGBg^kHTD@vQ1cek_!`?PtVo4)p)q>iP5s5Qtoyah%bQ+l@@V znU>OQC|_%ycP?GBu}ho8UCEdsTzk2|{xc@6lctisK3x)#J zGI7VCfX0TwLxu-5wPe>o0spHG6R1;~0h>2$#RqJ@d27G2k=}0Syv-uPq}shfXaVH& zT%|q2+S=>)388VX@DBCwvR_+2OH$I?A`I4gZsS(>_EB-a``6?3ou#{PqTW$o{z<`i@K>z{a4rk z9v2P%hghF=Kt+2_}| zf6Gg`3S_pO&#%w>7u&KO-|wF726Ek|ZMSLLZQ6F5whyssdn^2xE~8rR1#HECYv=zC zP7b^Hzeh=bX8e~9vkv{;0{u1mId{c>jf5IeV2ctR7VNNKhXp$<*kQphj0M}^KgQ&p zegJA4{u>{z#eW@+4m$kz80legTz81$o`BzRBn7z2*T3rkqEu&<9#)juy~OG$npL2; zh8mk8VV2KW1qXmc5tBuQCeZU(7`v(7bx9B}h?>256!c;qUgI z1pD$CPa;V}OuzrVJ$V}tR3I-VZOGpXEZ!0w6sM6)ekFiuV~A62OwpS}NF5OLmPM+z z`oN_umw85_ITjp`A&n+5${d9u`8a{&qoaePt)WPFpt~^usuXxy2wy6PIsNg6HCA7G zM(>uI^}h|^y$2hxP5%#%Miu>kd_3;%e|(g*DK5Ewjo++@W=RmJY?&^;y%xV0#b+)m zI}H*ck-s`CF3B>(wvaMTk88PJn$<9oeKpX(X89E}E(>wPT$UCInznjcT!8R7$}^o) zy-wEvoJr=fU;^(?&+IcJaGR-ovW3KP#lW=aol?)#(V&r#B&u_pbP)V6o3`rzH!M<% z=)0JKZTkOsSUvwY9Ch)ZkCP1kPc>F(I-5pwx6=I$xW7=qV;q@qJr)kChQt#2TJ6c2 zhof0cg6ZwfE&%g5Br3}5Ghx32%Nw*G85U95LY>GaV~gYwVe-rB1Fi8qmyxW z|I6c~9nY`Y#dOm_-*ny)KcrF5DPLRAOg=r0iG9gT*$MO{PjJ&=V13-TK4hWxV6VzQ z3)qdwzOh8ciCjC}s|oL~pGUnv@hmCc+>3N}D5&bZO*!BbxYPfSk@hSA zoJ)8TU<6MB#;%hXdYiOe4|)Yn*Mpw=_w*?Yq5t`_vuDC~W-N((n0yC5^zl#saxO@EGSPVy5rhP({F7 z5H4YgGsd&5>YZFrVP3j=NN;Uk;menv#hJ%L4i67H z{QoFv56*~`$Rh!gf$4a-SzrXyga&%f#KgPSVRFtMyjOEXB(dK30Wg2VEToLZWH6Xhxk#pZucv@f235D)Q+PunGDjagj3g%k{T==Em;rb!j9G+{Orw}} z7+QYK9;6%6z@l{F=Q_^b9?0PT_W3rob3SgnB4M=7jWC%@Km#hPaIRU|p{6Hns`v8rb2~882p3q;lD8m^U77TU9otY+5iZ3f7)(1 zWs5cH|EOYzPN%J3w-2eNMToR|7zmE%Zm))tNADl%b7aOH2&73#y6_rDwl9*(-g23Ig?T*6tOdiN%DI z5G8W;l}PYN1XIjtqYr+fmkzdHOl5i?{1nlqp^&7n20jKT(a5dP?}ahHJ_Kx;JiF=E zq6|5PY^g*Y1SMIeib((wf_aq46sF{(()2-~3ls*YY1C;^V5ZI)3j%hd8>t4JC`d08 zuToS6QL>qST^*hU2IK-M&$@DH_HZ2M6V#@&lyv>;hEf18P;mV#IFg~!!0ev=x%Dsm>tyah{* zoXNF|%$qnnaR1>B8>=dC6emGoLb-R8l`3e1#9MLnYW9}NGmZiyxn7m#NGbMrOXQsT z*iuZNAT3~Q2%7g8b;FWX6vVGsaWk`Yyw*=Pz!-QE|(=^*Ay|uk;>Ddebr3NC~Z&^~Pyk!7Is= z4b9FuDjc?GHICjSLMoe^h}2e9TBa&?;nhrkcxFL~fd8#Z2sr=#`DwmKlY85!K@uhS z@ZpU4ke=*-GkZsFjv6aRE0`w+9*aDTr5M4}NHefBg3h^`ftg;$$I6?4iI zjnjY#p@vDT0iF(+wbEM(Uj6ZT6MfAQnayZKWg7*V6MoBlgy**8E(P0gl=bRP#^mg$ z!5a*fSxd|7L4iVwK|n()Yle4QjtYkk+wx>(^uBO{v2DSt55H{XsCYiHwGw!NGa4b> zEU358>=`(B#(d+J7TyB=BtRb&vMzGeW*p_`nA*$8a#Sd*73CU&j1`N!a#T2|sth}R ztg*~%92HfCEmhRr*`mdT4{wY=e#UmvB$*cR4E4d&meRUiQljed!WpOD#46NYb|k7d zfzfa{dR07*0V>#RQqesnOXUyZLeELZxKLd zZPfzW&26Zrw>4t920fWO_b2dgmS|2BfhCW@hXUbWo)o@3t$KETDERe$$o+atN>Y_%*2Xc% zrFO5Im95WE!2W*36F^p6E~0? zaS#$!?ZEgL*Yc$9_NTU&zY?!z%68`6d{93}KXVjs@pp8xyS?l>Ur{?>kqpF+i$wSY zFKr<8`_~uR=a@v)GrONtlsAY`(bZTisKYBZP)<3r8z&d~NOHU7kEVZN4V7vscMd(a56k(1Lrk>>r(^D$H zF1E#jaP)t~mMgnYaG?vpHLkMmj`SkoiS4$2CW)t|f*%xXmIw5IS);6dP1(&xtw-gj z)HE0O*xEIv&3Mc?irTt&ianYYFYOT&d{E_rdRv5ueABX=vBFVnf9fX-9~2+nF8}o4VEnK|y9JO%qwsY*J*GKK3ZmUDvZ&Ah; zY(KR9_QNQbk-yt8(lT0(+|kHA>XRU*5%&LawT+`zTNuq8ZP~(T*t)PRT-9>aYNMcz zqgERQyN#pt_X7P_Te~mks9b1kCw_t}y=&XJnBTaPTg z@*myqo2%)nbFGe}hOTSN(OTE-)@%0f+0s*%-6i_Ex;F~-tQE{TijfN{Bt{ic6}P|$f^qL653BCoO&n#;a5wd4yFxNf=6JQ4BSC*}v=g7;YCQTU-LkFI zz>%%Kb_ZiKN2Z{s3f6Gc>-9G2UK^uWjsGLD8f?T5@%~}}x5WP*4i68j@xRB1-Tgn0 zlJ?--jDYN7-(rv&6)+_NePFX$>S{=0Avux|K76my05r$0RU9eCtd;us)rRzOx;0%p44$g0haR^h-JrB(yh()kqH;QuVuACu}3CCx^afV#IVF`y1O2E1J?cB~qpZ+Mr za_oK_V3hqh!*c8%4W1e=WVYAd*KI90YV&sKHZ`>2ne74_^rnyRrT!<8eb?O*Md(TN z4fpy$pOQ@`CiBP!RGEkEc!~fcNqM$wU12G$AZM+<%JUaGsPTiX8-57b&27iF$9<8V z-zl7Iyp*dL#o#IQ;dzNMHT8&&Xn1l}I0kj~)a*3)dZSOkjryXSUKn;+jA2;}c48GP z32o4TnP>TSzg}JED{3N&PR4wbsVE(DDCs`sV|t@jLgrPCj0_i5DcQ+mN1XbY=>oF_ z!vzSY+PKm?9?B%hRGccCl5kmkmV-MA(2!)&5+kZjJDb^HTvF3k-6o_`X=_sMNM`?P z?lJPSF(DUBV4;~x<*`IUgy`GwR3oKy^UBNSB8>ovwe9V`Z*yX8GE^tQ z?xR2FTNk2QhJ}vO4YEm)H5 hg*^-M6`f}3QkS~ar7pEi|33f#|NlzriF*Jj0RX-J)B^wj diff --git a/released/assets/rancher-logging/rancher-logging-3.9.000-rc03.tgz b/released/assets/rancher-logging/rancher-logging-3.9.000-rc03.tgz deleted file mode 100755 index cb0746ddac94f9d65f2a3fa6108abb97df04c016..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9530 zcmV-ACB@nwiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKDFliN1Z=>Gcgujr@A_trC?MICcEt5+4wJ`BUNWSK0Y4*WjHz-AC3M3!}~*_xgGD^4^l`JF-at4k(f9D9+4zqbJrtM2Ix{YAc3iJ&E+o=h z)VB4IOFE(Az65if+bw3w;2fpD*BiQ z1}?xJ{0kuw2?>G~aP(LhV&p@_q@uQn(WA2!_;yOO)><=21_6>Kf>cvU)Kq#b5*}rV z(4f5qqaJDwkPFofa@Wi|2?PTgDO3dt@D?QU%)eX;;7J550*scFvna$!3b>(i0RdHN zPQ%Vnc?u%&7OMLDD zsyYAw=|Y%5@8z!v33~deUey!mX;|hF&SvPz3A|+&-U9t3K*u4o8I7o18TM6L-i$*1 z1pyTjBZwK75GCPMn{n#b1il@9JJb~~kS`VU_^1I<7HK~EH9@{IP=u-BK>F82V{3mTxh7ERmNWQxJ2W`V9?S1-I@pg`#HDe-zB zP)Zuj1!zOpER9%5jwDQ1nsDI<#(_n_${Jmdo zZ}>4?u&IDJJr`i)g8vi*no7NSz@{W{V-aUaxsJk7Q4%91bo~iPo~R+kA~pohURaT` zrzXqTTc<3N_))@w1-^io`TYQw7-aSs5GgsGCelg}wE$V9q=qCkLY|RE2{I!oQi3Q_ zM=S!)nADQQNQ8v?YDo+=xHmxhMdyr3OV0G^j{><~(?j)WCjQP@ z5>NCX98nLAC^>b;>5>LG$Ctt*0WoH~9i38j#D5nBE7jo-ib?cdCY#AU@JLLiG@z1V zCS82a;t71{J%9bW_p_eWRI5PDDbtt)M2NQ}L_OZ>L&NL29c}=hYOVtUXPkv77nq0~ zuwCSDOdDX+U(l2Jg0|0V*-kG_-`A3X1h4be23j&oPQ7!~i%{{CR>|rOuRL>nDiqwa zrDy5m6rh^bb794}G9s?A5t~_%U?ithni`<2o=eUD6X?-s#(MU7h~eclnaz-2YLzg7 z-tn97v$x80IU{nRO#$8IxP711*4Kxkv2n)Gml(}yq@=px6u;LFIJs^HzO^ylrSW{1 zc_=qF=9+O%==FWcF<`_;%V%|V;x9A|slO5|>YFwpiTkFR(K*UcTn^nMZ7Eg|r~_!K z^zA=WDswO+_rx8Qz+Cz`P3Ct1*4F?skbX0$qCspc7X~S=zV5P)1E|rGNRnb$cs?@I~Mn2;uJ!Pj9XyoicuW2>*TsU2jNVk$238KvqvDO_} zXA}A^{Da-7*H5*1=n>TevzE6}i5ahC14*^6$2dn3vqB<;7dg4=CCj()354wXo%co@b z)Y>~Y3sn1z#{Mni=pIxZj3nh~HY0AW;6d#&>iDZkhkXXGhif zKRG!(>E{12%J07q4q!>ciIU)2P^%63ccCJSx4;P;3_gE$R4wP_$5^|O76=gu5!lQq zS|fLDy}t1PAoSLph^kQ!`gt|I<#kQOQSC^;{mFQri+(rwq{MgR!O5ZilZF?`Y(_sq zub%_M$k%@xM6*3i+Q%#jf))IlkU&SHl&PbK;5z?816|jbst+|B0aNryA`k=%5&oI! zTr=<)MYUfh9F30%wQo&()t*dOnkX;cUZ}cCw}}|Neb;$40~;MOK&&-yooMD6m2g9Y z0H$bMhT2D`khj=wr*Z1F%t=FM8Ck0?&8$vig;ul=L=Nd2J&wtD?WebZXGRhO#XUFl zGL17_OHX%3Fy=IpGwA)d=>NCqRiK%EcVW1uzYQav+1O&XX0-1(Up3imXC|+*UX24u zRhlL=kTfb|sbM^I7=Nm0X2X~MQy>tM$T)_T-F3sMlo%Dd)fQsgg{qs>a?zR(+*aCJ zp)?aUV}eceEUoOql2H=L#s}4MNj>d3iM9Wr&8T(tUL&Iv`PlqzL$dHmZOsBTfZqS~ zpm*83jmR>dHRFYBfvl-$ppiJPYzs^n_4nU1Tf0dZyNc!u3_@2dOiXu6GfO1hZoOa4 z#*t_GE-$SD9~tUB&tls3u(F`90=3rU6a1PmSz?)5C?Sc+9R2=uRmLfGSFcY-PIR+H zxU`b&lG{x}?V_-*S?iRq-CWdg)}VJQ040Ie+boo}>HlW?&pP4tuJdl;;4Svw(P;Rr zV*fom?(%;gr&Rb@@3K>mj#?1?e!rBBqAQR@E*Pi3X*Y;_{jFKBBj=h%eiq9)X8}4P zO5zhqwEIp8Z_1+gG(;gu7*8Ndg1`aD0op(3DD}Sq73PoF<~sEuiT$*}jegh)6^#6t(MTFh zGEHfJG9N2wts$^OUuyHFBX@Gif+R#QAT%^R#mrA>q2(a)JeH(b*=LVLpg!OdBPlE! z)sRfTZbYUng-EQYzXIGR7_vy99lA|N$bJh+B+imRJO;m54Eul|B}Qtw)gi3Y3c`&f zxi5rDc=RDcdBgZMjpmJWMWZ=KAs&HuD!9cu)1zh$Fh7mU=_>R-QA@-|6zg*dYs6EY zTqueUSR&)ZGGhMHLN!0~Di2HT+YDu(7Ee+)qT-vis_FQO&(_-2NXWI}tPLU$b-Eto z$b{>$aD5C`{Mp(MPuoU~+DKkyl1-@&Y>4V}E61ue(pUF7l!E2`rOlYG+_JQ?|1B%s zb{nwG|NrdSN!k7%k4D3z&i;Rlvc>+toB98};hWMf;1;%imYwBn^i8Bb5f?rIjeLwG z9I56a(RnIq@|;G}?*E?~yH`g9Z-p2@;Yh+(hl_QpnGFmJ@Em6fsZ=3sAg=?kzPY*; z&JI8>w>PeT?%z`$__p;wUd#VJ8I2FS_5T>9vi|Fmku#qXC(#_?o0!POQ}|}Ok|<#E z9k@DY&Ha18rqEMdGdR$E(=*;R_$IA@(lky5OTm8VOo=a4n%956)4Zz`*c$&mS@ZuL zKI{B{k5Y=toy4)o_4tcy{_FL3v#MLulDE~7cUAl`diE%Z_Uf1rKx*j}PM(;)L?Ia; zOtQDlQ?=<-cMY^OLD?KOflRqi(q!3eG76dN_Sb!3c^f>9Wuf!DQz{p-@e33vpE)%} zHI?k&BnAe!d!u@yWs@S`;SGD;bH6p)JJ$1(N8-Zk~AxpFdC5UQ05E&!2nMKFf)Tr>;Znbu{%^MbGDj@A&JT3o z$`agW|D8NLs``J%-Tv=!N`?8F()V3*Es9K8G#l%K1KB+Z#+poTb*MEZtF}a+T#Gfc zu|8qwo=ilWrT?~7kCg)>*^y|95RZsDLufwH%QmSyP_voCk;dNcIm z=)aLnlHjtap(fucp7w}@Cp8LeKYv=_nd18lw$_0)9az+h3b0A>oiw1m)m$hU3%fus z9h`c=_37`vI{o6>G?^*q_CVXKhd{J)Xl@sTt4#}t7mr~U8s?81jGHenE!tUjJFxY3 z_;+RPQV;j+DQ#i@;X~Vh&xVKV_TR9x{~n{XRi5~$_8)fk-$UDf*lhoWD1?HSzvuei z12u*}z8Q%3Y6fnE)|r8w8Q7VDU!}C@%s^9G*njhDd|?0I$#~8F8+G>Iqm;H__}4Ir&MSLw=)=8mD0TkY0J6x6E_Nd=!#K z_QKSxLjFFzI<+GAzbf6+)>2jUx<5;GBeefaOV!TdgW9XR_t9Ccoz;48R%GYxP|?HIPT8>K1%rl_J4Y5dA9-hlWzcu=>nbo-`W42{omRD zo&De0|6khX=}KN&*#G<*2iX;hx5)t6V*ihhPL8YjAIFE?{r`_r+8QUkIsYTS`A0L! z8xps)&biL=xRc$Tc9MTgM{9x!eA4pg!^O+Li(Dl}vR(2W$K-+4pSo<%+!JZ80@>K|SbQJEi`r_rGRpzH));1MB)$p1E7xRlD|$iXCvbU!X8I_ZM#T zE?q~T-)N-=l)i7xxRv{`nl7|2T#ftT ztDDzJfD<@RqUYjyWWMvT@tf)S*V^lw3w%wZH?ejWn0B_Fo*x2CDl=#8#^@!p|XkFq*m-x{_gmj4? zUE)WV`0<}m+S&i(J0*Z@vHyq9Mr+@HIvI8OACFRYuu;YjkpMD&=nRlb%Efv@fK5l= zoRl%nUSF8%mp{-zn%s)Zi+^9dfBELc<&SS)z5h-V$~vp>Ehzz|S7()vb>_pJ1Z>;& zf0qP+E$jbye7KhXb#mC9|9F&gAM5|_2>|2%FD&5^3H&dZ3Q&v09g_kY2L=zB9?&$B zT@wZTKXjTvozM)}yde}Hu=(cDekG9JE^^++j5nn=HV7?D?YvegMp)Z>eVh;)V}*C< zf0uY|{VGX8Z_6-Po4Jjl?(JN0zwztwdSvPDLDW0S%daGy+AxZT2&`_9!+(GfYZIX! zFxcAA<-LSm8(=?p0QR1&jC%>iHi@Aw7~1)Z9<#LF{}lqjIy{P*zLNtgfmDCKLm|5G;W ztp8hB|BZg`UG4uyK#jYA7A?BHK(`m@_5$5rpxX;{dx5Te!P3V5XH4Gd18`gH|HJXo zTK?zJ_^`A8AEP|19p4?|x+lZ`t5a|lggO(nGeJ8O^s8E-ea9L;F{@>s zk!X$u$8$)d35+sFaY#N+;NS=KU!sjT@bWQa--2-qY zna6?&ygxm&&kVtBrSi!(62}z<(_(f?GgAkHMnaOP&TZ0};D6e(RsO$Wk=jJxMGb6| z|0l!h`QPDq*xCP&QjGndO03XKHjUh5VY z&xUQ@6kgnykEt0MzK#WN-TzT-{~0@7tWQhn^x;lS`E|Irw#t8Ej`cmD{2v~Ts^@hZ|;Yjxzf@ zpd$Zqqs+DcP$}PBn&tnJ1k_hdp#4HY(D(Qb-+V8Yt?|F%vugg=xI6#-IAzZofO82? z0*v5Ez}R&XLvNF`>p`y|>3Yyp|LyO?5c;1#J9{Q=XU3Aqhsk%~Q%@FN2$bo|27!@= z5eK%D9|CsMGm)n|!Fi{p#+@MD85Ns8cPAK4(lKgs$VhxVXHK zjH9y$rz{Lv1V5c#fKRz_+&Ps4{eOeL<4%9$1O5N>!D2p8|4V<0Wi-eEO^K&8-i!t) zoC8A2KKGBEWx`^9mW!ec%T z{yiIv5(E`e>{HnteXFIcrxtr{~x6|duc{Lq|P!pRXWgdK2%@) z{A3|zEGC1&oXSNq)v=y}jWVdZ-S*)PiO3v%@Gz2`1oSub(_;qUu`p&4Ml#J})@f+@ zHJgwIq=7~0#?N(}y*-e@|MB_6ajveerbH~9Z$N1+okb-Yso&k6 z)IP=mTZM|AEK)H4nGMxID~;ZzY(FI`B*NG~2p|4|L6~>0hV6>QeyRf?)bnYl;f$lU z$^?}t9H$R?k1%q-{U0OQzeh>n`PnN0)~{^oQn0%)Wx4mPY`bYnX(;L^Hz^6)n*vwi zs&5}$t+PT3rQg?;^SZlC-k!EFogW3lm8Wy9PZJ?ocy3)8-)SrL${?r+2g^gHMahy; zA0%Jt(J?S>jk!AGEYyR!^0+UqV8#L;x#4{MD&2nrk-DBx_)8k1tJp``vtg)eo9PyC za8O;Q2M3A)RNKOQq*I*{(`Fgk47SANfV-f&_)vQG^OL>O?|l%c*;%_+ga#H9PC}H( z)lVY9BN0q7gN;7;iQYQcc`==7M))zJO{|cluLeE_DACZZFz*GPUuOZ^Ca-R$wMavb zAzLa^2SJHesbCU7gkT;eGBs0jt~7HH=mrJmG=n-V63p~DV?n@f^dJ?}i30U9@+v`9 zASIjW*H!i`ARre=c{Y_x6T@+wPf%OVQqc9U8(IOpK;dy3>p9=v@P);uSi$)O{oM=P zs#TkY8lx+H`lE18$}WuJ%4cvjEW)e)_i1+Ug;Q0deb@BObIQRb>OtF;g#gchGFLz z6%Jdp;-fc-kV@w!BGpxuk*SVdcs0|1JheuNfd8#p2sr=#`Dq@b$-QmVSP~`k;lmm8 zAwAgvXZDWl+-j^Gtze!Qcr5ZTmSSKJip0$Crza-*_St@FAi9=R*1Xz8s+d!zV4Ma- z2*oC?7(8W|wbol2Uj6=g6MT&knayZKWg7vR1AfbVgy**9E)CmYl+Ef+%H-_F!5a*f zT1(q&ra&RZAfO?YHSFCMqr#!Xwm4ZDy)T?#Y}@ea!_QkWDxOblEd*ZRj7A7I3+gR2 zdd8ePW4>`q3vYpb5}*&tvMyrOhL7@dOzml8F)Fmxf^yA*j1`KzVpKS&suVkZtkKMC z7!^f@ZB>-r*`~#X4{wY=e#Ul^B$*WP4D`W%OKRP&C{p!!;fzynVg+h1I}+8Kz-Txe zK82n={nVSlcsLw>w$`24k%|>t>aoeGhum}`tY?pesqxpIGqdzb$6mLO-a>#(+o}z; zo9j>wZ)?VKjrEwqJL4=wxxhr^D!~G=VBLZm`s6sz1BpD+-tA!Z6bStL`J30;acs7| zB1VtSsFed|JEo_nvPZVtu!%&$4~zqTBw-xjE^dzgEZq*SNVtQ` z>i@#Q!Fw7X98BQfEYX-I0!to)4+X$KKPmj!uX=WVDERe$$o+atN>Y(z_Qo;CrFO5I zovqJMz`;Sp5|&n6E~0?aS#&K z?ZEgL*XpG1_I*3ce-N)`igxDRd{93}KXVjs@pp8zyFKkXUr{?>kqpF+n?(2oFKr_A z`_~uR=a@v)Gtti}${WO}=xQuB)aex)Ag37Fz{!O^lH6|lqv2mzMdjPm%zCT;)LOFk z@_vwk01tTqwNEDgdqaZ&*b?~-rxJlAl7&Q4&-lPq6FO4^MVMoRsb{%@^pwg!7TRJ# zIQsv@mOHyoaG@K(HLkMhj`SwsiJi87Mv47W!w(8Iiv#*UuR+$nrtD^;)?E21Rn5g1 zTf3pO;l~`KsI7aaIHOtfQjDPBgDN-FVG$zopk=vY1*6vf)KAuYP@pR$1F`(Z)7x&)R-_ zHp*$_@5V-&M$3^q8o9@P62vsZ{@<>)Vbm&w(TvfS5Jp4j!lH0hi&3jUK^;b|0tLJA zQTn}5|JBy%%P}f9+B%7!;7Uhr8#nWtFxoVItud-j;wQM8CSo;Z9~)5GgwdwyYk^Vy zBP0}%XdV>e?5^Yd zz&M1d=bndV6T~7|up0$Abyv=i$b{ol;5b9B-mrwj2SwnV{B~{Uq)$J}u^hV}2N-1^ z=U9&2~Q4>*gGUh?1B6ZB6r2C|gnT=WsnO8M5GFVipWEYR+IQ3^H3rq-x3lL0=ait?3 zN+rmYoT{3laG87-gF6z?fMn4UBdS$9o7rSsQZrUPCZtkHYf_#_X8+aLW8`N%As0+w zVVFwfu|z_I=-c#EL!~r$Dj-xHL0M-q{O#lD@ diff --git a/released/assets/rancher-logging/rancher-logging-3.9.000-rc04.tgz b/released/assets/rancher-logging/rancher-logging-3.9.000-rc04.tgz deleted file mode 100755 index 6c69c649ab51b271175e48e37a1e9826f15ddc72..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9674 zcmYjXRa6vEw;oDLxQt3|VknZl5A!e@sUH@A5 zo`?OtoritSKI@A^8;wB>_|HPH0XWQonmm?36(MC`5kU)nT^=hfL3;x&5g|2QT_F`c zN07O*m9Msji#X8Q(Ft%G_yk^Qo;ifw?U?@1JNH)Gepf)_l|{35l&z3`oArC7&$3h; z{C4&Sy*qRMTTD{GUYW}IMi4rlgsfsR*9Ut%-t0k!kO7Myi^iwiQmPCtA?>tvuq?To zo}*CLqZ%Ojv$c!$dum*@*tol{zOA~)3%h5>=kL>3t`Cmy1MW{B4&U`nUp@Q-o>f|` zab|+V%dXcKt9qWUka+2WNCgJA=>C4B%Sa}q%r=??KB@2ZND53Rvp^srDp6UT(#8(l zn?7N^pt(B2Xof;o(m~&Fyp#cVxPmqTpXG8nxTd-s6q)Ap9_fbXlT6i@{<>xYA|edC z!5RdA>J%WKrQ+yAghA6GzoBFu`9!O zE;^@W%vA&(u;RH)PQ$NxlfO?yum0_0_r5a1G)aT=U_!9Qnf&iS|B>y^$){lkb_!uh zR6op8_r1AUr_Yp6u8Rljmy56&j)O^!iff2MDC$5ENjE7Bak?~J$BxLwRTG6F@b>^F zn^2|@RQ?+tOEKe;z|?9uiceP_av1;_5d`1&gbexsi)6T5)pdMAOr+lTCc0KwK>;IX z-|#s`Hc?`j!bp_f17Gh11Bq*PT%jn(30kSFSHkYpl!+qjD*e1R(ovB*Z}DHDm9N%r z9|C}UYI}@QS*Se}*kvsl-IYs*ZztblL5t3|IWa@AZ{I8OhTus$jNCX!Wogl}Or3}{ zFkvjv*gTfr&ats;JiIjQP_w%CBN^I%#E#;T_A;)Zp?*&z&u}F`kQjczs^6R9mzf}y zR}klGwuwyL-Gxt>5KpI%Bp(+}FDD_R%nphs7Z)`QaVZsWs1^*f!l(Pp02EA-Q7Il` z*wRSFz*#orInLh){8C?|^B!+clH$orkk-iqxO`-od>$(Xw}V8GgVw2Ix&l9);X_o^8=bafeh*=5f6H{6mq`efFI$iuv2$a>CT=TwYd~A$ zma;5aQh@@9=l+6uYXZ-R&nwM6))5cM`D#tG<@hxxtJ~0Pi)%^^*@K!db2@S~#oV-b zZ=7|`6kna5H#E%+Q-e^oiJ~+}Wpib#<&*IhGE9>y# zOIVAJTwFA56fER1J`)+f3+(kM#v}_eqt+*`s+uN=Cbui%Xkfk$u4>F9R@=1s*bxrS zOVx^h_)0sAmWdTP3r3RTeo&LjE1%0mcT_|cCUyIojD102R^%i)Z{6y}o0wb(HcLHB zY8*`-38zR6DM*#YJZ0pflCGawRTk;x+;R^ws)hX`IQBzh`x$2}-=j%nFM7#B=Uc!^ z8NK-1<-S+35oLg5aP@ZP`CZ&=(i2(1>uM^0OoB0i?F zaV>h6&hjcT(t#I<<9J$`Z>5hrvvnx{pn;n_7x$-iw%r?`m?1&t^4Vh|t#Ma57tR{* zkie%MXS02g#e5}$*Gq6W6-k(6o5gJ(3=UuuBgAiTs4LXUNPV~{Fe?^){&-cku4v8g z3!sS_Nq(iR`TI-eLbsb9*53_4LWgng4G0P zQ9}49q?56gWpEcq(}YWK>W@ur{{fsplC;SF1tlsyl*U1>vx)-ksyiOTBQI2p?wX#P9ij9DNXNgrEK?HgD3 zwbua-mhDPAFzy?5XU8hp9jfV*r$o!{$hg$WkP_{EGr9Aq59}eoZrw6|UjV9Vk*w%mY}94_S9Q5xyY9xyozF^O zT2PuJT+li|Ck8J`<|gV*OtE1pgxf#0k467Pt5vOQccqfUpkyf};CR&^nw=dbO-tY{ z?Q;HkMNo2Nb5y^9x0$%jrXr`co9a!ZOt745ux4hCglMrwU}T!b%6Smg6C0?Dam_ zS>0QkH@5Qg?j}LdCMx?7`~>`v@$2lolSRM49VDs4Y7qjRLYmtfkl)xzMr7eKVenJZ zl?2&~^Q8i2=WtjO;|mMUyTm1E&=(U)^sfoE2%$)u%*e*L&xEKP4}$a|v2tuD(s(_d z@bFiyHSct2LGO`E4ijYPFi07m`DgWQHu=AS`V`+&(h@w{=qaO#Wz-00n6!7Od#0$9 z@%qIXAI!gY^cV*G*l+YKNVnDQ#lb;ND{!L#(Pm4pTeM{lmjB^n!O6C^s%{l%5RD-* zn3lj7DRQ}e|8}D(cO5y0Lg6*>-_@xxfeBYG@imH`v{~Rp-rtP^#72Q$h|S|#_*Mp7 z2kqUS_b;jB3(>mcE3Xzvg{qdW)26q;^mtjAW8Q(&T^)gEKMYdm0Dpn4E0 zT$uNdfokqr-n8J1^s+PwW6c5l5VK+H))ztyV?UdrWc6tEB?TdJ+dnO|GkK0Lx@=QH zNjzR8<7DJtYV_06&QontfvszPT^TWqlefku251s|bN)F4jVI>TA5GCf)gvqqg68%8 zd`;@ogb5;#FGm$nt>YS#Txize;Lpy+#M4B>n^rFkecB4o(LWh`f?0xxYgkeWd3QqC z#ZHf1OYjC&pAOqL!}mVXFWzF55|xXP$s8}3B%T&~K-J%}a%@?y$e=FMQMqXnAOjh6 zcB7G~rvtvgxtIV}VU&#C%W42*<1=4HF)c$%z6e`S`%@OgGeKGKnLlmcrS%|jKa;E*julGGje+(XSJ*u+3)wr(H$5{AC0=4zvA)bv?X5V9}DXL zbQwKRhxediQIu-3g@0wirlS2%|6xJfYxhzza z>~KgJI_NRd|M}V=6e+fF=m%vasu}9NS1tfe z&pcVt#-5Zid5wQr+gl?Hbz9Gb%rX&(rG}*X7fG6!*5}CxHp5dyTRLKcs*~*u+1dQW zcIoqk+=k3Ck=qv0)bJ3n_XmiZFq<{;?W8@^865HJhrcK1nQkN!aV(Rg=TH68jHT{6 zz@%GAydp{Ot7}ofNoJ+t)+u1u-GArt0G@N*-BOLX`soKhuo4Jbu0}+#rreo+hi1W& z-$(6ZZ1l@;=X49trpO>AU3AYYSe|d72!-ctXY}OnXXaeh^a$IdC6~Cd>to%2vQ-So zpJ|8RWbYdncP~6#jAS4#4nH3t{NpvX&zWLnYlcj%ZcJ;tGIiE6QroLz+bg%@rW@oH z8uf<005p|KU9bCZnXyJ5%o01C3d&UES{?F=F-Q07Fs()d6KyJOk~D^mTDtDT_na;T zQo~gnRm+Wr2j8jZ1?-)Xg2z2YrV;6^6T9 zT=dmdo5HGSSVun?eE>Dix?%^C&bVMpJ;FeogDludb{c6?wN^|*Uz>^1iGc-FZNA4W z0dTR;{#+x}5|DG9CovA{ZUcv;+zEC|LwBFuVqmr7ONni!`*F;mwH@zHJu(~flJw}$ z+XAUAew&>g%D66al-5YykQ;Wk2Wz8+n;S?iZuxSjubCkAXCovBTkPuvuBkHn z&h(Ebda_pmTI-Ozx!G#nzSguKL*KFZ-il8(wn$*vH~0!W{Az4DweKSp%Wm2JdUwW^ z>{`B|j1XRdq%)=(9iX?mSYtXzBVr?VDiF3}$JdgyMcQe#Y?kZHe+q_^WgC7-ypLZ? zGOHT7)r~OFss}0Ejx_1>Q=Jffy|-dmrvBSf?N^nxI2_CQX)mq+OsB^6rU8}tEc4qN zK2yDl0XaDqs@sD12^W|+n#3EGgW~R7nki0`Sg%vRREA5?bum-liL?N$H&BgNgU9_n zx7j7d^+^oMD-@o%4oM0hRfP0X7i&g_ke_ofZgc%-AWCXa}*N<{rGiz5hAy=s(a606WKi@PaB%VF!BG;?^PKN}+3 zQ3l8)-cUeUHXIL6{Nc)SIIx$z9Mhb%eU)}Eo;)G9R)~7(ZHfqTyUSet4)(V>n-8Qj z5Fu;9?wv0|>yKvP!p6B7!r7nw{$2jeap(={gx7<&vDk|L@UN@pvC=vDgNqkMMeHZq zi#0fH%)%Lh8-7DqTz&Ng4}`F^MQpUZ#EsuWBBfb3_DXeUa=M zeEWnDO}CKTKixT2+q~0*wn>5^jExhk7r$TruShD|n;dT9No#BmAZ#})nYdvd<#!&C{giyA@!0u`hyQoyi~5!hC64=*K3p5Mm&V1R)AiY03t=$! z)5iMaMi7cC_7lQxbq#Szw}-umIMQQm#p%usKv7pFJ3d8Bz%Tw=YSpDZ?;*DT?l&97=aD1H-riFAN^@EMzPQuKut?#0`x>1xFJ)mr zN^W>H;c{z!rGa+iV7Q$H%u4o&P)i_PQI?RBSTs3$46@A*5idky2kE)8OFzigvHHJk zKPg`DsEgmel*5F(++}Ey<^JT_IBl5uzykT&0#rV+yC@7Df5#cyO^(KLUVbQ@{rGq% z;(Ser9s!c(4B2>j=#<&=q-19}n^9sXM^JAERW~Lhmc*C-(jnAT2OVI!YPnv2A>zQL zu;*GMsuGbsu?n{0{ zRhcpO`c1I)btf*llGO)0iJO`Pyz5_O5#PHu0JF!t1^~~C(Q5FRUGNN*_Uq!eRW=?b zzRZc`A^Lbdzm0LmbdI{rdh>KcX)kyh_M@-fvHlqgx{J*%5l;W^Z<1M+-CDC3)@=M| z!lClKg-6v8bpf`m8>TkivqG5vTh63al69x~h#B+VbD36GPwM&Te|JW#MmL-D^Q1!vVjFFJ&WU4uI}>Ni^z@ zoq{{M&sr+90&D?`^e;RkT;|LWpbqVj|FF(q?!#Ov^^ z_Y&#Mg#S+oE|%#(viTdMyg>9ta)SU7!vhpU6fZxGM|OJ}iETbT8QislPZGZxyNDBg z4g7t=)Qy?NG7Y{G@J^Hyh)!E=W*MQ)x^|iNpnb-j;g}ausD@?H{uXz)h zSh-J|zM)l?=2i;dgcR_kR+25lfs!I62<5v=J@+Tyu@}g3yw*y0wm4wrS~50Q=Nv&3 z7qRvdho^O4hv{_awrfYnom*Z`{^I?x*5-ZQKaiI-ffTZby9S4#5W)>@vYW` z);0fqd`~Yhh;=cA;J#XZ)JY6oPc^R-0#kijTlrB?d1kGyJFZr?F%ve0%7 z_K)tFHoWB4f3|(u=zVm#1z&&=!pNXiv_`w>GqlzYsTQ)sd*n5fycKK@|B!e3%Zmu; z$cI3HYxE1`*5l;~GPHC41i{lh{}X$G>vlGBi8v-!L(88)JyV|gZ*f|h{l4&IZ{Lg{ zR$4m-PdZpfzX;UpTkt?l&uwx%w>m9nf26qswn*&bS)bc z(&qVRmXYW*`mHpkFmA<22c6mRj0yX(w@p~Ib_o>cFf()?a@~Xqkun^uA1XUo208m)3)_9wI1FQXtJPoS|=P=OSth? zTIVF##i9*?frXe*K6y8wgzDz*(QILu6s1Fg#_y^@@xwusN$oa<#QfaY2d{o|Qe03r`x&f~Uy6+K8*6o_I)Nvc zZuEIV{+8O_r_=we)|OcMC+-T&41TNH+Z>xs{j<>Lf2nl74Qt}?=Q7+wP?468pBc|} z3&9|KRXK<^vGUn32)cnqM0r2fxYexPxo$~U&-punOLF-a{4q_-nDR$b?VZYmAyG3bvt}W#XZ+CT#7NqVSts)b()aKegW}rJ|W*464 z$lW+D?yGG5>pS20@TDiG&j~!v;c0U5$Rf}{u@ukSVzjo8qEQD<1g^TE*+X3V2%PUC z$k<7|-A7>H(x+S{?)zGUMhHyy0Zr-VQ4Q670@=}f&_!#>2Jt3admB+`yK@dNjbQtb zW7?8=R1yY1YGn)p7UpPmHWyI@_)$_lC8jqM9V+B(mW%;z-4Kt-;mct!74U!7Kf}`i zAq9*3nQPapfS*A$fsozLn(a&2o?dokkL@ZSZp#BMm!@iTK8?9EKe_h(9@nseplk0+ zIw$|Sr)A&ERBCuOO$>hghS_M!it$LZv6Xo-P%j7cYGO&JWvj6;TQ zYIHAp5`J^vG}3bu80 z+qpj#+X9%D!nIfIU1?YR5IQ{-+Op+g$YR#g!Y_RKfnXSFXHT3qFuT**Je9}qOP7t# z?UZ7g>$6}!b>LxkDI`0m3t#HJG%#HKHkALY;T6XZDQ_!z{tMTs@Rr1XV!#kDIBHkqK~c zS|nJD^ebm*uIjt)Qlt0hS)(EFu8$jTrCnDcaLA(>FKrp3SaN`mayPi7UyIU34uyCk zpTpVWU@AM&;b1Do{FE9lc>oAv$f}p=t|WUGzB8Eh5}M;-bj(PR=9l%d{Zna+mlhpD z$I;LVpEQ+#Tyd>wPbMj8 z0HlZ>G2CdIKsq6u*O)qSiMIWu-d+BVDg6}&+rIB`Tdht9 zE5&CTY^Cl*{j=a1`SQ;{aD$w7u>@m|D}nC&EIEn3u{RR@yk?_m#ED7zfDq{1g|ixn zb|<)6T2_seEe-MeD=05T?n3kaJu^E~@1i6IEj;97ns?3Dvu^`C+UQbc2eYbu6!K0f znCu$wRcWtj%y)yHB<1QMaf#hG4SL8`rb{!$X5Qwb?iZhzyk?VU)aTTkH3=Jq(Q0~i zHY9!;*oG4;cGYqmczUO|qd1w1N@9KCP&<&yeJfpmx!TItIjeh|@==`tH&tFSI+3|h z0@yiIXlb@g3HBWPT!s$b`*+kmP&5hmKG>s9E8-P{r+EJ5cL5o_A93}zed_Zal#S+?+1{GIzMI8*^Z5bB#eJf}SJYv%XIJSyU}+1JO7K%UtHC>m1RbeOg>3)bA&a3!iv zNU~#zsoqjUaIg{G-jX)A%IhIFiH}YqN+17pIoqLKB8LyzR~-cS_mPoiTA&>e-Fm-s zt<-g*1VL+V%b~rnn98@v#1VcOCQdf7J;bpoj`lu+raneaJHk;{l?*nCzYX)|BGZkY z;y)7E$e(Ylnp^6jLARMOl-d8rHfrKHCHincO~%*xdT8l+rKahlO!ziKbkc^g8pB9KtKeM0yt=~p?+TBZ&u zz~@ldAQx9V+M`0S1nXF9qz0A5=p=7bX~IC+lrHwDAU2;a>-jg0EkL>E>BA2>{#tWw zVv=SZ4KLeFQZk8lUibsWibA55WyLS!!P&!imFb)S`9tR{Nj8hA^JY_+WGl(%LS z0rD~APj#poB3`Gkr5{Cm%bGUx>AAI3wZp z^N_2i=2_tt7f%tdU!xhy;wrD5yORznI}KA|!ul8JT{2?s0KDD6x3))KuCl#vjC2uX zxOf}050|dU2%D%u0RsJN@&Hx<9Hy}~v{PYw5D{v65wTj^Qp7}}VB#UI1)n^-I6eJH;Yw@f)J0= zPt-|~es3Q|WPQWPNsMC#zKV8OpzIPeQoa8*C7-zB1QB?~t}F}i&-mQbD~SMIA8j;DR%& z(*y4iE9hjMZNhG$otTmJA#W7NQ~yh(nBC_Z{hqQW$-5*$T4I`YZup#NKe^ zh@_Zw;y{Jf$wR_+jYPuOr-`JHlzZI|YVgx%MZ|0N$;%7BMQ7pOu<-}ZN<;HTPK-Mx ztnEia$+Y|bPr~$8ct9k*c7t|G7=`p6<{CdM2Fi5u@^A}vLqgXcSYJ%a5TKLWJ@OPP zr|f<;*W$wFm`s=oxl=~x0=W*$6_Jq&(T|M!I2=}|Uc1@brtY#JLhsC`jLg-HlA3<` zdAZCI)#|4F4_-snHr2R=U&~i;3VY`QLo5HA=Osftx?F0Yl{HPGP|A`TE;$FSmX)d{ z$Yg5H%qjQupWzM--ARK!>O%5gdD0fU`Fm_UIP`P(GY0<#@c{S?VdFnH-Zh`^Xu~Z0 zO>thb?x+VG9HFiivSd1RiSgSeGK!Ihlp6Mm;*c+$J1~-G^77$`&)2;wG^uS-xL>9o z0KsXaNE!$v`(O3|&LaqM8X8)?8;Dx#1w>3)BpBR>v^3B;z$D0Sril93ZPPF}AKx$S z&O{&ZU}A_emDQ%}Rzx1hA6*w$>4`o<=lS)Bn&||yQ9(7mi>KwUf)y^HXhrfYk2D@5 z`%C}zDr3hG?xp1`h7#Ua0@CIM>8Lh7D4`XKoAyH!Y zBS@5#H$DdE%=yY9Wn$+M#B+Wf{i$%rKxZd_hvnw=$L-%3_RfJPKQ&-l5O6NWgl4sJ z*aEG3uP|M+==EImd$+(D`hS@Pj@)VgCH^CL{m+Bk>mlwY;gearqLWZzxYAhufT{RbAC5m}JLi^oS&Zi&l$ zmLy>#1Y)x?nV%Xq(-&vNpe#d*S|}PS7feM@MTDU(X)(8$i4bv#1j&3&Ymzth)Gc3GOLA?GP9ZT zy;_zMiO@xZd=Tn(1H3D?g}69aIPq$e^_;Kf?o?B0sPy&993h=1IQ@YMR+!Iya4Vy! zjGchq1NN3JegFUf diff --git a/released/assets/rancher-logging/rancher-logging-3.9.000-rc05.tgz b/released/assets/rancher-logging/rancher-logging-3.9.000-rc05.tgz deleted file mode 100755 index 9f6ccf22985523a2209a870e03dafd64afd9e1ed..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9557 zcmV-bC92vViwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBxliN13@BX{|6n!;0ckMYA^_YjVx|LhyjGaBM^Q}k_2q-dPK?qUCIU|k*rT6AxRKSpfX(g9{0Zs ziS!n=Wj*AQ&M5j>!P;y-6>&gT{fLA(fj5S9ZBCU##Kgl1n1>l7VkIPowS}0NKtQA9 zQ|;TBvnBOW^yf=H0ZY!ElIS-=y?`aYOPT8hiIB)=0lOY7M^lt!R7;FwfJC5eNkv$- zB@){ASQxViBbin2keL32Tu>HGU^#L~9A`fd+`qd+$4B9D8cY4?garY5QUHm3n9)EY zSCj-Kf<|*#(D@=*fybg5ohO`31B8>am%@cpc8wf;n6BV^-CzgcM725X1b81KCz5g3 zp`NO0A!RHkgMp{igm7&O^*9j%r5FTk&h-Da7{zk#T;b}PabHZFe%8J|ge;Q5_5ac6d8hv$BkjRU zoRK7uV0s>AjHlDI&$8LS2Okzx02M&s-!I<2>CYGsiIk`n4yp_<(F+JiSQ1W^ju9Xk zOc7$G8GN9TWUyih2Z>=E5Q)Nd9FB27J#xYlrT#{aLqjr0Wr;Y(Oehtx$`rz&pq2Yo z9vuKl=Ba)Jh?5{VWdZe86L>v)$K)wTfswRToF+kVjvhxTCh+lRt$E%rk#p+f1bRJZ zmIT4t!_5Aao;pP%3cr7LoINFuIAANSXdw|s$*ybFy*{3<4xe1gW}`sIK%_ zBs|Izp-FoSMm^LcKrU1@$X(O#BoGW}q*xUwz*~^WGyifafF}{K2rybw&Y}<_Dd3vQ z1q4)?IZZob?Td3;a(uiIqQ*`0=OpOfi8C;X7)RIE6Br>g)nzYg(1 zDhu&{NrZkMstO|XPzb_T&vg4ahD^5}!Ap3sf+;6jHZx@~|CWpTZ>}X8QmIkV9sqc8 zGJ(->7~0<))0ySJxh}MTI zT&4KOWOV=l(upvE-m6~|67=*_J*y|s)3nSZoXyaa6L`nYy#@M7fR00EGa6C3GQ(F{ zdD9B@7X(yDj38!QLX?D44dc|W34A;JcBnI+BVVe)V7)%o&%E@PVlqPgY!6=KvrG+<-!LB7->wWs!ZoDMv`)L_RJK0 zmS&kUxiHN#RMfO6k$s|dLr7M7G*gZ+OSoJh*K>Yul)9clitba_QM6P?nhN|0NS-K( z#v(TTo4v3aZBLCA1NTl?B=M7k1q*xuG4uNYE-}d9AP^}zohH&MFg5>Kq?DE{$+d z%k$J{o)}0XuEZb(*w|N1$+#S(&C!qWlN>0mAFoxX$KD<&ZTdpIW6>F7(uy;E`lCRu zRmxC3nu&jKmc$d?2uIXYBT7x4a=N4e&heG-NI=Z0!M09WTH?Qtf|aW92Q^0ZQY!1o zJ@80OrZk|EVy4`D&f*Dt?7evNruVb%)zqj#%qi2H1Vo5;Bt+fb>O(Wt@@0S_e4+nmP7YYqr8d~>j;`Gef!Up%ACx| zJ$6SWG8aBhlldKp^)-Qvq~A=c2xe{OLIX$cXyhLCNf6Tr`+qMOC7ahO?~L<;og#4@ ztds`CrLuLoQF&&Kj{3F4$Y;E0ah$!h|CHtGH4W^Z3n$7Js8Uk1L^PlfYt?~u8=>zy z1#y%yZK(&VaJK?|GVr6YQ=hW{-Lf`TLz}Z84v0k!IRH|#HJws52&e^dl%C&;=&MiY zB@!LSSXS#-lYyNiX0q93*BQ>KkZN4?dPW0kJ8KNS&%7(-N-w{pTm!{b59q7}8D8o< z;HMd2L4-BdzQVCJG_tz1$yBhx4ju5R(lY{PoP}keQveOql>s_>u%uWg8+;alX!>=? zr-XZI@y_)E)jFfG{&cvdwb+#)_@TA+mtJjueW~jI$rk5>cke&EI(OwKdFMK| z_Qk)UNDG9Bga~YwuLNDk=Ia{|077rgiKq(o zpr2>c_RBRpj%rB&?oY=1T=cuajZ)o_2ge8cPa2*lvl;yay?#y%BVYe*7|j+DX&tj9 z2v+cGLIS-Tr2vv{g6sSX4RxJgsybA21WeH*i9ir6MEGY015Cqb6xD*2a5O$5^v$Z6 z3V1SIX`#G)cdqg(vm|2lp1RKK8Q9$+L&TzR>qIlpsDx`81TaP8GSogg#k}QqyNpw> zWiA>z%fwoBX=ZsEGqjR@AaY9I=ypuLYu~*EJ~NRRD(;z)mnod_T6(%OgE6O(oI&ru zME}1;uR_h#yUT!U`r8b|Q@gjA%^B@G&Sy>5+Zj++$lExORHkV{14*MYmzu^ihw*1h zW_J71e+C3X5*f#^!d=&#N{LaSS`Av;PE=i_b`-7oz-^|j8A?4-(hu0_afWV zuBVl4`YKXuMQ-5Ngvrv7sihK$D52$u78Esnt#j>qE6p z`Pvm;&Bz+`ZbhJ^(0ZGd(l-0wjQ^|?UN402wjI0${~eBo&nx)v`B4}D^Ejz8j`b=# z^#Z90(eL+5(I`3tN#ufY`kVI5xL4nr2|IGGXyj*mIcF?DCqzknB8m2aDCJFA^nr#b zBnjgQL`e`h0GYl@N8d(dqm>U&0@NWTB&OO8ZuiEtXCrqb>1UZAQRtt-Z2LN(497Ih zqb-a6)5ieqpL3M@-+&79M{HxA`jEtaTHsngY{d#je#~ej4JVnUv_F}T6}HwG*r6`9 zc+)#~a>;@uL@yvTG&RM{Pi3L?An`nwq+Ho&k0hWz;1VM#>@cbknSR~KOj`+&Sa*Mg zxKA)-kwDvY8;+3u7LrJuC4qR1@nSjb1AdYisp(e7unsE-H;UxG7%K76hY000<5x7A zH}(~c<{X81gt1fME!L49HFJRZ>BgAOLhqBcL~LZSK9;aXJ>|iLqWFL%GEVG3%wJln z=0~38VWoYWrVP~NN$Ofue6yA{ZC~-(TDckxxz?PuM&x^quE#hs;d(4wZ-Z5THuuBJ zw$Y+CidR9hDUJMW7!;mcJyy+;zPi_@6p;6qhA~~bWom{0?NGYyGGLqk|M~Mu{O5Qy z8Xa`_|1r`Q{C_w2|GgPErB%Q!uznVuW&2%MEz~nn{bTC z%dG$F?RT@OTeFh4wUKu<{4sj=D2ev!m@R-5=@d?$n7TwE7#~cqw+$4v5ngxQXlbId zdD{ds<335FRkO}0M6TOk_r>LH_%z5u2U@36E=1!OBv3wcYLY4{*}q8`=zffBM}Au* zotg+8MQ1zLyeXKlwMgT<;<_N@-?tYm7^m7sRu2^A6|NmM+NrsPItx*|1tR@?HWv3M z3!P|Lm_V-t5*xR+)CeeuL>G4R=vDaqd9wCek~w_-+^g1kS~!5URwh54Rpz$j@W@k9 zTG{+f&o<@K8;#4YyM+-h)tlM>X8e~qV#!s0p!-%xa2x(R9v)WxKjU%d z|9O;D8GKDa|1P-_#X(twjrE%Y**yscO{TXx)I!NBmgti!u?8FK1BUJiBHDuk?^@MZ zIdqa8S%%62{zTE>zF)p3WCNfKNXb@b#r)vF$n@T5kCKh2*Oq*i>N(biU=rUKi{q6uhH z{l_`A65Cr1X31RMiF$EBrO3%vQap9jzJ}5Prw5z^{_ZotFOGi`{c&awp1pnuMk|Ng zc44?$w7_`rtYM*G{*U#9Lp~aBJAF!Zd?g;w7WfYz9RH0D z*709=|I4GKw)hVp75`y}{~j9uVKe>LB~kzd8`gs7Bn|0Sa!xe}|({<^GrP!D!sY|2;~wT7*RY zb_{rRkoy3i;IHipRBs!Eo*6&Arw2qU!w&KjJ6J$xr$m@>_k> zI3?4E^vdhJWFAZAqmVSRHRoTU_2&vjuJSbkhhdNrJ*4^vruxp21 z?+v@Q8h-bHVDG7(7C3hIn!Y+T+ofI8E%3j+EV}&y;1>A*VBDSmdzADA@PB&Qc((xf zlP>^@;Q}50@9=+z|2zEO;r|Z*cj@a%E$~0T!a;V0;%y>8w&4HK;qg&5{^RJdyZ`@D zQrq|s-W>mt-~6Ko$y*Y)MCV*bdE5zir)owZlNw(D$e2-~7nAJ_LrYKh4U% z#qi?$WOng}hE(2Cj@2()mBlF+72Y)Xr_(|D0VQtY(gypgL#%+`|M;OK;dL1*A?;F2 zsu=&I#;&FQ&+bWm0R8`b?f&QS=;(OV>Ho(__n`kP*T(3Pa*lPk#`GGjK%dO#9Op{Y z_sag7wGyfOq?fr|wqDz^(Et^y-g?u@PK^L)+YpntdX38tTo*4x*?dt*rhA=S*uBGC&A3jnoS5wQJg% z&#%Ev_H~qAR=vqL$UAS)D}Lmlj+s2~hUQs=UQ3|vUAc4)s|F~&K?P+saW$j!$}5pf z4aIs2rsHeIYqj$hOc>Tm^y3|dh56iY))(*jNqP-#x#qQ=-l^)^LDaVD+J4B^+c!)Aq^s;0WDS9UN059$5|XypRF)PvtFc$zA(8#tyvOZ(o>i1{CfRFI|M6d-imL()XS7VuU-w~gkz8euF~FE#Q>zm%i@OpSPV zY44vaweO&4s`1siq2MqRK`7i`p}ZK)mp zAKxheXbb)yJ|C@p|Lb_%#s54?+5!KMA0hx~{Lm3Vm5`hDfDn5eVRKNp8(Q%Y+uIxT@E>5KyGc+FxaHkY<-Kfv zH_(3YZSZ?S8TYXv-l&GUUFFWt^O&ja`meA7JT4pzX|)>Mvi>`Geq8>L$EgP+cxF>qiorB+o#?3X}5ja zZJ+)}Y@gl=|E0^QmU{u);{Vj&mHWS*A02l1?=jNXjQ`SM)}g;!pua{x=dSp#kx(NF zY*C`af*ls@uwaJ;J1qExv0xkg$C$j+2f()Z|Bi=i@n44r-TkkRk{%Yvb%!|a3HW_= zinlx4&;hazkad8p17!CB$iAHYZ^nOW5Z&r?uWM-w{u>>QE8l+|9S?^`9sYZaqySg> z`hOijlxmOC!-`tDmslM|vkLUqP-8PB%<>ui>;RA`VzQ`O1bQ9|V>i`+E(ziVaj%jo z@(3mB04=NTPdS^>08O+a{LNlIVP8JuNhE2A>F>X_CvO9S3gpG44f%V4#ap6-;xv-U zuLLk{3~{QBDSDd-sRM%Eu}IZcAGnm|GS5gf$AaTAq|pRMnWHcypC)j8baZgEH5BO% zbT$!-;Y;N(r{90K%KS^u=-pDY{Hp!;sH*>u54-O_K1$jYmt4Qb zZ&pOJBnVWtOc&o?i{FdlGuOqP1c{KyU!N8iNSR? zg}7lZOK@G&R!@sd0X|20s&lH>DH`WYGLHol_;7M+pBaJMOy!d;B#tWvrbX|RdZvyB zjf5moo!g{~#r)Hzt@{5hi_~)VE@ohx{y!d8&;Jd_qYnQ+N;3FA)mWkFY#PnoO7}P5 z{z3tdab&{vSU9K}5=-QdYERaD0L@}5#7}5q#kGEoFW|7U8`I(-;ZJZrXjQ+RP-UYKTP_&OK7b^V96^=HHBe7##r zr;m0TlwXDWXS@C<=2*`I>i^;4Xx!=lFO(_{cM&&S>UFOQRUJilre(@h6`(|JeykVZYHd~HE9`Sdg<_9ZiA zC(x5T!A*yO^>N?&kcHZVy(<4KVAmr1#S$4Oa_w-hCcM9X9`*jjv!r-^FVfkepsMpW z<YO(za#u_21K{Fogc+&(59+ z)S0m)@?r8F_|%hy7XoGavO!^_+lT{O$qxa$?wOsZJJETswZ@$&-I)~|K6fV?P3_QI zUf`aPm`rIvB}L)BIDKsmm?-3=GguJuPh6!{K9THPs^v7ePi?-xR=6r)jfMj4g94^CJZvIu@UIR~F|;ka`u2m1epeaD^t#s~WU z>4U|5p#GQs6w7Fk6PglFS-cqyP&oUpxQ?BDcS^3DeOHFDv;Y5`J@|=m$`S#uU%nEK z8*}yxdeU*Jk7Qu-arTSjE``T@9Q=V$W_A9by?XKT?JGC*@3D@}^M5>k{=6Fhb#OfD z;{P8dIeTeDKcvnwI8ipxaXwaG{QP7gWh^Fx!JNuPGSz!M1&lJNy4{|_TN05u`ru(C zISJ@*=%>dFz++*|B8+4jPprex@@w`W-H-+rr3*jTarX8=2LH$B6UVu{yqprTaJ~U$ zwRB7`5Z{LaPkkZDG(bo>&$qn$+SH2@$nscNB9_Ez1(ZHYVZ}Q6wU#T^G^?*8$(f&c zO6NJwhYVuClrbqJC$RtmnW*32UerFu0b7Mio-9%{|Cu$_P%E|GrR-@cR7ixuKL{WH z2ZJ!LTs7Mji>Ij#fKd0R?S@m18kGquQ8-Q?@)}{}e*51>vwx40z>Cw@0<2%z%B6t2 zFdcFqSQ)!%NogwTCpRGp+M5EG;i_*RT&@p=luEy^Gv|4C>AXFSFr6O-!lkF9o=*}X zS$Jk$8Q*D?dTAI`f`jFOvZ7?ks1K5_bn6(HvIefsI16=SETCDE=i4(N)7o;n^@$xlMNq*x#>C)BSxl094sRf23WV2{ZlFmWg0XOf-y8d-T zDS($KJWgZX=i3XuwA>UkI5*JWJ;AL?wJE4My42?|3MV!$n*>m7>PdRFkvaHMI7qUk z;N^VbakY%!q{c6coJlfo!BQhN3fds?Rvf*a zy<_r}qrgb6SEV^piv9f(Ij26h6w?i)1&j@0Gazx?s^I13Dl|vwrsfV@6*y9*+q2b< zqinadJxdiCnG=)u$I*2bG@%H$>bD!nk8Vn4{P-|qJO!@rGu(Ri@)jHwx4c`ABXbB! z@1dkO9fOUO(27}aoYob*lswtc?3|;*VT)Gd=xrjTvbl*!ZB?aZs$v&j&-5S9EGQB1 zzf}nVXWzd#$@ge-ZyPm8q68m4o-!ZOlO1qs@5s$jW94WC^Tfbok%zGq1A9;;W_~|C zG10fro~8iNwW6}{YLlp9PMM-{5)dKOFljZw(*d(qdP~8}-#>4nuQ?*K8I7oHqabs_ z@0gG9!j{~nU>lCIUfs!zv@NUad;rL%$o~(>M6wVU1 zEqM9y=dBzSPYSkH0xxk!BZTV(^%j~v1LsbeZ`{(tTcDo==z~JmMUL8xqx>9Gdl^}d z3T3sTTtkqtVsTfF3P(njVaHE3mU)e%qN=c^in=>nw7Br`t?|dt*iM=x(;}XsK6u(v zTDMC|R6Slex8V-lgpl44%^(HVL4u_vDx)VD}v4W)@Tb#PdO((*7 z_DGm&f9*LlE1$IOb?fLY0?4ebT0pzG4b}9vMl9E$$CTbFXCcZ3CL%WpmWURMx>} zCklRG9Pkqf;{bPYbM$BFa&Se$9b8ub7xwo*(0G4;0{>=-<}?vl@)&$95dQf|;m6ae zXXl54U+;(9ueYQmRY_)T9CKW1_qtix`V0l^??+7T?`KWCv?VTcdnB2405nxp@Ebze zwG={Z$QCshvG>1IZBwAyL&1jE`|GPwH-eYJ2$);?+#q&b*rs>gVWZj^Zu; zj!t&BmtE&8YUeAGf!J}82siM`22y``bFO`kNkl!f`#D8EZtG`~cv>p> zQL$!uK>z18%G%eI-R#qPRNkbfxwyyHt|@KCW6n|3*1c2g(X4oBkD%a#Di_q-B1Ghy zmgS5Uj#~RuZ!COJe0aO~Q*YpMa{wK z8oF*bjtX6O1DC(hFr@xUuqglNcHdkQSDkBh95r-ZTaMPcZns{u|DG;AW!YV#FOGYw zP|sSyoTC`Iph9Bgp&e6T3PPyy(ptgGk7r2ye<>LEKJu{Y-rdAe<_vdJZ?-EW<7AGP zn>iBnw?;d01DE5`Kj@Ziod%9<^|d<~n>jKCJyo!Vqh7DKN%z_q#cKQ?iPc~ueu(!M z1Gpvr_i%W4SdITZKJM=Sd6cvVXJ!Os7yA~2)Tn?d5$FS(%~DrG5(~+Zgz)iujRv4O zcCF$_F&<|YVINoP4w6CY4AU`4))Q!hoHBo5j`vAq4gjRfKkc9vkO&=w#PZl9y~Ymk zQ$`}DF$Oe3VRkbK%YdhU5>7C|h61-n+1Q+MSIiA*>?1CBG~ z>J3Xcd{hF?#c$_!F8cJN49l_mX@F7oafapCJsLbUUdU{(y|3F^aMb4Q(rs#J!!z3j zHt0nziOl`rEWH0PlkU!9AmM(RvOI_+x+w}hf00960)M$1`04f0h%@)li diff --git a/released/assets/rancher-logging/rancher-logging-3.9.000-rc06.tgz b/released/assets/rancher-logging/rancher-logging-3.9.000-rc06.tgz deleted file mode 100755 index 6ccb3d7a96f5cc9623c9acd93401f553b7b112c7..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9536 zcmV-GCBNDqiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBxliN13@BX{|6n!;0ckMYA^_YjVx|LhyjGaBM^qCG`fFiG(b)wZ-KlYu=$)u^TEl2 zaOti{82shl(r`E&9v>d+e}}_i_21F>`S>rR!{O-Q=xFr(_~0+Y(c$>;_%ATLKN6Z# zA|&B|8Q!_AYUjR^M52gEA}Nc+!~yV#BmtYd9+5IYm$Cs#B4SsEAA7HGU^#L~9A`fd+`qd+$4B9D8cY4?garY5QUHm3n9)EY zS2YPp1dZmfpz}qr0*^&AI!`#61_&o-FNF)I>>4@xFkQj-y2B2@iRyDY2=G2eP9)>5 zLp{~hLdsZ71_Mv23E|ovYB>=Cr5FTk&h-B^8^v<&T;b}PabHZFe%8M}ge;Q5_5ac6sMG(Ck@nyv z&PWnSFe48$#?xuqXW8uEgAWTTfC?b+?-y_1^kh2Q^hoIS;kIAANSXdw|s$*ybFy*;HwlZx9SMvu-`;M*b1N^8p?83ag{2vQ9tQA6pm zNO+VbLRalA81+y~fLy3%kh^BwNgx=|NRcW~fVUu#Xa40<08b)d5n!~WoJAozRYb9ZN2umS3A8wp1xj2}h}MTI zT&4KOWOV=l(upvE-m6~|67=*_J*y|s({-6gIGdp-C-9D)dkgfF03C)FMm{2hzVL zni{!^aRMg>V7)%o&%E@PA~Hh#Y!6=KvrLIdZPftPxoFD1AyW)C6$^9*JA2{70tG^k zPl?w9fl|_FEYul)9cls@|urqv}!vX&Ue+AbFxV z8jIMBZ}!4!v^^y&2JW4(Na8063l{hSV&?Y)Tw;*HK_F6cI!&ZiU~2xeNGUBzXoNf) z8Kp;!qDsd@kr}ZFIAc;PGNX_Z>Z=(!)YZ+Y598r*=>BzoIdV^#U!m)-hT=Unvu8Q< zEzeV*d14@mxDtaDU}Il(C8KhXc1J(LPjaBNe!SM4mc2bt+Vq8Z$D%XFq-AIN^hbeQ ztCXR7G!y^eEQu$&6OO2_jVLvF%IT5@ILBAQBLOk12HQJjX^H)rV%P<;wt5@rf3C zAaKfAh;o66$Sbxw=B+6MZ2Aj&GS?^ed9B!K&EWf5F_GX+KG{JlX342{hFS+GdD4hL zz2TK-j!%WE_jKu5{y2qN&E!3|RzzW#D{Q1@79<$SDU~J%DA0AG<$nS_8qHYGJ`XXx zm?pCs@(XQ|CeS;2`+d(;KW?c1>OeHMoJr;dMspe|>tKf5SCx{hrjpqBX5P?G1GS7} zK~IhgjsYV++Ci$rc)!pvr2a~o!8) zbqee#W7^UPR^e_1`efioVW&Q40lH;vtVEl$AP$H{4LJZ(vo)PkH3+Ch! zp_fQ>9AjCnUrh#fl9Z==F>S)OOYwe4lw&$dz7xNx24!s~*r<2{OFY zdB9IIz=8;CtbK)JYwF0_(k4^E1}i$?Q>AAF%s30nK&Jp2rYi$|e z$ftyRYVpqX0@XUBvHeus(pKzB5c1V(9sJPR`g5iniEkK z>OnuxrtOz&b{y4`0NkI9_qphIgBzu~BM*)b^q(|5Pi8av33~m!GK_rvw;?oJM5JxZ zk|0>YuL%kCZj=H@x(lxJFEq95{8F`{x+7qU9!Ug(U?IXkGZtc0WS5utBZ z#ZtzNX82_aXS9}{?o43JX(VUR z`!CV|FVU;iX4>6F;F|t6f_Q587PC2{eaHE%$woT^$_jZK2a?J(O=uu#RHjnb@yucT znc|t7paw^H6OUmv^7I%Bx?EuoA_Cp*@Y>i zG?LvPRMRE(wC60=3-~s@*4cZFf>M-Y^S9lSg&VcJ3seVs|J{S$MejB$%ec0T7qSJh zCZnm1#BpV%VzyC#|2@OnP0H9+JYQfCx?*AWbhi|y)ou;nhgipm(bZN(!yFSt)I^|IPT%I^p#~_-@<5TkzlEX!yK>|DGRp@js7~Dsrq> z*{K&uO^ANKUy4T28Au`*jMLw=XU4ty)=b!ub44RR+sip)0XiW{;uA@<4@4<%%AyZ6 zL?KBSPasNyzyZkgRVsZOk&RY9JPA;Tl#rNeH@Mv!)1HmojijGteng>v3bXC&fHEA@ zG>^6{`cEGNw13V~>VE?&%pb9hb?QSB`)Pq|{je1&82K@yku;QKmeT%YK32$DBVdQN z)Z$I=+{q;ik`TRs(9pCLGe6~p)`P_JSdvm@pFI+T`hZJ}q_ARC!!rH4k(jm|BC#I+ zO65MmkVOJ**KIgL_FG6Iah3$)G33Qk*a!S1F;dg5j$j>D5N>42eGycmqYn|vYsRl= zG;bU$8qGNh@d&b0p)J;t9yN1-`RT@(&O+~#v_xzqu|AftMm^=hg`)U?B{EK|Am%S^ zt>#CbV5S z^S05VHnLYivMG)HObiOotsbl9NMGG+R|?4cbHkV}-7>Yp|5lW4yA0Uo|9}3x68||K zjYgvm|360Bg8%OZ|GzhKQ(6Vw0_$hdSI8#KW24Mqx9f0-4)vaiD0CK&(asG4vp5nl_ z&HwSZdj98lbTI7Z|6`=e{I3f}&U{K-M<#p|6S;T>-%M8$1x&sJR|k!`{|ML=dP-^r z`&w>##=8dJq#00}!l_~@;D-)Me5TYq|MQjRUA4g0{oms?|KGv$&j0r)sc76u9E;qJ zzs$zJ-hMZmx-~0#TN`;-!ylt(kCJGwj@bf8kxt>{iD^p|g7Luwd)q)!8{u`=jh3cb zHgB6iX51%fv}!gOg~)aL>%OSG4V?yA=s@d~%Y|tC0td=xPEArpCHprC13iwB9msEs zRi`FGN732AHE#+gY%S6_Z@4Z9`S@hTbXJ+#lEWiU zMQ&yDH$B^wb8j>**A_D_D>bDoTSys~UKBWd%IrR9+Lp@f>fNM0obzf8+| zeE#p%E>+7ncdSMti!)&DY(ZYS1sOHPHw$R}tSFvu%GbHtLX{6P1ukl;4_cRW0-`hUjb z&j0f$sUmz$LH{nf5=Egb!p8c|f$W|HgC^5k9crOu6-)HVl~{v~^#Mco1QG4Qfp@K1 ztQFtCGxe-0Sf z0{_jg@L}=aQT6`U@o3!L|MxhlE&iKd;UnU|`4x8f?_u%Z{0f`!-&Hcje$3gYRp<5V z;9dv!I=I)ty*~-uTT3nQ-_=3(qknZElu?biw*wU1g8vRjqssj+LB+4KEYqx6{y}e2t6Y|y{8WkBd-oRH{t`s$g6`!H=-K-3_s#0$;nUp9P(Rz z)HtoC59yWHdC5GM%ts+5H<9Ul3BYy?9W(dJk>1Lan>E(_z;R zyWSgiZ6$v9fMD;bofbHD_m;jmG~1(UHis1qs{_pUAhyOeL-{Job|99!jNiFa{zrsOwh2m`@K(^rj(c$q?HU8u1u)F{N zQBvFZ58fRAk>C8Ih2$-XTcUHWqde|}yVFMU5AtaHG=Uqft3IB;I{WGM$*Z3;!1#vE zFW%^{jHRhys5bUK2PN5;nsQs22FZ$xA83HqR+%T7Aah3cIz1#8v)!MgvsbuFzDh;TOT8?DfmK++<%z>1EBEe1m-O2EF1(4(f=>^KR&#HR!b!)V(X0&SBL6r8lUctR|{vbY6KS zlBub&z6LY!HS$^=yaf}6v{L=?4q{ddw!B$gIjKSZKQWktVHeEZeo0@+V zscTF9x=`JUb14wLEeFdo=%p)@G7Xy*da9c0u3p)}2t1_w7oe33_?Gw7)Z9YV%71m+ zTYgIIRd1fn07m8N)(1uztvr>txFvV(>li!GZohqDz8O%sOT2Uue(u@R9ZKJ~7Tk(o zu<0uO!j9%TUr|X1U)mUYi8NiP833q&qXInL;(2ewf89$-pPx$(`wVCT{$+rC~p{VKb8odh_6vm|;UUPR{e z6dS*_o`2=NzPP|QG)g`-y-ngczz`!zf}&Pf%UHl${oFR1?`njxT)ouDC;d{6{xdb= z-KD*MuGG^1lR9Mi)h#{-wk`f=yypKO4~L!q=TXu<_Z ztmZ0^Y#*V0Tu)8Ko8x>o7Wi5Mf7S`ALq3+UojpnQu{2${tL|BpuN z@qfpM2i^RCjC3FK|Ly@Ga4Wl^$$Qz17eccU8Wc8fdz z&6k+kuKx-fz~jQfkXEa~E$hF7=f~CWe;pol-~W1?bRX-#huHuwidoCe;Q#2|+;P)2 z429UKeSU@ex4e|C7=pEN-?l05*Ro~XZJ&1Ar``5xw|)8_v3+_g{Fg4bTJ8mGi~m!9 zSML9Mel+gz-(#dN8ULkX)}g;!pua|c=&ty$v7$y4*rG&-1v@O*VZjayc3AK;W5G7~ zk1=_t4}fj+{~Zt4;=c|Ly8B-rB|R*T>ke_;6Y%@u6mNI7p#x+cAnO2G2gvRNkbOS; z-;Dp15Z&r?uWM-w{u>>QE8l+|9S?_H{O_YA1-Q!B|LZ`bRC|;jR@BP9#Pp~-t3YoJ zH8w-SET7TO4giTFCX1>?py#nLc2f=Lk|16X_bQnpk5Hlx{{CD0>TTdqp?WcCQ~kZb;w@1`aT@XDR|1_jhC$@?VNT_6sNa9L%KUTB z=-pDY{Hp!;sH*>u54!I^K1$jYzg)k@Z&pOJBnVWtOc&o?i{FdlGuOqP z1c{KyU!N8iNSR?h4^AFOK@G+t)3Q_0(_40ROeK$ zQ#8(*WF8A9@ZsdtJ~IrrnaU?yNE}xTOpDPejZ9q~G!l|Tb#9X`X7f**w(9@4EKt)&BV>;b%rkf4~r}K{ZA&q)Y`Pzc!>eEx3*q6+doj_0W1UDTT*2jYDLl$Ze0IU47 zfL)917fWQE$hAYjy5jxybF25qo+ZWWd*RLw1y!53DTh9lk3JgOwQ6`-&SW2M7`Zvh z?C*ez{KvI|YyY8IzBx7P|0M~iuY^GRg@T~(@g2VTT})f||JJ|%H16*IeVnvs0pMK1 zlK>-l5-@g^#L(NM?RwBFXu2Ns)PGN(!Vvm@{Ne1GK%E&&A|EE-flobIcp*@xFB=p_ zx{Wxnjr>z>(px>G&xwbr;(O?M{6hR@xpj;4O-EiZ6SNKB?Qppv3+U!1_$RK?CZ9-lF4b}x+^06*Un^9VvM6&0c*jF9i^e5KtT(7M_#HclIDsz>=~Ep2Ygf6!eW_?|(gY;e8aWfJM5bA_-#T5YPx+$9;Kz zaV{B0XAe$T7_ta{IyncQa^bjhDhK-ihJ44J{>BIT|LKFpe4zf9{uIk-kXJM%p0ao| z8lZ6YU2z>d`|gxnIs2{*V`u;WIeYLE;glr;UcY=L95?3d7xbj#QXk2{f-+&B{_R(L_eg?GB{B-&~ZLi zU;O-JA!RHkgTb82MKaZUJq3(1sJh*r!dnuNIr`vXBsmG_Z|JAT48UVy%p#0r8c(dl z(DG~cAl;A#7NrY6*KzjtKnDNE=M%@dyu6$ev2eZtWwmrnFA(2{0!@7($uvMnDbKgO z``Xlt63FscSgI_E)e0zml){Sj>eqU%NYkXgjwEM(;whcyI3F^I0aM1LketK<2xP2& ze|uK@7zb<>Dt@v^)%nk?tERS6?_J8Crc8xI82p3q@qaJ~^Tt)TU9otY+5iakc-mn& z<)~4apb~}S^dWB%M((%&Z8ZD$C<(kceJ#NHl`UTixC>K}`@qWBO>;`uqJDA{lAygQ za2c-p_QB=4D5SOY`#N);cbCE2(+Jb~Q6OA;I_mi(5t4;x)|K&{MyZ#EK*cy%9w;kH zmW=u!`AYYWfhlX?>Ws5ccjnULzPN-L3w-28^7X59{S8Fwd_vJLX^5^8ABAVbP~|qm zEnt7YI!*WYl>n%+h4Dy-I%8(~sVx)1mY8U47gQ4;OV56OvRC^36a;E<*6tOdD~kyy zAxh-xCz0Th2&S0TjXwB^UOL!uF^y?K_%WhQqL8Go20jKT(eSM>?gg1&7Xe!)&u)gb z$U}}HTPjuuL5WwXViG`vU>+qhg(<;CN+Lpq)d`|3z8Zs zlWP~5H&J%r{@oomHdUY~PJ+OMa_`71RnP{Bx1#9v>>ZP*90f*ly(vwRQta=S$T{_~ zC7W&_EnsX2n*oXARs}CNH=!v?H#K*lsz8w{-JYy=6lJ@m?MbTe$eftGKZ>ripb1rR zt8u%5{OG1+#*Ys(##7+>KEthNFKfD4Zp1Tk!JZ&s!-fo)m1Y1YY8dMhMpn z>Mb;R2F{%_-?*iPw?ID$&9GdmdSe3T3sTTtkqtB5_xW3P(njVaHE3 zmU)e$qN=c^in=>nw7Br`t?|dt*iM=x(;}X!eekp;w{Djdt9ra}#;G^43bmIViRw*Y zG#n0}LC>Ck>P=ug91j1m=uYg&#R`^sYkoS+c(;A zY?i$uMvu;@)dOZZriZ7pMz+i2n6oAImAPK1Dk|$>vl9hBFb?>MgmHkoxHbUC;p z;SMgV{|o#3A85S4KY@R9x?C(cR?(b(^ytE}Qb9*G2bpSLqRPY-@*|iixZ1|LRZp{OiPN|(eaRbQ_ z2O&|-4vdd+El=uhe`-hhEAeWkWM|&Z2laFGGe_|je@Dl=+w-pT6}9sf$w2J5NQ4`B zWdo@{ygAoC$0VYj+5McNyheRGN3J*D#N zB3mp7NB^JLa%Fb|=eht~;VK*MNG}qe*kS8uoOoI)_)(E&X+ZzywVJiBDZAOHwN&1u zrn$Js)~+jU+qjtDMA4?LEKJu{Y-rYn|<_vdJZ?-EW<7AGPn<*0Xw?;d01DE5`Kj@Ziod$|* z^R+t|n<+8{Jyo!VqF%4JN%z_q#cKQ?iIuPsKg9cs0o)S*dpJBitj7NyA9eTtJWASw zGa~`n#lFQLH7a0A1p2^cv((j)#6of;A$YdhU5>7C|h61-n)?r|!xb5}9y(1{`O|)f<*@_^241v)|6`ob~BP8J1)B z(*UFF;|$BOdo*}zypY*mdtdjp;Hb^}rTf&-hi7&OY|xuNzL)x+MD|+`OBA6e(KpoV z1AU4&8Jo-_8&G8)wxcNmj3njRu62c^w1J$o`XY&Dtwr%(!VAr>mZIAmRJHJyn z*?1vWF^a)c=);Q=VQT6T9ntXQvTzLQ@~PQr@byNYfNS+bcfBBXS&U(s4R&G`8wqXD zfSG6ccE4U-=PPO=icZFSlc~rZb13OP`C~?-mP6)M4UY^JRW8}dVE@M}%|#jk5^quH#*A_ENVTO$|K8@r+GMCsg59M* zr&|}Inumpf(jB-*v0azfs76rlB%!*mcK1-BaWlgC_-;2Kxmi@@jOSCC+JYs?Uf8oB eU(sonE_JC(UFuTX^#20@0RR6*4{vz@Dggil_1RDW diff --git a/released/assets/rancher-logging/rancher-logging-3.9.000-rc07.tgz b/released/assets/rancher-logging/rancher-logging-3.9.000-rc07.tgz deleted file mode 100755 index 4afca75662319e7fb855b45cf884bb553576c8f3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9658 zcmV;rB}LjFiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBhliRkk;Q4y_D|$7#8+)!rN%PFnR<_C+JNLSdA5$JDr%t(2 zGZ5L5kRb^M05w)@?{DA2gHMqXrFq!SAu1J*NTAVZG`btz4Um(_nmiqPO3}|6)>iYWhy$|hMg0g4~i;+X(IQx0%{@ooqJ_?W1Sn5Y-EC|q(0!ZY;lm-&H zf+QdjG@8Mj&gQ`qJQhvqEa7AlAe_B@CR{jYH^|Y4$r66j19kw;)R@yrfHyI6A{lob z>Zz{gQpRFD7As48kaYW`(o_$v+?yIWD%8&n;!zb zgj2b6>gl#9jeR)mb8mR+eCd_**CC_&_7cV962=62mwk5{2tH9OHm``|YyD?gIPpNlR zh4{ZGLcb4H2N8NG1mVjkdi)$irbmz9B|KQdgcD7hsZyBV=cNALwLn8EwN%%oJ zQ~SqMbpQa;g)oNR^FI<2^z>7`s>jgNu*@TzPSKNNc+D=nIr>R}jzgwX8d144?5niA z8HM@_0xBd%5Hl_zO2UaY^slkT zMlNF=1cPgx?VvF?qkgp3w!}F^ZNlVFv!e7AX0KVNu(8EYW=fF2`x!zggl!W zB}a{*O6NnN8LT1e^edrx1!?ER)^HC1X5bILR(0TJRg2~m%?`p_)3d>dc@pJ}EC z0_U8CDCd}n9I%x!uS^?Yli$&kxjeDYYuQdq2H)3$i3Bh6#SU69OHRGFsAYiSCv6d^ zH@x!9@u^U7&ljGhk5hnZ7Vm}CBFcuj#zt(WL4uK-P-$v_GP*7`|BsiNR%^PXYAm1@z)^aBE1=Im zpqEH=9HUvSUrh#fk(kA1w_R^>Muk*-(d!ursP(K-_&)Qlkt@0UjB;%#E_*(lW$i0FwgyJlmsXj|Y_O~YK2>r?z?8GFZ0Hn>hRM)wZu{#iRsT=6IUl@!^X~bDD?i9v z_p!nMqyH}Ze~wQNPCEb3LzL$Ezno(bBNwiWZ|Mr$F#m_AN7ea1IXOJ;=Kmqe$B%=3 zSkQ2+B)AsTYD4~GsL0~YaSZ!|&z~Jt%X$7G)^4OZLPSCYHqCc}u4C)MFG)V)P!n&WkD7=#T+ot#Io^Gta1m8yW;KLE|#iK01ZG#db4| zQ?F%C8amC$T6Jk=bs8(QqJ1E8NZ;vkjDKuDy#+iok{BrNTSG6?IK#E{bZZ1-P9r&m z-hYbze~MlOn(22NhHLuUFygt5EoN&*`;PNflg)N!C@ag`IFMAONkRijqcWBn#uJC} zCyHh^eCa;{0wIZvV_4Z;H=Ig|QK4IHw6HvL{Z|iqm%Uv?mT_$vFJud3 zO+^EZ#BpV(V#25&KW4UelQ4D_&F2_|u9%yc?uKTTNV?r>znYCB&-7hhS_M8b)O(u6 zwCiDIL0<)GrO7AwBVn?{GPO`b5|J7D{mHV7Q|hi>os695W}kLxCD|pnJGI(HVST99 zDPOz8tKqCcZzljHf!13uls4)AX8X@N;q^xNcH!U+_TSNHcv`XlPLI3%pNA7Uv&<6i$@7VOBmrjeh;a^A84oe(AQi6q(wqJ%eP(K{NV zkR*)95G6t20A%ti<-WC+jTSyU2~ek$keF&WxQ&fz&qnS>($6wKqR>Bu3Hv&r6vrg3 zqcw~E)5ieqpEH#D-+&79M{IMQ`jEta+Tcb%Y=sI&e#~ej4JMhUv_F}T6|`0m*rG4B zdDD?QxnMyOq8AVvnx10jr?k*=ka!+TQmpK=2O>}(aDkB&mW^sire8NA)0RRc*3(}B z?h_1IB+w4srXys(g(MQENgy7AUo3`wzz-55wcP3u)@cRdT9VuqLM1%<5TU$b{F+9y z#<`-=jH3__z&jP(Vx8$xvj&)-2F7$1dY7mrVl9gGxr8<1DNimG#Rn{rabg)Ue`%qb zA9jE8K}jR)Qzb4W~FL6zT&f$b~O@mWjHH?$YYJJ$2cepYJqpD+M;je@|BYe}|`?|L;LcQMr>i7P%gO zmd$^?{%%%vD_U|_9eG>DAERfFl4!4v2?3;*PT}N<=}Q!n@xdf}+eA^D;dR?UOB0m! zVH3!d`#8;3%_gIexo&^m6_&f;X)Ft!Xq{5Ikd0rUK>5t6DXOVt{~}?a=P|Mq`9l$O zsv>k2ot<3srl7)BGL7?&>ynT^Zf;mmPPK!q9w^E?TsdmA)o=@a7P58=K>GP=EXF4b zlW0*GL$72cHioto2NX!68@qY-Dt!JtUU@Ca3_gGERr@?I9Kc#>lb_BiV_R}~ap^^Y!spD!LDRleWmg}6F$Q!Itpev&Qt->Ttmfx` ztPZK#zIk9Z99dieD`yMx)-BMeX}+F8>sLkbd{f?k_0-c&t6^2l*yBqD8IvApy0bnC zxyX4pD+$Uw_OxaTp3Ylw!}@v$C0yz^)Bnx(U*?D<*ZG0&oh-pk_TS0ysOtYY7a+d$0ZpR+ zB!^Z)d!xcEsmohIFEUhWIoVE%r*7K!P&(jrk88l+eg*hN{x{hlZ|%Xe7x#f^<#5|J z2v?gH5HFrJEHum?Hy99Kenqykp0-#xo8jMf@oerP=f+)^PpOZu#N*k*{=<8>|3-(a z_Fs4Z%Y&4*_8&f|{fC|Xci;9OHrsz83ZdZT@43EsK#id@13NRYGXpy_urmYy8fIV% z`)_uQ_iO(hSMPs47#(!?|2<4;YyZuz@d53>*)?|d-~HNuvukX!|E`k>_G8XIEIY4X zXYO_8UT5xg=H6e#+*>Iv?7!>7>_`9lP$;Duac>J#aD)AKG#XXze>pf*k2?GB0g9C( zB=R@gfY*n)5AYHG(XK)Dwn69_{^>owe>3v>uyZ5cvl)4P*yu)7v!B_I_(5{=t3HSP zN*^^&!So@$@;Yys=aTs-B#rEirCEjieR_9kMJIh#dhsi=RP8A4)n2`WK3Z9=+xOGi zuAS|AXSQoA_PYZM_Kx~#VaIOY(^qHBc4gbLgZ*zWi*COG*unlk9Chda9;AE$`#-&G zyxRc$#Ww)Obb-$P@9h81{_pJn&i?Q0|E_#JrG@>^uW^uFp}0#1$Oij=baZlD&Hp$) z?C$@6kkU5)gE!}Y!@@nRjFc zOIK+lheb~75RTM>g4}JlpW>2-qYstL2YIW*P7=q20eI` zehQ+Otu6CSs+G&nYd%%=xTHF4H=RYzOh7TgMA zm0)HLD{;;9s$=`1EZR*U2)8xR{~s&o(=RI!IX~w(r5~D9OCFm`A(dOLSH)YmE@{)% z*6G*M&Fdt9*Yerw%!_4cyuTuqprJX!ZVw)6=7F|Nju>TigHN zLy`#Z4jbNgk_c}&Y*-_{OI6Li6PeSxeG*9x;Ppu*Ya4tkSthFp)hwwLu??PtE`_B_ zVd+v>x)hc!h2<|@+S&gHw@LunVE+$KM=RfdIvI8O9}iNtu>TM4BLU>#zB527DHp2= z0X7|deNx6j_WHt9zxXGsYty*fkrKxaPO zN`$pt|F=m1*s%VON2~c?Cx^$~`hSRW7wiA_G5Lf3?=0aF3H&b@ov%gWmT~&Vfx&%7 z?3+fiZS3CvrX%-tLNj19Q6Fs&*ld05z7pl$9M*1Qj(>}xJM&Hf}vx!jm80&24@=l_j4Y2P${&`2% z!(Bu|8^ur;mHc=2w0xbV?f$P206r)j3~03*+_3*UJUyv?|LN$k`~K6zl)Kpf-A_!m z$Yw3$v;Wos)`O;F_=RZvKEKBO9WUi72KCp5Qk&|2D^b)g(Afn#yFh0b==`?`bnayT zrQ5BRv4Bnaf9mhb{ZFSyUH;#Ll&{(TOWCZm{&ukb8vUW$+JB9J8m+(iOtU3S)GXI*yIwb>qN6u;Fca%B=Mc(bSaos+k3^3Z?@92dPb!=03?c-EJ|a6p2x!2 zO_hdAf_P5c>tupFLWw$&&uYkX&Zaa#lg$d>8w)di`GhBtq#>rizi$uTCXN-ri*Xz9 zcd}F2kVO`!8E<|i(QR!iTy5^zt3*hhIQE)Fs<-+Cx2%?VMxq%O%PS)%IR<)KU)3wrC0QJrCI*l1n)c00h{Fi@OV^_|0gGh z-S;0Kq^!$duXnpN3!-Tf1gcsli+7jecOv-AeR5|(A|&z`=fyo`rr73E#_4fA*GsD! zB(k4o-%_)8j2V}O{BkZ!I~)yLJuU8@_zdN_uBl$98yLl3zdq`z2yA4)iu4PIK)>i z+Q0lF{DP%<{U-uBX92c581nW>AE9+NTZ%p zzP6$ne0pjZ`;wWqW9Uhq;JQQO`dD~<7D?>^a8-XAup5#6Vu_3sxpD|x1KwXfw|sZx zSx~&W6Y6ZyQ1!V>JM^i1@Y&F=RYS{iCHrvA%*{|{e+N|LKW>z{_HQcXn@h9&Uyy+M ziV3t|CZ*f=2;k*GUY$b<(Z}y@I6c zK~Men_%RHj|M|1CXL6gSEQx#={|G+yWZ{KCnZ9fg7-<-BU_1FaU^hJzdAb#xH(F}k z3ev4nu^ElGg3&Y%9r6PAjKpL@11c#B_v!fytH4B|CY{2Zh=1TR?edXi7gBAf!F_D& z{YM3>QWd2R3h~_1)zY_zpi%A$5+Mg;~Pr5&n@?(L*a?!tsxUa`d71HvQ}D z?K1&{BZO24MK3tlK5MWN3*;QZW1ORinZBDvH34rjr;$j760$iVR!$-gOt6ka%TSq`j0HB5wrh)KOXwc}9e-p26#;CqGr_XU){&sTfF9kBQB;Tou}e|L^SNM{k_ zcxQcVTK~rfmHU53M@L89{{KPB9-I>?kw*d~12ge(Gsg%f2@SN)jEQ%xb9|jWc&Buv zNMarM1~JDV0JRQ{Gn_`VC)(RC=>m07q41nUzOx6B+E`K+!J}ATnT2+J{;$U_yorJ( zut>L5C_#)I0ve&~xX&&wFC^pW?7LVGLdYt|4xC`Mi9|zx%z^JbOx6hwGd-dE6{X6Vq{rW#RI6bZAe;%F;54!dL z5XIR`4_QI#EQd2?13S+9>WkkV&83XRcrchzIZq}!)?3)4461JT$MA|oWQIO?7)ee7 z`X~D7$uIC&7_$f?nI6H=X{h-%tB@w70E<$`kLx&ldmw}V$HEe@Bvux1`Y7F2tb$(|xk62&`XZ8?`H81w zp5wgBwiqyBObW?KEPy~p>NmTS+Q&Fx%TUpiMGEFWvY{GirO~^TJx+-Vi7@*gg!li0 zL6~>0hV6>^<5UMgsOQs8!#PK7jR`7II8Gn(9%1DE@Lxu<|Admj)AJVsY+T9GrLgb9 zl;z&B^4?8TN<&dUxk*XV-c+~>mwo%-YLyjIDE+>!oY&oE^7ix&)A>apTzUGS$XOyJ z3*TB-=8t-pdSwt)goDMQ(xPO+s1K4a_2?Lwwr0CJDV1K{5O!xN{1E{uz`ADZaBW8M-(`2wF<^YQes*Crf zXTLq#EB$^90yR5p_o~pqV!}y?61n80*DaIqeP}=O3syL4g%evz?^1K zXGMaUKBp`Q*o_{fVmeWvUPfLes0yTHQ~kQio&^Nt94XJHa$$B+j`Im>%XtdA{&hnu zfM+N?PGddin;Sl}*c2-`pP;{eft^~lX{a%}(nr?{hup532v8jAS-NjDX9Wvq?>02N zn$11#Qnpr%UllQvWYz+uM$F{Ohb)>fJ9Pi<4ja2FU=$}oV2*NZNh{UR9ujGV(TnM8 zCeJwvjO1!p8Y3mx-z<=G>SIeXeS)-s(IIRKB#v7(yjtId#wbl{*aE8pMyhptwAx{m zWlOY2sX`-ji2d#`y2+BJ6yR3#_6hRS^pcr49!wce4c9lB-TL;~4j2_vURv{!IX9|f zsOe4kU^At(VAhEfbq%j1Pu2`O$Ea}Fsudr-N`zE8Hxa3>s*Fr^?81ww{^N-?N(B6G z)k47ApPruOG1}bAMvWy=G9TWbGau5EU2tyiQqQf%%F!z3>5C*hjHMXZgJLoB`{{|P zzJ2yMH4t4(Dr;V?BUQ{PQ!vf~B7|a-Rt%mp%u4GG4X-|aUI$-eM5a?3QQ1a7=73)_ zAK|HOxlO}17-h4%l`=X1W$+3^rPk8+nki67F$ic#Wet0`#i(#%x-CwYM(+y8uiG}f zdjH!-jEaY=TML0_IHeK7&7693jh->*&Y5q*Qo@^~p9JWGvaE|3wc(@u9AkSLS&Ry8 zwV+(FAY+B%wip#o*(=44A8Iu73PwdyVOtetceZJ9;r%NUkDIcsBuOSkJOh33xFxlA zD~eP-UO3~}8(V?e%Z^0$#xNQVhfknqPe1m?a4;MWKU?cgY)Qq6E%ngk)I)AM5!$my zLe=*=eP+Hq{Qy&^`BPN|gxW;>>*r?N-3+vAwC1@)D>o+}WQeXxl{ z!_SNZejs5S;5KfK{xsbVE=jnB%j*Ba{{A}}@9&S{Uo6p>CIU+ygZBl%zdb7acwF`D z{9N$s{ha&t7L=qS$?T0|jtlKxH#=LOp@9AUh{^r^Y=~F3#Z|74B(n~Hrj81JLnynJ zLWm8W(!s5G;L;_vwI^;MIpQEBs@s9_F|O1}-R+O5lX!;gOxTenyGMrH1bn zY8D6de_Mg9eNEYAXsx;OQ>vPaF}8L?X~T~>Mp0Y$PH{%F=A{@x!3R}tsKX*e#p$W%BzhSwQ%v)W7NXM z+s?6@UP`uwxUI6b-=d9e*q*ih_H2~X$ls2QG>sM`cQkU3`y_~Ig#Eu?ZNjKk2%{OJ z4Izw%(1k_esurVGfr2`WS_KNWL@vHpvV)0bmZZnSX{Kf#rb+BRw}DhVFrT&}!D|Flv~( z?Jz1#-6y#EorWRxmx4tD(>Nq?-`uNNU2An1HB4Pwj8>*@yIHgUo-aJ5*Co{ZS zkCC8%HtLB_aCI>HZ@M9@(}0ofzBYof9wXDxQw?h{>h*f-WUtLptmglbSTP&%L%h2j zzzzAoN5i9|YX0xZad-dMgOojZYd9dgYrUAHMg>fWKp)t2nz|a2SV)c}g!eybYXF*a z*D8(_<8fvY_HnuDAQ`02Fr9;BJ%KjKDf1WR_CATs0ibmIrybM+5}}ijSe|>N_t*h` z$Uww2#(+jBOf-|g6mLLKRS7)pn9c*C8X1l{oFi`-1h~LJdtEHFQunZAiRn8C(33i^ zC}1-IGy;;vP#HI=UIYYT2H@ot-$9<8V-z%JKzLd)t#o#gY;b{pmwe*P2Xn1s0I0kw3*hCt99q1Eq zqkib27uYV#F)Wk8F05iFp-mbv>nsoV>)my}qb8#0WXyw1Me3MCiFZjKGaI!OGOucA zWU#1G$u1ttaq7=Z7MKtW7a*7#<5EXFluD2(IaM`9;WGIw2Dc=j0m-5TMpUbIHnqvP zq-LyoOh~1Y)}%a<%>Jvf$H>okLe81M!Z4M{V~KZnsZ?!2lVmUKS&(n&G)q^y(v_}srEU5D0RRC1|4}5wo&YWZ0LZNFq5uE@ diff --git a/released/assets/rancher-logging/rancher-logging-3.9.000-rc08.tgz b/released/assets/rancher-logging/rancher-logging-3.9.000-rc08.tgz deleted file mode 100755 index 6f62332e8b9fe830b1dfcb76223bb98bf0f1220c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9662 zcmV;vB|+LBiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKDJbKADE==t^Xuh=K|z9zmACE1SMqc?pssgvHDIr;F|Y0sR= zbZm%RNvKJJ1wc7!lJ~d2!3RG@N|gMOq=%SJW0AmOu~_Ubb{8NgkvB))57=x*quJne zPPlZJBnpM^0_{jD#HwwP z(7wmQm_-=Ltb2#V^jGA9vSPM$62+)%PNaVwm1`@e~ zBp?wqn!%jT=D`v?7ES3a;bamZoSr`yE}XF&2|wupI{>F@%;_Y++ZZ{KjJpo? zR9AB;V=*2KJS8TCYe%U0LU!q00RGd_WD(S%6LemL@jVoRd|kGKsdsJaH?dC0Lfs2 z5G%>x1C1nuB}+I+4C8=E6t3fNj05VCQrk{K#Z#4%<<3XG)f>nsU^3-mZjF^2cQX%X~xft*tx z$I$CJ(ga+-+8TC-Jf}E>vkh_KfNFW%{NTDiFfHxCw8o4P80(N86 z>z>l{stWOcPlSFSstzLbPzb`8PxSaXhD?th!Ap3sgb62_HdCcJzt2hiy=#GnRBH2R z4*AHBqGC5vm1JvR)j?0>v(= zt=5NYT&9MQspsj|BPBKoO>f z1LZ=tw)Zk{+hlAm8=>Et4V&tANzk=6)7>xJS z%AV#naCx2j%o77i#I+ctmNxd)P%2UNT{2&KP>c=bHY2ModB~71+H!M15Oj>fL zPk#}}wMZGNM^o|NoF(yC55f`k(1;R~XPho*fHQm{JQ5JIeXyfbDwp_gqhP5z{8{m+ z-cw~Wxd$GJ$%F<}Qp|*#&sjW%_q}JYUiE&{vzjV3h&g2%lYj{EhJ>icTYYGjTD~7J zfKN5k1A#NnLX>k%L=M=>nAfHau*vV}$y}b;=e2C7C4=v4!9;>r`CJ6_vb9^ck+_Qye>Ejfjn#FrzwTLoiuCWoDX^>zfCsdjmpscS;&HrQQ(P+wg z_IZfmO*FW_P_=5)c*N399=ZrHiF`CgxX$Ldqz5+_Fn_6Pyn_0s+ zjj3fk40>@~ats*p(N5A@WAAqwhSXmQ7WGZzki>n{-Y5=b?Jb7xkv8`#SD(m7Vzt=Gi-Jr_=uzEG{CMu}*nL#%WM z*2jdt>lElxwtGvHTQ!L*=22!KDf_C=S%7X?Vk`FNEQkYQEsNYpQY$)Lb~RQ~3*aa{ zzZK9IAJ9uAI*!r4)(IyAyO7L+w0pF3oKYbagY+ z(~?>7T-O0VtpIZ(tU~vdty=>l>r1OuWm;I)0iP;aBw)%}ST=?VhQ(xQj3Lb|sXdf2 zpS4mn{5tEXWE<7mL^pF(dy&TeQ+7*xvAadcx3+aAik9eKdTah5rRx95Hs^ykZ{NMR zaODSi>pnL4fArsF|IgEt(Q)Vhd5F?H|Ce(NV&uY=@hx3}8|MG;%R@6 z+1?@TW10lP68=a?prcXB=FvlNoqwW%uIo$HhZ>H633?|QR9&TMM2y~J*LgVw8yzx0tnqDqXXY7|a6^LtCTKi`+BK(; zx7co`aq6thNkgX@S*xDRtWINvR4bY|EK6xpqYNRVYsHh4I`e}*kZP3w97bOHQ8)uwy!d#jo(OBnj|!kG%91M zVLWjdf1+q+!JgmNE}x-A0~|Y@ndE_Hwj}`(R_|U=!&_C>27FdiKN@D_N&=A@=V|5rB&b~ zL%nBNOuHUd7W7r1R+@Z*KN2QOEK>_5BoUdZ{qwSnQ|hH&os695X6tonCD|pno3GkM zVO^)z7hk(+tKqCcZzljHf!13uls4)AX8X_j-u2%0cH!U+_TSNHcv7+dPM&u8KMzwX ze5^Olsbfbih}(aDkB&mW^sire8NA)0RRc z*3(}B?h_1IB+w4srXys(g(MQENgy7AUo3`wzz-55wcP3u*4YH%T9VuqLM1%<5TU$b z{F+9y#<`-=jH3__z&jP(Vx8bovj&)-#=~?KdY7mrVl9gGxr8<1DNimG#Rn{rabg)U ze`%qbA9jE8K}jR)Qzb4W~FL6zT&f$b~O@mWjHH?$U}^-$2c);E#*L|pg;H1aW$aHN`xMCXU3Idd9G zyZ?V?>|P!G+X*p%!jXiH4j1cGGaDEd;5kkeQmH~%LtY19b#t{7&JI8>x7V(J?%z=! z_@?!La8Nz}b37UybnE{iN@e}mP@2Z6U@6!Sohk8!O7r^9cbd1A0vqGM$1DE7!{g5X_aLRH+({gZ zT#rA`=D%KlH>wCU~;@|eyB~_x^1AP z3CjAg31rHBoF=JelTk=mx4-TR%U$p^mW9r*PN`f-!Y@#ueCE^?)l{;7kucEn7}<&Z zp$Ixv5jru>POf=VP+=QHM+R&9wsxfUyCV|~KV9hr#sEWn#q zJywpGWJi{va*AVjl`Gt=kFxen#SWRRD%D~mqmvDKQJlzkga#>!?^NR+xfZF)J|l8I zhTdR7xLW7~@@K+PA8!j#_D#^m4cM$#C$92CgH@rGs+zRlf?hGI-(+)T=gTztSb#qf zf&MekLm^Jhw5(JtNl=}4D48U|Wl=_te^j&T5ebiKMEK+UX@P3R_Ze)h1!_95!z`+R zCeeSKLo1=ZQDK(U<*lF>87j4$Y$wHoH0^sR9bUS}HQ;Z*0{kNXo9vHsd*1BjeIQyn z)3y!5)usi+i$@F#4fDqh2E>f>8Wwzw2az{g|^4 z%g*c9nR}hN*O_~rx%U?__f|>^`|tWN`_aEX6iTT^+}pww++hD5jYgIGUk(mO!!G~t zL5h_kB=R@gfY*n)5AYHG(XK)Dl0oPh{^>owe>3v>uyZ5cvl)4P*yu)7v!B_I_(5{= zt3HSPS|2q|!So@$={j$j=aTs-B#rDvrCEjieR^eSMJIh#dhsi=RP8A4)n2`WK3Z9= z+xOGiuAS|AXSQoA_PYZM_Kx~#VaIOY(^qHBc4gbLgZ*#sh;F|D*unlk9Cqjb9;AE$ z`#-&7yxRc$#Ww)Obb-$P@9h81{_pJn&i?Q0|E_#JrG@>^uW^uFp}0#1$Oij=baec* zn*Z_ipu7M7K}y^F58j;rk>C8IndCKzTUzH_XL;Pp?oK<&KenUw(-=N!S@r(n#rdx< zPhb3&8H}&k?DCcVxL8^WifZlXbE72tKvS+O(MHX@BV^9VzJK}V?3Z^r zGVjO?%Egex6iud5k%R_?4(0svAGpk4PicUP+7+CN5Plad%3eSJsnRQFfI7dQY3n2ep|kTx*`c z81&##`YDKBwzkY?rdBRLulf4a>6M*BD=kuA zO)vBBY`i08t+p$4z42O?tp)+mb|9v1_0E_rurA)bvi??*Owc>Ic)k5?B#kbum5WJM z{aD32N)|P~s1*NDJvH8}My=zN^@bTTjeN?t0G272I$$i3YoUGoSXzPw zRr|F7>fV)G=f>9nr8lV9Vog|0>8$cfBohO%9)g*%8b+&9ea?hItpq>bVm{5ch%+hl zmY=4V<(7M1nWC+_uATk1UDwX*y6)GrOWST&xnZXvr*`J9LoYLrmu@`DIII_;sW7O! zS!D~cd!OE2fL0#f9j~FOxn!!9durE9d`kUQFP63##qU?5EZt0%fRvm41 zTW~9gRf3s0ti(0Xs*df4vS>Gb7u?oB|9`BUPrs}{Skha?f+9X7o0BoW?l*sw-?m#Uh3Co-pX`y`SY!0VGr);9Q7vP@PHs##JgVjDaO zT?$K=!qTO%bSW%d3d>)*w6p&YZj}JC!Tukfj8?w?bUf_xKOUrPVgDc8M*_&feP@7F zQZ7~#0&F_^`lO75?Dd7Ie)%&Eq{*$gy!h9}yBDvYU;gsu<+~p>p{!5&&XN*PdUb~K zfzEuml?ZFQ{%?~2uwnf_9j)en9UnaH*8fA4yIB9XkI5hOe`g7gNZ^0L=zJ{_w~W&_ z4h-%yV&629ZDaTTHyydJ6Pf{=iTY@Jz-H@X_mwF3=CF1fbNpKj-I)j5giY73g2u4^ z%8aayG;f~myA2;7tOj;&AH%$*9Q;b6nGK`3kGSR<&iV!-oK1wf$5>}Wmv<8NY=C|5 z@y|Q59_}I%+9-y)sN}!9r{(J`ZTEkL0PsQKU_h(g;D-I*;mL9J`%g!Q-S?j!rrgE; z?|x#kMK)_0pZ&KEupTrW!!JbR_xUyM?|3O!F{r;bl-gAHTZy7}fzB?_*#$bgK~k^|yod*XR%3*8Xb*)My2^Xwlh% zoh{hef}Jhc*@9o#7HnhxF(z;I0jN#(-{@fF{KwI-%l~+g@)tVD(H-KrBP;W(lk#_c zwxN~f+k9TWWbQUsTd{FF>$0;hJL|HuF8|`z<(D>Ty0S%Sw*S?-+v#(!D`kWIKYDsl z`TpzZ>B(_t|364kHgNg+f1PNS3f$7eiX^_1oGt~kYJ0C3^37IyR?nz32Y^HolSOGP z(DPUryQ$J}Nf6J8d!0;>M<`Jz@>vae#@UnxXtG)1dt+gyFQ4!vk~GBh_xJ6=+r+T~ zcrk7R{!Vr(8?wmaG~>;$B)Y9lg{#dydz}cW6UW}LNcC2q;Fi@g&qy@Gg83cNXbhvw zhz`kzF&saAdiZo>%Gxd9u1%CHB`6ot+{)>2A3s|C_oY|#cBNVV+XU}B&;gs||M2Ok zBL9z%54!I^K1f-Yzh3WlX%@!1f zTd91qiNtY5!L*p2(#+JspplRys`F%ZR{dYLY?S}6Swt24+(Hd(lK;oU>iN&%=%lm% zAEX%jKb2UanQR)(+{*Mf*!_hD9^=S_>#=Z9RU{V3x2jK8+$POrD&)^-U`6*xjr-)N z5{+wdkagP;SPu%i-(kZpAnDXoJm~E8*#2o*+NBKWI8Xa`<{|l9h&%NaQxz#nj zr8vY_E!w~QBK(4-dHp8>IcEX3JL9#kY_k6jk1P4VqmzT~{-1{_Tb^^ao9U(l;pw^~ zen_L9Q@*yM8GL$b7yFW#wqxi?p5VGe5eHKaW0dQ4+8n7FY{bGrX6S;B-Tm#-; zJ-2*!xfAMa(NOidOFQ(beDK-Ou2nq{x@9t{?q8B`~K5|ls#(z&LlhvFoH(`W7kOxy>-&A z2fc!%>p@Tb_xLdkq5t`_vuARfrYwnk82<=9^-|Rst5OxE4hry;3ElL|VD;VQ6Zj54P$6}Wn}u1z=n?*rRnbE$VZ!l`gmUzu zcb@)rdj4Dh;RqoWLeUG(w9gu>!~!`-@EGSPVy5qAQBA;`6E0zbQ^vEZ>YbcZVP3kL zr8f?*@Z(D_)%VB`M(XvP0~bkN=Z@E~PxtK8bOHskPUPQ*nrozf4`E98l{ z%LOkrZk;~9SC#{7Pz@6yA!1T5PwhAqy0))MY z5Yk!1INn(wo7Vr+gUbECqobq4ZvX!vWe?7Xl*l6il7X3cxS3-FlY|CZXU4?4);Ye; z9=uaJQY5hse1n){5P({T#u-kd*%R$;mvn(Ts8D!LBH!7ANNp@Bi{MeLugpTbKL6Ka z7v4s}5?G{LDwH5b4grnOb=>C{mlu+8boStsg&~XJ*V7B|DHo1AqjI4CZ_sz#$)9|n z|DQgX&j#v$=})nU205S!@s!0or2z_O-xW8pv+qvGwX^TaFn0F;pR)(Q5>8nn;N|ld z!f|8Hen(F_F7=TNOg+wicie^Wn2&>RNMKag|M`n&&tJcAL;nu@Sik-c4o*(0`JabR zPY$~E{}9F5OAlE=>MVy-Wdl3T`|69|9?hkU#dt87Q8`a0I@Vj*qYSEU_s8&>L}Z3O zco<1e0{SQV>B%qfSQxViBbgq-&}pdoHLH*&qyURj$B*kcdwU>*|Kszq<6K=`O^BE~ z-+|Iv`WOTd--iNDeIdytKu9sqQ(pSo)EA{qmdC;puq0L%aQZ0SR;+?w8M#7Dqxv$E zocW2TWS--^%eELWVN43iNi2XsM(Ve_liJ5PV9QX^lSK;VKeC}3Xrgu7>T3`QuavK&a=_PQw{TZH);kQ8-Q?@*ZL2{_tN$vj2pVz_YWL0&HB# z(xtHP!j$FSvGU$cQ%XZoKeQYihtuAJB1X7cv*4%7KXAY6I+ zpvY+=Bn!{2EAvOaOT97(D#F3yP-#)JVAKc6mwI#zOk1;EopKiH!CZOV7gsQ4fsfp9 zzJ8VNzkoSkJtG~^hvg(7tjlxUR-CILhU=20S3GbQIrGY5fg zP+(3osM8|BOrKL01nfo+QZbzy3JvZ;PuWzPZva*mW|Q@Jp^D98B(wdE`Y zUH`hF6~J>89;dOM^UV#PTWpFIoKMi-zQ9hc+BDP{UFoB1g+p#vO#~s%*cZZE#6)=jEATUQcwxpG6Xb*|B z!szAn4U=aa1x9kUD~*v7>~9yyIrXt6nLa__91o_9r-tj>%x*n@z5_O>TeT2y{?oJ5JVu*)*{HE3O6J4+Gv-5jvJ1}aUFx~jSUFn7JbjUbhp`j`dr&N9 zem^}i)wjHNoCEeb)DFy)zsjOk|wip#oOt;0!(&$~` z_;uTcSMPt@h*9xyb!#E;9H%rwxS3OLuF*5*+!^ytSW0+v^pgO6P?mKOqc(h$pJQxK zBa2a?trnCk7G$hY+!mw4DSM^Z@k5PfUcsm+Dr~Ew?9MhVF1&wj;&D^9l_bfeh-aV= z9=D{{Zbgx*#|vj1dt)n5d)bl5-WW#1;qVFc?CHne7!HQR;b&{zi7lyEv85iGoO;Mj zCqjGnNT?cr?Kx9RpLFbX`{)e>$h586K)bmP)$lf+Sg5fcQ+Q{bg(&Bkh+HLDAQr4! zP(z;_=UE_;N7}m`ES~^@e?5EsN;{6twpYaH(J8fZz--6#^i=l9c6%IiwxGUJ*K-A; zvJWT&%yFUJ>t<)`GZe7DA2GSVpAGTKwz$gmk!02Z(9}`E zZwO`AQV6l3Q#!a64_vyWw)VsgBu5;CM0GnbKE{FjaMgrP)j$zu7-8yJt{^?3^4mgN%n3*TAJ}qd_X#d^1GvUzHr4Qc-uL4(@V*=5Vuv<_FJ^E4coJ}-=2+f8u{C?k*3jNz}(>@7e8e#wMSDP?u z6~bu7XhR62A#`C;xT?jdRiK~_qgH`}?f5ADUabFe!wbvwV`|99<-XZ zI*b~oZaa($Q}+q3ey3qb{iR^hz%&j?+&A}XR@Yh`Mh#Qf7NeD^+iuqEzh?_iX?BoF4a&qh7*39b%C|4lc9bs8|T-PcAi)?;KEda7X!M!jBdo$R$aiq-r-5-VmS zeu#IM1Gpjo_h@)@RL%cAKI-oOdXTaQ=Y|8ayVi?IYE;042=swXr>UzUiG}1yLU{j^ zwg#X%cdg<`F&<|YVIP;P4w6CY4AVJC))Q!xoHBo5Zts)G8~{qUf7(GUAQ3tViRHOR zdXF98hYUnaV+?47!bCF(Oz{Q;Rh7Wgj_EuQs*&NS!#VPXL4XSkwAaN#D|HV`mYBYS z06nSmiUKwhKqDYo43%+{>P0}%XciRW?5^Yd%s7Op=bndV6T~8zvl|6DbyrT2$b{n) z;5bFD-mrwjdqv=!{B~{Uq)$J}vp8@+3^2+*&a*ghpAH@yFJu;L@9VJ^9JTql^q3mP z@Wf7mO?uPEcT@k9$bRc-i6ZnQ`UZP_pjXi*Ba?Y#6ROO^b~r_Vk)%9}T31j?JIGP1 z@ACY)PHKE_`-YzbcC#yQd)yb<`Mtu)=1aMZQ4AhKAD)#EQ%jHNjD|;7g=3Ick4>b( z*MU9(H|mETdV%e-9K$jh?7}K`656Bzv(EBxzusNvJ8B||PR2aQRHTkMlz5l)F|$!i zA@iz+Mh1&2mF(iN9H;)wWPu66Z~=m;F)nq)L#YIrl2cVv6fTp`VsJ|W8jvhnU_`ZQ zXH%PuOKQfd$AnZWX-&!#$?U%xdyM>yC*+(7EDTeLJeEj^5Ph4TYN(V3ue@w6(g=`v z^TIHujGITQFFpHrwkB2xx)IehEKHOhz#X#fD!)cGjCv~$)nm2MLuHMd z8P4Z-vjWN0qH1S6pGwshG)eZto(1`aPP25SD_!YISK5~U9{>RV|8ykCTL3Nr0BaRB AKmY&$ diff --git a/released/assets/rancher-logging/rancher-logging-crd-3.6.000.tgz b/released/assets/rancher-logging/rancher-logging-crd-3.6.000.tgz deleted file mode 100644 index c4b2b3d0ead4caf735e6e153ac9556cacf05e99c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 21426 zcma&NW00g<6eZeayQ<5!ZFkwWtuEVEmTlX1mt9>(mu=g6)%V_+m^U%=;+-ESzuaF& zM#jnW?Y+)kYvD&gqJH~3J}JLZ8;C117>UcUNxO5h8ZxUg7%Q<_Xex2C$*HQc$*BFb zG_WytS5~m)6*u{5{q3xCIbn@$mZS9WgBoMQdnqa^Su=DWs`EMFe3P9!yY9!$lV@tG zNbX1_RjYs>h~L8c%F?HIAVEbt{0>Qlvq_heQ=B-CG|5d!e!g~K`+-A~p`o)*`N{Gs ztIEMKZ`E^x#@4~txUW!qxSW`nINr>-wAJNt|F{WF+3fatzZpcR$yww1{5Tk_ARnCI zS%1x22q`CLPk80ZT0;j`hO{U(P&{H+6H!nUYSZSWEn~#VW_qp!HCc)myf4NuH@RzK zt)N1*1zbj2Zgt?}vkIU$@ofv=tB==5ipbp7jj&swe~=FsKzoPP=U zTYqp@2x4op+d|Jc_^6=1yYLeA+5hOAg-g`Aq$XWGklA*t7;eQTW37z`oPTt0G_@Bu z-{xa{&%69Ur?Wk;$+Wm_nIrFJvOb#&X#w2q3a&z=hpYT9Nokg(Q}44^4|KiT(fx6KBh(g>{=n~&YBG0y zw+_n9LE!gpD>B2(Z;gsl@jm79ke31vwf!X0_JktY@ag{O@4~>=3ZEQ_El9gJB% z=ly7CR)|tWVqz&l{&!xJL4HydStb+#w5r`=>xN6^6eEp$#bOW?h^3S}q{`#QSazRL zEs(jmP?AAn0^C|?Ep6eRfCy}JT}(R9Vi=+O>LM-sI2})zW%Qu0z!EN~DSTp|Vn{;3 z4xe!!`yIS#sF{>IOag<2d1=0AxrKTpuqKMCKg0N%Ty~BD>&PEOS#-oTZe8gr@OooO zY{Lh!$-?zH!c6E??v}3fodU~LE=oyF#%X0lG@)|0zMn1pQB%JwOtz` z+^jIHt|m%p?VieQiSH1RmpyyvZMUgkZkX-o2o6)D#6;w!?ph)XW5vA~m67s8F(gxu z6P_EPc@(?~1iAvq$HrT`^Xd6fJfY(d@F>3XWq^?S73N6>?hZitQkJF>N~>Rv=awQ7 zLs6hLM?KS8Ta_<%>ZH(MUgdrqzMD%sHC#4ca!OO-Vx1Oe1PoMnU<<90mH9QKV=g{Q zVN4>iAvfs|)djFs7K4i~Q-Sp%E(O>vIm9TuLJjP6S)m>&E$TkVrzkGa9cp|p-`JZ> zgM`$K6R#Q`tHpYY4kj`Ht1|N+mlD%XPF%I0WFG2FT8N>OGz{ls+?iCi$_;2|d@LO1 zoQkAf$$p+_Lxa%v7XfGvqqfn9g4`i?=nC=2t!*K?7GhxZV=_&X{X7yntAj!AKytJr zSM+f~hw9j>jTu4EU;Oxi&;H&~OwdeA=l@&)%eaCwfR1_YjZ)%5W?(JD$xbO&;SdMV zrkNSyvOy*Ra2Rh-W%<2kHZB!$tbDo6-qlB^EYn8)|UGpxC3Q2JEH0i+u1ShsN^Si#97?5`W- z&^Hw)+A zQXH;G%6K%Ej25z;_Rz7ND_;^KITgVqN$+8vm{7vFHf~Z#8U~0W2?I$Y89_5l&ofb$ zy+W2C4I@eWmw9s81Y8fn0k?9`VkNoTjX|B%GX1`qh$hp6sC|}mmEzJreQ?M=4Y)ax z8x-on8$w)uw7vqjhCV44=oO5x1XNox0Fq+zeCSskKuo*d)%>H^{1ha&y?(OZm3fLI zxXNM)_mv&EVv;{_6Zc0)m>!Mvy#8S4y@Xk}qnpSC5f6b3)>QpDdQ*Tm#;O7;Oi5j% zh=>A~o0|u1Dz5+ff&zjUy(6HI>@L1gl zfGg93RY|s>-ztb{IX#}nO3e43G+F6C!}7ro(spQ70>aVC z{N`RQC_0sQ-H&!OsOiuXKTRLkJ=KR)>91*uDoXN%Cp^`&^BsvQ$|x7(h;J?-ZL_7d z1<}SpDIDa3&0z7UA$)0@rr563`=7KYSYDZIa=fB`43pYXkS{z7*7HD+{FX3IvyU7R z;}Cf1B$^7$+2J#*9d3Y%`KW|r9d z>U61$Qg#CCr$;ErHGzuqKfy=9$)*2zSa*HM(NST4wWSp4R(_GWuJP5oSI>JfVo$vo zmeV=E#3`QlJ%eJ_2Ab9Syk7W?UgP`p(fG0ZSYuQBv1`s#7L-#7Y)rqox;bSj z@GzyVLJ*qwNORN(U$~YxC>bk84&AxH?^q5;%_{F)-S1$2~b>$l@eWz9k7ZKhKXo)e;vg>p+M!$Jc=Y^!fGc z`-u4LmF#POXe>#v16weM1iCzRmKJ)Y77V631_p9y!3tUhKPSL1WQ(hal3o(svezp~+i)i1 zbUc9ok>YTcr@=XWf+;M4xxSvvfCdg}wCI;DI#)WurnQ24%S? z?@Z|wTl2NFv8s&5dAtPAL@**)Z_VZmPk?|0R9jy;*}dM9pz&r15+~zk@xaaRaNv3~ zqB-Jad!aY?rWVTNg@a$r* zd*>2)76h7yrd@Q#R+Sbj&wV*78e049TcWmE2vSoGnl)IOHknh4$~9RCtSHoc%AD=r zI2jER8qbrKqhoeH%eAW;^E}QeNsq-4&p1iFYblO~ReR~|FAL*h2CR?KGqgYvlH2Z< zmoAJDIr!8zyK+*ZoM34y(5GtQfoRzqZv*o+$L+s+^7sI#FHC9a(LG^@@cbRuQrU;y z5762IDo{|HVng7!P74VycbP->B^iI%1Sf{9S>nWoM8A5F*zC`W|Dq0)7*2JH{BN>I z7%JRd8a0?@B*PVpJ~)--nrzH#b8BdctGW<5qVRXeYB%0ERf@>peQqnFe=~H=){Tm? zGsd)*C|s>u$*mJru|}O%2&U3k=v)YbvM#0YXOX1SAP>cT&W~~!8S_bAHEz2Fr@!%=d`Dp=e$g@rWW+lM2+ZS(KaOmDH}2xD7#rCFT%b z{Jxdc5EjXeq9I&-VQJ5c`&%X9mNjD;kwIqQpf(yx*LBj1%aq?}$Mj;SiKOU&>D4G@lhwRw;-UqG$p*szzj+Ie@_E zy!I?LQOg5v%T3?mIB20U#OXJqv`NYCJ#xq`l?Z=l&Q@gKe)<{(-J<AGZEhjJ|i zxSN(XF{Xi6@;lq)XnJypl=oWIis?jcV{L22dS)R`C?=$k zBnG<fg<_tE8A3 zthVPG2iY+T6dIv^h@f(iwW+0xHq8nv3DoV(rkSMWX z@5M_5sPE+&W2)2u!j)A0=9UBU9V0o>o(RlB(uc#+tSdtV6GnRumE-?K?7PU8?!iM|v zgu)qPRntaro$6q9jPA#BFd3slFRnoVNA)nEKOT3>DfO4tu7!iV6LV>M=c3a1)` zSR5MmEW0%-&9aVzQASVcXhjBgzMrYc{#lLZ$#;T=>XSX{f(OW(#qHX6(B>u>j}CHb zhV_+$Y*~abSxzsea#_;0BR$`0ku+4B{wEecL;vq{!d1BDM-@;}q^9AK?)U#zjQ&!nj| z;zFmB1~O5FJZ^6U)a}E; za-v$N)lerKme^pf_UcKQjgIJY-)Sr-q2ISP`GM;_DZM+C87iQif4RFf=mG5DSz99LCXWSU56HvI(TW*YDu$C0dwLI{Uw-+ME;1qJPDOrMWMXDX)7I2gu z+lB?{65E#b>KOAjJ>UCcU`T#hnoKZHiXzvT1oo8ybMjDa=-3TMoJ`KH}M| znqfSN(J(Ru68U1`rG!-o7YV@i47R!mU9BnvzN{t%MW1oG~xQ8N$!s}^~DnO#Q5E5y+@|sD#KVl*MJQUK6dd-E{TOjvi@%Xk$ z7bW`33Fc>0Hi`Oc%GQdexhOuE=psKKf_lqTD_LjMwB|1sEvV8=6~KE=WB)=EiFUQR z1n0~UR$+spl}oGkhn6({z`FK!CcX|pa1AZmDOz`k7-1js;u6<~3c zW=4i$I>A+9muvkhUxMde17o*IaOwO{VocfZGpXXDhQ6eXH6FU(fE6#?d> z*9y^WQDv$)9l?3?@I&(NhMdr%Hmp;_z18X{&W2$3^Tz1$yXj=8eSu*}9EEVKx_Bwc zZ(fp5p2k<6jRZ<0pk3sIGEg2dN%4RnzsFR&N62u>mnMBC(fJb*QbPhbBDjNJ$YbV0 zWXC`x^2YJvfqFb};JVjp>?;y!1qiNdtSU&Ndi*ahGm9}@K6m#eGFaa4N2g+cL&JC- zr{`Fwm9ATlJKzeeOyo*U-PHEJj35hpM|6Wu8Eoyd(@8FnR=G*UwrQ$prwbjfK(nbV z-;A&n12v@N%Jd;lE*z0gA0##*>wy^a3qc=;(zSU+TV@CITb zw;hWuCT@pq9cw9y+dTCK#Ze+v|1Ga6GT#S1@DBZiJ-&?`#oMEO)!Hje1}>UC|2>yA z^!iGauf5|p6>XB|#R@HMK2nME&z~ofwjdAGuh-pQAbp^+VK;1gsg0x-ce^ybe?TKa z=#=2}0X8dX<1lXn8`LX+@!uqo!2;f=PXPOO8ecLpBao(-VW6!1baz_l#8s{>q-7^T zghdW6$Q!FY8@R#!PK=$*htNvxt|iDHG7Y)bV*V(8hIk{dFO4vChtmfQTW7gCi85;9 z;Ba|}h&hkoN0U?uVSO?O7osB1KI=yxGSw8H#b89AJ4uJ?R6AJzw8lc`KF@^`$UTTf z+hlGcBz68D5|KK$2@6Wjfc>Z}I}o-JM5^K)4A7A(k`l4{YGD@#94ipr`|wmf)72w$ zoPb|S>Hb4=X6Ib#Q{jKcGb~jmPR;gX0}zY8 z%!;UIA!6LpsuH^%{SW#ZU}pB#IW$LhdS-WQwE1oa5Jx;fAKM&`>q zzRs|YfDjr>ML4Y`gHd%$OveR^-RkNk#*-XZv{T3PFFuooIZ;mpFM$r^fj)+DpZ|9W z4e*M>o08JqFnl&_y5f>nz5&7)!bpcXY3S7OmH5ysuS$Chz+<}V#bYT>{MA;iU})sV)b%#n~N>D7tAPDj$>Khb~!}) z9A+0iBq*6>4Pps6{md|jv8P-czNKJ?kfE`ZW$h6|9SACL@(PERZMYWG7@JRIh)hcwcgsQl~;{1V_+ToH={^*A|Rv`J7z*R2Tt zJ|HRg4j__P43saLF(Z zAU1f$J^yaqAFxZ$;yqQsKDq?7%v(qrxbc+r?e_l^n1JwpEb)rTHFXj5bq;Dl^AcXr zG;Cxtrj~zi&+NA*-y)@i+p zWf;-x4;)a&*YFrR!tIl3b)9NGmd!4Vgl%Sf|j|yZQQkzRHly=(b&$$JSR> zaw5BmO%W(B`^ZY|O`ADQZC#P{Y{FL+ObW-pF!&SP{Qu=T=sj;duDoSS+1c4 zANEEWl*+1|s$v4>e#{Us%lF*6Z&6_8G~yX7STNJ-et$z>psiGVAt0<-H?jfdvsu_0 zyXjm=T}ltk6hfAag~F&QRkSyLoz$p@Mj0V@7^i^l-;_LHP_%ROpcfgd->xekpzNO~YyF`No~6x& zL|Sr^&PE){hevhEP@$I)qAg=6QDO0e!&!q=7f8IBya;s#Os|(ri+^T??SYz=ii4N2 zN^Y#1skqG1JI2Vq#~YIi9;X!k<>|i4LX5>KJy%+6d%j-$IQGtcdbuoNhMUm`>bt`* zGTD=4=Rn1>r2HHeftEa%RUAuf{etM9Ect#lMaBj^Ua#Gmy)_bFfZzPWBd0i9(^LzV z`9z0_@o&$s+7mRhupz!6AwpWR>&3LhMSm_1qS2VYgIgsOqP{^mo!gunW{QT0Sk!J? z54sAoPk*klxqwk$hnNu3VtBh5tBitiK58x}>dCZ{Fq56hX3E1egy(ryPp)Lu zE7h{A7+>U^lIhRjzH>dzCRRpCT8bPNSIGLiyETLRG)G=2D`U=3*}g^H=8O8yVMQ7iH7%LJd70a?e}aOhf0bUSpS_2T_A)=j z4Mb$~|8fKE3Hq-e@x#njF6sq^aV8=B9)?Kt%jHZuKQA)&IT?P=(HOkvSrnfJCB(B@ z$(K!nvCws-PZ0jBANCD?3szjU44#UI&76@1phqH9a^Fu32_CTzc7J%Y4(O@* zo`KK3KN)jTP>r#cTG6Rdlc_Eim1kpqH9_Ex%=&BO(3QOkEBETFvY8~3wKq;m9vcr7 zyw|?QFQ5CdkIuF>&ga*YP;`1d-v5o^|K;}l{(Dglkb!xC9;Aw0p1mf0aq8rt2dS;2 zr>8d)@?KZqxx&!O9N2Z^bc_C;IBLf2a5;Kkr6Rc@)E(>_K#G#ASObq@Uy3*@f17&` z>+Xv)e-Aw{C)434^4kq;?4fqkm0eDc$9uv08(8!6r6+Sor{B9}tPmg@a+vb2e058w z<$v(tVolh3zSC!<<)=CoR+gUY)_?R`e>HtN6i;kE@V}3Nn+@2YuU_B3`TZrpPkcL0 z;6-YscXJGh_o|+X7B2v#`|Y~~?TNT@^*{6TNR`!8Ta6b4nQUFDKA$dXe1E;kSLbb% z@I{3OL+Cw5%4KJQx`gDV49!*zr8zogZf?bEq(o*QZN>^U-Ai>9q3*ZFq7XB?vWy8+ zYsqk+2%uJOO$O^wH-RhH9pw|XtI7bRs?3D?&1tBRd4x@w2fAUJT<78C}FhNj5p&SMzXIzx-{>(dSjUskP>=zh;u{yox)If>-m&aZw zw4GT3HlRYv;NF|Dv^yQL_n|%%C^n<7xwbLKpWj*Kf6iH5vBn zjB2@hNjmvjbUq*&2woDd-0?lIeD$)P?5uJ;TP3mNyqO-y)?nHDY_I0^mt}ou8coR_ zR4z;z%ACyK>ICeIt#S+qZ4%rH;1WU{gQA43Q^YHC;VR026q_ae87>mrl;*c{$y*zc z%Ckv=3iH~DgP0WV$z1iyf=CMg7@62Y!QKolp*3cMG124NYbe@$QPCKWs;d0$6yc;V z17X}sRsPT?Lu;P(>~e7-Wbk}Brx$-Ng*2ddA4MpM0y8J@%FnO0uO zWY4AhP9&tchB3v)X3Dh-iO|33zqZyPb_68WJxu9~Fz5h}{ah~%Se*VO5SwIs0Yx~c$t ztHK>*>z^_l!-i44qlVgVXLExs%8t5rqjZJ?lWJy)U|Y&bWXm>q^v`4kvZ~gz=;Sh; z62mz~JH{>vl?NogvBE0k2%kkbJQ7rL-yhVQ$Z?+sMR6-WNQ|PD{S_tNfxE^*^P^kd zNJnYvAdN-{pp0O9i#50ph1qfl*#a<(M(x-TO5vv0+x&Olls;zQOujuaEG(woPNe(@}(w&$u#^YdD=?*RRAXr3|~~gfDo!w zLjUtqIaoIimy%-nrG^Jaw`;I*Uq^>&15&)C7#^DN$0qr!d4{{+O6%w8m|K-K$GpK; zJL*clzD>%`e6IObajNSS$8N_d{nt-}UE7M*|5uWFOhboR`u6{erH zY@q*%`F~=mrCfREIDjwXWG3b>>zpj>2?1ECW`GuDC^FS|>#8|A?n7Z90n2 ziHnZM+Q=&19Sun}xj*Bd9JtFK?8HeBStFK~V-0pg8T5v?x$=M+7Bu7~Lw3 zKbz+HhzE?|c5fRYf+v4$$;(ph1Qy!C>k&{IUzt2ZM%I_ex#P*8wgmO!nN@nb-ORP9 zZXgnVwdn9ebBv?}JWlz$p0-~P*-P&6^*Y@?pilYvz`fe;@gIeso=6FN&wZP^d6fNe ze0Zrr+px{2cpjSwp7A8KIY(N4Eeuhyx9gM|T!;F@OSeAxes*KbwV-fPe-+`cz*N(4W`Yw!RPbhk zWQ!kJg`g_D0s$y=NEP`JD{QDSPUHi3Ajv3BosbsHQLSwXe4@WRPPE-m?sFUVtEZGH z9SVaOnxt4?in1cjkG=kvDezDsQ-(-iwKR1LChrbpOK{1ZXspnfX=$gWp z;I_-tJ47NFJJ4Msk6C;Hc=^o202buc7z)y0vWl3eczqEkjas5I7WKILB6vLna%I#R zupQ{aL`1LsL?&jnm>v0s+d(PRqgLsrcy&uaUV%Dv`ZG#sBMZ+x^qvV{kJ2S%tYYR> zQKko@acJm9isz9C!EKU0ZGQJpUCKX1y*pTX@l9c$BTz*eD77I{jbsEciI%kSY4nzu+Jux)o;HIC>U~tm)LA63yvLPGCi# zWi-di5h*ZC<%5Nl!m>%JL1{y(%984b%FC{jIz^35I4@F_Rf&YqC5fw}0yzpslxBH~ zr!@O_aT->X9TkxtQkeJ@Z3l`r_@kTrO(3f$@w@|zdSl01`2{gG{fYj(?cbGNRK*qJ zP*C?!^X2S`$RtIs#dk-Dk*sh8OSlvcMLBA6*a7Ohqb%_PfkoC4QcLp4pvME&IeFux z4}NIR@8(L09Ru)mIyd|(qf$5@q&2AG@(=NmSK($hfVr*HRxm={=Z@N2qjc!h0@%G$ ze+{1$7FvRe2pVSw+nHIFzF$7|3w==QCS@TS_%uSiayzNW1EWT* zJ%Y&i_b3!n+5?GXbcSOn=s5%o6y@6XNI4sLYR#?UVUgj~dYOLLt1^}Vs`oU80lT!_ z9VVnjbmnK>fC8~(0oeiUsqXwSLi8D+=${4zG}*%S8b#daH+$C2b}&yM1qUku?H zAt~A$T}g(cs>!Le4JH0|ZajFp_n*USfxeH105cG?SPiG1t>YRc;*Zzkk3= zjX?X{HOBPLbc0CALzm~Q*eK$Uu`1J=8Qw1@#lGhFb_Le60_l+a=nGf#d$A8bZ?I60 z&?&plc|7@1$V%C(le1eZH?B7BV6qGyjYOLLC7)VhL?+8=?LrYvJ`g%3q(x#TMQiYM zeN-UACh>q(I<#^fmghueA3DR`9(rP87X`l2(ywq1`t2mtL)aIv&ZIzDi!-m^ymx(AVoiiWFJat zV?>S}#=0}Qz~kj+3^eQ7^uqQiid#^#K6OjgZAo{O`p&jw`q;MfAj~B+j-m&^k&W-K zig1e7*=wlendB|&cY@d5v%fYRqi}3>kL#U@5U$qUvwI*4?LgPC(sx~~nGtm4-3y(> zg=hXc8REIlzy;kpB-@MUU+rO*cuNptkM5s**w#f-Fandi#AxG3?`5!fx7D!jBa zz&bzB%!8erc?x8`!^)fSd*M4j#2MsI;{EjFdi_?~P%xPdXcfr9b#|Fw=Jn(9grq$= z%So8L@Rkma4dJRejv`+#l|~*W_`k93B4GOZ%~yOQI;98F8(b^sg8YDo#|Zu%i|Ro4A}stN zcUkO-HE|!^pR!eAQ4xFRwN)XRLGE?LAD&)D2-(p7!6o-TvB)Eo8qLUfovX!toXBFC z%GW`q@=3>G?8H}Cc|d|g#Ns|DzL==A$CElAy@v6HR*@(Z$2E9*{UAQGQRc?84H! zjA+Z=zD8Rr@x4IUQ(=q-#acvEV3EG03dLq(cNI_OE_==BC%i4Gy zz4qx_QGi0{A8yrFX21s{jS2No3^PIwq~i*7qd~ySJ3&YK_2B32+41Ln_p3@{EcEwT z5<{o3*lLzVxA$KcFLu{Bws*w$7@PHgKQx%^xjw&e-^=rCKOUnyO|+WSbu8+^_Njw7 z2Fn-Z&TY?u6TdO@g-*lz-mQui96am&X&2?IjgjSo*?B6fI`zD9wNuN5&wpCgt@UaJRLH z9w25XFioB3-~8l)6NC$i7X?abBqF6<6rgH}Vh@|6hXc!yGvf4xXbO;+Zypxl*(d^~ z>84J;)IOS#Uh}&&0CQD}ds6~=?l!3a-CyQ_U6i9%Z+ylt>8}MFOm5Q~^31N~n&Vw) z%X69-coQU(mbM;jXZ6EjFg6!aogNFd+AJ(kpMu$|(Jl)h3IY2;GhLz3ILnxf*-e7o-Z*iy+=u^^7xu32m!EoV-{iAca3!1kj)$r@TALc{g*LUMo-=tgdv+oPrMD_eN4%aZPuT8FkdVzO2IH>_>Vwi0{LTOmcZAZE%WwBLMgpC` zAm)E7(2I4xVaU^eHZluzz9GufcTcCv)AN7bF~eXw*;lnR#enmE0T&gDi3BOgllxYX z$1C2ID=r%ug6H`aV8p`uijp1I83vUO*;a`sOdr}Y1XUu$@Dg1b!I@Oxw3vWJK&aE1 zW^^a@^{f|0bL= z^&bGzB91i8&C}VZD8^Eptp39ioOLFJQ7vBLL-mF9E){wIBhV)VAThnT`jNxZ!~3!e zj7Kw*X)dmr*Kz?{GBmXFa4G7iSF^;$SC?bCd#H%`gC|35}NaKaWL|_CbI^?4jYVF-nb{ZqOslYWHJoi{7C)pb( zHr*Ev%8bj2fj_c)wVg~xs}I2EJvXwuyX--pKXje5<)=g3Hdp#}z}}9jdz*oj@&KoM z`w9bcvAY}UhYi9$wAlTHG9J6{sUD$j2Ex}7nt$@{!K4@ zvXYvcEJQ7*K zAu~gGj!fb6;FzlZF}txxUl;hR79x(H_56RKl#SiJbcXCFUI%ZEc-z@Kd#^2@qK6m_ zlSE-cU~Bw1KPtR(Hz0Aow-TJUG%@|XJrrG8&Z7cKRtuMFJ<4PK99|6m2Zo&USitOJ zut8~qSstCd*(S)znb{XE*?ui;h=E0Me$WS*UxxULP9Bs8zCg@hxN-qBzbs^~VD_2m zyr;(m*Wh^zmjq(iqz{DR#_7>@cAJE1^Kfddq}GU-kXXm zXaWW295xm!9KA!fZm4V7DJ7F)`leM(wJxz#r02jwU3c3v^}3H?bl<4d`2E?WIjC3N zhZl*TtIn@VqfP6(;&$i2J?Rfhy?2!!13RrA7+sIhDczWr8QoiGb(~A5dtBhn^|^;) zz}aBT^&P)qEz#uq!@>RhiUm(8^a_KlV&?i!fSBtGfvn<9_ptTH&h)46^Ot1RXFc2sqVAA5T?$i@+X zy?rODTC8XPL~Ze$ZDYTxmqIlfo=5oSy8J>im+d^1&mRe!ANawO1Ez_Uy_I571Yzg(w?QuA+8H!>s1m-SL`1)ds{1m*Dhz}QO zRonviU}5Ltlv(=K!}dzhT=kiP0ChE1Fue@}xQOwAzdP<@zNow5%^p}zoOP+ikbvwps-9RpT+HS@* zS?qk9?iTX`O3x?$H2xZJ&XF01uQ6r-y#Mdn?en6; zu{$j5fKH_Ff9AJ1X`M%VPz_4OddiV@-sPv~3IgUAd?%xKBBT z(PI}^X->>Z;VK?<=!S5~q)wN2hXaEYbUa}iZjL{x8eT_xu}Gm$9L<|)7+vfaf{Ejj zDCnd;wn9##ZxUWNxJoNWJ-+HpEB08BleZ?>WY5u2BCO3JHnDFxIB>$7`Rti_Y9}Sr z_7U1}R24|?mh7ClHRQJ9tnh%f-}PG2gVU5(%!?HrA%H;D_6uVD#t}gz)2#2&8#l*b z?=T^!IoGMA==;iqetsLq$xh`FDvk zML8SYUmhPj3kf?1NC%&V|EnofZE<$q1Id2TK-qqI5{ZhsHS3gA76RC%I%{B zuQ-#7kXs&hF4g0#kl_Tq)L(2;FQ$ zZ4*R3onLmm?xg7^uuzu}d2yla;-dgt$y`TXlp!T9~>MgA*U1(5`1vmTgVm+gOg;wsY1)>lSk~c<)Ok8vKZI<#z z@*lfNf?LtWsV(wmJMrAzH)I+nnSZ0H2edSh4UB+;Y>YM_!Q^pVTfp0wrKDqo|36C! za1mJ%Y6#Pp()ty{RtDA1a_PHx1xEceUaVJKFcF-O77K=#NUtTJrJJ1mW=rXZ=_&{^ z7n4?DuWiJa#l^fpu232O_KRKzB2hC=`&TolXQ5()QGo8uF}4)pJpzkk@jbGuoQh~G zxk277{j%auE~}2e+(tHPI(VNq?Ts^`mXXZdB>KnvtVq-%7`w-*m%2yxg2%$N!>(6X z@rpClMbpIFmVnoNYH=(I3aKsimpfG(fACYKP1{1~KE0LlcMQQ&138kDvErRkg?>u6 z+w6$gP9tml(g2}b?Re4DkPCib&vo0&!~3tFg+}HYoo*q{kmhZ9S@@_6`PEv{Ja|Si zLt#dYFLwY=_=31Wyudm!{k8Rpj{@81+i_|KFg0=tOF}r@o<#|vjbSs`-${l+YtWQ% zZ43WM#_q+}#){(H)DRP*8ILjko4!;g62o6&(n2F?u4tTz#Vn^x3n9mAQ(I!Ky~xPT z{T+*=c=sAPT0r#SVRF}1#Jal&D_dWjNux>3PtI=bf^s(KqtYK}wWS-DeL-x>i2_)p zDU}KR(Oxs6oW>^nzt0&u5=Lhx{kVu$Fo*u3`+qNE+BlOBoKVA!^?zv!bHPMj{wDk#Jvh_2|~F4(pura~g|}xCQs%7l}ja@D3xBTI9CL<^=}B zwH6TJBE@#%Qag^lvx$0h$7!5O7bidI`5rV=2qf~|h%TLIM4g+4n`}Q>7lZ>ZRh!Fz zwTf`v0aj`G*sU|jAf~~|gTEIu_%~~tf_C-p2Dg&yiE*w5ZHs{Eil5n1{qg0uIb}sW zc}j+?Xd*C!0A-fIR60LGs~=g~7DoX2^%@5*D17~q+no0IF6A_1 zEtfBLhz|@z?gZxh_kXoohCVR=xm5ldSA16rXO3e2HLm!c)y*AkN}*)^m@t4jc9tp! zR2H#mm^POay?Zx2(}uq4%*lLHNis7(C(E!+pQJsQshi%89AOd$7plXx4kpobbnxJ} z9-GE4n?;unT&ag`KLXEKFwm__$d*~kh-^5QhtOh}f^A|WoAbLbnLJmrLMRbub%T2- ztzgt9_JVP+MJbl)*RUAnn4zx(@wmOec{Lz-Ve|>SdG@VpNo1+v z=lw=mS2?=Df%r%Bd2mC+31T1)wOb6cr|@^n{JW2&ZYd&hupvn3jTQb~2PAdWFF6S% z)-&oX#!cD33OENZN$5F7s+9Y2+uxQ=ajY63RRTpFcdrL$#E2ly{bi$JU4CCI6QNkP z`d6pP)v%+^o+3&)$RSxfr-nj6ogaS}ll5$?8dS;$4YW{lcVBW7a9F12dcrq^oqrbf(a zDZ2cE-uuVzpZ6rsA2~TW-}AiBoA>!Vk74qN1QVk+`~`RlI$9Oq4uPn>4ilz+>zG{5X_4p8ZV&>SVC^ z6;$iGyI83wu;-siesyQEad98R#q?s0D8tEsE#T62rNBOK{ zf#CH=-moPp6Sqy^wt!oeMscB|<)CkW>ek2*EfQJ>bb3nBN9c)5ygs=_dDU#yh|A{RqyVuPjVSGChAFk|RkQ3^d-& zwG9uVu6vQ%nWpM#@wD3n@8*rmrRNT8FL%qH$dvSs_0gGR2QiiDj>-3r^@&Sl2W3lW zT)a+YR6HJ2!Dyz?u*BD?q1B95roT!9Yn@Fz;{Yp~ zMI1YwK1g@Mc!hsO3Q8CJFI92bsh0!38Mx;(3VkuDI&5a5It(2BEZ%L?M~9%&*BWga zG{=E^bE_a>0QbTXf$;AWpDb8v_CNhnSNRq}%=e$B#K zHrfb)E4%;36dXqQS#WCqY9$qw{tU<>YO}Tm#j`*p@WzC8w)h;(gP@UWN^VqZtrJ>- z8{UW89PG_{5AIZ>WS@4g>dtYXjV_)myb4pH$q5naLPTuif|6g?zf^&=%--Vh27{p6 znsW}MP%_r2+v*S7EMpzMs0W-}QRSpQF#_AW81_f`mfqs0>4h5|F!*rDDyR<5A5zoS zq(@8N_1mBhk`6DA%@!$OyWb-p+Zmz~oc8E2CXUsfqQ+U|A%+Y!CD4B%Og?G9kXBta zE_O)va-3@g1%zY1lOWWuuP&8N#bsfOimd{>T*rd_a?{Sfa?}nyoxJj8i_osG5bl+w ze)~~7u-QtV2J=hD8zv}Gk^(5%W;ZU~JZ)gE(ek>DWe|RA27tKWZO`uPdix8KXYrdE z>0#?h@t7xBtU_6548Gq**!h1_tRE6uLB-0w2201Du4=R7*C1kn3!!8`J-qZE zIA5WRW_4mbC@Axia`8^s_o{O~6HnsCwS5^Sp+9qf-))r7 zErA!Jh2B>IRvOO1uA@=#LI;xM3e_ZwVQy|BMed&pVkZh#2tFFX zhjc_4N#~%pmfHR9kO!?HQT=qktVEb^LywASL=mK^q`r^Hov<9~g!-0OOzWb)y;6IE zzPXDUn~Ig&%dNUvQp^6INg-5V=S<}y6o>pW<3%Ea+yIJ8SJxrtS{)i6*TkWRf;=|izL_ZMb}iX6fE%}z3{>hrkU~%?gxqw+PK28Dd~x2X z7pE@E;>o6)Ka+3YdQSzhn9jUObCvXY@05X)MS%S&RYEFA=Ox+li&xc!>?*D#d)C+x zu7ImSydq^}4#8A*z!-}r*v9iuVlr*VzHyXWWJ;OZ^O1Lt@T7f^ikoiTjC~tc!+P2E zj0P@@6taKYTR!mwXURj6&wG&egpp3zhN9Ad3*p_KT^b;zdVf@xG;H3)m$RiXZoa_2 zr>1nev{j_ z2xyfxdp)NVP=G5nLD3VY3#kny?11BHv78Oo%a9?@%NE*e_15}1`-&Dnc8(R<)*ubB zAlky5-?ns<;xvb(x$Z0TN*SM&s62az?Mh7175?7GhM}j#FmD%G=W+7U6eq7S3xFOht^NXm5o5U6n9of6TD(7AlF5_~Fwl54qsSAZ~&y&`di z`C7?>+wf9v;AdM|xw1xw%OzwQC5luCfM<^<<9AX^PTOY|M1#QT<=5@(t1xNYt_pMP zGKFn%I9NBbU5LUA?=;lz3?BRK?V?k>G%YE4=E?jpNRCL zCEwg(Q{C*vs44ffHd<030pccJg$P_agz(BtE~XhqIW*ER24$Zu>~|#7n1#OShxVu8 zSQxU-B&(UM z!VW(y!VZaR18;N$EAIzJNW@8GpK7DwKw;snIgRytS80AQc!t`{XQ)T>C@KKOTIz_I@B&u`d2hL^rt36D6rQEMwkHa)4P6Z8)5uAe)VGC(J_IXG)Rv)&Y|dvxazzNna5kSUzsK znWe>3D5j83FYL{pwRr$I##V4M2EBPtyziD$kJRg?1(Z@={LInj-M60-?$wkDhb}~n z&`8N-ZNh&hh2XT#naUI)v{FC#{+9P*ooAI1HLPNSVt12EC}Vj^noesEDzIH9i994; zQ*XifgFBhN$LZPA(Fc>qPd1QHb;6{X7mTWCG#|rn!1kU-6f@<9QfvyacQmUT+670K zW%Tmq?1|$I{Tf!H%AzvyjDX{}u<$^$A5pDOT>kEks(ZpisL7Tlv;!Pv=5UU}v=qP{ zGL5D|I*OQ--hS|XG&D_-xrLrYSSnW)oMsD zJk&9YETWfmVT>Qd?lK}DXxdB(YpsJ0f^|*H5xTEL!{S5R9LQ;(ls@`r&V#$cjUFM$ zi)_*aYc4=9tT1c;KS}k4j;TxWA*BMvJmOlt|%`2JBpfMru z*PPB>`)m0v@<_j;X#6c+iduXX2gl(alEjiiB@Ebm!P;prrsgEabb>amz- zL{9{MQjm&pf^0;>MN>Gmk#`d7;#ERTxwbh+{V+~RX0E)}Kvnk?;Tbj3o8bdNh9$4v zKw@^GN)IPVxvdRq~u)zm!=8^-0B$zcqqhs65W z73$-%JWO+h?jFDW!ot+-mRa|EQewuxS8F&|vchB|V(Fi*^mpp)7L{92OqQte6KfqI z^XKorn*M5e7c*ZFPJ}smAr8TQDlfdRqj(Ne!eW4er>?{7A;f~G<(ge^oi2^s&%%c_ z+{A_>5DjrWE?V;qlsZ={l}%3E*4uhi*tasQ%jPve=Nj{rR*0z1NK%WdnjWjaM0qhE z<=e_XY~>%$$XWONi^C3#`H|#bR~H{m#8z&Z&gmuRx~n zKR@0{*lgeMCAgFt%%w}opHSgFcPYHCe_RTGuU)XH4^$j8^$_v`mL{vXGLag&GpZxhUG|Nlmz;C1ln_tW%$oXdW9 zPC`}Y(({I&BK7vJMVwVL6@{bO6OMn?satD%b^499O? z>v{kDaYpzHZc}QapgP;KC84|&Lr8M+Xxk82{g#V5u{^r+Zef8Wc6pM1)8$U@G;0*5W4DQb0?(XjH?(XjHjWf8rJA=#M?(Q7+o_)VKH*UmzI&Y^Q zYSqeK(a}-8sxm9{|HF@jLIL`xeNqBZ>x(JS8;VJ@O1X2e7%-{O8!57wYbbKC%BrZa zN~>B~=-U{%E6LmPh#6a11D$nhCa$yA)0Z87pu%2uSvRb=tsr~Mk36`V3>#9D#CC@w zn<7y#RzTAtZUN~zH?ux;+aek%F9o+GEVLPSIXT6PX{Cwn;YLI_z@21_FGPedIF|!1 z|5TSV%3hjJ=1zdHeKo!gFZ0jM_4TZePIu?qx6xndd|hqN+t1^wd>>bP2P+kshtoMI zY`0FAp(@yboOP*-Qzr*qC^^ES{1EYcU0qaRakzbl`-Y++JGZgDM^cLZ6j;F0AU}0s zO_jQ`zniv~sS?be=q@5NxVC)K4%!#|N1@WoMt_fnco2A{e&;1Oz5qds&H}hs2*)}x^=ZO8|WbD>f+bw5-%#dGm)pH9jOG}ZZ zeB7O_?k@M`-CN8UYo8D&A&Q_cuN%-m%AUm3M~yXkj1!VN79f5njBDcdlE1xv?#I^X zyxVnr=5~8L+>l;;4*OM{o}L!|5WZ2ItC_6~X za;Nsu@1cHgQ&Xtk22eOrat+>js&bFt$Gdi@hoVCu6mT5B#hU%y3M6=4=FL5pigng*QF zXcFtdS!|Ygd#ND%?g6H89)g?z>91A|@S=nes2K==`7b=VNr4}|nAjAP)2^h0&YjrV!WcsuSbn?YVosrnHT=gw%is_=ECJ=Z^fs0No(U#m-OAUrokxBwT zn)zY1<3)NCHYR%#Xhln@<0g6~`UYC__Di@<*fl8tCD#&Mh&NeIQDy@74G3$*nMkOq z4)d%V{)i-NK=w%r%8IN^Ra6x-av!u$-UXq`LErYTNbyr=uovTO;tYg2v%~HbbNZSE zNh%341In+WXr6xbJ$d@ICp0IA!V|wro;E_(z&b+38`a~3vp^)Z0NH?lny263-gC8F zn4n)T(l2gh%4=?2DgO~UA|$DQ^wZt!Q@z_a-6;{6V!)1#$V)l0#S|xue=;Z|5<*}| zqMs+fHAi(TcoOmV0+&rnxAzs+^&xveA;RaDqw!*elmHSJOokW^NB&TdV-ifO-Aosd zCl>iGM`eY5tGT+URO8uBtIoJ3@IL)In|5UK$NZ0Dni41TqBI+LxV9@>NQ<-ruqg{u z^<^r37O@qHMZ1szxV4%zTwJ{}bP!=J_;&3+Uf~0B*r4|k#Y|~+=UF~&F+h9j7mZTq zXf_iPVgpgUMr^V^%M&h)a38eBG)Q`CObZQV^KO=DlqYoszIM{UcW;A%?D9o^aA(5{ z@mR+kOw9(K+e}Al_!f{zl*SlJ2VHo`BSM$X5Fet}Ucw782Ko>tqde*5nb2iJbP^Zh zgDsh&w=>%BF1`Br@%TN}@4>t_FRs!8R+?HMx1yK^4IE)~jH|C?GUrl#s~HY93Nb4C zM5wK51<}syBw{G`BYnACz?x|Uia1J+gc-x8Xe3SSjFAMjI@6gu>`^>7#KEIM*6C$w zBzjZG(mRhn9b(^k_FCqtkhCic68zZ3o5FQxNrFlBTdwOB-qeUuQ_T!5`#8`nVP(*E zcT96>yNWYz10-FLh+Vok6RCho0nDQ=w{D|sn9lVUiCygGC(@iBG^pgiGL2Zsp94t% zobFF_`&;4)?)A090G{I!I@S}ldvZ+2BIqQE6Z9)%GDPQ&eL8WIaA6EV2yqNUDAvhU z4)XeE*gB*E49SpR?)=t%7gKO3hq*VgG6MbP-#k?_LOvS^#_}R5gBD8EMJpu8T#wMdHoDv={VHsPP5gbsF{|CcIv2KyX`u3zPbumo1JI zALH;YvY5ky6elkkWzJkhLU7S1XX5=IgKa!E(c8AQGB_aPV3D93E0+`YMR}4e0Z?HI zDmujkWYGKqf~XU5JrDQf5ZpNJii#9x>aQ3bPap@~92`fr-($x_@lpm}H7MLHFkbe{ zFI*;J?Mfz<`XUXbMdb6jg2{5ZW*5aOY?72b8wxP$5WuwU2msm>@s`n}vaut(VCz$H z9F6@bi{Yhn-K@!0zZAWUEi)FulFrHnnVp1#lvwtyevTN8XfU`ZS&~L?$2dd9PNyIf zcA^PXrjjzN_~x7=bwQvcqNb;{trb=#SwW>%5HRxjKaP}`oII*=vaBEq!%Z*^Y68HJ zsTF`rALr#f%7<=e27jq&(NcVFT(m#dMpfzTs7t8I3WjGq)^ZCU3aKb6RuhZv{XyE~ zPHzdIO8O?Zmj^wK!L0)Sp<$70y;T=--I`(kV7$)zj1?Rsxg{q9xD7ONhZjpp9AVtW zh>x}NyYm#zf#e(Xp3;joMaFwq$F_($UnQ=|e!G)nw<(iv{v0K0!vhTRaG#S^G|6?+ zMp<~Ct6`TPL5Jw#i3p5;#{yljMZn3U`*_%JeaO{TW_z`z6z*1falZcZ>9}ARd@{YE z*M`sM+}Q1yrtn!uK4AwgX8S&zN|*C_wOcX&^5twh`d(sVfpxv!hjEd7>Y?L0y=;B? zDu7q`9F_fXLN%grZRk;AKUzRp5vtKt9MvpsCPY&%i&3}p;mOcwqm~jXID$%0F`A{a zKEPV^`;}D1WyK_wDcV97D`oR~(h`(1v`Y)UV_wFwi!~elIsX%;-({CTg;1$$zpe$4 z)8l-H_Moq%_nXJRT?87j>B6YlcF#fFi)A$+@nV*?IG~Cvi@U?#gPEl>Qw9d1%&Kat zoVui}%m`QO|WMo}A z*Wo2P2@ea;AxJ7S3e+^;zW18zD$H^#4?#KZotCo0Wzyc`~s6ydy^DtuVBYg1?-ELU0T_D9|2=PJ1 z0f5JGvjRWG{w98n!MNZDzr9Er6!WXKg5E7^XcfhdcOH&-$lULYYj|-p@he1dKAOxJ zUc%VkM8z*@boEjQ1g%8lLRfD*=JZbz6%PFvon`&ozA>8Jku7P7G|yXyt;~=F1){`Dxc)` zk3jYYf~4n~R86>eBR(q}TIWJe8cUOk@C9lQlkR#8^6)jm+Xp%mMR>nA7wcNtAaSc5 z%$XXt#|mscX?ef;=&;T)G*s$v_j7_Ztj|m#L|8BktDjvzQC7EPHg;&8F<^LtP1zf6 z;vA-{?m<_}$o>9_#pzd*7}60tjgdk<2-S+JfaOqO&yU4PTFs17%a>Lz& zg|#o+#tzod>2dnj*S){Ng%|9lthh@SaDGEtd3Ir0eBc+yxF91;w$YA|x zj0Z0$OGB(V3inhjS1&|{^VX$lS)>hzL>5%kX(+^l`l5B`)Rt~tTGgU%oGQf>tt_^g zSIUT}<#R!1^|np>+cPAJBQsE{Im#7!pKVh_@yo@L++l&&%5bLwcq;)6X)HM-hJymi zfT+g)dP4=9V-~+%|IuP(m3geWAH(#?*)dC!7*iD}?{_`{Owg&84uvgR!=0`r7r#gO znLIm>rLeDHHCf+r^)e*JK&ik>=H-hBq~an>5a+?^jik#Gso}Jd0I$k2^6=nu0y*-U1v z_t~S^e@wAFE?DoL<^_sn99D##HsZ?hjlappCsdS+x)WHt_w61n+rH%iZeXi6jBcgp zTL-y0(Kxe^)I&z}D4GhZ;)E<^WG+jkF+GTtUjoeKG*bl7H}rmSPEfnd{rcv)V&8;& zq6c%3p1(L`gjM@7*XnI?zKv22QPYd(%o1W5WGirC-Pd5wPW=P(uoYa6L3j`aRZ&Sw zoCQO|B6HAbn02(n~T-kXdS8!LQq ze1zOo!s#t4IMnH(A$MU2?s~G`==3hZouQh-P&i7Fd9=Pkqpni@ZE+I4OayR478Yng zWx3Al4(rY;G8~-p?~%KPp-Q*ZYIzZ}Xol!_c!Ief9hGAdJ$lrHsBt{FMX?#z8O#Yx zx~opL<%PfXtt?x?oh#C8soSB9(K7~wz+HpB?X=)g!%MpO&FkM(N0*KY%ueQ=Jm}0L z`HJ)w;t8u*iT!DiuQhTVjkX3UB%`yn2?NPMP5#w=QLgDX(FRDYiCQHd(GBf?Kwe&? zJvz^+>~XTp^yK6r;M~6&E#pkyQ=y`<;Dn%1DA3sXy8ug4j20Gb)Ih6=Xg)$V*|kl( zx&uflh(3w1PztlWCtBg;1So_3=9~(+DE7JZ*V$W&Q1c}d<$oBNaYyyhxj{e>fFCEt zsThm-3YvUETsVi8S_85Itx+URiv0=a`f(dk%xW}?+b%O+)vX$kdB#f-nv=3z4czF& zOufFXXdDxnE;zM@z{V@XG@U&tjFvCDE7UBmi_Gpzs5bE+C$8EG)ES42F*Hn`Hd|ZO zGL;*N+n`R$sXkD&ErC?SdEk-;1Fn(VV))uq$X|x)&(IHRV;x z>ZkR1Ctd?gk4N5DF>+x;(x~@Fu9%y#Aw~a zJCC7phrW^W-?dE6UNe~L2tQ&JPg|Xq4OnW6m74FkN%|@c%p z2YDHR7VrQL^F$FA$c3*HhukEl=h>7?UB1dny#^_>d_5|vyhAUe7M9%-J$O;S;+(^| zJxpszZ3$p3w+E|?5hm}0i32V4l*_$)HtvX^XI-N4m`Bqi!PFFVMsBJJ(`M3p{*Ban z(F*-Rgo>WkpTe5}Hzf@4vswVQtFOmf@M2LVkSG*d`UQnKsmg$inljgcTJRg?h2@Hc zEX(E<`%B$baWjq`Qh(@O29;gOtx&!h3&qd1IH7}_NIK5#7q^^U+q1*Cu^%j9-?Bsk zS2^oJaJwdmsMrUSAzawWY!Sox&`3f2={$*C(1fM-)S&B$2tg=NZIRI7ehUtO;Qf>` zl0(~BrpOoE+g8iRGaw4_fEt9ueYl9mlkk|uj&=#7Y{}>yX~2sU`Gx4)&Wv@PKux`i z=r0={!_gJ5yvw=_Tz`VhkHzC>n<_%AGZzwJvHe`Ya5`%)@i86Rf%PbWFj654WPS(K zrHvKsc8s=c!6RP#K-b&YI1|MS9aZh?g;#5nYcK7Ao!{tY-t=9LqXOlX&pfokQoKd0 zF2SK7nnldCc=61x^{qLLH>_NDTb14$@yiz<2XfIGFIsn+pi!DtRq2pBNF?rUNmYE2(hM$hWYao-h&9{qsackTEq!>r|GHvnEXOMY z@=y-9v_SN)P=gz?rkTR2XcrOi=ILmbo1LmaRpxUlH%o;X8c%)Li0Fdvo0sq($3 zNP+H8q@IHR$QG2qD!#(8fzVQLrWToyrc4=fjw*-Ls7=!7c|$zFknv$Nu5yu|@#48b zxJXi+Azq7r)jIb4N2)0wf}|tM;^0WLHnyV)%Xz>g(_HQ`R0G#er{ z2P&2~Lh?6=?bxZYX-H%g#lL8=1Q11a`P|(X*5G@;ADw==@t2p`rPzN=Uv7M9jb%~& zvgdLTuE4@bro_Tmb?3tX0x&wO9dXQR?NppkeU7-uPc6F1SVgs1;d%*D#9$6I#9RdN zD&De%r=vrliCRA=y?mBkvjR; zy91PqJO1<80wr!HPMrhj-#?GBA|E8A+b2{seWIdcJ7#jTm8hENur7amQa$145!vw@ zOi}XsUfBi)RG>foe_bN0Ic!ibKgK^@THWvzf0|B)o`Txv?GeC}t4vQ^(?*N{g9KVs zFj;>ke4mR(gq6k{&rbEGDZmFdAF0K5_9A|na4)|n4KM1LBM244V4*3SJYjrqZ*!WE zu?!zbok|^H^>-;YY(<_;5wI?7t|cj#{*VrTwl>9)UZnALtGU)qnKK!LYXpmi#q3x} z%Ie<;+8||h1M%ArHq1A5#mVsX03r>~2=Mk4iPVV2q7VmZ@cBZalXo|bTWup!hh?Om z4S$@)zY$tgKi*ZDK+)3Us$b{|N2_t@G2y^>j!h_nMxtRypt%`)-PC+X++$J|;#I7II#3De z>MaSn<|0OH>?;V`asOS}v;#Ig#$B&^=fD2Ex+PVN;IT^inY;wb^G}P-V4GDtYl6xr zfO52aBM*&MsVZ3P-4K1=hivH0K2GBxr{UwQjn7Jc&S!SvDI1F|XoR{$+}>Z~0+#yl zNNd+`!^eXsRQ{RQoI$T~D5~WI#cFr?6yruiEIDZC{`Z%rq5ZC-fRjOma7UR#zbX4W zg?-!-$i!@ZT{R5+(1Nu81^+|EXup#z=ipEp>RLmm?$o*$-C{IYo@SWS zzxHSU2)B`3`u)~!Y`2d@ITD|dT&-<>YT?qx%5!V~+J|7L6P=H(u1u?%EJj_mSW5#a znk@UdV?AGyx5sZODS{L;DWSEe|6$sF$tj`sjEY==BpKtVrd7>b;zjj)OFmE(4v)p{ z_trdFG#0nTRatK#1mDAQe)QhaFi<-n!JDWtgmJBEM&)y z@YxA?=Pvjh!JOU!b=4SZM@N||e)@31cBPq_l%U!mVK;B5mGry|U|OzWp3w4X*ghg? zzo_OuLBS-ek3hfyXqqvGE$7k%n3fGzn#xQ;AQ3u4Y3DjmoYZ;lzq^?t#)oC~U0s?L zfHFVpIY<%^Xog*zpS^37?>RLoHly1)ljI(@FwX{`47eRv#N0$3QLYD7);EHS9(3Oz z(3Be&P>3DTj(|}dF+ubn``Y7GJmw;NSWI%V`sGTL9=u$j0WYu&)e=8<4;Xy0Y0&o| z*11RgaR2op!5Fo-@qU`%Zyo#^COyRUoFs}y&VM6%aO6;yIF;%JdzFA08BZui zHWDc#o4+3yj@$n@B&LNse7#wxJV$*ln?$G|eDpZ^3Bds(wmw4e_xtxFGvt|1OvP79~p(N>n*equG>9d;c-MZ8zJMO=S{$o6Gg@99&_5;&&ojAr063C$Cx$8dhjsWW ztHoMqZAusP1bmj1ncR>CLv#RXyX26cdKn&nEQg3T``;~DSi1#UG9*gFVkMlQ6++06 z`?+X0o6|I3mn7Y9>`qFhqsLpTU>Ih7z92_uZt= zghbfzQLn`BE5#;uN>QNH;^QpfDN{SN59U86JkPUw zaz)Et$>v>!gktB^EPs0Uo$DD^(Q-=CvhQK>MJ(gpt(jb>xpIQpne(;;COyOZL&L35 z@NmD)@_2(-l1QivD=gDeZ)O^q9Y6~U2q5SUuGF7UVfBQt+Vp@7@dT4NWij+oL*D>m zi^3_#YU5Z{GjdJPVT*XWC6TbKK+(4aBEIujQ3l10%cgK%X0~jfU|<Yoh$TSI=hN<80hGYx>0L8ZXs-U#Fz+S$f@Kg6dEs=Y{ql?t&K7mQzdQTIQDYv9mts+%fEvf8n`%e-iuN&XTyDe{r*qAic`aVg#e(y$wud|dT_GI_q ztA(c0o&U+q%uMX2^Y!}J*-td3^YL=N?Y~W}@p;=GoxDZ=%Fw$htWVH)6Ev*K-S3$= z=$0nF{@glwd3lLoJ)6eem=EdA#=J`|&FnrdmGbE(e$3JOqfxxabEo-4uEwZOd4EEW z6belU$AX|S9rrjapk2eyz0m-p))1wdXNB%bGt&lwGMhrvxidq^*!XIPC?sdV_Qkn(uT=<@VMqHo$2bEaXfI7kq)_$~DP28J5ORXX9W=6B~OJ%!)^s&sFD6jKZb zXJMqb7Rr-ptXTA=0~P3jyUG~)CN*H27RA;f!t3mYP+7{|OFS?r+#<2+!fW4Y5r^zq z>o%{`w_gzeIM6j#agf?kmdAkH9)^01WFhK$}UYO`0-4 zCLXet;RelvgFVKeD^~c^q|XgqHt`G`{^7yx!(@}?uc^#SSkbBiQ4kjdGuxeyH8kP* z$^>WxFtN&IduNZSir*oGYEX*a_4trRY#XC}hJp9J9@DN3NG@-gZnwjVc3_;vW zf3jR^8};+nz;4_o8J7vezt%+b`0 zogU5bvl3C#8k0VScaI!GgHjA%p16Jn|JF~nQyI#j_0#sn08Oe=tn>;to51A(TzQ5rQsHOAO1a z$+91IPXJruJH+oRo;`H7+te>NO!o5xhiTEGlgH+fMR8(Yjx9q56#6By2lG@{Lf6qC z&(Jv(OuHWuU2jrnltR32d1_Bq@JT=kAynrPr0~9!W$A=cYL^pvWk|%|C{UZCpMO|e z0+s|5QldXHi&&WIY8==C#ft@ZW5FYsv|nLi>@x?jt<#wQzqM-n(uwQ>cu1b!>}a`r z5<(KV1zf_UZ~$BDs{|=>@&_7VaYV{)mXGs)0VQLp&fO*VTA z)9)&>26G%!?Eg2_sck4gTU?9HpJZVSI{0;7NnSM&r|>6Ijw%8j$-o z(CK|*l@Q8jYvhfv1XKlQM?~eiUnAWP)_hTqM&K}tQKp7f1asR$@9YkX1W2+hex<~w z#p@3XGdUS;dFzuTzCQ)qu&0_#0h0&@{ro}QWb`bLu%AI?t6bFI`&0;o!mQK_`^`$% z*Py4rj*BI@FQ+lKHSShy-q;e&-x-{qY&KclRdI zCoDNB6(fTao7j4VdP1$X)AS)Ew^%ES5}(*&#Y8yy-#y%l9mNv#btkr#*&%b1EIFaH zIgL9G0?(H&e>y{rt?s{1E3|pkn|ur(k1V!hmUAEdQ>e~C&6%QF-;o{(uUP+?4kQdO z@e- zIS>PMPbaZx%l>C+oSVyG!{UlR>9u4wLKa+d)!`NpP(ExA8VQXrYmg>B=}e ztgy)QIMF6Ah9-VxSOWrz_&$AP5JC7reVXta)i$q-@d}j(qhmF+B|=W3I%R;4xP;4llm3Zc(bQY19xSR; z%xJ2B10GV|NVA`@wD*`iH%SS(qhfS^i~uk*ki|TEjCQ;!O$MCS~jWkNSMomnJBTtbQSKl5O6BqB7p&U$L zJUD`u_@+xiRZWvp5JiTvInkfD za7bb5XYr!?*fH_1MFkgC%=;8ZUO9)!;&tAHZeI(?rUg>Zu$u0q`CegBeBDq=P*0~H zC3jVEMMUHjBa}k9J3>-P5j*ii@uEbF>;W>)1yj*>I()V$bwi2fB>oVRYiOyp`6N(t z;cL8t>5^x_)HkoQB^0jVxLR#{zJP>O_BTl#%DB8UQp|1S>2;LS-X(jOpB*=@`iH~J zsPv+kBl4iX-e}D=_*Kx=PxLkmiYtQL-;FAQk=w=<;C}I{g?Oa>nJ&hS9JMfTp`!#C z=#Zo53P+5kEeHmzru|Z;JqjJBcAui(P3F#hP38_K^;Zk$71YQuwOXJlRz7|9~3E>#!Vy%gMJJVYZtz4RFtZBYfl;)d6pEh2TYnX zz(5+7IBe%1NWyzUE|=00Mk%c|kVH<)E1)N*)Vf2&+sRXHWgm}-iLBbi4!ql(`5Q&~ zg-Jhbn{jy1n5df0hWYKYF!h+;WI%=nu#BRR$UjT*2aPBEcES=NPk`^=_`NA<}4w8NaTJpTb#Ws z4@pUT6%gwhGRA}cQAkv~*OjvYE={*k>X`m=`^K|8=XKRxylN+2@n?|lq>W{RShMZo zJR{<^kHiK`$HDzoC4yA5Q(Lh0Is6!YVTI#+;MU_0iovN{+-%9Zy&q7&*iA8bhXhlb zcD9dbVHju#soi$X@dFEeAye{Dl=vDqig=SO%QU72PVlJ-ANfALAdM|S+Qfo_kZXYM zccIrz=WEg06?XY97lOqs6$09MhxK#QYSQ+{>QQlsCAh!jQ;misQoQ!wl20kInu58*zte+@S2p)wmPC-y4 zX;+bKqUanANeE(Dj)vEHJX{PQroFnKS??r>D{593ujxB&SPoNYtZFAO90$+CokG&c zyHGf?NJ2Hyk8#>ZOx4}9JQYHZaXLnJcLtN>5A1G<0t?Z@wK_+(&xGM!>FO7IE~<44 z0}nh#5VE;&OmomLcY6E(poEHzIk_VUP5icmV!L>cFM*M|y#6g4&RsaCaNRd0|nS z=v+raJ{R~Edu2&6P6wiBmsnlQI`C*;NTZ+g5D$v0lMzBPuyc0Ke@ZEN53fo!G}7j5 zbDJhSSFilB2T;3i-%DEP7FHS%XBRfVZ{O+-T*)4Dji4g~So6hhsUlz{@*9d&c$P=k5Fa=jrEN zg&83#O_BJ(5h9_sdG+;+`^NqD4#(z^=m|rYF=~}MqYZy&EABfW-}a*>rqfunQBB*t z9(K9zhnmqp98B$ zxGsN8#=Gr748SJ7Jih9d5|;JK%~5P6s1z0LV~OoIT|?Nv6zA*Rn$sNW=Bdz!uRdUe z4Yw!x?IR4{WW(@egkxXvRBqW&CHPtrd^TGp=W%0)Zoim=N3wqII$<>BEi*ojyGq};kD{9?@2Lt$26B39;w7IZ{k?4~L(pTtj!_IaEcgB9IfbEamUhaUl+?>^cX z2zLsrfyNUi2ZwwPZsyEYh9~N4K(32TAnLxgNC=`2o?YC#JWp`* z_SdJ$*L>Vzkb0v+UUB-9_4d83jR9@emKF>+P_f}~!P+EUC{=q`9P-IijcUg720@?S znjFXDlItF1ViS&es)4+2SGGfGbGbchR#@9iI1peP$S1^B`c-Axj3dR z>Ra8#Lxs~Hc2s1r4c7x0ZyoIUw;KCXEu_{S%j23V{6?n@_74~{)RtTK#k4(kRr7#i z&YiI&lBhZ)FM-$-XTAm~=v-0=@07e$5h^-$dHc`TIecLxvd>+%z}&qHk6+DG+D!V@ z#cdbZUoy%Ynp)bWE%GLJ1Gl0vTB`vtrl^}-zxh`LIf-prTULbAyKp|!!(x_+T;BPNb)?_wy-3W}UgWHZp zUy2@;zV0HuoaIm@?#_P4u_j-{^M0Ktr^{EbsqGknZ{>Y~QP<`}Hq(-3>Wx;xOk+!t zPqjB&rSo%GrT&AFjqwXygGB}ho7g}|`~~N*;*BG7XY_9$IP_&+kQhF`LHPZb{ZI^V zc>R|QZ=0XrL;jTd%oklL!glk4!gfCbh5RvmddH)G^9dpR8t5>HcD@~<{vP+_@AQH! zOT`C0+2_gAiSgh#*&p`vcrMKbKG_fb8Uzmoc|3FE>G1Z)$W57kv&U{%J#bZ&4g;;zng)@S9Ljwtoyxq=_-0>|bH1}J6 zP^)qGI54ceRiQv!kXgSK!((A099@N`3g98FwgXUYdBth%p!MC2bD-*yN z`;jcGOmFawG9_up$illua+hr=&%p^kH`l>wT!_^6J}S#l+44n20K5Qsiw_LPTX>8p zw=id^w9RlmH(B8HNa(Txq*Iw+I`6>$GU;Ub`cHYtNwl&MCxd`EFKR`O>`7kM_?l~k zHD)O4TczX}s4Vly-nfDSJ?<_`o z0$aKe0BYK&!!mMb+H1)rj>8yObUPvKTevIGf!pE?N+Etv>IBdXh0M6$^xzCVK_aJhRl@r1QCjB zyoiJRkp-990j@taGA#<})bh?|Iu5Pgi!J+#f%DE)3wHm!akmx=BgDRnQu7>b6SDMX zGEnRtxb*hX=lA;bM7TB76McPe`xUgj3%_rZhTD7P!V{c5gf(yTW!3tlzkUm5d2yF| zZr_$o6*Wko)CVu&;}3S#+)ELvBl#ZpO7sW^6hVr94#hT<+RBi?#P-u{_q*A&%*0kY z--`2_@){>z$x_w9dO~m~aF42ig9W5;)04uUT>_4cc9G*5QLgd6{e?JgiQ^SfY$Up( zNP7QdBy5ZhiNifn=r44R_0AEEz=4TgyqjA{gwXWl`*g2$VK&4Dh>e-BqC30<3U2oy zbKSWS5r@{cNA^~-C~}`zE&Q0hOlEH!{1)BvcS99SQu#3cHBpkhh)^mWpag_ZN=V-W zBn*z{pj1Wp7c&Xz4DB~n3C?9xgrV5~12M`=&6rmfHZ=OV!?zPbU6mVI%{u!^XnP4$(Nhu^K zQ>^Y?;PwwD5B2DehHvq{#ARi^znzke>CH5zUOk+vrxCS$z#qtj%Wvc{+QzI-wF@K6 z+qSN3v{G+R*}Qurb@xxmXF|T28gpGfd60BB4HP{}CiqzB6s4HT4Iuwc&O7v$e%U zf!aFp_|x6b5p~Soqg;tBIrd;{UyG=I-9fczy`Qvg47GQ#U<{7U`iF*9VFOkb4x>4H zr#VNZj|ykfm!tm8HgRrs&=s8B^uy77CIq-o5R|)ZYNURk_*~~92ch0L348JK)a_dR z1Y8jqYLV2vzI;Df(Jvp7EiGcH_b5$kczk)5Lf+)n%CuWe=7BaFl)LBh2378kx6eCq z1u1*+#xcs$rwKPPU`&hJ0{!aZ zpeIF{L~rrcTxX-mShO!wH)TBQ#=QMJ+vBnh+Kf80S**Yv1sv!rhPtzrYbD!qf%Hk5 zRJj0#!S4z*l!KJtUUX7pV7!rsVpcbosbc}>+sWGqSFJjjK6V9<`HZ%x?Dg>xWr_g9 zVc$|L0GrCMlL0W&XQfIH-ts^PTH8OAO~yDXSB~U=I2>DcAeRNivD@^rf{)laWxAk6 zAbt9t+(-lE&vGrCE;I+4go2QSJ|(Rb~`)Be&?1Wzud zFa+ust}lq*%UdTz%Gu@V7}skJnscNPLM&m+BrWh}*CZWkYSAt9i)MeYi{Qur!7{O1 zmWPd#>zDDBCNgYJ)~y`O3-L zKQc|uXDx6nBl)9g8cpx$S7`1Tl*j4x_WVar@JWw5s}Ut!H#ZIJ4@omvB^T+}=Vh;* z|E*$#n`ro+F8B8MsdcZG|KiA&b}>v2rAtFWHO5kQ>QASY3V7M%->|db_vL$gaS|95 z9h0D4JE2SzYAP|0_VJLl#G4(S{Avhvx~tt^VCb-~ZkOA~&GRk!w9ebp$wBBLo$mWn ze`4k#T`rIBLs5%+&@-QTWB$qL(Wrd!C)`FgyFkGY70dtSb)*jC9d+33A>2^QiaX0X>hgwrN zHrZUh^SxpPf9ns(3IS{lwi=jO2OpNSt4Lg=nE9iHYOldD4FTw3O+l7N{h;4H5&)jm z?tjZhe{gf(HXf{ex4y_pytgOn`Gc@<_`)+xM&ybV#m3kBF`YN#=ZEe=kr7RX^>OD(L2pCb!WZ)B)BlP%a7~BNQ8YXi#D#jp_tCVOD`9!?5y9VsAM9# zoNt>SiqAs%F4?31L#!yfqwyRdv%bz9a}Zgy+6;!!XikNH3x)tEoy1Fr>mz`cC|~FN zsrJAp#F`(L67AFI{H-2IspptSsVK>rEzP{{_iKVxQSMei3U+fjV`V&@d&N=^R>4wL z`Ciq08-ApP1D;T9$peXl=>H2;Vd|sbEu19QN)#n)&P&nS{I2n`&LqH{_+9Sf|CdpT z*i12djMkzZ4LI@QJpGqYS&P8l{?=e-;lY-Th9~E2WdibghD1q4r4E_O%gtde&8xIA zZ6|eyQCdF>966kVAHI{)b_zL!p?ZUmV)Ko=q;vV9Xn|j2mw7F;`x<_>p%^31D~aec z5#xUlm0#%pAu1{ijs74-nj{D7yz=`@?YpPwq@5RYYM-*U^PlAFu^2-R_Gs6nY2Uqe z(97o+&5=5bsqySv^z`FZfN9lkC@9q^uQcc_s4ebk(29D~9N+JKXmbk;f^jSp}w33V1@W+ul4rda5 zeqk-NH?sd?ErB)s<>HjV`BHvF`@BP%$lzI6P2h7>Av6t;B)UfVVu63q;2?D6YcqDv zFGs_@e|-^{3PSnmu8!`1cI=TYV^_icn$@4~kT4KYE;E9bem$7{@fhhhxE z=ARORHh&fTJl~rg%tt!`LtMw_RKkp;WYt;KY22Cg|e(b0BBnAR)Anp1R3Wq@c9PJkRZ4d6?@mJf$Y z8YePJdb(FjtlJjR!;1Z&_5pI9fY7g`!W}|@omq1X* zGj3>J4f>S7xoul`7#;C;?5aR3a?Os8@#EY ze-7O#$KJt1_vbL2JtHoDi8bYKXjv|v2n;e7rVvg_!)#hdGa@2P!Jr(~6*lj)H|bKT z4KA4pvg`MDI{Y_f<&6ex@C!!g?qf1dWBCO{vE|}rMj^7NlsQQ{HHm%kAkTl1&4qK; zg6lJz^T!XSMV3G@F2aw;h_@Cm0mVR)rOK#DTZ%Q~^eee=>d@&g@6u#%%G!x+J4oB0 zq@K1sPW{g2#57YG{}GqYx`o+f^}^M|oSX!y1T9rsC?=3bfI3M~0;4yQAxEx?)kdWB zSdk^u2Z?d>R%+AjARDS`SSA8L8G)rS`YZFQW9m;x{ui!d<|xt~4EnE*G3^h?KeUQy zA>Ti=O754e>Hh&(@IB9%UmoX#O644ve|l^r0EjHhrBl+Y0Ajv>tbE3|eU_Y%`IYxE zHQGlHGD{pI-JNKh*oo_5<9p?-L^TP+7qhZ9WiuJ?L;!c-^Lb4)fwXPCCeCT9XGNyS z4`jPmT)%tKCYS`PqDPta-isYyf3NmaD!}Ok@|;+}E+qnNzhqQ7_PVr+X z^tBv={O|h5Ic{j;;UVBr818ug2h3PN_fO0@5>K9DCGecRY-5EZL5!N8MY?oI4UM=sJ?tg| z$JIjJoA5<09SzqOMIlp)&13ZsSag>e9ZFK_XQ6Uqh$^chrWP99p)Iw+ptG&T>+P6)4`GQNz34I7NQ;2Z9ra5Bg z1t>rR7at3`%8j}9wbncT zVAMpLk!T@eh;D=^Aqb)*nb8JAhUgNV5WPgNqnGHS6TP?SCDDlzorLg?@ZR6L@4N0j zf1R_=TIY|m&R+Yw&wf5nL09ORZ_gQEdYxQtN>lXu6nAuw5}qu^PYekjFsxL1^G*1u zbli-~Ia-Yc1s46;vTYdJcYLFyd`P}8cMT1ozm*5HoY>3=e_F7IF)XMGO6!g)v~=O* zEdS>Ds+%kdZWcdgJvIKqRHHL|8WNXUxS?+Mi9q|^ERSA|eJ*vNOQP|$YhwHPhhjX$ zFk?|1WBN$H%Nobl#kq$cyP%+>0xq2u`v*h4;d2m258tYr`csDhEe7W%=;OE_Vcguh zqdSbRG1Y>*a#;+P(z?lC_&rWI7x2oUvS*emu{=`bqH$7$T#ir5Uf(L&{p!)%llhQ7 zS2_6IVsxyqKmf_inoA0iB%d~|N5+%{W+BDn&ey>=Z&14eYt8Y}I$D^g;qOr&4No%n z`Y@S0P>~|?w|&|Cd;A2nCd|I()b}U^_O{6YCd{0@R2Szqi$47i_b7RW;PSs^J8T15 zxruqFcHMeo$0^^n=g4bAEeDZd7dAz;=^vZoV*TH2imG(+j@rN3lvA>QY|75a=l@_+ z+%9d(jEZx3jq#;Tsc-vVn-X|oQ}Vd}+7t~*tW6=WZRC*pzc%G*(myuk{q&VhfmvVK zl;!b%vnh!0|KFx)9K?7`N?)Jzr+S7Oor|drV>-hLBf_tb^c~lw5t!2lcLaDBC1}>l z>-(!x3>FJNZ1G-4umuBVMCF*tzpt@ze#r8B!r%Y$=WJ*a=4Kt+E58`eJbJR5>$v7Z zq&t<5)2aBXG&snqjw4rN7C^efC@&_~JPBOPAl|XPxzId^RdzNoiI1U_IWcqb+_fX` zHOszx?Qi^07{&Lgj6wg8D35~C2z-n48~V>ldsovNSAVx-OMB}reJzHjhzeRCmqxjF z=|acP6~*)o9)DR1h>E1P%9n=nd^7gzUTSDfkmzYAY48+vdnEg@XKm^=xD>T6pFZw* zs?3;WAxue0sF@z)o8)97_;NJgHuu*=1x4#Z*ikjk5n$KwY8IWHx|atl-h9H|7L7!W zc2VK@C6MNji;n$eeh0@1q!|V3QqHnTSJmQOr7=Ze{@<11#1@&dqM_Ry=eX>;KKj0W zEM4rXM8R)X+5kIF&)}b7KnJa)&1>(F30y_v0@jlZib@1C(xqnI0K~Yx>?WfD{9iWZ zCAr}wM<1Jvzn<3sl0=e|6bzI|s@rK*>|P8btgKC!D}oXl&{cce?cX4ZaF}wr?63 zepTiU#*@q0I&qmqD^0#qrWO;iTT48#S61D_}pnMQ?}$iKjReD9Jv9DomK_qKsn)jdmTss`@*iu z^NFfRTIx=%#F@kKS+vvPUXjoA?mla(Tc?G zYQ*nC$litk5dq$fN9-7|^v_}qjWEh>X6h|wHUaqtpmLkPUR|~v8Ack@l<-W3-l~Hg zn{NY@FH>(L&)E-{7}$1yF1RKW@?~{h!ASBFrJR*1UO5#7qw{gNL!ALU@qql)aGEt2 zwv5O!4UaNKpA@R?r`p_I_D!^DTWBb7s|3oev36Q?S|Bh z8}F+bi8YY)eO68yCGB0_6?<1`DoMe^@_fSLmFpS#Z4K|+z36VRx%LSaIGr6^kpo+W z9De4}nR^Z@UHZO~&NQ9=1;)@v6gcz-f`!-2SLr11V17R0q0_-9GSP3YT|~@@;yaO_ zV7SD9*r>}C!d=P$d2zh%;27Ci+XdPh-$>+{hoG53)zb+aU~g1-UxSohr%Lc-(7$X7 zR;idrv|ZX1EKtG1IWq6H3}Q~71IduW>Pjz?=&~hWd{5~#8zD{l=tQ0R=2wX3p%q*Q z4r`v(c1i}16W}KEdnOrXk`HT5F-fvI9&FlHQ%<+4lvTI>Fy8X|jT@Q~evqQ#R^3!Y z@&m@O-MU?+T|#ZLLGX3L$CJE52bdh+#u1`t`pPCtCp`mLU}=_fr9Dh?W&mLW=!m9d z;gN)nyWDBzSvo})Id(Z_DoE}zP5y^UnAwml;cxQVxBQrJrS$S&SP1xQkarMG}J5J20d;z0zooOyG0tkl>$x22FKcd*-gg- zb?U~lD8a|Pa!^3=H@6hIPjhGh|}M^ZISnTfp--A)4yG? zL{mKaDxjH5GX)NP*L)eOz=o}3zoc-yJ?TOMXuQ=E20RS^qQ;dR)kjLJRB_HoNrU2D zR+U2zEP_`2^}+hM;{Vu`n7$+-b7j+zM8?cgIMij)tbWVRUOB04aZNTR29k#$)>AuB zAUETkcLdpF6$W~0In$RE#uAoFPEUldR@kZZHasVM#vJC!n4`Nk8C6kel4UV`kEN3D z6lZ0Gt~yL>39a?MYzPVHPE(rv0AZiKUq_-uURHsinH$e$4WRA ztt049r9H^4k;ky5&~QM^kQHzXU{XJntKZZe=zI|7bcdlYz_(4vTZ?gbeYks6$SUhM znYG&?<_bj{6Yc0qnigXo}9EoIary(OcAH4!4-6Q zMW6zKha?K0wT2hy5g>+nrHJ`ch_guP986Ef>am4oUSkraa`oz8hyN^S;#8({_cHSA z=44^(Xy?gYcN8AH09%W^V13)d6Vu}%WH+cWTRuG*VX~htfOkL>trV5EQhJXyyPt9) zmt6?OyjR(TmPR%9dXbG^Mn`{KF&5&_T8;gr7-K^5TY0jA^4cPoW}N@E4xaf)EGUnt z0A$KRv{~lIYAgFiZu$P-+YhT5$IueKd;PYy4O z+;0N6q29vNfR#Xn7uzhF%9=JGL9A0daXpzOxB_e<>K18vfH|~0OxM^-{@-4YtmW@vGj$^S&YvQ-2E8%*Q<8tO#vUzxpe+w-+|mXjG8ZB3u(t4=Bb{@0_w1Y?_{){tmUxInv?u4 z)NlE%!5pK|4R-E7o?o$lKzk>A<^`-yJ{ zd~_6kPK?BkF;XSdyWxZy6_Xv+)W~COiO*=dpS5^gLj0l{RcN(ylo#UZiEEz6Xzg=Y zMJ*TLSccAEGe|R0QxgsCZ4o}0>2MP1rh#`)sa;!5v;EE zbplfuJiaZ$4P$EXPhhDjwQjk=vHu@df@2N?pbZT_QH3D5#L1XORG}?>oBn+yLv&D!j ze)2hq4jBpRUd$LO9`WXh}%4$cG#U< z#pBU32s#in39z>4T!QR4*XN!eP7X{`Q@YbOpkY4Ir!-iiqVQNkZ@0fFg@fhpFF0Qc z$2m>sGgRl%BkD7s*>ZMPCEX=6PPbah936nnJ@63Rl#mQ%@ynR^puckc*$Z>F+fZ{p z6UC|>U_nPtdhoKQkWZ@Uo2ytV8r7|Z3Vl6h=ULppyQiiR_fF=4ll2eCMVr8?!$R?_ z*@02{?P9CFd}FJ-ia&?dP&Fco#s}gpKvTN18GEP#!P$DVaW%vGswG9xSw6Ps9~CL1 z)8=B90lRatTLq46^21XEmBEqg)_3#vs1ac9n2);Go)b|9^IIo6g1=h~4TE)ppD)@U zx*jF|$(k!jb3Lvc9zdTVg8%K%^-9Z9ZfvXhkfl_{mJUMOu~TcsyZT+OR>@aH7? z+v)zNPT`eZR81U i;K@@OwT9w{-tO-1+ZpADV@kPA%-ha1#GPGsKT!mLq^hv1`8YNoDzw`xQgA7!lxQipq*bjVRaq^m?Dc9Q zo#f^%Yx!Y?-rCmI_WZFg`TBTpaB#hup~|+&<6-~WSCLZV-P+ONb$@m+P?2$|!%by# zaJ+#~#j3>fD{Xygcf^a7KPWaBKpN!jrHo3#k~p?-8xQE)=1AB~&V|)vEY-mPt%~ey zHc zbTO|ax@eOVEn6v}wMU~F-aAdplpi&J$@Q^e4OYXkRC#N^<$ShLhSTg<)>EzWCBlW` zZ+^VjtUc}nELK04ov1US_b=@o?S$|{HpBA|qgKgDRYG#kcLH@dixcKB_IGsU()*@f zFIz(DdYo#F)_vXY4CU!T?^j}MsCg0<66Yg%pqg+rut_ymEPB&`^7X)7qE4-cUNU>* zTim5n>2sSCL*$$;tIodjKw$d@Gb>?0k71rhy7YQ@-qrEzQya0L*H3% zK#f{$&>aZlOJkPmLIkd?zXezhWX5Jh+}CAm48nQRHL zm`SV7wGM*%NOK+h7DJnNfa#w`Ge@Of`2$OR?BLiAGJ;b{ER_kPVbfj^-4K*-0jOyN z{k|C&jYLzL{h;q*#FW3IV6$4xh3IdDO%Sb6ZZT?7tZaObJGu$cC3{yJPM?RYXxVT|)0ReW*|4Ma0iq({q+1Md>X^g*ywy=lIg);IDo?|9fs(vSWgF9lza zJLrpy(OtE*Nu$_V;Ek~K=ZtUzFbMEuvVg(qI$8V16Dah6cQvN@`mFLqtK0tP86gc=SCO+2qBDw+ciSb(1`{W-E-5>4NTPY^p!|$6f$rc#!M?KNNv^ z>FgG}eXlOGg~>ORMJ^_Ci+(W>i6Co3Z^^av6DQjx5=jW|(oZ)&0Lq^;u5%Cg1c{JA z_v>PUy3>n6#1?VNtxA)@`*-BvpZ-xo)+u6@xo{O_zzWS0e)M3?1USv>iu2web*+~G z@RvGEI*(GxGK-X3Y8Yi(heIhauqv^_MMGmXIPak!akc)74g3d1M6{Bl=j?}AyFH^P zq8KD~LOGcBrsXVh0)J9HW_L492hpvk-VWBoL94q7g{ut1*Hij{-9xo&@^Zv%>>{}o zU?aC-vCL3d?-(AI!NdN9aqe!(jZj6`mY+?k^Y6f#;I90>x=NjozN5;_XeE zP{tzzX#FO2HDXd$KKO*s+AN%~6>{|ebwRH0>t4X?f}UkFHS$IP0aX^vfzcAVE)457 zV5ZHF3VuT_6q89{ zV!^;4G*rz-&+-WS>69S(iAkyypwleUX zmHi1faUmqvo#@cnfM9R8^0lfo;K{}`30M2d5pqh$lIgvlWUB!4g{XLo7!_2a2fthx zc%h~U4u>j+=VK_hOy57SX^I|F`dO}&@0N-qtXu=C&Bf-@{3F?%LV~J7V#q=8bw zm1qf~Z7Q>v7iu9_PgYGxvzAEx?&?1b?+;h9w=DS?)Z@a+e({V-j0D@YK@;AhxW-sn z6nn=MDJHMOGcjN@mO0r~!&}KL7I0!uBJ8yOb7+c*VPbsv!11Oh& z2kaX<${4Y*>~lH@ec*0SB!p3w{zwB7jt;+z>`~m`swsL{fylPN%qdShklQ~msF6Qv z1%ux&2%~0-MtTN=6zfvmbGuSpKZJd7W!;|132`tHt!aCppn+S<#^tb4 zFP3-c5k4fahEJs0qn;L6H3wliw`YK^tk|L8F6Rb_5-)i>DHi zOu`INzKPGStlM{yVSC2+y5sn;sSy5=aI!Su^ZuwDgI3=45OD1Mwk!;TWD-De&*w3T zQVn!c_4$0WaPG3{^V#}wSh1F(_IXRO)ll=oKto03-PP)FRf_Jq8~5(Z8ihJ)S8oF>QvK~$MB}# zpyPNLE!hZxJ*=0_>?5Tb5MdkZ-Dk=UlT8);si=d)K(u~1YG0~ zN~>idkp5}3^Q#DLO229W9s4ofxdP>K`y5m+c8RFs+^^%tE8o#Yi>!8o@NkL6o+1QU z8Nm`Ac_+R;h8e@mQ4vULyc${Ja9pQf9KG;ZCl3OF*bM;g$&lrT!UcZrym+KMH_&`@ zNd|&z@RHy-F~Mh?k`J)ntJOAsr6{A_5K*z^d}An$wJrIBbzX*R5+@hW_x!?=W=qf9 z@L&bMXUO#!S9J$_^lR`Ohv;@9k#vPtXhPRet0nesV4fs5cS_1X+YNLV&k3bNVpV6W-s8n)&c)#gMUjapr_@ z-Ve;F{md@4uC2`@!*Ji~jj9PW_HuOiSA{>qn4ebW^sdmzS=>U2Y0#89bVX3WGXc%u zvy{QqjgZ8;MtNcZx)^W}y7IN@JLi`pVcbuNu`3V0fzjjW=2xfrJzG?(N1_VlG0%i! zcR=w}^-_gBQ`ry!HI0;PkuwpTIL2oK7qoeZk)7p~gnEY+BRC)BeG}WfZXOC|fY8OZ zv>KQdfMvRK=M~*~Wz|n@yMmU{&!urO{np3$8SY>R$!&Kl%NK@-?7XU* zojEB{j<7Tp7*n#f$cz!?EQ`v{y4$#{CD^O6I zVuPc%#tOe*?lJ}MOECPf2}%rJx4?-FmU(q2wAr5(`%M)pK9uSh`JXXQ7%bdf9?_p= zAjK7pJ{XhXoNUZ%b8Tpet4bF+BKLCxv>R=l4xtMV-Tsu+eHysn?f_tK4>PWYi~p)y zt*sMLwnm+n52DnQ|6|@8$f}gc4Wf+4yYd|5qLJ6LK7wFl}T3q8^=pu*t5UD>kRLffYJu2R% z%zj7|X)fCX_Z@YHhD}{j{yGv!{|gRiyNtZP?mGy-j9qgYj|{khcJPVBA^q}-B$Zs^ zvd-oK0mrrG7v?0v9;EYxBRu{Cc)n$~$YF_-nfIglRv-=9t zydagEvtifL^BVn~COeSzotk^FuxT1bs5HF ziG1p$AE8>nYl_uqDkvM#G>tGeD5D);3QgE@Xu)OJfRvVV3tFiODHjO9ky)T-kipm80q1a`o1tid}qg5QqISsF6J zseR72d0Cuqqn1I`^x!$M1X~8$3S3zCHkz|j(O@06fy*%n51^tcDoM#RNM|rp7MG^x ze`T-ZWy2B#Ut4%T1VPMDA6Zuqs;!OG4^HNIL2-t=zI#E`qrhTR-DxQp;SlQpXhU%}g&KgIpVS7OWYJ+Cmz(y?zwQ=G-?KD>hd6qPTFm$@tS- zH1Kbyhlbn*!MN*5dLvW21b2pN3WH&&h2~NE22N^9^^Zk~^fKYVjhO&Y|H?9**B#cK zRTMZl<@w>e#=%P0lxleqvnYnBcX)zXn%|Y9;oW*v-_c@0aSLP8uhW_1nRHhjYs(7e z^{p)1z?&4uTavT`>k*_4^8LAb!R)nS&_YPKx{ul2mImkca*s^poIGldL-`7}&Ts_3;h zP4HylA@Uqtjg)dG8Ihr(v*3cFQpnTT{~JV#lJzGRY?Z*ONa#L-wwcvTo4P&7sBxc! z0Mvp^ui-X0IRT0w-&x0eF7kaY{dM-%LbN=|1bG@GGw#S8( zhzqBX66^BJ0Bcl9lOn(GvwgTtsAe^qMeUdAuj*EfC_G~&2rY@3E(Wf2Vy2!@D;mdy zrVEa3!LV`4FwJKV3L|BUZVEMv>moDz5~|HSC<&{!0(Hj0qYRA`r!Cf2wM=D3;?ChF zrBslpe=PkLavsAMtFun}cXUkCe7oU!D&99F{N>f*`PCuz^&$U>76!Mc?xOn1LBUg~ z#WtR3#|EQTXq{aB3-G08FTtc>o!ZIxVs~O_iDV~kQJk{sNbZ?32u-=g5_+kv&XFge zs>xVBO~nJ~Sixx0*d8c6RO`&pN^U13rUrA_V9JDD{1t`PhL1U(w~8=5XzK`_HN-5GQf6_-7H6!m?OPskyt-DwUM8$Gbu;k~I_y zZaj)}uJ7b(4t%Ccse7sZ&^Hq7*?XY_mvv9?413R; z28m!PSg)N2QdXf|yYud}xXo&CRul`-*&#x%ECmjNs7E5uaQdQgr&@w6kPA3UKjkI_ zSjenrOAm6>11#XnISga|tkAN~Q);SI1d>WL=MzfMss&4eUI2=H9bF|fs(Ea_FCi`} zDLuh^A)-2=>mD7c?0)i`)CiU?*6fKO2u{)i~RS!zLa4`k= zFuLwzz!(gkVl`zTrkt{<;VJ=yjd0>d7i~}ZDAlru93O-F@MY@?0jb^Q%%xRCRMXpI z)cO93TIPB~hBpv#Plob@h)?xo2Bz};LeWJ8RLF$B3fJiNGyFV4)LRVwLJ-E^qoa^H zMew50PQH^Gl!nNyPupK^9OV^abj+9yrTSN3MM|9ln=`{)FG&_4(Y4hxMk75X9;NPL ztFzby@DNmZgNYT0Ufs`{^-HeG$ukdwxc?+jV>jEWO29y~AP+zjtzDf;6bQ$GwvcmA>)-r3_meiU zSp@hP&Mg`AFHmSFpEBqbA@pa8BB@M+PZIS64wM(Gw-|)Y;!`rpM8r9rjKbcztsbwv*+cvQ#JSSnFN9)}k6%w5;M(?4;i4J)5^Ll2&aJZIy6lL>ckA$g8 z1dQxIVjn`3+A(LGwn;33dRG07N;p;x zX$fVkn@O&%seTp?4k-rh(%9POM-p7YEYqWLEm9TX_a}eWfXt-;z6@|>J(WczO0}R) zk8Pn&uZ6Z?E5506zK2d>iJ^_mzF7CEROZ?yKT|Aq&h z2s@bgR8xEwy&+xhBrU3A<3Rn>Iy0@?EGJ3;*8qT~$;?<#^88=K!613= z9U7RN0sB!|b|7RUfKy}s`b(I5=R7A#gHZuh^p>+rik?#e+LEBOc)w2*mEM83bi23pI1Mk1bPZc#c*n^mUWPuRV zA1?YgMh05v{nH(!+x`4mSs$m<@J^QiQ%G$Jtst)SS-5j64F4J)^V!r%JT49?(;>%) z;Tg}Bj0K(cUBBbKt*Z)zPL z5%S(T^{@!;@z1kIFHtC}E&~G=gAsf9h_Qu`MA;w!x5ZUyPXR;>z;m@wK0p)>kHvL< zYY2~v8D(=nTtHYdnk*JWo@@1ZA^NyI^x9^Kkn)Q4rRJRV#aH!rsCGxL%Wr;w5MbQ1 zNV&~F1>^n%^j3{I6AdoP{96V4-cm_QmHDd7Jyy6grxDyIJ06if$FXHcVIo!uy;v+x zcSGcE)Zs66-!VAB1n6|7=|X?fBv)=T1@SEAf6vgE%OZK47oLU;@@2a9PD54c_3+J) z{DEJGGjV(agT_bx!Ohyy9O89G6)M0hjWBW`ux7o-AcKa$?@V7T#4zGbs#{mA{QTVe zoK}v3sC+tyN+1-RaZ5XC2@C0145*DeH~W7d5k5L*qL2fHfBhLzXWq3h0n*Np;HT5S z;PUr&S+XXTV2n4jNp5zpLYcyyr!xfD{qrHN7_L0Z2dkR!B3!FmEHKwUnFfYI?~n+X z3;gZ3jk5_JPCX~FqLI_TYZdsZxH&-;XM_#)kJCYQs2^N39mDIf^l@!b|HPau?NC!@ zj8HqrX3AmRs7_qWYCTdjsfVogFo7sg7&cbnzYCn!#4e;vP>X0Jhytbq#lQHFgLVNR zE&)Cdq~5r1qLq6i%RWD;sX-aSWI(8k2~2uJGJ$~dj4T=)<|z=FI?NUfiSkSz_vOlF zkF$l_C)Mmc)qE_S({vf)O8IkLBmt72KsX!s6wc*_0ddM{sC{Ut*7wJ*(-jQjQ(!;{ z+@%e;9=B%1iV_h z@6}IjCX6+!@+4X<88a1K<1GAp2zZFr+o3|?q zNtt}0qQK3l`3->qFw<(Wtme$wca&hJ0NY)*grWhaAVXLebYeTikoe^$0 z>}k`vkqZU@a7pKsNZBYDwR%~A@Yes${vrDtMVUcyL1MpFif{6eUTHn2w(E;nByB5b$RPf1(ZACt&z;8 z+cgn4Md0;rbm?00i(j{|5fvU~CFbKJemkerYb0#*_EbJ#t{sDMf0rBm_W@EO&exAG z`umuFKoWR;k8$`Xz*5HIM7n5SoMvhwytVI6Nu>er?MF+(e_ca(9s%9veeGou0*!gR zRE-4*t#S^wyK=;B6%4jb_Nr`mElEyu=`s#}4h3u1fEXQEFJ^LvaOe&&VKa4*kd5lh zNGl3us6wv$P}avz0!3I$AJ`)^{9jPY^7`(^rHQ@dX&1J~@{SJMfyIHz*%d+^6V`Ta zDzAa5-loGnfwA7Cjd}TNQxeWb91EJpmnCrEuaKfn-KfxoF}?kO9~Bnyw17@S9)e5P zGfu_kXjGs_{hab!^i4aRKqd*200nH4%ZrBa(c`ssMa|9lvo|U)NelYM{NRJe^DeBk zSe63YFn{IA?^R1mPVHNbf4Ie){`^dYveBSBw`@k9Z-gF3Pn^^shAXscigO}ExlU3V zuN0lSaAn>AixUGYtk&5lSefT-vB_n*Opc?u6bJ1*5?A#gQYKSM%8YJU(L4PeNd{*$ z6CUo;c+o0H6Ura3>Q9)i%+H^A(m4_zL6^wsr01n-I6RoI3D^jq@cE&@VZdx$K!Gj2 zVm2zG=)77ulNeQO_1EQbR`+UfBSSYD*F;}V0lt!g73VK6EhdN&WkE?{KjJr>6Wbii z_wPhb*_F-oqnG)Ke?$JaNc8XIFLFaAt%(GU$EYX&Z_c8V2qf`G5?85zOq^FcCJz<` zb4HbXJn=zzuGffu0U`VyYv250%q{v4#9f3KeK?X4%7;0Y@rvM?CT0iFf@)4wgxID6 zSNeZz1ybC@hM@{vNqDw`D)z&4sn$ffbFYo|bLs_XfKe6TnN^hX3&H?6{yC@9Fz25v zRXyY?tD&QnehBC12RXj{2}SWNel$=17TO7j3Tkl)ACvHHbtmmlp-}B5(%&5pnEEjVX0=WJl#d)|{-}xn#R}Z>l!6aE( zj_ik%1W7nc_`+2&G(PNk=rKHH%Ig;zLsLdJ!p@P3Xc!dkV*w%?rP7K184ttccor6k zreD$Bb&>$fk5Y;<9pAQz4Ok$ii^pZJG3(iBj-~lsYXHSnh$Q77q6d5a@&->vXRIHB zH%Lyzw&j`2q*XqT|iBT=sI zpqeUUYn&*b|2fY(rLnjee^)0sVvRsrR+$~LehC}Uye4zlntA==npQo?$+;$2z-K8a z?a>RO9a%TG&|<1P$5SRU0*)V7g#(gesy_r?6?e?7GjRHYO-?7Ovy09}&PtcMdm00Q zZ>2~3as1`T+@-OUMyUp-00QA9wubNRrZ%yWI*&o_T?PSg9vpV!bUnfLkQ3YzezUzP zGtqbrcyYSc{q$nlyH@o%hn#zVg4HMeU%d~Oe``UxUAW#}o&UExpnlJxBxiFjUG(1m z=g*(F?_((smlG2c1zmJLuJ<<&D-mn>Ivt+(edp)r6{c*Pe>&UWKh*7iUa#;CfOP5rx%Ql+)th0|@vG;-S)Q7>z0B@9d-4TYdz%VSEkvX_ zR1H{GyAxuU$y3G6Ic?XbSYfS!8Pen_e}8gs+v+~7d911~J9nCD@ZNSX{oI$z@WJtZ zNrLMv;9+XmJzXJ0sYq5__;g;t1=n*sEY7nPbb}y96mH$RF<(Q{^uF9o8#Lu__q#b zm36bXQfrxtuvYk0l3kPjxkGlgcXufYVGi2*K{I|_D5jZF6_iOZL~yFspY1mJjw$RZ zl93%Qp}=OP^#}Gf+2{qJS$en1mEqZz{jtB#Pm{4tFz|#}hIaS}8k6`A|F!_QIv%AW zq+P*v1gz{{r+?30l-=%?}a|c%SKdsnKvULP>z8g&$VijaD#faIv9q zY~~o6_-AcAy*;g2+i^7KBzkzXW+kC02W+6HDUAzniW^8hmb^U$TNRft13;7Dh}?i_ z$TWf&wj#6ve8>)}P9Z51HEKF zbHQSnmCRL*T%RNbCSdh@-Ay5cqcFw!%WAF1ZOt_mJMa`Ptf&u(tJ1>yvXGfll{lF{ zhO61$`iJtFzdlEf<0!3*<16q-f+m@XiDhV$EqtgQ{#gV~Akg?a6} z9gOn#q%OMK5yXFK{ZuZg6NbSnXpJe5w3O&pYKoRG`aTkpssdj-u^-vXpg*f@kssX2 z@PenUH6||D)N1Bo+;*~xeG8geVV<*i*oy-vH)Q!9@DjEMG1N*l(2Y46>&L1uh;JC9 z9lIQr8o(8I)9_1d8GOh~$Q$U_1IA11@g@s+owYsGc;{ZRXFmqkxfe=_GpYW4VOrL1 zB+f1j(w}khH%LQV8{18%k{u6ytyZ3r4=1r-^_;1X05`kkk9$6w!UlM0^UV zQp?F<;o=|%+%v@9mqQW6GlJ1vRmd{~l$21R2}T)DXwnL5$idijR0AzaVb4{3hH8zrj+G8n}M zG6d_*Rc8Gp%$P#N7Kp4fV$Xn_hd8?U!*BmV@p%-S9}TIR9_-UXFgS)=toQ#(?C-WT zKgI&y0m8*djx32lULg0sx*ps+-&Osh*L~$Bwmq#_?#evG5L{#cLcL|ImJG32Sk79^ zf}#)`7$PUgnVr*chqL1xzDA*PrN#rv)O;s-T8jHs_DWwOdp*%lYyDI?0=sx~rCH$A#_ez_cR(p4ACVK+NNvRkaoY=(FE7X72YOk0Z zMEZZF_K`GmyZ{n(3$A$Wu8ZMg;QKzyUXSp}7!@xpsn0pZM4IrXh0%p5>eA9~Dk9t! zb`fmf$*LV-j6qO2%Ac4ZWRuRil2=UwUCZ@7(;srD)xY74iVJ(jqE2oz5eLC`Qs?-} zKipAF6@=|1(=YF;s*T*t$f{L3&<>Y>vcKVIg3M}uUOya!tf}&Gmw!Ip{KDYVdmk$C zooe~m_4}673AR`BUh|L=LK)jvV;V&82zuT&nTJlyM-WB@`5fG`s&>9lRShoAk@8EQ zVIN51|e?pCm4yn$)hD-lk}%?wbr@=vLz%dX91eUQwb(?T8Hn}bfG)M>FPvQN%v zzJ+=R&bJP{J6sHuKThegUM$pKtkOfhzotiv1I*lsz5#J)p-+k*w=zPV*z>917BB7z zLz#>T*iZ<(AJvM&i3#OOWN}KWJ5@=vL2Nn6{GPc$6lXi-YJQO#nQ^AT!U`RV3R%~( zA=QcH>vN#bz@W(cG(3roj3M2#M}QTh$)_+uX_xYv#`QhU#T*yLSWvIN~4$vmM$^{l$(KeVj`LhbyOnrS)v9Ng<&*p zTp~ddNtVU6gMbJ}YGTqb1!w~O+;Y4))M+N=s|-bEVso;fPuM^LqtJGuJ15o=Q#koP zwUWj6qD)@K2nu7DBzZZCT~HDX<z!Pf;r=Q9P!`WL(5%_1K z9}Wxs*kyb%xRFy_5&Qv-M!Q7nl5DdEd)_bV1^UwfHro=^ZrO|*kDGkvYKP{5CVSYIzhRUHs|E0)Y#(Z-kHY5(HDbBf&o zp?h*QEzSP9%|{6$d2za;U3aJ8#hFsZH?`?UGXeRjSq_)d_#*h$QLQ=0Q(tttQCY@L zC$&?&O_K79O@VslWCAccAuHulIyo7K3Fc!ZK;fKyd88FiVk?k3z|nWbfY;uLh9K&q z9;y$e-V>Akz`*|Eq6Z}*aId%~ed5&?T)r<=`O%4db9FoABG*is8zCgdehn?hS6%DH z3TIhYL-KJepdH#sO454z6Xzl9Ib6M(TC;~Czkd!ESDj0wcMoOBrFVGN(~PH(#Gts) z!1?lmPr@ibC`SLp^ZWvnGGu2kwS#CKGv{znjK34KSwpmS9TL1OLBzHz0*7CXJo=q{ zNtDcLYry*ll7o|-n}Lca-`nwx7l0lou=nFbUl*MrxImONE}y4Or|bjYz&1xJgKet`8u4wa2;AyYs1bdIG1^;g&ES23>I^V@L)D7EXuQ-ia{0DV;;BM_dzxv&%aGmw8Fh z`)K`|9;M6Sz#iidKRcZ%RtPb)Y_|Ps3Uhs&R`tav(pV@mk)6Tg@cp$|r^MXQvEOUZ zDxXP`JaW*tMlT_da@W!waDwNn9EU4YJU{UP*?b)tjw3$jk@~^_9(UNf67@5E-nH*& zMKv&ea;8&1v~wrDf#z4HfSew7ALUK)u}DwOdLT+05PUhgPR`0gVdhulO+~Z*fR;9d zOy^I2P#m9a3@LpxFTG9QaGi}BCANn(n4wL{-M}uxX;}!Cf%(JswNKj*{^~9VSolP% zUKLz2BwLcRwL1ZT^O0EQE6Ipv9(&cnjG7UyQufYWp(3YEYlV-z4JP}T4yJ4J3@-Mg zQ_T?4y?k{A)xD8Y{WBbCn!b0&U>if-Hpbu_UClBRe@8d9h18H$FK=m8U=UfX`k66A z9iLovL#8?qzDZJ2`N5MfH!`j)H(EIkiQCl`_22l+pQA&Dp@~VTTLT5 z_ujT1dQ35HR>_|ljY?d3e)>^BgA#dxW3~3P$OzjhN-y5GRX-2AfGJid7e}er%UVjQ zCxwubO?d1X+I@q;vJIOm%xe&>r~MNAcWFn%3@sV<|c_u(GKpEfsghp z7DT6=z5^cQXptvP8+E-|@^>}*6q*d)nQl))sdFm1a47SakSj}(bRS)|IiGx=ExN)m zWqRMG2}MG_9ZUR-TADhoj=`9^7U5Hfxu&Twn~1juJsJ9QqzdPCyUF>GY`tLMR5XH~ zScABOTA{+%rLE6?~+t&M$G%FgcHwq9RB-$ zV-_b&)P{eYzRaid)d}DafF+3np*0u&BC!3GY_M$+OLPIytT}@Y-k?qX;`7ek{M;Kw zVAMX8$(LG3Gg9lmmtW24ig9m>pwB+W6=3@-?66ByRBDaS_$7U{-~-8Rx`Q6swVZQ2 z3yqmwNtsE{UsF<(=HY+vj(wzC>Q@smZP!Lu> zQ>PPuPq|E^4anB7J1Sn0b5gJm)BRp}u5>^|D$WY^N<@7QP)#5Xq=;-L{hXlVT_Z0oEV|YtH3rydcXLANY5_pq4UQiS=@1jCEL-rE1(FZgVYBDV&1to z@3C5u&iBoh(~o=8R*mdO1ln^FREsxW|E=i*l>QnrmADkV!<@+|3Jb;?d9^eW>5%QT1>5yqKQEFRIxfPuE#c4m8S7 zJ7-RN$)`Y09pJnTGRT5O%g=g6r0Dy|KcUz=d=QFIFK$e3YqL9_-Vz*(G_gBxgt!+H zCthW$o}aYtVO9lGNWA+jVyoOh4DR3ueuC?Tnk*~zcq??*#7vv)pohE?6lmk{il##} z8I!z`g5UP@7VaG5W-B(o2bkeM^p<#R9{z-Pft3(L!!y#-GLn6|>^|X^dZI%}Q~p+H zOpb8jiYITNM^lmfdO`E2Z)Wo8!+7tT!3`#t&GC#CenBKGNMlRvg1pNk+1A4J^zc&w zYUSc14)*ZP%&kwUhF@JlmOYvY>JggF_|`W&!<|9TohU4-MV($w^)VIp2E*T>F;oxU z+@~hHj#935to7~{sY>JP9-xq*VvSkf%h1))<)t*aAf*OZL5r)hwuTy;=zmCQ_BFCd zY2J1Pnp>7_GV2RK|8tAxEl_cl{^}|)y|s1lcf-|H0S3{Iw>`A^F%SL@PlVEx9FUWJ zo?M-1caD?&5?}Y{p)BB&{h_Zx&|skZGe@otZ(poDU5f%!A9enatseT!Fgtz35t1Hy z9OQ^;BCwyjkl~jX$plFseWpO%y%O_#`L!n1Eb$!&4(#{SKE;^fSGBKpk0F|bo_wz4 zh?N7|LV7zk^IbZp>0wOlJ-il|5cti?GBv+0S2?6HS0yTM&l9(0UZ0emtVEPed!Yo%6HeJtt8EZ!!Gxm?ODu4ukOOZu?_Oc&& zSQ8NP(n`>aE)ZISlxpk|3NG}1?i?0t+x^syxahN9@o}+ zFg!|ca#EjuN2$xv=1LsMjnJ9~cd^YT&r|ZdmKV4>J!Mgr+sA0XxA#4LhfUyX*vnl9 zFCqOS06IpJh-Xe<(B(?hPPiIE)ND|B5W)iO%4c94j~Pa+r}hn=YjmEERErCn)(xgN zGcG3v{>WiOsCbHh7~1=;F{Wpx3sh1Lx;$sqrfws}vQ%TTzq}@d_wDT#H_=**C369F zAqGZ>9fXSom642=i6NSvhn0zelZi=+f#(NPL%}@xL?rvfcwEttMX`uwala+0s1@mu zRq^D~MYJxa9X>uE#5!gxL+4vmoUbRORZ}$iFggnCjVlmC(t&{&F~YwHOkdi&+CSj^ zs$`6)Zv3E?awR9X_ZN+WWWE|Q)Ua3FD+JI$e1vl#_U`RECe-lm^x(?Ol+5^68s7@b zr|=plUhz`Z!FqfU&DI&!FV3a_LQPK!2X=Az7TQ@3=eVi*8}`RS_&E;OxS@dvih}X& z17QeJI^;I@xW1JLoC_VJDggslYlLTxrlG#^(LfpAi+t>F8UZ$DLV3Y>@#NfYgXX%k z!y*oC?T_qjq>*IaFSCikydL#}|35&kd7tx_x%JgHvlL0W%U6X8pB2ht!>lc7+(TbBr_7z9 z3{L8=6Zr0be_a(tztL>WUsEWRe_fdbvOT#1+L-rabHe!=rs@xWU6+^mB9_^{kQtvh zG(>HJ;kXC8C_te<45y4@x`85BocbV=rjQb)Cy#cE%wP7Qv zic85{n*|D3mbotQn*aeUQ^fL5^ z&Ge`+(`!Xkg1Fcg=Tfma*8G90eEdnQ+v*;s91U0TU^W~)-yk*|xEbMp?>`}VR;T>f zrWuL>w&mc3{JoE9%Q2`KE$chBP*c4Y@Ow-%K)wlF9 zC$5@tSlGgxcuXT~5jWlxk%V`p@xl#jFDbH*xg}DQC?0ztB*IKvjrjLiu1gj3%t?5jM3{2B3(*!(2sOZ)R%OQu5UenbgqtV+9;e45d{2^;0nC}qwZC_6iqd3Rxkxb_#5 zW~^hhrY2*Z(G}O*{fGFVdA_H1M{QRS#|Oaa*-&f%{$Z=sBA^@1|h_wf7+^|COM z9rwq>LEpfYEE_Of7vs#vgex7N%X8`^BnFX#B(LsKx|cnzk@XfA2|)z%JxgLyWk!nx zZJLjCepljGr8rGkKNG4U%_(cwL5b5SVX4I$U^4|fN`sMB{xq0jX=vPzsV%#CI{Q?W zTH2V?S5ne=nOeFhGc}y1+Ei?dszks!Fq>57&N~?@%qz-cd$9JQ_g2^&En8Tt6Y5sb z9T%xBBo6$?{t;hE@V-DfmTN{voENPkTUMbkbL@}iKyzdtwD(27qban<8xR+{xgbVl z10t?y36x6DUT91zUa1j%*rj0;w zlV51$6L}AgazrCku0>n~tTN1JL{5f!*7@0*n?;DwBAbsis zfNN3Ih4_rm;7@M_^hMubM@rU(c&busu{OKD?wbd>HB|2(dEYT5W+`EdN)0D=6Cakg zX;r1Fbp$ZAl>WqZo=-g8%yOY*fATj~AA+)pEYZd=uBpRs?}8qe$F`6$Y2bq4EjI)5_v+4|wMXNVWS6{3rW z9{g8RMER@u-P5Wqedn*J2+kI5zpo27!SFpz?rq6O_g*dU#gZ@eV#xGcNp30mQf_s~ zgtK<}i6*F1Um5WG`PJzyI2t}VRhw1Cp%n5;dNIq(Gf$P95I)=2vDxKm{<*Qfp84VR zeDWn8K5xKi;rs3Wd=j#@wx&8|)9LZN^DD!2U;<_QQ@sLCdCG?L@!r)T2TDs@S66o? z_`PX!pi$q>lz*A$_J26OjFwGLTMcWYcbjjqPf%yLhEm}b0NAS1Jm*thnQ*`|(f=m- zT8ICVd@eu4%DP!U6Bcses=m~~W*l9BH~4|FbgzdYaj6V=>7AQN1{SsTt@ny=~eepF}CB5nI$nlA{r=I+!$ zyzPR$fYx}(522Y|H!U}2+@v=My}R}y54a}0diC>8Z6by6!uh} z0OR`b}_Posqek%R-W zJd=>&e=Dsz3puZ=xEQ4o2zm(T{?lKXU+4*>M!_&Y_J4`3b|TJ&K8}G4wfAzw0&;l1 zgj9YC2@24HU!uZML9HfIXm%DWm_lV(bu$F9&fy<%5M8tY*v@=CmVvd+1QfR`iti2Q zz)-kpG_zYv!T~+1jWaQYO8B?J$;ZINszz!5{inII4Q2s`6Z`0LgxByOwmJI0a;qVA za_)&oWy|UG>TWVyS!ij{8BVrar|+7E(sPp-A4NqGfEpN^yT#|)JMN16^1S`QXHV(- z)n_@Tx*dK`mg3@A6ciF$DuUo@E&PE`GR; zmc(^#!dH4}k~vZ5ybyl7Kkv_9-B!egrt96WVNVgK9R#`f$jb+COzVaW&t@>~sYP;h z7>4wj>z57bAHGFai0<&c9I#LQCRDX^^3O+~oksFZW8U-f9IVx%5E-tDosHG}uQ9E^ zN(&I?0?u%ZnGpS-VYi-5b;S8#Y%!RLC=6mW z7)gmt7!;m6nHD`wV+oISWNFaIFes+7We^@zwoyVeG+85M9b0AZ&Y*kl?L7CKd+xdC zInO=Ef4~2KpYQpd^ZmVFpD5#&XaQms(QLgtomR@MWGXCGjqo2;T7-pD+aE~jCNFgC z{|CEj6;IXiT4z_Dk-+O?L~%=S(@F5I0o@04y8jkl(JteWhNk`u1Pg`Imow^grgVHJ z_o&}dK|j`)Ar}t5uL$gs&TI(pJ_3)=8YSzr90&}G(Mgvj-xh+A^Zd;N=wnN&rVdh@>a+3kjIhwK$s?FW#Am8G9Zw7XAe<)sXTl!1MW%0E*7mXKOcUC-l zb(5PqeTrS9S2xEB+CTML?jaw0=_)vkv&@a4W$8G2l;p}Tlkd-~hK;(kBlzqSF`nZJ zseUQ1REJs%UiU{e95UHzTmbaB_4DaV({p%s0!7z0OP$2Mn~?Nx71GIjR)JPDNX?f3 zV%||=O3tN8diz*q^N+f~=qDZ;+?8eaK{_*eS^lJILnVTwBZSG4AJC`seWzAnLlP^J&uG5F7iBU8N2m#4QrK%ClK-}1F z-`X6#%+$bMlp#XlH)DA!l9rO@YBy_4l1vTEDC2G2tvXq2f)6 z6K$N-A`v6N8=)KpxrI$h#UDcNUPW_n2z!4UudAbI+ln?hVsBJs@VPGk8ije2AN+Lp z!TD=aA$WjglU`hq_Crl8nsDUtFI5S<>nt=0Np|Orh!ExlmoB)|^$ZFnVqbC^i?o;1 z25H*kq%acs zg<@fa`o)YS6Ej-yKHqJd9#E0PzM3K>)(yz@ODjM~5LPO+@N*P+~7faoxrxh*Z#d{i0o?zUXOuwTPiZ*}FwWHBP~QhqeLk*2L- z5>T3%v}qidhx&T9-YJzk4L6lw(6)=JN+r!mXlTi`<&tQj%L<7H8?9RbxDSMk>#F$+GtRB-CwAmh zU84v0?CPXop7frv&`@UZD>2gb$JW|+1rg~|6zlC(PlFm5y*|!23E)s8sNG!I$1d@^ z-}YLN<=BRbH96W?81pe)j+q#z2xFcTY+4Wt-O;5hDV@%goW@*ea^lA}v~E76R}-8O zy(ca)C+4Du&Uhoz9lIoV*n{<)$M!javP%`G>^CR*E)rvcw-zGJI+$gR^;8kRt*-WQ z))oroX9LDlUmcE5sT=L8hRs1UYnz{mp-9($%0@KnKW~1frA@j<(l%Rtj*~d@x!IUz z9=mrq7SsY3&-}UcBI7FrgEn3Q=7>8E=bPr4+Kzv^b~ngDOIg<>(3kpp*O#8sSCBPY zwQ8)|6ry>wif62}zI2j<&;$1h-Jcxy%y3gt&KL}GpOfr+-e`iwP;3qXiY*K}U@3;#OX2WbhlLFaC zxAljMI{31tNELCw6~4Ibo2wE+I~~O|`<=iI5h3|^Q5B|6;npIp1rUShA){`f7@=+` z{D5%ZFi0UPCk(04!Ua~uG%m0Lp;v(wK;oZ)m96~$6j<>R^S6KwDqZw+OUsi&7<*N~itJOt{wJ##2ktO#MnZ3pV)x>=Tv{Mt6?DwWX!JXZd6X)%i*M~BC#)QB{|~~-<=nck zs&W1Agw?yL4Pmt*tTu$zhOpWYR=j-;8^UTsSZxTa4Pmt*to{Z^H3R%sJeeraqBg4tgeP>a2_G8T#Wopg)B6KI4+|f#k zRz5#)fQk<1{jX=pfXXwC(4@-cV23sj4Fy9sF5|o3h>7}=U`yu)xk+;~%a!GP zoiyF_<-cr2cz-m4ZO$U$3zb|q`Fk|R0l_H^IIpq^tyj|T}Z*EmD9`k z?z5N;UYpr8u3Koa0EHvo&*1guyR{ZTQ z4-+x#`puZq@>G*)em}FI>!ZKEs*AZrF&+bM?K>+~sUfp8C#xzvM>d<=d_!CJ<4)yc z(oglxxvo%aKw17o!6ovv1zWPJy{8G9`C^RD#k$n|@qEws>$#k)Ik929+U&c)itpp* z3D>vVO}9F)_!GAy+IXSv13MZH?!@rBCI7^|fF(R^>1)QtUH}(+e(W~H;TAQ~r&6k4x0*{HCN_K4SAB!`$?2F8ApO#!eZD5vI$EAlSE_9qCX8FUk}tZ>fCbV4Qn92 z#X~xkF1I-`M9z7;>VlXX4AU=|NeNwqeXZ9U;fN$;yjwB{&i8 zGMysL_#YdiF5{*`!zJ6yGp+<6;;sGIB+AOkL()`|mR!kvF*kBf^ilK$*gr-`h#!KP z3o#4T;$(~oJ`+oBE)gIpM~n3+xCo)IgwcHA?NslY?`HLle9gO_c9Qhr@Z+VP3UY`2 z5K()pcDAV%yDNOaS2iyQx-o_^J{Zm*uzb!qA-IEto^b4rslE6)d68IQ9irFVlt7w< zu8oO)3GGGXg(Gke%JoZW9xYJZh}=d2y+Un~G46i_xcHDfArs(s%29bSph^IU3nqb$ zL?LaFm!{!Msa;Rzmi{1wBtvPAdZo6uEMMu;PN71-$^AOsWFl!_b6tPNB1wXadfb!d zH(1$>!oP}D>Q$eLwERX4b_|LV!cGyZ%!REe15{|1@TUW5#=~mfFkJKjs%yQ*0DW6* zO5t8CQfiuTPySWT+U7_C6re(+a9+ny3D#qnC#J@Ku8wy<|09L?&?WOe(%#niu^=K| zE#Ee>m2(NBG}mU5`_z7#(J-Rf)W;EL2vAioE`OO`_-bMofP1idWmcAmm2D849BkMw z7^V>t{0+hLB47|_5NjhWF=tb_pPcQ2&;j^jUDwQU;h7n<&e|Sw64xkn?g+1Y)a*Kg zt%(uR(sH~_oLwU+Lg~ODjAhwA0Z)DqAKKOxsF{wxn630kfGK8%O3cdM=qJBkS2pXA zJ(}mCC{zOE2!lMmcyA_Y`e4qdTO5(csC|nvLA#nTF`#|C6;e;WIFw|+-M(?rOPvS> z&D`*EkSEnLS|-)-&zIYiT`*BOhx-fd;f}b1dwuOlIrr%(Ez6nOBPqILAylHo8S0HO34(LyA+5Mc zm@t|km^hjt1k2PqJ8AtZOx=$`G|AuwcRp*st7%x|l@J&0KsZ3z8V2EED zDpq561vul(${<4Ilr;(nNT9j7c~B-|dhd5gz&O>LW#q_D)!r~VUV!)8nOIJ0VWNkG z@RECE&C%}oamLs)xuQtqJBc}xm% z>H-kBv(l)z!Cn9g68dCFxo;YP4Le%%@%AQHrb2DW>yx22x*O&qnNgKTgT<*z_tpB8 zt5}w!hZJW15qt|NKKO!w8RliZq^(En)+J)cqfQM=JqkTEmK%!FNS@vC;xvudB9+|f78xv7<-gBbYS z;}T=Rc5P4u_c_ftYm4!G+&@7vVB{BjxfDB#B%Bhp0ZX12P$jt^wvf4PLDcfa$lebt1VwZr$gWaKx?bn-F=H+-ss(AhBI*&*ZlnK{f4u2pvo2dsZFPmSw;13U`EN?zOHpFMI zU)}nbV@QA=<=FA=eT)vN52AWS!qlJRlSK2NmsxqdYjN$hR<^9Z#nCSj78t+~@jtDWujN0(SlROHy7XCT~Ez~~95ev-Wh6UsGSHLxDPJ}AoqAdsm zl7amVWR4>Ea~(LIwqCBV@1Mt!sY%~HJs$|+cu9;}dGZN}nnW z{cai~%S!Y0*FN2KbOa_L^@q#W>hXcM>^Kmpowph8=HD zpPg2PhGyzrZo$qFW^H*1xX4Qe)eWoXw}xEyT$b*;tCn<6P?`Hf2kcjjHKQn6S-GXZ zn4AD~NnqW5c?{L6kqHk}#LP#lh5^k_T5Cl2RA{0GI|5RjBE?7k8!}nUr8uIqut=~C z=j{*7x-Sa%r7+VYSUoY<3`~Ne5mQU@B#*jyn#eeOcv~KR@m^dlRMh>5rYfjPb>dX1 zXI?HXj{@Q-mjk6LZ%L=igGC{Z6&WKwKd2?tZIp*oUz>5@oV+q}Xk^Td4s{8(=fmK* zI(Kjh*4zxUKWVcEm`A-M1IL5Kes)&JF>Y*G5877c#)B}{1&?#$NGcF%^X;1Z8PTlP zIFwKQ)4I+)K}3^k-QcfjwJryH-hfp6$<*pNGLS5E$D=q8U)LeV)k z>kN*6Kr~A(K~_BM{!n>~mY@cuRNJ~b?yY)c|# z2~6ojpE^sHhgTM{sGBsG6MSZrzEX#j=r2eEC?}bkU6N$jrcYBJ&DG8BMvpQGfeF@O zTmK@`aCCU%u^ykrESpD_3S6&;X+HtWSkl+2OURa9ZHaBTlmi!~n}KO!AzAQyOqsq^ zw1h7aV|IgmDy^W`BJ_fG&_ybi9#A(QW1FG&3n!;2E=|q<6R*tI3+3sBhmcVem83>| zT;2d)OmJW5g8W}*f?8VQIdXUeQb^k?W)Ion!~{pYwI>hN9l-iy5r?HwM+;)RV@0EY z=V$G8Q;y`(*jeDjbVl>B{Ft0JRtRg!{@4|n?#K)24;1(Ru^ql7A{QGf(VVAkCofqL zTGoSU_)EB+K2NQIm%}K7IHYRh(UteB_2C(2 zv{>!ahD`q8f)n5kCN|C#<4<2kBT;!5Cg#+YfZQ)c#~V#QYofIwtmdBkTOdiv zT26+$o?;jWEu$^0dIQAS>>4YpfPiU2mib+r;(0Gdt`x>)zRnj1N@Ewn8EQ^Ymue1q ziLMEgb<7fxP_zg z+E^i>F}u4v3L?)|mS%oB%5DM~Eh}ez7%k%Pe{o$M#Tp&q@L*sK@fFhZ!G$`zPcW+}&hL8gE9uFC$eta$=pDjM<@d z@(pZ&S6jaaQ^0oVWf4n1iXkUboqI&LDrlp-=PSZC=T^$<@NEBDM{I0;VNYnyJNYDr?Zgkc5l8;m!bIkrVp%9qbYtB?!MMycjJ3*Bnpr~c87h-q^ z7WZN(Pk``JPikN)KPVJkghz=;;HPl=(|(SRTZn20e^3a_7(Y4+kwXY48s!Y1#Go`p zZev#edg~;w5WZ{9EF?9c0zFdd9MGHz`gTRK;0JD7Jp(bJn+1OF)F*1sGwzzi|T;SYzHUG0-ps82!NYuC91G2I#!1$)9=kz&q z40!&;S}kr%*!YunN(G3*G|AvQ*`>8TIcNfflALs1Ezn8DVhS#0!Z+eHF!c@P3uFO2 zE|?~br*&V!WOF$}r0(`5jZJ370uK+SRD>Ru`+m}>zf%1e8LrV9_iT~y+8Hn#^PuZr z*RStvF;$5&_??FnRRy(KnM4Qx$BwFi?NI%1GQMR;mC!8kdkE&50Q@K3CYsXg6aMH+ z8%A7~3K=Kt2IwavQfD>{p2nqMkb#JHJ|2d>byqcP75V9^oSg;aYmrG>yGn1njv+1q zx+&aXHUVq2>LPfFrELg@bF`!X@1V0@NDofy;*c5`!tNGV@Y?Tq;}Ibs$^n-*?#mML zwB}A;6i{yJpZ;;^wgV!KUK*TFZip2d9R1#&N)9YkcJ)rW>rj4dAWlkk>I7lgidm>0 zz*`_cp;LuA%j`QL1MTKJ7xh(w4WubDb${bf;0wNxcRiY<>3BwtZ!aD+>W;P zyNTYknXV>lIW7%{gCP&=1kIn2LY`2?K^)Rg7ScBc#wX^dQFu`AGf^Qq|8<>$LL9;k z4$>74KE1H-PpRQhjjmE5m_q)-zD!vGbn8)~KkznO3h^I!+e`X&Cc;VX_%MR)Dym zOJi!ApGa^9G0%?2wMbQjKb~#=1~8Yx@S}$<>#Hm(QK|)YZqXiW_nwCju;P;UaekaQSMPV;9$0IWD=7H>BLX_@@b4oN3Tcu)1g5G{x_H>4D+GE1oizL z(BIe4Ar>T&q@d1yakQOn!BMEpCtx8#0)=+XN*Sm)>%2mSMuUrHfUhLBRAyuFnSh=t z*SQfngSe2<76R$HLu!EpE7zOvg&fi{H{QvGz#f6|B#F=YGv3?+^-&h1n06v|9jlB; zCs)Bs8=yh4vFfOJSfeCynx+SLWa>mDsWsMS6*&I`A_^Ut1bK%ffxMRG>~WfMLYA_1 zdMgU23Uld;a@A#e9*JUI870iy!YTwI*nnKvqx#tYfRG`!3&0o*ArJ2wShv)y1WlJz z9097h{U`thN(Zk0z;CoG0+dcQ`2b>rj?1~X> z3%}4G05L1x#sqzc1nKfW(r95uAZCvZOtEuVHCv*vz~1mq)b-)R+(?T~bL_t>0LC0s zPs5ckTnQ}yAk&E8ga4t^-GJ14P!rOIS^PdSfL|y9@t}eva{dt-0oMn1h5a77!cec& znLP4Otr20)j~y|;qof}zitmjdg8^Qcx8F@OS-?c^0DSU}0bEFTpzvR6*0SK2ZX?;` z3HS}z(#h)}gNl*D|fT`ld1z?q_pROl0SDTbr zE->P@(0%|MFQK)^DIYp0hc(Vyz)s{#tVdE1ZLxGgNx(HW8zJwmRt^f|9Qi&yYl}is z_81s28;se*MNBM(BvuK);xM}{?#Ks_81Qa*SZ#9?9Z+@zsq1s)!uAO`sLKu@Dh01LKDX5QU!1roQnJBPP z<`5NZ2P-8hRp#q5kLckp97eF;Y%+1RnGa1m3geNAXhdRgJLr|NeqXR~q(lS$Y{U$d~EWI}eqm)5A4C2>^T_&BXEx`ZYQBZ@iCY z7q2s_Pyt+Pgq8z>G3!4C8a4#{WUNWF8b!EEeeI5wUtIXy=gKh?pV#T9p z{}!;&%L(&*8qPmA)q<9z8W4kAG(6(k@bw8CG5>Kd9PMaJcHA&0M<3c5!=x?(+$Li} zE9s}~_E`RC07O;>v41yPTlxrmCX{Xr8tDHxp@UXAb9^FHDPX zxnvTE5UFq>;Vp{m9SzK~^KkogNNsS(uFow5%vVHs7}S*muo0(D!kQ8b9!X;5T>6QH zV5?SKc+@!T*H%le4GJTA$O`eE`+I|e#gkQ292CT(QE=$pCKRy^gKz_ zFc8zv+`pzjUaC}R!7rpqJG}PmTP?piYW)envgleL2V91PiOjGm_3zmVv0*Qj5`69m zRsqd_?>V1F>l!vFQo~{`46hAL$dK!`a6gN~G*6c(&2RicN~PRc6IeceVA1uVTt)sp zS(kSIIHJMMln-(o`-itY8^)iYLYuStm`kA>(hR|5wn-g&jR#KmnuEFl`^U?65fo-* zB^Ki&I&GNs8%YK{1Jp0+n-?J61alL20saXgsK4DSIxyiEAh7)&esTR9D79%sF+ST* zR)l+K-kj%ZGMLOC&hvFq|C+Gh*Dyh3Fqfs3q4HrL)$_2k27kqSVulcmX-BzNM0K?1 z^;A`6EIY+RCt_|!ued!JoD}ef$t#@@lL<^9vOTyQ8W~BJN#Jc(i8i)9gQgj%y_4q_ zcwZ1J3I94x%2R+UFlz595}h0Sg_Mq{;gOB_$kNhxsD6oL@Ro%SjwJAwHX9s%#YMRm zcc^5WmMt_)jk&v-vYS4pN=*4OG5%yshvty<7%0( zteG>Kp-=j}$a_j9ApOs_4wzSuDD+RPVyV9}BIu3}PkTJs#Eu!xz(Wl4TU>Hw7h`Ff zslqgy>M%B%@SOLf^_XAU5?g{)CN9~xVp-*&-4_Q|Z_MAruHwW|f+qNL^qCuKf`Wih z)NWgUum@cvbE&?)gjQd7k{sM(aE}|S6pbdmW;QOO$dX<^mzc$3&SYFbj``Pw^S<^; z=U#$(II4lRlo)U^5h>PJN>Z2?A;O%L*m}TsASIj%k`b8qc(a=E8vEJjV{S>BLC?qpd!KFq2({i6pj3j zRmQr5Hu(*4^1x%g;k0b_E4W^nukk6Uykk@kc-CptBY#s%+LA6ji6x)Ga!1h9^Mw>| z)~L)#S`WHAS7U`J2wCNT2ns_+vXoQ0?V8q|YhiqxRRTlZq!3f8@|s3dxj16VyP*?6 z@i&vCny*W9h&hRSgO|}XJny(` z(Y&Th>E;F4iYU_~@YrhfdLI~)Yc^32Z@O243bti=0~87CE_J-lia z8Zbjl6^hMRW6-r$9ZvSTQTvT57f8%GLJM|l_W(&kqpuly(o2pEiJ|0 zR`U*;Jrk5vW(2QXgZY13mpF1wyLq=tsTyKuW#!HBS_(>g4gzUM)-5cxn0B0ID-|3B z#Eh!I`A;;|?guQ7I?1Tsw$H*QsupZtk7FbMHif2pSR2T>*s1n3@xHNiZ7QW!s(~&5 zgMW*y;r%$&CpT9YFwA|6x?*1chdYpAd*O@m=iol%+r^?dYGt-2;`{Bo0zanb&5)_}$;#!BtS7AfT>q$17%e*P? zY;5YFTZZ&Gt#|41@e##(HK$`=78A_XM2lh>EW%31oljw{!>DUI!=FZ;q#&O7gC zKiKwMblTeOqg7m(@%{vegA2#4te+lIkf`72J>dhR<{9?TLgY9F{6~O}{?1Fn|TJz;E#lQyR0IT7)l>M_f4jD1b z7EaU@hIq2kn5PQJ7I~X2wq_@af$@sg?AX*m7XPjfdZ?e&F%Kk`Ny%K*$jz-J*Cd!u zzl$+2UnG(!S80{ysHL&0Ob4Fal_l9RetB~6OF9f)iUJ$M*GM(aVvyQZg$h`E*twu_zYiv{Xg#fbbQ4ReF zE`ehRP3QlWd(cIS`iyMuHvH3i=HrMf9JsodK)A{y6E^^xmF31fz@>6ln!D#9&NX%Apu$ z1^Y0TW|9rVy5SuodK#an(>={{cG^}WRCLL&c*AN8nNz?Pz)r3zAlfk`{CEQ1HhDd{w_hvx zL~(k_itKorG1kv;<_EG8z~byGrZixTM1rwVr)J~)p9ACCK}K+$2HKb$;qcH2kS)~f zh$mt^$X1lxEw!-WhH?MDP!G;28)fl3*_MrvQQ8&F?%I&7qZ-dd#7CfCv7$$4pZse< zkCZx630E)@a&Y2CAX~HW9W6r0E0JW2e61-=s}|{|CYG71Aj#GeLQcv(aX7~n9N>!L z!Y2_0Ui@s@U+4~iV-=tT(*TxMpi)7PC29^ z2UKd=muGbgXfdRPZrioA?lYSe3mp$ka&kA+{VB?`n#L3nIw)Qbcha1H91k+i^hV|r zBT?STEtyBdZs~jPlsCXKU5&n8KVesoIn@g;avqy%wQ?I~gK83%6#c;3!MB1c_si8k z2@kdLWzUGspid(Y5ouGIN4r{0zj?7bWth*PeD^rXt9yg?z}mIsqgRg$V;1m8Op1ry zo!18Ay=r_MElvhGt0SA$3(W^RO53AW&M&ZfN0?+v)G5FHI8lgJ(V`*y-h_I&)^o4B z%NOM8+jlZLzluVxbRnoHBcCw}sD!fLn%r(hw1-z+Bb8Gw?dat3*Y`?~E{PR^&H@T6 zq`Ri$5mXr6nYjCbW-Oa?$7RKC0~yHe^NYAa_UmCtb!fW$o9lzU8Kkl0>psGCd$W_R z>igsFwc)z<>)x>USo7OmHYi3H=q=@|=7|1w$T*qU1QcOhNv3r0dvd3 zFe$vI^(WJz))pLP9Uagst`eDlV~FUPz{;-g8B*voM4>%c6+ER!0=B1YJ$f*g0d~=ALfB<0~j=$nu9fcTI@mQ&b18) zBTEA^eAtx{+C)}fd)cByU!qH6GQDW>fb5`}5}OwwopFy1NOUAib2NxD#v0t0CqG07 ziQOzLQ6ZDe@-3`TAt@1cEjv=3nGMctQ0JhLp&2A{cz7KG=z%fen0q|X*ux{Jne6&1TO%tPl!mfvRiF{53n3^GK^ zl0xuAGZL==(B@w!rS9)kg6jz7fZ1x_>=7s@?@_diJZJF);N&avMKB@$jv*r!WvPgH zNzV~>+MFRMdoqo4D1_sMH!m- zmF^xPsDZKN0eZ)PyHn)~B1SIrqGi*CRzDzlec$y!5c_ITi8{xbp=#MBR@*wfqD8yM z%AWV+0kmv4>kCxRNBu-_dLx`tEXhGKMvRb9dz{P^L0m~tm#E%9Ye=a=@BATar)&T73#315S6kl9eMlMz{lxHX`l?-KwFp4lnsL~!J>r5yMbGOrHi_9R3 zbU_RVcDb6CMqf}Ip%5v?JD4G56_}@OUo<0sgV@FHl+{}ysdI2w_iic|#F%yrBFF8x zm<_f&(lmN6sRx>qx46uYeVi{EBlXZ#d;zGweN+Mb{wK9I@#HzFCUxelcCtlklRo;H zz7KDT3l&L4*jiU%X}Eiqme)^m3PTlmNDISh`L9@+TYv+-%ya*3G;og{Z9f8hY*H;I9#RdS^bNvOh8G<^d&mUQgWrI{?R|tF!F&w! zlC`g`tf1i+iQxx;#9M>(wlG97yFjSoUW>9joBjkxmw!H={(FQVV8UIZa)Tu;BVCem zL_))ZU9z!$x98Fp;pLZEbb~jXU_-_P)wCveT_B<{Ui)}IY`MO}J+5;@;p|{~Jmn^3 z+v;rbkn1AQW-tP;@sV%I-R-XlkRkK!7T+PrAqcm`$zoT0V019=vjyS`g@?K-5V%J} zQ69SLFhz^_78GJL$o958Hx4he9{hvS){*aG|G+gDZvMJ z9rT1{S0miE9_7Qn_YnkIPj$sYoE7dlj*W5LQp|ko9spUizve1*-Kp8n3ArYS@PhQZ zhhy634u!d>yB09YjpiNyaeXAxg%n3W+WJhufFRn58Rx(B?jwZ5bIpl3M@AS_n#xKX zZYFNg96?}mu;og!HwzQ-2$>M(gk$ioA(xZ+ zgh)(wJ;DHDeE=@krJ>!!b}wRLz}ZN1#^SpJtnx&f+NUA$!PgA$CjVNxA3tlq6tb=G z)d-4j$=L!QUs6D5bzqq>JMiI)00sRc0`h#)@~$`UTRNn}tYXnzk~nldIfC!b-RMlNA>fCP-RTfxw}CXP2={)1gO>d{dilR^I3gk(lyddT_>>k|3g@+gP=)@3CnyO|7nmI&RakH!Z{=IEkbi zjwKU6P!-`6t$ol?$u-SgHsA!Ob6|gKFiz&!>K@lO7a>%wb71#G5YmCFZmB1`LOYiR z&V6uKPVAw}E}1{o8u%-*6I)gk);h52;GNJ>C!0RS2NuPV z)^$+GbM^xG19AK=q8FK~kVSI6rAy{qGB5qUT5-3saw&DUf%lM9mJK}4)+|avx&+OH948s z?6ab>|4ylpDG5(0G}4 z(k!3>f6KhqqN+j$lKT(}zJ)Fn(YOW&2mTk#HCC=UwWnM-l9sMw}ATt|k_p|L! zAJ$p7caJ*}O5{=FT5Wfl?CrQVu?nqcn#+q|(wuTO81n2n@B(Lx{Hw<{=Zp8dMOPTQ zOb=h0KqLg>RKhW8W#+sZ9(Cqcm{%d@mb$`hD&8LWEadl`HtgkV4Yub*vqfF|{2vyI zsZm%6HR&pXQ2oLh+em*ed% z-ERU_N)i=W-?Iv_>45Vp?;J*46h1+pxasgmeUM9_(G1+tnMrM8DvYoh9+Z#+_;v!@ zF6K*u+fmq1bdtv!*B&WBxxlvfwdtB%6}qtXC$!L! zjzqsh_@TQjXzuhd@Eh#P9UF>xUvs?g8mpvSF3gbKH*?Sk7GFmW7)?2=v<}9t_n@V; ztFq$5kE(;pNm4Y>sKrS)i_>7#kRzH(UuB_%bY3#d&F9&17}fm@XG)d@no+=ong^Rb z;rC}q>9Kb&aBcYyvI%Kc(3t#$fWVJQP1j$$c*XoesV;<1@(Ks8I@0k7#dPcGA6?pr zHMDe*#1BsPT)|--3~|!WQ)4rE&ozcWK92+t=-7lkbv8|s#huoevz`2V0*ipUNWKxk z7G3&_o~spU{XR&u__D8AE0OYs!aw?hGqN%XfXCb3eaw84jrGeo z;jNM)%Qa`y(Z1sn?Fo!_@(XMQfAi6g&^b=z8P0M1bbUq8cX7ZT9)XN7%?sS6Xczkz zEOU&-oEi2FdNO=vw^)1oIPTpZ;EH>?U0*IE z75v!bJg(LOccC!+~&kt{KaMJzvlsLlBF~f^imc6ovydY?uQx3)4k zs-?Z|tJh(c0FOsB#V!5brPs3cGXn@~W+Yl7n7E5N4LkM|cjfGT7$p2i%|;UmJq=6E z{xf{V&~ei{%Od?O{IlfP`yd3b=Rr_RdIh+EWQxY{XM*CmI1$6c-_;4eIN|E&@k*bo zvju#1SejCx;{#Kg;=6&KtK$PvnxbnaRhp9XXN3_4{n3GvnQ`(b=O<9ZkjSwAngOZb zngI?`j(jn+Nko+QA44j2@E>c!gBrbn(te9dq4t58fxIx)zI@foZr!o|`-gP6tAdE#bgciD z!Fx){{L}~1>qx1D^k5!tUbHcfIHmnUa8YaHYp)=TYY?NlfSnF-_K(y|N2Dd zdzG=G5)Om7dd2#}jW_fGHY5|qbB+=BN)Drhl@@CZ8>C#a7A>Q41+<(m6w2$t6aF`y zlwn&w!Cy~UJlwyYlEWmn&d}NK%a$;V0zmhQ#F6CK^(RqCksYXfqe#NBfr+$(Ps=Ywg` zOz}CQ;V?=As^eqOsB(>Fi@xhbP=^N6u_4`1*=>$7i6u2NecPev1}B{MUS=W#yH~&n z_V)8Z9F?f&N&L!%X&98KKX83)%0a^&;BU&p9RwkZamVLfkwC!?E{kY^Z*k!;J5U|B zAF2lGaTtEQuQds(!?cfrYTG^Uh9OFzpy8r`xa!uF1yJKO9)BPg?AN2=()`n);LxyrQ?EZ?mxF7?sE z>;JJ@mKV!zpB82xbXu1dHkX#BAAb5HJq^1^#N1@i+$5TcTZNHXgOON=k==li-GtG( z`^o8#vhDrl1%IcnH}LilHxlHarB~%VwBM7y53d9`w2TbxoY1{h9~k!u3Ci-$5heK| zgjX9U%$OxadF%@Sg~vKh6mckCjPEL9gB5@*S*wwd3oYlkPmB*Igk?I~$Hfrr`eUs6 zm3DpkmafZ&`8b)%D$hoDZK(_!d2LTJZb00j)j4juF2XB0X{3$RId!@(f{R8+3f&lv zm6n0cBW`pl0&DsYQhO$_ghgyH_Z*!mY?YB4mN?T9mb zkIw>X=ZkQ)4~TWDoeJDTbdBhp=kHy4>?xzmI77?8E>y?G?%T5WzAfhWSk8wCW2{3b zwxqK(bMAH56CoTAR6L4Y zxy+AXx$t&Urt>sJ%(;%PsxKnVx7!C34FFGqGbzfGT6cFtJeeLsoXneT-w?N?IaKIv zyJ|ZB{IrXxQ^M_B;->;5U0kA@JLY7BWyZh_$du-TeuTr67VYg%qR5n%KlWf0pPkx` zu=Ha1JU?mV81y^D;1&RP2oO8-0NU&D-3qo$R=3};vx8n>fq%Wj{~zf`4`Hs%bJlr(NL$d74q z6PoHQrFYBA`JW(5surKUvJw7##d_>av+anuO@QL$iSPHoKZ*hpWpMdH4C=J9xm^}~ z23~>Znx7T#MWMo-Qz*v%rvgU#%>YOFQiimUMSgJ$e34rSt4%j8;DnV$q6V5k$YbD< z8{bFN9mCvChO>Mj*4r^^&$&&e{zakLQ$i;LipF5XY5!q5%)f03`~&?~K7hUar#TYe z5&||h_1SHnrupb#1^-)WSG%;wbc#|g z<{n@)8U?2jF}QJT`|}?;{UtETl4RT~HX!;Q2}OkKAqjbgQaA6+P^}6EwBM-}yt#eg zA=rnkXekEIuhnX;R#vwz6AMuHCfXBo_a~-gEeh6H^!SQE37G{)4owCIk8sl)`P0s= zMa5d*M_!73eW+X$95Qx>T$k-+o>AW0pUQgC>vE1*@23Q_fdc;5d@Uavaj3_=_m?$> zm?B?ZcO}$hQ-yBYRyowYv!?LA^@Jx?mLWY)s5DC8JV*GDJ}(mk{j>E!!+gdojX5#Y zs)}CsQJ=B{n!>L)+tFinUovF>mt>0+LYIq-Vw}13+}~I0kH~$QZ`00#&zJM#@iZVD zJ~2tFc}bBZ%u0Fz-+tWz>9T8hs*tGZ^?DL=k06h zUUepCgUk2z;E6kqjyS?22M`V3lxPSB76;JWP zf4x929EGmI6fSIH!p}wUg1BgNzgz0xenX)2P)blDwS6p$c<9#UOq? zWRZ?_Wm{EtQdBOG%yk|?QDsM;)P&Y5Djdlt2x{X-EA_bkkk6QA7s(<*myI;BZI(=` zno>f8vnNwi$%Y(Jcr>25@XxAwlWKifHo^-|o^`H%W_Ke8Xp6B!>f7Ta&|4{qgfCZU zYM7CzK($|TugN2O)lkb;ZH{=j|^6BmqTOM)sH`&v3v z1u6BN20c6N#WQs(u|P)r&vrAq7s#ddDu1#uf4M{CusBr@fKz05;`tp@*+B75h3Eg( z%3a1a`TczWr%MJ%O9?0)(nv{;n6yJ_kj^P{h@^lpx(@K=PykJ$-~N8^>`D-ua2)h}EKi*(Hoe9-+?$+R~<^f+)ON|4rh zZ!^F1D-YSj2gnNrnFQh-YO#5?__2gpPC$T#1mn3Hvp;9iS=yaCZA$hg&S5pC^DSqQ zA6gaAZpPNqZi7C{E!E&9&3fxYBctoM@7{!VP58B#Vn99NJ#Sw_C#LWz@3iV`vrMiT z&ja>erwY3uh2M{xq2r3s?@X(iOd)UDtII6qUVhR>+@-RbMewcks144Oh35%O7ys}| z8BUP`S4U*los$GB_#S9!a03+^$eugL^Thbw)-}5o@lha{c-Z{R&Fw^#gk^s6-7ebx z7OU#;Mz1(RRcRQIb)H*F|17K5GOqTKZBHYkzi+R3*!X}=b?1zLNL5ed?~Tmmd*36? zJ10paO)o>n_Ne$1v^abfB&q@l#bjk&{^Z1cZbMd4nn;20zp@Qu+%QSv!sVI4$0$*5 zR*l%TVO`mghPeDmSYpEgO`}h+zovVHMwqV;#NkkyK<-J z?%~2+ob_woS0N?AII%f1_paRvHmZ=i>Q|bwSws7GEB-IA&F0*L@ptE;QQRQ~S$DSR z)+yCgpG2X-fw1Jx4|bc3$q~TO1GRSxb~?abalDZ2ia?7m>le@_&f`IR6yJT}5$10f zv_SQ(V~z|#i{1C$$0W3{23)%JWVf+(^CDGLi{t^?W9*(QXI3e`8I^hx5v@sdlT#$S z?RL#pTC$lB;Oh%(=z7Rx0~|Iis%>Agd_)az9YL*M5IE8bPp_zZG*$WTYA=>01vxY> z;H9tQWIrA*ZpYVtpyjPp)B%%?qzxf894EJF#(^V9J)uQ;0xF*EL+iKw0y#!sZX64o zz+OngT~<(t(!3OTU;WX|b9crwA(lWX$3wHbIG12C>Qrd#U)Xjt<`*UukA-b<>c4Aq zvebWDW_+V{p)k{|HZwG`6KWh3t2d%s|DyKsiH!X33Y2w8B0sOOON}DyNm|;H#l%7FQe2>gJbnChYd*dD^dpFqIp|nvn zoe0qmgXEa{-UXI-y4Gk|#4Ir_nZ^Ii5OHT30p0KOhTwv=|9Z9w?wEg}n=D4(5qC)c z>;Cai;9EQ>a@;VM4okrq?9DNtfHt43<0oAOaJ*dt^1^JfM z$WRS^BDHgO_-9WIL5w`TIHtNWxXM%DYJU%AkL?IJoZrRH$JF*A^8PgMt%km|z8(B< z*tI(qb(|tIAWcF$J>vBO2PAjQ%7@odtZo~;o{aOR5amVwHMt>SmDx~kQG-s_$H8~A z`y;y(S--;4kgm(lP<@zqX>+<@Dv=A9853OToAl%yynxwBOtOkxAs|=GF(^2Ppn**t0{#nDkBy*GPyMM zY7&)knRqrbPX$(xM78Hh>rSWdR$G%s4z!08_3}F2gj(W*^+6oD5?S9UK&KE!X$oOy z;5U>V_}UF7%7VRX*+ICP%CcOAMmJDj;%D1~d>5CTGx^ar%)N;w&eq|FPc?)H=Qbaf zL9Cv=>s6N(d>W0x`%`6c0<$cO=J_THh6cPu==DAz8yW76X(&D-gt#E=j*J+IV(;HuS=QwT8mFWuZc&3t)Y>m~= z?ILb7rmW&5+v~GE$HuFZ!cNTjHz5n}vaPe`mo%mC!z;cLGOgWv>OLOhl&%L@BKYy{d--YhE90A#7Hn?Fuh^o(q+ivPYnI%mSrl$P z)Z?yIKPn>hPPq{Hfsq>3SRq*(;v!;d{ zDpo0zQy@ETDeX*QL|Pb`&Ka#la-|Koz=Le4fGR29j_a(8Uc|!Q-Lu-gqIc>~u6KtW zX7E2yIE) zOKHdi)?YXYBm`~A@EH?Y(Is=ffyj`WH((^tJY1J@yjD`7CuGx(BNnhIqsB(@b)ADd zx+F|rWE5lA;rl$i3_o(T4G#~qdS zia}21LuWS&a$wwVN#;c>Fz*&?nEt9_rs~fvWU`_1WWAEkFDOzrxR@NQI-V?gMTe4c z^T8(M@dM# z22s1lH8G&dS6^yWa_)&SUzsM!i#SrRxcIbu#cSNQYL%8?P9hXL%6fz+FIvhjkxdB? z$c^2)ex-ToS&)@1bG97YQq14=ZByefTx-z!W7#f;e$R~V__XxNZnFMpeXk6T`7j9H zzA3Vx_(4fh#^MzG;tB4@1$p0nLL8(o@2(8{L6DG;wYPpmXin3 z5}i(5Sotw)XMjL^P-qqs2Sy9ucoZZ7BhSGp=vHCVg!KD!49nsc=HdTXF{U4SR1g>f z|8Rv1l1%_~BIieP@&5j% z;9EZxQ_xSkZMFzj6*jWy_0F_xRpTIzhwk&K>dcXx zd@~@#o8MSsT;o~>D|6Cu!DQ`36hMWaKTc%qatb7L$KqsDtkhg7Etcaz4FG2=ra~_N zVPsH9PMeY=bzol|r;JV}`)ZB$%aIV?nNEHj@mW*}qzbv(yTq8u920rdp>7)G@lRs?dt7gr@LLXJxm|BV zZY zHf_g#3{}Hk^fDxh>-%*nCT2ym6rd7T&t>Jf^=uCgIkdG?jOqv~OU`Z)OE7pK0q-A7 z13UR!$xWuUU(H(WxM{)6nv2&IgJ88rRd~<{1J4zq^nx4wOTi z%GFGr8{zf_T<+?0)K4-k3Au<(&BP*~x;^}dlk&Ub&!1HVAt_d(wM?}ucf)#DH&lln z=3&v=rC!UCa>i;lHpw5D?iv{pyB@u{`CR=p15u?k+lMawFpHiS?`*Hr{b0J7K4$Xo z5U}j2vK*7MWCw5p90E|~=AFY)K1V^`f=nZk@IHwU45HYazyv7WOU}rFa;$ammntUk z@mm_ie<2dzB>U%4cEG~~Pkc5u zyAJGEsgTc{CIy-io+Ba89oSgvWN$yP^TbXn!c8q__Db0(h@i@5p9!gooKWk)LcB;q z6Sl8KoN#~Rn>e**nfBM{+9At?xVgIPZ@GQ-EC$#$a3Yv*6k->f`Nw5q-Oy@{XuSVS zLK)%7ON9Li2Xp^&FwZ^EyZdRx%#=S&+=kPN5f|gvK2p-0Qft5?{FI~92BhJ{G^Zj7 zm?1WqgeQPiZnL&cvy;*ZGp}j6*NaC*AiVq}PE^8=NI7o?qD@&_3$&_n_u|v`7X(DV zfxT*kUQM`ltkr{V{LEA|peZLESR;pdm1eK{D$&bbGyQjw>CxSr)ceQ_6Fy1bw{x0= zAwFWN=KIe++F5$uPpP5oGNTjpAjmH7cdUy0u1BF0>)3w0^?Pfy?8t`}Ecnr}TTU|1 zg?R+zBKH0Dm~r4=xQ2NMytHhWL&2C?%5T`no?pqZyw&wm&|qHO{U_BF>O>?CpNEDi zxz<#>zb<{R;axo^%IfO## zOoa{mM=AXJR!o4!U$~}|A#rKhqArJGFSY=9C4kLhe!_A18DcC}_aBwP))>`IUs90SQm@9r~>ek%C&tPp) z#0Blx_`PH5^8BvDA$`731F^*~sDf`RU8FjsLJE2jKAH1h4-m(sq8B6auShvAw4GFe zUfC&I1JLq!Lv4D@WXF`TE^&Ocnm0ouBtsrf-nNi9@AFamyg%bv%)-itv(tUg2rbaI zgd}lH1`!oWfj%!f(xpt?fj)7+2)098tuqu7sS3C_>COj?4ul|XTmB@af0?)H*q<<|wLbW*vDC=OBwemUwh*BEDJm-3eUANNe{or%B6RWYTLlvQ>w6W2` zayxSlJq2i3TNJBXRdDWLP*`_)Qn(RPo;cwl#q5^#dcQD8(9~c*c8Zmq=G``u=>r<9uf8qvjWf8m;Lro^RXi@6+%yVwdyLrz3N z?S!ITK+4DV>V?)|8q^rDAOi$4hq52=6bh~AVORR<4;n}I=!u0ec`{5n=o7X^2p!t(sE6G`K(1CtH`4)Pj|UY@mCz~&6CaXa+?cvBtZWYEj~-% zO`G#24n*E<6HGrhxc8(;bE-PT`jb)EKe%h$^gSax+Y|4?RL z1x@N`DW-|`PtAFm{D_&S@aIW!RU)RmpW?bZ^lSs*UeABT((ti9wXyNG|CT;uksHDVG^1)4M%@qRxNRl$9vNV|L1 zPQRML{~%3L(m#f8#Pji#KGOT7K-d&uRQp~LxKC?Biid~S#Y6e~sX$Ctw6n<>_ECniGF>)cznB7`2ld95!5 z@f_s{8tY39LM8M^vlVY?(mU(h=TE5kJ6@n9auWT~y$jm><@Y z0O(&8d-S4BH>tC7pj86wjlpUnU&Fk!rw}%Ics51;AdB{!tXpwA@tQT}1E1fD(@|?8 zFE3TV+LbFApSJm+Y$%S~8LTL_I^T8CrOIXNczPU(*%9D6sm$l?Ro7J7*RI|?Z-3WJ z_jI>)z0GiQzzt3H1hnri_9 zYqA_g`KD!*+G8F(`CVZ8ffqyy2R! z0+74INKqzoVz6MV%JOl^ISpt;6eJCj4{#P9p?}@Wboh&myMv8A)$;YTPxttK*6)Ks zTi zi!>O2AN))h=YCh4YJ7b^rRQVboG#q0D){Xlb%Br(p)y|1^>zxNzyiZs`2I=ACb$)W zk9i~6LzR+zZp-UJ*@5}l-oX#Jvbz+7L*(pyp+{Q7;ZqF_yF_Om$mQ*71W{o|>W zPq&kPS$_UAPG`9Ol&%#w79L)9;M1-{WJ#2ev$%e1{SWPzu zwpRF*Xl!|MKN@J$ydUp{*is0^sHCh$J;9prRd6U()~vhI-xO*C--jNXjC^7ZMzy-g zp5kpO5%N7r-WXTDu@vQxF^r9Z;|Z?dO<=zj5=fOa5}Nvb$#U`H_G2PUQ-JscLsO+sE>aQvWD)jflb6YS^tXh!gqm96xA1MH z&*wyJmnG!!kR1dRQ*TGOXtO{$dHfEi62aHr2;WK?3`!s4;bLLF$-`YBx-~Zy}|DM?LGYp>iUFy6Eq6XFpGQqeWAB+_|x%HbZ*q3Gcoz5e7 z>y;_`?IOd{PO5^~&W+NxzzHEq{j)!}-7fRmYkI3iywk)`AyFBrCp|GG39=rnO7IC` zD6;7qQ?6?^M7J!ArHtR-KU=r4#-_s0S zBnCr*zr5CF!p=fVsq5;p-FVa=;*syVgmHGVd%pXaq1@TLa@`ghx#P+f)*-A2c*@dL z`#qH*i`bgvtX0?$%tl=XF1}s`I+(B)Y`69hukZ;ae9&i`Vy3jZ>mr}77@#xNK%?9> zn$3)a*hrM18TZqG^#vD3q#s&y8aO>Qwv~pmWk1U-+KajZUnlt&vX9ZP&GIFFFc%{{ z@i?a(Osz)V`^5<(NFmiO591c%_Uix$%QIy z;v#e@=0>>eP{<-U^*65M`Y)nLzgHB!*SChEr?Q4Mn)tbWxJ)$D5@oaW!F`W#J4KiL$ zASvui5k80HCpnB)NZhGII5%nw|tWeWMXH?)s>+UEQu0^zLdnepJsb&%&7$hmP;;KTM z+ru90kBbCIHY|Np9SnPznJ!w*Lt|k(@tx=IeP`f~=O#G)jl<>3Oa@bE_|EdRl|=ZH z>+h(*7!|%jV*&I-L7S)f7hvNHq?uGdO;2GJS5CPxLre!46ExN9ZZnilL+8knJ% zb8)jW^=GyzLDt2wVv2;`q-1&Bh-enobSW%aD?}R%_aQh51W~v&jMcW1_VpCRBj2$N zohZjGsg>pV`Po!%oSD5xtu^0BmS-%7XQ(Abr#3+dKb)+#gCj|dmQEUcgS6>dSN1O%u-V}O|=rNuNmG7wF+DxZu#c`B|n{k1w`DQg`m!Fr9=95`7Qs$CuUy%mzh z=MIJZMu5GFq4{- z^$q+vv0AoGo`cwwU(2<GEB5hbq?cdCFADBT7!8mlR5(K7&2y2Z)P7-468lp=9YQ(RG+ zue`;ro>SmNR8dYjU42&BZ?hG=(K==m$37t@e^J_@^dr!~yYe&dWALeOnWE@Hu+)f1 zV~QJ=WL&~H-63X#yp{j0foQt0a=)2*Wq&nT?2BhXhWBN{MfOj~+fUt0qiLYl_G&}p z0pxT4sC8O3GDegAd{B>Zr||ClnwMv4t?7S%v1&=RgjuZUFKd2gGABmU>AOiC7AY}- ziU~Md76V^iUilc;yWn#jbh_k|qV$xUsfql0yRN{aR`$C9pZ{=B{5Yn3?0F|fuKspa z_4RSLZl}B9?WXzle(0uW^l@G4FW3F~91EG-4D7yrj;;aHxm(g+^??b9b{naFp;?@eE43nx!iatm4jR@V574VeQJ5g^4S(Zh9)GE-5QB#?^ki zIbd;yhE+je)<)qSDz|p--HUh+7j_Wa{0yrt4Q|f{*&V6`k5eOP=Cxo&l&cqZk8=wz zp&j)9m70SrN(6W4wDE=lIbh`vtiYNWqlZUm5S2n|ZnL>$OKvC~Y_X}M$47Nqeuak* z0OTv{f5IaWU&U!>iFl6=k1%xL84{f)C5)9UlkX!9A9f9@#z&XqW1^X0ylN1b(l|cS zd@t%tkN4GJ!T23)xw*uje86AEO^fAG3=uDzphg7ed&iRYi`peue;moV1v0}F;1sN^?-mSSc3M_)`CRC~*n z@8T60^)qRkXbSf6wH07_3ZE5)`o}_B=QmEq*<}_c=fgGB zuWHA(xzMww(&|Wjf!gEb&Z&Ytzh-Dx$}sX6ZxY+6uT|xWAWhxVhPusR0()zwo;BcQGg*V2E6WrAhlVTZ9G5$;D$zmji>yieFjHJ0@ zaVC$mowF>2oNi6+h_zCqXB2?%S)4~ZmrK8k3|}9obl-%%D@v6T<7kL#F`n91np;&W zs9=LRE9XP2D_^r12x3!762v4*EsYw8b(xL&fb*2*g>GaNmbv|Zr#JWOrQ z{g#?S?S~j8_4Bu$Py??+#kpH@_M*FvGPbCx=k3o^3)x(l=BD_qxu@T948}`(K%|u< zJot-yow*`WgP{~>VGY~Ag;qkjI2Pwq3%c}-osxL_6Hfb`JyAb9yR(K`9?Vsi<^R+s z<@Cc2^@V}Ro5cM1{_h`W=nKR0Ryd0v^J)GdR_M1@Gi5^=cVSjK+mlMh6_PRV zeeOI(8BIgVrhdX&MdXcL;a&?~ZlEOd8-QwhW=)1|nkAv;rgU`|2sk zPNvV!03!GvAIjF2F)dc1t@Mtv>?+wmZRR7>8MycruiY))K+!ff>MH4-@Z@t!e9VF3P0 zs`lX60r8EIhH_sRdaiMZp>B^XKDRGL*EN2AQ% zveEHO>;ivNk;98zue0w24b^7{CbIt|a6o(xK8yu}gX!%k}3be-NJkkC1?%?1AV5iCPswU!oLZ)Bfc+O#^Hh`=s z8&oON;sCw4}$`7+WxNnB0U~)H(;18Fb6>g!Ptv zDVrKpoQqs?XNwu@6z$rlW6frUitn@(%@gvRq0Js2%`tGUWIt&}vkNfK#_&X*HS`~k zeF~baO1bJ-;YK5jPdm0k;l~X|EQv^I#fd26oX}m3`^2!c}ZO=d#+c4ry8qDfI zbn~?L-X@!E`Qm)^%7&tHyokU=6P;-!H2^iSoHL;Bd-5YCEQ-516I z`}pVT!ZS6^AX{^f?(qqJ-ulPB?lQ%PG=~@{t}Ww108#c2S?7+248`neX4aVHxIofp zC(#gzSjsYnQAX*^w1aSoSTplKd5hS8^2GSw7ZS1Rzwx5B@db0fXhkLL)9dgpr+$UL zaLZO5&lyB5_NFLq&fdpE)|e{Wh68Vk=M!E~IBr^%9pz;NS;7N2%Z`d@~&Mp%PcRa8Dfm-v5be0$s; zt>e&sKiDiJoE7kIOR}8zYJMP@o&wLy&$40O$apV#m0GJ@rMrkx*0%;$c;n}yK~f3P z4#Myb33v|OsHy@Nfk(@Dpfsn@8kAO5{Bfunimb@9P`{XC*}3cRV6-b`$GJlkig3!R zvLk&QAvkL(AKXkBF~N(j=iL8z%QM`wGEMkX%MuZVBL=+5#TbmsJ6%NCK9U;l!d`ld z0NIa55)@ePN%(>$GHs*|)mTIjRGw;!hz_ePEF6p{IBg`4=2xA9VA#k&ognWoVc18+ zNNlc)O>ExehkSOdOGG7m)}RCnUV<1?!cRvFmOWxM)geOQTx47)AL5E3qgoK-MRI=@ z&u@BkF{0i@aA=GD4TX&7vlfz{mqNNR$9WJ3|5Ld$gmqI6iTZo$&YGsVs2_B6_17zp z{^sWp>#0rf(q8eZB>!Qh;>GqHyxMZ2eVZZap)j^p{FG$X>aOFf9itDTQcr)b{u{yE z4Cy?CoAy}cy5}qf8y+9Z@Tn#oXfV(sMM=I{PP%j&>v>jxK=Y+hw&y_?U9VG6=kmX< zpYr@P0Z_2!UMQ?n$|e!4Fz{JWY#1^9P{e^ z8K?3dztH(HLP#o1CuUxaM24XH>aI3g34dH$!Y+^ORgX0&?a0O4gMQ~elF=fTD9`IK z|8CP30K0BmmR)Ey(Kmp@^IsyB$#S$aC=2g&!vI0=$dc;;uWP4pB0fy0{5pL!^MjlI zFUQfyC;4&VaR?}Z1MKPSvbfQnLHWTTz z6IP`z#wB5~(i9L}qC4S|3*kSt6@hn@`nQRLwhO`1i3o3ap)4e4yegBGNkBV?gFD2; zrDt=&k{AnA>8X%FED$Xij+5j?v6&Radfzwr-W;-vchSfd? zZvfZmctAT3FzoVtX5+_70@s%ovShG2r9`{n-?Txmv(0@7BEUvOfhMK)$h}A8%a#vW z+R{`FTDcEWRNeR5yCnz}hRkJ_vC84|%?uJ@oZNh;6wT0YOazG!jeT#ouBTYK=YSxY z1K}4aA=ATe|1{oMWhgYp=Nm4b z2~*8oC^wteab#;`)^I2tyO{)ZernM@e!QwMPl7fX`Li!}tXB9MgP@qO1OK>V!Up_4t?IT@-X#KQtO@ z2Nvtzs=({-ap;SQs#YL9$OUzcm-)Sm(GoWI6a-wk|0SgGP0um!=e{*Fzw3R4Y9g-{ z2B3`7XHg(tVgb9nwj~=lVF~zy9nvfuHqE9;O$ayq!&Lkk@aGbvqpaHBC%vMMsz+gS zE01|pe345;GeW_s*B77+ujd9=p{Jj>_K@Ysz+Lmfvs`?81wyp}5W_$AnxbjYY7QO# z;dw(%`QZW<4i$_81#!KR!Xco)m;rN7Arrmv?X7$08zpR8^1q&ik*X=LR4u_SKQnZM z$2D*Cp}EgVqz0|_4WXpLh>QEbgj@z|e$|LP?DQgS3Xd~mnmZdesg%*<4Uw#5j7lSL zN$Dd2BqNGr3w)#eyg>h_ZfK=dN#6y%TQf;Jt&Y-tZc5)zu_6L7OVxJQ;;M?()3t|* z;Y%34UJuq#TVs_rZ55)bM$LixvP8B*=!h1Xn!rSmDq2ht4mN6sgs|7#51(a){;`@g z^%!->tbskpN3${2eDF9d9?P4uzC!R^Hj9NFg&;9FJl2=GT-=O^Ylp$S0@7iWk*G41 z%LmJ0XPsZ}Ek;OaFIXR`Pgp*^)VjZ_b!WJB3E+s}Onv77+I{0uo{!}B>MU7ka4{B; z6&wf4rKwdGYqF1+k*-|Ea9(MlL3;_y2fL$^csT{OLiq4^SEGF0Y@ z0!flQcr4{bvRMCqg3eI>(|s0Sh7Aj3d-c!5ANMVu)78?T7E3ordi5I6b+PA>nDIlA|5d5RXbP@F9mv%H)^ zxiY2a4{ngax8L{hMX_a2e%O^n=iod%BmTJmJSqgE_MRNb4f@4n^J0RB!`MZ>t_NlPi(Dz;6TS(Z?sK^NDD<=?RZr!9+Wi|q`!t)~$VcPQ*1hA5(ay72Dg*rB7Ao~U zNFJ5AX>I)DT$~J?Y2VA$uhm?o^GAv@^^ECIH%q}qwyd8E#z*w|b>CvZ%xU|I&INSZ*KonnnwF~(1a08LMm(=Y``KJ(`FbSj{$mf)ssI-)5QW5n1-A!) zs=|AU9{v7tRD-=8Khzj5lFy%@J*tsTpZhnc=!G>yvY2nuhF=pvFudlXZ@|re?C&Bf zPRmIyBt~^!u^2Rx4R{4=TrxJ#L%9p(CGY+_q@b^Rly+bv%tPY(KZNj%{p-VYVpt#T zC(9x|bZ;)RHJL0H59bAX=zmRrW|-KZve-*9D$oURj~e;7*}p;(y|BZGMs;F5Dq=d? z^Lwf)GnbqbVUn>oW0&0@3{MIL{-Qi7h2S_c$Ajykv9VOSB*A8tSfj@cSh}J5J7r#> z&jqQnNXY5Wd`0L&pAgcfp?dC5rkN%zeb?4HYT#Da#f_(r}YTg4LNK+I) zVI^&nJN-tes7mz?w$|RjMyGn_=*9oRoUG=LoCGKh<~J~f+Of8x#|(fhdX{Sjd3iH; zEK{G%d9lx=YGB5nZXGzM5mgkBT*X#@WlYqa7@7WfvWXivlu3Xb;lHrR&MD5;G+l*l zKG|VnJPtAEPwzRmxFx;_r9xV|Z_T#CMZYfrqS08ehg-#srwl_hlh>RVZiwDDU8R$ze@oY zcp;DI&3iRf?ZW2X%I_LwUaJemUP~91#BV`7FTjL$ni4egPE( zX9(Z$_by>&K8ePlZ+oc6B13zMsIC5jO4uGyy(=ohztJTs0>T4U!LoF2-)4jg{uQjj z2GrRzm(7;Ts!>pAm5M;qOK?%gxE9E~-IjOOwz`BBV^9)XA)WOmzl--b3Zi+vay?ls zn4Wx<6|x{SwIebZTq)^7cFD$bDo>7u$ssmr3=Q)f9NCgvY8BP|;8C}Ru79~r25BW9 z+a#>bVUh79ma?UNDL0WLc}>ixeleh;PIpL9LGD~UflIAgQYZ{Bo@by&fs zibcn4a2Oj)j;8vZ-}w&!3dJXFA%xr2dI7~D(HC`HX{3ikTGK4Y5xgv=1(dLp<^Q(E z;6%B0wPR9mM+r)_PfD&|yc#xn(fe~rbt0C!#80d1F{d*)n+B>!oW{w9l%^&Up9^`% z^)3mjietiO?t#3^=6Oy$v(6vdB^7nCLo_Z38RN{9u*?}wVj-^0sLJMMLfqJEt5dak z*>IQEM)-Nzm#Cx1HfEWK@~bRejn-A#t0?E7ADA=hq&CQ*I@aVBWJH$9G^Iug!(_@6jBL$z0KbQCW zUGc~D*7`XbJ#;nOu0Km7sQ^II+MZl@uESt z8C5XL0uQ(itjZ~8**RMHai%L!RLU)M@}&1Axj%B3 zS|9l3fxkMB{7zqM7f-2Z7sp?d)9-IhRp@!pZ5s_ALDgG$pQp+9f0!jxEyPI16SZUW zq$}{fsQ%_E=-<3Bye zyL^_RMBCMpbZUKONEbAgrr_d7l}=eeXXq`Qo7gSimzRl%xGHXE2O&0M&GzTRaMbf5 z)|pTGZQc8a|H5?jSQ7Or9sfyT-Q3aso|u!i)C#FL4JJFW!za8(KmB%!V)8y&F~(>s zcdc||{bDdPkZ>RLRW^JvMLOFQ5~@)M9+N*7pmKJLx@UM~NNmOX@vQI|i;=|cz5OtB zH3ULovhF1g^0I@^DGxP;iKks?uU#!+x zk3|4^DOv=f)#8QvqoT~tg>{cKr;g6;z@s>oB+^+hnzro~u?-;w`?r<}g*f1X-OY60 zbBXzY{uOB~Wq0Gm&>}*kIi&4d4U)iCgf}1!*+X@mZf6@Bif~=pg@0!Bw+N9`5@ZIJ z-$c{2qSrNBw$gi?#|A`R(N`_w5nUYc3S+m1Daae~a}p<$?Zh&=KO-`EU3X&*Vf|)0 zgT(PYo_ShjWZwbzjK(Y!ru%_{AOuLi2wn%V?z5K5_(FqX8=`|ClNz;*ieg1*!{2Bh-}*TMGFssYTh9`-Su$9mb~G6B|_dqdMl1 zY$DGfhOWT52EqLtQYz`8Yu0_VgPqA^VN{}efn9Vf_aatVp6x_XDe^Yu+)Xs?TF&dF z2P%YifJmg~Flrlp7{~)+hprG`!p07wTM-7v04CE68P18&MI8*X7ow9rxuUNtI#lUS zZQKZ4t(9N?q|Ej*>aT8=c!@M0O10N;dZx87GTBS%{xb<*?qN)^u~~q25fQpnV_j?} zXao_whI+sz z6v?bmY)2LH>>w2tRCtnc<_nsPqB?RYHa+!V9IK*31Y0xNhEd(njxi&h@6+j?7J!q! z)fk=8@VJ7x9M~QpnPkl#m+GCQKwiOi8kJPCRkS~?=)lw=q3V>#PNJ|lI^ahMA(uFo z6vC@|DIw-tr!WlQ8%-lt$x~MB@uz1FDBGv?lVFmf>BnFa@5d0TwOE?sOqetak0BUR zXUducu>^5;v(4l9O7?ReNTTyn%Lw&rA{fHwmguu=s1=vC_QfIlGU4V#ZcwNPZwPf2 zY<&lA4SP{6)GHie39Jr<@Xz7@&}}>fpYT4e0mk+CR+!xXx?*Ww;U$jXCW|H9U&UsX z5RQrIs?8!K2EK(L3P{BB`(NoW4y)|_I57NB{R2a((g*`C@8w|KJ6%gl7N2>7eiD!(ukL_l5%t6hoM?C37ss%C@WFqiv4V;%)pizCdZdps-P%Vlfq6s z9~oSeix2(}WEf9<8?Q4FI;4r14s7)qD4B+elO3T|`c9SkUm>yPEJ$){2YVUEjoC!m z#O&{&hf~nX3YV2>Ie{xGn=BCjKLrMs>iN$YqEZ9QIh|l7;`L^>e#sFDDY~h+Uo}~4wItYbPFmspHS7ot~jz1QCU*LlLS>y z^~;0VZ(s5kudWHcfJ*+=-5X@+tpit%AQr7NG)ZEA=fDf71Yr>UIJtf@ug}{GbOFQf7B+}}{tA%5-gDqmhNPS#NNb|2U1dVX&AlWydXJ$hTd_i#&JzR)ku=YH1_ z4D!Igfko>4uD&e4?$pt}Ud}ZvE;jkSezerYPCkq8K^yn%RQ6Asfsz=}g zo#Fqi)N|^tA@Ft8XusYFpzw3iNXbgI{=1}hPn_yjYU5pBU)b)pi!NSRWM@`<%>gSS zI(SXAMT(_`+!WrZj4FZF8zo*bfw^SQxKHE@cQgi&u7J%6;iwjL2R_p;z9BN$M|tKc zKowLzyaA0yV$D~oEmlUB>&4bk-~lpHG`S_(RW4D%h{JObE($GOb5D@ZBnOv^S)PsQhMQHY4+~FE^RsH%r-oVQPjPYAgvo5hLiKEf62LmS@0YXUWe)dXo10r}r4#m;W- z?cptubWmFOC87GvWGR`Q9x32ix%E1QW$MRK&7+D-Ft{R%^U_;5ii&ru)ClPBfwnxw z{FC>B_HCpb(=mid^*y9e8I{8MB-K-plz&Q$zKL+Njhx@PcYmSOeeI~dH_Cuc zD}+5L3()XQWuYagh@x>}u$!Gz>F@NdU+jn4G${|&z)s1>J9>7q7&ffWNZXW(1f(sG z4w@wtFquBa=dm5({DgViy+!M1o_K-Y9sYzi*rSG|ER^wsBZTvssDR|eIQG2b7z)61 zr_2`@ABIYuosLL}BYPHahwaXj*X}<+dd(0_u)Tro0mMf?AY1>q`WZsRT}b8jQ@z@9+4mJ5%cGjkpJ>6KtO?>1@-py(t(~86)J(zfu4;-|F>gOMgbt3 z9G3BSy^uqC_<2;iH+|nMv7V3kFYM`_0$qQK0uY=5dI8jXCEJS%M3D=kp@yLy7$gyI zN!<-8B#}T0oJT`p=>G6jV(5b={J`a*P6h=M3k3&y8DRt_LolBjS=8BMinGTEjj&6< z2qNDDN_s_MIf7l2NYJcNdS&CCSf6qt5SNK4G)(hCz3P!(+}l7A_@$9l8YcPSPV)qR zwj+}$Q0G~C?SuWSXVlVecSazWjdAo-+!sBzkpZ^^k#5j#4~UFgK~eChl~krb-@-o( zPYo{Aof^R~-hjcv3@6r|8|gjsQ6NUheKv_PPeu|{o}k7SX(VA?7eQinydKBCHInrR z*mp4B6;z3!cPJ{1bx$Z1=a@vIcS5~w%(@d4OW=7tN#)v8fS{zi36KMV>)KLydA#gR zeD`!+F6~jyoiaI#A-e8eVh{ZyUJRAe{2=oMoG&@^t-kfxEh%TIxjD_>B#!?H!ZfRA zlUQSu&(dyXQ)yXGoC7zEc6{ZP_(*^IYEtCmx$OF}i z$5wK~^1iqTLl?NaeJ?BsqQH0D`V}t18+&;KE^{YQHN+5z-y@CK58rk|;k;MmCEtFNuS5BC@FGmuvMC;Y-PKRsgPvC@kr~{+uY=2>q3Y zI?hS%j3GM+-9x)GjcE+WR@d16fheH@oinRzWcNyB32SBk(aHHp0O9o&B5Xi<<8b1f zu06oM+nya>0yT$czcHJoK0&)0?-Or49C;wkXnN#vSG-$%e)u-zJ$;SO^rr%H2xOy= zFfhQqY!8g!^)A=()=W1*0_~vShiuykpY!H&Q53HyY+Z}Sg~^X~Qncb4m;rgSX+fR5 zscwjc)#-08PXpHqX84$7XBU0oWeo`aT-;|D<>4?3s|sdf*_$9`4Pi3{Q=g2d7hAdb z%s67~G&#W$;1WzV8i!%1KH>w?cRx%B33yN-{Yp=-JOXd4f>LymBVqAjw- z{452bSZ2+3EXW@OStf|4>;8NscEj@uLhJg}ufEe+sb&+!dP0L6l+kOX{9~~{9$n=giv)H@4xmu#}vB;e?~Ia+hz~*m?pe+x^Kf84PGZI zseWN8s50z+FJ80@grGNdquQqIPAhBv;0f%&YmIXO+0sm@gOM6XZu}HcHSnNP%#e&P zHY6>N#CrQ7E+taHC5HWkFWIbM$4Cwpj!jm88c$M$URIudb3%)va#I+7mpbd%9hl=b zp~*ZWX_#xTv1r@F@7K;8{;4dsmZZqWH=Oby(bJn_D=>CKvgny?&7HAh9o~Yib4B?| z5~WbkMPZT>(Oe*x>Gg27k1gAjqhh?F8Pb^a(^QmmpQ5x>(A|%&IPn^emi>A)w@?Va z&HlG+X8oe*l8;aHvpf}sN@kbT?DEHpSYZq>7og{z)U%a6@{{qxnR>`h3jrHO4;0OO z0Q9lL!u1*$?dwZz`m5(_xkezA$34y)?CU3@lDq!;E+yK`MUwunU4Jc&p2VZ2R}RXJkT_UGx*t0s~&@% zaE%hb7E^=0cBcY+@9m{WkXNvc>uFGh-yb#CHGU}-XebrOd=H0mW_^!KKWH-Jpz{d% zq>hzf3_ve|M>3ZW#E$6f&|`j?smBQ2aqA?sY#Bx;xF3N3f=zlG?#L}AEbEh>qu5DQ zEh;+15; zqSPX#m>x1{_0{bwnB2~SANY={b#xW|^<($ay?oa~b3hTm4FGIo9n+$;7i~Q%lII_W zQq07ldIp-`z(;!$=+@}j6K@5Tg*#7E*pl?jdn>+VFY=d>@jX`fA^{l{;|w~KB7s&g ze>^wuuBY7VzB*TX_eP_c!Df}OI5rMlH>0xB9@~+cnf%~Woe`gmE*dy1=aur^UnBwYj>J()^0P}tv5V3Zlv^7%N^7M?DbDNWd`+OVA)7Sgf3PBh zh>IO@U|y7PUS-W8!S4ww2JUKZX<3tvr`&c~j}mjCD#C*FJ8tG=pS6gsdN( zVT#ahtK%N(a$gjqNzTPu*h??MJd4Sb@3K{|H`dyM8g2s;3Dl`M=HvJcLK%nkqH7M1_}d zv!d08YSSSC6@?@m_AW%EX~c0`K_Q;v1w7UF<<*oB+E4e>I$moFsTvr`YScYRXOHqyTZZJxXVRt;t8+hB?Z(1P;(*4R za|!DDm}9p2tfZSf|zi7{&v)1 z)cuafu`x|S zDA@CrGf(%&K)eEdiz4#?OT#=p!=$w_PMWDJaGL3nz#UZahw9)ZjMiM|n^Z1y<7gSvaPAJF zus;M;*{i1m2shyYpw;Ah;x$j}6}yw0fF8qQp3pY?xl0~Q@BzW`G0$#!jqP6&s16-g zXD#0M4Tcxa;d^Q37dXF@udME=_8Yrse>OMaE=D6CKaZVE3idCM(Zz zj_c0iWpuZjEm~##3pN}R$|ViF-_$BQQ3@eWA#|{MfZ)*9oL*i~*SN{3JW9}1g@et*Sz?DW0a9DGs0B#bMn)eZM3^v{55)7^A=zE&1`T%(H1HZLW~ zjZ~Q?r&OFe+|(Lujvj#aogqC87^X4|$xUQ)?&E-&b#R{HM|1w^-K!5o8btSjz}ilM zw{#)i+cDz6y-lI9cC1`d@lB{xnmqPvgyRIlhJfe?og{p^xegy@4vcBhLPw7Ew)1BkUI}@Ux)5=O$+Ixu|Zpx#@;|=bZ;f#oFu43kmep0i_ zgO4)ehEG=sG~l=7$Pak?u1teFHYxZq9d+xubNgCt!P5kAqNynM0_p-E4nyi8%Wl0w z|7T)VvWNt6;Lwnr+Cu3MqyDCb-NY7x3C!2m6Mwo?Y2!E8;L4q*QXkmZPi*x-MR}iX z*Qo!8M1A^x?@se=2(5-H4`|3Je6;ch6W1yU5jyQLq3lD>8!@94GBXdL&J(jRb4$j| zO@z-+;AnVOnp!rRN_Lt${xWr(Fg^3WJbg(3dcM6C>J18j*uUq)fEu~>uUbM1c{U6b zkcB{0QeapTyK^4^|8YT%x^!?%MYD?F*Up1HZVg|N_yJGly+#yA5=olizk%Ln_f4Lr z&0Nf#;m2f9fbem7zUigZt_Nw|je_p5Z} z6h1l_pJrHu3ngd4s>Z zJjF?vJ%37nOrP^jR%A!Hwt+r&(>J|^RT*+EL3J-Uz`rOCGx~a$4*+*B?0)jt;bVmZe3VrH-l(C~ zOzWPhd4?Hu9G$po1|OC>ddK@_ZEtvu2K^cgv)tWyqjol7VlHB&Q7pKqxEEb%g$Hrd zV@MY|4SY^vz6o4>LboX`>vJl;Fqe_X{;q>Yzs=Pe{ar;M@^of_*U)CG!(9iJUN9al z8>w@E*3fwW6g5&`0bNEi!(v`W4*r86xx(`q>`Nu7Ce-Cr{~gu*v2I^?GosNqblCn! zyxxzSZm~1IgBoQXlt9}h13V{y3Q!FqYK&o2emTZq zW5THlc(3@_aD+p~5`J{&5f}2IZxD@N3}p?DpgpW4stu9%@ua7dk_}c>Avb(uW3WzW zD*I%kG4sWIqGWq7V2FgiaK`M6iu0XKa)i*prycllwCpn z3Vb#*WvEgK?ML*L$k}ZC=Aj0S36!Bl$ z9!PB7Sc#8z7JG&t*CIvtDF6O!>nE_lOLv~}Ho1n>oJ~UNs<;?MYSO84^Zxgk(-qDO zPE9ZR;9A-d-$tPM1aJ-RG&(K?NnS_w~XQv8nsPbAL$^@9*Y^ zcbb6%zuzYIQdc$Xm%z#2K;AN-oM;zawogUw9lo zkUV`X29}=$@c-dvzYBPw+Kr^b6&k~t!d1clLP1Y>(tf8npjTvwi(*2HTPIfd zwHE%&C9tBAaz&Ck9X9X4MyTQ*?;x6#bF&?wl9Hy*oBbd@E{~S-|53>cwUM654;%q$ zwCvc)>fY03E)h)3ig|lY!AnL3v)#p+nGuEn)XF7)+;h9nokj8s;#${6=IZ|F4FCQh zOdKFQX`VDWZw8~oU8yuy1U;Wu`=LouRXen#$aDz1)|eKA)ElnLM;ow4LvtqH4`7)R z;(h+4Q>eVrhkJ(Syiw;17?$*cQB;`{@}!4@_29ChT(u-qvP?Vx@>G(?8PcnouH?SB z%F|P&)EM{NlIVyL;WTo9wiX-v$4VF5GfUS zN0hWlB4VC(6VaH!PR3f+1DjP z1j(+nX+i1-2jWeams0(|MSL%I=0f8^IhWSjnYnYzPd|+>KtW%KPi6Xgjl6|0%P>v7#)pDh1nY|BgYYzJDWQ?eBDld48M2i z@`Nk`yDxJZ{*{}tvVDGj9x1RJOG}ZDALNbMll^<+eb@Ge;@bu@G0_u`DI2C8cS+#L znXysJD|LezV=HO=hKdb7YvS0EPukaS%S>le%3)QbX(6k0DYAz0Q%bUXdgvszBvpqV`Ar>Ad zZga%QT#1>hvbN=h)(>u3?x}qaZeu?QGp$d~fXmZgpRx(6Ype7y9HkXWn#?U7vJmL)46C0xrY_=wEjI z*@~q&80MdLagT_Nz`{27b2H14<1PMCCJPc~_Ul48nc6xIa-J$*e<~HIm=@RaByZZ$ zAUZ#@bgobB)LX4x%S=;MeWeOGi2rgZn4g<8R4EoZ(<5n4l8yN2iQPElC=iJI+}A%c zsdgWWmov)Z`qTZbN6oow{d+7p)V3+@Gqw`=6Fak-$75SMQPTWE&TX<9-a|by|HZ-b z_Pp9C7-cd@lx1zoO=%=A7KCzzTdEITcIjD#O;!g7>4d2MPJwUeTjNsN99(R@iT#~l@VylQJAsTnzex1M))d=@Ba^?4J8VpXQi43>WUC`eeA3(WijUwEooxc~@Hpuy2nj;H+Z0`@wC;;2%DM~RTWn{f(71R|`Ly92qXJ8kH~0 zQv^m|PGQQm4S?dYK%M}+w-`mNe-(UW(#4_Q|G$Fu9muA!CXencd(61!$I42 zJfq5Z(s{jeoR6sTgv*GcmVcIS?{XzaueIc;bw$P@3zU-m)uzM7s>SiD^Mlvkr5bO| zcjR#T_=h+W5*7yzY0lEM5x7;#s?!nxVSiX+Xger}`-yfWu@grj9|D4!Z6k5yNR|0+ z_(D;*|Hi=nJs_tRS!tol1UE+ZIZ~^*Pda|UAMJbJ5o5>joaZVqxj0W@y+f>lP53RS z=`;kin5rR6`)z<{zD%wWVN&%!O{|j9^7&_q*GZC)pLL4_bt36Bdw3;G`B^43e{n@- z);DE$QyMROnt#o-rpQw5RSJAN(;~!?_yT{yoTa?xQ3CH;zQwQ;FBCNRpMJ~*~!fJrvb9DutI5%;LgM(Fv!MC{KZXw|{# z+ZF@j3k3RB5(~u!{^{FDMkcolBBhin_eG%h9bDmg|40|Gz@|&pB*Xtn#J;rLI(-|+ zi<@feRM2by?{NRHKRqa3r)M89;(`YIXfgE_{X=OXFjw7Jm{uCM=T4~=7PldqN&=vzbqA2MP1+Q}z-t zdFVFQC`n7x4dk7kPgBI41-aVi=y^YvF6*}aC~Fw=4e(7r?jnQhHDC;^(C=xFej{L| zQ4|(Qn{R0Bjgb}pSvQ6KN$}!R7z5sCKi2k+cl)uULmyQp8_dY*fg&~F^2Y>=q(BeWa+5#tC*kxk{ zgjzR|e;ik{RiVpa?COqbuKja>oI_(;{Ugq;(zyEr== zX260_+Qn4kLD(w&shN&?e*|fvb&QE=gOO(KNl_A)awK|vCIB4DR z(*vjV{S_XmRcbO;G2Agr*hE|8FCiAv#vha8a0jvpCS^xGlmLV2&t419O{;BlH8v~; zwrY&HCm9CU-d8fs5A^Q2;|Po;3u6)aw8iBK@1H{CZoX1=wXEI>2NkTS#WHdT6gtea z>C|2z`UL{i5>o{QrO-zshrWQ$ra8r58O{u<$m|g#s(Vc??%CN=oc}o<+HD)b3UqB^az9Cj%qrfmM%@oc z3z|X{3v4MPU`)xvFcBN}@s~|t*NcocPJ#J|?6s*deejqFcRNKPubV_8q;)`-->`~7 z(tIY6v#n0ksmwKdx}3jB&81~B`8Diw;ZJ>4yYxIKyw@k^uc@hb6(8#+h)DBJCyPez z*L~WCT}au&m0e98tLqfSjl;5M-deJBmpsAFeG+v15e0A3fbARVy6&r;Kkn=-63Djd z@)+EGHqLbxV7t(n2bO%MV=1p8`rt0haBDVGm8P~#_NHbKC)xLCJVlCwAoFiK!N`PV1_qFacmd zg4R%bgW+MKSUXj)782U0Z@O(YI0%1Lv;kB*WA3bMMC0-jYN(p5o1_VFpAhj9!p4o) zO(tpnp392;n&Ty`VHAZFf`Wm?I?)L$wVa^o%n1A=_e?$WqF(Y!a(P!-*eYpzhFS{) zt_xF0=*P2u*Xq1~;A?J1qJT9DzGBa0*5oX)vk6?WBYk)t40#@TmvX=!$M(Zhe$WI(Ni3eY0|x4&AA#5kM-WX*F4#n`cMHtDAnDq)!F@ zdpE-yj0lBJ#D+ZU;P;B66f1;l2Jk{zaiz;&5YLA)^PCy@Fkr%=Cp6clpfFAQ(ie&= ze1PfM_%bNoG=VUVY;?0z9RU;(vwMggE=7M>#P@kDKm6VX_yvSHc&+d|=XVJgukd%3 zTMVoQkM29#ZH_SIT81^I{`jmGI|p)kS#wfRpu zKTT?sLEpmnOhNr7*kGnTGK_(|F)S771Z(0wv6t9!=44J(!hTN@pEEq4&7v0kym9ka zuDht^>4tk*>X`k>6xwcW%gj#ZLNS`pDHvz6fZyQk5+mf178G`Suukl!X`dT3A)s4d zk$$(%3+vwD#HHPO9{l+F3(dUcMo|)OS@vCrFA-42Xu@3V?V?`Bda#h>A zjnJPd!*w7+1!w-*zJcYc7@@il&%OG0Bd6o>_twOrI5cVzfSLpaFq#kem$&($cRjrZ z^PSE|3`+OBVv`dhgZXrk(Mo~-63}hBZAb zEWjq1dOg1hmeihSs0e_(Yq!wTs?a`I#*#CeM2ohT!+*soS`gp{}T-RED1ATR1K&%~qGB>`q{zRVPG{NNxa}sRtG;NO;+$~Oddys$6_n#7W zWDYhap7t`sSY7A(WV6g$q{LWW-(HTMk{MT4GTG!y#G1$x8G$FhbZ?A~8w20s0YOyvrE^%eWa*yQKvzZtQO_{$fIa21Ai0*L;QeEn5j7BU5GU|Cp z-fc?(r$){ehB_(Tohp#pUIJGBep>rLXcuQ?OPpW_<+b`v2tB6hCwH)4f9l=MT&(Rq zr8JG8akvww7r%-U=fh6zL8^yNN>nMEw3s)AIf~>BHYb}o#A!2RF;w4HE<@!XK(^#= z&BBnb8F9Dl)gsM8GHQkcse!0nKzMaMW34{$@qj%PMNMn;RniZ{bS`!ee1St+=7iL& z;=F&B*>WwJH}U!4t(5_6g8?+{!HK;xhQBr-b~ng7r~W9JN1Q0_QbQe&g__vRpnvNXH8ueg>kPkkdwGGF?7LS z#MO|rVsbdnb(Amd&)QguR8x_y&D9i7^Km#SLT(fcuc~+D7cqRF{kz%s8}{?+{_&WK z$EoGu!eof84!PFkD@}%@#w{&Xr`!gX0vzZomZ!&D*L7V7!eE`>$k_*Cg?G+6231#z zUmpMCT|K5(kj3ji5Ek^aPLlUXw2D%*9^rxEN$i@R^>Qz*DvI*J?MXg{QNi`(%K}1= zzNopG`(Dudg)a)bM^yBZIXpbos;|uHqC)HP^SJR%$ignqPiy&=7D~k=CzQh~zCDDp zKS)XJoK*m)JK_f28AJyTKVSCfOugH@$i-Khi}J4#&>+_2Y59VGH0;nEtO{_gqd0w! z(vJ4%9@Z`sz9EvprYB;?eT);jU3=V**i-C~5tT@~0`^B&dT#j1<4LaHdU66jl>{B{ zR|=j;uU5Z|4UJtkFfTNcD=%*s0!P&MoBwwFBpFK)hT1je`i}C_`7ANQMIQD<0gOD3 z(dh8Zt5C~0@ELH%$<|_XLdgtkoBc`hV`-SBrMPO2-*Uh-G5G}Pc9N2kyr zlc0{yFOE!aprR$w6BY)B>)%iKzgwcqIiS;<k1-2(-_ivC&BAaO=FacR%OTyZV>gajd zBShMl2E6IoOKL2;L5GmL3N!)5+ehg;tCxwAiK}0#MK3@X&Ndx%cgYk^z8oqmmCT3M zC1i|TvfN_V8~^$O8L6P-kMgg^yOv>*nw;TQJAKdF4j(E^H>xd&1vi|Ej;wwf492pk zAfLKvCCu^CLblOQ)6AwrP}f;!I%KCKAWltzQ-qiq?r#L?2MBKU{$u=J)%XR zv0k49wwbj00cj+*f6GVcImN@XSfgjnJyf{LMf=@^(H(G-cu-r)nyJWvi~FhxAP+OH zGfwt)4X?=+ps?#-|C-1e^VaazznX!(gFadJww8il)aQwD)E6W+t2#NXsxr5fb2~IR zY73q=CA&^#C_4o>6)YS9VqfC<^09G8;&$ATw$jB2TdvBCwqw`2SJ?I=T!65XUIWh- zbl0Umwj;Q#gsX!`6B+cYc-C~vCfxEyLPJ6UrjftAF3=1t_mxoW;zbxs$bm@aRVT76 zSww0xw<~K8ra}Y%1QpDi;ohB;H8I7{)8dz>!0)P|i*pCMWwFc3;`)buRGIl5>G1qn z4^>gZi_(~cGeTYIwbQ6Yef=)_FTb_V@0Q+_IT=%pUwL^LY-PIWaUnvf^)EGMwgRV= zPnc)iplYnm)*bcLU%;wUkLmSQg>B>c;%+9?vJ^jSt8>@Ub+oNcc#udj634Zkvtkc^ z_}Su$S?SpnZTDLoa44?8$(?>xx+Y4NwK{hY$AVYsiCn_*7 z@-+#SQVe|Zrb|V4+5nOQ5W6cZ`L*y{?E2TgB9pE(1W^8U7ujeKCc1m6y{iaO zQ(_+wgN2hu+eiRftu!^{BNPavu7c}BF0E00JdNLXykN(Si#S;ZUxwJ*-EXvj%hQ4; zu02lr_OjQo-7C9e%4|J)Ty5`ORLA#}f7%-O1A5K9viepOSqgm(Z$gjEF!k^KB^eC@ z2J&@7=dKTSxS<4B$OYuXcRhK87yi#u$I)gQx8Tc?sPt`eZUl@&e(h4B_Lt=*r`_iME*TIUu8hwpPWDAfi3fPP5NtISNQ z&=Uc=Q!BsvFrKGI1jN!$J#W ze>nMoi4)l$7FruTFI*iWlp&u3lYR^d8dr=wUHpI^w4gVJ z7Y)YZ`|Ed1d3SRWTJ+DK7XxahHyz7DJjTi4_Z$rEx#U5zxME ze#uQ3x*81+8+PHJok%O%f8p%O8e$^jyk9atmJ*1&XLsXY7pTbV>+-T*?_$>1WikG4 z-?JmZc>MlDYD#4?hqq}~E(jA)UZ~XbF>23zMoJ3#kjv$XjV|&zi%}O-n@LD1)SaSIYaH+BiAlIG_FdYgnOxNSz=?g|%Y*lo z;hQB2rt&w(#fF10Q|~r3Nr#8m=3%}|iO1d5OWhj!B`;l5<^Apw@^gfB0iW`4Dp=uZ zc1?CPwwUC5Y5n`*6WRFslP&E&zdvU)s>8MCW`b$^u`nVrZ&l4CTUEG06-2S3N-BN(Noz)F?0e+P!KkzTx}&8<2nk*H;9tese82pG?L{phv8!OyGo!^$AIRd! zbQi_Hb?f0ZDHG|NAFUqn>jpNsW_nLW>6UGkbJhL2(C?#d2d)z~C6Rr-?2#J-LPW@y WnAfi^bYw{VHSWORB$_%l+J6A-a3>%D diff --git a/released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc00.tgz b/released/assets/rancher-logging/rancher-logging-crd-3.9.000-rc00.tgz deleted file mode 100755 index 3a0a3bf4c5ede87bf78221afebe03c142fe47dae..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 26807 zcmbrlbC4uk@b|qt_UzcUZSL5%ZQHhu9ozQIj&0lAvE74r_TKw@{l^pWbVOxzWltZV0f9alTghpyFm zpx;PR5CVkVw_3QZm8%aBcm;71ATd9s2MYW7S(4jOV5IN~AzT>ML)3|;g^XyqjI%i< zU!Tsyp-#7*rZeHrdb4m!qQ&x-Ktw$Gh93iYpx-*So>V)a{K8 zuRCG;2C1jrC5_=pG`0qS2WMMsp?y)~zKof%t~QGBC{C)!UH-w8xEsNJjwHQIC8$zO zM7#3y( zy0@-w_p`6g#>R$L#_iG3skiUYIcw7=&O-D7+nd80=E;3Zx2dT@(wbS+VFqtAPISfbaDn<{_X z%EpwQVuB9r6Ki=2_1K$ldM6Y7e)cz_s#-EXTO?@7e-{o2MX}INsWHGgkzM zJNE8>cD|A&U0(m;X}Vlr*lBM@o%46U9nSv&ciO=BDj%X^q3po+AbCD{V@;-1p*dbC z*8^j<({;mhp`J6}oKm$}?~}OYfD!0H{94uwY^K&9jignN!#yyA`(%l1eOf>|jlxj4 z18}CwI!41)Y8u$%19B2u?b482uD#5 zN9oRlM}X!h%`65N`KIobq*+W*bqNix`{-ivVa80%12!|Hqq|oaRzIHCM%Z@4VqnHN zH)k5Cn;h)Y?Id^g&4})NOdEcwzs5F@qgOvBu%&(XH_3MFtbjEK<-YBY1nIor2$g8| zeBThYzq9G3&2!0F(HwB!lDmTtb+Kz#a0Ty)769uaz^mMcYMb}G!{ToBaXwl>*&rnP z$6%dC@-*wnwu98#fJrlga(jt!vjTrw1ViF*0$es}wC>ABbfkRf3E5Dd7tiCvM8ZYT zisc6cN$6U#%G+7>TJDSjkjP!equCibCV-pvVvqF$dhKnB5w#`0kJTYYiRRKC>*Y)P znmN()m2t(F{!>n+bIGqP6_LDavgNGG_u~=ejCDF<-QCml zo8}J*i%!c7nas#7ZlQBP5$hs0uJidv0M|oYi8PQPoV8>J66_gR8LL#2LcRW2DzQHB zD)NM~p3$tWe=^rjSCTaf3S9ns(F13rq&OF>E1Z0F9Y#L~#N!ZW!f(Vtazv1_Kr z5!ZHDjde_Cz{NK1w<8Y+^)}d7Ea@oSri@?7zMp=m=AtsEiDTVfEt9N+yW zDA^Iw=MZRURfrz83xiP$iS>$((}BMdofeoS_Ohx?d>*jR8;6&x3xM|CxWD=Zgx!Uk z>HiiQ!?1?E6B+fG*ISk)URp(!N_sfJbx}$fN}_Q-C>Sc!gn=-U{y`gl05&wh5`W`e$;}B2b5xRD zt4RG>6}mi1hhb0-Afy44r~?{`%xh)pX}~J7ywf~0HKJAzgn{3sbft=%PIz1nW-9c8 zefm^R`=K9}f}Sk{uiWkun|yEwXIM&n4yd$*H+g&E-ZLn+YqcFzc$KEr?k5 zsL?nok|Y_d<}m18q7APb{U~s~B9$0uP!qAIc8H^2sRB?>wfF}rnl1PnhMD&cY0=dw zLQDb~#>=(J2H`A89!O0+1bQLon^qG)dFha!A(t3CE+~!>PgrvJFRS=bV*e2Ke{=0H zqR13Rvlq`a20MbG3tp=omH?IX+Tl4RQq{J~ZKXluU4K$*I5C1})|#SgwTm@2Na44< z|4ko2giU(HFAM@Z%qHc$tr~$*htZJkV3nj|ig#mOGmsj~}k!QtIVf z$W7iBI1XI%Q;)uhl{txvj!tp3WA-?|ajOQrcm&Vb6%vs!NQtp>Ob@z+2 zhF#vAN;Da~=fy_p-WPS_RXgGsjVJzD zNnybUZ>szRsH2SRvgzWC+$h3UKA4k;b%qvc#0d+~i20a)QnoqgH}*`n8DJ(Xt6q5U zSX)MjzZ^Czb2Zx(8QEC&*fecpF;Zf}>2)Y-C zTYQGgveI&THNNE}3oMG>=G2kwfU5dcb|wk!9EX$OhqXu=1Evtx9ni-OAD z1enB_6YfEp>q|XRDLt)x#lPH)a}lx-Ylt!5j?L-ARo4hO$&Sm!q?l&H^uo;%VSVnI z(*~HY^ah1M#~`12GPnEZig=)+C}5TPJEM%jh+X$k z)ht2kX7UhT5TQvh-+r6XzlQlwX0CtKS>5bsAu_DzA><)7{LhHpLKGeW`DlUq552pZtl=Z47QK|)z7;#2Aei;E+$aw7SXI_ct z3W?6Tn00G>3Q2VQHAe|KGx=*i4Pb!VAQ@e-*zalVl~4^F5+KPO>1`gcp1Zb?Ct+>% zFZ{8YHnc(13pqT&AvM$`3uB@+6;h93h$|fks$65#9MzH}x$?$%inN*EI#w7)O<)cIde2c%T}| z6~mM}-#)G1W#q#P%?JtKJH`rVKHBWKv1WXg{>qB1X|}4i1i>32_P=`?FUW)?9e@P% zMt!RTL6DD=3BFa*hp1so*BQN+C{|_cOgLe&o-^_wnWy^e;(TZj)u3*o{9>5o?=?=_ zLog(*uy7HCOyrFFt=3tVYKHgT7G?wTa-z8o-f4vGhbEfUl<5fl_|Buo%dQ^X3bre9 z$qkArUYTrj0L8GV>jc9zYVE80hjRq4jNC5lyg?J{;KMlH*O>HXvP%5bNAxQzgZ z6c)V|i_?hWFvcY~323h?2f9pO9-XaQ+0~BzgdH9YPw;rW}a;I&4-1^00@20$kdGP$qKsh z0-`?5*^TaHvzRg7M~`Jid>LP5-_KcI;pc=(+-A|KQas- zPMwhWl@BpAI!2E&iXHD@ovEF;iRxkE;r(v3$Y3KbOWHZ)Fn!d}#TU=va$g3)4wXUX^Po56`E+~o|N15G$ZxSTY=m?M^11&BEmJ-D%H8>5vpq#2 z!-0}wtl1fJ-PCQz)XP||k^UpMWy?-M^a#V#3t)9FoWo~(>Y zTe&P|LoFdnl)&yQT;D_bpI*HLO^oP+Kat!Ypta(|5LLFtNl`5|PC+(tP*bjN7bVe4 zMV6{G_|J^e>d8iqtbW1)dgjhy9N`K<;7iqc)Cm;F~uu5R*fpd!C zHN~-5HX`TMo*Y+XD}}DKJkX?Z5eaCnijsRS6X#L3nhG$;g7RTYGzZSxU)x;CCIZh+ z=AJ(4%p>@U^c8$39A`6fYhtKHeHx{E`W}_i`MXUY%q>NADvwaR@wDstsZR1i7z9xh#kep2!)zO?t;Y66V6$jD99{&ADA-t!RIw&BWMg= zTu}s6ZX)2B2xkc~OUA-(hI(Ic_~w4|49Y)x8A78I%=8`}&z&iRSL;h@mmNnwDO>B| zIfL`V+Y1UV2G96nre2Vnk8{FP<*N?R7=#td2AdZ}3J#Wcg*ukTSHh`O+7DOIENAau zySuDBhp4NghjrG@2Br$9(MytswryMM=pmNW=N7&h?<;OfMz30Ue+hKwA9wp(+erC~z4tuyQrTn`0=Z7>q0ZRMh{2p~)mzfMS~$wx*O*rQ<99XG*b7KGylZG| zAvuiI6hFz(E7g=M=ZDj+mwzgjw{R=YgIvjzANov{l8-QeMg(B*H;Vs^K|XK;6Z{z? z?pTN~3gwXLwj&7dP^@S?@RQ~}nsbR3@6CJgu` z-)0DARgfI~EF6EOMZ^-ifUV#tHc7xjW<6JU6!%Ne0rCz0wg0Wd1 zfzgSGp^9m@4FO!)PvPDMs|EcMQhQiDmeYgUYEQMZ%Y+fR3y|rxWd`FUw{u-P56Ph6 zIx{f^pRuE`VX9_xx0}h)5pUcCqhk5~H*g_FGg?-t+WFdE{oGFy; z6;G$G+bU%=o)uXHZP-bTY}Q<2 zcUtuKugBh*Fjc<)DSQkFy5h60s|Pr{K~{T0Paep|&%*NMa8*8ai;sh0>D%7a8x-W; znoz*`&cRi9CW?0=kfctuZ{cU5XfzDpZf+|);|Kc;;^kfc%+Heyfxm1^T5oewJ9XwUe z7aKBqZ^l)&_!}?0oF|HwCu zgJBZci8xay=muQee@5`cG0Zzn*BOZ4Y&RH@A84% ztHN z-Qqi745R`Xs&e`qPINO2Ul!2{3f)MhbnIn~sp+A5S{A-vV8kP}E;z)y3-rw&I%E7rx z|K@D90Su7fS-X897rhtU!4r|fY2ZuARTcUu0#+bjl#B0$cmlW}FZXe>)As9rhMjB8 z-Qh``9Ia1+*D#o1Jxe0X1*{JrU__LqSQq#Q{eLt^WztTd zm~U=NW1XfX_AB8c9f9nXCI6lX=Q&Uy62HZ(2L9dT&tVGATtOs>{qJy*1qtlwe`v0q zdYH=rl&(cfE@G=pBuQjr>>sxWtIgpH>p(@=RG8|&^Obh2;wY6RQn%GZrMs!;k!{%0 zTCKuGV!LdGrrs7mZy{p9#=PQ3N0!Y$$vtcnY|aaQYR%La?@hisj^{iGi0Yin)GsGq zZ)SF5tr^Uu5yV9ak}Nb@rE2#b^l9fX^=by}soL-;A>8Y#M?_NosAKN_tXH}V%^F@$ z6uxF=D;z)gPX99W4{}AtS?ORzcpuHf$DOM<_rvK>7g!k>w2Yj$qnuRdN*Q6 zj-4yGLGfSXIaf%LiNnPKWm;nAa$v@LVdnysUA%L$&&s5vieE*B>Z|9CAvD*^?nOnKS@y-%i_d?r6}F78OsV~eo0Xp zDG($=r7IQtJRUxm80Bw?Of7|pj_Bu@9S6Vx1~R#$AtKWf|BX+MqrycED-B?)Zs(Q|rjoe4A$T^S!(O zlH~c0+qRSj6zBvVJVH=0l&rr9R$yAizgOsml5Og`Fg_lQCB_kiEO#0JfvcO?sT2{Ur{do|tOZs0UbDtz(307{b`1G1bg$H^|5)%dVk{^aV!WJy(?}a=f>hCp;J<<~FkV>-+YYRVfV(U8Gv9Nh#ECE)Y zNI3UXU^FWLTF^a-YOOv~DE*mA?A6=@wh@wA6JiJ^U z>_0~8MsLoS{oixmIaqXK{Ur)FS4U)|OV>mq5;`WHNf=S%>inWWji~Vrf36jds__p2 z{dMV`n#M*bRi#;+Ei!jN*h)LjY1s=v>+@pGRzm29c6)Fevr8+#B_wKP}xW6%Mav~uXhb!FwcCy$=@e=jAV5lKI_JJm@3XT%eW zJ+<4Hi~gFdSB_(lDXdv(WhxUKc=bGQE$5OB~D+L{_Bo*8;xagTDeOr zuB?5AFnYH@M$^`MOZuo(5;64iu~9usYYDy0vf)Zk2#)jwO~AYe+J$1W9IUF1T!=(f z=IqH64X_Xy+LT-J4Wpa{^Rvg5R`!EWfNb~jpUmf4bFTGs3t!?^#8RSckF zh3s1O-35BcgeC!0rFrS3Ju&=11Z%fB(Uc9B6dgYRM9=v_8g8T-PWwz`D`k^0;sMwa z|A6PjbK86#Qn~10-ir0rMQ0!pwAn(LgiGTISt$}ojlM-M4F!c>uE^c2{$LL}SO!OJ zdl7jh$yJg_vk3q%CLtK#^dtHdyyfGz z(Ii(_sn59_{B4E4nIUtfcUvAa0BmqUj4SmI6VsC79xw=5cS^`!3(Jd-$fj+2@|QfV z0;El&Rn*BffhX4dD%xXVT)s&!TlcI_K3Tv{h1EZmPGCMi`*gpUep72^Z8x!lCMeO^ zCQef692tdSPDqt={dGH|d+T;olx!R2(mnyfmX^M)-BK)tmJzyqi!B9EZ3uc8R%O!G zB%u;+08KpIIC%=&7`II1yH{9TRH9R?PWamx2_se=m4Q6gw#2RhzQIj`;Wbq{Fi!^( z&Q7skBbJrCZR8FlkR31NNGKt3*O1}9?)B6FD-6FDxY{=QYV91FkqUC7RS3b3K~>Ee zW{7}vH)*k_O@aDpvDm=ywa_1|KTsW;6A*cv;S)bePizISj%)lnR)#?dC%L+#V(D-+{W4iC0zjiseuuw8O8S^+ZbTh-C0wLnK!R)>D9%Yzv>rw)XJs{=_Aaha8OoP6>>+WL|jdBTMU!i;MCDy2eI&DizO@LTLQt#v^+TR{Cy1j-U z`y&)(%|z8q*XEkQ%H_*4S(<+^BtTbO{VB3kPN{+{ZR52VarC&DpAOM|IB70!s!q%% zXI@<&5fD|;`FC*>P}%YuUTbUl1#Wsfy=1?f9p@j*&T0Mfc#ia{+RETTLS}=&qZ;XN zd)1+^@pSDm*1p3e*iqBv{W6$JXKSOg<@K;Rer40u`f_^q)pfay+&kK9_}q)6(>QB=*)ws` zl_h(MZ>%^wJEPhP+kVmv|B}dT9*~(X> zr!~)9rLyy`TVoKkLTPvV&ffaA(QZ z8RQR|NA_5}iSj`f^$+RvK5a^|?lgt}e7RiK-Ewj;xiMIIrUUC*i){hY#AGN8qw%Q^ zUKiN@GvfIv`#D3ObcMI=F&0q5$)TV8f2v^c+)m|HZDT&~ld5d~F9FOldi4ez`1r#| zmE~5=P4@cxU+s(TU+v4TEMMeJ?s`M-hb0V*a;Y>`8^(vrViwGdcBVFhd(#&HXaA!5QuX=XL1q*sz!+Nbi zQ+t!t7en=cU3RvxkozOJjt4N@#O$)bvULh`lVcl#Od~bQF}mGrAqYZs>9)*;`|SQy zmZbh5($iHkg%n#<6ydk;^%@DXMaQ1NB`XEw#ZfbF*p+lH6S5 zf=S(?2tCRCC~N9j>Qh6DvE>+ozRHHP>zzcBpQJ2xVpXm1Q(j{LT?$r`ny3^lB`GE0 zGz2dKoOzcdJbOtoB&KRvYjiCPc2ZC)2xl=|{rC8Scw(B%}zI_E&ze21`{vWcJ!hmb=Po;1>Pl zG2**VfI@erE(!sIo6SuAXpCD*8co2Yc z*Prm9oFslU5F|}oO&|9$W{qN{EyGvvvPpjY<`t z2=b<`MvY)cQscbcpB@l3E!M|5!qEqx%5g}#v}pRqwB^B>!`No(~qTyd*Ad?#tQBI*T*DXOsnWB@vSRMmly>lXG~!vy_6 zHi;limZY$MK%(=Sp%GCkkyu=N#+K0KrgU-lD4aGxV4u93%X3qO`{dqVC>is>YEI9rik`qI3(=ksN|f$U zm^t?FT=d-}Eqh@o>ck72#UtJv*m`E>s`6?!c2UvDzzmrLz^wX$cm;-NARP#fwMZ0v z9g#uWb{pWg!1tEEd9fKE+KPVt%YjUBf)r)9{&b9Mp_(+MD~X6}x(unl6p3hC2pX^>D7K@PZQ zLAsxA2q8U2TIVSd;3`UqzmbiyKBGu0s3C?#rY2t-3RBXW8Cv#ngs^~-McO~FmPFc? z9sNE|&>jfOs+lT;>M5g?uHVF_dm$Aht6)8eOf23i+&3*_Pv0c2;26atmR}t0?_L0v zO&CiIj#2iU>!oA0sC-R~ic<1d5Pt`9O@|bUZh0darB>sI!5}6ufMA_mYa?E92vGxJ zFc`I~!XJh;#sENPrZUx)Rl!L%s|oHXi3w*KJln?%DKa{H!Yao8%S7vfYCsaNezQD_Gb zEnw5+4Bf{wBu*E)dTb%iOw_3E0;@@qqSkK*YRC+e-)Kww|0hQQl=B_#P`8Ik?ol(* zo4Qdfgz%&gsOX)18UPPkw_UGx4gZoR^UU3K@aYZaqCXOz!Q`Qf+JOiS=a57A z*?$A8xcQW9AYwISRg8^wxMcRn3&Uc6|7`xTzE_JwsV*v-B{Sn1q~<%3)1XPQJ1#y| z0TyXfw;P2`3#^`FLpwY<7&W^|YoKwl+i>(Lc?aD#4?Lq7i$9+C*sRDYN^18b(1)g) zZY{C$mFzV)&O?zRse+<=uf^pUQ#yXdh$#Inn(E>H4LRUj0*Q0zGB|w{{M{Z!@vJ}z zKOzM+S5#~qGUIc-510tYObM^6<`9j3qbOxV7)`_Tfvl4F4U@I{1Ku#7q2#~HkkiAz zQr*Ij{c*bPqSx5zIo_?;Sa8CqB){MM@&h@c-H*QRm67Zp50%V&KDoe&+)AQJ;6Jqd z2bSxbs!h*w?45;Zi@LB>4P^ZuMGMZZinx{HxVg;V!5_tvx}PT$wvgHbSZs>`@~0go zS3w}wvd+VV)RXx_uC_&@*aGqLH+4PRB?giPC}K>a@k-z8`F}Z0$?XrGL%m^Aqa>uO zU@$_Xs}eAN=hUF67kj=A-^Pv?{jSWx_#HtWi5`@uD8UGbwm#no$Uwn(lu%!_SUF87 z7Jc^!p_EmfnE3IhauzkB3W%RCC6U$M$f)H4e)Wj5-+$sA-$UD9Vf8&8enk!vC=y%WJS zh?mjChv^jRjZrCdpXzqcqK#bQR9p+i*e7tYcz>Gu%gm|k;cznHii|`FuUQaT{y`Sn zPd)ZC{ zM3UP-NkHr&RJMvNoD8KsO>C4-h!iEs`-2)N-nJ%20hCDZWJMEaB<96XMtnUG!AL=s zsis6}zCxjFp)eFhOPh?JOp;~c)`njYCo?8-fIK6fM$x>Y)W=ye*5xQ6bEs8NoRT&6 zBUq6V!MMjXDQ8T*bOBL`!`mn&Z|st?09knmT!L0Kd0q7ON%jKY=YppJ+{?T?6ONYC z!z;WT#>pwY{Jtt~_sU-(PBD!45RpNivM+FNga`pebfzq|R1%ohb2^exg*%-Pl3C-S zr8Nka|ZTM;*6hLX6Oy_RS3#RNr>3>_8@SR6$j4sZrqZ0e(UoQhH{ zVxz5y)b+`m6wySk1loe+lt{@m?l|StNT)#2->(jg$0RG<)tHX)I12IHxdVylSRc<_ z@QA;cWeW`){ma(0^eEZTu6h|Dlt z9h;-@3xoQSH>^GNS~4V;MiSFNsm5dShz&r6lq;egdk2*(bRO6Cqg31w$(CtFXY&hy zo`FmpNGxHjtVAqf%%qJiVbmT&En}>NNi1`ejzlc~^({lzra`Sh+8s-*yrhj^?k$Y1 zFy-2#)X#H4sPa$scZ?9~0@<$mn<&jq@eivkO!*Dj9=28nRMciMh-npFz~~7LUcfBq z9bRz%)&sR+CKd?mQ`)DUNmwud2Q@k9h1z^(C{a4~!Pek5wKo{NbTSh0TBcgOe zbJLJ1JJ2SU#nGO{g2yRp9RVf)WmY-tfH+%^CxL%BuQBv2j2nQNzkr z=KfIeT2`&O{JxO->e+dC`a3Q%CuCV+yK~8chP9?e?$YN+b0DW-HoBj#Z7;fgHgjJG zvgK-kLxp1qf&sVJrfOK`hA~4(krU`P_|~u<%ybWCl>cdHbH>8gK1`V^cT@C%`a^NJ2J4x!!UE2ObTG~CqI9_RuTR3@m6TfI@ zGLimm_!*a>k$H@mpyaqoe8P0Tr^}~&9364HcF|PJHjZJD@)~-is}R=y{suba&R54* zGiZCS6yJI7cv+VK{0CY@9p2&VaZofjyA%Y0s%R>B!yaIFI#slGq8O=Yt5+}Q6IRNr zg`kBvoMc2~Bem7GFka1JHpa}*D-(<8JN6k0f^PfS9TJnrQRrk#ohYWZ_gr(#@QHIp zTcgpeZr(W`nvHBB(*XBP(a0__$40x@pA})=@v;4l22QCzJHohVbVpH)p&4ix*qver zr^0ZibPlba@l9awm#-K&?(~gs&w=~;q&|le`*81lyK9e#4tlpy^Ie7W(J3Bx*KE{8 z5>AFgm+@!&@m?v#vGc%BNKL-flm*042u1*YR)rg}!N|sge&4Cy9Cr{}T@4!8)Ca-Id2bFL5jGhgdbX2%JaP8V%C!f~39b@YK6ogKA0@#! zI^K1Ahcc&=k(j4;QL6U^R|w-YNnGn5(cjE+L%3`k=`aU)$!#&eXs_o=qj`R}v~GIF z^!ELy8@%j9o~|It+jw-^@l542uuqKe3qf3dMq_LOoVQjI3H3FvL+-xd9lrr}HC